~~
2620
~~ KERNEL32.dll!CreateMutexA N:
0x50
arg
0
: <null> (
type
=
<unknown>
*
, size
=
0x0
)
arg
1
:
0x1
(
type
=
BOOL
, size
=
0x4
)
arg
2
: vgekW8b1st6yjzPA9fewB70o7KC (
type
=
char
*
, size
=
0x0
)
and
return
to module
id
:
39
, retraddr:
0x612d1e
,offset:
0x2d1e
~~
2620
~~ KERNELBASE.dll!CreateMutexA N:
0x51
arg
0
: <null> (
type
=
<unknown>
*
, size
=
0x0
)
arg
1
:
0x1
(
type
=
BOOL
, size
=
0x4
)
arg
2
: vgekW8b1st6yjzPA9fewB70o7KC (
type
=
char
*
, size
=
0x0
)
and
return
to module
id
:
39
, retraddr:
0x612d1e
,offset:
0x2d1e
612d1e
: <
-
-
-
-
打印有些乱序,不太美观,无伤大雅,懒得改了
mov edi, eax
call dword ptr [
0x006170b8
]
and
CreateMutexA
return
value:
0x120
<
-
-
-
-
返回值应该比前两条指令汇编信息先打印的...
and
CreateMutexA
return
value:
0x120
......
~~
2620
~~ urlmon.dll!ObtainUserAgentString N:
0x89
arg
0
:
0x0
(
type
=
DWORD, size
=
0x4
)
arg
2
:
0x0072ff20
=
>
0xa2
(
type
=
DWORD
*
, size
=
0x4
)
and
return
to module
id
:
39
, retraddr:
0x6136fb
,offset:
0x36fb
and
ObtainUserAgentString
return
value:
0x0
arg
1
: Mozilla
/
4.0
(compatible; MSIE
7.0
; Windows NT
6.1
; Trident
/
4.0
; SLCC2; .NET CLR
2.0
.
50727
; .NET CLR
3.5
.
30729
; .NET CLR
3.0
.
30729
; Media Center PC
6.0
; .NET4.
0C
) (
type
=
char
*
, size
=
0x0
)
......
~~
2620
~~ ADVAPI32.dll!RegOpenKeyExA N:
0x96
arg
0
:
0x80000002
(
type
=
<unknown>, size
=
0x0
)
arg
1
: Software\Microsoft\Windows\CurrentVersion\Internet Settings\Servers (
type
=
char
*
, size
=
0x0
)
arg
2
:
0x0
(
type
=
DWORD, size
=
0x4
)
arg
3
:
0x00000001
(
type
=
<unknown>, size
=
0x0
)
and
return
to module
id
:
39
, retraddr:
0x615279
,offset:
0x5279
......
~~
2620
~~ WININET.dll!InternetOpenA N:
0xbc
arg
0
: Mozilla
/
4.0
(compatible; MSIE
7.0
; Windows NT
6.1
; Trident
/
4.0
; SLCC2; .NET CLR
2.0
.
50727
; .NET CLR
3.5
.
30729
; .NET CLR
3.0
.
30729
; Media Center PC
6.0
; .NET4.
0C
) (
type
=
char
*
, size
=
0x0
)
arg
1
:
0x0
(
type
=
DWORD, size
=
0x4
)
arg
2
: <null> (
type
=
char
*
, size
=
0x0
)
arg
3
: <null> (
type
=
char
*
, size
=
0x0
)
arg
4
:
0x0
(
type
=
DWORD, size
=
0x4
)
and
return
to module
id
:
39
, retraddr:
0x61485c
,offset:
0x485c
and
InternetOpenA
return
value:
0xcc0004
......
~~
2620
~~ WININET.dll!InternetConnectA N:
0xbd
arg
0
:
0xcc0004
(
type
=
DWORD, size
=
0x4
)
arg
1
: google.com (
type
=
char
*
, size
=
0x0
)
arg
2
:
0x1bb
(
type
=
WORD, size
=
0x2
)
arg
3
: <null> (
type
=
char
*
, size
=
0x0
)
arg
4
: <null> (
type
=
char
*
, size
=
0x0
)
arg
5
:
0x3
(
type
=
DWORD, size
=
0x4
)
and
return
to module
id
:
39
, retraddr:
0x614873
,offset:
0x4873
and
InternetConnectA
return
value:
0xcc0008
......
~~
2620
~~ WININET.dll!HttpOpenRequestA N:
0xe65
arg
0
:
0xcc0008
(
type
=
DWORD, size
=
0x4
)
arg
1
: POST (
type
=
char
*
, size
=
0x0
)
arg
2
:
/
ffff
/
ffff
/
ffff
/
ffff
/
UUUUUU.vnd.radisys.msml
-
basic
-
layout
/
?U
=
R3H9gETPMuF94yrwJfA
=
(
type
=
char
*
, size
=
0x0
)
arg
3
: <null> (
type
=
char
*
, size
=
0x0
)
arg
4
: <null> (
type
=
char
*
, size
=
0x0
)
arg
5
: <null> (
type
=
char
*
, size
=
0x0
)
and
return
to module
id
:
39
, retraddr:
0x6148a3
,offset:
0x48a3
and
HttpOpenRequestA
return
value:
0xcc000c
......