首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 社区
  2. 加壳脱壳
    3. 发新帖
关于NProtect Gameguard?
发表于: 2006-8-22 10:33 52677

关于NProtect Gameguard?

Rucit 活跃值
2006-8-22 10:33
52677

查看主题内容

收藏
免费 0
支持
分享
最新回复 (76)
wiaa
雪    币: 249
活跃值: (10)
能力值: ( LV12,RANK:250 )
在线值:
发帖
回帖
粉丝
私信
51
最初由 云重 发布
呵呵,想那么麻烦,单纯对付NP,不算费劲,如果把NP的技术全部分析好拿到手还是比较麻烦的, 不想攻击人,但是某人说话好象很高深似的,实际上....XXX 一向如此,明眼人一看就值得是胡说


np确实很高深,大家说的啥啥方法我一个也试不通,应该是我自己水平问题。

既然楼上已经找到门路了就说说嘛。反正XX公司又追究不出来这种查无实据的一个论坛帖子。
2006-9-6 17:21
0
hhsailor
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
52
偶看的晕晕的,不知所以然,加强学习了
2006-9-6 17:28
0
盖重阳
雪    币: 205
活跃值: (10)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
53
公司下的什么题目
要干掉np?

呵呵 一般人是干不掉的
与其干掉费那么多事
不如与其共存 该干什么继续干什么

目前带np的游戏的内挂 大部分都是躲过去 不好破的。。

2006-9-6 18:04
0
Rucit
雪    币: 207
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
54
最初由 盖重阳 发布
公司下的什么题目
要干掉np?

呵呵 一般人是干不掉的
与其干掉费那么多事
........


怎么共事?
2006-9-8 09:39
0
堕落天才
雪    币: 293
活跃值: (110)
能力值: ( LV9,RANK:410 )
在线值:
发帖
回帖
粉丝
私信
55
我有逃避NP监视的办法,希望有研究过这方面的高手一起研究一下,怎样把它完全破解
   QQ:124101419
2006-10-27 13:34
0
鸡蛋壳
雪    币: 427
活跃值: (412)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
56
驱动。我只能这样说。
2006-10-27 18:08
0
nbw
雪    币: 339
活跃值: (1510)
能力值: ( LV13,RANK:970 )
在线值:
发帖
回帖
粉丝
私信
57
下面呢?
2006-10-27 18:57
0
heXer
雪    币: 254
活跃值: (126)
能力值: ( LV8,RANK:130 )
在线值:
发帖
回帖
粉丝
私信
58
下面没了
2006-10-27 19:20
0
KernelKiller
雪    币: 1238
活跃值: (808)
能力值: ( LV8,RANK:130 )
在线值:
发帖
回帖
粉丝
私信
59
大家别太紧张,写得不好,没什么技术含量,N年前的东西了。见笑啦.




2006-10-27 21:26
0
9521
雪    币: 1695
活跃值: (993)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
60
又见牛人呀,膜拜
2006-10-27 23:42
0
heXer
雪    币: 254
活跃值: (126)
能力值: ( LV8,RANK:130 )
在线值:
发帖
回帖
粉丝
私信
61
最初由 9521 发布
又见牛人呀,膜拜


他没贴出来驱动部分,你帮他补贴一下吧
2006-10-27 23:48
0
云重
雪    币: 213
活跃值: (96)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
62

2006-10-28 01:08
0
nbw
雪    币: 339
活跃值: (1510)
能力值: ( LV13,RANK:970 )
在线值:
发帖
回帖
粉丝
私信
63
最初由 heXer 发布
下面没了


看?不是一?完整的男人啊
2006-10-28 10:08
0
云重
雪    币: 213
活跃值: (96)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
64
看 #define ICCTRL_GMGUARD_SETPID  XXX 部分,是10 处,说明代码非常早期了, 现在是14处了,你卖哪个过期东西有意义吗?
没什么用的东西,牛人吗?没觉得很牛,  NP 改动了很多.不是搞了不了新NP 又开始卖老版的NP 的技术吧

要就共享 要就不放出来,放出来那么老的版本,还卖钱,有点夸张, 如果打算入门的可以买来研究下,如果准备出挂的,买来也没用.还是自己去分析比较好:)
当然你有卖的权利
2006-10-28 17:06
0
GoogleDX
雪    币: 0
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
私信
65
Originally posted by 云重
看 #define ICCTRL_GMGUARD_SETPID XXX 部分,是10 处,说明代码非常早期了, 现在是14处了,你卖哪个过期东西有意义吗?
没什么用的东西,牛人吗?没觉得很牛, NP 改动了很多.不是搞了不了新NP 又开始卖老版的NP 的技术吧

要就共享 要就不放出来,放出来那么老的版本,还卖钱,有点夸张, 如果打算入门的可以买来研究下,如果准备出挂的,买来也没用.还是自己去分析比较好:)
当然你有卖的权利


我顶!
2006-10-28 17:15
0
风蓝
雪    币: 107
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
66
我顶你个肺!
2006-10-28 18:31
0
feiproxy
雪    币: 207
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
67
使用调试工具总是受NP的影响 会自动关闭
一直找不到方法饶过
2006-11-6 02:47
0
feiproxy
雪    币: 207
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
68
最初由 堕落天才 发布
我有逃避NP监视的办法,希望有研究过这方面的高手一起研究一下,怎样把它完全破解
QQ:124101419


请用有什么方法逃避NP监视
2006-11-8 00:30
0
fxbzn
雪    币: 62
活跃值: (21)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
69
我到是跳过NP 就改了个JMP
但楼主遇到的这个监视 我到没见过
只是知道NP 启动后 会隐藏掉游戏本身的进程
WPE 和一些调试软件 更本无法加载 不知道楼主遇到的是什么情况
2006-11-12 07:00
0
堕落天才
雪    币: 293
活跃值: (110)
能力值: ( LV9,RANK:410 )
在线值:
发帖
回帖
粉丝
私信
70
//这是我在GameMon.des内存里找到的字符串,留着没用,大家研究一下吧
0x00120970: WINTRUST.dll
0x0012097F: Z?Secur32.dll

0x001209A3:  (
0x001209B8: WinVerifyTrust
0x001209BA: R
0x001209D5: LsaDeregisterLogonProcess
0x001209E4: LsaLogonUser
0x001209E6: c
0x001209F6: GetUserNameExW
0x001209F8: r
0x00120A08: GetUserNameExA
0x00120A0A: r
0x00120A1F: LsaFreeReturnBuffer
0x00120A40: LsaLookupAuthenticationPackage
0x00120A57: LsaConnectUntrusted

0x00120AB1: ntdll.dll
0x00120ABE: KERNEL32.dll
0x00120ACA: RPCRT4.dll

0x0012118F: " RtlExpandEnvironmentStrings_U
0x001211AB:
RtlDuplicateUnicodeString
0x001211C4: ?RtlCreateUnicodeString
0x001211C7: ?
0x001211E1: NtQueryInformationProcess
0x001211E3: ?
0x001211EE: NtQueryKey
0x00121203: , RtlStringFromGUID
0x00121222: ?RtlDeleteElementGenericTable
0x00121242: ?RtlInsertElementGenericTable
0x0012125E:  RtlInitializeHandleTable
0x00121277: ?RtlDestroyHandleTable
0x00121279: ?
0x00121288: NtEnumerateKey
0x001212A5: ?RtlIntegerToUnicodeString
0x001212C0: ?RtlAppendUnicodeToString
0x001212DF: < RtlFormatCurrentUserKeyPath
0x001212FB: } RtlInitializeGenericTable
0x0012131B: ?RtlNumberGenericTableElements
0x0012133A: ?RtlLookupElementGenericTable
0x00121354: ?RtlQueryRegistryValues
0x00121369: G RtlGUIDFromString
0x00121380: S RtlUpcaseUnicodeChar
0x001213A0:   NtQueryVolumeInformationFile
0x001213BA: ?RtlPrefixUnicodeString
0x001213BD: ?
0x001213D7: NtQuerySymbolicLinkObject
0x001213D9: ?
0x001213F2: NtOpenSymbolicLinkObject
0x00121413: ?RtlDetermineDosPathNameType_U
0x00121415: ?
0x0012142C: NtQueryInformationFile
0x00121444: U RtlGetFullPathName_U
0x00121450: ! wcstombs
0x0012145C: ?mbstowcs
0x00121465: ?_ftol
0x00121472: . NtSetEvent
0x00121475: ?
0x0012148F: NtQueryPerformanceCounter
0x00121498:   wcscmp
0x001214B4: b NtWaitForMultipleObjects
0x001214CE: ?RtlIsGenericTableEmpty
0x001214D1: q
0x001214DF: NtCreateEvent
0x001214EF: ?RtlCreateHeap
0x00121500: ?RtlDestroyHeap
0x00121503: _
0x0012151B: NtAllocateVirtualMemory
0x00121537: ; RtlFlushSecureMemoryCache
0x00121539: ?
0x0012154D: NtFreeVirtualMemory
0x0012154F: s
0x0012155C: NtCreateFile
0x0012155F: ?
0x00121578: NtQueryInformationThread
0x00121587: f NtWriteFile
0x001215A4: ?RtlDestroyQueryDebugBuffer
0x001215C7: ?RtlQueryProcessDebugInformation
0x001215E3: ?RtlCreateQueryDebugBuffer
0x001215E5: ?
0x001215F3: NtOpenProcess
0x00121600:          NtReadFile
0x00121603: ?
0x00121616: NtFlushBuffersFile
0x0012162E: 3 NtSetInformationFile
0x00121631:

0x0012163E: CsrNewThread
0x00121641: f
0x0012164E: NtClearEvent
0x00121664:   NtReleaseSemaphore
0x00121667: ?
0x00121679: NtCreateSemaphore
0x0012167B: ?
0x0012168E: NtPowerInformation
0x001216A8: w RtlInitUnicodeStringEx
0x001216C2: K RtlUnicodeToMultiByteN
0x001216C5: ?
0x001216D7: NtNotifyChangeKey
0x001216F0: 6 NtSetInformationObject
0x001216F3: ?
0x00121705: NtDuplicateObject
0x0012170D: ?_itow
0x0012170F: ?
0x00121720: NtDeleteValueKey
0x00121723: ?
0x00121737: NtEnumerateValueKey
0x00121753: 4 RtlTimeToSecondsSince1970
0x0012175F: R RtlUnwind
0x00121776:   NtQueryVirtualMemory
0x001217A1:   RtlEnumerateGenericTableWithoutSplaying
0x001217A3: j
0x001217B3: NtCompareTokens
0x001217C3: ? RtlFreeHandle
0x001217DB: ?RtlIsValidIndexHandle
0x001217EF: ?RtlAllocateHandle
0x001217FD: ?_vsnwprintf
0x00121819: G RtlUnicodeStringToInteger
0x00121823:   wcsncmp
0x0012183B: ?RtlMakeSelfRelativeSD
0x00121851: _ RtlGetNtProductType
0x00121865:  NtQuerySystemTime
0x00121871: ?RtlRandom
0x0012188B: ?RtlCompareUnicodeString
0x001218A9: | RtlxUnicodeStringToAnsiSize
0x001218CA: ?RtlAppendUnicodeStringToString
0x001218E3: c NtWaitForSingleObject
0x001218F6: ?RtlCompareMemory
0x001218F9: ?
0x0012190F: NtDeviceIoControlFile
0x00121919:   wcsrchr
0x00121927: ?RtlCopyLuid
0x0012193A: l RtlImageNtHeader
0x00121944: ?_ultow
0x00121947: L
0x00121958: NlsMbCodePageTag
0x00121977: z RtlxAnsiStringToUnicodeSize
0x00121990: ?RtlMultiByteToUnicodeN
0x0012199A:  strstr
0x001219A4: ?strchr
0x001219AF:  
tolower
0x001219BB: ?_wcsnicmp
0x001219C5:   wcsncpy
0x001219CE:   wcstol
0x001219D9: " wcstoul
0x001219E4: ?iswctype
0x00121A04: ?RtlConvertSidToUnicodeString
0x00121A07:   
0x00121A10: DbgPrint
0x00121A1D: ?_strnicmp
0x00121A31: > RtlFreeAnsiString
0x00121A54: ?RtlCreateUnicodeStringFromAsciiz
0x00121A5C: ?atol
0x00121A5F: ?
0x00121A78: NtQuerySystemInformation
0x00121A83: ?_chkstk
0x00121A98: T NtTerminateProcess
0x00121AAE: ?RtlAdjustPrivilege
0x00121AC9: 7 NtSetInformationProcess
0x00121AD3:   strncpy
0x00121AF7: W RtlUpcaseUnicodeStringToOemString
0x00121B11:   RtlEnterCriticalSection
0x00121B2B: ?RtlLeaveCriticalSection
0x00121B3B: u RtlInitString
0x00121B4E: ?RtlIsTextUnicode
0x00121B5A: ?_stricmp
0x00121B5D: ?
0x00121B69: NtDeleteKey
0x00121B7B:   NtQueryValueKey
0x00121B8B: J NtSetValueKey
0x00121B96: ?_wcsicmp
0x00121BA1: ?_wcslwr
0x00121BAA: ? wcsstr
0x00121BB4:   wcschr
0x00121BC0:
swprintf
0x00121BD6: ?RtlOpenCurrentUser
0x00121BD9: ?
0x00121BE3: NtOpenKey
0x00121BE5: w
0x00121BF1: NtCreateKey
0x00121C15:   RtlSetSecurityDescriptorRMControl
0x00121C39: d RtlGetSecurityDescriptorRMControl
0x00121C58:
RtlSelfRelativeToAbsoluteSD2
0x00121C5B: ?
0x00121C69: NtFilterToken
0x00121C73: ?sprintf
0x00121C75: ?
0x00121C91: NtImpersonateAnonymousToken
0x00121C9B: ?memmove
0x00121CBA: E RtlUnicodeStringToAnsiString
0x00121CD7: L RtlUnicodeToMultiByteSize
0x00121CEE: ?RtlCopyUnicodeString
0x00121D08: 8 NtSetInformationThread
0x00121D1E: o RtlImpersonateSelf
0x00121D21: ?
0x00121D31: NtFsControlFile
0x00121D33: ?
0x00121D49: NtQuerySecurityObject
0x00121D67: ?RtlOemStringToUnicodeString
0x00121D69: ?
0x00121D74: NtOpenFile
0x00121D8B: @ NtSetSecurityObject
0x00121D8D: g
0x00121D95: NtClose
0x00121DB3:          RtlSelfRelativeToAbsoluteSD
0x00121DD1: q RtlAbsoluteToSelfRelativeSD
0x00121DEB: ?RtlDeleteSecurityObject
0x00121E04: ?RtlQuerySecurityObject
0x00121E1E:   RtlSetSecurityObjectEx
0x00121E36: ? RtlSetSecurityObject
0x00121E65: ?RtlNewSecurityObjectWithMultipleInheritance
0x00121E7E: ?RtlNewSecurityObjectEx
0x00121EA7: ?RtlConvertToAutoInheritSecurityObject
0x00121EBE: ?RtlNewSecurityObject
0x00121EDF: V RtlGetGroupSecurityDescriptor
0x00121EFF:   RtlSetGroupSecurityDescriptor
0x00121F1F: a RtlGetOwnerSecurityDescriptor
0x00121F3F:   RtlSetOwnerSecurityDescriptor
0x00121F5E: c RtlGetSaclSecurityDescriptor
0x00121F7E:   RtlSetSaclSecurityDescriptor
0x00121F9E: P RtlGetDaclSecurityDescriptor
0x00121FBE:   RtlSetDaclSecurityDescriptor
0x00121FE1:  
RtlSetControlSecurityDescriptor
0x00122003: M RtlGetControlSecurityDescrip|?

读取数据:0x00122000*************************************

0x00122003: tor
0x00122021: ?RtlLengthSecurityDescriptor
0x0012203E: b RtlValidSecurityDescriptor
0x0012205D: ?RtlCreateSecurityDescriptor
0x0012206F: : RtlFirstFreeAce
0x0012208C: ?RtlAddAuditAccessObjectAce
0x001220AB: } RtlAddAccessDeniedObjectAce
0x001220CA: z RtlAddAccessAllowedObjectAce
0x001220E4: ?RtlAddAuditAccessAceEx
0x001220FC: ?RtlAddAuditAccessAce
0x00122117: | RtlAddAccessDeniedAceEx
0x0012212F: { RtlAddAccessDeniedAce
0x0012214A: y RtlAddAccessAllowedAceEx
0x00122164: x RtlAddAccessAllowedAce
0x00122171: I RtlGetAce
0x00122180: ?RtlDeleteAce
0x0012218D: ~ RtlAddAce
0x001221A4:   RtlSetInformationAcl
0x001221BE: ?RtlQueryInformationAcl
0x001221CE: ?RtlCreateAcl
0x001221DD: ` RtlValidAcl
0x001221F1: ?RtlMapGenericMask
0x0012220C: ?RtlAreAnyAccessesGranted
0x00122228: ?RtlAreAllAccessesGranted
0x00122236: ?RtlCopySid
0x00122246: ?RtlLengthSid
0x00122261: - RtlSubAuthorityCountSid
0x00122276: . RtlSubAuthoritySid
0x00122293: j RtlIdentifierAuthoritySid
0x001222B1: ?RtlAllocateAndInitializeSid
0x001222BE: C RtlFreeSid
0x001222D2: ?RtlInitializeSid
0x001222EA: ?RtlLengthRequiredSid
0x001222FF:   RtlEqualPrefixSid
0x0012230D:   RtlEqualSid
0x0012231B: c RtlValidSid
0x0012231D: ?
0x0012233B: NtPrivilegedServiceAuditAlarm
0x0012233D: ?
0x00122356: NtDeleteObjectAuditAlarm
0x00122359: h
0x00122371: NtCloseObjectAuditAlarm
0x00122373: ?
0x0012238F: NtPrivilegeObjectAuditAlarm
0x00122391: ?
0x001223A8: NtOpenObjectAuditAlarm
0x001223AB: U
0x001223DE: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
0x001223E1: T
0x0012240C: NtAccessCheckByTypeResultListAndAuditAlarm
0x0012240F: R
0x00122430: NtAccessCheckByTypeAndAuditAlarm
0x00122433: P
0x0012244E: NtAccessCheckAndAuditAlarm
0x00122451: ?
0x00122462: NtPrivilegeCheck
0x00122465: X
0x00122479: NtAdjustGroupsToken
0x0012247B: Y
0x00122493: NtAdjustPrivilegesToken
0x001224AB: 9 NtSetInformationToken
0x001224AD: ?
0x001224C5: NtQueryInformationToken
0x001224C7: ?
0x001224D9: NtOpenThreadToken
0x001224DB: ?
0x001224EE: NtOpenProcessToken
0x001224F1: S
0x0012250F: NtAccessCheckByTypeResultList
0x00122511: Q
0x00122525: NtAccessCheckByType
0x00122527: O
0x00122535: NtAccessCheck
0x00122537: \
0x00122551: NtAllocateLocallyUniqueId
0x00122553: ?
0x00122564: NtDuplicateToken
0x00122572: ?_snwprintf
0x00122587: p RtlInitAnsiString
0x001225A6: ?RtlAnsiStringToUnicodeString
0x001225BE: E RtlFreeUnicodeString
0x001225D6: v RtlInitUnicodeString
0x001225F6:   RtlDosPathNameToNtPathName_U
0x00122605: @ RtlFreeHeap
0x0012260E:   wcslen
0x00122621: ?RtlAllocateHeap
0x0012262A:   wcscpy
0x00122634:   wcscat
0x0012264D: ?RtlNtStatusToDosError
0x0012266C: { RtlInitializeCriticalSection
0x0012267C: W NtTraceEvent
0x00122698: ?RtlDeleteCriticalSection
0x001226B1: ? RtlEqualUnicodeString
0x001226B3: ?
0x001226BE: NtFlushKey
0x001226E4: a RtlValidRelativeSecurityDescriptor
0x001226E7: ?
0x001226F1: NtLoadKey
0x001226FF: Z NtUnloadKey
0x0012270E:   NtReplaceKey
0x00122711: ?
0x0012272C: NtNotifyChangeMultipleKeys
0x0012272F: ?
0x00122747: NtQueryMultipleValueKey
0x00122756: ? NtRestoreKey
0x00122763: " NtSaveKey
0x00122776: $ NtSaveMergedKeys
0x00122785: # NtSaveKeyEx
0x00122795: h RtlGetVersion
0x001227A9: ?RtlReAllocateHeap
0x001227B9: ?_alloca_probe
0x001227BB: ?
0x001227CB: DeviceIoControl
0x001227DA: N LocalReAlloc
0x001227E7: K LocalFree
0x001227FD: ~ WideCharToMultiByte
0x0012280A: G LocalAlloc
0x00122816: ?lstrlenW
0x0012282D: d MultiByteToWideChar
0x00122838: ?lstrlenA
0x00122844: ?lstrcatW
0x00122850: ?lstrcpyW
0x0012285C: ?lstrcpyA
0x0012285F:

0x0012286F: AreFileApisANSI
0x0012287F: ' IsBadWritePtr
0x00122881: 1
0x0012288D: CloseHandle
0x001228AA: ?WritePrivateProfileStringW
0x001228C6: ?GetPrivateProfileStringW
0x001228CF: > Sleep
0x001228DE: ?GetTickCount
0x001228F3: ; GetCurrentProcess
0x00122906: = GetCurrentThread
0x0012291E: ?GetWindowsDirectoryW
0x0012292E: h GetLastError
0x0012293E:  SetErrorMode
0x00122950: C LoadLibraryExW
0x00122953: ?
0x00122964: FindFirstFileExW
0x00122967: ?
0x00122975: FindNextFileW
0x00122983: ] GetFileTime
0x00122993: ?GetSystemTime
0x001229A8: t GetModuleFileNameW
0x001229C4: ?GetUserDefaultUILanguage
0x001229C7: ]
0x001229D4: CreateMutexW
0x001229ED: ?GetPrivateProfileIntW
0x00122A0A: ?GetSystemWindowsDirectoryW
0x00122A1C: ?RaiseException
0x00122A31: ?ReadProcessMemory
0x00122A42: ?GetProfileIntA
0x00122A57: ?GetProfileStringA
0x00122A6A:  GetComputerNameA
0x00122A80:   GetComputerNameExW
0x00122A96: w GetModuleHandleExW
0x00122AB1:   SetNamedPipeHandleState
0x00122ABE: l OpenEventW
0x00122AD9: n GetLogicalDriveStringsW
0x00122AE9: L GetDriveTypeW
0x00122AFD: H GetDiskFreeSpaceW
0x00122B15: ?GetVolumeInformationW
0x00122B2A: ?GlobalMemoryStatus
0x00122B3B: ?GetSystemInfo
0x00122B4F: - SetThreadPriority
0x00122B68:   InterlockedExchangeAdd
0x00122B6B: ?
0x00122B7B: DuplicateHandle
0x00122B7D: l
0x00122B8A: CreateThread
0x00122BA6: y WaitForMultipleObjectsEx
0x00122BA9: '
0x00122BB2: CancelIo
0x00122BB5: ?
0x00122BC0: ExitThread
0x00122BDA: ?GetTimeZoneInformation
0x00122BDD: ?
0x00122BEE: EnumUILanguagesW
0x00122BF1: K
0x00122BFE: CreateEventA
0x00122C12: a GetFullPathNameA
0x00122C29: G GetDiskFreeSpaceExW
0x00122C36: ?ResetEvent
0x00122C42:   SetEvent
0x00122C45: O
0x00122C51: CreateFileA
0x00122C67: ?GetOverlappedResult
0x00122C7A: x GetModuleHandleW
0x00122C7D: ?
0x00122C8D: FindResourceExW
0x00122C9C: ?ReleaseMutex
0x00122C9F: 6
0x00122CAF: CompareFileTime
0x00122CBC: s OpenMutexW
0x00122CD3: z WaitForSingleObject
0x00122CE6: q GetLongPathNameW
0x00122CF7: \ GetFileSizeEx
0x00122CF9: Q
0x00122D0C: CreateFileMappingW
0x00122D0F: ?
0x00122D1E: FormatMessageW
0x00122D2E: j GetLocalTime
0x00122D44: | OutputDebugStringW
0x00122D47: ?
0x00122D61: ExpandEnvironmentStringsW
0x00122D6D: ` MoveFileW
0x00122D78: ?lstrcmpW
0x00122D8B:
GetCommandLineW
0x00122D97: ?lstrcmpiW
0x00122D99: 
0x00122DAF: DeleteCriticalSection
0x00122DCB:   InitializeCriticalSection
0x00122DDA:   SetLastError
0x00122DEB: ?GetVersionExA
0x00122E01:   InterlockedExchange
0x00122E03: L
0x00122E10: CreateEventW
0x00122E2F: 2 SetUnhandledExceptionFilter
0x00122E4A: W UnhandledExceptionFilter
0x00122E5E: F TerminateProcess
0x00122E79: ?GetSystemTimeAsFileTime
0x00122E93: ?QueryPerformanceCounter
0x00122EB0:   InterlockedCompareExchange
0x00122EB3: }
0x00122EC8: DelayLoadFailureHook
0x00122EDC: ?GetPriorityClass
0x00122EE8:   HeapFree
0x00122EFC: b GetFullPathNameW
0x00122F09: ?lstrcpynW
0x00122F1E: > GetCurrentThreadId
0x00122F29: ? SleepEx
0x00122F3A: ?GetProcessHeap
0x00122F47:   HeapAlloc
0x00122F49: ?
0x00122F5E: EnterCriticalSection
0x00122F76: @ LeaveCriticalSection
0x00122F79: ?
0x00122F93: ExpandEnvironmentStringsA
0x00122F9E: m OpenFile
0x00122FAD: [ GetFileSize
0x00122FB7: ?_lclose
0x00122FC5: ?SearchPathW
0x00122FDC: X GetFileAttributesExW
0x00122FEE:   SetFilePointer
0x00122FF1: ?
0x00122FFF: FindResourceA

读取数据:0x00123000*************************************

0x0012300E: F LoadResource
0x00123020: = SizeofResource
0x00123038:   InterlockedDecrement
0x00123050:   InterlockedIncrement
0x00123064: u GetModuleHandleA
0x00123067: c
0x0012307E: CreateProcessInternalA
0x00123081: d
0x00123098: CreateProcessInternalW
0x001230AF: ?GetSystemDirectoryW
0x001230BE: D LoadLibraryW
0x001230C1: ?
0x001230CD: FreeLibrary
0x001230DE: } WaitNamedPipeW
0x001230F5: < GetCurrentProcessId
0x00123101: ?WriteFile
0x0012310C: ?ReadFile
0x0012311C: ?ResumeThread
0x0012312B: t OpenProcess
0x0012313E:   GetComputerNameW
0x00123151: Z UnmapViewOfFile
0x00123153: R
0x0012315F: CreateFileW
0x00123161: P
0x00123174: CreateFileMappingA
0x00123185: W MapViewOfFile
0x00123194: A LoadLibraryA
0x001231A6: ?GetProcAddress
0x001231B6: j VirtualAlloc
0x001231C5: m VirtualFree
0x001231C7: p
0x001231DB: CreateVirtualBuffer
0x001231FB: l VirtualBufferExceptionHandler
0x001231FD: ?
0x0012320F: FreeVirtualBuffer
0x00123224: Y GetFileAttributesW
0x00123227: ?
0x00123236: FindFirstFileW
0x00123239: ?
0x00123243: FindClose
0x00123268: ?QueryWin31IniFilesMappedToRegistry
0x0012326B: ?
0x00123277: DeleteFileW
0x00123279: B
0x00123283: CopyFileW
0x00123294: ?RpcStringFreeW
0x001232A5: ?UuidToStringW
0x001232B7: ?UuidFromStringW
0x001232CB: ?RpcRaiseException
0x001232E6: U RpcBindingSetAuthInfoExA
0x001232F8: E RpcBindingFree
0x00123318: G RpcBindingFromStringBindingW
0x00123334: ?RpcStringBindingComposeW
0x00123350: V RpcBindingSetAuthInfoExW
0x00123353: 
0x00123362: NdrClientCall2
0x0012337C: ?RpcStringBindingParseW
0x0012337F: 6
0x00123393: I_RpcMapWin32Status
0x001233B0: [ RpcBindingToStringBindingW
0x001233B3: j
0x001233C6: NDRCContextBinding
0x001233D9: ?RpcRevertToSelf
0x001233F0: w RpcImpersonateClient
0x001233F3: %
0x0012340D: I_RpcBindingIsClientLocal
0x0012340F: ,
0x00123424: I_RpcExceptionFilter
0x00123441: ?RpcSsDestroyClientContext
0x0012345A: W RpcBindingSetAuthInfoW
0x00123471: g RpcEpResolveBinding
0x0012347E: ?UuidCreate
0x00123498: T RpcBindingSetAuthInfoA
0x0012349C: ?

?SymGetModuleBase
0x0012A8E2: ??ymFunctionTableAccess
0x0012A8F5: ?ymGetSymFromAddr
0x0012A901: ?StackWalk
0x0012A90E: ?SymCleanup
0x0012A91D: ?ymInitialize
0x0012A92C: ?imagehlp.dll
0x0012A95E: ??????$S3? ?狩u hLa狩??邝9 ?狩t 3览?  

0x001523C0: \x01\xf8\x4d\x34\xb9\x34\x65\x5a\x3e\x44\xdc\x1e\xa9\xb5\xd6\x78\x23\xcc\x0d\xf9\x4c\x90\x05\x98
0x001523D8: \x01\xf8\x4d\x3a\xb9\x36\x75\x31\x66\x1d\x88\x42\xa9\x86\xda\x30\x20\x92\x0d\xa1\x1a\x84\x47\x98\x11\xad\xad\x28\x49\x44
0x001523E1: F

0x0015CB08: \x01\xf8\x4d\x3a\xb9\x36\x75\x31\x66\x1d\x88\x42\xa9\x86\xda\x30\x20\x92\x0d\xa1\x1a\x84\x47\x98\x11\xad\xad\x28\x49\x44
0x0015CB11:   

0x001637E6: file://D:\RohanOnline\GameGuard\Splash.jpg

0x00A80711: UnlockUrlCacheEntryStream
0x00A8072C: ?UnlockUrlCacheEntryFileW
0x00A80748: ??nlockUrlCacheEntryFileA
0x00A80761: ??etUrlCacheEntryInfoW
0x00A8077A: ?SetUrlCacheEntryGroupW
0x00A80792: ?etUrlCacheConfigInfoA
0x00A807B0: ?etrieveUrlCacheEntryStreamW
0x00A807CE: ??etrieveUrlCacheEntryFileW
0x00A807EA: ?etrieveUrlCacheEntryFileA
0x00A80803: ?esumeSuspendedDownload
0x00A80820: RegisterUrlCacheNotification
0x00A8083B: ??eadUrlCacheEntryStream
0x00A80855: PrivacySetZonePreferenceW
0x00A8086B: ?LoadUrlCacheContent
0x00A80883: IsHostInProxyBypassList
0x00A80895: InternetWriteFile
0x00A808B1: ?InternetUnlockRequestFile
0x00A808CD: ?InternetTimeToSystemTimeW
0x00A808E9: ?InternetTimeToSystemTimeA
0x00A80907: ?InternetTimeFromSystemTimeW
0x00A80923: InternetTimeFromSystemTimeA
0x00A80942: InternetShowSecurityInfoByURLW
0x00A8095E: ?nternetSetStatusCallbackW
0x00A8097A: ?nternetSetStatusCallbackA
0x00A8099D: ?nternetSetPerSiteCookieDecisionW
0x00A809B2: ?InternetSetOptionW
0x00A809C6: ?nternetSetOptionA
0x00A809DE: ?nternetSetFilePointer
0x00A809F3: ?nternetReadFileExA
0x00A80A04: InternetReadFile
0x00A80A1C: ??nternetQueryOptionW
0x00A80A34: ??nternetQueryOptionA
0x00A80A53: ??nternetQueryFortezzaStatus
0x00A80A6E: InternetQueryDataAvailable
0x00A80A7D: ?nternetOpenW
0x00A80A90: ?InternetOpenUrlW
0x00A80AA4: ??nternetOpenUrlA
0x00A80AB5: ??nternetOpenA
0x00A80ACF: ?InternetLockRequestFile
0x00A80AEE: InternetInitializeAutoProxyDll
0x00A80B01: ?nternetGoOnlineW
0x00A80B25: ?InternetGetPerSiteCookieDecisionW
0x00A80B44: ?InternetGetLastResponseInfoW
0x00A80B64: ??nternetGetLastResponseInfoA
0x00A80B84: ??nternetGetConnectedStateExW
0x00A80BA4: ??nternetGetConnectedStateExA
0x00A80BC1: ??nternetGetConnectedState
0x00A80BDB: ?InternetFortezzaCommand
0x00A80BF1: InternetFindNextFileW
0x00A80C09: ?InternetFindNextFileA
0x00A80C1C: ?InternetErrorDlg
0x00A80C42: ??nternetEnumPerSiteCookieDecisionW
0x00A80C66: ?nternetEnumPerSiteCookieDecisionA
0x00A80C7A: ?nternetCreateUrlW
0x00A80C8E: ?nternetCreateUrlA
0x00A80CA1: ?nternetCrackUrlW
0x00A80CB5: ?InternetCrackUrlA
0x00A80CC8: ?InternetConnectW
0x00A80CDC: ??nternetConnectA
0x00A80CFC: ??nternetConfirmZoneCrossingW
0x00A80D13: ??nternetCombineUrlW
0x00A80D27: InternetCloseHandle
0x00A80D4E: InternetClearAllPerSiteCookieDecisions
0x00A80D68: ?nternetCheckConnectionW
0x00A80D84: ??nternetCanonicalizeUrlW
0x00A80DA0: ??nternetCanonicalizeUrlA
0x00A80DBA: ??nternetAutodialHangup
0x00A80DD4: ?nternetAutodialCallback
0x00A80DE8: ??nternetAutodial
0x00A80E02: ??nternetAttemptConnect
0x00A80E14: ?ttpSendRequestW
0x00A80E2A: ??ttpSendRequestExW
0x00A80E3E: ?ttpSendRequestExA
0x00A80E50: ?ttpSendRequestA
0x00A80E62: ??ttpQueryInfoW
0x00A80E72: ?ttpQueryInfoA
0x00A80E84: ?ttpOpenRequestW
0x00A80E98: ??ttpOpenRequestA
0x00A80EAB: ??ttpEndRequestW
0x00A80EBB: HttpEndRequestA
0x00A80ED2: HttpAddRequestHeadersW
0x00A80EEA: ?ttpAddRequestHeadersA
0x00A80F01: ?etUrlCacheEntryInfoW
0x00A80F1B: ?GetUrlCacheEntryInfoExW
0x00A80F33: GetUrlCacheEntryInfoExA
0x00A80F49: GetUrlCacheEntryInfoA
0x00A80F62: ?GetUrlCacheConfigInfoW
0x00A80F7A: ?etUrlCacheConfigInfoA
0x00A80F93: ?tpSetCurrentDirectoryW
0x00A80FAB: FtpSetCurrentDirectoryA
0x00A80FBA: FtpRenameFileA
0x00A80FCF: ?tpRemoveDirectoryA
0x00A80FDC: FtpPutFileEx
0x00A80FEC: ??tpOpenFileW
0x00A80FFC: ??tpOpenFileA
0x00A81003: ???

读取数据:0x00A81000*************************************

0x00A8100E: FtpGetFileSize
0x00A8101C: ?tpGetFileEx
0x00A81037: ??tpGetCurrentDirectoryW
0x00A8104F: FtpGetCurrentDirectoryA
0x00A81061: FtpFindFirstFileW
0x00A81075: ?FtpFindFirstFileA
0x00A81086: ?FtpDeleteFileW
0x00A81096: ?tpDeleteFileA
0x00A810AB: ?tpCreateDirectoryW
0x00A810BF: FtpCreateDirectoryA
0x00A810CB: FtpCommandA
0x00A810DE: FreeUrlCacheSpaceW
0x00A810F6: ?indNextUrlCacheEntryW
0x00A81110: ?indNextUrlCacheEntryExW
0x00A8112C: ??indNextUrlCacheEntryExA
0x00A81146: ??indNextUrlCacheEntryA
0x00A81162: ?indNextUrlCacheContainerW
0x00A8117E: ?indNextUrlCacheContainerA
0x00A81197: ?indFirstUrlCacheEntryW
0x00A811B1: FindFirstUrlCacheEntryExW
0x00A811CD: ?FindFirstUrlCacheEntryExA
0x00A811E7: ?FindFirstUrlCacheEntryA
0x00A81203: FindFirstUrlCacheContainerW
0x00A8121F: FindFirstUrlCacheContainerA
0x00A81231: FindCloseUrlCache
0x00A81247: ?DeleteUrlCacheGroup
0x00A8125C: DeleteUrlCacheEntryW
0x00A81274: ??eleteUrlCacheEntryA
0x00A81290: ??eleteUrlCacheContainerA
0x00A812A7: ??reateUrlCacheGroup
0x00A812BC: CreateUrlCacheEntryW
0x00A812D4: ??reateUrlCacheEntryA
0x00A812F0: ??reateUrlCacheContainerW
0x00A8130C: ??reateUrlCacheContainerA
0x00A81324: ??ommitUrlCacheEntryW
0x00A8133C: ??ommitUrlCacheEntryA
0x00A81343: ?? ?

0x00A813A2: WinHttpSetTimeouts
0x00A813BC: ?inHttpSetStatusCallback
0x00A813D2: ??inHttpSendRequest
0x00A813EA: ?inHttpReceiveResponse
0x00A813FF: ?inHttpQueryHeaders
0x00A81412: WinHttpOpenRequest
0x00A8141F: ?inHttpOpen
0x00A8142F: WinHttpCrackUrl
0x00A8143E: WinHttpConnect
0x00A81452: ?inHttpCloseHandle

0x00A8149A: VerQueryValueW
0x00A814AF: ?erQueryValueIndexW
0x00A814BE: VerQueryValueA
0x00A814D3: ?etFileVersionInfoW
0x00A814EB: GetFileVersionInfoSizeW
0x00A81503: GetFileVersionInfoSizeA
0x00A81517: GetFileVersionInfoA
0x00A8151B:   ?

0x00A8162D: UrlMkSetSessionOption
0x00A81645: ?UrlMkGetSessionOption
0x00A8165E: ?URLOpenBlockingStreamW
0x00A81672: ?RLDownloadToFileW
0x00A8168B: ?RLDownloadToCacheFileW
0x00A816AF: SetSoftwareUpdateAdvertisementState
0x00A816C6: RevokeFormatEnumerator
0x00A816E0: ?evokeBindStatusCallback
0x00A816F3: ??eleaseBindInfo
0x00A8170A: RegisterMediaTypeClass
0x00A81724: ?egisterFormatEnumerator
0x00A81742: ??egisterBindStatusCallback
0x00A81759: ?btainUserAgentString
0x00A81766: ?IsValidURL
0x00A8177B: ?linkNavigateString
0x00A81791: GetSoftwareUpdateInfo
0x00A817A3: ?GetMarkOfTheWeb
0x00A817B4: FindMimeFromData
0x00A817C8: ??aultInIEFeature
0x00A817DC: ??reateURLMoniker
0x00A817F6: ??reateFormatEnumerator
0x00A8180C: ?reateAsyncBindCtxEx
0x00A8182B: ??oInternetSetFeatureEnabled
0x00A8183F: CoInternetQueryInfo
0x00A81852: CoInternetParseUrl
0x00A8187B: ?oInternetIsFeatureZoneElevationEnabled
0x00A8189C: CoInternetIsFeatureEnabledForUrl
0x00A818BA: ??oInternetIsFeatureEnabled
0x00A818D0: ?oInternetGetSession
0x00A818EC: ??oInternetGetSecurityUrl
0x00A8190F: ??oInternetCreateSecurityManager
0x00A81924: CoInternetCombineUrl
0x00A8192B: ?? ?
0x00A8192F:  悛
0x00A81933: 8 ?
0x00A81937:  悛
0x00A8194C: lineTranslateAddress
0x00A8195E: ??ineInitialize
0x00A81963: ? ?
0x00A81967: 镐?
0x00A8196B: ??
0x00A8196F: 镐?
0x00A81973: ??
0x00A81977: %妾
0x00A8197B: ??
0x00A8197F: %妾
0x00A81983: ??
0x00A81987: "濯
0x00A81995: SfpVerifyFile
0x00A819A7: ?SfcWLEventLogon
0x00A819B8: SfcWLEventLogoff
0x00A819CE: ??fcIsFileProtected
0x00A819E7: ?fcGetNextProtectedFile
0x00A819EB: ??

0x00A81A66: TranslateNameW
0x00A81A7D: ?etContextAttributesW
0x00A81A97: ?QueryContextAttributesW
0x00A81ABD: LsaUnregisterPolicyChangeNotification
0x00A81AE3: ?LsaRegisterPolicyChangeNotification
0x00A81AFB: LsaRegisterLogonProcess
0x00A81B1A: LsaLookupAuthenticationPackage
0x00A81B28: ?saLogonUser
0x00A81B3F: ??saFreeReturnBuffer
0x00A81B59: LsaDeregisterLogonProcess
0x00A81B6F: ?LsaConnectUntrusted
0x00A81B8C: LsaCallAuthenticationPackage
0x00A81B9E: ??etUserNameExW
0x00A81BAE: ?etUserNameExA

0x00A81BFD: SceSvcConvertTextToSD
0x00A81C15: ?SceSvcConvertSDToText
0x00A81C35: ?SceSetupUpdateSecurityService
0x00A81C51: ?SceSetupUpdateSecurityKey
0x00A81C6E: ?SceSetupUpdateSecurityFile
0x00A81C8A: ?ceSetupUnwindSecurityFile
0x00A81CA4: ?ceSetupMoveSecurityFile

0x00A81E1C: SamSetSecurityObject
0x00A81E3D: ??amSetMemberAttributesOfGroup
0x00A81E55: ?SamSetInformationUser
0x00A81E6E: ?SamSetInformationGroup
0x00A81E87: ?amSetInformationDomain
0x00A81E9E: SamSetInformationAlias
0x00A81EAB: ?amRidToSid
0x00A81EC4: SamRemoveMemberFromGroup
0x00A81EE8: ??amRemoveMemberFromForeignDomain
0x00A81F04: ??amRemoveMemberFromAlias
0x00A81F1E: ??amQuerySecurityObject
0x00A81F37: ?amQueryInformationUser
0x00A81F50: SamQueryInformationGroup
0x00A81F6D: ??amQueryInformationDomain
0x00A81F88: ?SamQueryInformationAlias
0x00A81FA6: ??amQueryDisplayInformation
0x00A81FB3: ?amOpenUser
0x00A81FC0: SamOpenGroup
0x00A81FD1: ??amOpenDomain
0x00A81FE0: ?SamOpenAlias
0x00A81FFA: ??amLookupNamesInDomain
0x00A82003: ?amL|?

读取数据:0x00A82000*************************************

0x00A82010: ookupIdsInDomain
0x00A8202E: ??amLookupDomainInSamServer
0x00A82044: ?amGetMembersInGroup
0x00A8205C: ??amGetMembersInAlias
0x00A82073: ??amGetGroupsForUser
0x00A82091: SamGetDisplayEnumerationIndex
0x00A820AB: ?SamGetCompatibilityMode
0x00A820C1: SamGetAliasMembership
0x00A820D1: ?SamFreeMemory
0x00A820ED: ?SamEnumerateUsersInDomain
0x00A8210A: ?SamEnumerateGroupsInDomain
0x00A8212A: ?amEnumerateDomainsInSamServer
0x00A82147: ?amEnumerateAliasesInDomain
0x00A82155: SamDeleteUser
0x00A82166: ?SamDeleteGroup
0x00A82176: ?amDeleteAlias
0x00A8218E: ?amCreateUser2InDomain
0x00A821A6: ?amCreateGroupInDomain
0x00A821BE: ?amCreateAliasInDomain
0x00A821CA: ?amConnect
0x00A821DA: ?amCloseHandle
0x00A821EF: ?amAddMemberToGroup
0x00A82203: SamAddMemberToAlias
0x00A82207: 8"?
0x00A8220B: 蓁?
0x00A8220F: ,"?
0x00A82213: 觇?
0x00A82217:  "?
0x00A8221B:  楠
0x00A82229: UuidToStringA
0x00A82236: ?UuidCreate
0x00A82246: ?pcStringFreeA
0x00A8224B: ?#?

0x00A822D9: WaitForTSConnectionsPolicyChanges
0x00A822F4: ?RegWinStationQueryValueW
0x00A82313: ??egWinStationQueryNumValueW
0x00A82328: RegWinStationQueryEx
0x00A8233C: ??egUserConfigSet
0x00A82352: ??egUserConfigQuery
0x00A82363: ?egPdEnumerateW
0x00A8237F: RegIsMachinePolicyAllowHelp
0x00A82396: RegIsMachineInHelpMode
0x00A823A8: ?egGetUserPolicy
0x00A823C1: ??egGetMachinePolicyEx
0x00A823DE: ?RegDenyTSConnectionsPolicy
0x00A823FA: ?egDefaultUserConfigQueryW
0x00A82412: ?egConsoleShadowQueryW

0x00A82436: RasReferenceRasman
0x00A82445: ?asInitialize

0x00A8250A: RasWizSetEntryName
0x00A82523: ?asWizQueryMaxPageCount
0x00A8253A: RasWizIsEntryRenamable
0x00A8255C: ?asWizGetUserInputConnectionName
0x00A8257B: ??asWizGetSuggestedEntryName
0x00A8258D: RasWizGetNCCFlags
0x00A825A4: ?RasWizCreateNewEntry
0x00A825B7: ??asUserPrefsDlg
0x00A825CC: RasUserGetManualDial
0x00A825E7: ??asUserEnableManualDial
0x00A825FB: RasSrvQueryShowIcon
0x00A82617: RasSrvIsConnectionConnected
0x00A8262F: RasSrvInitializeService
0x00A82646: RasSrvHangupConnection
0x00A8265D: ?asSrvEnumConnections
0x00A82674: ?RasSrvCleanupService
0x00A82694: ??asSrvAllowConnectionsConfig
0x00A826A9: ??asSrvAddWizPages
0x00A826BE: ?RasSrvAddPropPages
0x00A826D0: ?asPhonebookDlgW
0x00A826E0: ??asEntryDlgW
0x00A826EF: ??asDialDlgW

0x00A827F5: RasValidateEntryNameW
0x00A8280C: ?RasUnshareConnection
0x00A82822: ??asShareConnection
0x00A82838: ?asSetSharedAutoDial
0x00A82852: ??asSetEntryPropertiesW
0x00A8286A: ?asSetAutodialAddressW
0x00A8287B: ?asRenameEntryW
0x00A82894: RasQuerySharedConnection
0x00A828AE: ??asQuerySharedAutoDial
0x00A828C4: ?asQueryLanConnTable
0x00A828DD: ??asIsSharedConnection
0x00A828EA: ?RasHangUpW
0x00A82905: ?asGetSubEntryPropertiesW
0x00A8291D: ?RasGetSubEntryHandleW
0x00A82935: ?RasGetProjectionInfoW
0x00A8294A: ?RasGetErrorStringW
0x00A82962: ?asGetEntryPropertiesW
0x00A8297A: ?asGetEntryDialParamsW
0x00A8298E: ?asGetCredentialsW
0x00A829AA: ?asGetConnectionStatistics
0x00A829C0: ?asGetConnectStatusW
0x00A829DA: ??asGetAutodialAddressW
0x00A829EB: ?asEnumEntriesW
0x00A829FF: RasEnumConnectionsW
0x00A82A08: RasDialW
0x00A82A1B: ??asDeleteEntryW
0x00A82A36: RasConnectionNotificationW
0x00A82A49: ?wRasUninitialize
0x00A82A5E: ?DwEnumEntryDetails
0x00A82A6C: ?wCloneEntry

0x00A82AA7: LocateCatalogsW
0x00A82AB3: LoadIFilter
0x00A82AC6: CITextToFullTreeEx
0x00A82ACF: ?IState
0x00A82ADE: CIMakeICommand
0x00A82AE3: ?+?
0x00A82AE7: 横?
0x00A82AEB: 0+?
0x00A82AEF: 横?
0x00A82AF3:  +?
0x00A82AF7: 横?
0x00A82AFB: +?
0x00A82AFF: 横?
0x00A82B14: GetModuleInformation
0x00A82B2C: ??etModuleFileNameExW
0x00A82B42: ??etModuleBaseNameW
0x00A82B56: ?numProcessModules

0x00A82BC8: vServerPropPages
0x00A82BD8: ??QueueCreate
0x00A82BED: ??PrinterPropPages
0x00A82C01: ?vDocumentDefaults
0x00A82C11: ?bPrinterSetup
0x00A82C22: ?bFolderRefresh
0x00A82C35: ?FolderGetPrinter
0x00A82C4B: ?bFolderEnumPrinters
0x00A82C61: UnregisterPrintNotify
0x00A82C76: ?ShowErrorMessageSC
0x00A82C8A: ?howErrorMessageHR
0x00A82C9F: ?egisterPrintNotify

0x00A82CE7: SetSuspendState
0x00A82CFA: SetActivePwrScheme
0x00A82D09: ?eadPwrScheme
0x00A82D1F: ?IsPwrSuspendAllowed
0x00A82D34: IsPwrShutdownAllowed
0x00A82D4D: ??sPwrHibernateAllowed
0x00A82D62: ?GetActivePwrScheme

0x00A82D9D: LresultFromObject
0x00A82DAC: ?GetRoleTextW
0x00A82DC9: ??reateStdAccessibleProxyW
0x00A82DE5: ?CreateStdAccessibleObject
0x00A82E02: ?AccessibleObjectFromWindow

0x00A82E79: NtLicenseRequestW
0x00A82E8A: ?NtLSFreeHandle
0x00A82E8F: ?.?
0x00A82E93: 襁?
0x00A82E97: ??
0x00A82E9B: ゎ?
0x00A82EB9: NPCancelConnectionForCSCAgent
0x00A82ED7: ?NPAddConnection3ForCSCAgent

0x00A82F42: DsWriteAccountSpnW
0x00A82F56: ?sUnquoteRdnValueW
0x00A82F61: ?sUnBindW
0x00A82F6E: ?DsMakeSpnW
0x00A82F8A: ?sMakePasswordCredentialsW
0x00A82F95: ?sGetRdnW
0x00A82FB1: ?DsFreePasswordCredentials
0x00A82FC5: ?DsFreeNameResultW
0x00A82FD5: ?DsCrackNamesW
0x00A82FE7: ?DsBindWithCredW
0x00A82FEF: DsBindW

0x00A8301E: NcFreeNetconProperties
0x00A8302C: ?rOemUpgrade
0x00A83053: ??rGetAnswerFileParametersForNetCard
0x00A83057: |0?
0x00A8305B: W愍
0x00A8305F: d0?
0x00A83063: ^濯
0x00A83079: SHDisconnectNetDrives
0x00A83092: ?NetPlacesWizardDoModal
0x00A83097: ?0?
0x00A8309B: }楠
0x00A8309F: ??
0x00A830A3: ??
0x00A830C3: UpdateLanaConfigUsingAnswerfile
0x00A830DD: HrDiAddComponentToINetCfg
0x00A830E3: ?T5?

0x00A83241: NetpUpgradePreNT5JoinInfo
0x00A83250: ?NetpIsRemote
0x00A8325B: ??etbios
0x00A8326F: NetWkstaUserGetInfo
0x00A8327F: NetWkstaGetInfo
0x00A8328F: NetValidateName
0x00A8329E: NetUserSetInfo
0x00A832B0: ?etUserModalsGet
0x00A832C9: ??etUserGetLocalGroups
0x00A832DA: ?NetUserGetInfo
0x00A832EC: ?etUserGetGroups
0x00A832FA: ??etUserDel
0x00A83311: ?etUserChangePassword
0x00A8331E: ?NetUserAdd
0x00A8332F: ?etUnjoinDomain
0x00A8333F: NetShareSetInfo
0x00A8334F: NetShareGetInfo
0x00A8335E: NetSessionEnum
0x00A83370: ?etServerSetInfo
0x00A83384: ??etServerGetInfo
0x00A833A0: ??etRenameMachineInDomain
0x00A833BE: ??etQueryDisplayInformation
0x00A833D4: ?etMessageBufferSend
0x00A833EF: ??etLocalGroupGetMembers
0x00A833FD: NetJoinDomain
0x00A83415: ?NetGetJoinInformation
0x00A83432: ?NetEnumerateTrustedDomains
0x00A83441: ?etDfsGetInfo
0x00A83457: ?NetDfsGetClientInfo
0x00A83468: NetApiBufferFree
0x00A83480: ??etApiBufferAllocate
0x00A83493: ??etAlertRaiseEx
0x00A834A5: I_NetNameValidate
0x00A834BD: ?I_NetNameCanonicalize
0x00A834E1: ?DsRoleGetPrimaryDomainInformation
0x00A834F4: ?DsRoleFreeMemory
0x00A8350C: ??sGetDcSiteCoverageW
0x00A83527: ??sGetDcNameWithAccountW
0x00A83534: DsGetDcNameW
0x00A83550: ??sEnumerateDomainTrustsW
0x00A83569: ??sAddressToSiteNamesW

0x00A835C1: SpcGetCertFromKey
0x00A835D5: ?SignerTimeStampEx
0x00A835E4: ?SignerSignEx
0x00A835FF: ??ignerFreeSignerContext
0x00A8360F: PvkGetCryptProv
0x00A83620: PvkFreeCryptProv
0x00A83638: ??etCryptProvFromCert
0x00A83651: ??reeCryptProvFromCert
0x00A83657: ???
0x00A8365B: ??
0x00A8365F: |6?
0x00A83663: ??
0x00A83667: l6?
0x00A8366B: ??
0x00A8367A: TransparentBlt
0x00A83688: ?radientFill
0x00A83696: ??lphaBlend

0x00A836EE: ShowModelessHTMLDialog
0x00A83700: ?howHTMLDialogEx
0x00A83712: ??howHTMLDialog

0x00A837A8: acmStreamUnprepareHeader
0x00A837B9: ??cmStreamSize
0x00A837D2: ?acmStreamPrepareHeader
0x00A837E1: ?cmStreamOpen
0x00A837F4: ?acmStreamConvert
0x00A83806: ??cmStreamClose
0x00A8381C: ?cmFormatTagDetailsW
0x00A83830: ??cmFormatSuggest

0x00A838A4: MPRUI_WNetDisconnectDialog1W
0x00A838C4: ??PRUI_WNetDisconnectDialog1A
0x00A838E2: ??PRUI_WNetDisconnectDialog
0x00A83900: ?PRUI_WNetConnectionDialog1W
0x00A83920: ??PRUI_WNetConnectionDialog1A
0x00A8393E: ??PRUI_WNetConnectionDialog
0x00A8395A: ?PRUI_WNetClearConnections
0x00A83975: ?PRUI_ShowReconnectDialog
0x00A83992: ?MPRUI_DoProfileErrorDialog
0x00A839AA: ?PRUI_DoPasswordDialog

0x00A83ABA: WNetUseConnectionW
0x00A83AD2: ?NetRestoreConnectionW
0x00A83AEA: ?NetRestoreConnectionA
0x00A83B03: ?NetRestoreConnection2W
0x00A83B11: WNetOpenEnumW
0x00A83B20: ?WNetGetUserW
0x00A83B39: ??NetGetUniversalNameW
0x00A83B52: ?WNetGetResourceParentW
0x00A83B6F: ?NetGetResourceInformationW
0x00A83B8B: WNetGetResourceInformationA
0x00A83BA0: WNetGetProviderTypeW
0x00A83BB8: ??NetGetProviderNameW
0x00A83BD6: ??NetGetNetworkInformationW
0x00A83BE9: ?NetGetLastErrorW
0x00A83BFD: ?WNetGetLastErrorA
0x00A83C12: ?WNetGetConnectionW
0x00A83C26: ?NetGetConnectionA
0x00A83C3B: ?NetGetConnection3W
0x00A83C52: WNetFormatNetworkNameW
0x00A83C65: ?NetEnumResourceW
0x00A83C7E: ?WNetDisconnectDialog1W
0x00A83C94: ?NetDisconnectDialog
0x00A83CAE: ??NetConnectionDialog1W
0x00A83CC4: ?NetConnectionDialog
0x00A83CD5: ??NetCloseEnum
0x00A83CEC: ?WNetClearConnections
0x00A83D06: ??NetCancelConnection2W
0x00A83D1B: ?NetAddConnection3W
0x00A83D2F: WNetAddConnection2W
0x00A83D45: MultinetGetErrorTextW
0x00A83D69: ?MultinetGetConnectionPerformanceW

0x00A83E19: PRShowSaveWizardW
0x00A83E2F: ?PRShowSaveWizardExW
0x00A83E45: PRShowSaveFromMsginaW
0x00A83E5C: ?PRShowRestoreWizardW
0x00A83E76: ??RShowRestoreWizardExW
0x00A83E90: ?RShowRestoreFromMsginaW
0x00A83EA0: ??RShowKeyMgr

0x00A83F73: SetAdapterIpAddress
0x00A83F85: NotifyRouteChange
0x00A83F98: ?NotifyAddrChange
0x00A83FBC: ??hGetInterfaceNameFromDeviceGuid
0x00A83FD0: ??etUdpStatistics
0x00A83FE4: ??etTcpStatistics
0x00A83FF9: ??etRTTAndHopCount
0x00A84003: ?GetP|?

读取数据:0x00A84000*************************************

0x00A8400D: erAdapterInfo
0x00A84025: ?GetNumberOfInterfaces
0x00A84037: ?GetIpStatistics
0x00A84045: GetIpNetTable
0x00A84059: ?GetIpForwardTable
0x00A8406A: ?GetIpAddrTable
0x00A8407C: ?etInterfaceInfo
0x00A8408A: ??etIfTable
0x00A84096: ?etIfEntry
0x00A840A9: ?etIcmpStatistics
0x00A840BE: ?GetFriendlyIfIndex
0x00A840CC: ?etBestRoute
0x00A840E0: ??etBestInterface
0x00A840F3: ??etAdaptersInfo
0x00A84108: GetAdaptersAddresses
0x00A8412E: ??llocateAndGetIpAddrTableFromStack
0x00A84133: ?A?
0x00A84137: ^濯
0x00A8413B: `A?
0x00A8413F: ^濯
0x00A84143: HA?
0x00A84147: W愍
0x00A8415D: IcfGetOperationalMode
0x00A8416D: ?IcfDisconnect
0x00A8417A: ?IcfConnect
0x00A84183: ???C?

0x00A84226: SetWindowExtEx
0x00A84238: ?etViewportOrgEx
0x00A8424C: ??etViewportExtEx
0x00A84263: ??etSystemPaletteUse
0x00A8426E: SetMapMode
0x00A8427D: ?electPalette
0x00A8428C: ?SelectObject
0x00A8429E: ??ealizePalette
0x00A842B7: ?etSystemPaletteEntries
0x00A842C6: GetStockObject
0x00A842D5: ?etObjectType
0x00A842E5: ?GetDeviceCaps
0x00A842F4: ?DeleteObject
0x00A84300: ??eleteDC
0x00A84311: ??reatePalette
0x00A84324: ?CreateDIBSection
0x00A8433A: ??reateCompatibleDC
0x00A84352: ?reateCompatibleBitmap
0x00A8435A: ?itBlt

0x00A84479: JetUpdate
0x00A84484: ?JetTerm2
0x00A8448F: ??etTerm
0x00A844A5: JetSetSystemParameter
0x00A844BC: ?JetSetSessionContext
0x00A844D0: ??etSetIndexRange
0x00A844E6: ??etSetCurrentIndex
0x00A844F4: ?etSetColumn
0x00A844FF: ??etSeek
0x00A8450B: JetRollback
0x00A8451D: JetRetrieveColumn
0x00A84536: ?JetResetSessionContext
0x00A84548: ?etPrepareUpdate
0x00A84558: ??etOpenTable
0x00A8456B: ??etOpenDatabase
0x00A84573: JetMove
0x00A8457E: JetMakeKey
0x00A84587: ?etInit
0x00A8459B: JetIndexRecordCount
0x00A845B1: JetGetTableColumnInfo
0x00A845C6: ?JetGetDatabaseInfo
0x00A845D5: ?etEndSession
0x00A845E9: ?JetDetachDatabase
0x00A845FA: ?JetDeleteTable
0x00A84605: ?etDelete
0x00A84621: ?JetCreateTableColumnIndex
0x00A84635: ?JetCreateDatabase
0x00A8464C: ?JetCommitTransaction
0x00A8465D: ??etCloseTable
0x00A84670: ?JetCloseDatabase
0x00A84687: ??etBeginTransaction
0x00A84697: JetBeginSession
0x00A846A9: JetAttachDatabase
0x00A846B8: ?JetAddColumn
0x00A846C3: ????J?

0x00A847F9: UtilDrawBlendRect
0x00A8480A: ?SetGadgetStyle
0x00A8481D: ?etGadgetRootInfo
0x00A8482D: ?SetGadgetRect
0x00A8483F: ?SetGadgetParent
0x00A84856: SetGadgetMessageFilter
0x00A84866: ?etGadgetFocus
0x00A84876: ?etGadgetFillI
0x00A8488B: ?etGadgetBufferInfo
0x00A8489B: MapGadgetPoints
0x00A848AE: LookupGadgetTicket
0x00A848C0: ?nvalidateGadget
0x00A848CF: ??nitGadgets
0x00A848DC: GetStdColorI
0x00A848F1: ??etStdColorBrushI
0x00A84901: ?GetMessageExW
0x00A84913: ?GetGadgetTicket
0x00A84921: GetGadgetSize
0x00A84930: ?GetGadgetRgn
0x00A84941: ??etGadgetRect
0x00A84952: ?GetGadgetFocus
0x00A84966: ?etGadgetAnimation
0x00A84970: ?etDebug
0x00A84988: ??orwardGadgetMessage
0x00A84998: ??indStdColor
0x00A849AF: ??indGadgetFromPoint
0x00A849BD: DetachWndProc
0x00A849CC: ?DeleteHandle
0x00A849DE: ??UserSendEvent
0x00A849EE: ?UserPostEvent
0x00A849FC: ?reateGadget
0x00A84A0C: ??reateAction
0x00A84A22: ??uildInterpolation
0x00A84A33: ?uildDropTarget
0x00A84A42: BuildAnimation
0x00A84A4D: ?utoTrace
0x00A84A5E: ?AttachWndProcW

0x00A84AB7: DhcpStaticRefreshParams
0x00A84AC9: DhcpRequestParams
0x00A84AE1: ?DhcpReleaseParameters
0x00A84AFA: ?DhcpNotifyConfigChange
0x00A84B0E: ?hcpCApiInitialize
0x00A84B1F: ?hcpCApiCleanup
0x00A84B40: DhcpAcquireParametersByBroadcast
0x00A84B59: ??hcpAcquireParameters

0x00A84B92: DirectDrawEnumerateExW
0x00A84BAA: ?irectDrawEnumerateExA
0x00A84BBE: ?irectDrawCreateEx
0x00A84BD0: ?irectDrawCreate

0x00A84C1B: LocalEnrollNoDS
0x00A84C27: LocalEnroll
0x00A84C42: CryptUIDlgViewCertificateW
0x00A84C56: ?ryptUIDlgViewCTLW
0x00A84C6A: ?ryptUIDlgViewCRLW

0x00A84E33: CryptVerifyMessageSignature
0x00A84E53: CryptVerifyCertificateSignature
0x00A84E66: CryptUnprotectData
0x00A84E78: ?ryptSignMessage
0x00A84E99: ??ryptSignAndEncodeCertificate
0x00A84EAC: ?CryptQueryObject
0x00A84EC0: ??ryptProtectData
0x00A84ED4: ??ryptMsgGetParam
0x00A84EF2: ??ryptMsgGetAndVerifySigner
0x00A84F01: ?ryptMsgClose
0x00A84F1E: ?CryptImportPublicKeyInfoEx
0x00A84F38: ?ryptImportPublicKeyInfo
0x00A8501F: VerifySubjectCertificateContext
0x00A85040: CertVerifyCertificateChainPolicy
0x00A85052: ??ertStrToNameW
0x00A85075: ?ertSetCertificateContextProperty
0x00A85091: ?CertRegisterPhysicalStore
0x00A850A6: ?CertRDNValueToStrW
0x00A850BC: ?ertOpenSystemStoreW
0x00A850CD: ??ertOpenStore
0x00A850DE: ?CertNameToStrW
0x00A850F6: ?ertGetPublicKeyLength
0x00A8510A: ?ertGetNameStringW
0x00A8512D: ?ertGetIssuerCertificateFromStore
0x00A85147: ?CertGetEnhancedKeyUsage
0x00A85169: CertGetCertificateContextProperty
0x00A85183: ?CertGetCertificateChain
0x00A8519E: CertFreeCertificateContext
0x00A851B8: ?ertFreeCertificateChain
0x00A851CE: ??ertFreeCTLContext
0x00A851E4: ?ertFindSubjectInCTL
0x00A851F9: ??ertFindExtension
0x00A85216: ?CertFindCertificateInStore
0x00A8522A: ?ertFindCTLInStore
0x00A85247: ?ertEnumCertificatesInStore
0x00A85267: CertDuplicateCertificateContext
0x00A8527F: CertDuplicateCTLContext
0x00A8529E: CertDeleteCertificateFromStore
0x00A852BC: ?ertCreateCertificateContext
0x00A852D4: ??ertCreateCTLContext
0x00A852E8: ??ertControlStore
0x00A85306: ??ertCompareCertificateName
0x00A85316: ?ertCloseStore
0x00A85338: ?ertAddCertificateContextToStore
0x00A8533F: ??S?

0x00A8537F: CredUIStoreSSOCredW
0x00A8539B: CredUIPromptForCredentialsW
0x00A853B0: CredUIParseUserNameW
0x00A853C6: ??redUIInitControls
0x00A853E1: ?redUIFlushAllCredentials
0x00A85406: ?CredUICmdLinePromptForCredentialsW

0x00A8543E: SubscribeToCDF
0x00A85455: ?arseDesktopComponent

0x00A8D313: ]??DuplicateEncryptionInfoFile

0x00A8E0B0: ?产?E,?肴?etSecurityDescriptorControl
0x00A8E0C9: ??etNamedSecurityInfoW
0x00A8E0E1: ?GetNamedSecurityInfoW
0x00A8E0FB: ?????? SV3??u  ?

0x00A83241: NetpUpgradePreNT5JoinInfo
0x00A83250: ?NetpIsRemote
0x00A8325B: ??etbios
0x00A8326F: NetWkstaUserGetInfo
0x00A8327F: NetWkstaGetInfo
0x00A8328F: NetValidateName
0x00A8329E: NetUserSetInfo
0x00A832B0: ?etUserModalsGet
0x00A832C9: ??etUserGetLocalGroups
0x00A832DA: ?NetUserGetInfo
0x00A832EC: ?etUserGetGroups
0x00A832FA: ??etUserDel
0x00A83311: ?etUserChangePassword
0x00A8331E: ?NetUserAdd
0x00A8332F: ?etUnjoinDomain
0x00A8333F: NetShareSetInfo
0x00A8334F: NetShareGetInfo
0x00A8335E: NetSessionEnum
0x00A83370: ?etServerSetInfo
0x00A83384: ??etServerGetInfo
0x00A833A0: ??etRenameMachineInDomain
0x00A833BE: ??etQueryDisplayInformation
0x00A833D4: ?etMessageBufferSend
0x00A833EF: ??etLocalGroupGetMembers
0x00A833FD: NetJoinDomain
0x00A83415: ?NetGetJoinInformation
0x00A83432: ?NetEnumerateTrustedDomains
0x00A83441: ?etDfsGetInfo
0x00A83457: ?NetDfsGetClientInfo
0x00A83468: NetApiBufferFree
0x00A83480: ??etApiBufferAllocate
0x00A83493: ??etAlertRaiseEx
0x00A834A5: I_NetNameValidate
0x00A834BD: ?I_NetNameCanonicalize
0x00A834E1: ?DsRoleGetPrimaryDomainInformation
0x00A834F4: ?DsRoleFreeMemory
0x00A8350C: ??sGetDcSiteCoverageW
0x00A83527: ??sGetDcNameWithAccountW
0x00A83534: DsGetDcNameW
0x00A83550: ??sEnumerateDomainTrustsW
0x00A83569: ??sAddressToSiteNamesW

0x00A835C1: SpcGetCertFromKey
0x00A835D5: ?SignerTimeStampEx
0x00A835E4: ?SignerSignEx
0x00A835FF: ??ignerFreeSignerContext
0x00A8360F: PvkGetCryptProv
0x00A83620: PvkFreeCryptProv
0x00A83638: ??etCryptProvFromCert
0x00A83651: ??reeCryptProvFromCert

0x00A8367A: TransparentBlt
0x00A83688: ?radientFill
0x00A83696: ??lphaBlend

0x00A84F52: ??ryptHashPublicKeyInfo
0x00A84F65: ?ryptFormatObject
0x00A84F80: ?CryptExportPublicKeyInfo
0x00A84F97: ??ryptEncryptMessage
0x00A84FAB: CryptEncodeObjectEx
0x00A84FBD: CryptEncodeObject
0x00A84FD3: ?CryptDecryptMessage
0x00A84FE7: CryptDecodeObjectEx
0x00A84FF9: CryptDecodeObject
2006-11-13 19:01
0
堕落天才
雪    币: 293
活跃值: (110)
能力值: ( LV9,RANK:410 )
在线值:
发帖
回帖
粉丝
私信
71
0x001523C0: \x01\xf8\x4d\x34\xb9\x34\x65\x5a\x3e\x44\xdc\x1e\xa9\xb5\xd6\x78\x23\xcc\x0d\xf9\x4c\x90\x05\x98
0x001523D8: \x01\xf8\x4d\x3a\xb9\x36\x75\x31\x66\x1d\x88\x42\xa9\x86\xda\x30\x20\x92\x0d\xa1\x1a\x84\x47\x98\x11\xad\xad\x28\x49\x44
0x001523E1: F

0x0015CB08: \x01\xf8\x4d\x3a\xb9\x36\x75\x31\x66\x1d\x88\x42\xa9\x86\xda\x30\x20\x92\x0d\xa1\x1a\x84\x47\x98\x11\xad\xad\x28\x49\x44

//好象是传说中的Shellcode??望高人指点
//另外游戏进程用CreateProcess启动GameMon.des,在其中的Command参数也是传了一串这东西,我看不懂
2006-11-13 19:04
0
feiproxy
雪    币: 207
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
72
最初由 盖重阳 发布
公司下的什么题目
要干掉np?

呵呵 一般人是干不掉的
与其干掉费那么多事
........


问题是想躲都不会
2006-11-18 00:29
0
djpvd
雪    币: 320
活跃值: (104)
能力值: (RANK:180 )
在线值:
发帖
回帖
粉丝
私信
73
最初由 3XeyeS 发布
不要尝试用脱壳后的文件代替原文件,这样的结果是游戏报告给你文件被修改过拒绝运行,它强在和游戏主程序结合的很紧密,一有什么不妥就会挂掉


?教一下 他??一?密? 16?字? 我接收到的如下

4E 95 DD 29 CE 3A 55 DB 20 B6 AD 97 A6 5C C0 1C

?教呃???是?NP上面?的 ?是咣?的服?器?的呢

要有呃???才能?咣?在活5分? ?有的?就??了
2006-12-6 12:23
0
cpu
雪    币: 211
活跃值: (10)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
74
其实破NP最好的办法是修改它读取的代码,把地址指向一个新的位置,把原数据作一个备份,骗过它,而不是NOP掉它,这样就可以骗过服务器的较验了,又不影响打补丁。
2006-12-19 09:53
0
djpvd
雪    币: 320
活跃值: (104)
能力值: (RANK:180 )
在线值:
发帖
回帖
粉丝
私信
75
最初由 cpu 发布
其实破NP最好的办法是修改它读取的代码,把地址指向一个新的位置,把原数据作一个备份,骗过它,而不是NOP掉它,这样就可以骗过服务器的较验了,又不影响打补丁。


?教是修改NP本身的文件 ?是咣?主程序呢

THX
2006-12-19 20:37
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//