能力值:
( LV3,RANK:20 )
|
-
-
6 楼
看了一下,不是很容易搞定的,像我这样的菜鸟玩不起,呵呵
看来ldr都被你们这些高手玩烂了,呵呵
不过后来发现了一个问题,不知道是这个程序还是我的机器被木马感染了
发现如下很多字符串:
Address Disassembly Text String
0093E7CB push 7C80F31C win.ini
0093FFF4 push 7C81106C conin$
00940009 push 7C81105C conout$
00940718 push 7C811FB0 scountry
009409AC push 7C80BCE4 sshortdate
00940A35 push 7C80BCE4 sshortdate
00940AC9 push 7C81C6E8 slongdate
00940AEC push 7C811FA4 dmy'
00940B65 push 7C811FA4 dmy'
00940C39 push 7C84E97C ipapersize
00940CBC push 7C84E964 syearmonth
009412E9 push 7C812310 sdecimal
00941331 push 7C812358 sthousand
0094137F push 7C8123A0 sgrouping
0094158F push 7C8125CC idate
009415F1 push 7C812630 itime
00943C8D mov dword ptr [ebp-224], 7C814E00 .dll
00944D05 push 7C816120 .%lu
00944D5E push 7C815210 .manifest
009456F9 push 7C816740 __compat_layer
009463AE push 7C817414 \nls\nlssectionctype
009464AE push 7C8175A0 \registry\machine\system\currentcontrolset\control\terminal server
0094651F push 7C817588 tsappcompat
009468B4 push 7C8178E8 \registry\machine\software
00946A08 push 7C817BF8 \nls\nlssectionunicode
00946C26 push 7C817C84 \nls\nlssectionlocale
00946CD3 push 7C817F0C \nls\nlssectionsorttbls
0094707B mov dword ptr [7C8830A8], 7C883980 chs
00947438 push 7C818AC4 \nls\nlssectionsortkey
0094757A push 7C818720 tmp
0094757F push 7C818708 basedll!
009475A5 push 7C883028 b
009475BD push 7C8186F4 \windows
009476D5 mov edi, 7C885BA0 c:\windows\system32;c:\windows\system;c:\windows;
009477A2 mov edx, 7C8187B0 \system
00947A40 push 7C818AC4 \nls\nlssectionsortkey
009480D8 push 7C81A1B8 debugger
00949A3F mov esi, 7C81AB48 \temp
00949AA0 push 7C81AB30 systemdrive
00949B7B push 7C88393C shimsharedmemory
00949CF7 mov dword ptr [ebp-218], 7C81ADC4 \system32\apphelp.dll
0094A6A0 push 7C80BCFC stimeformat
0094A72B push 7C81C094 inegcurr
0094A791 push 7C81C094 inegcurr
0094A7E9 push 7C81C034 icurrency
0094A845 push 7C81C094 inegcurr
0094A894 push 7C81C034 icurrency
0094A904 push 7C81C094 inegcurr
0094A955 push 7C81B978 spositivesign
0094A9B1 push 7C80BCE4 sshortdate
0094B057 push 7C81C080 scurrency
0094B0BF push 7C81C0E8 icurrdigits
0094B113 push 7C81C134 smondecimalsep
0094B165 push 7C81C188 smonthousandsep
0094B1BB push 7C81C1DC smongrouping
0094B209 push 7C81C22C snegativesign
0094B257 push 7C80BCE4 sshortdate
0094B28D push 7C8121B4 s1159
0094B2C3 push 7C8121A8 s2359
0094B2F9 push 7C81C320 sdate
0094B430 push 7C81218C icalendartype
0094B45F push 7C81C6E8 slongdate
0094B514 push 7C81C01C \nls\locale
0094B519 push 7C81BF50 \registry\machine\system\currentcontrolset\control
0094B54D push 7C81BFE4 \nls\locale\alternate sorts
0094B552 push 7C81BF50 \registry\machine\system\currentcontrolset\control
0094B586 push 7C81BFB8 \nls\language groups
0094B58B push 7C81BF50 \registry\machine\system\currentcontrolset\control
0094B6B5 push 7C81C6DC stime
0094B9CD push 7C81C898 \
0094F265 push 7C820298 hostname
0094F26A push 7C8205B0 \registry\machine\system\currentcontrolset\services\tcpip\parameters
0094F4D0 mov ebx, 7C8316A8 computername
0094F4D6 push 7C820508 \registry\machine\system\currentcontrolset\control\computername\activecomputername
0094F4F2 push 7C82B738 \registry\machine\system\currentcontrolset\control\computername\computername
0094F63C push 7C820700 primarydnssuffix
0094F641 push 7C820680 \registry\machine\software\policies\microsoft\system\dnsclient
0094F660 push 7C82066C domain
0094FA86 push 7C81FC54 \\.\mountpointmanager
0094FE87 push 7C81FC54 \\.\mountpointmanager
00950DB1 push 7C821EE8 \??
009579F1 push 7C828B44 .bat
00957A08 push 7C828B38 .cmd
0095816D mov eax, 7C829D00 wowexec.pif
00958238 mov ecx, 7C829CF4 .pif
009582A3 mov eax, 7C829CF4 .pif
0095850A push 7C829CD8 hotkey.%u %s
00958E80 push 7C829ED4 dde.
00958E9A push 7C829EC4 hotkey.
0095955C mov esi, 7C82A5B0 locale
009595E3 push 7C82A398 control panel\international
009597AD push 7C82A398 control panel\international
00959982 push 7C82AA1C \nls\muilanguages
00959987 push 7C81BF50 \registry\machine\system\currentcontrolset\control
00959E55 mov edx, 7C81C898 \
0095A205 push 7C82A5B0 locale
0095A2C3 mov edi, 7C82B31C setup.exe
0095A467 push 7C88391C shimcachemutex
0095A49F push 7C88393C shimsharedmemory
0095A630 push 7C8316A8 computername
0095A64D push 7C82B6E4 network computername
0095A6A9 push 7C8316A8 computername
0095A8C4 push 7C82B94C \nls
0095B260 push 7C82C288 %ws
0095B6DC push 7C82C854 \\.\pipe\
0095B708 push 7C82C830 \dosdevices\pipe\
0095C2C7 push 7C81FC54 \\.\mountpointmanager
0095CAB2 push 7C82DAD4 "
0095CAC1 push 7C82DAD4 "
0095E2A2 push 7C82F338 .exe
0095F10C push 7C830130 slanguage
0095FB47 push 7C830B70 *.*
009606E2 push 7C831860 _cluster_network_name_
00960709 push 7C8317E0 \registry\machine\system\currentcontrolset\control\computername
0096075F mov edi, 7C8317B8 activecomputername
0096091A push 7C8316A8 computername
009621B8 push 7C80F31C win.ini
00962239 push 7C83329C \/
00962270 push 7C81C898 \
00962527 mov edx, 7C80BCE4 sshortdate
0096258A push 7C80BCFC stimeformat
00962896 push 7C81218C icalendartype
009631DB push 7C8121A8 s2359
009633D9 push 7C8121B4 s1159
0096420F push 7C835238 icountry
00965A6A push 7C836A94 slist
00966225 push 7C81C034 icurrency
0096627B push 7C8372A4 idigits
009662D1 push 7C8372F4 ilzero
0096631B push 7C81C094 inegcurr
00966375 push 7C837398 ifirstdayofweek
009663D5 push 7C8373F8 ifirstweekofyear
00966433 push 7C837470 itlzero
00966493 push 7C8374B4 snativedigits
00966749 push 7C83776C inegnumber
009669C2 push 7C837910 nation
009669DF push 7C8378D0 control panel\international\geo
00966A5D push 7C84E998 region
00966ACF push 7C837BD0 \device\beep
00966D7A push 7C81C01C \nls\locale
00966D7F push 7C81BF50 \registry\machine\system\currentcontrolset\control
00966DB3 push 7C81BFE4 \nls\locale\alternate sorts
00966DB8 push 7C81BF50 \registry\machine\system\currentcontrolset\control
00966DEC push 7C81BFB8 \nls\language groups
00966DF1 push 7C81BF50 \registry\machine\system\currentcontrolset\control
0096744D push 7C838470 numshape
0096749B push 7C8384C4 imeasure
00967595 push 7C8385C0 \nls\codepage
0096759A push 7C81BF50 \registry\machine\system\currentcontrolset\control
00967869 push 7C81C6E8 slongdate
009678A3 push 7C80BCE4 sshortdate
0096792B push 7C80BCFC stimeformat
00967BD2 push 7C838C38 winsta
00967BE4 push 7C838C24 _winstationbeepopenwinsta
00968136 push 7C838F70 software\policies\microsoft\control panel\international\calendars\twodigityearmax
00968164 push 7C838F00 control panel\international\calendars\twodigityearmax
00968277 push 7C839298 itimeprefix
00968670 mov eax, 7C8396C0 \kernelobjects\lowmemorycondition
00968781 push 7C81BFE4 \nls\locale\alternate sorts
00968786 push 7C81BF50 \registry\machine\system\currentcontrolset\control
009687D2 push 7C81BFB8 \nls\language groups
009687D7 push 7C81BF50 \registry\machine\system\currentcontrolset\control
009688EE push 7C81C01C \nls\locale
009688F3 push 7C81BF50 \registry\machine\system\currentcontrolset\control
009689B4 push 7C839A6C \nls\nlssectioncp
00968C01 mov dword ptr [ebp-38], 7C84E93C command prompt
0096A798 push 7C83B7B4 \registry\user\.default
0096A877 push 7C81C898 \
0096A894 push 7C81C898 \
0096A97C push 7C81EDA4 =
0096B288 push 7C83C318 user32.dll
0096B2AB push 7C83C300 broadcastsystemmessagewuser32.dll
0096B471 push 7C84E55C \global??
0096B52A push 7C83C79C symboliclink
0096B6D0 push 7C83C79C symboliclink
0096C5D9 push 7C84E570 advapi32.dll
0096E278 push 7C84E570 advapi32.dll
0096E42F push 7C84E570 advapi32.dll
0096E518 push 7C83F7C0 ~rf%4x.tmp
0096F5C3 push 7C84060C restricted
0096F62E push 7C8406B4 %ws\%ld%ws
0096F685 push 7C885310 psapi.dll
0096F9CD push 7C840A68 netmsg.dll
009700AD push 7C8411F0 pipe\
00970129 mov esi, 7C8411CC \dosdevices\unc\
00970368 mov esi, 7C81C898 \
0097040B push 7C84148C c:\temp\
00970AC6 mov dword ptr [ebp-218], 7C81ADC6 system32\apphelp.dll
00970E9B push 7C84207C embdtrst.dll
00970F4C push 7C842040 session manager
0097122C push 7C842548 \software\policies\microsoft\windows\safer\codeidentifiers
00971B1A push 7C8431F8 posix /p
00971BCE push 7C8431F4
00971DE5 push 7C82DAD4 "
00971E22 push 7C82DAD4 "
009724F8 mov eax, 7C843510 \kernelobjects\highmemorycondition
00972569 push 7C843684 globalroot
00972578 push 7C843658 globalroot\sessions\
00972598 push 7C843684 globalroot
0097259D push 7C843630 %ws\dosdevices\%ws
009725B4 push 7C843658 globalroot\sessions\
009725B9 push 7C843604 %ws%u\dosdevices\%ws
00972838 push 7C84E550 \??\
00972EE5 push 7C84E71C tsappcmp.dll
00973134 push 7C84424C homedrive
00973142 push 7C844238 homepath
00973208 push 7C81C898 \
00973212 push 7C844228 windows
009733AA push 7C81C898 \
00973405 push 7C844694 .ctx
009741CD push 7C8452F8 \\?\globalroot
00974D68 mov dword ptr [ebp-298], 7C8460AC application.manifest
00975762 push 7C8836CC 挟
0097748C mov esi, 7C84E994 0
00977A9F push 7C838F70 software\policies\microsoft\control panel\international\calendars\twodigityearmax
00977AB9 push 7C838F00 control panel\international\calendars\twodigityearmax
00977EB6 push 7C81218C icalendartype
009781F3 push 7C84E964 syearmonth
0097BB5A push 7C81C22C snegativesign
0097BCC7 push 7C8372A4 idigits
0097BCEB push 7C8372F4 ilzero
0097BD11 push 7C83776C inegnumber
0097BD3A push 7C8123A0 sgrouping
0097BD62 push 7C812310 sdecimal
0097BDB8 push 7C812358 sthousand
0097C982 mov edx, 7C84E964 syearmonth
0097C9A3 mov edx, 7C81C6E8 slongdate
00984ECE push 7C883618 :$data
0098666B push 7C8852F4 dnsapi.dll
00986CAB push 7C8316A8 computername
00986CB0 push 7C82B738 \registry\machine\system\currentcontrolset\control\computername\computername
00986CDD push 7C8852F4 dnsapi.dll
00986D38 push 7C857D88 nv hostname
00986D3D push 7C8205B0 \registry\machine\system\currentcontrolset\services\tcpip\parameters
00986DB7 push 7C8852F4 dnsapi.dll
00986DFE push 7C857E28 nv domain
00986E03 push 7C8205B0 \registry\machine\system\currentcontrolset\services\tcpip\parameters
00986E5C push 7C84E470 optionalnames
00986E61 push 7C84E3D8 \registry\machine\system\currentcontrolset\services\lanmanserver\parameters
00986E8D push 7C84E520 alternatecomputernames
00986E92 push 7C84E490 \registry\machine\system\currentcontrolset\services\dnscache\parameters
00986EC7 mov edi, 7C84E520 alternatecomputernames
00986ECD mov esi, 7C84E490 \registry\machine\system\currentcontrolset\services\dnscache\parameters
00986F61 push 7C84E470 optionalnames
00986F66 push 7C84E3D8 \registry\machine\system\currentcontrolset\services\lanmanserver\parameters
00986F99 push 7C84E520 alternatecomputernames
00986F9E push 7C84E490 \registry\machine\system\currentcontrolset\services\dnscache\parameters
00986FF4 push 7C858084 .
0098710A push 7C82B738 \registry\machine\system\currentcontrolset\control\computername\computername
00987152 push 7C8316A8 computername
00987699 mov esi, 7C858BB8 a:
009876D5 mov dword ptr [ebp-654], 7C858BA4 \??\unc\
009876F1 mov dword ptr [ebp-660], 7C84E550 \??\
009877A6 push 7C858AE0 \device\lanmanredirector\;
0098780F push 7C858B18 \device\harddisk
00987829 push 7C858B3C \device\cdrom
00987843 push 7C858B58 \device\floppy
0098785D push 7C858B78 \device\windfs\
009878CF push 7C858B98 \dfs
00987C7B mov ebx, 7C84E520 alternatecomputernames
00987C81 mov edi, 7C84E490 \registry\machine\system\currentcontrolset\services\dnscache\parameters
00987E48 push 7C84E520 alternatecomputernames
00987E4D push 7C84E490 \registry\machine\system\currentcontrolset\services\dnscache\parameters
00987F92 push 7C84E520 alternatecomputernames
00987F97 push 7C84E490 \registry\machine\system\currentcontrolset\services\dnscache\parameters
0098B1EE push 7C84E55C \global??
0098BBE9 push 7C85CEE0 \registry\machine\system\currentcontrolset\control\session manager
0098BC07 push 7C85CEA4 pendingfilerenameoperations
0098BC17 push 7C85CE68 pendingfilerenameoperations%d
0098C4E8 push 7C84E570 advapi32.dll
0098D139 push 7C84E570 advapi32.dll
0098E78D push 7C84E570 advapi32.dll
0098FDD8 push 7C860E04 /c
00990BED push 7C861D20 advapi32.dll
00990C84 push 7C84E71C tsappcmp.dll
00990DD3 push 7C84E738 \inifile.upd
00991088 push 7C84E738 \inifile.upd
00992189 push 7C863888 auto
009921D8 push 7C81A1B8 debugger
009922AD push 7C863874 drwtsn32
00992317 push 7C863844 \system32\faultrep.dll
0099260C push 7C863828 %s\system32\
00992698 mov dword ptr [ebp-67C], 7C863808 winsta0\default
00993A12 push 7C864B20 [system process]
00995403 push 7C885334 cfgmgr32.dll
00995447 push 7C8221BC cm_open_devnode_key<
0099547D push 7C86671C modem
009954CE push 7C866710 modem
00995521 mov dword ptr [ebp-8C], 7C8666F4 friendlyname
0099555E mov dword ptr [ebp-8C], 7C8666D8 configdialog
009955FE push 7C84E7F0 serialcomm
00996E83 push 7C867FB8 \registry\machine\system\currentcontrolset\control\wow
009977EA push 7C868AB0 size
009977F7 push 7C868AA0 cmdline
009977FE push 7C868A90 wowsize
0099780B push 7C868A78 wowcmdline
0099786F push 7C868A68 \system32\ntvdmwowcmdline
00997DE6 push 7C868EC0 $extend\$reparse:$r:$index_allocation
00997FCB push 7C81FC54 \\.\mountpointmanager
009980BD mov esi, 7C84E830 \dosdevices\
009981B2 push 7C81FC54 \\.\mountpointmanager
00998304 push 7C81FC54 \\.\mountpointmanager
0099859C push 7C81FC54 \\.\mountpointmanager
009987BA mov esi, 7C84E830 \dosdevices\
009988A2 push 7C81FC54 \\.\mountpointmanager
00998999 push 7C81FC54 \\.\mountpointmanager
00999838 push 7C84E7F0 serialcomm
0099E837 mov esi, 7C86F93C rcx
009A0107 push 7C871174 console.dll
009A03D3 mov dword ptr [ebp-474], 7C84E93C command prompt
009A11DA push 7C872258 gdi32
009A3CCE push 7C874D80 \registry\machine\software\microsoft\windows nt\currentversion\console
009A3CEA push 7C874D64 consoleime
009A3D31 push 7C874D4C conime.exe
009A3E42 push 7C874F50 consoleime_startup_event
009A543B push 7C81BFB8 \nls\language groups
009A5440 push 7C81BF50 \registry\machine\system\currentcontrolset\control
009A5516 push 7C876600 \registry\machine\system\currentcontrolset\control\nls\muilanguages
009A56C3 push 7C82A398 control panel\international
009A5743 push 7C82A398 control panel\international
009A57B2 push 7C80BCFC stimeformat
009A57E3 push 7C81C6DC stime
009A5811 push 7C812630 itime
009A583F push 7C837470 itlzero
009A586D push 7C839298 itimeprefix
009A5897 push 7C812630 itime
009A58BE push 7C80BCE4 sshortdate
009A58EC push 7C81C320 sdate
009A591A push 7C8125CC idate
009A5941 push 7C81C6DC stime
009A596B push 7C80BCFC stimeformat
009A598E push 7C81C320 sdate
009A59B8 push 7C80BCE4 sshortdate
009A5A76 mov edi, 7C838F00 control panel\international\calendars\twodigityearmax
009A5A92 push 7C876C08 control panel\international\calendars
009A5AED push 7C84E960 1
009A5B09 push 7C84E95C 2
009A5B25 push 7C876C00 9
009A5B41 push 7C876BF8 10
009A5B59 push 7C876BF0 11
009A5B71 push 7C876BE8 12
009A5CDB push 7C876D10 (
009A5CED push 7C876D0C )
009A61E3 push 7C877CE4 hhmst'
009A6203 push 7C80BCFC stimeformat
009A623F push 7C81C6DC stime
009A63AF push 7C80BCFC stimeformat
009A646D mov edi, 7C877CDC dmy
009A6541 push 7C877CD0 dmyg'
009A6560 mov eax, 7C84E994 0
009A656E mov eax, 7C84E960 1
009A6575 mov eax, 7C84E95C 2
009A65A1 push 7C877CD0 dmyg'
009A65C1 push 7C80BCE4 sshortdate
009A65FA push 7C81C320 sdate
009A672C push 7C877CDC dmy
009A67DE push 7C877CC8 my
009A680C mov esi, 7C877CC0 hh'
009A68A7 mov ebx, 7C877CB8 t'
009A68F5 mov ebx, 7C877CE4 hhmst'
009A694B push 7C877CAC hhms'
009A6979 push 7C877CAC hhms'
009A69B2 push 7C877CA0 hhms
009A69D2 push 7C877C94 hhmst
009A6A41 push 7C877CE4 hhmst'
009A6A5E mov ecx, 7C84E994 0
009A6A63 mov eax, 7C84E960 1
009A6E85 push 7C8385C0 \nls\codepage
009A6E8A push 7C81BF50 \registry\machine\system\currentcontrolset\control
009A6F2D mov edx, 7C81C898 \
009A705E push 7C81BFB8 \nls\language groups
009A7063 push 7C81BF50 \registry\machine\system\currentcontrolset\control
009A7310 mov edx, 7C87847C locale_list_
009A7349 mov edx, 7C878460 \inf\intl.inf
009A7513 push 7C8385C0 \nls\codepage
009A7518 push 7C81BF50 \registry\machine\system\currentcontrolset\control
009A7639 push 7C8786D4 65000
009A764B push 7C8786C8 65001
009A766A push 7C8786D4 65000
009A768D push 7C8786C8 65001
009A7A63 push 7C878BD0 -
009A7D08 push 7C837910 nation
009A7D0F push 7C84E998 region
009A7D2B push 7C8378D0 control panel\international\geo
009A90AC push 7C8385C0 \nls\codepage
009A90B1 push 7C81BF50 \registry\machine\system\currentcontrolset\control
009A90FF push 7C87A1BC maccp
009A9AC2 mov dword ptr [eax], 7C81C094 inegcurr
009A9AD8 mov dword ptr [eax], 7C81C034 icurrency
009A9AEE mov dword ptr [eax], 7C81C0E8 icurrdigits
009A9B04 mov dword ptr [eax], 7C81C1DC smongrouping
009A9B1A mov dword ptr [eax], 7C81C188 smonthousandsep
009A9B30 mov dword ptr [eax], 7C81C134 smondecimalsep
009A9B46 mov dword ptr [eax], 7C81C080 scurrency
009A9B5C mov dword ptr [eax], 7C8374B4 snativedigits
009A9B72 mov dword ptr [eax], 7C8372F4 ilzero
009A9B88 mov dword ptr [eax], 7C8372A4 idigits
009A9B9E mov dword ptr [eax], 7C8123A0 sgrouping
009A9BB4 mov dword ptr [eax], 7C812358 sthousand
009A9BCA mov dword ptr [eax], 7C812310 sdecimal
009A9BE0 mov dword ptr [eax], 7C8384C4 imeasure
009A9BF6 mov dword ptr [eax], 7C836A94 slist
009A9C0C mov dword ptr [eax], 7C81C6E8 slongdate
009A9C50 mov dword ptr [eax], 7C84E964 syearmonth
009A9C66 mov dword ptr [eax], 7C81C22C snegativesign
009A9C7C mov dword ptr [eax], 7C81B978 spositivesign
009A9C92 mov dword ptr [eax], 7C8121A8 s2359
009A9CA8 mov dword ptr [eax], 7C8121B4 s1159
009A9CBE mov dword ptr [eax], 7C81218C icalendartype
009A9CED mov dword ptr [eax], 7C838470 numshape
009A9D00 mov dword ptr [eax], 7C83776C inegnumber
009A9D13 mov dword ptr [eax], 7C8373F8 ifirstweekofyear
009A9D26 mov dword ptr [eax], 7C837398 ifirstdayofweek
009A9D39 mov dword ptr [eax], 7C84E97C ipapersize
009AA13F push 7C81C22C snegativesign
009AA818 push 7C81C0E8 icurrdigits
009AA83C push 7C8372F4 ilzero
009AA862 push 7C81C034 icurrency
009AA888 push 7C81C094 inegcurr
009AA8AE push 7C81C1DC smongrouping
009AA8D6 push 7C81C134 smondecimalsep
009AA92C push 7C81C188 smonthousandsep
009AA983 push 7C81C080 scurrency
009AAC6F mov esi, 7C87BDFC addhijridate
009AAC7E mov esi, 7C87BDD8 addhijridatetemp
009AAC8F push 7C82A398 control panel\international
009ABC7B push 7C81BFE4 \nls\locale\alternate sorts
009ABC80 push 7C81BF50 \registry\machine\system\currentcontrolset\control
009ABFB3 push 7C84E9A8 \nls\nlssectionlang_intl
009ABFDB push 7C87D18C \nls\nlssectionlang
009AC1D3 push 7C84E9A8 \nls\nlssectionlang_intl
009AEF59 push 7C87FF80 _
009AEF61 push 7C87FF78 ._
009C8C84 mov dword ptr [ebp-218], 77D70270 user32
009CE655 push 77D12E6C \windows
009CE74F push 77D12950 \windows\windowstations
009CE902 mov dword ptr [ebp-8], 77D12E58 ddemlmom
009CE94A mov dword ptr [ebp-38], 77D12E48 ddemlansiclientddemlmom
009CE981 mov dword ptr [ebp-8], 77D12E20 ddemlunicodeclient
009CE9B8 mov dword ptr [ebp-38], 77D12E10 ddemlansiserverddemlunicodeclient
009CE9EF mov dword ptr [ebp-8], 77D12DE8 ddemlunicodeserver
009CEB79 push 77D12BB8 \registry\machine\software\microsoft\windows nt\currentversion\windows
009CEBB7 push 77D12C48 appinit_dlls
009CEC4D push 77D12B08 \registry\machine\system\currentcontrolset\control\error message instrument\
009CF841 mov edi, 77D70270 user32
009CFCEA push 77D119C8 ...
009D1775 mov eax, 77D703D8 (
009D2A44 push 77D11A88 .com
009D2A57 push 77D11A7C .bat
009D2A6A push 77D11A70 .cmd
009D2A7D push 77D11A64 .pif
009D2A90 push 77D11A58 .lnk
009D2AA3 push 77D11A4C .ico
009D2AB6 push 77D11A40 .exe
009D445E push 77D11B78 ms shell dlg
009D47BB push 77D11B58 ms shell dlg 2
009D6A9C mov dword ptr [ebp-26C], 77D70270 user32
009D730A push 77D12074 setupapi.dll
009D73C2 push 77D12074 setupapi.dll
009D7C45 push 77D124A8 lastsweeptime
009D7D19 push 77D12870 \registry\machine\software\microsoft\windows nt\currentversion\type 1 installer\lasttype1sweep
009D7D1E push 77D12678 \registry\machine\software\microsoft\windows nt\currentversion\type 1 installer\type 1 fonts
009D7D4F push 77D12380 \registry\machine\software\microsoft\windows nt\currentversion\font drivers
009D89B7 push 77D120D8 (%#p)
009D951E push 77D12288 \registry\machine\system\currentcontrolset\control\keyboard layouts\
009D95B2 push 77D12258 layout file
009D9606 push 77D12270 attributes
009D995C push 77D121B0 control panel\input method\hot keys
009D9A76 push 77D121F8 virtual key
009D9A83 push 77D12210 key modifiers
009D9A92 push 77D1222C target ime
009D9D82 push 77D125A0 keyboard layout\preload
009D9DD0 push 77D125D0 1
009DA2FF push 77D12864 %d
009DA30D push 77D1283C keyboardlayout.ini
009DA321 push 77D12814 preload
009DA352 push 77D1283C keyboardlayout.ini
009DA35F push 77D12824 substitutes
009DA481 push 77D12864 %d
009DA48F push 77D1283C keyboardlayout.ini
009DA4A3 push 77D12814 preload
009DA73B push 77D12F78 .bmp
009DB28A push 77D12364 \system32\
009DB298 push 77D1234C $winnt$.inf
009DB2B3 push 77D12344 no
009DB2B8 push 77D12328 win31upgrade
009DB2BD push 77D1231C data
009DB2CC push 77D12314 yes
009DB3B1 push 77D125D8 \registry\machine\software\microsoft\windows nt\currentversion\lastfontsweep
009DB3B6 push 77D12418 \registry\machine\software\microsoft\windows nt\currentversion\fonts
009DB3C7 push 77D12870 \registry\machine\software\microsoft\windows nt\currentversion\type 1 installer\lasttype1sweep
009DB3CC push 77D12678 \registry\machine\software\microsoft\windows nt\currentversion\type 1 installer\type 1 fonts
009DB44F push 77D13248 (truetype)
009DB464 push 77D1338C .fot
009DB5CA push 77D124A8 lastsweeptime
009DB66F push 77D12738 \registry\machine\software\microsoft\windows nt\currentversion\type 1 installer\upgraded type1
009DB6B4 mov edi, 77D127F8 upgradedtype1
009DB752 push 77D12678 \registry\machine\software\microsoft\windows nt\currentversion\type 1 installer\type 1 fonts
009DD6D2 mov edi, 77D701C0 d
009DD819 push 77D12940 display
009DDC0A push 77D701C0 d
009E67AB push 77D11C34 0
009EA2DF push 77D11C34 0
009EA4D3 push 77D11C34 0
009EC06B mov eax, 77D70038 k杏w
009EC334 push 77D11A3C o
009EC34A push 77D11A38 p
009EC994 push 77D12060 imm32.dll
009ECF79 mov dword ptr [ebp-4], 77D11BC8 nmlkji
009ED111 mov dword ptr [ebp-4], 77D11BD8 gfedcb
009ED870 mov esi, 77D11A28 marlett
009EE26D push 77D12934 - [
009EE2A0 push 77D12930 ]
009F032F push 77D12E84 x
009F0345 push 77D12E80 y
009F1D8C mov eax, 77D70950 (
009F2269 mov dword ptr [ebp+8], 77D70270 user32
009F4AB5 push 77D12ED4 edit
009F5386 push 77D11C34 0
009F53AA push 77D11C34 0
009F7C8D push 77D70A10 pb040
009F835E push 77D13224 00000409
009F8378 push 77D13224 00000409
009F839A push 77D12F58 keyboard layout
009F83E0 push 77D13224 00000409
009F83F5 push 77D12F48 active
009F8462 push 77D12F34 e0010411
009F846F push 77D12F20 e0010412
009F847D push 77D12814 preload
009F84C8 push 77D125D0 1
009F84F6 push 77D12F48 active
009F8518 push 77D13224 00000409
009F89C7 push 77D13214 %8.8lx
009F8A13 mov esi, 77D13224 00000409
009F8B8D push 77D12F84 0
009F8BA1 push 77D12F98 p
009F8E21 push 77D13214 %8.8lx
009F8E4D mov esi, 77D12FD8 service-0x0000-0000$
009F8F94 push 77D13004 layout id
009F9005 push 77D13048 \registry\machine\system\currentcontrolset\control\keyboard layout
009F90F9 mov dword ptr [ebp-3A4], 77D13030 kbdjpn.dll
009F9114 mov dword ptr [ebp-3A4], 77D13018 kbdkor.dll
009F9144 mov dword ptr [ebp-3A4], 77D12244 kbdus.dll
009F92E5 mov eax, 77D12244 kbdus.dll
009F9327 mov esi, 77D13224 00000409
009F975B push 77D12EA0 \sessions
009F9760 push 77D12E88 %ws\%ld%ws
009F9785 push 77D12E6C \windows
009F97BD push 77D12EA0 \sessions
009F97C2 push 77D12E88 %ws\%ld%ws
009F9A55 push 77D701C0 d
009FA911 push 77D130E8 abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz
009FAC99 push 77D131C4 \
009FACFD push 77D131C4 \
009FADAF push 77D12418 \registry\machine\software\microsoft\windows nt\currentversion\fonts
009FBB4A push 77D13154 enablelogging
009FBB79 push 77D13170 logseverity
009FBBB0 push 77D13188 enabledefaultreply
009FBC45 mov esi, 77D131B0 imm32.dll
009FEA49 push 77D12180 &%d %ws
009FEA5A push 77D12EEC &%d
00A0275A push 77D121B0 control panel\input method\hot keys
00A0276F push 77D131C4 \
00A02880 push 77D121F8 virtual key
00A028A0 push 77D12210 key modifiers
00A028F0 push 77D1222C target ime
00A02E07 mov dword ptr [ebp-54], 77D70270 user32
00A04870 push 77D12288 \registry\machine\system\currentcontrolset\control\keyboard layouts\
00A04943 push 77D12288 \registry\machine\system\currentcontrolset\control\keyboard layouts\
00A049CA push 77D13300 ime file
00A04FC7 push 77D12288 \registry\machine\system\currentcontrolset\control\keyboard layouts\
00A062F4 mov dword ptr [edx], 77D709B8 $
00A0632A mov esi, 77D709B8 $
00A06BF6 push 77D13328 netdde agent
00A06BFB push 77D13314 nddeagnt
00A08312 push 77D13238 user32
00A083C1 push 77D13360 0x%x
00A0847B push 77D13360 0x%x
00A0854A push 77D13360 0x%x
00A085BE push 77D4EC80 \registry\machine\software\microsoft\windows\currentversion\reliability
00A0861A push 77D598FC shutdowndostatesnapshot
00A086C4 push 77D598E0 \snapshot.dll
00A08734 push 77D59888 state snapshot took an exception\n
00A0877B push 77D59858 shutdownstatesnapshot
00A08951 push 77D4EC80 \registry\machine\software\microsoft\windows\currentversion\reliability
00A08995 push 77D599D0 shutdownreasonui
00A0A74B push 77D1337C system
00A0A75A push 77D1336C @system
00A0F6B2 push 77D131C4 \
00A0F8B6 mov eax, 77D13248 (truetype)
00A11EBE mov esi, 77D133A0 x:\...\
00A1212B mov dword ptr [ebp-228], 77D708B0 \*
00A12135 mov dword ptr [ebp-238], 77D708A8 \*
00A12158 mov esi, 77D708B6 *
00A12446 push 77D708B6 *
00A13052 push 77D133B8 mdia
00A1432D push 77D1341C ole32.dll
00A147F3 mov edi, 77D658CC ---------------------------\n\n
00A147FB push 77D13448 %s%s\n\n%s
00A14831 push 77D1343C \n\n%s
00A14882 push 77D13430 \n\n%s
00A149DF push 77D13460 \registry\machine\system\currentcontrolset\services\eventlog\application\error instrument\
00A14A41 push 77D13518 eventmessagefile
00A14A7D push 77D13540 %systemroot%\system32\user32.dll
00A14AFF mov edi, 77D13594 %-#16p
00A14B2B push 77D13584 %-#16lx
00A14EEB push 77D135CC error instrument
00A1616A mov edi, 77D135F8 user32_readermode
00A16755 push 77D1361C userdefined
00A169C1 push 77D13238 user32
00A16A0D push 77D13678 software\microsoft\windows\currentversion\reliability
00A16A35 push 77D13638 shutdownignorepredefinedreasons
00A19810 mov esi, 77D709B8 $
00A1A165 push 77D136E4 .hlp
00A1A1C7 push 77D136F0 hh.exe
00A1A615 push 77D13700 indicdll.dll
00A1A6B1 push 77D12060 imm32.dll
00A1C5DB push 77D119C8 ...
00A1C662 mov esi, 77D119C8 ...
00A1CE23 mov eax, 77D70048 #拗w
00A1CE3A mov eax, 77D70058 :拗w
00A1CE62 mov eax, 77D70050 b拗wy拗w:拗w
00A1CE79 mov eax, 77D70054 y拗w:拗w
|
能力值:
( LV9,RANK:250 )
|
-
-
9 楼
:00000000 push ebp
:00000001 mov ebp, esp
:00000003 push FFFFFFFF
:00000005 push 00424800
:0000000A push 0040CA80
:0000000F mov eax, dword ptr fs:[00000000]
:00000015 push eax
:00000016 mov dword ptr fs:[00000000], esp
:0000001D sub esp, 00000058
:00000020 push ebx
:00000021 push esi
:00000022 push edi
:00000023 mov dword ptr [ebp-18], esp
:00000026 call 03A2248 ;=>GetVersion
:0000002B clc
:0000002C xor edx, edx
:0000002E mov dl, ah
:00000030 mov dword ptr [004310B0], edx
:00000036 mov ecx, eax
:00000038 and ecx, 000000FF
:0000003E mov dword ptr [004310AC], ecx
:00000044 shl ecx, 08
:00000047 add ecx, edx
:00000049 mov dword ptr [004310A8], ecx
:0000004F shr eax, 10
:00000052 mov dword ptr [004310A4], eax
ADDR=> 03A2248
:00000000 push 00002454
:00000005 pushfd
:00000006 pushad
:00000007 mov ecx, esp
:00000009 call 3A20C2 >GET API
:0000000E popad
:0000000F popfd
:00000010 ret
看半天,看不懂,等高手出手.....=.='
|
