-
-
[旧帖] [求助]这段代码创建了对话框后就结束进程了,为什么对话框还正常跑 0.00雪花
-
发表于: 2007-8-3 15:58
-
不知道这个程序用的什么保护方式,F9运行,OD中就进程结束了,可对话框明明运行正常,也没见有新进程创建!
程序在http://www.live-share.com/files/251613/up.zip.html ,http://www.skycn.com/soft/28330.html
高手看看.感激不尽!
00403B34 /$ 55 PUSH EBP
00403B35 |. 8BEC MOV EBP,ESP
00403B37 |. 83C4 C8 ADD ESP,-38
00403B3A |. B8 C0B94100 MOV EAX,qqup.0041B9C0
00403B3F |. 53 PUSH EBX ; (初始 cpu 选择)
00403B40 |. E8 D3CA0000 CALL qqup.00410618
00403B45 |. E8 28060100 CALL <JMP.&KERNEL32.GetCommandLineA> ; [GetCommandLineA
00403B4A |. 8BD8 MOV EBX,EAX
00403B4C |. 85DB TEST EBX,EBX
00403B4E |. 74 12 JE SHORT qqup.00403B62
00403B50 |. 8BC3 MOV EAX,EBX
00403B52 |. E8 7D010000 CALL qqup.00403CD4
00403B57 |. 53 PUSH EBX ; /Value
00403B58 |. 68 04514100 PUSH qqup.00415104 ; |sfxcmd
00403B5D |. E8 D6060100 CALL <JMP.&KERNEL32.SetEnvironmentVariab>; \SetEnvironmentVariableA
00403B62 |> 68 00040000 PUSH 400 ; /BufSize = 400 (1024.)
00403B67 |. 68 346A4100 PUSH qqup.00416A34 ; |PathBuffer = qqup.00416A34
00403B6C |. 6A 00 PUSH 0 ; |hModule = NULL
00403B6E |. E8 3B060100 CALL <JMP.&KERNEL32.GetModuleFileNameA> ; \GetModuleFileNameA
00403B73 |. 68 346A4100 PUSH qqup.00416A34 ; /Value = ""
00403B78 |. 68 0B514100 PUSH qqup.0041510B ; |sfxname
00403B7D |. E8 B6060100 CALL <JMP.&KERNEL32.SetEnvironmentVariab>; \SetEnvironmentVariableA
00403B82 |. 6A 00 PUSH 0 ; /pModule = NULL
00403B84 |. E8 2B060100 CALL <JMP.&KERNEL32.GetModuleHandleA> ; \GetModuleHandleA
00403B89 |. 8BD8 MOV EBX,EAX
00403B8B |. A3 B8B94100 MOV DWORD PTR DS:[41B9B8],EAX
00403B90 |. 6A 64 PUSH 64 ; /RsrcName = 100.
00403B92 |. 53 PUSH EBX ; |hInst
00403B93 |. E8 F2070100 CALL <JMP.&USER32.LoadIconA> ; \LoadIconA
00403B98 |. A3 346E4100 MOV DWORD PTR DS:[416E34],EAX
00403B9D |. 6A 65 PUSH 65 ; /RsrcName = 101.
00403B9F |. FF35 B8B94100 PUSH DWORD PTR DS:[41B9B8] ; |hInst = NULL
00403BA5 |. E8 D4070100 CALL <JMP.&USER32.LoadBitmapA> ; \LoadBitmapA
00403BAA |. A3 386E4100 MOV DWORD PTR DS:[416E38],EAX
00403BAF |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
00403BB2 |. E8 D91D0000 CALL qqup.00405990
00403BB7 |. BA 346A4100 MOV EDX,qqup.00416A34
00403BBC |. B8 A4B94100 MOV EAX,qqup.0041B9A4
00403BC1 |. E8 E6130000 CALL qqup.00404FAC
00403BC6 |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
00403BC9 |. E8 46090000 CALL qqup.00404514
00403BCE |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
00403BD1 |. E8 3E090000 CALL qqup.00404514
00403BD6 |. 6A 00 PUSH 0 ; /lParam = NULL
00403BD8 |. 68 85114000 PUSH qqup.00401185 ; |DlgProc = qqup.00401185
00403BDD |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20] ; |
00403BE0 |. 6A 00 PUSH 0 ; |hOwner = NULL
00403BE2 |. 8915 3C724100 MOV DWORD PTR DS:[41723C],EDX ; |
00403BE8 |. 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38] ; |
00403BEB |. 68 13514100 PUSH qqup.00415113 ; |startdlg
00403BF0 |. 53 PUSH EBX ; |hInst
00403BF1 |. 890D 40724100 MOV DWORD PTR DS:[417240],ECX ; |
00403BF7 |. E8 10070100 CALL <JMP.&USER32.DialogBoxParamA> ; \DialogBoxParamA
00403BFC |. 33C0 XOR EAX,EAX
00403BFE |. 33D2 XOR EDX,EDX
00403C00 |. A3 80614100 MOV DWORD PTR DS:[416180],EAX
00403C05 |. 8915 40724100 MOV DWORD PTR DS:[417240],EDX
00403C0B |. 8915 3C724100 MOV DWORD PTR DS:[41723C],EDX
00403C11 |. BA 02000000 MOV EDX,2
00403C16 |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
00403C19 |. E8 1A090000 CALL qqup.00404538
00403C1E |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
00403C21 |. BA 02000000 MOV EDX,2
00403C26 |. E8 0D090000 CALL qqup.00404538
00403C2B |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
00403C2E |. BA 02000000 MOV EDX,2
00403C33 |. E8 CC1D0000 CALL qqup.00405A04
00403C38 |. 803D F4584100>CMP BYTE PTR DS:[4158F4],0
00403C3F |. 74 05 JE SHORT qqup.00403C46
00403C41 |. E8 36EDFFFF CALL qqup.0040297C
00403C46 |> B8 A4694100 MOV EAX,qqup.004169A4
00403C4B |. B9 80000000 MOV ECX,80
00403C50 |. 33D2 XOR EDX,EDX
00403C52 |. E8 F1BF0000 CALL qqup.0040FC48
00403C57 |. 833D 54504100>CMP DWORD PTR DS:[415054],0
00403C5E |. 7E 0A JLE SHORT qqup.00403C6A
00403C60 |. A1 48504100 MOV EAX,DWORD PTR DS:[415048]
00403C65 |. E8 62BF0000 CALL qqup.0040FBCC
00403C6A |> FF35 346E4100 PUSH DWORD PTR DS:[416E34] ; /hObject = NULL
00403C70 |. E8 2F060100 CALL <JMP.&GDI32.DeleteObject> ; \DeleteObject
00403C75 |. A1 386E4100 MOV EAX,DWORD PTR DS:[416E38]
00403C7A |. 85C0 TEST EAX,EAX
00403C7C |. 74 06 JE SHORT qqup.00403C84
00403C7E |. 50 PUSH EAX ; /hObject => NULL
00403C7F |. E8 20060100 CALL <JMP.&GDI32.DeleteObject> ; \DeleteObject
00403C84 |> 833D 98B94100>CMP DWORD PTR DS:[41B998],0
00403C8B |. 75 18 JNZ SHORT qqup.00403CA5
00403C8D |. 833D 88614100>CMP DWORD PTR DS:[416188],0
00403C94 |. 74 0F JE SHORT qqup.00403CA5
00403C96 |. B8 98B94100 MOV EAX,qqup.0041B998
00403C9B |. BA FF000000 MOV EDX,0FF
00403CA0 |. E8 7B910000 CALL qqup.0040CE20
00403CA5 |> C705 88614100>MOV DWORD PTR DS:[416188],2
00403CAF |. A1 5C504100 MOV EAX,DWORD PTR DS:[41505C]
00403CB4 |. 85C0 TEST EAX,EAX
00403CB6 |. 74 05 JE SHORT qqup.00403CBD
00403CB8 |. E8 91ECFFFF CALL qqup.0040294E
00403CBD |> FF35 98B94100 PUSH DWORD PTR DS:[41B998] ; /ExitCode = 0
00403CC3 E8 62040100 CALL <JMP.&KERNEL32.ExitProcess>;
程序在http://www.live-share.com/files/251613/up.zip.html ,http://www.skycn.com/soft/28330.html
高手看看.感激不尽!
00403B34 /$ 55 PUSH EBP
00403B35 |. 8BEC MOV EBP,ESP
00403B37 |. 83C4 C8 ADD ESP,-38
00403B3A |. B8 C0B94100 MOV EAX,qqup.0041B9C0
00403B3F |. 53 PUSH EBX ; (初始 cpu 选择)
00403B40 |. E8 D3CA0000 CALL qqup.00410618
00403B45 |. E8 28060100 CALL <JMP.&KERNEL32.GetCommandLineA> ; [GetCommandLineA
00403B4A |. 8BD8 MOV EBX,EAX
00403B4C |. 85DB TEST EBX,EBX
00403B4E |. 74 12 JE SHORT qqup.00403B62
00403B50 |. 8BC3 MOV EAX,EBX
00403B52 |. E8 7D010000 CALL qqup.00403CD4
00403B57 |. 53 PUSH EBX ; /Value
00403B58 |. 68 04514100 PUSH qqup.00415104 ; |sfxcmd
00403B5D |. E8 D6060100 CALL <JMP.&KERNEL32.SetEnvironmentVariab>; \SetEnvironmentVariableA
00403B62 |> 68 00040000 PUSH 400 ; /BufSize = 400 (1024.)
00403B67 |. 68 346A4100 PUSH qqup.00416A34 ; |PathBuffer = qqup.00416A34
00403B6C |. 6A 00 PUSH 0 ; |hModule = NULL
00403B6E |. E8 3B060100 CALL <JMP.&KERNEL32.GetModuleFileNameA> ; \GetModuleFileNameA
00403B73 |. 68 346A4100 PUSH qqup.00416A34 ; /Value = ""
00403B78 |. 68 0B514100 PUSH qqup.0041510B ; |sfxname
00403B7D |. E8 B6060100 CALL <JMP.&KERNEL32.SetEnvironmentVariab>; \SetEnvironmentVariableA
00403B82 |. 6A 00 PUSH 0 ; /pModule = NULL
00403B84 |. E8 2B060100 CALL <JMP.&KERNEL32.GetModuleHandleA> ; \GetModuleHandleA
00403B89 |. 8BD8 MOV EBX,EAX
00403B8B |. A3 B8B94100 MOV DWORD PTR DS:[41B9B8],EAX
00403B90 |. 6A 64 PUSH 64 ; /RsrcName = 100.
00403B92 |. 53 PUSH EBX ; |hInst
00403B93 |. E8 F2070100 CALL <JMP.&USER32.LoadIconA> ; \LoadIconA
00403B98 |. A3 346E4100 MOV DWORD PTR DS:[416E34],EAX
00403B9D |. 6A 65 PUSH 65 ; /RsrcName = 101.
00403B9F |. FF35 B8B94100 PUSH DWORD PTR DS:[41B9B8] ; |hInst = NULL
00403BA5 |. E8 D4070100 CALL <JMP.&USER32.LoadBitmapA> ; \LoadBitmapA
00403BAA |. A3 386E4100 MOV DWORD PTR DS:[416E38],EAX
00403BAF |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
00403BB2 |. E8 D91D0000 CALL qqup.00405990
00403BB7 |. BA 346A4100 MOV EDX,qqup.00416A34
00403BBC |. B8 A4B94100 MOV EAX,qqup.0041B9A4
00403BC1 |. E8 E6130000 CALL qqup.00404FAC
00403BC6 |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
00403BC9 |. E8 46090000 CALL qqup.00404514
00403BCE |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
00403BD1 |. E8 3E090000 CALL qqup.00404514
00403BD6 |. 6A 00 PUSH 0 ; /lParam = NULL
00403BD8 |. 68 85114000 PUSH qqup.00401185 ; |DlgProc = qqup.00401185
00403BDD |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20] ; |
00403BE0 |. 6A 00 PUSH 0 ; |hOwner = NULL
00403BE2 |. 8915 3C724100 MOV DWORD PTR DS:[41723C],EDX ; |
00403BE8 |. 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38] ; |
00403BEB |. 68 13514100 PUSH qqup.00415113 ; |startdlg
00403BF0 |. 53 PUSH EBX ; |hInst
00403BF1 |. 890D 40724100 MOV DWORD PTR DS:[417240],ECX ; |
00403BF7 |. E8 10070100 CALL <JMP.&USER32.DialogBoxParamA> ; \DialogBoxParamA
00403BFC |. 33C0 XOR EAX,EAX
00403BFE |. 33D2 XOR EDX,EDX
00403C00 |. A3 80614100 MOV DWORD PTR DS:[416180],EAX
00403C05 |. 8915 40724100 MOV DWORD PTR DS:[417240],EDX
00403C0B |. 8915 3C724100 MOV DWORD PTR DS:[41723C],EDX
00403C11 |. BA 02000000 MOV EDX,2
00403C16 |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
00403C19 |. E8 1A090000 CALL qqup.00404538
00403C1E |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
00403C21 |. BA 02000000 MOV EDX,2
00403C26 |. E8 0D090000 CALL qqup.00404538
00403C2B |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
00403C2E |. BA 02000000 MOV EDX,2
00403C33 |. E8 CC1D0000 CALL qqup.00405A04
00403C38 |. 803D F4584100>CMP BYTE PTR DS:[4158F4],0
00403C3F |. 74 05 JE SHORT qqup.00403C46
00403C41 |. E8 36EDFFFF CALL qqup.0040297C
00403C46 |> B8 A4694100 MOV EAX,qqup.004169A4
00403C4B |. B9 80000000 MOV ECX,80
00403C50 |. 33D2 XOR EDX,EDX
00403C52 |. E8 F1BF0000 CALL qqup.0040FC48
00403C57 |. 833D 54504100>CMP DWORD PTR DS:[415054],0
00403C5E |. 7E 0A JLE SHORT qqup.00403C6A
00403C60 |. A1 48504100 MOV EAX,DWORD PTR DS:[415048]
00403C65 |. E8 62BF0000 CALL qqup.0040FBCC
00403C6A |> FF35 346E4100 PUSH DWORD PTR DS:[416E34] ; /hObject = NULL
00403C70 |. E8 2F060100 CALL <JMP.&GDI32.DeleteObject> ; \DeleteObject
00403C75 |. A1 386E4100 MOV EAX,DWORD PTR DS:[416E38]
00403C7A |. 85C0 TEST EAX,EAX
00403C7C |. 74 06 JE SHORT qqup.00403C84
00403C7E |. 50 PUSH EAX ; /hObject => NULL
00403C7F |. E8 20060100 CALL <JMP.&GDI32.DeleteObject> ; \DeleteObject
00403C84 |> 833D 98B94100>CMP DWORD PTR DS:[41B998],0
00403C8B |. 75 18 JNZ SHORT qqup.00403CA5
00403C8D |. 833D 88614100>CMP DWORD PTR DS:[416188],0
00403C94 |. 74 0F JE SHORT qqup.00403CA5
00403C96 |. B8 98B94100 MOV EAX,qqup.0041B998
00403C9B |. BA FF000000 MOV EDX,0FF
00403CA0 |. E8 7B910000 CALL qqup.0040CE20
00403CA5 |> C705 88614100>MOV DWORD PTR DS:[416188],2
00403CAF |. A1 5C504100 MOV EAX,DWORD PTR DS:[41505C]
00403CB4 |. 85C0 TEST EAX,EAX
00403CB6 |. 74 05 JE SHORT qqup.00403CBD
00403CB8 |. E8 91ECFFFF CALL qqup.0040294E
00403CBD |> FF35 98B94100 PUSH DWORD PTR DS:[41B998] ; /ExitCode = 0
00403CC3 E8 62040100 CALL <JMP.&KERNEL32.ExitProcess>;
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
|
|
|
|
|
可是进程都结束了,该进程的所有资源不是都要释放的吗,对话框应该关闭了吧!
最后一句 00403CBD |> FF35 98B94100 PUSH DWORD PTR DS:[41B998] ; /ExitCode = 0 00403CC3 E8 62040100 CALL <JMP.&KERNEL32.ExitProcess>; 执行了,可对话框没随之关闭啊,纳闷呢! 
|
|
|
|
|
|
自己顶一下
|
|
|
|
|
|
晕死了,这是个自解压程序,用winrar解压一下,n个VB程序,很容易搞定了!
 被大家笑掉大牙了!
|
