能力值:
( LV12,RANK:760 )
|
-
-
13 楼
用个bat就能搞定~~
装个hips得不偿失~~
下面的代码直接干掉了~~
唉~~
具体bin位置是xyzreg的web
http://www.xyzreg.net
/* This file has been generated by the Hex-Rays decompiler.
Copyright (c) 2007 Hex-Rays sprl <info@hex-rays.com>
Detected compiler: Visual C++
*/
#include <windows.h>
#include <defs.h>
//-------------------------------------------------------------------------
// Data declarations
extern char Name[]; // idb
extern char Str2[]; // idb
extern char s__Sedebugprivilege[]; // idb
extern char s__TJgb[]; // idb
extern char s__Wgalogon_bak[]; // idb
extern char s__Wgalogon_dll[]; // idb
extern char s__IZITVACBG[]; // idb
extern char s__LJGmVUULZg[]; // idb
extern char asc_4021DC[]; // idb
extern char s__WebWallpaperBliss_bmp[]; // idb
extern char s__XCSGbVCGVC[]; // idb
extern char s__Legitcheckcontrol_bak[]; // idb
extern char String2[]; // idb
extern char s__WgaGmTAUWgaBSV[]; // idb
extern char s__S[]; // idb
extern char pszSubKey[]; // idb
extern char Text[]; // idb
extern char Caption[]; // idb
extern HINSTANCE hInstance; // idb
//-------------------------------------------------------------------------
// Function declarations
BOOL __cdecl sub_401000();
BOOL __cdecl sub_401060();
signed int __stdcall DialogFunc(HWND a1, UINT a2, WPARAM a3, LPARAM a4); // idb
int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd); // idb
// BOOL __stdcall Process32Next(HANDLE hSnapshot, LPPROCESSENTRY32 lppe); idb
// BOOL __stdcall Process32First(HANDLE hSnapshot, LPPROCESSENTRY32 lppe); idb
// HANDLE __stdcall CreateToolhelp32Snapshot(DWORD dwFlags, DWORD th32ProcessID); idb
int __cdecl sub_4016CA();
// BOOL __stdcall LookupPrivilegeValueA(LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid); idb
// BOOL __stdcall OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle); idb
// LSTATUS __stdcall RegCloseKey(HKEY hKey); idb
// LSTATUS __stdcall RegOpenKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult); idb
// BOOL __stdcall AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength); idb
// BOOL __stdcall CreateDirectoryA(LPCSTR lpPathName, LPSECURITY_ATTRIBUTES lpSecurityAttributes); idb
// UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer, UINT uSize); idb
// BOOL __stdcall MoveFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName); idb
// BOOL __stdcall DeleteFileA(LPCSTR lpFileName); idb
// LPSTR __stdcall lstrcatA(LPSTR lpString1, LPCSTR lpString2); idb
// UINT __stdcall GetSystemDirectoryA(LPSTR lpBuffer, UINT uSize); idb
// void __stdcall ExitProcess(UINT uExitCode); idb
// HANDLE __stdcall OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId); idb
// BOOL __stdcall TerminateProcess(HANDLE hProcess, UINT uExitCode); idb
// BOOL __stdcall CloseHandle(HANDLE hObject); idb
// BOOL __stdcall SetFileAttributesA(LPCSTR lpFileName, DWORD dwFileAttributes); idb
// HANDLE __stdcall GetCurrentProcess(); idb
// int __cdecl stricmp(const char *Str1, const char *Str2); idb
// LSTATUS __stdcall SHDeleteKeyA(HKEY hkey, LPCSTR pszSubKey); idb
// BOOL __stdcall GetMessageA(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax); idb
// LRESULT __stdcall DispatchMessageA(const MSG *lpMsg); idb
// BOOL __stdcall TranslateMessage(const MSG *lpMsg); idb
// BOOL __stdcall ShowWindow(HWND hWnd, int nCmdShow); idb
// HICON __stdcall LoadIconA(HINSTANCE hInstance, LPCSTR lpIconName); idb
// LRESULT __stdcall SendMessageA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam); idb
// int __stdcall MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType); idb
// BOOL __stdcall SystemParametersInfoA(UINT uiAction, UINT uiParam, PVOID pvParam, UINT fWinIni); idb
// void __stdcall PostQuitMessage(int nExitCode); idb
// HWND __stdcall CreateDialogParamA(HINSTANCE hInstance, LPCSTR lpTemplateName, HWND hWndParent, DLGPROC lpDialogFunc, LPARAM dwInitParam); idb
// BOOL __stdcall EndDialog(HWND hDlg, INT_PTR nResult); idb
// BOOL __stdcall ExitWindowsEx(UINT uFlags, DWORD dwReason); idb
//----- (00401000) --------------------------------------------------------
BOOL __cdecl sub_401000()
{
HANDLE v1; // eax@1
void *v2; // [sp+0h] [bp-14h]@1
struct _TOKEN_PRIVILEGES NewState; // [sp+4h] [bp-10h]@1
v1 = GetCurrentProcess();
OpenProcessToken(v1, 0x20u, &v2);
NewState.PrivilegeCount = 1;
LookupPrivilegeValueA(0, "SeShutdownPrivilege", (struct _LUID *)NewState.Privileges);
NewState.Privileges[0].Attributes = 2;
AdjustTokenPrivileges(v2, 0, &NewState, 0x10u, 0, 0);
return ExitWindowsEx(6u, 0);
}
//----- (00401060) --------------------------------------------------------
BOOL __cdecl sub_401060()
{
DWORD v0; // edi@1
void *v1; // esi@1
HANDLE v3; // eax@1
HANDLE v4; // eax@1
HANDLE v5; // eax@4
HANDLE TokenHandle; // [sp+8h] [bp-13Ch]@1
struct _TOKEN_PRIVILEGES NewState; // [sp+Ch] [bp-138h]@1
PROCESSENTRY32 pe; // [sp+1Ch] [bp-128h]@1
v3 = GetCurrentProcess();
OpenProcessToken(v3, 0x28u, &TokenHandle);
LookupPrivilegeValueA(0, "SeDebugPrivilege", (struct _LUID *)NewState.Privileges);
NewState.PrivilegeCount = 1;
NewState.Privileges[0].Attributes = 2;
AdjustTokenPrivileges(TokenHandle, 0, &NewState, 0, 0, 0);
v0 = 0;
v4 = CreateToolhelp32Snapshot(2u, 0);
v1 = v4;
pe.dwSize = 296;
if ( Process32First(v4, &pe) )
{
do
{
if ( !stricmp(pe.szExeFile, "wgatray.exe") )
v0 = pe.th32ProcessID;
v5 = OpenProcess(0x1F0FFFu, 0, v0);
TerminateProcess(v5, 0);
}
while ( Process32Next(v1, &pe) );
}
return CloseHandle(v1);
}
//----- (00401140) --------------------------------------------------------
signed int __stdcall DialogFunc(HWND a1, UINT a2, WPARAM a3, LPARAM a4)
{
signed int result; // eax@6
HWND v5; // esi@12
HICON v6; // eax@9
HKEY hKey; // [sp+Ch] [bp-204h]@13
CHAR ExistingFileName; // [sp+90h] [bp-180h]@15
char v9; // [sp+91h] [bp-17Fh]@15
__int16 v10; // [sp+10Dh] [bp-103h]@15
char v11; // [sp+10Fh] [bp-101h]@15
const CHAR Buffer; // [sp+10h] [bp-200h]@15
char v13; // [sp+11h] [bp-1FFh]@15
__int16 v14; // [sp+8Dh] [bp-183h]@15
char v15; // [sp+8Fh] [bp-181h]@15
CHAR pvParam; // [sp+110h] [bp-100h]@15
char v17; // [sp+111h] [bp-FFh]@15
__int16 v18; // [sp+20Dh] [bp-3h]@15
char v19; // [sp+20Fh] [bp-1h]@15
if ( a2 > 0x110 )
{
if ( a2 != 273 )
return 0;
if ( (_WORD)a3 == 1004 )
{
v5 = a1;
if ( MessageBoxA(a1, "仅供学习研究用途\r\n\r\n确定继续清除盗版提示和黑屏?", "询问", 0x44u) == 6 )
{
if ( RegOpenKeyA(
HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon",
&hKey) )
{
MessageBoxA(
v5,
"未找到WGA特征,这表明你机器未安装WGA补丁且没有黑屏等提示信息\r\n\r\n无需修复,建议选择“免疫”\r\n\r\n但是如果你确认已经安装了反盗版WGA,存在黑屏等提示信息,请检查你是否以管理员权限运行本程序,如果没有请以管理员权限重新运行",
"提示",
0x40u);
return 1;
}
SHDeleteKeyA(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon");
RegCloseKey(hKey);
ExistingFileName = 0;
memset(&v9, 0, 0x7Cu);
v10 = 0;
v11 = 0;
Buffer = 0;
memset(&v13, 0, 0x7Cu);
v14 = 0;
v15 = 0;
GetSystemDirectoryA(&ExistingFileName, 0x80u);
GetSystemDirectoryA((LPSTR)&Buffer, 0x80u);
lstrcatA(&ExistingFileName, "\\LegitCheckControl.dll");
lstrcatA((LPSTR)&Buffer, "\\LegitCheckControl.bak");
SetFileAttributesA(&Buffer, 0x80u);
DeleteFileA(&Buffer);
MoveFileA(&ExistingFileName, &Buffer);
hKey = (HKEY)MessageBoxA(
a1,
"已清除盗版提示和限制!\r\n\r\n是否立即恢复桌面背景?\r\n\r\n立即恢复桌面背景请选是,以后手动修改请选否",
"提示",
0x44u);
pvParam = 0;
memset(&v17, 0, 0xFCu);
v18 = 0;
v19 = 0;
sub_401060();
if ( hKey == (HKEY)6 )
{
GetWindowsDirectoryA(&pvParam, 0x100u);
lstrcatA(&pvParam, "\\Web\\Wallpaper\\Bliss.bmp");
SystemParametersInfoA(0x14u, 0, &pvParam, 3u);
}
if ( MessageBoxA(a1, "已全部成功修复,是否立即重启计算机以便完全生效?", "完成", 0x44u) == 6 )
{
sub_401000();
return 1;
}
}
}
else
{
if ( (_WORD)a3 != 1007 )
{
if ( (_WORD)a3 == 2 )
ExitProcess(1u);
return 0;
}
if ( MessageBoxA(a1, "仅供学习研究用途\r\n\r\n是否确定免疫微软的反盗版补丁以防黑屏等异常现象?", "询问", 0x44u) == 6 )
{
Buffer = 0;
memset(&v13, 0, 0x7Cu);
v14 = 0;
v15 = 0;
ExistingFileName = 0;
memset(&v9, 0, 0x7Cu);
v10 = 0;
v11 = 0;
GetSystemDirectoryA((LPSTR)&Buffer, 0x80u);
GetSystemDirectoryA(&ExistingFileName, 0x80u);
lstrcatA((LPSTR)&Buffer, "\\wgalogon.dll");
lstrcatA(&ExistingFileName, "\\wgalogon.bak");
SetFileAttributesA(&ExistingFileName, 0x80u);
DeleteFileA(&ExistingFileName);
SetFileAttributesA(&Buffer, 0x80u);
MoveFileA(&Buffer, &ExistingFileName);
CreateDirectoryA(&Buffer, 0);
SetFileAttributesA(&Buffer, 1u);
MessageBoxA(a1, "免疫成功!", "完成", 0x40u);
}
}
result = 1;
}
else
{
if ( a2 != 272 )
{
if ( a2 == 2 )
{
PostQuitMessage(0);
ExitProcess(1u);
}
if ( a2 == 16 )
EndDialog(a1, 0);
return 0;
}
v6 = LoadIconA(hInstance, (LPCSTR)0x6B);
SendMessageA(a1, 0x80u, 1u, (LPARAM)v6);
result = 1;
}
return result;
}
//----- (004014C0) --------------------------------------------------------
int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
{
HWND v5; // eax@1
struct tagMSG Msg; // [sp+4h] [bp-1Ch]@1
hInstance = hInstance;
v5 = CreateDialogParamA(hInstance, (LPCSTR)0x81, 0, DialogFunc, 0);
ShowWindow(v5, 5);
while ( GetMessageA(&Msg, 0, 0, 0) )
{
TranslateMessage(&Msg);
DispatchMessageA(&Msg);
}
return Msg.wParam;
}
//----- (004016CA) --------------------------------------------------------
int __cdecl sub_4016CA()
{
return 0;
}
// ALL OK, 5 function(s) have been successfully decompiled
|