004478EC . E8 0F210000 call 开卡软件.00449A00
004478F1 . 85C0 test eax,eax
004478F3 E9 91000000 jmp 开卡软件.00447989
004478F8 006A 00 add byte ptr ds:[edx],ch
004478FB . 6A 01 push 1 ; |ReleaseCount = 1
004478FD . 8B0D C4014500 mov ecx,dword ptr ds:[4501C4] ; |
00447903 . 51 push ecx ; |hSemaphore => 000000A4 (窗口)
00447904 . FF15 DC104000 call dword ptr ds:[<&KERNEL32.ReleaseSem>; \ReleaseSemaphore
0044790A . 6A 30 push 30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL
0044790C . 8B55 0C mov edx,dword ptr ss:[ebp+C] ; |
0044790F . 81C2 A0000000 add edx,0A0 ; |
00447915 . 52 push edx ; |Title
00447916 . 8B45 0C mov eax,dword ptr ss:[ebp+C] ; |
00447919 . 05 B4000000 add eax,0B4 ; |
0044791E . 50 push eax ; |Text
0044791F . 6A 00 push 0 ; |hOwner = NULL
00447921 . FF15 8C114000 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA
00447927 . FF15 E0104000 call dword ptr ds:[<&KERNEL32.GetCurrent>; [GetCurrentProcessId
0044792D . 8985 7CFEFFFF mov dword ptr ss:[ebp-184],eax
00447933 . 8B8D 7CFEFFFF mov ecx,dword ptr ss:[ebp-184]
00447939 . 51 push ecx ; /ProcessId
0044793A . 6A 00 push 0 ; |Inheritable = FALSE
0044793C . 6A 01 push 1 ; |Access = TERMINATE
0044793E . FF15 E4104000 call dword ptr ds:[<&KERNEL32.OpenProces>; \OpenProcess
00447944 . 8985 78FEFFFF mov dword ptr ss:[ebp-188],eax
0044794A . 6A 00 push 0 ; /ExitCode = 0
0044794C . 8B95 78FEFFFF mov edx,dword ptr ss:[ebp-188] ; |
00447952 . 52 push edx ; |hProcess
00447953 . FF15 E8104000 call dword ptr ds:[<&KERNEL32.TerminateP>; \TerminateProcess
00447959 . 8B85 78FEFFFF mov eax,dword ptr ss:[ebp-188]
0044795F . 50 push eax ; /hObject
00447960 . FF15 EC104000 call dword ptr ds:[<&KERNEL32.CloseHandl>; \CloseHandle
00447966 . 6A FF push -1
00447968 . C785 74FEFFFF>mov dword ptr ss:[ebp-18C],0
00447972 . 8D4D F0 lea ecx,dword ptr ss:[ebp-10]
00447975 . 51 push ecx
00447976 . E8 BF350000 call 开卡软件.0044AF3A
0044797B . 83C4 08 add esp,8
0044797E . 8B85 74FEFFFF mov eax,dword ptr ss:[ebp-18C]
00447984 . E9 FF010000 jmp 开卡软件.00447B88
00447989 > 6A 00 push 0 ; /pPreviousCount = NULL
0044798B . 6A 01 push 1 ; |ReleaseCount = 1
0044798D . 8B15 C4014500 mov edx,dword ptr ds:[4501C4] ; |
00447993 . 52 push edx ; |hSemaphore => 000000A4 (窗口)
00447994 . FF15 DC104000 call dword ptr ds:[<&KERNEL32.ReleaseSem>; \ReleaseSemaphore
此处是不是检测狗的地方
[课程]FART 脱壳王!加量不加价!FART作者讲授!