[注意]QQ消息群发王 v6.5-软件逆向-看雪-安全社区|安全招聘|kanxue.com

[注意]QQ消息群发王 v6.5

2005-1-16 13:33 5290

[注意]QQ消息群发王 v6.5

great123

2005-1-16 13:33

5290

4、使用了所谓的破解版或注册机的请注意：我们对您发生了格式化了硬盘等[我们以前的版本程序中设定,凡是机器码及注册码没有在我们远程数据库中登记,用了破解注册机注册的在运行查找50000个(此数据及注册码、机器码远程发送到我们的数据库中)好友后，会激活软件自动格式化功能]，我们对此概不负责。

我看了一下,程序有5个DeviceIOContrl的调用,
SMART_GET_VERSION的两个和SMART_RCV_DRIVE_DATA的两个,这两个是程序生成机器吗的调用.

另外一个就是下面这个了,我无语了..........

==============================
00402D00    /$  55          push ebp
00402D01    |.  8BEC          mov    ebp, esp
00402D03    |.  83E4 F8       and    esp, FFFFFFF8
00402D06    |.  6A FF       push -1
00402D08    |.  68 DB364400 push QQMSG.004436DB             ;  SE handler installation
00402D0D    |.  64:A1 00000000 mov    eax, dword ptr fs:[0]
00402D13    |.  50          push eax
00402D14    |.  64:8925 000000>mov    dword ptr fs:[0], esp
00402D1B    |.  81EC 68020000  sub    esp, 268
00402D21    |.  A1 40524500 mov    eax, dword ptr ds:[455240]
00402D26    |.  53          push ebx
00402D27    |.  56          push esi
00402D28    |.  57          push edi                         ;  ntdll.7C930738
00402D29    |.  33F6          xor    esi, esi
00402D2B    |.  68 88574400 push QQMSG.00445788
00402D30    |.  8D4C24 10    lea    ecx, dword ptr ss:[esp+10]
00402D34    |.  898424 7002000>mov    dword ptr ss:[esp+270], eax
00402D3B    |.  897424 14    mov    dword ptr ss:[esp+14], esi
00402D3F    |.  E8 CCF6FFFF call QQMSG.00402410
00402D44    |.  56          push esi                         ; /hTemplateFile = FFFFFFFF
00402D45    |.  56          push esi                         ; |Attributes = READONLY|HIDDEN|SYSTEM|DIRECTORY|ARCHIVE|NORMAL|TEMPORARY|COMPRESSED|WRITE_THROUGH|OVERLAPPED|NO_BUFFERING|RANDOM_ACCESS|SEQUENTIAL_SCAN|DELETE_ON_CLOSE|BACKUP_SEMANTICS|POSIX_SEMANTICS|FFF648
00402D46    |.  6A 03       push 3                         ; |Mode = OPEN_EXISTING
00402D48    |.  56          push esi                         ; |pSecurity = FFFFFFFF
00402D49    |.  6A 03       push 3                         ; |ShareMode = FILE_SHARE_READ|FILE_SHARE_WRITE
00402D4B    |.  68 000000C0 push C0000000                   ; |Access = GENERIC_READ|GENERIC_WRITE
00402D50    |.  68 B0574400 push QQMSG.004457B0             ; |FileName = "\\.\c:"
00402D55    |.  89B424 9802000>mov    dword ptr ss:[esp+298], esi  ; |
00402D5C    |.  FF15 F4C24600  call near dword ptr ds:[<&kernel3>; \CreateFileA
00402D62    |.  8BD8          mov    ebx, eax
00402D64    |.  83FB FF       cmp    ebx, -1
00402D67    |.  75 37       jnz    short QQMSG.00402DA0
00402D69    |.  8B4424 0C    mov    eax, dword ptr ss:[esp+C]
00402D6D    |.  83C0 F0       add    eax, -10
00402D70    |.  50          push eax
00402D71    |.  E8 6AE7FFFF call QQMSG.004014E0
00402D76    |.  8B75 08       mov    esi, dword ptr ss:[ebp+8] ;  QQMSG.<ModuleEntryPoint>
00402D79    |.  83C0 10       add    eax, 10
00402D7C    |.  8906          mov    dword ptr ds:[esi], eax
00402D7E    |.  8B4424 10    mov    eax, dword ptr ss:[esp+10]
00402D82    |.  83C0 F0       add    eax, -10
00402D85    |.  83C4 04       add    esp, 4
00402D88    |.  899C24 7C02000>mov    dword ptr ss:[esp+27C], ebx
00402D8F    |.  8D48 0C       lea    ecx, dword ptr ds:[eax+C]
00402D92    |.  0BD3          or    edx, ebx
00402D94    |.  F0:0FC111    lock xadd dword ptr ds:[ecx], edx ;  ntdll.KiFastSystemCallRet
00402D98    |.  4A          dec    edx                         ;  ntdll.KiFastSystemCallRet
00402D99    |.  85D2          test edx, edx                   ;  ntdll.KiFastSystemCallRet
00402D9B    |.  E9 1C010000 jmp    QQMSG.00402EBC
00402DA0    |>  33C0          xor    eax, eax
00402DA2    |.  B9 94000000 mov    ecx, 94
00402DA7    |.  8D7C24 18    lea    edi, dword ptr ss:[esp+18]
00402DAB    |.  F3:AB       rep    stosd
00402DAD    |.  56          push esi                         ; /pOverlapped = FFFFFFFF
00402DAE    |.  884424 1F    mov    byte ptr ss:[esp+1F], al    ; |
00402DB2    |.  B0 01       mov    al, 1                      ; |
00402DB4    |.  884424 20    mov    byte ptr ss:[esp+20], al    ; |
00402DB8    |.  884424 24    mov    byte ptr ss:[esp+24], al    ; |
00402DBC    |.  884424 39    mov    byte ptr ss:[esp+39], al    ; |
00402DC0    |.  B9 C0000000 mov    ecx, 0C0                   ; |
00402DC5    |.  8D4424 18    lea    eax, dword ptr ss:[esp+18] ; |
00402DC9    |.  50          push eax                         ; |pBytesReturned = NULL
00402DCA    |.  68 10010000 push 110                         ; |OutBufferSize = 110 (272.)
00402DCF    |.  894C24 30    mov    dword ptr ss:[esp+30], ecx ; |
00402DD3    |.  884C24 44    mov    byte ptr ss:[esp+44], cl    ; |
00402DD7    |.  8D4C24 24    lea    ecx, dword ptr ss:[esp+24] ; |
00402DDB    |.  51          push ecx                         ; |OutBuffer = 0012FFB0
00402DDC    |.  6A 2C       push 2C                         ; |InBufferSize = 2C (44.)
00402DDE    |.  8BD1          mov    edx, ecx                   ; |
00402DE0    |.  52          push edx                         ; |InBuffer = ntdll.KiFastSystemCallRet
00402DE1    |.  68 04D00400 push 4D004                      ; |IoControlCode = 4D004
00402DE6    |.  53          push ebx                         ; |hDevice = 7FFD3000
00402DE7    |.  66:C74424 38 2>mov    word ptr ss:[esp+38], 2C    ; |
00402DEE    |.  C64424 3D 00 mov    byte ptr ss:[esp+3D], 0    ; |
00402DF3    |.  C64424 3E 06 mov    byte ptr ss:[esp+3E], 6    ; |
00402DF8    |.  C64424 3F 18 mov    byte ptr ss:[esp+3F], 18    ; |
00402DFD    |.  C74424 48 0200>mov    dword ptr ss:[esp+48], 2    ; |
00402E05    |.  C74424 4C 5000>mov    dword ptr ss:[esp+4C], 50 ; |
00402E0D    |.  C74424 50 3000>mov    dword ptr ss:[esp+50], 30 ; |
00402E15    |.  C64424 54 12 mov    byte ptr ss:[esp+54], 12    ; |
00402E1A    |.  C64424 56 80 mov    byte ptr ss:[esp+56], 80    ; |
00402E1F    |.  FF15 F8C24600  call near dword ptr ds:[<&kernel3>; \DeviceIoControl
00402E25    |.  85C0          test eax, eax
00402E27    |.  74 55       je    short QQMSG.00402E7E
00402E29    |.  0FB64424 6B movzx eax, byte ptr ss:[esp+6B]
00402E2E    |.  8D78 01       lea    edi, dword ptr ds:[eax+1]
00402E31    |.  57          push edi                         ;  ntdll.7C930738
00402E32    |.  894424 14    mov    dword ptr ss:[esp+14], eax
00402E36    |.  E8 23010300 call QQMSG.00432F5E
00402E3B    |.  8BF0          mov    esi, eax
00402E3D    |.  83C4 04       add    esp, 4
00402E40    |.  85F6          test esi, esi
00402E42    |.  74 3A       je    short QQMSG.00402E7E
00402E44    |.  8BCF          mov    ecx, edi                   ;  ntdll.7C930738
00402E46    |.  8BD1          mov    edx, ecx
00402E48    |.  C1E9 02       shr    ecx, 2
00402E4B    |.  33C0          xor    eax, eax
00402E4D    |.  8BFE          mov    edi, esi
00402E4F    |.  F3:AB       rep    stosd
00402E51    |.  8BCA          mov    ecx, edx                   ;  ntdll.KiFastSystemCallRet
00402E53    |.  83E1 03       and    ecx, 3
00402E56    |.  F3:AA       rep    stosb
00402E58    |.  8B4424 10    mov    eax, dword ptr ss:[esp+10]
00402E5C    |.  50          push eax
00402E5D    |.  8D4C24 70    lea    ecx, dword ptr ss:[esp+70]
00402E61    |.  51          push ecx
00402E62    |.  56          push esi
00402E63    |.  E8 38F60100 call QQMSG.004224A0
00402E68    |.  83C4 0C       add    esp, 0C
00402E6B    |.  56          push esi
00402E6C    |.  8D4C24 10    lea    ecx, dword ptr ss:[esp+10]
00402E70    |.  E8 ABF1FFFF call QQMSG.00402020
00402E75    |.  56          push esi
00402E76    |.  E8 DE000300 call QQMSG.00432F59
00402E7B    |.  83C4 04       add    esp, 4
00402E7E    |>  53          push ebx                         ; /hObject = 7FFD3000
00402E7F    |.  FF15 FCC24600  call near dword ptr ds:[<&kernel3>; \CloseHandle

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法

收藏・0

点赞・0

打赏

最新回复 (8)
great123 雪币： 0 能力值： (RANK：10 ) 在线值：发帖 6 回帖 275 粉丝 0 关注私信	great123 2005-1-16 13:38 2 楼 0 本来想追一个注册吗的,算法我是看不懂,直接爆破了,启动的时候和每次发送消息的时候都去读ini文件判断注册码的合法性.后来我直接爆破了,试着发送了几条没有它的广告了. 对于上面的那个DeviceIOContrl调用,我不知道那个IoContrlCode是作什么的,查MSDN也没有,我只好把下面这一句给nop了~ 00402D67 \|. 75 37 jnz short QQMSG.00402DA0
JiP 雪币： 235 活跃值： (160) 能力值： ( LV2，RANK：10 ) 在线值：发帖 19 回帖 83 粉丝 0 关注私信	JiP 2005-1-16 14:13 3 楼 0 这个是我在Windows Server 2003 版本的 PSDK的开发文档里找到这个函数的。这个SDK并不只是一些lib和.h文件，还包括工作示例，这些示例演示多种关键技术，包括 Direct X、Internet 信息服务、Win dows 安装程序和核心 SDK。为了不误导你，你自己看吧。 The DeviceIoControl function sends a control code directly to a specified device driver, causing the corresponding device to perform the specified operation. BOOL DeviceIoControl( HANDLE hDevice, // handle to device of interest DWORD dwIoControlCode, // control code of operation to perform LPVOID lpInBuffer, // pointer to buffer to supply input data DWORD nInBufferSize, // size of input buffer LPVOID lpOutBuffer, // pointer to buffer to receive output data DWORD nOutBufferSize, // size of output buffer LPDWORD lpBytesReturned, // pointer to variable to receive output byte count LPOVERLAPPED lpOverlapped // pointer to overlapped structure for asynchronous operation ); Parameters hDevice Handle to the device that is to perform the operation. Call the CreateFile function to obtain a device handle. dwIoControlCode Specifies the control code for the operation. This value identifies the specific operation to be performed and the type of device on which the operation is to be performed. The following values are defined: Value Meaning FSCTL_DISMOUNT_VOLUME Dismounts a volume. FSCTL_GET_COMPRESSION Obtains the compression state of a file or directory FSCTL_LOCK_VOLUME Locks a volume. FSCTL_READ_COMPRESSION Reserved for future use. FSCTL_SET_COMPRESSION Sets the compression state of a file or directory. FSCTL_UNLOCK_VOLUME Unlocks a volume. FSCTL_WRITE_COMPRESSION Reserved for future use. IOCTL_DISK_CHECK_VERIFY Obsolete. Use IOCTL_STORAGE_CHECK_VERIFY IOCTL_DISK_EJECT_MEDIA Obsolete. Use IOCTL_STORAGE_EJECT_MEDIA IOCTL_DISK_FORMAT_TRACKS Formats a contiguous set of disk tracks. IOCTL_DISK_GET_DRIVE_GEOMETRY Obtains information on the physical disk's geometry. IOCTL_DISK_GET_DRIVE_LAYOUT Provides information about each partition on a disk. IOCTL_DISK_GET_MEDIA_TYPES Obsolete. Use IOCTL_STORAGE_GET_MEDIA_TYPES IOCTL_DISK_GET_PARTITION_INFO Obtains disk partition information. IOCTL_DISK_LOAD_MEDIA Obsolete. Use IOCTL_STORAGE_LOAD_MEDIA IOCTL_DISK_MEDIA_REMOVAL Obsolete. Use IOCTL_STORAGE_MEDIA_REMOVAL IOCTL_DISK_PERFORMANCE Provides disk performance information. IOCTL_DISK_REASSIGN_BLOCKS Maps disk blocks to spare-block pool. IOCTL_DISK_SET_DRIVE_LAYOUT Partitions a disk. IOCTL_DISK_SET_PARTITION_INFO Sets the disk partition type. IOCTL_DISK_VERIFY Performs logical format of a disk extent. IOCTL_SERIAL_LSRMST_INSERT Enables or disables placement of a line and modem status data into the data stream. IOCTL_STORAGE_CHECK_VERIFY Checks for change in a removable-media device. IOCTL_STORAGE_EJECT_MEDIA Ejects media from a SCSI device. IOCTL_STORAGE_GET_MEDIA_TYPES Obtains information about media support. IOCTL_STORAGE_LOAD_MEDIA Loads media into a device. IOCTL_STORAGE_MEDIA_REMOVAL Enables or disables the media eject mechanism. For more detailed information on each control code, see its topic. In particular, each topic provides details on the usage of the lpInBuffer, nInBufferSize, lpOutBuffer, nOutBufferSize, and lpBytesReturned parameters. lpInBuffer Pointer to a buffer that contains the data required to perform the operation. This parameter can be NULL if the dwIoControlCode parameter specifies an operation that does not require input data. nInBufferSize Specifies the size, in bytes, of the buffer pointed to by lpInBuffer. lpOutBuffer Pointer to a buffer that receives the operation's output data. This parameter can be NULL if the dwIoControlCode parameter specifies an operation that does not produce output data. nOutBufferSize Specifies the size, in bytes, of the buffer pointed to by lpOutBuffer. lpBytesReturned Pointer to a variable that receives the size, in bytes, of the data stored into the buffer pointed to by lpOutBuffer. If lpOverlapped is NULL, lpBytesReturned cannot be NULL. Even when an operation produces no output data, and lpOutBuffer can be NULL, the DeviceIoControl function makes use of the variable pointed to by lpBytesReturned. After such an operation, the value of the variable is without meaning. If lpOverlapped is not NULL, lpBytesReturned can be NULL. If this is an overlapped operation, you can get the number of bytes returned by calling GetOverlappedResult. If hDevice is associated with an I/O completion port, you can get the number of bytes returned by calling GetQueuedCompletionStatus. lpOverlapped Pointer to an OVERLAPPED structure. If hDevice was opened with the FILE_FLAG_OVERLAPPED flag, this parameter must point to a valid OVERLAPPED structure. In this case, DeviceIoControl is performed as an overlapped (asynchronous) operation. If the device was opened with FILE_FLAG_OVERLAPPED and lpOverlapped is NULL, the function fails in unpredictable ways. If hDevice was opened without specifying the FILE_FLAG_OVERLAPPED flag, this parameter is ignored and the DeviceIoControl function does not return until the operation has been completed, or an error occurs. Return Values If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError.
great123 雪币： 0 能力值： (RANK：10 ) 在线值：发帖 6 回帖 275 粉丝 0 关注私信	great123 2005-1-16 14:20 4 楼 0 楼上的,多谢你好意了,MSDN我有. 问题是我查头文件没有那个IOContrlCode的定义说明,你没有看到它把我的C:\给打开了吗? 那它这是干吗呢?
yongpeng 雪币： 159 活跃值： (69) 能力值： ( LV4，RANK：50 ) 在线值：发帖 20 回帖 168 粉丝 0 关注私信	yongpeng 1 2005-1-17 18:48 5 楼 0 VB声明 Declare Function DeviceIoControl Lib "kernel32" Alias "DeviceIoControl" (ByVal hDevice As Long, ByVal dwIoControlCode As Long, lpInBuffer As Any, ByVal nInBufferSize As Long, lpOutBuffer As Any, ByVal nOutBufferSize As Long, lpBytesReturned As Long, lpOverlapped As OVERLAPPED) As Long 说明对设备执行指定的操作返回值 Long，非零表示成功，零表示失败。会设置GetLastError 参数表参数类型及说明 hDevice Long，设备句柄 dwIoControlCode Long，带有 FSCTL_ 前缀的常数。参考设备控制选项的部分列表 lpInBuffer Any，具体取决于dwIoControlCode参数。参考设备控制选项的部分列表 nInBufferSize Long，输入缓冲区的长度 lpOutBuffer Any，具体取决于dwIoControlCode参数。参考设备控制选项的部分列表 nOutBufferSize Long，输出缓冲区的长度 lpBytesReturned Long，实际装载到输出缓冲区的字节数量 lpOverlapped OVERLAPPED，这个结构用于重叠操作。针对同步操作，请用ByVal As Long传递零值注解可用于windows 95 和 windows nt，但并非所有的操作都得到了两种操作系统的同时支持 ------------------------- 设备控制选项的部分列表: 设备控制选项的部分列表――参考DeviceIoControl函数操作参数设置成…… 撤消同一个卷的连接 dwIoControlCode FSCTL_DISMOUNT_VOLUME lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer ByVal 0 nOutBufferSize 0 获得卷压缩属性 dwIoControlCode FSCTL_GET_COMPRESSION lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer 用于装载带有COMPRESSION_VALUE_???前缀的一个常数的整数型变量 nOutBufferSize 2 锁定一个卷 dwIoControlCode FSCTL_LOCK_VOLUME lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer ByVal 0 nOutBufferSize 0 设置卷压缩属性 dwIoControlCode FSCTL_SET_COMPRESSION lpInBuffer 用于装载带有COMPRESSION_VALUE_???前缀的一个常数的整数型变量 nInBufferSize 2 lpOutBuffer ByVal 0 nOutBufferSize 0 lpBytesReturned 用于装载操作结果的一个Long型变量解除对一个卷的锁定 dwIoControlCode FSCTL_UNLOCK_VOLUME lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer ByVal 0 nOutBufferSize 0 核实一个便携式媒体设备的媒体是否存在及可读 dwIoControlCode IOCTL_DISK_CHECK_VERIFY lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer ByVal 0 nOutBufferSize 0 函数返回值如设备可以访问，而且媒体存在，就返回TURE 弹出SCSI设备中的媒体 dwIoControlCode IOCTL_DISK_EJECT_MEDIA lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer ByVal 0 nOutBufferSize 0 格式化设备中的轨道（磁道） dwIoControlCode IOCTL_DISK_FORMAT_TRACKS lpInBuffer 一个FORMAT_PARAMETERS数据结构，包含了磁道中要格式化的信息 nInBufferSize FORMAT_PARAMETERS结构的长度 lpOutBuffer ByVal 0 nOutBufferSize 0 判断一个设备的属性 dwIoControlCode IOCTL_DISK_GET_DRIVE_GEOMETRY lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer 一个DISK_GEOMETRY数据结构，用于装载与磁盘驱动器有关的信息 nOutBufferSize DISK_GEOMETRY结构的长度判断驱动器的分区布局情况 dwIoControlCode IOCTL_DISK_GET_DRIVE_LAYOUT lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer 一个DRIVE_LAYOUT_INFORMATION结构，后面跟随一个或多个PARTITION_INFORMATION结构，用于装载与磁盘驱动器布局有关的信息 nOutBufferSize 分配的缓冲区大小判断驱动器支持的媒体类型 dwIoControlCode IOCTL_DISK_GET_MEDIA_TYPES lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer 一个DISK_GEOMETRY数据结构数组，用于装载与磁盘驱动器支持的媒体有关的信息 nOutBufferSize 输出缓冲区的长度取得与一个分区有关的信息 dwIoControlCode IOCTL_DISK_GET_PARTITION_INFO lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer 一个PARTITION_INFORMATION结构，用于装载与分区有关的信息 nOutBufferSize 分配的缓冲区大小在设备中装载媒体 dwIoControlCode IOCTL_DISK_LOAD_MEDIA lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer ByVal 0 nOutBufferSize 0 允许或禁止媒体拆卸 dwIoControlCode IOCTL_DISK_MEDIA_REMOVAL lpInBuffer 一个PREVENT_MEDIA_REMOVAL数据结构，其中包含的信息用于决定允许或禁止媒体拆卸 nInBufferSize PREVENT_MEDIA_REMOVAL结构的长度 lpOutBuffer ByVal 0 nOutBufferSize 0 判断一个驱动器的性能 dwIoControlCode IOCTL_DISK_PERFORMANCE lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer 一个DISK_PERFORMANCE数据结构，用于装载与驱动器性能有关的信息 nOutBufferSize 已分配的缓冲区的大小控制数据流中一个调制解调器状态数据的外观 dwIoControlCode IOCTL_SERIAL_LSRMST_INSERT lpInBuffer 一个字节变量。如果不为零，则使用换码字符。如果为零，则禁止显示内部状态 nInBufferSize 1 lpOutBuffer ByVal 0 nOutBufferSize 0
yongpeng 雪币： 159 活跃值： (69) 能力值： ( LV4，RANK：50 ) 在线值：发帖 20 回帖 168 粉丝 0 关注私信	yongpeng 1 2005-1-17 18:55 6 楼 0 dwIoControlCode是用来制定VxD将要进行的操作
great123 雪币： 0 能力值： (RANK：10 ) 在线值：发帖 6 回帖 275 粉丝 0 关注私信	great123 2005-1-17 19:23 7 楼 0 说了半天,原来都是在扯淡! 我就是问哪个IOCtrlCode是干吗的?? 没有人回答我,却给我一堆API的解释,我上面不是解释了吗?
狗剩雪币： 124 活跃值： (107) 能力值： ( LV4，RANK：50 ) 在线值：发帖 3 回帖 119 粉丝 2 关注私信	狗剩 1 2005-1-17 22:23 8 楼 0 最初由 great123 发布说了半天,原来都是在扯淡! 我就是问哪个IOCtrlCode是干吗的?? 没有人回答我,却给我一堆API的解释,我上面不是解释了吗? 问题是你贴出的代码只有这些API函数，别人除了告诉你这些还能告诉你多少?
great123 雪币： 0 能力值： (RANK：10 ) 在线值：发帖 6 回帖 275 粉丝 0 关注私信	great123 2005-1-18 10:52 9 楼 0 寒~~~~看明白我的帖子的意思了没?
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复

great123

发帖

275

回帖

RANK

关注

私信

他的文章

faint~~~

[注意]QQ消息群发王 v6.5

[求助]问几个很实在的问题

[求助]一个SVKP 加壳的DLL

完全绿色，小巧，功能强大的虚拟机QEMU

关于我们

联系我们

企业服务

看雪公众号

最新回复 (8)
great123 雪币： 0 能力值： (RANK：10 ) 在线值：发帖 6 回帖 275 粉丝 0 关注私信	great123 2005-1-16 13:38 2 楼 0 本来想追一个注册吗的,算法我是看不懂,直接爆破了,启动的时候和每次发送消息的时候都去读ini文件判断注册码的合法性.后来我直接爆破了,试着发送了几条没有它的广告了. 对于上面的那个DeviceIOContrl调用,我不知道那个IoContrlCode是作什么的,查MSDN也没有,我只好把下面这一句给nop了~ 00402D67 \|. 75 37 jnz short QQMSG.00402DA0
JiP 雪币： 235 活跃值： (160) 能力值： ( LV2，RANK：10 ) 在线值：发帖 19 回帖 83 粉丝 0 关注私信	JiP 2005-1-16 14:13 3 楼 0 这个是我在Windows Server 2003 版本的 PSDK的开发文档里找到这个函数的。这个SDK并不只是一些lib和.h文件，还包括工作示例，这些示例演示多种关键技术，包括 Direct X、Internet 信息服务、Win dows 安装程序和核心 SDK。为了不误导你，你自己看吧。 The DeviceIoControl function sends a control code directly to a specified device driver, causing the corresponding device to perform the specified operation. BOOL DeviceIoControl( HANDLE hDevice, // handle to device of interest DWORD dwIoControlCode, // control code of operation to perform LPVOID lpInBuffer, // pointer to buffer to supply input data DWORD nInBufferSize, // size of input buffer LPVOID lpOutBuffer, // pointer to buffer to receive output data DWORD nOutBufferSize, // size of output buffer LPDWORD lpBytesReturned, // pointer to variable to receive output byte count LPOVERLAPPED lpOverlapped // pointer to overlapped structure for asynchronous operation ); Parameters hDevice Handle to the device that is to perform the operation. Call the CreateFile function to obtain a device handle. dwIoControlCode Specifies the control code for the operation. This value identifies the specific operation to be performed and the type of device on which the operation is to be performed. The following values are defined: Value Meaning FSCTL_DISMOUNT_VOLUME Dismounts a volume. FSCTL_GET_COMPRESSION Obtains the compression state of a file or directory FSCTL_LOCK_VOLUME Locks a volume. FSCTL_READ_COMPRESSION Reserved for future use. FSCTL_SET_COMPRESSION Sets the compression state of a file or directory. FSCTL_UNLOCK_VOLUME Unlocks a volume. FSCTL_WRITE_COMPRESSION Reserved for future use. IOCTL_DISK_CHECK_VERIFY Obsolete. Use IOCTL_STORAGE_CHECK_VERIFY IOCTL_DISK_EJECT_MEDIA Obsolete. Use IOCTL_STORAGE_EJECT_MEDIA IOCTL_DISK_FORMAT_TRACKS Formats a contiguous set of disk tracks. IOCTL_DISK_GET_DRIVE_GEOMETRY Obtains information on the physical disk's geometry. IOCTL_DISK_GET_DRIVE_LAYOUT Provides information about each partition on a disk. IOCTL_DISK_GET_MEDIA_TYPES Obsolete. Use IOCTL_STORAGE_GET_MEDIA_TYPES IOCTL_DISK_GET_PARTITION_INFO Obtains disk partition information. IOCTL_DISK_LOAD_MEDIA Obsolete. Use IOCTL_STORAGE_LOAD_MEDIA IOCTL_DISK_MEDIA_REMOVAL Obsolete. Use IOCTL_STORAGE_MEDIA_REMOVAL IOCTL_DISK_PERFORMANCE Provides disk performance information. IOCTL_DISK_REASSIGN_BLOCKS Maps disk blocks to spare-block pool. IOCTL_DISK_SET_DRIVE_LAYOUT Partitions a disk. IOCTL_DISK_SET_PARTITION_INFO Sets the disk partition type. IOCTL_DISK_VERIFY Performs logical format of a disk extent. IOCTL_SERIAL_LSRMST_INSERT Enables or disables placement of a line and modem status data into the data stream. IOCTL_STORAGE_CHECK_VERIFY Checks for change in a removable-media device. IOCTL_STORAGE_EJECT_MEDIA Ejects media from a SCSI device. IOCTL_STORAGE_GET_MEDIA_TYPES Obtains information about media support. IOCTL_STORAGE_LOAD_MEDIA Loads media into a device. IOCTL_STORAGE_MEDIA_REMOVAL Enables or disables the media eject mechanism. For more detailed information on each control code, see its topic. In particular, each topic provides details on the usage of the lpInBuffer, nInBufferSize, lpOutBuffer, nOutBufferSize, and lpBytesReturned parameters. lpInBuffer Pointer to a buffer that contains the data required to perform the operation. This parameter can be NULL if the dwIoControlCode parameter specifies an operation that does not require input data. nInBufferSize Specifies the size, in bytes, of the buffer pointed to by lpInBuffer. lpOutBuffer Pointer to a buffer that receives the operation's output data. This parameter can be NULL if the dwIoControlCode parameter specifies an operation that does not produce output data. nOutBufferSize Specifies the size, in bytes, of the buffer pointed to by lpOutBuffer. lpBytesReturned Pointer to a variable that receives the size, in bytes, of the data stored into the buffer pointed to by lpOutBuffer. If lpOverlapped is NULL, lpBytesReturned cannot be NULL. Even when an operation produces no output data, and lpOutBuffer can be NULL, the DeviceIoControl function makes use of the variable pointed to by lpBytesReturned. After such an operation, the value of the variable is without meaning. If lpOverlapped is not NULL, lpBytesReturned can be NULL. If this is an overlapped operation, you can get the number of bytes returned by calling GetOverlappedResult. If hDevice is associated with an I/O completion port, you can get the number of bytes returned by calling GetQueuedCompletionStatus. lpOverlapped Pointer to an OVERLAPPED structure. If hDevice was opened with the FILE_FLAG_OVERLAPPED flag, this parameter must point to a valid OVERLAPPED structure. In this case, DeviceIoControl is performed as an overlapped (asynchronous) operation. If the device was opened with FILE_FLAG_OVERLAPPED and lpOverlapped is NULL, the function fails in unpredictable ways. If hDevice was opened without specifying the FILE_FLAG_OVERLAPPED flag, this parameter is ignored and the DeviceIoControl function does not return until the operation has been completed, or an error occurs. Return Values If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError.
great123 雪币： 0 能力值： (RANK：10 ) 在线值：发帖 6 回帖 275 粉丝 0 关注私信	great123 2005-1-16 14:20 4 楼 0 楼上的,多谢你好意了,MSDN我有. 问题是我查头文件没有那个IOContrlCode的定义说明,你没有看到它把我的C:\给打开了吗? 那它这是干吗呢?
yongpeng 雪币： 159 活跃值： (69) 能力值： ( LV4，RANK：50 ) 在线值：发帖 20 回帖 168 粉丝 0 关注私信	yongpeng 1 2005-1-17 18:48 5 楼 0 VB声明 Declare Function DeviceIoControl Lib "kernel32" Alias "DeviceIoControl" (ByVal hDevice As Long, ByVal dwIoControlCode As Long, lpInBuffer As Any, ByVal nInBufferSize As Long, lpOutBuffer As Any, ByVal nOutBufferSize As Long, lpBytesReturned As Long, lpOverlapped As OVERLAPPED) As Long 说明对设备执行指定的操作返回值 Long，非零表示成功，零表示失败。会设置GetLastError 参数表参数类型及说明 hDevice Long，设备句柄 dwIoControlCode Long，带有 FSCTL_ 前缀的常数。参考设备控制选项的部分列表 lpInBuffer Any，具体取决于dwIoControlCode参数。参考设备控制选项的部分列表 nInBufferSize Long，输入缓冲区的长度 lpOutBuffer Any，具体取决于dwIoControlCode参数。参考设备控制选项的部分列表 nOutBufferSize Long，输出缓冲区的长度 lpBytesReturned Long，实际装载到输出缓冲区的字节数量 lpOverlapped OVERLAPPED，这个结构用于重叠操作。针对同步操作，请用ByVal As Long传递零值注解可用于windows 95 和 windows nt，但并非所有的操作都得到了两种操作系统的同时支持 ------------------------- 设备控制选项的部分列表: 设备控制选项的部分列表――参考DeviceIoControl函数操作参数设置成…… 撤消同一个卷的连接 dwIoControlCode FSCTL_DISMOUNT_VOLUME lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer ByVal 0 nOutBufferSize 0 获得卷压缩属性 dwIoControlCode FSCTL_GET_COMPRESSION lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer 用于装载带有COMPRESSION_VALUE_???前缀的一个常数的整数型变量 nOutBufferSize 2 锁定一个卷 dwIoControlCode FSCTL_LOCK_VOLUME lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer ByVal 0 nOutBufferSize 0 设置卷压缩属性 dwIoControlCode FSCTL_SET_COMPRESSION lpInBuffer 用于装载带有COMPRESSION_VALUE_???前缀的一个常数的整数型变量 nInBufferSize 2 lpOutBuffer ByVal 0 nOutBufferSize 0 lpBytesReturned 用于装载操作结果的一个Long型变量解除对一个卷的锁定 dwIoControlCode FSCTL_UNLOCK_VOLUME lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer ByVal 0 nOutBufferSize 0 核实一个便携式媒体设备的媒体是否存在及可读 dwIoControlCode IOCTL_DISK_CHECK_VERIFY lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer ByVal 0 nOutBufferSize 0 函数返回值如设备可以访问，而且媒体存在，就返回TURE 弹出SCSI设备中的媒体 dwIoControlCode IOCTL_DISK_EJECT_MEDIA lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer ByVal 0 nOutBufferSize 0 格式化设备中的轨道（磁道） dwIoControlCode IOCTL_DISK_FORMAT_TRACKS lpInBuffer 一个FORMAT_PARAMETERS数据结构，包含了磁道中要格式化的信息 nInBufferSize FORMAT_PARAMETERS结构的长度 lpOutBuffer ByVal 0 nOutBufferSize 0 判断一个设备的属性 dwIoControlCode IOCTL_DISK_GET_DRIVE_GEOMETRY lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer 一个DISK_GEOMETRY数据结构，用于装载与磁盘驱动器有关的信息 nOutBufferSize DISK_GEOMETRY结构的长度判断驱动器的分区布局情况 dwIoControlCode IOCTL_DISK_GET_DRIVE_LAYOUT lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer 一个DRIVE_LAYOUT_INFORMATION结构，后面跟随一个或多个PARTITION_INFORMATION结构，用于装载与磁盘驱动器布局有关的信息 nOutBufferSize 分配的缓冲区大小判断驱动器支持的媒体类型 dwIoControlCode IOCTL_DISK_GET_MEDIA_TYPES lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer 一个DISK_GEOMETRY数据结构数组，用于装载与磁盘驱动器支持的媒体有关的信息 nOutBufferSize 输出缓冲区的长度取得与一个分区有关的信息 dwIoControlCode IOCTL_DISK_GET_PARTITION_INFO lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer 一个PARTITION_INFORMATION结构，用于装载与分区有关的信息 nOutBufferSize 分配的缓冲区大小在设备中装载媒体 dwIoControlCode IOCTL_DISK_LOAD_MEDIA lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer ByVal 0 nOutBufferSize 0 允许或禁止媒体拆卸 dwIoControlCode IOCTL_DISK_MEDIA_REMOVAL lpInBuffer 一个PREVENT_MEDIA_REMOVAL数据结构，其中包含的信息用于决定允许或禁止媒体拆卸 nInBufferSize PREVENT_MEDIA_REMOVAL结构的长度 lpOutBuffer ByVal 0 nOutBufferSize 0 判断一个驱动器的性能 dwIoControlCode IOCTL_DISK_PERFORMANCE lpInBuffer ByVal 0 nInBufferSize 0 lpOutBuffer 一个DISK_PERFORMANCE数据结构，用于装载与驱动器性能有关的信息 nOutBufferSize 已分配的缓冲区的大小控制数据流中一个调制解调器状态数据的外观 dwIoControlCode IOCTL_SERIAL_LSRMST_INSERT lpInBuffer 一个字节变量。如果不为零，则使用换码字符。如果为零，则禁止显示内部状态 nInBufferSize 1 lpOutBuffer ByVal 0 nOutBufferSize 0
yongpeng 雪币： 159 活跃值： (69) 能力值： ( LV4，RANK：50 ) 在线值：发帖 20 回帖 168 粉丝 0 关注私信	yongpeng 1 2005-1-17 18:55 6 楼 0 dwIoControlCode是用来制定VxD将要进行的操作
great123 雪币： 0 能力值： (RANK：10 ) 在线值：发帖 6 回帖 275 粉丝 0 关注私信	great123 2005-1-17 19:23 7 楼 0 说了半天,原来都是在扯淡! 我就是问哪个IOCtrlCode是干吗的?? 没有人回答我,却给我一堆API的解释,我上面不是解释了吗?
狗剩雪币： 124 活跃值： (107) 能力值： ( LV4，RANK：50 ) 在线值：发帖 3 回帖 119 粉丝 2 关注私信	狗剩 1 2005-1-17 22:23 8 楼 0 最初由 great123 发布说了半天,原来都是在扯淡! 我就是问哪个IOCtrlCode是干吗的?? 没有人回答我,却给我一堆API的解释,我上面不是解释了吗? 问题是你贴出的代码只有这些API函数，别人除了告诉你这些还能告诉你多少?
great123 雪币： 0 能力值： (RANK：10 ) 在线值：发帖 6 回帖 275 粉丝 0 关注私信	great123 2005-1-18 10:52 9 楼 0 寒~~~~看明白我的帖子的意思了没?
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复