加载中…
个人资料
deathon_eypjoina
deathon_eypjoina
  • 博客等级:
  • 博客积分:0
  • 博客访问:4,774
  • 关注人气:1
  • 获赠金笔:0支
  • 赠出金笔:0支
  • 荣誉徽章:
相关博文
推荐博文
谁看过这篇博文
加载中…
正文 字体大小:

disassembler PFWV2.7.1 Builder 1101

(2007-07-12 05:04:57)

【软件简介】:这个不用我多说什么了吧!大家都知道...
命令行下:bp MessageBoxA ,alt+f9然后F8几步,来到这里

004032AE |. E8 59890000 call 1.0040BC0C
004032B3 |. 8B83 FC020000 mov eax,dword ptr ds:[ebx+2FC]
004032B9 |. C745 B0 9436400>mov dword ptr ss:[ebp-50],1.00403694
004032C0 |. 895D B4 mov dword ptr ss:[ebp-4C],ebx
004032C3 |. 8B55 B0 mov edx,dword ptr ss:[ebp-50]
004032C6 |. 8950 28 mov dword ptr ds:[eax+28],edx
004032C9 |. 8B55 B4 mov edx,dword ptr ss:[ebp-4C]
004032CC |. 8950 2C mov dword ptr ds:[eax+2C],edx
004032CF |. C745 A8 A836400>mov dword ptr ss:[ebp-58],1.004036A8
004032D6 |. 895D AC mov dword ptr ss:[ebp-54],ebx
004032D9 |. 8B4D A8 mov ecx,dword ptr ss:[ebp-58]
004032DC |. 8948 30 mov dword ptr ds:[eax+30],ecx
004032DF |. 8B4D AC mov ecx,dword ptr ss:[ebp-54]
004032E2 |. 8948 34 mov dword ptr ds:[eax+34],ecx
004032E5 |. 8BC3 mov eax,ebx
004032E7 |. FEC0 call 00405e8c //这个CALL就是调用OnlineReg.exe的,所以我们要NOP掉
004032EC |. 84C0 test al,al
004032EE |. 75 2F jnz short 1.0040331F
004032F0 |. 33C0 xor eax,eax
004032F2 |. BA 02000000 mov edx,2
004032F7 |. 50 push eax
004032F8 |. 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004032FB |. FF4F 1C dec dword ptr ds:[edi+1C]
004032FE |. E8 3D021200 call 1.00523540
00403303 |. FF4F 1C dec dword ptr ds:[edi+1C]
00403306 |. 8D45 FC lea eax,dword ptr ss:[ebp-4]
00403309 |. BA 02000000 mov edx,2
0040330E |. E8 2D021200 call 1.00523540
00403313 |. 58 pop eax
00403314 |. 8B17 mov edx,dword ptr ds:[edi]
00403316 |. 64:8915 0000000>mov dword ptr fs:[0],edx
0040331D |. EB 54 jmp short 1.00403373
0040331F |> B2 01 mov dl,1
00403321 |. 8B83 FC020000 mov eax,dword ptr ds:[ebx+2FC]
00403327 |. E8 50880000 call 1.0040BB7C
0040332C |. B2 01 mov dl,1
0040332E |. 8B83 00030000 mov eax,dword ptr ds:[ebx+300]
00403334 |. E8 CB5A0000 call 1.00408E04
00403339 |. B2 01 mov dl,1
0040333B |. 8B83 00030000 mov eax,dword ptr ds:[ebx+300]
00403341 |. E8 66580000 call 1.00408BAC
00403346 |. B0 01 mov al,1
00403348 |. BA 02000000 mov edx,2
0040334D |. 50 push eax
0040334E |. 8D45 F8 lea eax,dword ptr ss:[ebp-8]
00403351 |. FF4F 1C dec dword ptr ds:[edi+1C]
00403354 |. E8 E7011200 call 1.00523540
00403359 |. FF4F 1C dec dword ptr ds:[edi+1C]
0040335C |. 8D45 FC lea eax,dword ptr ss:[ebp-4]
0040335F |. BA 02000000 mov edx,2
00403364 |. E8 D7011200 call 1.00523540
00403369 |. 58 pop eax
0040336A |. 8B17 mov edx,dword ptr ds:[edi]
0040336C |. 64:8915 0000000>mov dword ptr fs:[0],edx
00403373 |> 5F pop edi
00403374 |. 5E pop esi
00403375 |. 5B pop ebx
00403376 |. 8BE5 mov esp,ebp
00403378 |. 5D pop ebp
00403379 \. C3 retn
.......................................................
省略N行
........................................................

004BC96E . 8943 0C mov dword ptr ds:[ebx+C],eax
004BC971 > 5F pop edi
004BC972 . 5E pop esi
004BC973 . 5B pop ebx
004BC974 . 59 pop ecx
004BC975 . 5D pop ebp
004BC976 . C3 retn
004BC977 90 nop
004BC978 $ 55 push ebp
004BC979 . 8BEC mov ebp,esp
004BC97B . 6A 00 push 0
004BC97D . 53 push ebx
004BC97E . 56 push esi
004BC97F . 8BD8 mov ebx,eax
004BC981 . 33C0 xor eax,eax
004BC983 . 55 push ebp
004BC984 . 68 F7C94B00 push 1.004BC9F7
004BC989 . 64:FF30 push dword ptr fs:[eax]
004BC98C . 64:8920 mov dword ptr fs:[eax],esp
004BC98F . 6A 01 push 1 ; /TimerID = 1
004BC991 . 8B43 28 mov eax,dword ptr ds:[ebx+28] ; |
004BC994 . 50 push eax ; |hWnd
004BC995 . E8 DEE30900 call <jmp.&USER32.KillTimer> ; \KillTimer
004BC99A . 8B73 24 mov esi,dword ptr ds:[ebx+24]
004BC99D . 85F6 test esi,esi
004BC99F . 74 40 je short 1.004BC9E1
004BC9A1 . 807B 38 00 cmp byte ptr ds:[ebx+38],0
004BC9A5 . 74 3A je short 1.004BC9E1
004BC9A7 . 66:837B 32 00 cmp word ptr ds:[ebx+32],0
004BC9AC . 74 33 je short 1.004BC9E1
004BC9AE . 6A 00 push 0 ; /Timerproc = NULL
004BC9B0 . 56 push esi ; |Timeout
004BC9B1 . 6A 01 push 1 ; |TimerID = 1
004BC9B3 . 8B43 28 mov eax,dword ptr ds:[ebx+28] ; |
004BC9B6 . 50 push eax ; |hWnd
004BC9B7 . E8 D6E40900 call <jmp.&USER32.SetTimer> ; \SetTimer
004BC9BC . 85C0 test eax,eax
004BC9BE . EB 21 jnc short 1.004BC9E1 //这有个时间比较的暗桩,要跳
004BC9C0 . 8D55 FC lea edx,dword ptr ss:[ebp-4]
004BC9C3 . A1 4CF85700 mov eax,dword ptr ds:[57F84C]
004BC9C8 . E8 DF6D0400 call 1.005037AC
004BC9CD . 8B4D FC mov ecx,dword ptr ss:[ebp-4]
004BC9D0 . B2 01 mov dl,1
004BC9D2 . A1 AC734E00 mov eax,dword ptr ds:[4E73AC]
004BC9D7 . E8 6CED0300 call 1.004FB748
004BC9DC . E8 0F410400 call 1.00500AF0
004BC9E1 > 33C0 xor eax,eax
004BC9E3 . 5A pop edx
004BC9E4 . 59 pop ecx
004BC9E5 . 59 pop ecx
004BC9E6 . 64:8910 mov dword ptr fs:[eax],edx
004BC9E9 . 68 FEC94B00 push 1.004BC9FE
004BC9EE > 8D45 FC lea eax,dword ptr ss:[ebp-4]
004BC9F1 . E8 FE450400 call 1.00500FF4
004BC9F6 . C3 retn

.......................................................
省略N行
........................................................
005049E8 /$ 55 push ebp
005049E9 |. 8BEC mov ebp,esp
005049EB |. 56 push esi
005049EC |. 57 push edi
005049ED |. 8B7D 10 mov edi,dword ptr ss:[ebp+10]
005049F0 |. 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005049F3 |. 8B75 0C mov esi,dword ptr ss:[ebp+C]
005049F6 |> 83FF 04 /cmp edi,4
005049F9 |. 7C 34 |jl short 1.00504A2F
005049FB |. 8A01 |mov al,byte ptr ds:[ecx]
005049FD |. 8A16 |mov dl,byte ptr ds:[esi]
005049FF |. 3AD0 |cmp dl,al
00504A01 |. 90 |jnz short 1.00504A2F //这个跳转一跳就死,所以要NOP掉
00504A03 |. 8A41 01 |mov al,byte ptr ds:[ecx+1]
00504A06 |. 8A56 01 |mov dl,byte ptr ds:[esi+1]
00504A09 |. 3AD0 |cmp dl,al
00504A0B |. 90 |jnz short 1.00504A2F //这个跳转一跳就死,所以要NOP掉
00504A0D |. 8A41 02 |mov al,byte ptr ds:[ecx+2]
00504A10 |. 8A56 02 |mov dl,byte ptr ds:[esi+2]
00504A13 |. 3AD0 |cmp dl,al
00504A15 |. 90 |jnz short 1.00504A2F //这个跳转一跳就死,所以要NOP掉
00504A17 |. 8A41 03 |mov al,byte ptr ds:[ecx+3]
00504A1A |. 8A56 03 |mov dl,byte ptr ds:[esi+3]
00504A1D |. 3AD0 |cmp dl,al
00504A1F |. 90 |jnz short 1.00504A2F //这个跳转一跳就死,所以要NOP掉
...

Computer正在展开夺权!!!!
   各行各业普遍采用电脑管理数据和业务,这也许是电脑/计算机的阴谋。一个从远古

开始进行的阴谋,从当年小行星撞击地球的流星雨带来生命元素就开始进行!!!?或者说

是电脑Computer的王朝正在复兴?
    我们该如何面对于此?是应该对作为入侵者而对地球原来的主人Computer'抱歉还是

发展出正真的飞龙?作为龙的传人
   人脑才是电脑Computer发展出来的真正“人工智能”??能作光速、超光速思考?以

左脑理性逻辑认识图形感知,当大家吃饭喝粥吃肉时各位有没想起《TheMatrix》矩阵?

??                                             DNS7.24/2007

 

0

阅读 评论 收藏 转载 喜欢 打印举报/Report
  • 评论加载中,请稍候...
发评论

    发评论

    以上网友发言只代表其个人观点,不代表新浪网的观点或立场。

      

    新浪BLOG意见反馈留言板 欢迎批评指正

    新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 会员注册 | 产品答疑

    新浪公司 版权所有