[求助]这是程序多开器按注册后,进入内存代码镜像的代码,,他在里面是怎么注册的啊?-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]这是程序多开器按注册后,进入内存代码镜像的代码,,他在里面是怎么注册的啊? 0.00雪花

发表于: 2008-1-14 15:08 3222

[旧帖] [求助]这是程序多开器按注册后,进入内存代码镜像的代码,,他在里面是怎么注册的啊? 0.00雪花

jymx

2008-1-14 15:08

3222

0041B2C2  /.  55          push ebp
0041B2C3  |.  8BEC       mov    ebp, esp
0041B2C5  |.  817D 0C 60030>cmp    dword ptr [ebp+C], 360
0041B2CC  |.  75 05       jnz    short 0041B2D3
0041B2CE  |.  6A 01       push 1
0041B2D0  |.  58          pop    eax
0041B2D1  |.  EB 1A       jmp    short 0041B2ED
0041B2D3  |>  FF75 08    push dword ptr [ebp+8]
0041B2D6  |.  E8 62FFFFFF call 0041B23D
0041B2DB  |.  FF75 14    push dword ptr [ebp+14]
0041B2DE  |.  FF75 10    push dword ptr [ebp+10]
0041B2E1  |.  FF75 0C    push dword ptr [ebp+C]
0041B2E4  |.  FF75 08    push dword ptr [ebp+8]
0041B2E7  |.  50          push eax
0041B2E8  |.  E8 68FDFFFF call 0041B055
0041B2ED  |>  5D          pop    ebp
0041B2EE  \.  C2 1000    retn 10
0041B2F1  /$  B8 C2B24100 mov    eax, 0041B2C2
0041B2F6  \.  C3          retn
0041B2F7  /$  B8 94514200 mov    eax, 00425194
0041B2FC  |.  E8 530DFFFF call 0040C054
0041B301  |.  83EC 40    sub    esp, 40
0041B304  |.  53          push ebx
0041B305  |.  56          push esi
0041B306  |.  57          push edi
0041B307  |.  8B7D 08    mov    edi, dword ptr [ebp+8]
0041B30A  |.  BE 00754200 mov    esi, 00427500                   ;  afxoldwndproc423
0041B30F  |.  8965 F0    mov    dword ptr [ebp-10], esp
0041B312  |.  56          push esi                            ; /Property => "AfxOldWndProc423"
0041B313  |.  57          push edi                            ; |hWnd
0041B314  |.  FF15 8C634200 call dword ptr [<&USER32.GetPropA>] ; \GetPropA
0041B31A  |.  8365 EC 00 and    dword ptr [ebp-14], 0
0041B31E  |.  8365 FC 00 and    dword ptr [ebp-4], 0
0041B322  |.  8945 E8    mov    dword ptr [ebp-18], eax
0041B325  |.  8B45 0C    mov    eax, dword ptr [ebp+C]
0041B328  |.  6A 01       push 1
0041B32A  |.  83E8 06    sub    eax, 6                         ;  Switch (cases 6..110)
0041B32D  |.  5B          pop    ebx
0041B32E  |.  0F84 AD000000 je    0041B3E1
0041B334  |.  83E8 1A    sub    eax, 1A
0041B337  |.  0F84 83000000 je    0041B3C0
0041B33D  |.  83E8 62    sub    eax, 62
0041B340  |.  74 5A       je    short 0041B39C
0041B342  |.  2D 8E000000 sub    eax, 8E
0041B347  |.  0F85 B2000000 jnz    0041B3FF
0041B34D  |.  57          push edi                            ;  Case 110 (WM_INITDIALOG) of switch 0041B32A
0041B34E  |.  E8 C3FEFFFF call 0041B216
0041B353  |.  8BF0       mov    esi, eax
0041B355  |.  8D45 E4    lea    eax, dword ptr [ebp-1C]
0041B358  |.  50          push eax
0041B359  |.  8D45 D0    lea    eax, dword ptr [ebp-30]
0041B35C  |.  50          push eax
0041B35D  |.  56          push esi
0041B35E  |.  E8 7FFBFFFF call 0041AEE2
0041B363  |.  FF75 14    push dword ptr [ebp+14]             ; /lParam
0041B366  |.  FF75 10    push dword ptr [ebp+10]             ; |wParam
0041B369  |.  68 10010000 push 110                            ; |Message = WM_INITDIALOG
0041B36E  |.  57          push edi                            ; |hWnd
0041B36F  |.  FF75 E8    push dword ptr [ebp-18]             ; |PrevProc
0041B372  |.  FF15 EC644200 call dword ptr [<&USER32.CallWindowPr>; \CallWindowProcA
0041B378  |.  FF75 E4    push dword ptr [ebp-1C]             ; /Arg3
0041B37B  |.  8945 EC    mov    dword ptr [ebp-14], eax       ; |
0041B37E  |.  8D45 D0    lea    eax, dword ptr [ebp-30]       ; |
0041B381  |.  50          push eax                            ; |Arg2
0041B382  |.  56          push esi                            ; |Arg1
0041B383  |.  E8 7DFBFFFF call 0041AF05                      ; \程序多开.0041AF05
0041B388  |>  8B4D F4    mov    ecx, dword ptr [ebp-C]
0041B38B  |.  8B45 EC    mov    eax, dword ptr [ebp-14]
0041B38E  |.  5F          pop    edi
0041B38F  |.  5E          pop    esi
0041B390  |.  64:890D 00000>mov    dword ptr fs:[0], ecx
0041B397  |.  5B          pop    ebx
0041B398  |.  C9          leave
0041B399  |.  C2 1000    retn 10
0041B39C  |>  FF75 E8    push dword ptr [ebp-18]             ; /NewValue; Case 82 (WM_NCDESTROY) of switch 0041B32A
0041B39F  |.  6A FC       push -4                            ; |Index = GWL_WNDPROC
0041B3A1  |.  57          push edi                            ; |hWnd
0041B3A2  |.  FF15 AC634200 call dword ptr [<&USER32.SetWindowLon>; \SetWindowLongA
0041B3A8  |.  56          push esi                            ; /Property
0041B3A9  |.  57          push edi                            ; |hWnd
0041B3AA  |.  FF15 F0644200 call dword ptr [<&USER32.RemovePropA>>; \RemovePropA
0041B3B0  |.  56          push esi                            ; /AtomName
0041B3B1  |.  FF15 94624200 call dword ptr [<&KERNEL32.GlobalFind>; \GlobalFindAtomA
0041B3B7  |.  50          push eax                            ; /Atom
0041B3B8  |.  FF15 70614200 call dword ptr [<&KERNEL32.GlobalDele>; \GlobalDeleteAtom
0041B3BE  |.  EB 3F       jmp    short 0041B3FF
0041B3C0  |>  57          push edi                            ;  Case 20 (WM_SETCURSOR) of switch 0041B32A
0041B3C1  |.  E8 50FEFFFF call 0041B216
0041B3C6  |.  8B4D 14    mov    ecx, dword ptr [ebp+14]
0041B3C9  |.  C1E9 10    shr    ecx, 10
0041B3CC  |.  51          push ecx                            ; /Arg3
0041B3CD  |.  0FBF4D 14    movsx ecx, word ptr [ebp+14]          ; |
0041B3D1  |.  51          push ecx                            ; |Arg2
0041B3D2  |.  50          push eax                            ; |Arg1
0041B3D3  |.  E8 07FCFFFF call 0041AFDF                      ; \程序多开.0041AFDF
0041B3D8  |.  33DB       xor    ebx, ebx
0041B3DA  |.  85C0       test eax, eax
0041B3DC  |.  0F94C3       sete bl
0041B3DF  |.  EB 1A       jmp    short 0041B3FB
0041B3E1  |>  FF75 14    push dword ptr [ebp+14]             ;  Case 6 (WM_ACTIVATE) of switch 0041B32A
0041B3E4  |.  E8 2DFEFFFF call 0041B216
0041B3E9  |.  57          push edi
0041B3EA  |.  8BF0       mov    esi, eax
0041B3EC  |.  E8 25FEFFFF call 0041B216
0041B3F1  |.  56          push esi
0041B3F2  |.  FF75 10    push dword ptr [ebp+10]
0041B3F5  |.  50          push eax
0041B3F6  |.  E8 83FBFFFF call 0041AF7E
0041B3FB  |>  85DB       test ebx, ebx
0041B3FD  |.^ 74 89       je    short 0041B388
0041B3FF  |>  FF75 14    push dword ptr [ebp+14]             ; /lParam; Default case of switch 0041B32A
0041B402  |.  FF75 10    push dword ptr [ebp+10]             ; |wParam
0041B405  |.  FF75 0C    push dword ptr [ebp+C]             ; |Message
0041B408  |.  57          push edi                            ; |hWnd
0041B409  |.  FF75 E8    push dword ptr [ebp-18]             ; |PrevProc
0041B40C  |.  FF15 EC644200 call dword ptr [<&USER32.CallWindowPr>; \CallWindowProcA
0041B412  |.  8945 EC    mov    dword ptr [ebp-14], eax
0041B415  \.^ E9 6EFFFFFF jmp    0041B388
0041B41A .  8B45 08    mov    eax, dword ptr [ebp+8]
0041B41D .  8945 B4    mov    dword ptr [ebp-4C], eax
0041B420 .  8B45 0C    mov    eax, dword ptr [ebp+C]
0041B423 .  8945 B8    mov    dword ptr [ebp-48], eax
0041B426 .  8B45 10    mov    eax, dword ptr [ebp+10]
0041B429 .  8945 BC    mov    dword ptr [ebp-44], eax
0041B42C .  8B45 14    mov    eax, dword ptr [ebp+14]
0041B42F .  8945 C0    mov    dword ptr [ebp-40], eax
0041B432 .  E8 6EE5FFFF call 004199A5
0041B437 .  8B10       mov    edx, dword ptr [eax]
0041B439 .  8D4D B4    lea    ecx, dword ptr [ebp-4C]
0041B43C .  51          push ecx
0041B43D .  8BC8       mov    ecx, eax
0041B43F .  FF75 E0    push dword ptr [ebp-20]
0041B442 .  FF52 6C    call dword ptr [edx+6C]
0041B445 .  8B4D E0    mov    ecx, dword ptr [ebp-20]
0041B448 .  8945 EC    mov    dword ptr [ebp-14], eax
0041B44B .  E8 35340000 call 0041E885
0041B450 .  B8 88B34100 mov    eax, 0041B388
0041B455 .  C3          retn
0041B456  /.  55          push ebp
0041B457  |.  8BEC       mov    ebp, esp
0041B459  |.  56          push esi
0041B45A  |.  57          push edi
0041B45B  |.  68 2B184200 push 0042182B
0041B460  |.  B9 14234300 mov    ecx, 00432314
0041B465  |.  E8 2D700000 call 00422497
0041B46A  |.  8B7D 0C    mov    edi, dword ptr [ebp+C]
0041B46D  |.  8BF0       mov    esi, eax
0041B46F  |.  8B46 04    mov    eax, dword ptr [esi+4]
0041B472  |.  85C0       test eax, eax
0041B474  |.  74 47       je    short 0041B4BD
0041B476  |.  81FF 35010000 cmp    edi, 135
0041B47C  |.  74 20       je    short 0041B49E
0041B47E  |.  81FF 36010000 cmp    edi, 136
0041B484  |.  74 18       je    short 0041B49E
0041B486  |.  81FF 38010000 cmp    edi, 138
0041B48C  |.  74 10       je    short 0041B49E
0041B48E  |.  81FF 37010000 cmp    edi, 137
0041B494  |.  74 08       je    short 0041B49E
0041B496  |.  81FF 34010000 cmp    edi, 134
0041B49C  |.  75 1F       jnz    short 0041B4BD
0041B49E  |>  FF76 08    push dword ptr [esi+8]             ; /Arg5
0041B4A1  |.  50          push eax                            ; |Arg4
0041B4A2  |.  8D87 CEFEFFFF lea    eax, dword ptr [edi-132]       ; |
0041B4A8  |.  50          push eax                            ; |Arg3
0041B4A9  |.  FF75 14    push dword ptr [ebp+14]             ; |Arg2
0041B4AC  |.  FF75 10    push dword ptr [ebp+10]             ; |Arg1
0041B4AF  |.  E8 33190000 call 0041CDE7                      ; \程序多开.0041CDE7
0041B4B4  |.  85C0       test eax, eax
0041B4B6  |.  74 05       je    short 0041B4BD
0041B4B8  |.  8B46 04    mov    eax, dword ptr [esi+4]
0041B4BB  |.  EB 0F       jmp    short 0041B4CC
0041B4BD  |>  FF75 14    push dword ptr [ebp+14]
0041B4C0  |.  FF75 10    push dword ptr [ebp+10]
0041B4C3  |.  57          push edi
0041B4C4  |.  FF75 08    push dword ptr [ebp+8]
0041B4C7  |.  E8 2BFEFFFF call 0041B2F7
0041B4CC  |>  5F          pop    edi
0041B4CD  |.  5E          pop    esi
0041B4CE  |.  5D          pop    ebp
0041B4CF  \.  C2 1000    retn 10
0041B4D2  /.  55          push ebp
0041B4D3  |.  8BEC       mov    ebp, esp
0041B4D5  |.  83EC 10    sub    esp, 10
0041B4D8  |.  68 C8154200 push 004215C8
0041B4DD  |.  B9 1C3D4300 mov    ecx, 00433D1C
0041B4E2  |.  E8 1B6F0000 call 00422402
0041B4E7  |.  837D 08 03 cmp    dword ptr [ebp+8], 3
0041B4EB  |.  8945 FC    mov    dword ptr [ebp-4], eax
0041B4EE  |.  74 17       je    short 0041B507
0041B4F0  |.  FF75 10    push dword ptr [ebp+10]             ; /lParam
0041B4F3  |.  FF75 0C    push dword ptr [ebp+C]             ; |wParam
0041B4F6  |.  FF75 08    push dword ptr [ebp+8]             ; |HookCode
0041B4F9  |.  FF70 2C    push dword ptr [eax+2C]             ; |hHook
0041B4FC  |.  FF15 18644200 call dword ptr [<&USER32.CallNextHook>; \CallNextHookEx
0041B502  |.  E9 BD010000 jmp    0041B6C4
0041B507  |>  8B4D 10    mov    ecx, dword ptr [ebp+10]
0041B50A  |.  53          push ebx
0041B50B  |.  56          push esi
0041B50C  |.  8B70 14    mov    esi, dword ptr [eax+14]
0041B50F  |.  57          push edi
0041B510  |.  8B39       mov    edi, dword ptr [ecx]
0041B512  |.  E8 CE660000 call 00421BE5
0041B517  |.  0FB640 14    movzx eax, byte ptr [eax+14]
0041B51B  |.  8B5D 0C    mov    ebx, dword ptr [ebp+C]
0041B51E  |.  8945 F8    mov    dword ptr [ebp-8], eax
0041B521  |.  85F6       test esi, esi
0041B523  |.  75 12       jnz    short 0041B537
0041B525  |.  F647 23 40 test byte ptr [edi+23], 40
0041B529  |.  0F85 69010000 jnz    0041B698
0041B52F  |.  85C0       test eax, eax
0041B531  |.  0F85 61010000 jnz    0041B698
0041B537  |>  833D BC424300>cmp    dword ptr [4342BC], 0
0041B53E  |.  74 4C       je    short 0041B58C
0041B540  |.  6A E6       push -1A                            ; /Index = GCL_STYLE
0041B542  |.  53          push ebx                            ; |hWnd
0041B543  |.  FF15 6C644200 call dword ptr [<&USER32.GetClassLong>; \GetClassLongA
0041B549  |.  A9 00000100 test eax, 10000
0041B54E  |.  0F85 44010000 jnz    0041B698
0041B554  |.  8B47 28    mov    eax, dword ptr [edi+28]
0041B557  |.  8BC8       mov    ecx, eax
0041B559  |.  C1E9 10    shr    ecx, 10
0041B55C  |.  66:85C9    test cx, cx
0041B55F  |.  75 17       jnz    short 0041B578
0041B561  |.  204D F0    and    byte ptr [ebp-10], cl
0041B564  |.  8D45 F0    lea    eax, dword ptr [ebp-10]
0041B567  |.  6A 05       push 5                               ; /BufSize = 5
0041B569  |.  50          push eax                            ; |Buffer
0041B56A  |.  66:8B47 28 mov    ax, word ptr [edi+28]          ; |
0041B56E  |.  50          push eax                            ; |Atom
0041B56F  |.  FF15 80624200 call dword ptr [<&KERNEL32.GlobalGetA>; \GlobalGetAtomNameA
0041B575  |.  8D45 F0    lea    eax, dword ptr [ebp-10]
0041B578  |>  68 C0764200 push 004276C0                      ; /ime
0041B57D  |.  50          push eax                            ; |String1
0041B57E  |.  FF15 78614200 call dword ptr [<&KERNEL32.lstrcmpiA>>; \lstrcmpiA
0041B584  |.  85C0       test eax, eax
0041B586  |.  0F84 0C010000 je    0041B698
0041B58C  |>  85F6       test esi, esi
0041B58E  |.  0F84 A9000000 je    0041B63D
0041B594  |.  53          push ebx
0041B595  |.  8BCE       mov    ecx, esi
0041B597  |.  E8 BFFCFFFF call 0041B25B
0041B59C  |.  8B06       mov    eax, dword ptr [esi]
0041B59E  |.  8BCE       mov    ecx, esi
0041B5A0  |.  FF50 50    call dword ptr [eax+50]
0041B5A3  |.  8B06       mov    eax, dword ptr [esi]
0041B5A5  |.  8BCE       mov    ecx, esi
0041B5A7  |.  FF90 80000000 call dword ptr [eax+80]
0041B5AD  |.  833D A4424300>cmp    dword ptr [4342A4], 0
0041B5B4  |.  8945 0C    mov    dword ptr [ebp+C], eax
0041B5B7  |.  75 61       jnz    short 0041B61A
0041B5B9  |.  837D F8 00 cmp    dword ptr [ebp-8], 0
0041B5BD  |.  75 5B       jnz    short 0041B61A
0041B5BF  |.  8B3D B8424300 mov    edi, dword ptr [4342B8]
0041B5C5  |.  85FF       test edi, edi
0041B5C7  |.  74 51       je    short 0041B61A
0041B5C9  |.  837F 20 00 cmp    dword ptr [edi+20], 0
0041B5CD  |.  74 4B       je    short 0041B61A
0041B5CF  |.  6A 00       push 0
0041B5D1  |.  6A 00       push 0
0041B5D3  |.  68 6F030000 push 36F
0041B5D8  |.  53          push ebx
0041B5D9  |.  56          push esi
0041B5DA  |.  E8 76FAFFFF call 0041B055
0041B5DF  |.  85C0       test eax, eax
0041B5E1  |.  8945 F0    mov    dword ptr [ebp-10], eax
0041B5E4  |.  74 34       je    short 0041B61A
0041B5E6  |.  E8 06FDFFFF call 0041B2F1
0041B5EB  |.  6A FC       push -4                            ; /Index = GWL_WNDPROC
0041B5ED  |.  53          push ebx                            ; |hWnd
0041B5EE  |.  8945 08    mov    dword ptr [ebp+8], eax          ; |
0041B5F1  |.  FF15 3C644200 call dword ptr [<&USER32.GetWindowLon>; \GetWindowLongA
0041B5F7  |.  FF75 F0    push dword ptr [ebp-10]
0041B5FA  |.  8BF0       mov    esi, eax
0041B5FC  |.  2B75 08    sub    esi, dword ptr [ebp+8]
0041B5FF  |.  53          push ebx
0041B600  |.  F7DE       neg    esi
0041B602  |.  1BF6       sbb    esi, esi
0041B604  |.  46          inc    esi
0041B605  |.  FF57 20    call dword ptr [edi+20]
0041B608  |.  85F6       test esi, esi
0041B60A  |.  75 28       jnz    short 0041B634
0041B60C  |.  FF75 08    push dword ptr [ebp+8]             ; /NewValue
0041B60F  |.  6A FC       push -4                            ; |Index = GWL_WNDPROC
0041B611  |.  53          push ebx                            ; |hWnd
0041B612  |.  FF15 AC634200 call dword ptr [<&USER32.SetWindowLon>; \SetWindowLongA
0041B618  |.  EB 15       jmp    short 0041B62F
0041B61A  |>  E8 D2FCFFFF call 0041B2F1
0041B61F  |.  8BF0       mov    esi, eax
0041B621  |.  56          push esi                            ; /NewValue
0041B622  |.  6A FC       push -4                            ; |Index = GWL_WNDPROC
0041B624  |.  53          push ebx                            ; |hWnd
0041B625  |.  FF15 AC634200 call dword ptr [<&USER32.SetWindowLon>; \SetWindowLongA
0041B62B  |.  3BC6       cmp    eax, esi
0041B62D  |.  74 05       je    short 0041B634
0041B62F  |>  8B4D 0C    mov    ecx, dword ptr [ebp+C]
0041B632  |.  8901       mov    dword ptr [ecx], eax
0041B634  |>  8B75 FC    mov    esi, dword ptr [ebp-4]
0041B637  |.  8366 14 00 and    dword ptr [esi+14], 0
0041B63B  |.  EB 5E       jmp    short 0041B69B
0041B63D  |>  6A FC       push -4                            ; /Index = GWL_WNDPROC
0041B63F  |.  53          push ebx                            ; |hWnd
0041B640  |.  FF15 3C644200 call dword ptr [<&USER32.GetWindowLon>; \GetWindowLongA
0041B646  |.  85C0       test eax, eax
0041B648  |.  8945 08    mov    dword ptr [ebp+8], eax
0041B64B  |.  74 4B       je    short 0041B698
0041B64D  |.  8B3D 8C634200 mov    edi, dword ptr [<&USER32.GetProp>;  USER32.GetPropA
0041B653  |.  BE 00754200 mov    esi, 00427500                   ;  afxoldwndproc423
0041B658  |.  56          push esi                            ; /Property => "AfxOldWndProc423"
0041B659  |.  53          push ebx                            ; |hWnd
0041B65A  |.  FFD7       call edi                            ; \GetPropA
0041B65C  |.  85C0       test eax, eax
0041B65E  |.  75 38       jnz    short 0041B698
0041B660  |.  FF75 08    push dword ptr [ebp+8]             ; /hData
0041B663  |.  56          push esi                            ; |Property => "AfxOldWndProc423"
0041B664  |.  53          push ebx                            ; |hWnd
0041B665  |.  FF15 68644200 call dword ptr [<&USER32.SetPropA>] ; \SetPropA
0041B66B  |.  56          push esi                            ; /Property => "AfxOldWndProc423"
0041B66C  |.  53          push ebx                            ; |hWnd
0041B66D  |.  FFD7       call edi                            ; \GetPropA
0041B66F  |.  3B45 08    cmp    eax, dword ptr [ebp+8]
0041B672  |.  75 24       jnz    short 0041B698
0041B674  |.  56          push esi                            ; /AtomName => "AfxOldWndProc423"
0041B675  |.  FF15 90624200 call dword ptr [<&KERNEL32.GlobalAddA>; \GlobalAddAtomA
0041B67B  |.  8B45 FC    mov    eax, dword ptr [ebp-4]
0041B67E  |.  8378 28 00 cmp    dword ptr [eax+28], 0
0041B682  |.  B8 56B44100 mov    eax, 0041B456
0041B687  |.  75 05       jnz    short 0041B68E
0041B689  |.  B8 F7B24100 mov    eax, 0041B2F7                   ;  入口地址
0041B68E  |>  50          push eax                            ; /NewValue
0041B68F  |.  6A FC       push -4                            ; |Index = GWL_WNDPROC
0041B691  |.  53          push ebx                            ; |hWnd
0041B692  |.  FF15 AC634200 call dword ptr [<&USER32.SetWindowLon>; \SetWindowLongA
0041B698  |>  8B75 FC    mov    esi, dword ptr [ebp-4]
0041B69B  |>  FF75 10    push dword ptr [ebp+10]             ; /lParam
0041B69E  |.  53          push ebx                            ; |wParam
0041B69F  |.  6A 03       push 3                               ; |HookCode = 3
0041B6A1  |.  FF76 2C    push dword ptr [esi+2C]             ; |hHook
0041B6A4  |.  FF15 18644200 call dword ptr [<&USER32.CallNextHook>; \CallNextHookEx
0041B6AA  |.  837D F8 00 cmp    dword ptr [ebp-8], 0
0041B6AE  |.  8BF8       mov    edi, eax
0041B6B0  |.  74 0D       je    short 0041B6BF
0041B6B2  |.  FF76 2C    push dword ptr [esi+2C]             ; /hHook
0041B6B5  |.  FF15 88634200 call dword ptr [<&USER32.UnhookWindow>; \UnhookWindowsHookEx
0041B6BB  |.  8366 2C 00 and    dword ptr [esi+2C], 0
0041B6BF  |>  8BC7       mov    eax, edi
0041B6C1  |.  5F          pop    edi
0041B6C2  |.  5E          pop    esi
0041B6C3  |.  5B          pop    ebx
0041B6C4  |>  C9          leave
0041B6C5  \.  C2 0C00    retn 0C
0041B6C8  /$  56          push esi
0041B6C9  |.  57          push edi
0041B6CA  |.  68 C8154200 push 004215C8
0041B6CF  |.  B9 1C3D4300 mov    ecx, 00433D1C
0041B6D4  |.  E8 296D0000 call 00422402
0041B6D9  |.  8BF0       mov    esi, eax
0041B6DB  |.  8B7C24 0C    mov    edi, dword ptr [esp+C]
0041B6DF  |.  397E 14    cmp    dword ptr [esi+14], edi
0041B6E2  |.  74 2B       je    short 0041B70F
0041B6E4  |.  837E 2C 00 cmp    dword ptr [esi+2C], 0
0041B6E8  |.  75 22       jnz    short 0041B70C
0041B6EA  |.  FF15 80614200 call dword ptr [<&KERNEL32.GetCurrent>; [GetCurrentThreadId
0041B6F0  |.  50          push eax                            ; /ThreadID
0041B6F1  |.  6A 00       push 0                               ; |hModule = NULL
0041B6F3  |.  68 D2B44100 push 0041B4D2                      ; |Hookproc = 程序多开.0041B4D2
0041B6F8  |.  6A 05       push 5                               ; |HookType = WH_CBT
0041B6FA  |.  FF15 2C644200 call dword ptr [<&USER32.SetWindowsHo>; \SetWindowsHookExA
0041B700  |.  85C0       test eax, eax
0041B702  |.  8946 2C    mov    dword ptr [esi+2C], eax
0041B705  |.  75 05       jnz    short 0041B70C
0041B707  |.  E8 93D8FFFF call 00418F9F
0041B70C  |>  897E 14    mov    dword ptr [esi+14], edi
0041B70F  |>  5F          pop    edi
0041B710  |.  5E          pop    esi
0041B711  \.  C2 0400    retn 4
0041B714  /$  56          push esi
0041B715  |.  68 C8154200 push 004215C8
0041B71A  |.  B9 1C3D4300 mov    ecx, 00433D1C
0041B71F  |.  E8 DE6C0000 call 00422402
0041B724  |.  8BF0       mov    esi, eax
0041B726  |.  E8 BA640000 call 00421BE5
0041B72B  |.  8078 14 00 cmp    byte ptr [eax+14], 0
0041B72F  |.  74 12       je    short 0041B743
0041B731  |.  8B46 2C    mov    eax, dword ptr [esi+2C]
0041B734  |.  85C0       test eax, eax
0041B736  |.  74 0B       je    short 0041B743
0041B738  |.  50          push eax                            ; /hHook
0041B739  |.  FF15 88634200 call dword ptr [<&USER32.UnhookWindow>; \UnhookWindowsHookEx
0041B73F  |.  8366 2C 00 and    dword ptr [esi+2C], 0
0041B743  |>  837E 14 00 cmp    dword ptr [esi+14], 0
0041B747  |.  74 08       je    short 0041B751
0041B749  |.  8366 14 00 and    dword ptr [esi+14], 0
0041B74D  |.  33C0       xor    eax, eax
0041B74F  |.  5E          pop    esi
0041B750  |.  C3          retn
0041B751  |>  6A 01       push 1
0041B753  |.  58          pop    eax
0041B754  |.  5E          pop    esi
0041B755  \.  C3          retn
0041B756  /$  55          push ebp
0041B757  |.  8BEC       mov    ebp, esp
0041B759  |.  83EC 30    sub    esp, 30
0041B75C  |.  8B45 08    mov    eax, dword ptr [ebp+8]
0041B75F  |.  56          push esi
0041B760  |.  8945 FC    mov    dword ptr [ebp-4], eax
0041B763  |.  8B45 0C    mov    eax, dword ptr [ebp+C]
0041B766  |.  8945 F8    mov    dword ptr [ebp-8], eax
0041B769  |.  8B45 10    mov    eax, dword ptr [ebp+10]
0041B76C  |.  8945 F4    mov    dword ptr [ebp-C], eax
0041B76F  |.  8B45 14    mov    eax, dword ptr [ebp+14]
0041B772  |.  8945 F0    mov    dword ptr [ebp-10], eax
0041B775  |.  8B45 18    mov    eax, dword ptr [ebp+18]
0041B778  |.  8945 EC    mov    dword ptr [ebp-14], eax
0041B77B  |.  8B45 1C    mov    eax, dword ptr [ebp+1C]
0041B77E  |.  8945 E8    mov    dword ptr [ebp-18], eax
0041B781  |.  8B45 20    mov    eax, dword ptr [ebp+20]
0041B784  |.  8945 E4    mov    dword ptr [ebp-1C], eax
0041B787  |.  8B45 24    mov    eax, dword ptr [ebp+24]
0041B78A  |.  8945 E0    mov    dword ptr [ebp-20], eax
0041B78D  |.  8B45 28    mov    eax, dword ptr [ebp+28]
0041B790  |.  8945 DC    mov    dword ptr [ebp-24], eax
0041B793  |.  8B45 2C    mov    eax, dword ptr [ebp+2C]
0041B796  |.  8BF1       mov    esi, ecx
0041B798  |.  8945 D8    mov    dword ptr [ebp-28], eax
0041B79B  |.  E8 45640000 call 00421BE5
0041B7A0  |.  8B40 08    mov    eax, dword ptr [eax+8]
0041B7A3  |.  8D4D D0    lea    ecx, dword ptr [ebp-30]
0041B7A6  |.  8945 D4    mov    dword ptr [ebp-2C], eax
0041B7A9  |.  8B45 30    mov    eax, dword ptr [ebp+30]
0041B7AC  |.  8945 D0    mov    dword ptr [ebp-30], eax
0041B7AF  |.  8B06       mov    eax, dword ptr [esi]
0041B7B1  |.  51          push ecx
0041B7B2  |.  8BCE       mov    ecx, esi
0041B7B4  |.  FF50 5C    call dword ptr [eax+5C]
0041B7B7  |.  85C0       test eax, eax
0041B7B9  |.  75 0E       jnz    short 0041B7C9
0041B7BB  |.  8B06       mov    eax, dword ptr [esi]
0041B7BD  |.  8BCE       mov    ecx, esi
0041B7BF  |.  FF90 A4000000 call dword ptr [eax+A4]
0041B7C5  |.  33C0       xor    eax, eax
0041B7C7  |.  EB 4E       jmp    short 0041B817
0041B7C9  |>  57          push edi
0041B7CA  |.  56          push esi
0041B7CB  |.  E8 F8FEFFFF call 0041B6C8
0041B7D0  |.  FF75 D0    push dword ptr [ebp-30]             ; /lParam
0041B7D3  |.  FF75 D4    push dword ptr [ebp-2C]             ; |hInst
0041B7D6  |.  FF75 D8    push dword ptr [ebp-28]             ; |hMenu
0041B7D9  |.  FF75 DC    push dword ptr [ebp-24]             ; |hParent
0041B7DC  |.  FF75 E0    push dword ptr [ebp-20]             ; |Height
0041B7DF  |.  FF75 E4    push dword ptr [ebp-1C]             ; |Width
0041B7E2  |.  FF75 E8    push dword ptr [ebp-18]             ; |Y
0041B7E5  |.  FF75 EC    push dword ptr [ebp-14]             ; |X
0041B7E8  |.  FF75 F0    push dword ptr [ebp-10]             ; |Style
0041B7EB  |.  FF75 F4    push dword ptr [ebp-C]             ; |WindowName
0041B7EE  |.  FF75 F8    push dword ptr [ebp-8]             ; |Class
0041B7F1  |.  FF75 FC    push dword ptr [ebp-4]             ; |ExtStyle
0041B7F4  |.  FF15 84634200 call dword ptr [<&USER32.CreateWindow>; \CreateWindowExA
0041B7FA  |.  8BF8       mov    edi, eax
0041B7FC  |.  E8 13FFFFFF call 0041B714
0041B801  |.  85C0       test eax, eax
0041B803  |.  75 0A       jnz    short 0041B80F
0041B805  |.  8B06       mov    eax, dword ptr [esi]
0041B807  |.  8BCE       mov    ecx, esi
0041B809  |.  FF90 A4000000 call dword ptr [eax+A4]
0041B80F  |>  33C0       xor    eax, eax
0041B811  |.  85FF       test edi, edi
0041B813  |.  0F95C0       setne al
0041B816  |.  5F          pop    edi
0041B817  |>  5E          pop    esi
0041B818  |.  C9          leave
0041B819  \.  C2 2C00    retn 2C
0041B81C .  56          push esi
0041B81D .  8B7424 08    mov    esi, dword ptr [esp+8]
0041B821 .  837E 28 00 cmp    dword ptr [esi+28], 0
0041B825 .  75 0E       jnz    short 0041B835
0041B827 .  6A 01       push 1                               ; /Arg1 = 00000001
0041B829 .  E8 3B1C0000 call 0041D469                      ; \程序多开.0041D469
0041B82E .  C746 28 14754>mov    dword ptr [esi+28], 00427514    ;  afxwnd42s
0041B835 >  6A 01       push 1
0041B837 .  58          pop    eax
0041B838 .  5E          pop    esi
0041B839 .  C2 0400    retn 4
0041B83C  /.  55          push ebp
0041B83D  |.  8BEC       mov    ebp, esp
0041B83F  |.  8B45 18    mov    eax, dword ptr [ebp+18]
0041B842  |.  56          push esi
0041B843  |.  85C0       test eax, eax
0041B845  |.  57          push edi
0041B846  |.  75 04       jnz    short 0041B84C
0041B848  |.  33FF       xor    edi, edi
0041B84A  |.  EB 03       jmp    short 0041B84F
0041B84C  |>  8B78 1C    mov    edi, dword ptr [eax+1C]
0041B84F  |>  FF75 20    push dword ptr [ebp+20]             ; /Arg11

[培训]科锐逆向工程师培训第53期2025年7月8日开班！

收藏・1

免费・0

支持

最新回复 (2)
rxzcums 雪币： 427 活跃值： (65) 能力值： ( LV6，RANK：90 ) 在线值：发帖 13 回帖 1174 粉丝 0 关注私信	rxzcums 2 2 楼晕你干什么啊？ 2008-1-14 15:21 0
WksWlj999 雪币： 246 活跃值： (28) 能力值： ( LV6，RANK：90 ) 在线值：发帖 5 回帖 59 粉丝 0 关注私信	WksWlj999 2 3 楼还是多学学crack的基础知识吧。 2008-1-16 14:47 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

jymx

发帖

回帖

RANK

关注

私信

他的文章

[求助]这是程序多开器按注册后,进入内存代码镜像的代码,,他在里面是怎么注册的啊? 3223

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
rxzcums 雪币： 427 活跃值： (65) 能力值： ( LV6，RANK：90 ) 在线值：发帖 13 回帖 1174 粉丝 0 关注私信	rxzcums 2 2 楼晕你干什么啊？ 2008-1-14 15:21 0
WksWlj999 雪币： 246 活跃值： (28) 能力值： ( LV6，RANK：90 ) 在线值：发帖 5 回帖 59 粉丝 0 关注私信	WksWlj999 2 3 楼还是多学学crack的基础知识吧。 2008-1-16 14:47 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复