-
-
EnCryptPE主程序第二问之IAT修复(乱序)[求助]
-
发表于:
2004-12-15 18:28
4144
-
EnCryptPE主程序第二问之IAT修复(乱序)[求助]
在脱EPE主程序时碰到困难,我得到修复后的IAT后发现都是乱序,(在ImportREC中kernel32/user32出现好几次),修复程序后无法运行。根据加密与解密2里的介绍,理论上应该可以直接修复的,不需要重新整理IAT才对啊,这样的乱序应该不影响程序对IAT的装载才对啊!!!为何不能运行呢? 都不知道错在哪里了???
看到一个帖子说EPE的主程序把jmp表也加密了,既然这样的话那么我修复记事本也不能运行的啊,但是记事本能运行,可见jmp表加密不应该影响程序的修复,这点很郁闷~~
还有simonzh2000老大写的文章最后那部分看不明白~~~
再写一段程序, 修复
7119CF60 60 PUSHAD
7119CF61 B8 50124000 MOV EAX,401250 ; // 搜索从 401250 开始
7119CF66 BA 00000101 MOV EDX,1010000 ; // 从 1010000 开始的区域取API
7119CF6B 66:8138 90E9 CMP WORD PTR DS:[EAX],0E990 ; // 90 E9 = NOP,
7119CF70 0F85 2F000000 JNZ V1200351.7119CFA5
7119CF76 8BC8 MOV ECX,EAX ; // EAX SAVE IN ECX
7119CF78 8B40 02 NOP
7119CF79 90 NOP
7119CF7A 90 NOP
7119CF7B 66:C700 FF25 MOV WORD PTR DS:[EAX],25FF ; // 改成 JMP [XXXXXXX]
7119CF80 83C0 02 ADD EAX,2
7119CF83 8BDA MOV EBX,EDX
7119CF85 81C3 00100000 ADD EBX,1000 ; // 1011000 开始区域放 IAT 地址
7119CF8B 8B1B MOV EBX,DWORD PTR DS:[EBX] ; // 取出 XXXXXXX
7119CF8D 8918 MOV DWORD PTR DS:[EAX],EBX
7119CF8F 90 NOP
7119CF90 8B02 MOV EAX,DWORD PTR DS:[EDX] ; // 取出 API
7119CF92 8903 MOV DWORD PTR DS:[EBX],EAX ; // [XXXXXXX] = API
7119CF94 90 NOP
7119CF95 90 NOP
7119CF96 90 NOP
7119CF97 90 NOP
7119CF98 90 NOP
7119CF99 90 NOP
7119CF9A 90 NOP
7119CF9B 83C2 04 ADD EDX,4
7119CF9E 8BC1 MOV EAX,ECX
7119CFA0 90 NOP
7119CFA1 90 NOP
7119CFA2 90 NOP
7119CFA3 90 NOP
7119CFA4 90 NOP
7119CFA5 83C0 04 ADD EAX,4
7119CFA8 3D 208C4300 CMP EAX,438C20
7119CFAD ^ 72 BC JB SHORT V1200351.7119CF6B
7119CFAF 61 POPAD
60 B8 50 12 40 00 BA 00 00 01 01 66 81 38 90 E9 0F 85 2F 00 00 00 8B C8 90 90 90 66 C7 00 FF 25
83 C0 02 8B DA 81 C3 00 10 00 00 8B 1B 89 18 90 8B 02 89 03 90 90 90 90 90 90 90 83 C2 04 8B C1
90 90 90 90 90 83 C0 04 3D 20 8C 43 00 72 BC 61
回到 499780 dump
IMPortRec, VA=4A8000, RVA = A8000, Size = 6B0, Get Imports 得到IAT
RVA = A9000, Fixdump
:[EAX],25FF ; // 改成 JMP [XXXXXXX]
这句话xxxxxxx什么意思???
再有jwh51老大的回贴说可以避开jmp表加密
修改方法如下(可在711A4580下硬件执行中断):
711A4580 8B37 MOV ESI, [EDI]
改为:MOV ESI,EDI
711A4594 75 07 JNZ SHORT 711A459D ; V1200351.711A459D
711A4596 66:C703 90E9 MOV WORD PTR [EBX], 0E990
711A459B EB 05 JMP SHORT 711A45A2 ; V1200351.711A45A2
711A459D 66:C703 90E8 MOV WORD PTR [EBX], 0E890
以上NOP掉
711A45C1 2BF7 SUB ESI, EDI ; Musky.005241B0
711A45C3 83EE 04 SUB ESI, 4
以上NOP掉
这样JMP表就可以恢复了,IAT仍然可以用原来的方法来恢复的.
按照上面的做法修改后程序会出错,到不了oep,那修复的jmp表又有什么用?
关于输入表乱序是否需要重新整理,有没有相关工具,(1000多个函数手动会修死人的)
乱序输入表的样子:
IMPortRec, VA=1010000, RVA = C10000, Size = 688, Get Imports 得到IAT
OEP: 00099780 IATRVA: 00C10000 IATSize: 00000688
FThunk: 00C10000 NbFunc: 000001A2
1 00C10000 kernel32.dll 001F CloseHandle
1 00C10004 kernel32.dll 0039 CreateFileA
1 00C10008 kernel32.dll 012D GetFileType
1 00C1000C kernel32.dll 012A GetFileSize
1 00C10010 kernel32.dll 016D GetStdHandle
1 00C10014 kernel32.dll 0237 RaiseException
1 00C10018 kernel32.dll 0244 ReadFile
1 00C1001C kernel32.dll 025E RtlUnwind
1 00C10020 kernel32.dll 0293 SetEndOfFile
1 00C10024 kernel32.dll 029C SetFilePointer
1 00C10028 kernel32.dll 02E2 UnhandledExceptionFilter
1 00C1002C kernel32.dll 0315 WriteFile
1 00C10030 user32.dll 0026 CharNextA
1 00C10034 kernel32.dll 0091 ExitProcess
1 00C10038 user32.dll 01C4 MessageBoxA
1 00C1003C kernel32.dll 00A4 FindClose
1 00C10040 kernel32.dll 00A8 FindFirstFileA
1 00C10044 kernel32.dll 00C8 FreeLibrary
1 00C10048 kernel32.dll 00DF GetCommandLineA
1 00C1004C kernel32.dll 0132 GetLastError
1 00C10050 kernel32.dll 0135 GetLocaleInfoA
1 00C10054 kernel32.dll 013D GetModuleFileNameA
1 00C10058 kernel32.dll 013F GetModuleHandleA
1 00C1005C kernel32.dll 0158 GetProcAddress
1 00C10060 kernel32.dll 016B GetStartupInfoA
1 00C10064 kernel32.dll 0186 GetThreadLocale
1 00C10068 kernel32.dll 01E7 LoadLibraryExA
1 00C1006C user32.dll 01B0 LoadStringA
1 00C10070 kernel32.dll 0338 lstrcpyn
1 00C10074 kernel32.dll 033B lstrlen
1 00C10078 kernel32.dll 0209 MultiByteToWideChar
1 00C1007C advapi32.dll 018C RegCloseKey
1 00C10080 advapi32.dll 01A5 RegOpenKeyExA
1 00C10084 advapi32.dll 01AF RegQueryValueExA
1 00C10088 kernel32.dll 0308 WideCharToMultiByte
1 00C1008C kernel32.dll 02FD VirtualQuery
1 00C10090 oleaut32.dll 0004 SysAllocStringLen
1 00C10094 oleaut32.dll 0005 SysReAllocStringLen
1 00C10098 oleaut32.dll 0006 SysFreeString
1 00C1009C kernel32.dll 01D2 InterlockedIncrement
1 00C100A0 kernel32.dll 01CF InterlockedDecrement
1 00C100A4 kernel32.dll 0111 GetCurrentThreadId
1 00C100A8 kernel32.dll 01EC LocalAlloc
1 00C100AC kernel32.dll 01F0 LocalFree
1 00C100B0 kernel32.dll 02F5 VirtualAlloc
1 00C100B4 kernel32.dll 02F8 VirtualFree
1 00C100B8 kernel32.dll 01CC InitializeCriticalSection
1 00C100BC kernel32.dll 0074 EnterCriticalSection
1 00C100C0 kernel32.dll 01E5 LeaveCriticalSection
1 00C100C4 kernel32.dll 005F DeleteCriticalSection
1 00C100C8 kernel32.dll 0244 ReadFile
1 00C100CC kernel32.dll 0315 WriteFile
1 00C100D0 user32.dll 011C GetKeyboardType
1 00C100D4 kernel32.dll 013F GetModuleHandleA
1 00C100D8 kernel32.dll 01EC LocalAlloc
1 00C100DC kernel32.dll 02D9 TlsGetValue
1 00C100E0 kernel32.dll 02DA TlsSetValue
1 00C100E4 advapi32.dll 018C RegCloseKey
1 00C100E8 advapi32.dll 01A5 RegOpenKeyExA
1 00C100EC advapi32.dll 01AF RegQueryValueExA
1 00C100F0 kernel32.dll 001F CloseHandle
1 00C100F4 kernel32.dll 0025 CompareStringA
1 00C100F8 kernel32.dll 002C CopyFileA
1 00C100FC kernel32.dll 0035 CreateEventA
1 00C10100 kernel32.dll 0039 CreateFileA
1 00C10104 kernel32.dll 0052 CreateThread
1 00C10108 kernel32.dll 005F DeleteCriticalSection
1 00C1010C kernel32.dll 0061 DeleteFileA
1 00C10110 kernel32.dll 0074 EnterCriticalSection
1 00C10114 kernel32.dll 0075 EnumCalendarInfoA
1 00C10118 kernel32.dll 009C FileTimeToDosDateTime
1 00C1011C kernel32.dll 009D FileTimeToLocalFileTime
1 00C10120 kernel32.dll 00A4 FindClose
1 00C10124 kernel32.dll 00A8 FindFirstFileA
1 00C10128 kernel32.dll 00B7 FindResourceA
1 00C1012C kernel32.dll 00C3 FormatMessageA
1 00C10130 kernel32.dll 00C8 FreeLibrary
1 00C10134 kernel32.dll 00CA FreeResource
1 00C10138 kernel32.dll 00CE GetACP
1 00C1013C kernel32.dll 00D4 GetCPInfo
1 00C10140 kernel32.dll 010F GetCurrentProcessId
1 00C10144 kernel32.dll 0111 GetCurrentThreadId
1 00C10148 kernel32.dll 0112 GetDateFormatA
1 00C1014C kernel32.dll 0118 GetDiskFreeSpaceA
1 00C10150 kernel32.dll 012C GetFileTime
1 00C10154 kernel32.dll 0132 GetLastError
1 00C10158 kernel32.dll 0134 GetLocalTime
1 00C1015C kernel32.dll 0135 GetLocaleInfoA
1 00C10160 kernel32.dll 013D GetModuleFileNameA
1 00C10164 kernel32.dll 013F GetModuleHandleA
1 00C10168 kernel32.dll 0158 GetProcAddress
1 00C1016C kernel32.dll 0166 GetProfileStringA
1 00C10170 kernel32.dll 016D GetStdHandle
1 00C10174 kernel32.dll 016F GetStringTypeExA
1 00C10178 kernel32.dll 0175 GetSystemDirectoryA
1 00C1017C kernel32.dll 0177 GetSystemInfo
1 00C10180 kernel32.dll 0186 GetThreadLocale
1 00C10184 kernel32.dll 018B GetTickCount
1 00C10188 kernel32.dll 0193 GetVersion
1 00C1018C kernel32.dll 0194 GetVersionExA
1 00C10190 kernel32.dll 019F GlobalAddAtomA
1 00C10194 kernel32.dll 01A1 GlobalAlloc
1 00C10198 kernel32.dll 01A3 GlobalDeleteAtom
1 00C1019C kernel32.dll 01A4 GlobalFindAtomA
1 00C101A0 kernel32.dll 01A8 GlobalFree
1 00C101A4 kernel32.dll 01AC GlobalLock
1 00C101A8 kernel32.dll 01AB GlobalHandle
1 00C101AC kernel32.dll 01AF GlobalReAlloc
1 00C101B0 kernel32.dll 01B3 GlobalUnlock
1 00C101B4 kernel32.dll 01CC InitializeCriticalSection
1 00C101B8 kernel32.dll 01E5 LeaveCriticalSection
1 00C101BC kernel32.dll 01E6 LoadLibraryA
1 00C101C0 kernel32.dll 01EB LoadResource
1 00C101C4 kernel32.dll 01F9 LockResource
1 00C101C8 kernel32.dll 01FC MapViewOfFile
1 00C101CC kernel32.dll 0208 MulDiv
1 00C101D0 kernel32.dll 0212 OpenFileMappingA
1 00C101D4 kernel32.dll 0244 ReadFile
1 00C101D8 kernel32.dll 0259 ResetEvent
1 00C101DC kernel32.dll 0293 SetEndOfFile
1 00C101E0 kernel32.dll 0296 SetErrorMode
1 00C101E4 kernel32.dll 0297 SetEvent
1 00C101E8 kernel32.dll 029C SetFilePointer
1 00C101EC kernel32.dll 029E SetFileTime
1 00C101F0 kernel32.dll 02BA SetThreadLocale
1 00C101F4 kernel32.dll 02C9 SizeofResource
1 00C101F8 kernel32.dll 02CA Sleep
1 00C101FC kernel32.dll 02E5 UnmapViewOfFile
1 00C10200 kernel32.dll 02F5 VirtualAlloc
1 00C10204 kernel32.dll 02FD VirtualQuery
1 00C10208 kernel32.dll 0304 WaitForSingleObject
1 00C1020C kernel32.dll 0315 WriteFile
1 00C10210 kernel32.dll 032F lstrcmp
1 00C10214 kernel32.dll 0335 lstrcpy
1 00C10218 version.dll 0001 GetFileVersionInfoA
1 00C1021C version.dll 0002 GetFileVersionInfoSizeA
1 00C10220 version.dll 000B VerQueryValueA
1 00C10224 gdi32.dll 0013 BitBlt
1 00C10228 gdi32.dll 0022 CopyEnhMetaFileA
1 00C1022C gdi32.dll 0026 CreateBitmap
1 00C10230 gdi32.dll 0028 CreateBrushIndirect
1 00C10234 gdi32.dll 002B CreateCompatibleBitmap
1 00C10238 gdi32.dll 002C CreateCompatibleDC
1 00C1023C gdi32.dll 002D CreateDCA
1 00C10240 gdi32.dll 0031 CreateDIBSection
1 00C10244 gdi32.dll 0032 CreateDIBitmap
1 00C10248 gdi32.dll 0039 CreateFontIndirectA
1 00C1024C gdi32.dll 003E CreateHalftonePalette
1 00C10250 gdi32.dll 0040 CreateICA
1 00C10254 gdi32.dll 0044 CreatePalette
1 00C10258 gdi32.dll 0047 CreatePenIndirect
1 00C1025C gdi32.dll 004F CreateSolidBrush
1 00C10260 gdi32.dll 0052 DeleteDC
1 00C10264 gdi32.dll 0053 DeleteEnhMetaFile
1 00C10268 gdi32.dll 0055 DeleteObject
1 00C1026C gdi32.dll 005C EndDoc
1 00C10270 gdi32.dll 005E EndPage
1 00C10274 gdi32.dll 009D ExcludeClipRect
1 00C10278 gdi32.dll 00A3 ExtTextOutA
1 00C1027C gdi32.dll 00E0 GdiFlush
1 00C10280 gdi32.dll 010E GetBitmapBits
1 00C10284 gdi32.dll 0113 GetBrushOrgEx
1 00C10288 gdi32.dll 0123 GetClipBox
1 00C1028C gdi32.dll 0128 GetCurrentPositionEx
1 00C10290 gdi32.dll 012A GetDCOrgEx
1 00C10294 gdi32.dll 012C GetDIBColorTable
1 00C10298 gdi32.dll 012D GetDIBits
1 00C1029C gdi32.dll 012E GetDeviceCaps
1 00C102A0 gdi32.dll 0134 GetEnhMetaFileBits
1 00C102A4 gdi32.dll 0137 GetEnhMetaFileHeader
1 00C102A8 gdi32.dll 0138 GetEnhMetaFilePaletteEntries
1 00C102AC gdi32.dll 0158 GetObjectA
1 00C102B0 gdi32.dll 015D GetPaletteEntries
1 00C102B4 gdi32.dll 015F GetPixel
1 00C102B8 gdi32.dll 0168 GetStockObject
1 00C102BC gdi32.dll 016C GetSystemPaletteEntries
1 00C102C0 gdi32.dll 0177 GetTextExtentPoint32A
1 00C102C4 gdi32.dll 017F GetTextMetricsA
1 00C102C8 gdi32.dll 0184 GetWinMetaFileBits
1 00C102CC gdi32.dll 0186 GetWindowOrgEx
1 00C102D0 gdi32.dll 018A IntersectClipRect
1 00C102D4 gdi32.dll 0190 LineTo
1 00C102D8 gdi32.dll 0191 MaskBlt
1 00C102DC gdi32.dll 0194 MoveToEx
1 00C102E0 gdi32.dll 01A0 PatBlt
1 00C102E4 gdi32.dll 01A3 PlayEnhMetaFile
1 00C102E8 gdi32.dll 01B1 Polyline
1 00C102EC gdi32.dll 01B6 RealizePalette
1 00C102F0 gdi32.dll 01B8 RectVisible
1 00C102F4 gdi32.dll 01B9 Rectangle
1 00C102F8 gdi32.dll 01C3 RestoreDC
1 00C102FC gdi32.dll 01CA SaveDC
1 00C10300 gdi32.dll 01D1 SelectObject
1 00C10304 gdi32.dll 01D2 SelectPalette
1 00C10308 gdi32.dll 01D3 SetAbortProc
1 00C1030C gdi32.dll 01D7 SetBkColor
1 00C10310 gdi32.dll 01D8 SetBkMode
1 00C10314 gdi32.dll 01DA SetBrushOrgEx
1 00C10318 gdi32.dll 01DF SetDIBColorTable
1 00C1031C gdi32.dll 01E3 SetEnhMetaFileBits
1 00C10320 gdi32.dll 01EC SetMapMode
1 00C10324 gdi32.dll 01F2 SetPixel
1 00C10328 gdi32.dll 01F6 SetROP2
1 00C1032C gdi32.dll 01F9 SetStretchBltMode
1 00C10330 gdi32.dll 01FD SetTextColor
1 00C10334 gdi32.dll 0200 SetViewportOrgEx
1 00C10338 gdi32.dll 0202 SetWinMetaFileBits
1 00C1033C gdi32.dll 0204 SetWindowOrgEx
1 00C10340 gdi32.dll 0206 StartDocA
1 00C10344 gdi32.dll 0209 StartPage
1 00C10348 gdi32.dll 020A StretchBlt
1 00C1034C gdi32.dll 0213 UnrealizeObject
1 00C10350 user32.dll 0001 ActivateKeyboardLayout
1 00C10354 user32.dll 0003 AdjustWindowRectEx
1 00C10358 user32.dll 0022 CharLowerA
1 00C1035C user32.dll 0008 AppendMenuA
1 00C10360 user32.dll 000D BeginPaint
1 00C10364 user32.dll 0016 CallNextHookEx
1 00C10368 user32.dll 0017 CallWindowProcA
1 00C1036C user32.dll 0023 CharLowerBuffA
1 00C10370 user32.dll 0026 CharNextA
1 00C10374 user32.dll 0031 CharUpperBuffA
1 00C10378 user32.dll 0035 CheckMenuItem
1 00C1037C user32.dll 0038 ChildWindowFromPoint
1 00C10380 user32.dll 003C ClientToScreen
1 00C10384 user32.dll 0053 CreateIcon
1 00C10388 user32.dll 0059 CreateMenu
1 00C1038C user32.dll 005A CreatePopupMenu
1 00C10390 user32.dll 005B CreateWindowExA
1 00C10394 user32.dll 0083 DefFrameProcA
1 00C10398 user32.dll 0085 DefMDIChildProcA
1 00C1039C user32.dll 0087 DefWindowProcA
1 00C103A0 user32.dll 008A DeleteMenu
1 00C103A4 user32.dll 008E DestroyCursor
1 00C103A8 user32.dll 008E DestroyCursor
1 00C103AC user32.dll 0090 DestroyMenu
1 00C103B0 user32.dll 0091 DestroyWindow
1 00C103B4 user32.dll 0098 DispatchMessageA
1 00C103B8 user32.dll 00A8 DrawEdge
1 00C103BC user32.dll 00A9 DrawFocusRect
1 00C103C0 user32.dll 00AB DrawFrameControl
1 00C103C4 user32.dll 00AC DrawIcon
1 00C103C8 user32.dll 00AD DrawIconEx
1 00C103CC user32.dll 00AE DrawMenuBar
1 00C103D0 user32.dll 00B2 DrawTextA
1 00C103D4 user32.dll 00B8 EnableMenuItem
1 00C103D8 user32.dll 00B9 EnableScrollBar
1 00C103DC user32.dll 00BA EnableWindow
1 00C103E0 user32.dll 00BE EndPaint
1 00C103E4 user32.dll 00D0 EnumThreadWindows
1 00C103E8 user32.dll 00D3 EnumWindows
1 00C103EC user32.dll 00D4 EqualRect
1 00C103F0 user32.dll 00D7 FillRect
1 00C103F4 user32.dll 00D8 FindWindowA
1 00C103F8 user32.dll 00DE FrameRect
1 00C103FC user32.dll 00E0 GetActiveWindow
1 00C10400 user32.dll 00E8 GetCapture
1 00C10404 user32.dll 00EB GetClassInfoA
1 00C10408 user32.dll 00F1 GetClassNameA
1 00C1040C user32.dll 00F4 GetClientRect
1 00C10410 user32.dll 00F6 GetClipboardData
1 00C10414 user32.dll 00FD GetCursor
1 00C10418 user32.dll 0100 GetCursorPos
1 00C1041C user32.dll 0101 GetDC
1 00C10420 user32.dll 0102 GetDCEx
1 00C10424 user32.dll 0103 GetDesktopWindow
1 00C10428 user32.dll 0106 GetDlgItem
1 00C1042C user32.dll 010B GetFocus
1 00C10430 user32.dll 010C GetForegroundWindow
1 00C10434 user32.dll 010F GetIconInfo
1 00C10438 user32.dll 0114 GetKeyNameTextA
1 00C1043C user32.dll 0116 GetKeyState
1 00C10440 user32.dll 0117 GetKeyboardLayout
1 00C10444 user32.dll 0118 GetKeyboardLayoutList
1 00C10448 user32.dll 011B GetKeyboardState
1 00C1044C user32.dll 011D GetLastActivePopup
1 00C10450 user32.dll 0120 GetMenu
1 00C10454 user32.dll 0126 GetMenuItemCount
1 00C10458 user32.dll 0127 GetMenuItemID
1 00C1045C user32.dll 0128 GetMenuItemInfoA
1 00C10460 user32.dll 012B GetMenuState
1 00C10464 user32.dll 012C GetMenuStringA
1 00C10468 user32.dll 0130 GetMessagePos
1 00C1046C user32.dll 0157 GetWindow
1 00C10470 user32.dll 0139 GetParent
1 00C10474 user32.dll 013E GetPropA
1 00C10478 user32.dll 0142 GetScrollInfo
1 00C1047C user32.dll 0143 GetScrollPos
1 00C10480 user32.dll 0144 GetScrollRange
1 00C10484 user32.dll 0146 GetSubMenu
1 00C10488 user32.dll 0147 GetSysColor
1 00C1048C user32.dll 0149 GetSystemMenu
1 00C10490 user32.dll 014A GetSystemMetrics
1 00C10494 user32.dll 0150 GetTopWindow
1 00C10498 user32.dll 0151 GetUpdateRect
1 00C1049C user32.dll 0157 GetWindow
1 00C104A0 user32.dll 0159 GetWindowDC
1 00C104A4 user32.dll 015B GetWindowLongA
1 00C104A8 user32.dll 0160 GetWindowPlacement
1 00C104AC user32.dll 0161 GetWindowRect
1 00C104B0 user32.dll 0163 GetWindowTextA
1 00C104B4 user32.dll 0167 GetWindowThreadProcessId
1 00C104B8 user32.dll 0167 GetWindowThreadProcessId
1 00C104BC user32.dll 0176 InflateRect
1 00C104C0 user32.dll 0179 InsertMenuA
1 00C104C4 user32.dll 017A InsertMenuItemA
1 00C104C8 user32.dll 017E IntersectRect
1 00C104CC user32.dll 017F InvalidateRect
1 00C104D0 user32.dll 018A IsChild
1 00C104D4 user32.dll 018C IsDialogMessage
1 00C104D8 user32.dll 0191 IsIconic
1 00C104DC user32.dll 0193 IsRectEmpty
1 00C104E0 user32.dll 0194 IsWindow
1 00C104E4 user32.dll 0195 IsWindowEnabled
1 00C104E8 user32.dll 0197 IsWindowVisible
1 00C104EC user32.dll 0198 IsZoomed
1 00C104F0 user32.dll 019A KillTimer
1 00C104F4 user32.dll 019D LoadBitmapA
1 00C104F8 user32.dll 019F LoadCursorA
1 00C104FC user32.dll 01A3 LoadIconA
1 00C10500 user32.dll 01A7 LoadKeyboardLayoutA
1 00C10504 user32.dll 01B0 LoadStringA
1 00C10508 user32.dll 01BB MapVirtualKeyA
1 00C1050C user32.dll 01BF MapWindowPoints
1 00C10510 user32.dll 01C4 MessageBoxA
1 00C10514 user32.dll 01D4 OemToCharA
1 00C10518 user32.dll 01D8 OffsetRect
1 00C1051C user32.dll 01E2 PeekMessageA
1 00C10520 user32.dll 01E4 PostMessageA
1 00C10524 user32.dll 01E6 PostQuitMessage
1 00C10528 user32.dll 01EF PtInRect
1 00C1052C user32.dll 01F6 RedrawWindow
1 00C10530 user32.dll 01F7 RegisterClassA
1 00C10534 user32.dll 01FB RegisterClipboardFormatA
1 00C10538 user32.dll 01FB RegisterClipboardFormatA
1 00C1053C user32.dll 0207 ReleaseCapture
1 00C10540 user32.dll 0208 ReleaseDC
1 00C10544 user32.dll 0209 RemoveMenu
1 00C10548 user32.dll 020A RemovePropA
1 00C1054C user32.dll 020F ScreenToClient
1 00C10550 user32.dll 0212 ScrollWindow
1 00C10554 user32.dll 0219 SendMessageA
1 00C10558 user32.dll 0221 SetActiveWindow
1 00C1055C user32.dll 0222 SetCapture
1 00C10560 user32.dll 0225 SetClassLongA
1 00C10564 user32.dll 022B SetCursor
1 00C10568 user32.dll 0234 SetFocus
1 00C1056C user32.dll 0235 SetForegroundWindow
1 00C10570 user32.dll 023B SetMenu
1 00C10574 user32.dll 0240 SetMenuItemInfoA
1 00C10578 user32.dll 0248 SetPropA
1 00C1057C user32.dll 024A SetRect
1 00C10580 user32.dll 024C SetScrollInfo
1 00C10584 user32.dll 024D SetScrollPos
1 00C10588 user32.dll 024E SetScrollRange
1 00C1058C user32.dll 0258 SetTimer
1 00C10590 user32.dll 025E SetWindowLongA
1 00C10594 user32.dll 0260 SetWindowPlacement
1 00C10598 user32.dll 0261 SetWindowPos
1 00C1059C user32.dll 0264 SetWindowTextA
1 00C105A0 user32.dll 0268 SetWindowsHookExA
1 00C105A4 user32.dll 026C ShowCursor
1 00C105A8 user32.dll 026D ShowOwnedPopups
1 00C105AC user32.dll 026E ShowScrollBar
1 00C105B0 user32.dll 0270 ShowWindow
1 00C105B4 user32.dll 0277 SystemParametersInfoA
1 00C105B8 user32.dll 0282 TrackPopupMenu
1 00C105BC user32.dll 0287 TranslateMDISysAccel
1 00C105C0 user32.dll 0288 TranslateMessage
1 00C105C4 user32.dll 028C UnhookWindowsHookEx
1 00C105C8 user32.dll 0291 UnregisterClassA
1 00C105CC user32.dll 0297 UpdateWindow
1 00C105D0 user32.dll 02AC WaitMessage
1 00C105D4 user32.dll 02AE WinHelpA
1 00C105D8 user32.dll 02B1 WindowFromPoint
1 00C105DC kernel32.dll 02CA Sleep
1 00C105E0 oleaut32.dll 0008 VariantInit
1 00C105E4 oleaut32.dll 0009 VariantClear
1 00C105E8 oleaut32.dll 000A VariantCopy
1 00C105EC oleaut32.dll 000B VariantCopyInd
1 00C105F0 oleaut32.dll 000C VariantChangeType
1 00C105F4 oleaut32.dll 000F SafeArrayCreate
1 00C105F8 oleaut32.dll 0028 SafeArrayRedim
1 00C105FC oleaut32.dll 0014 SafeArrayGetLBound
1 00C10600 oleaut32.dll 0013 SafeArrayGetUBound
1 00C10604 oleaut32.dll 0019 SafeArrayGetElement
1 00C10608 oleaut32.dll 001A SafeArrayPutElement
1 00C1060C oleaut32.dll 0094 SafeArrayPtrOfIndex
1 00C10610 ole32.dll 0018 CoCreateGuid
1 00C10614 comctl32.dll 0011 InitCommonControls
1 00C10618 comctl32.dll 002C ImageList_Create
1 00C1061C comctl32.dll 002D ImageList_Destroy
1 00C10620 comctl32.dll 003C ImageList_GetImageCount
1 00C10624 comctl32.dll 0027 ImageList_Add
1 00C10628 comctl32.dll 0046 ImageList_ReplaceIcon
1 00C1062C comctl32.dll 004B ImageList_SetBkColor
1 00C10630 comctl32.dll 0037 ImageList_GetBkColor
1 00C10634 comctl32.dll 0032 ImageList_Draw
1 00C10638 comctl32.dll 0033 ImageList_DrawEx
1 00C1063C comctl32.dll 0044 ImageList_Remove
1 00C10640 comctl32.dll 002A ImageList_BeginDrag
1 00C10644 comctl32.dll 0036 ImageList_EndDrag
1 00C10648 comctl32.dll 002E ImageList_DragEnter
1 00C1064C comctl32.dll 002F ImageList_DragLeave
1 00C10650 comctl32.dll 0030 ImageList_DragMove
1 00C10654 comctl32.dll 004C ImageList_SetDragCursorImage
1 00C10658 comctl32.dll 0031 ImageList_DragShowNolock
1 00C1065C comctl32.dll 0038 ImageList_GetDragImage
1 00C10660 comctl32.dll 0043 ImageList_Read
1 00C10664 comctl32.dll 0052 ImageList_Write
1 00C10668 comctl32.dll 003B ImageList_GetIconSize
1 00C1066C comctl32.dll 004F ImageList_SetIconSize
1 00C10670 winspool.drv 0086 ClosePrinter
1 00C10674 winspool.drv 00B1 DocumentPropertiesA
1 00C10678 winspool.drv 00DC EnumPrintersA
1 00C1067C winspool.drv 00F6 OpenPrinterA
1 00C10680 shell32.dll 016C ShellAboutA
1 00C10684 comdlg32.dll 006E GetOpenFileNameA
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
