导入, ntoskrnl.exe
顺序 (示意)    名字
000002AD    MmMapLockedPagesSpecifyCache
000001F1    KeAttachProcess
00000379    PsLookupProcessByProcessId
00000324    ObReferenceObjectByHandle
0000024F    KeServiceDescriptorTable
00000395    PsThreadType
000001F9    KeDelayExecutionThread
00000507    ZwClose
0000026A    KeWaitForSingleObject
000005A3    memcpy
000005A5    memset
00000160    IoFreeMdl
000002C8    MmUnlockPages
000002B9    MmProbeAndLockPages
00000124    IoAllocateMdl
00000419    RtlInitUnicodeString
00000264    KeUnstackDetachProcess
00000260    KeStackAttachProcess
0000004E    ExFreePoolWithTag
00000041    ExAllocatePoolWithTag
000001FC    KeDetachProcess
00000253    KeSetEvent
00000167    IoGetCurrentProcess
00000150    IoDeleteSymbolicLink
0000014E    IoDeleteDevice
00000388    PsSetCreateProcessNotifyRoutine
0000035E    PsGetProcessId
0000034F    PsGetCurrentProcessId
000002CA    MmUnmapLockedPages
0000004B    ExEventObjectType
000005C9    wcstombs
000005C4    wcsncmp
0000028F    MmBuildMdlForNonPagedPool
00000146    IoCreateSymbolicLink
0000013D    IoCreateDevice
0000028D    MmAllocateNonCachedMemory
0000029A    MmFreeNonCachedMemory
00000548    ZwQueryObject
00000518    ZwDuplicateObject
0000052E    ZwOpenProcess
000002A2    MmIsAddressValid
000001EF    KeAddSystemServiceTable
0000054D    ZwQueryValueKey
0000052D    ZwOpenKey
00000263    KeTickCount
000001F3    KeBugCheckEx
0000032C    ObfDereferenceObject
000001E0    IofCompleteRequest
0000054C    ZwQuerySystemInformation
00000215    KeInitializeEvent
0000049C    RtlUnwind

看不懂
  看不清白 ！       

sdadas3213

sdadas

mklm,l

yuhjhjk

我对这个也不太清楚，机器码解读在DAT文件里面，可惜没有什么软件打开

把大宝1.027反正汇编了............机器语言看不懂  有什么工具可以把EXE反成C++

导入, HAL.dll
顺序 (示意)    名字
00000000    ExAcquireFastMutex
00000001    ExReleaseFastMutex
00000040    KeGetCurrentIrql