-
关注Ta
-
- 注册时间 2012-04-06
- 最后登录 2020-12-30
-
- 发帖288
- 在线146小时
- 精华1
- DB917
- 威望-3
- 保证金0
- 桃子0
- 鲜花0
- 鸡蛋0
-
访问TA的空间加好友用道具
|
哥珍藏了大半年了,喷子别喷我,木有技术含量,木有拐弯抹角,上Disassembly - .text:10001050 sub esp, 0Ch
- .text:10001053 push ebx
- .text:10001054 push ebp
- .text:10001055 push esi
- .text:10001056 push edi
- .text:10001057 push offset aVmp_ehsvcwrapp ; "VMP_EHSvcWrapper"
- .text:1000105C call ds:VMProtectBegin
- .text:10001062 mov eax, [esp+1Ch+arg_0]
- .text:10001066 cmp eax, 25h ; switch 38 cases
- .text:10001069 ja loc_1000114A ; jumptable 10001077 default case
- .text:1000106F xor ecx, ecx
- .text:10001071 mov cl, ds:byte_1000118C[eax]
- .text:10001077 jmp ds:off_10001174[ecx*4] ; switch jump
- .text:1000107E
- .text:1000107E loc_1000107E: ; DATA XREF: .text:off_10001174o
- .text:1000107E mov eax, dword_1000B9B4 ; jumptable 10001077 case 5
- .text:10001083 test eax, eax
- .text:10001085 jnz short loc_100010A0
- .text:10001087 mov edx, [esp+1Ch+arg_8]
- .text:1000108B mov dword ptr [edx], 0
- .text:10001091 mov dword_1000B9B4, 1
- .text:1000109B jmp loc_1000115E
- .text:100010A0 ; ---------------------------------------------------------------------------
- .text:100010A0
- .text:100010A0 loc_100010A0: ; CODE XREF: _10+35j
- .text:100010A0 mov eax, [esp+1Ch+arg_8]
- .text:100010A4 mov dword ptr [eax], 201h
- .text:100010AA jmp loc_1000115E
- .text:100010AF ; ---------------------------------------------------------------------------
- .text:100010AF
- .text:100010AF loc_100010AF: ; CODE XREF: _10+27j
- .text:100010AF ; DATA XREF: .text:off_10001174o
- .text:100010AF mov esi, [esp+1Ch+arg_4] ; jumptable 10001077 case 13
- .text:100010B3 mov ebx, ds:EnumWindows
- .text:100010B9 mov ebp, ds:SendMessageW
- .text:100010BF mov edi, ds:MessageBoxW
- .text:100010C5
- .text:100010C5 loc_100010C5: ; CODE XREF: _10+D4j
- .text:100010C5 push 0 ; lParam
- .text:100010C7 push offset EnumFunc ; lpEnumFunc
- .text:100010CC call ebx ; EnumWindows
- .text:100010CE mov eax, hWnd
- .text:100010D3 test eax, eax
- .text:100010D5 jz short loc_10001105
- .text:100010D7 mov ecx, [esi+8]
- .text:100010DA mov edx, [esi+4]
- .text:100010DD mov eax, [esi]
- .text:100010DF mov [esp+1Ch+lParam], ecx
- .text:100010E3 lea ecx, [esp+1Ch+lParam]
- .text:100010E7 mov [esp+1Ch+var_8], edx
- .text:100010EB push ecx ; lParam
- .text:100010EC mov [esp+20h+var_4], eax
- .text:100010F0 call GetCurrentProcessId
- .text:100010F5 mov edx, hWnd
- .text:100010FB push eax ; wParam
- .text:100010FC push 4Ah ; Msg
- .text:100010FE push edx ; hWnd
- .text:100010FF call ebp ; SendMessageW
- .text:10001101 test eax, eax
- .text:10001103 jnz short loc_1000113E ; jumptable 10001077 cases 0,2,6-12,14,15,17-19,33-37
- .text:10001105
- .text:10001105 loc_10001105: ; CODE XREF: _10+85j
- .text:10001105 push 25h ; uType
- .text:10001107 push offset Caption ; "EHSvc"
- .text:1000110C push offset Text ; "*g迯\nNH"
- .text:10001111 push 0 ; hWnd
- .text:10001113 mov hWnd, 0
- .text:1000111D call edi ; MessageBoxW
- .text:1000111F cmp eax, 2
- .text:10001122 jz short loc_1000115E
- .text:10001124 jmp short loc_100010C5
- .text:10001126 ; ---------------------------------------------------------------------------
- .text:10001126
- .text:10001126 loc_10001126: ; CODE XREF: _10+27j
- .text:10001126 ; DATA XREF: .text:off_10001174o
- .text:10001126 mov ecx, [esp+1Ch+arg_8] ; jumptable 10001077 case 4
- .text:1000112A mov dword ptr [ecx], 0
- .text:10001130 jmp short loc_1000115E
- .text:10001132 ; ---------------------------------------------------------------------------
- .text:10001132
- .text:10001132 loc_10001132: ; CODE XREF: _10+27j
- .text:10001132 ; DATA XREF: .text:off_10001174o
- .text:10001132 mov edx, [esp+1Ch+arg_8] ; jumptable 10001077 case 20
- .text:10001136 mov dword ptr [edx], 1
- .text:1000113C jmp short loc_1000115E
- .text:1000113E ; ---------------------------------------------------------------------------
- .text:1000113E
- .text:1000113E loc_1000113E: ; CODE XREF: _10+27j
- .text:1000113E ; _10+B3j
- .text:1000113E ; DATA XREF: ...
- .text:1000113E mov eax, [esp+1Ch+arg_8] ; jumptable 10001077 cases 0,2,6-12,14,15,17-19,33-37
- .text:10001142 mov dword ptr [eax], 0
- .text:10001148 jmp short loc_1000115E
- .text:1000114A ; ---------------------------------------------------------------------------
- .text:1000114A
- .text:1000114A loc_1000114A: ; CODE XREF: _10+19j
- .text:1000114A ; _10+27j
- .text:1000114A ; DATA XREF: ...
- .text:1000114A push 30h ; jumptable 10001077 default case
- .text:1000114C push offset Caption ; "EHSvc"
- .text:10001151 push offset aGxwSpe ; "*g鍂耂pe!"
- .text:10001156 push 0 ; hWnd
- .text:10001158 call ds:MessageBoxW
- .text:1000115E
- .text:1000115E loc_1000115E: ; CODE XREF: _10+4Bj
- .text:1000115E ; _10+5Aj ...
- .text:1000115E call ds:VMProtectEnd
- .text:10001164 pop edi
- .text:10001165 pop esi
- .text:10001166 pop ebp
- .text:10001167 mov eax, 1
- .text:1000116C pop ebx
- .text:1000116D add esp, 0Ch
- .text:10001170 retn 0Ch
- .text:10001170 _10 endp
- .text:10001170
|
