|
Æƽ⹤¾ß£ºollydb,pescan£¬Regmon
ÆƽâÄѶȣºÒ»°ã
ÎÄÕ¼ò½é£º
±¾ÎÄÖ»ÊǶÔÕâÖÖÀàÐ͵ļÓÃÜ·½·¨½øÐÐÌÖÂÛ¡£²¢·ÇÓÃÓÚÉÌÒµÓÃ;¡£ÇëÈí¼þ×÷ÕßÔÁ¡£
¹¦Äܺͱ£»¤·½Ê½¼ò½é£º
ÖØÆðÑé֤ע²áºÅ£¨²»ÖªµÀÓ¦¸Ã½ÐÄÇÖÖ£¬Éú³ÉÒ»¸öINIµÄÎļþ°üº¬×¢²áÐÅÏ¢£©
Æƽâ·ÖÎö£º
ÏÂÔغó°²×°£¬Ò»ÇÐÕý³£¡£OK¡£ÔËÐÐGradeSheet¿´¿´ÏÈ¡£
»úÆ÷Â룺314408964
×¢²áÂ룺Ëæ±ãÌîд
µã×¢²á£¬ÌáʾÒѾдÈë×¢²áÐÅÏ¢£¬ÇëÖØÐÂÆô¶¯Èí¼þ£¬Èç²»³öÏÖ´Ë´°¿ÚÔò±íÃ÷×¢²á³É¹¦¡£
ºÃÁË£¬½øÐÐÏÂÒ»²½¡£ÓÃRegmon¿´¿´ÊÇ·ñÍù×¢²á±íÀï䶫Î÷£¬Ã»ÓУ¬ºöÈ»·¢ÏÖ·ÃÎÊWINDOWSĿ¼ÏÂGRADESHEET.INIÎļþ¡£
´ò¿ª¿´¿´ÄÚÈÝÈçÏ£º
[MyChoice]
Serial=314408964
information=Luo JianDa at YunLong Senior High School of CiXi City ZheJiang Province China LUOJZNB@ZJ165.COM
¿´À´SerialÊǹؼüÁË¡£½øÐÐÏÂÒ»²½¡£
¿´¿´ÊÇ·ñÓпǣ¬PESCANºÜºÃÓÃÓ´¡£ASPACK2.12ÍÑ¿ÇÍê±Ï¡£ÔËÐп´¿´ÊÇ·ñÓÐÎÊÌâ¡£ºÃ£¬Ã»ÓÐÎÊÌâÔËÐÐÕý³£¡£
¿ªÊÔÓÃOLLYDB¼ÓÔØÔËÐС£ËÑË÷Ìáʾ×Ö·û´®SerialµÄÕÒµ½Á½´¦£¬·Ö±ð϶ϵ㡣
ÆäÖÐÒ»´¦ÈçÏ£º
0040E77A . 50 PUSH EAX ¡·¡·¶Ïµ½ÕâÀïµÄʱºòÕýÈ·µÄ×¢²áÂëÒѾ²úÉúÁË¡£
0040E77B . 51 PUSH ECX
0040E77C . 52 PUSH EDX
0040E77D . E8 7C060100 CALL GRADESHE.0041EDFE
0040E782 . 50 PUSH EAX
0040E783 . 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
0040E787 . C68424 D000000>MOV BYTE PTR SS:[ESP+D0],4
0040E78F . E8 74050100 CALL GRADESHE.0041ED08
0040E794 . 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10]
0040E798 . C68424 CC00000>MOV BYTE PTR SS:[ESP+CC],3
0040E7A0 . E8 76040100 CALL GRADESHE.0041EC1B
0040E7A5 . E8 35D70100 CALL GRADESHE.0042BEDF
0040E7AA . 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
0040E7AD . 68 F4924300 PUSH GRADESHE.004392F4 ; ASCII "unregisted"
0040E7B2 . 68 E8914300 PUSH GRADESHE.004391E8 ; ASCII "Serial"²Î¿¼ÔÚÕâÀï
0040E7B7 . 8D4C24 2C LEA ECX,DWORD PTR SS:[ESP+2C]
0040E7BB . 68 DC914300 PUSH GRADESHE.004391DC ; ASCII "MyChoice"
0040E7C0 . 51 PUSH ECX
0040E7C1 . 8BC8 MOV ECX,EAX
0040E7C3 . E8 33D90100 CALL GRADESHE.0042C0FB ¡·¡·¶ÁÈ¡INIÎļþÖеÄ×¢²áÂë
0040E7C8 . 8B5424 24 MOV EDX,DWORD PTR SS:[ESP+24] ¡·¡·ÊäÈëµÄ×¢²áÂë
0040E7CC . 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18] ¡·¡·ÕýÈ·µÄ×¢²áÂë ÎÒµÄÊÇ9902911522
0040E7D0 . 52 PUSH EDX ; /Arg2
0040E7D1 . 50 PUSH EAX ; |Arg1
0040E7D2 . C68424 D400000>MOV BYTE PTR SS:[ESP+D4],5 ; |
0040E7DA . E8 06530000 CALL GRADESHE.00413AE5 ±È½Ï×¢²áÂë ¸ú½ø
0040E7DF . 83C4 08 ADD ESP,8
0040E7E2 . 85C0 TEST EAX,EAX
0040E7E4 . 75 0B JNZ SHORT GRADESHE.0040E7F1
0040E7E6 . 899E F42A0000 MOV DWORD PTR DS:[ESI+2AF4],EBX
0040E7EC . E9 CB000000 JMP GRADESHE.0040E8BC
0040E7F1 > 53 PUSH EBX ; /Arg1
0040E7F2 . 8D4C24 44 LEA ECX,DWORD PTR SS:[ESP+44] ; |
0040E7F6 . E8 75E9FFFF CALL GRADESHE.0040D170 ; \GRADESHE.0040D170
0040E7FB . 8D4C24 40 LEA ECX,DWORD PTR SS:[ESP+40]
0040E7FF . C68424 CC00000>MOV BYTE PTR SS:[ESP+CC],6
0040E807 . E8 A74B0100 CALL GRADESHE.004233B3
0040E80C . 8D8C24 C000000>LEA ECX,DWORD PTR SS:[ESP+C0]
0040E813 . C68424 CC00000>MOV BYTE PTR SS:[ESP+CC],0B
0040E81B . E8 FB030100 CALL GRADESHE.0041EC1B
0040E820 . 8D8C24 BC00000>LEA ECX,DWORD PTR SS:[ESP+BC]
0040E827 . C68424 CC00000>MOV BYTE PTR SS:[ESP+CC],0A
0040E82F . E8 E7030100 CALL GRADESHE.0041EC1B
×¢²áÂë±È½Ï²¿·Ö£º´Ë´¦ÊÇһѻ·£¬Öð¸ö±È½Ï£¬Èç¹ûµÚÒ»¸ö²»ÕýÈ·¾ÍÌø³öÑ»·¡£
00413B14 |> 66:0FB60F /MOVZX CX,BYTE PTR DS:[EDI]
00413B18 |. 0FB6C1 |MOVZX EAX,CL
00413B1B |. 47 |INC EDI
00413B1C |. 894D 0C |MOV DWORD PTR SS:[EBP+C],ECX
00413B1F |. F680 81B54700 >|TEST BYTE PTR DS:[EAX+47B581],4
00413B26 |. 74 16 |JE SHORT GRADESHE.00413B3E
00413B28 |. 8A07 |MOV AL,BYTE PTR DS:[EDI]
00413B2A |. 84C0 |TEST AL,AL
00413B2C |. 75 06 |JNZ SHORT GRADESHE.00413B34
00413B2E |. 8365 0C 00 |AND DWORD PTR SS:[EBP+C],0
00413B32 |. EB 0A |JMP SHORT GRADESHE.00413B3E
00413B34 |> 33D2 |XOR EDX,EDX
00413B36 |. 47 |INC EDI
00413B37 |. 8AF1 |MOV DH,CL
00413B39 |. 8AD0 |MOV DL,AL
00413B3B |. 8955 0C |MOV DWORD PTR SS:[EBP+C],EDX
00413B3E |> 66:0FB61E |MOVZX BX,BYTE PTR DS:[ESI]
00413B42 |. 0FB6C3 |MOVZX EAX,BL
00413B45 |. 46 |INC ESI
00413B46 |. F680 81B54700 >|TEST BYTE PTR DS:[EAX+47B581],4
00413B4D |. 74 13 |JE SHORT GRADESHE.00413B62
00413B4F |. 8A06 |MOV AL,BYTE PTR DS:[ESI]
00413B51 |. 84C0 |TEST AL,AL
00413B53 |. 75 04 |JNZ SHORT GRADESHE.00413B59
00413B55 |. 33DB |XOR EBX,EBX
00413B57 |. EB 09 |JMP SHORT GRADESHE.00413B62
00413B59 |> 33C9 |XOR ECX,ECX
00413B5B |. 46 |INC ESI
00413B5C |. 8AEB |MOV CH,BL
00413B5E |. 8AC8 |MOV CL,AL
00413B60 |. 8BD9 |MOV EBX,ECX
00413B62 |> 66:395D 0C |CMP WORD PTR SS:[EBP+C],BX ±È½Ï×¢²áÂëµÄµ¥¸ö×Ö·ûÊÇ·ñÏàͬ
00413B66 |. 75 09 |JNZ SHORT GRADESHE.00413B71 Ìø¾ÍOVER
00413B68 |. 66:837D 0C 00 |CMP WORD PTR SS:[EBP+C],0
00413B6D |. 74 16 |JE SHORT GRADESHE.00413B85 ±È½ÏÍê±ÏÌø³öÑ»·¡£
00413B6F |.^EB A3 \JMP SHORT GRADESHE.00413B14
ÒÔÉϲ¿·ÖÒâÒå²»´ó£¬¸ÐÐËȤµÄÊÇÈçºÎ¼ÆËãµÄ×¢²áÂ룬µ½¶ÏµãµÄÒÔÉϲ¿·Ö¿´¿´£¬²¿·Ö¿´¿´¡£
0040E5A0 > 8B96 F4000000 MOV EDX,DWORD PTR DS:[ESI+F4]
0040E5A6 . 57 PUSH EDI
0040E5A7 . 53 PUSH EBX
0040E5A8 . 68 03100000 PUSH 1003
0040E5AD . 52 PUSH EDX
0040E5AE . FFD5 CALL EBP
0040E5B0 . 50 PUSH EAX
0040E5B1 . E8 95EE0000 CALL GRADESHE.0041D44B
0040E5B6 . 83CD FF OR EBP,FFFFFFFF
0040E5B9 . 899E F01E0000 MOV DWORD PTR DS:[ESI+1EF0],EBX
0040E5BF . 899E 142B0000 MOV DWORD PTR DS:[ESI+2B14],EBX
0040E5C5 . 899E E41E0000 MOV DWORD PTR DS:[ESI+1EE4],EBX
0040E5CB . 899E E01E0000 MOV DWORD PTR DS:[ESI+1EE0],EBX
0040E5D1 . 89AE E81E0000 MOV DWORD PTR DS:[ESI+1EE8],EBP
0040E5D7 . 89AE EC1E0000 MOV DWORD PTR DS:[ESI+1EEC],EBP
0040E5DD . 899E F41E0000 MOV DWORD PTR DS:[ESI+1EF4],EBX
0040E5E3 . 899E F81E0000 MOV DWORD PTR DS:[ESI+1EF8],EBX
0040E5E9 . 899E E02A0000 MOV DWORD PTR DS:[ESI+2AE0],EBX
0040E5EF . 899E E42A0000 MOV DWORD PTR DS:[ESI+2AE4],EBX
0040E5F5 . 899E EC2A0000 MOV DWORD PTR DS:[ESI+2AEC],EBX
0040E5FB . 899E F02A0000 MOV DWORD PTR DS:[ESI+2AF0],EBX
0040E601 . C786 F42A0000 >MOV DWORD PTR DS:[ESI+2AF4],1
0040E60B . A1 F8984300 MOV EAX,DWORD PTR DS:[4398F8]
0040E610 . 894424 14 MOV DWORD PTR SS:[ESP+14],EAX
0040E614 . 8D4C24 38 LEA ECX,DWORD PTR SS:[ESP+38]
0040E618 . 8D5424 28 LEA EDX,DWORD PTR SS:[ESP+28]
0040E61C . 51 PUSH ECX ; /pTotalNumberOfFreeBytes
0040E61D . 8D4424 34 LEA EAX,DWORD PTR SS:[ESP+34] ; |
0040E621 . 52 PUSH EDX ; |pTotalNumberOfBytes
0040E622 . 50 PUSH EAX ; |pFreeBytesAvailableToCaller
0040E623 . 68 8C914300 PUSH GRADESHE.0043918C ; |DirectoryName = "c:"
0040E628 . 899C24 DC00000>MOV DWORD PTR SS:[ESP+DC],EBX ; |
0040E62F . FF15 B4F14200 CALL DWORD PTR DS:[<&KERNEL32.GetDiskFreeS>; \GetDiskFreeSpaceExA
0040E635 . 83F8 01 CMP EAX,1
0040E638 . 75 1E JNZ SHORT GRADESHE.0040E658
0040E63A . 8B4C24 2C MOV ECX,DWORD PTR SS:[ESP+2C]
0040E63E . 8B5424 28 MOV EDX,DWORD PTR SS:[ESP+28]
0040E642 . 51 PUSH ECX
0040E643 . 52 PUSH EDX
0040E644 . 8D4424 1C LEA EAX,DWORD PTR SS:[ESP+1C]
0040E648 . 68 84914300 PUSH GRADESHE.00439184 ; ASCII "%I64u"
0040E64D . 50 PUSH EAX
0040E64E . E8 06E20000 CALL GRADESHE.0041C859 ; ¼ÆËã»úÆ÷ÂëºÜÃ÷ÏÔÊǸù¾ÝCÅ̵Ä×ÔÓÉ¿Õ¼äÀ´¼ÆËãµÄ¡£
0040E653 . 83C4 10 ADD ESP,10
0040E656 . EB 0C JMP SHORT GRADESHE.0040E664
0040E658 > 53 PUSH EBX ; /Arg3
0040E659 . 53 PUSH EBX ; |Arg2
0040E65A . 68 68914300 PUSH GRADESHE.00439168 ; |Arg1 = 00439168
0040E65F . E8 56A10100 CALL GRADESHE.004287BA ; \GRADESHE.004287BA
0040E664 > 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
0040E668 . 8B41 F8 MOV EAX,DWORD PTR DS:[ECX-8]
0040E66B . 83F8 08 CMP EAX,8
0040E66E . 7D 0C JGE SHORT GRADESHE.0040E67C
0040E670 . 53 PUSH EBX ; /Arg3
0040E671 . 53 PUSH EBX ; |Arg2
0040E672 . 68 68914300 PUSH GRADESHE.00439168 ; |Arg1 = 00439168
0040E677 . E8 3EA10100 CALL GRADESHE.004287BA ; \GRADESHE.004287BA
0040E67C > 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+10]
0040E680 . 6A 08 PUSH 8
0040E682 . 52 PUSH EDX
0040E683 . 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
0040E687 . E8 F2DD0000 CALL GRADESHE.0041C47E ; È¥µô»úÆ÷ÂëµÄºó2λ
0040E68C . 50 PUSH EAX
0040E68D . 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
0040E691 . C68424 D000000>MOV BYTE PTR SS:[ESP+D0],1
0040E699 . E8 6A060100 CALL GRADESHE.0041ED08
0040E69E . 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10]
0040E6A2 . 889C24 CC00000>MOV BYTE PTR SS:[ESP+CC],BL
0040E6A9 . E8 6D050100 CALL GRADESHE.0041EC1B
0040E6AE . 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
0040E6B2 . 50 PUSH EAX
0040E6B3 . E8 9C580000 CALL GRADESHE.00413F54 ; ±ä³ÉUNICOD
0040E6B8 . 05 23612D01 ADD EAX,12D6123
0040E6BD . 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18] ; È¥2λºóµÄ×¢²áÂëÏà¼õ
0040E6C1 . 50 PUSH EAX
0040E6C2 . 68 00934300 PUSH GRADESHE.00439300 ; ASCII "%ld"
0040E6C7 . 51 PUSH ECX
0040E6C8 . E8 8CE10000 CALL GRADESHE.0041C859 ; ÔËËã
0040E6CD . 83C4 10 ADD ESP,10
0040E6D0 . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
0040E6D4 . E8 1C0A0100 CALL GRADESHE.0041F0F5 ; µ½¹ýÀ´ÅÅÐò
0040E6D9 . 68 80914300 PUSH GRADESHE.00439180 ; ASCII "?:\"
0040E6DE . 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20]
0040E6E2 . 895C24 14 MOV DWORD PTR SS:[ESP+14],EBX
0040E6E6 . 33FF XOR EDI,EDI
0040E6E8 . E8 9C050100 CALL GRADESHE.0041EC89
0040E6ED . C68424 CC00000>MOV BYTE PTR SS:[ESP+CC],2
0040E6F5 . FF15 B8F14200 CALL DWORD PTR DS:[<&KERNEL32.GetLogicalDr>; [GetLogicalDrives
0040E6FB . 3BC3 CMP EAX,EBX
0040E6FD . 894424 20 MOV DWORD PTR SS:[ESP+20],EAX
0040E701 . 74 43 JE SHORT GRADESHE.0040E746
0040E703 . 8B2D BCF14200 MOV EBP,DWORD PTR DS:[<&KERNEL32.GetDriveT>
0040E709 > A8 01 TEST AL,1 ; ¿ªÊ¼ÕâÀïÑ»·
0040E70B . 74 23 JE SHORT GRADESHE.0040E730
0040E70D . 8A5424 10 MOV DL,BYTE PTR SS:[ESP+10]
0040E711 . 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
0040E715 . 80C2 41 ADD DL,41
0040E718 . 52 PUSH EDX
0040E719 . 53 PUSH EBX
0040E71A . E8 E8090100 CALL GRADESHE.0041F107
0040E71F . 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+1C] ; ´ÓA:µ½×îºóÒ»¸öÇý¶¯Æ÷
0040E723 . 50 PUSH EAX
0040E724 . FFD5 CALL EBP
0040E726 . 83F8 03 CMP EAX,3
0040E729 . 75 01 JNZ SHORT GRADESHE.0040E72C
0040E72B . 47 INC EDI
0040E72C > 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+20]
0040E730 > 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
0040E734 . D1E8 SHR EAX,1
0040E736 . 42 INC EDX
0040E737 . 3BC3 CMP EAX,EBX
0040E739 . 894424 20 MOV DWORD PTR SS:[ESP+20],EAX
0040E73D . 895424 10 MOV DWORD PTR SS:[ESP+10],EDX
0040E741 .^75 C6 JNZ SHORT GRADESHE.0040E709 ; Ñ»·ÒÀ´ÎÔËËãËùÓÐÂß¼ÅÌ×îºóÊÇÈ¡×îºóÒ»¸öÇý¶¯Æ÷µÄÅÌ·ûÎÒµÄÊÇ¡°g:\"
0040E743 . 83CD FF OR EBP,FFFFFFFF
0040E746 > 8B0D F8984300 MOV ECX,DWORD PTR DS:[4398F8] ; GRADESHE.0043990C
0040E74C . 894C24 18 MOV DWORD PTR SS:[ESP+18],ECX
0040E750 . 83C7 12 ADD EDI,12
0040E753 . 8D5424 18 LEA EDX,DWORD PTR SS:[ESP+18]
0040E757 . 57 PUSH EDI
0040E758 . 68 7C914300 PUSH GRADESHE.0043917C ; ASCII "%d"
0040E75D . 52 PUSH EDX
0040E75E . C68424 D800000>MOV BYTE PTR SS:[ESP+D8],3
0040E766 . E8 EEE00000 CALL GRADESHE.0041C859 ; ¼ÆËã³ö×¢²áÂëµÄ×îºó2λ
0040E76B . 83C4 0C ADD ESP,0C
0040E76E . 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+18]
0040E772 . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+1€€€
ÓÉÓÚʱ¼äÎÊÌ⣨ÏÈÕÒ¸ǫ̈½×Ï£©£¬¾Í²»ÔÚÍùÏÂдÁË£¬ÖÁÓÚËã·¨²¿·Ö±¾È˺ܲˣ¬ÅÂÔÚ¸÷λ¸ßÊÖÃæÇ°ÂòŪ£¬²»Ð´ÁË¡£
¸ÐÐËȤµÄ¿ÉÒÔ¿´¿´¡£
×ܽ᣺
²ËÄñ×ÜÊÇÒª´Ó×î²ËµÄµØ·½¿ªÊ¼¡£Ã»Óа취ѽ¡£Ä¿Ç°¶Ô×Ô¼ºÒªÇ󲻸ߣ¬ÄÜÕÒµ½ÕýÈ·µÄ×¢²áÂë¾ÍÐУ¬Ëã·¨Õâ¸ö¶«Î÷£¬ÄÖ²»¶®¡£Ï£Íû¸÷λ¸ßÊÖ²»Òª¼ûЦ¡£ |
|
ÉèΪÊ×Ò³
¼ÓÈëÊÕ²Ø
×ܱàÐÅÏä
Ͷ¸å»òÉêÇëרÀ¸ÇëÏÈ [µÇ ½]
