手工AD Safe去广告教程
2016-06-05 14:30
1101 查看
直接修改为免提示,退出程序!
=============================
00119252 |. B9 F04B2000 mov ecx, 888.00204BF0 ; 退出ADSafe后,您的电脑将不能拦截广告,您确定要退出吗?
00119257 |. E8 54B1FEFF call 888.001043B0
0011925C |. 51 push ecx
0011925D |. 8BCC mov ecx, esp
0011925F |. C78424 E80300>mov dword ptr ss:[esp+0x3E8], 0xE
0011926A 896424 48 mov dword ptr ss:[esp+0x48], esp ; 这里改成 jmp 888.001492C7
0011926E 51 push ecx
0011926F |. B9 304C2000 mov ecx, 888.00204C30 ; ADSafe - 退出程序
00119274 |. E8 37B1FEFF call 888.001043B0
00119279 |. 6A 02 push 0x2
0011927B |. 8BCB mov ecx, ebx
0011927D |. C68424 EC0300>mov byte ptr ss:[esp+0x3EC], 0xF
00119285 |. FF15 F0A11F00 call dword ptr ds:[<&DuiLib.DuiLib::C>; DuiLib.DuiLib::CWindowWnd::GetHWND
0011928B |. 8BC8 mov ecx, eax
0011928D |. 89BC24 EC0300>mov dword ptr ss:[esp+0x3EC], edi
00119294 |. E8 D79DFEFF call 888.00103070
00119299 |. 83C4 0C add esp, 0xC
0011929C |. 83F8 01 cmp eax, 0x1
0011929F |. 0F85 0D020000 jnz 888.001194B2
001192A5 |. 8BFB mov edi, ebx
001192A7 |. E8 E40C0000 call 888.00119F90
001192AC |. 80BB F4070000>cmp byte ptr ds:[ebx+0x7F4], 0x0
001192B3 |. 74 0E je short 888.001192C3
001192B5 |. 833D B0992400>cmp dword ptr ds:[0x2499B0], 0x0
001192BC |. 75 05 jnz short 888.001192C3
001192BE |. E8 CD19FEFF call 888.000FAC90
001192C3 |> 6A 01 push 0x1
001192C5 |. 8BCB mov ecx, ebx
001192C7 |. FF15 1CA31F00 call dword ptr ds:[<&DuiLib.DuiLib::C>; DuiLib.DuiLib::CWindowWnd::Close
以下是老版本的搞法,下边是新版本的 搞法。
----------==========================================
012225E0 . FF15 14553F01 call near dword ptr ds:[<&DuiLib.?Sho>; DuiLib.?ShowWindow@CWindowWnd@DuiLib@@QAEX_N0@Z
012225E6 . E9 B4000000 jmp 18.0122269F
012225EB > 81FE 0E810000 cmp esi, 0x810E
012225F1 . 75 60 jnz short 18.01222653
012225F3 . 51 push ecx ; Case 810E of switch 012221C9
012225F4 . 8BCC mov ecx, esp
012225F6 . 896424 18 mov dword ptr ss:[esp+0x18], esp
012225FA . 68 08F24001 push 18.0140F208 ; 退出后骚扰无处不在,您确定要退出么?
012225FF . E8 3C12FEFF call 18.01203840
01222604 . 51 push ecx
01222605 . 8BCC mov ecx, esp
01222607 C78424 000100>mov dword ptr ss:[esp+0x100], 0x5 ; 一会准备jmp这里 到退出代码处
01222612 . 68 242C4001 push 18.01402C24
01222617 . E8 2412FEFF call 18.01203840
0122261C . C78424 000100>mov dword ptr ss:[esp+0x100], -0x1
01222627 . B9 01000000 mov ecx, 0x1
0122262C . 8B57 04 mov edx, dword ptr ds:[edi+0x4]
0122262F . E8 7CC0FFFF call 18.0121E6B0 ; 实际上在这里弹出 骚扰不以,要退出,上面只是push
-================
ctrl+8 到这里 就出出了
012009C3 . E8 68300000 call 18.01203A30
003884C0 |. BA C8375800 mov edx,ADSafe.005837C8 ; auto_start
00528DE5 |. FF15 D45A5700 call dword ptr ds:[<&KERNEL32.GetLastErr>; [GetLastError
00F32449 |. 68 70371301 push ADSafe.01133770 ; -update
00F3298E |. FF15 305A1201 call dword ptr ds:[<&KERNEL32.CreateEven>; \CreateEventW
0125247C |. BA 78374501 mov edx,ADSafe.01453778 ; -hide
012F092C |. 68 10324F01 push ADSafe.014F3210 ; ADSafe净网大师
012F0931 |. C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
012F0935 |. 8BC8 mov ecx,eax
012F0937 |. 6A 00 push 0x0
012F0939 |. A3F4F25301 mov dword ptr ds:[0x153F2F4],eax
012F093E |. FF15 04554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::Create
012F0944 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F094A |. FF15 08554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::GetHWND
012F0950 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F0956 |. A3 F0F25301 mov dword ptr ds:[0x153F2F0],eax
012F095B |. FF15 0C554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::CenterWindow
012F0961 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F0967 |. 6A 6E push 0x6E
012F0969 |. FF15 10554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::SetIcon
----------------------------
012F092C |. 68 10324F01 push ADSafe.014F3210 ; ADSafe净网大师
012F0931 |. C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
012F0935 |. 8BC8 mov ecx,eax
012F0937 6A 00 push 0x0
012F0939 |. A3 F4F25301 mov dword ptr ds:[0x153F2F4],eax
012F093E |. FF15 04554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::Create
012F0944 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F094A |. FF15 08554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::GetHWND
012F0950 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F0956 |. A3 F0F25301 mov dword ptr ds:[0x153F2F0],eax
012F095B |. FF15 0C554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::CenterWindow
012F0961 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F0967 |. 6A 6E push 0x6E
012F0969 |. FF15 10554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::SetIcon
012F096F |. 807D AF 00 cmp byte ptr ss:[ebp-0x51],0x0
012F0973 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F0979 74 06 je short ADSafe.012F0981
012F097B 6A 01 push 0x1
012F097D 6A 01 push 0x1
012F097F |. EB 04 jmp short ADSafe.012F0985
012F0981 |> 6A 00 push 0x0
012F0983 |. 6A 00 push 0x0
012F0985 |> FF15 14554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::ShowWindow
012F098B |. 0F57C0 xorps xmm0,xmm0
012F098E |. 83EC 18 sub esp,0x18
012F0991 |. f30f7f45 d0 movdqu dqword ptr ss:[ebp-0x30],xmm0
012F0996 |. 8BC4 mov eax,esp
012F0998 |. f30f7f45 e0 movdqu dqword ptr ss:[ebp-0x20],xmm0
012F099D |. C700 48394F01 mov dword ptr ds:[eax],ADSafe.014F3948
012F09A3 |. 8D4D D0 lea ecx,[local.12]
012F09A6 |. 8940 10 mov dword ptr ds:[eax+0x10],eax
012F09A9 C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
012F09AD |. E8 8E310000 call ADSafe.012F3B40
012F09B2 |. C645 FC 04 mov byte ptr ss:[ebp-0x4],0x4
012F09B6 |. FF15 18554E01 call dword ptr ds:[<&DuiLib.DuiLib::CPai>; DuiLib.DuiLib::CPaintManagerUI::MessageLoop
=============================
00119252 |. B9 F04B2000 mov ecx, 888.00204BF0 ; 退出ADSafe后,您的电脑将不能拦截广告,您确定要退出吗?
00119257 |. E8 54B1FEFF call 888.001043B0
0011925C |. 51 push ecx
0011925D |. 8BCC mov ecx, esp
0011925F |. C78424 E80300>mov dword ptr ss:[esp+0x3E8], 0xE
0011926A 896424 48 mov dword ptr ss:[esp+0x48], esp ; 这里改成 jmp 888.001492C7
0011926E 51 push ecx
0011926F |. B9 304C2000 mov ecx, 888.00204C30 ; ADSafe - 退出程序
00119274 |. E8 37B1FEFF call 888.001043B0
00119279 |. 6A 02 push 0x2
0011927B |. 8BCB mov ecx, ebx
0011927D |. C68424 EC0300>mov byte ptr ss:[esp+0x3EC], 0xF
00119285 |. FF15 F0A11F00 call dword ptr ds:[<&DuiLib.DuiLib::C>; DuiLib.DuiLib::CWindowWnd::GetHWND
0011928B |. 8BC8 mov ecx, eax
0011928D |. 89BC24 EC0300>mov dword ptr ss:[esp+0x3EC], edi
00119294 |. E8 D79DFEFF call 888.00103070
00119299 |. 83C4 0C add esp, 0xC
0011929C |. 83F8 01 cmp eax, 0x1
0011929F |. 0F85 0D020000 jnz 888.001194B2
001192A5 |. 8BFB mov edi, ebx
001192A7 |. E8 E40C0000 call 888.00119F90
001192AC |. 80BB F4070000>cmp byte ptr ds:[ebx+0x7F4], 0x0
001192B3 |. 74 0E je short 888.001192C3
001192B5 |. 833D B0992400>cmp dword ptr ds:[0x2499B0], 0x0
001192BC |. 75 05 jnz short 888.001192C3
001192BE |. E8 CD19FEFF call 888.000FAC90
001192C3 |> 6A 01 push 0x1
001192C5 |. 8BCB mov ecx, ebx
001192C7 |. FF15 1CA31F00 call dword ptr ds:[<&DuiLib.DuiLib::C>; DuiLib.DuiLib::CWindowWnd::Close
以下是老版本的搞法,下边是新版本的 搞法。
----------==========================================
012225E0 . FF15 14553F01 call near dword ptr ds:[<&DuiLib.?Sho>; DuiLib.?ShowWindow@CWindowWnd@DuiLib@@QAEX_N0@Z
012225E6 . E9 B4000000 jmp 18.0122269F
012225EB > 81FE 0E810000 cmp esi, 0x810E
012225F1 . 75 60 jnz short 18.01222653
012225F3 . 51 push ecx ; Case 810E of switch 012221C9
012225F4 . 8BCC mov ecx, esp
012225F6 . 896424 18 mov dword ptr ss:[esp+0x18], esp
012225FA . 68 08F24001 push 18.0140F208 ; 退出后骚扰无处不在,您确定要退出么?
012225FF . E8 3C12FEFF call 18.01203840
01222604 . 51 push ecx
01222605 . 8BCC mov ecx, esp
01222607 C78424 000100>mov dword ptr ss:[esp+0x100], 0x5 ; 一会准备jmp这里 到退出代码处
01222612 . 68 242C4001 push 18.01402C24
01222617 . E8 2412FEFF call 18.01203840
0122261C . C78424 000100>mov dword ptr ss:[esp+0x100], -0x1
01222627 . B9 01000000 mov ecx, 0x1
0122262C . 8B57 04 mov edx, dword ptr ds:[edi+0x4]
0122262F . E8 7CC0FFFF call 18.0121E6B0 ; 实际上在这里弹出 骚扰不以,要退出,上面只是push
-================
ctrl+8 到这里 就出出了
012009C3 . E8 68300000 call 18.01203A30
003884C0 |. BA C8375800 mov edx,ADSafe.005837C8 ; auto_start
00528DE5 |. FF15 D45A5700 call dword ptr ds:[<&KERNEL32.GetLastErr>; [GetLastError
00F32449 |. 68 70371301 push ADSafe.01133770 ; -update
00F3298E |. FF15 305A1201 call dword ptr ds:[<&KERNEL32.CreateEven>; \CreateEventW
0125247C |. BA 78374501 mov edx,ADSafe.01453778 ; -hide
012F092C |. 68 10324F01 push ADSafe.014F3210 ; ADSafe净网大师
012F0931 |. C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
012F0935 |. 8BC8 mov ecx,eax
012F0937 |. 6A 00 push 0x0
012F0939 |. A3F4F25301 mov dword ptr ds:[0x153F2F4],eax
012F093E |. FF15 04554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::Create
012F0944 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F094A |. FF15 08554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::GetHWND
012F0950 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F0956 |. A3 F0F25301 mov dword ptr ds:[0x153F2F0],eax
012F095B |. FF15 0C554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::CenterWindow
012F0961 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F0967 |. 6A 6E push 0x6E
012F0969 |. FF15 10554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::SetIcon
----------------------------
012F092C |. 68 10324F01 push ADSafe.014F3210 ; ADSafe净网大师
012F0931 |. C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
012F0935 |. 8BC8 mov ecx,eax
012F0937 6A 00 push 0x0
012F0939 |. A3 F4F25301 mov dword ptr ds:[0x153F2F4],eax
012F093E |. FF15 04554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::Create
012F0944 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F094A |. FF15 08554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::GetHWND
012F0950 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F0956 |. A3 F0F25301 mov dword ptr ds:[0x153F2F0],eax
012F095B |. FF15 0C554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::CenterWindow
012F0961 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F0967 |. 6A 6E push 0x6E
012F0969 |. FF15 10554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::SetIcon
012F096F |. 807D AF 00 cmp byte ptr ss:[ebp-0x51],0x0
012F0973 |. 8B0D F4F25301 mov ecx,dword ptr ds:[0x153F2F4]
012F0979 74 06 je short ADSafe.012F0981
012F097B 6A 01 push 0x1
012F097D 6A 01 push 0x1
012F097F |. EB 04 jmp short ADSafe.012F0985
012F0981 |> 6A 00 push 0x0
012F0983 |. 6A 00 push 0x0
012F0985 |> FF15 14554E01 call dword ptr ds:[<&DuiLib.DuiLib::CWin>; DuiLib.DuiLib::CWindowWnd::ShowWindow
012F098B |. 0F57C0 xorps xmm0,xmm0
012F098E |. 83EC 18 sub esp,0x18
012F0991 |. f30f7f45 d0 movdqu dqword ptr ss:[ebp-0x30],xmm0
012F0996 |. 8BC4 mov eax,esp
012F0998 |. f30f7f45 e0 movdqu dqword ptr ss:[ebp-0x20],xmm0
012F099D |. C700 48394F01 mov dword ptr ds:[eax],ADSafe.014F3948
012F09A3 |. 8D4D D0 lea ecx,[local.12]
012F09A6 |. 8940 10 mov dword ptr ds:[eax+0x10],eax
012F09A9 C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
012F09AD |. E8 8E310000 call ADSafe.012F3B40
012F09B2 |. C645 FC 04 mov byte ptr ss:[ebp-0x4],0x4
012F09B6 |. FF15 18554E01 call dword ptr ds:[<&DuiLib.DuiLib::CPai>; DuiLib.DuiLib::CPaintManagerUI::MessageLoop
相关文章推荐
- Js 的 typeof 返回值
- JQuery事件的绑定
- JQuery设置缓慢下拉大行多次执行的解决办法,以及stop()函数的简单理解
- JQuery_AJAX简单笔记
- 正则表达式单行、多行模式简介(使用说明)
- CSS盒子模型
- JQuery AJAX请求aspx后台方法
- JS基础学习。
- 解决jsp页面读取XXX.properties文件显示文乱码的问题
- Node.js之Express二
- 前端问题汇总
- 安卓开发——通过selector实现对TextView点击样式改变
- Jackson 框架,轻易转换JSON
- 【转】@font-face中#iefix的详解
- React Native移植到原生Android项目
- node中的Stream-Readable和Writeable解读
- js时间日期转时间戳
- AngularJs开发——控制器间的通信
- jQuery的deferred对象详解
- Angular2入门——(3)模板的逻辑控制