给dUP2做手术
2016-06-25 08:18
441 查看
0105D6EA . 6A 03 PUSH 0x3 ; /IsShown = 0x3
0105D6EC . 6A 00 PUSH 0x0 ; |DefDir = NULL
0105D6EE . 6A 00 PUSH 0x0 ; |Parameters = NULL
0105D6F0 . 68 AC040B01 PUSH dup2_exe.010B04AC ; |http://t.cn/R5WwtIS
0105D6F5 . 68 A4040B01 PUSH dup2_exe.010B04A4 ; |open
0105D6FA . 6A 00 PUSH 0x0 ; |hWnd = NULL
0105D6FC . E8 B7CE0000 CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
00503E14 . 6A 01 PUSH 0x1 ; /IsShown = 0x1
00503E16 . 6A 00 PUSH 0x0 ; |DefDir = NULL
00503E18 . 6A 00 PUSH 0x0 ; |Parameters = NULL
00503E1A . 68 2C3E5000 PUSH AT4REPat.00503E2C ; |http://www.at4re.com/f/showthread.php?11345-AT4RE-Patcher&goto=newpost
00503E1F . 68 743E5000 PUSH AT4REPat.00503E74 ; |open
00503E24 . 6A 00 PUSH 0x0 ; |hWnd = NULL
00503E26 . E8 5181F3FF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
00503E2B . C3 RETN
00503E2C . 68 74 74 70 3>ASCII "http://www.at4re"
00503E3C . 2E 63 6F 6D 2>ASCII ".com/f/showthrea"
00503E4C . 64 2E 70 68 7>ASCII "d.php?11345-AT4R"
00503E5C . 45 2D 50 61 7>ASCII "E-Patcher&goto=n"
00503E6C . 65 77 70 6F 7>ASCII "ewpost",0
00503E73 00 DB 00
00503E74 . 6F 70 65 6E 0>ASCII "open",0
004F0384=AT4REPat.004F0384 (ASCII "Successfully Patched :)")
直接call上nop没作用
发现两处Successfully Patched :)字串
004EFD28 . 53 75 63 63 6>ASCII "Successfully Pat"
004EFD38 . 63 68 65 64 2>ASCII "ched :)",0
004F0020 . 53 75 63 63 6>ASCII "Successfully Pat"
004F0030 . 63 68 65 64 2>ASCII "ched :)",0 结果发现,实际是1处,修改后仍然不起作用。
===================
00419CDD |. E8 D68CFEFF CALL IDM_6_25.004029B8
0041BE3B
0105D6EC . 6A 00 PUSH 0x0 ; |DefDir = NULL
0105D6EE . 6A 00 PUSH 0x0 ; |Parameters = NULL
0105D6F0 . 68 AC040B01 PUSH dup2_exe.010B04AC ; |http://t.cn/R5WwtIS
0105D6F5 . 68 A4040B01 PUSH dup2_exe.010B04A4 ; |open
0105D6FA . 6A 00 PUSH 0x0 ; |hWnd = NULL
0105D6FC . E8 B7CE0000 CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
00503E14 . 6A 01 PUSH 0x1 ; /IsShown = 0x1
00503E16 . 6A 00 PUSH 0x0 ; |DefDir = NULL
00503E18 . 6A 00 PUSH 0x0 ; |Parameters = NULL
00503E1A . 68 2C3E5000 PUSH AT4REPat.00503E2C ; |http://www.at4re.com/f/showthread.php?11345-AT4RE-Patcher&goto=newpost
00503E1F . 68 743E5000 PUSH AT4REPat.00503E74 ; |open
00503E24 . 6A 00 PUSH 0x0 ; |hWnd = NULL
00503E26 . E8 5181F3FF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
00503E2B . C3 RETN
00503E2C . 68 74 74 70 3>ASCII "http://www.at4re"
00503E3C . 2E 63 6F 6D 2>ASCII ".com/f/showthrea"
00503E4C . 64 2E 70 68 7>ASCII "d.php?11345-AT4R"
00503E5C . 45 2D 50 61 7>ASCII "E-Patcher&goto=n"
00503E6C . 65 77 70 6F 7>ASCII "ewpost",0
00503E73 00 DB 00
00503E74 . 6F 70 65 6E 0>ASCII "open",0
004F0384=AT4REPat.004F0384 (ASCII "Successfully Patched :)")
直接call上nop没作用
发现两处Successfully Patched :)字串
004EFD28 . 53 75 63 63 6>ASCII "Successfully Pat"
004EFD38 . 63 68 65 64 2>ASCII "ched :)",0
004F0020 . 53 75 63 63 6>ASCII "Successfully Pat"
004F0030 . 63 68 65 64 2>ASCII "ched :)",0 结果发现,实际是1处,修改后仍然不起作用。
===================
00419CDD |. E8 D68CFEFF CALL IDM_6_25.004029B8
0041BE3B
相关文章推荐
- Java千百问_08JDK详解(010)_java、javaw、javaws有什么区别
- 使用JMeter进行负载测试——终极指南
- MySQL与PostgreSQL:该选择哪个开源数据库?哪一个更好?
- Kakfa揭秘 Day2 Kafka内核再揭秘
- 基于Hadoop生态圈的数据仓库实践 —— 概述(二)
- [bzoj1787][Ahoi2008]Meet 紧急集合&&[bzoj1832][AHOI2008]聚会
- Android IntentUtil跳转工具类
- grub2
- WINDOWS下PhoneGap(Cordova)安装笔记
- ubuntu 16 默认启动进入 字符界面
- 微信图片反防盗链的方法
- SVN合并branch注意事项
- Asp.NET的Trace追踪
- Apache Thrift设计概要
- osgi + felix example2编写
- 勾股定理一日一证连载33
- GZIP、LZO、Zippy/Snappy常用压缩算法
- C#Winformd读取excel文件数据转化为DataTable
- tcp知识点汇总
- Qt中emit的作用