idm
下载了一个最新的IDM 6.4.11.2汇编了下调到年底也没退出 - 『水漫金山』 - 吾爱破解 - LCG - LSG |安卓破解|病毒分析|www.52pojie.cn
0051F135 | E8 FE300D00 | call idman.5F2238 |
0051F13A | 85C0 | test eax,eax |
0051F13C | 75 3E | jne idman.51F17C |
0051F13A | 85C0 | test eax,eax |
0051F13C | 75 3E | jne idman.51F17C |
0051F13E | 50 | push eax |
0051F13F | 68 885D6700 | push idman.675D88 | 675D88:"Internet Download Manager"
0051F144 | 8B0D DCBD7500 | mov ecx,dword ptr ds:[75BDDC] | 名称1
0051F14A | 51 | push ecx |
0051F2C5 | 75 F9 | jne idman.51F2C0 |
0051F2C7 | 2BC2 | sub eax,edx | edx:"2345678"
0051F2C9 | 83F8 17 | cmp eax,17 |
0051F2CC | 0F85 F4000000 | jne idman.51F3C6 |
0051F2D2 | 32DB | xor bl,bl |
0051F2D4 | B0 2D | mov al,2D | 2D:'-'
0051F2D6 | 3885 A9010000 | cmp byte ptr ss:[ebp+1A9],al |
0051F3C0 | 75 04 | jne idman.51F3C6 |
0051F3C2 | 84DB | test bl,bl |
0051F3C4 | EB 16 | jmp idman.51F3DC |
0051F3C6 | 6A 00 | push 0 |
0051F3C8 | 68 885D6700 | push idman.675D88 | 675D88:"Internet Download Manager"
0051F3CD | A1 ECBD7500 | mov eax,dword ptr ds:[75BDEC] | 序列号2
0051F3D2 | 50 | push eax |
0051F3D3 | 8B4F 20 | mov ecx,dword ptr ds:[edi+20] |
0051F464 | 2BD0 | sub edx,eax |
0051F466 | 90 | nop |
0051F467 | 90 | nop |
0051F468 | 90 | nop |
0051F469 | 90 | nop |
0051F46A | 90 | nop |
0051F46B | 90 | nop |
0051F46C | 85C9 | test ecx,ecx |
0051F46E | 90 | nop |
0051F46F | 90 | nop |
0051F470 | 90 | nop |
0051F471 | 90 | nop |
0051F472 | 90 | nop |
0051F473 | 90 | nop |
0051F474 | 84DB | test bl,bl |
0051F476 | 90 | nop |
0051F477 | 90 | nop |
0051F478 | 90 | nop |
0051F479 | 90 | nop |
0051F47A | 90 | nop |
0051F47B | 90 | nop |
0051F47C | 6A 08 | push 8 |
52
0079552B call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007956F4 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 00795A77 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0079E3D7 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0079F0FA call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007AA610 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007AA6B1 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007AA6E7 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007AA705 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007AA723 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007AA8DE call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007AC674 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007AC83E call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007AC867 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007AC8BA call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007AD266 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007AFDCF call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B1B93 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B1CD9 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B28A3 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B2987 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B3655 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B3FCA call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B46A2 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B51A2 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B5212 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B5309 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B53F4 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B5420 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B5637 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007B565B call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007C604B mov edi,dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007C7B47 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F3CA4 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F3D81 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F3E0E call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F3E50 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F3EBC call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F3F43 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F3F77 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F3F9E call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F40A5 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F40F0 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F411E call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4149 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4170 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4197 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F41BE mov edi,dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F41EE call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F42A7 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F42DE call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F468C call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F46D0 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4721 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F476A call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F47A4 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F48B3 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F496A call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4B0A call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4BD5 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4C9A call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4CDE call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4D1A call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4D45 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4D66 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4DB6 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4E12 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4E23 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4E67 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 007F4E9D call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 00811FF0 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 00812010 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 008120DB call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 008170C6 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0081ABC0 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0081AC02 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0082C9F6 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 00850741 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 008507C3 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 00850830 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 00854038 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 008547CE call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 008547EA call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 00873510 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0088219E call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 008822B9 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0088AC63 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0089BD70 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0089C1B0 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0089D50B call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0089D53F call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0089D5B5 mov edi,dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0089E3BA call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0089E504 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 008AA05E call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 008B1A2E call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 008B64E6 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 008B90F5 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 008B9A4A call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 008C18B6 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0097437F mov edi,dword ptr ds:[<&KillTimer>] <user32.KillTimer> 00974479 mov ebx,dword ptr ds:[<&KillTimer>] <user32.KillTimer> 00974EFD call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 009750E1 call dword ptr ds:[<&KillTimer>] <user32.KillTimer> 0096C75D | FF15 2C469E00 | call dword ptr ds:[<&GetMessageA>] MData Model Therad 把这里NOP了,能过掉一部分! 0130CB19 | 8B7D 08 | mov edi,dword ptr ss:[ebp+8] | edi:EntryPoint 0130CB1C | 8B75 EC | mov esi,dword ptr ss:[ebp-14] | esi:EntryPoint 0130CB1F | FF77 10 | push dword ptr ds:[edi+10] | edi+10:sub_1335BF8+6 0130CB22 | 8B5F 14 | mov ebx,dword ptr ds:[edi+14] | edi+14:sub_1335BF8+A 0130CB25 | FF15 C4433801 | call dword ptr ds:[<&SetEvent>] | 0130CB2B | 6A FF | push FFFFFFFF | 0130CB2D | 53 | push ebx | 0130CB2E | FF15 A8443801 | call dword ptr ds:[<&WaitForSingleObject> | 0130CB34 | 53 | push ebx | 0130CB35 | FF15 B0443801 | call dword ptr ds:[<&CloseHandle>] | 0130CB3B | 8B46 38 | mov eax,dword ptr ds:[esi+38] | esi+38:sub_1335BF8+2E 0130CB3E | 85C0 | test eax,eax | 0130CB40 | 74 08 | je p2.130CB4A | 0130CB42 | FF76 34 | push dword ptr ds:[esi+34] | esi+34:sub_1335BF8+2A 0130CB45 | FFD0 | call eax | 0130CB47 | 59 | pop ecx | ecx:EntryPoint 0130CB48 | EB 17 | jmp p2.130CB61 | 0130CB4A | 8B06 | mov eax,dword ptr ds:[esi] | esi:EntryPoint 0130CB4C | 8BCE | mov ecx,esi | ecx:EntryPoint, esi:EntryPoint 0130CB4E | FF50 50 | call dword ptr ds:[eax+50] | 0130CB51 | 85C0 | test eax,eax | 0130CB53 | 8B06 | mov eax,dword ptr ds:[esi] | esi:EntryPoint 0130CB55 | 8BCE | mov ecx,esi | ecx:EntryPoint, esi:EntryPoint 0130CB57 | 75 05 | jne p2.130CB5E | 0130CB59 | FF50 68 | call dword ptr ds:[eax+68] | 0130CB5C | EB 03 | jmp p2.130CB61 | 0130CB5E | FF50 54 | call dword ptr ds:[eax+54] | 0130CB61 | 8D4D 98 | lea ecx,dword ptr ss:[ebp-68] | ecx:EntryPoint 0130CB64 | 8BF0 | mov esi,eax | esi:EntryPoint 0130CB66 | E8 2D96FFFF | call <p2.sub_1306198> | 0130CB6B | 6A 01 | push 1 | 0130CB6D | 56 | push esi | esi:EntryPoint 0130CB6E | E8 BAFAFFFF | call <p2.sub_130C62D> | 把这里NOP了,能过掉一部分! 0130CB73 | 834D FC FF | or dword ptr ss:[ebp-4],FFFFFFFF | 0130CB77 | 8D4D 98 | lea ecx,dword ptr ss:[ebp-68] | ecx:EntryPoint 0130CB7A | E8 E69EFFFF | call <p2.sub_1306A65> | 0130CB7F | 33C0 | xor eax,eax | 0130CB81 | E8 4A910200 | call <p2.sub_1335CD0> | 0130CB86 | C2 0400 | ret 4 | 008C1652 | 0F87 2F040000 | ja p6.8C1A87 | 008C1658 | FF2485 70208C00 | jmp dword ptr ds:[eax*4+8C2070] | [eax*4+8C2070]:"h0" 008C165F | 89BD 18FFFFFF | mov dword ptr ss:[ebp-E8],edi | 008C1665 | 8D45 94 | lea eax,dword ptr ss:[ebp-6C] | 008C1668 | 50 | push eax | 008C1669 | 6A 01 | push 1 | 008C166B | 53 | push ebx | 008C166C | 68 2807AF00 | push p6.AF0728 | AF0728:"CLSID\\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\\InProcServer32" 008C1671 | 68 00000080 | push 80000000 | 008C1676 | FF15 9840AE00 | call dword ptr ds:[<&RegOpenKeyExA>] | 008C167C | 85C0 | test eax,eax | 008C167E | 0F85 FB000000 | jne p6.8C177F | 008C1684 | C785 60FFFFFF 08020000 | mov dword ptr ss:[ebp-A0],208 | 008C168E | 8D8D 60FFFFFF | lea ecx,dword ptr ss:[ebp-A0] | 008C1694 | 51 | push ecx | 008C1695 | 8D95 101D0000 | lea edx,dword ptr ss:[ebp+1D10] | 008C169B | 52 | push edx | edx:"Internet Download Manager has been registered with a counterfeit Serial Number or the Serial Number has been blocked. IDM is exiting..." 008C169C | 53 | push ebx | 008C169D | 53 | push ebx | 008C169E | 53 | push ebx | 008C169F | 8B45 94 | mov eax,dword ptr ss:[ebp-6C] | 008C16A2 | 50 | push eax | 008C16A3 | FF15 7840AE00 | call dword ptr ds:[<&RegQueryValueExW>] | 这玩意感觉1字节爆破都能触发暗桩。。。 一个玩笑注册。。退出。。。 内部用了太多的。。。 譬如网络检测。。 譬如CloseHand 数字签名有没有? 为啥和微软商店有一腿? 玩笑注册码搞不彻底。。。但修改后死活不会退出了。 NeedChAfRb scansk 007FDA04 7624AF34 返回到 windows.storage.7624AF34 自 ??? 011A161B | 68 2C143901 | push p2.139142C | 139142C:"506938841" 这些都是啥? 解释下吧? 008BFF0A | 8B15 24B9BC00 | mov edx,dword ptr ds:[BCB924] | 00BCB924:&"58BE20ast4si5ls2D13" 008BFF10 | 8BC2 | mov eax,edx | 008BFF12 | 8D70 01 | lea esi,dword ptr ds:[eax+1] | 008BFF15 | 8A08 | mov cl,byte ptr ds:[eax] | 008BFF17 | 40 | inc eax | 008BFF18 | 84C9 | test cl,cl | 008BFF1A | 75 F9 | jne p6.8BFF15 | 008BFF1C | 2BC6 | sub eax,esi | 008BFF1E | 50 | push eax | 008BFF1F | 52 | push edx | 008BFF20 | 68 00010000 | push 100 | 008BFF25 | 8D95 AC020000 | lea edx,dword ptr ss:[ebp+2AC] | 008BFF2B | 52 | push edx | 008BFF2C | 8D4D E8 | lea ecx,dword ptr ss:[ebp-18] | 008BFF2F | E8 AC88FFFF | call <p6.sub_8B87E0> | 008BFF34 | 391D 2CFDBB00 | cmp dword ptr ds:[BBFD2C],ebx | 008BFF3A | 74 63 | je p6.8BFF9F | 008BFF3C | 8B45 EC | mov eax,dword ptr ss:[ebp-14] | 008BFF3F | 50 | push eax | 008BFF40 | FF15 4840AE00 | call dword ptr ds:[<&RegCloseKey>] | 008BFF46 | 8D8D AC020000 | lea ecx,dword ptr ss:[ebp+2AC] | 008BFF4C | A1 58C5BC00 | mov eax,dword ptr ds:[BCC558] | 00BCC558:&"poYUOI6j769J25hn^*7j5n&*erh5"
浙公网安备 33010602011771号