又是那个杀硬盘的
- 文本字串参考位于 KDH:.data
- 地址 反汇编 文本字串
- 004010A0 ASCII "Shit",0
- 004010A8 ASCII "Man~",0
- 004010B0 ASCII "Your luck's so g"
- 004010C0 ASCII "ood !",0
- 004010C8 ASCII "\\.\PHYSICALDRIV"
- 004010D8 ASCII "E0",0
- 004010DC ASCII "Everyone",0
- 004010E8 ASCII "MACHINE\SYSTEM\C"
- 004010F8 ASCII "urrentControlSet"
- 00401108 ASCII "\Control\Nls\Lan"
- 00401118 ASCII "guage",0
- 00401120 ASCII "0404",0
- 00401128 ASCII "0c04",0
- 00401130 ASCII "0411",0
- 00401138 ASCII "0421",0
- 00401140 ASCII "0804",0
- 00401148 ASCII "InstallLanguage",0
- 00401158 ASCII "SYSTEM\CurrentCo"
- 00401168 ASCII "ntrolSet\Control"
- 00401178 ASCII "\Nls\Language",0
- 00401238 ASCII "!!",0
- 00401278 PUSH KDH.004010C8 ASCII "\\.\PHYSICALDRIVE0"
- 0040129A MOV EDI,KDH.004010B0 ASCII "Your luck's so good !"
- 0040129F PUSH KDH.004010A8 ASCII "Man~"
- 004012AD MOV EDI,KDH.004010B0 ASCII "Your luck's so good !"
- 00401306 PUSH KDH.004010A8 ASCII "Man~"
- 0040133B PUSH KDH.004010A8 ASCII "Man~"
- 004013CF PUSH KDH.004010C8 ASCII "\\.\PHYSICALDRIVE0"
- 004013E3 PUSH KDH.004010A8 ASCII "Man~"
- 004013E8 PUSH KDH.004010B0 ASCII "Your luck's so good !"
- 00401430 PUSH KDH.004010A0 ASCII "Shit"
- 00401435 PUSH KDH.004010B0 ASCII "Your luck's so good !"
- 004014A8 MOV EBX,KDH.004010E8 ASCII "MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language"
- 004014BB PUSH KDH.004010A0 ASCII "Shit"
- 004014C0 PUSH KDH.004010B0 ASCII "Your luck's so good !"
- 004014E9 PUSH KDH.004010DC ASCII "Everyone"
- 0040157B PUSH KDH.00401158 ASCII "SYSTEM\CurrentControlSet\Control\Nls\Language"
- 0040159F PUSH KDH.00401148 ASCII "InstallLanguage"
- 004015C3 PUSH KDH.00401140 ASCII "0804"
- 004015D9 PUSH KDH.00401138 ASCII "0421"
- 004015EF PUSH KDH.00401130 ASCII "0411"
- 00401605 PUSH KDH.00401128 ASCII "0c04"
- 0040161C PUSH KDH.00401120 ASCII "0404"
- 00401645 PUSH KDH.004010A0 ASCII "Shit"
- 0040164A PUSH KDH.004010B0 ASCII "Your luck's so good !"
- 00401692 PUSH EBP (初始 CPU 选择)
- 004017B3 PUSH 10000 UNICODE "=::=::"
- 004018EA ASCII "WriteFile",0
- 004018F6 ASCII "CloseHandle",0
- 00401904 ASCII "ReadFile",0
- 00401910 ASCII "HeapAlloc",0
- 0040191C ASCII "GetProcessHeap",0
- 0040192E ASCII "DeviceIoControl",0
- 00401940 ASCII "ExitProcess",0
- 0040194E ASCII "CreateFileA",0
- 0040195C ASCII "LocalFree",0
- 00401968 ASCII "lstrcmpA",0
- 00401972 ASCII "KERNEL32.dll",0
- 00401982 ASCII "MessageBoxA",0
- 0040198E ASCII "USER32.dll",0
- 0040199C ASCII "SetNamedSecurity"
- 004019AC ASCII "InfoA",0
- 004019B4 ASCII "BuildExplicitAcc"
- 004019C4 ASCII "essWithNameA",0
- 004019D4 ASCII "GetNamedSecurity"
- 004019E4 ASCII "InfoA",0
- 004019EC ASCII "SetEntriesInAclA"
- 004019FC ASCII 0
- 00401A00 ASCII "RegCloseKey",0
- 00401A0E ASCII "RegQueryValueExA"
- 00401A1E ASCII 0
- 00401A22 ASCII "RegOpenKeyExA",0
- 00401A30 ASCII "ADVAPI32.dll",0
- 00401A40 ASCII "_exit",0
- 00401A48 ASCII "_XcptFilter",0
- 00401A56 ASCII "exit",0
- 00401A5E ASCII "__p___initenv",0
- 00401A6E ASCII "__getmainargs",0
- 00401A7E ASCII "_initterm",0
- 00401A8A ASCII "__setusermatherr"
- 00401A9A ASCII 0
- 00401A9E ASCII "_adjust_fdiv",0
- 00401AAE ASCII "__p__commode",0
- 00401ABE ASCII "__p__fmode",0
- 00401ACC ASCII "__set_app_type",0
- 00401ADE ASCII "_except_handler3"
- 00401AEE ASCII 0
- 00401AF0 ASCII "MSVCRT.dll",0
- 00401AFE POP EDI
-
|
[复制链接]
发表于 2007-10-5 17:00:41
懂逆向工程的 好好享受吧
发表于 2007-10-5 17:04:07
