Ultra String Reference
Address Disassembly Text String
003C1042 push 003D318C %02x
003C1519 push 003D31A0 http://209.11.244.51/p.php?n=m
003C151E push 003D319C gethttp://209.11.244.51/p.php?n=m
003C1536 push 003D3194 http://gethttp://209.11.244.51/p.php?n=m
003C166E mov dword ptr [ebp-74], 003D6061 茅@山@道@士
003C169A push 003D6061 茅@山@道@士
003C173C push 003D31C0 %u
003C17CB mov dword ptr [ebp-40C], 003D3268 <([a-z_]+)>(?*)</([a-z_]+)>post
003C191D push 003D3260 session<([a-z_]+)>(?*)</([a-z_]+)>post
003C19C6 push 003D3258 step
003C19EF push 003D3250 closed
003C1A13 push 003D3248 online
003C1A50 push 003D3244 msgonline
003C1AA3 push 003D323C admsg
003C1B65 push 003D3234 tips
003C1C21 push 003D322C state
003C1C9C push 003D321C %d|%d|%d|%d|%d
003C1D2A push 003D31FC 到期时间:%04d%02d%02d %02d:%02d%d|%d|%d|%d|%d
003C1D6F push 003D31F4 gdata
003C1E13 push 003D31E8 bindback
003C1E57 push 003D31D8 %s\改绑密码.txtbindback
003C1E6B push 003D31D4 w
003C1E95 push 003D31C4 改绑密码: %s
003C1F79 push 003D328C src=%d&password=%s
003C202E push 003D3284 post
003C2141 push 003D32B0 expand=%u&id=%s&version=%u
003C217B push 003D32A0 &code=%s&key=%sexpand=%u&id=%s&version=%u
003C21D3 push 003D3284 post
003C2425 mov dword ptr [ebp-4], 003D32CB %u,%s
003C24D0 push 003D32CC %u,%s
003C2A99 push 003D32E0 %d,%d
003C34AD mov eax, 003D32CB %u,%s
003C3525 push 003D32E8 %s [%s]%08x, number=%d
003C37AB push 003D3300 \dnf.exe
003C3805 push 003D33A8 wininet.dll/
003C3826 push 003D3398 internetopena
003C3843 push 003D3384 internetconnecta
003C3860 push 003D3370 httpopenrequesta
003C387D push 003D3358 httpaddrequestheadersa
003C389A push 003D3344 httpsendrequesta
003C38B7 push 003D3334 httpqueryinfoa
003C38D4 push 003D3320 internetreadfile
003C38F1 push 003D330C internetclosehandleinternetreadfile
003C3984 push 003D33C4 (![/]+.![/]+)
003C39A0 push 003D33C4 (![/]+.![/]+)
003C39D4 push 003D33B8 https://
003C39FF push 003D3194 http://gethttp://209.11.244.51/p.php?n=m
003C3BE8 push 003D3550 microsoft internet explorer密码
003C3C63 push 003D3400 accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\n\ncontent-language: zh-cn\n\ncontent-type: application/x-www-form-urlencoded\n ...
003C3E10 push 003D33F8 %s=
003C3E98 push 003D33E8 cookie: %s=%s
003C3EBB push 003D33E0 ; %s
003C3EE7 push 003D33D4 cookie: %s
003C44B2 push 003D3588 %s\ibm.txt
003C44CC push 003D31C0 %u
003C44EC push 003D3584 ***%s\ibm.txt
003C44F1 push 003D357C 卡号
003C44F6 push 003D3574 点卡
003C450F push 003D3584 ***%s\ibm.txt
003C4514 push 003D356C 密码
003C4519 push 003D3574 点卡
003C4AE3 push 003D3594 地下城与勇士
003C62B7 push 003D364C ntqueryinformationthread
003C62BC push 003D3640 ntdll.dll
003C7992 push 0C (initial cpu selection)
003C84F7 mov edi, 003D3934 unknown security failure detected!
003C84FC mov dword ptr [ebp-128], 003D3880 a security error of unknown cause has been detected which has\ncorrupted the program's internal state. the program cannot safely\ncontinue execution and must now be terminated.\n
003C850D mov edi, 003D3860 buffer overrun detected!
003C8512 mov dword ptr [ebp-128], 003D37C0 a buffer overrun has been detected which has corrupted the program's\ninternal state. the program cannot safely continue execution and must\nnow be terminated.\nbuffer overrun detected!
003C853B push 003D37A8 <program name unknown>
003C857C push 003D37A4 ...<program name unknown>
003C85AC mov edi, 003D37A0 \n\n
003C85B8 push 003D3794 program:
003C85E2 push 003D376C microsoft visual c++ runtime library
003C9BE2 push 003D39EC tz
003CB299 push 003D3A2C e+000
003CB59C push 003D3A6C kernel32
003CB5AB push 003D3A50 isprocessorfeaturepresent
003CC0A2 push 003D35EC kernel32.dll
003CC0B9 push 003D3B00 flsalloc
003CC0C1 push 003D3AF4 flsgetvalueflsalloc
003CC0CE push 003D3AE8 flssetvalueflsgetvalueflsalloc
003CC0DB push 003D3AE0 flsfreeflssetvalueflsgetvalueflsalloc
003CCC45 push 003D3CBC corexitprocess
003CD7BA push 003D37A8 <program name unknown>
003CD7ED push 003D37A4 ...<program name unknown>
003CD821 push 003D40B8 runtime error!\n\nprogram:
003CD833 push 003D37A0 \n\n
003CD84F push 003D376C microsoft visual c++ runtime library
003CDE18 push 003D4660 user32.dll
003CDE33 push 003D4654 messageboxauser32.dll
003CDE44 push 003D4644 getactivewindowmessageboxauser32.dll
003CDE4C push 003D4630 getlastactivepopup
003CDE67 push 003D4614 getuserobjectinformationa
003CDE78 push 003D45FC getprocesswindowstationgetuserobjectinformationa
003CE739 push 003D35EC kernel32.dll
003CE748 push 003D46C4 initializecriticalsectionandspincount
003D0FF6 push 003D48B4 1#snan
003D1010 push 003D48AC 1#ind
003D1021 push 003D48A4 1#inf
003D103E push 003D489C 1#qnan
003D9747 push 1001976B nstructor closure' |
楼主: uiw5r
发表于 2009-2-28 15:02:38
貌似又是盗号的?
发表于 2009-2-28 15:50:05
