原帖由 newcentury 于 2009-3-3 21:42 发表 
?
.Upack:0040A8F0 push ebx
.Upack:0040A8F1 push esi
.Upack:0040A8F2 add esp, 0FFFFFE00h
.Upack:0040A8F8 xor esi, esi
.Upack:0040A8FA push 0 ; uCmd
.Upack:0040A8FC call j_GetForegroundWindow
.Upack:0040A8FC
.Upack:0040A901 push eax ; hWnd
.Upack:0040A902 call j_GetWindow
.Upack:0040A902
.Upack:0040A907 mov ebx, eax
.Upack:0040A909 test ebx, ebx
.Upack:0040A90B jz short return
.Upack:0040A90B
.Upack:0040A90D
.Upack:0040A90D loc_40A90D: ; CODE XREF: Find_AfxMDIFrame_WND+9A�j
.Upack:0040A90D push 0FEh ; nMaxCount
.Upack:0040A912 lea eax, [esp+20Ch+ClassName]
.Upack:0040A916 push eax ; lpClassName
.Upack:0040A917 push ebx ; hWnd
.Upack:0040A918 call j_GetClassNameA
.Upack:0040A918
.Upack:0040A91D push 0FEh ; nMaxCount
.Upack:0040A922 lea eax, [esp+20Ch+String]
.Upack:0040A929 push eax ; lpString
.Upack:0040A92A push ebx ; hWnd
.Upack:0040A92B call j_GetWindowTextA
.Upack:0040A92B
.Upack:0040A930 push 0 ; lpszWindow
.Upack:0040A932 push offset szClass ; "AfxMDIFrame42s"
.Upack:0040A937 push 0 ; hWndChildAfter
.Upack:0040A939 push ebx ; hWndParent
.Upack:0040A93A call j_FindWindowExA
.Upack:0040A93A
.Upack:0040A93F test eax, eax
.Upack:0040A941 jz short loc_40A97E
.Upack:0040A941
.Upack:0040A943 push 0 ; lpszWindow
.Upack:0040A945 push offset szClass ; "AfxMDIFrame42s"
.Upack:0040A94A push 0 ; hWndChildAfter
.Upack:0040A94C push eax ; hWndParent
.Upack:0040A94D call j_FindWindowExA
.Upack:0040A94D
.Upack:0040A952 test eax, eax
.Upack:0040A954 jz short loc_40A97E
.Upack:0040A954
.Upack:0040A956 push 0 ; lpszWindow
.Upack:0040A958 push offset s__Static ; "Static"
.Upack:0040A95D push 0 ; hWndChildAfter
.Upack:0040A95F push eax ; hWndParent
.Upack:0040A960 call j_FindWindowExA
.Upack:0040A960
.Upack:0040A965 test eax, eax
.Upack:0040A967 jz short loc_40A97E
.Upack:0040A967
.Upack:0040A969 push 0 ; lpszWindow
.Upack:0040A96B push offset s__Button ; "Button"
.Upack:0040A970 push 0 ; hWndChildAfter
.Upack:0040A972 push eax ; hWndParent
.Upack:0040A973 call j_FindWindowExA
.Upack:0040A973
.Upack:0040A978 test eax, eax
.Upack:0040A97A jz short loc_40A97E
.Upack:0040A97A
.Upack:0040A97C mov esi, ebx
.Upack:0040A97C
.Upack:0040A97E
.Upack:0040A97E loc_40A97E: ; CODE XREF: Find_AfxMDIFrame_WND+51�j
.Upack:0040A97E ; Find_AfxMDIFrame_WND+64�j
.Upack:0040A97E ; Find_AfxMDIFrame_WND+77�j
.Upack:0040A97E ; Find_AfxMDIFrame_WND+8A�j
.Upack:0040A97E push 2 ; uCmd
.Upack:0040A980 push ebx ; hWnd
.Upack:0040A981 call j_GetWindow
.Upack:0040A981
.Upack:0040A986 mov ebx, eax
.Upack:0040A988 test ebx, ebx
.Upack:0040A98A jnz short loc_40A90D
.Upack:0040A98A
.Upack:0040A98C
.Upack:0040A98C return: ; CODE XREF: Find_AfxMDIFrame_WND+1B�j
.Upack:0040A98C mov eax, esi
.Upack:0040A98E add esp, 200h
.Upack:0040A994 pop esi
.Upack:0040A995 pop ebx
.Upack:0040A996 retn
找冰刃的相关代码
proc near ; CODE XREF: sub_40C160+69�p
.Upack:0040A9B8 push ebx
.Upack:0040A9B9 push esi
.Upack:0040A9BA push edi
.Upack:0040A9BB mov esi, eax
.Upack:0040A9BD xor ebx, ebx
.Upack:0040A9BF test esi, esi
.Upack:0040A9C1 jz short loc_40A9DE
.Upack:0040A9C1
.Upack:0040A9C3 push 0 ; nCmdShow
.Upack:0040A9C5 push esi ; hWnd
.Upack:0040A9C6 call j_ShowWindow
.Upack:0040A9C6
.Upack:0040A9CB xor edi, edi
.Upack:0040A9CB
.Upack:0040A9CD
.Upack:0040A9CD loc_40A9CD: ; CODE XREF: Hid_WND+24�j
.Upack:0040A9CD push 0 ; lParam
.Upack:0040A9CF push 0 ; wParam
.Upack:0040A9D1 push edi ; Msg
.Upack:0040A9D2 push esi ; hWnd
.Upack:0040A9D3 call j_PostMessageA
.Upack:0040A9D3
.Upack:0040A9D8 inc edi
.Upack:0040A9D9 cmp edi, 64h
.Upack:0040A9DC jnz short loc_40A9CD
.Upack:0040A9DC
.Upack:0040A9DE
.Upack:0040A9DE loc_40A9DE: ; CODE XREF: Hid_WND+9�j
.Upack:0040A9DE mov eax, ebx
.Upack:0040A9E0 pop edi
.Upack:0040A9E1 pop esi
.Upack:0040A9E2 pop ebx
.Upack:0040A9E3 retn
.Upack:0040A9E3
然后应该是这样干掉冰刃的
先 使得其窗口 隐藏 然后发送WM_NULL消息100次
........... |
楼主: tawny2008
发表于 2009-4-5 00:33:10
楼主
哈哈....
而且编写脚本时比较麻烦啊
