Ultra String Reference Plugin
Address Disassembly Text String
00401034 push 004100D0 \SFC_OS.DLL1
00401064 push 004100C4 \ime\1.dll
00401111 push 004100EC \SFC_OS.DLLLoadLibraryA
00401132 push 004100E0 \IME\1.DLL
004013CF push 004100F8 LoadLibraryA
004014CB push 004100F8 LoadLibraryA
004015C6 push 00410108 \%dwb
00401995 push 00410214 b.
004019CB push 0041010C wb
00401A3B push 0041020C open
00401A9F push 00410234 .scr
00401AFC push 0041020C open
00401B48 push 00410224 command.com /c .scr
00401B4F push 00410218 cmd.exe /c command.com /c .scr
00401BD0 push 0041023C SPIDLL
00401D40 push 004102B8 SOFTWARE\Microsoft\Windows\CurrentVersion\UninstallAhnLab SpyZero
00401E35 push 004102B0 %s\%s
00401E91 push 004102A4 DisplayName%s\%s
00401EB3 push 00410294 DisplayVersion
00401ECB push 00410290 (
00401EEF push 0041028C )
00401F0C push 0041027C 江民杀毒软件
00401F23 push 00410274 NOD32
00401F3A push 00410268 金山毒霸
00401F51 push 00410254 微点主动防御软件
00401F68 push 00410244 Avira AntiVir
00401FAE push 004102B8 SOFTWARE\Microsoft\Windows\CurrentVersion\UninstallAhnLab SpyZero
004020A3 push 004102B0 %s\%s
004020FF push 004102A4 DisplayName%s\%s
00402121 push 00410294 DisplayVersion
00402139 push 00410290 (
0040215D push 0041028C )
0040217A push 00410274 NOD32
00402195 push 00410340 卡巴斯基
004021B0 push 00410334 Kaspersky
004021CB push 0041032C Trend
004021E2 push 00410320 趋势科技
004021F9 push 00410314 熊猫卫士
00402210 push 0041030C Panda
00402227 push 004102FC 瑞星杀毒软件
0040223E push 004102EC AhnLab SpyZero
004023B8 push 00410364 PackFile error!WSCWriteProviderOrder Error: %d\n
00402462 push 00410358 ws2help.dllPackFile error!WSCWriteProviderOrder Error: %d\n
00402499 push 00410358 ws2help.dllPackFile error!WSCWriteProviderOrder Error: %d\n
0040258B push 0041034C netstat.exews2help.dllPackFile error!WSCWriteProviderOrder Error: %d\n
00402668 push 004103EC TCP FILTER
00402706 push 004103C4 WSCInstallProvider for chain Error: %d\nTCP FILTER
00402739 push 00410398 GlobalAlloc int installfilter Error: %d\n
004027F8 push 00410374 WSCWriteProviderOrder Error: %d\n
0040284D push 00410438 First WSCEnumProtocols Error!
00402865 push 00410424 GlobalAlloc Error!
00402880 push 00410404 Second WSCEnumProtocols Error!
004029BF push 00410458 WOODINI安装已经完成!
00402A91 push 004104D4 \
00402AAC push 004104D0 _@
00402AF5 push 004104B4 %s不是合法的Win32应用程序。_@
00402B04 push 00410498 %s文件已被破坏,请重新下载
00402B61 push 00410470 对指定设备、路径或文件的访问被拒绝。
00402BB5 push 00410460 安装已经完成!
00402C7E push 00410078 SYSTEM
00402C83 push 004104D8 mcshield.exe
00402D6D push 004104F8 kernel32.dll
00402D82 push 004104E8 Process32First
00402E47 push 004105A8 RegC:\Program Files\Common Files\
00402E68 push 00410570 OpenProcessError!please Look up your Privilege first!
00402E8F push 00410544 Sorry ,can't kill the process you want!OpenProcessError!please Look up your Privilege first!
00402EAB push 00410508 ProcID=%d, Now you can check if the process still exists!
00402FA1 mov edi, 00410128 SeSystemProfilePrivilege
00402FA1 mov edi, 00410128 SeTakeOwnershipPrivilege
00402FA1 mov edi, 00410128 SeSecurityPrivilege
00402FA1 mov edi, 00410128 SeBackupPrivilege
00402FA1 mov edi, 00410128 SeRestorePrivilege
00402FA1 mov edi, 00410128 SeMachineAccountPrivilege
00402FA1 mov edi, 00410128 SeChangeNotifyPrivilege
00402FA1 mov edi, 00410128 SeLoadDriverPrivilege
00403021 push 004102B8 SOFTWARE\Microsoft\Windows\CurrentVersion\UninstallAhnLab SpyZero
004030E8 push 004102B0 %s\%s
00403148 push 004102A4 DisplayName%s\%s
00403169 push 00410274 NOD32
0040322F push 004105CC htmlfile\shell\open\commandws2_42.dll
004032BE push 004105AC C:\Program Files\Common Files\
004032FB push 004105E8 ws2_42.dll
0040332D push 004105F4 ws2_42.dat
004033B6 push 00410604 IME\
004033CE push 00410600 68
004034F0 push 0041060C .rsrc
004038DB push 00410620 Update
0040392B push 00410274 NOD32
00403961 push 00410078 SYSTEM
00403966 push 004104D8 mcshield.exe
00403A13 push 00410618 hide
00403A34 push 00410614 -o
00403A6D push 0041020C open
00403ADE push 004100B0 SeDebugPrivilege
00403B8F push 00410628 :\
00403C49 push 004100A4 ntdll.dll
00403C50 push 0041073C psapi.dll
00403C73 push 00410088 NtQuerySystemInformation
00403C7D push 0041072C NtQueryObject
00403C8C push 0041071C EnumProcesses
00403C99 push 00410708 EnumProcessModules
00403CA6 push 004106F0 GetModuleFileNameExW
00403D08 push 004106D4 \winlogon.exe
00403E6C push 004106B8 Can not found winlogon.exe!\winlogon.exe
00403F72 mov dword ptr [esp], 00410694 WINDOWS\SYSTEM32
00403F8B push 00410674 WINNT\SYSTEM32
00404021 push 0041065C %s\trash%X
00404041 push 00410648 \sfc.dll
00404048 push 00410630 \sfc_os.dll
00404B00 push 00410748 UPX%d
00404C6C push 00410750 kernel32.dll
004075E6 push ebp (Initial CPU selection)
0040B0B7 push 0040E608 <program name unknown>
0040B0F9 push 0040E604 ...<program name unknown>
0040B10D push 0040E5E8 Runtime Error!\n\nProgram:
0040B12B push 0040E5E4 \n\n
0040B153 push 0040E5BC Microsoft Visual C++ Runtime Library
0040B5B4 push 0040E66C TZ
0040C1F9 push 0040E6A0 user32.dll
0040C210 push 0040E694 MessageBoxAuser32.dll
0040C221 push 0040E684 GetActiveWindowMessageBoxAuser32.dll
0040C229 push 0040E670 GetLastActivePopup
0041429D mov ecx, 100185A8 R6031\r\n- Attempt to initialize the CRT more than once.\nThis indicates a bug in your application.\r\n
004143CC mov ecx, 100185A8 R6031\r\n- Attempt to initialize the CRT more than once.\nThis indicates a bug in your application.\r\n
00414B10 push 100188BC \n
00414B1E push 100188E4 loaded\r\n
00415192 push 1001894C ram:
00415A3F mov ebx, 10018922 rogram name unknown>
00415A73 push 100188F8 t Visual C++ Runtime Library
00415A99 push 1001894C ram:
004164C0 push 10015450 E
004164D0 push 10015440 榀
0041770C mov ecx, 100185A8 R6031\r\n- Attempt to initialize the CRT more than once.\nThis indicates a bug in your application.\r\n
00417975 mov ecx, 100185A8 R6031\r\n- Attempt to initialize the CRT more than once.\nThis indicates a bug in your application.\r\n
004199D0 push 10018922 rogram name unknown>
004199E7 push 1001894C ram:
0041A9DD push 10015798 轾
0041ADF8 push 10018922 rogram name unknown>
0041AE0F push 1001894C ram:
0041B0F1 push 1001587C X
0041B92F push 100188BC \n
0041B9D5 push 100188BC \n
0041B9E3 mov ecx, 10018648 e heap\r\n
0041B9F4 push 100187B8 space for thread data\r\n\r\nThis application has requested the Runtime to terminate it in an unusual way.\nPlease contact the application's support team for more information.\r\n
0041BEAF mov ecx, 100185A8 R6031\r\n- Attempt to initialize the CRT more than once.\nThis indicates a bug in your application.\r\n
0041C496 push 10018922 rogram name unknown>
0041C4CF mov ecx, 10018648 e heap\r\n
0041C506 mov ebx, 10018678 initialization\r\n
0041C5F1 push 100188F8 t Visual C++ Runtime Library
0041C654 push 10018922 rogram name unknown>
0041C6E2 push 1001894C ram:
0041C7F1 push 100188F8 t Visual C++ Runtime Library
0041C82D mov edi, 10018922 rogram name unknown>
0041C84C push 1001894C ram:
0041C86D push 1001894C ram:
0041C881 push 10018922 rogram name unknown>
0041C88D push 1001894C ram:
0041CC9E mov ecx, 100185A8 R6031\r\n- Attempt to initialize the CRT more than once.\nThis indicates a bug in your application.\r\n
0041CCB7 mov eax, 10009ADD GetAsyncKeyState
0041CD12 mov ecx, 100185A8 R6031\r\n- Attempt to initialize the CRT more than once.\nThis indicates a bug in your application.\r\n
0041CE20 push 100188BC \n
0041D4D1 push 100187B8 space for thread data\r\n\r\nThis application has requested the Runtime to terminate it in an unusual way.\nPlease contact the application's support team for more information.\r\n
0041DCA3 mov ecx, 100185A8 R6031\r\n- Attempt to initialize the CRT more than once.\nThis indicates a bug in your application.\r\n
0041E0F4 push 10015E20 $
0041E87A mov esi, 100185A8 R6031\r\n- Attempt to initialize the CRT more than once.\nThis indicates a bug in your application.\r\n
0041EAD8 mov ecx, 100185A8 R6031\r\n- Attempt to initialize the CRT more than once.\nThis indicates a bug in your application.\r\n |
发表于 2009-4-4 19:10:08
发表于 2009-4-4 19:17:01
发表于 2009-4-4 19:23:54
