WEB开发网
开发学院网络安全黑客技术 regetjr去除广告条 阅读

regetjr去除广告条

 2007-01-12 20:12:18 来源:WEB开发网   
核心提示:目标:regetrj组织:CCG,FCG作者: BlueBoy软件说明:用于下载,FCG的Test,去除它的广告条工具:soft-ice,wasm,UltraEdit打开systemcd_clint.dll反汇编,导入函数发现只有一处调用GDI32.CreateCompatibleDC* Referenced by a

目标:regetrj

组织:CCG,FCG

作者: BlueBoy

软件说明:用于下载,FCG的Test,去除它的广告条

工具:soft-ice,wasm,UltraEdit

打开systemcd_clint.dll反汇编,导入函数发现只有一处调用GDI32.CreateCompatibleDC

* Referenced by a CALL at Address:
|:10012860
:10012356 56 push esi
:10012357 8BF1 mov esi, ecx
:10012359 FF760C push [esi+0C]
* Reference To: USER32.GetDC, Ord:00FDh
|
:1001235C FF15DC820310 Call dword ptr [100382DC]
:10012362 50 push eax
:10012363 898654010000 mov dword ptr [esi+00000154], eax
* Reference To: GDI32.CreateCompatibleDC, Ord:002Ah《-----此处调用
|
:10012369 FF1540800310 Call dword ptr [10038040]
:1001236F 8B0E mov ecx, dword ptr [esi]
:10012371 898658010000 mov dword ptr [esi+00000158], eax
:10012377 85C9 test ecx, ecx
:10012379 7422 je 1001239D
:1001237B E893050000 call 10012913
:10012380 85C0 test eax, eax
:10012382 894614 mov dword ptr [esi+14], eax
:10012385 743B je 100123C2
:10012387 8B0E mov ecx, dword ptr [esi]
:10012389 E8270B0000 call 10012EB5
:1001238E 663D0100 cmp ax, 0001
:10012392 0F9FC0 setg al
:10012395 88868E010000 mov byte ptr [esi+0000018E], al
:1001239B EB07 jmp 100123A4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10012379(C)
|
:1001239D 80A68E01000000 and byte ptr [esi+0000018E], 00
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1001239B(U)
|
:100123A4 80BE8E01000000 cmp byte ptr [esi+0000018E], 00
:100123AB 752E jne 100123DB
:100123AD 8B0E mov ecx, dword ptr [esi]
:100123AF 85C9 test ecx, ecx
:100123B1 7413 je 100123C6
:100123B3 8D4618 lea eax, dword ptr [esi+18]
:100123B6 6A00 push 00000000
:100123B8 50 push eax
:100123B9 E85D060000 call 10012A1B
:100123BE 84C0 test al, al
:100123C0 7504 jne 100123C6
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10012385(C)
|
:100123C2 32C0 xor al, al
:100123C4 5E pop esi
:100123C5 C3 ret

向上看在程序是由10012860这里调用,所以在此子程序的第一句下断点,并动态改变为ret 发现程序的广告条没有了,但是在鼠标点击的时候仍能连接到该程序的站点,从编程的角度来讲该区域为一个窗口所以用Createwindowex下断点,重新运行程序发现共有四处调用在第四处向上找

1 2  下一页

Tags:regetjr 去除 广告

编辑录入:爽爽 [复制链接] [打 印]
赞助商链接