regetjr去除广告条

　2007-01-12 20:12:18　来源：WEB开发网　　　

核心提示：目标：regetrj组织：CCG,FCG作者: BlueBoy软件说明：用于下载,FCG的Test,去除它的广告条工具：soft-ice,wasm,UltraEdit打开systemcd_clint.dll反汇编，导入函数发现只有一处调用GDI32.CreateCompatibleDC* Referenced by a

目标：regetrj

组织：CCG,FCG

作者: BlueBoy

软件说明：用于下载,FCG的Test,去除它的广告条

工具：soft-ice,wasm,UltraEdit

打开systemcd_clint.dll反汇编，导入函数发现只有一处调用GDI32.CreateCompatibleDC

* Referenced by a CALL at Address:
|:10012860
:10012356 56 push esi
:10012357 8BF1 mov esi, ecx
:10012359 FF760C push [esi+0C]
* Reference To: USER32.GetDC, Ord:00FDh
|
:1001235C FF15DC820310 Call dword ptr [100382DC]
:10012362 50 push eax
:10012363 898654010000 mov dword ptr [esi+00000154], eax
* Reference To: GDI32.CreateCompatibleDC, Ord:002Ah《-----此处调用
|
:10012369 FF1540800310 Call dword ptr [10038040]
:1001236F 8B0E mov ecx, dword ptr [esi]
:10012371 898658010000 mov dword ptr [esi+00000158], eax
:10012377 85C9 test ecx, ecx
:10012379 7422 je 1001239D
:1001237B E893050000 call 10012913
:10012380 85C0 test eax, eax
:10012382 894614 mov dword ptr [esi+14], eax
:10012385 743B je 100123C2
:10012387 8B0E mov ecx, dword ptr [esi]
:10012389 E8270B0000 call 10012EB5
:1001238E 663D0100 cmp ax, 0001
:10012392 0F9FC0 setg al
:10012395 88868E010000 mov byte ptr [esi+0000018E], al
:1001239B EB07 jmp 100123A4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10012379(C)
|
:1001239D 80A68E01000000 and byte ptr [esi+0000018E], 00
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1001239B(U)
|
:100123A4 80BE8E01000000 cmp byte ptr [esi+0000018E], 00
:100123AB 752E jne 100123DB
:100123AD 8B0E mov ecx, dword ptr [esi]
:100123AF 85C9 test ecx, ecx
:100123B1 7413 je 100123C6
:100123B3 8D4618 lea eax, dword ptr [esi+18]
:100123B6 6A00 push 00000000
:100123B8 50 push eax
:100123B9 E85D060000 call 10012A1B
:100123BE 84C0 test al, al
:100123C0 7504 jne 100123C6
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10012385(C)
|
:100123C2 32C0 xor al, al
:100123C4 5E pop esi
:100123C5 C3 ret