Èí¼þÃû³Æ£ºÉ¨ÃèÒÇÔľíϵͳV5.24
×÷Õߣºnahum
Email£ºnahum@163.com
ÏÂÔصØÖ·£ºhttp://www.skycn.com/soft/9446.html
Æƽ⹤¾ß£ºollydb,pescan£¬Regmon
ÆƽâÄѶȣºÒ»°ã
ÎÄÕ¼ò½é£º
±¾ÎÄÖ»ÊǶÔÕâÖÖÀàÐ͵ļÓÃÜ·½·¨½øÐÐÌÖÂÛ¡£²¢·ÇÓÃÓÚÉÌÒµÓÃ;¡£ÇëÈí¼þ×÷ÕßÔÁ¡£
¹¦Äܺͱ£»¤·½Ê½¼ò½é£º
ÖØÆðÑé֤ע²áºÅ£¨²»ÖªµÀÓ¦¸Ã½ÐÄÇÖÖ£¬Éú³ÉÒ»¸öINIµÄÎļþ°üº¬×¢²áÐÅÏ¢£©
Æƽâ·ÖÎö£º
ÏÂÔغó°²×°£¬Ò»ÇÐÕý³£¡£OK¡£ÔËÐÐGradeSheet¿´¿´ÏÈ¡£
»úÆ÷Â룺314408964
×¢²áÂ룺Ëæ±ãÌîд
µã×¢²á£¬ÌáʾÒѾдÈë×¢²áÐÅÏ¢£¬ÇëÖØÐÂÆô¶¯Èí¼þ£¬Èç²»³öÏÖ´Ë´°¿ÚÔò±íÃ÷×¢²á³É¹¦¡£
ºÃÁË£¬½øÐÐÏÂÒ»²½¡£ÓÃRegmon¿´¿´ÊÇ·ñÍù×¢²á±íÀï䶫Î÷£¬Ã»ÓУ¬ºöÈ»·¢ÏÖ·ÃÎÊWINDOWSĿ¼ÏÂGRADESHEET.INIÎļþ¡£
´ò¿ª¿´¿´ÄÚÈÝÈçÏ£º
[MyChoice]
Serial=314408964
information=Luo
JianDa at YunLong Senior High School of CiXi City ZheJiang Province China
LUOJZNB@ZJ165.COM
¿´À´SerialÊǹؼüÁË¡£½øÐÐÏÂÒ»²½¡£
¿´¿´ÊÇ·ñÓпǣ¬PESCANºÜºÃÓÃÓ´¡£ASPACK2.12ÍÑ¿ÇÍê±Ï¡£ÔËÐп´¿´ÊÇ·ñÓÐÎÊÌâ¡£ºÃ£¬Ã»ÓÐÎÊÌâÔËÐÐÕý³£¡£
¿ªÊÔÓÃOLLYDB¼ÓÔØÔËÐС£ËÑË÷Ìáʾ×Ö·û´®SerialµÄÕÒµ½Á½´¦£¬·Ö±ð϶ϵ㡣
ÆäÖÐÒ»´¦ÈçÏ£º
0040E77A
. 50 PUSH EAX
¡·¡·¶Ïµ½ÕâÀïµÄʱºòÕýÈ·µÄ×¢²áÂëÒѾ²úÉúÁË¡£
0040E77B . 51
PUSH ECX
0040E77C . 52
PUSH EDX
0040E77D . E8 7C060100 CALL
GRADESHE.0041EDFE
0040E782 . 50
PUSH EAX
0040E783 . 8D4C24 1C LEA ECX,DWORD
PTR SS:[ESP+1C]
0040E787 . C68424 D000000>MOV BYTE PTR
SS:[ESP+D0],4
0040E78F . E8 74050100 CALL
GRADESHE.0041ED08
0040E794 . 8D4C24 10 LEA
ECX,DWORD PTR SS:[ESP+10]
0040E798 . C68424 CC00000>MOV BYTE PTR
SS:[ESP+CC],3
0040E7A0 . E8 76040100 CALL
GRADESHE.0041EC1B
0040E7A5 . E8 35D70100 CALL
GRADESHE.0042BEDF
0040E7AA . 8B40 04 MOV
EAX,DWORD PTR DS:[EAX+4]
0040E7AD . 68 F4924300 PUSH
GRADESHE.004392F4
; ASCII "unregisted"
0040E7B2 . 68 E8914300
PUSH GRADESHE.004391E8
; ASCII "Serial"²Î¿¼ÔÚÕâÀï
0040E7B7 . 8D4C24 2C
LEA ECX,DWORD PTR SS:[ESP+2C]
0040E7BB . 68
DC914300 PUSH GRADESHE.004391DC
; ASCII "MyChoice"
0040E7C0 .
51 PUSH ECX
0040E7C1 . 8BC8
MOV ECX,EAX
0040E7C3 . E8 33D90100
CALL GRADESHE.0042C0FB
¡·¡·¶ÁÈ¡INIÎļþÖеÄ×¢²áÂë
0040E7C8 . 8B5424 24 MOV
EDX,DWORD PTR SS:[ESP+24] ¡·¡·ÊäÈëµÄ×¢²áÂë
0040E7CC . 8B4424 18
MOV EAX,DWORD PTR SS:[ESP+18] ¡·¡·ÕýÈ·µÄ×¢²áÂë
ÎÒµÄÊÇ9902911522
0040E7D0 . 52
PUSH EDX
; /Arg2
0040E7D1 . 50
PUSH EAX
; |Arg1
0040E7D2 . C68424 D400000>MOV BYTE PTR
SS:[ESP+D4],5 ;
|
0040E7DA . E8 06530000 CALL GRADESHE.00413AE5
±È½Ï×¢²áÂë
¸ú½ø
0040E7DF . 83C4 08 ADD ESP,8
0040E7E2
. 85C0 TEST EAX,EAX
0040E7E4
. 75 0B JNZ SHORT
GRADESHE.0040E7F1
0040E7E6 . 899E F42A0000 MOV DWORD PTR
DS:[ESI+2AF4],EBX
0040E7EC . E9 CB000000 JMP
GRADESHE.0040E8BC
0040E7F1 > 53
PUSH EBX
; /Arg1
0040E7F2
. 8D4C24 44 LEA ECX,DWORD PTR SS:[ESP+44]
; |
0040E7F6 . E8 75E9FFFF
CALL GRADESHE.0040D170
; \GRADESHE.0040D170
0040E7FB . 8D4C24 40
LEA ECX,DWORD PTR SS:[ESP+40]
0040E7FF . C68424
CC00000>MOV BYTE PTR SS:[ESP+CC],6
0040E807 . E8 A74B0100
CALL GRADESHE.004233B3
0040E80C . 8D8C24 C000000>LEA
ECX,DWORD PTR SS:[ESP+C0]
0040E813 . C68424 CC00000>MOV BYTE PTR
SS:[ESP+CC],0B
0040E81B . E8 FB030100 CALL
GRADESHE.0041EC1B
0040E820 . 8D8C24 BC00000>LEA ECX,DWORD PTR
SS:[ESP+BC]
0040E827 . C68424 CC00000>MOV BYTE PTR
SS:[ESP+CC],0A
0040E82F . E8 E7030100 CALL
GRADESHE.0041EC1B
×¢²áÂë±È½Ï²¿·Ö£º´Ë´¦ÊÇһѻ·£¬Öð¸ö±È½Ï£¬Èç¹ûµÚÒ»¸ö²»ÕýÈ·¾ÍÌø³öÑ»·¡£
00413B14 |> 66:0FB60F
/MOVZX CX,BYTE PTR DS:[EDI]
00413B18 |. 0FB6C1
|MOVZX EAX,CL
00413B1B |. 47
|INC EDI
00413B1C |. 894D 0C
|MOV DWORD PTR SS:[EBP+C],ECX
00413B1F |. F680 81B54700 >|TEST
BYTE PTR DS:[EAX+47B581],4
00413B26 |. 74 16
|JE SHORT GRADESHE.00413B3E
00413B28 |. 8A07
|MOV AL,BYTE PTR DS:[EDI]
00413B2A |. 84C0
|TEST AL,AL
00413B2C |. 75 06
|JNZ SHORT GRADESHE.00413B34
00413B2E |. 8365 0C 00
|AND DWORD PTR SS:[EBP+C],0
00413B32 |. EB 0A
|JMP SHORT GRADESHE.00413B3E
00413B34 |>
33D2 |XOR EDX,EDX
00413B36 |. 47
|INC EDI
00413B37 |. 8AF1
|MOV DH,CL
00413B39 |. 8AD0
|MOV DL,AL
00413B3B |. 8955 0C
|MOV DWORD PTR SS:[EBP+C],EDX
00413B3E |>
66:0FB61E |MOVZX BX,BYTE PTR DS:[ESI]
00413B42 |.
0FB6C3 |MOVZX EAX,BL
00413B45 |. 46
|INC ESI
00413B46 |. F680 81B54700
>|TEST BYTE PTR DS:[EAX+47B581],4
00413B4D |. 74 13
|JE SHORT GRADESHE.00413B62
00413B4F |. 8A06
|MOV AL,BYTE PTR DS:[ESI]
00413B51 |. 84C0
|TEST AL,AL
00413B53 |. 75 04
|JNZ SHORT GRADESHE.00413B59
00413B55 |.
33DB |XOR EBX,EBX
00413B57 |. EB 09
|JMP SHORT GRADESHE.00413B62
00413B59
|> 33C9 |XOR ECX,ECX
00413B5B
|. 46 |INC ESI
00413B5C
|. 8AEB |MOV CH,BL
00413B5E |.
8AC8 |MOV CL,AL
00413B60 |. 8BD9
|MOV EBX,ECX
00413B62 |> 66:395D
0C |CMP WORD PTR SS:[EBP+C],BX ±È½Ï×¢²áÂëµÄµ¥¸ö×Ö·ûÊÇ·ñÏàͬ
00413B66
|. 75 09 |JNZ SHORT GRADESHE.00413B71
Ìø¾ÍOVER
00413B68 |. 66:837D 0C 00 |CMP WORD PTR
SS:[EBP+C],0
00413B6D |. 74 16 |JE
SHORT GRADESHE.00413B85 ±È½ÏÍê±ÏÌø³öÑ»·¡£
00413B6F |.^EB A3
\JMP SHORT
GRADESHE.00413B14
ÒÔÉϲ¿·ÖÒâÒå²»´ó£¬¸ÐÐËȤµÄÊÇÈçºÎ¼ÆËãµÄ×¢²áÂ룬µ½¶ÏµãµÄÒÔÉϲ¿·Ö¿´¿´£¬²¿·Ö¿´¿´¡£
0040E5A0
> 8B96 F4000000 MOV EDX,DWORD PTR DS:[ESI+F4]
0040E5A6 . 57
PUSH EDI
0040E5A7 . 53
PUSH EBX
0040E5A8 . 68
03100000 PUSH 1003
0040E5AD . 52
PUSH EDX
0040E5AE . FFD5
CALL EBP
0040E5B0 . 50
PUSH EAX
0040E5B1 . E8 95EE0000 CALL
GRADESHE.0041D44B
0040E5B6 . 83CD FF OR
EBP,FFFFFFFF
0040E5B9 . 899E F01E0000 MOV DWORD PTR
DS:[ESI+1EF0],EBX
0040E5BF . 899E 142B0000 MOV DWORD PTR
DS:[ESI+2B14],EBX
0040E5C5 . 899E E41E0000 MOV DWORD PTR
DS:[ESI+1EE4],EBX
0040E5CB . 899E E01E0000 MOV DWORD PTR
DS:[ESI+1EE0],EBX
0040E5D1 . 89AE E81E0000 MOV DWORD PTR
DS:[ESI+1EE8],EBP
0040E5D7 . 89AE EC1E0000 MOV DWORD PTR
DS:[ESI+1EEC],EBP
0040E5DD . 899E F41E0000 MOV DWORD PTR
DS:[ESI+1EF4],EBX
0040E5E3 . 899E F81E0000 MOV DWORD PTR
DS:[ESI+1EF8],EBX
0040E5E9 . 899E E02A0000 MOV DWORD PTR
DS:[ESI+2AE0],EBX
0040E5EF . 899E E42A0000 MOV DWORD PTR
DS:[ESI+2AE4],EBX
0040E5F5 . 899E EC2A0000 MOV DWORD PTR
DS:[ESI+2AEC],EBX
0040E5FB . 899E F02A0000 MOV DWORD PTR
DS:[ESI+2AF0],EBX
0040E601 . C786 F42A0000 >MOV DWORD PTR
DS:[ESI+2AF4],1
0040E60B . A1 F8984300 MOV EAX,DWORD PTR
DS:[4398F8]
0040E610 . 894424 14 MOV DWORD PTR
SS:[ESP+14],EAX
0040E614 . 8D4C24 38 LEA ECX,DWORD
PTR SS:[ESP+38]
0040E618 . 8D5424 28 LEA EDX,DWORD
PTR SS:[ESP+28]
0040E61C . 51
PUSH ECX
;
/pTotalNumberOfFreeBytes
0040E61D . 8D4424 34 LEA
EAX,DWORD PTR SS:[ESP+34] ;
|
0040E621 . 52 PUSH EDX
; |pTotalNumberOfBytes
0040E622
. 50 PUSH EAX
; |pFreeBytesAvailableToCaller
0040E623 .
68 8C914300 PUSH GRADESHE.0043918C
; |DirectoryName = "c:"
0040E628
. 899C24 DC00000>MOV DWORD PTR SS:[ESP+DC],EBX
; |
0040E62F . FF15 B4F14200 CALL
DWORD PTR DS:[<&KERNEL32.GetDiskFreeS>;
\GetDiskFreeSpaceExA
0040E635 . 83F8 01 CMP
EAX,1
0040E638 . 75 1E JNZ SHORT
GRADESHE.0040E658
0040E63A . 8B4C24 2C MOV
ECX,DWORD PTR SS:[ESP+2C]
0040E63E . 8B5424 28 MOV
EDX,DWORD PTR SS:[ESP+28]
0040E642 . 51
PUSH ECX
0040E643 . 52
PUSH EDX
0040E644 . 8D4424 1C LEA
EAX,DWORD PTR SS:[ESP+1C]
0040E648 . 68 84914300 PUSH
GRADESHE.00439184
; ASCII "%I64u"
0040E64D . 50
PUSH EAX
0040E64E . E8 06E20000 CALL
GRADESHE.0041C859
; ¼ÆËã»úÆ÷ÂëºÜÃ÷ÏÔÊǸù¾ÝCÅ̵Ä×ÔÓÉ¿Õ¼äÀ´¼ÆËãµÄ¡£
0040E653 . 83C4 10
ADD ESP,10
0040E656 . EB 0C
JMP SHORT GRADESHE.0040E664
0040E658 > 53
PUSH EBX
; /Arg3
0040E659 . 53
PUSH EBX
; |Arg2
0040E65A . 68
68914300 PUSH GRADESHE.00439168
; |Arg1 = 00439168
0040E65F . E8
56A10100 CALL GRADESHE.004287BA
; \GRADESHE.004287BA
0040E664 >
8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
0040E668 .
8B41 F8 MOV EAX,DWORD PTR DS:[ECX-8]
0040E66B
. 83F8 08 CMP EAX,8
0040E66E . 7D 0C
JGE SHORT GRADESHE.0040E67C
0040E670
. 53 PUSH EBX
; /Arg3
0040E671 . 53
PUSH EBX
;
|Arg2
0040E672 . 68 68914300 PUSH GRADESHE.00439168
; |Arg1 =
00439168
0040E677 . E8 3EA10100 CALL GRADESHE.004287BA
;
\GRADESHE.004287BA
0040E67C > 8D5424 10 LEA
EDX,DWORD PTR SS:[ESP+10]
0040E680 . 6A 08
PUSH 8
0040E682 . 52
PUSH EDX
0040E683 . 8D4C24 1C LEA ECX,DWORD PTR
SS:[ESP+1C]
0040E687 . E8 F2DD0000 CALL GRADESHE.0041C47E
;
È¥µô»úÆ÷ÂëµÄºó2λ
0040E68C . 50
PUSH EAX
0040E68D . 8D4C24 18 LEA ECX,DWORD
PTR SS:[ESP+18]
0040E691 . C68424 D000000>MOV BYTE PTR
SS:[ESP+D0],1
0040E699 . E8 6A060100 CALL
GRADESHE.0041ED08
0040E69E . 8D4C24 10 LEA
ECX,DWORD PTR SS:[ESP+10]
0040E6A2 . 889C24 CC00000>MOV BYTE PTR
SS:[ESP+CC],BL
0040E6A9 . E8 6D050100 CALL
GRADESHE.0041EC1B
0040E6AE . 8B4424 14 MOV
EAX,DWORD PTR SS:[ESP+14]
0040E6B2 . 50
PUSH EAX
0040E6B3 . E8 9C580000 CALL
GRADESHE.00413F54
; ±ä³ÉUNICOD
0040E6B8 . 05 23612D01 ADD
EAX,12D6123
0040E6BD . 8D4C24 18 LEA ECX,DWORD PTR
SS:[ESP+18] ;
È¥2λºóµÄ×¢²áÂëÏà¼õ
0040E6C1 . 50
PUSH EAX
0040E6C2 . 68 00934300 PUSH
GRADESHE.00439300
; ASCII "%ld"
0040E6C7 . 51
PUSH ECX
0040E6C8 . E8 8CE10000 CALL
GRADESHE.0041C859
; ÔËËã
0040E6CD . 83C4 10 ADD
ESP,10
0040E6D0 . 8D4C24 14 LEA ECX,DWORD PTR
SS:[ESP+14]
0040E6D4 . E8 1C0A0100 CALL GRADESHE.0041F0F5
;
µ½¹ýÀ´ÅÅÐò
0040E6D9 . 68 80914300 PUSH GRADESHE.00439180
;
ASCII "?:\"
0040E6DE . 8D4C24 20 LEA
ECX,DWORD PTR SS:[ESP+20]
0040E6E2 . 895C24 14 MOV
DWORD PTR SS:[ESP+14],EBX
0040E6E6 . 33FF
XOR EDI,EDI
0040E6E8 . E8 9C050100 CALL
GRADESHE.0041EC89
0040E6ED . C68424 CC00000>MOV BYTE PTR
SS:[ESP+CC],2
0040E6F5 . FF15 B8F14200 CALL DWORD PTR
DS:[<&KERNEL32.GetLogicalDr>; [GetLogicalDrives
0040E6FB .
3BC3 CMP EAX,EBX
0040E6FD . 894424
20 MOV DWORD PTR SS:[ESP+20],EAX
0040E701 . 74 43
JE SHORT GRADESHE.0040E746
0040E703
. 8B2D BCF14200 MOV EBP,DWORD PTR
DS:[<&KERNEL32.GetDriveT>
0040E709 > A8 01
TEST AL,1
;
¿ªÊ¼ÕâÀïÑ»·
0040E70B . 74 23 JE
SHORT GRADESHE.0040E730
0040E70D . 8A5424 10 MOV
DL,BYTE PTR SS:[ESP+10]
0040E711 . 8D4C24 1C LEA
ECX,DWORD PTR SS:[ESP+1C]
0040E715 . 80C2 41
ADD DL,41
0040E718 . 52
PUSH EDX
0040E719 . 53
PUSH EBX
0040E71A . E8 E8090100 CALL
GRADESHE.0041F107
0040E71F . 8B4424 1C MOV
EAX,DWORD PTR SS:[ESP+1C] ;
´ÓA:µ½×îºóÒ»¸öÇý¶¯Æ÷
0040E723 . 50
PUSH EAX
0040E724 . FFD5
CALL EBP
0040E726 . 83F8 03 CMP
EAX,3
0040E729 . 75 01 JNZ SHORT
GRADESHE.0040E72C
0040E72B . 47
INC EDI
0040E72C > 8B4424 20 MOV
EAX,DWORD PTR SS:[ESP+20]
0040E730 > 8B5424 10
MOV EDX,DWORD PTR SS:[ESP+10]
0040E734 . D1E8
SHR EAX,1
0040E736 . 42
INC EDX
0040E737 . 3BC3
CMP EAX,EBX
0040E739 . 894424 20 MOV
DWORD PTR SS:[ESP+20],EAX
0040E73D . 895424 10 MOV
DWORD PTR SS:[ESP+10],EDX
0040E741 .^75 C6
JNZ SHORT GRADESHE.0040E709
; Ñ»·ÒÀ´ÎÔËËãËùÓÐÂß¼ÅÌ×îºóÊÇÈ¡×îºóÒ»¸öÇý¶¯Æ÷µÄÅÌ·ûÎÒµÄÊÇ¡°g:\"
0040E743 . 83CD
FF OR EBP,FFFFFFFF
0040E746 > 8B0D
F8984300 MOV ECX,DWORD PTR DS:[4398F8]
; GRADESHE.0043990C
0040E74C . 894C24 18
MOV DWORD PTR SS:[ESP+18],ECX
0040E750 . 83C7 12
ADD EDI,12
0040E753 . 8D5424 18
LEA EDX,DWORD PTR SS:[ESP+18]
0040E757 . 57
PUSH EDI
0040E758 . 68 7C914300 PUSH
GRADESHE.0043917C
; ASCII "%d"
0040E75D . 52
PUSH EDX
0040E75E . C68424 D800000>MOV BYTE PTR
SS:[ESP+D8],3
0040E766 . E8 EEE00000 CALL
GRADESHE.0041C859
; ¼ÆËã³ö×¢²áÂëµÄ×îºó2λ
0040E76B . 83C4 0C
ADD ESP,0C
0040E76E . 8D4424 18 LEA
EAX,DWORD PTR SS:[ESP+18]
0040E772 . 8D4C24 14 LEA
ECX,DWORD PTR SS:[ESP+1€€€
ÓÉÓÚʱ¼äÎÊÌ⣨ÏÈÕÒ¸ǫ̈½×Ï£©£¬¾Í²»ÔÚÍùÏÂдÁË£¬ÖÁÓÚËã·¨²¿·Ö±¾È˺ܲˣ¬ÅÂÔÚ¸÷λ¸ßÊÖÃæÇ°ÂòŪ£¬²»Ð´ÁË¡£
¸ÐÐËȤµÄ¿ÉÒÔ¿´¿´¡£
×ܽ᣺
²ËÄñ×ÜÊÇÒª´Ó×î²ËµÄµØ·½¿ªÊ¼¡£Ã»Óа취ѽ¡£Ä¿Ç°¶Ô×Ô¼ºÒªÇ󲻸ߣ¬ÄÜÕÒµ½ÕýÈ·µÄ×¢²áÂë¾ÍÐУ¬Ëã·¨Õâ¸ö¶«Î÷£¬ÄÖ²»¶®¡£Ï£Íû¸÷λ¸ßÊÖ²»Òª¼ûЦ¡£
ÉùÃ÷£ºÃ»ÓаæȨ¡£