IDM 汇编 笔记
来源:互联网 发布:手机flac转换软件 编辑:程序博客网 时间:2024/04/26 21:08
0044C0AC /0F85 19020000 jnz IDMan.0044C2CB 修改这里IDM就能把文件下载到手 了。但之后就出来假注册码
看堆栈,得到一个 栈顶,005ED988 . FFD0 call eax ; kernel32.BaseThreadInitThunk
往上的这句
005ED983 /74 08 je short IDMan.005ED98D ; 这个好像可以跳过!!!!但改后程序就死了,说明
005ED988 . FFD0 call eax ; kernel32.BaseThreadInitThunk这句一定有鬼!!
F7跟进后 是这样的。
00415450 /. 55 push ebp
00415451 |. 8BEC mov ebp,esp
00415453 |. 6A FF push -0x1
00415455 |. 68 90F85F00 push IDMan.005FF890 ; SE 处理程序安装
0041545A |. 64:A1 0000000>mov eax,dword ptr fs:[0]
00415460 |. 50 push eax ; IDMan.00415450
00415461 |. 64:8925 00000>mov dword ptr fs:[0],esp
00415468 |. 83EC 14 sub esp,0x14
0041546B |. 53 push ebx
0041546C |. 56 push esi
0041546D |. 57 push edi
0041546E |. 8D45 E8 lea eax,[local.6]
00415471 |. 8965 F0 mov [local.4],esp
00415474 |. 33F6 xor esi,esi
00415476 |. 50 push eax ; /pHandle = IDMan.00415450
00415477 |. 6A 10 push 0x10 ; |Access = KEY_NOTIFY
00415479 |. 56 push esi ; |Reserved = 0x2ACC740
0041547A |. 68 D0E96A00 push IDMan.006AE9D0 ; |Subkey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"
0041547F |. 68 02000080 push 0x80000002 ; |hKey = HKEY_LOCAL_MACHINE
00415484 |. 8975 FC mov [local.1],esi ; |
00415487 |. 8975 EC mov [local.5],esi ; |
0041548A |. FF15 08C06100 call dword ptr ds:[<&ADVAPI32.RegOpenKey>; \RegOpenKeyExA
00415490 |. 85C0 test eax,eax ; IDMan.00415450
00415492 |. 75 1B jnz short IDMan.004154AF
00415494 |. 56 push esi ; /EventName = "?g"
00415495 |. 56 push esi ; |InitiallySignaled = TRUE
00415496 |. 6A 01 push 0x1 ; |ManualReset = TRUE
00415498 |. 56 push esi ; |pSecurity = 02ACC740
00415499 |. FF15 4CC46100 call dword ptr ds:[<&KERNEL32.CreateEven>; \CreateEventA
0041549F |. 8BF8 mov edi,eax ; IDMan.00415450
004154A1 |. 3BFE cmp edi,esi
004154A3 |. 75 1D jnz short IDMan.004154C2
004154A5 |. 8B4D E8 mov ecx,[local.6]
004154A8 |. 51 push ecx ; /hKey = D7740000
004154A9 |. FF15 68C06100 call dword ptr ds:[<&ADVAPI32.RegCloseKe>; \RegCloseKey
004154AF |> 33C0 xor eax,eax ; IDMan.00415450
004154B1 |. 8B4D F4 mov ecx,[local.3]
004154B4 |. 64:890D 00000>mov dword ptr fs:[0],ecx
004154BB |. 5F pop edi ; IDMan.005ED98A
004154BC |. 5E pop esi ; IDMan.005ED98A
004154BD |. 5B pop ebx ; IDMan.005ED98A
004154BE |. 8BE5 mov esp,ebp
004154C0 |. 5D pop ebp ; IDMan.005ED98A
004154C1 |. C3 retn
004154C2 |> E8 59DA0200 call IDMan.00442F20
004154C7 |. 3BC6 cmp eax,esi
004154C9 |. 74 30 je short IDMan.004154FB
004154CB |. 8D55 EC lea edx,[local.5]
004154CE |. 52 push edx ; /pHandle = 038AE8B8
004154CF |. 68 10010000 push 0x110 ; |Access = KEY_NOTIFY|100
004154D4 |. 56 push esi ; |Reserved = 0x2ACC740
004154D5 |. 68 D0E96A00 push IDMan.006AE9D0 ; |Subkey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"
004154DA |. 68 02000080 push 0x80000002 ; |hKey = HKEY_LOCAL_MACHINE
004154DF |. FF15 08C06100 call dword ptr ds:[<&ADVAPI32.RegOpenKey>; \RegOpenKeyExA
004154E5 |. 85C0 test eax,eax ; IDMan.00415450
004154E7 |. 74 05 je short IDMan.004154EE
004154E9 |. 8975 EC mov [local.5],esi
004154EC |. EB 0D jmp short IDMan.004154FB
004154EE |> 56 push esi ; /EventName = "?g"
004154EF |. 56 push esi ; |InitiallySignaled = TRUE
004154F0 |. 6A 01 push 0x1 ; |ManualReset = TRUE
004154F2 |. 56 push esi ; |pSecurity = 02ACC740
004154F3 |. FF15 4CC46100 call dword ptr ds:[<&KERNEL32.CreateEven>; \CreateEventA
004154F9 |. 8BF0 mov esi,eax ; IDMan.00415450
004154FB |> 6A 01 /push 0x1 ; /Async = TRUE
004154FD |. B8 01000000 |mov eax,0x1 ; |
00415502 |. 57 |push edi ; |hEvent = 00BCCF84
00415503 |. 50 |push eax ; |NotifyFilter = 415450
00415504 |. 50 |push eax ; |WatchSubTree = TRUE
00415505 |. 8B45 E8 |mov eax,[local.6] ; |
00415508 |. 50 |push eax ; |hKey = 0x415450
00415509 |. FF15 30C06100 |call dword ptr ds:[<&ADVAPI32.RegNotify>; \RegNotifyChangeKeyValue
0041550F |. 8B4D EC |mov ecx,[local.5]
00415512 |. 8BD8 |mov ebx,eax ; IDMan.00415450
00415514 |. 83C8 FF |or eax,-0x1
00415517 |. 85C9 |test ecx,ecx
00415519 |. 74 15 |je short IDMan.00415530
0041551B |. 85F6 |test esi,esi
0041551D |. 74 11 |je short IDMan.00415530
0041551F |. 6A 01 |push 0x1 ; /Async = TRUE
00415521 |. B8 01000000 |mov eax,0x1 ; |
00415526 |. 56 |push esi ; |hEvent = 02ACC740
00415527 |. 50 |push eax ; |NotifyFilter = 415450
00415528 |. 50 |push eax ; |WatchSubTree = TRUE
00415529 |. 51 |push ecx ; |hKey = 0xD7740000
0041552A |. FF15 30C06100 |call dword ptr ds:[<&ADVAPI32.RegNotify>; \RegNotifyChangeKeyValue
00415530 |> 85DB |test ebx,ebx
00415532 |. 74 0F |je short IDMan.00415543
00415534 |. 85C0 |test eax,eax ; IDMan.00415450
00415536 |. 75 57 |jnz short IDMan.0041558F
00415538 |. 6A FF |push -0x1 ; /Timeout = INFINITE
0041553A |. 56 |push esi ; |hObject = 02ACC740
0041553B |. FF15 70C46100 |call dword ptr ds:[<&KERNEL32.WaitForSi>; \WaitForSingleObject
00415541 |. EB 25 |jmp short IDMan.00415568
00415543 |> 85C0 |test eax,eax ; IDMan.00415450
00415545 |. 74 0B |je short IDMan.00415552
00415547 |. 6A FF |push -0x1 ; /Timeout = INFINITE
00415549 |. 57 |push edi ; |hObject = 00BCCF84
0041554A |. FF15 70C46100 |call dword ptr ds:[<&KERNEL32.WaitForSi>; \WaitForSingleObject
00415550 |. EB 16 |jmp short IDMan.00415568
00415552 |> 6A FF |push -0x1 ; /Timeout = INFINITE
00415554 |. 8D4D E0 |lea ecx,[local.8] ; |
00415557 |. 6A 00 |push 0x0 ; |WaitForAll = FALSE
00415559 |. 51 |push ecx ; |pObjects = D7740000
0041555A |. 6A 02 |push 0x2 ; |nObjects = 0x2
0041555C |. 897D E0 |mov [local.8],edi ; |
0041555F |. 8975 E4 |mov [local.7],esi ; |
00415562 |. FF15 50C46100 |call dword ptr ds:[<&KERNEL32.WaitForMu>; \WaitForMultipleObjects
00415568 |> E8 03030000 |call IDMan.00415870
0041556D |. 85C0 |test eax,eax ; IDMan.00415450
0041556F |. 75 5B |jnz short IDMan.004155CC
00415571 |. 8B15 3CCF6D00 |mov edx,dword ptr ds:[0x6DCF3C]
00415577 |. 68 40000500 |push 0x50040 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL|50000
0041557C |. 68 A4CF6A00 |push IDMan.006ACFA4 ; |Title = "Internet Download Manager"
00415581 |. 52 |push edx ; |Text = "歌?"
00415582 |. FF15 F0C76100 |call dword ptr ds:[<&USER32.GetDesktopW>; |[GetDesktopWindow
00415588 |. 50 |push eax ; |hOwner = 00415450
00415589 |. FF15 F4C76100 |call dword ptr ds:[<&USER32.MessageBoxA>; \MessageBoxA
0041558F |> 57 |push edi ; /hObject = 00BCCF84
00415590 |. 8B3D 78C46100 |mov edi,dword ptr ds:[<&KERNEL32.CloseH>; |kernel32.CloseHandle
00415596 |. FFD7 |call edi ; \CloseHandle
00415598 |. 85F6 |test esi,esi
0041559A |. 74 03 |je short IDMan.0041559F
0041559C |. 56 |push esi ; /hObject = 02ACC740
0041559D |. FFD7 |call edi ; \CloseHandle
0041559F |> 8B45 E8 |mov eax,[local.6]
=======================
0044CF1B . /7E 10 jle short IDMan.0044CF2D ; yes 的话去死
0044CF1D > |8A5C04 78 mov bl,byte ptr ss:[esp+eax+0x78]
0044CF21 . |80F3 0B xor bl,0xB
0044CF24 . |885C04 78 mov byte ptr ss:[esp+eax+0x78],bl
0044CF28 . |40 inc eax
0044CF29 . |3BC1 cmp eax,ecx
0044CF2B .^|7C F0 jl short IDMan.0044CF1D
0044CF2D > \8B4C24 74 mov ecx,dword ptr ss:[esp+0x74]
0044CF31 . 8B15 C4CA6D00 mov edx,dword ptr ds:[0x6DCAC4]
0044CF37 . 8D4424 78 lea eax,dword ptr ss:[esp+0x78]
0044CF3B . 68 30100400 push 0x41030 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_SYSTEMMODAL|40000
0044CF40 . 50 push eax ; |Title = "Internet Download Manager"
0044CF41 . 51 push ecx ; |Text = "Internet Download Manager has been registered with a fake Serial Number or the Serial Number has been blocked. Be aware that the cracked product may work incorrectly and download files with errors. Thus we advise you to purchase the fu"...
0044CF42 . 52 push edx ; |hOwner = 00200246 ('Internet Download Manager 6.25',class='#32770')
0044CF43 . FF15 F4C76100 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA
==================
004596C8 . /0F87 4F030000 ja IDMan.00459A1D ; 1
004596CE . |0F84 18030000 je IDMan.004599EC ; 2
004596D4 . |8D87 63EBFFFF lea eax,dword ptr ds:[edi-0x149D] ; 3
004596DA . |83F8 08 cmp eax,0x8
004596DD . |0F87 42030000 ja IDMan.00459A25 ; 4
004596E3 . |FF2485 909C45>jmp dword ptr ds:[eax*4+0x459C90]
004596EA > |8B0D 80C96D00 mov ecx,dword ptr ds:[0x6DC980] ; Case 14A0 of switch 004537A8
004596F0 . |8D55 CC lea edx,dword ptr ss:[ebp-0x34]
004596F3 . |8D85 58FFFFFF lea eax,dword ptr ss:[ebp-0xA8]
004596F9 . |52 push edx ; /pBufSize = 00200246
004596FA . |50 push eax ; |Buffer = 088DFDC4
004596FB . |56 push esi ; |pValueType = 02A82F50
004596FC . |56 push esi ; |Reserved = 02A82F50
004596FD . |68 14106B00 push IDMan.006B1014 ; |ValueName = "bVP9Ch"
00459702 . |51 push ecx ; |hKey = 0x2A75890
00459703 . |C745 CC 04000>mov dword ptr ss:[ebp-0x34],0x4 ; |
0045970A . |FF15 04C06100 call dword ptr ds:[<&ADVAPI32.RegQueryVa>; \RegQueryValueExA
- IDM 汇编 笔记
- IDM
- IDM 6.25 build 21破解笔记
- 汇编笔记
- 汇编笔记
- 汇编笔记
- 汇编笔记
- 汇编笔记
- 汇编笔记
- 汇编笔记
- 汇编笔记
- 汇编笔记
- 汇编笔记
- 汇编笔记
- 汇编笔记
- 汇编笔记
- IDM序列号
- IDM序列号
- java基础之异常Exception(4)
- 【IsNullUtils】 判断EditText、TextView是否有文字
- 有图有故事 - Watson Analytics 解析幸福指数
- SSM框架(多模块)——Spring+Mybatis
- 功能强大的 Android Studio
- IDM 汇编 笔记
- struts2复习2 helloworld
- windows C++下打开文件目录和创建
- Eclipse Java注释模板设置详解
- vs2015注册码
- Java对MySQL数据库进行连接、查询和修改
- 利用Hadoop的FileSystem create方法获取 FSDataOutputStream 实现文件的上传
- Java中的拆箱和装箱
- 服务发现:Zookeeper vs etcd vs Consul
