±êÌ⣺Tag&Rename 1.7 ÎÄÕÂÒ» £º¸ú×Ù£¬²¢ÇÒÖÆ×÷Loader¡££¨ÊʺϳõѧÕߣ©
mcny@work Èí¼þ £ºTag&Rename 1.7 Èí¼þ¼ò½é £ºÒ»¸ö¿ÉÒÔÐÞ¸ÄMP3 ºÍ VQF ÒôÀÖÎļþÖеÄTAG˵Ã÷µÄ³ÌÐò¡£Ä¿Ç°ÉÐδ֧³ÖMP3×îеÄID3v2
µ«ÊÇ£¬ÈÔÈ»ÊÇÒ»¸öºÜºÃÓõı༹¤¾ß¡£ ÏÂÔØ´¦ £ºÈí¼þÖ÷Ò³: http://www.softpointer.com/tr.htm
£º°æ±¾1.7£¨ÈôÕÒ²»µ½£©¿ÉÒÔÔÚÎÒÕâÀïÏÂÔØ:
http://www.geocities.com/mcny_work/orgfile/2000/TagRename17.zip
(888k bytes ²»Ö§³Ö¶ÏµãÐø´« ) ×¢²á·½·¨ £º×¢²áÂ루ÓëÃû×ÖÎÞ¹Ø,¶øÇÒÊDz»¿ÉÄæËã·¨£¬ÎÞ·¨¼ÆËã³ö×¢²áÂ룩 ·´¸ú×Ù±£»¤ £ºAsprotect 1.0 ¼Ó¿Ç
========================================================================================
ÆƽâÄÑ¶È £ºÒ× £¨ÕâÀïÊÇÖ¸£ºÕÒ³ö¹Ø¼üÌøת£¬¸Ä±äËü£©
È¥·´¸ú×Ù±£»¤ÄѶȣºÒ× £¨ÕâÀïÊÇÖ¸£ºÊ¹ÓÃLoader,ÓÐÏֳɵĴúÂëÂ²»ÓÃ×Ô¼ºÐ´£¡
ÈôÒª×Ô¶¯ÍѿǵĻ°£¬ÓÐÏֳɵÄÍÑ¿Ç»ú(SACµÄ£¬ÎÒ»¹Ã»Óùý£¬²»ÖªÐ§¹ûÈçºÎ)¡£
ÈôÒªÊÖ¹¤ÍѿǵĻ°£¬¿ÉÒԲο¼http://toye.yeah.net
'Æƽâ½Ìѧ'ÉϵÄÏà¹ØÎÄÕ£¬ÄѶȣºÖУ©
ʹÓù¤¾ß £º1) Trw2000 v1.22
2) TASM32 5.0(ÐèÒª3¸öÎļþ£ºimport32.lib ,tasm32.exe, tlink32.exe)
Ä¿±êÎļþ £ºTagRename.exe
¹Ø¼ü £ºÕÒ³ö¹Ø¼üÌøתµã£¬ÖÆ×÷Ò»¸öLoaderÀ´¸Ä±ä¸ÃÌøת£¨ÔÒò£ºÒòΪÈí¼þ¾¹ý¼Ó¿Ç£¬ÎÞ
·¨Ö±½ÓÐÞ¸ÄÄ¿±êÎļþ£©
----------------------------------------------------------------------------------------
¡¾×¢1¡¿ £º¿´Ñ©ÂÛ̳ÖУ¬ÓÐÈËÔø¸æËßÎÒ£ºÆƽâÊÇÆƽ⣬ÍÑ¿ÇÊÇÍÑ¿Ç£¬²»ÄÜ»ìΪһ̸¡£ ¾õµÃºÜÓÐ
µÀÀí£¬ËùÒÔÕâÀï¾Í·Ö³ÉÁ½¸öÄѶȶÈÁ¿£ºÆƽ⡢ȥ·´¸ú×Ù¡£
¡¾×¢2¡¿ £º±àÒëÁ¬½ÓLoaderʱ£¬±¾ÎÄûÓÐʹÓÃ'×ÊÔ´Îļþ'£¬ËùÒÔÖÆ×÷³öÀ´Loader²»»á°üº¬Í¼±ê¡£ÓÐ
ÐËȤ£¬Äã¿ÉÒÔ×Ô¼º²¹ÉÏ¡£
¡¾×¢3¡¿ £º±¾ÎÄÒâÔÚ¸øÓè²»ÔøÖÆ×÷LoaderµÄÅóÓÑÒ»¸öLoaderµÄÖÆ×÷¾Ñé¡£²¢²»ÊÇ˵£¬ÖÆ×÷Loader
²ÅÊÇÆƽⱾÈí¼þ×î¼Ñ·½·¨¡£
========================================================================================
±¾ÎÄ×÷ÕߣºMcNy@Work
ÈÕÆÚ £º2000Äê11ÔÂ09ÈÕ
Email £ºmcny_work@yahoo.com
£¨ÓʼþÖ÷ÌâÇëÒÔ"WANTED:McNycn"¿ªÊ¼£¬×¢ÒâÓ¢ÎÄ×Öĸ´óСд£¬·ñÔòÎÒ»áÊÕ²»µ½à¸£¡£© ¡¾Ä¿Â¼¡¿
¡ì£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½¡ì
¡ìµÚÒ»²¿·Ö£º³õ²½×·×Ù ¡ì
¡ìµÚ¶þ²¿·Ö£º½øÒ»²½×·×Ù£¬ÕÒµ½¹Ø¼ü±È½Ïµã ¡ì
¡ìµÚÈý²¿·Ö£ºÖÆ×÷Loader£¬¸½£º³ÌÐòÔ´´úÂë ¡ì
¡ì£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½¡ì
-------------------------------¡¾µÚÒ»²¿·Ö£º³õ²½×·×Ù¡¿-----------------------------------
Ê×ÏÈÔËÐÐ Trw2000 £¬ÓÃËüÔØÈëTagRename.exe ¡£°´ÏÂ'Load'½¡ºó£¬ÎÒÃÇÀ´µ½trw2000µÄµ÷ÊÔ¿òÖУ¬
°´F5,³ÌÐò¼ÌÐøÔËÐС£È»ºó£¬TagRename »á³öÏÖÒ»¸öÌáʾ¿ò¸æÊöÄãÒѾʹÓÃÁ˼¸Ì죬»¹½ÐÄã×¢²á¡£Ñ¡Ôñ
'Unlock'£¬ÔÚYournameÖÐÌíÈëÐÕÃû£¬ÔÚCodeÖÐÌíÈëÈÎÒâÎı¾¡£(eg, Name: McNy@Work Code:a )
ÔÝʱ²»Òª°´ÏÂOK°´Å¥¡£ È»ºó,°´Ctrl+N, À´µ½trw2000µ÷ÊÔ¿òÖС£ÉèÖöϵ㣬¼üÈ룺bpx hmemcpy £¬»Ø³µ¡££¨<--Õâ¿ÉÊÇ
¾µä¶¯×÷à¸!£©°´F5,ÈóÌÐò¼ÌÐøÔËÐС£ÎÒÃÇ»á»Øµ½windows ÖУ¬°´Ï¸ղÅû°´ÏµÄOK¼ü¡£ ³ÌÐòÓÖ±»Öжϣ¬ÎÒÃÇÓÖÀ´µ½trw2000µ÷ÊÔ¿òÖС£ÏÖÔÚ£¬ÎÒÃDz»¶ÏµÄ°´F10 £¬Ò»Ö±µ½Error¶Ô»°¿ò³ö
ÏÖ£¨F10 ÊÇÖ𲽸ú×Ù£©¡£ÆäÖÐÒ»¸öret´¦°´ÏÂF10ºó»áÀ´µ½µØÖ· 00508B49¡£¼ÌÐø¸ú×Ù£¬µ±ÓÃF10Ô½¹ý
00508B76 call 004646EC ºó£¬Error ¿ò³öÏÖ£¬¸æËßÄã×¢²áÂë²»¶Ô£¡ °´OK £¬»á»Øµ½Trw2000µ÷ÊÔ¿ò¡£ ºÜÃ÷ÏÔ£¬00508B76 ´¦µÄcall »áÏÔʾerror¶Ô»°¿ò¡£ÒªÈçºÎ±Ü¿ªËüÄØ£¿ÎÒÃÇÏòÉÏÕÒ£¬·¢ÏÖ00508B80
´¦µÄJZÓлú»á±Ü¿ªError¿ò£¬Ìõ¼þÊÇAL=1¡££¨µ±È»£¬ÎÒÃǵ½ÕâÀïʱµÄAL<>1£¬ÒòΪע²áÂë²»¶ÔÂ£©
...
==> 017F:00508B49 MOV EAX,[EBP-08] file://ijһ¸öret»á·µ»Øµ½´Ë¡£
017F:00508B4C LEA EDX,[EBP-04]
017F:00508B4F CALL 0408EBC
017F:00508B54 MOV EAX,[EBP-04]
**(A1)** 017F:00508B57 CALL 00456510 file://´¦Àí¡¢¼ÆËã¡¢±È½Ï×¢²áÂë!!!
file://×¢²áÂëÕýȷʱ£¬·µ»ØAL=1¡£
**(A2)** 017F:00508B5C CMP AL,01
==> 017F:00508B5E JZ 0508B80 file://ÈôAL=1£¬Ôò¿ÉÒԱܿªerror¶Ô»°¿ò!
017F:00508B60 LEA ECX,[EBP-0C]
017F:00508B63 MOV EAX,[00541A98]
017F:00508B68 MOV EAX,[EAX]
017F:00508B6A MOV DX,01D9
017F:00508B6E CALL 0046DE40
017F:00508B73 MOV EAX,[EBP-0C]
==> 017F:00508B76 CALL 004646EC file://»á³öÏÖerror¶Ô»°¿ò
017F:00508B7B JMP 00508C56
...
´ÏÃ÷µÄÄ㣬һ¶¨»áÏëµ½¸Ä±ä 00508B5C µÄ±È½ÏÖ¸Áî »òÕß ¸Ä±ä 00508B5E µÄÌõתָÁîÀ´´ïµ½
±Ü¿ªerror¶Ô»°¿òµÄÄ¿µÄ¡£µ«ÊÇ£¬ÕâÑù×öµÄ»°Ö»¶ÔÁËÒ»°ë£¡ÒòΪ³ÌÐò²»Ö¹ÔÚÒ»µØ·½µ÷Óà call 00456510 ¡£
£¨ÎÒµ±È»ÊÇÊÔ¹ý²ÅÖªµÀÂ£©ËùÒÔʹ call 00456510 µÄ·µ»Ø½á¹û±Ø¶¨ AL=01²ÅÊÇÒ»ÀÍÓÀÒݵķ½·¨¡£
ËùÒÔ£¬ÎÒÃÇÒ²¿ÉÒÔÐÞ¸Ä 00465610 ´¦µÄ´úÂ룬ʹ֮±ä³É mov al,01 ¡£ ret¡££¨ÖÃAL=1,²¢ÂíÉÏ·µ»Ø£©
µ«ÎÒÃDz»ÕâÑù×ö£¬ÒòΪÕâÑù×öÒѸıäÁËÕû¸öCallµÄ×÷Ó㬿ÉÄÜ»á´øÀ´Ç±ÔڵijÌÐò´íÎó¡£ÎÒÏë¶ÔÔʼ³Ì
ÐòÓÃ×îÉÙ¡¢×ȫµÄÐÞ¸ÄÀ´´ïµ½ÎÒÃǵÄÄ¿µÄ¡£ ÓÚÊÇ£¬ÎÒÃDZ¾×ÅÕâÑùµÄ˼·À´½øÐÐ×·×Ù£ºÊÇʲôÔì³ÉAL=1£¿ÔÀ´ÊǵØÖ·xxxxxxxx ´¦µÄ EBX=1 ʱ¡£
ÄÄÓÖÊÇʲôÔì³É xxxxxxxx ʱµÄEBX=1?ÔÀ´ÊǵØÖ·yyyyyyyy´¦µÄ EAX<>0 £¬... ¾ÍÕâÑù£¬Ò»Ö±µ½±È½Ï
×¢²áÂëµÄµØµã¡£ ---------------------------------µÚÒ»²¿·ÖÍê----------------------------------------------- -------------------------------¡¾µÚ¶þ²¿·Ö£º½øÒ»²½×·×Ù£¬ÕÒµ½¹Ø¼ü±È½Ïµã¡¿------------------- ÎÒÃÇÖØÐÂÉèÖÃËùÓжϵã,¶øжϵãÉèÖÃÔÚÉÏÊö´úÂëÖÐÓÐ×¢Ã÷**(A1)**´¦£¬ËùcallµÄµØÖ·¡£
¼´ bc * , »Ø³µ¡£bpx 00456510 £¬»Ø³µ ¡£ °´ÏÂF5 ¡£TagRename³ÌÐò¼ÌÐøÔËÐС£ °´'Unlock'¼ü£¬'OK'¼ü¡£³ÌÐòÓÖ±»Öжϣ¬ÎÒÃÇÀ´µ½µ÷ÊÔ¿òÖУ¬µØÖ·ÊÇÎÒÃǸղÅÉèÖõĶϵ㴦£¬¼´
00456510 ¡£²»¶Ï°´F10Ò»Ö±µ½¹ýÁ˵ÚÒ»¸öRET £¨ÏÂÃæ´úÂëµÄ **(A4)** ´¦£©¡£ÓÉÓÚµÚ¶þ¸öRET ²ÅÊÇÕæ
ÕýµÄRET£¬ËùÒÔÎÒÃÇÖªµÀµØÖ·004565BD´¦µÄEBX ¾ö¶¨Á˼´½«·µ»ØµÄEAXÖµ£¨ÎÒÃÇҪʹEAX=1£©£¡
ÓÚÊÇÎÒÃÇ°Ñ×¢ÒâÁ¦×ªÒƵ½EBX¡£ÔÙÍùÉÏÃ漸Ðп´¿´£¬·¢ÏÖ00456598 ´¦½«1 ¸³Öµ¸øBL¡£µ«ÊÇΪʲô
ÎÒÃǵÄÊÇEBX=0 ? ÕâÊÇÒòΪ 00456594 ´¦µÄJZ Ìøת³É¹¦£¡£¨ÏÂÃæ´úÂëµÄ**(A3)** £© ºÜÃ÷ÏÔ00456594¾ÍÊÇÎÒÃÇÒª¸ÄµÄµØ·½ÁË¡£Ö»Òª½« JZ 00456598 È¥µô¼´¿É£¨¼´£¬²»¹ÜÕæÕý½á¹ûÈç
ºÎ£¬ÎÒÃǶ¼Áî×¢²áÂëÕýÈ·(BL=1) £©¡£¼üÈë code on,»Ø³µ¡£ÏÈÓÃÖ½¼ÇÏÂ00456594´¦¿ªÊ¼µÄ10 Bytes
µÄ´úÂ루ÖÆ×÷LOADERʱ»áÓõ½:¼´74 02 B3 01 8B 45 F8 E8 C8 C9£©¡£
ÏÖÔÚ£¬ÓÃÁ½¸önopÈ¡´ú00456594µÄJZ 00456598¡£ÎÒÃǼüÈëa 456594£¬»Ø³µ¡£nop£¬»Ø³µ¡£nop£¬Á½
¸ö»Ø³µ¡£¿ÉÒÔ¿´¼û£¬00456594´¦µÄ´úÂë±ä³ÉÁ½¸önop ÁË¡£ ÈóÌÐò¼ÌÐøÔËÐÐÇ°£¬ÎÒÃÇÓ¦¸ÃÇå³ýËùÓжϵ㡣¹Ê¼üÈëbc * £¬»Ø³µ¡£°´ÏÂF5¡£TagRename³ÌÐò¼ÌÐø
ÔËÐС£³ÌÐò³öÏÖError¿ò£¨ÎÒÃǵÄÐÞ¸ÄÔÚÏÂÒ»´Î²ÅÉúЧ£©¡£ °´'Unlock'¼ü£¬'OK'¼ü¡£³öÏÖÒ»¸ö¶Ô»°¿ò¸ÐлÎÒÃÇ×¢²á 8^) ¡£ÎÒÃǵÄ×·×ÙÒ²µ½´Ë½áÊøÁË¡£Ñ¡Ôñ
TagRename ³ÌÐòÖеÄHELP > ABOUT£¬³öÏÖµÄABOUT¶Ô»°¿ò»áÏÔʾ Register to: McNy@Work ¡£
...
==> 017F:00456510 PUSH EBP file://´ËΪ¶Ïµã´¦£¬³ÌÐòÔÚÕâÀïÔÝÍ£¡£
017F:00456511 MOV EBP,ESP
...
...
017F:0045655F MOV EAX,ESI
017F:00456561 CALL 00402F68
017F:00456566 LEA EDX,[EBP-04]
017F:00456569 LEA EAX,[EBP-18]
017F:0045656C CALL 00456460 file://ÓÉÊäÈëS/N£¬²úÉú"ÊäÈëÂëÉú³É´®"µÄ
file://Ö÷Òªµ÷Óá£
017F:00456571 MOV DL,01
017F:00456573 MOV EAX,[00410060]
017F:0045657D MOV [EBP-08],EAX
017F:00456580 LEA EAX,[EBP-08]
017F:00456583 CALL 00456404
017F:00456588 MOV EDX,[EBP-04]
017F:0045658B MOV EAX,[EBP-08]
017F:0045658E MOV ECX,[EAX]
017F:00456590 CALL NEAR [ECX+50] file://±È½Ï"×¢²áÂëÉú³É´®'ºÍÁ½°ÙÓà¸ö
file://"ÕýÈ·µÄ´®"¡£
file://ÈôÈ«²¿²»Æ¥Åä·µ»ØEAX=FFFFFFFF
file://£¨ÄÚ²¿»áµ÷Óà Kernel32!CompareStringA£©
017F:00456593 INC EAX
**(A3)** 017F:00456594 JZ 0456598 file://EAX=0 ʱÌøת¡£ÎÒÃǸÄÕâÀï!!!
==> 017F:00456598 MOV BL,01 file://ÈôÉÏÒ»Ðв»Ìøת£¬Ôò×¢²áÂëÕýÈ·¡£
017F:0045659B CALL 00402F68
017F:004565A0 XOR EAX,EAX
017F:004565A2 POP EDX
017F:004565A3 POP ECX
017F:004565A4 POP ECX
017F:004565A5 MOV [FS:EAX],EDX
017F:004565A8 PUSH DWORD 004565BD
017F:004565AD LEA EAX,[EBP-04]
017F:004565B0 CALL 00403CEC
==> 017F:004565B5 RET file://È¥017f:004565BD !!!
017F:004565B6 JMP 004036C8
017F:004565BB JMP SHORT 004565AD
**(A4)** 017F:004565BD MOV EAX,EBX file://¹þ£¡ÔÀ´Êǽ«EBX¸³Öµ¸øEAX¡£
017F:004565BF POP ESI
017F:004565C0 POP EBX
017F:004565C1 POP ESP,EBP
017F:004565C3 POP EBP
017F:004565C4 RET file://·µ»Øµ½**(A2)**´¦
---------------------------------µÚ¶þ²¿·ÖÍê-----------------------------------------------
-------------------------------¡¾µÚÈý²¿·Ö£ºÖÆ×÷Loader¡¿-----------------------------------
±¾ÎIJÉÓÃR!SC µÄLoaderÔ´´úÂ룬²¢¸Ä±äÏàÓ¦µÄµØ·½£º £¨Ò»£©ÎÒÃÇÏÈÕûÀíÓɵÚÒ»¡¢¶þ²¿·ÖµÄ¸ú×ÙËùµÃµÄһЩÊý¾Ý£º
Ä¿±ê³ÌÐòÃû£ºTAGRENAME.EXE
Ð޸ĵĵØÖ·£º00456594h £¨h ´ú±íÊ®Áù½øÖÆÊý£©
Ëù×÷ÐÞ¸Ä £º7402 ==> 9090 £¨nopµÄ´úÂëÊÇ90£©
ÐÞ¸Ä×Ö½ÚÊý£º2
´Ó00456594ÆðµÄ10¸ö×Ö½ÚΪ£º74,02,B3,01,8B,45,F8,E8,C8,C9 £¨¶þ£©²½Ö裺
1£©ÔÚTASMµÄĿ¼ÖУ¬½¨Á¢Ò»¸öÎļþÃûΪloader.asm µÄÎı¾Îļþ£¨.asmÊÇÎļþÀ©Õ¹Ãû£© 2£©½«ÏÂÃæÁ½ÐÐ ;+++++++++++++ Ö®¼äµÄ´úÂëÈ«²¿¿½±´Õ³Ìùµ½loader.asmÖУ¬±£´æÎļþ¡£
3£©½«ÎÒÃÇ£¨Ò»£©ÖеÄËùÓÐ×ÊÁÏÌîÔÚloader.asmÖÐ**(B1)**´¦µÄÏàӦλÖá£
ÔÚ**(B2)**´¦£¬ÌîÈëÑÓʱ£¬Ïȼٶ¨1000 °É¡£Èô²»ÄÜÕý³£Ê¹ÓÃÔòÔÚµ÷Õû¡£
£¨µ÷ÕûÔÔò£ºLoader ¿ÉÒÔÔØÈëTagRename£¬µ«³ÌÐòÒÀȻûע²á¡£ ==> ¼õÉÙÑÓʱ (eg: 800)
Loader ²»ÄÜÕý³£ÔËÐУ¬³öÏÖERROR¿ò¡£ ==> Ôö¼ÓÑÓʱ (eg:1200)
£©
4£©ÔÚDOS Prompt ÖÐ £¬½øÈëTASMµÄĿ¼ÖÐ(±ÊÕßµÄĿ¼Ϊ£ºe:\tasm5),ÒÀ´Î¼üÈëÒÔÏÂ
Á½ÐÐÃüÁî¡£
tasm32 /ml loader.asm £¨±àÒ룩
tlink32 /Tpe /aa /c loader,loader,,e:\tasm5\import32.lib £¨Á¬½Ó£©
5£©³É¹¦µÄ»°£¬»áÔÚµ±Ç°Ä¿Â¼²úÉúÒ»¸öÃûΪloader.exeµÄÎļþ£¬½«Ëü¿½±´µ½Tag&RenameµÄ
Ŀ¼ÖУ¬¼´¿É¡£ÔËÐÐLoader,¿´¿´Äܲ»ÄÜÕý³£Ê¹Ó㬲»ÄÜÔòÔٴε÷ÕûÑÓʱ£¬ÖØбàÒë¡£
;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
; Requires Tasm 5.0 & import32.lib to compile
; tasm32 /ml loader.asm
; tlink32 /Tpe /aa /c loader,loader,, <path to> import32.lib
; replace <path to> with whatever... .386P
Locals
jumps .Model Flat ,StdCall
;Define the needed external functions and constants here.
Extrn MessageBoxA:PROC
Extrn WaitForInputIdle:PROC Extrn WriteProcessMemory:PROC
Extrn ReadProcessMemory:PROC
Extrn CreateProcessA:PROC
Extrn CloseHandle:PROC
Extrn ExitProcess:PROC ;-=-Normal data-=-=-=-=-=-=-=-=-=-=-=-=-=
.Data
CSiR_Tag db 'Tag&Rename 1.7 (Loader),by McNy@Work ',0
CSiR_Error db 'Error!!!',0
CSiR_Error1 db 'Something wrong!!...',0
OpenERR_txt db 'CreateProcess Error :(',0
ReadERR_txt db 'ReadProcessMemory Error :(',0
WriteERR_txt db 'WriteProcessMemory Error :P',0
VersionERR_txt db 'Incorrect Version of application :(',0
CSiR_ProcessInfo dd 4 dup (0) ;process handles
CSiR_StartupInfo db 48h dup (0) ;startup info for the process were opening
CSiR_RPBuffer db 10h dup (0) ;read buffer, for checking data ;-=-Patch datas-=-=-=-=-=-=-=-=-=-=-=-=-= CSiR_AppName db 'TAGRENAME.EXE',0 ; **(B1)**
mcny dd 00456594h ; address to read data from for version checking
sizeof dd 10 ; in the new process checkbytes db 074h,002h,0b3h,001h,08bh ; the bytes to check for
db 045h,0f8h,0e8h,0c8h,0c9h ; if there not there, we have the wrong version??
;-----
patch_data_1 db 90h,90h
patch_size_1 dd 2
patch_addr_1 dd 00456594h .Code
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Main:
push offset CSiR_Tag
mov dword ptr [CSiR_StartupInfo],44h ; (the size in bytes of the structure)
push offset CSiR_ProcessInfo ; Typedef struct _PROCESS_INFORMATION
push offset CSiR_StartupInfo ; Pointer to STARTUPINFO structure
push 0
push 0
push 20h ; Creation flags
push 0
push 0
push 0
push 0
push offset CSiR_AppName ; Pointer to name of executable mod
call CreateProcessA
test eax,eax
jz OpenERR Wait4Depack:
push 1000 ; **(B2)**
; Timeout (in milliseconds, -1 = infinate)
; Ô×÷ÕßΪ LARGE-1
; ÎÒµÄPCÉÏ¿ÉÒÔÓÃ800µ½1500¡£Äã×Ô¼ºÉèÒ»¸öÊý°É£¡
push dword ptr [CSiR_ProcessInfo]
call WaitForInputIdle
Check_Data: push 0 ; BytesRead
push dword ptr [sizeof] ; Length
push offset CSiR_RPBuffer ; Destination (to read them to)
push dword ptr [mcny] ; Source
push dword ptr [CSiR_ProcessInfo] ; Process whose memory we are to read
call ReadProcessMemory
test eax,eax
jz ReadERR
;...
;int 03 ;-)
cld
lea esi, CSiR_RPBuffer
lea edi, checkbytes
mov ecx, 10
rep cmpsb
jnz VersionERR
;...
Patch_the_mother:
push 0 ; Pointer to byteswritten (i like null though)
push dword ptr [patch_size_1] ; Length
push offset patch_data_1 ; Source
push dword ptr [patch_addr_1] ; Destination
push dword ptr [CSiR_ProcessInfo] ; Process whose memory we are to patch
call WriteProcessMemory ; Call Kernel32!WriteProcessMenory
test eax,eax
jz WriteERR
Close_This_app:
push dword ptr [CSiR_ProcessInfo]
call CloseHandle
push dword ptr [CSiR_ProcessInfo+4]
call CloseHandle
Exit_Proc:
Push LARGE-1
Call ExitProcess ;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
VersionERR:
lea eax, VersionERR_txt
jmp abort
ReadERR:
lea eax, ReadERR_txt
jmp abort
OpenERR:
lea eax, OpenERR_txt
jmp abort
WriteERR:
lea eax, WriteERR_txt
abort:
push 0
push offset CSiR_Error ; Title
push eax ; Message
push 0
call MessageBoxA jmp Close_This_app
End Main
;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------------------------------µÚÈý²¿·ÖÍê----------------------------------------------- ==========================================================================================
È«ÎĽáÊø£¨ÕâÊÇÎҵĴ¦Å®×÷£¬Óв»¶ÔµÄµØ·½£¬»¹Íû´ó¼Ò¶à¶àÖ¸ÕýÓë°üº!£© |