昨天在一个朋友那里看到这么个东西,但是要修改主页,于是用od跟了下,吧设置主页的代码给ko了。大家还是支持原版吧,毕竟写个软件不容易,这里贴出分析代码。需要的可以从下面下载~
猛击次此处下载程序!
关键代码:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | 00443C3F . BA D08E4100 MOV EDX,魔兽争霸.00418ED0 ; UNICODE "Start Page" 00443C44 . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C] 00443C47 . FFD6 CALL ESI ; MSVBVM60.__vbaStrCopy; <&MSVBVM60.__vbaStrCopy> 00443C49 . BA 548E4100 MOV EDX,魔兽争霸.00418E54 ; UNICODE "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main" 00443C4E . 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18] 00443C51 . FFD6 CALL ESI ; MSVBVM60.__vbaStrCopy 00443C53 . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C] 00443C56 . 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18] 00443C59 . 51 PUSH ECX 00443C5A . 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50] 00443C5D . 52 PUSH EDX 00443C5E . 50 PUSH EAX 00443C5F . E8 3C000100 CALL 魔兽争霸.00453CA0 00443C64 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50] 00443C67 . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70] 00443C6A . 51 PUSH ECX 00443C6B . 52 PUSH EDX 00443C6C . C745 98 74494100 MOV DWORD PTR SS:[EBP-68],魔兽争霸.00414974 ; UNICODE "http://www.7760.com/m.asp?f=wow" 00443C73 . C745 90 08800000 MOV DWORD PTR SS:[EBP-70],8008 00443C7A . FF15 F4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTstNe>] ; MSVBVM60.__vbaVarTstNe 00443C80 . 66:8BF0 MOV SI,AX 00443C83 . 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C] 00443C86 . 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18] 00443C89 . 50 PUSH EAX 00443C8A . 51 PUSH ECX 00443C8B . 6A 02 PUSH 2 00443C8D . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStrList>>; MSVBVM60.__vbaFreeStrList 00443C93 . 83C4 0C ADD ESP,0C 00443C96 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50] 00443C99 . FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar 00443C9F . 66:3BF7 CMP SI,DI 00443CA2 E9 8A000000 JMP 魔兽争霸.00443D31 ; 关键条 jmp 00443CA7 90 NOP 00443CA8 . 393D D0844500 CMP DWORD PTR DS:[4584D0],EDI |
ps:现实给我造成了太多的错觉~
