昨天在一个朋友那里看到这么个东西,但是要修改主页,于是用od跟了下,吧设置主页的代码给ko了。大家还是支持原版吧,毕竟写个软件不容易,这里贴出分析代码。需要的可以从下面下载~
猛击次此处下载程序!
关键代码:
00443C3F . BA D08E4100 MOV EDX,魔兽争霸.00418ED0 ; UNICODE "Start Page"
00443C44 . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
00443C47 . FFD6 CALL ESI ; MSVBVM60.__vbaStrCopy; <&MSVBVM60.__vbaStrCopy>
00443C49 . BA 548E4100 MOV EDX,魔兽争霸.00418E54 ; UNICODE "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main"
00443C4E . 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
00443C51 . FFD6 CALL ESI ; MSVBVM60.__vbaStrCopy
00443C53 . 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
00443C56 . 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
00443C59 . 51 PUSH ECX
00443C5A . 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
00443C5D . 52 PUSH EDX
00443C5E . 50 PUSH EAX
00443C5F . E8 3C000100 CALL 魔兽争霸.00453CA0
00443C64 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
00443C67 . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70]
00443C6A . 51 PUSH ECX
00443C6B . 52 PUSH EDX
00443C6C . C745 98 74494100 MOV DWORD PTR SS:[EBP-68],魔兽争霸.00414974 ; UNICODE "http://www.7760.com/m.asp?f=wow"
00443C73 . C745 90 08800000 MOV DWORD PTR SS:[EBP-70],8008
00443C7A . FF15 F4114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTstNe>] ; MSVBVM60.__vbaVarTstNe
00443C80 . 66:8BF0 MOV SI,AX
00443C83 . 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
00443C86 . 8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
00443C89 . 50 PUSH EAX
00443C8A . 51 PUSH ECX
00443C8B . 6A 02 PUSH 2
00443C8D . FF15 E0114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStrList>>; MSVBVM60.__vbaFreeStrList
00443C93 . 83C4 0C ADD ESP,0C
00443C96 . 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
00443C99 . FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
00443C9F . 66:3BF7 CMP SI,DI
00443CA2 E9 8A000000 JMP 魔兽争霸.00443D31 ; 关键条 jmp
00443CA7 90 NOP
00443CA8 . 393D D0844500 CMP DWORD PTR DS:[4584D0],EDI
ps:现实给我造成了太多的错觉~