📄 ntice.txt
字号:
* Possible StringData Ref from Data Obj ->"Software\NuMega\SoftIce"
|
:1001F779 6854860710 push 10078654
:1001F77E 6802000080 push 80000002
* Reference To: ADVAPI32.RegOpenKeyExA, Ord:0172h
|
:1001F783 FF1504B00610 Call dword ptr [1006B004]
:1001F789 85C0 test eax, eax
:1001F78B 7535 jne 1001F7C2
:1001F78D 8B542404 mov edx, dword ptr [esp+04]
:1001F791 8D4C2408 lea ecx, dword ptr [esp+08]
:1001F795 51 push ecx
:1001F796 68A4DD1F10 push 101FDDA4
:1001F79B 50 push eax
:1001F79C 50 push eax
* Possible StringData Ref from Data Obj ->"Serial"
|
:1001F79D 684C860710 push 1007864C
:1001F7A2 52 push edx
* Reference To: ADVAPI32.RegQueryValueExA, Ord:017Bh // 不言而喻,取安装序列号,我的78228510DD9D
|
:1001F7A3 FF1500B00610 Call dword ptr [1006B000]
:1001F7A9 85C0 test eax, eax
:1001F7AB 7515 jne 1001F7C2
:1001F7AD 8B442404 mov eax, dword ptr [esp+04]
:1001F7B1 C705A0DD1F1001000000 mov dword ptr [101FDDA0], 00000001
:1001F7BB 50 push eax
* Reference To: ADVAPI32.RegCloseKey, Ord:015Bh
|
:1001F7BC FF1508B00610 Call dword ptr [1006B008]
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:1001F76E(C), :1001F78B(C), :1001F7AB(C)
|
:1001F7C2 68A4DD1F10 push 101FDDA4
:1001F7C7 8D4C2410 lea ecx, dword ptr [esp+10]
* Possible StringData Ref from Data Obj ->"\\.\NTICE"
|
:1001F7CB 6840860710 push 10078640
:1001F7D0 51 push ecx
:1001F7D1 E83A000000 call 1001F810 // 此处计算
:1001F7D6 83C40C add esp, 0000000C
:1001F7D9 8D54240C lea edx, dword ptr [esp+0C]
:1001F7DD 6A00 push 00000000
:1001F7DF 6880000000 push 00000080
:1001F7E4 6A03 push 00000003
:1001F7E6 6A00 push 00000000
:1001F7E8 6A03 push 00000003
:1001F7EA 6800000080 push 80000000
:1001F7EF 52 push edx // 经过计算是:\\.\NTICED052
:1001F7F0 FFD6 call esi // Createfilea
:1001F7F2 8BF0 mov esi, eax
:1001F7F4 83FEFF cmp esi, FFFFFFFF // 非-1说明softice激活
:1001F7F7 750B jne 1001F804
:1001F7F9 68010058A6 push A6580001
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -