📄 jishiben.txt
字号:
.code
Start:
mov eax,fs:[30h] ; PEB
mov eax,[eax+0ch] ; LDR table
mov esi,[eax+1ch] ; InInitOrder.flink
lodsd
mov edi,[eax+8h] ; Base Krnl32
mov eax,[edi+3ch] ; PE header
mov edx,[edi+eax+78h]
add edx,edi ; Export table addr
mov ecx,[edx+18h] ; count
mov ebx,[edx+20h]
add ebx,edi ; first strptr
search:
dec ecx
mov esi,[ebx+ecx*4]
add esi,edi
cmp [esi],50746547h ; 'PteG'
jne search
cmp [esi+4],41636f72h
jne search ; 'Acor'
mov ebx,[edx+24h]
add ebx,edi ; AddressOfNameOrdinals
mov cx,[ebx+ecx*2]
mov ebx,[edx+1ch]
add ebx,edi ; AddressOfFunction
mov eax,[ebx+ecx*4]
add eax,edi
mov esi,eax ; addr GetProcAddress
push 0
push 0
push 00797261h
push 7262694ch
push 65657246h ; FreeLibrary
push esp
push edi
call esi
mov [esp+16],eax
pop ecx
push 64616f4ch ; LoadLibraryA
mov byte ptr [esp+11],41h
push esp
push edi
call esi
push 00003233h
push 72657375h ; user32
push esp
call eax
mov edi,eax ; addr user32
push 0041786fh
push 42656761h
push 7373654dh ; MessageBoxA
push esp
push edi
call esi
push 00ced3bbh
push 0d2cbb4bdh
push 0b520796fh
push 62656369h ; iceboy were here
mov ecx,esp
push 40h
push ecx
push ecx
push 0
call eax
add esp,34h
pop eax
push edi
call eax
retn
end Start⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -