ZpPatch.dll源码(232C法过注册)

Eddy 发布于2010-8-13 2:45:33 分类: 加密解密 已浏览loading 网友评论1条 我要评论

ZpPatch.dll源码

[color=#b000b0].486[/color]
[color=#b000b0].model[/color] [color=#b000b0]flat[/color],[color=#b000b0]stdcall[/color]
[color=#b000b0]option[/color] [color=#b000b0]casemap[/color]:[color=#b000b0]none[/color]

[color=#008000]; Include file[/color]

[color=#b000b0]include[/color] zp.inc
[color=#b000b0]include[/color] windows.inc
[color=#b000b0]include[/color] kernel32.inc
[color=#b000b0]includelib[/color] kernel32.lib

[color=#b000b0].data[/color]
Bak [color=#b000b0]db[/color] [color=#808080]'abcdef'[/color]
hAddr [color=#b000b0]dd[/color] ?
dwOld [color=#b000b0]dd[/color] ?
dwNew [color=#b000b0]dd[/color] ?

[color=#b000b0].const[/color]
szDllName [color=#b000b0]db[/color] [color=#808080]'user32.dll'[/color],0
szAPIName [color=#b000b0]db[/color] [color=#808080]'DialogBoxIndirectParamA'[/color],0

[color=#b000b0].code[/color]
DllEntry [color=#b000b0]proc[/color] hInst:HINSTANCE, reason:[color=#b000b0]DWORD[/color], reserved1:[color=#b000b0]DWORD[/color]
[color=#0000D0]mov[/color] [color=#FF0000]eax[/color], hInst
[color=#0000D0]mov[/color] hInstance, [color=#FF0000]eax[/color]
[color=#b000b0].if[/color] reason==DLL_PROCESS_ATTACH
[color=#0000D0]pushad[/color]
[color=#0000D0]call[/color] Load
[color=#0000D0]popad[/color]
[color=#b000b0].endif[/color]
[color=#0000D0]mov[/color] [color=#FF0000]eax[/color], [color=#b000b0]TRUE[/color]
[color=#0000D0]ret[/color]
DllEntry [color=#b000b0]Endp[/color]

[color=#008000]; hook api[/color]
HookAPI [color=#b000b0]proc[/color]

[color=#0000D0]pushad[/color]
[color=#0000D0]mov[/color] [color=#FF0000]edi[/color],[color=#b000b0]offset[/color] Bak
[color=#0000D0]mov[/color] [color=#FF0000]ecx[/color],5
[color=#0000D0]rep[/color] [color=#0000D0]movsb[/color]
[color=#b000b0]invoke[/color] [color=#000080]VirtualProtect[/color],hAddr,6,dwOld,[color=#b000b0]addr[/color] dwNew
[color=#0000D0]popad[/color]
[color=#0000D0]mov[/color] [color=#FF0000]eax[/color],232CH
[color=#0000D0]ret[/color] 14H
[color=#0000D0]ret[/color]

HookAPI [color=#b000b0]endp[/color]

[color=#008000];导出函数[/color]
Load [color=#b000b0]proc[/color]

[color=#b000b0]invoke[/color] [color=#000080]LoadLibrary[/color],[color=#b000b0]offset[/color] szDllName
[color=#b000b0]invoke[/color] [color=#000080]GetProcAddress[/color],[color=#FF0000]eax[/color],[color=#b000b0]offset[/color] szAPIName
[color=#0000D0]mov[/color] hAddr,[color=#FF0000]eax[/color]
[color=#b000b0]invoke[/color] [color=#000080]VirtualProtect[/color],hAddr,6,PAGE_EXECUTE_READWRITE,[color=#b000b0]addr[/color] dwOld

[color=#0000D0]mov[/color] [color=#FF0000]edi[/color],[color=#b000b0]offset[/color] Bak
[color=#0000D0]mov[/color] [color=#FF0000]esi[/color],hAddr
[color=#0000D0]mov[/color] [color=#FF0000]ecx[/color],5
[color=#0000D0]rep[/color] [color=#0000D0]movsb[/color]
[color=#0000D0]mov[/color] [color=#FF0000]edi[/color],hAddr
[color=#0000D0]mov[/color] [color=#FF0000]eax[/color],[color=#b000b0]offset[/color] HookAPI
[color=#0000D0]sub[/color] [color=#FF0000]eax[/color],[color=#FF0000]edi[/color]
[color=#0000D0]sub[/color] [color=#FF0000]eax[/color],5
[color=#0000D0]mov[/color] [color=#b000b0]byte[/color] [color=#b000b0]ptr[/color] [color=#FF0000]ds[/color]:[[color=#FF0000]edi[/color]],0E9H
[color=#0000D0]mov[/color] [color=#b000b0]dword[/color] [color=#b000b0]ptr[/color] [color=#FF0000]ds[/color]:[[color=#FF0000]edi[/color]+1],[color=#FF0000]eax[/color]
[color=#0000D0]ret[/color]

Load [color=#b000b0]endp[/color]

[color=#b000b0]End[/color] DllEntry

最后修改文件的导入表,添加ZpPatch.dll;最后Patch掉ZP的文件校验就OK。

已经有(1)位网友发表了评论,你也评一评吧!
原创文章如转载,请注明:转载自Eddy Blog
原文地址:http://www.rrgod.com/decryption/508.html     欢迎订阅Eddy Blog

关于 zp  源码  232C法  过注册  的相关文章

到目前为止,已经有1位网友留下了痕迹。
记住我的信息,下次不用再输入 欢迎给Eddy Blog留言