ZpPatch.dll源码(232C法过注册)

Eddy 发布于2010-8-13 2:45:33 分类: 加密解密 已浏览loading 网友评论1条 我要评论

ZpPatch.dll源码

.486
.model flat,stdcall
option casemap:none

; Include file

include zp.inc
include windows.inc
include kernel32.inc
includelib kernel32.lib

.data
Bak db 'abcdef'
hAddr dd ?
dwOld dd ?
dwNew dd ?

.const
szDllName db 'user32.dll',0
szAPIName db 'DialogBoxIndirectParamA',0

.code
DllEntry proc hInst:HINSTANCE, reason:DWORD, reserved1:DWORD
mov eax, hInst
mov hInstance, eax
.if reason==DLL_PROCESS_ATTACH
pushad
call Load
popad
.endif
mov eax, TRUE
ret
DllEntry Endp

; hook api
HookAPI proc

pushad
mov edi,offset Bak
mov ecx,5
rep movsb
invoke VirtualProtect,hAddr,6,dwOld,addr dwNew
popad
mov eax,232CH
ret 14H
ret

HookAPI endp

;导出函数
Load proc

invoke LoadLibrary,offset szDllName
invoke GetProcAddress,eax,offset szAPIName
mov hAddr,eax
invoke VirtualProtect,hAddr,6,PAGE_EXECUTE_READWRITE,addr dwOld

mov edi,offset Bak
mov esi,hAddr
mov ecx,5
rep movsb
mov edi,hAddr
mov eax,offset HookAPI
sub eax,edi
sub eax,5
mov byte ptr ds:[edi],0E9H
mov dword ptr ds:[edi+1],eax
ret

Load endp

End DllEntry

最后修改文件的导入表,添加ZpPatch.dll;最后Patch掉ZP的文件校验就OK。

已经有(1)位网友发表了评论,你也评一评吧!
原创文章如转载,请注明:转载自Eddy Blog
原文地址:http://www.rrgod.com/decryption/508.html     欢迎订阅Eddy Blog

关于 zp  源码  232C法  过注册  的相关文章

记住我的信息,下次不用再输入 欢迎给Eddy Blog留言