微信好友圈刷赞软件2013-2014永久免费版(假软件的分析)
本帖最后由 珈蓝夜雨 于 2014-8-6 00:23 编辑本来想找刷微信的软件找到一个发现就是一个假软件。地址:
解压后 看目录图标就知道,上面是百度卫士。又一个做推广的。估计这个软件就每个好鸟。
名不副实。。咋成刷钻的了。
获取本机的用户名,估计有猫腻。
随便输入提示错误
OD载入,运行,查字符串
00404EF6 68 783D4000 push 刷钻软件.00403D78 ; admin// 直接明文比较 admin
00404EFB FF15 64104000 call dword ptr ds: ; msvbvm60.__vbaStrCmp
00404F01 8BF0 mov esi,eax
00404F03 8D4D D8 lea ecx,dword ptr ss:
00404F06 F7DE neg esi
00404F08 1BF6 sbb esi,esi
00404F0A 46 inc esi
00404F0B F7DE neg esi
00404F0D FF15 EC104000 call dword ptr ds: ; msvbvm60.__vbaFreeStr
00404F13 8D4D D4 lea ecx,dword ptr ss:
00404F16 FF15 F0104000 call dword ptr ds: ; msvbvm60.__vbaFreeObj
00404F1C 66:3BF7 cmp si,di
00404F1F 0F84 DA010000 je 刷钻软件.004050FF //这个跳转是跳到错误信息框
00404F25 393D 70634000 cmp dword ptr ds:,edi
00404F2B 75 10 jnz short 刷钻软件.00404F3D
00404F2D 68 70634000 push 刷钻软件.00406370 ; L沼
00404F32 68 B43D4000 push 刷钻软件.00403DB4
00404F37 FF15 A8104000 call dword ptr ds: ; msvbvm60.__vbaNew2
00404F3D 8B35 70634000 mov esi,dword ptr ds: ; L沼
00404F43 8D55 D4 lea edx,dword ptr ss:
00404F46 52 push edx
00404F47 56 push esi
00404F48 8B0E mov ecx,dword ptr ds:
00404F4A FF51 14 call dword ptr ds:
00404F4D 3BC7 cmp eax,edi
00404F4F DBE2 fclex
00404F51 7D 0B jge short 刷钻软件.00404F5E
00404F53 6A 14 push 0x14
00404F55 68 A43D4000 push 刷钻软件.00403DA4
00404F5A 56 push esi
00404F5B 50 push eax
00404F5C FFD3 call ebx
00404F5E 8B45 D4 mov eax,dword ptr ss:
00404F61 8D55 D8 lea edx,dword ptr ss:
00404F64 52 push edx
00404F65 50 push eax
00404F66 8B08 mov ecx,dword ptr ds:
00404F68 8BF0 mov esi,eax
00404F6A FF51 58 call dword ptr ds:
00404F6D 3BC7 cmp eax,edi
00404F6F DBE2 fclex
00404F71 7D 0B jge short 刷钻软件.00404F7E
00404F73 6A 58 push 0x58
00404F75 68 C43D4000 push 刷钻软件.00403DC4
00404F7A 56 push esi
00404F7B 50 push eax
00404F7C FFD3 call ebx
00404F7E 8B3D 30104000 mov edi,dword ptr ds: ; msvbvm60.__vbaStrCat
00404F84 B8 0A000000 mov eax,0xA
00404F89 8945 94 mov dword ptr ss:,eax
00404F8C 8945 A4 mov dword ptr ss:,eax
00404F8F 8945 B4 mov dword ptr ss:,eax
00404F92 8B45 D8 mov eax,dword ptr ss:
00404F95 B9 04000280 mov ecx,0x80020004
00404F9A 68 883D4000 push 刷钻软件.00403D88 ; 欢迎使用
00404F9F 50 push eax
00404FA0 894D 9C mov dword ptr ss:,ecx
00404FA3 894D AC mov dword ptr ss:,ecx
00404FA6 894D BC mov dword ptr ss:,ecx
00404FA9 FFD7 call edi
00404FAB 8D4D 94 lea ecx,dword ptr ss:
00404FAE 8945 CC mov dword ptr ss:,eax
00404FB1 8D55 A4 lea edx,dword ptr ss:
00404FB4 51 push ecx
00404FB5 8D45 B4 lea eax,dword ptr ss:
00404FB8 52 push edx
00404FB9 50 push eax
00404FBA 8D4D C4 lea ecx,dword ptr ss:
00404FBD BB 08000000 mov ebx,0x8
00404FC2 6A 40 push 0x40
00404FC4 51 push ecx
00404FC5 895D C4 mov dword ptr ss:,ebx
00404FC8 FF15 48104000 call dword ptr ds: ; msvbvm60.rtcMsgBox
00404FCE 8D4D D8 lea ecx,dword ptr ss:
00404FD1 FF15 EC104000 call dword ptr ds: ; msvbvm60.__vbaFreeStr
00404FD7 8D4D D4 lea ecx,dword ptr ss:
00404FDA FF15 F0104000 call dword ptr ds: ; msvbvm60.__vbaFreeObj
00404FE0 8D55 94 lea edx,dword ptr ss:
00404FE3 8D45 A4 lea eax,dword ptr ss:
00404FE6 52 push edx
00404FE7 8D4D B4 lea ecx,dword ptr ss:
00404FEA 50 push eax
00404FEB 8D55 C4 lea edx,dword ptr ss:
00404FEE 51 push ecx
00404FEF 52 push edx
00404FF0 6A 04 push 0x4
00404FF2 FF15 1C104000 call dword ptr ds: ; msvbvm60.__vbaFreeVarList
00404FF8 A1 70634000 mov eax,dword ptr ds: ; L沼
00404FFD 83C4 14 add esp,0x14
00405000 85C0 test eax,eax
00405002 75 10 jnz short 刷钻软件.00405014
00405004 68 70634000 push 刷钻软件.00406370 ; L沼
00405009 68 B43D4000 push 刷钻软件.00403DB4
0040500E FF15 A8104000 call dword ptr ds: ; msvbvm60.__vbaNew2
00405014 8B35 70634000 mov esi,dword ptr ds: ; L沼
0040501A 8D4D D4 lea ecx,dword ptr ss:
0040501D 51 push ecx
0040501E 56 push esi
0040501F 8B06 mov eax,dword ptr ds:
00405021 FF50 14 call dword ptr ds:
00405024 85C0 test eax,eax
00405026 DBE2 fclex
00405028 7D 0F jge short 刷钻软件.00405039
0040502A 6A 14 push 0x14
0040502C 68 A43D4000 push 刷钻软件.00403DA4
00405031 56 push esi
00405032 50 push eax
00405033 FF15 38104000 call dword ptr ds: ; msvbvm60.__vbaHresultCheckObj
00405039 8B45 D4 mov eax,dword ptr ss:
0040503C 8D4D D8 lea ecx,dword ptr ss:
0040503F 51 push ecx
00405040 50 push eax
00405041 8B10 mov edx,dword ptr ds:
00405043 8BF0 mov esi,eax
00405045 FF52 50 call dword ptr ds:
00405048 85C0 test eax,eax
0040504A DBE2 fclex
0040504C 7D 0F jge short 刷钻软件.0040505D
0040504E 6A 50 push 0x50
00405050 68 C43D4000 push 刷钻软件.00403DC4
00405055 56 push esi
00405056 50 push eax
00405057 FF15 38104000 call dword ptr ds: ; msvbvm60.__vbaHresultCheckObj
0040505D 8B55 D8 mov edx,dword ptr ss:
00405060 52 push edx
00405061 68 D83D4000 push 刷钻软件.00403DD8 ; \TOMCTML32.OCX.exe
00405066 FFD7 call edi
00405068 8945 CC mov dword ptr ss:,eax
0040506B 8D45 C4 lea eax,dword ptr ss:
0040506E 6A 01 push 0x1
00405070 50 push eax
00405071 895D C4 mov dword ptr ss:,ebx
00405074 FF15 84104000 call dword ptr ds: ; msvbvm60.rtcShell
0040507A DD5D 8C fstp qword ptr ss:
0040507D 8D55 84 lea edx,dword ptr ss:
00405080 8D4D DC lea ecx,dword ptr ss:
00405083 C745 84 0500000>mov dword ptr ss:,0x5
0040508A FF15 0C104000 call dword ptr ds: ; msvbvm60.__vbaVarMove
00405090 8D4D D8 lea ecx,dword ptr ss:
00405093 FF15 EC104000 call dword ptr ds: ; msvbvm60.__vbaFreeStr
00405099 8B3D F0104000 mov edi,dword ptr ds: ; msvbvm60.__vbaFreeObj
0040509F 8D4D D4 lea ecx,dword ptr ss:
004050A2 FFD7 call edi
004050A4 8D4D C4 lea ecx,dword ptr ss:
004050A7 FF15 10104000 call dword ptr ds: ; msvbvm60.__vbaFreeVar
004050AD A1 70634000 mov eax,dword ptr ds: ; L沼
004050B2 85C0 test eax,eax
004050B4 75 10 jnz short 刷钻软件.004050C6
004050B6 68 70634000 push 刷钻软件.00406370 ; L沼
004050BB 68 B43D4000 push 刷钻软件.00403DB4
004050C0 FF15 A8104000 call dword ptr ds: ; msvbvm60.__vbaNew2
004050C6 8B4D 08 mov ecx,dword ptr ss:
004050C9 8B35 70634000 mov esi,dword ptr ds: ; L沼
004050CF 8D55 D4 lea edx,dword ptr ss:
004050D2 51 push ecx
004050D3 8B1E mov ebx,dword ptr ds:
004050D5 52 push edx
004050D6 FF15 50104000 call dword ptr ds: ; msvbvm60.__vbaObjSetAddref
004050DC 50 push eax
004050DD 56 push esi
004050DE FF53 10 call dword ptr ds:
004050E1 85C0 test eax,eax
004050E3 DBE2 fclex
004050E5 7D 0F jge short 刷钻软件.004050F6
004050E7 6A 10 push 0x10
004050E9 68 A43D4000 push 刷钻软件.00403DA4
004050EE 56 push esi
004050EF 50 push eax
004050F0 FF15 38104000 call dword ptr ds: ; msvbvm60.__vbaHresultCheckObj
004050F6 8D4D D4 lea ecx,dword ptr ss:
004050F9 FFD7 call edi
004050FB 33FF xor edi,edi
004050FD EB 69 jmp short 刷钻软件.00405168
004050FF B9 04000280 mov ecx,0x80020004
00405104 B8 0A000000 mov eax,0xA
00405109 894D 9C mov dword ptr ss:,ecx
0040510C 894D AC mov dword ptr ss:,ecx
0040510F 894D BC mov dword ptr ss:,ecx
00405112 8D55 84 lea edx,dword ptr ss:
00405115 8D4D C4 lea ecx,dword ptr ss:
00405118 8945 94 mov dword ptr ss:,eax
0040511B 8945 A4 mov dword ptr ss:,eax
0040511E 8945 B4 mov dword ptr ss:,eax
00405121 C745 8C 043E400>mov dword ptr ss:,刷钻软件.00403E0>; 请输入正确的用户名和密码!
00405128 C745 84 0800000>mov dword ptr ss:,0x8
0040512F FF15 CC104000 call dword ptr ds: ; msvbvm60.__vbaVarDup
00405135 8D45 94 lea eax,dword ptr ss:
00405138 8D4D A4 lea ecx,dword ptr ss:
还刷钻,点也没功能,其实下面就是给他刷广告,大家以后遇到这类软件注意下,没个好鸟。。。
现在这些种东西太多没办法 赤裸裸的骗子,Y 的 这样的软件很坑人啊! 果断的骗子、、 作者没节操啊 没有节操的程序猿 我才不信呢
页:
[1]
2