QQ消息防撤回 QQ群消息也防
本帖最后由 gunxsword 于 2019-1-19 22:28 编辑看了论坛上一个大佬的贴子,了解了如何实现QQ消息防撤回,不过试过之后发现只有好友发的能防,QQ群的消息,别人还是可以撤回,所以自己继续分析了一下
那些复杂的工作,都是别人做的,所以我也不写原创什么的了,算是分享一下吧.废话不多说,直接上破解记录
原贴地址:https://www.52pojie.cn/thread-702082-1-1.html
以下信息,对应的QQ版本是,8.9.6(22427)
bin\im.dll当前模块地址:0x64780000
好友发送的消息防撤回:
tencent.im.msgrevoke.UinTypeUserDef字符串特征码
647C94AE .55 PUSH EBP
647C94AF .8BEC MOV EBP, ESP
647C94B1 .83EC 10 SUB ESP, 10
647C94B4 .B8 10020000 MOV EAX, 210
647C94B9 .894D F0 MOV DWORD PTR SS:, ECX
647C94BC .66:3945 08 CMP WORD PTR SS:, AX
647C94C0 .0F85 AE010000 JNZ IM.647C9674
647C94C6 .817D 0C 8A000>CMP DWORD PTR SS:, 8A
647C94CD 74 0D JE SHORT IM.647C94DC //这里修改比较好,别人发给自己时,这里会跳,自己发给别人撤回时,不会跳,所以,这里直接NOP就行了
647C94CF .817D 0C 8B000>CMP DWORD PTR SS:, 8B
647C94D6 .0F85 98010000 JNZ IM.647C9674
647C94DC >56 PUSH ESI
647C94DD .57 PUSH EDI
647C94DE .FF75 0C PUSH DWORD PTR SS:
647C94E1 .50 PUSH EAX
647C94E2 .68 40DEA864 PUSH IM.64A8DE40 ;O
647C94E7 .FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C94ED .6A 02 PUSH 2
647C94EF .68 08B1A764 PUSH IM.64A7B108 ;f
647C94F4 .68 38020000 PUSH 238
647C94F9 .68 14B1A764 PUSH IM.64A7B114 ;f
647C94FE .E8 FAE5FFFF CALL IM.647C7AFD
647C9503 .8B75 14 MOV ESI, DWORD PTR SS:
647C9506 .8D4D F4 LEA ECX, DWORD PTR SS:
647C9509 .83C4 20 ADD ESP, 20
647C950C .33FF XOR EDI, EDI
647C950E .897D F4 MOV DWORD PTR SS:, EDI
647C9511 .8B06 MOV EAX, DWORD PTR DS:
647C9513 .51 PUSH ECX
647C9514 ?68 B0DEA864 PUSH IM.64A8DEB0 ;bytes_reserved //关键的一处,如果在这个地方修改,也可以防撤回
647C9519 .56 PUSH ESI
647C951A .FF50 78 CALL DWORD PTR DS:
647C951D >85C0 TEST EAX, EAX
647C951F .79 39 JNS SHORT IM.647C955A
647C9521 .8D45 0C LEA EAX, DWORD PTR SS:
647C9524 .C745 0C C0DEA>MOV DWORD PTR SS:, IM.64A8DEC0 ;O
647C952B .50 PUSH EAX
647C952C .68 1CB0A764 PUSH IM.64A7B01C ;%
647C9531 .FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C9537 .6A 02 PUSH 2
647C9539 .68 08B1A764 PUSH IM.64A7B108 ;f
647C953E .68 3D020000 PUSH 23D
647C9543 .68 14B1A764 PUSH IM.64A7B114 ;f
647C9548 .E8 C0DBFBFF CALL IM.6478710D
647C954D .83C4 1C ADD ESP, 1C
647C9550 .BF 05400080 MOV EDI, 80004005
647C9555 .E9 0C010000 JMP IM.647C9666
647C955A >8D45 F8 LEA EAX, DWORD PTR SS:
647C955D .897D F8 MOV DWORD PTR SS:, EDI
647C9560 .50 PUSH EAX
647C9561 .E8 8B2DFEFF CALL IM.647AC2F1
647C9566 .59 POP ECX
647C9567 .85C0 TEST EAX, EAX
647C9569 .75 39 JNZ SHORT IM.647C95A4
647C956B .8D45 0C LEA EAX, DWORD PTR SS:
647C956E .C745 0C 28DFA>MOV DWORD PTR SS:, IM.64A8DF28 ;O
647C9575 .50 PUSH EAX
647C9576 .68 1CB0A764 PUSH IM.64A7B01C ;%
647C957B .FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C9581 .6A 02 PUSH 2
647C9583 .68 08B1A764 PUSH IM.64A7B108 ;f
647C9588 .68 44020000 PUSH 244
647C958D .68 14B1A764 PUSH IM.64A7B114 ;f
647C9592 .E8 76DBFBFF CALL IM.6478710D
647C9597 .83C4 1C ADD ESP, 1C
647C959A .BF 05400080 MOV EDI, 80004005
647C959F .E9 BA000000 JMP IM.647C965E
647C95A4 >8B45 F8 MOV EAX, DWORD PTR SS:
647C95A7 .8D55 FC LEA EDX, DWORD PTR SS:
647C95AA .52 PUSH EDX
647C95AB .FF75 F4 PUSH DWORD PTR SS:
647C95AE .897D FC MOV DWORD PTR SS:, EDI
647C95B1 .8B08 MOV ECX, DWORD PTR DS:
647C95B3 .68 94DFA864 PUSH IM.64A8DF94 ;tencent.im.msgrevoke.UinTypeUserDef //特征码
647C95B8 .50 PUSH EAX
647C95B9 .FF51 20 CALL DWORD PTR DS:
647C95BC .85C0 TEST EAX, EAX
647C95BE .79 36 JNS SHORT IM.647C95F6
647C95C0 .8D45 0C LEA EAX, DWORD PTR SS:
647C95C3 .C745 0C B8DFA>MOV DWORD PTR SS:, IM.64A8DFB8 ;O
647C95CA .50 PUSH EAX
647C95CB .68 1CB0A764 PUSH IM.64A7B01C ;%
647C95D0 .FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C95D6 .6A 02 PUSH 2
647C95D8 .68 08B1A764 PUSH IM.64A7B108 ;f
647C95DD .68 4C020000 PUSH 24C
647C95E2 .68 14B1A764 PUSH IM.64A7B114 ;f
647C95E7 .E8 21DBFBFF CALL IM.6478710D
647C95EC .83C4 1C ADD ESP, 1C
647C95EF .BF 05400080 MOV EDI, 80004005
647C95F4 .EB 60 JMP SHORT IM.647C9656
647C95F6 >8D45 08 LEA EAX, DWORD PTR SS:
647C95F9 .897D 08 MOV DWORD PTR SS:, EDI
647C95FC .50 PUSH EAX
647C95FD .FF15 8C90A764 CALL DWORD PTR DS:[<&Common.Util::Data::C>;Common.Util::Data::CreateTXData
647C9603 .8B06 MOV EAX, DWORD PTR DS:
647C9605 .59 POP ECX
647C9606 .FF75 08 PUSH DWORD PTR SS:
647C9609 .56 PUSH ESI
647C960A .FF90 CC000000 CALL DWORD PTR DS:
647C9610 .8B45 08 MOV EAX, DWORD PTR SS:
647C9613 .FF75 FC PUSH DWORD PTR SS:
647C9616 .68 34E0A864 PUSH IM.64A8E034 ;UserDefData
647C961B .8B08 MOV ECX, DWORD PTR DS:
647C961D .50 PUSH EAX
647C961E .FF91 70010000 CALL DWORD PTR DS:
647C9624 .8B75 10 MOV ESI, DWORD PTR SS:
647C9627 .33C0 XOR EAX, EAX
647C9629 .817D 0C 8B000>CMP DWORD PTR SS:, 8B
647C9630 .0F94C0 SETE AL
647C9633 .8B0E MOV ECX, DWORD PTR DS:
647C9635 .50 PUSH EAX
647C9636 .68 40E0A864 PUSH IM.64A8E040 ;bFromMySelf
647C963B .56 PUSH ESI
647C963C .FF91 F0000000 CALL DWORD PTR DS:
647C9642 .8B4D F0 MOV ECX, DWORD PTR SS:
647C9645 .56 PUSH ESI
647C9646 .FF75 08 PUSH DWORD PTR SS:
647C9649 .E8 BCF5FFFF CALL IM.647C8C0A
647C964E .8D4D 08 LEA ECX, DWORD PTR SS:
647C9651 .E8 399EFDFF CALL IM.647A348F
647C9656 >8D4D FC LEA ECX, DWORD PTR SS:
647C9659 .E8 319EFDFF CALL IM.647A348F
647C965E >8D4D F8 LEA ECX, DWORD PTR SS:
647C9661 .E8 299EFDFF CALL IM.647A348F
647C9666 >8D4D F4 LEA ECX, DWORD PTR SS:
647C9669 .E8 219EFDFF CALL IM.647A348F
647C966E .8BC7 MOV EAX, EDI
647C9670 .5F POP EDI
647C9671 .5E POP ESI
647C9672 .EB 05 JMP SHORT IM.647C9679
647C9674 >B8 05400080 MOV EAX, 80004005
647C9679 >8BE5 MOV ESP, EBP
647C967B .5D POP EBP
647C967C .C2 1000 RETN 10
QQ群防撤回:
tencent.im.msgrevoke.MsgInfoUserDef
647C8F8B/.55 PUSH EBP
647C8F8C|.8BEC MOV EBP, ESP
647C8F8E|.83EC 18 SUB ESP, 18
647C8F91|.53 PUSH EBX
647C8F92|.56 PUSH ESI
647C8F93|.57 PUSH EDI
647C8F94|.8D45 E8 LEA EAX, DWORD PTR SS:
647C8F97|.C745 E8 50E0A>MOV DWORD PTR SS:, IM.64A8E050 ;E
647C8F9E|.50 PUSH EAX
647C8F9F|.68 1CB0A764 PUSH IM.64A7B01C ;%
647C8FA4|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C8FAA|.8BF9 MOV EDI, ECX
647C8FAC|.6A 03 PUSH 3
647C8FAE|.68 08B1A764 PUSH IM.64A7B108 ;f
647C8FB3|.68 5C020000 PUSH 25C
647C8FB8|.68 14B1A764 PUSH IM.64A7B114 ;f
647C8FBD|.E8 4BE1FBFF CALL IM.6478710D
647C8FC2|.8B75 08 MOV ESI, DWORD PTR SS:
647C8FC5|.8D45 F4 LEA EAX, DWORD PTR SS:
647C8FC8|.50 PUSH EAX
647C8FC9|.FF75 10 PUSH DWORD PTR SS:
647C8FCC|.33DB XOR EBX, EBX
647C8FCE|.56 PUSH ESI
647C8FCF|.895D F4 MOV DWORD PTR SS:, EBX
647C8FD2|.E8 8EE6FFFF CALL IM.647C7665
647C8FD7|.83C4 28 ADD ESP, 28
647C8FDA|.85C0 TEST EAX, EAX
647C8FDC|.75 34 JNZ SHORT IM.647C9012
647C8FDE|.8D45 0C LEA EAX, DWORD PTR SS:
647C8FE1|.C745 0C B0E0A>MOV DWORD PTR SS:, IM.64A8E0B0 ;C
647C8FE8|.50 PUSH EAX
647C8FE9|.68 1CB0A764 PUSH IM.64A7B01C ;%
647C8FEE|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C8FF4|.6A 02 PUSH 2
647C8FF6|.68 08B1A764 PUSH IM.64A7B108 ;f
647C8FFB|.68 60020000 PUSH 260
647C9000|.68 14B1A764 PUSH IM.64A7B114 ;f
647C9005|.E8 03E1FBFF CALL IM.6478710D
647C900A|.83C4 1C ADD ESP, 1C
647C900D|.E9 04040000 JMP IM.647C9416
647C9012|>8B45 F4 MOV EAX, DWORD PTR SS:
647C9015|.8D55 FF LEA EDX, DWORD PTR SS:
647C9018|.52 PUSH EDX
647C9019|.885D FF MOV BYTE PTR SS:, BL
647C901C|.68 08E1A864 PUSH IM.64A8E108 ;cOpType
647C9021|.8B08 MOV ECX, DWORD PTR DS:
647C9023|.50 PUSH EAX
647C9024|.FF51 28 CALL DWORD PTR DS:
647C9027|.0FB645 FF MOVZX EAX, BYTE PTR SS:
647C902B|.50 PUSH EAX
647C902C|.56 PUSH ESI
647C902D|.68 10E1A864 PUSH IM.64A8E110 ;O
647C9032|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C9038|.6A 02 PUSH 2
647C903A|.68 08B1A764 PUSH IM.64A7B108 ;f
647C903F|.68 65020000 PUSH 265
647C9044|.68 14B1A764 PUSH IM.64A7B114 ;f
647C9049|.E8 AFEAFFFF CALL IM.647C7AFD
647C904E|.B8 0C020000 MOV EAX, 20C
647C9053|.83C4 20 ADD ESP, 20
647C9056|.66:3BF0 CMP SI, AX
647C9059|.0F85 07020000 JNZ IM.647C9266
647C905F|.807D FF 19 CMP BYTE PTR SS:, 19
647C9063|.0F85 32040000 JNZ IM.647C949B
647C9069|.8B45 F4 MOV EAX, DWORD PTR SS:
647C906C|.8D55 F8 LEA EDX, DWORD PTR SS:
647C906F|.52 PUSH EDX
647C9070|.895D F8 MOV DWORD PTR SS:, EBX
647C9073|.68 58E1A864 PUSH IM.64A8E158 ;bufMsg
647C9078|.8B08 MOV ECX, DWORD PTR DS:
647C907A|.50 PUSH EAX
647C907B|.FF51 78 CALL DWORD PTR DS:
647C907E|.BE 08B1A764 MOV ESI, IM.64A7B108 ;f
647C9083|.395D F8 CMP DWORD PTR SS:, EBX
647C9086|.75 2B JNZ SHORT IM.647C90B3
647C9088|.8D45 10 LEA EAX, DWORD PTR SS:
647C908B|.C745 10 60E1A>MOV DWORD PTR SS:, IM.64A8E160 ;O
647C9092|.50 PUSH EAX
647C9093|.68 1CB0A764 PUSH IM.64A7B01C ;%
647C9098|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C909E|.6A 02 PUSH 2
647C90A0|.56 PUSH ESI
647C90A1|.68 70020000 PUSH 270
647C90A6|.68 14B1A764 PUSH IM.64A7B114 ;f
647C90AB|.E8 5DE0FBFF CALL IM.6478710D
647C90B0|.83C4 1C ADD ESP, 1C
647C90B3|>8D45 08 LEA EAX, DWORD PTR SS:
647C90B6|.895D 08 MOV DWORD PTR SS:, EBX
647C90B9|.50 PUSH EAX
647C90BA|.E8 3232FEFF CALL IM.647AC2F1
647C90BF|.59 POP ECX
647C90C0|.85C0 TEST EAX, EAX
647C90C2|.0F84 82010000 JE IM.647C924A
647C90C8|.8B45 08 MOV EAX, DWORD PTR SS:
647C90CB|.85C0 TEST EAX, EAX
647C90CD|.0F84 77010000 JE IM.647C924A
647C90D3|.8D55 10 LEA EDX, DWORD PTR SS:
647C90D6|.895D 10 MOV DWORD PTR SS:, EBX
647C90D9|.8B08 MOV ECX, DWORD PTR DS:
647C90DB|.52 PUSH EDX
647C90DC|.FF75 F8 PUSH DWORD PTR SS:
647C90DF|.68 A8E1A864 PUSH IM.64A8E1A8 ;tencent.im.sysnotify_cmd0x20c_optype0x19.NotifyMsgBody
647C90E4|.50 PUSH EAX
647C90E5|.FF51 20 CALL DWORD PTR DS:
647C90E8|.85C0 TEST EAX, EAX
647C90EA|.0F88 2A010000 JS IM.647C921A
647C90F0|.8B45 10 MOV EAX, DWORD PTR SS:
647C90F3|.8D55 E8 LEA EDX, DWORD PTR SS:
647C90F6|.52 PUSH EDX
647C90F7|.895D E8 MOV DWORD PTR SS:, EBX
647C90FA|.68 E0E1A864 PUSH IM.64A8E1E0 ;opt_msg_recall
647C90FF|.8B08 MOV ECX, DWORD PTR DS:
647C9101|.50 PUSH EAX
647C9102|.FF91 E0000000 CALL DWORD PTR DS:
647C9108|.85C0 TEST EAX, EAX
647C910A|.79 30 JNS SHORT IM.647C913C
647C910C|.8D45 0C LEA EAX, DWORD PTR SS:
647C910F|.C745 0C F0E1A>MOV DWORD PTR SS:, IM.64A8E1F0 ;O
647C9116|.50 PUSH EAX
647C9117|.68 1CB0A764 PUSH IM.64A7B01C ;%
647C911C|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C9122|.6A 02 PUSH 2
647C9124|.56 PUSH ESI
647C9125|.68 7C020000 PUSH 27C
647C912A|.68 14B1A764 PUSH IM.64A7B114 ;f
647C912F|.E8 D9DFFBFF CALL IM.6478710D
647C9134|.83C4 1C ADD ESP, 1C
647C9137|.E9 9D000000 JMP IM.647C91D9
647C913C|>8B45 E8 MOV EAX, DWORD PTR SS:
647C913F|.8D55 EC LEA EDX, DWORD PTR SS:
647C9142|.52 PUSH EDX
647C9143|.895D EC MOV DWORD PTR SS:, EBX
647C9146|.68 48E2A864 PUSH IM.64A8E248 ;bytes_userdef
647C914B|.8B08 MOV ECX, DWORD PTR DS:
647C914D|.50 PUSH EAX
647C914E|.FF51 78 CALL DWORD PTR DS:
647C9151|.85C0 TEST EAX, EAX
647C9153|.79 2D JNS SHORT IM.647C9182
647C9155|.8D45 0C LEA EAX, DWORD PTR SS:
647C9158|.C745 0C 58E2A>MOV DWORD PTR SS:, IM.64A8E258 ;O
647C915F|.50 PUSH EAX
647C9160|.68 1CB0A764 PUSH IM.64A7B01C ;%
647C9165|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C916B|.6A 02 PUSH 2
647C916D|.56 PUSH ESI
647C916E|.68 82020000 PUSH 282
647C9173|.68 14B1A764 PUSH IM.64A7B114 ;f
647C9178|.E8 90DFFBFF CALL IM.6478710D
647C917D|.83C4 1C ADD ESP, 1C
647C9180|.EB 4F JMP SHORT IM.647C91D1
647C9182|>8B45 08 MOV EAX, DWORD PTR SS:
647C9185|.8D55 F0 LEA EDX, DWORD PTR SS:
647C9188|.52 PUSH EDX
647C9189|.FF75 EC PUSH DWORD PTR SS:
647C918C|.895D F0 MOV DWORD PTR SS:, EBX
647C918F|.8B08 MOV ECX, DWORD PTR DS:
647C9191|.68 ACE2A864 PUSH IM.64A8E2AC ;tencent.im.msgrevoke.MsgInfoUserDef
647C9196|.50 PUSH EAX
647C9197|.FF51 20 CALL DWORD PTR DS:
647C919A|.85C0 TEST EAX, EAX
647C919C|.79 43 JNS SHORT IM.647C91E1
647C919E|.8D45 0C LEA EAX, DWORD PTR SS:
647C91A1|.C745 0C D0E2A>MOV DWORD PTR SS:, IM.64A8E2D0 ;O
647C91A8|.50 PUSH EAX
647C91A9|.68 1CB0A764 PUSH IM.64A7B01C ;%
647C91AE|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C91B4|.6A 02 PUSH 2
647C91B6|.56 PUSH ESI
647C91B7|.68 88020000 PUSH 288
647C91BC|.68 14B1A764 PUSH IM.64A7B114 ;f
647C91C1|.E8 47DFFBFF CALL IM.6478710D
647C91C6|.83C4 1C ADD ESP, 1C
647C91C9|.8D4D F0 LEA ECX, DWORD PTR SS:
647C91CC|.E8 BEA2FDFF CALL IM.647A348F
647C91D1|>8D4D EC LEA ECX, DWORD PTR SS:
647C91D4|.E8 B6A2FDFF CALL IM.647A348F
647C91D9|>8D4D E8 LEA ECX, DWORD PTR SS:
647C91DC|.E9 18020000 JMP IM.647C93F9
647C91E1|>8B45 10 MOV EAX, DWORD PTR SS:
647C91E4|.FF75 F0 PUSH DWORD PTR SS:
647C91E7|.68 38E3A864 PUSH IM.64A8E338 ;DecodedUserDef
647C91EC|.8B08 MOV ECX, DWORD PTR DS:
647C91EE|.50 PUSH EAX
647C91EF|.FF91 70010000 CALL DWORD PTR DS:
647C91F5|.FF75 0C PUSH DWORD PTR SS:
647C91F8|.8BCF MOV ECX, EDI
647C91FA|.FF75 10 PUSH DWORD PTR SS:
647C91FD|.E8 B5FAFFFF CALL IM.647C8CB7
647C9202|.8D4D F0 LEA ECX, DWORD PTR SS:
647C9205|.E8 85A2FDFF CALL IM.647A348F
647C920A|.8D4D EC LEA ECX, DWORD PTR SS:
647C920D|.E8 7DA2FDFF CALL IM.647A348F
647C9212|.8D4D E8 LEA ECX, DWORD PTR SS:
647C9215|.E9 37020000 JMP IM.647C9451
647C921A|>8D45 0C LEA EAX, DWORD PTR SS:
647C921D|.C745 0C 48E3A>MOV DWORD PTR SS:, IM.64A8E348 ;O
647C9224|.50 PUSH EAX
647C9225|.68 1CB0A764 PUSH IM.64A7B01C ;%
647C922A|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C9230|.6A 02 PUSH 2
647C9232|.56 PUSH ESI
647C9233|.68 90020000 PUSH 290
647C9238|.68 14B1A764 PUSH IM.64A7B114 ;f
647C923D|.E8 CBDEFBFF CALL IM.6478710D
647C9242|.83C4 1C ADD ESP, 1C
647C9245|.E9 0C020000 JMP IM.647C9456
647C924A|>8D45 0C LEA EAX, DWORD PTR SS:
647C924D|.50 PUSH EAX
647C924E|.68 1CB0A764 PUSH IM.64A7B01C ;%
647C9253|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C9259|.6A 02 PUSH 2
647C925B|.56 PUSH ESI
647C925C|.68 95020000 PUSH 295
647C9261|.E9 11020000 JMP IM.647C9477
647C9266|>B8 DC020000 MOV EAX, 2DC
647C926B|.66:3BF0 CMP SI, AX
647C926E|.0F85 27020000 JNZ IM.647C949B
647C9274|.807D FF 11 CMP BYTE PTR SS:, 11
647C9278 0F85 1D020000 JNZ IM.647C949B //这里直接JMP走就行了,自己能撤回,别人撤不回
647C927E|.8B45 F4 MOV EAX, DWORD PTR SS:
647C9281|.8D55 F8 LEA EDX, DWORD PTR SS:
647C9284|.52 PUSH EDX
647C9285|.895D F8 MOV DWORD PTR SS:, EBX
647C9288|.68 58E1A864 PUSH IM.64A8E158 ;bufMsg
647C928D|.8B08 MOV ECX, DWORD PTR DS:
647C928F|.50 PUSH EAX
647C9290|.FF51 78 CALL DWORD PTR DS:
647C9293|.BE 08B1A764 MOV ESI, IM.64A7B108 ;f
647C9298|.395D F8 CMP DWORD PTR SS:, EBX
647C929B|.75 2B JNZ SHORT IM.647C92C8
647C929D|.8D45 10 LEA EAX, DWORD PTR SS:
647C92A0|.C745 10 60E1A>MOV DWORD PTR SS:, IM.64A8E160 ;O
647C92A7|.50 PUSH EAX
647C92A8|.68 1CB0A764 PUSH IM.64A7B01C ;%
647C92AD|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C92B3|.6A 02 PUSH 2
647C92B5|.56 PUSH ESI
647C92B6|.68 A3020000 PUSH 2A3
647C92BB|.68 14B1A764 PUSH IM.64A7B114 ;f
647C92C0|.E8 48DEFBFF CALL IM.6478710D
647C92C5|.83C4 1C ADD ESP, 1C
647C92C8|>8D45 08 LEA EAX, DWORD PTR SS:
647C92CB|.895D 08 MOV DWORD PTR SS:, EBX
647C92CE|.50 PUSH EAX
647C92CF|.E8 1D30FEFF CALL IM.647AC2F1
647C92D4|.59 POP ECX
647C92D5|.85C0 TEST EAX, EAX
647C92D7|.0F84 83010000 JE IM.647C9460
647C92DD|.8B45 08 MOV EAX, DWORD PTR SS:
647C92E0|.85C0 TEST EAX, EAX
647C92E2|.0F84 78010000 JE IM.647C9460
647C92E8|.8D55 10 LEA EDX, DWORD PTR SS:
647C92EB|.895D 10 MOV DWORD PTR SS:, EBX
647C92EE|.8B08 MOV ECX, DWORD PTR DS:
647C92F0|.52 PUSH EDX
647C92F1|.FF75 F8 PUSH DWORD PTR SS:
647C92F4|.68 0CE4A864 PUSH IM.64A8E40C ;tencent.im.sysnotify_cmd0x2dc_optype0x11.NotifyMsgBody
647C92F9|.50 PUSH EAX
647C92FA|.FF51 20 CALL DWORD PTR DS:
647C92FD|.85C0 TEST EAX, EAX
647C92FF|.0F88 51010000 JS IM.647C9456
647C9305|.8B45 10 MOV EAX, DWORD PTR SS:
647C9308|.85C0 TEST EAX, EAX
647C930A|.0F84 46010000 JE IM.647C9456
647C9310|.8D55 F0 LEA EDX, DWORD PTR SS:
647C9313|.895D F0 MOV DWORD PTR SS:, EBX
647C9316|.8B08 MOV ECX, DWORD PTR DS:
647C9318|.52 PUSH EDX
647C9319|.68 E0E1A864 PUSH IM.64A8E1E0 ;opt_msg_recall
647C931E|.50 PUSH EAX
647C931F|.FF91 E0000000 CALL DWORD PTR DS:
647C9325|.85C0 TEST EAX, EAX
647C9327|.79 30 JNS SHORT IM.647C9359
647C9329|.8D45 0C LEA EAX, DWORD PTR SS:
647C932C|.C745 0C F0E1A>MOV DWORD PTR SS:, IM.64A8E1F0 ;O
647C9333|.50 PUSH EAX
647C9334|.68 1CB0A764 PUSH IM.64A7B01C ;%
647C9339|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C933F|.6A 02 PUSH 2
647C9341|.56 PUSH ESI
647C9342|.68 AF020000 PUSH 2AF
647C9347|.68 14B1A764 PUSH IM.64A7B114 ;f
647C934C|.E8 BCDDFBFF CALL IM.6478710D
647C9351|.83C4 1C ADD ESP, 1C
647C9354|.E9 9D000000 JMP IM.647C93F6
647C9359|>8B45 F0 MOV EAX, DWORD PTR SS:
647C935C 8D55 EC LEA EDX, DWORD PTR SS:
647C935F 52 PUSH EDX
647C9360 895D EC MOV DWORD PTR SS:, EBX
647C9363|.68 48E2A864 PUSH IM.64A8E248 ;bytes_userdef
647C9368|.8B08 MOV ECX, DWORD PTR DS:
647C936A|.50 PUSH EAX
647C936B|.FF51 78 CALL DWORD PTR DS:
647C936E|.85C0 TEST EAX, EAX
647C9370|.79 2D JNS SHORT IM.647C939F
647C9372|.8D45 0C LEA EAX, DWORD PTR SS:
647C9375|.C745 0C 58E2A>MOV DWORD PTR SS:, IM.64A8E258 ;O
647C937C|.50 PUSH EAX
647C937D|.68 1CB0A764 PUSH IM.64A7B01C ;%
647C9382|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C9388|.6A 02 PUSH 2
647C938A|.56 PUSH ESI
647C938B|.68 B5020000 PUSH 2B5
647C9390|.68 14B1A764 PUSH IM.64A7B114 ;f
647C9395|.E8 73DDFBFF CALL IM.6478710D
647C939A|.83C4 1C ADD ESP, 1C
647C939D|.EB 4F JMP SHORT IM.647C93EE
647C939F|>8B45 08 MOV EAX, DWORD PTR SS:
647C93A2|.8D55 E8 LEA EDX, DWORD PTR SS:
647C93A5|.52 PUSH EDX
647C93A6|.FF75 EC PUSH DWORD PTR SS:
647C93A9|.895D E8 MOV DWORD PTR SS:, EBX
647C93AC|.8B08 MOV ECX, DWORD PTR DS:
647C93AE|.68 ACE2A864 PUSH IM.64A8E2AC ;tencent.im.msgrevoke.MsgInfoUserDef
647C93B3|.50 PUSH EAX
647C93B4|.FF51 20 CALL DWORD PTR DS:
647C93B7|.85C0 TEST EAX, EAX
647C93B9|.79 62 JNS SHORT IM.647C941D
647C93BB|.8D45 0C LEA EAX, DWORD PTR SS:
647C93BE|.C745 0C D0E2A>MOV DWORD PTR SS:, IM.64A8E2D0 ;O
647C93C5|.50 PUSH EAX
647C93C6|.68 1CB0A764 PUSH IM.64A7B01C ;%
647C93CB|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C93D1|.6A 02 PUSH 2
647C93D3|.56 PUSH ESI
647C93D4|.68 BB020000 PUSH 2BB
647C93D9|.68 14B1A764 PUSH IM.64A7B114 ;f
647C93DE|.E8 2ADDFBFF CALL IM.6478710D
647C93E3|.83C4 1C ADD ESP, 1C
647C93E6|.8D4D E8 LEA ECX, DWORD PTR SS:
647C93E9|.E8 A1A0FDFF CALL IM.647A348F
647C93EE|>8D4D EC LEA ECX, DWORD PTR SS:
647C93F1|.E8 99A0FDFF CALL IM.647A348F
647C93F6|>8D4D F0 LEA ECX, DWORD PTR SS:
647C93F9|>E8 91A0FDFF CALL IM.647A348F
647C93FE|.8D4D 10 LEA ECX, DWORD PTR SS:
647C9401|.E8 89A0FDFF CALL IM.647A348F
647C9406|.8D4D 08 LEA ECX, DWORD PTR SS:
647C9409|.E8 81A0FDFF CALL IM.647A348F
647C940E|.8D4D F8 LEA ECX, DWORD PTR SS:
647C9411|.E8 79A0FDFF CALL IM.647A348F
647C9416|>BB 05400080 MOV EBX, 80004005
647C941B|.EB 7E JMP SHORT IM.647C949B
647C941D|>8B45 10 MOV EAX, DWORD PTR SS:
647C9420|.FF75 E8 PUSH DWORD PTR SS:
647C9423|.68 38E3A864 PUSH IM.64A8E338 ;DecodedUserDef
647C9428|.8B08 MOV ECX, DWORD PTR DS:
647C942A|.50 PUSH EAX
647C942B|.FF91 70010000 CALL DWORD PTR DS:
647C9431|.FF75 0C PUSH DWORD PTR SS:
647C9434|.8BCF MOV ECX, EDI
647C9436|.FF75 10 PUSH DWORD PTR SS:
647C9439|.E8 26F9FFFF CALL IM.647C8D64
647C943E|.8D4D E8 LEA ECX, DWORD PTR SS:
647C9441|.E8 49A0FDFF CALL IM.647A348F
647C9446|.8D4D EC LEA ECX, DWORD PTR SS:
647C9449|.E8 41A0FDFF CALL IM.647A348F
647C944E|.8D4D F0 LEA ECX, DWORD PTR SS:
647C9451|>E8 39A0FDFF CALL IM.647A348F
647C9456|>8D4D 10 LEA ECX, DWORD PTR SS:
647C9459|.E8 31A0FDFF CALL IM.647A348F
647C945E|.EB 2B JMP SHORT IM.647C948B
647C9460|>8D45 0C LEA EAX, DWORD PTR SS:
647C9463|.50 PUSH EAX
647C9464|.68 1CB0A764 PUSH IM.64A7B01C ;%
647C9469|.FF35 E8A0B564 PUSH DWORD PTR DS: ;IM.64A8D0AC
647C946F|.6A 02 PUSH 2
647C9471|.56 PUSH ESI
647C9472|.68 C4020000 PUSH 2C4
647C9477|>68 14B1A764 PUSH IM.64A7B114 ;f
647C947C|.C745 0C B0E3A>MOV DWORD PTR SS:, IM.64A8E3B0 ;O
647C9483|.E8 85DCFBFF CALL IM.6478710D
647C9488|.83C4 1C ADD ESP, 1C
647C948B|>8D4D 08 LEA ECX, DWORD PTR SS:
647C948E|.E8 FC9FFDFF CALL IM.647A348F
647C9493|.8D4D F8 LEA ECX, DWORD PTR SS:
647C9496|.E8 F49FFDFF CALL IM.647A348F
647C949B|>8D4D F4 LEA ECX, DWORD PTR SS:
647C949E|.E8 EC9FFDFF CALL IM.647A348F
647C94A3|.5F POP EDI
647C94A4|.5E POP ESI
647C94A5|.8BC3 MOV EAX, EBX
647C94A7|.5B POP EBX
647C94A8|.8BE5 MOV ESP, EBP
647C94AA|.5D POP EBP
647C94AB\.C2 0C00 RETN 0C
不确定是不是有什么BUG!
对于不会修改的,撸主是不是应该提供下被你修改过得应用上来啊? 无名低调me 发表于 2019-1-19 22:43
感谢分享,请问TIM怎么整?
TIM没分析过,不过你参照这个贴子,和那个大佬的贴子,应该可以搞定的,区别应该不大,可能都是同一个DLL! 呵呵...这回学会,怎么把代码编辑成代码的格式了...原来都不会!!! 感谢大神的分享,又涨知识了 感谢分享,请问TIM怎么整? mark一下,以后学习。感谢楼主 楼主辛苦 感谢楼主 感谢楼主,学习一下 感谢楼主分享