ShellExcuteA
源码都给你了
你自己试着生成吧
用RadASM
.586
.model flat, stdcall
option casemap :none
include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data
strLpkDllInitialize db "LpkDllInitialize",0
strLpkDrawTextEx db "LpkDrawTextEx",0
strLpkEditControl db "LpkEditControl",0
strLpkExtTextOut db "LpkExtTextOut",0
strLpkGetCharacterPlacement db "LpkGetCharacterPlacement",0
strLpkGetTextExtentExPoint db "LpkGetTextExtentExPoint",0
strLpkInitialize db "LpkInitialize",0
strLpkPSMTextOut db "LpkPSMTextOut",0
strLpkTabbedTextOut db "LpkTabbedTextOut",0
strLpkUseGDIWidthCache db "LpkUseGDIWidthCache",0
strftsWordBreak db "ftsWordBreak",0
strBLpkDllInitialize dd 0
strBLpkDrawTextEx dd 0
strBLpkEditControl dd 0
strBLpkExtTextOut dd 0
strBLpkGetCharacterPlacementdd 0
strBLpkGetTextExtentExPoint dd 0
strBLpkInitialize dd 0
strBLpkPSMTextOut dd 0
strBLpkTabbedTextOut dd 0
strBLpkUseGDIWidthCache dd 0
strBftsWordBreak dd 0
LpkEditControl Proc
strBLpkEditControl2 dd 40h dup (0)
LpkEditControl Endp
_dll db 'shell32.dll',0
_api db 'ShellExecuteA',0
hook db 0C2h, 018h, 000h, 090h, 090h
.data?
LibID dd ?
hInstance dd ?
lpbaseaddrdd ?
hProcess dd ?
hDlg dd ?
apiDialogBoxIndirectParamA dd ?
apibak dd ?
.code
Main proc hinstdll:DWORD , reason:DWORD , reserved1:DWORD
pushad
.if reason == DLL_PROCESS_ATTACH
push hinstdll
pophInstance
call LoadDebug
call create
.elseif reason == DLL_PROCESS_DETACH&& reason == DLL_THREAD_ATTACH
.endif
popad
moveax,1
ret
Main endp
Process proc
LOCAL mbi:MEMORY_BASIC_INFORMATION
LOCAL msize:DWORD
invoke GetCurrentProcess
mov hProcess,eax
@@:
invoke GetModuleHandle,offset _dll
or eax,eax
je @B
invoke GetProcAddress,eax,offset _api
mov apiDialogBoxIndirectParamA,eax
invoke VirtualQueryEx,hProcess,apiDialogBoxIndirectParamA,addr mbi,SIZEOF MEMORY_BASIC_INFORMATION
invoke VirtualProtectEx,hProcess, mbi.BaseAddress,5h,PAGE_EXECUTE_READWRITE,addr mbi.Protect
invoke WriteProcessMemory,hProcess,apiDialogBoxIndirectParamA,offset hook,5h,0
ret
Process endp
create proc
invoke CreateThread,0,0,offset Process,0,0,0
create endp
LoadDebug PROC
LOCAL LibPath :BYTE
pushad
invoke GetSystemDirectory , addr LibPath , 100h
lea ebx , LibPath
add eax,ebx
mov dword ptr , 'KPL\'
mov dword ptr , 'LLD.'
mov dword ptr ,0
invoke LoadLibrary , addr LibPath
.if eax != 0
mov LibID , EAX
invoke GetProcAddress , LibID , addr strLpkDllInitialize
mov strBLpkDllInitialize,EAX
invoke GetProcAddress , LibID , addr strLpkDrawTextEx
mov strBLpkDrawTextEx,EAX
invoke GetProcAddress , LibID , addr strLpkExtTextOut
mov strBLpkExtTextOut,EAX
invoke GetProcAddress , LibID , addr strLpkGetCharacterPlacement
mov strBLpkGetCharacterPlacement,EAX
invoke GetProcAddress , LibID , addr strLpkGetTextExtentExPoint
mov strBLpkGetTextExtentExPoint,EAX
invoke GetProcAddress , LibID , addr strLpkInitialize
mov strBLpkInitialize,EAX
invoke GetProcAddress , LibID , addr strLpkPSMTextOut
mov strBLpkPSMTextOut,EAX
invoke GetProcAddress , LibID , addr strLpkTabbedTextOut
mov strBLpkTabbedTextOut,EAX
invoke GetProcAddress , LibID , addr strLpkUseGDIWidthCache
mov strBLpkUseGDIWidthCache,EAX
invoke GetProcAddress , LibID , addr strftsWordBreak
mov strBftsWordBreak,EAX
invoke GetProcAddress , LibID , addr strLpkEditControl
mov strBLpkEditControl,EAX
mov esi,eax
mov edi,offset strBLpkEditControl2
mov ecx,40h
rep movsb
.endif
popad
RET
LoadDebug Endp
LpkInitialize Proc
jmp strBLpkInitialize
LpkInitialize Endp
LpkTabbedTextOut Proc
jmp strBLpkTabbedTextOut
LpkTabbedTextOut Endp
LpkDllInitialize Proc
jmp strBLpkDllInitialize
LpkDllInitialize Endp
LpkDrawTextEx Proc
jmp strBLpkDrawTextEx
LpkDrawTextEx Endp
LpkExtTextOut Proc
jmp strBLpkExtTextOut
LpkExtTextOut Endp
LpkGetCharacterPlacement Proc
jmp strBLpkGetCharacterPlacement
LpkGetCharacterPlacement Endp
LpkGetTextExtentExPoint Proc
jmp strBLpkGetTextExtentExPoint
LpkGetTextExtentExPoint Endp
LpkPSMTextOut Proc
jmp strBLpkPSMTextOut
LpkPSMTextOut Endp
LpkUseGDIWidthCache Proc
jmp strBLpkUseGDIWidthCache
LpkUseGDIWidthCache Endp
ftsWordBreak Proc
jmp strBftsWordBreak
ftsWordBreak Endp
ENDMain
[ 本帖最后由 km159 于 2009-11-12 10:56 编辑 ] 下这个断点ShellExcute,然后上面会有网址的ASCII码出现,全部NOP掉,注意堆栈平衡。
页:
1
[2]