【已解决】哪位大神帮我改写下获取系统版本的汇编支持到win10
本帖最后由 怪盗基德 于 2016-2-12 22:07 编辑.子程序 获取系统版本, 整数型, , 0.未知 1.Win95 2.Win98 3.WinME 4.WinNT 5.Win2000 6.WinXP 7.Win2003 8.Vista 9.Win7 10.Win8
置入代码 ({ 83, 51, 192, 100, 139, 29, 24, 0, 0, 0, 100, 139, 13, 48, 0, 0, 0, 133, 201, 121, 32, 185, 0, 0, 83, 0, 57, 75, 88, 117, 4, 176, 1, 235, 99, 57, 75, 84, 117, 4, 176, 2, 235, 90, 57, 75, 124, 117, 85, 176, 3, 235, 81, 139, 153, 168, 0, 0, 0, 139, 137, 164, 0, 0, 0, 131, 249, 4, 119, 4, 176, 4, 235, 60, 131, 249, 5, 117, 27, 131, 251, 0, 117, 4, 176, 5, 235, 46, 131, 251, 1, 117, 4, 176, 6, 235, 37, 131, 251, 2, 117, 4, 176, 7, 235, 28, 131, 249, 6, 117, 7, 131, 251, 0, 117, 4, 176, 8, 235, 14, 131, 251, 1, 117, 2, 176, 9, 131, 251, 2, 117, 2, 176, 10, 91, 139, 229, 93, 195 })
返回 (0)
这段汇编我没看懂的说。。。哪位大神帮忙改写支持win8.1和win10啊
Nisy 发表于 2016-2-11 12:25
这个不像汇编,是数组吧。
反汇编一下就好。。。。易语言的置入代码就是这么用的
.版本 2
.子程序 获取系统版本1, 整数型, , 0.未知 1.Win95 2.Win98 3.WinME 4.WinNT 5.Win2000 6.WinXP 7.Win2003 8.Vista 9.Win7 10.Win8 11.win8.1 12.win10
置入代码 ({ 83, 49, 192, 100, 139, 29, 24, 0, 0, 0, 100, 139, 13, 48, 0, 0, 0, 133, 201, 121, 32, 185, 0, 0, 83, 0, 57, 75, 88, 117, 4, 176, 1, 235, 113, 57, 75, 84, 117, 4, 176, 2, 235, 104, 57, 75, 124, 117, 99, 176, 3, 235, 95, 139, 153, 168, 0, 0, 0, 139, 137, 164, 0, 0, 0, 131, 249, 4, 119, 4, 176, 4, 235, 74, 131, 249, 5, 117, 27, 131, 251, 0, 117, 4, 176, 5, 235, 60, 131, 251, 1, 117, 4, 176, 6, 235, 51, 131, 251, 2, 117, 4, 176, 7, 235, 42, 131, 249, 6, 117, 7, 131, 251, 0, 117, 4, 176, 8, 235, 28, 131, 251, 1, 117, 2, 176, 9, 131, 251, 2, 117, 2, 176, 10, 131, 251, 3, 117, 2, 176, 11, 131, 251, 4, 117, 2, 176, 12, 91, 201, 195 })
返回 (0)
PUSH EBX
XOR EAX,EAX
MOV EBX,FS:
MOV ECX,FS:
TEST ECX,ECX
JNS SHORT 00000035
MOV ECX,530000
CMP ,ECX
JNZ SHORT 00000023
MOV AL,1
JMP SHORT 00000094
CMP ,ECX
JNZ SHORT 0000002C
MOV AL,2
JMP SHORT 00000094
CMP ,ECX
JNZ SHORT 00000094
MOV AL,3
JMP SHORT 00000094
MOV EBX,
MOV ECX,
CMP ECX,4
JA SHORT 0000004A
MOV AL,4
JMP SHORT 00000094
CMP ECX,5
JNZ SHORT 0000006A
CMP EBX,0
JNZ SHORT 00000058
MOV AL,5
JMP SHORT 00000094
CMP EBX,1
JNZ SHORT 00000061
MOV AL,6
JMP SHORT 00000094
CMP EBX,2
JNZ SHORT 0000006A
MOV AL,7
JMP SHORT 00000094
CMP ECX,6
JNZ SHORT 00000076
CMP EBX,0
JNZ SHORT 00000078
MOV AL,8
JMP SHORT 00000094
CMP EBX,1
JNZ SHORT 0000007F
MOV AL,9
CMP EBX,2
JNZ SHORT 00000086
MOV AL,A
CMP EBX,3
JNZ SHORT 0000008D
MOV AL,B
CMP EBX,4
JNZ SHORT 00000094
MOV AL,C
POP EBX
LEAVE
RETN
某大神改的还没测试。。。。谁去测试看看
本帖最后由 会抽烟的鱼 于 2016-2-11 14:03 编辑
改一个字节
.版本 2
.子程序 获取系统版本1, 整数型, , 0.未知 1.Win95 2.Win98 3.WinME 4.WinNT 5.Win2000 6.WinXP 7.Win2003 8.Vista 9.Win7 10.Win8 11.win8.1 12.win10
置入代码 ({ 83, 49, 192, 100, 139, 29, 24, 0, 0, 0, 100, 139, 13, 48, 0, 0, 0, 133, 201, 121, 32, 185, 0, 0, 83, 0, 57, 75, 88, 117, 4, 176, 1, 235, 113, 57, 75, 84, 117, 4, 176, 2, 235, 104, 57, 75, 124, 117, 99, 176, 3, 235, 95, 139, 153, 168, 0, 0, 0, 139, 137, 164, 0, 0, 0, 131, 249, 4, 119, 4, 176, 4, 235, 74, 131, 249, 5, 117, 27, 131, 251, 0, 117, 4, 176, 5, 235, 60, 131, 251, 1, 117, 4, 176, 6, 235, 51, 131, 251, 2, 117, 4, 176, 7, 235, 42, 131, 249, 6, 117, 35, 131, 251, 0, 117, 4, 176, 8, 235, 28, 131, 251, 1, 117, 2, 176, 9, 131, 251, 2, 117, 2, 176, 10, 131, 251, 3, 117, 2, 176, 11, 131, 251, 4, 117, 2, 176, 12, 91, 201, 195 })
返回 (0)
代码通过windows内核版本号判断是哪个系统,win10 是NT10.0,原代码重点判断NT5与NT6,末对NT10作判断,所以识别不了。
批处理 systeminfo可以获取很多信息啊 这个不像汇编,是数组吧。 rengongzhiding rengongzhiding 学习下,都是高手 会抽烟的鱼 发表于 2016-2-11 13:30
改一个字节
.版本 2
那怎么弄
一大堆汇编语言,看的头都晕了
页:
[1]
2