网络嗅探器5 去广告,系统安全网络嗅探类软件去广告分析

系统安全网络嗅探类软件去广告分析 - 系统安全 - 电脑教程网

系统安全网络嗅探类软件去广告分析

日期:2007-05-21   荐:
  代码如下:

00505F34 55 push ebp 00505F35 8BEC mov ebp, esp 00505F37 6A00 push $00 00505F39 6A00 push $00 00505F3B 6A00 push $00 00505F3D 53 push ebx 00505F3E 56 push esi 00505F3F 8BD8 mov ebx, eax 00505F41 33C0 xor eax, eax 00505F43 55 push ebp * Possible String Reference to: '閗囡?腚^[嬪]? 00505F44 68AC605000 push $005060AC ***** TRY 00505F49 64FF30 push dWord ptr fs:[eax] 00505F4C 648920 mov fs:[eax], esp 00505F4F A124175100 mov eax, dword ptr [$00511724] 00505F54 8B00 mov eax, [eax] 00505F56 8B9340020000 mov edx, [ebx+$0240] * Reference to: Chart.TCustomChart.SetTitle(TCustomChart;TChartTitle); or: Chart.TCustomChart.SetFoot(TCustomChart;TChartTitle); or: Chart.TCustomChart.SetBackWall(TCustomChart;TChartWall); or: Chart.TCustomChart.SetLeftWall(TCustomChart;TChartWall); or: Chart.TCustomChart.SetBottomWall(TCustomChart;TChartWall); or: ComCtrls.TCustomTreeView.SetTreeNodes(TCustomTreeView;TTreeNodes); 00505F5C E8630CF8FF call 00486BC4 00505F61 BAC0605000 mov edx, $005060C0 * Reference to control TWBS1 : N.A. 00505F66 8B830C040000 mov eax, [ebx+$040C] * Reference to : TWebBrowser._PROC_0048FEB4() 00505F6C E8439FF8FF call 0048FEB4 00505F71 C6052C3E510000 mov byte ptr [$00513E2C], $00 * Possible String Reference to: 'setting.ini' 00505F78 B808615000 mov eax, $00506108 * Reference to: SysUtils.FileExists(AnsiString):Boolean; 00505F7D E8F233F0FF call 00409374 00505F82 84C0 test al, al 00505F84 7520 jnz 00505FA6 00505F86 66A114615000 mov ax, word ptr [$00506114] 00505F8C 50 push eax 00505F8D 6A00 push $00 00505F8F B101 mov cl, $01 00505F91 BA20615000 mov edx, $00506120 * Reference to control bsSKINMessage1 : N.A. 00505F96 8B8398030000 mov eax, [ebx+$0398] 00505F9C E8170DFFFF call 004F6CB8 00505FA1 E9EB000000 jmp 00506091 00505FA6 8D55F8 lea edx, [ebp-$08] 00505FA9 A124175100 mov eax, dword ptr [$00511724] 00505FAE 8B00 mov eax, [eax] * Reference to: DdeMan.TDdeMgr.GetExeName(TDdeMgr):AnsiString; or: Forms.TApplication.GetExeName(TApplication):AnsiString; 00505FB0 E8CB16F8FF call 00487680 00505FB5 8B45F8 mov eax, [ebp-$08] 00505FB8 8D55FC lea edx, [ebp-$04] * Reference to: SysUtils.ExtractFileDir(AnsiString):AnsiString; 00505FBB E88435F0FF call 00409544 00505FC0 8D45FC lea eax, [ebp-$04] * Possible String Reference to: '\SETTING.INI' 00505FC3 BA44615000 mov edx, $00506144 * Reference to: System.@LStrCat; 00505FC8 E897EAEFFF call 00404A64 00505FCD 8B4DFC mov ecx, [ebp-$04] 00505FD0 B201 mov dl, $01 00505FD2 A1705B4300 mov eax, dword ptr [$00435B70] * Reference to: AxCtrls.TOleStream.Create(TOleStream;boolean;IStream); or: HelpIntfs.THelpViewerNode.Create(THelpViewerNode;boolean;ICustomHelpViewer); or: IniFiles.TCustomIniFile.Create(TCustomIniFile;boolean;AnsiString); or: SysUtils.Exception.Create(Exception;boolean;AnsiString); 00505FD7 E844FCF2FF call 00435C20 00505FDC 8BF0 mov esi, eax 00505FDE 89B390040000 mov [ebx+$0490], esi 00505FE4 685C615000 push $0050615C 00505FE9 8D45F4 lea eax, [ebp-$0C] 00505FEC 50 push eax * Possible String Reference to: 'title' 00505FED B97C615000 mov ecx, $0050617C * Possible String Reference to: 'system' 00505FF2 BA8C615000 mov edx, $0050618C 00505FF7 8BC6 mov eax, esi 00505FF9 8B30 mov esi, [eax] 00505FFB FF16 call dword ptr [esi] 00505FFD 8B55F4 mov edx, [ebp-$0C] 00506000 8BC3 mov eax, ebx * Reference to: Controls.TControl.SetText(TControl;TCaption); 00506002 E8C913F6FF call 004673D0 00506007 B201 mov dl, $01 * Reference to control BTn3 : N.A. 00506009 8B83EC030000 mov eax, [ebx+$03EC] 0050600F 8B08 mov ecx, [eax] 00506011 FF5164 call dword ptr [ecx+$64] 00506014 C6839804000000 mov byte ptr [ebx+$0498], $00 0050601B 33D2 xor edx, edx * Reference to control bsSkinNotebook1 : N.A. 0050601D 8B83BC030000 mov eax, [ebx+$03BC] * Reference to : TbsPageAccess._PROC_004C5988() 00506023 E860F9FBFF call 004C5988 00506028 803D483E510000 cmp byte ptr [$00513E48], $00 0050602F 752B jnz 0050605C 00506031 6A01 push $01 * Possible String Reference to: 'autoRun' 00506033 B99C615000 mov ecx, $0050619C * Possible String Reference to: 'system' 00506038 BA8C615000 mov edx, $0050618C 0050603D 8B8390040000 mov eax, [ebx+$0490] 00506043 8B30 mov esi, [eax] 00506045 FF5610 call dword ptr [esi+$10] 00506048 84C0 test al, al 0050604A 7410 jz 0050605C 0050604C BAB80B0000 mov edx, $00000BB8 * Reference to control tmr2 : N.A. 00506051 8B834C030000 mov eax, [ebx+$034C] * Reference to: ExtCtrls.TTimer.SetInterval(TTimer;Cardinal); or: IBDatabase.TIBTimer.SetInterval(TIBTimer;Cardinal); 00506057 E8F4E2F2FF call 00434350 0050605C 8D83A8040000 lea eax, [ebx+$04A8] * Reference to: System.@LStrClr(void;void); 00506062 E835E7EFFF call 0040479C 00506067 8D83AC040000 lea eax, [ebx+$04AC] * Reference to: System.@LStrClr(void;void); 0050606D E82AE7EFFF call 0040479C 00506072 33C0 xor eax, eax 00506074 8983B4040000 mov [ebx+$04B4], eax 0050607A 33C0 xor eax, eax 0050607C 8983B8040000 mov [ebx+$04B8], eax 00506082 33C0 xor eax, eax 00506084 8983BC040000 mov [ebx+$04BC], eax 0050608A C605353E510000 mov byte ptr [$00513E35], $00 00506091 33C0 xor eax, eax 00506093 5A pop edx 00506094 59 pop ecx 00506095 59 pop ecx 00506096 648910 mov fs:[eax], edx ****** FINALLY * Possible String Reference to: '^[嬪]? 00506099 68B3605000 push $005060B3 0050609E 8D45F4 lea eax, [ebp-$0C] 005060A1 BA03000000 mov edx, $00000003 * Reference to: System.@LStrArrayClr(void;void;Integer); 005060A6 E815E7EFFF call 004047C0 005060AB C3 ret * Reference to: System.@HandleFinally; 005060AC E96BE0EFFF jmp 0040411C 005060B1 EBEB jmp 0050609E ****** END 005060B3 5E pop esi 005060B4 5B pop ebx 005060B5 8BE5 mov esp, ebp 005060B7 5D pop ebp 005060B8 C3 ret


[1] [2]  

  更多内容请看网路安全基础  网络黑客攻击  系统安全专题,或   看完上面代码很多朋友可能已经发现了关键位置在这里:

00505F61 BAC0605000 mov edx, $005060C0 * Reference to control TWBS1 : N.A. 00505F66 8B830C040000 mov eax, [ebx+$040C] * Reference to : TWebBrowser._PROC_0048FEB4()

  它就是设置广告的地方了,只要nop掉,软件的广告就去掉了。这个call的参数为:

edx:要设置的url eax:self指针(TWebBrowser类的) TWebBrowser._PROC_0048FEB4()可能就是Navigate。

  补丁后运行程序,程序不在显示广告去除完成。

  经验总结

  多借助分析工具给出的提示可以让我们事半功倍。

更多内容请看网路安全基础  网络黑客攻击  系统安全专题,或

(出处:http://www.sheup.com)


 [1] [2] 

标签: