文件透明加密,所處理的一些API

原創 i华仔 2020-06-13 09:39

[XueTr][acad.exe-->Ring3Hook]: 287

掛鉤對象                   掛鉤位置                   鉤子類型                   掛鉤處當前值                   掛鉤處原始值

[*]len(5) kernel32.dll->CloseHandle                  0x7C809B77->0x1002BD80[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 04 22 82 93          8BFF 55 8B EC

[*]len(5) kernel32.dll->CopyFileA              0x7C830053->0x1002A280[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                  inline                  E9 28 A2 7F 93          8B FF 55 8B EC

[*]len(7) kernel32.dll->CopyFileExW                  0x7C82EFF2->0x1002B820[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]          inline                  E9 29 C8 7F 93 CC CC                6A 14 68 48 F0 82 7C

[*]len(5) kernel32.dll->CopyFileW             0x7C825779->0x1002A9F0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 72 52 80 93          8B FF 55 8B EC

[*]len(5) kernel32.dll->CreateFileMappingW           0x7C80939E->0x1002E920[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 7D 55 82 93                   8BFF 55 8B EC

[*]len(5) kernel32.dll->CreateFileW                  0x7C810976->0x1002EA10[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 95 E0 81 93          8BFF 55 8B EC

[*]len(7) kernel32.dll->DuplicateHandle          0x7C80E016->0x1002C000[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 E5 DF 81 93 CC CC                6A 08 68 90 E0 80 7C

[*]len(7) kernel32.dll->FindClose              0x7C80EFD7->0x1002C180[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                  inline                  E9 A4 D1 81 93 CC CC               6A 24 68 70 F0 80 7C

[*]len(5) kernel32.dll->FindFirstFileExW           0x7C80EC7D->0x1002E2B0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 2E F6 81 93          8BFF 55 8B EC

[*]len(7) kernel32.dll->FindNextFileW               0x7C80F13A->0x1002CF90[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 51 DE 81 93 CC CC               6A 2C 68 38 F2 80 7C

[*]len(7)kernel32.dll->GetCurrentProcess              0x7C80E016->0x1002C000[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 E5 DF 81 93 CC CC             6A 08 68 90 E0 80 7C

[*]len(5)kernel32.dll->GetFileAttributesExW          0x7C81130D->0x1002ECE0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                  inline                  E9 CE D9 81 93                   8BFF 55 8B EC

[*]len(5) kernel32.dll->GetFileInformationByHandle                0x7C810E85->0x1002E8C0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 36 DA 81 93                   8BFF 55 8B EC

[*]len(5) kernel32.dll->GetFileSizeEx                 0x7C810C21->0x1002E860[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 3A DC 81 93                  8BFF 55 8B EC

[*]len(5) kernel32.dll->MoveFileA             0x7C822294->0x1002A480[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                  inline                  E9 E7 81 80 93          8B FF 55 8B EC

[*]len(5) kernel32.dll->MoveFileExA                  0x7C85D2A3->0x1002A550[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 A8 D2 7C 93                  8BFF 55 8B EC

[*]len(5) kernel32.dll->MoveFileExW                0x7C83991F->0x1002B080[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 5C 17 7F 93          8BFF 55 8B EC

[*]len(5) kernel32.dll->MoveFileW           0x7C839659->0x1002AE30[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                  inline                  E9 D2 17 7F 93                   8B FF 55 8B EC

[*]len(7) kernel32.dll->ReadFile                0x7C80180E->0x1002E5F0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]          inline                  E9 DD CD 82 93 CC CC              6A 20 68 D8 9B 80 7C

[*]len(5) kernel32.dll->ReplaceFile           0x7C838736->0x1002B5B0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                  inline                  E9 75 2E 7F 93          68 EC 03 00 00

[*]len(5) kernel32.dll->ReplaceFileA                  0x7C85E0E7->0x1002A760[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 74 C6 7C 93                   8BFF 55 8B EC

[*]len(5) kernel32.dll->ReplaceFileW                0x7C838736->0x1002B5B0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 75 2E 7F 93          68EC 03 00 00

[*]len(5) kernel32.dll->SetFilePointer                0x7C810DA6->0x1002BDC0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 15 B0 81 93                   8BFF 55 8B EC

[*]len(5) kernel32.dll->SetFilePointerEx           0x7C81F475->0x1002BE50[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 D6 C9 80 93                  8BFF 55 8B EC

[*]len(7) kernel32.dll->WriteFile               0x7C810F9F->0x1002E4B0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]          inline                  E9 0C D5 81 93 CC CC               6A 18 68 38 10 81 7C

[*]len(5) USER32.dll->EmptyClipboard             0x77D3FE82->0x10029FE0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]          inline                  E9 59 A1 2E 98                   B8 6D 11 00 00

[*]len(5)USER32.dll->EnumClipboardFormats                 0x77D3DA71->0x100294F0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                  inline                  E9 7A BA 2E 98                   8BFF 55 8B EC

[*]len(5) USER32.dll->GetClipboardData                  0x77D3FCB2->0x1002A080[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                  inline                  E9 C9 A3 2E 98                   8BFF 55 8B EC

[*]len(5)USER32.dll->IsClipboardFormatAvailable          0x77D1CDED->0x10029370[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                 inline                  E9 7E C5 30 98                   B8C4 11 00 00

len(5) USER32.dll->SetClipboardData               0x77D3FF10->0x100291F0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]          inline                  E9 DB 92 2E 98                  8B FF 55 8B EC

[*]len(5) USER32.dll->SetMessageQueue                 0x77D3DA71->0x100294F0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                  inline                  E9 7A BA 2E 98                   8BFF 55 8B EC

[*]len(5) WINSPOOL.DRV->OpenPrinterA                 0x72F83767->0x10032DF0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]          inline                  E984 F6 0A 9D                  8B FF 55 8B EC

[*]len(7) WINSPOOL.DRV->OpenPrinterW               0x72F75749->0x10032ED0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 82 D7 0B 9D CC CC                6A 0C 68 B0 57 F7 72

[*]len(5) SHELL32.dll->SHFileOperationW                 0x7744D1B9->0x1002A870[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                  inline                  E9 B2 D6 BD 98                   8BFF 55 8B EC

[*]len(5) ole32.dll->DoDragDrop              0x76A7FB0A->0x1002F720[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 11 FC 5A 99                   8B FF 55 8B EC

[*]len(5) ole32.dll->OleCreate                   0x76A2B5B1->0x1002F0B0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                  inline                  E9 FA 3A 60 99          8B FF 55 8B EC

[*]len(5) ole32.dll->OleCreateFromFile            0x76A79964->0x1002F150[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]          inline                  E9 E7 57 5B 99                   8B FF 55 8B EC

[*]len(5) ole32.dll->OleCreateFromFileEx                 0x76A795AE->0x1002F260[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 AD 5C 5B 99                   8BFF 55 8B EC

[*]len(5) ole32.dll->OleCreateLinkEx                 0x76A7930C->0x1002EF80[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 6F 5C 5B 99                   8BFF 55 8B EC

[*]len(5) ole32.dll->OleCreateLinkToFile          0x76A79919->0x1002F3A0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 82 5A 5B 99                   8BFF 55 8B EC

[*]len(5)ole32.dll->OleCreateLinkToFileEx               0x76A793EA->0x1002F4A0[C:\DOCUME~1\huang\LOCALS~1\Temp\systemapi32.dll]                   inline                  E9 B1 60 5B 99                   8BFF 55 8B EC

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

Android C++系列:JNI調用時的異常處理

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

轻口味 2021-11-19 10:03:53

國內最大的C++軟件項目之一,WPS的“自守”之道

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragr

罗燕珊 2021-10-28 14:23:59

談 C++17 裏的 Memento 模式

{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null

hedzr 2021-10-18 14:13:51

談 C++17 裏的 State 模式之二

{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null

hedzr 2021-10-12 21:03:51

英特爾最新版C/C++編譯器採用LLVM架構,性能提升明顯

{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null

James R Reinders 2021-09-17 10:48:52

C++實用指南

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

Bartlomiej Filipek 2021-07-22 10:03:58

編程語言巔峯之戰,誰纔是真正的王者?| InfoQ編程語言排行榜

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

田晓旭 2021-07-20 11:43:51

SpaceX龍飛船性能要求嚴苛,軟件開發存挑戰

{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null

凌敏 2021-05-14 13:43:55

縱觀20年間國外碼農的薪酬變化:漲幅下降,初級編碼崗大幅消失

{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null

NICOLE KOW 2021-03-22 18:35:29

如果編程語言是《權力的遊戲》中的角色?(上)

{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null

Sajid Lhessani 2021-03-22 18:35:23

InfoQ 編程語言 2 月排行榜,更好的投票活動來了

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

InfoQ 中文站 2021-03-22 18:34:58

InfoQ 編程語言1月排行榜:邀你投票

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

InfoQ 中文站 2021-01-21 17:28:56

2021年最值得學習的10種編程語言

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

Statistics and Data 2021-01-19 14:13:58

我是如何愛上 Julia 編程語言的?

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

Emmett Boudreau 2020-12-29 14:24:00

2020年 InfoQ 最受歡迎的文章排行榜 | 編程語言篇

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

Tina 2020-12-27 09:03:56