天御验证 有个暗装 虫子找到暗装地方 是找JMP么
https://www.lanzouw.com/i2e7hte软件地址哈勃https://habo.qq.com/file/showdetail?pk=ADQGb11tB28IMVs9U2o%3D
其他功能都正常
点开始注册有个暗装
用虫子找到
事件发生地址
是进去JMP么
链接: https://share.weiyun.com/5jRAwqO (密码:iKGc)
使用正版的话就自行删掉hosts,不然会被拦截无法去链接正版
FLYX 发表于 2018-11-17 14:39
链接: https://share.weiyun.com/5jRAwqO (密码:iKGc)
使用正版的话就自行删掉hosts,不然会被拦截无法 ...
有方法指导么 FLYX 发表于 2018-11-17 14:39
链接: https://share.weiyun.com/5jRAwqO (密码:iKGc)
使用正版的话就自行删掉hosts,不然会被拦截无法 ...
不能用呀 这边还是要 怎么我看着像是易游啊 行为描述: 检测自身是否被调试
详情信息:
IsDebuggerPresent
行为描述: 创建互斥体
详情信息:
RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.ENJ
行为描述: 创建事件对象
详情信息:
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.ENJ.IC
EventName = MSCTF.SendReceiveConection.Event.ENJ.IC
行为描述: 打开互斥体
详情信息:
RasPbFile
ShimCacheMutex
行为描述: 查找指定窗口
详情信息:
NtUserFindWindowEx: =
NtUserFindWindowEx: =
行为描述: 打开事件
详情信息:
HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.2512
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行为描述: 获取TickCount值
详情信息:
TickCount = 283875, SleepMilliseconds = 60000.
TickCount = 283953, SleepMilliseconds = 60000.
TickCount = 284078, SleepMilliseconds = 60000.
TickCount = 284093, SleepMilliseconds = 60000.
TickCount = 284156, SleepMilliseconds = 60000.
TickCount = 284171, SleepMilliseconds = 60000.
TickCount = 284187, SleepMilliseconds = 60000.
TickCount = 284375, SleepMilliseconds = 60000.
TickCount = 284421, SleepMilliseconds = 60000.
TickCount = 284921, SleepMilliseconds = 60000.
TickCount = 285421, SleepMilliseconds = 60000.
TickCount = 285921, SleepMilliseconds = 60000.
TickCount = 286421, SleepMilliseconds = 60000.
TickCount = 286921, SleepMilliseconds = 60000.
TickCount = 287187, SleepMilliseconds = 60000.
行为描述: 窗口信息
详情信息:
Pid = 2512, Hwnd=0x10378, Text = 新密码, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x10372, Text = 推荐人, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x10370, Text = 保存账号, ClassName = Button(CheckBox).
Pid = 2512, Hwnd=0x1036e, Text = 用户名, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x10368, Text = 旧密码, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x10366, Text = 修改密码, ClassName = Button.
Pid = 2512, Hwnd=0x10364, Text = 充值, ClassName = Button.
Pid = 2512, Hwnd=0x1035e, Text = 用户名, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x1035c, Text = 充值卡密, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x1035a, Text = 登录, ClassName = Button.
Pid = 2512, Hwnd=0x10358, Text = 用户密码, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x10352, Text = 用户名, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x1034c, Text = 注册, ClassName = Button.
Pid = 2512, Hwnd=0x10348, Text = 邮箱地址, ClassName = _EL_Label.
Pid = 2512, Hwnd=0x10346, Text = 用户密码, ClassName = _EL_Label.
行为描述: 调用Sleep函数
详情信息:
: MilliSeconds = 60000.
: MilliSeconds = 0.
行为描述: 隐藏指定窗口
详情信息:
= [用户名,_EL_Label]
= [用户密码,_EL_Label]
= [邮箱地址,_EL_Label]
= [注册,Button]
= [,Edit]
= [充值卡密,_EL_Label]
= [充值,Button]
= [修改密码,Button]
= [旧密码,_EL_Label]
= [推荐人,_EL_Label]
= [新密码,_EL_Label]
= [,_EL_Timer]
行为描述: 直接获取CPU时钟
详情信息:
EAX = 0x5241699b, EDX = 0x000000b6
EAX = 0x524169e7, EDX = 0x000000b6
EAX = 0x54f46963, EDX = 0x000000b6
EAX = 0x54f469af, EDX = 0x000000b6
EAX = 0x54f469fb, EDX = 0x000000b6
EAX = 0x54f46a47, EDX = 0x000000b6
EAX = 0x54f46a93, EDX = 0x000000b6
EAX = 0x54f46adf, EDX = 0x000000b6
EAX = 0x54f46b2b, EDX = 0x000000b6
EAX = 0x54f46b77, EDX = 0x000000b6
可以自己看看 上帝也撸管儿 发表于 2018-11-17 17:11
怎么我看着像是易游啊
其实 就是 用的易游开源的 源代码 这个 可以山寨 你看一下
页:
[1]