资源描述:
《aspcak脱壳工具源码》由会员上传分享,免费在线阅读,更多相关内容在行业资料-天天文库。
1、Aspcak脱壳工具源码.386.modelflat,stdcalloptioncasemap:noneINCLUDEmasm32includekernel32.incINCLUDEmasm32includeuser32.incINCLUDEmasm32includecomdlg32.incINCLUDEmasm32includeimagehlp.incINCLUDELIBmasm32libkernel32.libINCLUDELIBmasm32libuser32
2、.libINCLUDELIBmasm32libcomdlg32.libINCLUDELIBmasm32libimagehlp.libINCLUDELIBForceLibrary.libINCLUDEmasm32includewindows.incINCLUDEForceLibrary.INCINCLUDELIBmsvcrt.libINCLUDEmsvcrt.inc;;prototypes;UnpackDaFuckerPROTO:LPSTRProcessExecutablePROTO
3、DumpAndSavePROTODbgWndProcPROTO:HWND,:UINT,:WPARAM,:LPARAMDbgWindowProcPROTO:LPVOIDCreateDbgWindowPROTOmemsetPROTO:LPVOID,:DWORD,:DWORDIsNTPROTOPasteTradeMarkPROTO:LPVOID,:LPSTRProcessLibraryPROTOExceptionHandlerPROTO:LPVOIDHandleEntryHookExctPROTO:LPV
4、OIDLibraryGetProcHookPROTOWriteFileBytePROTO:LPSTR,:DWORD,:BYTEDumpAndSaveLibraryPROTOFixPEImagePROTOMemToFilePROTO:LPSTR,:LPVOID,:DWORDExtractFileNamePROTO:LPSTR,:DWORDGetFileExtPROTO:LPSTR,:DWORDAssembleJumpPROTO:LPVOID,:LPVOIDHookKiUserExceptionDisp
5、atcherPROTO:LPVOIDUnhookKiUserExceptionDispatcherPROTOGetSizeOfExtraDataPROTO:LPVOID,:DWORD,:LPVOID;DEBUG_APIHOOKEQU1;------STRUCTs----------------------------------------------------------------------------------APIHOOKSTUBSTRUCT1_PUSHADDB060hIFDEFDEB
6、UG_APIHOOK_INT3DB0CChENDIF_PUSH0DW0006Ah_PUSH0_2DW0006Ah_PUSHDWDB068h_PUSHWMDDWM_DEBUGGEE_GETPROC_CALL_PUSHDW_2DB068h_PUSHHWNDDD?;debugwindowhandle_MOVEAXDWDB0B8h_MOVVALDD?;addressofSendMessageAPI_CALLEAXDW0D0FFh_POPADDB061h_JMPDWDB0E9h_JMPADDRDD?;jump
7、relatedaddressofGetProcAddressAPIAPIHOOKSTUBENDS;------CONST---------------------------------------------------------------------------------.CONSTDEQUDWORDPTRWEQUWORDPTRBEQUBYTEPTRVA_SHAREDEQU08000000h;Undocumentedflagfor"VirtualAlloc"togetsharedmemor
8、y;on9x/MEWM_DEBUGGEE_GETPROC_CALLEQUWM_USER+"y"DEPACK_WAIT_COUNTEQU3000DEBUGGEE_KILL_VALUEEQU4321OFN_SAVE_FLAGSEQUOFN_FILEMUSTEXIST+OFN_PATHMUSTEXIST+OFN_LONGNAMES+OFN_EXPLORER+OFN_HIDEREADONLY+OFN_OVERWRITEPROMPTszNtDllDB"NTDLL",0szKi
