Thuật toán và giải thuật tạo serial của IDM [Hướng dẫn chi tiết]

[phuongnguyen]

Ngày 30/4 vừa rồi, IDM của mình update và nó lại "Unregister version", nên mình reverse nó và la liếm được vài thứ.

Đầu tiên, đó là code thô :

Mã:

Vì dài nên mình để ở #2 và #3.

Thuật toán kiếm tra serial của IDM như sau :

Giải sử serial ta nhập vào là : abcde-xxxxx-xxxxx-xxxxx

IDM sẽ check serial đó như sau :

Kiếm tra chuỗi có đúng format sau hay không : xxxxx-xxxxx-xxxxx-xxxxx , nếu không thì loại ; kiểm tra mỗi kí tự có từ a-z, hay A-Z, hay 0-9 hay không, nếu không thì loại ; nếu có kí tự thường thì cho chuyển sang in hoa hết.

Cho chuỗi : "2YOPB3AQCVUXMNRS97WE0IZD4KLFGHJ8165T". Chuỗi này có 36 kí tự, đánh index từ 0 tới 35.

Tách serial thành 4 phần được chia bởi dấu '-', nghĩa là phần 1 là abcde, phần 2, 3, 4 tương tự.

Check phần 1 :

Lấy index của các kí tự a, b, c, d, e trong abcde theo chuỗi "2YOPB3AQCVUXMNRS97WE0IZD4KLFGHJ8165T".

Nghĩa là , giả sử a = '2', thì index(a) = 0 ; b = 'O' thì index(b) = 2.

Tính :

Sum = (((index(a)*37+ index(b))*37 + index(c))*37 + index(d))*37 + index(e);

Nếu Sum chia hết cho 43 thì Phần 1 OK.

Check phần 2 :

Tương tự, tính đến Sum.

Nếu Sum chia hết cho 23 thì phần 2 OK.

Check phần 3 :

Tương tự, tính đến Sum.

Nếu Sum chia hết cho 17 thì phần 3 OK.

Check phần 4 :

Tương tự, tính đến Sum.

Nếu Sum chia hết cho 53 thì phần 4 OK.


Từ thuật toán check serial như trên, ta có được giải thuật tạo serial hợp lệ như sau:

Mã:

#include <iostream>#include <ctime> // khai báo để sử dụng time() #include <math.h> #include <cstdlib> // Khai báo để sử dụng rand() và srand()  int _tmain(int argc, _TCHAR* argv[]) {     using namespace std;      char ChuoiConst[37] = "2YOPB3AQCVUXMNRS97WE0IZD4KLFGHJ8165T";     int nSoChia[4] = {43, 23, 17, 53};      srand(time(0));      int a = rand() % 36; // sinh số ngẫu nhiên từ 0 => 35     int b = rand() % 36;     int c = rand() % 36;     int d = 0, e = 0;      for (register int i = 0 ; i < 4 ; i++)     {         do         {             d = rand() % 36;             e = rand() % 36;         }         while (((((a*37 + b)*37 + c)*37 + d)*37 + e) % nSoChia[i] != 0);           cout<<ChuoiConst[a]<<ChuoiConst[b]<<ChuoiConst[c]<<ChuoiConst[d]<<ChuoiConst[e]<<((i  == 3) ? "":"-");     }      cout<<endl;     cin.get();     return 0; }

Để check serial, cần chặn host check serial của IDM bằng cách thêm 2 dòng sau vào file hosts (/System32/driver/etc/hosts ):

Mã:

 127.0.0.1 www.internetdownloadmanager.com
 127.0.0.1 registeridm.com

View more random threads:

• Thư Viện Hỗ trợ Hook API
• Tìm hiểu về thư viện liên kết động trên Win32 API
• C++ : Convert TCVN3 to Unicode và ngược lại Unicode to TCVN3
• Một số hàm thao tác chuỗi hay dùng trong VC++
• OpenMP for beginner!!!
• Chỗ Nào Sửa Chữa PC Ưu Đãi Tại Nhà Quận 10
• Hỏi về: Làm sao để xóa đề tài này hoặc di chuyển sang mục khác
• Using __cpuid to get CPU information!!!
• Ghi dữ liệu lên file trong Lập trình VC++
• What is the Funcition Pointer ?

[kysybongdemictu]

Code thô :

Mã:

004E2D30 /. 55 PUSH EBP004E2D31 |. 8BE>MOV EBP,ESP004E2D33 |. 6A >PUSH -1004E2D35 |. 68 >PUSH IDMan.005D27B5 ; SE handler installation004E2D3A |. 64:>MOV EAX,DWORD PTR FS:[0]004E2D40 |. 50 PUSH EAX004E2D41 |. 64:>MOV DWORD PTR FS:[0],ESP004E2D48 |. 81E>SUB ESP,388004E2D4E |. 53 PUSH EBX004E2D4F |. 56 PUSH ESI ; IDMan.005FBD18004E2D50 |. 57 PUSH EDI004E2D51 |. 8D8>LEA EAX,[LOCAL.80]004E2D57 |. 896>MOV [LOCAL.4],ESP004E2D5A |. 6A >PUSH 32 ; /Arg3 = 00000032004E2D5C |. 8BD>MOV EBX,ECX ; |USER32.7E4321CC004E2D5E |. 50 PUSH EAX ; |Arg2 = 00000017004E2D5F |. 68 >PUSH 4B0 ; |Arg1 = 000004B0004E2D64 |. 895>MOV [LOCAL.14],EBX ; |004E2D67 |. C60>MOV BYTE PTR DS:[69404C],32 ; |004E2D6E |. C60>MOV BYTE PTR DS:[69404D],59 ; |004E2D75 |. C60>MOV BYTE PTR DS:[69404E],4F ; |004E2D7C |. C60>MOV BYTE PTR DS:[69404F],50 ; |004E2D83 |. C60>MOV BYTE PTR DS:[694050],42 ; |004E2D8A |. C60>MOV BYTE PTR DS:[694051],33 ; |004E2D91 |. C60>MOV BYTE PTR DS:[694052],41 ; |004E2D98 |. C60>MOV BYTE PTR DS:[694053],51 ; |004E2D9F |. C60>MOV BYTE PTR DS:[694054],43 ; |004E2DA6 |. C60>MOV BYTE PTR DS:[694055],56 ; |004E2DAD |. C60>MOV BYTE PTR DS:[694056],55 ; |004E2DB4 |. C60>MOV BYTE PTR DS:[694057],58 ; |004E2DBB |. C60>MOV BYTE PTR DS:[694058],4D ; |004E2DC2 |. C60>MOV BYTE PTR DS:[694059],4E ; |004E2DC9 |. C60>MOV BYTE PTR DS:[69405A],52 ; |004E2DD0 |. C60>MOV BYTE PTR DS:[69405B],53 ; |004E2DD7 |. C60>MOV BYTE PTR DS:[69405C],39 ; |004E2DDE |. C60>MOV BYTE PTR DS:[69405D],37 ; |004E2DE5 |. C60>MOV BYTE PTR DS:[69405E],57 ; |004E2DEC |. C60>MOV BYTE PTR DS:[69405F],45 ; |004E2DF3 |. C60>MOV BYTE PTR DS:[694060],30 ; |004E2DFA |. C60>MOV BYTE PTR DS:[694061],49 ; |004E2E01 |. C60>MOV BYTE PTR DS:[694062],5A ; |004E2E08 |. C60>MOV BYTE PTR DS:[694063],44 ; |004E2E0F |. C60>MOV BYTE PTR DS:[694064],34 ; |004E2E16 |. C60>MOV BYTE PTR DS:[694065],4B ; |004E2E1D |. C60>MOV BYTE PTR DS:[694066],4C ; |004E2E24 |. C60>MOV BYTE PTR DS:[694067],46 ; |004E2E2B |. C60>MOV BYTE PTR DS:[694068],47 ; |004E2E32 |. C60>MOV BYTE PTR DS:[694069],48 ; |004E2E39 |. C60>MOV BYTE PTR DS:[69406A],4A ; |004E2E40 |. C60>MOV BYTE PTR DS:[69406B],38 ; |004E2E47 |. C60>MOV BYTE PTR DS:[69406C],31 ; |004E2E4E |. C60>MOV BYTE PTR DS:[69406D],36 ; |004E2E55 |. C60>MOV BYTE PTR DS:[69406E],35 ; |004E2E5C |. C60>MOV BYTE PTR DS:[69406F],54 ; |004E2E63 |. C74>MOV [LOCAL.1],0 ; |004E2E6A |. E8 >CALL IDMan.005AEF52 ; \Get First Name004E2E6F |. 85C>TEST EAX,EAX004E2E71 |. 75 >JNZ SHORT IDMan.004E2E98004E2E73 |. 8B0>MOV ECX,DWORD PTR DS:[694914]004E2E79 |. 50 PUSH EAX004E2E7A |. 68 >PUSH IDMan.006680A4 ; ASCII "Internet Download Manager"004E2E7F |> 51 PUSH ECX ; USER32.7E4321CC004E2E80 |> 8BC>MOV ECX,EBX004E2E82 |> E8 >CALL IDMan.005ADAC4004E2E87 |. 8B4>MOV ECX,[LOCAL.3]004E2E8A |. 64:>MOV DWORD PTR FS:[0],ECX ; USER32.7E4321CC004E2E91 |. 5F POP EDI ; 0012DAFC004E2E92 |. 5E POP ESI ; 0012DAFC004E2E93 |. 5B POP EBX ; 0012DAFC004E2E94 |. 8BE>MOV ESP,EBP004E2E96 |. 5D POP EBP ; 0012DAFC004E2E97 |. C3 RETN004E2E98 |> 8D9>LEA EDX,[LOCAL.54]004E2E9E |. 6A >PUSH 32 ; /Arg3 = 00000032004E2EA0 |. 52 PUSH EDX ; |Arg2 = 7C90E514004E2EA1 |. 68 >PUSH 413 ; |Arg1 = 00000413004E2EA6 |. 8BC>MOV ECX,EBX ; |004E2EA8 |. E8 >CALL IDMan.005AEF52 ; \Get Last Name004E2EAD |. 85C>TEST EAX,EAX004E2EAF |. 75 >JNZ SHORT IDMan.004E2EBF004E2EB1 |. 50 PUSH EAX004E2EB2 |. A1 >MOV EAX,DWORD PTR DS:[694910]004E2EB7 |. 68 >PUSH IDMan.006680A4 ; ASCII "Internet Download Manager"004E2EBC |. 50 PUSH EAX004E2EBD |.^ EB >JMP SHORT IDMan.004E2E80004E2EBF |> 8D8>LEA ECX,[LOCAL.67]004E2EC5 |. 6A >PUSH 32 ; /Arg3 = 00000032004E2EC7 |. 51 PUSH ECX ; |Arg2 = 7E4321CC004E2EC8 |. 68 >PUSH 4A5 ; |Arg1 = 000004A5004E2ECD |. 8BC>MOV ECX,EBX ; |004E2ECF |. E8 >CALL IDMan.005AEF52 ; \Get Email004E2ED4 |. 85C>TEST EAX,EAX004E2ED6 |. 75 >JNZ SHORT IDMan.004E2EE7004E2ED8 |. 8B1>MOV EDX,DWORD PTR DS:[69490C]004E2EDE |. 50 PUSH EAX004E2EDF |. 68 >PUSH IDMan.006680A4 ; ASCII "Internet Download Manager"004E2EE4 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E2EE5 |.^ EB >JMP SHORT IDMan.004E2E80004E2EE7 |> 8D8>LEA EAX,[LOCAL.33]004E2EED |. 6A >PUSH 32 ; /Arg3 = 00000032004E2EEF |. 50 PUSH EAX ; |Arg2 = 00000017004E2EF0 |. 68 >PUSH 4AA ; |Arg1 = 000004AA004E2EF5 |. 8BC>MOV ECX,EBX ; |004E2EF7 |. E8 >CALL IDMan.005AEF52 ; \Get Serial Number004E2EFC |. 85C>TEST EAX,EAX004E2EFE |. 75 >JNZ SHORT IDMan.004E2F11004E2F00 |. 8B0>MOV ECX,DWORD PTR DS:[694908]004E2F06 |. 50 PUSH EAX004E2F07 |. 68 >PUSH IDMan.006680A4 ; ASCII "Internet Download Manager"004E2F0C |.^ E9 >JMP IDMan.004E2E7F004E2F11 |> B2 >MOV DL,20 ; DL = 20h004E2F13 |> 389>/CMP BYTE PTR SS:[EBP-84],DL ; Ki tu dau tien cua serial == " "004E2F19 |. 75 >|JNZ SHORT IDMan.004E2F77004E2F1B |. 8DB>|LEA EDI,DWORD PTR SS:[EBP-83]004E2F21 |. 83C>|OR ECX,FFFFFFFF004E2F24 |. 33C>|XOR EAX,EAX004E2F26 |. 8DB>|LEA ESI,[LOCAL.125]004E2F2C |. F2:>|REPNE SCAS BYTE PTR ES:[EDI]004E2F2E |. F7D>|NOT ECX ; USER32.7E4321CC004E2F30 |. 2BF>|SUB EDI,ECX ; USER32.7E4321CC004E2F32 |. 897>|MOV [LOCAL.9],ESI ; IDMan.005FBD18004E2F35 |. 8BC>|MOV EAX,ECX ; USER32.7E4321CC004E2F37 |. 8BF>|MOV ESI,EDI004E2F39 |. 8B7>|MOV EDI,[LOCAL.9]004E2F3C |. C1E>|SHR ECX,2004E2F3F |. F3:>|REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:>004E2F41 |. 8BC>|MOV ECX,EAX004E2F43 |. 33C>|XOR EAX,EAX004E2F45 |. 83E>|AND ECX,3004E2F48 |. F3:>|REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[E>004E2F4A |. 8DB>|LEA EDI,[LOCAL.125]004E2F50 |. 83C>|OR ECX,FFFFFFFF004E2F53 |. F2:>|REPNE SCAS BYTE PTR ES:[EDI]004E2F55 |. F7D>|NOT ECX ; USER32.7E4321CC004E2F57 |. 8DB>|LEA ESI,[LOCAL.33]004E2F5D |. 2BF>|SUB EDI,ECX ; USER32.7E4321CC004E2F5F |. 8BC>|MOV EAX,ECX ; USER32.7E4321CC004E2F61 |. 897>|MOV [LOCAL.9],ESI ; IDMan.005FBD18004E2F64 |. 8BF>|MOV ESI,EDI004E2F66 |. 8B7>|MOV EDI,[LOCAL.9]004E2F69 |. C1E>|SHR ECX,2004E2F6C |. F3:>|REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:>004E2F6E |. 8BC>|MOV ECX,EAX004E2F70 |. 83E>|AND ECX,3004E2F73 |. F3:>|REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[E>004E2F75 |.^ EB >\JMP SHORT IDMan.004E2F13004E2F77 |> 8DB>LEA EDI,[LOCAL.33]004E2F7D |. 83C>OR ECX,FFFFFFFF004E2F80 |. 33C>XOR EAX,EAX004E2F82 |. F2:>REPNE SCAS BYTE PTR ES:[EDI]004E2F84 |. F7D>NOT ECX ; USER32.7E4321CC004E2F86 |. 49 DEC ECX ; Check stren(serial number) == 0004E2F87 |. 75 >JNZ SHORT IDMan.004E2F9B004E2F89 |> 8B0>MOV ECX,DWORD PTR DS:[694904]004E2F8F |. 6A >PUSH 0004E2F91 |. 68 >PUSH IDMan.006680A4 ; ASCII "Internet Download Manager"004E2F96 |.^ E9 >JMP IDMan.004E2E7F004E2F9B |> 8DB>/LEA EDI,[LOCAL.33]004E2FA1 |. 83C>|OR ECX,FFFFFFFF004E2FA4 |. 33C>|XOR EAX,EAX004E2FA6 |. F2:>|REPNE SCAS BYTE PTR ES:[EDI]004E2FA8 |. F7D>|NOT ECX ; USER32.7E4321CC004E2FAA |. 49 |DEC ECX ; USER32.7E4321CC004E2FAB |. 389>|CMP BYTE PTR SS:[EBP+ECX-85],DL ; Check ki tu cuoi cua serial == " "004E2FB2 |. 75 >|JNZ SHORT IDMan.004E2FCD004E2FB4 |. 8DB>|LEA EDI,[LOCAL.33]004E2FBA |. 83C>|OR ECX,FFFFFFFF004E2FBD |. 33C>|XOR EAX,EAX004E2FBF |. F2:>|REPNE SCAS BYTE PTR ES:[EDI]004E2FC1 |. F7D>|NOT ECX ; USER32.7E4321CC004E2FC3 |. 49 |DEC ECX ; USER32.7E4321CC004E2FC4 |. 888>|MOV BYTE PTR SS:[EBP+ECX-85],AL004E2FCB |.^ EB >\JMP SHORT IDMan.004E2F9B004E2FCD |> 8D9>LEA EDX,[LOCAL.33]004E2FD3 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E2FD4 |. E8 >CALL IDMan.005964EB ; Check serial co chua' chu cai , hay dau cach hay ko ?004E2FD9 |. 8DB>LEA EDI,[LOCAL.33]004E2FDF |. 83C>OR ECX,FFFFFFFF004E2FE2 |. 33C>XOR EAX,EAX004E2FE4 |. 83C>ADD ESP,4004E2FE7 |. F2:>REPNE SCAS BYTE PTR ES:[EDI]004E2FE9 |. F7D>NOT ECX ; USER32.7E4321CC004E2FEB |. 49 DEC ECX ; USER32.7E4321CC004E2FEC |. 83F>CMP ECX,17004E2FEF |.^ 75 >JNZ SHORT IDMan.004E2F89004E2FF1 |. 8A4>MOV CL,BYTE PTR SS:[EBP-7F]004E2FF4 |. 884>MOV BYTE PTR SS:[EBP-11],AL004E2FF7 |. B0 >MOV AL,2D004E2FF9 |. 3AC>CMP CL,AL ; CHeck -004E2FFB |. 75 >JNZ SHORT IDMan.004E3007004E2FFD |. 384>CMP BYTE PTR SS:[EBP-79],AL004E3000 |. 75 >JNZ SHORT IDMan.004E3007004E3002 |. 384>CMP BYTE PTR SS:[EBP-73],AL004E3005 |. 74 >JE SHORT IDMan.004E300B004E3007 |> C64>MOV BYTE PTR SS:[EBP-11],1004E300B |> 8D8>LEA EAX,[LOCAL.33]004E3011 |. 6A >PUSH 5004E3013 |. 8D4>LEA ECX,[LOCAL.9]004E3016 |. 50 PUSH EAX004E3017 |. 51 PUSH ECX ; USER32.7E4321CC004E3018 |. E8 >CALL IDMan.00593AC0 ; local 9 = nhom 1004E301D |. 8D5>LEA EDX,DWORD PTR SS:[EBP-7E]004E3020 |. 6A >PUSH 5004E3022 |. 8D4>LEA EAX,[LOCAL.13] ; local 13 = nhom 2004E3025 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E3026 |. 50 PUSH EAX004E3027 |. E8 >CALL IDMan.00593AC0004E302C |. 8D4>LEA ECX,[LOCAL.30]004E302F |. 6A >PUSH 5004E3031 |. 8D5>LEA EDX,[LOCAL.11]004E3034 |. 51 PUSH ECX ; USER32.7E4321CC004E3035 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E3036 |. E8 >CALL IDMan.00593AC0 ; local 11 = nhom 3004E303B |. 8D4>LEA EAX,DWORD PTR SS:[EBP-72]004E303E |. 6A >PUSH 5004E3040 |. 8D4>LEA ECX,[LOCAL.20]004E3043 |. 50 PUSH EAX004E3044 |. 51 PUSH ECX ; USER32.7E4321CC004E3045 |. E8 >CALL IDMan.00593AC0 ; local 20 = nhom 4004E304A |. 33F>XOR EDI,EDI004E304C |. 83C>ADD ESP,30004E304F |. C64>MOV BYTE PTR SS:[EBP-1F],0004E3053 |. C64>MOV BYTE PTR SS:[EBP-2F],0004E3057 |. C64>MOV BYTE PTR SS:[EBP-27],0004E305B |. C64>MOV BYTE PTR SS:[EBP-4B],0004E305F |. 897>MOV [LOCAL.6],EDI ; local 6 = edi = 0004E3062 |. 33F>XOR ESI,ESI ; Ma hoa nhom 4004E3064 |> 83F>CMP ESI,5 ; esi >= 5004E3067 |. 7D >JGE SHORT IDMan.004E309B004E3069 |. 8A5>MOV DL,BYTE PTR SS:[EBP+ESI-24] ; DL = nhom 4[esi]004E306D |. 83C>OR ECX,FFFFFFFF ; ecx = -1004E3070 |. 33C>XOR EAX,EAX ; eax = 0004E3072 |> 83F>/CMP EAX,24004E3075 |. 7D >|JGE SHORT IDMan.004E3081 ; eax >= 24h004E3077 |. 389>|CMP BYTE PTR DS:[EAX+69404C],DL ; plainttext[eax] != DL004E307D |. 75 >|JNZ SHORT IDMan.004E3094004E307F |. 8BC>|MOV ECX,EAX ; ecx = eax004E3081 |> 83F>|CMP ECX,-1004E3084 |. 74 >|JE SHORT IDMan.004E3097 ; ecx == -1004E3086 |. 8D1>|LEA EDX,DWORD PTR DS:[EDI+EDI*8] ; edx = edi + edi*8004E3089 |. 03C>|ADD ECX,EDI ; ecx += edi004E308B |. 46 |INC ESI ; esi ++004E308C |. 8D3>|LEA EDI,DWORD PTR DS:[ECX+EDX*4] ; edi = ecx + edx*4004E308F |. 897>|MOV [LOCAL.6],EDI ; local 6 = edi004E3092 |.^ EB >|JMP SHORT IDMan.004E3064004E3094 |> 40 |INC EAX ; eax ++004E3095 |.^ EB >\JMP SHORT IDMan.004E3072004E3097 |> C64>MOV BYTE PTR SS:[EBP-11],1004E309B |> 33F>XOR EDI,EDI ; edi = 0004E309D |. 33F>XOR ESI,ESI ; esi = 0004E309F |. 897>MOV [LOCAL.7],EDI ; local 7 = edi = 0004E30A2 |> 83F>CMP ESI,5 ; Ma hoa nhom 3004E30A5 |. 7D >JGE SHORT IDMan.004E30D9 ; esi >= 5004E30A7 |. 8A5>MOV DL,BYTE PTR SS:[EBP+ESI-34] ; dl = nhom 3[esi]004E30AB |. 83C>OR ECX,FFFFFFFF ; ecx = -1004E30AE |. 33C>XOR EAX,EAX ; eax = 0004E30B0 |> 83F>/CMP EAX,24004E30B3 |. 7D >|JGE SHORT IDMan.004E30BF ; eax >= 24004E30B5 |. 389>|CMP BYTE PTR DS:[EAX+69404C],DL004E30BB |. 75 >|JNZ SHORT IDMan.004E30D2 ; plainttext[eax] != DL004E30BD |. 8BC>|MOV ECX,EAX ; ecx = eax004E30BF |> 83F>|CMP ECX,-1 ; ecx == -1004E30C2 |. 74 >|JE SHORT IDMan.004E30D5004E30C4 |. 8D0>|LEA EAX,DWORD PTR DS:[EDI+EDI*8] ; eax = edi + edi*8004E30C7 |. 03C>|ADD ECX,EDI ; ecx += edi004E30C9 |. 46 |INC ESI ; esi ++004E30CA |. 8D3>|LEA EDI,DWORD PTR DS:[ECX+EAX*4] ; edi = ecx + eax*4004E30CD |. 897>|MOV [LOCAL.7],EDI ; local 7 = edi004E30D0 |.^ EB >|JMP SHORT IDMan.004E30A2004E30D2 |> 40 |INC EAX ; eax ++004E30D3 |.^ EB >\JMP SHORT IDMan.004E30B0004E30D5 |> C64>MOV BYTE PTR SS:[EBP-11],1004E30D9 |> 33D>XOR EBX,EBX ; ebx = 0004E30DB |. 33F>XOR ESI,ESI ; esi = 0004E30DD |> 83F>CMP ESI,5 ; Ma hoa nhom 2004E30E0 |. 7D >JGE SHORT IDMan.004E3111 ; esi >= 5004E30E2 |. 8A5>MOV DL,BYTE PTR SS:[EBP+ESI-2C] ; dl = nhom 2[esi]004E30E6 |. 83C>OR ECX,FFFFFFFF ; ecx = -1004E30E9 |. 33C>XOR EAX,EAX ; eax = 0004E30EB |> 83F>/CMP EAX,24004E30EE |. 7D >|JGE SHORT IDMan.004E30FA ; eax >= 24004E30F0 |. 389>|CMP BYTE PTR DS:[EAX+69404C],DL ; plainttext[eax] != DL004E30F6 |. 75 >|JNZ SHORT IDMan.004E310A004E30F8 |. 8BC>|MOV ECX,EAX ; ecx = eax004E30FA |> 83F>|CMP ECX,-1 ; ecx == -1004E30FD |. 74 >|JE SHORT IDMan.004E310D004E30FF |. 8D1>|LEA EDX,DWORD PTR DS:[EBX+EBX*8] ; edx = ebx + ebx*8004E3102 |. 03C>|ADD ECX,EBX ; ecx += ebx004E3104 |. 46 |INC ESI ; esi++004E3105 |. 8D1>|LEA EBX,DWORD PTR DS:[ECX+EDX*4] ; ebx = ecx + edx*4004E3108 |.^ EB >|JMP SHORT IDMan.004E30DD004E310A |> 40 |INC EAX ; eax ++004E310B |.^ EB >\JMP SHORT IDMan.004E30EB004E310D |> C64>MOV BYTE PTR SS:[EBP-11],1004E3111 |> 33F>XOR EDI,EDI ; edi = 0004E3113 |. 33F>XOR ESI,ESI ; esi = 0004E3115 |> 83F>CMP ESI,5 ; Ma hoa nhom 1004E3118 |. 7D >JGE SHORT IDMan.004E3145 ; esi >= 5004E311A |. 8A5>MOV DL,BYTE PTR SS:[EBP+ESI-50] ; DL = nhom 1[esi]004E311E |. 83C>OR ECX,FFFFFFFF ; ecx = -1004E3121 |. 33C>XOR EAX,EAX ; eax = 0004E3123 |> 83F>/CMP EAX,24004E3126 |. 7D >|JGE SHORT IDMan.004E3132 ; eax >= 24004E3128 |. 389>|CMP BYTE PTR DS:[EAX+69404C],DL004E312E |. 75 >|JNZ SHORT IDMan.004E3142 ; plainttext[eax] != DL004E3130 |. 8BC>|MOV ECX,EAX ; ecx = eax004E3132 |> 83F>|CMP ECX,-1 ; ecx == -1004E3135 |. 74 >|JE SHORT IDMan.004E314C004E3137 |. 8D0>|LEA EAX,DWORD PTR DS:[EDI+EDI*8] ; eax = edi + edi*8004E313A |. 03C>|ADD ECX,EDI ; ecx += edi004E313C |. 46 |INC ESI ; esi++004E313D |. 8D3>|LEA EDI,DWORD PTR DS:[ECX+EAX*4] ; edi = ecx + eax*4004E3140 |.^ EB >|JMP SHORT IDMan.004E3115004E3142 |> 40 |INC EAX ; eax ++004E3143 |.^ EB >\JMP SHORT IDMan.004E3123004E3145 |> 8A4>MOV AL,BYTE PTR SS:[EBP-11]004E3148 |. 84C>TEST AL,AL004E314A |. 74 >JE SHORT IDMan.004E3162 ; Check == 0 ( qua can = 0 )004E314C |> 8B0>MOV ECX,DWORD PTR DS:[694904]004E3152 |. 6A >PUSH 0004E3154 |. 68 >PUSH IDMan.006680A4 ; ASCII "Internet Download Manager"004E3159 |. 51 PUSH ECX ; USER32.7E4321CC004E315A |. 8B4>MOV ECX,[LOCAL.14]004E315D |.^ E9 >JMP IDMan.004E2E82004E3162 |> 8B4>MOV ECX,[LOCAL.6] ; ecx = local 6004E3165 |. BE >MOV ESI,2B ; esi = 2B004E316A |. 8BC>MOV EAX,ECX ; eax = ecx004E316C |. 99 CDQ ; EDX:EAX ( mo rong )004E316D |. F7F>IDIV ESI ; EDX = EAX % ESI004E316F |. 85D>TEST EDX,EDX ; ntdll.KiFastSystemCallRet004E3171 |. 75 >JNZ SHORT IDMan.004E3177 ; EDX phai? = 0004E3173 |. 85C>TEST ECX,ECX ; USER32.7E4321CC004E3175 |. 75 >JNZ SHORT IDMan.004E317B004E3177 |> C64>MOV BYTE PTR SS:[EBP-11],1004E317B |> 8B4>MOV ECX,[LOCAL.7] ; ecx = local 7004E317E |. BE >MOV ESI,17 ; esi = 17004E3183 |. 8BC>MOV EAX,ECX ; eax = ecx004E3185 |. 99 CDQ ; EDX:EAX004E3186 |. F7F>IDIV ESI ; EDX = EAX % ESI004E3188 |. 85D>TEST EDX,EDX ; ntdll.KiFastSystemCallRet004E318A |. 75 >JNZ SHORT IDMan.004E3190 ; EDX phai? = 0004E318C |. 85C>TEST ECX,ECX ; USER32.7E4321CC004E318E |. 75 >JNZ SHORT IDMan.004E3194004E3190 |> C64>MOV BYTE PTR SS:[EBP-11],1004E3194 |> 8BC>MOV EAX,EBX ; eax =ebx004E3196 |. B9 >MOV ECX,11 ; ecx = 11004E319B |. 99 CDQ004E319C |. F7F>IDIV ECX ; edx = eax % ecx004E319E |. 85D>TEST EDX,EDX ; ntdll.KiFastSystemCallRet004E31A0 |. 75 >JNZ SHORT IDMan.004E31A6 ; edx phai? = 0004E31A2 |. 85D>TEST EBX,EBX004E31A4 |. 75 >JNZ SHORT IDMan.004E31AA004E31A6 |> C64>MOV BYTE PTR SS:[EBP-11],1004E31AA |> 8BC>MOV EAX,EDI ; eax = edi004E31AC |. B9 >MOV ECX,35 ; ecx = 35004E31B1 |. 99 CDQ004E31B2 |. F7F>IDIV ECX ; edx = eax % ecx004E31B4 |. 85D>TEST EDX,EDX ; ntdll.KiFastSystemCallRet004E31B6 |. 75 >JNZ SHORT IDMan.004E31C3 ; EDX phai? = 0004E31B8 |. 85F>TEST EDI,EDI004E31BA |. 74 >JE SHORT IDMan.004E31C3004E31BC |. 8A4>MOV AL,BYTE PTR SS:[EBP-11]004E31BF |. 84C>TEST AL,AL004E31C1 |. 74 >JE SHORT IDMan.004E31D9004E31C3 |> 8B1>MOV EDX,DWORD PTR DS:[694904]004E31C9 |. 8B4>MOV ECX,[LOCAL.14]004E31CC |. 6A >PUSH 0004E31CE |. 68 >PUSH IDMan.006680A4 ; ASCII "Internet Download Manager"004E31D3 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E31D4 |.^ E9 >JMP IDMan.004E2E82004E31D9 |> 8D4>LEA EAX,[LOCAL.15]004E31DC |. 6A >PUSH 0 ; /pDisposition = NULL004E31DE |. 50 PUSH EAX ; |pHandle = 00000017004E31DF |. 6A >PUSH 0 ; |pSecurity = NULL004E31E1 |. 68 >PUSH 0F003F ; |Access = KEY_ALL_ACCESS004E31E6 |. 6A >PUSH 0 ; |Options = REG_OPTION_NON_VOLATILE004E31E8 |. 6A >PUSH 0 ; |Class = NULL004E31EA |. 6A >PUSH 0 ; |Reserved = 0004E31EC |. 68 >PUSH IDMan.00667E58 ; |Subkey = "SOFTWARE\\Internet Download Manager"004E31F1 |. 68 >PUSH 80000002 ; |hKey = HKEY_LOCAL_MACHINE004E31F6 |. FF1>CALL DWORD PTR DS:[<&ADVAPI32.RegCreateKey>; \RegCreateKeyExA004E31FC |. 85C>TEST EAX,EAX004E31FE |. 74 >JE SHORT IDMan.004E3209004E3200 |. 8B0>MOV ECX,DWORD PTR DS:[693C54]004E3206 |. 894>MOV [LOCAL.15],ECX ; USER32.7E4321CC004E3209 |> 8DB>LEA EDI,[LOCAL.80]004E320F |. 83C>OR ECX,FFFFFFFF004E3212 |. 33C>XOR EAX,EAX004E3214 |. 8B1>MOV EDX,DWORD PTR DS:[69429C]004E321A |. F2:>REPNE SCAS BYTE PTR ES:[EDI]004E321C |. 8B3>MOV ESI,DWORD PTR DS:[<&ADVAPI32.RegSetVal>; ADVAPI32.RegSetValueExA004E3222 |. 8D8>LEA EAX,[LOCAL.80]004E3228 |. F7D>NOT ECX ; USER32.7E4321CC004E322A |. 51 PUSH ECX ; /BufSize = 7E4321CC (2118328780.)004E322B |. 8B4>MOV ECX,[LOCAL.15] ; |004E322E |. 50 PUSH EAX ; |Buffer = 00000017004E322F |. 6A >PUSH 1 ; |ValueType = REG_SZ004E3231 |. 6A >PUSH 0 ; |Reserved = 0004E3233 |. 52 PUSH EDX ; |ValueName = "Í\xA4$"004E3234 |. 51 PUSH ECX ; |hKey = 7E4321CC004E3235 |. FFD>CALL ESI ; \RegSetValueExA004E3237 |. 85C>TEST EAX,EAX004E3239 |. 74 >JE SHORT IDMan.004E3272004E323B |. 50 PUSH EAX004E323C |. 8D9>LEA EDX,[LOCAL.112]004E3242 |. 68 >PUSH IDMan.0067F344 ; ASCII "Reg err1 in CRgDlg::OnOk, err = %ld"004E3247 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E3248 |. E8 >CALL IDMan.00593F4A004E324D |. 8D8>LEA EAX,[LOCAL.112]004E3253 |> 50 PUSH EAX ; |Arg1 = 00000017004E3254 |. E8 >CALL IDMan.0047BD50 ; \IDMan.0047BD50004E3259 |. 8B0>MOV ECX,DWORD PTR DS:[694B7C]004E325F |. 83C>ADD ESP,10004E3262 |. 6A >PUSH 0004E3264 |. 68 >PUSH IDMan.006680A4 ; ASCII "Internet Download Manager"004E3269 |. 51 PUSH ECX ; USER32.7E4321CC004E326A |. 8B4>MOV ECX,[LOCAL.14]004E326D |.^ E9 >JMP IDMan.004E2E82004E3272 |> 8DB>LEA EDI,[LOCAL.54]004E3278 |. 83C>OR ECX,FFFFFFFF004E327B |. 33C>XOR EAX,EAX004E327D |. 8B1>MOV EDX,DWORD PTR DS:[694298]004E3283 |. F2:>REPNE SCAS BYTE PTR ES:[EDI]004E3285 |. F7D>NOT ECX ; USER32.7E4321CC004E3287 |. 8D8>LEA EAX,[LOCAL.54]004E328D |. 51 PUSH ECX ; USER32.7E4321CC004E328E |. 8B4>MOV ECX,[LOCAL.15]004E3291 |. 50 PUSH EAX004E3292 |. 6A >PUSH 1004E3294 |. 6A >PUSH 0004E3296 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E3297 |. 51 PUSH ECX ; USER32.7E4321CC004E3298 |. FFD>CALL ESI ; IDMan.005FBD18004E329A |. 85C>TEST EAX,EAX004E329C |. 74 >JE SHORT IDMan.004E32B8004E329E |. 50 PUSH EAX004E329F |. 8D9>LEA EDX,[LOCAL.112]004E32A5 |. 68 >PUSH IDMan.0067F320 ; ASCII "Reg err2 in CRgDlg::OnOk, err = %ld"004E32AA |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E32AB |. E8 >CALL IDMan.00593F4A004E32B0 |. 8D8>LEA EAX,[LOCAL.112]004E32B6 |.^ EB >JMP SHORT IDMan.004E3253004E32B8 |> 8DB>LEA EDI,[LOCAL.67]004E32BE |. 83C>OR ECX,FFFFFFFF004E32C1 |. 33C>XOR EAX,EAX004E32C3 |. 8B1>MOV EDX,DWORD PTR DS:[694294]004E32C9 |. F2:>REPNE SCAS BYTE PTR ES:[EDI]004E32CB |. F7D>NOT ECX ; USER32.7E4321CC004E32CD |. 8D8>LEA EAX,[LOCAL.67]004E32D3 |. 51 PUSH ECX ; USER32.7E4321CC004E32D4 |. 8B4>MOV ECX,[LOCAL.15]004E32D7 |. 50 PUSH EAX004E32D8 |. 6A >PUSH 1004E32DA |. 6A >PUSH 0004E32DC |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E32DD |. 51 PUSH ECX ; USER32.7E4321CC004E32DE |. FFD>CALL ESI ; IDMan.005FBD18004E32E0 |. 85C>TEST EAX,EAX004E32E2 |. 74 >JE SHORT IDMan.004E3301004E32E4 |. 50 PUSH EAX004E32E5 |. 8D9>LEA EDX,[LOCAL.112]004E32EB |. 68 >PUSH IDMan.0067F2FC ; ASCII "Reg err3 in CRgDlg::OnOk, err = %ld"004E32F0 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E32F1 |. E8 >CALL IDMan.00593F4A004E32F6 |. 8D8>LEA EAX,[LOCAL.112]004E32FC |.^ E9 >JMP IDMan.004E3253004E3301 |> 8DB>LEA EDI,[LOCAL.33]004E3307 |. 83C>OR ECX,FFFFFFFF004E330A |. 33C>XOR EAX,EAX004E330C |. 8B1>MOV EDX,DWORD PTR DS:[6942A0]004E3312 |. F2:>REPNE SCAS BYTE PTR ES:[EDI]004E3314 |. F7D>NOT ECX ; USER32.7E4321CC004E3316 |. 8D8>LEA EAX,[LOCAL.33]004E331C |. 51 PUSH ECX ; USER32.7E4321CC004E331D |. 8B4>MOV ECX,[LOCAL.15]004E3320 |. 50 PUSH EAX004E3321 |. 6A >PUSH 1004E3323 |. 6A >PUSH 0004E3325 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E3326 |. 51 PUSH ECX ; USER32.7E4321CC004E3327 |. FFD>CALL ESI ; IDMan.005FBD18004E3329 |. 85C>TEST EAX,EAX004E332B |. 74 >JE SHORT IDMan.004E334A004E332D |. 50 PUSH EAX004E332E |. 8D9>LEA EDX,[LOCAL.112]004E3334 |. 68 >PUSH IDMan.0067F2D8 ; ASCII "Reg err4 in CRgDlg::OnOk, err = %ld"004E3339 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E333A |. E8 >CALL IDMan.00593F4A004E333F |. 8D8>LEA EAX,[LOCAL.112]004E3345 |.^ E9 >JMP IDMan.004E3253004E334A |> A1 >MOV EAX,DWORD PTR DS:[66B898]004E334F |. 85C>TEST EAX,EAX004E3351 |. 0F8>JNZ IDMan.004E3504004E3357 |. 8D8>LEA ECX,[LOCAL.41]004E335D |. E8 >CALL IDMan.004E15A0004E3362 |. 8D8>LEA ECX,[LOCAL.37]004E3368 |. C64>MOV BYTE PTR SS:[EBP-4],1004E336C |. E8 >CALL IDMan.004E15A0004E3371 |. 8B0>MOV ECX,DWORD PTR DS:[693C38]004E3377 |. A1 >MOV EAX,DWORD PTR DS:[694554]004E337C |. 8B3>MOV EDI,DWORD PTR DS:[<&ADVAPI32.RegOpenKe>; ADVAPI32.RegOpenKeyExA004E3382 |. 8D5>LEA EDX,[LOCAL.11]004E3385 |. F7D>NEG ECX ; USER32.7E4321CC004E3387 |. 52 PUSH EDX ; /pHandle = ntdll.KiFastSystemCallRet004E3388 |. 68 >PUSH 0F003F ; |Access = KEY_ALL_ACCESS004E338D |. 1BC>SBB ECX,ECX ; |USER32.7E4321CC004E338F |. 6A >PUSH 0 ; |Reserved = 0004E3391 |. 81C>ADD ECX,80000002 ; |004E3397 |. 50 PUSH EAX ; |Subkey = 00000017 ???004E3398 |. 51 PUSH ECX ; |hKey = 7E4321CC004E3399 |. FFD>CALL EDI ; \RegOpenKeyExA004E339B |. 8BF>MOV ESI,EAX004E339D |. 85F>TEST ESI,ESI ; IDMan.005FBD18004E339F |. 0F8>JE IDMan.004E342B004E33A5 |. 83F>CMP ESI,2004E33A8 |. 74 >JE SHORT IDMan.004E3427004E33AA |. 8B1>MOV EDX,DWORD PTR DS:[68F0EC] ; IDMan.0068F100004E33B0 |. 895>MOV [LOCAL.13],EDX ; ntdll.KiFastSystemCallRet004E33B3 |. A1 >MOV EAX,DWORD PTR DS:[693C38]004E33B8 |. C64>MOV BYTE PTR SS:[EBP-4],3004E33BC |. 85C>TEST EAX,EAX004E33BE |. B8 >MOV EAX,IDMan.0066A8BC ; ASCII "CURRENT_USER"004E33C3 |. 75 >JNZ SHORT IDMan.004E33CA004E33C5 |. B8 >MOV EAX,IDMan.0066A8B4 ; ASCII "MACHINE"004E33CA |> 8B0>MOV ECX,DWORD PTR DS:[694554]004E33D0 |. 8D5>LEA EDX,[LOCAL.13]004E33D3 |. 51 PUSH ECX ; USER32.7E4321CC004E33D4 |. 50 PUSH EAX004E33D5 |. 68 >PUSH IDMan.00668B44 ; ASCII "%s\\%s"004E33DA |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E33DB |. E8 >CALL IDMan.005A8898004E33E0 |. 8B4>MOV EAX,[LOCAL.13]004E33E3 |. 83C>ADD ESP,10004E33E6 |. 8D8>LEA ECX,[LOCAL.41]004E33EC |. 50 PUSH EAX004E33ED |. E8 >CALL IDMan.004E1650004E33F2 |. 85C>TEST EAX,EAX004E33F4 |. 74 >JE SHORT IDMan.004E341B004E33F6 |. A1 >MOV EAX,DWORD PTR DS:[693C38]004E33FB |. 8B1>MOV EDX,DWORD PTR DS:[694554]004E3401 |. 8D4>LEA ECX,[LOCAL.11]004E3404 |. F7D>NEG EAX004E3406 |. 51 PUSH ECX ; USER32.7E4321CC004E3407 |. 68 >PUSH 0F003F004E340C |. 1BC>SBB EAX,EAX004E340E |. 6A >PUSH 0004E3410 |. 05 >ADD EAX,80000002004E3415 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E3416 |. 50 PUSH EAX004E3417 |. FFD>CALL EDI004E3419 |. 8BF>MOV ESI,EAX004E341B |> 8D4>LEA ECX,[LOCAL.13]004E341E |. C64>MOV BYTE PTR SS:[EBP-4],2004E3422 |. E8 >CALL IDMan.005AFAD0004E3427 |> 85F>TEST ESI,ESI ; IDMan.005FBD18004E3429 |. 75 >JNZ SHORT IDMan.004E3448004E342B |> 8B4>MOV ECX,[LOCAL.11]004E342E |. 8B1>MOV EBX,DWORD PTR DS:[<&ADVAPI32.RegDelete>; ADVAPI32.RegDeleteValueA004E3434 |. 68 >PUSH IDMan.0066A8AC ; /ValueName = "MData"004E3439 |. 51 PUSH ECX ; |hKey = 7E4321CC004E343A |. FFD>CALL EBX ; \RegDeleteValueA004E343C |. 8B5>MOV EDX,[LOCAL.11]004E343F |. 52 PUSH EDX ; /hKey = 7C90E514004E3440 |. FF1>CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKey>>; \RegCloseKey004E3446 |. EB >JMP SHORT IDMan.004E344E004E3448 |> 8B1>MOV EBX,DWORD PTR DS:[<&ADVAPI32.RegDelete>; ADVAPI32.RegDeleteValueA004E344E |> 8D4>LEA EAX,[LOCAL.11]004E3451 |. 50 PUSH EAX004E3452 |. 68 >PUSH 0F003F004E3457 |. 6A >PUSH 0004E3459 |. 68 >PUSH IDMan.0066A86C ; ASCII "Software\\Classes\\CLSID\\{D5B91409-A8CA-4973-9A0B-59F713D25671}"004E345E |. 68 >PUSH 80000001004E3463 |. FFD>CALL EDI004E3465 |. 8BF>MOV ESI,EAX004E3467 |. 85F>TEST ESI,ESI ; IDMan.005FBD18004E3469 |. 74 >JE SHORT IDMan.004E34CF004E346B |. 83F>CMP ESI,2004E346E |. 74 >JE SHORT IDMan.004E34CB004E3470 |. 8B0>MOV ECX,DWORD PTR DS:[68F0EC] ; IDMan.0068F100004E3476 |. 894>MOV [LOCAL.13],ECX ; USER32.7E4321CC004E3479 |. 68 >PUSH IDMan.0066A86C ; ASCII "Software\\Classes\\CLSID\\{D5B91409-A8CA-4973-9A0B-59F713D25671}"004E347E |. 8D5>LEA EDX,[LOCAL.13]004E3481 |. 68 >PUSH IDMan.0066A85C ; ASCII "CURRENT_USER\\%s"004E3486 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E3487 |. C64>MOV BYTE PTR SS:[EBP-4],4004E348B |. E8 >CALL IDMan.005A8898004E3490 |. 8B4>MOV EAX,[LOCAL.13]004E3493 |. 83C>ADD ESP,0C004E3496 |. 8D8>LEA ECX,[LOCAL.37]004E349C |. 50 PUSH EAX004E349D |. E8 >CALL IDMan.004E1650004E34A2 |. 85C>TEST EAX,EAX004E34A4 |. 74 >JE SHORT IDMan.004E34BF004E34A6 |. 8D4>LEA ECX,[LOCAL.11]004E34A9 |. 51 PUSH ECX ; USER32.7E4321CC004E34AA |. 68 >PUSH 0F003F004E34AF |. 6A >PUSH 0004E34B1 |. 68 >PUSH IDMan.0066A86C ; ASCII "Software\\Classes\\CLSID\\{D5B91409-A8CA-4973-9A0B-59F713D25671}"004E34B6 |. 68 >PUSH 80000001004E34BB |. FFD>CALL EDI004E34BD |. 8BF>MOV ESI,EAX004E34BF |> 8D4>LEA ECX,[LOCAL.13]004E34C2 |. C64>MOV BYTE PTR SS:[EBP-4],2004E34C6 |. E8 >CALL IDMan.005AFAD0004E34CB |> 85F>TEST ESI,ESI ; IDMan.005FBD18004E34CD |. 75 >JNZ SHORT IDMan.004E34E4004E34CF |> 8B5>MOV EDX,[LOCAL.11]004E34D2 |. 68 >PUSH IDMan.0066A8AC ; ASCII "MData"004E34D7 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E34D8 |. FFD>CALL EBX004E34DA |. 8B4>MOV EAX,[LOCAL.11]004E34DD |. 50 PUSH EAX ; /hKey = 00000017004E34DE |. FF1>CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKey>>; \RegCloseKey004E34E4 |> 8D8>LEA ECX,[LOCAL.37]004E34EA |. C64>MOV BYTE PTR SS:[EBP-4],1004E34EE |. E8 >CALL IDMan.004E15E0004E34F3 |. 8D8>LEA ECX,[LOCAL.41]004E34F9 |. C64>MOV BYTE PTR SS:[EBP-4],0004E34FD |. E8 >CALL IDMan.004E15E0004E3502 |. EB >JMP SHORT IDMan.004E3510004E3504 |> 8B3>MOV EDI,DWORD PTR DS:[<&ADVAPI32.RegOpenKe>; ADVAPI32.RegOpenKeyExA004E350A |. 8B1>MOV EBX,DWORD PTR DS:[<&ADVAPI32.RegDelete>; ADVAPI32.RegDeleteValueA004E3510 |> 8B0>MOV ECX,DWORD PTR DS:[693C54]004E3516 |. 68 >PUSH IDMan.0066DEE0 ; ASCII "ptrk_scdt"004E351B |. 51 PUSH ECX ; USER32.7E4321CC004E351C |. FFD>CALL EBX004E351E |. 8B1>MOV EDX,DWORD PTR DS:[693C54]004E3524 |. 68 >PUSH IDMan.0066D828 ; ASCII "bshexmsg"004E3529 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E352A |. FFD>CALL EBX004E352C |. A1 >MOV EAX,DWORD PTR DS:[693C38]004E3531 |. 85C>TEST EAX,EAX004E3533 |. 0F8>JE IDMan.004E38D4004E3539 |. 8B4>MOV EAX,[LOCAL.15]004E353C |. 8B0>MOV ECX,DWORD PTR DS:[693C54]004E3542 |. 3BC>CMP EAX,ECX ; USER32.7E4321CC004E3544 |. 0F8>JNZ IDMan.004E38D4004E354A |. 8D4>LEA ECX,[LOCAL.17]004E354D |. 51 PUSH ECX ; USER32.7E4321CC004E354E |. 6A >PUSH 1004E3550 |. 6A >PUSH 0004E3552 |. 68 >PUSH IDMan.00667E58 ; ASCII "SOFTWARE\\Internet Download Manager"004E3557 |. 68 >PUSH 80000002004E355C |. FFD>CALL EDI004E355E |. 85C>TEST EAX,EAX004E3560 |. 0F8>JNZ IDMan.004E38D4004E3566 |. 8B0>MOV ECX,DWORD PTR DS:[6942A0]004E356C |. 8D5>LEA EDX,[LOCAL.18]004E356F |. 8D8>LEA EAX,[LOCAL.229]004E3575 |. 52 PUSH EDX ; /pBufSize = ntdll.KiFastSystemCallRet004E3576 |. 8B5>MOV EDX,[LOCAL.17] ; |uxtheme.5AD7221E004E3579 |. 50 PUSH EAX ; |Buffer = 00000017004E357A |. 6A >PUSH 0 ; |pValueType = NULL004E357C |. 6A >PUSH 0 ; |Reserved = NULL004E357E |. 51 PUSH ECX ; |ValueName = "Â\x0C"004E357F |. 52 PUSH EDX ; |hKey = 7C90E514004E3580 |. C74>MOV [LOCAL.18],0C8 ; |004E3587 |. 32D>XOR BL,BL ; |004E3589 |. FF1>CALL DWORD PTR DS:[<&ADVAPI32.RegQueryValu>; \RegQueryValueExA004E358F |. 85C>TEST EAX,EAX004E3591 |. 75 >JNZ SHORT IDMan.004E35AF004E3593 |. 8D8>LEA EAX,[LOCAL.229]004E3599 |. 8D8>LEA ECX,[LOCAL.33]004E359F |. 50 PUSH EAX004E35A0 |. 51 PUSH ECX ; USER32.7E4321CC004E35A1 |. E8 >CALL IDMan.0059CC00004E35A6 |. 83C>ADD ESP,8004E35A9 |. 85C>TEST EAX,EAX004E35AB |. 74 >JE SHORT IDMan.004E35AF004E35AD |. B3 >MOV BL,1004E35AF |> 8B5>MOV EDX,[LOCAL.17] ; uxtheme.5AD7221E004E35B2 |. 52 PUSH EDX ; /hKey = 7C90E514004E35B3 |. FF1>CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKey>>; \RegCloseKey004E35B9 |. 84D>TEST BL,BL004E35BB |. 0F8>JE IDMan.004E38D4004E35C1 |. FF1>CALL DWORD PTR DS:[<&USER32.GetDesktopWind>; [GetDesktopWindow004E35C7 |. 50 PUSH EAX004E35C8 |. E8 >CALL IDMan.005AC3CF004E35CD |. 50 PUSH EAX004E35CE |. A1 >MOV EAX,DWORD PTR DS:[6942B8]004E35D3 |. 50 PUSH EAX004E35D4 |. 8D8>LEA ECX,[LOCAL.179]004E35DA |. E8 >CALL IDMan.00427E10004E35DF |. 8D8>LEA ECX,[LOCAL.179]004E35E5 |. C64>MOV BYTE PTR SS:[EBP-4],5004E35E9 |. E8 >CALL IDMan.005ABA63004E35EE |. 83F>CMP EAX,1004E35F1 |. 0F8>JNZ IDMan.004E3898004E35F7 |. 6A >PUSH 0004E35F9 |. FF1>CALL DWORD PTR DS:[<&ole32.CoInitialize>] ; ole32.CoInitialize004E35FF |. 8D4>LEA ECX,[LOCAL.16]004E3602 |. 51 PUSH ECX ; USER32.7E4321CC004E3603 |. 68 >PUSH IDMan.005FBCF8004E3608 |. 68 >PUSH IDMan.005FBD08004E360D |. FF1>CALL DWORD PTR DS:[<&USER32.GetForegroundW>; [GetForegroundWindow004E3613 |. 50 PUSH EAX004E3614 |. E8 >CALL IDMan.00474250004E3619 |. 83C>ADD ESP,10004E361C |. 85C>TEST EAX,EAX004E361E |. 0F8>JNZ IDMan.004E3892004E3624 |. 8B3>MOV ESI,DWORD PTR DS:[<&OLEAUT32.#2>] ; OLEAUT32.SysAllocString004E362A |. 68 >PUSH IDMan.0067F290 ; UNICODE "SOFTWARE\\Internet Download Manager"004E362F |. FFD>CALL ESI ; IDMan.005FBD18; <&OLEAUT32.#2>004E3631 |. 894>MOV [LOCAL.13],EAX004E3634 |. 68 >PUSH IDMan.0067F280 ; UNICODE "Serial"004E3639 |. FFD>CALL ESI ; IDMan.005FBD18004E363B |. 894>MOV [LOCAL.11],EAX004E363E |. 8B3>MOV ESI,DWORD PTR DS:[<&KERNEL32.MultiByte>; kernel32.MultiByteToWideChar004E3644 |. 6A >PUSH 0 ; /WideBufSize = 0004E3646 |. 6A >PUSH 0 ; |WideCharBuf = NULL004E3648 |. 8D9>LEA EDX,[LOCAL.33] ; |004E364E |. 6A >PUSH -1 ; |StringSize = FFFFFFFF (-1.)004E3650 |. 52 PUSH EDX ; |StringToMap = "Í\xA4$"004E3651 |. 6A >PUSH 0 ; |Options = 0004E3653 |. 6A >PUSH 0 ; |CodePage = CP_ACP004E3655 |. FFD>CALL ESI ; \MultiByteToWideChar004E3657 |. 8BF>MOV EDI,EAX004E3659 |. 4F DEC EDI004E365A |. 57 PUSH EDI004E365B |. 6A >PUSH 0004E365D |. FF1>CALL DWORD PTR DS:[<&OLEAUT32.#4>] ; OLEAUT32.SysAllocStringLen004E3663 |. 8BD>MOV EBX,EAX004E3665 |. 85D>TEST EBX,EBX004E3667 |. 895>MOV [LOCAL.7],EBX004E366A |. 74 >JE SHORT IDMan.004E367D004E366C |. 57 PUSH EDI004E366D |. 53 PUSH EBX004E366E |. 8D8>LEA EAX,[LOCAL.33]004E3674 |. 6A >PUSH -1004E3676 |. 50 PUSH EAX004E3677 |. 6A >PUSH 0004E3679 |. 6A >PUSH 0004E367B |. FFD>CALL ESI ; IDMan.005FBD18004E367D |> 8BF>MOV EDI,EBX004E367F |. 897>MOV [LOCAL.6],EDI004E3682 |. 8B5>MOV EDX,[LOCAL.11]004E3685 |. 8B4>MOV EAX,[LOCAL.16]004E3688 |. 53 PUSH EBX004E3689 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E368A |. 8B5>MOV EDX,[LOCAL.13]004E368D |. 8B0>MOV ECX,DWORD PTR DS:[EAX]004E368F |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E3690 |. 50 PUSH EAX004E3691 |. C64>MOV BYTE PTR SS:[EBP-4],8004E3695 |. FF5>CALL DWORD PTR DS:[ECX+30]004E3698 |. 85C>TEST EAX,EAX004E369A |. 0F8>JNZ IDMan.004E3874004E36A0 |. 8B4>MOV EAX,[LOCAL.11]004E36A3 |. 8B3>MOV EDI,DWORD PTR DS:[69429C]004E36A9 |. 8B1>MOV EBX,DWORD PTR DS:[<&OLEAUT32.#6>] ; OLEAUT32.SysFreeString004E36AF |. 50 PUSH EAX004E36B0 |. 897>MOV [LOCAL.6],EDI004E36B3 |. FFD>CALL EBX ; <&OLEAUT32.#6>004E36B5 |. 6A >PUSH 0004E36B7 |. 6A >PUSH 0004E36B9 |. 6A >PUSH -1004E36BB |. 57 PUSH EDI004E36BC |. 6A >PUSH 0004E36BE |. 6A >PUSH 0004E36C0 |. FFD>CALL ESI ; IDMan.005FBD18004E36C2 |. 48 DEC EAX004E36C3 |. 50 PUSH EAX004E36C4 |. 6A >PUSH 0004E36C6 |. 894>MOV [LOCAL.9],EAX004E36C9 |. FF1>CALL DWORD PTR DS:[<&OLEAUT32.#4>] ; OLEAUT32.SysAllocStringLen004E36CF |. 8BF>MOV EDI,EAX004E36D1 |. 85F>TEST EDI,EDI004E36D3 |. 74 >JE SHORT IDMan.004E36E6004E36D5 |. 8B4>MOV ECX,[LOCAL.9]004E36D8 |. 8B5>MOV EDX,[LOCAL.6]004E36DB |. 51 PUSH ECX ; USER32.7E4321CC004E36DC |. 57 PUSH EDI004E36DD |. 6A >PUSH -1004E36DF |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E36E0 |. 6A >PUSH 0004E36E2 |. 6A >PUSH 0004E36E4 |. FFD>CALL ESI ; IDMan.005FBD18004E36E6 |> 8B4>MOV EAX,[LOCAL.7] ; USER32.7E429165004E36E9 |. 897>MOV [LOCAL.11],EDI004E36EC |. 50 PUSH EAX004E36ED |. FFD>CALL EBX004E36EF |. 6A >PUSH 0004E36F1 |. 6A >PUSH 0004E36F3 |. 8D8>LEA ECX,[LOCAL.80]004E36F9 |. 6A >PUSH -1004E36FB |. 51 PUSH ECX ; USER32.7E4321CC004E36FC |. 6A >PUSH 0004E36FE |. 6A >PUSH 0004E3700 |. FFD>CALL ESI ; IDMan.005FBD18004E3702 |. 48 DEC EAX004E3703 |. 50 PUSH EAX004E3704 |. 6A >PUSH 0004E3706 |. 894>MOV [LOCAL.9],EAX004E3709 |. FF1>CALL DWORD PTR DS:[<&OLEAUT32.#4>] ; OLEAUT32.SysAllocStringLen004E370F |. 85C>TEST EAX,EAX004E3711 |. 894>MOV [LOCAL.7],EAX004E3714 |. 74 >JE SHORT IDMan.004E372A004E3716 |. 8B5>MOV EDX,[LOCAL.9]004E3719 |. 8D8>LEA ECX,[LOCAL.80]004E371F |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E3720 |. 50 PUSH EAX004E3721 |. 6A >PUSH -1004E3723 |. 51 PUSH ECX ; USER32.7E4321CC004E3724 |. 6A >PUSH 0004E3726 |. 6A >PUSH 0004E3728 |. FFD>CALL ESI ; IDMan.005FBD18004E372A |> 8B4>MOV ECX,[LOCAL.7] ; USER32.7E429165004E372D |. 8B4>MOV EAX,[LOCAL.16]004E3730 |. 894>MOV [LOCAL.6],ECX ; USER32.7E4321CC004E3733 |. 51 PUSH ECX ; USER32.7E4321CC

[hoanganit19]

Mã:

004E3734 |. 8B4>MOV ECX,[LOCAL.13]004E3737 |. 8B1>MOV EDX,DWORD PTR DS:[EAX]004E3739 |. 57 PUSH EDI004E373A |. 51 PUSH ECX ; USER32.7E4321CC004E373B |. 50 PUSH EAX004E373C |. FF5>CALL DWORD PTR DS:[EDX+30]004E373F |. 8B1>MOV EDX,DWORD PTR DS:[694298]004E3745 |. 57 PUSH EDI004E3746 |. 895>MOV [LOCAL.6],EDX ; ntdll.KiFastSystemCallRet004E3749 |. FFD>CALL EBX004E374B |. 8B4>MOV EAX,[LOCAL.6]004E374E |. 6A >PUSH 0004E3750 |. 6A >PUSH 0004E3752 |. 6A >PUSH -1004E3754 |. 50 PUSH EAX004E3755 |. 6A >PUSH 0004E3757 |. 6A >PUSH 0004E3759 |. FFD>CALL ESI ; IDMan.005FBD18004E375B |. 48 DEC EAX004E375C |. 50 PUSH EAX004E375D |. 6A >PUSH 0004E375F |. 894>MOV [LOCAL.9],EAX004E3762 |. FF1>CALL DWORD PTR DS:[<&OLEAUT32.#4>] ; OLEAUT32.SysAllocStringLen004E3768 |. 8BF>MOV EDI,EAX004E376A |. 85F>TEST EDI,EDI004E376C |. 74 >JE SHORT IDMan.004E377F004E376E |. 8B4>MOV ECX,[LOCAL.9]004E3771 |. 8B5>MOV EDX,[LOCAL.6]004E3774 |. 51 PUSH ECX ; USER32.7E4321CC004E3775 |. 57 PUSH EDI004E3776 |. 6A >PUSH -1004E3778 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E3779 |. 6A >PUSH 0004E377B |. 6A >PUSH 0004E377D |. FFD>CALL ESI ; IDMan.005FBD18004E377F |> 8B4>MOV EAX,[LOCAL.7] ; USER32.7E429165004E3782 |. 897>MOV [LOCAL.11],EDI004E3785 |. 50 PUSH EAX004E3786 |. FFD>CALL EBX004E3788 |. 6A >PUSH 0004E378A |. 6A >PUSH 0004E378C |. 8D8>LEA ECX,[LOCAL.54]004E3792 |. 6A >PUSH -1004E3794 |. 51 PUSH ECX ; USER32.7E4321CC004E3795 |. 6A >PUSH 0004E3797 |. 6A >PUSH 0004E3799 |. FFD>CALL ESI ; IDMan.005FBD18004E379B |. 48 DEC EAX004E379C |. 50 PUSH EAX004E379D |. 6A >PUSH 0004E379F |. 894>MOV [LOCAL.9],EAX004E37A2 |. FF1>CALL DWORD PTR DS:[<&OLEAUT32.#4>] ; OLEAUT32.SysAllocStringLen004E37A8 |. 85C>TEST EAX,EAX004E37AA |. 894>MOV [LOCAL.7],EAX004E37AD |. 74 >JE SHORT IDMan.004E37C3004E37AF |. 8B5>MOV EDX,[LOCAL.9]004E37B2 |. 8D8>LEA ECX,[LOCAL.54]004E37B8 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E37B9 |. 50 PUSH EAX004E37BA |. 6A >PUSH -1004E37BC |. 51 PUSH ECX ; USER32.7E4321CC004E37BD |. 6A >PUSH 0004E37BF |. 6A >PUSH 0004E37C1 |. FFD>CALL ESI ; IDMan.005FBD18004E37C3 |> 8B4>MOV ECX,[LOCAL.7] ; USER32.7E429165004E37C6 |. 8B4>MOV EAX,[LOCAL.16]004E37C9 |. 894>MOV [LOCAL.6],ECX ; USER32.7E4321CC004E37CC |. 51 PUSH ECX ; USER32.7E4321CC004E37CD |. 8B4>MOV ECX,[LOCAL.13]004E37D0 |. 8B1>MOV EDX,DWORD PTR DS:[EAX]004E37D2 |. 57 PUSH EDI004E37D3 |. 51 PUSH ECX ; USER32.7E4321CC004E37D4 |. 50 PUSH EAX004E37D5 |. FF5>CALL DWORD PTR DS:[EDX+30]004E37D8 |. 8B1>MOV EDX,DWORD PTR DS:[694294]004E37DE |. 57 PUSH EDI004E37DF |. 895>MOV [LOCAL.6],EDX ; ntdll.KiFastSystemCallRet004E37E2 |. FFD>CALL EBX004E37E4 |. 8B4>MOV EAX,[LOCAL.6]004E37E7 |. 6A >PUSH 0004E37E9 |. 6A >PUSH 0004E37EB |. 6A >PUSH -1004E37ED |. 50 PUSH EAX004E37EE |. 6A >PUSH 0004E37F0 |. 6A >PUSH 0004E37F2 |. FFD>CALL ESI ; IDMan.005FBD18004E37F4 |. 8BF>MOV EDI,EAX004E37F6 |. 4F DEC EDI004E37F7 |. 57 PUSH EDI004E37F8 |. 6A >PUSH 0004E37FA |. FF1>CALL DWORD PTR DS:[<&OLEAUT32.#4>] ; OLEAUT32.SysAllocStringLen004E3800 |. 85C>TEST EAX,EAX004E3802 |. 894>MOV [LOCAL.9],EAX004E3805 |. 74 >JE SHORT IDMan.004E3815004E3807 |. 8B4>MOV ECX,[LOCAL.6]004E380A |. 57 PUSH EDI004E380B |. 50 PUSH EAX004E380C |. 6A >PUSH -1004E380E |. 51 PUSH ECX ; USER32.7E4321CC004E380F |. 6A >PUSH 0004E3811 |. 6A >PUSH 0004E3813 |. FFD>CALL ESI ; IDMan.005FBD18004E3815 |> 8B4>MOV EAX,[LOCAL.7] ; USER32.7E429165004E3818 |. 8B5>MOV EDX,[LOCAL.9]004E381B |. 50 PUSH EAX004E381C |. 895>MOV [LOCAL.11],EDX ; ntdll.KiFastSystemCallRet004E381F |. FFD>CALL EBX004E3821 |. 6A >PUSH 0004E3823 |. 6A >PUSH 0004E3825 |. 8D8>LEA ECX,[LOCAL.67]004E382B |. 6A >PUSH -1004E382D |. 51 PUSH ECX ; USER32.7E4321CC004E382E |. 6A >PUSH 0004E3830 |. 6A >PUSH 0004E3832 |. FFD>CALL ESI ; IDMan.005FBD18004E3834 |. 8BF>MOV EDI,EAX004E3836 |. 4F DEC EDI004E3837 |. 57 PUSH EDI004E3838 |. 6A >PUSH 0004E383A |. FF1>CALL DWORD PTR DS:[<&OLEAUT32.#4>] ; OLEAUT32.SysAllocStringLen004E3840 |. 85C>TEST EAX,EAX004E3842 |. 894>MOV [LOCAL.6],EAX004E3845 |. 74 >JE SHORT IDMan.004E385A004E3847 |. 8BD>MOV EDX,EAX004E3849 |. 57 PUSH EDI004E384A |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E384B |. 8D8>LEA EAX,[LOCAL.67]004E3851 |. 6A >PUSH -1004E3853 |. 50 PUSH EAX004E3854 |. 6A >PUSH 0004E3856 |. 6A >PUSH 0004E3858 |. FFD>CALL ESI ; IDMan.005FBD18004E385A |> 8B7>MOV EDI,[LOCAL.6]004E385D |. 8B5>MOV EDX,[LOCAL.9]004E3860 |. 8B4>MOV EAX,[LOCAL.16]004E3863 |. 57 PUSH EDI004E3864 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E3865 |. 8B5>MOV EDX,[LOCAL.13]004E3868 |. 8B0>MOV ECX,DWORD PTR DS:[EAX]004E386A |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E386B |. 50 PUSH EAX004E386C |. 897>MOV [LOCAL.6],EDI004E386F |. FF5>CALL DWORD PTR DS:[ECX+30]004E3872 |. EB >JMP SHORT IDMan.004E387A004E3874 |> 8B1>MOV EBX,DWORD PTR DS:[<&OLEAUT32.#6>] ; OLEAUT32.SysFreeString004E387A |> 8B4>MOV EAX,[LOCAL.16]004E387D |. 50 PUSH EAX004E387E |. 8B0>MOV ECX,DWORD PTR DS:[EAX]004E3880 |. FF5>CALL DWORD PTR DS:[ECX+8] ; USER32.7E441456004E3883 |. 57 PUSH EDI004E3884 |. FFD>CALL EBX004E3886 |. 8B5>MOV EDX,[LOCAL.11]004E3889 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E388A |. FFD>CALL EBX004E388C |. 8B4>MOV EAX,[LOCAL.13]004E388F |. 50 PUSH EAX004E3890 |. FFD>CALL EBX004E3892 |> FF1>CALL DWORD PTR DS:[<&ole32.CoUninitialize>>; ole32.CoUninitialize004E3898 |> 8D8>LEA ECX,[LOCAL.126]004E389E |. C64>MOV BYTE PTR SS:[EBP-4],0B004E38A2 |. E8 >CALL IDMan.005AFAD0004E38A7 |. 8D8>LEA ECX,[LOCAL.141]004E38AD |. C64>MOV BYTE PTR SS:[EBP-4],0A004E38B1 |. E8 >CALL IDMan.005B75D9004E38B6 |. 8D8>LEA ECX,[LOCAL.156]004E38BC |. C64>MOV BYTE PTR SS:[EBP-4],9004E38C0 |. E8 >CALL IDMan.005B75D9004E38C5 |. 8D8>LEA ECX,[LOCAL.179]004E38CB |. C64>MOV BYTE PTR SS:[EBP-4],0004E38CF |. E8 >CALL IDMan.005AB6A4004E38D4 |> 8B7>MOV ESI,[LOCAL.14]004E38D7 |. C70>MOV DWORD PTR DS:[66B898],0004E38E1 |. 8B4>MOV EAX,DWORD PTR DS:[ESI+64] ; IDMan.00402030004E38E4 |. 85C>TEST EAX,EAX004E38E6 |. 74 >JE SHORT IDMan.004E38FB004E38E8 |. 6A >PUSH 0 ; /lParam = 0004E38EA |. 68 >PUSH 139F ; |wParam = 139F004E38EF |. 68 >PUSH 111 ; |Message = WM_COMMAND004E38F4 |. 50 PUSH EAX ; |hWnd = 17004E38F5 |. FF1>CALL DWORD PTR DS:[<&USER32.SendMessageA>] ; \SendMessageA004E38FB |> 68 >PUSH 2E0004E3900 |. E8 >CALL IDMan.005ABE6C004E3905 |. 8BC>MOV ECX,EAX004E3907 |. 83C>ADD ESP,4004E390A |. 894>MOV [LOCAL.9],ECX ; USER32.7E4321CC004E390D |. 85C>TEST ECX,ECX ; USER32.7E4321CC004E390F |. C64>MOV BYTE PTR SS:[EBP-4],0C004E3913 |. 74 >JE SHORT IDMan.004E391E004E3915 |. E8 >CALL IDMan.004E1910004E391A |. 8BC>MOV ECX,EAX004E391C |. EB >JMP SHORT IDMan.004E3920004E391E |> 33C>XOR ECX,ECX ; USER32.7E4321CC004E3920 |> 8D9>LEA EDX,[LOCAL.80]004E3926 |. C64>MOV BYTE PTR SS:[EBP-4],0004E392A |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E392B |. 898>MOV DWORD PTR DS:[ESI+A8],ECX ; USER32.7E4321CC004E3931 |. E8 >CALL IDMan.004E2B90004E3936 |. 8B8>MOV ECX,DWORD PTR DS:[ESI+A8]004E393C |. 8D8>LEA EAX,[LOCAL.54]004E3942 |. 50 PUSH EAX004E3943 |. E8 >CALL IDMan.004E2BC0004E3948 |. 8D8>LEA ECX,[LOCAL.67]004E394E |. 51 PUSH ECX ; USER32.7E4321CC004E394F |. 8B8>MOV ECX,DWORD PTR DS:[ESI+A8]004E3955 |. E8 >CALL IDMan.004E2BF0004E395A |. 8B8>MOV ECX,DWORD PTR DS:[ESI+A8]004E3960 |. 8D9>LEA EDX,[LOCAL.33]004E3966 |. 52 PUSH EDX ; ntdll.KiFastSystemCallRet004E3967 |. E8 >CALL IDMan.004E2C20004E396C |. 8B8>MOV EAX,DWORD PTR DS:[ESI+A8]004E3972 |. 8B4>MOV ECX,DWORD PTR DS:[ESI+60]004E3975 |. 894>MOV DWORD PTR DS:[EAX+8],ECX ; USER32.7E4321CC004E3978 |. 8B9>MOV EDX,DWORD PTR DS:[ESI+A8]004E397E |. 8B4>MOV EAX,DWORD PTR DS:[ESI+5C]004E3981 |. 894>MOV DWORD PTR DS:[EDX+4],EAX004E3984 |. 8B8>MOV ECX,DWORD PTR DS:[ESI+A8]004E398A |. E8 >CALL IDMan.004E20C0004E398F |. 50 PUSH EAX004E3990 |. 8BC>MOV ECX,ESI ; IDMan.005FBD18004E3992 |. E8 >CALL IDMan.005ABBC3004E3997 |. 8B4>MOV ECX,[LOCAL.3]004E399A |. 5F POP EDI ; 0012DAFC004E399B |. 5E POP ESI ; 0012DAFC004E399C |. 64:>MOV DWORD PTR FS:[0],ECX ; USER32.7E4321CC004E39A3 |. 5B POP EBX ; 0012DAFC004E39A4 |. 8BE>MOV ESP,EBP004E39A6 |. 5D POP EBP ; 0012DAFC004E39A7 \. C3 RETN004E39A8 . 68 >PUSH IDMan.0067F264 ; /Arg1 = 0067F264 ASCII "CRegistrationDlg::OnOkreg()"004E39AD . E8 >CALL IDMan.0047BD50 ; \IDMan.0047BD50004E39B2 . 83C>ADD ESP,4004E39B5 . B8 >MOV EAX,IDMan.004E2E87004E39BA . C3 RETN

[heartless]

Bài viết của mình chỉ mang tính thú vị thôi [IMG]images/smilies/biggrin.png[/IMG] Chứ post cả cách patch online check thì khác gì dìm hàng IDM.
Viết được 1 phần mềm nổi tiếng thế giới không dễ. Chúng ta nên mua bản quyền và dùng 1 cách chính đáng.

(Nói vậy thui, chớ ai chưa nhiều xiền thì dùng patcher của mình nhớ [IMG]images/smilies/11.gif[/IMG] )

[blogsieutoc]

đã thử
code bằng java mỗi tội phải thêm cái ghi file hosts
có cách nào để ko cần ghi file hosts ko nhỉ (sửa Registry thì mình ko bít- mò ko thấy khóa, mà có thấy thì cũng ko bit cách chạy trên java kiểu j)
code bằng asm thì chẳng có hiểu
hiểu mỗi cái ý tưởng của thằng IDM này[IMG]images/smilies/biggrin.png[/IMG]