求大神科普,这算不算病毒? 修改函数入口点属性为可写;疑似查找游戏进程;检测自身是否被调试;inline hook 自身进程;隐藏指定窗口 危险行为监控 行为描述:疑似查找游戏进程附加信
贴吧:
病毒作者:
arde521fish 2014-04-06 12:26 这些是什么意思? ["msctls_progress32" , ""] 行为描述:隐藏指定窗口附加信息: Afx:400000:8:10011:1900015:0 : [DNF卡天空套工具.exe] 行为描
贴吧:
易语言作者:
突击亡者 2014-11-01 16:28 有个关于复写源码的问题纠缠我很久,希望能有大神帮忙解答 最近想写一个具有双向无限瀑布流效果的scrollview,想挖的深一点,复写一个官方的scrollview,集成frameLayout
贴吧:
android开发作者:
小Kongdy 2016-04-19 14:56 新人贴,大牛帮忙分析下 USER32.dll!BeginPaint Ordinal: 14 HookType: InlineHook USER32.dll!EnableScrollBar Ordinal: 196 HookType: InlineHook USER32.dll!EndPaint Ordi
贴吧:
病毒作者:
sky丨自娱自乐 2015-05-21 09:33 回复:如何做到类似mobaxterm界面的功能 滚动条有属性用来判断位置,判断下就完事儿了。
或者直接用Win32的GetScrollPos+GetScrollRange获取后判断。
贴吧:
winform作者:
是仪不是怡- 2023-03-02 04:07 哪位大哥可以帮忙修改一个程序啊? 哪位大哥可以帮忙修改一个程序啊? 该程序有病毒行为,但是实在是对付那些恶意诈骗短信群发哥的神器啊 程序我已经脱壳,行为描述在下面。 地址:http:/
贴吧:
c语言作者:
svc999 2013-09-06 12:20 回复:window程序设计问题大神进 WM_VSCROLL Notification
--------------------------------------------------------------------------------
The WM_VSCROLL message is sent to a window when a scroll event occurs in the window's standard vertical scroll bar. This message is also sent to the owner of a vertical scroll bar control when a scroll event occurs in the control.
A window receives this message through its WindowProc function.
Syntax
WM_VSCROLL
WPARAM wParam
LPARAM lParam;
Parameters
wParam
The high-order word specifies the current position of the scroll box if the low-order word is SB_THUMBPOSITION or SB_THUMBTRACK; otherwise, this word is not used.
The low-order word specifies a scroll bar value that indicates the user's scrolling request. This parameter can be one of the following values.
SB_BOTTOM
Scrolls to the lower right.
SB_ENDSCROLL
Ends scroll.
SB_LINEDOWN
Scrolls one line down.
SB_LINEUP
Scrolls one line up.
SB_PAGEDOWN
Scrolls one page down.
SB_PAGEUP
Scrolls one page up.
SB_THUMBPOSITION
The user has dragged the scroll box (thumb) and released the mouse button. The high-order word indicates the position of the scroll box at the end of the drag operation.
SB_THUMBTRACK
The user is dragging the scroll box. This message is sent repeatedly until the user releases the mouse button. The high-order word indicates the position that the scroll box has been dragged to.
SB_TOP
Scrolls to the upper left.
lParam
If the message is sent by a scroll bar, this parameter is the handle to the scroll bar control. If the message is not sent by a scroll bar, this parameter is NULL.
Return Value
If an application processes this message, it should return zero.
Remarks
The SB_THUMBTRACK request code is typically used by applications that provide feedback as the user drags the scroll box.
If an application scrolls the content of the window, it must also reset the position of the scroll box by using the SetScrollPos function.
Note that the WM_VSCROLL message carries only 16 bits of scroll box position data. Thus, applications that rely solely on WM_VSCROLL (and WM_HSCROLL) for scroll position data have a practical maximum position value of 65,535.
However, because the SetScrollInfo, SetScrollPos, SetScrollRange, GetScrollInfo, GetScrollPos, and GetScrollRange functions support 32-bit scroll bar position data, there is a way to circumvent the 16-bit barrier of the WM_HSCROLL and WM_VSCROLL messages. See GetScrollInfo for a description of the technique.
Notification Requirements
Minimum DLL Version None
Header Declared in Winuser.h, include Windows.h
Minimum operating systems Windows 95, Windows NT 3.1
强调是 Notification。通常 Notification 传递给 DefWindowProc 就是什么都不做。�
贴吧:
c++作者:
贴吧用户_0JNJWtE684 2012-08-31 00:34 回复:求大神讲解这个程序源码 COMCTL32.dll ImageList_Destroy comdlg32.dll ChooseColorA GetOpenFileNameA GetSaveFileNameA GetFileTitleA WINSPOOL.DRV OpenPrinterA DocumentPropertiesA ClosePrinter WINMM.dll midiStreamClose midiStreamOpen midiOutUnprepareHeader waveOutOpen waveOutGetNumDevs waveOutClose waveOutReset midiStreamProperty midiOutPrepareHeader waveOutPause waveOutWrite waveOutPrepareHeader waveOutUnprepareHeader midiStreamOut midiStreamStop midiStreamRestart midiOutReset WS2_32.dll ole32.dll OleInitialize OleUninitialize CLSIDFromString OLEAUT32.dll SHELL32.dll SHGetSpecialFolderPathA Shell_NotifyIconA ShellExecuteA ADVAPI32.dll RegSetValueExA RegCloseKey RegCreateKeyExA RegQueryValueA RegOpenKeyExA GDI32.dll LineTo GetDeviceCaps GetTextExtentPoint32A RoundRect GetCurrentObject DPtoLP LPtoDP Rectangle Ellipse CreateCompatibleDC BitBlt StartPage StartDocA DeleteDC EndDoc EndPage CreateFontIndirectA GetStockObject CreateSolidBrush FillRgn CreateRectRgn CombineRgn PatBlt SaveDC RestoreDC SetBkMode SetPolyFillMode SetROP2 SetTextColor SetMapMode SetViewportOrgEx OffsetViewportOrgEx SetViewportExtEx ScaleViewportExtEx SetWindowOrgEx SetWindowExtEx ScaleWindowExtEx GetClipBox ExcludeClipRect MoveToEx CreatePen GetObjectA SelectObject CreateBitmap CreateDCA CreateCompatibleBitmap GetPolyFillMode GetStretchBltMode GetROP2 GetBkColor GetBkMode GetTextColor CreateRoundRectRgn CreateEllipticRgn PathToRegion EndPath BeginPath GetWindowOrgEx GetViewportOrgEx GetWindowExtEx GetDIBits RealizePalette SelectPalette StretchBlt CreatePalette GetSystemPaletteEntries CreateDIBitmap DeleteObject SelectClipRgn CreatePolygonRgn GetClipRgn SetStretchBltMode CreateRectRgnIndirect SetBkColor ExtSelectClipRgn GetViewportExtEx PtVisible RectVisible TextOutA ExtTextOutA Escape GetTextMetricsA KERNEL32.DLL WaitForSingleObject GetTickCount GetCommandLineA MulDiv GetProcAddress GetModuleHandleA GetVolumeInformationA SetCurrentDirectoryA GetFileAttributesA FindClose FindFirstFileA GetTempPathA GlobalUnlock GlobalLock GlobalAlloc Sleep CreateEventA CreateThread WritePrivateProfileStringA GetVersionExA LoadLibraryA FreeLibrary GetFullPathNameA HeapAlloc GetProcessHeap HeapReAlloc HeapFree GlobalReAlloc FindNextFileA lstrcpyA WinExec CloseHandle lstrlenA lstrcatA InitializeCriticalSection DeleteCriticalSection GlobalFree GlobalSize ExitProcess GetCurrentThreadId GetModuleFileNameA LockResource LoadResource FindResourceA SetEvent CreateFileA WaitForMultipleObjects GetLastError ReadFile WriteFile GetProfileStringA LeaveCriticalSection EnterCriticalSection ReleaseSemaphore ResumeThread CreateSemaphoreA GetSystemDirectoryA GetWindowsDirectoryA GetCurrentProcess MultiByteToWideChar WideCharToMultiByte SetStdHandle IsBadCodePtr IsBadReadPtr CompareStringW CompareStringA SetUnhandledExceptionFilter GetStringTypeW GetStringTypeA IsBadWritePtr VirtualAlloc LCMapStringW LCMapStringA SetEnvironmentVariableA VirtualFree HeapCreate HeapDestroy GetEnvironmentVariableA GetFileType GetStdHandle SetHandleCount GetEnvironmentStringsW GetEnvironmentStrings FreeEnvironmentStringsW FreeEnvironmentStringsA UnhandledExceptionFilter GetACP HeapSize InterlockedIncrement InterlockedDecrement LocalFree FileTimeToSystemTime FileTimeToLocalFileTime SetLastError lstrcpynA DuplicateHandle SetFilePointer FlushFileBuffers LockFile UnlockFile SetEndOfFile lstrcmpiA GlobalDeleteAtom GlobalFindAtomA GlobalAddAtomA GlobalGetAtomNameA GetVersion lstrcmpA LocalAlloc TlsAlloc GlobalHandle TlsFree TlsSetValue LocalReAlloc TlsGetValue GetFileSize GetFileTime GetCurrentThread GlobalFlags SetErrorMode GetProcessVersion GetCPInfo GetOEMCP GetStartupInfoA RtlUnwind RaiseException GetTimeZoneInformation GetSystemTime GetLocalTime TerminateProcess USER32.dll PtInRect wsprintfA CloseClipboard GetClipboardData OpenClipboard SetClipboardData EmptyClipboard GetSystemMetrics GetCursorPos MessageBoxA SetWindowPos SendMessageA DestroyCursor SetParent IsWindow PostMessageA GetTopWindow GetParent GetSysColorBrush LoadStringA GetDesktopWindow GetClassNameA GetMenuCheckMarkDimensions GetMenuState SetMenuItemBitmaps CheckMenuItem MoveWindow SetWindowTextA IsDialogMessageA ScrollWindowEx SendDlgItemMessageA MapWindowPoints AdjustWindowRectEx GetScrollPos RegisterClassA GetMenuItemCount GetMenuItemID CreateWindowExA SetWindowsHookExA CallNextHookEx GetClassLongA SetPropA UnhookWindowsHookEx GetPropA CallWindowProcA RemovePropA GetMessageTime GetLastActivePopup RegisterWindowMessageA GetWindowPlacement GetNextDlgTabItem EndDialog CreateDialogIndirectParamA DestroyWindow GetDlgItem GrayStringA DrawTextA TabbedTextOutA EndPaint BeginPaint GetWindowDC CharUpperA GetWindowTextLengthA GetWindowTextA GetFocus GetClientRect InvalidateRect ValidateRect UpdateWindow EqualRect GetWindowRect SetForegroundWindow DestroyMenu IsChild ReleaseDC IsRectEmpty FillRect GetDC SetCursor LoadCursorA SetCursorPos SetActiveWindow GetSysColor SetWindowLongA GetWindowLongA RedrawWindow EnableWindow IsWindowVisible OffsetRect UnregisterClassA DestroyIcon IntersectRect InflateRect SetRect SetScrollPos SetScrollRange GetScrollRange SetCapture GetCapture ReleaseCapture SetTimer KillTimer WinHelpA LoadBitmapA CopyRect ChildWindowFromPointEx ScreenToClient GetMessagePos SetWindowRgn DestroyAcceleratorTable GetWindow GetActiveWindow SetFocus IsIconic PeekMessageA SetMenu GetMenu DeleteMenu GetSystemMenu DefWindowProcA GetClassInfoA IsZoomed PostQuitMessage CopyAcceleratorTableA GetKeyState TranslateAcceleratorA IsWindowEnabled ShowWindow SystemParametersInfoA LoadImageA EnumDisplaySettingsA ClientToScreen EnableMenuItem GetSubMenu GetDlgCtrlID CreateAcceleratorTableA CreateMenu ModifyMenuA AppendMenuA CreatePopupMenu DrawIconEx CreateIconFromResource CreateIconFromResourceEx RegisterClipboardFormatA SetRectEmpty DispatchMessageA GetMessageA WindowFromPoint DrawFocusRect DrawEdge DrawFrameControl TranslateMessage LoadIconA GetForegroundWindow
------有了小尾巴,再也不用担心不过十五字了~
贴吧:
易语言作者:
刀剑在心 2015-07-28 17:17 回复:afxwin.h void Cut();
void Paste();
// Overridables (must override draw, measure and compare for owner draw)
virtual void DrawItem(LPDRAWITEMSTRUCT lpDrawItemStruct);
virtual void MeasureItem(LPMEASUREITEMSTRUCT lpMeasureItemStruct);
virtual int CompareItem(LPCOMPAREITEMSTRUCT lpCompareItemStruct);
virtual void DeleteItem(LPDELETEITEMSTRUCT lpDeleteItemStruct);
// Implementation
public:
virtual ~CComboBox();
protected:
virtual BOOL OnChildNotify(UINT, WPARAM, LPARAM, LRESULT*);
};
class CEdit : public CWnd
{
DECLARE_DYNAMIC(CEdit)
// Constructors
public:
CEdit();
BOOL Create(DWORD dwStyle, const RECT& rect, CWnd* pParentWnd, UINT nID);
// Attributes
BOOL CanUndo() const;
int GetLineCount() const;
BOOL GetModify() const;
void SetModify(BOOL bModified = TRUE);
void GetRect(LPRECT lpRect) const;
DWORD GetSel() const;
void GetSel(int& nStartChar, int& nEndChar) const;
HLOCAL GetHandle() const;
void SetHandle(HLOCAL hBuffer);
#if (WINVER >= 0x400)
void SetMargins(UINT nLeft, UINT nRight);
DWORD GetMargins() const;
void SetLimitText(UINT nMax);
UINT GetLimitText() const;
CPoint PosFromChar(UINT nChar) const;
int CharFromPos(CPoint pt) const;
#endif
// NOTE: first word in lpszBuffer must contain the size of the buffer!
int GetLine(int nIndex, LPTSTR lpszBuffer) const;
int GetLine(int nIndex, LPTSTR lpszBuffer, int nMaxLength) const;
// Operations
void EmptyUndoBuffer();
BOOL FmtLines(BOOL bAddEOL);
void LimitText(int nChars = 0);
int LineFromChar(int nIndex = -1) const;
int LineIndex(int nLine = -1) const;
int LineLength(int nLine = -1) const;
void LineScroll(int nLines, int nChars = 0);
void ReplaceSel(LPCTSTR lpszNewText, BOOL bCanUndo = FALSE);
void SetPasswordChar(TCHAR ch);
void SetRect(LPCRECT lpRect);
void SetRectNP(LPCRECT lpRect);
void SetSel(DWORD dwSelection, BOOL bNoScroll = FALSE);
void SetSel(int nStartChar, int nEndChar, BOOL bNoScroll = FALSE);
BOOL SetTabStops(int nTabStops, LPINT rgTabStops);
void SetTabStops();
BOOL SetTabStops(const int& cxEachStop); // takes an 'int'
// Clipboard operations
BOOL Undo();
void Clear();
void Copy();
void Cut();
void Paste();
BOOL SetReadOnly(BOOL bReadOnly = TRUE);
int GetFirstVisibleLine() const;
TCHAR GetPasswordChar() const;
// Implementation
public:
virtual ~CEdit();
};
class CScrollBar : public CWnd
{
DECLARE_DYNAMIC(CScrollBar)
// Constructors
public:
CScrollBar();
BOOL Create(DWORD dwStyle, const RECT& rect, CWnd* pParentWnd, UINT nID);
// Attributes
int GetScrollPos() const;
int SetScrollPos(int nPos, BOOL bRedraw = TRUE);
void GetScrollRange(LPINT lpMinPos, LPINT lpMaxPos) const;
void SetScrollRange(int nMinPos, int nMaxPos, BOOL bRedraw = TRUE);
void ShowScrollBar(BOOL bShow = TRUE);
BOOL EnableScrollBar(UINT nArrowFlags = ESB_ENABLE_BOTH);
BOOL SetScrollInfo(LPSCROLLINFO lpScrollInfo, BOOL bRedraw = TRUE);
BOOL GetScrollInfo(LPSCROLLINFO lpScrollInfo, UINT nMask = SIF_ALL);
int GetScrollLimit();
�
贴吧:
编程作者:
219.159.69.* 2005-01-01 13:22 回复:解决无图标 行为描述:添加LSP劫持项附加信息:
%system%\ESPI11.dll
%system%\ESPI11.dll...
行为描述:inline hook 自身进程附加信息:
显图标助手.exe
USER32.dll!BeginPaint Ordinal: 14 HookType: InlineHook
USER32.dll!EnableScrollBar Ordinal: 196 HookType: InlineHook
USER32.dll!EndPaint Ordinal: 201 HookType: InlineHook
USER32.dll!GetDC Ordinal: 269 HookType: InlineHook
USER32.dll!GetScrollBarInfo Ordinal: 341 HookType: InlineHook
USER32.dll!GetScrollInfo Ordinal: 342 HookType: InlineHook
USER32.dll!GetScrollPos Ordinal: 343 HookType: InlineHook
USER32.dll!GetScrollRange Ordinal: 344 HookType: InlineHook
USER32.dll!GetWindowDC Ordinal: 365 HookType: InlineHook
USER32.dll!GetWindowLongA Ordinal: 367 HookType: InlineHook
USER32.dll!GetWindowLongW Ordinal: 368 HookType: InlineHook
USER32.dll!ReleaseDC Ordinal: 555 HookType: InlineHook
USER32.dll!SetScrollInfo Ordinal: 623 HookType: InlineHook
USER32.dll!SetScrollPos Ordinal: 624 HookType: InlineHook
USER32.dll!SetScrollRange Ordinal: 625 HookType: InlineHook
USER32.dll!SetWindowLongA Ordinal: 641 HookType: InlineHook
USER32.dll!SetWindowLongW Ordinal: 642 HookType: InlineHook
USER32.dll!SetWindowRgn Ordinal: 645 HookType: InlineHook
USER32.dll!WindowFromDC Ordinal: 725 HookType: InlineHook
GDI32.dll!ExtTextOutA Ordinal: 222 HookType: InlineHook
GDI32.dll!ExtTextOutW Ordinal: 223 HookType: InlineHook
文件操作监控
操作 文件MD5 文件大小 文件路径
新增 bd6eef5ea9a52a412a8f57490d8bd8e4 73728 %temp%\E_N50005\\spec.fne
新增 27624b70558e32a98698fda958cdee8d 1286144 %temp%\E_N50005\\krnln.fnr
新增 6d81b0a25ca0279b965e75ed9531ae63 180224 %temp%\E_N50005\\eNetIntercept.fne
新增 856495a1605bfc7f62086d482b502c6f 208896 %temp%\E_N50005\\iext.fnr
新增 6ded751b628ddb2a1c0c05f18858437c 122880 %system%\\ESPI11.dll
贴吧:
ce作者:
575071031 2016-05-04 22:38