将IM.dll放入QQ的BIN/目录下!
bin\im.dll 当前模块地址:0x64780000
好友发送的消息防撤回:
tencent.im.msgrevoke.UinTypeUserDef 字符串特征码
647C94AE . 55 PUSH EBP
647C94AF . 8BEC MOV EBP, ESP
647C94B1 . 83EC 10 SUB ESP, 10
647C94B4 . B8 10020000 MOV EAX, 210
647C94B9 . 894D F0 MOV DWORD PTR SS:[EBP-10], ECX
647C94BC . 66:3945 08 CMP WORD PTR SS:[EBP+8], AX
647C94C0 . 0F85 AE010000 JNZ IM.647C9674
647C94C6 . 817D 0C 8A000>CMP DWORD PTR SS:[EBP+C], 8A
647C94CD 74 0D JE SHORT IM.647C94DC //这里修改比较好,别人发给自己时,这里会跳,自己发给别人撤回时,不会跳,所以,这里直接NOP就行了
647C94CF . 817D 0C 8B000>CMP DWORD PTR SS:[EBP+C], 8B
647C94D6 . 0F85 98010000 JNZ IM.647C9674
647C94DC > 56 PUSH ESI
647C94DD . 57 PUSH EDI
647C94DE . FF75 0C PUSH DWORD PTR SS:[EBP+C]
647C94E1 . 50 PUSH EAX
647C94E2 . 68 40DEA864 PUSH IM.64A8DE40 ; O
647C94E7 . FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C94ED . 6A 02 PUSH 2
647C94EF . 68 08B1A764 PUSH IM.64A7B108 ; f
647C94F4 . 68 38020000 PUSH 238
647C94F9 . 68 14B1A764 PUSH IM.64A7B114 ; f
647C94FE . E8 FAE5FFFF CALL IM.647C7AFD
647C9503 . 8B75 14 MOV ESI, DWORD PTR SS:[EBP+14]
647C9506 . 8D4D F4 LEA ECX, DWORD PTR SS:[EBP-C]
647C9509 . 83C4 20 ADD ESP, 20
647C950C . 33FF XOR EDI, EDI
647C950E . 897D F4 MOV DWORD PTR SS:[EBP-C], EDI
647C9511 . 8B06 MOV EAX, DWORD PTR DS:[ESI]
647C9513 . 51 PUSH ECX
647C9514 ? 68 B0DEA864 PUSH IM.64A8DEB0 ; bytes_reserved //关键的一处,如果在这个地方修改,也可以防撤回
647C9519 . 56 PUSH ESI
647C951A . FF50 78 CALL DWORD PTR DS:[EAX+78]
647C951D > 85C0 TEST EAX, EAX
647C951F . 79 39 JNS SHORT IM.647C955A
647C9521 . 8D45 0C LEA EAX, DWORD PTR SS:[EBP+C]
647C9524 . C745 0C C0DEA>MOV DWORD PTR SS:[EBP+C], IM.64A8DEC0 ; O
647C952B . 50 PUSH EAX
647C952C . 68 1CB0A764 PUSH IM.64A7B01C ; %
647C9531 . FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C9537 . 6A 02 PUSH 2
647C9539 . 68 08B1A764 PUSH IM.64A7B108 ; f
647C953E . 68 3D020000 PUSH 23D
647C9543 . 68 14B1A764 PUSH IM.64A7B114 ; f
647C9548 . E8 C0DBFBFF CALL IM.6478710D
647C954D . 83C4 1C ADD ESP, 1C
647C9550 . BF 05400080 MOV EDI, 80004005
647C9555 . E9 0C010000 JMP IM.647C9666
647C955A > 8D45 F8 LEA EAX, DWORD PTR SS:[EBP-8]
647C955D . 897D F8 MOV DWORD PTR SS:[EBP-8], EDI
647C9560 . 50 PUSH EAX
647C9561 . E8 8B2DFEFF CALL IM.647AC2F1
647C9566 . 59 POP ECX
647C9567 . 85C0 TEST EAX, EAX
647C9569 . 75 39 JNZ SHORT IM.647C95A4
647C956B . 8D45 0C LEA EAX, DWORD PTR SS:[EBP+C]
647C956E . C745 0C 28DFA>MOV DWORD PTR SS:[EBP+C], IM.64A8DF28 ; O
647C9575 . 50 PUSH EAX
647C9576 . 68 1CB0A764 PUSH IM.64A7B01C ; %
647C957B . FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C9581 . 6A 02 PUSH 2
647C9583 . 68 08B1A764 PUSH IM.64A7B108 ; f
647C9588 . 68 44020000 PUSH 244
647C958D . 68 14B1A764 PUSH IM.64A7B114 ; f
647C9592 . E8 76DBFBFF CALL IM.6478710D
647C9597 . 83C4 1C ADD ESP, 1C
647C959A . BF 05400080 MOV EDI, 80004005
647C959F . E9 BA000000 JMP IM.647C965E
647C95A4 > 8B45 F8 MOV EAX, DWORD PTR SS:[EBP-8]
647C95A7 . 8D55 FC LEA EDX, DWORD PTR SS:[EBP-4]
647C95AA . 52 PUSH EDX
647C95AB . FF75 F4 PUSH DWORD PTR SS:[EBP-C]
647C95AE . 897D FC MOV DWORD PTR SS:[EBP-4], EDI
647C95B1 . 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C95B3 . 68 94DFA864 PUSH IM.64A8DF94 ; tencent.im.msgrevoke.UinTypeUserDef //特征码
647C95B8 . 50 PUSH EAX
647C95B9 . FF51 20 CALL DWORD PTR DS:[ECX+20]
647C95BC . 85C0 TEST EAX, EAX
647C95BE . 79 36 JNS SHORT IM.647C95F6
647C95C0 . 8D45 0C LEA EAX, DWORD PTR SS:[EBP+C]
647C95C3 . C745 0C B8DFA>MOV DWORD PTR SS:[EBP+C], IM.64A8DFB8 ; O
647C95CA . 50 PUSH EAX
647C95CB . 68 1CB0A764 PUSH IM.64A7B01C ; %
647C95D0 . FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C95D6 . 6A 02 PUSH 2
647C95D8 . 68 08B1A764 PUSH IM.64A7B108 ; f
647C95DD . 68 4C020000 PUSH 24C
647C95E2 . 68 14B1A764 PUSH IM.64A7B114 ; f
647C95E7 . E8 21DBFBFF CALL IM.6478710D
647C95EC . 83C4 1C ADD ESP, 1C
647C95EF . BF 05400080 MOV EDI, 80004005
647C95F4 . EB 60 JMP SHORT IM.647C9656
647C95F6 > 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8]
647C95F9 . 897D 08 MOV DWORD PTR SS:[EBP+8], EDI
647C95FC . 50 PUSH EAX
647C95FD . FF15 8C90A764 CALL DWORD PTR DS:[<&Common.Util::Data::C>; Common.Util::Data::CreateTXData
647C9603 . 8B06 MOV EAX, DWORD PTR DS:[ESI]
647C9605 . 59 POP ECX
647C9606 . FF75 08 PUSH DWORD PTR SS:[EBP+8]
647C9609 . 56 PUSH ESI
647C960A . FF90 CC000000 CALL DWORD PTR DS:[EAX+CC]
647C9610 . 8B45 08 MOV EAX, DWORD PTR SS:[EBP+8]
647C9613 . FF75 FC PUSH DWORD PTR SS:[EBP-4]
647C9616 . 68 34E0A864 PUSH IM.64A8E034 ; UserDefData
647C961B . 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C961D . 50 PUSH EAX
647C961E . FF91 70010000 CALL DWORD PTR DS:[ECX+170]
647C9624 . 8B75 10 MOV ESI, DWORD PTR SS:[EBP+10]
647C9627 . 33C0 XOR EAX, EAX
647C9629 . 817D 0C 8B000>CMP DWORD PTR SS:[EBP+C], 8B
647C9630 . 0F94C0 SETE AL
647C9633 . 8B0E MOV ECX, DWORD PTR DS:[ESI]
647C9635 . 50 PUSH EAX
647C9636 . 68 40E0A864 PUSH IM.64A8E040 ; bFromMySelf
647C963B . 56 PUSH ESI
647C963C . FF91 F0000000 CALL DWORD PTR DS:[ECX+F0]
647C9642 . 8B4D F0 MOV ECX, DWORD PTR SS:[EBP-10]
647C9645 . 56 PUSH ESI
647C9646 . FF75 08 PUSH DWORD PTR SS:[EBP+8]
647C9649 . E8 BCF5FFFF CALL IM.647C8C0A
647C964E . 8D4D 08 LEA ECX, DWORD PTR SS:[EBP+8]
647C9651 . E8 399EFDFF CALL IM.647A348F
647C9656 > 8D4D FC LEA ECX, DWORD PTR SS:[EBP-4]
647C9659 . E8 319EFDFF CALL IM.647A348F
647C965E > 8D4D F8 LEA ECX, DWORD PTR SS:[EBP-8]
647C9661 . E8 299EFDFF CALL IM.647A348F
647C9666 > 8D4D F4 LEA ECX, DWORD PTR SS:[EBP-C]
647C9669 . E8 219EFDFF CALL IM.647A348F
647C966E . 8BC7 MOV EAX, EDI
647C9670 . 5F POP EDI
647C9671 . 5E POP ESI
647C9672 . EB 05 JMP SHORT IM.647C9679
647C9674 > B8 05400080 MOV EAX, 80004005
647C9679 > 8BE5 MOV ESP, EBP
647C967B . 5D POP EBP
647C967C . C2 1000 RETN 10
QQ群防撤回:
tencent.im.sysnotify_cmd0x2dc_optype0x11.NotifyMsgBody 字符串特征码
647C8F8B /. 55 PUSH EBP
647C8F8C |. 8BEC MOV EBP, ESP
647C8F8E |. 83EC 18 SUB ESP, 18
647C8F91 |. 53 PUSH EBX
647C8F92 |. 56 PUSH ESI
647C8F93 |. 57 PUSH EDI
647C8F94 |. 8D45 E8 LEA EAX, DWORD PTR SS:[EBP-18]
647C8F97 |. C745 E8 50E0A>MOV DWORD PTR SS:[EBP-18], IM.64A8E050 ; E
647C8F9E |. 50 PUSH EAX
647C8F9F |. 68 1CB0A764 PUSH IM.64A7B01C ; %
647C8FA4 |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C8FAA |. 8BF9 MOV EDI, ECX
647C8FAC |. 6A 03 PUSH 3
647C8FAE |. 68 08B1A764 PUSH IM.64A7B108 ; f
647C8FB3 |. 68 5C020000 PUSH 25C
647C8FB8 |. 68 14B1A764 PUSH IM.64A7B114 ; f
647C8FBD |. E8 4BE1FBFF CALL IM.6478710D
647C8FC2 |. 8B75 08 MOV ESI, DWORD PTR SS:[EBP+8]
647C8FC5 |. 8D45 F4 LEA EAX, DWORD PTR SS:[EBP-C]
647C8FC8 |. 50 PUSH EAX
647C8FC9 |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
647C8FCC |. 33DB XOR EBX, EBX
647C8FCE |. 56 PUSH ESI
647C8FCF |. 895D F4 MOV DWORD PTR SS:[EBP-C], EBX
647C8FD2 |. E8 8EE6FFFF CALL IM.647C7665
647C8FD7 |. 83C4 28 ADD ESP, 28
647C8FDA |. 85C0 TEST EAX, EAX
647C8FDC |. 75 34 JNZ SHORT IM.647C9012
647C8FDE |. 8D45 0C LEA EAX, DWORD PTR SS:[EBP+C]
647C8FE1 |. C745 0C B0E0A>MOV DWORD PTR SS:[EBP+C], IM.64A8E0B0 ; C
647C8FE8 |. 50 PUSH EAX
647C8FE9 |. 68 1CB0A764 PUSH IM.64A7B01C ; %
647C8FEE |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C8FF4 |. 6A 02 PUSH 2
647C8FF6 |. 68 08B1A764 PUSH IM.64A7B108 ; f
647C8FFB |. 68 60020000 PUSH 260
647C9000 |. 68 14B1A764 PUSH IM.64A7B114 ; f
647C9005 |. E8 03E1FBFF CALL IM.6478710D
647C900A |. 83C4 1C ADD ESP, 1C
647C900D |. E9 04040000 JMP IM.647C9416
647C9012 |> 8B45 F4 MOV EAX, DWORD PTR SS:[EBP-C]
647C9015 |. 8D55 FF LEA EDX, DWORD PTR SS:[EBP-1]
647C9018 |. 52 PUSH EDX
647C9019 |. 885D FF MOV BYTE PTR SS:[EBP-1], BL
647C901C |. 68 08E1A864 PUSH IM.64A8E108 ; cOpType
647C9021 |. 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C9023 |. 50 PUSH EAX
647C9024 |. FF51 28 CALL DWORD PTR DS:[ECX+28]
647C9027 |. 0FB645 FF MOVZX EAX, BYTE PTR SS:[EBP-1]
647C902B |. 50 PUSH EAX
647C902C |. 56 PUSH ESI
647C902D |. 68 10E1A864 PUSH IM.64A8E110 ; O
647C9032 |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C9038 |. 6A 02 PUSH 2
647C903A |. 68 08B1A764 PUSH IM.64A7B108 ; f
647C903F |. 68 65020000 PUSH 265
647C9044 |. 68 14B1A764 PUSH IM.64A7B114 ; f
647C9049 |. E8 AFEAFFFF CALL IM.647C7AFD
647C904E |. B8 0C020000 MOV EAX, 20C
647C9053 |. 83C4 20 ADD ESP, 20
647C9056 |. 66:3BF0 CMP SI, AX
647C9059 |. 0F85 07020000 JNZ IM.647C9266
647C905F |. 807D FF 19 CMP BYTE PTR SS:[EBP-1], 19
647C9063 |. 0F85 32040000 JNZ IM.647C949B
647C9069 |. 8B45 F4 MOV EAX, DWORD PTR SS:[EBP-C]
647C906C |. 8D55 F8 LEA EDX, DWORD PTR SS:[EBP-8]
647C906F |. 52 PUSH EDX
647C9070 |. 895D F8 MOV DWORD PTR SS:[EBP-8], EBX
647C9073 |. 68 58E1A864 PUSH IM.64A8E158 ; bufMsg
647C9078 |. 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C907A |. 50 PUSH EAX
647C907B |. FF51 78 CALL DWORD PTR DS:[ECX+78]
647C907E |. BE 08B1A764 MOV ESI, IM.64A7B108 ; f
647C9083 |. 395D F8 CMP DWORD PTR SS:[EBP-8], EBX
647C9086 |. 75 2B JNZ SHORT IM.647C90B3
647C9088 |. 8D45 10 LEA EAX, DWORD PTR SS:[EBP+10]
647C908B |. C745 10 60E1A>MOV DWORD PTR SS:[EBP+10], IM.64A8E160 ; O
647C9092 |. 50 PUSH EAX
647C9093 |. 68 1CB0A764 PUSH IM.64A7B01C ; %
647C9098 |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C909E |. 6A 02 PUSH 2
647C90A0 |. 56 PUSH ESI
647C90A1 |. 68 70020000 PUSH 270
647C90A6 |. 68 14B1A764 PUSH IM.64A7B114 ; f
647C90AB |. E8 5DE0FBFF CALL IM.6478710D
647C90B0 |. 83C4 1C ADD ESP, 1C
647C90B3 |> 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8]
647C90B6 |. 895D 08 MOV DWORD PTR SS:[EBP+8], EBX
647C90B9 |. 50 PUSH EAX
647C90BA |. E8 3232FEFF CALL IM.647AC2F1
647C90BF |. 59 POP ECX
647C90C0 |. 85C0 TEST EAX, EAX
647C90C2 |. 0F84 82010000 JE IM.647C924A
647C90C8 |. 8B45 08 MOV EAX, DWORD PTR SS:[EBP+8]
647C90CB |. 85C0 TEST EAX, EAX
647C90CD |. 0F84 77010000 JE IM.647C924A
647C90D3 |. 8D55 10 LEA EDX, DWORD PTR SS:[EBP+10]
647C90D6 |. 895D 10 MOV DWORD PTR SS:[EBP+10], EBX
647C90D9 |. 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C90DB |. 52 PUSH EDX
647C90DC |. FF75 F8 PUSH DWORD PTR SS:[EBP-8]
647C90DF |. 68 A8E1A864 PUSH IM.64A8E1A8 ; tencent.im.sysnotify_cmd0x20c_optype0x19.NotifyMsgBody
647C90E4 |. 50 PUSH EAX
647C90E5 |. FF51 20 CALL DWORD PTR DS:[ECX+20]
647C90E8 |. 85C0 TEST EAX, EAX
647C90EA |. 0F88 2A010000 JS IM.647C921A
647C90F0 |. 8B45 10 MOV EAX, DWORD PTR SS:[EBP+10]
647C90F3 |. 8D55 E8 LEA EDX, DWORD PTR SS:[EBP-18]
647C90F6 |. 52 PUSH EDX
647C90F7 |. 895D E8 MOV DWORD PTR SS:[EBP-18], EBX
647C90FA |. 68 E0E1A864 PUSH IM.64A8E1E0 ; opt_msg_recall
647C90FF |. 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C9101 |. 50 PUSH EAX
647C9102 |. FF91 E0000000 CALL DWORD PTR DS:[ECX+E0]
647C9108 |. 85C0 TEST EAX, EAX
647C910A |. 79 30 JNS SHORT IM.647C913C
647C910C |. 8D45 0C LEA EAX, DWORD PTR SS:[EBP+C]
647C910F |. C745 0C F0E1A>MOV DWORD PTR SS:[EBP+C], IM.64A8E1F0 ; O
647C9116 |. 50 PUSH EAX
647C9117 |. 68 1CB0A764 PUSH IM.64A7B01C ; %
647C911C |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C9122 |. 6A 02 PUSH 2
647C9124 |. 56 PUSH ESI
647C9125 |. 68 7C020000 PUSH 27C
647C912A |. 68 14B1A764 PUSH IM.64A7B114 ; f
647C912F |. E8 D9DFFBFF CALL IM.6478710D
647C9134 |. 83C4 1C ADD ESP, 1C
647C9137 |. E9 9D000000 JMP IM.647C91D9
647C913C |> 8B45 E8 MOV EAX, DWORD PTR SS:[EBP-18]
647C913F |. 8D55 EC LEA EDX, DWORD PTR SS:[EBP-14]
647C9142 |. 52 PUSH EDX
647C9143 |. 895D EC MOV DWORD PTR SS:[EBP-14], EBX
647C9146 |. 68 48E2A864 PUSH IM.64A8E248 ; bytes_userdef
647C914B |. 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C914D |. 50 PUSH EAX
647C914E |. FF51 78 CALL DWORD PTR DS:[ECX+78]
647C9151 |. 85C0 TEST EAX, EAX
647C9153 |. 79 2D JNS SHORT IM.647C9182
647C9155 |. 8D45 0C LEA EAX, DWORD PTR SS:[EBP+C]
647C9158 |. C745 0C 58E2A>MOV DWORD PTR SS:[EBP+C], IM.64A8E258 ; O
647C915F |. 50 PUSH EAX
647C9160 |. 68 1CB0A764 PUSH IM.64A7B01C ; %
647C9165 |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C916B |. 6A 02 PUSH 2
647C916D |. 56 PUSH ESI
647C916E |. 68 82020000 PUSH 282
647C9173 |. 68 14B1A764 PUSH IM.64A7B114 ; f
647C9178 |. E8 90DFFBFF CALL IM.6478710D
647C917D |. 83C4 1C ADD ESP, 1C
647C9180 |. EB 4F JMP SHORT IM.647C91D1
647C9182 |> 8B45 08 MOV EAX, DWORD PTR SS:[EBP+8]
647C9185 |. 8D55 F0 LEA EDX, DWORD PTR SS:[EBP-10]
647C9188 |. 52 PUSH EDX
647C9189 |. FF75 EC PUSH DWORD PTR SS:[EBP-14]
647C918C |. 895D F0 MOV DWORD PTR SS:[EBP-10], EBX
647C918F |. 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C9191 |. 68 ACE2A864 PUSH IM.64A8E2AC ; tencent.im.msgrevoke.MsgInfoUserDef
647C9196 |. 50 PUSH EAX
647C9197 |. FF51 20 CALL DWORD PTR DS:[ECX+20]
647C919A |. 85C0 TEST EAX, EAX
647C919C |. 79 43 JNS SHORT IM.647C91E1
647C919E |. 8D45 0C LEA EAX, DWORD PTR SS:[EBP+C]
647C91A1 |. C745 0C D0E2A>MOV DWORD PTR SS:[EBP+C], IM.64A8E2D0 ; O
647C91A8 |. 50 PUSH EAX
647C91A9 |. 68 1CB0A764 PUSH IM.64A7B01C ; %
647C91AE |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C91B4 |. 6A 02 PUSH 2
647C91B6 |. 56 PUSH ESI
647C91B7 |. 68 88020000 PUSH 288
647C91BC |. 68 14B1A764 PUSH IM.64A7B114 ; f
647C91C1 |. E8 47DFFBFF CALL IM.6478710D
647C91C6 |. 83C4 1C ADD ESP, 1C
647C91C9 |. 8D4D F0 LEA ECX, DWORD PTR SS:[EBP-10]
647C91CC |. E8 BEA2FDFF CALL IM.647A348F
647C91D1 |> 8D4D EC LEA ECX, DWORD PTR SS:[EBP-14]
647C91D4 |. E8 B6A2FDFF CALL IM.647A348F
647C91D9 |> 8D4D E8 LEA ECX, DWORD PTR SS:[EBP-18]
647C91DC |. E9 18020000 JMP IM.647C93F9
647C91E1 |> 8B45 10 MOV EAX, DWORD PTR SS:[EBP+10]
647C91E4 |. FF75 F0 PUSH DWORD PTR SS:[EBP-10]
647C91E7 |. 68 38E3A864 PUSH IM.64A8E338 ; DecodedUserDef
647C91EC |. 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C91EE |. 50 PUSH EAX
647C91EF |. FF91 70010000 CALL DWORD PTR DS:[ECX+170]
647C91F5 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]
647C91F8 |. 8BCF MOV ECX, EDI
647C91FA |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
647C91FD |. E8 B5FAFFFF CALL IM.647C8CB7
647C9202 |. 8D4D F0 LEA ECX, DWORD PTR SS:[EBP-10]
647C9205 |. E8 85A2FDFF CALL IM.647A348F
647C920A |. 8D4D EC LEA ECX, DWORD PTR SS:[EBP-14]
647C920D |. E8 7DA2FDFF CALL IM.647A348F
647C9212 |. 8D4D E8 LEA ECX, DWORD PTR SS:[EBP-18]
647C9215 |. E9 37020000 JMP IM.647C9451
647C921A |> 8D45 0C LEA EAX, DWORD PTR SS:[EBP+C]
647C921D |. C745 0C 48E3A>MOV DWORD PTR SS:[EBP+C], IM.64A8E348 ; O
647C9224 |. 50 PUSH EAX
647C9225 |. 68 1CB0A764 PUSH IM.64A7B01C ; %
647C922A |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C9230 |. 6A 02 PUSH 2
647C9232 |. 56 PUSH ESI
647C9233 |. 68 90020000 PUSH 290
647C9238 |. 68 14B1A764 PUSH IM.64A7B114 ; f
647C923D |. E8 CBDEFBFF CALL IM.6478710D
647C9242 |. 83C4 1C ADD ESP, 1C
647C9245 |. E9 0C020000 JMP IM.647C9456
647C924A |> 8D45 0C LEA EAX, DWORD PTR SS:[EBP+C]
647C924D |. 50 PUSH EAX
647C924E |. 68 1CB0A764 PUSH IM.64A7B01C ; %
647C9253 |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C9259 |. 6A 02 PUSH 2
647C925B |. 56 PUSH ESI
647C925C |. 68 95020000 PUSH 295
647C9261 |. E9 11020000 JMP IM.647C9477
647C9266 |> B8 DC020000 MOV EAX, 2DC
647C926B |. 66:3BF0 CMP SI, AX
647C926E |. 0F85 27020000 JNZ IM.647C949B
647C9274 |. 807D FF 11 CMP BYTE PTR SS:[EBP-1], 11
647C9278 0F85 1D020000 JNZ IM.647C949B //这里直接JMP走就行了,自己能撤回,别人撤不回
647C927E |. 8B45 F4 MOV EAX, DWORD PTR SS:[EBP-C]
647C9281 |. 8D55 F8 LEA EDX, DWORD PTR SS:[EBP-8]
647C9284 |. 52 PUSH EDX
647C9285 |. 895D F8 MOV DWORD PTR SS:[EBP-8], EBX
647C9288 |. 68 58E1A864 PUSH IM.64A8E158 ; bufMsg
647C928D |. 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C928F |. 50 PUSH EAX
647C9290 |. FF51 78 CALL DWORD PTR DS:[ECX+78]
647C9293 |. BE 08B1A764 MOV ESI, IM.64A7B108 ; f
647C9298 |. 395D F8 CMP DWORD PTR SS:[EBP-8], EBX
647C929B |. 75 2B JNZ SHORT IM.647C92C8
647C929D |. 8D45 10 LEA EAX, DWORD PTR SS:[EBP+10]
647C92A0 |. C745 10 60E1A>MOV DWORD PTR SS:[EBP+10], IM.64A8E160 ; O
647C92A7 |. 50 PUSH EAX
647C92A8 |. 68 1CB0A764 PUSH IM.64A7B01C ; %
647C92AD |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C92B3 |. 6A 02 PUSH 2
647C92B5 |. 56 PUSH ESI
647C92B6 |. 68 A3020000 PUSH 2A3
647C92BB |. 68 14B1A764 PUSH IM.64A7B114 ; f
647C92C0 |. E8 48DEFBFF CALL IM.6478710D
647C92C5 |. 83C4 1C ADD ESP, 1C
647C92C8 |> 8D45 08 LEA EAX, DWORD PTR SS:[EBP+8]
647C92CB |. 895D 08 MOV DWORD PTR SS:[EBP+8], EBX
647C92CE |. 50 PUSH EAX
647C92CF |. E8 1D30FEFF CALL IM.647AC2F1
647C92D4 |. 59 POP ECX
647C92D5 |. 85C0 TEST EAX, EAX
647C92D7 |. 0F84 83010000 JE IM.647C9460
647C92DD |. 8B45 08 MOV EAX, DWORD PTR SS:[EBP+8]
647C92E0 |. 85C0 TEST EAX, EAX
647C92E2 |. 0F84 78010000 JE IM.647C9460
647C92E8 |. 8D55 10 LEA EDX, DWORD PTR SS:[EBP+10]
647C92EB |. 895D 10 MOV DWORD PTR SS:[EBP+10], EBX
647C92EE |. 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C92F0 |. 52 PUSH EDX
647C92F1 |. FF75 F8 PUSH DWORD PTR SS:[EBP-8]
647C92F4 |. 68 0CE4A864 PUSH IM.64A8E40C ; tencent.im.sysnotify_cmd0x2dc_optype0x11.NotifyMsgBody
647C92F9 |. 50 PUSH EAX
647C92FA |. FF51 20 CALL DWORD PTR DS:[ECX+20]
647C92FD |. 85C0 TEST EAX, EAX
647C92FF |. 0F88 51010000 JS IM.647C9456
647C9305 |. 8B45 10 MOV EAX, DWORD PTR SS:[EBP+10]
647C9308 |. 85C0 TEST EAX, EAX
647C930A |. 0F84 46010000 JE IM.647C9456
647C9310 |. 8D55 F0 LEA EDX, DWORD PTR SS:[EBP-10]
647C9313 |. 895D F0 MOV DWORD PTR SS:[EBP-10], EBX
647C9316 |. 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C9318 |. 52 PUSH EDX
647C9319 |. 68 E0E1A864 PUSH IM.64A8E1E0 ; opt_msg_recall
647C931E |. 50 PUSH EAX
647C931F |. FF91 E0000000 CALL DWORD PTR DS:[ECX+E0]
647C9325 |. 85C0 TEST EAX, EAX
647C9327 |. 79 30 JNS SHORT IM.647C9359
647C9329 |. 8D45 0C LEA EAX, DWORD PTR SS:[EBP+C]
647C932C |. C745 0C F0E1A>MOV DWORD PTR SS:[EBP+C], IM.64A8E1F0 ; O
647C9333 |. 50 PUSH EAX
647C9334 |. 68 1CB0A764 PUSH IM.64A7B01C ; %
647C9339 |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C933F |. 6A 02 PUSH 2
647C9341 |. 56 PUSH ESI
647C9342 |. 68 AF020000 PUSH 2AF
647C9347 |. 68 14B1A764 PUSH IM.64A7B114 ; f
647C934C |. E8 BCDDFBFF CALL IM.6478710D
647C9351 |. 83C4 1C ADD ESP, 1C
647C9354 |. E9 9D000000 JMP IM.647C93F6
647C9359 |> 8B45 F0 MOV EAX, DWORD PTR SS:[EBP-10]
647C935C 8D55 EC LEA EDX, DWORD PTR SS:[EBP-14]
647C935F 52 PUSH EDX
647C9360 895D EC MOV DWORD PTR SS:[EBP-14], EBX
647C9363 |. 68 48E2A864 PUSH IM.64A8E248 ; bytes_userdef
647C9368 |. 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C936A |. 50 PUSH EAX
647C936B |. FF51 78 CALL DWORD PTR DS:[ECX+78]
647C936E |. 85C0 TEST EAX, EAX
647C9370 |. 79 2D JNS SHORT IM.647C939F
647C9372 |. 8D45 0C LEA EAX, DWORD PTR SS:[EBP+C]
647C9375 |. C745 0C 58E2A>MOV DWORD PTR SS:[EBP+C], IM.64A8E258 ; O
647C937C |. 50 PUSH EAX
647C937D |. 68 1CB0A764 PUSH IM.64A7B01C ; %
647C9382 |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C9388 |. 6A 02 PUSH 2
647C938A |. 56 PUSH ESI
647C938B |. 68 B5020000 PUSH 2B5
647C9390 |. 68 14B1A764 PUSH IM.64A7B114 ; f
647C9395 |. E8 73DDFBFF CALL IM.6478710D
647C939A |. 83C4 1C ADD ESP, 1C
647C939D |. EB 4F JMP SHORT IM.647C93EE
647C939F |> 8B45 08 MOV EAX, DWORD PTR SS:[EBP+8]
647C93A2 |. 8D55 E8 LEA EDX, DWORD PTR SS:[EBP-18]
647C93A5 |. 52 PUSH EDX
647C93A6 |. FF75 EC PUSH DWORD PTR SS:[EBP-14]
647C93A9 |. 895D E8 MOV DWORD PTR SS:[EBP-18], EBX
647C93AC |. 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C93AE |. 68 ACE2A864 PUSH IM.64A8E2AC ; tencent.im.msgrevoke.MsgInfoUserDef
647C93B3 |. 50 PUSH EAX
647C93B4 |. FF51 20 CALL DWORD PTR DS:[ECX+20]
647C93B7 |. 85C0 TEST EAX, EAX
647C93B9 |. 79 62 JNS SHORT IM.647C941D
647C93BB |. 8D45 0C LEA EAX, DWORD PTR SS:[EBP+C]
647C93BE |. C745 0C D0E2A>MOV DWORD PTR SS:[EBP+C], IM.64A8E2D0 ; O
647C93C5 |. 50 PUSH EAX
647C93C6 |. 68 1CB0A764 PUSH IM.64A7B01C ; %
647C93CB |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C93D1 |. 6A 02 PUSH 2
647C93D3 |. 56 PUSH ESI
647C93D4 |. 68 BB020000 PUSH 2BB
647C93D9 |. 68 14B1A764 PUSH IM.64A7B114 ; f
647C93DE |. E8 2ADDFBFF CALL IM.6478710D
647C93E3 |. 83C4 1C ADD ESP, 1C
647C93E6 |. 8D4D E8 LEA ECX, DWORD PTR SS:[EBP-18]
647C93E9 |. E8 A1A0FDFF CALL IM.647A348F
647C93EE |> 8D4D EC LEA ECX, DWORD PTR SS:[EBP-14]
647C93F1 |. E8 99A0FDFF CALL IM.647A348F
647C93F6 |> 8D4D F0 LEA ECX, DWORD PTR SS:[EBP-10]
647C93F9 |> E8 91A0FDFF CALL IM.647A348F
647C93FE |. 8D4D 10 LEA ECX, DWORD PTR SS:[EBP+10]
647C9401 |. E8 89A0FDFF CALL IM.647A348F
647C9406 |. 8D4D 08 LEA ECX, DWORD PTR SS:[EBP+8]
647C9409 |. E8 81A0FDFF CALL IM.647A348F
647C940E |. 8D4D F8 LEA ECX, DWORD PTR SS:[EBP-8]
647C9411 |. E8 79A0FDFF CALL IM.647A348F
647C9416 |> BB 05400080 MOV EBX, 80004005
647C941B |. EB 7E JMP SHORT IM.647C949B
647C941D |> 8B45 10 MOV EAX, DWORD PTR SS:[EBP+10]
647C9420 |. FF75 E8 PUSH DWORD PTR SS:[EBP-18]
647C9423 |. 68 38E3A864 PUSH IM.64A8E338 ; DecodedUserDef
647C9428 |. 8B08 MOV ECX, DWORD PTR DS:[EAX]
647C942A |. 50 PUSH EAX
647C942B |. FF91 70010000 CALL DWORD PTR DS:[ECX+170]
647C9431 |. FF75 0C PUSH DWORD PTR SS:[EBP+C]
647C9434 |. 8BCF MOV ECX, EDI
647C9436 |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
647C9439 |. E8 26F9FFFF CALL IM.647C8D64
647C943E |. 8D4D E8 LEA ECX, DWORD PTR SS:[EBP-18]
647C9441 |. E8 49A0FDFF CALL IM.647A348F
647C9446 |. 8D4D EC LEA ECX, DWORD PTR SS:[EBP-14]
647C9449 |. E8 41A0FDFF CALL IM.647A348F
647C944E |. 8D4D F0 LEA ECX, DWORD PTR SS:[EBP-10]
647C9451 |> E8 39A0FDFF CALL IM.647A348F
647C9456 |> 8D4D 10 LEA ECX, DWORD PTR SS:[EBP+10]
647C9459 |. E8 31A0FDFF CALL IM.647A348F
647C945E |. EB 2B JMP SHORT IM.647C948B
647C9460 |> 8D45 0C LEA EAX, DWORD PTR SS:[EBP+C]
647C9463 |. 50 PUSH EAX
647C9464 |. 68 1CB0A764 PUSH IM.64A7B01C ; %
647C9469 |. FF35 E8A0B564 PUSH DWORD PTR DS:[64B5A0E8] ; IM.64A8D0AC
647C946F |. 6A 02 PUSH 2
647C9471 |. 56 PUSH ESI
647C9472 |. 68 C4020000 PUSH 2C4
647C9477 |> 68 14B1A764 PUSH IM.64A7B114 ; f
647C947C |. C745 0C B0E3A>MOV DWORD PTR SS:[EBP+C], IM.64A8E3B0 ; O
647C9483 |. E8 85DCFBFF CALL IM.6478710D
647C9488 |. 83C4 1C ADD ESP, 1C
647C948B |> 8D4D 08 LEA ECX, DWORD PTR SS:[EBP+8]
647C948E |. E8 FC9FFDFF CALL IM.647A348F
647C9493 |. 8D4D F8 LEA ECX, DWORD PTR SS:[EBP-8]
647C9496 |. E8 F49FFDFF CALL IM.647A348F
647C949B |> 8D4D F4 LEA ECX, DWORD PTR SS:[EBP-C]
647C949E |. E8 EC9FFDFF CALL IM.647A348F
647C94A3 |. 5F POP EDI
647C94A4 |. 5E POP ESI
647C94A5 |. 8BC3 MOV EAX, EBX
647C94A7 |. 5B POP EBX
647C94A8 |. 8BE5 MOV ESP, EBP
647C94AA |. 5D POP EBP
647C94AB \. C2 0C00 RETN 0C
由于我电脑没有录制的工具所以就截图了,下面为图片演示
评论抢沙发