这是我得到的净网先锋在进程函数信息
进程“C:\WINDOWS\SYSTEM\MAINPRO.EXE”的详细信息:
------------------------------------------
表头信息
-签名:23117
-上一页的大小:144
-文件总页数:3
-重定位项目:0
-表头中的段落数:4
-最小的附加段落数:0
-最大的附加段落数:65535
-初始堆栈段:0
-初始堆栈指针:184
-所补充的检查和:0
-初始指令指针:0
-初始代码段:=0
-重定位表的偏移量:64
-覆盖号:0
-OEM标志符:0
-OEM信息:0
-新表头的偏移量:248
签名<17744>=17744
Windows Executable
------------------------------------------
映像文件表头
-计算机:332
-节的数目:4
-时间日期标记:1077680925
-符号指针:0
-符号数:0
-可选表头大小:224
-特征:271
------------------------------------------
映像可选择表头
幻数:267
-链接主版本号:6
-链接次版本:0
-代码的大小:258048
-已初始化的数据大小:589824
-未初始化的数据大小:0
-入口地址:245694
-代码基址:4096
-数据基址:262144
-映像基址:4194304
-节的对齐方式:4096
-文件的对齐方式:4096
-操作系统主版本号:4
-操作系统次版本号:0
-映像主版本号:0
-映像次版本号:0
-子系统主版本号:4
-子系统次版本号:0
-保留字1:0
-映像大小:851968
-表头大小:4096
-检查和:0
-子系统:2
-DLL特征:0
-保留堆栈的大小:1048576
-提交堆栈的大小:4096
-保留堆的大小:1048576
-提交堆的大小:4096
-装载程序的标志:0
-数据目录的大小:16
------------------------------------------
此进程没有输出函数列表
------------------------------------------
此进程的输入函数列表
Module Name:InstHook.dll
Module Name:MFC42.DLL
Module Name:MSVCRT.dll
-Ord1:2B2 Function Name:sprintf
-Ord1:165 Function Name:_mbsnbcmp
-Ord1:23D Function Name:atoi
-Ord1:23E Function Name:atol
-Ord1:0F1 Function Name:_ftol
-Ord1:168 Function Name:_mbsnbcpy
-Ord1:159 Function Name:_mbscmp
-Ord1:298 Function Name:memmove
-Ord1:041 Function Name:_CxxThrowException
-Ord1:0B3 Function Name:_close
-Ord1:198 Function Name:_read
-Ord1:144 Function Name:_lseek
-Ord1:145 Function Name:_lseeki64
-Ord1:187 Function Name:_open
-Ord1:2B4 Function Name:srand
-Ord1:295 Function Name:memchr
-Ord1:134 Function Name:_itoa
-Ord1:008 Function Name:??0exception@@QAE@ABV0@@Z
-Ord1:007 Function Name:??0exception@@QAE@ABQBD@Z
-Ord1:25E Function Name:free
-Ord1:17C Function Name:_mbsstr
-Ord1:24C Function Name:fclose
-Ord1:25D Function Name:fread
-Ord1:257 Function Name:fopen
-Ord1:0DC Function Name:_filelength
-Ord1:266 Function Name:fwrite
-Ord1:1C1 Function Name:_stricmp
-Ord1:2A7 Function Name:realloc
-Ord1:049 Function Name:__CxxFrameHandler
-Ord1:2B7 Function Name:strchr
-Ord1:2C0 Function Name:strncmp
-Ord1:1C3 Function Name:_strlwr
-Ord1:271 Function Name:isalpha
-Ord1:29E Function Name:printf
-Ord1:0CA Function Name:_except_handler3
-Ord1:291 Function Name:malloc
-Ord1:2C9 Function Name:strtoul
-Ord1:15F Function Name:_mbsicmp
-Ord1:2A6 Function Name:rand
-Ord1:2A8 Function Name:remove
-Ord1:299 Function Name:memset
-Ord1:297 Function Name:memcpy
-Ord1:24F Function Name:fflush
-Ord1:2B5 Function Name:sscanf
-Ord1:26A Function Name:getenv
-Ord1:055 Function Name:__dllonexit
-Ord1:186 Function Name:_onexit
-Ord1:00E Function Name:??1type_info@@UAE@XZ
-Ord1:0D3 Function Name:_exit
-Ord1:048 Function Name:_XcptFilter
-Ord1:249 Function Name:exit
-Ord1:08F Function Name:_acmdln
-Ord1:058 Function Name:__getmainargs
-Ord1:10F Function Name:_initterm
-Ord1:083 Function Name:__setusermatherr
-Ord1:09D Function Name:_adjust_fdiv
-Ord1:06A Function Name:__p__commode
-Ord1:06F Function Name:__p__fmode
-Ord1:081 Function Name:__set_app_type
-Ord1:0B7 Function Name:_controlfp
-Ord1:1AA Function Name:_setmbcp
-Ord1:5A4D Function Name:?
Module Name:KERNEL32.dll
-Ord1:1AF Function Name:GetStartupInfoA
-Ord1:383 Function Name:WaitForMultipleObjects
-Ord1:5A4D Function Name:?
Module Name:USER32.dll
-Ord1:0B3 Function Name:DrawFocusRect
-Ord1:174 Function Name:GetWindowRect
-Ord1:159 Function Name:GetSubMenu
-Ord1:2A4 Function Name:TrackPopupMenuEx
-Ord1:201 Function Name:PostMessageA
-Ord1:040 Function Name:ClientToScreen
-Ord1:2D2 Function Name:WindowFromPoint
-Ord1:0EB Function Name:GetActiveWindow
-Ord1:193 Function Name:InvalidateRect
-Ord1:24C Function Name:SetCursor
-Ord1:145 Function Name:GetParent
-Ord1:2BA Function Name:UpdateWindow
-Ord1:16E Function Name:GetWindowLongA
-Ord1:096 Function Name:DestroyIcon
-Ord1:095 Function Name:DestroyCursor
-Ord1:097 Function Name:DestroyMenu
-Ord1:0C4 Function Name:EnableWindow
-Ord1:23A Function Name:SendMessageA
-Ord1:0E2 Function Name:FillRect
-Ord1:5A4D Function Name:?
-Ord1:00A Function Name:PlaySoundA
-Ord1:0A5 Function Name:timeSetEvent
-Ord1:0A4 Function Name:timeKillEvent
-Ord1:0A3 Function Name:timeGetTime
-Ord1:5A4D Function Name:?
-Ord1:038 Function Name:WSAResetEvent
-Ord1:012 Function Name:WSACloseEvent
-Ord1:019 Function Name:WSAEnumNetworkEvents
-Ord1:03D Function Name:WSASetEvent
-Ord1:014 Function Name:WSACreateEvent
-Ord1:047 Function Name:WSAWaitForMultipleEvents
-Ord1:01C Function Name:WSAEventSelect
-Ord1:5A4D Function Name:?
Module Name:GDI32.dll
-Ord1:252 Function Name:LocalFree
-Ord1:351 Function Name:TerminateProcess
-Ord1:27C Function Name:OpenProcess
-Ord1:18E Function Name:GetPrivateProfileIntA
-Ord1:1F5 Function Name:GlobalFree
-Ord1:1FC Function Name:GlobalReAlloc
-Ord1:060 Function Name:CreateProcessA
-Ord1:033 Function Name:CompareFileTime
-Ord1:0C9 Function Name:FindFirstFileA
-Ord1:1EE Function Name:GlobalAlloc
-Ord1:338 Function Name:SetThreadPriority
-Ord1:2C4 Function Name:ResetEvent
-Ord1:1D5 Function Name:GetTickCount
-Ord1:177 Function Name:GetModuleHandleA
-Ord1:1AF Function Name:GetStartupInfoA
-Ord1:383 Function Name:WaitForMultipleObjects
-Ord1:5A4D Function Name:?
Module Name:ADVAPI32.dll
-Ord1:07A Function Name:DeleteCriticalSection
-Ord1:38A Function Name:WinExec
-Ord1:3B0 Function Name:lstrcatA
-Ord1:1E9 Function Name:GetWindowsDirectoryA
-Ord1:2FF Function Name:SetCurrentDirectoryA
-Ord1:10C Function Name:GetComputerNameA
-Ord1:305 Function Name:SetEndOfFile
-Ord1:1B9 Function Name:GetSystemDirectoryA
-Ord1:13A Function Name:GetCurrentProcess
-Ord1:138 Function Name:GetCurrentDirectoryA
-Ord1:175 Function Name:GetModuleFileNameA
-Ord1:05A Function Name:CreateMutexA
-Ord1:069 Function Name:CreateThread
-Ord1:24E Function Name:LocalAlloc
-Ord1:13D Function Name:GetCurrentThread
-Ord1:252 Function Name:LocalFree
-Ord1:351 Function Name:TerminateProcess
-Ord1:27C Function Name:OpenProcess
-Ord1:18E Function Name:GetPrivateProfileIntA
-Ord1:1F5 Function Name:GlobalFree
-Ord1:1FC Function Name:GlobalReAlloc
-Ord1:060 Function Name:CreateProcessA
-Ord1:033 Function Name:CompareFileTime
-Ord1:0C9 Function Name:FindFirstFileA
-Ord1:1EE Function Name:GlobalAlloc
-Ord1:338 Function Name:SetThreadPriority
-Ord1:2C4 Function Name:ResetEvent
-Ord1:1D5 Function Name:GetTickCount
-Ord1:177 Function Name:GetModuleHandleA
-Ord1:1AF Function Name:GetStartupInfoA
-Ord1:383 Function Name:WaitForMultipleObjects
-Ord1:5A4D Function Name:?
Module Name:SHELL32.dll
-Ord1:FCCD Function Name:�
-Ord1:000 Function Name:
-Ord1:5A4D Function Name:?
-Ord1:5A4D Function Name:?
-Ord1:000 Function Name:
Module Name:COMCTL32.dll
Module Name:ole32.dll
Module Name:OLEAUT32.dll
-Ord1:FCCD Function Name:�
-Ord1:000 Function Name:
-Ord1:5A4D Function Name:?
-Ord1:5A4D Function Name:?
-Ord1:000 Function Name:
Module Name:urlmon.dll
-Ord1:905A Function Name:
Module Name:MSVCP60.dll
-Ord1:0B7 Function Name:DrawIconEx
-Ord1:0B2 Function Name:DrawEdge
-Ord1:256 Function Name:SetForegroundWindow
-Ord1:0F6 Function Name:GetClassInfoA
-Ord1:283 Function Name:SetWindowRgn
-Ord1:03D Function Name:ChildWindowFromPointEx
-Ord1:1A9 Function Name:IsRectEmpty
-Ord1:0DF Function Name:EqualRect
-Ord1:29A Function Name:TabbedTextOutA
-Ord1:0BC Function Name:DrawTextA
-Ord1:17D Function Name:GrayStringA
-Ord1:1B2 Function Name:IsZoomed
-Ord1:04A Function Name:CopyRect
-Ord1:0E9 Function Name:FrameRect
-Ord1:05E Function Name:CreatePopupMenu
-Ord1:25E Function Name:SetMenuDefaultItem
-Ord1:0E3 Function Name:FindWindowA
-Ord1:117 Function Name:GetForegroundWindow
-Ord1:17B Function Name:GetWindowThreadProcessId
-Ord1:1DE Function Name:MessageBoxA
-Ord1:10E Function Name:GetDesktopWindow
-Ord1:0E1 Function Name:ExitWindowsEx
-Ord1:1BD Function Name:LoadIconA
-Ord1:1D5 Function Name:MapVirtualKeyA
-Ord1:11F Function Name:GetKeyNameTextA
-Ord1:1B9 Function Name:LoadCursorA
-Ord1:048 Function Name:CopyIcon
-Ord1:13C Function Name:GetMessagePos
-Ord1:1DD Function Name:MessageBeep
-Ord1:027 Function Name:CharLowerBuffA
-Ord1:242 Function Name:SetActiveWindow
-Ord1:0F2 Function Name:GetAsyncKeyState
-Ord1:006 Function Name:AnimateWindow
-Ord1:1B1 Function Name:IsWindowVisible
-Ord1:26B Function Name:SetRect
-Ord1:26C Function Name:SetRectEmpty
-Ord1:230 Function Name:ScreenToClient
-Ord1:27F Function Name:SetWindowLongA
-Ord1:08E Function Name:DefWindowProcA
-Ord1:10B Function Name:GetCursorPos
-Ord1:279 Function Name:SetTimer
-Ord1:2AD Function Name:UnhookWindowsHookEx
-Ord1:1B4 Function Name:KillTimer
-Ord1:1B7 Function Name:LoadBitmapA
-Ord1:16C Function Name:GetWindowDC
-Ord1:1AD Function Name:IsWindow
-Ord1:243 Function Name:SetCapture
-Ord1:20B Function Name:PtInRect
-Ord1:228 Function Name:ReleaseCapture
-Ord1:15D Function Name:GetSystemMetrics
-Ord1:1BF Function Name:LoadImageA
-Ord1:11A Function Name:GetIconInfo
-Ord1:10C Function Name:GetDC
-Ord1:229 Function Name:ReleaseDC
-Ord1:0BA Function Name:DrawStateA
-Ord1:0FF Function Name:GetClientRect
-Ord1:143 Function Name:GetNextDlgTabItem
-Ord1:15A Function Name:GetSysColor
-Ord1:18A Function Name:InflateRect
-Ord1:1F4 Function Name:OffsetRect
-Ord1:0B3 Function Name:DrawFocusRect
-Ord1:174 Function Name:GetWindowRect
-Ord1:159 Function Name:GetSubMenu
-Ord1:2A4 Function Name:TrackPopupMenuEx
-Ord1:201 Function Name:PostMessageA
-Ord1:040 Function Name:ClientToScreen
-Ord1:2D2 Function Name:WindowFromPoint
-Ord1:0EB Function Name:GetActiveWindow
-Ord1:193 Function Name:InvalidateRect
-Ord1:24C Function Name:SetCursor
-Ord1:145 Function Name:GetParent
-Ord1:2BA Function Name:UpdateWindow
-Ord1:16E Function Name:GetWindowLongA
-Ord1:096 Function Name:DestroyIcon
-Ord1:095 Function Name:DestroyCursor
-Ord1:097 Function Name:DestroyMenu
-Ord1:0C4 Function Name:EnableWindow
-Ord1:23A Function Name:SendMessageA
-Ord1:0E2 Function Name:FillRect
-Ord1:5A4D Function Name:?
-Ord1:00A Function Name:PlaySoundA
-Ord1:0A5 Function Name:timeSetEvent
-Ord1:0A4 Function Name:timeKillEvent
-Ord1:0A3 Function Name:timeGetTime
-Ord1:5A4D Function Name:?
-Ord1:038 Function Name:WSAResetEvent
-Ord1:012 Function Name:WSACloseEvent
-Ord1:019 Function Name:WSAEnumNetworkEvents
-Ord1:03D Function Name:WSASetEvent
-Ord1:014 Function Name:WSACreateEvent
-Ord1:047 Function Name:WSAWaitForMultipleEvents
-Ord1:01C Function Name:WSAEventSelect
-Ord1:5A4D Function Name:?
Module Name:WSOCK32.dll
-Ord1:5A4D Function Name:?
-Ord1:5A4D Function Name:?
-Ord1:000 Function Name:��
Module Name:WINMM.dll
-Ord1:000 Function Name:
Module Name:iphlpapi.dll
-Ord1:5A4D Function Name:?
Module Name:WS2_32.dll
还有注册表键值
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MicroAvd"="C:\\WINDOWS\\system\\mainpro.exe"
我不会编程,请各位高手帮忙分析一下
|
论坛用户
论坛用户
论坛用户
论坛用户
论坛: 网吧专题 标题: 帮帮忙有谁知道怎么样对付净网先锋?
