00421BF6 . /74 44 je short 袖珍版ID.00421C3C ; 0000000000000000
00421BF8 . |8B0D 30055A00 mov ecx, dword ptr ds:[0x5A0530]
00421BFE . |8D55 E4 lea edx, dword ptr ss:[ebp-0x1C]
00421C01 . |8D45 EC lea eax, dword ptr ss:[ebp-0x14]
00421C04 . |52 push edx ; /pBufSize
00421C05 . |50 push eax ; |Buffer
00421C06 . |6A 00 push 0x0 ; |pValueType = NULL
00421C08 . |6A 00 push 0x0 ; |Reserved = NULL
00421C0A . |68 98FC5700 push 袖珍版ID.0057FC98 ; |ValueName = "NeedChAfRb"
00421C0F . |51 push ecx ; |hKey => 0xE4
00421C10 . |C785 0CF2FFFF>mov dword ptr ss:[ebp-0xDF4], 0x1 ; |
00421C1A . |C745 E4 04000>mov dword ptr ss:[ebp-0x1C], 0x4 ; |
00421C21 . |FF15 00805400 call dword ptr ds:[<&ADVAPI32.RegQuer>; \RegQueryValueExA
00421C27 . |85C0 test eax, eax
00421C29 . |75 11 jnz short 袖珍版ID.00421C3C ; 11111111111
00421C2B . |8B45 EC mov eax, dword ptr ss:[ebp-0x14]
00421C2E . |85C0 test eax, eax
00421C30 . |74 0A je short 袖珍版ID.00421C3C ; 222222222222
00421C32 . |C785 0CF2FFFF>mov dword ptr ss:[ebp-0xDF4], 0x0
00421C3C > \8B7D E8 mov edi, dword ptr ss:[ebp-0x18]
00421C3F . 8DB7 C0000000 lea esi, dword ptr ds:[edi+0xC0]
00421C45 . 8BCE mov ecx, esi
00421C47 . E8 2480FEFF call 袖珍版ID.00409C70 ; 弹框IDM is downloading a small test page to check your Internet connection. Please wait a few seconds
=======================================================================
005167CF |. /75 1A jnz short 袖珍版ID.005167EB 这里跳过生成GlobalErrors.log
005167D1 |. |E8 DD57FFFF call 袖珍版ID.0050BFB3
005167D6 |. |C700 18000000 mov dword ptr ds:[eax], 0x18
005167DC |. |E8 DB57FFFF call 袖珍版ID.0050BFBC
005167E1 |. |8320 00 and dword ptr ds:[eax], 0x0
005167E4 |. |8BC7 mov eax, edi
005167E6 |. |E9 2A010000 jmp 袖珍版ID.00516915
005167EB |> \6A 00 push 0x0 ; /hTemplateFile = NULL
005167ED |. 56 push esi ; |Attributes
005167EE |. FF75 F8 push [local.2] ; |Mode
005167F1 |. 8D45 E4 lea eax, [local.7] ; |
005167F4 |. 50 push eax ; |pSecurity
005167F5 |. FF75 F0 push [local.4] ; |ShareMode
005167F8 |. FF75 F4 push [local.3] ; |Access
005167FB |. FF75 08 push [arg.1] ; |FileName
005167FE |. FF15 88835400 call dword ptr ds:[<&KERNEL32.CreateF>; \CreateFileA
00516804 |. 8BF0 mov esi, eax
00516806 |. 3BF7 cmp esi, edi
00516808 |. 75 14 jnz short 袖珍版ID.0051681E
0051680A |> FF15 F4835400 call dword ptr ds:[<&KERNEL32.GetLast>; [GetLastError
------------------------------------------------------------------------------------
00443BAE . 8B75 EC mov esi, dword ptr ss:[ebp-0x14]
005C9F0F |. E8 15000000 call whoknow4.005C9F29
005C9F07 /$ 6A 00 push 0x0
---------------
00444AF3 . /74 0C je short whoknow4.00444B01
00444AF5 . |3935 94226D00 cmp dword ptr ds:[0x6D2294], esi
00444AFB . |0F85 88030000 jnz whoknow4.00444E89
00444B01 > \68 2C7B6A00 push whoknow4.006A7B2C ; /MutexName = "Local\IDMEventMonitor"
00444B06 . 6A 00 push 0x0 ; |InitialOwner = FALSE
00444B08 . 6A 00 push 0x0 ; |pSecurity = NULL
00444B0A . BF 01000000 mov edi, 0x1 ; |
00444B0F . FF15 B8346100 call near dword ptr ds:[<&KERNEL32.Cr>; \CreateMutexA
00444B15 . 8BF0 mov esi, eax
00444B17 . FF15 C4326100 call near dword ptr ds:[<&KERNEL32.Ge>; [GetLastError
------------------------
00445737 . /74 1B je short whoknow4.00445754 ; 所以不能实现!!!
00445739 . |8D45 EC lea eax, dword ptr ss:[ebp-0x14]
0044573C . |53 push ebx ; /BufSize
0044573D . |50 push eax ; |Buffer
0044573E . |53 push ebx ; |ValueType
0044573F . |6A 00 push 0x0 ; |Reserved = 0x0
00445741 . |68 74606A00 push whoknow4.006A6074 ; |ValueName = "MKV"
00445746 . |57 push edi ; |hKey
00445747 . |C745 EC 01000>mov dword ptr ss:[ebp-0x14], 0x1 ; |
0044574E . |FF15 10306100 call near dword ptr ds:[<&ADVAPI32.Re>; \RegSetValueExA
00445754 > \8B4D DC mov ecx, dword ptr ss:[ebp-0x24]
00445757 . 51 push ecx ; /hKey
00445758 . FF15 68306100 call near dword ptr ds:[<&ADVAPI32.Re>; \到这就退出了