IDA反汇编器威力无穷,让一切代码无处藏身!
以前下载过一个CloseMonitor.exe,只有620字节大小,功能是关闭显示器,当时比较感兴趣它是如何关闭显示器的。当我发现IDA的强大反汇编能力时,不禁想用它操刀一下CloseMonitor.exe。
启动IDA,加载CloseMonitor.exe,发现其关闭显示器的原理不过是发送了一个消息,如下几行:
.text:004001F8 public start
.text:004001F8 start proc near
.text:004001F8 push 2 ; lParam
.text:004001FA push 0F170h ; wParam
.text:004001FF push 112h ; Msg
.text:00400204 push 0FFFFh ; hWnd
.text:00400209 call PostMessageA
.text:0040020E retn
.text:0040020E start endp
|
用C语言写如下几行即可:
#include <windows.h>
void main(){
PostMessageA((HWND)0xFFFF, 0x112, 0xF170, 2);
}
|
用VC6编译出release版本的,有24KB大小,远远大于人家的不足1KB,看来人家是用汇编写的。
参考如下文章可写出更丰富的代码:
#include <windows.h>
//HWND_BROADCAST 0xFFFF
//WM_SYSCOMMAND 0x0112
//SC_MONITORPOWER 0xF170
#define MONITOR_ON -1
#define MONITOR_OFF 2
#define MONITOR_STANBY 1
void main(){
PostMessageA(HWND_BROADCAST, WM_SYSCOMMAND, SC_MONITORPOWER, MONITOR_OFF);
//PostMessageA(HWND_BROADCAST, WM_SYSCOMMAND, SC_MONITORPOWER, MONITOR_STANBY);
Sleep(3);
PostMessageA(HWND_BROADCAST, WM_SYSCOMMAND, SC_MONITORPOWER, MONITOR_ON);
}
|
