[转]再次研究NOD32的免杀！！！

再次研究NOD32的免杀！！！今晚研究了下NOD32杀软。。
觉得要手动过NOD32应该还是有可能的。。
就是输入表入手。
我之前的那个重建输入表方法已经失效了。
大家知道。
我们如果脱XX些壳。会有一些指针被垃圾代码填充的。
所以需要手动找出那些指针。然而修复出来的指针的位置与原来的位置是有较大的位置不同。。。。
所以我的方法是手动移动那些被查杀的指针。。
NOD32它查的应该是连续的X个指针函数。
所以。我的想法是把被查的指针函数移位。
这个方法应该可以过NOD32的。。
有空我会测试的。。。
以下付1.23版的输入表

; Syntax for each function in a thunk (the separator is a TAB)
; ------------------------------------------------------------
; Flag RVA ModuleName Ordinal name
;
; Details for <Valid> parameter:
; ------------------------------
; Flag: 0 = valid: no -> - Name contains the address of the redirected API (you can set
;                it to zero if you edit it).
;                - Ordinal is not considered but you should let '0000' as value.
;                - ModuleName is not considered but you should let '?' as value.
;
;    1 = valid: yes -> All next parameters on the line will be considered.
;                Function imported by ordinal must have no name (the 4th TAB must
;                                              be there though).
;
;    2 = Equivalent to 0 but it is for the loader.
;
;    3 = Equivalent to 1 but it is for the loader.
;
;    4 = Equivalent to 0 with (R) tag.
;
;    5 = Equivalent to 1 with (R) tag.
;
; And finally, edit this file as your own risk! :-)

Target: F:\Amoeba\123.exe
OEP: 00089525 IATRVA: 00092204 IATSize: 00000970

FThunk: 00092208 NbFunc: 00000030
1 00092208 kernel32.dll 0080 DeleteCriticalSection
1 0009220C kernel32.dll 0241 LeaveCriticalSection
1 00092210 kernel32.dll 0097 EnterCriticalSection
1 00092214 kernel32.dll 0216 InitializeCriticalSection
1 00092218 kernel32.dll 036E VirtualFree
1 0009221C kernel32.dll 036B VirtualAlloc
1 00092220 kernel32.dll 024C LocalFree
1 00092224 kernel32.dll 0248 LocalAlloc
1 00092228 kernel32.dll 01D2 GetTickCount
1 0009222C kernel32.dll 0292 QueryPerformanceCounter
1 00092230 kernel32.dll 01DB GetVersion
1 00092234 kernel32.dll 013F GetCurrentThreadId
1 00092238 kernel32.dll 021A InterlockedDecrement
1 0009223C kernel32.dll 021E InterlockedIncrement
1 00092240 kernel32.dll 0373 VirtualQuery
1 00092244 kernel32.dll 037F WideCharToMultiByte
1 00092248 kernel32.dll 02F8 SetCurrentDirectoryA
1 0009224C kernel32.dll 0265 MultiByteToWideChar
1 00092250 kernel32.dll 03B3 lstrlen
1 00092254 kernel32.dll 03B0 lstrcpyn
1 00092258 kernel32.dll 0243 LoadLibraryExA
1 0009225C kernel32.dll 01CD GetThreadLocale
1 00092260 kernel32.dll 01AD GetStartupInfoA
1 00092264 kernel32.dll 0198 GetProcAddress
1 00092268 kernel32.dll 0176 GetModuleHandleA
1 0009226C kernel32.dll 0174 GetModuleFileNameA
1 00092270 kernel32.dll 016C GetLocaleInfoA
1 00092274 kernel32.dll 0169 GetLastError
1 00092278 kernel32.dll 013A GetCurrentDirectoryA
1 0009227C kernel32.dll 010A GetCommandLineA
1 00092280 kernel32.dll 00F1 FreeLibrary
1 00092284 kernel32.dll 00D1 FindFirstFileA
1 00092288 kernel32.dll 00CD FindClose
1 0009228C kernel32.dll 00B7 ExitProcess
1 00092290 kernel32.dll 00B8 ExitThread
1 00092294 kernel32.dll 006D CreateThread
1 00092298 kernel32.dll 038C WriteFile
1 0009229C kernel32.dll 0358 UnhandledExceptionFilter
1 000922A0 kernel32.dll 0307 SetFilePointer
1 000922A4 kernel32.dll 02FE SetEndOfFile
1 000922A8 kernel32.dll 02C5 RtlUnwind
1 000922AC kernel32.dll 02A4 ReadFile
1 000922B0 kernel32.dll 0297 RaiseException
1 000922B4 kernel32.dll 01AF GetStdHandle
1 000922B8 kernel32.dll 015C GetFileSize
1 000922BC kernel32.dll 015F GetFileType
1 000922C0 kernel32.dll 0050 CreateFileA
1 000922C4 kernel32.dll 0032 CloseHandle

FThunk: 000922CC NbFunc: 00000004
1 000922CC user32.dll 0128 GetKeyboardType
1 000922D0 user32.dll 01C9 LoadStringA
1 000922D4 user32.dll 01DD MessageBoxA
1 000922D8 user32.dll 002B CharNextA

FThunk: 000922E0 NbFunc: 00000003
1 000922E0 advapi32.dll 01EE RegQueryValueExA
1 000922E4 advapi32.dll 01E4 RegOpenKeyExA
1 000922E8 advapi32.dll 01CB RegCloseKey

FThunk: 000922F0 NbFunc: 00000003
1 000922F0 oleaut32.dll 0006 SysFreeString
1 000922F4 oleaut32.dll 0005 SysReAllocStringLen
1 000922F8 oleaut32.dll 0004 SysAllocStringLen

FThunk: 00092300 NbFunc: 00000004
1 00092300 kernel32.dll 034F TlsSetValue
1 00092304 kernel32.dll 034E TlsGetValue
1 00092308 kernel32.dll 0248 LocalAlloc
1 0009230C kernel32.dll 0176 GetModuleHandleA

FThunk: 00092314 NbFunc: 0000000E
1 00092314 advapi32.dll 01FB RegSetValueExA
1 00092318 advapi32.dll 01EE RegQueryValueExA
1 0009231C advapi32.dll 01E9 RegQueryInfoKeyA
1 00092320 advapi32.dll 01E4 RegOpenKeyExA
1 00092324 advapi32.dll 01DD RegFlushKey
1 00092328 advapi32.dll 01DB RegEnumValueA
1 0009232C advapi32.dll 01D8 RegEnumKeyExA
1 00092330 advapi32.dll 01D4 RegDeleteValueA
1 00092334 advapi32.dll 01D2 RegDeleteKeyA
1 00092338 advapi32.dll 01CF RegCreateKeyExA
1 0009233C advapi32.dll 01CB RegCloseKey
1 00092340 advapi32.dll 01AB OpenProcessToken
1 00092344 advapi32.dll 014E LookupPrivilegeValueA
1 00092348 advapi32.dll 001E AdjustTokenPrivileges

FThunk: 00092350 NbFunc: 0000007C
1 00092350 kernel32.dll 03AD lstrcpy
1 00092354 kernel32.dll 03AA lstrcmpi
1 00092358 kernel32.dll 0395 WriteProcessMemory
1 0009235C kernel32.dll 038C WriteFile
1 00092360 kernel32.dll 0380 WinExec
1 00092364 kernel32.dll 037F WideCharToMultiByte
1 00092368 kernel32.dll 037B WaitForSingleObject
1 0009236C kernel32.dll 0374 VirtualQueryEx
1 00092370 kernel32.dll 0373 VirtualQuery
1 00092374 kernel32.dll 0372 VirtualProtectEx
1 00092378 kernel32.dll 036C VirtualAllocEx
1 0009237C kernel32.dll 036B VirtualAlloc
1 00092380 kernel32.dll 035B UnmapViewOfFile
1 00092384 kernel32.dll 0347 TerminateProcess
1 00092388 kernel32.dll 0341 SuspendThread
1 0009238C kernel32.dll 033F Sleep
1 00092390 kernel32.dll 033E SizeofResource
1 00092394 kernel32.dll 032E SetThreadPriority
1 00092398 kernel32.dll 032D SetThreadLocale
1 0009239C kernel32.dll 032A SetThreadContext
1 000923A0 kernel32.dll 031D SetPriorityClass
1 000923A4 kernel32.dll 031C SetNamedPipeHandleState
1 000923A8 kernel32.dll 0307 SetFilePointer
1 000923AC kernel32.dll 0305 SetFileAttributesA
1 000923B0 kernel32.dll 0302 SetEvent
1 000923B4 kernel32.dll 0301 SetErrorMode
1 000923B8 kernel32.dll 02FE SetEndOfFile
1 000923BC kernel32.dll 02C0 ResumeThread
1 000923C0 kernel32.dll 02BD ResetEvent
1 000923C4 kernel32.dll 02B3 RemoveDirectoryA
1 000923C8 kernel32.dll 02A7 ReadProcessMemory
1 000923CC kernel32.dll 02A4 ReadFile
1 000923D0 kernel32.dll 0293 QueryPerformanceFrequency
1 000923D4 kernel32.dll 0292 QueryPerformanceCounter
1 000923D8 kernel32.dll 0280 PeekNamedPipe
1 000923DC kernel32.dll 027C OutputDebugStringA
1 000923E0 kernel32.dll 0275 OpenProcess
1 000923E4 kernel32.dll 0264 MulDiv
1 000923E8 kernel32.dll 025E MoveFileA
1 000923EC kernel32.dll 0258 MapViewOfFile
1 000923F0 kernel32.dll 0255 LockResource
1 000923F4 kernel32.dll 024C LocalFree
1 000923F8 kernel32.dll 0247 LoadResource
1 000923FC kernel32.dll 0242 LoadLibraryA
1 00092400 kernel32.dll 0241 LeaveCriticalSection
1 00092404 kernel32.dll 0216 InitializeCriticalSection
1 00092408 kernel32.dll 01FD GlobalUnlock
1 0009240C kernel32.dll 01F9 GlobalReAlloc
1 00092410 kernel32.dll 01F7 GlobalMemoryStatus
1 00092414 kernel32.dll 01F5 GlobalHandle
1 00092418 kernel32.dll 01F6 GlobalLock
1 0009241C kernel32.dll 01F2 GlobalFree
1 00092420 kernel32.dll 01EE GlobalFindAtomA
1 00092424 kernel32.dll 01ED GlobalDeleteAtom
1 00092428 kernel32.dll 01EB GlobalAlloc
1 0009242C kernel32.dll 01E9 GlobalAddAtomA
1 00092430 kernel32.dll 01E6 GetWindowsDirectoryA
1 00092434 kernel32.dll 01DD GetVersionExW
1 00092438 kernel32.dll 01DC GetVersionExA
1 0009243C kernel32.dll 01DB GetVersion
1 00092440 kernel32.dll 01D3 GetTimeFormatA
1 00092444 kernel32.dll 01D2 GetTickCount
1 00092448 kernel32.dll 01CE GetThreadPriority
1 0009244C kernel32.dll 01CD GetThreadLocale
1 00092450 kernel32.dll 01CB GetThreadContext
1 00092454 kernel32.dll 01C9 GetTempPathA
1 00092458 kernel32.dll 01BC GetSystemTime
1 0009245C kernel32.dll 01B9 GetSystemInfo
1 00092460 kernel32.dll 01B1 GetStringTypeExA
1 00092464 kernel32.dll 01AF GetStdHandle
1 00092468 kernel32.dll 01AD GetStartupInfoA
1 0009246C kernel32.dll 0198 GetProcAddress
1 00092470 kernel32.dll 018D GetPriorityClass
1 00092474 kernel32.dll 018C GetOverlappedResult
1 00092478 kernel32.dll 0176 GetModuleHandleA
1 0009247C kernel32.dll 0174 GetModuleFileNameA
1 00092480 kernel32.dll 016C GetLocaleInfoA
1 00092484 kernel32.dll 016B GetLocalTime
1 00092488 kernel32.dll 0169 GetLastError
1 0009248C kernel32.dll 0162 GetFullPathNameA
1 00092490 kernel32.dll 015C GetFileSize
1 00092494 kernel32.dll 0158 GetFileAttributesExA
1 00092498 kernel32.dll 0157 GetFileAttributesA
1 0009249C kernel32.dll 0154 GetExitCodeThread
1 000924A0 kernel32.dll 0153 GetExitCodeProcess
1 000924A4 kernel32.dll 014C GetDriveTypeA
1 000924A8 kernel32.dll 0146 GetDiskFreeSpaceA
1 000924AC kernel32.dll 0140 GetDateFormatA
1 000924B0 kernel32.dll 013F GetCurrentThreadId
1 000924B4 kernel32.dll 013E GetCurrentThread
1 000924B8 kernel32.dll 013D GetCurrentProcessId
1 000924BC kernel32.dll 013C GetCurrentProcess
1 000924C0 kernel32.dll 010E GetComputerNameA
1 000924C4 kernel32.dll 00FE GetCPInfo
1 000924C8 kernel32.dll 00F7 GetACP
1 000924CC kernel32.dll 00F3 FreeResource
1 000924D0 kernel32.dll 021E InterlockedIncrement
1 000924D4 kernel32.dll 021B InterlockedExchange
1 000924D8 kernel32.dll 021A InterlockedDecrement
1 000924DC kernel32.dll 00F1 FreeLibrary
1 000924E0 kernel32.dll 00EC FormatMessageA
1 000924E4 kernel32.dll 00E0 FindResourceA
1 000924E8 kernel32.dll 00DA FindNextFileA
1 000924EC kernel32.dll 00D1 FindFirstFileA
1 000924F0 kernel32.dll 00CD FindClose
1 000924F4 kernel32.dll 00C4 FileTimeToSystemTime
1 000924F8 kernel32.dll 00C3 FileTimeToLocalFileTime
1 000924FC kernel32.dll 00C2 FileTimeToDosDateTime
1 00092500 kernel32.dll 00BA ExpandEnvironmentStringsA
1 00092504 kernel32.dll 00B7 ExitProcess
1 00092508 kernel32.dll 0098 EnumCalendarInfoA
1 0009250C kernel32.dll 0097 EnterCriticalSection
1 00092510 kernel32.dll 0082 DeleteFileA
1 00092514 kernel32.dll 0080 DeleteCriticalSection
1 00092518 kernel32.dll 006D CreateThread
1 0009251C kernel32.dll 0063 CreateProcessA
1 00092520 kernel32.dll 0062 CreatePipe
1 00092524 kernel32.dll 005D CreateMutexA
1 00092528 kernel32.dll 0050 CreateFileA
1 0009252C kernel32.dll 004C CreateEventA
1 00092530 kernel32.dll 0048 CreateDirectoryA
1 00092534 kernel32.dll 0040 CopyFileA
1 00092538 kernel32.dll 0038 CompareStringA
1 0009253C kernel32.dll 0032 CloseHandle

FThunk: 00092544 NbFunc: 00000004
1 00092544 mpr.dll 0041 WNetOpenEnumA
1 00092548 mpr.dll 003E WNetGetUserA
1 0009254C mpr.dll 001D WNetEnumResourceA
1 00092550 mpr.dll 0014 WNetCloseEnum

FThunk: 00092558 NbFunc: 00000003
1 00092558 version.dll 000B VerQueryValueA
1 0009255C version.dll 0002 GetFileVersionInfoSizeA
1 00092560 version.dll 0001 GetFileVersionInfoA

FThunk: 00092568 NbFunc: 00000042
1 00092568 gdi32.dll 0253 UnrealizeObject
1 0009256C gdi32.dll 024A StretchBlt
1 00092570 gdi32.dll 0244 SetWindowOrgEx
1 00092574 gdi32.dll 0242 SetWinMetaFileBits
1 00092578 gdi32.dll 0240 SetViewportOrgEx
1 0009257C gdi32.dll 023D SetTextColor
1 00092580 gdi32.dll 0239 SetStretchBltMode
1 00092584 gdi32.dll 0236 SetROP2
1 00092588 gdi32.dll 0232 SetPixel
1 0009258C gdi32.dll 0223 SetEnhMetaFileBits
1 00092590 gdi32.dll 021F SetDIBColorTable
1 00092594 gdi32.dll 021A SetBrushOrgEx
1 00092598 gdi32.dll 0217 SetBkMode
1 0009259C gdi32.dll 0216 SetBkColor
1 000925A0 gdi32.dll 0210 SelectPalette
1 000925A4 gdi32.dll 020F SelectObject
1 000925A8 gdi32.dll 0208 SaveDC
1 000925AC gdi32.dll 0201 RestoreDC
1 000925B0 gdi32.dll 01F7 Rectangle
1 000925B4 gdi32.dll 01F6 RectVisible
1 000925B8 gdi32.dll 01F4 RealizePalette
1 000925BC gdi32.dll 01EF Polyline
1 000925C0 gdi32.dll 01E1 PlayEnhMetaFile
1 000925C4 gdi32.dll 01DE PatBlt
1 000925C8 gdi32.dll 01D2 MoveToEx
1 000925CC gdi32.dll 01CF MaskBlt
1 000925D0 gdi32.dll 01CE LineTo
1 000925D4 gdi32.dll 01C8 IntersectClipRect
1 000925D8 gdi32.dll 01C4 GetWindowOrgEx
1 000925DC gdi32.dll 01C2 GetWinMetaFileBits
1 000925E0 gdi32.dll 01BD GetTextMetricsA
1 000925E4 gdi32.dll 01B7 GetTextExtentPointA
1 000925E8 gdi32.dll 01B5 GetTextExtentPoint32A
1 000925EC gdi32.dll 01AA GetSystemPaletteEntries
1 000925F0 gdi32.dll 01A6 GetStockObject
1 000925F4 gdi32.dll 019D GetPixel
1 000925F8 gdi32.dll 019B GetPaletteEntries
1 000925FC gdi32.dll 0196 GetObjectA
1 00092600 gdi32.dll 0176 GetEnhMetaFilePaletteEntries
1 00092604 gdi32.dll 0175 GetEnhMetaFileHeader
1 00092608 gdi32.dll 0172 GetEnhMetaFileBits
1 0009260C gdi32.dll 016C GetDeviceCaps
1 00092610 gdi32.dll 016B GetDIBits
1 00092614 gdi32.dll 016A GetDIBColorTable
1 00092618 gdi32.dll 0168 GetDCOrgEx
1 0009261C gdi32.dll 0166 GetCurrentPositionEx
1 00092620 gdi32.dll 0161 GetClipBox
1 00092624 gdi32.dll 0151 GetBrushOrgEx
1 00092628 gdi32.dll 014B GetBitmapBits
1 0009262C gdi32.dll 00D8 ExcludeClipRect
1 00092630 gdi32.dll 0090 DeleteObject
1 00092634 gdi32.dll 008E DeleteEnhMetaFile
1 00092638 gdi32.dll 008D DeleteDC
1 0009263C gdi32.dll 0051 CreateSolidBrush
1 00092640 gdi32.dll 0049 CreatePenIndirect
1 00092644 gdi32.dll 0046 CreatePalette
1 00092648 gdi32.dll 0040 CreateHalftonePalette
1 0009264C gdi32.dll 003B CreateFontIndirectA
1 00092650 gdi32.dll 0034 CreateDIBitmap
1 00092654 gdi32.dll 0033 CreateDIBSection
1 00092658 gdi32.dll 002E CreateCompatibleDC
1 0009265C gdi32.dll 002D CreateCompatibleBitmap
1 00092660 gdi32.dll 002A CreateBrushIndirect
1 00092664 gdi32.dll 0028 CreateBitmap
1 00092668 gdi32.dll 0024 CopyEnhMetaFileA
1 0009266C gdi32.dll 0013 BitBlt

FThunk: 00092674 NbFunc: 000000AF
1 00092674 user32.dll 0061 CreateWindowExA
1 00092678 user32.dll 02D8 mouse_event
1 0009267C user32.dll 02D7 keybd_event
1 00092680 user32.dll 02D6 WindowFromPoint
1 00092684 user32.dll 02D3 WinHelpA
1 00092688 user32.dll 02D1 WaitMessage
1 0009268C user32.dll 02C8 VkKeyScanA
1 00092690 user32.dll 02BC UpdateWindow
1 00092694 user32.dll 02B4 UnregisterClassA
1 00092698 user32.dll 02AF UnhookWindowsHookEx
1 0009269C user32.dll 02AB TranslateMessage
1 000926A0 user32.dll 02AA TranslateMDISysAccel
1 000926A4 user32.dll 02A5 TrackPopupMenu
1 000926A8 user32.dll 029A SystemParametersInfoA
1 000926AC user32.dll 0293 ShowWindow
1 000926B0 user32.dll 0291 ShowScrollBar
1 000926B4 user32.dll 0290 ShowOwnedPopups
1 000926B8 user32.dll 028F ShowCursor
1 000926BC user32.dll 028B SetWindowsHookExA
1 000926C0 user32.dll 0284 SetWindowPos
1 000926C4 user32.dll 0283 SetWindowPlacement
1 000926C8 user32.dll 0281 SetWindowLongA
1 000926CC user32.dll 027B SetTimer
1 000926D0 user32.dll 027A SetThreadDesktop
1 000926D4 user32.dll 0271 SetScrollRange
1 000926D8 user32.dll 0270 SetScrollPos
1 000926DC user32.dll 026F SetScrollInfo
1 000926E0 user32.dll 026D SetRect
1 000926E4 user32.dll 026B SetPropA
1 000926E8 user32.dll 0267 SetParent
1 000926EC user32.dll 0263 SetMenuItemInfoA
1 000926F0 user32.dll 025E SetMenu
1 000926F4 user32.dll 0258 SetForegroundWindow
1 000926F8 user32.dll 0257 SetFocus
1 000926FC user32.dll 0250 SetCursorPos
1 00092700 user32.dll 024E SetCursor
1 00092704 user32.dll 024B SetClipboardData
1 00092708 user32.dll 0248 SetClassLongA
1 0009270C user32.dll 0245 SetCapture
1 00092710 user32.dll 0244 SetActiveWindow
1 00092714 user32.dll 023C SendMessageA
1 00092718 user32.dll 0235 ScrollWindow
1 0009271C user32.dll 0232 ScreenToClient
1 00092720 user32.dll 022D RemovePropA
1 00092724 user32.dll 022C RemoveMenu
1 00092728 user32.dll 022B ReleaseDC
1 0009272C user32.dll 022A ReleaseCapture
1 00092730 user32.dll 021B RegisterClipboardFormatA
1 00092734 user32.dll 021B RegisterClipboardFormatA
1 00092738 user32.dll 0217 RegisterClassA
1 0009273C user32.dll 0216 RedrawWindow
1 00092740 user32.dll 020C PtInRect
1 00092744 user32.dll 0202 PostQuitMessage
1 00092748 user32.dll 0200 PostMessageA
1 0009274C user32.dll 01FE PeekMessageA
1 00092750 user32.dll 01F8 OpenInputDesktop
1 00092754 user32.dll 01F5 OpenDesktopA
1 00092758 user32.dll 01F4 OpenClipboard
1 0009275C user32.dll 01F3 OffsetRect
1 00092760 user32.dll 01EF OemToCharA
1 00092764 user32.dll 01EB MsgWaitForMultipleObjects
1 00092768 user32.dll 01DD MessageBoxA
1 0009276C user32.dll 01DC MessageBeep
1 00092770 user32.dll 01D8 MapWindowPoints
1 00092774 user32.dll 01D4 MapVirtualKeyA
1 00092778 user32.dll 01C9 LoadStringA
1 0009277C user32.dll 01C0 LoadKeyboardLayoutA
1 00092780 user32.dll 01BC LoadIconA
1 00092784 user32.dll 01B8 LoadCursorA
1 00092788 user32.dll 01B6 LoadBitmapA
1 0009278C user32.dll 01B3 KillTimer
1 00092790 user32.dll 01B1 IsZoomed
1 00092794 user32.dll 01B0 IsWindowVisible
1 00092798 user32.dll 01AD IsWindowEnabled
1 0009279C user32.dll 01AC IsWindow
1 000927A0 user32.dll 01A9 IsRectEmpty
1 000927A4 user32.dll 01A7 IsIconic
1 000927A8 user32.dll 01A1 IsDialogMessage
1 000927AC user32.dll 01A0 IsClipboardFormatAvailable
1 000927B0 user32.dll 019F IsChild
1 000927B4 user32.dll 0194 InvalidateRect
1 000927B8 user32.dll 0193 IntersectRect
1 000927BC user32.dll 018F InsertMenuItemA
1 000927C0 user32.dll 018E InsertMenuA
1 000927C4 user32.dll 018B InflateRect
1 000927C8 user32.dll 017C GetWindowThreadProcessId
1 000927CC user32.dll 0178 GetWindowTextA
1 000927D0 user32.dll 0175 GetWindowRect
1 000927D4 user32.dll 0174 GetWindowPlacement
1 000927D8 user32.dll 016F GetWindowLongA
1 000927DC user32.dll 016D GetWindowDC
1 000927E0 user32.dll 0167 GetUserObjectInformationA
1 000927E4 user32.dll 0164 GetTopWindow
1 000927E8 user32.dll 015E GetSystemMetrics
1 000927EC user32.dll 015D GetSystemMenu
1 000927F0 user32.dll 015C GetSysColorBrush
1 000927F4 user32.dll 015B GetSysColor
1 000927F8 user32.dll 015A GetSubMenu
1 000927FC user32.dll 0158 GetScrollRange
1 00092800 user32.dll 0157 GetScrollPos
1 00092804 user32.dll 0156 GetScrollInfo
1 00092808 user32.dll 014B GetPropA
1 0009280C user32.dll 0146 GetParent
1 00092810 user32.dll 016B GetWindow
1 00092814 user32.dll 0139 GetMenuStringA
1 00092818 user32.dll 0138 GetMenuState
1 0009281C user32.dll 0135 GetMenuItemInfoA
1 00092820 user32.dll 0134 GetMenuItemID
1 00092824 user32.dll 0133 GetMenuItemCount
1 00092828 user32.dll 012D GetMenu
1 0009282C user32.dll 0129 GetLastActivePopup
1 00092830 user32.dll 0127 GetKeyboardState
1 00092834 user32.dll 0124 GetKeyboardLayoutList
1 00092838 user32.dll 0123 GetKeyboardLayout
1 0009283C user32.dll 0122 GetKeyState
1 00092840 user32.dll 0120 GetKeyNameTextA
1 00092844 user32.dll 011B GetIconInfo
1 00092848 user32.dll 0118 GetForegroundWindow
1 0009284C user32.dll 0117 GetFocus
1 00092850 user32.dll 010F GetDesktopWindow
1 00092854 user32.dll 010E GetDCEx
1 00092858 user32.dll 010D GetDC
1 0009285C user32.dll 010C GetCursorPos
1 00092860 user32.dll 0109 GetCursor
1 00092864 user32.dll 0102 GetClipboardData
1 00092868 user32.dll 0100 GetClientRect
1 0009286C user32.dll 00FD GetClassNameA
1 00092870 user32.dll 00F7 GetClassInfoA
1 00092874 user32.dll 00F4 GetCapture
1 00092878 user32.dll 00EC GetActiveWindow
1 0009287C user32.dll 00EA FrameRect
1 00092880 user32.dll 00E4 FindWindowA
1 00092884 user32.dll 00E3 FillRect
1 00092888 user32.dll 00E2 ExitWindowsEx
1 0009288C user32.dll 00E0 EqualRect
1 00092890 user32.dll 00DF EnumWindows
1 00092894 user32.dll 00DC EnumThreadWindows
1 00092898 user32.dll 00CD EnumClipboardFormats
1 0009289C user32.dll 00C9 EndPaint
1 000928A0 user32.dll 00C5 EnableWindow
1 000928A4 user32.dll 00C4 EnableScrollBar
1 000928A8 user32.dll 00C3 EnableMenuItem
1 000928AC user32.dll 00C2 EmptyClipboard
1 000928B0 user32.dll 00BD DrawTextA
1 000928B4 user32.dll 00B9 DrawMenuBar
1 000928B8 user32.dll 00B8 DrawIconEx
1 000928BC user32.dll 00B7 DrawIcon
1 000928C0 user32.dll 00B6 DrawFrameControl
1 000928C4 user32.dll 00B3 DrawEdge
1 000928C8 user32.dll 00A2 DispatchMessageA
1 000928CC user32.dll 009A DestroyWindow
1 000928D0 user32.dll 0098 DestroyMenu
1 000928D4 user32.dll 0096 DestroyCursor
1 000928D8 user32.dll 0096 DestroyCursor
1 000928DC user32.dll 0092 DeleteMenu
1 000928E0 user32.dll 008F DefWindowProcA
1 000928E4 user32.dll 008C DefMDIChildProcA
1 000928E8 user32.dll 008A DefFrameProcA
1 000928EC user32.dll 005F CreatePopupMenu
1 000928F0 user32.dll 005E CreateMenu
1 000928F4 user32.dll 0058 CreateIcon
1 000928F8 user32.dll 0044 CloseDesktop
1 000928FC user32.dll 0043 CloseClipboard
1 00092900 user32.dll 0041 ClientToScreen
1 00092904 user32.dll 003A CheckMenuItem
1 00092908 user32.dll 001C CallWindowProcA
1 0009290C user32.dll 001B CallNextHookEx
1 00092910 user32.dll 000E BeginPaint
1 00092914 user32.dll 002B CharNextA
1 00092918 user32.dll 0028 CharLowerBuffA
1 0009291C user32.dll 0027 CharLowerA
1 00092920 user32.dll 0036 CharUpperBuffA
1 00092924 user32.dll 0031 CharToOemA
1 00092928 user32.dll 0003 AdjustWindowRectEx
1 0009292C user32.dll 0001 ActivateKeyboardLayout

FThunk: 00092934 NbFunc: 00000001
1 00092934 kernel32.dll 033F Sleep

FThunk: 0009293C NbFunc: 00000008
1 0009293C oleaut32.dll 0094 SafeArrayPtrOfIndex
1 00092940 oleaut32.dll 0013 SafeArrayGetUBound
1 00092944 oleaut32.dll 0014 SafeArrayGetLBound
1 00092948 oleaut32.dll 000F SafeArrayCreate
1 0009294C oleaut32.dll 000C VariantChangeType
1 00092950 oleaut32.dll 000A VariantCopy
1 00092954 oleaut32.dll 0009 VariantClear
1 00092958 oleaut32.dll 0008 VariantInit

FThunk: 00092960 NbFunc: 00000016
1 00092960 comctl32.dll 004F ImageList_SetIconSize
1 00092964 comctl32.dll 003B ImageList_GetIconSize
1 00092968 comctl32.dll 0052 ImageList_Write
1 0009296C comctl32.dll 0043 ImageList_Read
1 00092970 comctl32.dll 0038 ImageList_GetDragImage
1 00092974 comctl32.dll 0031 ImageList_DragShowNolock
1 00092978 comctl32.dll 004C ImageList_SetDragCursorImage
1 0009297C comctl32.dll 0030 ImageList_DragMove
1 00092980 comctl32.dll 002F ImageList_DragLeave
1 00092984 comctl32.dll 002E ImageList_DragEnter
1 00092988 comctl32.dll 0036 ImageList_EndDrag
1 0009298C comctl32.dll 002A ImageList_BeginDrag
1 00092990 comctl32.dll 0044 ImageList_Remove
1 00092994 comctl32.dll 0033 ImageList_DrawEx
1 00092998 comctl32.dll 0032 ImageList_Draw
1 0009299C comctl32.dll 0037 ImageList_GetBkColor
1 000929A0 comctl32.dll 004B ImageList_SetBkColor
1 000929A4 comctl32.dll 0046 ImageList_ReplaceIcon
1 000929A8 comctl32.dll 0027 ImageList_Add
1 000929AC comctl32.dll 003C ImageList_GetImageCount
1 000929B0 comctl32.dll 002D ImageList_Destroy
1 000929B4 comctl32.dll 002C ImageList_Create

FThunk: 000929BC NbFunc: 00000002
1 000929BC shell32.dll 016D Shell_NotifyIcon
1 000929C0 shell32.dll 0167 ShellExecuteA

FThunk: 000929C8 NbFunc: 00000005
1 000929C8 wininet.dll 0110 InternetReadFile
1 000929CC wininet.dll 0109 InternetOpenUrlA
1 000929D0 wininet.dll 0108 InternetOpenA
1 000929D4 wininet.dll 00DF InternetCloseHandle
1 000929D8 wininet.dll 00CD HttpQueryInfoA

FThunk: 000929E0 NbFunc: 0000000F
1 000929E0 advapi32.dll 0240 StartServiceA
1 000929E4 advapi32.dll 0241 StartServiceCtrlDispatcherA
1 000929E8 advapi32.dll 023B SetServiceStatus
1 000929EC advapi32.dll 0203 RegisterServiceCtrlHandlerA
1 000929F0 advapi32.dll 01C2 QueryServiceStatus
1 000929F4 advapi32.dll 01BD QueryServiceConfigA
1 000929F8 advapi32.dll 01AE OpenServiceA
1 000929FC advapi32.dll 01AC OpenSCManagerA
1 00092A00 advapi32.dll 0115 GetServiceKeyNameA
1 00092A04 advapi32.dll 00D3 EnumServicesStatusA
1 00092A08 advapi32.dll 00B1 DeleteService
1 00092A0C advapi32.dll 0066 CreateServiceA
1 00092A10 advapi32.dll 0044 ControlService
1 00092A14 advapi32.dll 0040 CloseServiceHandle
1 00092A18 advapi32.dll 0038 ChangeServiceConfigA

FThunk: 00092A20 NbFunc: 0000001E
1 00092A20 wsock32.dll 0074 WSACleanup
1 00092A24 wsock32.dll 0073 WSAStartup
1 00092A28 wsock32.dll 006F WSAGetLastError
1 00092A2C wsock32.dll 006C WSACancelAsyncRequest
1 00092A30 wsock32.dll 006B WSAAsyncGetServByName
1 00092A34 wsock32.dll 0067 WSAAsyncGetHostByName
1 00092A38 wsock32.dll 0065 WSAAsyncSelect
1 00092A3C wsock32.dll 0039 gethostname
1 00092A40 wsock32.dll 0037 getservbyname
1 00092A44 wsock32.dll 0034 gethostbyname
1 00092A48 wsock32.dll 0017 socket
1 00092A4C wsock32.dll 0015 setsockopt
1 00092A50 wsock32.dll 0014 sendto
1 00092A54 wsock32.dll 0013 send
1 00092A58 wsock32.dll 0012 select
1 00092A5C wsock32.dll 0011 recvfrom
1 00092A60 wsock32.dll 0010 recv
1 00092A64 wsock32.dll 0009 htons
1 00092A68 wsock32.dll 000D listen
1 00092A6C wsock32.dll 000C ioctlsocket
1 00092A70 wsock32.dll 000B inet_ntoa
1 00092A74 wsock32.dll 000A inet_addr
1 00092A78 wsock32.dll 0009 htons
1 00092A7C wsock32.dll 0007 getsockopt
1 00092A80 wsock32.dll 0006 getsockname
1 00092A84 wsock32.dll 0005 getpeername
1 00092A88 wsock32.dll 0004 connect
1 00092A8C wsock32.dll 0003 closesocket
1 00092A90 wsock32.dll 0002 bind
1 00092A94 wsock32.dll 0001 accept

FThunk: 00092A9C NbFunc: 00000001
1 00092A9C imagehlp.dll 0004 CheckSumMappedFile

FThunk: 00092AA4 NbFunc: 00000019
1 00092AA4 winmm.dll 00CF waveOutWrite
1 00092AA8 winmm.dll 00CE waveOutUnprepareHeader
1 00092AAC winmm.dll 00C9 waveOutReset
1 00092AB0 winmm.dll 00C8 waveOutPrepareHeader
1 00092AB4 winmm.dll 00C6 waveOutOpen
1 00092AB8 winmm.dll 00C3 waveOutGetPosition
1 00092ABC winmm.dll 00AD waveInGetErrorTextA
1 00092AC0 winmm.dll 00BC waveOutGetDevCapsW
1 00092AC4 winmm.dll 00BB waveOutGetDevCapsA
1 00092AC8 winmm.dll 00BA waveOutClose
1 00092ACC winmm.dll 00B8 waveInUnprepareHeader
1 00092AD0 winmm.dll 00B7 waveInStop
1 00092AD4 winmm.dll 00B6 waveInStart
1 00092AD8 winmm.dll 00B5 waveInReset
1 00092ADC winmm.dll 00B4 waveInPrepareHeader
1 00092AE0 winmm.dll 00B3 waveInOpen
1 00092AE4 winmm.dll 00B1 waveInGetPosition
1 00092AE8 winmm.dll 00AD waveInGetErrorTextA
1 00092AEC winmm.dll 00AC waveInGetDevCapsW
1 00092AF0 winmm.dll 00AB waveInGetDevCapsA
1 00092AF4 winmm.dll 00AA waveInClose
1 00092AF8 winmm.dll 00A9 waveInAddBuffer
1 00092AFC winmm.dll 000F SendDriverMessage
1 00092B00 winmm.dll 000B OpenDriver
1 00092B04 winmm.dll 0003 CloseDriver

FThunk: 00092B0C NbFunc: 00000002
1 00092B0C avicap32.dll 0002 capCreateCaptureWindowA
1 00092B10 avicap32.dll 0004 capGetDriverDescriptionA

FThunk: 00092B18 NbFunc: 0000000B
1 00092B18 msacm32.dll 0017 acmFormatChooseA
1 00092B1C msacm32.dll 001B acmFormatEnumA
1 00092B20 msacm32.dll 0020 acmFormatTagEnumA
1 00092B24 msacm32.dll 0006 acmDriverDetailsW
1 00092B28 msacm32.dll 0005 acmDriverDetailsA
1 00092B2C msacm32.dll 0009 acmDriverMessage
1 00092B30 msacm32.dll 0004 acmDriverClose
1 00092B34 msacm32.dll 000A acmDriverOpen
1 00092B38 msacm32.dll 0007 acmDriverEnum
1 00092B3C msacm32.dll 0024 acmMetrics
1 00092B40 msacm32.dll 0022 acmGetVersion

FThunk: 00092B48 NbFunc: 00000004
1 00092B48 ws2_32.dll 003C WSAIoctl
1 00092B4C ws2_32.dll 0039 gethostname
1 00092B50 ws2_32.dll 0034 gethostbyname
1 00092B54 ws2_32.dll 000C inet_ntoa

FThunk: 00092B5C NbFunc: 00000003
1 00092B5C advapi32.dll 0236 SetSecurityInfo
1 00092B60 advapi32.dll 0221 SetEntriesInAclA
1 00092B64 advapi32.dll 0110 GetSecurityInfo

FThunk: 00092B6C NbFunc: 00000001
1 00092B6C avicap32.dll 0004 capGetDriverDescriptionA