某浏览器广告去除
用W32DASM打开Netcaptor的主文件,NetCaptor.exe,查找字符串ad2.htm,如下:
* Possible StringData Ref from Code Obj ->”ad2.gif”
|
:004CD83D B928E44C00 mov ecx, 004CE428
:004CD842 8B55E8 mov edx, dword ptr [ebp-18]
:004CD845 E82666F3FF call 00403E70
:004CD84A 8B45D4 mov eax, dword ptr [ebp-2C]
:004CD84D E81ABAF3FF call 0040926C
:004CD852 84C0 test al, al
:004CD854 0F8596000000 jne 004CD8F0<——————–此处改成JMP004CD8F0
:004CD85A 8B45FC mov eax, dword ptr [ebp-04]
:004CD85D 80B8D407000000 cmp byte ptr [eax+000007D4], 00
:004CD864 7423 je 004CD889
* Possible StringData Ref from Code Obj ->”AD_GI2″
|
:004CD866 6838E44C00 push 004CE438
* Possible StringData Ref from Code Obj ->”RT_HTML”
————————————————————————————————————————
:004CD8F0 8D45D4 lea eax, dword ptr [ebp-2C]
* Possible StringData Ref from Code Obj ->”ad2.htm”
|
:004CD8F3 B960E44C00 mov ecx, 004CE460
:004CD8F8 8B55E8 mov edx, dword ptr [ebp-18]
:004CD8FB E87065F3FF call 00403E70
:004CD900 8B45D4 mov eax, dword ptr [ebp-2C]
:004CD903 E85CBAF3FF call 00409364
:004CD908 8D45D4 lea eax, dword ptr [ebp-2C]
* Possible StringData Ref from Code Obj ->”ad2.htm”
|
:004CD90B B960E44C00 mov ecx, 004CE460
:004CD910 8B55E8 mov edx, dword ptr [ebp-18]
:004CD913 E85865F3FF call 00403E70
:004CD918 8B45D4 mov eax, dword ptr [ebp-2C]
:004CD91B E84CB9F3FF call 0040926C
:004CD920 84C0 test al, al
:004CD922 0F8596000000 jne 004CD9BE<——————–此处改成JMP 004CD9BE
:004CD928 8B45FC mov eax, dword ptr [ebp-04]
:004CD92B 80B8D407000000 cmp byte ptr [eax+000007D4], 00
:004CD932 7423 je 004CD957
* Possible StringData Ref from Code Obj ->”AD_HTM2″
|
:004CD934 6870E44C00 push 004CE470
