//360和傲游
kernel32!CreateProcessInternalA:
7c81d54e e950697e93 jmp safemon+0x3ea3 (10003ea3) <= push 98h
7c81d553 6858d6817c push offset kernel32!`string'+0x24 (7c81d658)
7c81d558 e8794ffeff call kernel32!_SEH_prolog (7c8024d6)
7c81d55d 33db xor ebx,ebx
7c81d55f 395d10 cmp dword ptr [ebp+10h],ebx
7c81d562 0f84815f0200 je kernel32!CreateProcessInternalA+0x2b (7c8434e9)
7c81d568 ff7510 push dword ptr [ebp+10h]
7c81d56b 8d45cc lea eax,[ebp-34h]
kernel32!CreateProcessInternalW:
7c8197b0 e964a77e93 jmp safemon+0x3f19 (10003f19) <= push 0A08h
7c8197b5 68889a817c push offset kernel32!`string'+0xc (7c819a88)
7c8197ba e8178dfeff call kernel32!_SEH_prolog (7c8024d6)
7c8197bf a1cc56887c mov eax,dword ptr [kernel32!__security_cookie (7c8856cc)]
7c8197c4 8945e4 mov dword ptr [ebp-1Ch],eax
7c8197c7 8b4508 mov eax,dword ptr [ebp+8]
7c8197ca 8985c4f7ffff mov dword ptr [ebp-83Ch],eax
7c8197d0 8b450c mov eax,dword ptr [ebp+0Ch]
---------------------------------------------------------------------------------------------------------------------------
//赛门铁克网页防护
//原始函数入口指令
8bff mov edi,edi
55 push ebp
8bec mov ebp,esp
//被赛门后
urlmon!URLDownloadToFileA:
75cb99f5 e9da684e8b jmp <Unloaded_px86.dll>+0x11a02d3 (011a02d4)
75cb99fa 81ec10010000 sub esp,offset <Unloaded_px86.dll>+0x10f (00000110)
75cb9a00 a1f810cd75 mov eax,dword ptr [urlmon!__security_cookie (75cd10f8)]
75cb9a05 53 push ebx
75cb9a06 8b5d10 mov ebx,dword ptr [ebp+10h]
75cb9a09 8945fc mov dword ptr [ebp-4],eax
75cb9a0c 8b4508 mov eax,dword ptr [ebp+8]
75cb9a0f 56 push esi
urlmon!URLDownloadToFileW:
75cb9678 e9496b4e8b jmp <Unloaded_px86.dll>+0x11a01c5 (011a01c6)
75cb967d 56 push esi
75cb967e 57 push edi
75cb967f 6854010000 push offset <Unloaded_px86.dll>+0x153 (00000154)
75cb9684 e88291faff call urlmon!operator new (75c6280b)
75cb9689 85c0 test eax,eax
75cb968b 59 pop ecx
75cb968c 7419 je urlmon!URLDownloadToFileW+0x2f (75cb96a7)