SlothBP_zh.ini

[&01. 常用断点]
rtcFileLen(VB自效验) = kernel32.rtcFileLen
FindFirstFileA(查找文件) = kernel32.FindFirstFileA
ExitProcess(程序退出) = kernel32.ExitProcess
GetStartupInfoA(获取启动信息) = kernel32.GetStartupInfoA
GetFileSize(取文件大小) = kernel32.GetFileSize
VirtualProtect(Vmp脱壳) = kernel32.VirtualProtect
ExitWindowsEx(关机断点) = kernel32.ExitWindowsEx
CreateFileA(自效验) = kernel32.CreateFileA
GetVersion(易语言脱壳) = kernel32.GetVersion
send(发送封包) = ws2_32.send
WSASend(发送封包) = ws2_32.WSASend
recv(接收封包) = ws2_32.recv
RtlAdjustPrivilege(易语言快速关机) = ntdll.RtlAdjustPrivilege
SHFormatDrive(格盘API) = shell32.SHFormatDrive
RemoveDirectoryA(删除指定目录) = kernel32.RemoveDirectoryA
DeleteFileA(删除指定文件) = kernel32.DeleteFileA

[&02. 对话框]
MessageBox(信息框) = user32.MessageBox
MessageBoxA = user32.MessageBoxA
MessageBoxW = user32.MessageBoxW
MessageBoxExA = user32.MessageBoxExA
MessageBoxExW = user32.MessageBoxExW
MessageBoxIndirect(消息框) = user32.MessageBoxIndirect
MessageBoxIndirectA = user32.MessageBoxIndirectA
MessageBoxIndirectW = user32.MessageBoxIndirectW
GetWindowTextA(取控件文本) = user32.GetWindowTextA
GetWindowTextW = user32.GetWindowTextW
SetWindowTextA(置控件标题) = user32.SetWindowTextA
GetDlgItemText(取控件文本) = user32.GetDlgItemText
GetDlgItemTextA = user32.GetDlgItemTextA
GetDlgItemTextW = user32.GetDlgItemTextW
SetDlgItemTextA(置控件文本) = user32.SetDlgItemTextA
GetDlgItemInt(取控件中整数) = user32.GetDlgItemInt
SetDlgItemInt(置控件中文本) = user32.SetDlgItemInt
SendMessage(消息发送) = user32.SendMessage
SendDlgItemMessage(消息发送) = user32.SendDlgItemMessage
IsDialogMessageA(发消息) = user32.IsDialogMessageA
IsDialogMessageW = user32.IsDialogMessageW
SendMessageA(发消息) = user32.SendMessageA
DispatchMessageA(发消息) = user32.DispatchMessageA
CallWindowProcA(发消息) = user32.CallWindowProcA
DefWindowProcA(消息默认处理) = user32.DefWindowProcA
MessageBeep(系统警告声) = user32.MessageBeep
DrawTextA(文本描绘到矩形中) = user32.DrawTextA
DrawTextExA = user32.DrawTextExA 
DrawTextExW = user32.DrawTextExW
FindWindowA(获得窗口句柄) = user32.FindWindowA
GetClipboardData(取剪贴板数据) = user32.GetClipboardData
CoInitialize(始化com库) = user32.CoInitialize
CoCreateInstance(建Com对象) = user32.CoCreateInstance
LoadIconA(装入图标资源) = user32.LoadIconA
SetWindowLongA(置窗口属性) = user32.SetWindowLongA
SetWindowTextA(置控件文本) = user32.SetWindowTextA
ShowWindow(置窗口显示状态) = user32.ShowWindow
movewindow(置窗口位置和大小) = user32.movewindow
ShowWindow(显示窗口) = user32.ShowWindow
UpdateWindow(更新窗口) = user32.UpdateWindow
CreateWindowExA(建窗口) = user32.CreateWindowExA
CreateWindow(创建窗口) = user32.CreateWindow
CreateWindowExA = user32.CreateWindowExA
CreateWindowExW = user32.CreateWindowExW
DestroyWindow(销毁窗口) = user32.DestroyWindow
DialogBox(模态对话框) = user32.DialogBox
EndDialog(清除模态对话框) = user32.EndDialog
DialogBoxParam(模态对话框) = user32.DialogBoxParam
DialogBoxParamA = user32.DialogBoxParamA
DialogBoxParamW = user32.DialogBoxParamW
DialogBoxIndirect(建模框) = user32.DialogBoxIndirect
DialogBoxIndirectParamA(模框) = user32.DialogBoxIndirectParamA
DialogBoxIndirectParamW = user32.DialogBoxIndirectParamW
CreateDialog(非模态对话框) = user32.CreateDialog
CreateDialogParam (非模态对话框) = user32.CreateDialogParam 
CreateDialogParamA = user32.CreateDialogParamA
CreateDialogIndirect(非模态对话框) = user32.CreateDialogIndirect
CreateDialogIndirectParam(非模框) = user32.CreateDialogIndirectParam
CreateDialogIndirectParamA = user32.CreateDialogIndirectParamA
TranslateMessage(消息队列) = user32.TranslateMessage
GetMessageA(取消息到结构) = user32.GetMessageA
PeekMessageA(查消息到结构) = user32.PeekMessageA

[&03. 功能限制]
SetMenu(建菜单) = user32.SetMenu
DestroyMenu(删除菜单) = user32.DestroyMenu
DeleteMenu(删除菜单项) = user32.DeleteMenu
EnableMenuItem(菜单有无变灰) = user32.EnableMenuItem
EnableWindow(禁止键盘鼠标输入) = user32.EnableWindow

[&04. 文件处理]
CreateFileA(创建或打开文件) = kernel32.CreateFileA
CreateFileW = kernel32.CreateFileW
OpenFile(打开文件) = kernel32.OpenFile
ReadFile(读文件) = kernel32.ReadFile
WriteFile(写文件) = kernel32.WriteFile
GetFileSize(取文件大小) = kernel32.GetFileSize
FindFirstFileA(查找文件) = kernel32.FindFirstFileA
GetModuleFileNameA (取文件路径) = kernel32.GetModuleFileNameA 
OpenFileMappingA(打开文件映射对象) = kernel32.OpenFileMappingA
OpenFileMappingW = kernel32.OpenFileMappingW
LoadLibraryA(加载DLL) = kernel32.LoadLibraryA
LoadLibraryW = kernel32.LoadLibraryW
LoadLibraryExA = kernel32.LoadLibraryExA
LoadLibraryExW = kernel32.LoadLibraryExW
CreateFileMappingA(创建文件对象) = kernel32.CreateFileMappingA
CopyFileA(复制文件) = kernel32.CopyFileA
CopyFileW = kernel32.CopyFileW
CopyFileExA = kernel32.CopyFileExA
CopyFileExW = kernel32.CopyFileExW
SetFilePointer(设置文件读写位置) = kernel32.SetFilePointer
MoveFileA(移动文件) = kernel32.MoveFileA
MoveFileW = kernel32.MoveFileW
MoveFileExA = kernel32.MoveFileExA
MoveFileExW = kernel32.MoveFileExW
DeleteFileA(删除文件) = kernel32.DeleteFileA
DeleteFileW = kernel32.DeleteFileW
LoadCursorFromFileA(创建文件光标) = user32.LoadCursorFromFileA
FileOpen(打开文件) = kernel32.FileOpen

[&05. ini文件]
GetPrivateProfileStringA(INI重启验证常用) = kernel32.GetPrivateProfileStringA
GetPrivateProfileIntA(初始化文件) = kernel32.GetPrivateProfileIntA
GetPrivateProfileStringA(取字串) = kernel32.GetPrivateProfileStringA
WritePrivateProfileStringA(设置字串) = kernel32.WritePrivateProfileStringA

[&06. 注册表]
RegOpenKeyA(打开注册表项) = advapi32.RegOpenKeyA
RegOpenKeyExA(重启验证常用) = advapi32.RegOpenKeyExA
RegCreateKeyExA = advapi32.RegCreateKeyExA
RegQueryValueExA = advapi32.RegQueryValueExA
RegCreateKeyA(创建新项) = advapi32.RegCreateKeyA
RegCloseKey(关闭注册表) = advapi32.RegCloseKey
RegDeleteKeyA(删除键值) = advapi32.RegDeleteKeyA
RegDeleteKeyW = advapi32.RegDeleteKeyW
RegQueryValueA(取值) = advapi32.RegQueryValueA
RegEnumKeyExA(枚举子项) = advapi32.RegEnumKeyExA
RegSetValueA(设置默认值) = advapi32.RegSetValueA
RegSetValueW = advapi32.RegSetValueW
RegSetValueExA(设置指定项的值) = advapi32.RegSetValueExA
RegSetValueExW = advapi32.RegSetValueExW

[&07. 时间处理]
SetSystemTime(设置系统时间) = kernel32.SetSystemTime
TimerProc(回调函数) = kernel32.TimerProc
SetLocalTime(设置本地时间) = kernel32.SetLocalTime
GetSystemTime(载入系统时间) = kernel32.GetSystemTime
GetLocalTime(取本地时间) = kernel32.GetLocalTime
GetSystemtime (取系统时间) = kernel32.GetSystemtime 
GetCurrentTime(取系统时间) = kernel32.GetCurrentTime
GetFileTime(获取文件时间) = kernel32.GetFileTime
GetTickCount(系统启动后所经过的毫秒数) = kernel32.GetTickCount
CompareFileTime(比较文件时间) = kernel32.CompareFileTime
SetTimer(创建定时器) = user32.SetTimer
KillTimer(移除定时器) = user32.KillTimer
timeSetEvent(多媒体定时器) = winmm.timeSetEvent

[&08. 进程函数]
CreateThread(创建线程) = kernel32.CreateThread
GetModuleHandleA(取模块(实例)句柄) = kernel32.GetModuleHandleA
OpenMutexA(打开互斥体) = kernel32.OpenMutexA
WriteProcessMemory(设定内存) = kernel32.WriteProcessMemory
CreateRemoteThread(创建线程) = kernel32.CreateRemoteThread
CreateProcessA(创建进程) = kernel32.CreateProcessA
OpenProcess(取进程句柄) = kernel32.OpenProcess
ExitProcess(退出进程) = kernel32.ExitProcess
ExitThread(终止当前线程) = kernel32.ExitThread
TerminateProcess(终止一个进程) = kernel32.TerminateProcess
CreateToolhelp32Snapshot(获取进程的列表) = kernel32.CreateToolhelp32Snapshot
Process32First(取进程句柄) = kernel32.Process32First
Process32FirstW = kernel32.Process32FirstW
Process32Next(取进程句柄) = kernel32.Process32Next
Module32Next(取模块句柄) = kernel32.Module32Next
Module32NextW = kernel32.Module32NextW
Module32First(取模块句柄) = kernel32.Module32First
Module32FirstW = kernel32.Module32FirstW
Heap32ListFirst(取堆句柄) = kernel32.Heap32ListFirst
Heap32ListNext(取堆句柄) = kernel32.Heap32ListNext
GetProcessHeap(取堆句柄) = kernel32.GetProcessHeap
Heap32First(取进程堆相关信息) = kernel32.Heap32First
Heap32Next(取堆的相关信息) = kernel32.Heap32Next
PostQuitMessage(终止线程) = user32.PostQuitMessage
PostQuitMessageA(终止线程) = user32.PostQuitMessageA
IsDebuggerPresent(判断进程是否被调试) = kernel32.IsDebuggerPresent
OpenProcessToken(获得进程访问令牌的句柄) = advapi32.OpenProcessToken
OpenThreadToken = advapi32.OpenThreadToken
ZwQueryInformationProcess = ntdll.ZwQueryInformationProcess

[&09. 磁盘处理函数]
GetDiskFreeSpaceA(取磁盘信息) = kernel32.GetDiskFreeSpaceA
GetDriveTypeA(判断磁盘驱动器类型) = kernel32.GetDriveTypeA
GetLogicalDrives(取驱动器字母) = kernel32.GetLogicalDrives
GetLogicalDriveStringsA(取驱动器路径) = kernel32.GetLogicalDriveStringsA
GetLastError(返回扩充出错代码) = kernel32.GetLastError

[&10. VB5专用断点]
rtcFileLen(VB校验) = msvbvm60.rtcFileLen

[&11. VB6专用断点]
FindResourceA(VB校验) = kernel32.FindResourceA
CreateFileA(VB校验) = kernel32.CreateFileA
GetVolumeInformation(磁盘卷) = kernel32.GetVolumeInformation
MultiByteToWideChar(A转U字符串) = kernel32.MultiByteToWideChar
WideCharToMultiByte(U转A字符串) = kernel32.WideCharToMultiByte
GetFileSize(判断文件长度) = kernel32.GetFileSize
VarCyFromStr(字串到整型) = oleaut32.VarCyFromStr
arBstrFromI2(整型到字串) = oleaut32.arBstrFromI2
rtcFileLen(VB校验) = msvbvm60.rtcFileLen
rtcFileLength(VB校验) = msvbvm60.rtcFileLength
rtcMsgBox(显示对话框) = msvbvm60.rtcMsgBox
rtcInputBox(输入窗口) = msvbvm60.rtcInputBox
rtcFileLen = msvbvm60.rtcFileLen
GetMemStr = msvbvm60.GetMemStr
rtcR8ValFromBstr = msvbvm60.rtcR8ValFromBstr
rtcGetPresentDate = msvbvm60.rtcGetPresentDate
rtcBeep = msvbvm60.rtcBeep
rtcTrimBstr(去字串中空格) = msvbvm60.rtcTrimBstr
rtcMidCharVar(字串中取字符) = msvbvm60.rtcMidCharVar
rtcLeftCharVar(字串左边取字符) = msvbvm60.rtcLeftCharVar
rtcRightCharVar(字串右边取字符) = msvbvm60.rtcRightCharVar
StrConv(转换字符串) = msvbvm60.StrConv
rtcT8ValFromBstr(字符转浮点数) = msvbvm60.rtcT8ValFromBstr
__vbaI2Str(字符转1字节数值) = msvbvm60.__vbaI2Str
__vbaI4Str(字符转4字节数值) = msvbvm60.__vbaI4Str
__vbar4Str(字符转4浮点型) = msvbvm60.__vbar4Str
__vbar8Str(字符转8浮点型) = msvbvm60.__vbar8Str
__vbavaradd(变量值相加 ) = msvbvm60.__vbavaradd
__vbavarsub(变量值相减) = msvbvm60.__vbavarsub
__vbavarmul(变量值相乘) = msvbvm60.__vbavarmul
__vbavaridiv(变量值相除) = msvbvm60.__vbavaridiv
__vbavarxor(变量值异域) = msvbvm60.__vbavarxor
__vbavarcat (变量值相连) = msvbvm60.__vbavarcat 
__vbaStrCat(字串相连) = msvbvm60.__vbaStrCat
__vbaVarCat(连接字串) = msvbvm60.__vbaVarCat
__vbaStrCmp(字串比较) = msvbvm60.__vbaStrCmp
__vbaStrCmp(比较字串) = msvbvm60.__vbaStrCmp
__vbaStrComp(比较字串) = msvbvm60.__vbaStrComp
__vbaVarTstEq(比较变量) = msvbvm60.__vbaVarTstEq
__vbaFreeStr(变量拷贝到内存) = msvbvm60.__vbaFreeStr
__vbaStrCopy(字符拷贝到内存) = msvbvm60.__vbaStrCopy
__vbaLenBstr(取字符串的长度) = msvbvm60.__vbaLenBstr
__vbavarfornext(循环结构) = msvbvm60.__vbavarfornext
__vbafreeobj(释放对象) = msvbvm60.__vbafreeobj
__vbastrvarval = msvbvm60.__vbastrvarval
__vbaVarTstNe(VB校验) = msvbvm60.__vbaVarTstNe
__vbaEnd(VB校验) = msvbvm60.__vbaEnd
__vbaVarMoves(变量内存移动) = msvbvm60.__vbaVarMoves
__vbaStrMove(移动字符串) = msvbvm60.__vbaStrMove
__vbaNew(显示对话框) = msvbvm60.__vbaNew
__vbaNew2(显示对话框) = msvbvm60.__vbaNew2
__vbaEnd = msvbvm60.__vbaEnd
__vbaVarCopy = msvbvm60.__vbaVarCopy
__vbaFileOpen = msvbvm60.__vbaFileOpen
__vbaInputFile = msvbvm60.__vbaInputFile
__vbaWriteFile = msvbvm60.__vbaWriteFile
__vbaStrCompVar = msvbvm60.__vbaStrCompVar
__vbaStrTextCmp = msvbvm60.__vbaStrTextCmp
__vbaFileOpen = msvbvm60.__vbaFileOpen
__vbaInputFile = msvbvm60.__vbaInputFile
__vbaWriteFile = msvbvm60.__vbaWriteFile
__vbaFileClose = msvbvm60.__vbaFileClose
__vbaStrToAnsi(注册表重启验证) = msvbvm60.__vbaStrToAnsi
__vbaFreeStr(重启验证) = msvbvm60.__vbaFreeStr
__vbaObjSet(灰色按钮) = msvbvm60.__vbaObjSet

[&12. 加密狗]
LoadLibraryA(载入DLL) = kernel32.LoadLibraryA
LoadLibraryW = kernel32.LoadLibraryW
LoadLibraryExA = kernel32.LoadLibraryExA
LoadLibraryExW = kernel32.LoadLibraryExW
RefreshDeviceList(深思3) = kernel32.RefreshDeviceList
DeviceIoControl(操作设备) = kernel32.DeviceIoControl
Prestochangoselector = kernel32.Prestochangoselector
FreeEnvironmentStringsA(释放环境字串块) = kernel32.FreeEnvironmentStringsA
GetLogicalDriveStringsA(取列表) = kernel32.GetLogicalDriveStringsA
GetLogicalDrives(取驱动器列表) = kernel32.GetLogicalDrives
GetDriveTypeA(判断驱动器类型) = kernel32.GetDriveTypeA
CreateFileA(读狗驱动) = kernel32.CreateFileA
FindFirstFileA(查找文件) = kernel32.FindFirstFileA

[&13. 调试病毒专用]
CreateFileA = kernel32.CreateFileA
LoadLibraryA = kernel32.LoadLibraryA
LoadLibraryW = kernel32.LoadLibraryW
LoadLibraryExA = kernel32.LoadLibraryExA
LoadLibraryExW = kernel32.LoadLibraryExW
CreateThread = kernel32.CreateThread
CreateProcessA = kernel32.CreateProcessA
CreateRemoteThread = kernel32.CreateRemoteThread
WriteProcessMemory = kernel32.WriteProcessMemory
OpenMutexA = kernel32.OpenMutexA
OpenMutexW = kernel32.OpenMutexW
CreateToolhelp32Snapshot = kernel32.CreateToolhelp32Snapshot
Heap32ListFirst = kernel32.Heap32ListFirst
Heap32ListNext = kernel32.Heap32ListNext
Heap32First = kernel32.Heap32First
Heap32Next = kernel32.Heap32Next
Module32First = kernel32.Module32First
Module32Next = kernel32.Module32Next
Module32FirstW = kernel32.Module32FirstW
Module32NextW = kernel32.Module32NextW
Process32First = kernel32.Process32First
Process32Next = kernel32.Process32Next
Process32FirstA = kernel32.Process32FirstA
Process32FirstW = kernel32.Process32FirstW
PostQuitMessage = kernel32.PostQuitMessage
Toolhelp32ReadProcessMemory = kernel32.Toolhelp32ReadProcessMemory
ZwQueryInformationProcess = kernel32.ZwQueryInformationProcess
SetTimer = kernel32.SetTimer
GetTempPathA = kernel32.GetTempPathA
ReadFile = kernel32.ReadFile
WriteFile = kernel32.WriteFile
ShellExecuteA = kernel32.ShellExecuteA
WinExec(调用其它可执行文件) = kernel32.WinExec
DeleteFileA = kernel32.DeleteFileA
URLDownloadToFileA = kernel32.URLDownloadToFileA

[&14. VC、MFC程序逆向]
lstrcmpA(字符串比较) = kernel32.lstrcmpA
DefWindowProcA(调用缺省过程) = user32.DefWindowProcA
DefWindowProcW = user32.DefWindowProcW
RegisterClassA(注册窗口类) = user32.RegisterClassA
RegisterClassW = user32.RegisterClassW
RegisterClassExA = user32.RegisterClassExA
RegisterClassExW = user32.RegisterClassExW
FindResourceA(确定资源位置) = kernel32.FindResourceA
FindResourceW = kernel32.FindResourceW
LoadResource(装载资源) = kernel32.LoadResource
SetHandleCount(取变量地址) = kernel32.SetHandleCount
IsWindowEnabled(可否输入键鼠) = user32.IsWindowEnabled

[&15. 穿山甲专用断点]
CreateThread(3寻找OEP) = kernel32.CreateThread
GetModuleHandleA(魔幻跳转) = kernel32.GetModuleHandleA
OpenMutexA(1转单进程两次改跳) = kernel32.OpenMutexA
GetSystemTime(补丁KEY) = kernel32.GetSystemTime
VirtualProtect(2EAX为401000返回) = kernel32.VirtualProtect
CreateFileMappingA(辅助) = kernel32.CreateFileMappingA
GetModuleHandle(取PE句柄) = kernel32.GetModuleHandle

[&16. KEY文件]
getprivateprofileint = kernel32.getprivateprofileint
GetPrivateProfileInt(取文件内容) = kernel32.GetPrivateProfileInt
CreateFileA(打开文件) = kernel32.CreateFileA
CreateFileW = kernel32.CreateFileW
ReadFile(文件中读出) = kernel32.ReadFile

[&17. 杀窗和去校验以及其它]
FindResourceA(校验) = kernel32.FindResourceA
ReadFile(校验) = kernel32.ReadFile
WriteFile(校验) = kernel32.WriteFile
CreateFile(校验) = kernel32.CreateFile
CreateFileA(校验) = kernel32.CreateFileA
GetFilesize(文件长度) = kernel32.GetFilesize
CreateFileA(校验) = kernel32.CreateFileA
GetFileSize(校验) = kernel32.GetFileSize
GetSystemDirectory(校验) = kernel32.GetSystemDirectory
SetFilePointer(校验) = kernel32.SetFilePointer
ExitProcess(退出进程 校验) = kernel32.ExitProcess
Terminateprocess(校验) = kernel32.Terminateprocess
ExitWindow(校验) = kernel32.ExitWindow
ExitWindowsEx(校验) = kernel32.ExitWindowsEx
ExitThread(校验) = kernel32.ExitThread
sZwSetInformationThread(校验) = kernel32.sZwSetInformationThread
GetFileSize(校验) = kernel32.GetFileSize
SetFilePointer(校验) = kernel32.SetFilePointer
DestroyWindow(杀窗) = user32.DestroyWindow
PostQuitMessage(杀窗) = user32.PostQuitMessage
mouse_event(鼠标中断) = kernel32.mouse_event
GetClipboardData(剪贴板数据) = kernel32.GetClipboardData
ShellExecuteA(弹网页问题) = kernel32.ShellExecuteA
VirtualFree(脱壳释放内存) = kernel32.VirtualFree
VirtualAlloc(脱壳申请内存) = kernel32.VirtualAlloc
VirtualProtect(脱壳保护内存) = kernel32.VirtualProtect
Lockmytask(拦按键动作没思路试试) = kernel32.Lockmytask
GetDlgItem(断按钮没思路试试) = kernel32.GetDlgItem
GetWindowsDirectoryA(没思路试试) = kernel32.GetWindowsDirectoryA
GetFullPathName(没思路试试) = kernel32.GetFullPathName
BitBlt(位图) = gdi32.BitBlt

[&18. 常用比较断点]
Compare = advapi32.Compare
CompareNoCase = advapi32.CompareNoCase
Collate = advapi32.Collate
lstrcmp = advapi32.lstrcmp
_mbscmp = advapi32._mbscmp
_mbsicmp = advapi32._mbsicmp
_mbscoll = advapi32._mbscoll
_wcsicmp = advapi32._wcsicmp
wcscmp = advapi32.wcscmp
wcscoll = advapi32.wcscoll

[&19. 网络函数]
send(发包) = ws2_32.send
sendto(发包) = ws2_32.sendto
WSASend(发包) = ws2_32.WSASend
WSASendTo(发包) = ws2_32.WSASendTo
recv(接收数据) = ws2_32.recv
inet_addr(ip地址) = ws2_32.inet_addr
connect(TCP客户端连接到服务器) = ws2_32.connect

[&20. 内存操作]
FindWindow(取窗口句柄) = user32.FindWindow
GetWindowThreadProcessId(ID) = user32.GetWindowThreadProcessId
OpenProcess(取进程句柄) = kernel32.OpenProcess
VirtualAllocEx(申请内存) = kernel32.VirtualAllocEx
WriteProcessMemory(写内存) = kernel32.WriteProcessMemory
CreateRemoteThread(创建线程) = kernel32.CreateRemoteThread
ReadProcessMemory(读内存) = kernel32.ReadProcessMemory
CreateMutex(创建互斥体) = kernel32.CreateMutex
GetModuleHandleA(取模块句柄) = kernel32.GetModuleHandleA
GetProcAddress(取函数入口地址) = kernel32.GetProcAddress
VirtualAlloc(申请内存) = kernel32.VirtualAlloc
VirtualFree(释放内存) = kernel32.VirtualFree
LoadLibraryA(加载DLL) = kernel32.LoadLibraryA
GetVersion(获取操作系统版本) = kernel32.GetVersion

[&21. Ring3防检测]
GetDesktopWindow(获取桌面的窗口句柄) = user32.GetDesktopWindow