[原创]pfc 播放器 工作原理是什么 还望帮忙 [复制链接]

这是具体的记录 软件分析.zip (30 K) 下载次数:0

这款软件不知道怎么工作的，还望可以帮忙说说。
程序启动后 调用的文件记录 在附件中
以下为部分的

#    Time sent    Dur.    Process    Request    IRP Flags    FsContext    Path    Status    More info
1    20:27:39.328        PCFPlayer.exe    IRP_MJ_CREATE    00000884    00000000    C:\Documents and Settings\Administrator\Application Data\SogouPY\extension.conf    STATUS_OBJECT_NAME_NOT_FOUND    FILE_OPEN CreOpts: 00000060 Access: 00100081 Share:  00000001 Attrib: 00000080
2    20:27:39.328        PCFPlayer.exe    IRP_MJ_CREATE    00000884    E4ED7910    C:\Program Files\PCFPlayer\PCFPlayer.exe    STATUS_SUCCESS    FILE_OPEN CreOpts: 00000060 Access: 00000080 Share:  00000003 Attrib: 00000080 Result: FILE_OPENED
3    20:27:39.328        PCFPlayer.exe    IRP_MJ_QUERY_VOLUME_INFORMATION    00000870    E4ED7910    C:\Program Files\PCFPlayer\PCFPlayer.exe    STATUS_SUCCESS    FileFsVolumeInformation CreateTime: 01CE7809-862C362A SerialNumber: 08C0721C SupportsObjects: 1 VolumeLabel:  
4    20:27:39.328        PCFPlayer.exe    IRP_MJ_QUERY_INFORMATION    00000870    E4ED7910    C:\Program Files\PCFPlayer\PCFPlayer.exe    STATUS_SUCCESS    FileInternalInformation IndexNumber: 00070000-00016F22
5    20:27:39.328        PCFPlayer.exe    IRP_MJ_CLEANUP    00000404    E4ED7910    C:\Program Files\PCFPlayer\PCFPlayer.exe    STATUS_SUCCESS    
6    20:27:39.328        PCFPlayer.exe    IRP_MJ_CLOSE    00000404    E4ED7910    C:\Program Files\PCFPlayer\PCFPlayer.exe    STATUS_SUCCESS    
7    20:27:43.937        PCFPlayer.exe    IRP_MJ_CREATE    00000884    E27F8740    C:\Documents and Settings\Administrator\桌面    STATUS_SUCCESS    FILE_OPEN CreOpts: 00000021 Access: 00100001 Share:  00000003 Attrib: 0 Result: FILE_OPENED
8    20:27:43.937        PCFPlayer.exe    IRP_MJ_DIRECTORY_CONTROL/IRP_MN_QUERY_DIRECTORY    00000800    E27F8740    C:\Documents and Settings\Administrator\桌面    STATUS_SUCCESS    FileBothDirectoryInformation FileMask: hDM1dbiq1O-1.pcf
9    20:27:43.937        PCFPlayer.exe    IRP_MJ_CLEANUP    00000404    E27F8740    C:\Documents and Settings\Administrator\桌面    STATUS_SUCCESS    
10    20:27:43.937        PCFPlayer.exe    IRP_MJ_CLOSE    00000404    E27F8740    C:\Documents and Settings\Administrator\桌面    STATUS_SUCCESS    
11    20:27:43.937        PCFPlayer.exe    IRP_MJ_CREATE    00000884    E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    FILE_OPEN CreOpts: 00000064 Access: 00120089 Share:  00000001 Attrib: 0 Result: FILE_OPENED
12    20:27:43.937        PCFPlayer.exe    FASTIO_QUERY_STANDARD_INFO        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    FileStandardInformation AllocationSize: 00000000-02278000 EndOfFile: 00000000-022778ED NumberOfLinks: 1 DeletePending: FALSE
13    20:27:43.937        PCFPlayer.exe    IRP_MJ_READ    00000900    E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00000000 ToRead: 4000 Read: 4000  
14    20:27:43.937        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00004000 ToRead: 4000 Read: 4000  
15    20:27:43.937        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00008000 ToRead: 4000 Read: 4000  
16    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-0000C000 ToRead: 4000 Read: 4000  
17    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00010000 ToRead: 4000 Read: 4000  
18    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00014000 ToRead: 4000 Read: 4000  
19    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00018000 ToRead: 4000 Read: 4000  
20    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-0001C000 ToRead: 4000 Read: 4000  
21    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00020000 ToRead: 4000 Read: 4000  
22    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00024000 ToRead: 4000 Read: 4000  
23    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00028000 ToRead: 4000 Read: 4000  
24    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-0002C000 ToRead: 4000 Read: 4000  
25    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00030000 ToRead: 4000 Read: 4000  
26    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00034000 ToRead: 4000 Read: 4000  
27    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00038000 ToRead: 4000 Read: 4000  
28    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-0003C000 ToRead: 4000 Read: 4000  
29    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00040000 ToRead: 4000 Read: 4000  
30    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00044000 ToRead: 4000 Read: 4000  
31    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00048000 ToRead: 4000 Read: 4000  
32    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-0004C000 ToRead: 4000 Read: 4000  
33    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00050000 ToRead: 4000 Read: 4000  
34    20:27:43.953        PCFPlayer.exe    FASTIO_READ        E2B450D0    C:\Documents and Settings\Administrator\桌面\hDM1dbiq1O-1.pcf    STATUS_SUCCESS    Offset: 00000000-00054000 ToRead: 4000 Read: 4000