|
[讨论]程序分析!
才贴了不到1/10强,但是也应该可以分析出些什么来了!后面的太麻烦了,不想贴了,免得人家说我发洪水! |
|
[讨论]程序分析!
7C934F1F 0052 00 add [edx], dl 7C934F22 45 inc ebp 7C934F23 0047 00 add [edi], al 7C934F26 49 dec ecx 7C934F27 0053 00 add [ebx], dl 7C934F2A 54 push esp 7C934F2B 0052 00 add [edx], dl 7C934F2E 59 pop ecx ; ntdll.7C92E89A 7C934F2F 005C00 55 add [eax+eax+55], bl 7C934F33 0053 00 add [ebx], dl 7C934F36 45 inc ebp 7C934F37 0052 00 add [edx], dl 7C934F3A 5C pop esp ; ntdll.7C92E89A 7C934F3B 0000 add [eax], al 7C934F3D 00CC add ah, cl 7C934F3F CC int3 7C934F40 CC int3 7C934F41 CC int3 7C934F42 CC int3 7C934F43 CC int3 7C934F44 90 nop 7C934F45 90 nop 7C934F46 90 nop 7C934F47 90 nop 7C934F48 90 nop 7C934F49 8BFF mov edi, edi 7C934F4B 55 push ebp 7C934F4C 8BEC mov ebp, esp 7C934F4E 56 push esi ; ntdll.ZwTerminateProcess 7C934F4F 8B75 08 mov esi, [ebp+8] 7C934F52 56 push esi ; ntdll.ZwTerminateProcess 7C934F53 E8 3FE5FFFF call RtlValidSid 7C934F58 3C 01 cmp al, 1 7C934F5A 0F85 99360300 jnz 7C9685F9 7C934F60 807E 02 00 cmp byte ptr [esi+2], 0 7C934F64 75 22 jnz short 7C934F88 7C934F66 807E 03 00 cmp byte ptr [esi+3], 0 7C934F6A 75 1C jnz short 7C934F88 7C934F6C 6A 0A push 0A 7C934F6E 0FB64E 01 movzx ecx, byte ptr [esi+1] 7C934F72 6BC9 0B imul ecx, ecx, 0B 7C934F75 58 pop eax ; ntdll.7C92E89A 7C934F76 03C8 add ecx, eax 7C934F78 8D4409 08 lea eax, [ecx+ecx+8] 7C934F7C 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C934F7F 8901 mov [ecx], eax 7C934F81 33C0 xor eax, eax 7C934F83 5E pop esi ; ntdll.7C92E89A 7C934F84 5D pop ebp ; ntdll.7C92E89A 7C934F85 C2 0800 retn 8 7C934F88 6A 0E push 0E 7C934F8A ^ EB E2 jmp short 7C934F6E 7C934F8C 90 nop 7C934F8D 90 nop 7C934F8E 90 nop 7C934F8F 90 nop 7C934F90 90 nop 7C934F91 8BFF mov edi, edi 7C934F93 55 push ebp 7C934F94 8BEC mov ebp, esp 7C934F96 33D2 xor edx, edx ; msvcrt.77C31AE8 7C934F98 3955 14 cmp [ebp+14], edx ; msvcrt.77C31AE8 7C934F9B 56 push esi ; ntdll.ZwTerminateProcess 7C934F9C 0F84 7F5B0100 je 7C94AB21 7C934FA2 8B4D 08 mov ecx, [ebp+8] 7C934FA5 F7C1 F8FFFFFF test ecx, FFFFFFF8 7C934FAB 0F85 705B0100 jnz 7C94AB21 7C934FB1 F6C1 07 test cl, 7 7C934FB4 8B45 18 mov eax, [ebp+18] ; trscd.00454965 7C934FB7 74 08 je short 7C934FC1 7C934FB9 3BC2 cmp eax, edx ; msvcrt.77C31AE8 7C934FBB 0F84 605B0100 je 7C94AB21 7C934FC1 3BC2 cmp eax, edx ; msvcrt.77C31AE8 7C934FC3 74 09 je short 7C934FCE 7C934FC5 8338 24 cmp dword ptr [eax], 24 7C934FC8 0F82 535B0100 jb 7C94AB21 7C934FCE F6C1 02 test cl, 2 7C934FD1 74 11 je short 7C934FE4 7C934FD3 8B30 mov esi, [eax] 7C934FD5 57 push edi 7C934FD6 8D78 2C lea edi, [eax+2C] 7C934FD9 03F0 add esi, eax 7C934FDB 3BFE cmp edi, esi ; ntdll.ZwTerminateProcess 7C934FDD 5F pop edi ; ntdll.7C92E89A 7C934FDE 0F87 E3E70200 ja 7C9637C7 7C934FE4 F6C1 04 test cl, 4 7C934FE7 0F85 205B0100 jnz 7C94AB0D 7C934FED 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C934FEF 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C934FF1 5E pop esi ; ntdll.7C92E89A 7C934FF2 5D pop ebp ; ntdll.7C92E89A 7C934FF3 C2 1400 retn 14 7C934FF6 90 nop 7C934FF7 90 nop 7C934FF8 90 nop 7C934FF9 90 nop 7C934FFA 90 nop 7C934FFB > 8BFF mov edi, edi 7C934FFD 55 push ebp 7C934FFE 8BEC mov ebp, esp 7C935000 8B45 10 mov eax, [ebp+10] 7C935003 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C935006 53 push ebx 7C935007 56 push esi ; ntdll.ZwTerminateProcess 7C935008 57 push edi 7C935009 8D78 FF lea edi, [eax-1] 7C93500C 0FAF7D 14 imul edi, [ebp+14] 7C935010 03F9 add edi, ecx 7C935012 3BCF cmp ecx, edi 7C935014 894D 0C mov [ebp+C], ecx 7C935017 77 4F ja short 7C935068 7C935019 8BD8 mov ebx, eax 7C93501B D1EB shr ebx, 1 7C93501D 0F84 A2020000 je 7C9352C5 7C935023 8945 10 mov [ebp+10], eax 7C935026 8365 10 01 and dword ptr [ebp+10], 1 7C93502A 8BC3 mov eax, ebx 7C93502C 75 03 jnz short 7C935031 7C93502E 8D43 FF lea eax, [ebx-1] 7C935031 0FAF45 14 imul eax, [ebp+14] 7C935035 0345 0C add eax, [ebp+C] ; RPCRT4.77E8F3B0 7C935038 8BF0 mov esi, eax 7C93503A 56 push esi ; ntdll.ZwTerminateProcess 7C93503B FF75 08 push dword ptr [ebp+8] 7C93503E FF55 18 call [ebp+18] ; trscd.00454965 7C935041 85C0 test eax, eax 7C935043 59 pop ecx ; ntdll.7C92E89A 7C935044 59 pop ecx ; ntdll.7C92E89A 7C935045 ^ 0F84 F2F7FFFF je 7C93483D 7C93504B 0F8D 65020000 jge 7C9352B6 7C935051 2B75 14 sub esi, [ebp+14] 7C935054 837D 10 00 cmp dword ptr [ebp+10], 0 7C935058 8BFE mov edi, esi ; ntdll.ZwTerminateProcess 7C93505A 0F85 5E020000 jnz 7C9352BE 7C935060 8D43 FF lea eax, [ebx-1] 7C935063 397D 0C cmp [ebp+C], edi 7C935066 ^ 76 B1 jbe short 7C935019 7C935068 33C0 xor eax, eax 7C93506A 5F pop edi ; ntdll.7C92E89A 7C93506B 5E pop esi ; ntdll.7C92E89A 7C93506C 5B pop ebx ; ntdll.7C92E89A 7C93506D 5D pop ebp ; ntdll.7C92E89A 7C93506E C3 retn 7C93506F 90 nop 7C935070 90 nop 7C935071 90 nop 7C935072 90 nop 7C935073 90 nop 7C935074 8BFF mov edi, edi 7C935076 55 push ebp 7C935077 8BEC mov ebp, esp 7C935079 8B4D 14 mov ecx, [ebp+14] 7C93507C 85C9 test ecx, ecx 7C93507E 74 03 je short 7C935083 7C935080 8321 00 and dword ptr [ecx], 0 7C935083 8B45 08 mov eax, [ebp+8] 7C935086 85C0 test eax, eax 7C935088 74 35 je short 7C9350BF 7C93508A 8338 18 cmp dword ptr [eax], 18 7C93508D 72 30 jb short 7C9350BF 7C93508F F740 04 FCFFFFF>test dword ptr [eax+4], FFFFFFFC 7C935096 75 27 jnz short 7C9350BF 7C935098 837D 0C 00 cmp dword ptr [ebp+C], 0 7C93509C 74 21 je short 7C9350BF 7C93509E 837D 10 00 cmp dword ptr [ebp+10], 0 7C9350A2 74 1B je short 7C9350BF 7C9350A4 8360 10 00 and dword ptr [eax+10], 0 7C9350A8 51 push ecx 7C9350A9 FF75 10 push dword ptr [ebp+10] 7C9350AC FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C9350AF 50 push eax 7C9350B0 E8 16000000 call 7C9350CB 7C9350B5 85C0 test eax, eax 7C9350B7 7C 02 jl short 7C9350BB 7C9350B9 33C0 xor eax, eax 7C9350BB 5D pop ebp ; ntdll.7C92E89A 7C9350BC C2 1000 retn 10 7C9350BF B8 0D0000C0 mov eax, C000000D 7C9350C4 ^ EB F5 jmp short 7C9350BB 7C9350C6 90 nop 7C9350C7 90 nop 7C9350C8 90 nop 7C9350C9 90 nop 7C9350CA 90 nop 7C9350CB 8BFF mov edi, edi 7C9350CD 55 push ebp 7C9350CE 8BEC mov ebp, esp 7C9350D0 51 push ecx 7C9350D1 51 push ecx 7C9350D2 53 push ebx 7C9350D3 56 push esi ; ntdll.ZwTerminateProcess 7C9350D4 57 push edi 7C9350D5 33DB xor ebx, ebx 7C9350D7 33FF xor edi, edi 7C9350D9 64:A1 18000000 mov eax, fs:[18] 7C9350DF 8BD0 mov edx, eax 7C9350E1 8B45 14 mov eax, [ebp+14] 7C9350E4 3BC3 cmp eax, ebx 7C9350E6 8B4A 30 mov ecx, [edx+30] ; ntdll.7C99C920 7C9350E9 8955 FC mov [ebp-4], edx ; msvcrt.77C31AE8 7C9350EC 894D F8 mov [ebp-8], ecx 7C9350EF 74 02 je short 7C9350F3 7C9350F1 8918 mov [eax], ebx 7C9350F3 8B75 08 mov esi, [ebp+8] 7C9350F6 8B46 10 mov eax, [esi+10] 7C9350F9 83E8 00 sub eax, 0 7C9350FC 0F85 97010000 jnz 7C935299 7C935102 8B82 B0010000 mov eax, [edx+1B0] 7C935108 85C0 test eax, eax 7C93510A 0F85 DD010000 jnz 7C9352ED 7C935110 8BB9 F8010000 mov edi, [ecx+1F8] 7C935116 33DB xor ebx, ebx 7C935118 85FF test edi, edi 7C93511A 0F85 9F360200 jnz 7C9587BF 7C935120 8BB9 00020000 mov edi, [ecx+200] 7C935126 85FF test edi, edi 7C935128 6A FC push -4 7C93512A 5B pop ebx ; ntdll.7C92E89A 7C93512B 0F84 76010000 je 7C9352A7 7C935131 C746 10 0300000>mov dword ptr [esi+10], 3 7C935138 85FF test edi, edi 7C93513A ^ 0F84 F3F6FFFF je 7C934833 7C935140 FF75 10 push dword ptr [ebp+10] 7C935143 FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C935146 FF76 0C push dword ptr [esi+C] 7C935149 FF76 08 push dword ptr [esi+8] 7C93514C 57 push edi 7C93514D E8 3E000000 call 7C935190 7C935152 85C0 test eax, eax 7C935154 0F8C C2020000 jl 7C93541C 7C93515A 83FB FC cmp ebx, -4 7C93515D 0F85 83010000 jnz 7C9352E6 7C935163 6A 02 push 2 7C935165 58 pop eax ; ntdll.7C92E89A 7C935166 33C9 xor ecx, ecx 7C935168 85DB test ebx, ebx 7C93516A 0F94C1 sete cl 7C93516D 0BC8 or ecx, eax 7C93516F 8B45 14 mov eax, [ebp+14] 7C935172 85C0 test eax, eax 7C935174 894E 14 mov [esi+14], ecx 7C935177 74 09 je short 7C935182 7C935179 83FB FC cmp ebx, -4 7C93517C 75 02 jnz short 7C935180 7C93517E 33DB xor ebx, ebx 7C935180 8918 mov [eax], ebx 7C935182 33C0 xor eax, eax 7C935184 5F pop edi ; ntdll.7C92E89A 7C935185 5E pop esi ; ntdll.7C92E89A 7C935186 5B pop ebx ; ntdll.7C92E89A 7C935187 C9 leave 7C935188 C2 1000 retn 10 7C93518B 90 nop 7C93518C 90 nop 7C93518D 90 nop 7C93518E 90 nop 7C93518F 90 nop 7C935190 8BFF mov edi, edi 7C935192 55 push ebp 7C935193 8BEC mov ebp, esp 7C935195 83EC 18 sub esp, 18 7C935198 53 push ebx 7C935199 8B5D 08 mov ebx, [ebp+8] 7C93519C 56 push esi ; ntdll.ZwTerminateProcess 7C93519D 8B73 0C mov esi, [ebx+C] 7C9351A0 83FE 20 cmp esi, 20 7C9351A3 57 push edi 7C9351A4 0F82 38E30200 jb 7C9634E2 7C9351AA 837B 04 20 cmp dword ptr [ebx+4], 20 7C9351AE 0F82 2EE30200 jb 7C9634E2 7C9351B4 837D 0C 00 cmp dword ptr [ebp+C], 0 7C9351B8 0F85 0AE20200 jnz 7C9633C8 7C9351BE 8B43 10 mov eax, [ebx+10] 7C9351C1 85C0 test eax, eax 7C9351C3 0F84 49020000 je 7C935412 7C9351C9 03C3 add eax, ebx 7C9351CB 85C0 test eax, eax 7C9351CD 0F84 3F020000 je 7C935412 7C9351D3 8B78 04 mov edi, [eax+4] 7C9351D6 85FF test edi, edi 7C9351D8 0F84 34020000 je 7C935412 7C9351DE 8B48 08 mov ecx, [eax+8] 7C9351E1 8B53 0C mov edx, [ebx+C] 7C9351E4 3BCA cmp ecx, edx ; msvcrt.77C31AE8 7C9351E6 0F83 DEE20200 jnb 7C9634CA 7C9351EC 8BF7 mov esi, edi 7C9351EE C1E6 04 shl esi, 4 7C9351F1 03F1 add esi, ecx 7C9351F3 3BF2 cmp esi, edx ; msvcrt.77C31AE8 7C9351F5 0F87 CFE20200 ja 7C9634CA 7C9351FB 8B40 0C mov eax, [eax+C] 7C9351FE A8 02 test al, 2 7C935200 8D3419 lea esi, [ecx+ebx] 7C935203 0F84 8BE20200 je 7C963494 7C935209 8B16 mov edx, [esi] 7C93520B 8B4D 10 mov ecx, [ebp+10] 7C93520E 3BCA cmp ecx, edx ; msvcrt.77C31AE8 7C935210 0F82 FC010000 jb 7C935412 7C935216 A8 01 test al, 1 7C935218 0F85 60E20200 jnz 7C96347E 7C93521E 68 7C52937C push 7C93527C 7C935223 6A 10 push 10 7C935225 57 push edi 7C935226 8D45 E8 lea eax, [ebp-18] 7C935229 56 push esi ; ntdll.ZwTerminateProcess 7C93522A 50 push eax 7C93522B 894D E8 mov [ebp-18], ecx 7C93522E E8 C8FDFFFF call bsearch 7C935233 83C4 14 add esp, 14 7C935236 85C0 test eax, eax 7C935238 0F84 D4010000 je 7C935412 7C93523E 8B48 04 mov ecx, [eax+4] 7C935241 85C9 test ecx, ecx 7C935243 0F84 C9010000 je 7C935412 7C935249 8B53 0C mov edx, [ebx+C] 7C93524C 3BCA cmp ecx, edx ; msvcrt.77C31AE8 7C93524E 0F83 6AE20200 jnb 7C9634BE 7C935254 8D71 04 lea esi, [ecx+4] 7C935257 3BF2 cmp esi, edx ; msvcrt.77C31AE8 7C935259 0F87 5FE20200 ja 7C9634BE 7C93525F 8B55 14 mov edx, [ebp+14] 7C935262 03CB add ecx, ebx 7C935264 890A mov [edx], ecx 7C935266 8B40 08 mov eax, [eax+8] 7C935269 8B4D 18 mov ecx, [ebp+18] ; trscd.00454965 7C93526C 8901 mov [ecx], eax 7C93526E 33C0 xor eax, eax 7C935270 5F pop edi ; ntdll.7C92E89A 7C935271 5E pop esi ; ntdll.7C92E89A 7C935272 5B pop ebx ; ntdll.7C92E89A 7C935273 C9 leave 7C935274 C2 1400 retn 14 7C935277 90 nop 7C935278 90 nop 7C935279 90 nop 7C93527A 90 nop 7C93527B 90 nop 7C93527C 8BFF mov edi, edi 7C93527E 55 push ebp 7C93527F 8BEC mov ebp, esp 7C935281 8B45 08 mov eax, [ebp+8] 7C935284 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C935287 8B00 mov eax, [eax] 7C935289 8B09 mov ecx, [ecx] 7C93528B 3BC8 cmp ecx, eax 7C93528D 0F87 7A010000 ja 7C93540D 7C935293 1BC0 sbb eax, eax 7C935295 F7D8 neg eax 7C935297 5D pop ebp ; ntdll.7C92E89A 7C935298 C3 retn 7C935299 48 dec eax 7C93529A ^ 0F84 70FEFFFF je 7C935110 7C9352A0 48 dec eax 7C9352A1 ^ 0F84 79FEFFFF je 7C935120 7C9352A7 837E 10 03 cmp dword ptr [esi+10], 3 7C9352AB 0F87 1A350200 ja 7C9587CB 7C9352B1 ^ E9 82FEFFFF jmp 7C935138 7C9352B6 8B45 14 mov eax, [ebp+14] 7C9352B9 03F0 add esi, eax 7C9352BB 8975 0C mov [ebp+C], esi ; ntdll.ZwTerminateProcess 7C9352BE 8BC3 mov eax, ebx 7C9352C0 ^ E9 9EFDFFFF jmp 7C935063 7C9352C5 85C0 test eax, eax 7C9352C7 ^ 0F84 9BFDFFFF je 7C935068 7C9352CD FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C9352D0 FF75 08 push dword ptr [ebp+8] 7C9352D3 FF55 18 call [ebp+18] ; trscd.00454965 7C9352D6 F7D8 neg eax 7C9352D8 1BC0 sbb eax, eax 7C9352DA 59 pop ecx ; ntdll.7C92E89A 7C9352DB F7D0 not eax 7C9352DD 2345 0C and eax, [ebp+C] ; RPCRT4.77E8F3B0 7C9352E0 59 pop ecx ; ntdll.7C92E89A 7C9352E1 ^ E9 84FDFFFF jmp 7C93506A 7C9352E6 33C0 xor eax, eax 7C9352E8 ^ E9 79FEFFFF jmp 7C935166 7C9352ED 8B58 04 mov ebx, [eax+4] 7C9352F0 85DB test ebx, ebx 7C9352F2 74 0C je short 7C935300 7C9352F4 83FB FC cmp ebx, -4 7C9352F7 0F84 BFE40200 je 7C9637BC 7C9352FD 8B7B 08 mov edi, [ebx+8] 7C935300 85FF test edi, edi 7C935302 ^ 0F84 08FEFFFF je 7C935110 7C935308 C746 10 0100000>mov dword ptr [esi+10], 1 7C93530F ^ E9 24FEFFFF jmp 7C935138 7C935314 90 nop 7C935315 90 nop 7C935316 90 nop 7C935317 90 nop 7C935318 90 nop 7C935319 > 8BFF mov edi, edi 7C93531B 55 push ebp 7C93531C 8BEC mov ebp, esp 7C93531E 83EC 28 sub esp, 28 7C935321 53 push ebx 7C935322 64:A1 18000000 mov eax, fs:[18] 7C935328 8B48 30 mov ecx, [eax+30] 7C93532B 33DB xor ebx, ebx 7C93532D 3999 F8010000 cmp [ecx+1F8], ebx 7C935333 75 0C jnz short 7C935341 7C935335 3999 00020000 cmp [ecx+200], ebx 7C93533B 0F84 36580100 je 7C94AB77 7C935341 834D F0 FF or dword ptr [ebp-10], FFFFFFFF 7C935345 56 push esi ; ntdll.ZwTerminateProcess 7C935346 8B75 10 mov esi, [ebp+10] 7C935349 57 push edi 7C93534A FF75 18 push dword ptr [ebp+18] ; trscd.00454965 7C93534D 8B7D 0C mov edi, [ebp+C] ; RPCRT4.77E8F3B0 7C935350 FF75 14 push dword ptr [ebp+14] 7C935353 895D FC mov [ebp-4], ebx 7C935356 56 push esi ; ntdll.ZwTerminateProcess 7C935357 57 push edi 7C935358 FF75 08 push dword ptr [ebp+8] 7C93535B 895D F8 mov [ebp-8], ebx 7C93535E 895D F4 mov [ebp-C], ebx 7C935361 E8 2BFCFFFF call 7C934F91 7C935366 3BC3 cmp eax, ebx 7C935368 0F8C 98000000 jl 7C935406 7C93536E 8B45 08 mov eax, [ebp+8] 7C935371 8945 DC mov [ebp-24], eax 7C935374 8D45 F4 lea eax, [ebp-C] 7C935377 50 push eax 7C935378 8D45 FC lea eax, [ebp-4] 7C93537B 50 push eax 7C93537C 8D45 10 lea eax, [ebp+10] 7C93537F 50 push eax 7C935380 8D45 D8 lea eax, [ebp-28] 7C935383 50 push eax 7C935384 C745 D8 1800000>mov dword ptr [ebp-28], 18 7C93538B 895D EC mov [ebp-14], ebx 7C93538E 897D E0 mov [ebp-20], edi 7C935391 8975 E4 mov [ebp-1C], esi ; ntdll.ZwTerminateProcess 7C935394 E8 DBFCFFFF call 7C935074 7C935399 3BC3 cmp eax, ebx 7C93539B 7C 69 jl short 7C935406 7C93539D 837D FC 2C cmp dword ptr [ebp-4], 2C 7C9353A1 0F82 38EA0200 jb 7C963DDF 7C9353A7 BE 080015C0 mov esi, C0150008 7C9353AC 8B7D 10 mov edi, [ebp+10] 7C9353AF 813F 53734864 cmp dword ptr [edi], 64487353 7C9353B5 0F85 27EA0200 jnz 7C963DE2 7C9353BB 53 push ebx 7C9353BC 53 push ebx 7C9353BD 8D45 F8 lea eax, [ebp-8] 7C9353C0 50 push eax 7C9353C1 8D45 F0 lea eax, [ebp-10] 7C9353C4 50 push eax 7C9353C5 FF75 18 push dword ptr [ebp+18] ; trscd.00454965 7C9353C8 FF75 14 push dword ptr [ebp+14] 7C9353CB FF75 FC push dword ptr [ebp-4] 7C9353CE 57 push edi 7C9353CF E8 88010000 call 7C93555C 7C9353D4 3BC3 cmp eax, ebx 7C9353D6 0F8D 1C250000 jge 7C9378F8 7C9353DC 3BC6 cmp eax, esi ; ntdll.ZwTerminateProcess 7C9353DE 75 26 jnz short 7C935406 7C9353E0 8D45 F4 lea eax, [ebp-C] 7C9353E3 50 push eax 7C9353E4 8D45 FC lea eax, [ebp-4] 7C9353E7 50 push eax 7C9353E8 8D45 10 lea eax, [ebp+10] 7C9353EB 50 push eax 7C9353EC 8D45 D8 lea eax, [ebp-28] 7C9353EF 50 push eax 7C9353F0 E8 FB000000 call 7C9354F0 7C9353F5 3BC3 cmp eax, ebx 7C9353F7 0F8D 980B0000 jge 7C935F95 7C9353FD 3D 010015C0 cmp eax, C0150001 7C935402 75 02 jnz short 7C935406 7C935404 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C935406 5F pop edi ; ntdll.7C92E89A 7C935407 5E pop esi ; ntdll.7C92E89A 7C935408 5B pop ebx ; ntdll.7C92E89A 7C935409 C9 leave 7C93540A C2 1400 retn 14 7C93540D 83C8 FF or eax, FFFFFFFF 7C935410 5D pop ebp ; ntdll.7C92E89A 7C935411 C3 retn 7C935412 B8 010015C0 mov eax, C0150001 7C935417 ^ E9 54FEFFFF jmp 7C935270 7C93541C 3D 010015C0 cmp eax, C0150001 7C935421 ^ 0F85 5DFDFFFF jnz 7C935184 7C935427 837E 10 03 cmp dword ptr [esi+10], 3 7C93542B ^ 0F84 53FDFFFF je 7C935184 7C935431 8B55 FC mov edx, [ebp-4] 7C935434 8B4D F8 mov ecx, [ebp-8] ; kernel32.7C81CA78 7C935437 ^ E9 BAFCFFFF jmp 7C9350F6 7C93543C 8D48 FF lea ecx, [eax-1] 7C93543F 83C9 07 or ecx, 7 7C935442 83F9 FF cmp ecx, -1 7C935445 ^ 0F84 A7ACFFFF je 7C9300F2 7C93544B 8338 FF cmp dword ptr [eax], -1 7C93544E ^ 0F84 9EACFFFF je 7C9300F2 7C935454 33C9 xor ecx, ecx 7C935456 41 inc ecx 7C935457 F0:0FC108 lock xadd [eax], ecx 7C93545B ^ E9 92ACFFFF jmp 7C9300F2 7C935460 90 nop 7C935461 90 nop 7C935462 90 nop 7C935463 90 nop 7C935464 90 nop 7C935465 > 8BFF mov edi, edi 7C935467 55 push ebp 7C935468 8BEC mov ebp, esp 7C93546A 51 push ecx 7C93546B 8B45 08 mov eax, [ebp+8] 7C93546E 33C9 xor ecx, ecx 7C935470 3BC1 cmp eax, ecx 7C935472 56 push esi ; ntdll.ZwTerminateProcess 7C935473 57 push edi 7C935474 894D FC mov [ebp-4], ecx 7C935477 0F84 13680100 je 7C94BC90 7C93547D 8B7D 14 mov edi, [ebp+14] 7C935480 3BF9 cmp edi, ecx 7C935482 0F84 08680100 je 7C94BC90 7C935488 8B70 04 mov esi, [eax+4] 7C93548B 890F mov [edi], ecx 7C93548D 0FB700 movzx eax, word ptr [eax] 7C935490 D1E8 shr eax, 1 7C935492 837D 10 01 cmp dword ptr [ebp+10], 1 7C935496 0F87 F4670100 ja 7C94BC90 7C93549C 384D 0C cmp [ebp+C], cl 7C93549F 0F84 21AF0000 je 7C9403C6 7C9354A5 3BC1 cmp eax, ecx 7C9354A7 74 38 je short 7C9354E1 7C9354A9 8945 0C mov [ebp+C], eax 7C9354AC A1 4CC0997C mov eax, [7C99C04C] 7C9354B1 53 push ebx 7C9354B2 66:8B16 mov dx, [esi] 7C9354B5 46 inc esi ; ntdll.ZwTerminateProcess 7C9354B6 46 inc esi ; ntdll.ZwTerminateProcess 7C9354B7 66:83FA 61 cmp dx, 61 7C9354BB 0FB7CA movzx ecx, dx 7C9354BE 72 0D jb short 7C9354CD 7C9354C0 66:83FA 7A cmp dx, 7A 7C9354C4 0F87 98670100 ja 7C94BC62 7C9354CA 83E9 20 sub ecx, 20 7C9354CD 8B55 FC mov edx, [ebp-4] 7C9354D0 69D2 3F000100 imul edx, edx, 1003F ; msvcrt.77C31AE8 7C9354D6 03CA add ecx, edx ; msvcrt.77C31AE8 7C9354D8 FF4D 0C dec dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C9354DB 894D FC mov [ebp-4], ecx 7C9354DE ^ 75 D2 jnz short 7C9354B2 7C9354E0 5B pop ebx ; ntdll.7C92E89A 7C9354E1 890F mov [edi], ecx 7C9354E3 33C0 xor eax, eax 7C9354E5 5F pop edi ; ntdll.7C92E89A 7C9354E6 5E pop esi ; ntdll.7C92E89A 7C9354E7 C9 leave 7C9354E8 C2 1000 retn 10 7C9354EB 90 nop 7C9354EC 90 nop 7C9354ED 90 nop 7C9354EE 90 nop 7C9354EF 90 nop 7C9354F0 8BFF mov edi, edi 7C9354F2 55 push ebp 7C9354F3 8BEC mov ebp, esp 7C9354F5 51 push ecx 7C9354F6 8365 FC 00 and dword ptr [ebp-4], 0 7C9354FA 57 push edi 7C9354FB 8B7D 14 mov edi, [ebp+14] 7C9354FE 85FF test edi, edi 7C935500 74 03 je short 7C935505 7C935502 8327 00 and dword ptr [edi], 0 7C935505 8B45 08 mov eax, [ebp+8] 7C935508 85C0 test eax, eax 7C93550A 0F84 7B0A0000 je 7C935F8B 7C935510 8338 18 cmp dword ptr [eax], 18 7C935513 0F82 720A0000 jb 7C935F8B 7C935519 F740 04 FCFFFFF>test dword ptr [eax+4], FFFFFFFC 7C935520 0F85 650A0000 jnz 7C935F8B 7C935526 837D 0C 00 cmp dword ptr [ebp+C], 0 7C93552A 0F84 5B0A0000 je 7C935F8B 7C935530 837D 10 00 cmp dword ptr [ebp+10], 0 7C935534 0F84 510A0000 je 7C935F8B 7C93553A 8D4D FC lea ecx, [ebp-4] 7C93553D 51 push ecx 7C93553E FF75 10 push dword ptr [ebp+10] 7C935541 FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C935544 50 push eax 7C935545 E8 81FBFFFF call 7C9350CB 7C93554A 85C0 test eax, eax 7C93554C 0F8D 210A0000 jge 7C935F73 7C935552 5F pop edi ; ntdll.7C92E89A 7C935553 C9 leave 7C935554 C2 1000 retn 10 7C935557 90 nop 7C935558 90 nop 7C935559 90 nop 7C93555A 90 nop 7C93555B 90 nop 7C93555C 8BFF mov edi, edi 7C93555E 55 push ebp 7C93555F 8BEC mov ebp, esp 7C935561 83EC 2C sub esp, 2C 7C935564 53 push ebx 7C935565 56 push esi ; ntdll.ZwTerminateProcess 7C935566 8B75 08 mov esi, [ebp+8] 7C935569 8A46 10 mov al, [esi+10] 7C93556C 24 01 and al, 1 7C93556E 8845 08 mov [ebp+8], al 7C935571 8B45 20 mov eax, [ebp+20] ; trscd.00454AA4 7C935574 33DB xor ebx, ebx 7C935576 3BC3 cmp eax, ebx 7C935578 C645 FF 01 mov byte ptr [ebp-1], 1 7C93557C C645 FE 01 mov byte ptr [ebp-2], 1 7C935580 0F85 C4E30200 jnz 7C96394A 7C935586 8B45 24 mov eax, [ebp+24] 7C935589 3BC3 cmp eax, ebx 7C93558B 0F85 C0E30200 jnz 7C963951 7C935591 813E 53734864 cmp dword ptr [esi], 64487353 7C935597 0F85 BBE30200 jnz 7C963958 7C93559D 395E 14 cmp [esi+14], ebx 7C9355A0 0F84 BCE30200 je 7C963962 7C9355A6 8B46 1C mov eax, [esi+1C] 7C9355A9 83F8 FF cmp eax, -1 7C9355AC 57 push edi 7C9355AD 0F84 B9E30200 je 7C96396C 7C9355B3 8B7D 18 mov edi, [ebp+18] ; trscd.00454965 7C9355B6 3907 cmp [edi], eax 7C9355B8 74 1C je short 7C9355D6 7C9355BA FF75 1C push dword ptr [ebp+1C] 7C9355BD 50 push eax 7C9355BE FF75 08 push dword ptr [ebp+8] 7C9355C1 FF75 10 push dword ptr [ebp+10] 7C9355C4 E8 9CFEFFFF call RtlHashUnicodeString 7C9355C9 3BC3 cmp eax, ebx 7C9355CB 0F8C A8E30200 jl 7C963979 7C9355D1 8B46 1C mov eax, [esi+1C] 7C9355D4 8907 mov [edi], eax 7C9355D6 837E 08 01 cmp dword ptr [esi+8], 1 7C9355DA 0F85 D4E30200 jnz 7C9639B4 7C9355E0 8B4E 20 mov ecx, [esi+20] 7C9355E3 3BCB cmp ecx, ebx 7C9355E5 0F84 C2080000 je 7C935EAD 7C9355EB 807D FF 00 cmp byte ptr [ebp-1], 0 7C9355EF 0F84 D6080000 je 7C935ECB 7C9355F5 8B45 1C mov eax, [ebp+1C] 7C9355F8 8B00 mov eax, [eax] 7C9355FA 03CE add ecx, esi ; ntdll.ZwTerminateProcess 7C9355FC 33D2 xor edx, edx ; msvcrt.77C31AE8 7C9355FE F731 div dword ptr [ecx] 7C935600 8B41 04 mov eax, [ecx+4] 7C935603 33C9 xor ecx, ecx 7C935605 894D 18 mov [ebp+18], ecx 7C935608 8D3CD0 lea edi, [eax+edx*8] 7C93560B 03FE add edi, esi ; ntdll.ZwTerminateProcess 7C93560D 8B5F 04 mov ebx, [edi+4] 7C935610 03DE add ebx, esi ; ntdll.ZwTerminateProcess 7C935612 390F cmp [edi], ecx 7C935614 8955 F8 mov [ebp-8], edx ; msvcrt.77C31AE8 7C935617 76 33 jbe short 7C93564C 7C935619 8B048B mov eax, [ebx+ecx*4] 7C93561C 3B45 0C cmp eax, [ebp+C] ; RPCRT4.77E8F3B0 7C93561F 0F87 98E30200 ja 7C9639BD 7C935625 03C6 add eax, esi ; ntdll.ZwTerminateProcess 7C935627 807D FE 00 cmp byte ptr [ebp-2], 0 7C93562B 8945 F4 mov [ebp-C], eax 7C93562E 0F84 85230000 je 7C9379B9 7C935634 8B08 mov ecx, [eax] 7C935636 8B55 1C mov edx, [ebp+1C] 7C935639 3B0A cmp ecx, [edx] ; ntdll.7C99C8E0 7C93563B 0F84 78230000 je 7C9379B9 7C935641 8B4D 18 mov ecx, [ebp+18] ; trscd.00454965 7C935644 41 inc ecx 7C935645 3B0F cmp ecx, [edi] 7C935647 894D 18 mov [ebp+18], ecx 7C93564A ^ 72 CD jb short 7C935619 7C93564C B8 080015C0 mov eax, C0150008 7C935651 5F pop edi ; ntdll.7C92E89A 7C935652 5E pop esi ; ntdll.7C92E89A 7C935653 5B pop ebx ; ntdll.7C92E89A 7C935654 C9 leave 7C935655 C2 2000 retn 20 7C935658 90 nop 7C935659 90 nop 7C93565A 90 nop 7C93565B 90 nop 7C93565C 90 nop 7C93565D 8BFF mov edi, edi 7C93565F 55 push ebp 7C935660 8BEC mov ebp, esp 7C935662 85FF test edi, edi 7C935664 56 push esi ; ntdll.ZwTerminateProcess 7C935665 0F84 12640100 je 7C94BA7D 7C93566B 0FB74F 02 movzx ecx, word ptr [edi+2] 7C93566F 8B57 04 mov edx, [edi+4] 7C935672 83E1 FE and ecx, FFFFFFFE 7C935675 BE FEFF0000 mov esi, 0FFFE 7C93567A 3BCE cmp ecx, esi ; ntdll.ZwTerminateProcess 7C93567C 0F87 380D0300 ja 7C9663BA 7C935682 6A 02 push 2 7C935684 5E pop esi ; ntdll.7C92E89A 7C935685 3BCE cmp ecx, esi ; ntdll.ZwTerminateProcess 7C935687 0F82 340D0300 jb 7C9663C1 7C93568D 85D2 test edx, edx ; msvcrt.77C31AE8 7C93568F 8950 08 mov [eax+8], edx ; msvcrt.77C31AE8 7C935692 8948 10 mov [eax+10], ecx 7C935695 8950 0C mov [eax+C], edx ; msvcrt.77C31AE8 7C935698 8948 14 mov [eax+14], ecx 7C93569B 8950 04 mov [eax+4], edx ; msvcrt.77C31AE8 7C93569E 74 04 je short 7C9356A4 7C9356A0 66:8322 00 and word ptr [edx], 0 7C9356A4 66:8948 02 mov [eax+2], cx 7C9356A8 8B4D 08 mov ecx, [ebp+8] 7C9356AB 66:8320 00 and word ptr [eax], 0 7C9356AF 8948 28 mov [eax+28], ecx 7C9356B2 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C9356B5 8978 24 mov [eax+24], edi 7C9356B8 8948 2C mov [eax+2C], ecx 7C9356BB C640 30 01 mov byte ptr [eax+30], 1 7C9356BF 5E pop esi ; ntdll.7C92E89A 7C9356C0 5D pop ebp ; ntdll.7C92E89A 7C9356C1 C2 0800 retn 8 7C9356C4 90 nop 7C9356C5 90 nop 7C9356C6 90 nop 7C9356C7 90 nop 7C9356C8 90 nop 7C9356C9 8BFF mov edi, edi 7C9356CB 55 push ebp 7C9356CC 8BEC mov ebp, esp 7C9356CE 83EC 18 sub esp, 18 7C9356D1 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C9356D4 53 push ebx 7C9356D5 33DB xor ebx, ebx 7C9356D7 3BF3 cmp esi, ebx 7C9356D9 8818 mov [eax], bl 7C9356DB 0F84 F9100000 je 7C9367DA 7C9356E1 395D 08 cmp [ebp+8], ebx 7C9356E4 0F84 F0100000 je 7C9367DA 7C9356EA 3BFB cmp edi, ebx 7C9356EC 74 34 je short 7C935722 7C9356EE 66:391F cmp [edi], bx 7C9356F1 74 2F je short 7C935722 7C9356F3 8D45 F8 lea eax, [ebp-8] 7C9356F6 50 push eax 7C9356F7 68 2C57937C push 7C93572C 7C9356FC 56 push esi ; ntdll.ZwTerminateProcess 7C9356FD 6A 01 push 1 7C9356FF 885D FF mov [ebp-1], bl 7C935702 E8 62040000 call RtlFindCharInUnicodeString 7C935707 3BC3 cmp eax, ebx 7C935709 0F8C BB100000 jl 7C9367CA 7C93570F C645 FF 01 mov byte ptr [ebp-1], 1 7C935713 33C0 xor eax, eax 7C935715 3BC3 cmp eax, ebx 7C935717 7C 0B jl short 7C935724 7C935719 385D FF cmp [ebp-1], bl 7C93571C 0F84 C2100000 je 7C9367E4 7C935722 33C0 xor eax, eax 7C935724 5B pop ebx ; ntdll.7C92E89A 7C935725 C9 leave 7C935726 C2 0800 retn 8 7C935729 90 nop 7C93572A 90 nop 7C93572B 90 nop 7C93572C 0200 add al, [eax] 7C93572E 04 00 add al, 0 7C935730 60 pushad 7C935731 5B pop ebx ; ntdll.7C92E89A 7C935732 93 xchg eax, ebx 7C935733 ^ 7C 90 jl short 7C9356C5 7C935735 90 nop 7C935736 90 nop 7C935737 90 nop 7C935738 90 nop 7C935739 8BFF mov edi, edi 7C93573B 55 push ebp 7C93573C 8BEC mov ebp, esp 7C93573E 83EC 14 sub esp, 14 7C935741 53 push ebx 7C935742 33DB xor ebx, ebx 7C935744 3BF3 cmp esi, ebx 7C935746 57 push edi 7C935747 895D F8 mov [ebp-8], ebx 7C93574A 885D FF mov [ebp-1], bl 7C93574D 0F84 A90F0300 je 7C9666FC 7C935753 8B7D 0C mov edi, [ebp+C] ; RPCRT4.77E8F3B0 7C935756 3BFB cmp edi, ebx 7C935758 74 09 je short 7C935763 7C93575A 395F 04 cmp [edi+4], ebx 7C93575D 0F85 990F0300 jnz 7C9666FC 7C935763 56 push esi ; ntdll.ZwTerminateProcess 7C935764 E8 81F0FFFF call 7C9347EA 7C935769 83F8 06 cmp eax, 6 7C93576C 8945 F4 mov [ebp-C], eax 7C93576F 0F84 BA190000 je 7C93712F 7C935775 83F8 02 cmp eax, 2 7C935778 0F84 B1190000 je 7C93712F 7C93577E 83F8 01 cmp eax, 1 7C935781 0F84 A8190000 je 7C93712F 7C935787 33FF xor edi, edi 7C935789 385D FF cmp [ebp-1], bl 7C93578C 75 08 jnz short 7C935796 7C93578E FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C935791 E8 E0B1FFFF call RtlFreeUnicodeString 7C935796 8BC7 mov eax, edi 7C935798 5F pop edi ; ntdll.7C92E89A 7C935799 5B pop ebx ; ntdll.7C92E89A 7C93579A C9 leave 7C93579B C2 0800 retn 8 7C93579E 90 nop 7C93579F 90 nop 7C9357A0 90 nop 7C9357A1 90 nop 7C9357A2 90 nop 7C9357A3 > 8BFF mov edi, edi 7C9357A5 55 push ebp 7C9357A6 8BEC mov ebp, esp 7C9357A8 81EC 48010000 sub esp, 148 7C9357AE A1 34C0997C mov eax, [7C99C034] 7C9357B3 8B55 24 mov edx, [ebp+24] 7C9357B6 8B4D 28 mov ecx, [ebp+28] 7C9357B9 8945 FC mov [ebp-4], eax 7C9357BC 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C9357BF 8985 C8FEFFFF mov [ebp-138], eax 7C9357C5 8B45 10 mov eax, [ebp+10] 7C9357C8 8985 BCFEFFFF mov [ebp-144], eax 7C9357CE 8B45 14 mov eax, [ebp+14] 7C9357D1 53 push ebx 7C9357D2 33DB xor ebx, ebx 7C9357D4 8985 DCFEFFFF mov [ebp-124], eax 7C9357DA 8B45 1C mov eax, [ebp+1C] 7C9357DD 56 push esi ; ntdll.ZwTerminateProcess 7C9357DE 8B75 18 mov esi, [ebp+18] ; trscd.00454965 7C9357E1 8985 D4FEFFFF mov [ebp-12C], eax 7C9357E7 8B45 20 mov eax, [ebp+20] ; trscd.00454AA4 7C9357EA 3BC3 cmp eax, ebx 7C9357EC 57 push edi 7C9357ED 8DBD 5CFFFFFF lea edi, [ebp-A4] 7C9357F3 89B5 CCFEFFFF mov [ebp-134], esi ; ntdll.ZwTerminateProcess 7C9357F9 8985 D8FEFFFF mov [ebp-128], eax 7C9357FF 8995 D0FEFFFF mov [ebp-130], edx ; msvcrt.77C31AE8 7C935805 66:899D ECFEFFF>mov [ebp-114], bx 7C93580C 66:899D EEFEFFF>mov [ebp-112], bx 7C935813 899D F0FEFFFF mov [ebp-110], ebx 7C935819 66:899D E0FEFFF>mov [ebp-120], bx 7C935820 66:C785 E2FEFFF>mov word ptr [ebp-11E], 80 7C935829 89BD E4FEFFFF mov [ebp-11C], edi 7C93582F 899D C4FEFFFF mov [ebp-13C], ebx 7C935835 899D FCFEFFFF mov [ebp-104], ebx 7C93583B 899D E8FEFFFF mov [ebp-118], ebx 7C935841 0F85 0F130300 jnz 7C966B56 7C935847 3BD3 cmp edx, ebx 7C935849 0F85 68610100 jnz 7C94B9B7 7C93584F 3BCB cmp ecx, ebx 7C935851 0F85 67610100 jnz 7C94B9BE 7C935857 3BF3 cmp esi, ebx 7C935859 74 0A je short 7C935865 7C93585B 895E 04 mov [esi+4], ebx 7C93585E 66:891E mov [esi], bx 7C935861 66:895E 02 mov [esi+2], bx 7C935865 8BBD DCFEFFFF mov edi, [ebp-124] ; ntdll.7C92E3ED 7C93586B 6A 20 push 20 7C93586D 8D45 DC lea eax, [ebp-24] 7C935870 8985 40FFFFFF mov [ebp-C0], eax 7C935876 58 pop eax ; ntdll.7C92E89A 7C935877 FFB5 D4FEFFFF push dword ptr [ebp-12C] ; ntdll.7C93094E 7C93587D 8D4D DC lea ecx, [ebp-24] 7C935880 8985 48FFFFFF mov [ebp-B8], eax 7C935886 8985 4CFFFFFF mov [ebp-B4], eax 7C93588C 66:8985 3AFFFFF>mov [ebp-C6], ax 7C935893 56 push esi ; ntdll.ZwTerminateProcess 7C935894 8D85 04FFFFFF lea eax, [ebp-FC] 7C93589A 898D 44FFFFFF mov [ebp-BC], ecx 7C9358A0 898D 3CFFFFFF mov [ebp-C4], ecx 7C9358A6 66:895D DC mov [ebp-24], bx 7C9358AA 66:899D 38FFFFF>mov [ebp-C8], bx 7C9358B1 E8 A7FDFFFF call 7C93565D 7C9358B6 F745 08 FEFFFFF>test dword ptr [ebp+8], FFFFFFFE 7C9358BD 0F85 D7120300 jnz 7C966B9A 7C9358C3 8B85 C8FEFFFF mov eax, [ebp-138] ; ntdll.7C9468AD 7C9358C9 3BC3 cmp eax, ebx 7C9358CB 0F84 C9120300 je 7C966B9A 7C9358D1 3BFB cmp edi, ebx 7C9358D3 0F84 CA610100 je 7C94BAA3 7C9358D9 3BF3 cmp esi, ebx 7C9358DB 74 0C je short 7C9358E9 7C9358DD 399D D4FEFFFF cmp [ebp-12C], ebx 7C9358E3 0F84 B1120300 je 7C966B9A 7C9358E9 8B08 mov ecx, [eax] 7C9358EB 8B40 04 mov eax, [eax+4] 7C9358EE 8BBD BCFEFFFF mov edi, [ebp-144] 7C9358F4 8985 F8FEFFFF mov [ebp-108], eax 7C9358FA 8D85 03FFFFFF lea eax, [ebp-FD] 7C935900 50 push eax 7C935901 8D85 38FFFFFF lea eax, [ebp-C8] 7C935907 50 push eax 7C935908 8DB5 F4FEFFFF lea esi, [ebp-10C] 7C93590E 898D F4FEFFFF mov [ebp-10C], ecx 7C935914 E8 B0FDFFFF call 7C9356C9 7C935919 8BF0 mov esi, eax 7C93591B 3BF3 cmp esi, ebx 7C93591D 0F8C 99000000 jl 7C9359BC 7C935923 389D 03FFFFFF cmp [ebp-FD], bl 7C935929 0F85 F00E0000 jnz 7C93681F 7C93592F 8D85 ECFEFFFF lea eax, [ebp-114] 7C935935 50 push eax 7C935936 8D85 E0FEFFFF lea eax, [ebp-120] 7C93593C 50 push eax 7C93593D 8DB5 F4FEFFFF lea esi, [ebp-10C] 7C935943 E8 F1FDFFFF call 7C935739 7C935948 8BF0 mov esi, eax 7C93594A 3BF3 cmp esi, ebx 7C93594C 7C 6E jl short 7C9359BC 7C93594E F645 08 01 test byte ptr [ebp+8], 1 7C935952 74 24 je short 7C935978 7C935954 64:A1 18000000 mov eax, fs:[18] 7C93595A 8B40 30 mov eax, [eax+30] 7C93595D 3958 10 cmp [eax+10], ebx 7C935960 74 16 je short 7C935978 7C935962 64:A1 18000000 mov eax, fs:[18] 7C935968 8B40 30 mov eax, [eax+30] 7C93596B 8B40 10 mov eax, [eax+10] 7C93596E F640 09 10 test byte ptr [eax+9], 10 7C935972 0F85 F2110300 jnz 7C966B6A 7C935978 F685 E8FEFFFF 0>test byte ptr [ebp-118], 1 7C93597F 0F85 E9990000 jnz 7C93F36E 7C935985 399D DCFEFFFF cmp [ebp-124], ebx 7C93598B 0F84 1F610100 je 7C94BAB0 7C935991 33C0 xor eax, eax 7C935993 FFB5 D8FEFFFF push dword ptr [ebp-128] 7C935999 8D8D C4FEFFFF lea ecx, [ebp-13C] 7C93599F 51 push ecx 7C9359A0 50 push eax 7C9359A1 8DB5 04FFFFFF lea esi, [ebp-FC] 7C9359A7 8D95 F4FEFFFF lea edx, [ebp-10C] 7C9359AD E8 BC000000 call 7C935A6E 7C9359B2 8BF0 mov esi, eax 7C9359B4 3BF3 cmp esi, ebx 7C9359B6 0F8D B2990000 jge 7C93F36E 7C9359BC 389D 34FFFFFF cmp [ebp-CC], bl 7C9359C2 74 23 je short 7C9359E7 7C9359C4 8B85 0CFFFFFF mov eax, [ebp-F4] 7C9359CA 3BC3 cmp eax, ebx 7C9359CC 74 0C je short 7C9359DA 7C9359CE 3B85 10FFFFFF cmp eax, [ebp-F0] 7C9359D4 0F85 33120300 jnz 7C966C0D 7C9359DA 8B85 10FFFFFF mov eax, [ebp-F0] 7C9359E0 3BC3 cmp eax, ebx 7C9359E2 74 03 je short 7C9359E7 7C9359E4 66:8918 mov [eax], bx 7C9359E7 6A 0D push 0D 7C9359E9 59 pop ecx ; ntdll.7C92E89A 7C9359EA 33C0 xor eax, eax 7C9359EC 8DBD 04FFFFFF lea edi, [ebp-FC] 7C9359F2 F3:AB rep stos dword ptr es:[edi] 7C9359F4 8D85 ECFEFFFF lea eax, [ebp-114] 7C9359FA 50 push eax 7C9359FB E8 76AFFFFF call RtlFreeUnicodeString 7C935A00 8B8D 40FFFFFF mov ecx, [ebp-C0] 7C935A06 3BCB cmp ecx, ebx 7C935A08 8B85 44FFFFFF mov eax, [ebp-BC] 7C935A0E 74 1A je short 7C935A2A 7C935A10 3BC8 cmp ecx, eax 7C935A12 0F85 15160200 jnz 7C95702D 7C935A18 8B8D 4CFFFFFF mov ecx, [ebp-B4] 7C935A1E 8985 40FFFFFF mov [ebp-C0], eax 7C935A24 898D 48FFFFFF mov [ebp-B8], ecx 7C935A2A 3BC3 cmp eax, ebx 7C935A2C 8985 3CFFFFFF mov [ebp-C4], eax 7C935A32 74 03 je short 7C935A37 7C935A34 66:8918 mov [eax], bx 7C935A37 81FE 010015C0 cmp esi, C0150001 7C935A3D 66:8B85 4CFFFFF>mov ax, [ebp-B4] 7C935A44 66:899D 38FFFFF>mov [ebp-C8], bx 7C935A4B 66:8985 3AFFFFF>mov [ebp-C6], ax 7C935A52 0F84 CC110300 je 7C966C24 7C935A58 8B4D FC mov ecx, [ebp-4] 7C935A5B 5F pop edi ; ntdll.7C92E89A 7C935A5C 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C935A5E 5E pop esi ; ntdll.7C92E89A 7C935A5F 5B pop ebx ; ntdll.7C92E89A 7C935A60 E8 22A9FFFF call 7C930387 7C935A65 C9 leave 7C935A66 C2 2400 retn 24 7C935A69 90 nop 7C935A6A 90 nop 7C935A6B 90 nop 7C935A6C 90 nop 7C935A6D 90 nop 7C935A6E 8BFF mov edi, edi 7C935A70 55 push ebp 7C935A71 8BEC mov ebp, esp 7C935A73 81EC A0000000 sub esp, 0A0 7C935A79 A1 34C0997C mov eax, [7C99C034] 7C935A7E 53 push ebx 7C935A7F 57 push edi 7C935A80 8945 FC mov [ebp-4], eax 7C935A83 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C935A86 8945 BC mov [ebp-44], eax 7C935A89 8B45 10 mov eax, [ebp+10] 7C935A8C 6A 0F push 0F 7C935A8E 59 pop ecx ; ntdll.7C92E89A 7C935A8F 8945 A8 mov [ebp-58], eax 7C935A92 33C0 xor eax, eax 7C935A94 C785 60FFFFFF 4>mov dword ptr [ebp-A0], 40 7C935A9E 8DBD 64FFFFFF lea edi, [ebp-9C] 7C935AA4 F3:AB rep stos dword ptr es:[edi] 7C935AA6 8B02 mov eax, [edx] ; ntdll.7C99C8E0 7C935AA8 8945 C4 mov [ebp-3C], eax 7C935AAB 8B42 04 mov eax, [edx+4] 7C935AAE 6A 02 push 2 7C935AB0 8945 C8 mov [ebp-38], eax 7C935AB3 8D55 F8 lea edx, [ebp-8] 7C935AB6 8D45 F8 lea eax, [ebp-8] 7C935AB9 8955 E4 mov [ebp-1C], edx ; msvcrt.77C31AE8 7C935ABC 8955 DC mov [ebp-24], edx ; msvcrt.77C31AE8 7C935ABF 8945 E0 mov [ebp-20], eax 7C935AC2 58 pop eax ; ntdll.7C92E89A 7C935AC3 8D95 60FFFFFF lea edx, [ebp-A0] 7C935AC9 52 push edx ; msvcrt.77C31AE8 7C935ACA 33C9 xor ecx, ecx 7C935ACC 8D55 C4 lea edx, [ebp-3C] 7C935ACF 52 push edx ; msvcrt.77C31AE8 7C935AD0 50 push eax 7C935AD1 51 push ecx 7C935AD2 6A 03 push 3 7C935AD4 894D C0 mov [ebp-40], ecx 7C935AD7 894D D0 mov [ebp-30], ecx 7C935ADA 8945 E8 mov [ebp-18], eax 7C935ADD 8945 EC mov [ebp-14], eax 7C935AE0 66:894D F8 mov [ebp-8], cx 7C935AE4 66:894D D8 mov [ebp-28], cx 7C935AE8 66:8945 DA mov [ebp-26], ax 7C935AEC E8 28F8FFFF call RtlFindActivationContextSectionS> 7C935AF1 8BD8 mov ebx, eax 7C935AF3 85DB test ebx, ebx 7C935AF5 0F8D 8C910000 jge 7C93EC87 7C935AFB 81FB 010015C0 cmp ebx, C0150001 7C935B01 0F84 86500100 je 7C94AB8D 7C935B07 8B4D E0 mov ecx, [ebp-20] 7C935B0A 85C9 test ecx, ecx 7C935B0C 8B45 E4 mov eax, [ebp-1C] 7C935B0F 74 11 je short 7C935B22 7C935B11 3BC8 cmp ecx, eax 7C935B13 0F85 600C0300 jnz 7C966779 7C935B19 8B4D EC mov ecx, [ebp-14] 7C935B1C 8945 E0 mov [ebp-20], eax 7C935B1F 894D E8 mov [ebp-18], ecx 7C935B22 33C9 xor ecx, ecx 7C935B24 3BC1 cmp eax, ecx 7C935B26 8945 DC mov [ebp-24], eax 7C935B29 74 03 je short 7C935B2E 7C935B2B 66:8908 mov [eax], cx 7C935B2E 394D C0 cmp [ebp-40], ecx 7C935B31 66:8B45 EC mov ax, [ebp-14] 7C935B35 66:894D D8 mov [ebp-28], cx 7C935B39 66:8945 DA mov [ebp-26], ax 7C935B3D 0F85 8BA90000 jnz 7C9404CE 7C935B43 8B4D FC mov ecx, [ebp-4] 7C935B46 5F pop edi ; ntdll.7C92E89A 7C935B47 8BC3 mov eax, ebx 7C935B49 5B pop ebx ; ntdll.7C92E89A 7C935B4A E8 38A8FFFF call 7C930387 7C935B4F C9 leave 7C935B50 C2 0C00 retn 0C 7C935B53 90 nop 7C935B54 2E:004400 4C add cs:[eax+eax+4C], al 7C935B59 004C00 00 add [eax+eax], cl 7C935B5D 0090 902E0000 add [eax+2E90], dl 7C935B63 0090 90909090 add [eax+90909090], dl 7C935B69 > 8BFF mov edi, edi 7C935B6B 55 push ebp 7C935B6C 8BEC mov ebp, esp 7C935B6E 83EC 64 sub esp, 64 7C935B71 A1 34C0997C mov eax, [7C99C034] 7C935B76 53 push ebx 7C935B77 8B5D 0C mov ebx, [ebp+C] ; RPCRT4.77E8F3B0 7C935B7A 56 push esi ; ntdll.ZwTerminateProcess 7C935B7B 8B75 10 mov esi, [ebp+10] 7C935B7E 8945 FC mov [ebp-4], eax 7C935B81 8B45 14 mov eax, [ebp+14] 7C935B84 57 push edi 7C935B85 33FF xor edi, edi 7C935B87 3BC7 cmp eax, edi 7C935B89 8945 A4 mov [ebp-5C], eax 7C935B8C 74 03 je short 7C935B91 7C935B8E 66:8938 mov [eax], di 7C935B91 F745 08 F8FFFFF>test dword ptr [ebp+8], FFFFFFF8 7C935B98 0F85 B60C0000 jnz 7C936854 7C935B9E 3BC7 cmp eax, edi 7C935BA0 0F84 AE0C0000 je 7C936854 7C935BA6 53 push ebx 7C935BA7 57 push edi 7C935BA8 E8 C5000000 call RtlValidateUnicodeString 7C935BAD 3BC7 cmp eax, edi 7C935BAF 0F8C A9000000 jl 7C935C5E 7C935BB5 56 push esi ; ntdll.ZwTerminateProcess 7C935BB6 57 push edi 7C935BB7 E8 B6000000 call RtlValidateUnicodeString 7C935BBC 3BC7 cmp eax, edi 7C935BBE 0F8C 9A000000 jl 7C935C5E 7C935BC4 66:8B3E mov di, [esi] 7C935BC7 8B56 04 mov edx, [esi+4] 7C935BCA 8B4D 08 mov ecx, [ebp+8] 7C935BCD 33C0 xor eax, eax 7C935BCF 66:8B03 mov ax, [ebx] 7C935BD2 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C935BD4 46 inc esi ; ntdll.ZwTerminateProcess 7C935BD5 66:D1EF shr di, 1 7C935BD8 8955 AC mov [ebp-54], edx ; msvcrt.77C31AE8 7C935BDB 8945 A0 mov [ebp-60], eax 7C935BDE 66:D1E8 shr ax, 1 7C935BE1 23CE and ecx, esi ; ntdll.ZwTerminateProcess 7C935BE3 894D 9C mov [ebp-64], ecx 7C935BE6 8945 B8 mov [ebp-48], eax 7C935BE9 0F84 570C0000 je 7C936846 7C935BEF 8B5B 04 mov ebx, [ebx+4] 7C935BF2 0FB7F0 movzx esi, ax 7C935BF5 83C9 FF or ecx, FFFFFFFF 7C935BF8 894D B0 mov [ebp-50], ecx 7C935BFB 8D7473 FE lea esi, [ebx+esi*2-2] 7C935BFF 8B5D 08 mov ebx, [ebp+8] 7C935C02 F6C3 04 test bl, 4 7C935C05 0F85 AF4F0300 jnz 7C96ABBA 7C935C0B 66:83FF 01 cmp di, 1 7C935C0F 0F85 7F730000 jnz 7C93CF94 7C935C15 F6C3 02 test bl, 2 7C935C18 66:8B3A mov di, [edx] 7C935C1B 0F85 D9500300 jnz 7C96ACFA 7C935C21 66:85C0 test ax, ax 7C935C24 0F84 120C0000 je 7C93683C 7C935C2A 66:393E cmp [esi], di 7C935C2D 74 0D je short 7C935C3C 7C935C2F 05 FFFF0000 add eax, 0FFFF 7C935C34 66:85C0 test ax, ax 7C935C37 8D344E lea esi, [esi+ecx*2] 7C935C3A ^ 75 EE jnz short 7C935C2A 7C935C3C 66:85C0 test ax, ax 7C935C3F 0F84 F70B0000 je 7C93683C 7C935C45 05 FFFF0000 add eax, 0FFFF 7C935C4A 03C0 add eax, eax 7C935C4C 837D 9C 00 cmp dword ptr [ebp-64], 0 7C935C50 0F84 EF500300 je 7C96AD45 7C935C56 8B4D A4 mov ecx, [ebp-5C] 7C935C59 66:8901 mov [ecx], ax 7C935C5C 33C0 xor eax, eax 7C935C5E 8B4D FC mov ecx, [ebp-4] 7C935C61 5F pop edi ; ntdll.7C92E89A 7C935C62 5E pop esi ; ntdll.7C92E89A 7C935C63 5B pop ebx ; ntdll.7C92E89A |
|
[讨论]程序分析!
7C9336A3 E8 92EEFEFF call memmove 7C9336A8 83C4 0C add esp, 0C 7C9336AB 33C0 xor eax, eax 7C9336AD 5D pop ebp ; ntdll.7C92E89A 7C9336AE C2 0C00 retn 0C 7C9336B1 90 nop 7C9336B2 90 nop 7C9336B3 90 nop 7C9336B4 90 nop 7C9336B5 90 nop 7C9336B6 > 8BFF mov edi, edi 7C9336B8 55 push ebp 7C9336B9 8BEC mov ebp, esp 7C9336BB 8B45 08 mov eax, [ebp+8] 7C9336BE 0FB640 01 movzx eax, byte ptr [eax+1] 7C9336C2 8D0485 08000000 lea eax, [eax*4+8] 7C9336C9 5D pop ebp ; ntdll.7C92E89A 7C9336CA C2 0400 retn 4 7C9336CD 90 nop 7C9336CE 90 nop 7C9336CF 90 nop 7C9336D0 90 nop 7C9336D1 90 nop 7C9336D2 > 8BFF mov edi, edi 7C9336D4 55 push ebp 7C9336D5 8BEC mov ebp, esp 7C9336D7 8B45 10 mov eax, [ebp+10] 7C9336DA 56 push esi ; ntdll.ZwTerminateProcess 7C9336DB 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C9336DD D1E8 shr eax, 1 7C9336DF 803D 10C0997C 0>cmp byte ptr [NlsMbCodePageTag], 0 7C9336E6 0F85 43450300 jnz 7C967C2F 7C9336EC 8B4D 08 mov ecx, [ebp+8] 7C9336EF 8901 mov [ecx], eax 7C9336F1 33C0 xor eax, eax 7C9336F3 5E pop esi ; ntdll.7C92E89A 7C9336F4 5D pop ebp ; ntdll.7C92E89A 7C9336F5 C2 0C00 retn 0C 7C9336F8 90 nop 7C9336F9 90 nop 7C9336FA 90 nop 7C9336FB 90 nop 7C9336FC 90 nop 7C9336FD 8BFF mov edi, edi 7C9336FF 55 push ebp 7C933700 8BEC mov ebp, esp 7C933702 56 push esi ; ntdll.ZwTerminateProcess 7C933703 8B75 08 mov esi, [ebp+8] 7C933706 57 push edi 7C933707 8D7E 08 lea edi, [esi+8] 7C93370A 813F FFEEFFEE cmp dword ptr [edi], EEFFEEFF 7C933710 0F85 D5850300 jnz 7C96BCEB 7C933716 B0 01 mov al, 1 7C933718 5F pop edi ; ntdll.7C92E89A 7C933719 5E pop esi ; ntdll.7C92E89A 7C93371A 5D pop ebp ; ntdll.7C92E89A 7C93371B C2 0800 retn 8 7C93371E 90 nop 7C93371F 90 nop 7C933720 90 nop 7C933721 90 nop 7C933722 90 nop 7C933723 > 8BFF mov edi, edi 7C933725 55 push ebp 7C933726 8BEC mov ebp, esp 7C933728 51 push ecx 7C933729 51 push ecx 7C93372A 56 push esi ; ntdll.ZwTerminateProcess 7C93372B 8B75 08 mov esi, [ebp+8] 7C93372E F646 13 01 test byte ptr [esi+13], 1 7C933732 0F85 A3890200 jnz 7C95C0DB 7C933738 68 7437937C push 7C933774 ; ASCII "RtlLockHeap" 7C93373D 56 push esi ; ntdll.ZwTerminateProcess 7C93373E E8 BAFFFFFF call 7C9336FD 7C933743 84C0 test al, al 7C933745 74 27 je short 7C93376E 7C933747 F646 0C 01 test byte ptr [esi+C], 1 7C93374B 75 12 jnz short 7C93375F 7C93374D FFB6 78050000 push dword ptr [esi+578] 7C933753 E8 ADD8FEFF call RtlEnterCriticalSection 7C933758 66:FF86 8405000>inc word ptr [esi+584] 7C93375F F605 F002FE7F 0>test byte ptr [7FFE02F0], 2 7C933766 0F85 7A890200 jnz 7C95C0E6 7C93376C B0 01 mov al, 1 7C93376E 5E pop esi ; ntdll.7C92E89A 7C93376F C9 leave 7C933770 C2 0400 retn 4 7C933773 90 nop 7C933774 52 push edx ; msvcrt.77C31AE8 7C933775 74 6C je short 7C9337E3 7C933777 4C dec esp 7C933778 6F outs dx, dword ptr es:[edi] 7C933779 636B 48 arpl [ebx+48], bp 7C93377C 65:61 popad 7C93377E 70 00 jo short 7C933780 7C933780 CC int3 7C933781 CC int3 7C933782 CC int3 7C933783 CC int3 7C933784 CC int3 7C933785 CC int3 7C933786 90 nop 7C933787 90 nop 7C933788 90 nop 7C933789 90 nop 7C93378A 90 nop 7C93378B > 8BFF mov edi, edi 7C93378D 55 push ebp 7C93378E 8BEC mov ebp, esp 7C933790 51 push ecx 7C933791 51 push ecx 7C933792 56 push esi ; ntdll.ZwTerminateProcess 7C933793 8B75 08 mov esi, [ebp+8] 7C933796 F646 13 01 test byte ptr [esi+13], 1 7C93379A 0F85 BB890200 jnz 7C95C15B 7C9337A0 68 DC37937C push 7C9337DC ; ASCII "RtlUnlockHeap" 7C9337A5 56 push esi ; ntdll.ZwTerminateProcess 7C9337A6 E8 52FFFFFF call 7C9336FD 7C9337AB 84C0 test al, al 7C9337AD 74 27 je short 7C9337D6 7C9337AF F646 0C 01 test byte ptr [esi+C], 1 7C9337B3 75 12 jnz short 7C9337C7 7C9337B5 FFB6 78050000 push dword ptr [esi+578] 7C9337BB 66:FF8E 8405000>dec word ptr [esi+584] 7C9337C2 E8 26D9FEFF call RtlLeaveCriticalSection 7C9337C7 F605 F002FE7F 0>test byte ptr [7FFE02F0], 2 7C9337CE 0F85 92890200 jnz 7C95C166 7C9337D4 B0 01 mov al, 1 7C9337D6 5E pop esi ; ntdll.7C92E89A 7C9337D7 C9 leave 7C9337D8 C2 0400 retn 4 7C9337DB 90 nop 7C9337DC 52 push edx ; msvcrt.77C31AE8 7C9337DD 74 6C je short 7C93384B 7C9337DF 55 push ebp 7C9337E0 6E outs dx, byte ptr es:[edi] 7C9337E1 6C ins byte ptr es:[edi], dx 7C9337E2 6F outs dx, dword ptr es:[edi] 7C9337E3 636B 48 arpl [ebx+48], bp 7C9337E6 65:61 popad 7C9337E8 70 00 jo short 7C9337EA 7C9337EA CC int3 7C9337EB CC int3 7C9337EC CC int3 7C9337ED CC int3 7C9337EE CC int3 7C9337EF CC int3 7C9337F0 90 nop 7C9337F1 90 nop 7C9337F2 90 nop 7C9337F3 90 nop 7C9337F4 90 nop 7C9337F5 > 8BFF mov edi, edi 7C9337F7 55 push ebp 7C9337F8 8BEC mov ebp, esp 7C9337FA 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C9337FD 85C0 test eax, eax 7C9337FF 74 20 je short 7C933821 7C933801 8B4D 08 mov ecx, [ebp+8] 7C933804 3B41 14 cmp eax, [ecx+14] 7C933807 72 18 jb short 7C933821 7C933809 3B41 18 cmp eax, [ecx+18] 7C93380C 73 13 jnb short 7C933821 7C93380E 8B49 04 mov ecx, [ecx+4] 7C933811 49 dec ecx 7C933812 85C8 test eax, ecx 7C933814 75 0B jnz short 7C933821 7C933816 F600 01 test byte ptr [eax], 1 7C933819 74 06 je short 7C933821 7C93381B B0 01 mov al, 1 7C93381D 5D pop ebp ; ntdll.7C92E89A 7C93381E C2 0800 retn 8 7C933821 32C0 xor al, al 7C933823 ^ EB F8 jmp short 7C93381D 7C933825 90 nop 7C933826 90 nop 7C933827 90 nop 7C933828 90 nop 7C933829 90 nop 7C93382A 8BFF mov edi, edi 7C93382C 55 push ebp 7C93382D 8BEC mov ebp, esp 7C93382F 8B45 08 mov eax, [ebp+8] 7C933832 F640 05 08 test byte ptr [eax+5], 8 7C933836 0F85 3D5D0300 jnz 7C969579 7C93383C 0FB708 movzx ecx, word ptr [eax] 7C93383F 8D44C8 F8 lea eax, [eax+ecx*8-8] 7C933843 5D pop ebp ; ntdll.7C92E89A 7C933844 C2 0400 retn 4 7C933847 83C1 08 add ecx, 8 7C93384A 894D DC mov [ebp-24], ecx 7C93384D E9 44420000 jmp 7C937A96 7C933852 90 nop 7C933853 90 nop 7C933854 90 nop 7C933855 90 nop 7C933856 90 nop 7C933857 > 8BFF mov edi, edi 7C933859 55 push ebp 7C93385A 8BEC mov ebp, esp 7C93385C 8B55 08 mov edx, [ebp+8] 7C93385F 8B4A 04 mov ecx, [edx+4] 7C933862 53 push ebx 7C933863 56 push esi ; ntdll.ZwTerminateProcess 7C933864 8B75 0C mov esi, [ebp+C] ; RPCRT4.77E8F3B0 7C933867 8BD9 mov ebx, ecx 7C933869 57 push edi 7C93386A 33C0 xor eax, eax 7C93386C C1E9 02 shr ecx, 2 7C93386F 8BFE mov edi, esi ; ntdll.ZwTerminateProcess 7C933871 F3:AB rep stos dword ptr es:[edi] 7C933873 8BCB mov ecx, ebx 7C933875 83E1 03 and ecx, 3 7C933878 F3:AA rep stos byte ptr es:[edi] 7C93387A 8B42 10 mov eax, [edx+10] 7C93387D 8906 mov [esi], eax 7C93387F 5F pop edi ; ntdll.7C92E89A 7C933880 8972 10 mov [edx+10], esi ; ntdll.ZwTerminateProcess 7C933883 5E pop esi ; ntdll.7C92E89A 7C933884 B0 01 mov al, 1 7C933886 5B pop ebx ; ntdll.7C92E89A 7C933887 5D pop ebp ; ntdll.7C92E89A 7C933888 C2 0800 retn 8 7C93388B 90 nop 7C93388C 90 nop 7C93388D 90 nop 7C93388E 90 nop 7C93388F 90 nop 7C933890 > 8BFF mov edi, edi 7C933892 55 push ebp 7C933893 8BEC mov ebp, esp 7C933895 8B55 08 mov edx, [ebp+8] 7C933898 56 push esi ; ntdll.ZwTerminateProcess 7C933899 8B75 0C mov esi, [ebp+C] ; RPCRT4.77E8F3B0 7C93389C 33C0 xor eax, eax 7C93389E 66:8B02 mov ax, [edx] 7C9338A1 66:3D 4100 cmp ax, 41 7C9338A5 72 09 jb short 7C9338B0 7C9338A7 66:3D 5A00 cmp ax, 5A 7C9338AB 8D48 20 lea ecx, [eax+20] 7C9338AE 76 02 jbe short 7C9338B2 7C9338B0 8BC8 mov ecx, eax 7C9338B2 33C0 xor eax, eax 7C9338B4 66:8B06 mov ax, [esi] 7C9338B7 66:3D 4100 cmp ax, 41 7C9338BB 72 06 jb short 7C9338C3 7C9338BD 66:3D 5A00 cmp ax, 5A 7C9338C1 76 19 jbe short 7C9338DC 7C9338C3 42 inc edx ; msvcrt.77C31AE8 7C9338C4 42 inc edx ; msvcrt.77C31AE8 7C9338C5 46 inc esi ; ntdll.ZwTerminateProcess 7C9338C6 46 inc esi ; ntdll.ZwTerminateProcess 7C9338C7 66:85C9 test cx, cx 7C9338CA 74 05 je short 7C9338D1 7C9338CC 66:3BC8 cmp cx, ax 7C9338CF ^ 74 CB je short 7C93389C 7C9338D1 0FB7D0 movzx edx, ax 7C9338D4 0FB7C1 movzx eax, cx 7C9338D7 2BC2 sub eax, edx ; msvcrt.77C31AE8 7C9338D9 5E pop esi ; ntdll.7C92E89A 7C9338DA 5D pop ebp ; ntdll.7C92E89A 7C9338DB C3 retn 7C9338DC 83C0 20 add eax, 20 7C9338DF ^ EB E2 jmp short 7C9338C3 7C9338E1 90 nop 7C9338E2 90 nop 7C9338E3 90 nop 7C9338E4 90 nop 7C9338E5 90 nop 7C9338E6 > 8BFF mov edi, edi 7C9338E8 55 push ebp 7C9338E9 8BEC mov ebp, esp 7C9338EB 8B45 08 mov eax, [ebp+8] 7C9338EE 8B50 04 mov edx, [eax+4] 7C9338F1 0FAF55 0C imul edx, [ebp+C] ; RPCRT4.77E8F3B0 7C9338F5 0350 14 add edx, [eax+14] 7C9338F8 52 push edx ; msvcrt.77C31AE8 7C9338F9 50 push eax 7C9338FA E8 F6FEFFFF call RtlIsValidHandle 7C9338FF 84C0 test al, al 7C933901 74 0B je short 7C93390E 7C933903 8B45 10 mov eax, [ebp+10] 7C933906 8910 mov [eax], edx ; msvcrt.77C31AE8 7C933908 B0 01 mov al, 1 7C93390A 5D pop ebp ; ntdll.7C92E89A 7C93390B C2 0C00 retn 0C 7C93390E 32C0 xor al, al 7C933910 ^ EB F8 jmp short 7C93390A 7C933912 90 nop 7C933913 90 nop 7C933914 90 nop 7C933915 90 nop 7C933916 90 nop 7C933917 > 8BFF mov edi, edi 7C933919 55 push ebp 7C93391A 8BEC mov ebp, esp 7C93391C 51 push ecx 7C93391D 6A 00 push 0 7C93391F 6A 04 push 4 7C933921 8D45 FC lea eax, [ebp-4] 7C933924 50 push eax 7C933925 6A 24 push 24 7C933927 6A FF push -1 7C933929 E8 EDA6FFFF call ZwQueryInformationProcess 7C93392E 8B45 FC mov eax, [ebp-4] 7C933931 3345 08 xor eax, [ebp+8] 7C933934 C9 leave 7C933935 C2 0400 retn 4 7C933938 90 nop 7C933939 90 nop 7C93393A 90 nop 7C93393B 90 nop 7C93393C 90 nop 7C93393D > 8BFF mov edi, edi 7C93393F 55 push ebp 7C933940 8BEC mov ebp, esp 7C933942 5D pop ebp ; ntdll.7C92E89A 7C933943 ^ EB D2 jmp short RtlEncodePointer 7C933945 90 nop 7C933946 90 nop 7C933947 90 nop 7C933948 90 nop 7C933949 90 nop 7C93394A > 8BFF mov edi, edi 7C93394C 55 push ebp 7C93394D 8BEC mov ebp, esp 7C93394F 53 push ebx 7C933950 56 push esi ; ntdll.ZwTerminateProcess 7C933951 8B75 0C mov esi, [ebp+C] ; RPCRT4.77E8F3B0 7C933954 56 push esi ; ntdll.ZwTerminateProcess 7C933955 E8 00CAFFFF call wcslen 7C93395A 59 pop ecx ; ntdll.7C92E89A 7C93395B 8D5C00 02 lea ebx, [eax+eax+2] 7C93395F 53 push ebx 7C933960 FF15 C009937C call [7C9309C0] ; ntdll.7C9309C9 7C933966 85C0 test eax, eax 7C933968 8B55 08 mov edx, [ebp+8] 7C93396B 8942 04 mov [edx+4], eax 7C93396E 74 26 je short 7C933996 7C933970 57 push edi 7C933971 8BCB mov ecx, ebx 7C933973 8BF8 mov edi, eax 7C933975 8BC1 mov eax, ecx 7C933977 C1E9 02 shr ecx, 2 7C93397A F3:A5 rep movs dword ptr es:[edi], dword p> 7C93397C 8BC8 mov ecx, eax 7C93397E 83E1 03 and ecx, 3 7C933981 F3:A4 rep movs byte ptr es:[edi], byte ptr> 7C933983 66:895A 02 mov [edx+2], bx 7C933987 83C3 FE add ebx, -2 7C93398A 66:891A mov [edx], bx 7C93398D B0 01 mov al, 1 7C93398F 5F pop edi ; ntdll.7C92E89A 7C933990 5E pop esi ; ntdll.7C92E89A 7C933991 5B pop ebx ; ntdll.7C92E89A 7C933992 5D pop ebp ; ntdll.7C92E89A 7C933993 C2 0800 retn 8 7C933996 32C0 xor al, al 7C933998 ^ EB F6 jmp short 7C933990 7C93399A 90 nop 7C93399B 90 nop 7C93399C 90 nop 7C93399D 90 nop 7C93399E 90 nop 7C93399F > 8BFF mov edi, edi 7C9339A1 55 push ebp 7C9339A2 8BEC mov ebp, esp 7C9339A4 8B45 08 mov eax, [ebp+8] 7C9339A7 66:8B08 mov cx, [eax] 7C9339AA 6A 5C push 5C 7C9339AC 5A pop edx ; ntdll.7C92E89A 7C9339AD 66:3BCA cmp cx, dx 7C9339B0 0F84 616B0000 je 7C93A517 7C9339B6 66:83F9 2F cmp cx, 2F 7C9339BA 0F84 576B0000 je 7C93A517 7C9339C0 66:85C9 test cx, cx 7C9339C3 0F84 D50E0000 je 7C93489E 7C9339C9 66:8378 02 3A cmp word ptr [eax+2], 3A 7C9339CE 0F85 CA0E0000 jnz 7C93489E 7C9339D4 66:8B40 04 mov ax, [eax+4] 7C9339D8 66:3BC2 cmp ax, dx 7C9339DB 0F85 1A5C0000 jnz 7C9395FB 7C9339E1 6A 02 push 2 7C9339E3 58 pop eax ; ntdll.7C92E89A 7C9339E4 5D pop ebp ; ntdll.7C92E89A 7C9339E5 C2 0400 retn 4 7C9339E8 90 nop 7C9339E9 90 nop 7C9339EA 90 nop 7C9339EB 90 nop 7C9339EC 90 nop 7C9339ED 8BFF mov edi, edi 7C9339EF 55 push ebp 7C9339F0 8BEC mov ebp, esp 7C9339F2 51 push ecx 7C9339F3 51 push ecx 7C9339F4 53 push ebx 7C9339F5 56 push esi ; ntdll.ZwTerminateProcess 7C9339F6 8B75 08 mov esi, [ebp+8] 7C9339F9 57 push edi 7C9339FA 8B7E 04 mov edi, [esi+4] 7C9339FD 57 push edi 7C9339FE 33DB xor ebx, ebx 7C933A00 E8 9AFFFFFF call RtlDetermineDosPathNameType_U 7C933A05 85C0 test eax, eax 7C933A07 7C 12 jl short 7C933A1B 7C933A09 83F8 01 cmp eax, 1 7C933A0C 0F8E 47010000 jle 7C933B59 7C933A12 83F8 06 cmp eax, 6 7C933A15 0F84 876B0000 je 7C93A5A2 7C933A1B 8B06 mov eax, [esi] 7C933A1D 8B4E 04 mov ecx, [esi+4] 7C933A20 8945 F8 mov [ebp-8], eax 7C933A23 33C0 xor eax, eax 7C933A25 66:8B06 mov ax, [esi] 7C933A28 66:D1E8 shr ax, 1 7C933A2B 66:85C0 test ax, ax 7C933A2E 894D FC mov [ebp-4], ecx 7C933A31 0F84 22010000 je 7C933B59 7C933A37 0FB7F0 movzx esi, ax 7C933A3A 66:837C77 FE 3A cmp word ptr [edi+esi*2-2], 3A 7C933A40 BA FFFF0000 mov edx, 0FFFF 7C933A45 0F84 C15B0000 je 7C93960C 7C933A4B 66:85C0 test ax, ax 7C933A4E 0F84 05010000 je 7C933B59 7C933A54 0FB7F0 movzx esi, ax 7C933A57 66:8B7471 FE mov si, [ecx+esi*2-2] 7C933A5C 66:83FE 2E cmp si, 2E 7C933A60 0F84 86080000 je 7C9342EC 7C933A66 66:83FE 20 cmp si, 20 7C933A6A 0F84 7C080000 je 7C9342EC 7C933A70 33FF xor edi, edi 7C933A72 66:85C0 test ax, ax 7C933A75 0F84 8D000000 je 7C933B08 7C933A7B 0FB7D0 movzx edx, ax 7C933A7E 8D5451 FE lea edx, [ecx+edx*2-2] 7C933A82 3BD1 cmp edx, ecx 7C933A84 72 6B jb short 7C933AF1 7C933A86 66:8B32 mov si, [edx] 7C933A89 66:83FE 5C cmp si, 5C 7C933A8D 74 17 je short 7C933AA6 7C933A8F 66:83FE 2F cmp si, 2F 7C933A93 74 11 je short 7C933AA6 7C933A95 66:83FE 3A cmp si, 3A 7C933A99 74 04 je short 7C933A9F 7C933A9B 4A dec edx ; msvcrt.77C31AE8 7C933A9C 4A dec edx ; msvcrt.77C31AE8 7C933A9D ^ EB E3 jmp short 7C933A82 7C933A9F 8D71 02 lea esi, [ecx+2] 7C933AA2 3BD6 cmp edx, esi ; ntdll.ZwTerminateProcess 7C933AA4 ^ 75 F5 jnz short 7C933A9B 7C933AA6 42 inc edx ; msvcrt.77C31AE8 7C933AA7 42 inc edx ; msvcrt.77C31AE8 7C933AA8 66:8B02 mov ax, [edx] 7C933AAB 66:0D 2000 or ax, 20 7C933AAF 66:3D 6C00 cmp ax, 6C 7C933AB3 74 16 je short 7C933ACB 7C933AB5 66:3D 6300 cmp ax, 63 7C933AB9 74 10 je short 7C933ACB 7C933ABB 66:3D 7000 cmp ax, 70 7C933ABF 74 0A je short 7C933ACB 7C933AC1 66:3D 6100 cmp ax, 61 7C933AC5 0F85 C9060000 jnz 7C934194 7C933ACB 52 push edx ; msvcrt.77C31AE8 7C933ACC 8D45 F8 lea eax, [ebp-8] 7C933ACF 8BFA mov edi, edx ; msvcrt.77C31AE8 7C933AD1 50 push eax 7C933AD2 2BF9 sub edi, ecx 7C933AD4 E8 FDD7FEFF call RtlInitUnicodeString 7C933AD9 8B4D FC mov ecx, [ebp-4] 7C933ADC 33C0 xor eax, eax 7C933ADE 66:8B45 F8 mov ax, [ebp-8] 7C933AE2 66:D1E8 shr ax, 1 7C933AE5 2BC3 sub eax, ebx 7C933AE7 69DB FEFF0000 imul ebx, ebx, 0FFFE 7C933AED 66:015D F8 add [ebp-8], bx 7C933AF1 66:8B11 mov dx, [ecx] 7C933AF4 66:83CA 20 or dx, 20 7C933AF8 66:83FA 6C cmp dx, 6C 7C933AFC 74 0A je short 7C933B08 7C933AFE 66:83FA 63 cmp dx, 63 7C933B02 0F85 E0060000 jnz 7C9341E8 7C933B08 0FB7C0 movzx eax, ax 7C933B0B 8D3441 lea esi, [ecx+eax*2] 7C933B0E 3BCE cmp ecx, esi ; ntdll.ZwTerminateProcess 7C933B10 8BD1 mov edx, ecx 7C933B12 73 26 jnb short 7C933B3A 7C933B14 66:8B02 mov ax, [edx] 7C933B17 66:3D 2E00 cmp ax, 2E 7C933B1B 74 0C je short 7C933B29 7C933B1D 66:3D 3A00 cmp ax, 3A 7C933B21 74 06 je short 7C933B29 7C933B23 42 inc edx ; msvcrt.77C31AE8 7C933B24 42 inc edx ; msvcrt.77C31AE8 7C933B25 3BD6 cmp edx, esi ; ntdll.ZwTerminateProcess 7C933B27 ^ 72 EB jb short 7C933B14 7C933B29 3BD1 cmp edx, ecx 7C933B2B 76 0D jbe short 7C933B3A 7C933B2D 8D42 FE lea eax, [edx-2] 7C933B30 66:8338 20 cmp word ptr [eax], 20 7C933B34 0F84 32890200 je 7C95C46C 7C933B3A 2BD1 sub edx, ecx 7C933B3C D1FA sar edx, 1 7C933B3E 66:83FA 04 cmp dx, 4 7C933B42 8D0412 lea eax, [edx+edx] 7C933B45 66:8945 F8 mov [ebp-8], ax 7C933B49 0F84 C32B0100 je 7C946712 7C933B4F 66:83FA 03 cmp dx, 3 7C933B53 0F84 4F2C0100 je 7C9467A8 7C933B59 33C0 xor eax, eax 7C933B5B 5F pop edi ; ntdll.7C92E89A 7C933B5C 5E pop esi ; ntdll.7C92E89A 7C933B5D 5B pop ebx ; ntdll.7C92E89A 7C933B5E C9 leave 7C933B5F C2 0400 retn 4 7C933B62 90 nop 7C933B63 90 nop 7C933B64 90 nop 7C933B65 90 nop 7C933B66 90 nop 7C933B67 68 88000000 push 88 7C933B6C 68 003D937C push 7C933D00 7C933B71 E8 4CB2FFFF call 7C92EDC2 7C933B76 A1 34C0997C mov eax, [7C99C034] 7C933B7B 8945 E4 mov [ebp-1C], eax 7C933B7E 8B45 08 mov eax, [ebp+8] 7C933B81 8B4D 10 mov ecx, [ebp+10] 7C933B84 894D C8 mov [ebp-38], ecx 7C933B87 8B4D 14 mov ecx, [ebp+14] 7C933B8A 894D 94 mov [ebp-6C], ecx 7C933B8D 8B4D 18 mov ecx, [ebp+18] ; trscd.00454965 7C933B90 898D 7CFFFFFF mov [ebp-84], ecx 7C933B96 8B5D 1C mov ebx, [ebp+1C] 7C933B99 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C933B9B 3BCE cmp ecx, esi ; ntdll.ZwTerminateProcess 7C933B9D 74 03 je short 7C933BA2 7C933B9F C601 00 mov byte ptr [ecx], 0 7C933BA2 817D 0C FFFF000>cmp dword ptr [ebp+C], 0FFFF 7C933BA9 0F87 D4860200 ja 7C95C283 7C933BAF 8933 mov [ebx], esi ; ntdll.ZwTerminateProcess 7C933BB1 8B08 mov ecx, [eax] 7C933BB3 894D 8C mov [ebp-74], ecx 7C933BB6 8B40 04 mov eax, [eax+4] 7C933BB9 8945 90 mov [ebp-70], eax 7C933BBC 8945 9C mov [ebp-64], eax 7C933BBF 0FB7C9 movzx ecx, cx 7C933BC2 8BD1 mov edx, ecx 7C933BC4 D1EA shr edx, 1 7C933BC6 8955 84 mov [ebp-7C], edx ; msvcrt.77C31AE8 7C933BC9 894D B0 mov [ebp-50], ecx 7C933BCC 3BCE cmp ecx, esi ; ntdll.ZwTerminateProcess 7C933BCE ^ 0F84 1FD1FFFF je 7C930CF3 7C933BD4 66:3930 cmp [eax], si 7C933BD7 ^ 0F84 16D1FFFF je 7C930CF3 7C933BDD 8BF9 mov edi, ecx 7C933BDF D1E9 shr ecx, 1 7C933BE1 66:8B4C48 FE mov cx, [eax+ecx*2-2] 7C933BE6 66:83F9 20 cmp cx, 20 7C933BEA 0F84 6D6F0100 je 7C94AB5D 7C933BF0 3BFE cmp edi, esi ; ntdll.ZwTerminateProcess 7C933BF2 ^ 0F84 FBD0FFFF je 7C930CF3 7C933BF8 66:8B4450 FE mov ax, [eax+edx*2-2] 7C933BFD 66:3D 5C00 cmp ax, 5C 7C933C01 0F84 9C050000 je 7C9341A3 7C933C07 66:3D 2F00 cmp ax, 2F 7C933C0B C645 C7 01 mov byte ptr [ebp-39], 1 7C933C0F 0F84 8E050000 je 7C9341A3 7C933C15 8D45 8C lea eax, [ebp-74] 7C933C18 50 push eax 7C933C19 E8 CFFDFFFF call 7C9339ED 7C933C1E 8BF8 mov edi, eax 7C933C20 3BFE cmp edi, esi ; ntdll.ZwTerminateProcess 7C933C22 0F85 22150100 jnz 7C94514A 7C933C28 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C933C2B 66:894D A6 mov [ebp-5A], cx 7C933C2F 66:8365 A4 00 and word ptr [ebp-5C], 0 7C933C34 33C0 xor eax, eax 7C933C36 8B7D C8 mov edi, [ebp-38] 7C933C39 8BD1 mov edx, ecx 7C933C3B C1E9 02 shr ecx, 2 7C933C3E F3:AB rep stos dword ptr es:[edi] 7C933C40 8BCA mov ecx, edx ; msvcrt.77C31AE8 7C933C42 83E1 03 and ecx, 3 7C933C45 F3:AA rep stos byte ptr es:[edi] 7C933C47 64:A1 18000000 mov eax, fs:[18] 7C933C4D 8B40 30 mov eax, [eax+30] 7C933C50 8B70 10 mov esi, [eax+10] 7C933C53 83C6 24 add esi, 24 7C933C56 FF75 9C push dword ptr [ebp-64] 7C933C59 E8 41FDFFFF call RtlDetermineDosPathNameType_U 7C933C5E 8945 88 mov [ebp-78], eax 7C933C61 8903 mov [ebx], eax 7C933C63 E8 B5CCFFFF call RtlAcquirePebLock 7C933C68 8365 FC 00 and dword ptr [ebp-4], 0 7C933C6C 8B5D 9C mov ebx, [ebp-64] 7C933C6F 8BCB mov ecx, ebx 7C933C71 894D D8 mov [ebp-28], ecx 7C933C74 33FF xor edi, edi 7C933C76 897D A0 mov [ebp-60], edi 7C933C79 66:897D D0 mov [ebp-30], di 7C933C7D 66:897D D2 mov [ebp-2E], di 7C933C81 897D D4 mov [ebp-2C], edi 7C933C84 8B45 88 mov eax, [ebp-78] ; ntdll.7C931970 7C933C87 48 dec eax 7C933C88 0F84 83360100 je 7C947311 7C933C8E 48 dec eax 7C933C8F ^ 0F85 53F9FFFF jnz 7C9335E8 7C933C95 8B46 04 mov eax, [esi+4] 7C933C98 0FB700 movzx eax, word ptr [eax] 7C933C9B 50 push eax 7C933C9C E8 4FCCFFFF call RtlUpcaseUnicodeChar 7C933CA1 8845 CF mov [ebp-31], al 7C933CA4 33C0 xor eax, eax 7C933CA6 66:8B03 mov ax, [ebx] 7C933CA9 50 push eax 7C933CAA E8 41CCFFFF call RtlUpcaseUnicodeChar 7C933CAF 8845 AF mov [ebp-51], al 7C933CB2 3845 CF cmp [ebp-31], al 7C933CB5 75 06 jnz short 7C933CBD 7C933CB7 56 push esi ; ntdll.ZwTerminateProcess 7C933CB8 E8 99040000 call 7C934156 7C933CBD C745 B8 0300000>mov dword ptr [ebp-48], 3 7C933CC4 66:8B75 D0 mov si, [ebp-30] 7C933CC8 0FB7CE movzx ecx, si 7C933CCB 8B45 B0 mov eax, [ebp-50] ; ntdll.7C92EE18 7C933CCE 8D1401 lea edx, [ecx+eax] 7C933CD1 8995 68FFFFFF mov [ebp-98], edx ; msvcrt.77C31AE8 7C933CD7 3B55 0C cmp edx, [ebp+C] ; RPCRT4.77E8F3B0 7C933CDA 0F83 2E660000 jnb 7C93A30E 7C933CE0 8B45 C8 mov eax, [ebp-38] 7C933CE3 85FF test edi, edi 7C933CE5 75 09 jnz short 7C933CF0 7C933CE7 3945 D4 cmp [ebp-2C], eax 7C933CEA 0F84 1CFC0100 je 7C95390C 7C933CF0 33D2 xor edx, edx ; msvcrt.77C31AE8 7C933CF2 8955 C0 mov [ebp-40], edx ; msvcrt.77C31AE8 7C933CF5 8955 B4 mov [ebp-4C], edx ; msvcrt.77C31AE8 7C933CF8 EB 12 jmp short 7C933D0C 7C933CFA 90 nop 7C933CFB 90 nop 7C933CFC 90 nop 7C933CFD 90 nop 7C933CFE 90 nop 7C933CFF 90 nop 7C933D00 FFFF ??? ; 未知命令 7C933D02 FFFF ??? ; 未知命令 7C933D04 0000 add [eax], al 7C933D06 0000 add [eax], al 7C933D08 34 A3 xor al, 0A3 7C933D0A 93 xchg eax, ebx 7C933D0B 7C 39 jl short 7C933D46 7C933D0D ^ 7D C0 jge short 7C933CCF 7C933D0F 0F82 4C680000 jb 7C93A561 7C933D15 66:897D A4 mov [ebp-5C], di 7C933D19 8955 C0 mov [ebp-40], edx ; msvcrt.77C31AE8 7C933D1C 8955 B4 mov [ebp-4C], edx ; msvcrt.77C31AE8 7C933D1F 0FB74D D0 movzx ecx, word ptr [ebp-30] 7C933D23 394D C0 cmp [ebp-40], ecx 7C933D26 0F82 6E700000 jb 7C93AD9A 7C933D2C 8B4D A4 mov ecx, [ebp-5C] 7C933D2F 8B55 D0 mov edx, [ebp-30] 7C933D32 03D1 add edx, ecx 7C933D34 66:8955 A4 mov [ebp-5C], dx 7C933D38 0FB74D A4 movzx ecx, word ptr [ebp-5C] 7C933D3C 03C8 add ecx, eax 7C933D3E 894D BC mov [ebp-44], ecx 7C933D41 66:8321 00 and word ptr [ecx], 0 7C933D45 6A 5C push 5C 7C933D47 5B pop ebx ; ntdll.7C92E89A 7C933D48 6A 02 push 2 7C933D4A 58 pop eax ; ntdll.7C92E89A 7C933D4B 8B75 D8 mov esi, [ebp-28] 7C933D4E 66:8B3E mov di, [esi] 7C933D51 66:85FF test di, di 7C933D54 74 66 je short 7C933DBC 7C933D56 0FB7D7 movzx edx, di 7C933D59 83EA 2E sub edx, 2E 7C933D5C 0F84 C8700000 je 7C93AE2A 7C933D62 4A dec edx ; msvcrt.77C31AE8 7C933D63 74 05 je short 7C933D6A 7C933D65 83EA 2D sub edx, 2D 7C933D68 75 15 jnz short 7C933D7F 7C933D6A 66:3959 FE cmp [ecx-2], bx 7C933D6E 74 08 je short 7C933D78 7C933D70 66:8919 mov [ecx], bx 7C933D73 03C8 add ecx, eax 7C933D75 894D BC mov [ebp-44], ecx 7C933D78 03F0 add esi, eax 7C933D7A 8975 D8 mov [ebp-28], esi ; ntdll.ZwTerminateProcess 7C933D7D ^ EB CC jmp short 7C933D4B 7C933D7F 66:8B16 mov dx, [esi] 7C933D82 66:3BD3 cmp dx, bx 7C933D85 74 1A je short 7C933DA1 7C933D87 66:83FA 2F cmp dx, 2F 7C933D8B 74 14 je short 7C933DA1 7C933D8D 66:85D2 test dx, dx 7C933D90 74 0F je short 7C933DA1 7C933D92 66:8911 mov [ecx], dx 7C933D95 03C8 add ecx, eax 7C933D97 894D BC mov [ebp-44], ecx 7C933D9A 03F0 add esi, eax 7C933D9C 8975 D8 mov [ebp-28], esi ; ntdll.ZwTerminateProcess 7C933D9F ^ EB DE jmp short 7C933D7F 7C933DA1 66:8B16 mov dx, [esi] 7C933DA4 66:3BD3 cmp dx, bx 7C933DA7 0F85 C3000000 jnz 7C933E70 7C933DAD 8D51 FE lea edx, [ecx-2] 7C933DB0 66:833A 2E cmp word ptr [edx], 2E 7C933DB4 0F84 67860200 je 7C95C421 7C933DBA ^ EB 89 jmp short 7C933D45 7C933DBC 66:8321 00 and word ptr [ecx], 0 7C933DC0 807D C7 00 cmp byte ptr [ebp-39], 0 7C933DC4 74 19 je short 7C933DDF 7C933DC6 8B45 B8 mov eax, [ebp-48] 7C933DC9 8B55 C8 mov edx, [ebp-38] 7C933DCC 8D0442 lea eax, [edx+eax*2] 7C933DCF 3BC8 cmp ecx, eax 7C933DD1 76 0C jbe short 7C933DDF 7C933DD3 8D51 FE lea edx, [ecx-2] 7C933DD6 66:391A cmp [edx], bx 7C933DD9 0F84 F26F0000 je 7C93ADD1 7C933DDF 8BF9 mov edi, ecx 7C933DE1 2B7D C8 sub edi, [ebp-38] 7C933DE4 66:897D A4 mov [ebp-5C], di 7C933DE8 3B4D C8 cmp ecx, [ebp-38] 7C933DEB 76 1A jbe short 7C933E07 7C933DED 8D51 FE lea edx, [ecx-2] 7C933DF0 66:8B32 mov si, [edx] 7C933DF3 66:83FE 20 cmp si, 20 7C933DF7 0F84 CE410100 je 7C947FCB 7C933DFD 66:83FE 2E cmp si, 2E 7C933E01 0F84 C4410100 je 7C947FCB 7C933E07 8B75 94 mov esi, [ebp-6C] ; trscd.004B027C 7C933E0A 85F6 test esi, esi ; ntdll.ZwTerminateProcess 7C933E0C 74 3B je short 7C933E49 7C933E0E 83C1 FE add ecx, -2 7C933E11 894D D8 mov [ebp-28], ecx 7C933E14 33D2 xor edx, edx ; msvcrt.77C31AE8 7C933E16 8955 BC mov [ebp-44], edx ; msvcrt.77C31AE8 7C933E19 EB 0A jmp short 7C933E25 7C933E1B 66:3919 cmp [ecx], bx 7C933E1E 74 5F je short 7C933E7F 7C933E20 49 dec ecx 7C933E21 49 dec ecx 7C933E22 894D D8 mov [ebp-28], ecx 7C933E25 3B4D C8 cmp ecx, [ebp-38] 7C933E28 ^ 77 F1 ja short 7C933E1B 7C933E2A 33C9 xor ecx, ecx 7C933E2C 3BD1 cmp edx, ecx 7C933E2E 0F84 09AC0000 je 7C93EA3D 7C933E34 66:390A cmp [edx], cx 7C933E37 0F84 00AC0000 je 7C93EA3D 7C933E3D 837D 88 01 cmp dword ptr [ebp-78], 1 7C933E41 0F84 E5AB0000 je 7C93EA2C 7C933E47 8916 mov [esi], edx ; msvcrt.77C31AE8 7C933E49 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C933E4D E8 18000000 call 7C933E6A 7C933E52 0FB7C7 movzx eax, di 7C933E55 8B4D E4 mov ecx, [ebp-1C] 7C933E58 E8 2AC5FFFF call 7C930387 7C933E5D E8 A0AFFFFF call 7C92EE02 7C933E62 C2 1800 retn 18 7C933E65 90 nop 7C933E66 90 nop 7C933E67 90 nop 7C933E68 90 nop 7C933E69 90 nop 7C933E6A E8 F2CAFFFF call RtlReleasePebLock 7C933E6F C3 retn 7C933E70 66:83FA 2F cmp dx, 2F 7C933E74 ^ 0F84 33FFFFFF je 7C933DAD 7C933E7A ^ E9 C6FEFFFF jmp 7C933D45 7C933E7F 8D51 02 lea edx, [ecx+2] 7C933E82 8955 BC mov [ebp-44], edx ; msvcrt.77C31AE8 7C933E85 ^ EB A3 jmp short 7C933E2A 7C933E87 90 nop 7C933E88 5C pop esp ; ntdll.7C92E89A 7C933E89 003F add [edi], bh 7C933E8B 003F add [edi], bh 7C933E8D 005C00 00 add [eax+eax], bl 7C933E91 0090 90909090 add [eax+90909090], dl 7C933E97 68 70020000 push 270 7C933E9C 68 C040937C push 7C9340C0 7C933EA1 E8 1CAFFFFF call 7C92EDC2 7C933EA6 A1 34C0997C mov eax, [7C99C034] 7C933EAB 8945 E4 mov [ebp-1C], eax 7C933EAE 8B45 08 mov eax, [ebp+8] 7C933EB1 8B75 0C mov esi, [ebp+C] ; RPCRT4.77E8F3B0 7C933EB4 8B7D 10 mov edi, [ebp+10] 7C933EB7 89BD A0FDFFFF mov [ebp-260], edi 7C933EBD 8B5D 14 mov ebx, [ebp+14] 7C933EC0 33D2 xor edx, edx ; msvcrt.77C31AE8 7C933EC2 8995 D0FDFFFF mov [ebp-230], edx ; msvcrt.77C31AE8 7C933EC8 8995 C8FDFFFF mov [ebp-238], edx ; msvcrt.77C31AE8 7C933ECE C785 9CFDFFFF 0>mov dword ptr [ebp-264], 20A 7C933ED8 8B08 mov ecx, [eax] 7C933EDA 898D C0FDFFFF mov [ebp-240], ecx 7C933EE0 8B40 04 mov eax, [eax+4] 7C933EE3 8985 C4FDFFFF mov [ebp-23C], eax 7C933EE9 66:83F9 08 cmp cx, 8 7C933EED 76 0A jbe short 7C933EF9 7C933EEF 66:8338 5C cmp word ptr [eax], 5C 7C933EF3 0F84 F1650000 je 7C93A4EA 7C933EF9 C685 D5FDFFFF 0>mov byte ptr [ebp-22B], 0 7C933F00 8D85 D8FDFFFF lea eax, [ebp-228] 7C933F06 8985 C8FDFFFF mov [ebp-238], eax 7C933F0C B9 1A020000 mov ecx, 21A 7C933F11 898D 9CFDFFFF mov [ebp-264], ecx 7C933F17 64:A1 18000000 mov eax, fs:[18] 7C933F1D 51 push ecx 7C933F1E 52 push edx ; msvcrt.77C31AE8 7C933F1F 8B40 30 mov eax, [eax+30] 7C933F22 FF70 18 push dword ptr [eax+18] 7C933F25 E8 AAC6FFFF call RtlAllocateHeap 7C933F2A 8985 D0FDFFFF mov [ebp-230], eax 7C933F30 85C0 test eax, eax 7C933F32 0F84 C9890200 je 7C95C901 7C933F38 E8 E0C9FFFF call RtlAcquirePebLock 7C933F3D C685 D7FDFFFF 0>mov byte ptr [ebp-229], 1 7C933F44 8365 FC 00 and dword ptr [ebp-4], 0 7C933F48 C745 FC 0100000>mov dword ptr [ebp-4], 1 7C933F4F 80BD D5FDFFFF 0>cmp byte ptr [ebp-22B], 0 7C933F56 0F85 EA6D0100 jnz 7C94AD46 7C933F5C 8D85 CCFDFFFF lea eax, [ebp-234] 7C933F62 50 push eax 7C933F63 8D85 D6FDFFFF lea eax, [ebp-22A] 7C933F69 50 push eax 7C933F6A 57 push edi 7C933F6B FFB5 C8FDFFFF push dword ptr [ebp-238] ; ntdll.7C931993 7C933F71 BF 08020000 mov edi, 208 7C933F76 57 push edi 7C933F77 8D85 C0FDFFFF lea eax, [ebp-240] 7C933F7D 50 push eax 7C933F7E E8 E4FBFFFF call 7C933B67 7C933F83 8985 B0FDFFFF mov [ebp-250], eax 7C933F89 80BD D6FDFFFF 0>cmp byte ptr [ebp-22A], 0 7C933F90 0F85 59540000 jnz 7C9393EF 7C933F96 85C0 test eax, eax 7C933F98 0F84 51540000 je 7C9393EF 7C933F9E 3BC7 cmp eax, edi 7C933FA0 0F87 49540000 ja 7C9393EF 7C933FA6 8B3D F040937C mov edi, [7C9340F0] 7C933FAC 89BD 94FDFFFF mov [ebp-26C], edi 7C933FB2 A1 F440937C mov eax, [7C9340F4] 7C933FB7 8985 98FDFFFF mov [ebp-268], eax 7C933FBD FFB5 C8FDFFFF push dword ptr [ebp-238] ; ntdll.7C931993 7C933FC3 E8 D7F9FFFF call RtlDetermineDosPathNameType_U 7C933FC8 8985 80FDFFFF mov [ebp-280], eax 7C933FCE 83F8 01 cmp eax, 1 7C933FD1 0F84 14330100 je 7C9472EB 7C933FD7 7E 10 jle short 7C933FE9 7C933FD9 83F8 05 cmp eax, 5 7C933FDC 0F8F F2650000 jg 7C93A5D4 7C933FE2 83A5 B4FDFFFF 0>and dword ptr [ebp-24C], 0 7C933FE9 0FB7FF movzx edi, di 7C933FEC 57 push edi 7C933FED FFB5 98FDFFFF push dword ptr [ebp-268] 7C933FF3 FFB5 D0FDFFFF push dword ptr [ebp-230] ; ntdll.7C931970 7C933FF9 E8 3CE5FEFF call memmove 7C933FFE 8B85 B4FDFFFF mov eax, [ebp-24C] ; ntdll.7C931993 7C934004 8D0C00 lea ecx, [eax+eax] 7C934007 898D 90FDFFFF mov [ebp-270], ecx 7C93400D 8B95 B0FDFFFF mov edx, [ebp-250] ; ntdll.7C931962 7C934013 2BD1 sub edx, ecx 7C934015 52 push edx ; msvcrt.77C31AE8 7C934016 8B8D C8FDFFFF mov ecx, [ebp-238] ; ntdll.7C931993 7C93401C 8D0441 lea eax, [ecx+eax*2] 7C93401F 50 push eax 7C934020 8B85 D0FDFFFF mov eax, [ebp-230] ; ntdll.7C931970 7C934026 03C7 add eax, edi 7C934028 50 push eax 7C934029 E8 0CE5FEFF call memmove 7C93402E 83C4 18 add esp, 18 7C934031 8B8D D0FDFFFF mov ecx, [ebp-230] ; ntdll.7C931970 7C934037 894E 04 mov [esi+4], ecx 7C93403A 8B85 B4FDFFFF mov eax, [ebp-24C] ; ntdll.7C931993 7C934040 03C0 add eax, eax 7C934042 8B95 B0FDFFFF mov edx, [ebp-250] ; ntdll.7C931962 7C934048 2BD0 sub edx, eax 7C93404A 0FB7C2 movzx eax, dx 7C93404D 03C7 add eax, edi 7C93404F 66:8906 mov [esi], ax 7C934052 66:8B95 9CFDFFF>mov dx, [ebp-264] 7C934059 66:8956 02 mov [esi+2], dx 7C93405D 0FB7F0 movzx esi, ax 7C934060 D1EE shr esi, 1 7C934062 89B5 84FDFFFF mov [ebp-27C], esi ; ntdll.ZwTerminateProcess 7C934068 66:832471 00 and word ptr [ecx+esi*2], 0 7C93406D 8B85 A0FDFFFF mov eax, [ebp-260] ; ntdll.7C92EE18 7C934073 85C0 test eax, eax 7C934075 ^ 0F85 9EF5FFFF jnz 7C933619 7C93407B 85DB test ebx, ebx 7C93407D 74 1C je short 7C93409B 7C93407F 33C0 xor eax, eax 7C934081 66:8903 mov [ebx], ax 7C934084 66:8943 02 mov [ebx+2], ax 7C934088 8943 04 mov [ebx+4], eax 7C93408B 8943 08 mov [ebx+8], eax 7C93408E 83BD CCFDFFFF 0>cmp dword ptr [ebp-234], 5 7C934095 0F84 C26D0000 je 7C93AE5D 7C93409B 8365 FC 00 and dword ptr [ebp-4], 0 7C93409F 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C9340A3 E8 35000000 call 7C9340DD 7C9340A8 8A85 D7FDFFFF mov al, [ebp-229] 7C9340AE 8B4D E4 mov ecx, [ebp-1C] 7C9340B1 E8 D1C2FFFF call 7C930387 7C9340B6 E8 47ADFFFF call 7C92EE02 7C9340BB C2 1000 retn 10 7C9340BE 90 nop 7C9340BF 90 nop 7C9340C0 FFFF ??? ; 未知命令 7C9340C2 FFFF ??? ; 未知命令 7C9340C4 0000 add [eax], al 7C9340C6 0000 add [eax], al 7C9340C8 DD40 93 fld qword ptr [eax-6D] 7C9340CB 7C 00 jl short 7C9340CD 7C9340CD 0000 add [eax], al 7C9340CF 0020 add [eax], ah 7C9340D1 C9 leave 7C9340D2 95 xchg eax, ebp 7C9340D3 7C 29 jl short 7C9340FE 7C9340D5 C9 leave 7C9340D6 95 xchg eax, ebp 7C9340D7 ^ 7C 90 jl short 7C934069 7C9340D9 90 nop 7C9340DA 90 nop 7C9340DB 90 nop 7C9340DC 90 nop 7C9340DD 80BD D7FDFFFF 0>cmp byte ptr [ebp-229], 0 7C9340E4 0F84 11530000 je 7C9393FB 7C9340EA E8 72C8FFFF call RtlReleasePebLock 7C9340EF C3 retn 7C9340F0 0800 or [eax], al 7C9340F2 0A00 or al, [eax] 7C9340F4 883E mov [esi], bh 7C9340F6 93 xchg eax, ebx 7C9340F7 ^ 7C 90 jl short 7C934089 7C9340F9 90 nop 7C9340FA 90 nop 7C9340FB 90 nop 7C9340FC 90 nop 7C9340FD > 8BFF mov edi, edi 7C9340FF 55 push ebp 7C934100 8BEC mov ebp, esp 7C934102 51 push ecx 7C934103 51 push ecx 7C934104 56 push esi ; ntdll.ZwTerminateProcess 7C934105 8B75 08 mov esi, [ebp+8] 7C934108 33C0 xor eax, eax 7C93410A 3BF0 cmp esi, eax 7C93410C 74 3D je short 7C93414B 7C93410E 56 push esi ; ntdll.ZwTerminateProcess 7C93410F E8 46C2FFFF call wcslen 7C934114 D1E0 shl eax, 1 7C934116 59 pop ecx ; ntdll.7C92E89A 7C934117 8D48 02 lea ecx, [eax+2] 7C93411A 81F9 FEFF0000 cmp ecx, 0FFFE 7C934120 0F83 13810200 jnb 7C95C239 7C934126 8D48 02 lea ecx, [eax+2] 7C934129 66:894D FA mov [ebp-6], cx 7C93412D FF75 14 push dword ptr [ebp+14] 7C934130 66:8945 F8 mov [ebp-8], ax 7C934134 FF75 10 push dword ptr [ebp+10] 7C934137 8D45 F8 lea eax, [ebp-8] 7C93413A FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C93413D 8975 FC mov [ebp-4], esi ; ntdll.ZwTerminateProcess 7C934140 50 push eax 7C934141 E8 51FDFFFF call 7C933E97 7C934146 5E pop esi ; ntdll.7C92E89A 7C934147 C9 leave 7C934148 C2 1000 retn 10 7C93414B 66:8945 FA mov [ebp-6], ax 7C93414F ^ EB DC jmp short 7C93412D 7C934151 90 nop 7C934152 90 nop 7C934153 90 nop 7C934154 90 nop 7C934155 90 nop 7C934156 8BFF mov edi, edi 7C934158 55 push ebp 7C934159 8BEC mov ebp, esp 7C93415B 83EC 1C sub esp, 1C 7C93415E A1 34C0997C mov eax, [7C99C034] 7C934163 56 push esi ; ntdll.ZwTerminateProcess 7C934164 8B75 08 mov esi, [ebp+8] 7C934167 8945 FC mov [ebp-4], eax 7C93416A 8B46 08 mov eax, [esi+8] 7C93416D A8 01 test al, 1 7C93416F 0F85 81D70000 jnz 7C9418F6 7C934175 8B0D DC02FE7F mov ecx, [7FFE02DC] 7C93417B 3B0D 50C0997C cmp ecx, [7C99C050] 7C934181 0F85 6FD70000 jnz 7C9418F6 7C934187 8B4D FC mov ecx, [ebp-4] 7C93418A 5E pop esi ; ntdll.7C92E89A 7C93418B E8 F7C1FFFF call 7C930387 7C934190 C9 leave 7C934191 C2 0400 retn 4 7C934194 66:3D 6E00 cmp ax, 6E 7C934198 ^ 0F84 2DF9FFFF je 7C933ACB 7C93419E ^ E9 B6F9FFFF jmp 7C933B59 7C9341A3 C645 C7 00 mov byte ptr [ebp-39], 0 7C9341A7 ^ E9 69FAFFFF jmp 7C933C15 7C9341AC 90 nop 7C9341AD 90 nop 7C9341AE 90 nop 7C9341AF 90 nop 7C9341B0 90 nop 7C9341B1 > 8BFF mov edi, edi 7C9341B3 55 push ebp 7C9341B4 8BEC mov ebp, esp 7C9341B6 51 push ecx 7C9341B7 51 push ecx 7C9341B8 FF75 08 push dword ptr [ebp+8] 7C9341BB 8D45 F8 lea eax, [ebp-8] 7C9341BE 50 push eax 7C9341BF E8 E1C1FFFF call RtlInitUnicodeStringEx 7C9341C4 85C0 test eax, eax 7C9341C6 0F8C AB890200 jl 7C95CB77 7C9341CC 8D45 08 lea eax, [ebp+8] 7C9341CF 50 push eax 7C9341D0 6A 00 push 0 7C9341D2 FF75 14 push dword ptr [ebp+14] 7C9341D5 8D45 F8 lea eax, [ebp-8] 7C9341D8 FF75 10 push dword ptr [ebp+10] 7C9341DB FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C9341DE 50 push eax 7C9341DF E8 83F9FFFF call 7C933B67 7C9341E4 C9 leave 7C9341E5 C2 1000 retn 10 7C9341E8 66:83FA 70 cmp dx, 70 7C9341EC ^ 0F84 16F9FFFF je 7C933B08 7C9341F2 66:83FA 61 cmp dx, 61 7C9341F6 ^ 0F84 0CF9FFFF je 7C933B08 7C9341FC 66:83FA 6E cmp dx, 6E 7C934200 ^ 0F85 53F9FFFF jnz 7C933B59 7C934206 ^ E9 FDF8FFFF jmp 7C933B08 7C93420B 90 nop 7C93420C 90 nop 7C93420D 90 nop 7C93420E 90 nop 7C93420F 90 nop 7C934210 > 8BFF mov edi, edi 7C934212 55 push ebp 7C934213 8BEC mov ebp, esp 7C934215 8B45 08 mov eax, [ebp+8] 7C934218 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C93421B 0FB710 movzx edx, word ptr [eax] 7C93421E 53 push ebx 7C93421F 8B59 04 mov ebx, [ecx+4] 7C934222 57 push edi 7C934223 8B78 04 mov edi, [eax+4] 7C934226 0FB701 movzx eax, word ptr [ecx] 7C934229 3BC2 cmp eax, edx ; msvcrt.77C31AE8 7C93422B 0F82 09940100 jb 7C94D63A 7C934231 D1EA shr edx, 1 7C934233 807D 10 00 cmp byte ptr [ebp+10], 0 7C934237 56 push esi ; ntdll.ZwTerminateProcess 7C934238 8955 08 mov [ebp+8], edx ; msvcrt.77C31AE8 7C93423B 0F84 A1470200 je 7C9589E2 7C934241 85D2 test edx, edx ; msvcrt.77C31AE8 7C934243 74 1F je short 7C934264 7C934245 A1 4CC0997C mov eax, [7C99C04C] 7C93424A 66:8B17 mov dx, [edi] 7C93424D 66:8B33 mov si, [ebx] 7C934250 47 inc edi 7C934251 47 inc edi 7C934252 43 inc ebx 7C934253 43 inc ebx 7C934254 66:3BD6 cmp dx, si 7C934257 897D 10 mov [ebp+10], edi 7C93425A 895D 0C mov [ebp+C], ebx 7C93425D 75 0E jnz short 7C93426D 7C93425F FF4D 08 dec dword ptr [ebp+8] 7C934262 ^ 75 E6 jnz short 7C93424A 7C934264 B0 01 mov al, 1 7C934266 5E pop esi ; ntdll.7C92E89A 7C934267 5F pop edi ; ntdll.7C92E89A 7C934268 5B pop ebx ; ntdll.7C92E89A 7C934269 5D pop ebp ; ntdll.7C92E89A 7C93426A C2 0C00 retn 0C 7C93426D 66:83FA 61 cmp dx, 61 7C934271 0F83 DFD70100 jnb 7C951A56 7C934277 0FB7D2 movzx edx, dx 7C93427A 66:83FE 61 cmp si, 61 7C93427E 0FB7CE movzx ecx, si 7C934281 0F83 80660100 jnb 7C94A907 7C934287 3BD1 cmp edx, ecx 7C934289 0F84 8A660100 je 7C94A919 7C93428F 32C0 xor al, al 7C934291 ^ EB D3 jmp short 7C934266 7C934293 33C9 xor ecx, ecx 7C934295 8D50 18 lea edx, [eax+18] 7C934298 EB 0A jmp short 7C9342A4 7C93429A B8 0D0000C0 mov eax, C000000D 7C93429F E9 5D330000 jmp 7C937601 7C9342A4 F602 04 test byte ptr [edx], 4 7C9342A7 75 0F jnz short 7C9342B8 7C9342A9 41 inc ecx 7C9342AA 83C2 30 add edx, 30 7C9342AD 83F9 20 cmp ecx, 20 7C9342B0 0F83 DAED0200 jnb 7C963090 7C9342B6 ^ EB EC jmp short 7C9342A4 7C9342B8 FF40 FC inc dword ptr [eax-4] 7C9342BB 8D0C49 lea ecx, [ecx+ecx*2] 7C9342BE C1E1 04 shl ecx, 4 7C9342C1 8D4C01 10 lea ecx, [ecx+eax+10] 7C9342C5 3BCF cmp ecx, edi 7C9342C7 0F85 29330000 jnz 7C9375F6 7C9342CD E9 BEED0200 jmp 7C963090 7C9342D2 2BCA sub ecx, edx ; msvcrt.77C31AE8 7C9342D4 33C0 xor eax, eax 7C9342D6 8D3C13 lea edi, [ebx+edx] 7C9342D9 8BD1 mov edx, ecx 7C9342DB C1E9 02 shr ecx, 2 7C9342DE F3:AB rep stos dword ptr es:[edi] 7C9342E0 8BCA mov ecx, edx ; msvcrt.77C31AE8 7C9342E2 83E1 03 and ecx, 3 7C9342E5 F3:AA rep stos byte ptr es:[edi] 7C9342E7 E9 BD390000 jmp 7C937CA9 7C9342EC 66:8345 F8 FE add word ptr [ebp-8], 0FFFE 7C9342F1 03C2 add eax, edx ; msvcrt.77C31AE8 7C9342F3 0FB7F0 movzx esi, ax 7C9342F6 66:8B7471 FE mov si, [ecx+esi*2-2] 7C9342FB 43 inc ebx 7C9342FC 66:85C0 test ax, ax 7C9342FF ^ 0F84 6BF7FFFF je 7C933A70 7C934305 ^ E9 52F7FFFF jmp 7C933A5C 7C93430A 90 nop 7C93430B 90 nop 7C93430C 90 nop 7C93430D 90 nop 7C93430E 90 nop 7C93430F > 6A 0C push 0C 7C934311 68 9043937C push 7C934390 7C934316 E8 A7AAFFFF call 7C92EDC2 7C93431B 64:A1 18000000 mov eax, fs:[18] 7C934321 8B40 30 mov eax, [eax+30] 7C934324 8B70 10 mov esi, [eax+10] 7C934327 83C6 24 add esi, 24 7C93432A E8 EEC5FFFF call RtlAcquirePebLock 7C93432F 8B46 04 mov eax, [esi+4] 7C934332 0FB736 movzx esi, word ptr [esi] 7C934335 D1EE shr esi, 1 7C934337 8D3C36 lea edi, [esi+esi] 7C93433A 66:837C70 FC 3A cmp word ptr [eax+esi*2-4], 3A 7C934340 0F84 E0250200 je 7C956926 7C934346 397D 08 cmp [ebp+8], edi 7C934349 0F82 CB250200 jb 7C95691A 7C93434F 33DB xor ebx, ebx 7C934351 895D FC mov [ebp-4], ebx 7C934354 57 push edi 7C934355 50 push eax 7C934356 8B7D 0C mov edi, [ebp+C] ; RPCRT4.77E8F3B0 7C934359 57 push edi 7C93435A E8 DBE1FEFF call memmove 7C93435F 83C4 0C add esp, 0C 7C934362 66:837C77 FC 3A cmp word ptr [edi+esi*2-4], 3A 7C934368 0F84 58840200 je 7C95C7C6 7C93436E 66:895C77 FE mov [edi+esi*2-2], bx 7C934373 4E dec esi ; ntdll.ZwTerminateProcess 7C934374 8975 E4 mov [ebp-1C], esi ; ntdll.ZwTerminateProcess 7C934377 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C93437B E8 E1C5FFFF call RtlReleasePebLock 7C934380 8D0436 lea eax, [esi+esi] 7C934383 E8 7AAAFFFF call 7C92EE02 7C934388 C2 0800 retn 8 7C93438B 90 nop 7C93438C 90 nop 7C93438D 90 nop 7C93438E 90 nop 7C93438F 90 nop 7C934390 FFFF ??? ; 未知命令 7C934392 FFFF ??? ; 未知命令 7C934394 D4 C7 aam 0C7 7C934396 95 xchg eax, ebp 7C934397 ^ 7C DD jl short 7C934376 7C934399 C7 ??? ; 未知命令 7C93439A 95 xchg eax, ebp 7C93439B ^ 7C 90 jl short 7C93432D 7C93439D 90 nop 7C93439E 90 nop 7C93439F 90 nop 7C9343A0 90 nop 7C9343A1 > 6A 34 push 34 7C9343A3 68 8844937C push 7C934488 7C9343A8 E8 15AAFFFF call 7C92EDC2 7C9343AD C645 E7 00 mov byte ptr [ebp-19], 0 7C9343B1 C745 E0 000100C>mov dword ptr [ebp-20], C0000100 7C9343B8 64:A1 18000000 mov eax, fs:[18] 7C9343BE 8B58 30 mov ebx, [eax+30] 7C9343C1 895D D4 mov [ebp-2C], ebx 7C9343C4 33FF xor edi, edi 7C9343C6 897D FC mov [ebp-4], edi 7C9343C9 8B75 08 mov esi, [ebp+8] 7C9343CC 3BF7 cmp esi, edi 7C9343CE 0F85 5CCF0000 jnz 7C941330 7C9343D4 E8 44C5FFFF call RtlAcquirePebLock 7C9343D9 C645 E7 01 mov byte ptr [ebp-19], 1 7C9343DD 8B43 10 mov eax, [ebx+10] 7C9343E0 8B70 48 mov esi, [eax+48] 7C9343E3 8975 DC mov [ebp-24], esi ; ntdll.ZwTerminateProcess 7C9343E6 803D 54C1997C 0>cmp byte ptr [7C99C154], 0 7C9343ED 0F84 1C020000 je 7C93460F 7C9343F3 8B43 10 mov eax, [ebx+10] 7C9343F6 3B70 48 cmp esi, [eax+48] 7C9343F9 0F85 10020000 jnz 7C93460F 7C9343FF 6A 01 push 1 7C934401 68 58C1997C push 7C99C158 7C934406 FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C934409 E8 C0EFFFFF call RtlEqualUnicodeString 7C93440E 84C0 test al, al 7C934410 0F84 F9010000 je 7C93460F 7C934416 8B45 10 mov eax, [ebp+10] 7C934419 66:8B0D 60C1997>mov cx, [7C99C160] 7C934420 66:8908 mov [eax], cx 7C934423 8B0D 60C1997C mov ecx, [7C99C160] ; t40kit32.003C003A 7C934429 66:3948 02 cmp [eax+2], cx 7C93442D 0F82 89030000 jb 7C9347BC 7C934433 0FB7C9 movzx ecx, cx 7C934436 8B35 64C1997C mov esi, [7C99C164] 7C93443C 8B78 04 mov edi, [eax+4] 7C93443F 8BD1 mov edx, ecx 7C934441 C1E9 02 shr ecx, 2 7C934444 F3:A5 rep movs dword ptr es:[edi], dword p> 7C934446 8BCA mov ecx, edx ; msvcrt.77C31AE8 7C934448 83E1 03 and ecx, 3 7C93444B F3:A4 rep movs byte ptr es:[edi], byte ptr> 7C93444D 8B0D 60C1997C mov ecx, [7C99C160] ; t40kit32.003C003A 7C934453 66:3948 02 cmp [eax+2], cx 7C934457 76 0D jbe short 7C934466 7C934459 0FB7C9 movzx ecx, cx 7C93445C D1E9 shr ecx, 1 7C93445E 8B40 04 mov eax, [eax+4] 7C934461 66:832448 00 and word ptr [eax+ecx*2], 0 7C934466 8365 E0 00 and dword ptr [ebp-20], 0 7C93446A 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C93446E 807D E7 00 cmp byte ptr [ebp-19], 0 7C934472 74 05 je short 7C934479 7C934474 E8 E8C4FFFF call RtlReleasePebLock 7C934479 8B45 E0 mov eax, [ebp-20] 7C93447C E8 81A9FFFF call 7C92EE02 7C934481 C2 0C00 retn 0C 7C934484 90 nop 7C934485 90 nop 7C934486 90 nop 7C934487 90 nop 7C934488 FFFF ??? ; 未知命令 7C93448A FFFF ??? ; 未知命令 7C93448C ^ 7E CE jle short 7C93445C 7C93448E 96 xchg eax, esi ; ntdll.ZwTerminateProcess 7C93448F ^ 7C 87 jl short 7C934418 7C934491 CE into 7C934492 96 xchg eax, esi ; ntdll.ZwTerminateProcess 7C934493 ^ 7C 90 jl short 7C934425 7C934495 90 nop 7C934496 90 nop 7C934497 90 nop 7C934498 90 nop 7C934499 > 8BFF mov edi, edi 7C93449B 55 push ebp 7C93449C 8BEC mov ebp, esp 7C93449E 8B45 08 mov eax, [ebp+8] 7C9344A1 8BD0 mov edx, eax 7C9344A3 66:8B08 mov cx, [eax] 7C9344A6 40 inc eax 7C9344A7 40 inc eax 7C9344A8 66:85C9 test cx, cx 7C9344AB ^ 75 F6 jnz short 7C9344A3 7C9344AD 66:8B4D 0C mov cx, [ebp+C] 7C9344B1 48 dec eax 7C9344B2 48 dec eax 7C9344B3 3BC2 cmp eax, edx ; msvcrt.77C31AE8 7C9344B5 74 05 je short 7C9344BC 7C9344B7 66:3908 cmp [eax], cx 7C9344BA ^ 75 F5 jnz short 7C9344B1 7C9344BC 66:8B10 mov dx, [eax] 7C9344BF 66:2BD1 sub dx, cx 7C9344C2 66:F7DA neg dx 7C9344C5 1BD2 sbb edx, edx ; msvcrt.77C31AE8 7C9344C7 F7D2 not edx ; msvcrt.77C31AE8 7C9344C9 23C2 and eax, edx ; msvcrt.77C31AE8 7C9344CB 5D pop ebp ; ntdll.7C92E89A 7C9344CC C3 retn 7C9344CD 90 nop 7C9344CE 90 nop 7C9344CF 90 nop 7C9344D0 90 nop 7C9344D1 90 nop 7C9344D2 > 8BFF mov edi, edi 7C9344D4 55 push ebp 7C9344D5 8BEC mov ebp, esp 7C9344D7 83EC 20 sub esp, 20 7C9344DA 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C9344DD 53 push ebx 7C9344DE 0FB718 movzx ebx, word ptr [eax] 7C9344E1 56 push esi ; ntdll.ZwTerminateProcess 7C9344E2 8B70 04 mov esi, [eax+4] 7C9344E5 8B45 10 mov eax, [ebp+10] 7C9344E8 8B48 04 mov ecx, [eax+4] 7C9344EB 0FB740 02 movzx eax, word ptr [eax+2] 7C9344EF 33D2 xor edx, edx ; msvcrt.77C31AE8 7C9344F1 83FB 02 cmp ebx, 2 7C9344F4 894D FC mov [ebp-4], ecx 7C9344F7 8945 0C mov [ebp+C], eax 7C9344FA 8955 F8 mov [ebp-8], edx ; msvcrt.77C31AE8 7C9344FD 8955 F4 mov [ebp-C], edx ; msvcrt.77C31AE8 7C934500 72 3D jb short 7C93453F 7C934502 57 push edi 7C934503 66:833E 25 cmp word ptr [esi], 25 7C934507 74 69 je short 7C934572 7C934509 837D F8 00 cmp dword ptr [ebp-8], 0 7C93450D 7C 1B jl short 7C93452A 7C93450F 837D 0C 02 cmp dword ptr [ebp+C], 2 7C934513 0F86 38490200 jbe 7C958E51 7C934519 8B4D FC mov ecx, [ebp-4] 7C93451C 66:8B06 mov ax, [esi] 7C93451F 836D 0C 02 sub dword ptr [ebp+C], 2 7C934523 8345 FC 02 add dword ptr [ebp-4], 2 7C934527 66:8901 mov [ecx], ax 7C93452A 8345 F4 02 add dword ptr [ebp-C], 2 7C93452E 4B dec ebx 7C93452F 4B dec ebx 7C934530 46 inc esi ; ntdll.ZwTerminateProcess 7C934531 46 inc esi ; ntdll.ZwTerminateProcess 7C934532 33D2 xor edx, edx ; msvcrt.77C31AE8 7C934534 83FB 02 cmp ebx, 2 7C934537 ^ 73 CA jnb short 7C934503 7C934539 3955 F8 cmp [ebp-8], edx ; msvcrt.77C31AE8 7C93453C 5F pop edi ; ntdll.7C92E89A 7C93453D 7C 0F jl short 7C93454E 7C93453F 3955 0C cmp [ebp+C], edx ; msvcrt.77C31AE8 7C934542 0F84 15490200 je 7C958E5D 7C934548 8B45 FC mov eax, [ebp-4] 7C93454B 66:8910 mov [eax], dx 7C93454E 8B4D F4 mov ecx, [ebp-C] ; kernel32.7C8399F3 7C934551 8B45 14 mov eax, [ebp+14] 7C934554 41 inc ecx 7C934555 41 inc ecx 7C934556 3BC2 cmp eax, edx ; msvcrt.77C31AE8 7C934558 5E pop esi ; ntdll.7C92E89A 7C934559 5B pop ebx ; ntdll.7C92E89A 7C93455A 74 02 je short 7C93455E 7C93455C 8908 mov [eax], ecx 7C93455E 8B45 F8 mov eax, [ebp-8] ; kernel32.7C81CA78 7C934561 3BC2 cmp eax, edx ; msvcrt.77C31AE8 7C934563 7C 09 jl short 7C93456E 7C934565 8B55 10 mov edx, [ebp+10] 7C934568 83C1 FE add ecx, -2 7C93456B 66:890A mov [edx], cx 7C93456E C9 leave 7C93456F C2 1000 retn 10 7C934572 33C0 xor eax, eax 7C934574 8D4B FE lea ecx, [ebx-2] 7C934577 3BCA cmp ecx, edx ; msvcrt.77C31AE8 7C934579 8D7E 02 lea edi, [esi+2] 7C93457C 8945 F0 mov [ebp-10], eax 7C93457F 66:8955 E8 mov [ebp-18], dx 7C934583 897D EC mov [ebp-14], edi 7C934586 ^ 76 81 jbe short 7C934509 7C934588 66:833F 25 cmp word ptr [edi], 25 7C93458C 74 11 je short 7C93459F 7C93458E 47 inc edi 7C93458F 47 inc edi 7C934590 40 inc eax 7C934591 40 inc eax 7C934592 3BC1 cmp eax, ecx 7C934594 8945 F0 mov [ebp-10], eax 7C934597 ^ 0F83 6CFFFFFF jnb 7C934509 7C93459D ^ EB E9 jmp short 7C934588 7C93459F 3BC2 cmp eax, edx ; msvcrt.77C31AE8 7C9345A1 ^ 0F84 62FFFFFF je 7C934509 7C9345A7 66:3BC2 cmp ax, dx 7C9345AA 66:8945 E8 mov [ebp-18], ax 7C9345AE 66:8945 EA mov [ebp-16], ax 7C9345B2 ^ 0F84 51FFFFFF je 7C934509 7C9345B8 8B45 FC mov eax, [ebp-4] 7C9345BB 8945 E4 mov [ebp-1C], eax 7C9345BE 66:8B45 0C mov ax, [ebp+C] 7C9345C2 66:8945 E2 mov [ebp-1E], ax 7C9345C6 8D45 E0 lea eax, [ebp-20] 7C9345C9 50 push eax 7C9345CA 8D45 E8 lea eax, [ebp-18] 7C9345CD 50 push eax 7C9345CE FF75 08 push dword ptr [ebp+8] 7C9345D1 66:8955 E0 mov [ebp-20], dx 7C9345D5 E8 C7FDFFFF call RtlQueryEnvironmentVariable_U 7C9345DA 85C0 test eax, eax 7C9345DC 0F8C 2A3B0100 jl 7C94810C 7C9345E2 0FB74D E0 movzx ecx, word ptr [ebp-20] 7C9345E6 014D F4 add [ebp-C], ecx 7C9345E9 6A FC push -4 7C9345EB 5A pop edx ; ntdll.7C92E89A 7C9345EC 2B55 F0 sub edx, [ebp-10] 7C9345EF 8D77 02 lea esi, [edi+2] 7C9345F2 03DA add ebx, edx ; msvcrt.77C31AE8 7C9345F4 85C0 test eax, eax 7C9345F6 0F8C 203B0100 jl 7C94811C 7C9345FC 294D 0C sub [ebp+C], ecx 7C9345FF 8B45 FC mov eax, [ebp-4] 7C934602 D1E9 shr ecx, 1 7C934604 8D0448 lea eax, [eax+ecx*2] 7C934607 8945 FC mov [ebp-4], eax 7C93460A ^ E9 23FFFFFF jmp 7C934532 7C93460F 3BF7 cmp esi, edi 7C934611 0F84 9D5D0000 je 7C93A3B4 7C934617 6A 02 push 2 7C934619 5B pop ebx ; ntdll.7C92E89A 7C93461A E9 A8000000 jmp 7C9346C7 7C93461F 817D E0 000100C>cmp dword ptr [ebp-20], C0000100 7C934626 ^ 0F85 3EFEFFFF jnz 7C93446A 7C93462C 6A 01 push 1 7C93462E 68 6846937C push 7C934668 7C934633 FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C934636 E8 93EDFFFF call RtlEqualUnicodeString 7C93463B 84C0 test al, al 7C93463D 0F85 58870300 jnz 7C96CD9B 7C934643 6A 01 push 1 7C934645 68 7046937C push 7C934670 7C93464A FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C93464D E8 7CEDFFFF call RtlEqualUnicodeString 7C934652 84C0 test al, al 7C934654 0F85 6D870300 jnz 7C96CDC7 7C93465A 397D E0 cmp [ebp-20], edi 7C93465D ^ 0F8C 07FEFFFF jl 7C93446A 7C934663 E9 C9870300 jmp 7C96CE31 7C934668 0C 00 or al, 0 7C93466A 0E push cs 7C93466B 0088 A3937C14 add [eax+147C93A3], cl 7C934671 0016 add [esi], dl 7C934673 0098 A3937C66 add [eax+667C93A3], bl 7C934679 393E cmp [esi], edi 7C93467B 74 07 je short 7C934684 7C93467D 03F3 add esi, ebx 7C93467F 8975 DC mov [ebp-24], esi ; ntdll.ZwTerminateProcess 7C934682 ^ EB F4 jmp short 7C934678 7C934684 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C934686 2B45 C8 sub eax, [ebp-38] 7C934689 D1F8 sar eax, 1 7C93468B D1E0 shl eax, 1 7C93468D 66:8945 C4 mov [ebp-3C], ax 7C934691 8B45 C4 mov eax, [ebp-3C] ; ntdll.7C92F0AA 7C934694 83C0 02 add eax, 2 7C934697 66:8945 C6 mov [ebp-3A], ax 7C93469B EB 13 jmp short 7C9346B0 7C93469D 66:3D 3D00 cmp ax, 3D 7C9346A1 74 3A je short 7C9346DD 7C9346A3 03F3 add esi, ebx 7C9346A5 8975 DC mov [ebp-24], esi ; ntdll.ZwTerminateProcess 7C9346A8 66:8B06 mov ax, [esi] 7C9346AB 66:3BC7 cmp ax, di 7C9346AE ^ 75 ED jnz short 7C93469D 7C9346B0 03F3 add esi, ebx 7C9346B2 8975 DC mov [ebp-24], esi ; ntdll.ZwTerminateProcess 7C9346B5 6A 01 push 1 7C9346B7 8D45 BC lea eax, [ebp-44] 7C9346BA 50 push eax 7C9346BB FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C9346BE E8 0BEDFFFF call RtlEqualUnicodeString 7C9346C3 84C0 test al, al 7C9346C5 75 3F jnz short 7C934706 7C9346C7 66:393E cmp [esi], di 7C9346CA 0F84 E45C0000 je 7C93A3B4 7C9346D0 8975 C0 mov [ebp-40], esi ; ntdll.ZwTerminateProcess 7C9346D3 66:897D BC mov [ebp-44], di 7C9346D7 66:897D BE mov [ebp-42], di 7C9346DB ^ EB CB jmp short 7C9346A8 7C9346DD 3B75 C0 cmp esi, [ebp-40] 7C9346E0 ^ 74 C1 je short 7C9346A3 7C9346E2 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C9346E4 2B45 C0 sub eax, [ebp-40] 7C9346E7 D1F8 sar eax, 1 7C9346E9 D1E0 shl eax, 1 7C9346EB 66:8945 BC mov [ebp-44], ax 7C9346EF 8B45 BC mov eax, [ebp-44] 7C9346F2 83C0 02 add eax, 2 7C9346F5 66:8945 BE mov [ebp-42], ax 7C9346F9 03F3 add esi, ebx 7C9346FB 8975 DC mov [ebp-24], esi ; ntdll.ZwTerminateProcess 7C9346FE 8975 C8 mov [ebp-38], esi ; ntdll.ZwTerminateProcess 7C934701 ^ E9 72FFFFFF jmp 7C934678 7C934706 66:8B45 C4 mov ax, [ebp-3C] 7C93470A 8B5D 10 mov ebx, [ebp+10] 7C93470D 66:8903 mov [ebx], ax 7C934710 66:3943 02 cmp [ebx+2], ax 7C934714 0F82 96000000 jb 7C9347B0 7C93471A 0FB7C8 movzx ecx, ax 7C93471D 8B75 C8 mov esi, [ebp-38] 7C934720 8B7B 04 mov edi, [ebx+4] 7C934723 8BC1 mov eax, ecx 7C934725 C1E9 02 shr ecx, 2 7C934728 F3:A5 rep movs dword ptr es:[edi], dword p> 7C93472A 8BC8 mov ecx, eax 7C93472C 83E1 03 and ecx, 3 7C93472F F3:A4 rep movs byte ptr es:[edi], byte ptr> 7C934731 66:8B45 C4 mov ax, [ebp-3C] 7C934735 66:3943 02 cmp [ebx+2], ax 7C934739 76 0D jbe short 7C934748 7C93473B 0FB7C0 movzx eax, ax 7C93473E D1E8 shr eax, 1 7C934740 8B4B 04 mov ecx, [ebx+4] 7C934743 66:832441 00 and word ptr [ecx+eax*2], 0 7C934748 8B45 08 mov eax, [ebp+8] 7C93474B 85C0 test eax, eax 7C93474D 0F85 EECB0000 jnz 7C941341 7C934753 C605 54C1997C 0>mov byte ptr [7C99C154], 1 7C93475A 8B45 BC mov eax, [ebp-44] 7C93475D A3 58C1997C mov [7C99C158], eax 7C934762 8B45 C0 mov eax, [ebp-40] 7C934765 A3 5CC1997C mov [7C99C15C], eax 7C93476A 8B45 C4 mov eax, [ebp-3C] ; ntdll.7C92F0AA 7C93476D A3 60C1997C mov [7C99C160], eax 7C934772 8B45 C8 mov eax, [ebp-38] 7C934775 A3 64C1997C mov [7C99C164], eax 7C93477A 8365 E0 00 and dword ptr [ebp-20], 0 7C93477E 33FF xor edi, edi 7C934780 ^ E9 9AFEFFFF jmp 7C93461F 7C934785 90 nop 7C934786 90 nop 7C934787 90 nop 7C934788 90 nop 7C934789 90 nop 7C93478A > 8BFF mov edi, edi 7C93478C 55 push ebp 7C93478D 8BEC mov ebp, esp 7C93478F 8B45 08 mov eax, [ebp+8] 7C934792 66:8B55 0C mov dx, [ebp+C] 7C934796 66:8B08 mov cx, [eax] 7C934799 66:85C9 test cx, cx 7C93479C 74 09 je short 7C9347A7 7C93479E 66:3BCA cmp cx, dx 7C9347A1 74 0B je short 7C9347AE 7C9347A3 40 inc eax 7C9347A4 40 inc eax 7C9347A5 ^ EB EF jmp short 7C934796 7C9347A7 66:3BCA cmp cx, dx 7C9347AA 74 02 je short 7C9347AE 7C9347AC 33C0 xor eax, eax 7C9347AE 5D pop ebp ; ntdll.7C92E89A 7C9347AF C3 retn 7C9347B0 C745 E0 230000C>mov dword ptr [ebp-20], C0000023 7C9347B7 ^ E9 63FEFFFF jmp 7C93461F 7C9347BC C745 E0 230000C>mov dword ptr [ebp-20], C0000023 7C9347C3 ^ E9 A2FCFFFF jmp 7C93446A 7C9347C8 66:8B46 02 mov ax, [esi+2] 7C9347CC 66:3BC8 cmp cx, ax 7C9347CF 0F83 287D0200 jnb 7C95C4FD 7C9347D5 ^ E9 43E9FFFF jmp 7C93311D 7C9347DA 90 nop 7C9347DB 90 nop 7C9347DC 90 nop 7C9347DD 90 nop 7C9347DE 90 nop 7C9347DF > B8 15010000 mov eax, 115 7C9347E4 C3 retn 7C9347E5 90 nop 7C9347E6 90 nop 7C9347E7 90 nop 7C9347E8 90 nop 7C9347E9 90 nop 7C9347EA 8BFF mov edi, edi 7C9347EC 55 push ebp 7C9347ED 8BEC mov ebp, esp 7C9347EF 8B4D 08 mov ecx, [ebp+8] 7C9347F2 8B41 04 mov eax, [ecx+4] 7C9347F5 66:8B09 mov cx, [ecx] 7C9347F8 66:83F9 02 cmp cx, 2 7C9347FC 72 17 jb short 7C934815 7C9347FE 66:8B10 mov dx, [eax] 7C934801 66:83FA 5C cmp dx, 5C 7C934805 0F84 6C430200 je 7C958B77 7C93480B 66:83FA 2F cmp dx, 2F 7C93480F 0F84 62430200 je 7C958B77 7C934815 66:83F9 04 cmp cx, 4 7C934819 72 11 jb short 7C93482C 7C93481B 66:8338 00 cmp word ptr [eax], 0 7C93481F 74 0B je short 7C93482C 7C934821 66:8378 02 3A cmp word ptr [eax+2], 3A 7C934826 0F84 BC240000 je 7C936CE8 7C93482C 6A 05 push 5 7C93482E 58 pop eax ; ntdll.7C92E89A 7C93482F 5D pop ebp ; ntdll.7C92E89A 7C934830 C2 0400 retn 4 7C934833 B8 010015C0 mov eax, C0150001 7C934838 E9 47090000 jmp 7C935184 7C93483D 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C93483F E9 26080000 jmp 7C93506A 7C934844 8955 FC mov [ebp-4], edx ; msvcrt.77C31AE8 7C934847 68 D8C0997C push 7C99C0D8 7C93484C 3BC2 cmp eax, edx ; msvcrt.77C31AE8 7C93484E 0F85 3D890200 jnz 7C95D191 7C934854 E8 ACC7FEFF call RtlEnterCriticalSection 7C934859 85F6 test esi, esi ; ntdll.ZwTerminateProcess 7C93485B 0F85 54890200 jnz 7C95D1B5 7C934861 64:A1 18000000 mov eax, fs:[18] 7C934867 8945 DC mov [ebp-24], eax 7C93486A B9 44C0997C mov ecx, 7C99C044 7C93486F F0:0FC119 lock xadd [ecx], ebx 7C934873 43 inc ebx 7C934874 8B40 24 mov eax, [eax+24] 7C934877 25 FF0F0000 and eax, 0FFF 7C93487C 81E3 FFFF0000 and ebx, 0FFFF 7C934882 C1E0 10 shl eax, 10 7C934885 0BD8 or ebx, eax 7C934887 891F mov [edi], ebx 7C934889 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C93488D ^ E9 77E9FFFF jmp 7C933209 7C934892 C745 CC 8A0000C>mov dword ptr [ebp-34], C000008A 7C934899 ^ E9 80E0FFFF jmp 7C93291E 7C93489E 6A 05 push 5 7C9348A0 ^ E9 3EF1FFFF jmp 7C9339E3 7C9348A5 C745 CC 8B0000C>mov dword ptr [ebp-34], C000008B 7C9348AC ^ E9 6DE0FFFF jmp 7C93291E 7C9348B1 90 nop 7C9348B2 90 nop 7C9348B3 90 nop 7C9348B4 0000 add [eax], al 7C9348B6 1F pop ds 7C9348B7 003B add [ebx], bh 7C9348B9 005A 00 add [edx], bl 7C9348BC 78 00 js short 7C9348BE 7C9348BE 97 xchg eax, edi 7C9348BF 00B5 00D400F3 add [ebp+F300D400], dh 7C9348C5 0011 add [ecx], dl 7C9348C7 0130 add [eax], esi ; ntdll.ZwTerminateProcess 7C9348C9 014E 01 add [esi+1], ecx 7C9348CC 6D ins dword ptr es:[edi], dx 7C9348CD 0100 add [eax], eax 7C9348CF 000F add [edi], cl 7C9348D1 B6 87 mov dh, 87 7C9348D3 E8 48937C89 call 060FDC20 7C9348D8 45 inc ebp 7C9348D9 080F or [edi], cl 7C9348DB BF 0445B448 mov edi, 48B44504 7C9348E0 93 xchg eax, ebx 7C9348E1 ^ 7C E9 jl short 7C9348CC 7C9348E3 C2 DBFF retn 0FFDB 7C9348E6 FF90 00000000 call [eax] 7C9348EC 0000 add [eax], al 7C9348EE 0000 add [eax], al 7C9348F0 0000 add [eax], al 7C9348F2 0000 add [eax], al 7C9348F4 0000 add [eax], al 7C9348F6 0000 add [eax], al 7C9348F8 0000 add [eax], al 7C9348FA 0000 add [eax], al 7C9348FC 0000 add [eax], al 7C9348FE 0000 add [eax], al 7C934900 0000 add [eax], al 7C934902 0000 add [eax], al 7C934904 0000 add [eax], al 7C934906 0001 add [ecx], al 7C934908 0101 add [ecx], eax 7C93490A 0101 add [ecx], eax 7C93490C 0101 add [ecx], eax 7C93490E 0101 add [ecx], eax 7C934910 0101 add [ecx], eax 7C934912 0101 add [ecx], eax 7C934914 0101 add [ecx], eax 7C934916 0101 add [ecx], eax 7C934918 0101 add [ecx], eax 7C93491A 0101 add [ecx], eax 7C93491C 0101 add [ecx], eax 7C93491E 0101 add [ecx], eax 7C934920 0101 add [ecx], eax 7C934922 0102 add [edx], eax 7C934924 0202 add al, [edx] 7C934926 0202 add al, [edx] 7C934928 0202 add al, [edx] 7C93492A 0202 add al, [edx] 7C93492C 0202 add al, [edx] 7C93492E 0202 add al, [edx] 7C934930 0202 add al, [edx] 7C934932 0202 add al, [edx] 7C934934 0202 add al, [edx] 7C934936 0202 add al, [edx] 7C934938 0202 add al, [edx] 7C93493A 0202 add al, [edx] 7C93493C 0202 add al, [edx] 7C93493E 0202 add al, [edx] 7C934940 0202 add al, [edx] 7C934942 0303 add eax, [ebx] 7C934944 0303 add eax, [ebx] 7C934946 0303 add eax, [ebx] 7C934948 0303 add eax, [ebx] 7C93494A 0303 add eax, [ebx] 7C93494C 0303 add eax, [ebx] 7C93494E 0303 add eax, [ebx] 7C934950 0303 add eax, [ebx] 7C934952 0303 add eax, [ebx] 7C934954 0303 add eax, [ebx] 7C934956 0303 add eax, [ebx] 7C934958 0303 add eax, [ebx] 7C93495A 0303 add eax, [ebx] 7C93495C 0303 add eax, [ebx] 7C93495E 0303 add eax, [ebx] 7C934960 04 04 add al, 4 7C934962 04 04 add al, 4 7C934964 04 04 add al, 4 7C934966 04 04 add al, 4 7C934968 04 04 add al, 4 7C93496A 04 04 add al, 4 7C93496C 04 04 add al, 4 7C93496E 04 04 add al, 4 7C934970 04 04 add al, 4 7C934972 04 04 add al, 4 7C934974 04 04 add al, 4 7C934976 04 04 add al, 4 7C934978 04 04 add al, 4 7C93497A 04 04 add al, 4 7C93497C 04 04 add al, 4 7C93497E 04 05 add al, 5 7C934980 05 05050505 add eax, 5050505 7C934985 05 05050505 add eax, 5050505 7C93498A 05 05050505 add eax, 5050505 7C93498F 05 05050505 add eax, 5050505 7C934994 05 05050505 add eax, 5050505 7C934999 05 05050506 add eax, 6050505 7C93499E 06 push es 7C93499F 06 push es 7C9349A0 06 push es 7C9349A1 06 push es 7C9349A2 06 push es 7C9349A3 06 push es 7C9349A4 06 push es 7C9349A5 06 push es 7C9349A6 06 push es 7C9349A7 06 push es 7C9349A8 06 push es 7C9349A9 06 push es 7C9349AA 06 push es 7C9349AB 06 push es 7C9349AC 06 push es 7C9349AD 06 push es 7C9349AE 06 push es 7C9349AF 06 push es 7C9349B0 06 push es 7C9349B1 06 push es 7C9349B2 06 push es 7C9349B3 06 push es 7C9349B4 06 push es 7C9349B5 06 push es 7C9349B6 06 push es 7C9349B7 06 push es 7C9349B8 06 push es 7C9349B9 06 push es 7C9349BA 06 push es 7C9349BB 06 push es 7C9349BC 07 pop es 7C9349BD 07 pop es 7C9349BE 07 pop es 7C9349BF 07 pop es 7C9349C0 07 pop es 7C9349C1 07 pop es 7C9349C2 07 pop es 7C9349C3 07 pop es 7C9349C4 07 pop es 7C9349C5 07 pop es 7C9349C6 07 pop es 7C9349C7 07 pop es 7C9349C8 07 pop es 7C9349C9 07 pop es 7C9349CA 07 pop es 7C9349CB 07 pop es 7C9349CC 07 pop es 7C9349CD 07 pop es 7C9349CE 07 pop es 7C9349CF 07 pop es 7C9349D0 07 pop es 7C9349D1 07 pop es 7C9349D2 07 pop es 7C9349D3 07 pop es 7C9349D4 07 pop es 7C9349D5 07 pop es 7C9349D6 07 pop es 7C9349D7 07 pop es 7C9349D8 07 pop es 7C9349D9 07 pop es 7C9349DA 07 pop es 7C9349DB 0808 or [eax], cl 7C9349DD 0808 or [eax], cl 7C9349DF 0808 or [eax], cl 7C9349E1 0808 or [eax], cl 7C9349E3 0808 or [eax], cl 7C9349E5 0808 or [eax], cl 7C9349E7 0808 or [eax], cl 7C9349E9 0808 or [eax], cl 7C9349EB 0808 or [eax], cl 7C9349ED 0808 or [eax], cl 7C9349EF 0808 or [eax], cl 7C9349F1 0808 or [eax], cl 7C9349F3 0808 or [eax], cl 7C9349F5 0808 or [eax], cl 7C9349F7 0808 or [eax], cl 7C9349F9 0909 or [ecx], ecx 7C9349FB 0909 or [ecx], ecx 7C9349FD 0909 or [ecx], ecx 7C9349FF 0909 or [ecx], ecx 7C934A01 0909 or [ecx], ecx 7C934A03 0909 or [ecx], ecx 7C934A05 0909 or [ecx], ecx 7C934A07 0909 or [ecx], ecx 7C934A09 0909 or [ecx], ecx 7C934A0B 0909 or [ecx], ecx 7C934A0D 0909 or [ecx], ecx 7C934A0F 0909 or [ecx], ecx 7C934A11 0909 or [ecx], ecx 7C934A13 0909 or [ecx], ecx 7C934A15 0909 or [ecx], ecx 7C934A17 090A or [edx], ecx 7C934A19 0A0A or cl, [edx] 7C934A1B 0A0A or cl, [edx] 7C934A1D 0A0A or cl, [edx] 7C934A1F 0A0A or cl, [edx] 7C934A21 0A0A or cl, [edx] 7C934A23 0A0A or cl, [edx] 7C934A25 0A0A or cl, [edx] 7C934A27 0A0A or cl, [edx] 7C934A29 0A0A or cl, [edx] 7C934A2B 0A0A or cl, [edx] 7C934A2D 0A0A or cl, [edx] 7C934A2F 0A0A or cl, [edx] 7C934A31 0A0A or cl, [edx] 7C934A33 0A0A or cl, [edx] 7C934A35 0A0B or cl, [ebx] 7C934A37 0B0B or ecx, [ebx] 7C934A39 0B0B or ecx, [ebx] 7C934A3B 0B0B or ecx, [ebx] 7C934A3D 0B0B or ecx, [ebx] 7C934A3F 0B0B or ecx, [ebx] 7C934A41 0B0B or ecx, [ebx] 7C934A43 0B0B or ecx, [ebx] 7C934A45 0B0B or ecx, [ebx] 7C934A47 0B0B or ecx, [ebx] 7C934A49 0B0B or ecx, [ebx] 7C934A4B 0B0B or ecx, [ebx] 7C934A4D 0B0B or ecx, [ebx] 7C934A4F 0B0B or ecx, [ebx] 7C934A51 0B0B or ecx, [ebx] 7C934A53 0B0B or ecx, [ebx] 7C934A55 0000 add [eax], al 7C934A57 0090 90909090 add [eax+90909090], dl 7C934A5D > 8BFF mov edi, edi 7C934A5F 55 push ebp 7C934A60 8BEC mov ebp, esp 7C934A62 81EC 18020000 sub esp, 218 7C934A68 A1 34C0997C mov eax, [7C99C034] 7C934A6D 56 push esi ; ntdll.ZwTerminateProcess 7C934A6E 8B75 0C mov esi, [ebp+C] ; RPCRT4.77E8F3B0 7C934A71 8945 FC mov [ebp-4], eax 7C934A74 8B45 08 mov eax, [ebp+8] 7C934A77 56 push esi ; ntdll.ZwTerminateProcess 7C934A78 8985 F8FDFFFF mov [ebp-208], eax 7C934A7E E8 14EAFFFF call RtlValidSid 7C934A83 3C 01 cmp al, 1 7C934A85 0F85 783B0300 jnz 7C968603 7C934A8B 3806 cmp [esi], al 7C934A8D 0F85 703B0300 jnz 7C968603 7C934A93 57 push edi 7C934A94 8D85 FCFDFFFF lea eax, [ebp-204] 7C934A9A 68 124B937C push 7C934B12 ; UNICODE "S-1-" 7C934A9F 50 push eax 7C934AA0 E8 CEE9FFFF call wcscpy 7C934AA5 8A46 02 mov al, [esi+2] 7C934AA8 84C0 test al, al 7C934AAA 59 pop ecx ; ntdll.7C92E89A 7C934AAB 59 pop ecx ; ntdll.7C92E89A 7C934AAC 8DBD 04FEFFFF lea edi, [ebp-1FC] 7C934AB2 0F85 553B0300 jnz 7C96860D 7C934AB8 3846 03 cmp [esi+3], al 7C934ABB 0F85 4C3B0300 jnz 7C96860D 7C934AC1 0FB646 04 movzx eax, byte ptr [esi+4] 7C934AC5 0FB64E 05 movzx ecx, byte ptr [esi+5] 7C934AC9 C1E0 08 shl eax, 8 7C934ACC 03C1 add eax, ecx 7C934ACE 0FB64E 06 movzx ecx, byte ptr [esi+6] 7C934AD2 C1E0 08 shl eax, 8 7C934AD5 03C1 add eax, ecx 7C934AD7 0FB64E 07 movzx ecx, byte ptr [esi+7] 7C934ADB C1E0 08 shl eax, 8 7C934ADE 03C1 add eax, ecx 7C934AE0 8BCF mov ecx, edi 7C934AE2 51 push ecx 7C934AE3 68 FC000000 push 0FC 7C934AE8 6A 0A push 0A 7C934AEA 50 push eax 7C934AEB E8 E0000000 call 7C934BD0 7C934AF0 85C0 test eax, eax 7C934AF2 0F8C C5000000 jl 7C934BBD 7C934AF8 53 push ebx 7C934AF9 32DB xor bl, bl 7C934AFB 385E 01 cmp [esi+1], bl 7C934AFE 76 57 jbe short 7C934B57 7C934B00 66:833F 00 cmp word ptr [edi], 0 7C934B04 74 1C je short 7C934B22 7C934B06 8D45 FA lea eax, [ebp-6] 7C934B09 3BF8 cmp edi, eax 7C934B0B 73 15 jnb short 7C934B22 7C934B0D 47 inc edi 7C934B0E 47 inc edi 7C934B0F ^ EB EF jmp short 7C934B00 7C934B11 90 nop 7C934B12 53 push ebx 7C934B13 002D 0031002D add [2D003100], ch 7C934B19 0000 add [eax], al 7C934B1B 00CC add ah, cl 7C934B1D CC int3 7C934B1E CC int3 7C934B1F CC int3 7C934B20 CC int3 7C934B21 CC int3 7C934B22 66:C707 2D00 mov word ptr [edi], 2D 7C934B27 47 inc edi 7C934B28 47 inc edi 7C934B29 8D8D FCFDFFFF lea ecx, [ebp-204] 7C934B2F 8BC7 mov eax, edi 7C934B31 2BC1 sub eax, ecx 7C934B33 D1F8 sar eax, 1 7C934B35 57 push edi 7C934B36 B9 00010000 mov ecx, 100 7C934B3B 2BC8 sub ecx, eax 7C934B3D 51 push ecx 7C934B3E 0FB6C3 movzx eax, bl 7C934B41 6A 0A push 0A 7C934B43 FF7486 08 push dword ptr [esi+eax*4+8] 7C934B47 E8 84000000 call 7C934BD0 7C934B4C 85C0 test eax, eax 7C934B4E 7C 6C jl short 7C934BBC 7C934B50 FEC3 inc bl 7C934B52 3A5E 01 cmp bl, [esi+1] 7C934B55 ^ 72 A9 jb short 7C934B00 7C934B57 807D 10 00 cmp byte ptr [ebp+10], 0 7C934B5B 0F85 61360100 jnz 7C9481C2 7C934B61 66:833F 00 cmp word ptr [edi], 0 7C934B65 74 0B je short 7C934B72 7C934B67 8D45 FA lea eax, [ebp-6] 7C934B6A 3BF8 cmp edi, eax 7C934B6C 73 04 jnb short 7C934B72 7C934B6E 47 inc edi 7C934B6F 47 inc edi 7C934B70 ^ EB EF jmp short 7C934B61 7C934B72 8D85 FCFDFFFF lea eax, [ebp-204] 7C934B78 2BF8 sub edi, eax 7C934B7A 8B85 F8FDFFFF mov eax, [ebp-208] 7C934B80 0FB748 02 movzx ecx, word ptr [eax+2] 7C934B84 D1FF sar edi, 1 7C934B86 D1E7 shl edi, 1 7C934B88 3BF9 cmp edi, ecx 7C934B8A 0F83 57360100 jnb 7C9481E7 7C934B90 8D8D FCFDFFFF lea ecx, [ebp-204] 7C934B96 898D F4FDFFFF mov [ebp-20C], ecx 7C934B9C 8D8D F0FDFFFF lea ecx, [ebp-210] 7C934BA2 66:89BD F0FDFFF>mov [ebp-210], di 7C934BA9 51 push ecx 7C934BAA 83C7 02 add edi, 2 7C934BAD 50 push eax 7C934BAE 66:89BD F2FDFFF>mov [ebp-20E], di 7C934BB5 E8 27010000 call RtlCopyUnicodeString 7C934BBA 33C0 xor eax, eax 7C934BBC 5B pop ebx ; ntdll.7C92E89A 7C934BBD 5F pop edi ; ntdll.7C92E89A 7C934BBE 8B4D FC mov ecx, [ebp-4] 7C934BC1 5E pop esi ; ntdll.7C92E89A 7C934BC2 E8 C0B7FFFF call 7C930387 7C934BC7 C9 leave 7C934BC8 C2 0C00 retn 0C 7C934BCB 90 nop 7C934BCC 90 nop 7C934BCD 90 nop 7C934BCE 90 nop 7C934BCF 90 nop 7C934BD0 6A 5C push 5C 7C934BD2 68 B04C937C push 7C934CB0 7C934BD7 E8 E6A1FFFF call 7C92EDC2 7C934BDC A1 34C0997C mov eax, [7C99C034] 7C934BE1 8945 E4 mov [ebp-1C], eax 7C934BE4 8B45 14 mov eax, [ebp+14] 7C934BE7 8945 9C mov [ebp-64], eax 7C934BEA 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C934BED 83E8 00 sub eax, 0 7C934BF0 0F84 AE000000 je 7C934CA4 7C934BF6 48 dec eax 7C934BF7 48 dec eax 7C934BF8 0F84 9E000000 je 7C934C9C 7C934BFE 83E8 06 sub eax, 6 7C934C01 0F84 D9690300 je 7C96B5E0 7C934C07 48 dec eax 7C934C08 48 dec eax 7C934C09 0F85 BE690300 jnz 7C96B5CD 7C934C0F 33FF xor edi, edi 7C934C11 85FF test edi, edi 7C934C13 0F85 CF690300 jnz 7C96B5E8 7C934C19 8B5D 94 mov ebx, [ebp-6C] ; trscd.004B027C 7C934C1C 8D75 E0 lea esi, [ebp-20] 7C934C1F 66:8365 E0 00 and word ptr [ebp-20], 0 7C934C24 8B45 08 mov eax, [ebp+8] 7C934C27 85FF test edi, edi 7C934C29 0F85 C8690300 jnz 7C96B5F7 7C934C2F 33D2 xor edx, edx ; msvcrt.77C31AE8 7C934C31 F775 0C div dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C934C34 4E dec esi ; ntdll.ZwTerminateProcess 7C934C35 4E dec esi ; ntdll.ZwTerminateProcess 7C934C36 66:8B0C55 BC4C9>mov cx, [edx*2+7C934CBC] 7C934C3E 66:890E mov [esi], cx 7C934C41 85C0 test eax, eax 7C934C43 ^ 75 E2 jnz short 7C934C27 7C934C45 8D45 E0 lea eax, [ebp-20] 7C934C48 2BC6 sub eax, esi ; ntdll.ZwTerminateProcess 7C934C4A D1F8 sar eax, 1 7C934C4C 837D 10 00 cmp dword ptr [ebp+10], 0 7C934C50 0F8C AE690300 jl 7C96B604 7C934C56 3B45 10 cmp eax, [ebp+10] 7C934C59 0F8F C7690300 jg 7C96B626 7C934C5F 8365 FC 00 and dword ptr [ebp-4], 0 7C934C63 8D1400 lea edx, [eax+eax] 7C934C66 8BCA mov ecx, edx ; msvcrt.77C31AE8 7C934C68 8B7D 9C mov edi, [ebp-64] 7C934C6B 8BD9 mov ebx, ecx 7C934C6D C1E9 02 shr ecx, 2 7C934C70 F3:A5 rep movs dword ptr es:[edi], dword p> 7C934C72 8BCB mov ecx, ebx 7C934C74 83E1 03 and ecx, 3 7C934C77 F3:A4 rep movs byte ptr es:[edi], byte ptr> 7C934C79 3B45 10 cmp eax, [ebp+10] 7C934C7C 7D 08 jge short 7C934C86 7C934C7E 8B45 9C mov eax, [ebp-64] 7C934C81 66:832402 00 and word ptr [edx+eax], 0 7C934C86 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C934C8A 33C0 xor eax, eax 7C934C8C 8B4D E4 mov ecx, [ebp-1C] 7C934C8F E8 F3B6FFFF call 7C930387 7C934C94 E8 69A1FFFF call 7C92EE02 7C934C99 C2 1000 retn 10 7C934C9C 33FF xor edi, edi 7C934C9E 47 inc edi 7C934C9F ^ E9 6DFFFFFF jmp 7C934C11 7C934CA4 C745 0C 0A00000>mov dword ptr [ebp+C], 0A 7C934CAB ^ E9 5FFFFFFF jmp 7C934C0F 7C934CB0 FFFF ??? ; 未知命令 7C934CB2 FFFF ??? ; 未知命令 7C934CB4 35 B6967C48 xor eax, 487C96B6 7C934CB9 B6 96 mov dh, 96 7C934CBB 7C 30 jl short 7C934CED 7C934CBD 0031 add [ecx], dh 7C934CBF 0032 add [edx], dh 7C934CC1 0033 add [ebx], dh 7C934CC3 003400 add [eax+eax], dh 7C934CC6 35 00360037 xor eax, 37003600 7C934CCB 0038 add [eax], bh 7C934CCD 0039 add [ecx], bh 7C934CCF 0041 00 add [ecx], al 7C934CD2 42 inc edx ; msvcrt.77C31AE8 7C934CD3 0043 00 add [ebx], al 7C934CD6 44 inc esp 7C934CD7 0045 00 add [ebp], al 7C934CDA 46 inc esi ; ntdll.ZwTerminateProcess 7C934CDB 0090 90909090 add [eax+90909090], dl 7C934CE1 > 8BFF mov edi, edi 7C934CE3 55 push ebp 7C934CE4 8BEC mov ebp, esp 7C934CE6 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C934CE9 85C0 test eax, eax 7C934CEB 0F84 5EFC0000 je 7C94494F 7C934CF1 8B55 08 mov edx, [ebp+8] 7C934CF4 66:8B4A 02 mov cx, [edx+2] 7C934CF8 53 push ebx 7C934CF9 56 push esi ; ntdll.ZwTerminateProcess 7C934CFA 8B70 04 mov esi, [eax+4] 7C934CFD 0FB700 movzx eax, word ptr [eax] 7C934D00 66:3BC1 cmp ax, cx 7C934D03 57 push edi 7C934D04 8B7A 04 mov edi, [edx+4] 7C934D07 897D 08 mov [ebp+8], edi 7C934D0A 0F87 37FC0000 ja 7C944947 7C934D10 8BC8 mov ecx, eax 7C934D12 8BD9 mov ebx, ecx 7C934D14 C1E9 02 shr ecx, 2 7C934D17 66:8902 mov [edx], ax 7C934D1A F3:A5 rep movs dword ptr es:[edi], dword p> 7C934D1C 8BCB mov ecx, ebx 7C934D1E 83E1 03 and ecx, 3 7C934D21 F3:A4 rep movs byte ptr es:[edi], byte ptr> 7C934D23 66:8B0A mov cx, [edx] 7C934D26 66:3B4A 02 cmp cx, [edx+2] 7C934D2A 5F pop edi ; ntdll.7C92E89A 7C934D2B 5E pop esi ; ntdll.7C92E89A 7C934D2C 5B pop ebx ; ntdll.7C92E89A 7C934D2D 73 0A jnb short 7C934D39 7C934D2F 8B4D 08 mov ecx, [ebp+8] 7C934D32 D1E8 shr eax, 1 7C934D34 66:832441 00 and word ptr [ecx+eax*2], 0 7C934D39 5D pop ebp ; ntdll.7C92E89A 7C934D3A C2 0800 retn 8 7C934D3D 90 nop 7C934D3E 90 nop 7C934D3F 90 nop 7C934D40 90 nop 7C934D41 90 nop 7C934D42 > 8BFF mov edi, edi 7C934D44 55 push ebp 7C934D45 8BEC mov ebp, esp 7C934D47 83EC 0C sub esp, 0C 7C934D4A 837D 0C 00 cmp dword ptr [ebp+C], 0 7C934D4E 56 push esi ; ntdll.ZwTerminateProcess 7C934D4F 57 push edi 7C934D50 74 58 je short 7C934DAA 7C934D52 FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C934D55 8D45 F4 lea eax, [ebp-C] 7C934D58 50 push eax 7C934D59 E8 78C5FEFF call RtlInitUnicodeString 7C934D5E 8B4D F4 mov ecx, [ebp-C] ; kernel32.7C8399F3 7C934D61 8B75 08 mov esi, [ebp+8] 7C934D64 0FB706 movzx eax, word ptr [esi] 7C934D67 0FB756 02 movzx edx, word ptr [esi+2] 7C934D6B 0FB7F9 movzx edi, cx 7C934D6E 894D FC mov [ebp-4], ecx 7C934D71 8D0C07 lea ecx, [edi+eax] 7C934D74 3BCA cmp ecx, edx ; msvcrt.77C31AE8 7C934D76 0F8F 275D0300 jg 7C96AAA3 7C934D7C 8B4E 04 mov ecx, [esi+4] 7C934D7F 53 push ebx 7C934D80 57 push edi 7C934D81 FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C934D84 D1E8 shr eax, 1 7C934D86 8D1C41 lea ebx, [ecx+eax*2] 7C934D89 53 push ebx 7C934D8A E8 ABD7FEFF call memmove 7C934D8F 66:8B45 FC mov ax, [ebp-4] 7C934D93 66:0106 add [esi], ax 7C934D96 66:8B06 mov ax, [esi] 7C934D99 83C4 0C add esp, 0C 7C934D9C 66:3B46 02 cmp ax, [esi+2] 7C934DA0 73 07 jnb short 7C934DA9 7C934DA2 D1EF shr edi, 1 7C934DA4 66:83247B 00 and word ptr [ebx+edi*2], 0 7C934DA9 5B pop ebx ; ntdll.7C92E89A 7C934DAA 33C0 xor eax, eax 7C934DAC 5F pop edi ; ntdll.7C92E89A 7C934DAD 5E pop esi ; ntdll.7C92E89A 7C934DAE C9 leave 7C934DAF C2 0800 retn 8 7C934DB2 90 nop 7C934DB3 90 nop 7C934DB4 90 nop 7C934DB5 90 nop 7C934DB6 90 nop 7C934DB7 > 8BFF mov edi, edi 7C934DB9 55 push ebp 7C934DBA 8BEC mov ebp, esp 7C934DBC 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C934DBF 33D2 xor edx, edx ; msvcrt.77C31AE8 7C934DC1 66:8B11 mov dx, [ecx] 7C934DC4 66:85D2 test dx, dx 7C934DC7 53 push ebx 7C934DC8 56 push esi ; ntdll.ZwTerminateProcess 7C934DC9 57 push edi 7C934DCA 8955 0C mov [ebp+C], edx ; msvcrt.77C31AE8 7C934DCD 74 44 je short 7C934E13 7C934DCF 8B75 08 mov esi, [ebp+8] 7C934DD2 0FB706 movzx eax, word ptr [esi] 7C934DD5 0FB75E 02 movzx ebx, word ptr [esi+2] 7C934DD9 0FB7FA movzx edi, dx 7C934DDC 8D1438 lea edx, [eax+edi] 7C934DDF 3BD3 cmp edx, ebx 7C934DE1 0F8F C65C0300 jg 7C96AAAD 7C934DE7 8B56 04 mov edx, [esi+4] 7C934DEA 57 push edi 7C934DEB FF71 04 push dword ptr [ecx+4] 7C934DEE D1E8 shr eax, 1 7C934DF0 8D1C42 lea ebx, [edx+eax*2] 7C934DF3 53 push ebx 7C934DF4 E8 41D7FEFF call memmove 7C934DF9 66:8B45 0C mov ax, [ebp+C] 7C934DFD 66:0106 add [esi], ax 7C934E00 66:8B06 mov ax, [esi] 7C934E03 83C4 0C add esp, 0C 7C934E06 66:3B46 02 cmp ax, [esi+2] 7C934E0A 73 07 jnb short 7C934E13 7C934E0C D1EF shr edi, 1 7C934E0E 66:83247B 00 and word ptr [ebx+edi*2], 0 7C934E13 33C0 xor eax, eax 7C934E15 5F pop edi ; ntdll.7C92E89A 7C934E16 5E pop esi ; ntdll.7C92E89A 7C934E17 5B pop ebx ; ntdll.7C92E89A 7C934E18 5D pop ebp ; ntdll.7C92E89A 7C934E19 C2 0800 retn 8 7C934E1C 90 nop 7C934E1D 90 nop 7C934E1E 90 nop 7C934E1F 90 nop 7C934E20 90 nop 7C934E21 > 8BFF mov edi, edi 7C934E23 55 push ebp 7C934E24 8BEC mov ebp, esp 7C934E26 83EC 68 sub esp, 68 7C934E29 A1 34C0997C mov eax, [7C99C034] 7C934E2E 53 push ebx 7C934E2F 56 push esi ; ntdll.ZwTerminateProcess 7C934E30 8B75 08 mov esi, [ebp+8] 7C934E33 57 push edi 7C934E34 8945 FC mov [ebp-4], eax 7C934E37 8D45 A8 lea eax, [ebp-58] 7C934E3A 50 push eax 7C934E3B BB 00020000 mov ebx, 200 7C934E40 53 push ebx 7C934E41 6A 01 push 1 7C934E43 BF 08000200 mov edi, 20008 7C934E48 57 push edi 7C934E49 6A FE push -2 7C934E4B E8 D38FFFFF call ZwOpenThreadTokenEx 7C934E50 85C0 test eax, eax 7C934E52 7D 20 jge short 7C934E74 7C934E54 3D 7C0000C0 cmp eax, C000007C 7C934E59 0F85 B0000000 jnz 7C934F0F 7C934E5F 8D45 A8 lea eax, [ebp-58] 7C934E62 50 push eax 7C934E63 53 push ebx 7C934E64 57 push edi 7C934E65 6A FF push -1 7C934E67 E8 398FFFFF call ZwOpenProcessTokenEx 7C934E6C 85C0 test eax, eax 7C934E6E 0F8C 9B000000 jl 7C934F0F 7C934E74 8D45 98 lea eax, [ebp-68] 7C934E77 50 push eax 7C934E78 6A 50 push 50 7C934E7A 8D45 AC lea eax, [ebp-54] 7C934E7D 50 push eax 7C934E7E 6A 01 push 1 7C934E80 FF75 A8 push dword ptr [ebp-58] ; ntdll.7C92EE18 7C934E83 E8 BD91FFFF call ZwQueryInformationToken 7C934E88 FF75 A8 push dword ptr [ebp-58] ; ntdll.7C92EE18 7C934E8B 8BD8 mov ebx, eax 7C934E8D E8 F486FFFF call ZwClose 7C934E92 33FF xor edi, edi 7C934E94 3BDF cmp ebx, edi 7C934E96 7C 75 jl short 7C934F0D 7C934E98 8D45 A4 lea eax, [ebp-5C] 7C934E9B 50 push eax 7C934E9C FF75 AC push dword ptr [ebp-54] 7C934E9F E8 A5000000 call 7C934F49 7C934EA4 3BC7 cmp eax, edi 7C934EA6 7C 67 jl short 7C934F0F 7C934EA8 8B45 A4 mov eax, [ebp-5C] 7C934EAB 83C0 22 add eax, 22 7C934EAE 66:8946 02 mov [esi+2], ax 7C934EB2 0FB7C0 movzx eax, ax 7C934EB5 50 push eax 7C934EB6 66:893E mov [esi], di 7C934EB9 FF15 C009937C call [7C9309C0] ; ntdll.7C9309C9 7C934EBF 3BC7 cmp eax, edi 7C934EC1 8946 04 mov [esi+4], eax 7C934EC4 0F84 40680300 je 7C96B70A 7C934ECA 68 1E4F937C push 7C934F1E ; UNICODE "\REGISTRY\USER\" 7C934ECF 56 push esi ; ntdll.ZwTerminateProcess 7C934ED0 E8 6DFEFFFF call RtlAppendUnicodeToString 7C934ED5 66:8B45 A4 mov ax, [ebp-5C] 7C934ED9 8B4E 04 mov ecx, [esi+4] 7C934EDC 66:8945 9E mov [ebp-62], ax 7C934EE0 0FB706 movzx eax, word ptr [esi] 7C934EE3 D1E8 shr eax, 1 7C934EE5 8D0441 lea eax, [ecx+eax*2] 7C934EE8 57 push edi 7C934EE9 FF75 AC push dword ptr [ebp-54] 7C934EEC 8945 A0 mov [ebp-60], eax 7C934EEF 8D45 9C lea eax, [ebp-64] 7C934EF2 50 push eax 7C934EF3 66:897D 9C mov [ebp-64], di 7C934EF7 E8 61FBFFFF call RtlConvertSidToUnicodeString 7C934EFC 8BD8 mov ebx, eax 7C934EFE 3BDF cmp ebx, edi 7C934F00 0F8C 0E680300 jl 7C96B714 7C934F06 66:8B45 9C mov ax, [ebp-64] 7C934F0A 66:0106 add [esi], ax 7C934F0D 8BC3 mov eax, ebx 7C934F0F 8B4D FC mov ecx, [ebp-4] 7C934F12 5F pop edi ; ntdll.7C92E89A 7C934F13 5E pop esi ; ntdll.7C92E89A 7C934F14 5B pop ebx ; ntdll.7C92E89A 7C934F15 E8 6DB4FFFF call 7C930387 7C934F1A C9 leave 7C934F1B C2 0400 retn 4 7C934F1E 5C pop esp ; ntdll.7C92E89A |
|
[讨论]程序分析!
7C93238E 897E 38 mov [esi+38], edi 7C932391 897E 28 mov [esi+28], edi 7C932394 897E 2C mov [esi+2C], edi 7C932397 ^ E9 51F2FFFF jmp 7C9315ED 7C93239C 90 nop 7C93239D 90 nop 7C93239E 90 nop 7C93239F 90 nop 7C9323A0 90 nop 7C9323A1 8BFF mov edi, edi 7C9323A3 55 push ebp 7C9323A4 8BEC mov ebp, esp 7C9323A6 51 push ecx 7C9323A7 51 push ecx 7C9323A8 56 push esi ; ntdll.ZwTerminateProcess 7C9323A9 6A 0D push 0D 7C9323AB FF35 FC23937C push dword ptr [7C9323FC] 7C9323B1 FF35 F823937C push dword ptr [7C9323F8] 7C9323B7 FF70 04 push dword ptr [eax+4] 7C9323BA FF30 push dword ptr [eax] 7C9323BC E8 C611FFFF call RtlExtendedMagicDivide 7C9323C1 6A 1A push 1A 7C9323C3 FF35 0424937C push dword ptr [7C932404] 7C9323C9 8BF0 mov esi, eax 7C9323CB FF35 0024937C push dword ptr [7C932400] 7C9323D1 52 push edx ; msvcrt.77C31AE8 7C9323D2 56 push esi ; ntdll.ZwTerminateProcess 7C9323D3 E8 AF11FFFF call RtlExtendedMagicDivide 7C9323D8 8B4D 08 mov ecx, [ebp+8] 7C9323DB 8901 mov [ecx], eax 7C9323DD 69C0 005C2605 imul eax, eax, 5265C00 7C9323E3 2BF0 sub esi, eax 7C9323E5 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C9323E8 8930 mov [eax], esi ; ntdll.ZwTerminateProcess 7C9323EA 8955 FC mov [ebp-4], edx ; msvcrt.77C31AE8 7C9323ED 5E pop esi ; ntdll.7C92E89A 7C9323EE C9 leave 7C9323EF C2 0800 retn 8 7C9323F2 90 nop 7C9323F3 90 nop 7C9323F4 90 nop 7C9323F5 90 nop 7C9323F6 90 nop 7C9323F7 90 nop 7C9323F8 2C 65 sub al, 65 7C9323FA 19E2 sbb edx, esp 7C9323FC 58 pop eax ; ntdll.7C92E89A 7C9323FD 17 pop ss 7C9323FE B7 D1 mov bh, 0D1 7C932400 0E push cs 7C932401 B9 67FAEB50 mov ecx, 50EBFA67 7C932406 D7 xlat byte ptr [ebx+al] 7C932407 C6 ??? ; 未知命令 7C932408 90 nop 7C932409 90 nop 7C93240A 90 nop 7C93240B 90 nop 7C93240C 90 nop 7C93240D > 8BFF mov edi, edi 7C93240F 55 push ebp 7C932410 8BEC mov ebp, esp 7C932412 51 push ecx 7C932413 53 push ebx 7C932414 56 push esi ; ntdll.ZwTerminateProcess 7C932415 57 push edi 7C932416 8D45 FC lea eax, [ebp-4] 7C932419 50 push eax 7C93241A 8D45 08 lea eax, [ebp+8] 7C93241D 50 push eax 7C93241E 8B45 08 mov eax, [ebp+8] 7C932421 E8 7BFFFFFF call 7C9323A1 7C932426 8B4D 08 mov ecx, [ebp+8] 7C932429 6A 07 push 7 7C93242B 5E pop esi ; ntdll.7C92E89A 7C93242C 8D41 01 lea eax, [ecx+1] 7C93242F 33D2 xor edx, edx ; msvcrt.77C31AE8 7C932431 F7F6 div esi ; ntdll.ZwTerminateProcess 7C932433 8B75 0C mov esi, [ebp+C] ; RPCRT4.77E8F3B0 7C932436 51 push ecx 7C932437 66:8956 0E mov [esi+E], dx 7C93243B E8 35020000 call 7C932675 7C932440 8BC8 mov ecx, eax 7C932442 33D2 xor edx, edx ; msvcrt.77C31AE8 7C932444 BF 90010000 mov edi, 190 7C932449 F7F7 div edi 7C93244B 8BF9 mov edi, ecx 7C93244D 69FF 93FEFFFF imul edi, edi, -16D 7C932453 33D2 xor edx, edx ; msvcrt.77C31AE8 7C932455 6A 64 push 64 7C932457 5B pop ebx ; ntdll.7C92E89A 7C932458 2BF8 sub edi, eax 7C93245A 8BC1 mov eax, ecx 7C93245C C1E8 02 shr eax, 2 7C93245F 2BF8 sub edi, eax 7C932461 8BC1 mov eax, ecx 7C932463 F7F3 div ebx 7C932465 33D2 xor edx, edx ; msvcrt.77C31AE8 7C932467 BB 90010000 mov ebx, 190 7C93246C 0345 08 add eax, [ebp+8] 7C93246F 03F8 add edi, eax 7C932471 8D41 01 lea eax, [ecx+1] 7C932474 F7F3 div ebx 7C932476 85D2 test edx, edx ; msvcrt.77C31AE8 7C932478 74 1D je short 7C932497 7C93247A 6A 64 push 64 7C93247C 33D2 xor edx, edx ; msvcrt.77C31AE8 7C93247E 8D41 01 lea eax, [ecx+1] 7C932481 5B pop ebx ; ntdll.7C92E89A 7C932482 F7F3 div ebx 7C932484 85D2 test edx, edx ; msvcrt.77C31AE8 7C932486 0F84 44240000 je 7C9348D0 7C93248C 8D41 01 lea eax, [ecx+1] 7C93248F A8 03 test al, 3 7C932491 0F85 39240000 jnz 7C9348D0 7C932497 0FB687 0025937C movzx eax, byte ptr [edi+7C932500] 7C93249E 8945 08 mov [ebp+8], eax 7C9324A1 0FBF0445 F02693>movsx eax, word ptr [eax*2+7C9326F0] 7C9324A9 2BF8 sub edi, eax 7C9324AB 8B45 FC mov eax, [ebp-4] 7C9324AE 33D2 xor edx, edx ; msvcrt.77C31AE8 7C9324B0 BB E8030000 mov ebx, 3E8 7C9324B5 F7F3 div ebx 7C9324B7 6A 3C push 3C 7C9324B9 5B pop ebx ; ntdll.7C92E89A 7C9324BA 81C1 41060000 add ecx, 641 7C9324C0 66:890E mov [esi], cx 7C9324C3 8B4D 08 mov ecx, [ebp+8] 7C9324C6 6A 3C push 3C 7C9324C8 8955 0C mov [ebp+C], edx ; msvcrt.77C31AE8 7C9324CB 33D2 xor edx, edx ; msvcrt.77C31AE8 7C9324CD F7F3 div ebx 7C9324CF 41 inc ecx 7C9324D0 66:894E 02 mov [esi+2], cx 7C9324D4 59 pop ecx ; ntdll.7C92E89A 7C9324D5 47 inc edi 7C9324D6 66:897E 04 mov [esi+4], di 7C9324DA 5F pop edi ; ntdll.7C92E89A 7C9324DB 8BDA mov ebx, edx ; msvcrt.77C31AE8 7C9324DD 33D2 xor edx, edx ; msvcrt.77C31AE8 7C9324DF F7F1 div ecx 7C9324E1 66:895E 0A mov [esi+A], bx 7C9324E5 66:8946 06 mov [esi+6], ax 7C9324E9 66:8B45 0C mov ax, [ebp+C] 7C9324ED 66:8956 08 mov [esi+8], dx 7C9324F1 66:8946 0C mov [esi+C], ax 7C9324F5 5E pop esi ; ntdll.7C92E89A 7C9324F6 5B pop ebx ; ntdll.7C92E89A 7C9324F7 C9 leave 7C9324F8 C2 0800 retn 8 7C9324FB 90 nop 7C9324FC 90 nop 7C9324FD 90 nop 7C9324FE 90 nop 7C9324FF 90 nop 7C932500 0000 add [eax], al 7C932502 0000 add [eax], al 7C932504 0000 add [eax], al 7C932506 0000 add [eax], al 7C932508 0000 add [eax], al 7C93250A 0000 add [eax], al 7C93250C 0000 add [eax], al 7C93250E 0000 add [eax], al 7C932510 0000 add [eax], al 7C932512 0000 add [eax], al 7C932514 0000 add [eax], al 7C932516 0000 add [eax], al 7C932518 0000 add [eax], al 7C93251A 0000 add [eax], al 7C93251C 0000 add [eax], al 7C93251E 0001 add [ecx], al 7C932520 0101 add [ecx], eax 7C932522 0101 add [ecx], eax 7C932524 0101 add [ecx], eax 7C932526 0101 add [ecx], eax 7C932528 0101 add [ecx], eax 7C93252A 0101 add [ecx], eax 7C93252C 0101 add [ecx], eax 7C93252E 0101 add [ecx], eax 7C932530 0101 add [ecx], eax 7C932532 0101 add [ecx], eax 7C932534 0101 add [ecx], eax 7C932536 0101 add [ecx], eax 7C932538 0101 add [ecx], eax 7C93253A 0101 add [ecx], eax 7C93253C 0202 add al, [edx] 7C93253E 0202 add al, [edx] 7C932540 0202 add al, [edx] 7C932542 0202 add al, [edx] 7C932544 0202 add al, [edx] 7C932546 0202 add al, [edx] 7C932548 0202 add al, [edx] 7C93254A 0202 add al, [edx] 7C93254C 0202 add al, [edx] 7C93254E 0202 add al, [edx] 7C932550 0202 add al, [edx] 7C932552 0202 add al, [edx] 7C932554 0202 add al, [edx] 7C932556 0202 add al, [edx] 7C932558 0202 add al, [edx] 7C93255A 0203 add al, [ebx] 7C93255C 0303 add eax, [ebx] 7C93255E 0303 add eax, [ebx] 7C932560 0303 add eax, [ebx] 7C932562 0303 add eax, [ebx] 7C932564 0303 add eax, [ebx] 7C932566 0303 add eax, [ebx] 7C932568 0303 add eax, [ebx] 7C93256A 0303 add eax, [ebx] 7C93256C 0303 add eax, [ebx] 7C93256E 0303 add eax, [ebx] 7C932570 0303 add eax, [ebx] 7C932572 0303 add eax, [ebx] 7C932574 0303 add eax, [ebx] 7C932576 0303 add eax, [ebx] 7C932578 030404 add eax, [esp+eax] 7C93257B 04 04 add al, 4 7C93257D 04 04 add al, 4 7C93257F 04 04 add al, 4 7C932581 04 04 add al, 4 7C932583 04 04 add al, 4 7C932585 04 04 add al, 4 7C932587 04 04 add al, 4 7C932589 04 04 add al, 4 7C93258B 04 04 add al, 4 7C93258D 04 04 add al, 4 7C93258F 04 04 add al, 4 7C932591 04 04 add al, 4 7C932593 04 04 add al, 4 7C932595 04 04 add al, 4 7C932597 04 05 add al, 5 7C932599 05 05050505 add eax, 5050505 7C93259E 05 05050505 add eax, 5050505 7C9325A3 05 05050505 add eax, 5050505 7C9325A8 05 05050505 add eax, 5050505 7C9325AD 05 05050505 add eax, 5050505 7C9325B2 05 05050506 add eax, 6050505 7C9325B7 06 push es 7C9325B8 06 push es 7C9325B9 06 push es 7C9325BA 06 push es 7C9325BB 06 push es 7C9325BC 06 push es 7C9325BD 06 push es 7C9325BE 06 push es 7C9325BF 06 push es 7C9325C0 06 push es 7C9325C1 06 push es 7C9325C2 06 push es 7C9325C3 06 push es 7C9325C4 06 push es 7C9325C5 06 push es 7C9325C6 06 push es 7C9325C7 06 push es 7C9325C8 06 push es 7C9325C9 06 push es 7C9325CA 06 push es 7C9325CB 06 push es 7C9325CC 06 push es 7C9325CD 06 push es 7C9325CE 06 push es 7C9325CF 06 push es 7C9325D0 06 push es 7C9325D1 06 push es 7C9325D2 06 push es 7C9325D3 06 push es 7C9325D4 06 push es 7C9325D5 07 pop es 7C9325D6 07 pop es 7C9325D7 07 pop es 7C9325D8 07 pop es 7C9325D9 07 pop es 7C9325DA 07 pop es 7C9325DB 07 pop es 7C9325DC 07 pop es 7C9325DD 07 pop es 7C9325DE 07 pop es 7C9325DF 07 pop es 7C9325E0 07 pop es 7C9325E1 07 pop es 7C9325E2 07 pop es 7C9325E3 07 pop es 7C9325E4 07 pop es 7C9325E5 07 pop es 7C9325E6 07 pop es 7C9325E7 07 pop es 7C9325E8 07 pop es 7C9325E9 07 pop es 7C9325EA 07 pop es 7C9325EB 07 pop es 7C9325EC 07 pop es 7C9325ED 07 pop es 7C9325EE 07 pop es 7C9325EF 07 pop es 7C9325F0 07 pop es 7C9325F1 07 pop es 7C9325F2 07 pop es 7C9325F3 07 pop es 7C9325F4 0808 or [eax], cl 7C9325F6 0808 or [eax], cl 7C9325F8 0808 or [eax], cl 7C9325FA 0808 or [eax], cl 7C9325FC 0808 or [eax], cl 7C9325FE 0808 or [eax], cl 7C932600 0808 or [eax], cl 7C932602 0808 or [eax], cl 7C932604 0808 or [eax], cl 7C932606 0808 or [eax], cl 7C932608 0808 or [eax], cl 7C93260A 0808 or [eax], cl 7C93260C 0808 or [eax], cl 7C93260E 0808 or [eax], cl 7C932610 0808 or [eax], cl 7C932612 0909 or [ecx], ecx 7C932614 0909 or [ecx], ecx 7C932616 0909 or [ecx], ecx 7C932618 0909 or [ecx], ecx 7C93261A 0909 or [ecx], ecx 7C93261C 0909 or [ecx], ecx 7C93261E 0909 or [ecx], ecx 7C932620 0909 or [ecx], ecx 7C932622 0909 or [ecx], ecx 7C932624 0909 or [ecx], ecx 7C932626 0909 or [ecx], ecx 7C932628 0909 or [ecx], ecx 7C93262A 0909 or [ecx], ecx 7C93262C 0909 or [ecx], ecx 7C93262E 0909 or [ecx], ecx 7C932630 090A or [edx], ecx 7C932632 0A0A or cl, [edx] 7C932634 0A0A or cl, [edx] 7C932636 0A0A or cl, [edx] 7C932638 0A0A or cl, [edx] 7C93263A 0A0A or cl, [edx] 7C93263C 0A0A or cl, [edx] 7C93263E 0A0A or cl, [edx] 7C932640 0A0A or cl, [edx] 7C932642 0A0A or cl, [edx] 7C932644 0A0A or cl, [edx] 7C932646 0A0A or cl, [edx] 7C932648 0A0A or cl, [edx] 7C93264A 0A0A or cl, [edx] 7C93264C 0A0A or cl, [edx] 7C93264E 0A0B or cl, [ebx] 7C932650 0B0B or ecx, [ebx] 7C932652 0B0B or ecx, [ebx] 7C932654 0B0B or ecx, [ebx] 7C932656 0B0B or ecx, [ebx] 7C932658 0B0B or ecx, [ebx] 7C93265A 0B0B or ecx, [ebx] 7C93265C 0B0B or ecx, [ebx] 7C93265E 0B0B or ecx, [ebx] 7C932660 0B0B or ecx, [ebx] 7C932662 0B0B or ecx, [ebx] 7C932664 0B0B or ecx, [ebx] 7C932666 0B0B or ecx, [ebx] 7C932668 0B0B or ecx, [ebx] 7C93266A 0B0B or ecx, [ebx] 7C93266C 0B0B or ecx, [ebx] 7C93266E 0000 add [eax], al 7C932670 90 nop 7C932671 90 nop 7C932672 90 nop 7C932673 90 nop 7C932674 90 nop 7C932675 8BFF mov edi, edi 7C932677 55 push ebp 7C932678 8BEC mov ebp, esp 7C93267A 8B4D 08 mov ecx, [ebp+8] 7C93267D 53 push ebx 7C93267E 33D2 xor edx, edx ; msvcrt.77C31AE8 7C932680 56 push esi ; ntdll.ZwTerminateProcess 7C932681 8BC1 mov eax, ecx 7C932683 BE B13A0200 mov esi, 23AB1 7C932688 F7F6 div esi ; ntdll.ZwTerminateProcess 7C93268A 33D2 xor edx, edx ; msvcrt.77C31AE8 7C93268C 57 push edi 7C93268D BF 49BB3700 mov edi, 37BB49 7C932692 BB B5050000 mov ebx, 5B5 7C932697 8BF0 mov esi, eax 7C932699 69C0 4FC5FDFF imul eax, eax, FFFDC54F 7C93269F 03C8 add ecx, eax 7C9326A1 8BC1 mov eax, ecx 7C9326A3 6BC0 64 imul eax, eax, 64 7C9326A6 83C0 4B add eax, 4B 7C9326A9 F7F7 div edi 7C9326AB 33D2 xor edx, edx ; msvcrt.77C31AE8 7C9326AD 8BF8 mov edi, eax 7C9326AF 69C0 5471FFFF imul eax, eax, FFFF7154 7C9326B5 03C8 add ecx, eax 7C9326B7 8BC1 mov eax, ecx 7C9326B9 F7F3 div ebx 7C9326BB 8BD8 mov ebx, eax 7C9326BD 8BD3 mov edx, ebx 7C9326BF 69D2 B5050000 imul edx, edx, 5B5 ; msvcrt.77C31AE8 7C9326C5 8BC1 mov eax, ecx 7C9326C7 2BC2 sub eax, edx ; msvcrt.77C31AE8 7C9326C9 6BC0 64 imul eax, eax, 64 7C9326CC 83C0 4B add eax, 4B 7C9326CF 33D2 xor edx, edx ; msvcrt.77C31AE8 7C9326D1 B9 AD8E0000 mov ecx, 8EAD 7C9326D6 F7F1 div ecx 7C9326D8 8D0CB7 lea ecx, [edi+esi*4] 7C9326DB 6BC9 19 imul ecx, ecx, 19 7C9326DE 5F pop edi ; ntdll.7C92E89A 7C9326DF 03CB add ecx, ebx 7C9326E1 5E pop esi ; ntdll.7C92E89A 7C9326E2 5B pop ebx ; ntdll.7C92E89A 7C9326E3 8D0488 lea eax, [eax+ecx*4] 7C9326E6 5D pop ebp ; ntdll.7C92E89A 7C9326E7 C2 0400 retn 4 7C9326EA 90 nop 7C9326EB 90 nop 7C9326EC 90 nop 7C9326ED 90 nop 7C9326EE 90 nop 7C9326EF 90 nop 7C9326F0 0000 add [eax], al 7C9326F2 1F pop ds 7C9326F3 003C00 add [eax+eax], bh 7C9326F6 5B pop ebx ; ntdll.7C92E89A 7C9326F7 0079 00 add [ecx], bh 7C9326FA 98 cwde 7C9326FB 00B6 00D500F4 add [esi+F400D500], dh 7C932701 0012 add [edx], dl 7C932703 0131 add [ecx], esi ; ntdll.ZwTerminateProcess 7C932705 014F 01 add [edi+1], ecx 7C932708 6E outs dx, byte ptr es:[edi] 7C932709 0100 add [eax], eax 7C93270B 0090 90909090 add [eax+90909090], dl 7C932711 8BFF mov edi, edi 7C932713 55 push ebp 7C932714 8BEC mov ebp, esp 7C932716 8B45 10 mov eax, [ebp+10] 7C932719 53 push ebx 7C93271A 8B5D 08 mov ebx, [ebp+8] 7C93271D F7C3 0000FFFF test ebx, FFFF0000 7C932723 56 push esi ; ntdll.ZwTerminateProcess 7C932724 57 push edi 7C932725 0F85 E78A0100 jnz 7C94B212 7C93272B 8B08 mov ecx, [eax] 7C93272D 85C9 test ecx, ecx 7C93272F 0F88 1D8B0100 js 7C94B252 7C932735 8BC3 mov eax, ebx 7C932737 2BC1 sub eax, ecx 7C932739 5F pop edi ; ntdll.7C92E89A 7C93273A 5E pop esi ; ntdll.7C92E89A 7C93273B 5B pop ebx ; ntdll.7C92E89A 7C93273C 5D pop ebp ; ntdll.7C92E89A 7C93273D C2 0C00 retn 0C 7C932740 66:85DB test bx, bx 7C932743 74 2C je short 7C932771 7C932745 56 push esi ; ntdll.ZwTerminateProcess 7C932746 8B5D AC mov ebx, [ebp-54] 7C932749 53 push ebx 7C93274A 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C93274D FF30 push dword ptr [eax] 7C93274F E8 BDFFFFFF call 7C932711 7C932754 8945 84 mov [ebp-7C], eax 7C932757 85C0 test eax, eax 7C932759 75 16 jnz short 7C932771 7C93275B 8B76 04 mov esi, [esi+4] 7C93275E 85F6 test esi, esi ; ntdll.ZwTerminateProcess 7C932760 0F89 8A030000 jns 7C932AF0 7C932766 81E6 FFFFFF7F and esi, 7FFFFFFF 7C93276C 03F3 add esi, ebx 7C93276E 8975 B4 mov [ebp-4C], esi ; ntdll.ZwTerminateProcess 7C932771 8345 0C 04 add dword ptr [ebp+C], 4 7C932775 8B75 A4 mov esi, [ebp-5C] 7C932778 8B45 B4 mov eax, [ebp-4C] 7C93277B 8A5D D3 mov bl, [ebp-2D] 7C93277E 8B4D E4 mov ecx, [ebp-1C] 7C932781 EB 5D jmp short 7C9327E0 7C932783 90 nop 7C932784 90 nop 7C932785 90 nop 7C932786 90 nop 7C932787 90 nop 7C932788 68 A0000000 push 0A0 7C93278D 68 C028937C push 7C9328C0 7C932792 E8 2BC6FFFF call 7C92EDC2 7C932797 8B7D 0C mov edi, [ebp+C] ; RPCRT4.77E8F3B0 7C93279A 897D 9C mov [ebp-64], edi 7C93279D 8B45 10 mov eax, [ebp+10] 7C9327A0 8945 94 mov [ebp-6C], eax 7C9327A3 32DB xor bl, bl 7C9327A5 885D D3 mov [ebp-2D], bl 7C9327A8 8365 FC 00 and dword ptr [ebp-4], 0 7C9327AC 8D45 D4 lea eax, [ebp-2C] 7C9327AF 50 push eax 7C9327B0 6A 02 push 2 7C9327B2 6A 01 push 1 7C9327B4 FF75 08 push dword ptr [ebp+8] 7C9327B7 E8 9AE0FFFF call RtlImageDirectoryEntryToData 7C9327BC 8945 AC mov [ebp-54], eax 7C9327BF 85C0 test eax, eax 7C9327C1 0F84 198A0100 je 7C94B1E0 7C9327C7 8B45 AC mov eax, [ebp-54] 7C9327CA 8945 B4 mov [ebp-4C], eax 7C9327CD B9 FFFF0000 mov ecx, 0FFFF 7C9327D2 894D E4 mov [ebp-1C], ecx 7C9327D5 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C9327D7 8975 C4 mov [ebp-3C], esi ; ntdll.ZwTerminateProcess 7C9327DA 8975 A4 mov [ebp-5C], esi ; ntdll.ZwTerminateProcess 7C9327DD 2175 A8 and [ebp-58], esi ; ntdll.ZwTerminateProcess 7C9327E0 85C0 test eax, eax 7C9327E2 0F84 04010000 je 7C9328EC 7C9327E8 8B55 10 mov edx, [ebp+10] 7C9327EB FF4D 10 dec dword ptr [ebp+10] 7C9327EE 85D2 test edx, edx ; msvcrt.77C31AE8 7C9327F0 0F84 8B810100 je 7C94A981 7C9327F6 837D 10 00 cmp dword ptr [ebp+10], 0 7C9327FA 0F84 3A010000 je 7C93293A 7C932800 837D A8 00 cmp dword ptr [ebp-58], 0 7C932804 0F85 F0020000 jnz 7C932AFA 7C93280A 8A5D D3 mov bl, [ebp-2D] 7C93280D 66:8B50 0C mov dx, [eax+C] 7C932811 66:8955 B0 mov [ebp-50], dx 7C932815 8D70 10 lea esi, [eax+10] 7C932818 8975 90 mov [ebp-70], esi ; ntdll.ZwTerminateProcess 7C93281B 8B55 0C mov edx, [ebp+C] ; RPCRT4.77E8F3B0 7C93281E 66:F742 02 FFFF test word ptr [edx+2], 0FFFF 7C932824 75 11 jnz short 7C932837 7C932826 0FB755 B0 movzx edx, word ptr [ebp-50] 7C93282A 8D34D6 lea esi, [esi+edx*8] 7C93282D 8975 90 mov [ebp-70], esi ; ntdll.ZwTerminateProcess 7C932830 0FB740 0E movzx eax, word ptr [eax+E] 7C932834 8945 B0 mov [ebp-50], eax 7C932837 33C0 xor eax, eax 7C932839 66:3945 B0 cmp [ebp-50], ax 7C93283D 0F84 D3920100 je 7C94BB16 7C932843 3945 A8 cmp [ebp-58], eax 7C932846 0F85 80000000 jnz 7C9328CC 7C93284C 8945 B4 mov [ebp-4C], eax 7C93284F 8B5D B0 mov ebx, [ebp-50] ; ntdll.7C92EE18 7C932852 0FB7C3 movzx eax, bx 7C932855 8D44C6 F8 lea eax, [esi+eax*8-8] 7C932859 8945 8C mov [ebp-74], eax 7C93285C 3B75 8C cmp esi, [ebp-74] 7C93285F ^ 0F87 0CFFFFFF ja 7C932771 7C932865 0FB7C3 movzx eax, bx 7C932868 D1E8 shr eax, 1 7C93286A 8945 98 mov [ebp-68], eax 7C93286D 66:85C0 test ax, ax 7C932870 ^ 0F84 CAFEFFFF je 7C932740 7C932876 8975 88 mov [ebp-78], esi ; ntdll.ZwTerminateProcess 7C932879 885D CB mov [ebp-35], bl 7C93287C 0FB7D8 movzx ebx, ax 7C93287F 8065 CB 01 and byte ptr [ebp-35], 1 7C932883 8D3CDE lea edi, [esi+ebx*8] 7C932886 75 04 jnz short 7C93288C 7C932888 8D7CDE F8 lea edi, [esi+ebx*8-8] 7C93288C 897D 88 mov [ebp-78], edi 7C93288F 57 push edi 7C932890 FF75 AC push dword ptr [ebp-54] 7C932893 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C932896 FF30 push dword ptr [eax] 7C932898 E8 74FEFFFF call 7C932711 7C93289D 8945 84 mov [ebp-7C], eax 7C9328A0 85C0 test eax, eax 7C9328A2 0F84 B6030000 je 7C932C5E 7C9328A8 0F8C 0C040000 jl 7C932CBA 7C9328AE 8D77 08 lea esi, [edi+8] 7C9328B1 8975 90 mov [ebp-70], esi ; ntdll.ZwTerminateProcess 7C9328B4 8B5D 98 mov ebx, [ebp-68] 7C9328B7 895D B0 mov [ebp-50], ebx 7C9328BA 8B7D 9C mov edi, [ebp-64] 7C9328BD ^ EB 9D jmp short 7C93285C 7C9328BF 90 nop 7C9328C0 FFFF ??? ; 未知命令 7C9328C2 FFFF ??? ; 未知命令 7C9328C4 8E2A mov gs, [edx] 7C9328C6 93 xchg eax, ebx 7C9328C7 ^ 7C A1 jl short 7C93286A 7C9328C9 2A93 7C8B4D0C sub dl, [ebx+C4D8B7C] 7C9328CF 8139 FFFF0000 cmp dword ptr [ecx], 0FFFF 7C9328D5 ^ 0F85 71FFFFFF jnz 7C93284C 7C9328DB 8945 B4 mov [ebp-4C], eax 7C9328DE 8B0E mov ecx, [esi] 7C9328E0 894D E4 mov [ebp-1C], ecx 7C9328E3 8B76 04 mov esi, [esi+4] 7C9328E6 0375 AC add esi, [ebp-54] 7C9328E9 8975 A4 mov [ebp-5C], esi ; ntdll.ZwTerminateProcess 7C9328EC 85F6 test esi, esi ; ntdll.ZwTerminateProcess 7C9328EE 0F85 67020000 jnz 7C932B5B 7C9328F4 85C0 test eax, eax 7C9328F6 0F85 8D800100 jnz 7C94A989 7C9328FC 8B45 94 mov eax, [ebp-6C] ; trscd.004B027C 7C9328FF 2B45 10 sub eax, [ebp+10] 7C932902 48 dec eax 7C932903 0F84 891F0000 je 7C934892 7C932909 48 dec eax 7C93290A 0F84 951F0000 je 7C9348A5 7C932910 48 dec eax 7C932911 0F85 B5000000 jnz 7C9329CC 7C932917 C745 CC 040200C>mov dword ptr [ebp-34], C0000204 7C93291E 817D CC 040200C>cmp dword ptr [ebp-34], C0000204 7C932925 0F84 48020000 je 7C932B73 7C93292B 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C93292F 8B45 CC mov eax, [ebp-34] 7C932932 E8 CBC4FFFF call 7C92EE02 7C932937 C2 1400 retn 14 7C93293A 837D 94 03 cmp dword ptr [ebp-6C], 3 7C93293E ^ 0F85 BCFEFFFF jnz 7C932800 7C932944 8945 A8 mov [ebp-58], eax 7C932947 ^ E9 B4FEFFFF jmp 7C932800 7C93294C 90 nop 7C93294D 90 nop 7C93294E 90 nop 7C93294F 90 nop 7C932950 90 nop 7C932951 6A 2C push 2C 7C932953 68 C029937C push 7C9329C0 7C932958 E8 65C4FFFF call 7C92EDC2 7C93295D 8365 D8 00 and dword ptr [ebp-28], 0 7C932961 8365 FC 00 and dword ptr [ebp-4], 0 7C932965 8D45 C8 lea eax, [ebp-38] 7C932968 50 push eax 7C932969 6A 02 push 2 7C93296B 6A 01 push 1 7C93296D FF75 08 push dword ptr [ebp+8] 7C932970 E8 E1DEFFFF call RtlImageDirectoryEntryToData 7C932975 8945 E0 mov [ebp-20], eax 7C932978 85C0 test eax, eax 7C93297A 0F84 37450300 je 7C966EB7 7C932980 F645 08 01 test byte ptr [ebp+8], 1 7C932984 0F85 AF040000 jnz 7C932E39 7C93298A 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C93298C 8975 DC mov [ebp-24], esi ; ntdll.ZwTerminateProcess 7C93298F 8B45 10 mov eax, [ebp+10] 7C932992 85C0 test eax, eax 7C932994 74 0C je short 7C9329A2 7C932996 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C932999 8B09 mov ecx, [ecx] 7C93299B 2BCE sub ecx, esi ; ntdll.ZwTerminateProcess 7C93299D 034D 08 add ecx, [ebp+8] 7C9329A0 8908 mov [eax], ecx 7C9329A2 8B45 14 mov eax, [ebp+14] 7C9329A5 85C0 test eax, eax 7C9329A7 ^ 0F85 5BEEFFFF jnz 7C931808 7C9329AD 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C9329B1 8B45 D8 mov eax, [ebp-28] 7C9329B4 E8 49C4FFFF call 7C92EE02 7C9329B9 C2 1000 retn 10 7C9329BC 90 nop 7C9329BD 90 nop 7C9329BE 90 nop 7C9329BF 90 nop 7C9329C0 FFFF ??? ; 未知命令 7C9329C2 FFFF ??? ; 未知命令 7C9329C4 CA 6E96 retf 966E 7C9329C7 ^ 7C DD jl short 7C9329A6 7C9329C9 6E outs dx, byte ptr es:[edi] 7C9329CA 96 xchg eax, esi ; ntdll.ZwTerminateProcess 7C9329CB ^ 7C C7 jl short 7C932994 7C9329CD 45 inc ebp 7C9329CE CC int3 7C9329CF 0D 0000C0E9 or eax, E9C00000 7C9329D4 46 inc esi ; ntdll.ZwTerminateProcess 7C9329D5 FFFF ??? ; 未知命令 7C9329D7 FF84DB 753D668B inc dword ptr [ebx+ebx*8+8B663D75] 7C9329DE 45 inc ebp 7C9329DF A0 663B45E0 mov al, [E0453B66] 7C9329E4 74 33 je short 7C932A19 7C9329E6 8B07 mov eax, [edi] 7C9329E8 8945 B8 mov [ebp-48], eax 7C9329EB 8B47 04 mov eax, [edi+4] 7C9329EE 8945 BC mov [ebp-44], eax 7C9329F1 0FB745 A0 movzx eax, word ptr [ebp-60] 7C9329F5 8945 C0 mov [ebp-40], eax 7C9329F8 FF75 18 push dword ptr [ebp+18] ; trscd.00454965 7C9329FB 8B45 14 mov eax, [ebp+14] 7C9329FE 83C8 04 or eax, 4 7C932A01 50 push eax 7C932A02 6A 03 push 3 7C932A04 8D45 B8 lea eax, [ebp-48] 7C932A07 50 push eax 7C932A08 56 push esi ; ntdll.ZwTerminateProcess 7C932A09 E8 7AFDFFFF call 7C932788 7C932A0E 8945 CC mov [ebp-34], eax 7C932A11 85C0 test eax, eax 7C932A13 0F8D CC870100 jge 7C94B1E5 7C932A19 8B07 mov eax, [edi] 7C932A1B 8945 B8 mov [ebp-48], eax 7C932A1E 8B47 04 mov eax, [edi+4] 7C932A21 8945 BC mov [ebp-44], eax 7C932A24 0FB745 E0 movzx eax, word ptr [ebp-20] 7C932A28 8945 C0 mov [ebp-40], eax 7C932A2B FF75 18 push dword ptr [ebp+18] ; trscd.00454965 7C932A2E 8B45 14 mov eax, [ebp+14] 7C932A31 83C8 04 or eax, 4 7C932A34 50 push eax 7C932A35 6A 03 push 3 7C932A37 8D45 B8 lea eax, [ebp-48] 7C932A3A 50 push eax 7C932A3B 56 push esi ; ntdll.ZwTerminateProcess 7C932A3C E8 47FDFFFF call 7C932788 7C932A41 8945 CC mov [ebp-34], eax 7C932A44 85C0 test eax, eax 7C932A46 0F8C 9B540100 jl 7C947EE7 7C932A4C E9 94870100 jmp 7C94B1E5 7C932A51 64:A1 18000000 mov eax, fs:[18] 7C932A57 8985 68FFFFFF mov [ebp-98], eax 7C932A5D E9 57010000 jmp 7C932BB9 7C932A62 68 3AC0997C push 7C99C03A 7C932A67 E8 EEB5FFFF call ZwQueryInstallUILanguage 7C932A6C 8945 CC mov [ebp-34], eax 7C932A6F 85C0 test eax, eax 7C932A71 0F8C 70540100 jl 7C947EE7 7C932A77 E9 C3310200 jmp 7C955C3F 7C932A7C 8365 DC 00 and dword ptr [ebp-24], 0 7C932A80 8345 C4 02 add dword ptr [ebp-3C], 2 7C932A84 E9 97000000 jmp 7C932B20 7C932A89 90 nop 7C932A8A 90 nop 7C932A8B 90 nop 7C932A8C 90 nop 7C932A8D 90 nop 7C932A8E 8B45 EC mov eax, [ebp-14] 7C932A91 8B00 mov eax, [eax] 7C932A93 8B00 mov eax, [eax] 7C932A95 8945 80 mov [ebp-80], eax 7C932A98 33C0 xor eax, eax 7C932A9A 40 inc eax 7C932A9B C3 retn 7C932A9C 90 nop 7C932A9D 90 nop 7C932A9E 90 nop 7C932A9F 90 nop 7C932AA0 90 nop 7C932AA1 8B65 E8 mov esp, [ebp-18] 7C932AA4 8B45 80 mov eax, [ebp-80] ; ntdll.7C931993 7C932AA7 8945 CC mov [ebp-34], eax 7C932AAA ^ E9 7CFEFFFF jmp 7C93292B 7C932AAF 90 nop 7C932AB0 1A2B sbb ch, [ebx] 7C932AB2 93 xchg eax, ebx 7C932AB3 ^ 7C C5 jl short 7C932A7A 7C932AB5 2B93 7C832B93 sub edx, [ebx+932B837C] 7C932ABB ^ 7C 89 jl short 7C932A46 7C932ABD 2B93 7C197E94 sub edx, [ebx+947E197C] 7C932AC3 ^ 7C 8A jl short 7C932A4F 7C932AC5 ^ 7E 94 jle short 7C932A5B 7C932AC7 ^ 7C EF jl short 7C932AB8 7C932AC9 ^ 7E 94 jle short 7C932A5F 7C932ACB 7C 1D jl short 7C932AEA 7C932ACD 5C pop esp ; ntdll.7C92E89A 7C932ACE 95 xchg eax, ebp 7C932ACF 7C 31 jl short 7C932B02 7C932AD1 5C pop esp ; ntdll.7C92E89A 7C932AD2 95 xchg eax, ebp 7C932AD3 7C 4A jl short 7C932B1F 7C932AD5 5C pop esp ; ntdll.7C92E89A 7C932AD6 95 xchg eax, ebp 7C932AD7 ^ 7C 80 jl short 7C932A59 7C932AD9 5C pop esp ; ntdll.7C92E89A 7C932ADA 95 xchg eax, ebp 7C932ADB ^ 7C 9E jl short 7C932A7B 7C932ADD 5C pop esp ; ntdll.7C92E89A 7C932ADE 95 xchg eax, ebp 7C932ADF ^ 7C A9 jl short 7C932A8A 7C932AE1 5C pop esp ; ntdll.7C92E89A 7C932AE2 95 xchg eax, ebp 7C932AE3 ^ 7C 9E jl short 7C932A83 7C932AE5 5C pop esp ; ntdll.7C92E89A 7C932AE6 95 xchg eax, ebp 7C932AE7 ^ 7C CF jl short 7C932AB8 7C932AE9 5C pop esp ; ntdll.7C92E89A 7C932AEA 95 xchg eax, ebp 7C932AEB ^ 7C DB jl short 7C932AC8 7C932AED 5C pop esp ; ntdll.7C92E89A 7C932AEE 95 xchg eax, ebp 7C932AEF 7C 03 jl short 7C932AF4 7C932AF1 F3: prefix rep: 7C932AF2 8975 A4 mov [ebp-5C], esi ; ntdll.ZwTerminateProcess 7C932AF5 ^ E9 77FCFFFF jmp 7C932771 7C932AFA 33DB xor ebx, ebx 7C932AFC 66:8B5F 08 mov bx, [edi+8] 7C932B00 895D A0 mov [ebp-60], ebx 7C932B03 66:81E3 FF03 and bx, 3FF 7C932B08 66:F7DB neg bx 7C932B0B 1BDB sbb ebx, ebx 7C932B0D 43 inc ebx 7C932B0E 885D D3 mov [ebp-2D], bl 7C932B11 EB 1F jmp short 7C932B32 7C932B13 - FF2485 B02A937C jmp [eax*4+7C932AB0] 7C932B1A 8B45 A0 mov eax, [ebp-60] ; ntdll.7C99C080 7C932B1D 8945 E0 mov [ebp-20], eax 7C932B20 66:837D E0 FF cmp word ptr [ebp-20], 0FFFF 7C932B25 74 1C je short 7C932B43 7C932B27 0FB745 E0 movzx eax, word ptr [ebp-20] 7C932B2B 8B4D E4 mov ecx, [ebp-1C] 7C932B2E 3BC1 cmp eax, ecx 7C932B30 75 11 jnz short 7C932B43 7C932B32 8B45 C4 mov eax, [ebp-3C] ; ntdll.7C92F0AA 7C932B35 FF45 C4 inc dword ptr [ebp-3C] ; ntdll.7C92F0AA 7C932B38 83F8 0F cmp eax, 0F 7C932B3B 0F87 E58F0100 ja 7C94BB26 7C932B41 ^ EB D0 jmp short 7C932B13 7C932B43 0FB74D E0 movzx ecx, word ptr [ebp-20] 7C932B47 894D E4 mov [ebp-1C], ecx 7C932B4A 8D45 E4 lea eax, [ebp-1C] 7C932B4D 8945 0C mov [ebp+C], eax 7C932B50 8B45 A8 mov eax, [ebp-58] ; ntdll.7C92EE18 7C932B53 8945 B4 mov [ebp-4C], eax 7C932B56 ^ E9 B2FCFFFF jmp 7C93280D 7C932B5B F645 14 02 test byte ptr [ebp+14], 2 7C932B5F ^ 0F85 8FFDFFFF jnz 7C9328F4 7C932B65 8B45 18 mov eax, [ebp+18] ; trscd.00454965 7C932B68 8930 mov [eax], esi ; ntdll.ZwTerminateProcess 7C932B6A 8365 CC 00 and dword ptr [ebp-34], 0 7C932B6E ^ E9 ABFDFFFF jmp 7C93291E 7C932B73 837D A8 00 cmp dword ptr [ebp-58], 0 7C932B77 ^ 0F84 AEFDFFFF je 7C93292B 7C932B7D 8365 A4 00 and dword ptr [ebp-5C], 0 7C932B81 ^ EB AF jmp short 7C932B32 7C932B83 8365 E0 00 and dword ptr [ebp-20], 0 7C932B87 ^ EB 97 jmp short 7C932B20 7C932B89 84DB test bl, bl 7C932B8B 0F84 69530100 je 7C947EFA 7C932B91 64:A1 18000000 mov eax, fs:[18] 7C932B97 8985 6CFFFFFF mov [ebp-94], eax 7C932B9D 8B40 30 mov eax, [eax+30] 7C932BA0 8B40 10 mov eax, [eax+10] 7C932BA3 8378 10 00 cmp dword ptr [eax+10], 0 7C932BA7 0F84 3A530100 je 7C947EE7 7C932BAD 64:A1 18000000 mov eax, fs:[18] 7C932BB3 8985 50FFFFFF mov [ebp-B0], eax 7C932BB9 0FB780 C4000000 movzx eax, word ptr [eax+C4] 7C932BC0 ^ E9 58FFFFFF jmp 7C932B1D 7C932BC5 F645 14 04 test byte ptr [ebp+14], 4 7C932BC9 0F85 578F0100 jnz 7C94BB26 7C932BCF 8B45 A0 mov eax, [ebp-60] ; ntdll.7C99C080 7C932BD2 25 FF03FFFF and eax, FFFF03FF 7C932BD7 ^ E9 41FFFFFF jmp 7C932B1D 7C932BDC 90 nop 7C932BDD 90 nop 7C932BDE 90 nop 7C932BDF 90 nop 7C932BE0 90 nop 7C932BE1 8BFF mov edi, edi 7C932BE3 55 push ebp 7C932BE4 8BEC mov ebp, esp 7C932BE6 83EC 1C sub esp, 1C 7C932BE9 53 push ebx 7C932BEA 8B5D 08 mov ebx, [ebp+8] 7C932BED 8D45 08 lea eax, [ebp+8] 7C932BF0 50 push eax 7C932BF1 6A 02 push 2 7C932BF3 6A 01 push 1 7C932BF5 53 push ebx 7C932BF6 E8 5BDCFFFF call RtlImageDirectoryEntryToData 7C932BFB 85C0 test eax, eax 7C932BFD 0F84 F1020000 je 7C932EF4 7C932C03 3945 0C cmp [ebp+C], eax 7C932C06 0F82 DF420300 jb 7C966EEB 7C932C0C 8BC3 mov eax, ebx 7C932C0E 83E0 FE and eax, FFFFFFFE 7C932C11 50 push eax 7C932C12 E8 32DCFFFF call RtlImageNtHeader 7C932C17 85C0 test eax, eax 7C932C19 74 27 je short 7C932C42 7C932C1B 56 push esi ; ntdll.ZwTerminateProcess 7C932C1C 8BF3 mov esi, ebx 7C932C1E 83E6 FE and esi, FFFFFFFE 7C932C21 F6C3 01 test bl, 1 7C932C24 0F85 A8020000 jnz 7C932ED2 7C932C2A 8B40 50 mov eax, [eax+50] 7C932C2D 3975 0C cmp [ebp+C], esi ; ntdll.ZwTerminateProcess 7C932C30 0F82 CB420300 jb 7C966F01 7C932C36 03C6 add eax, esi ; ntdll.ZwTerminateProcess 7C932C38 3945 0C cmp [ebp+C], eax 7C932C3B 0F83 C0420300 jnb 7C966F01 7C932C41 5E pop esi ; ntdll.7C92E89A 7C932C42 85DB test ebx, ebx 7C932C44 0F84 AA020000 je 7C932EF4 7C932C4A FF75 14 push dword ptr [ebp+14] 7C932C4D FF75 10 push dword ptr [ebp+10] 7C932C50 FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C932C53 53 push ebx 7C932C54 E8 F8FCFFFF call 7C932951 7C932C59 5B pop ebx ; ntdll.7C92E89A 7C932C5A C9 leave 7C932C5B C2 1000 retn 10 7C932C5E 8B47 04 mov eax, [edi+4] 7C932C61 8B7D 9C mov edi, [ebp-64] 7C932C64 85C0 test eax, eax 7C932C66 0F89 00600200 jns 7C958C6C 7C932C6C 25 FFFFFF7F and eax, 7FFFFFFF 7C932C71 0345 AC add eax, [ebp-54] 7C932C74 8945 B4 mov [ebp-4C], eax 7C932C77 ^ E9 F5FAFFFF jmp 7C932771 7C932C7C 90 nop 7C932C7D 90 nop 7C932C7E 90 nop 7C932C7F 90 nop 7C932C80 90 nop 7C932C81 > 8BFF mov edi, edi 7C932C83 55 push ebp 7C932C84 8BEC mov ebp, esp 7C932C86 FF75 14 push dword ptr [ebp+14] 7C932C89 6A 00 push 0 7C932C8B FF75 10 push dword ptr [ebp+10] 7C932C8E FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C932C91 FF75 08 push dword ptr [ebp+8] 7C932C94 E8 EFFAFFFF call 7C932788 7C932C99 5D pop ebp ; ntdll.7C92E89A 7C932C9A C2 1000 retn 10 7C932C9D 90 nop 7C932C9E 90 nop 7C932C9F 90 nop 7C932CA0 90 nop 7C932CA1 90 nop 7C932CA2 > FF7424 10 push dword ptr [esp+10] 7C932CA6 FF7424 10 push dword ptr [esp+10] 7C932CAA FF7424 10 push dword ptr [esp+10] 7C932CAE FF7424 10 push dword ptr [esp+10] 7C932CB2 E8 2AFFFFFF call 7C932BE1 7C932CB7 C2 1000 retn 10 7C932CBA 83C7 F8 add edi, -8 7C932CBD 897D 8C mov [ebp-74], edi 7C932CC0 807D CB 00 cmp byte ptr [ebp-35], 0 7C932CC4 ^ 0F85 EAFBFFFF jnz 7C9328B4 7C932CCA 4B dec ebx 7C932CCB ^ E9 E7FBFFFF jmp 7C9328B7 7C932CD0 90 nop 7C932CD1 90 nop 7C932CD2 90 nop 7C932CD3 90 nop 7C932CD4 90 nop 7C932CD5 > 68 2C0D0000 push 0D2C 7C932CDA 68 382D937C push 7C932D38 7C932CDF E8 DEC0FFFF call 7C92EDC2 7C932CE4 A1 34C0997C mov eax, [7C99C034] 7C932CE9 8945 E4 mov [ebp-1C], eax 7C932CEC 8B7D 08 mov edi, [ebp+8] 7C932CEF 89BD 44F3FFFF mov [ebp-CBC], edi 7C932CF5 8B75 0C mov esi, [ebp+C] ; RPCRT4.77E8F3B0 7C932CF8 33DB xor ebx, ebx 7C932CFA 899D 60F3FFFF mov [ebp-CA0], ebx 7C932D00 899D 90F3FFFF mov [ebp-C70], ebx 7C932D06 899D 88F3FFFF mov [ebp-C78], ebx 7C932D0C 889D A7F3FFFF mov [ebp-C59], bl 7C932D12 899D 8CF3FFFF mov [ebp-C74], ebx 7C932D18 E8 38000000 call LdrAlternateResourcesEnabled 7C932D1D 84C0 test al, al 7C932D1F 0F85 6B460300 jnz 7C967390 7C932D25 33C0 xor eax, eax 7C932D27 8B4D E4 mov ecx, [ebp-1C] 7C932D2A E8 58D6FFFF call 7C930387 7C932D2F E8 CEC0FFFF call 7C92EE02 7C932D34 C2 0800 retn 8 7C932D37 90 nop 7C932D38 FFFF ??? ; 未知命令 7C932D3A FFFF ??? ; 未知命令 7C932D3C 0000 add [eax], al 7C932D3E 0000 add [eax], al 7C932D40 7A 7A jpe short 7C932DBC 7C932D42 96 xchg eax, esi ; ntdll.ZwTerminateProcess 7C932D43 7C 00 jl short 7C932D45 7C932D45 0000 add [eax], al 7C932D47 0000 add [eax], al 7C932D49 0000 add [eax], al 7C932D4B 0006 add [esi], al 7C932D4D ^ 76 96 jbe short 7C932CE5 7C932D4F ^ 7C 90 jl short 7C932CE1 7C932D51 90 nop 7C932D52 90 nop 7C932D53 90 nop 7C932D54 90 nop 7C932D55 > 66:833D 38C0997>cmp word ptr [7C99C038], 0 7C932D5D 0F84 E1BC0000 je 7C93EA44 7C932D63 64:A1 18000000 mov eax, fs:[18] 7C932D69 83B8 980F0000 0>cmp dword ptr [eax+F98], 0 7C932D70 0F85 CEBC0000 jnz 7C93EA44 7C932D76 66:833D 3AC0997>cmp word ptr [7C99C03A], 0 7C932D7E 0F84 EFEB0000 je 7C941973 7C932D84 66:A1 3AC0997C mov ax, [7C99C03A] 7C932D8A 66:3905 38C0997>cmp [7C99C038], ax 7C932D91 0F95C0 setne al 7C932D94 C3 retn 7C932D95 3B50 54 cmp edx, [eax+54] 7C932D98 ^ 0F82 37DBFFFF jb 7C9308D5 7C932D9E 52 push edx ; msvcrt.77C31AE8 7C932D9F FF75 08 push dword ptr [ebp+8] 7C932DA2 50 push eax 7C932DA3 E8 0A000000 call RtlAddressInSectionTable 7C932DA8 ^ E9 2DDBFFFF jmp 7C9308DA 7C932DAD 90 nop 7C932DAE 90 nop 7C932DAF 90 nop 7C932DB0 90 nop 7C932DB1 90 nop 7C932DB2 > 8BFF mov edi, edi 7C932DB4 55 push ebp 7C932DB5 8BEC mov ebp, esp 7C932DB7 FF75 10 push dword ptr [ebp+10] 7C932DBA FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C932DBD FF75 08 push dword ptr [ebp+8] 7C932DC0 E8 1F000000 call RtlImageRvaToSection 7C932DC5 8BC8 mov ecx, eax 7C932DC7 85C9 test ecx, ecx 7C932DC9 74 10 je short 7C932DDB 7C932DCB 8B41 14 mov eax, [ecx+14] 7C932DCE 2B41 0C sub eax, [ecx+C] 7C932DD1 0345 0C add eax, [ebp+C] ; RPCRT4.77E8F3B0 7C932DD4 0345 10 add eax, [ebp+10] 7C932DD7 5D pop ebp ; ntdll.7C92E89A 7C932DD8 C2 0C00 retn 0C 7C932DDB 33C0 xor eax, eax 7C932DDD ^ EB F8 jmp short 7C932DD7 7C932DDF 90 nop 7C932DE0 90 nop 7C932DE1 90 nop 7C932DE2 90 nop 7C932DE3 90 nop 7C932DE4 > 8BFF mov edi, edi 7C932DE6 55 push ebp 7C932DE7 8BEC mov ebp, esp 7C932DE9 8B4D 08 mov ecx, [ebp+8] 7C932DEC 0FB741 14 movzx eax, word ptr [ecx+14] 7C932DF0 8D4408 18 lea eax, [eax+ecx+18] 7C932DF4 0FB749 06 movzx ecx, word ptr [ecx+6] 7C932DF8 56 push esi ; ntdll.ZwTerminateProcess 7C932DF9 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C932DFB 85C9 test ecx, ecx 7C932DFD 57 push edi 7C932DFE 76 22 jbe short 7C932E22 7C932E00 8B50 0C mov edx, [eax+C] 7C932E03 3955 10 cmp [ebp+10], edx ; msvcrt.77C31AE8 7C932E06 72 0A jb short 7C932E12 7C932E08 8B78 10 mov edi, [eax+10] 7C932E0B 03FA add edi, edx ; msvcrt.77C31AE8 7C932E0D 397D 10 cmp [ebp+10], edi 7C932E10 72 0A jb short 7C932E1C 7C932E12 83C0 28 add eax, 28 7C932E15 46 inc esi ; ntdll.ZwTerminateProcess 7C932E16 3BF1 cmp esi, ecx 7C932E18 73 08 jnb short 7C932E22 7C932E1A ^ EB E4 jmp short 7C932E00 7C932E1C 5F pop edi ; ntdll.7C92E89A 7C932E1D 5E pop esi ; ntdll.7C92E89A 7C932E1E 5D pop ebp ; ntdll.7C92E89A 7C932E1F C2 0C00 retn 0C 7C932E22 33C0 xor eax, eax 7C932E24 ^ EB F6 jmp short 7C932E1C 7C932E26 83E3 FE and ebx, FFFFFFFE 7C932E29 C645 0C 00 mov byte ptr [ebp+C], 0 7C932E2D ^ E9 36DAFFFF jmp 7C930868 7C932E32 33C0 xor eax, eax 7C932E34 ^ E9 5CDAFFFF jmp 7C930895 7C932E39 8365 08 FE and dword ptr [ebp+8], FFFFFFFE 7C932E3D FF75 08 push dword ptr [ebp+8] 7C932E40 E8 04DAFFFF call RtlImageNtHeader 7C932E45 8BD8 mov ebx, eax 7C932E47 895D C4 mov [ebp-3C], ebx 7C932E4A 66:8B43 18 mov ax, [ebx+18] 7C932E4E 66:3D 0B01 cmp ax, 10B 7C932E52 0F85 47400300 jnz 7C966E9F 7C932E58 8B83 88000000 mov eax, [ebx+88] 7C932E5E 8945 E4 mov [ebp-1C], eax 7C932E61 85C0 test eax, eax 7C932E63 0F84 4E400300 je 7C966EB7 7C932E69 8BF0 mov esi, eax 7C932E6B 2B75 E0 sub esi, [ebp-20] 7C932E6E 0375 08 add esi, [ebp+8] 7C932E71 8975 DC mov [ebp-24], esi ; ntdll.ZwTerminateProcess 7C932E74 50 push eax 7C932E75 FF75 08 push dword ptr [ebp+8] 7C932E78 53 push ebx 7C932E79 E8 66FFFFFF call RtlImageRvaToSection 7C932E7E 8945 D4 mov [ebp-2C], eax 7C932E81 85C0 test eax, eax 7C932E83 0F84 2E400300 je 7C966EB7 7C932E89 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C932E8C 8B09 mov ecx, [ecx] 7C932E8E 3B48 08 cmp ecx, [eax+8] 7C932E91 ^ 0F86 F8FAFFFF jbe 7C93298F 7C932E97 8B40 0C mov eax, [eax+C] 7C932E9A 8945 D0 mov [ebp-30], eax 7C932E9D 51 push ecx 7C932E9E FF75 08 push dword ptr [ebp+8] 7C932EA1 53 push ebx 7C932EA2 E8 3DFFFFFF call RtlImageRvaToSection 7C932EA7 8BF8 mov edi, eax 7C932EA9 897D D4 mov [ebp-2C], edi 7C932EAC 85FF test edi, edi 7C932EAE 0F84 03400300 je 7C966EB7 7C932EB4 FF77 0C push dword ptr [edi+C] 7C932EB7 FF75 08 push dword ptr [ebp+8] 7C932EBA 53 push ebx 7C932EBB E8 F2FEFFFF call RtlAddressInSectionTable 7C932EC0 8B4F 0C mov ecx, [edi+C] 7C932EC3 2B4D D0 sub ecx, [ebp-30] 7C932EC6 034D E0 add ecx, [ebp-20] 7C932EC9 2BC8 sub ecx, eax 7C932ECB 03F1 add esi, ecx 7C932ECD ^ E9 BAFAFFFF jmp 7C93298C 7C932ED2 6A 00 push 0 7C932ED4 6A 1C push 1C 7C932ED6 8D45 E4 lea eax, [ebp-1C] 7C932ED9 50 push eax 7C932EDA 6A 00 push 0 7C932EDC 56 push esi ; ntdll.ZwTerminateProcess 7C932EDD 6A FF push -1 7C932EDF E8 2FB3FFFF call ZwQueryVirtualMemory 7C932EE4 85C0 test eax, eax 7C932EE6 0F8C 0E400300 jl 7C966EFA 7C932EEC 8B45 F0 mov eax, [ebp-10] 7C932EEF ^ E9 39FDFFFF jmp 7C932C2D 7C932EF4 B8 890000C0 mov eax, C0000089 7C932EF9 ^ E9 5BFDFFFF jmp 7C932C59 7C932EFE 85F6 test esi, esi ; ntdll.ZwTerminateProcess 7C932F00 8B45 08 mov eax, [ebp+8] 7C932F03 8945 08 mov [ebp+8], eax 7C932F06 74 38 je short 7C932F40 7C932F08 8B7D 0C mov edi, [ebp+C] ; RPCRT4.77E8F3B0 7C932F0B 85FF test edi, edi 7C932F0D 74 31 je short 7C932F40 7C932F0F 8B4D 14 mov ecx, [ebp+14] 7C932F12 0FB709 movzx ecx, word ptr [ecx] 7C932F15 8B15 60E2997C mov edx, [7C99E260] 7C932F1B 66:8B0C4A mov cx, [edx+ecx*2] 7C932F1F 8345 14 02 add dword ptr [ebp+14], 2 7C932F23 66:8BD1 mov dx, cx 7C932F26 66:C1EA 08 shr dx, 8 7C932F2A 84D2 test dl, dl 7C932F2C 74 0B je short 7C932F39 7C932F2E 8BDF mov ebx, edi 7C932F30 4F dec edi 7C932F31 83FB 02 cmp ebx, 2 7C932F34 72 0A jb short 7C932F40 7C932F36 8810 mov [eax], dl 7C932F38 40 inc eax 7C932F39 8808 mov [eax], cl 7C932F3B 40 inc eax 7C932F3C 4F dec edi 7C932F3D 4E dec esi ; ntdll.ZwTerminateProcess 7C932F3E ^ 75 CB jnz short 7C932F0B 7C932F40 8B4D 10 mov ecx, [ebp+10] 7C932F43 85C9 test ecx, ecx 7C932F45 0F84 BB000000 je 7C933006 7C932F4B 2B45 08 sub eax, [ebp+8] 7C932F4E 8901 mov [ecx], eax 7C932F50 E9 B1000000 jmp 7C933006 7C932F55 90 nop 7C932F56 FF2F jmp far fword ptr [edi] 7C932F58 93 xchg eax, ebx 7C932F59 ^ 7C F5 jl short 7C932F50 7C932F5B 2F das 7C932F5C 93 xchg eax, ebx 7C932F5D 7C 0F jl short 7C932F6E 7C932F5F 3093 7C2F3093 xor [ebx+93302F7C], dl 7C932F65 7C 25 jl short 7C932F8C 7C932F67 3093 7C1B3093 xor [ebx+93301B7C], dl 7C932F6D 7C 45 jl short 7C932FB4 7C932F6F 3093 7C3B3093 xor [ebx+93303B7C], dl 7C932F75 7C 51 jl short 7C932FC8 7C932F77 3093 7C5D3093 xor [ebx+93305D7C], dl 7C932F7D 7C 69 jl short 7C932FE8 7C932F7F 3093 7C753093 xor [ebx+9330757C], dl 7C932F85 ^ 7C 81 jl short 7C932F08 7C932F87 3093 7C8D3093 xor [ebx+93308D7C], dl 7C932F8D ^ 7C 99 jl short 7C932F28 7C932F8F 3093 7CA53093 xor [ebx+9330A57C], dl 7C932F95 ^ 7C 90 jl short 7C932F27 7C932F97 90 nop 7C932F98 90 nop 7C932F99 90 nop 7C932F9A 90 nop 7C932F9B > 8BFF mov edi, edi 7C932F9D 55 push ebp 7C932F9E 8BEC mov ebp, esp 7C932FA0 53 push ebx 7C932FA1 56 push esi ; ntdll.ZwTerminateProcess 7C932FA2 8B75 18 mov esi, [ebp+18] ; trscd.00454965 7C932FA5 D1EE shr esi, 1 7C932FA7 803D 10C0997C 0>cmp byte ptr [NlsMbCodePageTag], 0 7C932FAE 57 push edi 7C932FAF ^ 0F85 49FFFFFF jnz 7C932EFE 7C932FB5 8B55 0C mov edx, [ebp+C] ; RPCRT4.77E8F3B0 7C932FB8 3BF2 cmp esi, edx ; msvcrt.77C31AE8 7C932FBA ^ 0F82 1EDDFFFF jb 7C930CDE 7C932FC0 8B45 10 mov eax, [ebp+10] 7C932FC3 85C0 test eax, eax 7C932FC5 74 02 je short 7C932FC9 7C932FC7 8910 mov [eax], edx ; msvcrt.77C31AE8 7C932FC9 8B4D 08 mov ecx, [ebp+8] 7C932FCC 8B45 14 mov eax, [ebp+14] 7C932FCF 8B35 40C0997C mov esi, [7C99C040] 7C932FD5 8BFA mov edi, edx ; msvcrt.77C31AE8 7C932FD7 83E7 0F and edi, 0F 7C932FDA 03CF add ecx, edi 7C932FDC 8D0478 lea eax, [eax+edi*2] 7C932FDF 83C1 F1 add ecx, -0F 7C932FE2 83C0 E2 add eax, -1E 7C932FE5 83FF 0F cmp edi, 0F 7C932FE8 0F87 C1000000 ja 7C9330AF 7C932FEE FF24BD 562F937C jmp [edi*4+7C932F56] ; ntdll.7C932FFF 7C932FF5 0FB758 1C movzx ebx, word ptr [eax+1C] 7C932FF9 8A1C33 mov bl, [ebx+esi] 7C932FFC 8859 0E mov [ecx+E], bl 7C932FFF 6A 10 push 10 7C933001 2BD7 sub edx, edi 7C933003 5F pop edi ; ntdll.7C92E89A 7C933004 ^ 75 DF jnz short 7C932FE5 7C933006 5F pop edi ; ntdll.7C92E89A 7C933007 5E pop esi ; ntdll.7C92E89A 7C933008 33C0 xor eax, eax 7C93300A 5B pop ebx ; ntdll.7C92E89A 7C93300B 5D pop ebp ; ntdll.7C92E89A 7C93300C C2 1400 retn 14 7C93300F 0FB758 1A movzx ebx, word ptr [eax+1A] 7C933013 8A1C33 mov bl, [ebx+esi] 7C933016 8859 0D mov [ecx+D], bl 7C933019 ^ EB DA jmp short 7C932FF5 7C93301B 0FB758 14 movzx ebx, word ptr [eax+14] 7C93301F 8A1C33 mov bl, [ebx+esi] 7C933022 8859 0A mov [ecx+A], bl 7C933025 0FB758 16 movzx ebx, word ptr [eax+16] 7C933029 8A1C33 mov bl, [ebx+esi] 7C93302C 8859 0B mov [ecx+B], bl 7C93302F 0FB758 18 movzx ebx, word ptr [eax+18] 7C933033 8A1C33 mov bl, [ebx+esi] 7C933036 8859 0C mov [ecx+C], bl 7C933039 ^ EB D4 jmp short 7C93300F 7C93303B 0FB758 10 movzx ebx, word ptr [eax+10] 7C93303F 8A1C33 mov bl, [ebx+esi] 7C933042 8859 08 mov [ecx+8], bl 7C933045 0FB758 12 movzx ebx, word ptr [eax+12] 7C933049 8A1C33 mov bl, [ebx+esi] 7C93304C 8859 09 mov [ecx+9], bl 7C93304F ^ EB CA jmp short 7C93301B 7C933051 0FB758 0E movzx ebx, word ptr [eax+E] 7C933055 8A1C33 mov bl, [ebx+esi] 7C933058 8859 07 mov [ecx+7], bl 7C93305B ^ EB DE jmp short 7C93303B 7C93305D 0FB758 0C movzx ebx, word ptr [eax+C] 7C933061 8A1C33 mov bl, [ebx+esi] 7C933064 8859 06 mov [ecx+6], bl 7C933067 ^ EB E8 jmp short 7C933051 7C933069 0FB758 0A movzx ebx, word ptr [eax+A] 7C93306D 8A1C33 mov bl, [ebx+esi] 7C933070 8859 05 mov [ecx+5], bl 7C933073 ^ EB E8 jmp short 7C93305D 7C933075 0FB758 08 movzx ebx, word ptr [eax+8] 7C933079 8A1C33 mov bl, [ebx+esi] 7C93307C 8859 04 mov [ecx+4], bl 7C93307F ^ EB E8 jmp short 7C933069 7C933081 0FB758 06 movzx ebx, word ptr [eax+6] 7C933085 8A1C33 mov bl, [ebx+esi] 7C933088 8859 03 mov [ecx+3], bl 7C93308B ^ EB E8 jmp short 7C933075 7C93308D 0FB758 04 movzx ebx, word ptr [eax+4] 7C933091 8A1C33 mov bl, [ebx+esi] 7C933094 8859 02 mov [ecx+2], bl 7C933097 ^ EB E8 jmp short 7C933081 7C933099 0FB758 02 movzx ebx, word ptr [eax+2] 7C93309D 8A1C33 mov bl, [ebx+esi] 7C9330A0 8859 01 mov [ecx+1], bl 7C9330A3 ^ EB E8 jmp short 7C93308D 7C9330A5 0FB718 movzx ebx, word ptr [eax] 7C9330A8 8A1C33 mov bl, [ebx+esi] 7C9330AB 8819 mov [ecx], bl 7C9330AD ^ EB EA jmp short 7C933099 7C9330AF 0FB758 1E movzx ebx, word ptr [eax+1E] 7C9330B3 8A1C33 mov bl, [ebx+esi] 7C9330B6 83C0 20 add eax, 20 7C9330B9 83C1 10 add ecx, 10 7C9330BC 8859 FF mov [ecx-1], bl 7C9330BF ^ EB E4 jmp short 7C9330A5 7C9330C1 90 nop 7C9330C2 90 nop 7C9330C3 90 nop 7C9330C4 90 nop 7C9330C5 90 nop 7C9330C6 > 8BFF mov edi, edi 7C9330C8 55 push ebp 7C9330C9 8BEC mov ebp, esp 7C9330CB 51 push ecx 7C9330CC 53 push ebx 7C9330CD 33DB xor ebx, ebx 7C9330CF 381D 10C0997C cmp [NlsMbCodePageTag], bl 7C9330D5 57 push edi 7C9330D6 8B7D 0C mov edi, [ebp+C] ; RPCRT4.77E8F3B0 7C9330D9 895D FC mov [ebp-4], ebx 7C9330DC 0F85 FC930200 jnz 7C95C4DE 7C9330E2 0FB707 movzx eax, word ptr [edi] 7C9330E5 40 inc eax 7C9330E6 40 inc eax 7C9330E7 D1E8 shr eax, 1 7C9330E9 3D FFFF0000 cmp eax, 0FFFF 7C9330EE 0F87 F5930200 ja 7C95C4E9 7C9330F4 385D 10 cmp [ebp+10], bl 7C9330F7 56 push esi ; ntdll.ZwTerminateProcess 7C9330F8 8B75 08 mov esi, [ebp+8] 7C9330FB 8D48 FF lea ecx, [eax-1] 7C9330FE 66:890E mov [esi], cx 7C933101 0F84 C1160000 je 7C9347C8 7C933107 50 push eax 7C933108 66:8946 02 mov [esi+2], ax 7C93310C FF15 C009937C call [7C9309C0] ; ntdll.7C9309C9 7C933112 3BC3 cmp eax, ebx 7C933114 8946 04 mov [esi+4], eax 7C933117 0F84 D6930200 je 7C95C4F3 7C93311D 0FB707 movzx eax, word ptr [edi] 7C933120 50 push eax 7C933121 FF77 04 push dword ptr [edi+4] 7C933124 8D45 0C lea eax, [ebp+C] 7C933127 50 push eax 7C933128 0FB706 movzx eax, word ptr [esi] 7C93312B 50 push eax 7C93312C FF76 04 push dword ptr [esi+4] 7C93312F E8 67FEFFFF call RtlUnicodeToMultiByteN 7C933134 8BF8 mov edi, eax 7C933136 3BFB cmp edi, ebx 7C933138 0F8C DE930200 jl 7C95C51C 7C93313E 8B46 04 mov eax, [esi+4] 7C933141 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C933144 881C01 mov [ecx+eax], bl 7C933147 8B45 FC mov eax, [ebp-4] 7C93314A 5E pop esi ; ntdll.7C92E89A 7C93314B 5F pop edi ; ntdll.7C92E89A 7C93314C 5B pop ebx ; ntdll.7C92E89A 7C93314D C9 leave 7C93314E C2 0C00 retn 0C 7C933151 90 nop 7C933152 90 nop 7C933153 90 nop 7C933154 90 nop 7C933155 90 nop 7C933156 > 8BFF mov edi, edi 7C933158 55 push ebp 7C933159 8BEC mov ebp, esp 7C93315B 837D 0C 01 cmp dword ptr [ebp+C], 1 7C93315F 0F84 BDF60000 je 7C942822 7C933165 33C0 xor eax, eax 7C933167 40 inc eax 7C933168 5D pop ebp ; ntdll.7C92E89A 7C933169 C2 0C00 retn 0C 7C93316C 90 nop 7C93316D 90 nop 7C93316E 90 nop 7C93316F 90 nop 7C933170 90 nop 7C933171 > 6A 14 push 14 7C933173 68 1832937C push 7C933218 7C933178 E8 45BCFFFF call 7C92EDC2 7C93317D 8A1D 20C1997C mov bl, [7C99C120] 7C933183 8B75 0C mov esi, [ebp+C] ; RPCRT4.77E8F3B0 7C933186 33D2 xor edx, edx ; msvcrt.77C31AE8 7C933188 3BF2 cmp esi, edx ; msvcrt.77C31AE8 7C93318A 0F85 A3530200 jnz 7C958533 7C933190 8B7D 10 mov edi, [ebp+10] 7C933193 3BFA cmp edi, edx ; msvcrt.77C31AE8 7C933195 74 02 je short 7C933199 7C933197 8917 mov [edi], edx ; msvcrt.77C31AE8 7C933199 8B4D 08 mov ecx, [ebp+8] 7C93319C F7C1 FCFFFFFF test ecx, FFFFFFFC 7C9331A2 0F85 8C9F0200 jnz 7C95D134 7C9331A8 3BFA cmp edi, edx ; msvcrt.77C31AE8 7C9331AA 0F84 9D9F0200 je 7C95D14D 7C9331B0 8BC1 mov eax, ecx 7C9331B2 83E0 02 and eax, 2 7C9331B5 0F85 7F530200 jnz 7C95853A 7C9331BB 84DB test bl, bl 7C9331BD 75 4A jnz short 7C933209 7C9331BF 33DB xor ebx, ebx 7C9331C1 43 inc ebx 7C9331C2 84CB test bl, cl 7C9331C4 0F84 7A160000 je 7C934844 7C9331CA 68 D8C0997C push 7C99C0D8 7C9331CF 3BC2 cmp eax, edx ; msvcrt.77C31AE8 7C9331D1 0F85 41540200 jnz 7C958618 7C9331D7 E8 29DEFEFF call RtlEnterCriticalSection 7C9331DC 85F6 test esi, esi ; ntdll.ZwTerminateProcess 7C9331DE 0F85 A69F0200 jnz 7C95D18A 7C9331E4 64:A1 18000000 mov eax, fs:[18] 7C9331EA B9 44C0997C mov ecx, 7C99C044 7C9331EF F0:0FC119 lock xadd [ecx], ebx 7C9331F3 43 inc ebx 7C9331F4 81E3 FFFF0000 and ebx, 0FFFF 7C9331FA 8B40 24 mov eax, [eax+24] 7C9331FD 25 FF0F0000 and eax, 0FFF 7C933202 C1E0 10 shl eax, 10 7C933205 0BD8 or ebx, eax 7C933207 891F mov [edi], ebx 7C933209 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C93320B 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C93320D E8 F0BBFFFF call 7C92EE02 7C933212 C2 0C00 retn 0C 7C933215 90 nop 7C933216 90 nop 7C933217 90 nop 7C933218 FFFF ??? ; 未知命令 7C93321A FFFF ??? ; 未知命令 7C93321C C1D1 95 rcl ecx, 95 7C93321F ^ 7C DC jl short 7C9331FD 7C933221 D195 7C909090 rcl dword ptr [ebp+9090907C], 1 7C933227 90 nop 7C933228 90 nop 7C933229 > 6A 0C push 0C 7C93322B 68 9032937C push 7C933290 7C933230 E8 8DBBFFFF call 7C92EDC2 7C933235 8B55 08 mov edx, [ebp+8] 7C933238 F7C2 FEFFFFFF test edx, FFFFFFFE 7C93323E 0F85 26A00200 jnz 7C95D26A 7C933244 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C933247 85C9 test ecx, ecx 7C933249 74 36 je short 7C933281 7C93324B F7C1 000000F0 test ecx, F0000000 7C933251 0F85 2CA00200 jnz 7C95D283 7C933257 64:A1 18000000 mov eax, fs:[18] 7C93325D C1E9 10 shr ecx, 10 7C933260 3348 24 xor ecx, [eax+24] 7C933263 66:F7C1 FF0F test cx, 0FFF 7C933268 0F85 15A00200 jnz 7C95D283 7C93326E F6C2 01 test dl, 1 7C933271 0F84 9D750100 je 7C94A814 7C933277 68 D8C0997C push 7C99C0D8 7C93327C E8 6CDEFEFF call RtlLeaveCriticalSection 7C933281 33C0 xor eax, eax 7C933283 E8 7ABBFFFF call 7C92EE02 7C933288 C2 0800 retn 8 7C93328B 90 nop 7C93328C 90 nop 7C93328D 90 nop 7C93328E 90 nop 7C93328F 90 nop 7C933290 FFFF ??? ; 未知命令 7C933292 FFFF ??? ; 未知命令 7C933294 A1 D2957CBC mov eax, [BC7C95D2] 7C933299 D295 7C909090 rcl byte ptr [ebp+9090907C], cl 7C93329F 90 nop 7C9332A0 90 nop 7C9332A1 > 8BFF mov edi, edi 7C9332A3 55 push ebp 7C9332A4 8BEC mov ebp, esp 7C9332A6 8B45 14 mov eax, [ebp+14] 7C9332A9 53 push ebx 7C9332AA 33DB xor ebx, ebx 7C9332AC 3BC3 cmp eax, ebx 7C9332AE 56 push esi ; ntdll.ZwTerminateProcess 7C9332AF 8B75 08 mov esi, [ebp+8] 7C9332B2 0F8C 719A0200 jl 7C95CD29 7C9332B8 895E 04 mov [esi+4], ebx 7C9332BB 8BC8 mov ecx, eax 7C9332BD C1E1 10 shl ecx, 10 7C9332C0 0BC8 or ecx, eax 7C9332C2 8B45 10 mov eax, [ebp+10] 7C9332C5 81C1 10002C00 add ecx, 2C0010 7C9332CB 890E mov [esi], ecx 7C9332CD 895E 18 mov [esi+18], ebx 7C9332D0 8946 1C mov [esi+1C], eax 7C9332D3 381D 38C1997C cmp [7C99C138], bl 7C9332D9 0F85 A9E30100 jnz 7C951688 7C9332DF 57 push edi 7C9332E0 8B7D 0C mov edi, [ebp+C] ; RPCRT4.77E8F3B0 7C9332E3 3BFB cmp edi, ebx 7C9332E5 0F85 5EB90000 jnz 7C93EC49 7C9332EB 56 push esi ; ntdll.ZwTerminateProcess 7C9332EC 56 push esi ; ntdll.ZwTerminateProcess 7C9332ED FF35 34C1997C push dword ptr [7C99C134] 7C9332F3 E8 E9B0FFFF call ZwRequestWaitReplyPort 7C9332F8 3BFB cmp edi, ebx 7C9332FA 0F85 68B80000 jnz 7C93EB68 7C933300 5F pop edi ; ntdll.7C92E89A 7C933301 3BC3 cmp eax, ebx 7C933303 0F8C 2B9A0200 jl 7C95CD34 7C933309 8B46 20 mov eax, [esi+20] 7C93330C 5E pop esi ; ntdll.7C92E89A 7C93330D 5B pop ebx ; ntdll.7C92E89A 7C93330E 5D pop ebp ; ntdll.7C92E89A 7C93330F C2 1000 retn 10 7C933312 90 nop 7C933313 90 nop 7C933314 90 nop 7C933315 90 nop 7C933316 90 nop 7C933317 8BFF mov edi, edi 7C933319 55 push ebp 7C93331A 8BEC mov ebp, esp 7C93331C A1 24C1997C mov eax, [7C99C124] 7C933321 85C0 test eax, eax 7C933323 56 push esi ; ntdll.ZwTerminateProcess 7C933324 8B75 08 mov esi, [ebp+8] 7C933327 74 11 je short 7C93333A 7C933329 3970 18 cmp [eax+18], esi ; ntdll.ZwTerminateProcess 7C93332C 75 0C jnz short 7C93333A 7C93332E 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C933331 8901 mov [ecx], eax 7C933333 B0 01 mov al, 1 7C933335 5E pop esi ; ntdll.7C92E89A 7C933336 5D pop ebp ; ntdll.7C92E89A 7C933337 C2 0800 retn 8 7C93333A 64:A1 18000000 mov eax, fs:[18] 7C933340 8B40 30 mov eax, [eax+30] 7C933343 8B40 0C mov eax, [eax+C] 7C933346 83C0 0C add eax, 0C 7C933349 8B08 mov ecx, [eax] 7C93334B 3BC8 cmp ecx, eax 7C93334D 0F84 29CF0100 je 7C95027C 7C933353 8BD1 mov edx, ecx 7C933355 837A 08 00 cmp dword ptr [edx+8], 0 7C933359 8B09 mov ecx, [ecx] 7C93335B ^ 74 EE je short 7C93334B 7C93335D 3B72 18 cmp esi, [edx+18] ; ntdll.7C99C900 7C933360 ^ 75 E9 jnz short 7C93334B 7C933362 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C933365 8915 24C1997C mov [7C99C124], edx ; msvcrt.77C31AE8 7C93336B 8910 mov [eax], edx ; msvcrt.77C31AE8 7C93336D ^ EB C4 jmp short 7C933333 7C93336F 90 nop 7C933370 90 nop 7C933371 90 nop 7C933372 90 nop 7C933373 90 nop 7C933374 > 8BFF mov edi, edi 7C933376 55 push ebp 7C933377 8BEC mov ebp, esp 7C933379 5D pop ebp ; ntdll.7C92E89A 7C93337A 90 nop 7C93337B 90 nop 7C93337C 90 nop 7C93337D 90 nop 7C93337E 90 nop 7C93337F 55 push ebp 7C933380 8BEC mov ebp, esp 7C933382 57 push edi 7C933383 56 push esi ; ntdll.ZwTerminateProcess 7C933384 53 push ebx 7C933385 8B75 0C mov esi, [ebp+C] ; RPCRT4.77E8F3B0 7C933388 8B7D 08 mov edi, [ebp+8] 7C93338B B0 FF mov al, 0FF 7C93338D 8BFF mov edi, edi 7C93338F 0AC0 or al, al 7C933391 74 2E je short 7C9333C1 7C933393 8A06 mov al, [esi] 7C933395 46 inc esi ; ntdll.ZwTerminateProcess 7C933396 8A27 mov ah, [edi] 7C933398 47 inc edi 7C933399 3AE0 cmp ah, al 7C93339B ^ 74 F2 je short 7C93338F 7C93339D 2C 41 sub al, 41 7C93339F 3C 1A cmp al, 1A 7C9333A1 1AC9 sbb cl, cl 7C9333A3 80E1 20 and cl, 20 7C9333A6 02C1 add al, cl 7C9333A8 04 41 add al, 41 7C9333AA 86E0 xchg al, ah 7C9333AC 2C 41 sub al, 41 7C9333AE 3C 1A cmp al, 1A 7C9333B0 1AC9 sbb cl, cl 7C9333B2 80E1 20 and cl, 20 7C9333B5 02C1 add al, cl 7C9333B7 04 41 add al, 41 7C9333B9 3AC4 cmp al, ah 7C9333BB ^ 74 D2 je short 7C93338F 7C9333BD 1AC0 sbb al, al 7C9333BF 1C FF sbb al, 0FF 7C9333C1 0FBEC0 movsx eax, al 7C9333C4 5B pop ebx ; ntdll.7C92E89A 7C9333C5 5E pop esi ; ntdll.7C92E89A 7C9333C6 5F pop edi ; ntdll.7C92E89A 7C9333C7 C9 leave 7C9333C8 C3 retn 7C9333C9 90 nop 7C9333CA 90 nop 7C9333CB 90 nop 7C9333CC 90 nop 7C9333CD 90 nop 7C9333CE > 8BFF mov edi, edi 7C9333D0 55 push ebp 7C9333D1 8BEC mov ebp, esp 7C9333D3 8B4D 08 mov ecx, [ebp+8] 7C9333D6 8B55 0C mov edx, [ebp+C] ; RPCRT4.77E8F3B0 7C9333D9 0FB701 movzx eax, word ptr [ecx] 7C9333DC 53 push ebx 7C9333DD 56 push esi ; ntdll.ZwTerminateProcess 7C9333DE 0FB732 movzx esi, word ptr [edx] 7C9333E1 3BC6 cmp eax, esi ; ntdll.ZwTerminateProcess 7C9333E3 57 push edi 7C9333E4 74 09 je short 7C9333EF 7C9333E6 32C0 xor al, al 7C9333E8 5F pop edi ; ntdll.7C92E89A 7C9333E9 5E pop esi ; ntdll.7C92E89A 7C9333EA 5B pop ebx ; ntdll.7C92E89A 7C9333EB 5D pop ebp ; ntdll.7C92E89A 7C9333EC C2 0C00 retn 0C 7C9333EF 8B71 04 mov esi, [ecx+4] 7C9333F2 8B7A 04 mov edi, [edx+4] 7C9333F5 83E0 FE and eax, FFFFFFFE 7C9333F8 03C6 add eax, esi ; ntdll.ZwTerminateProcess 7C9333FA 807D 10 00 cmp byte ptr [ebp+10], 0 7C9333FE 8BD0 mov edx, eax 7C933400 8955 0C mov [ebp+C], edx ; msvcrt.77C31AE8 7C933403 0F84 C04A0200 je 7C957EC9 7C933409 3BF2 cmp esi, edx ; msvcrt.77C31AE8 7C93340B 73 21 jnb short 7C93342E 7C93340D A1 4CC0997C mov eax, [7C99C04C] 7C933412 66:8B16 mov dx, [esi] 7C933415 33C9 xor ecx, ecx 7C933417 66:8B0F mov cx, [edi] 7C93341A 46 inc esi ; ntdll.ZwTerminateProcess 7C93341B 46 inc esi ; ntdll.ZwTerminateProcess 7C93341C 47 inc edi 7C93341D 47 inc edi 7C93341E 66:3BD1 cmp dx, cx 7C933421 897D 08 mov [ebp+8], edi 7C933424 894D 10 mov [ebp+10], ecx 7C933427 75 09 jnz short 7C933432 7C933429 3B75 0C cmp esi, [ebp+C] ; RPCRT4.77E8F3B0 7C93342C ^ 72 E4 jb short 7C933412 7C93342E B0 01 mov al, 1 7C933430 ^ EB B6 jmp short 7C9333E8 7C933432 66:83FA 61 cmp dx, 61 7C933436 73 24 jnb short 7C93345C 7C933438 0FB7D2 movzx edx, dx 7C93343B 66:83F9 61 cmp cx, 61 7C93343F 72 16 jb short 7C933457 7C933441 66:83F9 7A cmp cx, 7A 7C933445 0FB7C9 movzx ecx, cx 7C933448 0F87 F8750300 ja 7C96AA46 7C93344E 83E9 20 sub ecx, 20 7C933451 3BD1 cmp edx, ecx 7C933453 ^ 75 91 jnz short 7C9333E6 7C933455 ^ EB D2 jmp short 7C933429 7C933457 0FB7C9 movzx ecx, cx 7C93345A ^ EB F5 jmp short 7C933451 7C93345C 66:83FA 7A cmp dx, 7A 7C933460 0F87 AC750300 ja 7C96AA12 7C933466 0FB7D2 movzx edx, dx 7C933469 83EA 20 sub edx, 20 7C93346C ^ EB CD jmp short 7C93343B 7C93346E 90 nop 7C93346F 90 nop 7C933470 90 nop 7C933471 90 nop 7C933472 90 nop 7C933473 > 8BFF mov edi, edi 7C933475 55 push ebp 7C933476 8BEC mov ebp, esp 7C933478 8B4D 08 mov ecx, [ebp+8] 7C93347B 8B55 0C mov edx, [ebp+C] ; RPCRT4.77E8F3B0 7C93347E 66:8B02 mov ax, [edx] 7C933481 66:8901 mov [ecx], ax 7C933484 41 inc ecx 7C933485 41 inc ecx 7C933486 42 inc edx ; msvcrt.77C31AE8 7C933487 42 inc edx ; msvcrt.77C31AE8 7C933488 66:85C0 test ax, ax 7C93348B ^ 75 F1 jnz short 7C93347E 7C93348D 8B45 08 mov eax, [ebp+8] 7C933490 5D pop ebp ; ntdll.7C92E89A 7C933491 C3 retn 7C933492 90 nop 7C933493 90 nop 7C933494 90 nop 7C933495 90 nop 7C933496 90 nop 7C933497 > 6A 08 push 8 7C933499 68 E834937C push 7C9334E8 7C93349E E8 1FB9FFFF call 7C92EDC2 7C9334A3 8365 FC 00 and dword ptr [ebp-4], 0 7C9334A7 8B45 08 mov eax, [ebp+8] 7C9334AA 85C0 test eax, eax 7C9334AC 74 2B je short 7C9334D9 7C9334AE 8A08 mov cl, [eax] 7C9334B0 80E1 0F and cl, 0F 7C9334B3 80F9 01 cmp cl, 1 7C9334B6 75 21 jnz short 7C9334D9 7C9334B8 8A48 01 mov cl, [eax+1] 7C9334BB 80F9 0F cmp cl, 0F 7C9334BE 77 19 ja short 7C9334D9 7C9334C0 84C9 test cl, cl 7C9334C2 76 07 jbe short 7C9334CB 7C9334C4 0FB6C9 movzx ecx, cl 7C9334C7 8B4488 04 mov eax, [eax+ecx*4+4] 7C9334CB 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C9334CF B0 01 mov al, 1 7C9334D1 E8 2CB9FFFF call 7C92EE02 7C9334D6 C2 0400 retn 4 7C9334D9 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C9334DD 32C0 xor al, al 7C9334DF ^ EB F0 jmp short 7C9334D1 7C9334E1 90 nop 7C9334E2 90 nop 7C9334E3 90 nop 7C9334E4 90 nop 7C9334E5 90 nop 7C9334E6 90 nop 7C9334E7 90 nop 7C9334E8 FFFF ??? ; 未知命令 7C9334EA FFFF ??? ; 未知命令 7C9334EC B7 85 mov bh, 85 7C9334EE 96 xchg eax, esi ; ntdll.ZwTerminateProcess 7C9334EF ^ 7C C0 jl short 7C9334B1 7C9334F1 8596 7C0FB672 test [esi+72B60F7C], edx ; msvcrt.77C31AE8 7C9334F7 1866 8B sbb [esi-75], ah 7C9334FA 34 71 xor al, 71 7C9334FC 66:8970 30 mov [eax+30], si 7C933500 ^ E9 73CBFFFF jmp 7C930078 7C933505 0FB672 19 movzx esi, byte ptr [edx+19] 7C933509 66:8B3471 mov si, [ecx+esi*2] 7C93350D 66:8970 32 mov [eax+32], si 7C933511 ^ EB E1 jmp short 7C9334F4 7C933513 0FB672 1B movzx esi, byte ptr [edx+1B] 7C933517 66:8B3471 mov si, [ecx+esi*2] 7C93351B 66:8970 36 mov [eax+36], si 7C93351F 0FB672 1A movzx esi, byte ptr [edx+1A] 7C933523 66:8B3471 mov si, [ecx+esi*2] 7C933527 66:8970 34 mov [eax+34], si 7C93352B ^ EB D8 jmp short 7C933505 7C93352D 0FB672 1D movzx esi, byte ptr [edx+1D] 7C933531 66:8B3471 mov si, [ecx+esi*2] 7C933535 66:8970 3A mov [eax+3A], si 7C933539 0FB672 1C movzx esi, byte ptr [edx+1C] 7C93353D 66:8B3471 mov si, [ecx+esi*2] 7C933541 66:8970 38 mov [eax+38], si 7C933545 ^ EB CC jmp short 7C933513 7C933547 0FB672 1E movzx esi, byte ptr [edx+1E] 7C93354B 66:8B3471 mov si, [ecx+esi*2] 7C93354F 66:8970 3C mov [eax+3C], si 7C933553 ^ EB D8 jmp short 7C93352D 7C933555 0FB672 1F movzx esi, byte ptr [edx+1F] 7C933559 66:8B3471 mov si, [ecx+esi*2] 7C93355D 66:8970 3E mov [eax+3E], si 7C933561 ^ EB E4 jmp short 7C933547 7C933563 2BDF sub ebx, edi 7C933565 83E8 40 sub eax, 40 7C933568 8BF7 mov esi, edi 7C93356A 2BD7 sub edx, edi 7C93356C ^ E9 A3BCFFFF jmp 7C92F214 7C933571 50 push eax 7C933572 66:8946 02 mov [esi+2], ax 7C933576 FF15 C009937C call [7C9309C0] ; ntdll.7C9309C9 7C93357C 3BC3 cmp eax, ebx 7C93357E 8946 04 mov [esi+4], eax 7C933581 0F84 2B8F0200 je 7C95C4B2 7C933587 ^ E9 07BBFFFF jmp 7C92F093 7C93358C 90 nop 7C93358D 90 nop 7C93358E 90 nop 7C93358F 90 nop 7C933590 90 nop 7C933591 > 8BFF mov edi, edi 7C933593 55 push ebp 7C933594 8BEC mov ebp, esp 7C933596 51 push ecx 7C933597 51 push ecx 7C933598 FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C93359B 8D45 F8 lea eax, [ebp-8] 7C93359E 50 push eax 7C93359F E8 F5DCFEFF call RtlInitAnsiString 7C9335A4 6A 01 push 1 7C9335A6 8D45 F8 lea eax, [ebp-8] 7C9335A9 50 push eax 7C9335AA FF75 08 push dword ptr [ebp+8] 7C9335AD E8 9ABAFFFF call RtlAnsiStringToUnicodeString 7C9335B2 85C0 test eax, eax 7C9335B4 0F9DC0 setge al 7C9335B7 C9 leave 7C9335B8 C2 0800 retn 8 7C9335BB 90 nop 7C9335BC 90 nop 7C9335BD 90 nop 7C9335BE 90 nop 7C9335BF 90 nop 7C9335C0 > 8BFF mov edi, edi 7C9335C2 55 push ebp 7C9335C3 8BEC mov ebp, esp 7C9335C5 51 push ecx 7C9335C6 51 push ecx 7C9335C7 FF75 08 push dword ptr [ebp+8] 7C9335CA 8D45 F8 lea eax, [ebp-8] 7C9335CD 50 push eax 7C9335CE E8 D2CDFFFF call RtlInitUnicodeStringEx 7C9335D3 85C0 test eax, eax 7C9335D5 0F8C 15930200 jl 7C95C8F0 7C9335DB 8D45 F8 lea eax, [ebp-8] 7C9335DE 50 push eax 7C9335DF E8 09040000 call 7C9339ED 7C9335E4 C9 leave 7C9335E5 C2 0400 retn 4 7C9335E8 48 dec eax 7C9335E9 0F84 33600000 je 7C939622 7C9335EF 48 dec eax 7C9335F0 0F84 F2550200 je 7C958BE8 7C9335F6 48 dec eax 7C9335F7 0F84 0E780000 je 7C93AE0B 7C9335FD 48 dec eax 7C9335FE 0F85 8B8C0200 jnz 7C95C28F 7C933604 6A 08 push 8 7C933606 5F pop edi ; ntdll.7C92E89A 7C933607 897D A0 mov [ebp-60], edi 7C93360A C745 B8 0400000>mov dword ptr [ebp-48], 4 7C933611 8D43 08 lea eax, [ebx+8] 7C933614 E9 406F0000 jmp 7C93A559 7C933619 8B00 mov eax, [eax] 7C93361B 85C0 test eax, eax 7C93361D 0F84 580A0000 je 7C93407B 7C933623 50 push eax 7C933624 8D85 A8FDFFFF lea eax, [ebp-258] 7C93362A 50 push eax 7C93362B E8 75CDFFFF call RtlInitUnicodeStringEx 7C933630 8985 A4FDFFFF mov [ebp-25C], eax 7C933636 85C0 test eax, eax 7C933638 0F8C B15D0000 jl 7C9393EF 7C93363E 0FB785 A8FDFFFF movzx eax, word ptr [ebp-258] 7C933645 D1E8 shr eax, 1 7C933647 2BF0 sub esi, eax 7C933649 8B85 D0FDFFFF mov eax, [ebp-230] ; ntdll.7C931970 7C93364F 8D0470 lea eax, [eax+esi*2] 7C933652 8B8D A0FDFFFF mov ecx, [ebp-260] ; ntdll.7C92EE18 7C933658 8901 mov [ecx], eax 7C93365A E9 1C0A0000 jmp 7C93407B 7C93365F 90 nop 7C933660 90 nop 7C933661 90 nop 7C933662 90 nop 7C933663 90 nop 7C933664 > 8BFF mov edi, edi 7C933666 55 push ebp 7C933667 8BEC mov ebp, esp 7C933669 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C93366C 8B10 mov edx, [eax] 7C93366E 8B4D 08 mov ecx, [ebp+8] 7C933671 8911 mov [ecx], edx ; msvcrt.77C31AE8 7C933673 8B40 04 mov eax, [eax+4] 7C933676 8941 04 mov [ecx+4], eax 7C933679 5D pop ebp ; ntdll.7C92E89A 7C93367A C2 0800 retn 8 7C93367D 90 nop 7C93367E 90 nop 7C93367F 90 nop 7C933680 90 nop 7C933681 90 nop 7C933682 > 8BFF mov edi, edi 7C933684 55 push ebp 7C933685 8BEC mov ebp, esp 7C933687 8B4D 10 mov ecx, [ebp+10] 7C93368A 0FB641 01 movzx eax, byte ptr [ecx+1] 7C93368E 8D0485 08000000 lea eax, [eax*4+8] 7C933695 3B45 08 cmp eax, [ebp+8] 7C933698 0F87 514F0300 ja 7C9685EF 7C93369E 50 push eax 7C93369F 51 push ecx 7C9336A0 FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 |
|
[讨论]程序分析!
7C930BC4 C2 0800 retn 8 7C930BC7 90 nop 7C930BC8 90 nop 7C930BC9 90 nop 7C930BCA 90 nop 7C930BCB 90 nop 7C930BCC 8BFF mov edi, edi 7C930BCE 55 push ebp 7C930BCF 8BEC mov ebp, esp 7C930BD1 8B55 08 mov edx, [ebp+8] 7C930BD4 8B82 70010000 mov eax, [edx+170] 7C930BDA 53 push ebx 7C930BDB 8B5D 0C mov ebx, [ebp+C] ; RPCRT4.77E8F3B0 7C930BDE 66:813B 8000 cmp word ptr [ebx], 80 7C930BE3 72 1B jb short 7C930C00 7C930BE5 8D8A 6C010000 lea ecx, [edx+16C] 7C930BEB FF01 inc dword ptr [ecx] 7C930BED 85C0 test eax, eax 7C930BEF 8B09 mov ecx, [ecx] 7C930BF1 0F85 DB140000 jnz 7C9320D2 7C930BF7 83F9 20 cmp ecx, 20 7C930BFA 0F83 5AA40100 jnb 7C94B05A 7C930C00 5B pop ebx ; ntdll.7C92E89A 7C930C01 5D pop ebp ; ntdll.7C92E89A 7C930C02 C2 0800 retn 8 7C930C05 90 nop 7C930C06 90 nop 7C930C07 90 nop 7C930C08 90 nop 7C930C09 90 nop 7C930C0A 8BFF mov edi, edi 7C930C0C 55 push ebp 7C930C0D 8BEC mov ebp, esp 7C930C0F 53 push ebx 7C930C10 8B5D 08 mov ebx, [ebp+8] 7C930C13 56 push esi ; ntdll.ZwTerminateProcess 7C930C14 57 push edi 7C930C15 8B7D 0C mov edi, [ebp+C] ; RPCRT4.77E8F3B0 7C930C18 0FB747 02 movzx eax, word ptr [edi+2] 7C930C1C C1E0 03 shl eax, 3 7C930C1F 8BF7 mov esi, edi 7C930C21 2BF0 sub esi, eax 7C930C23 3BF7 cmp esi, edi 7C930C25 74 0A je short 7C930C31 7C930C27 F646 05 01 test byte ptr [esi+5], 1 7C930C2B 0F84 FF110000 je 7C931E30 7C930C31 F647 05 10 test byte ptr [edi+5], 10 7C930C35 75 12 jnz short 7C930C49 7C930C37 8B45 10 mov eax, [ebp+10] 7C930C3A 8B00 mov eax, [eax] 7C930C3C 8D34C7 lea esi, [edi+eax*8] 7C930C3F F646 05 01 test byte ptr [esi+5], 1 7C930C43 0F84 AA020000 je 7C930EF3 7C930C49 8BC7 mov eax, edi 7C930C4B 5F pop edi ; ntdll.7C92E89A 7C930C4C 5E pop esi ; ntdll.7C92E89A 7C930C4D 5B pop ebx ; ntdll.7C92E89A 7C930C4E 5D pop ebp ; ntdll.7C92E89A 7C930C4F C2 1000 retn 10 7C930C52 33C0 xor eax, eax 7C930C54 ^ E9 81FCFFFF jmp 7C9308DA 7C930C59 8945 0C mov [ebp+C], eax 7C930C5C ^ E9 27F6FFFF jmp 7C930288 7C930C61 40 inc eax 7C930C62 ^ E9 D1F9FFFF jmp 7C930638 7C930C67 8B4D 10 mov ecx, [ebp+10] 7C930C6A 33C0 xor eax, eax 7C930C6C 8BD1 mov edx, ecx 7C930C6E C1E9 02 shr ecx, 2 7C930C71 F3:AB rep stos dword ptr es:[edi] 7C930C73 8BCA mov ecx, edx ; msvcrt.77C31AE8 7C930C75 83E1 03 and ecx, 3 7C930C78 F3:AA rep stos byte ptr es:[edi] 7C930C7A E9 25090000 jmp 7C9315A4 7C930C7F 8B09 mov ecx, [ecx] 7C930C81 E9 49010000 jmp 7C930DCF 7C930C86 8B87 78010000 mov eax, [edi+178] 7C930C8C E9 4B0F0000 jmp 7C931BDC 7C930C91 4A dec edx ; msvcrt.77C31AE8 7C930C92 0F84 F4060000 je 7C93138C 7C930C98 4A dec edx ; msvcrt.77C31AE8 7C930C99 0F84 FF060000 je 7C93139E 7C930C9F 4A dec edx ; msvcrt.77C31AE8 7C930CA0 0F85 12070000 jnz 7C9313B8 7C930CA6 E9 05070000 jmp 7C9313B0 7C930CAB 8D93 78020000 lea edx, [ebx+278] 7C930CB1 E9 DD040000 jmp 7C931193 7C930CB6 C1E8 18 shr eax, 18 7C930CB9 0FBE80 5810937C movsx eax, byte ptr [eax+7C931058] 7C930CC0 83C0 18 add eax, 18 7C930CC3 E9 F3040000 jmp 7C9311BB 7C930CC8 8D93 78030000 lea edx, [ebx+378] 7C930CCE E9 C0040000 jmp 7C931193 7C930CD3 8D93 78040000 lea edx, [ebx+478] 7C930CD9 E9 B5040000 jmp 7C931193 7C930CDE 8BD6 mov edx, esi ; ntdll.ZwTerminateProcess 7C930CE0 E9 DB220000 jmp 7C932FC0 7C930CE5 8BD0 mov edx, eax 7C930CE7 E9 74710000 jmp 7C937E60 7C930CEC 8B09 mov ecx, [ecx] 7C930CEE E9 9F0A0000 jmp 7C931792 7C930CF3 33C0 xor eax, eax 7C930CF5 E9 5B310000 jmp 7C933E55 7C930CFA 6A 7F push 7F 7C930CFC 5E pop esi ; ntdll.7C92E89A 7C930CFD E9 D1080000 jmp 7C9315D3 7C930D02 C745 FC 0100000>mov dword ptr [ebp-4], 1 7C930D09 8B87 70010000 mov eax, [edi+170] 7C930D0F 8985 50FFFFFF mov [ebp-B0], eax 7C930D15 85C0 test eax, eax 7C930D17 0F85 B2010000 jnz 7C930ECF 7C930D1D 8365 D8 00 and dword ptr [ebp-28], 0 7C930D21 8365 DC 00 and dword ptr [ebp-24], 0 7C930D25 F6C3 01 test bl, 1 7C930D28 75 0F jnz short 7C930D39 7C930D2A FFB7 78050000 push dword ptr [edi+578] 7C930D30 E8 D002FFFF call RtlEnterCriticalSection 7C930D35 C645 E3 01 mov byte ptr [ebp-1D], 1 7C930D39 F646 05 08 test byte ptr [esi+5], 8 7C930D3D 0F85 CBA00100 jnz 7C94AE0E 7C930D43 0FB706 movzx eax, word ptr [esi] 7C930D46 8945 E4 mov [ebp-1C], eax 7C930D49 F647 0C 80 test byte ptr [edi+C], 80 7C930D4D 75 18 jnz short 7C930D67 7C930D4F 6A 00 push 0 7C930D51 8D45 E4 lea eax, [ebp-1C] 7C930D54 50 push eax 7C930D55 56 push esi ; ntdll.ZwTerminateProcess 7C930D56 57 push edi 7C930D57 E8 AEFEFFFF call 7C930C0A 7C930D5C 8BF0 mov esi, eax 7C930D5E 89B5 58FFFFFF mov [ebp-A8], esi ; ntdll.ZwTerminateProcess 7C930D64 8B45 E4 mov eax, [ebp-1C] 7C930D67 3D 80000000 cmp eax, 80 7C930D6C 0F82 71020000 jb 7C930FE3 7C930D72 3B47 20 cmp eax, [edi+20] 7C930D75 72 0E jb short 7C930D85 7C930D77 8B4F 28 mov ecx, [edi+28] 7C930D7A 03C8 add ecx, eax 7C930D7C 3B4F 24 cmp ecx, [edi+24] 7C930D7F 0F83 3D010000 jnb 7C930EC2 7C930D85 8B4F 28 mov ecx, [edi+28] 7C930D88 03C8 add ecx, eax 7C930D8A 3B4F 24 cmp ecx, [edi+24] 7C930D8D 0F87 06010000 ja 7C930E99 7C930D93 3D 00FE0000 cmp eax, 0FE00 7C930D98 0F87 15720100 ja 7C947FB3 7C930D9E 33C0 xor eax, eax 7C930DA0 8A46 05 mov al, [esi+5] 7C930DA3 83E0 10 and eax, 10 7C930DA6 8846 05 mov [esi+5], al 7C930DA9 8D9F 78010000 lea ebx, [edi+178] 7C930DAF 899D 5CFFFFFF mov [ebp-A4], ebx 7C930DB5 83BF 70010000 0>cmp dword ptr [edi+170], 0 7C930DBC 0F84 D0000000 je 7C930E92 7C930DC2 0FB745 E4 movzx eax, word ptr [ebp-1C] 7C930DC6 50 push eax 7C930DC7 57 push edi 7C930DC8 E8 34120000 call 7C932001 7C930DCD 8BC8 mov ecx, eax 7C930DCF 894D 9C mov [ebp-64], ecx 7C930DD2 3BD9 cmp ebx, ecx 7C930DD4 74 16 je short 7C930DEC 7C930DD6 8D41 F8 lea eax, [ecx-8] 7C930DD9 8985 7CFFFFFF mov [ebp-84], eax 7C930DDF 66:8B55 E4 mov dx, [ebp-1C] 7C930DE3 66:3B10 cmp dx, [eax] 7C930DE6 ^ 0F87 93FEFFFF ja 7C930C7F 7C930DEC 8D46 08 lea eax, [esi+8] 7C930DEF 8985 64FFFFFF mov [ebp-9C], eax 7C930DF5 8B51 04 mov edx, [ecx+4] 7C930DF8 8995 74FFFFFF mov [ebp-8C], edx ; msvcrt.77C31AE8 7C930DFE 8908 mov [eax], ecx 7C930E00 8950 04 mov [eax+4], edx ; msvcrt.77C31AE8 7C930E03 8902 mov [edx], eax 7C930E05 8941 04 mov [ecx+4], eax 7C930E08 56 push esi ; ntdll.ZwTerminateProcess 7C930E09 8B75 C8 mov esi, [ebp-38] 7C930E0C 56 push esi ; ntdll.ZwTerminateProcess 7C930E0D E8 BAFDFFFF call 7C930BCC 7C930E12 8B45 E4 mov eax, [ebp-1C] 7C930E15 0146 28 add [esi+28], eax 7C930E18 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C930E1C E8 5C000000 call 7C930E7D 7C930E21 33DB xor ebx, ebx 7C930E23 80BE 86050000 0>cmp byte ptr [esi+586], 1 7C930E2A 0F85 BB090000 jnz 7C9317EB 7C930E30 8B8E 80050000 mov ecx, [esi+580] 7C930E36 3BCB cmp ecx, ebx 7C930E38 74 1D je short 7C930E57 7C930E3A 8B45 A0 mov eax, [ebp-60] ; ntdll.7C99C080 7C930E3D C1E8 0A shr eax, 0A 7C930E40 3D 80000000 cmp eax, 80 7C930E45 0F83 60710100 jnb 7C947FAB 7C930E4B 8D0440 lea eax, [eax+eax*2] 7C930E4E C1E0 04 shl eax, 4 7C930E51 8D4408 28 lea eax, [eax+ecx+28] 7C930E55 FF00 inc dword ptr [eax] 7C930E57 8B45 D8 mov eax, [ebp-28] 7C930E5A 0B45 DC or eax, [ebp-24] 7C930E5D 0F85 8A140000 jnz 7C9322ED 7C930E63 F605 F002FE7F 0>test byte ptr [7FFE02F0], 2 7C930E6A 0F85 AAAF0200 jnz 7C95BE1A 7C930E70 8A45 E2 mov al, [ebp-1E] 7C930E73 ^ E9 F0F6FFFF jmp 7C930568 7C930E78 90 nop 7C930E79 90 nop 7C930E7A 90 nop 7C930E7B 90 nop 7C930E7C 90 nop 7C930E7D 8B75 C8 mov esi, [ebp-38] 7C930E80 807D E3 00 cmp byte ptr [ebp-1D], 0 7C930E84 74 0B je short 7C930E91 7C930E86 FFB6 78050000 push dword ptr [esi+578] 7C930E8C E8 5C02FFFF call RtlLeaveCriticalSection 7C930E91 C3 retn 7C930E92 8B03 mov eax, [ebx] 7C930E94 ^ E9 34FFFFFF jmp 7C930DCD 7C930E99 F605 3CC0997C 0>test byte ptr [7C99C03C], 2 7C930EA0 ^ 0F85 EDFEFFFF jnz 7C930D93 7C930EA6 3D 00020000 cmp eax, 200 7C930EAB ^ 0F82 E2FEFFFF jb 7C930D93 7C930EB1 66:837E 02 00 cmp word ptr [esi+2], 0 7C930EB6 74 0A je short 7C930EC2 7C930EB8 F646 05 10 test byte ptr [esi+5], 10 7C930EBC ^ 0F84 D1FEFFFF je 7C930D93 7C930EC2 50 push eax 7C930EC3 56 push esi ; ntdll.ZwTerminateProcess 7C930EC4 57 push edi 7C930EC5 E8 E60D0000 call 7C931CB0 7C930ECA ^ E9 49FFFFFF jmp 7C930E18 7C930ECF 8B48 20 mov ecx, [eax+20] 7C930ED2 66:F7C1 FF01 test cx, 1FF 7C930ED7 8D49 01 lea ecx, [ecx+1] 7C930EDA 8948 20 mov [eax+20], ecx 7C930EDD ^ 0F85 3AFEFFFF jnz 7C930D1D 7C930EE3 6A 00 push 0 7C930EE5 8D45 D8 lea eax, [ebp-28] 7C930EE8 50 push eax 7C930EE9 E8 14D2FFFF call ZwQueryPerformanceCounter 7C930EEE ^ E9 32FEFFFF jmp 7C930D25 7C930EF3 0FB70E movzx ecx, word ptr [esi] 7C930EF6 03C8 add ecx, eax 7C930EF8 81F9 00FE0000 cmp ecx, 0FE00 7C930EFE ^ 0F87 45FDFFFF ja 7C930C49 7C930F04 807D 14 00 cmp byte ptr [ebp+14], 0 7C930F08 0F85 258B0300 jnz 7C969A33 7C930F0E 8A46 05 mov al, [esi+5] 7C930F11 24 10 and al, 10 7C930F13 A8 10 test al, 10 7C930F15 8847 05 mov [edi+5], al 7C930F18 0F85 92000000 jnz 7C930FB0 7C930F1E 8B4E 0C mov ecx, [esi+C] 7C930F21 8D46 08 lea eax, [esi+8] 7C930F24 8B10 mov edx, [eax] 7C930F26 894D 0C mov [ebp+C], ecx 7C930F29 8B09 mov ecx, [ecx] 7C930F2B 3B4A 04 cmp ecx, [edx+4] 7C930F2E 8955 14 mov [ebp+14], edx ; msvcrt.77C31AE8 7C930F31 0F85 EA0F0000 jnz 7C931F21 7C930F37 3BC8 cmp ecx, eax 7C930F39 0F85 E20F0000 jnz 7C931F21 7C930F3F 56 push esi ; ntdll.ZwTerminateProcess 7C930F40 53 push ebx 7C930F41 E8 4EFCFFFF call 7C930B94 7C930F46 8B45 14 mov eax, [ebp+14] 7C930F49 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C930F4C 3BC1 cmp eax, ecx 7C930F4E 8901 mov [ecx], eax 7C930F50 8948 04 mov [eax+4], ecx 7C930F53 74 38 je short 7C930F8D 7C930F55 8A46 05 mov al, [esi+5] 7C930F58 A8 04 test al, 4 7C930F5A 0F85 A98B0300 jnz 7C969B09 7C930F60 0FB70E movzx ecx, word ptr [esi] 7C930F63 8B45 10 mov eax, [ebp+10] 7C930F66 0108 add [eax], ecx 7C930F68 0FB70E movzx ecx, word ptr [esi] 7C930F6B 294B 28 sub [ebx+28], ecx 7C930F6E F647 05 10 test byte ptr [edi+5], 10 7C930F72 66:8B08 mov cx, [eax] 7C930F75 66:890F mov [edi], cx 7C930F78 ^ 0F85 CBFCFFFF jnz 7C930C49 7C930F7E 8B08 mov ecx, [eax] 7C930F80 66:8BC1 mov ax, cx 7C930F83 66:8944CF 02 mov [edi+ecx*8+2], ax 7C930F88 ^ E9 BCFCFFFF jmp 7C930C49 7C930F8D 66:8B06 mov ax, [esi] 7C930F90 66:3D 8000 cmp ax, 80 7C930F94 ^ 73 BF jnb short 7C930F55 7C930F96 0FB7C8 movzx ecx, ax 7C930F99 8BC1 mov eax, ecx 7C930F9B 83E1 07 and ecx, 7 7C930F9E B2 01 mov dl, 1 7C930FA0 C1E8 03 shr eax, 3 7C930FA3 D2E2 shl dl, cl 7C930FA5 8D8418 58010000 lea eax, [eax+ebx+158] 7C930FAC 3010 xor [eax], dl 7C930FAE ^ EB A5 jmp short 7C930F55 7C930FB0 807F 07 40 cmp byte ptr [edi+7], 40 7C930FB4 0F83 5C0F0000 jnb 7C931F16 7C930FBA 0FB647 07 movzx eax, byte ptr [edi+7] 7C930FBE 8B4483 58 mov eax, [ebx+eax*4+58] 7C930FC2 8978 38 mov [eax+38], edi 7C930FC5 ^ E9 54FFFFFF jmp 7C930F1E 7C930FCA 8D41 F8 lea eax, [ecx-8] 7C930FCD 8985 18FFFFFF mov [ebp-E8], eax 7C930FD3 66:3B18 cmp bx, [eax] 7C930FD6 0F86 37050000 jbe 7C931513 7C930FDC 8B09 mov ecx, [ecx] 7C930FDE E9 22050000 jmp 7C931505 7C930FE3 33C0 xor eax, eax 7C930FE5 8A46 05 mov al, [esi+5] 7C930FE8 83E0 10 and eax, 10 7C930FEB 8846 05 mov [esi+5], al 7C930FEE 0FB745 E4 movzx eax, word ptr [ebp-1C] 7C930FF2 8D9CC7 78010000 lea ebx, [edi+eax*8+178] 7C930FF9 895D 98 mov [ebp-68], ebx 7C930FFC 391B cmp [ebx], ebx 7C930FFE 75 28 jnz short 7C931028 7C931000 0FB70E movzx ecx, word ptr [esi] 7C931003 8BC1 mov eax, ecx 7C931005 C1E8 03 shr eax, 3 7C931008 8985 54FFFFFF mov [ebp-AC], eax 7C93100E 83E1 07 and ecx, 7 7C931011 33D2 xor edx, edx ; msvcrt.77C31AE8 7C931013 42 inc edx ; msvcrt.77C31AE8 7C931014 D3E2 shl edx, cl 7C931016 8955 8C mov [ebp-74], edx ; msvcrt.77C31AE8 7C931019 8D8438 58010000 lea eax, [eax+edi+158] 7C931020 33C9 xor ecx, ecx 7C931022 8A08 mov cl, [eax] 7C931024 0BCA or ecx, edx ; msvcrt.77C31AE8 7C931026 8808 mov [eax], cl 7C931028 8D46 08 lea eax, [esi+8] 7C93102B 8985 6CFFFFFF mov [ebp-94], eax 7C931031 8B4B 04 mov ecx, [ebx+4] 7C931034 894D 84 mov [ebp-7C], ecx 7C931037 8918 mov [eax], ebx 7C931039 8948 04 mov [eax+4], ecx 7C93103C 8901 mov [ecx], eax 7C93103E 8943 04 mov [ebx+4], eax 7C931041 8B45 E4 mov eax, [ebp-1C] 7C931044 0147 28 add [edi+28], eax 7C931047 ^ E9 CCFDFFFF jmp 7C930E18 7C93104C FF46 18 inc dword ptr [esi+18] 7C93104F 32C0 xor al, al 7C931051 ^ E9 74F5FFFF jmp 7C9305CA 7C931056 90 nop 7C931057 90 nop 7C931058 0800 or [eax], al 7C93105A 0100 add [eax], eax 7C93105C 0200 add al, [eax] 7C93105E 0100 add [eax], eax 7C931060 0300 add eax, [eax] 7C931062 0100 add [eax], eax 7C931064 0200 add al, [eax] 7C931066 0100 add [eax], eax 7C931068 04 00 add al, 0 7C93106A 0100 add [eax], eax 7C93106C 0200 add al, [eax] 7C93106E 0100 add [eax], eax 7C931070 0300 add eax, [eax] 7C931072 0100 add [eax], eax 7C931074 0200 add al, [eax] 7C931076 0100 add [eax], eax 7C931078 05 00010002 add eax, 2000100 7C93107D 0001 add [ecx], al 7C93107F 0003 add [ebx], al 7C931081 0001 add [ecx], al 7C931083 0002 add [edx], al 7C931085 0001 add [ecx], al 7C931087 000400 add [eax+eax], al 7C93108A 0100 add [eax], eax 7C93108C 0200 add al, [eax] 7C93108E 0100 add [eax], eax 7C931090 0300 add eax, [eax] 7C931092 0100 add [eax], eax 7C931094 0200 add al, [eax] 7C931096 0100 add [eax], eax 7C931098 06 push es 7C931099 0001 add [ecx], al 7C93109B 0002 add [edx], al 7C93109D 0001 add [ecx], al 7C93109F 0003 add [ebx], al 7C9310A1 0001 add [ecx], al 7C9310A3 0002 add [edx], al 7C9310A5 0001 add [ecx], al 7C9310A7 000400 add [eax+eax], al 7C9310AA 0100 add [eax], eax 7C9310AC 0200 add al, [eax] 7C9310AE 0100 add [eax], eax 7C9310B0 0300 add eax, [eax] 7C9310B2 0100 add [eax], eax 7C9310B4 0200 add al, [eax] 7C9310B6 0100 add [eax], eax 7C9310B8 05 00010002 add eax, 2000100 7C9310BD 0001 add [ecx], al 7C9310BF 0003 add [ebx], al 7C9310C1 0001 add [ecx], al 7C9310C3 0002 add [edx], al 7C9310C5 0001 add [ecx], al 7C9310C7 000400 add [eax+eax], al 7C9310CA 0100 add [eax], eax 7C9310CC 0200 add al, [eax] 7C9310CE 0100 add [eax], eax 7C9310D0 0300 add eax, [eax] 7C9310D2 0100 add [eax], eax 7C9310D4 0200 add al, [eax] 7C9310D6 0100 add [eax], eax 7C9310D8 07 pop es 7C9310D9 0001 add [ecx], al 7C9310DB 0002 add [edx], al 7C9310DD 0001 add [ecx], al 7C9310DF 0003 add [ebx], al 7C9310E1 0001 add [ecx], al 7C9310E3 0002 add [edx], al 7C9310E5 0001 add [ecx], al 7C9310E7 000400 add [eax+eax], al 7C9310EA 0100 add [eax], eax 7C9310EC 0200 add al, [eax] 7C9310EE 0100 add [eax], eax 7C9310F0 0300 add eax, [eax] 7C9310F2 0100 add [eax], eax 7C9310F4 0200 add al, [eax] 7C9310F6 0100 add [eax], eax 7C9310F8 05 00010002 add eax, 2000100 7C9310FD 0001 add [ecx], al 7C9310FF 0003 add [ebx], al 7C931101 0001 add [ecx], al 7C931103 0002 add [edx], al 7C931105 0001 add [ecx], al 7C931107 000400 add [eax+eax], al 7C93110A 0100 add [eax], eax 7C93110C 0200 add al, [eax] 7C93110E 0100 add [eax], eax 7C931110 0300 add eax, [eax] 7C931112 0100 add [eax], eax 7C931114 0200 add al, [eax] 7C931116 0100 add [eax], eax 7C931118 06 push es 7C931119 0001 add [ecx], al 7C93111B 0002 add [edx], al 7C93111D 0001 add [ecx], al 7C93111F 0003 add [ebx], al 7C931121 0001 add [ecx], al 7C931123 0002 add [edx], al 7C931125 0001 add [ecx], al 7C931127 000400 add [eax+eax], al 7C93112A 0100 add [eax], eax 7C93112C 0200 add al, [eax] 7C93112E 0100 add [eax], eax 7C931130 0300 add eax, [eax] 7C931132 0100 add [eax], eax 7C931134 0200 add al, [eax] 7C931136 0100 add [eax], eax 7C931138 05 00010002 add eax, 2000100 7C93113D 0001 add [ecx], al 7C93113F 0003 add [ebx], al 7C931141 0001 add [ecx], al 7C931143 0002 add [edx], al 7C931145 0001 add [ecx], al 7C931147 000400 add [eax+eax], al 7C93114A 0100 add [eax], eax 7C93114C 0200 add al, [eax] 7C93114E 0100 add [eax], eax 7C931150 0300 add eax, [eax] 7C931152 0100 add [eax], eax 7C931154 0200 add al, [eax] 7C931156 0100 add [eax], eax 7C931158 0FB706 movzx eax, word ptr [esi] 7C93115B 40 inc eax 7C93115C 66:8906 mov [esi], ax 7C93115F 8B4D DC mov ecx, [ebp-24] 7C931162 2B4D 10 sub ecx, [ebp+10] 7C931165 83C1 08 add ecx, 8 7C931168 898D CCFEFFFF mov [ebp-134], ecx 7C93116E 81F9 FF000000 cmp ecx, 0FF 7C931174 0F83 BEA80200 jnb 7C95BA38 7C93117A 884E 06 mov [esi+6], cl 7C93117D E9 E4030000 jmp 7C931566 7C931182 8B45 B8 mov eax, [ebp-48] 7C931185 8A48 05 mov cl, [eax+5] 7C931188 80C9 10 or cl, 10 7C93118B 8848 05 mov [eax+5], cl 7C93118E E9 E0030000 jmp 7C931573 7C931193 8955 D8 mov [ebp-28], edx ; msvcrt.77C31AE8 7C931196 8BC8 mov ecx, eax 7C931198 66:A9 FFFF test ax, 0FFFF 7C93119C 0F85 97000000 jnz 7C931239 7C9311A2 C1E9 10 shr ecx, 10 7C9311A5 81E1 FF000000 and ecx, 0FF 7C9311AB ^ 0F84 05FBFFFF je 7C930CB6 7C9311B1 0FBE81 5810937C movsx eax, byte ptr [ecx+7C931058] 7C9311B8 83C0 10 add eax, 10 7C9311BB 8D04C2 lea eax, [edx+eax*8] 7C9311BE 8945 D8 mov [ebp-28], eax 7C9311C1 8B70 04 mov esi, [eax+4] 7C9311C4 83EE 08 sub esi, 8 7C9311C7 8975 C8 mov [ebp-38], esi ; ntdll.ZwTerminateProcess 7C9311CA 8D4E 08 lea ecx, [esi+8] 7C9311CD 8B39 mov edi, [ecx] 7C9311CF 89BD 0CFFFFFF mov [ebp-F4], edi 7C9311D5 8B46 0C mov eax, [esi+C] 7C9311D8 8985 68FFFFFF mov [ebp-98], eax 7C9311DE 8B10 mov edx, [eax] 7C9311E0 3B57 04 cmp edx, [edi+4] 7C9311E3 0F85 8C310200 jnz 7C954375 7C9311E9 3BD1 cmp edx, ecx 7C9311EB 0F85 84310200 jnz 7C954375 7C9311F1 8938 mov [eax], edi 7C9311F3 8947 04 mov [edi+4], eax 7C9311F6 3BF8 cmp edi, eax 7C9311F8 0F85 48020000 jnz 7C931446 7C9311FE 0FB70E movzx ecx, word ptr [esi] 7C931201 8BC1 mov eax, ecx 7C931203 C1E8 03 shr eax, 3 7C931206 8985 28FFFFFF mov [ebp-D8], eax 7C93120C 83E1 07 and ecx, 7 7C93120F 33D2 xor edx, edx ; msvcrt.77C31AE8 7C931211 42 inc edx ; msvcrt.77C31AE8 7C931212 D3E2 shl edx, cl 7C931214 8995 04FFFFFF mov [ebp-FC], edx ; msvcrt.77C31AE8 7C93121A 8D8418 58010000 lea eax, [eax+ebx+158] 7C931221 33C9 xor ecx, ecx 7C931223 8A08 mov cl, [eax] 7C931225 33CA xor ecx, edx ; msvcrt.77C31AE8 7C931227 8808 mov [eax], cl 7C931229 E9 18020000 jmp 7C931446 7C93122E 8D93 78010000 lea edx, [ebx+178] 7C931234 ^ E9 5AFFFFFF jmp 7C931193 7C931239 81E1 FF000000 and ecx, 0FF 7C93123F 75 12 jnz short 7C931253 7C931241 0FB6C4 movzx eax, ah 7C931244 0FBE80 5810937C movsx eax, byte ptr [eax+7C931058] 7C93124B 83C0 08 add eax, 8 7C93124E ^ E9 68FFFFFF jmp 7C9311BB 7C931253 0FBE81 5810937C movsx eax, byte ptr [ecx+7C931058] 7C93125A ^ E9 5CFFFFFF jmp 7C9311BB 7C93125F 90 nop 7C931260 90 nop 7C931261 90 nop 7C931262 90 nop 7C931263 90 nop 7C931264 8BFF mov edi, edi 7C931266 55 push ebp 7C931267 8BEC mov ebp, esp 7C931269 8B4D 08 mov ecx, [ebp+8] 7C93126C 8B41 0C mov eax, [ecx+C] 7C93126F 8B51 10 mov edx, [ecx+10] 7C931272 56 push esi ; ntdll.ZwTerminateProcess 7C931273 57 push edi 7C931274 8BF8 mov edi, eax 7C931276 2B79 1C sub edi, [ecx+1C] 7C931279 8941 1C mov [ecx+1C], eax 7C93127C 8BC2 mov eax, edx ; msvcrt.77C31AE8 7C93127E 2B41 20 sub eax, [ecx+20] 7C931281 8951 20 mov [ecx+20], edx ; msvcrt.77C31AE8 7C931284 3BC7 cmp eax, edi 7C931286 0F83 BD810000 jnb 7C939449 7C93128C 85FF test edi, edi 7C93128E 0F84 ADCD0300 je 7C96E041 7C931294 69C0 E8030000 imul eax, eax, 3E8 7C93129A 33D2 xor edx, edx ; msvcrt.77C31AE8 7C93129C F7F7 div edi 7C93129E 83FF 19 cmp edi, 19 7C9312A1 0FB771 08 movzx esi, word ptr [ecx+8] 7C9312A5 8BD0 mov edx, eax 7C9312A7 0F82 9ACD0300 jb 7C96E047 7C9312AD 83FA 05 cmp edx, 5 7C9312B0 73 20 jnb short 7C9312D2 7C9312B2 83FE 05 cmp esi, 5 7C9312B5 77 18 ja short 7C9312CF 7C9312B7 6A 04 push 4 7C9312B9 5E pop esi ; ntdll.7C92E89A 7C9312BA 5F pop edi ; ntdll.7C92E89A 7C9312BB 66:8971 08 mov [ecx+8], si 7C9312BF 5E pop esi ; ntdll.7C92E89A 7C9312C0 5D pop ebp ; ntdll.7C92E89A 7C9312C1 C2 0400 retn 4 7C9312C4 56 push esi ; ntdll.ZwTerminateProcess 7C9312C5 E8 9AFFFFFF call 7C931264 7C9312CA ^ E9 D6F3FFFF jmp 7C9306A5 7C9312CF 4E dec esi ; ntdll.ZwTerminateProcess 7C9312D0 ^ EB E8 jmp short 7C9312BA 7C9312D2 0FB779 0A movzx edi, word ptr [ecx+A] 7C9312D6 8BC7 mov eax, edi 7C9312D8 0FAFC2 imul eax, edx ; msvcrt.77C31AE8 7C9312DB 53 push ebx 7C9312DC 33D2 xor edx, edx ; msvcrt.77C31AE8 7C9312DE BB D0070000 mov ebx, 7D0 7C9312E3 F7F3 div ebx 7C9312E5 5B pop ebx ; ntdll.7C92E89A 7C9312E6 8D7406 05 lea esi, [esi+eax+5] 7C9312EA 3BF7 cmp esi, edi 7C9312EC ^ 76 CC jbe short 7C9312BA 7C9312EE 8BF7 mov esi, edi 7C9312F0 ^ EB C8 jmp short 7C9312BA 7C9312F2 8975 FC mov [ebp-4], esi ; ntdll.ZwTerminateProcess 7C9312F5 8B83 70010000 mov eax, [ebx+170] 7C9312FB 8985 6CFEFFFF mov [ebp-194], eax 7C931301 3BC6 cmp eax, esi ; ntdll.ZwTerminateProcess 7C931303 0F85 040F0000 jnz 7C93220D 7C931309 8975 C0 mov [ebp-40], esi ; ntdll.ZwTerminateProcess 7C93130C 8975 C4 mov [ebp-3C], esi ; ntdll.ZwTerminateProcess 7C93130F F645 0C 01 test byte ptr [ebp+C], 1 7C931313 75 0F jnz short 7C931324 7C931315 FFB3 78050000 push dword ptr [ebx+578] 7C93131B E8 E5FCFEFF call RtlEnterCriticalSection 7C931320 C645 E2 01 mov byte ptr [ebp-1E], 1 7C931324 81FF 80000000 cmp edi, 80 7C93132A 0F83 8F030000 jnb 7C9316BF 7C931330 8D84FB 78010000 lea eax, [ebx+edi*8+178] 7C931337 8945 D8 mov [ebp-28], eax 7C93133A 3900 cmp [eax], eax 7C93133C 0F85 070C0000 jnz 7C931F49 7C931342 8BD7 mov edx, edi 7C931344 C1EA 05 shr edx, 5 7C931347 8995 A4FEFFFF mov [ebp-15C], edx ; msvcrt.77C31AE8 7C93134D 8DB493 58010000 lea esi, [ebx+edx*4+158] 7C931354 8975 BC mov [ebp-44], esi ; ntdll.ZwTerminateProcess 7C931357 8BCF mov ecx, edi 7C931359 83E1 1F and ecx, 1F 7C93135C 33C0 xor eax, eax 7C93135E 40 inc eax 7C93135F D3E0 shl eax, cl 7C931361 48 dec eax 7C931362 F7D0 not eax 7C931364 2306 and eax, [esi] 7C931366 8945 A4 mov [ebp-5C], eax 7C931369 6A 04 push 4 7C93136B 59 pop ecx ; ntdll.7C92E89A 7C93136C 03F1 add esi, ecx 7C93136E 8975 BC mov [ebp-44], esi ; ntdll.ZwTerminateProcess 7C931371 83EA 00 sub edx, 0 7C931374 ^ 0F85 17F9FFFF jnz 7C930C91 7C93137A 85C0 test eax, eax 7C93137C ^ 0F85 ACFEFFFF jnz 7C93122E 7C931382 8B06 mov eax, [esi] 7C931384 8945 A4 mov [ebp-5C], eax 7C931387 03F1 add esi, ecx 7C931389 8975 BC mov [ebp-44], esi ; ntdll.ZwTerminateProcess 7C93138C 85C0 test eax, eax 7C93138E ^ 0F85 17F9FFFF jnz 7C930CAB 7C931394 8B06 mov eax, [esi] 7C931396 8945 A4 mov [ebp-5C], eax 7C931399 03F1 add esi, ecx 7C93139B 8975 BC mov [ebp-44], esi ; ntdll.ZwTerminateProcess 7C93139E 85C0 test eax, eax 7C9313A0 ^ 0F85 22F9FFFF jnz 7C930CC8 7C9313A6 8B06 mov eax, [esi] 7C9313A8 8945 A4 mov [ebp-5C], eax 7C9313AB 03F1 add esi, ecx 7C9313AD 8975 BC mov [ebp-44], esi ; ntdll.ZwTerminateProcess 7C9313B0 85C0 test eax, eax 7C9313B2 ^ 0F85 1BF9FFFF jnz 7C930CD3 7C9313B8 8D8B 78010000 lea ecx, [ebx+178] 7C9313BE 894D D8 mov [ebp-28], ecx 7C9313C1 83BB 70010000 0>cmp dword ptr [ebx+170], 0 7C9313C8 0F85 620E0000 jnz 7C932230 7C9313CE 8B41 04 mov eax, [ecx+4] 7C9313D1 8945 94 mov [ebp-6C], eax 7C9313D4 3BC8 cmp ecx, eax 7C9313D6 0F84 8F080000 je 7C931C6B 7C9313DC 83C0 F8 add eax, -8 7C9313DF 8945 C8 mov [ebp-38], eax 7C9313E2 0FB700 movzx eax, word ptr [eax] 7C9313E5 3BC7 cmp eax, edi 7C9313E7 0F82 7E080000 jb 7C931C6B 7C9313ED 8B45 D8 mov eax, [ebp-28] 7C9313F0 8B00 mov eax, [eax] 7C9313F2 8945 94 mov [ebp-6C], eax 7C9313F5 3945 D8 cmp [ebp-28], eax 7C9313F8 0F84 6D080000 je 7C931C6B 7C9313FE 8D70 F8 lea esi, [eax-8] 7C931401 8975 C8 mov [ebp-38], esi ; ntdll.ZwTerminateProcess 7C931404 0FB70E movzx ecx, word ptr [esi] 7C931407 3BCF cmp ecx, edi 7C931409 ^ 72 E5 jb short 7C9313F0 7C93140B 56 push esi ; ntdll.ZwTerminateProcess 7C93140C FF75 E4 push dword ptr [ebp-1C] 7C93140F E8 80F7FFFF call 7C930B94 7C931414 8D56 08 lea edx, [esi+8] 7C931417 8995 F4FEFFFF mov [ebp-10C], edx ; msvcrt.77C31AE8 7C93141D 8B02 mov eax, [edx] ; ntdll.7C99C8E0 7C93141F 8985 94FEFFFF mov [ebp-16C], eax 7C931425 8B4A 04 mov ecx, [edx+4] 7C931428 898D ECFEFFFF mov [ebp-114], ecx 7C93142E 8B39 mov edi, [ecx] 7C931430 3B78 04 cmp edi, [eax+4] 7C931433 0F85 472F0200 jnz 7C954380 7C931439 3BFA cmp edi, edx ; msvcrt.77C31AE8 7C93143B 0F85 3F2F0200 jnz 7C954380 7C931441 8901 mov [ecx], eax 7C931443 8948 04 mov [eax+4], ecx 7C931446 8A46 05 mov al, [esi+5] 7C931449 8845 E3 mov [ebp-1D], al 7C93144C 0FB706 movzx eax, word ptr [esi] 7C93144F 8B7D E4 mov edi, [ebp-1C] 7C931452 2947 28 sub [edi+28], eax 7C931455 8975 B8 mov [ebp-48], esi ; ntdll.ZwTerminateProcess 7C931458 C646 05 01 mov byte ptr [esi+5], 1 7C93145C 0FB71E movzx ebx, word ptr [esi] 7C93145F 8B4D 9C mov ecx, [ebp-64] 7C931462 2BD9 sub ebx, ecx 7C931464 899D 54FFFFFF mov [ebp-AC], ebx 7C93146A 66:890E mov [esi], cx 7C93146D 8B45 DC mov eax, [ebp-24] 7C931470 2B45 10 sub eax, [ebp+10] 7C931473 8985 DCFEFFFF mov [ebp-124], eax 7C931479 3D FF000000 cmp eax, 0FF 7C93147E 0F83 7A100200 jnb 7C9524FE 7C931484 8846 06 mov [esi+6], al 7C931487 8BD6 mov edx, esi ; ntdll.ZwTerminateProcess 7C931489 C1EA 03 shr edx, 3 7C93148C 33C0 xor eax, eax 7C93148E 8A47 04 mov al, [edi+4] 7C931491 33C2 xor eax, edx ; msvcrt.77C31AE8 7C931493 8846 04 mov [esi+4], al 7C931496 85DB test ebx, ebx 7C931498 0F84 C8000000 je 7C931566 7C93149E 83FB 01 cmp ebx, 1 7C9314A1 ^ 0F84 B1FCFFFF je 7C931158 7C9314A7 8B45 9C mov eax, [ebp-64] 7C9314AA 8D3CC6 lea edi, [esi+eax*8] 7C9314AD 89BD BCFEFFFF mov [ebp-144], edi 7C9314B3 8A4D E3 mov cl, [ebp-1D] 7C9314B6 884F 05 mov [edi+5], cl 7C9314B9 66:8947 02 mov [edi+2], ax 7C9314BD 8A46 07 mov al, [esi+7] 7C9314C0 8847 07 mov [edi+7], al 7C9314C3 66:891F mov [edi], bx 7C9314C6 F6C1 10 test cl, 10 7C9314C9 0F84 64010000 je 7C931633 7C9314CF 33C0 xor eax, eax 7C9314D1 8A47 05 mov al, [edi+5] 7C9314D4 83E0 10 and eax, 10 7C9314D7 8847 05 mov [edi+5], al 7C9314DA 66:81FB 8000 cmp bx, 80 7C9314DF 0F82 30030000 jb 7C931815 7C9314E5 8B45 E4 mov eax, [ebp-1C] 7C9314E8 8DB0 78010000 lea esi, [eax+178] 7C9314EE 89B5 20FFFFFF mov [ebp-E0], esi ; ntdll.ZwTerminateProcess 7C9314F4 83B8 70010000 0>cmp dword ptr [eax+170], 0 7C9314FB 0F85 DB0D0000 jnz 7C9322DC 7C931501 8B06 mov eax, [esi] 7C931503 8BC8 mov ecx, eax 7C931505 898D 70FFFFFF mov [ebp-90], ecx 7C93150B 3BF1 cmp esi, ecx 7C93150D ^ 0F85 B7FAFFFF jnz 7C930FCA 7C931513 8D47 08 lea eax, [edi+8] 7C931516 8985 10FFFFFF mov [ebp-F0], eax 7C93151C 8B51 04 mov edx, [ecx+4] 7C93151F 8995 08FFFFFF mov [ebp-F8], edx ; msvcrt.77C31AE8 7C931525 8908 mov [eax], ecx 7C931527 8950 04 mov [eax+4], edx ; msvcrt.77C31AE8 7C93152A 8902 mov [edx], eax 7C93152C 8941 04 mov [ecx+4], eax 7C93152F 57 push edi 7C931530 FF75 E4 push dword ptr [ebp-1C] 7C931533 E8 94F6FFFF call 7C930BCC 7C931538 8B4D E4 mov ecx, [ebp-1C] 7C93153B 0159 28 add [ecx+28], ebx 7C93153E 8B75 E4 mov esi, [ebp-1C] 7C931541 C645 E3 00 mov byte ptr [ebp-1D], 0 7C931545 F647 05 10 test byte ptr [edi+5], 10 7C931549 74 1B je short 7C931566 7C93154B 807F 07 40 cmp byte ptr [edi+7], 40 7C93154F 0F83 482E0200 jnb 7C95439D 7C931555 0FB647 07 movzx eax, byte ptr [edi+7] 7C931559 8B7486 58 mov esi, [esi+eax*4+58] 7C93155D 89B5 78FEFFFF mov [ebp-188], esi ; ntdll.ZwTerminateProcess 7C931563 897E 38 mov [esi+38], edi 7C931566 F645 E3 10 test byte ptr [ebp-1D], 10 7C93156A ^ 0F85 12FCFFFF jnz 7C931182 7C931570 8B45 B8 mov eax, [ebp-48] 7C931573 8D78 08 lea edi, [eax+8] 7C931576 897D D0 mov [ebp-30], edi 7C931579 0FB730 movzx esi, word ptr [eax] 7C93157C C1E6 03 shl esi, 3 7C93157F 8975 CC mov [ebp-34], esi ; ntdll.ZwTerminateProcess 7C931582 807D E2 00 cmp byte ptr [ebp-1E], 0 7C931586 74 12 je short 7C93159A 7C931588 8B45 E4 mov eax, [ebp-1C] 7C93158B FFB0 78050000 push dword ptr [eax+578] 7C931591 E8 57FBFEFF call RtlLeaveCriticalSection 7C931596 C645 E2 00 mov byte ptr [ebp-1E], 0 7C93159A F645 0C 08 test byte ptr [ebp+C], 8 7C93159E ^ 0F85 C3F6FFFF jnz 7C930C67 7C9315A4 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C9315A8 E8 5A000000 call 7C931607 7C9315AD 80BF 86050000 0>cmp byte ptr [edi+586], 1 7C9315B4 0F85 2A020000 jnz 7C9317E4 7C9315BA 8B87 80050000 mov eax, [edi+580] 7C9315C0 85C0 test eax, eax 7C9315C2 74 1B je short 7C9315DF 7C9315C4 C1EE 0A shr esi, 0A 7C9315C7 81FE 80000000 cmp esi, 80 7C9315CD ^ 0F83 27F7FFFF jnb 7C930CFA 7C9315D3 8D0C76 lea ecx, [esi+esi*2] 7C9315D6 C1E1 04 shl ecx, 4 7C9315D9 8D4401 24 lea eax, [ecx+eax+24] 7C9315DD FF00 inc dword ptr [eax] 7C9315DF 8B45 C0 mov eax, [ebp-40] 7C9315E2 33FF xor edi, edi 7C9315E4 0B45 C4 or eax, [ebp-3C] ; ntdll.7C92F0AA 7C9315E7 0F85 560D0000 jnz 7C932343 7C9315ED F605 F002FE7F 0>test byte ptr [7FFE02F0], 2 7C9315F4 0F85 D3A50200 jnz 7C95BBCD 7C9315FA 8B45 D0 mov eax, [ebp-30] 7C9315FD ^ E9 E4F0FFFF jmp 7C9306E6 7C931602 90 nop 7C931603 90 nop 7C931604 90 nop 7C931605 90 nop 7C931606 90 nop 7C931607 8B7D E4 mov edi, [ebp-1C] 7C93160A 807D E2 00 cmp byte ptr [ebp-1E], 0 7C93160E 0F85 106B0100 jnz 7C948124 7C931614 C3 retn 7C931615 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C931617 ^ E9 D6FCFFFF jmp 7C9312F2 7C93161C FF46 10 inc dword ptr [esi+10] 7C93161F ^ E9 09F1FFFF jmp 7C93072D 7C931624 8910 mov [eax], edx ; msvcrt.77C31AE8 7C931626 8970 04 mov [eax+4], esi ; ntdll.ZwTerminateProcess 7C931629 8906 mov [esi], eax 7C93162B 8942 04 mov [edx+4], eax 7C93162E ^ E9 08FFFFFF jmp 7C93153B 7C931633 8D04DF lea eax, [edi+ebx*8] 7C931636 8945 B0 mov [ebp-50], eax 7C931639 8A48 05 mov cl, [eax+5] 7C93163C F6C1 01 test cl, 1 7C93163F 0F84 112C0200 je 7C954256 7C931645 66:8958 02 mov [eax+2], bx 7C931649 33C0 xor eax, eax 7C93164B 8A47 05 mov al, [edi+5] 7C93164E 83E0 10 and eax, 10 7C931651 8847 05 mov [edi+5], al 7C931654 66:81FB 8000 cmp bx, 80 7C931659 0F83 0D010000 jnb 7C93176C 7C93165F 0FB7C3 movzx eax, bx 7C931662 8B4D E4 mov ecx, [ebp-1C] 7C931665 8D94C1 78010000 lea edx, [ecx+eax*8+178] 7C93166C 8995 00FFFFFF mov [ebp-100], edx ; msvcrt.77C31AE8 7C931672 3912 cmp [edx], edx ; msvcrt.77C31AE8 7C931674 75 32 jnz short 7C9316A8 7C931676 0FB70F movzx ecx, word ptr [edi] 7C931679 8BC1 mov eax, ecx 7C93167B C1E8 03 shr eax, 3 7C93167E 8985 F8FEFFFF mov [ebp-108], eax 7C931684 83E1 07 and ecx, 7 7C931687 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C931689 46 inc esi ; ntdll.ZwTerminateProcess 7C93168A D3E6 shl esi, cl 7C93168C 89B5 30FFFFFF mov [ebp-D0], esi ; ntdll.ZwTerminateProcess 7C931692 8B4D E4 mov ecx, [ebp-1C] 7C931695 8DB408 58010000 lea esi, [eax+ecx+158] 7C93169C 33C0 xor eax, eax 7C93169E 8A06 mov al, [esi] 7C9316A0 0B85 30FFFFFF or eax, [ebp-D0] 7C9316A6 8806 mov [esi], al 7C9316A8 8D47 08 lea eax, [edi+8] 7C9316AB 8985 F0FEFFFF mov [ebp-110], eax 7C9316B1 8B72 04 mov esi, [edx+4] 7C9316B4 89B5 E8FEFFFF mov [ebp-118], esi ; ntdll.ZwTerminateProcess 7C9316BA ^ E9 65FFFFFF jmp 7C931624 7C9316BF 3B7B 14 cmp edi, [ebx+14] 7C9316C2 ^ 0F86 F0FCFFFF jbe 7C9313B8 7C9316C8 8B43 0C mov eax, [ebx+C] 7C9316CB A8 02 test al, 2 7C9316CD 0F84 76A40200 je 7C95BB49 7C9316D3 8975 D4 mov [ebp-2C], esi ; ntdll.ZwTerminateProcess 7C9316D6 8345 DC 18 add dword ptr [ebp-24], 18 7C9316DA 25 00000400 and eax, 40000 7C9316DF F7D8 neg eax 7C9316E1 1BC0 sbb eax, eax 7C9316E3 83E0 3C and eax, 3C 7C9316E6 83C0 04 add eax, 4 7C9316E9 50 push eax 7C9316EA 68 00100000 push 1000 7C9316EF 8D45 DC lea eax, [ebp-24] 7C9316F2 50 push eax 7C9316F3 56 push esi ; ntdll.ZwTerminateProcess 7C9316F4 8D45 D4 lea eax, [ebp-2C] 7C9316F7 50 push eax 7C9316F8 6A FF push -1 7C9316FA E8 DFBDFFFF call ZwAllocateVirtualMemory 7C9316FF 8945 A8 mov [ebp-58], eax 7C931702 3BC6 cmp eax, esi ; ntdll.ZwTerminateProcess 7C931704 0F8C 46A40200 jl 7C95BB50 7C93170A 8B45 DC mov eax, [ebp-24] 7C93170D 2B45 10 sub eax, [ebp+10] 7C931710 8B4D D4 mov ecx, [ebp-2C] 7C931713 66:8941 18 mov [ecx+18], ax 7C931717 8B45 D4 mov eax, [ebp-2C] 7C93171A C640 1D 0B mov byte ptr [eax+1D], 0B 7C93171E 8B45 DC mov eax, [ebp-24] 7C931721 8B4D D4 mov ecx, [ebp-2C] 7C931724 8941 10 mov [ecx+10], eax 7C931727 8B45 D4 mov eax, [ebp-2C] 7C93172A 8B4D DC mov ecx, [ebp-24] 7C93172D 8948 14 mov [eax+14], ecx 7C931730 8B4D D4 mov ecx, [ebp-2C] 7C931733 898D 70FEFFFF mov [ebp-190], ecx 7C931739 8D43 50 lea eax, [ebx+50] 7C93173C 8985 68FEFFFF mov [ebp-198], eax 7C931742 8B50 04 mov edx, [eax+4] 7C931745 8995 60FEFFFF mov [ebp-1A0], edx ; msvcrt.77C31AE8 7C93174B 8901 mov [ecx], eax 7C93174D 8951 04 mov [ecx+4], edx ; msvcrt.77C31AE8 7C931750 890A mov [edx], ecx 7C931752 8948 04 mov [eax+4], ecx 7C931755 8B45 D4 mov eax, [ebp-2C] 7C931758 83C0 20 add eax, 20 7C93175B 8945 D0 mov [ebp-30], eax 7C93175E 8B45 DC mov eax, [ebp-24] 7C931761 8945 CC mov [ebp-34], eax 7C931764 8B75 CC mov esi, [ebp-34] 7C931767 ^ E9 38FEFFFF jmp 7C9315A4 7C93176C 8B45 E4 mov eax, [ebp-1C] 7C93176F 8DB0 78010000 lea esi, [eax+178] 7C931775 89B5 E0FEFFFF mov [ebp-120], esi ; ntdll.ZwTerminateProcess 7C93177B 83B8 70010000 0>cmp dword ptr [eax+170], 0 7C931782 74 41 je short 7C9317C5 7C931784 0FB7C3 movzx eax, bx 7C931787 50 push eax 7C931788 FF75 E4 push dword ptr [ebp-1C] 7C93178B E8 71080000 call 7C932001 7C931790 8BC8 mov ecx, eax 7C931792 898D 6CFFFFFF mov [ebp-94], ecx 7C931798 3BF1 cmp esi, ecx 7C93179A 74 12 je short 7C9317AE 7C93179C 8D41 F8 lea eax, [ecx-8] 7C93179F 8985 D8FEFFFF mov [ebp-128], eax 7C9317A5 66:3B18 cmp bx, [eax] 7C9317A8 ^ 0F87 3EF5FFFF ja 7C930CEC 7C9317AE 8D47 08 lea eax, [edi+8] 7C9317B1 8985 D0FEFFFF mov [ebp-130], eax 7C9317B7 8B51 04 mov edx, [ecx+4] 7C9317BA 8995 C8FEFFFF mov [ebp-138], edx ; msvcrt.77C31AE8 7C9317C0 ^ E9 60FDFFFF jmp 7C931525 7C9317C5 8B06 mov eax, [esi] 7C9317C7 ^ EB C7 jmp short 7C931790 7C9317C9 0FB7C9 movzx ecx, cx 7C9317CC C1E1 03 shl ecx, 3 7C9317CF 8BD9 mov ebx, ecx 7C9317D1 8BCF mov ecx, edi 7C9317D3 2BCB sub ecx, ebx 7C9317D5 894D F0 mov [ebp-10], ecx 7C9317D8 E9 3B050000 jmp 7C931D18 7C9317DD 33C0 xor eax, eax 7C9317DF ^ E9 82EEFFFF jmp 7C930666 7C9317E4 33C0 xor eax, eax 7C9317E6 ^ E9 D5FDFFFF jmp 7C9315C0 7C9317EB 33C9 xor ecx, ecx 7C9317ED ^ E9 44F6FFFF jmp 7C930E36 7C9317F2 33C9 xor ecx, ecx 7C9317F4 ^ E9 18EDFFFF jmp 7C930511 7C9317F9 F645 08 01 test byte ptr [ebp+8], 1 7C9317FD 0F84 DCBB0200 je 7C95D3DF 7C931803 E9 504D0000 jmp 7C936558 7C931808 8B4D 0C mov ecx, [ebp+C] ; RPCRT4.77E8F3B0 7C93180B 8B49 04 mov ecx, [ecx+4] 7C93180E 8908 mov [eax], ecx 7C931810 E9 98110000 jmp 7C9329AD 7C931815 0FB7C3 movzx eax, bx 7C931818 8B4D E4 mov ecx, [ebp-1C] 7C93181B 8D94C1 78010000 lea edx, [ecx+eax*8+178] 7C931822 8995 3CFEFFFF mov [ebp-1C4], edx ; msvcrt.77C31AE8 7C931828 3912 cmp [edx], edx ; msvcrt.77C31AE8 7C93182A 75 32 jnz short 7C93185E 7C93182C 0FB70F movzx ecx, word ptr [edi] 7C93182F 8BC1 mov eax, ecx 7C931831 C1E8 03 shr eax, 3 7C931834 8985 B4FEFFFF mov [ebp-14C], eax 7C93183A 83E1 07 and ecx, 7 7C93183D 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C93183F 46 inc esi ; ntdll.ZwTerminateProcess 7C931840 D3E6 shl esi, cl 7C931842 89B5 40FFFFFF mov [ebp-C0], esi ; ntdll.ZwTerminateProcess 7C931848 8B4D E4 mov ecx, [ebp-1C] 7C93184B 8DB408 58010000 lea esi, [eax+ecx+158] 7C931852 33C0 xor eax, eax 7C931854 8A06 mov al, [esi] 7C931856 0B85 40FFFFFF or eax, [ebp-C0] 7C93185C 8806 mov [esi], al 7C93185E 8D47 08 lea eax, [edi+8] 7C931861 8985 74FEFFFF mov [ebp-18C], eax 7C931867 8B72 04 mov esi, [edx+4] 7C93186A 89B5 24FFFFFF mov [ebp-DC], esi ; ntdll.ZwTerminateProcess 7C931870 ^ E9 AFFDFFFF jmp 7C931624 7C931875 90 nop 7C931876 90 nop 7C931877 90 nop 7C931878 90 nop 7C931879 90 nop 7C93187A 68 A0C0997C push 7C99C0A0 7C93187F E8 69F8FEFF call RtlLeaveCriticalSection 7C931884 C3 retn 7C931885 90 nop 7C931886 90 nop 7C931887 90 nop 7C931888 90 nop 7C931889 90 nop 7C93188A > 6A 1C push 1C 7C93188C 68 0819937C push 7C931908 7C931891 E8 2CD5FFFF call 7C92EDC2 7C931896 8B5D 08 mov ebx, [ebp+8] 7C931899 8B43 10 mov eax, [ebx+10] 7C93189C 85C0 test eax, eax 7C93189E 0F85 887E0000 jnz 7C93972C 7C9318A4 8365 E4 00 and dword ptr [ebp-1C], 0 7C9318A8 68 A0C0997C push 7C99C0A0 7C9318AD E8 53F7FEFF call RtlEnterCriticalSection 7C9318B2 8365 FC 00 and dword ptr [ebp-4], 0 7C9318B6 8B33 mov esi, [ebx] 7C9318B8 8975 E0 mov [ebp-20], esi ; ntdll.ZwTerminateProcess 7C9318BB 85F6 test esi, esi ; ntdll.ZwTerminateProcess 7C9318BD 74 1F je short 7C9318DE 7C9318BF 8D46 08 lea eax, [esi+8] 7C9318C2 8945 DC mov [ebp-24], eax 7C9318C5 8B08 mov ecx, [eax] 7C9318C7 894D D8 mov [ebp-28], ecx 7C9318CA 8B40 04 mov eax, [eax+4] 7C9318CD 8945 D4 mov [ebp-2C], eax 7C9318D0 8908 mov [eax], ecx 7C9318D2 8941 04 mov [ecx+4], eax 7C9318D5 6A 08 push 8 7C9318D7 59 pop ecx ; ntdll.7C92E89A 7C9318D8 33C0 xor eax, eax 7C9318DA 8BFE mov edi, esi ; ntdll.ZwTerminateProcess 7C9318DC F3:AB rep stos dword ptr es:[edi] 7C9318DE 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C9318E2 E8 93FFFFFF call 7C93187A 7C9318E7 85F6 test esi, esi ; ntdll.ZwTerminateProcess 7C9318E9 74 06 je short 7C9318F1 7C9318EB 56 push esi ; ntdll.ZwTerminateProcess 7C9318EC E8 28000000 call 7C931919 7C9318F1 6A 06 push 6 7C9318F3 59 pop ecx ; ntdll.7C92E89A 7C9318F4 33C0 xor eax, eax 7C9318F6 8BFB mov edi, ebx 7C9318F8 F3:AB rep stos dword ptr es:[edi] 7C9318FA 8B45 E4 mov eax, [ebp-1C] 7C9318FD E8 00D5FFFF call 7C92EE02 7C931902 C2 0400 retn 4 7C931905 90 nop 7C931906 90 nop 7C931907 90 nop 7C931908 FFFF ??? ; 未知命令 7C93190A FFFF ??? ; 未知命令 7C93190C 0000 add [eax], al 7C93190E 0000 add [eax], al 7C931910 E3 22 jecxz short 7C931934 7C931912 96 xchg eax, esi ; ntdll.ZwTerminateProcess 7C931913 ^ 7C 90 jl short 7C9318A5 7C931915 90 nop 7C931916 90 nop 7C931917 90 nop 7C931918 90 nop 7C931919 6A 0C push 0C 7C93191B 68 7819937C push 7C931978 7C931920 E8 9DD4FFFF call 7C92EDC2 7C931925 68 80C0997C push 7C99C080 7C93192A E8 D6F6FEFF call RtlEnterCriticalSection 7C93192F 8365 FC 00 and dword ptr [ebp-4], 0 7C931933 6A 08 push 8 7C931935 59 pop ecx ; ntdll.7C92E89A 7C931936 33C0 xor eax, eax 7C931938 8B55 08 mov edx, [ebp+8] 7C93193B 8BFA mov edi, edx ; msvcrt.77C31AE8 7C93193D F3:AB rep stos dword ptr es:[edi] 7C93193F 81FA 20C4997C cmp edx, 7C99C420 7C931945 0F83 02260100 jnb 7C943F4D 7C93194B 64:A1 18000000 mov eax, fs:[18] 7C931951 8945 E4 mov [ebp-1C], eax 7C931954 52 push edx ; msvcrt.77C31AE8 7C931955 6A 00 push 0 7C931957 8B40 30 mov eax, [eax+30] 7C93195A FF70 18 push dword ptr [eax+18] 7C93195D E8 DBEAFFFF call RtlFreeHeap 7C931962 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C931966 E8 1E000000 call 7C931989 7C93196B E8 92D4FFFF call 7C92EE02 7C931970 C2 0400 retn 4 7C931973 90 nop 7C931974 90 nop 7C931975 90 nop 7C931976 90 nop 7C931977 90 nop 7C931978 FFFF ??? ; 未知命令 7C93197A FFFF ??? ; 未知命令 7C93197C 0000 add [eax], al 7C93197E 0000 add [eax], al 7C931980 8919 mov [ecx], ebx 7C931982 93 xchg eax, ebx 7C931983 ^ 7C 90 jl short 7C931915 7C931985 90 nop 7C931986 90 nop 7C931987 90 nop 7C931988 90 nop 7C931989 68 80C0997C push 7C99C080 7C93198E E8 5AF7FEFF call RtlLeaveCriticalSection 7C931993 C3 retn 7C931994 90 nop 7C931995 90 nop 7C931996 90 nop 7C931997 90 nop 7C931998 90 nop 7C931999 6A 14 push 14 7C93199B 68 001A937C push 7C931A00 7C9319A0 E8 1DD4FFFF call 7C92EDC2 7C9319A5 33DB xor ebx, ebx 7C9319A7 381D C0C0997C cmp [7C99C0C0], bl 7C9319AD 74 0A je short 7C9319B9 7C9319AF 68 80C0997C push 7C99C080 7C9319B4 E8 4CF6FEFF call RtlEnterCriticalSection 7C9319B9 895D FC mov [ebp-4], ebx 7C9319BC A1 B8C0997C mov eax, [7C99C0B8] 7C9319C1 8945 E4 mov [ebp-1C], eax 7C9319C4 3BC3 cmp eax, ebx 7C9319C6 0F85 D9570100 jnz 7C9471A5 7C9319CC 64:A1 18000000 mov eax, fs:[18] 7C9319D2 8945 E0 mov [ebp-20], eax 7C9319D5 8B40 30 mov eax, [eax+30] 7C9319D8 8945 DC mov [ebp-24], eax 7C9319DB 6A 20 push 20 7C9319DD 53 push ebx 7C9319DE FF70 18 push dword ptr [eax+18] 7C9319E1 E8 EEEBFFFF call RtlAllocateHeap 7C9319E6 8945 E4 mov [ebp-1C], eax 7C9319E9 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C9319ED E8 1F000000 call 7C931A11 7C9319F2 8B45 E4 mov eax, [ebp-1C] 7C9319F5 E8 08D4FFFF call 7C92EE02 7C9319FA C3 retn 7C9319FB 90 nop 7C9319FC 90 nop 7C9319FD 90 nop 7C9319FE 90 nop 7C9319FF 90 nop 7C931A00 FFFF ??? ; 未知命令 7C931A02 FFFF ??? ; 未知命令 7C931A04 0000 add [eax], al 7C931A06 0000 add [eax], al 7C931A08 111A adc [edx], ebx 7C931A0A 93 xchg eax, ebx 7C931A0B ^ 7C 90 jl short 7C93199D 7C931A0D 90 nop 7C931A0E 90 nop 7C931A0F 90 nop 7C931A10 90 nop 7C931A11 803D C0C0997C 0>cmp byte ptr [7C99C0C0], 0 7C931A18 74 0A je short 7C931A24 7C931A1A 68 80C0997C push 7C99C080 7C931A1F E8 C9F6FEFF call RtlLeaveCriticalSection 7C931A24 C3 retn 7C931A25 90 nop 7C931A26 90 nop 7C931A27 90 nop 7C931A28 90 nop 7C931A29 90 nop 7C931A2A > 8BFF mov edi, edi 7C931A2C 55 push ebp 7C931A2D 8BEC mov ebp, esp 7C931A2F 83EC 20 sub esp, 20 7C931A32 53 push ebx 7C931A33 33DB xor ebx, ebx 7C931A35 57 push edi 7C931A36 8B7D 08 mov edi, [ebp+8] 7C931A39 834F 04 FF or dword ptr [edi+4], FFFFFFFF 7C931A3D 895F 08 mov [edi+8], ebx 7C931A40 895F 0C mov [edi+C], ebx 7C931A43 895F 10 mov [edi+10], ebx 7C931A46 64:A1 18000000 mov eax, fs:[18] 7C931A4C 8B40 30 mov eax, [eax+30] 7C931A4F 8378 64 01 cmp dword ptr [eax+64], 1 7C931A53 0F86 EE000000 jbe 7C931B47 7C931A59 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C931A5C 25 FFFFFF00 and eax, 0FFFFFF 7C931A61 8947 14 mov [edi+14], eax 7C931A64 391D BCC0997C cmp [7C99C0BC], ebx 7C931A6A 0F84 DB0E0100 je 7C94294B 7C931A70 56 push esi ; ntdll.ZwTerminateProcess 7C931A71 E8 23FFFFFF call 7C931999 7C931A76 8BF0 mov esi, eax 7C931A78 3BF3 cmp esi, ebx 7C931A7A 0F84 43080300 je 7C9622C3 7C931A80 66:891E mov [esi], bx 7C931A83 895E 14 mov [esi+14], ebx 7C931A86 895E 10 mov [esi+10], ebx 7C931A89 897E 04 mov [esi+4], edi 7C931A8C 8937 mov [edi], esi ; ntdll.ZwTerminateProcess 7C931A8E E8 51000000 call RtlLogStackBackTrace 7C931A93 BB A0C0997C mov ebx, 7C99C0A0 7C931A98 3BFB cmp edi, ebx 7C931A9A 66:8946 02 mov [esi+2], ax 7C931A9E 0F84 5C0F0100 je 7C942A00 7C931AA4 803D C0C0997C 0>cmp byte ptr [7C99C0C0], 0 7C931AAB 0F84 4F0F0100 je 7C942A00 7C931AB1 53 push ebx 7C931AB2 E8 4EF5FEFF call RtlEnterCriticalSection 7C931AB7 8B0D CCC0997C mov ecx, [7C99C0CC] 7C931ABD 8D46 08 lea eax, [esi+8] 7C931AC0 C700 C8C0997C mov dword ptr [eax], 7C99C0C8 7C931AC6 8948 04 mov [eax+4], ecx 7C931AC9 8901 mov [ecx], eax 7C931ACB 53 push ebx 7C931ACC A3 CCC0997C mov [7C99C0CC], eax 7C931AD1 E8 17F6FEFF call RtlLeaveCriticalSection 7C931AD6 33C0 xor eax, eax 7C931AD8 5E pop esi ; ntdll.7C92E89A 7C931AD9 5F pop edi ; ntdll.7C92E89A 7C931ADA 5B pop ebx ; ntdll.7C92E89A 7C931ADB C9 leave 7C931ADC C2 0800 retn 8 7C931ADF 90 nop 7C931AE0 90 nop 7C931AE1 90 nop 7C931AE2 90 nop 7C931AE3 90 nop 7C931AE4 > 68 A8000000 push 0A8 7C931AE9 68 101B937C push 7C931B10 7C931AEE E8 CFD2FFFF call 7C92EDC2 7C931AF3 33C0 xor eax, eax 7C931AF5 3905 D0C0997C cmp [7C99C0D0], eax 7C931AFB 0F85 9DC50300 jnz 7C96E09E 7C931B01 66:33C0 xor ax, ax 7C931B04 E8 F9D2FFFF call 7C92EE02 7C931B09 C3 retn 7C931B0A 90 nop 7C931B0B 90 nop 7C931B0C 90 nop 7C931B0D 90 nop 7C931B0E 90 nop 7C931B0F 90 nop 7C931B10 FFFF ??? ; 未知命令 7C931B12 FFFF ??? ; 未知命令 7C931B14 C6 ??? ; 未知命令 7C931B15 ^ E0 96 loopdne short 7C931AAD 7C931B17 ^ 7C CF jl short 7C931AE8 7C931B19 ^ E0 96 loopdne short 7C931AB1 7C931B1B 7C FF jl short 7C931B1C 7C931B1D FFFF ??? ; 未知命令 7C931B1F FF79 ??? ; 未知命令 7C931B21 ^ E1 96 loopde short 7C931AB9 7C931B23 ^ 7C 82 jl short 7C931AA7 7C931B25 ^ E1 96 loopde short 7C931ABD 7C931B27 ^ 7C 90 jl short 7C931AB9 7C931B29 90 nop 7C931B2A 90 nop 7C931B2B 90 nop 7C931B2C 90 nop 7C931B2D > 8BFF mov edi, edi 7C931B2F 55 push ebp 7C931B30 8BEC mov ebp, esp 7C931B32 6A 00 push 0 7C931B34 FF75 08 push dword ptr [ebp+8] 7C931B37 E8 EEFEFFFF call RtlInitializeCriticalSectionAndS> 7C931B3C 5D pop ebp ; ntdll.7C92E89A 7C931B3D C2 0400 retn 4 7C931B40 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C931B42 E9 86050000 jmp 7C9320CD 7C931B47 895F 14 mov [edi+14], ebx 7C931B4A ^ E9 15FFFFFF jmp 7C931A64 7C931B4F 90 nop 7C931B50 90 nop 7C931B51 90 nop 7C931B52 90 nop 7C931B53 90 nop 7C931B54 8BFF mov edi, edi 7C931B56 55 push ebp 7C931B57 8BEC mov ebp, esp 7C931B59 51 push ecx 7C931B5A 51 push ecx 7C931B5B 53 push ebx 7C931B5C 56 push esi ; ntdll.ZwTerminateProcess 7C931B5D 8B75 0C mov esi, [ebp+C] ; RPCRT4.77E8F3B0 7C931B60 8A4E 07 mov cl, [esi+7] 7C931B63 66:8B56 02 mov dx, [esi+2] 7C931B67 0FB6C1 movzx eax, cl 7C931B6A 57 push edi 7C931B6B 8B7D 08 mov edi, [ebp+8] 7C931B6E 8B4487 58 mov eax, [edi+eax*4+58] 7C931B72 8945 F8 mov [ebp-8], eax 7C931B75 8A46 05 mov al, [esi+5] 7C931B78 8845 0F mov [ebp+F], al 7C931B7B 8B45 10 mov eax, [ebp+10] 7C931B7E 0147 28 add [edi+28], eax 7C931B81 85C0 test eax, eax 7C931B83 884D FF mov [ebp-1], cl 7C931B86 0F84 AF000000 je 7C931C3B 7C931B8C 3D 00FE0000 cmp eax, 0FE00 7C931B91 0F87 71C30000 ja 7C93DF08 7C931B97 8BD8 mov ebx, eax 7C931B99 8A45 0F mov al, [ebp+F] 7C931B9C 895D 08 mov [ebp+8], ebx 7C931B9F 8846 05 mov [esi+5], al 7C931BA2 8066 05 F8 and byte ptr [esi+5], 0F8 7C931BA6 66:8956 02 mov [esi+2], dx 7C931BAA 884E 07 mov [esi+7], cl 7C931BAD 66:891E mov [esi], bx 7C931BB0 F647 0C 40 test byte ptr [edi+C], 40 7C931BB4 0F85 CDA40200 jnz 7C95C087 7C931BBA 66:81FB 8000 cmp bx, 80 7C931BBF 0F82 E4A40200 jb 7C95C0A9 7C931BC5 83BF 70010000 0>cmp dword ptr [edi+170], 0 7C931BCC ^ 0F84 B4F0FFFF je 7C930C86 7C931BD2 0FB7C3 movzx eax, bx 7C931BD5 50 push eax 7C931BD6 57 push edi 7C931BD7 E8 25040000 call 7C932001 7C931BDC 8D8F 78010000 lea ecx, [edi+178] 7C931BE2 3BC8 cmp ecx, eax 7C931BE4 75 62 jnz short 7C931C48 7C931BE6 8BD0 mov edx, eax 7C931BE8 8B4A 04 mov ecx, [edx+4] 7C931BEB 8D46 08 lea eax, [esi+8] 7C931BEE 8910 mov [eax], edx ; msvcrt.77C31AE8 7C931BF0 8948 04 mov [eax+4], ecx 7C931BF3 56 push esi ; ntdll.ZwTerminateProcess 7C931BF4 8901 mov [ecx], eax 7C931BF6 57 push edi 7C931BF7 8942 04 mov [edx+4], eax 7C931BFA E8 CDEFFFFF call 7C930BCC 7C931BFF 895D 08 mov [ebp+8], ebx 7C931C02 0FB7DB movzx ebx, bx 7C931C05 295D 10 sub [ebp+10], ebx 7C931C08 F646 05 10 test byte ptr [esi+5], 10 7C931C0C 74 15 je short 7C931C23 7C931C0E 807E 07 40 cmp byte ptr [esi+7], 40 7C931C12 0F83 E5C20000 jnb 7C93DEFD 7C931C18 0FB646 07 movzx eax, byte ptr [esi+7] 7C931C1C 8B4487 58 mov eax, [edi+eax*4+58] 7C931C20 8970 38 mov [eax+38], esi ; ntdll.ZwTerminateProcess 7C931C23 8B45 F8 mov eax, [ebp-8] ; kernel32.7C81CA78 7C931C26 8D34DE lea esi, [esi+ebx*8] 7C931C29 3B70 24 cmp esi, [eax+24] 7C931C2C 73 13 jnb short 7C931C41 7C931C2E 837D 10 00 cmp dword ptr [ebp+10], 0 7C931C32 8B55 08 mov edx, [ebp+8] 7C931C35 0F85 B7C20000 jnz 7C93DEF2 7C931C3B F645 0F 10 test byte ptr [ebp+F], 10 7C931C3F 74 11 je short 7C931C52 7C931C41 5F pop edi ; ntdll.7C92E89A 7C931C42 5E pop esi ; ntdll.7C92E89A 7C931C43 5B pop ebx ; ntdll.7C92E89A 7C931C44 C9 leave 7C931C45 C2 0C00 retn 0C 7C931C48 66:3B58 F8 cmp bx, [eax-8] 7C931C4C ^ 76 98 jbe short 7C931BE6 7C931C4E 8B00 mov eax, [eax] 7C931C50 ^ EB 90 jmp short 7C931BE2 7C931C52 66:8956 02 mov [esi+2], dx 7C931C56 ^ EB E9 jmp short 7C931C41 7C931C58 8BCF mov ecx, edi 7C931C5A C1E1 02 shl ecx, 2 7C931C5D 3BC1 cmp eax, ecx 7C931C5F 0F86 04060000 jbe 7C932269 7C931C65 53 push ebx 7C931C66 E8 E0690000 call 7C93864B 7C931C6B FF75 DC push dword ptr [ebp-24] 7C931C6E FF75 E4 push dword ptr [ebp-1C] 7C931C71 E8 3A650000 call 7C9381B0 7C931C76 8BF0 mov esi, eax 7C931C78 8975 C8 mov [ebp-38], esi ; ntdll.ZwTerminateProcess 7C931C7B 85F6 test esi, esi ; ntdll.ZwTerminateProcess 7C931C7D 0F84 BB9E0200 je 7C95BB3E 7C931C83 56 push esi ; ntdll.ZwTerminateProcess 7C931C84 FF75 E4 push dword ptr [ebp-1C] 7C931C87 E8 08EFFFFF call 7C930B94 7C931C8C 8D56 08 lea edx, [esi+8] 7C931C8F 8995 64FEFFFF mov [ebp-19C], edx ; msvcrt.77C31AE8 7C931C95 8B02 mov eax, [edx] ; ntdll.7C99C8E0 7C931C97 8985 E4FEFFFF mov [ebp-11C], eax 7C931C9D 8B4A 04 mov ecx, [edx+4] 7C931CA0 898D 8CFEFFFF mov [ebp-174], ecx 7C931CA6 ^ E9 83F7FFFF jmp 7C93142E 7C931CAB 90 nop 7C931CAC 90 nop 7C931CAD 90 nop 7C931CAE 90 nop 7C931CAF 90 nop 7C931CB0 8BFF mov edi, edi 7C931CB2 55 push ebp 7C931CB3 8BEC mov ebp, esp 7C931CB5 83EC 28 sub esp, 28 7C931CB8 53 push ebx 7C931CB9 33DB xor ebx, ebx 7C931CBB 56 push esi ; ntdll.ZwTerminateProcess 7C931CBC 8B75 08 mov esi, [ebp+8] 7C931CBF 399E 7C050000 cmp [esi+57C], ebx 7C931CC5 895D E8 mov [ebp-18], ebx 7C931CC8 895D F8 mov [ebp-8], ebx 7C931CCB 0F85 2DA20200 jnz 7C95BEFE 7C931CD1 57 push edi 7C931CD2 8B7D 0C mov edi, [ebp+C] ; RPCRT4.77E8F3B0 7C931CD5 0FB647 07 movzx eax, byte ptr [edi+7] 7C931CD9 8B4486 58 mov eax, [esi+eax*4+58] 7C931CDD 8945 E4 mov [ebp-1C], eax 7C931CE0 8D87 FF0F0000 lea eax, [edi+FFF] 7C931CE6 BA 00F0FFFF mov edx, -1000 7C931CEB 23C2 and eax, edx ; msvcrt.77C31AE8 7C931CED 8BC8 mov ecx, eax 7C931CEF 2BCF sub ecx, edi 7C931CF1 C1F9 03 sar ecx, 3 7C931CF4 66:83F9 01 cmp cx, 1 7C931CF8 895D F0 mov [ebp-10], ebx 7C931CFB 8945 08 mov [ebp+8], eax 7C931CFE 894D F4 mov [ebp-C], ecx 7C931D01 0F84 1F770000 je 7C939426 7C931D07 66:8B4F 02 mov cx, [edi+2] 7C931D0B 66:3BCB cmp cx, bx 7C931D0E 74 08 je short 7C931D18 7C931D10 3BC7 cmp eax, edi 7C931D12 ^ 0F84 B1FAFFFF je 7C9317C9 7C931D18 8B4D 10 mov ecx, [ebp+10] 7C931D1B 8365 EC 00 and dword ptr [ebp-14], 0 7C931D1F 8D1CCF lea ebx, [edi+ecx*8] 7C931D22 8BCB mov ecx, ebx 7C931D24 23CA and ecx, edx ; msvcrt.77C31AE8 7C931D26 8BD3 mov edx, ebx 7C931D28 2BD1 sub edx, ecx 7C931D2A C1FA 03 sar edx, 3 7C931D2D 66:83FA 01 cmp dx, 1 7C931D31 8955 FC mov [ebp-4], edx ; msvcrt.77C31AE8 7C931D34 0F84 6A660000 je 7C9383A4 7C931D3A 66:85D2 test dx, dx 7C931D3D 0F84 89000000 je 7C931DCC 7C931D43 0FB7D2 movzx edx, dx 7C931D46 C1E2 03 shl edx, 3 7C931D49 2BDA sub ebx, edx ; msvcrt.77C31AE8 7C931D4B 3BC8 cmp ecx, eax 7C931D4D 8955 D8 mov [ebp-28], edx ; msvcrt.77C31AE8 7C931D50 895D DC mov [ebp-24], ebx 7C931D53 0F86 C4000000 jbe 7C931E1D 7C931D59 2BC8 sub ecx, eax 7C931D5B 85C9 test ecx, ecx 7C931D5D 894D 0C mov [ebp+C], ecx 7C931D60 0F84 BE000000 je 7C931E24 7C931D66 8B5D E4 mov ebx, [ebp-1C] 7C931D69 837B 2C 10 cmp dword ptr [ebx+2C], 10 7C931D6D 0F83 6C620100 jnb 7C947FDF 7C931D73 8B8E 70010000 mov ecx, [esi+170] 7C931D79 33C0 xor eax, eax 7C931D7B 3BC8 cmp ecx, eax 7C931D7D 0F84 35680000 je 7C9385B8 7C931D83 3941 4C cmp [ecx+4C], eax 7C931D86 0F84 24680000 je 7C9385B0 7C931D8C 66:3947 02 cmp [edi+2], ax 7C931D90 0F84 72620100 je 7C948008 7C931D96 8B41 40 mov eax, [ecx+40] 7C931D99 3B41 44 cmp eax, [ecx+44] 7C931D9C 0F8D 29690000 jge 7C9386CB 7C931DA2 FF75 10 push dword ptr [ebp+10] 7C931DA5 57 push edi 7C931DA6 56 push esi ; ntdll.ZwTerminateProcess 7C931DA7 E8 A8FDFFFF call 7C931B54 7C931DAC 8B86 70010000 mov eax, [esi+170] 7C931DB2 85C0 test eax, eax 7C931DB4 74 0F je short 7C931DC5 7C931DB6 8B40 4C mov eax, [eax+4C] 7C931DB9 3B05 58C0997C cmp eax, [7C99C058] 7C931DBF 0F8D 41690000 jge 7C938706 7C931DC5 5F pop edi ; ntdll.7C92E89A 7C931DC6 5E pop esi ; ntdll.7C92E89A 7C931DC7 5B pop ebx ; ntdll.7C92E89A 7C931DC8 C9 leave 7C931DC9 C2 0C00 retn 0C 7C931DCC F647 05 10 test byte ptr [edi+5], 10 7C931DD0 ^ 0F85 6DFFFFFF jnz 7C931D43 7C931DD6 895D EC mov [ebp-14], ebx 7C931DD9 ^ E9 65FFFFFF jmp 7C931D43 7C931DDE 8B45 E8 mov eax, [ebp-18] 7C931DE1 85C0 test eax, eax 7C931DE3 75 05 jnz short 7C931DEA 7C931DE5 3945 F8 cmp [ebp-8], eax 7C931DE8 ^ 74 C2 je short 7C931DAC 7C931DEA 8BBE 70010000 mov edi, [esi+170] 7C931DF0 33DB xor ebx, ebx 7C931DF2 85FF test edi, edi 7C931DF4 0F85 56760000 jnz 7C939450 7C931DFA 85C0 test eax, eax 7C931DFC 0F85 62760000 jnz 7C939464 7C931E02 8B45 F8 mov eax, [ebp-8] ; kernel32.7C81CA78 7C931E05 85C0 test eax, eax 7C931E07 74 0B je short 7C931E14 7C931E09 0FB708 movzx ecx, word ptr [eax] 7C931E0C 51 push ecx 7C931E0D 50 push eax 7C931E0E 56 push esi ; ntdll.ZwTerminateProcess 7C931E0F E8 9CFEFFFF call 7C931CB0 7C931E14 85FF test edi, edi 7C931E16 ^ 74 94 je short 7C931DAC 7C931E18 895F 4C mov [edi+4C], ebx 7C931E1B ^ EB 8F jmp short 7C931DAC 7C931E1D 33C9 xor ecx, ecx 7C931E1F ^ E9 37FFFFFF jmp 7C931D5B 7C931E24 FF75 10 push dword ptr [ebp+10] 7C931E27 57 push edi 7C931E28 56 push esi ; ntdll.ZwTerminateProcess 7C931E29 E8 26FDFFFF call 7C931B54 7C931E2E ^ EB AE jmp short 7C931DDE 7C931E30 0FB706 movzx eax, word ptr [esi] 7C931E33 8B4D 10 mov ecx, [ebp+10] 7C931E36 0301 add eax, [ecx] 7C931E38 3D 00FE0000 cmp eax, 0FE00 7C931E3D ^ 0F87 EEEDFFFF ja 7C930C31 7C931E43 807D 14 00 cmp byte ptr [ebp+14], 0 7C931E47 0F85 977A0300 jnz 7C9698E4 7C931E4D 8B4E 0C mov ecx, [esi+C] 7C931E50 8D46 08 lea eax, [esi+8] 7C931E53 8B10 mov edx, [eax] 7C931E55 894D 08 mov [ebp+8], ecx 7C931E58 8B09 mov ecx, [ecx] 7C931E5A 3B4A 04 cmp ecx, [edx+4] 7C931E5D 8955 0C mov [ebp+C], edx ; msvcrt.77C31AE8 7C931E60 0F85 9D000000 jnz 7C931F03 7C931E66 3BC8 cmp ecx, eax 7C931E68 0F85 95000000 jnz 7C931F03 7C931E6E 56 push esi ; ntdll.ZwTerminateProcess 7C931E6F 53 push ebx 7C931E70 E8 1FEDFFFF call 7C930B94 7C931E75 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C931E78 8B4D 08 mov ecx, [ebp+8] 7C931E7B 3BC1 cmp eax, ecx 7C931E7D 8901 mov [ecx], eax 7C931E7F 8948 04 mov [eax+4], ecx 7C931E82 74 49 je short 7C931ECD 7C931E84 8A46 05 mov al, [esi+5] 7C931E87 A8 04 test al, 4 7C931E89 0F85 2F7B0300 jnz 7C9699BE 7C931E8F 8A47 05 mov al, [edi+5] 7C931E92 24 10 and al, 10 7C931E94 A8 10 test al, 10 7C931E96 8846 05 mov [esi+5], al 7C931E99 75 55 jnz short 7C931EF0 7C931E9B 0FB70E movzx ecx, word ptr [esi] 7C931E9E 8B45 10 mov eax, [ebp+10] 7C931EA1 0108 add [eax], ecx 7C931EA3 0FB70E movzx ecx, word ptr [esi] 7C931EA6 294B 28 sub [ebx+28], ecx 7C931EA9 F646 05 10 test byte ptr [esi+5], 10 7C931EAD 66:8B00 mov ax, [eax] 7C931EB0 8BFE mov edi, esi ; ntdll.ZwTerminateProcess 7C931EB2 66:8906 mov [esi], ax 7C931EB5 ^ 0F85 76EDFFFF jnz 7C930C31 7C931EBB 8B45 10 mov eax, [ebp+10] 7C931EBE 8B08 mov ecx, [eax] 7C931EC0 66:8BC1 mov ax, cx 7C931EC3 66:8944CE 02 mov [esi+ecx*8+2], ax 7C931EC8 ^ E9 64EDFFFF jmp 7C930C31 7C931ECD 66:8B06 mov ax, [esi] 7C931ED0 66:3D 8000 cmp ax, 80 7C931ED4 ^ 73 AE jnb short 7C931E84 7C931ED6 0FB7C8 movzx ecx, ax 7C931ED9 8BC1 mov eax, ecx 7C931EDB 83E1 07 and ecx, 7 7C931EDE B2 01 mov dl, 1 7C931EE0 C1E8 03 shr eax, 3 7C931EE3 D2E2 shl dl, cl 7C931EE5 8D8418 58010000 lea eax, [eax+ebx+158] 7C931EEC 3010 xor [eax], dl 7C931EEE ^ EB 94 jmp short 7C931E84 7C931EF0 807E 07 40 cmp byte ptr [esi+7], 40 7C931EF4 73 18 jnb short 7C931F0E 7C931EF6 0FB646 07 movzx eax, byte ptr [esi+7] 7C931EFA 8B4483 58 mov eax, [ebx+eax*4+58] 7C931EFE 8970 38 mov [eax+38], esi ; ntdll.ZwTerminateProcess 7C931F01 ^ EB 98 jmp short 7C931E9B 7C931F03 50 push eax 7C931F04 E8 4ABA0400 call 7C97D953 7C931F09 ^ E9 76FFFFFF jmp 7C931E84 7C931F0E 56 push esi ; ntdll.ZwTerminateProcess 7C931F0F E8 3FBA0400 call 7C97D953 7C931F14 ^ EB 85 jmp short 7C931E9B 7C931F16 57 push edi 7C931F17 E8 37BA0400 call 7C97D953 7C931F1C ^ E9 FDEFFFFF jmp 7C930F1E 7C931F21 50 push eax 7C931F22 E8 2CBA0400 call 7C97D953 7C931F27 ^ E9 29F0FFFF jmp 7C930F55 7C931F2C 0FB7C0 movzx eax, ax 7C931F2F 50 push eax 7C931F30 56 push esi ; ntdll.ZwTerminateProcess 7C931F31 E8 CB000000 call 7C932001 7C931F36 E9 34650000 jmp 7C93846F 7C931F3B 3B5F 14 cmp ebx, [edi+14] 7C931F3E 0F87 3B830300 ja 7C96A27F 7C931F44 E9 72970000 jmp 7C93B6BB 7C931F49 8B70 04 mov esi, [eax+4] 7C931F4C 83EE 08 sub esi, 8 7C931F4F 8975 C8 mov [ebp-38], esi ; ntdll.ZwTerminateProcess 7C931F52 8A46 05 mov al, [esi+5] 7C931F55 8845 E3 mov [ebp-1D], al 7C931F58 8D4E 08 lea ecx, [esi+8] 7C931F5B 8B39 mov edi, [ecx] 7C931F5D 89BD 48FEFFFF mov [ebp-1B8], edi 7C931F63 8B56 0C mov edx, [esi+C] 7C931F66 8995 78FFFFFF mov [ebp-88], edx ; msvcrt.77C31AE8 7C931F6C 8B12 mov edx, [edx] ; ntdll.7C99C8E0 7C931F6E 3B57 04 cmp edx, [edi+4] 7C931F71 0F85 F3230200 jnz 7C95436A 7C931F77 3BD1 cmp edx, ecx 7C931F79 0F85 EB230200 jnz 7C95436A 7C931F7F 8B8D 78FFFFFF mov ecx, [ebp-88] ; ntdll.7C93056D 7C931F85 8939 mov [ecx], edi 7C931F87 894F 04 mov [edi+4], ecx 7C931F8A 3BF9 cmp edi, ecx 7C931F8C 75 2F jnz short 7C931FBD 7C931F8E 0FB70E movzx ecx, word ptr [esi] 7C931F91 8BD1 mov edx, ecx 7C931F93 C1EA 03 shr edx, 3 7C931F96 8995 40FEFFFF mov [ebp-1C0], edx ; msvcrt.77C31AE8 7C931F9C 83E1 07 and ecx, 7 7C931F9F 33FF xor edi, edi 7C931FA1 47 inc edi 7C931FA2 D3E7 shl edi, cl 7C931FA4 89BD 50FFFFFF mov [ebp-B0], edi 7C931FAA 8DBC1A 58010000 lea edi, [edx+ebx+158] 7C931FB1 33C9 xor ecx, ecx 7C931FB3 8A0F mov cl, [edi] 7C931FB5 338D 50FFFFFF xor ecx, [ebp-B0] ; ntdll.7C92EE18 7C931FBB 880F mov [edi], cl 7C931FBD 8B4D 9C mov ecx, [ebp-64] 7C931FC0 294B 28 sub [ebx+28], ecx 7C931FC3 8975 B8 mov [ebp-48], esi ; ntdll.ZwTerminateProcess 7C931FC6 83E0 10 and eax, 10 7C931FC9 0C 01 or al, 1 7C931FCB 8846 05 mov [esi+5], al 7C931FCE 8B45 DC mov eax, [ebp-24] 7C931FD1 2B45 10 sub eax, [ebp+10] 7C931FD4 8985 ACFEFFFF mov [ebp-154], eax 7C931FDA 3D FF000000 cmp eax, 0FF 7C931FDF 0F83 C7990200 jnb 7C95B9AC 7C931FE5 8846 06 mov [esi+6], al 7C931FE8 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C931FEA C1E8 03 shr eax, 3 7C931FED 33C9 xor ecx, ecx 7C931FEF 8A4B 04 mov cl, [ebx+4] 7C931FF2 33C1 xor eax, ecx 7C931FF4 8846 04 mov [esi+4], al 7C931FF7 ^ E9 74F5FFFF jmp 7C931570 7C931FFC 90 nop 7C931FFD 90 nop 7C931FFE 90 nop 7C931FFF 90 nop 7C932000 90 nop 7C932001 8BFF mov edi, edi 7C932003 55 push ebp 7C932004 8BEC mov ebp, esp 7C932006 8B4D 08 mov ecx, [ebp+8] 7C932009 56 push esi ; ntdll.ZwTerminateProcess 7C93200A 8DB1 78010000 lea esi, [ecx+178] 7C932010 8B46 04 mov eax, [esi+4] 7C932013 3BF0 cmp esi, eax 7C932015 8975 08 mov [ebp+8], esi ; ntdll.ZwTerminateProcess 7C932018 ^ 0F84 22FBFFFF je 7C931B40 7C93201E 0FB740 F8 movzx eax, word ptr [eax-8] 7C932022 53 push ebx 7C932023 8B5D 0C mov ebx, [ebp+C] ; RPCRT4.77E8F3B0 7C932026 3BC3 cmp eax, ebx 7C932028 0F82 A7020000 jb 7C9322D5 7C93202E 8B06 mov eax, [esi] 7C932030 0FB750 F8 movzx edx, word ptr [eax-8] 7C932034 3BDA cmp ebx, edx ; msvcrt.77C31AE8 7C932036 0F86 90000000 jbe 7C9320CC 7C93203C 57 push edi 7C93203D 8BB9 70010000 mov edi, [ecx+170] 7C932043 8B07 mov eax, [edi] 7C932045 8D4B 80 lea ecx, [ebx-80] 7C932048 3BC8 cmp ecx, eax 7C93204A 0F83 51020000 jnb 7C9322A1 7C932050 8D50 FF lea edx, [eax-1] 7C932053 3BCA cmp ecx, edx ; msvcrt.77C31AE8 7C932055 0F84 4E020000 je 7C9322A9 7C93205B C1E8 05 shr eax, 5 7C93205E C1E9 05 shr ecx, 5 7C932061 48 dec eax 7C932062 8945 0C mov [ebp+C], eax 7C932065 8B47 60 mov eax, [edi+60] 7C932068 8BF1 mov esi, ecx 7C93206A 8D14B0 lea edx, [eax+esi*4] 7C93206D 33C0 xor eax, eax 7C93206F 40 inc eax 7C932070 8BCB mov ecx, ebx 7C932072 83E1 1F and ecx, 1F 7C932075 D3E0 shl eax, cl 7C932077 48 dec eax 7C932078 F7D0 not eax 7C93207A 2302 and eax, [edx] ; ntdll.7C99C8E0 7C93207C 75 17 jnz short 7C932095 7C93207E 3B75 0C cmp esi, [ebp+C] ; RPCRT4.77E8F3B0 7C932081 77 0A ja short 7C93208D 7C932083 83C2 04 add edx, 4 7C932086 8B02 mov eax, [edx] ; ntdll.7C99C8E0 7C932088 46 inc esi ; ntdll.ZwTerminateProcess 7C932089 85C0 test eax, eax 7C93208B ^ 74 F1 je short 7C93207E 7C93208D 85C0 test eax, eax 7C93208F 0F84 F4740300 je 7C969589 7C932095 66:A9 FFFF test ax, 0FFFF 7C932099 8BC8 mov ecx, eax 7C93209B 0F85 45010000 jnz 7C9321E6 7C9320A1 C1E9 10 shr ecx, 10 7C9320A4 81E1 FF000000 and ecx, 0FF 7C9320AA 0F85 4E010000 jnz 7C9321FE 7C9320B0 C1E8 18 shr eax, 18 7C9320B3 0FBE80 5810937C movsx eax, byte ptr [eax+7C931058] 7C9320BA 83C0 18 add eax, 18 7C9320BD C1E6 05 shl esi, 5 7C9320C0 03F0 add esi, eax 7C9320C2 8B47 64 mov eax, [edi+64] 7C9320C5 8B04B0 mov eax, [eax+esi*4] 7C9320C8 83C0 08 add eax, 8 7C9320CB 5F pop edi ; ntdll.7C92E89A 7C9320CC 5B pop ebx ; ntdll.7C92E89A 7C9320CD 5E pop esi ; ntdll.7C92E89A 7C9320CE 5D pop ebp ; ntdll.7C92E89A 7C9320CF C2 0800 retn 8 7C9320D2 56 push esi ; ntdll.ZwTerminateProcess 7C9320D3 66:8B33 mov si, [ebx] 7C9320D6 0FB7CE movzx ecx, si 7C9320D9 57 push edi 7C9320DA 8D79 80 lea edi, [ecx-80] 7C9320DD 8B08 mov ecx, [eax] 7C9320DF 3BF9 cmp edi, ecx 7C9320E1 73 62 jnb short 7C932145 7C9320E3 8B48 64 mov ecx, [eax+64] 7C9320E6 8D0CB9 lea ecx, [ecx+edi*4] 7C9320E9 8B11 mov edx, [ecx] 7C9320EB 85D2 test edx, edx ; msvcrt.77C31AE8 7C9320ED 75 4F jnz short 7C93213E 7C9320EF 8919 mov [ecx], ebx 7C9320F1 85D2 test edx, edx ; msvcrt.77C31AE8 7C9320F3 75 16 jnz short 7C93210B 7C9320F5 8B50 60 mov edx, [eax+60] 7C9320F8 8BCF mov ecx, edi 7C9320FA C1E9 03 shr ecx, 3 7C9320FD 8D340A lea esi, [edx+ecx] 7C932100 8BCF mov ecx, edi 7C932102 83E1 07 and ecx, 7 7C932105 B2 01 mov dl, 1 7C932107 D2E2 shl dl, cl 7C932109 0816 or [esi], dl 7C93210B 8B08 mov ecx, [eax] 7C93210D 49 dec ecx 7C93210E 3BF9 cmp edi, ecx 7C932110 5F pop edi ; ntdll.7C92E89A 7C932111 5E pop esi ; ntdll.7C92E89A 7C932112 ^ 0F85 E8EAFFFF jnz 7C930C00 7C932118 FF40 40 inc dword ptr [eax+40] 7C93211B 8B50 4C mov edx, [eax+4C] 7C93211E 85D2 test edx, edx ; msvcrt.77C31AE8 7C932120 8B48 40 mov ecx, [eax+40] 7C932123 ^ 0F84 D7EAFFFF je 7C930C00 7C932129 42 inc edx ; msvcrt.77C31AE8 7C93212A 3B48 44 cmp ecx, [eax+44] 7C93212D 8950 4C mov [eax+4C], edx ; msvcrt.77C31AE8 7C932130 ^ 0F8E CAEAFFFF jle 7C930C00 7C932136 8948 44 mov [eax+44], ecx 7C932139 ^ E9 C2EAFFFF jmp 7C930C00 7C93213E 66:3B32 cmp si, [edx] 7C932141 ^ 77 AE ja short 7C9320F1 7C932143 ^ EB AA jmp short 7C9320EF 7C932145 8D79 FF lea edi, [ecx-1] 7C932148 ^ EB 99 jmp short 7C9320E3 7C93214A 8D79 FF lea edi, [ecx-1] 7C93214D EB 12 jmp short 7C932161 7C93214F 85C0 test eax, eax 7C932151 74 43 je short 7C932196 7C932153 8901 mov [ecx], eax 7C932155 EB 57 jmp short 7C9321AE 7C932157 57 push edi 7C932158 8D79 80 lea edi, [ecx-80] 7C93215B 8B0E mov ecx, [esi] 7C93215D 3BF9 cmp edi, ecx 7C93215F ^ 73 E9 jnb short 7C93214A 7C932161 8B4A 08 mov ecx, [edx+8] 7C932164 53 push ebx 7C932165 8D98 78010000 lea ebx, [eax+178] 7C93216B 8BC1 mov eax, ecx 7C93216D 2BC3 sub eax, ebx 7C93216F 83C1 F8 add ecx, -8 7C932172 F7D8 neg eax 7C932174 1BC0 sbb eax, eax 7C932176 23C1 and eax, ecx 7C932178 8B4E 64 mov ecx, [esi+64] 7C93217B 8D0CB9 lea ecx, [ecx+edi*4] 7C93217E 3911 cmp [ecx], edx ; msvcrt.77C31AE8 7C932180 5B pop ebx ; ntdll.7C92E89A 7C932181 75 2B jnz short 7C9321AE 7C932183 8B16 mov edx, [esi] 7C932185 4A dec edx ; msvcrt.77C31AE8 7C932186 3BFA cmp edi, edx ; msvcrt.77C31AE8 7C932188 ^ 73 C5 jnb short 7C93214F 7C93218A 85C0 test eax, eax 7C93218C 74 08 je short 7C932196 7C93218E 0FB710 movzx edx, word ptr [eax] 7C932191 3B55 08 cmp edx, [ebp+8] 7C932194 ^ 74 BD je short 7C932153 7C932196 8321 00 and dword ptr [ecx], 0 7C932199 8B4E 60 mov ecx, [esi+60] 7C93219C 8BC7 mov eax, edi 7C93219E C1E8 03 shr eax, 3 7C9321A1 03C1 add eax, ecx 7C9321A3 8BCF mov ecx, edi 7C9321A5 83E1 07 and ecx, 7 7C9321A8 B2 01 mov dl, 1 7C9321AA D2E2 shl dl, cl 7C9321AC 3010 xor [eax], dl 7C9321AE 8B06 mov eax, [esi] 7C9321B0 48 dec eax 7C9321B1 3BF8 cmp edi, eax 7C9321B3 5F pop edi ; ntdll.7C92E89A 7C9321B4 ^ 0F85 08EAFFFF jnz 7C930BC2 7C9321BA FF4E 40 dec dword ptr [esi+40] 7C9321BD 0F88 31740300 js 7C9695F4 7C9321C3 8B46 4C mov eax, [esi+4C] 7C9321C6 85C0 test eax, eax 7C9321C8 ^ 0F84 F4E9FFFF je 7C930BC2 7C9321CE 40 inc eax 7C9321CF 8946 4C mov [esi+4C], eax 7C9321D2 8B46 40 mov eax, [esi+40] 7C9321D5 3B46 48 cmp eax, [esi+48] 7C9321D8 ^ 0F8D E4E9FFFF jge 7C930BC2 7C9321DE 8946 48 mov [esi+48], eax 7C9321E1 ^ E9 DCE9FFFF jmp 7C930BC2 7C9321E6 81E1 FF000000 and ecx, 0FF 7C9321EC 0F84 9D000000 je 7C93228F 7C9321F2 0FBE81 5810937C movsx eax, byte ptr [ecx+7C931058] 7C9321F9 ^ E9 BFFEFFFF jmp 7C9320BD 7C9321FE 0FBE81 5810937C movsx eax, byte ptr [ecx+7C931058] 7C932205 83C0 10 add eax, 10 7C932208 ^ E9 B0FEFFFF jmp 7C9320BD 7C93220D 8B48 20 mov ecx, [eax+20] 7C932210 66:F7C1 FF01 test cx, 1FF 7C932215 8D49 01 lea ecx, [ecx+1] 7C932218 8948 20 mov [eax+20], ecx 7C93221B ^ 0F85 E8F0FFFF jnz 7C931309 7C932221 56 push esi ; ntdll.ZwTerminateProcess 7C932222 8D45 C0 lea eax, [ebp-40] 7C932225 50 push eax 7C932226 E8 D7BEFFFF call ZwQueryPerformanceCounter 7C93222B ^ E9 DFF0FFFF jmp 7C93130F 7C932230 57 push edi 7C932231 53 push ebx 7C932232 E8 CAFDFFFF call 7C932001 7C932237 8945 94 mov [ebp-6C], eax 7C93223A 3945 D8 cmp [ebp-28], eax 7C93223D ^ 0F84 28FAFFFF je 7C931C6B 7C932243 8D70 F8 lea esi, [eax-8] 7C932246 8975 C8 mov [ebp-38], esi ; ntdll.ZwTerminateProcess 7C932249 0FB706 movzx eax, word ptr [esi] 7C93224C 3BC7 cmp eax, edi 7C93224E ^ 0F82 17FAFFFF jb 7C931C6B 7C932254 8B8B 70010000 mov ecx, [ebx+170] 7C93225A 8379 4C 00 cmp dword ptr [ecx+4C], 0 7C93225E 74 09 je short 7C932269 7C932260 3B7B 20 cmp edi, [ebx+20] 7C932263 ^ 0F87 EFF9FFFF ja 7C931C58 7C932269 56 push esi ; ntdll.ZwTerminateProcess 7C93226A 53 push ebx 7C93226B E8 24E9FFFF call 7C930B94 7C932270 8D56 08 lea edx, [esi+8] 7C932273 8995 9CFEFFFF mov [ebp-164], edx ; msvcrt.77C31AE8 7C932279 8B02 mov eax, [edx] ; ntdll.7C99C8E0 7C93227B 8985 FCFEFFFF mov [ebp-104], eax 7C932281 8B4A 04 mov ecx, [edx+4] 7C932284 898D 44FEFFFF mov [ebp-1BC], ecx 7C93228A ^ E9 9FF1FFFF jmp 7C93142E 7C93228F 0FB6C4 movzx eax, ah 7C932292 0FBE80 5810937C movsx eax, byte ptr [eax+7C931058] 7C932299 83C0 08 add eax, 8 7C93229C ^ E9 1CFEFFFF jmp 7C9320BD 7C9322A1 8D48 FF lea ecx, [eax-1] 7C9322A4 ^ E9 A7FDFFFF jmp 7C932050 7C9322A9 8B57 64 mov edx, [edi+64] 7C9322AC 8B148A mov edx, [edx+ecx*4] ; ntdll.7C99C8E0 7C9322AF 83C2 08 add edx, 8 7C9322B2 3BF2 cmp esi, edx ; msvcrt.77C31AE8 7C9322B4 ^ 0F84 A1FDFFFF je 7C93205B 7C9322BA 0FB75A F8 movzx ebx, word ptr [edx-8] 7C9322BE 3B5D 0C cmp ebx, [ebp+C] ; RPCRT4.77E8F3B0 7C9322C1 72 07 jb short 7C9322CA 7C9322C3 8BC2 mov eax, edx ; msvcrt.77C31AE8 7C9322C5 ^ E9 01FEFFFF jmp 7C9320CB 7C9322CA 8B12 mov edx, [edx] ; ntdll.7C99C8E0 7C9322CC 3BF2 cmp esi, edx ; msvcrt.77C31AE8 7C9322CE ^ 75 EA jnz short 7C9322BA 7C9322D0 E9 AC720300 jmp 7C969581 7C9322D5 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C9322D7 ^ E9 F0FDFFFF jmp 7C9320CC 7C9322DC 0FB7C3 movzx eax, bx 7C9322DF 50 push eax 7C9322E0 FF75 E4 push dword ptr [ebp-1C] 7C9322E3 E8 19FDFFFF call 7C932001 7C9322E8 ^ E9 16F2FFFF jmp 7C931503 7C9322ED 8BB6 70010000 mov esi, [esi+170] 7C9322F3 53 push ebx 7C9322F4 8D45 D0 lea eax, [ebp-30] 7C9322F7 50 push eax 7C9322F8 E8 05BEFFFF call ZwQueryPerformanceCounter 7C9322FD 8B45 D0 mov eax, [ebp-30] 7C932300 2B45 D8 sub eax, [ebp-28] 7C932303 8B4D D4 mov ecx, [ebp-2C] 7C932306 1B4D DC sbb ecx, [ebp-24] 7C932309 0146 30 add [esi+30], eax 7C93230C 114E 34 adc [esi+34], ecx 7C93230F 8B4E 3C mov ecx, [esi+3C] 7C932312 8D41 01 lea eax, [ecx+1] 7C932315 8946 3C mov [esi+3C], eax 7C932318 83F9 64 cmp ecx, 64 7C93231B ^ 0F82 42EBFFFF jb 7C930E63 7C932321 48 dec eax 7C932322 53 push ebx 7C932323 50 push eax 7C932324 FF76 34 push dword ptr [esi+34] 7C932327 FF76 30 push dword ptr [esi+30] 7C93232A E8 1DF8FEFF call _aulldiv 7C93232F 8946 18 mov [esi+18], eax 7C932332 8956 1C mov [esi+1C], edx ; msvcrt.77C31AE8 7C932335 895E 3C mov [esi+3C], ebx 7C932338 895E 30 mov [esi+30], ebx 7C93233B 895E 34 mov [esi+34], ebx 7C93233E ^ E9 20EBFFFF jmp 7C930E63 7C932343 8B45 E4 mov eax, [ebp-1C] 7C932346 8BB0 70010000 mov esi, [eax+170] 7C93234C 57 push edi 7C93234D 8D45 84 lea eax, [ebp-7C] 7C932350 50 push eax 7C932351 E8 ACBDFFFF call ZwQueryPerformanceCounter 7C932356 8B45 84 mov eax, [ebp-7C] 7C932359 2B45 C0 sub eax, [ebp-40] 7C93235C 8B4D 88 mov ecx, [ebp-78] ; ntdll.7C931970 7C93235F 1B4D C4 sbb ecx, [ebp-3C] ; ntdll.7C92F0AA 7C932362 0146 28 add [esi+28], eax 7C932365 114E 2C adc [esi+2C], ecx 7C932368 8B4E 38 mov ecx, [esi+38] 7C93236B 8D41 01 lea eax, [ecx+1] 7C93236E 8946 38 mov [esi+38], eax 7C932371 83F9 64 cmp ecx, 64 7C932374 ^ 0F82 73F2FFFF jb 7C9315ED 7C93237A 48 dec eax 7C93237B 57 push edi 7C93237C 50 push eax 7C93237D FF76 2C push dword ptr [esi+2C] 7C932380 FF76 28 push dword ptr [esi+28] 7C932383 E8 C4F7FEFF call _aulldiv 7C932388 8946 10 mov [esi+10], eax 7C93238B 8956 14 mov [esi+14], edx ; msvcrt.77C31AE8 |
|
[讨论]程序分析!
7C92EEBB 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C92EEBD 33FF xor edi, edi 7C92EEBF FFD0 call eax 7C92EEC1 8B7B 08 mov edi, [ebx+8] 7C92EEC4 8D0C76 lea ecx, [esi+esi*2] 7C92EEC7 8B348F mov esi, [edi+ecx*4] 7C92EECA ^ EB 8C jmp short 7C92EE58 7C92EECC B8 00000000 mov eax, 0 7C92EED1 EB 23 jmp short 7C92EEF6 7C92EED3 8B45 08 mov eax, [ebp+8] 7C92EED6 8348 04 08 or dword ptr [eax+4], 8 7C92EEDA B8 01000000 mov eax, 1 7C92EEDF EB 15 jmp short 7C92EEF6 7C92EEE1 55 push ebp 7C92EEE2 8D6B 10 lea ebp, [ebx+10] 7C92EEE5 6A FF push -1 7C92EEE7 53 push ebx 7C92EEE8 E8 96000000 call 7C92EF83 7C92EEED 83C4 08 add esp, 8 7C92EEF0 5D pop ebp ; ntdll.7C92E89A 7C92EEF1 B8 01000000 mov eax, 1 7C92EEF6 5D pop ebp ; ntdll.7C92E89A 7C92EEF7 5F pop edi ; ntdll.7C92E89A 7C92EEF8 5E pop esi ; ntdll.7C92E89A 7C92EEF9 5B pop ebx ; ntdll.7C92E89A 7C92EEFA 8BE5 mov esp, ebp 7C92EEFC 5D pop ebp ; ntdll.7C92E89A 7C92EEFD C3 retn 7C92EEFE 55 push ebp 7C92EEFF 8B4C24 08 mov ecx, [esp+8] 7C92EF03 8B29 mov ebp, [ecx] 7C92EF05 8B41 1C mov eax, [ecx+1C] 7C92EF08 50 push eax 7C92EF09 8B41 18 mov eax, [ecx+18] 7C92EF0C 50 push eax 7C92EF0D E8 71000000 call 7C92EF83 7C92EF12 83C4 08 add esp, 8 7C92EF15 5D pop ebp ; ntdll.7C92E89A 7C92EF16 C2 0400 retn 4 7C92EF19 90 nop 7C92EF1A 90 nop 7C92EF1B 90 nop 7C92EF1C 90 nop 7C92EF1D 90 nop 7C92EF1E 55 push ebp 7C92EF1F 8BEC mov ebp, esp 7C92EF21 53 push ebx 7C92EF22 56 push esi ; ntdll.ZwTerminateProcess 7C92EF23 57 push edi 7C92EF24 55 push ebp 7C92EF25 6A 00 push 0 7C92EF27 6A 00 push 0 7C92EF29 68 36EF927C push 7C92EF36 7C92EF2E FF75 08 push dword ptr [ebp+8] 7C92EF31 E8 0A8B0200 call RtlUnwind 7C92EF36 5D pop ebp ; ntdll.7C92E89A 7C92EF37 5F pop edi ; ntdll.7C92E89A 7C92EF38 5E pop esi ; ntdll.7C92E89A 7C92EF39 5B pop ebx ; ntdll.7C92E89A 7C92EF3A 8BE5 mov esp, ebp 7C92EF3C 5D pop ebp ; ntdll.7C92E89A 7C92EF3D C3 retn 7C92EF3E 90 nop 7C92EF3F 90 nop 7C92EF40 90 nop 7C92EF41 90 nop 7C92EF42 90 nop 7C92EF43 8B4C24 04 mov ecx, [esp+4] ; kernel32.7C81CA5E 7C92EF47 F741 04 0600000>test dword ptr [ecx+4], 6 7C92EF4E B8 01000000 mov eax, 1 7C92EF53 74 28 je short 7C92EF7D 7C92EF55 8B4424 14 mov eax, [esp+14] 7C92EF59 55 push ebp 7C92EF5A 8B68 10 mov ebp, [eax+10] 7C92EF5D 8B50 28 mov edx, [eax+28] 7C92EF60 52 push edx ; msvcrt.77C31AE8 7C92EF61 8B50 24 mov edx, [eax+24] 7C92EF64 52 push edx ; msvcrt.77C31AE8 7C92EF65 E8 19000000 call 7C92EF83 7C92EF6A 83C4 08 add esp, 8 7C92EF6D 5D pop ebp ; ntdll.7C92E89A 7C92EF6E 8B4424 08 mov eax, [esp+8] 7C92EF72 8B5424 10 mov edx, [esp+10] 7C92EF76 8902 mov [edx], eax 7C92EF78 B8 03000000 mov eax, 3 7C92EF7D C3 retn 7C92EF7E 90 nop 7C92EF7F 90 nop 7C92EF80 90 nop 7C92EF81 90 nop 7C92EF82 90 nop 7C92EF83 53 push ebx 7C92EF84 56 push esi ; ntdll.ZwTerminateProcess 7C92EF85 57 push edi 7C92EF86 8B4424 10 mov eax, [esp+10] 7C92EF8A 55 push ebp 7C92EF8B 50 push eax 7C92EF8C 6A FE push -2 7C92EF8E 68 43EF927C push 7C92EF43 7C92EF93 64:FF35 0000000>push dword ptr fs:[0] 7C92EF9A 64:8925 0000000>mov fs:[0], esp 7C92EFA1 8B4424 24 mov eax, [esp+24] 7C92EFA5 8B58 08 mov ebx, [eax+8] 7C92EFA8 8B70 0C mov esi, [eax+C] 7C92EFAB 83FE FF cmp esi, -1 7C92EFAE 74 35 je short 7C92EFE5 7C92EFB0 837C24 28 FF cmp dword ptr [esp+28], -1 7C92EFB5 74 06 je short 7C92EFBD 7C92EFB7 3B7424 28 cmp esi, [esp+28] 7C92EFBB 76 28 jbe short 7C92EFE5 7C92EFBD 8D3476 lea esi, [esi+esi*2] 7C92EFC0 8B0CB3 mov ecx, [ebx+esi*4] 7C92EFC3 894C24 08 mov [esp+8], ecx 7C92EFC7 8948 0C mov [eax+C], ecx 7C92EFCA 837CB3 04 00 cmp dword ptr [ebx+esi*4+4], 0 7C92EFCF ^ 75 D0 jnz short 7C92EFA1 7C92EFD1 68 01010000 push 101 7C92EFD6 8B44B3 08 mov eax, [ebx+esi*4+8] 7C92EFDA E8 4A000000 call 7C92F029 7C92EFDF FF54B3 08 call [ebx+esi*4+8] 7C92EFE3 ^ EB BC jmp short 7C92EFA1 7C92EFE5 64:8F05 0000000>pop dword ptr fs:[0] ; ntdll.7C92E89A 7C92EFEC 83C4 10 add esp, 10 7C92EFEF 5F pop edi ; ntdll.7C92E89A 7C92EFF0 5E pop esi ; ntdll.7C92E89A 7C92EFF1 5B pop ebx ; ntdll.7C92E89A 7C92EFF2 C3 retn 7C92EFF3 90 nop 7C92EFF4 90 nop 7C92EFF5 90 nop 7C92EFF6 90 nop 7C92EFF7 90 nop 7C92EFF8 33C0 xor eax, eax 7C92EFFA 64:8B0D 0000000>mov ecx, fs:[0] 7C92F001 8179 04 43EF927>cmp dword ptr [ecx+4], 7C92EF43 7C92F008 75 10 jnz short 7C92F01A 7C92F00A 8B51 0C mov edx, [ecx+C] 7C92F00D 8B52 0C mov edx, [edx+C] 7C92F010 3951 08 cmp [ecx+8], edx ; msvcrt.77C31AE8 7C92F013 75 05 jnz short 7C92F01A 7C92F015 B8 01000000 mov eax, 1 7C92F01A C3 retn 7C92F01B 53 push ebx 7C92F01C 51 push ecx 7C92F01D BB 1CC0997C mov ebx, 7C99C01C 7C92F022 EB 0F jmp short 7C92F033 7C92F024 90 nop 7C92F025 90 nop 7C92F026 90 nop 7C92F027 90 nop 7C92F028 90 nop 7C92F029 53 push ebx 7C92F02A 51 push ecx 7C92F02B BB 1CC0997C mov ebx, 7C99C01C 7C92F030 8B4D 08 mov ecx, [ebp+8] 7C92F033 894B 08 mov [ebx+8], ecx 7C92F036 8943 04 mov [ebx+4], eax 7C92F039 896B 0C mov [ebx+C], ebp 7C92F03C 55 push ebp 7C92F03D 51 push ecx 7C92F03E 50 push eax 7C92F03F 58 pop eax ; ntdll.7C92E89A 7C92F040 59 pop ecx ; ntdll.7C92E89A 7C92F041 5D pop ebp ; ntdll.7C92E89A 7C92F042 59 pop ecx ; ntdll.7C92E89A 7C92F043 5B pop ebx ; ntdll.7C92E89A 7C92F044 C2 0400 retn 4 7C92F047 90 nop 7C92F048 90 nop 7C92F049 90 nop 7C92F04A 90 nop 7C92F04B 90 nop 7C92F04C > 8BFF mov edi, edi 7C92F04E 55 push ebp 7C92F04F 8BEC mov ebp, esp 7C92F051 53 push ebx 7C92F052 33DB xor ebx, ebx 7C92F054 381D 10C0997C cmp [NlsMbCodePageTag], bl 7C92F05A 57 push edi 7C92F05B 8B7D 0C mov edi, [ebp+C] ; RPCRT4.77E8F3B0 7C92F05E 0F85 39D40200 jnz 7C95C49D 7C92F064 0FB707 movzx eax, word ptr [edi] 7C92F067 8D4400 02 lea eax, [eax+eax+2] 7C92F06B 3D FFFF0000 cmp eax, 0FFFF 7C92F070 0F87 32D40200 ja 7C95C4A8 7C92F076 385D 10 cmp [ebp+10], bl 7C92F079 56 push esi ; ntdll.ZwTerminateProcess 7C92F07A 8B75 08 mov esi, [ebp+8] 7C92F07D 8D48 FE lea ecx, [eax-2] 7C92F080 66:890E mov [esi], cx 7C92F083 0F85 E8440000 jnz 7C933571 7C92F089 66:3B4E 02 cmp cx, [esi+2] 7C92F08D 0F83 29D40200 jnb 7C95C4BC 7C92F093 0FB707 movzx eax, word ptr [edi] 7C92F096 50 push eax 7C92F097 FF77 04 push dword ptr [edi+4] 7C92F09A 8D45 0C lea eax, [ebp+C] 7C92F09D 50 push eax 7C92F09E 0FB706 movzx eax, word ptr [esi] 7C92F0A1 50 push eax 7C92F0A2 FF76 04 push dword ptr [esi+4] 7C92F0A5 E8 21010000 call RtlMultiByteToUnicodeN 7C92F0AA 8BF8 mov edi, eax 7C92F0AC 3BFB cmp edi, ebx 7C92F0AE 0F8C 12D40200 jl 7C95C4C6 7C92F0B4 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C92F0B7 8B4E 04 mov ecx, [esi+4] 7C92F0BA D1E8 shr eax, 1 7C92F0BC 66:891C41 mov [ecx+eax*2], bx 7C92F0C0 33C0 xor eax, eax 7C92F0C2 5E pop esi ; ntdll.7C92E89A 7C92F0C3 5F pop edi ; ntdll.7C92E89A 7C92F0C4 5B pop ebx ; ntdll.7C92E89A 7C92F0C5 5D pop ebp ; ntdll.7C92E89A 7C92F0C6 C2 0C00 retn 0C 7C92F0C9 85FF test edi, edi 7C92F0CB 8B4D 08 mov ecx, [ebp+8] 7C92F0CE 8B1D 5CE2997C mov ebx, [7C99E25C] 7C92F0D4 894D 08 mov [ebp+8], ecx 7C92F0D7 74 58 je short 7C92F131 7C92F0D9 8B55 14 mov edx, [ebp+14] 7C92F0DC 837D 18 00 cmp dword ptr [ebp+18], 0 7C92F0E0 74 4F je short 7C92F131 7C92F0E2 0FB602 movzx eax, byte ptr [edx] 7C92F0E5 D1E0 shl eax, 1 7C92F0E7 66:8BB0 60D0997>mov si, [eax+7C99D060] 7C92F0EE 4F dec edi 7C92F0EF FF4D 18 dec dword ptr [ebp+18] ; trscd.00454965 7C92F0F2 66:85F6 test si, si 7C92F0F5 74 1E je short 7C92F115 7C92F0F7 837D 18 00 cmp dword ptr [ebp+18], 0 7C92F0FB 74 2E je short 7C92F12B 7C92F0FD 42 inc edx ; msvcrt.77C31AE8 7C92F0FE 0FB602 movzx eax, byte ptr [edx] 7C92F101 0FB7F6 movzx esi, si 7C92F104 03C6 add eax, esi ; ntdll.ZwTerminateProcess 7C92F106 66:8B0443 mov ax, [ebx+eax*2] 7C92F10A 66:8901 mov [ecx], ax 7C92F10D 42 inc edx ; msvcrt.77C31AE8 7C92F10E 41 inc ecx 7C92F10F 41 inc ecx 7C92F110 FF4D 18 dec dword ptr [ebp+18] ; trscd.00454965 7C92F113 EB 10 jmp short 7C92F125 7C92F115 8B35 2CC0997C mov esi, [7C99C02C] 7C92F11B 66:8B0430 mov ax, [eax+esi] 7C92F11F 66:8901 mov [ecx], ax 7C92F122 41 inc ecx 7C92F123 41 inc ecx 7C92F124 42 inc edx ; msvcrt.77C31AE8 7C92F125 85FF test edi, edi 7C92F127 ^ 75 B3 jnz short 7C92F0DC 7C92F129 EB 06 jmp short 7C92F131 7C92F12B 66:8321 00 and word ptr [ecx], 0 7C92F12F 41 inc ecx 7C92F130 41 inc ecx 7C92F131 8B45 10 mov eax, [ebp+10] 7C92F134 85C0 test eax, eax 7C92F136 0F84 FA000000 je 7C92F236 7C92F13C 2B4D 08 sub ecx, [ebp+8] 7C92F13F 8908 mov [eax], ecx 7C92F141 E9 F0000000 jmp 7C92F236 7C92F146 2E:F2: prefix repne: 7C92F148 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F149 7C 24 jl short 7C92F16F 7C92F14B F2: prefix repne: 7C92F14C 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F14D ^ 7C BE jl short 7C92F10D 7C92F14F F2: prefix repne: 7C92F150 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F151 ^ 7C B2 jl short 7C92F105 7C92F153 F2: prefix repne: 7C92F154 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F155 ^ 7C A6 jl short 7C92F0FD 7C92F157 F2: prefix repne: 7C92F158 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F159 ^ 7C 9A jl short 7C92F0F5 7C92F15B F2: prefix repne: 7C92F15C 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F15D ^ 7C 8E jl short 7C92F0ED 7C92F15F F2: prefix repne: 7C92F160 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F161 ^ 7C 82 jl short 7C92F0E5 7C92F163 F2: prefix repne: 7C92F164 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F165 7C 76 jl short 7C92F1DD 7C92F167 F2: prefix repne: 7C92F168 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F169 7C 6A jl short 7C92F1D5 7C92F16B F2: prefix repne: 7C92F16C 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F16D 7C 5E jl short 7C92F1CD 7C92F16F F2: prefix repne: 7C92F170 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F171 7C 52 jl short 7C92F1C5 7C92F173 F2: prefix repne: 7C92F174 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F175 7C 46 jl short 7C92F1BD 7C92F177 F2: prefix repne: 7C92F178 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F179 ^ 7C F3 jl short 7C92F16E 7C92F17B F2: prefix repne: 7C92F17C 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F17D ^ 7C E7 jl short 7C92F166 7C92F17F F2: prefix repne: 7C92F180 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F181 ^ 7C DB jl short 7C92F15E 7C92F183 F2: prefix repne: 7C92F184 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F185 ^ 7C CF jl short 7C92F156 7C92F187 F2: prefix repne: 7C92F188 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F189 ^ 7C CC jl short 7C92F157 7C92F18B 0093 7CC00093 add [ebx+9300C07C], dl 7C92F191 ^ 7C B4 jl short 7C92F147 7C92F193 0093 7CA80093 add [ebx+9300A87C], dl 7C92F199 ^ 7C 9C jl short 7C92F137 7C92F19B 0093 7C900093 add [ebx+9300907C], dl 7C92F1A1 ^ 7C 84 jl short 7C92F127 7C92F1A3 0093 7C780093 add [ebx+9300787C], dl 7C92F1A9 ^ 7C F4 jl short 7C92F19F 7C92F1AB 34 93 xor al, 93 7C92F1AD 7C 05 jl short 7C92F1B4 7C92F1AF 35 937C1F35 xor eax, 351F7C93 7C92F1B4 93 xchg eax, ebx 7C92F1B5 7C 13 jl short 7C92F1CA 7C92F1B7 35 937C3935 xor eax, 35397C93 7C92F1BC 93 xchg eax, ebx 7C92F1BD 7C 2D jl short 7C92F1EC 7C92F1BF 35 937C4735 xor eax, 35477C93 7C92F1C4 93 xchg eax, ebx 7C92F1C5 ^ 7C 90 jl short 7C92F157 7C92F1C7 90 nop 7C92F1C8 90 nop 7C92F1C9 90 nop 7C92F1CA 90 nop 7C92F1CB > 8BFF mov edi, edi 7C92F1CD 55 push ebp 7C92F1CE 8BEC mov ebp, esp 7C92F1D0 53 push ebx 7C92F1D1 56 push esi ; ntdll.ZwTerminateProcess 7C92F1D2 57 push edi 7C92F1D3 8B7D 0C mov edi, [ebp+C] ; RPCRT4.77E8F3B0 7C92F1D6 D1EF shr edi, 1 7C92F1D8 803D 10C0997C 0>cmp byte ptr [NlsMbCodePageTag], 0 7C92F1DF ^ 0F85 E4FEFFFF jnz 7C92F0C9 7C92F1E5 8B5D 18 mov ebx, [ebp+18] ; trscd.00454965 7C92F1E8 3BFB cmp edi, ebx 7C92F1EA 0F82 088D0200 jb 7C957EF8 7C92F1F0 8B45 10 mov eax, [ebp+10] 7C92F1F3 85C0 test eax, eax 7C92F1F5 75 48 jnz short 7C92F23F 7C92F1F7 8B45 08 mov eax, [ebp+8] 7C92F1FA 8B55 14 mov edx, [ebp+14] 7C92F1FD 8B0D 2CC0997C mov ecx, [7C99C02C] 7C92F203 8BF3 mov esi, ebx 7C92F205 83E6 1F and esi, 1F 7C92F208 8BFB mov edi, ebx 7C92F20A 2BFE sub edi, esi ; ntdll.ZwTerminateProcess 7C92F20C 6A 20 push 20 7C92F20E 8D0478 lea eax, [eax+edi*2] 7C92F211 03D7 add edx, edi 7C92F213 5F pop edi ; ntdll.7C92E89A 7C92F214 83FE 1F cmp esi, 1F 7C92F217 0F87 38430000 ja 7C933555 7C92F21D FF24B5 46F1927C jmp [esi*4+7C92F146] 7C92F224 0FB632 movzx esi, byte ptr [edx] 7C92F227 66:8B3471 mov si, [ecx+esi*2] 7C92F22B 66:8930 mov [eax], si 7C92F22E 3BDF cmp ebx, edi 7C92F230 0F83 2D430000 jnb 7C933563 7C92F236 5F pop edi ; ntdll.7C92E89A 7C92F237 5E pop esi ; ntdll.7C92E89A 7C92F238 33C0 xor eax, eax 7C92F23A 5B pop ebx ; ntdll.7C92E89A 7C92F23B 5D pop ebp ; ntdll.7C92E89A 7C92F23C C2 1400 retn 14 7C92F23F 8D0C1B lea ecx, [ebx+ebx] 7C92F242 8908 mov [eax], ecx 7C92F244 ^ EB B1 jmp short 7C92F1F7 7C92F246 0FB672 0B movzx esi, byte ptr [edx+B] 7C92F24A 66:8B3471 mov si, [ecx+esi*2] 7C92F24E 66:8970 16 mov [eax+16], si 7C92F252 0FB672 0A movzx esi, byte ptr [edx+A] 7C92F256 66:8B3471 mov si, [ecx+esi*2] 7C92F25A 66:8970 14 mov [eax+14], si 7C92F25E 0FB672 09 movzx esi, byte ptr [edx+9] 7C92F262 66:8B3471 mov si, [ecx+esi*2] 7C92F266 66:8970 12 mov [eax+12], si 7C92F26A 0FB672 08 movzx esi, byte ptr [edx+8] 7C92F26E 66:8B3471 mov si, [ecx+esi*2] 7C92F272 66:8970 10 mov [eax+10], si 7C92F276 0FB672 07 movzx esi, byte ptr [edx+7] 7C92F27A 66:8B3471 mov si, [ecx+esi*2] 7C92F27E 66:8970 0E mov [eax+E], si 7C92F282 0FB672 06 movzx esi, byte ptr [edx+6] 7C92F286 66:8B3471 mov si, [ecx+esi*2] 7C92F28A 66:8970 0C mov [eax+C], si 7C92F28E 0FB672 05 movzx esi, byte ptr [edx+5] 7C92F292 66:8B3471 mov si, [ecx+esi*2] 7C92F296 66:8970 0A mov [eax+A], si 7C92F29A 0FB672 04 movzx esi, byte ptr [edx+4] 7C92F29E 66:8B3471 mov si, [ecx+esi*2] 7C92F2A2 66:8970 08 mov [eax+8], si 7C92F2A6 0FB672 03 movzx esi, byte ptr [edx+3] 7C92F2AA 66:8B3471 mov si, [ecx+esi*2] 7C92F2AE 66:8970 06 mov [eax+6], si 7C92F2B2 0FB672 02 movzx esi, byte ptr [edx+2] 7C92F2B6 66:8B3471 mov si, [ecx+esi*2] 7C92F2BA 66:8970 04 mov [eax+4], si 7C92F2BE 0FB672 01 movzx esi, byte ptr [edx+1] 7C92F2C2 66:8B3471 mov si, [ecx+esi*2] 7C92F2C6 66:8970 02 mov [eax+2], si 7C92F2CA ^ E9 55FFFFFF jmp 7C92F224 7C92F2CF 0FB672 0F movzx esi, byte ptr [edx+F] 7C92F2D3 66:8B3471 mov si, [ecx+esi*2] 7C92F2D7 66:8970 1E mov [eax+1E], si 7C92F2DB 0FB672 0E movzx esi, byte ptr [edx+E] 7C92F2DF 66:8B3471 mov si, [ecx+esi*2] 7C92F2E3 66:8970 1C mov [eax+1C], si 7C92F2E7 0FB672 0D movzx esi, byte ptr [edx+D] 7C92F2EB 66:8B3471 mov si, [ecx+esi*2] 7C92F2EF 66:8970 1A mov [eax+1A], si 7C92F2F3 0FB672 0C movzx esi, byte ptr [edx+C] 7C92F2F7 66:8B3471 mov si, [ecx+esi*2] 7C92F2FB 66:8970 18 mov [eax+18], si 7C92F2FF ^ E9 42FFFFFF jmp 7C92F246 7C92F304 90 nop 7C92F305 90 nop 7C92F306 90 nop 7C92F307 90 nop 7C92F308 0000 add [eax], al 7C92F30A E5 03 in eax, 3 7C92F30C EA 00140515 05F>jmp far FE05:15051400 7C92F313 0316 add edx, [esi] 7C92F315 05 09205700 add eax, 572009 7C92F31A 17 pop ss 7C92F31B 05 6004F603 add eax, 3F60460 7C92F320 61 popad 7C92F321 04 18 add al, 18 7C92F323 05 AC202007 add eax, 72020AC 7C92F328 79 07 jns short 7C92F331 7C92F32A 0100 add [eax], eax 7C92F32C 0080 E6030000 add [eax+3E6], al 7C92F332 0300 add eax, [eax] 7C92F334 0080 04000080 add [eax+80000004], al 7C92F33A EA 00000012 000>jmp far 0000:12000000 7C92F341 006F 05 add [edi+5], ch 7C92F344 2B01 sub eax, [ecx] 7C92F346 1C 00 sbb al, 0 7C92F348 15 001500AA adc eax, AA001500 7C92F34D 0003 add [ebx], al 7C92F34F 01FE add esi, edi 7C92F351 00FF add bh, bh 7C92F353 00FF add bh, bh 7C92F355 0056 04 add [esi+4], dl 7C92F358 0301 add eax, [ecx] 7C92F35A 4D dec ebp 7C92F35B 04 56 add al, 56 7C92F35D 04 57 add al, 57 7C92F35F 04 4C add al, 4C 7C92F361 04 4E add al, 4E 7C92F363 04 4F add al, 4F 7C92F365 04 50 add al, 50 7C92F367 04 62 add al, 62 7C92F369 09F4 or esp, esi ; ntdll.ZwTerminateProcess 7C92F36B 108D 048E04AA adc [ebp+AA048E04], cl 7C92F371 05 06000100 add eax, 10006 ; UNICODE "=::\" 7C92F376 35 004F0554 xor eax, 54054F00 7C92F37B 05 20015405 add eax, 5540120 7C92F380 57 push edi 7C92F381 0057 00 add [edi], dl 7C92F384 3200 xor al, [eax] 7C92F386 58 pop eax ; ntdll.7C92E89A 7C92F387 05 2E055700 add eax, 57052E 7C92F38C 2005 05000500 and [50005], al 7C92F392 1F pop ds 7C92F393 05 54058B07 add eax, 78B0554 7C92F398 F8 clc 7C92F399 06 push es 7C92F39A 57 push edi 7C92F39B 007A 00 add [edx], bh 7C92F39E 74 05 je short 7C92F3A5 7C92F3A0 FE06 inc byte ptr [esi] 7C92F3A2 57 push edi 7C92F3A3 0057 00 add [edi], dl 7C92F3A6 3205 70177117 xor al, [17711770] 7C92F3AC 0100 add [eax], eax 7C92F3AE 58 pop eax ; ntdll.7C92E89A 7C92F3AF 05 75057505 add eax, 5750575 7C92F3B4 75 05 jnz short 7C92F3BB 7C92F3B6 75 05 jnz short 7C92F3BD 7C92F3B8 C513 lds edx, [ebx] 7C92F3BA C6 ??? ; 未知命令 7C92F3BB 13C7 adc eax, edi 7C92F3BD 13C8 adc ecx, eax 7C92F3BF 13C9 adc ecx, ecx 7C92F3C1 131F adc ebx, [edi] 7C92F3C3 0001 add [ecx], al 7C92F3C5 0057 00 add [edi], dl 7C92F3C8 1800 sbb [eax], al 7C92F3CA E6 03 out 3, al 7C92F3CC E7 03 out 3, eax 7C92F3CE AE scas byte ptr es:[edi] 7C92F3CF 05 0600E903 add eax, 3E90006 7C92F3D4 C100 57 rol dword ptr [eax], 57 7C92F3D7 0057 00 add [edi], dl 7C92F3DA 0000 add [eax], al 7C92F3DC 0200 add al, [eax] 7C92F3DE 0000 add [eax], al 7C92F3E0 0200 add al, [eax] 7C92F3E2 0000 add [eax], al 7C92F3E4 0100 add [eax], eax 7C92F3E6 0000 add [eax], al 7C92F3E8 26:0000 add es:[eax], al 7C92F3EB 0022 add [edx], ah 7C92F3ED 0000 add [eax], al 7C92F3EF 0015 000000F9 add [F9000000], dl 7C92F3F5 06 push es 7C92F3F6 0000 add [eax], al 7C92F3F8 1B00 sbb eax, [eax] 7C92F3FA 0000 add [eax], al 7C92F3FC EA 00000008 000>jmp far 0000:08000000 7C92F403 00E7 add bh, ah 7C92F405 0100 add [eax], eax 7C92F407 00E7 add bh, ah 7C92F409 0100 add [eax], eax 7C92F40B 0057 00 add [edi], dl 7C92F40E 0000 add [eax], al 7C92F410 57 push edi 7C92F411 0000 add [eax], al 7C92F413 0001 add [ecx], al 7C92F415 0000 add [eax], al 7C92F417 001D 0000C005 add [5C00000], bl 7C92F41D 0000 add [eax], al 7C92F41F 0005 000000C1 add [C1000000], al 7C92F425 0000 add [eax], al 7C92F427 0005 00000005 add [5000000], al 7C92F42D 0000 add [eax], al 7C92F42F 007A 00 add [edx], bh 7C92F432 0000 add [eax], al 7C92F434 06 push es 7C92F435 0000 add [eax], al 7C92F437 0025 0000C026 add [26C00000], ah 7C92F43D 0000 add [eax], al 7C92F43F C09E 0000002B 0>rcr byte ptr [esi+2B000000], 0 7C92F446 00C0 add al, al 7C92F448 E7 01 out 1, eax 7C92F44A 0000 add [eax], al 7C92F44C E7 01 out 1, eax 7C92F44E 0000 add [eax], al 7C92F450 57 push edi 7C92F451 0071 05 add [ecx+5], dh 7C92F454 7B 00 jpo short 7C92F456 7C92F456 0200 add al, [eax] 7C92F458 B7 00 mov bh, 0 7C92F45A 06 push es 7C92F45B 00A1 00000003 add [ecx+3000000], ah 7C92F461 0000 add [eax], al 7C92F463 00A1 0000005D add [ecx+5D000000], ah 7C92F469 04 00 add al, 0 7C92F46B 005D 04 add [ebp+4], bl 7C92F46E 0000 add [eax], al 7C92F470 17 pop ss 7C92F471 0000 add [eax], al 7C92F473 0017 add [edi], dl 7C92F475 0000 add [eax], al 7C92F477 0008 add [eax], cl 7C92F479 0000 add [eax], al 7C92F47B 0005 00000006 add [6000000], al 7C92F481 0000 add [eax], al 7C92F483 0020 add [eax], ah 7C92F485 0000 add [eax], al 7C92F487 0018 add [eax], bl 7C92F489 07 pop es 7C92F48A 0000 add [eax], al 7C92F48C 57 push edi 7C92F48D 0000 add [eax], al 7C92F48F 0020 add [eax], ah 7C92F491 0100 add [eax], eax 7C92F493 002A add [edx], ch 7C92F495 0100 add [eax], eax 7C92F497 0057 00 add [edi], dl 7C92F49A 0000 add [eax], al 7C92F49C 57 push edi 7C92F49D 0000 add [eax], al 7C92F49F 009C00 00000500 add [eax+eax+50000], bl 7C92F4A6 0000 add [eax], al 7C92F4A8 57 push edi 7C92F4A9 0000 add [eax], al 7C92F4AB 0057 00 add [edi], dl 7C92F4AE 0000 add [eax], al 7C92F4B0 57 push edi 7C92F4B1 0000 add [eax], al 7C92F4B3 001A add [edx], bl 7C92F4B5 0100 add [eax], eax 7C92F4B7 00FF add bh, bh 7C92F4B9 0000 add [eax], al 7C92F4BB 0070 05 add [eax+5], dh 7C92F4BE 0000 add [eax], al 7C92F4C0 70 05 jo short 7C92F4C7 7C92F4C2 0000 add [eax], al 7C92F4C4 70 05 jo short 7C92F4CB 7C92F4C6 0000 add [eax], al 7C92F4C8 2100 and [eax], eax 7C92F4CA 0000 add [eax], al 7C92F4CC 2100 and [eax], eax 7C92F4CE 0000 add [eax], al 7C92F4D0 05 00000032 add eax, 32000000 7C92F4D5 0000 add [eax], al 7C92F4D7 0019 add [ecx], bl 7C92F4D9 05 00001A05 add eax, 51A0000 7C92F4DE 0000 add [eax], al 7C92F4E0 1B05 00001C05 sbb eax, [51C0000] 7C92F4E6 0000 add [eax], al 7C92F4E8 1D 0500001E sbb eax, 1E000005 7C92F4ED 05 00001F05 add eax, 51F0000 7C92F4F2 0000 add [eax], al 7C92F4F4 2005 00002105 and [5210000], al 7C92F4FA 0000 add [eax], al 7C92F4FC 2205 00002305 and al, [5230000] 7C92F502 0000 add [eax], al 7C92F504 24 05 and al, 5 7C92F506 0000 add [eax], al 7C92F508 25 05000026 and eax, 26000005 7C92F50D 05 00002705 add eax, 5270000 7C92F512 0000 add [eax], al 7C92F514 2805 00002905 sub [5290000], al 7C92F51A 0000 add [eax], al 7C92F51C 2A05 00005600 sub al, [560000] 7C92F522 0000 add [eax], al 7C92F524 2C 05 sub al, 5 7C92F526 0000 add [eax], al 7C92F528 2D 0500002E sub eax, 2E000005 7C92F52D 05 00002F05 add eax, 52F0000 7C92F532 0000 add [eax], al 7C92F534 3005 00003105 xor [5310000], al 7C92F53A 0000 add [eax], al 7C92F53C 3205 00003305 xor al, [5330000] 7C92F542 0000 add [eax], al 7C92F544 34 05 xor al, 5 7C92F546 0000 add [eax], al 7C92F548 35 05000036 xor eax, 36000005 7C92F54D 05 00003705 add eax, 5370000 7C92F552 0000 add [eax], al 7C92F554 3805 00003905 cmp [5390000], al 7C92F55A 0000 add [eax], al 7C92F55C 3A05 00007F00 cmp al, [7F0000] 7C92F562 0000 add [eax], al 7C92F564 C100 00 rol dword ptr [eax], 0 7C92F567 00F0 add al, dh 7C92F569 0300 add eax, [eax] 7C92F56B 003C05 00009E00 add [eax+9E0000], bh 7C92F572 0000 add [eax], al 7C92F574 70 00 jo short 7C92F576 7C92F576 0000 add [eax], al 7C92F578 3D 0500003E cmp eax, 3E000005 7C92F57D 05 00004400 add eax, 440000 7C92F582 0000 add [eax], al 7C92F584 0301 add eax, [ecx] 7C92F586 0000 add [eax], al 7C92F588 3F aas 7C92F589 05 00000301 add eax, 1030000 7C92F58E 0000 add [eax], al 7C92F590 9A 0000000E 000>call far 0000:0E000000 7C92F597 00E7 add bh, ah 7C92F599 0100 add [eax], eax 7C92F59B 001407 add [edi+eax], dl 7C92F59E 0000 add [eax], al 7C92F5A0 15 07000016 adc eax, 16000007 7C92F5A5 07 pop es 7C92F5A6 0000 add [eax], al 7C92F5A8 8C00 mov [eax], es 7C92F5AA 00C0 add al, al 7C92F5AC 8D00 lea eax, [eax] 7C92F5AE 00C0 add al, al 7C92F5B0 8E00 mov es, [eax] 7C92F5B2 00C0 add al, al 7C92F5B4 8F00 pop dword ptr [eax] ; ntdll.7C92E89A 7C92F5B6 00C0 add al, al 7C92F5B8 90 nop 7C92F5B9 0000 add [eax], al 7C92F5BB C091 0000C092 0>rcl byte ptr [ecx+92C00000], 0 7C92F5C2 00C0 add al, al 7C92F5C4 93 xchg eax, ebx 7C92F5C5 0000 add [eax], al 7C92F5C7 C09400 00C01602>rcl byte ptr [eax+eax+216C000], 0 7C92F5CF 0096 0000C008 add [esi+8C00000], dl 7C92F5D5 0000 add [eax], al 7C92F5D7 00EE add dh, ch 7C92F5D9 0300 add eax, [eax] 7C92F5DB 0040 05 add [eax+5], al 7C92F5DE 0000 add [eax], al 7C92F5E0 AA stos byte ptr es:[edi] 7C92F5E1 05 00000300 add eax, 30000 7C92F5E6 0000 add [eax], al 7C92F5E8 17 pop ss 7C92F5E9 0000 add [eax], al 7C92F5EB 008F 04000015 add [edi+15000004], cl 7C92F5F1 0000 add [eax], al 7C92F5F3 00E7 add bh, ah 7C92F5F5 0100 add [eax], eax 7C92F5F7 00E7 add bh, ah 7C92F5F9 0100 add [eax], eax 7C92F5FB 00AD 05000013 add [ebp+13000005], ch 7C92F601 0000 add [eax], al 7C92F603 0015 00000041 add [41000000], dl 7C92F609 05 00004205 add eax, 5420000 7C92F60E 0000 add [eax], al 7C92F610 43 inc ebx 7C92F611 05 00004405 add eax, 5440000 7C92F616 0000 add [eax], al 7C92F618 45 inc ebp 7C92F619 05 00005700 add eax, 570000 7C92F61E 0000 add [eax], al 7C92F620 E7 00 out 0, eax 7C92F622 E7 00 out 0, eax 7C92F624 E6 00 out 0, al 7C92F626 E7 00 out 0, eax 7C92F628 0100 add [eax], eax 7C92F62A - E9 00E80017 jmp 9393DE2F 7C92F62F 0218 add bl, [eax] 7C92F631 02E6 add ah, dh 7C92F633 0079 00 add [ecx], bh 7C92F636 26:0005 0032003>add es:[33003200], al 7C92F63D 003400 add [eax+eax], dh 7C92F640 35 00360037 xor eax, 37003600 7C92F645 0038 add [eax], bh 7C92F647 0039 add [ecx], bh 7C92F649 003A add [edx], bh 7C92F64B 003B add [ebx], bh 7C92F64D 003C00 add [eax+eax], bh 7C92F650 3D 003E003F cmp eax, 3F003E00 7C92F655 0040 00 add [eax], al 7C92F658 41 inc ecx 7C92F659 0042 00 add [edx], al 7C92F65C 43 inc ebx 7C92F65D 004400 45 add [eax+eax+45], al 7C92F661 0046 00 add [esi], al 7C92F664 47 inc edi 7C92F665 0048 00 add [eax], cl 7C92F668 58 pop eax ; ntdll.7C92E89A 7C92F669 0011 add [ecx], dl 7C92F66B 0005 00F00046 add [4600F000], al 7C92F671 05 E8004705 add eax, 54700E8 7C92F676 48 dec eax 7C92F677 05 49054A05 add eax, 54A0549 7C92F67C 4B dec ebx 7C92F67D 05 4C054D05 add eax, 54D054C 7C92F682 2C 01 sub al, 1 7C92F684 2D 014E054F sub eax, 4F054E01 7C92F689 05 50055105 add eax, 5510550 7C92F68E F8 clc 7C92F68F 06 push es 7C92F690 52 push edx ; msvcrt.77C31AE8 7C92F691 05 53055700 add eax, 570553 7C92F696 57 push edi 7C92F697 0057 00 add [edi], dl 7C92F69A 57 push edi 7C92F69B 0057 00 add [edi], dl 7C92F69E 57 push edi 7C92F69F 0057 00 add [edi], dl 7C92F6A2 57 push edi 7C92F6A3 0057 00 add [edi], dl 7C92F6A6 57 push edi 7C92F6A7 0057 00 add [edi], dl 7C92F6AA 57 push edi 7C92F6AB 0003 add [ebx], al 7C92F6AD 0020 add [eax], ah 7C92F6AF 04 E9 add al, 0E9 7C92F6B1 035405 CB add edx, [ebp+eax-35] 7C92F6B5 0091 0070050B add [ecx+B057000], dl 7C92F6BB 0155 05 add [ebp+5], edx ; msvcrt.77C31AE8 7C92F6BE 56 push esi ; ntdll.ZwTerminateProcess 7C92F6BF 05 CE006109 add eax, 96100CE 7C92F6C4 64:093D 0105005>or fs:[57000501], edi 7C92F6CB 05 58052004 add eax, 4200558 7C92F6D0 A4 movs byte ptr es:[edi], byte ptr [esi> 7C92F6D1 05 C1005905 add eax, 55900C1 7C92F6D6 5A pop edx ; ntdll.7C92E89A 7C92F6D7 05 EE030400 add eax, 403EE 7C92F6DC E3 03 jecxz short 7C92F6E1 7C92F6DE 05 00BA0405 add eax, 504BA00 7C92F6E3 005B 05 add [ebx+5], bl 7C92F6E6 5C pop esp ; ntdll.7C92E89A 7C92F6E7 05 5D055E05 add eax, 55E055D 7C92F6EC 06 push es 7C92F6ED 005F 05 add [edi+5], bl 7C92F6F0 AF scas dword ptr es:[edi] 7C92F6F1 05 C100C100 add eax, 0C100C1 7C92F6F6 C100 C1 rol dword ptr [eax], 0C1 7C92F6F9 0076 05 add [esi+5], dh 7C92F6FC 7E 00 jle short 7C92F6FE 7C92F6FE B6 00 mov dh, 0 7C92F700 7F 00 jg short 7C92F702 7C92F702 40 inc eax 7C92F703 0040 00 add [eax], al 7C92F706 3300 xor eax, [eax] 7C92F708 3B00 cmp eax, [eax] 7C92F70A 3B00 cmp eax, [eax] 7C92F70C 3B00 cmp eax, [eax] 7C92F70E 3B00 cmp eax, [eax] 7C92F710 5A pop edx ; ntdll.7C92E89A 7C92F711 04 7C add al, 7C 7C92F713 0056 00 add [esi], dl 7C92F716 6D ins dword ptr es:[edi], dx 7C92F717 00F1 add cl, dh 7C92F719 03F8 add edi, eax 7C92F71B 03ED add ebp, ebp 7C92F71D 035E 04 add ebx, [esi+4] 7C92F720 60 pushad 7C92F721 05 61056205 add eax, 5620561 7C92F726 6305 64056505 arpl [5650564], ax 7C92F72C 66:05 6705 add ax, 567 7C92F730 EF out dx, eax 7C92F731 0368 05 add ebp, [eax+5] 7C92F734 6905 F9036A05 5>imul eax, [56A03F9], 459045D 7C92F73E 620463 bound eax, [ebx] 7C92F741 04 64 add al, 64 7C92F743 04 65 add al, 65 7C92F745 04 66 add al, 66 7C92F747 04 67 add al, 67 7C92F749 04 68 add al, 68 7C92F74B 04 5F add al, 5F 7C92F74D 04 5D add al, 5D 7C92F74F 04 51 add al, 51 7C92F751 04 52 add al, 52 7C92F753 04 53 add al, 53 7C92F755 04 54 add al, 54 7C92F757 04 55 add al, 55 7C92F759 04 69 add al, 69 7C92F75B 04 58 add al, 58 7C92F75D 04 6B add al, 6B 7C92F75F 05 6C05FA03 add eax, 3FA056C 7C92F764 FB sti 7C92F765 036D 05 add ebp, [ebp+5] 7C92F768 6E outs dx, byte ptr es:[edi] 7C92F769 05 FC03FD03 add eax, 3FD03FC 7C92F76E 57 push edi 7C92F76F 005D 04 add [ebp+4], bl 7C92F772 16 push ss 7C92F773 005D 04 add [ebp+4], bl 7C92F776 5D pop ebp ; ntdll.7C92E89A 7C92F777 04 DE add al, 0DE 7C92F779 05 1300FA06 add eax, 6FA0013 7C92F77E FB sti 7C92F77F 06 push es 7C92F780 FC cld 7C92F781 06 push es 7C92F782 FD std 7C92F783 06 push es 7C92F784 DC05 DD05FE06 fadd qword ptr [6FE05DD] 7C92F78A 0007 add [edi], al 7C92F78C 0107 add [edi], eax 7C92F78E 6B04C3 04 imul eax, [ebx+eax*8], 4 7C92F792 C404DF les eax, [edi+ebx*8] 7C92F795 05 0F071007 add eax, 710070F 7C92F79A 1107 adc [edi], eax 7C92F79C 1207 adc al, [edi] 7C92F79E 72 05 jb short 7C92F7A5 7C92F7A0 3B00 cmp eax, [eax] 7C92F7A2 3B00 cmp eax, [eax] 7C92F7A4 17 pop ss 7C92F7A5 07 pop es 7C92F7A6 6A 04 push 4 7C92F7A8 F8 clc 7C92F7A9 06 push es 7C92F7AA BE 04BE0444 mov esi, 4404BE04 7C92F7AF 003400 add [eax+eax], dh 7C92F7B2 40 inc eax 7C92F7B3 0040 00 add [eax], al 7C92F7B6 40 inc eax 7C92F7B7 004400 3B add [eax+eax+3B], al 7C92F7BB 003B add [ebx], bh 7C92F7BD 003B add [ebx], bh 7C92F7BF 003B add [ebx], bh 7C92F7C1 003B add [ebx], bh 7C92F7C3 003B add [ebx], bh 7C92F7C5 003B add [ebx], bh 7C92F7C7 0032 add [edx], dh 7C92F7C9 0032 add [edx], dh 7C92F7CB 00E6 add dh, ah 7C92F7CD 17 pop ss 7C92F7CE 6C ins byte ptr es:[edi], dx 7C92F7CF 04 C1 add al, 0C1 7C92F7D1 0073 07 add [ebx+7], dh 7C92F7D4 90 nop 7C92F7D5 04 57 add al, 57 7C92F7D7 0000 add [eax], al 7C92F7D9 002A add [edx], ch 7C92F7DB 0200 add al, [eax] 7C92F7DD C02B 02 shr byte ptr [ebx], 2 7C92F7E0 00C0 add al, al 7C92F7E2 D5 04 aad 4 7C92F7E4 92 xchg eax, edx ; msvcrt.77C31AE8 7C92F7E5 04 74 add al, 74 7C92F7E7 07 pop es 7C92F7E8 75 07 jnz short 7C92F7F1 7C92F7EA 06 push es 7C92F7EB 00C9 add cl, cl 7C92F7ED 04 CA add al, 0CA 7C92F7EF 04 CB add al, 0CB 7C92F7F1 04 CC add al, 0CC 7C92F7F3 04 CD add al, 0CD 7C92F7F5 04 CE add al, 0CE 7C92F7F7 04 CF add al, 0CF 7C92F7F9 04 D0 add al, 0D0 7C92F7FB 04 D1 add al, 0D1 7C92F7FD 04 D2 add al, 0D2 7C92F7FF 04 D3 add al, 0D3 7C92F801 04 D4 add al, 0D4 7C92F803 04 C8 add al, 0C8 7C92F805 04 D6 add al, 0D6 7C92F807 04 D7 add al, 0D7 7C92F809 04 D8 add al, 0D8 7C92F80B 04 C1 add al, 0C1 7C92F80D 00D4 add ah, dl 7C92F80F 04 4F add al, 4F 7C92F811 05 D0047305 add eax, 57304D0 7C92F816 2204B6 and al, [esi+esi*4] 7C92F819 007F 00 add [edi], bh 7C92F81C 2001 and [ecx], al 7C92F81E 76 04 jbe short 7C92F824 7C92F820 FE ??? ; 未知命令 7C92F821 108E 1BD107B1 adc [esi+B107D11B], cl 7C92F827 04 15 add al, 15 7C92F829 0091 04261129 add [ecx+29112604], dl 7C92F82F 112A adc [edx], ebp 7C92F831 1128 adc [eax], ebp 7C92F833 1180 078107A1 adc [eax+A1078107], eax 7C92F839 0088 0489048A add [eax+8A048904], cl 7C92F83F 04 8B add al, 8B 7C92F841 04 8C add al, 8C 7C92F843 04 05 add al, 5 7C92F845 0005 00050005 add [5000500], al 7C92F84B 0005 00050077 add [77000500], al 7C92F851 17 pop ss 7C92F852 78 17 js short 7C92F86B 7C92F854 72 17 jb short 7C92F86D 7C92F856 68 1069106A push 6A106910 7C92F85B 106B 10 adc [ebx+10], ch 7C92F85E 1A20 sbb ah, [eax] 7C92F860 1B20 sbb esp, [eax] 7C92F862 1C 20 sbb al, 20 7C92F864 0100 add [eax], eax 7C92F866 FF10 call [eax] 7C92F868 0011 add [ecx], dl 7C92F86A 94 xchg eax, esp 7C92F86B 04 0A add al, 0A 7C92F86D 200B and [ebx], cl 7C92F86F 200C20 and [eax], cl 7C92F872 0D 200E200F or eax, 0F200E20 7C92F877 2010 and [eax], dl 7C92F879 2011 and [ecx], dl 7C92F87B 2012 and [edx], dl 7C92F87D 2013 and [ebx], dl 7C92F87F 201420 and [eax], dl 7C92F882 15 20162017 adc eax, 17201620 7C92F887 2018 and [eax], bl 7C92F889 2019 and [ecx], bl 7C92F88B 201E and [esi], bl 7C92F88D 2127 and [edi], esp 7C92F88F 1151 06 adc [ecx+6], edx ; msvcrt.77C31AE8 7C92F892 9A 049B0424 207>call far 7520:24049B04 7C92F899 05 E6037510 add eax, 107503E6 7C92F89E 76 10 jbe short 7C92F8B0 7C92F8A0 ED in eax, dx 7C92F8A1 04 E8 add al, 0E8 7C92F8A3 1038 adc [eax], bh 7C92F8A5 21E3 and ebx, esp 7C92F8A7 04 39 add al, 39 7C92F8A9 219D 043A2141 and [ebp+41213A04], ebx 7C92F8AF 2142 21 and [edx+21], eax 7C92F8B2 43 inc ebx 7C92F8B3 214421 45 and [ecx+45], eax 7C92F8B7 2146 21 and [esi+21], eax 7C92F8BA 47 inc edi 7C92F8BB 2148 21 and [eax+21], ecx 7C92F8BE 49 dec ecx 7C92F8BF 2132 and [edx], esi ; ntdll.ZwTerminateProcess 7C92F8C1 0051 21 add [ecx+21], dl 7C92F8C4 52 push edx ; msvcrt.77C31AE8 7C92F8C5 2153 21 and [ebx+21], edx ; msvcrt.77C31AE8 7C92F8C8 54 push esp 7C92F8C9 215D 21 and [ebp+21], ebx 7C92F8CC 6321 arpl [ecx], sp 7C92F8CE 64:2165 21 and fs:[ebp+21], esp 7C92F8D2 6D ins dword ptr es:[edi], dx 7C92F8D3 2177 05 and [edi+5], esi ; ntdll.ZwTerminateProcess 7C92F8D6 52 push edx ; msvcrt.77C31AE8 7C92F8D7 0071 21 add [ecx+21], dh 7C92F8DA 0000 add [eax], al 7C92F8DC 72 21 jb short 7C92F8FF 7C92F8DE 0000 add [eax], al 7C92F8E0 3303 xor eax, [ebx] 7C92F8E2 0980 34030980 or [eax+80090334], eax 7C92F8E8 0200 add al, [eax] 7C92F8EA 0000 add [eax], al 7C92F8EC 35 03098036 xor eax, 36800903 7C92F8F1 0309 add ecx, [ecx] 7C92F8F3 8037 03 xor byte ptr [edi], 3 7C92F8F6 0980 38030980 or [eax+80090338], eax 7C92F8FC 3903 cmp [ebx], eax 7C92F8FE 0980 3A030980 or [eax+8009033A], eax 7C92F904 3B03 cmp eax, [ebx] 7C92F906 0980 3C030980 or [eax+8009033C], eax 7C92F90C 3D 0309803E cmp eax, 3E800903 7C92F911 0309 add ecx, [ecx] 7C92F913 8040 03 09 add byte ptr [eax+3], 9 7C92F917 8041 03 09 add byte ptr [ecx+3], 9 7C92F91B 8042 03 09 add byte ptr [edx+3], 9 7C92F91F 805B 04 00 sbb byte ptr [ebx+4], 0 7C92F923 00E7 add bh, ah 7C92F925 04 00 add al, 0 7C92F927 00E6 add dh, ah 7C92F929 04 00 add al, 0 7C92F92B 006F 10 add [edi+10], ch 7C92F92E 0000 add [eax], al 7C92F930 74 10 je short 7C92F942 7C92F932 0000 add [eax], al 7C92F934 6E outs dx, byte ptr es:[edi] 7C92F935 1000 adc [eax], al 7C92F937 002E add [esi], ch 7C92F939 0100 add [eax], eax 7C92F93B 0005 03038006 add [6800303], al 7C92F941 0303 add eax, [ebx] 7C92F943 8007 03 add byte ptr [edi], 3 7C92F946 0380 08030380 add eax, [eax+80030308] 7C92F94C 0903 or [ebx], eax 7C92F94E 0380 0A030380 add eax, [eax+8003030A] 7C92F954 0B03 or eax, [ebx] 7C92F956 0380 EF040000 add eax, [eax+4EF] 7C92F95C F0:04 00 lock add al, 0 ; 不允许锁定前缀 7C92F95F 0048 03 add [eax+3], cl 7C92F962 0980 E8040000 or [eax+4E8], eax 7C92F968 43 inc ebx 7C92F969 0309 add ecx, [ecx] 7C92F96B 807D 17 00 cmp byte ptr [ebp+17], 0 7C92F96F 0001 add [ecx], al 7C92F971 0009 add [ecx], cl 7C92F973 C07C21 00 00 sar byte ptr [ecx], 0 7C92F978 8221 00 and byte ptr [ecx], 0 7C92F97B 00C1 add cl, al 7C92F97D 0000 add [eax], al 7C92F97F 00C1 add cl, al 7C92F981 0000 add [eax], al 7C92F983 0046 03 add [esi+3], al 7C92F986 0980 72050000 or [eax+572], eax 7C92F98C EC in al, dx 7C92F98D 04 EC add al, 0EC 7C92F98F 04 EC add al, 0EC 7C92F991 04 EC add al, 0EC 7C92F993 04 FB add al, 0FB 7C92F995 04 FB add al, 0FB 7C92F997 04 FC add al, 0FC 7C92F999 04 6B add al, 6B 7C92F99B 0010 add [eax], dl 7C92F99D 806C00 10 80 sub byte ptr [eax+eax+10], 80 7C92F9A2 6F outs dx, dword ptr es:[edi] 7C92F9A3 0010 add [eax], dl 7C92F9A5 800C00 10 or byte ptr [eax+eax], 10 7C92F9A9 800D 0009802C 0>or byte ptr [2C800900], 0 7C92F9B0 1080 16000980 adc [eax+80090016], al 7C92F9B6 2F das 7C92F9B7 0010 add [eax], dl 7C92F9B9 80F1 04 xor cl, 4 7C92F9BC 0000 add [eax], al 7C92F9BE F2: prefix repne: 7C92F9BF 04 00 add al, 0 7C92F9C1 00F3 add bl, dh 7C92F9C3 04 00 add al, 0 7C92F9C5 00F4 add ah, dh 7C92F9C7 04 00 add al, 0 7C92F9C9 00F5 add ch, dh 7C92F9CB 04 00 add al, 0 7C92F9CD 00F6 add dh, dh 7C92F9CF 04 00 add al, 0 7C92F9D1 00A406 A5060600 add [esi+eax+606A5], ah 7C92F9D8 A7 cmps dword ptr [esi], dword ptr es:[e> 7C92F9D9 06 push es 7C92F9DA A8 06 test al, 6 7C92F9DC A9 06AA06AB test eax, AB06AA06 7C92F9E1 06 push es 7C92F9E2 AC lods byte ptr [esi] 7C92F9E3 06 push es 7C92F9E4 AD lods dword ptr [esi] 7C92F9E5 06 push es 7C92F9E6 AE scas byte ptr es:[edi] 7C92F9E7 06 push es 7C92F9E8 AF scas dword ptr es:[edi] 7C92F9E9 06 push es 7C92F9EA B0 06 mov al, 6 7C92F9EC B1 06 mov cl, 6 7C92F9EE B2 06 mov dl, 6 7C92F9F0 B3 06 mov bl, 6 7C92F9F2 B4 06 mov ah, 6 7C92F9F4 B5 06 mov ch, 6 7C92F9F6 B6 06 mov dh, 6 7C92F9F8 B7 06 mov bh, 6 7C92F9FA B8 06B906BA mov eax, BA06B906 7C92F9FF 06 push es 7C92FA00 BB 06BC06BD mov ebx, BD06BC06 7C92FA05 06 push es 7C92FA06 BE 06BF06C0 mov esi, C006BF06 7C92FA0B 06 push es 7C92FA0C C2 06C4 retn 0C406 7C92FA0F 06 push es 7C92FA10 C506 lds eax, [esi] 7C92FA12 C606 C7 mov byte ptr [esi], 0C7 7C92FA15 06 push es 7C92FA16 C8 06C906 enter 0C906, 6 7C92FA1A CB retf 7C92FA1B 06 push es 7C92FA1C CC int3 7C92FA1D 06 push es 7C92FA1E CD 06 int 6 7C92FA20 CE into 7C92FA21 06 push es 7C92FA22 CF iretd 7C92FA23 06 push es 7C92FA24 D006 rol byte ptr [esi], 1 7C92FA26 D106 rol dword ptr [esi], 1 7C92FA28 D206 rol byte ptr [esi], cl 7C92FA2A D306 rol dword ptr [esi], cl 7C92FA2C D4 06 aam 6 7C92FA2E D5 06 aad 6 7C92FA30 D6 salc 7C92FA31 06 push es 7C92FA32 D7 xlat byte ptr [ebx+al] 7C92FA33 06 push es 7C92FA34 D806 fadd dword ptr [esi] 7C92FA36 D906 fld dword ptr [esi] 7C92FA38 DA06 fiadd dword ptr [esi] 7C92FA3A DB06 fild dword ptr [esi] 7C92FA3C DC06 fadd qword ptr [esi] 7C92FA3E DD06 fld qword ptr [esi] 7C92FA40 DE06 fiadd word ptr [esi] 7C92FA42 DF06 fild word ptr [esi] 7C92FA44 E0 06 loopdne short 7C92FA4C 7C92FA46 E1 06 loopde short 7C92FA4E 7C92FA48 E2 06 loopd short 7C92FA50 7C92FA4A E3 06 jecxz short 7C92FA52 7C92FA4C E4 06 in al, 6 7C92FA4E E5 06 in eax, 6 7C92FA50 E6 06 out 6, al 7C92FA52 E7 06 out 6, eax 7C92FA54 E8 06E906EA call 6699E35F 7C92FA59 06 push es 7C92FA5A EB 06 jmp short 7C92FA62 7C92FA5C FF06 inc dword ptr [esi] 7C92FA5E 0E push cs 7C92FA5F 07 pop es 7C92FA60 6A 07 push 7 7C92FA62 6B07 6C imul eax, [edi], 6C 7C92FA65 07 pop es 7C92FA66 1907 sbb [edi], eax 7C92FA68 1A07 sbb al, [edi] 7C92FA6A 1B07 sbb eax, [edi] 7C92FA6C 1C 07 sbb al, 7 7C92FA6E 1D 071E071F sbb eax, 1F071E07 7C92FA73 07 pop es 7C92FA74 2107 and [edi], eax 7C92FA76 2207 and al, [edi] 7C92FA78 7A 07 jpe short 7C92FA81 7C92FA7A 7B 07 jpo short 7C92FA83 7C92FA7C EC in al, dx 7C92FA7D 06 push es 7C92FA7E ED in eax, dx 7C92FA7F 06 push es 7C92FA80 EE out dx, al 7C92FA81 06 push es 7C92FA82 06 push es 7C92FA83 0006 add [esi], al 7C92FA85 00F1 add cl, dh 7C92FA87 06 push es 7C92FA88 F2: prefix repne: 7C92FA89 06 push es 7C92FA8A F3: prefix rep: 7C92FA8B 06 push es 7C92FA8C F4 hlt 7C92FA8D 06 push es 7C92FA8E F5 cmc 7C92FA8F 06 push es 7C92FA90 F606 F7 test byte ptr [esi], 0F7 7C92FA93 06 push es 7C92FA94 2307 and eax, [edi] 7C92FA96 24 07 and al, 7 7C92FA98 25 07260727 and eax, 27072607 7C92FA9D 07 pop es 7C92FA9E 2807 sub [edi], al 7C92FAA0 7C 07 jl short 7C92FAA9 7C92FAA2 7D 07 jge short 7C92FAAB 7C92FAA4 7E 07 jle short 7C92FAAD 7C92FAA6 59 pop ecx ; ntdll.7C92E89A 7C92FAA7 1B5A 1B sbb ebx, [edx+1B] 7C92FAAA 5B pop ebx ; ntdll.7C92E89A 7C92FAAB 1B5F 1B sbb ebx, [edi+1B] 7C92FAAE 60 pushad 7C92FAAF 1B61 1B sbb esp, [ecx+1B] 7C92FAB2 621B bound ebx, [ebx] 7C92FAB4 631B arpl [ebx], bx 7C92FAB6 64:1B65 1B sbb esp, fs:[ebp+1B] 7C92FABA 66:1B67 1B sbb sp, [edi+1B] 7C92FABE 68 1B691B8F push 8F1B691B 7C92FAC3 1B8E 1B901B6E sbb ecx, [esi+6E1B901B] 7C92FAC9 1B6F 1B sbb ebp, [edi+1B] 7C92FACC 70 1B jo short 7C92FAE9 7C92FACE 71 1B jno short 7C92FAEB 7C92FAD0 7B 1B jpo short 7C92FAED 7C92FAD2 7E 1B jle short 7C92FAEF 7C92FAD4 801B 81 sbb byte ptr [ebx], 81 7C92FAD7 1B82 1B841B85 sbb eax, [edx+851B841B] 7C92FADD 1B89 1B5C1B8A sbb ecx, [ecx+8A1B5C1B] 7C92FAE3 1B8B 1B8D1B8C sbb ecx, [ebx+8C1B8D1B] 7C92FAE9 1B92 1B911BAF sbb edx, [edx+AF1B911B] 7C92FAEF 13B0 13B113B2 adc esi, [eax+B213B113] 7C92FAF5 13B3 13B413B5 adc esi, [ebx+B513B413] 7C92FAFB 13B6 13B713B8 adc esi, [esi+B813B713] 7C92FB01 13B9 13BA13BB adc edi, [ecx+BB13BA13] 7C92FB07 13BC13 BD13BE13 adc edi, [ebx+edx+13BE13BD] 7C92FB0E C013 CE rcl byte ptr [ebx], 0CE 7C92FB11 13C2 adc eax, edx ; msvcrt.77C31AE8 7C92FB13 13C3 adc eax, ebx 7C92FB15 13C4 adc eax, esp 7C92FB17 13B0 36B136B2 adc esi, [eax+B236B136] 7C92FB1D 36:B3 36 mov bl, 36 7C92FB20 B4 36 mov ah, 36 7C92FB22 B5 36 mov ch, 36 7C92FB24 B6 36 mov dh, 36 7C92FB26 B7 36 mov bh, 36 7C92FB28 B9 36BA36BB mov ecx, BB36BA36 7C92FB2D 36:37 aaa 7C92FB2F 0037 add [edi], dh 7C92FB31 0037 add [edi], dh 7C92FB33 0000 add [eax], al 7C92FB35 0000 add [eax], al 7C92FB37 0090 90909090 add [eax+90909090], dl 7C92FB3D > 6A 08 push 8 7C92FB3F 68 78FB927C push 7C92FB78 7C92FB44 E8 79F2FFFF call 7C92EDC2 7C92FB49 64:A1 18000000 mov eax, fs:[18] 7C92FB4F 85C0 test eax, eax 7C92FB51 74 11 je short 7C92FB64 7C92FB53 8365 FC 00 and dword ptr [ebp-4], 0 7C92FB57 8B4D 08 mov ecx, [ebp+8] 7C92FB5A 8988 F40B0000 mov [eax+BF4], ecx 7C92FB60 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C92FB64 FF75 08 push dword ptr [ebp+8] 7C92FB67 E8 1D000000 call RtlNtStatusToDosErrorNoTeb 7C92FB6C E8 91F2FFFF call 7C92EE02 7C92FB71 C2 0400 retn 4 7C92FB74 90 nop 7C92FB75 90 nop 7C92FB76 90 nop 7C92FB77 90 nop 7C92FB78 FFFF ??? ; 未知命令 7C92FB7A FFFF ??? ; 未知命令 7C92FB7C 9F lahf 7C92FB7D DC96 7CA8DC96 fcom qword ptr [esi+96DCA87C] 7C92FB83 ^ 7C 90 jl short 7C92FB15 7C92FB85 90 nop 7C92FB86 90 nop 7C92FB87 90 nop 7C92FB88 90 nop 7C92FB89 > 8BFF mov edi, edi 7C92FB8B 55 push ebp 7C92FB8C 8BEC mov ebp, esp 7C92FB8E 8B45 08 mov eax, [ebp+8] 7C92FB91 A9 00000020 test eax, 20000000 7C92FB96 0F85 9B000000 jnz 7C92FC37 7C92FB9C 57 push edi 7C92FB9D 8BC8 mov ecx, eax 7C92FB9F BF 0000FFFF mov edi, FFFF0000 7C92FBA4 23CF and ecx, edi 7C92FBA6 81F9 00000780 cmp ecx, 80070000 7C92FBAC 0F84 E6DF0300 je 7C96DB98 7C92FBB2 8BC8 mov ecx, eax 7C92FBB4 81E1 000000F0 and ecx, F0000000 7C92FBBA 81F9 000000D0 cmp ecx, D0000000 7C92FBC0 0F84 DCDF0300 je 7C96DBA2 7C92FBC6 56 push esi ; ntdll.ZwTerminateProcess 7C92FBC7 33C9 xor ecx, ecx 7C92FBC9 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C92FBCB 53 push ebx 7C92FBCC 3B04CD 48FC927C cmp eax, [ecx*8+7C92FC48] 7C92FBD3 72 24 jb short 7C92FBF9 7C92FBD5 0FB714CD 46FC92>movzx edx, word ptr [ecx*8+7C92FC46] 7C92FBDD 0FB71CCD 44FC92>movzx ebx, word ptr [ecx*8+7C92FC44] 7C92FBE5 0FAFD3 imul edx, ebx 7C92FBE8 03F2 add esi, edx ; msvcrt.77C31AE8 7C92FBEA 41 inc ecx 7C92FBEB 81F9 87000000 cmp ecx, 87 7C92FBF1 0F83 B5DF0300 jnb 7C96DBAC 7C92FBF7 ^ EB D3 jmp short 7C92FBCC 7C92FBF9 C1E1 03 shl ecx, 3 7C92FBFC 0FB799 44FC927C movzx ebx, word ptr [ecx+7C92FC44] 7C92FC03 8BD0 mov edx, eax 7C92FC05 2B91 40FC927C sub edx, [ecx+7C92FC40] 7C92FC0B 3BD3 cmp edx, ebx 7C92FC0D 0F83 99DF0300 jnb 7C96DBAC 7C92FC13 66:8B89 46FC927>mov cx, [ecx+7C92FC46] 7C92FC1A 0FB7C1 movzx eax, cx 7C92FC1D 0FAFC2 imul eax, edx ; msvcrt.77C31AE8 7C92FC20 03F0 add esi, eax 7C92FC22 66:83F9 01 cmp cx, 1 7C92FC26 0F85 CA040000 jnz 7C9300F6 7C92FC2C 0FB70475 08F392>movzx eax, word ptr [esi*2+7C92F308] 7C92FC34 5B pop ebx ; ntdll.7C92E89A 7C92FC35 5E pop esi ; ntdll.7C92E89A 7C92FC36 5F pop edi ; ntdll.7C92E89A 7C92FC37 5D pop ebp ; ntdll.7C92E89A 7C92FC38 C2 0400 retn 4 7C92FC3B 90 nop 7C92FC3C 90 nop 7C92FC3D 90 nop 7C92FC3E 90 nop 7C92FC3F 90 nop 7C92FC40 0000 add [eax], al 7C92FC42 0000 add [eax], al 7C92FC44 0100 add [eax], eax 7C92FC46 0100 add [eax], eax 7C92FC48 0301 add eax, [ecx] 7C92FC4A 0000 add [eax], al 7C92FC4C 0100 add [eax], eax 7C92FC4E 0100 add [eax], eax 7C92FC50 05 01000003 add eax, 3000001 7C92FC55 0001 add [ecx], al 7C92FC57 000C01 add [ecx+eax], cl 7C92FC5A 0000 add [eax], al 7C92FC5C 0200 add al, [eax] 7C92FC5E 0100 add [eax], eax 7C92FC60 2101 and [ecx], eax 7C92FC62 0000 add [eax], al 7C92FC64 0100 add [eax], eax 7C92FC66 0100 add [eax], eax 7C92FC68 0200 add al, [eax] 7C92FC6A 0040 01 add [eax+1], al 7C92FC6D 0001 add [ecx], al 7C92FC6F 0006 add [esi], al 7C92FC71 0000 add [eax], al 7C92FC73 40 inc eax 7C92FC74 0100 add [eax], eax 7C92FC76 0100 add [eax], eax 7C92FC78 0800 or [eax], al 7C92FC7A 0040 02 add [eax+2], al 7C92FC7D 0001 add [ecx], al 7C92FC7F 000C00 add [eax+eax], cl 7C92FC82 0040 02 add [eax+2], al 7C92FC85 0001 add [ecx], al 7C92FC87 0070 03 add [eax+3], dh 7C92FC8A 0040 01 add [eax+1], al 7C92FC8D 0001 add [ecx], al 7C92FC8F 0056 00 add [esi], dl 7C92FC92 0240 01 add al, [eax+1] 7C92FC95 0001 add [ecx], al 7C92FC97 00AF 00024001 add [edi+1400200], ch 7C92FC9D 0001 add [ecx], al 7C92FC9F 0001 add [ecx], al 7C92FCA1 0000 add [eax], al 7C92FCA3 8006 00 add byte ptr [esi], 0 7C92FCA6 0200 add al, [eax] 7C92FCA8 0B00 or eax, [eax] 7C92FCAA 0080 01000100 add [eax+10001], al 7C92FCB0 0D 0000800A or eax, 0A800000 7C92FCB5 0001 add [ecx], al 7C92FCB7 001A add [edx], bl 7C92FCB9 0000 add [eax], al 7C92FCBB 8006 00 add byte ptr [esi], 0 7C92FCBE 0100 add [eax], eax 7C92FCC0 2100 and [eax], eax 7C92FCC2 0080 02000100 add [eax+10002], al 7C92FCC8 25 00008001 and eax, 1800000 7C92FCCD 0001 add [ecx], al 7C92FCCF 0027 add [edi], ah 7C92FCD1 0000 add [eax], al 7C92FCD3 8001 00 add byte ptr [ecx], 0 7C92FCD6 0100 add [eax], eax 7C92FCD8 8802 mov [edx], al 7C92FCDA 0080 02000100 add [eax+10002], al 7C92FCE0 0003 add [ebx], al 7C92FCE2 0980 12000100 or [eax+10012], eax 7C92FCE8 16 push ss 7C92FCE9 0309 add ecx, [ecx] 7C92FCEB 8003 00 add byte ptr [ebx], 0 7C92FCEE 0100 add [eax], eax 7C92FCF0 2003 and [ebx], al 7C92FCF2 0980 03000100 or [eax+10003], eax 7C92FCF8 25 03098005 and eax, 5800903 7C92FCFD 0001 add [ecx], al 7C92FCFF 0030 add [eax], dh 7C92FD01 0309 add ecx, [ecx] 7C92FD03 8002 00 add byte ptr [edx], 0 7C92FD06 0100 add [eax], eax 7C92FD08 47 inc edi 7C92FD09 0309 add ecx, [ecx] 7C92FD0B 8001 00 add byte ptr [ecx], 0 7C92FD0E 0100 add [eax], eax 7C92FD10 1020 adc [eax], ah 7C92FD12 0980 01000100 or [eax+10001], eax 7C92FD18 1220 adc ah, [eax] 7C92FD1A 0980 02000100 or [eax+10002], eax 7C92FD20 04 60 add al, 60 7C92FD22 0980 01000100 or [eax+10001], eax 7C92FD28 0100 add [eax], eax 7C92FD2A 1380 05000100 adc eax, [eax+10005] ; USP10.74006E00 7C92FD30 0100 add [eax], eax 7C92FD32 00C0 add al, al 7C92FD34 0B00 or eax, [eax] 7C92FD36 0100 add [eax], eax 7C92FD38 0D 0000C01A or eax, 1AC00000 7C92FD3D 0002 add [edx], al 7C92FD3F 002A add [edx], ch 7C92FD41 0000 add [eax], al 7C92FD43 C00400 02 rol byte ptr [eax+eax], 2 7C92FD47 0030 add [eax], dh 7C92FD49 0000 add [eax], al 7C92FD4B C001 00 rol byte ptr [ecx], 0 7C92FD4E 0100 add [eax], eax 7C92FD50 3200 xor al, [eax] 7C92FD52 00C0 add al, al 7C92FD54 04 00 add al, 0 7C92FD56 0100 add [eax], eax 7C92FD58 37 aaa 7C92FD59 0000 add [eax], al 7C92FD5B C001 00 rol byte ptr [ecx], 0 7C92FD5E 0100 add [eax], eax 7C92FD60 3900 cmp [eax], eax 7C92FD62 00C0 add al, al 7C92FD64 71 00 jno short 7C92FD66 7C92FD66 0200 add al, [eax] 7C92FD68 AB stos dword ptr es:[edi] 7C92FD69 0000 add [eax], al 7C92FD6B C00C00 01 ror byte ptr [eax+eax], 1 7C92FD6F 00BA 0000C019 add [edx+19C00000], bh 7C92FD75 0001 add [ecx], al 7C92FD77 00D4 add ah, dl 7C92FD79 0000 add [eax], al 7C92FD7B C00400 01 rol byte ptr [eax+eax], 1 7C92FD7F 00D9 add cl, bl 7C92FD81 0000 add [eax], al 7C92FD83 C002 00 rol byte ptr [edx], 0 7C92FD86 0100 add [eax], eax 7C92FD88 DC00 fadd qword ptr [eax] 7C92FD8A 00C0 add al, al 7C92FD8C 0D 000100ED or eax, ED000100 7C92FD91 0000 add [eax], al 7C92FD93 C012 00 rcl byte ptr [edx], 0 7C92FD96 0100 add [eax], eax 7C92FD98 0001 add [ecx], al 7C92FD9A 00C0 add al, al 7C92FD9C 0C 00 or al, 0 7C92FD9E 0100 add [eax], eax 7C92FDA0 0D 0100C002 or eax, 2C00001 7C92FDA5 0001 add [ecx], al 7C92FDA7 0017 add [edi], dl 7C92FDA9 0100 add [eax], eax 7C92FDAB C001 00 rol byte ptr [ecx], 0 7C92FDAE 0100 add [eax], eax 7C92FDB0 1B01 sbb eax, [ecx] 7C92FDB2 00C0 add al, al 7C92FDB4 0E push cs 7C92FDB5 0001 add [ecx], al 7C92FDB7 002B add [ebx], ch 7C92FDB9 0100 add [eax], eax 7C92FDBB C001 00 rol byte ptr [ecx], 0 7C92FDBE 0100 add [eax], eax 7C92FDC0 2D 0100C005 sub eax, 5C00001 7C92FDC5 0001 add [ecx], al 7C92FDC7 0033 add [ebx], dh 7C92FDC9 0100 add [eax], eax 7C92FDCB C001 00 rol byte ptr [ecx], 0 7C92FDCE 0100 add [eax], eax 7C92FDD0 35 0100C001 xor eax, 1C00001 7C92FDD5 0001 add [ecx], al 7C92FDD7 0038 add [eax], bh 7C92FDD9 0100 add [eax], eax 7C92FDDB C002 00 rol byte ptr [edx], 0 7C92FDDE 0100 add [eax], eax 7C92FDE0 3B01 cmp eax, [ecx] 7C92FDE2 00C0 add al, al 7C92FDE4 0800 or [eax], al 7C92FDE6 0100 add [eax], eax 7C92FDE8 48 dec eax 7C92FDE9 0100 add [eax], eax 7C92FDEB C002 00 rol byte ptr [edx], 0 7C92FDEE 0100 add [eax], eax 7C92FDF0 4B dec ebx 7C92FDF1 0100 add [eax], eax 7C92FDF3 C003 00 rol byte ptr [ebx], 0 7C92FDF6 0100 add [eax], eax 7C92FDF8 4F dec edi 7C92FDF9 0100 add [eax], eax 7C92FDFB C00F 00 ror byte ptr [edi], 0 7C92FDFE 0100 add [eax], eax 7C92FE00 5F pop edi ; ntdll.7C92E89A 7C92FE01 0100 add [eax], eax 7C92FE03 C001 00 rol byte ptr [ecx], 0 7C92FE06 0100 add [eax], eax 7C92FE08 6201 bound eax, [ecx] 7C92FE0A 00C0 add al, al 7C92FE0C 0100 add [eax], eax 7C92FE0E 0100 add [eax], eax 7C92FE10 65:0100 add gs:[eax], eax 7C92FE13 C009 00 ror byte ptr [ecx], 0 7C92FE16 0100 add [eax], eax 7C92FE18 72 01 jb short 7C92FE1B 7C92FE1A 00C0 add al, al 7C92FE1C 07 pop es 7C92FE1D 0001 add [ecx], al 7C92FE1F 007A 01 add [edx+1], bh 7C92FE22 00C0 add al, al 7C92FE24 0D 00010088 or eax, 88000100 7C92FE29 0100 add [eax], eax 7C92FE2B C009 00 ror byte ptr [ecx], 0 7C92FE2E 0100 add [eax], eax 7C92FE30 92 xchg eax, edx ; msvcrt.77C31AE8 7C92FE31 0100 add [eax], eax 7C92FE33 C00A 00 ror byte ptr [edx], 0 7C92FE36 0100 add [eax], eax 7C92FE38 0202 add al, [edx] 7C92FE3A 00C0 add al, al 7C92FE3C 0200 add al, [eax] 7C92FE3E 0100 add [eax], eax 7C92FE40 0302 add eax, [edx] ; ntdll.7C99C8E0 7C92FE42 00C0 add al, al 7C92FE44 15 0001001C adc eax, 1C000100 7C92FE49 0200 add al, [eax] 7C92FE4B C001 00 rol byte ptr [ecx], 0 7C92FE4E 0100 add [eax], eax 7C92FE50 2002 and [edx], al 7C92FE52 00C0 add al, al 7C92FE54 0200 add al, [eax] 7C92FE56 0100 add [eax], eax 7C92FE58 24 02 and al, 2 7C92FE5A 00C0 add al, al 7C92FE5C 0200 add al, [eax] 7C92FE5E 0100 add [eax], eax 7C92FE60 2902 sub [edx], eax 7C92FE62 00C0 add al, al 7C92FE64 0300 add eax, [eax] 7C92FE66 0200 add al, [eax] 7C92FE68 2D 0200C001 sub eax, 1C00002 ; ASCII "s/2.gif" 7C92FE6D 0001 add [ecx], al 7C92FE6F 0030 add [eax], dh 7C92FE71 0200 add al, [eax] 7C92FE73 C001 00 rol byte ptr [ecx], 0 7C92FE76 0100 add [eax], eax 7C92FE78 3302 xor eax, [edx] ; ntdll.7C99C8E0 7C92FE7A 00C0 add al, al 7C92FE7C 0F0001 sldt [ecx] 7C92FE7F 0043 02 add [ebx+2], al 7C92FE82 00C0 add al, al 7C92FE84 0100 add [eax], eax 7C92FE86 0100 add [eax], eax 7C92FE88 46 inc esi ; ntdll.ZwTerminateProcess 7C92FE89 0200 add al, [eax] 7C92FE8B C00400 01 rol byte ptr [eax+eax], 1 7C92FE8F 0053 02 add [ebx+2], dl 7C92FE92 00C0 add al, al 7C92FE94 0100 add [eax], eax 7C92FE96 0100 add [eax], eax 7C92FE98 53 push ebx 7C92FE99 0200 add al, [eax] 7C92FE9B C001 00 rol byte ptr [ecx], 0 7C92FE9E 0100 add [eax], eax 7C92FEA0 57 push edi 7C92FEA1 0200 add al, [eax] 7C92FEA3 C001 00 rol byte ptr [ecx], 0 7C92FEA6 0100 add [eax], eax 7C92FEA8 59 pop ecx ; ntdll.7C92E89A 7C92FEA9 0200 add al, [eax] 7C92FEAB C001 00 rol byte ptr [ecx], 0 7C92FEAE 0100 add [eax], eax 7C92FEB0 5E pop esi ; ntdll.7C92E89A 7C92FEB1 0200 add al, [eax] 7C92FEB3 C001 00 rol byte ptr [ecx], 0 7C92FEB6 0100 add [eax], eax 7C92FEB8 6202 bound eax, [edx] ; ntdll.7C99C8E0 7C92FEBA 00C0 add al, al 7C92FEBC 04 00 add al, 0 7C92FEBE 0100 add [eax], eax 7C92FEC0 67:0200 add al, [bx+si] 7C92FEC3 C001 00 rol byte ptr [ecx], 0 7C92FEC6 0100 add [eax], eax 7C92FEC8 6A 02 push 2 7C92FECA 00C0 add al, al 7C92FECC 0100 add [eax], eax 7C92FECE 0100 add [eax], eax 7C92FED0 6C ins byte ptr es:[edi], dx 7C92FED1 0200 add al, [eax] 7C92FED3 C003 00 rol byte ptr [ebx], 0 7C92FED6 0100 add [eax], eax 7C92FED8 72 02 jb short 7C92FEDC 7C92FEDA 00C0 add al, al 7C92FEDC 0100 add [eax], eax 7C92FEDE 0100 add [eax], eax 7C92FEE0 75 02 jnz short 7C92FEE4 7C92FEE2 00C0 add al, al 7C92FEE4 05 00010080 add eax, 80000100 7C92FEE9 0200 add al, [eax] 7C92FEEB C002 00 rol byte ptr [edx], 0 7C92FEEE 0100 add [eax], eax 7C92FEF0 8302 00 add dword ptr [edx], 0 7C92FEF3 C005 0001008A 0>rol byte ptr [8A000100], 2 7C92FEFA 00C0 add al, al 7C92FEFC 0200 add al, [eax] 7C92FEFE 0100 add [eax], eax 7C92FF00 8D02 lea eax, [edx] 7C92FF02 00C0 add al, al 7C92FF04 07 pop es 7C92FF05 0001 add [ecx], al 7C92FF07 0095 0200C00B add [ebp+BC00002], dl 7C92FF0D 0001 add [ecx], al 7C92FF0F 00A1 0200C012 add [ecx+12C00002], ah 7C92FF15 0001 add [ecx], al 7C92FF17 00B6 0200C003 add [esi+3C00002], dh 7C92FF1D 0001 add [ecx], al 7C92FF1F 00C1 add cl, al 7C92FF21 0200 add al, [eax] 7C92FF23 C001 00 rol byte ptr [ecx], 0 7C92FF26 0100 add [eax], eax 7C92FF28 C3 retn 7C92FF29 0200 add al, [eax] 7C92FF2B C001 00 rol byte ptr [ecx], 0 7C92FF2E 0100 add [eax], eax 7C92FF30 C502 lds eax, [edx] 7C92FF32 00C0 add al, al 7C92FF34 0300 add eax, [eax] 7C92FF36 0100 add [eax], eax 7C92FF38 C9 leave 7C92FF39 0200 add al, [eax] 7C92FF3B C005 000100CF 0>rol byte ptr [CF000100], 2 7C92FF42 00C0 add al, al 7C92FF44 0200 add al, [eax] 7C92FF46 0100 add [eax], eax 7C92FF48 D4 02 aam 2 7C92FF4A 00C0 add al, al 7C92FF4C 0A00 or al, [eax] 7C92FF4E 0100 add [eax], eax 7C92FF50 DF02 fild word ptr [edx] 7C92FF52 00C0 add al, al 7C92FF54 0900 or [eax], eax 7C92FF56 0100 add [eax], eax 7C92FF58 - E9 0200C002 jmp 7F52FF5F 7C92FF5D 0001 add [ecx], al 7C92FF5F 00EC add ah, ch 7C92FF61 0200 add al, [eax] 7C92FF63 C020 00 shl byte ptr [eax], 0 7C92FF66 0200 add al, [eax] 7C92FF68 2003 and [ebx], al 7C92FF6A 00C0 add al, al 7C92FF6C 0300 add eax, [eax] 7C92FF6E 0200 add al, [eax] 7C92FF70 50 push eax 7C92FF71 0300 add eax, [eax] 7C92FF73 C003 00 rol byte ptr [ebx], 0 7C92FF76 0200 add al, [eax] 7C92FF78 56 push esi ; ntdll.ZwTerminateProcess 7C92FF79 0300 add eax, [eax] 7C92FF7B C007 00 rol byte ptr [edi], 0 7C92FF7E 0200 add al, [eax] 7C92FF80 61 popad 7C92FF81 0300 add eax, [eax] 7C92FF83 C00400 01 rol byte ptr [eax+eax], 1 7C92FF87 006B 03 add [ebx+3], ch 7C92FF8A 00C0 add al, al 7C92FF8C 0200 add al, [eax] 7C92FF8E 0100 add [eax], eax 7C92FF90 6F outs dx, dword ptr es:[edi] 7C92FF91 0300 add eax, [eax] 7C92FF93 C001 00 rol byte ptr [ecx], 0 7C92FF96 0100 add [eax], eax 7C92FF98 8003 00 add byte ptr [ebx], 0 7C92FF9B C00E 00 ror byte ptr [esi], 0 7C92FF9E 0200 add al, [eax] 7C92FFA0 0100 add [eax], eax 7C92FFA2 02C0 add al, al 7C92FFA4 1D 0001001F sbb eax, 1F000100 7C92FFA9 0002 add [edx], al 7C92FFAB C001 00 rol byte ptr [ecx], 0 7C92FFAE 0100 add [eax], eax 7C92FFB0 2100 and [eax], eax 7C92FFB2 02C0 add al, al 7C92FFB4 06 push es 7C92FFB5 0001 add [ecx], al 7C92FFB7 0028 add [eax], ch 7C92FFB9 0002 add [edx], al 7C92FFBB C026 00 shl byte ptr [esi], 0 7C92FFBE 0100 add [eax], eax 7C92FFC0 4F dec edi 7C92FFC1 0002 add [edx], al 7C92FFC3 C007 00 rol byte ptr [edi], 0 7C92FFC6 0100 add [eax], eax 7C92FFC8 57 push edi 7C92FFC9 0002 add [edx], al 7C92FFCB C002 00 rol byte ptr [edx], 0 7C92FFCE 0100 add [eax], eax 7C92FFD0 6200 bound eax, [eax] 7C92FFD2 02C0 add al, al 7C92FFD4 0200 add al, [eax] 7C92FFD6 0100 add [eax], eax 7C92FFD8 0100 add [eax], eax 7C92FFDA 03C0 add eax, eax 7C92FFDC 0C 00 or al, 0 7C92FFDE 0100 add [eax], eax 7C92FFE0 59 pop ecx ; ntdll.7C92E89A 7C92FFE1 0003 add [ebx], al 7C92FFE3 C009 00 ror byte ptr [ecx], 0 7C92FFE6 0100 add [eax], eax 7C92FFE8 0100 add [eax], eax 7C92FFEA 0AC0 or al, al 7C92FFEC 0300 add eax, [eax] 7C92FFEE 0100 add [eax], eax 7C92FFF0 06 push es 7C92FFF1 000A add [edx], cl 7C92FFF3 C00B 00 ror byte ptr [ebx], 0 7C92FFF6 0100 add [eax], eax 7C92FFF8 1200 adc al, [eax] 7C92FFFA 0AC0 or al, al 7C92FFFC 07 pop es 7C92FFFD 0001 add [ecx], al 7C92FFFF 0022 add [edx], ah 7C930001 000A add [edx], cl 7C930003 C001 00 rol byte ptr [ecx], 0 7C930006 0100 add [eax], eax 7C930008 24 00 and al, 0 7C93000A 0AC0 or al, al 7C93000C 0100 add [eax], eax 7C93000E 0100 add [eax], eax 7C930010 26:000A add es:[edx], cl 7C930013 C003 00 rol byte ptr [ebx], 0 7C930016 0100 add [eax], eax 7C930018 2A00 sub al, [eax] 7C93001A 0AC0 or al, al 7C93001C 0200 add al, [eax] 7C93001E 0100 add [eax], eax 7C930020 2E:000A add cs:[edx], cl 7C930023 C00400 01 rol byte ptr [eax+eax], 1 7C930027 0033 add [ebx], dh 7C930029 000A add [edx], cl 7C93002B C00400 01 rol byte ptr [eax+eax], 1 7C93002F 0001 add [ecx], al 7C930031 0013 add [ebx], dl 7C930033 C010 00 rcl byte ptr [eax], 0 7C930036 0100 add [eax], eax 7C930038 1200 adc al, [eax] 7C93003A 13C0 adc eax, eax 7C93003C 05 00010001 add eax, 1000100 7C930041 0015 C0080001 add [10008C0], dl 7C930047 000A add [edx], cl 7C930049 0015 C0020001 add [10002C0], dl 7C93004F 000E add [esi], cl 7C930051 0015 C0010001 add [10001C0], dl 7C930057 0001 add [ecx], al 7C930059 0098 C0020001 add [eax+10002C0], bl 7C93005F 0008 add [eax], cl 7C930061 0098 C0010001 add [eax+10001C0], bl 7C930067 00FF add bh, bh 7C930069 FFFF ??? ; 未知命令 7C93006B FF01 inc dword ptr [ecx] 7C93006D 0001 add [ecx], al 7C93006F 0000 add [eax], al 7C930071 0000 add [eax], al 7C930073 0000 add [eax], al 7C930075 0000 add [eax], al 7C930077 000F add [edi], cl 7C930079 B6 72 mov dh, 72 7C93007B 17 pop ss 7C93007C 66:8B3471 mov si, [ecx+esi*2] 7C930080 66:8970 2E mov [eax+2E], si 7C930084 0FB672 16 movzx esi, byte ptr [edx+16] 7C930088 66:8B3471 mov si, [ecx+esi*2] 7C93008C 66:8970 2C mov [eax+2C], si 7C930090 0FB672 15 movzx esi, byte ptr [edx+15] 7C930094 66:8B3471 mov si, [ecx+esi*2] 7C930098 66:8970 2A mov [eax+2A], si 7C93009C 0FB672 14 movzx esi, byte ptr [edx+14] 7C9300A0 66:8B3471 mov si, [ecx+esi*2] 7C9300A4 66:8970 28 mov [eax+28], si 7C9300A8 0FB672 13 movzx esi, byte ptr [edx+13] 7C9300AC 66:8B3471 mov si, [ecx+esi*2] 7C9300B0 66:8970 26 mov [eax+26], si 7C9300B4 0FB672 12 movzx esi, byte ptr [edx+12] 7C9300B8 66:8B3471 mov si, [ecx+esi*2] 7C9300BC 66:8970 24 mov [eax+24], si 7C9300C0 0FB672 11 movzx esi, byte ptr [edx+11] 7C9300C4 66:8B3471 mov si, [ecx+esi*2] 7C9300C8 66:8970 22 mov [eax+22], si 7C9300CC 0FB672 10 movzx esi, byte ptr [edx+10] 7C9300D0 66:8B3471 mov si, [ecx+esi*2] 7C9300D4 66:8970 20 mov [eax+20], si 7C9300D8 ^ E9 F2F1FFFF jmp 7C92F2CF 7C9300DD 90 nop 7C9300DE 90 nop 7C9300DF 90 nop 7C9300E0 90 nop 7C9300E1 90 nop 7C9300E2 > 8BFF mov edi, edi 7C9300E4 55 push ebp 7C9300E5 8BEC mov ebp, esp 7C9300E7 8B45 08 mov eax, [ebp+8] 7C9300EA 85C0 test eax, eax 7C9300EC 0F85 4A530000 jnz 7C93543C 7C9300F2 5D pop ebp ; ntdll.7C92E89A 7C9300F3 C2 0400 retn 4 7C9300F6 8D0C36 lea ecx, [esi+esi] 7C9300F9 0FB781 0AF3927C movzx eax, word ptr [ecx+7C92F30A] 7C930100 0FB789 08F3927C movzx ecx, word ptr [ecx+7C92F308] 7C930107 C1E0 10 shl eax, 10 7C93010A 0BC1 or eax, ecx 7C93010C ^ E9 23FBFFFF jmp 7C92FC34 7C930111 90 nop 7C930112 90 nop 7C930113 90 nop 7C930114 90 nop 7C930115 90 nop 7C930116 8BFF mov edi, edi 7C930118 55 push ebp 7C930119 8BEC mov ebp, esp 7C93011B 8B4D 14 mov ecx, [ebp+14] 7C93011E 85C9 test ecx, ecx 7C930120 0F84 7A3B0300 je 7C963CA0 7C930126 F745 08 FEFFFFF>test dword ptr [ebp+8], FFFFFFFE 7C93012D 0F85 773B0300 jnz 7C963CAA 7C930133 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C930136 8321 00 and dword ptr [ecx], 0 7C930139 85C0 test eax, eax 7C93013B 0F85 147F0100 jnz 7C948055 7C930141 8B45 10 mov eax, [ebp+10] 7C930144 85C0 test eax, eax 7C930146 0F85 683B0300 jnz 7C963CB4 7C93014C BA F8010000 mov edx, 1F8 7C930151 64:A1 18000000 mov eax, fs:[18] 7C930157 8B40 30 mov eax, [eax+30] 7C93015A 8B0402 mov eax, [edx+eax] 7C93015D 85C0 test eax, eax 7C93015F 8901 mov [ecx], eax 7C930161 75 0C jnz short 7C93016F 7C930163 F645 08 01 test byte ptr [ebp+8], 1 7C930167 74 06 je short 7C93016F 7C930169 C701 0C03937C mov dword ptr [ecx], 7C93030C ; ASCII "Actx " 7C93016F 33C0 xor eax, eax 7C930171 5D pop ebp ; ntdll.7C92E89A 7C930172 C2 1000 retn 10 7C930175 90 nop 7C930176 90 nop 7C930177 90 nop 7C930178 90 nop 7C930179 90 nop 7C93017A 8BFF mov edi, edi 7C93017C 55 push ebp 7C93017D 8BEC mov ebp, esp 7C93017F 57 push edi 7C930180 8B7D 20 mov edi, [ebp+20] ; trscd.00454AA4 7C930183 33C9 xor ecx, ecx 7C930185 3BF9 cmp edi, ecx 7C930187 0F85 9F350200 jnz 7C95372C 7C93018D 394D 14 cmp [ebp+14], ecx 7C930190 0F85 0F3E0300 jnz 7C963FA5 7C930196 6A 08 push 8 7C930198 5A pop edx ; ntdll.7C92E89A 7C930199 3955 1C cmp [ebp+1C], edx ; msvcrt.77C31AE8 7C93019C 0F82 253E0300 jb 7C963FC7 7C9301A2 8B45 10 mov eax, [ebp+10] 7C9301A5 3BC1 cmp eax, ecx 7C9301A7 53 push ebx 7C9301A8 56 push esi ; ntdll.ZwTerminateProcess 7C9301A9 8B75 18 mov esi, [ebp+18] ; trscd.00454965 7C9301AC 0F84 81350200 je 7C953733 7C9301B2 8B40 1C mov eax, [eax+1C] 7C9301B5 8946 04 mov [esi+4], eax 7C9301B8 F645 08 01 test byte ptr [ebp+8], 1 7C9301BC 8B5D 0C mov ebx, [ebp+C] ; RPCRT4.77E8F3B0 7C9301BF 75 09 jnz short 7C9301CA 7C9301C1 53 push ebx 7C9301C2 E8 1BFFFFFF call RtlAddRefActivationContext 7C9301C7 6A 08 push 8 7C9301C9 5A pop edx ; ntdll.7C92E89A 7C9301CA 85FF test edi, edi 7C9301CC 891E mov [esi], ebx 7C9301CE 5E pop esi ; ntdll.7C92E89A 7C9301CF 5B pop ebx ; ntdll.7C92E89A 7C9301D0 0F85 65350200 jnz 7C95373B 7C9301D6 33C0 xor eax, eax 7C9301D8 5F pop edi ; ntdll.7C92E89A 7C9301D9 5D pop ebp ; ntdll.7C92E89A 7C9301DA C2 1C00 retn 1C 7C9301DD 90 nop 7C9301DE 90 nop 7C9301DF 90 nop 7C9301E0 90 nop 7C9301E1 90 nop 7C9301E2 > 6A 30 push 30 7C9301E4 68 F002937C push 7C9302F0 7C9301E9 E8 D4EBFFFF call 7C92EDC2 7C9301EE C745 E0 E50000C>mov dword ptr [ebp-20], C00000E5 7C9301F5 33DB xor ebx, ebx 7C9301F7 885D E7 mov [ebp-19], bl 7C9301FA 895D DC mov [ebp-24], ebx 7C9301FD 895D D8 mov [ebp-28], ebx 7C930200 895D FC mov [ebp-4], ebx 7C930203 8B45 20 mov eax, [ebp+20] ; trscd.00454AA4 7C930206 3BC3 cmp eax, ebx 7C930208 0F85 05340200 jnz 7C953613 7C93020E 8B4D 08 mov ecx, [ebp+8] 7C930211 F7C1 F8FFFF7F test ecx, 7FFFFFF8 7C930217 0F85 33410300 jnz 7C964350 7C93021D 894D D4 mov [ebp-2C], ecx 7C930220 8B75 14 mov esi, [ebp+14] 7C930223 8165 D4 0000008>and dword ptr [ebp-2C], 80000000 7C93022A 0F85 230C0100 jnz 7C940E53 7C930230 83FE 01 cmp esi, 1 7C930233 0F85 E1330200 jnz 7C95361A 7C930239 8B7D 1C mov edi, [ebp+1C] 7C93023C 3BFB cmp edi, ebx 7C93023E 0F84 E4330200 je 7C953628 7C930244 395D 18 cmp [ebp+18], ebx 7C930247 0F84 6E410300 je 7C9643BB 7C93024D 3BFB cmp edi, ebx 7C93024F 0F84 D3330200 je 7C953628 7C930255 8BC1 mov eax, ecx 7C930257 83E0 07 and eax, 7 7C93025A 2BC3 sub eax, ebx 7C93025C 74 2A je short 7C930288 7C93025E 48 dec eax 7C93025F 0F85 FC0B0100 jnz 7C940E61 7C930265 395D 0C cmp [ebp+C], ebx 7C930268 0F85 FF410300 jnz 7C96446D 7C93026E 64:A1 18000000 mov eax, fs:[18] 7C930274 8945 C4 mov [ebp-3C], eax 7C930277 8B80 B0010000 mov eax, [eax+1B0] 7C93027D 8945 C0 mov [ebp-40], eax 7C930280 3BC3 cmp eax, ebx 7C930282 0F85 C57D0100 jnz 7C94804D 7C930288 8D45 D8 lea eax, [ebp-28] 7C93028B 50 push eax 7C93028C 53 push ebx 7C93028D FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C930290 6A 01 push 1 7C930292 E8 7FFEFFFF call 7C930116 7C930297 8945 E0 mov [ebp-20], eax 7C93029A 3BC3 cmp eax, ebx 7C93029C 7C 3E jl short 7C9302DC 7C93029E 8B4D D8 mov ecx, [ebp-28] 7C9302A1 3BCB cmp ecx, ebx 7C9302A3 0F84 DE410300 je 7C964487 7C9302A9 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C9302AB 48 dec eax 7C9302AC 0F85 83330200 jnz 7C953635 7C9302B2 895D D0 mov [ebp-30], ebx 7C9302B5 395D D4 cmp [ebp-2C], ebx 7C9302B8 0F85 F10B0100 jnz 7C940EAF 7C9302BE FF75 20 push dword ptr [ebp+20] ; trscd.00454AA4 7C9302C1 57 push edi 7C9302C2 FF75 18 push dword ptr [ebp+18] ; trscd.00454965 7C9302C5 53 push ebx 7C9302C6 51 push ecx 7C9302C7 FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C9302CA FF75 D0 push dword ptr [ebp-30] 7C9302CD E8 A8FEFFFF call 7C93017A 7C9302D2 8945 E0 mov [ebp-20], eax 7C9302D5 3BC3 cmp eax, ebx 7C9302D7 7C 03 jl short 7C9302DC 7C9302D9 895D E0 mov [ebp-20], ebx 7C9302DC 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C9302E0 E8 1C000000 call 7C930301 7C9302E5 8B45 E0 mov eax, [ebp-20] 7C9302E8 E8 15EBFFFF call 7C92EE02 7C9302ED C2 1C00 retn 1C 7C9302F0 FFFF ??? ; 未知命令 7C9302F2 FFFF ??? ; 未知命令 7C9302F4 0000 add [eax], al 7C9302F6 0000 add [eax], al 7C9302F8 0E push cs 7C9302F9 45 inc ebp 7C9302FA 96 xchg eax, esi ; ntdll.ZwTerminateProcess 7C9302FB ^ 7C 90 jl short 7C93028D 7C9302FD 90 nop 7C9302FE 90 nop 7C9302FF 90 nop 7C930300 90 nop 7C930301 385D E7 cmp [ebp-19], bl 7C930304 0F85 B10B0100 jnz 7C940EBB 7C93030A C3 retn 7C93030B 90 nop 7C93030C 41 inc ecx 7C93030D 637478 20 arpl [eax+edi*2+20], si 7C930311 0000 add [eax], al 7C930313 0001 add [ecx], al 7C930315 0000 add [eax], al 7C930317 0020 add [eax], ah 7C930319 0000 add [eax], al 7C93031B 0000 add [eax], al 7C93031D 0000 add [eax], al 7C93031F 0000 add [eax], al 7C930321 0000 add [eax], al 7C930323 0000 add [eax], al 7C930325 0000 add [eax], al 7C930327 0000 add [eax], al 7C930329 0000 add [eax], al 7C93032B 0090 90909090 add [eax+90909090], dl 7C930331 > 64:A1 18000000 mov eax, fs:[18] 7C930337 8B40 34 mov eax, [eax+34] 7C93033A C3 retn 7C93033B 90 nop 7C93033C 90 nop 7C93033D 90 nop 7C93033E 90 nop 7C93033F 90 nop 7C930340 > 8BFF mov edi, edi 7C930342 55 push ebp 7C930343 8BEC mov ebp, esp 7C930345 64:A1 18000000 mov eax, fs:[18] 7C93034B 8B4D 08 mov ecx, [ebp+8] 7C93034E 8948 34 mov [eax+34], ecx 7C930351 5D pop ebp ; ntdll.7C92E89A 7C930352 C2 0400 retn 4 7C930355 90 nop 7C930356 90 nop 7C930357 90 nop 7C930358 90 nop 7C930359 90 nop 7C93035A > 8BFF mov edi, edi 7C93035C 55 push ebp 7C93035D 8BEC mov ebp, esp 7C93035F 8B45 08 mov eax, [ebp+8] 7C930362 90 nop 7C930363 90 nop 7C930364 90 nop 7C930365 90 nop 7C930366 90 nop 7C930367 90 nop 7C930368 90 nop 7C930369 90 nop 7C93036A 90 nop 7C93036B 90 nop 7C93036C 90 nop 7C93036D 90 nop 7C93036E 90 nop 7C93036F 90 nop 7C930370 66:8B08 mov cx, [eax] 7C930373 40 inc eax 7C930374 40 inc eax 7C930375 66:85C9 test cx, cx 7C930378 ^ 75 F6 jnz short 7C930370 7C93037A 2B45 08 sub eax, [ebp+8] 7C93037D D1F8 sar eax, 1 7C93037F 48 dec eax 7C930380 5D pop ebp ; ntdll.7C92E89A 7C930381 C3 retn 7C930382 90 nop 7C930383 90 nop 7C930384 90 nop 7C930385 90 nop 7C930386 90 nop 7C930387 3B0D 34C0997C cmp ecx, [7C99C034] 7C93038D 0F85 99830400 jnz 7C97872C 7C930393 F7C1 0000FFFF test ecx, FFFF0000 7C930399 0F85 8D830400 jnz 7C97872C 7C93039F C3 retn 7C9303A0 90 nop 7C9303A1 90 nop 7C9303A2 90 nop 7C9303A3 90 nop 7C9303A4 90 nop 7C9303A5 > 8BFF mov edi, edi 7C9303A7 55 push ebp 7C9303A8 8BEC mov ebp, esp 7C9303AA 56 push esi ; ntdll.ZwTerminateProcess 7C9303AB 8B75 0C mov esi, [ebp+C] ; RPCRT4.77E8F3B0 7C9303AE 33C9 xor ecx, ecx 7C9303B0 3BF1 cmp esi, ecx 7C9303B2 0F84 5F7C0100 je 7C948017 7C9303B8 56 push esi ; ntdll.ZwTerminateProcess 7C9303B9 E8 9CFFFFFF call wcslen 7C9303BE 3D FE7F0000 cmp eax, 7FFE 7C9303C3 59 pop ecx ; ntdll.7C92E89A 7C9303C4 0F87 D4A90300 ja 7C96AD9E 7C9303CA 8B4D 08 mov ecx, [ebp+8] 7C9303CD 03C0 add eax, eax 7C9303CF 66:8901 mov [ecx], ax 7C9303D2 83C0 02 add eax, 2 7C9303D5 66:8941 02 mov [ecx+2], ax 7C9303D9 8971 04 mov [ecx+4], esi ; ntdll.ZwTerminateProcess 7C9303DC 33C0 xor eax, eax 7C9303DE 5E pop esi ; ntdll.7C92E89A 7C9303DF 5D pop ebp ; ntdll.7C92E89A 7C9303E0 C2 0800 retn 8 7C9303E3 397E 04 cmp [esi+4], edi 7C9303E6 ^ 0F84 EF0DFFFF je 7C9211DB 7C9303EC 8B4D 08 mov ecx, [ebp+8] 7C9303EF 8361 10 00 and dword ptr [ecx+10], 0 7C9303F3 8D51 08 lea edx, [ecx+8] 7C9303F6 8932 mov [edx], esi ; ntdll.ZwTerminateProcess 7C9303F8 8979 0C mov [ecx+C], edi 7C9303FB 8990 B0010000 mov [eax+1B0], edx ; msvcrt.77C31AE8 7C930401 ^ E9 E90DFFFF jmp 7C9211EF 7C930406 57 push edi 7C930407 8BB8 B0010000 mov edi, [eax+1B0] 7C93040D 83C6 08 add esi, 8 7C930410 3BFE cmp edi, esi ; ntdll.ZwTerminateProcess 7C930412 0F85 B02E0300 jnz 7C9632C8 7C930418 8B0E mov ecx, [esi] 7C93041A 8988 B0010000 mov [eax+1B0], ecx 7C930420 5F pop edi ; ntdll.7C92E89A 7C930421 ^ E9 000EFFFF jmp 7C921226 7C930426 90 nop 7C930427 90 nop 7C930428 90 nop 7C930429 90 nop 7C93042A 90 nop 7C93042B > 64:A1 18000000 mov eax, fs:[18] 7C930431 8B40 30 mov eax, [eax+30] 7C930434 8B40 68 mov eax, [eax+68] 7C930437 C3 retn 7C930438 90 nop 7C930439 90 nop 7C93043A 90 nop 7C93043B 90 nop 7C93043C 90 nop 7C93043D > 68 A0000000 push 0A0 7C930442 68 7005937C push 7C930570 7C930447 E8 76E9FFFF call 7C92EDC2 7C93044C 8B7D 08 mov edi, [ebp+8] 7C93044F 897D C8 mov [ebp-38], edi 7C930452 33DB xor ebx, ebx 7C930454 885D E3 mov [ebp-1D], bl 7C930457 C645 E2 01 mov byte ptr [ebp-1E], 1 7C93045B 8B75 10 mov esi, [ebp+10] 7C93045E 3BF3 cmp esi, ebx 7C930460 0F84 00010000 je 7C930566 7C930466 80BF 86050000 0>cmp byte ptr [edi+586], 2 7C93046D 0F84 ED170200 je 7C951C60 7C930473 33C9 xor ecx, ecx 7C930475 3BCB cmp ecx, ebx 7C930477 0F85 EE170200 jnz 7C951C6B 7C93047D 8B5D 0C mov ebx, [ebp+C] ; RPCRT4.77E8F3B0 7C930480 0B5F 10 or ebx, [edi+10] 7C930483 F7C3 600F037D test ebx, 7D030F60 7C930489 0F85 14640100 jnz 7C9468A3 7C93048F 8B45 10 mov eax, [ebp+10] 7C930492 8D70 F8 lea esi, [eax-8] 7C930495 8365 FC 00 and dword ptr [ebp-4], 0 7C930499 A8 07 test al, 7 7C93049B 0F85 F8B90200 jnz 7C95BE99 7C9304A1 8A46 05 mov al, [esi+5] 7C9304A4 A8 01 test al, 1 7C9304A6 0F84 EDB90200 je 7C95BE99 7C9304AC 807E 07 40 cmp byte ptr [esi+7], 40 7C9304B0 0F83 E3B90200 jnb 7C95BE99 7C9304B6 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C9304BA 0FB70E movzx ecx, word ptr [esi] 7C9304BD C1E1 03 shl ecx, 3 7C9304C0 894D A0 mov [ebp-60], ecx 7C9304C3 A8 08 test al, 8 7C9304C5 75 2C jnz short 7C9304F3 7C9304C7 807E 07 FF cmp byte ptr [esi+7], 0FF 7C9304CB 73 1B jnb short 7C9304E8 7C9304CD E8 59FFFFFF call RtlGetNtGlobalFlags 7C9304D2 F6C4 08 test ah, 8 7C9304D5 75 11 jnz short 7C9304E8 7C9304D7 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C9304D9 C1E8 03 shr eax, 3 7C9304DC 3246 04 xor al, [esi+4] 7C9304DF 3247 04 xor al, [edi+4] 7C9304E2 0F85 31B80200 jnz 7C95BD19 7C9304E8 33C0 xor eax, eax 7C9304EA 40 inc eax 7C9304EB 85C0 test eax, eax 7C9304ED 0F84 33B80200 je 7C95BD26 7C9304F3 8A46 05 mov al, [esi+5] 7C9304F6 A8 E0 test al, 0E0 7C9304F8 0F85 04080000 jnz 7C930D02 7C9304FE 80BF 86050000 0>cmp byte ptr [edi+586], 1 7C930505 0F85 E7120000 jnz 7C9317F2 7C93050B 8B8F 80050000 mov ecx, [edi+580] 7C930511 85C9 test ecx, ecx 7C930513 0F84 E9070000 je 7C930D02 7C930519 66:83BF 8405000>cmp word ptr [edi+584], 0 7C930521 0F85 DB070000 jnz 7C930D02 7C930527 A8 08 test al, 8 7C930529 0F85 D3070000 jnz 7C930D02 7C93052F 0FB706 movzx eax, word ptr [esi] 7C930532 8945 E4 mov [ebp-1C], eax 7C930535 3D 80000000 cmp eax, 80 7C93053A 0F83 C2070000 jnb 7C930D02 7C930540 FF75 10 push dword ptr [ebp+10] 7C930543 8D0440 lea eax, [eax+eax*2] 7C930546 C1E0 04 shl eax, 4 7C930549 03C1 add eax, ecx 7C93054B 50 push eax 7C93054C E8 51000000 call 7C9305A2 7C930551 84C0 test al, al 7C930553 0F84 A9070000 je 7C930D02 7C930559 F605 F002FE7F 0>test byte ptr [7FFE02F0], 2 7C930560 0F85 E7B70200 jnz 7C95BD4D 7C930566 B0 01 mov al, 1 7C930568 E8 95E8FFFF call 7C92EE02 7C93056D C2 0C00 retn 0C 7C930570 FFFF ??? ; 未知命令 7C930572 FFFF ??? ; 未知命令 7C930574 C5BE 957CCEBE lds edi, [esi+BECE7C95] 7C93057A 95 xchg eax, ebp 7C93057B 7C FF jl short 7C93057C 7C93057D FFFF ??? ; 未知命令 7C93057F FF00 inc dword ptr [eax] 7C930581 0000 add [eax], al 7C930583 0012 add [edx], dl 7C930585 BE 957C9090 mov esi, 90907C95 7C93058A 90 nop 7C93058B 90 nop 7C93058C 90 nop 7C93058D 8BFF mov edi, edi 7C93058F 55 push ebp 7C930590 8BEC mov ebp, esp 7C930592 8B45 08 mov eax, [ebp+8] 7C930595 66:8B40 04 mov ax, [eax+4] 7C930599 5D pop ebp ; ntdll.7C92E89A 7C93059A C2 0400 retn 4 7C93059D 90 nop 7C93059E 90 nop 7C93059F 90 nop 7C9305A0 90 nop 7C9305A1 90 nop 7C9305A2 8BFF mov edi, edi 7C9305A4 55 push ebp 7C9305A5 8BEC mov ebp, esp 7C9305A7 56 push esi ; ntdll.ZwTerminateProcess 7C9305A8 8B75 08 mov esi, [ebp+8] 7C9305AB FF46 14 inc dword ptr [esi+14] 7C9305AE 56 push esi ; ntdll.ZwTerminateProcess 7C9305AF E8 D9FFFFFF call 7C93058D 7C9305B4 66:3B46 08 cmp ax, [esi+8] 7C9305B8 0F83 8E0A0000 jnb 7C93104C 7C9305BE 8B55 0C mov edx, [ebp+C] ; RPCRT4.77E8F3B0 7C9305C1 8BCE mov ecx, esi ; ntdll.ZwTerminateProcess 7C9305C3 E8 6729FFFF call 7C922F2F 7C9305C8 B0 01 mov al, 1 7C9305CA 5E pop esi ; ntdll.7C92E89A 7C9305CB 5D pop ebp ; ntdll.7C92E89A 7C9305CC C2 0800 retn 8 7C9305CF 90 nop 7C9305D0 90 nop 7C9305D1 90 nop 7C9305D2 90 nop 7C9305D3 90 nop 7C9305D4 > 68 04020000 push 204 7C9305D9 68 F006937C push 7C9306F0 7C9305DE E8 DFE7FFFF call 7C92EDC2 7C9305E3 8B5D 08 mov ebx, [ebp+8] 7C9305E6 895D E4 mov [ebp-1C], ebx 7C9305E9 33FF xor edi, edi 7C9305EB 897D D0 mov [ebp-30], edi 7C9305EE C645 E2 00 mov byte ptr [ebp-1E], 0 7C9305F2 897D CC mov [ebp-34], edi 7C9305F5 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C9305F8 0B43 10 or eax, [ebx+10] 7C9305FB 8945 0C mov [ebp+C], eax 7C9305FE A9 600F037D test eax, 7D030F60 7C930603 0F85 83AC0000 jnz 7C93B28C 7C930609 8B55 10 mov edx, [ebp+10] 7C93060C 81FA 00000080 cmp edx, 80000000 7C930612 0F83 74AC0000 jnb 7C93B28C 7C930618 80BB 86050000 0>cmp byte ptr [ebx+586], 2 7C93061F 0F84 46140200 je 7C951A6B 7C930625 85FF test edi, edi 7C930627 0F85 5F140200 jnz 7C951A8C 7C93062D 8B45 10 mov eax, [ebp+10] 7C930630 85C0 test eax, eax 7C930632 0F84 29060000 je 7C930C61 7C930638 83C0 0F add eax, 0F 7C93063B 83E0 F8 and eax, FFFFFFF8 7C93063E 8945 DC mov [ebp-24], eax 7C930641 85FF test edi, edi 7C930643 0F85 981E0200 jnz 7C9524E1 7C930649 8BF8 mov edi, eax 7C93064B C1EF 03 shr edi, 3 7C93064E 897D 9C mov [ebp-64], edi 7C930651 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C930653 80BB 86050000 0>cmp byte ptr [ebx+586], 1 7C93065A 0F85 7D110000 jnz 7C9317DD 7C930660 8B83 80050000 mov eax, [ebx+580] 7C930666 3BC6 cmp eax, esi ; ntdll.ZwTerminateProcess 7C930668 0F84 840C0000 je 7C9312F2 7C93066E 66:39B3 8405000>cmp [ebx+584], si 7C930675 0F85 770C0000 jnz 7C9312F2 7C93067B 81FF 80000000 cmp edi, 80 7C930681 0F83 6B0C0000 jnb 7C9312F2 7C930687 8D0C7F lea ecx, [edi+edi*2] 7C93068A C1E1 04 shl ecx, 4 7C93068D 8D3401 lea esi, [ecx+eax] 7C930690 8B46 0C mov eax, [esi+C] 7C930693 2B46 1C sub eax, [esi+1C] 7C930696 0FB74E 08 movzx ecx, word ptr [esi+8] 7C93069A C1E1 07 shl ecx, 7 7C93069D 3BC1 cmp eax, ecx 7C93069F 0F8D 1F0C0000 jge 7C9312C4 7C9306A5 56 push esi ; ntdll.ZwTerminateProcess 7C9306A6 E8 56000000 call 7C930701 7C9306AB 8BF0 mov esi, eax 7C9306AD 8975 D0 mov [ebp-30], esi ; ntdll.ZwTerminateProcess 7C9306B0 85F6 test esi, esi ; ntdll.ZwTerminateProcess 7C9306B2 0F84 5D0F0000 je 7C931615 7C9306B8 8D7E F8 lea edi, [esi-8] 7C9306BB 8A45 DC mov al, [ebp-24] 7C9306BE 8B4D 10 mov ecx, [ebp+10] 7C9306C1 2AC1 sub al, cl 7C9306C3 8847 06 mov [edi+6], al 7C9306C6 8BC7 mov eax, edi 7C9306C8 C1E8 03 shr eax, 3 7C9306CB 3243 04 xor al, [ebx+4] 7C9306CE 8847 04 mov [edi+4], al 7C9306D1 F645 0C 08 test byte ptr [ebp+C], 8 7C9306D5 75 6D jnz short 7C930744 7C9306D7 F605 F002FE7F 0>test byte ptr [7FFE02F0], 2 7C9306DE 0F85 1FB20200 jnz 7C95B903 7C9306E4 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C9306E6 E8 17E7FFFF call 7C92EE02 7C9306EB C2 0C00 retn 0C 7C9306EE 90 nop 7C9306EF 90 nop 7C9306F0 FFFF ??? ; 未知命令 7C9306F2 FFFF ??? ; 未知命令 7C9306F4 0000 add [eax], al 7C9306F6 0000 add [eax], al 7C9306F8 C5BB 957C9090 lds edi, [ebx+90907C95] 7C9306FE 90 nop 7C9306FF 90 nop 7C930700 90 nop 7C930701 6A 0C push 0C 7C930703 68 3807937C push 7C930738 7C930708 E8 B5E6FFFF call 7C92EDC2 7C93070D 8B75 08 mov esi, [ebp+8] 7C930710 FF46 0C inc dword ptr [esi+C] 7C930713 8365 FC 00 and dword ptr [ebp-4], 0 7C930717 8BCE mov ecx, esi ; ntdll.ZwTerminateProcess 7C930719 E8 E827FFFF call 7C922F06 7C93071E 8945 E4 mov [ebp-1C], eax 7C930721 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C930725 85C0 test eax, eax 7C930727 0F84 EF0E0000 je 7C93161C 7C93072D E8 D0E6FFFF call 7C92EE02 7C930732 C2 0400 retn 4 7C930735 90 nop 7C930736 90 nop 7C930737 90 nop 7C930738 FFFF ??? ; 未知命令 7C93073A FFFF ??? ; 未知命令 7C93073C 5D pop ebp ; ntdll.7C92E89A 7C93073D ^ E0 96 loopdne short 7C9306D5 7C93073F 7C 66 jl short 7C9307A7 7C930741 ^ E0 96 loopdne short 7C9306D9 7C930743 7C 33 jl short 7C930778 7C930745 C08B FE8BD1C1 E>ror byte ptr [ebx+C1D18BFE], 0E9 7C93074C 02F3 add dh, bl 7C93074E AB stos dword ptr es:[edi] 7C93074F 8BCA mov ecx, edx ; msvcrt.77C31AE8 7C930751 83E1 03 and ecx, 3 7C930754 F3:AA rep stos byte ptr es:[edi] 7C930756 ^ E9 7CFFFFFF jmp 7C9306D7 7C93075B 90 nop 7C93075C 90 nop 7C93075D 90 nop 7C93075E 90 nop 7C93075F 90 nop 7C930760 8BFF mov edi, edi 7C930762 55 push ebp 7C930763 8BEC mov ebp, esp 7C930765 83EC 1C sub esp, 1C 7C930768 53 push ebx 7C930769 56 push esi ; ntdll.ZwTerminateProcess 7C93076A 57 push edi 7C93076B 33DB xor ebx, ebx 7C93076D BF A0C3997C mov edi, 7C99C3A0 7C930772 BE 80C3997C mov esi, 7C99C380 7C930777 834D F0 FF or dword ptr [ebp-10], FFFFFFFF 7C93077B 8D45 EC lea eax, [ebp-14] 7C93077E 50 push eax 7C93077F 8D45 E4 lea eax, [ebp-1C] 7C930782 50 push eax 7C930783 8D45 FC lea eax, [ebp-4] 7C930786 50 push eax 7C930787 8D45 F8 lea eax, [ebp-8] 7C93078A 50 push eax 7C93078B FF35 64C0997C push dword ptr [7C99C064] 7C930791 C745 EC 007C28E>mov dword ptr [ebp-14], E8287C00 7C930798 E8 72DBFFFF call ZwRemoveIoCompletion 7C93079D 3BC3 cmp eax, ebx 7C93079F 0F84 326E0100 je 7C9475D7 7C9307A5 3D 02010000 cmp eax, 102 7C9307AA ^ 75 CB jnz short 7C930777 7C9307AC 56 push esi ; ntdll.ZwTerminateProcess 7C9307AD E8 5308FFFF call RtlEnterCriticalSection 7C9307B2 A1 5CC0997C mov eax, [7C99C05C] 7C9307B7 83F8 01 cmp eax, 1 7C9307BA 0F87 A8030000 ja 7C930B68 7C9307C0 391D 60C0997C cmp [7C99C060], ebx 7C9307C6 75 14 jnz short 7C9307DC 7C9307C8 391D 68C0997C cmp [7C99C068], ebx 7C9307CE 75 0C jnz short 7C9307DC 7C9307D0 391D 6CC0997C cmp [7C99C06C], ebx 7C9307D6 0F84 53030000 je 7C930B2F 7C9307DC 56 push esi ; ntdll.ZwTerminateProcess 7C9307DD E8 0B09FFFF call RtlLeaveCriticalSection 7C9307E2 ^ EB 93 jmp short 7C930777 7C9307E4 90 nop 7C9307E5 90 nop 7C9307E6 90 nop 7C9307E7 90 nop 7C9307E8 90 nop 7C9307E9 6A 0C push 0C 7C9307EB 68 3808937C push 7C930838 7C9307F0 E8 CDE5FFFF call 7C92EDC2 7C9307F5 33C0 xor eax, eax 7C9307F7 8B4D 08 mov ecx, [ebp+8] 7C9307FA 85C9 test ecx, ecx 7C9307FC 74 30 je short 7C93082E 7C9307FE 83F9 FF cmp ecx, -1 7C930801 74 2B je short 7C93082E 7C930803 2145 FC and [ebp-4], eax 7C930806 66:8139 4D5A cmp word ptr [ecx], 5A4D 7C93080B 75 1D jnz short 7C93082A 7C93080D 8B51 3C mov edx, [ecx+3C] 7C930810 81FA 00000010 cmp edx, 10000000 7C930816 73 12 jnb short 7C93082A 7C930818 8D040A lea eax, [edx+ecx] 7C93081B 8945 E4 mov [ebp-1C], eax 7C93081E 8138 50450000 cmp dword ptr [eax], 4550 7C930824 0F85 8B830200 jnz 7C958BB5 7C93082A 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C93082E E8 CFE5FFFF call 7C92EE02 7C930833 C2 0400 retn 4 7C930836 90 nop 7C930837 90 nop 7C930838 FFFF ??? ; 未知命令 7C93083A FFFF ??? ; 未知命令 7C93083C FEC5 inc ch 7C93083E 95 xchg eax, ebp 7C93083F 7C 07 jl short 7C930848 7C930841 C6 ??? ; 未知命令 7C930842 95 xchg eax, ebp 7C930843 ^ 7C 90 jl short 7C9307D5 7C930845 90 nop 7C930846 90 nop 7C930847 90 nop 7C930848 90 nop 7C930849 > 8BFF mov edi, edi 7C93084B 55 push ebp 7C93084C 8BEC mov ebp, esp 7C93084E 5D pop ebp ; ntdll.7C92E89A 7C93084F ^ EB 98 jmp short 7C9307E9 7C930851 90 nop 7C930852 90 nop 7C930853 90 nop 7C930854 90 nop 7C930855 90 nop 7C930856 > 8BFF mov edi, edi 7C930858 55 push ebp 7C930859 8BEC mov ebp, esp 7C93085B 53 push ebx 7C93085C 8B5D 08 mov ebx, [ebp+8] 7C93085F F6C3 01 test bl, 1 7C930862 0F85 BE250000 jnz 7C932E26 7C930868 53 push ebx 7C930869 E8 7BFFFFFF call 7C9307E9 7C93086E 85C0 test eax, eax 7C930870 0F84 BC250000 je 7C932E32 7C930876 66:8B48 18 mov cx, [eax+18] 7C93087A 66:81F9 0B01 cmp cx, 10B 7C93087F 0F85 E17C0300 jnz 7C968566 7C930885 50 push eax 7C930886 FF75 14 push dword ptr [ebp+14] 7C930889 FF75 10 push dword ptr [ebp+10] 7C93088C FF75 0C push dword ptr [ebp+C] ; RPCRT4.77E8F3B0 7C93088F 53 push ebx 7C930890 E8 0A000000 call 7C93089F 7C930895 5B pop ebx ; ntdll.7C92E89A 7C930896 5D pop ebp ; ntdll.7C92E89A 7C930897 C2 1000 retn 10 7C93089A 90 nop 7C93089B 90 nop 7C93089C 90 nop 7C93089D 90 nop 7C93089E 90 nop 7C93089F 8BFF mov edi, edi 7C9308A1 55 push ebp 7C9308A2 8BEC mov ebp, esp 7C9308A4 0FB74D 10 movzx ecx, word ptr [ebp+10] 7C9308A8 8B45 18 mov eax, [ebp+18] ; trscd.00454965 7C9308AB 3B48 74 cmp ecx, [eax+74] 7C9308AE 0F83 9E030000 jnb 7C930C52 7C9308B4 8B54C8 78 mov edx, [eax+ecx*8+78] 7C9308B8 85D2 test edx, edx ; msvcrt.77C31AE8 7C9308BA 0F84 92030000 je 7C930C52 7C9308C0 807D 0C 00 cmp byte ptr [ebp+C], 0 7C9308C4 8B4CC8 7C mov ecx, [eax+ecx*8+7C] 7C9308C8 56 push esi ; ntdll.ZwTerminateProcess 7C9308C9 8B75 14 mov esi, [ebp+14] 7C9308CC 890E mov [esi], ecx 7C9308CE 5E pop esi ; ntdll.7C92E89A 7C9308CF 0F84 C0240000 je 7C932D95 7C9308D5 8B45 08 mov eax, [ebp+8] 7C9308D8 03C2 add eax, edx ; msvcrt.77C31AE8 7C9308DA 5D pop ebp ; ntdll.7C92E89A 7C9308DB C2 1400 retn 14 7C9308DE 90 nop 7C9308DF 90 nop 7C9308E0 90 nop 7C9308E1 90 nop 7C9308E2 90 nop 7C9308E3 90 nop 7C9308E4 90 nop 7C9308E5 90 nop 7C9308E6 90 nop 7C9308E7 90 nop 7C9308E8 90 nop 7C9308E9 90 nop 7C9308EA 90 nop 7C9308EB 90 nop 7C9308EC 90 nop 7C9308ED 90 nop 7C9308EE 90 nop 7C9308EF 90 nop 7C9308F0 > 8BFF mov edi, edi 7C9308F2 55 push ebp 7C9308F3 8BEC mov ebp, esp 7C9308F5 66:8B55 08 mov dx, [ebp+8] 7C9308F9 66:83FA 61 cmp dx, 61 7C9308FD 72 14 jb short 7C930913 7C9308FF 66:83FA 7A cmp dx, 7A 7C930903 0F87 BEE60100 ja 7C94EFC7 7C930909 0FB7C2 movzx eax, dx 7C93090C 83E8 20 sub eax, 20 7C93090F 5D pop ebp ; ntdll.7C92E89A 7C930910 C2 0400 retn 4 7C930913 0FB7C2 movzx eax, dx 7C930916 ^ EB F7 jmp short 7C93090F 7C930918 90 nop 7C930919 90 nop 7C93091A 90 nop 7C93091B 90 nop 7C93091C 90 nop 7C93091D > 6A 18 push 18 7C93091F 68 5009937C push 7C930950 7C930924 E8 99E4FFFF call 7C92EDC2 7C930929 64:A1 18000000 mov eax, fs:[18] 7C93092F 8B40 30 mov eax, [eax+30] 7C930932 8945 E0 mov [ebp-20], eax 7C930935 8B48 20 mov ecx, [eax+20] 7C930938 894D E4 mov [ebp-1C], ecx 7C93093B 8365 FC 00 and dword ptr [ebp-4], 0 7C93093F FF70 1C push dword ptr [eax+1C] 7C930942 FF55 E4 call [ebp-1C] 7C930945 834D FC FF or dword ptr [ebp-4], FFFFFFFF 7C930949 E8 B4E4FFFF call 7C92EE02 7C93094E C3 retn 7C93094F 90 nop 7C930950 FFFF ??? ; 未知命令 7C930952 FFFF ??? ; 未知命令 7C930954 45 inc ebp 7C930955 C2 957C retn 7C95 7C930958 5E pop esi ; ntdll.7C92E89A 7C930959 C2 957C retn 7C95 7C93095C 90 nop 7C93095D 90 nop 7C93095E 90 nop 7C93095F 90 nop 7C930960 90 nop 7C930961 > 64:A1 18000000 mov eax, fs:[18] 7C930967 8B40 30 mov eax, [eax+30] 7C93096A FF70 1C push dword ptr [eax+1C] 7C93096D FF50 24 call [eax+24] 7C930970 C3 retn 7C930971 90 nop 7C930972 90 nop 7C930973 90 nop 7C930974 90 nop 7C930975 90 nop 7C930976 > 8BFF mov edi, edi 7C930978 55 push ebp 7C930979 8BEC mov ebp, esp 7C93097B 57 push edi 7C93097C 8B7D 08 mov edi, [ebp+8] 7C93097F 8B47 04 mov eax, [edi+4] 7C930982 85C0 test eax, eax 7C930984 75 05 jnz short 7C93098B 7C930986 5F pop edi ; ntdll.7C92E89A 7C930987 5D pop ebp ; ntdll.7C92E89A 7C930988 C2 0400 retn 4 7C93098B 50 push eax 7C93098C FF15 9809937C call [7C930998] ; ntdll.7C9309A1 7C930992 33C0 xor eax, eax 7C930994 AB stos dword ptr es:[edi] 7C930995 AB stos dword ptr es:[edi] 7C930996 ^ EB EE jmp short 7C930986 7C930998 A1 09937C90 mov eax, [907C9309] 7C93099D 90 nop 7C93099E 90 nop 7C93099F 90 nop 7C9309A0 90 nop 7C9309A1 8BFF mov edi, edi 7C9309A3 55 push ebp 7C9309A4 8BEC mov ebp, esp 7C9309A6 64:A1 18000000 mov eax, fs:[18] 7C9309AC FF75 08 push dword ptr [ebp+8] 7C9309AF 8B40 30 mov eax, [eax+30] 7C9309B2 6A 00 push 0 7C9309B4 FF70 18 push dword ptr [eax+18] 7C9309B7 E8 81FAFFFF call RtlFreeHeap 7C9309BC 5D pop ebp ; ntdll.7C92E89A 7C9309BD C2 0400 retn 4 7C9309C0 C9 leave 7C9309C1 0993 7C909090 or [ebx+9090907C], edx ; msvcrt.77C31AE8 7C9309C7 90 nop 7C9309C8 90 nop 7C9309C9 8BFF mov edi, edi 7C9309CB 55 push ebp 7C9309CC 8BEC mov ebp, esp 7C9309CE 64:A1 18000000 mov eax, fs:[18] 7C9309D4 FF75 08 push dword ptr [ebp+8] 7C9309D7 8B40 30 mov eax, [eax+30] 7C9309DA 6A 00 push 0 7C9309DC FF70 18 push dword ptr [eax+18] 7C9309DF E8 F0FBFFFF call RtlAllocateHeap 7C9309E4 5D pop ebp ; ntdll.7C92E89A 7C9309E5 C2 0400 retn 4 7C9309E8 90 nop 7C9309E9 90 nop 7C9309EA 90 nop 7C9309EB 90 nop 7C9309EC 90 nop 7C9309ED > 8BFF mov edi, edi 7C9309EF 55 push ebp 7C9309F0 8BEC mov ebp, esp 7C9309F2 8B45 0C mov eax, [ebp+C] ; RPCRT4.77E8F3B0 7C9309F5 57 push edi 7C9309F6 8B7D 08 mov edi, [ebp+8] 7C9309F9 0B47 10 or eax, [edi+10] 7C9309FC A9 00000269 test eax, 69020000 7C930A01 0F85 4F8D0300 jnz 7C969756 7C930A07 8B45 10 mov eax, [ebp+10] 7C930A0A 8A48 FD mov cl, [eax-3] 7C930A0D 83C0 F8 add eax, -8 7C930A10 F6C1 01 test cl, 1 7C930A13 56 push esi ; ntdll.ZwTerminateProcess 7C930A14 0F84 568D0300 je 7C969770 7C930A1A F6C1 08 test cl, 8 7C930A1D 0F85 778D0300 jnz 7C96979A 7C930A23 8078 07 FF cmp byte ptr [eax+7], 0FF 7C930A27 8B15 54C0997C mov edx, [7C99C054] 7C930A2D 0F84 43100200 je 7C951A76 7C930A33 0FB730 movzx esi, word ptr [eax] 7C930A36 8A48 06 mov cl, [eax+6] 7C930A39 80F9 FF cmp cl, 0FF 7C930A3C 0F83 411E0200 jnb 7C952883 7C930A42 0FB6C1 movzx eax, cl 7C930A45 C1E6 03 shl esi, 3 7C930A48 2BF0 sub esi, eax 7C930A4A 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C930A4C 5E pop esi ; ntdll.7C92E89A 7C930A4D 5F pop edi ; ntdll.7C92E89A 7C930A4E 5D pop ebp ; ntdll.7C92E89A 7C930A4F C2 0C00 retn 0C 7C930A52 90 nop 7C930A53 90 nop 7C930A54 90 nop 7C930A55 90 nop 7C930A56 90 nop 7C930A57 > 8BFF mov edi, edi 7C930A59 55 push ebp 7C930A5A 8BEC mov ebp, esp 7C930A5C 56 push esi ; ntdll.ZwTerminateProcess 7C930A5D 8B75 08 mov esi, [ebp+8] 7C930A60 85F6 test esi, esi ; ntdll.ZwTerminateProcess 7C930A62 74 21 je short 7C930A85 7C930A64 8D46 FF lea eax, [esi-1] 7C930A67 83C8 07 or eax, 7 7C930A6A 83F8 FF cmp eax, -1 7C930A6D 74 16 je short 7C930A85 7C930A6F 833E FF cmp dword ptr [esi], -1 7C930A72 74 11 je short 7C930A85 7C930A74 83C8 FF or eax, FFFFFFFF 7C930A77 F0:0FC106 lock xadd [esi], eax 7C930A7B 48 dec eax 7C930A7C 8945 08 mov [ebp+8], eax 7C930A7F 0F84 13DE0000 je 7C93E898 7C930A85 5E pop esi ; ntdll.7C92E89A 7C930A86 5D pop ebp ; ntdll.7C92E89A 7C930A87 C2 0400 retn 4 7C930A8A 90 nop 7C930A8B 90 nop 7C930A8C 90 nop 7C930A8D 90 nop 7C930A8E 90 nop 7C930A8F > 8BFF mov edi, edi 7C930A91 55 push ebp 7C930A92 8BEC mov ebp, esp 7C930A94 8B4D 10 mov ecx, [ebp+10] 7C930A97 85C9 test ecx, ecx 7C930A99 56 push esi ; ntdll.ZwTerminateProcess 7C930A9A 57 push edi 7C930A9B 8B7D 08 mov edi, [ebp+8] 7C930A9E 8BF7 mov esi, edi 7C930AA0 74 1D je short 7C930ABF 7C930AA2 8B55 0C mov edx, [ebp+C] ; RPCRT4.77E8F3B0 7C930AA5 66:8B02 mov ax, [edx] 7C930AA8 66:8907 mov [edi], ax 7C930AAB 47 inc edi 7C930AAC 47 inc edi 7C930AAD 42 inc edx ; msvcrt.77C31AE8 7C930AAE 42 inc edx ; msvcrt.77C31AE8 7C930AAF 66:85C0 test ax, ax 7C930AB2 74 03 je short 7C930AB7 7C930AB4 49 dec ecx 7C930AB5 ^ 75 EE jnz short 7C930AA5 7C930AB7 85C9 test ecx, ecx 7C930AB9 0F85 7E980000 jnz 7C93A33D 7C930ABF 5F pop edi ; ntdll.7C92E89A 7C930AC0 8BC6 mov eax, esi ; ntdll.ZwTerminateProcess 7C930AC2 5E pop esi ; ntdll.7C92E89A 7C930AC3 5D pop ebp ; ntdll.7C92E89A 7C930AC4 C3 retn 7C930AC5 90 nop 7C930AC6 90 nop 7C930AC7 90 nop 7C930AC8 90 nop 7C930AC9 90 nop 7C930ACA 8BFF mov edi, edi 7C930ACC 55 push ebp 7C930ACD 8BEC mov ebp, esp 7C930ACF 83EC 0C sub esp, 0C 7C930AD2 53 push ebx 7C930AD3 56 push esi ; ntdll.ZwTerminateProcess 7C930AD4 8B75 08 mov esi, [ebp+8] 7C930AD7 57 push edi 7C930AD8 C745 FC 409C000>mov dword ptr [ebp-4], 9C40 7C930ADF BF 80C3997C mov edi, 7C99C380 7C930AE4 33DB xor ebx, ebx 7C930AE6 8B45 FC mov eax, [ebp-4] 7C930AE9 6A FF push -1 7C930AEB 99 cdq 7C930AEC 68 F0D8FFFF push -2710 7C930AF1 52 push edx ; msvcrt.77C31AE8 7C930AF2 50 push eax 7C930AF3 E8 D80EFFFF call _allmul 7C930AF8 8945 F4 mov [ebp-C], eax 7C930AFB 8D45 F4 lea eax, [ebp-C] 7C930AFE 50 push eax 7C930AFF 6A 01 push 1 7C930B01 8955 F8 mov [ebp-8], edx ; msvcrt.77C31AE8 7C930B04 E8 47CDFFFF call ZwDelayExecution 7C930B09 85C0 test eax, eax 7C930B0B ^ 75 D9 jnz short 7C930AE6 7C930B0D 57 push edi 7C930B0E E8 F204FFFF call RtlEnterCriticalSection 7C930B13 F646 0C 40 test byte ptr [esi+C], 40 7C930B17 0F84 A7880000 je 7C9393C4 7C930B1D 895D F4 mov [ebp-C], ebx 7C930B20 C745 F8 0000008>mov dword ptr [ebp-8], 80000000 7C930B27 57 push edi 7C930B28 E8 C005FFFF call RtlLeaveCriticalSection 7C930B2D ^ EB B7 jmp short 7C930AE6 7C930B2F 53 push ebx 7C930B30 6A 04 push 4 7C930B32 8D45 F4 lea eax, [ebp-C] 7C930B35 50 push eax 7C930B36 6A 10 push 10 7C930B38 6A FE push -2 7C930B3A E8 F1D4FFFF call ZwQueryInformationThread 7C930B3F 85C0 test eax, eax 7C930B41 ^ 0F8C 95FCFFFF jl 7C9307DC 7C930B47 395D F4 cmp [ebp-C], ebx 7C930B4A ^ 0F85 8CFCFFFF jnz 7C9307DC 7C930B50 FF0D 5CC0997C dec dword ptr [7C99C05C] 7C930B56 56 push esi ; ntdll.ZwTerminateProcess 7C930B57 E8 9105FFFF call RtlLeaveCriticalSection 7C930B5C 53 push ebx 7C930B5D FF15 A4C1997C call [7C99C1A4] ; kernel32.7C80C92C 7C930B63 ^ E9 0FFCFFFF jmp 7C930777 7C930B68 8B0D 70C0997C mov ecx, [7C99C070] 7C930B6E 8BD0 mov edx, eax 7C930B70 2BD1 sub edx, ecx 7C930B72 3BC8 cmp ecx, eax 7C930B74 1BC0 sbb eax, eax 7C930B76 23C2 and eax, edx ; msvcrt.77C31AE8 7C930B78 3B05 60C0997C cmp eax, [7C99C060] 7C930B7E ^ 0F86 58FCFFFF jbe 7C9307DC 7C930B84 83F8 01 cmp eax, 1 7C930B87 ^ 0F86 4FFCFFFF jbe 7C9307DC 7C930B8D ^ EB A0 jmp short 7C930B2F 7C930B8F 90 nop 7C930B90 90 nop 7C930B91 90 nop 7C930B92 90 nop 7C930B93 90 nop 7C930B94 8BFF mov edi, edi 7C930B96 55 push ebp 7C930B97 8BEC mov ebp, esp 7C930B99 8B55 0C mov edx, [ebp+C] ; RPCRT4.77E8F3B0 7C930B9C 0FB70A movzx ecx, word ptr [edx] 7C930B9F 81F9 80000000 cmp ecx, 80 7C930BA5 8B45 08 mov eax, [ebp+8] 7C930BA8 56 push esi ; ntdll.ZwTerminateProcess 7C930BA9 8BB0 70010000 mov esi, [eax+170] 7C930BAF 894D 08 mov [ebp+8], ecx 7C930BB2 72 0E jb short 7C930BC2 7C930BB4 FF88 6C010000 dec dword ptr [eax+16C] 7C930BBA 85F6 test esi, esi ; ntdll.ZwTerminateProcess 7C930BBC 0F85 95150000 jnz 7C932157 7C930BC2 5E pop esi ; ntdll.7C92E89A 7C930BC3 5D pop ebp ; ntdll.7C92E89A |
|
[讨论]程序分析!
7C92D8C5 C2 0C00 retn 0C 7C92D8C8 90 nop 7C92D8C9 90 nop 7C92D8CA 90 nop 7C92D8CB 90 nop 7C92D8CC 90 nop 7C92D8CD 90 nop 7C92D8CE > B8 41000000 mov eax, 41 7C92D8D3 BA 0003FE7F mov edx, 7FFE0300 7C92D8D8 FF12 call [edx] ; ntdll.7C99C8E0 7C92D8DA C2 0800 retn 8 7C92D8DD 90 nop 7C92D8DE 90 nop 7C92D8DF 90 nop 7C92D8E0 90 nop 7C92D8E1 90 nop 7C92D8E2 90 nop 7C92D8E3 > B8 42000000 mov eax, 42 7C92D8E8 BA 0003FE7F mov edx, 7FFE0300 7C92D8ED FF12 call [edx] ; ntdll.7C99C8E0 7C92D8EF C2 2800 retn 28 7C92D8F2 90 nop 7C92D8F3 90 nop 7C92D8F4 90 nop 7C92D8F5 90 nop 7C92D8F6 90 nop 7C92D8F7 90 nop 7C92D8F8 > B8 43000000 mov eax, 43 7C92D8FD BA 0003FE7F mov edx, 7FFE0300 7C92D902 FF12 call [edx] ; ntdll.7C99C8E0 7C92D904 C2 0400 retn 4 7C92D907 90 nop 7C92D908 90 nop 7C92D909 90 nop 7C92D90A 90 nop 7C92D90B 90 nop 7C92D90C 90 nop 7C92D90D > B8 44000000 mov eax, 44 7C92D912 BA 0003FE7F mov edx, 7FFE0300 7C92D917 FF12 call [edx] ; ntdll.7C99C8E0 7C92D919 C2 1C00 retn 1C 7C92D91C 90 nop 7C92D91D 90 nop 7C92D91E 90 nop 7C92D91F 90 nop 7C92D920 90 nop 7C92D921 90 nop 7C92D922 > B8 45000000 mov eax, 45 7C92D927 BA 0003FE7F mov edx, 7FFE0300 7C92D92C FF12 call [edx] ; ntdll.7C99C8E0 7C92D92E C2 1800 retn 18 7C92D931 90 nop 7C92D932 90 nop 7C92D933 90 nop 7C92D934 90 nop 7C92D935 90 nop 7C92D936 90 nop 7C92D937 > B8 46000000 mov eax, 46 7C92D93C BA 0003FE7F mov edx, 7FFE0300 7C92D941 FF12 call [edx] ; ntdll.7C99C8E0 7C92D943 C2 0800 retn 8 7C92D946 90 nop 7C92D947 90 nop 7C92D948 90 nop 7C92D949 90 nop 7C92D94A 90 nop 7C92D94B 90 nop 7C92D94C > B8 47000000 mov eax, 47 7C92D951 BA 0003FE7F mov edx, 7FFE0300 7C92D956 FF12 call [edx] ; ntdll.7C99C8E0 7C92D958 C2 1800 retn 18 7C92D95B 90 nop 7C92D95C 90 nop 7C92D95D 90 nop 7C92D95E 90 nop 7C92D95F 90 nop 7C92D960 90 nop 7C92D961 > B8 48000000 mov eax, 48 7C92D966 BA 0003FE7F mov edx, 7FFE0300 7C92D96B FF12 call [edx] ; ntdll.7C99C8E0 7C92D96D C2 0C00 retn 0C 7C92D970 90 nop 7C92D971 90 nop 7C92D972 90 nop 7C92D973 90 nop 7C92D974 90 nop 7C92D975 90 nop 7C92D976 > B8 49000000 mov eax, 49 7C92D97B BA 0003FE7F mov edx, 7FFE0300 7C92D980 FF12 call [edx] ; ntdll.7C99C8E0 7C92D982 C2 1800 retn 18 7C92D985 90 nop 7C92D986 90 nop 7C92D987 90 nop 7C92D988 90 nop 7C92D989 90 nop 7C92D98A 90 nop 7C92D98B > B8 4A000000 mov eax, 4A 7C92D990 BA 0003FE7F mov edx, 7FFE0300 7C92D995 FF12 call [edx] ; ntdll.7C99C8E0 7C92D997 C2 0800 retn 8 7C92D99A 90 nop 7C92D99B 90 nop 7C92D99C 90 nop 7C92D99D 90 nop 7C92D99E 90 nop 7C92D99F 90 nop 7C92D9A0 > B8 4B000000 mov eax, 4B 7C92D9A5 BA 0003FE7F mov edx, 7FFE0300 7C92D9AA FF12 call [edx] ; ntdll.7C99C8E0 7C92D9AC C2 1800 retn 18 7C92D9AF 90 nop 7C92D9B0 90 nop 7C92D9B1 90 nop 7C92D9B2 90 nop 7C92D9B3 90 nop 7C92D9B4 90 nop 7C92D9B5 > B8 4C000000 mov eax, 4C 7C92D9BA BA 0003FE7F mov edx, 7FFE0300 7C92D9BF FF12 call [edx] ; ntdll.7C99C8E0 7C92D9C1 C2 0C00 retn 0C 7C92D9C4 90 nop 7C92D9C5 90 nop 7C92D9C6 90 nop 7C92D9C7 90 nop 7C92D9C8 90 nop 7C92D9C9 90 nop 7C92D9CA > B8 4D000000 mov eax, 4D 7C92D9CF BA 0003FE7F mov edx, 7FFE0300 7C92D9D4 FF12 call [edx] ; ntdll.7C99C8E0 7C92D9D6 C2 0800 retn 8 7C92D9D9 90 nop 7C92D9DA 90 nop 7C92D9DB 90 nop 7C92D9DC 90 nop 7C92D9DD 90 nop 7C92D9DE 90 nop 7C92D9DF > B8 4E000000 mov eax, 4E 7C92D9E4 BA 0003FE7F mov edx, 7FFE0300 7C92D9E9 FF12 call [edx] ; ntdll.7C99C8E0 7C92D9EB C2 0C00 retn 0C 7C92D9EE 90 nop 7C92D9EF 90 nop 7C92D9F0 90 nop 7C92D9F1 90 nop 7C92D9F2 90 nop 7C92D9F3 90 nop 7C92D9F4 > B8 4F000000 mov eax, 4F 7C92D9F9 BA 0003FE7F mov edx, 7FFE0300 7C92D9FE FF12 call [edx] ; ntdll.7C99C8E0 7C92DA00 C2 0400 retn 4 7C92DA03 90 nop 7C92DA04 90 nop 7C92DA05 90 nop 7C92DA06 90 nop 7C92DA07 90 nop 7C92DA08 90 nop 7C92DA09 > B8 50000000 mov eax, 50 7C92DA0E BA 0003FE7F mov edx, 7FFE0300 7C92DA13 FF12 call [edx] ; ntdll.7C99C8E0 7C92DA15 C2 1000 retn 10 7C92DA18 90 nop 7C92DA19 90 nop 7C92DA1A 90 nop 7C92DA1B 90 nop 7C92DA1C 90 nop 7C92DA1D 90 nop 7C92DA1E > B8 51000000 mov eax, 51 7C92DA23 BA 0003FE7F mov edx, 7FFE0300 7C92DA28 FF12 call [edx] ; ntdll.7C99C8E0 7C92DA2A C3 retn 7C92DA2B 8D49 00 lea ecx, [ecx] 7C92DA2E 90 nop 7C92DA2F 90 nop 7C92DA30 90 nop 7C92DA31 90 nop 7C92DA32 90 nop 7C92DA33 > B8 52000000 mov eax, 52 7C92DA38 BA 0003FE7F mov edx, 7FFE0300 7C92DA3D FF12 call [edx] ; ntdll.7C99C8E0 7C92DA3F C2 0C00 retn 0C 7C92DA42 90 nop 7C92DA43 90 nop 7C92DA44 90 nop 7C92DA45 90 nop 7C92DA46 90 nop 7C92DA47 90 nop 7C92DA48 > B8 53000000 mov eax, 53 7C92DA4D BA 0003FE7F mov edx, 7FFE0300 7C92DA52 FF12 call [edx] ; ntdll.7C99C8E0 7C92DA54 C2 1000 retn 10 7C92DA57 90 nop 7C92DA58 90 nop 7C92DA59 90 nop 7C92DA5A 90 nop 7C92DA5B 90 nop 7C92DA5C 90 nop 7C92DA5D > B8 54000000 mov eax, 54 7C92DA62 BA 0003FE7F mov edx, 7FFE0300 7C92DA67 FF12 call [edx] ; ntdll.7C99C8E0 7C92DA69 C2 2800 retn 28 7C92DA6C 90 nop 7C92DA6D 90 nop 7C92DA6E 90 nop 7C92DA6F 90 nop 7C92DA70 90 nop 7C92DA71 90 nop 7C92DA72 > B8 55000000 mov eax, 55 7C92DA77 BA 0003FE7F mov edx, 7FFE0300 7C92DA7C FF12 call [edx] ; ntdll.7C99C8E0 7C92DA7E C2 0800 retn 8 7C92DA81 90 nop 7C92DA82 90 nop 7C92DA83 90 nop 7C92DA84 90 nop 7C92DA85 90 nop 7C92DA86 90 nop 7C92DA87 > B8 56000000 mov eax, 56 7C92DA8C BA 0003FE7F mov edx, 7FFE0300 7C92DA91 FF12 call [edx] ; ntdll.7C99C8E0 7C92DA93 C2 0800 retn 8 7C92DA96 90 nop 7C92DA97 90 nop 7C92DA98 90 nop 7C92DA99 90 nop 7C92DA9A 90 nop 7C92DA9B 90 nop 7C92DA9C > B8 57000000 mov eax, 57 7C92DAA1 BA 0003FE7F mov edx, 7FFE0300 7C92DAA6 FF12 call [edx] ; ntdll.7C99C8E0 7C92DAA8 C2 1000 retn 10 7C92DAAB 90 nop 7C92DAAC 90 nop 7C92DAAD 90 nop 7C92DAAE 90 nop 7C92DAAF 90 nop 7C92DAB0 90 nop 7C92DAB1 > B8 58000000 mov eax, 58 7C92DAB6 BA 0003FE7F mov edx, 7FFE0300 7C92DABB FF12 call [edx] ; ntdll.7C99C8E0 7C92DABD C2 1C00 retn 1C 7C92DAC0 90 nop 7C92DAC1 90 nop 7C92DAC2 90 nop 7C92DAC3 90 nop 7C92DAC4 90 nop 7C92DAC5 90 nop 7C92DAC6 > B8 59000000 mov eax, 59 7C92DACB BA 0003FE7F mov edx, 7FFE0300 7C92DAD0 FF12 call [edx] ; ntdll.7C99C8E0 7C92DAD2 C2 0400 retn 4 7C92DAD5 90 nop 7C92DAD6 90 nop 7C92DAD7 90 nop 7C92DAD8 90 nop 7C92DAD9 90 nop 7C92DADA 90 nop 7C92DADB > B8 5A000000 mov eax, 5A 7C92DAE0 BA 0003FE7F mov edx, 7FFE0300 7C92DAE5 FF12 call [edx] ; ntdll.7C99C8E0 7C92DAE7 C2 0800 retn 8 7C92DAEA 90 nop 7C92DAEB 90 nop 7C92DAEC 90 nop 7C92DAED 90 nop 7C92DAEE 90 nop 7C92DAEF 90 nop 7C92DAF0 > B8 5B000000 mov eax, 5B 7C92DAF5 BA 0003FE7F mov edx, 7FFE0300 7C92DAFA FF12 call [edx] ; ntdll.7C99C8E0 7C92DAFC C2 0C00 retn 0C 7C92DAFF 90 nop 7C92DB00 90 nop 7C92DB01 90 nop 7C92DB02 90 nop 7C92DB03 90 nop 7C92DB04 90 nop 7C92DB05 > B8 5C000000 mov eax, 5C 7C92DB0A BA 0003FE7F mov edx, 7FFE0300 7C92DB0F FF12 call [edx] ; ntdll.7C99C8E0 7C92DB11 C2 0400 retn 4 7C92DB14 90 nop 7C92DB15 90 nop 7C92DB16 90 nop 7C92DB17 90 nop 7C92DB18 90 nop 7C92DB19 90 nop 7C92DB1A > B8 5D000000 mov eax, 5D 7C92DB1F BA 0003FE7F mov edx, 7FFE0300 7C92DB24 FF12 call [edx] ; ntdll.7C99C8E0 7C92DB26 C2 1000 retn 10 7C92DB29 90 nop 7C92DB2A 90 nop 7C92DB2B 90 nop 7C92DB2C 90 nop 7C92DB2D 90 nop 7C92DB2E 90 nop 7C92DB2F > B8 5E000000 mov eax, 5E 7C92DB34 BA 0003FE7F mov edx, 7FFE0300 7C92DB39 FF12 call [edx] ; ntdll.7C99C8E0 7C92DB3B C2 0800 retn 8 7C92DB3E 90 nop 7C92DB3F 90 nop 7C92DB40 90 nop 7C92DB41 90 nop 7C92DB42 90 nop 7C92DB43 90 nop 7C92DB44 > B8 5F000000 mov eax, 5F 7C92DB49 BA 0003FE7F mov edx, 7FFE0300 7C92DB4E FF12 call [edx] ; ntdll.7C99C8E0 7C92DB50 C3 retn 7C92DB51 8D49 00 lea ecx, [ecx] 7C92DB54 90 nop 7C92DB55 90 nop 7C92DB56 90 nop 7C92DB57 90 nop 7C92DB58 90 nop 7C92DB59 > B8 60000000 mov eax, 60 7C92DB5E BA 0003FE7F mov edx, 7FFE0300 7C92DB63 FF12 call [edx] ; ntdll.7C99C8E0 7C92DB65 C2 0800 retn 8 7C92DB68 90 nop 7C92DB69 90 nop 7C92DB6A 90 nop 7C92DB6B 90 nop 7C92DB6C 90 nop 7C92DB6D 90 nop 7C92DB6E > B8 61000000 mov eax, 61 7C92DB73 BA 0003FE7F mov edx, 7FFE0300 7C92DB78 FF12 call [edx] ; ntdll.7C99C8E0 7C92DB7A C2 0400 retn 4 7C92DB7D 90 nop 7C92DB7E 90 nop 7C92DB7F 90 nop 7C92DB80 90 nop 7C92DB81 90 nop 7C92DB82 90 nop 7C92DB83 > B8 62000000 mov eax, 62 7C92DB88 BA 0003FE7F mov edx, 7FFE0300 7C92DB8D FF12 call [edx] ; ntdll.7C99C8E0 7C92DB8F C2 0800 retn 8 7C92DB92 90 nop 7C92DB93 90 nop 7C92DB94 90 nop 7C92DB95 90 nop 7C92DB96 90 nop 7C92DB97 90 nop 7C92DB98 > B8 63000000 mov eax, 63 7C92DB9D BA 0003FE7F mov edx, 7FFE0300 7C92DBA2 FF12 call [edx] ; ntdll.7C99C8E0 7C92DBA4 C2 0C00 retn 0C 7C92DBA7 90 nop 7C92DBA8 90 nop 7C92DBA9 90 nop 7C92DBAA 90 nop 7C92DBAB 90 nop 7C92DBAC 90 nop 7C92DBAD > B8 64000000 mov eax, 64 7C92DBB2 BA 0003FE7F mov edx, 7FFE0300 7C92DBB7 FF12 call [edx] ; ntdll.7C99C8E0 7C92DBB9 C2 2800 retn 28 7C92DBBC 90 nop 7C92DBBD 90 nop 7C92DBBE 90 nop 7C92DBBF 90 nop 7C92DBC0 90 nop 7C92DBC1 90 nop 7C92DBC2 > B8 65000000 mov eax, 65 7C92DBC7 BA 0003FE7F mov edx, 7FFE0300 7C92DBCC FF12 call [edx] ; ntdll.7C99C8E0 7C92DBCE C2 0800 retn 8 7C92DBD1 90 nop 7C92DBD2 90 nop 7C92DBD3 90 nop 7C92DBD4 90 nop 7C92DBD5 90 nop 7C92DBD6 90 nop 7C92DBD7 > B8 66000000 mov eax, 66 7C92DBDC BA 0003FE7F mov edx, 7FFE0300 7C92DBE1 FF12 call [edx] ; ntdll.7C99C8E0 7C92DBE3 C2 0400 retn 4 7C92DBE6 90 nop 7C92DBE7 90 nop 7C92DBE8 90 nop 7C92DBE9 90 nop 7C92DBEA 90 nop 7C92DBEB 90 nop 7C92DBEC > B8 67000000 mov eax, 67 7C92DBF1 BA 0003FE7F mov edx, 7FFE0300 7C92DBF6 FF12 call [edx] ; ntdll.7C99C8E0 7C92DBF8 C2 1000 retn 10 7C92DBFB 90 nop 7C92DBFC 90 nop 7C92DBFD 90 nop 7C92DBFE 90 nop 7C92DBFF 90 nop 7C92DC00 90 nop 7C92DC01 > B8 68000000 mov eax, 68 7C92DC06 BA 0003FE7F mov edx, 7FFE0300 7C92DC0B FF12 call [edx] ; ntdll.7C99C8E0 7C92DC0D C2 0400 retn 4 7C92DC10 90 nop 7C92DC11 90 nop 7C92DC12 90 nop 7C92DC13 90 nop 7C92DC14 90 nop 7C92DC15 90 nop 7C92DC16 > B8 69000000 mov eax, 69 7C92DC1B BA 0003FE7F mov edx, 7FFE0300 7C92DC20 FF12 call [edx] ; ntdll.7C99C8E0 7C92DC22 C2 0400 retn 4 7C92DC25 90 nop 7C92DC26 90 nop 7C92DC27 90 nop 7C92DC28 90 nop 7C92DC29 90 nop 7C92DC2A 90 nop 7C92DC2B > B8 6A000000 mov eax, 6A 7C92DC30 BA 0003FE7F mov edx, 7FFE0300 7C92DC35 FF12 call [edx] ; ntdll.7C99C8E0 7C92DC37 C2 0C00 retn 0C 7C92DC3A 90 nop 7C92DC3B 90 nop 7C92DC3C 90 nop 7C92DC3D 90 nop 7C92DC3E 90 nop 7C92DC3F 90 nop 7C92DC40 > B8 6B000000 mov eax, 6B 7C92DC45 BA 0003FE7F mov edx, 7FFE0300 7C92DC4A FF12 call [edx] ; ntdll.7C99C8E0 7C92DC4C C2 0C00 retn 0C 7C92DC4F 90 nop 7C92DC50 90 nop 7C92DC51 90 nop 7C92DC52 90 nop 7C92DC53 90 nop 7C92DC54 90 nop 7C92DC55 > B8 6C000000 mov eax, 6C 7C92DC5A BA 0003FE7F mov edx, 7FFE0300 7C92DC5F FF12 call [edx] ; ntdll.7C99C8E0 7C92DC61 C2 2800 retn 28 7C92DC64 90 nop 7C92DC65 90 nop 7C92DC66 90 nop 7C92DC67 90 nop 7C92DC68 90 nop 7C92DC69 90 nop 7C92DC6A > B8 6D000000 mov eax, 6D 7C92DC6F BA 0003FE7F mov edx, 7FFE0300 7C92DC74 FF12 call [edx] ; ntdll.7C99C8E0 7C92DC76 C2 0400 retn 4 7C92DC79 90 nop 7C92DC7A 90 nop 7C92DC7B 90 nop 7C92DC7C 90 nop 7C92DC7D 90 nop 7C92DC7E 90 nop 7C92DC7F > B8 6E000000 mov eax, 6E 7C92DC84 BA 0003FE7F mov edx, 7FFE0300 7C92DC89 FF12 call [edx] ; ntdll.7C99C8E0 7C92DC8B C2 2400 retn 24 7C92DC8E 90 nop 7C92DC8F 90 nop 7C92DC90 90 nop 7C92DC91 90 nop 7C92DC92 90 nop 7C92DC93 90 nop 7C92DC94 > B8 6F000000 mov eax, 6F 7C92DC99 BA 0003FE7F mov edx, 7FFE0300 7C92DC9E FF12 call [edx] ; ntdll.7C99C8E0 7C92DCA0 C2 2800 retn 28 7C92DCA3 90 nop 7C92DCA4 90 nop 7C92DCA5 90 nop 7C92DCA6 90 nop 7C92DCA7 90 nop 7C92DCA8 90 nop 7C92DCA9 > B8 70000000 mov eax, 70 7C92DCAE BA 0003FE7F mov edx, 7FFE0300 7C92DCB3 FF12 call [edx] ; ntdll.7C99C8E0 7C92DCB5 C2 3000 retn 30 7C92DCB8 90 nop 7C92DCB9 90 nop 7C92DCBA 90 nop 7C92DCBB 90 nop 7C92DCBC 90 nop 7C92DCBD 90 nop 7C92DCBE > B8 71000000 mov eax, 71 7C92DCC3 BA 0003FE7F mov edx, 7FFE0300 7C92DCC8 FF12 call [edx] ; ntdll.7C99C8E0 7C92DCCA C2 0C00 retn 0C 7C92DCCD 90 nop 7C92DCCE 90 nop 7C92DCCF 90 nop 7C92DCD0 90 nop 7C92DCD1 90 nop 7C92DCD2 90 nop 7C92DCD3 > B8 72000000 mov eax, 72 7C92DCD8 BA 0003FE7F mov edx, 7FFE0300 7C92DCDD FF12 call [edx] ; ntdll.7C99C8E0 7C92DCDF C2 0C00 retn 0C 7C92DCE2 90 nop 7C92DCE3 90 nop 7C92DCE4 90 nop 7C92DCE5 90 nop 7C92DCE6 90 nop 7C92DCE7 90 nop 7C92DCE8 > B8 73000000 mov eax, 73 7C92DCED BA 0003FE7F mov edx, 7FFE0300 7C92DCF2 FF12 call [edx] ; ntdll.7C99C8E0 7C92DCF4 C2 0C00 retn 0C 7C92DCF7 90 nop 7C92DCF8 90 nop 7C92DCF9 90 nop 7C92DCFA 90 nop 7C92DCFB 90 nop 7C92DCFC 90 nop 7C92DCFD > B8 74000000 mov eax, 74 7C92DD02 BA 0003FE7F mov edx, 7FFE0300 7C92DD07 FF12 call [edx] ; ntdll.7C99C8E0 7C92DD09 C2 1800 retn 18 7C92DD0C 90 nop 7C92DD0D 90 nop 7C92DD0E 90 nop 7C92DD0F 90 nop 7C92DD10 90 nop 7C92DD11 90 nop 7C92DD12 > B8 75000000 mov eax, 75 7C92DD17 BA 0003FE7F mov edx, 7FFE0300 7C92DD1C FF12 call [edx] ; ntdll.7C99C8E0 7C92DD1E C2 0C00 retn 0C 7C92DD21 90 nop 7C92DD22 90 nop 7C92DD23 90 nop 7C92DD24 90 nop 7C92DD25 90 nop 7C92DD26 90 nop 7C92DD27 > B8 76000000 mov eax, 76 7C92DD2C BA 0003FE7F mov edx, 7FFE0300 7C92DD31 FF12 call [edx] ; ntdll.7C99C8E0 7C92DD33 C2 0C00 retn 0C 7C92DD36 90 nop 7C92DD37 90 nop 7C92DD38 90 nop 7C92DD39 90 nop 7C92DD3A 90 nop 7C92DD3B 90 nop 7C92DD3C > B8 77000000 mov eax, 77 7C92DD41 BA 0003FE7F mov edx, 7FFE0300 7C92DD46 FF12 call [edx] ; ntdll.7C99C8E0 7C92DD48 C2 0C00 retn 0C 7C92DD4B 90 nop 7C92DD4C 90 nop 7C92DD4D 90 nop 7C92DD4E 90 nop 7C92DD4F 90 nop 7C92DD50 90 nop 7C92DD51 > B8 78000000 mov eax, 78 7C92DD56 BA 0003FE7F mov edx, 7FFE0300 7C92DD5B FF12 call [edx] ; ntdll.7C99C8E0 7C92DD5D C2 0C00 retn 0C 7C92DD60 90 nop 7C92DD61 90 nop 7C92DD62 90 nop 7C92DD63 90 nop 7C92DD64 90 nop 7C92DD65 90 nop 7C92DD66 > B8 79000000 mov eax, 79 7C92DD6B BA 0003FE7F mov edx, 7FFE0300 7C92DD70 FF12 call [edx] ; ntdll.7C99C8E0 7C92DD72 C2 3000 retn 30 7C92DD75 90 nop 7C92DD76 90 nop 7C92DD77 90 nop 7C92DD78 90 nop 7C92DD79 90 nop 7C92DD7A 90 nop 7C92DD7B > B8 7A000000 mov eax, 7A 7C92DD80 BA 0003FE7F mov edx, 7FFE0300 7C92DD85 FF12 call [edx] ; ntdll.7C99C8E0 7C92DD87 C2 1000 retn 10 7C92DD8A 90 nop 7C92DD8B 90 nop 7C92DD8C 90 nop 7C92DD8D 90 nop 7C92DD8E 90 nop 7C92DD8F 90 nop 7C92DD90 > B8 7B000000 mov eax, 7B 7C92DD95 BA 0003FE7F mov edx, 7FFE0300 7C92DD9A FF12 call [edx] ; ntdll.7C99C8E0 7C92DD9C C2 0C00 retn 0C 7C92DD9F 90 nop 7C92DDA0 90 nop 7C92DDA1 90 nop 7C92DDA2 90 nop 7C92DDA3 90 nop 7C92DDA4 90 nop 7C92DDA5 > B8 7C000000 mov eax, 7C 7C92DDAA BA 0003FE7F mov edx, 7FFE0300 7C92DDAF FF12 call [edx] ; ntdll.7C99C8E0 7C92DDB1 C2 1000 retn 10 7C92DDB4 90 nop 7C92DDB5 90 nop 7C92DDB6 90 nop 7C92DDB7 90 nop 7C92DDB8 90 nop 7C92DDB9 90 nop 7C92DDBA > B8 7D000000 mov eax, 7D 7C92DDBF BA 0003FE7F mov edx, 7FFE0300 7C92DDC4 FF12 call [edx] ; ntdll.7C99C8E0 7C92DDC6 C2 0C00 retn 0C 7C92DDC9 90 nop 7C92DDCA 90 nop 7C92DDCB 90 nop 7C92DDCC 90 nop 7C92DDCD 90 nop 7C92DDCE 90 nop 7C92DDCF > B8 7E000000 mov eax, 7E 7C92DDD4 BA 0003FE7F mov edx, 7FFE0300 7C92DDD9 FF12 call [edx] ; ntdll.7C99C8E0 7C92DDDB C2 0C00 retn 0C 7C92DDDE 90 nop 7C92DDDF 90 nop 7C92DDE0 90 nop 7C92DDE1 90 nop 7C92DDE2 90 nop 7C92DDE3 90 nop 7C92DDE4 > B8 7F000000 mov eax, 7F 7C92DDE9 BA 0003FE7F mov edx, 7FFE0300 7C92DDEE FF12 call [edx] ; ntdll.7C99C8E0 7C92DDF0 C2 0C00 retn 0C 7C92DDF3 90 nop 7C92DDF4 90 nop 7C92DDF5 90 nop 7C92DDF6 90 nop 7C92DDF7 90 nop 7C92DDF8 90 nop 7C92DDF9 > B8 80000000 mov eax, 80 7C92DDFE BA 0003FE7F mov edx, 7FFE0300 7C92DE03 FF12 call [edx] ; ntdll.7C99C8E0 7C92DE05 C2 1000 retn 10 7C92DE08 90 nop 7C92DE09 90 nop 7C92DE0A 90 nop 7C92DE0B 90 nop 7C92DE0C 90 nop 7C92DE0D 90 nop 7C92DE0E > B8 81000000 mov eax, 81 7C92DE13 BA 0003FE7F mov edx, 7FFE0300 7C92DE18 FF12 call [edx] ; ntdll.7C99C8E0 7C92DE1A C2 1000 retn 10 7C92DE1D 90 nop 7C92DE1E 90 nop 7C92DE1F 90 nop 7C92DE20 90 nop 7C92DE21 90 nop 7C92DE22 90 nop 7C92DE23 > B8 82000000 mov eax, 82 7C92DE28 BA 0003FE7F mov edx, 7FFE0300 7C92DE2D FF12 call [edx] ; ntdll.7C99C8E0 7C92DE2F C2 1400 retn 14 7C92DE32 90 nop 7C92DE33 90 nop 7C92DE34 90 nop 7C92DE35 90 nop 7C92DE36 90 nop 7C92DE37 90 nop 7C92DE38 > B8 83000000 mov eax, 83 7C92DE3D BA 0003FE7F mov edx, 7FFE0300 7C92DE42 FF12 call [edx] ; ntdll.7C99C8E0 7C92DE44 C2 0C00 retn 0C 7C92DE47 90 nop 7C92DE48 90 nop 7C92DE49 90 nop 7C92DE4A 90 nop 7C92DE4B 90 nop 7C92DE4C 90 nop 7C92DE4D > B8 84000000 mov eax, 84 7C92DE52 BA 0003FE7F mov edx, 7FFE0300 7C92DE57 FF12 call [edx] ; ntdll.7C99C8E0 7C92DE59 C2 0C00 retn 0C 7C92DE5C 90 nop 7C92DE5D 90 nop 7C92DE5E 90 nop 7C92DE5F 90 nop 7C92DE60 90 nop 7C92DE61 90 nop 7C92DE62 > B8 85000000 mov eax, 85 7C92DE67 BA 0003FE7F mov edx, 7FFE0300 7C92DE6C FF12 call [edx] ; ntdll.7C99C8E0 7C92DE6E C2 1400 retn 14 7C92DE71 90 nop 7C92DE72 90 nop 7C92DE73 90 nop 7C92DE74 90 nop 7C92DE75 90 nop 7C92DE76 90 nop 7C92DE77 > B8 86000000 mov eax, 86 7C92DE7C BA 0003FE7F mov edx, 7FFE0300 7C92DE81 FF12 call [edx] ; ntdll.7C99C8E0 7C92DE83 C2 0C00 retn 0C 7C92DE86 90 nop 7C92DE87 90 nop 7C92DE88 90 nop 7C92DE89 90 nop 7C92DE8A 90 nop 7C92DE8B 90 nop 7C92DE8C > B8 87000000 mov eax, 87 7C92DE91 BA 0003FE7F mov edx, 7FFE0300 7C92DE96 FF12 call [edx] ; ntdll.7C99C8E0 7C92DE98 C2 1800 retn 18 7C92DE9B 90 nop 7C92DE9C 90 nop 7C92DE9D 90 nop 7C92DE9E 90 nop 7C92DE9F 90 nop 7C92DEA0 90 nop 7C92DEA1 > B8 88000000 mov eax, 88 7C92DEA6 BA 0003FE7F mov edx, 7FFE0300 7C92DEAB FF12 call [edx] ; ntdll.7C99C8E0 7C92DEAD C2 1400 retn 14 7C92DEB0 90 nop 7C92DEB1 90 nop 7C92DEB2 90 nop 7C92DEB3 90 nop 7C92DEB4 90 nop 7C92DEB5 90 nop 7C92DEB6 > B8 89000000 mov eax, 89 7C92DEBB BA 0003FE7F mov edx, 7FFE0300 7C92DEC0 FF12 call [edx] ; ntdll.7C99C8E0 7C92DEC2 C2 1400 retn 14 7C92DEC5 90 nop 7C92DEC6 90 nop 7C92DEC7 90 nop 7C92DEC8 90 nop 7C92DEC9 90 nop 7C92DECA 90 nop 7C92DECB > B8 8A000000 mov eax, 8A 7C92DED0 BA 0003FE7F mov edx, 7FFE0300 7C92DED5 FF12 call [edx] ; ntdll.7C99C8E0 7C92DED7 C2 0800 retn 8 7C92DEDA 90 nop 7C92DEDB 90 nop 7C92DEDC 90 nop 7C92DEDD 90 nop 7C92DEDE 90 nop 7C92DEDF 90 nop 7C92DEE0 > B8 8B000000 mov eax, 8B 7C92DEE5 BA 0003FE7F mov edx, 7FFE0300 7C92DEEA FF12 call [edx] ; ntdll.7C99C8E0 7C92DEEC C2 0800 retn 8 7C92DEEF 90 nop 7C92DEF0 90 nop 7C92DEF1 90 nop 7C92DEF2 90 nop 7C92DEF3 90 nop 7C92DEF4 90 nop 7C92DEF5 > B8 8C000000 mov eax, 8C 7C92DEFA BA 0003FE7F mov edx, 7FFE0300 7C92DEFF FF12 call [edx] ; ntdll.7C99C8E0 7C92DF01 C2 0800 retn 8 7C92DF04 90 nop 7C92DF05 90 nop 7C92DF06 90 nop 7C92DF07 90 nop 7C92DF08 90 nop 7C92DF09 90 nop 7C92DF0A > B8 8D000000 mov eax, 8D 7C92DF0F BA 0003FE7F mov edx, 7FFE0300 7C92DF14 FF12 call [edx] ; ntdll.7C99C8E0 7C92DF16 C2 0800 retn 8 7C92DF19 90 nop 7C92DF1A 90 nop 7C92DF1B 90 nop 7C92DF1C 90 nop 7C92DF1D 90 nop 7C92DF1E 90 nop 7C92DF1F > B8 8E000000 mov eax, 8E 7C92DF24 BA 0003FE7F mov edx, 7FFE0300 7C92DF29 FF12 call [edx] ; ntdll.7C99C8E0 7C92DF2B C2 0800 retn 8 7C92DF2E 90 nop 7C92DF2F 90 nop 7C92DF30 90 nop 7C92DF31 90 nop 7C92DF32 90 nop 7C92DF33 90 nop 7C92DF34 > B8 8F000000 mov eax, 8F 7C92DF39 BA 0003FE7F mov edx, 7FFE0300 7C92DF3E FF12 call [edx] ; ntdll.7C99C8E0 7C92DF40 C2 0800 retn 8 7C92DF43 90 nop 7C92DF44 90 nop 7C92DF45 90 nop 7C92DF46 90 nop 7C92DF47 90 nop 7C92DF48 90 nop 7C92DF49 > B8 90000000 mov eax, 90 7C92DF4E BA 0003FE7F mov edx, 7FFE0300 7C92DF53 FF12 call [edx] ; ntdll.7C99C8E0 7C92DF55 C2 0400 retn 4 7C92DF58 90 nop 7C92DF59 90 nop 7C92DF5A 90 nop 7C92DF5B 90 nop 7C92DF5C 90 nop 7C92DF5D 90 nop 7C92DF5E > B8 91000000 mov eax, 91 7C92DF63 BA 0003FE7F mov edx, 7FFE0300 7C92DF68 FF12 call [edx] ; ntdll.7C99C8E0 7C92DF6A C2 2C00 retn 2C 7C92DF6D 90 nop 7C92DF6E 90 nop 7C92DF6F 90 nop 7C92DF70 90 nop 7C92DF71 90 nop 7C92DF72 90 nop 7C92DF73 > B8 92000000 mov eax, 92 7C92DF78 BA 0003FE7F mov edx, 7FFE0300 7C92DF7D FF12 call [edx] ; ntdll.7C99C8E0 7C92DF7F C2 1C00 retn 1C 7C92DF82 90 nop 7C92DF83 90 nop 7C92DF84 90 nop 7C92DF85 90 nop 7C92DF86 90 nop 7C92DF87 90 nop 7C92DF88 > B8 93000000 mov eax, 93 7C92DF8D BA 0003FE7F mov edx, 7FFE0300 7C92DF92 FF12 call [edx] ; ntdll.7C99C8E0 7C92DF94 C2 2400 retn 24 7C92DF97 90 nop 7C92DF98 90 nop 7C92DF99 90 nop 7C92DF9A 90 nop 7C92DF9B 90 nop 7C92DF9C 90 nop 7C92DF9D > B8 94000000 mov eax, 94 7C92DFA2 BA 0003FE7F mov edx, 7FFE0300 7C92DFA7 FF12 call [edx] ; ntdll.7C99C8E0 7C92DFA9 C2 1400 retn 14 7C92DFAC 90 nop 7C92DFAD 90 nop 7C92DFAE 90 nop 7C92DFAF 90 nop 7C92DFB0 90 nop 7C92DFB1 90 nop 7C92DFB2 > B8 95000000 mov eax, 95 7C92DFB7 BA 0003FE7F mov edx, 7FFE0300 7C92DFBC FF12 call [edx] ; ntdll.7C99C8E0 7C92DFBE C2 0800 retn 8 7C92DFC1 90 nop 7C92DFC2 90 nop 7C92DFC3 90 nop 7C92DFC4 90 nop 7C92DFC5 90 nop 7C92DFC6 90 nop 7C92DFC7 > B8 96000000 mov eax, 96 7C92DFCC BA 0003FE7F mov edx, 7FFE0300 7C92DFD1 FF12 call [edx] ; ntdll.7C99C8E0 7C92DFD3 C2 1400 retn 14 7C92DFD6 90 nop 7C92DFD7 90 nop 7C92DFD8 90 nop 7C92DFD9 90 nop 7C92DFDA 90 nop 7C92DFDB 90 nop 7C92DFDC > B8 97000000 mov eax, 97 7C92DFE1 BA 0003FE7F mov edx, 7FFE0300 7C92DFE6 FF12 call [edx] ; ntdll.7C99C8E0 7C92DFE8 C2 1400 retn 14 7C92DFEB 90 nop 7C92DFEC 90 nop 7C92DFED 90 nop 7C92DFEE 90 nop 7C92DFEF 90 nop 7C92DFF0 90 nop 7C92DFF1 > B8 98000000 mov eax, 98 7C92DFF6 BA 0003FE7F mov edx, 7FFE0300 7C92DFFB FF12 call [edx] ; ntdll.7C99C8E0 7C92DFFD C2 1400 retn 14 7C92E000 90 nop 7C92E001 90 nop 7C92E002 90 nop 7C92E003 90 nop 7C92E004 90 nop 7C92E005 90 nop 7C92E006 > B8 99000000 mov eax, 99 7C92E00B BA 0003FE7F mov edx, 7FFE0300 7C92E010 FF12 call [edx] ; ntdll.7C99C8E0 7C92E012 C2 1400 retn 14 7C92E015 90 nop 7C92E016 90 nop 7C92E017 90 nop 7C92E018 90 nop 7C92E019 90 nop 7C92E01A 90 nop 7C92E01B > B8 9A000000 mov eax, 9A 7C92E020 BA 0003FE7F mov edx, 7FFE0300 7C92E025 FF12 call [edx] ; ntdll.7C99C8E0 7C92E027 C2 1400 retn 14 7C92E02A 90 nop 7C92E02B 90 nop 7C92E02C 90 nop 7C92E02D 90 nop 7C92E02E 90 nop 7C92E02F 90 nop 7C92E030 > B8 9B000000 mov eax, 9B 7C92E035 BA 0003FE7F mov edx, 7FFE0300 7C92E03A FF12 call [edx] ; ntdll.7C99C8E0 7C92E03C C2 1400 retn 14 7C92E03F 90 nop 7C92E040 90 nop 7C92E041 90 nop 7C92E042 90 nop 7C92E043 90 nop 7C92E044 90 nop 7C92E045 > B8 9C000000 mov eax, 9C 7C92E04A BA 0003FE7F mov edx, 7FFE0300 7C92E04F FF12 call [edx] ; ntdll.7C99C8E0 7C92E051 C2 1400 retn 14 7C92E054 90 nop 7C92E055 90 nop 7C92E056 90 nop 7C92E057 90 nop 7C92E058 90 nop 7C92E059 90 nop 7C92E05A > B8 9D000000 mov eax, 9D 7C92E05F BA 0003FE7F mov edx, 7FFE0300 7C92E064 FF12 call [edx] ; ntdll.7C99C8E0 7C92E066 C2 0400 retn 4 7C92E069 90 nop 7C92E06A 90 nop 7C92E06B 90 nop 7C92E06C 90 nop 7C92E06D 90 nop 7C92E06E 90 nop 7C92E06F > B8 9E000000 mov eax, 9E 7C92E074 BA 0003FE7F mov edx, 7FFE0300 7C92E079 FF12 call [edx] ; ntdll.7C99C8E0 7C92E07B C2 0800 retn 8 7C92E07E 90 nop 7C92E07F 90 nop 7C92E080 90 nop 7C92E081 90 nop 7C92E082 90 nop 7C92E083 90 nop 7C92E084 > B8 9F000000 mov eax, 9F 7C92E089 BA 0003FE7F mov edx, 7FFE0300 7C92E08E FF12 call [edx] ; ntdll.7C99C8E0 7C92E090 C2 1400 retn 14 7C92E093 90 nop 7C92E094 90 nop 7C92E095 90 nop 7C92E096 90 nop 7C92E097 90 nop 7C92E098 90 nop 7C92E099 > B8 A0000000 mov eax, 0A0 7C92E09E BA 0003FE7F mov edx, 7FFE0300 7C92E0A3 FF12 call [edx] ; ntdll.7C99C8E0 7C92E0A5 C2 1400 retn 14 7C92E0A8 90 nop 7C92E0A9 90 nop 7C92E0AA 90 nop 7C92E0AB 90 nop 7C92E0AC 90 nop 7C92E0AD 90 nop 7C92E0AE > B8 A1000000 mov eax, 0A1 7C92E0B3 BA 0003FE7F mov edx, 7FFE0300 7C92E0B8 FF12 call [edx] ; ntdll.7C99C8E0 7C92E0BA C2 1800 retn 18 7C92E0BD 90 nop 7C92E0BE 90 nop 7C92E0BF 90 nop 7C92E0C0 90 nop 7C92E0C1 90 nop 7C92E0C2 90 nop 7C92E0C3 > B8 A2000000 mov eax, 0A2 7C92E0C8 BA 0003FE7F mov edx, 7FFE0300 7C92E0CD FF12 call [edx] ; ntdll.7C99C8E0 7C92E0CF C2 1400 retn 14 7C92E0D2 90 nop 7C92E0D3 90 nop 7C92E0D4 90 nop 7C92E0D5 90 nop 7C92E0D6 90 nop 7C92E0D7 90 nop 7C92E0D8 > B8 A3000000 mov eax, 0A3 7C92E0DD BA 0003FE7F mov edx, 7FFE0300 7C92E0E2 FF12 call [edx] ; ntdll.7C99C8E0 7C92E0E4 C2 1400 retn 14 7C92E0E7 90 nop 7C92E0E8 90 nop 7C92E0E9 90 nop 7C92E0EA 90 nop 7C92E0EB 90 nop 7C92E0EC 90 nop 7C92E0ED > B8 A4000000 mov eax, 0A4 7C92E0F2 BA 0003FE7F mov edx, 7FFE0300 7C92E0F7 FF12 call [edx] ; ntdll.7C99C8E0 7C92E0F9 C2 0800 retn 8 7C92E0FC 90 nop 7C92E0FD 90 nop 7C92E0FE 90 nop 7C92E0FF 90 nop 7C92E100 90 nop 7C92E101 90 nop 7C92E102 > B8 A5000000 mov eax, 0A5 7C92E107 BA 0003FE7F mov edx, 7FFE0300 7C92E10C FF12 call [edx] ; ntdll.7C99C8E0 7C92E10E C2 0800 retn 8 7C92E111 90 nop 7C92E112 90 nop 7C92E113 90 nop 7C92E114 90 nop 7C92E115 90 nop 7C92E116 90 nop 7C92E117 > B8 A6000000 mov eax, 0A6 7C92E11C BA 0003FE7F mov edx, 7FFE0300 7C92E121 FF12 call [edx] ; ntdll.7C99C8E0 7C92E123 C2 2400 retn 24 7C92E126 90 nop 7C92E127 90 nop 7C92E128 90 nop 7C92E129 90 nop 7C92E12A 90 nop 7C92E12B 90 nop 7C92E12C > B8 A7000000 mov eax, 0A7 7C92E131 BA 0003FE7F mov edx, 7FFE0300 7C92E136 FF12 call [edx] ; ntdll.7C99C8E0 7C92E138 C2 1400 retn 14 7C92E13B 90 nop 7C92E13C 90 nop 7C92E13D 90 nop 7C92E13E 90 nop 7C92E13F 90 nop 7C92E140 90 nop 7C92E141 > B8 A8000000 mov eax, 0A8 7C92E146 BA 0003FE7F mov edx, 7FFE0300 7C92E14B FF12 call [edx] ; ntdll.7C99C8E0 7C92E14D C2 1400 retn 14 7C92E150 90 nop 7C92E151 90 nop 7C92E152 90 nop 7C92E153 90 nop 7C92E154 90 nop 7C92E155 90 nop 7C92E156 > B8 A9000000 mov eax, 0A9 7C92E15B BA 0003FE7F mov edx, 7FFE0300 7C92E160 FF12 call [edx] ; ntdll.7C99C8E0 7C92E162 C2 1400 retn 14 7C92E165 90 nop 7C92E166 90 nop 7C92E167 90 nop 7C92E168 90 nop 7C92E169 90 nop 7C92E16A 90 nop 7C92E16B > B8 AA000000 mov eax, 0AA 7C92E170 BA 0003FE7F mov edx, 7FFE0300 7C92E175 FF12 call [edx] ; ntdll.7C99C8E0 7C92E177 C2 0C00 retn 0C 7C92E17A 90 nop 7C92E17B 90 nop 7C92E17C 90 nop 7C92E17D 90 nop 7C92E17E 90 nop 7C92E17F 90 nop 7C92E180 > B8 AB000000 mov eax, 0AB 7C92E185 BA 0003FE7F mov edx, 7FFE0300 7C92E18A FF12 call [edx] ; ntdll.7C99C8E0 7C92E18C C2 1000 retn 10 7C92E18F 90 nop 7C92E190 90 nop 7C92E191 90 nop 7C92E192 90 nop 7C92E193 90 nop 7C92E194 90 nop 7C92E195 > B8 AC000000 mov eax, 0AC 7C92E19A BA 0003FE7F mov edx, 7FFE0300 7C92E19F FF12 call [edx] ; ntdll.7C99C8E0 7C92E1A1 C2 1400 retn 14 7C92E1A4 90 nop 7C92E1A5 90 nop 7C92E1A6 90 nop 7C92E1A7 90 nop 7C92E1A8 90 nop 7C92E1A9 90 nop 7C92E1AA > B8 AD000000 mov eax, 0AD 7C92E1AF BA 0003FE7F mov edx, 7FFE0300 7C92E1B4 FF12 call [edx] ; ntdll.7C99C8E0 7C92E1B6 C2 1000 retn 10 7C92E1B9 90 nop 7C92E1BA 90 nop 7C92E1BB 90 nop 7C92E1BC 90 nop 7C92E1BD 90 nop 7C92E1BE 90 nop 7C92E1BF > B8 AE000000 mov eax, 0AE 7C92E1C4 BA 0003FE7F mov edx, 7FFE0300 7C92E1C9 FF12 call [edx] ; ntdll.7C99C8E0 7C92E1CB C2 0400 retn 4 7C92E1CE 90 nop 7C92E1CF 90 nop 7C92E1D0 90 nop 7C92E1D1 90 nop 7C92E1D2 90 nop 7C92E1D3 90 nop 7C92E1D4 > B8 AF000000 mov eax, 0AF 7C92E1D9 BA 0003FE7F mov edx, 7FFE0300 7C92E1DE FF12 call [edx] ; ntdll.7C99C8E0 7C92E1E0 C2 1400 retn 14 7C92E1E3 90 nop 7C92E1E4 90 nop 7C92E1E5 90 nop 7C92E1E6 90 nop 7C92E1E7 90 nop 7C92E1E8 90 nop 7C92E1E9 > B8 B0000000 mov eax, 0B0 7C92E1EE BA 0003FE7F mov edx, 7FFE0300 7C92E1F3 FF12 call [edx] ; ntdll.7C99C8E0 7C92E1F5 C2 0C00 retn 0C 7C92E1F8 90 nop 7C92E1F9 90 nop 7C92E1FA 90 nop 7C92E1FB 90 nop 7C92E1FC 90 nop 7C92E1FD 90 nop 7C92E1FE > B8 B1000000 mov eax, 0B1 7C92E203 BA 0003FE7F mov edx, 7FFE0300 7C92E208 FF12 call [edx] ; ntdll.7C99C8E0 7C92E20A C2 1800 retn 18 7C92E20D 90 nop 7C92E20E 90 nop 7C92E20F 90 nop 7C92E210 90 nop 7C92E211 90 nop 7C92E212 90 nop 7C92E213 > B8 B2000000 mov eax, 0B2 7C92E218 BA 0003FE7F mov edx, 7FFE0300 7C92E21D FF12 call [edx] ; ntdll.7C99C8E0 7C92E21F C2 1800 retn 18 7C92E222 90 nop 7C92E223 90 nop 7C92E224 90 nop 7C92E225 90 nop 7C92E226 90 nop 7C92E227 90 nop 7C92E228 > B8 B3000000 mov eax, 0B3 7C92E22D BA 0003FE7F mov edx, 7FFE0300 7C92E232 FF12 call [edx] ; ntdll.7C99C8E0 7C92E234 C2 1400 retn 14 7C92E237 90 nop 7C92E238 90 nop 7C92E239 90 nop 7C92E23A 90 nop 7C92E23B 90 nop 7C92E23C 90 nop 7C92E23D > B8 B4000000 mov eax, 0B4 7C92E242 BA 0003FE7F mov edx, 7FFE0300 7C92E247 FF12 call [edx] ; ntdll.7C99C8E0 7C92E249 C2 1400 retn 14 7C92E24C 90 nop 7C92E24D 90 nop 7C92E24E 90 nop 7C92E24F 90 nop 7C92E250 90 nop 7C92E251 90 nop 7C92E252 > B8 B5000000 mov eax, 0B5 7C92E257 BA 0003FE7F mov edx, 7FFE0300 7C92E25C FF12 call [edx] ; ntdll.7C99C8E0 7C92E25E C2 0C00 retn 0C 7C92E261 90 nop 7C92E262 90 nop 7C92E263 90 nop 7C92E264 90 nop 7C92E265 90 nop 7C92E266 90 nop 7C92E267 > B8 B6000000 mov eax, 0B6 7C92E26C BA 0003FE7F mov edx, 7FFE0300 7C92E271 FF12 call [edx] ; ntdll.7C99C8E0 7C92E273 C2 1800 retn 18 7C92E276 90 nop 7C92E277 90 nop 7C92E278 90 nop 7C92E279 90 nop 7C92E27A 90 nop 7C92E27B 90 nop 7C92E27C > B8 B7000000 mov eax, 0B7 7C92E281 BA 0003FE7F mov edx, 7FFE0300 7C92E286 FF12 call [edx] ; ntdll.7C99C8E0 7C92E288 C2 2400 retn 24 7C92E28B 90 nop 7C92E28C 90 nop 7C92E28D 90 nop 7C92E28E 90 nop 7C92E28F 90 nop 7C92E290 90 nop 7C92E291 > B8 B8000000 mov eax, 0B8 7C92E296 BA 0003FE7F mov edx, 7FFE0300 7C92E29B FF12 call [edx] ; ntdll.7C99C8E0 7C92E29D C2 2400 retn 24 7C92E2A0 90 nop 7C92E2A1 90 nop 7C92E2A2 90 nop 7C92E2A3 90 nop 7C92E2A4 90 nop 7C92E2A5 90 nop 7C92E2A6 > B8 B9000000 mov eax, 0B9 7C92E2AB BA 0003FE7F mov edx, 7FFE0300 7C92E2B0 FF12 call [edx] ; ntdll.7C99C8E0 7C92E2B2 C2 1800 retn 18 7C92E2B5 90 nop 7C92E2B6 90 nop 7C92E2B7 90 nop 7C92E2B8 90 nop 7C92E2B9 90 nop 7C92E2BA 90 nop 7C92E2BB > B8 BA000000 mov eax, 0BA 7C92E2C0 BA 0003FE7F mov edx, 7FFE0300 7C92E2C5 FF12 call [edx] ; ntdll.7C99C8E0 7C92E2C7 C2 1400 retn 14 7C92E2CA 90 nop 7C92E2CB 90 nop 7C92E2CC 90 nop 7C92E2CD 90 nop 7C92E2CE 90 nop 7C92E2CF 90 nop 7C92E2D0 > B8 BB000000 mov eax, 0BB 7C92E2D5 BA 0003FE7F mov edx, 7FFE0300 7C92E2DA FF12 call [edx] ; ntdll.7C99C8E0 7C92E2DC C2 0400 retn 4 7C92E2DF 90 nop 7C92E2E0 90 nop 7C92E2E1 90 nop 7C92E2E2 90 nop 7C92E2E3 90 nop 7C92E2E4 90 nop 7C92E2E5 > B8 BC000000 mov eax, 0BC 7C92E2EA BA 0003FE7F mov edx, 7FFE0300 7C92E2EF FF12 call [edx] ; ntdll.7C99C8E0 7C92E2F1 C2 0800 retn 8 7C92E2F4 90 nop 7C92E2F5 90 nop 7C92E2F6 90 nop 7C92E2F7 90 nop 7C92E2F8 90 nop 7C92E2F9 90 nop 7C92E2FA > B8 BD000000 mov eax, 0BD 7C92E2FF BA 0003FE7F mov edx, 7FFE0300 7C92E304 FF12 call [edx] ; ntdll.7C99C8E0 7C92E306 C2 0C00 retn 0C 7C92E309 90 nop 7C92E30A 90 nop 7C92E30B 90 nop 7C92E30C 90 nop 7C92E30D 90 nop 7C92E30E 90 nop 7C92E30F > B8 BE000000 mov eax, 0BE 7C92E314 BA 0003FE7F mov edx, 7FFE0300 7C92E319 FF12 call [edx] ; ntdll.7C99C8E0 7C92E31B C2 1400 retn 14 7C92E31E 90 nop 7C92E31F 90 nop 7C92E320 90 nop 7C92E321 90 nop 7C92E322 90 nop 7C92E323 90 nop 7C92E324 > B8 BF000000 mov eax, 0BF 7C92E329 BA 0003FE7F mov edx, 7FFE0300 7C92E32E FF12 call [edx] ; ntdll.7C99C8E0 7C92E330 C2 0800 retn 8 7C92E333 90 nop 7C92E334 90 nop 7C92E335 90 nop 7C92E336 90 nop 7C92E337 90 nop 7C92E338 90 nop 7C92E339 > B8 C0000000 mov eax, 0C0 7C92E33E BA 0003FE7F mov edx, 7FFE0300 7C92E343 FF12 call [edx] ; ntdll.7C99C8E0 7C92E345 C2 0800 retn 8 7C92E348 90 nop 7C92E349 90 nop 7C92E34A 90 nop 7C92E34B 90 nop 7C92E34C 90 nop 7C92E34D 90 nop 7C92E34E > B8 C1000000 mov eax, 0C1 7C92E353 BA 0003FE7F mov edx, 7FFE0300 7C92E358 FF12 call [edx] ; ntdll.7C99C8E0 7C92E35A C2 0C00 retn 0C 7C92E35D 90 nop 7C92E35E 90 nop 7C92E35F 90 nop 7C92E360 90 nop 7C92E361 90 nop 7C92E362 90 nop 7C92E363 > B8 C2000000 mov eax, 0C2 7C92E368 BA 0003FE7F mov edx, 7FFE0300 7C92E36D FF12 call [edx] ; ntdll.7C99C8E0 7C92E36F C2 0800 retn 8 7C92E372 90 nop 7C92E373 90 nop 7C92E374 90 nop 7C92E375 90 nop 7C92E376 90 nop 7C92E377 90 nop 7C92E378 > B8 C3000000 mov eax, 0C3 7C92E37D BA 0003FE7F mov edx, 7FFE0300 7C92E382 FF12 call [edx] ; ntdll.7C99C8E0 7C92E384 C2 1000 retn 10 7C92E387 90 nop 7C92E388 90 nop 7C92E389 90 nop 7C92E38A 90 nop 7C92E38B 90 nop 7C92E38C 90 nop 7C92E38D > B8 C4000000 mov eax, 0C4 7C92E392 BA 0003FE7F mov edx, 7FFE0300 7C92E397 FF12 call [edx] ; ntdll.7C99C8E0 7C92E399 C2 1400 retn 14 7C92E39C 90 nop 7C92E39D 90 nop 7C92E39E 90 nop 7C92E39F 90 nop 7C92E3A0 90 nop 7C92E3A1 90 nop 7C92E3A2 > B8 C5000000 mov eax, 0C5 7C92E3A7 BA 0003FE7F mov edx, 7FFE0300 7C92E3AC FF12 call [edx] ; ntdll.7C99C8E0 7C92E3AE C2 0800 retn 8 7C92E3B1 90 nop 7C92E3B2 90 nop 7C92E3B3 90 nop 7C92E3B4 90 nop 7C92E3B5 90 nop 7C92E3B6 90 nop 7C92E3B7 > B8 C6000000 mov eax, 0C6 7C92E3BC BA 0003FE7F mov edx, 7FFE0300 7C92E3C1 FF12 call [edx] ; ntdll.7C99C8E0 7C92E3C3 C2 0400 retn 4 7C92E3C6 90 nop 7C92E3C7 90 nop 7C92E3C8 90 nop 7C92E3C9 90 nop 7C92E3CA 90 nop 7C92E3CB 90 nop 7C92E3CC > B8 C7000000 mov eax, 0C7 7C92E3D1 BA 0003FE7F mov edx, 7FFE0300 7C92E3D6 FF12 call [edx] ; ntdll.7C99C8E0 7C92E3D8 C2 0800 retn 8 7C92E3DB 90 nop 7C92E3DC 90 nop 7C92E3DD 90 nop 7C92E3DE 90 nop 7C92E3DF 90 nop 7C92E3E0 90 nop 7C92E3E1 > B8 C8000000 mov eax, 0C8 7C92E3E6 BA 0003FE7F mov edx, 7FFE0300 7C92E3EB FF12 call [edx] ; ntdll.7C99C8E0 7C92E3ED C2 0C00 retn 0C 7C92E3F0 90 nop 7C92E3F1 90 nop 7C92E3F2 90 nop 7C92E3F3 90 nop 7C92E3F4 90 nop 7C92E3F5 90 nop 7C92E3F6 > B8 C9000000 mov eax, 0C9 7C92E3FB BA 0003FE7F mov edx, 7FFE0300 7C92E400 FF12 call [edx] ; ntdll.7C99C8E0 7C92E402 C2 0400 retn 4 7C92E405 90 nop 7C92E406 90 nop 7C92E407 90 nop 7C92E408 90 nop 7C92E409 90 nop 7C92E40A 90 nop 7C92E40B > B8 CA000000 mov eax, 0CA 7C92E410 BA 0003FE7F mov edx, 7FFE0300 7C92E415 FF12 call [edx] ; ntdll.7C99C8E0 7C92E417 C2 0800 retn 8 7C92E41A 90 nop 7C92E41B 90 nop 7C92E41C 90 nop 7C92E41D 90 nop 7C92E41E 90 nop 7C92E41F 90 nop 7C92E420 > B8 CB000000 mov eax, 0CB 7C92E425 BA 0003FE7F mov edx, 7FFE0300 7C92E42A FF12 call [edx] ; ntdll.7C99C8E0 7C92E42C C2 0C00 retn 0C 7C92E42F 90 nop 7C92E430 90 nop 7C92E431 90 nop 7C92E432 90 nop 7C92E433 90 nop 7C92E434 90 nop 7C92E435 > B8 CC000000 mov eax, 0CC 7C92E43A BA 0003FE7F mov edx, 7FFE0300 7C92E43F FF12 call [edx] ; ntdll.7C99C8E0 7C92E441 C2 0C00 retn 0C 7C92E444 90 nop 7C92E445 90 nop 7C92E446 90 nop 7C92E447 90 nop 7C92E448 90 nop 7C92E449 90 nop 7C92E44A > B8 CD000000 mov eax, 0CD 7C92E44F BA 0003FE7F mov edx, 7FFE0300 7C92E454 FF12 call [edx] ; ntdll.7C99C8E0 7C92E456 C2 0400 retn 4 7C92E459 90 nop 7C92E45A 90 nop 7C92E45B 90 nop 7C92E45C 90 nop 7C92E45D 90 nop 7C92E45E 90 nop 7C92E45F > B8 CE000000 mov eax, 0CE 7C92E464 BA 0003FE7F mov edx, 7FFE0300 7C92E469 FF12 call [edx] ; ntdll.7C99C8E0 7C92E46B C2 0800 retn 8 7C92E46E 90 nop 7C92E46F 90 nop 7C92E470 90 nop 7C92E471 90 nop 7C92E472 90 nop 7C92E473 90 nop 7C92E474 > B8 CF000000 mov eax, 0CF 7C92E479 BA 0003FE7F mov edx, 7FFE0300 7C92E47E FF12 call [edx] ; ntdll.7C99C8E0 7C92E480 C2 0800 retn 8 7C92E483 90 nop 7C92E484 90 nop 7C92E485 90 nop 7C92E486 90 nop 7C92E487 90 nop 7C92E488 90 nop 7C92E489 > B8 D0000000 mov eax, 0D0 7C92E48E BA 0003FE7F mov edx, 7FFE0300 7C92E493 FF12 call [edx] ; ntdll.7C99C8E0 7C92E495 C2 0C00 retn 0C 7C92E498 90 nop 7C92E499 90 nop 7C92E49A 90 nop 7C92E49B 90 nop 7C92E49C 90 nop 7C92E49D 90 nop 7C92E49E > B8 D1000000 mov eax, 0D1 7C92E4A3 BA 0003FE7F mov edx, 7FFE0300 7C92E4A8 FF12 call [edx] ; ntdll.7C99C8E0 7C92E4AA C2 0C00 retn 0C 7C92E4AD 90 nop 7C92E4AE 90 nop 7C92E4AF 90 nop 7C92E4B0 90 nop 7C92E4B1 90 nop 7C92E4B2 90 nop 7C92E4B3 > B8 D2000000 mov eax, 0D2 7C92E4B8 BA 0003FE7F mov edx, 7FFE0300 7C92E4BD FF12 call [edx] ; ntdll.7C99C8E0 7C92E4BF C2 2400 retn 24 7C92E4C2 90 nop 7C92E4C3 90 nop 7C92E4C4 90 nop 7C92E4C5 90 nop 7C92E4C6 90 nop 7C92E4C7 90 nop 7C92E4C8 > B8 D3000000 mov eax, 0D3 7C92E4CD BA 0003FE7F mov edx, 7FFE0300 7C92E4D2 FF12 call [edx] ; ntdll.7C99C8E0 7C92E4D4 C2 0800 retn 8 7C92E4D7 90 nop 7C92E4D8 90 nop 7C92E4D9 90 nop 7C92E4DA 90 nop 7C92E4DB 90 nop 7C92E4DC 90 nop 7C92E4DD > B8 D4000000 mov eax, 0D4 7C92E4E2 BA 0003FE7F mov edx, 7FFE0300 7C92E4E7 FF12 call [edx] ; ntdll.7C99C8E0 7C92E4E9 C2 0800 retn 8 7C92E4EC 90 nop 7C92E4ED 90 nop 7C92E4EE 90 nop 7C92E4EF 90 nop 7C92E4F0 90 nop 7C92E4F1 90 nop 7C92E4F2 > B8 D5000000 mov eax, 0D5 7C92E4F7 BA 0003FE7F mov edx, 7FFE0300 7C92E4FC FF12 call [edx] ; ntdll.7C99C8E0 7C92E4FE C2 0800 retn 8 7C92E501 90 nop 7C92E502 90 nop 7C92E503 90 nop 7C92E504 90 nop 7C92E505 90 nop 7C92E506 90 nop 7C92E507 > B8 D6000000 mov eax, 0D6 7C92E50C BA 0003FE7F mov edx, 7FFE0300 7C92E511 FF12 call [edx] ; ntdll.7C99C8E0 7C92E513 C2 0C00 retn 0C 7C92E516 90 nop 7C92E517 90 nop 7C92E518 90 nop 7C92E519 90 nop 7C92E51A 90 nop 7C92E51B 90 nop 7C92E51C > B8 D7000000 mov eax, 0D7 7C92E521 BA 0003FE7F mov edx, 7FFE0300 7C92E526 FF12 call [edx] ; ntdll.7C99C8E0 7C92E528 C2 0400 retn 4 7C92E52B 90 nop 7C92E52C 90 nop 7C92E52D 90 nop 7C92E52E 90 nop 7C92E52F 90 nop 7C92E530 90 nop 7C92E531 > B8 D8000000 mov eax, 0D8 7C92E536 BA 0003FE7F mov edx, 7FFE0300 7C92E53B FF12 call [edx] ; ntdll.7C99C8E0 7C92E53D C2 0800 retn 8 7C92E540 90 nop 7C92E541 90 nop 7C92E542 90 nop 7C92E543 90 nop 7C92E544 90 nop 7C92E545 90 nop 7C92E546 > B8 D9000000 mov eax, 0D9 7C92E54B BA 0003FE7F mov edx, 7FFE0300 7C92E550 FF12 call [edx] ; ntdll.7C99C8E0 7C92E552 C2 0400 retn 4 7C92E555 90 nop 7C92E556 90 nop 7C92E557 90 nop 7C92E558 90 nop 7C92E559 90 nop 7C92E55A 90 nop 7C92E55B > B8 DA000000 mov eax, 0DA 7C92E560 BA 0003FE7F mov edx, 7FFE0300 7C92E565 FF12 call [edx] ; ntdll.7C99C8E0 7C92E567 C2 1000 retn 10 7C92E56A 90 nop 7C92E56B 90 nop 7C92E56C 90 nop 7C92E56D 90 nop 7C92E56E 90 nop 7C92E56F 90 nop 7C92E570 > B8 DB000000 mov eax, 0DB 7C92E575 BA 0003FE7F mov edx, 7FFE0300 7C92E57A FF12 call [edx] ; ntdll.7C99C8E0 7C92E57C C2 0800 retn 8 7C92E57F 90 nop 7C92E580 90 nop 7C92E581 90 nop 7C92E582 90 nop 7C92E583 90 nop 7C92E584 90 nop 7C92E585 > B8 DC000000 mov eax, 0DC 7C92E58A BA 0003FE7F mov edx, 7FFE0300 7C92E58F FF12 call [edx] ; ntdll.7C99C8E0 7C92E591 C2 0400 retn 4 7C92E594 90 nop 7C92E595 90 nop 7C92E596 90 nop 7C92E597 90 nop 7C92E598 90 nop 7C92E599 90 nop 7C92E59A > B8 DD000000 mov eax, 0DD 7C92E59F BA 0003FE7F mov edx, 7FFE0300 7C92E5A4 FF12 call [edx] ; ntdll.7C99C8E0 7C92E5A6 C2 0400 retn 4 7C92E5A9 90 nop 7C92E5AA 90 nop 7C92E5AB 90 nop 7C92E5AC 90 nop 7C92E5AD 90 nop 7C92E5AE 90 nop 7C92E5AF > B8 DE000000 mov eax, 0DE 7C92E5B4 BA 0003FE7F mov edx, 7FFE0300 7C92E5B9 FF12 call [edx] ; ntdll.7C99C8E0 7C92E5BB C2 0400 retn 4 7C92E5BE 90 nop 7C92E5BF 90 nop 7C92E5C0 90 nop 7C92E5C1 90 nop 7C92E5C2 90 nop 7C92E5C3 90 nop 7C92E5C4 > B8 DF000000 mov eax, 0DF 7C92E5C9 BA 0003FE7F mov edx, 7FFE0300 7C92E5CE FF12 call [edx] ; ntdll.7C99C8E0 7C92E5D0 C2 1400 retn 14 7C92E5D3 90 nop 7C92E5D4 90 nop 7C92E5D5 90 nop 7C92E5D6 90 nop 7C92E5D7 90 nop 7C92E5D8 90 nop 7C92E5D9 > B8 E0000000 mov eax, 0E0 7C92E5DE BA 0003FE7F mov edx, 7FFE0300 7C92E5E3 FF12 call [edx] ; ntdll.7C99C8E0 7C92E5E5 C2 1400 retn 14 7C92E5E8 90 nop 7C92E5E9 90 nop 7C92E5EA 90 nop 7C92E5EB 90 nop 7C92E5EC 90 nop 7C92E5ED 90 nop 7C92E5EE > B8 E1000000 mov eax, 0E1 7C92E5F3 BA 0003FE7F mov edx, 7FFE0300 7C92E5F8 FF12 call [edx] ; ntdll.7C99C8E0 7C92E5FA C2 1000 retn 10 7C92E5FD 90 nop 7C92E5FE 90 nop 7C92E5FF 90 nop 7C92E600 90 nop 7C92E601 90 nop 7C92E602 90 nop 7C92E603 > B8 E2000000 mov eax, 0E2 7C92E608 BA 0003FE7F mov edx, 7FFE0300 7C92E60D FF12 call [edx] ; ntdll.7C99C8E0 7C92E60F C2 1000 retn 10 7C92E612 90 nop 7C92E613 90 nop 7C92E614 90 nop 7C92E615 90 nop 7C92E616 90 nop 7C92E617 90 nop 7C92E618 > B8 E3000000 mov eax, 0E3 7C92E61D BA 0003FE7F mov edx, 7FFE0300 7C92E622 FF12 call [edx] ; ntdll.7C99C8E0 7C92E624 C2 1000 retn 10 7C92E627 90 nop 7C92E628 90 nop 7C92E629 90 nop 7C92E62A 90 nop 7C92E62B 90 nop 7C92E62C 90 nop 7C92E62D > B8 E4000000 mov eax, 0E4 7C92E632 BA 0003FE7F mov edx, 7FFE0300 7C92E637 FF12 call [edx] ; ntdll.7C99C8E0 7C92E639 C2 1000 retn 10 7C92E63C 90 nop 7C92E63D 90 nop 7C92E63E 90 nop 7C92E63F 90 nop 7C92E640 90 nop 7C92E641 90 nop 7C92E642 > B8 E5000000 mov eax, 0E5 7C92E647 BA 0003FE7F mov edx, 7FFE0300 7C92E64C FF12 call [edx] ; ntdll.7C99C8E0 7C92E64E C2 1000 retn 10 7C92E651 90 nop 7C92E652 90 nop 7C92E653 90 nop 7C92E654 90 nop 7C92E655 90 nop 7C92E656 90 nop 7C92E657 > B8 E6000000 mov eax, 0E6 7C92E65C BA 0003FE7F mov edx, 7FFE0300 7C92E661 FF12 call [edx] ; ntdll.7C99C8E0 7C92E663 C2 1000 retn 10 7C92E666 90 nop 7C92E667 90 nop 7C92E668 90 nop 7C92E669 90 nop 7C92E66A 90 nop 7C92E66B 90 nop 7C92E66C > B8 E7000000 mov eax, 0E7 7C92E671 BA 0003FE7F mov edx, 7FFE0300 7C92E676 FF12 call [edx] ; ntdll.7C99C8E0 7C92E678 C2 0800 retn 8 7C92E67B 90 nop 7C92E67C 90 nop 7C92E67D 90 nop 7C92E67E 90 nop 7C92E67F 90 nop 7C92E680 90 nop 7C92E681 > B8 E8000000 mov eax, 0E8 7C92E686 BA 0003FE7F mov edx, 7FFE0300 7C92E68B FF12 call [edx] ; ntdll.7C99C8E0 7C92E68D C2 1400 retn 14 7C92E690 90 nop 7C92E691 90 nop 7C92E692 90 nop 7C92E693 90 nop 7C92E694 90 nop 7C92E695 90 nop 7C92E696 > B8 E9000000 mov eax, 0E9 7C92E69B BA 0003FE7F mov edx, 7FFE0300 7C92E6A0 FF12 call [edx] ; ntdll.7C99C8E0 7C92E6A2 C2 1800 retn 18 7C92E6A5 90 nop 7C92E6A6 90 nop 7C92E6A7 90 nop 7C92E6A8 90 nop 7C92E6A9 90 nop 7C92E6AA 90 nop 7C92E6AB > B8 EA000000 mov eax, 0EA 7C92E6B0 BA 0003FE7F mov edx, 7FFE0300 7C92E6B5 FF12 call [edx] ; ntdll.7C99C8E0 7C92E6B7 C2 0400 retn 4 7C92E6BA 90 nop 7C92E6BB 90 nop 7C92E6BC 90 nop 7C92E6BD 90 nop 7C92E6BE 90 nop 7C92E6BF 90 nop 7C92E6C0 > B8 EB000000 mov eax, 0EB 7C92E6C5 BA 0003FE7F mov edx, 7FFE0300 7C92E6CA FF12 call [edx] ; ntdll.7C99C8E0 7C92E6CC C2 0400 retn 4 7C92E6CF 90 nop 7C92E6D0 90 nop 7C92E6D1 90 nop 7C92E6D2 90 nop 7C92E6D3 90 nop 7C92E6D4 90 nop 7C92E6D5 > B8 EC000000 mov eax, 0EC 7C92E6DA BA 0003FE7F mov edx, 7FFE0300 7C92E6DF FF12 call [edx] ; ntdll.7C99C8E0 7C92E6E1 C2 1000 retn 10 7C92E6E4 90 nop 7C92E6E5 90 nop 7C92E6E6 90 nop 7C92E6E7 90 nop 7C92E6E8 90 nop 7C92E6E9 90 nop 7C92E6EA > B8 ED000000 mov eax, 0ED 7C92E6EF BA 0003FE7F mov edx, 7FFE0300 7C92E6F4 FF12 call [edx] ; ntdll.7C99C8E0 7C92E6F6 C2 0C00 retn 0C 7C92E6F9 90 nop 7C92E6FA 90 nop 7C92E6FB 90 nop 7C92E6FC 90 nop 7C92E6FD 90 nop 7C92E6FE 90 nop 7C92E6FF > B8 EE000000 mov eax, 0EE 7C92E704 BA 0003FE7F mov edx, 7FFE0300 7C92E709 FF12 call [edx] ; ntdll.7C99C8E0 7C92E70B C2 0800 retn 8 7C92E70E 90 nop 7C92E70F 90 nop 7C92E710 90 nop 7C92E711 90 nop 7C92E712 90 nop 7C92E713 90 nop 7C92E714 > B8 EF000000 mov eax, 0EF 7C92E719 BA 0003FE7F mov edx, 7FFE0300 7C92E71E FF12 call [edx] ; ntdll.7C99C8E0 7C92E720 C2 1400 retn 14 7C92E723 90 nop 7C92E724 90 nop 7C92E725 90 nop 7C92E726 90 nop 7C92E727 90 nop 7C92E728 90 nop 7C92E729 > B8 F0000000 mov eax, 0F0 7C92E72E BA 0003FE7F mov edx, 7FFE0300 7C92E733 FF12 call [edx] ; ntdll.7C99C8E0 7C92E735 C2 0C00 retn 0C 7C92E738 90 nop 7C92E739 90 nop 7C92E73A 90 nop 7C92E73B 90 nop 7C92E73C 90 nop 7C92E73D 90 nop 7C92E73E > B8 F1000000 mov eax, 0F1 7C92E743 BA 0003FE7F mov edx, 7FFE0300 7C92E748 FF12 call [edx] ; ntdll.7C99C8E0 7C92E74A C2 0C00 retn 0C 7C92E74D 90 nop 7C92E74E 90 nop 7C92E74F 90 nop 7C92E750 90 nop 7C92E751 90 nop 7C92E752 90 nop 7C92E753 > B8 F2000000 mov eax, 0F2 7C92E758 BA 0003FE7F mov edx, 7FFE0300 7C92E75D FF12 call [edx] ; ntdll.7C99C8E0 7C92E75F C2 0800 retn 8 7C92E762 90 nop 7C92E763 90 nop 7C92E764 90 nop 7C92E765 90 nop 7C92E766 90 nop 7C92E767 90 nop 7C92E768 > B8 F3000000 mov eax, 0F3 7C92E76D BA 0003FE7F mov edx, 7FFE0300 7C92E772 FF12 call [edx] ; ntdll.7C99C8E0 7C92E774 C2 0800 retn 8 7C92E777 90 nop 7C92E778 90 nop 7C92E779 90 nop 7C92E77A 90 nop 7C92E77B 90 nop 7C92E77C 90 nop 7C92E77D > B8 F4000000 mov eax, 0F4 7C92E782 BA 0003FE7F mov edx, 7FFE0300 7C92E787 FF12 call [edx] ; ntdll.7C99C8E0 7C92E789 C2 1C00 retn 1C 7C92E78C 90 nop 7C92E78D 90 nop 7C92E78E 90 nop 7C92E78F 90 nop 7C92E790 90 nop 7C92E791 90 nop 7C92E792 > B8 F5000000 mov eax, 0F5 7C92E797 BA 0003FE7F mov edx, 7FFE0300 7C92E79C FF12 call [edx] ; ntdll.7C99C8E0 7C92E79E C2 0C00 retn 0C 7C92E7A1 90 nop 7C92E7A2 90 nop 7C92E7A3 90 nop 7C92E7A4 90 nop 7C92E7A5 90 nop 7C92E7A6 90 nop 7C92E7A7 > B8 F6000000 mov eax, 0F6 7C92E7AC BA 0003FE7F mov edx, 7FFE0300 7C92E7B1 FF12 call [edx] ; ntdll.7C99C8E0 7C92E7B3 C2 0400 retn 4 7C92E7B6 90 nop 7C92E7B7 90 nop 7C92E7B8 90 nop 7C92E7B9 90 nop 7C92E7BA 90 nop 7C92E7BB 90 nop 7C92E7BC > B8 F7000000 mov eax, 0F7 7C92E7C1 BA 0003FE7F mov edx, 7FFE0300 7C92E7C6 FF12 call [edx] ; ntdll.7C99C8E0 7C92E7C8 C2 1800 retn 18 7C92E7CB 90 nop 7C92E7CC 90 nop 7C92E7CD 90 nop 7C92E7CE 90 nop 7C92E7CF 90 nop 7C92E7D0 90 nop 7C92E7D1 > B8 F8000000 mov eax, 0F8 7C92E7D6 BA 0003FE7F mov edx, 7FFE0300 7C92E7DB FF12 call [edx] ; ntdll.7C99C8E0 7C92E7DD C2 1400 retn 14 7C92E7E0 90 nop 7C92E7E1 90 nop 7C92E7E2 90 nop 7C92E7E3 90 nop 7C92E7E4 90 nop 7C92E7E5 90 nop 7C92E7E6 > B8 F9000000 mov eax, 0F9 7C92E7EB BA 0003FE7F mov edx, 7FFE0300 7C92E7F0 FF12 call [edx] ; ntdll.7C99C8E0 7C92E7F2 C2 0400 retn 4 7C92E7F5 90 nop 7C92E7F6 90 nop 7C92E7F7 90 nop 7C92E7F8 90 nop 7C92E7F9 90 nop 7C92E7FA 90 nop 7C92E7FB > B8 FA000000 mov eax, 0FA 7C92E800 BA 0003FE7F mov edx, 7FFE0300 7C92E805 FF12 call [edx] ; ntdll.7C99C8E0 7C92E807 C2 1000 retn 10 7C92E80A 90 nop 7C92E80B 90 nop 7C92E80C 90 nop 7C92E80D 90 nop 7C92E80E 90 nop 7C92E80F 90 nop 7C92E810 > B8 FB000000 mov eax, 0FB 7C92E815 BA 0003FE7F mov edx, 7FFE0300 7C92E81A FF12 call [edx] ; ntdll.7C99C8E0 7C92E81C C2 0400 retn 4 7C92E81F 90 nop 7C92E820 90 nop 7C92E821 90 nop 7C92E822 90 nop 7C92E823 90 nop 7C92E824 90 nop 7C92E825 > B8 FC000000 mov eax, 0FC 7C92E82A BA 0003FE7F mov edx, 7FFE0300 7C92E82F FF12 call [edx] ; ntdll.7C99C8E0 7C92E831 C2 0400 retn 4 7C92E834 90 nop 7C92E835 90 nop 7C92E836 90 nop 7C92E837 90 nop 7C92E838 90 nop 7C92E839 90 nop 7C92E83A > B8 FD000000 mov eax, 0FD 7C92E83F BA 0003FE7F mov edx, 7FFE0300 7C92E844 FF12 call [edx] ; ntdll.7C99C8E0 7C92E846 C2 0400 retn 4 7C92E849 90 nop 7C92E84A 90 nop 7C92E84B 90 nop 7C92E84C 90 nop 7C92E84D 90 nop 7C92E84E 90 nop 7C92E84F > B8 FE000000 mov eax, 0FE 7C92E854 BA 0003FE7F mov edx, 7FFE0300 7C92E859 FF12 call [edx] ; ntdll.7C99C8E0 7C92E85B C2 0800 retn 8 7C92E85E 90 nop 7C92E85F 90 nop 7C92E860 90 nop 7C92E861 90 nop 7C92E862 90 nop 7C92E863 90 nop 7C92E864 > B8 FF000000 mov eax, 0FF 7C92E869 BA 0003FE7F mov edx, 7FFE0300 7C92E86E FF12 call [edx] ; ntdll.7C99C8E0 7C92E870 C2 1800 retn 18 7C92E873 90 nop 7C92E874 90 nop 7C92E875 90 nop 7C92E876 90 nop 7C92E877 90 nop 7C92E878 90 nop 7C92E879 > B8 00010000 mov eax, 100 7C92E87E BA 0003FE7F mov edx, 7FFE0300 7C92E883 FF12 call [edx] ; ntdll.7C99C8E0 7C92E885 C2 0800 retn 8 7C92E888 90 nop 7C92E889 90 nop 7C92E88A 90 nop 7C92E88B 90 nop 7C92E88C 90 nop 7C92E88D 90 nop 7C92E88E > B8 01010000 mov eax, 101 7C92E893 BA 0003FE7F mov edx, 7FFE0300 7C92E898 FF12 call [edx] ; ntdll.7C99C8E0 7C92E89A C2 0800 retn 8 7C92E89D 90 nop 7C92E89E 90 nop 7C92E89F 90 nop 7C92E8A0 90 nop 7C92E8A1 90 nop 7C92E8A2 90 nop 7C92E8A3 > B8 02010000 mov eax, 102 7C92E8A8 BA 0003FE7F mov edx, 7FFE0300 7C92E8AD FF12 call [edx] ; ntdll.7C99C8E0 7C92E8AF C2 0800 retn 8 7C92E8B2 90 nop 7C92E8B3 90 nop 7C92E8B4 90 nop 7C92E8B5 90 nop 7C92E8B6 90 nop 7C92E8B7 90 nop 7C92E8B8 > B8 03010000 mov eax, 103 7C92E8BD BA 0003FE7F mov edx, 7FFE0300 7C92E8C2 FF12 call [edx] ; ntdll.7C99C8E0 7C92E8C4 C3 retn 7C92E8C5 8D49 00 lea ecx, [ecx] 7C92E8C8 90 nop 7C92E8C9 90 nop 7C92E8CA 90 nop 7C92E8CB 90 nop 7C92E8CC 90 nop 7C92E8CD > B8 04010000 mov eax, 104 7C92E8D2 BA 0003FE7F mov edx, 7FFE0300 7C92E8D7 FF12 call [edx] ; ntdll.7C99C8E0 7C92E8D9 C2 1000 retn 10 7C92E8DC 90 nop 7C92E8DD 90 nop 7C92E8DE 90 nop 7C92E8DF 90 nop 7C92E8E0 90 nop 7C92E8E1 90 nop 7C92E8E2 > B8 05010000 mov eax, 105 7C92E8E7 BA 0003FE7F mov edx, 7FFE0300 7C92E8EC FF12 call [edx] ; ntdll.7C99C8E0 7C92E8EE C2 1000 retn 10 7C92E8F1 90 nop 7C92E8F2 90 nop 7C92E8F3 90 nop 7C92E8F4 90 nop 7C92E8F5 90 nop 7C92E8F6 90 nop 7C92E8F7 > B8 06010000 mov eax, 106 7C92E8FC BA 0003FE7F mov edx, 7FFE0300 7C92E901 FF12 call [edx] ; ntdll.7C99C8E0 7C92E903 C2 0400 retn 4 7C92E906 90 nop 7C92E907 90 nop 7C92E908 90 nop 7C92E909 90 nop 7C92E90A 90 nop 7C92E90B 90 nop 7C92E90C > B8 07010000 mov eax, 107 7C92E911 BA 0003FE7F mov edx, 7FFE0300 7C92E916 FF12 call [edx] ; ntdll.7C99C8E0 7C92E918 C2 0400 retn 4 7C92E91B 90 nop 7C92E91C 90 nop 7C92E91D 90 nop 7C92E91E 90 nop 7C92E91F 90 nop 7C92E920 90 nop 7C92E921 > B8 08010000 mov eax, 108 7C92E926 BA 0003FE7F mov edx, 7FFE0300 7C92E92B FF12 call [edx] ; ntdll.7C99C8E0 7C92E92D C2 0800 retn 8 7C92E930 90 nop 7C92E931 90 nop 7C92E932 90 nop 7C92E933 90 nop 7C92E934 90 nop 7C92E935 90 nop 7C92E936 > B8 09010000 mov eax, 109 7C92E93B BA 0003FE7F mov edx, 7FFE0300 7C92E940 FF12 call [edx] ; ntdll.7C99C8E0 7C92E942 C2 1400 retn 14 7C92E945 90 nop 7C92E946 90 nop 7C92E947 90 nop 7C92E948 90 nop 7C92E949 90 nop 7C92E94A 90 nop 7C92E94B > B8 0A010000 mov eax, 10A 7C92E950 BA 0003FE7F mov edx, 7FFE0300 7C92E955 FF12 call [edx] ; ntdll.7C99C8E0 7C92E957 C2 1000 retn 10 7C92E95A 90 nop 7C92E95B 90 nop 7C92E95C 90 nop 7C92E95D 90 nop 7C92E95E 90 nop 7C92E95F 90 nop 7C92E960 > B8 0B010000 mov eax, 10B 7C92E965 BA 0003FE7F mov edx, 7FFE0300 7C92E96A FF12 call [edx] ; ntdll.7C99C8E0 7C92E96C C2 0800 retn 8 7C92E96F 90 nop 7C92E970 90 nop 7C92E971 90 nop 7C92E972 90 nop 7C92E973 90 nop 7C92E974 90 nop 7C92E975 > B8 0C010000 mov eax, 10C 7C92E97A BA 0003FE7F mov edx, 7FFE0300 7C92E97F FF12 call [edx] ; ntdll.7C99C8E0 7C92E981 C2 0800 retn 8 7C92E984 90 nop 7C92E985 90 nop 7C92E986 90 nop 7C92E987 90 nop 7C92E988 90 nop 7C92E989 90 nop 7C92E98A > B8 0D010000 mov eax, 10D 7C92E98F BA 0003FE7F mov edx, 7FFE0300 7C92E994 FF12 call [edx] ; ntdll.7C99C8E0 7C92E996 C2 1000 retn 10 7C92E999 90 nop 7C92E99A 90 nop 7C92E99B 90 nop 7C92E99C 90 nop 7C92E99D 90 nop 7C92E99E 90 nop 7C92E99F > B8 0E010000 mov eax, 10E 7C92E9A4 BA 0003FE7F mov edx, 7FFE0300 7C92E9A9 FF12 call [edx] ; ntdll.7C99C8E0 7C92E9AB C2 1400 retn 14 7C92E9AE 90 nop 7C92E9AF 90 nop 7C92E9B0 90 nop 7C92E9B1 90 nop 7C92E9B2 90 nop 7C92E9B3 90 nop 7C92E9B4 > B8 0F010000 mov eax, 10F 7C92E9B9 BA 0003FE7F mov edx, 7FFE0300 7C92E9BE FF12 call [edx] ; ntdll.7C99C8E0 7C92E9C0 C2 0C00 retn 0C 7C92E9C3 90 nop 7C92E9C4 90 nop 7C92E9C5 90 nop 7C92E9C6 90 nop 7C92E9C7 90 nop 7C92E9C8 90 nop 7C92E9C9 > B8 10010000 mov eax, 110 7C92E9CE BA 0003FE7F mov edx, 7FFE0300 7C92E9D3 FF12 call [edx] ; ntdll.7C99C8E0 7C92E9D5 C2 0400 retn 4 7C92E9D8 90 nop 7C92E9D9 90 nop 7C92E9DA 90 nop 7C92E9DB 90 nop 7C92E9DC 90 nop 7C92E9DD 90 nop 7C92E9DE > B8 11010000 mov eax, 111 7C92E9E3 BA 0003FE7F mov edx, 7FFE0300 7C92E9E8 FF12 call [edx] ; ntdll.7C99C8E0 7C92E9EA C2 0400 retn 4 7C92E9ED 90 nop 7C92E9EE 90 nop 7C92E9EF 90 nop 7C92E9F0 90 nop 7C92E9F1 90 nop 7C92E9F2 90 nop 7C92E9F3 > B8 12010000 mov eax, 112 7C92E9F8 BA 0003FE7F mov edx, 7FFE0300 7C92E9FD FF12 call [edx] ; ntdll.7C99C8E0 7C92E9FF C2 2400 retn 24 7C92EA02 90 nop 7C92EA03 90 nop 7C92EA04 90 nop 7C92EA05 90 nop 7C92EA06 90 nop 7C92EA07 90 nop 7C92EA08 > B8 13010000 mov eax, 113 7C92EA0D BA 0003FE7F mov edx, 7FFE0300 7C92EA12 FF12 call [edx] ; ntdll.7C99C8E0 7C92EA14 C2 2400 retn 24 7C92EA17 90 nop 7C92EA18 90 nop 7C92EA19 90 nop 7C92EA1A 90 nop 7C92EA1B 90 nop 7C92EA1C 90 nop 7C92EA1D > B8 14010000 mov eax, 114 7C92EA22 BA 0003FE7F mov edx, 7FFE0300 7C92EA27 FF12 call [edx] ; ntdll.7C99C8E0 7C92EA29 C2 1800 retn 18 7C92EA2C 90 nop 7C92EA2D 90 nop 7C92EA2E 90 nop 7C92EA2F 90 nop 7C92EA30 90 nop 7C92EA31 90 nop 7C92EA32 > B8 15010000 mov eax, 115 7C92EA37 BA 0003FE7F mov edx, 7FFE0300 7C92EA3C FF12 call [edx] ; ntdll.7C99C8E0 7C92EA3E C2 1400 retn 14 7C92EA41 90 nop 7C92EA42 90 nop 7C92EA43 90 nop 7C92EA44 90 nop 7C92EA45 90 nop 7C92EA46 90 nop 7C92EA47 > B8 16010000 mov eax, 116 7C92EA4C BA 0003FE7F mov edx, 7FFE0300 7C92EA51 FF12 call [edx] ; ntdll.7C99C8E0 7C92EA53 C3 retn 7C92EA54 8D49 00 lea ecx, [ecx] 7C92EA57 90 nop 7C92EA58 90 nop 7C92EA59 90 nop 7C92EA5A 90 nop 7C92EA5B 90 nop 7C92EA5C > B8 17010000 mov eax, 117 7C92EA61 BA 0003FE7F mov edx, 7FFE0300 7C92EA66 FF12 call [edx] ; ntdll.7C99C8E0 7C92EA68 C2 1000 retn 10 7C92EA6B 90 nop 7C92EA6C 90 nop 7C92EA6D 90 nop 7C92EA6E 90 nop 7C92EA6F 90 nop 7C92EA70 90 nop 7C92EA71 > B8 18010000 mov eax, 118 7C92EA76 BA 0003FE7F mov edx, 7FFE0300 7C92EA7B FF12 call [edx] ; ntdll.7C99C8E0 7C92EA7D C2 0C00 retn 0C 7C92EA80 90 nop 7C92EA81 90 nop 7C92EA82 90 nop 7C92EA83 90 nop 7C92EA84 90 nop 7C92EA85 90 nop 7C92EA86 > B8 19010000 mov eax, 119 7C92EA8B BA 0003FE7F mov edx, 7FFE0300 7C92EA90 FF12 call [edx] ; ntdll.7C99C8E0 7C92EA92 C2 1000 retn 10 7C92EA95 90 nop 7C92EA96 90 nop 7C92EA97 90 nop 7C92EA98 90 nop 7C92EA99 90 nop 7C92EA9A 90 nop 7C92EA9B > B8 1A010000 mov eax, 11A 7C92EAA0 BA 0003FE7F mov edx, 7FFE0300 7C92EAA5 FF12 call [edx] ; ntdll.7C99C8E0 7C92EAA7 C2 1000 retn 10 7C92EAAA 90 nop 7C92EAAB 90 nop 7C92EAAC 90 nop 7C92EAAD 90 nop 7C92EAAE 90 nop 7C92EAAF 90 nop 7C92EAB0 > B8 1B010000 mov eax, 11B 7C92EAB5 BA 0003FE7F mov edx, 7FFE0300 7C92EABA FF12 call [edx] ; ntdll.7C99C8E0 7C92EABC C3 retn 7C92EABD 90 nop 7C92EABE 90 nop 7C92EABF 90 nop 7C92EAC0 > 8D7C24 10 lea edi, [esp+10] 7C92EAC4 58 pop eax ; ntdll.7C92E89A 7C92EAC5 FFD0 call eax 7C92EAC7 6A 01 push 1 7C92EAC9 57 push edi 7C92EACA E8 4AEBFFFF call ZwContinue 7C92EACF 90 nop 7C92EAD0 > 83C4 04 add esp, 4 7C92EAD3 5A pop edx ; ntdll.7C92E89A 7C92EAD4 64:A1 18000000 mov eax, fs:[18] 7C92EADA 8B40 30 mov eax, [eax+30] 7C92EADD 8B40 2C mov eax, [eax+2C] 7C92EAE0 FF1490 call [eax+edx*4] 7C92EAE3 33C9 xor ecx, ecx 7C92EAE5 33D2 xor edx, edx ; msvcrt.77C31AE8 7C92EAE7 CD 2B int 2B 7C92EAE9 CC int3 7C92EAEA 8BFF mov edi, edi 7C92EAEC > 8B4C24 04 mov ecx, [esp+4] ; kernel32.7C81CA5E 7C92EAF0 8B1C24 mov ebx, [esp] ; ntdll.7C92E89A 7C92EAF3 51 push ecx 7C92EAF4 53 push ebx 7C92EAF5 E8 C78C0200 call 7C9577C1 7C92EAFA 0AC0 or al, al 7C92EAFC 74 0C je short 7C92EB0A 7C92EAFE 5B pop ebx ; ntdll.7C92E89A 7C92EAFF 59 pop ecx ; ntdll.7C92E89A 7C92EB00 6A 00 push 0 7C92EB02 51 push ecx 7C92EB03 E8 11EBFFFF call ZwContinue 7C92EB08 EB 0B jmp short 7C92EB15 7C92EB0A 5B pop ebx ; ntdll.7C92E89A 7C92EB0B 59 pop ecx ; ntdll.7C92E89A 7C92EB0C 6A 00 push 0 7C92EB0E 51 push ecx 7C92EB0F 53 push ebx 7C92EB10 E8 3DF7FFFF call ZwRaiseException 7C92EB15 83C4 EC add esp, -14 7C92EB18 890424 mov [esp], eax 7C92EB1B C74424 04 01000>mov dword ptr [esp+4], 1 7C92EB23 895C24 08 mov [esp+8], ebx 7C92EB27 C74424 10 00000>mov dword ptr [esp+10], 0 7C92EB2F 54 push esp 7C92EB30 E8 77000000 call RtlRaiseException 7C92EB35 C2 0800 retn 8 7C92EB38 90 nop 7C92EB39 90 nop 7C92EB3A 90 nop 7C92EB3B 90 nop 7C92EB3C 90 nop 7C92EB3D > 55 push ebp 7C92EB3E 8BEC mov ebp, esp 7C92EB40 83EC 50 sub esp, 50 7C92EB43 894424 0C mov [esp+C], eax 7C92EB47 64:A1 18000000 mov eax, fs:[18] 7C92EB4D 8B80 A4010000 mov eax, [eax+1A4] 7C92EB53 890424 mov [esp], eax 7C92EB56 C74424 04 00000>mov dword ptr [esp+4], 0 7C92EB5E C74424 08 00000>mov dword ptr [esp+8], 0 7C92EB66 C74424 10 00000>mov dword ptr [esp+10], 0 7C92EB6E 54 push esp 7C92EB6F E8 38000000 call RtlRaiseException 7C92EB74 8B0424 mov eax, [esp] ; ntdll.7C92E89A 7C92EB77 8BE5 mov esp, ebp 7C92EB79 5D pop ebp ; ntdll.7C92E89A 7C92EB7A C3 retn 7C92EB7B 90 nop 7C92EB7C 8DA424 00000000 lea esp, [esp] 7C92EB83 8D49 00 lea ecx, [ecx] 7C92EB86 90 nop 7C92EB87 90 nop 7C92EB88 90 nop 7C92EB89 90 nop 7C92EB8A 90 nop 7C92EB8B > 8BD4 mov edx, esp 7C92EB8D 0F34 sysenter 7C92EB8F 90 nop 7C92EB90 90 nop 7C92EB91 90 nop 7C92EB92 90 nop 7C92EB93 90 nop 7C92EB94 > C3 retn 7C92EB95 8DA424 00000000 lea esp, [esp] 7C92EB9C 8D6424 00 lea esp, [esp] 7C92EBA0 90 nop 7C92EBA1 90 nop 7C92EBA2 90 nop 7C92EBA3 90 nop 7C92EBA4 90 nop 7C92EBA5 > 8D5424 08 lea edx, [esp+8] 7C92EBA9 CD 2E int 2E 7C92EBAB C3 retn 7C92EBAC > 55 push ebp 7C92EBAD 8BEC mov ebp, esp 7C92EBAF 9C pushfd 7C92EBB0 81EC D0020000 sub esp, 2D0 7C92EBB6 8985 DCFDFFFF mov [ebp-224], eax 7C92EBBC 898D D8FDFFFF mov [ebp-228], ecx 7C92EBC2 8B45 08 mov eax, [ebp+8] 7C92EBC5 8B4D 04 mov ecx, [ebp+4] ; kernel32.7C81CAB6 7C92EBC8 8948 0C mov [eax+C], ecx 7C92EBCB 8D85 2CFDFFFF lea eax, [ebp-2D4] 7C92EBD1 8988 B8000000 mov [eax+B8], ecx 7C92EBD7 8998 A4000000 mov [eax+A4], ebx 7C92EBDD 8990 A8000000 mov [eax+A8], edx ; msvcrt.77C31AE8 7C92EBE3 89B0 A0000000 mov [eax+A0], esi ; ntdll.ZwTerminateProcess 7C92EBE9 89B8 9C000000 mov [eax+9C], edi 7C92EBEF 8D4D 0C lea ecx, [ebp+C] 7C92EBF2 8988 C4000000 mov [eax+C4], ecx 7C92EBF8 8B4D 00 mov ecx, [ebp] 7C92EBFB 8988 B4000000 mov [eax+B4], ecx 7C92EC01 8B4D FC mov ecx, [ebp-4] 7C92EC04 8988 C0000000 mov [eax+C0], ecx 7C92EC0A 8C88 BC000000 mov [eax+BC], cs 7C92EC10 8C98 98000000 mov [eax+98], ds 7C92EC16 8C80 94000000 mov [eax+94], es 7C92EC1C 8CA0 90000000 mov [eax+90], fs 7C92EC22 8CA8 8C000000 mov [eax+8C], gs 7C92EC28 8C90 C8000000 mov [eax+C8], ss 7C92EC2E C700 07000100 mov dword ptr [eax], 10007 7C92EC34 6A 01 push 1 7C92EC36 50 push eax 7C92EC37 FF75 08 push dword ptr [ebp+8] 7C92EC3A E8 13F6FFFF call ZwRaiseException 7C92EC3F 83EC 20 sub esp, 20 7C92EC42 890424 mov [esp], eax 7C92EC45 C74424 04 01000>mov dword ptr [esp+4], 1 7C92EC4D C74424 10 00000>mov dword ptr [esp+10], 0 7C92EC55 8B45 08 mov eax, [ebp+8] 7C92EC58 894424 08 mov [esp+8], eax 7C92EC5C 8BC4 mov eax, esp 7C92EC5E 50 push eax 7C92EC5F E8 48FFFFFF call RtlRaiseException 7C92EC64 CC int3 7C92EC65 CC int3 7C92EC66 CC int3 7C92EC67 CC int3 7C92EC68 CC int3 7C92EC69 CC int3 7C92EC6A 90 nop 7C92EC6B 90 nop 7C92EC6C 90 nop 7C92EC6D 90 nop 7C92EC6E 90 nop 7C92EC6F > 8B4C24 08 mov ecx, [esp+8] 7C92EC73 57 push edi 7C92EC74 53 push ebx 7C92EC75 56 push esi ; ntdll.ZwTerminateProcess 7C92EC76 8A11 mov dl, [ecx] 7C92EC78 8B7C24 10 mov edi, [esp+10] 7C92EC7C 84D2 test dl, dl 7C92EC7E 74 66 je short 7C92ECE6 7C92EC80 8A71 01 mov dh, [ecx+1] 7C92EC83 84F6 test dh, dh 7C92EC85 74 4F je short 7C92ECD6 7C92EC87 8BF7 mov esi, edi 7C92EC89 8B4C24 14 mov ecx, [esp+14] 7C92EC8D 8A07 mov al, [edi] 7C92EC8F 46 inc esi ; ntdll.ZwTerminateProcess 7C92EC90 3AC2 cmp al, dl 7C92EC92 74 15 je short 7C92ECA9 7C92EC94 84C0 test al, al 7C92EC96 74 0B je short 7C92ECA3 7C92EC98 8A06 mov al, [esi] 7C92EC9A 46 inc esi ; ntdll.ZwTerminateProcess 7C92EC9B 3AC2 cmp al, dl 7C92EC9D 74 0A je short 7C92ECA9 7C92EC9F 84C0 test al, al 7C92ECA1 ^ 75 F5 jnz short 7C92EC98 7C92ECA3 5E pop esi ; ntdll.7C92E89A 7C92ECA4 5B pop ebx ; ntdll.7C92E89A 7C92ECA5 5F pop edi ; ntdll.7C92E89A 7C92ECA6 33C0 xor eax, eax 7C92ECA8 C3 retn 7C92ECA9 8A06 mov al, [esi] 7C92ECAB 46 inc esi ; ntdll.ZwTerminateProcess 7C92ECAC 3AC6 cmp al, dh 7C92ECAE ^ 75 EB jnz short 7C92EC9B 7C92ECB0 8D7E FF lea edi, [esi-1] 7C92ECB3 8A61 02 mov ah, [ecx+2] 7C92ECB6 84E4 test ah, ah 7C92ECB8 74 25 je short 7C92ECDF 7C92ECBA 8A06 mov al, [esi] 7C92ECBC 83C6 02 add esi, 2 7C92ECBF 3AC4 cmp al, ah 7C92ECC1 ^ 75 C4 jnz short 7C92EC87 7C92ECC3 8A41 03 mov al, [ecx+3] 7C92ECC6 84C0 test al, al 7C92ECC8 74 15 je short 7C92ECDF 7C92ECCA 8A66 FF mov ah, [esi-1] 7C92ECCD 83C1 02 add ecx, 2 7C92ECD0 3AC4 cmp al, ah 7C92ECD2 ^ 74 DF je short 7C92ECB3 7C92ECD4 ^ EB B1 jmp short 7C92EC87 7C92ECD6 33C0 xor eax, eax 7C92ECD8 5E pop esi ; ntdll.7C92E89A 7C92ECD9 5B pop ebx ; ntdll.7C92E89A 7C92ECDA 5F pop edi ; ntdll.7C92E89A 7C92ECDB 8AC2 mov al, dl 7C92ECDD EB 28 jmp short 7C92ED07 7C92ECDF 8D47 FF lea eax, [edi-1] 7C92ECE2 5E pop esi ; ntdll.7C92E89A 7C92ECE3 5B pop ebx ; ntdll.7C92E89A 7C92ECE4 5F pop edi ; ntdll.7C92E89A 7C92ECE5 C3 retn 7C92ECE6 8BC7 mov eax, edi 7C92ECE8 5E pop esi ; ntdll.7C92E89A 7C92ECE9 5B pop ebx ; ntdll.7C92E89A 7C92ECEA 5F pop edi ; ntdll.7C92E89A 7C92ECEB C3 retn 7C92ECEC 8D42 FF lea eax, [edx-1] 7C92ECEF 5B pop ebx ; ntdll.7C92E89A 7C92ECF0 C3 retn 7C92ECF1 8DA424 00000000 lea esp, [esp] 7C92ECF8 8D6424 00 lea esp, [esp] 7C92ECFC 90 nop 7C92ECFD 90 nop 7C92ECFE 90 nop 7C92ECFF 90 nop 7C92ED00 90 nop 7C92ED01 > 33C0 xor eax, eax 7C92ED03 8A4424 08 mov al, [esp+8] 7C92ED07 53 push ebx 7C92ED08 8BD8 mov ebx, eax 7C92ED0A C1E0 08 shl eax, 8 7C92ED0D 8B5424 08 mov edx, [esp+8] 7C92ED11 F7C2 03000000 test edx, 3 7C92ED17 74 13 je short 7C92ED2C 7C92ED19 8A0A mov cl, [edx] 7C92ED1B 42 inc edx ; msvcrt.77C31AE8 7C92ED1C 3ACB cmp cl, bl 7C92ED1E ^ 74 CC je short 7C92ECEC 7C92ED20 84C9 test cl, cl 7C92ED22 74 51 je short 7C92ED75 7C92ED24 F7C2 03000000 test edx, 3 7C92ED2A ^ 75 ED jnz short 7C92ED19 7C92ED2C 0BD8 or ebx, eax 7C92ED2E 57 push edi 7C92ED2F 8BC3 mov eax, ebx 7C92ED31 C1E3 10 shl ebx, 10 7C92ED34 56 push esi ; ntdll.ZwTerminateProcess 7C92ED35 0BD8 or ebx, eax 7C92ED37 8B0A mov ecx, [edx] ; ntdll.7C99C8E0 7C92ED39 BF FFFEFE7E mov edi, 7EFEFEFF 7C92ED3E 8BC1 mov eax, ecx 7C92ED40 8BF7 mov esi, edi 7C92ED42 33CB xor ecx, ebx 7C92ED44 03F0 add esi, eax 7C92ED46 03F9 add edi, ecx 7C92ED48 83F1 FF xor ecx, FFFFFFFF 7C92ED4B 83F0 FF xor eax, FFFFFFFF 7C92ED4E 33CF xor ecx, edi 7C92ED50 33C6 xor eax, esi ; ntdll.ZwTerminateProcess 7C92ED52 83C2 04 add edx, 4 7C92ED55 81E1 00010181 and ecx, 81010100 7C92ED5B 75 1C jnz short 7C92ED79 7C92ED5D 25 00010181 and eax, 81010100 7C92ED62 ^ 74 D3 je short 7C92ED37 7C92ED64 25 00010101 and eax, 1010100 7C92ED69 75 08 jnz short 7C92ED73 7C92ED6B 81E6 00000080 and esi, 80000000 7C92ED71 ^ 75 C4 jnz short 7C92ED37 7C92ED73 5E pop esi ; ntdll.7C92E89A 7C92ED74 5F pop edi ; ntdll.7C92E89A 7C92ED75 5B pop ebx ; ntdll.7C92E89A 7C92ED76 33C0 xor eax, eax 7C92ED78 C3 retn 7C92ED79 8B42 FC mov eax, [edx-4] 7C92ED7C 3AC3 cmp al, bl 7C92ED7E 74 36 je short 7C92EDB6 7C92ED80 84C0 test al, al 7C92ED82 ^ 74 EF je short 7C92ED73 7C92ED84 3AE3 cmp ah, bl 7C92ED86 74 27 je short 7C92EDAF 7C92ED88 84E4 test ah, ah 7C92ED8A ^ 74 E7 je short 7C92ED73 7C92ED8C C1E8 10 shr eax, 10 7C92ED8F 3AC3 cmp al, bl 7C92ED91 74 15 je short 7C92EDA8 7C92ED93 84C0 test al, al 7C92ED95 ^ 74 DC je short 7C92ED73 7C92ED97 3AE3 cmp ah, bl 7C92ED99 74 06 je short 7C92EDA1 7C92ED9B 84E4 test ah, ah 7C92ED9D ^ 74 D4 je short 7C92ED73 7C92ED9F ^ EB 96 jmp short 7C92ED37 7C92EDA1 5E pop esi ; ntdll.7C92E89A 7C92EDA2 5F pop edi ; ntdll.7C92E89A 7C92EDA3 8D42 FF lea eax, [edx-1] 7C92EDA6 5B pop ebx ; ntdll.7C92E89A 7C92EDA7 C3 retn 7C92EDA8 8D42 FE lea eax, [edx-2] 7C92EDAB 5E pop esi ; ntdll.7C92E89A 7C92EDAC 5F pop edi ; ntdll.7C92E89A 7C92EDAD 5B pop ebx ; ntdll.7C92E89A 7C92EDAE C3 retn 7C92EDAF 8D42 FD lea eax, [edx-3] 7C92EDB2 5E pop esi ; ntdll.7C92E89A 7C92EDB3 5F pop edi ; ntdll.7C92E89A 7C92EDB4 5B pop ebx ; ntdll.7C92E89A 7C92EDB5 C3 retn 7C92EDB6 8D42 FC lea eax, [edx-4] 7C92EDB9 5E pop esi ; ntdll.7C92E89A 7C92EDBA 5F pop edi ; ntdll.7C92E89A 7C92EDBB 5B pop ebx ; ntdll.7C92E89A 7C92EDBC C3 retn 7C92EDBD 90 nop 7C92EDBE 90 nop 7C92EDBF 90 nop 7C92EDC0 90 nop 7C92EDC1 90 nop 7C92EDC2 68 18EE927C push 7C92EE18 7C92EDC7 64:A1 00000000 mov eax, fs:[0] 7C92EDCD 50 push eax 7C92EDCE 8B4424 10 mov eax, [esp+10] 7C92EDD2 896C24 10 mov [esp+10], ebp 7C92EDD6 8D6C24 10 lea ebp, [esp+10] 7C92EDDA 2BE0 sub esp, eax 7C92EDDC 53 push ebx 7C92EDDD 56 push esi ; ntdll.ZwTerminateProcess 7C92EDDE 57 push edi 7C92EDDF 8B45 F8 mov eax, [ebp-8] ; kernel32.7C81CA78 7C92EDE2 8965 E8 mov [ebp-18], esp 7C92EDE5 50 push eax 7C92EDE6 8B45 FC mov eax, [ebp-4] 7C92EDE9 C745 FC FFFFFFF>mov dword ptr [ebp-4], -1 7C92EDF0 8945 F8 mov [ebp-8], eax 7C92EDF3 8D45 F0 lea eax, [ebp-10] 7C92EDF6 64:A3 00000000 mov fs:[0], eax 7C92EDFC C3 retn 7C92EDFD 90 nop 7C92EDFE 90 nop 7C92EDFF 90 nop 7C92EE00 90 nop 7C92EE01 90 nop 7C92EE02 8B4D F0 mov ecx, [ebp-10] 7C92EE05 64:890D 0000000>mov fs:[0], ecx 7C92EE0C 59 pop ecx ; ntdll.7C92E89A 7C92EE0D 5F pop edi ; ntdll.7C92E89A 7C92EE0E 5E pop esi ; ntdll.7C92E89A 7C92EE0F 5B pop ebx ; ntdll.7C92E89A 7C92EE10 C9 leave 7C92EE11 51 push ecx 7C92EE12 C3 retn 7C92EE13 90 nop 7C92EE14 90 nop 7C92EE15 90 nop 7C92EE16 90 nop 7C92EE17 90 nop 7C92EE18 55 push ebp 7C92EE19 8BEC mov ebp, esp 7C92EE1B 83EC 08 sub esp, 8 7C92EE1E 53 push ebx 7C92EE1F 56 push esi ; ntdll.ZwTerminateProcess 7C92EE20 57 push edi 7C92EE21 55 push ebp 7C92EE22 FC cld 7C92EE23 8B5D 0C mov ebx, [ebp+C] ; RPCRT4.77E8F3B0 7C92EE26 8B45 08 mov eax, [ebp+8] 7C92EE29 F740 04 0600000>test dword ptr [eax+4], 6 7C92EE30 0F85 AB000000 jnz 7C92EEE1 7C92EE36 8945 F8 mov [ebp-8], eax 7C92EE39 8B45 10 mov eax, [ebp+10] 7C92EE3C 8945 FC mov [ebp-4], eax 7C92EE3F 8D45 F8 lea eax, [ebp-8] 7C92EE42 8943 FC mov [ebx-4], eax 7C92EE45 8B73 0C mov esi, [ebx+C] 7C92EE48 8B7B 08 mov edi, [ebx+8] 7C92EE4B 53 push ebx 7C92EE4C E8 77190200 call 7C9507C8 7C92EE51 83C4 04 add esp, 4 7C92EE54 0BC0 or eax, eax 7C92EE56 74 7B je short 7C92EED3 7C92EE58 83FE FF cmp esi, -1 7C92EE5B 74 7D je short 7C92EEDA 7C92EE5D 8D0C76 lea ecx, [esi+esi*2] 7C92EE60 8B448F 04 mov eax, [edi+ecx*4+4] 7C92EE64 0BC0 or eax, eax 7C92EE66 74 59 je short 7C92EEC1 7C92EE68 56 push esi ; ntdll.ZwTerminateProcess 7C92EE69 55 push ebp 7C92EE6A 8D6B 10 lea ebp, [ebx+10] 7C92EE6D 33DB xor ebx, ebx 7C92EE6F 33C9 xor ecx, ecx 7C92EE71 33D2 xor edx, edx ; msvcrt.77C31AE8 7C92EE73 33F6 xor esi, esi ; ntdll.ZwTerminateProcess 7C92EE75 33FF xor edi, edi 7C92EE77 FFD0 call eax 7C92EE79 5D pop ebp ; ntdll.7C92E89A 7C92EE7A 5E pop esi ; ntdll.7C92E89A 7C92EE7B 8B5D 0C mov ebx, [ebp+C] ; RPCRT4.77E8F3B0 7C92EE7E 0BC0 or eax, eax 7C92EE80 74 3F je short 7C92EEC1 7C92EE82 78 48 js short 7C92EECC 7C92EE84 8B7B 08 mov edi, [ebx+8] 7C92EE87 53 push ebx 7C92EE88 E8 91000000 call 7C92EF1E 7C92EE8D 83C4 04 add esp, 4 7C92EE90 8D6B 10 lea ebp, [ebx+10] 7C92EE93 56 push esi ; ntdll.ZwTerminateProcess 7C92EE94 53 push ebx 7C92EE95 E8 E9000000 call 7C92EF83 7C92EE9A 83C4 08 add esp, 8 7C92EE9D 8D0C76 lea ecx, [esi+esi*2] 7C92EEA0 6A 01 push 1 7C92EEA2 8B448F 08 mov eax, [edi+ecx*4+8] 7C92EEA6 E8 7E010000 call 7C92F029 7C92EEAB 8B048F mov eax, [edi+ecx*4] 7C92EEAE 8943 0C mov [ebx+C], eax 7C92EEB1 8B448F 08 mov eax, [edi+ecx*4+8] 7C92EEB5 33DB xor ebx, ebx 7C92EEB7 33C9 xor ecx, ecx 7C92EEB9 33D2 xor edx, edx ; msvcrt.77C31AE8 |
|
[讨论]程序分析!
7C92C96B 77 52 ja short 7C92C9BF 7C92C96D 65:73 65 jnb short 7C92C9D5 7C92C970 74 45 je short 7C92C9B7 7C92C972 76 65 jbe short 7C92C9D9 7C92C974 6E outs dx, byte ptr es:[edi] 7C92C975 74 00 je short 7C92C977 7C92C977 5A pop edx ; ntdll.7C92E89A 7C92C978 77 52 ja short 7C92C9CC 7C92C97A 65:73 65 jnb short 7C92C9E2 7C92C97D 74 57 je short 7C92C9D6 7C92C97F 72 69 jb short 7C92C9EA 7C92C981 74 65 je short 7C92C9E8 7C92C983 57 push edi 7C92C984 61 popad 7C92C985 74 63 je short 7C92C9EA 7C92C987 68 005A7752 push 52775A00 7C92C98C 65:73 74 jnb short 7C92CA03 7C92C98F 6F outs dx, dword ptr es:[edi] 7C92C990 72 65 jb short 7C92C9F7 7C92C992 4B dec ebx 7C92C993 65:79 00 jns short 7C92C996 7C92C996 5A pop edx ; ntdll.7C92E89A 7C92C997 77 52 ja short 7C92C9EB 7C92C999 65:73 75 jnb short 7C92CA11 7C92C99C 6D ins dword ptr es:[edi], dx 7C92C99D 65:50 push eax 7C92C99F 72 6F jb short 7C92CA10 7C92C9A1 6365 73 arpl [ebp+73], sp 7C92C9A4 73 00 jnb short 7C92C9A6 7C92C9A6 5A pop edx ; ntdll.7C92E89A 7C92C9A7 77 52 ja short 7C92C9FB 7C92C9A9 65:73 75 jnb short 7C92CA21 7C92C9AC 6D ins dword ptr es:[edi], dx 7C92C9AD 65:54 push esp 7C92C9AF 68 72656164 push 64616572 7C92C9B4 005A 77 add [edx+77], bl 7C92C9B7 53 push ebx 7C92C9B8 61 popad 7C92C9B9 76 65 jbe short 7C92CA20 7C92C9BB 4B dec ebx 7C92C9BC 65:79 00 jns short 7C92C9BF 7C92C9BF 5A pop edx ; ntdll.7C92E89A 7C92C9C0 77 53 ja short 7C92CA15 7C92C9C2 61 popad 7C92C9C3 76 65 jbe short 7C92CA2A 7C92C9C5 4B dec ebx 7C92C9C6 65:79 45 jns short 7C92CA0E 7C92C9C9 78 00 js short 7C92C9CB 7C92C9CB 5A pop edx ; ntdll.7C92E89A 7C92C9CC 77 53 ja short 7C92CA21 7C92C9CE 61 popad 7C92C9CF 76 65 jbe short 7C92CA36 7C92C9D1 4D dec ebp 7C92C9D2 65:72 67 jb short 7C92CA3C 7C92C9D5 65: prefix gs: 7C92C9D6 64:4B dec ebx 7C92C9D8 65:79 73 jns short 7C92CA4E 7C92C9DB 005A 77 add [edx+77], bl 7C92C9DE 53 push ebx 7C92C9DF 65:6375 72 arpl gs:[ebp+72], si 7C92C9E3 65:43 inc ebx 7C92C9E5 6F outs dx, dword ptr es:[edi] 7C92C9E6 6E outs dx, byte ptr es:[edi] 7C92C9E7 6E outs dx, byte ptr es:[edi] 7C92C9E8 65:637450 6F arpl gs:[eax+edx*2+6F], si 7C92C9ED 72 74 jb short 7C92CA63 7C92C9EF 005A 77 add [edx+77], bl 7C92C9F2 53 push ebx 7C92C9F3 65:74 42 je short 7C92CA38 7C92C9F6 6F outs dx, dword ptr es:[edi] 7C92C9F7 6F outs dx, dword ptr es:[edi] 7C92C9F8 74 45 je short 7C92CA3F 7C92C9FA 6E outs dx, byte ptr es:[edi] 7C92C9FB 74 72 je short 7C92CA6F 7C92C9FD 79 4F jns short 7C92CA4E 7C92C9FF 72 64 jb short 7C92CA65 7C92CA01 65:72 00 jb short 7C92CA04 7C92CA04 5A pop edx ; ntdll.7C92E89A 7C92CA05 77 53 ja short 7C92CA5A 7C92CA07 65:74 42 je short 7C92CA4C 7C92CA0A 6F outs dx, dword ptr es:[edi] 7C92CA0B 6F outs dx, dword ptr es:[edi] 7C92CA0C 74 4F je short 7C92CA5D 7C92CA0E 70 74 jo short 7C92CA84 7C92CA10 696F 6E 73005A7>imul ebp, [edi+6E], 775A0073 7C92CA17 53 push ebx 7C92CA18 65:74 43 je short 7C92CA5E 7C92CA1B 6F outs dx, dword ptr es:[edi] 7C92CA1C 6E outs dx, byte ptr es:[edi] 7C92CA1D 74 65 je short 7C92CA84 7C92CA1F 78 74 js short 7C92CA95 7C92CA21 54 push esp 7C92CA22 68 72656164 push 64616572 7C92CA27 005A 77 add [edx+77], bl 7C92CA2A 53 push ebx 7C92CA2B 65:74 44 je short 7C92CA72 7C92CA2E 65:6275 67 bound esi, gs:[ebp+67] 7C92CA32 46 inc esi ; ntdll.ZwTerminateProcess 7C92CA33 696C74 65 72537>imul ebp, [esp+esi*2+65], 61745372 7C92CA3B 74 65 je short 7C92CAA2 7C92CA3D 005A 77 add [edx+77], bl 7C92CA40 53 push ebx 7C92CA41 65:74 44 je short 7C92CA88 7C92CA44 65:66:61 popaw 7C92CA47 75 6C jnz short 7C92CAB5 7C92CA49 74 48 je short 7C92CA93 7C92CA4B 61 popad 7C92CA4C 72 64 jb short 7C92CAB2 7C92CA4E 45 inc ebp 7C92CA4F 72 72 jb short 7C92CAC3 7C92CA51 6F outs dx, dword ptr es:[edi] 7C92CA52 72 50 jb short 7C92CAA4 7C92CA54 6F outs dx, dword ptr es:[edi] 7C92CA55 72 74 jb short 7C92CACB 7C92CA57 005A 77 add [edx+77], bl 7C92CA5A 53 push ebx 7C92CA5B 65:74 44 je short 7C92CAA2 7C92CA5E 65:66:61 popaw 7C92CA61 75 6C jnz short 7C92CACF 7C92CA63 74 4C je short 7C92CAB1 7C92CA65 6F outs dx, dword ptr es:[edi] 7C92CA66 6361 6C arpl [ecx+6C], sp 7C92CA69 65:005A 77 add gs:[edx+77], bl 7C92CA6D 53 push ebx 7C92CA6E 65:74 44 je short 7C92CAB5 7C92CA71 65:66:61 popaw 7C92CA74 75 6C jnz short 7C92CAE2 7C92CA76 74 55 je short 7C92CACD 7C92CA78 49 dec ecx 7C92CA79 4C dec esp 7C92CA7A 61 popad 7C92CA7B 6E outs dx, byte ptr es:[edi] 7C92CA7C 67:75 61 jnz short 7C92CAE0 7C92CA7F 67:65:005A 77 add gs:[bp+si+77], bl 7C92CA84 53 push ebx 7C92CA85 65:74 45 je short 7C92CACD 7C92CA88 61 popad 7C92CA89 46 inc esi ; ntdll.ZwTerminateProcess 7C92CA8A 696C65 00 5A775>imul ebp, [ebp], 6553775A 7C92CA92 74 45 je short 7C92CAD9 7C92CA94 76 65 jbe short 7C92CAFB 7C92CA96 6E outs dx, byte ptr es:[edi] 7C92CA97 74 00 je short 7C92CA99 7C92CA99 5A pop edx ; ntdll.7C92E89A 7C92CA9A 77 53 ja short 7C92CAEF 7C92CA9C 65:74 45 je short 7C92CAE4 7C92CA9F 76 65 jbe short 7C92CB06 7C92CAA1 6E outs dx, byte ptr es:[edi] 7C92CAA2 74 42 je short 7C92CAE6 7C92CAA4 6F outs dx, dword ptr es:[edi] 7C92CAA5 6F outs dx, dword ptr es:[edi] 7C92CAA6 73 74 jnb short 7C92CB1C 7C92CAA8 50 push eax 7C92CAA9 72 69 jb short 7C92CB14 7C92CAAB 6F outs dx, dword ptr es:[edi] 7C92CAAC 72 69 jb short 7C92CB17 7C92CAAE 74 79 je short 7C92CB29 7C92CAB0 005A 77 add [edx+77], bl 7C92CAB3 53 push ebx 7C92CAB4 65:74 48 je short 7C92CAFF 7C92CAB7 6967 68 4576656>imul esp, [edi+68], 6E657645 7C92CABE 74 50 je short 7C92CB10 7C92CAC0 61 popad 7C92CAC1 6972 00 5A77536>imul esi, [edx], 6553775A ; ntdll.7C99C8E0 7C92CAC8 74 48 je short 7C92CB12 7C92CACA 6967 68 5761697>imul esp, [edi+68], 74696157 7C92CAD1 4C dec esp 7C92CAD2 6F outs dx, dword ptr es:[edi] 7C92CAD3 77 45 ja short 7C92CB1A 7C92CAD5 76 65 jbe short 7C92CB3C 7C92CAD7 6E outs dx, byte ptr es:[edi] 7C92CAD8 74 50 je short 7C92CB2A 7C92CADA 61 popad 7C92CADB 6972 00 5A77536>imul esi, [edx], 6553775A ; ntdll.7C99C8E0 7C92CAE2 74 49 je short 7C92CB2D 7C92CAE4 6E outs dx, byte ptr es:[edi] 7C92CAE5 66:6F outs dx, word ptr es:[edi] 7C92CAE7 72 6D jb short 7C92CB56 7C92CAE9 61 popad 7C92CAEA 74 69 je short 7C92CB55 7C92CAEC 6F outs dx, dword ptr es:[edi] 7C92CAED 6E outs dx, byte ptr es:[edi] 7C92CAEE 44 inc esp 7C92CAEF 65:6275 67 bound esi, gs:[ebp+67] 7C92CAF3 4F dec edi 7C92CAF4 626A 65 bound ebp, [edx+65] 7C92CAF7 637400 5A arpl [eax+eax+5A], si 7C92CAFB 77 53 ja short 7C92CB50 7C92CAFD 65:74 49 je short 7C92CB49 7C92CB00 6E outs dx, byte ptr es:[edi] 7C92CB01 66:6F outs dx, word ptr es:[edi] 7C92CB03 72 6D jb short 7C92CB72 7C92CB05 61 popad 7C92CB06 74 69 je short 7C92CB71 7C92CB08 6F outs dx, dword ptr es:[edi] 7C92CB09 6E outs dx, byte ptr es:[edi] 7C92CB0A 46 inc esi ; ntdll.ZwTerminateProcess 7C92CB0B 696C65 00 5A775>imul ebp, [ebp], 6553775A 7C92CB13 74 49 je short 7C92CB5E 7C92CB15 6E outs dx, byte ptr es:[edi] 7C92CB16 66:6F outs dx, word ptr es:[edi] 7C92CB18 72 6D jb short 7C92CB87 7C92CB1A 61 popad 7C92CB1B 74 69 je short 7C92CB86 7C92CB1D 6F outs dx, dword ptr es:[edi] 7C92CB1E 6E outs dx, byte ptr es:[edi] 7C92CB1F 4A dec edx ; msvcrt.77C31AE8 7C92CB20 6F outs dx, dword ptr es:[edi] 7C92CB21 624F 62 bound ecx, [edi+62] 7C92CB24 6A 65 push 65 7C92CB26 637400 5A arpl [eax+eax+5A], si 7C92CB2A 77 53 ja short 7C92CB7F 7C92CB2C 65:74 49 je short 7C92CB78 7C92CB2F 6E outs dx, byte ptr es:[edi] 7C92CB30 66:6F outs dx, word ptr es:[edi] 7C92CB32 72 6D jb short 7C92CBA1 7C92CB34 61 popad 7C92CB35 74 69 je short 7C92CBA0 7C92CB37 6F outs dx, dword ptr es:[edi] 7C92CB38 6E outs dx, byte ptr es:[edi] 7C92CB39 4B dec ebx 7C92CB3A 65:79 00 jns short 7C92CB3D 7C92CB3D 5A pop edx ; ntdll.7C92E89A 7C92CB3E 77 53 ja short 7C92CB93 7C92CB40 65:74 49 je short 7C92CB8C 7C92CB43 6E outs dx, byte ptr es:[edi] 7C92CB44 66:6F outs dx, word ptr es:[edi] 7C92CB46 72 6D jb short 7C92CBB5 7C92CB48 61 popad 7C92CB49 74 69 je short 7C92CBB4 7C92CB4B 6F outs dx, dword ptr es:[edi] 7C92CB4C 6E outs dx, byte ptr es:[edi] 7C92CB4D 4F dec edi 7C92CB4E 626A 65 bound ebp, [edx+65] 7C92CB51 637400 5A arpl [eax+eax+5A], si 7C92CB55 77 53 ja short 7C92CBAA 7C92CB57 65:74 49 je short 7C92CBA3 7C92CB5A 6E outs dx, byte ptr es:[edi] 7C92CB5B 66:6F outs dx, word ptr es:[edi] 7C92CB5D 72 6D jb short 7C92CBCC 7C92CB5F 61 popad 7C92CB60 74 69 je short 7C92CBCB 7C92CB62 6F outs dx, dword ptr es:[edi] 7C92CB63 6E outs dx, byte ptr es:[edi] 7C92CB64 50 push eax 7C92CB65 72 6F jb short 7C92CBD6 7C92CB67 6365 73 arpl [ebp+73], sp 7C92CB6A 73 00 jnb short 7C92CB6C 7C92CB6C 5A pop edx ; ntdll.7C92E89A 7C92CB6D 77 53 ja short 7C92CBC2 7C92CB6F 65:74 49 je short 7C92CBBB 7C92CB72 6E outs dx, byte ptr es:[edi] 7C92CB73 66:6F outs dx, word ptr es:[edi] 7C92CB75 72 6D jb short 7C92CBE4 7C92CB77 61 popad 7C92CB78 74 69 je short 7C92CBE3 7C92CB7A 6F outs dx, dword ptr es:[edi] 7C92CB7B 6E outs dx, byte ptr es:[edi] 7C92CB7C 54 push esp 7C92CB7D 68 72656164 push 64616572 7C92CB82 005A 77 add [edx+77], bl 7C92CB85 53 push ebx 7C92CB86 65:74 49 je short 7C92CBD2 7C92CB89 6E outs dx, byte ptr es:[edi] 7C92CB8A 66:6F outs dx, word ptr es:[edi] 7C92CB8C 72 6D jb short 7C92CBFB 7C92CB8E 61 popad 7C92CB8F 74 69 je short 7C92CBFA 7C92CB91 6F outs dx, dword ptr es:[edi] 7C92CB92 6E outs dx, byte ptr es:[edi] 7C92CB93 54 push esp 7C92CB94 6F outs dx, dword ptr es:[edi] 7C92CB95 6B65 6E 00 imul esp, [ebp+6E], 0 7C92CB99 5A pop edx ; ntdll.7C92E89A 7C92CB9A 77 53 ja short 7C92CBEF 7C92CB9C 65:74 49 je short 7C92CBE8 7C92CB9F 6E outs dx, byte ptr es:[edi] 7C92CBA0 74 65 je short 7C92CC07 7C92CBA2 72 76 jb short 7C92CC1A 7C92CBA4 61 popad 7C92CBA5 6C ins byte ptr es:[edi], dx 7C92CBA6 50 push eax 7C92CBA7 72 6F jb short 7C92CC18 7C92CBA9 66:696C65 00 5A>imul bp, [ebp], 775A 7C92CBB0 53 push ebx 7C92CBB1 65:74 49 je short 7C92CBFD 7C92CBB4 6F outs dx, dword ptr es:[edi] 7C92CBB5 43 inc ebx 7C92CBB6 6F outs dx, dword ptr es:[edi] 7C92CBB7 6D ins dword ptr es:[edi], dx 7C92CBB8 70 6C jo short 7C92CC26 7C92CBBA 65:74 69 je short 7C92CC26 7C92CBBD 6F outs dx, dword ptr es:[edi] 7C92CBBE 6E outs dx, byte ptr es:[edi] 7C92CBBF 005A 77 add [edx+77], bl 7C92CBC2 53 push ebx 7C92CBC3 65:74 4C je short 7C92CC12 7C92CBC6 64:74 45 je short 7C92CC0E 7C92CBC9 6E outs dx, byte ptr es:[edi] 7C92CBCA 74 72 je short 7C92CC3E 7C92CBCC 6965 73 005A775>imul esp, [ebp+73], 53775A00 7C92CBD3 65:74 4C je short 7C92CC22 7C92CBD6 6F outs dx, dword ptr es:[edi] 7C92CBD7 77 45 ja short 7C92CC1E 7C92CBD9 76 65 jbe short 7C92CC40 7C92CBDB 6E outs dx, byte ptr es:[edi] 7C92CBDC 74 50 je short 7C92CC2E 7C92CBDE 61 popad 7C92CBDF 6972 00 5A77536>imul esi, [edx], 6553775A ; ntdll.7C99C8E0 7C92CBE6 74 4C je short 7C92CC34 7C92CBE8 6F outs dx, dword ptr es:[edi] 7C92CBE9 77 57 ja short 7C92CC42 7C92CBEB 61 popad 7C92CBEC 697448 69 67684>imul esi, [eax+ecx*2+69], 76456867 7C92CBF4 65:6E outs dx, byte ptr es:[edi] 7C92CBF6 74 50 je short 7C92CC48 7C92CBF8 61 popad 7C92CBF9 6972 00 5A77536>imul esi, [edx], 6553775A ; ntdll.7C99C8E0 7C92CC00 74 51 je short 7C92CC53 7C92CC02 75 6F jnz short 7C92CC73 7C92CC04 74 61 je short 7C92CC67 7C92CC06 49 dec ecx 7C92CC07 6E outs dx, byte ptr es:[edi] 7C92CC08 66:6F outs dx, word ptr es:[edi] 7C92CC0A 72 6D jb short 7C92CC79 7C92CC0C 61 popad 7C92CC0D 74 69 je short 7C92CC78 7C92CC0F 6F outs dx, dword ptr es:[edi] 7C92CC10 6E outs dx, byte ptr es:[edi] 7C92CC11 46 inc esi ; ntdll.ZwTerminateProcess 7C92CC12 696C65 00 5A775>imul ebp, [ebp], 6553775A 7C92CC1A 74 53 je short 7C92CC6F 7C92CC1C 65:6375 72 arpl gs:[ebp+72], si 7C92CC20 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C92CC28 74 00 je short 7C92CC2A 7C92CC2A 5A pop edx ; ntdll.7C92E89A 7C92CC2B 77 53 ja short 7C92CC80 7C92CC2D 65:74 53 je short 7C92CC83 7C92CC30 79 73 jns short 7C92CCA5 7C92CC32 74 65 je short 7C92CC99 7C92CC34 6D ins dword ptr es:[edi], dx 7C92CC35 45 inc ebp 7C92CC36 6E outs dx, byte ptr es:[edi] 7C92CC37 76 69 jbe short 7C92CCA2 7C92CC39 72 6F jb short 7C92CCAA 7C92CC3B 6E outs dx, byte ptr es:[edi] 7C92CC3C 6D ins dword ptr es:[edi], dx 7C92CC3D 65:6E outs dx, byte ptr es:[edi] 7C92CC3F 74 56 je short 7C92CC97 7C92CC41 61 popad 7C92CC42 6C ins byte ptr es:[edi], dx 7C92CC43 75 65 jnz short 7C92CCAA 7C92CC45 005A 77 add [edx+77], bl 7C92CC48 53 push ebx 7C92CC49 65:74 53 je short 7C92CC9F 7C92CC4C 79 73 jns short 7C92CCC1 7C92CC4E 74 65 je short 7C92CCB5 7C92CC50 6D ins dword ptr es:[edi], dx 7C92CC51 45 inc ebp 7C92CC52 6E outs dx, byte ptr es:[edi] 7C92CC53 76 69 jbe short 7C92CCBE 7C92CC55 72 6F jb short 7C92CCC6 7C92CC57 6E outs dx, byte ptr es:[edi] 7C92CC58 6D ins dword ptr es:[edi], dx 7C92CC59 65:6E outs dx, byte ptr es:[edi] 7C92CC5B 74 56 je short 7C92CCB3 7C92CC5D 61 popad 7C92CC5E 6C ins byte ptr es:[edi], dx 7C92CC5F 75 65 jnz short 7C92CCC6 7C92CC61 45 inc ebp 7C92CC62 78 00 js short 7C92CC64 7C92CC64 5A pop edx ; ntdll.7C92E89A 7C92CC65 77 53 ja short 7C92CCBA 7C92CC67 65:74 53 je short 7C92CCBD 7C92CC6A 79 73 jns short 7C92CCDF 7C92CC6C 74 65 je short 7C92CCD3 7C92CC6E 6D ins dword ptr es:[edi], dx 7C92CC6F 49 dec ecx 7C92CC70 6E outs dx, byte ptr es:[edi] 7C92CC71 66:6F outs dx, word ptr es:[edi] 7C92CC73 72 6D jb short 7C92CCE2 7C92CC75 61 popad 7C92CC76 74 69 je short 7C92CCE1 7C92CC78 6F outs dx, dword ptr es:[edi] 7C92CC79 6E outs dx, byte ptr es:[edi] 7C92CC7A 005A 77 add [edx+77], bl 7C92CC7D 53 push ebx 7C92CC7E 65:74 53 je short 7C92CCD4 7C92CC81 79 73 jns short 7C92CCF6 7C92CC83 74 65 je short 7C92CCEA 7C92CC85 6D ins dword ptr es:[edi], dx 7C92CC86 50 push eax 7C92CC87 6F outs dx, dword ptr es:[edi] 7C92CC88 77 65 ja short 7C92CCEF 7C92CC8A 72 53 jb short 7C92CCDF 7C92CC8C 74 61 je short 7C92CCEF 7C92CC8E 74 65 je short 7C92CCF5 7C92CC90 005A 77 add [edx+77], bl 7C92CC93 53 push ebx 7C92CC94 65:74 53 je short 7C92CCEA 7C92CC97 79 73 jns short 7C92CD0C 7C92CC99 74 65 je short 7C92CD00 7C92CC9B 6D ins dword ptr es:[edi], dx 7C92CC9C 54 push esp 7C92CC9D 696D 65 005A775>imul ebp, [ebp+65], 53775A00 7C92CCA4 65:74 54 je short 7C92CCFB 7C92CCA7 68 72656164 push 64616572 7C92CCAC 45 inc ebp 7C92CCAD 78 65 js short 7C92CD14 7C92CCAF 6375 74 arpl [ebp+74], si 7C92CCB2 696F 6E 5374617>imul ebp, [edi+6E], 74617453 7C92CCB9 65:005A 77 add gs:[edx+77], bl 7C92CCBD 53 push ebx 7C92CCBE 65:74 54 je short 7C92CD15 7C92CCC1 696D 65 72005A7>imul ebp, [ebp+65], 775A0072 7C92CCC8 53 push ebx 7C92CCC9 65:74 54 je short 7C92CD20 7C92CCCC 696D 65 7252657>imul ebp, [ebp+65], 73655272 7C92CCD3 6F outs dx, dword ptr es:[edi] 7C92CCD4 6C ins byte ptr es:[edi], dx 7C92CCD5 75 74 jnz short 7C92CD4B 7C92CCD7 696F 6E 005A775>imul ebp, [edi+6E], 53775A00 7C92CCDE 65:74 55 je short 7C92CD36 7C92CCE1 75 69 jnz short 7C92CD4C 7C92CCE3 64:53 push ebx 7C92CCE5 65: prefix gs: 7C92CCE6 65: prefix gs: 7C92CCE7 64:005A 77 add fs:[edx+77], bl 7C92CCEB 53 push ebx 7C92CCEC 65:74 56 je short 7C92CD45 7C92CCEF 61 popad 7C92CCF0 6C ins byte ptr es:[edi], dx 7C92CCF1 75 65 jnz short 7C92CD58 7C92CCF3 4B dec ebx 7C92CCF4 65:79 00 jns short 7C92CCF7 7C92CCF7 5A pop edx ; ntdll.7C92E89A 7C92CCF8 77 53 ja short 7C92CD4D 7C92CCFA 65:74 56 je short 7C92CD53 7C92CCFD 6F outs dx, dword ptr es:[edi] 7C92CCFE 6C ins byte ptr es:[edi], dx 7C92CCFF 75 6D jnz short 7C92CD6E 7C92CD01 65:49 dec ecx 7C92CD03 6E outs dx, byte ptr es:[edi] 7C92CD04 66:6F outs dx, word ptr es:[edi] 7C92CD06 72 6D jb short 7C92CD75 7C92CD08 61 popad 7C92CD09 74 69 je short 7C92CD74 7C92CD0B 6F outs dx, dword ptr es:[edi] 7C92CD0C 6E outs dx, byte ptr es:[edi] 7C92CD0D 46 inc esi ; ntdll.ZwTerminateProcess 7C92CD0E 696C65 00 5A775>imul ebp, [ebp], 6853775A 7C92CD16 75 74 jnz short 7C92CD8C 7C92CD18 64:6F outs dx, dword ptr es:[edi] 7C92CD1A 77 6E ja short 7C92CD8A 7C92CD1C 53 push ebx 7C92CD1D 79 73 jns short 7C92CD92 7C92CD1F 74 65 je short 7C92CD86 7C92CD21 6D ins dword ptr es:[edi], dx 7C92CD22 005A 77 add [edx+77], bl 7C92CD25 53 push ebx 7C92CD26 6967 6E 616C416>imul esp, [edi+6E], 6E416C61 7C92CD2D 64:57 push edi 7C92CD2F 61 popad 7C92CD30 697446 6F 72536>imul esi, [esi+eax*2+6F], 6E695372 7C92CD38 67:6C ins byte ptr es:[di], dx 7C92CD3A 65:4F dec edi 7C92CD3C 626A 65 bound ebp, [edx+65] 7C92CD3F 637400 5A arpl [eax+eax+5A], si 7C92CD43 77 53 ja short 7C92CD98 7C92CD45 74 61 je short 7C92CDA8 7C92CD47 72 74 jb short 7C92CDBD 7C92CD49 50 push eax 7C92CD4A 72 6F jb short 7C92CDBB 7C92CD4C 66:696C65 00 5A>imul bp, [ebp], 775A 7C92CD53 53 push ebx 7C92CD54 74 6F je short 7C92CDC5 7C92CD56 70 50 jo short 7C92CDA8 7C92CD58 72 6F jb short 7C92CDC9 7C92CD5A 66:696C65 00 5A>imul bp, [ebp], 775A 7C92CD61 53 push ebx 7C92CD62 75 73 jnz short 7C92CDD7 7C92CD64 70 65 jo short 7C92CDCB 7C92CD66 6E outs dx, byte ptr es:[edi] 7C92CD67 64:50 push eax 7C92CD69 72 6F jb short 7C92CDDA 7C92CD6B 6365 73 arpl [ebp+73], sp 7C92CD6E 73 00 jnb short 7C92CD70 7C92CD70 5A pop edx ; ntdll.7C92E89A 7C92CD71 77 53 ja short 7C92CDC6 7C92CD73 75 73 jnz short 7C92CDE8 7C92CD75 70 65 jo short 7C92CDDC 7C92CD77 6E outs dx, byte ptr es:[edi] 7C92CD78 64:54 push esp 7C92CD7A 68 72656164 push 64616572 7C92CD7F 005A 77 add [edx+77], bl 7C92CD82 53 push ebx 7C92CD83 79 73 jns short 7C92CDF8 7C92CD85 74 65 je short 7C92CDEC 7C92CD87 6D ins dword ptr es:[edi], dx 7C92CD88 44 inc esp 7C92CD89 65:6275 67 bound esi, gs:[ebp+67] 7C92CD8D 43 inc ebx 7C92CD8E 6F outs dx, dword ptr es:[edi] 7C92CD8F 6E outs dx, byte ptr es:[edi] 7C92CD90 74 72 je short 7C92CE04 7C92CD92 6F outs dx, dword ptr es:[edi] 7C92CD93 6C ins byte ptr es:[edi], dx 7C92CD94 005A 77 add [edx+77], bl 7C92CD97 54 push esp 7C92CD98 65:72 6D jb short 7C92CE08 7C92CD9B 696E 61 74654A6>imul ebp, [esi+61], 6F4A6574 7C92CDA2 624F 62 bound ecx, [edi+62] 7C92CDA5 6A 65 push 65 7C92CDA7 637400 5A arpl [eax+eax+5A], si 7C92CDAB 77 54 ja short 7C92CE01 7C92CDAD 65:72 6D jb short 7C92CE1D 7C92CDB0 696E 61 7465507>imul ebp, [esi+61], 72506574 7C92CDB7 6F outs dx, dword ptr es:[edi] 7C92CDB8 6365 73 arpl [ebp+73], sp 7C92CDBB 73 00 jnb short 7C92CDBD 7C92CDBD 5A pop edx ; ntdll.7C92E89A 7C92CDBE 77 54 ja short 7C92CE14 7C92CDC0 65:72 6D jb short 7C92CE30 7C92CDC3 696E 61 7465546>imul ebp, [esi+61], 68546574 7C92CDCA 72 65 jb short 7C92CE31 7C92CDCC 61 popad 7C92CDCD 64:005A 77 add fs:[edx+77], bl 7C92CDD1 54 push esp 7C92CDD2 65:73 74 jnb short 7C92CE49 7C92CDD5 41 inc ecx 7C92CDD6 6C ins byte ptr es:[edi], dx 7C92CDD7 65:72 74 jb short 7C92CE4E 7C92CDDA 005A 77 add [edx+77], bl 7C92CDDD 54 push esp 7C92CDDE 72 61 jb short 7C92CE41 7C92CDE0 6365 45 arpl [ebp+45], sp 7C92CDE3 76 65 jbe short 7C92CE4A 7C92CDE5 6E outs dx, byte ptr es:[edi] 7C92CDE6 74 00 je short 7C92CDE8 7C92CDE8 5A pop edx ; ntdll.7C92E89A 7C92CDE9 77 54 ja short 7C92CE3F 7C92CDEB 72 61 jb short 7C92CE4E 7C92CDED 6E outs dx, byte ptr es:[edi] 7C92CDEE 73 6C jnb short 7C92CE5C 7C92CDF0 61 popad 7C92CDF1 74 65 je short 7C92CE58 7C92CDF3 46 inc esi ; ntdll.ZwTerminateProcess 7C92CDF4 696C65 50 61746>imul ebp, [ebp+50], 687461 ; trscd.00454ACA 7C92CDFC 5A pop edx ; ntdll.7C92E89A 7C92CDFD 77 55 ja short 7C92CE54 7C92CDFF 6E outs dx, byte ptr es:[edi] 7C92CE00 6C ins byte ptr es:[edi], dx 7C92CE01 6F outs dx, dword ptr es:[edi] 7C92CE02 61 popad 7C92CE03 64:44 inc esp 7C92CE05 72 69 jb short 7C92CE70 7C92CE07 76 65 jbe short 7C92CE6E 7C92CE09 72 00 jb short 7C92CE0B 7C92CE0B 5A pop edx ; ntdll.7C92E89A 7C92CE0C 77 55 ja short 7C92CE63 7C92CE0E 6E outs dx, byte ptr es:[edi] 7C92CE0F 6C ins byte ptr es:[edi], dx 7C92CE10 6F outs dx, dword ptr es:[edi] 7C92CE11 61 popad 7C92CE12 64:4B dec ebx 7C92CE14 65:79 00 jns short 7C92CE17 7C92CE17 5A pop edx ; ntdll.7C92E89A 7C92CE18 77 55 ja short 7C92CE6F 7C92CE1A 6E outs dx, byte ptr es:[edi] 7C92CE1B 6C ins byte ptr es:[edi], dx 7C92CE1C 6F outs dx, dword ptr es:[edi] 7C92CE1D 61 popad 7C92CE1E 64:4B dec ebx 7C92CE20 65:79 45 jns short 7C92CE68 7C92CE23 78 00 js short 7C92CE25 7C92CE25 5A pop edx ; ntdll.7C92E89A 7C92CE26 77 55 ja short 7C92CE7D 7C92CE28 6E outs dx, byte ptr es:[edi] 7C92CE29 6C ins byte ptr es:[edi], dx 7C92CE2A 6F outs dx, dword ptr es:[edi] 7C92CE2B 636B 46 arpl [ebx+46], bp 7C92CE2E 696C65 00 5A775>imul ebp, [ebp], 6E55775A 7C92CE36 6C ins byte ptr es:[edi], dx 7C92CE37 6F outs dx, dword ptr es:[edi] 7C92CE38 636B 56 arpl [ebx+56], bp 7C92CE3B 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C92CE42 65:6D ins dword ptr es:[edi], dx 7C92CE44 6F outs dx, dword ptr es:[edi] 7C92CE45 72 79 jb short 7C92CEC0 7C92CE47 005A 77 add [edx+77], bl 7C92CE4A 55 push ebp 7C92CE4B 6E outs dx, byte ptr es:[edi] 7C92CE4C 6D ins dword ptr es:[edi], dx 7C92CE4D 61 popad 7C92CE4E 70 56 jo short 7C92CEA6 7C92CE50 6965 77 4F66536>imul esp, [ebp+77], 6553664F 7C92CE57 637469 6F arpl [ecx+ebp*2+6F], si 7C92CE5B 6E outs dx, byte ptr es:[edi] 7C92CE5C 005A 77 add [edx+77], bl 7C92CE5F 56 push esi ; ntdll.ZwTerminateProcess 7C92CE60 64:6D ins dword ptr es:[edi], dx 7C92CE62 43 inc ebx 7C92CE63 6F outs dx, dword ptr es:[edi] 7C92CE64 6E outs dx, byte ptr es:[edi] 7C92CE65 74 72 je short 7C92CED9 7C92CE67 6F outs dx, dword ptr es:[edi] 7C92CE68 6C ins byte ptr es:[edi], dx 7C92CE69 005A 77 add [edx+77], bl 7C92CE6C 57 push edi 7C92CE6D 61 popad 7C92CE6E 697446 6F 72446>imul esi, [esi+eax*2+6F], 62654472 7C92CE76 75 67 jnz short 7C92CEDF 7C92CE78 45 inc ebp 7C92CE79 76 65 jbe short 7C92CEE0 7C92CE7B 6E outs dx, byte ptr es:[edi] 7C92CE7C 74 00 je short 7C92CE7E 7C92CE7E 5A pop edx ; ntdll.7C92E89A 7C92CE7F 77 57 ja short 7C92CED8 7C92CE81 61 popad 7C92CE82 697446 6F 724B6>imul esi, [esi+eax*2+6F], 79654B72 7C92CE8A 65: prefix gs: 7C92CE8B 64:45 inc ebp 7C92CE8D 76 65 jbe short 7C92CEF4 7C92CE8F 6E outs dx, byte ptr es:[edi] 7C92CE90 74 00 je short 7C92CE92 7C92CE92 5A pop edx ; ntdll.7C92E89A 7C92CE93 77 57 ja short 7C92CEEC 7C92CE95 61 popad 7C92CE96 697446 6F 724D7>imul esi, [esi+eax*2+6F], 6C754D72 7C92CE9E 74 69 je short 7C92CF09 7C92CEA0 70 6C jo short 7C92CF0E 7C92CEA2 65:4F dec edi 7C92CEA4 626A 65 bound ebp, [edx+65] 7C92CEA7 637473 00 arpl [ebx+esi*2], si 7C92CEAB 5A pop edx ; ntdll.7C92E89A 7C92CEAC 77 57 ja short 7C92CF05 7C92CEAE 61 popad 7C92CEAF 697446 6F 72536>imul esi, [esi+eax*2+6F], 6E695372 7C92CEB7 67:6C ins byte ptr es:[di], dx 7C92CEB9 65:4F dec edi 7C92CEBB 626A 65 bound ebp, [edx+65] 7C92CEBE 637400 5A arpl [eax+eax+5A], si 7C92CEC2 77 57 ja short 7C92CF1B 7C92CEC4 61 popad 7C92CEC5 697448 69 67684>imul esi, [eax+ecx*2+69], 76456867 7C92CECD 65:6E outs dx, byte ptr es:[edi] 7C92CECF 74 50 je short 7C92CF21 7C92CED1 61 popad 7C92CED2 6972 00 5A77576>imul esi, [edx], 6157775A ; ntdll.7C99C8E0 7C92CED9 69744C 6F 77457>imul esi, [esp+ecx*2+6F], 65764577 7C92CEE1 6E outs dx, byte ptr es:[edi] 7C92CEE2 74 50 je short 7C92CF34 7C92CEE4 61 popad 7C92CEE5 6972 00 5A77577>imul esi, [edx], 7257775A ; ntdll.7C99C8E0 7C92CEEC 697465 46 696C6>imul esi, [ebp+46], 656C69 7C92CEF4 5A pop edx ; ntdll.7C92E89A 7C92CEF5 77 57 ja short 7C92CF4E 7C92CEF7 72 69 jb short 7C92CF62 7C92CEF9 74 65 je short 7C92CF60 7C92CEFB 46 inc esi ; ntdll.ZwTerminateProcess 7C92CEFC 696C65 47 61746>imul ebp, [ebp+47], 65687461 7C92CF04 72 00 jb short 7C92CF06 7C92CF06 5A pop edx ; ntdll.7C92E89A 7C92CF07 77 57 ja short 7C92CF60 7C92CF09 72 69 jb short 7C92CF74 7C92CF0B 74 65 je short 7C92CF72 7C92CF0D 52 push edx ; msvcrt.77C31AE8 7C92CF0E 65:71 75 jno short 7C92CF86 7C92CF11 65:73 74 jnb short 7C92CF88 7C92CF14 44 inc esp 7C92CF15 61 popad 7C92CF16 74 61 je short 7C92CF79 7C92CF18 005A 77 add [edx+77], bl 7C92CF1B 57 push edi 7C92CF1C 72 69 jb short 7C92CF87 7C92CF1E 74 65 je short 7C92CF85 7C92CF20 56 push esi ; ntdll.ZwTerminateProcess 7C92CF21 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C92CF28 65:6D ins dword ptr es:[edi], dx 7C92CF2A 6F outs dx, dword ptr es:[edi] 7C92CF2B 72 79 jb short 7C92CFA6 7C92CF2D 005A 77 add [edx+77], bl 7C92CF30 59 pop ecx ; ntdll.7C92E89A 7C92CF31 6965 6C 6445786>imul esp, [ebp+6C], 65784564 7C92CF38 6375 74 arpl [ebp+74], si 7C92CF3B 696F 6E 005F434>imul ebp, [edi+6E], 49435F00 7C92CF42 636F 73 arpl [edi+73], bp 7C92CF45 005F 43 add [edi+43], bl 7C92CF48 49 dec ecx 7C92CF49 6C ins byte ptr es:[edi], dx 7C92CF4A 6F outs dx, dword ptr es:[edi] 7C92CF4B 67:005F 43 add [bx+43], bl 7C92CF4F 49 dec ecx 7C92CF50 70 6F jo short 7C92CFC1 7C92CF52 77 00 ja short 7C92CF54 7C92CF54 5F pop edi ; ntdll.7C92E89A 7C92CF55 43 inc ebx 7C92CF56 49 dec ecx 7C92CF57 73 69 jnb short 7C92CFC2 7C92CF59 6E outs dx, byte ptr es:[edi] 7C92CF5A 005F 43 add [edi+43], bl 7C92CF5D 49 dec ecx 7C92CF5E 73 71 jnb short 7C92CFD1 7C92CF60 72 74 jb short 7C92CFD6 7C92CF62 005F 5F add [edi+5F], bl 7C92CF65 6973 61 7363696>imul esi, [ebx+61], 69696373 7C92CF6C 005F 5F add [edi+5F], bl 7C92CF6F 6973 63 73796D0>imul esi, [ebx+63], 6D7973 7C92CF76 5F pop edi ; ntdll.7C92E89A 7C92CF77 5F pop edi ; ntdll.7C92E89A 7C92CF78 6973 63 73796D6>imul esi, [ebx+63], 666D7973 7C92CF7F 005F 5F add [edi+5F], bl 7C92CF82 74 6F je short 7C92CFF3 7C92CF84 61 popad 7C92CF85 73 63 jnb short 7C92CFEA 7C92CF87 6969 00 5F616C6>imul ebp, [ecx], 6C6C615F 7C92CF8E 64:6976 00 5F61>imul esi, fs:[esi], 6C6C615F 7C92CF96 64:76 72 jbe short 7C92D00B 7C92CF99 6D ins dword ptr es:[edi], dx 7C92CF9A 005F 61 add [edi+61], bl 7C92CF9D 6C ins byte ptr es:[edi], dx 7C92CF9E 6C ins byte ptr es:[edi], dx 7C92CF9F 6D ins dword ptr es:[edi], dx 7C92CFA0 75 6C jnz short 7C92D00E 7C92CFA2 005F 61 add [edi+61], bl 7C92CFA5 6C ins byte ptr es:[edi], dx 7C92CFA6 6C ins byte ptr es:[edi], dx 7C92CFA7 6F outs dx, dword ptr es:[edi] 7C92CFA8 6361 5F arpl [ecx+5F], sp 7C92CFAB 70 72 jo short 7C92D01F 7C92CFAD 6F outs dx, dword ptr es:[edi] 7C92CFAE 6265 00 bound esp, [ebp] 7C92CFB1 5F pop edi ; ntdll.7C92E89A 7C92CFB2 61 popad 7C92CFB3 6C ins byte ptr es:[edi], dx 7C92CFB4 6C ins byte ptr es:[edi], dx 7C92CFB5 72 65 jb short 7C92D01C 7C92CFB7 6D ins dword ptr es:[edi], dx 7C92CFB8 005F 61 add [edi+61], bl 7C92CFBB 6C ins byte ptr es:[edi], dx 7C92CFBC 6C ins byte ptr es:[edi], dx 7C92CFBD 73 68 jnb short 7C92D027 7C92CFBF 6C ins byte ptr es:[edi], dx 7C92CFC0 005F 61 add [edi+61], bl 7C92CFC3 6C ins byte ptr es:[edi], dx 7C92CFC4 6C ins byte ptr es:[edi], dx 7C92CFC5 73 68 jnb short 7C92D02F 7C92CFC7 72 00 jb short 7C92CFC9 7C92CFC9 5F pop edi ; ntdll.7C92E89A 7C92CFCA 61 popad 7C92CFCB 74 6F je short 7C92D03C 7C92CFCD 6936 34005F61 imul esi, [esi], 615F0034 7C92CFD3 75 6C jnz short 7C92D041 7C92CFD5 6C ins byte ptr es:[edi], dx 7C92CFD6 64:6976 00 5F61>imul esi, fs:[esi], 6C75615F 7C92CFDE 6C ins byte ptr es:[edi], dx 7C92CFDF 64:76 72 jbe short 7C92D054 7C92CFE2 6D ins dword ptr es:[edi], dx 7C92CFE3 005F 61 add [edi+61], bl 7C92CFE6 75 6C jnz short 7C92D054 7C92CFE8 6C ins byte ptr es:[edi], dx 7C92CFE9 72 65 jb short 7C92D050 7C92CFEB 6D ins dword ptr es:[edi], dx 7C92CFEC 005F 61 add [edi+61], bl 7C92CFEF 75 6C jnz short 7C92D05D 7C92CFF1 6C ins byte ptr es:[edi], dx 7C92CFF2 73 68 jnb short 7C92D05C 7C92CFF4 72 00 jb short 7C92CFF6 7C92CFF6 5F pop edi ; ntdll.7C92E89A 7C92CFF7 6368 6B arpl [eax+6B], bp 7C92CFFA 73 74 jnb short 7C92D070 7C92CFFC 6B00 5F imul eax, [eax], 5F 7C92CFFF 66:6C ins byte ptr es:[edi], dx 7C92D001 74 75 je short 7C92D078 7C92D003 73 65 jnb short 7C92D06A 7C92D005 64:005F 66 add fs:[edi+66], bl 7C92D009 74 6F je short 7C92D07A 7C92D00B 6C ins byte ptr es:[edi], dx 7C92D00C 005F 69 add [edi+69], bl 7C92D00F 36:34 74 xor al, 74 7C92D012 6F outs dx, dword ptr es:[edi] 7C92D013 61 popad 7C92D014 005F 69 add [edi+69], bl 7C92D017 36:34 74 xor al, 74 7C92D01A 6F outs dx, dword ptr es:[edi] 7C92D01B 77 00 ja short 7C92D01D 7C92D01D 5F pop edi ; ntdll.7C92E89A 7C92D01E 69746F 61 005F6>imul esi, [edi+ebp*2+61], 74695F00 7C92D026 6F outs dx, dword ptr es:[edi] 7C92D027 77 00 ja short 7C92D029 7C92D029 5F pop edi ; ntdll.7C92E89A 7C92D02A 6C ins byte ptr es:[edi], dx 7C92D02B 66:696E 64 005F imul bp, [esi+64], 5F00 7C92D031 6C ins byte ptr es:[edi], dx 7C92D032 74 6F je short 7C92D0A3 7C92D034 61 popad 7C92D035 005F 6C add [edi+6C], bl 7C92D038 74 6F je short 7C92D0A9 7C92D03A 77 00 ja short 7C92D03C 7C92D03C 5F pop edi ; ntdll.7C92E89A 7C92D03D 6D ins dword ptr es:[edi], dx 7C92D03E 65:6D ins dword ptr es:[edi], dx 7C92D040 6363 70 arpl [ebx+70], sp 7C92D043 79 00 jns short 7C92D045 7C92D045 5F pop edi ; ntdll.7C92E89A 7C92D046 6D ins dword ptr es:[edi], dx 7C92D047 65:6D ins dword ptr es:[edi], dx 7C92D049 6963 6D 70005F7>imul esp, [ebx+6D], 735F0070 7C92D050 6E outs dx, byte ptr es:[edi] 7C92D051 70 72 jo short 7C92D0C5 7C92D053 696E 74 66005F7>imul ebp, [esi+74], 735F0066 7C92D05A 6E outs dx, byte ptr es:[edi] 7C92D05B 77 70 ja short 7C92D0CD 7C92D05D 72 69 jb short 7C92D0C8 7C92D05F 6E outs dx, byte ptr es:[edi] 7C92D060 74 66 je short 7C92D0C8 7C92D062 005F 73 add [edi+73], bl 7C92D065 70 6C jo short 7C92D0D3 7C92D067 697470 61 74680>imul esi, [eax+esi*2+61], 5F006874 7C92D06F 73 74 jnb short 7C92D0E5 7C92D071 72 63 jb short 7C92D0D6 7C92D073 6D ins dword ptr es:[edi], dx 7C92D074 70 69 jo short 7C92D0DF 7C92D076 005F 73 add [edi+73], bl 7C92D079 74 72 je short 7C92D0ED 7C92D07B 6963 6D 70005F7>imul esp, [ebx+6D], 735F0070 7C92D082 74 72 je short 7C92D0F6 7C92D084 6C ins byte ptr es:[edi], dx 7C92D085 77 72 ja short 7C92D0F9 7C92D087 005F 73 add [edi+73], bl 7C92D08A 74 72 je short 7C92D0FE 7C92D08C 6E outs dx, byte ptr es:[edi] 7C92D08D 6963 6D 70005F7>imul esp, [ebx+6D], 735F0070 7C92D094 74 72 je short 7C92D108 7C92D096 75 70 jnz short 7C92D108 7C92D098 72 00 jb short 7C92D09A 7C92D09A 5F pop edi ; ntdll.7C92E89A 7C92D09B 74 6F je short 7C92D10C 7C92D09D 6C ins byte ptr es:[edi], dx 7C92D09E 6F outs dx, dword ptr es:[edi] 7C92D09F 77 65 ja short 7C92D106 7C92D0A1 72 00 jb short 7C92D0A3 7C92D0A3 5F pop edi ; ntdll.7C92E89A 7C92D0A4 74 6F je short 7C92D115 7C92D0A6 75 70 jnz short 7C92D118 7C92D0A8 70 65 jo short 7C92D10F 7C92D0AA 72 00 jb short 7C92D0AC 7C92D0AC 5F pop edi ; ntdll.7C92E89A 7C92D0AD 75 69 jnz short 7C92D118 7C92D0AF 36:34 74 xor al, 74 7C92D0B2 6F outs dx, dword ptr es:[edi] 7C92D0B3 61 popad 7C92D0B4 005F 75 add [edi+75], bl 7C92D0B7 6936 34746F77 imul esi, [esi], 776F7434 7C92D0BD 005F 75 add [edi+75], bl 7C92D0C0 6C ins byte ptr es:[edi], dx 7C92D0C1 74 6F je short 7C92D132 7C92D0C3 61 popad 7C92D0C4 005F 75 add [edi+75], bl 7C92D0C7 6C ins byte ptr es:[edi], dx 7C92D0C8 74 6F je short 7C92D139 7C92D0CA 77 00 ja short 7C92D0CC 7C92D0CC 5F pop edi ; ntdll.7C92E89A 7C92D0CD 76 73 jbe short 7C92D142 7C92D0CF 6E outs dx, byte ptr es:[edi] 7C92D0D0 70 72 jo short 7C92D144 7C92D0D2 696E 74 66005F7>imul ebp, [esi+74], 765F0066 7C92D0D9 73 6E jnb short 7C92D149 7C92D0DB 77 70 ja short 7C92D14D 7C92D0DD 72 69 jb short 7C92D148 7C92D0DF 6E outs dx, byte ptr es:[edi] 7C92D0E0 74 66 je short 7C92D148 7C92D0E2 005F 77 add [edi+77], bl 7C92D0E5 6373 69 arpl [ebx+69], si 7C92D0E8 636D 70 arpl [ebp+70], bp 7C92D0EB 005F 77 add [edi+77], bl 7C92D0EE 6373 6C arpl [ebx+6C], si 7C92D0F1 77 72 ja short 7C92D165 7C92D0F3 005F 77 add [edi+77], bl 7C92D0F6 6373 6E arpl [ebx+6E], si 7C92D0F9 6963 6D 70005F7>imul esp, [ebx+6D], 775F0070 7C92D100 6373 75 arpl [ebx+75], si 7C92D103 70 72 jo short 7C92D177 7C92D105 005F 77 add [edi+77], bl 7C92D108 74 6F je short 7C92D179 7C92D10A 6900 5F77746F imul eax, [eax], 6F74775F 7C92D110 6936 34005F77 imul esi, [esi], 775F0034 7C92D116 74 6F je short 7C92D187 7C92D118 6C ins byte ptr es:[edi], dx 7C92D119 0061 62 add [ecx+62], ah 7C92D11C 73 00 jnb short 7C92D11E 7C92D11E 61 popad 7C92D11F 74 61 je short 7C92D182 7C92D121 6E outs dx, byte ptr es:[edi] 7C92D122 0061 74 add [ecx+74], ah 7C92D125 6F outs dx, dword ptr es:[edi] 7C92D126 6900 61746F6C imul eax, [eax], 6C6F7461 7C92D12C 0062 73 add [edx+73], ah 7C92D12F 65:61 popad 7C92D131 72 63 jb short 7C92D196 7C92D133 68 00636569 push 69656300 7C92D138 6C ins byte ptr es:[edi], dx 7C92D139 0063 6F add [ebx+6F], ah 7C92D13C 73 00 jnb short 7C92D13E 7C92D13E 66:61 popaw 7C92D140 6273 00 bound esi, [ebx] 7C92D143 66:6C ins byte ptr es:[edi], dx 7C92D145 6F outs dx, dword ptr es:[edi] 7C92D146 6F outs dx, dword ptr es:[edi] 7C92D147 72 00 jb short 7C92D149 7C92D149 6973 61 6C6E756>imul esi, [ebx+61], 6D756E6C 7C92D150 0069 73 add [ecx+73], ch 7C92D153 61 popad 7C92D154 6C ins byte ptr es:[edi], dx 7C92D155 70 68 jo short 7C92D1BF 7C92D157 61 popad 7C92D158 0069 73 add [ecx+73], ch 7C92D15B 636E 74 arpl [esi+74], bp 7C92D15E 72 6C jb short 7C92D1CC 7C92D160 0069 73 add [ecx+73], ch 7C92D163 64:6967 69 7400>imul esp, fs:[edi+69], 73690074 7C92D16B 67:72 61 jb short 7C92D1CF 7C92D16E 70 68 jo short 7C92D1D8 7C92D170 0069 73 add [ecx+73], ch 7C92D173 6C ins byte ptr es:[edi], dx 7C92D174 6F outs dx, dword ptr es:[edi] 7C92D175 77 65 ja short 7C92D1DC 7C92D177 72 00 jb short 7C92D179 7C92D179 6973 70 72696E7>imul esi, [ebx+70], 746E6972 7C92D180 0069 73 add [ecx+73], ch 7C92D183 70 75 jo short 7C92D1FA 7C92D185 6E outs dx, byte ptr es:[edi] 7C92D186 637400 69 arpl [eax+eax+69], si 7C92D18A 73 73 jnb short 7C92D1FF 7C92D18C 70 61 jo short 7C92D1EF 7C92D18E 6365 00 arpl [ebp], sp 7C92D191 6973 75 7070657>imul esi, [ebx+75], 72657070 7C92D198 0069 73 add [ecx+73], ch 7C92D19B 77 61 ja short 7C92D1FE 7C92D19D 6C ins byte ptr es:[edi], dx 7C92D19E 70 68 jo short 7C92D208 7C92D1A0 61 popad 7C92D1A1 0069 73 add [ecx+73], ch 7C92D1A4 77 63 ja short 7C92D209 7C92D1A6 74 79 je short 7C92D221 7C92D1A8 70 65 jo short 7C92D20F 7C92D1AA 0069 73 add [ecx+73], ch 7C92D1AD 77 64 ja short 7C92D213 7C92D1AF 6967 69 7400697>imul esp, [edi+69], 73690074 7C92D1B6 77 6C ja short 7C92D224 7C92D1B8 6F outs dx, dword ptr es:[edi] 7C92D1B9 77 65 ja short 7C92D220 7C92D1BB 72 00 jb short 7C92D1BD 7C92D1BD 6973 77 7370616>imul esi, [ebx+77], 63617073 7C92D1C4 65:0069 73 add gs:[ecx+73], ch 7C92D1C8 77 78 ja short 7C92D242 7C92D1CA 64:6967 69 7400>imul esp, fs:[edi+69], 73690074 7C92D1D2 78 64 js short 7C92D238 7C92D1D4 6967 69 74006C6>imul esp, [edi+69], 616C0074 7C92D1DB 6273 00 bound esi, [ebx] 7C92D1DE 6C ins byte ptr es:[edi], dx 7C92D1DF 6F outs dx, dword ptr es:[edi] 7C92D1E0 67:006D 62 add [di+62], ch 7C92D1E4 73 74 jnb short 7C92D25A 7C92D1E6 6F outs dx, dword ptr es:[edi] 7C92D1E7 77 63 ja short 7C92D24C 7C92D1E9 73 00 jnb short 7C92D1EB 7C92D1EB 6D ins dword ptr es:[edi], dx 7C92D1EC 65:6D ins dword ptr es:[edi], dx 7C92D1EE 6368 72 arpl [eax+72], bp 7C92D1F1 006D 65 add [ebp+65], ch 7C92D1F4 6D ins dword ptr es:[edi], dx 7C92D1F5 636D 70 arpl [ebp+70], bp 7C92D1F8 006D 65 add [ebp+65], ch 7C92D1FB 6D ins dword ptr es:[edi], dx 7C92D1FC 6370 79 arpl [eax+79], si 7C92D1FF 006D 65 add [ebp+65], ch 7C92D202 6D ins dword ptr es:[edi], dx 7C92D203 6D ins dword ptr es:[edi], dx 7C92D204 6F outs dx, dword ptr es:[edi] 7C92D205 76 65 jbe short 7C92D26C 7C92D207 006D 65 add [ebp+65], ch 7C92D20A 6D ins dword ptr es:[edi], dx 7C92D20B 73 65 jnb short 7C92D272 7C92D20D 74 00 je short 7C92D20F 7C92D20F 70 6F jo short 7C92D280 7C92D211 77 00 ja short 7C92D213 7C92D213 71 73 jno short 7C92D288 7C92D215 6F outs dx, dword ptr es:[edi] 7C92D216 72 74 jb short 7C92D28C 7C92D218 0073 69 add [ebx+69], dh 7C92D21B 6E outs dx, byte ptr es:[edi] 7C92D21C 0073 70 add [ebx+70], dh 7C92D21F 72 69 jb short 7C92D28A 7C92D221 6E outs dx, byte ptr es:[edi] 7C92D222 74 66 je short 7C92D28A 7C92D224 0073 71 add [ebx+71], dh 7C92D227 72 74 jb short 7C92D29D 7C92D229 0073 73 add [ebx+73], dh 7C92D22C 6361 6E arpl [ecx+6E], sp 7C92D22F 66:0073 74 add [ebx+74], dh 7C92D233 72 63 jb short 7C92D298 7C92D235 61 popad 7C92D236 74 00 je short 7C92D238 7C92D238 73 74 jnb short 7C92D2AE 7C92D23A 72 63 jb short 7C92D29F 7C92D23C 68 72007374 push 74730072 7C92D241 72 63 jb short 7C92D2A6 7C92D243 6D ins dword ptr es:[edi], dx 7C92D244 70 00 jo short 7C92D246 7C92D246 73 74 jnb short 7C92D2BC 7C92D248 72 63 jb short 7C92D2AD 7C92D24A 70 79 jo short 7C92D2C5 7C92D24C 0073 74 add [ebx+74], dh 7C92D24F 72 63 jb short 7C92D2B4 7C92D251 73 70 jnb short 7C92D2C3 7C92D253 6E outs dx, byte ptr es:[edi] 7C92D254 0073 74 add [ebx+74], dh 7C92D257 72 6C jb short 7C92D2C5 7C92D259 65:6E outs dx, byte ptr es:[edi] 7C92D25B 0073 74 add [ebx+74], dh 7C92D25E 72 6E jb short 7C92D2CE 7C92D260 6361 74 arpl [ecx+74], sp 7C92D263 0073 74 add [ebx+74], dh 7C92D266 72 6E jb short 7C92D2D6 7C92D268 636D 70 arpl [ebp+70], bp 7C92D26B 0073 74 add [ebx+74], dh 7C92D26E 72 6E jb short 7C92D2DE 7C92D270 6370 79 arpl [eax+79], si 7C92D273 0073 74 add [ebx+74], dh 7C92D276 72 70 jb short 7C92D2E8 7C92D278 6272 6B bound esi, [edx+6B] 7C92D27B 0073 74 add [ebx+74], dh 7C92D27E 72 72 jb short 7C92D2F2 7C92D280 6368 72 arpl [eax+72], bp 7C92D283 0073 74 add [ebx+74], dh 7C92D286 72 73 jb short 7C92D2FB 7C92D288 70 6E jo short 7C92D2F8 7C92D28A 0073 74 add [ebx+74], dh 7C92D28D 72 73 jb short 7C92D302 7C92D28F 74 72 je short 7C92D303 7C92D291 0073 74 add [ebx+74], dh 7C92D294 72 74 jb short 7C92D30A 7C92D296 6F outs dx, dword ptr es:[edi] 7C92D297 6C ins byte ptr es:[edi], dx 7C92D298 0073 74 add [ebx+74], dh 7C92D29B 72 74 jb short 7C92D311 7C92D29D 6F outs dx, dword ptr es:[edi] 7C92D29E 75 6C jnz short 7C92D30C 7C92D2A0 0073 77 add [ebx+77], dh 7C92D2A3 70 72 jo short 7C92D317 7C92D2A5 696E 74 6600746>imul ebp, [esi+74], 61740066 7C92D2AC 6E outs dx, byte ptr es:[edi] 7C92D2AD 00746F 6C add [edi+ebp*2+6C], dh 7C92D2B1 6F outs dx, dword ptr es:[edi] 7C92D2B2 77 65 ja short 7C92D319 7C92D2B4 72 00 jb short 7C92D2B6 7C92D2B6 74 6F je short 7C92D327 7C92D2B8 75 70 jnz short 7C92D32A 7C92D2BA 70 65 jo short 7C92D321 7C92D2BC 72 00 jb short 7C92D2BE 7C92D2BE 74 6F je short 7C92D32F 7C92D2C0 77 6C ja short 7C92D32E 7C92D2C2 6F outs dx, dword ptr es:[edi] 7C92D2C3 77 65 ja short 7C92D32A 7C92D2C5 72 00 jb short 7C92D2C7 7C92D2C7 74 6F je short 7C92D338 7C92D2C9 77 75 ja short 7C92D340 7C92D2CB 70 70 jo short 7C92D33D 7C92D2CD 65:72 00 jb short 7C92D2D0 7C92D2D0 76 44 jbe short 7C92D316 7C92D2D2 6267 50 bound esp, [edi+50] 7C92D2D5 72 69 jb short 7C92D340 7C92D2D7 6E outs dx, byte ptr es:[edi] 7C92D2D8 74 45 je short 7C92D31F 7C92D2DA 78 00 js short 7C92D2DC 7C92D2DC 76 44 jbe short 7C92D322 7C92D2DE 6267 50 bound esp, [edi+50] 7C92D2E1 72 69 jb short 7C92D34C 7C92D2E3 6E outs dx, byte ptr es:[edi] 7C92D2E4 74 45 je short 7C92D32B 7C92D2E6 78 57 js short 7C92D33F 7C92D2E8 697468 50 72656>imul esi, [eax+ebp*2+50], 69666572 7C92D2F0 78 00 js short 7C92D2F2 7C92D2F2 76 73 jbe short 7C92D367 7C92D2F4 70 72 jo short 7C92D368 7C92D2F6 696E 74 6600776>imul ebp, [esi+74], 63770066 7C92D2FD 73 63 jnb short 7C92D362 7C92D2FF 61 popad 7C92D300 74 00 je short 7C92D302 7C92D302 77 63 ja short 7C92D367 7C92D304 73 63 jnb short 7C92D369 7C92D306 68 72007763 push 63770072 7C92D30B 73 63 jnb short 7C92D370 7C92D30D 6D ins dword ptr es:[edi], dx 7C92D30E 70 00 jo short 7C92D310 7C92D310 77 63 ja short 7C92D375 7C92D312 73 63 jnb short 7C92D377 7C92D314 70 79 jo short 7C92D38F 7C92D316 0077 63 add [edi+63], dh 7C92D319 73 63 jnb short 7C92D37E 7C92D31B 73 70 jnb short 7C92D38D 7C92D31D 6E outs dx, byte ptr es:[edi] 7C92D31E 0077 63 add [edi+63], dh 7C92D321 73 6C jnb short 7C92D38F 7C92D323 65:6E outs dx, byte ptr es:[edi] 7C92D325 0077 63 add [edi+63], dh 7C92D328 73 6E jnb short 7C92D398 7C92D32A 6361 74 arpl [ecx+74], sp 7C92D32D 0077 63 add [edi+63], dh 7C92D330 73 6E jnb short 7C92D3A0 7C92D332 636D 70 arpl [ebp+70], bp 7C92D335 0077 63 add [edi+63], dh 7C92D338 73 6E jnb short 7C92D3A8 7C92D33A 6370 79 arpl [eax+79], si 7C92D33D 0077 63 add [edi+63], dh 7C92D340 73 70 jnb short 7C92D3B2 7C92D342 6272 6B bound esi, [edx+6B] 7C92D345 0077 63 add [edi+63], dh 7C92D348 73 72 jnb short 7C92D3BC 7C92D34A 6368 72 arpl [eax+72], bp 7C92D34D 0077 63 add [edi+63], dh 7C92D350 73 73 jnb short 7C92D3C5 7C92D352 70 6E jo short 7C92D3C2 7C92D354 0077 63 add [edi+63], dh 7C92D357 73 73 jnb short 7C92D3CC 7C92D359 74 72 je short ZwAccessCheckByTypeAndAudi> 7C92D35B 0077 63 add [edi+63], dh 7C92D35E 73 74 jnb short 7C92D3D4 7C92D360 6F outs dx, dword ptr es:[edi] 7C92D361 6C ins byte ptr es:[edi], dx 7C92D362 0077 63 add [edi+63], dh 7C92D365 73 74 jnb short 7C92D3DB 7C92D367 6F outs dx, dword ptr es:[edi] 7C92D368 6D ins dword ptr es:[edi], dx 7C92D369 6273 00 bound esi, [ebx] 7C92D36C 77 63 ja short 7C92D3D1 7C92D36E 73 74 jnb short 7C92D3E4 7C92D370 6F outs dx, dword ptr es:[edi] 7C92D371 75 6C jnz short 7C92D3DF 7C92D373 0090 90909090 add [eax+90909090], dl 7C92D379 > B8 00000000 mov eax, 0 7C92D37E BA 0003FE7F mov edx, 7FFE0300 7C92D383 FF12 call [edx] ; ntdll.7C99C8E0 7C92D385 C2 1800 retn 18 7C92D388 90 nop 7C92D389 90 nop 7C92D38A 90 nop 7C92D38B 90 nop 7C92D38C 90 nop 7C92D38D 90 nop 7C92D38E > B8 01000000 mov eax, 1 7C92D393 BA 0003FE7F mov edx, 7FFE0300 7C92D398 FF12 call [edx] ; ntdll.7C99C8E0 7C92D39A C2 2000 retn 20 7C92D39D 90 nop 7C92D39E 90 nop 7C92D39F 90 nop 7C92D3A0 90 nop 7C92D3A1 90 nop 7C92D3A2 90 nop 7C92D3A3 > B8 02000000 mov eax, 2 7C92D3A8 BA 0003FE7F mov edx, 7FFE0300 7C92D3AD FF12 call [edx] ; ntdll.7C99C8E0 7C92D3AF C2 2C00 retn 2C 7C92D3B2 90 nop 7C92D3B3 90 nop 7C92D3B4 90 nop 7C92D3B5 90 nop 7C92D3B6 90 nop 7C92D3B7 90 nop 7C92D3B8 > B8 03000000 mov eax, 3 7C92D3BD BA 0003FE7F mov edx, 7FFE0300 7C92D3C2 FF12 call [edx] ; ntdll.7C99C8E0 7C92D3C4 C2 2C00 retn 2C 7C92D3C7 90 nop 7C92D3C8 90 nop 7C92D3C9 90 nop 7C92D3CA 90 nop 7C92D3CB 90 nop 7C92D3CC 90 nop 7C92D3CD > B8 04000000 mov eax, 4 7C92D3D2 BA 0003FE7F mov edx, 7FFE0300 7C92D3D7 FF12 call [edx] ; ntdll.7C99C8E0 7C92D3D9 C2 4000 retn 40 7C92D3DC 90 nop 7C92D3DD 90 nop 7C92D3DE 90 nop 7C92D3DF 90 nop 7C92D3E0 90 nop 7C92D3E1 90 nop 7C92D3E2 > B8 05000000 mov eax, 5 7C92D3E7 BA 0003FE7F mov edx, 7FFE0300 7C92D3EC FF12 call [edx] ; ntdll.7C99C8E0 7C92D3EE C2 2C00 retn 2C 7C92D3F1 90 nop 7C92D3F2 90 nop 7C92D3F3 90 nop 7C92D3F4 90 nop 7C92D3F5 90 nop 7C92D3F6 90 nop 7C92D3F7 > B8 06000000 mov eax, 6 7C92D3FC BA 0003FE7F mov edx, 7FFE0300 7C92D401 FF12 call [edx] ; ntdll.7C99C8E0 7C92D403 C2 4000 retn 40 7C92D406 90 nop 7C92D407 90 nop 7C92D408 90 nop 7C92D409 90 nop 7C92D40A 90 nop 7C92D40B 90 nop 7C92D40C > B8 07000000 mov eax, 7 7C92D411 BA 0003FE7F mov edx, 7FFE0300 7C92D416 FF12 call [edx] ; ntdll.7C99C8E0 7C92D418 C2 4400 retn 44 7C92D41B 90 nop 7C92D41C 90 nop 7C92D41D 90 nop 7C92D41E 90 nop 7C92D41F 90 nop 7C92D420 90 nop 7C92D421 > B8 08000000 mov eax, 8 7C92D426 BA 0003FE7F mov edx, 7FFE0300 7C92D42B FF12 call [edx] ; ntdll.7C99C8E0 7C92D42D C2 0C00 retn 0C 7C92D430 90 nop 7C92D431 90 nop 7C92D432 90 nop 7C92D433 90 nop 7C92D434 90 nop 7C92D435 90 nop 7C92D436 > B8 09000000 mov eax, 9 7C92D43B BA 0003FE7F mov edx, 7FFE0300 7C92D440 FF12 call [edx] ; ntdll.7C99C8E0 7C92D442 C2 0800 retn 8 7C92D445 90 nop 7C92D446 90 nop 7C92D447 90 nop 7C92D448 90 nop 7C92D449 90 nop 7C92D44A 90 nop 7C92D44B > B8 0A000000 mov eax, 0A 7C92D450 BA 0003FE7F mov edx, 7FFE0300 7C92D455 FF12 call [edx] ; ntdll.7C99C8E0 7C92D457 C2 1800 retn 18 7C92D45A 90 nop 7C92D45B 90 nop 7C92D45C 90 nop 7C92D45D 90 nop 7C92D45E 90 nop 7C92D45F 90 nop 7C92D460 > B8 0B000000 mov eax, 0B 7C92D465 BA 0003FE7F mov edx, 7FFE0300 7C92D46A FF12 call [edx] ; ntdll.7C99C8E0 7C92D46C C2 1800 retn 18 7C92D46F 90 nop 7C92D470 90 nop 7C92D471 90 nop 7C92D472 90 nop 7C92D473 90 nop 7C92D474 90 nop 7C92D475 > B8 0C000000 mov eax, 0C 7C92D47A BA 0003FE7F mov edx, 7FFE0300 7C92D47F FF12 call [edx] ; ntdll.7C99C8E0 7C92D481 C2 0800 retn 8 7C92D484 90 nop 7C92D485 90 nop 7C92D486 90 nop 7C92D487 90 nop 7C92D488 90 nop 7C92D489 90 nop 7C92D48A > B8 0D000000 mov eax, 0D 7C92D48F BA 0003FE7F mov edx, 7FFE0300 7C92D494 FF12 call [edx] ; ntdll.7C99C8E0 7C92D496 C2 0400 retn 4 7C92D499 90 nop 7C92D49A 90 nop 7C92D49B 90 nop 7C92D49C 90 nop 7C92D49D 90 nop 7C92D49E 90 nop 7C92D49F > B8 0E000000 mov eax, 0E 7C92D4A4 BA 0003FE7F mov edx, 7FFE0300 7C92D4A9 FF12 call [edx] ; ntdll.7C99C8E0 7C92D4AB C2 0400 retn 4 7C92D4AE 90 nop 7C92D4AF 90 nop 7C92D4B0 90 nop 7C92D4B1 90 nop 7C92D4B2 90 nop 7C92D4B3 90 nop 7C92D4B4 > B8 0F000000 mov eax, 0F 7C92D4B9 BA 0003FE7F mov edx, 7FFE0300 7C92D4BE FF12 call [edx] ; ntdll.7C99C8E0 7C92D4C0 C2 0C00 retn 0C 7C92D4C3 90 nop 7C92D4C4 90 nop 7C92D4C5 90 nop 7C92D4C6 90 nop 7C92D4C7 90 nop 7C92D4C8 90 nop 7C92D4C9 > B8 10000000 mov eax, 10 7C92D4CE BA 0003FE7F mov edx, 7FFE0300 7C92D4D3 FF12 call [edx] ; ntdll.7C99C8E0 7C92D4D5 C2 1000 retn 10 7C92D4D8 90 nop 7C92D4D9 90 nop 7C92D4DA 90 nop 7C92D4DB 90 nop 7C92D4DC 90 nop 7C92D4DD 90 nop 7C92D4DE > B8 11000000 mov eax, 11 7C92D4E3 BA 0003FE7F mov edx, 7FFE0300 7C92D4E8 FF12 call [edx] ; ntdll.7C99C8E0 7C92D4EA C2 1800 retn 18 7C92D4ED 90 nop 7C92D4EE 90 nop 7C92D4EF 90 nop 7C92D4F0 90 nop 7C92D4F1 90 nop 7C92D4F2 90 nop 7C92D4F3 > B8 12000000 mov eax, 12 7C92D4F8 BA 0003FE7F mov edx, 7FFE0300 7C92D4FD FF12 call [edx] ; ntdll.7C99C8E0 7C92D4FF C2 0800 retn 8 7C92D502 90 nop 7C92D503 90 nop 7C92D504 90 nop 7C92D505 90 nop 7C92D506 90 nop 7C92D507 90 nop 7C92D508 > B8 13000000 mov eax, 13 7C92D50D BA 0003FE7F mov edx, 7FFE0300 7C92D512 FF12 call [edx] ; ntdll.7C99C8E0 7C92D514 C2 0800 retn 8 7C92D517 90 nop 7C92D518 90 nop 7C92D519 90 nop 7C92D51A 90 nop 7C92D51B 90 nop 7C92D51C 90 nop 7C92D51D > B8 14000000 mov eax, 14 7C92D522 BA 0003FE7F mov edx, 7FFE0300 7C92D527 FF12 call [edx] ; ntdll.7C99C8E0 7C92D529 C2 0C00 retn 0C 7C92D52C 90 nop 7C92D52D 90 nop 7C92D52E 90 nop 7C92D52F 90 nop 7C92D530 90 nop 7C92D531 90 nop 7C92D532 > B8 15000000 mov eax, 15 7C92D537 BA 0003FE7F mov edx, 7FFE0300 7C92D53C FF12 call [edx] ; ntdll.7C99C8E0 7C92D53E C2 0400 retn 4 7C92D541 90 nop 7C92D542 90 nop 7C92D543 90 nop 7C92D544 90 nop 7C92D545 90 nop 7C92D546 90 nop 7C92D547 > B8 16000000 mov eax, 16 7C92D54C BA 0003FE7F mov edx, 7FFE0300 7C92D551 FF12 call [edx] ; ntdll.7C99C8E0 7C92D553 C2 0800 retn 8 7C92D556 90 nop 7C92D557 90 nop 7C92D558 90 nop 7C92D559 90 nop 7C92D55A 90 nop 7C92D55B 90 nop 7C92D55C > B8 17000000 mov eax, 17 7C92D561 BA 0003FE7F mov edx, 7FFE0300 7C92D566 FF12 call [edx] ; ntdll.7C99C8E0 7C92D568 C2 0800 retn 8 7C92D56B 90 nop 7C92D56C 90 nop 7C92D56D 90 nop 7C92D56E 90 nop 7C92D56F 90 nop 7C92D570 90 nop 7C92D571 > B8 18000000 mov eax, 18 7C92D576 BA 0003FE7F mov edx, 7FFE0300 7C92D57B FF12 call [edx] ; ntdll.7C99C8E0 7C92D57D C2 0400 retn 4 7C92D580 90 nop 7C92D581 90 nop 7C92D582 90 nop 7C92D583 90 nop 7C92D584 90 nop 7C92D585 90 nop 7C92D586 > B8 19000000 mov eax, 19 7C92D58B BA 0003FE7F mov edx, 7FFE0300 7C92D590 FF12 call [edx] ; ntdll.7C99C8E0 7C92D592 C2 0400 retn 4 7C92D595 90 nop 7C92D596 90 nop 7C92D597 90 nop 7C92D598 90 nop 7C92D599 90 nop 7C92D59A 90 nop 7C92D59B > B8 1A000000 mov eax, 1A 7C92D5A0 BA 0003FE7F mov edx, 7FFE0300 7C92D5A5 FF12 call [edx] ; ntdll.7C99C8E0 7C92D5A7 C2 0C00 retn 0C 7C92D5AA 90 nop 7C92D5AB 90 nop 7C92D5AC 90 nop 7C92D5AD 90 nop 7C92D5AE 90 nop 7C92D5AF 90 nop 7C92D5B0 > B8 1B000000 mov eax, 1B 7C92D5B5 BA 0003FE7F mov edx, 7FFE0300 7C92D5BA FF12 call [edx] ; ntdll.7C99C8E0 7C92D5BC C2 0800 retn 8 7C92D5BF 90 nop 7C92D5C0 90 nop 7C92D5C1 90 nop 7C92D5C2 90 nop 7C92D5C3 90 nop 7C92D5C4 90 nop 7C92D5C5 > B8 1C000000 mov eax, 1C 7C92D5CA BA 0003FE7F mov edx, 7FFE0300 7C92D5CF FF12 call [edx] ; ntdll.7C99C8E0 7C92D5D1 C2 0C00 retn 0C 7C92D5D4 90 nop 7C92D5D5 90 nop 7C92D5D6 90 nop 7C92D5D7 90 nop 7C92D5D8 90 nop 7C92D5D9 90 nop 7C92D5DA > B8 1D000000 mov eax, 1D 7C92D5DF BA 0003FE7F mov edx, 7FFE0300 7C92D5E4 FF12 call [edx] ; ntdll.7C99C8E0 7C92D5E6 C2 0400 retn 4 7C92D5E9 90 nop 7C92D5EA 90 nop 7C92D5EB 90 nop 7C92D5EC 90 nop 7C92D5ED 90 nop 7C92D5EE 90 nop 7C92D5EF > B8 1E000000 mov eax, 1E 7C92D5F4 BA 0003FE7F mov edx, 7FFE0300 7C92D5F9 FF12 call [edx] ; ntdll.7C99C8E0 7C92D5FB C2 0400 retn 4 7C92D5FE 90 nop 7C92D5FF 90 nop 7C92D600 90 nop 7C92D601 90 nop 7C92D602 90 nop 7C92D603 90 nop 7C92D604 > B8 1F000000 mov eax, 1F 7C92D609 BA 0003FE7F mov edx, 7FFE0300 7C92D60E FF12 call [edx] ; ntdll.7C99C8E0 7C92D610 C2 2000 retn 20 7C92D613 90 nop 7C92D614 90 nop 7C92D615 90 nop 7C92D616 90 nop 7C92D617 90 nop 7C92D618 90 nop 7C92D619 > B8 20000000 mov eax, 20 7C92D61E BA 0003FE7F mov edx, 7FFE0300 7C92D623 FF12 call [edx] ; ntdll.7C99C8E0 7C92D625 C2 0800 retn 8 7C92D628 90 nop 7C92D629 90 nop 7C92D62A 90 nop 7C92D62B 90 nop 7C92D62C 90 nop 7C92D62D 90 nop 7C92D62E > B8 21000000 mov eax, 21 7C92D633 BA 0003FE7F mov edx, 7FFE0300 7C92D638 FF12 call [edx] ; ntdll.7C99C8E0 7C92D63A C2 1000 retn 10 7C92D63D 90 nop 7C92D63E 90 nop 7C92D63F 90 nop 7C92D640 90 nop 7C92D641 90 nop 7C92D642 90 nop 7C92D643 > B8 22000000 mov eax, 22 7C92D648 BA 0003FE7F mov edx, 7FFE0300 7C92D64D FF12 call [edx] ; ntdll.7C99C8E0 7C92D64F C2 0C00 retn 0C 7C92D652 90 nop 7C92D653 90 nop 7C92D654 90 nop 7C92D655 90 nop 7C92D656 90 nop 7C92D657 90 nop 7C92D658 > B8 23000000 mov eax, 23 7C92D65D BA 0003FE7F mov edx, 7FFE0300 7C92D662 FF12 call [edx] ; ntdll.7C99C8E0 7C92D664 C2 1400 retn 14 7C92D667 90 nop 7C92D668 90 nop 7C92D669 90 nop 7C92D66A 90 nop 7C92D66B 90 nop 7C92D66C 90 nop 7C92D66D > B8 24000000 mov eax, 24 7C92D672 BA 0003FE7F mov edx, 7FFE0300 7C92D677 FF12 call [edx] ; ntdll.7C99C8E0 7C92D679 C2 0C00 retn 0C 7C92D67C 90 nop 7C92D67D 90 nop 7C92D67E 90 nop 7C92D67F 90 nop 7C92D680 90 nop 7C92D681 90 nop 7C92D682 > B8 25000000 mov eax, 25 7C92D687 BA 0003FE7F mov edx, 7FFE0300 7C92D68C FF12 call [edx] ; ntdll.7C99C8E0 7C92D68E C2 2C00 retn 2C 7C92D691 90 nop 7C92D692 90 nop 7C92D693 90 nop 7C92D694 90 nop 7C92D695 90 nop 7C92D696 90 nop 7C92D697 > B8 26000000 mov eax, 26 7C92D69C BA 0003FE7F mov edx, 7FFE0300 7C92D6A1 FF12 call [edx] ; ntdll.7C99C8E0 7C92D6A3 C2 1000 retn 10 7C92D6A6 90 nop 7C92D6A7 90 nop 7C92D6A8 90 nop 7C92D6A9 90 nop 7C92D6AA 90 nop 7C92D6AB 90 nop 7C92D6AC > B8 27000000 mov eax, 27 7C92D6B1 BA 0003FE7F mov edx, 7FFE0300 7C92D6B6 FF12 call [edx] ; ntdll.7C99C8E0 7C92D6B8 C2 0C00 retn 0C 7C92D6BB 90 nop 7C92D6BC 90 nop 7C92D6BD 90 nop 7C92D6BE 90 nop 7C92D6BF 90 nop 7C92D6C0 90 nop 7C92D6C1 > B8 28000000 mov eax, 28 7C92D6C6 BA 0003FE7F mov edx, 7FFE0300 7C92D6CB FF12 call [edx] ; ntdll.7C99C8E0 7C92D6CD C2 0C00 retn 0C 7C92D6D0 90 nop 7C92D6D1 90 nop 7C92D6D2 90 nop 7C92D6D3 90 nop 7C92D6D4 90 nop 7C92D6D5 90 nop 7C92D6D6 > B8 29000000 mov eax, 29 7C92D6DB BA 0003FE7F mov edx, 7FFE0300 7C92D6E0 FF12 call [edx] ; ntdll.7C99C8E0 7C92D6E2 C2 1C00 retn 1C 7C92D6E5 90 nop 7C92D6E6 90 nop 7C92D6E7 90 nop 7C92D6E8 90 nop 7C92D6E9 90 nop 7C92D6EA 90 nop 7C92D6EB > B8 2A000000 mov eax, 2A 7C92D6F0 BA 0003FE7F mov edx, 7FFE0300 7C92D6F5 FF12 call [edx] ; ntdll.7C99C8E0 7C92D6F7 C2 2000 retn 20 7C92D6FA 90 nop 7C92D6FB 90 nop 7C92D6FC 90 nop 7C92D6FD 90 nop 7C92D6FE 90 nop 7C92D6FF 90 nop 7C92D700 > B8 2B000000 mov eax, 2B 7C92D705 BA 0003FE7F mov edx, 7FFE0300 7C92D70A FF12 call [edx] ; ntdll.7C99C8E0 7C92D70C C2 1000 retn 10 7C92D70F 90 nop 7C92D710 90 nop 7C92D711 90 nop 7C92D712 90 nop 7C92D713 90 nop 7C92D714 90 nop 7C92D715 > B8 2C000000 mov eax, 2C 7C92D71A BA 0003FE7F mov edx, 7FFE0300 7C92D71F FF12 call [edx] ; ntdll.7C99C8E0 7C92D721 C2 3800 retn 38 7C92D724 90 nop 7C92D725 90 nop 7C92D726 90 nop 7C92D727 90 nop 7C92D728 90 nop 7C92D729 90 nop 7C92D72A > B8 2D000000 mov eax, 2D 7C92D72F BA 0003FE7F mov edx, 7FFE0300 7C92D734 FF12 call [edx] ; ntdll.7C99C8E0 7C92D736 C2 1000 retn 10 7C92D739 90 nop 7C92D73A 90 nop 7C92D73B 90 nop 7C92D73C 90 nop 7C92D73D 90 nop 7C92D73E 90 nop 7C92D73F > B8 2E000000 mov eax, 2E 7C92D744 BA 0003FE7F mov edx, 7FFE0300 7C92D749 FF12 call [edx] ; ntdll.7C99C8E0 7C92D74B C2 1400 retn 14 7C92D74E 90 nop 7C92D74F 90 nop 7C92D750 90 nop 7C92D751 90 nop 7C92D752 90 nop 7C92D753 90 nop 7C92D754 > B8 2F000000 mov eax, 2F 7C92D759 BA 0003FE7F mov edx, 7FFE0300 7C92D75E FF12 call [edx] ; ntdll.7C99C8E0 7C92D760 C2 2000 retn 20 7C92D763 90 nop 7C92D764 90 nop 7C92D765 90 nop 7C92D766 90 nop 7C92D767 90 nop 7C92D768 90 nop 7C92D769 > B8 30000000 mov eax, 30 7C92D76E BA 0003FE7F mov edx, 7FFE0300 7C92D773 FF12 call [edx] ; ntdll.7C99C8E0 7C92D775 C2 2400 retn 24 7C92D778 90 nop 7C92D779 90 nop 7C92D77A 90 nop 7C92D77B 90 nop 7C92D77C 90 nop 7C92D77D 90 nop 7C92D77E > B8 31000000 mov eax, 31 7C92D783 BA 0003FE7F mov edx, 7FFE0300 7C92D788 FF12 call [edx] ; ntdll.7C99C8E0 7C92D78A C2 2400 retn 24 7C92D78D 90 nop 7C92D78E 90 nop 7C92D78F 90 nop 7C92D790 90 nop 7C92D791 90 nop 7C92D792 90 nop 7C92D793 > B8 32000000 mov eax, 32 7C92D798 BA 0003FE7F mov edx, 7FFE0300 7C92D79D FF12 call [edx] ; ntdll.7C99C8E0 7C92D79F C2 1C00 retn 1C 7C92D7A2 90 nop 7C92D7A3 90 nop 7C92D7A4 90 nop 7C92D7A5 90 nop 7C92D7A6 90 nop 7C92D7A7 90 nop 7C92D7A8 > B8 33000000 mov eax, 33 7C92D7AD BA 0003FE7F mov edx, 7FFE0300 7C92D7B2 FF12 call [edx] ; ntdll.7C99C8E0 7C92D7B4 C2 1400 retn 14 7C92D7B7 90 nop 7C92D7B8 90 nop 7C92D7B9 90 nop 7C92D7BA 90 nop 7C92D7BB 90 nop 7C92D7BC 90 nop 7C92D7BD > B8 34000000 mov eax, 34 7C92D7C2 BA 0003FE7F mov edx, 7FFE0300 7C92D7C7 FF12 call [edx] ; ntdll.7C99C8E0 7C92D7C9 C2 1000 retn 10 7C92D7CC 90 nop 7C92D7CD 90 nop 7C92D7CE 90 nop 7C92D7CF 90 nop 7C92D7D0 90 nop 7C92D7D1 90 nop 7C92D7D2 > B8 35000000 mov eax, 35 7C92D7D7 BA 0003FE7F mov edx, 7FFE0300 7C92D7DC FF12 call [edx] ; ntdll.7C99C8E0 7C92D7DE C2 2000 retn 20 7C92D7E1 90 nop 7C92D7E2 90 nop 7C92D7E3 90 nop 7C92D7E4 90 nop 7C92D7E5 90 nop 7C92D7E6 90 nop 7C92D7E7 > B8 36000000 mov eax, 36 7C92D7EC BA 0003FE7F mov edx, 7FFE0300 7C92D7F1 FF12 call [edx] ; ntdll.7C99C8E0 7C92D7F3 C2 1000 retn 10 7C92D7F6 90 nop 7C92D7F7 90 nop 7C92D7F8 90 nop 7C92D7F9 90 nop 7C92D7FA 90 nop 7C92D7FB 90 nop 7C92D7FC > B8 37000000 mov eax, 37 7C92D801 BA 0003FE7F mov edx, 7FFE0300 7C92D806 FF12 call [edx] ; ntdll.7C99C8E0 7C92D808 C2 3400 retn 34 7C92D80B 90 nop 7C92D80C 90 nop 7C92D80D 90 nop 7C92D80E 90 nop 7C92D80F 90 nop 7C92D810 90 nop 7C92D811 > B8 38000000 mov eax, 38 7C92D816 BA 0003FE7F mov edx, 7FFE0300 7C92D81B FF12 call [edx] ; ntdll.7C99C8E0 7C92D81D C2 1400 retn 14 7C92D820 90 nop 7C92D821 90 nop 7C92D822 90 nop 7C92D823 90 nop 7C92D824 90 nop 7C92D825 90 nop 7C92D826 > B8 39000000 mov eax, 39 7C92D82B BA 0003FE7F mov edx, 7FFE0300 7C92D830 FF12 call [edx] ; ntdll.7C99C8E0 7C92D832 C2 0800 retn 8 7C92D835 90 nop 7C92D836 90 nop 7C92D837 90 nop 7C92D838 90 nop 7C92D839 90 nop 7C92D83A 90 nop 7C92D83B > B8 3A000000 mov eax, 3A 7C92D840 BA 0003FE7F mov edx, 7FFE0300 7C92D845 FF12 call [edx] ; ntdll.7C99C8E0 7C92D847 C2 0C00 retn 0C 7C92D84A 90 nop 7C92D84B 90 nop 7C92D84C 90 nop 7C92D84D 90 nop 7C92D84E 90 nop 7C92D84F 90 nop 7C92D850 > B8 3B000000 mov eax, 3B 7C92D855 BA 0003FE7F mov edx, 7FFE0300 7C92D85A FF12 call [edx] ; ntdll.7C99C8E0 7C92D85C C2 0800 retn 8 7C92D85F 90 nop 7C92D860 90 nop 7C92D861 90 nop 7C92D862 90 nop 7C92D863 90 nop 7C92D864 90 nop 7C92D865 > B8 3C000000 mov eax, 3C 7C92D86A BA 0003FE7F mov edx, 7FFE0300 7C92D86F FF12 call [edx] ; ntdll.7C99C8E0 7C92D871 C2 0400 retn 4 7C92D874 90 nop 7C92D875 90 nop 7C92D876 90 nop 7C92D877 90 nop 7C92D878 90 nop 7C92D879 90 nop 7C92D87A > B8 3D000000 mov eax, 3D 7C92D87F BA 0003FE7F mov edx, 7FFE0300 7C92D884 FF12 call [edx] ; ntdll.7C99C8E0 7C92D886 C2 0400 retn 4 7C92D889 90 nop 7C92D88A 90 nop 7C92D88B 90 nop 7C92D88C 90 nop 7C92D88D 90 nop 7C92D88E 90 nop 7C92D88F > B8 3E000000 mov eax, 3E 7C92D894 BA 0003FE7F mov edx, 7FFE0300 7C92D899 FF12 call [edx] ; ntdll.7C99C8E0 7C92D89B C2 0400 retn 4 7C92D89E 90 nop 7C92D89F 90 nop 7C92D8A0 90 nop 7C92D8A1 90 nop 7C92D8A2 90 nop 7C92D8A3 90 nop 7C92D8A4 > B8 3F000000 mov eax, 3F 7C92D8A9 BA 0003FE7F mov edx, 7FFE0300 7C92D8AE FF12 call [edx] ; ntdll.7C99C8E0 7C92D8B0 C2 0400 retn 4 7C92D8B3 90 nop 7C92D8B4 90 nop 7C92D8B5 90 nop 7C92D8B6 90 nop 7C92D8B7 90 nop 7C92D8B8 90 nop 7C92D8B9 > B8 40000000 mov eax, 40 7C92D8BE BA 0003FE7F mov edx, 7FFE0300 7C92D8C3 FF12 call [edx] ; ntdll.7C99C8E0 |
|
[讨论]程序分析!
7C92C045 77 47 ja short 7C92C08E 7C92C047 65:74 57 je short 7C92C0A1 7C92C04A 72 69 jb short 7C92C0B5 7C92C04C 74 65 je short 7C92C0B3 7C92C04E 57 push edi 7C92C04F 61 popad 7C92C050 74 63 je short 7C92C0B5 7C92C052 68 005A7749 push 49775A00 7C92C057 6D ins dword ptr es:[edi], dx 7C92C058 70 65 jo short 7C92C0BF 7C92C05A 72 73 jb short 7C92C0CF 7C92C05C 6F outs dx, dword ptr es:[edi] 7C92C05D 6E outs dx, byte ptr es:[edi] 7C92C05E 61 popad 7C92C05F 74 65 je short 7C92C0C6 7C92C061 41 inc ecx 7C92C062 6E outs dx, byte ptr es:[edi] 7C92C063 6F outs dx, dword ptr es:[edi] 7C92C064 6E outs dx, byte ptr es:[edi] 7C92C065 79 6D jns short 7C92C0D4 7C92C067 6F outs dx, dword ptr es:[edi] 7C92C068 75 73 jnz short 7C92C0DD 7C92C06A 54 push esp 7C92C06B 6F outs dx, dword ptr es:[edi] 7C92C06C 6B65 6E 00 imul esp, [ebp+6E], 0 7C92C070 5A pop edx ; ntdll.7C92E89A 7C92C071 77 49 ja short 7C92C0BC 7C92C073 6D ins dword ptr es:[edi], dx 7C92C074 70 65 jo short 7C92C0DB 7C92C076 72 73 jb short 7C92C0EB 7C92C078 6F outs dx, dword ptr es:[edi] 7C92C079 6E outs dx, byte ptr es:[edi] 7C92C07A 61 popad 7C92C07B 74 65 je short 7C92C0E2 7C92C07D 43 inc ebx 7C92C07E 6C ins byte ptr es:[edi], dx 7C92C07F 6965 6E 744F665>imul esp, [ebp+6E], 50664F74 7C92C086 6F outs dx, dword ptr es:[edi] 7C92C087 72 74 jb short 7C92C0FD 7C92C089 005A 77 add [edx+77], bl 7C92C08C 49 dec ecx 7C92C08D 6D ins dword ptr es:[edi], dx 7C92C08E 70 65 jo short 7C92C0F5 7C92C090 72 73 jb short 7C92C105 7C92C092 6F outs dx, dword ptr es:[edi] 7C92C093 6E outs dx, byte ptr es:[edi] 7C92C094 61 popad 7C92C095 74 65 je short 7C92C0FC 7C92C097 54 push esp 7C92C098 68 72656164 push 64616572 7C92C09D 005A 77 add [edx+77], bl 7C92C0A0 49 dec ecx 7C92C0A1 6E outs dx, byte ptr es:[edi] 7C92C0A2 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92C0AA 52 push edx ; msvcrt.77C31AE8 7C92C0AB 65:67:6973 74 7>imul esi, gs:[bp+di+74], 5A007972 7C92C0B4 77 49 ja short 7C92C0FF 7C92C0B6 6E outs dx, byte ptr es:[edi] 7C92C0B7 697469 61 74655>imul esi, [ecx+ebp*2+61], 6F506574 7C92C0BF 77 65 ja short 7C92C126 7C92C0C1 72 41 jb short 7C92C104 7C92C0C3 637469 6F arpl [ecx+ebp*2+6F], si 7C92C0C7 6E outs dx, byte ptr es:[edi] 7C92C0C8 005A 77 add [edx+77], bl 7C92C0CB 49 dec ecx 7C92C0CC 73 50 jnb short 7C92C11E 7C92C0CE 72 6F jb short 7C92C13F 7C92C0D0 6365 73 arpl [ebp+73], sp 7C92C0D3 73 49 jnb short 7C92C11E 7C92C0D5 6E outs dx, byte ptr es:[edi] 7C92C0D6 4A dec edx ; msvcrt.77C31AE8 7C92C0D7 6F outs dx, dword ptr es:[edi] 7C92C0D8 6200 bound eax, [eax] 7C92C0DA 5A pop edx ; ntdll.7C92E89A 7C92C0DB 77 49 ja short 7C92C126 7C92C0DD 73 53 jnb short 7C92C132 7C92C0DF 79 73 jns short 7C92C154 7C92C0E1 74 65 je short 7C92C148 7C92C0E3 6D ins dword ptr es:[edi], dx 7C92C0E4 52 push edx ; msvcrt.77C31AE8 7C92C0E5 65:73 75 jnb short 7C92C15D 7C92C0E8 6D ins dword ptr es:[edi], dx 7C92C0E9 65:41 inc ecx 7C92C0EB 75 74 jnz short 7C92C161 7C92C0ED 6F outs dx, dword ptr es:[edi] 7C92C0EE 6D ins dword ptr es:[edi], dx 7C92C0EF 61 popad 7C92C0F0 74 69 je short 7C92C15B 7C92C0F2 6300 arpl [eax], ax 7C92C0F4 5A pop edx ; ntdll.7C92E89A 7C92C0F5 77 4C ja short 7C92C143 7C92C0F7 6973 74 656E506>imul esi, [ebx+74], 6F506E65 7C92C0FE 72 74 jb short 7C92C174 7C92C100 005A 77 add [edx+77], bl 7C92C103 4C dec esp 7C92C104 6F outs dx, dword ptr es:[edi] 7C92C105 61 popad 7C92C106 64:44 inc esp 7C92C108 72 69 jb short 7C92C173 7C92C10A 76 65 jbe short 7C92C171 7C92C10C 72 00 jb short 7C92C10E 7C92C10E 5A pop edx ; ntdll.7C92E89A 7C92C10F 77 4C ja short 7C92C15D 7C92C111 6F outs dx, dword ptr es:[edi] 7C92C112 61 popad 7C92C113 64:4B dec ebx 7C92C115 65:79 00 jns short 7C92C118 7C92C118 5A pop edx ; ntdll.7C92E89A 7C92C119 77 4C ja short 7C92C167 7C92C11B 6F outs dx, dword ptr es:[edi] 7C92C11C 61 popad 7C92C11D 64:4B dec ebx 7C92C11F 65:79 32 jns short 7C92C154 7C92C122 005A 77 add [edx+77], bl 7C92C125 4C dec esp 7C92C126 6F outs dx, dword ptr es:[edi] 7C92C127 636B 46 arpl [ebx+46], bp 7C92C12A 696C65 00 5A774>imul ebp, [ebp], 6F4C775A 7C92C132 636B 50 arpl [ebx+50], bp 7C92C135 72 6F jb short 7C92C1A6 7C92C137 64:75 63 jnz short 7C92C19D 7C92C13A 74 41 je short 7C92C17D 7C92C13C 637469 76 arpl [ecx+ebp*2+76], si 7C92C140 61 popad 7C92C141 74 69 je short 7C92C1AC 7C92C143 6F outs dx, dword ptr es:[edi] 7C92C144 6E outs dx, byte ptr es:[edi] 7C92C145 4B dec ebx 7C92C146 65:79 73 jns short 7C92C1BC 7C92C149 005A 77 add [edx+77], bl 7C92C14C 4C dec esp 7C92C14D 6F outs dx, dword ptr es:[edi] 7C92C14E 636B 52 arpl [ebx+52], bp 7C92C151 65:67:6973 74 7>imul esi, gs:[bp+di+74], 654B7972 7C92C15A 79 00 jns short 7C92C15C 7C92C15C 5A pop edx ; ntdll.7C92E89A 7C92C15D 77 4C ja short 7C92C1AB 7C92C15F 6F outs dx, dword ptr es:[edi] 7C92C160 636B 56 arpl [ebx+56], bp 7C92C163 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C92C16A 65:6D ins dword ptr es:[edi], dx 7C92C16C 6F outs dx, dword ptr es:[edi] 7C92C16D 72 79 jb short 7C92C1E8 7C92C16F 005A 77 add [edx+77], bl 7C92C172 4D dec ebp 7C92C173 61 popad 7C92C174 6B65 50 65 imul esp, [ebp+50], 65 ; trscd.00454ACA 7C92C178 72 6D jb short 7C92C1E7 7C92C17A 61 popad 7C92C17B 6E outs dx, byte ptr es:[edi] 7C92C17C 65:6E outs dx, byte ptr es:[edi] 7C92C17E 74 4F je short 7C92C1CF 7C92C180 626A 65 bound ebp, [edx+65] 7C92C183 637400 5A arpl [eax+eax+5A], si 7C92C187 77 4D ja short 7C92C1D6 7C92C189 61 popad 7C92C18A 6B65 54 65 imul esp, [ebp+54], 65 7C92C18E 6D ins dword ptr es:[edi], dx 7C92C18F 70 6F jo short 7C92C200 7C92C191 72 61 jb short 7C92C1F4 7C92C193 72 79 jb short 7C92C20E 7C92C195 4F dec edi 7C92C196 626A 65 bound ebp, [edx+65] 7C92C199 637400 5A arpl [eax+eax+5A], si 7C92C19D 77 4D ja short 7C92C1EC 7C92C19F 61 popad 7C92C1A0 70 55 jo short 7C92C1F7 7C92C1A2 73 65 jnb short 7C92C209 7C92C1A4 72 50 jb short 7C92C1F6 7C92C1A6 68 79736963 push 63697379 7C92C1AB 61 popad 7C92C1AC 6C ins byte ptr es:[edi], dx 7C92C1AD 50 push eax 7C92C1AE 61 popad 7C92C1AF 67:65:73 00 jnb short 7C92C1B3 7C92C1B3 5A pop edx ; ntdll.7C92E89A 7C92C1B4 77 4D ja short 7C92C203 7C92C1B6 61 popad 7C92C1B7 70 55 jo short 7C92C20E 7C92C1B9 73 65 jnb short 7C92C220 7C92C1BB 72 50 jb short 7C92C20D 7C92C1BD 68 79736963 push 63697379 7C92C1C2 61 popad 7C92C1C3 6C ins byte ptr es:[edi], dx 7C92C1C4 50 push eax 7C92C1C5 61 popad 7C92C1C6 67:65:73 53 jnb short 7C92C21D 7C92C1CA 6361 74 arpl [ecx+74], sp 7C92C1CD 74 65 je short 7C92C234 7C92C1CF 72 00 jb short 7C92C1D1 7C92C1D1 5A pop edx ; ntdll.7C92E89A 7C92C1D2 77 4D ja short 7C92C221 7C92C1D4 61 popad 7C92C1D5 70 56 jo short 7C92C22D 7C92C1D7 6965 77 4F66536>imul esp, [ebp+77], 6553664F 7C92C1DE 637469 6F arpl [ecx+ebp*2+6F], si 7C92C1E2 6E outs dx, byte ptr es:[edi] 7C92C1E3 005A 77 add [edx+77], bl 7C92C1E6 4D dec ebp 7C92C1E7 6F outs dx, dword ptr es:[edi] 7C92C1E8 64:6966 79 426F>imul esp, fs:[esi+79], 746F6F42 7C92C1F0 45 inc ebp 7C92C1F1 6E outs dx, byte ptr es:[edi] 7C92C1F2 74 72 je short 7C92C266 7C92C1F4 79 00 jns short 7C92C1F6 7C92C1F6 5A pop edx ; ntdll.7C92E89A 7C92C1F7 77 4E ja short 7C92C247 7C92C1F9 6F outs dx, dword ptr es:[edi] 7C92C1FA 74 69 je short 7C92C265 7C92C1FC - 66:79 43 jns short 0000C242 7C92C1FF 68 616E6765 push 65676E61 7C92C204 44 inc esp 7C92C205 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C92C20C 79 46 jns short 7C92C254 7C92C20E 696C65 00 5A774>imul ebp, [ebp], 6F4E775A 7C92C216 74 69 je short 7C92C281 7C92C218 - 66:79 43 jns short 0000C25E 7C92C21B 68 616E6765 push 65676E61 7C92C220 4B dec ebx 7C92C221 65:79 00 jns short 7C92C224 7C92C224 5A pop edx ; ntdll.7C92E89A 7C92C225 77 4E ja short 7C92C275 7C92C227 6F outs dx, dword ptr es:[edi] 7C92C228 74 69 je short 7C92C293 7C92C22A - 66:79 43 jns short 0000C270 7C92C22D 68 616E6765 push 65676E61 7C92C232 4D dec ebp 7C92C233 75 6C jnz short 7C92C2A1 7C92C235 74 69 je short 7C92C2A0 7C92C237 70 6C jo short 7C92C2A5 7C92C239 65:4B dec ebx 7C92C23B 65:79 73 jns short 7C92C2B1 7C92C23E 005A 77 add [edx+77], bl 7C92C241 4F dec edi 7C92C242 70 65 jo short 7C92C2A9 7C92C244 6E outs dx, byte ptr es:[edi] 7C92C245 44 inc esp 7C92C246 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C92C24D 79 4F jns short 7C92C29E 7C92C24F 626A 65 bound ebp, [edx+65] 7C92C252 637400 5A arpl [eax+eax+5A], si 7C92C256 77 4F ja short 7C92C2A7 7C92C258 70 65 jo short 7C92C2BF 7C92C25A 6E outs dx, byte ptr es:[edi] 7C92C25B 45 inc ebp 7C92C25C 76 65 jbe short 7C92C2C3 7C92C25E 6E outs dx, byte ptr es:[edi] 7C92C25F 74 00 je short 7C92C261 7C92C261 5A pop edx ; ntdll.7C92E89A 7C92C262 77 4F ja short 7C92C2B3 7C92C264 70 65 jo short 7C92C2CB 7C92C266 6E outs dx, byte ptr es:[edi] 7C92C267 45 inc ebp 7C92C268 76 65 jbe short 7C92C2CF 7C92C26A 6E outs dx, byte ptr es:[edi] 7C92C26B 74 50 je short 7C92C2BD 7C92C26D 61 popad 7C92C26E 6972 00 5A774F7>imul esi, [edx], 704F775A ; ntdll.7C99C8E0 7C92C275 65:6E outs dx, byte ptr es:[edi] 7C92C277 46 inc esi ; ntdll.ZwTerminateProcess 7C92C278 696C65 00 5A774>imul ebp, [ebp], 704F775A 7C92C280 65:6E outs dx, byte ptr es:[edi] 7C92C282 49 dec ecx 7C92C283 6F outs dx, dword ptr es:[edi] 7C92C284 43 inc ebx 7C92C285 6F outs dx, dword ptr es:[edi] 7C92C286 6D ins dword ptr es:[edi], dx 7C92C287 70 6C jo short 7C92C2F5 7C92C289 65:74 69 je short 7C92C2F5 7C92C28C 6F outs dx, dword ptr es:[edi] 7C92C28D 6E outs dx, byte ptr es:[edi] 7C92C28E 005A 77 add [edx+77], bl 7C92C291 4F dec edi 7C92C292 70 65 jo short 7C92C2F9 7C92C294 6E outs dx, byte ptr es:[edi] 7C92C295 4A dec edx ; msvcrt.77C31AE8 7C92C296 6F outs dx, dword ptr es:[edi] 7C92C297 624F 62 bound ecx, [edi+62] 7C92C29A 6A 65 push 65 7C92C29C 637400 5A arpl [eax+eax+5A], si 7C92C2A0 77 4F ja short 7C92C2F1 7C92C2A2 70 65 jo short 7C92C309 7C92C2A4 6E outs dx, byte ptr es:[edi] 7C92C2A5 4B dec ebx 7C92C2A6 65:79 00 jns short 7C92C2A9 7C92C2A9 5A pop edx ; ntdll.7C92E89A 7C92C2AA 77 4F ja short 7C92C2FB 7C92C2AC 70 65 jo short 7C92C313 7C92C2AE 6E outs dx, byte ptr es:[edi] 7C92C2AF 4B dec ebx 7C92C2B0 65:79 65 jns short 7C92C318 7C92C2B3 64:45 inc ebp 7C92C2B5 76 65 jbe short 7C92C31C 7C92C2B7 6E outs dx, byte ptr es:[edi] 7C92C2B8 74 00 je short 7C92C2BA 7C92C2BA 5A pop edx ; ntdll.7C92E89A 7C92C2BB 77 4F ja short 7C92C30C 7C92C2BD 70 65 jo short 7C92C324 7C92C2BF 6E outs dx, byte ptr es:[edi] 7C92C2C0 4D dec ebp 7C92C2C1 75 74 jnz short 7C92C337 7C92C2C3 61 popad 7C92C2C4 6E outs dx, byte ptr es:[edi] 7C92C2C5 74 00 je short 7C92C2C7 7C92C2C7 5A pop edx ; ntdll.7C92E89A 7C92C2C8 77 4F ja short 7C92C319 7C92C2CA 70 65 jo short 7C92C331 7C92C2CC 6E outs dx, byte ptr es:[edi] 7C92C2CD 4F dec edi 7C92C2CE 626A 65 bound ebp, [edx+65] 7C92C2D1 637441 75 arpl [ecx+eax*2+75], si 7C92C2D5 64:697441 6C 61>imul esi, fs:[ecx+eax*2+6C], 6D7261 7C92C2DE 5A pop edx ; ntdll.7C92E89A 7C92C2DF 77 4F ja short 7C92C330 7C92C2E1 70 65 jo short 7C92C348 7C92C2E3 6E outs dx, byte ptr es:[edi] 7C92C2E4 50 push eax 7C92C2E5 72 6F jb short 7C92C356 7C92C2E7 6365 73 arpl [ebp+73], sp 7C92C2EA 73 00 jnb short 7C92C2EC 7C92C2EC 5A pop edx ; ntdll.7C92E89A 7C92C2ED 77 4F ja short 7C92C33E 7C92C2EF 70 65 jo short 7C92C356 7C92C2F1 6E outs dx, byte ptr es:[edi] 7C92C2F2 50 push eax 7C92C2F3 72 6F jb short 7C92C364 7C92C2F5 6365 73 arpl [ebp+73], sp 7C92C2F8 73 54 jnb short 7C92C34E 7C92C2FA 6F outs dx, dword ptr es:[edi] 7C92C2FB 6B65 6E 00 imul esp, [ebp+6E], 0 7C92C2FF 5A pop edx ; ntdll.7C92E89A 7C92C300 77 4F ja short 7C92C351 7C92C302 70 65 jo short 7C92C369 7C92C304 6E outs dx, byte ptr es:[edi] 7C92C305 50 push eax 7C92C306 72 6F jb short 7C92C377 7C92C308 6365 73 arpl [ebp+73], sp 7C92C30B 73 54 jnb short 7C92C361 7C92C30D 6F outs dx, dword ptr es:[edi] 7C92C30E 6B65 6E 45 imul esp, [ebp+6E], 45 7C92C312 78 00 js short 7C92C314 7C92C314 5A pop edx ; ntdll.7C92E89A 7C92C315 77 4F ja short 7C92C366 7C92C317 70 65 jo short 7C92C37E 7C92C319 6E outs dx, byte ptr es:[edi] 7C92C31A 53 push ebx 7C92C31B 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92C320 6E outs dx, byte ptr es:[edi] 7C92C321 005A 77 add [edx+77], bl 7C92C324 4F dec edi 7C92C325 70 65 jo short 7C92C38C 7C92C327 6E outs dx, byte ptr es:[edi] 7C92C328 53 push ebx 7C92C329 65:6D ins dword ptr es:[edi], dx 7C92C32B 61 popad 7C92C32C 70 68 jo short 7C92C396 7C92C32E 6F outs dx, dword ptr es:[edi] 7C92C32F 72 65 jb short 7C92C396 7C92C331 005A 77 add [edx+77], bl 7C92C334 4F dec edi 7C92C335 70 65 jo short 7C92C39C 7C92C337 6E outs dx, byte ptr es:[edi] 7C92C338 53 push ebx 7C92C339 79 6D jns short 7C92C3A8 7C92C33B 626F 6C bound ebp, [edi+6C] 7C92C33E 6963 4C 696E6B4>imul esp, [ebx+4C], 4F6B6E69 7C92C345 626A 65 bound ebp, [edx+65] 7C92C348 637400 5A arpl [eax+eax+5A], si 7C92C34C 77 4F ja short 7C92C39D 7C92C34E 70 65 jo short 7C92C3B5 7C92C350 6E outs dx, byte ptr es:[edi] 7C92C351 54 push esp 7C92C352 68 72656164 push 64616572 7C92C357 005A 77 add [edx+77], bl 7C92C35A 4F dec edi 7C92C35B 70 65 jo short 7C92C3C2 7C92C35D 6E outs dx, byte ptr es:[edi] 7C92C35E 54 push esp 7C92C35F 68 72656164 push 64616572 7C92C364 54 push esp 7C92C365 6F outs dx, dword ptr es:[edi] 7C92C366 6B65 6E 00 imul esp, [ebp+6E], 0 7C92C36A 5A pop edx ; ntdll.7C92E89A 7C92C36B 77 4F ja short 7C92C3BC 7C92C36D 70 65 jo short 7C92C3D4 7C92C36F 6E outs dx, byte ptr es:[edi] 7C92C370 54 push esp 7C92C371 68 72656164 push 64616572 7C92C376 54 push esp 7C92C377 6F outs dx, dword ptr es:[edi] 7C92C378 6B65 6E 45 imul esp, [ebp+6E], 45 7C92C37C 78 00 js short 7C92C37E 7C92C37E 5A pop edx ; ntdll.7C92E89A 7C92C37F 77 4F ja short 7C92C3D0 7C92C381 70 65 jo short 7C92C3E8 7C92C383 6E outs dx, byte ptr es:[edi] 7C92C384 54 push esp 7C92C385 696D 65 72005A7>imul ebp, [ebp+65], 775A0072 7C92C38C 50 push eax 7C92C38D 6C ins byte ptr es:[edi], dx 7C92C38E 75 67 jnz short 7C92C3F7 7C92C390 50 push eax 7C92C391 6C ins byte ptr es:[edi], dx 7C92C392 61 popad 7C92C393 79 43 jns short 7C92C3D8 7C92C395 6F outs dx, dword ptr es:[edi] 7C92C396 6E outs dx, byte ptr es:[edi] 7C92C397 74 72 je short 7C92C40B 7C92C399 6F outs dx, dword ptr es:[edi] 7C92C39A 6C ins byte ptr es:[edi], dx 7C92C39B 005A 77 add [edx+77], bl 7C92C39E 50 push eax 7C92C39F 6F outs dx, dword ptr es:[edi] 7C92C3A0 77 65 ja short 7C92C407 7C92C3A2 72 49 jb short 7C92C3ED 7C92C3A4 6E outs dx, byte ptr es:[edi] 7C92C3A5 66:6F outs dx, word ptr es:[edi] 7C92C3A7 72 6D jb short 7C92C416 7C92C3A9 61 popad 7C92C3AA 74 69 je short 7C92C415 7C92C3AC 6F outs dx, dword ptr es:[edi] 7C92C3AD 6E outs dx, byte ptr es:[edi] 7C92C3AE 005A 77 add [edx+77], bl 7C92C3B1 50 push eax 7C92C3B2 72 69 jb short 7C92C41D 7C92C3B4 76 69 jbe short 7C92C41F 7C92C3B6 6C ins byte ptr es:[edi], dx 7C92C3B7 65: prefix gs: 7C92C3B8 67:65:43 inc ebx 7C92C3BB 68 65636B00 push 6B6365 7C92C3C0 5A pop edx ; ntdll.7C92E89A 7C92C3C1 77 50 ja short 7C92C413 7C92C3C3 72 69 jb short 7C92C42E 7C92C3C5 76 69 jbe short 7C92C430 7C92C3C7 6C ins byte ptr es:[edi], dx 7C92C3C8 65: prefix gs: 7C92C3C9 67:65:4F dec edi 7C92C3CC 626A 65 bound ebp, [edx+65] 7C92C3CF 637441 75 arpl [ecx+eax*2+75], si 7C92C3D3 64:697441 6C 61>imul esi, fs:[ecx+eax*2+6C], 6D7261 7C92C3DC 5A pop edx ; ntdll.7C92E89A 7C92C3DD 77 50 ja short 7C92C42F 7C92C3DF 72 69 jb short 7C92C44A 7C92C3E1 76 69 jbe short 7C92C44C 7C92C3E3 6C ins byte ptr es:[edi], dx 7C92C3E4 65: prefix gs: 7C92C3E5 67: prefix addrsize: 7C92C3E6 65: prefix gs: 7C92C3E7 64:53 push ebx 7C92C3E9 65:72 76 jb short 7C92C462 7C92C3EC 6963 65 4175646>imul esp, [ebx+65], 69647541 7C92C3F3 74 41 je short 7C92C436 7C92C3F5 6C ins byte ptr es:[edi], dx 7C92C3F6 61 popad 7C92C3F7 72 6D jb short 7C92C466 7C92C3F9 005A 77 add [edx+77], bl 7C92C3FC 50 push eax 7C92C3FD 72 6F jb short 7C92C46E 7C92C3FF 74 65 je short 7C92C466 7C92C401 637456 69 arpl [esi+edx*2+69], si 7C92C405 72 74 jb short 7C92C47B 7C92C407 75 61 jnz short 7C92C46A 7C92C409 6C ins byte ptr es:[edi], dx 7C92C40A 4D dec ebp 7C92C40B 65:6D ins dword ptr es:[edi], dx 7C92C40D 6F outs dx, dword ptr es:[edi] 7C92C40E 72 79 jb short 7C92C489 7C92C410 005A 77 add [edx+77], bl 7C92C413 50 push eax 7C92C414 75 6C jnz short 7C92C482 7C92C416 73 65 jnb short 7C92C47D 7C92C418 45 inc ebp 7C92C419 76 65 jbe short 7C92C480 7C92C41B 6E outs dx, byte ptr es:[edi] 7C92C41C 74 00 je short 7C92C41E 7C92C41E 5A pop edx ; ntdll.7C92E89A 7C92C41F 77 51 ja short 7C92C472 7C92C421 75 65 jnz short 7C92C488 7C92C423 72 79 jb short 7C92C49E 7C92C425 41 inc ecx 7C92C426 74 74 je short 7C92C49C 7C92C428 72 69 jb short 7C92C493 7C92C42A 6275 74 bound esi, [ebp+74] 7C92C42D 65:73 46 jnb short 7C92C476 7C92C430 696C65 00 5A775>imul ebp, [ebp], 7551775A 7C92C438 65:72 79 jb short 7C92C4B4 7C92C43B 42 inc edx ; msvcrt.77C31AE8 7C92C43C 6F outs dx, dword ptr es:[edi] 7C92C43D 6F outs dx, dword ptr es:[edi] 7C92C43E 74 45 je short 7C92C485 7C92C440 6E outs dx, byte ptr es:[edi] 7C92C441 74 72 je short 7C92C4B5 7C92C443 79 4F jns short 7C92C494 7C92C445 72 64 jb short 7C92C4AB 7C92C447 65:72 00 jb short 7C92C44A 7C92C44A 5A pop edx ; ntdll.7C92E89A 7C92C44B 77 51 ja short 7C92C49E 7C92C44D 75 65 jnz short 7C92C4B4 7C92C44F 72 79 jb short 7C92C4CA 7C92C451 42 inc edx ; msvcrt.77C31AE8 7C92C452 6F outs dx, dword ptr es:[edi] 7C92C453 6F outs dx, dword ptr es:[edi] 7C92C454 74 4F je short 7C92C4A5 7C92C456 70 74 jo short 7C92C4CC 7C92C458 696F 6E 73005A7>imul ebp, [edi+6E], 775A0073 7C92C45F 51 push ecx 7C92C460 75 65 jnz short 7C92C4C7 7C92C462 72 79 jb short 7C92C4DD 7C92C464 44 inc esp 7C92C465 65:6275 67 bound esi, gs:[ebp+67] 7C92C469 46 inc esi ; ntdll.ZwTerminateProcess 7C92C46A 696C74 65 72537>imul ebp, [esp+esi*2+65], 61745372 7C92C472 74 65 je short 7C92C4D9 7C92C474 005A 77 add [edx+77], bl 7C92C477 51 push ecx 7C92C478 75 65 jnz short 7C92C4DF 7C92C47A 72 79 jb short 7C92C4F5 7C92C47C 44 inc esp 7C92C47D 65:66:61 popaw 7C92C480 75 6C jnz short 7C92C4EE 7C92C482 74 4C je short 7C92C4D0 7C92C484 6F outs dx, dword ptr es:[edi] 7C92C485 6361 6C arpl [ecx+6C], sp 7C92C488 65:005A 77 add gs:[edx+77], bl 7C92C48C 51 push ecx 7C92C48D 75 65 jnz short 7C92C4F4 7C92C48F 72 79 jb short 7C92C50A 7C92C491 44 inc esp 7C92C492 65:66:61 popaw 7C92C495 75 6C jnz short 7C92C503 7C92C497 74 55 je short 7C92C4EE 7C92C499 49 dec ecx 7C92C49A 4C dec esp 7C92C49B 61 popad 7C92C49C 6E outs dx, byte ptr es:[edi] 7C92C49D 67:75 61 jnz short 7C92C501 7C92C4A0 67:65:005A 77 add gs:[bp+si+77], bl 7C92C4A5 51 push ecx 7C92C4A6 75 65 jnz short 7C92C50D 7C92C4A8 72 79 jb short 7C92C523 7C92C4AA 44 inc esp 7C92C4AB 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C92C4B2 79 46 jns short 7C92C4FA 7C92C4B4 696C65 00 5A775>imul ebp, [ebp], 7551775A 7C92C4BC 65:72 79 jb short 7C92C538 7C92C4BF 44 inc esp 7C92C4C0 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C92C4C7 79 4F jns short 7C92C518 7C92C4C9 626A 65 bound ebp, [edx+65] 7C92C4CC 637400 5A arpl [eax+eax+5A], si 7C92C4D0 77 51 ja short 7C92C523 7C92C4D2 75 65 jnz short 7C92C539 7C92C4D4 72 79 jb short 7C92C54F 7C92C4D6 45 inc ebp 7C92C4D7 61 popad 7C92C4D8 46 inc esi ; ntdll.ZwTerminateProcess 7C92C4D9 696C65 00 5A775>imul ebp, [ebp], 7551775A 7C92C4E1 65:72 79 jb short 7C92C55D 7C92C4E4 45 inc ebp 7C92C4E5 76 65 jbe short 7C92C54C 7C92C4E7 6E outs dx, byte ptr es:[edi] 7C92C4E8 74 00 je short 7C92C4EA 7C92C4EA 5A pop edx ; ntdll.7C92E89A 7C92C4EB 77 51 ja short 7C92C53E 7C92C4ED 75 65 jnz short 7C92C554 7C92C4EF 72 79 jb short 7C92C56A 7C92C4F1 46 inc esi ; ntdll.ZwTerminateProcess 7C92C4F2 75 6C jnz short 7C92C560 7C92C4F4 6C ins byte ptr es:[edi], dx 7C92C4F5 41 inc ecx 7C92C4F6 74 74 je short 7C92C56C 7C92C4F8 72 69 jb short 7C92C563 7C92C4FA 6275 74 bound esi, [ebp+74] 7C92C4FD 65:73 46 jnb short 7C92C546 7C92C500 696C65 00 5A775>imul ebp, [ebp], 7551775A 7C92C508 65:72 79 jb short 7C92C584 7C92C50B 49 dec ecx 7C92C50C 6E outs dx, byte ptr es:[edi] 7C92C50D 66:6F outs dx, word ptr es:[edi] 7C92C50F 72 6D jb short 7C92C57E 7C92C511 61 popad 7C92C512 74 69 je short 7C92C57D 7C92C514 6F outs dx, dword ptr es:[edi] 7C92C515 6E outs dx, byte ptr es:[edi] 7C92C516 41 inc ecx 7C92C517 74 6F je short 7C92C588 7C92C519 6D ins dword ptr es:[edi], dx 7C92C51A 005A 77 add [edx+77], bl 7C92C51D 51 push ecx 7C92C51E 75 65 jnz short 7C92C585 7C92C520 72 79 jb short 7C92C59B 7C92C522 49 dec ecx 7C92C523 6E outs dx, byte ptr es:[edi] 7C92C524 66:6F outs dx, word ptr es:[edi] 7C92C526 72 6D jb short 7C92C595 7C92C528 61 popad 7C92C529 74 69 je short 7C92C594 7C92C52B 6F outs dx, dword ptr es:[edi] 7C92C52C 6E outs dx, byte ptr es:[edi] 7C92C52D 46 inc esi ; ntdll.ZwTerminateProcess 7C92C52E 696C65 00 5A775>imul ebp, [ebp], 7551775A 7C92C536 65:72 79 jb short 7C92C5B2 7C92C539 49 dec ecx 7C92C53A 6E outs dx, byte ptr es:[edi] 7C92C53B 66:6F outs dx, word ptr es:[edi] 7C92C53D 72 6D jb short 7C92C5AC 7C92C53F 61 popad 7C92C540 74 69 je short 7C92C5AB 7C92C542 6F outs dx, dword ptr es:[edi] 7C92C543 6E outs dx, byte ptr es:[edi] 7C92C544 4A dec edx ; msvcrt.77C31AE8 7C92C545 6F outs dx, dword ptr es:[edi] 7C92C546 624F 62 bound ecx, [edi+62] 7C92C549 6A 65 push 65 7C92C54B 637400 5A arpl [eax+eax+5A], si 7C92C54F 77 51 ja short 7C92C5A2 7C92C551 75 65 jnz short 7C92C5B8 7C92C553 72 79 jb short 7C92C5CE 7C92C555 49 dec ecx 7C92C556 6E outs dx, byte ptr es:[edi] 7C92C557 66:6F outs dx, word ptr es:[edi] 7C92C559 72 6D jb short 7C92C5C8 7C92C55B 61 popad 7C92C55C 74 69 je short 7C92C5C7 7C92C55E 6F outs dx, dword ptr es:[edi] 7C92C55F 6E outs dx, byte ptr es:[edi] 7C92C560 50 push eax 7C92C561 6F outs dx, dword ptr es:[edi] 7C92C562 72 74 jb short 7C92C5D8 7C92C564 005A 77 add [edx+77], bl 7C92C567 51 push ecx 7C92C568 75 65 jnz short 7C92C5CF 7C92C56A 72 79 jb short 7C92C5E5 7C92C56C 49 dec ecx 7C92C56D 6E outs dx, byte ptr es:[edi] 7C92C56E 66:6F outs dx, word ptr es:[edi] 7C92C570 72 6D jb short 7C92C5DF 7C92C572 61 popad 7C92C573 74 69 je short 7C92C5DE 7C92C575 6F outs dx, dword ptr es:[edi] 7C92C576 6E outs dx, byte ptr es:[edi] 7C92C577 50 push eax 7C92C578 72 6F jb short 7C92C5E9 7C92C57A 6365 73 arpl [ebp+73], sp 7C92C57D 73 00 jnb short 7C92C57F 7C92C57F 5A pop edx ; ntdll.7C92E89A 7C92C580 77 51 ja short 7C92C5D3 7C92C582 75 65 jnz short 7C92C5E9 7C92C584 72 79 jb short 7C92C5FF 7C92C586 49 dec ecx 7C92C587 6E outs dx, byte ptr es:[edi] 7C92C588 66:6F outs dx, word ptr es:[edi] 7C92C58A 72 6D jb short 7C92C5F9 7C92C58C 61 popad 7C92C58D 74 69 je short 7C92C5F8 7C92C58F 6F outs dx, dword ptr es:[edi] 7C92C590 6E outs dx, byte ptr es:[edi] 7C92C591 54 push esp 7C92C592 68 72656164 push 64616572 7C92C597 005A 77 add [edx+77], bl 7C92C59A 51 push ecx 7C92C59B 75 65 jnz short 7C92C602 7C92C59D 72 79 jb short 7C92C618 7C92C59F 49 dec ecx 7C92C5A0 6E outs dx, byte ptr es:[edi] 7C92C5A1 66:6F outs dx, word ptr es:[edi] 7C92C5A3 72 6D jb short 7C92C612 7C92C5A5 61 popad 7C92C5A6 74 69 je short 7C92C611 7C92C5A8 6F outs dx, dword ptr es:[edi] 7C92C5A9 6E outs dx, byte ptr es:[edi] 7C92C5AA 54 push esp 7C92C5AB 6F outs dx, dword ptr es:[edi] 7C92C5AC 6B65 6E 00 imul esp, [ebp+6E], 0 7C92C5B0 5A pop edx ; ntdll.7C92E89A 7C92C5B1 77 51 ja short 7C92C604 7C92C5B3 75 65 jnz short 7C92C61A 7C92C5B5 72 79 jb short 7C92C630 7C92C5B7 49 dec ecx 7C92C5B8 6E outs dx, byte ptr es:[edi] 7C92C5B9 73 74 jnb short 7C92C62F 7C92C5BB 61 popad 7C92C5BC 6C ins byte ptr es:[edi], dx 7C92C5BD 6C ins byte ptr es:[edi], dx 7C92C5BE 55 push ebp 7C92C5BF 49 dec ecx 7C92C5C0 4C dec esp 7C92C5C1 61 popad 7C92C5C2 6E outs dx, byte ptr es:[edi] 7C92C5C3 67:75 61 jnz short 7C92C627 7C92C5C6 67:65:005A 77 add gs:[bp+si+77], bl 7C92C5CB 51 push ecx 7C92C5CC 75 65 jnz short 7C92C633 7C92C5CE 72 79 jb short 7C92C649 7C92C5D0 49 dec ecx 7C92C5D1 6E outs dx, byte ptr es:[edi] 7C92C5D2 74 65 je short 7C92C639 7C92C5D4 72 76 jb short 7C92C64C 7C92C5D6 61 popad 7C92C5D7 6C ins byte ptr es:[edi], dx 7C92C5D8 50 push eax 7C92C5D9 72 6F jb short 7C92C64A 7C92C5DB 66:696C65 00 5A>imul bp, [ebp], 775A 7C92C5E2 51 push ecx 7C92C5E3 75 65 jnz short 7C92C64A 7C92C5E5 72 79 jb short 7C92C660 7C92C5E7 49 dec ecx 7C92C5E8 6F outs dx, dword ptr es:[edi] 7C92C5E9 43 inc ebx 7C92C5EA 6F outs dx, dword ptr es:[edi] 7C92C5EB 6D ins dword ptr es:[edi], dx 7C92C5EC 70 6C jo short 7C92C65A 7C92C5EE 65:74 69 je short 7C92C65A 7C92C5F1 6F outs dx, dword ptr es:[edi] 7C92C5F2 6E outs dx, byte ptr es:[edi] 7C92C5F3 005A 77 add [edx+77], bl 7C92C5F6 51 push ecx 7C92C5F7 75 65 jnz short 7C92C65E 7C92C5F9 72 79 jb short 7C92C674 7C92C5FB 4B dec ebx 7C92C5FC 65:79 00 jns short 7C92C5FF 7C92C5FF 5A pop edx ; ntdll.7C92E89A 7C92C600 77 51 ja short 7C92C653 7C92C602 75 65 jnz short 7C92C669 7C92C604 72 79 jb short 7C92C67F 7C92C606 4D dec ebp 7C92C607 75 6C jnz short 7C92C675 7C92C609 74 69 je short 7C92C674 7C92C60B 70 6C jo short 7C92C679 7C92C60D 65:56 push esi ; ntdll.ZwTerminateProcess 7C92C60F 61 popad 7C92C610 6C ins byte ptr es:[edi], dx 7C92C611 75 65 jnz short 7C92C678 7C92C613 4B dec ebx 7C92C614 65:79 00 jns short 7C92C617 7C92C617 5A pop edx ; ntdll.7C92E89A 7C92C618 77 51 ja short 7C92C66B 7C92C61A 75 65 jnz short 7C92C681 7C92C61C 72 79 jb short 7C92C697 7C92C61E 4D dec ebp 7C92C61F 75 74 jnz short 7C92C695 7C92C621 61 popad 7C92C622 6E outs dx, byte ptr es:[edi] 7C92C623 74 00 je short 7C92C625 7C92C625 5A pop edx ; ntdll.7C92E89A 7C92C626 77 51 ja short 7C92C679 7C92C628 75 65 jnz short 7C92C68F 7C92C62A 72 79 jb short 7C92C6A5 7C92C62C 4F dec edi 7C92C62D 626A 65 bound ebp, [edx+65] 7C92C630 637400 5A arpl [eax+eax+5A], si 7C92C634 77 51 ja short 7C92C687 7C92C636 75 65 jnz short 7C92C69D 7C92C638 72 79 jb short 7C92C6B3 7C92C63A 4F dec edi 7C92C63B 70 65 jo short 7C92C6A2 7C92C63D 6E outs dx, byte ptr es:[edi] 7C92C63E 53 push ebx 7C92C63F 75 62 jnz short 7C92C6A3 7C92C641 4B dec ebx 7C92C642 65:79 73 jns short 7C92C6B8 7C92C645 005A 77 add [edx+77], bl 7C92C648 51 push ecx 7C92C649 75 65 jnz short 7C92C6B0 7C92C64B 72 79 jb short 7C92C6C6 7C92C64D 50 push eax 7C92C64E 65:72 66 jb short 7C92C6B7 7C92C651 6F outs dx, dword ptr es:[edi] 7C92C652 72 6D jb short 7C92C6C1 7C92C654 61 popad 7C92C655 6E outs dx, byte ptr es:[edi] 7C92C656 6365 43 arpl [ebp+43], sp 7C92C659 6F outs dx, dword ptr es:[edi] 7C92C65A 75 6E jnz short 7C92C6CA 7C92C65C 74 65 je short 7C92C6C3 7C92C65E 72 00 jb short 7C92C660 7C92C660 5A pop edx ; ntdll.7C92E89A 7C92C661 77 51 ja short 7C92C6B4 7C92C663 75 65 jnz short 7C92C6CA 7C92C665 72 79 jb short 7C92C6E0 7C92C667 50 push eax 7C92C668 6F outs dx, dword ptr es:[edi] 7C92C669 72 74 jb short 7C92C6DF 7C92C66B 49 dec ecx 7C92C66C 6E outs dx, byte ptr es:[edi] 7C92C66D 66:6F outs dx, word ptr es:[edi] 7C92C66F 72 6D jb short 7C92C6DE 7C92C671 61 popad 7C92C672 74 69 je short 7C92C6DD 7C92C674 6F outs dx, dword ptr es:[edi] 7C92C675 6E outs dx, byte ptr es:[edi] 7C92C676 50 push eax 7C92C677 72 6F jb short 7C92C6E8 7C92C679 6365 73 arpl [ebp+73], sp 7C92C67C 73 00 jnb short 7C92C67E 7C92C67E 5A pop edx ; ntdll.7C92E89A 7C92C67F 77 51 ja short 7C92C6D2 7C92C681 75 65 jnz short 7C92C6E8 7C92C683 72 79 jb short 7C92C6FE 7C92C685 51 push ecx 7C92C686 75 6F jnz short 7C92C6F7 7C92C688 74 61 je short 7C92C6EB 7C92C68A 49 dec ecx 7C92C68B 6E outs dx, byte ptr es:[edi] 7C92C68C 66:6F outs dx, word ptr es:[edi] 7C92C68E 72 6D jb short 7C92C6FD 7C92C690 61 popad 7C92C691 74 69 je short 7C92C6FC 7C92C693 6F outs dx, dword ptr es:[edi] 7C92C694 6E outs dx, byte ptr es:[edi] 7C92C695 46 inc esi ; ntdll.ZwTerminateProcess 7C92C696 696C65 00 5A775>imul ebp, [ebp], 7551775A 7C92C69E 65:72 79 jb short 7C92C71A 7C92C6A1 53 push ebx 7C92C6A2 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92C6A7 6E outs dx, byte ptr es:[edi] 7C92C6A8 005A 77 add [edx+77], bl 7C92C6AB 51 push ecx 7C92C6AC 75 65 jnz short 7C92C713 7C92C6AE 72 79 jb short 7C92C729 7C92C6B0 53 push ebx 7C92C6B1 65:6375 72 arpl gs:[ebp+72], si 7C92C6B5 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C92C6BD 74 00 je short 7C92C6BF 7C92C6BF 5A pop edx ; ntdll.7C92E89A 7C92C6C0 77 51 ja short 7C92C713 7C92C6C2 75 65 jnz short 7C92C729 7C92C6C4 72 79 jb short 7C92C73F 7C92C6C6 53 push ebx 7C92C6C7 65:6D ins dword ptr es:[edi], dx 7C92C6C9 61 popad 7C92C6CA 70 68 jo short 7C92C734 7C92C6CC 6F outs dx, dword ptr es:[edi] 7C92C6CD 72 65 jb short 7C92C734 7C92C6CF 005A 77 add [edx+77], bl 7C92C6D2 51 push ecx 7C92C6D3 75 65 jnz short 7C92C73A 7C92C6D5 72 79 jb short 7C92C750 7C92C6D7 53 push ebx 7C92C6D8 79 6D jns short 7C92C747 7C92C6DA 626F 6C bound ebp, [edi+6C] 7C92C6DD 6963 4C 696E6B4>imul esp, [ebx+4C], 4F6B6E69 7C92C6E4 626A 65 bound ebp, [edx+65] 7C92C6E7 637400 5A arpl [eax+eax+5A], si 7C92C6EB 77 51 ja short 7C92C73E 7C92C6ED 75 65 jnz short 7C92C754 7C92C6EF 72 79 jb short 7C92C76A 7C92C6F1 53 push ebx 7C92C6F2 79 73 jns short 7C92C767 7C92C6F4 74 65 je short 7C92C75B 7C92C6F6 6D ins dword ptr es:[edi], dx 7C92C6F7 45 inc ebp 7C92C6F8 6E outs dx, byte ptr es:[edi] 7C92C6F9 76 69 jbe short 7C92C764 7C92C6FB 72 6F jb short 7C92C76C 7C92C6FD 6E outs dx, byte ptr es:[edi] 7C92C6FE 6D ins dword ptr es:[edi], dx 7C92C6FF 65:6E outs dx, byte ptr es:[edi] 7C92C701 74 56 je short 7C92C759 7C92C703 61 popad 7C92C704 6C ins byte ptr es:[edi], dx 7C92C705 75 65 jnz short 7C92C76C 7C92C707 005A 77 add [edx+77], bl 7C92C70A 51 push ecx 7C92C70B 75 65 jnz short 7C92C772 7C92C70D 72 79 jb short 7C92C788 7C92C70F 53 push ebx 7C92C710 79 73 jns short 7C92C785 7C92C712 74 65 je short 7C92C779 7C92C714 6D ins dword ptr es:[edi], dx 7C92C715 45 inc ebp 7C92C716 6E outs dx, byte ptr es:[edi] 7C92C717 76 69 jbe short 7C92C782 7C92C719 72 6F jb short 7C92C78A 7C92C71B 6E outs dx, byte ptr es:[edi] 7C92C71C 6D ins dword ptr es:[edi], dx 7C92C71D 65:6E outs dx, byte ptr es:[edi] 7C92C71F 74 56 je short 7C92C777 7C92C721 61 popad 7C92C722 6C ins byte ptr es:[edi], dx 7C92C723 75 65 jnz short 7C92C78A 7C92C725 45 inc ebp 7C92C726 78 00 js short 7C92C728 7C92C728 5A pop edx ; ntdll.7C92E89A 7C92C729 77 51 ja short 7C92C77C 7C92C72B 75 65 jnz short 7C92C792 7C92C72D 72 79 jb short 7C92C7A8 7C92C72F 53 push ebx 7C92C730 79 73 jns short 7C92C7A5 7C92C732 74 65 je short 7C92C799 7C92C734 6D ins dword ptr es:[edi], dx 7C92C735 49 dec ecx 7C92C736 6E outs dx, byte ptr es:[edi] 7C92C737 66:6F outs dx, word ptr es:[edi] 7C92C739 72 6D jb short 7C92C7A8 7C92C73B 61 popad 7C92C73C 74 69 je short 7C92C7A7 7C92C73E 6F outs dx, dword ptr es:[edi] 7C92C73F 6E outs dx, byte ptr es:[edi] 7C92C740 005A 77 add [edx+77], bl 7C92C743 51 push ecx 7C92C744 75 65 jnz short 7C92C7AB 7C92C746 72 79 jb short 7C92C7C1 7C92C748 53 push ebx 7C92C749 79 73 jns short 7C92C7BE 7C92C74B 74 65 je short 7C92C7B2 7C92C74D 6D ins dword ptr es:[edi], dx 7C92C74E 54 push esp 7C92C74F 696D 65 005A775>imul ebp, [ebp+65], 51775A00 7C92C756 75 65 jnz short 7C92C7BD 7C92C758 72 79 jb short 7C92C7D3 7C92C75A 54 push esp 7C92C75B 696D 65 72005A7>imul ebp, [ebp+65], 775A0072 7C92C762 51 push ecx 7C92C763 75 65 jnz short 7C92C7CA 7C92C765 72 79 jb short 7C92C7E0 7C92C767 54 push esp 7C92C768 696D 65 7252657>imul ebp, [ebp+65], 73655272 7C92C76F 6F outs dx, dword ptr es:[edi] 7C92C770 6C ins byte ptr es:[edi], dx 7C92C771 75 74 jnz short 7C92C7E7 7C92C773 696F 6E 005A775>imul ebp, [edi+6E], 51775A00 7C92C77A 75 65 jnz short 7C92C7E1 7C92C77C 72 79 jb short 7C92C7F7 7C92C77E 56 push esi ; ntdll.ZwTerminateProcess 7C92C77F 61 popad 7C92C780 6C ins byte ptr es:[edi], dx 7C92C781 75 65 jnz short 7C92C7E8 7C92C783 4B dec ebx 7C92C784 65:79 00 jns short 7C92C787 7C92C787 5A pop edx ; ntdll.7C92E89A 7C92C788 77 51 ja short 7C92C7DB 7C92C78A 75 65 jnz short 7C92C7F1 7C92C78C 72 79 jb short 7C92C807 7C92C78E 56 push esi ; ntdll.ZwTerminateProcess 7C92C78F 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C92C796 65:6D ins dword ptr es:[edi], dx 7C92C798 6F outs dx, dword ptr es:[edi] 7C92C799 72 79 jb short 7C92C814 7C92C79B 005A 77 add [edx+77], bl 7C92C79E 51 push ecx 7C92C79F 75 65 jnz short 7C92C806 7C92C7A1 72 79 jb short 7C92C81C 7C92C7A3 56 push esi ; ntdll.ZwTerminateProcess 7C92C7A4 6F outs dx, dword ptr es:[edi] 7C92C7A5 6C ins byte ptr es:[edi], dx 7C92C7A6 75 6D jnz short 7C92C815 7C92C7A8 65:49 dec ecx 7C92C7AA 6E outs dx, byte ptr es:[edi] 7C92C7AB 66:6F outs dx, word ptr es:[edi] 7C92C7AD 72 6D jb short 7C92C81C 7C92C7AF 61 popad 7C92C7B0 74 69 je short 7C92C81B 7C92C7B2 6F outs dx, dword ptr es:[edi] 7C92C7B3 6E outs dx, byte ptr es:[edi] 7C92C7B4 46 inc esi ; ntdll.ZwTerminateProcess 7C92C7B5 696C65 00 5A775>imul ebp, [ebp], 7551775A 7C92C7BD 65:75 65 jnz short 7C92C825 7C92C7C0 41 inc ecx 7C92C7C1 70 63 jo short 7C92C826 7C92C7C3 54 push esp 7C92C7C4 68 72656164 push 64616572 7C92C7C9 005A 77 add [edx+77], bl 7C92C7CC 52 push edx ; msvcrt.77C31AE8 7C92C7CD 61 popad 7C92C7CE 6973 65 4578636>imul esi, [ebx+65], 65637845 7C92C7D5 70 74 jo short 7C92C84B 7C92C7D7 696F 6E 005A775>imul ebp, [edi+6E], 52775A00 7C92C7DE 61 popad 7C92C7DF 6973 65 4861726>imul esi, [ebx+65], 64726148 7C92C7E6 45 inc ebp 7C92C7E7 72 72 jb short 7C92C85B 7C92C7E9 6F outs dx, dword ptr es:[edi] 7C92C7EA 72 00 jb short 7C92C7EC 7C92C7EC 5A pop edx ; ntdll.7C92E89A 7C92C7ED 77 52 ja short 7C92C841 7C92C7EF 65:61 popad 7C92C7F1 64:46 inc esi ; ntdll.ZwTerminateProcess 7C92C7F3 696C65 00 5A775>imul ebp, [ebp], 6552775A 7C92C7FB 61 popad 7C92C7FC 64:46 inc esi ; ntdll.ZwTerminateProcess 7C92C7FE 696C65 53 63617>imul ebp, [ebp+53], 74746163 7C92C806 65:72 00 jb short 7C92C809 7C92C809 5A pop edx ; ntdll.7C92E89A 7C92C80A 77 52 ja short 7C92C85E 7C92C80C 65:61 popad 7C92C80E 64:52 push edx ; msvcrt.77C31AE8 7C92C810 65:71 75 jno short 7C92C888 7C92C813 65:73 74 jnb short 7C92C88A 7C92C816 44 inc esp 7C92C817 61 popad 7C92C818 74 61 je short 7C92C87B 7C92C81A 005A 77 add [edx+77], bl 7C92C81D 52 push edx ; msvcrt.77C31AE8 7C92C81E 65:61 popad 7C92C820 64:56 push esi ; ntdll.ZwTerminateProcess 7C92C822 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C92C829 65:6D ins dword ptr es:[edi], dx 7C92C82B 6F outs dx, dword ptr es:[edi] 7C92C82C 72 79 jb short 7C92C8A7 7C92C82E 005A 77 add [edx+77], bl 7C92C831 52 push edx ; msvcrt.77C31AE8 7C92C832 65:67:6973 74 6>imul esi, gs:[bp+di+74], 68547265 7C92C83B 72 65 jb short 7C92C8A2 7C92C83D 61 popad 7C92C83E 64:54 push esp 7C92C840 65:72 6D jb short 7C92C8B0 7C92C843 696E 61 7465506>imul ebp, [esi+61], 6F506574 7C92C84A 72 74 jb short 7C92C8C0 7C92C84C 005A 77 add [edx+77], bl 7C92C84F 52 push edx ; msvcrt.77C31AE8 7C92C850 65:6C ins byte ptr es:[edi], dx 7C92C852 65:61 popad 7C92C854 73 65 jnb short 7C92C8BB 7C92C856 4B dec ebx 7C92C857 65:79 65 jns short 7C92C8BF 7C92C85A 64:45 inc ebp 7C92C85C 76 65 jbe short 7C92C8C3 7C92C85E 6E outs dx, byte ptr es:[edi] 7C92C85F 74 00 je short 7C92C861 7C92C861 5A pop edx ; ntdll.7C92E89A 7C92C862 77 52 ja short 7C92C8B6 7C92C864 65:6C ins byte ptr es:[edi], dx 7C92C866 65:61 popad 7C92C868 73 65 jnb short 7C92C8CF 7C92C86A 4D dec ebp 7C92C86B 75 74 jnz short 7C92C8E1 7C92C86D 61 popad 7C92C86E 6E outs dx, byte ptr es:[edi] 7C92C86F 74 00 je short 7C92C871 7C92C871 5A pop edx ; ntdll.7C92E89A 7C92C872 77 52 ja short 7C92C8C6 7C92C874 65:6C ins byte ptr es:[edi], dx 7C92C876 65:61 popad 7C92C878 73 65 jnb short 7C92C8DF 7C92C87A 53 push ebx 7C92C87B 65:6D ins dword ptr es:[edi], dx 7C92C87D 61 popad 7C92C87E 70 68 jo short 7C92C8E8 7C92C880 6F outs dx, dword ptr es:[edi] 7C92C881 72 65 jb short 7C92C8E8 7C92C883 005A 77 add [edx+77], bl 7C92C886 52 push edx ; msvcrt.77C31AE8 7C92C887 65:6D ins dword ptr es:[edi], dx 7C92C889 6F outs dx, dword ptr es:[edi] 7C92C88A 76 65 jbe short 7C92C8F1 7C92C88C 49 dec ecx 7C92C88D 6F outs dx, dword ptr es:[edi] 7C92C88E 43 inc ebx 7C92C88F 6F outs dx, dword ptr es:[edi] 7C92C890 6D ins dword ptr es:[edi], dx 7C92C891 70 6C jo short 7C92C8FF 7C92C893 65:74 69 je short 7C92C8FF 7C92C896 6F outs dx, dword ptr es:[edi] 7C92C897 6E outs dx, byte ptr es:[edi] 7C92C898 005A 77 add [edx+77], bl 7C92C89B 52 push edx ; msvcrt.77C31AE8 7C92C89C 65:6D ins dword ptr es:[edi], dx 7C92C89E 6F outs dx, dword ptr es:[edi] 7C92C89F 76 65 jbe short 7C92C906 7C92C8A1 50 push eax 7C92C8A2 72 6F jb short 7C92C913 7C92C8A4 6365 73 arpl [ebp+73], sp 7C92C8A7 73 44 jnb short 7C92C8ED 7C92C8A9 65:6275 67 bound esi, gs:[ebp+67] 7C92C8AD 005A 77 add [edx+77], bl 7C92C8B0 52 push edx ; msvcrt.77C31AE8 7C92C8B1 65:6E outs dx, byte ptr es:[edi] 7C92C8B3 61 popad 7C92C8B4 6D ins dword ptr es:[edi], dx 7C92C8B5 65:4B dec ebx 7C92C8B7 65:79 00 jns short 7C92C8BA 7C92C8BA 5A pop edx ; ntdll.7C92E89A 7C92C8BB 77 52 ja short 7C92C90F 7C92C8BD 65:70 6C jo short 7C92C92C 7C92C8C0 61 popad 7C92C8C1 6365 4B arpl [ebp+4B], sp 7C92C8C4 65:79 00 jns short 7C92C8C7 7C92C8C7 5A pop edx ; ntdll.7C92E89A 7C92C8C8 77 52 ja short 7C92C91C 7C92C8CA 65:70 6C jo short 7C92C939 7C92C8CD 79 50 jns short 7C92C91F 7C92C8CF 6F outs dx, dword ptr es:[edi] 7C92C8D0 72 74 jb short 7C92C946 7C92C8D2 005A 77 add [edx+77], bl 7C92C8D5 52 push edx ; msvcrt.77C31AE8 7C92C8D6 65:70 6C jo short 7C92C945 7C92C8D9 79 57 jns short 7C92C932 7C92C8DB 61 popad 7C92C8DC 697452 65 63656>imul esi, [edx+edx*2+65], 76696563 7C92C8E4 65:50 push eax 7C92C8E6 6F outs dx, dword ptr es:[edi] 7C92C8E7 72 74 jb short 7C92C95D 7C92C8E9 005A 77 add [edx+77], bl 7C92C8EC 52 push edx ; msvcrt.77C31AE8 7C92C8ED 65:70 6C jo short 7C92C95C 7C92C8F0 79 57 jns short 7C92C949 7C92C8F2 61 popad 7C92C8F3 697452 65 63656>imul esi, [edx+edx*2+65], 76696563 7C92C8FB 65:50 push eax 7C92C8FD 6F outs dx, dword ptr es:[edi] 7C92C8FE 72 74 jb short 7C92C974 7C92C900 45 inc ebp 7C92C901 78 00 js short 7C92C903 7C92C903 5A pop edx ; ntdll.7C92E89A 7C92C904 77 52 ja short 7C92C958 7C92C906 65:70 6C jo short 7C92C975 7C92C909 79 57 jns short 7C92C962 7C92C90B 61 popad 7C92C90C 697452 65 706C7>imul esi, [edx+edx*2+65], 50796C70 7C92C914 6F outs dx, dword ptr es:[edi] 7C92C915 72 74 jb short 7C92C98B 7C92C917 005A 77 add [edx+77], bl 7C92C91A 52 push edx ; msvcrt.77C31AE8 7C92C91B 65:71 75 jno short 7C92C993 7C92C91E 65:73 74 jnb short 7C92C995 7C92C921 44 inc esp 7C92C922 65:76 69 jbe short 7C92C98E 7C92C925 6365 57 arpl [ebp+57], sp 7C92C928 61 popad 7C92C929 6B65 75 70 imul esp, [ebp+75], 70 7C92C92D 005A 77 add [edx+77], bl 7C92C930 52 push edx ; msvcrt.77C31AE8 7C92C931 65:71 75 jno short 7C92C9A9 7C92C934 65:73 74 jnb short 7C92C9AB 7C92C937 50 push eax 7C92C938 6F outs dx, dword ptr es:[edi] 7C92C939 72 74 jb short 7C92C9AF 7C92C93B 005A 77 add [edx+77], bl 7C92C93E 52 push edx ; msvcrt.77C31AE8 7C92C93F 65:71 75 jno short 7C92C9B7 7C92C942 65:73 74 jnb short 7C92C9B9 7C92C945 57 push edi 7C92C946 61 popad 7C92C947 697452 65 706C7>imul esi, [edx+edx*2+65], 50796C70 7C92C94F 6F outs dx, dword ptr es:[edi] 7C92C950 72 74 jb short 7C92C9C6 7C92C952 005A 77 add [edx+77], bl 7C92C955 52 push edx ; msvcrt.77C31AE8 7C92C956 65:71 75 jno short 7C92C9CE 7C92C959 65:73 74 jnb short 7C92C9D0 7C92C95C 57 push edi 7C92C95D 61 popad 7C92C95E 6B65 75 70 imul esp, [ebp+75], 70 7C92C962 4C dec esp 7C92C963 61 popad 7C92C964 74 65 je short 7C92C9CB 7C92C966 6E outs dx, byte ptr es:[edi] 7C92C967 6379 00 arpl [ecx], di 7C92C96A 5A pop edx ; ntdll.7C92E89A |
|
[讨论]程序分析!
7C92B7E2 65:67:6973 74 7>imul esi, gs:[bp+di+74], 61567972 7C92B7EB 6C ins byte ptr es:[edi], dx 7C92B7EC 75 65 jnz short 7C92B853 7C92B7EE 0052 74 add [edx+74], dl 7C92B7F1 6C ins byte ptr es:[edi], dx 7C92B7F2 5A pop edx ; ntdll.7C92E89A 7C92B7F3 65:72 6F jb short 7C92B865 7C92B7F6 48 dec eax 7C92B7F7 65:61 popad 7C92B7F9 70 00 jo short 7C92B7FB 7C92B7FB 52 push edx ; msvcrt.77C31AE8 7C92B7FC 74 6C je short 7C92B86A 7C92B7FE 5A pop edx ; ntdll.7C92E89A 7C92B7FF 65:72 6F jb short 7C92B871 7C92B802 4D dec ebp 7C92B803 65:6D ins dword ptr es:[edi], dx 7C92B805 6F outs dx, dword ptr es:[edi] 7C92B806 72 79 jb short 7C92B881 7C92B808 0052 74 add [edx+74], dl 7C92B80B 6C ins byte ptr es:[edi], dx 7C92B80C 5A pop edx ; ntdll.7C92E89A 7C92B80D 6F outs dx, dword ptr es:[edi] 7C92B80E 6D ins dword ptr es:[edi], dx 7C92B80F 6269 66 bound ebp, [ecx+66] 7C92B812 79 41 jns short 7C92B855 7C92B814 637469 76 arpl [ecx+ebp*2+76], si 7C92B818 61 popad 7C92B819 74 69 je short 7C92B884 7C92B81B 6F outs dx, dword ptr es:[edi] 7C92B81C 6E outs dx, byte ptr es:[edi] 7C92B81D 43 inc ebx 7C92B81E 6F outs dx, dword ptr es:[edi] 7C92B81F 6E outs dx, byte ptr es:[edi] 7C92B820 74 65 je short 7C92B887 7C92B822 78 74 js short 7C92B898 7C92B824 0052 74 add [edx+74], dl 7C92B827 6C ins byte ptr es:[edi], dx 7C92B828 70 41 jo short 7C92B86B 7C92B82A 70 70 jo short 7C92B89C 7C92B82C 6C ins byte ptr es:[edi], dx 7C92B82D 79 4C jns short 7C92B87B 7C92B82F 65:6E outs dx, byte ptr es:[edi] 7C92B831 67:74 68 je short 7C92B89C 7C92B834 46 inc esi ; ntdll.ZwTerminateProcess 7C92B835 75 6E jnz short 7C92B8A5 7C92B837 637469 6F arpl [ecx+ebp*2+6F], si 7C92B83B 6E outs dx, byte ptr es:[edi] 7C92B83C 0052 74 add [edx+74], dl 7C92B83F 6C ins byte ptr es:[edi], dx 7C92B840 70 45 jo short 7C92B887 7C92B842 6E outs dx, byte ptr es:[edi] 7C92B843 73 75 jnb short 7C92B8BA 7C92B845 72 65 jb short 7C92B8AC 7C92B847 42 inc edx ; msvcrt.77C31AE8 7C92B848 75 66 jnz short 7C92B8B0 7C92B84A 66:65:72 53 jb short 0000B8A1 7C92B84E 697A 65 0052746>imul edi, [edx+65], 6C745200 7C92B855 70 4E jo short 7C92B8A5 7C92B857 6F outs dx, dword ptr es:[edi] 7C92B858 74 4F je short 7C92B8A9 7C92B85A 77 6E ja short 7C92B8CA 7C92B85C 65:72 43 jb short 7C92B8A2 7C92B85F 72 69 jb short 7C92B8CA 7C92B861 74 69 je short 7C92B8CC 7C92B863 6361 6C arpl [ecx+6C], sp 7C92B866 53 push ebx 7C92B867 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92B86C 6E outs dx, byte ptr es:[edi] 7C92B86D 0052 74 add [edx+74], dl 7C92B870 6C ins byte ptr es:[edi], dx 7C92B871 70 4E jo short 7C92B8C1 7C92B873 74 43 je short 7C92B8B8 7C92B875 72 65 jb short 7C92B8DC 7C92B877 61 popad 7C92B878 74 65 je short 7C92B8DF 7C92B87A 4B dec ebx 7C92B87B 65:79 00 jns short 7C92B87E 7C92B87E 52 push edx ; msvcrt.77C31AE8 7C92B87F 74 6C je short 7C92B8ED 7C92B881 70 4E jo short 7C92B8D1 7C92B883 74 45 je short 7C92B8CA 7C92B885 6E outs dx, byte ptr es:[edi] 7C92B886 75 6D jnz short 7C92B8F5 7C92B888 65:72 61 jb short 7C92B8EC 7C92B88B 74 65 je short 7C92B8F2 7C92B88D 53 push ebx 7C92B88E 75 62 jnz short 7C92B8F2 7C92B890 4B dec ebx 7C92B891 65:79 00 jns short 7C92B894 7C92B894 52 push edx ; msvcrt.77C31AE8 7C92B895 74 6C je short 7C92B903 7C92B897 70 4E jo short 7C92B8E7 7C92B899 74 4D je short 7C92B8E8 7C92B89B 61 popad 7C92B89C 6B65 54 65 imul esp, [ebp+54], 65 7C92B8A0 6D ins dword ptr es:[edi], dx 7C92B8A1 70 6F jo short 7C92B912 7C92B8A3 72 61 jb short 7C92B906 7C92B8A5 72 79 jb short 7C92B920 7C92B8A7 4B dec ebx 7C92B8A8 65:79 00 jns short 7C92B8AB 7C92B8AB 52 push edx ; msvcrt.77C31AE8 7C92B8AC 74 6C je short 7C92B91A 7C92B8AE 70 4E jo short 7C92B8FE 7C92B8B0 74 4F je short 7C92B901 7C92B8B2 70 65 jo short 7C92B919 7C92B8B4 6E outs dx, byte ptr es:[edi] 7C92B8B5 4B dec ebx 7C92B8B6 65:79 00 jns short 7C92B8B9 7C92B8B9 52 push edx ; msvcrt.77C31AE8 7C92B8BA 74 6C je short 7C92B928 7C92B8BC 70 4E jo short 7C92B90C 7C92B8BE 74 51 je short 7C92B911 7C92B8C0 75 65 jnz short 7C92B927 7C92B8C2 72 79 jb short 7C92B93D 7C92B8C4 56 push esi ; ntdll.ZwTerminateProcess 7C92B8C5 61 popad 7C92B8C6 6C ins byte ptr es:[edi], dx 7C92B8C7 75 65 jnz short 7C92B92E 7C92B8C9 4B dec ebx 7C92B8CA 65:79 00 jns short 7C92B8CD 7C92B8CD 52 push edx ; msvcrt.77C31AE8 7C92B8CE 74 6C je short 7C92B93C 7C92B8D0 70 4E jo short 7C92B920 7C92B8D2 74 53 je short 7C92B927 7C92B8D4 65:74 56 je short 7C92B92D 7C92B8D7 61 popad 7C92B8D8 6C ins byte ptr es:[edi], dx 7C92B8D9 75 65 jnz short 7C92B940 7C92B8DB 4B dec ebx 7C92B8DC 65:79 00 jns short 7C92B8DF 7C92B8DF 52 push edx ; msvcrt.77C31AE8 7C92B8E0 74 6C je short 7C92B94E 7C92B8E2 70 55 jo short 7C92B939 7C92B8E4 6E outs dx, byte ptr es:[edi] 7C92B8E5 57 push edi 7C92B8E6 61 popad 7C92B8E7 697443 72 69746>imul esi, [ebx+eax*2+72], 63697469 7C92B8EF 61 popad 7C92B8F0 6C ins byte ptr es:[edi], dx 7C92B8F1 53 push ebx 7C92B8F2 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92B8F7 6E outs dx, byte ptr es:[edi] 7C92B8F8 0052 74 add [edx+74], dl 7C92B8FB 6C ins byte ptr es:[edi], dx 7C92B8FC 70 57 jo short 7C92B955 7C92B8FE 61 popad 7C92B8FF 697446 6F 72437>imul esi, [esi+eax*2+6F], 69724372 7C92B907 74 69 je short 7C92B972 7C92B909 6361 6C arpl [ecx+6C], sp 7C92B90C 53 push ebx 7C92B90D 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92B912 6E outs dx, byte ptr es:[edi] 7C92B913 0052 74 add [edx+74], dl 7C92B916 6C ins byte ptr es:[edi], dx 7C92B917 78 41 js short 7C92B95A 7C92B919 6E outs dx, byte ptr es:[edi] 7C92B91A 73 69 jnb short 7C92B985 7C92B91C 53 push ebx 7C92B91D 74 72 je short 7C92B991 7C92B91F 696E 67 546F556>imul ebp, [esi+67], 6E556F54 7C92B926 6963 6F 6465536>imul esp, [ebx+6F], 69536564 7C92B92D 7A 65 jpe short 7C92B994 7C92B92F 0052 74 add [edx+74], dl 7C92B932 6C ins byte ptr es:[edi], dx 7C92B933 78 4F js short 7C92B984 7C92B935 65:6D ins dword ptr es:[edi], dx 7C92B937 53 push ebx 7C92B938 74 72 je short 7C92B9AC 7C92B93A 696E 67 546F556>imul ebp, [esi+67], 6E556F54 7C92B941 6963 6F 6465536>imul esp, [ebx+6F], 69536564 7C92B948 7A 65 jpe short 7C92B9AF 7C92B94A 0052 74 add [edx+74], dl 7C92B94D 6C ins byte ptr es:[edi], dx 7C92B94E 78 55 js short 7C92B9A5 7C92B950 6E outs dx, byte ptr es:[edi] 7C92B951 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92B958 72 69 jb short 7C92B9C3 7C92B95A 6E outs dx, byte ptr es:[edi] 7C92B95B 67:54 push esp 7C92B95D 6F outs dx, dword ptr es:[edi] 7C92B95E 41 inc ecx 7C92B95F 6E outs dx, byte ptr es:[edi] 7C92B960 73 69 jnb short 7C92B9CB 7C92B962 53 push ebx 7C92B963 697A 65 0052746>imul edi, [edx+65], 6C745200 7C92B96A 78 55 js short 7C92B9C1 7C92B96C 6E outs dx, byte ptr es:[edi] 7C92B96D 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92B974 72 69 jb short 7C92B9DF 7C92B976 6E outs dx, byte ptr es:[edi] 7C92B977 67:54 push esp 7C92B979 6F outs dx, dword ptr es:[edi] 7C92B97A 4F dec edi 7C92B97B 65:6D ins dword ptr es:[edi], dx 7C92B97D 53 push ebx 7C92B97E 697A 65 0056657>imul edi, [edx+65], 72655600 7C92B985 53 push ebx 7C92B986 65:74 43 je short 7C92B9CC 7C92B989 6F outs dx, dword ptr es:[edi] 7C92B98A 6E outs dx, byte ptr es:[edi] 7C92B98B 64:697469 6F 6E>imul esi, fs:[ecx+ebp*2+6F], 73614D6E 7C92B994 6B00 5A imul eax, [eax], 5A 7C92B997 77 41 ja short 7C92B9DA 7C92B999 6363 65 arpl [ebx+65], sp 7C92B99C 70 74 jo short 7C92BA12 7C92B99E 43 inc ebx 7C92B99F 6F outs dx, dword ptr es:[edi] 7C92B9A0 6E outs dx, byte ptr es:[edi] 7C92B9A1 6E outs dx, byte ptr es:[edi] 7C92B9A2 65:637450 6F arpl gs:[eax+edx*2+6F], si 7C92B9A7 72 74 jb short 7C92BA1D 7C92B9A9 005A 77 add [edx+77], bl 7C92B9AC 41 inc ecx 7C92B9AD 6363 65 arpl [ebx+65], sp 7C92B9B0 73 73 jnb short 7C92BA25 7C92B9B2 43 inc ebx 7C92B9B3 68 65636B00 push 6B6365 7C92B9B8 5A pop edx ; ntdll.7C92E89A 7C92B9B9 77 41 ja short 7C92B9FC 7C92B9BB 6363 65 arpl [ebx+65], sp 7C92B9BE 73 73 jnb short 7C92BA33 7C92B9C0 43 inc ebx 7C92B9C1 68 65636B41 push 416B6365 7C92B9C6 6E outs dx, byte ptr es:[edi] 7C92B9C7 64:41 inc ecx 7C92B9C9 75 64 jnz short 7C92BA2F 7C92B9CB 697441 6C 61726>imul esi, [ecx+eax*2+6C], 6D7261 7C92B9D3 5A pop edx ; ntdll.7C92E89A 7C92B9D4 77 41 ja short 7C92BA17 7C92B9D6 6363 65 arpl [ebx+65], sp 7C92B9D9 73 73 jnb short 7C92BA4E 7C92B9DB 43 inc ebx 7C92B9DC 68 65636B42 push 426B6365 7C92B9E1 79 54 jns short 7C92BA37 7C92B9E3 79 70 jns short 7C92BA55 7C92B9E5 65:005A 77 add gs:[edx+77], bl 7C92B9E9 41 inc ecx 7C92B9EA 6363 65 arpl [ebx+65], sp 7C92B9ED 73 73 jnb short 7C92BA62 7C92B9EF 43 inc ebx 7C92B9F0 68 65636B42 push 426B6365 7C92B9F5 79 54 jns short 7C92BA4B 7C92B9F7 79 70 jns short 7C92BA69 7C92B9F9 65:41 inc ecx 7C92B9FB 6E outs dx, byte ptr es:[edi] 7C92B9FC 64:41 inc ecx 7C92B9FE 75 64 jnz short 7C92BA64 7C92BA00 697441 6C 61726>imul esi, [ecx+eax*2+6C], 6D7261 7C92BA08 5A pop edx ; ntdll.7C92E89A 7C92BA09 77 41 ja short 7C92BA4C 7C92BA0B 6363 65 arpl [ebx+65], sp 7C92BA0E 73 73 jnb short 7C92BA83 7C92BA10 43 inc ebx 7C92BA11 68 65636B42 push 426B6365 7C92BA16 79 54 jns short 7C92BA6C 7C92BA18 79 70 jns short 7C92BA8A 7C92BA1A 65:52 push edx ; msvcrt.77C31AE8 7C92BA1C 65:73 75 jnb short 7C92BA94 7C92BA1F 6C ins byte ptr es:[edi], dx 7C92BA20 74 4C je short 7C92BA6E 7C92BA22 6973 74 005A774>imul esi, [ebx+74], 41775A00 7C92BA29 6363 65 arpl [ebx+65], sp 7C92BA2C 73 73 jnb short 7C92BAA1 7C92BA2E 43 inc ebx 7C92BA2F 68 65636B42 push 426B6365 7C92BA34 79 54 jns short 7C92BA8A 7C92BA36 79 70 jns short 7C92BAA8 7C92BA38 65:52 push edx ; msvcrt.77C31AE8 7C92BA3A 65:73 75 jnb short 7C92BAB2 7C92BA3D 6C ins byte ptr es:[edi], dx 7C92BA3E 74 4C je short 7C92BA8C 7C92BA40 6973 74 416E644>imul esi, [ebx+74], 41646E41 7C92BA47 75 64 jnz short 7C92BAAD 7C92BA49 697441 6C 61726>imul esi, [ecx+eax*2+6C], 6D7261 7C92BA51 5A pop edx ; ntdll.7C92E89A 7C92BA52 77 41 ja short 7C92BA95 7C92BA54 6363 65 arpl [ebx+65], sp 7C92BA57 73 73 jnb short 7C92BACC 7C92BA59 43 inc ebx 7C92BA5A 68 65636B42 push 426B6365 7C92BA5F 79 54 jns short 7C92BAB5 7C92BA61 79 70 jns short 7C92BAD3 7C92BA63 65:52 push edx ; msvcrt.77C31AE8 7C92BA65 65:73 75 jnb short 7C92BADD 7C92BA68 6C ins byte ptr es:[edi], dx 7C92BA69 74 4C je short 7C92BAB7 7C92BA6B 6973 74 416E644>imul esi, [ebx+74], 41646E41 7C92BA72 75 64 jnz short 7C92BAD8 7C92BA74 697441 6C 61726>imul esi, [ecx+eax*2+6C], 426D7261 7C92BA7C 79 48 jns short 7C92BAC6 7C92BA7E 61 popad 7C92BA7F 6E outs dx, byte ptr es:[edi] 7C92BA80 64:6C ins byte ptr es:[edi], dx 7C92BA82 65:005A 77 add gs:[edx+77], bl 7C92BA86 41 inc ecx 7C92BA87 64: prefix fs: 7C92BA88 64:41 inc ecx 7C92BA8A 74 6F je short 7C92BAFB 7C92BA8C 6D ins dword ptr es:[edi], dx 7C92BA8D 005A 77 add [edx+77], bl 7C92BA90 41 inc ecx 7C92BA91 64: prefix fs: 7C92BA92 64:42 inc edx ; msvcrt.77C31AE8 7C92BA94 6F outs dx, dword ptr es:[edi] 7C92BA95 6F outs dx, dword ptr es:[edi] 7C92BA96 74 45 je short 7C92BADD 7C92BA98 6E outs dx, byte ptr es:[edi] 7C92BA99 74 72 je short 7C92BB0D 7C92BA9B 79 00 jns short 7C92BA9D 7C92BA9D 5A pop edx ; ntdll.7C92E89A 7C92BA9E 77 41 ja short 7C92BAE1 7C92BAA0 64:6A 75 push 75 7C92BAA3 73 74 jnb short 7C92BB19 7C92BAA5 47 inc edi 7C92BAA6 72 6F jb short 7C92BB17 7C92BAA8 75 70 jnz short 7C92BB1A 7C92BAAA 73 54 jnb short 7C92BB00 7C92BAAC 6F outs dx, dword ptr es:[edi] 7C92BAAD 6B65 6E 00 imul esp, [ebp+6E], 0 7C92BAB1 5A pop edx ; ntdll.7C92E89A 7C92BAB2 77 41 ja short 7C92BAF5 7C92BAB4 64:6A 75 push 75 7C92BAB7 73 74 jnb short 7C92BB2D 7C92BAB9 50 push eax 7C92BABA 72 69 jb short 7C92BB25 7C92BABC 76 69 jbe short 7C92BB27 7C92BABE 6C ins byte ptr es:[edi], dx 7C92BABF 65: prefix gs: 7C92BAC0 67:65:73 54 jnb short 7C92BB18 7C92BAC4 6F outs dx, dword ptr es:[edi] 7C92BAC5 6B65 6E 00 imul esp, [ebp+6E], 0 7C92BAC9 5A pop edx ; ntdll.7C92E89A 7C92BACA 77 41 ja short 7C92BB0D 7C92BACC 6C ins byte ptr es:[edi], dx 7C92BACD 65:72 74 jb short 7C92BB44 7C92BAD0 52 push edx ; msvcrt.77C31AE8 7C92BAD1 65:73 75 jnb short 7C92BB49 7C92BAD4 6D ins dword ptr es:[edi], dx 7C92BAD5 65:54 push esp 7C92BAD7 68 72656164 push 64616572 7C92BADC 005A 77 add [edx+77], bl 7C92BADF 41 inc ecx 7C92BAE0 6C ins byte ptr es:[edi], dx 7C92BAE1 65:72 74 jb short 7C92BB58 7C92BAE4 54 push esp 7C92BAE5 68 72656164 push 64616572 7C92BAEA 005A 77 add [edx+77], bl 7C92BAED 41 inc ecx 7C92BAEE 6C ins byte ptr es:[edi], dx 7C92BAEF 6C ins byte ptr es:[edi], dx 7C92BAF0 6F outs dx, dword ptr es:[edi] 7C92BAF1 6361 74 arpl [ecx+74], sp 7C92BAF4 65:4C dec esp 7C92BAF6 6F outs dx, dword ptr es:[edi] 7C92BAF7 6361 6C arpl [ecx+6C], sp 7C92BAFA 6C ins byte ptr es:[edi], dx 7C92BAFB 79 55 jns short 7C92BB52 7C92BAFD 6E outs dx, byte ptr es:[edi] 7C92BAFE 6971 75 6549640>imul esi, [ecx+75], 644965 7C92BB05 5A pop edx ; ntdll.7C92E89A 7C92BB06 77 41 ja short 7C92BB49 7C92BB08 6C ins byte ptr es:[edi], dx 7C92BB09 6C ins byte ptr es:[edi], dx 7C92BB0A 6F outs dx, dword ptr es:[edi] 7C92BB0B 6361 74 arpl [ecx+74], sp 7C92BB0E 65:55 push ebp 7C92BB10 73 65 jnb short 7C92BB77 7C92BB12 72 50 jb short 7C92BB64 7C92BB14 68 79736963 push 63697379 7C92BB19 61 popad 7C92BB1A 6C ins byte ptr es:[edi], dx 7C92BB1B 50 push eax 7C92BB1C 61 popad 7C92BB1D 67:65:73 00 jnb short 7C92BB21 7C92BB21 5A pop edx ; ntdll.7C92E89A 7C92BB22 77 41 ja short 7C92BB65 7C92BB24 6C ins byte ptr es:[edi], dx 7C92BB25 6C ins byte ptr es:[edi], dx 7C92BB26 6F outs dx, dword ptr es:[edi] 7C92BB27 6361 74 arpl [ecx+74], sp 7C92BB2A 65:55 push ebp 7C92BB2C 75 69 jnz short 7C92BB97 7C92BB2E 64:73 00 jnb short 7C92BB31 7C92BB31 5A pop edx ; ntdll.7C92E89A 7C92BB32 77 41 ja short 7C92BB75 7C92BB34 6C ins byte ptr es:[edi], dx 7C92BB35 6C ins byte ptr es:[edi], dx 7C92BB36 6F outs dx, dword ptr es:[edi] 7C92BB37 6361 74 arpl [ecx+74], sp 7C92BB3A 65:56 push esi ; ntdll.ZwTerminateProcess 7C92BB3C 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C92BB43 65:6D ins dword ptr es:[edi], dx 7C92BB45 6F outs dx, dword ptr es:[edi] 7C92BB46 72 79 jb short 7C92BBC1 7C92BB48 005A 77 add [edx+77], bl 7C92BB4B 41 inc ecx 7C92BB4C 72 65 jb short 7C92BBB3 7C92BB4E 4D dec ebp 7C92BB4F 61 popad 7C92BB50 70 70 jo short 7C92BBC2 7C92BB52 65: prefix gs: 7C92BB53 64:46 inc esi ; ntdll.ZwTerminateProcess 7C92BB55 696C65 73 54686>imul ebp, [ebp+73], 53656854 7C92BB5D 61 popad 7C92BB5E 6D ins dword ptr es:[edi], dx 7C92BB5F 65:005A 77 add gs:[edx+77], bl 7C92BB63 41 inc ecx 7C92BB64 73 73 jnb short 7C92BBD9 7C92BB66 6967 6E 50726F6>imul esp, [edi+6E], 636F7250 7C92BB6D 65:73 73 jnb short 7C92BBE3 7C92BB70 54 push esp 7C92BB71 6F outs dx, dword ptr es:[edi] 7C92BB72 4A dec edx ; msvcrt.77C31AE8 7C92BB73 6F outs dx, dword ptr es:[edi] 7C92BB74 624F 62 bound ecx, [edi+62] 7C92BB77 6A 65 push 65 7C92BB79 637400 5A arpl [eax+eax+5A], si 7C92BB7D 77 43 ja short 7C92BBC2 7C92BB7F 61 popad 7C92BB80 6C ins byte ptr es:[edi], dx 7C92BB81 6C ins byte ptr es:[edi], dx 7C92BB82 6261 63 bound esp, [ecx+63] 7C92BB85 6B52 65 74 imul edx, [edx+65], 74 7C92BB89 75 72 jnz short 7C92BBFD 7C92BB8B 6E outs dx, byte ptr es:[edi] 7C92BB8C 005A 77 add [edx+77], bl 7C92BB8F 43 inc ebx 7C92BB90 61 popad 7C92BB91 6E outs dx, byte ptr es:[edi] 7C92BB92 6365 6C arpl [ebp+6C], sp 7C92BB95 44 inc esp 7C92BB96 65:76 69 jbe short 7C92BC02 7C92BB99 6365 57 arpl [ebp+57], sp 7C92BB9C 61 popad 7C92BB9D 6B65 75 70 imul esp, [ebp+75], 70 7C92BBA1 52 push edx ; msvcrt.77C31AE8 7C92BBA2 65:71 75 jno short 7C92BC1A 7C92BBA5 65:73 74 jnb short 7C92BC1C 7C92BBA8 005A 77 add [edx+77], bl 7C92BBAB 43 inc ebx 7C92BBAC 61 popad 7C92BBAD 6E outs dx, byte ptr es:[edi] 7C92BBAE 6365 6C arpl [ebp+6C], sp 7C92BBB1 49 dec ecx 7C92BBB2 6F outs dx, dword ptr es:[edi] 7C92BBB3 46 inc esi ; ntdll.ZwTerminateProcess 7C92BBB4 696C65 00 5A774>imul ebp, [ebp], 6143775A 7C92BBBC 6E outs dx, byte ptr es:[edi] 7C92BBBD 6365 6C arpl [ebp+6C], sp 7C92BBC0 54 push esp 7C92BBC1 696D 65 72005A7>imul ebp, [ebp+65], 775A0072 7C92BBC8 43 inc ebx 7C92BBC9 6C ins byte ptr es:[edi], dx 7C92BBCA 65:61 popad 7C92BBCC 72 45 jb short 7C92BC13 7C92BBCE 76 65 jbe short 7C92BC35 7C92BBD0 6E outs dx, byte ptr es:[edi] 7C92BBD1 74 00 je short 7C92BBD3 7C92BBD3 5A pop edx ; ntdll.7C92E89A 7C92BBD4 77 43 ja short 7C92BC19 7C92BBD6 6C ins byte ptr es:[edi], dx 7C92BBD7 6F outs dx, dword ptr es:[edi] 7C92BBD8 73 65 jnb short 7C92BC3F 7C92BBDA 005A 77 add [edx+77], bl 7C92BBDD 43 inc ebx 7C92BBDE 6C ins byte ptr es:[edi], dx 7C92BBDF 6F outs dx, dword ptr es:[edi] 7C92BBE0 73 65 jnb short 7C92BC47 7C92BBE2 4F dec edi 7C92BBE3 626A 65 bound ebp, [edx+65] 7C92BBE6 637441 75 arpl [ecx+eax*2+75], si 7C92BBEA 64:697441 6C 61>imul esi, fs:[ecx+eax*2+6C], 6D7261 7C92BBF3 5A pop edx ; ntdll.7C92E89A 7C92BBF4 77 43 ja short 7C92BC39 7C92BBF6 6F outs dx, dword ptr es:[edi] 7C92BBF7 6D ins dword ptr es:[edi], dx 7C92BBF8 70 61 jo short 7C92BC5B 7C92BBFA 63744B 65 arpl [ebx+ecx*2+65], si 7C92BBFE 79 73 jns short 7C92BC73 7C92BC00 005A 77 add [edx+77], bl 7C92BC03 43 inc ebx 7C92BC04 6F outs dx, dword ptr es:[edi] 7C92BC05 6D ins dword ptr es:[edi], dx 7C92BC06 70 61 jo short 7C92BC69 7C92BC08 72 65 jb short 7C92BC6F 7C92BC0A 54 push esp 7C92BC0B 6F outs dx, dword ptr es:[edi] 7C92BC0C 6B65 6E 73 imul esp, [ebp+6E], 73 7C92BC10 005A 77 add [edx+77], bl 7C92BC13 43 inc ebx 7C92BC14 6F outs dx, dword ptr es:[edi] 7C92BC15 6D ins dword ptr es:[edi], dx 7C92BC16 70 6C jo short 7C92BC84 7C92BC18 65:74 65 je short 7C92BC80 7C92BC1B 43 inc ebx 7C92BC1C 6F outs dx, dword ptr es:[edi] 7C92BC1D 6E outs dx, byte ptr es:[edi] 7C92BC1E 6E outs dx, byte ptr es:[edi] 7C92BC1F 65:637450 6F arpl gs:[eax+edx*2+6F], si 7C92BC24 72 74 jb short 7C92BC9A 7C92BC26 005A 77 add [edx+77], bl 7C92BC29 43 inc ebx 7C92BC2A 6F outs dx, dword ptr es:[edi] 7C92BC2B 6D ins dword ptr es:[edi], dx 7C92BC2C 70 72 jo short 7C92BCA0 7C92BC2E 65:73 73 jnb short 7C92BCA4 7C92BC31 4B dec ebx 7C92BC32 65:79 00 jns short 7C92BC35 7C92BC35 5A pop edx ; ntdll.7C92E89A 7C92BC36 77 43 ja short 7C92BC7B 7C92BC38 6F outs dx, dword ptr es:[edi] 7C92BC39 6E outs dx, byte ptr es:[edi] 7C92BC3A 6E outs dx, byte ptr es:[edi] 7C92BC3B 65:637450 6F arpl gs:[eax+edx*2+6F], si 7C92BC40 72 74 jb short 7C92BCB6 7C92BC42 005A 77 add [edx+77], bl 7C92BC45 43 inc ebx 7C92BC46 6F outs dx, dword ptr es:[edi] 7C92BC47 6E outs dx, byte ptr es:[edi] 7C92BC48 74 69 je short 7C92BCB3 7C92BC4A 6E outs dx, byte ptr es:[edi] 7C92BC4B 75 65 jnz short 7C92BCB2 7C92BC4D 005A 77 add [edx+77], bl 7C92BC50 43 inc ebx 7C92BC51 72 65 jb short 7C92BCB8 7C92BC53 61 popad 7C92BC54 74 65 je short 7C92BCBB 7C92BC56 44 inc esp 7C92BC57 65:6275 67 bound esi, gs:[ebp+67] 7C92BC5B 4F dec edi 7C92BC5C 626A 65 bound ebp, [edx+65] 7C92BC5F 637400 5A arpl [eax+eax+5A], si 7C92BC63 77 43 ja short 7C92BCA8 7C92BC65 72 65 jb short 7C92BCCC 7C92BC67 61 popad 7C92BC68 74 65 je short 7C92BCCF 7C92BC6A 44 inc esp 7C92BC6B 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C92BC72 79 4F jns short 7C92BCC3 7C92BC74 626A 65 bound ebp, [edx+65] 7C92BC77 637400 5A arpl [eax+eax+5A], si 7C92BC7B 77 43 ja short 7C92BCC0 7C92BC7D 72 65 jb short 7C92BCE4 7C92BC7F 61 popad 7C92BC80 74 65 je short 7C92BCE7 7C92BC82 45 inc ebp 7C92BC83 76 65 jbe short 7C92BCEA 7C92BC85 6E outs dx, byte ptr es:[edi] 7C92BC86 74 00 je short 7C92BC88 7C92BC88 5A pop edx ; ntdll.7C92E89A 7C92BC89 77 43 ja short 7C92BCCE 7C92BC8B 72 65 jb short 7C92BCF2 7C92BC8D 61 popad 7C92BC8E 74 65 je short 7C92BCF5 7C92BC90 45 inc ebp 7C92BC91 76 65 jbe short 7C92BCF8 7C92BC93 6E outs dx, byte ptr es:[edi] 7C92BC94 74 50 je short 7C92BCE6 7C92BC96 61 popad 7C92BC97 6972 00 5A77437>imul esi, [edx], 7243775A ; ntdll.7C99C8E0 7C92BC9E 65:61 popad 7C92BCA0 74 65 je short 7C92BD07 7C92BCA2 46 inc esi ; ntdll.ZwTerminateProcess 7C92BCA3 696C65 00 5A774>imul ebp, [ebp], 7243775A 7C92BCAB 65:61 popad 7C92BCAD 74 65 je short 7C92BD14 7C92BCAF 49 dec ecx 7C92BCB0 6F outs dx, dword ptr es:[edi] 7C92BCB1 43 inc ebx 7C92BCB2 6F outs dx, dword ptr es:[edi] 7C92BCB3 6D ins dword ptr es:[edi], dx 7C92BCB4 70 6C jo short 7C92BD22 7C92BCB6 65:74 69 je short 7C92BD22 7C92BCB9 6F outs dx, dword ptr es:[edi] 7C92BCBA 6E outs dx, byte ptr es:[edi] 7C92BCBB 005A 77 add [edx+77], bl 7C92BCBE 43 inc ebx 7C92BCBF 72 65 jb short 7C92BD26 7C92BCC1 61 popad 7C92BCC2 74 65 je short 7C92BD29 7C92BCC4 4A dec edx ; msvcrt.77C31AE8 7C92BCC5 6F outs dx, dword ptr es:[edi] 7C92BCC6 624F 62 bound ecx, [edi+62] 7C92BCC9 6A 65 push 65 7C92BCCB 637400 5A arpl [eax+eax+5A], si 7C92BCCF 77 43 ja short 7C92BD14 7C92BCD1 72 65 jb short 7C92BD38 7C92BCD3 61 popad 7C92BCD4 74 65 je short 7C92BD3B 7C92BCD6 4A dec edx ; msvcrt.77C31AE8 7C92BCD7 6F outs dx, dword ptr es:[edi] 7C92BCD8 6253 65 bound edx, [ebx+65] 7C92BCDB 74 00 je short 7C92BCDD 7C92BCDD 5A pop edx ; ntdll.7C92E89A 7C92BCDE 77 43 ja short 7C92BD23 7C92BCE0 72 65 jb short 7C92BD47 7C92BCE2 61 popad 7C92BCE3 74 65 je short 7C92BD4A 7C92BCE5 4B dec ebx 7C92BCE6 65:79 00 jns short 7C92BCE9 7C92BCE9 5A pop edx ; ntdll.7C92E89A 7C92BCEA 77 43 ja short 7C92BD2F 7C92BCEC 72 65 jb short 7C92BD53 7C92BCEE 61 popad 7C92BCEF 74 65 je short 7C92BD56 7C92BCF1 4B dec ebx 7C92BCF2 65:79 65 jns short 7C92BD5A 7C92BCF5 64:45 inc ebp 7C92BCF7 76 65 jbe short 7C92BD5E 7C92BCF9 6E outs dx, byte ptr es:[edi] 7C92BCFA 74 00 je short 7C92BCFC 7C92BCFC 5A pop edx ; ntdll.7C92E89A 7C92BCFD 77 43 ja short 7C92BD42 7C92BCFF 72 65 jb short 7C92BD66 7C92BD01 61 popad 7C92BD02 74 65 je short 7C92BD69 7C92BD04 4D dec ebp 7C92BD05 61 popad 7C92BD06 696C73 6C 6F744>imul ebp, [ebx+esi*2+6C], 6946746F 7C92BD0E 6C ins byte ptr es:[edi], dx 7C92BD0F 65:005A 77 add gs:[edx+77], bl 7C92BD13 43 inc ebx 7C92BD14 72 65 jb short 7C92BD7B 7C92BD16 61 popad 7C92BD17 74 65 je short 7C92BD7E 7C92BD19 4D dec ebp 7C92BD1A 75 74 jnz short 7C92BD90 7C92BD1C 61 popad 7C92BD1D 6E outs dx, byte ptr es:[edi] 7C92BD1E 74 00 je short 7C92BD20 7C92BD20 5A pop edx ; ntdll.7C92E89A 7C92BD21 77 43 ja short 7C92BD66 7C92BD23 72 65 jb short 7C92BD8A 7C92BD25 61 popad 7C92BD26 74 65 je short 7C92BD8D 7C92BD28 4E dec esi ; ntdll.ZwTerminateProcess 7C92BD29 61 popad 7C92BD2A 6D ins dword ptr es:[edi], dx 7C92BD2B 65: prefix gs: 7C92BD2C 64:50 push eax 7C92BD2E 6970 65 46696C6>imul esi, [eax+65], 656C6946 7C92BD35 005A 77 add [edx+77], bl 7C92BD38 43 inc ebx 7C92BD39 72 65 jb short 7C92BDA0 7C92BD3B 61 popad 7C92BD3C 74 65 je short 7C92BDA3 7C92BD3E 50 push eax 7C92BD3F 61 popad 7C92BD40 67:696E 67 4669>imul ebp, [bp+67], 656C6946 7C92BD48 005A 77 add [edx+77], bl 7C92BD4B 43 inc ebx 7C92BD4C 72 65 jb short 7C92BDB3 7C92BD4E 61 popad 7C92BD4F 74 65 je short 7C92BDB6 7C92BD51 50 push eax 7C92BD52 6F outs dx, dword ptr es:[edi] 7C92BD53 72 74 jb short 7C92BDC9 7C92BD55 005A 77 add [edx+77], bl 7C92BD58 43 inc ebx 7C92BD59 72 65 jb short 7C92BDC0 7C92BD5B 61 popad 7C92BD5C 74 65 je short 7C92BDC3 7C92BD5E 50 push eax 7C92BD5F 72 6F jb short 7C92BDD0 7C92BD61 6365 73 arpl [ebp+73], sp 7C92BD64 73 00 jnb short 7C92BD66 7C92BD66 5A pop edx ; ntdll.7C92E89A 7C92BD67 77 43 ja short 7C92BDAC 7C92BD69 72 65 jb short 7C92BDD0 7C92BD6B 61 popad 7C92BD6C 74 65 je short 7C92BDD3 7C92BD6E 50 push eax 7C92BD6F 72 6F jb short 7C92BDE0 7C92BD71 6365 73 arpl [ebp+73], sp 7C92BD74 73 45 jnb short 7C92BDBB 7C92BD76 78 00 js short 7C92BD78 7C92BD78 5A pop edx ; ntdll.7C92E89A 7C92BD79 77 43 ja short 7C92BDBE 7C92BD7B 72 65 jb short 7C92BDE2 7C92BD7D 61 popad 7C92BD7E 74 65 je short 7C92BDE5 7C92BD80 50 push eax 7C92BD81 72 6F jb short 7C92BDF2 7C92BD83 66:696C65 00 5A>imul bp, [ebp], 775A 7C92BD8A 43 inc ebx 7C92BD8B 72 65 jb short 7C92BDF2 7C92BD8D 61 popad 7C92BD8E 74 65 je short 7C92BDF5 7C92BD90 53 push ebx 7C92BD91 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92BD96 6E outs dx, byte ptr es:[edi] 7C92BD97 005A 77 add [edx+77], bl 7C92BD9A 43 inc ebx 7C92BD9B 72 65 jb short 7C92BE02 7C92BD9D 61 popad 7C92BD9E 74 65 je short 7C92BE05 7C92BDA0 53 push ebx 7C92BDA1 65:6D ins dword ptr es:[edi], dx 7C92BDA3 61 popad 7C92BDA4 70 68 jo short 7C92BE0E 7C92BDA6 6F outs dx, dword ptr es:[edi] 7C92BDA7 72 65 jb short 7C92BE0E 7C92BDA9 005A 77 add [edx+77], bl 7C92BDAC 43 inc ebx 7C92BDAD 72 65 jb short 7C92BE14 7C92BDAF 61 popad 7C92BDB0 74 65 je short 7C92BE17 7C92BDB2 53 push ebx 7C92BDB3 79 6D jns short 7C92BE22 7C92BDB5 626F 6C bound ebp, [edi+6C] 7C92BDB8 6963 4C 696E6B4>imul esp, [ebx+4C], 4F6B6E69 7C92BDBF 626A 65 bound ebp, [edx+65] 7C92BDC2 637400 5A arpl [eax+eax+5A], si 7C92BDC6 77 43 ja short 7C92BE0B 7C92BDC8 72 65 jb short 7C92BE2F 7C92BDCA 61 popad 7C92BDCB 74 65 je short 7C92BE32 7C92BDCD 54 push esp 7C92BDCE 68 72656164 push 64616572 7C92BDD3 005A 77 add [edx+77], bl 7C92BDD6 43 inc ebx 7C92BDD7 72 65 jb short 7C92BE3E 7C92BDD9 61 popad 7C92BDDA 74 65 je short 7C92BE41 7C92BDDC 54 push esp 7C92BDDD 696D 65 72005A7>imul ebp, [ebp+65], 775A0072 7C92BDE4 43 inc ebx 7C92BDE5 72 65 jb short 7C92BE4C 7C92BDE7 61 popad 7C92BDE8 74 65 je short 7C92BE4F 7C92BDEA 54 push esp 7C92BDEB 6F outs dx, dword ptr es:[edi] 7C92BDEC 6B65 6E 00 imul esp, [ebp+6E], 0 7C92BDF0 5A pop edx ; ntdll.7C92E89A 7C92BDF1 77 43 ja short 7C92BE36 7C92BDF3 72 65 jb short 7C92BE5A 7C92BDF5 61 popad 7C92BDF6 74 65 je short 7C92BE5D 7C92BDF8 57 push edi 7C92BDF9 61 popad 7C92BDFA 697461 62 6C655>imul esi, [ecx+62], 6F50656C 7C92BE02 72 74 jb short 7C92BE78 7C92BE04 005A 77 add [edx+77], bl 7C92BE07 44 inc esp 7C92BE08 65:6275 67 bound esi, gs:[ebp+67] 7C92BE0C 41 inc ecx 7C92BE0D 637469 76 arpl [ecx+ebp*2+76], si 7C92BE11 65:50 push eax 7C92BE13 72 6F jb short 7C92BE84 7C92BE15 6365 73 arpl [ebp+73], sp 7C92BE18 73 00 jnb short 7C92BE1A 7C92BE1A 5A pop edx ; ntdll.7C92E89A 7C92BE1B 77 44 ja short 7C92BE61 7C92BE1D 65:6275 67 bound esi, gs:[ebp+67] 7C92BE21 43 inc ebx 7C92BE22 6F outs dx, dword ptr es:[edi] 7C92BE23 6E outs dx, byte ptr es:[edi] 7C92BE24 74 69 je short 7C92BE8F 7C92BE26 6E outs dx, byte ptr es:[edi] 7C92BE27 75 65 jnz short 7C92BE8E 7C92BE29 005A 77 add [edx+77], bl 7C92BE2C 44 inc esp 7C92BE2D 65:6C ins byte ptr es:[edi], dx 7C92BE2F 61 popad 7C92BE30 79 45 jns short 7C92BE77 7C92BE32 78 65 js short 7C92BE99 7C92BE34 6375 74 arpl [ebp+74], si 7C92BE37 696F 6E 005A774>imul ebp, [edi+6E], 44775A00 7C92BE3E 65:6C ins byte ptr es:[edi], dx 7C92BE40 65:74 65 je short 7C92BEA8 7C92BE43 41 inc ecx 7C92BE44 74 6F je short 7C92BEB5 7C92BE46 6D ins dword ptr es:[edi], dx 7C92BE47 005A 77 add [edx+77], bl 7C92BE4A 44 inc esp 7C92BE4B 65:6C ins byte ptr es:[edi], dx 7C92BE4D 65:74 65 je short 7C92BEB5 7C92BE50 42 inc edx ; msvcrt.77C31AE8 7C92BE51 6F outs dx, dword ptr es:[edi] 7C92BE52 6F outs dx, dword ptr es:[edi] 7C92BE53 74 45 je short 7C92BE9A 7C92BE55 6E outs dx, byte ptr es:[edi] 7C92BE56 74 72 je short 7C92BECA 7C92BE58 79 00 jns short 7C92BE5A 7C92BE5A 5A pop edx ; ntdll.7C92E89A 7C92BE5B 77 44 ja short 7C92BEA1 7C92BE5D 65:6C ins byte ptr es:[edi], dx 7C92BE5F 65:74 65 je short 7C92BEC7 7C92BE62 46 inc esi ; ntdll.ZwTerminateProcess 7C92BE63 696C65 00 5A774>imul ebp, [ebp], 6544775A 7C92BE6B 6C ins byte ptr es:[edi], dx 7C92BE6C 65:74 65 je short 7C92BED4 7C92BE6F 4B dec ebx 7C92BE70 65:79 00 jns short 7C92BE73 7C92BE73 5A pop edx ; ntdll.7C92E89A 7C92BE74 77 44 ja short 7C92BEBA 7C92BE76 65:6C ins byte ptr es:[edi], dx 7C92BE78 65:74 65 je short 7C92BEE0 7C92BE7B 4F dec edi 7C92BE7C 626A 65 bound ebp, [edx+65] 7C92BE7F 637441 75 arpl [ecx+eax*2+75], si 7C92BE83 64:697441 6C 61>imul esi, fs:[ecx+eax*2+6C], 6D7261 7C92BE8C 5A pop edx ; ntdll.7C92E89A 7C92BE8D 77 44 ja short 7C92BED3 7C92BE8F 65:6C ins byte ptr es:[edi], dx 7C92BE91 65:74 65 je short 7C92BEF9 7C92BE94 56 push esi ; ntdll.ZwTerminateProcess 7C92BE95 61 popad 7C92BE96 6C ins byte ptr es:[edi], dx 7C92BE97 75 65 jnz short 7C92BEFE 7C92BE99 4B dec ebx 7C92BE9A 65:79 00 jns short 7C92BE9D 7C92BE9D 5A pop edx ; ntdll.7C92E89A 7C92BE9E 77 44 ja short 7C92BEE4 7C92BEA0 65:76 69 jbe short 7C92BF0C 7C92BEA3 6365 49 arpl [ebp+49], sp 7C92BEA6 6F outs dx, dword ptr es:[edi] 7C92BEA7 43 inc ebx 7C92BEA8 6F outs dx, dword ptr es:[edi] 7C92BEA9 6E outs dx, byte ptr es:[edi] 7C92BEAA 74 72 je short 7C92BF1E 7C92BEAC 6F outs dx, dword ptr es:[edi] 7C92BEAD 6C ins byte ptr es:[edi], dx 7C92BEAE 46 inc esi ; ntdll.ZwTerminateProcess 7C92BEAF 696C65 00 5A774>imul ebp, [ebp], 6944775A 7C92BEB7 73 70 jnb short 7C92BF29 7C92BEB9 6C ins byte ptr es:[edi], dx 7C92BEBA 61 popad 7C92BEBB 79 53 jns short 7C92BF10 7C92BEBD 74 72 je short 7C92BF31 7C92BEBF 696E 67 005A774>imul ebp, [esi+67], 44775A00 7C92BEC6 75 70 jnz short 7C92BF38 7C92BEC8 6C ins byte ptr es:[edi], dx 7C92BEC9 6963 61 74654F6>imul esp, [ebx+61], 624F6574 7C92BED0 6A 65 push 65 7C92BED2 637400 5A arpl [eax+eax+5A], si 7C92BED6 77 44 ja short 7C92BF1C 7C92BED8 75 70 jnz short 7C92BF4A 7C92BEDA 6C ins byte ptr es:[edi], dx 7C92BEDB 6963 61 7465546>imul esp, [ebx+61], 6F546574 7C92BEE2 6B65 6E 00 imul esp, [ebp+6E], 0 7C92BEE6 5A pop edx ; ntdll.7C92E89A 7C92BEE7 77 45 ja short 7C92BF2E 7C92BEE9 6E outs dx, byte ptr es:[edi] 7C92BEEA 75 6D jnz short 7C92BF59 7C92BEEC 65:72 61 jb short 7C92BF50 7C92BEEF 74 65 je short 7C92BF56 7C92BEF1 42 inc edx ; msvcrt.77C31AE8 7C92BEF2 6F outs dx, dword ptr es:[edi] 7C92BEF3 6F outs dx, dword ptr es:[edi] 7C92BEF4 74 45 je short 7C92BF3B 7C92BEF6 6E outs dx, byte ptr es:[edi] 7C92BEF7 74 72 je short 7C92BF6B 7C92BEF9 6965 73 005A774>imul esp, [ebp+73], 45775A00 7C92BF00 6E outs dx, byte ptr es:[edi] 7C92BF01 75 6D jnz short 7C92BF70 7C92BF03 65:72 61 jb short 7C92BF67 7C92BF06 74 65 je short 7C92BF6D 7C92BF08 4B dec ebx 7C92BF09 65:79 00 jns short 7C92BF0C 7C92BF0C 5A pop edx ; ntdll.7C92E89A 7C92BF0D 77 45 ja short 7C92BF54 7C92BF0F 6E outs dx, byte ptr es:[edi] 7C92BF10 75 6D jnz short 7C92BF7F 7C92BF12 65:72 61 jb short 7C92BF76 7C92BF15 74 65 je short 7C92BF7C 7C92BF17 53 push ebx 7C92BF18 79 73 jns short 7C92BF8D 7C92BF1A 74 65 je short 7C92BF81 7C92BF1C 6D ins dword ptr es:[edi], dx 7C92BF1D 45 inc ebp 7C92BF1E 6E outs dx, byte ptr es:[edi] 7C92BF1F 76 69 jbe short 7C92BF8A 7C92BF21 72 6F jb short 7C92BF92 7C92BF23 6E outs dx, byte ptr es:[edi] 7C92BF24 6D ins dword ptr es:[edi], dx 7C92BF25 65:6E outs dx, byte ptr es:[edi] 7C92BF27 74 56 je short 7C92BF7F 7C92BF29 61 popad 7C92BF2A 6C ins byte ptr es:[edi], dx 7C92BF2B 75 65 jnz short 7C92BF92 7C92BF2D 73 45 jnb short 7C92BF74 7C92BF2F 78 00 js short 7C92BF31 7C92BF31 5A pop edx ; ntdll.7C92E89A 7C92BF32 77 45 ja short 7C92BF79 7C92BF34 6E outs dx, byte ptr es:[edi] 7C92BF35 75 6D jnz short 7C92BFA4 7C92BF37 65:72 61 jb short 7C92BF9B 7C92BF3A 74 65 je short 7C92BFA1 7C92BF3C 56 push esi ; ntdll.ZwTerminateProcess 7C92BF3D 61 popad 7C92BF3E 6C ins byte ptr es:[edi], dx 7C92BF3F 75 65 jnz short 7C92BFA6 7C92BF41 4B dec ebx 7C92BF42 65:79 00 jns short 7C92BF45 7C92BF45 5A pop edx ; ntdll.7C92E89A 7C92BF46 77 45 ja short 7C92BF8D 7C92BF48 78 74 js short 7C92BFBE 7C92BF4A 65:6E outs dx, byte ptr es:[edi] 7C92BF4C 64:53 push ebx 7C92BF4E 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92BF53 6E outs dx, byte ptr es:[edi] 7C92BF54 005A 77 add [edx+77], bl 7C92BF57 46 inc esi ; ntdll.ZwTerminateProcess 7C92BF58 696C74 65 72546>imul ebp, [esp+esi*2+65], 6B6F5472 7C92BF60 65:6E outs dx, byte ptr es:[edi] 7C92BF62 005A 77 add [edx+77], bl 7C92BF65 46 inc esi ; ntdll.ZwTerminateProcess 7C92BF66 696E 64 41746F6>imul ebp, [esi+64], 6D6F7441 7C92BF6D 005A 77 add [edx+77], bl 7C92BF70 46 inc esi ; ntdll.ZwTerminateProcess 7C92BF71 6C ins byte ptr es:[edi], dx 7C92BF72 75 73 jnz short 7C92BFE7 7C92BF74 68 42756666 push 66667542 7C92BF79 65:72 73 jb short 7C92BFEF 7C92BF7C 46 inc esi ; ntdll.ZwTerminateProcess 7C92BF7D 696C65 00 5A774>imul ebp, [ebp], 6C46775A 7C92BF85 75 73 jnz short 7C92BFFA 7C92BF87 68 496E7374 push 74736E49 7C92BF8C 72 75 jb short 7C92C003 7C92BF8E 637469 6F arpl [ecx+ebp*2+6F], si 7C92BF92 6E outs dx, byte ptr es:[edi] 7C92BF93 43 inc ebx 7C92BF94 61 popad 7C92BF95 6368 65 arpl [eax+65], bp 7C92BF98 005A 77 add [edx+77], bl 7C92BF9B 46 inc esi ; ntdll.ZwTerminateProcess 7C92BF9C 6C ins byte ptr es:[edi], dx 7C92BF9D 75 73 jnz short 7C92C012 7C92BF9F 68 4B657900 push 79654B 7C92BFA4 5A pop edx ; ntdll.7C92E89A 7C92BFA5 77 46 ja short 7C92BFED 7C92BFA7 6C ins byte ptr es:[edi], dx 7C92BFA8 75 73 jnz short 7C92C01D 7C92BFAA 68 56697274 push 74726956 7C92BFAF 75 61 jnz short 7C92C012 7C92BFB1 6C ins byte ptr es:[edi], dx 7C92BFB2 4D dec ebp 7C92BFB3 65:6D ins dword ptr es:[edi], dx 7C92BFB5 6F outs dx, dword ptr es:[edi] 7C92BFB6 72 79 jb short 7C92C031 7C92BFB8 005A 77 add [edx+77], bl 7C92BFBB 46 inc esi ; ntdll.ZwTerminateProcess 7C92BFBC 6C ins byte ptr es:[edi], dx 7C92BFBD 75 73 jnz short 7C92C032 7C92BFBF 68 57726974 push 74697257 7C92BFC4 65:42 inc edx ; msvcrt.77C31AE8 7C92BFC6 75 66 jnz short 7C92C02E 7C92BFC8 66:65:72 00 jb short 0000BFCC 7C92BFCC 5A pop edx ; ntdll.7C92E89A 7C92BFCD 77 46 ja short 7C92C015 7C92BFCF 72 65 jb short 7C92C036 7C92BFD1 65:55 push ebp 7C92BFD3 73 65 jnb short 7C92C03A 7C92BFD5 72 50 jb short 7C92C027 7C92BFD7 68 79736963 push 63697379 7C92BFDC 61 popad 7C92BFDD 6C ins byte ptr es:[edi], dx 7C92BFDE 50 push eax 7C92BFDF 61 popad 7C92BFE0 67:65:73 00 jnb short 7C92BFE4 7C92BFE4 5A pop edx ; ntdll.7C92E89A 7C92BFE5 77 46 ja short 7C92C02D 7C92BFE7 72 65 jb short 7C92C04E 7C92BFE9 65:56 push esi ; ntdll.ZwTerminateProcess 7C92BFEB 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C92BFF2 65:6D ins dword ptr es:[edi], dx 7C92BFF4 6F outs dx, dword ptr es:[edi] 7C92BFF5 72 79 jb short 7C92C070 7C92BFF7 005A 77 add [edx+77], bl 7C92BFFA 46 inc esi ; ntdll.ZwTerminateProcess 7C92BFFB 73 43 jnb short 7C92C040 7C92BFFD 6F outs dx, dword ptr es:[edi] 7C92BFFE 6E outs dx, byte ptr es:[edi] 7C92BFFF 74 72 je short 7C92C073 7C92C001 6F outs dx, dword ptr es:[edi] 7C92C002 6C ins byte ptr es:[edi], dx 7C92C003 46 inc esi ; ntdll.ZwTerminateProcess 7C92C004 696C65 00 5A774>imul ebp, [ebp], 6547775A 7C92C00C 74 43 je short 7C92C051 7C92C00E 6F outs dx, dword ptr es:[edi] 7C92C00F 6E outs dx, byte ptr es:[edi] 7C92C010 74 65 je short 7C92C077 7C92C012 78 74 js short 7C92C088 7C92C014 54 push esp 7C92C015 68 72656164 push 64616572 7C92C01A 005A 77 add [edx+77], bl 7C92C01D 47 inc edi 7C92C01E 65:74 44 je short 7C92C065 7C92C021 65:76 69 jbe short 7C92C08D 7C92C024 6365 50 arpl [ebp+50], sp 7C92C027 6F outs dx, dword ptr es:[edi] 7C92C028 77 65 ja short 7C92C08F 7C92C02A 72 53 jb short 7C92C07F 7C92C02C 74 61 je short 7C92C08F 7C92C02E 74 65 je short 7C92C095 7C92C030 005A 77 add [edx+77], bl 7C92C033 47 inc edi 7C92C034 65:74 50 je short 7C92C087 7C92C037 6C ins byte ptr es:[edi], dx 7C92C038 75 67 jnz short 7C92C0A1 7C92C03A 50 push eax 7C92C03B 6C ins byte ptr es:[edi], dx 7C92C03C 61 popad 7C92C03D 79 45 jns short 7C92C084 7C92C03F 76 65 jbe short 7C92C0A6 7C92C041 6E outs dx, byte ptr es:[edi] 7C92C042 74 00 je short 7C92C044 7C92C044 5A pop edx ; ntdll.7C92E89A |
|
[讨论]程序分析!
7C92AC73 74 6C je short 7C92ACE1 7C92AC75 51 push ecx 7C92AC76 75 65 jnz short 7C92ACDD 7C92AC78 72 79 jb short 7C92ACF3 7C92AC7A 53 push ebx 7C92AC7B 65:6375 72 arpl gs:[ebp+72], si 7C92AC7F 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C92AC87 74 00 je short 7C92AC89 7C92AC89 52 push edx ; msvcrt.77C31AE8 7C92AC8A 74 6C je short 7C92ACF8 7C92AC8C 51 push ecx 7C92AC8D 75 65 jnz short 7C92ACF4 7C92AC8F 72 79 jb short 7C92AD0A 7C92AC91 54 push esp 7C92AC92 61 popad 7C92AC93 67:48 dec eax 7C92AC95 65:61 popad 7C92AC97 70 00 jo short 7C92AC99 7C92AC99 52 push edx ; msvcrt.77C31AE8 7C92AC9A 74 6C je short 7C92AD08 7C92AC9C 51 push ecx 7C92AC9D 75 65 jnz short 7C92AD04 7C92AC9F 72 79 jb short 7C92AD1A 7C92ACA1 54 push esp 7C92ACA2 696D 65 5A6F6E6>imul ebp, [ebp+65], 656E6F5A 7C92ACA9 49 dec ecx 7C92ACAA 6E outs dx, byte ptr es:[edi] 7C92ACAB 66:6F outs dx, word ptr es:[edi] 7C92ACAD 72 6D jb short 7C92AD1C 7C92ACAF 61 popad 7C92ACB0 74 69 je short 7C92AD1B 7C92ACB2 6F outs dx, dword ptr es:[edi] 7C92ACB3 6E outs dx, byte ptr es:[edi] 7C92ACB4 0052 74 add [edx+74], dl 7C92ACB7 6C ins byte ptr es:[edi], dx 7C92ACB8 51 push ecx 7C92ACB9 75 65 jnz short 7C92AD20 7C92ACBB 75 65 jnz short 7C92AD22 7C92ACBD 41 inc ecx 7C92ACBE 70 63 jo short 7C92AD23 7C92ACC0 57 push edi 7C92ACC1 6F outs dx, dword ptr es:[edi] 7C92ACC2 77 36 ja short 7C92ACFA 7C92ACC4 34 54 xor al, 54 7C92ACC6 68 72656164 push 64616572 7C92ACCB 0052 74 add [edx+74], dl 7C92ACCE 6C ins byte ptr es:[edi], dx 7C92ACCF 51 push ecx 7C92ACD0 75 65 jnz short 7C92AD37 7C92ACD2 75 65 jnz short 7C92AD39 7C92ACD4 57 push edi 7C92ACD5 6F outs dx, dword ptr es:[edi] 7C92ACD6 72 6B jb short 7C92AD43 7C92ACD8 49 dec ecx 7C92ACD9 74 65 je short 7C92AD40 7C92ACDB 6D ins dword ptr es:[edi], dx 7C92ACDC 0052 74 add [edx+74], dl 7C92ACDF 6C ins byte ptr es:[edi], dx 7C92ACE0 52 push edx ; msvcrt.77C31AE8 7C92ACE1 61 popad 7C92ACE2 6973 65 4578636>imul esi, [ebx+65], 65637845 7C92ACE9 70 74 jo short 7C92AD5F 7C92ACEB 696F 6E 0052746>imul ebp, [edi+6E], 6C745200 7C92ACF2 52 push edx ; msvcrt.77C31AE8 7C92ACF3 61 popad 7C92ACF4 6973 65 5374617>imul esi, [ebx+65], 74617453 7C92ACFB 75 73 jnz short 7C92AD70 7C92ACFD 0052 74 add [edx+74], dl 7C92AD00 6C ins byte ptr es:[edi], dx 7C92AD01 52 push edx ; msvcrt.77C31AE8 7C92AD02 61 popad 7C92AD03 6E outs dx, byte ptr es:[edi] 7C92AD04 64:6F outs dx, dword ptr es:[edi] 7C92AD06 6D ins dword ptr es:[edi], dx 7C92AD07 0052 74 add [edx+74], dl 7C92AD0A 6C ins byte ptr es:[edi], dx 7C92AD0B 52 push edx ; msvcrt.77C31AE8 7C92AD0C 61 popad 7C92AD0D 6E outs dx, byte ptr es:[edi] 7C92AD0E 64:6F outs dx, dword ptr es:[edi] 7C92AD10 6D ins dword ptr es:[edi], dx 7C92AD11 45 inc ebp 7C92AD12 78 00 js short 7C92AD14 7C92AD14 52 push edx ; msvcrt.77C31AE8 7C92AD15 74 6C je short 7C92AD83 7C92AD17 52 push edx ; msvcrt.77C31AE8 7C92AD18 65:41 inc ecx 7C92AD1A 6C ins byte ptr es:[edi], dx 7C92AD1B 6C ins byte ptr es:[edi], dx 7C92AD1C 6F outs dx, dword ptr es:[edi] 7C92AD1D 6361 74 arpl [ecx+74], sp 7C92AD20 65:48 dec eax 7C92AD22 65:61 popad 7C92AD24 70 00 jo short 7C92AD26 7C92AD26 52 push edx ; msvcrt.77C31AE8 7C92AD27 74 6C je short 7C92AD95 7C92AD29 52 push edx ; msvcrt.77C31AE8 7C92AD2A 65:61 popad 7C92AD2C 64:4D dec ebp 7C92AD2E 65:6D ins dword ptr es:[edi], dx 7C92AD30 6F outs dx, dword ptr es:[edi] 7C92AD31 72 79 jb short 7C92ADAC 7C92AD33 53 push ebx 7C92AD34 74 72 je short 7C92ADA8 7C92AD36 65:61 popad 7C92AD38 6D ins dword ptr es:[edi], dx 7C92AD39 0052 74 add [edx+74], dl 7C92AD3C 6C ins byte ptr es:[edi], dx 7C92AD3D 52 push edx ; msvcrt.77C31AE8 7C92AD3E 65:61 popad 7C92AD40 64:4F dec edi 7C92AD42 75 74 jnz short 7C92ADB8 7C92AD44 4F dec edi 7C92AD45 66:50 push ax 7C92AD47 72 6F jb short 7C92ADB8 7C92AD49 6365 73 arpl [ebp+73], sp 7C92AD4C 73 4D jnb short 7C92AD9B 7C92AD4E 65:6D ins dword ptr es:[edi], dx 7C92AD50 6F outs dx, dword ptr es:[edi] 7C92AD51 72 79 jb short 7C92ADCC 7C92AD53 53 push ebx 7C92AD54 74 72 je short 7C92ADC8 7C92AD56 65:61 popad 7C92AD58 6D ins dword ptr es:[edi], dx 7C92AD59 0052 74 add [edx+74], dl 7C92AD5C 6C ins byte ptr es:[edi], dx 7C92AD5D 52 push edx ; msvcrt.77C31AE8 7C92AD5E 65:61 popad 7C92AD60 6C ins byte ptr es:[edi], dx 7C92AD61 50 push eax 7C92AD62 72 65 jb short 7C92ADC9 7C92AD64 64: prefix fs: 7C92AD65 65:6365 73 arpl gs:[ebp+73], sp 7C92AD69 73 6F jnb short 7C92ADDA 7C92AD6B 72 00 jb short 7C92AD6D 7C92AD6D 52 push edx ; msvcrt.77C31AE8 7C92AD6E 74 6C je short 7C92ADDC 7C92AD70 52 push edx ; msvcrt.77C31AE8 7C92AD71 65:61 popad 7C92AD73 6C ins byte ptr es:[edi], dx 7C92AD74 53 push ebx 7C92AD75 75 63 jnz short 7C92ADDA 7C92AD77 6365 73 arpl [ebp+73], sp 7C92AD7A 73 6F jnb short 7C92ADEB 7C92AD7C 72 00 jb short 7C92AD7E 7C92AD7E 52 push edx ; msvcrt.77C31AE8 7C92AD7F 74 6C je short 7C92ADED 7C92AD81 52 push edx ; msvcrt.77C31AE8 7C92AD82 65:67:6973 74 6>imul esi, gs:[bp+di+74], 65537265 7C92AD8B 6375 72 arpl [ebp+72], si 7C92AD8E 65:4D dec ebp 7C92AD90 65:6D ins dword ptr es:[edi], dx 7C92AD92 6F outs dx, dword ptr es:[edi] 7C92AD93 72 79 jb short 7C92AE0E 7C92AD95 43 inc ebx 7C92AD96 61 popad 7C92AD97 6368 65 arpl [eax+65], bp 7C92AD9A 43 inc ebx 7C92AD9B 61 popad 7C92AD9C 6C ins byte ptr es:[edi], dx 7C92AD9D 6C ins byte ptr es:[edi], dx 7C92AD9E 6261 63 bound esp, [ecx+63] 7C92ADA1 6B00 52 imul eax, [eax], 52 7C92ADA4 74 6C je short 7C92AE12 7C92ADA6 52 push edx ; msvcrt.77C31AE8 7C92ADA7 65:67:6973 74 6>imul esi, gs:[bp+di+74], 61577265 7C92ADB0 697400 52 746C5>imul esi, [eax+eax+52], 65526C74 7C92ADB8 6C ins byte ptr es:[edi], dx 7C92ADB9 65:61 popad 7C92ADBB 73 65 jnb short 7C92AE22 7C92ADBD 41 inc ecx 7C92ADBE 637469 76 arpl [ecx+ebp*2+76], si 7C92ADC2 61 popad 7C92ADC3 74 69 je short 7C92AE2E 7C92ADC5 6F outs dx, dword ptr es:[edi] 7C92ADC6 6E outs dx, byte ptr es:[edi] 7C92ADC7 43 inc ebx 7C92ADC8 6F outs dx, dword ptr es:[edi] 7C92ADC9 6E outs dx, byte ptr es:[edi] 7C92ADCA 74 65 je short 7C92AE31 7C92ADCC 78 74 js short 7C92AE42 7C92ADCE 0052 74 add [edx+74], dl 7C92ADD1 6C ins byte ptr es:[edi], dx 7C92ADD2 52 push edx ; msvcrt.77C31AE8 7C92ADD3 65:6C ins byte ptr es:[edi], dx 7C92ADD5 65:61 popad 7C92ADD7 73 65 jnb short 7C92AE3E 7C92ADD9 4D dec ebp 7C92ADDA 65:6D ins dword ptr es:[edi], dx 7C92ADDC 6F outs dx, dword ptr es:[edi] 7C92ADDD 72 79 jb short 7C92AE58 7C92ADDF 53 push ebx 7C92ADE0 74 72 je short 7C92AE54 7C92ADE2 65:61 popad 7C92ADE4 6D ins dword ptr es:[edi], dx 7C92ADE5 0052 74 add [edx+74], dl 7C92ADE8 6C ins byte ptr es:[edi], dx 7C92ADE9 52 push edx ; msvcrt.77C31AE8 7C92ADEA 65:6C ins byte ptr es:[edi], dx 7C92ADEC 65:61 popad 7C92ADEE 73 65 jnb short 7C92AE55 7C92ADF0 50 push eax 7C92ADF1 65:624C6F 63 bound ecx, gs:[edi+ebp*2+63] 7C92ADF6 6B00 52 imul eax, [eax], 52 7C92ADF9 74 6C je short 7C92AE67 7C92ADFB 52 push edx ; msvcrt.77C31AE8 7C92ADFC 65:6C ins byte ptr es:[edi], dx 7C92ADFE 65:61 popad 7C92AE00 73 65 jnb short 7C92AE67 7C92AE02 52 push edx ; msvcrt.77C31AE8 7C92AE03 65:73 6F jnb short 7C92AE75 7C92AE06 75 72 jnz short 7C92AE7A 7C92AE08 6365 00 arpl [ebp], sp 7C92AE0B 52 push edx ; msvcrt.77C31AE8 7C92AE0C 74 6C je short 7C92AE7A 7C92AE0E 52 push edx ; msvcrt.77C31AE8 7C92AE0F 65:6D ins dword ptr es:[edi], dx 7C92AE11 6F outs dx, dword ptr es:[edi] 7C92AE12 74 65 je short 7C92AE79 7C92AE14 43 inc ebx 7C92AE15 61 popad 7C92AE16 6C ins byte ptr es:[edi], dx 7C92AE17 6C ins byte ptr es:[edi], dx 7C92AE18 0052 74 add [edx+74], dl 7C92AE1B 6C ins byte ptr es:[edi], dx 7C92AE1C 52 push edx ; msvcrt.77C31AE8 7C92AE1D 65:6D ins dword ptr es:[edi], dx 7C92AE1F 6F outs dx, dword ptr es:[edi] 7C92AE20 76 65 jbe short 7C92AE87 7C92AE22 56 push esi ; ntdll.ZwTerminateProcess 7C92AE23 65:63746F 72 arpl gs:[edi+ebp*2+72], si 7C92AE28 65: prefix gs: 7C92AE29 64:45 inc ebp 7C92AE2B 78 63 js short 7C92AE90 7C92AE2D 65:70 74 jo short 7C92AEA4 7C92AE30 696F 6E 48616E6>imul ebp, [edi+6E], 646E6148 7C92AE37 6C ins byte ptr es:[edi], dx 7C92AE38 65:72 00 jb short 7C92AE3B 7C92AE3B 52 push edx ; msvcrt.77C31AE8 7C92AE3C 74 6C je short 7C92AEAA 7C92AE3E 52 push edx ; msvcrt.77C31AE8 7C92AE3F 65:73 65 jnb short 7C92AEA7 7C92AE42 74 52 je short 7C92AE96 7C92AE44 74 6C je short 7C92AEB2 7C92AE46 54 push esp 7C92AE47 72 61 jb short 7C92AEAA 7C92AE49 6E outs dx, byte ptr es:[edi] 7C92AE4A 73 6C jnb short 7C92AEB8 7C92AE4C 61 popad 7C92AE4D 74 69 je short 7C92AEB8 7C92AE4F 6F outs dx, dword ptr es:[edi] 7C92AE50 6E outs dx, byte ptr es:[edi] 7C92AE51 73 00 jnb short 7C92AE53 7C92AE53 52 push edx ; msvcrt.77C31AE8 7C92AE54 74 6C je short 7C92AEC2 7C92AE56 52 push edx ; msvcrt.77C31AE8 7C92AE57 65:73 74 jnb short 7C92AECE 7C92AE5A 6F outs dx, dword ptr es:[edi] 7C92AE5B 72 65 jb short 7C92AEC2 7C92AE5D 4C dec esp 7C92AE5E 61 popad 7C92AE5F 73 74 jnb short 7C92AED5 7C92AE61 57 push edi 7C92AE62 696E 33 3245727>imul ebp, [esi+33], 72724532 7C92AE69 6F outs dx, dword ptr es:[edi] 7C92AE6A 72 00 jb short 7C92AE6C 7C92AE6C 52 push edx ; msvcrt.77C31AE8 7C92AE6D 74 6C je short 7C92AEDB 7C92AE6F 52 push edx ; msvcrt.77C31AE8 7C92AE70 65:76 65 jbe short 7C92AED8 7C92AE73 72 74 jb short 7C92AEE9 7C92AE75 4D dec ebp 7C92AE76 65:6D ins dword ptr es:[edi], dx 7C92AE78 6F outs dx, dword ptr es:[edi] 7C92AE79 72 79 jb short 7C92AEF4 7C92AE7B 53 push ebx 7C92AE7C 74 72 je short 7C92AEF0 7C92AE7E 65:61 popad 7C92AE80 6D ins dword ptr es:[edi], dx 7C92AE81 0052 74 add [edx+74], dl 7C92AE84 6C ins byte ptr es:[edi], dx 7C92AE85 52 push edx ; msvcrt.77C31AE8 7C92AE86 75 6E jnz short 7C92AEF6 7C92AE88 44 inc esp 7C92AE89 65:636F 64 arpl gs:[edi+64], bp 7C92AE8D 65:55 push ebp 7C92AE8F 6E outs dx, byte ptr es:[edi] 7C92AE90 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92AE97 72 69 jb short 7C92AF02 7C92AE99 6E outs dx, byte ptr es:[edi] 7C92AE9A 67:0052 74 add [bp+si+74], dl 7C92AE9E 6C ins byte ptr es:[edi], dx 7C92AE9F 52 push edx ; msvcrt.77C31AE8 7C92AEA0 75 6E jnz short 7C92AF10 7C92AEA2 45 inc ebp 7C92AEA3 6E outs dx, byte ptr es:[edi] 7C92AEA4 636F 64 arpl [edi+64], bp 7C92AEA7 65:55 push ebp 7C92AEA9 6E outs dx, byte ptr es:[edi] 7C92AEAA 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92AEB1 72 69 jb short 7C92AF1C 7C92AEB3 6E outs dx, byte ptr es:[edi] 7C92AEB4 67:0052 74 add [bp+si+74], dl 7C92AEB8 6C ins byte ptr es:[edi], dx 7C92AEB9 53 push ebx 7C92AEBA 65:636F 6E arpl gs:[edi+6E], bp 7C92AEBE 64:73 53 jnb short 7C92AF14 7C92AEC1 696E 63 6531393>imul ebp, [esi+63], 37393165 7C92AEC8 30546F 54 xor [edi+ebp*2+54], dl 7C92AECC 696D 65 0052746>imul ebp, [ebp+65], 6C745200 7C92AED3 53 push ebx 7C92AED4 65:636F 6E arpl gs:[edi+6E], bp 7C92AED8 64:73 53 jnb short 7C92AF2E 7C92AEDB 696E 63 6531393>imul ebp, [esi+63], 38393165 7C92AEE2 30546F 54 xor [edi+ebp*2+54], dl 7C92AEE6 696D 65 0052746>imul ebp, [ebp+65], 6C745200 7C92AEED 53 push ebx 7C92AEEE 65: prefix gs: 7C92AEEF 65:6B4D 65 6D imul ecx, gs:[ebp+65], 6D 7C92AEF4 6F outs dx, dword ptr es:[edi] 7C92AEF5 72 79 jb short 7C92AF70 7C92AEF7 53 push ebx 7C92AEF8 74 72 je short 7C92AF6C 7C92AEFA 65:61 popad 7C92AEFC 6D ins dword ptr es:[edi], dx 7C92AEFD 0052 74 add [edx+74], dl 7C92AF00 6C ins byte ptr es:[edi], dx 7C92AF01 53 push ebx 7C92AF02 65:6C ins byte ptr es:[edi], dx 7C92AF04 66:52 push dx 7C92AF06 65:6C ins byte ptr es:[edi], dx 7C92AF08 61 popad 7C92AF09 74 69 je short 7C92AF74 7C92AF0B 76 65 jbe short 7C92AF72 7C92AF0D 54 push esp 7C92AF0E 6F outs dx, dword ptr es:[edi] 7C92AF0F 41 inc ecx 7C92AF10 6273 6F bound esi, [ebx+6F] 7C92AF13 6C ins byte ptr es:[edi], dx 7C92AF14 75 74 jnz short 7C92AF8A 7C92AF16 65:53 push ebx 7C92AF18 44 inc esp 7C92AF19 0052 74 add [edx+74], dl 7C92AF1C 6C ins byte ptr es:[edi], dx 7C92AF1D 53 push ebx 7C92AF1E 65:6C ins byte ptr es:[edi], dx 7C92AF20 66:52 push dx 7C92AF22 65:6C ins byte ptr es:[edi], dx 7C92AF24 61 popad 7C92AF25 74 69 je short 7C92AF90 7C92AF27 76 65 jbe short 7C92AF8E 7C92AF29 54 push esp 7C92AF2A 6F outs dx, dword ptr es:[edi] 7C92AF2B 41 inc ecx 7C92AF2C 6273 6F bound esi, [ebx+6F] 7C92AF2F 6C ins byte ptr es:[edi], dx 7C92AF30 75 74 jnz short 7C92AFA6 7C92AF32 65:53 push ebx 7C92AF34 44 inc esp 7C92AF35 3200 xor al, [eax] 7C92AF37 52 push edx ; msvcrt.77C31AE8 7C92AF38 74 6C je short 7C92AFA6 7C92AF3A 53 push ebx 7C92AF3B 65:74 41 je short 7C92AF7F 7C92AF3E 6C ins byte ptr es:[edi], dx 7C92AF3F 6C ins byte ptr es:[edi], dx 7C92AF40 42 inc edx ; msvcrt.77C31AE8 7C92AF41 697473 00 52746>imul esi, [ebx+esi*2], 536C7452 7C92AF49 65:74 41 je short 7C92AF8D 7C92AF4C 74 74 je short 7C92AFC2 7C92AF4E 72 69 jb short 7C92AFB9 7C92AF50 6275 74 bound esi, [ebp+74] 7C92AF53 65:73 53 jnb short 7C92AFA9 7C92AF56 65:6375 72 arpl gs:[ebp+72], si 7C92AF5A 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C92AF62 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C92AF69 74 6C je short 7C92AFD7 7C92AF6B 53 push ebx 7C92AF6C 65:74 42 je short 7C92AFB1 7C92AF6F 697473 00 52746>imul esi, [ebx+esi*2], 536C7452 7C92AF77 65:74 43 je short 7C92AFBD 7C92AF7A 6F outs dx, dword ptr es:[edi] 7C92AF7B 6E outs dx, byte ptr es:[edi] 7C92AF7C 74 72 je short 7C92AFF0 7C92AF7E 6F outs dx, dword ptr es:[edi] 7C92AF7F 6C ins byte ptr es:[edi], dx 7C92AF80 53 push ebx 7C92AF81 65:6375 72 arpl gs:[ebp+72], si 7C92AF85 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C92AF8D 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C92AF94 74 6C je short 7C92B002 7C92AF96 53 push ebx 7C92AF97 65:74 43 je short 7C92AFDD 7C92AF9A 72 69 jb short 7C92B005 7C92AF9C 74 69 je short 7C92B007 7C92AF9E 6361 6C arpl [ecx+6C], sp 7C92AFA1 53 push ebx 7C92AFA2 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92AFA7 6E outs dx, byte ptr es:[edi] 7C92AFA8 53 push ebx 7C92AFA9 70 69 jo short 7C92B014 7C92AFAB 6E outs dx, byte ptr es:[edi] 7C92AFAC 43 inc ebx 7C92AFAD 6F outs dx, dword ptr es:[edi] 7C92AFAE 75 6E jnz short 7C92B01E 7C92AFB0 74 00 je short 7C92AFB2 7C92AFB2 52 push edx ; msvcrt.77C31AE8 7C92AFB3 74 6C je short 7C92B021 7C92AFB5 53 push ebx 7C92AFB6 65:74 43 je short 7C92AFFC 7C92AFB9 75 72 jnz short 7C92B02D 7C92AFBB 72 65 jb short 7C92B022 7C92AFBD 6E outs dx, byte ptr es:[edi] 7C92AFBE 74 44 je short 7C92B004 7C92AFC0 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C92AFC7 79 5F jns short 7C92B028 7C92AFC9 55 push ebp 7C92AFCA 0052 74 add [edx+74], dl 7C92AFCD 6C ins byte ptr es:[edi], dx 7C92AFCE 53 push ebx 7C92AFCF 65:74 43 je short 7C92B015 7C92AFD2 75 72 jnz short 7C92B046 7C92AFD4 72 65 jb short 7C92B03B 7C92AFD6 6E outs dx, byte ptr es:[edi] 7C92AFD7 74 45 je short 7C92B01E 7C92AFD9 6E outs dx, byte ptr es:[edi] 7C92AFDA 76 69 jbe short 7C92B045 7C92AFDC 72 6F jb short 7C92B04D 7C92AFDE 6E outs dx, byte ptr es:[edi] 7C92AFDF 6D ins dword ptr es:[edi], dx 7C92AFE0 65:6E outs dx, byte ptr es:[edi] 7C92AFE2 74 00 je short 7C92AFE4 7C92AFE4 52 push edx ; msvcrt.77C31AE8 7C92AFE5 74 6C je short 7C92B053 7C92AFE7 53 push ebx 7C92AFE8 65:74 44 je short 7C92B02F 7C92AFEB 61 popad 7C92AFEC 636C53 65 arpl [ebx+edx*2+65], bp 7C92AFF0 6375 72 arpl [ebp+72], si 7C92AFF3 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C92AFFB 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C92B002 74 6C je short 7C92B070 7C92B004 53 push ebx 7C92B005 65:74 45 je short 7C92B04D 7C92B008 6E outs dx, byte ptr es:[edi] 7C92B009 76 69 jbe short 7C92B074 7C92B00B 72 6F jb short 7C92B07C 7C92B00D 6E outs dx, byte ptr es:[edi] 7C92B00E 6D ins dword ptr es:[edi], dx 7C92B00F 65:6E outs dx, byte ptr es:[edi] 7C92B011 74 56 je short 7C92B069 7C92B013 61 popad 7C92B014 72 69 jb short 7C92B07F 7C92B016 61 popad 7C92B017 626C65 00 bound ebp, [ebp] 7C92B01B 52 push edx ; msvcrt.77C31AE8 7C92B01C 74 6C je short 7C92B08A 7C92B01E 53 push ebx 7C92B01F 65:74 47 je short 7C92B069 7C92B022 72 6F jb short 7C92B093 7C92B024 75 70 jnz short 7C92B096 7C92B026 53 push ebx 7C92B027 65:6375 72 arpl gs:[ebp+72], si 7C92B02B 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C92B033 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C92B03A 74 6C je short 7C92B0A8 7C92B03C 53 push ebx 7C92B03D 65:74 48 je short 7C92B088 7C92B040 65:61 popad 7C92B042 70 49 jo short 7C92B08D 7C92B044 6E outs dx, byte ptr es:[edi] 7C92B045 66:6F outs dx, word ptr es:[edi] 7C92B047 72 6D jb short 7C92B0B6 7C92B049 61 popad 7C92B04A 74 69 je short 7C92B0B5 7C92B04C 6F outs dx, dword ptr es:[edi] 7C92B04D 6E outs dx, byte ptr es:[edi] 7C92B04E 0052 74 add [edx+74], dl 7C92B051 6C ins byte ptr es:[edi], dx 7C92B052 53 push ebx 7C92B053 65:74 49 je short 7C92B09F 7C92B056 6E outs dx, byte ptr es:[edi] 7C92B057 66:6F outs dx, word ptr es:[edi] 7C92B059 72 6D jb short 7C92B0C8 7C92B05B 61 popad 7C92B05C 74 69 je short 7C92B0C7 7C92B05E 6F outs dx, dword ptr es:[edi] 7C92B05F 6E outs dx, byte ptr es:[edi] 7C92B060 41 inc ecx 7C92B061 636C00 52 arpl [eax+eax+52], bp 7C92B065 74 6C je short 7C92B0D3 7C92B067 53 push ebx 7C92B068 65:74 49 je short 7C92B0B4 7C92B06B 6F outs dx, dword ptr es:[edi] 7C92B06C 43 inc ebx 7C92B06D 6F outs dx, dword ptr es:[edi] 7C92B06E 6D ins dword ptr es:[edi], dx 7C92B06F 70 6C jo short 7C92B0DD 7C92B071 65:74 69 je short 7C92B0DD 7C92B074 6F outs dx, dword ptr es:[edi] 7C92B075 6E outs dx, byte ptr es:[edi] 7C92B076 43 inc ebx 7C92B077 61 popad 7C92B078 6C ins byte ptr es:[edi], dx 7C92B079 6C ins byte ptr es:[edi], dx 7C92B07A 6261 63 bound esp, [ecx+63] 7C92B07D 6B00 52 imul eax, [eax], 52 7C92B080 74 6C je short 7C92B0EE 7C92B082 53 push ebx 7C92B083 65:74 4C je short 7C92B0D2 7C92B086 61 popad 7C92B087 73 74 jnb short 7C92B0FD 7C92B089 57 push edi 7C92B08A 696E 33 3245727>imul ebp, [esi+33], 72724532 7C92B091 6F outs dx, dword ptr es:[edi] 7C92B092 72 00 jb short 7C92B094 7C92B094 52 push edx ; msvcrt.77C31AE8 7C92B095 74 6C je short 7C92B103 7C92B097 53 push ebx 7C92B098 65:74 4C je short 7C92B0E7 7C92B09B 61 popad 7C92B09C 73 74 jnb short 7C92B112 7C92B09E 57 push edi 7C92B09F 696E 33 3245727>imul ebp, [esi+33], 72724532 7C92B0A6 6F outs dx, dword ptr es:[edi] 7C92B0A7 72 41 jb short 7C92B0EA 7C92B0A9 6E outs dx, byte ptr es:[edi] 7C92B0AA 64:4E dec esi ; ntdll.ZwTerminateProcess 7C92B0AC 74 53 je short 7C92B101 7C92B0AE 74 61 je short 7C92B111 7C92B0B0 74 75 je short 7C92B127 7C92B0B2 73 46 jnb short 7C92B0FA 7C92B0B4 72 6F jb short 7C92B125 7C92B0B6 6D ins dword ptr es:[edi], dx 7C92B0B7 4E dec esi ; ntdll.ZwTerminateProcess 7C92B0B8 74 53 je short 7C92B10D 7C92B0BA 74 61 je short 7C92B11D 7C92B0BC 74 75 je short 7C92B133 7C92B0BE 73 00 jnb short 7C92B0C0 7C92B0C0 52 push edx ; msvcrt.77C31AE8 7C92B0C1 74 6C je short 7C92B12F 7C92B0C3 53 push ebx 7C92B0C4 65:74 4D je short 7C92B114 7C92B0C7 65:6D ins dword ptr es:[edi], dx 7C92B0C9 6F outs dx, dword ptr es:[edi] 7C92B0CA 72 79 jb short 7C92B145 7C92B0CC 53 push ebx 7C92B0CD 74 72 je short 7C92B141 7C92B0CF 65:61 popad 7C92B0D1 6D ins dword ptr es:[edi], dx 7C92B0D2 53 push ebx 7C92B0D3 697A 65 0052746>imul edi, [edx+65], 6C745200 7C92B0DA 53 push ebx 7C92B0DB 65:74 4F je short 7C92B12D 7C92B0DE 77 6E ja short 7C92B14E 7C92B0E0 65:72 53 jb short 7C92B136 7C92B0E3 65:6375 72 arpl gs:[ebp+72], si 7C92B0E7 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C92B0EF 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C92B0F6 74 6C je short 7C92B164 7C92B0F8 53 push ebx 7C92B0F9 65:74 50 je short 7C92B14C 7C92B0FC 72 6F jb short 7C92B16D 7C92B0FE 6365 73 arpl [ebp+73], sp 7C92B101 73 49 jnb short 7C92B14C 7C92B103 73 43 jnb short 7C92B148 7C92B105 72 69 jb short 7C92B170 7C92B107 74 69 je short 7C92B172 7C92B109 6361 6C arpl [ecx+6C], sp 7C92B10C 0052 74 add [edx+74], dl 7C92B10F 6C ins byte ptr es:[edi], dx 7C92B110 53 push ebx 7C92B111 65:74 53 je short 7C92B167 7C92B114 61 popad 7C92B115 636C53 65 arpl [ebx+edx*2+65], bp 7C92B119 6375 72 arpl [ebp+72], si 7C92B11C 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C92B124 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C92B12B 74 6C je short 7C92B199 7C92B12D 53 push ebx 7C92B12E 65:74 53 je short 7C92B184 7C92B131 65:6375 72 arpl gs:[ebp+72], si 7C92B135 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C92B13D 6970 74 6F72524>imul esi, [eax+74], 4D52726F 7C92B144 43 inc ebx 7C92B145 6F outs dx, dword ptr es:[edi] 7C92B146 6E outs dx, byte ptr es:[edi] 7C92B147 74 72 je short 7C92B1BB 7C92B149 6F outs dx, dword ptr es:[edi] 7C92B14A 6C ins byte ptr es:[edi], dx 7C92B14B 0052 74 add [edx+74], dl 7C92B14E 6C ins byte ptr es:[edi], dx 7C92B14F 53 push ebx 7C92B150 65:74 53 je short 7C92B1A6 7C92B153 65:6375 72 arpl gs:[ebp+72], si 7C92B157 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C92B15F 74 00 je short 7C92B161 7C92B161 52 push edx ; msvcrt.77C31AE8 7C92B162 74 6C je short 7C92B1D0 7C92B164 53 push ebx 7C92B165 65:74 53 je short 7C92B1BB 7C92B168 65:6375 72 arpl gs:[ebp+72], si 7C92B16C 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C92B174 74 45 je short 7C92B1BB 7C92B176 78 00 js short 7C92B178 7C92B178 52 push edx ; msvcrt.77C31AE8 7C92B179 74 6C je short 7C92B1E7 7C92B17B 53 push ebx 7C92B17C 65:74 54 je short 7C92B1D3 7C92B17F 68 72656164 push 64616572 7C92B184 49 dec ecx 7C92B185 73 43 jnb short 7C92B1CA 7C92B187 72 69 jb short 7C92B1F2 7C92B189 74 69 je short 7C92B1F4 7C92B18B 6361 6C arpl [ecx+6C], sp 7C92B18E 0052 74 add [edx+74], dl 7C92B191 6C ins byte ptr es:[edi], dx 7C92B192 53 push ebx 7C92B193 65:74 54 je short 7C92B1EA 7C92B196 68 72656164 push 64616572 7C92B19B 50 push eax 7C92B19C 6F outs dx, dword ptr es:[edi] 7C92B19D 6F outs dx, dword ptr es:[edi] 7C92B19E 6C ins byte ptr es:[edi], dx 7C92B19F 53 push ebx 7C92B1A0 74 61 je short 7C92B203 7C92B1A2 72 74 jb short 7C92B218 7C92B1A4 46 inc esi ; ntdll.ZwTerminateProcess 7C92B1A5 75 6E jnz short 7C92B215 7C92B1A7 6300 arpl [eax], ax 7C92B1A9 52 push edx ; msvcrt.77C31AE8 7C92B1AA 74 6C je short 7C92B218 7C92B1AC 53 push ebx 7C92B1AD 65:74 54 je short 7C92B204 7C92B1B0 696D 65 5A6F6E6>imul ebp, [ebp+65], 656E6F5A 7C92B1B7 49 dec ecx 7C92B1B8 6E outs dx, byte ptr es:[edi] 7C92B1B9 66:6F outs dx, word ptr es:[edi] 7C92B1BB 72 6D jb short 7C92B22A 7C92B1BD 61 popad 7C92B1BE 74 69 je short 7C92B229 7C92B1C0 6F outs dx, dword ptr es:[edi] 7C92B1C1 6E outs dx, byte ptr es:[edi] 7C92B1C2 0052 74 add [edx+74], dl 7C92B1C5 6C ins byte ptr es:[edi], dx 7C92B1C6 53 push ebx 7C92B1C7 65:74 54 je short 7C92B21E 7C92B1CA 696D 65 7200527>imul ebp, [ebp+65], 74520072 7C92B1D1 6C ins byte ptr es:[edi], dx 7C92B1D2 53 push ebx 7C92B1D3 65:74 55 je short 7C92B22B 7C92B1D6 6E outs dx, byte ptr es:[edi] 7C92B1D7 6963 6F 6465436>imul esp, [ebx+6F], 61436564 7C92B1DE 6C ins byte ptr es:[edi], dx 7C92B1DF 6C ins byte ptr es:[edi], dx 7C92B1E0 6F outs dx, dword ptr es:[edi] 7C92B1E1 75 74 jnz short 7C92B257 7C92B1E3 73 00 jnb short 7C92B1E5 7C92B1E5 52 push edx ; msvcrt.77C31AE8 7C92B1E6 74 6C je short 7C92B254 7C92B1E8 53 push ebx 7C92B1E9 65:74 55 je short 7C92B241 7C92B1EC 73 65 jnb short 7C92B253 7C92B1EE 72 46 jb short 7C92B236 7C92B1F0 6C ins byte ptr es:[edi], dx 7C92B1F1 61 popad 7C92B1F2 67:73 48 jnb short 7C92B23D 7C92B1F5 65:61 popad 7C92B1F7 70 00 jo short 7C92B1F9 7C92B1F9 52 push edx ; msvcrt.77C31AE8 7C92B1FA 74 6C je short 7C92B268 7C92B1FC 53 push ebx 7C92B1FD 65:74 55 je short 7C92B255 7C92B200 73 65 jnb short 7C92B267 7C92B202 72 56 jb short 7C92B25A 7C92B204 61 popad 7C92B205 6C ins byte ptr es:[edi], dx 7C92B206 75 65 jnz short 7C92B26D 7C92B208 48 dec eax 7C92B209 65:61 popad 7C92B20B 70 00 jo short 7C92B20D 7C92B20D 52 push edx ; msvcrt.77C31AE8 7C92B20E 74 6C je short 7C92B27C 7C92B210 53 push ebx 7C92B211 697A 65 4865617>imul edi, [edx+65], 70616548 7C92B218 0052 74 add [edx+74], dl 7C92B21B 6C ins byte ptr es:[edi], dx 7C92B21C 53 push ebx 7C92B21D 70 6C jo short 7C92B28B 7C92B21F 61 popad 7C92B220 79 00 jns short 7C92B222 7C92B222 52 push edx ; msvcrt.77C31AE8 7C92B223 74 6C je short 7C92B291 7C92B225 53 push ebx 7C92B226 74 61 je short 7C92B289 7C92B228 72 74 jb short 7C92B29E 7C92B22A 52 push edx ; msvcrt.77C31AE8 7C92B22B 58 pop eax ; ntdll.7C92E89A 7C92B22C 61 popad 7C92B22D 637400 52 arpl [eax+eax+52], si 7C92B231 74 6C je short 7C92B29F 7C92B233 53 push ebx 7C92B234 74 61 je short 7C92B297 7C92B236 74 4D je short 7C92B285 7C92B238 65:6D ins dword ptr es:[edi], dx 7C92B23A 6F outs dx, dword ptr es:[edi] 7C92B23B 72 79 jb short 7C92B2B6 7C92B23D 53 push ebx 7C92B23E 74 72 je short 7C92B2B2 7C92B240 65:61 popad 7C92B242 6D ins dword ptr es:[edi], dx 7C92B243 0052 74 add [edx+74], dl 7C92B246 6C ins byte ptr es:[edi], dx 7C92B247 53 push ebx 7C92B248 74 72 je short 7C92B2BC 7C92B24A 696E 67 46726F6>imul ebp, [esi+67], 6D6F7246 7C92B251 47 inc edi 7C92B252 55 push ebp 7C92B253 49 dec ecx 7C92B254 44 inc esp 7C92B255 0052 74 add [edx+74], dl 7C92B258 6C ins byte ptr es:[edi], dx 7C92B259 53 push ebx 7C92B25A 75 62 jnz short 7C92B2BE 7C92B25C 41 inc ecx 7C92B25D 75 74 jnz short 7C92B2D3 7C92B25F 68 6F726974 push 7469726F 7C92B264 79 43 jns short 7C92B2A9 7C92B266 6F outs dx, dword ptr es:[edi] 7C92B267 75 6E jnz short 7C92B2D7 7C92B269 74 53 je short 7C92B2BE 7C92B26B 696400 52 746C5>imul esp, [eax+eax+52], 75536C74 7C92B273 6241 75 bound eax, [ecx+75] 7C92B276 74 68 je short 7C92B2E0 7C92B278 6F outs dx, dword ptr es:[edi] 7C92B279 72 69 jb short 7C92B2E4 7C92B27B 74 79 je short 7C92B2F6 7C92B27D 53 push ebx 7C92B27E 696400 52 746C5>imul esp, [eax+eax+52], 75536C74 7C92B286 627472 65 bound esi, [edx+esi*2+65] 7C92B28A 65:50 push eax 7C92B28C 72 65 jb short 7C92B2F3 7C92B28E 64: prefix fs: 7C92B28F 65:6365 73 arpl gs:[ebp+73], sp 7C92B293 73 6F jnb short 7C92B304 7C92B295 72 00 jb short 7C92B297 7C92B297 52 push edx ; msvcrt.77C31AE8 7C92B298 74 6C je short 7C92B306 7C92B29A 53 push ebx 7C92B29B 75 62 jnz short 7C92B2FF 7C92B29D 74 72 je short 7C92B311 7C92B29F 65: prefix gs: 7C92B2A0 65:53 push ebx 7C92B2A2 75 63 jnz short 7C92B307 7C92B2A4 6365 73 arpl [ebp+73], sp 7C92B2A7 73 6F jnb short 7C92B318 7C92B2A9 72 00 jb short 7C92B2AB 7C92B2AB 52 push edx ; msvcrt.77C31AE8 7C92B2AC 74 6C je short 7C92B31A 7C92B2AE 53 push ebx 7C92B2AF 79 73 jns short 7C92B324 7C92B2B1 74 65 je short 7C92B318 7C92B2B3 6D ins dword ptr es:[edi], dx 7C92B2B4 54 push esp 7C92B2B5 696D 65 546F4C6>imul ebp, [ebp+65], 6F4C6F54 7C92B2BC 6361 6C arpl [ecx+6C], sp 7C92B2BF 54 push esp 7C92B2C0 696D 65 0052746>imul ebp, [ebp+65], 6C745200 7C92B2C7 54 push esp 7C92B2C8 696D 65 4669656>imul ebp, [ebp+65], 6C656946 7C92B2CF 64:73 54 jnb short 7C92B326 7C92B2D2 6F outs dx, dword ptr es:[edi] 7C92B2D3 54 push esp 7C92B2D4 696D 65 0052746>imul ebp, [ebp+65], 6C745200 7C92B2DB 54 push esp 7C92B2DC 696D 65 546F456>imul ebp, [ebp+65], 6C456F54 7C92B2E3 61 popad 7C92B2E4 70 73 jo short 7C92B359 7C92B2E6 65: prefix gs: 7C92B2E7 64:54 push esp 7C92B2E9 696D 65 4669656>imul ebp, [ebp+65], 6C656946 7C92B2F0 64:73 00 jnb short 7C92B2F3 7C92B2F3 52 push edx ; msvcrt.77C31AE8 7C92B2F4 74 6C je short 7C92B362 7C92B2F6 54 push esp 7C92B2F7 696D 65 546F536>imul ebp, [ebp+65], 65536F54 7C92B2FE 636F 6E arpl [edi+6E], bp 7C92B301 64:73 53 jnb short 7C92B357 7C92B304 696E 63 6531393>imul ebp, [esi+63], 37393165 7C92B30B 3000 xor [eax], al 7C92B30D 52 push edx ; msvcrt.77C31AE8 7C92B30E 74 6C je short 7C92B37C 7C92B310 54 push esp 7C92B311 696D 65 546F536>imul ebp, [ebp+65], 65536F54 7C92B318 636F 6E arpl [edi+6E], bp 7C92B31B 64:73 53 jnb short 7C92B371 7C92B31E 696E 63 6531393>imul ebp, [esi+63], 38393165 7C92B325 3000 xor [eax], al 7C92B327 52 push edx ; msvcrt.77C31AE8 7C92B328 74 6C je short 7C92B396 7C92B32A 54 push esp 7C92B32B 696D 65 546F546>imul ebp, [ebp+65], 69546F54 7C92B332 6D ins dword ptr es:[edi], dx 7C92B333 65:46 inc esi ; ntdll.ZwTerminateProcess 7C92B335 6965 6C 6473005>imul esp, [ebp+6C], 52007364 7C92B33C 74 6C je short 7C92B3AA 7C92B33E 54 push esp 7C92B33F 72 61 jb short 7C92B3A2 7C92B341 6365 44 arpl [ebp+44], sp 7C92B344 61 popad 7C92B345 74 61 je short 7C92B3A8 7C92B347 6261 73 bound esp, [ecx+73] 7C92B34A 65:41 inc ecx 7C92B34C 64: prefix fs: 7C92B34D 64:0052 74 add fs:[edx+74], dl 7C92B351 6C ins byte ptr es:[edi], dx 7C92B352 54 push esp 7C92B353 72 61 jb short 7C92B3B6 7C92B355 6365 44 arpl [ebp+44], sp 7C92B358 61 popad 7C92B359 74 61 je short 7C92B3BC 7C92B35B 6261 73 bound esp, [ecx+73] 7C92B35E 65:43 inc ebx 7C92B360 72 65 jb short 7C92B3C7 7C92B362 61 popad 7C92B363 74 65 je short 7C92B3CA 7C92B365 0052 74 add [edx+74], dl 7C92B368 6C ins byte ptr es:[edi], dx 7C92B369 54 push esp 7C92B36A 72 61 jb short 7C92B3CD 7C92B36C 6365 44 arpl [ebp+44], sp 7C92B36F 61 popad 7C92B370 74 61 je short 7C92B3D3 7C92B372 6261 73 bound esp, [ecx+73] 7C92B375 65:44 inc esp 7C92B377 65:73 74 jnb short 7C92B3EE 7C92B37A 72 6F jb short 7C92B3EB 7C92B37C 79 00 jns short 7C92B37E 7C92B37E 52 push edx ; msvcrt.77C31AE8 7C92B37F 74 6C je short 7C92B3ED 7C92B381 54 push esp 7C92B382 72 61 jb short 7C92B3E5 7C92B384 6365 44 arpl [ebp+44], sp 7C92B387 61 popad 7C92B388 74 61 je short 7C92B3EB 7C92B38A 6261 73 bound esp, [ecx+73] 7C92B38D 65:45 inc ebp 7C92B38F 6E outs dx, byte ptr es:[edi] 7C92B390 75 6D jnz short 7C92B3FF 7C92B392 65:72 61 jb short 7C92B3F6 7C92B395 74 65 je short 7C92B3FC 7C92B397 0052 74 add [edx+74], dl 7C92B39A 6C ins byte ptr es:[edi], dx 7C92B39B 54 push esp 7C92B39C 72 61 jb short 7C92B3FF 7C92B39E 6365 44 arpl [ebp+44], sp 7C92B3A1 61 popad 7C92B3A2 74 61 je short 7C92B405 7C92B3A4 6261 73 bound esp, [ecx+73] 7C92B3A7 65:46 inc esi ; ntdll.ZwTerminateProcess 7C92B3A9 696E 64 0052746>imul ebp, [esi+64], 6C745200 7C92B3B0 54 push esp 7C92B3B1 72 61 jb short 7C92B414 7C92B3B3 6365 44 arpl [ebp+44], sp 7C92B3B6 61 popad 7C92B3B7 74 61 je short 7C92B41A 7C92B3B9 6261 73 bound esp, [ecx+73] 7C92B3BC 65:4C dec esp 7C92B3BE 6F outs dx, dword ptr es:[edi] 7C92B3BF 636B 00 arpl [ebx], bp 7C92B3C2 52 push edx ; msvcrt.77C31AE8 7C92B3C3 74 6C je short 7C92B431 7C92B3C5 54 push esp 7C92B3C6 72 61 jb short 7C92B429 7C92B3C8 6365 44 arpl [ebp+44], sp 7C92B3CB 61 popad 7C92B3CC 74 61 je short 7C92B42F 7C92B3CE 6261 73 bound esp, [ecx+73] 7C92B3D1 65:55 push ebp 7C92B3D3 6E outs dx, byte ptr es:[edi] 7C92B3D4 6C ins byte ptr es:[edi], dx 7C92B3D5 6F outs dx, dword ptr es:[edi] 7C92B3D6 636B 00 arpl [ebx], bp 7C92B3D9 52 push edx ; msvcrt.77C31AE8 7C92B3DA 74 6C je short 7C92B448 7C92B3DC 54 push esp 7C92B3DD 72 61 jb short 7C92B440 7C92B3DF 6365 44 arpl [ebp+44], sp 7C92B3E2 61 popad 7C92B3E3 74 61 je short 7C92B446 7C92B3E5 6261 73 bound esp, [ecx+73] 7C92B3E8 65:56 push esi ; ntdll.ZwTerminateProcess 7C92B3EA 61 popad 7C92B3EB 6C ins byte ptr es:[edi], dx 7C92B3EC 696461 74 65005>imul esp, [ecx+74], 74520065 7C92B3F4 6C ins byte ptr es:[edi], dx 7C92B3F5 54 push esp 7C92B3F6 72 79 jb short 7C92B471 7C92B3F8 45 inc ebp 7C92B3F9 6E outs dx, byte ptr es:[edi] 7C92B3FA 74 65 je short 7C92B461 7C92B3FC 72 43 jb short 7C92B441 7C92B3FE 72 69 jb short 7C92B469 7C92B400 74 69 je short 7C92B46B 7C92B402 6361 6C arpl [ecx+6C], sp 7C92B405 53 push ebx 7C92B406 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92B40B 6E outs dx, byte ptr es:[edi] 7C92B40C 0052 74 add [edx+74], dl 7C92B40F 6C ins byte ptr es:[edi], dx 7C92B410 55 push ebp 7C92B411 6C ins byte ptr es:[edi], dx 7C92B412 6F outs dx, dword ptr es:[edi] 7C92B413 6E outs dx, byte ptr es:[edi] 7C92B414 67:42 inc edx ; msvcrt.77C31AE8 7C92B416 79 74 jns short 7C92B48C 7C92B418 65:53 push ebx 7C92B41A 77 61 ja short 7C92B47D 7C92B41C 70 00 jo short 7C92B41E 7C92B41E 52 push edx ; msvcrt.77C31AE8 7C92B41F 74 6C je short 7C92B48D 7C92B421 55 push ebp 7C92B422 6C ins byte ptr es:[edi], dx 7C92B423 6F outs dx, dword ptr es:[edi] 7C92B424 6E outs dx, byte ptr es:[edi] 7C92B425 67:6C ins byte ptr es:[di], dx 7C92B427 6F outs dx, dword ptr es:[edi] 7C92B428 6E outs dx, byte ptr es:[edi] 7C92B429 67:42 inc edx ; msvcrt.77C31AE8 7C92B42B 79 74 jns short 7C92B4A1 7C92B42D 65:53 push ebx 7C92B42F 77 61 ja short 7C92B492 7C92B431 70 00 jo short 7C92B433 7C92B433 52 push edx ; msvcrt.77C31AE8 7C92B434 74 6C je short 7C92B4A2 7C92B436 55 push ebp 7C92B437 6E outs dx, byte ptr es:[edi] 7C92B438 68 616E646C push 6C646E61 7C92B43D 65: prefix gs: 7C92B43E 64:45 inc ebp 7C92B440 78 63 js short 7C92B4A5 7C92B442 65:70 74 jo short 7C92B4B9 7C92B445 696F 6E 46696C7>imul ebp, [edi+6E], 746C6946 7C92B44C 65:72 00 jb short 7C92B44F 7C92B44F 52 push edx ; msvcrt.77C31AE8 7C92B450 74 6C je short 7C92B4BE 7C92B452 55 push ebp 7C92B453 6E outs dx, byte ptr es:[edi] 7C92B454 68 616E646C push 6C646E61 7C92B459 65: prefix gs: 7C92B45A 64:45 inc ebp 7C92B45C 78 63 js short 7C92B4C1 7C92B45E 65:70 74 jo short 7C92B4D5 7C92B461 696F 6E 46696C7>imul ebp, [edi+6E], 746C6946 7C92B468 65:72 32 jb short 7C92B49D 7C92B46B 0052 74 add [edx+74], dl 7C92B46E 6C ins byte ptr es:[edi], dx 7C92B46F 55 push ebp 7C92B470 6E outs dx, byte ptr es:[edi] 7C92B471 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92B478 72 69 jb short 7C92B4E3 7C92B47A 6E outs dx, byte ptr es:[edi] 7C92B47B 67:54 push esp 7C92B47D 6F outs dx, dword ptr es:[edi] 7C92B47E 41 inc ecx 7C92B47F 6E outs dx, byte ptr es:[edi] 7C92B480 73 69 jnb short 7C92B4EB 7C92B482 53 push ebx 7C92B483 697A 65 0052746>imul edi, [edx+65], 6C745200 7C92B48A 55 push ebp 7C92B48B 6E outs dx, byte ptr es:[edi] 7C92B48C 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92B493 72 69 jb short 7C92B4FE 7C92B495 6E outs dx, byte ptr es:[edi] 7C92B496 67:54 push esp 7C92B498 6F outs dx, dword ptr es:[edi] 7C92B499 41 inc ecx 7C92B49A 6E outs dx, byte ptr es:[edi] 7C92B49B 73 69 jnb short 7C92B506 7C92B49D 53 push ebx 7C92B49E 74 72 je short 7C92B512 7C92B4A0 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C92B4A7 55 push ebp 7C92B4A8 6E outs dx, byte ptr es:[edi] 7C92B4A9 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92B4B0 72 69 jb short 7C92B51B 7C92B4B2 6E outs dx, byte ptr es:[edi] 7C92B4B3 67:54 push esp 7C92B4B5 6F outs dx, dword ptr es:[edi] 7C92B4B6 43 inc ebx 7C92B4B7 6F outs dx, dword ptr es:[edi] 7C92B4B8 75 6E jnz short 7C92B528 7C92B4BA 74 65 je short 7C92B521 7C92B4BC 64:4F dec edi 7C92B4BE 65:6D ins dword ptr es:[edi], dx 7C92B4C0 53 push ebx 7C92B4C1 74 72 je short 7C92B535 7C92B4C3 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C92B4CA 55 push ebp 7C92B4CB 6E outs dx, byte ptr es:[edi] 7C92B4CC 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92B4D3 72 69 jb short 7C92B53E 7C92B4D5 6E outs dx, byte ptr es:[edi] 7C92B4D6 67:54 push esp 7C92B4D8 6F outs dx, dword ptr es:[edi] 7C92B4D9 49 dec ecx 7C92B4DA 6E outs dx, byte ptr es:[edi] 7C92B4DB 74 65 je short 7C92B542 7C92B4DD 67:65:72 00 jb short 7C92B4E1 7C92B4E1 52 push edx ; msvcrt.77C31AE8 7C92B4E2 74 6C je short 7C92B550 7C92B4E4 55 push ebp 7C92B4E5 6E outs dx, byte ptr es:[edi] 7C92B4E6 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92B4ED 72 69 jb short 7C92B558 7C92B4EF 6E outs dx, byte ptr es:[edi] 7C92B4F0 67:54 push esp 7C92B4F2 6F outs dx, dword ptr es:[edi] 7C92B4F3 4F dec edi 7C92B4F4 65:6D ins dword ptr es:[edi], dx 7C92B4F6 53 push ebx 7C92B4F7 697A 65 0052746>imul edi, [edx+65], 6C745200 7C92B4FE 55 push ebp 7C92B4FF 6E outs dx, byte ptr es:[edi] 7C92B500 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92B507 72 69 jb short 7C92B572 7C92B509 6E outs dx, byte ptr es:[edi] 7C92B50A 67:54 push esp 7C92B50C 6F outs dx, dword ptr es:[edi] 7C92B50D 4F dec edi 7C92B50E 65:6D ins dword ptr es:[edi], dx 7C92B510 53 push ebx 7C92B511 74 72 je short 7C92B585 7C92B513 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C92B51A 55 push ebp 7C92B51B 6E outs dx, byte ptr es:[edi] 7C92B51C 6963 6F 6465546>imul esp, [ebx+6F], 6F546564 7C92B523 43 inc ebx 7C92B524 75 73 jnz short 7C92B599 7C92B526 74 6F je short 7C92B597 7C92B528 6D ins dword ptr es:[edi], dx 7C92B529 43 inc ebx 7C92B52A 50 push eax 7C92B52B 4E dec esi ; ntdll.ZwTerminateProcess 7C92B52C 0052 74 add [edx+74], dl 7C92B52F 6C ins byte ptr es:[edi], dx 7C92B530 55 push ebp 7C92B531 6E outs dx, byte ptr es:[edi] 7C92B532 6963 6F 6465546>imul esp, [ebx+6F], 6F546564 7C92B539 4D dec ebp 7C92B53A 75 6C jnz short 7C92B5A8 7C92B53C 74 69 je short 7C92B5A7 7C92B53E 42 inc edx ; msvcrt.77C31AE8 7C92B53F 79 74 jns short 7C92B5B5 7C92B541 65:4E dec esi ; ntdll.ZwTerminateProcess 7C92B543 0052 74 add [edx+74], dl 7C92B546 6C ins byte ptr es:[edi], dx 7C92B547 55 push ebp 7C92B548 6E outs dx, byte ptr es:[edi] 7C92B549 6963 6F 6465546>imul esp, [ebx+6F], 6F546564 7C92B550 4D dec ebp 7C92B551 75 6C jnz short 7C92B5BF 7C92B553 74 69 je short 7C92B5BE 7C92B555 42 inc edx ; msvcrt.77C31AE8 7C92B556 79 74 jns short 7C92B5CC 7C92B558 65:53 push ebx 7C92B55A 697A 65 0052746>imul edi, [edx+65], 6C745200 7C92B561 55 push ebp 7C92B562 6E outs dx, byte ptr es:[edi] 7C92B563 6963 6F 6465546>imul esp, [ebx+6F], 6F546564 7C92B56A 4F dec edi 7C92B56B 65:6D ins dword ptr es:[edi], dx 7C92B56D 4E dec esi ; ntdll.ZwTerminateProcess 7C92B56E 0052 74 add [edx+74], dl 7C92B571 6C ins byte ptr es:[edi], dx 7C92B572 55 push ebp 7C92B573 6E outs dx, byte ptr es:[edi] 7C92B574 6966 6F 726D005>imul esp, [esi+6F], 52006D72 7C92B57B 74 6C je short 7C92B5E9 7C92B57D 55 push ebp 7C92B57E 6E outs dx, byte ptr es:[edi] 7C92B57F 6C ins byte ptr es:[edi], dx 7C92B580 6F outs dx, dword ptr es:[edi] 7C92B581 636B 42 arpl [ebx+42], bp 7C92B584 6F outs dx, dword ptr es:[edi] 7C92B585 6F outs dx, dword ptr es:[edi] 7C92B586 74 53 je short 7C92B5DB 7C92B588 74 61 je short 7C92B5EB 7C92B58A 74 75 je short 7C92B601 7C92B58C 73 44 jnb short 7C92B5D2 7C92B58E 61 popad 7C92B58F 74 61 je short 7C92B5F2 7C92B591 0052 74 add [edx+74], dl 7C92B594 6C ins byte ptr es:[edi], dx 7C92B595 55 push ebp 7C92B596 6E outs dx, byte ptr es:[edi] 7C92B597 6C ins byte ptr es:[edi], dx 7C92B598 6F outs dx, dword ptr es:[edi] 7C92B599 636B 48 arpl [ebx+48], bp 7C92B59C 65:61 popad 7C92B59E 70 00 jo short 7C92B5A0 7C92B5A0 52 push edx ; msvcrt.77C31AE8 7C92B5A1 74 6C je short 7C92B60F 7C92B5A3 55 push ebp 7C92B5A4 6E outs dx, byte ptr es:[edi] 7C92B5A5 6C ins byte ptr es:[edi], dx 7C92B5A6 6F outs dx, dword ptr es:[edi] 7C92B5A7 636B 4D arpl [ebx+4D], bp 7C92B5AA 65:6D ins dword ptr es:[edi], dx 7C92B5AC 6F outs dx, dword ptr es:[edi] 7C92B5AD 72 79 jb short 7C92B628 7C92B5AF 53 push ebx 7C92B5B0 74 72 je short 7C92B624 7C92B5B2 65:61 popad 7C92B5B4 6D ins dword ptr es:[edi], dx 7C92B5B5 52 push edx ; msvcrt.77C31AE8 7C92B5B6 65:67:696F 6E 0>imul ebp, gs:[bx+6E], 6C745200 7C92B5BF 55 push ebp 7C92B5C0 6E outs dx, byte ptr es:[edi] 7C92B5C1 77 69 ja short 7C92B62C 7C92B5C3 6E outs dx, byte ptr es:[edi] 7C92B5C4 64:0052 74 add fs:[edx+74], dl 7C92B5C8 6C ins byte ptr es:[edi], dx 7C92B5C9 55 push ebp 7C92B5CA 70 63 jo short 7C92B62F 7C92B5CC 61 popad 7C92B5CD 73 65 jnb short 7C92B634 7C92B5CF 55 push ebp 7C92B5D0 6E outs dx, byte ptr es:[edi] 7C92B5D1 6963 6F 6465436>imul esp, [ebx+6F], 68436564 7C92B5D8 61 popad 7C92B5D9 72 00 jb short 7C92B5DB 7C92B5DB 52 push edx ; msvcrt.77C31AE8 7C92B5DC 74 6C je short 7C92B64A 7C92B5DE 55 push ebp 7C92B5DF 70 63 jo short 7C92B644 7C92B5E1 61 popad 7C92B5E2 73 65 jnb short 7C92B649 7C92B5E4 55 push ebp 7C92B5E5 6E outs dx, byte ptr es:[edi] 7C92B5E6 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92B5ED 72 69 jb short 7C92B658 7C92B5EF 6E outs dx, byte ptr es:[edi] 7C92B5F0 67:0052 74 add [bp+si+74], dl 7C92B5F4 6C ins byte ptr es:[edi], dx 7C92B5F5 55 push ebp 7C92B5F6 70 63 jo short 7C92B65B 7C92B5F8 61 popad 7C92B5F9 73 65 jnb short 7C92B660 7C92B5FB 55 push ebp 7C92B5FC 6E outs dx, byte ptr es:[edi] 7C92B5FD 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92B604 72 69 jb short 7C92B66F 7C92B606 6E outs dx, byte ptr es:[edi] 7C92B607 67:54 push esp 7C92B609 6F outs dx, dword ptr es:[edi] 7C92B60A 41 inc ecx 7C92B60B 6E outs dx, byte ptr es:[edi] 7C92B60C 73 69 jnb short 7C92B677 7C92B60E 53 push ebx 7C92B60F 74 72 je short 7C92B683 7C92B611 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C92B618 55 push ebp 7C92B619 70 63 jo short 7C92B67E 7C92B61B 61 popad 7C92B61C 73 65 jnb short 7C92B683 7C92B61E 55 push ebp 7C92B61F 6E outs dx, byte ptr es:[edi] 7C92B620 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92B627 72 69 jb short 7C92B692 7C92B629 6E outs dx, byte ptr es:[edi] 7C92B62A 67:54 push esp 7C92B62C 6F outs dx, dword ptr es:[edi] 7C92B62D 43 inc ebx 7C92B62E 6F outs dx, dword ptr es:[edi] 7C92B62F 75 6E jnz short 7C92B69F 7C92B631 74 65 je short 7C92B698 7C92B633 64:4F dec edi 7C92B635 65:6D ins dword ptr es:[edi], dx 7C92B637 53 push ebx 7C92B638 74 72 je short 7C92B6AC 7C92B63A 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C92B641 55 push ebp 7C92B642 70 63 jo short 7C92B6A7 7C92B644 61 popad 7C92B645 73 65 jnb short 7C92B6AC 7C92B647 55 push ebp 7C92B648 6E outs dx, byte ptr es:[edi] 7C92B649 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92B650 72 69 jb short 7C92B6BB 7C92B652 6E outs dx, byte ptr es:[edi] 7C92B653 67:54 push esp 7C92B655 6F outs dx, dword ptr es:[edi] 7C92B656 4F dec edi 7C92B657 65:6D ins dword ptr es:[edi], dx 7C92B659 53 push ebx 7C92B65A 74 72 je short 7C92B6CE 7C92B65C 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C92B663 55 push ebp 7C92B664 70 63 jo short 7C92B6C9 7C92B666 61 popad 7C92B667 73 65 jnb short 7C92B6CE 7C92B669 55 push ebp 7C92B66A 6E outs dx, byte ptr es:[edi] 7C92B66B 6963 6F 6465546>imul esp, [ebx+6F], 6F546564 7C92B672 43 inc ebx 7C92B673 75 73 jnz short 7C92B6E8 7C92B675 74 6F je short 7C92B6E6 7C92B677 6D ins dword ptr es:[edi], dx 7C92B678 43 inc ebx 7C92B679 50 push eax 7C92B67A 4E dec esi ; ntdll.ZwTerminateProcess 7C92B67B 0052 74 add [edx+74], dl 7C92B67E 6C ins byte ptr es:[edi], dx 7C92B67F 55 push ebp 7C92B680 70 63 jo short 7C92B6E5 7C92B682 61 popad 7C92B683 73 65 jnb short 7C92B6EA 7C92B685 55 push ebp 7C92B686 6E outs dx, byte ptr es:[edi] 7C92B687 6963 6F 6465546>imul esp, [ebx+6F], 6F546564 7C92B68E 4D dec ebp 7C92B68F 75 6C jnz short 7C92B6FD 7C92B691 74 69 je short 7C92B6FC 7C92B693 42 inc edx ; msvcrt.77C31AE8 7C92B694 79 74 jns short 7C92B70A 7C92B696 65:4E dec esi ; ntdll.ZwTerminateProcess 7C92B698 0052 74 add [edx+74], dl 7C92B69B 6C ins byte ptr es:[edi], dx 7C92B69C 55 push ebp 7C92B69D 70 63 jo short 7C92B702 7C92B69F 61 popad 7C92B6A0 73 65 jnb short 7C92B707 7C92B6A2 55 push ebp 7C92B6A3 6E outs dx, byte ptr es:[edi] 7C92B6A4 6963 6F 6465546>imul esp, [ebx+6F], 6F546564 7C92B6AB 4F dec edi 7C92B6AC 65:6D ins dword ptr es:[edi], dx 7C92B6AE 4E dec esi ; ntdll.ZwTerminateProcess 7C92B6AF 0052 74 add [edx+74], dl 7C92B6B2 6C ins byte ptr es:[edi], dx 7C92B6B3 55 push ebp 7C92B6B4 70 64 jo short 7C92B71A 7C92B6B6 61 popad 7C92B6B7 74 65 je short 7C92B71E 7C92B6B9 54 push esp 7C92B6BA 696D 65 7200527>imul ebp, [ebp+65], 74520072 7C92B6C1 6C ins byte ptr es:[edi], dx 7C92B6C2 55 push ebp 7C92B6C3 70 70 jo short 7C92B735 7C92B6C5 65:72 43 jb short 7C92B70B 7C92B6C8 68 61720052 push 52007261 7C92B6CD 74 6C je short 7C92B73B 7C92B6CF 55 push ebp 7C92B6D0 70 70 jo short 7C92B742 7C92B6D2 65:72 53 jb short 7C92B728 7C92B6D5 74 72 je short 7C92B749 7C92B6D7 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C92B6DE 55 push ebp 7C92B6DF 73 61 jnb short 7C92B742 7C92B6E1 67:65:48 dec eax 7C92B6E4 65:61 popad 7C92B6E6 70 00 jo short 7C92B6E8 7C92B6E8 52 push edx ; msvcrt.77C31AE8 7C92B6E9 74 6C je short 7C92B757 7C92B6EB 55 push ebp 7C92B6EC 73 68 jnb short 7C92B756 7C92B6EE 6F outs dx, dword ptr es:[edi] 7C92B6EF 72 74 jb short 7C92B765 7C92B6F1 42 inc edx ; msvcrt.77C31AE8 7C92B6F2 79 74 jns short 7C92B768 7C92B6F4 65:53 push ebx 7C92B6F6 77 61 ja short 7C92B759 7C92B6F8 70 00 jo short 7C92B6FA 7C92B6FA 52 push edx ; msvcrt.77C31AE8 7C92B6FB 74 6C je short 7C92B769 7C92B6FD 56 push esi ; ntdll.ZwTerminateProcess 7C92B6FE 61 popad 7C92B6FF 6C ins byte ptr es:[edi], dx 7C92B700 696441 63 6C005>imul esp, [ecx+eax*2+63], 7452006C 7C92B708 6C ins byte ptr es:[edi], dx 7C92B709 56 push esi ; ntdll.ZwTerminateProcess 7C92B70A 61 popad 7C92B70B 6C ins byte ptr es:[edi], dx 7C92B70C 696452 65 6C617>imul esp, [edx+edx*2+65], 6974616C 7C92B714 76 65 jbe short 7C92B77B 7C92B716 53 push ebx 7C92B717 65:6375 72 arpl gs:[ebp+72], si 7C92B71B 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C92B723 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C92B72A 74 6C je short 7C92B798 7C92B72C 56 push esi ; ntdll.ZwTerminateProcess 7C92B72D 61 popad 7C92B72E 6C ins byte ptr es:[edi], dx 7C92B72F 696453 65 63757>imul esp, [ebx+edx*2+65], 69727563 7C92B737 74 79 je short 7C92B7B2 7C92B739 44 inc esp 7C92B73A 65:73 63 jnb short 7C92B7A0 7C92B73D 72 69 jb short 7C92B7A8 7C92B73F 70 74 jo short 7C92B7B5 7C92B741 6F outs dx, dword ptr es:[edi] 7C92B742 72 00 jb short 7C92B744 7C92B744 52 push edx ; msvcrt.77C31AE8 7C92B745 74 6C je short 7C92B7B3 7C92B747 56 push esi ; ntdll.ZwTerminateProcess 7C92B748 61 popad 7C92B749 6C ins byte ptr es:[edi], dx 7C92B74A 696453 69 64005>imul esp, [ebx+edx*2+69], 74520064 7C92B752 6C ins byte ptr es:[edi], dx 7C92B753 56 push esi ; ntdll.ZwTerminateProcess 7C92B754 61 popad 7C92B755 6C ins byte ptr es:[edi], dx 7C92B756 696461 74 65486>imul esp, [ecx+74], 61654865 7C92B75E 70 00 jo short 7C92B760 7C92B760 52 push edx ; msvcrt.77C31AE8 7C92B761 74 6C je short 7C92B7CF 7C92B763 56 push esi ; ntdll.ZwTerminateProcess 7C92B764 61 popad 7C92B765 6C ins byte ptr es:[edi], dx 7C92B766 696461 74 65507>imul esp, [ecx+74], 6F725065 7C92B76E 6365 73 arpl [ebp+73], sp 7C92B771 73 48 jnb short 7C92B7BB 7C92B773 65:61 popad 7C92B775 70 73 jo short 7C92B7EA 7C92B777 0052 74 add [edx+74], dl 7C92B77A 6C ins byte ptr es:[edi], dx 7C92B77B 56 push esi ; ntdll.ZwTerminateProcess 7C92B77C 61 popad 7C92B77D 6C ins byte ptr es:[edi], dx 7C92B77E 696461 74 65556>imul esp, [ecx+74], 696E5565 7C92B786 636F 64 arpl [edi+64], bp 7C92B789 65:53 push ebx 7C92B78B 74 72 je short 7C92B7FF 7C92B78D 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C92B794 56 push esi ; ntdll.ZwTerminateProcess 7C92B795 65:72 69 jb short 7C92B801 7C92B798 - 66:79 56 jns short 0000B7F1 7C92B79B 65:72 73 jb short 7C92B811 7C92B79E 696F 6E 496E666>imul ebp, [edi+6E], 6F666E49 7C92B7A5 0052 74 add [edx+74], dl 7C92B7A8 6C ins byte ptr es:[edi], dx 7C92B7A9 57 push edi 7C92B7AA 61 popad 7C92B7AB 6C ins byte ptr es:[edi], dx 7C92B7AC 6B46 72 61 imul eax, [esi+72], 61 7C92B7B0 6D ins dword ptr es:[edi], dx 7C92B7B1 65:43 inc ebx 7C92B7B3 68 61696E00 push 6E6961 7C92B7B8 52 push edx ; msvcrt.77C31AE8 7C92B7B9 74 6C je short 7C92B827 7C92B7BB 57 push edi 7C92B7BC 61 popad 7C92B7BD 6C ins byte ptr es:[edi], dx 7C92B7BE 6B48 65 61 imul ecx, [eax+65], 61 7C92B7C2 70 00 jo short 7C92B7C4 7C92B7C4 52 push edx ; msvcrt.77C31AE8 7C92B7C5 74 6C je short 7C92B833 7C92B7C7 57 push edi 7C92B7C8 72 69 jb short 7C92B833 7C92B7CA 74 65 je short 7C92B831 7C92B7CC 4D dec ebp 7C92B7CD 65:6D ins dword ptr es:[edi], dx 7C92B7CF 6F outs dx, dword ptr es:[edi] 7C92B7D0 72 79 jb short 7C92B84B 7C92B7D2 53 push ebx 7C92B7D3 74 72 je short 7C92B847 7C92B7D5 65:61 popad 7C92B7D7 6D ins dword ptr es:[edi], dx 7C92B7D8 0052 74 add [edx+74], dl 7C92B7DB 6C ins byte ptr es:[edi], dx 7C92B7DC 57 push edi 7C92B7DD 72 69 jb short 7C92B848 7C92B7DF 74 65 je short 7C92B846 7C92B7E1 52 push edx ; msvcrt.77C31AE8 |
|
[讨论]程序分析!
7C92A186 69744D 61 70005>imul esi, [ebp+ecx*2+61], 74520070 7C92A18E 6C ins byte ptr es:[edi], dx 7C92A18F 49 dec ecx 7C92A190 6E outs dx, byte ptr es:[edi] 7C92A191 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A199 43 inc ebx 7C92A19A 6F outs dx, dword ptr es:[edi] 7C92A19B 6E outs dx, byte ptr es:[edi] 7C92A19C 74 65 je short 7C92A203 7C92A19E 78 74 js short 7C92A214 7C92A1A0 0052 74 add [edx+74], dl 7C92A1A3 6C ins byte ptr es:[edi], dx 7C92A1A4 49 dec ecx 7C92A1A5 6E outs dx, byte ptr es:[edi] 7C92A1A6 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A1AE 43 inc ebx 7C92A1AF 72 69 jb short 7C92A21A 7C92A1B1 74 69 je short 7C92A21C 7C92A1B3 6361 6C arpl [ecx+6C], sp 7C92A1B6 53 push ebx 7C92A1B7 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92A1BC 6E outs dx, byte ptr es:[edi] 7C92A1BD 0052 74 add [edx+74], dl 7C92A1C0 6C ins byte ptr es:[edi], dx 7C92A1C1 49 dec ecx 7C92A1C2 6E outs dx, byte ptr es:[edi] 7C92A1C3 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A1CB 43 inc ebx 7C92A1CC 72 69 jb short 7C92A237 7C92A1CE 74 69 je short 7C92A239 7C92A1D0 6361 6C arpl [ecx+6C], sp 7C92A1D3 53 push ebx 7C92A1D4 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92A1D9 6E outs dx, byte ptr es:[edi] 7C92A1DA 41 inc ecx 7C92A1DB 6E outs dx, byte ptr es:[edi] 7C92A1DC 64:53 push ebx 7C92A1DE 70 69 jo short 7C92A249 7C92A1E0 6E outs dx, byte ptr es:[edi] 7C92A1E1 43 inc ebx 7C92A1E2 6F outs dx, dword ptr es:[edi] 7C92A1E3 75 6E jnz short 7C92A253 7C92A1E5 74 00 je short 7C92A1E7 7C92A1E7 52 push edx ; msvcrt.77C31AE8 7C92A1E8 74 6C je short 7C92A256 7C92A1EA 49 dec ecx 7C92A1EB 6E outs dx, byte ptr es:[edi] 7C92A1EC 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A1F4 47 inc edi 7C92A1F5 65:6E outs dx, byte ptr es:[edi] 7C92A1F7 65:72 69 jb short 7C92A263 7C92A1FA 635461 62 arpl [ecx+62], dx 7C92A1FE 6C ins byte ptr es:[edi], dx 7C92A1FF 65:0052 74 add gs:[edx+74], dl 7C92A203 6C ins byte ptr es:[edi], dx 7C92A204 49 dec ecx 7C92A205 6E outs dx, byte ptr es:[edi] 7C92A206 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A20E 47 inc edi 7C92A20F 65:6E outs dx, byte ptr es:[edi] 7C92A211 65:72 69 jb short 7C92A27D 7C92A214 635461 62 arpl [ecx+62], dx 7C92A218 6C ins byte ptr es:[edi], dx 7C92A219 65:41 inc ecx 7C92A21B 76 6C jbe short 7C92A289 7C92A21D 0052 74 add [edx+74], dl 7C92A220 6C ins byte ptr es:[edi], dx 7C92A221 49 dec ecx 7C92A222 6E outs dx, byte ptr es:[edi] 7C92A223 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A22B 48 dec eax 7C92A22C 61 popad 7C92A22D 6E outs dx, byte ptr es:[edi] 7C92A22E 64:6C ins byte ptr es:[edi], dx 7C92A230 65:54 push esp 7C92A232 61 popad 7C92A233 626C65 00 bound ebp, [ebp] 7C92A237 52 push edx ; msvcrt.77C31AE8 7C92A238 74 6C je short 7C92A2A6 7C92A23A 49 dec ecx 7C92A23B 6E outs dx, byte ptr es:[edi] 7C92A23C 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A244 52 push edx ; msvcrt.77C31AE8 7C92A245 58 pop eax ; ntdll.7C92E89A 7C92A246 61 popad 7C92A247 637400 52 arpl [eax+eax+52], si 7C92A24B 74 6C je short 7C92A2B9 7C92A24D 49 dec ecx 7C92A24E 6E outs dx, byte ptr es:[edi] 7C92A24F 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A257 52 push edx ; msvcrt.77C31AE8 7C92A258 61 popad 7C92A259 6E outs dx, byte ptr es:[edi] 7C92A25A 67:65:4C dec esp 7C92A25D 6973 74 0052746>imul esi, [ebx+74], 6C745200 7C92A264 49 dec ecx 7C92A265 6E outs dx, byte ptr es:[edi] 7C92A266 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A26E 52 push edx ; msvcrt.77C31AE8 7C92A26F 65:73 6F jnb short 7C92A2E1 7C92A272 75 72 jnz short 7C92A2E6 7C92A274 6365 00 arpl [ebp], sp 7C92A277 52 push edx ; msvcrt.77C31AE8 7C92A278 74 6C je short 7C92A2E6 7C92A27A 49 dec ecx 7C92A27B 6E outs dx, byte ptr es:[edi] 7C92A27C 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A284 53 push ebx 7C92A285 4C dec esp 7C92A286 6973 74 4865616>imul esi, [ebx+74], 64616548 7C92A28D 0052 74 add [edx+74], dl 7C92A290 6C ins byte ptr es:[edi], dx 7C92A291 49 dec ecx 7C92A292 6E outs dx, byte ptr es:[edi] 7C92A293 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A29B 53 push ebx 7C92A29C 696400 52 746C4>imul esp, [eax+eax+52], 6E496C74 7C92A2A4 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A2AC 53 push ebx 7C92A2AD 74 61 je short 7C92A310 7C92A2AF 636B 54 arpl [ebx+54], bp 7C92A2B2 72 61 jb short 7C92A315 7C92A2B4 6365 44 arpl [ebp+44], sp 7C92A2B7 61 popad 7C92A2B8 74 61 je short 7C92A31B 7C92A2BA 42 inc edx ; msvcrt.77C31AE8 7C92A2BB 61 popad 7C92A2BC 73 65 jnb short 7C92A323 7C92A2BE 0052 74 add [edx+74], dl 7C92A2C1 6C ins byte ptr es:[edi], dx 7C92A2C2 49 dec ecx 7C92A2C3 6E outs dx, byte ptr es:[edi] 7C92A2C4 73 65 jnb short 7C92A32B 7C92A2C6 72 74 jb short 7C92A33C 7C92A2C8 45 inc ebp 7C92A2C9 6C ins byte ptr es:[edi], dx 7C92A2CA 65:6D ins dword ptr es:[edi], dx 7C92A2CC 65:6E outs dx, byte ptr es:[edi] 7C92A2CE 74 47 je short 7C92A317 7C92A2D0 65:6E outs dx, byte ptr es:[edi] 7C92A2D2 65:72 69 jb short 7C92A33E 7C92A2D5 635461 62 arpl [ecx+62], dx 7C92A2D9 6C ins byte ptr es:[edi], dx 7C92A2DA 65:0052 74 add gs:[edx+74], dl 7C92A2DE 6C ins byte ptr es:[edi], dx 7C92A2DF 49 dec ecx 7C92A2E0 6E outs dx, byte ptr es:[edi] 7C92A2E1 73 65 jnb short 7C92A348 7C92A2E3 72 74 jb short 7C92A359 7C92A2E5 45 inc ebp 7C92A2E6 6C ins byte ptr es:[edi], dx 7C92A2E7 65:6D ins dword ptr es:[edi], dx 7C92A2E9 65:6E outs dx, byte ptr es:[edi] 7C92A2EB 74 47 je short 7C92A334 7C92A2ED 65:6E outs dx, byte ptr es:[edi] 7C92A2EF 65:72 69 jb short 7C92A35B 7C92A2F2 635461 62 arpl [ecx+62], dx 7C92A2F6 6C ins byte ptr es:[edi], dx 7C92A2F7 65:41 inc ecx 7C92A2F9 76 6C jbe short 7C92A367 7C92A2FB 0052 74 add [edx+74], dl 7C92A2FE 6C ins byte ptr es:[edi], dx 7C92A2FF 49 dec ecx 7C92A300 6E outs dx, byte ptr es:[edi] 7C92A301 74 36 je short 7C92A339 7C92A303 34 54 xor al, 54 7C92A305 6F outs dx, dword ptr es:[edi] 7C92A306 55 push ebp 7C92A307 6E outs dx, byte ptr es:[edi] 7C92A308 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92A30F 72 69 jb short 7C92A37A 7C92A311 6E outs dx, byte ptr es:[edi] 7C92A312 67:0052 74 add [bp+si+74], dl 7C92A316 6C ins byte ptr es:[edi], dx 7C92A317 49 dec ecx 7C92A318 6E outs dx, byte ptr es:[edi] 7C92A319 74 65 je short 7C92A380 7C92A31B 67:65:72 54 jb short 7C92A373 7C92A31F 6F outs dx, dword ptr es:[edi] 7C92A320 43 inc ebx 7C92A321 68 61720052 push 52007261 7C92A326 74 6C je short 7C92A394 7C92A328 49 dec ecx 7C92A329 6E outs dx, byte ptr es:[edi] 7C92A32A 74 65 je short 7C92A391 7C92A32C 67:65:72 54 jb short 7C92A384 7C92A330 6F outs dx, dword ptr es:[edi] 7C92A331 55 push ebp 7C92A332 6E outs dx, byte ptr es:[edi] 7C92A333 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92A33A 72 69 jb short 7C92A3A5 7C92A33C 6E outs dx, byte ptr es:[edi] 7C92A33D 67:0052 74 add [bp+si+74], dl 7C92A341 6C ins byte ptr es:[edi], dx 7C92A342 49 dec ecx 7C92A343 6E outs dx, byte ptr es:[edi] 7C92A344 74 65 je short 7C92A3AB 7C92A346 72 6C jb short 7C92A3B4 7C92A348 6F outs dx, dword ptr es:[edi] 7C92A349 636B 65 arpl [ebx+65], bp 7C92A34C 64:46 inc esi ; ntdll.ZwTerminateProcess 7C92A34E 6C ins byte ptr es:[edi], dx 7C92A34F 75 73 jnz short 7C92A3C4 7C92A351 68 534C6973 push 73694C53 7C92A356 74 00 je short 7C92A358 7C92A358 52 push edx ; msvcrt.77C31AE8 7C92A359 74 6C je short 7C92A3C7 7C92A35B 49 dec ecx 7C92A35C 6E outs dx, byte ptr es:[edi] 7C92A35D 74 65 je short 7C92A3C4 7C92A35F 72 6C jb short 7C92A3CD 7C92A361 6F outs dx, dword ptr es:[edi] 7C92A362 636B 65 arpl [ebx+65], bp 7C92A365 64:50 push eax 7C92A367 6F outs dx, dword ptr es:[edi] 7C92A368 70 45 jo short 7C92A3AF 7C92A36A 6E outs dx, byte ptr es:[edi] 7C92A36B 74 72 je short 7C92A3DF 7C92A36D 79 53 jns short 7C92A3C2 7C92A36F 4C dec esp 7C92A370 6973 74 0052746>imul esi, [ebx+74], 6C745200 7C92A377 49 dec ecx 7C92A378 6E outs dx, byte ptr es:[edi] 7C92A379 74 65 je short 7C92A3E0 7C92A37B 72 6C jb short 7C92A3E9 7C92A37D 6F outs dx, dword ptr es:[edi] 7C92A37E 636B 65 arpl [ebx+65], bp 7C92A381 64:50 push eax 7C92A383 75 73 jnz short 7C92A3F8 7C92A385 68 456E7472 push 72746E45 7C92A38A 79 53 jns short 7C92A3DF 7C92A38C 4C dec esp 7C92A38D 6973 74 0052746>imul esi, [ebx+74], 6C745200 7C92A394 49 dec ecx 7C92A395 6E outs dx, byte ptr es:[edi] 7C92A396 74 65 je short 7C92A3FD 7C92A398 72 6C jb short 7C92A406 7C92A39A 6F outs dx, dword ptr es:[edi] 7C92A39B 636B 65 arpl [ebx+65], bp 7C92A39E 64:50 push eax 7C92A3A0 75 73 jnz short 7C92A415 7C92A3A2 68 4C697374 push 7473694C 7C92A3A7 53 push ebx 7C92A3A8 4C dec esp 7C92A3A9 6973 74 0052746>imul esi, [ebx+74], 6C745200 7C92A3B0 49 dec ecx 7C92A3B1 6E outs dx, byte ptr es:[edi] 7C92A3B2 76 65 jbe short 7C92A419 7C92A3B4 72 74 jb short 7C92A42A 7C92A3B6 52 push edx ; msvcrt.77C31AE8 7C92A3B7 61 popad 7C92A3B8 6E outs dx, byte ptr es:[edi] 7C92A3B9 67:65:4C dec esp 7C92A3BC 6973 74 0052746>imul esi, [ebx+74], 6C745200 7C92A3C3 49 dec ecx 7C92A3C4 70 76 jo short 7C92A43C 7C92A3C6 34 41 xor al, 41 7C92A3C8 64: prefix fs: 7C92A3C9 64:72 65 jb short 7C92A431 7C92A3CC 73 73 jnb short 7C92A441 7C92A3CE 54 push esp 7C92A3CF 6F outs dx, dword ptr es:[edi] 7C92A3D0 53 push ebx 7C92A3D1 74 72 je short 7C92A445 7C92A3D3 696E 67 4100527>imul ebp, [esi+67], 74520041 7C92A3DA 6C ins byte ptr es:[edi], dx 7C92A3DB 49 dec ecx 7C92A3DC 70 76 jo short 7C92A454 7C92A3DE 34 41 xor al, 41 7C92A3E0 64: prefix fs: 7C92A3E1 64:72 65 jb short 7C92A449 7C92A3E4 73 73 jnb short 7C92A459 7C92A3E6 54 push esp 7C92A3E7 6F outs dx, dword ptr es:[edi] 7C92A3E8 53 push ebx 7C92A3E9 74 72 je short 7C92A45D 7C92A3EB 696E 67 4578410>imul ebp, [esi+67], 417845 7C92A3F2 52 push edx ; msvcrt.77C31AE8 7C92A3F3 74 6C je short 7C92A461 7C92A3F5 49 dec ecx 7C92A3F6 70 76 jo short 7C92A46E 7C92A3F8 34 41 xor al, 41 7C92A3FA 64: prefix fs: 7C92A3FB 64:72 65 jb short 7C92A463 7C92A3FE 73 73 jnb short 7C92A473 7C92A400 54 push esp 7C92A401 6F outs dx, dword ptr es:[edi] 7C92A402 53 push ebx 7C92A403 74 72 je short 7C92A477 7C92A405 696E 67 4578570>imul ebp, [esi+67], 577845 7C92A40C 52 push edx ; msvcrt.77C31AE8 7C92A40D 74 6C je short 7C92A47B 7C92A40F 49 dec ecx 7C92A410 70 76 jo short 7C92A488 7C92A412 34 41 xor al, 41 7C92A414 64: prefix fs: 7C92A415 64:72 65 jb short 7C92A47D 7C92A418 73 73 jnb short 7C92A48D 7C92A41A 54 push esp 7C92A41B 6F outs dx, dword ptr es:[edi] 7C92A41C 53 push ebx 7C92A41D 74 72 je short 7C92A491 7C92A41F 696E 67 5700527>imul ebp, [esi+67], 74520057 7C92A426 6C ins byte ptr es:[edi], dx 7C92A427 49 dec ecx 7C92A428 70 76 jo short 7C92A4A0 7C92A42A 34 53 xor al, 53 7C92A42C 74 72 je short 7C92A4A0 7C92A42E 696E 67 546F416>imul ebp, [esi+67], 64416F54 7C92A435 64:72 65 jb short 7C92A49D 7C92A438 73 73 jnb short 7C92A4AD 7C92A43A 41 inc ecx 7C92A43B 0052 74 add [edx+74], dl 7C92A43E 6C ins byte ptr es:[edi], dx 7C92A43F 49 dec ecx 7C92A440 70 76 jo short 7C92A4B8 7C92A442 34 53 xor al, 53 7C92A444 74 72 je short 7C92A4B8 7C92A446 696E 67 546F416>imul ebp, [esi+67], 64416F54 7C92A44D 64:72 65 jb short 7C92A4B5 7C92A450 73 73 jnb short 7C92A4C5 7C92A452 45 inc ebp 7C92A453 78 41 js short 7C92A496 7C92A455 0052 74 add [edx+74], dl 7C92A458 6C ins byte ptr es:[edi], dx 7C92A459 49 dec ecx 7C92A45A 70 76 jo short 7C92A4D2 7C92A45C 34 53 xor al, 53 7C92A45E 74 72 je short 7C92A4D2 7C92A460 696E 67 546F416>imul ebp, [esi+67], 64416F54 7C92A467 64:72 65 jb short 7C92A4CF 7C92A46A 73 73 jnb short 7C92A4DF 7C92A46C 45 inc ebp 7C92A46D 78 57 js short 7C92A4C6 7C92A46F 0052 74 add [edx+74], dl 7C92A472 6C ins byte ptr es:[edi], dx 7C92A473 49 dec ecx 7C92A474 70 76 jo short 7C92A4EC 7C92A476 34 53 xor al, 53 7C92A478 74 72 je short 7C92A4EC 7C92A47A 696E 67 546F416>imul ebp, [esi+67], 64416F54 7C92A481 64:72 65 jb short 7C92A4E9 7C92A484 73 73 jnb short 7C92A4F9 7C92A486 57 push edi 7C92A487 0052 74 add [edx+74], dl 7C92A48A 6C ins byte ptr es:[edi], dx 7C92A48B 49 dec ecx 7C92A48C 70 76 jo short 7C92A504 7C92A48E 36:41 inc ecx 7C92A490 64: prefix fs: 7C92A491 64:72 65 jb short 7C92A4F9 7C92A494 73 73 jnb short 7C92A509 7C92A496 54 push esp 7C92A497 6F outs dx, dword ptr es:[edi] 7C92A498 53 push ebx 7C92A499 74 72 je short 7C92A50D 7C92A49B 696E 67 4100527>imul ebp, [esi+67], 74520041 7C92A4A2 6C ins byte ptr es:[edi], dx 7C92A4A3 49 dec ecx 7C92A4A4 70 76 jo short 7C92A51C 7C92A4A6 36:41 inc ecx 7C92A4A8 64: prefix fs: 7C92A4A9 64:72 65 jb short 7C92A511 7C92A4AC 73 73 jnb short 7C92A521 7C92A4AE 54 push esp 7C92A4AF 6F outs dx, dword ptr es:[edi] 7C92A4B0 53 push ebx 7C92A4B1 74 72 je short 7C92A525 7C92A4B3 696E 67 4578410>imul ebp, [esi+67], 417845 7C92A4BA 52 push edx ; msvcrt.77C31AE8 7C92A4BB 74 6C je short 7C92A529 7C92A4BD 49 dec ecx 7C92A4BE 70 76 jo short 7C92A536 7C92A4C0 36:41 inc ecx 7C92A4C2 64: prefix fs: 7C92A4C3 64:72 65 jb short 7C92A52B 7C92A4C6 73 73 jnb short 7C92A53B 7C92A4C8 54 push esp 7C92A4C9 6F outs dx, dword ptr es:[edi] 7C92A4CA 53 push ebx 7C92A4CB 74 72 je short 7C92A53F 7C92A4CD 696E 67 4578570>imul ebp, [esi+67], 577845 7C92A4D4 52 push edx ; msvcrt.77C31AE8 7C92A4D5 74 6C je short 7C92A543 7C92A4D7 49 dec ecx 7C92A4D8 70 76 jo short 7C92A550 7C92A4DA 36:41 inc ecx 7C92A4DC 64: prefix fs: 7C92A4DD 64:72 65 jb short 7C92A545 7C92A4E0 73 73 jnb short 7C92A555 7C92A4E2 54 push esp 7C92A4E3 6F outs dx, dword ptr es:[edi] 7C92A4E4 53 push ebx 7C92A4E5 74 72 je short 7C92A559 7C92A4E7 696E 67 5700527>imul ebp, [esi+67], 74520057 7C92A4EE 6C ins byte ptr es:[edi], dx 7C92A4EF 49 dec ecx 7C92A4F0 70 76 jo short 7C92A568 7C92A4F2 36:53 push ebx 7C92A4F4 74 72 je short 7C92A568 7C92A4F6 696E 67 546F416>imul ebp, [esi+67], 64416F54 7C92A4FD 64:72 65 jb short 7C92A565 7C92A500 73 73 jnb short 7C92A575 7C92A502 41 inc ecx 7C92A503 0052 74 add [edx+74], dl 7C92A506 6C ins byte ptr es:[edi], dx 7C92A507 49 dec ecx 7C92A508 70 76 jo short 7C92A580 7C92A50A 36:53 push ebx 7C92A50C 74 72 je short 7C92A580 7C92A50E 696E 67 546F416>imul ebp, [esi+67], 64416F54 7C92A515 64:72 65 jb short 7C92A57D 7C92A518 73 73 jnb short 7C92A58D 7C92A51A 45 inc ebp 7C92A51B 78 41 js short 7C92A55E 7C92A51D 0052 74 add [edx+74], dl 7C92A520 6C ins byte ptr es:[edi], dx 7C92A521 49 dec ecx 7C92A522 70 76 jo short 7C92A59A 7C92A524 36:53 push ebx 7C92A526 74 72 je short 7C92A59A 7C92A528 696E 67 546F416>imul ebp, [esi+67], 64416F54 7C92A52F 64:72 65 jb short 7C92A597 7C92A532 73 73 jnb short 7C92A5A7 7C92A534 45 inc ebp 7C92A535 78 57 js short 7C92A58E 7C92A537 0052 74 add [edx+74], dl 7C92A53A 6C ins byte ptr es:[edi], dx 7C92A53B 49 dec ecx 7C92A53C 70 76 jo short 7C92A5B4 7C92A53E 36:53 push ebx 7C92A540 74 72 je short 7C92A5B4 7C92A542 696E 67 546F416>imul ebp, [esi+67], 64416F54 7C92A549 64:72 65 jb short 7C92A5B1 7C92A54C 73 73 jnb short 7C92A5C1 7C92A54E 57 push edi 7C92A54F 0052 74 add [edx+74], dl 7C92A552 6C ins byte ptr es:[edi], dx 7C92A553 49 dec ecx 7C92A554 73 41 jnb short 7C92A597 7C92A556 637469 76 arpl [ecx+ebp*2+76], si 7C92A55A 61 popad 7C92A55B 74 69 je short 7C92A5C6 7C92A55D 6F outs dx, dword ptr es:[edi] 7C92A55E 6E outs dx, byte ptr es:[edi] 7C92A55F 43 inc ebx 7C92A560 6F outs dx, dword ptr es:[edi] 7C92A561 6E outs dx, byte ptr es:[edi] 7C92A562 74 65 je short 7C92A5C9 7C92A564 78 74 js short 7C92A5DA 7C92A566 41 inc ecx 7C92A567 637469 76 arpl [ecx+ebp*2+76], si 7C92A56B 65:0052 74 add gs:[edx+74], dl 7C92A56F 6C ins byte ptr es:[edi], dx 7C92A570 49 dec ecx 7C92A571 73 44 jnb short 7C92A5B7 7C92A573 6F outs dx, dword ptr es:[edi] 7C92A574 73 44 jnb short 7C92A5BA 7C92A576 65:76 69 jbe short 7C92A5E2 7C92A579 6365 4E arpl [ebp+4E], sp 7C92A57C 61 popad 7C92A57D 6D ins dword ptr es:[edi], dx 7C92A57E 65:5F pop edi ; ntdll.7C92E89A 7C92A580 55 push ebp 7C92A581 0052 74 add [edx+74], dl 7C92A584 6C ins byte ptr es:[edi], dx 7C92A585 49 dec ecx 7C92A586 73 47 jnb short 7C92A5CF 7C92A588 65:6E outs dx, byte ptr es:[edi] 7C92A58A 65:72 69 jb short 7C92A5F6 7C92A58D 635461 62 arpl [ecx+62], dx 7C92A591 6C ins byte ptr es:[edi], dx 7C92A592 65:45 inc ebp 7C92A594 6D ins dword ptr es:[edi], dx 7C92A595 70 74 jo short 7C92A60B 7C92A597 79 00 jns short 7C92A599 7C92A599 52 push edx ; msvcrt.77C31AE8 7C92A59A 74 6C je short 7C92A608 7C92A59C 49 dec ecx 7C92A59D 73 47 jnb short 7C92A5E6 7C92A59F 65:6E outs dx, byte ptr es:[edi] 7C92A5A1 65:72 69 jb short 7C92A60D 7C92A5A4 635461 62 arpl [ecx+62], dx 7C92A5A8 6C ins byte ptr es:[edi], dx 7C92A5A9 65:45 inc ebp 7C92A5AB 6D ins dword ptr es:[edi], dx 7C92A5AC 70 74 jo short 7C92A622 7C92A5AE 79 41 jns short 7C92A5F1 7C92A5B0 76 6C jbe short 7C92A61E 7C92A5B2 0052 74 add [edx+74], dl 7C92A5B5 6C ins byte ptr es:[edi], dx 7C92A5B6 49 dec ecx 7C92A5B7 73 4E jnb short 7C92A607 7C92A5B9 61 popad 7C92A5BA 6D ins dword ptr es:[edi], dx 7C92A5BB 65:4C dec esp 7C92A5BD 65:67:61 popad 7C92A5C0 6C ins byte ptr es:[edi], dx 7C92A5C1 44 inc esp 7C92A5C2 4F dec edi 7C92A5C3 53 push ebx 7C92A5C4 38446F 74 cmp [edi+ebp*2+74], al 7C92A5C8 3300 xor eax, [eax] 7C92A5CA 52 push edx ; msvcrt.77C31AE8 7C92A5CB 74 6C je short 7C92A639 7C92A5CD 49 dec ecx 7C92A5CE 73 52 jnb short 7C92A622 7C92A5D0 61 popad 7C92A5D1 6E outs dx, byte ptr es:[edi] 7C92A5D2 67:65:41 inc ecx 7C92A5D5 76 61 jbe short 7C92A638 7C92A5D7 696C61 62 6C650>imul ebp, [ecx+62], 5200656C 7C92A5DF 74 6C je short 7C92A64D 7C92A5E1 49 dec ecx 7C92A5E2 73 54 jnb short 7C92A638 7C92A5E4 65:78 74 js short 7C92A65B 7C92A5E7 55 push ebp 7C92A5E8 6E outs dx, byte ptr es:[edi] 7C92A5E9 6963 6F 6465005>imul esp, [ebx+6F], 52006564 7C92A5F0 74 6C je short 7C92A65E 7C92A5F2 49 dec ecx 7C92A5F3 73 54 jnb short 7C92A649 7C92A5F5 68 72656164 push 64616572 7C92A5FA 57 push edi 7C92A5FB 697468 69 6E4C6>imul esi, [eax+ebp*2+69], 616F4C6E 7C92A603 64: prefix fs: 7C92A604 65:72 43 jb short 7C92A64A 7C92A607 61 popad 7C92A608 6C ins byte ptr es:[edi], dx 7C92A609 6C ins byte ptr es:[edi], dx 7C92A60A 6F outs dx, dword ptr es:[edi] 7C92A60B 75 74 jnz short 7C92A681 7C92A60D 0052 74 add [edx+74], dl 7C92A610 6C ins byte ptr es:[edi], dx 7C92A611 49 dec ecx 7C92A612 73 56 jnb short 7C92A66A 7C92A614 61 popad 7C92A615 6C ins byte ptr es:[edi], dx 7C92A616 696448 61 6E646>imul esp, [eax+ecx*2+61], 656C646E 7C92A61E 0052 74 add [edx+74], dl 7C92A621 6C ins byte ptr es:[edi], dx 7C92A622 49 dec ecx 7C92A623 73 56 jnb short 7C92A67B 7C92A625 61 popad 7C92A626 6C ins byte ptr es:[edi], dx 7C92A627 696449 6E 64657>imul esp, [ecx+ecx*2+6E], 48786564 7C92A62F 61 popad 7C92A630 6E outs dx, byte ptr es:[edi] 7C92A631 64:6C ins byte ptr es:[edi], dx 7C92A633 65:0052 74 add gs:[edx+74], dl 7C92A637 6C ins byte ptr es:[edi], dx 7C92A638 4C dec esp 7C92A639 61 popad 7C92A63A 72 67 jb short 7C92A6A3 7C92A63C 65:49 dec ecx 7C92A63E 6E outs dx, byte ptr es:[edi] 7C92A63F 74 65 je short 7C92A6A6 7C92A641 67:65:72 41 jb short 7C92A686 7C92A645 64: prefix fs: 7C92A646 64:0052 74 add fs:[edx+74], dl 7C92A64A 6C ins byte ptr es:[edi], dx 7C92A64B 4C dec esp 7C92A64C 61 popad 7C92A64D 72 67 jb short 7C92A6B6 7C92A64F 65:49 dec ecx 7C92A651 6E outs dx, byte ptr es:[edi] 7C92A652 74 65 je short 7C92A6B9 7C92A654 67:65:72 41 jb short 7C92A699 7C92A658 72 69 jb short 7C92A6C3 7C92A65A 74 68 je short 7C92A6C4 7C92A65C 6D ins dword ptr es:[edi], dx 7C92A65D 65:74 69 je short 7C92A6C9 7C92A660 6353 68 arpl [ebx+68], dx 7C92A663 6966 74 0052746>imul esp, [esi+74], 6C745200 7C92A66A 4C dec esp 7C92A66B 61 popad 7C92A66C 72 67 jb short 7C92A6D5 7C92A66E 65:49 dec ecx 7C92A670 6E outs dx, byte ptr es:[edi] 7C92A671 74 65 je short 7C92A6D8 7C92A673 67:65:72 44 jb short 7C92A6BB 7C92A677 6976 69 6465005>imul esi, [esi+69], 52006564 7C92A67E 74 6C je short 7C92A6EC 7C92A680 4C dec esp 7C92A681 61 popad 7C92A682 72 67 jb short 7C92A6EB 7C92A684 65:49 dec ecx 7C92A686 6E outs dx, byte ptr es:[edi] 7C92A687 74 65 je short 7C92A6EE 7C92A689 67:65:72 4E jb short 7C92A6DB 7C92A68D 65:67:61 popad 7C92A690 74 65 je short 7C92A6F7 7C92A692 0052 74 add [edx+74], dl 7C92A695 6C ins byte ptr es:[edi], dx 7C92A696 4C dec esp 7C92A697 61 popad 7C92A698 72 67 jb short 7C92A701 7C92A69A 65:49 dec ecx 7C92A69C 6E outs dx, byte ptr es:[edi] 7C92A69D 74 65 je short 7C92A704 7C92A69F 67:65:72 53 jb short 7C92A6F6 7C92A6A3 68 6966744C push 4C746669 7C92A6A8 65:66:74 00 je short 0000A6AC 7C92A6AC 52 push edx ; msvcrt.77C31AE8 7C92A6AD 74 6C je short 7C92A71B 7C92A6AF 4C dec esp 7C92A6B0 61 popad 7C92A6B1 72 67 jb short 7C92A71A 7C92A6B3 65:49 dec ecx 7C92A6B5 6E outs dx, byte ptr es:[edi] 7C92A6B6 74 65 je short 7C92A71D 7C92A6B8 67:65:72 53 jb short 7C92A70F 7C92A6BC 68 69667452 push 52746669 7C92A6C1 6967 68 7400527>imul esp, [edi+68], 74520074 7C92A6C8 6C ins byte ptr es:[edi], dx 7C92A6C9 4C dec esp 7C92A6CA 61 popad 7C92A6CB 72 67 jb short 7C92A734 7C92A6CD 65:49 dec ecx 7C92A6CF 6E outs dx, byte ptr es:[edi] 7C92A6D0 74 65 je short 7C92A737 7C92A6D2 67:65:72 53 jb short 7C92A729 7C92A6D6 75 62 jnz short 7C92A73A 7C92A6D8 74 72 je short 7C92A74C 7C92A6DA 61 popad 7C92A6DB 637400 52 arpl [eax+eax+52], si 7C92A6DF 74 6C je short 7C92A74D 7C92A6E1 4C dec esp 7C92A6E2 61 popad 7C92A6E3 72 67 jb short 7C92A74C 7C92A6E5 65:49 dec ecx 7C92A6E7 6E outs dx, byte ptr es:[edi] 7C92A6E8 74 65 je short 7C92A74F 7C92A6EA 67:65:72 54 jb short 7C92A742 7C92A6EE 6F outs dx, dword ptr es:[edi] 7C92A6EF 43 inc ebx 7C92A6F0 68 61720052 push 52007261 7C92A6F5 74 6C je short 7C92A763 7C92A6F7 4C dec esp 7C92A6F8 65:61 popad 7C92A6FA 76 65 jbe short 7C92A761 7C92A6FC 43 inc ebx 7C92A6FD 72 69 jb short 7C92A768 7C92A6FF 74 69 je short 7C92A76A 7C92A701 6361 6C arpl [ecx+6C], sp 7C92A704 53 push ebx 7C92A705 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92A70A 6E outs dx, byte ptr es:[edi] 7C92A70B 0052 74 add [edx+74], dl 7C92A70E 6C ins byte ptr es:[edi], dx 7C92A70F 4C dec esp 7C92A710 65:6E outs dx, byte ptr es:[edi] 7C92A712 67:74 68 je short 7C92A77D 7C92A715 52 push edx ; msvcrt.77C31AE8 7C92A716 65:71 75 jno short 7C92A78E 7C92A719 6972 65 6453696>imul esi, [edx+65], 64695364 7C92A720 0052 74 add [edx+74], dl 7C92A723 6C ins byte ptr es:[edi], dx 7C92A724 4C dec esp 7C92A725 65:6E outs dx, byte ptr es:[edi] 7C92A727 67:74 68 je short 7C92A792 7C92A72A 53 push ebx 7C92A72B 65:6375 72 arpl gs:[ebp+72], si 7C92A72F 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C92A737 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C92A73E 74 6C je short 7C92A7AC 7C92A740 4C dec esp 7C92A741 65:6E outs dx, byte ptr es:[edi] 7C92A743 67:74 68 je short 7C92A7AE 7C92A746 53 push ebx 7C92A747 696400 52 746C4>imul esp, [eax+eax+52], 6F4C6C74 7C92A74F 6361 6C arpl [ecx+6C], sp 7C92A752 54 push esp 7C92A753 696D 65 546F537>imul ebp, [ebp+65], 79536F54 7C92A75A 73 74 jnb short 7C92A7D0 7C92A75C 65:6D ins dword ptr es:[edi], dx 7C92A75E 54 push esp 7C92A75F 696D 65 0052746>imul ebp, [ebp+65], 6C745200 7C92A766 4C dec esp 7C92A767 6F outs dx, dword ptr es:[edi] 7C92A768 636B 42 arpl [ebx+42], bp 7C92A76B 6F outs dx, dword ptr es:[edi] 7C92A76C 6F outs dx, dword ptr es:[edi] 7C92A76D 74 53 je short 7C92A7C2 7C92A76F 74 61 je short 7C92A7D2 7C92A771 74 75 je short 7C92A7E8 7C92A773 73 44 jnb short 7C92A7B9 7C92A775 61 popad 7C92A776 74 61 je short 7C92A7D9 7C92A778 0052 74 add [edx+74], dl 7C92A77B 6C ins byte ptr es:[edi], dx 7C92A77C 4C dec esp 7C92A77D 6F outs dx, dword ptr es:[edi] 7C92A77E 636B 48 arpl [ebx+48], bp 7C92A781 65:61 popad 7C92A783 70 00 jo short 7C92A785 7C92A785 52 push edx ; msvcrt.77C31AE8 7C92A786 74 6C je short 7C92A7F4 7C92A788 4C dec esp 7C92A789 6F outs dx, dword ptr es:[edi] 7C92A78A 636B 4D arpl [ebx+4D], bp 7C92A78D 65:6D ins dword ptr es:[edi], dx 7C92A78F 6F outs dx, dword ptr es:[edi] 7C92A790 72 79 jb short 7C92A80B 7C92A792 53 push ebx 7C92A793 74 72 je short 7C92A807 7C92A795 65:61 popad 7C92A797 6D ins dword ptr es:[edi], dx 7C92A798 52 push edx ; msvcrt.77C31AE8 7C92A799 65:67:696F 6E 0>imul ebp, gs:[bx+6E], 6C745200 7C92A7A2 4C dec esp 7C92A7A3 6F outs dx, dword ptr es:[edi] 7C92A7A4 67:53 push ebx 7C92A7A6 74 61 je short 7C92A809 7C92A7A8 636B 42 arpl [ebx+42], bp 7C92A7AB 61 popad 7C92A7AC 636B 54 arpl [ebx+54], bp 7C92A7AF 72 61 jb short 7C92A812 7C92A7B1 6365 00 arpl [ebp], sp 7C92A7B4 52 push edx ; msvcrt.77C31AE8 7C92A7B5 74 6C je short 7C92A823 7C92A7B7 4C dec esp 7C92A7B8 6F outs dx, dword ptr es:[edi] 7C92A7B9 6F outs dx, dword ptr es:[edi] 7C92A7BA 6B75 70 41 imul esi, [ebp+70], 41 7C92A7BE 74 6F je short 7C92A82F 7C92A7C0 6D ins dword ptr es:[edi], dx 7C92A7C1 49 dec ecx 7C92A7C2 6E outs dx, byte ptr es:[edi] 7C92A7C3 41 inc ecx 7C92A7C4 74 6F je short 7C92A835 7C92A7C6 6D ins dword ptr es:[edi], dx 7C92A7C7 54 push esp 7C92A7C8 61 popad 7C92A7C9 626C65 00 bound ebp, [ebp] 7C92A7CD 52 push edx ; msvcrt.77C31AE8 7C92A7CE 74 6C je short 7C92A83C 7C92A7D0 4C dec esp 7C92A7D1 6F outs dx, dword ptr es:[edi] 7C92A7D2 6F outs dx, dword ptr es:[edi] 7C92A7D3 6B75 70 45 imul esi, [ebp+70], 45 7C92A7D7 6C ins byte ptr es:[edi], dx 7C92A7D8 65:6D ins dword ptr es:[edi], dx 7C92A7DA 65:6E outs dx, byte ptr es:[edi] 7C92A7DC 74 47 je short 7C92A825 7C92A7DE 65:6E outs dx, byte ptr es:[edi] 7C92A7E0 65:72 69 jb short 7C92A84C 7C92A7E3 635461 62 arpl [ecx+62], dx 7C92A7E7 6C ins byte ptr es:[edi], dx 7C92A7E8 65:0052 74 add gs:[edx+74], dl 7C92A7EC 6C ins byte ptr es:[edi], dx 7C92A7ED 4C dec esp 7C92A7EE 6F outs dx, dword ptr es:[edi] 7C92A7EF 6F outs dx, dword ptr es:[edi] 7C92A7F0 6B75 70 45 imul esi, [ebp+70], 45 7C92A7F4 6C ins byte ptr es:[edi], dx 7C92A7F5 65:6D ins dword ptr es:[edi], dx 7C92A7F7 65:6E outs dx, byte ptr es:[edi] 7C92A7F9 74 47 je short 7C92A842 7C92A7FB 65:6E outs dx, byte ptr es:[edi] 7C92A7FD 65:72 69 jb short 7C92A869 7C92A800 635461 62 arpl [ecx+62], dx 7C92A804 6C ins byte ptr es:[edi], dx 7C92A805 65:41 inc ecx 7C92A807 76 6C jbe short 7C92A875 7C92A809 0052 74 add [edx+74], dl 7C92A80C 6C ins byte ptr es:[edi], dx 7C92A80D 4D dec ebp 7C92A80E 61 popad 7C92A80F 6B65 53 65 imul esp, [ebp+53], 65 7C92A813 6C ins byte ptr es:[edi], dx 7C92A814 66:52 push dx 7C92A816 65:6C ins byte ptr es:[edi], dx 7C92A818 61 popad 7C92A819 74 69 je short 7C92A884 7C92A81B 76 65 jbe short 7C92A882 7C92A81D 53 push ebx 7C92A81E 44 inc esp 7C92A81F 0052 74 add [edx+74], dl 7C92A822 6C ins byte ptr es:[edi], dx 7C92A823 4D dec ebp 7C92A824 61 popad 7C92A825 70 47 jo short 7C92A86E 7C92A827 65:6E outs dx, byte ptr es:[edi] 7C92A829 65:72 69 jb short 7C92A895 7C92A82C 634D 61 arpl [ebp+61], cx 7C92A82F 73 6B jnb short 7C92A89C 7C92A831 0052 74 add [edx+74], dl 7C92A834 6C ins byte ptr es:[edi], dx 7C92A835 4D dec ebp 7C92A836 61 popad 7C92A837 70 53 jo short 7C92A88C 7C92A839 65:6375 72 arpl gs:[ebp+72], si 7C92A83D 697479 45 72726>imul esi, [ecx+edi*2+45], 726F7272 7C92A845 54 push esp 7C92A846 6F outs dx, dword ptr es:[edi] 7C92A847 4E dec esi ; ntdll.ZwTerminateProcess 7C92A848 74 53 je short 7C92A89D 7C92A84A 74 61 je short 7C92A8AD 7C92A84C 74 75 je short 7C92A8C3 7C92A84E 73 00 jnb short 7C92A850 7C92A850 52 push edx ; msvcrt.77C31AE8 7C92A851 74 6C je short 7C92A8BF 7C92A853 4D dec ebp 7C92A854 65:72 67 jb short 7C92A8BE 7C92A857 65:52 push edx ; msvcrt.77C31AE8 7C92A859 61 popad 7C92A85A 6E outs dx, byte ptr es:[edi] 7C92A85B 67:65:4C dec esp 7C92A85E 6973 74 7300527>imul esi, [ebx+74], 74520073 7C92A865 6C ins byte ptr es:[edi], dx 7C92A866 4D dec ebp 7C92A867 6F outs dx, dword ptr es:[edi] 7C92A868 76 65 jbe short 7C92A8CF 7C92A86A 4D dec ebp 7C92A86B 65:6D ins dword ptr es:[edi], dx 7C92A86D 6F outs dx, dword ptr es:[edi] 7C92A86E 72 79 jb short 7C92A8E9 7C92A870 0052 74 add [edx+74], dl 7C92A873 6C ins byte ptr es:[edi], dx 7C92A874 4D dec ebp 7C92A875 75 6C jnz short 7C92A8E3 7C92A877 74 69 je short 7C92A8E2 7C92A879 41 inc ecx 7C92A87A 70 70 jo short 7C92A8EC 7C92A87C 65:6E outs dx, byte ptr es:[edi] 7C92A87E 64:55 push ebp 7C92A880 6E outs dx, byte ptr es:[edi] 7C92A881 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92A888 72 69 jb short 7C92A8F3 7C92A88A 6E outs dx, byte ptr es:[edi] 7C92A88B 67:42 inc edx ; msvcrt.77C31AE8 7C92A88D 75 66 jnz short 7C92A8F5 7C92A88F 66:65:72 00 jb short 0000A893 7C92A893 52 push edx ; msvcrt.77C31AE8 7C92A894 74 6C je short 7C92A902 7C92A896 4D dec ebp 7C92A897 75 6C jnz short 7C92A905 7C92A899 74 69 je short 7C92A904 7C92A89B 42 inc edx ; msvcrt.77C31AE8 7C92A89C 79 74 jns short 7C92A912 7C92A89E 65:54 push esp 7C92A8A0 6F outs dx, dword ptr es:[edi] 7C92A8A1 55 push ebp 7C92A8A2 6E outs dx, byte ptr es:[edi] 7C92A8A3 6963 6F 64654E0>imul esp, [ebx+6F], 4E6564 7C92A8AA 52 push edx ; msvcrt.77C31AE8 7C92A8AB 74 6C je short 7C92A919 7C92A8AD 4D dec ebp 7C92A8AE 75 6C jnz short 7C92A91C 7C92A8B0 74 69 je short 7C92A91B 7C92A8B2 42 inc edx ; msvcrt.77C31AE8 7C92A8B3 79 74 jns short 7C92A929 7C92A8B5 65:54 push esp 7C92A8B7 6F outs dx, dword ptr es:[edi] 7C92A8B8 55 push ebp 7C92A8B9 6E outs dx, byte ptr es:[edi] 7C92A8BA 6963 6F 6465536>imul esp, [ebx+6F], 69536564 7C92A8C1 7A 65 jpe short 7C92A928 7C92A8C3 0052 74 add [edx+74], dl 7C92A8C6 6C ins byte ptr es:[edi], dx 7C92A8C7 4E dec esi ; ntdll.ZwTerminateProcess 7C92A8C8 65:77 49 ja short 7C92A914 7C92A8CB 6E outs dx, byte ptr es:[edi] 7C92A8CC 73 74 jnb short 7C92A942 7C92A8CE 61 popad 7C92A8CF 6E outs dx, byte ptr es:[edi] 7C92A8D0 6365 53 arpl [ebp+53], sp 7C92A8D3 65:6375 72 arpl gs:[ebp+72], si 7C92A8D7 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C92A8DF 74 00 je short 7C92A8E1 7C92A8E1 52 push edx ; msvcrt.77C31AE8 7C92A8E2 74 6C je short 7C92A950 7C92A8E4 4E dec esi ; ntdll.ZwTerminateProcess 7C92A8E5 65:77 53 ja short 7C92A93B 7C92A8E8 65:6375 72 arpl gs:[ebp+72], si 7C92A8EC 697479 47 72616>imul esi, [ecx+edi*2+47], 746E6172 7C92A8F4 65: prefix gs: 7C92A8F5 64:41 inc ecx 7C92A8F7 6363 65 arpl [ebx+65], sp 7C92A8FA 73 73 jnb short 7C92A96F 7C92A8FC 0052 74 add [edx+74], dl 7C92A8FF 6C ins byte ptr es:[edi], dx 7C92A900 4E dec esi ; ntdll.ZwTerminateProcess 7C92A901 65:77 53 ja short 7C92A957 7C92A904 65:6375 72 arpl gs:[ebp+72], si 7C92A908 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C92A910 74 00 je short 7C92A912 7C92A912 52 push edx ; msvcrt.77C31AE8 7C92A913 74 6C je short 7C92A981 7C92A915 4E dec esi ; ntdll.ZwTerminateProcess 7C92A916 65:77 53 ja short 7C92A96C 7C92A919 65:6375 72 arpl gs:[ebp+72], si 7C92A91D 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C92A925 74 45 je short 7C92A96C 7C92A927 78 00 js short 7C92A929 7C92A929 52 push edx ; msvcrt.77C31AE8 7C92A92A 74 6C je short 7C92A998 7C92A92C 4E dec esi ; ntdll.ZwTerminateProcess 7C92A92D 65:77 53 ja short 7C92A983 7C92A930 65:6375 72 arpl gs:[ebp+72], si 7C92A934 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C92A93C 74 57 je short 7C92A995 7C92A93E 697468 4D 756C7>imul esi, [eax+ebp*2+4D], 69746C75 7C92A946 70 6C jo short 7C92A9B4 7C92A948 65:49 dec ecx 7C92A94A 6E outs dx, byte ptr es:[edi] 7C92A94B 68 65726974 push 74697265 7C92A950 61 popad 7C92A951 6E outs dx, byte ptr es:[edi] 7C92A952 6365 00 arpl [ebp], sp 7C92A955 52 push edx ; msvcrt.77C31AE8 7C92A956 74 6C je short 7C92A9C4 7C92A958 4E dec esi ; ntdll.ZwTerminateProcess 7C92A959 6F outs dx, dword ptr es:[edi] 7C92A95A 72 6D jb short 7C92A9C9 7C92A95C 61 popad 7C92A95D 6C ins byte ptr es:[edi], dx 7C92A95E 697A 65 50726F6>imul edi, [edx+65], 636F7250 7C92A965 65:73 73 jnb short 7C92A9DB 7C92A968 50 push eax 7C92A969 61 popad 7C92A96A 72 61 jb short 7C92A9CD 7C92A96C 6D ins dword ptr es:[edi], dx 7C92A96D 73 00 jnb short 7C92A96F 7C92A96F 52 push edx ; msvcrt.77C31AE8 7C92A970 74 6C je short 7C92A9DE 7C92A972 4E dec esi ; ntdll.ZwTerminateProcess 7C92A973 74 50 je short 7C92A9C5 7C92A975 61 popad 7C92A976 74 68 je short 7C92A9E0 7C92A978 4E dec esi ; ntdll.ZwTerminateProcess 7C92A979 61 popad 7C92A97A 6D ins dword ptr es:[edi], dx 7C92A97B 65:54 push esp 7C92A97D 6F outs dx, dword ptr es:[edi] 7C92A97E 44 inc esp 7C92A97F 6F outs dx, dword ptr es:[edi] 7C92A980 73 50 jnb short 7C92A9D2 7C92A982 61 popad 7C92A983 74 68 je short 7C92A9ED 7C92A985 4E dec esi ; ntdll.ZwTerminateProcess 7C92A986 61 popad 7C92A987 6D ins dword ptr es:[edi], dx 7C92A988 65:0052 74 add gs:[edx+74], dl 7C92A98C 6C ins byte ptr es:[edi], dx 7C92A98D 4E dec esi ; ntdll.ZwTerminateProcess 7C92A98E 74 53 je short 7C92A9E3 7C92A990 74 61 je short 7C92A9F3 7C92A992 74 75 je short 7C92AA09 7C92A994 73 54 jnb short 7C92A9EA 7C92A996 6F outs dx, dword ptr es:[edi] 7C92A997 44 inc esp 7C92A998 6F outs dx, dword ptr es:[edi] 7C92A999 73 45 jnb short 7C92A9E0 7C92A99B 72 72 jb short 7C92AA0F 7C92A99D 6F outs dx, dword ptr es:[edi] 7C92A99E 72 00 jb short 7C92A9A0 7C92A9A0 52 push edx ; msvcrt.77C31AE8 7C92A9A1 74 6C je short 7C92AA0F 7C92A9A3 4E dec esi ; ntdll.ZwTerminateProcess 7C92A9A4 74 53 je short 7C92A9F9 7C92A9A6 74 61 je short 7C92AA09 7C92A9A8 74 75 je short 7C92AA1F 7C92A9AA 73 54 jnb short 7C92AA00 7C92A9AC 6F outs dx, dword ptr es:[edi] 7C92A9AD 44 inc esp 7C92A9AE 6F outs dx, dword ptr es:[edi] 7C92A9AF 73 45 jnb short 7C92A9F6 7C92A9B1 72 72 jb short 7C92AA25 7C92A9B3 6F outs dx, dword ptr es:[edi] 7C92A9B4 72 4E jb short 7C92AA04 7C92A9B6 6F outs dx, dword ptr es:[edi] 7C92A9B7 54 push esp 7C92A9B8 65:6200 bound eax, gs:[eax] 7C92A9BB 52 push edx ; msvcrt.77C31AE8 7C92A9BC 74 6C je short 7C92AA2A 7C92A9BE 4E dec esi ; ntdll.ZwTerminateProcess 7C92A9BF 75 6D jnz short 7C92AA2E 7C92A9C1 6265 72 bound esp, [ebp+72] 7C92A9C4 47 inc edi 7C92A9C5 65:6E outs dx, byte ptr es:[edi] 7C92A9C7 65:72 69 jb short 7C92AA33 7C92A9CA 635461 62 arpl [ecx+62], dx 7C92A9CE 6C ins byte ptr es:[edi], dx 7C92A9CF 65:45 inc ebp 7C92A9D1 6C ins byte ptr es:[edi], dx 7C92A9D2 65:6D ins dword ptr es:[edi], dx 7C92A9D4 65:6E outs dx, byte ptr es:[edi] 7C92A9D6 74 73 je short 7C92AA4B 7C92A9D8 0052 74 add [edx+74], dl 7C92A9DB 6C ins byte ptr es:[edi], dx 7C92A9DC 4E dec esi ; ntdll.ZwTerminateProcess 7C92A9DD 75 6D jnz short 7C92AA4C 7C92A9DF 6265 72 bound esp, [ebp+72] 7C92A9E2 47 inc edi 7C92A9E3 65:6E outs dx, byte ptr es:[edi] 7C92A9E5 65:72 69 jb short 7C92AA51 7C92A9E8 635461 62 arpl [ecx+62], dx 7C92A9EC 6C ins byte ptr es:[edi], dx 7C92A9ED 65:45 inc ebp 7C92A9EF 6C ins byte ptr es:[edi], dx 7C92A9F0 65:6D ins dword ptr es:[edi], dx 7C92A9F2 65:6E outs dx, byte ptr es:[edi] 7C92A9F4 74 73 je short 7C92AA69 7C92A9F6 41 inc ecx 7C92A9F7 76 6C jbe short 7C92AA65 7C92A9F9 0052 74 add [edx+74], dl 7C92A9FC 6C ins byte ptr es:[edi], dx 7C92A9FD 4E dec esi ; ntdll.ZwTerminateProcess 7C92A9FE 75 6D jnz short 7C92AA6D 7C92AA00 6265 72 bound esp, [ebp+72] 7C92AA03 4F dec edi 7C92AA04 66:43 inc bx 7C92AA06 6C ins byte ptr es:[edi], dx 7C92AA07 65:61 popad 7C92AA09 72 42 jb short 7C92AA4D 7C92AA0B 697473 00 52746>imul esi, [ebx+esi*2], 4E6C7452 7C92AA13 75 6D jnz short 7C92AA82 7C92AA15 6265 72 bound esp, [ebp+72] 7C92AA18 4F dec edi 7C92AA19 66:53 push bx 7C92AA1B 65:74 42 je short 7C92AA60 7C92AA1E 697473 00 52746>imul esi, [ebx+esi*2], 4F6C7452 7C92AA26 65:6D ins dword ptr es:[edi], dx 7C92AA28 53 push ebx 7C92AA29 74 72 je short 7C92AA9D 7C92AA2B 696E 67 546F556>imul ebp, [esi+67], 6E556F54 7C92AA32 6963 6F 6465536>imul esp, [ebx+6F], 69536564 7C92AA39 7A 65 jpe short 7C92AAA0 7C92AA3B 0052 74 add [edx+74], dl 7C92AA3E 6C ins byte ptr es:[edi], dx 7C92AA3F 4F dec edi 7C92AA40 65:6D ins dword ptr es:[edi], dx 7C92AA42 53 push ebx 7C92AA43 74 72 je short 7C92AAB7 7C92AA45 696E 67 546F556>imul ebp, [esi+67], 6E556F54 7C92AA4C 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92AA53 72 69 jb short 7C92AABE 7C92AA55 6E outs dx, byte ptr es:[edi] 7C92AA56 67:0052 74 add [bp+si+74], dl 7C92AA5A 6C ins byte ptr es:[edi], dx 7C92AA5B 4F dec edi 7C92AA5C 65:6D ins dword ptr es:[edi], dx 7C92AA5E 54 push esp 7C92AA5F 6F outs dx, dword ptr es:[edi] 7C92AA60 55 push ebp 7C92AA61 6E outs dx, byte ptr es:[edi] 7C92AA62 6963 6F 64654E0>imul esp, [ebx+6F], 4E6564 7C92AA69 52 push edx ; msvcrt.77C31AE8 7C92AA6A 74 6C je short 7C92AAD8 7C92AA6C 4F dec edi 7C92AA6D 70 65 jo short 7C92AAD4 7C92AA6F 6E outs dx, byte ptr es:[edi] 7C92AA70 43 inc ebx 7C92AA71 75 72 jnz short 7C92AAE5 7C92AA73 72 65 jb short 7C92AADA 7C92AA75 6E outs dx, byte ptr es:[edi] 7C92AA76 74 55 je short 7C92AACD 7C92AA78 73 65 jnb short 7C92AADF 7C92AA7A 72 00 jb short 7C92AA7C 7C92AA7C 52 push edx ; msvcrt.77C31AE8 7C92AA7D 74 6C je short 7C92AAEB 7C92AA7F 50 push eax 7C92AA80 63546F 46 arpl [edi+ebp*2+46], dx 7C92AA84 696C65 48 65616>imul ebp, [ebp+48], 65646165 7C92AA8C 72 00 jb short 7C92AA8E 7C92AA8E 52 push edx ; msvcrt.77C31AE8 7C92AA8F 74 6C je short 7C92AAFD 7C92AA91 50 push eax 7C92AA92 696E 41 746F6D4>imul ebp, [esi+41], 496D6F74 7C92AA99 6E outs dx, byte ptr es:[edi] 7C92AA9A 41 inc ecx 7C92AA9B 74 6F je short 7C92AB0C 7C92AA9D 6D ins dword ptr es:[edi], dx 7C92AA9E 54 push esp 7C92AA9F 61 popad 7C92AAA0 626C65 00 bound ebp, [ebp] 7C92AAA4 52 push edx ; msvcrt.77C31AE8 7C92AAA5 74 6C je short 7C92AB13 7C92AAA7 50 push eax 7C92AAA8 6F outs dx, dword ptr es:[edi] 7C92AAA9 70 46 jo short 7C92AAF1 7C92AAAB 72 61 jb short 7C92AB0E 7C92AAAD 6D ins dword ptr es:[edi], dx 7C92AAAE 65:0052 74 add gs:[edx+74], dl 7C92AAB2 6C ins byte ptr es:[edi], dx 7C92AAB3 50 push eax 7C92AAB4 72 65 jb short 7C92AB1B 7C92AAB6 66:6978 53 7472 imul di, [eax+53], 7274 7C92AABC 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C92AAC3 50 push eax 7C92AAC4 72 65 jb short 7C92AB2B 7C92AAC6 66:6978 55 6E69 imul di, [eax+55], 696E 7C92AACC 636F 64 arpl [edi+64], bp 7C92AACF 65:53 push ebx 7C92AAD1 74 72 je short 7C92AB45 7C92AAD3 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C92AADA 50 push eax 7C92AADB 72 6F jb short 7C92AB4C 7C92AADD 74 65 je short 7C92AB44 7C92AADF 637448 65 arpl [eax+ecx*2+65], si 7C92AAE3 61 popad 7C92AAE4 70 00 jo short 7C92AAE6 7C92AAE6 52 push edx ; msvcrt.77C31AE8 7C92AAE7 74 6C je short 7C92AB55 7C92AAE9 50 push eax 7C92AAEA 75 73 jnz short 7C92AB5F 7C92AAEC 68 4672616D push 6D617246 7C92AAF1 65:0052 74 add gs:[edx+74], dl 7C92AAF5 6C ins byte ptr es:[edi], dx 7C92AAF6 51 push ecx 7C92AAF7 75 65 jnz short 7C92AB5E 7C92AAF9 72 79 jb short 7C92AB74 7C92AAFB 41 inc ecx 7C92AAFC 74 6F je short 7C92AB6D 7C92AAFE 6D ins dword ptr es:[edi], dx 7C92AAFF 49 dec ecx 7C92AB00 6E outs dx, byte ptr es:[edi] 7C92AB01 41 inc ecx 7C92AB02 74 6F je short 7C92AB73 7C92AB04 6D ins dword ptr es:[edi], dx 7C92AB05 54 push esp 7C92AB06 61 popad 7C92AB07 626C65 00 bound ebp, [ebp] 7C92AB0B 52 push edx ; msvcrt.77C31AE8 7C92AB0C 74 6C je short 7C92AB7A 7C92AB0E 51 push ecx 7C92AB0F 75 65 jnz short 7C92AB76 7C92AB11 72 79 jb short 7C92AB8C 7C92AB13 44 inc esp 7C92AB14 65:70 74 jo short 7C92AB8B 7C92AB17 68 534C6973 push 73694C53 7C92AB1C 74 00 je short 7C92AB1E 7C92AB1E 52 push edx ; msvcrt.77C31AE8 7C92AB1F 74 6C je short 7C92AB8D 7C92AB21 51 push ecx 7C92AB22 75 65 jnz short 7C92AB89 7C92AB24 72 79 jb short 7C92AB9F 7C92AB26 45 inc ebp 7C92AB27 6E outs dx, byte ptr es:[edi] 7C92AB28 76 69 jbe short 7C92AB93 7C92AB2A 72 6F jb short 7C92AB9B 7C92AB2C 6E outs dx, byte ptr es:[edi] 7C92AB2D 6D ins dword ptr es:[edi], dx 7C92AB2E 65:6E outs dx, byte ptr es:[edi] 7C92AB30 74 56 je short 7C92AB88 7C92AB32 61 popad 7C92AB33 72 69 jb short 7C92AB9E 7C92AB35 61 popad 7C92AB36 626C65 5F bound ebp, [ebp+5F] 7C92AB3A 55 push ebp 7C92AB3B 0052 74 add [edx+74], dl 7C92AB3E 6C ins byte ptr es:[edi], dx 7C92AB3F 51 push ecx 7C92AB40 75 65 jnz short 7C92ABA7 7C92AB42 72 79 jb short 7C92ABBD 7C92AB44 48 dec eax 7C92AB45 65:61 popad 7C92AB47 70 49 jo short 7C92AB92 7C92AB49 6E outs dx, byte ptr es:[edi] 7C92AB4A 66:6F outs dx, word ptr es:[edi] 7C92AB4C 72 6D jb short 7C92ABBB 7C92AB4E 61 popad 7C92AB4F 74 69 je short 7C92ABBA 7C92AB51 6F outs dx, dword ptr es:[edi] 7C92AB52 6E outs dx, byte ptr es:[edi] 7C92AB53 0052 74 add [edx+74], dl 7C92AB56 6C ins byte ptr es:[edi], dx 7C92AB57 51 push ecx 7C92AB58 75 65 jnz short 7C92ABBF 7C92AB5A 72 79 jb short 7C92ABD5 7C92AB5C 49 dec ecx 7C92AB5D 6E outs dx, byte ptr es:[edi] 7C92AB5E 66:6F outs dx, word ptr es:[edi] 7C92AB60 72 6D jb short 7C92ABCF 7C92AB62 61 popad 7C92AB63 74 69 je short 7C92ABCE 7C92AB65 6F outs dx, dword ptr es:[edi] 7C92AB66 6E outs dx, byte ptr es:[edi] 7C92AB67 41 inc ecx 7C92AB68 636C00 52 arpl [eax+eax+52], bp 7C92AB6C 74 6C je short 7C92ABDA 7C92AB6E 51 push ecx 7C92AB6F 75 65 jnz short 7C92ABD6 7C92AB71 72 79 jb short 7C92ABEC 7C92AB73 49 dec ecx 7C92AB74 6E outs dx, byte ptr es:[edi] 7C92AB75 66:6F outs dx, word ptr es:[edi] 7C92AB77 72 6D jb short 7C92ABE6 7C92AB79 61 popad 7C92AB7A 74 69 je short 7C92ABE5 7C92AB7C 6F outs dx, dword ptr es:[edi] 7C92AB7D 6E outs dx, byte ptr es:[edi] 7C92AB7E 41 inc ecx 7C92AB7F 637469 76 arpl [ecx+ebp*2+76], si 7C92AB83 61 popad 7C92AB84 74 69 je short 7C92ABEF 7C92AB86 6F outs dx, dword ptr es:[edi] 7C92AB87 6E outs dx, byte ptr es:[edi] 7C92AB88 43 inc ebx 7C92AB89 6F outs dx, dword ptr es:[edi] 7C92AB8A 6E outs dx, byte ptr es:[edi] 7C92AB8B 74 65 je short 7C92ABF2 7C92AB8D 78 74 js short 7C92AC03 7C92AB8F 0052 74 add [edx+74], dl 7C92AB92 6C ins byte ptr es:[edi], dx 7C92AB93 51 push ecx 7C92AB94 75 65 jnz short 7C92ABFB 7C92AB96 72 79 jb short 7C92AC11 7C92AB98 49 dec ecx 7C92AB99 6E outs dx, byte ptr es:[edi] 7C92AB9A 66:6F outs dx, word ptr es:[edi] 7C92AB9C 72 6D jb short 7C92AC0B 7C92AB9E 61 popad 7C92AB9F 74 69 je short 7C92AC0A 7C92ABA1 6F outs dx, dword ptr es:[edi] 7C92ABA2 6E outs dx, byte ptr es:[edi] 7C92ABA3 41 inc ecx 7C92ABA4 637469 76 arpl [ecx+ebp*2+76], si 7C92ABA8 65:41 inc ecx 7C92ABAA 637469 76 arpl [ecx+ebp*2+76], si 7C92ABAE 61 popad 7C92ABAF 74 69 je short 7C92AC1A 7C92ABB1 6F outs dx, dword ptr es:[edi] 7C92ABB2 6E outs dx, byte ptr es:[edi] 7C92ABB3 43 inc ebx 7C92ABB4 6F outs dx, dword ptr es:[edi] 7C92ABB5 6E outs dx, byte ptr es:[edi] 7C92ABB6 74 65 je short 7C92AC1D 7C92ABB8 78 74 js short 7C92AC2E 7C92ABBA 0052 74 add [edx+74], dl 7C92ABBD 6C ins byte ptr es:[edi], dx 7C92ABBE 51 push ecx 7C92ABBF 75 65 jnz short 7C92AC26 7C92ABC1 72 79 jb short 7C92AC3C 7C92ABC3 49 dec ecx 7C92ABC4 6E outs dx, byte ptr es:[edi] 7C92ABC5 74 65 je short 7C92AC2C 7C92ABC7 72 66 jb short 7C92AC2F 7C92ABC9 61 popad 7C92ABCA 6365 4D arpl [ebp+4D], sp 7C92ABCD 65:6D ins dword ptr es:[edi], dx 7C92ABCF 6F outs dx, dword ptr es:[edi] 7C92ABD0 72 79 jb short 7C92AC4B 7C92ABD2 53 push ebx 7C92ABD3 74 72 je short 7C92AC47 7C92ABD5 65:61 popad 7C92ABD7 6D ins dword ptr es:[edi], dx 7C92ABD8 0052 74 add [edx+74], dl 7C92ABDB 6C ins byte ptr es:[edi], dx 7C92ABDC 51 push ecx 7C92ABDD 75 65 jnz short 7C92AC44 7C92ABDF 72 79 jb short 7C92AC5A 7C92ABE1 50 push eax 7C92ABE2 72 6F jb short 7C92AC53 7C92ABE4 6365 73 arpl [ebp+73], sp 7C92ABE7 73 42 jnb short 7C92AC2B 7C92ABE9 61 popad 7C92ABEA 636B 54 arpl [ebx+54], bp 7C92ABED 72 61 jb short 7C92AC50 7C92ABEF 6365 49 arpl [ebp+49], sp 7C92ABF2 6E outs dx, byte ptr es:[edi] 7C92ABF3 66:6F outs dx, word ptr es:[edi] 7C92ABF5 72 6D jb short 7C92AC64 7C92ABF7 61 popad 7C92ABF8 74 69 je short 7C92AC63 7C92ABFA 6F outs dx, dword ptr es:[edi] 7C92ABFB 6E outs dx, byte ptr es:[edi] 7C92ABFC 0052 74 add [edx+74], dl 7C92ABFF 6C ins byte ptr es:[edi], dx 7C92AC00 51 push ecx 7C92AC01 75 65 jnz short 7C92AC68 7C92AC03 72 79 jb short 7C92AC7E 7C92AC05 50 push eax 7C92AC06 72 6F jb short 7C92AC77 7C92AC08 6365 73 arpl [ebp+73], sp 7C92AC0B 73 44 jnb short 7C92AC51 7C92AC0D 65:6275 67 bound esi, gs:[ebp+67] 7C92AC11 49 dec ecx 7C92AC12 6E outs dx, byte ptr es:[edi] 7C92AC13 66:6F outs dx, word ptr es:[edi] 7C92AC15 72 6D jb short 7C92AC84 7C92AC17 61 popad 7C92AC18 74 69 je short 7C92AC83 7C92AC1A 6F outs dx, dword ptr es:[edi] 7C92AC1B 6E outs dx, byte ptr es:[edi] 7C92AC1C 0052 74 add [edx+74], dl 7C92AC1F 6C ins byte ptr es:[edi], dx 7C92AC20 51 push ecx 7C92AC21 75 65 jnz short 7C92AC88 7C92AC23 72 79 jb short 7C92AC9E 7C92AC25 50 push eax 7C92AC26 72 6F jb short 7C92AC97 7C92AC28 6365 73 arpl [ebp+73], sp 7C92AC2B 73 48 jnb short 7C92AC75 7C92AC2D 65:61 popad 7C92AC2F 70 49 jo short 7C92AC7A 7C92AC31 6E outs dx, byte ptr es:[edi] 7C92AC32 66:6F outs dx, word ptr es:[edi] 7C92AC34 72 6D jb short 7C92ACA3 7C92AC36 61 popad 7C92AC37 74 69 je short 7C92ACA2 7C92AC39 6F outs dx, dword ptr es:[edi] 7C92AC3A 6E outs dx, byte ptr es:[edi] 7C92AC3B 0052 74 add [edx+74], dl 7C92AC3E 6C ins byte ptr es:[edi], dx 7C92AC3F 51 push ecx 7C92AC40 75 65 jnz short 7C92ACA7 7C92AC42 72 79 jb short 7C92ACBD 7C92AC44 50 push eax 7C92AC45 72 6F jb short 7C92ACB6 7C92AC47 6365 73 arpl [ebp+73], sp 7C92AC4A 73 4C jnb short 7C92AC98 7C92AC4C 6F outs dx, dword ptr es:[edi] 7C92AC4D 636B 49 arpl [ebx+49], bp 7C92AC50 6E outs dx, byte ptr es:[edi] 7C92AC51 66:6F outs dx, word ptr es:[edi] 7C92AC53 72 6D jb short 7C92ACC2 7C92AC55 61 popad 7C92AC56 74 69 je short 7C92ACC1 7C92AC58 6F outs dx, dword ptr es:[edi] 7C92AC59 6E outs dx, byte ptr es:[edi] 7C92AC5A 0052 74 add [edx+74], dl 7C92AC5D 6C ins byte ptr es:[edi], dx 7C92AC5E 51 push ecx 7C92AC5F 75 65 jnz short 7C92ACC6 7C92AC61 72 79 jb short 7C92ACDC 7C92AC63 52 push edx ; msvcrt.77C31AE8 7C92AC64 65:67:6973 74 7>imul esi, gs:[bp+di+74], 61567972 7C92AC6D 6C ins byte ptr es:[edi], dx 7C92AC6E 75 65 jnz short 7C92ACD5 7C92AC70 73 00 jnb short 7C92AC72 7C92AC72 52 push edx ; msvcrt.77C31AE8 |
|
[讨论]程序分析!
7C929B15 74 6C je short 7C929B83 7C929B17 46 inc esi ; ntdll.ZwTerminateProcess 7C929B18 696E 64 4C61737>imul ebp, [esi+64], 7473614C 7C929B1F 42 inc edx ; msvcrt.77C31AE8 7C929B20 61 popad 7C929B21 636B 77 arpl [ebx+77], bp 7C929B24 61 popad 7C929B25 72 64 jb short 7C929B8B 7C929B27 52 push edx ; msvcrt.77C31AE8 7C929B28 75 6E jnz short 7C929B98 7C929B2A 43 inc ebx 7C929B2B 6C ins byte ptr es:[edi], dx 7C929B2C 65:61 popad 7C929B2E 72 00 jb short 7C929B30 7C929B30 52 push edx ; msvcrt.77C31AE8 7C929B31 74 6C je short 7C929B9F 7C929B33 46 inc esi ; ntdll.ZwTerminateProcess 7C929B34 696E 64 4C65617>imul ebp, [esi+64], 7361654C 7C929B3B 74 53 je short 7C929B90 7C929B3D 6967 6E 6966696>imul esp, [edi+6E], 63696669 7C929B44 61 popad 7C929B45 6E outs dx, byte ptr es:[edi] 7C929B46 74 42 je short 7C929B8A 7C929B48 697400 52 746C4>imul esi, [eax+eax+52], 69466C74 7C929B50 6E outs dx, byte ptr es:[edi] 7C929B51 64:4C dec esp 7C929B53 6F outs dx, dword ptr es:[edi] 7C929B54 6E outs dx, byte ptr es:[edi] 7C929B55 67:65:73 74 jnb short 7C929BCD 7C929B59 52 push edx ; msvcrt.77C31AE8 7C929B5A 75 6E jnz short 7C929BCA 7C929B5C 43 inc ebx 7C929B5D 6C ins byte ptr es:[edi], dx 7C929B5E 65:61 popad 7C929B60 72 00 jb short 7C929B62 7C929B62 52 push edx ; msvcrt.77C31AE8 7C929B63 74 6C je short 7C929BD1 7C929B65 46 inc esi ; ntdll.ZwTerminateProcess 7C929B66 696E 64 4D65737>imul ebp, [esi+64], 7373654D 7C929B6D 61 popad 7C929B6E 67:65:0052 74 add gs:[bp+si+74], dl 7C929B73 6C ins byte ptr es:[edi], dx 7C929B74 46 inc esi ; ntdll.ZwTerminateProcess 7C929B75 696E 64 4D6F737>imul ebp, [esi+64], 74736F4D 7C929B7C 53 push ebx 7C929B7D 6967 6E 6966696>imul esp, [edi+6E], 63696669 7C929B84 61 popad 7C929B85 6E outs dx, byte ptr es:[edi] 7C929B86 74 42 je short 7C929BCA 7C929B88 697400 52 746C4>imul esi, [eax+eax+52], 69466C74 7C929B90 6E outs dx, byte ptr es:[edi] 7C929B91 64:4E dec esi ; ntdll.ZwTerminateProcess 7C929B93 65:78 74 js short 7C929C0A 7C929B96 46 inc esi ; ntdll.ZwTerminateProcess 7C929B97 6F outs dx, dword ptr es:[edi] 7C929B98 72 77 jb short 7C929C11 7C929B9A 61 popad 7C929B9B 72 64 jb short 7C929C01 7C929B9D 52 push edx ; msvcrt.77C31AE8 7C929B9E 75 6E jnz short 7C929C0E 7C929BA0 43 inc ebx 7C929BA1 6C ins byte ptr es:[edi], dx 7C929BA2 65:61 popad 7C929BA4 72 00 jb short 7C929BA6 7C929BA6 52 push edx ; msvcrt.77C31AE8 7C929BA7 74 6C je short 7C929C15 7C929BA9 46 inc esi ; ntdll.ZwTerminateProcess 7C929BAA 696E 64 52616E6>imul ebp, [esi+64], 676E6152 7C929BB1 65:0052 74 add gs:[edx+74], dl 7C929BB5 6C ins byte ptr es:[edi], dx 7C929BB6 46 inc esi ; ntdll.ZwTerminateProcess 7C929BB7 696E 64 5365744>imul ebp, [esi+64], 42746553 7C929BBE 697473 00 52746>imul esi, [ebx+esi*2], 466C7452 7C929BC6 696E 64 5365744>imul ebp, [esi+64], 42746553 7C929BCD 697473 41 6E644>imul esi, [ebx+esi*2+41], 6C43646E 7C929BD5 65:61 popad 7C929BD7 72 00 jb short 7C929BD9 7C929BD9 52 push edx ; msvcrt.77C31AE8 7C929BDA 74 6C je short 7C929C48 7C929BDC 46 inc esi ; ntdll.ZwTerminateProcess 7C929BDD 6972 73 74456E7>imul esi, [edx+73], 746E4574 7C929BE4 72 79 jb short 7C929C5F 7C929BE6 53 push ebx 7C929BE7 4C dec esp 7C929BE8 6973 74 0052746>imul esi, [ebx+74], 6C745200 7C929BEF 46 inc esi ; ntdll.ZwTerminateProcess 7C929BF0 6972 73 7446726>imul esi, [edx+73], 65724674 7C929BF7 65:41 inc ecx 7C929BF9 6365 00 arpl [ebp], sp 7C929BFC 52 push edx ; msvcrt.77C31AE8 7C929BFD 74 6C je short 7C929C6B 7C929BFF 46 inc esi ; ntdll.ZwTerminateProcess 7C929C00 6C ins byte ptr es:[edi], dx 7C929C01 75 73 jnz short 7C929C76 7C929C03 68 53656375 push 75636553 7C929C08 72 65 jb short 7C929C6F 7C929C0A 4D dec ebp 7C929C0B 65:6D ins dword ptr es:[edi], dx 7C929C0D 6F outs dx, dword ptr es:[edi] 7C929C0E 72 79 jb short 7C929C89 7C929C10 43 inc ebx 7C929C11 61 popad 7C929C12 6368 65 arpl [eax+65], bp 7C929C15 0052 74 add [edx+74], dl 7C929C18 6C ins byte ptr es:[edi], dx 7C929C19 46 inc esi ; ntdll.ZwTerminateProcess 7C929C1A 6F outs dx, dword ptr es:[edi] 7C929C1B 72 6D jb short 7C929C8A 7C929C1D 61 popad 7C929C1E 74 43 je short 7C929C63 7C929C20 75 72 jnz short 7C929C94 7C929C22 72 65 jb short 7C929C89 7C929C24 6E outs dx, byte ptr es:[edi] 7C929C25 74 55 je short 7C929C7C 7C929C27 73 65 jnb short 7C929C8E 7C929C29 72 4B jb short 7C929C76 7C929C2B 65:79 50 jns short 7C929C7E 7C929C2E 61 popad 7C929C2F 74 68 je short 7C929C99 7C929C31 0052 74 add [edx+74], dl 7C929C34 6C ins byte ptr es:[edi], dx 7C929C35 46 inc esi ; ntdll.ZwTerminateProcess 7C929C36 6F outs dx, dword ptr es:[edi] 7C929C37 72 6D jb short 7C929CA6 7C929C39 61 popad 7C929C3A 74 4D je short 7C929C89 7C929C3C 65:73 73 jnb short 7C929CB2 7C929C3F 61 popad 7C929C40 67:65:0052 74 add gs:[bp+si+74], dl 7C929C45 6C ins byte ptr es:[edi], dx 7C929C46 46 inc esi ; ntdll.ZwTerminateProcess 7C929C47 72 65 jb short 7C929CAE 7C929C49 65:41 inc ecx 7C929C4B 6E outs dx, byte ptr es:[edi] 7C929C4C 73 69 jnb short 7C929CB7 7C929C4E 53 push ebx 7C929C4F 74 72 je short 7C929CC3 7C929C51 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C929C58 46 inc esi ; ntdll.ZwTerminateProcess 7C929C59 72 65 jb short 7C929CC0 7C929C5B 65:48 dec eax 7C929C5D 61 popad 7C929C5E 6E outs dx, byte ptr es:[edi] 7C929C5F 64:6C ins byte ptr es:[edi], dx 7C929C61 65:0052 74 add gs:[edx+74], dl 7C929C65 6C ins byte ptr es:[edi], dx 7C929C66 46 inc esi ; ntdll.ZwTerminateProcess 7C929C67 72 65 jb short 7C929CCE 7C929C69 65:48 dec eax 7C929C6B 65:61 popad 7C929C6D 70 00 jo short 7C929C6F 7C929C6F 52 push edx ; msvcrt.77C31AE8 7C929C70 74 6C je short 7C929CDE 7C929C72 46 inc esi ; ntdll.ZwTerminateProcess 7C929C73 72 65 jb short 7C929CDA 7C929C75 65:4F dec edi 7C929C77 65:6D ins dword ptr es:[edi], dx 7C929C79 53 push ebx 7C929C7A 74 72 je short 7C929CEE 7C929C7C 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C929C83 46 inc esi ; ntdll.ZwTerminateProcess 7C929C84 72 65 jb short 7C929CEB 7C929C86 65:52 push edx ; msvcrt.77C31AE8 7C929C88 61 popad 7C929C89 6E outs dx, byte ptr es:[edi] 7C929C8A 67:65:4C dec esp 7C929C8D 6973 74 0052746>imul esi, [ebx+74], 6C745200 7C929C94 46 inc esi ; ntdll.ZwTerminateProcess 7C929C95 72 65 jb short 7C929CFC 7C929C97 65:53 push ebx 7C929C99 696400 52 746C4>imul esp, [eax+eax+52], 72466C74 7C929CA1 65: prefix gs: 7C929CA2 65:54 push esp 7C929CA4 68 72656164 push 64616572 7C929CA9 41 inc ecx 7C929CAA 637469 76 arpl [ecx+ebp*2+76], si 7C929CAE 61 popad 7C929CAF 74 69 je short 7C929D1A 7C929CB1 6F outs dx, dword ptr es:[edi] 7C929CB2 6E outs dx, byte ptr es:[edi] 7C929CB3 43 inc ebx 7C929CB4 6F outs dx, dword ptr es:[edi] 7C929CB5 6E outs dx, byte ptr es:[edi] 7C929CB6 74 65 je short 7C929D1D 7C929CB8 78 74 js short 7C929D2E 7C929CBA 53 push ebx 7C929CBB 74 61 je short 7C929D1E 7C929CBD 636B 00 arpl [ebx], bp 7C929CC0 52 push edx ; msvcrt.77C31AE8 7C929CC1 74 6C je short 7C929D2F 7C929CC3 46 inc esi ; ntdll.ZwTerminateProcess 7C929CC4 72 65 jb short 7C929D2B 7C929CC6 65:55 push ebp 7C929CC8 6E outs dx, byte ptr es:[edi] 7C929CC9 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C929CD0 72 69 jb short 7C929D3B 7C929CD2 6E outs dx, byte ptr es:[edi] 7C929CD3 67:0052 74 add [bp+si+74], dl 7C929CD7 6C ins byte ptr es:[edi], dx 7C929CD8 46 inc esi ; ntdll.ZwTerminateProcess 7C929CD9 72 65 jb short 7C929D40 7C929CDB 65:55 push ebp 7C929CDD 73 65 jnb short 7C929D44 7C929CDF 72 54 jb short 7C929D35 7C929CE1 68 72656164 push 64616572 7C929CE6 53 push ebx 7C929CE7 74 61 je short 7C929D4A 7C929CE9 636B 00 arpl [ebx], bp 7C929CEC 52 push edx ; msvcrt.77C31AE8 7C929CED 74 6C je short 7C929D5B 7C929CEF 47 inc edi 7C929CF0 55 push ebp 7C929CF1 49 dec ecx 7C929CF2 44 inc esp 7C929CF3 46 inc esi ; ntdll.ZwTerminateProcess 7C929CF4 72 6F jb short 7C929D65 7C929CF6 6D ins dword ptr es:[edi], dx 7C929CF7 53 push ebx 7C929CF8 74 72 je short 7C929D6C 7C929CFA 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C929D01 47 inc edi 7C929D02 65:6E outs dx, byte ptr es:[edi] 7C929D04 65:72 61 jb short 7C929D68 7C929D07 74 65 je short 7C929D6E 7C929D09 38646F 74 cmp [edi+ebp*2+74], ah 7C929D0D 334E 61 xor ecx, [esi+61] 7C929D10 6D ins dword ptr es:[edi], dx 7C929D11 65:0052 74 add gs:[edx+74], dl 7C929D15 6C ins byte ptr es:[edi], dx 7C929D16 47 inc edi 7C929D17 65:74 41 je short 7C929D5B 7C929D1A 6365 00 arpl [ebp], sp 7C929D1D 52 push edx ; msvcrt.77C31AE8 7C929D1E 74 6C je short 7C929D8C 7C929D20 47 inc edi 7C929D21 65:74 41 je short 7C929D65 7C929D24 637469 76 arpl [ecx+ebp*2+76], si 7C929D28 65:41 inc ecx 7C929D2A 637469 76 arpl [ecx+ebp*2+76], si 7C929D2E 61 popad 7C929D2F 74 69 je short 7C929D9A 7C929D31 6F outs dx, dword ptr es:[edi] 7C929D32 6E outs dx, byte ptr es:[edi] 7C929D33 43 inc ebx 7C929D34 6F outs dx, dword ptr es:[edi] 7C929D35 6E outs dx, byte ptr es:[edi] 7C929D36 74 65 je short 7C929D9D 7C929D38 78 74 js short 7C929DAE 7C929D3A 0052 74 add [edx+74], dl 7C929D3D 6C ins byte ptr es:[edi], dx 7C929D3E 47 inc edi 7C929D3F 65:74 43 je short 7C929D85 7C929D42 61 popad 7C929D43 6C ins byte ptr es:[edi], dx 7C929D44 6C ins byte ptr es:[edi], dx 7C929D45 65:72 73 jb short 7C929DBB 7C929D48 41 inc ecx 7C929D49 64: prefix fs: 7C929D4A 64:72 65 jb short 7C929DB2 7C929D4D 73 73 jnb short 7C929DC2 7C929D4F 0052 74 add [edx+74], dl 7C929D52 6C ins byte ptr es:[edi], dx 7C929D53 47 inc edi 7C929D54 65:74 43 je short 7C929D9A 7C929D57 6F outs dx, dword ptr es:[edi] 7C929D58 6D ins dword ptr es:[edi], dx 7C929D59 70 72 jo short 7C929DCD 7C929D5B 65:73 73 jnb short 7C929DD1 7C929D5E 696F 6E 576F726>imul ebp, [edi+6E], 6B726F57 7C929D65 53 push ebx 7C929D66 70 61 jo short 7C929DC9 7C929D68 6365 53 arpl [ebp+53], sp 7C929D6B 697A 65 0052746>imul edi, [edx+65], 6C745200 7C929D72 47 inc edi 7C929D73 65:74 43 je short 7C929DB9 7C929D76 6F outs dx, dword ptr es:[edi] 7C929D77 6E outs dx, byte ptr es:[edi] 7C929D78 74 72 je short 7C929DEC 7C929D7A 6F outs dx, dword ptr es:[edi] 7C929D7B 6C ins byte ptr es:[edi], dx 7C929D7C 53 push ebx 7C929D7D 65:6375 72 arpl gs:[ebp+72], si 7C929D81 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C929D89 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C929D90 74 6C je short 7C929DFE 7C929D92 47 inc edi 7C929D93 65:74 43 je short 7C929DD9 7C929D96 75 72 jnz short 7C929E0A 7C929D98 72 65 jb short 7C929DFF 7C929D9A 6E outs dx, byte ptr es:[edi] 7C929D9B 74 44 je short 7C929DE1 7C929D9D 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C929DA4 79 5F jns short 7C929E05 7C929DA6 55 push ebp 7C929DA7 0052 74 add [edx+74], dl 7C929DAA 6C ins byte ptr es:[edi], dx 7C929DAB 47 inc edi 7C929DAC 65:74 43 je short 7C929DF2 7C929DAF 75 72 jnz short 7C929E23 7C929DB1 72 65 jb short 7C929E18 7C929DB3 6E outs dx, byte ptr es:[edi] 7C929DB4 74 50 je short 7C929E06 7C929DB6 65:6200 bound eax, gs:[eax] 7C929DB9 52 push edx ; msvcrt.77C31AE8 7C929DBA 74 6C je short 7C929E28 7C929DBC 47 inc edi 7C929DBD 65:74 44 je short 7C929E04 7C929DC0 61 popad 7C929DC1 636C53 65 arpl [ebx+edx*2+65], bp 7C929DC5 6375 72 arpl [ebp+72], si 7C929DC8 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C929DD0 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C929DD7 74 6C je short 7C929E45 7C929DD9 47 inc edi 7C929DDA 65:74 45 je short 7C929E22 7C929DDD 6C ins byte ptr es:[edi], dx 7C929DDE 65:6D ins dword ptr es:[edi], dx 7C929DE0 65:6E outs dx, byte ptr es:[edi] 7C929DE2 74 47 je short 7C929E2B 7C929DE4 65:6E outs dx, byte ptr es:[edi] 7C929DE6 65:72 69 jb short 7C929E52 7C929DE9 635461 62 arpl [ecx+62], dx 7C929DED 6C ins byte ptr es:[edi], dx 7C929DEE 65:0052 74 add gs:[edx+74], dl 7C929DF2 6C ins byte ptr es:[edi], dx 7C929DF3 47 inc edi 7C929DF4 65:74 45 je short 7C929E3C 7C929DF7 6C ins byte ptr es:[edi], dx 7C929DF8 65:6D ins dword ptr es:[edi], dx 7C929DFA 65:6E outs dx, byte ptr es:[edi] 7C929DFC 74 47 je short 7C929E45 7C929DFE 65:6E outs dx, byte ptr es:[edi] 7C929E00 65:72 69 jb short 7C929E6C 7C929E03 635461 62 arpl [ecx+62], dx 7C929E07 6C ins byte ptr es:[edi], dx 7C929E08 65:41 inc ecx 7C929E0A 76 6C jbe short 7C929E78 7C929E0C 0052 74 add [edx+74], dl 7C929E0F 6C ins byte ptr es:[edi], dx 7C929E10 47 inc edi 7C929E11 65:74 46 je short 7C929E5A 7C929E14 6972 73 7452616>imul esi, [edx+73], 6E615274 7C929E1B 67:65:0052 74 add gs:[bp+si+74], dl 7C929E20 6C ins byte ptr es:[edi], dx 7C929E21 47 inc edi 7C929E22 65:74 46 je short 7C929E6B 7C929E25 72 61 jb short 7C929E88 7C929E27 6D ins dword ptr es:[edi], dx 7C929E28 65:0052 74 add gs:[edx+74], dl 7C929E2C 6C ins byte ptr es:[edi], dx 7C929E2D 47 inc edi 7C929E2E 65:74 46 je short 7C929E77 7C929E31 75 6C jnz short 7C929E9F 7C929E33 6C ins byte ptr es:[edi], dx 7C929E34 50 push eax 7C929E35 61 popad 7C929E36 74 68 je short 7C929EA0 7C929E38 4E dec esi ; ntdll.ZwTerminateProcess 7C929E39 61 popad 7C929E3A 6D ins dword ptr es:[edi], dx 7C929E3B 65:5F pop edi ; ntdll.7C92E89A 7C929E3D 55 push ebp 7C929E3E 0052 74 add [edx+74], dl 7C929E41 6C ins byte ptr es:[edi], dx 7C929E42 47 inc edi 7C929E43 65:74 47 je short 7C929E8D 7C929E46 72 6F jb short 7C929EB7 7C929E48 75 70 jnz short 7C929EBA 7C929E4A 53 push ebx 7C929E4B 65:6375 72 arpl gs:[ebp+72], si 7C929E4F 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C929E57 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C929E5E 74 6C je short 7C929ECC 7C929E60 47 inc edi 7C929E61 65:74 4C je short 7C929EB0 7C929E64 61 popad 7C929E65 73 74 jnb short 7C929EDB 7C929E67 4E dec esi ; ntdll.ZwTerminateProcess 7C929E68 74 53 je short 7C929EBD 7C929E6A 74 61 je short 7C929ECD 7C929E6C 74 75 je short 7C929EE3 7C929E6E 73 00 jnb short 7C929E70 7C929E70 52 push edx ; msvcrt.77C31AE8 7C929E71 74 6C je short 7C929EDF 7C929E73 47 inc edi 7C929E74 65:74 4C je short 7C929EC3 7C929E77 61 popad 7C929E78 73 74 jnb short 7C929EEE 7C929E7A 57 push edi 7C929E7B 696E 33 3245727>imul ebp, [esi+33], 72724532 7C929E82 6F outs dx, dword ptr es:[edi] 7C929E83 72 00 jb short 7C929E85 7C929E85 52 push edx ; msvcrt.77C31AE8 7C929E86 74 6C je short 7C929EF4 7C929E88 47 inc edi 7C929E89 65:74 4C je short 7C929ED8 7C929E8C 65:6E outs dx, byte ptr es:[edi] 7C929E8E 67:74 68 je short 7C929EF9 7C929E91 57 push edi 7C929E92 697468 6F 75744>imul esi, [eax+ebp*2+6F], 614C7475 7C929E9A 73 74 jnb short 7C929F10 7C929E9C 46 inc esi ; ntdll.ZwTerminateProcess 7C929E9D 75 6C jnz short 7C929F0B 7C929E9F 6C ins byte ptr es:[edi], dx 7C929EA0 44 inc esp 7C929EA1 6F outs dx, dword ptr es:[edi] 7C929EA2 73 4F jnb short 7C929EF3 7C929EA4 72 4E jb short 7C929EF4 7C929EA6 74 50 je short 7C929EF8 7C929EA8 61 popad 7C929EA9 74 68 je short 7C929F13 7C929EAB 45 inc ebp 7C929EAC 6C ins byte ptr es:[edi], dx 7C929EAD 65:6D ins dword ptr es:[edi], dx 7C929EAF 65:6E outs dx, byte ptr es:[edi] 7C929EB1 74 00 je short 7C929EB3 7C929EB3 52 push edx ; msvcrt.77C31AE8 7C929EB4 74 6C je short 7C929F22 7C929EB6 47 inc edi 7C929EB7 65:74 4C je short 7C929F06 7C929EBA 65:6E outs dx, byte ptr es:[edi] 7C929EBC 67:74 68 je short 7C929F27 7C929EBF 57 push edi 7C929EC0 697468 6F 75745>imul esi, [eax+ebp*2+6F], 72547475 7C929EC8 61 popad 7C929EC9 696C69 6E 67506>imul ebp, [ecx+ebp*2+6E], 74615067 7C929ED1 68 53657065 push 65706553 7C929ED6 72 61 jb short 7C929F39 7C929ED8 74 6F je short 7C929F49 7C929EDA 72 73 jb short 7C929F4F 7C929EDC 0052 74 add [edx+74], dl 7C929EDF 6C ins byte ptr es:[edi], dx 7C929EE0 47 inc edi 7C929EE1 65:74 4C je short 7C929F30 7C929EE4 6F outs dx, dword ptr es:[edi] 7C929EE5 6E outs dx, byte ptr es:[edi] 7C929EE6 67:65:73 74 jnb short 7C929F5E 7C929EEA 4E dec esi ; ntdll.ZwTerminateProcess 7C929EEB 74 50 je short 7C929F3D 7C929EED 61 popad 7C929EEE 74 68 je short 7C929F58 7C929EF0 4C dec esp 7C929EF1 65:6E outs dx, byte ptr es:[edi] 7C929EF3 67:74 68 je short 7C929F5E 7C929EF6 0052 74 add [edx+74], dl 7C929EF9 6C ins byte ptr es:[edi], dx 7C929EFA 47 inc edi 7C929EFB 65:74 4E je short 7C929F4C 7C929EFE 61 popad 7C929EFF 74 69 je short 7C929F6A 7C929F01 76 65 jbe short 7C929F68 7C929F03 53 push ebx 7C929F04 79 73 jns short 7C929F79 7C929F06 74 65 je short 7C929F6D 7C929F08 6D ins dword ptr es:[edi], dx 7C929F09 49 dec ecx 7C929F0A 6E outs dx, byte ptr es:[edi] 7C929F0B 66:6F outs dx, word ptr es:[edi] 7C929F0D 72 6D jb short 7C929F7C 7C929F0F 61 popad 7C929F10 74 69 je short 7C929F7B 7C929F12 6F outs dx, dword ptr es:[edi] 7C929F13 6E outs dx, byte ptr es:[edi] 7C929F14 0052 74 add [edx+74], dl 7C929F17 6C ins byte ptr es:[edi], dx 7C929F18 47 inc edi 7C929F19 65:74 4E je short 7C929F6A 7C929F1C 65:78 74 js short 7C929F93 7C929F1F 52 push edx ; msvcrt.77C31AE8 7C929F20 61 popad 7C929F21 6E outs dx, byte ptr es:[edi] 7C929F22 67:65:0052 74 add gs:[bp+si+74], dl 7C929F27 6C ins byte ptr es:[edi], dx 7C929F28 47 inc edi 7C929F29 65:74 4E je short 7C929F7A 7C929F2C 74 47 je short 7C929F75 7C929F2E 6C ins byte ptr es:[edi], dx 7C929F2F 6F outs dx, dword ptr es:[edi] 7C929F30 6261 6C bound esp, [ecx+6C] 7C929F33 46 inc esi ; ntdll.ZwTerminateProcess 7C929F34 6C ins byte ptr es:[edi], dx 7C929F35 61 popad 7C929F36 67:73 00 jnb short 7C929F39 7C929F39 52 push edx ; msvcrt.77C31AE8 7C929F3A 74 6C je short 7C929FA8 7C929F3C 47 inc edi 7C929F3D 65:74 4E je short 7C929F8E 7C929F40 74 50 je short 7C929F92 7C929F42 72 6F jb short 7C929FB3 7C929F44 64:75 63 jnz short 7C929FAA 7C929F47 74 54 je short 7C929F9D 7C929F49 79 70 jns short 7C929FBB 7C929F4B 65:0052 74 add gs:[edx+74], dl 7C929F4F 6C ins byte ptr es:[edi], dx 7C929F50 47 inc edi 7C929F51 65:74 4E je short 7C929FA2 7C929F54 74 56 je short 7C929FAC 7C929F56 65:72 73 jb short 7C929FCC 7C929F59 696F 6E 4E756D6>imul ebp, [edi+6E], 626D754E 7C929F60 65:72 73 jb short 7C929FD6 7C929F63 0052 74 add [edx+74], dl 7C929F66 6C ins byte ptr es:[edi], dx 7C929F67 47 inc edi 7C929F68 65:74 4F je short 7C929FBA 7C929F6B 77 6E ja short 7C929FDB 7C929F6D 65:72 53 jb short 7C929FC3 7C929F70 65:6375 72 arpl gs:[ebp+72], si 7C929F74 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C929F7C 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C929F83 74 6C je short 7C929FF1 7C929F85 47 inc edi 7C929F86 65:74 50 je short 7C929FD9 7C929F89 72 6F jb short 7C929FFA 7C929F8B 6365 73 arpl [ebp+73], sp 7C929F8E 73 48 jnb short 7C929FD8 7C929F90 65:61 popad 7C929F92 70 73 jo short 7C92A007 7C929F94 0052 74 add [edx+74], dl 7C929F97 6C ins byte ptr es:[edi], dx 7C929F98 47 inc edi 7C929F99 65:74 53 je short 7C929FEF 7C929F9C 61 popad 7C929F9D 636C53 65 arpl [ebx+edx*2+65], bp 7C929FA1 6375 72 arpl [ebp+72], si 7C929FA4 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C929FAC 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C929FB3 74 6C je short 7C92A021 7C929FB5 47 inc edi 7C929FB6 65:74 53 je short 7C92A00C 7C929FB9 65:6375 72 arpl gs:[ebp+72], si 7C929FBD 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C929FC5 6970 74 6F72524>imul esi, [eax+74], 4D52726F 7C929FCC 43 inc ebx 7C929FCD 6F outs dx, dword ptr es:[edi] 7C929FCE 6E outs dx, byte ptr es:[edi] 7C929FCF 74 72 je short 7C92A043 7C929FD1 6F outs dx, dword ptr es:[edi] 7C929FD2 6C ins byte ptr es:[edi], dx 7C929FD3 0052 74 add [edx+74], dl 7C929FD6 6C ins byte ptr es:[edi], dx 7C929FD7 47 inc edi 7C929FD8 65:74 53 je short 7C92A02E 7C929FDB 65:74 42 je short 7C92A020 7C929FDE 6F outs dx, dword ptr es:[edi] 7C929FDF 6F outs dx, dword ptr es:[edi] 7C929FE0 74 53 je short 7C92A035 7C929FE2 74 61 je short 7C92A045 7C929FE4 74 75 je short 7C92A05B 7C929FE6 73 44 jnb short 7C92A02C 7C929FE8 61 popad 7C929FE9 74 61 je short 7C92A04C 7C929FEB 0052 74 add [edx+74], dl 7C929FEE 6C ins byte ptr es:[edi], dx 7C929FEF 47 inc edi 7C929FF0 65:74 55 je short 7C92A048 7C929FF3 6E outs dx, byte ptr es:[edi] 7C929FF4 6C ins byte ptr es:[edi], dx 7C929FF5 6F outs dx, dword ptr es:[edi] 7C929FF6 61 popad 7C929FF7 64:45 inc ebp 7C929FF9 76 65 jbe short 7C92A060 7C929FFB 6E outs dx, byte ptr es:[edi] 7C929FFC 74 54 je short 7C92A052 7C929FFE 72 61 jb short 7C92A061 7C92A000 6365 00 arpl [ebp], sp 7C92A003 52 push edx ; msvcrt.77C31AE8 7C92A004 74 6C je short 7C92A072 7C92A006 47 inc edi 7C92A007 65:74 55 je short 7C92A05F 7C92A00A 73 65 jnb short 7C92A071 7C92A00C 72 49 jb short 7C92A057 7C92A00E 6E outs dx, byte ptr es:[edi] 7C92A00F 66:6F outs dx, word ptr es:[edi] 7C92A011 48 dec eax 7C92A012 65:61 popad 7C92A014 70 00 jo short 7C92A016 7C92A016 52 push edx ; msvcrt.77C31AE8 7C92A017 74 6C je short 7C92A085 7C92A019 47 inc edi 7C92A01A 65:74 56 je short 7C92A073 7C92A01D 65:72 73 jb short 7C92A093 7C92A020 696F 6E 0052746>imul ebp, [edi+6E], 6C745200 7C92A027 48 dec eax 7C92A028 61 popad 7C92A029 73 68 jnb short 7C92A093 7C92A02B 55 push ebp 7C92A02C 6E outs dx, byte ptr es:[edi] 7C92A02D 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92A034 72 69 jb short 7C92A09F 7C92A036 6E outs dx, byte ptr es:[edi] 7C92A037 67:0052 74 add [bp+si+74], dl 7C92A03B 6C ins byte ptr es:[edi], dx 7C92A03C 49 dec ecx 7C92A03D 64: prefix fs: 7C92A03E 65:6E outs dx, byte ptr es:[edi] 7C92A040 74 69 je short 7C92A0AB 7C92A042 66:6965 72 4175 imul sp, [ebp+72], 7541 7C92A048 74 68 je short 7C92A0B2 7C92A04A 6F outs dx, dword ptr es:[edi] 7C92A04B 72 69 jb short 7C92A0B6 7C92A04D 74 79 je short 7C92A0C8 7C92A04F 53 push ebx 7C92A050 696400 52 746C4>imul esp, [eax+eax+52], 6D496C74 7C92A058 61 popad 7C92A059 67:65:44 inc esp 7C92A05C 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C92A063 79 45 jns short 7C92A0AA 7C92A065 6E outs dx, byte ptr es:[edi] 7C92A066 74 72 je short 7C92A0DA 7C92A068 79 54 jns short 7C92A0BE 7C92A06A 6F outs dx, dword ptr es:[edi] 7C92A06B 44 inc esp 7C92A06C 61 popad 7C92A06D 74 61 je short 7C92A0D0 7C92A06F 0052 74 add [edx+74], dl 7C92A072 6C ins byte ptr es:[edi], dx 7C92A073 49 dec ecx 7C92A074 6D ins dword ptr es:[edi], dx 7C92A075 61 popad 7C92A076 67:65:4E dec esi ; ntdll.ZwTerminateProcess 7C92A079 74 48 je short 7C92A0C3 7C92A07B 65:61 popad 7C92A07D 64: prefix fs: 7C92A07E 65:72 00 jb short 7C92A081 7C92A081 52 push edx ; msvcrt.77C31AE8 7C92A082 74 6C je short 7C92A0F0 7C92A084 49 dec ecx 7C92A085 6D ins dword ptr es:[edi], dx 7C92A086 61 popad 7C92A087 67:65:52 push edx ; msvcrt.77C31AE8 7C92A08A 76 61 jbe short 7C92A0ED 7C92A08C 54 push esp 7C92A08D 6F outs dx, dword ptr es:[edi] 7C92A08E 53 push ebx 7C92A08F 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92A094 6E outs dx, byte ptr es:[edi] 7C92A095 0052 74 add [edx+74], dl 7C92A098 6C ins byte ptr es:[edi], dx 7C92A099 49 dec ecx 7C92A09A 6D ins dword ptr es:[edi], dx 7C92A09B 61 popad 7C92A09C 67:65:52 push edx ; msvcrt.77C31AE8 7C92A09F 76 61 jbe short 7C92A102 7C92A0A1 54 push esp 7C92A0A2 6F outs dx, dword ptr es:[edi] 7C92A0A3 56 push esi ; ntdll.ZwTerminateProcess 7C92A0A4 61 popad 7C92A0A5 0052 74 add [edx+74], dl 7C92A0A8 6C ins byte ptr es:[edi], dx 7C92A0A9 49 dec ecx 7C92A0AA 6D ins dword ptr es:[edi], dx 7C92A0AB 70 65 jo short 7C92A112 7C92A0AD 72 73 jb short 7C92A122 7C92A0AF 6F outs dx, dword ptr es:[edi] 7C92A0B0 6E outs dx, byte ptr es:[edi] 7C92A0B1 61 popad 7C92A0B2 74 65 je short 7C92A119 7C92A0B4 53 push ebx 7C92A0B5 65:6C ins byte ptr es:[edi], dx 7C92A0B7 66:0052 74 add [edx+74], dl 7C92A0BB 6C ins byte ptr es:[edi], dx 7C92A0BC 49 dec ecx 7C92A0BD 6E outs dx, byte ptr es:[edi] 7C92A0BE 697441 6E 73695>imul esi, [ecx+eax*2+6E], 74536973 7C92A0C6 72 69 jb short 7C92A131 7C92A0C8 6E outs dx, byte ptr es:[edi] 7C92A0C9 67:0052 74 add [bp+si+74], dl 7C92A0CD 6C ins byte ptr es:[edi], dx 7C92A0CE 49 dec ecx 7C92A0CF 6E outs dx, byte ptr es:[edi] 7C92A0D0 697443 6F 64655>imul esi, [ebx+eax*2+6F], 61506564 7C92A0D8 67:65:54 push esp 7C92A0DB 61 popad 7C92A0DC 626C65 00 bound ebp, [ebp] 7C92A0E0 52 push edx ; msvcrt.77C31AE8 7C92A0E1 74 6C je short 7C92A14F 7C92A0E3 49 dec ecx 7C92A0E4 6E outs dx, byte ptr es:[edi] 7C92A0E5 69744D 65 6D6F7>imul esi, [ebp+ecx*2+65], 79726F6D 7C92A0ED 53 push ebx 7C92A0EE 74 72 je short 7C92A162 7C92A0F0 65:61 popad 7C92A0F2 6D ins dword ptr es:[edi], dx 7C92A0F3 0052 74 add [edx+74], dl 7C92A0F6 6C ins byte ptr es:[edi], dx 7C92A0F7 49 dec ecx 7C92A0F8 6E outs dx, byte ptr es:[edi] 7C92A0F9 69744E 6C 73546>imul esi, [esi+ecx*2+6C], 62615473 7C92A101 6C ins byte ptr es:[edi], dx 7C92A102 65:73 00 jnb short 7C92A105 7C92A105 52 push edx ; msvcrt.77C31AE8 7C92A106 74 6C je short 7C92A174 7C92A108 49 dec ecx 7C92A109 6E outs dx, byte ptr es:[edi] 7C92A10A 69744F 75 744F6>imul esi, [edi+ecx*2+75], 50664F74 7C92A112 72 6F jb short 7C92A183 7C92A114 6365 73 arpl [ebp+73], sp 7C92A117 73 4D jnb short 7C92A166 7C92A119 65:6D ins dword ptr es:[edi], dx 7C92A11B 6F outs dx, dword ptr es:[edi] 7C92A11C 72 79 jb short 7C92A197 7C92A11E 53 push ebx 7C92A11F 74 72 je short 7C92A193 7C92A121 65:61 popad 7C92A123 6D ins dword ptr es:[edi], dx 7C92A124 0052 74 add [edx+74], dl 7C92A127 6C ins byte ptr es:[edi], dx 7C92A128 49 dec ecx 7C92A129 6E outs dx, byte ptr es:[edi] 7C92A12A 697453 74 72696>imul esi, [ebx+edx*2+74], 676E6972 7C92A132 0052 74 add [edx+74], dl 7C92A135 6C ins byte ptr es:[edi], dx 7C92A136 49 dec ecx 7C92A137 6E outs dx, byte ptr es:[edi] 7C92A138 697455 6E 69636>imul esi, [ebp+edx*2+6E], 646F6369 7C92A140 65:53 push ebx 7C92A142 74 72 je short 7C92A1B6 7C92A144 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C92A14B 49 dec ecx 7C92A14C 6E outs dx, byte ptr es:[edi] 7C92A14D 697455 6E 69636>imul esi, [ebp+edx*2+6E], 646F6369 7C92A155 65:53 push ebx 7C92A157 74 72 je short 7C92A1CB 7C92A159 696E 67 4578005>imul ebp, [esi+67], 52007845 7C92A160 74 6C je short 7C92A1CE 7C92A162 49 dec ecx 7C92A163 6E outs dx, byte ptr es:[edi] 7C92A164 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A16C 41 inc ecx 7C92A16D 74 6F je short 7C92A1DE 7C92A16F 6D ins dword ptr es:[edi], dx 7C92A170 50 push eax 7C92A171 61 popad 7C92A172 636B 61 arpl [ebx+61], bp 7C92A175 67:65:0052 74 add gs:[bp+si+74], dl 7C92A17A 6C ins byte ptr es:[edi], dx 7C92A17B 49 dec ecx 7C92A17C 6E outs dx, byte ptr es:[edi] 7C92A17D 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92A185 42 inc edx ; msvcrt.77C31AE8 |
|
[讨论]程序分析!
7C928EF0 74 6C je short 7C928F5E 7C928EF2 43 inc ebx 7C928EF3 6F outs dx, dword ptr es:[edi] 7C928EF4 6D ins dword ptr es:[edi], dx 7C928EF5 70 61 jo short 7C928F58 7C928EF7 72 65 jb short 7C928F5E 7C928EF9 4D dec ebp 7C928EFA 65:6D ins dword ptr es:[edi], dx 7C928EFC 6F outs dx, dword ptr es:[edi] 7C928EFD 72 79 jb short 7C928F78 7C928EFF 0052 74 add [edx+74], dl 7C928F02 6C ins byte ptr es:[edi], dx 7C928F03 43 inc ebx 7C928F04 6F outs dx, dword ptr es:[edi] 7C928F05 6D ins dword ptr es:[edi], dx 7C928F06 70 61 jo short 7C928F69 7C928F08 72 65 jb short 7C928F6F 7C928F0A 4D dec ebp 7C928F0B 65:6D ins dword ptr es:[edi], dx 7C928F0D 6F outs dx, dword ptr es:[edi] 7C928F0E 72 79 jb short 7C928F89 7C928F10 55 push ebp 7C928F11 6C ins byte ptr es:[edi], dx 7C928F12 6F outs dx, dword ptr es:[edi] 7C928F13 6E outs dx, byte ptr es:[edi] 7C928F14 67:0052 74 add [bp+si+74], dl 7C928F18 6C ins byte ptr es:[edi], dx 7C928F19 43 inc ebx 7C928F1A 6F outs dx, dword ptr es:[edi] 7C928F1B 6D ins dword ptr es:[edi], dx 7C928F1C 70 61 jo short 7C928F7F 7C928F1E 72 65 jb short 7C928F85 7C928F20 53 push ebx 7C928F21 74 72 je short 7C928F95 7C928F23 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C928F2A 43 inc ebx 7C928F2B 6F outs dx, dword ptr es:[edi] 7C928F2C 6D ins dword ptr es:[edi], dx 7C928F2D 70 61 jo short 7C928F90 7C928F2F 72 65 jb short 7C928F96 7C928F31 55 push ebp 7C928F32 6E outs dx, byte ptr es:[edi] 7C928F33 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C928F3A 72 69 jb short 7C928FA5 7C928F3C 6E outs dx, byte ptr es:[edi] 7C928F3D 67:0052 74 add [bp+si+74], dl 7C928F41 6C ins byte ptr es:[edi], dx 7C928F42 43 inc ebx 7C928F43 6F outs dx, dword ptr es:[edi] 7C928F44 6D ins dword ptr es:[edi], dx 7C928F45 70 72 jo short 7C928FB9 7C928F47 65:73 73 jnb short 7C928FBD 7C928F4A 42 inc edx ; msvcrt.77C31AE8 7C928F4B 75 66 jnz short 7C928FB3 7C928F4D 66:65:72 00 jb short 00008F51 7C928F51 52 push edx ; msvcrt.77C31AE8 7C928F52 74 6C je short 7C928FC0 7C928F54 43 inc ebx 7C928F55 6F outs dx, dword ptr es:[edi] 7C928F56 6D ins dword ptr es:[edi], dx 7C928F57 70 75 jo short 7C928FCE 7C928F59 74 65 je short 7C928FC0 7C928F5B 43 inc ebx 7C928F5C 72 63 jb short 7C928FC1 7C928F5E 3332 xor esi, [edx] ; ntdll.7C99C8E0 7C928F60 0052 74 add [edx+74], dl 7C928F63 6C ins byte ptr es:[edi], dx 7C928F64 43 inc ebx 7C928F65 6F outs dx, dword ptr es:[edi] 7C928F66 6D ins dword ptr es:[edi], dx 7C928F67 70 75 jo short 7C928FDE 7C928F69 74 65 je short 7C928FD0 7C928F6B 49 dec ecx 7C928F6C 6D ins dword ptr es:[edi], dx 7C928F6D 70 6F jo short 7C928FDE 7C928F6F 72 74 jb short 7C928FE5 7C928F71 54 push esp 7C928F72 61 popad 7C928F73 626C65 48 bound ebp, [ebp+48] 7C928F77 61 popad 7C928F78 73 68 jnb short 7C928FE2 7C928F7A 0052 74 add [edx+74], dl 7C928F7D 6C ins byte ptr es:[edi], dx 7C928F7E 43 inc ebx 7C928F7F 6F outs dx, dword ptr es:[edi] 7C928F80 6D ins dword ptr es:[edi], dx 7C928F81 70 75 jo short 7C928FF8 7C928F83 74 65 je short 7C928FEA 7C928F85 50 push eax 7C928F86 72 69 jb short 7C928FF1 7C928F88 76 61 jbe short 7C928FEB 7C928F8A 74 69 je short 7C928FF5 7C928F8C 7A 65 jpe short 7C928FF3 7C928F8E 64:44 inc esp 7C928F90 6C ins byte ptr es:[edi], dx 7C928F91 6C ins byte ptr es:[edi], dx 7C928F92 4E dec esi ; ntdll.ZwTerminateProcess 7C928F93 61 popad 7C928F94 6D ins dword ptr es:[edi], dx 7C928F95 65:5F pop edi ; ntdll.7C92E89A 7C928F97 55 push ebp 7C928F98 0052 74 add [edx+74], dl 7C928F9B 6C ins byte ptr es:[edi], dx 7C928F9C 43 inc ebx 7C928F9D 6F outs dx, dword ptr es:[edi] 7C928F9E 6E outs dx, byte ptr es:[edi] 7C928F9F 73 6F jnb short 7C929010 7C928FA1 6C ins byte ptr es:[edi], dx 7C928FA2 65:4D dec ebp 7C928FA4 75 6C jnz short 7C929012 7C928FA6 74 69 je short 7C929011 7C928FA8 42 inc edx ; msvcrt.77C31AE8 7C928FA9 79 74 jns short 7C92901F 7C928FAB 65:54 push esp 7C928FAD 6F outs dx, dword ptr es:[edi] 7C928FAE 55 push ebp 7C928FAF 6E outs dx, byte ptr es:[edi] 7C928FB0 6963 6F 64654E0>imul esp, [ebx+6F], 4E6564 7C928FB7 52 push edx ; msvcrt.77C31AE8 7C928FB8 74 6C je short 7C929026 7C928FBA 43 inc ebx 7C928FBB 6F outs dx, dword ptr es:[edi] 7C928FBC 6E outs dx, byte ptr es:[edi] 7C928FBD 76 65 jbe short 7C929024 7C928FBF 72 74 jb short 7C929035 7C928FC1 45 inc ebp 7C928FC2 78 63 js short 7C929027 7C928FC4 6C ins byte ptr es:[edi], dx 7C928FC5 75 73 jnz short 7C92903A 7C928FC7 6976 65 546F536>imul esi, [esi+65], 68536F54 7C928FCE 61 popad 7C928FCF 72 65 jb short 7C929036 7C928FD1 64:0052 74 add fs:[edx+74], dl 7C928FD5 6C ins byte ptr es:[edi], dx 7C928FD6 43 inc ebx 7C928FD7 6F outs dx, dword ptr es:[edi] 7C928FD8 6E outs dx, byte ptr es:[edi] 7C928FD9 76 65 jbe short 7C929040 7C928FDB 72 74 jb short 7C929051 7C928FDD 4C dec esp 7C928FDE 6F outs dx, dword ptr es:[edi] 7C928FDF 6E outs dx, byte ptr es:[edi] 7C928FE0 67:54 push esp 7C928FE2 6F outs dx, dword ptr es:[edi] 7C928FE3 4C dec esp 7C928FE4 61 popad 7C928FE5 72 67 jb short 7C92904E 7C928FE7 65:49 dec ecx 7C928FE9 6E outs dx, byte ptr es:[edi] 7C928FEA 74 65 je short 7C929051 7C928FEC 67:65:72 00 jb short 7C928FF0 7C928FF0 52 push edx ; msvcrt.77C31AE8 7C928FF1 74 6C je short 7C92905F 7C928FF3 43 inc ebx 7C928FF4 6F outs dx, dword ptr es:[edi] 7C928FF5 6E outs dx, byte ptr es:[edi] 7C928FF6 76 65 jbe short 7C92905D 7C928FF8 72 74 jb short 7C92906E 7C928FFA 50 push eax 7C928FFB 72 6F jb short 7C92906C 7C928FFD 70 65 jo short 7C929064 7C928FFF 72 74 jb short 7C929075 7C929001 79 54 jns short 7C929057 7C929003 6F outs dx, dword ptr es:[edi] 7C929004 56 push esi ; ntdll.ZwTerminateProcess 7C929005 61 popad 7C929006 72 69 jb short 7C929071 7C929008 61 popad 7C929009 6E outs dx, byte ptr es:[edi] 7C92900A 74 00 je short 7C92900C 7C92900C 52 push edx ; msvcrt.77C31AE8 7C92900D 74 6C je short 7C92907B 7C92900F 43 inc ebx 7C929010 6F outs dx, dword ptr es:[edi] 7C929011 6E outs dx, byte ptr es:[edi] 7C929012 76 65 jbe short 7C929079 7C929014 72 74 jb short 7C92908A 7C929016 53 push ebx 7C929017 68 61726564 push 64657261 7C92901C 54 push esp 7C92901D 6F outs dx, dword ptr es:[edi] 7C92901E 45 inc ebp 7C92901F 78 63 js short 7C929084 7C929021 6C ins byte ptr es:[edi], dx 7C929022 75 73 jnz short 7C929097 7C929024 6976 65 0052746>imul esi, [esi+65], 6C745200 7C92902B 43 inc ebx 7C92902C 6F outs dx, dword ptr es:[edi] 7C92902D 6E outs dx, byte ptr es:[edi] 7C92902E 76 65 jbe short 7C929095 7C929030 72 74 jb short 7C9290A6 7C929032 53 push ebx 7C929033 696454 6F 556E6>imul esp, [esp+edx*2+6F], 63696E55 7C92903B 6F outs dx, dword ptr es:[edi] 7C92903C 64: prefix fs: 7C92903D 65:53 push ebx 7C92903F 74 72 je short 7C9290B3 7C929041 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C929048 43 inc ebx 7C929049 6F outs dx, dword ptr es:[edi] 7C92904A 6E outs dx, byte ptr es:[edi] 7C92904B 76 65 jbe short 7C9290B2 7C92904D 72 74 jb short 7C9290C3 7C92904F 54 push esp 7C929050 6F outs dx, dword ptr es:[edi] 7C929051 41 inc ecx 7C929052 75 74 jnz short 7C9290C8 7C929054 6F outs dx, dword ptr es:[edi] 7C929055 49 dec ecx 7C929056 6E outs dx, byte ptr es:[edi] 7C929057 68 65726974 push 74697265 7C92905C 53 push ebx 7C92905D 65:6375 72 arpl gs:[ebp+72], si 7C929061 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C929069 74 00 je short 7C92906B 7C92906B 52 push edx ; msvcrt.77C31AE8 7C92906C 74 6C je short 7C9290DA 7C92906E 43 inc ebx 7C92906F 6F outs dx, dword ptr es:[edi] 7C929070 6E outs dx, byte ptr es:[edi] 7C929071 76 65 jbe short 7C9290D8 7C929073 72 74 jb short 7C9290E9 7C929075 55 push ebp 7C929076 694C69 73 74546>imul ecx, [ecx+ebp*2+73], 416F5474 7C92907E 70 69 jo short 7C9290E9 7C929080 4C dec esp 7C929081 6973 74 0052746>imul esi, [ebx+74], 6C745200 7C929088 43 inc ebx 7C929089 6F outs dx, dword ptr es:[edi] 7C92908A 6E outs dx, byte ptr es:[edi] 7C92908B 76 65 jbe short 7C9290F2 7C92908D 72 74 jb short 7C929103 7C92908F 55 push ebp 7C929090 6C ins byte ptr es:[edi], dx 7C929091 6F outs dx, dword ptr es:[edi] 7C929092 6E outs dx, byte ptr es:[edi] 7C929093 67:54 push esp 7C929095 6F outs dx, dword ptr es:[edi] 7C929096 4C dec esp 7C929097 61 popad 7C929098 72 67 jb short 7C929101 7C92909A 65:49 dec ecx 7C92909C 6E outs dx, byte ptr es:[edi] 7C92909D 74 65 je short 7C929104 7C92909F 67:65:72 00 jb short 7C9290A3 7C9290A3 52 push edx ; msvcrt.77C31AE8 7C9290A4 74 6C je short 7C929112 7C9290A6 43 inc ebx 7C9290A7 6F outs dx, dword ptr es:[edi] 7C9290A8 6E outs dx, byte ptr es:[edi] 7C9290A9 76 65 jbe short 7C929110 7C9290AB 72 74 jb short 7C929121 7C9290AD 56 push esi ; ntdll.ZwTerminateProcess 7C9290AE 61 popad 7C9290AF 72 69 jb short 7C92911A 7C9290B1 61 popad 7C9290B2 6E outs dx, byte ptr es:[edi] 7C9290B3 74 54 je short 7C929109 7C9290B5 6F outs dx, dword ptr es:[edi] 7C9290B6 50 push eax 7C9290B7 72 6F jb short 7C929128 7C9290B9 70 65 jo short 7C929120 7C9290BB 72 74 jb short 7C929131 7C9290BD 79 00 jns short 7C9290BF 7C9290BF 52 push edx ; msvcrt.77C31AE8 7C9290C0 74 6C je short 7C92912E 7C9290C2 43 inc ebx 7C9290C3 6F outs dx, dword ptr es:[edi] 7C9290C4 70 79 jo short 7C92913F 7C9290C6 4C dec esp 7C9290C7 75 69 jnz short 7C929132 7C9290C9 64:0052 74 add fs:[edx+74], dl 7C9290CD 6C ins byte ptr es:[edi], dx 7C9290CE 43 inc ebx 7C9290CF 6F outs dx, dword ptr es:[edi] 7C9290D0 70 79 jo short 7C92914B 7C9290D2 4C dec esp 7C9290D3 75 69 jnz short 7C92913E 7C9290D5 64:41 inc ecx 7C9290D7 6E outs dx, byte ptr es:[edi] 7C9290D8 64:41 inc ecx 7C9290DA 74 74 je short 7C929150 7C9290DC 72 69 jb short 7C929147 7C9290DE 6275 74 bound esi, [ebp+74] 7C9290E1 65:73 41 jnb short 7C929125 7C9290E4 72 72 jb short 7C929158 7C9290E6 61 popad 7C9290E7 79 00 jns short 7C9290E9 7C9290E9 52 push edx ; msvcrt.77C31AE8 7C9290EA 74 6C je short 7C929158 7C9290EC 43 inc ebx 7C9290ED 6F outs dx, dword ptr es:[edi] 7C9290EE 70 79 jo short 7C929169 7C9290F0 4D dec ebp 7C9290F1 65:6D ins dword ptr es:[edi], dx 7C9290F3 6F outs dx, dword ptr es:[edi] 7C9290F4 72 79 jb short 7C92916F 7C9290F6 53 push ebx 7C9290F7 74 72 je short 7C92916B 7C9290F9 65:61 popad 7C9290FB 6D ins dword ptr es:[edi], dx 7C9290FC 54 push esp 7C9290FD 6F outs dx, dword ptr es:[edi] 7C9290FE 0052 74 add [edx+74], dl 7C929101 6C ins byte ptr es:[edi], dx 7C929102 43 inc ebx 7C929103 6F outs dx, dword ptr es:[edi] 7C929104 70 79 jo short 7C92917F 7C929106 4F dec edi 7C929107 75 74 jnz short 7C92917D 7C929109 4F dec edi 7C92910A 66:50 push ax 7C92910C 72 6F jb short 7C92917D 7C92910E 6365 73 arpl [ebp+73], sp 7C929111 73 4D jnb short 7C929160 7C929113 65:6D ins dword ptr es:[edi], dx 7C929115 6F outs dx, dword ptr es:[edi] 7C929116 72 79 jb short 7C929191 7C929118 53 push ebx 7C929119 74 72 je short 7C92918D 7C92911B 65:61 popad 7C92911D 6D ins dword ptr es:[edi], dx 7C92911E 54 push esp 7C92911F 6F outs dx, dword ptr es:[edi] 7C929120 0052 74 add [edx+74], dl 7C929123 6C ins byte ptr es:[edi], dx 7C929124 43 inc ebx 7C929125 6F outs dx, dword ptr es:[edi] 7C929126 70 79 jo short 7C9291A1 7C929128 52 push edx ; msvcrt.77C31AE8 7C929129 61 popad 7C92912A 6E outs dx, byte ptr es:[edi] 7C92912B 67:65:4C dec esp 7C92912E 6973 74 0052746>imul esi, [ebx+74], 6C745200 7C929135 43 inc ebx 7C929136 6F outs dx, dword ptr es:[edi] 7C929137 70 79 jo short 7C9291B2 7C929139 53 push ebx 7C92913A 65:6375 72 arpl gs:[ebp+72], si 7C92913E 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C929146 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C92914D 74 6C je short 7C9291BB 7C92914F 43 inc ebx 7C929150 6F outs dx, dword ptr es:[edi] 7C929151 70 79 jo short 7C9291CC 7C929153 53 push ebx 7C929154 696400 52 746C4>imul esp, [eax+eax+52], 6F436C74 7C92915C 70 79 jo short 7C9291D7 7C92915E 53 push ebx 7C92915F 696441 6E 64417>imul esp, [ecx+eax*2+6E], 74744164 7C929167 72 69 jb short 7C9291D2 7C929169 6275 74 bound esi, [ebp+74] 7C92916C 65:73 41 jnb short 7C9291B0 7C92916F 72 72 jb short 7C9291E3 7C929171 61 popad 7C929172 79 00 jns short 7C929174 7C929174 52 push edx ; msvcrt.77C31AE8 7C929175 74 6C je short 7C9291E3 7C929177 43 inc ebx 7C929178 6F outs dx, dword ptr es:[edi] 7C929179 70 79 jo short 7C9291F4 7C92917B 53 push ebx 7C92917C 74 72 je short 7C9291F0 7C92917E 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C929185 43 inc ebx 7C929186 6F outs dx, dword ptr es:[edi] 7C929187 70 79 jo short 7C929202 7C929189 55 push ebp 7C92918A 6E outs dx, byte ptr es:[edi] 7C92918B 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C929192 72 69 jb short 7C9291FD 7C929194 6E outs dx, byte ptr es:[edi] 7C929195 67:0052 74 add [bp+si+74], dl 7C929199 6C ins byte ptr es:[edi], dx 7C92919A 43 inc ebx 7C92919B 72 65 jb short 7C929202 7C92919D 61 popad 7C92919E 74 65 je short 7C929205 7C9291A0 41 inc ecx 7C9291A1 636C00 52 arpl [eax+eax+52], bp 7C9291A5 74 6C je short 7C929213 7C9291A7 43 inc ebx 7C9291A8 72 65 jb short 7C92920F 7C9291AA 61 popad 7C9291AB 74 65 je short 7C929212 7C9291AD 41 inc ecx 7C9291AE 637469 76 arpl [ecx+ebp*2+76], si 7C9291B2 61 popad 7C9291B3 74 69 je short 7C92921E 7C9291B5 6F outs dx, dword ptr es:[edi] 7C9291B6 6E outs dx, byte ptr es:[edi] 7C9291B7 43 inc ebx 7C9291B8 6F outs dx, dword ptr es:[edi] 7C9291B9 6E outs dx, byte ptr es:[edi] 7C9291BA 74 65 je short 7C929221 7C9291BC 78 74 js short 7C929232 7C9291BE 0052 74 add [edx+74], dl 7C9291C1 6C ins byte ptr es:[edi], dx 7C9291C2 43 inc ebx 7C9291C3 72 65 jb short 7C92922A 7C9291C5 61 popad 7C9291C6 74 65 je short 7C92922D 7C9291C8 41 inc ecx 7C9291C9 6E outs dx, byte ptr es:[edi] 7C9291CA 64:53 push ebx 7C9291CC 65:74 53 je short 7C929222 7C9291CF 44 inc esp 7C9291D0 0052 74 add [edx+74], dl 7C9291D3 6C ins byte ptr es:[edi], dx 7C9291D4 43 inc ebx 7C9291D5 72 65 jb short 7C92923C 7C9291D7 61 popad 7C9291D8 74 65 je short 7C92923F 7C9291DA 41 inc ecx 7C9291DB 74 6F je short 7C92924C 7C9291DD 6D ins dword ptr es:[edi], dx 7C9291DE 54 push esp 7C9291DF 61 popad 7C9291E0 626C65 00 bound ebp, [ebp] 7C9291E4 52 push edx ; msvcrt.77C31AE8 7C9291E5 74 6C je short 7C929253 7C9291E7 43 inc ebx 7C9291E8 72 65 jb short 7C92924F 7C9291EA 61 popad 7C9291EB 74 65 je short 7C929252 7C9291ED 42 inc edx ; msvcrt.77C31AE8 7C9291EE 6F outs dx, dword ptr es:[edi] 7C9291EF 6F outs dx, dword ptr es:[edi] 7C9291F0 74 53 je short 7C929245 7C9291F2 74 61 je short 7C929255 7C9291F4 74 75 je short 7C92926B 7C9291F6 73 44 jnb short 7C92923C 7C9291F8 61 popad 7C9291F9 74 61 je short 7C92925C 7C9291FB 46 inc esi ; ntdll.ZwTerminateProcess 7C9291FC 696C65 00 52746>imul ebp, [ebp], 436C7452 7C929204 72 65 jb short 7C92926B 7C929206 61 popad 7C929207 74 65 je short 7C92926E 7C929209 45 inc ebp 7C92920A 6E outs dx, byte ptr es:[edi] 7C92920B 76 69 jbe short 7C929276 7C92920D 72 6F jb short 7C92927E 7C92920F 6E outs dx, byte ptr es:[edi] 7C929210 6D ins dword ptr es:[edi], dx 7C929211 65:6E outs dx, byte ptr es:[edi] 7C929213 74 00 je short 7C929215 7C929215 52 push edx ; msvcrt.77C31AE8 7C929216 74 6C je short 7C929284 7C929218 43 inc ebx 7C929219 72 65 jb short 7C929280 7C92921B 61 popad 7C92921C 74 65 je short 7C929283 7C92921E 48 dec eax 7C92921F 65:61 popad 7C929221 70 00 jo short 7C929223 7C929223 52 push edx ; msvcrt.77C31AE8 7C929224 74 6C je short 7C929292 7C929226 43 inc ebx 7C929227 72 65 jb short 7C92928E 7C929229 61 popad 7C92922A 74 65 je short 7C929291 7C92922C 50 push eax 7C92922D 72 6F jb short 7C92929E 7C92922F 6365 73 arpl [ebp+73], sp 7C929232 73 50 jnb short 7C929284 7C929234 61 popad 7C929235 72 61 jb short 7C929298 7C929237 6D ins dword ptr es:[edi], dx 7C929238 65:74 65 je short 7C9292A0 7C92923B 72 73 jb short 7C9292B0 7C92923D 0052 74 add [edx+74], dl 7C929240 6C ins byte ptr es:[edi], dx 7C929241 43 inc ebx 7C929242 72 65 jb short 7C9292A9 7C929244 61 popad 7C929245 74 65 je short 7C9292AC 7C929247 51 push ecx 7C929248 75 65 jnz short 7C9292AF 7C92924A 72 79 jb short 7C9292C5 7C92924C 44 inc esp 7C92924D 65:6275 67 bound esi, gs:[ebp+67] 7C929251 42 inc edx ; msvcrt.77C31AE8 7C929252 75 66 jnz short 7C9292BA 7C929254 66:65:72 00 jb short 00009258 7C929258 52 push edx ; msvcrt.77C31AE8 7C929259 74 6C je short 7C9292C7 7C92925B 43 inc ebx 7C92925C 72 65 jb short 7C9292C3 7C92925E 61 popad 7C92925F 74 65 je short 7C9292C6 7C929261 52 push edx ; msvcrt.77C31AE8 7C929262 65:67:6973 74 7>imul esi, gs:[bp+di+74], 654B7972 7C92926B 79 00 jns short 7C92926D 7C92926D 52 push edx ; msvcrt.77C31AE8 7C92926E 74 6C je short 7C9292DC 7C929270 43 inc ebx 7C929271 72 65 jb short 7C9292D8 7C929273 61 popad 7C929274 74 65 je short 7C9292DB 7C929276 53 push ebx 7C929277 65:6375 72 arpl gs:[ebp+72], si 7C92927B 697479 44 65736>imul esi, [ecx+edi*2+44], 72637365 7C929283 6970 74 6F72005>imul esi, [eax+74], 5200726F 7C92928A 74 6C je short 7C9292F8 7C92928C 43 inc ebx 7C92928D 72 65 jb short 7C9292F4 7C92928F 61 popad 7C929290 74 65 je short 7C9292F7 7C929292 53 push ebx 7C929293 79 73 jns short 7C929308 7C929295 74 65 je short 7C9292FC 7C929297 6D ins dword ptr es:[edi], dx 7C929298 56 push esi ; ntdll.ZwTerminateProcess 7C929299 6F outs dx, dword ptr es:[edi] 7C92929A 6C ins byte ptr es:[edi], dx 7C92929B 75 6D jnz short 7C92930A 7C92929D 65:49 dec ecx 7C92929F 6E outs dx, byte ptr es:[edi] 7C9292A0 66:6F outs dx, word ptr es:[edi] 7C9292A2 72 6D jb short 7C929311 7C9292A4 61 popad 7C9292A5 74 69 je short 7C929310 7C9292A7 6F outs dx, dword ptr es:[edi] 7C9292A8 6E outs dx, byte ptr es:[edi] 7C9292A9 46 inc esi ; ntdll.ZwTerminateProcess 7C9292AA 6F outs dx, dword ptr es:[edi] 7C9292AB 6C ins byte ptr es:[edi], dx 7C9292AC 64: prefix fs: 7C9292AD 65:72 00 jb short 7C9292B0 7C9292B0 52 push edx ; msvcrt.77C31AE8 7C9292B1 74 6C je short 7C92931F 7C9292B3 43 inc ebx 7C9292B4 72 65 jb short 7C92931B 7C9292B6 61 popad 7C9292B7 74 65 je short 7C92931E 7C9292B9 54 push esp 7C9292BA 61 popad 7C9292BB 67:48 dec eax 7C9292BD 65:61 popad 7C9292BF 70 00 jo short 7C9292C1 7C9292C1 52 push edx ; msvcrt.77C31AE8 7C9292C2 74 6C je short 7C929330 7C9292C4 43 inc ebx 7C9292C5 72 65 jb short 7C92932C 7C9292C7 61 popad 7C9292C8 74 65 je short 7C92932F 7C9292CA 54 push esp 7C9292CB 696D 65 7200527>imul ebp, [ebp+65], 74520072 7C9292D2 6C ins byte ptr es:[edi], dx 7C9292D3 43 inc ebx 7C9292D4 72 65 jb short 7C92933B 7C9292D6 61 popad 7C9292D7 74 65 je short 7C92933E 7C9292D9 54 push esp 7C9292DA 696D 65 7251756>imul ebp, [ebp+65], 65755172 7C9292E1 75 65 jnz short 7C929348 7C9292E3 0052 74 add [edx+74], dl 7C9292E6 6C ins byte ptr es:[edi], dx 7C9292E7 43 inc ebx 7C9292E8 72 65 jb short 7C92934F 7C9292EA 61 popad 7C9292EB 74 65 je short 7C929352 7C9292ED 55 push ebp 7C9292EE 6E outs dx, byte ptr es:[edi] 7C9292EF 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C9292F6 72 69 jb short 7C929361 7C9292F8 6E outs dx, byte ptr es:[edi] 7C9292F9 67:0052 74 add [bp+si+74], dl 7C9292FD 6C ins byte ptr es:[edi], dx 7C9292FE 43 inc ebx 7C9292FF 72 65 jb short 7C929366 7C929301 61 popad 7C929302 74 65 je short 7C929369 7C929304 55 push ebp 7C929305 6E outs dx, byte ptr es:[edi] 7C929306 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92930D 72 69 jb short 7C929378 7C92930F 6E outs dx, byte ptr es:[edi] 7C929310 67:46 inc esi ; ntdll.ZwTerminateProcess 7C929312 72 6F jb short 7C929383 7C929314 6D ins dword ptr es:[edi], dx 7C929315 41 inc ecx 7C929316 73 63 jnb short 7C92937B 7C929318 6969 7A 0052746>imul ebp, [ecx+7A], 6C745200 7C92931F 43 inc ebx 7C929320 72 65 jb short 7C929387 7C929322 61 popad 7C929323 74 65 je short 7C92938A 7C929325 55 push ebp 7C929326 73 65 jnb short 7C92938D 7C929328 72 50 jb short 7C92937A 7C92932A 72 6F jb short 7C92939B 7C92932C 6365 73 arpl [ebp+73], sp 7C92932F 73 00 jnb short 7C929331 7C929331 52 push edx ; msvcrt.77C31AE8 7C929332 74 6C je short 7C9293A0 7C929334 43 inc ebx 7C929335 72 65 jb short 7C92939C 7C929337 61 popad 7C929338 74 65 je short 7C92939F 7C92933A 55 push ebp 7C92933B 73 65 jnb short 7C9293A2 7C92933D 72 53 jb short 7C929392 7C92933F 65:6375 72 arpl gs:[ebp+72], si 7C929343 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C92934B 74 00 je short 7C92934D 7C92934D 52 push edx ; msvcrt.77C31AE8 7C92934E 74 6C je short 7C9293BC 7C929350 43 inc ebx 7C929351 72 65 jb short 7C9293B8 7C929353 61 popad 7C929354 74 65 je short 7C9293BB 7C929356 55 push ebp 7C929357 73 65 jnb short 7C9293BE 7C929359 72 54 jb short 7C9293AF 7C92935B 68 72656164 push 64616572 7C929360 0052 74 add [edx+74], dl 7C929363 6C ins byte ptr es:[edi], dx 7C929364 43 inc ebx 7C929365 75 73 jnz short 7C9293DA 7C929367 74 6F je short 7C9293D8 7C929369 6D ins dword ptr es:[edi], dx 7C92936A 43 inc ebx 7C92936B 50 push eax 7C92936C 54 push esp 7C92936D 6F outs dx, dword ptr es:[edi] 7C92936E 55 push ebp 7C92936F 6E outs dx, byte ptr es:[edi] 7C929370 6963 6F 64654E0>imul esp, [ebx+6F], 4E6564 7C929377 52 push edx ; msvcrt.77C31AE8 7C929378 74 6C je short 7C9293E6 7C92937A 43 inc ebx 7C92937B 75 74 jnz short 7C9293F1 7C92937D 6F outs dx, dword ptr es:[edi] 7C92937E 76 65 jbe short 7C9293E5 7C929380 72 54 jb short 7C9293D6 7C929382 696D 65 546F537>imul ebp, [ebp+65], 79536F54 7C929389 73 74 jnb short 7C9293FF 7C92938B 65:6D ins dword ptr es:[edi], dx 7C92938D 54 push esp 7C92938E 696D 65 0052746>imul ebp, [ebp+65], 6C745200 7C929395 44 inc esp 7C929396 65:4E dec esi ; ntdll.ZwTerminateProcess 7C929398 6F outs dx, dword ptr es:[edi] 7C929399 72 6D jb short 7C929408 7C92939B 61 popad 7C92939C 6C ins byte ptr es:[edi], dx 7C92939D 697A 65 50726F6>imul edi, [edx+65], 636F7250 7C9293A4 65:73 73 jnb short 7C92941A 7C9293A7 50 push eax 7C9293A8 61 popad 7C9293A9 72 61 jb short 7C92940C 7C9293AB 6D ins dword ptr es:[edi], dx 7C9293AC 73 00 jnb short 7C9293AE 7C9293AE 52 push edx ; msvcrt.77C31AE8 7C9293AF 74 6C je short 7C92941D 7C9293B1 44 inc esp 7C9293B2 65:61 popad 7C9293B4 637469 76 arpl [ecx+ebp*2+76], si 7C9293B8 61 popad 7C9293B9 74 65 je short 7C929420 7C9293BB 41 inc ecx 7C9293BC 637469 76 arpl [ecx+ebp*2+76], si 7C9293C0 61 popad 7C9293C1 74 69 je short 7C92942C 7C9293C3 6F outs dx, dword ptr es:[edi] 7C9293C4 6E outs dx, byte ptr es:[edi] 7C9293C5 43 inc ebx 7C9293C6 6F outs dx, dword ptr es:[edi] 7C9293C7 6E outs dx, byte ptr es:[edi] 7C9293C8 74 65 je short 7C92942F 7C9293CA 78 74 js short 7C929440 7C9293CC 0052 74 add [edx+74], dl 7C9293CF 6C ins byte ptr es:[edi], dx 7C9293D0 44 inc esp 7C9293D1 65:61 popad 7C9293D3 637469 76 arpl [ecx+ebp*2+76], si 7C9293D7 61 popad 7C9293D8 74 65 je short 7C92943F 7C9293DA 41 inc ecx 7C9293DB 637469 76 arpl [ecx+ebp*2+76], si 7C9293DF 61 popad 7C9293E0 74 69 je short 7C92944B 7C9293E2 6F outs dx, dword ptr es:[edi] 7C9293E3 6E outs dx, byte ptr es:[edi] 7C9293E4 43 inc ebx 7C9293E5 6F outs dx, dword ptr es:[edi] 7C9293E6 6E outs dx, byte ptr es:[edi] 7C9293E7 74 65 je short 7C92944E 7C9293E9 78 74 js short 7C92945F 7C9293EB 55 push ebp 7C9293EC 6E outs dx, byte ptr es:[edi] 7C9293ED 73 61 jnb short 7C929450 7C9293EF 66:65:46 inc si 7C9293F2 61 popad 7C9293F3 73 74 jnb short 7C929469 7C9293F5 0052 74 add [edx+74], dl 7C9293F8 6C ins byte ptr es:[edi], dx 7C9293F9 44 inc esp 7C9293FA 65:6275 67 bound esi, gs:[ebp+67] 7C9293FE 50 push eax 7C9293FF 72 69 jb short 7C92946A 7C929401 6E outs dx, byte ptr es:[edi] 7C929402 74 54 je short 7C929458 7C929404 696D 65 7300527>imul ebp, [ebp+65], 74520073 7C92940B 6C ins byte ptr es:[edi], dx 7C92940C 44 inc esp 7C92940D 65:636F 64 arpl gs:[edi+64], bp 7C929411 65:50 push eax 7C929413 6F outs dx, dword ptr es:[edi] 7C929414 696E 74 6572005>imul ebp, [esi+74], 52007265 7C92941B 74 6C je short 7C929489 7C92941D 44 inc esp 7C92941E 65:636F 64 arpl gs:[edi+64], bp 7C929422 65:53 push ebx 7C929424 79 73 jns short 7C929499 7C929426 74 65 je short 7C92948D 7C929428 6D ins dword ptr es:[edi], dx 7C929429 50 push eax 7C92942A 6F outs dx, dword ptr es:[edi] 7C92942B 696E 74 6572005>imul ebp, [esi+74], 52007265 7C929432 74 6C je short 7C9294A0 7C929434 44 inc esp 7C929435 65:636F 6D arpl gs:[edi+6D], bp 7C929439 70 72 jo short 7C9294AD 7C92943B 65:73 73 jnb short 7C9294B1 7C92943E 42 inc edx ; msvcrt.77C31AE8 7C92943F 75 66 jnz short 7C9294A7 7C929441 66:65:72 00 jb short 00009445 7C929445 52 push edx ; msvcrt.77C31AE8 7C929446 74 6C je short 7C9294B4 7C929448 44 inc esp 7C929449 65:636F 6D arpl gs:[edi+6D], bp 7C92944D 70 72 jo short 7C9294C1 7C92944F 65:73 73 jnb short 7C9294C5 7C929452 46 inc esi ; ntdll.ZwTerminateProcess 7C929453 72 61 jb short 7C9294B6 7C929455 67:6D ins dword ptr es:[di], dx 7C929457 65:6E outs dx, byte ptr es:[edi] 7C929459 74 00 je short 7C92945B 7C92945B 52 push edx ; msvcrt.77C31AE8 7C92945C 74 6C je short 7C9294CA 7C92945E 44 inc esp 7C92945F 65:66:61 popaw 7C929462 75 6C jnz short 7C9294D0 7C929464 74 4E je short 7C9294B4 7C929466 70 41 jo short 7C9294A9 7C929468 636C00 52 arpl [eax+eax+52], bp 7C92946C 74 6C je short 7C9294DA 7C92946E 44 inc esp 7C92946F 65:6C ins byte ptr es:[edi], dx 7C929471 65:74 65 je short 7C9294D9 7C929474 0052 74 add [edx+74], dl 7C929477 6C ins byte ptr es:[edi], dx 7C929478 44 inc esp 7C929479 65:6C ins byte ptr es:[edi], dx 7C92947B 65:74 65 je short 7C9294E3 7C92947E 41 inc ecx 7C92947F 6365 00 arpl [ebp], sp 7C929482 52 push edx ; msvcrt.77C31AE8 7C929483 74 6C je short 7C9294F1 7C929485 44 inc esp 7C929486 65:6C ins byte ptr es:[edi], dx 7C929488 65:74 65 je short 7C9294F0 7C92948B 41 inc ecx 7C92948C 74 6F je short 7C9294FD 7C92948E 6D ins dword ptr es:[edi], dx 7C92948F 46 inc esi ; ntdll.ZwTerminateProcess 7C929490 72 6F jb short 7C929501 7C929492 6D ins dword ptr es:[edi], dx 7C929493 41 inc ecx 7C929494 74 6F je short 7C929505 7C929496 6D ins dword ptr es:[edi], dx 7C929497 54 push esp 7C929498 61 popad 7C929499 626C65 00 bound ebp, [ebp] 7C92949D 52 push edx ; msvcrt.77C31AE8 7C92949E 74 6C je short 7C92950C 7C9294A0 44 inc esp 7C9294A1 65:6C ins byte ptr es:[edi], dx 7C9294A3 65:74 65 je short 7C92950B 7C9294A6 43 inc ebx 7C9294A7 72 69 jb short 7C929512 7C9294A9 74 69 je short 7C929514 7C9294AB 6361 6C arpl [ecx+6C], sp 7C9294AE 53 push ebx 7C9294AF 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C9294B4 6E outs dx, byte ptr es:[edi] 7C9294B5 0052 74 add [edx+74], dl 7C9294B8 6C ins byte ptr es:[edi], dx 7C9294B9 44 inc esp 7C9294BA 65:6C ins byte ptr es:[edi], dx 7C9294BC 65:74 65 je short 7C929524 7C9294BF 45 inc ebp 7C9294C0 6C ins byte ptr es:[edi], dx 7C9294C1 65:6D ins dword ptr es:[edi], dx 7C9294C3 65:6E outs dx, byte ptr es:[edi] 7C9294C5 74 47 je short 7C92950E 7C9294C7 65:6E outs dx, byte ptr es:[edi] 7C9294C9 65:72 69 jb short 7C929535 7C9294CC 635461 62 arpl [ecx+62], dx 7C9294D0 6C ins byte ptr es:[edi], dx 7C9294D1 65:0052 74 add gs:[edx+74], dl 7C9294D5 6C ins byte ptr es:[edi], dx 7C9294D6 44 inc esp 7C9294D7 65:6C ins byte ptr es:[edi], dx 7C9294D9 65:74 65 je short 7C929541 7C9294DC 45 inc ebp 7C9294DD 6C ins byte ptr es:[edi], dx 7C9294DE 65:6D ins dword ptr es:[edi], dx 7C9294E0 65:6E outs dx, byte ptr es:[edi] 7C9294E2 74 47 je short 7C92952B 7C9294E4 65:6E outs dx, byte ptr es:[edi] 7C9294E6 65:72 69 jb short 7C929552 7C9294E9 635461 62 arpl [ecx+62], dx 7C9294ED 6C ins byte ptr es:[edi], dx 7C9294EE 65:41 inc ecx 7C9294F0 76 6C jbe short 7C92955E 7C9294F2 0052 74 add [edx+74], dl 7C9294F5 6C ins byte ptr es:[edi], dx 7C9294F6 44 inc esp 7C9294F7 65:6C ins byte ptr es:[edi], dx 7C9294F9 65:74 65 je short 7C929561 7C9294FC 4E dec esi ; ntdll.ZwTerminateProcess 7C9294FD 6F outs dx, dword ptr es:[edi] 7C9294FE 53 push ebx 7C9294FF 70 6C jo short 7C92956D 7C929501 61 popad 7C929502 79 00 jns short 7C929504 7C929504 52 push edx ; msvcrt.77C31AE8 7C929505 74 6C je short 7C929573 7C929507 44 inc esp 7C929508 65:6C ins byte ptr es:[edi], dx 7C92950A 65:74 65 je short 7C929572 7C92950D 4F dec edi 7C92950E 77 6E ja short 7C92957E 7C929510 65:72 73 jb short 7C929586 7C929513 52 push edx ; msvcrt.77C31AE8 7C929514 61 popad 7C929515 6E outs dx, byte ptr es:[edi] 7C929516 67:65:73 00 jnb short 7C92951A 7C92951A 52 push edx ; msvcrt.77C31AE8 7C92951B 74 6C je short 7C929589 7C92951D 44 inc esp 7C92951E 65:6C ins byte ptr es:[edi], dx 7C929520 65:74 65 je short 7C929588 7C929523 52 push edx ; msvcrt.77C31AE8 7C929524 61 popad 7C929525 6E outs dx, byte ptr es:[edi] 7C929526 67:65:0052 74 add gs:[bp+si+74], dl 7C92952B 6C ins byte ptr es:[edi], dx 7C92952C 44 inc esp 7C92952D 65:6C ins byte ptr es:[edi], dx 7C92952F 65:74 65 je short 7C929597 7C929532 52 push edx ; msvcrt.77C31AE8 7C929533 65:67:6973 74 7>imul esi, gs:[bp+di+74], 61567972 7C92953C 6C ins byte ptr es:[edi], dx 7C92953D 75 65 jnz short 7C9295A4 7C92953F 0052 74 add [edx+74], dl 7C929542 6C ins byte ptr es:[edi], dx 7C929543 44 inc esp 7C929544 65:6C ins byte ptr es:[edi], dx 7C929546 65:74 65 je short 7C9295AE 7C929549 52 push edx ; msvcrt.77C31AE8 7C92954A 65:73 6F jnb short 7C9295BC 7C92954D 75 72 jnz short 7C9295C1 7C92954F 6365 00 arpl [ebp], sp 7C929552 52 push edx ; msvcrt.77C31AE8 7C929553 74 6C je short 7C9295C1 7C929555 44 inc esp 7C929556 65:6C ins byte ptr es:[edi], dx 7C929558 65:74 65 je short 7C9295C0 7C92955B 53 push ebx 7C92955C 65:6375 72 arpl gs:[ebp+72], si 7C929560 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C929568 74 00 je short 7C92956A 7C92956A 52 push edx ; msvcrt.77C31AE8 7C92956B 74 6C je short 7C9295D9 7C92956D 44 inc esp 7C92956E 65:6C ins byte ptr es:[edi], dx 7C929570 65:74 65 je short 7C9295D8 7C929573 54 push esp 7C929574 696D 65 7200527>imul ebp, [ebp+65], 74520072 7C92957B 6C ins byte ptr es:[edi], dx 7C92957C 44 inc esp 7C92957D 65:6C ins byte ptr es:[edi], dx 7C92957F 65:74 65 je short 7C9295E7 7C929582 54 push esp 7C929583 696D 65 7251756>imul ebp, [ebp+65], 65755172 7C92958A 75 65 jnz short 7C9295F1 7C92958C 0052 74 add [edx+74], dl 7C92958F 6C ins byte ptr es:[edi], dx 7C929590 44 inc esp 7C929591 65:6C ins byte ptr es:[edi], dx 7C929593 65:74 65 je short 7C9295FB 7C929596 54 push esp 7C929597 696D 65 7251756>imul ebp, [ebp+65], 65755172 7C92959E 75 65 jnz short 7C929605 7C9295A0 45 inc ebp 7C9295A1 78 00 js short 7C9295A3 7C9295A3 52 push edx ; msvcrt.77C31AE8 7C9295A4 74 6C je short 7C929612 7C9295A6 44 inc esp 7C9295A7 65:72 65 jb short 7C92960F 7C9295AA 67:6973 74 6572>imul esi, [bp+di+74], 61577265 7C9295B2 697400 52 746C4>imul esi, [eax+eax+52], 65446C74 7C9295BA 72 65 jb short 7C929621 7C9295BC 67:6973 74 6572>imul esi, [bp+di+74], 61577265 7C9295C4 697445 78 00527>imul esi, [ebp+eax*2+78], 6C745200 7C9295CC 44 inc esp 7C9295CD 65:73 74 jnb short 7C929644 7C9295D0 72 6F jb short 7C929641 7C9295D2 79 41 jns short 7C929615 7C9295D4 74 6F je short 7C929645 7C9295D6 6D ins dword ptr es:[edi], dx 7C9295D7 54 push esp 7C9295D8 61 popad 7C9295D9 626C65 00 bound ebp, [ebp] 7C9295DD 52 push edx ; msvcrt.77C31AE8 7C9295DE 74 6C je short 7C92964C 7C9295E0 44 inc esp 7C9295E1 65:73 74 jnb short 7C929658 7C9295E4 72 6F jb short 7C929655 7C9295E6 79 45 jns short 7C92962D 7C9295E8 6E outs dx, byte ptr es:[edi] 7C9295E9 76 69 jbe short 7C929654 7C9295EB 72 6F jb short 7C92965C 7C9295ED 6E outs dx, byte ptr es:[edi] 7C9295EE 6D ins dword ptr es:[edi], dx 7C9295EF 65:6E outs dx, byte ptr es:[edi] 7C9295F1 74 00 je short 7C9295F3 7C9295F3 52 push edx ; msvcrt.77C31AE8 7C9295F4 74 6C je short 7C929662 7C9295F6 44 inc esp 7C9295F7 65:73 74 jnb short 7C92966E 7C9295FA 72 6F jb short 7C92966B 7C9295FC 79 48 jns short 7C929646 7C9295FE 61 popad 7C9295FF 6E outs dx, byte ptr es:[edi] 7C929600 64:6C ins byte ptr es:[edi], dx 7C929602 65:54 push esp 7C929604 61 popad 7C929605 626C65 00 bound ebp, [ebp] 7C929609 52 push edx ; msvcrt.77C31AE8 7C92960A 74 6C je short 7C929678 7C92960C 44 inc esp 7C92960D 65:73 74 jnb short 7C929684 7C929610 72 6F jb short 7C929681 7C929612 79 48 jns short 7C92965C 7C929614 65:61 popad 7C929616 70 00 jo short 7C929618 7C929618 52 push edx ; msvcrt.77C31AE8 7C929619 74 6C je short 7C929687 7C92961B 44 inc esp 7C92961C 65:73 74 jnb short 7C929693 7C92961F 72 6F jb short 7C929690 7C929621 79 50 jns short 7C929673 7C929623 72 6F jb short 7C929694 7C929625 6365 73 arpl [ebp+73], sp 7C929628 73 50 jnb short 7C92967A 7C92962A 61 popad 7C92962B 72 61 jb short 7C92968E 7C92962D 6D ins dword ptr es:[edi], dx 7C92962E 65:74 65 je short 7C929696 7C929631 72 73 jb short 7C9296A6 7C929633 0052 74 add [edx+74], dl 7C929636 6C ins byte ptr es:[edi], dx 7C929637 44 inc esp 7C929638 65:73 74 jnb short 7C9296AF 7C92963B 72 6F jb short 7C9296AC 7C92963D 79 51 jns short 7C929690 7C92963F 75 65 jnz short 7C9296A6 7C929641 72 79 jb short 7C9296BC 7C929643 44 inc esp 7C929644 65:6275 67 bound esi, gs:[ebp+67] 7C929648 42 inc edx ; msvcrt.77C31AE8 7C929649 75 66 jnz short 7C9296B1 7C92964B 66:65:72 00 jb short 0000964F 7C92964F 52 push edx ; msvcrt.77C31AE8 7C929650 74 6C je short 7C9296BE 7C929652 44 inc esp 7C929653 65:74 65 je short 7C9296BB 7C929656 72 6D jb short 7C9296C5 7C929658 696E 65 446F735>imul ebp, [esi+65], 50736F44 7C92965F 61 popad 7C929660 74 68 je short 7C9296CA 7C929662 4E dec esi ; ntdll.ZwTerminateProcess 7C929663 61 popad 7C929664 6D ins dword ptr es:[edi], dx 7C929665 65:54 push esp 7C929667 79 70 jns short 7C9296D9 7C929669 65:5F pop edi ; ntdll.7C92E89A 7C92966B 55 push ebp 7C92966C 0052 74 add [edx+74], dl 7C92966F 6C ins byte ptr es:[edi], dx 7C929670 44 inc esp 7C929671 6C ins byte ptr es:[edi], dx 7C929672 6C ins byte ptr es:[edi], dx 7C929673 53 push ebx 7C929674 68 7574646F push 6F647475 7C929679 77 6E ja short 7C9296E9 7C92967B 49 dec ecx 7C92967C 6E outs dx, byte ptr es:[edi] 7C92967D 50 push eax 7C92967E 72 6F jb short 7C9296EF 7C929680 67:72 65 jb short 7C9296E8 7C929683 73 73 jnb short 7C9296F8 7C929685 0052 74 add [edx+74], dl 7C929688 6C ins byte ptr es:[edi], dx 7C929689 44 inc esp 7C92968A 6E outs dx, byte ptr es:[edi] 7C92968B 73 48 jnb short 7C9296D5 7C92968D 6F outs dx, dword ptr es:[edi] 7C92968E 73 74 jnb short 7C929704 7C929690 4E dec esi ; ntdll.ZwTerminateProcess 7C929691 61 popad 7C929692 6D ins dword ptr es:[edi], dx 7C929693 65:54 push esp 7C929695 6F outs dx, dword ptr es:[edi] 7C929696 43 inc ebx 7C929697 6F outs dx, dword ptr es:[edi] 7C929698 6D ins dword ptr es:[edi], dx 7C929699 70 75 jo short 7C929710 7C92969B 74 65 je short 7C929702 7C92969D 72 4E jb short 7C9296ED 7C92969F 61 popad 7C9296A0 6D ins dword ptr es:[edi], dx 7C9296A1 65:0052 74 add gs:[edx+74], dl 7C9296A5 6C ins byte ptr es:[edi], dx 7C9296A6 44 inc esp 7C9296A7 6F outs dx, dword ptr es:[edi] 7C9296A8 65:73 46 jnb short 7C9296F1 7C9296AB 696C65 45 78697>imul ebp, [ebp+45], 74736978 7C9296B3 73 5F jnb short 7C929714 7C9296B5 55 push ebp 7C9296B6 0052 74 add [edx+74], dl 7C9296B9 6C ins byte ptr es:[edi], dx 7C9296BA 44 inc esp 7C9296BB 6F outs dx, dword ptr es:[edi] 7C9296BC 73 41 jnb short 7C9296FF 7C9296BE 70 70 jo short 7C929730 7C9296C0 6C ins byte ptr es:[edi], dx 7C9296C1 79 46 jns short 7C929709 7C9296C3 696C65 49 736F6>imul ebp, [ebp+49], 616C6F73 7C9296CB 74 69 je short 7C929736 7C9296CD 6F outs dx, dword ptr es:[edi] 7C9296CE 6E outs dx, byte ptr es:[edi] 7C9296CF 52 push edx ; msvcrt.77C31AE8 7C9296D0 65: prefix gs: 7C9296D1 64:6972 65 6374>imul esi, fs:[edx+65], 6F697463 7C9296D9 6E outs dx, byte ptr es:[edi] 7C9296DA 5F pop edi ; ntdll.7C92E89A 7C9296DB 55 push ebp 7C9296DC 73 74 jnb short 7C929752 7C9296DE 72 00 jb short 7C9296E0 7C9296E0 52 push edx ; msvcrt.77C31AE8 7C9296E1 74 6C je short 7C92974F 7C9296E3 44 inc esp 7C9296E4 6F outs dx, dword ptr es:[edi] 7C9296E5 73 50 jnb short 7C929737 7C9296E7 61 popad 7C9296E8 74 68 je short 7C929752 7C9296EA 4E dec esi ; ntdll.ZwTerminateProcess 7C9296EB 61 popad 7C9296EC 6D ins dword ptr es:[edi], dx 7C9296ED 65:54 push esp 7C9296EF 6F outs dx, dword ptr es:[edi] 7C9296F0 4E dec esi ; ntdll.ZwTerminateProcess 7C9296F1 74 50 je short 7C929743 7C9296F3 61 popad 7C9296F4 74 68 je short 7C92975E 7C9296F6 4E dec esi ; ntdll.ZwTerminateProcess 7C9296F7 61 popad 7C9296F8 6D ins dword ptr es:[edi], dx 7C9296F9 65:5F pop edi ; ntdll.7C92E89A 7C9296FB 55 push ebp 7C9296FC 0052 74 add [edx+74], dl 7C9296FF 6C ins byte ptr es:[edi], dx 7C929700 44 inc esp 7C929701 6F outs dx, dword ptr es:[edi] 7C929702 73 53 jnb short 7C929757 7C929704 65:61 popad 7C929706 72 63 jb short 7C92976B 7C929708 68 50617468 push 68746150 7C92970D 5F pop edi ; ntdll.7C92E89A 7C92970E 55 push ebp 7C92970F 0052 74 add [edx+74], dl 7C929712 6C ins byte ptr es:[edi], dx 7C929713 44 inc esp 7C929714 6F outs dx, dword ptr es:[edi] 7C929715 73 53 jnb short 7C92976A 7C929717 65:61 popad 7C929719 72 63 jb short 7C92977E 7C92971B 68 50617468 push 68746150 7C929720 5F pop edi ; ntdll.7C92E89A 7C929721 55 push ebp 7C929722 73 74 jnb short 7C929798 7C929724 72 00 jb short 7C929726 7C929726 52 push edx ; msvcrt.77C31AE8 7C929727 74 6C je short 7C929795 7C929729 44 inc esp 7C92972A 6F outs dx, dword ptr es:[edi] 7C92972B 77 6E ja short 7C92979B 7C92972D 6361 73 arpl [ecx+73], sp 7C929730 65:55 push ebp 7C929732 6E outs dx, byte ptr es:[edi] 7C929733 6963 6F 6465436>imul esp, [ebx+6F], 68436564 7C92973A 61 popad 7C92973B 72 00 jb short 7C92973D 7C92973D 52 push edx ; msvcrt.77C31AE8 7C92973E 74 6C je short 7C9297AC 7C929740 44 inc esp 7C929741 6F outs dx, dword ptr es:[edi] 7C929742 77 6E ja short 7C9297B2 7C929744 6361 73 arpl [ecx+73], sp 7C929747 65:55 push ebp 7C929749 6E outs dx, byte ptr es:[edi] 7C92974A 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C929751 72 69 jb short 7C9297BC 7C929753 6E outs dx, byte ptr es:[edi] 7C929754 67:0052 74 add [bp+si+74], dl 7C929758 6C ins byte ptr es:[edi], dx 7C929759 44 inc esp 7C92975A 75 6D jnz short 7C9297C9 7C92975C 70 52 jo short 7C9297B0 7C92975E 65:73 6F jnb short 7C9297D0 7C929761 75 72 jnz short 7C9297D5 7C929763 6365 00 arpl [ebp], sp 7C929766 52 push edx ; msvcrt.77C31AE8 7C929767 74 6C je short 7C9297D5 7C929769 44 inc esp 7C92976A 75 70 jnz short 7C9297DC 7C92976C 6C ins byte ptr es:[edi], dx 7C92976D 6963 61 7465556>imul esp, [ebx+61], 6E556574 7C929774 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92977B 72 69 jb short 7C9297E6 7C92977D 6E outs dx, byte ptr es:[edi] 7C92977E 67:0052 74 add [bp+si+74], dl 7C929782 6C ins byte ptr es:[edi], dx 7C929783 45 inc ebp 7C929784 6D ins dword ptr es:[edi], dx 7C929785 70 74 jo short 7C9297FB 7C929787 79 41 jns short 7C9297CA 7C929789 74 6F je short 7C9297FA 7C92978B 6D ins dword ptr es:[edi], dx 7C92978C 54 push esp 7C92978D 61 popad 7C92978E 626C65 00 bound ebp, [ebp] 7C929792 52 push edx ; msvcrt.77C31AE8 7C929793 74 6C je short 7C929801 7C929795 45 inc ebp 7C929796 6E outs dx, byte ptr es:[edi] 7C929797 61 popad 7C929798 626C65 45 bound ebp, [ebp+45] 7C92979C 61 popad 7C92979D 72 6C jb short 7C92980B 7C92979F 79 43 jns short 7C9297E4 7C9297A1 72 69 jb short 7C92980C 7C9297A3 74 69 je short 7C92980E 7C9297A5 6361 6C arpl [ecx+6C], sp 7C9297A8 53 push ebx 7C9297A9 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C9297AE 6E outs dx, byte ptr es:[edi] 7C9297AF 45 inc ebp 7C9297B0 76 65 jbe short 7C929817 7C9297B2 6E outs dx, byte ptr es:[edi] 7C9297B3 74 43 je short 7C9297F8 7C9297B5 72 65 jb short 7C92981C 7C9297B7 61 popad 7C9297B8 74 69 je short 7C929823 7C9297BA 6F outs dx, dword ptr es:[edi] 7C9297BB 6E outs dx, byte ptr es:[edi] 7C9297BC 0052 74 add [edx+74], dl 7C9297BF 6C ins byte ptr es:[edi], dx 7C9297C0 45 inc ebp 7C9297C1 6E outs dx, byte ptr es:[edi] 7C9297C2 636F 64 arpl [edi+64], bp 7C9297C5 65:50 push eax 7C9297C7 6F outs dx, dword ptr es:[edi] 7C9297C8 696E 74 6572005>imul ebp, [esi+74], 52007265 7C9297CF 74 6C je short 7C92983D 7C9297D1 45 inc ebp 7C9297D2 6E outs dx, byte ptr es:[edi] 7C9297D3 636F 64 arpl [edi+64], bp 7C9297D6 65:53 push ebx 7C9297D8 79 73 jns short 7C92984D 7C9297DA 74 65 je short 7C929841 7C9297DC 6D ins dword ptr es:[edi], dx 7C9297DD 50 push eax 7C9297DE 6F outs dx, dword ptr es:[edi] 7C9297DF 696E 74 6572005>imul ebp, [esi+74], 52007265 7C9297E6 74 6C je short 7C929854 7C9297E8 45 inc ebp 7C9297E9 6E outs dx, byte ptr es:[edi] 7C9297EA 6C ins byte ptr es:[edi], dx 7C9297EB 61 popad 7C9297EC 72 67 jb short 7C929855 7C9297EE 65: prefix gs: 7C9297EF 64:49 dec ecx 7C9297F1 6E outs dx, byte ptr es:[edi] 7C9297F2 74 65 je short 7C929859 7C9297F4 67:65:72 4D jb short 7C929845 7C9297F8 75 6C jnz short 7C929866 7C9297FA 74 69 je short 7C929865 7C9297FC 70 6C jo short 7C92986A 7C9297FE 79 00 jns short 7C929800 7C929800 52 push edx ; msvcrt.77C31AE8 7C929801 74 6C je short 7C92986F 7C929803 45 inc ebp 7C929804 6E outs dx, byte ptr es:[edi] 7C929805 6C ins byte ptr es:[edi], dx 7C929806 61 popad 7C929807 72 67 jb short 7C929870 7C929809 65: prefix gs: 7C92980A 64:55 push ebp 7C92980C 6E outs dx, byte ptr es:[edi] 7C92980D 73 69 jnb short 7C929878 7C92980F 67:6E outs dx, byte ptr es:[di] 7C929811 65: prefix gs: 7C929812 64:44 inc esp 7C929814 6976 69 6465005>imul esi, [esi+69], 52006564 7C92981B 74 6C je short 7C929889 7C92981D 45 inc ebp 7C92981E 6E outs dx, byte ptr es:[edi] 7C92981F 6C ins byte ptr es:[edi], dx 7C929820 61 popad 7C929821 72 67 jb short 7C92988A 7C929823 65: prefix gs: 7C929824 64:55 push ebp 7C929826 6E outs dx, byte ptr es:[edi] 7C929827 73 69 jnb short 7C929892 7C929829 67:6E outs dx, byte ptr es:[di] 7C92982B 65: prefix gs: 7C92982C 64:4D dec ebp 7C92982E 75 6C jnz short 7C92989C 7C929830 74 69 je short 7C92989B 7C929832 70 6C jo short 7C9298A0 7C929834 79 00 jns short 7C929836 7C929836 52 push edx ; msvcrt.77C31AE8 7C929837 74 6C je short 7C9298A5 7C929839 45 inc ebp 7C92983A 6E outs dx, byte ptr es:[edi] 7C92983B 74 65 je short 7C9298A2 7C92983D 72 43 jb short 7C929882 7C92983F 72 69 jb short 7C9298AA 7C929841 74 69 je short 7C9298AC 7C929843 6361 6C arpl [ecx+6C], sp 7C929846 53 push ebx 7C929847 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92984C 6E outs dx, byte ptr es:[edi] 7C92984D 0052 74 add [edx+74], dl 7C929850 6C ins byte ptr es:[edi], dx 7C929851 45 inc ebp 7C929852 6E outs dx, byte ptr es:[edi] 7C929853 75 6D jnz short 7C9298C2 7C929855 50 push eax 7C929856 72 6F jb short 7C9298C7 7C929858 6365 73 arpl [ebp+73], sp 7C92985B 73 48 jnb short 7C9298A5 7C92985D 65:61 popad 7C92985F 70 73 jo short 7C9298D4 7C929861 0052 74 add [edx+74], dl 7C929864 6C ins byte ptr es:[edi], dx 7C929865 45 inc ebp 7C929866 6E outs dx, byte ptr es:[edi] 7C929867 75 6D jnz short 7C9298D6 7C929869 65:72 61 jb short 7C9298CD 7C92986C 74 65 je short 7C9298D3 7C92986E 47 inc edi 7C92986F 65:6E outs dx, byte ptr es:[edi] 7C929871 65:72 69 jb short 7C9298DD 7C929874 635461 62 arpl [ecx+62], dx 7C929878 6C ins byte ptr es:[edi], dx 7C929879 65:0052 74 add gs:[edx+74], dl 7C92987D 6C ins byte ptr es:[edi], dx 7C92987E 45 inc ebp 7C92987F 6E outs dx, byte ptr es:[edi] 7C929880 75 6D jnz short 7C9298EF 7C929882 65:72 61 jb short 7C9298E6 7C929885 74 65 je short 7C9298EC 7C929887 47 inc edi 7C929888 65:6E outs dx, byte ptr es:[edi] 7C92988A 65:72 69 jb short 7C9298F6 7C92988D 635461 62 arpl [ecx+62], dx 7C929891 6C ins byte ptr es:[edi], dx 7C929892 65:41 inc ecx 7C929894 76 6C jbe short 7C929902 7C929896 0052 74 add [edx+74], dl 7C929899 6C ins byte ptr es:[edi], dx 7C92989A 45 inc ebp 7C92989B 6E outs dx, byte ptr es:[edi] 7C92989C 75 6D jnz short 7C92990B 7C92989E 65:72 61 jb short 7C929902 7C9298A1 74 65 je short 7C929908 7C9298A3 47 inc edi 7C9298A4 65:6E outs dx, byte ptr es:[edi] 7C9298A6 65:72 69 jb short 7C929912 7C9298A9 635461 62 arpl [ecx+62], dx 7C9298AD 6C ins byte ptr es:[edi], dx 7C9298AE 65:4C dec esp 7C9298B0 696B 65 4144697>imul ebp, [ebx+65], 72694441 7C9298B7 65:63746F 72 arpl gs:[edi+ebp*2+72], si 7C9298BC 79 00 jns short 7C9298BE 7C9298BE 52 push edx ; msvcrt.77C31AE8 7C9298BF 74 6C je short 7C92992D 7C9298C1 45 inc ebp 7C9298C2 6E outs dx, byte ptr es:[edi] 7C9298C3 75 6D jnz short 7C929932 7C9298C5 65:72 61 jb short 7C929929 7C9298C8 74 65 je short 7C92992F 7C9298CA 47 inc edi 7C9298CB 65:6E outs dx, byte ptr es:[edi] 7C9298CD 65:72 69 jb short 7C929939 7C9298D0 635461 62 arpl [ecx+62], dx 7C9298D4 6C ins byte ptr es:[edi], dx 7C9298D5 65:57 push edi 7C9298D7 697468 6F 75745>imul esi, [eax+ebp*2+6F], 70537475 7C9298DF 6C ins byte ptr es:[edi], dx 7C9298E0 61 popad 7C9298E1 79 69 jns short 7C92994C 7C9298E3 6E outs dx, byte ptr es:[edi] 7C9298E4 67:0052 74 add [bp+si+74], dl 7C9298E8 6C ins byte ptr es:[edi], dx 7C9298E9 45 inc ebp 7C9298EA 6E outs dx, byte ptr es:[edi] 7C9298EB 75 6D jnz short 7C92995A 7C9298ED 65:72 61 jb short 7C929951 7C9298F0 74 65 je short 7C929957 7C9298F2 47 inc edi 7C9298F3 65:6E outs dx, byte ptr es:[edi] 7C9298F5 65:72 69 jb short 7C929961 7C9298F8 635461 62 arpl [ecx+62], dx 7C9298FC 6C ins byte ptr es:[edi], dx 7C9298FD 65:57 push edi 7C9298FF 697468 6F 75745>imul esi, [eax+ebp*2+6F], 70537475 7C929907 6C ins byte ptr es:[edi], dx 7C929908 61 popad 7C929909 79 69 jns short 7C929974 7C92990B 6E outs dx, byte ptr es:[edi] 7C92990C 67:41 inc ecx 7C92990E 76 6C jbe short 7C92997C 7C929910 0052 74 add [edx+74], dl 7C929913 6C ins byte ptr es:[edi], dx 7C929914 45 inc ebp 7C929915 71 75 jno short 7C92998C 7C929917 61 popad 7C929918 6C ins byte ptr es:[edi], dx 7C929919 43 inc ebx 7C92991A 6F outs dx, dword ptr es:[edi] 7C92991B 6D ins dword ptr es:[edi], dx 7C92991C 70 75 jo short 7C929993 7C92991E 74 65 je short 7C929985 7C929920 72 4E jb short 7C929970 7C929922 61 popad 7C929923 6D ins dword ptr es:[edi], dx 7C929924 65:0052 74 add gs:[edx+74], dl 7C929928 6C ins byte ptr es:[edi], dx 7C929929 45 inc ebp 7C92992A 71 75 jno short 7C9299A1 7C92992C 61 popad 7C92992D 6C ins byte ptr es:[edi], dx 7C92992E 44 inc esp 7C92992F 6F outs dx, dword ptr es:[edi] 7C929930 6D ins dword ptr es:[edi], dx 7C929931 61 popad 7C929932 696E 4E 616D650>imul ebp, [esi+4E], 656D61 7C929939 52 push edx ; msvcrt.77C31AE8 7C92993A 74 6C je short 7C9299A8 7C92993C 45 inc ebp 7C92993D 71 75 jno short 7C9299B4 7C92993F 61 popad 7C929940 6C ins byte ptr es:[edi], dx 7C929941 4C dec esp 7C929942 75 69 jnz short 7C9299AD 7C929944 64:0052 74 add fs:[edx+74], dl 7C929948 6C ins byte ptr es:[edi], dx 7C929949 45 inc ebp 7C92994A 71 75 jno short 7C9299C1 7C92994C 61 popad 7C92994D 6C ins byte ptr es:[edi], dx 7C92994E 50 push eax 7C92994F 72 65 jb short 7C9299B6 7C929951 66:6978 53 6964 imul di, [eax+53], 6469 7C929957 0052 74 add [edx+74], dl 7C92995A 6C ins byte ptr es:[edi], dx 7C92995B 45 inc ebp 7C92995C 71 75 jno short 7C9299D3 7C92995E 61 popad 7C92995F 6C ins byte ptr es:[edi], dx 7C929960 53 push ebx 7C929961 696400 52 746C4>imul esp, [eax+eax+52], 71456C74 7C929969 75 61 jnz short 7C9299CC 7C92996B 6C ins byte ptr es:[edi], dx 7C92996C 53 push ebx 7C92996D 74 72 je short 7C9299E1 7C92996F 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C929976 45 inc ebp 7C929977 71 75 jno short 7C9299EE 7C929979 61 popad 7C92997A 6C ins byte ptr es:[edi], dx 7C92997B 55 push ebp 7C92997C 6E outs dx, byte ptr es:[edi] 7C92997D 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C929984 72 69 jb short 7C9299EF 7C929986 6E outs dx, byte ptr es:[edi] 7C929987 67:0052 74 add [bp+si+74], dl 7C92998B 6C ins byte ptr es:[edi], dx 7C92998C 45 inc ebp 7C92998D 72 61 jb short 7C9299F0 7C92998F 73 65 jnb short 7C9299F6 7C929991 55 push ebp 7C929992 6E outs dx, byte ptr es:[edi] 7C929993 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C92999A 72 69 jb short 7C929A05 7C92999C 6E outs dx, byte ptr es:[edi] 7C92999D 67:0052 74 add [bp+si+74], dl 7C9299A1 6C ins byte ptr es:[edi], dx 7C9299A2 45 inc ebp 7C9299A3 78 69 js short 7C929A0E 7C9299A5 74 55 je short 7C9299FC 7C9299A7 73 65 jnb short 7C929A0E 7C9299A9 72 54 jb short 7C9299FF 7C9299AB 68 72656164 push 64616572 7C9299B0 0052 74 add [edx+74], dl 7C9299B3 6C ins byte ptr es:[edi], dx 7C9299B4 45 inc ebp 7C9299B5 78 70 js short 7C929A27 7C9299B7 61 popad 7C9299B8 6E outs dx, byte ptr es:[edi] 7C9299B9 64:45 inc ebp 7C9299BB 6E outs dx, byte ptr es:[edi] 7C9299BC 76 69 jbe short 7C929A27 7C9299BE 72 6F jb short 7C929A2F 7C9299C0 6E outs dx, byte ptr es:[edi] 7C9299C1 6D ins dword ptr es:[edi], dx 7C9299C2 65:6E outs dx, byte ptr es:[edi] 7C9299C4 74 53 je short 7C929A19 7C9299C6 74 72 je short 7C929A3A 7C9299C8 696E 67 735F550>imul ebp, [esi+67], 555F73 7C9299CF 52 push edx ; msvcrt.77C31AE8 7C9299D0 74 6C je short 7C929A3E 7C9299D2 45 inc ebp 7C9299D3 78 74 js short 7C929A49 7C9299D5 65:6E outs dx, byte ptr es:[edi] 7C9299D7 64:48 dec eax 7C9299D9 65:61 popad 7C9299DB 70 00 jo short 7C9299DD 7C9299DD 52 push edx ; msvcrt.77C31AE8 7C9299DE 74 6C je short 7C929A4C 7C9299E0 45 inc ebp 7C9299E1 78 74 js short 7C929A57 7C9299E3 65:6E outs dx, byte ptr es:[edi] 7C9299E5 64: prefix fs: 7C9299E6 65: prefix gs: 7C9299E7 64:49 dec ecx 7C9299E9 6E outs dx, byte ptr es:[edi] 7C9299EA 74 65 je short 7C929A51 7C9299EC 67:65:72 4D jb short 7C929A3D 7C9299F0 75 6C jnz short 7C929A5E 7C9299F2 74 69 je short 7C929A5D 7C9299F4 70 6C jo short 7C929A62 7C9299F6 79 00 jns short 7C9299F8 7C9299F8 52 push edx ; msvcrt.77C31AE8 7C9299F9 74 6C je short 7C929A67 7C9299FB 45 inc ebp 7C9299FC 78 74 js short 7C929A72 7C9299FE 65:6E outs dx, byte ptr es:[edi] 7C929A00 64: prefix fs: 7C929A01 65: prefix gs: 7C929A02 64:4C dec esp 7C929A04 61 popad 7C929A05 72 67 jb short 7C929A6E 7C929A07 65:49 dec ecx 7C929A09 6E outs dx, byte ptr es:[edi] 7C929A0A 74 65 je short 7C929A71 7C929A0C 67:65:72 44 jb short 7C929A54 7C929A10 6976 69 6465005>imul esi, [esi+69], 52006564 7C929A17 74 6C je short 7C929A85 7C929A19 45 inc ebp 7C929A1A 78 74 js short 7C929A90 7C929A1C 65:6E outs dx, byte ptr es:[edi] 7C929A1E 64: prefix fs: 7C929A1F 65: prefix gs: 7C929A20 64:4D dec ebp 7C929A22 61 popad 7C929A23 67:6963 44 6976>imul esp, [bp+di+44], 64697669 7C929A2B 65:0052 74 add gs:[edx+74], dl 7C929A2F 6C ins byte ptr es:[edi], dx 7C929A30 46 inc esi ; ntdll.ZwTerminateProcess 7C929A31 696C6C 4D 656D6>imul ebp, [esp+ebp*2+4D], 726F6D65 7C929A39 79 00 jns short 7C929A3B 7C929A3B 52 push edx ; msvcrt.77C31AE8 7C929A3C 74 6C je short 7C929AAA 7C929A3E 46 inc esi ; ntdll.ZwTerminateProcess 7C929A3F 696C6C 4D 656D6>imul ebp, [esp+ebp*2+4D], 726F6D65 7C929A47 79 55 jns short 7C929A9E 7C929A49 6C ins byte ptr es:[edi], dx 7C929A4A 6F outs dx, dword ptr es:[edi] 7C929A4B 6E outs dx, byte ptr es:[edi] 7C929A4C 67:0052 74 add [bp+si+74], dl 7C929A50 6C ins byte ptr es:[edi], dx 7C929A51 46 inc esi ; ntdll.ZwTerminateProcess 7C929A52 696E 61 6C52656>imul ebp, [esi+61], 6C65526C 7C929A59 65:61 popad 7C929A5B 73 65 jnb short 7C929AC2 7C929A5D 4F dec edi 7C929A5E 75 74 jnz short 7C929AD4 7C929A60 4F dec edi 7C929A61 66:50 push ax 7C929A63 72 6F jb short 7C929AD4 7C929A65 6365 73 arpl [ebp+73], sp 7C929A68 73 4D jnb short 7C929AB7 7C929A6A 65:6D ins dword ptr es:[edi], dx 7C929A6C 6F outs dx, dword ptr es:[edi] 7C929A6D 72 79 jb short 7C929AE8 7C929A6F 53 push ebx 7C929A70 74 72 je short 7C929AE4 7C929A72 65:61 popad 7C929A74 6D ins dword ptr es:[edi], dx 7C929A75 0052 74 add [edx+74], dl 7C929A78 6C ins byte ptr es:[edi], dx 7C929A79 46 inc esi ; ntdll.ZwTerminateProcess 7C929A7A 696E 64 4163746>imul ebp, [esi+64], 69746341 7C929A81 76 61 jbe short 7C929AE4 7C929A83 74 69 je short 7C929AEE 7C929A85 6F outs dx, dword ptr es:[edi] 7C929A86 6E outs dx, byte ptr es:[edi] 7C929A87 43 inc ebx 7C929A88 6F outs dx, dword ptr es:[edi] 7C929A89 6E outs dx, byte ptr es:[edi] 7C929A8A 74 65 je short 7C929AF1 7C929A8C 78 74 js short 7C929B02 7C929A8E 53 push ebx 7C929A8F 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C929A94 6E outs dx, byte ptr es:[edi] 7C929A95 47 inc edi 7C929A96 75 69 jnz short 7C929B01 7C929A98 64:0052 74 add fs:[edx+74], dl 7C929A9C 6C ins byte ptr es:[edi], dx 7C929A9D 46 inc esi ; ntdll.ZwTerminateProcess 7C929A9E 696E 64 4163746>imul ebp, [esi+64], 69746341 7C929AA5 76 61 jbe short 7C929B08 7C929AA7 74 69 je short 7C929B12 7C929AA9 6F outs dx, dword ptr es:[edi] 7C929AAA 6E outs dx, byte ptr es:[edi] 7C929AAB 43 inc ebx 7C929AAC 6F outs dx, dword ptr es:[edi] 7C929AAD 6E outs dx, byte ptr es:[edi] 7C929AAE 74 65 je short 7C929B15 7C929AB0 78 74 js short 7C929B26 7C929AB2 53 push ebx 7C929AB3 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C929AB8 6E outs dx, byte ptr es:[edi] 7C929AB9 53 push ebx 7C929ABA 74 72 je short 7C929B2E 7C929ABC 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C929AC3 46 inc esi ; ntdll.ZwTerminateProcess 7C929AC4 696E 64 4368617>imul ebp, [esi+64], 72616843 7C929ACB 49 dec ecx 7C929ACC 6E outs dx, byte ptr es:[edi] 7C929ACD 55 push ebp 7C929ACE 6E outs dx, byte ptr es:[edi] 7C929ACF 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C929AD6 72 69 jb short 7C929B41 7C929AD8 6E outs dx, byte ptr es:[edi] 7C929AD9 67:0052 74 add [bp+si+74], dl 7C929ADD 6C ins byte ptr es:[edi], dx 7C929ADE 46 inc esi ; ntdll.ZwTerminateProcess 7C929ADF 696E 64 436C656>imul ebp, [esi+64], 61656C43 7C929AE6 72 42 jb short 7C929B2A 7C929AE8 697473 00 52746>imul esi, [ebx+esi*2], 466C7452 7C929AF0 696E 64 436C656>imul ebp, [esi+64], 61656C43 7C929AF7 72 42 jb short 7C929B3B 7C929AF9 697473 41 6E645>imul esi, [ebx+esi*2+41], 6553646E 7C929B01 74 00 je short 7C929B03 7C929B03 52 push edx ; msvcrt.77C31AE8 7C929B04 74 6C je short 7C929B72 7C929B06 46 inc esi ; ntdll.ZwTerminateProcess 7C929B07 696E 64 436C656>imul ebp, [esi+64], 61656C43 7C929B0E 72 52 jb short 7C929B62 7C929B10 75 6E jnz short 7C929B80 7C929B12 73 00 jnb short 7C929B14 7C929B14 52 push edx ; msvcrt.77C31AE8 |
|
[讨论]程序分析!
7C9281D2 61 popad 7C9281D3 6973 65 4578636>imul esi, [ebx+65], 65637845 7C9281DA 70 74 jo short 7C928250 7C9281DC 696F 6E 004E745>imul ebp, [edi+6E], 52744E00 7C9281E3 61 popad 7C9281E4 6973 65 4861726>imul esi, [ebx+65], 64726148 7C9281EB 45 inc ebp 7C9281EC 72 72 jb short 7C928260 7C9281EE 6F outs dx, dword ptr es:[edi] 7C9281EF 72 00 jb short 7C9281F1 7C9281F1 4E dec esi ; ntdll.ZwTerminateProcess 7C9281F2 74 52 je short 7C928246 7C9281F4 65:61 popad 7C9281F6 64:46 inc esi ; ntdll.ZwTerminateProcess 7C9281F8 696C65 00 4E745>imul ebp, [ebp], 6552744E 7C928200 61 popad 7C928201 64:46 inc esi ; ntdll.ZwTerminateProcess 7C928203 696C65 53 63617>imul ebp, [ebp+53], 74746163 7C92820B 65:72 00 jb short 7C92820E 7C92820E 4E dec esi ; ntdll.ZwTerminateProcess 7C92820F 74 52 je short 7C928263 7C928211 65:61 popad 7C928213 64:52 push edx ; msvcrt.77C31AE8 7C928215 65:71 75 jno short 7C92828D 7C928218 65:73 74 jnb short 7C92828F 7C92821B 44 inc esp 7C92821C 61 popad 7C92821D 74 61 je short 7C928280 7C92821F 004E 74 add [esi+74], cl 7C928222 52 push edx ; msvcrt.77C31AE8 7C928223 65:61 popad 7C928225 64:56 push esi ; ntdll.ZwTerminateProcess 7C928227 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C92822E 65:6D ins dword ptr es:[edi], dx 7C928230 6F outs dx, dword ptr es:[edi] 7C928231 72 79 jb short 7C9282AC 7C928233 004E 74 add [esi+74], cl 7C928236 52 push edx ; msvcrt.77C31AE8 7C928237 65:67:6973 74 6>imul esi, gs:[bp+di+74], 68547265 7C928240 72 65 jb short 7C9282A7 7C928242 61 popad 7C928243 64:54 push esp 7C928245 65:72 6D jb short 7C9282B5 7C928248 696E 61 7465506>imul ebp, [esi+61], 6F506574 7C92824F 72 74 jb short 7C9282C5 7C928251 004E 74 add [esi+74], cl 7C928254 52 push edx ; msvcrt.77C31AE8 7C928255 65:6C ins byte ptr es:[edi], dx 7C928257 65:61 popad 7C928259 73 65 jnb short 7C9282C0 7C92825B 4B dec ebx 7C92825C 65:79 65 jns short 7C9282C4 7C92825F 64:45 inc ebp 7C928261 76 65 jbe short 7C9282C8 7C928263 6E outs dx, byte ptr es:[edi] 7C928264 74 00 je short 7C928266 7C928266 4E dec esi ; ntdll.ZwTerminateProcess 7C928267 74 52 je short 7C9282BB 7C928269 65:6C ins byte ptr es:[edi], dx 7C92826B 65:61 popad 7C92826D 73 65 jnb short 7C9282D4 7C92826F 4D dec ebp 7C928270 75 74 jnz short 7C9282E6 7C928272 61 popad 7C928273 6E outs dx, byte ptr es:[edi] 7C928274 74 00 je short 7C928276 7C928276 4E dec esi ; ntdll.ZwTerminateProcess 7C928277 74 52 je short 7C9282CB 7C928279 65:6C ins byte ptr es:[edi], dx 7C92827B 65:61 popad 7C92827D 73 65 jnb short 7C9282E4 7C92827F 53 push ebx 7C928280 65:6D ins dword ptr es:[edi], dx 7C928282 61 popad 7C928283 70 68 jo short 7C9282ED 7C928285 6F outs dx, dword ptr es:[edi] 7C928286 72 65 jb short 7C9282ED 7C928288 004E 74 add [esi+74], cl 7C92828B 52 push edx ; msvcrt.77C31AE8 7C92828C 65:6D ins dword ptr es:[edi], dx 7C92828E 6F outs dx, dword ptr es:[edi] 7C92828F 76 65 jbe short 7C9282F6 7C928291 49 dec ecx 7C928292 6F outs dx, dword ptr es:[edi] 7C928293 43 inc ebx 7C928294 6F outs dx, dword ptr es:[edi] 7C928295 6D ins dword ptr es:[edi], dx 7C928296 70 6C jo short 7C928304 7C928298 65:74 69 je short 7C928304 7C92829B 6F outs dx, dword ptr es:[edi] 7C92829C 6E outs dx, byte ptr es:[edi] 7C92829D 004E 74 add [esi+74], cl 7C9282A0 52 push edx ; msvcrt.77C31AE8 7C9282A1 65:6D ins dword ptr es:[edi], dx 7C9282A3 6F outs dx, dword ptr es:[edi] 7C9282A4 76 65 jbe short 7C92830B 7C9282A6 50 push eax 7C9282A7 72 6F jb short 7C928318 7C9282A9 6365 73 arpl [ebp+73], sp 7C9282AC 73 44 jnb short 7C9282F2 7C9282AE 65:6275 67 bound esi, gs:[ebp+67] 7C9282B2 004E 74 add [esi+74], cl 7C9282B5 52 push edx ; msvcrt.77C31AE8 7C9282B6 65:6E outs dx, byte ptr es:[edi] 7C9282B8 61 popad 7C9282B9 6D ins dword ptr es:[edi], dx 7C9282BA 65:4B dec ebx 7C9282BC 65:79 00 jns short 7C9282BF 7C9282BF 4E dec esi ; ntdll.ZwTerminateProcess 7C9282C0 74 52 je short 7C928314 7C9282C2 65:70 6C jo short 7C928331 7C9282C5 61 popad 7C9282C6 6365 4B arpl [ebp+4B], sp 7C9282C9 65:79 00 jns short 7C9282CC 7C9282CC 4E dec esi ; ntdll.ZwTerminateProcess 7C9282CD 74 52 je short 7C928321 7C9282CF 65:70 6C jo short 7C92833E 7C9282D2 79 50 jns short 7C928324 7C9282D4 6F outs dx, dword ptr es:[edi] 7C9282D5 72 74 jb short 7C92834B 7C9282D7 004E 74 add [esi+74], cl 7C9282DA 52 push edx ; msvcrt.77C31AE8 7C9282DB 65:70 6C jo short 7C92834A 7C9282DE 79 57 jns short 7C928337 7C9282E0 61 popad 7C9282E1 697452 65 63656>imul esi, [edx+edx*2+65], 76696563 7C9282E9 65:50 push eax 7C9282EB 6F outs dx, dword ptr es:[edi] 7C9282EC 72 74 jb short 7C928362 7C9282EE 004E 74 add [esi+74], cl 7C9282F1 52 push edx ; msvcrt.77C31AE8 7C9282F2 65:70 6C jo short 7C928361 7C9282F5 79 57 jns short 7C92834E 7C9282F7 61 popad 7C9282F8 697452 65 63656>imul esi, [edx+edx*2+65], 76696563 7C928300 65:50 push eax 7C928302 6F outs dx, dword ptr es:[edi] 7C928303 72 74 jb short 7C928379 7C928305 45 inc ebp 7C928306 78 00 js short 7C928308 7C928308 4E dec esi ; ntdll.ZwTerminateProcess 7C928309 74 52 je short 7C92835D 7C92830B 65:70 6C jo short 7C92837A 7C92830E 79 57 jns short 7C928367 7C928310 61 popad 7C928311 697452 65 706C7>imul esi, [edx+edx*2+65], 50796C70 7C928319 6F outs dx, dword ptr es:[edi] 7C92831A 72 74 jb short 7C928390 7C92831C 004E 74 add [esi+74], cl 7C92831F 52 push edx ; msvcrt.77C31AE8 7C928320 65:71 75 jno short 7C928398 7C928323 65:73 74 jnb short 7C92839A 7C928326 44 inc esp 7C928327 65:76 69 jbe short 7C928393 7C92832A 6365 57 arpl [ebp+57], sp 7C92832D 61 popad 7C92832E 6B65 75 70 imul esp, [ebp+75], 70 7C928332 004E 74 add [esi+74], cl 7C928335 52 push edx ; msvcrt.77C31AE8 7C928336 65:71 75 jno short 7C9283AE 7C928339 65:73 74 jnb short 7C9283B0 7C92833C 50 push eax 7C92833D 6F outs dx, dword ptr es:[edi] 7C92833E 72 74 jb short 7C9283B4 7C928340 004E 74 add [esi+74], cl 7C928343 52 push edx ; msvcrt.77C31AE8 7C928344 65:71 75 jno short 7C9283BC 7C928347 65:73 74 jnb short 7C9283BE 7C92834A 57 push edi 7C92834B 61 popad 7C92834C 697452 65 706C7>imul esi, [edx+edx*2+65], 50796C70 7C928354 6F outs dx, dword ptr es:[edi] 7C928355 72 74 jb short 7C9283CB 7C928357 004E 74 add [esi+74], cl 7C92835A 52 push edx ; msvcrt.77C31AE8 7C92835B 65:71 75 jno short 7C9283D3 7C92835E 65:73 74 jnb short 7C9283D5 7C928361 57 push edi 7C928362 61 popad 7C928363 6B65 75 70 imul esp, [ebp+75], 70 7C928367 4C dec esp 7C928368 61 popad 7C928369 74 65 je short 7C9283D0 7C92836B 6E outs dx, byte ptr es:[edi] 7C92836C 6379 00 arpl [ecx], di 7C92836F 4E dec esi ; ntdll.ZwTerminateProcess 7C928370 74 52 je short 7C9283C4 7C928372 65:73 65 jnb short 7C9283DA 7C928375 74 45 je short 7C9283BC 7C928377 76 65 jbe short 7C9283DE 7C928379 6E outs dx, byte ptr es:[edi] 7C92837A 74 00 je short 7C92837C 7C92837C 4E dec esi ; ntdll.ZwTerminateProcess 7C92837D 74 52 je short 7C9283D1 7C92837F 65:73 65 jnb short 7C9283E7 7C928382 74 57 je short 7C9283DB 7C928384 72 69 jb short 7C9283EF 7C928386 74 65 je short 7C9283ED 7C928388 57 push edi 7C928389 61 popad 7C92838A 74 63 je short 7C9283EF 7C92838C 68 004E7452 push 52744E00 7C928391 65:73 74 jnb short 7C928408 7C928394 6F outs dx, dword ptr es:[edi] 7C928395 72 65 jb short 7C9283FC 7C928397 4B dec ebx 7C928398 65:79 00 jns short 7C92839B 7C92839B 4E dec esi ; ntdll.ZwTerminateProcess 7C92839C 74 52 je short 7C9283F0 7C92839E 65:73 75 jnb short 7C928416 7C9283A1 6D ins dword ptr es:[edi], dx 7C9283A2 65:50 push eax 7C9283A4 72 6F jb short 7C928415 7C9283A6 6365 73 arpl [ebp+73], sp 7C9283A9 73 00 jnb short 7C9283AB 7C9283AB 4E dec esi ; ntdll.ZwTerminateProcess 7C9283AC 74 52 je short 7C928400 7C9283AE 65:73 75 jnb short 7C928426 7C9283B1 6D ins dword ptr es:[edi], dx 7C9283B2 65:54 push esp 7C9283B4 68 72656164 push 64616572 7C9283B9 004E 74 add [esi+74], cl 7C9283BC 53 push ebx 7C9283BD 61 popad 7C9283BE 76 65 jbe short 7C928425 7C9283C0 4B dec ebx 7C9283C1 65:79 00 jns short 7C9283C4 7C9283C4 4E dec esi ; ntdll.ZwTerminateProcess 7C9283C5 74 53 je short 7C92841A 7C9283C7 61 popad 7C9283C8 76 65 jbe short 7C92842F 7C9283CA 4B dec ebx 7C9283CB 65:79 45 jns short 7C928413 7C9283CE 78 00 js short 7C9283D0 7C9283D0 4E dec esi ; ntdll.ZwTerminateProcess 7C9283D1 74 53 je short 7C928426 7C9283D3 61 popad 7C9283D4 76 65 jbe short 7C92843B 7C9283D6 4D dec ebp 7C9283D7 65:72 67 jb short 7C928441 7C9283DA 65: prefix gs: 7C9283DB 64:4B dec ebx 7C9283DD 65:79 73 jns short 7C928453 7C9283E0 004E 74 add [esi+74], cl 7C9283E3 53 push ebx 7C9283E4 65:6375 72 arpl gs:[ebp+72], si 7C9283E8 65:43 inc ebx 7C9283EA 6F outs dx, dword ptr es:[edi] 7C9283EB 6E outs dx, byte ptr es:[edi] 7C9283EC 6E outs dx, byte ptr es:[edi] 7C9283ED 65:637450 6F arpl gs:[eax+edx*2+6F], si 7C9283F2 72 74 jb short 7C928468 7C9283F4 004E 74 add [esi+74], cl 7C9283F7 53 push ebx 7C9283F8 65:74 42 je short 7C92843D 7C9283FB 6F outs dx, dword ptr es:[edi] 7C9283FC 6F outs dx, dword ptr es:[edi] 7C9283FD 74 45 je short 7C928444 7C9283FF 6E outs dx, byte ptr es:[edi] 7C928400 74 72 je short 7C928474 7C928402 79 4F jns short 7C928453 7C928404 72 64 jb short 7C92846A 7C928406 65:72 00 jb short 7C928409 7C928409 4E dec esi ; ntdll.ZwTerminateProcess 7C92840A 74 53 je short 7C92845F 7C92840C 65:74 42 je short 7C928451 7C92840F 6F outs dx, dword ptr es:[edi] 7C928410 6F outs dx, dword ptr es:[edi] 7C928411 74 4F je short 7C928462 7C928413 70 74 jo short 7C928489 7C928415 696F 6E 73004E7>imul ebp, [edi+6E], 744E0073 7C92841C 53 push ebx 7C92841D 65:74 43 je short 7C928463 7C928420 6F outs dx, dword ptr es:[edi] 7C928421 6E outs dx, byte ptr es:[edi] 7C928422 74 65 je short 7C928489 7C928424 78 74 js short 7C92849A 7C928426 54 push esp 7C928427 68 72656164 push 64616572 7C92842C 004E 74 add [esi+74], cl 7C92842F 53 push ebx 7C928430 65:74 44 je short 7C928477 7C928433 65:6275 67 bound esi, gs:[ebp+67] 7C928437 46 inc esi ; ntdll.ZwTerminateProcess 7C928438 696C74 65 72537>imul ebp, [esp+esi*2+65], 61745372 7C928440 74 65 je short 7C9284A7 7C928442 004E 74 add [esi+74], cl 7C928445 53 push ebx 7C928446 65:74 44 je short 7C92848D 7C928449 65:66:61 popaw 7C92844C 75 6C jnz short 7C9284BA 7C92844E 74 48 je short 7C928498 7C928450 61 popad 7C928451 72 64 jb short 7C9284B7 7C928453 45 inc ebp 7C928454 72 72 jb short 7C9284C8 7C928456 6F outs dx, dword ptr es:[edi] 7C928457 72 50 jb short 7C9284A9 7C928459 6F outs dx, dword ptr es:[edi] 7C92845A 72 74 jb short 7C9284D0 7C92845C 004E 74 add [esi+74], cl 7C92845F 53 push ebx 7C928460 65:74 44 je short 7C9284A7 7C928463 65:66:61 popaw 7C928466 75 6C jnz short 7C9284D4 7C928468 74 4C je short 7C9284B6 7C92846A 6F outs dx, dword ptr es:[edi] 7C92846B 6361 6C arpl [ecx+6C], sp 7C92846E 65:004E 74 add gs:[esi+74], cl 7C928472 53 push ebx 7C928473 65:74 44 je short 7C9284BA 7C928476 65:66:61 popaw 7C928479 75 6C jnz short 7C9284E7 7C92847B 74 55 je short 7C9284D2 7C92847D 49 dec ecx 7C92847E 4C dec esp 7C92847F 61 popad 7C928480 6E outs dx, byte ptr es:[edi] 7C928481 67:75 61 jnz short 7C9284E5 7C928484 67:65:004E 74 add gs:[bp+74], cl 7C928489 53 push ebx 7C92848A 65:74 45 je short 7C9284D2 7C92848D 61 popad 7C92848E 46 inc esi ; ntdll.ZwTerminateProcess 7C92848F 696C65 00 4E745>imul ebp, [ebp], 6553744E 7C928497 74 45 je short 7C9284DE 7C928499 76 65 jbe short 7C928500 7C92849B 6E outs dx, byte ptr es:[edi] 7C92849C 74 00 je short 7C92849E 7C92849E 4E dec esi ; ntdll.ZwTerminateProcess 7C92849F 74 53 je short 7C9284F4 7C9284A1 65:74 45 je short 7C9284E9 7C9284A4 76 65 jbe short 7C92850B 7C9284A6 6E outs dx, byte ptr es:[edi] 7C9284A7 74 42 je short 7C9284EB 7C9284A9 6F outs dx, dword ptr es:[edi] 7C9284AA 6F outs dx, dword ptr es:[edi] 7C9284AB 73 74 jnb short 7C928521 7C9284AD 50 push eax 7C9284AE 72 69 jb short 7C928519 7C9284B0 6F outs dx, dword ptr es:[edi] 7C9284B1 72 69 jb short 7C92851C 7C9284B3 74 79 je short 7C92852E 7C9284B5 004E 74 add [esi+74], cl 7C9284B8 53 push ebx 7C9284B9 65:74 48 je short 7C928504 7C9284BC 6967 68 4576656>imul esp, [edi+68], 6E657645 7C9284C3 74 50 je short 7C928515 7C9284C5 61 popad 7C9284C6 6972 00 4E74536>imul esi, [edx], 6553744E ; ntdll.7C99C8E0 7C9284CD 74 48 je short 7C928517 7C9284CF 6967 68 5761697>imul esp, [edi+68], 74696157 7C9284D6 4C dec esp 7C9284D7 6F outs dx, dword ptr es:[edi] 7C9284D8 77 45 ja short 7C92851F 7C9284DA 76 65 jbe short 7C928541 7C9284DC 6E outs dx, byte ptr es:[edi] 7C9284DD 74 50 je short 7C92852F 7C9284DF 61 popad 7C9284E0 6972 00 4E74536>imul esi, [edx], 6553744E ; ntdll.7C99C8E0 7C9284E7 74 49 je short 7C928532 7C9284E9 6E outs dx, byte ptr es:[edi] 7C9284EA 66:6F outs dx, word ptr es:[edi] 7C9284EC 72 6D jb short 7C92855B 7C9284EE 61 popad 7C9284EF 74 69 je short 7C92855A 7C9284F1 6F outs dx, dword ptr es:[edi] 7C9284F2 6E outs dx, byte ptr es:[edi] 7C9284F3 44 inc esp 7C9284F4 65:6275 67 bound esi, gs:[ebp+67] 7C9284F8 4F dec edi 7C9284F9 626A 65 bound ebp, [edx+65] 7C9284FC 637400 4E arpl [eax+eax+4E], si 7C928500 74 53 je short 7C928555 7C928502 65:74 49 je short 7C92854E 7C928505 6E outs dx, byte ptr es:[edi] 7C928506 66:6F outs dx, word ptr es:[edi] 7C928508 72 6D jb short 7C928577 7C92850A 61 popad 7C92850B 74 69 je short 7C928576 7C92850D 6F outs dx, dword ptr es:[edi] 7C92850E 6E outs dx, byte ptr es:[edi] 7C92850F 46 inc esi ; ntdll.ZwTerminateProcess 7C928510 696C65 00 4E745>imul ebp, [ebp], 6553744E 7C928518 74 49 je short 7C928563 7C92851A 6E outs dx, byte ptr es:[edi] 7C92851B 66:6F outs dx, word ptr es:[edi] 7C92851D 72 6D jb short 7C92858C 7C92851F 61 popad 7C928520 74 69 je short 7C92858B 7C928522 6F outs dx, dword ptr es:[edi] 7C928523 6E outs dx, byte ptr es:[edi] 7C928524 4A dec edx ; msvcrt.77C31AE8 7C928525 6F outs dx, dword ptr es:[edi] 7C928526 624F 62 bound ecx, [edi+62] 7C928529 6A 65 push 65 7C92852B 637400 4E arpl [eax+eax+4E], si 7C92852F 74 53 je short 7C928584 7C928531 65:74 49 je short 7C92857D 7C928534 6E outs dx, byte ptr es:[edi] 7C928535 66:6F outs dx, word ptr es:[edi] 7C928537 72 6D jb short 7C9285A6 7C928539 61 popad 7C92853A 74 69 je short 7C9285A5 7C92853C 6F outs dx, dword ptr es:[edi] 7C92853D 6E outs dx, byte ptr es:[edi] 7C92853E 4B dec ebx 7C92853F 65:79 00 jns short 7C928542 7C928542 4E dec esi ; ntdll.ZwTerminateProcess 7C928543 74 53 je short 7C928598 7C928545 65:74 49 je short 7C928591 7C928548 6E outs dx, byte ptr es:[edi] 7C928549 66:6F outs dx, word ptr es:[edi] 7C92854B 72 6D jb short 7C9285BA 7C92854D 61 popad 7C92854E 74 69 je short 7C9285B9 7C928550 6F outs dx, dword ptr es:[edi] 7C928551 6E outs dx, byte ptr es:[edi] 7C928552 4F dec edi 7C928553 626A 65 bound ebp, [edx+65] 7C928556 637400 4E arpl [eax+eax+4E], si 7C92855A 74 53 je short 7C9285AF 7C92855C 65:74 49 je short 7C9285A8 7C92855F 6E outs dx, byte ptr es:[edi] 7C928560 66:6F outs dx, word ptr es:[edi] 7C928562 72 6D jb short 7C9285D1 7C928564 61 popad 7C928565 74 69 je short 7C9285D0 7C928567 6F outs dx, dword ptr es:[edi] 7C928568 6E outs dx, byte ptr es:[edi] 7C928569 50 push eax 7C92856A 72 6F jb short 7C9285DB 7C92856C 6365 73 arpl [ebp+73], sp 7C92856F 73 00 jnb short 7C928571 7C928571 4E dec esi ; ntdll.ZwTerminateProcess 7C928572 74 53 je short 7C9285C7 7C928574 65:74 49 je short 7C9285C0 7C928577 6E outs dx, byte ptr es:[edi] 7C928578 66:6F outs dx, word ptr es:[edi] 7C92857A 72 6D jb short 7C9285E9 7C92857C 61 popad 7C92857D 74 69 je short 7C9285E8 7C92857F 6F outs dx, dword ptr es:[edi] 7C928580 6E outs dx, byte ptr es:[edi] 7C928581 54 push esp 7C928582 68 72656164 push 64616572 7C928587 004E 74 add [esi+74], cl 7C92858A 53 push ebx 7C92858B 65:74 49 je short 7C9285D7 7C92858E 6E outs dx, byte ptr es:[edi] 7C92858F 66:6F outs dx, word ptr es:[edi] 7C928591 72 6D jb short 7C928600 7C928593 61 popad 7C928594 74 69 je short 7C9285FF 7C928596 6F outs dx, dword ptr es:[edi] 7C928597 6E outs dx, byte ptr es:[edi] 7C928598 54 push esp 7C928599 6F outs dx, dword ptr es:[edi] 7C92859A 6B65 6E 00 imul esp, [ebp+6E], 0 7C92859E 4E dec esi ; ntdll.ZwTerminateProcess 7C92859F 74 53 je short 7C9285F4 7C9285A1 65:74 49 je short 7C9285ED 7C9285A4 6E outs dx, byte ptr es:[edi] 7C9285A5 74 65 je short 7C92860C 7C9285A7 72 76 jb short 7C92861F 7C9285A9 61 popad 7C9285AA 6C ins byte ptr es:[edi], dx 7C9285AB 50 push eax 7C9285AC 72 6F jb short 7C92861D 7C9285AE 66:696C65 00 4E>imul bp, [ebp], 744E 7C9285B5 53 push ebx 7C9285B6 65:74 49 je short 7C928602 7C9285B9 6F outs dx, dword ptr es:[edi] 7C9285BA 43 inc ebx 7C9285BB 6F outs dx, dword ptr es:[edi] 7C9285BC 6D ins dword ptr es:[edi], dx 7C9285BD 70 6C jo short 7C92862B 7C9285BF 65:74 69 je short 7C92862B 7C9285C2 6F outs dx, dword ptr es:[edi] 7C9285C3 6E outs dx, byte ptr es:[edi] 7C9285C4 004E 74 add [esi+74], cl 7C9285C7 53 push ebx 7C9285C8 65:74 4C je short 7C928617 7C9285CB 64:74 45 je short 7C928613 7C9285CE 6E outs dx, byte ptr es:[edi] 7C9285CF 74 72 je short 7C928643 7C9285D1 6965 73 004E745>imul esp, [ebp+73], 53744E00 7C9285D8 65:74 4C je short 7C928627 7C9285DB 6F outs dx, dword ptr es:[edi] 7C9285DC 77 45 ja short 7C928623 7C9285DE 76 65 jbe short 7C928645 7C9285E0 6E outs dx, byte ptr es:[edi] 7C9285E1 74 50 je short 7C928633 7C9285E3 61 popad 7C9285E4 6972 00 4E74536>imul esi, [edx], 6553744E ; ntdll.7C99C8E0 7C9285EB 74 4C je short 7C928639 7C9285ED 6F outs dx, dword ptr es:[edi] 7C9285EE 77 57 ja short 7C928647 7C9285F0 61 popad 7C9285F1 697448 69 67684>imul esi, [eax+ecx*2+69], 76456867 7C9285F9 65:6E outs dx, byte ptr es:[edi] 7C9285FB 74 50 je short 7C92864D 7C9285FD 61 popad 7C9285FE 6972 00 4E74536>imul esi, [edx], 6553744E ; ntdll.7C99C8E0 7C928605 74 51 je short 7C928658 7C928607 75 6F jnz short 7C928678 7C928609 74 61 je short 7C92866C 7C92860B 49 dec ecx 7C92860C 6E outs dx, byte ptr es:[edi] 7C92860D 66:6F outs dx, word ptr es:[edi] 7C92860F 72 6D jb short 7C92867E 7C928611 61 popad 7C928612 74 69 je short 7C92867D 7C928614 6F outs dx, dword ptr es:[edi] 7C928615 6E outs dx, byte ptr es:[edi] 7C928616 46 inc esi ; ntdll.ZwTerminateProcess 7C928617 696C65 00 4E745>imul ebp, [ebp], 6553744E 7C92861F 74 53 je short 7C928674 7C928621 65:6375 72 arpl gs:[ebp+72], si 7C928625 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C92862D 74 00 je short 7C92862F 7C92862F 4E dec esi ; ntdll.ZwTerminateProcess 7C928630 74 53 je short 7C928685 7C928632 65:74 53 je short 7C928688 7C928635 79 73 jns short 7C9286AA 7C928637 74 65 je short 7C92869E 7C928639 6D ins dword ptr es:[edi], dx 7C92863A 45 inc ebp 7C92863B 6E outs dx, byte ptr es:[edi] 7C92863C 76 69 jbe short 7C9286A7 7C92863E 72 6F jb short 7C9286AF 7C928640 6E outs dx, byte ptr es:[edi] 7C928641 6D ins dword ptr es:[edi], dx 7C928642 65:6E outs dx, byte ptr es:[edi] 7C928644 74 56 je short 7C92869C 7C928646 61 popad 7C928647 6C ins byte ptr es:[edi], dx 7C928648 75 65 jnz short 7C9286AF 7C92864A 004E 74 add [esi+74], cl 7C92864D 53 push ebx 7C92864E 65:74 53 je short 7C9286A4 7C928651 79 73 jns short 7C9286C6 7C928653 74 65 je short 7C9286BA 7C928655 6D ins dword ptr es:[edi], dx 7C928656 45 inc ebp 7C928657 6E outs dx, byte ptr es:[edi] 7C928658 76 69 jbe short 7C9286C3 7C92865A 72 6F jb short 7C9286CB 7C92865C 6E outs dx, byte ptr es:[edi] 7C92865D 6D ins dword ptr es:[edi], dx 7C92865E 65:6E outs dx, byte ptr es:[edi] 7C928660 74 56 je short 7C9286B8 7C928662 61 popad 7C928663 6C ins byte ptr es:[edi], dx 7C928664 75 65 jnz short 7C9286CB 7C928666 45 inc ebp 7C928667 78 00 js short 7C928669 7C928669 4E dec esi ; ntdll.ZwTerminateProcess 7C92866A 74 53 je short 7C9286BF 7C92866C 65:74 53 je short 7C9286C2 7C92866F 79 73 jns short 7C9286E4 7C928671 74 65 je short 7C9286D8 7C928673 6D ins dword ptr es:[edi], dx 7C928674 49 dec ecx 7C928675 6E outs dx, byte ptr es:[edi] 7C928676 66:6F outs dx, word ptr es:[edi] 7C928678 72 6D jb short 7C9286E7 7C92867A 61 popad 7C92867B 74 69 je short 7C9286E6 7C92867D 6F outs dx, dword ptr es:[edi] 7C92867E 6E outs dx, byte ptr es:[edi] 7C92867F 004E 74 add [esi+74], cl 7C928682 53 push ebx 7C928683 65:74 53 je short 7C9286D9 7C928686 79 73 jns short 7C9286FB 7C928688 74 65 je short 7C9286EF 7C92868A 6D ins dword ptr es:[edi], dx 7C92868B 50 push eax 7C92868C 6F outs dx, dword ptr es:[edi] 7C92868D 77 65 ja short 7C9286F4 7C92868F 72 53 jb short 7C9286E4 7C928691 74 61 je short 7C9286F4 7C928693 74 65 je short 7C9286FA 7C928695 004E 74 add [esi+74], cl 7C928698 53 push ebx 7C928699 65:74 53 je short 7C9286EF 7C92869C 79 73 jns short 7C928711 7C92869E 74 65 je short 7C928705 7C9286A0 6D ins dword ptr es:[edi], dx 7C9286A1 54 push esp 7C9286A2 696D 65 004E745>imul ebp, [ebp+65], 53744E00 7C9286A9 65:74 54 je short 7C928700 7C9286AC 68 72656164 push 64616572 7C9286B1 45 inc ebp 7C9286B2 78 65 js short 7C928719 7C9286B4 6375 74 arpl [ebp+74], si 7C9286B7 696F 6E 5374617>imul ebp, [edi+6E], 74617453 7C9286BE 65:004E 74 add gs:[esi+74], cl 7C9286C2 53 push ebx 7C9286C3 65:74 54 je short 7C92871A 7C9286C6 696D 65 72004E7>imul ebp, [ebp+65], 744E0072 7C9286CD 53 push ebx 7C9286CE 65:74 54 je short 7C928725 7C9286D1 696D 65 7252657>imul ebp, [ebp+65], 73655272 7C9286D8 6F outs dx, dword ptr es:[edi] 7C9286D9 6C ins byte ptr es:[edi], dx 7C9286DA 75 74 jnz short 7C928750 7C9286DC 696F 6E 004E745>imul ebp, [edi+6E], 53744E00 7C9286E3 65:74 55 je short 7C92873B 7C9286E6 75 69 jnz short 7C928751 7C9286E8 64:53 push ebx 7C9286EA 65: prefix gs: 7C9286EB 65: prefix gs: 7C9286EC 64:004E 74 add fs:[esi+74], cl 7C9286F0 53 push ebx 7C9286F1 65:74 56 je short 7C92874A 7C9286F4 61 popad 7C9286F5 6C ins byte ptr es:[edi], dx 7C9286F6 75 65 jnz short 7C92875D 7C9286F8 4B dec ebx 7C9286F9 65:79 00 jns short 7C9286FC 7C9286FC 4E dec esi ; ntdll.ZwTerminateProcess 7C9286FD 74 53 je short 7C928752 7C9286FF 65:74 56 je short 7C928758 7C928702 6F outs dx, dword ptr es:[edi] 7C928703 6C ins byte ptr es:[edi], dx 7C928704 75 6D jnz short 7C928773 7C928706 65:49 dec ecx 7C928708 6E outs dx, byte ptr es:[edi] 7C928709 66:6F outs dx, word ptr es:[edi] 7C92870B 72 6D jb short 7C92877A 7C92870D 61 popad 7C92870E 74 69 je short 7C928779 7C928710 6F outs dx, dword ptr es:[edi] 7C928711 6E outs dx, byte ptr es:[edi] 7C928712 46 inc esi ; ntdll.ZwTerminateProcess 7C928713 696C65 00 4E745>imul ebp, [ebp], 6853744E 7C92871B 75 74 jnz short 7C928791 7C92871D 64:6F outs dx, dword ptr es:[edi] 7C92871F 77 6E ja short 7C92878F 7C928721 53 push ebx 7C928722 79 73 jns short 7C928797 7C928724 74 65 je short 7C92878B 7C928726 6D ins dword ptr es:[edi], dx 7C928727 004E 74 add [esi+74], cl 7C92872A 53 push ebx 7C92872B 6967 6E 616C416>imul esp, [edi+6E], 6E416C61 7C928732 64:57 push edi 7C928734 61 popad 7C928735 697446 6F 72536>imul esi, [esi+eax*2+6F], 6E695372 7C92873D 67:6C ins byte ptr es:[di], dx 7C92873F 65:4F dec edi 7C928741 626A 65 bound ebp, [edx+65] 7C928744 637400 4E arpl [eax+eax+4E], si 7C928748 74 53 je short 7C92879D 7C92874A 74 61 je short 7C9287AD 7C92874C 72 74 jb short 7C9287C2 7C92874E 50 push eax 7C92874F 72 6F jb short 7C9287C0 7C928751 66:696C65 00 4E>imul bp, [ebp], 744E 7C928758 53 push ebx 7C928759 74 6F je short 7C9287CA 7C92875B 70 50 jo short 7C9287AD 7C92875D 72 6F jb short 7C9287CE 7C92875F 66:696C65 00 4E>imul bp, [ebp], 744E 7C928766 53 push ebx 7C928767 75 73 jnz short 7C9287DC 7C928769 70 65 jo short 7C9287D0 7C92876B 6E outs dx, byte ptr es:[edi] 7C92876C 64:50 push eax 7C92876E 72 6F jb short 7C9287DF 7C928770 6365 73 arpl [ebp+73], sp 7C928773 73 00 jnb short 7C928775 7C928775 4E dec esi ; ntdll.ZwTerminateProcess 7C928776 74 53 je short 7C9287CB 7C928778 75 73 jnz short 7C9287ED 7C92877A 70 65 jo short 7C9287E1 7C92877C 6E outs dx, byte ptr es:[edi] 7C92877D 64:54 push esp 7C92877F 68 72656164 push 64616572 7C928784 004E 74 add [esi+74], cl 7C928787 53 push ebx 7C928788 79 73 jns short 7C9287FD 7C92878A 74 65 je short 7C9287F1 7C92878C 6D ins dword ptr es:[edi], dx 7C92878D 44 inc esp 7C92878E 65:6275 67 bound esi, gs:[ebp+67] 7C928792 43 inc ebx 7C928793 6F outs dx, dword ptr es:[edi] 7C928794 6E outs dx, byte ptr es:[edi] 7C928795 74 72 je short 7C928809 7C928797 6F outs dx, dword ptr es:[edi] 7C928798 6C ins byte ptr es:[edi], dx 7C928799 004E 74 add [esi+74], cl 7C92879C 54 push esp 7C92879D 65:72 6D jb short 7C92880D 7C9287A0 696E 61 74654A6>imul ebp, [esi+61], 6F4A6574 7C9287A7 624F 62 bound ecx, [edi+62] 7C9287AA 6A 65 push 65 7C9287AC 637400 4E arpl [eax+eax+4E], si 7C9287B0 74 54 je short 7C928806 7C9287B2 65:72 6D jb short 7C928822 7C9287B5 696E 61 7465507>imul ebp, [esi+61], 72506574 7C9287BC 6F outs dx, dword ptr es:[edi] 7C9287BD 6365 73 arpl [ebp+73], sp 7C9287C0 73 00 jnb short 7C9287C2 7C9287C2 4E dec esi ; ntdll.ZwTerminateProcess 7C9287C3 74 54 je short 7C928819 7C9287C5 65:72 6D jb short 7C928835 7C9287C8 696E 61 7465546>imul ebp, [esi+61], 68546574 7C9287CF 72 65 jb short 7C928836 7C9287D1 61 popad 7C9287D2 64:004E 74 add fs:[esi+74], cl 7C9287D6 54 push esp 7C9287D7 65:73 74 jnb short 7C92884E 7C9287DA 41 inc ecx 7C9287DB 6C ins byte ptr es:[edi], dx 7C9287DC 65:72 74 jb short 7C928853 7C9287DF 004E 74 add [esi+74], cl 7C9287E2 54 push esp 7C9287E3 72 61 jb short 7C928846 7C9287E5 6365 45 arpl [ebp+45], sp 7C9287E8 76 65 jbe short 7C92884F 7C9287EA 6E outs dx, byte ptr es:[edi] 7C9287EB 74 00 je short 7C9287ED 7C9287ED 4E dec esi ; ntdll.ZwTerminateProcess 7C9287EE 74 54 je short 7C928844 7C9287F0 72 61 jb short 7C928853 7C9287F2 6E outs dx, byte ptr es:[edi] 7C9287F3 73 6C jnb short 7C928861 7C9287F5 61 popad 7C9287F6 74 65 je short 7C92885D 7C9287F8 46 inc esi ; ntdll.ZwTerminateProcess 7C9287F9 696C65 50 61746>imul ebp, [ebp+50], 687461 ; trscd.00454ACA 7C928801 4E dec esi ; ntdll.ZwTerminateProcess 7C928802 74 55 je short 7C928859 7C928804 6E outs dx, byte ptr es:[edi] 7C928805 6C ins byte ptr es:[edi], dx 7C928806 6F outs dx, dword ptr es:[edi] 7C928807 61 popad 7C928808 64:44 inc esp 7C92880A 72 69 jb short 7C928875 7C92880C 76 65 jbe short 7C928873 7C92880E 72 00 jb short 7C928810 7C928810 4E dec esi ; ntdll.ZwTerminateProcess 7C928811 74 55 je short 7C928868 7C928813 6E outs dx, byte ptr es:[edi] 7C928814 6C ins byte ptr es:[edi], dx 7C928815 6F outs dx, dword ptr es:[edi] 7C928816 61 popad 7C928817 64:4B dec ebx 7C928819 65:79 00 jns short 7C92881C 7C92881C 4E dec esi ; ntdll.ZwTerminateProcess 7C92881D 74 55 je short 7C928874 7C92881F 6E outs dx, byte ptr es:[edi] 7C928820 6C ins byte ptr es:[edi], dx 7C928821 6F outs dx, dword ptr es:[edi] 7C928822 61 popad 7C928823 64:4B dec ebx 7C928825 65:79 45 jns short 7C92886D 7C928828 78 00 js short 7C92882A 7C92882A 4E dec esi ; ntdll.ZwTerminateProcess 7C92882B 74 55 je short 7C928882 7C92882D 6E outs dx, byte ptr es:[edi] 7C92882E 6C ins byte ptr es:[edi], dx 7C92882F 6F outs dx, dword ptr es:[edi] 7C928830 636B 46 arpl [ebx+46], bp 7C928833 696C65 00 4E745>imul ebp, [ebp], 6E55744E 7C92883B 6C ins byte ptr es:[edi], dx 7C92883C 6F outs dx, dword ptr es:[edi] 7C92883D 636B 56 arpl [ebx+56], bp 7C928840 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C928847 65:6D ins dword ptr es:[edi], dx 7C928849 6F outs dx, dword ptr es:[edi] 7C92884A 72 79 jb short 7C9288C5 7C92884C 004E 74 add [esi+74], cl 7C92884F 55 push ebp 7C928850 6E outs dx, byte ptr es:[edi] 7C928851 6D ins dword ptr es:[edi], dx 7C928852 61 popad 7C928853 70 56 jo short 7C9288AB 7C928855 6965 77 4F66536>imul esp, [ebp+77], 6553664F 7C92885C 637469 6F arpl [ecx+ebp*2+6F], si 7C928860 6E outs dx, byte ptr es:[edi] 7C928861 004E 74 add [esi+74], cl 7C928864 56 push esi ; ntdll.ZwTerminateProcess 7C928865 64:6D ins dword ptr es:[edi], dx 7C928867 43 inc ebx 7C928868 6F outs dx, dword ptr es:[edi] 7C928869 6E outs dx, byte ptr es:[edi] 7C92886A 74 72 je short 7C9288DE 7C92886C 6F outs dx, dword ptr es:[edi] 7C92886D 6C ins byte ptr es:[edi], dx 7C92886E 004E 74 add [esi+74], cl 7C928871 57 push edi 7C928872 61 popad 7C928873 697446 6F 72446>imul esi, [esi+eax*2+6F], 62654472 7C92887B 75 67 jnz short 7C9288E4 7C92887D 45 inc ebp 7C92887E 76 65 jbe short 7C9288E5 7C928880 6E outs dx, byte ptr es:[edi] 7C928881 74 00 je short 7C928883 7C928883 4E dec esi ; ntdll.ZwTerminateProcess 7C928884 74 57 je short 7C9288DD 7C928886 61 popad 7C928887 697446 6F 724B6>imul esi, [esi+eax*2+6F], 79654B72 7C92888F 65: prefix gs: 7C928890 64:45 inc ebp 7C928892 76 65 jbe short 7C9288F9 7C928894 6E outs dx, byte ptr es:[edi] 7C928895 74 00 je short 7C928897 7C928897 4E dec esi ; ntdll.ZwTerminateProcess 7C928898 74 57 je short 7C9288F1 7C92889A 61 popad 7C92889B 697446 6F 724D7>imul esi, [esi+eax*2+6F], 6C754D72 7C9288A3 74 69 je short 7C92890E 7C9288A5 70 6C jo short 7C928913 7C9288A7 65:4F dec edi 7C9288A9 626A 65 bound ebp, [edx+65] 7C9288AC 637473 00 arpl [ebx+esi*2], si 7C9288B0 4E dec esi ; ntdll.ZwTerminateProcess 7C9288B1 74 57 je short 7C92890A 7C9288B3 61 popad 7C9288B4 697446 6F 72536>imul esi, [esi+eax*2+6F], 6E695372 7C9288BC 67:6C ins byte ptr es:[di], dx 7C9288BE 65:4F dec edi 7C9288C0 626A 65 bound ebp, [edx+65] 7C9288C3 637400 4E arpl [eax+eax+4E], si 7C9288C7 74 57 je short 7C928920 7C9288C9 61 popad 7C9288CA 697448 69 67684>imul esi, [eax+ecx*2+69], 76456867 7C9288D2 65:6E outs dx, byte ptr es:[edi] 7C9288D4 74 50 je short 7C928926 7C9288D6 61 popad 7C9288D7 6972 00 4E74576>imul esi, [edx], 6157744E ; ntdll.7C99C8E0 7C9288DE 69744C 6F 77457>imul esi, [esp+ecx*2+6F], 65764577 7C9288E6 6E outs dx, byte ptr es:[edi] 7C9288E7 74 50 je short 7C928939 7C9288E9 61 popad 7C9288EA 6972 00 4E74577>imul esi, [edx], 7257744E ; ntdll.7C99C8E0 7C9288F1 697465 46 696C6>imul esi, [ebp+46], 656C69 7C9288F9 4E dec esi ; ntdll.ZwTerminateProcess 7C9288FA 74 57 je short 7C928953 7C9288FC 72 69 jb short 7C928967 7C9288FE 74 65 je short 7C928965 7C928900 46 inc esi ; ntdll.ZwTerminateProcess 7C928901 696C65 47 61746>imul ebp, [ebp+47], 65687461 7C928909 72 00 jb short 7C92890B 7C92890B 4E dec esi ; ntdll.ZwTerminateProcess 7C92890C 74 57 je short 7C928965 7C92890E 72 69 jb short 7C928979 7C928910 74 65 je short 7C928977 7C928912 52 push edx ; msvcrt.77C31AE8 7C928913 65:71 75 jno short 7C92898B 7C928916 65:73 74 jnb short 7C92898D 7C928919 44 inc esp 7C92891A 61 popad 7C92891B 74 61 je short 7C92897E 7C92891D 004E 74 add [esi+74], cl 7C928920 57 push edi 7C928921 72 69 jb short 7C92898C 7C928923 74 65 je short 7C92898A 7C928925 56 push esi ; ntdll.ZwTerminateProcess 7C928926 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C92892D 65:6D ins dword ptr es:[edi], dx 7C92892F 6F outs dx, dword ptr es:[edi] 7C928930 72 79 jb short 7C9289AB 7C928932 004E 74 add [esi+74], cl 7C928935 59 pop ecx ; ntdll.7C92E89A 7C928936 6965 6C 6445786>imul esp, [ebp+6C], 65784564 7C92893D 6375 74 arpl [ebp+74], si 7C928940 696F 6E 0050667>imul ebp, [edi+6E], 78665000 7C928947 46 inc esi ; ntdll.ZwTerminateProcess 7C928948 696E 64 5072656>imul ebp, [esi+64], 66657250 7C92894F 6978 00 5066784>imul edi, [eax], 49786650 7C928956 6E outs dx, byte ptr es:[edi] 7C928957 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C92895F 0050 66 add [eax+66], dl 7C928962 78 49 js short 7C9289AD 7C928964 6E outs dx, byte ptr es:[edi] 7C928965 73 65 jnb short 7C9289CC 7C928967 72 74 jb short 7C9289DD 7C928969 50 push eax 7C92896A 72 65 jb short 7C9289D1 7C92896C 66:6978 00 5066 imul di, [eax], 6650 7C928972 78 52 js short 7C9289C6 7C928974 65:6D ins dword ptr es:[edi], dx 7C928976 6F outs dx, dword ptr es:[edi] 7C928977 76 65 jbe short 7C9289DE 7C928979 50 push eax 7C92897A 72 65 jb short 7C9289E1 7C92897C 66:6978 00 5072 imul di, [eax], 7250 7C928982 6F outs dx, dword ptr es:[edi] 7C928983 70 65 jo short 7C9289EA 7C928985 72 74 jb short 7C9289FB 7C928987 79 4C jns short 7C9289D5 7C928989 65:6E outs dx, byte ptr es:[edi] 7C92898B 67:74 68 je short 7C9289F6 7C92898E 41 inc ecx 7C92898F 73 56 jnb short 7C9289E7 7C928991 61 popad 7C928992 72 69 jb short 7C9289FD 7C928994 61 popad 7C928995 6E outs dx, byte ptr es:[edi] 7C928996 74 00 je short 7C928998 7C928998 52 push edx ; msvcrt.77C31AE8 7C928999 74 6C je short 7C928A07 7C92899B 41 inc ecx 7C92899C 626F 72 bound ebp, [edi+72] 7C92899F 74 52 je short 7C9289F3 7C9289A1 58 pop eax ; ntdll.7C92E89A 7C9289A2 61 popad 7C9289A3 637400 52 arpl [eax+eax+52], si 7C9289A7 74 6C je short 7C928A15 7C9289A9 41 inc ecx 7C9289AA 6273 6F bound esi, [ebx+6F] 7C9289AD 6C ins byte ptr es:[edi], dx 7C9289AE 75 74 jnz short 7C928A24 7C9289B0 65:54 push esp 7C9289B2 6F outs dx, dword ptr es:[edi] 7C9289B3 53 push ebx 7C9289B4 65:6C ins byte ptr es:[edi], dx 7C9289B6 66:52 push dx 7C9289B8 65:6C ins byte ptr es:[edi], dx 7C9289BA 61 popad 7C9289BB 74 69 je short 7C928A26 7C9289BD 76 65 jbe short 7C928A24 7C9289BF 53 push ebx 7C9289C0 44 inc esp 7C9289C1 0052 74 add [edx+74], dl 7C9289C4 6C ins byte ptr es:[edi], dx 7C9289C5 41 inc ecx 7C9289C6 6371 75 arpl [ecx+75], si 7C9289C9 6972 65 5065624>imul esi, [edx+65], 4C626550 7C9289D0 6F outs dx, dword ptr es:[edi] 7C9289D1 636B 00 arpl [ebx], bp 7C9289D4 52 push edx ; msvcrt.77C31AE8 7C9289D5 74 6C je short 7C928A43 7C9289D7 41 inc ecx 7C9289D8 6371 75 arpl [ecx+75], si 7C9289DB 6972 65 5265736>imul esi, [edx+65], 6F736552 7C9289E2 75 72 jnz short 7C928A56 7C9289E4 6365 45 arpl [ebp+45], sp 7C9289E7 78 63 js short 7C928A4C 7C9289E9 6C ins byte ptr es:[edi], dx 7C9289EA 75 73 jnz short 7C928A5F 7C9289EC 6976 65 0052746>imul esi, [esi+65], 6C745200 7C9289F3 41 inc ecx 7C9289F4 6371 75 arpl [ecx+75], si 7C9289F7 6972 65 5265736>imul esi, [edx+65], 6F736552 7C9289FE 75 72 jnz short 7C928A72 7C928A00 6365 53 arpl [ebp+53], sp 7C928A03 68 61726564 push 64657261 7C928A08 0052 74 add [edx+74], dl 7C928A0B 6C ins byte ptr es:[edi], dx 7C928A0C 41 inc ecx 7C928A0D 637469 76 arpl [ecx+ebp*2+76], si 7C928A11 61 popad 7C928A12 74 65 je short 7C928A79 7C928A14 41 inc ecx 7C928A15 637469 76 arpl [ecx+ebp*2+76], si 7C928A19 61 popad 7C928A1A 74 69 je short 7C928A85 7C928A1C 6F outs dx, dword ptr es:[edi] 7C928A1D 6E outs dx, byte ptr es:[edi] 7C928A1E 43 inc ebx 7C928A1F 6F outs dx, dword ptr es:[edi] 7C928A20 6E outs dx, byte ptr es:[edi] 7C928A21 74 65 je short 7C928A88 7C928A23 78 74 js short 7C928A99 7C928A25 0052 74 add [edx+74], dl 7C928A28 6C ins byte ptr es:[edi], dx 7C928A29 41 inc ecx 7C928A2A 637469 76 arpl [ecx+ebp*2+76], si 7C928A2E 61 popad 7C928A2F 74 65 je short 7C928A96 7C928A31 41 inc ecx 7C928A32 637469 76 arpl [ecx+ebp*2+76], si 7C928A36 61 popad 7C928A37 74 69 je short 7C928AA2 7C928A39 6F outs dx, dword ptr es:[edi] 7C928A3A 6E outs dx, byte ptr es:[edi] 7C928A3B 43 inc ebx 7C928A3C 6F outs dx, dword ptr es:[edi] 7C928A3D 6E outs dx, byte ptr es:[edi] 7C928A3E 74 65 je short 7C928AA5 7C928A40 78 74 js short 7C928AB6 7C928A42 45 inc ebp 7C928A43 78 00 js short 7C928A45 7C928A45 52 push edx ; msvcrt.77C31AE8 7C928A46 74 6C je short 7C928AB4 7C928A48 41 inc ecx 7C928A49 637469 76 arpl [ecx+ebp*2+76], si 7C928A4D 61 popad 7C928A4E 74 65 je short 7C928AB5 7C928A50 41 inc ecx 7C928A51 637469 76 arpl [ecx+ebp*2+76], si 7C928A55 61 popad 7C928A56 74 69 je short 7C928AC1 7C928A58 6F outs dx, dword ptr es:[edi] 7C928A59 6E outs dx, byte ptr es:[edi] 7C928A5A 43 inc ebx 7C928A5B 6F outs dx, dword ptr es:[edi] 7C928A5C 6E outs dx, byte ptr es:[edi] 7C928A5D 74 65 je short 7C928AC4 7C928A5F 78 74 js short 7C928AD5 7C928A61 55 push ebp 7C928A62 6E outs dx, byte ptr es:[edi] 7C928A63 73 61 jnb short 7C928AC6 7C928A65 66:65:46 inc si 7C928A68 61 popad 7C928A69 73 74 jnb short 7C928ADF 7C928A6B 0052 74 add [edx+74], dl 7C928A6E 6C ins byte ptr es:[edi], dx 7C928A6F 41 inc ecx 7C928A70 64: prefix fs: 7C928A71 64:41 inc ecx 7C928A73 6363 65 arpl [ebx+65], sp 7C928A76 73 73 jnb short 7C928AEB 7C928A78 41 inc ecx 7C928A79 6C ins byte ptr es:[edi], dx 7C928A7A 6C ins byte ptr es:[edi], dx 7C928A7B 6F outs dx, dword ptr es:[edi] 7C928A7C 77 65 ja short 7C928AE3 7C928A7E 64:41 inc ecx 7C928A80 6365 00 arpl [ebp], sp 7C928A83 52 push edx ; msvcrt.77C31AE8 7C928A84 74 6C je short 7C928AF2 7C928A86 41 inc ecx 7C928A87 64: prefix fs: 7C928A88 64:41 inc ecx 7C928A8A 6363 65 arpl [ebx+65], sp 7C928A8D 73 73 jnb short 7C928B02 7C928A8F 41 inc ecx 7C928A90 6C ins byte ptr es:[edi], dx 7C928A91 6C ins byte ptr es:[edi], dx 7C928A92 6F outs dx, dword ptr es:[edi] 7C928A93 77 65 ja short 7C928AFA 7C928A95 64:41 inc ecx 7C928A97 6365 45 arpl [ebp+45], sp 7C928A9A 78 00 js short 7C928A9C 7C928A9C 52 push edx ; msvcrt.77C31AE8 7C928A9D 74 6C je short 7C928B0B 7C928A9F 41 inc ecx 7C928AA0 64: prefix fs: 7C928AA1 64:41 inc ecx 7C928AA3 6363 65 arpl [ebx+65], sp 7C928AA6 73 73 jnb short 7C928B1B 7C928AA8 41 inc ecx 7C928AA9 6C ins byte ptr es:[edi], dx 7C928AAA 6C ins byte ptr es:[edi], dx 7C928AAB 6F outs dx, dword ptr es:[edi] 7C928AAC 77 65 ja short 7C928B13 7C928AAE 64:4F dec edi 7C928AB0 626A 65 bound ebp, [edx+65] 7C928AB3 637441 63 arpl [ecx+eax*2+63], si 7C928AB7 65:0052 74 add gs:[edx+74], dl 7C928ABB 6C ins byte ptr es:[edi], dx 7C928ABC 41 inc ecx 7C928ABD 64: prefix fs: 7C928ABE 64:41 inc ecx 7C928AC0 6363 65 arpl [ebx+65], sp 7C928AC3 73 73 jnb short 7C928B38 7C928AC5 44 inc esp 7C928AC6 65:6E outs dx, byte ptr es:[edi] 7C928AC8 6965 64 4163650>imul esp, [ebp+64], 656341 7C928ACF 52 push edx ; msvcrt.77C31AE8 7C928AD0 74 6C je short 7C928B3E 7C928AD2 41 inc ecx 7C928AD3 64: prefix fs: 7C928AD4 64:41 inc ecx 7C928AD6 6363 65 arpl [ebx+65], sp 7C928AD9 73 73 jnb short 7C928B4E 7C928ADB 44 inc esp 7C928ADC 65:6E outs dx, byte ptr es:[edi] 7C928ADE 6965 64 4163654>imul esp, [ebp+64], 45656341 7C928AE5 78 00 js short 7C928AE7 7C928AE7 52 push edx ; msvcrt.77C31AE8 7C928AE8 74 6C je short 7C928B56 7C928AEA 41 inc ecx 7C928AEB 64: prefix fs: 7C928AEC 64:41 inc ecx 7C928AEE 6363 65 arpl [ebx+65], sp 7C928AF1 73 73 jnb short 7C928B66 7C928AF3 44 inc esp 7C928AF4 65:6E outs dx, byte ptr es:[edi] 7C928AF6 6965 64 4F626A6>imul esp, [ebp+64], 656A624F 7C928AFD 637441 63 arpl [ecx+eax*2+63], si 7C928B01 65:0052 74 add gs:[edx+74], dl 7C928B05 6C ins byte ptr es:[edi], dx 7C928B06 41 inc ecx 7C928B07 64: prefix fs: 7C928B08 64:41 inc ecx 7C928B0A 6365 00 arpl [ebp], sp 7C928B0D 52 push edx ; msvcrt.77C31AE8 7C928B0E 74 6C je short 7C928B7C 7C928B10 41 inc ecx 7C928B11 64: prefix fs: 7C928B12 64:41 inc ecx 7C928B14 637469 6F arpl [ecx+ebp*2+6F], si 7C928B18 6E outs dx, byte ptr es:[edi] 7C928B19 54 push esp 7C928B1A 6F outs dx, dword ptr es:[edi] 7C928B1B 52 push edx ; msvcrt.77C31AE8 7C928B1C 58 pop eax ; ntdll.7C92E89A 7C928B1D 61 popad 7C928B1E 637400 52 arpl [eax+eax+52], si 7C928B22 74 6C je short 7C928B90 7C928B24 41 inc ecx 7C928B25 64: prefix fs: 7C928B26 64:41 inc ecx 7C928B28 74 6F je short 7C928B99 7C928B2A 6D ins dword ptr es:[edi], dx 7C928B2B 54 push esp 7C928B2C 6F outs dx, dword ptr es:[edi] 7C928B2D 41 inc ecx 7C928B2E 74 6F je short 7C928B9F 7C928B30 6D ins dword ptr es:[edi], dx 7C928B31 54 push esp 7C928B32 61 popad 7C928B33 626C65 00 bound ebp, [ebp] 7C928B37 52 push edx ; msvcrt.77C31AE8 7C928B38 74 6C je short 7C928BA6 7C928B3A 41 inc ecx 7C928B3B 64: prefix fs: 7C928B3C 64:41 inc ecx 7C928B3E 74 74 je short 7C928BB4 7C928B40 72 69 jb short 7C928BAB 7C928B42 6275 74 bound esi, [ebp+74] 7C928B45 65:41 inc ecx 7C928B47 637469 6F arpl [ecx+ebp*2+6F], si 7C928B4B 6E outs dx, byte ptr es:[edi] 7C928B4C 54 push esp 7C928B4D 6F outs dx, dword ptr es:[edi] 7C928B4E 52 push edx ; msvcrt.77C31AE8 7C928B4F 58 pop eax ; ntdll.7C92E89A 7C928B50 61 popad 7C928B51 637400 52 arpl [eax+eax+52], si 7C928B55 74 6C je short 7C928BC3 7C928B57 41 inc ecx 7C928B58 64: prefix fs: 7C928B59 64:41 inc ecx 7C928B5B 75 64 jnz short 7C928BC1 7C928B5D 697441 63 63657>imul esi, [ecx+eax*2+63], 73736563 7C928B65 41 inc ecx 7C928B66 6365 00 arpl [ebp], sp 7C928B69 52 push edx ; msvcrt.77C31AE8 7C928B6A 74 6C je short 7C928BD8 7C928B6C 41 inc ecx 7C928B6D 64: prefix fs: 7C928B6E 64:41 inc ecx 7C928B70 75 64 jnz short 7C928BD6 7C928B72 697441 63 63657>imul esi, [ecx+eax*2+63], 73736563 7C928B7A 41 inc ecx 7C928B7B 6365 45 arpl [ebp+45], sp 7C928B7E 78 00 js short 7C928B80 7C928B80 52 push edx ; msvcrt.77C31AE8 7C928B81 74 6C je short 7C928BEF 7C928B83 41 inc ecx 7C928B84 64: prefix fs: 7C928B85 64:41 inc ecx 7C928B87 75 64 jnz short 7C928BED 7C928B89 697441 63 63657>imul esi, [ecx+eax*2+63], 73736563 7C928B91 4F dec edi 7C928B92 626A 65 bound ebp, [edx+65] 7C928B95 637441 63 arpl [ecx+eax*2+63], si 7C928B99 65:0052 74 add gs:[edx+74], dl 7C928B9D 6C ins byte ptr es:[edi], dx 7C928B9E 41 inc ecx 7C928B9F 64: prefix fs: 7C928BA0 64:43 inc ebx 7C928BA2 6F outs dx, dword ptr es:[edi] 7C928BA3 6D ins dword ptr es:[edi], dx 7C928BA4 70 6F jo short 7C928C15 7C928BA6 75 6E jnz short 7C928C16 7C928BA8 64:41 inc ecx 7C928BAA 6365 00 arpl [ebp], sp 7C928BAD 52 push edx ; msvcrt.77C31AE8 7C928BAE 74 6C je short 7C928C1C 7C928BB0 41 inc ecx 7C928BB1 64: prefix fs: 7C928BB2 64:52 push edx ; msvcrt.77C31AE8 7C928BB4 61 popad 7C928BB5 6E outs dx, byte ptr es:[edi] 7C928BB6 67:65:0052 74 add gs:[bp+si+74], dl 7C928BBB 6C ins byte ptr es:[edi], dx 7C928BBC 41 inc ecx 7C928BBD 64: prefix fs: 7C928BBE 64:52 push edx ; msvcrt.77C31AE8 7C928BC0 65:66:41 inc cx 7C928BC3 637469 76 arpl [ecx+ebp*2+76], si 7C928BC7 61 popad 7C928BC8 74 69 je short 7C928C33 7C928BCA 6F outs dx, dword ptr es:[edi] 7C928BCB 6E outs dx, byte ptr es:[edi] 7C928BCC 43 inc ebx 7C928BCD 6F outs dx, dword ptr es:[edi] 7C928BCE 6E outs dx, byte ptr es:[edi] 7C928BCF 74 65 je short 7C928C36 7C928BD1 78 74 js short 7C928C47 7C928BD3 0052 74 add [edx+74], dl 7C928BD6 6C ins byte ptr es:[edi], dx 7C928BD7 41 inc ecx 7C928BD8 64: prefix fs: 7C928BD9 64:52 push edx ; msvcrt.77C31AE8 7C928BDB 65:66:4D dec bp 7C928BDE 65:6D ins dword ptr es:[edi], dx 7C928BE0 6F outs dx, dword ptr es:[edi] 7C928BE1 72 79 jb short 7C928C5C 7C928BE3 53 push ebx 7C928BE4 74 72 je short 7C928C58 7C928BE6 65:61 popad 7C928BE8 6D ins dword ptr es:[edi], dx 7C928BE9 0052 74 add [edx+74], dl 7C928BEC 6C ins byte ptr es:[edi], dx 7C928BED 41 inc ecx 7C928BEE 64: prefix fs: 7C928BEF 64:56 push esi ; ntdll.ZwTerminateProcess 7C928BF1 65:63746F 72 arpl gs:[edi+ebp*2+72], si 7C928BF6 65: prefix gs: 7C928BF7 64:45 inc ebp 7C928BF9 78 63 js short 7C928C5E 7C928BFB 65:70 74 jo short 7C928C72 7C928BFE 696F 6E 48616E6>imul ebp, [edi+6E], 646E6148 7C928C05 6C ins byte ptr es:[edi], dx 7C928C06 65:72 00 jb short 7C928C09 7C928C09 52 push edx ; msvcrt.77C31AE8 7C928C0A 74 6C je short 7C928C78 7C928C0C 41 inc ecx 7C928C0D 64: prefix fs: 7C928C0E 64:72 65 jb short 7C928C76 7C928C11 73 73 jnb short 7C928C86 7C928C13 49 dec ecx 7C928C14 6E outs dx, byte ptr es:[edi] 7C928C15 53 push ebx 7C928C16 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C928C1B 6E outs dx, byte ptr es:[edi] 7C928C1C 54 push esp 7C928C1D 61 popad 7C928C1E 626C65 00 bound ebp, [ebp] 7C928C22 52 push edx ; msvcrt.77C31AE8 7C928C23 74 6C je short 7C928C91 7C928C25 41 inc ecx 7C928C26 64:6A 75 push 75 7C928C29 73 74 jnb short 7C928C9F 7C928C2B 50 push eax 7C928C2C 72 69 jb short 7C928C97 7C928C2E 76 69 jbe short 7C928C99 7C928C30 6C ins byte ptr es:[edi], dx 7C928C31 65: prefix gs: 7C928C32 67:65:0052 74 add gs:[bp+si+74], dl 7C928C37 6C ins byte ptr es:[edi], dx 7C928C38 41 inc ecx 7C928C39 6C ins byte ptr es:[edi], dx 7C928C3A 6C ins byte ptr es:[edi], dx 7C928C3B 6F outs dx, dword ptr es:[edi] 7C928C3C 6361 74 arpl [ecx+74], sp 7C928C3F 65:41 inc ecx 7C928C41 6E outs dx, byte ptr es:[edi] 7C928C42 64:49 dec ecx 7C928C44 6E outs dx, byte ptr es:[edi] 7C928C45 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C928C4D 53 push ebx 7C928C4E 696400 52 746C4>imul esp, [eax+eax+52], 6C416C74 7C928C56 6C ins byte ptr es:[edi], dx 7C928C57 6F outs dx, dword ptr es:[edi] 7C928C58 6361 74 arpl [ecx+74], sp 7C928C5B 65:48 dec eax 7C928C5D 61 popad 7C928C5E 6E outs dx, byte ptr es:[edi] 7C928C5F 64:6C ins byte ptr es:[edi], dx 7C928C61 65:0052 74 add gs:[edx+74], dl 7C928C65 6C ins byte ptr es:[edi], dx 7C928C66 41 inc ecx 7C928C67 6C ins byte ptr es:[edi], dx 7C928C68 6C ins byte ptr es:[edi], dx 7C928C69 6F outs dx, dword ptr es:[edi] 7C928C6A 6361 74 arpl [ecx+74], sp 7C928C6D 65:48 dec eax 7C928C6F 65:61 popad 7C928C71 70 00 jo short 7C928C73 7C928C73 52 push edx ; msvcrt.77C31AE8 7C928C74 74 6C je short 7C928CE2 7C928C76 41 inc ecx 7C928C77 6E outs dx, byte ptr es:[edi] 7C928C78 73 69 jnb short 7C928CE3 7C928C7A 43 inc ebx 7C928C7B 68 6172546F push 6F547261 7C928C80 55 push ebp 7C928C81 6E outs dx, byte ptr es:[edi] 7C928C82 6963 6F 6465436>imul esp, [ebx+6F], 68436564 7C928C89 61 popad 7C928C8A 72 00 jb short 7C928C8C 7C928C8C 52 push edx ; msvcrt.77C31AE8 7C928C8D 74 6C je short 7C928CFB 7C928C8F 41 inc ecx 7C928C90 6E outs dx, byte ptr es:[edi] 7C928C91 73 69 jnb short 7C928CFC 7C928C93 53 push ebx 7C928C94 74 72 je short 7C928D08 7C928C96 696E 67 546F556>imul ebp, [esi+67], 6E556F54 7C928C9D 6963 6F 6465536>imul esp, [ebx+6F], 69536564 7C928CA4 7A 65 jpe short 7C928D0B 7C928CA6 0052 74 add [edx+74], dl 7C928CA9 6C ins byte ptr es:[edi], dx 7C928CAA 41 inc ecx 7C928CAB 6E outs dx, byte ptr es:[edi] 7C928CAC 73 69 jnb short 7C928D17 7C928CAE 53 push ebx 7C928CAF 74 72 je short 7C928D23 7C928CB1 696E 67 546F556>imul ebp, [esi+67], 6E556F54 7C928CB8 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C928CBF 72 69 jb short 7C928D2A 7C928CC1 6E outs dx, byte ptr es:[edi] 7C928CC2 67:0052 74 add [bp+si+74], dl 7C928CC6 6C ins byte ptr es:[edi], dx 7C928CC7 41 inc ecx 7C928CC8 70 70 jo short 7C928D3A 7C928CCA 65:6E outs dx, byte ptr es:[edi] 7C928CCC 64:41 inc ecx 7C928CCE 73 63 jnb short 7C928D33 7C928CD0 6969 7A 546F537>imul ebp, [ecx+7A], 74536F54 7C928CD7 72 69 jb short 7C928D42 7C928CD9 6E outs dx, byte ptr es:[edi] 7C928CDA 67:0052 74 add [bp+si+74], dl 7C928CDE 6C ins byte ptr es:[edi], dx 7C928CDF 41 inc ecx 7C928CE0 70 70 jo short 7C928D52 7C928CE2 65:6E outs dx, byte ptr es:[edi] 7C928CE4 64:50 push eax 7C928CE6 61 popad 7C928CE7 74 68 je short 7C928D51 7C928CE9 45 inc ebp 7C928CEA 6C ins byte ptr es:[edi], dx 7C928CEB 65:6D ins dword ptr es:[edi], dx 7C928CED 65:6E outs dx, byte ptr es:[edi] 7C928CEF 74 00 je short 7C928CF1 7C928CF1 52 push edx ; msvcrt.77C31AE8 7C928CF2 74 6C je short 7C928D60 7C928CF4 41 inc ecx 7C928CF5 70 70 jo short 7C928D67 7C928CF7 65:6E outs dx, byte ptr es:[edi] 7C928CF9 64:53 push ebx 7C928CFB 74 72 je short 7C928D6F 7C928CFD 696E 67 546F537>imul ebp, [esi+67], 74536F54 7C928D04 72 69 jb short 7C928D6F 7C928D06 6E outs dx, byte ptr es:[edi] 7C928D07 67:0052 74 add [bp+si+74], dl 7C928D0B 6C ins byte ptr es:[edi], dx 7C928D0C 41 inc ecx 7C928D0D 70 70 jo short 7C928D7F 7C928D0F 65:6E outs dx, byte ptr es:[edi] 7C928D11 64:55 push ebp 7C928D13 6E outs dx, byte ptr es:[edi] 7C928D14 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C928D1B 72 69 jb short 7C928D86 7C928D1D 6E outs dx, byte ptr es:[edi] 7C928D1E 67:54 push esp 7C928D20 6F outs dx, dword ptr es:[edi] 7C928D21 53 push ebx 7C928D22 74 72 je short 7C928D96 7C928D24 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C928D2B 41 inc ecx 7C928D2C 70 70 jo short 7C928D9E 7C928D2E 65:6E outs dx, byte ptr es:[edi] 7C928D30 64:55 push ebp 7C928D32 6E outs dx, byte ptr es:[edi] 7C928D33 6963 6F 6465546>imul esp, [ebx+6F], 6F546564 7C928D3A 53 push ebx 7C928D3B 74 72 je short 7C928DAF 7C928D3D 696E 67 0052746>imul ebp, [esi+67], 6C745200 7C928D44 41 inc ecx 7C928D45 70 70 jo short 7C928DB7 7C928D47 6C ins byte ptr es:[edi], dx 7C928D48 6963 61 74696F6>imul esp, [ebx+61], 6E6F6974 7C928D4F 56 push esi ; ntdll.ZwTerminateProcess 7C928D50 65:72 69 jb short 7C928DBC 7C928D53 66:6965 72 5374 imul sp, [ebp+72], 7453 7C928D59 6F outs dx, dword ptr es:[edi] 7C928D5A 70 00 jo short 7C928D5C 7C928D5C 52 push edx ; msvcrt.77C31AE8 7C928D5D 74 6C je short 7C928DCB 7C928D5F 41 inc ecx 7C928D60 70 70 jo short 7C928DD2 7C928D62 6C ins byte ptr es:[edi], dx 7C928D63 79 52 jns short 7C928DB7 7C928D65 58 pop eax ; ntdll.7C92E89A 7C928D66 61 popad 7C928D67 637400 52 arpl [eax+eax+52], si 7C928D6B 74 6C je short 7C928DD9 7C928D6D 41 inc ecx 7C928D6E 70 70 jo short 7C928DE0 7C928D70 6C ins byte ptr es:[edi], dx 7C928D71 79 52 jns short 7C928DC5 7C928D73 58 pop eax ; ntdll.7C92E89A 7C928D74 61 popad 7C928D75 63744E 6F arpl [esi+ecx*2+6F], si 7C928D79 46 inc esi ; ntdll.ZwTerminateProcess 7C928D7A 6C ins byte ptr es:[edi], dx 7C928D7B 75 73 jnz short 7C928DF0 7C928D7D 68 0052746C push 6C745200 7C928D82 41 inc ecx 7C928D83 72 65 jb short 7C928DEA 7C928D85 41 inc ecx 7C928D86 6C ins byte ptr es:[edi], dx 7C928D87 6C ins byte ptr es:[edi], dx 7C928D88 41 inc ecx 7C928D89 6363 65 arpl [ebx+65], sp 7C928D8C 73 73 jnb short 7C928E01 7C928D8E 65:73 47 jnb short 7C928DD8 7C928D91 72 61 jb short 7C928DF4 7C928D93 6E outs dx, byte ptr es:[edi] 7C928D94 74 65 je short 7C928DFB 7C928D96 64:0052 74 add fs:[edx+74], dl 7C928D9A 6C ins byte ptr es:[edi], dx 7C928D9B 41 inc ecx 7C928D9C 72 65 jb short 7C928E03 7C928D9E 41 inc ecx 7C928D9F 6E outs dx, byte ptr es:[edi] 7C928DA0 79 41 jns short 7C928DE3 7C928DA2 6363 65 arpl [ebx+65], sp 7C928DA5 73 73 jnb short 7C928E1A 7C928DA7 65:73 47 jnb short 7C928DF1 7C928DAA 72 61 jb short 7C928E0D 7C928DAC 6E outs dx, byte ptr es:[edi] 7C928DAD 74 65 je short 7C928E14 7C928DAF 64:0052 74 add fs:[edx+74], dl 7C928DB3 6C ins byte ptr es:[edi], dx 7C928DB4 41 inc ecx 7C928DB5 72 65 jb short 7C928E1C 7C928DB7 42 inc edx ; msvcrt.77C31AE8 7C928DB8 697473 43 6C656>imul esi, [ebx+esi*2+43], 7261656C 7C928DC0 0052 74 add [edx+74], dl 7C928DC3 6C ins byte ptr es:[edi], dx 7C928DC4 41 inc ecx 7C928DC5 72 65 jb short 7C928E2C 7C928DC7 42 inc edx ; msvcrt.77C31AE8 7C928DC8 697473 53 65740>imul esi, [ebx+esi*2+53], 52007465 7C928DD0 74 6C je short 7C928E3E 7C928DD2 41 inc ecx 7C928DD3 73 73 jnb short 7C928E48 7C928DD5 65:72 74 jb short 7C928E4C 7C928DD8 0052 74 add [edx+74], dl 7C928DDB 6C ins byte ptr es:[edi], dx 7C928DDC 41 inc ecx 7C928DDD 73 73 jnb short 7C928E52 7C928DDF 65:72 74 jb short 7C928E56 7C928DE2 3200 xor al, [eax] 7C928DE4 52 push edx ; msvcrt.77C31AE8 7C928DE5 74 6C je short 7C928E53 7C928DE7 43 inc ebx 7C928DE8 61 popad 7C928DE9 6E outs dx, byte ptr es:[edi] 7C928DEA 6365 6C arpl [ebp+6C], sp 7C928DED 54 push esp 7C928DEE 696D 65 7200527>imul ebp, [ebp+65], 74520072 7C928DF5 6C ins byte ptr es:[edi], dx 7C928DF6 43 inc ebx 7C928DF7 61 popad 7C928DF8 70 74 jo short 7C928E6E 7C928DFA 75 72 jnz short 7C928E6E 7C928DFC 65:43 inc ebx 7C928DFE 6F outs dx, dword ptr es:[edi] 7C928DFF 6E outs dx, byte ptr es:[edi] 7C928E00 74 65 je short 7C928E67 7C928E02 78 74 js short 7C928E78 7C928E04 0052 74 add [edx+74], dl 7C928E07 6C ins byte ptr es:[edi], dx 7C928E08 43 inc ebx 7C928E09 61 popad 7C928E0A 70 74 jo short 7C928E80 7C928E0C 75 72 jnz short 7C928E80 7C928E0E 65:53 push ebx 7C928E10 74 61 je short 7C928E73 7C928E12 636B 42 arpl [ebx+42], bp 7C928E15 61 popad 7C928E16 636B 54 arpl [ebx+54], bp 7C928E19 72 61 jb short 7C928E7C 7C928E1B 6365 00 arpl [ebp], sp 7C928E1E 52 push edx ; msvcrt.77C31AE8 7C928E1F 74 6C je short 7C928E8D 7C928E21 43 inc ebx 7C928E22 61 popad 7C928E23 70 74 jo short 7C928E99 7C928E25 75 72 jnz short 7C928E99 7C928E27 65:53 push ebx 7C928E29 74 61 je short 7C928E8C 7C928E2B 636B 43 arpl [ebx+43], bp 7C928E2E 6F outs dx, dword ptr es:[edi] 7C928E2F 6E outs dx, byte ptr es:[edi] 7C928E30 74 65 je short 7C928E97 7C928E32 78 74 js short 7C928EA8 7C928E34 0052 74 add [edx+74], dl 7C928E37 6C ins byte ptr es:[edi], dx 7C928E38 43 inc ebx 7C928E39 68 6172546F push 6F547261 7C928E3E 49 dec ecx 7C928E3F 6E outs dx, byte ptr es:[edi] 7C928E40 74 65 je short 7C928EA7 7C928E42 67:65:72 00 jb short 7C928E46 7C928E46 52 push edx ; msvcrt.77C31AE8 7C928E47 74 6C je short 7C928EB5 7C928E49 43 inc ebx 7C928E4A 68 65636B46 push 466B6365 7C928E4F 6F outs dx, dword ptr es:[edi] 7C928E50 72 4F jb short 7C928EA1 7C928E52 72 70 jb short 7C928EC4 7C928E54 68 616E6564 push 64656E61 7C928E59 43 inc ebx 7C928E5A 72 69 jb short 7C928EC5 7C928E5C 74 69 je short 7C928EC7 7C928E5E 6361 6C arpl [ecx+6C], sp 7C928E61 53 push ebx 7C928E62 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C928E67 6E outs dx, byte ptr es:[edi] 7C928E68 73 00 jnb short 7C928E6A 7C928E6A 52 push edx ; msvcrt.77C31AE8 7C928E6B 74 6C je short 7C928ED9 7C928E6D 43 inc ebx 7C928E6E 68 65636B50 push 506B6365 7C928E73 72 6F jb short 7C928EE4 7C928E75 6365 73 arpl [ebp+73], sp 7C928E78 73 50 jnb short 7C928ECA 7C928E7A 61 popad 7C928E7B 72 61 jb short 7C928EDE 7C928E7D 6D ins dword ptr es:[edi], dx 7C928E7E 65:74 65 je short 7C928EE6 7C928E81 72 73 jb short 7C928EF6 7C928E83 0052 74 add [edx+74], dl 7C928E86 6C ins byte ptr es:[edi], dx 7C928E87 43 inc ebx 7C928E88 68 65636B52 push 526B6365 7C928E8D 65:67:6973 74 7>imul esi, gs:[bp+di+74], 654B7972 7C928E96 79 00 jns short 7C928E98 7C928E98 52 push edx ; msvcrt.77C31AE8 7C928E99 74 6C je short 7C928F07 7C928E9B 43 inc ebx 7C928E9C 6C ins byte ptr es:[edi], dx 7C928E9D 65:61 popad 7C928E9F 72 41 jb short 7C928EE2 7C928EA1 6C ins byte ptr es:[edi], dx 7C928EA2 6C ins byte ptr es:[edi], dx 7C928EA3 42 inc edx ; msvcrt.77C31AE8 7C928EA4 697473 00 52746>imul esi, [ebx+esi*2], 436C7452 7C928EAC 6C ins byte ptr es:[edi], dx 7C928EAD 65:61 popad 7C928EAF 72 42 jb short 7C928EF3 7C928EB1 697473 00 52746>imul esi, [ebx+esi*2], 436C7452 7C928EB9 6C ins byte ptr es:[edi], dx 7C928EBA 6F outs dx, dword ptr es:[edi] 7C928EBB 6E outs dx, byte ptr es:[edi] 7C928EBC 65:4D dec ebp 7C928EBE 65:6D ins dword ptr es:[edi], dx 7C928EC0 6F outs dx, dword ptr es:[edi] 7C928EC1 72 79 jb short 7C928F3C 7C928EC3 53 push ebx 7C928EC4 74 72 je short 7C928F38 7C928EC6 65:61 popad 7C928EC8 6D ins dword ptr es:[edi], dx 7C928EC9 0052 74 add [edx+74], dl 7C928ECC 6C ins byte ptr es:[edi], dx 7C928ECD 43 inc ebx 7C928ECE 6F outs dx, dword ptr es:[edi] 7C928ECF 6D ins dword ptr es:[edi], dx 7C928ED0 6D ins dword ptr es:[edi], dx 7C928ED1 69744D 65 6D6F7>imul esi, [ebp+ecx*2+65], 79726F6D 7C928ED9 53 push ebx 7C928EDA 74 72 je short 7C928F4E 7C928EDC 65:61 popad 7C928EDE 6D ins dword ptr es:[edi], dx 7C928EDF 0052 74 add [edx+74], dl 7C928EE2 6C ins byte ptr es:[edi], dx 7C928EE3 43 inc ebx 7C928EE4 6F outs dx, dword ptr es:[edi] 7C928EE5 6D ins dword ptr es:[edi], dx 7C928EE6 70 61 jo short 7C928F49 7C928EE8 637448 65 arpl [eax+ecx*2+65], si 7C928EEC 61 popad 7C928EED 70 00 jo short 7C928EEF 7C928EEF 52 push edx ; msvcrt.77C31AE8 |
|
[讨论]程序分析!
7C92748C 6F outs dx, dword ptr es:[edi] 7C92748D 6F outs dx, dword ptr es:[edi] 7C92748E 74 45 je short 7C9274D5 7C927490 6E outs dx, byte ptr es:[edi] 7C927491 74 72 je short 7C927505 7C927493 79 00 jns short 7C927495 7C927495 4E dec esi ; ntdll.ZwTerminateProcess 7C927496 74 41 je short 7C9274D9 7C927498 64:6A 75 push 75 7C92749B 73 74 jnb short 7C927511 7C92749D 47 inc edi 7C92749E 72 6F jb short 7C92750F 7C9274A0 75 70 jnz short 7C927512 7C9274A2 73 54 jnb short 7C9274F8 7C9274A4 6F outs dx, dword ptr es:[edi] 7C9274A5 6B65 6E 00 imul esp, [ebp+6E], 0 7C9274A9 4E dec esi ; ntdll.ZwTerminateProcess 7C9274AA 74 41 je short 7C9274ED 7C9274AC 64:6A 75 push 75 7C9274AF 73 74 jnb short 7C927525 7C9274B1 50 push eax 7C9274B2 72 69 jb short 7C92751D 7C9274B4 76 69 jbe short 7C92751F 7C9274B6 6C ins byte ptr es:[edi], dx 7C9274B7 65: prefix gs: 7C9274B8 67:65:73 54 jnb short 7C927510 7C9274BC 6F outs dx, dword ptr es:[edi] 7C9274BD 6B65 6E 00 imul esp, [ebp+6E], 0 7C9274C1 4E dec esi ; ntdll.ZwTerminateProcess 7C9274C2 74 41 je short 7C927505 7C9274C4 6C ins byte ptr es:[edi], dx 7C9274C5 65:72 74 jb short 7C92753C 7C9274C8 52 push edx ; msvcrt.77C31AE8 7C9274C9 65:73 75 jnb short 7C927541 7C9274CC 6D ins dword ptr es:[edi], dx 7C9274CD 65:54 push esp 7C9274CF 68 72656164 push 64616572 7C9274D4 004E 74 add [esi+74], cl 7C9274D7 41 inc ecx 7C9274D8 6C ins byte ptr es:[edi], dx 7C9274D9 65:72 74 jb short 7C927550 7C9274DC 54 push esp 7C9274DD 68 72656164 push 64616572 7C9274E2 004E 74 add [esi+74], cl 7C9274E5 41 inc ecx 7C9274E6 6C ins byte ptr es:[edi], dx 7C9274E7 6C ins byte ptr es:[edi], dx 7C9274E8 6F outs dx, dword ptr es:[edi] 7C9274E9 6361 74 arpl [ecx+74], sp 7C9274EC 65:4C dec esp 7C9274EE 6F outs dx, dword ptr es:[edi] 7C9274EF 6361 6C arpl [ecx+6C], sp 7C9274F2 6C ins byte ptr es:[edi], dx 7C9274F3 79 55 jns short 7C92754A 7C9274F5 6E outs dx, byte ptr es:[edi] 7C9274F6 6971 75 6549640>imul esi, [ecx+75], 644965 7C9274FD 4E dec esi ; ntdll.ZwTerminateProcess 7C9274FE 74 41 je short 7C927541 7C927500 6C ins byte ptr es:[edi], dx 7C927501 6C ins byte ptr es:[edi], dx 7C927502 6F outs dx, dword ptr es:[edi] 7C927503 6361 74 arpl [ecx+74], sp 7C927506 65:55 push ebp 7C927508 73 65 jnb short 7C92756F 7C92750A 72 50 jb short 7C92755C 7C92750C 68 79736963 push 63697379 7C927511 61 popad 7C927512 6C ins byte ptr es:[edi], dx 7C927513 50 push eax 7C927514 61 popad 7C927515 67:65:73 00 jnb short 7C927519 7C927519 4E dec esi ; ntdll.ZwTerminateProcess 7C92751A 74 41 je short 7C92755D 7C92751C 6C ins byte ptr es:[edi], dx 7C92751D 6C ins byte ptr es:[edi], dx 7C92751E 6F outs dx, dword ptr es:[edi] 7C92751F 6361 74 arpl [ecx+74], sp 7C927522 65:55 push ebp 7C927524 75 69 jnz short 7C92758F 7C927526 64:73 00 jnb short 7C927529 7C927529 4E dec esi ; ntdll.ZwTerminateProcess 7C92752A 74 41 je short 7C92756D 7C92752C 6C ins byte ptr es:[edi], dx 7C92752D 6C ins byte ptr es:[edi], dx 7C92752E 6F outs dx, dword ptr es:[edi] 7C92752F 6361 74 arpl [ecx+74], sp 7C927532 65:56 push esi ; ntdll.ZwTerminateProcess 7C927534 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C92753B 65:6D ins dword ptr es:[edi], dx 7C92753D 6F outs dx, dword ptr es:[edi] 7C92753E 72 79 jb short 7C9275B9 7C927540 004E 74 add [esi+74], cl 7C927543 41 inc ecx 7C927544 72 65 jb short 7C9275AB 7C927546 4D dec ebp 7C927547 61 popad 7C927548 70 70 jo short 7C9275BA 7C92754A 65: prefix gs: 7C92754B 64:46 inc esi ; ntdll.ZwTerminateProcess 7C92754D 696C65 73 54686>imul ebp, [ebp+73], 53656854 7C927555 61 popad 7C927556 6D ins dword ptr es:[edi], dx 7C927557 65:004E 74 add gs:[esi+74], cl 7C92755B 41 inc ecx 7C92755C 73 73 jnb short 7C9275D1 7C92755E 6967 6E 50726F6>imul esp, [edi+6E], 636F7250 7C927565 65:73 73 jnb short 7C9275DB 7C927568 54 push esp 7C927569 6F outs dx, dword ptr es:[edi] 7C92756A 4A dec edx ; msvcrt.77C31AE8 7C92756B 6F outs dx, dword ptr es:[edi] 7C92756C 624F 62 bound ecx, [edi+62] 7C92756F 6A 65 push 65 7C927571 637400 4E arpl [eax+eax+4E], si 7C927575 74 43 je short 7C9275BA 7C927577 61 popad 7C927578 6C ins byte ptr es:[edi], dx 7C927579 6C ins byte ptr es:[edi], dx 7C92757A 6261 63 bound esp, [ecx+63] 7C92757D 6B52 65 74 imul edx, [edx+65], 74 7C927581 75 72 jnz short 7C9275F5 7C927583 6E outs dx, byte ptr es:[edi] 7C927584 004E 74 add [esi+74], cl 7C927587 43 inc ebx 7C927588 61 popad 7C927589 6E outs dx, byte ptr es:[edi] 7C92758A 6365 6C arpl [ebp+6C], sp 7C92758D 44 inc esp 7C92758E 65:76 69 jbe short 7C9275FA 7C927591 6365 57 arpl [ebp+57], sp 7C927594 61 popad 7C927595 6B65 75 70 imul esp, [ebp+75], 70 7C927599 52 push edx ; msvcrt.77C31AE8 7C92759A 65:71 75 jno short 7C927612 7C92759D 65:73 74 jnb short 7C927614 7C9275A0 004E 74 add [esi+74], cl 7C9275A3 43 inc ebx 7C9275A4 61 popad 7C9275A5 6E outs dx, byte ptr es:[edi] 7C9275A6 6365 6C arpl [ebp+6C], sp 7C9275A9 49 dec ecx 7C9275AA 6F outs dx, dword ptr es:[edi] 7C9275AB 46 inc esi ; ntdll.ZwTerminateProcess 7C9275AC 696C65 00 4E744>imul ebp, [ebp], 6143744E 7C9275B4 6E outs dx, byte ptr es:[edi] 7C9275B5 6365 6C arpl [ebp+6C], sp 7C9275B8 54 push esp 7C9275B9 696D 65 72004E7>imul ebp, [ebp+65], 744E0072 7C9275C0 43 inc ebx 7C9275C1 6C ins byte ptr es:[edi], dx 7C9275C2 65:61 popad 7C9275C4 72 45 jb short 7C92760B 7C9275C6 76 65 jbe short 7C92762D 7C9275C8 6E outs dx, byte ptr es:[edi] 7C9275C9 74 00 je short 7C9275CB 7C9275CB 4E dec esi ; ntdll.ZwTerminateProcess 7C9275CC 74 43 je short 7C927611 7C9275CE 6C ins byte ptr es:[edi], dx 7C9275CF 6F outs dx, dword ptr es:[edi] 7C9275D0 73 65 jnb short 7C927637 7C9275D2 004E 74 add [esi+74], cl 7C9275D5 43 inc ebx 7C9275D6 6C ins byte ptr es:[edi], dx 7C9275D7 6F outs dx, dword ptr es:[edi] 7C9275D8 73 65 jnb short 7C92763F 7C9275DA 4F dec edi 7C9275DB 626A 65 bound ebp, [edx+65] 7C9275DE 637441 75 arpl [ecx+eax*2+75], si 7C9275E2 64:697441 6C 61>imul esi, fs:[ecx+eax*2+6C], 6D7261 7C9275EB 4E dec esi ; ntdll.ZwTerminateProcess 7C9275EC 74 43 je short 7C927631 7C9275EE 6F outs dx, dword ptr es:[edi] 7C9275EF 6D ins dword ptr es:[edi], dx 7C9275F0 70 61 jo short 7C927653 7C9275F2 63744B 65 arpl [ebx+ecx*2+65], si 7C9275F6 79 73 jns short 7C92766B 7C9275F8 004E 74 add [esi+74], cl 7C9275FB 43 inc ebx 7C9275FC 6F outs dx, dword ptr es:[edi] 7C9275FD 6D ins dword ptr es:[edi], dx 7C9275FE 70 61 jo short 7C927661 7C927600 72 65 jb short 7C927667 7C927602 54 push esp 7C927603 6F outs dx, dword ptr es:[edi] 7C927604 6B65 6E 73 imul esp, [ebp+6E], 73 7C927608 004E 74 add [esi+74], cl 7C92760B 43 inc ebx 7C92760C 6F outs dx, dword ptr es:[edi] 7C92760D 6D ins dword ptr es:[edi], dx 7C92760E 70 6C jo short 7C92767C 7C927610 65:74 65 je short 7C927678 7C927613 43 inc ebx 7C927614 6F outs dx, dword ptr es:[edi] 7C927615 6E outs dx, byte ptr es:[edi] 7C927616 6E outs dx, byte ptr es:[edi] 7C927617 65:637450 6F arpl gs:[eax+edx*2+6F], si 7C92761C 72 74 jb short 7C927692 7C92761E 004E 74 add [esi+74], cl 7C927621 43 inc ebx 7C927622 6F outs dx, dword ptr es:[edi] 7C927623 6D ins dword ptr es:[edi], dx 7C927624 70 72 jo short 7C927698 7C927626 65:73 73 jnb short 7C92769C 7C927629 4B dec ebx 7C92762A 65:79 00 jns short 7C92762D 7C92762D 4E dec esi ; ntdll.ZwTerminateProcess 7C92762E 74 43 je short 7C927673 7C927630 6F outs dx, dword ptr es:[edi] 7C927631 6E outs dx, byte ptr es:[edi] 7C927632 6E outs dx, byte ptr es:[edi] 7C927633 65:637450 6F arpl gs:[eax+edx*2+6F], si 7C927638 72 74 jb short 7C9276AE 7C92763A 004E 74 add [esi+74], cl 7C92763D 43 inc ebx 7C92763E 6F outs dx, dword ptr es:[edi] 7C92763F 6E outs dx, byte ptr es:[edi] 7C927640 74 69 je short 7C9276AB 7C927642 6E outs dx, byte ptr es:[edi] 7C927643 75 65 jnz short 7C9276AA 7C927645 004E 74 add [esi+74], cl 7C927648 43 inc ebx 7C927649 72 65 jb short 7C9276B0 7C92764B 61 popad 7C92764C 74 65 je short 7C9276B3 7C92764E 44 inc esp 7C92764F 65:6275 67 bound esi, gs:[ebp+67] 7C927653 4F dec edi 7C927654 626A 65 bound ebp, [edx+65] 7C927657 637400 4E arpl [eax+eax+4E], si 7C92765B 74 43 je short 7C9276A0 7C92765D 72 65 jb short 7C9276C4 7C92765F 61 popad 7C927660 74 65 je short 7C9276C7 7C927662 44 inc esp 7C927663 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C92766A 79 4F jns short 7C9276BB 7C92766C 626A 65 bound ebp, [edx+65] 7C92766F 637400 4E arpl [eax+eax+4E], si 7C927673 74 43 je short 7C9276B8 7C927675 72 65 jb short 7C9276DC 7C927677 61 popad 7C927678 74 65 je short 7C9276DF 7C92767A 45 inc ebp 7C92767B 76 65 jbe short 7C9276E2 7C92767D 6E outs dx, byte ptr es:[edi] 7C92767E 74 00 je short 7C927680 7C927680 4E dec esi ; ntdll.ZwTerminateProcess 7C927681 74 43 je short 7C9276C6 7C927683 72 65 jb short 7C9276EA 7C927685 61 popad 7C927686 74 65 je short 7C9276ED 7C927688 45 inc ebp 7C927689 76 65 jbe short 7C9276F0 7C92768B 6E outs dx, byte ptr es:[edi] 7C92768C 74 50 je short 7C9276DE 7C92768E 61 popad 7C92768F 6972 00 4E74437>imul esi, [edx], 7243744E ; ntdll.7C99C8E0 7C927696 65:61 popad 7C927698 74 65 je short 7C9276FF 7C92769A 46 inc esi ; ntdll.ZwTerminateProcess 7C92769B 696C65 00 4E744>imul ebp, [ebp], 7243744E 7C9276A3 65:61 popad 7C9276A5 74 65 je short 7C92770C 7C9276A7 49 dec ecx 7C9276A8 6F outs dx, dword ptr es:[edi] 7C9276A9 43 inc ebx 7C9276AA 6F outs dx, dword ptr es:[edi] 7C9276AB 6D ins dword ptr es:[edi], dx 7C9276AC 70 6C jo short 7C92771A 7C9276AE 65:74 69 je short 7C92771A 7C9276B1 6F outs dx, dword ptr es:[edi] 7C9276B2 6E outs dx, byte ptr es:[edi] 7C9276B3 004E 74 add [esi+74], cl 7C9276B6 43 inc ebx 7C9276B7 72 65 jb short 7C92771E 7C9276B9 61 popad 7C9276BA 74 65 je short 7C927721 7C9276BC 4A dec edx ; msvcrt.77C31AE8 7C9276BD 6F outs dx, dword ptr es:[edi] 7C9276BE 624F 62 bound ecx, [edi+62] 7C9276C1 6A 65 push 65 7C9276C3 637400 4E arpl [eax+eax+4E], si 7C9276C7 74 43 je short 7C92770C 7C9276C9 72 65 jb short 7C927730 7C9276CB 61 popad 7C9276CC 74 65 je short 7C927733 7C9276CE 4A dec edx ; msvcrt.77C31AE8 7C9276CF 6F outs dx, dword ptr es:[edi] 7C9276D0 6253 65 bound edx, [ebx+65] 7C9276D3 74 00 je short 7C9276D5 7C9276D5 4E dec esi ; ntdll.ZwTerminateProcess 7C9276D6 74 43 je short 7C92771B 7C9276D8 72 65 jb short 7C92773F 7C9276DA 61 popad 7C9276DB 74 65 je short 7C927742 7C9276DD 4B dec ebx 7C9276DE 65:79 00 jns short 7C9276E1 7C9276E1 4E dec esi ; ntdll.ZwTerminateProcess 7C9276E2 74 43 je short 7C927727 7C9276E4 72 65 jb short 7C92774B 7C9276E6 61 popad 7C9276E7 74 65 je short 7C92774E 7C9276E9 4B dec ebx 7C9276EA 65:79 65 jns short 7C927752 7C9276ED 64:45 inc ebp 7C9276EF 76 65 jbe short 7C927756 7C9276F1 6E outs dx, byte ptr es:[edi] 7C9276F2 74 00 je short 7C9276F4 7C9276F4 4E dec esi ; ntdll.ZwTerminateProcess 7C9276F5 74 43 je short 7C92773A 7C9276F7 72 65 jb short 7C92775E 7C9276F9 61 popad 7C9276FA 74 65 je short 7C927761 7C9276FC 4D dec ebp 7C9276FD 61 popad 7C9276FE 696C73 6C 6F744>imul ebp, [ebx+esi*2+6C], 6946746F 7C927706 6C ins byte ptr es:[edi], dx 7C927707 65:004E 74 add gs:[esi+74], cl 7C92770B 43 inc ebx 7C92770C 72 65 jb short 7C927773 7C92770E 61 popad 7C92770F 74 65 je short 7C927776 7C927711 4D dec ebp 7C927712 75 74 jnz short 7C927788 7C927714 61 popad 7C927715 6E outs dx, byte ptr es:[edi] 7C927716 74 00 je short 7C927718 7C927718 4E dec esi ; ntdll.ZwTerminateProcess 7C927719 74 43 je short 7C92775E 7C92771B 72 65 jb short 7C927782 7C92771D 61 popad 7C92771E 74 65 je short 7C927785 7C927720 4E dec esi ; ntdll.ZwTerminateProcess 7C927721 61 popad 7C927722 6D ins dword ptr es:[edi], dx 7C927723 65: prefix gs: 7C927724 64:50 push eax 7C927726 6970 65 46696C6>imul esi, [eax+65], 656C6946 7C92772D 004E 74 add [esi+74], cl 7C927730 43 inc ebx 7C927731 72 65 jb short 7C927798 7C927733 61 popad 7C927734 74 65 je short 7C92779B 7C927736 50 push eax 7C927737 61 popad 7C927738 67:696E 67 4669>imul ebp, [bp+67], 656C6946 7C927740 004E 74 add [esi+74], cl 7C927743 43 inc ebx 7C927744 72 65 jb short 7C9277AB 7C927746 61 popad 7C927747 74 65 je short 7C9277AE 7C927749 50 push eax 7C92774A 6F outs dx, dword ptr es:[edi] 7C92774B 72 74 jb short 7C9277C1 7C92774D 004E 74 add [esi+74], cl 7C927750 43 inc ebx 7C927751 72 65 jb short 7C9277B8 7C927753 61 popad 7C927754 74 65 je short 7C9277BB 7C927756 50 push eax 7C927757 72 6F jb short 7C9277C8 7C927759 6365 73 arpl [ebp+73], sp 7C92775C 73 00 jnb short 7C92775E 7C92775E 4E dec esi ; ntdll.ZwTerminateProcess 7C92775F 74 43 je short 7C9277A4 7C927761 72 65 jb short 7C9277C8 7C927763 61 popad 7C927764 74 65 je short 7C9277CB 7C927766 50 push eax 7C927767 72 6F jb short 7C9277D8 7C927769 6365 73 arpl [ebp+73], sp 7C92776C 73 45 jnb short 7C9277B3 7C92776E 78 00 js short 7C927770 7C927770 4E dec esi ; ntdll.ZwTerminateProcess 7C927771 74 43 je short 7C9277B6 7C927773 72 65 jb short 7C9277DA 7C927775 61 popad 7C927776 74 65 je short 7C9277DD 7C927778 50 push eax 7C927779 72 6F jb short 7C9277EA 7C92777B 66:696C65 00 4E>imul bp, [ebp], 744E 7C927782 43 inc ebx 7C927783 72 65 jb short 7C9277EA 7C927785 61 popad 7C927786 74 65 je short 7C9277ED 7C927788 53 push ebx 7C927789 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C92778E 6E outs dx, byte ptr es:[edi] 7C92778F 004E 74 add [esi+74], cl 7C927792 43 inc ebx 7C927793 72 65 jb short 7C9277FA 7C927795 61 popad 7C927796 74 65 je short 7C9277FD 7C927798 53 push ebx 7C927799 65:6D ins dword ptr es:[edi], dx 7C92779B 61 popad 7C92779C 70 68 jo short 7C927806 7C92779E 6F outs dx, dword ptr es:[edi] 7C92779F 72 65 jb short 7C927806 7C9277A1 004E 74 add [esi+74], cl 7C9277A4 43 inc ebx 7C9277A5 72 65 jb short 7C92780C 7C9277A7 61 popad 7C9277A8 74 65 je short 7C92780F 7C9277AA 53 push ebx 7C9277AB 79 6D jns short 7C92781A 7C9277AD 626F 6C bound ebp, [edi+6C] 7C9277B0 6963 4C 696E6B4>imul esp, [ebx+4C], 4F6B6E69 7C9277B7 626A 65 bound ebp, [edx+65] 7C9277BA 637400 4E arpl [eax+eax+4E], si 7C9277BE 74 43 je short 7C927803 7C9277C0 72 65 jb short 7C927827 7C9277C2 61 popad 7C9277C3 74 65 je short 7C92782A 7C9277C5 54 push esp 7C9277C6 68 72656164 push 64616572 7C9277CB 004E 74 add [esi+74], cl 7C9277CE 43 inc ebx 7C9277CF 72 65 jb short 7C927836 7C9277D1 61 popad 7C9277D2 74 65 je short 7C927839 7C9277D4 54 push esp 7C9277D5 696D 65 72004E7>imul ebp, [ebp+65], 744E0072 7C9277DC 43 inc ebx 7C9277DD 72 65 jb short 7C927844 7C9277DF 61 popad 7C9277E0 74 65 je short 7C927847 7C9277E2 54 push esp 7C9277E3 6F outs dx, dword ptr es:[edi] 7C9277E4 6B65 6E 00 imul esp, [ebp+6E], 0 7C9277E8 4E dec esi ; ntdll.ZwTerminateProcess 7C9277E9 74 43 je short 7C92782E 7C9277EB 72 65 jb short 7C927852 7C9277ED 61 popad 7C9277EE 74 65 je short 7C927855 7C9277F0 57 push edi 7C9277F1 61 popad 7C9277F2 697461 62 6C655>imul esi, [ecx+62], 6F50656C 7C9277FA 72 74 jb short 7C927870 7C9277FC 004E 74 add [esi+74], cl 7C9277FF 43 inc ebx 7C927800 75 72 jnz short 7C927874 7C927802 72 65 jb short 7C927869 7C927804 6E outs dx, byte ptr es:[edi] 7C927805 74 54 je short 7C92785B 7C927807 65:6200 bound eax, gs:[eax] 7C92780A 4E dec esi ; ntdll.ZwTerminateProcess 7C92780B 74 44 je short 7C927851 7C92780D 65:6275 67 bound esi, gs:[ebp+67] 7C927811 41 inc ecx 7C927812 637469 76 arpl [ecx+ebp*2+76], si 7C927816 65:50 push eax 7C927818 72 6F jb short 7C927889 7C92781A 6365 73 arpl [ebp+73], sp 7C92781D 73 00 jnb short 7C92781F 7C92781F 4E dec esi ; ntdll.ZwTerminateProcess 7C927820 74 44 je short 7C927866 7C927822 65:6275 67 bound esi, gs:[ebp+67] 7C927826 43 inc ebx 7C927827 6F outs dx, dword ptr es:[edi] 7C927828 6E outs dx, byte ptr es:[edi] 7C927829 74 69 je short 7C927894 7C92782B 6E outs dx, byte ptr es:[edi] 7C92782C 75 65 jnz short 7C927893 7C92782E 004E 74 add [esi+74], cl 7C927831 44 inc esp 7C927832 65:6C ins byte ptr es:[edi], dx 7C927834 61 popad 7C927835 79 45 jns short 7C92787C 7C927837 78 65 js short 7C92789E 7C927839 6375 74 arpl [ebp+74], si 7C92783C 696F 6E 004E744>imul ebp, [edi+6E], 44744E00 7C927843 65:6C ins byte ptr es:[edi], dx 7C927845 65:74 65 je short 7C9278AD 7C927848 41 inc ecx 7C927849 74 6F je short 7C9278BA 7C92784B 6D ins dword ptr es:[edi], dx 7C92784C 004E 74 add [esi+74], cl 7C92784F 44 inc esp 7C927850 65:6C ins byte ptr es:[edi], dx 7C927852 65:74 65 je short 7C9278BA 7C927855 42 inc edx ; msvcrt.77C31AE8 7C927856 6F outs dx, dword ptr es:[edi] 7C927857 6F outs dx, dword ptr es:[edi] 7C927858 74 45 je short 7C92789F 7C92785A 6E outs dx, byte ptr es:[edi] 7C92785B 74 72 je short 7C9278CF 7C92785D 79 00 jns short 7C92785F 7C92785F 4E dec esi ; ntdll.ZwTerminateProcess 7C927860 74 44 je short 7C9278A6 7C927862 65:6C ins byte ptr es:[edi], dx 7C927864 65:74 65 je short 7C9278CC 7C927867 46 inc esi ; ntdll.ZwTerminateProcess 7C927868 696C65 00 4E744>imul ebp, [ebp], 6544744E 7C927870 6C ins byte ptr es:[edi], dx 7C927871 65:74 65 je short 7C9278D9 7C927874 4B dec ebx 7C927875 65:79 00 jns short 7C927878 7C927878 4E dec esi ; ntdll.ZwTerminateProcess 7C927879 74 44 je short 7C9278BF 7C92787B 65:6C ins byte ptr es:[edi], dx 7C92787D 65:74 65 je short 7C9278E5 7C927880 4F dec edi 7C927881 626A 65 bound ebp, [edx+65] 7C927884 637441 75 arpl [ecx+eax*2+75], si 7C927888 64:697441 6C 61>imul esi, fs:[ecx+eax*2+6C], 6D7261 7C927891 4E dec esi ; ntdll.ZwTerminateProcess 7C927892 74 44 je short 7C9278D8 7C927894 65:6C ins byte ptr es:[edi], dx 7C927896 65:74 65 je short 7C9278FE 7C927899 56 push esi ; ntdll.ZwTerminateProcess 7C92789A 61 popad 7C92789B 6C ins byte ptr es:[edi], dx 7C92789C 75 65 jnz short 7C927903 7C92789E 4B dec ebx 7C92789F 65:79 00 jns short 7C9278A2 7C9278A2 4E dec esi ; ntdll.ZwTerminateProcess 7C9278A3 74 44 je short 7C9278E9 7C9278A5 65:76 69 jbe short 7C927911 7C9278A8 6365 49 arpl [ebp+49], sp 7C9278AB 6F outs dx, dword ptr es:[edi] 7C9278AC 43 inc ebx 7C9278AD 6F outs dx, dword ptr es:[edi] 7C9278AE 6E outs dx, byte ptr es:[edi] 7C9278AF 74 72 je short 7C927923 7C9278B1 6F outs dx, dword ptr es:[edi] 7C9278B2 6C ins byte ptr es:[edi], dx 7C9278B3 46 inc esi ; ntdll.ZwTerminateProcess 7C9278B4 696C65 00 4E744>imul ebp, [ebp], 6944744E 7C9278BC 73 70 jnb short 7C92792E 7C9278BE 6C ins byte ptr es:[edi], dx 7C9278BF 61 popad 7C9278C0 79 53 jns short 7C927915 7C9278C2 74 72 je short 7C927936 7C9278C4 696E 67 004E744>imul ebp, [esi+67], 44744E00 7C9278CB 75 70 jnz short 7C92793D 7C9278CD 6C ins byte ptr es:[edi], dx 7C9278CE 6963 61 74654F6>imul esp, [ebx+61], 624F6574 7C9278D5 6A 65 push 65 7C9278D7 637400 4E arpl [eax+eax+4E], si 7C9278DB 74 44 je short 7C927921 7C9278DD 75 70 jnz short 7C92794F 7C9278DF 6C ins byte ptr es:[edi], dx 7C9278E0 6963 61 7465546>imul esp, [ebx+61], 6F546574 7C9278E7 6B65 6E 00 imul esp, [ebp+6E], 0 7C9278EB 4E dec esi ; ntdll.ZwTerminateProcess 7C9278EC 74 45 je short 7C927933 7C9278EE 6E outs dx, byte ptr es:[edi] 7C9278EF 75 6D jnz short 7C92795E 7C9278F1 65:72 61 jb short 7C927955 7C9278F4 74 65 je short 7C92795B 7C9278F6 42 inc edx ; msvcrt.77C31AE8 7C9278F7 6F outs dx, dword ptr es:[edi] 7C9278F8 6F outs dx, dword ptr es:[edi] 7C9278F9 74 45 je short 7C927940 7C9278FB 6E outs dx, byte ptr es:[edi] 7C9278FC 74 72 je short 7C927970 7C9278FE 6965 73 004E744>imul esp, [ebp+73], 45744E00 7C927905 6E outs dx, byte ptr es:[edi] 7C927906 75 6D jnz short 7C927975 7C927908 65:72 61 jb short 7C92796C 7C92790B 74 65 je short 7C927972 7C92790D 4B dec ebx 7C92790E 65:79 00 jns short 7C927911 7C927911 4E dec esi ; ntdll.ZwTerminateProcess 7C927912 74 45 je short 7C927959 7C927914 6E outs dx, byte ptr es:[edi] 7C927915 75 6D jnz short 7C927984 7C927917 65:72 61 jb short 7C92797B 7C92791A 74 65 je short 7C927981 7C92791C 53 push ebx 7C92791D 79 73 jns short 7C927992 7C92791F 74 65 je short 7C927986 7C927921 6D ins dword ptr es:[edi], dx 7C927922 45 inc ebp 7C927923 6E outs dx, byte ptr es:[edi] 7C927924 76 69 jbe short 7C92798F 7C927926 72 6F jb short 7C927997 7C927928 6E outs dx, byte ptr es:[edi] 7C927929 6D ins dword ptr es:[edi], dx 7C92792A 65:6E outs dx, byte ptr es:[edi] 7C92792C 74 56 je short 7C927984 7C92792E 61 popad 7C92792F 6C ins byte ptr es:[edi], dx 7C927930 75 65 jnz short 7C927997 7C927932 73 45 jnb short 7C927979 7C927934 78 00 js short 7C927936 7C927936 4E dec esi ; ntdll.ZwTerminateProcess 7C927937 74 45 je short 7C92797E 7C927939 6E outs dx, byte ptr es:[edi] 7C92793A 75 6D jnz short 7C9279A9 7C92793C 65:72 61 jb short 7C9279A0 7C92793F 74 65 je short 7C9279A6 7C927941 56 push esi ; ntdll.ZwTerminateProcess 7C927942 61 popad 7C927943 6C ins byte ptr es:[edi], dx 7C927944 75 65 jnz short 7C9279AB 7C927946 4B dec ebx 7C927947 65:79 00 jns short 7C92794A 7C92794A 4E dec esi ; ntdll.ZwTerminateProcess 7C92794B 74 45 je short 7C927992 7C92794D 78 74 js short 7C9279C3 7C92794F 65:6E outs dx, byte ptr es:[edi] 7C927951 64:53 push ebx 7C927953 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C927958 6E outs dx, byte ptr es:[edi] 7C927959 004E 74 add [esi+74], cl 7C92795C 46 inc esi ; ntdll.ZwTerminateProcess 7C92795D 696C74 65 72546>imul ebp, [esp+esi*2+65], 6B6F5472 7C927965 65:6E outs dx, byte ptr es:[edi] 7C927967 004E 74 add [esi+74], cl 7C92796A 46 inc esi ; ntdll.ZwTerminateProcess 7C92796B 696E 64 41746F6>imul ebp, [esi+64], 6D6F7441 7C927972 004E 74 add [esi+74], cl 7C927975 46 inc esi ; ntdll.ZwTerminateProcess 7C927976 6C ins byte ptr es:[edi], dx 7C927977 75 73 jnz short 7C9279EC 7C927979 68 42756666 push 66667542 7C92797E 65:72 73 jb short 7C9279F4 7C927981 46 inc esi ; ntdll.ZwTerminateProcess 7C927982 696C65 00 4E744>imul ebp, [ebp], 6C46744E 7C92798A 75 73 jnz short 7C9279FF 7C92798C 68 496E7374 push 74736E49 7C927991 72 75 jb short 7C927A08 7C927993 637469 6F arpl [ecx+ebp*2+6F], si 7C927997 6E outs dx, byte ptr es:[edi] 7C927998 43 inc ebx 7C927999 61 popad 7C92799A 6368 65 arpl [eax+65], bp 7C92799D 004E 74 add [esi+74], cl 7C9279A0 46 inc esi ; ntdll.ZwTerminateProcess 7C9279A1 6C ins byte ptr es:[edi], dx 7C9279A2 75 73 jnz short 7C927A17 7C9279A4 68 4B657900 push 79654B 7C9279A9 4E dec esi ; ntdll.ZwTerminateProcess 7C9279AA 74 46 je short 7C9279F2 7C9279AC 6C ins byte ptr es:[edi], dx 7C9279AD 75 73 jnz short 7C927A22 7C9279AF 68 56697274 push 74726956 7C9279B4 75 61 jnz short 7C927A17 7C9279B6 6C ins byte ptr es:[edi], dx 7C9279B7 4D dec ebp 7C9279B8 65:6D ins dword ptr es:[edi], dx 7C9279BA 6F outs dx, dword ptr es:[edi] 7C9279BB 72 79 jb short 7C927A36 7C9279BD 004E 74 add [esi+74], cl 7C9279C0 46 inc esi ; ntdll.ZwTerminateProcess 7C9279C1 6C ins byte ptr es:[edi], dx 7C9279C2 75 73 jnz short 7C927A37 7C9279C4 68 57726974 push 74697257 7C9279C9 65:42 inc edx ; msvcrt.77C31AE8 7C9279CB 75 66 jnz short 7C927A33 7C9279CD 66:65:72 00 jb short 000079D1 7C9279D1 4E dec esi ; ntdll.ZwTerminateProcess 7C9279D2 74 46 je short 7C927A1A 7C9279D4 72 65 jb short 7C927A3B 7C9279D6 65:55 push ebp 7C9279D8 73 65 jnb short 7C927A3F 7C9279DA 72 50 jb short 7C927A2C 7C9279DC 68 79736963 push 63697379 7C9279E1 61 popad 7C9279E2 6C ins byte ptr es:[edi], dx 7C9279E3 50 push eax 7C9279E4 61 popad 7C9279E5 67:65:73 00 jnb short 7C9279E9 7C9279E9 4E dec esi ; ntdll.ZwTerminateProcess 7C9279EA 74 46 je short 7C927A32 7C9279EC 72 65 jb short 7C927A53 7C9279EE 65:56 push esi ; ntdll.ZwTerminateProcess 7C9279F0 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C9279F7 65:6D ins dword ptr es:[edi], dx 7C9279F9 6F outs dx, dword ptr es:[edi] 7C9279FA 72 79 jb short 7C927A75 7C9279FC 004E 74 add [esi+74], cl 7C9279FF 46 inc esi ; ntdll.ZwTerminateProcess 7C927A00 73 43 jnb short 7C927A45 7C927A02 6F outs dx, dword ptr es:[edi] 7C927A03 6E outs dx, byte ptr es:[edi] 7C927A04 74 72 je short 7C927A78 7C927A06 6F outs dx, dword ptr es:[edi] 7C927A07 6C ins byte ptr es:[edi], dx 7C927A08 46 inc esi ; ntdll.ZwTerminateProcess 7C927A09 696C65 00 4E744>imul ebp, [ebp], 6547744E 7C927A11 74 43 je short 7C927A56 7C927A13 6F outs dx, dword ptr es:[edi] 7C927A14 6E outs dx, byte ptr es:[edi] 7C927A15 74 65 je short 7C927A7C 7C927A17 78 74 js short 7C927A8D 7C927A19 54 push esp 7C927A1A 68 72656164 push 64616572 7C927A1F 004E 74 add [esi+74], cl 7C927A22 47 inc edi 7C927A23 65:74 44 je short 7C927A6A 7C927A26 65:76 69 jbe short 7C927A92 7C927A29 6365 50 arpl [ebp+50], sp 7C927A2C 6F outs dx, dword ptr es:[edi] 7C927A2D 77 65 ja short 7C927A94 7C927A2F 72 53 jb short 7C927A84 7C927A31 74 61 je short 7C927A94 7C927A33 74 65 je short 7C927A9A 7C927A35 004E 74 add [esi+74], cl 7C927A38 47 inc edi 7C927A39 65:74 50 je short 7C927A8C 7C927A3C 6C ins byte ptr es:[edi], dx 7C927A3D 75 67 jnz short 7C927AA6 7C927A3F 50 push eax 7C927A40 6C ins byte ptr es:[edi], dx 7C927A41 61 popad 7C927A42 79 45 jns short 7C927A89 7C927A44 76 65 jbe short 7C927AAB 7C927A46 6E outs dx, byte ptr es:[edi] 7C927A47 74 00 je short 7C927A49 7C927A49 4E dec esi ; ntdll.ZwTerminateProcess 7C927A4A 74 47 je short 7C927A93 7C927A4C 65:74 57 je short 7C927AA6 7C927A4F 72 69 jb short 7C927ABA 7C927A51 74 65 je short 7C927AB8 7C927A53 57 push edi 7C927A54 61 popad 7C927A55 74 63 je short 7C927ABA 7C927A57 68 004E7449 push 49744E00 7C927A5C 6D ins dword ptr es:[edi], dx 7C927A5D 70 65 jo short 7C927AC4 7C927A5F 72 73 jb short 7C927AD4 7C927A61 6F outs dx, dword ptr es:[edi] 7C927A62 6E outs dx, byte ptr es:[edi] 7C927A63 61 popad 7C927A64 74 65 je short 7C927ACB 7C927A66 41 inc ecx 7C927A67 6E outs dx, byte ptr es:[edi] 7C927A68 6F outs dx, dword ptr es:[edi] 7C927A69 6E outs dx, byte ptr es:[edi] 7C927A6A 79 6D jns short 7C927AD9 7C927A6C 6F outs dx, dword ptr es:[edi] 7C927A6D 75 73 jnz short 7C927AE2 7C927A6F 54 push esp 7C927A70 6F outs dx, dword ptr es:[edi] 7C927A71 6B65 6E 00 imul esp, [ebp+6E], 0 7C927A75 4E dec esi ; ntdll.ZwTerminateProcess 7C927A76 74 49 je short 7C927AC1 7C927A78 6D ins dword ptr es:[edi], dx 7C927A79 70 65 jo short 7C927AE0 7C927A7B 72 73 jb short 7C927AF0 7C927A7D 6F outs dx, dword ptr es:[edi] 7C927A7E 6E outs dx, byte ptr es:[edi] 7C927A7F 61 popad 7C927A80 74 65 je short 7C927AE7 7C927A82 43 inc ebx 7C927A83 6C ins byte ptr es:[edi], dx 7C927A84 6965 6E 744F665>imul esp, [ebp+6E], 50664F74 7C927A8B 6F outs dx, dword ptr es:[edi] 7C927A8C 72 74 jb short 7C927B02 7C927A8E 004E 74 add [esi+74], cl 7C927A91 49 dec ecx 7C927A92 6D ins dword ptr es:[edi], dx 7C927A93 70 65 jo short 7C927AFA 7C927A95 72 73 jb short 7C927B0A 7C927A97 6F outs dx, dword ptr es:[edi] 7C927A98 6E outs dx, byte ptr es:[edi] 7C927A99 61 popad 7C927A9A 74 65 je short 7C927B01 7C927A9C 54 push esp 7C927A9D 68 72656164 push 64616572 7C927AA2 004E 74 add [esi+74], cl 7C927AA5 49 dec ecx 7C927AA6 6E outs dx, byte ptr es:[edi] 7C927AA7 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C927AAF 52 push edx ; msvcrt.77C31AE8 7C927AB0 65:67:6973 74 7>imul esi, gs:[bp+di+74], 4E007972 7C927AB9 74 49 je short 7C927B04 7C927ABB 6E outs dx, byte ptr es:[edi] 7C927ABC 697469 61 74655>imul esi, [ecx+ebp*2+61], 6F506574 7C927AC4 77 65 ja short 7C927B2B 7C927AC6 72 41 jb short 7C927B09 7C927AC8 637469 6F arpl [ecx+ebp*2+6F], si 7C927ACC 6E outs dx, byte ptr es:[edi] 7C927ACD 004E 74 add [esi+74], cl 7C927AD0 49 dec ecx 7C927AD1 73 50 jnb short 7C927B23 7C927AD3 72 6F jb short 7C927B44 7C927AD5 6365 73 arpl [ebp+73], sp 7C927AD8 73 49 jnb short 7C927B23 7C927ADA 6E outs dx, byte ptr es:[edi] 7C927ADB 4A dec edx ; msvcrt.77C31AE8 7C927ADC 6F outs dx, dword ptr es:[edi] 7C927ADD 6200 bound eax, [eax] 7C927ADF 4E dec esi ; ntdll.ZwTerminateProcess 7C927AE0 74 49 je short 7C927B2B 7C927AE2 73 53 jnb short 7C927B37 7C927AE4 79 73 jns short 7C927B59 7C927AE6 74 65 je short 7C927B4D 7C927AE8 6D ins dword ptr es:[edi], dx 7C927AE9 52 push edx ; msvcrt.77C31AE8 7C927AEA 65:73 75 jnb short 7C927B62 7C927AED 6D ins dword ptr es:[edi], dx 7C927AEE 65:41 inc ecx 7C927AF0 75 74 jnz short 7C927B66 7C927AF2 6F outs dx, dword ptr es:[edi] 7C927AF3 6D ins dword ptr es:[edi], dx 7C927AF4 61 popad 7C927AF5 74 69 je short 7C927B60 7C927AF7 6300 arpl [eax], ax 7C927AF9 4E dec esi ; ntdll.ZwTerminateProcess 7C927AFA 74 4C je short 7C927B48 7C927AFC 6973 74 656E506>imul esi, [ebx+74], 6F506E65 7C927B03 72 74 jb short 7C927B79 7C927B05 004E 74 add [esi+74], cl 7C927B08 4C dec esp 7C927B09 6F outs dx, dword ptr es:[edi] 7C927B0A 61 popad 7C927B0B 64:44 inc esp 7C927B0D 72 69 jb short 7C927B78 7C927B0F 76 65 jbe short 7C927B76 7C927B11 72 00 jb short 7C927B13 7C927B13 4E dec esi ; ntdll.ZwTerminateProcess 7C927B14 74 4C je short 7C927B62 7C927B16 6F outs dx, dword ptr es:[edi] 7C927B17 61 popad 7C927B18 64:4B dec ebx 7C927B1A 65:79 00 jns short 7C927B1D 7C927B1D 4E dec esi ; ntdll.ZwTerminateProcess 7C927B1E 74 4C je short 7C927B6C 7C927B20 6F outs dx, dword ptr es:[edi] 7C927B21 61 popad 7C927B22 64:4B dec ebx 7C927B24 65:79 32 jns short 7C927B59 7C927B27 004E 74 add [esi+74], cl 7C927B2A 4C dec esp 7C927B2B 6F outs dx, dword ptr es:[edi] 7C927B2C 636B 46 arpl [ebx+46], bp 7C927B2F 696C65 00 4E744>imul ebp, [ebp], 6F4C744E 7C927B37 636B 50 arpl [ebx+50], bp 7C927B3A 72 6F jb short 7C927BAB 7C927B3C 64:75 63 jnz short 7C927BA2 7C927B3F 74 41 je short 7C927B82 7C927B41 637469 76 arpl [ecx+ebp*2+76], si 7C927B45 61 popad 7C927B46 74 69 je short 7C927BB1 7C927B48 6F outs dx, dword ptr es:[edi] 7C927B49 6E outs dx, byte ptr es:[edi] 7C927B4A 4B dec ebx 7C927B4B 65:79 73 jns short 7C927BC1 7C927B4E 004E 74 add [esi+74], cl 7C927B51 4C dec esp 7C927B52 6F outs dx, dword ptr es:[edi] 7C927B53 636B 52 arpl [ebx+52], bp 7C927B56 65:67:6973 74 7>imul esi, gs:[bp+di+74], 654B7972 7C927B5F 79 00 jns short 7C927B61 7C927B61 4E dec esi ; ntdll.ZwTerminateProcess 7C927B62 74 4C je short 7C927BB0 7C927B64 6F outs dx, dword ptr es:[edi] 7C927B65 636B 56 arpl [ebx+56], bp 7C927B68 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C927B6F 65:6D ins dword ptr es:[edi], dx 7C927B71 6F outs dx, dword ptr es:[edi] 7C927B72 72 79 jb short 7C927BED 7C927B74 004E 74 add [esi+74], cl 7C927B77 4D dec ebp 7C927B78 61 popad 7C927B79 6B65 50 65 imul esp, [ebp+50], 65 ; trscd.00454ACA 7C927B7D 72 6D jb short 7C927BEC 7C927B7F 61 popad 7C927B80 6E outs dx, byte ptr es:[edi] 7C927B81 65:6E outs dx, byte ptr es:[edi] 7C927B83 74 4F je short 7C927BD4 7C927B85 626A 65 bound ebp, [edx+65] 7C927B88 637400 4E arpl [eax+eax+4E], si 7C927B8C 74 4D je short 7C927BDB 7C927B8E 61 popad 7C927B8F 6B65 54 65 imul esp, [ebp+54], 65 7C927B93 6D ins dword ptr es:[edi], dx 7C927B94 70 6F jo short 7C927C05 7C927B96 72 61 jb short 7C927BF9 7C927B98 72 79 jb short 7C927C13 7C927B9A 4F dec edi 7C927B9B 626A 65 bound ebp, [edx+65] 7C927B9E 637400 4E arpl [eax+eax+4E], si 7C927BA2 74 4D je short 7C927BF1 7C927BA4 61 popad 7C927BA5 70 55 jo short 7C927BFC 7C927BA7 73 65 jnb short 7C927C0E 7C927BA9 72 50 jb short 7C927BFB 7C927BAB 68 79736963 push 63697379 7C927BB0 61 popad 7C927BB1 6C ins byte ptr es:[edi], dx 7C927BB2 50 push eax 7C927BB3 61 popad 7C927BB4 67:65:73 00 jnb short 7C927BB8 7C927BB8 4E dec esi ; ntdll.ZwTerminateProcess 7C927BB9 74 4D je short 7C927C08 7C927BBB 61 popad 7C927BBC 70 55 jo short 7C927C13 7C927BBE 73 65 jnb short 7C927C25 7C927BC0 72 50 jb short 7C927C12 7C927BC2 68 79736963 push 63697379 7C927BC7 61 popad 7C927BC8 6C ins byte ptr es:[edi], dx 7C927BC9 50 push eax 7C927BCA 61 popad 7C927BCB 67:65:73 53 jnb short 7C927C22 7C927BCF 6361 74 arpl [ecx+74], sp 7C927BD2 74 65 je short 7C927C39 7C927BD4 72 00 jb short 7C927BD6 7C927BD6 4E dec esi ; ntdll.ZwTerminateProcess 7C927BD7 74 4D je short 7C927C26 7C927BD9 61 popad 7C927BDA 70 56 jo short 7C927C32 7C927BDC 6965 77 4F66536>imul esp, [ebp+77], 6553664F 7C927BE3 637469 6F arpl [ecx+ebp*2+6F], si 7C927BE7 6E outs dx, byte ptr es:[edi] 7C927BE8 004E 74 add [esi+74], cl 7C927BEB 4D dec ebp 7C927BEC 6F outs dx, dword ptr es:[edi] 7C927BED 64:6966 79 426F>imul esp, fs:[esi+79], 746F6F42 7C927BF5 45 inc ebp 7C927BF6 6E outs dx, byte ptr es:[edi] 7C927BF7 74 72 je short 7C927C6B 7C927BF9 79 00 jns short 7C927BFB 7C927BFB 4E dec esi ; ntdll.ZwTerminateProcess 7C927BFC 74 4E je short 7C927C4C 7C927BFE 6F outs dx, dword ptr es:[edi] 7C927BFF 74 69 je short 7C927C6A 7C927C01 - 66:79 43 jns short 00007C47 7C927C04 68 616E6765 push 65676E61 7C927C09 44 inc esp 7C927C0A 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C927C11 79 46 jns short 7C927C59 7C927C13 696C65 00 4E744>imul ebp, [ebp], 6F4E744E 7C927C1B 74 69 je short 7C927C86 7C927C1D - 66:79 43 jns short 00007C63 7C927C20 68 616E6765 push 65676E61 7C927C25 4B dec ebx 7C927C26 65:79 00 jns short 7C927C29 7C927C29 4E dec esi ; ntdll.ZwTerminateProcess 7C927C2A 74 4E je short 7C927C7A 7C927C2C 6F outs dx, dword ptr es:[edi] 7C927C2D 74 69 je short 7C927C98 7C927C2F - 66:79 43 jns short 00007C75 7C927C32 68 616E6765 push 65676E61 7C927C37 4D dec ebp 7C927C38 75 6C jnz short 7C927CA6 7C927C3A 74 69 je short 7C927CA5 7C927C3C 70 6C jo short 7C927CAA 7C927C3E 65:4B dec ebx 7C927C40 65:79 73 jns short 7C927CB6 7C927C43 004E 74 add [esi+74], cl 7C927C46 4F dec edi 7C927C47 70 65 jo short 7C927CAE 7C927C49 6E outs dx, byte ptr es:[edi] 7C927C4A 44 inc esp 7C927C4B 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C927C52 79 4F jns short 7C927CA3 7C927C54 626A 65 bound ebp, [edx+65] 7C927C57 637400 4E arpl [eax+eax+4E], si 7C927C5B 74 4F je short 7C927CAC 7C927C5D 70 65 jo short 7C927CC4 7C927C5F 6E outs dx, byte ptr es:[edi] 7C927C60 45 inc ebp 7C927C61 76 65 jbe short 7C927CC8 7C927C63 6E outs dx, byte ptr es:[edi] 7C927C64 74 00 je short 7C927C66 7C927C66 4E dec esi ; ntdll.ZwTerminateProcess 7C927C67 74 4F je short 7C927CB8 7C927C69 70 65 jo short 7C927CD0 7C927C6B 6E outs dx, byte ptr es:[edi] 7C927C6C 45 inc ebp 7C927C6D 76 65 jbe short 7C927CD4 7C927C6F 6E outs dx, byte ptr es:[edi] 7C927C70 74 50 je short 7C927CC2 7C927C72 61 popad 7C927C73 6972 00 4E744F7>imul esi, [edx], 704F744E ; ntdll.7C99C8E0 7C927C7A 65:6E outs dx, byte ptr es:[edi] 7C927C7C 46 inc esi ; ntdll.ZwTerminateProcess 7C927C7D 696C65 00 4E744>imul ebp, [ebp], 704F744E 7C927C85 65:6E outs dx, byte ptr es:[edi] 7C927C87 49 dec ecx 7C927C88 6F outs dx, dword ptr es:[edi] 7C927C89 43 inc ebx 7C927C8A 6F outs dx, dword ptr es:[edi] 7C927C8B 6D ins dword ptr es:[edi], dx 7C927C8C 70 6C jo short 7C927CFA 7C927C8E 65:74 69 je short 7C927CFA 7C927C91 6F outs dx, dword ptr es:[edi] 7C927C92 6E outs dx, byte ptr es:[edi] 7C927C93 004E 74 add [esi+74], cl 7C927C96 4F dec edi 7C927C97 70 65 jo short 7C927CFE 7C927C99 6E outs dx, byte ptr es:[edi] 7C927C9A 4A dec edx ; msvcrt.77C31AE8 7C927C9B 6F outs dx, dword ptr es:[edi] 7C927C9C 624F 62 bound ecx, [edi+62] 7C927C9F 6A 65 push 65 7C927CA1 637400 4E arpl [eax+eax+4E], si 7C927CA5 74 4F je short 7C927CF6 7C927CA7 70 65 jo short 7C927D0E 7C927CA9 6E outs dx, byte ptr es:[edi] 7C927CAA 4B dec ebx 7C927CAB 65:79 00 jns short 7C927CAE 7C927CAE 4E dec esi ; ntdll.ZwTerminateProcess 7C927CAF 74 4F je short 7C927D00 7C927CB1 70 65 jo short 7C927D18 7C927CB3 6E outs dx, byte ptr es:[edi] 7C927CB4 4B dec ebx 7C927CB5 65:79 65 jns short 7C927D1D 7C927CB8 64:45 inc ebp 7C927CBA 76 65 jbe short 7C927D21 7C927CBC 6E outs dx, byte ptr es:[edi] 7C927CBD 74 00 je short 7C927CBF 7C927CBF 4E dec esi ; ntdll.ZwTerminateProcess 7C927CC0 74 4F je short 7C927D11 7C927CC2 70 65 jo short 7C927D29 7C927CC4 6E outs dx, byte ptr es:[edi] 7C927CC5 4D dec ebp 7C927CC6 75 74 jnz short 7C927D3C 7C927CC8 61 popad 7C927CC9 6E outs dx, byte ptr es:[edi] 7C927CCA 74 00 je short 7C927CCC 7C927CCC 4E dec esi ; ntdll.ZwTerminateProcess 7C927CCD 74 4F je short 7C927D1E 7C927CCF 70 65 jo short 7C927D36 7C927CD1 6E outs dx, byte ptr es:[edi] 7C927CD2 4F dec edi 7C927CD3 626A 65 bound ebp, [edx+65] 7C927CD6 637441 75 arpl [ecx+eax*2+75], si 7C927CDA 64:697441 6C 61>imul esi, fs:[ecx+eax*2+6C], 6D7261 7C927CE3 4E dec esi ; ntdll.ZwTerminateProcess 7C927CE4 74 4F je short 7C927D35 7C927CE6 70 65 jo short 7C927D4D 7C927CE8 6E outs dx, byte ptr es:[edi] 7C927CE9 50 push eax 7C927CEA 72 6F jb short 7C927D5B 7C927CEC 6365 73 arpl [ebp+73], sp 7C927CEF 73 00 jnb short 7C927CF1 7C927CF1 4E dec esi ; ntdll.ZwTerminateProcess 7C927CF2 74 4F je short 7C927D43 7C927CF4 70 65 jo short 7C927D5B 7C927CF6 6E outs dx, byte ptr es:[edi] 7C927CF7 50 push eax 7C927CF8 72 6F jb short 7C927D69 7C927CFA 6365 73 arpl [ebp+73], sp 7C927CFD 73 54 jnb short 7C927D53 7C927CFF 6F outs dx, dword ptr es:[edi] 7C927D00 6B65 6E 00 imul esp, [ebp+6E], 0 7C927D04 4E dec esi ; ntdll.ZwTerminateProcess 7C927D05 74 4F je short 7C927D56 7C927D07 70 65 jo short 7C927D6E 7C927D09 6E outs dx, byte ptr es:[edi] 7C927D0A 50 push eax 7C927D0B 72 6F jb short 7C927D7C 7C927D0D 6365 73 arpl [ebp+73], sp 7C927D10 73 54 jnb short 7C927D66 7C927D12 6F outs dx, dword ptr es:[edi] 7C927D13 6B65 6E 45 imul esp, [ebp+6E], 45 7C927D17 78 00 js short 7C927D19 7C927D19 4E dec esi ; ntdll.ZwTerminateProcess 7C927D1A 74 4F je short 7C927D6B 7C927D1C 70 65 jo short 7C927D83 7C927D1E 6E outs dx, byte ptr es:[edi] 7C927D1F 53 push ebx 7C927D20 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C927D25 6E outs dx, byte ptr es:[edi] 7C927D26 004E 74 add [esi+74], cl 7C927D29 4F dec edi 7C927D2A 70 65 jo short 7C927D91 7C927D2C 6E outs dx, byte ptr es:[edi] 7C927D2D 53 push ebx 7C927D2E 65:6D ins dword ptr es:[edi], dx 7C927D30 61 popad 7C927D31 70 68 jo short 7C927D9B 7C927D33 6F outs dx, dword ptr es:[edi] 7C927D34 72 65 jb short 7C927D9B 7C927D36 004E 74 add [esi+74], cl 7C927D39 4F dec edi 7C927D3A 70 65 jo short 7C927DA1 7C927D3C 6E outs dx, byte ptr es:[edi] 7C927D3D 53 push ebx 7C927D3E 79 6D jns short 7C927DAD 7C927D40 626F 6C bound ebp, [edi+6C] 7C927D43 6963 4C 696E6B4>imul esp, [ebx+4C], 4F6B6E69 7C927D4A 626A 65 bound ebp, [edx+65] 7C927D4D 637400 4E arpl [eax+eax+4E], si 7C927D51 74 4F je short 7C927DA2 7C927D53 70 65 jo short 7C927DBA 7C927D55 6E outs dx, byte ptr es:[edi] 7C927D56 54 push esp 7C927D57 68 72656164 push 64616572 7C927D5C 004E 74 add [esi+74], cl 7C927D5F 4F dec edi 7C927D60 70 65 jo short 7C927DC7 7C927D62 6E outs dx, byte ptr es:[edi] 7C927D63 54 push esp 7C927D64 68 72656164 push 64616572 7C927D69 54 push esp 7C927D6A 6F outs dx, dword ptr es:[edi] 7C927D6B 6B65 6E 00 imul esp, [ebp+6E], 0 7C927D6F 4E dec esi ; ntdll.ZwTerminateProcess 7C927D70 74 4F je short 7C927DC1 7C927D72 70 65 jo short 7C927DD9 7C927D74 6E outs dx, byte ptr es:[edi] 7C927D75 54 push esp 7C927D76 68 72656164 push 64616572 7C927D7B 54 push esp 7C927D7C 6F outs dx, dword ptr es:[edi] 7C927D7D 6B65 6E 45 imul esp, [ebp+6E], 45 7C927D81 78 00 js short 7C927D83 7C927D83 4E dec esi ; ntdll.ZwTerminateProcess 7C927D84 74 4F je short 7C927DD5 7C927D86 70 65 jo short 7C927DED 7C927D88 6E outs dx, byte ptr es:[edi] 7C927D89 54 push esp 7C927D8A 696D 65 72004E7>imul ebp, [ebp+65], 744E0072 7C927D91 50 push eax 7C927D92 6C ins byte ptr es:[edi], dx 7C927D93 75 67 jnz short 7C927DFC 7C927D95 50 push eax 7C927D96 6C ins byte ptr es:[edi], dx 7C927D97 61 popad 7C927D98 79 43 jns short 7C927DDD 7C927D9A 6F outs dx, dword ptr es:[edi] 7C927D9B 6E outs dx, byte ptr es:[edi] 7C927D9C 74 72 je short 7C927E10 7C927D9E 6F outs dx, dword ptr es:[edi] 7C927D9F 6C ins byte ptr es:[edi], dx 7C927DA0 004E 74 add [esi+74], cl 7C927DA3 50 push eax 7C927DA4 6F outs dx, dword ptr es:[edi] 7C927DA5 77 65 ja short 7C927E0C 7C927DA7 72 49 jb short 7C927DF2 7C927DA9 6E outs dx, byte ptr es:[edi] 7C927DAA 66:6F outs dx, word ptr es:[edi] 7C927DAC 72 6D jb short 7C927E1B 7C927DAE 61 popad 7C927DAF 74 69 je short 7C927E1A 7C927DB1 6F outs dx, dword ptr es:[edi] 7C927DB2 6E outs dx, byte ptr es:[edi] 7C927DB3 004E 74 add [esi+74], cl 7C927DB6 50 push eax 7C927DB7 72 69 jb short 7C927E22 7C927DB9 76 69 jbe short 7C927E24 7C927DBB 6C ins byte ptr es:[edi], dx 7C927DBC 65: prefix gs: 7C927DBD 67:65:43 inc ebx 7C927DC0 68 65636B00 push 6B6365 7C927DC5 4E dec esi ; ntdll.ZwTerminateProcess 7C927DC6 74 50 je short 7C927E18 7C927DC8 72 69 jb short 7C927E33 7C927DCA 76 69 jbe short 7C927E35 7C927DCC 6C ins byte ptr es:[edi], dx 7C927DCD 65: prefix gs: 7C927DCE 67:65:4F dec edi 7C927DD1 626A 65 bound ebp, [edx+65] 7C927DD4 637441 75 arpl [ecx+eax*2+75], si 7C927DD8 64:697441 6C 61>imul esi, fs:[ecx+eax*2+6C], 6D7261 7C927DE1 4E dec esi ; ntdll.ZwTerminateProcess 7C927DE2 74 50 je short 7C927E34 7C927DE4 72 69 jb short 7C927E4F 7C927DE6 76 69 jbe short 7C927E51 7C927DE8 6C ins byte ptr es:[edi], dx 7C927DE9 65: prefix gs: 7C927DEA 67: prefix addrsize: 7C927DEB 65: prefix gs: 7C927DEC 64:53 push ebx 7C927DEE 65:72 76 jb short 7C927E67 7C927DF1 6963 65 4175646>imul esp, [ebx+65], 69647541 7C927DF8 74 41 je short 7C927E3B 7C927DFA 6C ins byte ptr es:[edi], dx 7C927DFB 61 popad 7C927DFC 72 6D jb short 7C927E6B 7C927DFE 004E 74 add [esi+74], cl 7C927E01 50 push eax 7C927E02 72 6F jb short 7C927E73 7C927E04 74 65 je short 7C927E6B 7C927E06 637456 69 arpl [esi+edx*2+69], si 7C927E0A 72 74 jb short 7C927E80 7C927E0C 75 61 jnz short 7C927E6F 7C927E0E 6C ins byte ptr es:[edi], dx 7C927E0F 4D dec ebp 7C927E10 65:6D ins dword ptr es:[edi], dx 7C927E12 6F outs dx, dword ptr es:[edi] 7C927E13 72 79 jb short 7C927E8E 7C927E15 004E 74 add [esi+74], cl 7C927E18 50 push eax 7C927E19 75 6C jnz short 7C927E87 7C927E1B 73 65 jnb short 7C927E82 7C927E1D 45 inc ebp 7C927E1E 76 65 jbe short 7C927E85 7C927E20 6E outs dx, byte ptr es:[edi] 7C927E21 74 00 je short 7C927E23 7C927E23 4E dec esi ; ntdll.ZwTerminateProcess 7C927E24 74 51 je short 7C927E77 7C927E26 75 65 jnz short 7C927E8D 7C927E28 72 79 jb short 7C927EA3 7C927E2A 41 inc ecx 7C927E2B 74 74 je short 7C927EA1 7C927E2D 72 69 jb short 7C927E98 7C927E2F 6275 74 bound esi, [ebp+74] 7C927E32 65:73 46 jnb short 7C927E7B 7C927E35 696C65 00 4E745>imul ebp, [ebp], 7551744E 7C927E3D 65:72 79 jb short 7C927EB9 7C927E40 42 inc edx ; msvcrt.77C31AE8 7C927E41 6F outs dx, dword ptr es:[edi] 7C927E42 6F outs dx, dword ptr es:[edi] 7C927E43 74 45 je short 7C927E8A 7C927E45 6E outs dx, byte ptr es:[edi] 7C927E46 74 72 je short 7C927EBA 7C927E48 79 4F jns short 7C927E99 7C927E4A 72 64 jb short 7C927EB0 7C927E4C 65:72 00 jb short 7C927E4F 7C927E4F 4E dec esi ; ntdll.ZwTerminateProcess 7C927E50 74 51 je short 7C927EA3 7C927E52 75 65 jnz short 7C927EB9 7C927E54 72 79 jb short 7C927ECF 7C927E56 42 inc edx ; msvcrt.77C31AE8 7C927E57 6F outs dx, dword ptr es:[edi] 7C927E58 6F outs dx, dword ptr es:[edi] 7C927E59 74 4F je short 7C927EAA 7C927E5B 70 74 jo short 7C927ED1 7C927E5D 696F 6E 73004E7>imul ebp, [edi+6E], 744E0073 7C927E64 51 push ecx 7C927E65 75 65 jnz short 7C927ECC 7C927E67 72 79 jb short 7C927EE2 7C927E69 44 inc esp 7C927E6A 65:6275 67 bound esi, gs:[ebp+67] 7C927E6E 46 inc esi ; ntdll.ZwTerminateProcess 7C927E6F 696C74 65 72537>imul ebp, [esp+esi*2+65], 61745372 7C927E77 74 65 je short 7C927EDE 7C927E79 004E 74 add [esi+74], cl 7C927E7C 51 push ecx 7C927E7D 75 65 jnz short 7C927EE4 7C927E7F 72 79 jb short 7C927EFA 7C927E81 44 inc esp 7C927E82 65:66:61 popaw 7C927E85 75 6C jnz short 7C927EF3 7C927E87 74 4C je short 7C927ED5 7C927E89 6F outs dx, dword ptr es:[edi] 7C927E8A 6361 6C arpl [ecx+6C], sp 7C927E8D 65:004E 74 add gs:[esi+74], cl 7C927E91 51 push ecx 7C927E92 75 65 jnz short 7C927EF9 7C927E94 72 79 jb short 7C927F0F 7C927E96 44 inc esp 7C927E97 65:66:61 popaw 7C927E9A 75 6C jnz short 7C927F08 7C927E9C 74 55 je short 7C927EF3 7C927E9E 49 dec ecx 7C927E9F 4C dec esp 7C927EA0 61 popad 7C927EA1 6E outs dx, byte ptr es:[edi] 7C927EA2 67:75 61 jnz short 7C927F06 7C927EA5 67:65:004E 74 add gs:[bp+74], cl 7C927EAA 51 push ecx 7C927EAB 75 65 jnz short 7C927F12 7C927EAD 72 79 jb short 7C927F28 7C927EAF 44 inc esp 7C927EB0 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C927EB7 79 46 jns short 7C927EFF 7C927EB9 696C65 00 4E745>imul ebp, [ebp], 7551744E 7C927EC1 65:72 79 jb short 7C927F3D 7C927EC4 44 inc esp 7C927EC5 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C927ECC 79 4F jns short 7C927F1D 7C927ECE 626A 65 bound ebp, [edx+65] 7C927ED1 637400 4E arpl [eax+eax+4E], si 7C927ED5 74 51 je short 7C927F28 7C927ED7 75 65 jnz short 7C927F3E 7C927ED9 72 79 jb short 7C927F54 7C927EDB 45 inc ebp 7C927EDC 61 popad 7C927EDD 46 inc esi ; ntdll.ZwTerminateProcess 7C927EDE 696C65 00 4E745>imul ebp, [ebp], 7551744E 7C927EE6 65:72 79 jb short 7C927F62 7C927EE9 45 inc ebp 7C927EEA 76 65 jbe short 7C927F51 7C927EEC 6E outs dx, byte ptr es:[edi] 7C927EED 74 00 je short 7C927EEF 7C927EEF 4E dec esi ; ntdll.ZwTerminateProcess 7C927EF0 74 51 je short 7C927F43 7C927EF2 75 65 jnz short 7C927F59 7C927EF4 72 79 jb short 7C927F6F 7C927EF6 46 inc esi ; ntdll.ZwTerminateProcess 7C927EF7 75 6C jnz short 7C927F65 7C927EF9 6C ins byte ptr es:[edi], dx 7C927EFA 41 inc ecx 7C927EFB 74 74 je short 7C927F71 7C927EFD 72 69 jb short 7C927F68 7C927EFF 6275 74 bound esi, [ebp+74] 7C927F02 65:73 46 jnb short 7C927F4B 7C927F05 696C65 00 4E745>imul ebp, [ebp], 7551744E 7C927F0D 65:72 79 jb short 7C927F89 7C927F10 49 dec ecx 7C927F11 6E outs dx, byte ptr es:[edi] 7C927F12 66:6F outs dx, word ptr es:[edi] 7C927F14 72 6D jb short 7C927F83 7C927F16 61 popad 7C927F17 74 69 je short 7C927F82 7C927F19 6F outs dx, dword ptr es:[edi] 7C927F1A 6E outs dx, byte ptr es:[edi] 7C927F1B 41 inc ecx 7C927F1C 74 6F je short 7C927F8D 7C927F1E 6D ins dword ptr es:[edi], dx 7C927F1F 004E 74 add [esi+74], cl 7C927F22 51 push ecx 7C927F23 75 65 jnz short 7C927F8A 7C927F25 72 79 jb short 7C927FA0 7C927F27 49 dec ecx 7C927F28 6E outs dx, byte ptr es:[edi] 7C927F29 66:6F outs dx, word ptr es:[edi] 7C927F2B 72 6D jb short 7C927F9A 7C927F2D 61 popad 7C927F2E 74 69 je short 7C927F99 7C927F30 6F outs dx, dword ptr es:[edi] 7C927F31 6E outs dx, byte ptr es:[edi] 7C927F32 46 inc esi ; ntdll.ZwTerminateProcess 7C927F33 696C65 00 4E745>imul ebp, [ebp], 7551744E 7C927F3B 65:72 79 jb short 7C927FB7 7C927F3E 49 dec ecx 7C927F3F 6E outs dx, byte ptr es:[edi] 7C927F40 66:6F outs dx, word ptr es:[edi] 7C927F42 72 6D jb short 7C927FB1 7C927F44 61 popad 7C927F45 74 69 je short 7C927FB0 7C927F47 6F outs dx, dword ptr es:[edi] 7C927F48 6E outs dx, byte ptr es:[edi] 7C927F49 4A dec edx ; msvcrt.77C31AE8 7C927F4A 6F outs dx, dword ptr es:[edi] 7C927F4B 624F 62 bound ecx, [edi+62] 7C927F4E 6A 65 push 65 7C927F50 637400 4E arpl [eax+eax+4E], si 7C927F54 74 51 je short 7C927FA7 7C927F56 75 65 jnz short 7C927FBD 7C927F58 72 79 jb short 7C927FD3 7C927F5A 49 dec ecx 7C927F5B 6E outs dx, byte ptr es:[edi] 7C927F5C 66:6F outs dx, word ptr es:[edi] 7C927F5E 72 6D jb short 7C927FCD 7C927F60 61 popad 7C927F61 74 69 je short 7C927FCC 7C927F63 6F outs dx, dword ptr es:[edi] 7C927F64 6E outs dx, byte ptr es:[edi] 7C927F65 50 push eax 7C927F66 6F outs dx, dword ptr es:[edi] 7C927F67 72 74 jb short 7C927FDD 7C927F69 004E 74 add [esi+74], cl 7C927F6C 51 push ecx 7C927F6D 75 65 jnz short 7C927FD4 7C927F6F 72 79 jb short 7C927FEA 7C927F71 49 dec ecx 7C927F72 6E outs dx, byte ptr es:[edi] 7C927F73 66:6F outs dx, word ptr es:[edi] 7C927F75 72 6D jb short 7C927FE4 7C927F77 61 popad 7C927F78 74 69 je short 7C927FE3 7C927F7A 6F outs dx, dword ptr es:[edi] 7C927F7B 6E outs dx, byte ptr es:[edi] 7C927F7C 50 push eax 7C927F7D 72 6F jb short 7C927FEE 7C927F7F 6365 73 arpl [ebp+73], sp 7C927F82 73 00 jnb short 7C927F84 7C927F84 4E dec esi ; ntdll.ZwTerminateProcess 7C927F85 74 51 je short 7C927FD8 7C927F87 75 65 jnz short 7C927FEE 7C927F89 72 79 jb short 7C928004 7C927F8B 49 dec ecx 7C927F8C 6E outs dx, byte ptr es:[edi] 7C927F8D 66:6F outs dx, word ptr es:[edi] 7C927F8F 72 6D jb short 7C927FFE 7C927F91 61 popad 7C927F92 74 69 je short 7C927FFD 7C927F94 6F outs dx, dword ptr es:[edi] 7C927F95 6E outs dx, byte ptr es:[edi] 7C927F96 54 push esp 7C927F97 68 72656164 push 64616572 7C927F9C 004E 74 add [esi+74], cl 7C927F9F 51 push ecx 7C927FA0 75 65 jnz short 7C928007 7C927FA2 72 79 jb short 7C92801D 7C927FA4 49 dec ecx 7C927FA5 6E outs dx, byte ptr es:[edi] 7C927FA6 66:6F outs dx, word ptr es:[edi] 7C927FA8 72 6D jb short 7C928017 7C927FAA 61 popad 7C927FAB 74 69 je short 7C928016 7C927FAD 6F outs dx, dword ptr es:[edi] 7C927FAE 6E outs dx, byte ptr es:[edi] 7C927FAF 54 push esp 7C927FB0 6F outs dx, dword ptr es:[edi] 7C927FB1 6B65 6E 00 imul esp, [ebp+6E], 0 7C927FB5 4E dec esi ; ntdll.ZwTerminateProcess 7C927FB6 74 51 je short 7C928009 7C927FB8 75 65 jnz short 7C92801F 7C927FBA 72 79 jb short 7C928035 7C927FBC 49 dec ecx 7C927FBD 6E outs dx, byte ptr es:[edi] 7C927FBE 73 74 jnb short 7C928034 7C927FC0 61 popad 7C927FC1 6C ins byte ptr es:[edi], dx 7C927FC2 6C ins byte ptr es:[edi], dx 7C927FC3 55 push ebp 7C927FC4 49 dec ecx 7C927FC5 4C dec esp 7C927FC6 61 popad 7C927FC7 6E outs dx, byte ptr es:[edi] 7C927FC8 67:75 61 jnz short 7C92802C 7C927FCB 67:65:004E 74 add gs:[bp+74], cl 7C927FD0 51 push ecx 7C927FD1 75 65 jnz short 7C928038 7C927FD3 72 79 jb short 7C92804E 7C927FD5 49 dec ecx 7C927FD6 6E outs dx, byte ptr es:[edi] 7C927FD7 74 65 je short 7C92803E 7C927FD9 72 76 jb short 7C928051 7C927FDB 61 popad 7C927FDC 6C ins byte ptr es:[edi], dx 7C927FDD 50 push eax 7C927FDE 72 6F jb short 7C92804F 7C927FE0 66:696C65 00 4E>imul bp, [ebp], 744E 7C927FE7 51 push ecx 7C927FE8 75 65 jnz short 7C92804F 7C927FEA 72 79 jb short 7C928065 7C927FEC 49 dec ecx 7C927FED 6F outs dx, dword ptr es:[edi] 7C927FEE 43 inc ebx 7C927FEF 6F outs dx, dword ptr es:[edi] 7C927FF0 6D ins dword ptr es:[edi], dx 7C927FF1 70 6C jo short 7C92805F 7C927FF3 65:74 69 je short 7C92805F 7C927FF6 6F outs dx, dword ptr es:[edi] 7C927FF7 6E outs dx, byte ptr es:[edi] 7C927FF8 004E 74 add [esi+74], cl 7C927FFB 51 push ecx 7C927FFC 75 65 jnz short 7C928063 7C927FFE 72 79 jb short 7C928079 7C928000 4B dec ebx 7C928001 65:79 00 jns short 7C928004 7C928004 4E dec esi ; ntdll.ZwTerminateProcess 7C928005 74 51 je short 7C928058 7C928007 75 65 jnz short 7C92806E 7C928009 72 79 jb short 7C928084 7C92800B 4D dec ebp 7C92800C 75 6C jnz short 7C92807A 7C92800E 74 69 je short 7C928079 7C928010 70 6C jo short 7C92807E 7C928012 65:56 push esi ; ntdll.ZwTerminateProcess 7C928014 61 popad 7C928015 6C ins byte ptr es:[edi], dx 7C928016 75 65 jnz short 7C92807D 7C928018 4B dec ebx 7C928019 65:79 00 jns short 7C92801C 7C92801C 4E dec esi ; ntdll.ZwTerminateProcess 7C92801D 74 51 je short 7C928070 7C92801F 75 65 jnz short 7C928086 7C928021 72 79 jb short 7C92809C 7C928023 4D dec ebp 7C928024 75 74 jnz short 7C92809A 7C928026 61 popad 7C928027 6E outs dx, byte ptr es:[edi] 7C928028 74 00 je short 7C92802A 7C92802A 4E dec esi ; ntdll.ZwTerminateProcess 7C92802B 74 51 je short 7C92807E 7C92802D 75 65 jnz short 7C928094 7C92802F 72 79 jb short 7C9280AA 7C928031 4F dec edi 7C928032 626A 65 bound ebp, [edx+65] 7C928035 637400 4E arpl [eax+eax+4E], si 7C928039 74 51 je short 7C92808C 7C92803B 75 65 jnz short 7C9280A2 7C92803D 72 79 jb short 7C9280B8 7C92803F 4F dec edi 7C928040 70 65 jo short 7C9280A7 7C928042 6E outs dx, byte ptr es:[edi] 7C928043 53 push ebx 7C928044 75 62 jnz short 7C9280A8 7C928046 4B dec ebx 7C928047 65:79 73 jns short 7C9280BD 7C92804A 004E 74 add [esi+74], cl 7C92804D 51 push ecx 7C92804E 75 65 jnz short 7C9280B5 7C928050 72 79 jb short 7C9280CB 7C928052 50 push eax 7C928053 65:72 66 jb short 7C9280BC 7C928056 6F outs dx, dword ptr es:[edi] 7C928057 72 6D jb short 7C9280C6 7C928059 61 popad 7C92805A 6E outs dx, byte ptr es:[edi] 7C92805B 6365 43 arpl [ebp+43], sp 7C92805E 6F outs dx, dword ptr es:[edi] 7C92805F 75 6E jnz short 7C9280CF 7C928061 74 65 je short 7C9280C8 7C928063 72 00 jb short 7C928065 7C928065 4E dec esi ; ntdll.ZwTerminateProcess 7C928066 74 51 je short 7C9280B9 7C928068 75 65 jnz short 7C9280CF 7C92806A 72 79 jb short 7C9280E5 7C92806C 50 push eax 7C92806D 6F outs dx, dword ptr es:[edi] 7C92806E 72 74 jb short 7C9280E4 7C928070 49 dec ecx 7C928071 6E outs dx, byte ptr es:[edi] 7C928072 66:6F outs dx, word ptr es:[edi] 7C928074 72 6D jb short 7C9280E3 7C928076 61 popad 7C928077 74 69 je short 7C9280E2 7C928079 6F outs dx, dword ptr es:[edi] 7C92807A 6E outs dx, byte ptr es:[edi] 7C92807B 50 push eax 7C92807C 72 6F jb short 7C9280ED 7C92807E 6365 73 arpl [ebp+73], sp 7C928081 73 00 jnb short 7C928083 7C928083 4E dec esi ; ntdll.ZwTerminateProcess 7C928084 74 51 je short 7C9280D7 7C928086 75 65 jnz short 7C9280ED 7C928088 72 79 jb short 7C928103 7C92808A 51 push ecx 7C92808B 75 6F jnz short 7C9280FC 7C92808D 74 61 je short 7C9280F0 7C92808F 49 dec ecx 7C928090 6E outs dx, byte ptr es:[edi] 7C928091 66:6F outs dx, word ptr es:[edi] 7C928093 72 6D jb short 7C928102 7C928095 61 popad 7C928096 74 69 je short 7C928101 7C928098 6F outs dx, dword ptr es:[edi] 7C928099 6E outs dx, byte ptr es:[edi] 7C92809A 46 inc esi ; ntdll.ZwTerminateProcess 7C92809B 696C65 00 4E745>imul ebp, [ebp], 7551744E 7C9280A3 65:72 79 jb short 7C92811F 7C9280A6 53 push ebx 7C9280A7 65:637469 6F arpl gs:[ecx+ebp*2+6F], si 7C9280AC 6E outs dx, byte ptr es:[edi] 7C9280AD 004E 74 add [esi+74], cl 7C9280B0 51 push ecx 7C9280B1 75 65 jnz short 7C928118 7C9280B3 72 79 jb short 7C92812E 7C9280B5 53 push ebx 7C9280B6 65:6375 72 arpl gs:[ebp+72], si 7C9280BA 697479 4F 626A6>imul esi, [ecx+edi*2+4F], 63656A62 7C9280C2 74 00 je short 7C9280C4 7C9280C4 4E dec esi ; ntdll.ZwTerminateProcess 7C9280C5 74 51 je short 7C928118 7C9280C7 75 65 jnz short 7C92812E 7C9280C9 72 79 jb short 7C928144 7C9280CB 53 push ebx 7C9280CC 65:6D ins dword ptr es:[edi], dx 7C9280CE 61 popad 7C9280CF 70 68 jo short 7C928139 7C9280D1 6F outs dx, dword ptr es:[edi] 7C9280D2 72 65 jb short 7C928139 7C9280D4 004E 74 add [esi+74], cl 7C9280D7 51 push ecx 7C9280D8 75 65 jnz short 7C92813F 7C9280DA 72 79 jb short 7C928155 7C9280DC 53 push ebx 7C9280DD 79 6D jns short 7C92814C 7C9280DF 626F 6C bound ebp, [edi+6C] 7C9280E2 6963 4C 696E6B4>imul esp, [ebx+4C], 4F6B6E69 7C9280E9 626A 65 bound ebp, [edx+65] 7C9280EC 637400 4E arpl [eax+eax+4E], si 7C9280F0 74 51 je short 7C928143 7C9280F2 75 65 jnz short 7C928159 7C9280F4 72 79 jb short 7C92816F 7C9280F6 53 push ebx 7C9280F7 79 73 jns short 7C92816C 7C9280F9 74 65 je short 7C928160 7C9280FB 6D ins dword ptr es:[edi], dx 7C9280FC 45 inc ebp 7C9280FD 6E outs dx, byte ptr es:[edi] 7C9280FE 76 69 jbe short 7C928169 7C928100 72 6F jb short 7C928171 7C928102 6E outs dx, byte ptr es:[edi] 7C928103 6D ins dword ptr es:[edi], dx 7C928104 65:6E outs dx, byte ptr es:[edi] 7C928106 74 56 je short 7C92815E 7C928108 61 popad 7C928109 6C ins byte ptr es:[edi], dx 7C92810A 75 65 jnz short 7C928171 7C92810C 004E 74 add [esi+74], cl 7C92810F 51 push ecx 7C928110 75 65 jnz short 7C928177 7C928112 72 79 jb short 7C92818D 7C928114 53 push ebx 7C928115 79 73 jns short 7C92818A 7C928117 74 65 je short 7C92817E 7C928119 6D ins dword ptr es:[edi], dx 7C92811A 45 inc ebp 7C92811B 6E outs dx, byte ptr es:[edi] 7C92811C 76 69 jbe short 7C928187 7C92811E 72 6F jb short 7C92818F 7C928120 6E outs dx, byte ptr es:[edi] 7C928121 6D ins dword ptr es:[edi], dx 7C928122 65:6E outs dx, byte ptr es:[edi] 7C928124 74 56 je short 7C92817C 7C928126 61 popad 7C928127 6C ins byte ptr es:[edi], dx 7C928128 75 65 jnz short 7C92818F 7C92812A 45 inc ebp 7C92812B 78 00 js short 7C92812D 7C92812D 4E dec esi ; ntdll.ZwTerminateProcess 7C92812E 74 51 je short 7C928181 7C928130 75 65 jnz short 7C928197 7C928132 72 79 jb short 7C9281AD 7C928134 53 push ebx 7C928135 79 73 jns short 7C9281AA 7C928137 74 65 je short 7C92819E 7C928139 6D ins dword ptr es:[edi], dx 7C92813A 49 dec ecx 7C92813B 6E outs dx, byte ptr es:[edi] 7C92813C 66:6F outs dx, word ptr es:[edi] 7C92813E 72 6D jb short 7C9281AD 7C928140 61 popad 7C928141 74 69 je short 7C9281AC 7C928143 6F outs dx, dword ptr es:[edi] 7C928144 6E outs dx, byte ptr es:[edi] 7C928145 004E 74 add [esi+74], cl 7C928148 51 push ecx 7C928149 75 65 jnz short 7C9281B0 7C92814B 72 79 jb short 7C9281C6 7C92814D 53 push ebx 7C92814E 79 73 jns short 7C9281C3 7C928150 74 65 je short 7C9281B7 7C928152 6D ins dword ptr es:[edi], dx 7C928153 54 push esp 7C928154 696D 65 004E745>imul ebp, [ebp+65], 51744E00 7C92815B 75 65 jnz short 7C9281C2 7C92815D 72 79 jb short 7C9281D8 7C92815F 54 push esp 7C928160 696D 65 72004E7>imul ebp, [ebp+65], 744E0072 7C928167 51 push ecx 7C928168 75 65 jnz short 7C9281CF 7C92816A 72 79 jb short 7C9281E5 7C92816C 54 push esp 7C92816D 696D 65 7252657>imul ebp, [ebp+65], 73655272 7C928174 6F outs dx, dword ptr es:[edi] 7C928175 6C ins byte ptr es:[edi], dx 7C928176 75 74 jnz short 7C9281EC 7C928178 696F 6E 004E745>imul ebp, [edi+6E], 51744E00 7C92817F 75 65 jnz short 7C9281E6 7C928181 72 79 jb short 7C9281FC 7C928183 56 push esi ; ntdll.ZwTerminateProcess 7C928184 61 popad 7C928185 6C ins byte ptr es:[edi], dx 7C928186 75 65 jnz short 7C9281ED 7C928188 4B dec ebx 7C928189 65:79 00 jns short 7C92818C 7C92818C 4E dec esi ; ntdll.ZwTerminateProcess 7C92818D 74 51 je short 7C9281E0 7C92818F 75 65 jnz short 7C9281F6 7C928191 72 79 jb short 7C92820C 7C928193 56 push esi ; ntdll.ZwTerminateProcess 7C928194 6972 74 75616C4>imul esi, [edx+74], 4D6C6175 7C92819B 65:6D ins dword ptr es:[edi], dx 7C92819D 6F outs dx, dword ptr es:[edi] 7C92819E 72 79 jb short 7C928219 7C9281A0 004E 74 add [esi+74], cl 7C9281A3 51 push ecx 7C9281A4 75 65 jnz short 7C92820B 7C9281A6 72 79 jb short 7C928221 7C9281A8 56 push esi ; ntdll.ZwTerminateProcess 7C9281A9 6F outs dx, dword ptr es:[edi] 7C9281AA 6C ins byte ptr es:[edi], dx 7C9281AB 75 6D jnz short 7C92821A 7C9281AD 65:49 dec ecx 7C9281AF 6E outs dx, byte ptr es:[edi] 7C9281B0 66:6F outs dx, word ptr es:[edi] 7C9281B2 72 6D jb short 7C928221 7C9281B4 61 popad 7C9281B5 74 69 je short 7C928220 7C9281B7 6F outs dx, dword ptr es:[edi] 7C9281B8 6E outs dx, byte ptr es:[edi] 7C9281B9 46 inc esi ; ntdll.ZwTerminateProcess 7C9281BA 696C65 00 4E745>imul ebp, [ebp], 7551744E 7C9281C2 65:75 65 jnz short 7C92822A 7C9281C5 41 inc ecx 7C9281C6 70 63 jo short 7C92822B 7C9281C8 54 push esp 7C9281C9 68 72656164 push 64616572 7C9281CE 004E 74 add [esi+74], cl 7C9281D1 52 push edx ; msvcrt.77C31AE8 |
|
[讨论]程序分析!
7C92672B 0260 02 add ah, [eax+2] 7C92672E 61 popad 7C92672F 0262 02 add ah, [edx+2] 7C926732 6302 arpl [edx], ax 7C926734 64:0265 02 add ah, fs:[ebp+2] 7C926738 66:0267 02 add ah, [edi+2] 7C92673C 68 0269026A push 6A026902 7C926741 026B 02 add ch, [ebx+2] 7C926744 6C ins byte ptr es:[edi], dx 7C926745 026D 02 add ch, [ebp+2] 7C926748 6E outs dx, byte ptr es:[edi] 7C926749 026F 02 add ch, [edi+2] 7C92674C 70 02 jo short 7C926750 7C92674E 71 02 jno short 7C926752 7C926750 72 02 jb short 7C926754 7C926752 73 02 jnb short 7C926756 7C926754 74 02 je short 7C926758 7C926756 75 02 jnz short 7C92675A 7C926758 76 02 jbe short 7C92675C 7C92675A 77 02 ja short 7C92675E 7C92675C 78 02 js short 7C926760 7C92675E 79 02 jns short 7C926762 7C926760 7A 02 jpe short 7C926764 7C926762 7B 02 jpo short 7C926766 7C926764 7C 02 jl short 7C926768 7C926766 7D 02 jge short 7C92676A 7C926768 7E 02 jle short 7C92676C 7C92676A 7F 02 jg short 7C92676E 7C92676C 8002 81 add byte ptr [edx], 81 7C92676F 0282 02830284 add al, [edx+84028302] 7C926775 0285 02860287 add al, [ebp+87028602] 7C92677B 0288 0289028A add cl, [eax+8A028902] 7C926781 028B 028C028D add cl, [ebx+8D028C02] 7C926787 028E 028F0290 add cl, [esi+90028F02] 7C92678D 0291 02030092 add dl, [ecx+92000302] 7C926793 0293 02940295 add dl, [ebx+95029402] 7C926799 0296 02970298 add dl, [esi+98029702] 7C92679F 0299 029A029B add bl, [ecx+9B029A02] 7C9267A5 029C02 9D029E02 add bl, [edx+eax+29E029D] 7C9267AC 9F lahf 7C9267AD 02A0 02A102A2 add ah, [eax+A202A102] 7C9267B3 02A3 02A402A5 add ah, [ebx+A502A402] 7C9267B9 02A6 02A702A8 add ah, [esi+A802A702] 7C9267BF 02A9 02AA02AB add ch, [ecx+AB02AA02] 7C9267C5 02AC02 AD02AE02 add ch, [edx+eax+2AE02AD] 7C9267CC AF scas dword ptr es:[edi] 7C9267CD 02B0 02B102B2 add dh, [eax+B202B102] 7C9267D3 02B3 02B402B5 add dh, [ebx+B502B402] 7C9267D9 02B6 02B702B8 add dh, [esi+B802B702] 7C9267DF 02B9 02BA02BB add bh, [ecx+BB02BA02] 7C9267E5 02BC02 BD02BE02 add bh, [edx+eax+2BE02BD] 7C9267EC BF 02C002C1 mov edi, C102C002 7C9267F1 02C2 add al, dl 7C9267F3 02C3 add al, bl 7C9267F5 02C4 add al, ah 7C9267F7 02C5 add al, ch 7C9267F9 02C6 add al, dh 7C9267FB 02C7 add al, bh 7C9267FD 02C8 add cl, al 7C9267FF 02C9 add cl, cl 7C926801 02CA add cl, dl 7C926803 02CB add cl, bl 7C926805 02CC add cl, ah 7C926807 02CD add cl, ch 7C926809 02CE add cl, dh 7C92680B 02CF add cl, bh 7C92680D 02D0 add dl, al 7C92680F 02D1 add dl, cl 7C926811 02D2 add dl, dl 7C926813 02D3 add dl, bl 7C926815 02D4 add dl, ah 7C926817 02D5 add dl, ch 7C926819 02D6 add dl, dh 7C92681B 02D7 add dl, bh 7C92681D 02D8 add bl, al 7C92681F 02D9 add bl, cl 7C926821 02DA add bl, dl 7C926823 02DB add bl, bl 7C926825 02DC add bl, ah 7C926827 02DD add bl, ch 7C926829 02DE add bl, dh 7C92682B 02DF add bl, bh 7C92682D 02E0 add ah, al 7C92682F 02E1 add ah, cl 7C926831 02E2 add ah, dl 7C926833 02E3 add ah, bl 7C926835 02E4 add ah, ah 7C926837 02E5 add ah, ch 7C926839 02E6 add ah, dh 7C92683B 02E7 add ah, bh 7C92683D 02E8 add ch, al 7C92683F 02E9 add ch, cl 7C926841 02EA add ch, dl 7C926843 02EB add ch, bl 7C926845 02EC add ch, ah 7C926847 02ED add ch, ch 7C926849 02EE add ch, dh 7C92684B 02EF add ch, bh 7C92684D 02F0 add dh, al 7C92684F 02F1 add dh, cl 7C926851 02F2 add dh, dl 7C926853 02F3 add dh, bl 7C926855 02F4 add dh, ah 7C926857 02F5 add dh, ch 7C926859 02F6 add dh, dh 7C92685B 02F7 add dh, bh 7C92685D 02F8 add bh, al 7C92685F 02F9 add bh, cl 7C926861 02FA add bh, dl 7C926863 02FB add bh, bl 7C926865 02FC add bh, ah 7C926867 02FD add bh, ch 7C926869 02FE add bh, dh 7C92686B 02FF add bh, bh 7C92686D 0200 add al, [eax] 7C92686F 0301 add eax, [ecx] 7C926871 0302 add eax, [edx] ; ntdll.7C99C8E0 7C926873 0303 add eax, [ebx] 7C926875 030403 add eax, [ebx+eax] 7C926878 05 03060307 add eax, 7030603 7C92687D 0308 add ecx, [eax] 7C92687F 0309 add ecx, [ecx] 7C926881 030A add ecx, [edx] ; ntdll.7C99C8E0 7C926883 030B add ecx, [ebx] 7C926885 030D 030C030E add ecx, [E030C03] 7C92688B 030F add ecx, [edi] 7C92688D 0310 add edx, [eax] 7C92688F 0311 add edx, [ecx] 7C926891 0312 add edx, [edx] ; ntdll.7C99C8E0 7C926893 0313 add edx, [ebx] 7C926895 031403 add edx, [ebx+eax] 7C926898 15 03160317 adc eax, 17031603 7C92689D 0318 add ebx, [eax] 7C92689F 0319 add ebx, [ecx] 7C9268A1 031A add ebx, [edx] ; ntdll.7C99C8E0 7C9268A3 031B add ebx, [ebx] 7C9268A5 031C03 add ebx, [ebx+eax] 7C9268A8 1D 031E031F sbb eax, 1F031E03 7C9268AD 0320 add esp, [eax] 7C9268AF 0321 add esp, [ecx] 7C9268B1 0322 add esp, [edx] ; ntdll.7C99C8E0 7C9268B3 0323 add esp, [ebx] 7C9268B5 032403 add esp, [ebx+eax] 7C9268B8 25 03260327 and eax, 27032603 7C9268BD 0328 add ebp, [eax] 7C9268BF 0329 add ebp, [ecx] 7C9268C1 032A add ebp, [edx] ; ntdll.7C99C8E0 7C9268C3 032B add ebp, [ebx] 7C9268C5 032C03 add ebp, [ebx+eax] 7C9268C8 2D 032E032F sub eax, 2F032E03 7C9268CD 0330 add esi, [eax] 7C9268CF 0331 add esi, [ecx] 7C9268D1 0332 add esi, [edx] ; ntdll.7C99C8E0 7C9268D3 0333 add esi, [ebx] 7C9268D5 033403 add esi, [ebx+eax] 7C9268D8 35 03360337 xor eax, 37033603 7C9268DD 0338 add edi, [eax] 7C9268DF 0339 add edi, [ecx] 7C9268E1 033A add edi, [edx] ; ntdll.7C99C8E0 7C9268E3 033B add edi, [ebx] 7C9268E5 033C03 add edi, [ebx+eax] 7C9268E8 3D 033E033F cmp eax, 3F033E03 7C9268ED 0340 03 add eax, [eax+3] 7C9268F0 41 inc ecx 7C9268F1 0342 03 add eax, [edx+3] 7C9268F4 04 00 add al, 0 7C9268F6 05 00440343 add eax, 43034400 7C9268FB 0345 03 add eax, [ebp+3] 7C9268FE 46 inc esi ; ntdll.ZwTerminateProcess 7C9268FF 0347 03 add eax, [edi+3] 7C926902 48 dec eax 7C926903 0349 03 add ecx, [ecx+3] 7C926906 4A dec edx ; msvcrt.77C31AE8 7C926907 034B 03 add ecx, [ebx+3] 7C92690A 4C dec esp 7C92690B 034D 03 add ecx, [ebp+3] 7C92690E 4E dec esi ; ntdll.ZwTerminateProcess 7C92690F 034F 03 add ecx, [edi+3] 7C926912 50 push eax 7C926913 0351 03 add edx, [ecx+3] 7C926916 52 push edx ; msvcrt.77C31AE8 7C926917 0353 03 add edx, [ebx+3] 7C92691A 54 push esp 7C92691B 0355 03 add edx, [ebp+3] 7C92691E 56 push esi ; ntdll.ZwTerminateProcess 7C92691F 0357 03 add edx, [edi+3] 7C926922 58 pop eax ; ntdll.7C92E89A 7C926923 0359 03 add ebx, [ecx+3] 7C926926 5A pop edx ; ntdll.7C92E89A 7C926927 035B 03 add ebx, [ebx+3] 7C92692A 5C pop esp ; ntdll.7C92E89A 7C92692B 035D 03 add ebx, [ebp+3] 7C92692E 5E pop esi ; ntdll.7C92E89A 7C92692F 035F 03 add ebx, [edi+3] 7C926932 06 push es 7C926933 0060 03 add [eax+3], ah 7C926936 61 popad 7C926937 0362 03 add esp, [edx+3] 7C92693A 6303 arpl [ebx], ax 7C92693C 64:0365 03 add esp, fs:[ebp+3] 7C926940 66:0367 03 add sp, [edi+3] 7C926944 68 0369036A push 6A036903 7C926949 036B 03 add ebp, [ebx+3] 7C92694C 6C ins byte ptr es:[edi], dx 7C92694D 036D 03 add ebp, [ebp+3] 7C926950 6E outs dx, byte ptr es:[edi] 7C926951 036F 03 add ebp, [edi+3] 7C926954 70 03 jo short 7C926959 7C926956 71 03 jno short 7C92695B 7C926958 72 03 jb short 7C92695D 7C92695A 73 03 jnb short 7C92695F 7C92695C 74 03 je short 7C926961 7C92695E 75 03 jnz short 7C926963 7C926960 76 03 jbe short 7C926965 7C926962 77 03 ja short 7C926967 7C926964 78 03 js short 7C926969 7C926966 79 03 jns short 7C92696B 7C926968 7A 03 jpe short 7C92696D 7C92696A 7B 03 jpo short 7C92696F 7C92696C 7C 03 jl short 7C926971 7C92696E 7D 03 jge short 7C926973 7C926970 7E 03 jle short 7C926975 7C926972 7F 03 jg short 7C926977 7C926974 8003 81 add byte ptr [ebx], 81 7C926977 0382 03830384 add eax, [edx+84038303] 7C92697D 0385 03860387 add eax, [ebp+87038603] 7C926983 0388 0389038A add ecx, [eax+8A038903] 7C926989 038B 038C038D add ecx, [ebx+8D038C03] 7C92698F 038E 038F0390 add ecx, [esi+90038F03] 7C926995 0391 03920393 add edx, [ecx+93039203] 7C92699B 039403 95039603 add edx, [ebx+eax+3960395] 7C9269A2 97 xchg eax, edi 7C9269A3 0398 0399039A add ebx, [eax+9A039903] 7C9269A9 039B 039C039D add ebx, [ebx+9D039C03] 7C9269AF 039E 039F03A0 add ebx, [esi+A0039F03] 7C9269B5 03A1 03A203A3 add esp, [ecx+A303A203] 7C9269BB 03A403 A503A603 add esp, [ebx+eax+3A603A5] 7C9269C2 A7 cmps dword ptr [esi], dword ptr es:[e> 7C9269C3 03A8 03A903AA add ebp, [eax+AA03A903] 7C9269C9 03AB 03AC03AD add ebp, [ebx+AD03AC03] 7C9269CF 03AE 03AF03B0 add ebp, [esi+B003AF03] 7C9269D5 03B1 03B203B3 add esi, [ecx+B303B203] 7C9269DB 03B403 B503B603 add esi, [ebx+eax+3B603B5] 7C9269E2 B7 03 mov bh, 3 7C9269E4 B8 03B903BA mov eax, BA03B903 7C9269E9 03BB 03BC03BD add edi, [ebx+BD03BC03] 7C9269EF 03BE 03BF03C0 add edi, [esi+C003BF03] 7C9269F5 03C1 add eax, ecx 7C9269F7 03C2 add eax, edx ; msvcrt.77C31AE8 7C9269F9 03C3 add eax, ebx 7C9269FB 03C4 add eax, esp 7C9269FD 03C5 add eax, ebp 7C9269FF 03C6 add eax, esi ; ntdll.ZwTerminateProcess 7C926A01 03C7 add eax, edi 7C926A03 03C8 add ecx, eax 7C926A05 03C9 add ecx, ecx 7C926A07 03CA add ecx, edx ; msvcrt.77C31AE8 7C926A09 03CB add ecx, ebx 7C926A0B 03CC add ecx, esp 7C926A0D 03CD add ecx, ebp 7C926A0F 03CE add ecx, esi ; ntdll.ZwTerminateProcess 7C926A11 03CF add ecx, edi 7C926A13 03D0 add edx, eax 7C926A15 03D1 add edx, ecx 7C926A17 03D2 add edx, edx ; msvcrt.77C31AE8 7C926A19 03D3 add edx, ebx 7C926A1B 03D4 add edx, esp 7C926A1D 03D5 add edx, ebp 7C926A1F 03D6 add edx, esi ; ntdll.ZwTerminateProcess 7C926A21 03D7 add edx, edi 7C926A23 03D8 add ebx, eax 7C926A25 03D9 add ebx, ecx 7C926A27 03DA add ebx, edx ; msvcrt.77C31AE8 7C926A29 03DB add ebx, ebx 7C926A2B 03DC add ebx, esp 7C926A2D 03DD add ebx, ebp 7C926A2F 03DE add ebx, esi ; ntdll.ZwTerminateProcess 7C926A31 03DF add ebx, edi 7C926A33 03E0 add esp, eax 7C926A35 03E1 add esp, ecx 7C926A37 03E3 add esp, ebx 7C926A39 03E2 add esp, edx ; msvcrt.77C31AE8 7C926A3B 03E4 add esp, esp 7C926A3D 03E5 add esp, ebp 7C926A3F 03E6 add esp, esi ; ntdll.ZwTerminateProcess 7C926A41 03E7 add esp, edi 7C926A43 03E8 add ebp, eax 7C926A45 03E9 add ebp, ecx 7C926A47 03EA add ebp, edx ; msvcrt.77C31AE8 7C926A49 03EB add ebp, ebx 7C926A4B 03EC add ebp, esp 7C926A4D 03ED add ebp, ebp 7C926A4F 03EE add ebp, esi ; ntdll.ZwTerminateProcess 7C926A51 03EF add ebp, edi 7C926A53 03F0 add esi, eax 7C926A55 03F1 add esi, ecx 7C926A57 03F2 add esi, edx ; msvcrt.77C31AE8 7C926A59 03F3 add esi, ebx 7C926A5B 03F4 add esi, esp 7C926A5D 03F5 add esi, ebp 7C926A5F 03F6 add esi, esi ; ntdll.ZwTerminateProcess 7C926A61 03F7 add esi, edi 7C926A63 03F8 add edi, eax 7C926A65 03F9 add edi, ecx 7C926A67 03FA add edi, edx ; msvcrt.77C31AE8 7C926A69 03FB add edi, ebx 7C926A6B 03FC add edi, esp 7C926A6D 03FD add edi, ebp 7C926A6F 03FE add edi, esi ; ntdll.ZwTerminateProcess 7C926A71 03FF add edi, edi 7C926A73 0300 add eax, [eax] 7C926A75 04 01 add al, 1 7C926A77 04 02 add al, 2 7C926A79 04 03 add al, 3 7C926A7B 04 04 add al, 4 7C926A7D 04 05 add al, 5 7C926A7F 04 06 add al, 6 7C926A81 04 07 add al, 7 7C926A83 04 08 add al, 8 7C926A85 04 09 add al, 9 7C926A87 04 0A add al, 0A 7C926A89 04 0B add al, 0B 7C926A8B 04 0C add al, 0C 7C926A8D 04 0D add al, 0D 7C926A8F 04 0E add al, 0E 7C926A91 04 0F add al, 0F 7C926A93 04 10 add al, 10 7C926A95 04 11 add al, 11 7C926A97 04 12 add al, 12 7C926A99 04 13 add al, 13 7C926A9B 04 14 add al, 14 7C926A9D 04 15 add al, 15 7C926A9F 04 16 add al, 16 7C926AA1 04 17 add al, 17 7C926AA3 04 18 add al, 18 7C926AA5 04 19 add al, 19 7C926AA7 04 1A add al, 1A 7C926AA9 04 1B add al, 1B 7C926AAB 04 1C add al, 1C 7C926AAD 04 1D add al, 1D 7C926AAF 04 1E add al, 1E 7C926AB1 04 1F add al, 1F 7C926AB3 04 20 add al, 20 7C926AB5 04 21 add al, 21 7C926AB7 04 22 add al, 22 7C926AB9 04 23 add al, 23 7C926ABB 04 24 add al, 24 7C926ABD 04 25 add al, 25 7C926ABF 04 26 add al, 26 7C926AC1 04 27 add al, 27 7C926AC3 04 28 add al, 28 7C926AC5 04 29 add al, 29 7C926AC7 04 2A add al, 2A 7C926AC9 04 2B add al, 2B 7C926ACB 04 2C add al, 2C 7C926ACD 04 2D add al, 2D 7C926ACF 04 2E add al, 2E 7C926AD1 04 2F add al, 2F 7C926AD3 04 30 add al, 30 7C926AD5 04 31 add al, 31 7C926AD7 04 32 add al, 32 7C926AD9 04 33 add al, 33 7C926ADB 04 34 add al, 34 7C926ADD 04 35 add al, 35 7C926ADF 04 36 add al, 36 7C926AE1 04 37 add al, 37 7C926AE3 04 38 add al, 38 7C926AE5 04 39 add al, 39 7C926AE7 04 3A add al, 3A 7C926AE9 04 3B add al, 3B 7C926AEB 04 3C add al, 3C 7C926AED 04 3D add al, 3D 7C926AEF 04 3E add al, 3E 7C926AF1 04 3F add al, 3F 7C926AF3 04 40 add al, 40 7C926AF5 04 41 add al, 41 7C926AF7 04 42 add al, 42 7C926AF9 04 43 add al, 43 7C926AFB 04 44 add al, 44 7C926AFD 04 45 add al, 45 7C926AFF 04 46 add al, 46 7C926B01 04 47 add al, 47 7C926B03 04 48 add al, 48 7C926B05 04 49 add al, 49 7C926B07 04 4A add al, 4A 7C926B09 04 4B add al, 4B 7C926B0B 04 4C add al, 4C 7C926B0D 04 4D add al, 4D 7C926B0F 04 4E add al, 4E 7C926B11 04 4F add al, 4F 7C926B13 04 50 add al, 50 7C926B15 04 51 add al, 51 7C926B17 04 52 add al, 52 7C926B19 04 53 add al, 53 7C926B1B 04 54 add al, 54 7C926B1D 04 55 add al, 55 7C926B1F 04 56 add al, 56 7C926B21 04 57 add al, 57 7C926B23 04 58 add al, 58 7C926B25 04 59 add al, 59 7C926B27 04 5A add al, 5A 7C926B29 04 5B add al, 5B 7C926B2B 04 5C add al, 5C 7C926B2D 04 5D add al, 5D 7C926B2F 04 5E add al, 5E 7C926B31 04 5F add al, 5F 7C926B33 04 60 add al, 60 7C926B35 04 61 add al, 61 7C926B37 04 62 add al, 62 7C926B39 04 63 add al, 63 7C926B3B 04 64 add al, 64 7C926B3D 04 65 add al, 65 7C926B3F 04 66 add al, 66 7C926B41 04 67 add al, 67 7C926B43 04 68 add al, 68 7C926B45 04 69 add al, 69 7C926B47 04 6A add al, 6A 7C926B49 04 6B add al, 6B 7C926B4B 04 6C add al, 6C 7C926B4D 04 6D add al, 6D 7C926B4F 04 6E add al, 6E 7C926B51 04 6F add al, 6F 7C926B53 04 70 add al, 70 7C926B55 04 71 add al, 71 7C926B57 04 72 add al, 72 7C926B59 04 73 add al, 73 7C926B5B 04 74 add al, 74 7C926B5D 04 75 add al, 75 7C926B5F 04 76 add al, 76 7C926B61 04 77 add al, 77 7C926B63 04 78 add al, 78 7C926B65 04 79 add al, 79 7C926B67 04 7A add al, 7A 7C926B69 04 7B add al, 7B 7C926B6B 04 7C add al, 7C 7C926B6D 04 7D add al, 7D 7C926B6F 04 7E add al, 7E 7C926B71 04 7F add al, 7F 7C926B73 04 80 add al, 80 7C926B75 04 81 add al, 81 7C926B77 04 82 add al, 82 7C926B79 04 83 add al, 83 7C926B7B 04 84 add al, 84 7C926B7D 04 85 add al, 85 7C926B7F 04 86 add al, 86 7C926B81 04 87 add al, 87 7C926B83 04 88 add al, 88 7C926B85 04 89 add al, 89 7C926B87 04 8A add al, 8A 7C926B89 04 8B add al, 8B 7C926B8B 04 8C add al, 8C 7C926B8D 04 8D add al, 8D 7C926B8F 04 8E add al, 8E 7C926B91 04 8F add al, 8F 7C926B93 04 90 add al, 90 7C926B95 04 91 add al, 91 7C926B97 04 92 add al, 92 7C926B99 04 93 add al, 93 7C926B9B 04 94 add al, 94 7C926B9D 04 95 add al, 95 7C926B9F 04 96 add al, 96 7C926BA1 04 97 add al, 97 7C926BA3 04 98 add al, 98 7C926BA5 04 99 add al, 99 7C926BA7 04 9A add al, 9A 7C926BA9 04 9B add al, 9B 7C926BAB 04 9C add al, 9C 7C926BAD 04 9D add al, 9D 7C926BAF 04 9E add al, 9E 7C926BB1 04 9F add al, 9F 7C926BB3 04 A0 add al, 0A0 7C926BB5 04 A1 add al, 0A1 7C926BB7 04 A2 add al, 0A2 7C926BB9 04 A3 add al, 0A3 7C926BBB 04 A4 add al, 0A4 7C926BBD 04 A5 add al, 0A5 7C926BBF 04 A6 add al, 0A6 7C926BC1 04 A7 add al, 0A7 7C926BC3 04 A8 add al, 0A8 7C926BC5 04 A9 add al, 0A9 7C926BC7 04 AA add al, 0AA 7C926BC9 04 AB add al, 0AB 7C926BCB 04 AC add al, 0AC 7C926BCD 04 AD add al, 0AD 7C926BCF 04 AE add al, 0AE 7C926BD1 04 AF add al, 0AF 7C926BD3 04 B0 add al, 0B0 7C926BD5 04 B1 add al, 0B1 7C926BD7 04 B2 add al, 0B2 7C926BD9 04 B3 add al, 0B3 7C926BDB 04 B4 add al, 0B4 7C926BDD 04 B5 add al, 0B5 7C926BDF 04 B6 add al, 0B6 7C926BE1 04 B7 add al, 0B7 7C926BE3 04 B8 add al, 0B8 7C926BE5 04 B9 add al, 0B9 7C926BE7 04 BA add al, 0BA 7C926BE9 04 BB add al, 0BB 7C926BEB 04 BC add al, 0BC 7C926BED 04 BD add al, 0BD 7C926BEF 04 BE add al, 0BE 7C926BF1 04 BF add al, 0BF 7C926BF3 04 C0 add al, 0C0 7C926BF5 04 C1 add al, 0C1 7C926BF7 04 C2 add al, 0C2 7C926BF9 04 C3 add al, 0C3 7C926BFB 04 C4 add al, 0C4 7C926BFD 04 C5 add al, 0C5 7C926BFF 04 C6 add al, 0C6 7C926C01 04 C7 add al, 0C7 7C926C03 04 C8 add al, 0C8 7C926C05 04 C9 add al, 0C9 7C926C07 04 CA add al, 0CA 7C926C09 04 CB add al, 0CB 7C926C0B 04 CC add al, 0CC 7C926C0D 04 CD add al, 0CD 7C926C0F 04 CE add al, 0CE 7C926C11 04 CF add al, 0CF 7C926C13 04 D0 add al, 0D0 7C926C15 04 D1 add al, 0D1 7C926C17 04 D2 add al, 0D2 7C926C19 04 D3 add al, 0D3 7C926C1B 04 D4 add al, 0D4 7C926C1D 04 D5 add al, 0D5 7C926C1F 04 D6 add al, 0D6 7C926C21 04 D7 add al, 0D7 7C926C23 04 D8 add al, 0D8 7C926C25 04 D9 add al, 0D9 7C926C27 04 DA add al, 0DA 7C926C29 04 DB add al, 0DB 7C926C2B 04 DC add al, 0DC 7C926C2D 04 DD add al, 0DD 7C926C2F 04 DE add al, 0DE 7C926C31 04 DF add al, 0DF 7C926C33 04 E0 add al, 0E0 7C926C35 04 E1 add al, 0E1 7C926C37 04 E2 add al, 0E2 7C926C39 04 E3 add al, 0E3 7C926C3B 04 E4 add al, 0E4 7C926C3D 04 E5 add al, 0E5 7C926C3F 04 E6 add al, 0E6 7C926C41 04 E7 add al, 0E7 7C926C43 04 E8 add al, 0E8 7C926C45 04 E9 add al, 0E9 7C926C47 04 EA add al, 0EA 7C926C49 04 EB add al, 0EB 7C926C4B 04 EC add al, 0EC 7C926C4D 04 ED add al, 0ED 7C926C4F 04 EE add al, 0EE 7C926C51 04 EF add al, 0EF 7C926C53 04 F0 add al, 0F0 7C926C55 04 F1 add al, 0F1 7C926C57 04 F2 add al, 0F2 7C926C59 04 F3 add al, 0F3 7C926C5B 04 F4 add al, 0F4 7C926C5D 04 F5 add al, 0F5 7C926C5F 04 F6 add al, 0F6 7C926C61 04 F7 add al, 0F7 7C926C63 04 F8 add al, 0F8 7C926C65 04 F9 add al, 0F9 7C926C67 04 FA add al, 0FA 7C926C69 04 FB add al, 0FB 7C926C6B 04 FC add al, 0FC 7C926C6D 04 FD add al, 0FD 7C926C6F 04 FE add al, 0FE 7C926C71 04 FF add al, 0FF 7C926C73 04 00 add al, 0 7C926C75 05 01050205 add eax, 5020501 7C926C7A 0305 04050505 add eax, [5050504] 7C926C80 06 push es 7C926C81 05 07050805 add eax, 5080507 7C926C86 0905 0A050B05 or [50B050A], eax 7C926C8C 0C 05 or al, 5 7C926C8E 0D 050E050F or eax, 0F050E05 7C926C93 05 10051105 add eax, 5110510 7C926C98 1205 13051405 adc al, [5140513] 7C926C9E 15 05160517 adc eax, 17051605 7C926CA3 05 18051905 add eax, 5190518 7C926CA8 1A05 1B051C05 sbb al, [51C051B] 7C926CAE 1D 051E051F sbb eax, 1F051E05 7C926CB3 05 20052105 add eax, 5210520 7C926CB8 2205 6E74646C and al, [6C64746E] 7C926CBE 6C ins byte ptr es:[edi], dx 7C926CBF 2E: prefix cs: 7C926CC0 64:6C ins byte ptr es:[edi], dx 7C926CC2 6C ins byte ptr es:[edi], dx 7C926CC3 0043 73 add [ebx+73], al 7C926CC6 72 41 jb short 7C926D09 7C926CC8 6C ins byte ptr es:[edi], dx 7C926CC9 6C ins byte ptr es:[edi], dx 7C926CCA 6F outs dx, dword ptr es:[edi] 7C926CCB 6361 74 arpl [ecx+74], sp 7C926CCE 65:43 inc ebx 7C926CD0 61 popad 7C926CD1 70 74 jo short 7C926D47 7C926CD3 75 72 jnz short 7C926D47 7C926CD5 65:42 inc edx ; msvcrt.77C31AE8 7C926CD7 75 66 jnz short 7C926D3F 7C926CD9 66:65:72 00 jb short 00006CDD 7C926CDD 43 inc ebx 7C926CDE 73 72 jnb short 7C926D52 7C926CE0 41 inc ecx 7C926CE1 6C ins byte ptr es:[edi], dx 7C926CE2 6C ins byte ptr es:[edi], dx 7C926CE3 6F outs dx, dword ptr es:[edi] 7C926CE4 6361 74 arpl [ecx+74], sp 7C926CE7 65:4D dec ebp 7C926CE9 65:73 73 jnb short 7C926D5F 7C926CEC 61 popad 7C926CED 67:65:50 push eax 7C926CF0 6F outs dx, dword ptr es:[edi] 7C926CF1 696E 74 6572004>imul ebp, [esi+74], 43007265 7C926CF8 73 72 jnb short 7C926D6C 7C926CFA 43 inc ebx 7C926CFB 61 popad 7C926CFC 70 74 jo short 7C926D72 7C926CFE 75 72 jnz short 7C926D72 7C926D00 65:4D dec ebp 7C926D02 65:73 73 jnb short 7C926D78 7C926D05 61 popad 7C926D06 67:65:42 inc edx ; msvcrt.77C31AE8 7C926D09 75 66 jnz short 7C926D71 7C926D0B 66:65:72 00 jb short 00006D0F 7C926D0F 43 inc ebx 7C926D10 73 72 jnb short 7C926D84 7C926D12 43 inc ebx 7C926D13 61 popad 7C926D14 70 74 jo short 7C926D8A 7C926D16 75 72 jnz short 7C926D8A 7C926D18 65:4D dec ebp 7C926D1A 65:73 73 jnb short 7C926D90 7C926D1D 61 popad 7C926D1E 67:65:4D dec ebp 7C926D21 75 6C jnz short 7C926D8F 7C926D23 74 69 je short 7C926D8E 7C926D25 55 push ebp 7C926D26 6E outs dx, byte ptr es:[edi] 7C926D27 6963 6F 6465537>imul esp, [ebx+6F], 74536564 7C926D2E 72 69 jb short 7C926D99 7C926D30 6E outs dx, byte ptr es:[edi] 7C926D31 67:73 49 jnb short 7C926D7D 7C926D34 6E outs dx, byte ptr es:[edi] 7C926D35 50 push eax 7C926D36 6C ins byte ptr es:[edi], dx 7C926D37 61 popad 7C926D38 6365 00 arpl [ebp], sp 7C926D3B 43 inc ebx 7C926D3C 73 72 jnb short 7C926DB0 7C926D3E 43 inc ebx 7C926D3F 61 popad 7C926D40 70 74 jo short 7C926DB6 7C926D42 75 72 jnz short 7C926DB6 7C926D44 65:4D dec ebp 7C926D46 65:73 73 jnb short 7C926DBC 7C926D49 61 popad 7C926D4A 67:65:53 push ebx 7C926D4D 74 72 je short 7C926DC1 7C926D4F 696E 67 0043737>imul ebp, [esi+67], 72734300 7C926D56 43 inc ebx 7C926D57 61 popad 7C926D58 70 74 jo short 7C926DCE 7C926D5A 75 72 jnz short 7C926DCE 7C926D5C 65:54 push esp 7C926D5E 696D 65 6F75740>imul ebp, [ebp+65], 74756F 7C926D65 43 inc ebx 7C926D66 73 72 jnb short 7C926DDA 7C926D68 43 inc ebx 7C926D69 6C ins byte ptr es:[edi], dx 7C926D6A 6965 6E 7443616>imul esp, [ebp+6E], 6C614374 7C926D71 6C ins byte ptr es:[edi], dx 7C926D72 53 push ebx 7C926D73 65:72 76 jb short 7C926DEC 7C926D76 65:72 00 jb short 7C926D79 7C926D79 43 inc ebx 7C926D7A 73 72 jnb short 7C926DEE 7C926D7C 43 inc ebx 7C926D7D 6C ins byte ptr es:[edi], dx 7C926D7E 6965 6E 74436F6>imul esp, [ebp+6E], 6E6F4374 7C926D85 6E outs dx, byte ptr es:[edi] 7C926D86 65:637454 6F arpl gs:[esp+edx*2+6F], si 7C926D8B 53 push ebx 7C926D8C 65:72 76 jb short 7C926E05 7C926D8F 65:72 00 jb short 7C926D92 7C926D92 43 inc ebx 7C926D93 73 72 jnb short 7C926E07 7C926D95 46 inc esi ; ntdll.ZwTerminateProcess 7C926D96 72 65 jb short 7C926DFD 7C926D98 65:43 inc ebx 7C926D9A 61 popad 7C926D9B 70 74 jo short 7C926E11 7C926D9D 75 72 jnz short 7C926E11 7C926D9F 65:42 inc edx ; msvcrt.77C31AE8 7C926DA1 75 66 jnz short 7C926E09 7C926DA3 66:65:72 00 jb short 00006DA7 7C926DA7 43 inc ebx 7C926DA8 73 72 jnb short 7C926E1C 7C926DAA 47 inc edi 7C926DAB 65:74 50 je short 7C926DFE 7C926DAE 72 6F jb short 7C926E1F 7C926DB0 6365 73 arpl [ebp+73], sp 7C926DB3 73 49 jnb short 7C926DFE 7C926DB5 64:0043 73 add fs:[ebx+73], al 7C926DB9 72 49 jb short 7C926E04 7C926DBB 64: prefix fs: 7C926DBC 65:6E outs dx, byte ptr es:[edi] 7C926DBE 74 69 je short 7C926E29 7C926DC0 - 66:79 41 jns short 00006E04 7C926DC3 6C ins byte ptr es:[edi], dx 7C926DC4 65:72 74 jb short 7C926E3B 7C926DC7 61 popad 7C926DC8 626C65 54 bound ebp, [ebp+54] 7C926DCC 68 72656164 push 64616572 7C926DD1 0043 73 add [ebx+73], al 7C926DD4 72 4E jb short 7C926E24 7C926DD6 65:77 54 ja short 7C926E2D 7C926DD9 68 72656164 push 64616572 7C926DDE 0043 73 add [ebx+73], al 7C926DE1 72 50 jb short 7C926E33 7C926DE3 72 6F jb short 7C926E54 7C926DE5 6265 46 bound esp, [ebp+46] 7C926DE8 6F outs dx, dword ptr es:[edi] 7C926DE9 72 52 jb short 7C926E3D 7C926DEB 65:61 popad 7C926DED 64:0043 73 add fs:[ebx+73], al 7C926DF1 72 50 jb short 7C926E43 7C926DF3 72 6F jb short 7C926E64 7C926DF5 6265 46 bound esp, [ebp+46] 7C926DF8 6F outs dx, dword ptr es:[edi] 7C926DF9 72 57 jb short 7C926E52 7C926DFB 72 69 jb short 7C926E66 7C926DFD 74 65 je short 7C926E64 7C926DFF 0043 73 add [ebx+73], al 7C926E02 72 53 jb short 7C926E57 7C926E04 65:74 50 je short 7C926E57 7C926E07 72 69 jb short 7C926E72 7C926E09 6F outs dx, dword ptr es:[edi] 7C926E0A 72 69 jb short 7C926E75 7C926E0C 74 79 je short 7C926E87 7C926E0E 43 inc ebx 7C926E0F 6C ins byte ptr es:[edi], dx 7C926E10 61 popad 7C926E11 73 73 jnb short 7C926E86 7C926E13 004462 67 add [edx+67], al 7C926E17 42 inc edx ; msvcrt.77C31AE8 7C926E18 72 65 jb short 7C926E7F 7C926E1A 61 popad 7C926E1B 6B50 6F 69 imul edx, [eax+6F], 69 7C926E1F 6E outs dx, byte ptr es:[edi] 7C926E20 74 00 je short 7C926E22 7C926E22 44 inc esp 7C926E23 6267 50 bound esp, [edi+50] 7C926E26 72 69 jb short 7C926E91 7C926E28 6E outs dx, byte ptr es:[edi] 7C926E29 74 00 je short 7C926E2B 7C926E2B 44 inc esp 7C926E2C 6267 50 bound esp, [edi+50] 7C926E2F 72 69 jb short 7C926E9A 7C926E31 6E outs dx, byte ptr es:[edi] 7C926E32 74 45 je short 7C926E79 7C926E34 78 00 js short 7C926E36 7C926E36 44 inc esp 7C926E37 6267 50 bound esp, [edi+50] 7C926E3A 72 69 jb short 7C926EA5 7C926E3C 6E outs dx, byte ptr es:[edi] 7C926E3D 74 52 je short 7C926E91 7C926E3F 65:74 75 je short 7C926EB7 7C926E42 72 6E jb short 7C926EB2 7C926E44 43 inc ebx 7C926E45 6F outs dx, dword ptr es:[edi] 7C926E46 6E outs dx, byte ptr es:[edi] 7C926E47 74 72 je short 7C926EBB 7C926E49 6F outs dx, dword ptr es:[edi] 7C926E4A 6C ins byte ptr es:[edi], dx 7C926E4B 43 inc ebx 7C926E4C 004462 67 add [edx+67], al 7C926E50 50 push eax 7C926E51 72 6F jb short 7C926EC2 7C926E53 6D ins dword ptr es:[edi], dx 7C926E54 70 74 jo short 7C926ECA 7C926E56 004462 67 add [edx+67], al 7C926E5A 51 push ecx 7C926E5B 75 65 jnz short 7C926EC2 7C926E5D 72 79 jb short 7C926ED8 7C926E5F 44 inc esp 7C926E60 65:6275 67 bound esi, gs:[ebp+67] 7C926E64 46 inc esi ; ntdll.ZwTerminateProcess 7C926E65 696C74 65 72537>imul ebp, [esp+esi*2+65], 61745372 7C926E6D 74 65 je short 7C926ED4 7C926E6F 004462 67 add [edx+67], al 7C926E73 53 push ebx 7C926E74 65:74 44 je short 7C926EBB 7C926E77 65:6275 67 bound esi, gs:[ebp+67] 7C926E7B 46 inc esi ; ntdll.ZwTerminateProcess 7C926E7C 696C74 65 72537>imul ebp, [esp+esi*2+65], 61745372 7C926E84 74 65 je short 7C926EEB 7C926E86 004462 67 add [edx+67], al 7C926E8A 55 push ebp 7C926E8B 6943 6F 6E6E656>imul eax, [ebx+6F], 63656E6E 7C926E92 74 54 je short 7C926EE8 7C926E94 6F outs dx, dword ptr es:[edi] 7C926E95 44 inc esp 7C926E96 6267 00 bound esp, [edi] 7C926E99 44 inc esp 7C926E9A 6267 55 bound esp, [edi+55] 7C926E9D 6943 6F 6E74696>imul eax, [ebx+6F], 6E69746E 7C926EA4 75 65 jnz short 7C926F0B 7C926EA6 004462 67 add [edx+67], al 7C926EAA 55 push ebp 7C926EAB 6943 6F 6E76657>imul eax, [ebx+6F], 7265766E 7C926EB2 74 53 je short 7C926F07 7C926EB4 74 61 je short 7C926F17 7C926EB6 74 65 je short 7C926F1D 7C926EB8 43 inc ebx 7C926EB9 68 616E6765 push 65676E61 7C926EBE 53 push ebx 7C926EBF 74 72 je short 7C926F33 7C926EC1 75 63 jnz short 7C926F26 7C926EC3 74 75 je short 7C926F3A 7C926EC5 72 65 jb short 7C926F2C 7C926EC7 004462 67 add [edx+67], al 7C926ECB 55 push ebp 7C926ECC 694465 62 75674>imul eax, [ebp+62], 63416775 7C926ED4 74 69 je short 7C926F3F 7C926ED6 76 65 jbe short 7C926F3D 7C926ED8 50 push eax 7C926ED9 72 6F jb short 7C926F4A 7C926EDB 6365 73 arpl [ebp+73], sp 7C926EDE 73 00 jnb short 7C926EE0 7C926EE0 44 inc esp 7C926EE1 6267 55 bound esp, [edi+55] 7C926EE4 6947 65 7454687>imul eax, [edi+65], 72685474 7C926EEB 65:61 popad 7C926EED 64:44 inc esp 7C926EEF 65:6275 67 bound esi, gs:[ebp+67] 7C926EF3 4F dec edi 7C926EF4 626A 65 bound ebp, [edx+65] 7C926EF7 637400 44 arpl [eax+eax+44], si 7C926EFB 6267 55 bound esp, [edi+55] 7C926EFE 6949 73 7375655>imul ecx, [ecx+73], 52657573 7C926F05 65:6D ins dword ptr es:[edi], dx 7C926F07 6F outs dx, dword ptr es:[edi] 7C926F08 74 65 je short 7C926F6F 7C926F0A 42 inc edx ; msvcrt.77C31AE8 7C926F0B 72 65 jb short 7C926F72 7C926F0D 61 popad 7C926F0E 6B69 6E 00 imul ebp, [ecx+6E], 0 7C926F12 44 inc esp 7C926F13 6267 55 bound esp, [edi+55] 7C926F16 6952 65 6D6F746>imul edx, [edx+65], 65746F6D 7C926F1D 42 inc edx ; msvcrt.77C31AE8 7C926F1E 72 65 jb short 7C926F85 7C926F20 61 popad 7C926F21 6B69 6E 00 imul ebp, [ecx+6E], 0 7C926F25 44 inc esp 7C926F26 6267 55 bound esp, [edi+55] 7C926F29 6953 65 7454687>imul edx, [ebx+65], 72685474 7C926F30 65:61 popad 7C926F32 64:44 inc esp 7C926F34 65:6275 67 bound esi, gs:[ebp+67] 7C926F38 4F dec edi 7C926F39 626A 65 bound ebp, [edx+65] 7C926F3C 637400 44 arpl [eax+eax+44], si 7C926F40 6267 55 bound esp, [edi+55] 7C926F43 6953 74 6F70446>imul edx, [ebx+74], 6544706F 7C926F4A 6275 67 bound esi, [ebp+67] 7C926F4D 67:696E 67 0044>imul ebp, [bp+67], 67624400 7C926F55 55 push ebp 7C926F56 6957 61 6974537>imul edx, [edi+61], 74537469 7C926F5D 61 popad 7C926F5E 74 65 je short 7C926FC5 7C926F60 43 inc ebx 7C926F61 68 616E6765 push 65676E61 7C926F66 004462 67 add [edx+67], al 7C926F6A 55 push ebp 7C926F6B 73 65 jnb short 7C926FD2 7C926F6D 72 42 jb short 7C926FB1 7C926F6F 72 65 jb short 7C926FD6 7C926F71 61 popad 7C926F72 6B50 6F 69 imul edx, [eax+6F], 69 7C926F76 6E outs dx, byte ptr es:[edi] 7C926F77 74 00 je short 7C926F79 7C926F79 4B dec ebx 7C926F7A 6946 61 7374537>imul eax, [esi+61], 79537473 7C926F81 73 74 jnb short 7C926FF7 7C926F83 65:6D ins dword ptr es:[edi], dx 7C926F85 43 inc ebx 7C926F86 61 popad 7C926F87 6C ins byte ptr es:[edi], dx 7C926F88 6C ins byte ptr es:[edi], dx 7C926F89 004B 69 add [ebx+69], cl 7C926F8C 46 inc esi ; ntdll.ZwTerminateProcess 7C926F8D 61 popad 7C926F8E 73 74 jnb short 7C927004 7C926F90 53 push ebx 7C926F91 79 73 jns short 7C927006 7C926F93 74 65 je short 7C926FFA 7C926F95 6D ins dword ptr es:[edi], dx 7C926F96 43 inc ebx 7C926F97 61 popad 7C926F98 6C ins byte ptr es:[edi], dx 7C926F99 6C ins byte ptr es:[edi], dx 7C926F9A 52 push edx ; msvcrt.77C31AE8 7C926F9B 65:74 00 je short 7C926F9E 7C926F9E 4B dec ebx 7C926F9F 6949 6E 7453797>imul ecx, [ecx+6E], 73795374 7C926FA6 74 65 je short 7C92700D 7C926FA8 6D ins dword ptr es:[edi], dx 7C926FA9 43 inc ebx 7C926FAA 61 popad 7C926FAB 6C ins byte ptr es:[edi], dx 7C926FAC 6C ins byte ptr es:[edi], dx 7C926FAD 004B 69 add [ebx+69], cl 7C926FB0 52 push edx ; msvcrt.77C31AE8 7C926FB1 61 popad 7C926FB2 6973 65 5573657>imul esi, [ebx+65], 72657355 7C926FB9 45 inc ebp 7C926FBA 78 63 js short 7C92701F 7C926FBC 65:70 74 jo short 7C927033 7C926FBF 696F 6E 4469737>imul ebp, [edi+6E], 70736944 7C926FC6 61 popad 7C926FC7 74 63 je short 7C92702C 7C926FC9 68 6572004B push 4B007265 7C926FCE 6955 73 6572417>imul edx, [ebp+73], 70417265 7C926FD5 634469 73 arpl [ecx+ebp*2+73], ax 7C926FD9 70 61 jo short 7C92703C 7C926FDB 74 63 je short 7C927040 7C926FDD 68 6572004B push 4B007265 7C926FE2 6955 73 6572436>imul edx, [ebp+73], 61437265 7C926FE9 6C ins byte ptr es:[edi], dx 7C926FEA 6C ins byte ptr es:[edi], dx 7C926FEB 6261 63 bound esp, [ecx+63] 7C926FEE 6B4469 73 70 imul eax, [ecx+ebp*2+73], 70 7C926FF3 61 popad 7C926FF4 74 63 je short 7C927059 7C926FF6 68 6572004B push 4B007265 7C926FFB 6955 73 6572457>imul edx, [ebp+73], 78457265 7C927002 6365 70 arpl [ebp+70], sp 7C927005 74 69 je short 7C927070 7C927007 6F outs dx, dword ptr es:[edi] 7C927008 6E outs dx, byte ptr es:[edi] 7C927009 44 inc esp 7C92700A 6973 70 6174636>imul esi, [ebx+70], 68637461 7C927011 65:72 00 jb short 7C927014 7C927014 4C dec esp 7C927015 64:72 41 jb short 7C927059 7C927018 6363 65 arpl [ebx+65], sp 7C92701B 73 73 jnb short 7C927090 7C92701D 4F dec edi 7C92701E 75 74 jnz short 7C927094 7C927020 4F dec edi 7C927021 66:50 push ax 7C927023 72 6F jb short 7C927094 7C927025 6365 73 arpl [ebp+73], sp 7C927028 73 52 jnb short 7C92707C 7C92702A 65:73 6F jnb short 7C92709C 7C92702D 75 72 jnz short 7C9270A1 7C92702F 6365 00 arpl [ebp], sp 7C927032 4C dec esp 7C927033 64:72 41 jb short 7C927077 7C927036 6363 65 arpl [ebx+65], sp 7C927039 73 73 jnb short 7C9270AE 7C92703B 52 push edx ; msvcrt.77C31AE8 7C92703C 65:73 6F jnb short 7C9270AE 7C92703F 75 72 jnz short 7C9270B3 7C927041 6365 00 arpl [ebp], sp 7C927044 4C dec esp 7C927045 64:72 41 jb short 7C927089 7C927048 64: prefix fs: 7C927049 64:52 push edx ; msvcrt.77C31AE8 7C92704B 65:66:44 inc sp 7C92704E 6C ins byte ptr es:[edi], dx 7C92704F 6C ins byte ptr es:[edi], dx 7C927050 004C64 72 add [esp+72], cl 7C927054 41 inc ecx 7C927055 6C ins byte ptr es:[edi], dx 7C927056 74 65 je short 7C9270BD 7C927058 72 6E jb short 7C9270C8 7C92705A 61 popad 7C92705B 74 65 je short 7C9270C2 7C92705D 52 push edx ; msvcrt.77C31AE8 7C92705E 65:73 6F jnb short 7C9270D0 7C927061 75 72 jnz short 7C9270D5 7C927063 6365 73 arpl [ebp+73], sp 7C927066 45 inc ebp 7C927067 6E outs dx, byte ptr es:[edi] 7C927068 61 popad 7C927069 626C65 64 bound ebp, [ebp+64] 7C92706D 004C64 72 add [esp+72], cl 7C927071 43 inc ebx 7C927072 72 65 jb short 7C9270D9 7C927074 61 popad 7C927075 74 65 je short 7C9270DC 7C927077 4F dec edi 7C927078 75 74 jnz short 7C9270EE 7C92707A 4F dec edi 7C92707B 66:50 push ax 7C92707D 72 6F jb short 7C9270EE 7C92707F 6365 73 arpl [ebp+73], sp 7C927082 73 49 jnb short 7C9270CD 7C927084 6D ins dword ptr es:[edi], dx 7C927085 61 popad 7C927086 67:65:004C 64 add gs:[si+64], cl 7C92708B 72 44 jb short 7C9270D1 7C92708D 65:73 74 jnb short 7C927104 7C927090 72 6F jb short 7C927101 7C927092 79 4F jns short 7C9270E3 7C927094 75 74 jnz short 7C92710A 7C927096 4F dec edi 7C927097 66:50 push ax 7C927099 72 6F jb short 7C92710A 7C92709B 6365 73 arpl [ebp+73], sp 7C92709E 73 49 jnb short 7C9270E9 7C9270A0 6D ins dword ptr es:[edi], dx 7C9270A1 61 popad 7C9270A2 67:65:004C 64 add gs:[si+64], cl 7C9270A7 72 44 jb short 7C9270ED 7C9270A9 6973 61 626C655>imul esi, [ebx+61], 54656C62 7C9270B0 68 72656164 push 64616572 7C9270B5 43 inc ebx 7C9270B6 61 popad 7C9270B7 6C ins byte ptr es:[edi], dx 7C9270B8 6C ins byte ptr es:[edi], dx 7C9270B9 6F outs dx, dword ptr es:[edi] 7C9270BA 75 74 jnz short 7C927130 7C9270BC 73 46 jnb short 7C927104 7C9270BE 6F outs dx, dword ptr es:[edi] 7C9270BF 72 44 jb short 7C927105 7C9270C1 6C ins byte ptr es:[edi], dx 7C9270C2 6C ins byte ptr es:[edi], dx 7C9270C3 004C64 72 add [esp+72], cl 7C9270C7 45 inc ebp 7C9270C8 6E outs dx, byte ptr es:[edi] 7C9270C9 75 6D jnz short 7C927138 7C9270CB 52 push edx ; msvcrt.77C31AE8 7C9270CC 65:73 6F jnb short 7C92713E 7C9270CF 75 72 jnz short 7C927143 7C9270D1 6365 73 arpl [ebp+73], sp 7C9270D4 004C64 72 add [esp+72], cl 7C9270D8 45 inc ebp 7C9270D9 6E outs dx, byte ptr es:[edi] 7C9270DA 75 6D jnz short 7C927149 7C9270DC 65:72 61 jb short 7C927140 7C9270DF 74 65 je short 7C927146 7C9270E1 4C dec esp 7C9270E2 6F outs dx, dword ptr es:[edi] 7C9270E3 61 popad 7C9270E4 64: prefix fs: 7C9270E5 65: prefix gs: 7C9270E6 64:4D dec ebp 7C9270E8 6F outs dx, dword ptr es:[edi] 7C9270E9 64:75 6C jnz short 7C927158 7C9270EC 65:73 00 jnb short 7C9270EF 7C9270EF 4C dec esp 7C9270F0 64:72 46 jb short 7C927139 7C9270F3 696E 64 4372656>imul ebp, [esi+64], 61657243 7C9270FA 74 65 je short 7C927161 7C9270FC 50 push eax 7C9270FD 72 6F jb short 7C92716E 7C9270FF 6365 73 arpl [ebp+73], sp 7C927102 73 4D jnb short 7C927151 7C927104 61 popad 7C927105 6E outs dx, byte ptr es:[edi] 7C927106 6966 65 7374004>imul esp, [esi+65], 4C007473 7C92710D 64:72 46 jb short 7C927156 7C927110 696E 64 456E747>imul ebp, [esi+64], 72746E45 7C927117 79 46 jns short 7C92715F 7C927119 6F outs dx, dword ptr es:[edi] 7C92711A 72 41 jb short 7C92715D 7C92711C 64: prefix fs: 7C92711D 64:72 65 jb short 7C927185 7C927120 73 73 jnb short 7C927195 7C927122 004C64 72 add [esp+72], cl 7C927126 46 inc esi ; ntdll.ZwTerminateProcess 7C927127 696E 64 5265736>imul ebp, [esi+64], 6F736552 7C92712E 75 72 jnz short 7C9271A2 7C927130 6365 44 arpl [ebp+44], sp 7C927133 6972 65 63746F7>imul esi, [edx+65], 726F7463 7C92713A 79 5F jns short 7C92719B 7C92713C 55 push ebp 7C92713D 004C64 72 add [esp+72], cl 7C927141 46 inc esi ; ntdll.ZwTerminateProcess 7C927142 696E 64 5265736>imul ebp, [esi+64], 6F736552 7C927149 75 72 jnz short 7C9271BD 7C92714B 6365 45 arpl [ebp+45], sp 7C92714E 78 5F js short 7C9271AF 7C927150 55 push ebp 7C927151 004C64 72 add [esp+72], cl 7C927155 46 inc esi ; ntdll.ZwTerminateProcess 7C927156 696E 64 5265736>imul ebp, [esi+64], 6F736552 7C92715D 75 72 jnz short 7C9271D1 7C92715F 6365 5F arpl [ebp+5F], sp 7C927162 55 push ebp 7C927163 004C64 72 add [esp+72], cl 7C927167 46 inc esi ; ntdll.ZwTerminateProcess 7C927168 6C ins byte ptr es:[edi], dx 7C927169 75 73 jnz short 7C9271DE 7C92716B 68 416C7465 push 65746C41 7C927170 72 6E jb short 7C9271E0 7C927172 61 popad 7C927173 74 65 je short 7C9271DA 7C927175 52 push edx ; msvcrt.77C31AE8 7C927176 65:73 6F jnb short 7C9271E8 7C927179 75 72 jnz short 7C9271ED 7C92717B 6365 4D arpl [ebp+4D], sp 7C92717E 6F outs dx, dword ptr es:[edi] 7C92717F 64:75 6C jnz short 7C9271EE 7C927182 65:73 00 jnb short 7C927185 7C927185 4C dec esp 7C927186 64:72 47 jb short 7C9271D0 7C927189 65:74 44 je short 7C9271D0 7C92718C 6C ins byte ptr es:[edi], dx 7C92718D 6C ins byte ptr es:[edi], dx 7C92718E 48 dec eax 7C92718F 61 popad 7C927190 6E outs dx, byte ptr es:[edi] 7C927191 64:6C ins byte ptr es:[edi], dx 7C927193 65:004C64 72 add gs:[esp+72], cl 7C927198 47 inc edi 7C927199 65:74 44 je short 7C9271E0 7C92719C 6C ins byte ptr es:[edi], dx 7C92719D 6C ins byte ptr es:[edi], dx 7C92719E 48 dec eax 7C92719F 61 popad 7C9271A0 6E outs dx, byte ptr es:[edi] 7C9271A1 64:6C ins byte ptr es:[edi], dx 7C9271A3 65:45 inc ebp 7C9271A5 78 00 js short 7C9271A7 7C9271A7 4C dec esp 7C9271A8 64:72 47 jb short 7C9271F2 7C9271AB 65:74 50 je short 7C9271FE 7C9271AE 72 6F jb short 7C92721F 7C9271B0 6365 64 arpl [ebp+64], sp 7C9271B3 75 72 jnz short 7C927227 7C9271B5 65:41 inc ecx 7C9271B7 64: prefix fs: 7C9271B8 64:72 65 jb short 7C927220 7C9271BB 73 73 jnb short 7C927230 7C9271BD 004C64 72 add [esp+72], cl 7C9271C1 48 dec eax 7C9271C2 6F outs dx, dword ptr es:[edi] 7C9271C3 74 50 je short 7C927215 7C9271C5 61 popad 7C9271C6 74 63 je short 7C92722B 7C9271C8 68 526F7574 push 74756F52 7C9271CD 696E 65 004C647>imul ebp, [esi+65], 72644C00 7C9271D4 49 dec ecx 7C9271D5 6E outs dx, byte ptr es:[edi] 7C9271D6 697453 68 696D4>imul esi, [ebx+edx*2+68], 6E456D69 7C9271DE 67:696E 65 4479>imul ebp, [bp+65], 616E7944 7C9271E6 6D ins dword ptr es:[edi], dx 7C9271E7 6963 00 4C64724>imul esp, [ebx], 4972644C 7C9271EE 6E outs dx, byte ptr es:[edi] 7C9271EF 697469 61 6C697>imul esi, [ecx+ebp*2+61], 657A696C 7C9271F7 54 push esp 7C9271F8 68 756E6B00 push 6B6E75 7C9271FD 4C dec esp 7C9271FE 64:72 4C jb short 7C92724D 7C927201 6F outs dx, dword ptr es:[edi] 7C927202 61 popad 7C927203 64:41 inc ecx 7C927205 6C ins byte ptr es:[edi], dx 7C927206 74 65 je short 7C92726D 7C927208 72 6E jb short 7C927278 7C92720A 61 popad 7C92720B 74 65 je short 7C927272 7C92720D 52 push edx ; msvcrt.77C31AE8 7C92720E 65:73 6F jnb short 7C927280 7C927211 75 72 jnz short 7C927285 7C927213 6365 4D arpl [ebp+4D], sp 7C927216 6F outs dx, dword ptr es:[edi] 7C927217 64:75 6C jnz short 7C927286 7C92721A 65:004C64 72 add gs:[esp+72], cl 7C92721F 4C dec esp 7C927220 6F outs dx, dword ptr es:[edi] 7C927221 61 popad 7C927222 64:44 inc esp 7C927224 6C ins byte ptr es:[edi], dx 7C927225 6C ins byte ptr es:[edi], dx 7C927226 004C64 72 add [esp+72], cl 7C92722A 4C dec esp 7C92722B 6F outs dx, dword ptr es:[edi] 7C92722C 636B 4C arpl [ebx+4C], bp 7C92722F 6F outs dx, dword ptr es:[edi] 7C927230 61 popad 7C927231 64: prefix fs: 7C927232 65:72 4C jb short 7C927281 7C927235 6F outs dx, dword ptr es:[edi] 7C927236 636B 00 arpl [ebx], bp 7C927239 4C dec esp 7C92723A 64:72 50 jb short 7C92728D 7C92723D 72 6F jb short 7C9272AE 7C92723F 6365 73 arpl [ebp+73], sp 7C927242 73 52 jnb short 7C927296 7C927244 65:6C ins byte ptr es:[edi], dx 7C927246 6F outs dx, dword ptr es:[edi] 7C927247 6361 74 arpl [ecx+74], sp 7C92724A 696F 6E 426C6F6>imul ebp, [edi+6E], 636F6C42 7C927251 6B00 4C imul eax, [eax], 4C 7C927254 64:72 51 jb short 7C9272A8 7C927257 75 65 jnz short 7C9272BE 7C927259 72 79 jb short 7C9272D4 7C92725B 49 dec ecx 7C92725C 6D ins dword ptr es:[edi], dx 7C92725D 61 popad 7C92725E 67:65:46 inc esi ; ntdll.ZwTerminateProcess 7C927261 696C65 45 78656>imul ebp, [ebp+45], 75636578 7C927269 74 69 je short 7C9272D4 7C92726B 6F outs dx, dword ptr es:[edi] 7C92726C 6E outs dx, byte ptr es:[edi] 7C92726D 4F dec edi 7C92726E 70 74 jo short 7C9272E4 7C927270 696F 6E 73004C6>imul ebp, [edi+6E], 644C0073 7C927277 72 51 jb short 7C9272CA 7C927279 75 65 jnz short 7C9272E0 7C92727B 72 79 jb short 7C9272F6 7C92727D 50 push eax 7C92727E 72 6F jb short 7C9272EF 7C927280 6365 73 arpl [ebp+73], sp 7C927283 73 4D jnb short 7C9272D2 7C927285 6F outs dx, dword ptr es:[edi] 7C927286 64:75 6C jnz short 7C9272F5 7C927289 65:49 dec ecx 7C92728B 6E outs dx, byte ptr es:[edi] 7C92728C 66:6F outs dx, word ptr es:[edi] 7C92728E 72 6D jb short 7C9272FD 7C927290 61 popad 7C927291 74 69 je short 7C9272FC 7C927293 6F outs dx, dword ptr es:[edi] 7C927294 6E outs dx, byte ptr es:[edi] 7C927295 004C64 72 add [esp+72], cl 7C927299 53 push ebx 7C92729A 65:74 41 je short 7C9272DE 7C92729D 70 70 jo short 7C92730F 7C92729F 43 inc ebx 7C9272A0 6F outs dx, dword ptr es:[edi] 7C9272A1 6D ins dword ptr es:[edi], dx 7C9272A2 70 61 jo short 7C927305 7C9272A4 74 44 je short 7C9272EA 7C9272A6 6C ins byte ptr es:[edi], dx 7C9272A7 6C ins byte ptr es:[edi], dx 7C9272A8 52 push edx ; msvcrt.77C31AE8 7C9272A9 65: prefix gs: 7C9272AA 64:6972 65 6374>imul esi, fs:[edx+65], 6F697463 7C9272B2 6E outs dx, byte ptr es:[edi] 7C9272B3 43 inc ebx 7C9272B4 61 popad 7C9272B5 6C ins byte ptr es:[edi], dx 7C9272B6 6C ins byte ptr es:[edi], dx 7C9272B7 6261 63 bound esp, [ecx+63] 7C9272BA 6B00 4C imul eax, [eax], 4C 7C9272BD 64:72 53 jb short 7C927313 7C9272C0 65:74 44 je short 7C927307 7C9272C3 6C ins byte ptr es:[edi], dx 7C9272C4 6C ins byte ptr es:[edi], dx 7C9272C5 4D dec ebp 7C9272C6 61 popad 7C9272C7 6E outs dx, byte ptr es:[edi] 7C9272C8 6966 65 7374507>imul esp, [esi+65], 72507473 7C9272CF 6F outs dx, dword ptr es:[edi] 7C9272D0 6265 72 bound esp, [ebp+72] 7C9272D3 004C64 72 add [esp+72], cl 7C9272D7 53 push ebx 7C9272D8 68 7574646F push 6F647475 7C9272DD 77 6E ja short 7C92734D 7C9272DF 50 push eax 7C9272E0 72 6F jb short 7C927351 7C9272E2 6365 73 arpl [ebp+73], sp 7C9272E5 73 00 jnb short 7C9272E7 7C9272E7 4C dec esp 7C9272E8 64:72 53 jb short 7C92733E 7C9272EB 68 7574646F push 6F647475 7C9272F0 77 6E ja short 7C927360 7C9272F2 54 push esp 7C9272F3 68 72656164 push 64616572 7C9272F8 004C64 72 add [esp+72], cl 7C9272FC 55 push ebp 7C9272FD 6E outs dx, byte ptr es:[edi] 7C9272FE 6C ins byte ptr es:[edi], dx 7C9272FF 6F outs dx, dword ptr es:[edi] 7C927300 61 popad 7C927301 64:41 inc ecx 7C927303 6C ins byte ptr es:[edi], dx 7C927304 74 65 je short 7C92736B 7C927306 72 6E jb short 7C927376 7C927308 61 popad 7C927309 74 65 je short 7C927370 7C92730B 52 push edx ; msvcrt.77C31AE8 7C92730C 65:73 6F jnb short 7C92737E 7C92730F 75 72 jnz short 7C927383 7C927311 6365 4D arpl [ebp+4D], sp 7C927314 6F outs dx, dword ptr es:[edi] 7C927315 64:75 6C jnz short 7C927384 7C927318 65:004C64 72 add gs:[esp+72], cl 7C92731D 55 push ebp 7C92731E 6E outs dx, byte ptr es:[edi] 7C92731F 6C ins byte ptr es:[edi], dx 7C927320 6F outs dx, dword ptr es:[edi] 7C927321 61 popad 7C927322 64:44 inc esp 7C927324 6C ins byte ptr es:[edi], dx 7C927325 6C ins byte ptr es:[edi], dx 7C927326 004C64 72 add [esp+72], cl 7C92732A 55 push ebp 7C92732B 6E outs dx, byte ptr es:[edi] 7C92732C 6C ins byte ptr es:[edi], dx 7C92732D 6F outs dx, dword ptr es:[edi] 7C92732E 636B 4C arpl [ebx+4C], bp 7C927331 6F outs dx, dword ptr es:[edi] 7C927332 61 popad 7C927333 64: prefix fs: 7C927334 65:72 4C jb short 7C927383 7C927337 6F outs dx, dword ptr es:[edi] 7C927338 636B 00 arpl [ebx], bp 7C92733B 4C dec esp 7C92733C 64:72 56 jb short 7C927395 7C92733F 65:72 69 jb short 7C9273AB 7C927342 - 66:79 49 jns short 0000738E 7C927345 6D ins dword ptr es:[edi], dx 7C927346 61 popad 7C927347 67:65:4D dec ebp 7C92734A 61 popad 7C92734B 74 63 je short 7C9273B0 7C92734D 68 65734368 push 68437365 7C927352 65:636B 73 arpl gs:[ebx+73], bp 7C927356 75 6D jnz short 7C9273C5 7C927358 004E 6C add [esi+6C], cl 7C92735B 73 41 jnb short 7C92739E 7C92735D 6E outs dx, byte ptr es:[edi] 7C92735E 73 69 jnb short 7C9273C9 7C927360 43 inc ebx 7C927361 6F outs dx, dword ptr es:[edi] 7C927362 64: prefix fs: 7C927363 65:50 push eax 7C927365 61 popad 7C927366 67:65:004E 6C add gs:[bp+6C], cl 7C92736B 73 4D jnb short 7C9273BA 7C92736D 6243 6F bound eax, [ebx+6F] 7C927370 64: prefix fs: 7C927371 65:50 push eax 7C927373 61 popad 7C927374 67:65:54 push esp 7C927377 61 popad 7C927378 67:004E 6C add [bp+6C], cl 7C92737C 73 4D jnb short 7C9273CB 7C92737E 624F 65 bound ecx, [edi+65] 7C927381 6D ins dword ptr es:[edi], dx 7C927382 43 inc ebx 7C927383 6F outs dx, dword ptr es:[edi] 7C927384 64: prefix fs: 7C927385 65:50 push eax 7C927387 61 popad 7C927388 67:65:54 push esp 7C92738B 61 popad 7C92738C 67:004E 74 add [bp+74], cl 7C927390 41 inc ecx 7C927391 6363 65 arpl [ebx+65], sp 7C927394 70 74 jo short 7C92740A 7C927396 43 inc ebx 7C927397 6F outs dx, dword ptr es:[edi] 7C927398 6E outs dx, byte ptr es:[edi] 7C927399 6E outs dx, byte ptr es:[edi] 7C92739A 65:637450 6F arpl gs:[eax+edx*2+6F], si 7C92739F 72 74 jb short 7C927415 7C9273A1 004E 74 add [esi+74], cl 7C9273A4 41 inc ecx 7C9273A5 6363 65 arpl [ebx+65], sp 7C9273A8 73 73 jnb short 7C92741D 7C9273AA 43 inc ebx 7C9273AB 68 65636B00 push 6B6365 7C9273B0 4E dec esi ; ntdll.ZwTerminateProcess 7C9273B1 74 41 je short 7C9273F4 7C9273B3 6363 65 arpl [ebx+65], sp 7C9273B6 73 73 jnb short 7C92742B 7C9273B8 43 inc ebx 7C9273B9 68 65636B41 push 416B6365 7C9273BE 6E outs dx, byte ptr es:[edi] 7C9273BF 64:41 inc ecx 7C9273C1 75 64 jnz short 7C927427 7C9273C3 697441 6C 61726>imul esi, [ecx+eax*2+6C], 6D7261 7C9273CB 4E dec esi ; ntdll.ZwTerminateProcess 7C9273CC 74 41 je short 7C92740F 7C9273CE 6363 65 arpl [ebx+65], sp 7C9273D1 73 73 jnb short 7C927446 7C9273D3 43 inc ebx 7C9273D4 68 65636B42 push 426B6365 7C9273D9 79 54 jns short 7C92742F 7C9273DB 79 70 jns short 7C92744D 7C9273DD 65:004E 74 add gs:[esi+74], cl 7C9273E1 41 inc ecx 7C9273E2 6363 65 arpl [ebx+65], sp 7C9273E5 73 73 jnb short 7C92745A 7C9273E7 43 inc ebx 7C9273E8 68 65636B42 push 426B6365 7C9273ED 79 54 jns short 7C927443 7C9273EF 79 70 jns short 7C927461 7C9273F1 65:41 inc ecx 7C9273F3 6E outs dx, byte ptr es:[edi] 7C9273F4 64:41 inc ecx 7C9273F6 75 64 jnz short 7C92745C 7C9273F8 697441 6C 61726>imul esi, [ecx+eax*2+6C], 6D7261 7C927400 4E dec esi ; ntdll.ZwTerminateProcess 7C927401 74 41 je short 7C927444 7C927403 6363 65 arpl [ebx+65], sp 7C927406 73 73 jnb short 7C92747B 7C927408 43 inc ebx 7C927409 68 65636B42 push 426B6365 7C92740E 79 54 jns short 7C927464 7C927410 79 70 jns short 7C927482 7C927412 65:52 push edx ; msvcrt.77C31AE8 7C927414 65:73 75 jnb short 7C92748C 7C927417 6C ins byte ptr es:[edi], dx 7C927418 74 4C je short 7C927466 7C92741A 6973 74 004E744>imul esi, [ebx+74], 41744E00 7C927421 6363 65 arpl [ebx+65], sp 7C927424 73 73 jnb short 7C927499 7C927426 43 inc ebx 7C927427 68 65636B42 push 426B6365 7C92742C 79 54 jns short 7C927482 7C92742E 79 70 jns short 7C9274A0 7C927430 65:52 push edx ; msvcrt.77C31AE8 7C927432 65:73 75 jnb short 7C9274AA 7C927435 6C ins byte ptr es:[edi], dx 7C927436 74 4C je short 7C927484 7C927438 6973 74 416E644>imul esi, [ebx+74], 41646E41 7C92743F 75 64 jnz short 7C9274A5 7C927441 697441 6C 61726>imul esi, [ecx+eax*2+6C], 6D7261 7C927449 4E dec esi ; ntdll.ZwTerminateProcess 7C92744A 74 41 je short 7C92748D 7C92744C 6363 65 arpl [ebx+65], sp 7C92744F 73 73 jnb short 7C9274C4 7C927451 43 inc ebx 7C927452 68 65636B42 push 426B6365 7C927457 79 54 jns short 7C9274AD 7C927459 79 70 jns short 7C9274CB 7C92745B 65:52 push edx ; msvcrt.77C31AE8 7C92745D 65:73 75 jnb short 7C9274D5 7C927460 6C ins byte ptr es:[edi], dx 7C927461 74 4C je short 7C9274AF 7C927463 6973 74 416E644>imul esi, [ebx+74], 41646E41 7C92746A 75 64 jnz short 7C9274D0 7C92746C 697441 6C 61726>imul esi, [ecx+eax*2+6C], 426D7261 7C927474 79 48 jns short 7C9274BE 7C927476 61 popad 7C927477 6E outs dx, byte ptr es:[edi] 7C927478 64:6C ins byte ptr es:[edi], dx 7C92747A 65:004E 74 add gs:[esi+74], cl 7C92747E 41 inc ecx 7C92747F 64: prefix fs: 7C927480 64:41 inc ecx 7C927482 74 6F je short 7C9274F3 7C927484 6D ins dword ptr es:[edi], dx 7C927485 004E 74 add [esi+74], cl 7C927488 41 inc ecx 7C927489 64: prefix fs: 7C92748A 64:42 inc edx ; msvcrt.77C31AE8 |
|
[讨论]程序分析!
7C9257C9 A1 000078A1 mov eax, [A1780000] 7C9257CE 0000 add [eax], al 7C9257D0 8CA1 0000A1A1 mov [ecx+A1A10000], fs 7C9257D6 0000 add [eax], al 7C9257D8 BE A10000E7 mov esi, E70000A1 7C9257DD A1 000001A2 mov eax, [A2010000] 7C9257E2 0000 add [eax], al 7C9257E4 1E push ds 7C9257E5 A2 000037A2 mov [A2370000], al 7C9257EA 0000 add [eax], al 7C9257EC 4A dec edx ; msvcrt.77C31AE8 7C9257ED A2 000061A2 mov [A2610000], al 7C9257F2 0000 add [eax], al 7C9257F4 ^ 77 A2 ja short 7C925798 7C9257F6 0000 add [eax], al 7C9257F8 8EA2 00009FA2 mov fs, [edx+A29F0000] 7C9257FE 0000 add [eax], al 7C925800 BF A20000DC mov edi, DC0000A2 7C925805 A2 0000FCA2 mov [A2FC0000], al 7C92580A 0000 add [eax], al 7C92580C 14 A3 adc al, 0A3 7C92580E 0000 add [eax], al 7C925810 25 A300003F and eax, 3F0000A3 7C925815 A3 000058A3 mov [A3580000], eax 7C92581A 0000 add [eax], al 7C92581C ^ 74 A3 je short 7C9257C1 7C92581E 0000 add [eax], al 7C925820 91 xchg eax, ecx 7C925821 A3 0000ADA3 mov [A3AD0000], eax 7C925826 0000 add [eax], al 7C925828 C0A3 0000D8A3 0>shl byte ptr [ebx+A3D80000], 0 7C92582F 00F2 add dl, dh 7C925831 A3 00000CA4 mov [A40C0000], eax 7C925836 0000 add [eax], al 7C925838 24 A4 and al, 0A4 7C92583A 0000 add [eax], al 7C92583C 3C A4 cmp al, 0A4 7C92583E 0000 add [eax], al 7C925840 56 push esi ; ntdll.ZwTerminateProcess 7C925841 A4 movs byte ptr es:[edi], byte ptr [esi> 7C925842 0000 add [eax], al 7C925844 ^ 70 A4 jo short 7C9257EA 7C925846 0000 add [eax], al 7C925848 88A400 00A0A400 mov [eax+eax+A4A000], ah 7C92584F 00BA A40000D4 add [edx+D40000A4], bh 7C925855 A4 movs byte ptr es:[edi], byte ptr [esi> 7C925856 0000 add [eax], al 7C925858 EC in al, dx 7C925859 A4 movs byte ptr es:[edi], byte ptr [esi> 7C92585A 0000 add [eax], al 7C92585C 04 A5 add al, 0A5 7C92585E 0000 add [eax], al 7C925860 1E push ds 7C925861 A5 movs dword ptr es:[edi], dword ptr [e> 7C925862 0000 add [eax], al 7C925864 38A5 000050A5 cmp [ebp+A5500000], ah 7C92586A 0000 add [eax], al 7C92586C 6D ins dword ptr es:[edi], dx 7C92586D A5 movs dword ptr es:[edi], dword ptr [e> 7C92586E 0000 add [eax], al 7C925870 82A5 000099A5 0>and byte ptr [ebp+A5990000], 0 7C925877 00B3 A50000CA add [ebx+CA0000A5], dh 7C92587D A5 movs dword ptr es:[edi], dword ptr [e> 7C92587E 0000 add [eax], al 7C925880 DEA5 0000EFA5 fisub word ptr [ebp+A5EF0000] 7C925886 0000 add [eax], al 7C925888 0E push cs 7C925889 A6 cmps byte ptr [esi], byte ptr es:[edi> 7C92588A 0000 add [eax], al 7C92588C 1F pop ds 7C92588D A6 cmps byte ptr [esi], byte ptr es:[edi> 7C92588E 0000 add [eax], al 7C925890 35 A6000048 xor eax, 480000A6 7C925895 A6 cmps byte ptr [esi], byte ptr es:[edi> 7C925896 0000 add [eax], al 7C925898 67:A6 cmps byte ptr [si], byte ptr es:[di] 7C92589A 0000 add [eax], al 7C92589C ^ 7D A6 jge short 7C925844 7C92589E 0000 add [eax], al 7C9258A0 93 xchg eax, ebx 7C9258A1 A6 cmps byte ptr [esi], byte ptr es:[edi> 7C9258A2 0000 add [eax], al 7C9258A4 AC lods byte ptr [esi] 7C9258A5 A6 cmps byte ptr [esi], byte ptr es:[edi> 7C9258A6 0000 add [eax], al 7C9258A8 C6 ??? ; 未知命令 7C9258A9 A6 cmps byte ptr [esi], byte ptr es:[edi> 7C9258AA 0000 add [eax], al 7C9258AC DEA6 0000F4A6 fisub word ptr [esi+A6F40000] 7C9258B2 0000 add [eax], al 7C9258B4 0C A7 or al, 0A7 7C9258B6 0000 add [eax], al 7C9258B8 21A7 00003DA7 and [edi+A73D0000], esp 7C9258BE 0000 add [eax], al 7C9258C0 4A dec edx ; msvcrt.77C31AE8 7C9258C1 A7 cmps dword ptr [esi], dword ptr es:[e> 7C9258C2 0000 add [eax], al 7C9258C4 63A7 000079A7 arpl [edi+A7790000], sp 7C9258CA 0000 add [eax], al 7C9258CC 85A7 00009FA7 test [edi+A79F0000], esp 7C9258D2 0000 add [eax], al 7C9258D4 B4 A7 mov ah, 0A7 7C9258D6 0000 add [eax], al 7C9258D8 CD A7 int 0A7 7C9258DA 0000 add [eax], al 7C9258DC EA A700000A A80>jmp far 00A8:0A0000A7 7C9258E3 0020 add [eax], ah 7C9258E5 A8 00 test al, 0 7C9258E7 0032 add [edx], dh 7C9258E9 A8 00 test al, 0 7C9258EB 0050 A8 add [eax-58], dl 7C9258EE 0000 add [eax], al 7C9258F0 63A8 000071A8 arpl [eax+A8710000], bp 7C9258F6 0000 add [eax], al 7C9258F8 93 xchg eax, ebx 7C9258F9 A8 00 test al, 0 7C9258FB 00AA A80000C4 add [edx+C40000A8], ch 7C925901 A8 00 test al, 0 7C925903 00E1 add cl, ah 7C925905 A8 00 test al, 0 7C925907 00FD add ch, bh 7C925909 A8 00 test al, 0 7C92590B 0012 add [edx], dl 7C92590D A9 000029A9 test eax, A9290000 7C925912 0000 add [eax], al 7C925914 55 push ebp 7C925915 A9 00006FA9 test eax, A96F0000 7C92591A 0000 add [eax], al 7C92591C 8AA9 0000A0A9 mov ch, [ecx+A9A00000] 7C925922 0000 add [eax], al 7C925924 BB A90000D9 mov ebx, D90000A9 7C925929 A9 0000FAA9 test eax, A9FA0000 7C92592E 0000 add [eax], al 7C925930 0FAA rsm 7C925932 0000 add [eax], al 7C925934 22AA 00003CAA and ch, [edx+AA3C0000] 7C92593A 0000 add [eax], al 7C92593C 58 pop eax ; ntdll.7C92E89A 7C92593D AA stos byte ptr es:[edi] 7C92593E 0000 add [eax], al 7C925940 69AA 00007CAA 0>imul ebp, [edx+AA7C0000], AA8E0000 7C92594A 0000 add [eax], al 7C92594C A4 movs byte ptr es:[edi], byte ptr [esi> 7C92594D AA stos byte ptr es:[edi] 7C92594E 0000 add [eax], al 7C925950 B0 AA mov al, 0AA 7C925952 0000 add [eax], al 7C925954 C0AA 0000D7AA 0>shr byte ptr [edx+AAD70000], 0 7C92595B 00E6 add dh, ah 7C92595D AA stos byte ptr es:[edi] 7C92595E 0000 add [eax], al 7C925960 F3:AA rep stos byte ptr es:[edi] 7C925962 0000 add [eax], al 7C925964 0BAB 00001EAB or ebp, [ebx+AB1E0000] 7C92596A 0000 add [eax], al 7C92596C 3C AB cmp al, 0AB 7C92596E 0000 add [eax], al 7C925970 54 push esp 7C925971 AB stos dword ptr es:[edi] 7C925972 0000 add [eax], al 7C925974 6BAB 000090AB 0>imul ebp, [ebx+AB900000], 0 7C92597B 00BB AB0000D9 add [ebx+D90000AB], bh 7C925981 AB stos dword ptr es:[edi] 7C925982 0000 add [eax], al 7C925984 FD std 7C925985 AB stos dword ptr es:[edi] 7C925986 0000 add [eax], al 7C925988 1D AC00003C sbb eax, 3C0000AC 7C92598D AC lods byte ptr [esi] 7C92598E 0000 add [eax], al 7C925990 5B pop ebx ; ntdll.7C92E89A 7C925991 AC lods byte ptr [esi] 7C925992 0000 add [eax], al 7C925994 ^ 72 AC jb short 7C925942 7C925996 0000 add [eax], al 7C925998 89AC00 0099AC00 mov [eax+eax+AC9900], ebp 7C92599F 00B5 AC0000CC add [ebp+CC0000AC], dh 7C9259A5 AC lods byte ptr [esi] 7C9259A6 0000 add [eax], al 7C9259A8 DD ??? ; 未知命令 7C9259A9 AC lods byte ptr [esi] 7C9259AA 0000 add [eax], al 7C9259AC EF out dx, eax 7C9259AD AC lods byte ptr [esi] 7C9259AE 0000 add [eax], al 7C9259B0 FE ??? ; 未知命令 7C9259B1 AC lods byte ptr [esi] 7C9259B2 0000 add [eax], al 7C9259B4 08AD 000014AD or [ebp+AD140000], ch 7C9259BA 0000 add [eax], al 7C9259BC 26:AD lods dword ptr es:[esi] 7C9259BE 0000 add [eax], al 7C9259C0 3AAD 00005AAD cmp ch, [ebp+AD5A0000] 7C9259C6 0000 add [eax], al 7C9259C8 6D ins dword ptr es:[edi], dx 7C9259C9 AD lods dword ptr [esi] 7C9259CA 0000 add [eax], al 7C9259CC ^ 7E AD jle short 7C92597B 7C9259CE 0000 add [eax], al 7C9259D0 A3 AD0000B3 mov [B30000AD], eax 7C9259D5 AD lods dword ptr [esi] 7C9259D6 0000 add [eax], al 7C9259D8 CF iretd 7C9259D9 AD lods dword ptr [esi] 7C9259DA 0000 add [eax], al 7C9259DC E6 AD out 0AD, al 7C9259DE 0000 add [eax], al 7C9259E0 F8 clc 7C9259E1 AD lods dword ptr [esi] 7C9259E2 0000 add [eax], al 7C9259E4 0BAE 000019AE or ebp, [esi+AE190000] 7C9259EA 0000 add [eax], al 7C9259EC 3BAE 000053AE cmp ebp, [esi+AE530000] 7C9259F2 0000 add [eax], al 7C9259F4 6C ins byte ptr es:[edi], dx 7C9259F5 AE scas byte ptr es:[edi] 7C9259F6 0000 add [eax], al 7C9259F8 82AE 00009CAE 0>sub byte ptr [esi+AE9C0000], 0 7C9259FF 00B6 AE0000D0 add [esi+D00000AE], dh 7C925A05 AE scas byte ptr es:[edi] 7C925A06 0000 add [eax], al 7C925A08 EA AE0000FE AE0>jmp far 00AE:FE0000AE 7C925A0F 001A add [edx], bl 7C925A11 AF scas dword ptr es:[edi] 7C925A12 0000 add [eax], al 7C925A14 37 aaa 7C925A15 AF scas dword ptr es:[edi] 7C925A16 0000 add [eax], al 7C925A18 45 inc ebp 7C925A19 AF scas dword ptr es:[edi] 7C925A1A 0000 add [eax], al 7C925A1C 68 AF000073 push 730000AF 7C925A21 AF scas dword ptr es:[edi] 7C925A22 0000 add [eax], al 7C925A24 93 xchg eax, ebx 7C925A25 AF scas dword ptr es:[edi] 7C925A26 0000 add [eax], al 7C925A28 B2 AF mov dl, 0AF 7C925A2A 0000 add [eax], al 7C925A2C CB retf 7C925A2D AF scas dword ptr es:[edi] 7C925A2E 0000 add [eax], al 7C925A30 E4 AF in al, 0AF 7C925A32 0000 add [eax], al 7C925A34 01B0 00001BB0 add [eax+B01B0000], esi ; ntdll.ZwTerminateProcess 7C925A3A 0000 add [eax], al 7C925A3C 39B0 00004FB0 cmp [eax+B04F0000], esi ; ntdll.ZwTerminateProcess 7C925A42 0000 add [eax], al 7C925A44 64:B0 00 mov al, 0 7C925A47 007F B0 add [edi-50], bh 7C925A4A 0000 add [eax], al 7C925A4C 94 xchg eax, esp 7C925A4D B0 00 mov al, 0 7C925A4F 00C0 add al, al 7C925A51 B0 00 mov al, 0 7C925A53 00D7 add bh, dl 7C925A55 B0 00 mov al, 0 7C925A57 00F5 add ch, dh 7C925A59 B0 00 mov al, 0 7C925A5B 000D B100002A add [2A0000B1], cl 7C925A61 B1 00 mov cl, 0 7C925A63 004CB1 00 add [ecx+esi*4], cl 7C925A67 0061 B1 add [ecx-4F], ah 7C925A6A 0000 add [eax], al 7C925A6C ^ 78 B1 js short 7C925A1F 7C925A6E 0000 add [eax], al 7C925A70 8F ??? ; 未知命令 7C925A71 B1 00 mov cl, 0 7C925A73 00A9 B10000C3 add [ecx+C30000B1], ch 7C925A79 B1 00 mov cl, 0 7C925A7B 00CF add bh, cl 7C925A7D B1 00 mov cl, 0 7C925A7F 00E5 add ch, ah 7C925A81 B1 00 mov cl, 0 7C925A83 00F9 add cl, bh 7C925A85 B1 00 mov cl, 0 7C925A87 000D B2000019 add [190000B2], cl 7C925A8D B2 00 mov dl, 0 7C925A8F 0022 add [edx], ah 7C925A91 B2 00 mov dl, 0 7C925A93 0030 add [eax], dh 7C925A95 B2 00 mov dl, 0 7C925A97 0044B2 00 add [edx+esi*4], al 7C925A9B 0056 B2 add [esi-4E], dl 7C925A9E 0000 add [eax], al 7C925AA0 6E outs dx, byte ptr es:[edi] 7C925AA1 B2 00 mov dl, 0 7C925AA3 0081 B2000097 add [ecx+970000B2], al 7C925AA9 B2 00 mov dl, 0 7C925AAB 00AB B20000C4 add [ebx+C40000B2], ch 7C925AB1 B2 00 mov dl, 0 7C925AB3 00D8 add al, bl 7C925AB5 B2 00 mov dl, 0 7C925AB7 00F3 add bl, dh 7C925AB9 B2 00 mov dl, 0 7C925ABB 000D B3000027 add [270000B3], cl 7C925AC1 B3 00 mov bl, 0 7C925AC3 003B add [ebx], bh 7C925AC5 B3 00 mov bl, 0 7C925AC7 004F B3 add [edi-4D], cl 7C925ACA 0000 add [eax], al 7C925ACC 66:B3 00 mov bl, 0 7C925ACF 007E B3 add [esi-4D], bh 7C925AD2 0000 add [eax], al 7C925AD4 98 cwde 7C925AD5 B3 00 mov bl, 0 7C925AD7 00AD B30000C2 add [ebp+C20000B3], ch 7C925ADD B3 00 mov bl, 0 7C925ADF 00D9 add cl, bl 7C925AE1 B3 00 mov bl, 0 7C925AE3 00F2 add dl, dh 7C925AE5 B3 00 mov bl, 0 7C925AE7 000D B400001E add [1E0000B4], cl 7C925AED B4 00 mov ah, 0 7C925AEF 0033 add [ebx], dh 7C925AF1 B4 00 mov ah, 0 7C925AF3 004F B4 add [edi-4C], cl 7C925AF6 0000 add [eax], al 7C925AF8 6C ins byte ptr es:[edi], dx 7C925AF9 B4 00 mov ah, 0 7C925AFB 0087 B40000A4 add [edi+A40000B4], al 7C925B01 B4 00 mov ah, 0 7C925B03 00C7 add bh, al 7C925B05 B4 00 mov ah, 0 7C925B07 00E1 add cl, ah 7C925B09 B4 00 mov ah, 0 7C925B0B 00FB add bl, bh 7C925B0D B4 00 mov ah, 0 7C925B0F 0017 add [edi], dl 7C925B11 B5 00 mov ch, 0 7C925B13 002D B5000044 add [440000B5], ch 7C925B19 B5 00 mov ch, 0 7C925B1B 005E B5 add [esi-4B], bl 7C925B1E 0000 add [eax], al 7C925B20 6F outs dx, dword ptr es:[edi] 7C925B21 B5 00 mov ch, 0 7C925B23 007A B5 add [edx-4B], bh 7C925B26 0000 add [eax], al 7C925B28 92 xchg eax, edx ; msvcrt.77C31AE8 7C925B29 B5 00 mov ch, 0 7C925B2B 00A0 B50000BC add [eax+BC0000B5], ah 7C925B31 B5 00 mov ch, 0 7C925B33 00C6 add dh, al 7C925B35 B5 00 mov ch, 0 7C925B37 00DB add bl, bl 7C925B39 B5 00 mov ch, 0 7C925B3B 00F2 add dl, dh 7C925B3D B5 00 mov ch, 0 7C925B3F 0015 B600003E add [3E0000B6], dl 7C925B45 B6 00 mov dh, 0 7C925B47 0060 B6 add [eax-4A], ah 7C925B4A 0000 add [eax], al 7C925B4C ^ 7C B6 jl short 7C925B04 7C925B4E 0000 add [eax], al 7C925B50 99 cdq 7C925B51 B6 00 mov dh, 0 7C925B53 00B0 B60000BF add [eax+BF0000B6], dh 7C925B59 B6 00 mov dh, 0 7C925B5B 00CC add ah, cl 7C925B5D B6 00 mov dh, 0 7C925B5F 00DB add bl, bl 7C925B61 B6 00 mov dh, 0 7C925B63 00E8 add al, ch 7C925B65 B6 00 mov dh, 0 7C925B67 00FA add dl, bh 7C925B69 B6 00 mov dh, 0 7C925B6B 0006 add [esi], al 7C925B6D B7 00 mov bh, 0 7C925B6F 0029 add [ecx], ch 7C925B71 B7 00 mov bh, 0 7C925B73 0044B7 00 add [edi+esi*4], al 7C925B77 0050 B7 add [eax-49], dl 7C925B7A 0000 add [eax], al 7C925B7C 60 pushad 7C925B7D B7 00 mov bh, 0 7C925B7F 0078 B7 add [eax-49], bh 7C925B82 0000 add [eax], al 7C925B84 91 xchg eax, ecx 7C925B85 B7 00 mov bh, 0 7C925B87 00A6 B70000B8 add [esi+B80000B7], ah 7C925B8D B7 00 mov bh, 0 7C925B8F 00C4 add ah, al 7C925B91 B7 00 mov bh, 0 7C925B93 00D9 add cl, bl 7C925B95 B7 00 mov bh, 0 7C925B97 00EF add bh, ch 7C925B99 B7 00 mov bh, 0 7C925B9B 00FB add bl, bh 7C925B9D B7 00 mov bh, 0 7C925B9F 0009 add [ecx], cl 7C925BA1 B8 000025B8 mov eax, B8250000 7C925BA6 0000 add [eax], al 7C925BA8 3D B8000052 cmp eax, 520000B8 7C925BAD B8 00006EB8 mov eax, B86E0000 7C925BB2 0000 add [eax], al 7C925BB4 ^ 7E B8 jle short 7C925B6E 7C925BB6 0000 add [eax], al 7C925BB8 94 xchg eax, esp 7C925BB9 B8 0000ABB8 mov eax, B8AB0000 7C925BBE 0000 add [eax], al 7C925BC0 B9 B80000CD mov ecx, CD0000B8 7C925BC5 B8 0000DFB8 mov eax, B8DF0000 7C925BCA 0000 add [eax], al 7C925BCC F9 stc 7C925BCD B8 000014B9 mov eax, B9140000 7C925BD2 0000 add [eax], al 7C925BD4 30B9 00004BB9 xor [ecx+B94B0000], bh 7C925BDA 0000 add [eax], al 7C925BDC 67:B9 000082B9 mov ecx, B9820000 7C925BE2 0000 add [eax], al 7C925BE4 96 xchg eax, esi ; ntdll.ZwTerminateProcess 7C925BE5 B9 0000AAB9 mov ecx, B9AA0000 7C925BEA 0000 add [eax], al 7C925BEC B8 B90000D3 mov eax, D30000B9 7C925BF1 B9 0000E7B9 mov ecx, B9E70000 7C925BF6 0000 add [eax], al 7C925BF8 08BA 000026BA or [edx+BA260000], bh 7C925BFE 0000 add [eax], al 7C925C00 51 push ecx 7C925C01 BA 000084BA mov edx, BA840000 7C925C06 0000 add [eax], al 7C925C08 8EBA 00009DBA mov seg?, [edx+BA9D0000] ; 未定义的段寄存器 7C925C0E 0000 add [eax], al 7C925C10 B1 BA mov cl, 0BA 7C925C12 0000 add [eax], al 7C925C14 C9 leave 7C925C15 BA 0000DDBA mov edx, BADD0000 7C925C1A 0000 add [eax], al 7C925C1C ^ EB BA jmp short 7C925BD8 7C925C1E 0000 add [eax], al 7C925C20 05 BB000021 add eax, 210000BB 7C925C25 BB 000031BB mov ebx, BB310000 7C925C2A 0000 add [eax], al 7C925C2C 49 dec ecx 7C925C2D BB 000061BB mov ebx, BB610000 7C925C32 0000 add [eax], al 7C925C34 ^ 7C BB jl short 7C925BF1 7C925C36 0000 add [eax], al 7C925C38 8DBB 0000A9BB lea edi, [ebx+BBA90000] 7C925C3E 0000 add [eax], al 7C925C40 B8 BB0000C6 mov eax, C60000BB 7C925C45 BB 0000D3BB mov ebx, BBD30000 7C925C4A 0000 add [eax], al 7C925C4C DBBB 0000F3BB fstp tbyte ptr [ebx+BBF30000] 7C925C52 0000 add [eax], al 7C925C54 01BC00 0011BC00 add [eax+eax+BC1100], edi 7C925C5B 0027 add [edi], ah 7C925C5D BC 000035BC mov esp, BC350000 7C925C62 0000 add [eax], al 7C925C64 43 inc ebx 7C925C65 BC 00004EBC mov esp, BC4E0000 7C925C6A 0000 add [eax], al 7C925C6C 62BC00 007ABC00 bound edi, [eax+eax+BC7A00] 7C925C73 0088 BC00009A add [eax+9A0000BC], cl 7C925C79 BC 0000A7BC mov esp, BCA70000 7C925C7E 0000 add [eax], al 7C925C80 BC BC0000CE mov esp, CE0000BC 7C925C85 BC 0000DDBC mov esp, BCDD0000 7C925C8A 0000 add [eax], al 7C925C8C - E9 BC0000FC jmp 78925D4D 7C925C91 BC 000011BD mov esp, BD110000 7C925C96 0000 add [eax], al 7C925C98 20BD 000036BD and [ebp+BD360000], bh 7C925C9E 0000 add [eax], al 7C925CA0 49 dec ecx 7C925CA1 BD 000056BD mov ebp, BD560000 7C925CA6 0000 add [eax], al 7C925CA8 66:BD 0000 mov bp, 0 7C925CAC ^ 78 BD js short 7C925C6B 7C925CAE 0000 add [eax], al 7C925CB0 88BD 000098BD mov [ebp+BD980000], bh 7C925CB6 0000 add [eax], al 7C925CB8 AA stos byte ptr es:[edi] 7C925CB9 BD 0000C5BD mov ebp, BDC50000 7C925CBE 0000 add [eax], al 7C925CC0 D4 BD aam 0BD 7C925CC2 0000 add [eax], al 7C925CC4 ^ E2 BD loopd short 7C925C83 7C925CC6 0000 add [eax], al 7C925CC8 F0:BD 000005BE lock mov ebp, BE050000 ; 不允许锁定前缀 7C925CCE 0000 add [eax], al 7C925CD0 1ABE 00002ABE sbb bh, [esi+BE2A0000] 7C925CD6 0000 add [eax], al 7C925CD8 3BBE 000048BE cmp edi, [esi+BE480000] 7C925CDE 0000 add [eax], al 7C925CE0 5A pop edx ; ntdll.7C92E89A 7C925CE1 BE 000067BE mov esi, BE670000 7C925CE6 0000 add [eax], al 7C925CE8 ^ 73 BE jnb short 7C925CA8 7C925CEA 0000 add [eax], al 7C925CEC 8CBE 00009DBE mov [esi+BE9D0000], seg? ; 未定义的段寄存器 7C925CF2 0000 add [eax], al 7C925CF4 B3 BE mov bl, 0BE 7C925CF6 0000 add [eax], al 7C925CF8 C3 retn 7C925CF9 BE 0000D5BE mov esi, BED50000 7C925CFE 0000 add [eax], al 7C925D00 E6 BE out 0BE, al 7C925D02 0000 add [eax], al 7C925D04 FD std 7C925D05 BE 00000CBF mov esi, BF0C0000 7C925D0A 0000 add [eax], al 7C925D0C 31BF 000045BF xor [edi+BF450000], edi 7C925D12 0000 add [eax], al 7C925D14 55 push ebp 7C925D15 BF 000063BF mov edi, BF630000 7C925D1A 0000 add [eax], al 7C925D1C 6E outs dx, byte ptr es:[edi] 7C925D1D BF 000081BF mov edi, BF810000 7C925D22 0000 add [eax], al 7C925D24 99 cdq 7C925D25 BF 0000A4BF mov edi, BFA40000 7C925D2A 0000 add [eax], al 7C925D2C B9 BF0000CC mov ecx, CC0000BF 7C925D31 BF 0000E4BF mov edi, BFE40000 7C925D36 0000 add [eax], al 7C925D38 F8 clc 7C925D39 BF 000008C0 mov edi, C0080000 7C925D3E 0000 add [eax], al 7C925D40 1BC0 sbb eax, eax 7C925D42 0000 add [eax], al 7C925D44 31C0 xor eax, eax 7C925D46 0000 add [eax], al 7C925D48 44 inc esp 7C925D49 C000 00 rol byte ptr [eax], 0 7C925D4C 54 push esp 7C925D4D C000 00 rol byte ptr [eax], 0 7C925D50 ^ 70 C0 jo short 7C925D12 7C925D52 0000 add [eax], al 7C925D54 8AC0 mov al, al 7C925D56 0000 add [eax], al 7C925D58 9E sahf 7C925D59 C000 00 rol byte ptr [eax], 0 7C925D5C B3 C0 mov bl, 0C0 7C925D5E 0000 add [eax], al 7C925D60 C9 leave 7C925D61 C000 00 rol byte ptr [eax], 0 7C925D64 DAC0 fcmovb st, st 7C925D66 0000 add [eax], al 7C925D68 F4 hlt 7C925D69 C000 00 rol byte ptr [eax], 0 7C925D6C 01C1 add ecx, eax 7C925D6E 0000 add [eax], al 7C925D70 0E push cs 7C925D71 C100 00 rol dword ptr [eax], 0 7C925D74 18C1 sbb cl, al 7C925D76 0000 add [eax], al 7C925D78 23C1 and eax, ecx 7C925D7A 0000 add [eax], al 7C925D7C 2E:C100 00 rol dword ptr cs:[eax], 0 7C925D80 4A dec edx ; msvcrt.77C31AE8 7C925D81 C100 00 rol dword ptr [eax], 0 7C925D84 5C pop esp ; ntdll.7C92E89A 7C925D85 C100 00 rol dword ptr [eax], 0 7C925D88 ^ 70 C1 jo short 7C925D4B 7C925D8A 0000 add [eax], al 7C925D8C 86C1 xchg cl, al 7C925D8E 0000 add [eax], al 7C925D90 9C pushfd 7C925D91 C100 00 rol dword ptr [eax], 0 7C925D94 B3 C1 mov bl, 0C1 7C925D96 0000 add [eax], al 7C925D98 D1C1 rol ecx, 1 7C925D9A 0000 add [eax], al 7C925D9C E4 C1 in al, 0C1 7C925D9E 0000 add [eax], al 7C925DA0 F6C1 00 test cl, 0 7C925DA3 0012 add [edx], dl 7C925DA5 C2 0000 retn 0 7C925DA8 24 C2 and al, 0C2 7C925DAA 0000 add [eax], al 7C925DAC 3F aas 7C925DAD C2 0000 retn 0 7C925DB0 55 push ebp 7C925DB1 C2 0000 retn 0 7C925DB4 61 popad 7C925DB5 C2 0000 retn 0 7C925DB8 ^ 71 C2 jno short 7C925D7C 7C925DBA 0000 add [eax], al 7C925DBC ^ 7C C2 jl short 7C925D80 7C925DBE 0000 add [eax], al 7C925DC0 8FC2 pop edx ; ntdll.7C92E89A 7C925DC2 0000 add [eax], al 7C925DC4 9F lahf 7C925DC5 C2 0000 retn 0 7C925DC8 A9 C20000BA test eax, BA0000C2 7C925DCD C2 0000 retn 0 7C925DD0 C7C2 0000DEC2 mov edx, C2DE0000 7C925DD6 0000 add [eax], al 7C925DD8 EC in al, dx 7C925DD9 C2 0000 retn 0 7C925DDC FFC2 inc edx ; msvcrt.77C31AE8 7C925DDE 0000 add [eax], al 7C925DE0 14 C3 adc al, 0C3 7C925DE2 0000 add [eax], al 7C925DE4 22C3 and al, bl 7C925DE6 0000 add [eax], al 7C925DE8 32C3 xor al, bl 7C925DEA 0000 add [eax], al 7C925DEC 4B dec ebx 7C925DED C3 retn 7C925DEE 0000 add [eax], al 7C925DF0 58 pop eax ; ntdll.7C92E89A 7C925DF1 C3 retn 7C925DF2 0000 add [eax], al 7C925DF4 6A C3 push -3D 7C925DF6 0000 add [eax], al 7C925DF8 ^ 7E C3 jle short 7C925DBD 7C925DFA 0000 add [eax], al 7C925DFC 8AC3 mov al, bl 7C925DFE 0000 add [eax], al 7C925E00 9C pushfd 7C925E01 C3 retn 7C925E02 0000 add [eax], al 7C925E04 AF scas dword ptr es:[edi] 7C925E05 C3 retn 7C925E06 0000 add [eax], al 7C925E08 C0C3 00 rol bl, 0 7C925E0B 00DC add ah, bl 7C925E0D C3 retn 7C925E0E 0000 add [eax], al 7C925E10 FA cli 7C925E11 C3 retn 7C925E12 0000 add [eax], al 7C925E14 11C4 adc esp, eax 7C925E16 0000 add [eax], al 7C925E18 1E push ds 7C925E19 C400 les eax, [eax] 7C925E1B 0034C4 add [esp+eax*8], dh 7C925E1E 0000 add [eax], al 7C925E20 4A dec edx ; msvcrt.77C31AE8 7C925E21 C400 les eax, [eax] 7C925E23 005D C4 add [ebp-3C], bl 7C925E26 0000 add [eax], al 7C925E28 ^ 75 C4 jnz short 7C925DEE 7C925E2A 0000 add [eax], al 7C925E2C 8AC4 mov al, ah 7C925E2E 0000 add [eax], al 7C925E30 A3 C40000B8 mov [B80000C4], eax 7C925E35 C400 les eax, [eax] 7C925E37 00CF add bh, cl 7C925E39 C400 les eax, [eax] 7C925E3B 00DD add ch, bl 7C925E3D C400 les eax, [eax] 7C925E3F 00EA add dl, ch 7C925E41 C400 les eax, [eax] 7C925E43 0004C5 00001BC5 add [eax*8+C51B0000], al 7C925E4A 0000 add [eax], al 7C925E4C 32C5 xor al, ch 7C925E4E 0000 add [eax], al 7C925E50 4E dec esi ; ntdll.ZwTerminateProcess 7C925E51 C500 lds eax, [eax] 7C925E53 0065 C5 add [ebp-3B], ah 7C925E56 0000 add [eax], al 7C925E58 ^ 7F C5 jg short 7C925E1F 7C925E5A 0000 add [eax], al 7C925E5C 98 cwde 7C925E5D C500 lds eax, [eax] 7C925E5F 00B0 C50000C9 add [eax+C90000C5], dh 7C925E65 C500 lds eax, [eax] 7C925E67 00E0 add al, ah 7C925E69 C500 lds eax, [eax] 7C925E6B 00F4 add ah, dh 7C925E6D C500 lds eax, [eax] 7C925E6F 00FF add bh, bh 7C925E71 C500 lds eax, [eax] 7C925E73 0017 add [edi], dl 7C925E75 C600 00 mov byte ptr [eax], 0 7C925E78 25 C6000033 and eax, 330000C6 7C925E7D C600 00 mov byte ptr [eax], 0 7C925E80 46 inc esi ; ntdll.ZwTerminateProcess 7C925E81 C600 00 mov byte ptr [eax], 0 7C925E84 60 pushad 7C925E85 C600 00 mov byte ptr [eax], 0 7C925E88 ^ 7E C6 jle short 7C925E50 7C925E8A 0000 add [eax], al 7C925E8C 9A C60000A9 C60>call far 00C6:A90000C6 7C925E93 00BF C60000D0 add [edi+D00000C6], bh 7C925E99 C600 00 mov byte ptr [eax], 0 7C925E9C EA C6000008 C70>jmp far 00C7:080000C6 7C925EA3 0028 add [eax], ch 7C925EA5 C700 0041C700 mov dword ptr [eax], 0C74100 7C925EAB 0053 C7 add [ebx-39], dl 7C925EAE 0000 add [eax], al 7C925EB0 60 pushad 7C925EB1 C700 0077C700 mov dword ptr [eax], 0C77700 7C925EB7 0087 C700009C add [edi+9C0000C7], al 7C925EBD C700 00B9C700 mov dword ptr [eax], 0C7B900 7C925EC3 00CA add dl, cl 7C925EC5 C700 00DBC700 mov dword ptr [eax], 0C7DB00 7C925ECB 00EC add ah, ch 7C925ECD C700 00F7C700 mov dword ptr [eax], 0C7F700 7C925ED3 0009 add [ecx], cl 7C925ED5 C8 00001B enter 0, 1B 7C925ED9 C8 00002F enter 0, 2F 7C925EDD C8 00004D enter 0, 4D 7C925EE1 C8 000061 enter 0, 61 7C925EE5 C8 000071 enter 0, 71 7C925EE9 C8 000084 enter 0, 84 7C925EED C8 000099 enter 0, 99 7C925EF1 C8 0000AE enter 0, 0AE 7C925EF5 C8 0000BA enter 0, 0BA 7C925EF9 C8 0000C7 enter 0, 0C7 7C925EFD C8 0000D3 enter 0, 0D3 7C925F01 C8 0000EA enter 0, 0EA 7C925F05 C8 000003 enter 0, 3 7C925F09 C9 leave 7C925F0A 0000 add [eax], al 7C925F0C 18C9 sbb cl, cl 7C925F0E 0000 add [eax], al 7C925F10 2E:C9 leave 7C925F12 0000 add [eax], al 7C925F14 3C C9 cmp al, 0C9 7C925F16 0000 add [eax], al 7C925F18 53 push ebx 7C925F19 C9 leave 7C925F1A 0000 add [eax], al 7C925F1C 6A C9 push -37 7C925F1E 0000 add [eax], al 7C925F20 ^ 77 C9 ja short 7C925EEB 7C925F22 0000 add [eax], al 7C925F24 89C9 mov ecx, ecx 7C925F26 0000 add [eax], al 7C925F28 96 xchg eax, esi ; ntdll.ZwTerminateProcess 7C925F29 C9 leave 7C925F2A 0000 add [eax], al 7C925F2C A6 cmps byte ptr [esi], byte ptr es:[edi> 7C925F2D C9 leave 7C925F2E 0000 add [eax], al 7C925F30 B5 C9 mov ch, 0C9 7C925F32 0000 add [eax], al 7C925F34 BF C90000CB mov edi, CB0000C9 7C925F39 C9 leave 7C925F3A 0000 add [eax], al 7C925F3C DCC9 fmul st(1), st 7C925F3E 0000 add [eax], al 7C925F40 F0:C9 lock leave ; 不允许锁定前缀 7C925F42 0000 add [eax], al 7C925F44 04 CA add al, 0CA 7C925F46 0000 add [eax], al 7C925F48 15 CA000028 adc eax, 280000CA 7C925F4D CA 0000 retf 0 7C925F50 3E:CA 0000 retf 0 7C925F54 58 pop eax ; ntdll.7C92E89A 7C925F55 CA 0000 retf 0 7C925F58 6BCA 00 imul ecx, edx, 0 ; msvcrt.77C31AE8 7C925F5B 0082 CA00008E add [edx+8E0000CA], al 7C925F61 CA 0000 retf 0 7C925F64 99 cdq 7C925F65 CA 0000 retf 0 7C925F68 B1 CA mov cl, 0CA 7C925F6A 0000 add [eax], al 7C925F6C C4CA les ecx, edx ; 非法使用寄存器 7C925F6E 0000 add [eax], al 7C925F70 DECA fmulp st(2), st 7C925F72 0000 add [eax], al 7C925F74 FA cli 7C925F75 CA 0000 retf 0 7C925F78 0FCB bswap ebx 7C925F7A 0000 add [eax], al 7C925F7C 29CB sub ebx, ecx 7C925F7E 0000 add [eax], al 7C925F80 3D CB000054 cmp eax, 540000CB 7C925F85 CB retf 7C925F86 0000 add [eax], al 7C925F88 6C ins byte ptr es:[edi], dx 7C925F89 CB retf 7C925F8A 0000 add [eax], al 7C925F8C 83CB 00 or ebx, 0 7C925F8F 0099 CB0000AE add [ecx+AE0000CB], bl 7C925F95 CB retf 7C925F96 0000 add [eax], al 7C925F98 C0CB 00 ror bl, 0 7C925F9B 00D0 add al, dl 7C925F9D CB retf 7C925F9E 0000 add [eax], al 7C925FA0 ^ E2 CB loopd short 7C925F6D 7C925FA2 0000 add [eax], al 7C925FA4 FC cld 7C925FA5 CB retf 7C925FA6 0000 add [eax], al 7C925FA8 16 push ss 7C925FA9 CC int3 7C925FAA 0000 add [eax], al 7C925FAC 2ACC sub cl, ah 7C925FAE 0000 add [eax], al 7C925FB0 46 inc esi ; ntdll.ZwTerminateProcess 7C925FB1 CC int3 7C925FB2 0000 add [eax], al 7C925FB4 64:CC int3 7C925FB6 0000 add [eax], al 7C925FB8 7B CC jpo short 7C925F86 7C925FBA 0000 add [eax], al 7C925FBC 91 xchg eax, ecx 7C925FBD CC int3 7C925FBE 0000 add [eax], al 7C925FC0 A1 CC0000BB mov eax, [BB0000CC] 7C925FC5 CC int3 7C925FC6 0000 add [eax], al 7C925FC8 C6 ??? ; 未知命令 7C925FC9 CC int3 7C925FCA 0000 add [eax], al 7C925FCC DBCC fcmovne st, st(4) 7C925FCE 0000 add [eax], al 7C925FD0 - E9 CC0000F7 jmp 739260A1 7C925FD5 CC int3 7C925FD6 0000 add [eax], al 7C925FD8 12CD adc cl, ch 7C925FDA 0000 add [eax], al 7C925FDC 23CD and ecx, ebp 7C925FDE 0000 add [eax], al 7C925FE0 42 inc edx ; msvcrt.77C31AE8 7C925FE1 CD 00 int 0 7C925FE3 0051 CD add [ecx-33], dl 7C925FE6 0000 add [eax], al 7C925FE8 5F pop edi ; ntdll.7C92E89A 7C925FE9 CD 00 int 0 7C925FEB 0070 CD add [eax-33], dh 7C925FEE 0000 add [eax], al 7C925FF0 80CD 00 or ch, 0 7C925FF3 0095 CD0000AA add [ebp+AA0000CD], dl 7C925FF9 CD 00 int 0 7C925FFB 00BD CD0000CF add [ebp+CF0000CD], bh 7C926001 CD 00 int 0 7C926003 00DB add bl, bl 7C926005 CD 00 int 0 7C926007 00E8 add al, ch 7C926009 CD 00 int 0 7C92600B 00FC add ah, bh 7C92600D CD 00 int 0 7C92600F 000B add [ebx], cl 7C926011 CE into 7C926012 0000 add [eax], al 7C926014 17 pop ss 7C926015 CE into 7C926016 0000 add [eax], al 7C926018 25 CE000032 and eax, 320000CE 7C92601D CE into 7C92601E 0000 add [eax], al 7C926020 48 dec eax 7C926021 CE into 7C926022 0000 add [eax], al 7C926024 5D pop ebp ; ntdll.7C92E89A 7C926025 CE into 7C926026 0000 add [eax], al 7C926028 6A CE push -32 7C92602A 0000 add [eax], al 7C92602C ^ 7E CE jle short 7C925FFC 7C92602E 0000 add [eax], al 7C926030 92 xchg eax, edx ; msvcrt.77C31AE8 7C926031 CE into 7C926032 0000 add [eax], al 7C926034 AB stos dword ptr es:[edi] 7C926035 CE into 7C926036 0000 add [eax], al 7C926038 C1CE 00 ror esi, 0 7C92603B 00D5 add ch, dl 7C92603D CE into 7C92603E 0000 add [eax], al 7C926040 E8 CE0000F4 call 70926113 7C926045 CE into 7C926046 0000 add [eax], al 7C926048 06 push es 7C926049 CF iretd 7C92604A 0000 add [eax], al 7C92604C 19CF sbb edi, ecx 7C92604E 0000 add [eax], al 7C926050 2E:CF iretd 7C926052 0000 add [eax], al 7C926054 3F aas 7C926055 CF iretd 7C926056 0000 add [eax], al 7C926058 46 inc esi ; ntdll.ZwTerminateProcess 7C926059 CF iretd 7C92605A 0000 add [eax], al 7C92605C 4D dec ebp 7C92605D CF iretd 7C92605E 0000 add [eax], al 7C926060 54 push esp 7C926061 CF iretd 7C926062 0000 add [eax], al 7C926064 5B pop ebx ; ntdll.7C92E89A 7C926065 CF iretd 7C926066 0000 add [eax], al 7C926068 63CF arpl di, cx 7C92606A 0000 add [eax], al 7C92606C 6D ins dword ptr es:[edi], dx 7C92606D CF iretd 7C92606E 0000 add [eax], al 7C926070 ^ 76 CF jbe short 7C926041 7C926072 0000 add [eax], al 7C926074 80CF 00 or bh, 0 7C926077 008A CF000092 add [edx+920000CF], cl 7C92607D CF iretd 7C92607E 0000 add [eax], al 7C926080 9B wait 7C926081 CF iretd 7C926082 0000 add [eax], al 7C926084 A3 CF0000B1 mov [B10000CF], eax 7C926089 CF iretd 7C92608A 0000 add [eax], al 7C92608C B9 CF0000C1 mov ecx, C10000CF 7C926091 CF iretd 7C926092 0000 add [eax], al 7C926094 C9 leave 7C926095 CF iretd 7C926096 0000 add [eax], al 7C926098 D1CF ror edi, 1 7C92609A 0000 add [eax], al 7C92609C DACF fcmove st, st(7) 7C92609E 0000 add [eax], al 7C9260A0 E4 CF in al, 0CF 7C9260A2 0000 add [eax], al 7C9260A4 ED in eax, dx 7C9260A5 CF iretd 7C9260A6 0000 add [eax], al 7C9260A8 F6 ??? ; 未知命令 7C9260A9 CF iretd 7C9260AA 0000 add [eax], al 7C9260AC FECF dec bh 7C9260AE 0000 add [eax], al 7C9260B0 07 pop es 7C9260B1 D000 rol byte ptr [eax], 1 7C9260B3 000D D0000015 add [150000D0], cl 7C9260B9 D000 rol byte ptr [eax], 1 7C9260BB 001D D0000023 add [230000D0], bl 7C9260C1 D000 rol byte ptr [eax], 1 7C9260C3 0029 add [ecx], ch 7C9260C5 D000 rol byte ptr [eax], 1 7C9260C7 0030 add [eax], dh 7C9260C9 D000 rol byte ptr [eax], 1 7C9260CB 0036 add [esi], dh 7C9260CD D000 rol byte ptr [eax], 1 7C9260CF 003CD0 add [eax+edx*8], bh 7C9260D2 0000 add [eax], al 7C9260D4 45 inc ebp 7C9260D5 D000 rol byte ptr [eax], 1 7C9260D7 004E D0 add [esi-30], cl 7C9260DA 0000 add [eax], al 7C9260DC 58 pop eax ; ntdll.7C92E89A 7C9260DD D000 rol byte ptr [eax], 1 7C9260DF 0063 D0 add [ebx-30], ah 7C9260E2 0000 add [eax], al 7C9260E4 6E outs dx, byte ptr es:[edi] 7C9260E5 D000 rol byte ptr [eax], 1 7C9260E7 0077 D0 add [edi-30], dh 7C9260EA 0000 add [eax], al 7C9260EC 80D0 00 adc al, 0 7C9260EF 0088 D0000092 add [eax+920000D0], cl 7C9260F5 D000 rol byte ptr [eax], 1 7C9260F7 009A D00000A3 add [edx+A30000D0], bl 7C9260FD D000 rol byte ptr [eax], 1 7C9260FF 00ACD0 0000B5D0 add [eax+edx*8+D0B50000], ch 7C926106 0000 add [eax], al 7C926108 BE D00000C5 mov esi, C50000D0 7C92610D D000 rol byte ptr [eax], 1 7C92610F 00CC add ah, cl 7C926111 D000 rol byte ptr [eax], 1 7C926113 00D7 add bh, dl 7C926115 D000 rol byte ptr [eax], 1 7C926117 00E3 add bl, ah 7C926119 D000 rol byte ptr [eax], 1 7C92611B 00EC add ah, ch 7C92611D D000 rol byte ptr [eax], 1 7C92611F 00F4 add ah, dh 7C926121 D000 rol byte ptr [eax], 1 7C926123 00FE add dh, bh 7C926125 D000 rol byte ptr [eax], 1 7C926127 0006 add [esi], al 7C926129 D100 rol dword ptr [eax], 1 7C92612B 000CD1 add [ecx+edx*8], cl 7C92612E 0000 add [eax], al 7C926130 14 D1 adc al, 0D1 7C926132 0000 add [eax], al 7C926134 1AD1 sbb dl, cl 7C926136 0000 add [eax], al 7C926138 1E push ds 7C926139 D100 rol dword ptr [eax], 1 7C92613B 0023 add [ebx], ah 7C92613D D100 rol dword ptr [eax], 1 7C92613F 0028 add [eax], ch 7C926141 D100 rol dword ptr [eax], 1 7C926143 002D D1000035 add [350000D1], ch 7C926149 D100 rol dword ptr [eax], 1 7C92614B 003A add [edx], bh 7C92614D D100 rol dword ptr [eax], 1 7C92614F 003E add [esi], bh 7C926151 D100 rol dword ptr [eax], 1 7C926153 0043 D1 add [ebx-2F], al 7C926156 0000 add [eax], al 7C926158 49 dec ecx 7C926159 D100 rol dword ptr [eax], 1 7C92615B 0051 D1 add [ecx-2F], dl 7C92615E 0000 add [eax], al 7C926160 59 pop ecx ; ntdll.7C92E89A 7C926161 D100 rol dword ptr [eax], 1 7C926163 0061 D1 add [ecx-2F], ah 7C926166 0000 add [eax], al 7C926168 69D1 000071D1 imul edx, ecx, D1710000 7C92616E 0000 add [eax], al 7C926170 ^ 79 D1 jns short 7C926143 7C926172 0000 add [eax], al 7C926174 81D1 000089D1 adc ecx, D1890000 7C92617A 0000 add [eax], al 7C92617C 91 xchg eax, ecx 7C92617D D100 rol dword ptr [eax], 1 7C92617F 0099 D10000A2 add [ecx+A20000D1], bl 7C926185 D100 rol dword ptr [eax], 1 7C926187 00AB D10000B4 add [ebx+B40000D1], ch 7C92618D D100 rol dword ptr [eax], 1 7C92618F 00BD D10000C6 add [ebp+C60000D1], bh 7C926195 D100 rol dword ptr [eax], 1 7C926197 00D0 add al, dl 7C926199 D100 rol dword ptr [eax], 1 7C92619B 00D9 add cl, bl 7C92619D D100 rol dword ptr [eax], 1 7C92619F 00DE add dh, bl 7C9261A1 D100 rol dword ptr [eax], 1 7C9261A3 00E2 add dl, ah 7C9261A5 D100 rol dword ptr [eax], 1 7C9261A7 00EB add bl, ch 7C9261A9 D100 rol dword ptr [eax], 1 7C9261AB 00F2 add dl, dh 7C9261AD D100 rol dword ptr [eax], 1 7C9261AF 00F9 add cl, bh 7C9261B1 D100 rol dword ptr [eax], 1 7C9261B3 0000 add [eax], al 7C9261B5 D200 rol byte ptr [eax], cl 7C9261B7 0008 add [eax], cl 7C9261B9 D200 rol byte ptr [eax], cl 7C9261BB 000F add [edi], cl 7C9261BD D200 rol byte ptr [eax], cl 7C9261BF 0013 add [ebx], dl 7C9261C1 D200 rol byte ptr [eax], cl 7C9261C3 0019 add [ecx], bl 7C9261C5 D200 rol byte ptr [eax], cl 7C9261C7 001D D2000025 add [250000D2], bl 7C9261CD D200 rol byte ptr [eax], cl 7C9261CF 002A add [edx], ch 7C9261D1 D200 rol byte ptr [eax], cl 7C9261D3 0031 add [ecx], dh 7C9261D5 D200 rol byte ptr [eax], cl 7C9261D7 0038 add [eax], bh 7C9261D9 D200 rol byte ptr [eax], cl 7C9261DB 003F add [edi], bh 7C9261DD D200 rol byte ptr [eax], cl 7C9261DF 0046 D2 add [esi-2E], al 7C9261E2 0000 add [eax], al 7C9261E4 4D dec ebp 7C9261E5 D200 rol byte ptr [eax], cl 7C9261E7 0055 D2 add [ebp-2E], dl 7C9261EA 0000 add [eax], al 7C9261EC 5C pop esp ; ntdll.7C92E89A 7C9261ED D200 rol byte ptr [eax], cl 7C9261EF 0064D2 00 add [edx+edx*8], ah 7C9261F3 006CD2 00 add [edx+edx*8], ch 7C9261F7 0074D2 00 add [edx+edx*8], dh 7C9261FB 007CD2 00 add [edx+edx*8], bh 7C9261FF 0084D2 00008BD2 add [edx+edx*8+D28B0000], al 7C926206 0000 add [eax], al 7C926208 92 xchg eax, edx ; msvcrt.77C31AE8 7C926209 D200 rol byte ptr [eax], cl 7C92620B 0099 D20000A1 add [ecx+A10000D2], bl 7C926211 D200 rol byte ptr [eax], cl 7C926213 00AA D20000AE add [edx+AE0000D2], ch 7C926219 D200 rol byte ptr [eax], cl 7C92621B 00B6 D20000BE add [esi+BE0000D2], dh 7C926221 D200 rol byte ptr [eax], cl 7C926223 00C7 add bh, al 7C926225 D200 rol byte ptr [eax], cl 7C926227 00D0 add al, dl 7C926229 D200 rol byte ptr [eax], cl 7C92622B 00DC add ah, bl 7C92622D D200 rol byte ptr [eax], cl 7C92622F 00F2 add dl, dh 7C926231 D200 rol byte ptr [eax], cl 7C926233 00FB add bl, bh 7C926235 D200 rol byte ptr [eax], cl 7C926237 0002 add [edx], al 7C926239 D300 rol dword ptr [eax], cl 7C92623B 0009 add [ecx], cl 7C92623D D300 rol dword ptr [eax], cl 7C92623F 0010 add [eax], dl 7C926241 D300 rol dword ptr [eax], cl 7C926243 0017 add [edi], dl 7C926245 D300 rol dword ptr [eax], cl 7C926247 001F add [edi], bl 7C926249 D300 rol dword ptr [eax], cl 7C92624B 0026 add [esi], ah 7C92624D D300 rol dword ptr [eax], cl 7C92624F 002E add [esi], ch 7C926251 D300 rol dword ptr [eax], cl 7C926253 0036 add [esi], dh 7C926255 D300 rol dword ptr [eax], cl 7C926257 003E add [esi], bh 7C926259 D300 rol dword ptr [eax], cl 7C92625B 0046 D3 add [esi-2D], al 7C92625E 0000 add [eax], al 7C926260 4E dec esi ; ntdll.ZwTerminateProcess 7C926261 D300 rol dword ptr [eax], cl 7C926263 0055 D3 add [ebp-2D], dl 7C926266 0000 add [eax], al 7C926268 5C pop esp ; ntdll.7C92E89A 7C926269 D300 rol dword ptr [eax], cl 7C92626B 0063 D3 add [ebx-2D], ah 7C92626E 0000 add [eax], al 7C926270 6C ins byte ptr es:[edi], dx 7C926271 D300 rol dword ptr [eax], cl 7C926273 0007 add [edi], al 7C926275 0008 add [eax], cl 7C926277 0009 add [ecx], cl 7C926279 000A add [edx], cl 7C92627B 000B add [ebx], cl 7C92627D 000C00 add [eax+eax], cl 7C926280 0D 000E000F or eax, 0F000E00 7C926285 0010 add [eax], dl 7C926287 0011 add [ecx], dl 7C926289 0012 add [edx], dl 7C92628B 0013 add [ebx], dl 7C92628D 001400 add [eax+eax], dl 7C926290 15 00160017 adc eax, 17001600 7C926295 0018 add [eax], bl 7C926297 0019 add [ecx], bl 7C926299 001A add [edx], bl 7C92629B 001B add [ebx], bl 7C92629D 001C00 add [eax+eax], bl 7C9262A0 1D 001E001F sbb eax, 1F001E00 7C9262A5 0020 add [eax], ah 7C9262A7 0021 add [ecx], ah 7C9262A9 0022 add [edx], ah 7C9262AB 0023 add [ebx], ah 7C9262AD 002400 add [eax+eax], ah 7C9262B0 25 00260027 and eax, 27002600 7C9262B5 0028 add [eax], ch 7C9262B7 0029 add [ecx], ch 7C9262B9 002A add [edx], ch 7C9262BB 002B add [ebx], ch 7C9262BD 002C00 add [eax+eax], ch 7C9262C0 2D 002E002F sub eax, 2F002E00 7C9262C5 0030 add [eax], dh 7C9262C7 0031 add [ecx], dh 7C9262C9 0032 add [edx], dh 7C9262CB 0033 add [ebx], dh 7C9262CD 003400 add [eax+eax], dh 7C9262D0 35 00360037 xor eax, 37003600 7C9262D5 0038 add [eax], bh 7C9262D7 0039 add [ecx], bh 7C9262D9 003A add [edx], bh 7C9262DB 003B add [ebx], bh 7C9262DD 003C00 add [eax+eax], bh 7C9262E0 3D 003E003F cmp eax, 3F003E00 7C9262E5 0040 00 add [eax], al 7C9262E8 41 inc ecx 7C9262E9 0042 00 add [edx], al 7C9262EC 43 inc ebx 7C9262ED 004400 45 add [eax+eax+45], al 7C9262F1 0046 00 add [esi], al 7C9262F4 47 inc edi 7C9262F5 0048 00 add [eax], cl 7C9262F8 49 dec ecx 7C9262F9 004A 00 add [edx], cl 7C9262FC 4B dec ebx 7C9262FD 004C00 4D add [eax+eax+4D], cl 7C926301 004E 00 add [esi], cl 7C926304 4F dec edi 7C926305 0050 00 add [eax], dl 7C926308 51 push ecx 7C926309 0052 00 add [edx], dl 7C92630C 53 push ebx 7C92630D 005400 55 add [eax+eax+55], dl 7C926311 0056 00 add [esi], dl 7C926314 57 push edi 7C926315 0058 00 add [eax], bl 7C926318 59 pop ecx ; ntdll.7C92E89A 7C926319 005A 00 add [edx], bl 7C92631C 5B pop ebx ; ntdll.7C92E89A 7C92631D 005C00 5D add [eax+eax+5D], bl 7C926321 005E 00 add [esi], bl 7C926324 5F pop edi ; ntdll.7C92E89A 7C926325 0060 00 add [eax], ah 7C926328 61 popad 7C926329 0062 00 add [edx], ah 7C92632C 6300 arpl [eax], ax 7C92632E 64:0065 00 add fs:[ebp], ah 7C926332 66:0067 00 add [edi], ah 7C926336 68 0069006A push 6A006900 7C92633B 006B 00 add [ebx], ch 7C92633E 6C ins byte ptr es:[edi], dx 7C92633F 006D 00 add [ebp], ch 7C926342 6E outs dx, byte ptr es:[edi] 7C926343 006F 00 add [edi], ch 7C926346 70 00 jo short 7C926348 7C926348 71 00 jno short 7C92634A 7C92634A 72 00 jb short 7C92634C 7C92634C 73 00 jnb short 7C92634E 7C92634E 74 00 je short 7C926350 7C926350 75 00 jnz short 7C926352 7C926352 76 00 jbe short 7C926354 7C926354 77 00 ja short 7C926356 7C926356 78 00 js short 7C926358 7C926358 79 00 jns short 7C92635A 7C92635A 7A 00 jpe short 7C92635C 7C92635C 7B 00 jpo short 7C92635E 7C92635E 7C 00 jl short 7C926360 7C926360 7D 00 jge short 7C926362 7C926362 7E 00 jle short 7C926364 7C926364 7F 00 jg short 7C926366 7C926366 8000 81 add byte ptr [eax], 81 7C926369 0082 00830084 add [edx+84008300], al 7C92636F 0085 00860087 add [ebp+87008600], al 7C926375 0088 0089008A add [eax+8A008900], cl 7C92637B 008B 008C008D add [ebx+8D008C00], cl 7C926381 008E 008F0090 add [esi+90008F00], cl 7C926387 0091 00920093 add [ecx+93009200], dl 7C92638D 009400 95009600 add [eax+eax+960095], dl 7C926394 97 xchg eax, edi 7C926395 0098 0099009A add [eax+9A009900], bl 7C92639B 009B 009C009D add [ebx+9D009C00], bl 7C9263A1 009E 009F00A0 add [esi+A0009F00], bl 7C9263A7 00A1 00A200A3 add [ecx+A300A200], ah 7C9263AD 00A400 A500A600 add [eax+eax+A600A5], ah 7C9263B4 A7 cmps dword ptr [esi], dword ptr es:[e> 7C9263B5 00A8 00A900AA add [eax+AA00A900], ch 7C9263BB 00AB 00AC00AD add [ebx+AD00AC00], ch 7C9263C1 00AE 00AF00B0 add [esi+B000AF00], ch 7C9263C7 00B1 00B200B3 add [ecx+B300B200], dh 7C9263CD 00B400 B500B600 add [eax+eax+B600B5], dh 7C9263D4 B7 00 mov bh, 0 7C9263D6 B8 00BA00B9 mov eax, B900BA00 7C9263DB 00BB 00BC00BD add [ebx+BD00BC00], bh 7C9263E1 00BE 00BF00C0 add [esi+C000BF00], bh 7C9263E7 00C1 add cl, al 7C9263E9 00C2 add dl, al 7C9263EB 00C3 add bl, al 7C9263ED 00C4 add ah, al 7C9263EF 00C5 add ch, al 7C9263F1 00C6 add dh, al 7C9263F3 00C7 add bh, al 7C9263F5 00C8 add al, cl 7C9263F7 00C9 add cl, cl 7C9263F9 00CA add dl, cl 7C9263FB 00CB add bl, cl 7C9263FD 00CC add ah, cl 7C9263FF 00CD add ch, cl 7C926401 00CE add dh, cl 7C926403 00CF add bh, cl 7C926405 00D0 add al, dl 7C926407 00D1 add cl, dl 7C926409 00D2 add dl, dl 7C92640B 00D3 add bl, dl 7C92640D 00D4 add ah, dl 7C92640F 00D5 add ch, dl 7C926411 00D6 add dh, dl 7C926413 00D7 add bh, dl 7C926415 00D8 add al, bl 7C926417 00D9 add cl, bl 7C926419 00DA add dl, bl 7C92641B 00DB add bl, bl 7C92641D 00DC add ah, bl 7C92641F 00DD add ch, bl 7C926421 00DE add dh, bl 7C926423 00DF add bh, bl 7C926425 00E0 add al, ah 7C926427 00E1 add cl, ah 7C926429 00E2 add dl, ah 7C92642B 00E3 add bl, ah 7C92642D 00E4 add ah, ah 7C92642F 00E5 add ch, ah 7C926431 00E6 add dh, ah 7C926433 00E7 add bh, ah 7C926435 00E8 add al, ch 7C926437 00E9 add cl, ch 7C926439 00EA add dl, ch 7C92643B 00EB add bl, ch 7C92643D 00EC add ah, ch 7C92643F 00ED add ch, ch 7C926441 00EE add dh, ch 7C926443 00EF add bh, ch 7C926445 00F0 add al, dh 7C926447 00F1 add cl, dh 7C926449 00F2 add dl, dh 7C92644B 00F3 add bl, dh 7C92644D 00F4 add ah, dh 7C92644F 00F5 add ch, dh 7C926451 00F6 add dh, dh 7C926453 00F7 add bh, dh 7C926455 00F8 add al, bh 7C926457 00F9 add cl, bh 7C926459 00FA add dl, bh 7C92645B 00FB add bl, bh 7C92645D 00FC add ah, bh 7C92645F 00FD add ch, bh 7C926461 00FE add dh, bh 7C926463 00FF add bh, bh 7C926465 0000 add [eax], al 7C926467 0101 add [ecx], eax 7C926469 0102 add [edx], eax 7C92646B 0103 add [ebx], eax 7C92646D 010401 add [ecx+eax], eax 7C926470 05 01060107 add eax, 7010601 7C926475 0108 add [eax], ecx 7C926477 0109 add [ecx], ecx 7C926479 010A add [edx], ecx 7C92647B 010B add [ebx], ecx 7C92647D 010C01 add [ecx+eax], ecx 7C926480 0D 010E010F or eax, 0F010E01 7C926485 0110 add [eax], edx ; msvcrt.77C31AE8 7C926487 0111 add [ecx], edx ; msvcrt.77C31AE8 7C926489 0112 add [edx], edx ; msvcrt.77C31AE8 7C92648B 0113 add [ebx], edx ; msvcrt.77C31AE8 7C92648D 011401 add [ecx+eax], edx ; msvcrt.77C31AE8 7C926490 15 01160117 adc eax, 17011601 7C926495 0118 add [eax], ebx 7C926497 0119 add [ecx], ebx 7C926499 011A add [edx], ebx 7C92649B 011B add [ebx], ebx 7C92649D 011C01 add [ecx+eax], ebx 7C9264A0 1D 011E011F sbb eax, 1F011E01 7C9264A5 0120 add [eax], esp 7C9264A7 0121 add [ecx], esp 7C9264A9 0122 add [edx], esp 7C9264AB 0123 add [ebx], esp 7C9264AD 012401 add [ecx+eax], esp 7C9264B0 25 01260127 and eax, 27012601 7C9264B5 0128 add [eax], ebp 7C9264B7 0129 add [ecx], ebp 7C9264B9 012A add [edx], ebp 7C9264BB 012B add [ebx], ebp 7C9264BD 012C01 add [ecx+eax], ebp 7C9264C0 2D 012E012F sub eax, 2F012E01 7C9264C5 0130 add [eax], esi ; ntdll.ZwTerminateProcess 7C9264C7 0131 add [ecx], esi ; ntdll.ZwTerminateProcess 7C9264C9 0132 add [edx], esi ; ntdll.ZwTerminateProcess 7C9264CB 0133 add [ebx], esi ; ntdll.ZwTerminateProcess 7C9264CD 013401 add [ecx+eax], esi ; ntdll.ZwTerminateProcess 7C9264D0 35 01360137 xor eax, 37013601 7C9264D5 0138 add [eax], edi 7C9264D7 0139 add [ecx], edi 7C9264D9 013A add [edx], edi 7C9264DB 013B add [ebx], edi 7C9264DD 013C01 add [ecx+eax], edi 7C9264E0 3D 013E013F cmp eax, 3F013E01 7C9264E5 0140 01 add [eax+1], eax 7C9264E8 41 inc ecx 7C9264E9 0142 01 add [edx+1], eax 7C9264EC 43 inc ebx 7C9264ED 014401 45 add [ecx+eax+45], eax 7C9264F1 0146 01 add [esi+1], eax 7C9264F4 47 inc edi 7C9264F5 0148 01 add [eax+1], ecx 7C9264F8 49 dec ecx 7C9264F9 014A 01 add [edx+1], ecx 7C9264FC 4B dec ebx 7C9264FD 014C01 4D add [ecx+eax+4D], ecx 7C926501 014E 01 add [esi+1], ecx 7C926504 4F dec edi 7C926505 0150 01 add [eax+1], edx ; msvcrt.77C31AE8 7C926508 51 push ecx 7C926509 0152 01 add [edx+1], edx ; msvcrt.77C31AE8 7C92650C 53 push ebx 7C92650D 015401 55 add [ecx+eax+55], edx ; msvcrt.77C31AE8 7C926511 0156 01 add [esi+1], edx ; msvcrt.77C31AE8 7C926514 57 push edi 7C926515 0158 01 add [eax+1], ebx 7C926518 59 pop ecx ; ntdll.7C92E89A 7C926519 015A 01 add [edx+1], ebx 7C92651C 5B pop ebx ; ntdll.7C92E89A 7C92651D 015C01 5D add [ecx+eax+5D], ebx 7C926521 015E 01 add [esi+1], ebx 7C926524 5F pop edi ; ntdll.7C92E89A 7C926525 0160 01 add [eax+1], esp 7C926528 61 popad 7C926529 0162 01 add [edx+1], esp 7C92652C 6301 arpl [ecx], ax 7C92652E 64:0165 01 add fs:[ebp+1], esp 7C926532 66:0167 01 add [edi+1], sp 7C926536 68 0169016A push 6A016901 7C92653B 016B 01 add [ebx+1], ebp 7C92653E 6C ins byte ptr es:[edi], dx 7C92653F 016D 01 add [ebp+1], ebp 7C926542 6E outs dx, byte ptr es:[edi] 7C926543 016F 01 add [edi+1], ebp 7C926546 70 01 jo short 7C926549 7C926548 71 01 jno short 7C92654B 7C92654A 72 01 jb short 7C92654D 7C92654C 73 01 jnb short 7C92654F 7C92654E 74 01 je short 7C926551 7C926550 75 01 jnz short 7C926553 7C926552 0000 add [eax], al 7C926554 76 01 jbe short 7C926557 7C926556 77 01 ja short 7C926559 7C926558 78 01 js short 7C92655B 7C92655A 79 01 jns short 7C92655D 7C92655C 7A 01 jpe short 7C92655F 7C92655E 7B 01 jpo short 7C926561 7C926560 7C 01 jl short 7C926563 7C926562 7D 01 jge short 7C926565 7C926564 7E 01 jle short 7C926567 7C926566 7F 01 jg short 7C926569 7C926568 8001 81 add byte ptr [ecx], 81 7C92656B 0182 01830184 add [edx+84018301], eax 7C926571 0185 01860187 add [ebp+87018601], eax 7C926577 0188 0189018A add [eax+8A018901], ecx 7C92657D 018B 018C018D add [ebx+8D018C01], ecx 7C926583 018E 018F0190 add [esi+90018F01], ecx 7C926589 0191 01920193 add [ecx+93019201], edx ; msvcrt.77C31AE8 7C92658F 019401 95019601 add [ecx+eax+1960195], edx ; msvcrt.77C31AE8 7C926596 97 xchg eax, edi 7C926597 0198 0199019A add [eax+9A019901], ebx 7C92659D 019B 019C019D add [ebx+9D019C01], ebx 7C9265A3 019E 019F01A0 add [esi+A0019F01], ebx 7C9265A9 01A1 01A201A3 add [ecx+A301A201], esp 7C9265AF 01A5 01A401A6 add [ebp+A601A401], esp 7C9265B5 01A7 01A801A9 add [edi+A901A801], esp 7C9265BB 01AA 01AB01AC add [edx+AC01AB01], ebp 7C9265C1 01AD 01AE01AF add [ebp+AF01AE01], ebp 7C9265C7 01B0 01B101B2 add [eax+B201B101], esi ; ntdll.ZwTerminateProcess 7C9265CD 01B3 01B401B5 add [ebx+B501B401], esi ; ntdll.ZwTerminateProcess 7C9265D3 01B6 01B701B8 add [esi+B801B701], esi ; ntdll.ZwTerminateProcess 7C9265D9 01B9 01BA01BB add [ecx+BB01BA01], edi 7C9265DF 01BC01 BD010100 add [ecx+eax+101BD], edi 7C9265E6 BE 01BF01C0 mov esi, C001BF01 7C9265EB 01C1 add ecx, eax 7C9265ED 01C2 add edx, eax 7C9265EF 0102 add [edx], eax 7C9265F1 00C3 add bl, al 7C9265F3 01C4 add esp, eax 7C9265F5 01C5 add ebp, eax 7C9265F7 01C6 add esi, eax 7C9265F9 01C7 add edi, eax 7C9265FB 01C8 add eax, ecx 7C9265FD 01C9 add ecx, ecx 7C9265FF 01CA add edx, ecx 7C926601 01CB add ebx, ecx 7C926603 01CC add esp, ecx 7C926605 01CD add ebp, ecx 7C926607 01CE add esi, ecx 7C926609 01CF add edi, ecx 7C92660B 01D0 add eax, edx ; msvcrt.77C31AE8 7C92660D 01D1 add ecx, edx ; msvcrt.77C31AE8 7C92660F 01D2 add edx, edx ; msvcrt.77C31AE8 7C926611 01D3 add ebx, edx ; msvcrt.77C31AE8 7C926613 01D4 add esp, edx ; msvcrt.77C31AE8 7C926615 01D5 add ebp, edx ; msvcrt.77C31AE8 7C926617 01D6 add esi, edx ; msvcrt.77C31AE8 7C926619 01D7 add edi, edx ; msvcrt.77C31AE8 7C92661B 01D8 add eax, ebx 7C92661D 01D9 add ecx, ebx 7C92661F 01DA add edx, ebx 7C926621 01DB add ebx, ebx 7C926623 01DC add esp, ebx 7C926625 01DD add ebp, ebx 7C926627 01DE add esi, ebx 7C926629 01DF add edi, ebx 7C92662B 01E0 add eax, esp 7C92662D 01E1 add ecx, esp 7C92662F 01E2 add edx, esp 7C926631 01E3 add ebx, esp 7C926633 01E4 add esp, esp 7C926635 01E5 add ebp, esp 7C926637 01E6 add esi, esp 7C926639 01E7 add edi, esp 7C92663B 01E8 add eax, ebp 7C92663D 01E9 add ecx, ebp 7C92663F 01EA add edx, ebp 7C926641 01EB add ebx, ebp 7C926643 01EC add esp, ebp 7C926645 01ED add ebp, ebp 7C926647 01EE add esi, ebp 7C926649 01EF add edi, ebp 7C92664B 01F0 add eax, esi ; ntdll.ZwTerminateProcess 7C92664D 01F1 add ecx, esi ; ntdll.ZwTerminateProcess 7C92664F 01F2 add edx, esi ; ntdll.ZwTerminateProcess 7C926651 01F3 add ebx, esi ; ntdll.ZwTerminateProcess 7C926653 01F4 add esp, esi ; ntdll.ZwTerminateProcess 7C926655 01F5 add ebp, esi ; ntdll.ZwTerminateProcess 7C926657 01F6 add esi, esi ; ntdll.ZwTerminateProcess 7C926659 01F7 add edi, esi ; ntdll.ZwTerminateProcess 7C92665B 01F8 add eax, edi 7C92665D 01F9 add ecx, edi 7C92665F 01FA add edx, edi 7C926661 01FB add ebx, edi 7C926663 01FC add esp, edi 7C926665 01FD add ebp, edi 7C926667 01FE add esi, edi 7C926669 01FF add edi, edi 7C92666B 0100 add [eax], eax 7C92666D 0201 add al, [ecx] 7C92666F 0202 add al, [edx] 7C926671 0203 add al, [ebx] 7C926673 020402 add al, [edx+eax] 7C926676 05 02060207 add eax, 7020602 7C92667B 0208 add cl, [eax] 7C92667D 0209 add cl, [ecx] 7C92667F 020A add cl, [edx] 7C926681 020B add cl, [ebx] 7C926683 020C02 add cl, [edx+eax] 7C926686 0D 020E020F or eax, 0F020E02 7C92668B 0210 add dl, [eax] 7C92668D 0211 add dl, [ecx] 7C92668F 0212 add dl, [edx] 7C926691 0213 add dl, [ebx] 7C926693 021402 add dl, [edx+eax] 7C926696 15 02160217 adc eax, 17021602 7C92669B 0218 add bl, [eax] 7C92669D 0219 add bl, [ecx] 7C92669F 021A add bl, [edx] 7C9266A1 021B add bl, [ebx] 7C9266A3 021C02 add bl, [edx+eax] 7C9266A6 1D 021E021F sbb eax, 1F021E02 7C9266AB 0220 add ah, [eax] 7C9266AD 0221 add ah, [ecx] 7C9266AF 0222 add ah, [edx] 7C9266B1 0223 add ah, [ebx] 7C9266B3 022402 add ah, [edx+eax] 7C9266B6 25 02260227 and eax, 27022602 7C9266BB 0228 add ch, [eax] 7C9266BD 0229 add ch, [ecx] 7C9266BF 022A add ch, [edx] 7C9266C1 022B add ch, [ebx] 7C9266C3 022C02 add ch, [edx+eax] 7C9266C6 2D 022E022F sub eax, 2F022E02 7C9266CB 0230 add dh, [eax] 7C9266CD 0231 add dh, [ecx] 7C9266CF 0232 add dh, [edx] 7C9266D1 0233 add dh, [ebx] 7C9266D3 023402 add dh, [edx+eax] 7C9266D6 35 02360237 xor eax, 37023602 7C9266DB 0238 add bh, [eax] 7C9266DD 0239 add bh, [ecx] 7C9266DF 023A add bh, [edx] 7C9266E1 023B add bh, [ebx] 7C9266E3 023C02 add bh, [edx+eax] 7C9266E6 3D 023E023F cmp eax, 3F023E02 7C9266EB 0240 02 add al, [eax+2] 7C9266EE 41 inc ecx 7C9266EF 0242 02 add al, [edx+2] 7C9266F2 43 inc ebx 7C9266F3 024402 45 add al, [edx+eax+45] 7C9266F7 0246 02 add al, [esi+2] 7C9266FA 47 inc edi 7C9266FB 0248 02 add cl, [eax+2] 7C9266FE 49 dec ecx 7C9266FF 024A 02 add cl, [edx+2] 7C926702 4B dec ebx 7C926703 024C02 4D add cl, [edx+eax+4D] 7C926707 024E 02 add cl, [esi+2] 7C92670A 4F dec edi 7C92670B 0250 02 add dl, [eax+2] 7C92670E 51 push ecx 7C92670F 0252 02 add dl, [edx+2] 7C926712 53 push ebx 7C926713 025402 55 add dl, [edx+eax+55] 7C926717 0256 02 add dl, [esi+2] 7C92671A 57 push edi 7C92671B 0258 02 add bl, [eax+2] 7C92671E 59 pop ecx ; ntdll.7C92E89A 7C92671F 025A 02 add bl, [edx+2] 7C926722 5B pop ebx ; ntdll.7C92E89A 7C926723 025C02 5D add bl, [edx+eax+5D] 7C926727 025E 02 add bl, [esi+2] 7C92672A 5F pop edi ; ntdll.7C92E89A |
|
[讨论]程序分析!
7C924CCD FC cld 7C924CCE 06 push es 7C924CCF 0020 add [eax], ah 7C924CD1 FB sti 7C924CD2 06 push es 7C924CD3 0004FD 06008C72 add [edi*8+728C0006], al 7C924CDA 0300 add eax, [eax] 7C924CDC CC int3 7C924CDD FC cld 7C924CDE 06 push es 7C924CDF 008B FB060094 add [ebx+940006FB], cl 7C924CE5 FC cld 7C924CE6 06 push es 7C924CE7 0029 add [ecx], ch 7C924CE9 FC cld 7C924CEA 06 push es 7C924CEB 00F6 add dh, dh 7C924CED FB sti 7C924CEE 06 push es 7C924CEF 0058 FB add [eax-5], bl 7C924CF2 06 push es 7C924CF3 0086 050700E1 add [esi+E1000705], al 7C924CF9 66:0200 add al, [eax] 7C924CFC 8567 02 test [edi+2], esp 7C924CFF 00A1 050700D4 add [ecx+D4000705], ah 7C924D05 05 0700B905 add eax, 5B90007 7C924D0A 07 pop es 7C924D0B 00BE FB0600EC add [esi+EC0006FB], bh 7C924D11 05 0700CA13 add eax, 13CA0007 7C924D16 0000 add [eax], al 7C924D18 AA stos byte ptr es:[edi] 7C924D19 4C dec esp 7C924D1A 0200 add al, [eax] 7C924D1C A5 movs dword ptr es:[edi], dword ptr [e> 7C924D1D 2000 and [eax], al 7C924D1F 004F 21 add [edi+21], cl 7C924D22 0000 add [eax], al 7C924D24 0022 add [edx], ah 7C924D26 0000 add [eax], al 7C924D28 3A25 00007A28 cmp ah, [287A0000] 7C924D2E 0000 add [eax], al 7C924D30 AD lods dword ptr [esi] 7C924D31 14 00 adc al, 0 7C924D33 00E9 add cl, ch 7C924D35 0302 add eax, [edx] ; ntdll.7C99C8E0 7C924D37 00DF add bh, bl 7C924D39 16 push ss 7C924D3A 0000 add [eax], al 7C924D3C 2E:91 xchg eax, ecx 7C924D3E 0200 add al, [eax] 7C924D40 92 xchg eax, edx ; msvcrt.77C31AE8 7C924D41 17 pop ss 7C924D42 0000 add [eax], al 7C924D44 0106 add [esi], eax 7C924D46 07 pop es 7C924D47 00EC add ah, ch 7C924D49 2800 sub [eax], al 7C924D4B 0001 add [ecx], al 7C924D4D ED in eax, dx 7C924D4E 0000 add [eax], al 7C924D50 D129 shr dword ptr [ecx], 1 7C924D52 0000 add [eax], al 7C924D54 D7 xlat byte ptr [ebx+al] 7C924D55 2800 sub [eax], al 7C924D57 005B 2A add [ebx+2A], bl 7C924D5A 0000 add [eax], al 7C924D5C 9D popfd 7C924D5D 2A00 sub al, [eax] 7C924D5F 001B add [ebx], bl 7C924D61 2B00 sub eax, [eax] 7C924D63 0043 2C add [ebx+2C], al 7C924D66 0000 add [eax], al 7C924D68 802C00 00 sub byte ptr [eax+eax], 0 7C924D6C 832D 0000C12D 0>sub dword ptr [2DC10000], 0 7C924D73 00ED add ch, ch 7C924D75 2D 00006FEC sub eax, EC6F0000 7C924D7A 0000 add [eax], al 7C924D7C F607 07 test byte ptr [edi], 7 7C924D7F 0015 08070003 add [3000708], dl 7C924D85 A7 cmps dword ptr [esi], dword ptr es:[e> 7C924D86 0100 add [eax], eax 7C924D88 3E: prefix ds: 7C924D89 2E:0000 add cs:[eax], al 7C924D8C 2803 sub [ebx], al 7C924D8E 07 pop es 7C924D8F 00B1 4002006C add [ecx+6C000240], dh 7C924D95 97 xchg eax, edi 7C924D96 0100 add [eax], eax 7C924D98 34 08 xor al, 8 7C924D9A 07 pop es 7C924D9B 00BC02 0200ABEA add [edx+eax+EAAB0002], bh 7C924DA2 0100 add [eax], eax 7C924DA4 48 dec eax 7C924DA5 0807 or [edi], al 7C924DA7 0059 A3 add [ecx-5D], bl 7C924DAA 0100 add [eax], eax 7C924DAC 8A47 01 mov al, [edi+1] 7C924DAF 0067 8F add [edi-71], ah 7C924DB2 0300 add eax, [eax] 7C924DB4 73 34 jnb short 7C924DEA 7C924DB6 0100 add [eax], eax 7C924DB8 ^ 7E AE jle short 7C924D68 7C924DBA 0200 add al, [eax] 7C924DBC 5A pop edx ; ntdll.7C92E89A 7C924DBD 0301 add eax, [ecx] 7C924DBF 0074B0 01 add [eax+esi*4+1], dh 7C924DC3 00B0 7302008F add [eax+8F000273], dh 7C924DC9 0A01 or al, [ecx] 7C924DCB 00A6 08070099 add [esi+99000708], ah 7C924DD1 44 inc esp 7C924DD2 0100 add [eax], eax 7C924DD4 EF out dx, eax 7C924DD5 0807 or [edi], al 7C924DD7 004A 12 add [edx+12], cl 7C924DDA 0200 add al, [eax] 7C924DDC D38E 03003D09 ror dword ptr [esi+93D0003], cl 7C924DE2 07 pop es 7C924DE3 0050 59 add [eax+59], dl 7C924DE6 0300 add eax, [eax] 7C924DE8 C46C00 00 les ebp, [eax+eax] 7C924DEC DD ??? ; 未知命令 7C924DED 6C ins byte ptr es:[edi], dx 7C924DEE 0000 add [eax], al 7C924DF0 F76C00 00 imul dword ptr [eax+eax] 7C924DF4 0F6D ??? ; 未知命令 7C924DF6 0000 add [eax], al 7C924DF8 3B6D 00 cmp ebp, [ebp] 7C924DFB 0053 6D add [ebx+6D], dl 7C924DFE 0000 add [eax], al 7C924E00 65:6D ins dword ptr es:[edi], dx 7C924E02 0000 add [eax], al 7C924E04 79 6D jns short 7C924E73 7C924E06 0000 add [eax], al 7C924E08 92 xchg eax, edx ; msvcrt.77C31AE8 7C924E09 6D ins dword ptr es:[edi], dx 7C924E0A 0000 add [eax], al 7C924E0C A7 cmps dword ptr [esi], dword ptr es:[e> 7C924E0D 6D ins dword ptr es:[edi], dx 7C924E0E 0000 add [eax], al 7C924E10 B7 6D mov bh, 6D 7C924E12 0000 add [eax], al 7C924E14 D26D 00 shr byte ptr [ebp], cl 7C924E17 00DF add bh, bl 7C924E19 6D ins dword ptr es:[edi], dx 7C924E1A 0000 add [eax], al 7C924E1C EF out dx, eax 7C924E1D 6D ins dword ptr es:[edi], dx 7C924E1E 0000 add [eax], al 7C924E20 006E 00 add [esi], ch 7C924E23 00146E add [esi+ebp*2], dl 7C924E26 0000 add [eax], al 7C924E28 226E 00 and ch, [esi] 7C924E2B 002B add [ebx], ch 7C924E2D 6E outs dx, byte ptr es:[edi] 7C924E2E 0000 add [eax], al 7C924E30 36:6E outs dx, byte ptr es:[edi] 7C924E32 0000 add [eax], al 7C924E34 4D dec ebp 7C924E35 6E outs dx, byte ptr es:[edi] 7C924E36 0000 add [eax], al 7C924E38 57 push edi 7C924E39 6E outs dx, byte ptr es:[edi] 7C924E3A 0000 add [eax], al 7C924E3C 70 6E jo short 7C924EAC 7C924E3E 0000 add [eax], al 7C924E40 876E 00 xchg [esi], ebp 7C924E43 0099 6E0000A7 add [ecx+A700006E], bl 7C924E49 6E outs dx, byte ptr es:[edi] 7C924E4A 0000 add [eax], al 7C924E4C C8 6E0000 enter 6E, 0 7C924E50 E0 6E loopdne short 7C924EC0 7C924E52 0000 add [eax], al 7C924E54 FA cli 7C924E55 6E outs dx, byte ptr es:[edi] 7C924E56 0000 add [eax], al 7C924E58 126F 00 adc ch, [edi] 7C924E5B 0025 6F00003F add [3F00006F], ah 7C924E61 6F outs dx, dword ptr es:[edi] 7C924E62 0000 add [eax], al 7C924E64 52 push edx ; msvcrt.77C31AE8 7C924E65 6F outs dx, dword ptr es:[edi] 7C924E66 0000 add [eax], al 7C924E68 67:6F outs dx, dword ptr es:[di] 7C924E6A 0000 add [eax], al 7C924E6C 79 6F jns short 7C924EDD 7C924E6E 0000 add [eax], al 7C924E70 8A6F 00 mov ch, [edi] 7C924E73 009E 6F0000AE add [esi+AE00006F], bl 7C924E79 6F outs dx, dword ptr es:[edi] 7C924E7A 0000 add [eax], al 7C924E7C CD 6F int 6F 7C924E7E 0000 add [eax], al 7C924E80 E1 6F loopde short 7C924EF1 7C924E82 0000 add [eax], al 7C924E84 FA cli 7C924E85 6F outs dx, dword ptr es:[edi] 7C924E86 0000 add [eax], al 7C924E88 14 70 adc al, 70 7C924E8A 0000 add [eax], al 7C924E8C 3270 00 xor dh, [eax] 7C924E8F 004470 00 add [eax+esi*2], al 7C924E93 0051 70 add [ecx+70], dl 7C924E96 0000 add [eax], al 7C924E98 6E outs dx, byte ptr es:[edi] 7C924E99 70 00 jo short 7C924E9B 7C924E9B 0089 700000A5 add [ecx+A5000070], cl 7C924EA1 70 00 jo short 7C924EA3 7C924EA3 00C4 add ah, al 7C924EA5 70 00 jo short 7C924EA7 7C924EA7 00D5 add ch, dl 7C924EA9 70 00 jo short 7C924EAB 7C924EAB 00EF add bh, ch 7C924EAD 70 00 jo short 7C924EAF 7C924EAF 000C71 add [ecx+esi*2], cl 7C924EB2 0000 add [eax], al 7C924EB4 2371 00 and esi, [ecx] 7C924EB7 003E add [esi], bh 7C924EB9 71 00 jno short 7C924EBB 7C924EBB 0052 71 add [edx+71], dl 7C924EBE 0000 add [eax], al 7C924EC0 64:71 00 jno short 7C924EC3 7C924EC3 0085 71000095 add [ebp+95000071], al 7C924EC9 71 00 jno short 7C924ECB 7C924ECB 00A7 710000BE add [edi+BE000071], ah 7C924ED1 71 00 jno short 7C924ED3 7C924ED3 00D1 add cl, dl 7C924ED5 71 00 jno short 7C924ED7 7C924ED7 00EA add dl, ch 7C924ED9 71 00 jno short 7C924EDB 7C924EDB 00FD add ch, bh 7C924EDD 71 00 jno short 7C924EDF 7C924EDF 001C72 add [edx+esi*2], bl 7C924EE2 0000 add [eax], al 7C924EE4 27 daa 7C924EE5 72 00 jb short 7C924EE7 7C924EE7 0039 add [ecx], bh 7C924EE9 72 00 jb short 7C924EEB 7C924EEB 0053 72 add [ebx+72], dl 7C924EEE 0000 add [eax], al 7C924EF0 75 72 jnz short 7C924F64 7C924EF2 0000 add [eax], al 7C924EF4 96 xchg eax, esi ; ntdll.ZwTerminateProcess 7C924EF5 72 00 jb short 7C924EF7 7C924EF7 00BC72 0000D472 add [edx+esi*2+72D40000], bh 7C924EFE 0000 add [eax], al 7C924F00 E7 72 out 72, eax 7C924F02 0000 add [eax], al 7C924F04 F9 stc 7C924F05 72 00 jb short 7C924F07 7C924F07 001A add [edx], bl 7C924F09 73 00 jnb short 7C924F0B 7C924F0B 0027 add [edi], ah 7C924F0D 73 00 jnb short 7C924F0F 7C924F0F 003B add [ebx], bh 7C924F11 73 00 jnb short 7C924F13 7C924F13 0059 73 add [ecx+73], bl 7C924F16 0000 add [eax], al 7C924F18 6973 00 007A730>imul esi, [ebx], 737A00 7C924F1F 008E 730000A2 add [esi+A2000073], cl 7C924F25 73 00 jnb short 7C924F27 7C924F27 00B0 730000CB add [eax+CB000073], dh 7C924F2D 73 00 jnb short 7C924F2F 7C924F2F 00DF add bh, bl 7C924F31 73 00 jnb short 7C924F33 7C924F33 0000 add [eax], al 7C924F35 74 00 je short 7C924F37 7C924F37 001E add [esi], bl 7C924F39 74 00 je short 7C924F3B 7C924F3B 0049 74 add [ecx+74], cl 7C924F3E 0000 add [eax], al 7C924F40 7C 74 jl short 7C924FB6 7C924F42 0000 add [eax], al 7C924F44 867400 00 xchg [eax+eax], dh 7C924F48 95 xchg eax, ebp 7C924F49 74 00 je short 7C924F4B 7C924F4B 00A9 740000C1 add [ecx+C1000074], ch 7C924F51 74 00 je short 7C924F53 7C924F53 00D5 add ch, dl 7C924F55 74 00 je short 7C924F57 7C924F57 00E3 add bl, ah 7C924F59 74 00 je short 7C924F5B 7C924F5B 00FD add ch, bh 7C924F5D 74 00 je short 7C924F5F 7C924F5F 0019 add [ecx], bl 7C924F61 75 00 jnz short 7C924F63 7C924F63 0029 add [ecx], ch 7C924F65 75 00 jnz short 7C924F67 7C924F67 0041 75 add [ecx+75], al 7C924F6A 0000 add [eax], al 7C924F6C 59 pop ecx ; ntdll.7C92E89A 7C924F6D 75 00 jnz short 7C924F6F 7C924F6F 007475 00 add [ebp+esi*2], dh 7C924F73 0085 750000A1 add [ebp+A1000075], al 7C924F79 75 00 jnz short 7C924F7B 7C924F7B 00B0 750000BE add [eax+BE000075], dh 7C924F81 75 00 jnz short 7C924F83 7C924F83 00CB add bl, cl 7C924F85 75 00 jnz short 7C924F87 7C924F87 00D3 add bl, dl 7C924F89 75 00 jnz short 7C924F8B 7C924F8B 00EB add bl, ch 7C924F8D 75 00 jnz short 7C924F8F 7C924F8F 00F9 add cl, bh 7C924F91 75 00 jnz short 7C924F93 7C924F93 0009 add [ecx], cl 7C924F95 76 00 jbe short 7C924F97 7C924F97 001F add [edi], bl 7C924F99 76 00 jbe short 7C924F9B 7C924F9B 002D 7600003B add [3B000076], ch 7C924FA1 76 00 jbe short 7C924FA3 7C924FA3 0046 76 add [esi+76], al 7C924FA6 0000 add [eax], al 7C924FA8 5A pop edx ; ntdll.7C92E89A 7C924FA9 76 00 jbe short 7C924FAB 7C924FAB 0072 76 add [edx+76], dh 7C924FAE 0000 add [eax], al 7C924FB0 8076 00 00 xor byte ptr [esi], 0 7C924FB4 92 xchg eax, edx ; msvcrt.77C31AE8 7C924FB5 76 00 jbe short 7C924FB7 7C924FB7 009F 760000B4 add [edi+B4000076], bl 7C924FBD 76 00 jbe short 7C924FBF 7C924FBF 00C6 add dh, al 7C924FC1 76 00 jbe short 7C924FC3 7C924FC3 00D5 add ch, dl 7C924FC5 76 00 jbe short 7C924FC7 7C924FC7 00E1 add cl, ah 7C924FC9 76 00 jbe short 7C924FCB 7C924FCB 00F4 add ah, dh 7C924FCD 76 00 jbe short 7C924FCF 7C924FCF 0009 add [ecx], cl 7C924FD1 77 00 ja short 7C924FD3 7C924FD3 0018 add [eax], bl 7C924FD5 77 00 ja short 7C924FD7 7C924FD7 002E add [esi], ch 7C924FD9 77 00 ja short 7C924FDB 7C924FDB 0041 77 add [ecx+77], al 7C924FDE 0000 add [eax], al 7C924FE0 4E dec esi ; ntdll.ZwTerminateProcess 7C924FE1 77 00 ja short 7C924FE3 7C924FE3 005E 77 add [esi+77], bl 7C924FE6 0000 add [eax], al 7C924FE8 70 77 jo short 7C925061 7C924FEA 0000 add [eax], al 7C924FEC 8077 00 00 xor byte ptr [edi], 0 7C924FF0 90 nop 7C924FF1 77 00 ja short 7C924FF3 7C924FF3 00A2 770000BD add [edx+BD000077], ah 7C924FF9 77 00 ja short 7C924FFB 7C924FFB 00CC add ah, cl 7C924FFD 77 00 ja short 7C924FFF 7C924FFF 00DA add dl, bl 7C925001 77 00 ja short 7C925003 7C925003 00E8 add al, ch 7C925005 77 00 ja short 7C925007 7C925007 00FD add ch, bh 7C925009 77 00 ja short 7C92500B 7C92500B 000A add [edx], cl 7C92500D 78 00 js short 7C92500F 7C92500F 001F add [edi], bl 7C925011 78 00 js short 7C925013 7C925013 002F add [edi], ch 7C925015 78 00 js short 7C925017 7C925017 0040 78 add [eax+78], al 7C92501A 0000 add [eax], al 7C92501C 4D dec ebp 7C92501D 78 00 js short 7C92501F 7C92501F 005F 78 add [edi+78], bl 7C925022 0000 add [eax], al 7C925024 6C ins byte ptr es:[edi], dx 7C925025 78 00 js short 7C925027 7C925027 0078 78 add [eax+78], bh 7C92502A 0000 add [eax], al 7C92502C 91 xchg eax, ecx 7C92502D 78 00 js short 7C92502F 7C92502F 00A2 780000B8 add [edx+B8000078], ah 7C925035 78 00 js short 7C925037 7C925037 00C8 add al, cl 7C925039 78 00 js short 7C92503B 7C92503B 00DA add dl, bl 7C92503D 78 00 js short 7C92503F 7C92503F 00EB add bl, ch 7C925041 78 00 js short 7C925043 7C925043 0002 add [edx], al 7C925045 79 00 jns short 7C925047 7C925047 0011 add [ecx], dl 7C925049 79 00 jns short 7C92504B 7C92504B 0036 add [esi], dh 7C92504D 79 00 jns short 7C92504F 7C92504F 004A 79 add [edx+79], cl 7C925052 0000 add [eax], al 7C925054 5A pop edx ; ntdll.7C92E89A 7C925055 79 00 jns short 7C925057 7C925057 0068 79 add [eax+79], ch 7C92505A 0000 add [eax], al 7C92505C 73 79 jnb short 7C9250D7 7C92505E 0000 add [eax], al 7C925060 8679 00 xchg [ecx], bh 7C925063 009E 790000A9 add [esi+A9000079], bl 7C925069 79 00 jns short 7C92506B 7C92506B 00BE 790000D1 add [esi+D1000079], bh 7C925071 79 00 jns short 7C925073 7C925073 00E9 add cl, ch 7C925075 79 00 jns short 7C925077 7C925077 00FD add ch, bh 7C925079 79 00 jns short 7C92507B 7C92507B 000D 7A000020 add [2000007A], cl 7C925081 7A 00 jpe short 7C925083 7C925083 0036 add [esi], dh 7C925085 7A 00 jpe short 7C925087 7C925087 0049 7A add [ecx+7A], cl 7C92508A 0000 add [eax], al 7C92508C 59 pop ecx ; ntdll.7C92E89A 7C92508D 7A 00 jpe short 7C92508F 7C92508F 0075 7A add [ebp+7A], dh 7C925092 0000 add [eax], al 7C925094 8F ??? ; 未知命令 7C925095 7A 00 jpe short 7C925097 7C925097 00A3 7A0000B8 add [ebx+B800007A], ah 7C92509D 7A 00 jpe short 7C92509F 7C92509F 00CE add dh, cl 7C9250A1 7A 00 jpe short 7C9250A3 7C9250A3 00DF add bh, bl 7C9250A5 7A 00 jpe short 7C9250A7 7C9250A7 00F9 add cl, bh 7C9250A9 7A 00 jpe short 7C9250AB 7C9250AB 0006 add [esi], al 7C9250AD 7B 00 jpo short 7C9250AF 7C9250AF 0013 add [ebx], dl 7C9250B1 7B 00 jpo short 7C9250B3 7C9250B3 001D 7B000028 add [2800007B], bl 7C9250B9 7B 00 jpo short 7C9250BB 7C9250BB 0033 add [ebx], dh 7C9250BD 7B 00 jpo short 7C9250BF 7C9250BF 004F 7B add [edi+7B], cl 7C9250C2 0000 add [eax], al 7C9250C4 61 popad 7C9250C5 7B 00 jpo short 7C9250C7 7C9250C7 0075 7B add [ebp+7B], dh 7C9250CA 0000 add [eax], al 7C9250CC 8B7B 00 mov edi, [ebx] 7C9250CF 00A1 7B0000B8 add [ecx+B800007B], ah 7C9250D5 7B 00 jpo short 7C9250D7 7C9250D7 00D6 add dh, dl 7C9250D9 7B 00 jpo short 7C9250DB 7C9250DB 00E9 add cl, ch 7C9250DD 7B 00 jpo short 7C9250DF 7C9250DF 00FB add bl, bh 7C9250E1 7B 00 jpo short 7C9250E3 7C9250E3 0017 add [edi], dl 7C9250E5 7C 00 jl short 7C9250E7 7C9250E7 0029 add [ecx], ch 7C9250E9 7C 00 jl short 7C9250EB 7C9250EB 00447C 00 add [esp+edi*2], al 7C9250EF 005A 7C add [edx+7C], bl 7C9250F2 0000 add [eax], al 7C9250F4 - 66:7C 00 jl short 000050F7 7C9250F7 0076 7C add [esi+7C], dh 7C9250FA 0000 add [eax], al 7C9250FC 817C00 00 947C0>cmp dword ptr [eax+eax], 7C94 7C925104 A4 movs byte ptr es:[edi], byte ptr [esi> 7C925105 7C 00 jl short 7C925107 7C925107 00AE 7C0000BF add [esi+BF00007C], ch 7C92510D 7C 00 jl short 7C92510F 7C92510F 00CC add ah, cl 7C925111 7C 00 jl short 7C925113 7C925113 00E3 add bl, ah 7C925115 7C 00 jl short 7C925117 7C925117 00F1 add cl, dh 7C925119 7C 00 jl short 7C92511B 7C92511B 00047D 0000197D add [edi*2+7D190000], al 7C925122 0000 add [eax], al 7C925124 27 daa 7C925125 7D 00 jge short 7C925127 7C925127 0037 add [edi], dh 7C925129 7D 00 jge short 7C92512B 7C92512B 0050 7D add [eax+7D], dl 7C92512E 0000 add [eax], al 7C925130 5D pop ebp ; ntdll.7C92E89A 7C925131 7D 00 jge short 7C925133 7C925133 006F 7D add [edi+7D], ch 7C925136 0000 add [eax], al 7C925138 837D 00 00 cmp dword ptr [ebp], 0 7C92513C 8F ??? ; 未知命令 7C92513D 7D 00 jge short 7C92513F 7C92513F 00A1 7D0000B4 add [ecx+B400007D], ah 7C925145 7D 00 jge short 7C925147 7C925147 00C5 add ch, al 7C925149 7D 00 jge short 7C92514B 7C92514B 00E1 add cl, ah 7C92514D 7D 00 jge short 7C92514F 7C92514F 00FF add bh, bh 7C925151 7D 00 jge short 7C925153 7C925153 0016 add [esi], dl 7C925155 7E 00 jle short 7C925157 7C925157 0023 add [ebx], ah 7C925159 7E 00 jle short 7C92515B 7C92515B 0039 add [ecx], bh 7C92515D 7E 00 jle short 7C92515F 7C92515F 004F 7E add [edi+7E], cl 7C925162 0000 add [eax], al 7C925164 627E 00 bound edi, [esi] 7C925167 007A 7E add [edx+7E], bh 7C92516A 0000 add [eax], al 7C92516C 8F ??? ; 未知命令 7C92516D 7E 00 jle short 7C92516F 7C92516F 00A8 7E0000BD add [eax+BD00007E], ch 7C925175 7E 00 jle short 7C925177 7C925177 00D4 add ah, dl 7C925179 7E 00 jle short 7C92517B 7C92517B 00E2 add dl, ah 7C92517D 7E 00 jle short 7C92517F 7C92517F 00EF add bh, ch 7C925181 7E 00 jle short 7C925183 7C925183 0009 add [ecx], cl 7C925185 7F 00 jg short 7C925187 7C925187 0020 add [eax], ah 7C925189 7F 00 jg short 7C92518B 7C92518B 0037 add [edi], dh 7C92518D 7F 00 jg short 7C92518F 7C92518F 0053 7F add [ebx+7F], dl 7C925192 0000 add [eax], al 7C925194 6A 7F push 7F 7C925196 0000 add [eax], al 7C925198 847F 00 test [edi], bh 7C92519B 009D 7F0000B5 add [ebp+B500007F], bl 7C9251A1 7F 00 jg short 7C9251A3 7C9251A3 00CE add dh, cl 7C9251A5 7F 00 jg short 7C9251A7 7C9251A7 00E5 add ch, ah 7C9251A9 7F 00 jg short 7C9251AB 7C9251AB 00F9 add cl, bh 7C9251AD 7F 00 jg short 7C9251AF 7C9251AF 000480 add [eax+eax*4], al 7C9251B2 0000 add [eax], al 7C9251B4 1C 80 sbb al, 80 7C9251B6 0000 add [eax], al 7C9251B8 2A80 00003880 sub al, [eax+80380000] 7C9251BE 0000 add [eax], al 7C9251C0 4B dec ebx 7C9251C1 8000 00 add byte ptr [eax], 0 7C9251C4 65:8000 00 add byte ptr gs:[eax], 0 7C9251C8 8380 00009F80 0>add dword ptr [eax+809F0000], 0 7C9251CF 00AE 800000C4 add [esi+C4000080], ch 7C9251D5 8000 00 add byte ptr [eax], 0 7C9251D8 D5 80 aad 80 7C9251DA 0000 add [eax], al 7C9251DC EF out dx, eax 7C9251DD 8000 00 add byte ptr [eax], 0 7C9251E0 0D 8100002D or eax, 2D000081 7C9251E5 8100 00468100 add dword ptr [eax], 814600 7C9251EB 0058 81 add [eax-7F], bl 7C9251EE 0000 add [eax], al 7C9251F0 65:8100 007C810>add dword ptr gs:[eax], 817C00 7C9251F7 008C81 0000A181 add [ecx+eax*4+81A10000], cl 7C9251FE 0000 add [eax], al 7C925200 BE 810000CF mov esi, CF000081 7C925205 8100 00E08100 add dword ptr [eax], 81E000 7C92520B 00F1 add cl, dh 7C92520D 8100 00FC8100 add dword ptr [eax], 81FC00 7C925213 000E add [esi], cl 7C925215 8200 00 add byte ptr [eax], 0 7C925218 2082 00003482 and [edx+82340000], al 7C92521E 0000 add [eax], al 7C925220 52 push edx ; msvcrt.77C31AE8 7C925221 8200 00 add byte ptr [eax], 0 7C925224 66:8200 00 add byte ptr [eax], 0 7C925228 ^ 76 82 jbe short 7C9251AC 7C92522A 0000 add [eax], al 7C92522C 8982 00009E82 mov [edx+829E0000], eax 7C925232 0000 add [eax], al 7C925234 B3 82 mov bl, 82 7C925236 0000 add [eax], al 7C925238 BF 820000CC mov edi, CC000082 7C92523D 8200 00 add byte ptr [eax], 0 7C925240 D882 0000EF82 fadd dword ptr [edx+82EF0000] 7C925246 0000 add [eax], al 7C925248 0883 00001D83 or [ebx+831D0000], al 7C92524E 0000 add [eax], al 7C925250 3383 00004183 xor eax, [ebx+83410000] 7C925256 0000 add [eax], al 7C925258 58 pop eax ; ntdll.7C92E89A 7C925259 8300 00 add dword ptr [eax], 0 7C92525C 6F outs dx, dword ptr es:[edi] 7C92525D 8300 00 add dword ptr [eax], 0 7C925260 ^ 7C 83 jl short 7C9251E5 7C925262 0000 add [eax], al 7C925264 8E83 00009B83 mov es, [ebx+839B0000] 7C92526A 0000 add [eax], al 7C92526C AB stos dword ptr es:[edi] 7C92526D 8300 00 add dword ptr [eax], 0 7C925270 BA 830000C4 mov edx, C4000083 7C925275 8300 00 add dword ptr [eax], 0 7C925278 D083 0000E183 rol byte ptr [ebx+83E10000], 1 7C92527E 0000 add [eax], al 7C925280 F5 cmc 7C925281 8300 00 add dword ptr [eax], 0 7C925284 098400 001A8400 or [eax+eax+841A00], eax 7C92528B 002D 84000043 add [43000084], ch 7C925291 8400 test [eax], al 7C925293 005D 84 add [ebp-7C], bl 7C925296 0000 add [eax], al 7C925298 ^ 70 84 jo short 7C92521E 7C92529A 0000 add [eax], al 7C92529C 878400 00938400 xchg [eax+eax+849300], eax 7C9252A3 009E 840000B6 add [esi+B6000084], bl 7C9252A9 8400 test [eax], al 7C9252AB 00C9 add cl, cl 7C9252AD 8400 test [eax], al 7C9252AF 00E3 add bl, ah 7C9252B1 8400 test [eax], al 7C9252B3 00FF add bh, bh 7C9252B5 8400 test [eax], al 7C9252B7 001485 00002E85 add [eax*4+852E0000], dl 7C9252BE 0000 add [eax], al 7C9252C0 42 inc edx ; msvcrt.77C31AE8 7C9252C1 8500 test [eax], eax 7C9252C3 0059 85 add [ecx-7B], bl 7C9252C6 0000 add [eax], al 7C9252C8 ^ 71 85 jno short 7C92524F 7C9252CA 0000 add [eax], al 7C9252CC 8885 00009E85 mov [ebp+859E0000], al 7C9252D2 0000 add [eax], al 7C9252D4 B3 85 mov bl, 85 7C9252D6 0000 add [eax], al 7C9252D8 C585 0000D585 lds eax, [ebp+85D50000] 7C9252DE 0000 add [eax], al 7C9252E0 E7 85 out 85, eax 7C9252E2 0000 add [eax], al 7C9252E4 0186 00001B86 add [esi+861B0000], eax 7C9252EA 0000 add [eax], al 7C9252EC 2F das 7C9252ED 8600 xchg [eax], al 7C9252EF 004B 86 add [ebx-7A], cl 7C9252F2 0000 add [eax], al 7C9252F4 6986 00008086 0>imul eax, [esi+86800000], 86960000 7C9252FE 0000 add [eax], al 7C925300 A6 cmps byte ptr [esi], byte ptr es:[edi> 7C925301 8600 xchg [eax], al 7C925303 00C0 add al, al 7C925305 8600 xchg [eax], al 7C925307 00CB add bl, cl 7C925309 8600 xchg [eax], al 7C92530B 00E0 add al, ah 7C92530D 8600 xchg [eax], al 7C92530F 00EE add dh, ch 7C925311 8600 xchg [eax], al 7C925313 00FC add ah, bh 7C925315 8600 xchg [eax], al 7C925317 0017 add [edi], dl 7C925319 8700 xchg [eax], eax 7C92531B 0028 add [eax], ch 7C92531D 8700 xchg [eax], eax 7C92531F 0047 87 add [edi-79], al 7C925322 0000 add [eax], al 7C925324 56 push esi ; ntdll.ZwTerminateProcess 7C925325 8700 xchg [eax], eax 7C925327 006487 00 add [edi+eax*4], ah 7C92532B 0075 87 add [ebp-79], dh 7C92532E 0000 add [eax], al 7C925330 8587 00009A87 test [edi+879A0000], eax 7C925336 0000 add [eax], al 7C925338 AF scas dword ptr es:[edi] 7C925339 8700 xchg [eax], eax 7C92533B 00C2 add dl, al 7C92533D 8700 xchg [eax], eax 7C92533F 00D4 add ah, dl 7C925341 8700 xchg [eax], eax 7C925343 00E0 add al, ah 7C925345 8700 xchg [eax], eax 7C925347 00ED add ch, ch 7C925349 8700 xchg [eax], eax 7C92534B 0001 add [ecx], al 7C92534D 8800 mov [eax], al 7C92534F 0010 add [eax], dl 7C925351 8800 mov [eax], al 7C925353 001C88 add [eax+ecx*4], bl 7C925356 0000 add [eax], al 7C925358 2A88 00003788 sub cl, [eax+88370000] 7C92535E 0000 add [eax], al 7C925360 4D dec ebp 7C925361 8800 mov [eax], al 7C925363 0062 88 add [edx-78], ah 7C925366 0000 add [eax], al 7C925368 6F outs dx, dword ptr es:[edi] 7C925369 8800 mov [eax], al 7C92536B 0083 88000097 add [ebx+97000088], al 7C925371 8800 mov [eax], al 7C925373 00B0 880000C6 add [eax+C6000088], dh 7C925379 8800 mov [eax], al 7C92537B 00DA add dl, bl 7C92537D 8800 mov [eax], al 7C92537F 00ED add ch, ch 7C925381 8800 mov [eax], al 7C925383 00F9 add cl, bh 7C925385 8800 mov [eax], al 7C925387 000B add [ebx], cl 7C925389 8900 mov [eax], eax 7C92538B 001E add [esi], bl 7C92538D 8900 mov [eax], eax 7C92538F 0033 add [ebx], dh 7C925391 8900 mov [eax], eax 7C925393 004489 00 add [ecx+ecx*4], al 7C925397 0052 89 add [edx-77], dl 7C92539A 0000 add [eax], al 7C92539C 60 pushad 7C92539D 8900 mov [eax], eax 7C92539F 0070 89 add [eax-77], dh 7C9253A2 0000 add [eax], al 7C9253A4 8089 00009889 0>or byte ptr [ecx+89980000], 0 7C9253AB 00A6 890000C2 add [esi+C2000089], ah 7C9253B1 8900 mov [eax], eax 7C9253B3 00D4 add ah, dl 7C9253B5 8900 mov [eax], eax 7C9253B7 00F0 add al, dh 7C9253B9 8900 mov [eax], eax 7C9253BB 0009 add [ecx], cl 7C9253BD 8A00 mov al, [eax] 7C9253BF 0026 add [esi], ah 7C9253C1 8A00 mov al, [eax] 7C9253C3 0045 8A add [ebp-76], al 7C9253C6 0000 add [eax], al 7C9253C8 6C ins byte ptr es:[edi], dx 7C9253C9 8A00 mov al, [eax] 7C9253CB 0083 8A00009C add [ebx+9C00008A], al 7C9253D1 8A00 mov al, [eax] 7C9253D3 00B9 8A0000CF add [ecx+CF00008A], bh 7C9253D9 8A00 mov al, [eax] 7C9253DB 00E7 add bh, ah 7C9253DD 8A00 mov al, [eax] 7C9253DF 0003 add [ebx], al 7C9253E1 8B00 mov eax, [eax] 7C9253E3 000D 8B000021 add [2100008B], cl 7C9253E9 8B00 mov eax, [eax] 7C9253EB 0037 add [edi], dh 7C9253ED 8B00 mov eax, [eax] 7C9253EF 00548B 00 add [ebx+ecx*4], dl 7C9253F3 0069 8B add [ecx-75], ch 7C9253F6 0000 add [eax], al 7C9253F8 808B 00009B8B 0>or byte ptr [ebx+8B9B0000], 0 7C9253FF 00AD 8B0000B9 add [ebp+B900008B], ch 7C925405 8B00 mov eax, [eax] 7C925407 00D4 add ah, dl 7C925409 8B00 mov eax, [eax] 7C92540B 00EA add dl, ch 7C92540D 8B00 mov eax, [eax] 7C92540F 0009 add [ecx], cl 7C925411 8C00 mov [eax], es 7C925413 0022 add [edx], ah 7C925415 8C00 mov [eax], es 7C925417 0035 8C000051 add [5100008C], dh 7C92541D 8C00 mov [eax], es 7C92541F 0063 8C add [ebx-74], ah 7C925422 0000 add [eax], al 7C925424 ^ 73 8C jnb short 7C9253B2 7C925426 0000 add [eax], al 7C925428 8C8C00 00A78C00 mov [eax+eax+8CA700], cs 7C92542F 00C4 add ah, al 7C925431 8C00 mov [eax], es 7C925433 00DC add ah, bl 7C925435 8C00 mov [eax], es 7C925437 00F1 add cl, dh 7C925439 8C00 mov [eax], es 7C92543B 0009 add [ecx], cl 7C92543D 8D00 lea eax, [eax] 7C92543F 0028 add [eax], ch 7C925441 8D00 lea eax, [eax] 7C925443 0041 8D add [ecx-73], al 7C925446 0000 add [eax], al 7C925448 5C pop esp ; ntdll.7C92E89A 7C925449 8D00 lea eax, [eax] 7C92544B 006A 8D add [edx-73], ch 7C92544E 0000 add [eax], al 7C925450 ^ 7F 8D jg short 7C9253DF 7C925452 0000 add [eax], al 7C925454 98 cwde 7C925455 8D00 lea eax, [eax] 7C925457 00B1 8D0000C1 add [ecx+C100008D], dh 7C92545D 8D00 lea eax, [eax] 7C92545F 00CF add bh, cl 7C925461 8D00 lea eax, [eax] 7C925463 00D9 add cl, bl 7C925465 8D00 lea eax, [eax] 7C925467 00E4 add ah, ah 7C925469 8D00 lea eax, [eax] 7C92546B 00F3 add bl, dh 7C92546D 8D00 lea eax, [eax] 7C92546F 0005 8E00001E add [1E00008E], al 7C925475 8E00 mov es, [eax] 7C925477 0035 8E000046 add [4600008E], dh 7C92547D 8E00 mov es, [eax] 7C92547F 006A 8E add [edx-72], ch 7C925482 0000 add [eax], al 7C925484 848E 0000988E test [esi+8E980000], cl 7C92548A 0000 add [eax], al 7C92548C A8 8E test al, 8E 7C92548E 0000 add [eax], al 7C925490 B5 8E mov ch, 8E 7C925492 0000 add [eax], al 7C925494 CA 8E00 retf 8E 7C925497 00E0 add al, ah 7C925499 8E00 mov es, [eax] 7C92549B 00EF add bh, ch 7C92549D 8E00 mov es, [eax] 7C92549F 0000 add [eax], al 7C9254A1 8F00 pop dword ptr [eax] ; ntdll.7C92E89A 7C9254A3 0016 add [esi], dl 7C9254A5 8F00 pop dword ptr [eax] ; ntdll.7C92E89A 7C9254A7 0027 add [edi], ah 7C9254A9 8F00 pop dword ptr [eax] ; ntdll.7C92E89A 7C9254AB 003F add [edi], bh 7C9254AD 8F00 pop dword ptr [eax] ; ntdll.7C92E89A 7C9254AF 0051 8F add [ecx-71], dl 7C9254B2 0000 add [eax], al 7C9254B4 61 popad 7C9254B5 8F00 pop dword ptr [eax] ; ntdll.7C92E89A 7C9254B7 007B 8F add [ebx-71], bh 7C9254BA 0000 add [eax], al 7C9254BC 99 cdq 7C9254BD 8F00 pop dword ptr [eax] ; ntdll.7C92E89A 7C9254BF 00B7 8F0000D3 add [edi+D300008F], dh 7C9254C5 8F00 pop dword ptr [eax] ; ntdll.7C92E89A 7C9254C7 00F0 add al, dh 7C9254C9 8F00 pop dword ptr [eax] ; ntdll.7C92E89A 7C9254CB 000C90 add [eax+edx*4], cl 7C9254CE 0000 add [eax], al 7C9254D0 2890 00004590 sub [eax+90450000], dl 7C9254D6 0000 add [eax], al 7C9254D8 6B90 00008590 0>imul edx, [eax+90850000], 0 7C9254DF 00A3 900000BF add [ebx+BF000090], ah 7C9254E5 90 nop 7C9254E6 0000 add [eax], al 7C9254E8 CB retf 7C9254E9 90 nop 7C9254EA 0000 add [eax], al 7C9254EC - E9 900000FF jmp 7B925581 7C9254F1 90 nop 7C9254F2 0000 add [eax], al 7C9254F4 2191 00003291 and [ecx+91320000], edx ; msvcrt.77C31AE8 7C9254FA 0000 add [eax], al 7C9254FC 4C dec esp 7C9254FD 91 xchg eax, ecx 7C9254FE 0000 add [eax], al 7C925500 57 push edi 7C925501 91 xchg eax, ecx 7C925502 0000 add [eax], al 7C925504 ^ 74 91 je short 7C925497 7C925506 0000 add [eax], al 7C925508 8291 00009791 0>adc byte ptr [ecx+91970000], 0 7C92550F 00A491 0000BF91 add [ecx+edx*4+91BF0000], ah 7C925516 0000 add [eax], al 7C925518 D191 0000E491 rcl dword ptr [ecx+91E40000], 1 7C92551E 0000 add [eax], al 7C925520 0092 00001592 add [edx+92150000], dl 7C925526 0000 add [eax], al 7C925528 2392 00003E92 and edx, [edx+923E0000] 7C92552E 0000 add [eax], al 7C925530 58 pop eax ; ntdll.7C92E89A 7C925531 92 xchg eax, edx ; msvcrt.77C31AE8 7C925532 0000 add [eax], al 7C925534 6D ins dword ptr es:[edi], dx 7C925535 92 xchg eax, edx ; msvcrt.77C31AE8 7C925536 0000 add [eax], al 7C925538 8992 0000B092 mov [edx+92B00000], edx ; msvcrt.77C31AE8 7C92553E 0000 add [eax], al 7C925540 C192 0000D092 0>rcl dword ptr [edx+92D00000], 0 7C925547 00E4 add ah, ah 7C925549 92 xchg eax, edx ; msvcrt.77C31AE8 7C92554A 0000 add [eax], al 7C92554C FB sti 7C92554D 92 xchg eax, edx ; msvcrt.77C31AE8 7C92554E 0000 add [eax], al 7C925550 1C 93 sbb al, 93 7C925552 0000 add [eax], al 7C925554 3193 00004D93 xor [ebx+934D0000], edx ; msvcrt.77C31AE8 7C92555A 0000 add [eax], al 7C92555C 61 popad 7C92555D 93 xchg eax, ebx 7C92555E 0000 add [eax], al 7C925560 ^ 77 93 ja short 7C9254F5 7C925562 0000 add [eax], al 7C925564 92 xchg eax, edx ; msvcrt.77C31AE8 7C925565 93 xchg eax, ebx 7C925566 0000 add [eax], al 7C925568 AE scas byte ptr es:[edi] 7C925569 93 xchg eax, ebx 7C92556A 0000 add [eax], al 7C92556C CD 93 int 93 7C92556E 0000 add [eax], al 7C925570 F693 00000994 not byte ptr [ebx+94090000] 7C925576 0000 add [eax], al 7C925578 1A9400 00319400 sbb dl, [eax+eax+943100] 7C92557F 0045 94 add [ebp-6C], al 7C925582 0000 add [eax], al 7C925584 5B pop ebx ; ntdll.7C92E89A 7C925585 94 xchg eax, esp 7C925586 0000 add [eax], al 7C925588 6B9400 00759400>imul edx, [eax+eax+947500], 0 7C925590 829400 009D9400>adc byte ptr [eax+eax+949D00], 0 7C925598 B6 94 mov dh, 94 7C92559A 0000 add [eax], al 7C92559C D39400 00F39400 rcl dword ptr [eax+eax+94F300], cl 7C9255A3 000495 00001A95 add [edx*4+951A0000], al 7C9255AA 0000 add [eax], al 7C9255AC 2995 00004095 sub [ebp+95400000], edx ; msvcrt.77C31AE8 7C9255B2 0000 add [eax], al 7C9255B4 52 push edx ; msvcrt.77C31AE8 7C9255B5 95 xchg eax, ebp 7C9255B6 0000 add [eax], al 7C9255B8 6A 95 push -6B 7C9255BA 0000 add [eax], al 7C9255BC ^ 79 95 jns short 7C925553 7C9255BE 0000 add [eax], al 7C9255C0 8D95 0000A395 lea edx, [ebp+95A30000] 7C9255C6 0000 add [eax], al 7C9255C8 B5 95 mov ch, 95 7C9255CA 0000 add [eax], al 7C9255CC C9 leave 7C9255CD 95 xchg eax, ebp 7C9255CE 0000 add [eax], al 7C9255D0 DD95 0000F395 fst qword ptr [ebp+95F30000] 7C9255D6 0000 add [eax], al 7C9255D8 0996 00001896 or [esi+96180000], edx ; msvcrt.77C31AE8 7C9255DE 0000 add [eax], al 7C9255E0 34 96 xor al, 96 7C9255E2 0000 add [eax], al 7C9255E4 4F dec edi 7C9255E5 96 xchg eax, esi ; ntdll.ZwTerminateProcess 7C9255E6 0000 add [eax], al 7C9255E8 6D ins dword ptr es:[edi], dx 7C9255E9 96 xchg eax, esi ; ntdll.ZwTerminateProcess 7C9255EA 0000 add [eax], al 7C9255EC 8696 0000A396 xchg [esi+96A30000], dl 7C9255F2 0000 add [eax], al 7C9255F4 B7 96 mov bh, 96 7C9255F6 0000 add [eax], al 7C9255F8 ^ E0 96 loopdne short 7C925590 7C9255FA 0000 add [eax], al 7C9255FC FD std 7C9255FD 96 xchg eax, esi ; ntdll.ZwTerminateProcess 7C9255FE 0000 add [eax], al 7C925600 1097 00002697 adc [edi+97260000], dl 7C925606 0000 add [eax], al 7C925608 3D 97000056 cmp eax, 56000097 7C92560D 97 xchg eax, edi 7C92560E 0000 add [eax], al 7C925610 66:97 xchg ax, di 7C925612 0000 add [eax], al 7C925614 8097 00009297 0>adc byte ptr [edi+97920000], 0 7C92561B 00BD 970000CE add [ebp+CE000097], bh 7C925621 97 xchg eax, edi 7C925622 0000 add [eax], al 7C925624 E5 97 in eax, 97 7C925626 0000 add [eax], al 7C925628 0098 00001A98 add [eax+981A0000], bl 7C92562E 0000 add [eax], al 7C925630 36:98 cwde 7C925632 0000 add [eax], al 7C925634 4E dec esi ; ntdll.ZwTerminateProcess 7C925635 98 cwde 7C925636 0000 add [eax], al 7C925638 6298 00007B98 bound ebx, [eax+987B0000] 7C92563E 0000 add [eax], al 7C925640 97 xchg eax, edi 7C925641 98 cwde 7C925642 0000 add [eax], al 7C925644 BE 980000E6 mov esi, E6000098 7C925649 98 cwde 7C92564A 0000 add [eax], al 7C92564C 1199 00002699 adc [ecx+99260000], ebx 7C925652 0000 add [eax], al 7C925654 3999 00004699 cmp [ecx+99460000], ebx 7C92565A 0000 add [eax], al 7C92565C 58 pop eax ; ntdll.7C92E89A 7C92565D 99 cdq 7C92565E 0000 add [eax], al 7C925660 64:99 cdq 7C925662 0000 add [eax], al 7C925664 ^ 73 99 jnb short 7C9255FF 7C925666 0000 add [eax], al 7C925668 8999 00009F99 mov [ecx+999F0000], ebx 7C92566E 0000 add [eax], al 7C925670 B1 99 mov cl, 99 7C925672 0000 add [eax], al 7C925674 CF iretd 7C925675 99 cdq 7C925676 0000 add [eax], al 7C925678 DD99 0000F899 fstp qword ptr [ecx+99F80000] 7C92567E 0000 add [eax], al 7C925680 16 push ss 7C925681 9A 00002D9A 000>call far 0000:9A2D0000 7C925688 3B9A 00004E9A cmp ebx, [edx+9A4E0000] 7C92568E 0000 add [eax], al 7C925690 ^ 76 9A jbe short 7C92562C 7C925692 0000 add [eax], al 7C925694 9A 9A0000C0 9A0>call far 009A:C000009A 7C92569B 00DB add bl, bl 7C92569D 9A 0000EC9A 000>call far 0000:9AEC0000 7C9256A4 039B 0000149B add ebx, [ebx+9B140000] 7C9256AA 0000 add [eax], al 7C9256AC 309B 00004B9B xor [ebx+9B4B0000], bl 7C9256B2 0000 add [eax], al 7C9256B4 629B 0000719B bound ebx, [ebx+9B710000] 7C9256BA 0000 add [eax], al 7C9256BC 8B9B 0000A69B mov ebx, [ebx+9BA60000] 7C9256C2 0000 add [eax], al 7C9256C4 B3 9B mov bl, 9B 7C9256C6 0000 add [eax], al 7C9256C8 C2 9B00 retn 9B 7C9256CB 00D9 add cl, bl 7C9256CD 9B wait 7C9256CE 0000 add [eax], al 7C9256D0 EC in al, dx 7C9256D1 9B wait 7C9256D2 0000 add [eax], al 7C9256D4 FC cld 7C9256D5 9B wait 7C9256D6 0000 add [eax], al 7C9256D8 16 push ss 7C9256D9 9C pushfd 7C9256DA 0000 add [eax], al 7C9256DC 329C00 00439C00 xor bl, [eax+eax+9C4300] 7C9256E3 0055 9C add [ebp-64], dl 7C9256E6 0000 add [eax], al 7C9256E8 639C00 006F9C00 arpl [eax+eax+9C6F00], bx 7C9256EF 0080 9C000091 add [eax+9100009C], al 7C9256F5 9C pushfd 7C9256F6 0000 add [eax], al 7C9256F8 9C pushfd 7C9256F9 9C pushfd 7C9256FA 0000 add [eax], al 7C9256FC C09C00 00D59C00>rcr byte ptr [eax+eax+9CD500], 0 7C925704 EC in al, dx 7C925705 9C pushfd 7C925706 0000 add [eax], al 7C925708 FE ??? ; 未知命令 7C925709 9C pushfd 7C92570A 0000 add [eax], al 7C92570C 139D 00001D9D adc ebx, [ebp+9D1D0000] 7C925712 0000 add [eax], al 7C925714 3B9D 0000509D cmp ebx, [ebp+9D500000] 7C92571A 0000 add [eax], al 7C92571C 6F outs dx, dword ptr es:[edi] 7C92571D 9D popfd 7C92571E 0000 add [eax], al 7C925720 8F ??? ; 未知命令 7C925721 9D popfd 7C925722 0000 add [eax], al 7C925724 A8 9D test al, 9D 7C925726 0000 add [eax], al 7C925728 B9 9D0000D6 mov ecx, D600009D 7C92572D 9D popfd 7C92572E 0000 add [eax], al 7C925730 F0:9D lock popfd ; 不允许锁定前缀 7C925732 0000 add [eax], al 7C925734 0D 9E00001E or eax, 1E00009E 7C925739 9E sahf 7C92573A 0000 add [eax], al 7C92573C 2A9E 00003F9E sub bl, [esi+9E3F0000] 7C925742 0000 add [eax], al 7C925744 5D pop ebp ; ntdll.7C92E89A 7C925745 9E sahf 7C925746 0000 add [eax], al 7C925748 ^ 70 9E jo short 7C9256E8 7C92574A 0000 add [eax], al 7C92574C 859E 0000B39E test [esi+9EB30000], ebx 7C925752 0000 add [eax], al 7C925754 DD9E 0000F79E fstp qword ptr [esi+9EF70000] 7C92575A 0000 add [eax], al 7C92575C 15 9F000025 adc eax, 2500009F 7C925761 9F lahf 7C925762 0000 add [eax], al 7C925764 399F 00004D9F cmp [edi+9F4D0000], ebx 7C92576A 0000 add [eax], al 7C92576C 64:9F lahf 7C92576E 0000 add [eax], al 7C925770 829F 0000959F 0>sbb byte ptr [edi+9F950000], 0 7C925777 00B2 9F0000D4 add [edx+D400009F], dh 7C92577D 9F lahf 7C92577E 0000 add [eax], al 7C925780 EC in al, dx 7C925781 9F lahf 7C925782 0000 add [eax], al 7C925784 03A0 000016A0 add esp, [eax+A0160000] 7C92578A 0000 add [eax], al 7C92578C 24 A0 and al, 0A0 7C92578E 0000 add [eax], al 7C925790 39A0 000053A0 cmp [eax+A0530000], esp 7C925796 0000 add [eax], al 7C925798 ^ 70 A0 jo short 7C92573A 7C92579A 0000 add [eax], al 7C92579C 81A0 000096A0 0>and dword ptr [eax+A0960000], A0A600> 7C9257A6 0000 add [eax], al 7C9257A8 B9 A00000CB mov ecx, CB0000A0 7C9257AD A0 0000E0A0 mov al, [A0E00000] 7C9257B2 0000 add [eax], al 7C9257B4 F4 hlt 7C9257B5 A0 000005A1 mov al, [A1050000] 7C9257BA 0000 add [eax], al 7C9257BC 25 A1000033 and eax, 330000A1 7C9257C1 A1 000048A1 mov eax, [A1480000] 7C9257C6 0000 add [eax], al 7C9257C8 5F pop edi ; ntdll.7C92E89A |
|
[讨论]程序分析!
7C92428C 6A 30 push 30 7C92428E 06 push es 7C92428F 0069 8D add [ecx-73], ch 7C924292 0300 add eax, [eax] 7C924294 ^ 7C CC jl short 7C924262 7C924296 0100 add [eax], eax 7C924298 6A F2 push -0E 7C92429A 05 00411206 add eax, 6124100 7C92429F 00EA add dl, ch 7C9242A1 7C 03 jl short 7C9242A6 7C9242A3 000F add [edi], cl 7C9242A5 43 inc ebx 7C9242A6 0100 add [eax], eax 7C9242A8 F1 int1 7C9242A9 F605 00398102 0>test byte ptr [2813900], 0 7C9242B0 DE2406 fisub word ptr [esi+eax] 7C9242B3 00D1 add cl, dl 7C9242B5 2806 sub [esi], al 7C9242B7 00A1 B70500B2 add [ecx+B20005B7], ah 7C9242BD 04 02 add al, 2 7C9242BF 00B1 410100E4 add [ecx+E4000141], dh 7C9242C5 7D 03 jge short 7C9242CA 7C9242C7 0057 34 add [edi+34], dl 7C9242CA 06 push es 7C9242CB 0031 add [ecx], dh 7C9242CD 0301 add eax, [ecx] 7C9242CF 0071 07 add [ecx+7], dh 7C9242D2 0200 add al, [eax] 7C9242D4 8F ??? ; 未知命令 7C9242D5 FB sti 7C9242D6 0200 add al, [eax] 7C9242D8 DF47 01 fild word ptr [edi+1] 7C9242DB 00AA E1000059 add [edx+590000E1], ch 7C9242E1 B8 05002B04 mov eax, 42B0005 7C9242E6 0100 add [eax], eax 7C9242E8 26:9E sahf 7C9242EA 0100 add [eax], eax 7C9242EC B9 180200A2 mov ecx, A2000218 7C9242F1 7D 03 jge short 7C9242F6 7C9242F3 00E1 add cl, ah 7C9242F5 FF05 0006C605 inc dword ptr [5C60600] 7C9242FB 0061 C8 add [ecx-38], ah 7C9242FE 05 001B1103 add eax, 3111B00 7C924303 0033 add [ebx], dh 7C924305 0E push cs 7C924306 05 00B89401 add eax, 194B800 7C92430B 0039 add [ecx], bh 7C92430D 9D popfd 7C92430E 0100 add [eax], eax 7C924310 65:54 push esp 7C924312 0100 add [eax], eax 7C924314 E4 A9 in al, 0A9 7C924316 0200 add al, [eax] 7C924318 56 push esi ; ntdll.ZwTerminateProcess 7C924319 0801 or [ecx], al 7C92431B 0049 08 add [ecx+8], cl 7C92431E 0100 add [eax], eax 7C924320 E4 2D in al, 2D 7C924322 0100 add [eax], eax 7C924324 5A pop edx ; ntdll.7C92E89A 7C924325 1803 sbb [ebx], al 7C924327 007D AA add [ebp-56], bh 7C92432A 0200 add al, [eax] 7C92432C 99 cdq 7C92432D 1200 adc al, [eax] 7C92432F 009E 2B020049 add [esi+4900022B], bl 7C924335 0302 add eax, [edx] ; ntdll.7C99C8E0 7C924337 006D 2B add [ebp+2B], ch 7C92433A 0200 add al, [eax] 7C92433C E7 02 out 2, eax 7C92433E 0200 add al, [eax] 7C924340 5C pop esp ; ntdll.7C92E89A 7C924341 1200 adc al, [eax] 7C924343 00D6 add dh, dl 7C924345 1200 adc al, [eax] 7C924347 00A5 03010068 add [ebp+68000103], ah 7C92434D 27 daa 7C92434E 0200 add al, [eax] 7C924350 AC lods byte ptr [esi] 7C924351 AF scas dword ptr es:[edi] 7C924352 0100 add [eax], eax 7C924354 8140 03 002D1B0>add dword ptr [eax+3], 11B2D00 7C92435B 002A add [edx], ch 7C92435D 1A01 sbb al, [ecx] 7C92435F 0039 add [ecx], bh 7C924361 1A02 sbb al, [edx] 7C924363 006D 0E add [ebp+E], ch 7C924366 0300 add eax, [eax] 7C924368 8371 02 00 xor dword ptr [ecx+2], 0 7C92436C 26:0B03 or eax, es:[ebx] 7C92436F 0041 B5 add [ecx-4B], al 7C924372 05 009B1102 add eax, 2119B00 7C924377 0010 add [eax], dl 7C924379 90 nop 7C92437A 0300 add eax, [eax] 7C92437C BD A40100D9 mov ebp, D90001A4 7C924381 36:06 push es 7C924383 00BE 4D020013 add [esi+1300024D], bh 7C924389 2A06 sub al, [esi] 7C92438B 0081 F60500D8 add [ecx+D80005F6], al 7C924391 8A01 mov al, [ecx] 7C924393 00FE add dh, bh 7C924395 8B01 mov eax, [ecx] 7C924397 00F7 add bh, dh 7C924399 35 0600E486 xor eax, 86E40006 7C92439E 0300 add eax, [eax] 7C9243A0 A2 86030028 mov [28000386], al 7C9243A5 C405 00BD3B06 les eax, [63BBD00] 7C9243AB 000B add [ebx], cl 7C9243AD 3C 06 cmp al, 6 7C9243AF 0028 add [eax], ch 7C9243B1 F1 int1 7C9243B2 0200 add al, [eax] 7C9243B4 A0 F1020064 mov al, [640002F1] 7C9243B9 73 03 jnb short 7C9243BE 7C9243BB 006A 45 add [edx+45], ch 7C9243BE 06 push es 7C9243BF 00AB 310300CF add [ebx+CF000331], ch 7C9243C5 8A03 mov al, [ebx] 7C9243C7 00AB 380600D7 add [ebx+D7000638], ch 7C9243CD 3A06 cmp al, [esi] 7C9243CF 0019 add [ecx], bl 7C9243D1 3F aas 7C9243D2 06 push es 7C9243D3 00B1 3C06000D add [ecx+D00063C], dh 7C9243D9 40 inc eax 7C9243DA 06 push es 7C9243DB 002D 43060001 add [1000643], ch 7C9243E1 4A dec edx ; msvcrt.77C31AE8 7C9243E2 06 push es 7C9243E3 0003 add [ebx], al 7C9243E5 47 inc edi 7C9243E6 06 push es 7C9243E7 005E 6A add [esi+6A], bl 7C9243EA 05 00C03501 add eax, 135C000 7C9243EF 0059 71 add [ecx+71], bl 7C9243F2 0200 add al, [eax] 7C9243F4 B8 280600E9 mov eax, E9000628 7C9243F9 2E:06 push es 7C9243FB 009B BE050064 add [ebx+640005BE], bl 7C924401 94 xchg eax, esp 7C924402 0200 add al, [eax] 7C924404 291405 00F53701 sub [eax+137F500], edx ; msvcrt.77C31AE8 7C92440B 00E6 add dh, ah 7C92440D 3801 cmp [ecx], al 7C92440F 00C5 add ch, al 7C924411 34 00 xor al, 0 7C924413 00D5 add ch, dl 7C924415 36:0000 add ss:[eax], al 7C924418 64:4C dec esp 7C92441A 06 push es 7C92441B 0006 add [esi], al 7C92441D 37 aaa 7C92441E 0000 add [eax], al 7C924420 7B 36 jpo short 7C924458 7C924422 0000 add [eax], al 7C924424 A8 36 test al, 36 7C924426 0000 add [eax], al 7C924428 1F pop ds 7C924429 37 aaa 7C92442A 0000 add [eax], al 7C92442C B4 F2 mov ah, 0F2 7C92442E 05 00ED1000 add eax, 10ED00 7C924433 00CC add ah, cl 7C924435 A9 0200287C test eax, 7C280002 7C92443A 0300 add eax, [eax] 7C92443C B6 36 mov dh, 36 7C92443E 0100 add [eax], eax 7C924440 C2 2306 retn 623 7C924443 00BD 0F030023 add [ebp+2300030F], bh 7C924449 37 aaa 7C92444A 0100 add [eax], eax 7C92444C E5 1F in eax, 1F 7C92444E 05 00E41A01 add eax, 11AE400 7C924453 0036 add [esi], dh 7C924455 8402 test [edx], al 7C924457 00B9 1502009F add [ecx+9F000215], bh 7C92445D 2B06 sub eax, [esi] 7C92445F 006E 9D add [esi-63], ch 7C924462 0200 add al, [eax] 7C924464 F681 0200EEC8 0>test byte ptr [ecx+C8EE0002], 5 7C92446B 00CE add dh, cl 7C92446D C005 00513100 0>rol byte ptr [315100], 0 7C924474 1B67 01 sbb esp, [edi+1] 7C924477 00CB add bl, cl 7C924479 F1 int1 7C92447A 0000 add [eax], al 7C92447C 94 xchg eax, esp 7C92447D 97 xchg eax, edi 7C92447E 0200 add al, [eax] 7C924480 52 push edx ; msvcrt.77C31AE8 7C924481 24 05 and al, 5 7C924483 00C8 add al, cl 7C924485 24 05 and al, 5 7C924487 00FD add ch, bh 7C924489 F1 int1 7C92448A 0200 add al, [eax] 7C92448C 15 4D030017 adc eax, 1700034D 7C924491 2205 005E2802 and al, [2285E00] 7C924497 009A 4702003D add [edx+3D000247], bl 7C92449D FB sti 7C92449E 0000 add [eax], al 7C9244A0 89FB mov ebx, edi 7C9244A2 0000 add [eax], al 7C9244A4 D03F sar byte ptr [edi], 1 7C9244A6 0200 add al, [eax] 7C9244A8 A6 cmps byte ptr [esi], byte ptr es:[edi> 7C9244A9 2906 sub [esi], eax 7C9244AB 0020 add [eax], ah 7C9244AD E6 05 out 5, al 7C9244AF 0070 E6 add [eax-1A], dh 7C9244B2 05 00D8DC05 add eax, 5DCD800 7C9244B7 0059 64 add [ecx+64], bl 7C9244BA 0200 add al, [eax] 7C9244BC 3063 02 xor [ebx+2], ah 7C9244BF 0009 add [ecx], cl 7C9244C1 B0 01 mov al, 1 7C9244C3 004C85 03 add [ebp+eax*4+3], cl 7C9244C7 0089 B40500C0 add [ecx+C00005B4], cl 7C9244CD A1 010049ED mov eax, [ED490001] 7C9244D2 0200 add al, [eax] 7C9244D4 1042 01 adc [edx+1], al 7C9244D7 00C2 add dl, al 7C9244D9 F9 stc 7C9244DA 05 00E0A101 add eax, 1A1E000 ; ASCII "ges/mail3title01a.gif" 7C9244DF 0095 C0020050 add [ebp+500002C0], dl 7C9244E5 8703 xchg [ebx], eax 7C9244E7 00A1 430100AB add [ecx+AB000143], ah 7C9244ED 0906 or [esi], eax 7C9244EF 0021 add [ecx], ah 7C9244F1 E1 02 loopde short 7C9244F5 7C9244F3 00E2 add dl, ah 7C9244F5 0101 add [ecx], eax 7C9244F7 007A 80 add [edx-80], bh 7C9244FA 0200 add al, [eax] 7C9244FC B5 05 mov ch, 5 7C9244FE 0200 add al, [eax] 7C924500 A0 300500EB mov al, [EB000530] 7C924505 3805 00493205 cmp [5324900], al 7C92450B 0075 37 add [ebp+37], dh 7C92450E 05 0081FC02 add eax, 2FC8100 7C924513 0050 22 add [eax+22], dl 7C924516 05 0075FC05 add eax, 5FC7500 7C92451B 0081 F70500FD add [ecx+FD0005F7], al 7C924521 6905 00D87602 0>imul eax, [276D800], 0EBAC00 7C92452B 00AB 4E0600DA add [ebx+DA00064E], ch 7C924531 4E dec esi ; ntdll.ZwTerminateProcess 7C924532 06 push es 7C924533 0007 add [edi], al 7C924535 2A03 sub al, [ebx] 7C924537 00FD add ch, bh 7C924539 79 01 jns short 7C92453C 7C92453B 0077 1A add [edi+1A], dh 7C92453E 0200 add al, [eax] 7C924540 5F pop edi ; ntdll.7C92E89A 7C924541 0902 or [edx], eax 7C924543 0021 add [ecx], ah 7C924545 24 06 and al, 6 7C924547 0023 add [ebx], ah 7C924549 71 02 jno short 7C92454D 7C92454B 00C0 add al, al 7C92454D 2B06 sub eax, [esi] 7C92454F 00F3 add bl, dh 7C924551 59 pop ecx ; ntdll.7C92E89A 7C924552 0300 add eax, [eax] 7C924554 57 push edi 7C924555 0A01 or al, [ecx] 7C924557 00A5 03020061 add [ebp+61000203], ah 7C92455D 0901 or [ecx], eax 7C92455F 0083 9201008A add [ebx+8A000192], al 7C924565 34 06 xor al, 6 7C924567 0057 32 add [edi+32], dl 7C92456A 0300 add eax, [eax] 7C92456C 232A and ebp, [edx] ; ntdll.7C99C8E0 7C92456E 0200 add al, [eax] 7C924570 40 inc eax 7C924571 0301 add eax, [ecx] 7C924573 0073 20 add [ebx+20], dh 7C924576 05 008BEF02 add eax, 2EF8B00 7C92457B 003D EF02008B add [8B0002EF], bh 7C924581 2306 and eax, [esi] 7C924583 005423 06 add [ebx+6], dl 7C924587 0076 1F add [esi+1F], dh 7C92458A 05 0050AE05 add eax, 5AE5000 7C92458F 0014E2 add [edx], dl 7C924592 0200 add al, [eax] 7C924594 EC in al, dx 7C924595 CE into 7C924596 0200 add al, [eax] 7C924598 D9C9 fxch st(1) 7C92459A 05 00005D02 add eax, 25D0000 7C92459F 0061 03 add [ecx+3], ah 7C9245A2 0300 add eax, [eax] 7C9245A4 60 pushad 7C9245A5 8202 00 add byte ptr [edx], 0 7C9245A8 CE into 7C9245A9 0E push cs 7C9245AA 0200 add al, [eax] 7C9245AC 05 1B0600A7 add eax, A700061B 7C9245B1 A8 01 test al, 1 7C9245B3 00B5 6E020062 add [ebp+6200026E], dh 7C9245B9 AF scas dword ptr es:[edi] 7C9245BA 0100 add [eax], eax 7C9245BC 46 inc esi ; ntdll.ZwTerminateProcess 7C9245BD 2C 03 sub al, 3 7C9245BF 00CF add bh, cl 7C9245C1 AE scas byte ptr es:[edi] 7C9245C2 05 008DEE02 add eax, 2EE8D00 7C9245C7 0040 03 add [eax+3], al 7C9245CA 0100 add [eax], eax 7C9245CC 693406 00D81F05 imul esi, [esi+eax], 51FD800 7C9245D3 0018 add [eax], bl 7C9245D5 AF scas dword ptr es:[edi] 7C9245D6 0100 add [eax], eax 7C9245D8 42 inc edx ; msvcrt.77C31AE8 7C9245D9 F4 hlt 7C9245DA 0200 add al, [eax] 7C9245DC 92 xchg eax, edx ; msvcrt.77C31AE8 7C9245DD E1 02 loopde short 7C9245E1 7C9245DF 00C3 add bl, al 7C9245E1 C8 05008C enter 5, 8C 7C9245E5 D102 rol dword ptr [edx], 1 7C9245E7 0027 add [edi], ah 7C9245E9 2205 0096F402 and al, [2F49600] 7C9245EF 00C1 add cl, al 7C9245F1 27 daa 7C9245F2 0200 add al, [eax] 7C9245F4 A9 F80500E1 test eax, E10005F8 7C9245F9 EE out dx, al 7C9245FA 05 00298705 add eax, 5872900 7C9245FF 0025 FB050061 add [610005FB], ah 7C924605 B7 01 mov bh, 1 7C924607 00ED add ch, ch 7C924609 0901 or [ecx], eax 7C92460B 0062 14 add [edx+14], ah 7C92460E 0200 add al, [eax] 7C924610 8675 03 xchg [ebp+3], dh 7C924613 0012 add [edx], dl 7C924615 0A02 or al, [edx] 7C924617 009493 0200207F add [ebx+edx*4+7F200002], dl 7C92461E 0200 add al, [eax] 7C924620 A0 A40100DC mov al, [DC0001A4] 7C924625 4F dec edi 7C924626 0200 add al, [eax] 7C924628 FE ??? ; 未知命令 7C924629 2306 and eax, [esi] 7C92462B 0093 8A030009 add [ebx+900038A], dl 7C924631 8901 mov [ecx], eax 7C924633 00ED add ch, ch 7C924635 2206 and al, [esi] 7C924637 004F D6 add [edi-2A], cl 7C92463A 0200 add al, [eax] 7C92463C 93 xchg eax, ebx 7C92463D B1 02 mov cl, 2 7C92463F 000D 2401005B add [5B000124], cl 7C924645 55 push ebp 7C924646 06 push es 7C924647 008D 5106007F add [ebp+7F000651], cl 7C92464D 52 push edx ; msvcrt.77C31AE8 7C92464E 06 push es 7C92464F 0005 51060067 add [67000651], al 7C924655 53 push ebx 7C924656 06 push es 7C924657 003B add [ebx], bh 7C924659 55 push ebp 7C92465A 06 push es 7C92465B 004B 55 add [ebx+55], cl 7C92465E 06 push es 7C92465F 001D 5306002B add [2B000653], bl 7C924665 1100 adc [eax], eax 7C924667 006D 57 add [ebp+57], ch 7C92466A 06 push es 7C92466B 00EF add bh, ch 7C92466D 60 pushad 7C92466E 06 push es 7C92466F 00B3 DC0500C6 add [ebx+C60005DC], dh 7C924675 3001 xor [ecx], al 7C924677 00AE DD050061 add [esi+610005DD], ch 7C92467D 8C01 mov [ecx], es 7C92467F 00B3 DC0500DE add [ebx+DE0005DC], dh 7C924685 61 popad 7C924686 0200 add al, [eax] 7C924688 49 dec ecx 7C924689 A0 05009B2F mov al, [2F9B0005] 7C92468E 0100 add [eax], eax 7C924690 D236 sal byte ptr [esi], cl 7C924692 0100 add [eax], eax 7C924694 BC 60020028 mov esp, 28000260 7C924699 6B03 00 imul eax, [ebx], 0 7C92469C D5 10 aad 10 7C92469E 0300 add eax, [eax] 7C9246A0 8B37 mov esi, [edi] 7C9246A2 0100 add [eax], eax 7C9246A4 E5 1F in eax, 1F 7C9246A6 05 00407A03 add eax, 37A4000 7C9246AB 00F0 add al, dh 7C9246AD 0801 or [ecx], al 7C9246AF 00EC add ah, ch 7C9246B1 73 02 jnb short 7C9246B5 7C9246B3 00FF add bh, bh 7C9246B5 DC05 0082DE05 fadd qword ptr [5DE8200] 7C9246BB 00B9 CD0200F9 add [ecx+F90002CD], bh 7C9246C1 A1 05005B45 mov eax, [455B0005] 7C9246C6 0200 add al, [eax] 7C9246C8 95 xchg eax, ebp 7C9246C9 CA 0200 retf 2 7C9246CC CD 83 int 83 7C9246CE 0300 add eax, [eax] 7C9246D0 BC 970200F9 mov esp, F9000297 7C9246D5 DF05 00E80C06 fild word ptr [60CE800] 7C9246DB 00F5 add ch, dh 7C9246DD A7 cmps dword ptr [esi], dword ptr es:[e> 7C9246DE 0100 add [eax], eax 7C9246E0 BF E7020095 mov edi, 950002E7 7C9246E5 8C03 mov [ebx], es 7C9246E7 0097 34010018 add [edi+18000134], dl 7C9246ED 0A06 or al, [esi] 7C9246EF 003B add [ebx], bh 7C9246F1 0C 06 or al, 6 7C9246F3 0072 5C add [edx+5C], dh 7C9246F6 0100 add [eax], eax 7C9246F8 DDB2 02003AEF fsave [edx+EF3A0002] 7C9246FE 05 00210106 add eax, 6012100 7C924703 0069 1F add [ecx+1F], ch 7C924706 05 00443D03 add eax, 33D4400 7C92470B 00A7 D905001B add [edi+1B0005D9], ah 7C924711 3100 xor [eax], eax 7C924713 000D 6A050030 add [3000056A], cl 7C924719 05 020037E9 add eax, E9370002 7C92471E 0100 add [eax], eax 7C924720 56 push esi ; ntdll.ZwTerminateProcess 7C924721 2105 00B36106 and [661B300], eax 7C924727 0009 add [ecx], cl 7C924729 6A 03 push 3 7C92472B 000C62 add [edx], cl 7C92472E 06 push es 7C92472F 0087 9C0200C6 add [edi+C600029C], al 7C924735 9B wait 7C924736 0200 add al, [eax] 7C924738 E0 61 loopdne short 7C92479B 7C92473A 06 push es 7C92473B 0057 90 add [edi-70], dl 7C92473E 0100 add [eax], eax 7C924740 8F ??? ; 未知命令 7C924741 8F01 pop dword ptr [ecx] ; ntdll.7C92E89A 7C924743 00D8 add al, bl 7C924745 DC05 00D8DC05 fadd qword ptr [5DCD800] 7C92474B 00B3 DC0500B3 add [ebx+B30005DC], dh 7C924751 DC05 009FB202 fadd qword ptr [2B29F00] 7C924757 0079 D3 add [ecx-2D], bh 7C92475A 0000 add [eax], al 7C92475C 8ED3 mov ss, bx 7C92475E 0000 add [eax], al 7C924760 A3 D30000B8 mov [B80000D3], eax 7C924765 D300 rol dword ptr [eax], cl 7C924767 00CD add ch, cl 7C924769 D300 rol dword ptr [eax], cl 7C92476B 00E2 add dl, ah 7C92476D D300 rol dword ptr [eax], cl 7C92476F 00F7 add bh, dh 7C924771 D300 rol dword ptr [eax], cl 7C924773 000CD4 add [esp+edx*8], cl 7C924776 0000 add [eax], al 7C924778 21D4 and esp, edx ; msvcrt.77C31AE8 7C92477A 0000 add [eax], al 7C92477C 36:D4 00 aam 0 7C92477F 004B D4 add [ebx-2C], cl 7C924782 0000 add [eax], al 7C924784 60 pushad 7C924785 D4 00 aam 0 7C924787 0075 D4 add [ebp-2C], dh 7C92478A 0000 add [eax], al 7C92478C 8AD4 mov dl, ah 7C92478E 0000 add [eax], al 7C924790 9F lahf 7C924791 D4 00 aam 0 7C924793 00B4D4 0000C9D4 add [esp+edx*8+D4C90000], dh 7C92479A 0000 add [eax], al 7C92479C DED4 ficom esp ; 非法使用寄存器 7C92479E 0000 add [eax], al 7C9247A0 F3: prefix rep: 7C9247A1 D4 00 aam 0 7C9247A3 0008 add [eax], cl 7C9247A5 D5 00 aad 0 7C9247A7 001D D5000032 add [320000D5], bl 7C9247AD D5 00 aad 0 7C9247AF 0047 D5 add [edi-2B], al 7C9247B2 0000 add [eax], al 7C9247B4 5C pop esp ; ntdll.7C92E89A 7C9247B5 D5 00 aad 0 7C9247B7 0071 D5 add [ecx-2B], dh 7C9247BA 0000 add [eax], al 7C9247BC 86D5 xchg ch, dl 7C9247BE 0000 add [eax], al 7C9247C0 9B wait 7C9247C1 D5 00 aad 0 7C9247C3 00B0 D50000C5 add [eax+C50000D5], dh 7C9247C9 D5 00 aad 0 7C9247CB 00DA add dl, bl 7C9247CD D5 00 aad 0 7C9247CF 00EF add bh, ch 7C9247D1 D5 00 aad 0 7C9247D3 0004D6 add [esi+edx*8], al 7C9247D6 0000 add [eax], al 7C9247D8 19D6 sbb esi, edx ; msvcrt.77C31AE8 7C9247DA 0000 add [eax], al 7C9247DC 2E:D6 salc 7C9247DE 0000 add [eax], al 7C9247E0 43 inc ebx 7C9247E1 D6 salc 7C9247E2 0000 add [eax], al 7C9247E4 58 pop eax ; ntdll.7C92E89A 7C9247E5 D6 salc 7C9247E6 0000 add [eax], al 7C9247E8 6D ins dword ptr es:[edi], dx 7C9247E9 D6 salc 7C9247EA 0000 add [eax], al 7C9247EC 82D6 00 adc dh, 0 7C9247EF 0097 D60000AC add [edi+AC0000D6], dl 7C9247F5 D6 salc 7C9247F6 0000 add [eax], al 7C9247F8 C1D6 00 rcl esi, 0 7C9247FB 00D6 add dh, dl 7C9247FD D6 salc 7C9247FE 0000 add [eax], al 7C924800 5C pop esp ; ntdll.7C92E89A 7C924801 EA 0000EBD6 000>jmp far 0000:D6EB0000 7C924808 00D7 add bh, dl 7C92480A 0000 add [eax], al 7C92480C 15 D700002A adc eax, 2A0000D7 7C924811 D7 xlat byte ptr [ebx+al] 7C924812 0000 add [eax], al 7C924814 3F aas 7C924815 D7 xlat byte ptr [ebx+al] 7C924816 0000 add [eax], al 7C924818 54 push esp 7C924819 D7 xlat byte ptr [ebx+al] 7C92481A 0000 add [eax], al 7C92481C 69D7 00007ED7 imul edx, edi, D77E0000 7C924822 0000 add [eax], al 7C924824 93 xchg eax, ebx 7C924825 D7 xlat byte ptr [ebx+al] 7C924826 0000 add [eax], al 7C924828 A8 D7 test al, 0D7 7C92482A 0000 add [eax], al 7C92482C BD D70000D2 mov ebp, D20000D7 7C924831 D7 xlat byte ptr [ebx+al] 7C924832 0000 add [eax], al 7C924834 E7 D7 out 0D7, eax 7C924836 0000 add [eax], al 7C924838 FC cld 7C924839 D7 xlat byte ptr [ebx+al] 7C92483A 0000 add [eax], al 7C92483C 11D8 adc eax, ebx 7C92483E 0000 add [eax], al 7C924840 26:D800 fadd dword ptr es:[eax] 7C924843 003B add [ebx], bh 7C924845 D800 fadd dword ptr [eax] 7C924847 0050 D8 add [eax-28], dl 7C92484A 0000 add [eax], al 7C92484C 65:D800 fadd dword ptr gs:[eax] 7C92484F 007A D8 add [edx-28], bh 7C924852 0000 add [eax], al 7C924854 8F ??? ; 未知命令 7C924855 D800 fadd dword ptr [eax] 7C924857 00A4D8 0000B9D8 add [eax+ebx*8+D8B90000], ah 7C92485E 0000 add [eax], al 7C924860 CE into 7C924861 D800 fadd dword ptr [eax] 7C924863 00E3 add bl, ah 7C924865 D800 fadd dword ptr [eax] 7C924867 00F8 add al, bh 7C924869 D800 fadd dword ptr [eax] 7C92486B 000D D9000022 add [220000D9], cl 7C924871 D900 fld dword ptr [eax] 7C924873 0037 add [edi], dh 7C924875 D900 fld dword ptr [eax] 7C924877 004CD9 00 add [ecx+ebx*8], cl 7C92487B 0061 D9 add [ecx-27], ah 7C92487E 0000 add [eax], al 7C924880 ^ 76 D9 jbe short 7C92485B 7C924882 0000 add [eax], al 7C924884 8BD9 mov ebx, ecx 7C924886 0000 add [eax], al 7C924888 A0 D90000B5 mov al, [B50000D9] 7C92488D D900 fld dword ptr [eax] 7C92488F 00CA add dl, cl 7C924891 D900 fld dword ptr [eax] 7C924893 00DF add bh, bl 7C924895 D900 fld dword ptr [eax] 7C924897 00F4 add ah, dh 7C924899 D900 fld dword ptr [eax] 7C92489B 0009 add [ecx], cl 7C92489D DA00 fiadd dword ptr [eax] 7C92489F 001E add [esi], bl 7C9248A1 DA00 fiadd dword ptr [eax] 7C9248A3 0033 add [ebx], dh 7C9248A5 DA00 fiadd dword ptr [eax] 7C9248A7 0048 DA add [eax-26], cl 7C9248AA 0000 add [eax], al 7C9248AC 5D pop ebp ; ntdll.7C92E89A 7C9248AD DA00 fiadd dword ptr [eax] 7C9248AF 0072 DA add [edx-26], dh 7C9248B2 0000 add [eax], al 7C9248B4 87DA xchg edx, ebx 7C9248B6 0000 add [eax], al 7C9248B8 9C pushfd 7C9248B9 DA00 fiadd dword ptr [eax] 7C9248BB 00B1 DA0000C6 add [ecx+C60000DA], dh 7C9248C1 DA00 fiadd dword ptr [eax] 7C9248C3 00DB add bl, bl 7C9248C5 DA00 fiadd dword ptr [eax] 7C9248C7 00F0 add al, dh 7C9248C9 DA00 fiadd dword ptr [eax] 7C9248CB 0005 DB00001A add [1A0000DB], al 7C9248D1 DB00 fild dword ptr [eax] 7C9248D3 002F add [edi], ch 7C9248D5 DB00 fild dword ptr [eax] 7C9248D7 0044DB 00 add [ebx+ebx*8], al 7C9248DB 0059 DB add [ecx-25], bl 7C9248DE 0000 add [eax], al 7C9248E0 6E outs dx, byte ptr es:[edi] 7C9248E1 DB00 fild dword ptr [eax] 7C9248E3 0098 DB000083 add [eax+830000DB], bl 7C9248E9 DB00 fild dword ptr [eax] 7C9248EB 00AD DB0000C2 add [ebp+C20000DB], ch 7C9248F1 DB00 fild dword ptr [eax] 7C9248F3 00D7 add bh, dl 7C9248F5 DB00 fild dword ptr [eax] 7C9248F7 00EC add ah, ch 7C9248F9 DB00 fild dword ptr [eax] 7C9248FB 0001 add [ecx], al 7C9248FD DC00 fadd qword ptr [eax] 7C9248FF 0016 add [esi], dl 7C924901 DC00 fadd qword ptr [eax] 7C924903 002B add [ebx], ch 7C924905 DC00 fadd qword ptr [eax] 7C924907 0040 DC add [eax-24], al 7C92490A 0000 add [eax], al 7C92490C 55 push ebp 7C92490D DC00 fadd qword ptr [eax] 7C92490F 006A DC add [edx-24], ch 7C924912 0000 add [eax], al 7C924914 ^ 7F DC jg short 7C9248F2 7C924916 0000 add [eax], al 7C924918 94 xchg eax, esp 7C924919 DC00 fadd qword ptr [eax] 7C92491B 00A9 DC0000BE add [ecx+BE0000DC], ch 7C924921 DC00 fadd qword ptr [eax] 7C924923 00D3 add bl, dl 7C924925 DC00 fadd qword ptr [eax] 7C924927 00E8 add al, ch 7C924929 DC00 fadd qword ptr [eax] 7C92492B 00FD add ch, bh 7C92492D DC00 fadd qword ptr [eax] 7C92492F 0012 add [edx], dl 7C924931 DD00 fld qword ptr [eax] 7C924933 0027 add [edi], ah 7C924935 DD00 fld qword ptr [eax] 7C924937 003CDD 000071EA add [ebx*8+EA710000], bh 7C92493E 0000 add [eax], al 7C924940 51 push ecx 7C924941 DD00 fld qword ptr [eax] 7C924943 0066 DD add [esi-23], ah 7C924946 0000 add [eax], al 7C924948 7B DD jpo short 7C924927 7C92494A 0000 add [eax], al 7C92494C 90 nop 7C92494D DD00 fld qword ptr [eax] 7C92494F 00A5 DD0000BA add [ebp+BA0000DD], ah 7C924955 DD00 fld qword ptr [eax] 7C924957 00CF add bh, cl 7C924959 DD00 fld qword ptr [eax] 7C92495B 00E4 add ah, ah 7C92495D DD00 fld qword ptr [eax] 7C92495F 00F9 add cl, bh 7C924961 DD00 fld qword ptr [eax] 7C924963 000E add [esi], cl 7C924965 DE00 fiadd word ptr [eax] 7C924967 0023 add [ebx], ah 7C924969 DE00 fiadd word ptr [eax] 7C92496B 0038 add [eax], bh 7C92496D DE00 fiadd word ptr [eax] 7C92496F 004D DE add [ebp-22], cl 7C924972 0000 add [eax], al 7C924974 62DE bound ebx, esi ; 非法使用寄存器 7C924976 0000 add [eax], al 7C924978 ^ 77 DE ja short 7C924958 7C92497A 0000 add [eax], al 7C92497C 8CDE mov si, ds 7C92497E 0000 add [eax], al 7C924980 A1 DE0000B6 mov eax, [B60000DE] 7C924985 DE00 fiadd word ptr [eax] 7C924987 00CB add bl, cl 7C924989 DE00 fiadd word ptr [eax] 7C92498B 00E0 add al, ah 7C92498D DE00 fiadd word ptr [eax] 7C92498F 00F5 add ch, dh 7C924991 DE00 fiadd word ptr [eax] 7C924993 000A add [edx], cl 7C924995 DF00 fild word ptr [eax] 7C924997 001F add [edi], bl 7C924999 DF00 fild word ptr [eax] 7C92499B 0034DF add [edi+ebx*8], dh 7C92499E 0000 add [eax], al 7C9249A0 49 dec ecx 7C9249A1 DF00 fild word ptr [eax] 7C9249A3 005E DF add [esi-21], bl 7C9249A6 0000 add [eax], al 7C9249A8 ^ 73 DF jnb short 7C924989 7C9249AA 0000 add [eax], al 7C9249AC 88DF mov bh, bl 7C9249AE 0000 add [eax], al 7C9249B0 9D popfd 7C9249B1 DF00 fild word ptr [eax] 7C9249B3 00B2 DF0000C7 add [edx+C70000DF], dh 7C9249B9 DF00 fild word ptr [eax] 7C9249BB 00DC add ah, bl 7C9249BD DF00 fild word ptr [eax] 7C9249BF 00F1 add cl, dh 7C9249C1 DF00 fild word ptr [eax] 7C9249C3 0006 add [esi], al 7C9249C5 E0 00 loopdne short 7C9249C7 7C9249C7 001B add [ebx], bl 7C9249C9 E0 00 loopdne short 7C9249CB 7C9249CB 0030 add [eax], dh 7C9249CD E0 00 loopdne short 7C9249CF 7C9249CF 0045 E0 add [ebp-20], al 7C9249D2 0000 add [eax], al 7C9249D4 5A pop edx ; ntdll.7C92E89A 7C9249D5 E0 00 loopdne short 7C9249D7 7C9249D7 006F E0 add [edi-20], ch 7C9249DA 0000 add [eax], al 7C9249DC 84E0 test al, ah 7C9249DE 0000 add [eax], al 7C9249E0 99 cdq 7C9249E1 E0 00 loopdne short 7C9249E3 7C9249E3 00AE E00000C3 add [esi+C30000E0], ch 7C9249E9 E0 00 loopdne short 7C9249EB 7C9249EB 00D8 add al, bl 7C9249ED E0 00 loopdne short 7C9249EF 7C9249EF 00ED add ch, ch 7C9249F1 E0 00 loopdne short 7C9249F3 7C9249F3 0002 add [edx], al 7C9249F5 E1 00 loopde short 7C9249F7 7C9249F7 00B0 EA000017 add [eax+170000EA], dh 7C9249FD E1 00 loopde short 7C9249FF 7C9249FF 002CE1 add [ecx], ch 7C924A02 0000 add [eax], al 7C924A04 41 inc ecx 7C924A05 E1 00 loopde short 7C924A07 7C924A07 0056 E1 add [esi-1F], dl 7C924A0A 0000 add [eax], al 7C924A0C 6BE1 00 imul esp, ecx, 0 7C924A0F 0080 E1000095 add [eax+950000E1], al 7C924A15 E1 00 loopde short 7C924A17 7C924A17 00AA E10000BF add [edx+BF0000E1], ch 7C924A1D E1 00 loopde short 7C924A1F 7C924A1F 00D4 add ah, dl 7C924A21 E1 00 loopde short 7C924A23 7C924A23 00E9 add cl, ch 7C924A25 E1 00 loopde short 7C924A27 7C924A27 00FE add dh, bh 7C924A29 E1 00 loopde short 7C924A2B 7C924A2B 0013 add [ebx], dl 7C924A2D E2 00 loopd short 7C924A2F 7C924A2F 0028 add [eax], ch 7C924A31 E2 00 loopd short 7C924A33 7C924A33 003D E2000052 add [520000E2], bh 7C924A39 E2 00 loopd short 7C924A3B 7C924A3B 0067 E2 add [edi-1E], ah 7C924A3E 0000 add [eax], al 7C924A40 ^ 7C E2 jl short 7C924A24 7C924A42 0000 add [eax], al 7C924A44 91 xchg eax, ecx 7C924A45 E2 00 loopd short 7C924A47 7C924A47 00A6 E20000BB add [esi+BB0000E2], ah 7C924A4D E2 00 loopd short 7C924A4F 7C924A4F 00D0 add al, dl 7C924A51 E2 00 loopd short 7C924A53 7C924A53 0086 EA0000E5 add [esi+E50000EA], al 7C924A59 E2 00 loopd short 7C924A5B 7C924A5B 00FA add dl, bh 7C924A5D E2 00 loopd short 7C924A5F 7C924A5F 000F add [edi], cl 7C924A61 E3 00 jecxz short 7C924A63 7C924A63 0024E3 add [ebx], ah 7C924A66 0000 add [eax], al 7C924A68 39E3 cmp ebx, esp 7C924A6A 0000 add [eax], al 7C924A6C 4E dec esi ; ntdll.ZwTerminateProcess 7C924A6D E3 00 jecxz short 7C924A6F 7C924A6F 0063 E3 add [ebx-1D], ah 7C924A72 0000 add [eax], al 7C924A74 ^ 78 E3 js short 7C924A59 7C924A76 0000 add [eax], al 7C924A78 8DE3 lea esp, ebx ; 非法使用寄存器 7C924A7A 0000 add [eax], al 7C924A7C A2 E30000B7 mov [B70000E3], al 7C924A81 E3 00 jecxz short 7C924A83 7C924A83 00CC add ah, cl 7C924A85 E3 00 jecxz short 7C924A87 7C924A87 00E1 add cl, ah 7C924A89 E3 00 jecxz short 7C924A8B 7C924A8B 00F6 add dh, dh 7C924A8D E3 00 jecxz short 7C924A8F 7C924A8F 000B add [ebx], cl 7C924A91 E4 00 in al, 0 7C924A93 0020 add [eax], ah 7C924A95 E4 00 in al, 0 7C924A97 0035 E400004A add [4A0000E4], dh 7C924A9D E4 00 in al, 0 7C924A9F 005F E4 add [edi-1C], bl 7C924AA2 0000 add [eax], al 7C924AA4 ^ 74 E4 je short 7C924A8A 7C924AA6 0000 add [eax], al 7C924AA8 89E4 mov esp, esp 7C924AAA 0000 add [eax], al 7C924AAC 9E sahf 7C924AAD E4 00 in al, 0 7C924AAF 00B3 E40000C8 add [ebx+C80000E4], dh 7C924AB5 E4 00 in al, 0 7C924AB7 00DD add ch, bl 7C924AB9 E4 00 in al, 0 7C924ABB 00F2 add dl, dh 7C924ABD E4 00 in al, 0 7C924ABF 0007 add [edi], al 7C924AC1 E5 00 in eax, 0 7C924AC3 001CE5 000031E5 add [E5310000], bl 7C924ACA 0000 add [eax], al 7C924ACC 46 inc esi ; ntdll.ZwTerminateProcess 7C924ACD E5 00 in eax, 0 7C924ACF 005B E5 add [ebx-1B], bl 7C924AD2 0000 add [eax], al 7C924AD4 ^ 70 E5 jo short 7C924ABB 7C924AD6 0000 add [eax], al 7C924AD8 85E5 test ebp, esp 7C924ADA 0000 add [eax], al 7C924ADC 9A E50000AF E50>call far 00E5:AF0000E5 7C924AE3 00C4 add ah, al 7C924AE5 E5 00 in eax, 0 7C924AE7 00D9 add cl, bl 7C924AE9 E5 00 in eax, 0 7C924AEB 00EE add dh, ch 7C924AED E5 00 in eax, 0 7C924AEF 0003 add [ebx], al 7C924AF1 E6 00 out 0, al 7C924AF3 0018 add [eax], bl 7C924AF5 E6 00 out 0, al 7C924AF7 002D E6000042 add [420000E6], ch 7C924AFD E6 00 out 0, al 7C924AFF 0057 E6 add [edi-1A], dl 7C924B02 0000 add [eax], al 7C924B04 6C ins byte ptr es:[edi], dx 7C924B05 E6 00 out 0, al 7C924B07 0081 E6000096 add [ecx+960000E6], al 7C924B0D E6 00 out 0, al 7C924B0F 00AB E60000C0 add [ebx+C00000E6], ch 7C924B15 E6 00 out 0, al 7C924B17 00D5 add ch, dl 7C924B19 E6 00 out 0, al 7C924B1B 00EA add dl, ch 7C924B1D E6 00 out 0, al 7C924B1F 00FF add bh, bh 7C924B21 E6 00 out 0, al 7C924B23 0014E7 add [edi], dl 7C924B26 0000 add [eax], al 7C924B28 29E7 sub edi, esp 7C924B2A 0000 add [eax], al 7C924B2C 3E:E7 00 out 0, eax 7C924B2F 0053 E7 add [ebx-19], dl 7C924B32 0000 add [eax], al 7C924B34 68 E700007D push 7D0000E7 7C924B39 E7 00 out 0, eax 7C924B3B 0092 E70000A7 add [edx+A70000E7], dl 7C924B41 E7 00 out 0, eax 7C924B43 00BCE7 0000D1E7 add [edi+E7D10000], bh 7C924B4A 0000 add [eax], al 7C924B4C E6 E7 out 0E7, al 7C924B4E 0000 add [eax], al 7C924B50 FB sti 7C924B51 E7 00 out 0, eax 7C924B53 0010 add [eax], dl 7C924B55 E8 000025E8 call 64B74B5A 7C924B5A 0000 add [eax], al 7C924B5C 3AE8 cmp ch, al 7C924B5E 0000 add [eax], al 7C924B60 4F dec edi 7C924B61 E8 000064E8 call 64F64B66 7C924B66 0000 add [eax], al 7C924B68 ^ 79 E8 jns short 7C924B52 7C924B6A 0000 add [eax], al 7C924B6C 8EE8 mov gs, ax 7C924B6E 0000 add [eax], al 7C924B70 A3 E80000B8 mov [B80000E8], eax 7C924B75 E8 0000CDE8 call 655F4B7A 7C924B7A 0000 add [eax], al 7C924B7C ^ E2 E8 loopd short 7C924B66 7C924B7E 0000 add [eax], al 7C924B80 F7E8 imul eax 7C924B82 0000 add [eax], al 7C924B84 0C E9 or al, 0E9 7C924B86 0000 add [eax], al 7C924B88 21E9 and ecx, ebp 7C924B8A 0000 add [eax], al 7C924B8C 36:E9 00004BE9 jmp 65DD4B92 7C924B92 0000 add [eax], al 7C924B94 60 pushad 7C924B95 - E9 000075E9 jmp 66074B9A 7C924B9A 0000 add [eax], al 7C924B9C 8AE9 mov ch, cl 7C924B9E 0000 add [eax], al 7C924BA0 9B wait 7C924BA1 EA 00009FE9 000>jmp far 0000:E99F0000 7C924BA8 B4 E9 mov ah, 0E9 7C924BAA 0000 add [eax], al 7C924BAC C9 leave 7C924BAD - E9 0000DEE9 jmp 66704BB2 7C924BB2 0000 add [eax], al 7C924BB4 F3: prefix rep: 7C924BB5 - E9 000008EA jmp 669A4BBA 7C924BBA 0000 add [eax], al 7C924BBC 1D EA000032 sbb eax, 320000EA 7C924BC1 EA 000047EA 000>jmp far 0000:EA470000 7C924BC8 17 pop ss 7C924BC9 1300 adc eax, [eax] 7C924BCB 00D3 add bl, dl 7C924BCD 1300 adc eax, [eax] 7C924BCF 00B7 140000CB add [edi+CB000014], dh 7C924BD5 16 push ss 7C924BD6 0000 add [eax], al 7C924BD8 7E 17 jle short 7C924BF1 7C924BDA 0000 add [eax], al 7C924BDC B5 72 mov ch, 72 7C924BDE 0300 add eax, [eax] 7C924BE0 8F ??? ; 未知命令 7C924BE1 FD std 7C924BE2 06 push es 7C924BE3 0049 FD add [ecx-3], cl 7C924BE6 06 push es 7C924BE7 0037 add [edi], dh 7C924BE9 FD std 7C924BEA 06 push es 7C924BEB 003D 180000EC add [EC000018], bh 7C924BF1 1800 sbb [eax], al 7C924BF3 00D0 add al, dl 7C924BF5 1900 sbb [eax], eax 7C924BF7 0009 add [ecx], cl 7C924BF9 1A00 sbb al, [eax] 7C924BFB 004B 1A add [ebx+1A], cl 7C924BFE 0000 add [eax], al 7C924C00 021B add bl, [ebx] 7C924C02 0000 add [eax], al 7C924C04 26:1B00 sbb eax, es:[eax] 7C924C07 00D5 add ch, dl 7C924C09 FD std 7C924C0A 06 push es 7C924C0B 004C1B 00 add [ebx+ebx], cl 7C924C0F 00B9 1B000053 add [ecx+5300001B], bh 7C924C15 1C 00 sbb al, 0 7C924C17 00CD add ch, cl 7C924C19 1C 00 sbb al, 0 7C924C1B 0009 add [ecx], cl 7C924C1D 1A00 sbb al, [eax] 7C924C1F 0000 add [eax], al 7C924C21 C007 00 rol byte ptr [edi], 0 7C924C24 F1 int1 7C924C25 1C 00 sbb al, 0 7C924C27 0051 FF add [ecx-1], dl 7C924C2A 06 push es 7C924C2B 0073 00 add [ebx], dh 7C924C2E 07 pop es 7C924C2F 003A add [edx], bh 7C924C31 F2: prefix repne: 7C924C32 0200 add al, [eax] 7C924C34 A5 movs dword ptr es:[edi], dword ptr [e> 7C924C35 ED in eax, dx 7C924C36 0200 add al, [eax] 7C924C38 CD 00 int 0 7C924C3A 07 pop es 7C924C3B 0092 FE0600AB add [edx+AB0006FE], dl 7C924C41 FF06 inc dword ptr [esi] 7C924C43 001D 1D000006 add [600001D], bl 7C924C49 0107 add [edi], eax 7C924C4B 0016 add [esi], dl 7C924C4D 0107 add [edi], eax 7C924C4F 00A1 C2010074 add [ecx+740001C2], ah 7C924C55 0107 add [edi], eax 7C924C57 007433 01 add [ebx+esi+1], dh 7C924C5B 007433 01 add [ebx+esi+1], dh 7C924C5F 00BC02 07006B9F add [edx+eax+9F6B0007], bh 7C924C66 0100 add [eax], eax 7C924C68 - E9 02070016 jmp 9292536F 7C924C6D 0307 add eax, [edi] 7C924C6F 0063 03 add [ebx+3], ah 7C924C72 07 pop es 7C924C73 0089 FF0600AB add [ecx+AB0006FF], cl 7C924C79 0007 add [edi], al 7C924C7B 00BE FE0600D7 add [esi+D70006FE], bh 7C924C81 FF06 inc dword ptr [esi] 7C924C83 0017 add [edi], dl 7C924C85 04 03 add al, 3 7C924C87 0075 03 add [ebp+3], dh 7C924C8A 07 pop es 7C924C8B 0090 380100E9 add [eax+E9000138], dl 7C924C91 4B dec ebx 7C924C92 0200 add al, [eax] 7C924C94 15 A40100EB adc eax, EB0001A4 7C924C99 0307 add eax, [edi] 7C924C9B 0021 add [ecx], ah 7C924C9D 04 07 add al, 7 7C924C9F 0031 add [ecx], dh 7C924CA1 04 07 add al, 7 7C924CA3 0059 60 add [ecx+60], bl 7C924CA6 0300 add eax, [eax] 7C924CA8 EC in al, dx 7C924CA9 05 0700751D add eax, 1D750007 7C924CAE 0000 add [eax], al 7C924CB0 294C02 00 sub [edx+eax], ecx 7C924CB4 34 4C xor al, 4C 7C924CB6 0200 add al, [eax] 7C924CB8 FB sti 7C924CB9 4F dec edi 7C924CBA 0100 add [eax], eax 7C924CBC 1E push ds 7C924CBD 1E push ds 7C924CBE 0000 add [eax], al 7C924CC0 2B13 sub edx, [ebx] 7C924CC2 0000 add [eax], al 7C924CC4 CE into 7C924CC5 04 07 add al, 7 7C924CC7 005D 1F add [ebp+1F], bl 7C924CCA 0000 add [eax], al 7C924CCC 5C pop esp ; ntdll.7C92E89A |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值