|
[分享]献给初学者---OllyDBG入门教程(收藏版)
好帖 回一个 |
|
求助,这个入口是什么壳的?
这么难的东西还是让高手解决吧? |
|
求助,这个入口是什么壳的?
用PEID查不出来么?入口是00473019 60 PUSHAD那个吧?应该是ASPPACK的吧~我也是新手哦 好象看过这样开头的 |
|
|
|
[讨论]说句心里话,斑竹不要删我ID
老大 我只想知道自己那个破解开了没~~谢谢哦~ |
|
[求助]关于破解问题
老大救救命哦~谢谢啦 |
|
[求助]关于破解问题
老大 这个壳不是俺这样的新手该练的吧?不是秒破的吧?我说我怎么简单的一找就能找到 这个怎么找都不行 |
|
[求助]关于破解问题
其实我也努力过的~真的! 为了给大大们省点空间,我这样用连接吧?谁帮帮忙哦 谢谢,谢谢 修改前的: http://ys-e.ys168.com/ys168up/D3/?修改前的.exey69z7qdqd1f9b0z9q9b5b2b5bi0bpql9b0b4b1bq9f6e01e20e01e24b1b2f2f9b0f9fcpd7z 修改后的: http://ys-e.ys168.com/ys168up/D1/?修改过的.exey69z76fdqd1f9b0z9q9b5b2b5bi0bpql9b0b4b2bi0f6e01e20e01e24b1b2f2f9b0f9fcpd7z 打开那个还必须有个更新程序: http://ys-e.ys168.com/ys168up/D1/?更新程序.exey69z7qdqd1f9b0z9q9b5b2b5bi0bpql9b1b4bi6f9f6e01e20e01e24b1b2f2f9b0f9fc4fd7z |
|
[求助]关于破解问题
偶是真的 真的很想学啊~ 偶有几个真的很想问的问题 不知道哪位老大帮下忙啦? 1、PEID里的EP具体是指什么?和OLLYDBG的OEP是一样的? 2、能拿以下这个.EXE文件说说么? 扫描出Microsoft Visual C++ 7.0 [Overlay](个人认为是假的) 入口点:00003DD7 文件偏移:00003DD7 链接器信息 7.10 EP区段: 名称 偏移 大小 偏移 大小 标志 .text 00001000 000069b8 00001000 000069b8 60000020 .rdata 00008000 00001958 00008000 00001958 40000040 .data 0000a000 00001538 0000a000 00001538 c0000040 .rsrc 0000c000 00002238 0000c000 00002238 40000040 .idata2 0000F000 00001000 0000E400 00000A00 C0000040(显示4.03未加壳) CAVE信息 RVA 偏移 大小 .text 000079bf 000079bf 00000041 .rdata 0000995f 0000995f 000000A1 .data 0000A3A1 0000A3A1 0000125F .rsrc 0000E238 0000E238 000001C5 .idata2 0000F69C 0000EA9C 00000364 (有问题的是.idata2发生偏移) .idata2的disassemble 0040F000: 0000 ADD [EAX], AL 0040F002: 0000 ADD [EAX], AL 0040F004: 0000 ADD [EAX], AL 0040F006: 0000 ADD [EAX], AL 0040F008: 0000 ADD [EAX], AL 0040F00A: 0000 ADD [EAX], AL 0040F00C: 78F0 JS 40EFFE 0040F00E: 0000 ADD [EAX], AL 0040F010: 008000000000 ADD [EAX], AL 0040F016: 0000 ADD [EAX], AL 0040F018: 0000 ADD [EAX], AL 0040F01A: 0000 ADD [EAX], AL 0040F01C: 0000 ADD [EAX], AL 0040F01E: 0000 ADD [EAX], AL 0040F020: E5F0 IN EAX, F0 0040F022: 0000 ADD [EAX], AL 0040F024: 1C80 SBB AL, 80 0040F026: 0000 ADD [EAX], AL 0040F028: 0000 ADD [EAX], AL 0040F02A: 0000 ADD [EAX], AL 0040F02C: 0000 ADD [EAX], AL 0040F02E: 0000 ADD [EAX], AL 0040F030: 0000 ADD [EAX], AL 0040F032: 0000 ADD [EAX], AL 0040F034: D0F4 INVALID 0040F036: 0000 ADD [EAX], AL 0040F038: 0C81 OR AL, 81 0040F03A: 0000 ADD [EAX], AL 0040F03C: 0000 ADD [EAX], AL 0040F03E: 0000 ADD [EAX], AL 0040F040: 0000 ADD [EAX], AL 0040F042: 0000 ADD [EAX], AL 0040F044: 0000 ADD [EAX], AL 0040F046: 0000 ADD [EAX], AL 0040F048: EC IN AL, DX 0040F049: F4 HLT 0040F04A: 0000 ADD [EAX], AL 0040F04C: 1481 ADC AL, 81 0040F04E: 0000 ADD [EAX], AL 0040F050: 0000 ADD [EAX], AL 0040F052: 0000 ADD [EAX], AL 0040F054: 0000 ADD [EAX], AL 0040F056: 0000 ADD [EAX], AL 0040F058: 0000 ADD [EAX], AL 0040F05A: 0000 ADD [EAX], AL 0040F05C: 01F6 ADD ESI, ESI 0040F05E: 0000 ADD [EAX], AL 0040F060: 5C POP ESP 0040F061: 810000000000 ADD [EAX], 00000000 0040F067: 0000 ADD [EAX], AL 0040F069: 0000 ADD [EAX], AL 0040F06B: 0000 ADD [EAX], AL 0040F06D: 0000 ADD [EAX], AL 0040F06F: 0000 ADD [EAX], AL 0040F071: 0000 ADD [EAX], AL 0040F073: 0000 ADD [EAX], AL 0040F075: 0000 ADD [EAX], AL 0040F077: 004144 ADD [ECX+44], AL 0040F07A: 56 PUSH ESI 0040F07B: 41 INC ECX 0040F07C: 50 PUSH EAX 0040F07D: 49 DEC ECX 0040F07E: 3332 XOR ESI, [EDX] 0040F080: 2E646C INSB 0040F083: 6C INSB 0040F084: 00CE ADD DH, CL 0040F086: 015265 ADD [EDX+65], EDX 0040F089: 6743 INC EBX 0040F08B: 7265 JB 40F0F2 0040F08D: 61 POPAD 0040F08E: 7465 JZ 40F0F5 0040F090: 4B DEC EBX 0040F091: 657941 JNS 40F0D5 0040F094: 00FB ADD BL, BH 0040F096: 015265 ADD [EDX+65], EDX 0040F099: 6753 PUSH EBX 0040F09B: 657456 JZ 40F0F4 0040F09E: 61 POPAD 0040F09F: 6C INSB 0040F0A0: 7565 JNZ 40F107 0040F0A2: 45 INC EBP 0040F0A3: 7841 JS 40F0E6 0040F0A5: 00E4 ADD AH, AH 0040F0A7: 015265 ADD [EDX+65], EDX 0040F0AA: 674F DEC EDI 0040F0AC: 7065 JO 40F113 0040F0AE: 6E OUTSB 0040F0AF: 4B DEC EBX 0040F0B0: 657945 JNS 40F0F8 0040F0B3: 7841 JS 40F0F6 0040F0B5: 00EE ADD DH, CH 0040F0B7: 015265 ADD [EDX+65], EDX 0040F0BA: 6751 PUSH ECX 0040F0BC: 7565 JNZ 40F123 0040F0BE: 7279 JB 40F139 0040F0C0: 56 PUSH ESI 0040F0C1: 61 POPAD 0040F0C2: 6C INSB 0040F0C3: 7565 JNZ 40F12A 0040F0C5: 45 INC EBP 0040F0C6: 7841 JS 40F109 0040F0C8: 00CB ADD BL, CL 0040F0CA: 015265 ADD [EDX+65], EDX 0040F0CD: 6743 INC EBX 0040F0CF: 6C INSB 0040F0D0: 6F OUTSD 0040F0D1: 7365 JNB 40F138 0040F0D3: 4B DEC EBX 0040F0D4: 657900 JNS 40F0D7 0040F0D7: E301 JECXZ 40F0DA 0040F0D9: 52 PUSH EDX 0040F0DA: 65674F DEC EDI 0040F0DD: 7065 JO 40F144 0040F0DF: 6E OUTSB 0040F0E0: 4B DEC EBX 0040F0E1: 657941 JNS 40F125 0040F0E4: 006B65 ADD [EBX+65], CH 0040F0E7: 726E JB 40F157 0040F0E9: 656C INSB 0040F0EB: 3332 XOR ESI, [EDX] 0040F0ED: 2E646C INSB 0040F0F0: 6C INSB 0040F0F1: 0032 ADD [EDX], DH 0040F0F3: 00436C ADD [EBX+6C], AL 0040F0F6: 6F OUTSD 0040F0F7: 7365 JNB 40F15E 0040F0F9: 48 DEC EAX 0040F0FA: 61 POPAD 0040F0FB: 6E OUTSB 0040F0FC: 646C INSB 0040F0FE: 65005000 ADD GS:[EAX], DL 0040F102: 43 INC EBX 0040F103: 7265 JB 40F16A 0040F105: 61 POPAD 0040F106: 7465 JZ 40F16D 0040F108: 46 INC ESI 0040F109: 696C654100D20147 IMUL EBP, [EBP+*2] 0040F111: 657454 JZ 40F168 0040F114: 69636B436F756E IMUL ESP, [EBX+6B], 6E756F43 0040F11B: 7400 JZ 40F11D 0040F11D: 6D INSD 0040F11E: 004372 ADD [EBX+72], AL 0040F121: 6561 POPAD 0040F123: 7465 JZ 40F18A 0040F125: 54 PUSH ESP 0040F126: 6872656164 PUSH 64616572 0040F12B: 00740147 ADD [ECX+EAX+47], DH 0040F12F: 65744D JZ 40F17F 0040F132: 6F OUTSD 0040F133: 64756C JNZ 40F1A2 0040F136: 6546 INC ESI 0040F138: 696C654E616D6541 IMUL EBP, [EBP+*2] 0040F140: 006901 ADD [ECX+01], CH 0040F143: 47 INC EDI 0040F144: 65744C JZ 40F193 0040F147: 61 POPAD 0040F148: 7374 JNB 40F1BE 0040F14A: 45 INC EBP 0040F14B: 7272 JB 40F1BF 0040F14D: 6F OUTSD 0040F14E: 7200 JB 40F150 0040F150: 4C DEC ESP 0040F151: 004372 ADD [EBX+72], AL 0040F154: 6561 POPAD 0040F156: 7465 JZ 40F1BD 0040F158: 45 INC EBP 0040F159: 7665 JBE 40F1C0 0040F15B: 6E OUTSB 0040F15C: 7441 JZ 40F19F 0040F15E: 00B700457869 ADD [EDI+69784500], DH 0040F164: 7450 JZ 40F1B6 0040F166: 726F JB 40F1D7 0040F168: 636573 ARPL ESP, [EBP+73] 0040F16B: 7300 JNB 40F16D 0040F16D: 7601 JBE 40F170 0040F16F: 47 INC EDI 0040F170: 65744D JZ 40F1C0 0040F173: 6F OUTSD 0040F174: 64756C JNZ 40F1E3 0040F177: 6548 DEC EAX 0040F179: 61 POPAD 0040F17A: 6E OUTSB 0040F17B: 646C INSB 0040F17D: 6541 INC ECX 0040F17F: 000A ADD [EDX], CL 0040F181: 014765 ADD [EDI+65], EAX 0040F184: 7443 JZ 40F1C9 0040F186: 6F OUTSD 0040F187: 6D INSD 0040F188: 6D INSD 0040F189: 61 POPAD 0040F18A: 6E OUTSB 0040F18B: 644C DEC ESP 0040F18D: 696E654100B303 IMUL EBP, [ESI+65], 03B30041 0040F194: 6C INSB 0040F195: 7374 JNB 40F20B 0040F197: 726C JB 40F205 0040F199: 656E OUTSB 0040F19B: 00A7036C7374 ADD [EDI+74736C03], AH 0040F1A1: 7263 JB 40F206 0040F1A3: 6D INSD 0040F1A4: 7000 JO 40F1A6 0040F1A6: 7103 JNO 40F1AB 0040F1A8: 56 PUSH ESI 0040F1A9: 69727475616C50 IMUL ESI, [EDX+74], 506C6175 0040F1B0: 726F JB 40F221 0040F1B2: 7465 JZ 40F219 0040F1B4: 6374006C ARPL ESI, [EAX+EAX+6C] 0040F1B8: 014765 ADD [EDI+65], EAX 0040F1BB: 744C JZ 40F209 0040F1BD: 6F OUTSD 0040F1BE: 63616C ARPL ESP, [ECX+6C] 0040F1C1: 6549 DEC ECX 0040F1C3: 6E OUTSB 0040F1C4: 666F OUTSW 0040F1C6: 41 INC ECX 0040F1C7: 00820044656C ADD [EDX+6C654400], AL 0040F1CD: 657465 JZ 40F235 0040F1D0: 46 INC ESI 0040F1D1: 696C654100B00147 IMUL EBP, [EBP+*2] 0040F1D9: 657453 JZ 40F22F 0040F1DC: 7472 JZ 40F250 0040F1DE: 696E6754797065 IMUL EBP, [ESI+67], 65707954 0040F1E5: 41 INC ECX 0040F1E6: 0035024C434D ADD [4D434C02], DH 0040F1EC: 61 POPAD 0040F1ED: 7053 JO 40F242 0040F1EF: 7472 JZ 40F263 0040F1F1: 696E6757006502 IMUL EBP, [ESI+67], 02650057 0040F1F8: 4D DEC EBP 0040F1F9: 756C JNZ 40F267 0040F1FB: 7469 JZ 40F266 0040F1FD: 42 INC EDX 0040F1FE: 7974 JNS 40F274 0040F200: 6554 PUSH ESP 0040F202: 6F OUTSD 0040F203: 57 PUSH EDI 0040F204: 6964654368617200 IMUL ESP, [EBP+*2] 0040F20C: 3402 XOR AL, 02 0040F20E: 4C DEC ESP 0040F20F: 43 INC EBX 0040F210: 4D DEC EBP 0040F211: 61 POPAD 0040F212: 7053 JO 40F267 0040F214: 7472 JZ 40F288 0040F216: 696E674100BE01 IMUL EBP, [ESI+67], 01BE0041 0040F21D: 47 INC EDI 0040F21E: 657453 JZ 40F274 0040F221: 7973 JNS 40F296 0040F223: 7465 JZ 40F28A 0040F225: 6D INSD 0040F226: 54 PUSH ESP 0040F227: 696D6541734669 IMUL EBP, [EBP+65], 69467341 0040F22E: 6C INSB 0040F22F: 6554 PUSH ESP 0040F231: 696D65003D0147 IMUL EBP, [EBP+65], 47013D00 0040F238: 657443 JZ 40F27E 0040F23B: 7572 JNZ 40F2AF 0040F23D: 7265 JB 40F2A4 0040F23F: 6E OUTSB 0040F240: 7450 JZ 40F292 0040F242: 726F JB 40F2B3 0040F244: 636573 ARPL ESP, [EBP+73] 0040F247: 7349 JNB 40F292 0040F249: 64003F ADD FS:[EDI], BH 0040F24C: 014765 ADD [EDI+65], EAX 0040F24F: 7443 JZ 40F294 0040F251: 7572 JNZ 40F2C5 0040F253: 7265 JB 40F2BA 0040F255: 6E OUTSB 0040F256: 7454 JZ 40F2AC 0040F258: 6872656164 PUSH 64616572 0040F25D: 49 DEC ECX 0040F25E: 64009202517565 ADD FS:[EDX+65755102], DL 0040F265: 7279 JB 40F2E0 0040F267: 50 PUSH EAX 0040F268: 657266 JB 40F2D1 0040F26B: 6F OUTSD 0040F26C: 726D JB 40F2DB 0040F26E: 61 POPAD 0040F26F: 6E OUTSB 0040F270: 636543 ARPL ESP, [EBP+43] 0040F273: 6F OUTSD 0040F274: 756E JNZ 40F2E4 0040F276: 7465 JZ 40F2DD 0040F278: 7200 JB 40F27A 0040F27A: 0F024865 LAR ECX, [EAX+65] 0040F27E: 61 POPAD 0040F27F: 7053 JO 40F2D4 0040F281: 697A6500730356 IMUL EDI, [EDX+65], 56037300 0040F288: 69727475616C51 IMUL ESI, [EDX+74], 516C6175 0040F28F: 7565 JNZ 40F2F6 0040F291: 7279 JB 40F30C 0040F293: 001B ADD [EBX], BL 0040F295: 02496E ADD CL, [ECX+6E] 0040F298: 7465 JZ 40F2FF 0040F29A: 726C JB 40F308 0040F29C: 6F OUTSD 0040F29D: 636B65 ARPL EBP, [EBX+65] 0040F2A0: 6445 INC EBP 0040F2A2: 7863 JS 40F307 0040F2A4: 68616E6765 PUSH 65676E61 0040F2A9: 00C5 ADD CH, AL 0040F2AB: 025274 ADD DL, [EDX+74] 0040F2AE: 6C INSB 0040F2AF: 55 PUSH EBP 0040F2B0: 6E OUTSB 0040F2B1: 7769 JNBE 40F31C 0040F2B3: 6E OUTSB 0040F2B4: 64000D02486561 ADD FS:[61654802], CL 0040F2BB: 7052 JO 40F30F 0040F2BD: 6541 INC ECX 0040F2BF: 6C INSB 0040F2C0: 6C INSB 0040F2C1: 6F OUTSD 0040F2C2: 6300 ARPL EAX, [EAX] 0040F2C4: 6B0356 IMUL EAX, [EBX], 56 0040F2C7: 69727475616C41 IMUL ESI, [EDX+74], 416C6175 0040F2CE: 6C INSB 0040F2CF: 6C INSB 0040F2D0: 6F OUTSD 0040F2D1: 6300 ARPL EAX, [EAX] 0040F2D3: 3A01 CMP AL, [ECX] 0040F2D5: 47 INC EDI 0040F2D6: 657443 JZ 40F31C 0040F2D9: 7572 JNZ 40F34D 0040F2DB: 7265 JB 40F342 0040F2DD: 6E OUTSB 0040F2DE: 7444 JZ 40F324 0040F2E0: 69726563746F72 IMUL ESI, [EDX+65], 726F7463 0040F2E7: 7941 JNS 40F32A 0040F2E9: 00AD01476574 ADD [EBP+74654701], CH 0040F2EF: 53 PUSH EBX 0040F2F0: 7461 JZ 40F353 0040F2F2: 7274 JB 40F368 0040F2F4: 7570 JNZ 40F366 0040F2F6: 49 DEC ECX 0040F2F7: 6E OUTSB 0040F2F8: 666F OUTSW 0040F2FA: 41 INC ECX 0040F2FB: 006300 ADD [EBX], AH 0040F2FE: 43 INC EBX 0040F2FF: 7265 JB 40F366 0040F301: 61 POPAD 0040F302: 7465 JZ 40F369 0040F304: 50 PUSH EAX 0040F305: 726F JB 40F376 0040F307: 636573 ARPL ESP, [EBP+73] 0040F30A: 7341 JNB 40F34D 0040F30C: 000E ADD [ESI], CL 0040F30E: 014765 ADD [EDI+65], EAX 0040F311: 7443 JZ 40F356 0040F313: 6F OUTSD 0040F314: 6D INSD 0040F315: 7075 JO 40F38C 0040F317: 7465 JZ 40F37E 0040F319: 724E JB 40F369 0040F31B: 61 POPAD 0040F31C: 6D INSD 0040F31D: 6541 INC ECX 0040F31F: 00DC ADD AH, BL 0040F321: 014765 ADD [EDI+65], EAX 0040F324: 7456 JZ 40F37C 0040F326: 657273 JB 40F39C 0040F329: 696F6E45784100 IMUL EBP, [EDI+6E], 00417845 0040F330: B301 MOV BL, 01 0040F332: 47 INC EDI 0040F333: 657453 JZ 40F389 0040F336: 7472 JZ 40F3AA 0040F338: 696E6754797065 IMUL EBP, [ESI+67], 65707954 0040F33F: 57 PUSH EDI 0040F340: 00AD036C7374 ADD [EBP+74736C03], CH 0040F346: 7263 JB 40F3AB 0040F348: 7079 JO 40F3C3 0040F34A: 0003 ADD [EBX], AL 0040F34C: 024865 ADD CL, [EAX+65] 0040F34F: 61 POPAD 0040F350: 7041 JO 40F393 0040F352: 6C INSB 0040F353: 6C INSB 0040F354: 6F OUTSD 0040F355: 6300 ARPL EAX, [EAX] 0040F357: FE00 INC BYTE PTR [EAX] 0040F359: 47 INC EDI 0040F35A: 657443 JZ 40F3A0 0040F35D: 50 PUSH EAX 0040F35E: 49 DEC ECX 0040F35F: 6E OUTSB 0040F360: 666F OUTSW 0040F362: 008B01476574 ADD [EBX+74654701], CL 0040F368: 4F DEC EDI 0040F369: 45 INC EBP 0040F36A: 4D DEC EBP 0040F36B: 43 INC EBX 0040F36C: 50 PUSH EAX 0040F36D: 00F7 ADD BH, DH 0040F36F: 004765 ADD [EDI+65], AL 0040F372: 7441 JZ 40F3B5 0040F374: 43 INC EBX 0040F375: 50 PUSH EAX 0040F376: 004202 ADD [EDX+02], AL 0040F379: 4C DEC ESP 0040F37A: 6F OUTSD 0040F37B: 61 POPAD 0040F37C: 644C DEC ESP 0040F37E: 69627261727941 IMUL ESP, [EDX+72], 41797261 0040F385: 00B901476574 ADD [ECX+74654701], BH 0040F38B: 53 PUSH EBX 0040F38C: 7973 JNS 40F401 0040F38E: 7465 JZ 40F3F5 0040F390: 6D INSD 0040F391: 49 DEC ECX 0040F392: 6E OUTSB 0040F393: 666F OUTSW 0040F395: 0009 ADD [ECX], CL 0040F397: 024865 ADD CL, [EAX+65] 0040F39A: 61 POPAD 0040F39B: 7046 JO 40F3E3 0040F39D: 7265 JB 40F404 0040F39F: 65006E03 ADD GS:[ESI+03], CH 0040F3A3: 56 PUSH ESI 0040F3A4: 69727475616C46 IMUL ESI, [EDX+74], 466C6175 0040F3AB: 7265 JB 40F412 0040F3AD: 65000502486561 ADD GS:[61654802], AL 0040F3B4: 7043 JO 40F3F9 0040F3B6: 7265 JB 40F41D 0040F3B8: 61 POPAD 0040F3B9: 7465 JZ 40F420 0040F3BB: 0007 ADD [EDI], AL 0040F3BD: 024865 ADD CL, [EAX+65] 0040F3C0: 61 POPAD 0040F3C1: 7044 JO 40F407 0040F3C3: 657374 JNB 40F43A 0040F3C6: 726F JB 40F437 0040F3C8: 7900 JNS 40F3CA 0040F3CA: 5F POP EDI 0040F3CB: 014765 ADD [EDI+65], EAX 0040F3CE: 7446 JZ 40F416 0040F3D0: 696C655479706500 IMUL EBP, [EBP+*2] 0040F3D8: 55 PUSH EBP 0040F3D9: 024C6F63 ADD CL, [EDI+EBP*2+63] 0040F3DD: 6B526573 IMUL EDX, [EDX+65], 73 0040F3E1: 6F OUTSD 0040F3E2: 7572 JNZ 40F456 0040F3E4: 636500 ARPL ESP, [EBP] 0040F3E7: 50 PUSH EAX 0040F3E8: 014765 ADD [EDI+65], EAX 0040F3EB: 7445 JZ 40F432 0040F3ED: 6E OUTSB 0040F3EE: 7669 JBE 40F459 0040F3F0: 726F JB 40F461 0040F3F2: 6E OUTSB 0040F3F3: 6D INSD 0040F3F4: 656E OUTSB 0040F3F6: 7453 JZ 40F44B 0040F3F8: 7472 JZ 40F46C 0040F3FA: 696E677357007F IMUL EBP, [ESI+67], 7F005773 0040F401: 035769 ADD EDX, [EDI+69] 0040F404: 646543 INC EBX 0040F407: 686172546F PUSH 6F547261 0040F40C: 4D DEC EBP 0040F40D: 756C JNZ 40F47B 0040F40F: 7469 JZ 40F47A 0040F411: 42 INC EDX 0040F412: 7974 JNS 40F488 0040F414: 6500F0 ADD AL, DH 0040F417: 004672 ADD [ESI+72], AL 0040F41A: 656545 INC EBP 0040F41D: 6E OUTSB 0040F41E: 7669 JBE 40F489 0040F420: 726F JB 40F491 0040F422: 6E OUTSB 0040F423: 6D INSD 0040F424: 656E OUTSB 0040F426: 7453 JZ 40F47B 0040F428: 7472 JZ 40F49C 0040F42A: 696E6773570098 IMUL EBP, [ESI+67], 98005773 0040F431: 014765 ADD [EDI+65], EAX 0040F434: 7450 JZ 40F486 0040F436: 726F JB 40F4A7 0040F438: 634164 ARPL EAX, [ECX+64] 0040F43B: 647265 JB 40F4A3 0040F43E: 7373 JNB 40F4B3 0040F440: 004703 ADD [EDI+03], AL 0040F443: 54 PUSH ESP 0040F444: 65726D JB 40F4B4 0040F447: 696E6174655072 IMUL EBP, [ESI+61], 72506574 0040F44E: 6F OUTSD 0040F44F: 636573 ARPL ESP, [EBP+73] 0040F452: 7300 JNB 40F454 0040F454: 3C01 CMP AL, 01 0040F456: 47 INC EDI 0040F457: 657443 JZ 40F49D 0040F45A: 7572 JNZ 40F4CE 0040F45C: 7265 JB 40F4C3 0040F45E: 6E OUTSB 0040F45F: 7450 JZ 40F4B1 0040F461: 726F JB 40F4D2 0040F463: 636573 ARPL ESP, [EBP+73] 0040F466: 7300 JNB 40F468 0040F468: 8C03 MOV [EBX], ES 0040F46A: 57 PUSH EDI 0040F46B: 7269 JB 40F4D6 0040F46D: 7465 JZ 40F4D4 0040F46F: 46 INC ESI 0040F470: 696C6500AF014765 IMUL EBP, [EBP+*2] 0040F478: 7453 JZ 40F4CD 0040F47A: 7464 JZ 40F4E0 0040F47C: 48 DEC EAX 0040F47D: 61 POPAD 0040F47E: 6E OUTSB 0040F47F: 646C INSB 0040F481: 65005803 ADD GS:[EAX+03], BL 0040F485: 55 PUSH EBP 0040F486: 6E OUTSB 0040F487: 68616E646C PUSH 6C646E61 0040F48C: 656445 INC EBP 0040F48F: 7863 JS 40F4F4 0040F491: 657074 JO 40F508 0040F494: 696F6E46696C74 IMUL EBP, [EDI+6E], 746C6946 0040F49B: 657200 JB 40F49E 0040F49E: EF OUT DX, EAX 0040F49F: 004672 ADD [ESI+72], AL 0040F4A2: 656545 INC EBP 0040F4A5: 6E OUTSB 0040F4A6: 7669 JBE 40F511 0040F4A8: 726F JB 40F519 0040F4AA: 6E OUTSB 0040F4AB: 6D INSD 0040F4AC: 656E OUTSB 0040F4AE: 7453 JZ 40F503 0040F4B0: 7472 JZ 40F524 0040F4B2: 696E677341004E IMUL EBP, [ESI+67], 4E004173 0040F4B9: 014765 ADD [EDI+65], EAX 0040F4BC: 7445 JZ 40F503 0040F4BE: 6E OUTSB 0040F4BF: 7669 JBE 40F52A 0040F4C1: 726F JB 40F532 0040F4C3: 6E OUTSB 0040F4C4: 6D INSD 0040F4C5: 656E OUTSB 0040F4C7: 7453 JZ 40F51C 0040F4C9: 7472 JZ 40F53D 0040F4CB: 696E6773005348 IMUL EBP, [ESI+67], 48530073 0040F4D2: 45 INC EBP 0040F4D3: 4C DEC ESP 0040F4D4: 4C DEC ESP 0040F4D5: 3332 XOR ESI, [EDX] 0040F4D7: 2E646C INSB 0040F4DA: 6C INSB 0040F4DB: 006701 ADD [EDI+01], AH 0040F4DE: 53 PUSH EBX 0040F4DF: 68656C6C45 PUSH 456C6C65 0040F4E4: 7865 JS 40F54B 0040F4E6: 637574 ARPL ESI, [EBP+74] 0040F4E9: 6541 INC ECX 0040F4EB: 005553 ADD [EBP+53], DL 0040F4EE: 45 INC EBP 0040F4EF: 52 PUSH EDX 0040F4F0: 3332 XOR ESI, [EDX] 0040F4F2: 2E646C INSB 0040F4F5: 6C INSB 0040F4F6: 0013 ADD [EBX], DL 0040F4F8: 014765 ADD [EDI+65], EAX 0040F4FB: 7444 JZ 40F541 0040F4FD: 6C INSB 0040F4FE: 6749 DEC ECX 0040F500: 7465 JZ 40F567 0040F502: 6D INSD 0040F503: 49 DEC ECX 0040F504: 6E OUTSB 0040F505: 7400 JZ 40F507 0040F507: 53 PUSH EBX 0040F508: 025365 ADD DL, [EBX+65] 0040F50B: 7444 JZ 40F551 0040F50D: 6C INSB 0040F50E: 6749 DEC ECX 0040F510: 7465 JZ 40F577 0040F512: 6D INSD 0040F513: 49 DEC ECX 0040F514: 6E OUTSB 0040F515: 7400 JZ 40F517 0040F517: DD01 FLD REAL8 PTR [ECX] 0040F519: 4D DEC EBP 0040F51A: 657373 JNB 40F590 0040F51D: 61 POPAD 0040F51E: 676542 INC EDX 0040F521: 6F OUTSD 0040F522: 7841 JS 40F565 0040F524: 009F00446961 ADD [EDI+61694400], BL 0040F52A: 6C INSB 0040F52B: 6F OUTSD 0040F52C: 6742 INC EDX 0040F52E: 6F OUTSD 0040F52F: 7850 JS 40F581 0040F531: 61 POPAD 0040F532: 7261 JB 40F595 0040F534: 6D INSD 0040F535: 41 INC ECX 0040F536: 0037 ADD [EDI], DH 0040F538: 025365 ADD DL, [EBX+65] 0040F53B: 6E OUTSB 0040F53C: 6444 INC ESP 0040F53E: 6C INSB 0040F53F: 6749 DEC ECX 0040F541: 7465 JZ 40F5A8 0040F543: 6D INSD 0040F544: 4D DEC EBP 0040F545: 657373 JNB 40F5BB 0040F548: 61 POPAD 0040F549: 676541 INC ECX 0040F54C: 00AC0149735769 ADD [ECX+EAX+69577349], CH 0040F553: 6E OUTSB 0040F554: 646F OUTSD 0040F556: 7700 JNBE 40F558 0040F558: 3C02 CMP AL, 02 0040F55A: 53 PUSH EBX 0040F55B: 656E OUTSB 0040F55D: 644D DEC EBP 0040F55F: 657373 JNB 40F5D5 0040F562: 61 POPAD 0040F563: 676541 INC ECX 0040F566: 0012 ADD [EDX], DL 0040F568: 014765 ADD [EDI+65], EAX 0040F56B: 7444 JZ 40F5B1 0040F56D: 6C INSB 0040F56E: 6749 DEC ECX 0040F570: 7465 JZ 40F5D7 0040F572: 6D INSD 0040F573: 003C00 ADD [EAX+EAX], BH 0040F576: 43 INC EBX 0040F577: 6865636B52 PUSH 526B6365 0040F57C: 61 POPAD 0040F57D: 64696F427574746F IMUL EBP, FS:[EDI+42], 6F747475 0040F585: 6E OUTSB 0040F586: 0039 ADD [ECX], BH 0040F588: 004368 ADD [EBX+68], AL 0040F58B: 65636B44 ARPL EBP, GS:[EBX+44] 0040F58F: 6C INSB 0040F590: 6742 INC EDX 0040F592: 7574 JNZ 40F608 0040F594: 746F JZ 40F605 0040F596: 6E OUTSB 0040F597: 00D9 ADD CL, BL 0040F599: 027773 ADD DH, [EDI+73] 0040F59C: 7072 JO 40F610 0040F59E: 696E7466410000 IMUL EBP, [ESI+74], 00004166 0040F5A5: 02506F ADD DL, [EAX+6F] 0040F5A8: 7374 JNB 40F61E 0040F5AA: 4D DEC EBP 0040F5AB: 657373 JNB 40F621 0040F5AE: 61 POPAD 0040F5AF: 676541 INC ECX 0040F5B2: 00540253 ADD [EDX+EAX+53], DL 0040F5B6: 657444 JZ 40F5FD 0040F5B9: 6C INSB 0040F5BA: 6749 DEC ECX 0040F5BC: 7465 JZ 40F623 0040F5BE: 6D INSD 0040F5BF: 54 PUSH ESP 0040F5C0: 657874 JS 40F637 0040F5C3: 41 INC ECX 0040F5C4: 00C7 ADD BH, AL 0040F5C6: 00456E ADD [EBP+6E], AL 0040F5C9: 6444 INC ESP 0040F5CB: 69616C6F6700A4 IMUL ESP, [ECX+6C], A400676F 0040F5D2: 014973 ADD [ECX+73], ECX 0040F5D5: 44 INC ESP 0040F5D6: 6C INSB 0040F5D7: 6742 INC EDX 0040F5D9: 7574 JNZ 40F64F 0040F5DB: 746F JZ 40F64C 0040F5DD: 6E OUTSB 0040F5DE: 43 INC EBX 0040F5DF: 6865636B65 PUSH 656B6365 0040F5E4: 6400BC014C6F6164 ADD FS:[ECX+EAX+64616F4C], BH 0040F5EC: 49 DEC ECX 0040F5ED: 636F6E ARPL EBP, [EDI+6E] 0040F5F0: 41 INC ECX 0040F5F1: 00C5 ADD CH, AL 0040F5F3: 00456E ADD [EBP+6E], AL 0040F5F6: 61 POPAD 0040F5F7: 626C6557 BOUND EBP, [EBP+*2] 0040F5FB: 696E646F770057 IMUL EBP, [ESI+64], 5700776F 0040F602: 53 PUSH EBX 0040F603: 325F33 XOR BL, [EDI+33] 0040F606: 322E XOR CH, [ESI] 0040F608: 646C INSB 0040F60A: 6C INSB 0040F60B: 001400 ADD [EAX+EAX], DL 0040F60E: 7365 JNB 40F675 0040F610: 6E OUTSB 0040F611: 64746F JZ 40F683 0040F614: 00740057 ADD [EAX+EAX+57], DH 0040F618: 53 PUSH EBX 0040F619: 41 INC ECX 0040F61A: 43 INC EBX 0040F61B: 6C INSB 0040F61C: 6561 POPAD 0040F61E: 6E OUTSB 0040F61F: 7570 JNZ 40F691 0040F621: 0003 ADD [EBX], AL 0040F623: 00636C ADD [EBX+6C], AH 0040F626: 6F OUTSD 0040F627: 7365 JNB 40F68E 0040F629: 736F JNB 40F69A 0040F62B: 636B65 ARPL EBP, [EBX+65] 0040F62E: 7400 JZ 40F630 0040F630: 0B00 OR EAX, [EAX] 0040F632: 696E65745F6164 IMUL EBP, [ESI+65], 64615F74 0040F639: 647200 JB 40F63C 0040F63C: 0C00 OR AL, 00 0040F63E: 696E65745F6E74 IMUL EBP, [ESI+65], 746E5F74 0040F645: 6F OUTSD 0040F646: 61 POPAD 0040F647: 0002 ADD [EDX], AL 0040F649: 006269 ADD [EDX+69], AH 0040F64C: 6E OUTSB 0040F64D: 640009 ADD FS:[ECX], CL 0040F650: 006874 ADD [EAX+74], CH 0040F653: 6F OUTSD 0040F654: 6E OUTSB 0040F655: 7300 JNB 40F657 0040F657: 65005753 ADD GS:[EDI+53], DL 0040F65B: 41 INC ECX 0040F65C: 41 INC ECX 0040F65D: 7379 JNB 40F6D8 0040F65F: 6E OUTSB 0040F660: 635365 ARPL EDX, [EBX+65] 0040F663: 6C INSB 0040F664: 6563740017 ARPL ESI, GS:[EAX+EAX+17] 0040F669: 00736F ADD [EBX+6F], DH 0040F66C: 636B65 ARPL EBP, [EBX+65] 0040F66F: 7400 JZ 40F671 0040F671: 7300 JNB 40F673 0040F673: 57 PUSH EDI 0040F674: 53 PUSH EBX 0040F675: 41 INC ECX 0040F676: 53 PUSH EBX 0040F677: 7461 JZ 40F6DA 0040F679: 7274 JB 40F6EF 0040F67B: 7570 JNZ 40F6ED 0040F67D: 0010 ADD [EAX], DL 0040F67F: 007265 ADD [EDX+65], DH 0040F682: 637600 ARPL ESI, [ESI] 0040F685: 3400 XOR AL, 00 0040F687: 67657468 JZ 40F6F3 0040F68B: 6F OUTSD 0040F68C: 7374 JNB 40F702 0040F68E: 62796E BOUND EDI, [ECX+6E] 0040F691: 61 POPAD 0040F692: 6D INSD 0040F693: 650000 ADD GS:[EAX], AL 0040F696: 0000 ADD [EAX], AL 首 字 节: 00403DD7: 6A60 PUSH 00000060 00403DD9: 6848854000 PUSH 00408548 00403DDE: E8810D0000 CALL 00404B64 00403DE3: BF94000000 MOV EDI, 00000094 00403DE8: 8BC7 MOV EAX, EDI 00403DEA: E8D10E0000 CALL 00404CC0 00403DEF: 8965E8 MOV [EBP-18], ESP 00403DF2: 8BF4 MOV ESI, ESP 00403DF4: 893E MOV [ESI], EDI 00403DF6: 56 PUSH ESI 00403DF7: FF15A0804000 CALL [004080A0] ; GetVersionExA 00403DFD: 8B4E10 MOV ECX, [ESI+10] 00403E00: 890DBCA34000 MOV [0040A3BC], ECX 00403E06: 8B4604 MOV EAX, [ESI+04] 00403E09: A3C8A34000 MOV [40A3C8], EAX 00403E0E: 8B5608 MOV EDX, [ESI+08] 00403E11: 8915CCA34000 MOV [0040A3CC], EDX 00403E17: 8B760C MOV ESI, [ESI+0C] 00403E1A: 81E6FF7F0000 AND ESI, 00007FFF 00403E20: 8935C0A34000 MOV [0040A3C0], ESI 00403E26: 83F902 CMP ECX, 00000002 00403E29: 740C JZ 403E37 00403E2B: 81CE00800000 OR ESI, 00008000 00403E31: 8935C0A34000 MOV [0040A3C0], ESI 00403E37: C1E008 SHL EAX, 08 00403E3A: 03C2 ADD EAX, EDX 00403E3C: A3C4A34000 MOV [40A3C4], EAX 00403E41: 33F6 XOR ESI, ESI 00403E43: 56 PUSH ESI 00403E44: 8B3D3C804000 MOV EDI, [0040803C] 00403E4A: FFD7 CALL EDI 00403E4C: 6681384D5A CMP WORD PTR [EAX], 5A4D 00403E51: 751F JNZ 403E72 00403E53: 8B483C MOV ECX, [EAX+3C] 00403E56: 03C8 ADD ECX, EAX 00403E58: 813950450000 CMP [ECX], 00004550 00403E5E: 7512 JNZ 403E72 00403E60: 0FB74118 MOVZX EAX, WORD PTR [ECX+18] 00403E64: 3D0B010000 CMP EAX, 0000010B 00403E69: 741F JZ 403E8A 00403E6B: 3D0B020000 CMP EAX, 0000020B 00403E70: 7405 JZ 403E77 00403E72: 8975E4 MOV [EBP-1C], ESI 00403E75: EB27 JMP 403E9E 00403E77: 83B9840000000E CMP [ECX+00000084], 0000000E 00403E7E: 76F2 JBE 403E72 00403E80: 33C0 XOR EAX, EAX 00403E82: 39B1F8000000 CMP [ECX+000000F8], ESI 00403E88: EB0E JMP 403E98 00403E8A: 8379740E CMP [ECX+74], 0000000E 00403E8E: 76E2 JBE 403E72 00403E90: 33C0 XOR EAX, EAX 00403E92: 39B1E8000000 CMP [ECX+000000E8], ESI 00403E98: 0F95C0 SETNZ AL 00403E9B: 8945E4 MOV [EBP-1C], EAX 00403E9E: 56 PUSH ESI 00403E9F: E86C0C0000 CALL 00404B10 00403EA4: 59 POP ECX 00403EA5: 85C0 TEST EAX, EAX 00403EA7: 7521 JNZ 403ECA 00403EA9: 833DACA3400001 CMP [0040A3AC], 00000001 00403EB0: 7505 JNZ 403EB7 00403EB2: E80E040000 CALL 004042C5 00403EB7: 6A1C PUSH 0000001C 00403EB9: E890020000 CALL 0040414E 00403EBE: 68FF000000 PUSH 000000FF 00403EC3: E8EB000000 CALL 00403FB3 00403EC8: 59 POP ECX 00403EC9: 59 POP ECX 00403ECA: E89F0B0000 CALL 00404A6E 00403ECF: 8975FC MOV [EBP-04], ESI 00403ED2: E8EC090000 CALL 004048C3 00403ED7: 85C0 TEST EAX, EAX 00403ED9: 7D08 JNL 403EE3 00403EDB: 6A1B PUSH 0000001B 00403EDD: E8D0FEFFFF CALL 00403DB2 00403EE2: 59 POP ECX 00403EE3: FF1540804000 CALL [00408040] ; GetCommandLineA 00403EE9: A334B54000 MOV [40B534], EAX 00403EEE: E8AE080000 CALL 004047A1 00403EF3: A3A4A34000 MOV [40A3A4], EAX 00403EF8: E802080000 CALL 004046FF 00403EFD: 85C0 TEST EAX, EAX 00403EFF: 7D08 JNL 403F09 00403F01: 6A08 PUSH 00000008 00403F03: E8AAFEFFFF CALL 00403DB2 00403F08: 59 POP ECX 00403F09: E8BE050000 CALL 004044CC 00403F0E: 85C0 TEST EAX, EAX 00403F10: 7D08 JNL 403F1A 00403F12: 6A09 PUSH 00000009 00403F14: E899FEFFFF CALL 00403DB2 00403F19: 59 POP ECX 00403F1A: 6A01 PUSH 00000001 00403F1C: E8C2000000 CALL 00403FE3 00403F21: 59 POP ECX 00403F22: 8945D8 MOV [EBP-28], EAX 00403F25: 3BC6 CMP EAX, ESI 00403F27: 7407 JZ 403F30 00403F29: 50 PUSH EAX 00403F2A: E883FEFFFF CALL 00403DB2 00403F2F: 59 POP ECX 00403F30: 8975BC MOV [EBP-44], ESI 00403F33: 8D4590 LEA EAX, [EBP-70] 00403F36: 50 PUSH EAX 00403F37: FF1594804000 CALL [00408094] ; GetStartupInfoA 00403F3D: E82D050000 CALL 0040446F 00403F42: 8945E0 MOV [EBP-20], EAX 00403F45: F645BC01 TEST BYTE PTR [EBP-44], 01 00403F49: 7406 JZ 403F51 00403F4B: 0FB745C0 MOVZX EAX, WORD PTR [EBP-40] 00403F4F: EB03 JMP 403F54 00403F51: 6A0A PUSH 0000000A 00403F53: 58 POP EAX 00403F54: 50 PUSH EAX 00403F55: FF75E0 PUSH [EBP-20] 00403F58: 56 PUSH ESI 00403F59: 56 PUSH ESI 00403F5A: FFD7 CALL EDI 00403F5C: 50 PUSH EAX 00403F5D: E89EF3FFFF CALL 00403300 00403F62: 8BF8 MOV EDI, EAX 00403F64: 897DD4 MOV [EBP-2C], EDI 00403F67: 3975E4 CMP [EBP-1C], ESI 00403F6A: 7506 JNZ 403F72 00403F6C: 57 PUSH EDI 00403F6D: E89C010000 CALL 0040410E 00403F72: E8B9010000 CALL 00404130 00403F77: EB2B JMP 403FA4 00403F79: 8B45EC MOV EAX, [EBP-14] 00403F7C: 8B08 MOV ECX, [EAX] 00403F7E: 8B09 MOV ECX, [ECX] 00403F80: 894DDC MOV [EBP-24], ECX 00403F83: 50 PUSH EAX 00403F84: 51 PUSH ECX 00403F85: E874030000 CALL 004042FE 00403F8A: 59 POP ECX 00403F8B: 59 POP ECX 00403F8C: C3 RET 00403F8D: 8B65E8 MOV ESP, [EBP-18] 00403F90: 8B7DDC MOV EDI, [EBP-24] 00403F93: 837DE400 CMP [EBP-1C], 00000000 00403F97: 7506 JNZ 403F9F 00403F99: 57 PUSH EDI 00403F9A: E880010000 CALL 0040411F 00403F9F: E89B010000 CALL 0040413F 00403FA4: 834DFCFF OR [EBP-04], FFFFFFFF 00403FA8: 8BC7 MOV EAX, EDI 00403FAA: 8D6584 LEA ESP, [EBP-7C] 00403FAD: E8ED0B0000 CALL 00404B9F 00403FB2: C3 RET 00403FB3: 6864854000 PUSH 00408564 -> mscoree.dll 00403FB8: FF153C804000 CALL [0040803C] ; GetModuleHandleA 00403FBE: 85C0 TEST EAX, EAX 00403FC0: 7416 JZ 403FD8 00403FC2: 6854854000 PUSH 00408554 -> CorExitProcess 00403FC7: 50 PUSH EAX 00403FC8: FF15E8804000 CALL [004080E8] ; GetProcAddress 00403FCE: 85C0 TEST EAX, EAX 00403FD0: 7406 JZ 403FD8 00403FD2: FF742404 PUSH [ESP+04] 00403FD6: FFD0 CALL EAX 00403FD8: FF742404 PUSH [ESP+04] 00403FDC: FF1538804000 CALL [00408038] ; ExitProcess 00403FE2: CC INT 3 00403FE3: A130B54000 MOV EAX, [40B530] 00403FE8: 85C0 TEST EAX, EAX 00403FEA: 7407 JZ 403FF3 00403FEC: FF742404 PUSH [ESP+04] 00403FF0: FFD0 CALL EAX 00403FF2: 59 POP ECX 00403FF3: 56 PUSH ESI 00403FF4: 57 PUSH EDI 00403FF5: B90CA04000 MOV ECX, 0040A00C 00403FFA: BF18A04000 MOV EDI, 0040A018 00403FFF: 33C0 XOR EAX, EAX 00404001: 3BCF CMP ECX, EDI 00404003: 8BF1 MOV ESI, ECX 00404005: 7317 JNB 40401E 00404007: 85C0 TEST EAX, EAX 00404009: 753F JNZ 40404A 0040400B: 8B0E MOV ECX, [ESI] 0040400D: 85C9 TEST ECX, ECX 0040400F: 7402 JZ 404013 00404011: FFD1 CALL ECX 00404013: 83C604 ADD ESI, 00000004 00404016: 3BF7 CMP ESI, EDI 00404018: 72ED JB 404007 0040401A: 85C0 TEST EAX, EAX 0040401C: 752C JNZ 40404A 0040401E: 68B24A4000 PUSH 00404AB2 00404023: E8570D0000 CALL 00404D7F 00404028: BE00A04000 MOV ESI, 0040A000 0040402D: 8BC6 MOV EAX, ESI 0040402F: BF08A04000 MOV EDI, 0040A008 00404034: 3BC7 CMP EAX, EDI 00404036: 59 POP ECX 00404037: 730F JNB 404048 00404039: 8B06 MOV EAX, [ESI] 0040403B: 85C0 TEST EAX, EAX 0040403D: 7402 JZ 404041 0040403F: FFD0 CALL EAX 00404041: 83C604 ADD ESI, 00000004 00404044: 3BF7 CMP ESI, EDI 00404046: 72F1 JB 404039 00404048: 33C0 XOR EAX, EAX 0040404A: 5F POP EDI 0040404B: 5E POP ESI 0040404C: C3 RET 0040404D: 55 PUSH EBP 0040404E: 8BEC MOV EBP, ESP 00404050: 56 PUSH ESI 00404051: 33F6 XOR ESI, ESI 00404053: 46 INC ESI 00404054: 3935FCA34000 CMP [0040A3FC], ESI 0040405A: 57 PUSH EDI 0040405B: 7510 JNZ 40406D 0040405D: FF7508 PUSH [EBP+08] 00404060: FF15F0804000 CALL [004080F0] ; GetCurrentProcess 00404066: 50 PUSH EAX 00404067: FF15EC804000 CALL [004080EC] ; TerminateProcess 0040406D: 837D0C00 CMP [EBP+0C], 00000000 00404071: 8A4510 MOV AL, [EBP+10] 00404074: 8935F8A34000 MOV [0040A3F8], ESI 0040407A: A2F4A34000 MOV [40A3F4], AL 0040407F: 7552 JNZ 4040D3 00404081: 8B0D28B54000 MOV ECX, [0040B528] 00404087: 85C9 TEST ECX, ECX 00404089: 7429 JZ 4040B4 0040408B: A124B54000 MOV EAX, [40B524] 00404090: 83E804 SUB EAX, 00000004 00404093: 3BC1 CMP EAX, ECX 00404095: EB16 JMP 4040AD 00404097: 8B00 MOV EAX, [EAX] 00404099: 85C0 TEST EAX, EAX 0040409B: 7402 JZ 40409F 0040409D: FFD0 CALL EAX 0040409F: A124B54000 MOV EAX, [40B524] 004040A4: 83E804 SUB EAX, 00000004 004040A7: 3B0528B54000 CMP EAX, [0040B528] 004040AD: A324B54000 MOV [40B524], EAX 004040B2: 73E3 JNB 404097 004040B4: B81CA04000 MOV EAX, 0040A01C 004040B9: BE20A04000 MOV ESI, 0040A020 004040BE: 3BC6 CMP EAX, ESI 004040C0: 8BF8 MOV EDI, EAX 004040C2: 730F JNB 4040D3 004040C4: 8B07 MOV EAX, [EDI] 004040C6: 85C0 TEST EAX, EAX 004040C8: 7402 JZ 4040CC 004040CA: FFD0 CALL EAX 004040CC: 83C704 ADD EDI, 00000004 004040CF: 3BFE CMP EDI, ESI 004040D1: 72F1 JB 4040C4 004040D3: B824A04000 MOV EAX, 0040A024 004040D8: BE28A04000 MOV ESI, 0040A028 004040DD: 3BC6 CMP EAX, ESI 004040DF: 8BF8 MOV EDI, EAX 004040E1: 730F JNB 4040F2 004040E3: 8B07 MOV EAX, [EDI] 004040E5: 85C0 TEST EAX, EAX 004040E7: 7402 JZ 4040EB 004040E9: FFD0 CALL EAX 004040EB: 83C704 ADD EDI, 00000004 004040EE: 3BFE CMP EDI, ESI 004040F0: 72F1 JB 4040E3 004040F2: 837D1000 CMP [EBP+10], 00000000 004040F6: 5F POP EDI 004040F7: 5E POP ESI 004040F8: 7512 JNZ 40410C 004040FA: FF7508 PUSH [EBP+08] 004040FD: C705FCA3400001000000 MOV [0040A3FC], 00000001 00404107: E8A7FEFFFF CALL 00403FB3 0040410C: 5D POP EBP 0040410D: C3 RET 0040410E: 6A00 PUSH 00000000 00404110: 6A00 PUSH 00000000 00404112: FF74240C PUSH [ESP+0C] 00404116: E832FFFFFF CALL 0040404D 0040411B: 83C40C ADD ESP, 0000000C 0040411E: C3 RET 0040411F: 6A00 PUSH 00000000 00404121: 6A01 PUSH 00000001 00404123: FF74240C PUSH [ESP+0C] 00404127: E821FFFFFF CALL 0040404D 0040412C: 83C40C ADD ESP, 0000000C 0040412F: C3 RET 00404130: 6A01 PUSH 00000001 00404132: 6A00 PUSH 00000000 00404134: 6A00 PUSH 00000000 00404136: E812FFFFFF CALL 0040404D 0040413B: 83C40C ADD ESP, 0000000C 0040413E: C3 RET 0040413F: 6A01 PUSH 00000001 00404141: 6A01 PUSH 00000001 00404143: 6A00 PUSH 00000000 00404145: E803FFFFFF CALL 0040404D 0040414A: 83C40C ADD ESP, 0000000C 0040414D: C3 RET 0040414E: 55 PUSH EBP 0040414F: 8DAC2474FFFFFF LEA EBP, [ESP-0000008C] 00404156: 81EC0C010000 SUB ESP, 0000010C 0040415C: A170A24000 MOV EAX, [40A270] 00404161: 8B8D94000000 MOV ECX, [EBP+00000094] 00404167: 53 PUSH EBX 00404168: 56 PUSH ESI 00404169: 898588000000 MOV [EBP+00000088], EAX 0040416F: 33D2 XOR EDX, EDX 00404171: 57 PUSH EDI 00404172: 33C0 XOR EAX, EAX 00404174: 3B0CC540A14000 CMP ECX, [EAX*8+0040A140] 0040417B: 7406 JZ 404183 0040417D: 40 INC EAX 0040417E: 83F813 CMP EAX, 00000013 00404181: 72F1 JB 404174 00404183: 8BF0 MOV ESI, EAX 00404185: C1E603 SHL ESI, 03 00404188: 3B8E40A14000 CMP ECX, [ESI+0040A140] 0040418E: 0F8515010000 JNZ 004042A9 00404194: A1ACA34000 MOV EAX, [40A3AC] 00404199: 83F801 CMP EAX, 00000001 0040419C: 0F84DF000000 JZ 00404281 004041A2: 3BC2 CMP EAX, EDX 004041A4: 750D JNZ 4041B3 004041A6: 833D3CA1400001 CMP [0040A13C], 00000001 004041AD: 0F84CE000000 JZ 00404281 004041B3: 81F9FC000000 CMP ECX, 000000FC 004041B9: 0F84EA000000 JZ 004042A9 004041BF: 6804010000 PUSH 00000104 004041C4: 8D4580 LEA EAX, [EBP-80] 004041C7: 50 PUSH EAX 004041C8: 52 PUSH EDX 004041C9: 889584000000 MOV [EBP+00000084], DL 004041CF: FF152C804000 CALL [0040802C] ; GetModuleFileNameA 004041D5: 85C0 TEST EAX, EAX 004041D7: 7510 JNZ 4041E9 004041D9: 8D4580 LEA EAX, [EBP-80] 004041DC: 6864894000 PUSH 00408964 -> <program name unknown> 004041E1: 50 PUSH EAX 004041E2: E8D90C0000 CALL 00404EC0 004041E7: 59 POP ECX 004041E8: 59 POP ECX 004041E9: 8D7D80 LEA EDI, [EBP-80] 004041EC: 8BC7 MOV EAX, EDI 004041EE: 50 PUSH EAX 004041EF: E8FC0E0000 CALL 004050F0 004041F4: 40 INC EAX 004041F5: 83F83C CMP EAX, 0000003C 004041F8: 59 POP ECX 004041F9: 7622 JBE 40421D 004041FB: 8BC7 MOV EAX, EDI 004041FD: 50 PUSH EAX 004041FE: E8ED0E0000 CALL 004050F0 00404203: 8BF8 MOV EDI, EAX 00404205: 8D4580 LEA EAX, [EBP-80] 00404208: 83E83B SUB EAX, 0000003B 0040420B: 6A03 PUSH 00000003 0040420D: 03F8 ADD EDI, EAX 0040420F: 6860894000 PUSH 00408960 00404214: 57 PUSH EDI 00404215: E8A60D0000 CALL 00404FC0 0040421A: 83C410 ADD ESP, 00000010 0040421D: 57 PUSH EDI 0040421E: E8CD0E0000 CALL 004050F0 00404223: FFB644A14000 PUSH [ESI+0040A144] 00404229: 8BD8 MOV EBX, EAX 0040422B: E8C00E0000 CALL 004050F0 00404230: 8D44031C LEA EAX, [EBX+EAX+1C] 00404234: 59 POP ECX 00404235: 83C003 ADD EAX, 00000003 00404238: 59 POP ECX 00404239: 83E0FC AND EAX, FFFFFFFC 0040423C: E87F0A0000 CALL 00404CC0 00404241: 8BDC MOV EBX, ESP 00404243: 6844894000 PUSH 00408944 -> Runtime Error!\n\nProgram: 00404248: 53 PUSH EBX 00404249: E8720C0000 CALL 00404EC0 0040424E: 57 PUSH EDI 0040424F: 53 PUSH EBX 00404250: E87B0C0000 CALL 00404ED0 00404255: 6840894000 PUSH 00408940 0040425A: 53 PUSH EBX 0040425B: E8700C0000 CALL 00404ED0 00404260: FFB644A14000 PUSH [ESI+0040A144] 00404266: 53 PUSH EBX 00404267: E8640C0000 CALL 00404ED0 0040426C: 6810200100 PUSH 00012010 00404271: 6818894000 PUSH 00408918 -> Microsoft Visual C++ Runtime Library 00404276: 53 PUSH EBX 00404277: E83D0B0000 CALL 00404DB9 0040427C: 83C42C ADD ESP, 0000002C 0040427F: EB28 JMP 4042A9 00404281: 52 PUSH EDX 00404282: 8D8594000000 LEA EAX, [EBP+00000094] 00404288: 50 PUSH EAX 00404289: 8DB644A14000 LEA ESI, [ESI+0040A144] 0040428F: FF36 PUSH [ESI] 00404291: E85A0E0000 CALL 004050F0 00404296: 59 POP ECX 00404297: 50 PUSH EAX 00404298: FF36 PUSH [ESI] 0040429A: 6AF4 PUSH FFFFFFF4 0040429C: FF15F8804000 CALL [004080F8] ; GetStdHandle 004042A2: 50 PUSH EAX 004042A3: FF15F4804000 CALL [004080F4] ; WriteFile 004042A9: 8DA574FFFFFF LEA ESP, [EBP-0000008C] 004042AF: 8B8D88000000 MOV ECX, [EBP+00000088] 004042B5: E8F20E0000 CALL 004051AC 004042BA: 5F POP EDI 004042BB: 5E POP ESI 004042BC: 5B POP EBX 004042BD: 81C58C000000 ADD EBP, 0000008C 004042C3: C9 LEAVE 004042C4: C3 RET 004042C5: A1ACA34000 MOV EAX, [40A3AC] 004042CA: 83F801 CMP EAX, 00000001 004042CD: 740D JZ 4042DC 004042CF: 85C0 TEST EAX, EAX 004042D1: 752A JNZ 4042FD 004042D3: 833D3CA1400001 CMP [0040A13C], 00000001 004042DA: 7521 JNZ 4042FD 004042DC: 68FC000000 PUSH 000000FC 004042E1: E868FEFFFF CALL 0040414E 004042E6: A100A44000 MOV EAX, [40A400] 004042EB: 85C0 TEST EAX, EAX 004042ED: 59 POP ECX 004042EE: 7402 JZ 4042F2 004042F0: FFD0 CALL EAX 004042F2: 68FF000000 PUSH 000000FF 004042F7: E852FEFFFF CALL 0040414E 004042FC: 59 POP ECX 004042FD: C3 RET 004042FE: 55 PUSH EBP 004042FF: 8BEC MOV EBP, ESP 00404301: 8B5508 MOV EDX, [EBP+08] 00404304: A158A24000 MOV EAX, [40A258] 00404309: 53 PUSH EBX 0040430A: B9D8A14000 MOV ECX, 0040A1D8 0040430F: 56 PUSH ESI 00404310: 3911 CMP [ECX], EDX 00404312: 7411 JZ 404325 00404314: 8D3440 LEA ESI, [EAX+EAX*2] 00404317: 83C10C ADD ECX, 0000000C 0040431A: 8D34B5D8A14000 LEA ESI, [ESI*4+0040A1D8] 00404321: 3BCE CMP ECX, ESI 00404323: 72EB JB 404310 00404325: 8D0440 LEA EAX, [EAX+EAX*2] 00404328: 8D0485D8A14000 LEA EAX, [EAX*4+0040A1D8] 0040432F: 3BC8 CMP ECX, EAX 00404331: 7304 JNB 404337 00404333: 3911 CMP [ECX], EDX 00404335: 7402 JZ 404339 00404337: 33C9 XOR ECX, ECX 00404339: 85C9 TEST ECX, ECX 0040433B: 0F8421010000 JZ 00404462 00404341: 8B5908 MOV EBX, [ECX+08] 00404344: 85DB TEST EBX, EBX 00404346: 0F8416010000 JZ 00404462 0040434C: 83FB05 CMP EBX, 00000005 0040434F: 750C JNZ 40435D 00404351: 83610800 AND [ECX+08], 00000000 00404355: 33C0 XOR EAX, EAX 00404357: 40 INC EAX 00404358: E90E010000 JMP 0040446B 0040435D: 83FB01 CMP EBX, 00000001 00404360: 0F84F7000000 JZ 0040445D 00404366: A104A44000 MOV EAX, [40A404] 0040436B: 894508 MOV [EBP+08], EAX 0040436E: 8B450C MOV EAX, [EBP+0C] 00404371: A304A44000 MOV [40A404], EAX 00404376: 8B4104 MOV EAX, [ECX+04] 00404379: 83F808 CMP EAX, 00000008 0040437C: 0F85CB000000 JNZ 0040444D 00404382: A150A24000 MOV EAX, [40A250] 00404387: 8B1554A24000 MOV EDX, [0040A254] 0040438D: 03D0 ADD EDX, EAX 0040438F: 3BC2 CMP EAX, EDX 00404391: 7D15 JNL 4043A8 00404393: 8D3440 LEA ESI, [EAX+EAX*2] 00404396: 8D34B5E0A14000 LEA ESI, [ESI*4+0040A1E0] 0040439D: 2BD0 SUB EDX, EAX 0040439F: 832600 AND [ESI], 00000000 004043A2: 83C60C ADD ESI, 0000000C 004043A5: 4A DEC EDX 004043A6: 75F7 JNZ 40439F 004043A8: 8B09 MOV ECX, [ECX] 004043AA: 81F98E0000C0 CMP ECX, C000008E 004043B0: 8B355CA24000 MOV ESI, [0040A25C] 004043B6: 750C JNZ 4043C4 004043B8: C7055CA2400083000000 MOV [0040A25C], 00000083 004043C2: EB76 JMP 40443A 004043C4: 81F9900000C0 CMP ECX, C0000090 004043CA: 750C JNZ 4043D8 004043CC: C7055CA2400081000000 MOV [0040A25C], 00000081 004043D6: EB62 JMP 40443A 004043D8: 81F9910000C0 CMP ECX, C0000091 004043DE: 750C JNZ 4043EC 004043E0: C7055CA2400084000000 MOV [0040A25C], 00000084 004043EA: EB4E JMP 40443A 004043EC: 81F9930000C0 CMP ECX, C0000093 004043F2: 750C JNZ 404400 004043F4: C7055CA2400085000000 MOV [0040A25C], 00000085 004043FE: EB3A JMP 40443A 00404400: 81F98D0000C0 CMP ECX, C000008D 00404406: 750C JNZ 404414 00404408: C7055CA2400082000000 MOV [0040A25C], 00000082 00404412: EB26 JMP 40443A 00404414: 81F98F0000C0 CMP ECX, C000008F 0040441A: 750C JNZ 404428 0040441C: C7055CA2400086000000 MOV [0040A25C], 00000086 00404426: EB12 JMP 40443A 00404428: 81F9920000C0 CMP ECX, C0000092 0040442E: 750A JNZ 40443A 00404430: C7055CA240008A000000 MOV [0040A25C], 0000008A 0040443A: FF355CA24000 PUSH [0040A25C] 00404440: 6A08 PUSH 00000008 00404442: FFD3 CALL EBX 00404444: 59 POP ECX 00404445: 89355CA24000 MOV [0040A25C], ESI 0040444B: EB07 JMP 404454 0040444D: 83610800 AND [ECX+08], 00000000 00404451: 50 PUSH EAX 00404452: FFD3 CALL EBX 00404454: 8B4508 MOV EAX, [EBP+08] 00404457: 59 POP ECX 00404458: A304A44000 MOV [40A404], EAX 0040445D: 83C8FF OR EAX, FFFFFFFF 00404460: EB09 JMP 40446B 00404462: FF750C PUSH [EBP+0C] 00404465: FF15FC804000 CALL [004080FC] ; UnhandledExceptionFilter 0040446B: 5E POP ESI 0040446C: 5B POP EBX 0040446D: 5D POP EBP 0040446E: C3 RET 0040446F: 56 PUSH ESI 00404470: 57 PUSH EDI 00404471: 33FF XOR EDI, EDI 00404473: 393D2CB54000 CMP [0040B52C], EDI 00404479: 7505 JNZ 404480 0040447B: E848110000 CALL 004055C8 00404480: 8B3534B54000 MOV ESI, [0040B534] 00404486: 85F6 TEST ESI, ESI 00404488: 7505 JNZ 40448F 0040448A: BE90814000 MOV ESI, 00408190 0040448F: 8A06 MOV AL, [ESI] 00404491: 3C20 CMP AL, 20 00404493: 7708 JNBE 40449D 00404495: 84C0 TEST AL, AL 00404497: 742E JZ 4044C7 00404499: 85FF TEST EDI, EDI 0040449B: 7424 JZ 4044C1 0040449D: 3C22 CMP AL, 22 0040449F: 7509 JNZ 4044AA 004044A1: 33C9 XOR ECX, ECX 004044A3: 85FF TEST EDI, EDI 004044A5: 0F94C1 SETZ CL 004044A8: 8BF9 MOV EDI, ECX 004044AA: 0FB6C0 MOVZX EAX, AL 004044AD: 50 PUSH EAX 004044AE: E83A0D0000 CALL 004051ED 004044B3: 85C0 TEST EAX, EAX 004044B5: 59 POP ECX 004044B6: 7401 JZ 4044B9 004044B8: 46 INC ESI 004044B9: 46 INC ESI 004044BA: EBD3 JMP 40448F 004044BC: 3C20 CMP AL, 20 004044BE: 7707 JNBE 4044C7 004044C0: 46 INC ESI 004044C1: 8A06 MOV AL, [ESI] 004044C3: 84C0 TEST AL, AL 004044C5: 75F5 JNZ 4044BC 004044C7: 5F POP EDI 004044C8: 8BC6 MOV EAX, ESI 004044CA: 5E POP ESI 004044CB: C3 RET 004044CC: 53 PUSH EBX 004044CD: 33DB XOR EBX, EBX 004044CF: 391D2CB54000 CMP [0040B52C], EBX 004044D5: 56 PUSH ESI 004044D6: 57 PUSH EDI 004044D7: 7505 JNZ 4044DE 004044D9: E8EA100000 CALL 004055C8 004044DE: 8B35A4A34000 MOV ESI, [0040A3A4] 004044E4: 33FF XOR EDI, EDI 004044E6: 3BF3 CMP ESI, EBX 004044E8: 7512 JNZ 4044FC 004044EA: EB30 JMP 40451C 004044EC: 3C3D CMP AL, 3D 004044EE: 7401 JZ 4044F1 004044F0: 47 INC EDI 004044F1: 56 PUSH ESI 004044F2: E8F90B0000 CALL 004050F0 004044F7: 59 POP ECX 004044F8: 8D740601 LEA ESI, [ESI+EAX+01] 004044FC: 8A06 MOV AL, [ESI] 004044FE: 3AC3 CMP AL, BL 00404500: 75EA JNZ 4044EC 00404502: 8D04BD04000000 LEA EAX, [EDI*4+00000004] 00404509: 50 PUSH EAX 0040450A: E881110000 CALL 00405690 0040450F: 8BF8 MOV EDI, EAX 00404511: 3BFB CMP EDI, EBX 00404513: 59 POP ECX 00404514: 893DDCA34000 MOV [0040A3DC], EDI 0040451A: 7505 JNZ 404521 0040451C: 83C8FF OR EAX, FFFFFFFF 0040451F: EB58 JMP 404579 00404521: 8B35A4A34000 MOV ESI, [0040A3A4] 00404527: 55 PUSH EBP 00404528: EB2A JMP 404554 0040452A: 56 PUSH ESI 0040452B: E8C00B0000 CALL 004050F0 00404530: 8BE8 MOV EBP, EAX 00404532: 45 INC EBP 00404533: 803E3D CMP BYTE PTR [ESI], 3D 00404536: 59 POP ECX 00404537: 7419 JZ 404552 00404539: 55 PUSH EBP 0040453A: E851110000 CALL 00405690 0040453F: 3BC3 CMP EAX, EBX 00404541: 59 POP ECX 00404542: 8907 MOV [EDI], EAX 00404544: 7437 JZ 40457D 00404546: 56 PUSH ESI 00404547: 50 PUSH EAX 00404548: E873090000 CALL 00404EC0 0040454D: 59 POP ECX 0040454E: 59 POP ECX 0040454F: 83C704 ADD EDI, 00000004 00404552: 03F5 ADD ESI, EBP 00404554: 381E CMP [ESI], BL 00404556: 75D2 JNZ 40452A 00404558: FF35A4A34000 PUSH [0040A3A4] 0040455E: E883100000 CALL 004055E6 00404563: 891DA4A34000 MOV [0040A3A4], EBX 00404569: 891F MOV [EDI], EBX 0040456B: C70520B5400001000000 MOV [0040B520], 00000001 00404575: 33C0 XOR EAX, EAX 00404577: 59 POP ECX 00404578: 5D POP EBP 00404579: 5F POP EDI 0040457A: 5E POP ESI 0040457B: 5B POP EBX 0040457C: C3 RET 0040457D: FF35DCA34000 PUSH [0040A3DC] 00404583: E85E100000 CALL 004055E6 00404588: 891DDCA34000 MOV [0040A3DC], EBX 0040458E: 83C8FF OR EAX, FFFFFFFF 00404591: EBE4 JMP 404577 00404593: 55 PUSH EBP 00404594: 8BEC MOV EBP, ESP 00404596: 51 PUSH ECX 00404597: 53 PUSH EBX 00404598: 8B5D0C MOV EBX, [EBP+0C] 0040459B: 33D2 XOR EDX, EDX 0040459D: 395508 CMP [EBP+08], EDX 004045A0: 57 PUSH EDI 004045A1: 8916 MOV [ESI], EDX 004045A3: 8BF9 MOV EDI, ECX 004045A5: C70301000000 MOV [EBX], 00000001 004045AB: 7409 JZ 4045B6 004045AD: 8B4D08 MOV ECX, [EBP+08] 004045B0: 83450804 ADD [EBP+08], 00000004 004045B4: 8939 MOV [ECX], EDI 004045B6: 803822 CMP BYTE PTR [EAX], 22 004045B9: 750E JNZ 4045C9 004045BB: 33C9 XOR ECX, ECX 004045BD: 85D2 TEST EDX, EDX 004045BF: 0F94C1 SETZ CL 004045C2: 40 INC EAX 004045C3: 8BD1 MOV EDX, ECX 004045C5: B122 MOV CL, 22 004045C7: EB2D JMP 4045F6 004045C9: FF06 INC [ESI] 004045CB: 85FF TEST EDI, EDI 004045CD: 7405 JZ 4045D4 004045CF: 8A08 MOV CL, [EAX] 004045D1: 880F MOV [EDI], CL 004045D3: 47 INC EDI 004045D4: 8A08 MOV CL, [EAX] 004045D6: 0FB6D9 MOVZX EBX, CL 004045D9: 40 INC EAX 004045DA: F683E1B1400004 TEST BYTE PTR [EBX+0040B1E1], 04 004045E1: 740C JZ 4045EF 004045E3: FF06 INC [ESI] 004045E5: 85FF TEST EDI, EDI 004045E7: 7405 JZ 4045EE 004045E9: 8A18 MOV BL, [EAX] 004045EB: 881F MOV [EDI], BL 004045ED: 47 INC EDI 004045EE: 40 INC EAX 004045EF: 84C9 TEST CL, CL 004045F1: 8B5D0C MOV EBX, [EBP+0C] 004045F4: 7432 JZ 404628 004045F6: 85D2 TEST EDX, EDX 004045F8: 75BC JNZ 4045B6 004045FA: 80F920 CMP CL, 20 004045FD: 7405 JZ 404604 004045FF: 80F909 CMP CL, 09 00404602: 75B2 JNZ 4045B6 00404604: 85FF TEST EDI, EDI 00404606: 7404 JZ 40460C 00404608: C647FF00 MOV BYTE PTR [EDI-01], 00 0040460C: 8365FC00 AND [EBP-04], 00000000 00404610: 803800 CMP BYTE PTR [EAX], 00 00404613: 0F84D6000000 JZ 004046EF 00404619: 8A08 MOV CL, [EAX] 0040461B: 80F920 CMP CL, 20 0040461E: 7405 JZ 404625 00404620: 80F909 CMP CL, 09 00404623: 7506 JNZ 40462B 00404625: 40 INC EAX 00404626: EBF1 JMP 404619 00404628: 48 DEC EAX 00404629: EBE1 JMP 40460C 0040462B: 803800 CMP BYTE PTR [EAX], 00 0040462E: 0F84BB000000 JZ 004046EF 00404634: 837D0800 CMP [EBP+08], 00000000 00404638: 7409 JZ 404643 0040463A: 8B4D08 MOV ECX, [EBP+08] 0040463D: 83450804 ADD [EBP+08], 00000004 00404641: 8939 MOV [ECX], EDI 00404643: FF03 INC [EBX] 00404645: 33DB XOR EBX, EBX 00404647: 43 INC EBX 00404648: 33D2 XOR EDX, EDX 0040464A: EB02 JMP 40464E 0040464C: 40 INC EAX 0040464D: 42 INC EDX 0040464E: 80385C CMP BYTE PTR [EAX], 5C 00404651: 74F9 JZ 40464C 00404653: 803822 CMP BYTE PTR [EAX], 22 00404656: 7526 JNZ 40467E 00404658: F6C201 TEST DL, 01 0040465B: 751F JNZ 40467C 0040465D: 837DFC00 CMP [EBP-04], 00000000 00404661: 740C JZ 40466F 00404663: 8D4801 LEA ECX, [EAX+01] 00404666: 803922 CMP BYTE PTR [ECX], 22 00404669: 7504 JNZ 40466F 0040466B: 8BC1 MOV EAX, ECX 0040466D: EB02 JMP 404671 0040466F: 33DB XOR EBX, EBX 00404671: 33C9 XOR ECX, ECX 00404673: 394DFC CMP [EBP-04], ECX 00404676: 0F94C1 SETZ CL 00404679: 894DFC MOV [EBP-04], ECX 0040467C: D1EA SHR EDX, 01 0040467E: 85D2 TEST EDX, EDX 00404680: 740D JZ 40468F 00404682: 85FF TEST EDI, EDI 00404684: 7404 JZ 40468A 00404686: C6075C MOV BYTE PTR [EDI], 5C 00404689: 47 INC EDI 0040468A: FF06 INC [ESI] 0040468C: 4A DEC EDX 0040468D: 75F3 JNZ 404682 0040468F: 8A08 MOV CL, [EAX] 00404691: 84C9 TEST CL, CL 00404693: 7448 JZ 4046DD 00404695: 837DFC00 CMP [EBP-04], 00000000 00404699: 750A JNZ 4046A5 0040469B: 80F920 CMP CL, 20 0040469E: 743D JZ 4046DD 004046A0: 80F909 CMP CL, 09 004046A3: 7438 JZ 4046DD 004046A5: 85DB TEST EBX, EBX 004046A7: 742E JZ 4046D7 004046A9: 85FF TEST EDI, EDI 004046AB: 7419 JZ 4046C6 004046AD: 0FB6D1 MOVZX EDX, CL 004046B0: F682E1B1400004 TEST BYTE PTR [EDX+0040B1E1], 04 004046B7: 7406 JZ 4046BF 004046B9: 880F MOV [EDI], CL 004046BB: 47 INC EDI 004046BC: 40 INC EAX 004046BD: FF06 INC [ESI] 004046BF: 8A08 MOV CL, [EAX] 004046C1: 880F MOV [EDI], CL 004046C3: 47 INC EDI 004046C4: EB0F JMP 4046D5 004046C6: 0FB6C9 MOVZX ECX, CL 004046C9: F681E1B1400004 TEST BYTE PTR [ECX+0040B1E1], 04 004046D0: 7403 JZ 4046D5 004046D2: 40 INC EAX 004046D3: FF06 INC [ESI] 004046D5: FF06 INC [ESI] 004046D7: 40 INC EAX 004046D8: E968FFFFFF JMP 00404645 004046DD: 85FF TEST EDI, EDI 004046DF: 7404 JZ 4046E5 004046E1: C60700 MOV BYTE PTR [EDI], 00 004046E4: 47 INC EDI 004046E5: FF06 INC [ESI] 004046E7: 8B5D0C MOV EBX, [EBP+0C] 004046EA: E921FFFFFF JMP 00404610 004046EF: 8B4508 MOV EAX, [EBP+08] 004046F2: 85C0 TEST EAX, EAX 004046F4: 7403 JZ 4046F9 004046F6: 832000 AND [EAX], 00000000 004046F9: FF03 INC [EBX] 004046FB: 5F POP EDI 004046FC: 5B POP EBX 004046FD: C9 LEAVE 004046FE: C3 RET 004046FF: 55 PUSH EBP 00404700: 8BEC MOV EBP, ESP 00404702: 51 PUSH ECX 00404703: 51 PUSH ECX 00404704: 53 PUSH EBX 00404705: 56 PUSH ESI 00404706: 57 PUSH EDI 00404707: 33FF XOR EDI, EDI 00404709: 393D2CB54000 CMP [0040B52C], EDI 0040470F: 7505 JNZ 404716 00404711: E8B20E0000 CALL 004055C8 00404716: 6804010000 PUSH 00000104 0040471B: BE08A44000 MOV ESI, 0040A408 00404720: 56 PUSH ESI 00404721: 57 PUSH EDI 00404722: C6050CA5400000 MOV BYTE PTR [0040A50C], 00 00404729: FF152C804000 CALL [0040802C] ; GetModuleFileNameA 0040472F: A134B54000 MOV EAX, [40B534] 00404734: 3BC7 CMP EAX, EDI 00404736: 8935ECA34000 MOV [0040A3EC], ESI 0040473C: 7407 JZ 404745 0040473E: 803800 CMP BYTE PTR [EAX], 00 00404741: 8BD8 MOV EBX, EAX 00404743: 7502 JNZ 404747 00404745: 8BDE MOV EBX, ESI 00404747: 8D45FC LEA EAX, [EBP-04] 0040474A: 50 PUSH EAX 0040474B: 57 PUSH EDI 0040474C: 8D75F8 LEA ESI, [EBP-08] 0040474F: 33C9 XOR ECX, ECX 00404751: 8BC3 MOV EAX, EBX 00404753: E83BFEFFFF CALL 00404593 00404758: 8B75FC MOV ESI, [EBP-04] 0040475B: 8B45F8 MOV EAX, [EBP-08] 0040475E: C1E602 SHL ESI, 02 00404761: 03C6 ADD EAX, ESI 00404763: 50 PUSH EAX 00404764: E8270F0000 CALL 00405690 00404769: 8BF8 MOV EDI, EAX 0040476B: 83C40C ADD ESP, 0000000C 0040476E: 85FF TEST EDI, EDI 00404770: 7505 JNZ 404777 00404772: 83C8FF OR EAX, FFFFFFFF 00404775: EB25 JMP 40479C 00404777: 8D45FC LEA EAX, [EBP-04] 0040477A: 50 PUSH EAX 0040477B: 8D0C3E LEA ECX, [ESI+EDI] 0040477E: 57 PUSH EDI 0040477F: 8D75F8 LEA ESI, [EBP-08] 00404782: 8BC3 MOV EAX, EBX 00404784: E80AFEFFFF CALL 00404593 00404789: 8B45FC MOV EAX, [EBP-04] 0040478C: 48 DEC EAX 0040478D: 59 POP ECX 0040478E: A3D0A34000 MOV [40A3D0], EAX 00404793: 59 POP ECX 00404794: 893DD4A34000 MOV [0040A3D4], EDI 0040479A: 33C0 XOR EAX, EAX 0040479C: 5F POP EDI 0040479D: 5E POP ESI 0040479E: 5B POP EBX 0040479F: C9 LEAVE 004047A0: C3 RET 004047A1: 51 PUSH ECX 004047A2: 51 PUSH ECX 004047A3: A110A54000 MOV EAX, [40A510] 004047A8: 53 PUSH EBX 004047A9: 55 PUSH EBP 004047AA: 56 PUSH ESI 004047AB: 57 PUSH EDI 004047AC: 8B3DDC804000 MOV EDI, [004080DC] 004047B2: 33DB XOR EBX, EBX 004047B4: 33F6 XOR ESI, ESI 004047B6: 3BC3 CMP EAX, EBX 004047B8: 6A02 PUSH 00000002 004047BA: 5D POP EBP 004047BB: 752D JNZ 4047EA 004047BD: FFD7 CALL EDI 004047BF: 8BF0 MOV ESI, EAX 004047C1: 3BF3 CMP ESI, EBX 004047C3: 740C JZ 4047D1 004047C5: C70510A5400001000000 MOV [0040A510], 00000001 004047CF: EB1E JMP 4047EF 004047D1: FF1530804000 CALL [00408030] ; GetLastError 004047D7: 83F878 CMP EAX, 00000078 004047DA: 7509 JNZ 4047E5 004047DC: 8BC5 MOV EAX, EBP 004047DE: A310A54000 MOV [40A510], EAX 004047E3: EB05 JMP 4047EA 004047E5: A110A54000 MOV EAX, [40A510] 004047EA: 83F801 CMP EAX, 00000001 004047ED: 757D JNZ 40486C 004047EF: 3BF3 CMP ESI, EBX 004047F1: 7508 JNZ 4047FB 004047F3: FFD7 CALL EDI 004047F5: 8BF0 MOV ESI, EAX 004047F7: 3BF3 CMP ESI, EBX 004047F9: 7479 JZ 404874 004047FB: 66391E CMP [ESI], BX 004047FE: 8BC6 MOV EAX, ESI 00404800: 740E JZ 404810 00404802: 03C5 ADD EAX, EBP 00404804: 663918 CMP [EAX], BX 00404807: 75F9 JNZ 404802 00404809: 03C5 ADD EAX, EBP 0040480B: 663918 CMP [EAX], BX 0040480E: 75F2 JNZ 404802 00404810: 8B3DE0804000 MOV EDI, [004080E0] 00404816: 53 PUSH EBX 00404817: 53 PUSH EBX 00404818: 53 PUSH EBX 00404819: 2BC6 SUB EAX, ESI 0040481B: 53 PUSH EBX 0040481C: D1F8 SAR EAX, 01 0040481E: 40 INC EAX 0040481F: 50 PUSH EAX 00404820: 56 PUSH ESI 00404821: 53 PUSH EBX 00404822: 53 PUSH EBX 00404823: 89442434 MOV [ESP+34], EAX 00404827: FFD7 CALL EDI 00404829: 8BE8 MOV EBP, EAX 0040482B: 3BEB CMP EBP, EBX 0040482D: 7432 JZ 404861 0040482F: 55 PUSH EBP 00404830: E85B0E0000 CALL 00405690 00404835: 3BC3 CMP EAX, EBX 00404837: 59 POP ECX 00404838: 89442410 MOV [ESP+10], EAX 0040483C: 7423 JZ 404861 0040483E: 53 PUSH EBX 0040483F: 53 PUSH EBX 00404840: 55 PUSH EBP 00404841: 50 PUSH EAX 00404842: FF742424 PUSH [ESP+24] 00404846: 56 PUSH ESI 00404847: 53 PUSH EBX 00404848: 53 PUSH EBX 00404849: FFD7 CALL EDI 0040484B: 85C0 TEST EAX, EAX 0040484D: 750E JNZ 40485D 0040484F: FF742410 PUSH [ESP+10] 00404853: E88E0D0000 CALL 004055E6 00404858: 59 POP ECX 00404859: 895C2410 MOV [ESP+10], EBX 0040485D: 8B5C2410 MOV EBX, [ESP+10] 00404861: 56 PUSH ESI 00404862: FF15E4804000 CALL [004080E4] ; FreeEnvironmentStringsW 00404868: 8BC3 MOV EAX, EBX 0040486A: EB50 JMP 4048BC 0040486C: 3BC5 CMP EAX, EBP 0040486E: 7408 JZ 404878 00404870: 3BC3 CMP EAX, EBX 00404872: 7404 JZ 404878 00404874: 33C0 XOR EAX, EAX 00404876: EB44 JMP 4048BC 00404878: FF1504814000 CALL [00408104] ; GetEnvironmentStrings 0040487E: 8BF0 MOV ESI, EAX 00404880: 3BF3 CMP ESI, EBX 00404882: 74F0 JZ 404874 00404884: 381E CMP [ESI], BL 00404886: 740A JZ 404892 00404888: 40 INC EAX 00404889: 3818 CMP [EAX], BL 0040488B: 75FB JNZ 404888 0040488D: 40 INC EAX 0040488E: 3818 CMP [EAX], BL 00404890: 75F6 JNZ 404888 00404892: 2BC6 SUB EAX, ESI 00404894: 40 INC EAX 00404895: 8BE8 MOV EBP, EAX 00404897: 55 PUSH EBP 00404898: E8F30D0000 CALL 00405690 0040489D: 8BF8 MOV EDI, EAX 0040489F: 3BFB CMP EDI, EBX 004048A1: 59 POP ECX 004048A2: 7504 JNZ 4048A8 004048A4: 33FF XOR EDI, EDI 004048A6: EB0B JMP 4048B3 004048A8: 55 PUSH EBP 004048A9: 56 PUSH ESI 004048AA: 57 PUSH EDI 004048AB: E8000E0000 CALL 004056B0 004048B0: 83C40C ADD ESP, 0000000C 004048B3: 56 PUSH ESI 004048B4: FF1500814000 CALL [00408100] ; FreeEnvironmentStringsA 004048BA: 8BC7 MOV EAX, EDI 004048BC: 5F POP EDI 004048BD: 5E POP ESI 004048BE: 5D POP EBP 004048BF: 5B POP EBX 004048C0: 59 POP ECX 004048C1: 59 POP ECX 004048C2: C3 RET 004048C3: 83EC44 SUB ESP, 00000044 004048C6: 6800010000 PUSH 00000100 004048CB: E8C00D0000 CALL 00405690 004048D0: 85C0 TEST EAX, EAX 004048D2: 59 POP ECX 004048D3: 7508 JNZ 4048DD 004048D5: 83C8FF OR EAX, FFFFFFFF 004048D8: E98D010000 JMP 00404A6A 004048DD: A320B44000 MOV [40B420], EAX 004048E2: C70508B4400020000000 MOV [0040B408], 00000020 004048EC: 8D8800010000 LEA ECX, [EAX+00000100] 004048F2: EB1A JMP 40490E 004048F4: 8308FF OR [EAX], FFFFFFFF 004048F7: C6400400 MOV BYTE PTR [EAX+04], 00 004048FB: C640050A MOV BYTE PTR [EAX+05], 0A 004048FF: 8B0D20B44000 MOV ECX, [0040B420] 00404905: 83C008 ADD EAX, 00000008 00404908: 81C100010000 ADD ECX, 00000100 0040490E: 3BC1 CMP EAX, ECX 00404910: 72E2 JB 4048F4 00404912: 53 PUSH EBX 00404913: 56 PUSH ESI 00404914: 57 PUSH EDI 00404915: 8D44240C LEA EAX, [ESP+0C] 00404919: 50 PUSH EAX 0040491A: FF1594804000 CALL [00408094] ; GetStartupInfoA 00404920: 66837C243E00 CMP WORD PTR [ESP+3E], 0000 00404926: 0F84C7000000 JZ 004049F3 0040492C: 8B442440 MOV EAX, [ESP+40] 00404930: 85C0 TEST EAX, EAX 00404932: 0F84BB000000 JZ 004049F3 00404938: 8B30 MOV ESI, [EAX] 0040493A: 55 PUSH EBP 0040493B: 8D6804 LEA EBP, [EAX+04] 0040493E: B800080000 MOV EAX, 00000800 00404943: 3BF0 CMP ESI, EAX 00404945: 8D1C2E LEA EBX, [ESI+EBP] 00404948: 7C02 JL 40494C 0040494A: 8BF0 MOV ESI, EAX 0040494C: 393508B44000 CMP [0040B408], ESI 00404952: 7D52 JNL 4049A6 00404954: BF24B44000 MOV EDI, 0040B424 00404959: 6800010000 PUSH 00000100 0040495E: E82D0D0000 CALL 00405690 00404963: 85C0 TEST EAX, EAX 00404965: 59 POP ECX 00404966: 7438 JZ 4049A0 00404968: 830508B4400020 ADD [0040B408], 00000020 0040496F: 8907 MOV [EDI], EAX 00404971: 8D8800010000 LEA ECX, [EAX+00000100] 00404977: EB16 JMP 40498F 00404979: 8308FF OR [EAX], FFFFFFFF 0040497C: C6400400 MOV BYTE PTR [EAX+04], 00 00404980: C640050A MOV BYTE PTR [EAX+05], 0A 00404984: 8B0F MOV ECX, [EDI] 00404986: 83C008 ADD EAX, 00000008 00404989: 81C100010000 ADD ECX, 00000100 0040498F: 3BC1 CMP EAX, ECX 00404991: 72E6 JB 404979 00404993: 83C704 ADD EDI, 00000004 00404996: 393508B44000 CMP [0040B408], ESI 0040499C: 7CBB JL 404959 0040499E: EB06 JMP 4049A6 004049A0: 8B3508B44000 MOV ESI, [0040B408] 004049A6: 33FF XOR EDI, EDI 004049A8: 85F6 TEST ESI, ESI 004049AA: 7E46 JLE 4049F2 004049AC: 8B03 MOV EAX, [EBX] 004049AE: 83F8FF CMP EAX, FFFFFFFF 004049B1: 7436 JZ 4049E9 004049B3: 8A4D00 MOV CL, [EBP] 004049B6: F6C101 TEST CL, 01 004049B9: 742E JZ 4049E9 004049BB: F6C108 TEST CL, 08 004049BE: 750B JNZ 4049CB 004049C0: 50 PUSH EAX 004049C1: FF15D4804000 CALL [004080D4] ; GetFileType 004049C7: 85C0 TEST EAX, EAX 004049C9: 741E JZ 4049E9 004049CB: 8BC7 MOV EAX, EDI 004049CD: C1F805 SAR EAX, 05 004049D0: 8B048520B44000 MOV EAX, [EAX*4+0040B420] 004049D7: 8BCF MOV ECX, EDI 004049D9: 83E11F AND ECX, 0000001F 004049DC: 8D04C8 LEA EAX, [EAX+ECX*8] 004049DF: 8B0B MOV ECX, [EBX] 004049E1: 8908 MOV [EAX], ECX 004049E3: 8A4D00 MOV CL, [EBP] 004049E6: 884804 MOV [EAX+04], CL 004049E9: 47 INC EDI 004049EA: 45 INC EBP 004049EB: 83C304 ADD EBX, 00000004 004049EE: 3BFE CMP EDI, ESI 004049F0: 7CBA JL 4049AC 004049F2: 5D POP EBP 004049F3: 33DB XOR EBX, EBX 004049F5: A120B44000 MOV EAX, [40B420] 004049FA: 8D34D8 LEA ESI, [EAX+EBX*8] 004049FD: 833EFF CMP [ESI], FFFFFFFF 00404A00: 754D JNZ 404A4F 00404A02: 85DB TEST EBX, EBX 00404A04: C6460481 MOV BYTE PTR [ESI+04], 81 00404A08: 7505 JNZ 404A0F 00404A0A: 6AF6 PUSH FFFFFFF6 00404A0C: 58 POP EAX 00404A0D: EB0A JMP 404A19 00404A0F: 8BC3 MOV EAX, EBX 00404A11: 48 DEC EAX 00404A12: F7D8 NEG EAX 00404A14: 1BC0 SBB EAX, EAX 00404A16: 83C0F5 ADD EAX, FFFFFFF5 00404A19: 50 PUSH EAX 00404A1A: FF15F8804000 CALL [004080F8] ; GetStdHandle 00404A20: 8BF8 MOV EDI, EAX 00404A22: 83FFFF CMP EDI, FFFFFFFF 00404A25: 7417 JZ 404A3E 00404A27: 57 PUSH EDI 00404A28: FF15D4804000 CALL [004080D4] ; GetFileType 00404A2E: 85C0 TEST EAX, EAX 00404A30: 740C JZ 404A3E 00404A32: 25FF000000 AND EAX, 000000FF 00404A37: 83F802 CMP EAX, 00000002 00404A3A: 893E MOV [ESI], EDI 00404A3C: 7506 JNZ 404A44 00404A3E: 804E0440 OR BYTE PTR [ESI+04], 40 00404A42: EB0F JMP 404A53 00404A44: 83F803 CMP EAX, 00000003 00404A47: 750A JNZ 404A53 00404A49: 804E0408 OR BYTE PTR [ESI+04], 08 00404A4D: EB04 JMP 404A53 00404A4F: 804E0480 OR BYTE PTR [ESI+04], FFFFFF80 00404A53: 43 INC EBX 00404A54: 83FB03 CMP EBX, 00000003 00404A57: 7C9C JL 4049F5 00404A59: FF3508B44000 PUSH [0040B408] 00404A5F: FF15D8804000 CALL [004080D8] ; LockResource 00404A65: 5F POP EDI 00404A66: 5E POP ESI 00404A67: 33C0 XOR EAX, EAX 00404A69: 5B POP EBX 00404A6A: 83C444 ADD ESP, 00000044 00404A6D: C3 RET 00404A6E: 6A0C PUSH 0000000C 00404A70: 6880894000 PUSH 00408980 00404A75: E8EA000000 CALL 00404B64 00404A7A: C745E47C914000 MOV [EBP-1C], 0040917C 00404A81: 817DE47C914000 CMP [EBP-1C], 0040917C 00404A88: 7322 JNB 404AAC 00404A8A: 8365FC00 AND [EBP-04], 00000000 00404A8E: 8B45E4 MOV EAX, [EBP-1C] 00404A91: 8B00 MOV EAX, [EAX] 00404A93: 85C0 TEST EAX, EAX 00404A95: 740B JZ 404AA2 00404A97: FFD0 CALL EAX 00404A99: EB07 JMP 404AA2 00404A9B: 33C0 XOR EAX, EAX 00404A9D: 40 INC EAX 00404A9E: C3 RET 00404A9F: 8B65E8 MOV ESP, [EBP-18] 00404AA2: 834DFCFF OR [EBP-04], FFFFFFFF 00404AA6: 8345E404 ADD [EBP-1C], 00000004 00404AAA: EBD5 JMP 404A81 00404AAC: E8EE000000 CALL 00404B9F 00404AB1: C3 RET 00404AB2: 6A0C PUSH 0000000C 00404AB4: 6890894000 PUSH 00408990 00404AB9: E8A6000000 CALL 00404B64 00404ABE: C745E484914000 MOV [EBP-1C], 00409184 00404AC5: 817DE484914000 CMP [EBP-1C], 00409184 00404ACC: 7322 JNB 404AF0 00404ACE: 8365FC00 AND [EBP-04], 00000000 00404AD2: 8B45E4 MOV EAX, [EBP-1C] 00404AD5: 8B00 MOV EAX, [EAX] 00404AD7: 85C0 TEST EAX, EAX 00404AD9: 740B JZ 404AE6 00404ADB: FFD0 CALL EAX 00404ADD: EB07 JMP 404AE6 00404ADF: 33C0 XOR EAX, EAX 00404AE1: 40 INC EAX 00404AE2: C3 RET 00404AE3: 8B65E8 MOV ESP, [EBP-18] 00404AE6: 834DFCFF OR [EBP-04], FFFFFFFF 00404AEA: 8345E404 ADD [EBP-1C], 00000004 00404AEE: EBD5 JMP 404AC5 00404AF0: E8AA000000 CALL 00404B9F 00404AF5: C3 RET 00404AF6: 833DBCA3400002 CMP [0040A3BC], 00000002 00404AFD: 750D JNZ 404B0C 00404AFF: 833DC8A3400005 CMP [0040A3C8], 00000005 00404B06: 7204 JB 404B0C 00404B08: 33C0 XOR EAX, EAX 00404B0A: 40 INC EAX 00404B0B: C3 RET 00404B0C: 6A03 PUSH 00000003 00404B0E: 58 POP EAX 00404B0F: C3 RET 00404B10: 33C0 XOR EAX, EAX 00404B12: 39442404 CMP [ESP+04], EAX 00404B16: 6A00 PUSH 00000000 00404B18: 0F94C0 SETZ AL 00404B1B: 6800100000 PUSH 00001000 00404B20: 50 PUSH EAX 00404B21: FF15CC804000 CALL [004080CC] ; HeapCreate 00404B27: 85C0 TEST EAX, EAX 00404B29: A300B44000 MOV [40B400], EAX 00404B2E: 742A JZ 404B5A 00404B30: E8C1FFFFFF CALL 00404AF6 00404B35: 83F803 CMP EAX, 00000003 00404B38: A304B44000 MOV [40B404], EAX 00404B3D: 751E JNZ 404B5D 00404B3F: 68F8030000 PUSH 000003F8 00404B44: E8A40E0000 CALL 004059ED 00404B49: 85C0 TEST EAX, EAX 00404B4B: 59 POP ECX 00404B4C: 750F JNZ 404B5D 00404B4E: FF3500B44000 PUSH [0040B400] 00404B54: FF15D0804000 CALL [004080D0] ; HeapDestroy 00404B5A: 33C0 XOR EAX, EAX 00404B5C: C3 RET 00404B5D: 33C0 XOR EAX, EAX 00404B5F: 40 INC EAX 00404B60: C3 RET 00404B61: CC INT 3 00404B62: CC INT 3 00404B63: CC INT 3 00404B64: 68B84B4000 PUSH 00404BB8 00404B69: 64A100000000 MOV EAX, FS:[00] 00404B6F: 50 PUSH EAX 00404B70: 8B442410 MOV EAX, [ESP+10] 00404B74: 896C2410 MOV [ESP+10], EBP 00404B78: 8D6C2410 LEA EBP, [ESP+10] 00404B7C: 2BE0 SUB ESP, EAX 00404B7E: 53 PUSH EBX 00404B7F: 56 PUSH ESI 00404B80: 57 PUSH EDI 00404B81: 8B45F8 MOV EAX, [EBP-08] 00404B84: 8965E8 MOV [EBP-18], ESP 00404B87: 50 PUSH EAX 00404B88: 8B45FC MOV EAX, [EBP-04] 00404B8B: C745FCFFFFFFFF MOV [EBP-04], FFFFFFFF 00404B92: 8945F8 MOV [EBP-08], EAX 00404B95: 8D45F0 LEA EAX, [EBP-10] 00404B98: 64A300000000 MOV FS:[00], EAX 00404B9E: C3 RET 00404B9F: 8B4DF0 MOV ECX, [EBP-10] 00404BA2: 64890D00000000 MOV FS:[00000000], ECX 00404BA9: 59 POP ECX 00404BAA: 5F POP EDI 00404BAB: 5E POP ESI 00404BAC: 5B POP EBX 00404BAD: C9 LEAVE 00404BAE: 51 PUSH ECX 00404BAF: C3 RET 00404BB0: 56 PUSH ESI 00404BB1: 43 INC EBX 00404BB2: 3230 XOR DH, [EAX] 00404BB4: 58 POP EAX 00404BB5: 43 INC EBX 00404BB6: 3030 XOR [EAX], DH 00404BB8: 55 PUSH EBP 00404BB9: 8BEC MOV EBP, ESP 00404BBB: 83EC08 SUB ESP, 00000008 00404BBE: 53 PUSH EBX 00404BBF: 56 PUSH ESI 00404BC0: 57 PUSH EDI 00404BC1: 55 PUSH EBP 00404BC2: FC CLD 00404BC3: 8B5D0C MOV EBX, [EBP+0C] 00404BC6: 8B4508 MOV EAX, [EBP+08] 00404BC9: F7400406000000 TEST [EAX+04], 00000006 00404BD0: 0F85AB000000 JNZ 00404C81 00404BD6: 8945F8 MOV [EBP-08], EAX 00404BD9: 8B4510 MOV EAX, [EBP+10] 00404BDC: 8945FC MOV [EBP-04], EAX 00404BDF: 8D45F8 LEA EAX, [EBP-08] 00404BE2: 8943FC MOV [EBX-04], EAX 00404BE5: 8B730C MOV ESI, [EBX+0C] 00404BE8: 8B7B08 MOV EDI, [EBX+08] 00404BEB: 53 PUSH EBX 00404BEC: E80D1A0000 CALL 004065FE 00404BF1: 83C404 ADD ESP, 00000004 00404BF4: 0BC0 OR EAX, EAX 00404BF6: 747B JZ 404C73 00404BF8: 83FEFF CMP ESI, FFFFFFFF 00404BFB: 747D JZ 404C7A 00404BFD: 8D0C76 LEA ECX, [ESI+ESI*2] 00404C00: 8B448F04 MOV EAX, [EDI+ECX*4+04] 00404C04: 0BC0 OR EAX, EAX 00404C06: 7459 JZ 404C61 00404C08: 56 PUSH ESI 00404C09: 55 PUSH EBP 00404C0A: 8D6B10 LEA EBP, [EBX+10] 00404C0D: 33DB XOR EBX, EBX 00404C0F: 33C9 XOR ECX, ECX 00404C11: 33D2 XOR EDX, EDX 00404C13: 33F6 XOR ESI, ESI 00404C15: 33FF XOR EDI, EDI 00404C17: FFD0 CALL EAX 00404C19: 5D POP EBP 00404C1A: 5E POP ESI 00404C1B: 8B5D0C MOV EBX, [EBP+0C] 00404C1E: 0BC0 OR EAX, EAX 00404C20: 743F JZ 404C61 00404C22: 7848 JS 404C6C 00404C24: 8B7B08 MOV EDI, [EBX+08] 00404C27: 53 PUSH EBX 00404C28: E8E3180000 CALL 00406510 00404C2D: 83C404 ADD ESP, 00000004 00404C30: 8D6B10 LEA EBP, [EBX+10] 00404C33: 56 PUSH ESI 00404C34: 53 PUSH EBX 00404C35: E818190000 CALL 00406552 00404C3A: 83C408 ADD ESP, 00000008 00404C3D: 8D0C76 LEA ECX, [ESI+ESI*2] 00404C40: 6A01 PUSH 00000001 00404C42: 8B448F08 MOV EAX, [EDI+ECX*4+08] 00404C46: E89B190000 CALL 004065E6 00404C4B: 8B048F MOV EAX, [EDI+ECX*4] 00404C4E: 89430C MOV [EBX+0C], EAX 00404C51: 8B448F08 MOV EAX, [EDI+ECX*4+08] 00404C55: 33DB XOR EBX, EBX 00404C57: 33C9 XOR ECX, ECX 00404C59: 33D2 XOR EDX, EDX 00404C5B: 33F6 XOR ESI, ESI 00404C5D: 33FF XOR EDI, EDI 00404C5F: FFD0 CALL EAX 00404C61: 8B7B08 MOV EDI, [EBX+08] 00404C64: 8D0C76 LEA ECX, [ESI+ESI*2] 00404C67: 8B348F MOV ESI, [EDI+ECX*4] 00404C6A: EB8C JMP 404BF8 00404C6C: B800000000 MOV EAX, 00000000 00404C71: EB23 JMP 404C96 00404C73: 8B4508 MOV EAX, [EBP+08] 00404C76: 83480408 OR [EAX+04], 00000008 00404C7A: B801000000 MOV EAX, 00000001 00404C7F: EB15 JMP 404C96 00404C81: 55 PUSH EBP 00404C82: 8D6B10 LEA EBP, [EBX+10] 00404C85: 6AFF PUSH FFFFFFFF 00404C87: 53 PUSH EBX 00404C88: E8C5180000 CALL 00406552 00404C8D: 83C408 ADD ESP, 00000008 00404C90: 5D POP EBP 00404C91: B801000000 MOV EAX, 00000001 00404C96: 5D POP EBP 00404C97: 5F POP EDI 00404C98: 5E POP ESI 00404C99: 5B POP EBX 00404C9A: 8BE5 MOV ESP, EBP 00404C9C: 5D POP EBP 00404C9D: C3 RET 00404C9E: 55 PUSH EBP 00404C9F: 8B4C2408 MOV ECX, [ESP+08] 00404CA3: 8B29 MOV EBP, [ECX] 00404CA5: 8B411C MOV EAX, [ECX+1C] 00404CA8: 50 PUSH EAX 00404CA9: 8B4118 MOV EAX, [ECX+18] 00404CAC: 50 PUSH EAX 00404CAD: E8A0180000 CALL 00406552 00404CB2: 83C408 ADD ESP, 00000008 00404CB5: 5D POP EBP 00404CB6: C20400 RETN 0004 00404CB9: CC INT 3 00404CBA: CC INT 3 00404CBB: CC INT 3 00404CBC: CC INT 3 00404CBD: CC INT 3 00404CBE: CC INT 3 00404CBF: CC INT 3 00404CC0: 3D00100000 CMP EAX, 00001000 00404CC5: 730E JNB 404CD5 00404CC7: F7D8 NEG EAX 00404CC9: 03C4 ADD EAX, ESP 00404CCB: 83C004 ADD EAX, 00000004 00404CCE: 8500 TEST EAX, [EAX] 00404CD0: 94 XCHG ESP, EAX 00404CD1: 8B00 MOV EAX, [EAX] 00404CD3: 50 PUSH EAX 00404CD4: C3 RET 00404CD5: 51 PUSH ECX 00404CD6: 8D4C2408 LEA ECX, [ESP+08] 00404CDA: 81E900100000 SUB ECX, 00001000 00404CE0: 2D00100000 SUB EAX, 00001000 00404CE5: 8501 TEST EAX, [ECX] 00404CE7: 3D00100000 CMP EAX, 00001000 00404CEC: 73EC JNB 404CDA 00404CEE: 2BC8 SUB ECX, EAX 00404CF0: 8BC4 MOV EAX, ESP 00404CF2: 8501 TEST EAX, [ECX] 00404CF4: 8BE1 MOV ESP, ECX 00404CF6: 8B08 MOV ECX, [EAX] 00404CF8: 8B4004 MOV EAX, [EAX+04] 00404CFB: 50 PUSH EAX 00404CFC: C3 RET 00404CFD: 56 PUSH ESI 00404CFE: FF3528B54000 PUSH [0040B528] 00404D04: E8801C0000 CALL 00406989 00404D09: 59 POP ECX 00404D0A: 8B0D24B54000 MOV ECX, [0040B524] 00404D10: 8BF0 MOV ESI, EAX 00404D12: A128B54000 MOV EAX, [40B528] 00404D17: 8BD1 MOV EDX, ECX 00404D19: 2BD0 SUB EDX, EAX 00404D1B: 83C204 ADD EDX, 00000004 00404D1E: 3BF2 CMP ESI, EDX 00404D20: 734E JNB 404D70 00404D22: B900080000 MOV ECX, 00000800 00404D27: 3BF1 CMP ESI, ECX 00404D29: 7302 JNB 404D2D 00404D2B: 8BCE MOV ECX, ESI 00404D2D: 03CE ADD ECX, ESI 00404D2F: 51 PUSH ECX 00404D30: 50 PUSH EAX 00404D31: E8F11A0000 CALL 00406827 00404D36: 85C0 TEST EAX, EAX 00404D38: 59 POP ECX 00404D39: 59 POP ECX 00404D3A: 7517 JNZ 404D53 00404D3C: 83C610 ADD ESI, 00000010 00404D3F: 56 PUSH ESI 00404D40: FF3528B54000 PUSH [0040B528] 00404D46: E8DC1A0000 CALL 00406827 00404D4B: 85C0 TEST EAX, EAX 00404D4D: 59 POP ECX 00404D4E: 59 POP ECX 00404D4F: 7502 JNZ 404D53 00404D51: 5E POP ESI 00404D52: C3 RET 00404D53: 8B0D24B54000 MOV ECX, [0040B524] 00404D59: 2B0D28B54000 SUB ECX, [0040B528] 00404D5F: A328B54000 MOV [40B528], EAX 00404D64: C1F902 SAR ECX, 02 00404D67: 8D0C88 LEA ECX, [EAX+ECX*4] 00404D6A: 890D24B54000 MOV [0040B524], ECX 00404D70: 8B442408 MOV EAX, [ESP+08] 00404D74: 8901 MOV [ECX], EAX 00404D76: 830524B5400004 ADD [0040B524], 00000004 00404D7D: 5E POP ESI 00404D7E: C3 RET 00404D7F: FF742404 PUSH [ESP+04] 00404D83: E875FFFFFF CALL 00404CFD 00404D88: F7D8 NEG EAX 00404D8A: 1BC0 SBB EAX, EAX 00404D8C: F7D8 NEG EAX 00404D8E: 59 POP ECX 00404D8F: 48 DEC EAX 00404D90: C3 RET 00404D91: 6880000000 PUSH 00000080 00404D96: E8F5080000 CALL 00405690 00404D9B: 85C0 TEST EAX, EAX 00404D9D: 59 POP ECX 00404D9E: A328B54000 MOV [40B528], EAX 00404DA3: 7504 JNZ 404DA9 00404DA5: 6A18 PUSH 00000018 00404DA7: 58 POP EAX 00404DA8: C3 RET 00404DA9: 832000 AND [EAX], 00000000 00404DAC: A128B54000 MOV EAX, [40B528] 00404DB1: A324B54000 MOV [40B524], EAX 00404DB6: 33C0 XOR EAX, EAX 00404DB8: C3 RET 00404DB9: 55 PUSH EBP 00404DBA: 8BEC MOV EBP, ESP 00404DBC: 83EC10 SUB ESP, 00000010 00404DBF: 53 PUSH EBX 00404DC0: 33DB XOR EBX, EBX 00404DC2: 391D14A54000 CMP [0040A514], EBX 00404DC8: 56 PUSH ESI 00404DC9: 57 PUSH EDI 00404DCA: 756D JNZ 404E39 00404DCC: 68008A4000 PUSH 00408A00 -> user32.dll 00404DD1: FF15BC804000 CALL [004080BC] ; LoadLibraryA PE详情: 入口点:00003DD7 子系统:0002 映像地址:00400000 区段数量:0005 映像大小:00010000 时间*:45D268B8 代码基址:00001000 头部大小:00001000 数据基址:00008000 特性:010F 区段校正:00001000 校验和:00000000 文件校正:00000200 可选头部大小:00E0 幻数:010B RVA与大小的数量:00000010 RVA 大小 导出表: 00000000 00000000 导入表: 0000F000 00000078 资源: 0000C000 00002238 TLS表: 00000000 00000000 调试: 00000000 00000000 看在小弟这么诚恳的份上,帮帮小弟吧?先谢谢了 |
|
问一吓``我要跟入按下某个按钮后``要怎样下断啊?我是用OD的``
学习学习ING~呵呵 高手如云啊 |
|
[讨论]建议看雪学院按破解能力不同分段
看了52个了~呵呵 我也回个吧~ |
|
[分享]献给初学者---OllyDBG入门教程(收藏版)
收到 感谢哦 |
|
屏蔽EXE命令行参数
学知识来的~谢谢哦 |
|
[求助]关于破解问题
我有个软件是PE-AMROR加密的 至于我怎么知道的 不是用PEID看的 PEID显示的是Microsoft Visual C++ 7.0 [Overlay] 我用ROMRO2可以打开 并问我FINISH? 到这我也不知道破没破,用PEID还是老样子Microsoft Visual C++ 7.0 [Overlay] 给各位大大帮帮忙 |
|
|
|
[原创]DynC动态分析C语言编译器(2007-05-16更新)
啥时候我也能... |
|
破文生成器 更新至V1.33
这里就是天堂~HOHO |
|
[工具]加密与解密工具新年大礼包2007光盘提供下载
极品啊~太难得了 谢谢 |
|
[原创]实用的文章
没咋看懂~呵呵 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值