|
[求助][求助]请问程序多开CPU优化原理是什么,烦请各位给指点好吗??
: if ( *(_DWORD *)(v35 + 4) == 1715 ) //这就是CPU优化地方0x6b3 { ST44_4_0 = (int)sub_10002B60; //这是消息循环,和时间有关TICKCOUNT ST40_4_0 = "Sleep"; ST3C_4_0 = L"kernel32.dll"; sub_10001200((int)&unk_10010630, ST3C_4_0, ST40_4_0, ST44_4_0); } //----- (10001200) -------------------------------------------------------- signed int __thiscall sub_10001200(int this, LPCWSTR lpLibFileName, LPCSTR lpString1, int a4) { signed int result; // eax@5 int v5; // [sp+0h] [bp-20h]@1 struct _MEMORY_BASIC_INFORMATION Buffer; // [sp+4h] [bp-1Ch]@11 v5 = this; if ( lpLibFileName ) { *(_DWORD *)(v5 + 144) = GetModuleHandleW(lpLibFileName); if ( !*(_DWORD *)(v5 + 144) ) { *(_DWORD *)(v5 + 144) = LoadLibraryW(lpLibFileName); if ( !*(_DWORD *)(v5 + 144) ) return 0; *(_DWORD *)(v5 + 140) = 1; } *(_DWORD *)(v5 + 4) = GetProcAddress(*(HMODULE *)(v5 + 144), lpString1); if ( !*(_DWORD *)(v5 + 4) ) //表示地址为空就结束 return 0; } else { *(_DWORD *)(v5 + 4) = lpString1; } *(_DWORD *)v5 = GetCurrentProcess(); if ( !*(_DWORD *)v5 ) return 0; VirtualQueryEx(*(HANDLE *)v5, *(LPCVOID *)(v5 + 4), &Buffer, 0x1Cu); if ( !VirtualProtectEx(*(HANDLE *)v5, Buffer.BaseAddress, Buffer.RegionSize, 0x40u, &Buffer.Protect) ) goto LABEL_29; if ( !lstrcmpA(lpString1, "RtlQueryProcessDebugInformation") )//如果两个值相等返回为0 { *(_BYTE *)(v5 + 136) = 12; unknown_libname_1(v5 + 8, *(_DWORD *)(v5 + 4), *(_BYTE *)(v5 + 136)); unknown_libname_1(v5 + 72, *(_DWORD *)(v5 + 4), *(_BYTE *)(v5 + 136)); *(_WORD *)(v5 + 77) = 23952; *(_BYTE *)(v5 + 79) = -23; *(_DWORD *)(v5 + 80) = a4 - (*(_DWORD *)(v5 + 4) + 7) - 5; *(_BYTE *)(v5 + 20) = -23; *(_DWORD *)(v5 + 21) = *(_BYTE *)(v5 + 136) + *(_DWORD *)(v5 + 4) - (v5 + 20) - 5; unknown_libname_1(*(_DWORD *)(v5 + 4), v5 + 72, *(_BYTE *)(v5 + 136)); VirtualProtectEx(*(HANDLE *)v5, Buffer.BaseAddress, Buffer.RegionSize, Buffer.Protect, &Buffer.Protect); return 1; } if ( !lstrcmpA(lpString1, "Module32Next") ) { *(_BYTE *)(v5 + 136) = 23; unknown_libname_1(v5 + 8, *(_DWORD *)(v5 + 4), *(_BYTE *)(v5 + 136)); unknown_libname_1(v5 + 72, *(_DWORD *)(v5 + 4), *(_BYTE *)(v5 + 136)); *(_WORD *)(v5 + 83) = -15231; *(_DWORD *)(v5 + 85) = 1068; *(_WORD *)(v5 + 89) = -5795; *(_DWORD *)(v5 + 91) = a4 - (*(_DWORD *)(v5 + 4) + 18) - 5; *(_BYTE *)(v5 + 31) = -23; *(_DWORD *)(v5 + 32) = *(_BYTE *)(v5 + 136) + *(_DWORD *)(v5 + 4) - (v5 + 31) - 5; unknown_libname_1(*(_DWORD *)(v5 + 4), v5 + 72, *(_BYTE *)(v5 + 136));//VirtualProtectEx VirtualProtectEx(*(HANDLE *)v5, Buffer.BaseAddress, Buffer.RegionSize, Buffer.Protect, &Buffer.Protect); return 1; } if ( !lstrcmpA(lpString1, "GetAdaptersInfo") ) { *(_BYTE *)(v5 + 136) = 15; unknown_libname_1(v5 + 8, *(_DWORD *)(v5 + 4), *(_BYTE *)(v5 + 136)); unknown_libname_1(v5 + 72, *(_DWORD *)(v5 + 4), *(_BYTE *)(v5 + 136)); *(_WORD *)(v5 + 75) = -28579; *(_BYTE *)(v5 + 82) = -23; *(_DWORD *)(v5 + 83) = a4 - (*(_DWORD *)(v5 + 4) + 10) - 5; *(_BYTE *)(v5 + 13) = -72; *(_DWORD *)(v5 + 14) = *(_DWORD *)(v5 + 4) + *(_DWORD *)(*(_DWORD *)(v5 + 4) + 6) + *(_BYTE *)(v5 + 136) - 5; *(_WORD *)(v5 + 18) = -12033; *(_WORD *)(v5 + 20) = 1130; *(_WORD *)(v5 + 22) = 30207; *(_BYTE *)(v5 + 24) = 12; *(_BYTE *)(v5 + 25) = -23; *(_DWORD *)(v5 + 26) = *(_BYTE *)(v5 + 136) + *(_DWORD *)(v5 + 4) - (v5 + 25) - 5; unknown_libname_1(*(_DWORD *)(v5 + 4), v5 + 72, *(_BYTE *)(v5 + 136)); VirtualProtectEx(*(HANDLE *)v5, Buffer.BaseAddress, Buffer.RegionSize, Buffer.Protect, &Buffer.Protect); return 1; } if ( !lstrcmpA(lpString1, "IsIconic") ) { *(_BYTE *)(v5 + 136) = 13; unknown_libname_1(v5 + 8, *(_DWORD *)(v5 + 4), *(_BYTE *)(v5 + 136)); unknown_libname_1(v5 + 72, *(_DWORD *)(v5 + 4), 5); *(_WORD *)(v5 + 77) = 23952; *(_BYTE *)(v5 + 79) = -23; *(_DWORD *)(v5 + 80) = a4 - (*(_DWORD *)(v5 + 4) + 7) - 5; *(_BYTE *)(v5 + 84) = -112; *(_BYTE *)(v5 + 16) = -72; *(_DWORD *)(v5 + 17) = *(_BYTE *)(v5 + 136) + *(_DWORD *)(v5 + 4) + *(_DWORD *)(*(_DWORD *)(v5 + 4) + 9); *(_WORD *)(v5 + 21) = -12033; *(_BYTE *)(v5 + 23) = -23; *(_DWORD *)(v5 + 24) = *(_BYTE *)(v5 + 136) + *(_DWORD *)(v5 + 4) - (v5 + 23) - 5; unknown_libname_1(*(_DWORD *)(v5 + 4), v5 + 72, *(_BYTE *)(v5 + 136)); VirtualProtectEx(*(HANDLE *)v5, Buffer.BaseAddress, Buffer.RegionSize, Buffer.Protect, &Buffer.Protect); return 1; } if ( !lstrcmpA(lpString1, "Sleep") ) { *(_BYTE *)(v5 + 136) = 10; unknown_libname_1(v5 + 8, *(_DWORD *)(v5 + 4), *(_BYTE *)(v5 + 136)); unknown_libname_1(v5 + 72, *(_DWORD *)(v5 + 4), *(_BYTE *)(v5 + 136)); *(_DWORD *)(v5 + 72) = 1565917067; *(_BYTE *)(v5 + 76) = -23; *(_DWORD *)(v5 + 77) = a4 - (*(_DWORD *)(v5 + 4) + 4) - 5; *(_BYTE *)(v5 + 81) = -112; *(_BYTE *)(v5 + 18) = -23; *(_DWORD *)(v5 + 19) = *(_DWORD *)(v5 + 4) - (v5 + 8) - 5; unknown_libname_1(*(_DWORD *)(v5 + 4), v5 + 72, *(_BYTE *)(v5 + 136)); VirtualProtectEx(*(HANDLE *)v5, Buffer.BaseAddress, Buffer.RegionSize, Buffer.Protect, &Buffer.Protect); return 1; } if ( !lstrcmpA(lpString1, "GetAsyncKeyState") ) { *(_BYTE *)(v5 + 136) = 13; unknown_libname_1(v5 + 8, *(_DWORD *)(v5 + 4), *(_BYTE *)(v5 + 136)); unknown_libname_1(v5 + 72, *(_DWORD *)(v5 + 4), *(_BYTE *)(v5 + 136)); *(_DWORD *)(v5 + 72) = 1565917067; *(_BYTE *)(v5 + 76) = -23; *(_DWORD *)(v5 + 77) = a4 - (*(_DWORD *)(v5 + 4) + 4) - 5; *(_DWORD *)(v5 + 81) = -1869574000; *(_BYTE *)(v5 + 21) = -23; *(_DWORD *)(v5 + 22) = *(_BYTE *)(v5 + 136) + *(_DWORD *)(v5 + 4) - (v5 + 21) - 5; unknown_libname_1(*(_DWORD *)(v5 + 4), v5 + 72, *(_BYTE *)(v5 + 136)); VirtualProtectEx(*(HANDLE *)v5, Buffer.BaseAddress, Buffer.RegionSize, Buffer.Protect, &Buffer.Protect); return 1; } if ( ReadProcessMemory(*(HANDLE *)v5, *(LPCVOID *)(v5 + 4), (LPVOID)(v5 + 8), 5u, 0) ) { *(_BYTE *)(v5 + 136) = 5; *(_BYTE *)(v5 + 72) = -23; *(_DWORD *)(v5 + 73) = a4 - *(_DWORD *)(v5 + 4) - 5; *(_BYTE *)(v5 + 13) = -23; *(_DWORD *)(v5 + 14) = *(_DWORD *)(v5 + 4) - (v5 + 8) - 5; unknown_libname_1(*(_DWORD *)(v5 + 4), v5 + 72, *(_BYTE *)(v5 + 136)); VirtualProtectEx(*(HANDLE *)v5, Buffer.BaseAddress, Buffer.RegionSize, Buffer.Protect, &Buffer.Protect); result = 1; } else { LABEL_29: result = 0; } return result; } |
|
[求助]神呀,众神帮助我一下吧,就一个UNKNOWN_LIBNAME函数分析了N天呀,就是分析不出,众神帮我一次吧,就一次!!这前发了一次,没有人理呀!
to loqich,我看一了下,你说是对的,万分感谢! |
|
[求助]烦请各位高手看一下,这是个什么函数
唉,还是要靠自己呀!多么想有人交流一下。 |
|
[求助]烦请各位高手看一下,这是个什么函数
能不能发一个能产生UNKNOWN——LIBNAME例子,非常感谢! |
|
[求助]烦请各位高手看一下,这是个什么函数
text:10005FBB unknown_libname_45 proc near ; CODE XREF: unknown_libname_1+42j .text:10005FBB ; unknown_libname_45+AFp ... .text:10005FBB .text:10005FBB var_1C = dword ptr -1Ch .text:10005FBB var_18 = dword ptr -18h .text:10005FBB var_14 = dword ptr -14h .text:10005FBB var_10 = dword ptr -10h .text:10005FBB var_C = dword ptr -0Ch .text:10005FBB var_8 = dword ptr -8 .text:10005FBB var_4 = dword ptr -4 .text:10005FBB arg_0 = dword ptr 8 .text:10005FBB arg_4 = dword ptr 0Ch .text:10005FBB arg_8 = dword ptr 10h .text:10005FBB .text:10005FBB push ebp .text:10005FBC mov ebp, esp .text:10005FBE sub esp, 1Ch .text:10005FC1 mov [ebp+var_C], edi .text:10005FC4 mov [ebp+var_8], esi .text:10005FC7 mov [ebp+var_4], ebx .text:10005FCA mov ebx, [ebp+arg_4] .text:10005FCD mov eax, ebx .text:10005FCF cdq .text:10005FD0 mov ecx, eax .text:10005FD2 mov eax, [ebp+arg_0] .text:10005FD5 xor ecx, edx .text:10005FD7 sub ecx, edx .text:10005FD9 and ecx, 0Fh .text:10005FDC xor ecx, edx .text:10005FDE sub ecx, edx .text:10005FE0 cdq .text:10005FE1 mov edi, eax .text:10005FE3 xor edi, edx .text:10005FE5 sub edi, edx .text:10005FE7 and edi, 0Fh .text:10005FEA xor edi, edx .text:10005FEC sub edi, edx .text:10005FEE mov edx, ecx .text:10005FF0 or edx, edi .text:10005FF2 jnz short unknown_libname_47 ; Microsoft VisualC 2-8/net runtime .text:10005FF4 mov esi, [ebp+arg_8] .text:10005FF7 mov ecx, esi .text:10005FF9 and ecx, 7Fh .text:10005FFC mov [ebp+var_18], ecx .text:10005FFF cmp esi, ecx .text:10006001 jz short unknown_libname_46 ; Microsoft VisualC 2-8/net runtime .text:10006003 sub esi, ecx .text:10006005 push esi .text:10006006 push ebx .text:10006007 push eax .text:10006008 call _fastcopy_I .text:1000600D add esp, 0Ch .text:10006010 mov eax, [ebp+arg_0] .text:10006013 mov ecx, [ebp+var_18] .text:10006016 .text:10006016 unknown_libname_46: ; CODE XREF: unknown_libname_45+46j .text:10006016 test ecx, ecx ; Microsoft VisualC 2-8/net runtime .text:10006018 jz short unknown_libname_49 ; Microsoft VisualC 2-8/net runtime .text:1000601A mov ebx, [ebp+arg_8] .text:1000601D mov edx, [ebp+arg_4] .text:10006020 add edx, ebx .text:10006022 sub edx, ecx .text:10006024 mov [ebp+var_14], edx .text:10006027 add ebx, eax .text:10006029 sub ebx, ecx .text:1000602B mov [ebp+var_10], ebx .text:1000602E mov esi, [ebp+var_14] .text:10006031 mov edi, [ebp+var_10] .text:10006034 mov ecx, [ebp+var_18] .text:10006037 rep movsb .text:10006039 mov eax, [ebp+arg_0] .text:1000603C jmp short unknown_libname_49 ; Microsoft VisualC 2-8/net runtime .text:1000603E ; --------------------------------------------------------------------------- .text:1000603E .text:1000603E unknown_libname_47: ; CODE XREF: unknown_libname_45+37j .text:1000603E cmp ecx, edi ; Microsoft VisualC 2-8/net runtime .text:10006040 jnz short unknown_libname_48 ; Microsoft VisualC 2-8/net runtime .text:10006042 neg ecx .text:10006044 add ecx, 10h .text:10006047 mov [ebp+var_1C], ecx .text:1000604A mov esi, [ebp+arg_4] .text:1000604D mov edi, [ebp+arg_0] .text:10006050 mov ecx, [ebp+var_1C] .text:10006053 rep movsb .text:10006055 mov ecx, [ebp+arg_0] .text:10006058 add ecx, [ebp+var_1C] .text:1000605B mov edx, [ebp+arg_4] .text:1000605E add edx, [ebp+var_1C] .text:10006061 mov eax, [ebp+arg_8] .text:10006064 sub eax, [ebp+var_1C] .text:10006067 push eax .text:10006068 push edx .text:10006069 push ecx .text:1000606A call unknown_libname_45 ; Microsoft VisualC 2-8/net runtime .text:1000606F add esp, 0Ch .text:10006072 mov eax, [ebp+arg_0] .text:10006075 jmp short unknown_libname_49 ; Microsoft VisualC 2-8/net runtime .text:10006077 ; --------------------------------------------------------------------------- .text:10006077 .text:10006077 unknown_libname_48: ; CODE XREF: unknown_libname_45+85j .text:10006077 mov esi, [ebp+arg_4] ; Microsoft VisualC 2-8/net runtime .text:1000607A mov edi, [ebp+arg_0] .text:1000607D mov ecx, [ebp+arg_8] .text:10006080 mov edx, ecx .text:10006082 shr ecx, 2 .text:10006085 rep movsd .text:10006087 mov ecx, edx .text:10006089 and ecx, 3 .text:1000608C rep movsb .text:1000608E mov eax, [ebp+arg_0] .text:10006091 .text:10006091 unknown_libname_49: ; CODE XREF: unknown_libname_45+5Dj .text:10006091 ; unknown_libname_45+81j ... .text:10006091 mov ebx, [ebp+var_4] ; Microsoft VisualC 2-8/net runtime .text:10006094 mov esi, [ebp+var_8] .text:10006097 mov edi, [ebp+var_C] .text:1000609A mov esp, ebp .text:1000609C pop ebp .text:1000609D retn .text:1000609D unknown_libname_45 endp |
|
[求助]烦请各位高手看一下,这是个什么函数
.text:10003F30 unknown_libname_1 proc near ; CODE XREF: .text:1000113Dp .text:10003F30 ; sub_10001170+5Dp ... .text:10003F30 .text:10003F30 arg_0 = dword ptr 8 .text:10003F30 arg_4 = dword ptr 0Ch .text:10003F30 arg_8 = dword ptr 10h .text:10003F30 .text:10003F30 push ebp .text:10003F31 mov ebp, esp .text:10003F33 push edi .text:10003F34 push esi .text:10003F35 mov esi, [ebp+arg_4] .text:10003F38 mov ecx, [ebp+arg_8] .text:10003F3B mov edi, [ebp+arg_0] .text:10003F3E mov eax, ecx .text:10003F40 mov edx, ecx .text:10003F42 add eax, esi .text:10003F44 cmp edi, esi .text:10003F46 jbe short unknown_libname_2 ; Microsoft VisualC 2-8/net runtime .text:10003F48 cmp edi, eax .text:10003F4A jb unknown_libname_22 ; Microsoft VisualC 2-8/net runtime .text:10003F50 .text:10003F50 unknown_libname_2: ; CODE XREF: unknown_libname_1+16j .text:10003F50 cmp ecx, 100h ; Microsoft VisualC 2-8/net runtime .text:10003F56 jb short unknown_libname_3 ; Microsoft VisualC 2-8/net runtime .text:10003F58 cmp dword_10011460, 0 .text:10003F5F jz short unknown_libname_3 ; Microsoft VisualC 2-8/net runtime .text:10003F61 push edi .text:10003F62 push esi .text:10003F63 and edi, 0Fh .text:10003F66 and esi, 0Fh .text:10003F69 cmp edi, esi .text:10003F6B pop esi .text:10003F6C pop edi .text:10003F6D jnz short unknown_libname_3 ; Microsoft VisualC 2-8/net runtime .text:10003F6F pop esi .text:10003F70 pop edi .text:10003F71 pop ebp .text:10003F72 jmp unknown_libname_45 ; Microsoft VisualC 2-8/net runtime .text:10003F77 ; --------------------------------------------------------------------------- .text:10003F77 .text:10003F77 unknown_libname_3: ; CODE XREF: unknown_libname_1+26j .text:10003F77 ; unknown_libname_1+2Fj ... .text:10003F77 test edi, 3 ; Microsoft VisualC 2-8/net runtime .text:10003F7D jnz short unknown_libname_4 ; Microsoft VisualC 2-8/net runtime .text:10003F7F shr ecx, 2 .text:10003F82 and edx, 3 .text:10003F85 cmp ecx, 8 .text:10003F88 jb short unknown_libname_6 ; Microsoft VisualC 2-8/net runtime .text:10003F8A rep movsd .text:10003F8C jmp ds:off_100040A4[edx*4] ; Microsoft VisualC 2-8/net runtime .text:10003F8C ; --------------------------------------------------------------------------- .text:10003F93 align 4 .text:10003F94 .text:10003F94 unknown_libname_4: ; CODE XREF: unknown_libname_1+4Dj .text:10003F94 mov eax, edi ; Microsoft VisualC 2-8/net runtime .text:10003F96 mov edx, 3 .text:10003F9B sub ecx, 4 .text:10003F9E jb short unknown_libname_5 ; Microsoft VisualC 2-8/net runtime .text:10003FA0 and eax, 3 .text:10003FA3 add ecx, eax .text:10003FA5 jmp dword ptr ds:(unknown_libname_6+4)[eax*4] ; Microsoft VisualC 2-8/net runtime .text:10003FAC ; --------------------------------------------------------------------------- .text:10003FAC .text:10003FAC unknown_libname_5: ; CODE XREF: unknown_libname_1+6Ej .text:10003FAC jmp dword ptr ds:unknown_libname_18[ecx*4] ; Microsoft VisualC 2-8/net runtime .text:10003FAC ; --------------------------------------------------------------------------- .text:10003FB3 align 4 .text:10003FB4 .text:10003FB4 unknown_libname_6: ; CODE XREF: unknown_libname_1+58j .text:10003FB4 ; unknown_libname_1+B6j ... .text:10003FB4 jmp ds:off_10004038[ecx*4] ; Microsoft VisualC 2-8/net runtime .text:10003FB4 ; --------------------------------------------------------------------------- .text:10003FBB align 4 .text:10003FBC dd offset unknown_libname_7 ; Microsoft VisualC 2-8/net runtime .text:10003FC0 dd offset unknown_libname_8 ; Microsoft VisualC 2-8/net runtime .text:10003FC4 dd offset unknown_libname_9 ; Microsoft VisualC 2-8/net runtime .text:10003FC8 ; --------------------------------------------------------------------------- .text:10003FC8 .text:10003FC8 unknown_libname_7: ; DATA XREF: unknown_libname_1+8Co .text:10003FC8 and edx, ecx ; Microsoft VisualC 2-8/net runtime .text:10003FCA mov al, [esi] .text:10003FCC mov [edi], al .text:10003FCE mov al, [esi+1] .text:10003FD1 mov [edi+1], al .text:10003FD4 mov al, [esi+2] .text:10003FD7 shr ecx, 2 .text:10003FDA mov [edi+2], al .text:10003FDD add esi, 3 .text:10003FE0 add edi, 3 .text:10003FE3 cmp ecx, 8 .text:10003FE6 jb short unknown_libname_6 ; Microsoft VisualC 2-8/net runtime .text:10003FE8 rep movsd .text:10003FEA jmp ds:off_100040A4[edx*4] ; Microsoft VisualC 2-8/net runtime .text:10003FEA ; --------------------------------------------------------------------------- .text:10003FF1 align 4 .text:10003FF4 .text:10003FF4 unknown_libname_8: ; DATA XREF: unknown_libname_1+90o .text:10003FF4 and edx, ecx ; Microsoft VisualC 2-8/net runtime .text:10003FF6 mov al, [esi] .text:10003FF8 mov [edi], al .text:10003FFA mov al, [esi+1] .text:10003FFD shr ecx, 2 .text:10004000 mov [edi+1], al .text:10004003 add esi, 2 .text:10004006 add edi, 2 .text:10004009 cmp ecx, 8 .text:1000400C jb short unknown_libname_6 ; Microsoft VisualC 2-8/net runtime .text:1000400E rep movsd .text:10004010 jmp ds:off_100040A4[edx*4] ; Microsoft VisualC 2-8/net runtime .text:10004010 ; --------------------------------------------------------------------------- .text:10004017 align 4 .text:10004018 .text:10004018 unknown_libname_9: ; DATA XREF: unknown_libname_1+94o .text:10004018 and edx, ecx ; Microsoft VisualC 2-8/net runtime .text:1000401A mov al, [esi] .text:1000401C mov [edi], al .text:1000401E add esi, 1 .text:10004021 shr ecx, 2 .text:10004024 add edi, 1 .text:10004027 cmp ecx, 8 .text:1000402A jb short unknown_libname_6 ; Microsoft VisualC 2-8/net runtime .text:1000402C rep movsd .text:1000402E jmp ds:off_100040A4[edx*4] ; Microsoft VisualC 2-8/net runtime .text:1000402E ; --------------------------------------------------------------------------- .text:10004035 align 4 .text:10004038 off_10004038 dd offset unknown_libname_17 .text:10004038 ; DATA XREF: unknown_libname_1:unknown_libname_6r .text:10004038 ; Microsoft VisualC 2-8/net runtime .text:1000403C dd offset unknown_libname_16 ; Microsoft VisualC 2-8/net runtime .text:10004040 dd offset unknown_libname_15 ; Microsoft VisualC 2-8/net runtime .text:10004044 dd offset unknown_libname_14 ; Microsoft VisualC 2-8/net runtime .text:10004048 dd offset unknown_libname_13 ; Microsoft VisualC 2-8/net runtime .text:1000404C dd offset unknown_libname_12 ; Microsoft VisualC 2-8/net runtime .text:10004050 dd offset unknown_libname_11 ; Microsoft VisualC 2-8/net runtime .text:10004054 dd offset unknown_libname_10 ; Microsoft VisualC 2-8/net runtime .text:10004058 ; --------------------------------------------------------------------------- .text:10004058 .text:10004058 unknown_libname_10: ; CODE XREF: unknown_libname_1:unknown_libname_6j .text:10004058 ; DATA XREF: unknown_libname_1+124o .text:10004058 mov eax, [esi+ecx*4-1Ch] ; Microsoft VisualC 2-8/net runtime .text:1000405C mov [edi+ecx*4-1Ch], eax .text:10004060 .text:10004060 unknown_libname_11: ; CODE XREF: unknown_libname_1:unknown_libname_6j .text:10004060 ; DATA XREF: unknown_libname_1+120o .text:10004060 mov eax, [esi+ecx*4-18h] ; Microsoft VisualC 2-8/net runtime .text:10004064 mov [edi+ecx*4-18h], eax .text:10004068 .text:10004068 unknown_libname_12: ; CODE XREF: unknown_libname_1:unknown_libname_6j .text:10004068 ; DATA XREF: unknown_libname_1+11Co .text:10004068 mov eax, [esi+ecx*4-14h] ; Microsoft VisualC 2-8/net runtime .text:1000406C mov [edi+ecx*4-14h], eax .text:10004070 .text:10004070 unknown_libname_13: ; CODE XREF: unknown_libname_1:unknown_libname_6j .text:10004070 ; DATA XREF: unknown_libname_1+118o .text:10004070 mov eax, [esi+ecx*4-10h] ; Microsoft VisualC 2-8/net runtime .text:10004074 mov [edi+ecx*4-10h], eax .text:10004078 .text:10004078 unknown_libname_14: ; CODE XREF: unknown_libname_1:unknown_libname_6j .text:10004078 ; DATA XREF: unknown_libname_1+114o .text:10004078 mov eax, [esi+ecx*4-0Ch] ; Microsoft VisualC 2-8/net runtime .text:1000407C mov [edi+ecx*4-0Ch], eax .text:10004080 .text:10004080 unknown_libname_15: ; CODE XREF: unknown_libname_1:unknown_libname_6j .text:10004080 ; DATA XREF: unknown_libname_1+110o .text:10004080 mov eax, [esi+ecx*4-8] ; Microsoft VisualC 2-8/net runtime .text:10004084 mov [edi+ecx*4-8], eax .text:10004088 .text:10004088 unknown_libname_16: ; CODE XREF: unknown_libname_1:unknown_libname_6j .text:10004088 ; DATA XREF: unknown_libname_1+10Co .text:10004088 mov eax, [esi+ecx*4-4] ; Microsoft VisualC 2-8/net runtime .text:1000408C mov [edi+ecx*4-4], eax .text:10004090 lea eax, ds:0[ecx*4] .text:10004097 add esi, eax .text:10004099 add edi, eax .text:1000409B .text:1000409B unknown_libname_17: ; CODE XREF: unknown_libname_1:unknown_libname_6j .text:1000409B ; DATA XREF: unknown_libname_1:off_10004038o .text:1000409B jmp ds:off_100040A4[edx*4] ; Microsoft VisualC 2-8/net runtime .text:1000409B ; --------------------------------------------------------------------------- .text:100040A2 align 4 .text:100040A4 off_100040A4 dd offset unknown_libname_18 .text:100040A4 ; DATA XREF: unknown_libname_1+5Cr .text:100040A4 ; unknown_libname_1+BAr ... .text:100040A4 ; Microsoft VisualC 2-8/net runtime .text:100040A8 dd offset unknown_libname_19 ; Microsoft VisualC 2-8/net runtime .text:100040AC dd offset unknown_libname_20 ; Microsoft VisualC 2-8/net runtime .text:100040B0 dd offset unknown_libname_21 ; Microsoft VisualC 2-8/net runtime .text:100040B4 ; --------------------------------------------------------------------------- .text:100040B4 .text:100040B4 unknown_libname_18: ; CODE XREF: unknown_libname_1+5Cj .text:100040B4 ; unknown_libname_1+BAj ... .text:100040B4 mov eax, [ebp+arg_0] ; Microsoft VisualC 2-8/net runtime .text:100040B7 pop esi .text:100040B8 pop edi .text:100040B9 leave .text:100040BA retn .text:100040BA ; --------------------------------------------------------------------------- .text:100040BB align 4 .text:100040BC .text:100040BC unknown_libname_19: ; CODE XREF: unknown_libname_1+5Cj .text:100040BC ; unknown_libname_1+BAj ... .text:100040BC mov al, [esi] ; Microsoft VisualC 2-8/net runtime .text:100040BE mov [edi], al .text:100040C0 mov eax, [ebp+arg_0] .text:100040C3 pop esi .text:100040C4 pop edi .text:100040C5 leave .text:100040C6 retn .text:100040C6 ; --------------------------------------------------------------------------- .text:100040C7 align 4 .text:100040C8 .text:100040C8 unknown_libname_20: ; CODE XREF: unknown_libname_1+5Cj .text:100040C8 ; unknown_libname_1+BAj ... .text:100040C8 mov al, [esi] ; Microsoft VisualC 2-8/net runtime .text:100040CA mov [edi], al .text:100040CC mov al, [esi+1] .text:100040CF mov [edi+1], al .text:100040D2 mov eax, [ebp+arg_0] .text:100040D5 pop esi .text:100040D6 pop edi .text:100040D7 leave .text:100040D8 retn .text:100040D8 ; --------------------------------------------------------------------------- .text:100040D9 align 4 .text:100040DC .text:100040DC unknown_libname_21: ; CODE XREF: unknown_libname_1+5Cj .text:100040DC ; unknown_libname_1+BAj ... .text:100040DC mov al, [esi] ; Microsoft VisualC 2-8/net runtime .text:100040DE mov [edi], al .text:100040E0 mov al, [esi+1] .text:100040E3 mov [edi+1], al .text:100040E6 mov al, [esi+2] .text:100040E9 mov [edi+2], al .text:100040EC mov eax, [ebp+arg_0] .text:100040EF pop esi .text:100040F0 pop edi .text:100040F1 leave .text:100040F2 retn .text:100040F2 ; --------------------------------------------------------------------------- .text:100040F3 align 4 .text:100040F4 .text:100040F4 unknown_libname_22: ; CODE XREF: unknown_libname_1+1Aj .text:100040F4 lea esi, [ecx+esi-4] ; Microsoft VisualC 2-8/net runtime .text:100040F8 lea edi, [ecx+edi-4] .text:100040FC test edi, 3 .text:10004102 jnz short unknown_libname_24 ; Microsoft VisualC 2-8/net runtime .text:10004104 shr ecx, 2 .text:10004107 and edx, 3 .text:1000410A cmp ecx, 8 .text:1000410D jb short unknown_libname_23 ; Microsoft VisualC 2-8/net runtime .text:1000410F std .text:10004110 rep movsd .text:10004112 cld .text:10004113 jmp ds:off_10004240[edx*4] ; Microsoft VisualC 2-8/net runtime .text:10004113 ; --------------------------------------------------------------------------- .text:1000411A align 4 .text:1000411C .text:1000411C unknown_libname_23: ; CODE XREF: unknown_libname_1+1DDj .text:1000411C ; unknown_libname_1+238j ... .text:1000411C neg ecx ; Microsoft VisualC 2-8/net runtime .text:1000411E jmp ds:off_100041F0[ecx*4] ; Microsoft VisualC 2-8/net runtime .text:1000411E ; --------------------------------------------------------------------------- .text:10004125 align 4 .text:10004128 .text:10004128 unknown_libname_24: ; CODE XREF: unknown_libname_1+1D2j .text:10004128 mov eax, edi ; Microsoft VisualC 2-8/net runtime .text:1000412A mov edx, 3 .text:1000412F cmp ecx, 4 .text:10004132 jb short unknown_libname_25 ; Microsoft VisualC 2-8/net runtime .text:10004134 and eax, 3 .text:10004137 sub ecx, eax .text:10004139 jmp dword ptr ds:(unknown_libname_25+4)[eax*4] ; Microsoft VisualC 2-8/net runtime .text:10004140 ; --------------------------------------------------------------------------- .text:10004140 .text:10004140 unknown_libname_25: ; CODE XREF: unknown_libname_1+202j .text:10004140 ; DATA XREF: unknown_libname_1+209r .text:10004140 jmp ds:off_10004240[ecx*4] ; Microsoft VisualC 2-8/net runtime .text:10004140 ; --------------------------------------------------------------------------- .text:10004147 align 4 .text:10004148 dd offset unknown_libname_26 ; Microsoft VisualC 2-8/net runtime .text:1000414C dd offset unknown_libname_27 ; Microsoft VisualC 2-8/net runtime .text:10004150 dd offset unknown_libname_28 ; Microsoft VisualC 2-8/net runtime .text:10004154 ; --------------------------------------------------------------------------- .text:10004154 .text:10004154 unknown_libname_26: ; DATA XREF: unknown_libname_1+218o .text:10004154 mov al, [esi+3] ; Microsoft VisualC 2-8/net runtime .text:10004157 and edx, ecx .text:10004159 mov [edi+3], al .text:1000415C sub esi, 1 .text:1000415F shr ecx, 2 .text:10004162 sub edi, 1 .text:10004165 cmp ecx, 8 .text:10004168 jb short unknown_libname_23 ; Microsoft VisualC 2-8/net runtime .text:1000416A std .text:1000416B rep movsd .text:1000416D cld .text:1000416E jmp ds:off_10004240[edx*4] ; Microsoft VisualC 2-8/net runtime .text:1000416E ; --------------------------------------------------------------------------- .text:10004175 align 4 .text:10004178 .text:10004178 unknown_libname_27: ; DATA XREF: unknown_libname_1+21Co .text:10004178 mov al, [esi+3] ; Microsoft VisualC 2-8/net runtime .text:1000417B and edx, ecx .text:1000417D mov [edi+3], al .text:10004180 mov al, [esi+2] .text:10004183 shr ecx, 2 .text:10004186 mov [edi+2], al .text:10004189 sub esi, 2 .text:1000418C sub edi, 2 .text:1000418F cmp ecx, 8 .text:10004192 jb short unknown_libname_23 ; Microsoft VisualC 2-8/net runtime .text:10004194 std .text:10004195 rep movsd .text:10004197 cld .text:10004198 jmp ds:off_10004240[edx*4] ; Microsoft VisualC 2-8/net runtime .text:10004198 ; --------------------------------------------------------------------------- .text:1000419F align 10h .text:100041A0 .text:100041A0 unknown_libname_28: ; DATA XREF: unknown_libname_1+220o .text:100041A0 mov al, [esi+3] ; Microsoft VisualC 2-8/net runtime .text:100041A3 and edx, ecx .text:100041A5 mov [edi+3], al .text:100041A8 mov al, [esi+2] .text:100041AB mov [edi+2], al .text:100041AE mov al, [esi+1] .text:100041B1 shr ecx, 2 .text:100041B4 mov [edi+1], al .text:100041B7 sub esi, 3 .text:100041BA sub edi, 3 .text:100041BD cmp ecx, 8 .text:100041C0 jb unknown_libname_23 ; Microsoft VisualC 2-8/net runtime .text:100041C6 std .text:100041C7 rep movsd .text:100041C9 cld .text:100041CA jmp ds:off_10004240[edx*4] ; Microsoft VisualC 2-8/net runtime .text:100041CA ; --------------------------------------------------------------------------- .text:100041D1 align 4 .text:100041D4 dd offset unknown_libname_29 ; Microsoft VisualC 2-8/net runtime .text:100041D8 dd offset unknown_libname_30 ; Microsoft VisualC 2-8/net runtime .text:100041DC dd offset unknown_libname_31 ; Microsoft VisualC 2-8/net runtime .text:100041E0 dd offset unknown_libname_32 ; Microsoft VisualC 2-8/net runtime .text:100041E4 dd offset unknown_libname_33 ; Microsoft VisualC 2-8/net runtime .text:100041E8 dd offset unknown_libname_34 ; Microsoft VisualC 2-8/net runtime .text:100041EC dd offset unknown_libname_35 ; Microsoft VisualC 2-8/net runtime .text:100041F0 off_100041F0 dd offset unknown_libname_36 .text:100041F0 ; DATA XREF: unknown_libname_1+1EEr .text:100041F0 ; Microsoft VisualC 2-8/net runtime .text:100041F4 ; --------------------------------------------------------------------------- .text:100041F4 .text:100041F4 unknown_libname_29: ; DATA XREF: unknown_libname_1+2A4o .text:100041F4 mov eax, [esi+ecx*4+1Ch] ; Microsoft VisualC 2-8/net runtime .text:100041F8 mov [edi+ecx*4+1Ch], eax .text:100041FC .text:100041FC unknown_libname_30: ; DATA XREF: unknown_libname_1+2A8o .text:100041FC mov eax, [esi+ecx*4+18h] ; Microsoft VisualC 2-8/net runtime .text:10004200 mov [edi+ecx*4+18h], eax .text:10004204 .text:10004204 unknown_libname_31: ; DATA XREF: unknown_libname_1+2ACo .text:10004204 mov eax, [esi+ecx*4+14h] ; Microsoft VisualC 2-8/net runtime .text:10004208 mov [edi+ecx*4+14h], eax .text:1000420C .text:1000420C unknown_libname_32: ; DATA XREF: unknown_libname_1+2B0o .text:1000420C mov eax, [esi+ecx*4+10h] ; Microsoft VisualC 2-8/net runtime .text:10004210 mov [edi+ecx*4+10h], eax .text:10004214 .text:10004214 unknown_libname_33: ; DATA XREF: unknown_libname_1+2B4o .text:10004214 mov eax, [esi+ecx*4+0Ch] ; Microsoft VisualC 2-8/net runtime .text:10004218 mov [edi+ecx*4+0Ch], eax .text:1000421C .text:1000421C unknown_libname_34: ; DATA XREF: unknown_libname_1+2B8o .text:1000421C mov eax, [esi+ecx*4+8] ; Microsoft VisualC 2-8/net runtime .text:10004220 mov [edi+ecx*4+8], eax .text:10004224 .text:10004224 unknown_libname_35: ; DATA XREF: unknown_libname_1+2BCo .text:10004224 mov eax, [esi+ecx*4+4] ; Microsoft VisualC 2-8/net runtime .text:10004228 mov [edi+ecx*4+4], eax .text:1000422C lea eax, ds:0[ecx*4] .text:10004233 add esi, eax .text:10004235 add edi, eax .text:10004237 .text:10004237 unknown_libname_36: ; CODE XREF: unknown_libname_1+1EEj .text:10004237 ; DATA XREF: unknown_libname_1:off_100041F0o .text:10004237 jmp ds:off_10004240[edx*4] ; Microsoft VisualC 2-8/net runtime .text:10004237 ; --------------------------------------------------------------------------- .text:1000423E align 10h .text:10004240 off_10004240 dd offset unknown_libname_37 .text:10004240 ; DATA XREF: unknown_libname_1+1E3r .text:10004240 ; unknown_libname_1:unknown_libname_25r ... .text:10004240 ; Microsoft VisualC 2-8/net runtime .text:10004244 dd offset unknown_libname_38 ; Microsoft VisualC 2-8/net runtime .text:10004248 dd offset unknown_libname_39 ; Microsoft VisualC 2-8/net runtime .text:1000424C dd offset unknown_libname_40 ; Microsoft VisualC 2-8/net runtime .text:10004250 ; --------------------------------------------------------------------------- .text:10004250 .text:10004250 unknown_libname_37: ; CODE XREF: unknown_libname_1+1E3j .text:10004250 ; unknown_libname_1:unknown_libname_25j ... .text:10004250 mov eax, [ebp+arg_0] ; Microsoft VisualC 2-8/net runtime .text:10004253 pop esi .text:10004254 pop edi .text:10004255 leave .text:10004256 retn .text:10004256 ; --------------------------------------------------------------------------- .text:10004257 align 4 .text:10004258 .text:10004258 unknown_libname_38: ; CODE XREF: unknown_libname_1+1E3j .text:10004258 ; unknown_libname_1:unknown_libname_25j ... .text:10004258 mov al, [esi+3] ; Microsoft VisualC 2-8/net runtime .text:1000425B mov [edi+3], al .text:1000425E mov eax, [ebp+arg_0] .text:10004261 pop esi .text:10004262 pop edi .text:10004263 leave .text:10004264 retn .text:10004264 ; --------------------------------------------------------------------------- .text:10004265 align 4 .text:10004268 .text:10004268 unknown_libname_39: ; CODE XREF: unknown_libname_1+1E3j .text:10004268 ; unknown_libname_1:unknown_libname_25j ... .text:10004268 mov al, [esi+3] ; Microsoft VisualC 2-8/net runtime .text:1000426B mov [edi+3], al .text:1000426E mov al, [esi+2] .text:10004271 mov [edi+2], al .text:10004274 mov eax, [ebp+arg_0] .text:10004277 pop esi .text:10004278 pop edi .text:10004279 leave .text:1000427A retn .text:1000427A ; --------------------------------------------------------------------------- .text:1000427B align 4 .text:1000427C .text:1000427C unknown_libname_40: ; CODE XREF: unknown_libname_1+1E3j .text:1000427C ; unknown_libname_1:unknown_libname_25j ... .text:1000427C mov al, [esi+3] ; Microsoft VisualC 2-8/net runtime .text:1000427F mov [edi+3], al .text:10004282 mov al, [esi+2] .text:10004285 mov [edi+2], al .text:10004288 mov al, [esi+1] .text:1000428B mov [edi+1], al .text:1000428E mov eax, [ebp+arg_0] .text:10004291 pop esi .text:10004292 pop edi .text:10004293 leave .text:10004294 retn .text:10004294 unknown_libname_1 endp |
|
[求助]烦请各位高手看一下,这是个什么函数
我试一下,IDA,能够看出MEMCPY text:004017C3 mov edx, [ebp+var_10] .text:004017C6 mov [ebp+var_4], edx .text:004017C9 push 4 .text:004017CB lea eax, [ebp+var_4] .text:004017CE push eax .text:004017CF lea ecx, [ebp+var_8] .text:004017D2 push ecx .text:004017D3 call memcpy |
|
[求助]烦请各位高手看一下,这是个什么函数
to loqich 谢谢你的关注,我试一下,VC看能不能出现这个结果 |
|
[求助]烦请各位高手看一下,这是个什么函数
请各位高手看一下吧 |
|
[求助]谁能帮写一个VC能才生unknown_libname例子
难道没有给回一下吗! |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值