难解的c++大马-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] 难解的c++大马 0.00雪花

发表于: 2009-11-27 02:05 3596

[旧帖] 难解的c++大马 0.00雪花

jama

2009-11-27 02:05

3596

0040389F: 55                       PUSH EBP
004038A0: 8BEC                     MOV EBP, ESP
004038A2: 6AFF                     PUSH FFFFFFFF
004038A4: 68F8724000               PUSH 004072F8
004038A9: 6804554000               PUSH 00405504
004038AE: 64A100000000             MOV EAX, FS:[00]
004038B4: 50                       PUSH EAX
004038B5: 64892500000000           MOV FS:[00000000], ESP
004038BC: 83EC58                   SUB ESP, 00000058
004038BF: 53                       PUSH EBX
004038C0: 56                       PUSH ESI
004038C1: 57                       PUSH EDI
004038C2: 8965E8                   MOV [EBP-18], ESP
004038C5: FF1548704000             CALL [00407048] ; GetVersion
004038CB: 33D2                     XOR EDX, EDX
004038CD: 8AD4                     MOV DL, AH
004038CF: 891594BA4000             MOV [0040BA94], EDX
004038D5: 8BC8                     MOV ECX, EAX
004038D7: 81E1FF000000             AND ECX, 000000FF
004038DD: 890D90BA4000             MOV [0040BA90], ECX
004038E3: C1E108                   SHL ECX, 08
004038E6: 03CA                     ADD ECX, EDX
004038E8: 890D8CBA4000             MOV [0040BA8C], ECX
004038EE: C1E810                   SHR EAX, 10
004038F1: A388BA4000               MOV [40BA88], EAX
004038F6: 33F6                     XOR ESI, ESI
004038F8: 56                       PUSH ESI
004038F9: E87A030000               CALL 00403C78
004038FE: 59                       POP ECX
004038FF: 85C0                     TEST EAX, EAX
00403901: 7508                     JNZ 40390B
00403903: 6A1C                     PUSH 0000001C
00403905: E8B0000000               CALL 004039BA
0040390A: 59                       POP ECX
0040390B: 8975FC                   MOV [EBP-04], ESI
0040390E: E84D190000               CALL 00405260
00403913: FF1544704000             CALL [00407044] ; GetCommandLineA
00403919: A39CBF4000               MOV [40BF9C], EAX
0040391E: E80B180000               CALL 0040512E
00403923: A364BA4000               MOV [40BA64], EAX
00403928: E8B4150000               CALL 00404EE1
0040392D: E8F6140000               CALL 00404E28
00403932: E813120000               CALL 00404B4A
00403937: 8975D0                   MOV [EBP-30], ESI
0040393A: 8D45A4                   LEA EAX, [EBP-5C]
0040393D: 50                       PUSH EAX
0040393E: FF1540704000             CALL [00407040] ; GetStartupInfoA
00403944: E887140000               CALL 00404DD0
00403949: 89459C                   MOV [EBP-64], EAX
0040394C: F645D001                 TEST BYTE PTR [EBP-30], 01
00403950: 7406                     JZ 403958
00403952: 0FB745D4                 MOVZX EAX, WORD PTR [EBP-2C]
00403956: EB03                     JMP 40395B
00403958: 6A0A                     PUSH 0000000A
0040395A: 58                       POP EAX
0040395B: 50                       PUSH EAX
0040395C: FF759C                   PUSH [EBP-64]
0040395F: 56                       PUSH ESI
00403960: 56                       PUSH ESI
00403961: FF153C704000             CALL [0040703C] ; GetModuleHandleA
00403967: 50                       PUSH EAX
00403968: E8CDD7FFFF               CALL 0040113A
0040396D: 8945A0                   MOV [EBP-60], EAX
00403970: 50                       PUSH EAX
00403971: E801120000               CALL 00404B77       进入登陆窗口，输入登入名，密码进入软件操作显示没有激活
00403976: 8B45EC                   MOV EAX, [EBP-14]
00403979: 8B08                     MOV ECX, [EAX]
0040397B: 8B09                     MOV ECX, [ECX]
0040397D: 894D98                   MOV [EBP-68], ECX
00403980: 50                       PUSH EAX
00403981: 51                       PUSH ECX
00403982: E8C5120000               CALL 00404C4C
00403987: 59                       POP ECX
00403988: 59                       POP ECX
00403989: C3                       RET
0040398A: 8B65E8                   MOV ESP, [EBP-18]
0040398D: FF7598                   PUSH [EBP-68]
00403990: E8F3110000               CALL 00404B88
00403995: 833D6CBA400001           CMP [0040BA6C], 00000001
0040399C: 7505                     JNZ 4039A3
0040399E: E8391C0000               CALL 004055DC
004039A3: FF742404                 PUSH [ESP+04]
004039A7: E8691C0000               CALL 00405615
004039AC: 68FF000000               PUSH 000000FF
004039B1: FF15D0954000             CALL [004095D0]
那位高手帮我看看呀，愁死我了，

[课程]Android-CTF解题方法汇总！

收藏・0

免费・0

支持

最新回复 (6)
轩辕小聪雪币： 722 活跃值： (123) 能力值： ( LV12，RANK：300 ) 在线值：发帖 10 回帖 547 粉丝 5 关注私信	轩辕小聪 7 2 楼拜托，你贴出来的只是软件入口点代码，是VC的标准入口代码，这个标准入口代码可以说跟软件真正的功能一点关系都没有，真正的功能就是要call进去才能看出来的。如果你连这一点都不懂，那你还是好好学一点基础再说吧，要不然就算这次有人帮你搞定了，你也不懂是怎么搞定的。 2009-11-27 02:45 0
xianxian 雪币： 184 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 4 粉丝 0 关注私信	xianxian 3 楼进call看下 2009-11-27 03:19 0
jama 雪币： 84 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 8 粉丝 0 关注私信	jama 4 楼 7C92E4F4 > C3 RETN 7C92E4F5 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] 7C92E4FC 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] 7C92E500 > 8D5424 08 LEA EDX,DWORD PTR SS:[ESP+8] 7C92E504 CD 2E INT 2E 7C92E506 C3 RETN 7C92E507 90 NOP 7C92E508 > 55 PUSH EBP 7C92E509 8BEC MOV EBP,ESP 7C92E50B 9C PUSHFD 7C92E50C 81EC D0020000 SUB ESP,2D0 7C92E512 8985 DCFDFFFF MOV DWORD PTR SS:[EBP-224],EAX 7C92E518 898D D8FDFFFF MOV DWORD PTR SS:[EBP-228],ECX 7C92E51E 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 7C92E521 8B4D 04 MOV ECX,DWORD PTR SS:[EBP+4] 7C92E524 8948 0C MOV DWORD PTR DS:[EAX+C],ECX 7C92E527 8D85 2CFDFFFF LEA EAX,DWORD PTR SS:[EBP-2D4] 7C92E52D 8988 B8000000 MOV DWORD PTR DS:[EAX+B8],ECX 7C92E533 8998 A4000000 MOV DWORD PTR DS:[EAX+A4],EBX 7C92E539 8990 A8000000 MOV DWORD PTR DS:[EAX+A8],EDX 7C92E53F 89B0 A0000000 MOV DWORD PTR DS:[EAX+A0],ESI 7C92E545 89B8 9C000000 MOV DWORD PTR DS:[EAX+9C],EDI 7C92E54B 8D4D 0C LEA ECX,DWORD PTR SS:[EBP+C] 7C92E54E 8988 C4000000 MOV DWORD PTR DS:[EAX+C4],ECX 7C92E554 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] 7C92E557 8988 B4000000 MOV DWORD PTR DS:[EAX+B4],ECX 7C92E55D 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] 7C92E560 8988 C0000000 MOV DWORD PTR DS:[EAX+C0],ECX 7C92E566 8C88 BC000000 MOV WORD PTR DS:[EAX+BC],CS 7C92E56C 8C98 98000000 MOV WORD PTR DS:[EAX+98],DS 7C92E572 8C80 94000000 MOV WORD PTR DS:[EAX+94],ES 7C92E578 8CA0 90000000 MOV WORD PTR DS:[EAX+90],FS 7C92E57E 8CA8 8C000000 MOV WORD PTR DS:[EAX+8C],GS 7C92E584 8C90 C8000000 MOV WORD PTR DS:[EAX+C8],SS 7C92E58A C700 07000100 MOV DWORD PTR DS:[EAX],10007 7C92E590 6A 01 PUSH 1 7C92E592 50 PUSH EAX 7C92E593 FF75 08 PUSH DWORD PTR SS:[EBP+8] 7C92E596 E8 F5F3FFFF CALL ntdll.ZwRaiseException 7C92E59B 83EC 20 SUB ESP,20 7C92E59E 890424 MOV DWORD PTR SS:[ESP],EAX 7C92E5A1 C74424 04 01000>MOV DWORD PTR SS:[ESP+4],1 7C92E5A9 C74424 10 00000>MOV DWORD PTR SS:[ESP+10],0 7C92E5B1 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 7C92E5B4 894424 08 MOV DWORD PTR SS:[ESP+8],EAX 7C92E5B8 8BC4 MOV EAX,ESP 7C92E5BA 50 PUSH EAX 7C92E5BB E8 48FFFFFF CALL ntdll.RtlRaiseException 7C92E5C0 CC INT3 7C92E5C1 CC INT3 7C92E5C2 CC INT3 7C92E5C3 CC INT3 7C92E5C4 CC INT3 7C92E5C5 CC INT3 7C92E5C6 > 83EC 0C SUB ESP,0C 7C92E5C9 DD1424 FST QWORD PTR SS:[ESP] 7C92E5CC E8 CAFCFFFF CALL ntdll.7C92E29B 7C92E5D1 E8 0D000000 CALL ntdll.7C92E5E3 7C92E5D6 83C4 0C ADD ESP,0C 7C92E5D9 C3 RETN 7C92E5DA > 8D5424 04 LEA EDX,DWORD PTR SS:[ESP+4] 7C92E5DE E8 75FCFFFF CALL ntdll.7C92E258 7C92E5E3 52 PUSH EDX 7C92E5E4 9B WAIT 7C92E5E5 D93C24 FSTCW WORD PTR SS:[ESP] 7C92E5E8 74 50 JE SHORT ntdll.7C92E63A 7C92E5EA 66:813C24 7F02 CMP WORD PTR SS:[ESP],27F 7C92E5F0 74 06 JE SHORT ntdll.7C92E5F8 7C92E5F2 D92D 5CE7927C FLDCW WORD PTR DS:[7C92E75C] 7C92E5F8 D9FF FCOS 7C92E5FA 9B WAIT 7C92E5FB DFE0 FSTSW AX 7C92E5FD 9E SAHF 7C92E5FE 7A 1D JPE SHORT ntdll.7C92E61D 7C92E600 833D ACB0997C 0>CMP DWORD PTR DS:[7C99B0AC],0 7C92E607 ^ 0F85 A4FCFFFF JNZ ntdll.7C92E2B1 7C92E60D BA 12000000 MOV EDX,12 7C92E612 8D0D 00B0997C LEA ECX,DWORD PTR DS:[7C99B000] 7C92E618 ^ E9 A1FCFFFF JMP ntdll.7C92E2BE 7C92E61D DB2D 74E6927C FLD TBYTE PTR DS:[7C92E674] 7C92E623 D9C9 FXCH ST(1) 7C92E625 D9F5 FPREM1 7C92E627 9B WAIT 7C92E628 DFE0 FSTSW AX 7C92E62A 9E SAHF 7C92E62B 7A F8 JPE SHORT ntdll.7C92E625 7C92E62D DDD9 FSTP ST(1) 7C92E62F D9FF FCOS 7C92E631 ^ EB CD JMP SHORT ntdll.7C92E600 7C92E633 E8 07FCFFFF CALL ntdll.7C92E23F 7C92E638 EB 1B JMP SHORT ntdll.7C92E655 7C92E63A A9 FFFF0F00 TEST EAX,0FFFFF 7C92E63F ^ 75 F2 JNZ SHORT ntdll.7C92E633 7C92E641 837C24 08 00 CMP DWORD PTR SS:[ESP+8],0 7C92E646 ^ 75 EB JNZ SHORT ntdll.7C92E633 7C92E648 DDD8 FSTP ST 7C92E64A DB2D 68B0997C FLD TBYTE PTR DS:[7C99B068] 7C92E650 B8 01000000 MOV EAX,1 7C92E655 833D ACB0997C 0>CMP DWORD PTR DS:[7C99B0AC],0 7C92E65C ^ 0F85 4FFCFFFF JNZ ntdll.7C92E2B1 7C92E662 BA 12000000 MOV EDX,12 7C92E667 8D0D 00B0997C LEA ECX,DWORD PTR DS:[7C99B000] 7C92E66D E8 7DFDFFFF CALL ntdll.7C92E3EF 7C92E672 5A POP EDX 7C92E673 C3 RETN 7C92E674 35 C26821A2 XOR EAX,A22168C2 7C92E679 DA0F FIMUL DWORD PTR DS:[EDI] 7C92E67B C9 LEAVE 7C92E67C 3E:40 INC EAX ; 多余前缀 7C92E67E > EB 18 JMP SHORT ntdll.7C92E698 7C92E680 8BFF MOV EDI,EDI 7C92E682 > EB 00 JMP SHORT ntdll.7C92E684 7C92E684 83EC 0C SUB ESP,0C 7C92E687 DD1424 FST QWORD PTR SS:[ESP] 7C92E68A E8 0CFCFFFF CALL ntdll.7C92E29B 7C92E68F E8 0D000000 CALL ntdll.7C92E6A1 7C92E694 83C4 0C ADD ESP,0C 7C92E697 C3 RETN 7C92E698 8D5424 04 LEA EDX,DWORD PTR SS:[ESP+4] 7C92E69C E8 B7FBFFFF CALL ntdll.7C92E258 7C92E6A1 52 PUSH EDX 7C92E6A2 9B WAIT 7C92E6A3 D93C24 FSTCW WORD PTR SS:[ESP] 7C92E6A6 74 4E JE SHORT ntdll.7C92E6F6 7C92E6A8 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+C] 7C92E6AC 66:813C24 7F02 CMP WORD PTR SS:[ESP],27F 7C92E6B2 74 06 JE SHORT ntdll.7C92E6BA 7C92E6B4 D92D 5CE7927C FLDCW WORD PTR DS:[7C92E75C] 7C92E6BA A9 0000F07F TEST EAX,7FF00000 7C92E6BF 74 60 JE SHORT ntdll.7C92E721 7C92E6C1 A9 00000080 TEST EAX,80000000 7C92E6C6 75 43 JNZ SHORT ntdll.7C92E70B 7C92E6C8 D9ED FLDLN2 7C92E6CA D9C9 FXCH ST(1) 7C92E6CC D9F1 FYL2X 7C92E6CE 833D ACB0997C 0>CMP DWORD PTR DS:[7C99B0AC],0 7C92E6D5 ^ 0F85 D6FBFFFF JNZ ntdll.7C92E2B1 7C92E6DB 8D0D 10B0997C LEA ECX,DWORD PTR DS:[7C99B010] 7C92E6E1 BA 1A000000 MOV EDX,1A 7C92E6E6 ^ E9 D3FBFFFF JMP ntdll.7C92E2BE 7C92E6EB A9 00000080 TEST EAX,80000000 7C92E6F0 ^ 74 D6 JE SHORT ntdll.7C92E6C8 7C92E6F2 EB 17 JMP SHORT ntdll.7C92E70B 7C92E6F4 ^ EB D2 JMP SHORT ntdll.7C92E6C8 7C92E6F6 A9 FFFF0F00 TEST EAX,0FFFFF 7C92E6FB 75 1D JNZ SHORT ntdll.7C92E71A 7C92E6FD 837C24 08 00 CMP DWORD PTR SS:[ESP+8],0 7C92E702 75 16 JNZ SHORT ntdll.7C92E71A 7C92E704 25 00000080 AND EAX,80000000 7C92E709 ^ 74 C3 JE SHORT ntdll.7C92E6CE 7C92E70B DDD8 FSTP ST 7C92E70D DB2D 68B0997C FLD TBYTE PTR DS:[7C99B068] 7C92E713 B8 01000000 MOV EAX,1 7C92E718 EB 22 JMP SHORT ntdll.7C92E73C 7C92E71A E8 20FBFFFF CALL ntdll.7C92E23F 7C92E71F EB 1B JMP SHORT ntdll.7C92E73C 7C92E721 A9 FFFF0F00 TEST EAX,0FFFFF 7C92E726 ^ 75 C3 JNZ SHORT ntdll.7C92E6EB 7C92E728 837C24 08 00 CMP DWORD PTR SS:[ESP+8],0 7C92E72D ^ 75 BC JNZ SHORT ntdll.7C92E6EB 7C92E72F DDD8 FSTP ST 7C92E731 DB2D 8AB0997C FLD TBYTE PTR DS:[7C99B08A] 7C92E737 B8 02000000 MOV EAX,2 7C92E73C 833D ACB0997C 0>CMP DWORD PTR DS:[7C99B0AC],0 7C92E743 ^ 0F85 68FBFFFF JNZ ntdll.7C92E2B1 7C92E749 8D0D 10B0997C LEA ECX,DWORD PTR DS:[7C99B010] 7C92E74F BA 1A000000 MOV EDX,1A 7C92E754 E8 96FCFFFF CALL ntdll.7C92E3EF 7C92E759 5A POP EDX 7C92E75A C3 RETN 7C92E75B 90 NOP 7C92E75C 7F 02 JG SHORT ntdll.7C92E760 7C92E75E > 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8] 7C92E762 57 PUSH EDI 7C92E763 53 PUSH EBX 7C92E764 56 PUSH ESI 7C92E765 8A11 MOV DL,BYTE PTR DS:[ECX] 7C92E767 8B7C24 10 MOV EDI,DWORD PTR SS:[ESP+10] 7C92E76B 84D2 TEST DL,DL 7C92E76D 74 68 JE SHORT ntdll.7C92E7D7 7C92E76F 8A71 01 MOV DH,BYTE PTR DS:[ECX+1] 7C92E772 84F6 TEST DH,DH 7C92E774 74 51 JE SHORT ntdll.7C92E7C7 7C92E776 8BF7 MOV ESI,EDI 7C92E778 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14] 7C92E77C 8A07 MOV AL,BYTE PTR DS:[EDI] 7C92E77E 46 INC ESI 7C92E77F 3AC2 CMP AL,DL 7C92E781 74 15 JE SHORT ntdll.7C92E798 7C92E783 84C0 TEST AL,AL 7C92E785 74 0B JE SHORT ntdll.7C92E792 7C92E787 8A06 MOV AL,BYTE PTR DS:[ESI] 7C92E789 46 INC ESI 7C92E78A 3AC2 CMP AL,DL 7C92E78C 74 0A JE SHORT ntdll.7C92E798 7C92E78E 84C0 TEST AL,AL 7C92E790 ^ 75 F5 JNZ SHORT ntdll.7C92E787 7C92E792 5E POP ESI 7C92E793 5B POP EBX 7C92E794 5F POP EDI 7C92E795 33C0 XOR EAX,EAX 7C92E797 C3 RETN 7C92E798 8A06 MOV AL,BYTE PTR DS:[ESI] 7C92E79A 46 INC ESI 7C92E79B 3AC6 CMP AL,DH 7C92E79D ^ 75 EB JNZ SHORT ntdll.7C92E78A 7C92E79F 8D7E FF LEA EDI,DWORD PTR DS:[ESI-1] 7C92E7A2 8A61 02 MOV AH,BYTE PTR DS:[ECX+2] 7C92E7A5 84E4 TEST AH,AH 7C92E7A7 74 27 JE SHORT ntdll.7C92E7D0 7C92E7A9 8A06 MOV AL,BYTE PTR DS:[ESI] 7C92E7AB 83C6 02 ADD ESI,2 7C92E7AE 3AC4 CMP AL,AH 7C92E7B0 ^ 75 C4 JNZ SHORT ntdll.7C92E776 7C92E7B2 8A41 03 MOV AL,BYTE PTR DS:[ECX+3] 7C92E7B5 84C0 TEST AL,AL 7C92E7B7 74 17 JE SHORT ntdll.7C92E7D0 7C92E7B9 8A66 FF MOV AH,BYTE PTR DS:[ESI-1] 7C92E7BC 83C1 02 ADD ECX,2 7C92E7BF 3AC4 CMP AL,AH 7C92E7C1 ^ 75 B3 JNZ SHORT ntdll.7C92E776 7C92E7C3 ^ EB DD JMP SHORT ntdll.7C92E7A2 7C92E7C5 ^ EB AF JMP SHORT ntdll.7C92E776 7C92E7C7 33C0 XOR EAX,EAX 7C92E7C9 5E POP ESI 7C92E7CA 5B POP EBX 7C92E7CB 5F POP EDI 7C92E7CC 8AC2 MOV AL,DL 7C92E7CE EB 23 JMP SHORT ntdll.7C92E7F3 7C92E7D0 8D47 FF LEA EAX,DWORD PTR DS:[EDI-1] 7C92E7D3 5E POP ESI 7C92E7D4 5B POP EBX 7C92E7D5 5F POP EDI 7C92E7D6 C3 RETN 7C92E7D7 8BC7 MOV EAX,EDI 7C92E7D9 5E POP ESI 7C92E7DA 5B POP EBX 7C92E7DB 5F POP EDI 7C92E7DC C3 RETN 7C92E7DD 8D42 FF LEA EAX,DWORD PTR DS:[EDX-1] 7C92E7E0 5B POP EBX 7C92E7E1 C3 RETN 7C92E7E2 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] 7C92E7E9 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] 7C92E7ED > 33C0 XOR EAX,EAX 7C92E7EF 8A4424 08 MOV AL,BYTE PTR SS:[ESP+8] 7C92E7F3 53 PUSH EBX 7C92E7F4 8BD8 MOV EBX,EAX 7C92E7F6 C1E0 08 SHL EAX,8 7C92E7F9 8B5424 08 MOV EDX,DWORD PTR SS:[ESP+8] 7C92E7FD F7C2 03000000 TEST EDX,3 7C92E803 74 13 JE SHORT ntdll.7C92E818 7C92E805 8A0A MOV CL,BYTE PTR DS:[EDX] 7C92E807 42 INC EDX 7C92E808 3ACB CMP CL,BL 7C92E80A ^ 74 D1 JE SHORT ntdll.7C92E7DD 7C92E80C 84C9 TEST CL,CL 7C92E80E 74 51 JE SHORT ntdll.7C92E861 7C92E810 F7C2 03000000 TEST EDX,3 7C92E816 ^ 75 ED JNZ SHORT ntdll.7C92E805 7C92E818 0BD8 OR EBX,EAX 7C92E81A 57 PUSH EDI 7C92E81B 8BC3 MOV EAX,EBX 7C92E81D C1E3 10 SHL EBX,10 7C92E820 56 PUSH ESI 7C92E821 0BD8 OR EBX,EAX 7C92E823 8B0A MOV ECX,DWORD PTR DS:[EDX] 7C92E825 BF FFFEFE7E MOV EDI,7EFEFEFF 7C92E82A 8BC1 MOV EAX,ECX 7C92E82C 8BF7 MOV ESI,EDI 7C92E82E 33CB XOR ECX,EBX 7C92E830 03F0 ADD ESI,EAX 7C92E832 03F9 ADD EDI,ECX 7C92E834 83F1 FF XOR ECX,FFFFFFFF 7C92E837 83F0 FF XOR EAX,FFFFFFFF 7C92E83A 33CF XOR ECX,EDI 7C92E83C 33C6 XOR EAX,ESI 7C92E83E 83C2 04 ADD EDX,4 7C92E841 81E1 00010181 AND ECX,81010100 7C92E847 75 1C JNZ SHORT ntdll.7C92E865 7C92E849 25 00010181 AND EAX,81010100 7C92E84E ^ 74 D3 JE SHORT ntdll.7C92E823 7C92E850 25 00010101 AND EAX,1010100 7C92E855 75 08 JNZ SHORT ntdll.7C92E85F 7C92E857 81E6 00000080 AND ESI,80000000 7C92E85D ^ 75 C4 JNZ SHORT ntdll.7C92E823 7C92E85F 5E POP ESI 7C92E860 5F POP EDI 7C92E861 5B POP EBX 7C92E862 33C0 XOR EAX,EAX 7C92E864 C3 RETN 7C92E865 8B42 FC MOV EAX,DWORD PTR DS:[EDX-4] 7C92E868 3AC3 CMP AL,BL 7C92E86A 74 38 JE SHORT ntdll.7C92E8A4 7C92E86C 84C0 TEST AL,AL 7C92E86E ^ 74 EF JE SHORT ntdll.7C92E85F 7C92E870 3AE3 CMP AH,BL 7C92E872 74 29 JE SHORT ntdll.7C92E89D 7C92E874 84E4 TEST AH,AH 7C92E876 ^ 74 E7 JE SHORT ntdll.7C92E85F 7C92E878 C1E8 10 SHR EAX,10 7C92E87B 3AC3 CMP AL,BL 7C92E87D 74 17 JE SHORT ntdll.7C92E896 7C92E87F 84C0 TEST AL,AL 7C92E881 ^ 74 DC JE SHORT ntdll.7C92E85F 7C92E883 3AE3 CMP AH,BL 7C92E885 74 08 JE SHORT ntdll.7C92E88F 7C92E887 84E4 TEST AH,AH 7C92E889 ^ 75 98 JNZ SHORT ntdll.7C92E823 7C92E88B ^ EB D2 JMP SHORT ntdll.7C92E85F 7C92E88D ^ EB 94 JMP SHORT ntdll.7C92E823 7C92E88F 5E POP ESI 7C92E890 5F POP EDI 7C92E891 8D42 FF LEA EAX,DWORD PTR DS:[EDX-1] 7C92E894 5B POP EBX 7C92E895 C3 RETN 7C92E896 8D42 FE LEA EAX,DWORD PTR DS:[EDX-2] 7C92E899 5E POP ESI 7C92E89A 5F POP EDI 7C92E89B 5B POP EBX 7C92E89C C3 RETN 7C92E89D 8D42 FD LEA EAX,DWORD PTR DS:[EDX-3] 7C92E8A0 5E POP ESI 7C92E8A1 5F POP EDI 7C92E8A2 5B POP EBX 7C92E8A3 C3 RETN 7C92E8A4 8D42 FC LEA EAX,DWORD PTR DS:[EDX-4] 7C92E8A7 5E POP ESI 7C92E8A8 5F POP EDI 7C92E8A9 5B POP EBX 7C92E8AA C3 RETN 7C92E8AB 68 00E9927C PUSH ntdll.7C92E900 7C92E8B0 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 7C92E8B6 50 PUSH EAX 7C92E8B7 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10] 7C92E8BB 896C24 10 MOV DWORD PTR SS:[ESP+10],EBP 7C92E8BF 8D6C24 10 LEA EBP,DWORD PTR SS:[ESP+10] 7C92E8C3 2BE0 SUB ESP,EAX 7C92E8C5 53 PUSH EBX 7C92E8C6 56 PUSH ESI 7C92E8C7 57 PUSH EDI 7C92E8C8 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 7C92E8CB 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP 7C92E8CE 50 PUSH EAX 7C92E8CF 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 7C92E8D2 C745 FC FFFFFFF>MOV DWORD PTR SS:[EBP-4],-1 7C92E8D9 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX 7C92E8DC 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10] 7C92E8DF 64:A3 00000000 MOV DWORD PTR FS:[0],EAX 7C92E8E5 C3 RETN 7C92E8E6 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] 7C92E8E9 64:890D 0000000>MOV DWORD PTR FS:[0],ECX 7C92E8F0 59 POP ECX 7C92E8F1 5F POP EDI 7C92E8F2 5E POP ESI 7C92E8F3 5B POP EBX 7C92E8F4 C9 LEAVE 7C92E8F5 51 PUSH ECX 7C92E8F6 C3 RETN 7C92E8F7 90 NOP 7C92E8F8 56 PUSH ESI 7C92E8F9 43 INC EBX 7C92E8FA 3230 XOR DH,BYTE PTR DS:[EAX] 7C92E8FC 58 POP EAX 7C92E8FD 43 INC EBX 7C92E8FE 3030 XOR BYTE PTR DS:[EAX],DH 7C92E900 55 PUSH EBP 7C92E901 8BEC MOV EBP,ESP 7C92E903 83EC 08 SUB ESP,8 7C92E906 53 PUSH EBX 7C92E907 56 PUSH ESI 7C92E908 57 PUSH EDI 7C92E909 55 PUSH EBP 7C92E90A FC CLD 7C92E90B 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+C] 7C92E90E 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 7C92E911 F740 04 0600000>TEST DWORD PTR DS:[EAX+4],6 7C92E918 0F85 AB000000 JNZ ntdll.7C92E9C9 7C92E91E 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX 7C92E921 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10] 7C92E924 8945 FC MOV DWORD PTR SS:[EBP-4],EAX 7C92E927 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8] 7C92E92A 8943 FC MOV DWORD PTR DS:[EBX-4],EAX 7C92E92D 8B73 0C MOV ESI,DWORD PTR DS:[EBX+C] 7C92E930 8B7B 08 MOV EDI,DWORD PTR DS:[EBX+8] 7C92E933 53 PUSH EBX 7C92E934 E8 BB9A0200 CALL ntdll.7C9583F4 7C92E939 83C4 04 ADD ESP,4 7C92E93C 0BC0 OR EAX,EAX 7C92E93E 74 7B JE SHORT ntdll.7C92E9BB 7C92E940 83FE FF CMP ESI,-1 7C92E943 74 7D JE SHORT ntdll.7C92E9C2 7C92E945 8D0C76 LEA ECX,DWORD PTR DS:[ESI+ESI2] 7C92E948 8B448F 04 MOV EAX,DWORD PTR DS:[EDI+ECX4+4] 7C92E94C 0BC0 OR EAX,EAX 7C92E94E 74 59 JE SHORT ntdll.7C92E9A9 7C92E950 56 PUSH ESI 7C92E951 55 PUSH EBP 7C92E952 8D6B 10 LEA EBP,DWORD PTR DS:[EBX+10] 7C92E955 33DB XOR EBX,EBX 7C92E957 33C9 XOR ECX,ECX 7C92E959 33D2 XOR EDX,EDX 7C92E95B 33F6 XOR ESI,ESI 7C92E95D 33FF XOR EDI,EDI 7C92E95F FFD0 CALL EAX 7C92E961 5D POP EBP 7C92E962 5E POP ESI 7C92E963 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+C] 7C92E966 0BC0 OR EAX,EAX 7C92E968 74 3F JE SHORT ntdll.7C92E9A9 7C92E96A 78 48 JS SHORT ntdll.7C92E9B4 7C92E96C 8B7B 08 MOV EDI,DWORD PTR DS:[EBX+8] 7C92E96F 53 PUSH EBX 7C92E970 E8 8C000000 CALL ntdll.7C92EA01 7C92E975 83C4 04 ADD ESP,4 7C92E978 8D6B 10 LEA EBP,DWORD PTR DS:[EBX+10] 7C92E97B 56 PUSH ESI 7C92E97C 53 PUSH EBX 7C92E97D E8 DA000000 CALL ntdll.7C92EA5C 7C92E982 83C4 08 ADD ESP,8 7C92E985 8D0C76 LEA ECX,DWORD PTR DS:[ESI+ESI2] 7C92E988 6A 01 PUSH 1 7C92E98A 8B448F 08 MOV EAX,DWORD PTR DS:[EDI+ECX4+8] 7C92E98E E8 65010000 CALL ntdll.7C92EAF8 7C92E993 8B048F MOV EAX,DWORD PTR DS:[EDI+ECX4] 7C92E996 8943 0C MOV DWORD PTR DS:[EBX+C],EAX 7C92E999 8B448F 08 MOV EAX,DWORD PTR DS:[EDI+ECX4+8] 7C92E99D 33DB XOR EBX,EBX 7C92E99F 33C9 XOR ECX,ECX 7C92E9A1 33D2 XOR EDX,EDX 7C92E9A3 33F6 XOR ESI,ESI 7C92E9A5 33FF XOR EDI,EDI 7C92E9A7 FFD0 CALL EAX 7C92E9A9 8B7B 08 MOV EDI,DWORD PTR DS:[EBX+8] 7C92E9AC 8D0C76 LEA ECX,DWORD PTR DS:[ESI+ESI2] 7C92E9AF 8B348F MOV ESI,DWORD PTR DS:[EDI+ECX4] 7C92E9B2 ^ EB 8C JMP SHORT ntdll.7C92E940 7C92E9B4 B8 00000000 MOV EAX,0 7C92E9B9 EB 23 JMP SHORT ntdll.7C92E9DE 7C92E9BB 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 2009-11-27 09:16 0
风随雨行雪币： 2523 活跃值： (520) 能力值： ( LV4，RANK：50 ) 在线值：发帖 3 回帖 604 粉丝 1 关注私信	风随雨行 1 5 楼直接昏厥了…… 你进到系统领空了，大家估计让你进的是那个红色高亮的CALL 2009-11-27 10:19 0
xupeihua 雪币： 19 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 414 粉丝 0 关注私信	xupeihua 6 楼帮楼主顶，可能楼主没描述清楚吧，我看楼上几位都挺牛的 2009-11-27 11:32 0
怀恋深秋雪币： 1 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 3 粉丝 0 关注私信	怀恋深秋 7 楼我还没晕倒，，呵呵 2009-11-28 07:41 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

jama

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (6)
轩辕小聪雪币： 722 活跃值： (123) 能力值： ( LV12，RANK：300 ) 在线值：发帖 10 回帖 547 粉丝 5 关注私信	轩辕小聪 7 2 楼拜托，你贴出来的只是软件入口点代码，是VC的标准入口代码，这个标准入口代码可以说跟软件真正的功能一点关系都没有，真正的功能就是要call进去才能看出来的。如果你连这一点都不懂，那你还是好好学一点基础再说吧，要不然就算这次有人帮你搞定了，你也不懂是怎么搞定的。 2009-11-27 02:45 0
xianxian 雪币： 184 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 4 粉丝 0 关注私信	xianxian 3 楼进call看下 2009-11-27 03:19 0
jama 雪币： 84 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 8 粉丝 0 关注私信	jama 4 楼 7C92E4F4 > C3 RETN 7C92E4F5 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] 7C92E4FC 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] 7C92E500 > 8D5424 08 LEA EDX,DWORD PTR SS:[ESP+8] 7C92E504 CD 2E INT 2E 7C92E506 C3 RETN 7C92E507 90 NOP 7C92E508 > 55 PUSH EBP 7C92E509 8BEC MOV EBP,ESP 7C92E50B 9C PUSHFD 7C92E50C 81EC D0020000 SUB ESP,2D0 7C92E512 8985 DCFDFFFF MOV DWORD PTR SS:[EBP-224],EAX 7C92E518 898D D8FDFFFF MOV DWORD PTR SS:[EBP-228],ECX 7C92E51E 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 7C92E521 8B4D 04 MOV ECX,DWORD PTR SS:[EBP+4] 7C92E524 8948 0C MOV DWORD PTR DS:[EAX+C],ECX 7C92E527 8D85 2CFDFFFF LEA EAX,DWORD PTR SS:[EBP-2D4] 7C92E52D 8988 B8000000 MOV DWORD PTR DS:[EAX+B8],ECX 7C92E533 8998 A4000000 MOV DWORD PTR DS:[EAX+A4],EBX 7C92E539 8990 A8000000 MOV DWORD PTR DS:[EAX+A8],EDX 7C92E53F 89B0 A0000000 MOV DWORD PTR DS:[EAX+A0],ESI 7C92E545 89B8 9C000000 MOV DWORD PTR DS:[EAX+9C],EDI 7C92E54B 8D4D 0C LEA ECX,DWORD PTR SS:[EBP+C] 7C92E54E 8988 C4000000 MOV DWORD PTR DS:[EAX+C4],ECX 7C92E554 8B4D 00 MOV ECX,DWORD PTR SS:[EBP] 7C92E557 8988 B4000000 MOV DWORD PTR DS:[EAX+B4],ECX 7C92E55D 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] 7C92E560 8988 C0000000 MOV DWORD PTR DS:[EAX+C0],ECX 7C92E566 8C88 BC000000 MOV WORD PTR DS:[EAX+BC],CS 7C92E56C 8C98 98000000 MOV WORD PTR DS:[EAX+98],DS 7C92E572 8C80 94000000 MOV WORD PTR DS:[EAX+94],ES 7C92E578 8CA0 90000000 MOV WORD PTR DS:[EAX+90],FS 7C92E57E 8CA8 8C000000 MOV WORD PTR DS:[EAX+8C],GS 7C92E584 8C90 C8000000 MOV WORD PTR DS:[EAX+C8],SS 7C92E58A C700 07000100 MOV DWORD PTR DS:[EAX],10007 7C92E590 6A 01 PUSH 1 7C92E592 50 PUSH EAX 7C92E593 FF75 08 PUSH DWORD PTR SS:[EBP+8] 7C92E596 E8 F5F3FFFF CALL ntdll.ZwRaiseException 7C92E59B 83EC 20 SUB ESP,20 7C92E59E 890424 MOV DWORD PTR SS:[ESP],EAX 7C92E5A1 C74424 04 01000>MOV DWORD PTR SS:[ESP+4],1 7C92E5A9 C74424 10 00000>MOV DWORD PTR SS:[ESP+10],0 7C92E5B1 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 7C92E5B4 894424 08 MOV DWORD PTR SS:[ESP+8],EAX 7C92E5B8 8BC4 MOV EAX,ESP 7C92E5BA 50 PUSH EAX 7C92E5BB E8 48FFFFFF CALL ntdll.RtlRaiseException 7C92E5C0 CC INT3 7C92E5C1 CC INT3 7C92E5C2 CC INT3 7C92E5C3 CC INT3 7C92E5C4 CC INT3 7C92E5C5 CC INT3 7C92E5C6 > 83EC 0C SUB ESP,0C 7C92E5C9 DD1424 FST QWORD PTR SS:[ESP] 7C92E5CC E8 CAFCFFFF CALL ntdll.7C92E29B 7C92E5D1 E8 0D000000 CALL ntdll.7C92E5E3 7C92E5D6 83C4 0C ADD ESP,0C 7C92E5D9 C3 RETN 7C92E5DA > 8D5424 04 LEA EDX,DWORD PTR SS:[ESP+4] 7C92E5DE E8 75FCFFFF CALL ntdll.7C92E258 7C92E5E3 52 PUSH EDX 7C92E5E4 9B WAIT 7C92E5E5 D93C24 FSTCW WORD PTR SS:[ESP] 7C92E5E8 74 50 JE SHORT ntdll.7C92E63A 7C92E5EA 66:813C24 7F02 CMP WORD PTR SS:[ESP],27F 7C92E5F0 74 06 JE SHORT ntdll.7C92E5F8 7C92E5F2 D92D 5CE7927C FLDCW WORD PTR DS:[7C92E75C] 7C92E5F8 D9FF FCOS 7C92E5FA 9B WAIT 7C92E5FB DFE0 FSTSW AX 7C92E5FD 9E SAHF 7C92E5FE 7A 1D JPE SHORT ntdll.7C92E61D 7C92E600 833D ACB0997C 0>CMP DWORD PTR DS:[7C99B0AC],0 7C92E607 ^ 0F85 A4FCFFFF JNZ ntdll.7C92E2B1 7C92E60D BA 12000000 MOV EDX,12 7C92E612 8D0D 00B0997C LEA ECX,DWORD PTR DS:[7C99B000] 7C92E618 ^ E9 A1FCFFFF JMP ntdll.7C92E2BE 7C92E61D DB2D 74E6927C FLD TBYTE PTR DS:[7C92E674] 7C92E623 D9C9 FXCH ST(1) 7C92E625 D9F5 FPREM1 7C92E627 9B WAIT 7C92E628 DFE0 FSTSW AX 7C92E62A 9E SAHF 7C92E62B 7A F8 JPE SHORT ntdll.7C92E625 7C92E62D DDD9 FSTP ST(1) 7C92E62F D9FF FCOS 7C92E631 ^ EB CD JMP SHORT ntdll.7C92E600 7C92E633 E8 07FCFFFF CALL ntdll.7C92E23F 7C92E638 EB 1B JMP SHORT ntdll.7C92E655 7C92E63A A9 FFFF0F00 TEST EAX,0FFFFF 7C92E63F ^ 75 F2 JNZ SHORT ntdll.7C92E633 7C92E641 837C24 08 00 CMP DWORD PTR SS:[ESP+8],0 7C92E646 ^ 75 EB JNZ SHORT ntdll.7C92E633 7C92E648 DDD8 FSTP ST 7C92E64A DB2D 68B0997C FLD TBYTE PTR DS:[7C99B068] 7C92E650 B8 01000000 MOV EAX,1 7C92E655 833D ACB0997C 0>CMP DWORD PTR DS:[7C99B0AC],0 7C92E65C ^ 0F85 4FFCFFFF JNZ ntdll.7C92E2B1 7C92E662 BA 12000000 MOV EDX,12 7C92E667 8D0D 00B0997C LEA ECX,DWORD PTR DS:[7C99B000] 7C92E66D E8 7DFDFFFF CALL ntdll.7C92E3EF 7C92E672 5A POP EDX 7C92E673 C3 RETN 7C92E674 35 C26821A2 XOR EAX,A22168C2 7C92E679 DA0F FIMUL DWORD PTR DS:[EDI] 7C92E67B C9 LEAVE 7C92E67C 3E:40 INC EAX ; 多余前缀 7C92E67E > EB 18 JMP SHORT ntdll.7C92E698 7C92E680 8BFF MOV EDI,EDI 7C92E682 > EB 00 JMP SHORT ntdll.7C92E684 7C92E684 83EC 0C SUB ESP,0C 7C92E687 DD1424 FST QWORD PTR SS:[ESP] 7C92E68A E8 0CFCFFFF CALL ntdll.7C92E29B 7C92E68F E8 0D000000 CALL ntdll.7C92E6A1 7C92E694 83C4 0C ADD ESP,0C 7C92E697 C3 RETN 7C92E698 8D5424 04 LEA EDX,DWORD PTR SS:[ESP+4] 7C92E69C E8 B7FBFFFF CALL ntdll.7C92E258 7C92E6A1 52 PUSH EDX 7C92E6A2 9B WAIT 7C92E6A3 D93C24 FSTCW WORD PTR SS:[ESP] 7C92E6A6 74 4E JE SHORT ntdll.7C92E6F6 7C92E6A8 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+C] 7C92E6AC 66:813C24 7F02 CMP WORD PTR SS:[ESP],27F 7C92E6B2 74 06 JE SHORT ntdll.7C92E6BA 7C92E6B4 D92D 5CE7927C FLDCW WORD PTR DS:[7C92E75C] 7C92E6BA A9 0000F07F TEST EAX,7FF00000 7C92E6BF 74 60 JE SHORT ntdll.7C92E721 7C92E6C1 A9 00000080 TEST EAX,80000000 7C92E6C6 75 43 JNZ SHORT ntdll.7C92E70B 7C92E6C8 D9ED FLDLN2 7C92E6CA D9C9 FXCH ST(1) 7C92E6CC D9F1 FYL2X 7C92E6CE 833D ACB0997C 0>CMP DWORD PTR DS:[7C99B0AC],0 7C92E6D5 ^ 0F85 D6FBFFFF JNZ ntdll.7C92E2B1 7C92E6DB 8D0D 10B0997C LEA ECX,DWORD PTR DS:[7C99B010] 7C92E6E1 BA 1A000000 MOV EDX,1A 7C92E6E6 ^ E9 D3FBFFFF JMP ntdll.7C92E2BE 7C92E6EB A9 00000080 TEST EAX,80000000 7C92E6F0 ^ 74 D6 JE SHORT ntdll.7C92E6C8 7C92E6F2 EB 17 JMP SHORT ntdll.7C92E70B 7C92E6F4 ^ EB D2 JMP SHORT ntdll.7C92E6C8 7C92E6F6 A9 FFFF0F00 TEST EAX,0FFFFF 7C92E6FB 75 1D JNZ SHORT ntdll.7C92E71A 7C92E6FD 837C24 08 00 CMP DWORD PTR SS:[ESP+8],0 7C92E702 75 16 JNZ SHORT ntdll.7C92E71A 7C92E704 25 00000080 AND EAX,80000000 7C92E709 ^ 74 C3 JE SHORT ntdll.7C92E6CE 7C92E70B DDD8 FSTP ST 7C92E70D DB2D 68B0997C FLD TBYTE PTR DS:[7C99B068] 7C92E713 B8 01000000 MOV EAX,1 7C92E718 EB 22 JMP SHORT ntdll.7C92E73C 7C92E71A E8 20FBFFFF CALL ntdll.7C92E23F 7C92E71F EB 1B JMP SHORT ntdll.7C92E73C 7C92E721 A9 FFFF0F00 TEST EAX,0FFFFF 7C92E726 ^ 75 C3 JNZ SHORT ntdll.7C92E6EB 7C92E728 837C24 08 00 CMP DWORD PTR SS:[ESP+8],0 7C92E72D ^ 75 BC JNZ SHORT ntdll.7C92E6EB 7C92E72F DDD8 FSTP ST 7C92E731 DB2D 8AB0997C FLD TBYTE PTR DS:[7C99B08A] 7C92E737 B8 02000000 MOV EAX,2 7C92E73C 833D ACB0997C 0>CMP DWORD PTR DS:[7C99B0AC],0 7C92E743 ^ 0F85 68FBFFFF JNZ ntdll.7C92E2B1 7C92E749 8D0D 10B0997C LEA ECX,DWORD PTR DS:[7C99B010] 7C92E74F BA 1A000000 MOV EDX,1A 7C92E754 E8 96FCFFFF CALL ntdll.7C92E3EF 7C92E759 5A POP EDX 7C92E75A C3 RETN 7C92E75B 90 NOP 7C92E75C 7F 02 JG SHORT ntdll.7C92E760 7C92E75E > 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8] 7C92E762 57 PUSH EDI 7C92E763 53 PUSH EBX 7C92E764 56 PUSH ESI 7C92E765 8A11 MOV DL,BYTE PTR DS:[ECX] 7C92E767 8B7C24 10 MOV EDI,DWORD PTR SS:[ESP+10] 7C92E76B 84D2 TEST DL,DL 7C92E76D 74 68 JE SHORT ntdll.7C92E7D7 7C92E76F 8A71 01 MOV DH,BYTE PTR DS:[ECX+1] 7C92E772 84F6 TEST DH,DH 7C92E774 74 51 JE SHORT ntdll.7C92E7C7 7C92E776 8BF7 MOV ESI,EDI 7C92E778 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14] 7C92E77C 8A07 MOV AL,BYTE PTR DS:[EDI] 7C92E77E 46 INC ESI 7C92E77F 3AC2 CMP AL,DL 7C92E781 74 15 JE SHORT ntdll.7C92E798 7C92E783 84C0 TEST AL,AL 7C92E785 74 0B JE SHORT ntdll.7C92E792 7C92E787 8A06 MOV AL,BYTE PTR DS:[ESI] 7C92E789 46 INC ESI 7C92E78A 3AC2 CMP AL,DL 7C92E78C 74 0A JE SHORT ntdll.7C92E798 7C92E78E 84C0 TEST AL,AL 7C92E790 ^ 75 F5 JNZ SHORT ntdll.7C92E787 7C92E792 5E POP ESI 7C92E793 5B POP EBX 7C92E794 5F POP EDI 7C92E795 33C0 XOR EAX,EAX 7C92E797 C3 RETN 7C92E798 8A06 MOV AL,BYTE PTR DS:[ESI] 7C92E79A 46 INC ESI 7C92E79B 3AC6 CMP AL,DH 7C92E79D ^ 75 EB JNZ SHORT ntdll.7C92E78A 7C92E79F 8D7E FF LEA EDI,DWORD PTR DS:[ESI-1] 7C92E7A2 8A61 02 MOV AH,BYTE PTR DS:[ECX+2] 7C92E7A5 84E4 TEST AH,AH 7C92E7A7 74 27 JE SHORT ntdll.7C92E7D0 7C92E7A9 8A06 MOV AL,BYTE PTR DS:[ESI] 7C92E7AB 83C6 02 ADD ESI,2 7C92E7AE 3AC4 CMP AL,AH 7C92E7B0 ^ 75 C4 JNZ SHORT ntdll.7C92E776 7C92E7B2 8A41 03 MOV AL,BYTE PTR DS:[ECX+3] 7C92E7B5 84C0 TEST AL,AL 7C92E7B7 74 17 JE SHORT ntdll.7C92E7D0 7C92E7B9 8A66 FF MOV AH,BYTE PTR DS:[ESI-1] 7C92E7BC 83C1 02 ADD ECX,2 7C92E7BF 3AC4 CMP AL,AH 7C92E7C1 ^ 75 B3 JNZ SHORT ntdll.7C92E776 7C92E7C3 ^ EB DD JMP SHORT ntdll.7C92E7A2 7C92E7C5 ^ EB AF JMP SHORT ntdll.7C92E776 7C92E7C7 33C0 XOR EAX,EAX 7C92E7C9 5E POP ESI 7C92E7CA 5B POP EBX 7C92E7CB 5F POP EDI 7C92E7CC 8AC2 MOV AL,DL 7C92E7CE EB 23 JMP SHORT ntdll.7C92E7F3 7C92E7D0 8D47 FF LEA EAX,DWORD PTR DS:[EDI-1] 7C92E7D3 5E POP ESI 7C92E7D4 5B POP EBX 7C92E7D5 5F POP EDI 7C92E7D6 C3 RETN 7C92E7D7 8BC7 MOV EAX,EDI 7C92E7D9 5E POP ESI 7C92E7DA 5B POP EBX 7C92E7DB 5F POP EDI 7C92E7DC C3 RETN 7C92E7DD 8D42 FF LEA EAX,DWORD PTR DS:[EDX-1] 7C92E7E0 5B POP EBX 7C92E7E1 C3 RETN 7C92E7E2 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] 7C92E7E9 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] 7C92E7ED > 33C0 XOR EAX,EAX 7C92E7EF 8A4424 08 MOV AL,BYTE PTR SS:[ESP+8] 7C92E7F3 53 PUSH EBX 7C92E7F4 8BD8 MOV EBX,EAX 7C92E7F6 C1E0 08 SHL EAX,8 7C92E7F9 8B5424 08 MOV EDX,DWORD PTR SS:[ESP+8] 7C92E7FD F7C2 03000000 TEST EDX,3 7C92E803 74 13 JE SHORT ntdll.7C92E818 7C92E805 8A0A MOV CL,BYTE PTR DS:[EDX] 7C92E807 42 INC EDX 7C92E808 3ACB CMP CL,BL 7C92E80A ^ 74 D1 JE SHORT ntdll.7C92E7DD 7C92E80C 84C9 TEST CL,CL 7C92E80E 74 51 JE SHORT ntdll.7C92E861 7C92E810 F7C2 03000000 TEST EDX,3 7C92E816 ^ 75 ED JNZ SHORT ntdll.7C92E805 7C92E818 0BD8 OR EBX,EAX 7C92E81A 57 PUSH EDI 7C92E81B 8BC3 MOV EAX,EBX 7C92E81D C1E3 10 SHL EBX,10 7C92E820 56 PUSH ESI 7C92E821 0BD8 OR EBX,EAX 7C92E823 8B0A MOV ECX,DWORD PTR DS:[EDX] 7C92E825 BF FFFEFE7E MOV EDI,7EFEFEFF 7C92E82A 8BC1 MOV EAX,ECX 7C92E82C 8BF7 MOV ESI,EDI 7C92E82E 33CB XOR ECX,EBX 7C92E830 03F0 ADD ESI,EAX 7C92E832 03F9 ADD EDI,ECX 7C92E834 83F1 FF XOR ECX,FFFFFFFF 7C92E837 83F0 FF XOR EAX,FFFFFFFF 7C92E83A 33CF XOR ECX,EDI 7C92E83C 33C6 XOR EAX,ESI 7C92E83E 83C2 04 ADD EDX,4 7C92E841 81E1 00010181 AND ECX,81010100 7C92E847 75 1C JNZ SHORT ntdll.7C92E865 7C92E849 25 00010181 AND EAX,81010100 7C92E84E ^ 74 D3 JE SHORT ntdll.7C92E823 7C92E850 25 00010101 AND EAX,1010100 7C92E855 75 08 JNZ SHORT ntdll.7C92E85F 7C92E857 81E6 00000080 AND ESI,80000000 7C92E85D ^ 75 C4 JNZ SHORT ntdll.7C92E823 7C92E85F 5E POP ESI 7C92E860 5F POP EDI 7C92E861 5B POP EBX 7C92E862 33C0 XOR EAX,EAX 7C92E864 C3 RETN 7C92E865 8B42 FC MOV EAX,DWORD PTR DS:[EDX-4] 7C92E868 3AC3 CMP AL,BL 7C92E86A 74 38 JE SHORT ntdll.7C92E8A4 7C92E86C 84C0 TEST AL,AL 7C92E86E ^ 74 EF JE SHORT ntdll.7C92E85F 7C92E870 3AE3 CMP AH,BL 7C92E872 74 29 JE SHORT ntdll.7C92E89D 7C92E874 84E4 TEST AH,AH 7C92E876 ^ 74 E7 JE SHORT ntdll.7C92E85F 7C92E878 C1E8 10 SHR EAX,10 7C92E87B 3AC3 CMP AL,BL 7C92E87D 74 17 JE SHORT ntdll.7C92E896 7C92E87F 84C0 TEST AL,AL 7C92E881 ^ 74 DC JE SHORT ntdll.7C92E85F 7C92E883 3AE3 CMP AH,BL 7C92E885 74 08 JE SHORT ntdll.7C92E88F 7C92E887 84E4 TEST AH,AH 7C92E889 ^ 75 98 JNZ SHORT ntdll.7C92E823 7C92E88B ^ EB D2 JMP SHORT ntdll.7C92E85F 7C92E88D ^ EB 94 JMP SHORT ntdll.7C92E823 7C92E88F 5E POP ESI 7C92E890 5F POP EDI 7C92E891 8D42 FF LEA EAX,DWORD PTR DS:[EDX-1] 7C92E894 5B POP EBX 7C92E895 C3 RETN 7C92E896 8D42 FE LEA EAX,DWORD PTR DS:[EDX-2] 7C92E899 5E POP ESI 7C92E89A 5F POP EDI 7C92E89B 5B POP EBX 7C92E89C C3 RETN 7C92E89D 8D42 FD LEA EAX,DWORD PTR DS:[EDX-3] 7C92E8A0 5E POP ESI 7C92E8A1 5F POP EDI 7C92E8A2 5B POP EBX 7C92E8A3 C3 RETN 7C92E8A4 8D42 FC LEA EAX,DWORD PTR DS:[EDX-4] 7C92E8A7 5E POP ESI 7C92E8A8 5F POP EDI 7C92E8A9 5B POP EBX 7C92E8AA C3 RETN 7C92E8AB 68 00E9927C PUSH ntdll.7C92E900 7C92E8B0 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 7C92E8B6 50 PUSH EAX 7C92E8B7 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10] 7C92E8BB 896C24 10 MOV DWORD PTR SS:[ESP+10],EBP 7C92E8BF 8D6C24 10 LEA EBP,DWORD PTR SS:[ESP+10] 7C92E8C3 2BE0 SUB ESP,EAX 7C92E8C5 53 PUSH EBX 7C92E8C6 56 PUSH ESI 7C92E8C7 57 PUSH EDI 7C92E8C8 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 7C92E8CB 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP 7C92E8CE 50 PUSH EAX 7C92E8CF 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 7C92E8D2 C745 FC FFFFFFF>MOV DWORD PTR SS:[EBP-4],-1 7C92E8D9 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX 7C92E8DC 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10] 7C92E8DF 64:A3 00000000 MOV DWORD PTR FS:[0],EAX 7C92E8E5 C3 RETN 7C92E8E6 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] 7C92E8E9 64:890D 0000000>MOV DWORD PTR FS:[0],ECX 7C92E8F0 59 POP ECX 7C92E8F1 5F POP EDI 7C92E8F2 5E POP ESI 7C92E8F3 5B POP EBX 7C92E8F4 C9 LEAVE 7C92E8F5 51 PUSH ECX 7C92E8F6 C3 RETN 7C92E8F7 90 NOP 7C92E8F8 56 PUSH ESI 7C92E8F9 43 INC EBX 7C92E8FA 3230 XOR DH,BYTE PTR DS:[EAX] 7C92E8FC 58 POP EAX 7C92E8FD 43 INC EBX 7C92E8FE 3030 XOR BYTE PTR DS:[EAX],DH 7C92E900 55 PUSH EBP 7C92E901 8BEC MOV EBP,ESP 7C92E903 83EC 08 SUB ESP,8 7C92E906 53 PUSH EBX 7C92E907 56 PUSH ESI 7C92E908 57 PUSH EDI 7C92E909 55 PUSH EBP 7C92E90A FC CLD 7C92E90B 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+C] 7C92E90E 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 7C92E911 F740 04 0600000>TEST DWORD PTR DS:[EAX+4],6 7C92E918 0F85 AB000000 JNZ ntdll.7C92E9C9 7C92E91E 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX 7C92E921 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10] 7C92E924 8945 FC MOV DWORD PTR SS:[EBP-4],EAX 7C92E927 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8] 7C92E92A 8943 FC MOV DWORD PTR DS:[EBX-4],EAX 7C92E92D 8B73 0C MOV ESI,DWORD PTR DS:[EBX+C] 7C92E930 8B7B 08 MOV EDI,DWORD PTR DS:[EBX+8] 7C92E933 53 PUSH EBX 7C92E934 E8 BB9A0200 CALL ntdll.7C9583F4 7C92E939 83C4 04 ADD ESP,4 7C92E93C 0BC0 OR EAX,EAX 7C92E93E 74 7B JE SHORT ntdll.7C92E9BB 7C92E940 83FE FF CMP ESI,-1 7C92E943 74 7D JE SHORT ntdll.7C92E9C2 7C92E945 8D0C76 LEA ECX,DWORD PTR DS:[ESI+ESI2] 7C92E948 8B448F 04 MOV EAX,DWORD PTR DS:[EDI+ECX4+4] 7C92E94C 0BC0 OR EAX,EAX 7C92E94E 74 59 JE SHORT ntdll.7C92E9A9 7C92E950 56 PUSH ESI 7C92E951 55 PUSH EBP 7C92E952 8D6B 10 LEA EBP,DWORD PTR DS:[EBX+10] 7C92E955 33DB XOR EBX,EBX 7C92E957 33C9 XOR ECX,ECX 7C92E959 33D2 XOR EDX,EDX 7C92E95B 33F6 XOR ESI,ESI 7C92E95D 33FF XOR EDI,EDI 7C92E95F FFD0 CALL EAX 7C92E961 5D POP EBP 7C92E962 5E POP ESI 7C92E963 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+C] 7C92E966 0BC0 OR EAX,EAX 7C92E968 74 3F JE SHORT ntdll.7C92E9A9 7C92E96A 78 48 JS SHORT ntdll.7C92E9B4 7C92E96C 8B7B 08 MOV EDI,DWORD PTR DS:[EBX+8] 7C92E96F 53 PUSH EBX 7C92E970 E8 8C000000 CALL ntdll.7C92EA01 7C92E975 83C4 04 ADD ESP,4 7C92E978 8D6B 10 LEA EBP,DWORD PTR DS:[EBX+10] 7C92E97B 56 PUSH ESI 7C92E97C 53 PUSH EBX 7C92E97D E8 DA000000 CALL ntdll.7C92EA5C 7C92E982 83C4 08 ADD ESP,8 7C92E985 8D0C76 LEA ECX,DWORD PTR DS:[ESI+ESI2] 7C92E988 6A 01 PUSH 1 7C92E98A 8B448F 08 MOV EAX,DWORD PTR DS:[EDI+ECX4+8] 7C92E98E E8 65010000 CALL ntdll.7C92EAF8 7C92E993 8B048F MOV EAX,DWORD PTR DS:[EDI+ECX4] 7C92E996 8943 0C MOV DWORD PTR DS:[EBX+C],EAX 7C92E999 8B448F 08 MOV EAX,DWORD PTR DS:[EDI+ECX4+8] 7C92E99D 33DB XOR EBX,EBX 7C92E99F 33C9 XOR ECX,ECX 7C92E9A1 33D2 XOR EDX,EDX 7C92E9A3 33F6 XOR ESI,ESI 7C92E9A5 33FF XOR EDI,EDI 7C92E9A7 FFD0 CALL EAX 7C92E9A9 8B7B 08 MOV EDI,DWORD PTR DS:[EBX+8] 7C92E9AC 8D0C76 LEA ECX,DWORD PTR DS:[ESI+ESI2] 7C92E9AF 8B348F MOV ESI,DWORD PTR DS:[EDI+ECX4] 7C92E9B2 ^ EB 8C JMP SHORT ntdll.7C92E940 7C92E9B4 B8 00000000 MOV EAX,0 7C92E9B9 EB 23 JMP SHORT ntdll.7C92E9DE 7C92E9BB 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 2009-11-27 09:16 0
风随雨行雪币： 2523 活跃值： (520) 能力值： ( LV4，RANK：50 ) 在线值：发帖 3 回帖 604 粉丝 1 关注私信	风随雨行 1 5 楼直接昏厥了…… 你进到系统领空了，大家估计让你进的是那个红色高亮的CALL 2009-11-27 10:19 0
xupeihua 雪币： 19 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 414 粉丝 0 关注私信	xupeihua 6 楼帮楼主顶，可能楼主没描述清楚吧，我看楼上几位都挺牛的 2009-11-27 11:32 0
怀恋深秋雪币： 1 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 3 粉丝 0 关注私信	怀恋深秋 7 楼我还没晕倒，，呵呵 2009-11-28 07:41 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复