00425747 |> /0FBEC0 /movsx eax, al ; 密码字符串逐位处理
0042574A |. |50 |push eax
0042574B |. |E8 E426FFFF |call 00417E34
00425750 |. |85C0 |test eax, eax
00425752 |. |59 |pop ecx
00425753 |. |74 08 |je short 0042575D
00425755 |. |85F6 |test esi, esi
00425757 |. |75 06 |jnz short 0042575F
00425759 |. |8BF7 |mov esi, edi
0042575B |. |EB 02 |jmp short 0042575F
0042575D |> |33F6 |xor esi, esi
0042575F |> |57 |push edi
00425760 |. |E8 D324FFFF |call 00417C38
00425765 |. |8BF8 |mov edi, eax
00425767 |. |59 |pop ecx
00425768 |. |8A07 |mov al, byte ptr [edi]
0042576A |. |84C0 |test al, al
0042576C |.^\75 D9 \jnz short 00425747
0042576E |. 85F6 test esi, esi
00425770 |. 74 09 je short 0042577B
call 00417E34处的代码:
00417E34 /$ 55 push ebp ; KERNEL32.WriteProfileStringA
00417E35 |. 8BEC mov ebp, esp
00417E37 |. 51 push ecx
00417E38 |. 8B4D 08 mov ecx, dword ptr [ebp+8]
00417E3B |. 81F9 FF000000 cmp ecx, 0FF
00417E41 |. 76 5E jbe short 00417EA1
00417E43 |. 66:8365 FC 00 and word ptr [ebp-4], 0
00417E48 |. 57 push edi
00417E49 |. 33C0 xor eax, eax
00417E4B |. 8D7D FE lea edi, dword ptr [ebp-2]
00417E4E |. 66:AB stos word ptr es:[edi]
00417E50 |. 8BC1 mov eax, ecx
00417E52 |. 884D 0B mov byte ptr [ebp+B], cl
00417E55 |. C1E8 08 shr eax, 8
00417E58 |. 833D ECD64400>cmp dword ptr [44D6EC], 0
00417E5F |. 8845 0A mov byte ptr [ebp+A], al
00417E62 |. 5F pop edi
00417E63 |. 75 04 jnz short 00417E69
00417E65 |> 33C0 xor eax, eax
00417E67 |. C9 leave
call 00417C38的代码:
00417C38 /$ 8B4424 04 mov eax, dword ptr [esp+4]
00417C3C |. 0FB608 movzx ecx, byte ptr [eax]
00417C3F |. 8A89 01D84400 mov cl, byte ptr [ecx+44D801]
00417C45 |. 80E1 04 and cl, 4
00417C48 |. 40 inc eax
00417C49 |. 84C9 test cl, cl
00417C4B |. 74 01 je short 00417C4E
00417C4D |. 40 inc eax
00417C4E \> C3 retn
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
