能力值:
( LV2,RANK:10 )
|
-
-
3 楼
procedure TfMain.btnSaveClick(Sender : TObject);
begin
(*
00559BFC 55 push ebp
00559BFD 8BEC mov ebp, esp
00559BFF B92B000000 mov ecx, $0000002B
00559C04 6A00 push $00
00559C06 6A00 push $00
00559C08 49 dec ecx
00559C09 75F9 jnz 00559C04
00559C0B 53 push ebx
00559C0C 56 push esi
00559C0D 57 push edi
00559C0E 8955F8 mov [ebp-$08], edx
00559C11 8945FC mov [ebp-$04], eax
00559C14 33C0 xor eax, eax
00559C16 55 push ebp
00559C17 686AA05500 push $0055A06A
***** TRY
|
00559C1C 64FF30 push dword ptr fs:[eax]
00559C1F 648920 mov fs:[eax], esp
00559C22 C645F701 mov byte ptr [ebp-$09], $01
00559C26 33D2 xor edx, edx
00559C28 55 push ebp
00559C29 68799F5500 push $00559F79
***** TRY
|
00559C2E 64FF32 push dword ptr fs:[edx]
00559C31 648922 mov fs:[edx], esp
00559C34 8B45FC mov eax, [ebp-$04]
* Reference to : TfMain._PROC_00554E9C()
|
00559C37 E860B2FFFF call 00554E9C
00559C3C 84C0 test al, al
00559C3E 0F842B030000 jz 00559F6F
|
00559C44 E8DF64FFFF call 00550128
00559C49 E91C030000 jmp 00559F6A
00559C4E CE into
00559C4F 7846 js 00559C97
00559C51 7A03 jp 00559C56
00559C53 9A2A0EE7CB call $CBE70E2A
00559C58 CA ret
00559C59 27 daa
00559C5A 264D dec ebp
00559C5C 854FDB test [edi-$25], ecx
00559C5F B8643780BD mov eax, $BD803764
00559C64 BDC472BBCE mov ebp, $CEBB72C4
00559C69 CA ret
00559C6A 127256 adc dh, byte ptr [edx+$56]
00559C6D D9D0 fnop
00559C6F BF1E47FF48 mov edi, $48FF471E
00559C74 AD lodsd
00559C75 53 push ebx
00559C76 44 inc esp
00559C77 27 daa
00559C78 EBB2 jmp 00559C2C
00559C7A 9D pop
00559C7B 66C11B31 rcr word ptr [ebx], $31
00559C7F 69CDAF01B833 imul ecx, ebp, $33B801AF
00559C85 0A19 or bl, byte ptr [ecx]
00559C87 C7EF83455B90 mov edi, $905B4583
00559C8D 8FE9 pop ecx
00559C8F 7B92 jnp 00559C23
00559C91 A06551EEAD mov al, byte ptr [$ADEE5165]
00559C96 1946AC sbb [esi-$54], eax
00559C99 99 cdq
00559C9A 1DC1D2CC16 sbb eax, $16CCD2C1
00559C9F 96 xchg eax, esi
00559CA0 308C949BCC8DD1 xor [esp+edx*4+$D18DCC9B], cl
00559CA7 19A304790EBC sbb [ebx+$BC0E7904], esp
00559CAD AF scasd
00559CAE DF8539804A93 fild word ptr [ebp+$934A8039]
00559CB4 6515C4E6FC94 adc eax, $94FCE6C4
00559CBA 43 inc ebx
00559CBB F72B imul dword ptr [ebx]
00559CBD B5BF mov ch, $BF
00559CBF 1E push ds
00559CC0 66FD std
00559CC2 BA718A3B94 mov edx, $943B8A71
00559CC7 91 xchg eax, ecx
00559CC8 B02B mov al, $2B
00559CCA A877 test al, $77
00559CCC D7 xlat
00559CCD 5C pop esp
00559CCE 1E push ds
00559CCF 16 push ss
00559CD0 AD lodsd
00559CD1 C221AB ret $AB21
00559CD4 7C3E jl 00559D14
00559CD6 93 xchg eax, ebx
00559CD7 FB sti
00559CD8 8F60A2 pop dword ptr [eax-$5E]
00559CDB 99 cdq
00559CDC 96 xchg eax, esi
00559CDD 49 dec ecx
00559CDE 835AA0C4 sbb dword ptr [edx-$60], -$3C
00559CE2 2EE10E loope +$0E
00559CE5 99 cdq
00559CE6 F66BBB imul byte ptr [ebx-$45], al
00559CE9 FA cli
00559CEA 4E dec esi
00559CEB D6 DB $D6 //
00559CEC 51 push ecx
00559CED 2C24 sub al, $24
00559CEF 3C78 cmp al, $78
00559CF1 7210 jb 00559D03
00559CF3 338B3261553E xor ecx, [ebx+$3E556132]
00559CF9 FE81A461B9A9 inc byte ptr [ecx+$A9B961A4]
00559CFF 2DB38558F1 sub eax, $F15885B3
00559D04 72CD jb 00559CD3
00559D06 6B450383 imul eax, [ebp+$03], $83
00559D0A 63A369446B83 arpl [ebx+$836B4469], sp
00559D10 0E push cs
00559D11 B92210FB98 mov ecx, $98FB1022
00559D16 4A dec edx
00559D17 2650 push eax
00559D19 C1D279 rcl edx, $79
00559D1C D4 aam
00559D1D 11F0 adc eax, esi
00559D1F 084E79 or [esi+$79], cl
00559D22 8F38 pop dword ptr [eax]
00559D24 F3 rep
00559D25 92 xchg eax, edx
00559D26 795C jns 00559D84
00559D28 B775 mov bh, $75
00559D2A D4 aam
00559D2B D916 fst dword ptr [esi]
00559D2D CA ret
00559D2E 7E31 jle 00559D61
00559D30 45 inc ebp
00559D31 2CDC sub al, $DC
00559D33 FEBA DB $FE, $BA //
00559D35 37 aaa
00559D36 7AE0 jp 00559D18
00559D38 31CA xor edx, ecx
00559D3A B6FA mov dh, $FA
00559D3C DD16 fst qword ptr [esi]
00559D3E 74DD jz 00559D1D
00559D40 6D insd
00559D41 C574BBA4 lds esi, [ebx+edi*4-$5C]
00559D45 219BDF98D36B and [ebx+$6BD398DF], ebx
00559D4B E521 in eax, $21
00559D4D B52D mov ch, $2D
00559D4F 17 pop ss
00559D50 70E7 jo 00559D39
00559D52 0CFF or al, $FF
00559D54 45 inc ebp
00559D55 73DA jnb 00559D31
00559D57 8262AABC and dword ptr [edx-$56], $BC
00559D5B CB ret
00559D5C C1A511184EB20F shl dword ptr [ebp+$B24E1811], $0F
00559D63 5F pop edi
00559D64 52 push edx
00559D65 D5 aad
00559D66 EB74 jmp 00559DDC
00559D68 1121 adc [ecx], esp
00559D6A AE scasb
00559D6B F0 lock
00559D6C 7473 jz 00559DE1
00559D6E 814845F9041C6F or dword ptr [eax+$45], $6F1C04F9
00559D75 875F05 xchg [edi+$05], ebx
00559D78 91 xchg eax, ecx
00559D79 09DD or ebp, ebx
00559D7B C2B529 ret $29B5
00559D7E 2DFA09CCF0 sub eax, $F0CC09FA
00559D83 B6E7 mov dh, $E7
00559D85 1BCA sbb ecx, edx
00559D87 C03197 DB $C0, $31, $97 // byte ptr [ecx], $97
00559D8A D6 DB $D6 //
00559D8B 8B4770 mov eax, [edi+$70]
00559D8E 0DAB3201C5 or eax, $C50132AB
00559D93 4A dec edx
00559D94 64831533A36A434A adc dword ptr fs:[$436AA333], +$4A
00559D9C 03FC add edi, esp
00559D9E 68BAD99B76 push $769BD9BA
00559DA3 8349879F or dword ptr [ecx-$79], -$61
00559DA7 6384A6DFD13B37 arpl [esi+$373BD1DF], ax
00559DAE 37 aaa
00559DAF 43 inc ebx
00559DB0 A20B5249D4 mov byte ptr [$D449520B], al
00559DB5 98 cwde
00559DB6 E173 loope +$73
00559DB8 7AF9 jp 00559DB3
00559DBA AE scasb
00559DBB 3BA71F27D9CF cmp esp, [edi+$CFD9271F]
00559DC1 B8473BE378 mov eax, $78E33B47
00559DC6 265C pop esp
00559DC8 AD lodsd
00559DC9 E9899D7823 jmp 23CE3B57
00559DCE 9B wait
00559DCF 29A58E178908 sub dword ptr [ebp+$889178E], esp
00559DD5 EBD3 jmp 00559DAA
00559DD7 D9B2CA13975C fstenv ???? ptr [edx+$5C9713CA]
00559DDD F60C3D0B855AF7 DB $F6, $0C, $3D, $0B, $85, $5A, $F7 // byte ptr [$F75A850B+edi]
00559DE4 96 xchg eax, esi
00559DE5 7F04 jnle 00559DEB
00559DE7 BF93E12568 mov edi, $6825E193
00559DEC AB stosd
00559DED A884 test al, $84
00559DEF 8DC8 lea ecx, eax
00559DF1 72C9 jb 00559DBC
00559DF3 6E outsb
00559DF4 3BB9A1CFA946 cmp edi, [ecx+$46A9CFA1]
00559DFA 8CF4 mov sp,
00559DFC 7F11 jnle 00559E0F
00559DFE E850924B6F call 6FA13053
00559E03 5C pop esp
00559E04 37 aaa
00559E05 F2 repne
00559E06 7CBC jl 00559DC4
00559E08 A1B6D9237B mov eax, dword ptr [$7B23D9B6]
00559E0D B079 mov al, $79
00559E0F 9B wait
00559E10 0B5E7A or ebx, [esi+$7A]
00559E13 265D pop ebp
00559E15 29905205E58D sub dword ptr [eax+$8DE50552], edx
00559E1B 348A xor al, $8A
00559E1D 77A5 jnbe 00559DC4
00559E1F 06 push es
00559E20 69D0301C5239 imul edx, eax, $39521C30
00559E26 4D dec ebp
00559E27 7BA5 jnp 00559DCE
00559E29 094223 or [edx+$23], eax
00559E2C ED in eax, dx
00559E2D 3922 cmp [edx], esp
00559E2F 96 xchg eax, esi
00559E30 1F pop ds
00559E31 388AE503F8C4 cmp [edx+$C4F803E5], cl
00559E37 D33B sar dword ptr [ebx], cl
00559E39 58 pop eax
00559E3A 60 pusha
00559E3B 8781E6BFD515 xchg [ecx+$15D5BFE6], eax
00559E41 2EAD lodsd
00559E43 42 inc edx
00559E44 2B7220 sub esi, dword ptr [edx+$20]
00559E47 BC222EAC83 mov esp, $83AC2E22
00559E4C 68AFF0DFF6 push $F6DFF0AF
00559E51 1024D1 adc [ecx+edx*8], ah
00559E54 F2 repne
00559E55 DECB fmulp st(3), st(0)
00559E57 84DB test bl, bl
00559E59 3B957C4606BA cmp edx, [ebp+$BA06467C]
00559E5F 7CE7 jl 00559E48
00559E61 8CC6 mov si, es
00559E63 2EBEA2EE20B7 mov esi, $B720EEA2
00559E69 2117 and [edi], edx
00559E6B BD87F08D70 mov ebp, $708DF087
00559E70 E8CB34763B call 3BCBD340
00559E75 047A add al, +$7A
00559E77 A3722BF156 mov dword ptr [$56F12B72], eax
00559E7C 1A21 sbb ah, byte ptr [ecx]
00559E7E 749D jz 00559E1D
00559E80 14C3 adc al, $C3
00559E82 80D2F7 adc dl, $F7
00559E85 1F pop ds
00559E86 F5 cmc
00559E87 51 push ecx
00559E88 3C77 cmp al, $77
00559E8A EB58 jmp 00559EE4
00559E8C 866B12 xchg [ebx+$12], ch
00559E8F C2A070 ret $70A0
00559E92 47 inc edi
00559E93 F5 cmc
00559E94 E534 in eax, $34
00559E96 002498 add [eax+ebx*4], ah
00559E99 75CB jnz 00559E66
00559E9B 8D476F lea eax, [edi+$6F]
00559E9E 5F pop edi
00559E9F 4E dec esi
00559EA0 3F aas
00559EA1 AB stosd
00559EA2 BC81CA94F9 mov esp, $F994CA81
00559EA7 C72390E3A105 mov dword ptr [ebx], $05A1E390
00559EAD 0F75955CF77761 pcmpeqw MM2, [ebp+$6177F75C]
00559EB4 6F outsd
00559EB5 B68A mov dh, $8A
00559EB7 A7 cmpsd
00559EB8 F67FD2 idiv byte ptr [edi-$2E]
00559EBB C8E4 enter , $E4
00559EBD E4A8 in al, $A8
00559EBF FB sti
00559EC0 BD13CE2BE2 mov ebp, $E22BCE13
00559EC5 8A02 mov al, byte ptr [edx]
00559EC7 35B51CD796 xor eax, $96D71CB5
00559ECC CB ret
00559ECD 10B1DF41CE7E adc [ecx+$7ECE41DF], dh
00559ED3 BD6CFD30F2 mov ebp, $F230FD6C
00559ED8 C54AD9 lds ecx, [edx-$27]
00559EDB 7D56 jnl 00559F33
00559EDD 76DE jbe 00559EBD
00559EDF 39CA cmp edx, ecx
00559EE1 6751 push ecx
00559EE3 E4DA in al, $DA
00559EE5 CA ret
00559EE6 EB8C jmp 00559E74
00559EE8 663BBF4ADFA799 cmp di, word ptr [edi+$99A7DF4A]
00559EEF 49 dec ecx
00559EF0 4E dec esi
00559EF1 726A jb 00559F5D
00559EF3 0392171EB6D7 add edx, [edx+$D7B61E17]
00559EF9 B768 mov bh, $68
00559EFB BF0346AE87 mov edi, $87AE4603
00559F00 1CBB sbb al, $BB
00559F02 096E7F or [esi+$7F], ebp
00559F05 B070 mov al, $70
00559F07 5D pop ebp
00559F08 769C jbe 00559EA6
00559F0A 2AAAC7D3B30B sub ch, byte ptr [edx+$BB3D3C7]
00559F10 D9838B04765B fld dword ptr [ebx+$5B76048B]
00559F16 80D459 adc ah, $59
00559F19 0907 or [edi], eax
00559F1B 54 push esp
00559F1C 1F pop ds
00559F1D CF iret
00559F1E 7571 jnz 00559F91
00559F20 69399FE5C7EE imul edi, [ecx], $EEC7E59F
00559F26 A8EE test al, $EE
00559F28 AB stosd
00559F29 FE06 inc byte ptr [esi]
00559F2B C7EAF0912E7F mov edx, $7F2E91F0
00559F31 F0 lock
00559F32 E393 jcxz -$6D
00559F34 1CE9 sbb al, $E9
00559F36 9E sahf
00559F37 A97178A997 test eax, $97A97871
00559F3C 8588B1691BA6 test [eax+$A61B69B1], ecx
00559F42 E4D0 in al, $D0
00559F44 45 inc ebp
00559F45 51 push ecx
00559F46 4A dec edx
00559F47 46 inc esi
00559F48 8FE7 pop edi
00559F4A A5 movsd
00559F4B 8D31 lea esi, [ecx]
00559F4D 685ECF21D7 push $D721CF5E
00559F52 677D91 jnl 00559EE6
00559F55 EA6BB38597 jmp $9785B36B
00559F5A 8E8B217ED329 mov cs, word ptr [ebx+$29D37E21]
00559F60 B191 mov cl, $91
00559F62 399AF5F91352 cmp [edx+$5213F9F5], ebx
00559F68 C4E5 les esp, bp
* Reference to : TMDFReader._PROC_00550150()
|
00559F6A E8E161FFFF call 00550150
00559F6F 33C0 xor eax, eax
00559F71 5A pop edx
00559F72 59 pop ecx
00559F73 59 pop ecx
00559F74 648910 mov fs:[eax], edx
00559F77 EB69 jmp 00559FE2
|
00559F79 E91AA9EAFF jmp 00404898
00559F7E 0100 add [eax], eax
00559F80 0000 add [eax], al
00559F82 808F40008A9F55 or byte ptr [edi+$9F8A0040], $55
00559F89 0089C3688CA2 add [ecx+$A28C68C3], cl
00559F8F 55 push ebp
00559F90 008D95B0FEFF add [ebp+$FFFEB095], cl
00559F96 FF8B03E886A1 dec dword ptr [ebx+$A186E803]
00559F9C EAFF8D95B0 jmp $B0958DFF
00559FA1 FEFF DB $FE, $FF //
00559FA3 FF8D85A8FEFF dec dword ptr [ebp+$FFFEA885]
00559FA9 FFE8 jmp ax
00559FAB 7DB4 jnl 00559F61
00559FAD EAFFFFB5A8 jmp $A8B5FFFF
00559FB2 FEFF DB $FE, $FF //
00559FB4 FF6824 jmp [eax+$24]
00559FB7 A25500FF73 mov byte ptr [$73FF0055], al
00559FBC 048D add al, -$73
00559FBE 85ACFEFFFFBA04 test [esi+edi*8+$4BAFFFF], ebp
00559FC5 0000 add [eax], al
00559FC7 00E8 add al, ch
00559FC9 7FB5 jnle 00559F80
00559FCB EAFF8B95AC jmp $AC958BFF
00559FD0 FEFF DB $FE, $FF //
00559FD2 FFB8 DB $FF, $B8 //
00559FD4 A6 cmpsb
00559FD5 3B01 cmp eax, [ecx]
00559FD7 00E8 add al, ch
00559FD9 47 inc edi
00559FDA 1E push ds
00559FDB 0000 add [eax], al
|
00559FDD E85EACEAFF call 00404C40
****** END
|
00559FE2 807DF700 cmp byte ptr [ebp-$09], $00
00559FE6 7415 jz 00559FFD
00559FE8 8B0D3CC19A00 mov ecx, [$009AC13C]
* Possible String Reference to: 'You can't save a recovered data in
| demo mode.'
|
00559FEE BAA8A25500 mov edx, $0055A2A8
* Possible String Reference to: 'Attention. Demo version has limitat
| ion...'
|
00559FF3 B8E0A25500 mov eax, $0055A2E0
|
00559FF8 E8E32A0000 call 0055CAE0
00559FFD 33C0 xor eax, eax
00559FFF 5A pop edx
0055A000 59 pop ecx
0055A001 59 pop ecx
0055A002 648910 mov fs:[eax], edx
****** FINALLY
|
0055A005 6871A05500 push $0055A071
0055A00A 8D85A8FEFFFF lea eax, [ebp+$FFFFFEA8]
0055A010 BA02000000 mov edx, $00000002
|
0055A015 E8C2B1EAFF call 004051DC
0055A01A 8D45B0 lea eax, [ebp-$50]
0055A01D BA02000000 mov edx, $00000002
|
0055A022 E8B5B1EAFF call 004051DC
0055A027 8D45B8 lea eax, [ebp-$48]
|
0055A02A E889B1EAFF call 004051B8
0055A02F 8D45BC lea eax, [ebp-$44]
|
0055A032 E8C5B9EAFF call 004059FC
0055A037 8D45C0 lea eax, [ebp-$40]
|
0055A03A E879B1EAFF call 004051B8
0055A03F 8D45C8 lea eax, [ebp-$38]
0055A042 BA02000000 mov edx, $00000002
|
0055A047 E890B1EAFF call 004051DC
0055A04C 8D45D0 lea eax, [ebp-$30]
|
0055A04F E864B1EAFF call 004051B8
0055A054 8D45D4 lea eax, [ebp-$2C]
|
0055A057 E85CB1EAFF call 004051B8
0055A05C 8D45D8 lea eax, [ebp-$28]
0055A05F BA02000000 mov edx, $00000002
|
0055A064 E873B1EAFF call 004051DC
0055A069 C3 ret
*)
end;
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
OD打开只能显示到!
0055E000 832D B8859A00 0>sub dword ptr [9A85B8], 1
0055E007 0F83 87000000 jnb 0055E094
0055E00D E8 E64BEAFF call 00402BF8
0055E012 C605 08005600 0>mov byte ptr [560008], 2
0055E019 C705 14809A00 5>mov dword ptr [9A8014], <jmp.&kernel>
0055E023 C705 18809A00 6>mov dword ptr [9A8018], <jmp.&kernel>
0055E02D C605 4E809A00 0>mov byte ptr [9A804E], 2
0055E034 C705 00809A00 A>mov dword ptr [9A8000], 004064A8
0055E03E E8 D15FEAFF call 00404014
0055E043 84C0 test al, al
0055E045 74 05 je short 0055E04C
0055E047 E8 F85FEAFF call 00404044
0055E04C E8 B760EAFF call 00404108
0055E051 66:C705 54809A0>mov word ptr [9A8054], 0D7B0
0055E05A 66:C705 20829A0>mov word ptr [9A8220], 0D7B0
0055E063 66:C705 EC839A0>mov word ptr [9A83EC], 0D7B0
0055E06C E8 5733EAFF call <jmp.&kernel32.GetCommandLineA>
0055E071 A3 40809A00 mov dword ptr [9A8040], eax
0055E076 E8 1D34EAFF call 00401498
0055E07B A3 3C809A00 mov dword ptr [9A803C], eax
0055E080 E8 8F98EAFF call <jmp.&kernel32.GetACP>
0055E085 A3 BC859A00 mov dword ptr [9A85BC], eax
0055E08A E8 0134EAFF call <jmp.&kernel32.GetCurrentThreadI>
0055E08F A3 34809A00 mov dword ptr [9A8034], eax
0055E094 C3 retn
0055E095 8D40 00 lea eax, dword ptr [eax]
0055E098 832D 00A89A00 0>sub dword ptr [9AA800], 1
0055E09F 73 07 jnb short 0055E0A8
0055E0A1 33C0 xor eax, eax
0055E0A3 A3 04A89A00 mov dword ptr [9AA804], eax
0055E0A8 C3 retn
0055E0A9 8D40 00 lea eax, dword ptr [eax]
0055E0AC 55 push ebp
0055E0AD 8BEC mov ebp, esp
0055E0AF 33C0 xor eax, eax
0055E0B1 55 push ebp
0055E0B2 68 1EE15500 push 0055E11E
0055E0B7 64:FF30 push dword ptr fs:[eax]
0055E0BA 64:8920 mov dword ptr fs:[eax], esp
0055E0BD 832D 18A99A00 0>sub dword ptr [9AA918], 1
0055E0C4 73 4A jnb short 0055E110
0055E0C6 B8 1C164100 mov eax, 0041161C
0055E0CB E8 4C6EEAFF call 00404F1C
0055E0D0 B8 08174100 mov eax, 00411708
0055E0D5 E8 6A6EEAFF call 00404F44
0055E0DA 803D F5A79A00 0>cmp byte ptr [9AA7F5], 0
0055E0E1 74 0F je short 0055E0F2
0055E0E3 B8 30085600 mov eax, 00560830
0055E0E8 BA 30E15500 mov edx, 0055E130 ; ASCII "0x"
0055E0ED E8 1A71EAFF call 0040520C
0055E0F2 E8 A51AEBFF call 0040FB9C
0055E0F7 B8 780B4100 mov eax, 00410B78
0055E0FC E8 5F91EAFF call 00407260
0055E101 E8 9A1BEBFF call 0040FCA0
0055E106 E8 8D2EEBFF call 00410F98
0055E10B E8 4025EBFF call 00410650
0055E110 33C0 xor eax, eax
0055E112 5A pop edx
0055E113 59 pop ecx
0055E114 59 pop ecx
0055E115 64:8910 mov dword ptr fs:[eax], edx
0055E118 68 25E15500 push 0055E125
0055E11D C3 retn ; RET 用作跳转到 0055E125
0055E11E - E9 FD68EAFF jmp 00404A20
0055E123 ^ EB F8 jmp short 0055E11D
0055E125 5D pop ebp
0055E126 C3 retn
0055E127 00FF add bh, bh
0055E129 FFFF ??? ; 未知命令
0055E12B FF02 inc dword ptr [edx]
0055E12D 0000 add byte ptr [eax], al
0055E12F 0030 add byte ptr [eax], dh
0055E131 78 00 js short 0055E133
0055E133 0083 2D80B29A add byte ptr [ebx+9AB2802D], al
0055E139 0001 add byte ptr [ecx], al
0055E13B 73 05 jnb short 0055E142
0055E13D E8 1E3EEBFF call 00411F60
0055E142 C3 retn
0055E143 90 nop
0055E144 55 push ebp
0055E145 8BEC mov ebp, esp
0055E147 33C0 xor eax, eax
0055E149 55 push ebp
0055E14A 68 E5E15500 push 0055E1E5
0055E14F 64:FF30 push dword ptr fs:[eax]
0055E152 64:8920 mov dword ptr fs:[eax], esp
0055E155 832D A4B29A00 0>sub dword ptr [9AB2A4], 1
0055E15C 73 79 jnb short 0055E1D7
0055E15E B8 84B29A00 mov eax, 009AB284
0055E163 E8 6CB9EBFF call 00419AD4
0055E168 B8 F02F4100 mov eax, 00412FF0 ; 入口地址
0055E16D A3 94B29A00 mov dword ptr [9AB294], eax
0055E172 B8 402B4100 mov eax, 00412B40 ; 入口地址
0055E177 A3 98B29A00 mov dword ptr [9AB298], eax
0055E17C BA 502A4100 mov edx, 00412A50 ; 入口地址
0055E181 8915 9CB29A00 mov dword ptr [9AB29C], edx
0055E187 A3 A0B29A00 mov dword ptr [9AB2A0], eax
0055E18C B8 F0324100 mov eax, 004132F0 ; 入口地址
0055E191 8B15 FC6B9A00 mov edx, dword ptr [9A6BFC] ; unRecove.0056000C
0055E197 8902 mov dword ptr [edx], eax
0055E199 B8 94954100 mov eax, 00419594 ; 入口地址
0055E19E 8B15 98669A00 mov edx, dword ptr [9A6698] ; unRecove.00560010
0055E1A4 8902 mov dword ptr [edx], eax
0055E1A6 B8 08374100 mov eax, 00413708 ; 入口地址
0055E1AB 8B15 346D9A00 mov edx, dword ptr [9A6D34] ; unRecove.00560014
0055E1B1 8902 mov dword ptr [edx], eax
0055E1B3 B8 84694100 mov eax, 00416984 ; 入口地址
0055E1B8 8B15 58709A00 mov edx, dword ptr [9A7058] ; unRecove.00560018
0055E1BE 8902 mov dword ptr [edx], eax
0055E1C0 B8 A4704100 mov eax, 004170A4 ; 入口地址
0055E1C5 8B15 8C6D9A00 mov edx, dword ptr [9A6D8C] ; unRecove.0056001C
0055E1CB 8902 mov dword ptr [edx], eax
0055E1CD 68 ACB29A00 push 009AB2AC
0055E1D2 E8 719CEAFF call <jmp.&kernel32.InitializeCritica>
0055E1D7 33C0 xor eax, eax
0055E1D9 5A pop edx
0055E1DA 59 pop ecx
0055E1DB 59 pop ecx
0055E1DC 64:8910 mov dword ptr fs:[eax], edx
0055E1DF 68 ECE15500 push 0055E1EC
0055E1E4 C3 retn ; RET 用作跳转到 0055E1EC
0055E1E5 - E9 3668EAFF jmp 00404A20
0055E1EA ^ EB F8 jmp short 0055E1E4
0055E1EC 5D pop ebp
0055E1ED C3 retn
0055E1EE 8BC0 mov eax, eax
0055E1F0 832D C4B29A00 0>sub dword ptr [9AB2C4], 1
0055E1F7 C3 retn
0055E1F8 55 push ebp
0055E1F9 8BEC mov ebp, esp
0055E1FB 33C0 xor eax, eax
0055E1FD 55 push ebp
0055E1FE 68 81E25500 push 0055E281
0055E203 64:FF30 push dword ptr fs:[eax]
0055E206 64:8920 mov dword ptr fs:[eax], esp
0055E209 832D D4B29A00 0>sub dword ptr [9AB2D4], 1
0055E210 73 61 jnb short 0055E273
0055E212 E8 FDBFECFF call 0042A214
0055E217 B8 F0B44200 mov eax, 0042B4F0
0055E21C E8 2F90EAFF call 00407250
0055E221 B2 01 mov dl, 1
0055E223 A1 209B4000 mov eax, dword ptr [409B20]
0055E228 E8 2F2FEBFF call 0041115C
0055E22D 8BD0 mov edx, eax
0055E22F 85D2 test edx, edx
0055E231 74 03 je short 0055E236
0055E233 83EA D4 sub edx, -2C
0055E236 B8 C8B29A00 mov eax, 009AB2C8
0055E23B E8 9891EAFF call 004073D8
0055E240 B2 01 mov dl, 1
0055E242 A1 D8F54100 mov eax, dword ptr [41F5D8]
0055E247 E8 0418ECFF call 0041FA50
0055E24C A3 DCB29A00 mov dword ptr [9AB2DC], eax
0055E251 B2 01 mov dl, 1
0055E253 A1 90E14100 mov eax, dword ptr [41E190]
0055E258 E8 872FECFF call 004211E4
0055E25D A3 D8B29A00 mov dword ptr [9AB2D8], eax
0055E262 B2 01 mov dl, 1
0055E264 A1 90E14100 mov eax, dword ptr [41E190]
0055E269 E8 762FECFF call 004211E4
0055E26E A3 E4B29A00 mov dword ptr [9AB2E4], eax
0055E273 33C0 xor eax, eax
0055E275 5A pop edx
0055E276 59 pop ecx
0055E277 59 pop ecx
0055E278 64:8910 mov dword ptr fs:[eax], edx
0055E27B 68 88E25500 push 0055E288
0055E280 C3 retn ; RET 用作跳转到 0055E288
0055E281 - E9 9A67EAFF jmp 00404A20
0055E286 ^ EB F8 jmp short 0055E280
0055E288 5D pop ebp
0055E289 C3 retn
0055E28A 8BC0 mov eax, eax
0055E28C 832D 08B39A00 0>sub dword ptr [9AB308], 1
0055E293 C3 retn
0055E294 832D 30B39A00 0>sub dword ptr [9AB330], 1
0055E29B 73 05 jnb short 0055E2A2
0055E29D E8 3AF0ECFF call 0042D2DC
0055E2A2 C3 retn
0055E2A3 90 nop
0055E2A4 832D 4CB39A00 0>sub dword ptr [9AB34C], 1
0055E2AB C3 retn
0055E2AC 832D 50B39A00 0>sub dword ptr [9AB350], 1
0055E2B3 C3 retn
0055E2B4 832D 58B39A00 0>sub dword ptr [9AB358], 1
0055E2BB 0F83 ED000000 jnb 0055E3AE
0055E2C1 E8 FE94EDFF call 004377C4
0055E2C6 68 70B39A00 push 009AB370
0055E2CB E8 789BEAFF call <jmp.&kernel32.InitializeCritica>
0055E2D0 68 88B39A00 push 009AB388
0055E2D5 E8 6E9BEAFF call <jmp.&kernel32.InitializeCritica>
0055E2DA 6A 07 push 7
0055E2DC E8 DF9DEAFF call <jmp.&gdi32.GetStockObject>
0055E2E1 A3 60B39A00 mov dword ptr [9AB360], eax
0055E2E6 6A 05 push 5
0055E2E8 E8 D39DEAFF call <jmp.&gdi32.GetStockObject>
0055E2ED A3 64B39A00 mov dword ptr [9AB364], eax
0055E2F2 6A 0D push 0D
0055E2F4 E8 C79DEAFF call <jmp.&gdi32.GetStockObject>
0055E2F9 A3 68B39A00 mov dword ptr [9AB368], eax
0055E2FE 68 007F0000 push 7F00
0055E303 6A 00 push 0
0055E305 E8 1EA3EAFF call <jmp.&user32.LoadIconA>
0055E30A A3 6CB39A00 mov dword ptr [9AB36C], eax
0055E30F E8 2C95EDFF call 00437840
0055E314 66:B9 3000 mov cx, 30
0055E318 B2 01 mov dl, 1
0055E31A A1 48F34200 mov eax, dword ptr [42F348]
0055E31F E8 0C11EDFF call 0042F430
0055E324 A3 A0B39A00 mov dword ptr [9AB3A0], eax
0055E329 66:B9 1000 mov cx, 10
0055E32D B2 01 mov dl, 1
0055E32F A1 48F34200 mov eax, dword ptr [42F348]
0055E334 E8 F710EDFF call 0042F430
0055E339 A3 A4B39A00 mov dword ptr [9AB3A4], eax
0055E33E 66:B9 1000 mov cx, 10
0055E342 B2 01 mov dl, 1
0055E344 A1 B0F34200 mov eax, dword ptr [42F3B0]
0055E349 E8 E210EDFF call 0042F430
0055E34E A3 A8B39A00 mov dword ptr [9AB3A8], eax
0055E353 B2 01 mov dl, 1
0055E355 A1 C0794300 mov eax, dword ptr [4379C0]
0055E35A E8 BD96EDFF call 00437A1C
0055E35F A3 B0B39A00 mov dword ptr [9AB3B0], eax
0055E364 B2 01 mov dl, 1
0055E366 A1 90E14100 mov eax, dword ptr [41E190]
0055E36B E8 742EECFF call 004211E4
0055E370 A3 50105600 mov dword ptr [561050], eax
0055E375 B2 01 mov dl, 1
0055E377 A1 90E14100 mov eax, dword ptr [41E190]
0055E37C E8 632EECFF call 004211E4
0055E381 A3 ACB39A00 mov dword ptr [9AB3AC], eax
0055E386 B9 B4FC4200 mov ecx, 0042FCB4
0055E38B BA C4FC4200 mov edx, 0042FCC4
0055E390 A1 08E34200 mov eax, dword ptr [42E308]
0055E395 E8 CE1FECFF call 00420368
0055E39A B9 BCFE4200 mov ecx, 0042FEBC
0055E39F BA CCFE4200 mov edx, 0042FECC
0055E3A4 A1 38E44200 mov eax, dword ptr [42E438]
0055E3A9 E8 BA1FECFF call 00420368
0055E3AE C3 retn
0055E3AF 90 nop
0055E3B0 832D 70B49A00 0>sub dword ptr [9AB470], 1
0055E3B7 73 11 jnb short 0055E3CA
0055E3B9 B2 01 mov dl, 1
0055E3BB A1 3C7E4300 mov eax, dword ptr [437E3C]
0055E3C0 E8 E79AEDFF call 00437EAC
0055E3C5 A3 7CB49A00 mov dword ptr [9AB47C], eax
0055E3CA C3 retn
0055E3CB 90 nop
0055E3CC 832D 80B49A00 0>sub dword ptr [9AB480], 1
0055E3D3 C3 retn
0055E3D4 832D 84B49A00 0>sub dword ptr [9AB484], 1
0055E3DB 73 75 jnb short 0055E452
0055E3DD E8 1296EAFF call 004079F4
0055E3E2 33D2 xor edx, edx
0055E3E4 8990 10000000 mov dword ptr [eax+10], edx
0055E3EA E8 0596EAFF call 004079F4
0055E3EF 33D2 xor edx, edx
0055E3F1 8990 14000000 mov dword ptr [eax+14], edx
0055E3F7 E8 F895EAFF call 004079F4
0055E3FC 33D2 xor edx, edx
0055E3FE 8990 18000000 mov dword ptr [eax+18], edx
0055E404 E8 EB95EAFF call 004079F4
0055E409 33D2 xor edx, edx
0055E40B 8990 1C000000 mov dword ptr [eax+1C], edx
0055E411 E8 DE95EAFF call 004079F4
0055E416 33D2 xor edx, edx
0055E418 8990 20000000 mov dword ptr [eax+20], edx
0055E41E E8 D195EAFF call 004079F4
0055E423 33D2 xor edx, edx
0055E425 8990 24000000 mov dword ptr [eax+24], edx
0055E42B E8 C495EAFF call 004079F4
0055E430 33D2 xor edx, edx
0055E432 8990 28000000 mov dword ptr [eax+28], edx
0055E438 E8 B795EAFF call 004079F4
0055E43D 33D2 xor edx, edx
0055E43F 8990 2C000000 mov dword ptr [eax+2C], edx
0055E445 E8 AA95EAFF call 004079F4
0055E44A 33D2 xor edx, edx
0055E44C 8990 30000000 mov dword ptr [eax+30], edx
0055E452 C3 retn
0055E453 90 nop
0055E454 832D 8CB49A00 0>sub dword ptr [9AB48C], 1
0055E45B 73 29 jnb short 0055E486
0055E45D A1 1C714500 mov eax, dword ptr [45711C]
0055E462 E8 751DECFF call 004201DC
0055E467 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168
0055E46D A1 686F4400 mov eax, dword ptr [446F68]
0055E472 E8 B11DECFF call 00420228
0055E477 68 88E45500 push 0055E488 ; ASCII "TaskbarCreated"
0055E47C E8 47A2EAFF call <jmp.&user32.RegisterClipboardFo>
0055E481 A3 88B49A00 mov dword ptr [9AB488], eax
0055E486 C3 retn
0055E487 005461 73 add byte ptr [ecx+73], dl
0055E48B 6B62 61 72 imul esp, dword ptr [edx+61], 72
0055E48F 43 inc ebx
0055E490 72 65 jb short 0055E4F7
0055E492 61 popad
0055E493 74 65 je short 0055E4FA
0055E495 64:0000 add byte ptr fs:[eax], al
0055E498 832D 90B49A00 0>sub dword ptr [9AB490], 1
0055E49F 73 33 jnb short 0055E4D4
0055E4A1 B8 40D24400 mov eax, 0044D240
0055E4A6 E8 996AEAFF call 00404F44
0055E4AB E8 F4ECEEFF call 0044D1A4
0055E4B0 A1 1C714500 mov eax, dword ptr [45711C]
0055E4B5 E8 221DECFF call 004201DC
0055E4BA A1 1C714500 mov eax, dword ptr [45711C]
0055E4BF E8 B81DECFF call 0042027C
0055E4C4 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168
0055E4CA A1 D0AB4400 mov eax, dword ptr [44ABD0]
0055E4CF E8 541DECFF call 00420228
0055E4D4 C3 retn
0055E4D5 8D40 00 lea eax, dword ptr [eax]
0055E4D8 832D CCB49A00 0>sub dword ptr [9AB4CC], 1
0055E4DF 73 27 jnb short 0055E508
0055E4E1 68 0CE55500 push 0055E50C ; ASCII "Delphi Picture"
0055E4E6 E8 D5A1EAFF call <jmp.&user32.RegisterClipboardFo>
0055E4EB 66:A3 C8B49A00 mov word ptr [9AB4C8], ax
0055E4F1 68 1CE55500 push 0055E51C ; ASCII "Delphi Component"
0055E4F6 E8 C5A1EAFF call <jmp.&user32.RegisterClipboardFo>
0055E4FB 66:A3 CAB49A00 mov word ptr [9AB4CA], ax
0055E501 33C0 xor eax, eax
0055E503 A3 D0B49A00 mov dword ptr [9AB4D0], eax
0055E508 C3 retn
0055E509 0000 add byte ptr [eax], al
0055E50B 004465 6C add byte ptr [ebp+6C], al
0055E50F 70 68 jo short 0055E579
0055E511 6920 50696374 imul esp, dword ptr [eax], 74636950
0055E517 75 72 jnz short 0055E58B
0055E519 65:0000 add byte ptr gs:[eax], al
0055E51C 44 inc esp
0055E51D 65:6C ins byte ptr es:[edi], dx
0055E51F 70 68 jo short 0055E589
0055E521 6920 436F6D70 imul esp, dword ptr [eax], 706D6F43
0055E527 6F outs dx, dword ptr es:[edi]
0055E528 6E outs dx, byte ptr es:[edi]
0055E529 65:6E outs dx, byte ptr es:[edi]
0055E52B 74 00 je short 0055E52D
0055E52D 0000 add byte ptr [eax], al
0055E52F 0083 2DF4B49A add byte ptr [ebx+9AB4F42D], al
0055E535 0001 add byte ptr [ecx], al
0055E537 73 05 jnb short 0055E53E
0055E539 E8 DEF9EEFF call 0044DF1C
0055E53E C3 retn
0055E53F 90 nop
0055E540 832D 08B59A00 0>sub dword ptr [9AB508], 1
0055E547 C3 retn
0055E548 832D 18B59A00 0>sub dword ptr [9AB518], 1
0055E54F 73 7B jnb short 0055E5CC
0055E551 B8 585B4500 mov eax, 00455B58
0055E556 E8 C169EAFF call 00404F1C
0055E55B A1 1C714500 mov eax, dword ptr [45711C]
0055E560 E8 771CECFF call 004201DC
0055E565 A1 1C714500 mov eax, dword ptr [45711C]
0055E56A E8 0D1DECFF call 0042027C
0055E56F 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168
0055E575 A1 64F54400 mov eax, dword ptr [44F564]
0055E57A E8 A91CECFF call 00420228
0055E57F 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168
0055E585 A1 88F94400 mov eax, dword ptr [44F988]
0055E58A E8 991CECFF call 00420228
0055E58F A1 64F54400 mov eax, dword ptr [44F564]
0055E594 E8 531BECFF call 004200EC
0055E599 B2 01 mov dl, 1
0055E59B A1 5CE34100 mov eax, dword ptr [41E35C]
0055E5A0 E8 6F5CEAFF call 00404214
0055E5A5 A3 1CB59A00 mov dword ptr [9AB51C], eax
0055E5AA B2 01 mov dl, 1
0055E5AC A1 0C004500 mov eax, dword ptr [45000C]
0055E5B1 E8 5E5CEAFF call 00404214
0055E5B6 A3 10B59A00 mov dword ptr [9AB510], eax
0055E5BB B2 01 mov dl, 1
0055E5BD A1 78004500 mov eax, dword ptr [450078]
0055E5C2 E8 89D4ECFF call 0042BA50
0055E5C7 A3 14B59A00 mov dword ptr [9AB514], eax
0055E5CC C3 retn
0055E5CD 8D40 00 lea eax, dword ptr [eax]
0055E5D0 55 push ebp
0055E5D1 8BEC mov ebp, esp
0055E5D3 33C0 xor eax, eax
0055E5D5 55 push ebp
0055E5D6 68 56E65500 push 0055E656
0055E5DB 64:FF30 push dword ptr fs:[eax]
0055E5DE 64:8920 mov dword ptr fs:[eax], esp
0055E5E1 832D 30B59A00 0>sub dword ptr [9AB530], 1
0055E5E8 73 5E jnb short 0055E648
0055E5EA E8 F997EAFF call <jmp.&kernel32.GetVersion>
0055E5EF 25 FF000000 and eax, 0FF
0055E5F4 66:83F8 04 cmp ax, 4
0055E5F8 0F9305 2CB59A00 setnb byte ptr [9AB52C]
0055E5FF E8 5CB0F0FF call 00469660
0055E604 A1 1C714500 mov eax, dword ptr [45711C]
0055E609 E8 CE1BECFF call 004201DC
0055E60E A1 1C714500 mov eax, dword ptr [45711C]
0055E613 E8 641CECFF call 0042027C
0055E618 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168
0055E61E A1 809D4600 mov eax, dword ptr [469D80]
0055E623 E8 001CECFF call 00420228
0055E628 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168
0055E62E A1 ACBA4600 mov eax, dword ptr [46BAAC]
0055E633 E8 F01BECFF call 00420228
0055E638 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168
0055E63E A1 D0BB4600 mov eax, dword ptr [46BBD0]
0055E643 E8 E01BECFF call 00420228
0055E648 33C0 xor eax, eax
0055E64A 5A pop edx
0055E64B 59 pop ecx
0055E64C 59 pop ecx
0055E64D 64:8910 mov dword ptr fs:[eax], edx
0055E650 68 5DE65500 push 0055E65D
0055E655 C3 retn ; RET 用作跳转到 0055E65D
0055E656 - E9 C563EAFF jmp 00404A20
0055E65B ^ EB F8 jmp short 0055E655
0055E65D 5D pop ebp
0055E65E C3 retn
0055E65F 90 nop
0055E660 832D B0B59A00 0>sub dword ptr [9AB5B0], 1
0055E667 73 20 jnb short 0055E689
0055E669 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168
0055E66F A1 D0BB4600 mov eax, dword ptr [46BBD0]
0055E674 E8 AF1BECFF call 00420228
0055E679 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168
0055E67F A1 ACBA4600 mov eax, dword ptr [46BAAC]
0055E684 E8 9F1BECFF call 00420228
0055E689 C3 retn
0055E68A 8BC0 mov eax, eax
0055E68C 832D BCB59A00 0>sub dword ptr [9AB5BC], 1
0055E693 73 2F jnb short 0055E6C4
0055E695 B8 D8AE4700 mov eax, 0047AED8
0055E69A E8 A568EAFF call 00404F44
0055E69F E8 4CC7F1FF call 0047ADF0
0055E6A4 68 C8E65500 push 0055E6C8 ; ASCII "TaskbarCreated"
0055E6A9 E8 1AA0EAFF call <jmp.&user32.RegisterClipboardFo>
0055E6AE A3 C0B59A00 mov dword ptr [9AB5C0], eax
0055E6B3 B8 58F14600 mov eax, 0046F158
0055E6B8 E8 531EECFF call 00420510
0055E6BD 33C0 xor eax, eax
0055E6BF A3 D4B59A00 mov dword ptr [9AB5D4], eax
0055E6C4 C3 retn
0055E6C5 0000 add byte ptr [eax], al
0055E6C7 005461 73 add byte ptr [ecx+73], dl
0055E6CB 6B62 61 72 imul esp, dword ptr [edx+61], 72
0055E6CF 43 inc ebx
0055E6D0 72 65 jb short 0055E737
0055E6D2 61 popad
0055E6D3 74 65 je short 0055E73A
0055E6D5 64:0000 add byte ptr fs:[eax], al
0055E6D8 832D D8B59A00 0>sub dword ptr [9AB5D8], 1
0055E6DF 73 1B jnb short 0055E6FC
0055E6E1 B8 98974800 mov eax, 00489798
0055E6E6 E8 5968EAFF call 00404F44
0055E6EB B8 DCB59A00 mov eax, 009AB5DC
0055E6F0 33C9 xor ecx, ecx
0055E6F2 BA 2C000000 mov edx, 2C
0055E6F7 E8 7852EAFF call 00403974
0055E6FC C3 retn
0055E6FD 8D40 00 lea eax, dword ptr [eax]
0055E700 832D 08B69A00 0>sub dword ptr [9AB608], 1
0055E707 73 0A jnb short 0055E713
0055E709 B8 94984800 mov eax, 00489894
0055E70E E8 0968EAFF call 00404F1C
0055E713 C3 retn
0055E714 832D 0CB69A00 0>sub dword ptr [9AB60C], 1
0055E71B C3 retn
0055E71C 832D 10B69A00 0>sub dword ptr [9AB610], 1
0055E723 C3 retn
0055E724 832D 1CB69A00 0>sub dword ptr [9AB61C], 1
0055E72B C3 retn
0055E72C 832D 2CB69A00 0>sub dword ptr [9AB62C], 1
0055E733 73 0F jnb short 0055E744
0055E735 BA 341D5600 mov edx, 00561D34 ; ASCII "8yI"
0055E73A A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055E73F E8 B891F3FF call 004978FC
0055E744 C3 retn
0055E745 8D40 00 lea eax, dword ptr [eax]
0055E748 832D 30B69A00 0>sub dword ptr [9AB630], 1
0055E74F 73 0F jnb short 0055E760
0055E751 BA 4C1D5600 mov edx, 00561D4C
0055E756 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055E75B E8 9C91F3FF call 004978FC
0055E760 C3 retn
0055E761 8D40 00 lea eax, dword ptr [eax]
0055E764 832D 34B69A00 0>sub dword ptr [9AB634], 1
0055E76B 73 0F jnb short 0055E77C
0055E76D BA 941D5600 mov edx, 00561D94
0055E772 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055E777 E8 8091F3FF call 004978FC
0055E77C C3 retn
0055E77D 8D40 00 lea eax, dword ptr [eax]
0055E780 832D 38B69A00 0>sub dword ptr [9AB638], 1
0055E787 73 0F jnb short 0055E798
0055E789 BA AC1D5600 mov edx, 00561DAC
0055E78E A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055E793 E8 6491F3FF call 004978FC
0055E798 C3 retn
0055E799 8D40 00 lea eax, dword ptr [eax]
0055E79C 832D 3CB69A00 0>sub dword ptr [9AB63C], 1
0055E7A3 73 19 jnb short 0055E7BE
0055E7A5 B8 088B4900 mov eax, 00498B08
0055E7AA E8 6D67EAFF call 00404F1C
0055E7AF BA FC215600 mov edx, 005621FC
0055E7B4 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055E7B9 E8 3E91F3FF call 004978FC
0055E7BE C3 retn
0055E7BF 90 nop
0055E7C0 832D 40B69A00 0>sub dword ptr [9AB640], 1
0055E7C7 73 0F jnb short 0055E7D8
0055E7C9 BA 14225600 mov edx, 00562214
0055E7CE A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055E7D3 E8 2491F3FF call 004978FC
0055E7D8 C3 retn
0055E7D9 8D40 00 lea eax, dword ptr [eax]
0055E7DC 832D 44B69A00 0>sub dword ptr [9AB644], 1
0055E7E3 73 4B jnb short 0055E830
0055E7E5 E8 36ACF3FF call 00499420
0055E7EA B8 8C9A4900 mov eax, 00499A8C
0055E7EF 8B15 9C6D9A00 mov edx, dword ptr [9A6D9C] ; unRecove.009AB294
0055E7F5 8902 mov dword ptr [edx], eax
0055E7F7 A1 1C679A00 mov eax, dword ptr [9A671C]
0055E7FC C700 FC9C4900 mov dword ptr [eax], 00499CFC
0055E802 B8 24954900 mov eax, 00499524
0055E807 8B15 706E9A00 mov edx, dword ptr [9A6E70] ; unRecove.009A8020
0055E80D 8902 mov dword ptr [edx], eax
0055E80F A1 44669A00 mov eax, dword ptr [9A6644]
0055E814 8038 00 cmp byte ptr [eax], 0
0055E817 75 17 jnz short 0055E830
0055E819 A1 6C6B9A00 mov eax, dword ptr [9A6B6C]
0055E81E 8B00 mov eax, dword ptr [eax]
0055E820 A3 50B69A00 mov dword ptr [9AB650], eax
0055E825 A1 6C6B9A00 mov eax, dword ptr [9A6B6C]
0055E82A C700 D89D4900 mov dword ptr [eax], 00499DD8
0055E830 C3 retn
0055E831 8D40 00 lea eax, dword ptr [eax]
0055E834 832D 58B69A00 0>sub dword ptr [9AB658], 1
0055E83B 73 0F jnb short 0055E84C
0055E83D BA 5C225600 mov edx, 0056225C
0055E842 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055E847 E8 B090F3FF call 004978FC
0055E84C C3 retn
0055E84D 8D40 00 lea eax, dword ptr [eax]
0055E850 832D 60B69A00 0>sub dword ptr [9AB660], 1
0055E857 73 0F jnb short 0055E868
0055E859 BA DC225600 mov edx, 005622DC
0055E85E A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055E863 E8 9490F3FF call 004978FC
0055E868 C3 retn
0055E869 8D40 00 lea eax, dword ptr [eax]
0055E86C 55 push ebp
0055E86D 8BEC mov ebp, esp
0055E86F 33C0 xor eax, eax
0055E871 55 push ebp
0055E872 68 B8E95500 push 0055E9B8
0055E877 64:FF30 push dword ptr fs:[eax]
0055E87A 64:8920 mov dword ptr fs:[eax], esp
0055E87D 832D 6CB69A00 0>sub dword ptr [9AB66C], 1
0055E884 0F83 20010000 jnb 0055E9AA
0055E88A A1 44669A00 mov eax, dword ptr [9A6644]
0055E88F 8038 00 cmp byte ptr [eax], 0
0055E892 74 3E je short 0055E8D2
0055E894 B8 64B69A00 mov eax, 009AB664
0055E899 BA 2C010000 mov edx, 12C
0055E89E E8 7170EAFF call 00405914
0055E8A3 A1 64B69A00 mov eax, dword ptr [9AB664]
0055E8A8 E8 DB6BEAFF call 00405488
0055E8AD 50 push eax
0055E8AE A1 64B69A00 mov eax, dword ptr [9AB664]
0055E8B3 E8 D46DEAFF call 0040568C
0055E8B8 50 push eax
0055E8B9 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055E8BE 50 push eax
0055E8BF E8 DC94EAFF call <jmp.&kernel32.GetModuleFileName>
0055E8C4 8BD0 mov edx, eax
0055E8C6 B8 64B69A00 mov eax, 009AB664
0055E8CB E8 4470EAFF call 00405914
0055E8D0 EB 0C jmp short 0055E8DE
0055E8D2 BA 64B69A00 mov edx, 009AB664
0055E8D7 33C0 xor eax, eax
0055E8D9 E8 4A4AEAFF call 00403328
0055E8DE B2 01 mov dl, 1
0055E8E0 A1 C4C44900 mov eax, dword ptr [49C4C4]
0055E8E5 E8 2E05F4FF call 0049EE18
0055E8EA A3 70B69A00 mov dword ptr [9AB670], eax
0055E8EF A1 70B69A00 mov eax, dword ptr [9AB670]
0055E8F4 E8 8702F4FF call 0049EB80
0055E8F9 B2 01 mov dl, 1
0055E8FB A1 0CE94100 mov eax, dword ptr [41E90C]
0055E900 E8 0F59EAFF call 00404214
0055E905 A3 78B69A00 mov dword ptr [9AB678], eax
0055E90A BA CCE95500 mov edx, 0055E9CC ; ASCII "default"
0055E90F A1 78B69A00 mov eax, dword ptr [9AB678]
0055E914 8B08 mov ecx, dword ptr [eax]
0055E916 FF51 38 call dword ptr [ecx+38]
0055E919 B2 01 mov dl, 1
0055E91B A1 209B4000 mov eax, dword ptr [409B20]
0055E920 E8 3728EBFF call 0041115C
0055E925 A3 74B69A00 mov dword ptr [9AB674], eax
0055E92A B2 01 mov dl, 1
0055E92C A1 D4C34900 mov eax, dword ptr [49C3D4]
0055E931 E8 52F5F3FF call 0049DE88
0055E936 A3 68B69A00 mov dword ptr [9AB668], eax
0055E93B A1 E4709A00 mov eax, dword ptr [9A70E4]
0055E940 8338 02 cmp dword ptr [eax], 2
0055E943 0F9405 F4225600 sete byte ptr [5622F4]
0055E94A 68 14D44900 push 0049D414
0055E94F 6A 00 push 0
0055E951 B9 BC784000 mov ecx, 004078BC ; 入口地址
0055E956 B2 01 mov dl, 1
0055E958 A1 88C54900 mov eax, dword ptr [49C588]
0055E95D E8 BA08F4FF call 0049F21C
0055E962 A3 7CB69A00 mov dword ptr [9AB67C], eax
0055E967 68 50D54900 push 0049D550
0055E96C 6A 00 push 0
0055E96E B9 20AF4000 mov ecx, 0040AF20
0055E973 B2 01 mov dl, 1
0055E975 A1 88C54900 mov eax, dword ptr [49C588]
0055E97A E8 9D08F4FF call 0049F21C
0055E97F A3 80B69A00 mov dword ptr [9AB680], eax
0055E984 68 C8D54900 push 0049D5C8
0055E989 6A 00 push 0
0055E98B B9 34AF4000 mov ecx, 0040AF34
0055E990 B2 01 mov dl, 1
0055E992 A1 88C54900 mov eax, dword ptr [49C588]
0055E997 E8 8008F4FF call 0049F21C
0055E99C A3 84B69A00 mov dword ptr [9AB684], eax
0055E9A1 33D2 xor edx, edx
0055E9A3 B0 01 mov al, 1
0055E9A5 E8 0E0AF4FF call 0049F3B8
0055E9AA 33C0 xor eax, eax
0055E9AC 5A pop edx
0055E9AD 59 pop ecx
0055E9AE 59 pop ecx
0055E9AF 64:8910 mov dword ptr fs:[eax], edx
0055E9B2 68 BFE95500 push 0055E9BF
0055E9B7 C3 retn ; RET 用作跳转到 0055E9BF
0055E9B8 - E9 6360EAFF jmp 00404A20
0055E9BD ^ EB F8 jmp short 0055E9B7
0055E9BF 5D pop ebp
0055E9C0 C3 retn
0055E9C1 0000 add byte ptr [eax], al
0055E9C3 00FF add bh, bh
0055E9C5 FFFF ??? ; 未知命令
0055E9C7 FF07 inc dword ptr [edi]
0055E9C9 0000 add byte ptr [eax], al
0055E9CB 006465 66 add byte ptr [ebp+66], ah
0055E9CF 61 popad
0055E9D0 75 6C jnz short 0055EA3E
0055E9D2 74 00 je short 0055E9D4
0055E9D4 832D 88B69A00 0>sub dword ptr [9AB688], 1
0055E9DB 73 0F jnb short 0055E9EC
0055E9DD BA F8225600 mov edx, 005622F8
0055E9E2 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055E9E7 E8 108FF3FF call 004978FC
0055E9EC C3 retn
0055E9ED 8D40 00 lea eax, dword ptr [eax]
0055E9F0 832D 8CB69A00 0>sub dword ptr [9AB68C], 1
0055E9F7 73 0F jnb short 0055EA08
0055E9F9 BA 10235600 mov edx, 00562310
0055E9FE A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EA03 E8 F48EF3FF call 004978FC
0055EA08 C3 retn
0055EA09 8D40 00 lea eax, dword ptr [eax]
0055EA0C 832D 90B69A00 0>sub dword ptr [9AB690], 1
0055EA13 73 0A jnb short 0055EA1F
0055EA15 B8 D01F4A00 mov eax, 004A1FD0
0055EA1A E8 4965EAFF call 00404F68
0055EA1F C3 retn
0055EA20 832D 94B69A00 0>sub dword ptr [9AB694], 1
0055EA27 73 0A jnb short 0055EA33
0055EA29 E8 1636F4FF call 004A2044
0055EA2E E8 4936F4FF call 004A207C
0055EA33 C3 retn
0055EA34 832D 98BB9A00 0>sub dword ptr [9ABB98], 1
0055EA3B C3 retn
0055EA3C 832D 9CBB9A00 0>sub dword ptr [9ABB9C], 1
0055EA43 73 0F jnb short 0055EA54
0055EA45 B8 24334A00 mov eax, 004A3324
0055EA4A E8 CD64EAFF call 00404F1C
0055EA4F E8 EC46F4FF call 004A3140
0055EA54 C3 retn
0055EA55 8D40 00 lea eax, dword ptr [eax]
0055EA58 832D ACBB9A00 0>sub dword ptr [9ABBAC], 1
0055EA5F C3 retn
0055EA60 832D B0BB9A00 0>sub dword ptr [9ABBB0], 1
0055EA67 73 11 jnb short 0055EA7A
0055EA69 B2 01 mov dl, 1
0055EA6B A1 90E14100 mov eax, dword ptr [41E190]
0055EA70 E8 6F27ECFF call 004211E4
0055EA75 A3 B4BB9A00 mov dword ptr [9ABBB4], eax
0055EA7A C3 retn
0055EA7B 90 nop
0055EA7C 832D B8BB9A00 0>sub dword ptr [9ABBB8], 1
0055EA83 73 14 jnb short 0055EA99
0055EA85 BA 9C2C5600 mov edx, 00562C9C
0055EA8A A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EA8F E8 688EF3FF call 004978FC
0055EA94 E8 0FE1F4FF call 004ACBA8
0055EA99 C3 retn
0055EA9A 8BC0 mov eax, eax
0055EA9C 832D C0BB9A00 0>sub dword ptr [9ABBC0], 1
0055EAA3 73 0F jnb short 0055EAB4
0055EAA5 BA B42C5600 mov edx, 00562CB4
0055EAAA A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EAAF E8 488EF3FF call 004978FC
0055EAB4 C3 retn
0055EAB5 8D40 00 lea eax, dword ptr [eax]
0055EAB8 832D C4BB9A00 0>sub dword ptr [9ABBC4], 1
0055EABF 73 14 jnb short 0055EAD5
0055EAC1 BA D82C5600 mov edx, 00562CD8
0055EAC6 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EACB E8 2C8EF3FF call 004978FC
0055EAD0 E8 7F1FF5FF call 004B0A54
0055EAD5 C3 retn
0055EAD6 8BC0 mov eax, eax
0055EAD8 55 push ebp
0055EAD9 8BEC mov ebp, esp
0055EADB 6A 00 push 0
0055EADD 6A 00 push 0
0055EADF 33C0 xor eax, eax
0055EAE1 55 push ebp
0055EAE2 68 6CEB5500 push 0055EB6C
0055EAE7 64:FF30 push dword ptr fs:[eax]
0055EAEA 64:8920 mov dword ptr fs:[eax], esp
0055EAED 832D C8BF9A00 0>sub dword ptr [9ABFC8], 1
0055EAF4 73 5B jnb short 0055EB51
0055EAF6 BA 402D5600 mov edx, 00562D40
0055EAFB A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EB00 E8 F78DF3FF call 004978FC
0055EB05 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168
0055EB0B A1 700C4B00 mov eax, dword ptr [4B0C70]
0055EB10 E8 1317ECFF call 00420228
0055EB15 A1 700C4B00 mov eax, dword ptr [4B0C70]
0055EB1A E8 CD15ECFF call 004200EC
0055EB1F A1 700C4B00 mov eax, dword ptr [4B0C70]
0055EB24 50 push eax
0055EB25 8D55 FC lea edx, dword ptr [ebp-4]
0055EB28 A1 546F9A00 mov eax, dword ptr [9A6F54]
0055EB2D E8 8A8DEAFF call 004078BC
0055EB32 8B45 FC mov eax, dword ptr [ebp-4]
0055EB35 50 push eax
0055EB36 8D55 F8 lea edx, dword ptr [ebp-8]
0055EB39 A1 C8679A00 mov eax, dword ptr [9A67C8]
0055EB3E E8 798DEAFF call 004078BC
0055EB43 8B55 F8 mov edx, dword ptr [ebp-8]
0055EB46 A1 60EE4200 mov eax, dword ptr [42EE60]
0055EB4B 59 pop ecx
0055EB4C E8 574EEDFF call 004339A8
0055EB51 33C0 xor eax, eax
0055EB53 5A pop edx
0055EB54 59 pop ecx
0055EB55 59 pop ecx
0055EB56 64:8910 mov dword ptr fs:[eax], edx
0055EB59 68 73EB5500 push 0055EB73
0055EB5E 8D45 F8 lea eax, dword ptr [ebp-8]
0055EB61 BA 02000000 mov edx, 2
0055EB66 E8 7166EAFF call 004051DC
0055EB6B C3 retn
0055EB6C - E9 AF5EEAFF jmp 00404A20
0055EB71 ^ EB EB jmp short 0055EB5E
0055EB73 59 pop ecx
0055EB74 59 pop ecx
0055EB75 5D pop ebp
0055EB76 C3 retn
0055EB77 90 nop
0055EB78 832D D0BF9A00 0>sub dword ptr [9ABFD0], 1
0055EB7F 73 14 jnb short 0055EB95
0055EB81 BA 5C2D5600 mov edx, 00562D5C
0055EB86 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EB8B E8 6C8DF3FF call 004978FC
0055EB90 E8 6B83F5FF call 004B6F00
0055EB95 C3 retn
0055EB96 8BC0 mov eax, eax
0055EB98 832D D4BF9A00 0>sub dword ptr [9ABFD4], 1
0055EB9F 73 14 jnb short 0055EBB5
0055EBA1 BA B02D5600 mov edx, 00562DB0
0055EBA6 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EBAB E8 4C8DF3FF call 004978FC
0055EBB0 E8 378BF5FF call 004B76EC
0055EBB5 C3 retn
0055EBB6 8BC0 mov eax, eax
0055EBB8 832D DCBF9A00 0>sub dword ptr [9ABFDC], 1
0055EBBF 73 0F jnb short 0055EBD0
0055EBC1 BA C82D5600 mov edx, 00562DC8
0055EBC6 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EBCB E8 2C8DF3FF call 004978FC
0055EBD0 C3 retn
0055EBD1 8D40 00 lea eax, dword ptr [eax]
0055EBD4 832D E0BF9A00 0>sub dword ptr [9ABFE0], 1
0055EBDB 73 0F jnb short 0055EBEC
0055EBDD BA E82D5600 mov edx, 00562DE8
0055EBE2 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EBE7 E8 108DF3FF call 004978FC
0055EBEC C3 retn
0055EBED 8D40 00 lea eax, dword ptr [eax]
0055EBF0 832D E4BF9A00 0>sub dword ptr [9ABFE4], 1
0055EBF7 73 0F jnb short 0055EC08
0055EBF9 BA 002E5600 mov edx, 00562E00
0055EBFE A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EC03 E8 F48CF3FF call 004978FC
0055EC08 C3 retn
0055EC09 8D40 00 lea eax, dword ptr [eax]
0055EC0C 832D E8BF9A00 0>sub dword ptr [9ABFE8], 1
0055EC13 73 0F jnb short 0055EC24
0055EC15 BA 182E5600 mov edx, 00562E18
0055EC1A A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EC1F E8 D88CF3FF call 004978FC
0055EC24 C3 retn
0055EC25 8D40 00 lea eax, dword ptr [eax]
0055EC28 832D ECBF9A00 0>sub dword ptr [9ABFEC], 1
0055EC2F 73 0F jnb short 0055EC40
0055EC31 BA 302E5600 mov edx, 00562E30
0055EC36 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EC3B E8 BC8CF3FF call 004978FC
0055EC40 C3 retn
0055EC41 8D40 00 lea eax, dword ptr [eax]
0055EC44 832D F0BF9A00 0>sub dword ptr [9ABFF0], 1
0055EC4B 73 19 jnb short 0055EC66
0055EC4D BA 482E5600 mov edx, 00562E48
0055EC52 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EC57 E8 A08CF3FF call 004978FC
0055EC5C B8 70EC5500 mov eax, 0055EC70 ; ASCII "jvcl"
0055EC61 E8 D2EEF3FF call 0049DB38
0055EC66 C3 retn
0055EC67 00FF add bh, bh
0055EC69 FFFF ??? ; 未知命令
0055EC6B FF0400 inc dword ptr [eax+eax]
0055EC6E 0000 add byte ptr [eax], al
0055EC70 6A 76 push 76
0055EC72 636C00 00 arpl word ptr [eax+eax], bp
0055EC76 0000 add byte ptr [eax], al
0055EC78 832D F4BF9A00 0>sub dword ptr [9ABFF4], 1
0055EC7F 73 0F jnb short 0055EC90
0055EC81 BA 602E5600 mov edx, 00562E60
0055EC86 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EC8B E8 6C8CF3FF call 004978FC
0055EC90 C3 retn
0055EC91 8D40 00 lea eax, dword ptr [eax]
0055EC94 832D F8BF9A00 0>sub dword ptr [9ABFF8], 1
0055EC9B 73 19 jnb short 0055ECB6
0055EC9D B8 0CED4B00 mov eax, 004BED0C
0055ECA2 E8 7562EAFF call 00404F1C
0055ECA7 BA 7C2E5600 mov edx, 00562E7C
0055ECAC A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055ECB1 E8 468CF3FF call 004978FC
0055ECB6 C3 retn
0055ECB7 90 nop
0055ECB8 832D FCBF9A00 0>sub dword ptr [9ABFFC], 1
0055ECBF C3 retn
0055ECC0 55 push ebp
0055ECC1 8BEC mov ebp, esp
0055ECC3 83C4 E0 add esp, -20
0055ECC6 832D 00C09A00 0>sub dword ptr [9AC000], 1
0055ECCD 73 34 jnb short 0055ED03
0055ECCF 8D55 E0 lea edx, dword ptr [ebp-20]
0055ECD2 A1 40F14B00 mov eax, dword ptr [4BF140]
0055ECD7 E8 A402F6FF call 004BEF80
0055ECDC 8D45 E0 lea eax, dword ptr [ebp-20]
0055ECDF BA 08ED5500 mov edx, 0055ED08
0055ECE4 B1 20 mov cl, 20
0055ECE6 E8 1550EAFF call 00403D00
0055ECEB 75 0C jnz short 0055ECF9
0055ECED C705 702F5600 9>mov dword ptr [562F70], 004BF198
0055ECF7 EB 0A jmp short 0055ED03
0055ECF9 C705 702F5600 A>mov dword ptr [562F70], 004BF1A0
0055ED03 8BE5 mov esp, ebp
0055ED05 5D pop ebp
0055ED06 C3 retn
0055ED07 0000 add byte ptr [eax], al
0055ED09 0000 add byte ptr [eax], al
0055ED0B 0000 add byte ptr [eax], al
0055ED0D 0000 add byte ptr [eax], al
0055ED0F 0000 add byte ptr [eax], al
0055ED11 0000 add byte ptr [eax], al
0055ED13 0000 add byte ptr [eax], al
0055ED15 0000 add byte ptr [eax], al
0055ED17 0000 add byte ptr [eax], al
0055ED19 0000 add byte ptr [eax], al
0055ED1B 0000 add byte ptr [eax], al
0055ED1D 0000 add byte ptr [eax], al
0055ED1F 0000 add byte ptr [eax], al
0055ED21 0000 add byte ptr [eax], al
0055ED23 0000 add byte ptr [eax], al
0055ED25 0000 add byte ptr [eax], al
0055ED27 0083 2D08C09A add byte ptr [ebx+9AC0082D], al
0055ED2D 0001 add byte ptr [ecx], al
0055ED2F 73 05 jnb short 0055ED36
0055ED31 E8 360BF6FF call 004BF86C
0055ED36 C3 retn
0055ED37 90 nop
0055ED38 832D 10C09A00 0>sub dword ptr [9AC010], 1
0055ED3F 73 0A jnb short 0055ED4B
0055ED41 B8 C01F4C00 mov eax, 004C1FC0
0055ED46 E8 D161EAFF call 00404F1C
0055ED4B C3 retn
0055ED4C 832D 14C09A00 0>sub dword ptr [9AC014], 1
0055ED53 73 0F jnb short 0055ED64
0055ED55 BA B42F5600 mov edx, 00562FB4
0055ED5A A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055ED5F E8 988BF3FF call 004978FC
0055ED64 C3 retn
0055ED65 8D40 00 lea eax, dword ptr [eax]
0055ED68 832D 18C09A00 0>sub dword ptr [9AC018], 1
0055ED6F 73 0F jnb short 0055ED80
0055ED71 BA CC2F5600 mov edx, 00562FCC
0055ED76 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055ED7B E8 7C8BF3FF call 004978FC
0055ED80 C3 retn
0055ED81 8D40 00 lea eax, dword ptr [eax]
0055ED84 832D 1CC09A00 0>sub dword ptr [9AC01C], 1
0055ED8B 73 0F jnb short 0055ED9C
0055ED8D BA E42F5600 mov edx, 00562FE4
0055ED92 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055ED97 E8 608BF3FF call 004978FC
0055ED9C C3 retn
0055ED9D 8D40 00 lea eax, dword ptr [eax]
0055EDA0 832D 20C09A00 0>sub dword ptr [9AC020], 1
0055EDA7 73 0F jnb short 0055EDB8
0055EDA9 BA 04305600 mov edx, 00563004
0055EDAE A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EDB3 E8 448BF3FF call 004978FC
0055EDB8 C3 retn
0055EDB9 8D40 00 lea eax, dword ptr [eax]
0055EDBC 832D 24C09A00 0>sub dword ptr [9AC024], 1
0055EDC3 73 0F jnb short 0055EDD4
0055EDC5 BA 1C305600 mov edx, 0056301C
0055EDCA A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EDCF E8 288BF3FF call 004978FC
0055EDD4 C3 retn
0055EDD5 8D40 00 lea eax, dword ptr [eax]
0055EDD8 832D 30C09A00 0>sub dword ptr [9AC030], 1
0055EDDF 73 0F jnb short 0055EDF0
0055EDE1 BA 38305600 mov edx, 00563038
0055EDE6 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EDEB E8 0C8BF3FF call 004978FC
0055EDF0 C3 retn
0055EDF1 8D40 00 lea eax, dword ptr [eax]
0055EDF4 832D 34C09A00 0>sub dword ptr [9AC034], 1
0055EDFB 73 0F jnb short 0055EE0C
0055EDFD BA 50305600 mov edx, 00563050 ; ASCII "tLL"
0055EE02 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EE07 E8 F08AF3FF call 004978FC
0055EE0C C3 retn
0055EE0D 8D40 00 lea eax, dword ptr [eax]
0055EE10 832D 38C09A00 0>sub dword ptr [9AC038], 1
0055EE17 73 0F jnb short 0055EE28
0055EE19 BA 68305600 mov edx, 00563068 ; ASCII "DML"
0055EE1E A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EE23 E8 D48AF3FF call 004978FC
0055EE28 C3 retn
0055EE29 8D40 00 lea eax, dword ptr [eax]
0055EE2C 832D 3CC09A00 0>sub dword ptr [9AC03C], 1
0055EE33 73 0F jnb short 0055EE44
0055EE35 BA 80305600 mov edx, 00563080
0055EE3A A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EE3F E8 B88AF3FF call 004978FC
0055EE44 C3 retn
0055EE45 8D40 00 lea eax, dword ptr [eax]
0055EE48 832D 40C09A00 0>sub dword ptr [9AC040], 1
0055EE4F 73 0F jnb short 0055EE60
0055EE51 BA 98305600 mov edx, 00563098
0055EE56 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EE5B E8 9C8AF3FF call 004978FC
0055EE60 C3 retn
0055EE61 8D40 00 lea eax, dword ptr [eax]
0055EE64 832D 44C09A00 0>sub dword ptr [9AC044], 1
0055EE6B 73 0F jnb short 0055EE7C
0055EE6D BA B0305600 mov edx, 005630B0
0055EE72 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EE77 E8 808AF3FF call 004978FC
0055EE7C C3 retn
0055EE7D 8D40 00 lea eax, dword ptr [eax]
0055EE80 832D 48C09A00 0>sub dword ptr [9AC048], 1
0055EE87 73 0F jnb short 0055EE98
0055EE89 BA C8305600 mov edx, 005630C8
0055EE8E A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EE93 E8 648AF3FF call 004978FC
0055EE98 C3 retn
0055EE99 8D40 00 lea eax, dword ptr [eax]
0055EE9C 832D 4CC09A00 0>sub dword ptr [9AC04C], 1
0055EEA3 73 0F jnb short 0055EEB4
0055EEA5 BA E8305600 mov edx, 005630E8
0055EEAA A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EEAF E8 488AF3FF call 004978FC
0055EEB4 C3 retn
0055EEB5 8D40 00 lea eax, dword ptr [eax]
0055EEB8 832D 50C09A00 0>sub dword ptr [9AC050], 1
0055EEBF 73 0F jnb short 0055EED0
0055EEC1 BA 44315600 mov edx, 00563144
0055EEC6 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EECB E8 2C8AF3FF call 004978FC
0055EED0 C3 retn
0055EED1 8D40 00 lea eax, dword ptr [eax]
0055EED4 832D 54C09A00 0>sub dword ptr [9AC054], 1
0055EEDB C3 retn
0055EEDC 832D 58C09A00 0>sub dword ptr [9AC058], 1
0055EEE3 C3 retn
0055EEE4 55 push ebp
0055EEE5 8BEC mov ebp, esp
0055EEE7 33C0 xor eax, eax
0055EEE9 55 push ebp
0055EEEA 68 16EF5500 push 0055EF16
0055EEEF 64:FF30 push dword ptr fs:[eax]
0055EEF2 64:8920 mov dword ptr fs:[eax], esp
0055EEF5 832D 60C09A00 0>sub dword ptr [9AC060], 1
0055EEFC 73 0A jnb short 0055EF08
0055EEFE E8 0D96F7FF call 004D8510
0055EF03 A2 64C09A00 mov byte ptr [9AC064], al
0055EF08 33C0 xor eax, eax
0055EF0A 5A pop edx
0055EF0B 59 pop ecx
0055EF0C 59 pop ecx
0055EF0D 64:8910 mov dword ptr fs:[eax], edx
0055EF10 68 1DEF5500 push 0055EF1D
0055EF15 C3 retn ; RET 用作跳转到 0055EF1D
0055EF16 - E9 055BEAFF jmp 00404A20
0055EF1B ^ EB F8 jmp short 0055EF15
0055EF1D 5D pop ebp
0055EF1E C3 retn
0055EF1F 90 nop
0055EF20 832D 68C09A00 0>sub dword ptr [9AC068], 1
0055EF27 C3 retn
0055EF28 832D 6CC09A00 0>sub dword ptr [9AC06C], 1
0055EF2F C3 retn
0055EF30 832D 70C09A00 0>sub dword ptr [9AC070], 1
0055EF37 C3 retn
0055EF38 832D 74C09A00 0>sub dword ptr [9AC074], 1
0055EF3F 73 0F jnb short 0055EF50
0055EF41 BA A4559A00 mov edx, 009A55A4
0055EF46 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EF4B E8 AC89F3FF call 004978FC
0055EF50 C3 retn
0055EF51 8D40 00 lea eax, dword ptr [eax]
0055EF54 832D 78C09A00 0>sub dword ptr [9AC078], 1
0055EF5B 73 0F jnb short 0055EF6C
0055EF5D BA BC559A00 mov edx, 009A55BC
0055EF62 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EF67 E8 9089F3FF call 004978FC
0055EF6C C3 retn
0055EF6D 8D40 00 lea eax, dword ptr [eax]
0055EF70 832D 7CC09A00 0>sub dword ptr [9AC07C], 1
0055EF77 73 0F jnb short 0055EF88
0055EF79 BA D4559A00 mov edx, 009A55D4
0055EF7E A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EF83 E8 7489F3FF call 004978FC
0055EF88 C3 retn
0055EF89 8D40 00 lea eax, dword ptr [eax]
0055EF8C 832D 80C09A00 0>sub dword ptr [9AC080], 1
0055EF93 73 0F jnb short 0055EFA4
0055EF95 BA EC559A00 mov edx, 009A55EC
0055EF9A A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EF9F E8 5889F3FF call 004978FC
0055EFA4 C3 retn
0055EFA5 8D40 00 lea eax, dword ptr [eax]
0055EFA8 832D 84C09A00 0>sub dword ptr [9AC084], 1
0055EFAF 73 0F jnb short 0055EFC0
0055EFB1 BA 04569A00 mov edx, 009A5604 ; ASCII "t㎝"
0055EFB6 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EFBB E8 3C89F3FF call 004978FC
0055EFC0 C3 retn
0055EFC1 8D40 00 lea eax, dword ptr [eax]
0055EFC4 832D 88C09A00 0>sub dword ptr [9AC088], 1
0055EFCB 73 0F jnb short 0055EFDC
0055EFCD BA 1C569A00 mov edx, 009A561C
0055EFD2 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EFD7 E8 2089F3FF call 004978FC
0055EFDC C3 retn
0055EFDD 8D40 00 lea eax, dword ptr [eax]
0055EFE0 832D 8CC09A00 0>sub dword ptr [9AC08C], 1
0055EFE7 73 0F jnb short 0055EFF8
0055EFE9 BA 34569A00 mov edx, 009A5634
0055EFEE A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055EFF3 E8 0489F3FF call 004978FC
0055EFF8 C3 retn
0055EFF9 8D40 00 lea eax, dword ptr [eax]
0055EFFC 832D 90C09A00 0>sub dword ptr [9AC090], 1
0055F003 73 0F jnb short 0055F014
0055F005 BA 4C569A00 mov edx, 009A564C
0055F00A A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F00F E8 E888F3FF call 004978FC
0055F014 C3 retn
0055F015 8D40 00 lea eax, dword ptr [eax]
0055F018 832D 94C09A00 0>sub dword ptr [9AC094], 1
0055F01F 73 0F jnb short 0055F030
0055F021 BA 84569A00 mov edx, 009A5684
0055F026 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F02B E8 CC88F3FF call 004978FC
0055F030 C3 retn
0055F031 8D40 00 lea eax, dword ptr [eax]
0055F034 832D 98C09A00 0>sub dword ptr [9AC098], 1
0055F03B 73 0F jnb short 0055F04C
0055F03D BA 9C569A00 mov edx, 009A569C
0055F042 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F047 E8 B088F3FF call 004978FC
0055F04C C3 retn
0055F04D 8D40 00 lea eax, dword ptr [eax]
0055F050 832D 9CC09A00 0>sub dword ptr [9AC09C], 1
0055F057 73 0F jnb short 0055F068
0055F059 BA B4569A00 mov edx, 009A56B4
0055F05E A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F063 E8 9488F3FF call 004978FC
0055F068 C3 retn
0055F069 8D40 00 lea eax, dword ptr [eax]
0055F06C 832D A0C09A00 0>sub dword ptr [9AC0A0], 1
0055F073 73 0F jnb short 0055F084
0055F075 BA 54579A00 mov edx, 009A5754
0055F07A A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F07F E8 7888F3FF call 004978FC
0055F084 C3 retn
0055F085 8D40 00 lea eax, dword ptr [eax]
0055F088 832D A4C09A00 0>sub dword ptr [9AC0A4], 1
0055F08F 73 0F jnb short 0055F0A0
0055F091 BA 6C579A00 mov edx, 009A576C
0055F096 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F09B E8 5C88F3FF call 004978FC
0055F0A0 C3 retn
0055F0A1 8D40 00 lea eax, dword ptr [eax]
0055F0A4 832D A8C09A00 0>sub dword ptr [9AC0A8], 1
0055F0AB 73 0F jnb short 0055F0BC
0055F0AD BA 84579A00 mov edx, 009A5784
0055F0B2 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F0B7 E8 4088F3FF call 004978FC
0055F0BC C3 retn
0055F0BD 8D40 00 lea eax, dword ptr [eax]
0055F0C0 832D ACC09A00 0>sub dword ptr [9AC0AC], 1
0055F0C7 73 0F jnb short 0055F0D8
0055F0C9 BA A0579A00 mov edx, 009A57A0
0055F0CE A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F0D3 E8 2488F3FF call 004978FC
0055F0D8 C3 retn
0055F0D9 8D40 00 lea eax, dword ptr [eax]
0055F0DC 832D B0C09A00 0>sub dword ptr [9AC0B0], 1
0055F0E3 73 0F jnb short 0055F0F4
0055F0E5 BA B8579A00 mov edx, 009A57B8
0055F0EA A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F0EF E8 0888F3FF call 004978FC
0055F0F4 C3 retn
0055F0F5 8D40 00 lea eax, dword ptr [eax]
0055F0F8 832D B4C09A00 0>sub dword ptr [9AC0B4], 1
0055F0FF 73 0F jnb short 0055F110
0055F101 BA DC579A00 mov edx, 009A57DC
0055F106 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F10B E8 EC87F3FF call 004978FC
0055F110 C3 retn
0055F111 8D40 00 lea eax, dword ptr [eax]
0055F114 832D B8C09A00 0>sub dword ptr [9AC0B8], 1
0055F11B 73 11 jnb short 0055F12E
0055F11D B2 01 mov dl, 1
0055F11F A1 A0364F00 mov eax, dword ptr [4F36A0]
0055F124 E8 5BB9EBFF call 0041AA84
0055F129 A3 AC599A00 mov dword ptr [9A59AC], eax
0055F12E C3 retn
0055F12F 90 nop
0055F130 832D BCC09A00 0>sub dword ptr [9AC0BC], 1
0055F137 73 11 jnb short 0055F14A
0055F139 B2 01 mov dl, 1
0055F13B A1 988A4F00 mov eax, dword ptr [4F8A98]
0055F140 E8 3FB9EBFF call 0041AA84
0055F145 A3 D0599A00 mov dword ptr [9A59D0], eax
0055F14A C3 retn
0055F14B 90 nop
0055F14C 55 push ebp
0055F14D 8BEC mov ebp, esp
0055F14F 33C0 xor eax, eax
0055F151 55 push ebp
0055F152 68 ADF15500 push 0055F1AD
0055F157 64:FF30 push dword ptr fs:[eax]
0055F15A 64:8920 mov dword ptr fs:[eax], esp
0055F15D 832D CCC09A00 0>sub dword ptr [9AC0CC], 1
0055F164 73 39 jnb short 0055F19F
0055F166 B2 01 mov dl, 1
0055F168 A1 C8005100 mov eax, dword ptr [5100C8]
0055F16D E8 A250EAFF call 00404214
0055F172 8BD0 mov edx, eax
0055F174 85D2 test edx, edx
0055F176 74 03 je short 0055F17B
0055F178 83EA F8 sub edx, -8
0055F17B B8 C4C09A00 mov eax, 009AC0C4
0055F180 B9 B8F15500 mov ecx, 0055F1B8
0055F185 E8 7A82EAFF call 00407404
0055F18A B8 C8C09A00 mov eax, 009AC0C8
0055F18F 8B15 C4C09A00 mov edx, dword ptr [9AC0C4]
0055F195 B9 C8F15500 mov ecx, 0055F1C8
0055F19A E8 6582EAFF call 00407404
0055F19F 33C0 xor eax, eax
0055F1A1 5A pop edx
0055F1A2 59 pop ecx
0055F1A3 59 pop ecx
0055F1A4 64:8910 mov dword ptr fs:[eax], edx
0055F1A7 68 B4F15500 push 0055F1B4
0055F1AC C3 retn
0055F1AD - E9 6E58EAFF jmp 00404A20
0055F1B2 ^ EB F8 jmp short 0055F1AC
0055F1B4 5D pop ebp
0055F1B5 C3 retn
0055F1B6 0000 add byte ptr [eax], al
0055F1B8 08C5 or ch, al
0055F1BA A1 29DC6ACD mov eax, dword ptr [CD6ADC29]
0055F1BF 44 inc esp
0055F1C0 88DE mov dh, bl
0055F1C2 4F dec edi
0055F1C3 51 push ecx
0055F1C4 B2 5D mov dl, 5D
0055F1C6 59 pop ecx
0055F1C7 95 xchg eax, ebp
0055F1C8 ^ 76 DF jbe short 0055F1A9
0055F1CA A0 FA6AECAA mov al, byte ptr [AAEC6AFA]
0055F1CF 48 dec eax
0055F1D0 97 xchg eax, edi
0055F1D1 54 push esp
0055F1D2 2D 36DF815C sub eax, 5C81DF36
0055F1D7 0D 558BEC33 or eax, 33EC8B55
0055F1DC C055 68 21 rcl byte ptr [ebp+68], 21
0055F1E0 F2: prefix repne:
0055F1E1 55 push ebp
0055F1E2 0064FF 30 add byte ptr [edi+edi*8+30], ah
0055F1E6 64:8920 mov dword ptr fs:[eax], esp
0055F1E9 832D D0C09A00 0>sub dword ptr [9AC0D0], 1
0055F1F0 73 21 jnb short 0055F213
0055F1F2 B8 50195200 mov eax, 00521950
0055F1F7 E8 6C5DEAFF call 00404F68
0055F1FC B8 D4C09A00 mov eax, 009AC0D4
0055F201 E8 BA81EAFF call 004073C0
0055F206 50 push eax
0055F207 6A 01 push 1
0055F209 E8 7299EAFF call <jmp.&ole32.CoGetMalloc>
0055F20E E8 BDA0F3FF call 004992D0
0055F213 33C0 xor eax, eax
0055F215 5A pop edx
0055F216 59 pop ecx
0055F217 59 pop ecx
0055F218 64:8910 mov dword ptr fs:[eax], edx
0055F21B 68 28F25500 push 0055F228
0055F220 C3 retn
0055F221 - E9 FA57EAFF jmp 00404A20
0055F226 ^ EB F8 jmp short 0055F220
0055F228 5D pop ebp
0055F229 C3 retn
0055F22A 8BC0 mov eax, eax
0055F22C 832D D8C09A00 0>sub dword ptr [9AC0D8], 1
0055F233 73 0F jnb short 0055F244
0055F235 BA 805F9A00 mov edx, 009A5F80
0055F23A A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F23F E8 B886F3FF call 004978FC
0055F244 C3 retn
0055F245 8D40 00 lea eax, dword ptr [eax]
0055F248 832D DCC09A00 0>sub dword ptr [9AC0DC], 1
0055F24F 73 0F jnb short 0055F260
0055F251 BA B05F9A00 mov edx, 009A5FB0
0055F256 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F25B E8 9C86F3FF call 004978FC
0055F260 C3 retn
0055F261 8D40 00 lea eax, dword ptr [eax]
0055F264 832D E0C09A00 0>sub dword ptr [9AC0E0], 1
0055F26B 73 0F jnb short 0055F27C
0055F26D BA C85F9A00 mov edx, 009A5FC8
0055F272 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F277 E8 8086F3FF call 004978FC
0055F27C C3 retn
0055F27D 8D40 00 lea eax, dword ptr [eax]
0055F280 832D E4C09A00 0>sub dword ptr [9AC0E4], 1
0055F287 73 14 jnb short 0055F29D
0055F289 BA E05F9A00 mov edx, 009A5FE0
0055F28E A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F293 E8 6486F3FF call 004978FC
0055F298 E8 9334FDFF call 00532730
0055F29D C3 retn
0055F29E 8BC0 mov eax, eax
0055F2A0 832D E8C09A00 0>sub dword ptr [9AC0E8], 1
0055F2A7 73 0F jnb short 0055F2B8
0055F2A9 BA F85F9A00 mov edx, 009A5FF8
0055F2AE A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F2B3 E8 4486F3FF call 004978FC
0055F2B8 C3 retn
0055F2B9 8D40 00 lea eax, dword ptr [eax]
0055F2BC 832D ECC09A00 0>sub dword ptr [9AC0EC], 1
0055F2C3 73 0F jnb short 0055F2D4
0055F2C5 BA 10609A00 mov edx, 009A6010
0055F2CA A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F2CF E8 2886F3FF call 004978FC
0055F2D4 C3 retn
0055F2D5 8D40 00 lea eax, dword ptr [eax]
0055F2D8 832D F0C09A00 0>sub dword ptr [9AC0F0], 1
0055F2DF 73 0F jnb short 0055F2F0
0055F2E1 BA 70609A00 mov edx, 009A6070 ; ASCII "XvS"
0055F2E6 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F2EB E8 0C86F3FF call 004978FC
0055F2F0 C3 retn
0055F2F1 8D40 00 lea eax, dword ptr [eax]
0055F2F4 832D F4C09A00 0>sub dword ptr [9AC0F4], 1
0055F2FB 73 0F jnb short 0055F30C
0055F2FD BA 88609A00 mov edx, 009A6088
0055F302 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F307 E8 F085F3FF call 004978FC
0055F30C C3 retn
0055F30D 8D40 00 lea eax, dword ptr [eax]
0055F310 832D 08C19A00 0>sub dword ptr [9AC108], 1
0055F317 73 0F jnb short 0055F328
0055F319 BA B0609A00 mov edx, 009A60B0
0055F31E A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F323 E8 D485F3FF call 004978FC
0055F328 C3 retn
0055F329 8D40 00 lea eax, dword ptr [eax]
0055F32C 832D 0CC19A00 0>sub dword ptr [9AC10C], 1
0055F333 73 0F jnb short 0055F344
0055F335 BA C8609A00 mov edx, 009A60C8
0055F33A A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F33F E8 B885F3FF call 004978FC
0055F344 C3 retn
0055F345 8D40 00 lea eax, dword ptr [eax]
0055F348 832D 10C19A00 0>sub dword ptr [9AC110], 1
0055F34F 73 0F jnb short 0055F360
0055F351 BA F0609A00 mov edx, 009A60F0
0055F356 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F35B E8 9C85F3FF call 004978FC
0055F360 C3 retn
0055F361 8D40 00 lea eax, dword ptr [eax]
0055F364 832D 14C19A00 0>sub dword ptr [9AC114], 1
0055F36B 73 0F jnb short 0055F37C
0055F36D BA F8639A00 mov edx, 009A63F8
0055F372 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F377 E8 8085F3FF call 004978FC
0055F37C C3 retn
0055F37D 8D40 00 lea eax, dword ptr [eax]
0055F380 832D 18C19A00 0>sub dword ptr [9AC118], 1
0055F387 73 0F jnb short 0055F398
0055F389 BA EC649A00 mov edx, 009A64EC
0055F38E A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F393 E8 6485F3FF call 004978FC
0055F398 C3 retn
0055F399 8D40 00 lea eax, dword ptr [eax]
0055F39C 832D 1CC19A00 0>sub dword ptr [9AC11C], 1
0055F3A3 73 0F jnb short 0055F3B4
0055F3A5 BA 04659A00 mov edx, 009A6504
0055F3AA A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F3AF E8 4885F3FF call 004978FC
0055F3B4 C3 retn
0055F3B5 8D40 00 lea eax, dword ptr [eax]
0055F3B8 832D 20C19A00 0>sub dword ptr [9AC120], 1
0055F3BF 73 0F jnb short 0055F3D0
0055F3C1 BA 1C659A00 mov edx, 009A651C
0055F3C6 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F3CB E8 2C85F3FF call 004978FC
0055F3D0 C3 retn
0055F3D1 8D40 00 lea eax, dword ptr [eax]
0055F3D4 832D 24C19A00 0>sub dword ptr [9AC124], 1
0055F3DB 73 0F jnb short 0055F3EC
0055F3DD BA 34659A00 mov edx, 009A6534
0055F3E2 A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F3E7 E8 1085F3FF call 004978FC
0055F3EC C3 retn
0055F3ED 8D40 00 lea eax, dword ptr [eax]
0055F3F0 832D 28C19A00 0>sub dword ptr [9AC128], 1
0055F3F7 73 0F jnb short 0055F408
0055F3F9 BA 4C659A00 mov edx, 009A654C
0055F3FE A1 F8A79A00 mov eax, dword ptr [9AA7F8]
0055F403 E8 F484F3FF call 004978FC
0055F408 C3 retn
0055F409 8D40 00 lea eax, dword ptr [eax]
0055F40C 832D 64C19A00 0>sub dword ptr [9AC164], 1
0055F413 C3 retn
0055F414 832D 80C19A00 0>sub dword ptr [9AC180], 1
0055F41B 73 0A jnb short 0055F427
0055F41D B8 FCC85500 mov eax, 0055C8FC
0055F422 E8 415BEAFF call 00404F68
0055F427 C3 retn
0055F428 > 55 push ebp
0055F429 8BEC mov ebp, esp
0055F42B 83C4 F0 add esp, -10
0055F42E B8 F8CB5500 mov eax, 0055CBF8
0055F433 E8 0886EAFF call 00407A40
0055F438 A1 2C6D9A00 mov eax, dword ptr [9A6D2C]
0055F43D 8B00 mov eax, dword ptr [eax]
0055F43F E8 FCA1F1FF call 00479640
0055F444 A1 2C6D9A00 mov eax, dword ptr [9A6D2C]
0055F449 8B00 mov eax, dword ptr [eax]
0055F44B BA 88F45500 mov edx, 0055F488 ; ASCII "Recovery Toolbox for MS SQL Server"
0055F450 E8 6B9CF1FF call 004790C0
0055F455 8B0D 0C689A00 mov ecx, dword ptr [9A680C] ; unRecove.009AC13C
0055F45B A1 2C6D9A00 mov eax, dword ptr [9A6D2C]
0055F460 8B00 mov eax, dword ptr [eax]
0055F462 8B15 E4205500 mov edx, dword ptr [5520E4] ; unRecove.00552130
0055F468 E8 EBA1F1FF call 00479658
0055F46D A1 2C6D9A00 mov eax, dword ptr [9A6D2C]
0055F472 8B00 mov eax, dword ptr [eax]
0055F474 E8 5FA2F1FF call 004796D8
0055F479 E8 265CEAFF call 004050A4
0055F47E 0000 add byte ptr [eax], al
0055F480 FFFF ??? ; 未知命令
0055F482 FFFF ??? ; 未知命令
0055F484 2200 and al, byte ptr [eax]
0055F486 0000 add byte ptr [eax], al
0055F488 52 push edx
0055F489 65:636F 76 arpl word ptr gs:[edi+76], bp
0055F48D 65:72 79 jb short 0055F509
0055F490 20546F 6F and byte ptr [edi+ebp*2+6F], dl
0055F494 6C ins byte ptr es:[edi], dx
0055F495 626F 78 bound ebp, qword ptr [edi+78]
0055F498 2066 6F and byte ptr [esi+6F], ah
0055F49B 72 20 jb short 0055F4BD
0055F49D 4D dec ebp
0055F49E 53 push ebx
0055F49F 2053 51 and byte ptr [ebx+51], dl
0055F4A2 4C dec esp
0055F4A3 2053 65 and byte ptr [ebx+65], dl
0055F4A6 72 76 jb short 0055F51E
0055F4A8 65:72 00 jb short 0055F4AB
|
