请看雪前辈们能指点小弟一二

A1=XP SP3下ntdll.7C92E920这个函数叫啥名，或者功能是啥？
A2=XP SP3下ntdll.7C930228这个函数叫啥名，或者功能是啥？
A3=下面函数是在干嘛呢？
A4=小弟自学出身,很多理解和用词都不准确.希望能给与纠正

CALL 00A052CF                        ;  检查PE格式文件
{

CMP WORD PTR DS:[400000],5A4D            ;  检查IMAGE_DOS_HEADER第一字段e_magic
JNZ SHORT 00A0530D
MOV EAX,DWORD PTR DS:[40003C]            ;  获取IMAGE_DOS_HEADER最后字段e_lfanew得到RVA
CMP DWORD PTR DS:[EAX+400000],4550       ;  检查IMAGE_NT_HEADERS第一字段Signature
JNZ SHORT 00A0530D
CMP WORD PTR DS:[EAX+400018],10B         ;  检查IMAGE_OPTIONAL_HEADER第一字段Magic
JNZ SHORT 00A0530D
CMP DWORD PTR DS:[EAX+400074],0E         ;  检查IMAGE_OPTIONAL_HEADER第三十字段NumberOfRvaAndSizes
JBE SHORT 00A0530D
XOR ECX,ECX
CMP DWORD PTR DS:[EAX+4000E8],ECX        ;  检查IMAGE_DATA_DIRECTORY第十五成员IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
SETNE CL                                 ;  if ZF=1 then cl=0 else cl=1
MOV EAX,ECX                              ;  返回值=TRUE
RETN
XOR EAX,EAX
RETN

}

----------------------------------------------------------------------------------------------------------------------------

PE文件格式
{
IMAGE_DOS_HEADER

+000 WORD e_magic;
+002 WORD e_cblp;
+004 WORD e_cp;
+006 WORD e_crlc;
+008 WORD e_cparhdr;
+00A WORD e_minalloc;
+00C WORD e_maxalloc;
+00E WORD e_ss;
+010 WORD e_sp;
+012 WORD e_csum;
+014 WORD e_ip;
+016 WORD e_cs;
+018 WORD e_lfarlc;
+01A WORD e_ovno;
+01C WORD e_res[4];
+024 WORD e_oemid;
+026 WORD e_oeminfo;
+028 WORD e_res2[10];
+03C LONG e_lfanew;

IMAGE_NT_HEADERS

e_lfanew+000 DWORD Signature;

IMAGE_FILE_HEADER

e_lfanew+004 WORD  Machine;
e_lfanew+006 WORD  NumberOfSections;
e_lfanew+008 DWORD TimeDateStamp;
e_lfanew+00C DWORD PointerToSymbolTable;
e_lfanew+010 DWORD NumberOfSymbols;
e_lfanew+014 WORD  SizeOfOptionalHeader;
e_lfanew+016 WORD  Characteristics;

IMAGE_OPTIONAL_HEADER

e_lfanew+018 WORD Magic;
e_lfanew+01A BYTE MajorLinkerVersion;
e_lfanew+01B BYTE MinorLinkerVersion;
e_lfanew+01C DWORD SizeOfCode;
e_lfanew+020 DWORD SizeOfInitializedData;
e_lfanew+024 DWORD SizeOfUninitializedData;
e_lfanew+028 DWORD AddressOfEntryPoint;
e_lfanew+02C DWORD BaseOfCode;
e_lfanew+030 DWORD BaseOfData;
e_lfanew+034 DWORD ImageBase;
e_lfanew+038 DWORD SectionAlignment;
e_lfanew+03C DWORD FileAlignment;
e_lfanew+040 WORD MajorOperatingSystemVersion;
e_lfanew+042 WORD MinorOperatingSystemVersion;
e_lfanew+044 WORD MajorImageVersion;
e_lfanew+046 WORD MinorImageVersion;
e_lfanew+048 WORD MajorSubsystemVersion;
e_lfanew+04A WORD MinorSubsystemVersion;
e_lfanew+04C DWORD Win32VersionValue;
e_lfanew+050 DWORD SizeOfImage;
e_lfanew+054 DWORD SizeOfHeaders;
e_lfanew+058 DWORD CheckSum;
e_lfanew+05C WORD Subsystem;
e_lfanew+05E WORD DllCharacteristics;
e_lfanew+060 DWORD SizeOfStackReserve;
e_lfanew+064 DWORD SizeOfStackCommit;
e_lfanew+068 DWORD SizeOfHeapReserve;
e_lfanew+06C DWORD SizeOfHeapCommit;
e_lfanew+070 DWORD LoaderFlags;
e_lfanew+074 DWORD NumberOfRvaAndSizes;

IMAGE_DATA_DIRECTORY

e_lfanew+078 IMAGE_DIRECTORY_ENTRY_EXPORT
e_lfanew+080 IMAGE_DIRECTORY_ENTRY_IMPORT         
e_lfanew+088 IMAGE_DIRECTORY_ENTRY_RESOURCE        
e_lfanew+090 IMAGE_DIRECTORY_ENTRY_EXCEPTION      
e_lfanew+098 IMAGE_DIRECTORY_ENTRY_SECURITY        
e_lfanew+0A0 IMAGE_DIRECTORY_ENTRY_BASERELOC      
e_lfanew+0A8 IMAGE_DIRECTORY_ENTRY_DEBUG           
e_lfanew+0B0 IMAGE_DIRECTORY_ENTRY_COPYRIGHT      
e_lfanew+0B8 IMAGE_DIRECTORY_ENTRY_GLOBALPTR   
e_lfanew+0C0 IMAGE_DIRECTORY_ENTRY_TLS                    
e_lfanew+0C8 IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG   
e_lfanew+0D0 IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT   
e_lfanew+0D8 IMAGE_DIRECTORY_ENTRY_IAT            
e_lfanew+0E0 IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT   
e_lfanew+0E8 IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
e_lfanew+0F0 保留
         
}

希望有前辈能感念来路艰辛不吝赐教....

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课