-
-
[旧帖] [讨论]有搞wefi的吗,这是个什么壳呢? 0.00雪花
-
发表于: 2011-3-2 13:04 721
-
这是WeFi-v4.0.1.0版的
00486156 > /6A 58 push 58
00486158 . |68 70455600 push 00564570
0048615D . |E8 42040000 call 004865A4
00486162 . |33DB xor ebx, ebx
00486164 . |895D E4 mov dword ptr [ebp-1C], ebx
00486167 . |895D FC mov dword ptr [ebp-4], ebx
0048616A . |8D45 98 lea eax, dword ptr [ebp-68]
0048616D . |50 push eax ; /pStartupinfo
0048616E . |FF15 E0F25600 call dword ptr [<&KERNEL32.GetStartup>; \GetStartupInfoA
00486174 . |C745 FC FEFFF>mov dword ptr [ebp-4], -2
0048617B . |C745 FC 01000>mov dword ptr [ebp-4], 1
00486182 . |64:A1 1800000>mov eax, dword ptr fs:[18]
00486188 . |8B70 04 mov esi, dword ptr [eax+4]
0048618B . |BF 18C85600 mov edi, 0056C818
00486190 > |6A 00 push 0
00486192 . |56 push esi
00486193 . |57 push edi
00486194 . |FF15 E4F25600 call dword ptr [<&KERNEL32.Interlocke>; kernel32.InterlockedCompareExchange
0048619A . |85C0 test eax, eax
0048619C . |74 18 je short 004861B6
0048619E . |3BC6 cmp eax, esi
004861A0 . |75 07 jnz short 004861A9
004861A2 . |33F6 xor esi, esi
004861A4 . |46 inc esi
004861A5 . |8BDE mov ebx, esi
004861A7 . |EB 10 jmp short 004861B9
004861A9 > |68 E8030000 push 3E8 ; /Timeout = 1000. ms
004861AE . |FF15 E8F25600 call dword ptr [<&KERNEL32.Sleep>] ; \Sleep
004861B4 .^|EB DA jmp short 00486190
004861B6 > |33F6 xor esi, esi
004861B8 . |46 inc esi
004861B9 > |A1 08C85600 mov eax, dword ptr [56C808]
004861BE . |3BC6 cmp eax, esi
004861C0 . |75 0A jnz short 004861CC
004861C2 . |6A 1F push 1F
004861C4 . |E8 51050000 call <jmp.&MSVCR90._amsg_exit>
004861C9 . |59 pop ecx
004861CA . |EB 2F jmp short 004861FB
004861CC > |A1 08C85600 mov eax, dword ptr [56C808]
004861D1 . |85C0 test eax, eax
004861D3 . |75 20 jnz short 004861F5
004861D5 . |8935 08C85600 mov dword ptr [56C808], esi
004861DB . |68 B8C94900 push 0049C9B8
004861E0 . |68 A8C54900 push 0049C5A8
004861E5 . |E8 FA060000 call <jmp.&MSVCR90._initterm_e>
004861EA . |59 pop ecx
004861EB . |59 pop ecx
004861EC . |85C0 test eax, eax
004861EE . |74 0B je short 004861FB
004861F0 . |E9 2E010000 jmp 00486323
004861F5 > |8935 C0C45600 mov dword ptr [56C4C0], esi
004861FB > |A1 08C85600 mov eax, dword ptr [56C808]
00486200 . |3BC6 cmp eax, esi
00486202 . |75 1B jnz short 0048621F
00486204 . |68 A4C44900 push 0049C4A4
00486209 . |68 00C04900 push 0049C000
0048620E . |E8 CB060000 call <jmp.&MSVCR90._initterm>
00486213 . |59 pop ecx
00486214 . |59 pop ecx
00486215 . |C705 08C85600>mov dword ptr [56C808], 2
0048621F > |85DB test ebx, ebx
00486221 . |75 08 jnz short 0048622B
00486223 . |53 push ebx ; /NewValue
00486224 . |57 push edi ; |pTarget
00486225 . |FF15 ECF25600 call dword ptr [<&KERNEL32.Interlocke>; \InterlockedExchange
0048622B > |833D 28C85600>cmp dword ptr [56C828], 0
00486232 . |74 1B je short 0048624F
00486234 . |68 28C85600 push 0056C828
00486239 . |E8 E2050000 call 00486820
0048623E . |59 pop ecx
0048623F . |85C0 test eax, eax
00486241 . |74 0C je short 0048624F
00486243 . |6A 00 push 0
00486245 . |6A 02 push 2
00486247 . |6A 00 push 0
00486249 . |FF15 28C85600 call dword ptr [56C828]
0048624F > |A1 70F45600 mov eax, dword ptr [<&MSVCR90._acmdl>
00486254 . |8B30 mov esi, dword ptr [eax]
00486256 > |8975 E0 mov dword ptr [ebp-20], esi
00486259 . |8A06 mov al, byte ptr [esi]
0048625B . |3C 20 cmp al, 20
0048625D . |77 4C ja short 004862AB
0048625F . |84C0 test al, al
00486261 . |74 06 je short 00486269
00486263 . |837D E4 00 cmp dword ptr [ebp-1C], 0
00486267 . |75 42 jnz short 004862AB
00486269 > |8A06 mov al, byte ptr [esi]
0048626B . |84C0 test al, al
0048626D . |74 0A je short 00486279
0048626F . |3C 20 cmp al, 20
00486271 . |77 06 ja short 00486279
00486273 . |46 inc esi
00486274 . |8975 E0 mov dword ptr [ebp-20], esi
00486277 .^|EB F0 jmp short 00486269
00486279 > |F645 C4 01 test byte ptr [ebp-3C], 1
0048627D . |74 06 je short 00486285
0048627F . |0FB745 C8 movzx eax, word ptr [ebp-38]
00486283 . |EB 03 jmp short 00486288
00486285 > |6A 0A push 0A
00486287 . |58 pop eax
00486288 > |50 push eax
00486289 . |56 push esi
0048628A . |6A 00 push 0
0048628C . |68 00004000 push 00400000
00486291 . |E8 EA0A0000 call 00486D80
00486296 . |A3 BCC45600 mov dword ptr [56C4BC], eax
0048629B . |833D B0C45600>cmp dword ptr [56C4B0], 0
004862A2 . |75 5B jnz short 004862FF
004862A4 . |50 push eax ; /status
004862A5 . |FF15 6CF45600 call dword ptr [<&MSVCR90.exit>] ; \exit
004862AB > |3C 22 cmp al, 22
004862AD . |75 0B jnz short 004862BA
004862AF . |33C9 xor ecx, ecx
004862B1 . |394D E4 cmp dword ptr [ebp-1C], ecx
004862B4 . |0F94C1 sete cl
004862B7 . |894D E4 mov dword ptr [ebp-1C], ecx
004862BA > |0FB6C0 movzx eax, al
004862BD . |50 push eax ; /c
004862BE . |FF15 68F45600 call dword ptr [<&MSVCR90._ismbblead>>; \_ismbblead
004862C4 . |59 pop ecx
004862C5 . |85C0 test eax, eax
004862C7 . |74 04 je short 004862CD
004862C9 . |46 inc esi
004862CA . |8975 E0 mov dword ptr [ebp-20], esi
004862CD > |46 inc esi
004862CE .^|EB 86 jmp short 00486256
004862D0 . |8B45 EC mov eax, dword ptr [ebp-14]
004862D3 . |8B08 mov ecx, dword ptr [eax]
004862D5 . |8B09 mov ecx, dword ptr [ecx]
004862D7 . |894D DC mov dword ptr [ebp-24], ecx
004862DA . |50 push eax
004862DB . |51 push ecx
004862DC . |E8 9D040000 call <jmp.&MSVCR90._XcptFilter>
004862E1 . |59 pop ecx
004862E2 . |59 pop ecx
004862E3 . |C3 retn
004862E4 . |8B65 E8 mov esp, dword ptr [ebp-18]
004862E7 . |8B45 DC mov eax, dword ptr [ebp-24]
004862EA . |A3 BCC45600 mov dword ptr [56C4BC], eax
004862EF . |833D B0C45600>cmp dword ptr [56C4B0], 0
004862F6 . |75 07 jnz short 004862FF
004862F8 . |50 push eax ; /status
004862F9 . |FF15 60F45600 call dword ptr [<&MSVCR90._exit>] ; \_exit
004862FF > |833D C0C45600>cmp dword ptr [56C4C0], 0
00486306 . |75 06 jnz short 0048630E
00486308 . |FF15 5CF45600 call dword ptr [<&MSVCR90._cexit>] ; MSVCR90._cexit
0048630E > |C745 FC FEFFF>mov dword ptr [ebp-4], -2
00486315 . |A1 BCC45600 mov eax, dword ptr [56C4BC]
0048631A . |EB 13 jmp short 0048632F
0048631C . |33C0 xor eax, eax
0048631E . |40 inc eax
0048631F . |C3 retn
00486320 . |8B65 E8 mov esp, dword ptr [ebp-18]
00486323 > |C745 FC FEFFF>mov dword ptr [ebp-4], -2
0048632A . |B8 FF000000 mov eax, 0FF
0048632F > |E8 B5020000 call 004865E9
00486334 . |C3 retn
00486335 . |B8 4D5A0000 mov eax, 5A4D
0048633A . |66:3905 00004>cmp word ptr [400000], ax
00486341 . |74 03 je short 00486346
00486343 > |33C0 xor eax, eax
00486345 . |C3 retn
00486346 > |A1 3C004000 mov eax, dword ptr [40003C]
0048634B . |8D80 00004000 lea eax, dword ptr [eax+400000]
00486351 . |8138 50450000 cmp dword ptr [eax], 4550
00486357 .^|75 EA jnz short 00486343
00486359 . |0FB748 18 movzx ecx, word ptr [eax+18]
0048635D . |81F9 0B010000 cmp ecx, 10B
00486363 . |74 1B je short 00486380
00486365 . |81F9 0B020000 cmp ecx, 20B
0048636B .^|75 D6 jnz short 00486343
0048636D . |83B8 84000000>cmp dword ptr [eax+84], 0E
00486374 .^|76 CD jbe short 00486343
00486376 . |33C9 xor ecx, ecx
00486378 . |3988 F8000000 cmp dword ptr [eax+F8], ecx
0048637E . |EB 0E jmp short 0048638E
00486380 > |8378 74 0E cmp dword ptr [eax+74], 0E
00486384 .^|76 BD jbe short 00486343
00486386 . |33C9 xor ecx, ecx
00486388 . |3988 E8000000 cmp dword ptr [eax+E8], ecx
0048638E > |0F95C1 setne cl
00486391 . |8BC1 mov eax, ecx
00486393 . |C3 retn
00486394 . |B8 4D5A0000 mov eax, 5A4D
00486399 . |66:3905 00004>cmp word ptr [400000], ax
004863A0 . |74 04 je short 004863A6
004863A2 > |33C0 xor eax, eax
004863A4 . |EB 4D jmp short 004863F3
004863A6 > |A1 3C004000 mov eax, dword ptr [40003C]
004863AB . |8D80 00004000 lea eax, dword ptr [eax+400000]
004863B1 . |8138 50450000 cmp dword ptr [eax], 4550
004863B7 .^|75 E9 jnz short 004863A2
004863B9 . |0FB748 18 movzx ecx, word ptr [eax+18]
004863BD . |81F9 0B010000 cmp ecx, 10B
004863C3 . |74 1B je short 004863E0
004863C5 . |81F9 0B020000 cmp ecx, 20B
004863CB .^|75 D5 jnz short 004863A2
004863CD . |83B8 84000000>cmp dword ptr [eax+84], 0E
004863D4 .^|76 CC jbe short 004863A2
004863D6 . |33C9 xor ecx, ecx
004863D8 . |3988 F8000000 cmp dword ptr [eax+F8], ecx
004863DE . |EB 0E jmp short 004863EE
004863E0 > |8378 74 0E cmp dword ptr [eax+74], 0E
004863E4 .^|76 BC jbe short 004863A2
004863E6 . |33C9 xor ecx, ecx
004863E8 . |3988 E8000000 cmp dword ptr [eax+E8], ecx
004863EE > |0F95C1 setne cl
004863F1 . |8BC1 mov eax, ecx
004863F3 > |6A 02 push 2
004863F5 . |A3 B0C45600 mov dword ptr [56C4B0], eax
004863FA . |FF15 90F45600 call dword ptr [<&MSVCR90.__set_app_t>; MSVCR90.__set_app_type
00486400 . |6A FF push -1
00486402 . |FF15 ECF35600 call dword ptr [<&MSVCR90._encode_poi>; MSVCR90._encode_pointer
00486408 . |59 pop ecx
00486409 . |59 pop ecx
0048640A . |A3 2CC85600 mov dword ptr [56C82C], eax
0048640F . |A3 3CC85600 mov dword ptr [56C83C], eax
00486414 . |FF15 8CF45600 call dword ptr [<&MSVCR90.__p__fmode>>; MSVCR90.__p__fmode
0048641A . |8B0D F8C75600 mov ecx, dword ptr [56C7F8]
00486420 . |8908 mov dword ptr [eax], ecx
00486422 . |FF15 88F45600 call dword ptr [<&MSVCR90.__p__commod>; MSVCR90.__p__commode
00486428 . |8B0D F4C75600 mov ecx, dword ptr [56C7F4]
0048642E . |8908 mov dword ptr [eax], ecx
00486430 . |A1 84F45600 mov eax, dword ptr [<&MSVCR90._adjus>
00486435 . |8B00 mov eax, dword ptr [eax]
00486437 . |A3 FCC75600 mov dword ptr [56C7FC], eax
0048643C . |E8 E5020000 call 00486726
00486441 . |E8 03050000 call 00486949
00486446 . |833D 5C705600>cmp dword ptr [56705C], 0
0048644D . |75 0C jnz short 0048645B
0048644F . |68 46694800 push 00486946
00486454 . |FF15 80F45600 call dword ptr [<&MSVCR90.__setuserma>; MSVCR90.__setusermatherr
0048645A . |59 pop ecx
0048645B > |E8 B4040000 call 00486914
00486460 . |833D 58705600>cmp dword ptr [567058], -1
00486467 . |75 09 jnz short 00486472
00486469 . |6A FF push -1
0048646B . |FF15 7CF45600 call dword ptr [<&MSVCR90._configthre>; MSVCR90._configthreadlocale
00486471 . |59 pop ecx
00486472 > |33C0 xor eax, eax
00486474 . |C3 retn
00486475 > $ |E8 E4040000 call 0048695E ///od载入,停在这
0048647A .^\E9 D7FCFFFF jmp 00486156
00486156 > /6A 58 push 58
00486158 . |68 70455600 push 00564570
0048615D . |E8 42040000 call 004865A4
00486162 . |33DB xor ebx, ebx
00486164 . |895D E4 mov dword ptr [ebp-1C], ebx
00486167 . |895D FC mov dword ptr [ebp-4], ebx
0048616A . |8D45 98 lea eax, dword ptr [ebp-68]
0048616D . |50 push eax ; /pStartupinfo
0048616E . |FF15 E0F25600 call dword ptr [<&KERNEL32.GetStartup>; \GetStartupInfoA
00486174 . |C745 FC FEFFF>mov dword ptr [ebp-4], -2
0048617B . |C745 FC 01000>mov dword ptr [ebp-4], 1
00486182 . |64:A1 1800000>mov eax, dword ptr fs:[18]
00486188 . |8B70 04 mov esi, dword ptr [eax+4]
0048618B . |BF 18C85600 mov edi, 0056C818
00486190 > |6A 00 push 0
00486192 . |56 push esi
00486193 . |57 push edi
00486194 . |FF15 E4F25600 call dword ptr [<&KERNEL32.Interlocke>; kernel32.InterlockedCompareExchange
0048619A . |85C0 test eax, eax
0048619C . |74 18 je short 004861B6
0048619E . |3BC6 cmp eax, esi
004861A0 . |75 07 jnz short 004861A9
004861A2 . |33F6 xor esi, esi
004861A4 . |46 inc esi
004861A5 . |8BDE mov ebx, esi
004861A7 . |EB 10 jmp short 004861B9
004861A9 > |68 E8030000 push 3E8 ; /Timeout = 1000. ms
004861AE . |FF15 E8F25600 call dword ptr [<&KERNEL32.Sleep>] ; \Sleep
004861B4 .^|EB DA jmp short 00486190
004861B6 > |33F6 xor esi, esi
004861B8 . |46 inc esi
004861B9 > |A1 08C85600 mov eax, dword ptr [56C808]
004861BE . |3BC6 cmp eax, esi
004861C0 . |75 0A jnz short 004861CC
004861C2 . |6A 1F push 1F
004861C4 . |E8 51050000 call <jmp.&MSVCR90._amsg_exit>
004861C9 . |59 pop ecx
004861CA . |EB 2F jmp short 004861FB
004861CC > |A1 08C85600 mov eax, dword ptr [56C808]
004861D1 . |85C0 test eax, eax
004861D3 . |75 20 jnz short 004861F5
004861D5 . |8935 08C85600 mov dword ptr [56C808], esi
004861DB . |68 B8C94900 push 0049C9B8
004861E0 . |68 A8C54900 push 0049C5A8
004861E5 . |E8 FA060000 call <jmp.&MSVCR90._initterm_e>
004861EA . |59 pop ecx
004861EB . |59 pop ecx
004861EC . |85C0 test eax, eax
004861EE . |74 0B je short 004861FB
004861F0 . |E9 2E010000 jmp 00486323
004861F5 > |8935 C0C45600 mov dword ptr [56C4C0], esi
004861FB > |A1 08C85600 mov eax, dword ptr [56C808]
00486200 . |3BC6 cmp eax, esi
00486202 . |75 1B jnz short 0048621F
00486204 . |68 A4C44900 push 0049C4A4
00486209 . |68 00C04900 push 0049C000
0048620E . |E8 CB060000 call <jmp.&MSVCR90._initterm>
00486213 . |59 pop ecx
00486214 . |59 pop ecx
00486215 . |C705 08C85600>mov dword ptr [56C808], 2
0048621F > |85DB test ebx, ebx
00486221 . |75 08 jnz short 0048622B
00486223 . |53 push ebx ; /NewValue
00486224 . |57 push edi ; |pTarget
00486225 . |FF15 ECF25600 call dword ptr [<&KERNEL32.Interlocke>; \InterlockedExchange
0048622B > |833D 28C85600>cmp dword ptr [56C828], 0
00486232 . |74 1B je short 0048624F
00486234 . |68 28C85600 push 0056C828
00486239 . |E8 E2050000 call 00486820
0048623E . |59 pop ecx
0048623F . |85C0 test eax, eax
00486241 . |74 0C je short 0048624F
00486243 . |6A 00 push 0
00486245 . |6A 02 push 2
00486247 . |6A 00 push 0
00486249 . |FF15 28C85600 call dword ptr [56C828]
0048624F > |A1 70F45600 mov eax, dword ptr [<&MSVCR90._acmdl>
00486254 . |8B30 mov esi, dword ptr [eax]
00486256 > |8975 E0 mov dword ptr [ebp-20], esi
00486259 . |8A06 mov al, byte ptr [esi]
0048625B . |3C 20 cmp al, 20
0048625D . |77 4C ja short 004862AB
0048625F . |84C0 test al, al
00486261 . |74 06 je short 00486269
00486263 . |837D E4 00 cmp dword ptr [ebp-1C], 0
00486267 . |75 42 jnz short 004862AB
00486269 > |8A06 mov al, byte ptr [esi]
0048626B . |84C0 test al, al
0048626D . |74 0A je short 00486279
0048626F . |3C 20 cmp al, 20
00486271 . |77 06 ja short 00486279
00486273 . |46 inc esi
00486274 . |8975 E0 mov dword ptr [ebp-20], esi
00486277 .^|EB F0 jmp short 00486269
00486279 > |F645 C4 01 test byte ptr [ebp-3C], 1
0048627D . |74 06 je short 00486285
0048627F . |0FB745 C8 movzx eax, word ptr [ebp-38]
00486283 . |EB 03 jmp short 00486288
00486285 > |6A 0A push 0A
00486287 . |58 pop eax
00486288 > |50 push eax
00486289 . |56 push esi
0048628A . |6A 00 push 0
0048628C . |68 00004000 push 00400000
00486291 . |E8 EA0A0000 call 00486D80
00486296 . |A3 BCC45600 mov dword ptr [56C4BC], eax
0048629B . |833D B0C45600>cmp dword ptr [56C4B0], 0
004862A2 . |75 5B jnz short 004862FF
004862A4 . |50 push eax ; /status
004862A5 . |FF15 6CF45600 call dword ptr [<&MSVCR90.exit>] ; \exit
004862AB > |3C 22 cmp al, 22
004862AD . |75 0B jnz short 004862BA
004862AF . |33C9 xor ecx, ecx
004862B1 . |394D E4 cmp dword ptr [ebp-1C], ecx
004862B4 . |0F94C1 sete cl
004862B7 . |894D E4 mov dword ptr [ebp-1C], ecx
004862BA > |0FB6C0 movzx eax, al
004862BD . |50 push eax ; /c
004862BE . |FF15 68F45600 call dword ptr [<&MSVCR90._ismbblead>>; \_ismbblead
004862C4 . |59 pop ecx
004862C5 . |85C0 test eax, eax
004862C7 . |74 04 je short 004862CD
004862C9 . |46 inc esi
004862CA . |8975 E0 mov dword ptr [ebp-20], esi
004862CD > |46 inc esi
004862CE .^|EB 86 jmp short 00486256
004862D0 . |8B45 EC mov eax, dword ptr [ebp-14]
004862D3 . |8B08 mov ecx, dword ptr [eax]
004862D5 . |8B09 mov ecx, dword ptr [ecx]
004862D7 . |894D DC mov dword ptr [ebp-24], ecx
004862DA . |50 push eax
004862DB . |51 push ecx
004862DC . |E8 9D040000 call <jmp.&MSVCR90._XcptFilter>
004862E1 . |59 pop ecx
004862E2 . |59 pop ecx
004862E3 . |C3 retn
004862E4 . |8B65 E8 mov esp, dword ptr [ebp-18]
004862E7 . |8B45 DC mov eax, dword ptr [ebp-24]
004862EA . |A3 BCC45600 mov dword ptr [56C4BC], eax
004862EF . |833D B0C45600>cmp dword ptr [56C4B0], 0
004862F6 . |75 07 jnz short 004862FF
004862F8 . |50 push eax ; /status
004862F9 . |FF15 60F45600 call dword ptr [<&MSVCR90._exit>] ; \_exit
004862FF > |833D C0C45600>cmp dword ptr [56C4C0], 0
00486306 . |75 06 jnz short 0048630E
00486308 . |FF15 5CF45600 call dword ptr [<&MSVCR90._cexit>] ; MSVCR90._cexit
0048630E > |C745 FC FEFFF>mov dword ptr [ebp-4], -2
00486315 . |A1 BCC45600 mov eax, dword ptr [56C4BC]
0048631A . |EB 13 jmp short 0048632F
0048631C . |33C0 xor eax, eax
0048631E . |40 inc eax
0048631F . |C3 retn
00486320 . |8B65 E8 mov esp, dword ptr [ebp-18]
00486323 > |C745 FC FEFFF>mov dword ptr [ebp-4], -2
0048632A . |B8 FF000000 mov eax, 0FF
0048632F > |E8 B5020000 call 004865E9
00486334 . |C3 retn
00486335 . |B8 4D5A0000 mov eax, 5A4D
0048633A . |66:3905 00004>cmp word ptr [400000], ax
00486341 . |74 03 je short 00486346
00486343 > |33C0 xor eax, eax
00486345 . |C3 retn
00486346 > |A1 3C004000 mov eax, dword ptr [40003C]
0048634B . |8D80 00004000 lea eax, dword ptr [eax+400000]
00486351 . |8138 50450000 cmp dword ptr [eax], 4550
00486357 .^|75 EA jnz short 00486343
00486359 . |0FB748 18 movzx ecx, word ptr [eax+18]
0048635D . |81F9 0B010000 cmp ecx, 10B
00486363 . |74 1B je short 00486380
00486365 . |81F9 0B020000 cmp ecx, 20B
0048636B .^|75 D6 jnz short 00486343
0048636D . |83B8 84000000>cmp dword ptr [eax+84], 0E
00486374 .^|76 CD jbe short 00486343
00486376 . |33C9 xor ecx, ecx
00486378 . |3988 F8000000 cmp dword ptr [eax+F8], ecx
0048637E . |EB 0E jmp short 0048638E
00486380 > |8378 74 0E cmp dword ptr [eax+74], 0E
00486384 .^|76 BD jbe short 00486343
00486386 . |33C9 xor ecx, ecx
00486388 . |3988 E8000000 cmp dword ptr [eax+E8], ecx
0048638E > |0F95C1 setne cl
00486391 . |8BC1 mov eax, ecx
00486393 . |C3 retn
00486394 . |B8 4D5A0000 mov eax, 5A4D
00486399 . |66:3905 00004>cmp word ptr [400000], ax
004863A0 . |74 04 je short 004863A6
004863A2 > |33C0 xor eax, eax
004863A4 . |EB 4D jmp short 004863F3
004863A6 > |A1 3C004000 mov eax, dword ptr [40003C]
004863AB . |8D80 00004000 lea eax, dword ptr [eax+400000]
004863B1 . |8138 50450000 cmp dword ptr [eax], 4550
004863B7 .^|75 E9 jnz short 004863A2
004863B9 . |0FB748 18 movzx ecx, word ptr [eax+18]
004863BD . |81F9 0B010000 cmp ecx, 10B
004863C3 . |74 1B je short 004863E0
004863C5 . |81F9 0B020000 cmp ecx, 20B
004863CB .^|75 D5 jnz short 004863A2
004863CD . |83B8 84000000>cmp dword ptr [eax+84], 0E
004863D4 .^|76 CC jbe short 004863A2
004863D6 . |33C9 xor ecx, ecx
004863D8 . |3988 F8000000 cmp dword ptr [eax+F8], ecx
004863DE . |EB 0E jmp short 004863EE
004863E0 > |8378 74 0E cmp dword ptr [eax+74], 0E
004863E4 .^|76 BC jbe short 004863A2
004863E6 . |33C9 xor ecx, ecx
004863E8 . |3988 E8000000 cmp dword ptr [eax+E8], ecx
004863EE > |0F95C1 setne cl
004863F1 . |8BC1 mov eax, ecx
004863F3 > |6A 02 push 2
004863F5 . |A3 B0C45600 mov dword ptr [56C4B0], eax
004863FA . |FF15 90F45600 call dword ptr [<&MSVCR90.__set_app_t>; MSVCR90.__set_app_type
00486400 . |6A FF push -1
00486402 . |FF15 ECF35600 call dword ptr [<&MSVCR90._encode_poi>; MSVCR90._encode_pointer
00486408 . |59 pop ecx
00486409 . |59 pop ecx
0048640A . |A3 2CC85600 mov dword ptr [56C82C], eax
0048640F . |A3 3CC85600 mov dword ptr [56C83C], eax
00486414 . |FF15 8CF45600 call dword ptr [<&MSVCR90.__p__fmode>>; MSVCR90.__p__fmode
0048641A . |8B0D F8C75600 mov ecx, dword ptr [56C7F8]
00486420 . |8908 mov dword ptr [eax], ecx
00486422 . |FF15 88F45600 call dword ptr [<&MSVCR90.__p__commod>; MSVCR90.__p__commode
00486428 . |8B0D F4C75600 mov ecx, dword ptr [56C7F4]
0048642E . |8908 mov dword ptr [eax], ecx
00486430 . |A1 84F45600 mov eax, dword ptr [<&MSVCR90._adjus>
00486435 . |8B00 mov eax, dword ptr [eax]
00486437 . |A3 FCC75600 mov dword ptr [56C7FC], eax
0048643C . |E8 E5020000 call 00486726
00486441 . |E8 03050000 call 00486949
00486446 . |833D 5C705600>cmp dword ptr [56705C], 0
0048644D . |75 0C jnz short 0048645B
0048644F . |68 46694800 push 00486946
00486454 . |FF15 80F45600 call dword ptr [<&MSVCR90.__setuserma>; MSVCR90.__setusermatherr
0048645A . |59 pop ecx
0048645B > |E8 B4040000 call 00486914
00486460 . |833D 58705600>cmp dword ptr [567058], -1
00486467 . |75 09 jnz short 00486472
00486469 . |6A FF push -1
0048646B . |FF15 7CF45600 call dword ptr [<&MSVCR90._configthre>; MSVCR90._configthreadlocale
00486471 . |59 pop ecx
00486472 > |33C0 xor eax, eax
00486474 . |C3 retn
00486475 > $ |E8 E4040000 call 0048695E ///od载入,停在这
0048647A .^\E9 D7FCFFFF jmp 00486156
赞赏
|
|
|---|---|
|
|
他的文章
赞赏
雪币:
留言:
