[求助][讨论]可以看出算法语言吗-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助][讨论]可以看出算法语言吗 0.00雪花

发表于: 2011-8-22 06:58 1004

[旧帖] [求助][讨论]可以看出算法语言吗 0.00雪花

nihaowo

2011-8-22 06:58

1004

PEID检测为Borland C++ 1999
子系统为Win32 GUI

00428CAC 55                   push ebp
00428CAD 8BEC                mov    ebp, esp
00428CAF 81C408FCFFFF          add    esp, $FFFFFC08
00428CB5 53                   push ebx
00428CB6 56                   push esi
00428CB7 57                   push edi
00428CB8 8995A0FCFFFF          mov    [ebp+$FFFFFCA0], edx
00428CBE 8985A4FCFFFF          mov    [ebp+$FFFFFCA4], eax
00428CC4 B8ACF37D00          mov    eax, $007DF3AC

* Reference to : TGlyphList._PROC_007AB6CC()
|
00428CC9 E8FE293800          call 007AB6CC
00428CCE 66C785B8FCFFFF0800    mov    word ptr [ebp+$FFFFFCB8], $0008
00428CD7 8D45F4                lea    eax, [ebp-$0C]

|
00428CDA E8D9A2FDFF          call 00402FB8
00428CDF FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00428CE5 66C785B8FCFFFF1400    mov    word ptr [ebp+$FFFFFCB8], $0014
00428CEE 66C785B8FCFFFF2000    mov    word ptr [ebp+$FFFFFCB8], $0020
00428CF7 8D45F0                lea    eax, [ebp-$10]

|
00428CFA E8B9A2FDFF          call 00402FB8
00428CFF FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00428D05 66C785B8FCFFFF1400    mov    word ptr [ebp+$FFFFFCB8], $0014
00428D0E 66C785B8FCFFFF2C00    mov    word ptr [ebp+$FFFFFCB8], $002C
00428D17 8D45EC                lea    eax, [ebp-$14]

|
00428D1A E899A2FDFF          call 00402FB8
00428D1F FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00428D25 66C785B8FCFFFF1400    mov    word ptr [ebp+$FFFFFCB8], $0014
00428D2E 66C785B8FCFFFF3800    mov    word ptr [ebp+$FFFFFCB8], $0038
00428D37 8D45E8                lea    eax, [ebp-$18]

|
00428D3A E879A2FDFF          call 00402FB8
00428D3F FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00428D45 66C785B8FCFFFF1400    mov    word ptr [ebp+$FFFFFCB8], $0014
00428D4E 66C785B8FCFFFF4400    mov    word ptr [ebp+$FFFFFCB8], $0044
00428D57 8D45E4                lea    eax, [ebp-$1C]

|
00428D5A E859A2FDFF          call 00402FB8
00428D5F FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00428D65 66C785B8FCFFFF1400    mov    word ptr [ebp+$FFFFFCB8], $0014
00428D6E 66C785B8FCFFFF5000    mov    word ptr [ebp+$FFFFFCB8], $0050
00428D77 8D45E0                lea    eax, [ebp-$20]

|
00428D7A E839A2FDFF          call 00402FB8
00428D7F FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00428D85 66C785B8FCFFFF1400    mov    word ptr [ebp+$FFFFFCB8], $0014
00428D8E 66C785B8FCFFFF5C00    mov    word ptr [ebp+$FFFFFCB8], $005C
00428D97 8D45DC                lea    eax, [ebp-$24]

|
00428D9A E819A2FDFF          call 00402FB8
00428D9F FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00428DA5 66C785B8FCFFFF1400    mov    word ptr [ebp+$FFFFFCB8], $0014
00428DAE 66C785B8FCFFFF6800    mov    word ptr [ebp+$FFFFFCB8], $0068
00428DB7 8D45D8                lea    eax, [ebp-$28]

|
00428DBA E8F9A1FDFF          call 00402FB8
00428DBF FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00428DC5 66C785B8FCFFFF1400    mov    word ptr [ebp+$FFFFFCB8], $0014

* Possible String Reference to: 'U嬱QSV嬺塃鼉}?
|
00428DCE 6848887C00          push $007C8848
00428DD3 6A03                push $03

* Possible String Reference to: 'U嬱兡貕EP紎'
|
00428DD5 68B82F4000          push $00402FB8
00428DDA 6A03                push $03
00428DDC 6A04                push $04
00428DDE 6A04                push $04
00428DE0 8D55C8                lea    edx, [ebp-$38]
00428DE3 52                   push edx

* Reference to : TGlyphList._PROC_007AA968()
|
00428DE4 E87F1B3800          call 007AA968
00428DE9 83C41C                add    esp, +$1C
00428DEC 8385C4FCFFFF04       add    dword ptr [ebp+$FFFFFCC4], +$04
00428DF3 66C785B8FCFFFF7400    mov    word ptr [ebp+$FFFFFCB8], $0074
00428DFC 8D45C4                lea    eax, [ebp-$3C]

|
00428DFF E8B4A1FDFF          call 00402FB8
00428E04 FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00428E0A 66C785B8FCFFFF1400    mov    word ptr [ebp+$FFFFFCB8], $0014
00428E13 66C785B8FCFFFF8000    mov    word ptr [ebp+$FFFFFCB8], $0080
00428E1C 8D45C0                lea    eax, [ebp-$40]

|
00428E1F E894A1FDFF          call 00402FB8
00428E24 FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00428E2A 66C785B8FCFFFF1400    mov    word ptr [ebp+$FFFFFCB8], $0014
00428E33 66C785B8FCFFFF8C00    mov    word ptr [ebp+$FFFFFCB8], $008C
00428E3C 8D45BC                lea    eax, [ebp-$44]

|
00428E3F E874A1FDFF          call 00402FB8
00428E44 FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00428E4A 66C785B8FCFFFF1400    mov    word ptr [ebp+$FFFFFCB8], $0014
00428E53 66C785B8FCFFFF9800    mov    word ptr [ebp+$FFFFFCB8], $0098
00428E5C 8D45B8                lea    eax, [ebp-$48]

|
00428E5F E854A1FDFF          call 00402FB8
00428E64 FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00428E6A 66C785B8FCFFFF1400    mov    word ptr [ebp+$FFFFFCB8], $0014
00428E73 66C785B8FCFFFFA400    mov    word ptr [ebp+$FFFFFCB8], $00A4
00428E7C BA67E17D00          mov    edx, $007DE167
00428E81 8D857CFFFFFF          lea    eax, [ebp+$FFFFFF7C]

|
00428E87 E8A8F73900          call 007C8634
00428E8C FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00428E92 8D957CFFFFFF          lea    edx, [ebp+$FFFFFF7C]
00428E98 8B0D688C8000          mov    ecx, [$00808C68]
00428E9E 8B01                mov    eax, [ecx]
00428EA0 05E4000000          add    eax, +$000000E4

|
00428EA5 E882FA3900          call 007C892C
00428EAA 50                   push eax
00428EAB FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00428EB1 8D857CFFFFFF          lea    eax, [ebp+$FFFFFF7C]
00428EB7 BA02000000          mov    edx, $00000002

|
00428EBC E887F93900          call 007C8848
00428EC1 59                   pop    ecx
00428EC2 84C9                test cl, cl
00428EC4 0F842C010000          jz    00428FF6
00428ECA 6A40                push $40

* Possible String Reference to: '提示'
|
00428ECC B989E17D00          mov    ecx, $007DE189

* Possible String Reference to: '年度没有设置，请先设置年度！'
|
00428ED1 BA68E17D00          mov    edx, $007DE168
00428ED6 A1B0958000          mov    eax, dword ptr [$008095B0]
00428EDB 8B00                mov    eax, [eax]

|
00428EDD E896F63900          call 007C8578
00428EE2 FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00428EE8 8D45B8                lea    eax, [ebp-$48]
00428EEB BA02000000          mov    edx, $00000002

|
00428EF0 E853F93900          call 007C8848
00428EF5 FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00428EFB 8D45BC                lea    eax, [ebp-$44]
00428EFE BA02000000          mov    edx, $00000002

|
00428F03 E840F93900          call 007C8848
00428F08 FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00428F0E 8D45C0                lea    eax, [ebp-$40]
00428F11 BA02000000          mov    edx, $00000002

|
00428F16 E82DF93900          call 007C8848
00428F1B FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00428F21 8D45C4                lea    eax, [ebp-$3C]
00428F24 BA02000000          mov    edx, $00000002

|
00428F29 E81AF93900          call 007C8848
00428F2E 8385C4FCFFFFFC       add    dword ptr [ebp+$FFFFFCC4], -$04

* Possible String Reference to: 'U嬱QSV嬺塃鼉}?
|
00428F35 6848887C00          push $007C8848
00428F3A 6A03                push $03
00428F3C 6A04                push $04
00428F3E 6A04                push $04
00428F40 8D4DC8                lea    ecx, [ebp-$38]
00428F43 51                   push ecx

|
00428F44 E8BF183800          call 007AA808
00428F49 83C414                add    esp, +$14
00428F4C FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00428F52 8D45D8                lea    eax, [ebp-$28]
00428F55 BA02000000          mov    edx, $00000002

|
00428F5A E8E9F83900          call 007C8848
00428F5F FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00428F65 8D45DC                lea    eax, [ebp-$24]
00428F68 BA02000000          mov    edx, $00000002

|
00428F6D E8D6F83900          call 007C8848
00428F72 FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00428F78 8D45E0                lea    eax, [ebp-$20]
00428F7B BA02000000          mov    edx, $00000002

|
00428F80 E8C3F83900          call 007C8848
00428F85 FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00428F8B 8D45E4                lea    eax, [ebp-$1C]
00428F8E BA02000000          mov    edx, $00000002

|
00428F93 E8B0F83900          call 007C8848
00428F98 FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00428F9E 8D45E8                lea    eax, [ebp-$18]
00428FA1 BA02000000          mov    edx, $00000002

|
00428FA6 E89DF83900          call 007C8848
00428FAB FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00428FB1 8D45EC                lea    eax, [ebp-$14]
00428FB4 BA02000000          mov    edx, $00000002

|
00428FB9 E88AF83900          call 007C8848
00428FBE FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00428FC4 8D45F0                lea    eax, [ebp-$10]
00428FC7 BA02000000          mov    edx, $00000002

|
00428FCC E877F83900          call 007C8848
00428FD1 FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00428FD7 8D45F4                lea    eax, [ebp-$0C]
00428FDA BA02000000          mov    edx, $00000002

|
00428FDF E864F83900          call 007C8848
00428FE4 8B8DA8FCFFFF          mov    ecx, [ebp+$FFFFFCA8]
00428FEA 64890D00000000       mov    fs:[$00000000], ecx
00428FF1 E9FF410000          jmp    0042D1F5
00428FF6 66C785B8FCFFFFB000    mov    word ptr [ebp+$FFFFFCB8], $00B0
00428FFF 8D8578FFFFFF          lea    eax, [ebp+$FFFFFF78]

|
00429005 E8AE9FFDFF          call 00402FB8
0042900A 8BD0                mov    edx, eax
0042900C FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00429012 8B8DA4FCFFFF          mov    ecx, [ebp+$FFFFFCA4]
00429018 8B8170030000          mov    eax, [ecx+$0370]

|
0042901E E89D973400          call 007727C0
00429023 8D9578FFFFFF          lea    edx, [ebp+$FFFFFF78]
00429029 52                   push edx
0042902A BA8EE17D00          mov    edx, $007DE18E
0042902F 8D8574FFFFFF          lea    eax, [ebp+$FFFFFF74]

|
00429035 E8FAF53900          call 007C8634
0042903A FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00429040 8D9574FFFFFF          lea    edx, [ebp+$FFFFFF74]
00429046 58                   pop    eax

|
00429047 E8E0F83900          call 007C892C
0042904C 84C0                test al, al
0042904E 0F852C020000          jnz    00429280
00429054 8D8570FFFFFF          lea    eax, [ebp+$FFFFFF70]

|
0042905A E8599FFDFF          call 00402FB8
0042905F 8BD0                mov    edx, eax
00429061 FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00429067 8B8DA4FCFFFF          mov    ecx, [ebp+$FFFFFCA4]
0042906D 8B8174030000          mov    eax, [ecx+$0374]

|
00429073 E848973400          call 007727C0
00429078 8D9570FFFFFF          lea    edx, [ebp+$FFFFFF70]
0042907E 52                   push edx
0042907F BA8FE17D00          mov    edx, $007DE18F
00429084 8D856CFFFFFF          lea    eax, [ebp+$FFFFFF6C]

|
0042908A E8A5F53900          call 007C8634
0042908F FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00429095 8D956CFFFFFF          lea    edx, [ebp+$FFFFFF6C]
0042909B 58                   pop    eax

|
0042909C E88BF83900          call 007C892C
004290A1 84C0                test al, al
004290A3 0F95C1                setnz cl
004290A6 83E101                and    ecx, +$01
004290A9 51                   push ecx
004290AA FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
004290B0 8D856CFFFFFF          lea    eax, [ebp+$FFFFFF6C]
004290B6 BA02000000          mov    edx, $00000002

|
004290BB E888F73900          call 007C8848
004290C0 FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
004290C6 8D8570FFFFFF          lea    eax, [ebp+$FFFFFF70]
004290CC BA02000000          mov    edx, $00000002

|
004290D1 E872F73900          call 007C8848
004290D6 59                   pop    ecx
004290D7 85C9                test ecx, ecx
004290D9 0F85A1010000          jnz    00429280
004290DF 8D8568FFFFFF          lea    eax, [ebp+$FFFFFF68]

|
004290E5 E8CE9EFDFF          call 00402FB8
004290EA 8BD0                mov    edx, eax
004290EC FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
004290F2 8B8DA4FCFFFF          mov    ecx, [ebp+$FFFFFCA4]
004290F8 8B8178030000          mov    eax, [ecx+$0378]

|
004290FE E8BD963400          call 007727C0
00429103 8D9568FFFFFF          lea    edx, [ebp+$FFFFFF68]
00429109 52                   push edx
0042910A BA90E17D00          mov    edx, $007DE190
0042910F 8D8564FFFFFF          lea    eax, [ebp+$FFFFFF64]

|
00429115 E81AF53900          call 007C8634
0042911A FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00429120 8D9564FFFFFF          lea    edx, [ebp+$FFFFFF64]
00429126 58                   pop    eax

|
00429127 E800F83900          call 007C892C
0042912C 84C0                test al, al
0042912E 0F95C1                setnz cl
00429131 83E101                and    ecx, +$01
00429134 51                   push ecx
00429135 FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
0042913B 8D8564FFFFFF          lea    eax, [ebp+$FFFFFF64]
00429141 BA02000000          mov    edx, $00000002

|
00429146 E8FDF63900          call 007C8848
0042914B FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00429151 8D8568FFFFFF          lea    eax, [ebp+$FFFFFF68]
00429157 BA02000000          mov    edx, $00000002

|
0042915C E8E7F63900          call 007C8848
00429161 59                   pop    ecx
00429162 85C9                test ecx, ecx
00429164 0F8516010000          jnz    00429280
0042916A 8D8560FFFFFF          lea    eax, [ebp+$FFFFFF60]

|
00429170 E8439EFDFF          call 00402FB8
00429175 8BD0                mov    edx, eax
00429177 FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
0042917D 8B8DA4FCFFFF          mov    ecx, [ebp+$FFFFFCA4]
00429183 8B817C030000          mov    eax, [ecx+$037C]

|
00429189 E832963400          call 007727C0
0042918E 8D9560FFFFFF          lea    edx, [ebp+$FFFFFF60]
00429194 52                   push edx
00429195 BA91E17D00          mov    edx, $007DE191
0042919A 8D855CFFFFFF          lea    eax, [ebp+$FFFFFF5C]

|
004291A0 E88FF43900          call 007C8634
004291A5 FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
004291AB 8D955CFFFFFF          lea    edx, [ebp+$FFFFFF5C]
004291B1 58                   pop    eax

|
004291B2 E875F73900          call 007C892C
004291B7 84C0                test al, al
004291B9 0F95C1                setnz cl
004291BC 83E101                and    ecx, +$01
004291BF 51                   push ecx
004291C0 FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
004291C6 8D855CFFFFFF          lea    eax, [ebp+$FFFFFF5C]
004291CC BA02000000          mov    edx, $00000002

|
004291D1 E872F63900          call 007C8848
004291D6 FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
004291DC 8D8560FFFFFF          lea    eax, [ebp+$FFFFFF60]
004291E2 BA02000000          mov    edx, $00000002

|
004291E7 E85CF63900          call 007C8848
004291EC 59                   pop    ecx
004291ED 85C9                test ecx, ecx
004291EF 0F858B000000          jnz    00429280
004291F5 8D8558FFFFFF          lea    eax, [ebp+$FFFFFF58]

|
004291FB E8B89DFDFF          call 00402FB8
00429200 8BD0                mov    edx, eax
00429202 FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00429208 8B8DA4FCFFFF          mov    ecx, [ebp+$FFFFFCA4]
0042920E 8B8180030000          mov    eax, [ecx+$0380]

|
00429214 E8A7953400          call 007727C0
00429219 8D9558FFFFFF          lea    edx, [ebp+$FFFFFF58]
0042921F 52                   push edx
00429220 BA92E17D00          mov    edx, $007DE192
00429225 8D8554FFFFFF          lea    eax, [ebp+$FFFFFF54]

|
0042922B E804F43900          call 007C8634
00429230 FF85C4FCFFFF          inc    dword ptr [ebp+$FFFFFCC4]
00429236 8D9554FFFFFF          lea    edx, [ebp+$FFFFFF54]
0042923C 58                   pop    eax

|
0042923D E8EAF63900          call 007C892C
00429242 84C0                test al, al
00429244 0F95C1                setnz cl
00429247 83E101                and    ecx, +$01
0042924A 51                   push ecx
0042924B FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00429251 8D8554FFFFFF          lea    eax, [ebp+$FFFFFF54]
00429257 BA02000000          mov    edx, $00000002

|
0042925C E8E7F53900          call 007C8848
00429261 FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
00429267 8D8558FFFFFF          lea    eax, [ebp+$FFFFFF58]
0042926D BA02000000          mov    edx, $00000002

|
00429272 E8D1F53900          call 007C8848
00429277 59                   pop    ecx
00429278 85C9                test ecx, ecx
0042927A 7504                jnz    00429280
0042927C 33C0                xor    eax, eax
0042927E EB05                jmp    00429285
00429280 B801000000          mov    eax, $00000001
00429285 50                   push eax
00429286 FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
0042928C 8D8574FFFFFF          lea    eax, [ebp+$FFFFFF74]
00429292 BA02000000          mov    edx, $00000002

|
00429297 E8ACF53900          call 007C8848
0042929C FF8DC4FCFFFF          dec    dword ptr [ebp+$FFFFFCC4]
004292A2 8D8578FFFFFF          lea    eax, [ebp+$FFFFFF78]
004292A8 BA02000000          mov    edx, $00000002

|
004292AD E896F53900          call 007C8848
004292B2 59                   pop    ecx
004292B3 84C9                test cl, cl
004292B5 0F842C010000          jz    004293E7
004292BB 6A40                push $40

* Possible String Reference to: '提示'
|
004292BD B9AAE17D00          mov    ecx, $007DE1AA

[课程]Linux pwn 探索篇！

收藏・1

免费・0

支持

最新回复 (1)
幻影火雪币： 416 活跃值： (25) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 368 粉丝 0 关注私信	幻影火 2 楼 00428CAC 55 push ebp 00428CAD 8BEC mov ebp, esp 00428CAF 81C408FCFFFF add esp, $FFFFFC08 如果這個是OEP，那就是delphi 0.0。 2011-8-22 10:45 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

nihaowo

发帖

回帖

RANK

关注

私信

他的文章

[求助][讨论]可以看出算法语言吗 1005

关于我们

联系我们

企业服务

看雪公众号