-
-
[求助]EP段SE核心扫描是ASPack 2.1 Modified -> Alexey Solodovnikov
-
发表于: 2012-1-25 03:40
-
EP段SE
核心扫描是ASPack 2.1 Modified -> Alexey Solodovnikov
用了Aspack的脱壳和PEID的脱壳试过,不行。提示错误。
载入网上流行版本OD,直接退出。
觉得有暗桩。
有一个OD原版单个文件,可以打开。
我复制了一段代码,大家帮我看看
CPU Disasm
Address Hex dump Command Comments
006261B5 E8 18000000 CALL 006261D2
006261BA 4E DEC ESI
006261BB 6F OUTS DX,DWORD PTR DS:[ESI] ; I/O command
006261BC 6F OUTS DX,DWORD PTR DS:[ESI] ; I/O command
006261BD 6279 50 BOUND EDI,QWORD PTR DS:[ECX+50]
006261C0 72 6F JB SHORT 00626231
006261C2 74 65 JE SHORT 00626229
006261C4 637420 53 ARPL WORD PTR DS:[EAX+53],SI
006261C8 45 INC EBP
006261C9 2031 AND BYTE PTR DS:[ECX],DH
006261CB 2E:37 AAA ; Superfluous segment override prefix
006261CD 2E:302E XOR BYTE PTR CS:[ESI],CH
006261D0 3000 XOR BYTE PTR DS:[EAX],AL
006261D2 8D6424 04 LEA ESP,[ESP+4]
006261D6 66:53 PUSH BX
006261D8 880424 MOV BYTE PTR SS:[ESP],AL
006261DB 883C24 MOV BYTE PTR SS:[ESP],BH
006261DE 8D6424 01 LEA ESP,[ESP+1]
006261E2 60 PUSHAD
006261E3 FF7424 12 PUSH DWORD PTR SS:[ESP+12]
006261E7 66:8F4424 20 POP WORD PTR SS:[ESP+20]
006261EC 51 PUSH ECX
006261ED 8D6424 26 LEA ESP,[ESP+26]
006261F1 8D2424 LEA ESP,[ESP]
006261F4 8D2424 LEA ESP,[ESP]
006261F7 66:53 PUSH BX
006261F9 66:FF7424 02 PUSH WORD PTR SS:[ESP+2]
006261FE 8D6424 01 LEA ESP,[ESP+1]
00626202 890424 MOV DWORD PTR SS:[ESP],EAX
00626205 54 PUSH ESP
00626206 66:8F0424 POP WORD PTR SS:[ESP]
0062620A 60 PUSHAD
0062620B 885C24 07 MOV BYTE PTR SS:[ESP+7],BL
0062620F 8F4424 19 POP DWORD PTR SS:[ESP+19]
00626213 895C24 16 MOV DWORD PTR SS:[ESP+16],EBX
00626217 886C24 1A MOV BYTE PTR SS:[ESP+1A],CH
0062621B 66:894C24 06 MOV WORD PTR SS:[ESP+6],CX
00626220 FF7424 14 PUSH DWORD PTR SS:[ESP+14]
00626224 66:897424 16 MOV WORD PTR SS:[ESP+16],SI
00626229 66:8F4424 03 POP WORD PTR SS:[ESP+3]
0062622E 894C24 1C MOV DWORD PTR SS:[ESP+1C],ECX
00626232 60 PUSHAD
00626233 66:895424 0C MOV WORD PTR SS:[ESP+0C],DX
00626238 8F4424 07 POP DWORD PTR SS:[ESP+7]
0062623C 66:FF7424 06 PUSH WORD PTR SS:[ESP+6]
00626241 895C24 02 MOV DWORD PTR SS:[ESP+2],EBX
00626245 66:897424 14 MOV WORD PTR SS:[ESP+14],SI
0062624A 894C24 15 MOV DWORD PTR SS:[ESP+15],ECX
0062624E 66:8F4424 19 POP WORD PTR SS:[ESP+19]
00626253 66:FF7424 11 PUSH WORD PTR SS:[ESP+11]
00626258 8F4424 06 POP DWORD PTR SS:[ESP+6]
0062625C 8F4424 09 POP DWORD PTR SS:[ESP+9]
00626260 8D6424 0C LEA ESP,[ESP+0C]
00626264 66:FF7424 01 PUSH WORD PTR SS:[ESP+1]
00626269 895424 24 MOV DWORD PTR SS:[ESP+24],EDX
0062626D 60 PUSHAD
0062626E 885C24 11 MOV BYTE PTR SS:[ESP+11],BL
00626272 66:8F4424 06 POP WORD PTR SS:[ESP+6]
00626277 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
0062627B 66:8F4424 0C POP WORD PTR SS:[ESP+0C]
00626280 8D6424 0E LEA ESP,[ESP+0E]
00626284 8D6424 08 LEA ESP,[ESP+8]
00626288 66:FF7424 02 PUSH WORD PTR SS:[ESP+2]
0062628D 8F0424 POP DWORD PTR SS:[ESP]
00626290 895C24 24 MOV DWORD PTR SS:[ESP+24],EBX
00626294 66:53 PUSH BX
00626296 66:52 PUSH DX
00626298 60 PUSHAD
00626299 897424 1C MOV DWORD PTR SS:[ESP+1C],ESI
0062629D 66:50 PUSH AX
0062629F 66:FF7424 09 PUSH WORD PTR SS:[ESP+9]
006262A4 66:FF7424 27 PUSH WORD PTR SS:[ESP+27]
006262A9 8D6424 02 LEA ESP,[ESP+2]
006262AD 896424 48 MOV DWORD PTR SS:[ESP+48],ESP
006262B1 66:51 PUSH CX
006262B3 8D6424 01 LEA ESP,[ESP+1]
006262B7 66:54 PUSH SP
006262B9 66:FF3424 PUSH WORD PTR SS:[ESP]
006262BD 8D6424 01 LEA ESP,[ESP+1]
006262C1 66:FF7424 01 PUSH WORD PTR SS:[ESP+1]
006262C6 66:890C24 MOV WORD PTR SS:[ESP],CX
006262CA 9C PUSHFD
006262CB 66:895424 04 MOV WORD PTR SS:[ESP+4],DX
006262D0 60 PUSHAD
006262D1 8D6424 02 LEA ESP,[ESP+2]
006262D5 896C24 6C MOV DWORD PTR SS:[ESP+6C],EBP
006262D9 66:55 PUSH BP
006262DB 8D6424 01 LEA ESP,[ESP+1]
006262DF 8D2424 LEA ESP,[ESP]
006262E2 9C PUSHFD
006262E3 66:FF7424 01 PUSH WORD PTR SS:[ESP+1]
006262E8 8D6424 03 LEA ESP,[ESP+3]
006262EC 897424 6C MOV DWORD PTR SS:[ESP+6C],ESI
006262F0 60 PUSHAD
006262F1 897C24 0D MOV DWORD PTR SS:[ESP+0D],EDI
006262F5 66:8F4424 07 POP WORD PTR SS:[ESP+7]
006262FA 66:52 PUSH DX
006262FC 66:8F4424 1B POP WORD PTR SS:[ESP+1B]
00626301 895424 03 MOV DWORD PTR SS:[ESP+3],EDX
00626305 66:8F4424 04 POP WORD PTR SS:[ESP+4]
0062630A 8F4424 0F POP DWORD PTR SS:[ESP+0F]
0062630E 8D6424 04 LEA ESP,[ESP+4]
00626312 FF7424 08 PUSH DWORD PTR SS:[ESP+8]
00626316 886424 12 MOV BYTE PTR SS:[ESP+12],AH
0062631A 89BC24 80000000 MOV DWORD PTR SS:[ESP+80],EDI
00626321 8DA424 80000000 LEA ESP,[ESP+80]
00626328 64:8B05 3000000 MOV EAX,DWORD PTR FS:[30]
0062632F 8B40 0C MOV EAX,DWORD PTR DS:[EAX+0C]
00626332 8B40 1C MOV EAX,DWORD PTR DS:[EAX+1C]
00626335 8B00 MOV EAX,DWORD PTR DS:[EAX]
00626337 8B40 08 MOV EAX,DWORD PTR DS:[EAX+8]
0062633A 50 PUSH EAX
0062633B ^ E9 80FDFFFF JMP 006260C0
00626340 17 POP SS ; Modification of segment register
00626341 8111 7083D0C7 ADC DWORD PTR DS:[ECX],C7D08370
00626347 52 PUSH EDX
00626348 C0A7 526724BE 2 SHL BYTE PTR DS:[EDI+BE246752],2C ; Shift out of range
0062634F 4B DEC EBX
00626350 C6 DB C6 ; Unknown command
00626351 FE4CD5 45 DEC BYTE PTR SS:[EDX*8+EBP+45]
00626355 2C DF SUB AL,0DF
00626357 5A POP EDX
00626358 39A7 3752A128 CMP DWORD PTR DS:[EDI+28A15237],ESP
0062635E DA58 CE FICOMP DWORD PTR DS:[EAX-32]
00626361 A9 5894FC7D TEST EAX,7DFC9458
00626366 ED IN EAX,DX ; I/O command
00626367 ^ 74 87 JE SHORT 006262F0
00626369 6BAD 33A3C635 C IMUL EBP,DWORD PTR SS:[EBP+35C6A333],-39
00626370 ^ 76 F5 JBE SHORT 00626367
00626372 65:0C FF OR AL,FF ; Superfluous segment override prefix
00626375 0901 OR DWORD PTR DS:[ECX],EAX
00626377 8515 7C8F7364 TEST DWORD PTR DS:[64738F7C],EDX
0062637D E1 71 LOOPE SHORT 006263F0
0062637F 10E3 ADC BL,AH
00626381 3D 12960463 CMP EAX,63049612
00626386 9E SAHF
00626387 4C DEC ESP
00626388 D5 50 AAD 50
0062638A C6 DB C6 ; Unknown command
0062638B A1 50A78C06 MOV EAX,DWORD PTR DS:[68CA750]
00626390 94 XCHG EAX,ESP
00626391 F3:0E REP PUSH CS ; Superfluous REPxx prefix
00626393 C2 57DC RETN 0DC57
00626396 72 15 JB SHORT 006263AD
00626398 E4 3E IN AL,3E ; I/O command
0062639A FB STI
0062639B ^ 71 E1 JNO SHORT 0062637E
0062639D 8073 D6 0C XOR BYTE PTR DS:[EBX-2A],0C
006263A1 8B1B MOV EBX,DWORD PTR DS:[EBX]
006263A3 ^ 7E 8D JLE SHORT 00626332
006263A5 DECA FMULP ST(2),ST
006263A7 44 INC ESP
006263A8 DABD 4C703ABB FIDIVR DWORD PTR SS:[EBP+BB3A704C]
006263AE 2B4E BD SUB ECX,DWORD PTR DS:[ESI-43]
006263B1 F7C8 44DABD4C TEST EAX,4CBDDA44 ; Undocumented instruction or encoding
006263B7 3990 23B3D625 CMP DWORD PTR DS:[EAX+25D6B323],EDX
006263BD ^ 75 E8 JNE SHORT 006263A7
006263BF ^ 7A E8 JPE SHORT 006263A9
006263C1 8F DB 8F ; Unknown command
006263C2 7A 31 JPE SHORT 006263F5
006263C4 F60F B7 TEST BYTE PTR DS:[EDI],B7 ; Undocumented instruction or encoding
006263C7 58 POP EAX
006263C8 3C 03 CMP AL,3
006263CA D866 81 FSUB DWORD PTR DS:[ESI-7F]
006263CD 3B50 45 CMP EDX,DWORD PTR DS:[EAX+45]
006263D0 ^ 0F84 4CBCFFFF JE 00622022
006263D6 ^ E9 B9FDFFFF JMP 00626194
006263DB DE53 C3 FICOM WORD PTR DS:[EBX-3D]
006263DE A6 CMPS BYTE PTR DS:[ESI],BYTE PTR ES:[EDI]
006263DF 55 PUSH EBP
006263E0 07 POP ES ; Modification of segment register
006263E1 EB 79 JMP SHORT 0062645C
006263E3 - E9 887B14D8 JMP D876DF70
006263E8 4F DEC EDI
006263E9 DFBA 496E0294 FISTP QWORD PTR DS:[EDX+94026E49]
006263EF 0A6D 9C OR CH,BYTE PTR SS:[EBP-64]
006263F2 F8 CLC
006263F3 F667 F7 MUL BYTE PTR DS:[EDI-9]
006263F6 92 XCHG EAX,EDX
006263F7 61 POPAD
006263F8 2888 1CB2D524 SUB BYTE PTR DS:[EAX+24D5B21C],CL
006263FE 75 60 JNE SHORT 00626460
00626400 FB STI
00626401 6B0E FD IMUL ECX,DWORD PTR DS:[ESI],-3
00626404 CE INTO
00626405 98 CWDE
00626406 0290 F7023A85 ADD DL,BYTE PTR DS:[EAX+853A02F7]
0062640C 1E PUSH DS
0062640D 8CEB MOV EBX,GS
0062640F 26:A1 C850C6A1 MOV EAX,DWORD PTR ES:[A1C650C8]
00626415 50 PUSH EAX
00626416 D7 XLAT BYTE PTR DS:[EBX+AL]
00626417 0181 1170834D ADD DWORD PTR DS:[ECX+4D837011],EAX
0062641D B8 39A9C83B MOV EAX,3BC8A939
00626422 D7 XLAT BYTE PTR DS:[EBX+AL]
00626423 BA 3AA8CF3A MOV EDX,3ACFA83A
00626428 CE INTO
00626429 6A E9 PUSH -17
0062642B 79 18 JNS SHORT 00626445
0062642D EB 1D JMP SHORT 0062644C
0062642F B3 3B MOV BL,3B
00626431 AB STOS DWORD PTR ES:[EDI]
00626432 CE INTO
00626433 3D C55CD949 CMP EAX,49D95CC5
00626438 28DB SUB BL,BL
0062643A 05 B943D3B6 ADD EAX,B6D343B9
0062643F 45 INC EBP
00626440 91 XCHG EAX,ECX
00626441 DC05 BFE69C64 FADD QWORD PTR DS:[649CE6BF]
00626447 874424 04 XCHG DWORD PTR SS:[ESP+4],EAX
0062644B 9D POPFD
0062644C 64:FF35 0000000 PUSH DWORD PTR FS:[0]
00626453 64:8925 0000000 MOV DWORD PTR FS:[0],ESP
0062645A 60 PUSHAD
0062645B 66:0FC9 BSWAP CX
0062645E 8AC5 MOV AL,CH
00626460 8AF0 MOV DH,AL
00626462 8A0C24 MOV CL,BYTE PTR SS:[ESP]
00626465 0F93C1 SETNB CL
00626468 8BCA MOV ECX,EDX
0062646A 93 XCHG EAX,EBX
0062646B 0FC9 BSWAP ECX
0062646D 8D80 8E1DBF3F LEA EAX,[EAX+3FBF1D8E]
00626473 8A2C24 MOV CH,BYTE PTR SS:[ESP]
00626476 0F94C5 SETE CH
00626479 61 POPAD
0062647A 60 PUSHAD
0062647B 8D6424 04 LEA ESP,[ESP+4]
0062647F 8D6424 16 LEA ESP,[ESP+16]
00626483 8D6424 04 LEA ESP,[ESP+4]
00626487 60 PUSHAD
00626488 8D6424 02 LEA ESP,[ESP+2]
0062648C 8D6424 20 LEA ESP,[ESP+20]
00626490 ^ E9 CFFBFFFF JMP 00626064
00626495 04 87 ADD AL,87
00626497 17 POP SS ; Modification of segment register
00626498 ^ 72 81 JB SHORT 0062641B
0062649A 78 3C JS SHORT 006264D8
0062649C B6 24 MOV DH,24
0062649E 43 INC EBX
0062649F BE 72AF24BA MOV ESI,BA24AF72
006264A4 DD DB DD ; Unknown command
006264A5 2C F6 SUB AL,0F6
006264A7 A4 MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
006264A8 2C A2 SUB AL,0A2
006264AA C53493 LDS ESI,FWORD PTR DS:[EDX*4+EBX] ; Modification of segment register
006264AD 27 DAA
006264AE AE SCAS BYTE PTR ES:[EDI]
006264AF 3C 5B CMP AL,5B
006264B1 B6 E3 MOV DH,0E3
006264B3 EF OUT DX,EAX ; I/O command
006264B4 67:F792 6153 NOT DWORD PTR SS:[BP+SI+5361]
006264B9 55 PUSH EBP
006264BA DA48 2F FIMUL DWORD PTR DS:[EAX+2F]
006264BD DA96 94188EE9 FICOM DWORD PTR DS:[ESI+E98E1894]
006264C3 186D AC SBB BYTE PTR SS:[EBP-54],CH
006264C6 27 DAA
006264C7 B7 D2 MOV BH,0D2
006264C9 2179 19 AND DWORD PTR DS:[ECX+19],EDI
006264CC 8919 MOV DWORD PTR DS:[ECX],EBX
006264CE ^ 78 8B JS SHORT 0062645B
006264D0 C2 9207 RETN 792
006264D3 97 XCHG EAX,EDI
006264D4 F2:015B 91 REPNE ADD DWORD PTR DS:[EBX-6F],EBX ; Superfluous REPxx prefix
006264D8 07 POP ES ; Modification of segment register
006264D9 97 XCHG EAX,EDI
006264DA F2:0162 FB REPNE ADD DWORD PTR DS:[EDX-5],ESP ; Superfluous REPxx prefix
006264DE 6A F8 PUSH -8
006264E0 9F LAHF
006264E1 6A 53 PUSH 53
006264E3 6C INS BYTE PTR ES:[EDI],DX ; I/O command
006264E4 FA CLI
006264E5 68 0FFA9ED4 PUSH D49EFA0F
006264EA 41 INC ECX
006264EB D1B0 43067AEE SAL DWORD PTR DS:[EAX+EE7A0643],1 ; Undocumented instruction or encoding
006264F1 7C 1B JL SHORT 0062650E
006264F3 F6A7 930694F3 MUL BYTE PTR DS:[EDI+F3940693]
006264F9 0E PUSH CS
006264FA 3BFA CMP EDI,EDX
006264FC 60 PUSHAD
006264FD F691 60581089 NOT BYTE PTR DS:[ECX+89105860]
00626503 1978 8B SBB DWORD PTR DS:[EAX-75],EDI
00626506 0E PUSH CS
00626507 58 POP EAX
00626508 C056 31 C0 RCL BYTE PTR DS:[ESI+31],0C0 ; Shift out of range
0062650C 47 INC EDI
0062650D 3F AAS
0062650E C3 RETN
0062650F 53 PUSH EBX
00626510 36:C50F LDS ECX,FWORD PTR SS:[EDI] ; Modification of segment register
00626513 40 INC EAX
00626514 C151 30 C3 RCL DWORD PTR DS:[ECX+30],0C3 ; Shift out of range
00626518 2F DAS
00626519 8202 90 ADD BYTE PTR DS:[EDX],90
0062651C F702 F663E270 TEST DWORD PTR DS:[EDX],70E263F6
00626522 17 POP SS ; Modification of segment register
00626523 E2 16 LOOP SHORT 0062653B
00626525 96 XCHG EAX,ESI
00626526 1086 E110EE70 ADC BYTE PTR DS:[ESI+70EE10E1],AL
0062652C F5 CMC
0062652D 65:0C FF OR AL,FF ; Superfluous segment override prefix
00626530 219410 86E110C2 AND DWORD PTR DS:[EDX+EAX+C210E186],EDX
00626537 5E POP ESI
00626538 D9 DB D9 ; Unknown command
00626539 49 DEC ECX
0062653A 28DB SUB BL,BL
0062653C 2E:57 PUSH EDI ; Superfluous segment override prefix
0062653E E3 73 JECXZ SHORT 006265B3
00626540 16 PUSH SS
00626541 E5 2F IN EAX,2F ; I/O command
00626543 26:B3 23 MOV BL,23 ; Superfluous segment override prefix
00626546 46 INC ESI
00626547 B5 69 MOV CH,69
00626549 48 DEC EAX
0062654A C056 31 C0 RCL BYTE PTR DS:[ESI+31],0C0 ; Shift out of range
0062654E 67:FA CLI ; Superfluous address size prefix
00626550 ^ 71 E1 JNO SHORT 00626533
00626552 8073 24 EC XOR BYTE PTR DS:[EBX+24],EC
00626556 62F0 BOUND ESI,EAX ; Illegal use of register
00626558 97 XCHG EAX,EDI
00626559 625E 02 BOUND EBX,QWORD PTR DS:[ESI+2]
0062655C 93 XCHG EAX,EBX
0062655D 0366 95 ADD ESP,DWORD PTR DS:[ESI-6B]
00626560 DFB0 3CD2B544 FBSTP TBYTE PTR DS:[EAX+44B5D23C]
00626566 3163 EE XOR DWORD PTR DS:[EBX-12],ESP
00626569 7C 1B JL SHORT 00626586
0062656B F6A0 CE5CF295 MUL BYTE PTR DS:[EAX+95F25CCE]
00626571 64:2F DAS ; Superfluous segment override prefix
00626573 1889 19788BDD SBB BYTE PTR DS:[ECX+DD8B7819],CL
00626579 25 BB2B4EBD AND EAX,BD4E2BBB
0062657E D6 SALC ; Undocumented instruction or encoding
0062657F 1F POP DS ; Modification of segment register
00626580 8E1C7B MOV DS,WORD PTR DS:[EDI*2+EBX] ; Modification of segment register
00626583 96 XCHG EAX,ESI
00626584 AF SCAS DWORD PTR ES:[EDI]
00626585 37 AAA
00626586 A7 CMPS DWORD PTR DS:[ESI],DWORD PTR ES:[ED
00626587 37 AAA
00626588 52 PUSH EDX
00626589 A1 CB188D1D MOV EAX,DWORD PTR DS:[1D8D18CB]
0062658E 64:97 XCHG EAX,EDI ; Superfluous segment override prefix
00626590 D2F9 SAR CL,CL
00626592 ^ 73 E3 JNB SHORT 00626577
00626594 8675 22 XCHG BYTE PTR SS:[EBP+22],DH
00626597 C2 55C5 RETN 0C555
0062659A AC LODS BYTE PTR DS:[ESI]
0062659B 5F POP EDI
0062659C 68 29B12140 PUSH 4021B129
006265A1 B3 89 MOV BL,89
006265A3 FE DB FE ; Unknown command
006265A4 6BFB 9E IMUL EDI,EBX,-62
006265A7 6D INS DWORD PTR ES:[EDI],DX ; I/O command
006265A8 EC IN AL,DX ; I/O command
006265A9 8E16 MOV SS,WORD PTR DS:[ESI] ; Modification of segment register
006265AB 84E3 TEST BL,AH
006265AD 1E PUSH DS
006265AE 99 CDQ
006265AF 93 XCHG EAX,EBX
006265B0 17 POP SS ; Modification of segment register
006265B1 87E2 XCHG EDX,ESP
006265B3 11D3 ADC EBX,EDX
006265B5 35 B62443BE XOR EAX,BE4324B6
006265BA 50 PUSH EAX
006265BB 66:E6 74 OUT 74,AL ; Superfluous operand size prefix
006265BE 13EE ADC EBP,ESI
006265C0 1ACF SBB CL,BH
006265C2 4E DEC ESI
006265C3 DCBB 56A21A9C FDIVR QWORD PTR DS:[EBX+9C1AA256]
006265C9 3255 A4 XOR DL,BYTE PTR SS:[EBP-5C]
006265CC 5A POP EDX
006265CD 33B42A 4DBC60B0 XOR ESI,DWORD PTR DS:[EBP+EDX+B060BC4D]
006265D4 34 AA XOR AL,AA
006265D6 CD 3C INT 3C
006265D8 EE OUT DX,AL ; I/O command
006265D9 16 PUSH SS
006265DA 91 XCHG EAX,ECX
006265DB 0160 93 ADD DWORD PTR DS:[EAX-6D],ESP
006265DE 66:D5 5D AAD 5D ; Superfluous operand size prefix
006265E1 CD 94 INT 94
006265E3 67:A9 9B1086E1 TEST EAX,E186109B ; Superfluous address size prefix
006265E9 10CA ADC DL,CL
006265EB 1399 09689B3E ADC EBX,DWORD PTR DS:[ECX+3E9B6809]
006265F1 B4 43 MOV AH,43
006265F3 D3B6 45168509 SAL DWORD PTR DS:[ESI+9851645],CL ; Undocumented instruction or encoding
006265F9 99 CDQ
006265FA F8 CLC
006265FB 0B35 A62FBFDA OR ESI,DWORD PTR DS:[DABF2FA6]
00626601 297B B9 SUB DWORD PTR DS:[EBX-47],EDI
00626604 3BAB CE3D4E64 CMP EBP,DWORD PTR DS:[EBX+644E3DCE]
0062660A EF OUT DX,EAX ; I/O command
0062660B 7F 1A JG SHORT 00626627
0062660D - E9 A123B727 JMP 281989B3
00626612 42 INC EDX
00626613 B1 F4 MOV CL,0F4
00626615 CC INT3
00626616 5D POP EBP
00626617 CD 94 INT 94
00626619 67:31DB XOR EBX,EBX ; Superfluous address size prefix
0062661C 49 DEC ECX
0062661D D9B8 4B2464FB FSTCW WORD PTR DS:[EAX+FB64244B]
00626623 6B0E FD IMUL ECX,DWORD PTR DS:[ESI],-3
00626626 C2 9D09 RETN 99D
00626629 99 CDQ
0062662A F8 CLC
0062662B 0B6D A1 OR EBP,DWORD PTR SS:[EBP-5F]
0062662E 36:A4 MOVS BYTE PTR ES:[EDI],BYTE PTR SS:[ESI]
00626630 C3 RETN
00626631 3E:79 17 +JNS SHORT 0062664B
00626634 8111 7083D0F4 ADC DWORD PTR DS:[ECX],F4D08370
0062663A 67:F792 615A NOT DWORD PTR SS:[BP+SI+5A61]
0062663F 4D DEC EBP
00626640 D5 45 AAD 45
00626642 2C DF SUB AL,0DF
00626644 E5 45 IN EAX,45 ; I/O command
00626646 DE4C2B E6 FIMUL WORD PTR DS:[EBP+EBX-1A]
0062664A 61 POPAD
0062664B 39A7 3752A128 CMP DWORD PTR DS:[EDI+28A15237],ESP
00626651 66:E4 7A IN AL,7A ; Superfluous operand size prefix
00626654 1D EC2047C4 SBB EAX,C44720EC
00626659 5A POP EDX
0062665A 3D CC225BD9 CMP EAX,D95B22CC
0062665F 49 DEC ECX
00626660 28DB SUB BL,BL
00626662 2D FA79E988 SUB EAX,88E979FA
00626667 ^ 7B 8D JPO SHORT 006265F6
00626669 BA 3CD2B544 MOV EDX,44B5D23C
0062666E BA F677E782 MOV EDX,82E777F6
00626673 ^ 71 A3 JNO SHORT 00626618
00626675 ^ 7E FA JLE SHORT 00626671
00626677 68 0FFA286E PUSH 6E28FA0F
0062667C - E9 7918EB1E JMP 1F4D7EFA
00626681 4C DEC ESP
00626682 C6 DB C6 ; Unknown command
00626683 54 PUSH ESP
00626684 33CE XOR ECX,ESI
00626686 02149D 0D54A77F ADD DL,BYTE PTR DS:[EBX*4+7FA7540D]
0062668D 0C 84 OR AL,84
0062668F 1A7D 8C SBB BH,BYTE PTR SS:[EBP-74]
00626692 2BEB SUB EBP,EBX
00626694 62F0 BOUND ESI,EAX ; Illegal use of register
00626696 97 XCHG EAX,EDI
00626697 6237 BOUND ESI,QWORD PTR DS:[EDI]
00626699 CF IRETD ; Far jump or call
0062669A 47 INC EDI
0062669B D7 XLAT BYTE PTR DS:[EBX+AL]
0062669C B2 41 MOV DL,41
0062669E 73 39 JNB SHORT 006266D9
006266A0 B6 24 MOV DH,24
006266A2 43 INC EBX
006266A3 BE F231C353 MOV ESI,53C331F2
006266A8 36:C5B6 FC77E78 LDS ESI,FWORD PTR SS:[ESI+82E777FC] ; Modification of segment register
006266AF 71 29 JNO SHORT 006266DA
006266B1 9A 089EF908 430 CALL FAR 0C43:08F99E08 ; Far jump or call
006266B8 9D POPFD
006266B9 0D 54A7F11B OR EAX,1BF1A754
006266BE 8919 MOV DWORD PTR DS:[ECX],EBX
006266C0 ^ 78 8B JS SHORT 0062664D
006266C2 E4 55 IN AL,55 ; I/O command
006266C4 C45A 3D LES EBX,FWORD PTR DS:[EDX+3D] ; Modification of segment register
006266C7 CC INT3
006266C8 F5 CMC
006266C9 D4 42 AAM 42
006266CB D0B7 422626B7 SAL BYTE PTR DS:[EDI+B7262642],1 ; Undocumented instruction or encoding
006266D1 27 DAA
006266D2 42 INC EDX
006266D3 B1 F8 MOV CL,0F8
006266D5 F5 CMC
006266D6 67:F792 613E NOT DWORD PTR SS:[BP+SI+3E61]
006266DB BB 2EBCDB36 MOV EBX,36DBBC2E
006266E0 03E0 ADD ESP,EAX
006266E2 ^ 7A E8 JPE SHORT 006266CC
006266E4 8F DB 8F ; Unknown command
006266E5 7A 42 JPE SHORT 00626729
006266E7 95 XCHG EAX,EBP
006266E8 0E PUSH CS
006266E9 9C PUSHFD
006266EA FB STI
006266EB 16 PUSH SS
006266EC 91 XCHG EAX,ECX
006266ED 029A 086F9A1D ADD BL,BYTE PTR DS:[EDX+1D9A6F08]
006266F3 8F DB 8F ; Unknown command
006266F4 1383 E615DF04 ADC EAX,DWORD PTR DS:[EBX+4DF15E6]
006266FA 8515 7C8F637F TEST DWORD PTR DS:[7F638F7C],EDX
00626700 FD STD
00626701 6D INS DWORD PTR ES:[EDI],DX ; I/O command
00626702 F4 HLT ; Privileged instruction
00626703 07 POP ES ; Modification of segment register
00626704 F1 INT1 ; Undocumented instruction or encoding
00626705 3BBA 284FBA4E CMP EDI,DWORD PTR DS:[EDX+4EBA4F28]
0062670B 97 XCHG EAX,EDI
0062670C 17 POP SS ; Modification of segment register
0062670D 87E2 XCHG EDX,ESP
0062670F 11E1 ADC ECX,ESP
00626711 15 92006792 ADC EAX,92670092
00626716 4E DEC ESI
00626717 66:E2 70 LOOP SHORT 678A ; 16-bit jump or call
0062671A 17 POP SS ; Modification of segment register
0062671B E2 30 LOOP SHORT 0062674D
0062671D CF IRETD ; Far jump or call
0062671E 4A DEC EDX
0062671F D8BF 4ABD7EF4 FDIVR DWORD PTR DS:[EDI+F47EBD4A]
00626725 6A 0D PUSH 0D
00626727 FC CLD
00626728 30E1 XOR CL,AH
0062672A 6A F8 PUSH -8
0062672C 9F LAHF
0062672D 6A B0 PUSH -50
0062672F 9E SAHF
00626730 16 PUSH SS
00626731 84E3 TEST BL,AH
00626733 1E PUSH DS
00626734 B9 32B92948 MOV ECX,4829B932
00626739 BB EC37BF2F MOV EBX,2FBF37EC
0062673E 4A DEC EDX
0062673F B9 FB951A88 MOV ECX,881A95FB
00626744 EF OUT DX,EAX ; I/O command
00626745 1A56 C8 SBB DL,BYTE PTR DS:[ESI-38]
00626748 44 INC ESP
00626749 DABD 4C39189B FIDIVR DWORD PTR SS:[EBP+9B18394C]
0062674F 0B6E 9D OR EBP,DWORD PTR DS:[ESI-63]
00626752 CD 97 INT 97
00626754 0B9B FE0D402E OR EBX,DWORD PTR DS:[EBX+2E400DFE]
0062675A C3 RETN
0062675B 53 PUSH EBX
0062675C 36:C597 7DF3630 LDS EDX,FWORD PTR SS:[EDI+663F37D] ; Modification of segment register
00626763 F5 CMC
00626764 9E SAHF
00626765 90 NOP
00626766 07 POP ES ; Modification of segment register
00626767 97 XCHG EAX,EDI
00626768 F2:0136 REPNE ADD DWORD PTR DS:[ESI],ESI ; Superfluous REPxx prefix
0062676B 5F POP EDI
0062676C CF IRETD ; Far jump or call
0062676D 5F POP EDI
0062676E 3AC9 CMP CL,CL
00626770 B3 09 MOV BL,9
00626772 9E SAHF
00626773 0C 6B OR AL,6B
00626775 A6 CMPS BYTE PTR DS:[ESI],BYTE PTR ES:[EDI]
00626776 E1 88 LOOPE SHORT 00626700
00626778 1C B2 SBB AL,0B2
0062677A D5 24 AAD 24
0062677C ^ 75 F4 JNE SHORT 00626772
0062677E 67:F792 615A NOT DWORD PTR SS:[BP+SI+5A61]
00626783 BB 27B7D221 MOV EBX,21D2B727
00626788 17 POP SS ; Modification of segment register
00626789 F0:69F9 986BEEE LOCK IMUL EDI,ECX,-1D119468 ; LOCK prefix is not allowed
00626790 ^ 7A E8 JPE SHORT 0062677A
00626792 8F DB 8F ; Unknown command
00626793 ^ 7A FD JPE SHORT 00626792
00626795 D85A C8 FCOMP DWORD PTR DS:[EDX-38]
00626798 AF SCAS DWORD PTR ES:[EDI]
00626799 5A POP EDX
0062679A 96 XCHG EAX,ESI
0062679B FF DB FF ; Unknown command
0062679C 7C 12 JL SHORT 006267B0
0062679E ^ 75 84 JNE SHORT 00626724
006267A0 6A 68 PUSH 68
006267A2 E8 7E19E81C CALL 1D4A8125
006267A7 FE DB FE ; Unknown command
006267A8 ^ 7D ED JGE SHORT 00626797
006267AA ^ 74 87 JE SHORT 00626733
006267AC 71 75 JNO SHORT 00626823
006267AE F1 INT1 ; Undocumented instruction or encoding
006267AF 61 POPAD
006267B0 00F3 ADD BL,DH
006267B2 - 0F85 0290F702 JNE 0359F7BA
006267B8 DE43 C5 FIADD WORD PTR DS:[EBX-3B]
006267BB 55 PUSH EBP
006267BC 3C CF CMP AL,0CF
006267BE 1F POP DS ; Modification of segment register
006267BF 8A0D 9DE417E2 MOV CL,BYTE PTR DS:[E217E49D]
006267C5 96 XCHG EAX,ESI
006267C6 1C B2 SBB AL,0B2
006267C8 D5 24 AAD 24
006267CA E8 AD26B4D3 CALL D4168E7C
006267CF 2E:F4 HLT ; Superfluous segment override prefix
006267D1 1E PUSH DS
006267D2 96 XCHG EAX,ESI
006267D3 04 63 ADD AL,63
006267D5 9E SAHF
006267D6 39A1 28BED928 CMP DWORD PTR DS:[ECX+28D9BE28],ESP
006267DC ^ 7D EB JGE SHORT 006267C9
006267DE 6BFB 9E IMUL EDI,EBX,-62
006267E1 6D INS DWORD PTR ES:[EDI],DX ; I/O command
006267E2 57 PUSH EDI
006267E3 2BA43A 5DACE0B7 SUB ESP,DWORD PTR DS:[EDI+EDX+B7E0AC5D]
006267EA 39A9 C83B4C70 CMP DWORD PTR DS:[ECX+704C3BC8],EBP
006267F0 0393 F605554D ADD EDX,DWORD PTR DS:[EBX+4D5505F6]
006267F6 DD4D 14 FISTTP QWORD PTR SS:[EBP+14]
006267F9 E7 AE OUT 0AE,EAX ; I/O command
006267FB 31A2 3057A2F6 XOR DWORD PTR DS:[EDX+F6A25730],ESP
00626801 E3 71 JECXZ SHORT 00626874
00626803 E1 80 LOOPE SHORT 00626785
00626805 73 1C JNB SHORT 00626823
00626807 B2 21 MOV DL,21
00626809 B1 D0 MOV CL,0D0
0062680B 2318 AND EBX,DWORD PTR DS:[EAX]
0062680D C551 C1 LDS EDX,FWORD PTR DS:[ECX-3F] ; Modification of segment register
00626810 A0 533566F7 MOV AL,BYTE PTR DS:[F7663553]
00626815 67:02F1 ADD DH,CL ; Superfluous address size prefix
00626818 B8 3BAD3D44 MOV EAX,443DAD3B
0062681D B7 E4 MOV BH,0E4
0062681F 81148A ED1C295D ADC DWORD PTR DS:[ECX*4+EDX],5D291CED
00626826 C555 3C LDS EDX,FWORD PTR SS:[EBP+3C] ; Modification of segment register
00626829 CF IRETD ; Far jump or call
0062682A F5 CMC
0062682B ^ 71 EA JNO SHORT 00626817
0062682D 78 1F JS SHORT 0062684E
0062682F EA 6D871D8D D42 JMP FAR 27D4:8D1D876D ; Far jump or call
00626836 A2 941684E3 MOV BYTE PTR DS:[E3841694],AL
0062683B 1E PUSH DS
0062683C D2A1 22B0D722 SHL BYTE PTR DS:[ECX+22D7B022],CL
00626842 CC INT3
00626843 95 XCHG EAX,EBP
00626844 1B8B EE1DEF8E SBB ECX,DWORD PTR DS:[EBX+8EEF1DEE]
0062684A 0D 9DE417E1 OR EAX,E117E49D
0062684F 8E08 MOV CS,WORD PTR DS:[EAX] ; Invalid segment register
00626851 9E SAHF
00626852 F9 STC
00626853 08F6 OR DH,DH
00626855 A3 24BADD2C MOV DWORD PTR DS:[2CDDBA24],EAX
0062685A F0:0E LOCK PUSH CS ; LOCK prefix is not allowed
0062685C 8A18 MOV BL,BYTE PTR DS:[EAX]
0062685E ^ 7F 8A JG SHORT 006267EA
00626860 58 POP EAX
00626861 ^ F3:76 E4 REP JBE SHORT 00626848 ; Superfluous REPxx prefix
00626864 837E 89 6D CMP DWORD PTR DS:[ESI-77],6D
00626868 E5 75 IN EAX,75 ; I/O command
0062686A 1C EF SBB AL,0EF
0062686C 212F AND DWORD PTR DS:[EDI],EBP
0062686E A4 MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
0062686F 3A5D AC CMP BL,BYTE PTR SS:[EBP-54]
00626872 ^ 76 93 JBE SHORT 00626807
00626874 1989 E81BBE41 SBB DWORD PTR DS:[ECX+41BE1BE8],ECX
0062687A C8 5E39 C8 ENTER 395E,0C8
0062687E 9D POPFD
0062687F 800E 9C OR BYTE PTR DS:[ESI],9C
00626882 FB STI
00626883 16 PUSH SS
00626884 2A78 F5 SUB BH,BYTE PTR DS:[EAX-0B]
00626887 65:0C FF OR AL,FF ; Superfluous segment override prefix
0062688A B1 91 MOV CL,91
0062688C 23B3 D6255694 AND ESI,DWORD PTR DS:[EBX+945625D6]
00626892 1F POP DS ; Modification of segment register
00626893 8F DB 8F ; Unknown command
00626894 EA 1971BC2E BCD JMP FAR DBBC:2EBC7119 ; Far jump or call
0062689B 36:7D 0D JGE SHORT 006268AB ; Superfluous segment override prefix
0062689E 9E SAHF
0062689F 0C 6B OR AL,6B
006268A1 A6 CMPS BYTE PTR DS:[ESI],BYTE PTR ES:[EDI]
006268A2 F2:C2 52C0 REPNE RETN 0C052 ; Superfluous REPxx prefix
006268A6 A7 CMPS DWORD PTR DS:[ESI],DWORD PTR ES:[ED
006268A7 52 PUSH EDX
006268A8 3F AAS
006268A9 C9 LEAVE
006268AA 58 POP EAX
006268AB CE INTO
006268AC A9 5861AF3F TEST EAX,3FAF6158
006268B1 AF SCAS DWORD PTR ES:[EDI]
006268B2 CA 3923 RETF 2339 ; Far jump or call
006268B5 DB4CC2 A5 FISTTP DWORD PTR DS:[EAX*8+EDX-5B]
006268B9 54 PUSH ESP
006268BA 1377 E1 ADC ESI,DWORD PTR DS:[EDI-1F]
006268BD 71 10 JNO SHORT 006268CF
006268BF E3 B0 JECXZ SHORT 00626871
006268C1 60 PUSHAD
006268C2 FB STI
006268C3 6B0E FD IMUL ECX,DWORD PTR DS:[ESI],-3
006268C6 CE INTO
006268C7 2F DAS
006268C8 BB 2B4EBD83 MOV EBX,83BD4E2B
006268CD 841D 8DD427A2 TEST BYTE PTR DS:[A227D48D],BL
006268D3 ^ 71 EF JNO SHORT 006268C4
006268D5 7F 1A JG SHORT 006268F1
006268D7 - E9 7033B727 JMP 28199C4C
006268DC 42 INC EDX
006268DD B1 73 MOV CL,73
006268DF AE SCAS BYTE PTR ES:[EDI]
006268E0 33A3 C635DD6F XOR ESP,DWORD PTR DS:[EBX+6FDD35C6]
006268E6 ED IN EAX,DX ; I/O command
006268E7 7D 04 JGE SHORT 006268ED
006268E9 F701 901787E2 TEST DWORD PTR DS:[ECX],E2871790
006268EF 11EB ADC EBX,EBP
006268F1 30B6 2443BE40 XOR BYTE PTR DS:[ESI+40BE4324],DH
006268F7 8005 95FC0FD1 A ADD BYTE PTR DS:[D10FFC95],0AE
006268FE 2AB8 DF2AF8ED SUB BH,BYTE PTR DS:[EAX+EDF82ADF]
00626904 68 FE99689F PUSH 9F6899FE
00626909 5C POP ESP
0062690A D6 SALC ; Undocumented instruction or encoding
0062690B 44 INC ESP
0062690C 23DE AND EBX,ESI
0062690E 12FB ADC BH,BL
00626910 ^ 70 E6 JO SHORT 006268F8
00626912 8170 AA 39B7274 XOR DWORD PTR DS:[EAX-56],4227B739
00626919 B1 18 MOV CL,18
0062691B 1990 066190C5 SBB DWORD PTR DS:[EAX+C5906106],EDX
00626921 B3 43 MOV BL,43
00626923 D3B6 457F47C8 SAL DWORD PTR DS:[ESI+C8477F45],CL ; Undocumented instruction or encoding
00626929 5E POP ESI
0062692A 39C8 CMP EAX,ECX
0062692C 84AF 21B1D023 TEST BYTE PTR DS:[EDI+23D0B121],CH
00626932 54 PUSH ESP
00626933 AC LODS BYTE PTR DS:[ESI]
00626934 27 DAA
00626935 B7 D2 MOV BH,0D2
00626937 2179 AD AND DWORD PTR DS:[ECX-53],EDI
0062693A 3D ADB4470E CMP EAX,0E47B4AD
0062693F 93 XCHG EAX,EBX
00626940 0096 F10054B5 ADD BYTE PTR DS:[ESI+B55400F1],DL
00626946 2BBB DE2D46DF SUB EDI,DWORD PTR DS:[EBX+DF462DDE]
0062694C 4E DEC ESI
0062694D DCBB 566FD84E FDIVR QWORD PTR DS:[EBX+4ED86F56]
00626953 DCBB 5632FA73 FDIVR QWORD PTR DS:[EBX+USP10.73FA3256]
00626959 E3 86 JECXZ SHORT 006268E1
0062695B 75 34 JNE SHORT 00626991
0062695D C6 DB C6 ; Unknown command
0062695E 52 PUSH EDX
0062695F C0A7 520329BC 5 SHL BYTE PTR DS:[EDI+BC290352],52 ; Shift out of range
00626966 35 C4F1EA70 XOR EAX,70EAF1C4
0062696B E6 81 OUT 81,AL ; I/O command
0062696D 70 48 JO SHORT 006269B7
0062696F 49 DEC ECX
00626970 D240 27 ROL BYTE PTR DS:[EAX+27],CL
00626973 D255 68 RCL BYTE PTR SS:[EBP+68],CL
00626976 F0:66:01F0 LOCK ADD AX,SI
0062697A 77 45 JA SHORT 006269C1
0062697C C555 3C LDS EDX,FWORD PTR SS:[EBP+3C] ; Modification of segment register
0062697F CF IRETD ; Far jump or call
00626980 0150 D1 ADD DWORD PTR DS:[EAX-2F],EDX
00626983 41 INC ECX
00626984 20D3 AND BL,DL
00626986 3F AAS
00626987 0D 93036695 OR EAX,95660393
0062698C 67:E2 61 LOOPW SHORT 006269F0
0062698F F1 INT1 ; Undocumented instruction or encoding
00626990 90 NOP
00626991 6395 3CBA284F ARPL WORD PTR SS:[EBP+4F28BA3C],DX
00626997 BA 44F97EEC MOV EDX,EC7EF944
0062699C 8B86 5AC246D4 MOV EAX,DWORD PTR DS:[ESI+D446C25A]
006269A2 B3 4E MOV BL,4E
006269A4 9C PUSHFD
006269A5 E5 60 IN EAX,60 ; I/O command
006269A7 F691 60971C96 NOT BYTE PTR DS:[ECX+961C9760]
006269AD 04 63 ADD AL,63
006269AF 9E SAHF
006269B0 52 PUSH EDX
核心扫描是ASPack 2.1 Modified -> Alexey Solodovnikov
用了Aspack的脱壳和PEID的脱壳试过,不行。提示错误。
载入网上流行版本OD,直接退出。
觉得有暗桩。
有一个OD原版单个文件,可以打开。
我复制了一段代码,大家帮我看看
CPU Disasm
Address Hex dump Command Comments
006261B5 E8 18000000 CALL 006261D2
006261BA 4E DEC ESI
006261BB 6F OUTS DX,DWORD PTR DS:[ESI] ; I/O command
006261BC 6F OUTS DX,DWORD PTR DS:[ESI] ; I/O command
006261BD 6279 50 BOUND EDI,QWORD PTR DS:[ECX+50]
006261C0 72 6F JB SHORT 00626231
006261C2 74 65 JE SHORT 00626229
006261C4 637420 53 ARPL WORD PTR DS:[EAX+53],SI
006261C8 45 INC EBP
006261C9 2031 AND BYTE PTR DS:[ECX],DH
006261CB 2E:37 AAA ; Superfluous segment override prefix
006261CD 2E:302E XOR BYTE PTR CS:[ESI],CH
006261D0 3000 XOR BYTE PTR DS:[EAX],AL
006261D2 8D6424 04 LEA ESP,[ESP+4]
006261D6 66:53 PUSH BX
006261D8 880424 MOV BYTE PTR SS:[ESP],AL
006261DB 883C24 MOV BYTE PTR SS:[ESP],BH
006261DE 8D6424 01 LEA ESP,[ESP+1]
006261E2 60 PUSHAD
006261E3 FF7424 12 PUSH DWORD PTR SS:[ESP+12]
006261E7 66:8F4424 20 POP WORD PTR SS:[ESP+20]
006261EC 51 PUSH ECX
006261ED 8D6424 26 LEA ESP,[ESP+26]
006261F1 8D2424 LEA ESP,[ESP]
006261F4 8D2424 LEA ESP,[ESP]
006261F7 66:53 PUSH BX
006261F9 66:FF7424 02 PUSH WORD PTR SS:[ESP+2]
006261FE 8D6424 01 LEA ESP,[ESP+1]
00626202 890424 MOV DWORD PTR SS:[ESP],EAX
00626205 54 PUSH ESP
00626206 66:8F0424 POP WORD PTR SS:[ESP]
0062620A 60 PUSHAD
0062620B 885C24 07 MOV BYTE PTR SS:[ESP+7],BL
0062620F 8F4424 19 POP DWORD PTR SS:[ESP+19]
00626213 895C24 16 MOV DWORD PTR SS:[ESP+16],EBX
00626217 886C24 1A MOV BYTE PTR SS:[ESP+1A],CH
0062621B 66:894C24 06 MOV WORD PTR SS:[ESP+6],CX
00626220 FF7424 14 PUSH DWORD PTR SS:[ESP+14]
00626224 66:897424 16 MOV WORD PTR SS:[ESP+16],SI
00626229 66:8F4424 03 POP WORD PTR SS:[ESP+3]
0062622E 894C24 1C MOV DWORD PTR SS:[ESP+1C],ECX
00626232 60 PUSHAD
00626233 66:895424 0C MOV WORD PTR SS:[ESP+0C],DX
00626238 8F4424 07 POP DWORD PTR SS:[ESP+7]
0062623C 66:FF7424 06 PUSH WORD PTR SS:[ESP+6]
00626241 895C24 02 MOV DWORD PTR SS:[ESP+2],EBX
00626245 66:897424 14 MOV WORD PTR SS:[ESP+14],SI
0062624A 894C24 15 MOV DWORD PTR SS:[ESP+15],ECX
0062624E 66:8F4424 19 POP WORD PTR SS:[ESP+19]
00626253 66:FF7424 11 PUSH WORD PTR SS:[ESP+11]
00626258 8F4424 06 POP DWORD PTR SS:[ESP+6]
0062625C 8F4424 09 POP DWORD PTR SS:[ESP+9]
00626260 8D6424 0C LEA ESP,[ESP+0C]
00626264 66:FF7424 01 PUSH WORD PTR SS:[ESP+1]
00626269 895424 24 MOV DWORD PTR SS:[ESP+24],EDX
0062626D 60 PUSHAD
0062626E 885C24 11 MOV BYTE PTR SS:[ESP+11],BL
00626272 66:8F4424 06 POP WORD PTR SS:[ESP+6]
00626277 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
0062627B 66:8F4424 0C POP WORD PTR SS:[ESP+0C]
00626280 8D6424 0E LEA ESP,[ESP+0E]
00626284 8D6424 08 LEA ESP,[ESP+8]
00626288 66:FF7424 02 PUSH WORD PTR SS:[ESP+2]
0062628D 8F0424 POP DWORD PTR SS:[ESP]
00626290 895C24 24 MOV DWORD PTR SS:[ESP+24],EBX
00626294 66:53 PUSH BX
00626296 66:52 PUSH DX
00626298 60 PUSHAD
00626299 897424 1C MOV DWORD PTR SS:[ESP+1C],ESI
0062629D 66:50 PUSH AX
0062629F 66:FF7424 09 PUSH WORD PTR SS:[ESP+9]
006262A4 66:FF7424 27 PUSH WORD PTR SS:[ESP+27]
006262A9 8D6424 02 LEA ESP,[ESP+2]
006262AD 896424 48 MOV DWORD PTR SS:[ESP+48],ESP
006262B1 66:51 PUSH CX
006262B3 8D6424 01 LEA ESP,[ESP+1]
006262B7 66:54 PUSH SP
006262B9 66:FF3424 PUSH WORD PTR SS:[ESP]
006262BD 8D6424 01 LEA ESP,[ESP+1]
006262C1 66:FF7424 01 PUSH WORD PTR SS:[ESP+1]
006262C6 66:890C24 MOV WORD PTR SS:[ESP],CX
006262CA 9C PUSHFD
006262CB 66:895424 04 MOV WORD PTR SS:[ESP+4],DX
006262D0 60 PUSHAD
006262D1 8D6424 02 LEA ESP,[ESP+2]
006262D5 896C24 6C MOV DWORD PTR SS:[ESP+6C],EBP
006262D9 66:55 PUSH BP
006262DB 8D6424 01 LEA ESP,[ESP+1]
006262DF 8D2424 LEA ESP,[ESP]
006262E2 9C PUSHFD
006262E3 66:FF7424 01 PUSH WORD PTR SS:[ESP+1]
006262E8 8D6424 03 LEA ESP,[ESP+3]
006262EC 897424 6C MOV DWORD PTR SS:[ESP+6C],ESI
006262F0 60 PUSHAD
006262F1 897C24 0D MOV DWORD PTR SS:[ESP+0D],EDI
006262F5 66:8F4424 07 POP WORD PTR SS:[ESP+7]
006262FA 66:52 PUSH DX
006262FC 66:8F4424 1B POP WORD PTR SS:[ESP+1B]
00626301 895424 03 MOV DWORD PTR SS:[ESP+3],EDX
00626305 66:8F4424 04 POP WORD PTR SS:[ESP+4]
0062630A 8F4424 0F POP DWORD PTR SS:[ESP+0F]
0062630E 8D6424 04 LEA ESP,[ESP+4]
00626312 FF7424 08 PUSH DWORD PTR SS:[ESP+8]
00626316 886424 12 MOV BYTE PTR SS:[ESP+12],AH
0062631A 89BC24 80000000 MOV DWORD PTR SS:[ESP+80],EDI
00626321 8DA424 80000000 LEA ESP,[ESP+80]
00626328 64:8B05 3000000 MOV EAX,DWORD PTR FS:[30]
0062632F 8B40 0C MOV EAX,DWORD PTR DS:[EAX+0C]
00626332 8B40 1C MOV EAX,DWORD PTR DS:[EAX+1C]
00626335 8B00 MOV EAX,DWORD PTR DS:[EAX]
00626337 8B40 08 MOV EAX,DWORD PTR DS:[EAX+8]
0062633A 50 PUSH EAX
0062633B ^ E9 80FDFFFF JMP 006260C0
00626340 17 POP SS ; Modification of segment register
00626341 8111 7083D0C7 ADC DWORD PTR DS:[ECX],C7D08370
00626347 52 PUSH EDX
00626348 C0A7 526724BE 2 SHL BYTE PTR DS:[EDI+BE246752],2C ; Shift out of range
0062634F 4B DEC EBX
00626350 C6 DB C6 ; Unknown command
00626351 FE4CD5 45 DEC BYTE PTR SS:[EDX*8+EBP+45]
00626355 2C DF SUB AL,0DF
00626357 5A POP EDX
00626358 39A7 3752A128 CMP DWORD PTR DS:[EDI+28A15237],ESP
0062635E DA58 CE FICOMP DWORD PTR DS:[EAX-32]
00626361 A9 5894FC7D TEST EAX,7DFC9458
00626366 ED IN EAX,DX ; I/O command
00626367 ^ 74 87 JE SHORT 006262F0
00626369 6BAD 33A3C635 C IMUL EBP,DWORD PTR SS:[EBP+35C6A333],-39
00626370 ^ 76 F5 JBE SHORT 00626367
00626372 65:0C FF OR AL,FF ; Superfluous segment override prefix
00626375 0901 OR DWORD PTR DS:[ECX],EAX
00626377 8515 7C8F7364 TEST DWORD PTR DS:[64738F7C],EDX
0062637D E1 71 LOOPE SHORT 006263F0
0062637F 10E3 ADC BL,AH
00626381 3D 12960463 CMP EAX,63049612
00626386 9E SAHF
00626387 4C DEC ESP
00626388 D5 50 AAD 50
0062638A C6 DB C6 ; Unknown command
0062638B A1 50A78C06 MOV EAX,DWORD PTR DS:[68CA750]
00626390 94 XCHG EAX,ESP
00626391 F3:0E REP PUSH CS ; Superfluous REPxx prefix
00626393 C2 57DC RETN 0DC57
00626396 72 15 JB SHORT 006263AD
00626398 E4 3E IN AL,3E ; I/O command
0062639A FB STI
0062639B ^ 71 E1 JNO SHORT 0062637E
0062639D 8073 D6 0C XOR BYTE PTR DS:[EBX-2A],0C
006263A1 8B1B MOV EBX,DWORD PTR DS:[EBX]
006263A3 ^ 7E 8D JLE SHORT 00626332
006263A5 DECA FMULP ST(2),ST
006263A7 44 INC ESP
006263A8 DABD 4C703ABB FIDIVR DWORD PTR SS:[EBP+BB3A704C]
006263AE 2B4E BD SUB ECX,DWORD PTR DS:[ESI-43]
006263B1 F7C8 44DABD4C TEST EAX,4CBDDA44 ; Undocumented instruction or encoding
006263B7 3990 23B3D625 CMP DWORD PTR DS:[EAX+25D6B323],EDX
006263BD ^ 75 E8 JNE SHORT 006263A7
006263BF ^ 7A E8 JPE SHORT 006263A9
006263C1 8F DB 8F ; Unknown command
006263C2 7A 31 JPE SHORT 006263F5
006263C4 F60F B7 TEST BYTE PTR DS:[EDI],B7 ; Undocumented instruction or encoding
006263C7 58 POP EAX
006263C8 3C 03 CMP AL,3
006263CA D866 81 FSUB DWORD PTR DS:[ESI-7F]
006263CD 3B50 45 CMP EDX,DWORD PTR DS:[EAX+45]
006263D0 ^ 0F84 4CBCFFFF JE 00622022
006263D6 ^ E9 B9FDFFFF JMP 00626194
006263DB DE53 C3 FICOM WORD PTR DS:[EBX-3D]
006263DE A6 CMPS BYTE PTR DS:[ESI],BYTE PTR ES:[EDI]
006263DF 55 PUSH EBP
006263E0 07 POP ES ; Modification of segment register
006263E1 EB 79 JMP SHORT 0062645C
006263E3 - E9 887B14D8 JMP D876DF70
006263E8 4F DEC EDI
006263E9 DFBA 496E0294 FISTP QWORD PTR DS:[EDX+94026E49]
006263EF 0A6D 9C OR CH,BYTE PTR SS:[EBP-64]
006263F2 F8 CLC
006263F3 F667 F7 MUL BYTE PTR DS:[EDI-9]
006263F6 92 XCHG EAX,EDX
006263F7 61 POPAD
006263F8 2888 1CB2D524 SUB BYTE PTR DS:[EAX+24D5B21C],CL
006263FE 75 60 JNE SHORT 00626460
00626400 FB STI
00626401 6B0E FD IMUL ECX,DWORD PTR DS:[ESI],-3
00626404 CE INTO
00626405 98 CWDE
00626406 0290 F7023A85 ADD DL,BYTE PTR DS:[EAX+853A02F7]
0062640C 1E PUSH DS
0062640D 8CEB MOV EBX,GS
0062640F 26:A1 C850C6A1 MOV EAX,DWORD PTR ES:[A1C650C8]
00626415 50 PUSH EAX
00626416 D7 XLAT BYTE PTR DS:[EBX+AL]
00626417 0181 1170834D ADD DWORD PTR DS:[ECX+4D837011],EAX
0062641D B8 39A9C83B MOV EAX,3BC8A939
00626422 D7 XLAT BYTE PTR DS:[EBX+AL]
00626423 BA 3AA8CF3A MOV EDX,3ACFA83A
00626428 CE INTO
00626429 6A E9 PUSH -17
0062642B 79 18 JNS SHORT 00626445
0062642D EB 1D JMP SHORT 0062644C
0062642F B3 3B MOV BL,3B
00626431 AB STOS DWORD PTR ES:[EDI]
00626432 CE INTO
00626433 3D C55CD949 CMP EAX,49D95CC5
00626438 28DB SUB BL,BL
0062643A 05 B943D3B6 ADD EAX,B6D343B9
0062643F 45 INC EBP
00626440 91 XCHG EAX,ECX
00626441 DC05 BFE69C64 FADD QWORD PTR DS:[649CE6BF]
00626447 874424 04 XCHG DWORD PTR SS:[ESP+4],EAX
0062644B 9D POPFD
0062644C 64:FF35 0000000 PUSH DWORD PTR FS:[0]
00626453 64:8925 0000000 MOV DWORD PTR FS:[0],ESP
0062645A 60 PUSHAD
0062645B 66:0FC9 BSWAP CX
0062645E 8AC5 MOV AL,CH
00626460 8AF0 MOV DH,AL
00626462 8A0C24 MOV CL,BYTE PTR SS:[ESP]
00626465 0F93C1 SETNB CL
00626468 8BCA MOV ECX,EDX
0062646A 93 XCHG EAX,EBX
0062646B 0FC9 BSWAP ECX
0062646D 8D80 8E1DBF3F LEA EAX,[EAX+3FBF1D8E]
00626473 8A2C24 MOV CH,BYTE PTR SS:[ESP]
00626476 0F94C5 SETE CH
00626479 61 POPAD
0062647A 60 PUSHAD
0062647B 8D6424 04 LEA ESP,[ESP+4]
0062647F 8D6424 16 LEA ESP,[ESP+16]
00626483 8D6424 04 LEA ESP,[ESP+4]
00626487 60 PUSHAD
00626488 8D6424 02 LEA ESP,[ESP+2]
0062648C 8D6424 20 LEA ESP,[ESP+20]
00626490 ^ E9 CFFBFFFF JMP 00626064
00626495 04 87 ADD AL,87
00626497 17 POP SS ; Modification of segment register
00626498 ^ 72 81 JB SHORT 0062641B
0062649A 78 3C JS SHORT 006264D8
0062649C B6 24 MOV DH,24
0062649E 43 INC EBX
0062649F BE 72AF24BA MOV ESI,BA24AF72
006264A4 DD DB DD ; Unknown command
006264A5 2C F6 SUB AL,0F6
006264A7 A4 MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
006264A8 2C A2 SUB AL,0A2
006264AA C53493 LDS ESI,FWORD PTR DS:[EDX*4+EBX] ; Modification of segment register
006264AD 27 DAA
006264AE AE SCAS BYTE PTR ES:[EDI]
006264AF 3C 5B CMP AL,5B
006264B1 B6 E3 MOV DH,0E3
006264B3 EF OUT DX,EAX ; I/O command
006264B4 67:F792 6153 NOT DWORD PTR SS:[BP+SI+5361]
006264B9 55 PUSH EBP
006264BA DA48 2F FIMUL DWORD PTR DS:[EAX+2F]
006264BD DA96 94188EE9 FICOM DWORD PTR DS:[ESI+E98E1894]
006264C3 186D AC SBB BYTE PTR SS:[EBP-54],CH
006264C6 27 DAA
006264C7 B7 D2 MOV BH,0D2
006264C9 2179 19 AND DWORD PTR DS:[ECX+19],EDI
006264CC 8919 MOV DWORD PTR DS:[ECX],EBX
006264CE ^ 78 8B JS SHORT 0062645B
006264D0 C2 9207 RETN 792
006264D3 97 XCHG EAX,EDI
006264D4 F2:015B 91 REPNE ADD DWORD PTR DS:[EBX-6F],EBX ; Superfluous REPxx prefix
006264D8 07 POP ES ; Modification of segment register
006264D9 97 XCHG EAX,EDI
006264DA F2:0162 FB REPNE ADD DWORD PTR DS:[EDX-5],ESP ; Superfluous REPxx prefix
006264DE 6A F8 PUSH -8
006264E0 9F LAHF
006264E1 6A 53 PUSH 53
006264E3 6C INS BYTE PTR ES:[EDI],DX ; I/O command
006264E4 FA CLI
006264E5 68 0FFA9ED4 PUSH D49EFA0F
006264EA 41 INC ECX
006264EB D1B0 43067AEE SAL DWORD PTR DS:[EAX+EE7A0643],1 ; Undocumented instruction or encoding
006264F1 7C 1B JL SHORT 0062650E
006264F3 F6A7 930694F3 MUL BYTE PTR DS:[EDI+F3940693]
006264F9 0E PUSH CS
006264FA 3BFA CMP EDI,EDX
006264FC 60 PUSHAD
006264FD F691 60581089 NOT BYTE PTR DS:[ECX+89105860]
00626503 1978 8B SBB DWORD PTR DS:[EAX-75],EDI
00626506 0E PUSH CS
00626507 58 POP EAX
00626508 C056 31 C0 RCL BYTE PTR DS:[ESI+31],0C0 ; Shift out of range
0062650C 47 INC EDI
0062650D 3F AAS
0062650E C3 RETN
0062650F 53 PUSH EBX
00626510 36:C50F LDS ECX,FWORD PTR SS:[EDI] ; Modification of segment register
00626513 40 INC EAX
00626514 C151 30 C3 RCL DWORD PTR DS:[ECX+30],0C3 ; Shift out of range
00626518 2F DAS
00626519 8202 90 ADD BYTE PTR DS:[EDX],90
0062651C F702 F663E270 TEST DWORD PTR DS:[EDX],70E263F6
00626522 17 POP SS ; Modification of segment register
00626523 E2 16 LOOP SHORT 0062653B
00626525 96 XCHG EAX,ESI
00626526 1086 E110EE70 ADC BYTE PTR DS:[ESI+70EE10E1],AL
0062652C F5 CMC
0062652D 65:0C FF OR AL,FF ; Superfluous segment override prefix
00626530 219410 86E110C2 AND DWORD PTR DS:[EDX+EAX+C210E186],EDX
00626537 5E POP ESI
00626538 D9 DB D9 ; Unknown command
00626539 49 DEC ECX
0062653A 28DB SUB BL,BL
0062653C 2E:57 PUSH EDI ; Superfluous segment override prefix
0062653E E3 73 JECXZ SHORT 006265B3
00626540 16 PUSH SS
00626541 E5 2F IN EAX,2F ; I/O command
00626543 26:B3 23 MOV BL,23 ; Superfluous segment override prefix
00626546 46 INC ESI
00626547 B5 69 MOV CH,69
00626549 48 DEC EAX
0062654A C056 31 C0 RCL BYTE PTR DS:[ESI+31],0C0 ; Shift out of range
0062654E 67:FA CLI ; Superfluous address size prefix
00626550 ^ 71 E1 JNO SHORT 00626533
00626552 8073 24 EC XOR BYTE PTR DS:[EBX+24],EC
00626556 62F0 BOUND ESI,EAX ; Illegal use of register
00626558 97 XCHG EAX,EDI
00626559 625E 02 BOUND EBX,QWORD PTR DS:[ESI+2]
0062655C 93 XCHG EAX,EBX
0062655D 0366 95 ADD ESP,DWORD PTR DS:[ESI-6B]
00626560 DFB0 3CD2B544 FBSTP TBYTE PTR DS:[EAX+44B5D23C]
00626566 3163 EE XOR DWORD PTR DS:[EBX-12],ESP
00626569 7C 1B JL SHORT 00626586
0062656B F6A0 CE5CF295 MUL BYTE PTR DS:[EAX+95F25CCE]
00626571 64:2F DAS ; Superfluous segment override prefix
00626573 1889 19788BDD SBB BYTE PTR DS:[ECX+DD8B7819],CL
00626579 25 BB2B4EBD AND EAX,BD4E2BBB
0062657E D6 SALC ; Undocumented instruction or encoding
0062657F 1F POP DS ; Modification of segment register
00626580 8E1C7B MOV DS,WORD PTR DS:[EDI*2+EBX] ; Modification of segment register
00626583 96 XCHG EAX,ESI
00626584 AF SCAS DWORD PTR ES:[EDI]
00626585 37 AAA
00626586 A7 CMPS DWORD PTR DS:[ESI],DWORD PTR ES:[ED
00626587 37 AAA
00626588 52 PUSH EDX
00626589 A1 CB188D1D MOV EAX,DWORD PTR DS:[1D8D18CB]
0062658E 64:97 XCHG EAX,EDI ; Superfluous segment override prefix
00626590 D2F9 SAR CL,CL
00626592 ^ 73 E3 JNB SHORT 00626577
00626594 8675 22 XCHG BYTE PTR SS:[EBP+22],DH
00626597 C2 55C5 RETN 0C555
0062659A AC LODS BYTE PTR DS:[ESI]
0062659B 5F POP EDI
0062659C 68 29B12140 PUSH 4021B129
006265A1 B3 89 MOV BL,89
006265A3 FE DB FE ; Unknown command
006265A4 6BFB 9E IMUL EDI,EBX,-62
006265A7 6D INS DWORD PTR ES:[EDI],DX ; I/O command
006265A8 EC IN AL,DX ; I/O command
006265A9 8E16 MOV SS,WORD PTR DS:[ESI] ; Modification of segment register
006265AB 84E3 TEST BL,AH
006265AD 1E PUSH DS
006265AE 99 CDQ
006265AF 93 XCHG EAX,EBX
006265B0 17 POP SS ; Modification of segment register
006265B1 87E2 XCHG EDX,ESP
006265B3 11D3 ADC EBX,EDX
006265B5 35 B62443BE XOR EAX,BE4324B6
006265BA 50 PUSH EAX
006265BB 66:E6 74 OUT 74,AL ; Superfluous operand size prefix
006265BE 13EE ADC EBP,ESI
006265C0 1ACF SBB CL,BH
006265C2 4E DEC ESI
006265C3 DCBB 56A21A9C FDIVR QWORD PTR DS:[EBX+9C1AA256]
006265C9 3255 A4 XOR DL,BYTE PTR SS:[EBP-5C]
006265CC 5A POP EDX
006265CD 33B42A 4DBC60B0 XOR ESI,DWORD PTR DS:[EBP+EDX+B060BC4D]
006265D4 34 AA XOR AL,AA
006265D6 CD 3C INT 3C
006265D8 EE OUT DX,AL ; I/O command
006265D9 16 PUSH SS
006265DA 91 XCHG EAX,ECX
006265DB 0160 93 ADD DWORD PTR DS:[EAX-6D],ESP
006265DE 66:D5 5D AAD 5D ; Superfluous operand size prefix
006265E1 CD 94 INT 94
006265E3 67:A9 9B1086E1 TEST EAX,E186109B ; Superfluous address size prefix
006265E9 10CA ADC DL,CL
006265EB 1399 09689B3E ADC EBX,DWORD PTR DS:[ECX+3E9B6809]
006265F1 B4 43 MOV AH,43
006265F3 D3B6 45168509 SAL DWORD PTR DS:[ESI+9851645],CL ; Undocumented instruction or encoding
006265F9 99 CDQ
006265FA F8 CLC
006265FB 0B35 A62FBFDA OR ESI,DWORD PTR DS:[DABF2FA6]
00626601 297B B9 SUB DWORD PTR DS:[EBX-47],EDI
00626604 3BAB CE3D4E64 CMP EBP,DWORD PTR DS:[EBX+644E3DCE]
0062660A EF OUT DX,EAX ; I/O command
0062660B 7F 1A JG SHORT 00626627
0062660D - E9 A123B727 JMP 281989B3
00626612 42 INC EDX
00626613 B1 F4 MOV CL,0F4
00626615 CC INT3
00626616 5D POP EBP
00626617 CD 94 INT 94
00626619 67:31DB XOR EBX,EBX ; Superfluous address size prefix
0062661C 49 DEC ECX
0062661D D9B8 4B2464FB FSTCW WORD PTR DS:[EAX+FB64244B]
00626623 6B0E FD IMUL ECX,DWORD PTR DS:[ESI],-3
00626626 C2 9D09 RETN 99D
00626629 99 CDQ
0062662A F8 CLC
0062662B 0B6D A1 OR EBP,DWORD PTR SS:[EBP-5F]
0062662E 36:A4 MOVS BYTE PTR ES:[EDI],BYTE PTR SS:[ESI]
00626630 C3 RETN
00626631 3E:79 17 +JNS SHORT 0062664B
00626634 8111 7083D0F4 ADC DWORD PTR DS:[ECX],F4D08370
0062663A 67:F792 615A NOT DWORD PTR SS:[BP+SI+5A61]
0062663F 4D DEC EBP
00626640 D5 45 AAD 45
00626642 2C DF SUB AL,0DF
00626644 E5 45 IN EAX,45 ; I/O command
00626646 DE4C2B E6 FIMUL WORD PTR DS:[EBP+EBX-1A]
0062664A 61 POPAD
0062664B 39A7 3752A128 CMP DWORD PTR DS:[EDI+28A15237],ESP
00626651 66:E4 7A IN AL,7A ; Superfluous operand size prefix
00626654 1D EC2047C4 SBB EAX,C44720EC
00626659 5A POP EDX
0062665A 3D CC225BD9 CMP EAX,D95B22CC
0062665F 49 DEC ECX
00626660 28DB SUB BL,BL
00626662 2D FA79E988 SUB EAX,88E979FA
00626667 ^ 7B 8D JPO SHORT 006265F6
00626669 BA 3CD2B544 MOV EDX,44B5D23C
0062666E BA F677E782 MOV EDX,82E777F6
00626673 ^ 71 A3 JNO SHORT 00626618
00626675 ^ 7E FA JLE SHORT 00626671
00626677 68 0FFA286E PUSH 6E28FA0F
0062667C - E9 7918EB1E JMP 1F4D7EFA
00626681 4C DEC ESP
00626682 C6 DB C6 ; Unknown command
00626683 54 PUSH ESP
00626684 33CE XOR ECX,ESI
00626686 02149D 0D54A77F ADD DL,BYTE PTR DS:[EBX*4+7FA7540D]
0062668D 0C 84 OR AL,84
0062668F 1A7D 8C SBB BH,BYTE PTR SS:[EBP-74]
00626692 2BEB SUB EBP,EBX
00626694 62F0 BOUND ESI,EAX ; Illegal use of register
00626696 97 XCHG EAX,EDI
00626697 6237 BOUND ESI,QWORD PTR DS:[EDI]
00626699 CF IRETD ; Far jump or call
0062669A 47 INC EDI
0062669B D7 XLAT BYTE PTR DS:[EBX+AL]
0062669C B2 41 MOV DL,41
0062669E 73 39 JNB SHORT 006266D9
006266A0 B6 24 MOV DH,24
006266A2 43 INC EBX
006266A3 BE F231C353 MOV ESI,53C331F2
006266A8 36:C5B6 FC77E78 LDS ESI,FWORD PTR SS:[ESI+82E777FC] ; Modification of segment register
006266AF 71 29 JNO SHORT 006266DA
006266B1 9A 089EF908 430 CALL FAR 0C43:08F99E08 ; Far jump or call
006266B8 9D POPFD
006266B9 0D 54A7F11B OR EAX,1BF1A754
006266BE 8919 MOV DWORD PTR DS:[ECX],EBX
006266C0 ^ 78 8B JS SHORT 0062664D
006266C2 E4 55 IN AL,55 ; I/O command
006266C4 C45A 3D LES EBX,FWORD PTR DS:[EDX+3D] ; Modification of segment register
006266C7 CC INT3
006266C8 F5 CMC
006266C9 D4 42 AAM 42
006266CB D0B7 422626B7 SAL BYTE PTR DS:[EDI+B7262642],1 ; Undocumented instruction or encoding
006266D1 27 DAA
006266D2 42 INC EDX
006266D3 B1 F8 MOV CL,0F8
006266D5 F5 CMC
006266D6 67:F792 613E NOT DWORD PTR SS:[BP+SI+3E61]
006266DB BB 2EBCDB36 MOV EBX,36DBBC2E
006266E0 03E0 ADD ESP,EAX
006266E2 ^ 7A E8 JPE SHORT 006266CC
006266E4 8F DB 8F ; Unknown command
006266E5 7A 42 JPE SHORT 00626729
006266E7 95 XCHG EAX,EBP
006266E8 0E PUSH CS
006266E9 9C PUSHFD
006266EA FB STI
006266EB 16 PUSH SS
006266EC 91 XCHG EAX,ECX
006266ED 029A 086F9A1D ADD BL,BYTE PTR DS:[EDX+1D9A6F08]
006266F3 8F DB 8F ; Unknown command
006266F4 1383 E615DF04 ADC EAX,DWORD PTR DS:[EBX+4DF15E6]
006266FA 8515 7C8F637F TEST DWORD PTR DS:[7F638F7C],EDX
00626700 FD STD
00626701 6D INS DWORD PTR ES:[EDI],DX ; I/O command
00626702 F4 HLT ; Privileged instruction
00626703 07 POP ES ; Modification of segment register
00626704 F1 INT1 ; Undocumented instruction or encoding
00626705 3BBA 284FBA4E CMP EDI,DWORD PTR DS:[EDX+4EBA4F28]
0062670B 97 XCHG EAX,EDI
0062670C 17 POP SS ; Modification of segment register
0062670D 87E2 XCHG EDX,ESP
0062670F 11E1 ADC ECX,ESP
00626711 15 92006792 ADC EAX,92670092
00626716 4E DEC ESI
00626717 66:E2 70 LOOP SHORT 678A ; 16-bit jump or call
0062671A 17 POP SS ; Modification of segment register
0062671B E2 30 LOOP SHORT 0062674D
0062671D CF IRETD ; Far jump or call
0062671E 4A DEC EDX
0062671F D8BF 4ABD7EF4 FDIVR DWORD PTR DS:[EDI+F47EBD4A]
00626725 6A 0D PUSH 0D
00626727 FC CLD
00626728 30E1 XOR CL,AH
0062672A 6A F8 PUSH -8
0062672C 9F LAHF
0062672D 6A B0 PUSH -50
0062672F 9E SAHF
00626730 16 PUSH SS
00626731 84E3 TEST BL,AH
00626733 1E PUSH DS
00626734 B9 32B92948 MOV ECX,4829B932
00626739 BB EC37BF2F MOV EBX,2FBF37EC
0062673E 4A DEC EDX
0062673F B9 FB951A88 MOV ECX,881A95FB
00626744 EF OUT DX,EAX ; I/O command
00626745 1A56 C8 SBB DL,BYTE PTR DS:[ESI-38]
00626748 44 INC ESP
00626749 DABD 4C39189B FIDIVR DWORD PTR SS:[EBP+9B18394C]
0062674F 0B6E 9D OR EBP,DWORD PTR DS:[ESI-63]
00626752 CD 97 INT 97
00626754 0B9B FE0D402E OR EBX,DWORD PTR DS:[EBX+2E400DFE]
0062675A C3 RETN
0062675B 53 PUSH EBX
0062675C 36:C597 7DF3630 LDS EDX,FWORD PTR SS:[EDI+663F37D] ; Modification of segment register
00626763 F5 CMC
00626764 9E SAHF
00626765 90 NOP
00626766 07 POP ES ; Modification of segment register
00626767 97 XCHG EAX,EDI
00626768 F2:0136 REPNE ADD DWORD PTR DS:[ESI],ESI ; Superfluous REPxx prefix
0062676B 5F POP EDI
0062676C CF IRETD ; Far jump or call
0062676D 5F POP EDI
0062676E 3AC9 CMP CL,CL
00626770 B3 09 MOV BL,9
00626772 9E SAHF
00626773 0C 6B OR AL,6B
00626775 A6 CMPS BYTE PTR DS:[ESI],BYTE PTR ES:[EDI]
00626776 E1 88 LOOPE SHORT 00626700
00626778 1C B2 SBB AL,0B2
0062677A D5 24 AAD 24
0062677C ^ 75 F4 JNE SHORT 00626772
0062677E 67:F792 615A NOT DWORD PTR SS:[BP+SI+5A61]
00626783 BB 27B7D221 MOV EBX,21D2B727
00626788 17 POP SS ; Modification of segment register
00626789 F0:69F9 986BEEE LOCK IMUL EDI,ECX,-1D119468 ; LOCK prefix is not allowed
00626790 ^ 7A E8 JPE SHORT 0062677A
00626792 8F DB 8F ; Unknown command
00626793 ^ 7A FD JPE SHORT 00626792
00626795 D85A C8 FCOMP DWORD PTR DS:[EDX-38]
00626798 AF SCAS DWORD PTR ES:[EDI]
00626799 5A POP EDX
0062679A 96 XCHG EAX,ESI
0062679B FF DB FF ; Unknown command
0062679C 7C 12 JL SHORT 006267B0
0062679E ^ 75 84 JNE SHORT 00626724
006267A0 6A 68 PUSH 68
006267A2 E8 7E19E81C CALL 1D4A8125
006267A7 FE DB FE ; Unknown command
006267A8 ^ 7D ED JGE SHORT 00626797
006267AA ^ 74 87 JE SHORT 00626733
006267AC 71 75 JNO SHORT 00626823
006267AE F1 INT1 ; Undocumented instruction or encoding
006267AF 61 POPAD
006267B0 00F3 ADD BL,DH
006267B2 - 0F85 0290F702 JNE 0359F7BA
006267B8 DE43 C5 FIADD WORD PTR DS:[EBX-3B]
006267BB 55 PUSH EBP
006267BC 3C CF CMP AL,0CF
006267BE 1F POP DS ; Modification of segment register
006267BF 8A0D 9DE417E2 MOV CL,BYTE PTR DS:[E217E49D]
006267C5 96 XCHG EAX,ESI
006267C6 1C B2 SBB AL,0B2
006267C8 D5 24 AAD 24
006267CA E8 AD26B4D3 CALL D4168E7C
006267CF 2E:F4 HLT ; Superfluous segment override prefix
006267D1 1E PUSH DS
006267D2 96 XCHG EAX,ESI
006267D3 04 63 ADD AL,63
006267D5 9E SAHF
006267D6 39A1 28BED928 CMP DWORD PTR DS:[ECX+28D9BE28],ESP
006267DC ^ 7D EB JGE SHORT 006267C9
006267DE 6BFB 9E IMUL EDI,EBX,-62
006267E1 6D INS DWORD PTR ES:[EDI],DX ; I/O command
006267E2 57 PUSH EDI
006267E3 2BA43A 5DACE0B7 SUB ESP,DWORD PTR DS:[EDI+EDX+B7E0AC5D]
006267EA 39A9 C83B4C70 CMP DWORD PTR DS:[ECX+704C3BC8],EBP
006267F0 0393 F605554D ADD EDX,DWORD PTR DS:[EBX+4D5505F6]
006267F6 DD4D 14 FISTTP QWORD PTR SS:[EBP+14]
006267F9 E7 AE OUT 0AE,EAX ; I/O command
006267FB 31A2 3057A2F6 XOR DWORD PTR DS:[EDX+F6A25730],ESP
00626801 E3 71 JECXZ SHORT 00626874
00626803 E1 80 LOOPE SHORT 00626785
00626805 73 1C JNB SHORT 00626823
00626807 B2 21 MOV DL,21
00626809 B1 D0 MOV CL,0D0
0062680B 2318 AND EBX,DWORD PTR DS:[EAX]
0062680D C551 C1 LDS EDX,FWORD PTR DS:[ECX-3F] ; Modification of segment register
00626810 A0 533566F7 MOV AL,BYTE PTR DS:[F7663553]
00626815 67:02F1 ADD DH,CL ; Superfluous address size prefix
00626818 B8 3BAD3D44 MOV EAX,443DAD3B
0062681D B7 E4 MOV BH,0E4
0062681F 81148A ED1C295D ADC DWORD PTR DS:[ECX*4+EDX],5D291CED
00626826 C555 3C LDS EDX,FWORD PTR SS:[EBP+3C] ; Modification of segment register
00626829 CF IRETD ; Far jump or call
0062682A F5 CMC
0062682B ^ 71 EA JNO SHORT 00626817
0062682D 78 1F JS SHORT 0062684E
0062682F EA 6D871D8D D42 JMP FAR 27D4:8D1D876D ; Far jump or call
00626836 A2 941684E3 MOV BYTE PTR DS:[E3841694],AL
0062683B 1E PUSH DS
0062683C D2A1 22B0D722 SHL BYTE PTR DS:[ECX+22D7B022],CL
00626842 CC INT3
00626843 95 XCHG EAX,EBP
00626844 1B8B EE1DEF8E SBB ECX,DWORD PTR DS:[EBX+8EEF1DEE]
0062684A 0D 9DE417E1 OR EAX,E117E49D
0062684F 8E08 MOV CS,WORD PTR DS:[EAX] ; Invalid segment register
00626851 9E SAHF
00626852 F9 STC
00626853 08F6 OR DH,DH
00626855 A3 24BADD2C MOV DWORD PTR DS:[2CDDBA24],EAX
0062685A F0:0E LOCK PUSH CS ; LOCK prefix is not allowed
0062685C 8A18 MOV BL,BYTE PTR DS:[EAX]
0062685E ^ 7F 8A JG SHORT 006267EA
00626860 58 POP EAX
00626861 ^ F3:76 E4 REP JBE SHORT 00626848 ; Superfluous REPxx prefix
00626864 837E 89 6D CMP DWORD PTR DS:[ESI-77],6D
00626868 E5 75 IN EAX,75 ; I/O command
0062686A 1C EF SBB AL,0EF
0062686C 212F AND DWORD PTR DS:[EDI],EBP
0062686E A4 MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
0062686F 3A5D AC CMP BL,BYTE PTR SS:[EBP-54]
00626872 ^ 76 93 JBE SHORT 00626807
00626874 1989 E81BBE41 SBB DWORD PTR DS:[ECX+41BE1BE8],ECX
0062687A C8 5E39 C8 ENTER 395E,0C8
0062687E 9D POPFD
0062687F 800E 9C OR BYTE PTR DS:[ESI],9C
00626882 FB STI
00626883 16 PUSH SS
00626884 2A78 F5 SUB BH,BYTE PTR DS:[EAX-0B]
00626887 65:0C FF OR AL,FF ; Superfluous segment override prefix
0062688A B1 91 MOV CL,91
0062688C 23B3 D6255694 AND ESI,DWORD PTR DS:[EBX+945625D6]
00626892 1F POP DS ; Modification of segment register
00626893 8F DB 8F ; Unknown command
00626894 EA 1971BC2E BCD JMP FAR DBBC:2EBC7119 ; Far jump or call
0062689B 36:7D 0D JGE SHORT 006268AB ; Superfluous segment override prefix
0062689E 9E SAHF
0062689F 0C 6B OR AL,6B
006268A1 A6 CMPS BYTE PTR DS:[ESI],BYTE PTR ES:[EDI]
006268A2 F2:C2 52C0 REPNE RETN 0C052 ; Superfluous REPxx prefix
006268A6 A7 CMPS DWORD PTR DS:[ESI],DWORD PTR ES:[ED
006268A7 52 PUSH EDX
006268A8 3F AAS
006268A9 C9 LEAVE
006268AA 58 POP EAX
006268AB CE INTO
006268AC A9 5861AF3F TEST EAX,3FAF6158
006268B1 AF SCAS DWORD PTR ES:[EDI]
006268B2 CA 3923 RETF 2339 ; Far jump or call
006268B5 DB4CC2 A5 FISTTP DWORD PTR DS:[EAX*8+EDX-5B]
006268B9 54 PUSH ESP
006268BA 1377 E1 ADC ESI,DWORD PTR DS:[EDI-1F]
006268BD 71 10 JNO SHORT 006268CF
006268BF E3 B0 JECXZ SHORT 00626871
006268C1 60 PUSHAD
006268C2 FB STI
006268C3 6B0E FD IMUL ECX,DWORD PTR DS:[ESI],-3
006268C6 CE INTO
006268C7 2F DAS
006268C8 BB 2B4EBD83 MOV EBX,83BD4E2B
006268CD 841D 8DD427A2 TEST BYTE PTR DS:[A227D48D],BL
006268D3 ^ 71 EF JNO SHORT 006268C4
006268D5 7F 1A JG SHORT 006268F1
006268D7 - E9 7033B727 JMP 28199C4C
006268DC 42 INC EDX
006268DD B1 73 MOV CL,73
006268DF AE SCAS BYTE PTR ES:[EDI]
006268E0 33A3 C635DD6F XOR ESP,DWORD PTR DS:[EBX+6FDD35C6]
006268E6 ED IN EAX,DX ; I/O command
006268E7 7D 04 JGE SHORT 006268ED
006268E9 F701 901787E2 TEST DWORD PTR DS:[ECX],E2871790
006268EF 11EB ADC EBX,EBP
006268F1 30B6 2443BE40 XOR BYTE PTR DS:[ESI+40BE4324],DH
006268F7 8005 95FC0FD1 A ADD BYTE PTR DS:[D10FFC95],0AE
006268FE 2AB8 DF2AF8ED SUB BH,BYTE PTR DS:[EAX+EDF82ADF]
00626904 68 FE99689F PUSH 9F6899FE
00626909 5C POP ESP
0062690A D6 SALC ; Undocumented instruction or encoding
0062690B 44 INC ESP
0062690C 23DE AND EBX,ESI
0062690E 12FB ADC BH,BL
00626910 ^ 70 E6 JO SHORT 006268F8
00626912 8170 AA 39B7274 XOR DWORD PTR DS:[EAX-56],4227B739
00626919 B1 18 MOV CL,18
0062691B 1990 066190C5 SBB DWORD PTR DS:[EAX+C5906106],EDX
00626921 B3 43 MOV BL,43
00626923 D3B6 457F47C8 SAL DWORD PTR DS:[ESI+C8477F45],CL ; Undocumented instruction or encoding
00626929 5E POP ESI
0062692A 39C8 CMP EAX,ECX
0062692C 84AF 21B1D023 TEST BYTE PTR DS:[EDI+23D0B121],CH
00626932 54 PUSH ESP
00626933 AC LODS BYTE PTR DS:[ESI]
00626934 27 DAA
00626935 B7 D2 MOV BH,0D2
00626937 2179 AD AND DWORD PTR DS:[ECX-53],EDI
0062693A 3D ADB4470E CMP EAX,0E47B4AD
0062693F 93 XCHG EAX,EBX
00626940 0096 F10054B5 ADD BYTE PTR DS:[ESI+B55400F1],DL
00626946 2BBB DE2D46DF SUB EDI,DWORD PTR DS:[EBX+DF462DDE]
0062694C 4E DEC ESI
0062694D DCBB 566FD84E FDIVR QWORD PTR DS:[EBX+4ED86F56]
00626953 DCBB 5632FA73 FDIVR QWORD PTR DS:[EBX+USP10.73FA3256]
00626959 E3 86 JECXZ SHORT 006268E1
0062695B 75 34 JNE SHORT 00626991
0062695D C6 DB C6 ; Unknown command
0062695E 52 PUSH EDX
0062695F C0A7 520329BC 5 SHL BYTE PTR DS:[EDI+BC290352],52 ; Shift out of range
00626966 35 C4F1EA70 XOR EAX,70EAF1C4
0062696B E6 81 OUT 81,AL ; I/O command
0062696D 70 48 JO SHORT 006269B7
0062696F 49 DEC ECX
00626970 D240 27 ROL BYTE PTR DS:[EAX+27],CL
00626973 D255 68 RCL BYTE PTR SS:[EBP+68],CL
00626976 F0:66:01F0 LOCK ADD AX,SI
0062697A 77 45 JA SHORT 006269C1
0062697C C555 3C LDS EDX,FWORD PTR SS:[EBP+3C] ; Modification of segment register
0062697F CF IRETD ; Far jump or call
00626980 0150 D1 ADD DWORD PTR DS:[EAX-2F],EDX
00626983 41 INC ECX
00626984 20D3 AND BL,DL
00626986 3F AAS
00626987 0D 93036695 OR EAX,95660393
0062698C 67:E2 61 LOOPW SHORT 006269F0
0062698F F1 INT1 ; Undocumented instruction or encoding
00626990 90 NOP
00626991 6395 3CBA284F ARPL WORD PTR SS:[EBP+4F28BA3C],DX
00626997 BA 44F97EEC MOV EDX,EC7EF944
0062699C 8B86 5AC246D4 MOV EAX,DWORD PTR DS:[ESI+D446C25A]
006269A2 B3 4E MOV BL,4E
006269A4 9C PUSHFD
006269A5 E5 60 IN EAX,60 ; I/O command
006269A7 F691 60971C96 NOT BYTE PTR DS:[ECX+961C9760]
006269AD 04 63 ADD AL,63
006269AF 9E SAHF
006269B0 52 PUSH EDX
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
