能力值:
( LV2,RANK:10 )
|
-
-
5 楼
一些汇编分析,不完整。
:u 01d94f50 l 1000
001B:01D94F50 PUSH FF
001B:01D94F52 MOV EAX,FS:[00000000]
001B:01D94F58 PUSH 01D96951
001B:01D94F5D PUSH EAX
001B:01D94F5E MOV EAX,00001F18
001B:01D94F63 MOV FS:[00000000],ESP
001B:01D94F6A CALL 01D960E0
001B:01D94F6F PUSH EBX
001B:01D94F70 PUSH EBP
001B:01D94F71 PUSH ESI
001B:01D94F72 PUSH EDI
001B:01D94F73 LEA ECX,[ESP+00001F08]
001B:01D94F7A CALL 01D91000
001B:01D94F7F LEA ECX,[ESP+00001F18]
001B:01D94F86 MOV DWORD PTR [ESP+00001F30],00000000
001B:01D94F91 CALL 01D91000
001B:01D94F96 MOV ECX,00000500
001B:01D94F9B XOR EAX,EAX
001B:01D94F9D LEA EDI,[ESP+00000B08]
001B:01D94FA4 REPZ STOSD
001B:01D94FA6 PUSH 01D990D0
001B:01D94FAB LEA ECX,[ESP+5C]
001B:01D94FAF MOV DWORD PTR [ESP+00001F34],00000001
001B:01D94FBA CALL 01D91210
001B:01D94FBF PUSH 01D990C8
001B:01D94FC4 LEA ECX,[ESP+3C]
001B:01D94FC8 MOV BYTE PTR [ESP+00001F34],02
001B:01D94FD0 CALL 01D91210
001B:01D94FD5 MOV ESI,[ESP+00001F38]
001B:01D94FDC LEA ECX,[ESP+48]
001B:01D94FE0 PUSH ESI
001B:01D94FE1 MOV BYTE PTR [ESP+00001F34],03
001B:01D94FE9 CALL 01D91210
001B:01D94FEE LEA ECX,[ESP+18]
001B:01D94FF2 MOV BYTE PTR [ESP+00001F30],04
001B:01D94FFA CALL 01D91000
001B:01D94FFF MOV ECX,0000000F
001B:01D95004 XOR EAX,EAX
001B:01D95006 LEA EDI,[ESP+00000089]
001B:01D9500D MOV BYTE PTR [ESP+00000088],00
001B:01D95015 REPZ STOSD
001B:01D95017 STOSW
001B:01D95019 STOSB
001B:01D9501A MOV ECX,0000000F
001B:01D9501F XOR EAX,EAX
001B:01D95021 LEA EDI,[ESP+000001C9]
001B:01D95028 MOV BYTE PTR [ESP+000001C8],00
001B:01D95030 REPZ STOSD
001B:01D95032 STOSW
001B:01D95034 STOSB
001B:01D95035 MOV ECX,00000200
001B:01D9503A XOR EAX,EAX
001B:01D9503C LEA EDI,[ESP+00000308]
001B:01D95043 PUSH ESI
001B:01D95044 REPZ STOSD
001B:01D95046 MOV BYTE PTR [ESP+00001F34],05
001B:01D9504E CALL 01D957D0
001B:01D95053 ADD ESP,04
001B:01D95056 TEST EAX,EAX
001B:01D95058 JNZ 01D950C5<--------------------------(1)跳转才是正确的, 不跳绝对错误(eax!=0)
001B:01D9505A LEA ECX,[ESP+18]
001B:01D9505E MOV BYTE PTR [ESP+00001F30],04
001B:01D95066 CALL 01D912C0
001B:01D9506B LEA ECX,[ESP+48]
001B:01D9506F MOV BYTE PTR [ESP+00001F30],03
001B:01D95077 CALL 01D912C0
001B:01D9507C LEA ECX,[ESP+38]
001B:01D95080 MOV BYTE PTR [ESP+00001F30],02
001B:01D95088 CALL 01D912C0
001B:01D9508D LEA ECX,[ESP+58]
001B:01D95091 MOV BYTE PTR [ESP+00001F30],01
001B:01D95099 CALL 01D912C0
001B:01D9509E LEA ECX,[ESP+00001F18]
001B:01D950A5 MOV DWORD PTR [ESP+00001F30],00000006
001B:01D950B0 CALL 01D912C0
001B:01D950B5 MOV DWORD PTR [ESP+00001F30],FFFFFFFF
001B:01D950C0 JMP 01D9573B<----------------------------绝对错误的跳转
001B:01D950C5 LEA EAX,[ESP+58]
001B:01D950C9 LEA ECX,[ESP+38]
001B:01D950CD PUSH EAX
001B:01D950CE LEA EDX,[ESP+4C]
001B:01D950D2 PUSH ECX
001B:01D950D3 LEA EAX,[ESP+00000080]
001B:01D950DA PUSH EDX
001B:01D950DB PUSH EAX
001B:01D950DC LEA ECX,[ESP+00000B18]
001B:01D950E3 CALL 01D949A0
001B:01D950E8 PUSH EAX
001B:01D950E9 LEA ECX,[ESP+1C]
001B:01D950ED MOV BYTE PTR [ESP+00001F34],07
001B:01D950F5 CALL 01D92530
001B:01D950FA LEA ECX,[ESP+78]
001B:01D950FE MOV BYTE PTR [ESP+00001F30],05
001B:01D95106 CALL 01D912C0
001B:01D9510B LEA ECX,[ESP+18]
001B:01D9510F CALL 01D91510
001B:01D95114 OR EBP,-01
001B:01D95117 MOV EDI,EAX
001B:01D95119 MOV ECX,EBP
001B:01D9511B XOR EAX,EAX
001B:01D9511D REPNZ SCASB
001B:01D9511F NOT ECX
001B:01D95121 SUB EDI,ECX
001B:01D95123 LEA EDX,[ESP+00000308]
001B:01D9512A MOV EAX,ECX
001B:01D9512C MOV ESI,EDI
001B:01D9512E MOV EDI,EDX
001B:01D95130 PUSH 08
001B:01D95132 SHR ECX,02
001B:01D95135 REPZ MOVSD
001B:01D95137 MOV ECX,EAX
001B:01D95139 LEA EDX,[ESP+000001CC]
001B:01D95140 AND ECX,03
001B:01D95143 REPZ MOVSB
001B:01D95145 MOV ESI,[01D971DC]
001B:01D9514B LEA ECX,[ESP+0000030C]
001B:01D95152 PUSH ECX
001B:01D95153 PUSH EDX
001B:01D95154 CALL ESI
001B:01D95156 LEA EAX,[ESP+0000031C]
001B:01D9515D PUSH 02
001B:01D9515F LEA ECX,[ESP+00000098]
001B:01D95166 PUSH EAX
001B:01D95167 PUSH ECX
001B:01D95168 CALL ESI
001B:01D9516A LEA EDI,[ESP+00000320]
001B:01D95171 MOV ECX,EBP
001B:01D95173 XOR EAX,EAX
001B:01D95175 LEA EDX,[ESP+000000A0]
001B:01D9517C REPNZ SCASB
001B:01D9517E NOT ECX
001B:01D95180 DEC ECX
001B:01D95181 PUSH EDX
001B:01D95182 MOV BL,[ECX+ESP+00000323]
001B:01D95189 CALL 01D94A80
001B:01D9518E ADD ESP,1C
001B:01D95191 CMP BL,AL
001B:01D95193 JZ 01D951E9<------------(2)跳转才是正确的分支,不跳绝对错误(一般的注册从此不跳)
001B:01D95195 LEA ECX,[ESP+18]
001B:01D95199 MOV BYTE PTR [ESP+00001F30],04
001B:01D951A1 CALL 01D912C0
001B:01D951A6 LEA ECX,[ESP+48]
001B:01D951AA MOV BYTE PTR [ESP+00001F30],03
001B:01D951B2 CALL 01D912C0
001B:01D951B7 LEA ECX,[ESP+38]
001B:01D951BB MOV BYTE PTR [ESP+00001F30],02
001B:01D951C3 CALL 01D912C0
001B:01D951C8 LEA ECX,[ESP+58]
001B:01D951CC MOV BYTE PTR [ESP+00001F30],01
001B:01D951D4 CALL 01D912C0
001B:01D951D9 MOV DWORD PTR [ESP+00001F30],00000008
001B:01D951E4 JMP 01D95728<---------------------------绝对错误的跳转
001B:01D951E9 LEA EAX,[ESP+000001C8]
001B:01D951F0 LEA ECX,[ESP+28]
001B:01D951F4 PUSH EAX
001B:01D951F5 CALL 01D91210
001B:01D951FA LEA ECX,[ESP+00000088]
001B:01D95201 MOV BYTE PTR [ESP+00001F30],09
001B:01D95209 PUSH ECX
001B:01D9520A LEA ECX,[ESP+6C]
001B:01D9520E CALL 01D91210
001B:01D95213 LEA EDX,[ESP+68]
001B:01D95217 LEA EAX,[ESP+78]
001B:01D9521B MOV BL,0A
001B:01D9521D PUSH EDX
001B:01D9521E PUSH EAX
001B:01D9521F LEA ECX,[ESP+30]
001B:01D95223 MOV [ESP+00001F38],BL
001B:01D9522A CALL 01D91EA0
001B:01D9522F PUSH EAX
001B:01D95230 LEA ECX,[ESP+2C]
001B:01D95234 MOV BYTE PTR [ESP+00001F34],0B
001B:01D9523C CALL 01D92530
001B:01D95241 LEA ECX,[ESP+78]
001B:01D95245 MOV [ESP+00001F30],BL
001B:01D9524C CALL 01D912C0
001B:01D95251 LEA ECX,[ESP+28]
001B:01D95255 CALL 01D91510
001B:01D9525A MOV EDI,EAX
001B:01D9525C MOV ECX,EBP
001B:01D9525E XOR EAX,EAX
001B:01D95260 LEA EDX,[ESP+00000308]
001B:01D95267 REPNZ SCASB
001B:01D95269 NOT ECX
001B:01D9526B SUB EDI,ECX
001B:01D9526D MOV EAX,ECX
001B:01D9526F MOV ESI,EDI
001B:01D95271 MOV EDI,EDX
001B:01D95273 SHR ECX,02
001B:01D95276 REPZ MOVSD
001B:01D95278 MOV ECX,EAX
001B:01D9527A AND ECX,03
001B:01D9527D REPZ MOVSB
001B:01D9527F CALL 01D937E0
001B:01D95284 TEST AL,AL
001B:01D95286 JZ 01D953A4<-------------------一次判断(建议不要跳)
001B:01D9528C LEA ECX,[ESP+14]
001B:01D95290 CALL 01D95ABC
001B:01D95295 LEA ECX,[ESP+14]
001B:01D95299 MOV BYTE PTR [ESP+00001F30],0C
001B:01D952A1 PUSH ECX
001B:01D952A2 CALL 01D94CF0
001B:01D952A7 MOV EDX,[ESP+18]
001B:01D952AB ADD ESP,04
001B:01D952AE LEA ECX,[ESP+14]
001B:01D952B2 MOV EAX,[EDX-08]
001B:01D952B5 PUSH EAX
001B:01D952B6 CALL 01D95AB0
001B:01D952BB MOV EDI,EAX
001B:01D952BD MOV ECX,EBP
001B:01D952BF XOR EAX,EAX
001B:01D952C1 LEA EDX,[ESP+00000208]
001B:01D952C8 REPNZ SCASB
001B:01D952CA NOT ECX
001B:01D952CC SUB EDI,ECX
001B:01D952CE MOV EAX,ECX
001B:01D952D0 MOV ESI,EDI
001B:01D952D2 MOV EDI,EDX
001B:01D952D4 SHR ECX,02
001B:01D952D7 REPZ MOVSD
001B:01D952D9 MOV ECX,EAX
001B:01D952DB LEA EAX,[ESP+00000308]
001B:01D952E2 AND ECX,03
001B:01D952E5 REPZ MOVSB
001B:01D952E7 LEA ESI,[ESP+00000208]
------->001B:01D952EE MOV DL,[EAX]
| 001B:01D952F0 MOV CL,DL
| 001B:01D952F2 CMP DL,[ESI]
| 001B:01D952F4 JNZ 01D95312<----------------不跳要进行循环,跳要进一步分析
| 001B:01D952F6 TEST CL,CL
| 001B:01D952F8 JZ 01D9530E<----------------不跳要进行循环,跳转绝对正确
| 001B:01D952FA MOV DL,[EAX+01]
| 001B:01D952FD MOV CL,DL
| 001B:01D952FF CMP DL,[ESI+01]
| 001B:01D95302 JNZ 01D95312<----------------不跳要进行循环,跳要进一步分析
| 001B:01D95304 ADD EAX,02
| 001B:01D95307 ADD ESI,02
| 001B:01D9530A TEST CL,CL
<-------001B:01D9530C JNZ 01D952EE
001B:01D9530E XOR EAX,EAX
001B:01D95310 JMP 01D95316<------------------------绝对正确的跳转
001B:01D95312 SBB EAX,EAX
001B:01D95314 SBB EAX,EBP
001B:01D95316 TEST EAX,EAX
001B:01D95318 MOV [ESP+00001F30],BL
001B:01D9531F LEA ECX,[ESP+14]
001B:01D95323 JNZ 01D956B2<-------------------------跳转肯定错误,不跳肯定正确
001B:01D95329 CALL 01D95AAA
001B:01D9532E LEA ECX,[ESP+68]
001B:01D95332 MOV BYTE PTR [ESP+00001F30],09
001B:01D9533A CALL 01D912C0
001B:01D9533F LEA ECX,[ESP+28]
001B:01D95343 MOV BYTE PTR [ESP+00001F30],05
001B:01D9534B CALL 01D912C0
001B:01D95350 LEA ECX,[ESP+18]
001B:01D95354 MOV BYTE PTR [ESP+00001F30],04
001B:01D9535C CALL 01D912C0
001B:01D95361 LEA ECX,[ESP+48]
001B:01D95365 MOV BYTE PTR [ESP+00001F30],03
001B:01D9536D CALL 01D912C0
001B:01D95372 LEA ECX,[ESP+38]
001B:01D95376 MOV BYTE PTR [ESP+00001F30],02
001B:01D9537E CALL 01D912C0
001B:01D95383 LEA ECX,[ESP+58]
001B:01D95387 MOV BYTE PTR [ESP+00001F30],01
001B:01D9538F CALL 01D912C0
001B:01D95394 MOV DWORD PTR [ESP+00001F30],0000000D
001B:01D9539F JMP 01D9567E<-------------------肯定是正确的跳转
001B:01D953A4 LEA ECX,[ESP+10]
001B:01D953A8 CALL 01D95ABC
001B:01D953AD MOV ECX,0000003F
001B:01D953B2 XOR EAX,EAX
001B:01D953B4 LEA EDI,[ESP+000000C9]
001B:01D953BB MOV BYTE PTR [ESP+000000C8],00
001B:01D953C3 REPZ STOSD
001B:01D953C5 STOSW
001B:01D953C7 STOSB
001B:01D953C8 MOV ECX,0000003F
001B:01D953CD XOR EAX,EAX
001B:01D953CF LEA EDI,[ESP+00000209]
001B:01D953D6 MOV BYTE PTR [ESP+00000208],00
001B:01D953DE REPZ STOSD
001B:01D953E0 STOSW
001B:01D953E2 STOSB
001B:01D953E3 LEA EAX,[ESP+00000208]
001B:01D953EA MOV BYTE PTR [ESP+00001F30],0E
001B:01D953F2 PUSH EAX
001B:01D953F3 CALL 01D94330
001B:01D953F8 LEA ECX,[ESP+14]
001B:01D953FC PUSH ECX
001B:01D953FD CALL 01D94CF0
001B:01D95402 ADD ESP,08
001B:01D95405 LEA ECX,[ESP+10]
001B:01D95409 PUSH 00
001B:01D9540B CALL 01D95AB0
001B:01D95410 MOV EDI,EAX
001B:01D95412 MOV ECX,EBP
001B:01D95414 XOR EAX,EAX
001B:01D95416 LEA EDX,[ESP+000000C8]
001B:01D9541D REPNZ SCASB
001B:01D9541F NOT ECX
001B:01D95421 SUB EDI,ECX
001B:01D95423 MOV EAX,ECX
001B:01D95425 MOV ESI,EDI
001B:01D95427 MOV EDI,EDX
001B:01D95429 SHR ECX,02
001B:01D9542C REPZ MOVSD
001B:01D9542E MOV ECX,EAX
001B:01D95430 LEA EAX,[ESP+00000208]
001B:01D95437 AND ECX,03
001B:01D9543A REPZ MOVSB
001B:01D9543C MOV ESI,01D9906C
001B:01D95441 MOV DL,[EAX]
001B:01D95443 MOV CL,DL
001B:01D95445 CMP DL,[ESI]
001B:01D95447 JNZ 01D95465<-------------
001B:01D95449 TEST CL,CL
<-------001B:01D9544B JZ 01D95461<--------
| 001B:01D9544D MOV DL,[EAX+01]
| 001B:01D95450 MOV CL,DL
| 001B:01D95452 CMP DL,[ESI+01]|
| 001B:01D95455 JNZ 01D95465<-------------
| 001B:01D95457 ADD EAX,02
| 001B:01D9545A ADD ESI,02
| 001B:01D9545D TEST CL,CL
| 001B:01D9545F JNZ 01D95441
|
------->001B:01D95461 XOR EAX,EAX
001B:01D95463 JMP 01D95469<-------------
001B:01D95465 SBB EAX,EAX
001B:01D95467 SBB EAX,EBP
001B:01D95469 MOV CL,[ESP+00000308]
001B:01D95470 TEST EAX,EAX
001B:01D95472 MOV AL,[ESP+000000C8]
001B:01D95479 JNZ 01D9556F<-------------一次判断
001B:01D9547F CMP AL,CL
001B:01D95481 JNZ 01D954A7<-------------一次判断
001B:01D95483 MOV CL,[ESP+000000C9]
001B:01D9548A MOV AL,[ESP+00000309]
001B:01D95491 CMP CL,AL
001B:01D95493 JNZ 01D954A7<-------------一次判断
001B:01D95495 MOV DL,[ESP+000000CA]
001B:01D9549C MOV AL,[ESP+0000030A]
001B:01D954A3 CMP DL,AL
001B:01D954A5 JZ 01D954E9<--------------跳转是肯定正确的
001B:01D954A7 MOV AL,[ESP+000000CD]
001B:01D954AE MOV CL,[ESP+0000030D]
001B:01D954B5 CMP AL,CL
001B:01D954B7 JNZ 01D956A7<--------------跳转是肯定错误的,否则下面进一步判断.
001B:01D954BD MOV CL,[ESP+000000CE]
001B:01D954C4 MOV AL,[ESP+0000030E]
001B:01D954CB CMP CL,AL
001B:01D954CD JNZ 01D956A7<--------------跳转是肯定错误的,否则下面进一步判断.
001B:01D954D3 MOV DL,[ESP+000000CF]
001B:01D954DA MOV AL,[ESP+0000030F]
001B:01D954E1 CMP DL,AL
001B:01D954E3 JNZ 01D956A7<--------------跳转是肯定错误的,否则肯定是正确的.
001B:01D954E9 LEA ECX,[ESP+10]
001B:01D954ED MOV [ESP+00001F30],BL
001B:01D954F4 CALL 01D95AAA
001B:01D954F9 LEA ECX,[ESP+68]
001B:01D954FD MOV BYTE PTR [ESP+00001F30],09
001B:01D95505 CALL 01D912C0
001B:01D9550A LEA ECX,[ESP+28]
001B:01D9550E MOV BYTE PTR [ESP+00001F30],05
001B:01D95516 CALL 01D912C0
001B:01D9551B LEA ECX,[ESP+18]
001B:01D9551F MOV BYTE PTR [ESP+00001F30],04
001B:01D95527 CALL 01D912C0
001B:01D9552C LEA ECX,[ESP+48]
001B:01D95530 MOV BYTE PTR [ESP+00001F30],03
001B:01D95538 CALL 01D912C0
001B:01D9553D LEA ECX,[ESP+38]
001B:01D95541 MOV BYTE PTR [ESP+00001F30],02
001B:01D95549 CALL 01D912C0
001B:01D9554E LEA ECX,[ESP+58]
001B:01D95552 MOV BYTE PTR [ESP+00001F30],01
001B:01D9555A CALL 01D912C0
001B:01D9555F MOV DWORD PTR [ESP+00001F30],0000000F
001B:01D9556A JMP 01D9567E<-------------------------------是绝对正确的跳转
001B:01D9556F CMP AL,CL
001B:01D95571 JNZ 01D95597<-----------一次判断
001B:01D95573 MOV CL,[ESP+000000C9]
001B:01D9557A MOV AL,[ESP+00000309]
001B:01D95581 CMP CL,AL
001B:01D95583 JNZ 01D95597<-----------一次判断
001B:01D95585 MOV DL,[ESP+000000CA]
001B:01D9558C MOV AL,[ESP+0000030A]
001B:01D95593 CMP DL,AL
001B:01D95595 JZ 01D955FD<-----------跳转是肯定正确的,不跳要作进一步的判断.
001B:01D95597 MOV AL,[ESP+000000CB]
001B:01D9559E MOV CL,[ESP+0000030B]
001B:01D955A5 CMP AL,CL
001B:01D955A7 JNZ 01D955BB<-----------一次判断
001B:01D955A9 MOV CL,[ESP+000000CC]
001B:01D955B0 MOV AL,[ESP+0000030C]
001B:01D955B7 CMP CL,AL
001B:01D955B9 JZ 01D955FD<-----------跳转是肯定正确的,不跳要作进一步的判断.
001B:01D955BB MOV DL,[ESP+000000CD]
001B:01D955C2 MOV AL,[ESP+0000030D]
001B:01D955C9 CMP DL,AL
001B:01D955CB JNZ 01D956A7<-----------跳转是肯定错误的,否则下面进一步判断
001B:01D955D1 MOV AL,[ESP+000000CE]
001B:01D955D8 MOV CL,[ESP+0000030E]
001B:01D955DF CMP AL,CL
001B:01D955E1 JNZ 01D956A7<-----------跳转是肯定错误的,否则下面进一步判断
001B:01D955E7 MOV CL,[ESP+000000CF]
001B:01D955EE MOV AL,[ESP+0000030F]
001B:01D955F5 CMP CL,AL
001B:01D955F7 JNZ 01D956A7<-----------跳转是肯定错误的,不跳肯定正确.
001B:01D955FD LEA ECX,[ESP+10]
001B:01D95601 MOV [ESP+00001F30],BL
001B:01D95608 CALL 01D95AAA
001B:01D9560D LEA ECX,[ESP+68]
001B:01D95611 MOV BYTE PTR [ESP+00001F30],09
001B:01D95619 CALL 01D912C0
001B:01D9561E LEA ECX,[ESP+28]
001B:01D95622 MOV BYTE PTR [ESP+00001F30],05
001B:01D9562A CALL 01D912C0
001B:01D9562F LEA ECX,[ESP+18]
001B:01D95633 MOV BYTE PTR [ESP+00001F30],04
001B:01D9563B CALL 01D912C0
001B:01D95640 LEA ECX,[ESP+48]
001B:01D95644 MOV BYTE PTR [ESP+00001F30],03
001B:01D9564C CALL 01D912C0
001B:01D95651 LEA ECX,[ESP+38]
001B:01D95655 MOV BYTE PTR [ESP+00001F30],02
001B:01D9565D CALL 01D912C0
001B:01D95662 LEA ECX,[ESP+58]
001B:01D95666 MOV BYTE PTR [ESP+00001F30],01
001B:01D9566E CALL 01D912C0
001B:01D95673 MOV DWORD PTR [ESP+00001F30],00000010
001B:01D9567E LEA ECX,[ESP+00001F18]
001B:01D95685 CALL 01D912C0
001B:01D9568A LEA ECX,[ESP+00001F08]
001B:01D95691 MOV [ESP+00001F30],EBP
001B:01D95698 CALL 01D912C0
001B:01D9569D MOV EAX,00000001
001B:01D956A2 JMP 01D95749<--------------------------eax=1,是正确返回
001B:01D956A7 MOV [ESP+00001F30],BL
001B:01D956AE LEA ECX,[ESP+10]
001B:01D956B2 CALL 01D95AAA
001B:01D956B7 LEA ECX,[ESP+68]
001B:01D956BB MOV BYTE PTR [ESP+00001F30],09
001B:01D956C3 CALL 01D912C0
001B:01D956C8 LEA ECX,[ESP+28]
001B:01D956CC MOV BYTE PTR [ESP+00001F30],05
001B:01D956D4 CALL 01D912C0
001B:01D956D9 LEA ECX,[ESP+18]
001B:01D956DD MOV BYTE PTR [ESP+00001F30],04
001B:01D956E5 CALL 01D912C0
001B:01D956EA LEA ECX,[ESP+48]
001B:01D956EE MOV BYTE PTR [ESP+00001F30],03
001B:01D956F6 CALL 01D912C0
001B:01D956FB LEA ECX,[ESP+38]
001B:01D956FF MOV BYTE PTR [ESP+00001F30],02
001B:01D95707 CALL 01D912C0
001B:01D9570C LEA ECX,[ESP+58]
001B:01D95710 MOV BYTE PTR [ESP+00001F30],01
001B:01D95718 CALL 01D912C0
001B:01D9571D MOV DWORD PTR [ESP+00001F30],00000011
001B:01D95728 LEA ECX,[ESP+00001F18]
001B:01D9572F CALL 01D912C0
001B:01D95734 MOV [ESP+00001F30],EBP
001B:01D9573B LEA ECX,[ESP+00001F08]
001B:01D95742 CALL 01D912C0
001B:01D95747 XOR EAX,EAX<---------------------------eax=0,是错误返回
001B:01D95749 MOV ECX,[ESP+00001F28]
001B:01D95750 POP EDI
001B:01D95751 POP ESI
001B:01D95752 POP EBP
001B:01D95753 POP EBX
001B:01D95754 MOV FS:[00000000],ECX
001B:01D9575B ADD ESP,00001F24
001B:01D95761 RET
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
//////////////////////////////////////////////////////////////////////////////////
001B:01D960E0 PUSH ECX
001B:01D960E1 CMP EAX,00001000
001B:01D960E6 LEA ECX,[ESP+08]
001B:01D960EA JB 01D96100<---------如果小于
001B:01D960EC SUB ECX,00001000
001B:01D960F2 SUB EAX,00001000
001B:01D960F7 TEST [ECX],EAX
001B:01D960F9 CMP EAX,00001000
001B:01D960FE JAE 01D960EC
001B:01D96100 SUB ECX,EAX
001B:01D96102 MOV EAX,ESP
001B:01D96104 TEST [ECX],EAX
001B:01D96106 MOV ESP,ECX
001B:01D96108 MOV ECX,[EAX]
001B:01D9610A MOV EAX,[EAX+04]
001B:01D9610D PUSH EAX
001B:01D9610E RET
/////////////////////////////////////////////////////////////////////
001B:01D91510 PUSH ESI
001B:01D91511 MOV ESI,ECX
001B:01D91513 PUSH 0A
001B:01D91515 CALL 01D93640
001B:01D9151A MOV EAX,[ESI+0C]
001B:01D9151D POP ESI
001B:01D9151E RET
/////////////////////////////////////////////////////////////////////
001B:01D93640 PUSH FF
001B:01D93642 PUSH 01D96710
001B:01D93647 MOV EAX,FS:[00000000]
001B:01D9364D PUSH EAX
001B:01D9364E MOV FS:[00000000],ESP
001B:01D93655 SUB ESP,28
001B:01D93658 PUSH EBP
001B:01D93659 PUSH ESI
001B:01D9365A MOV ESI,ECX
001B:01D9365C PUSH EDI
001B:01D9365D MOV [ESP+10],ESI
001B:01D93661 MOV EAX,[ESI+0C]
001B:01D93664 TEST EAX,EAX
001B:01D93666 JZ 01D93678
001B:01D93668 PUSH EAX
001B:01D93669 CALL 01D95996
001B:01D9366E ADD ESP,04
001B:01D93671 MOV DWORD PTR [ESI+0C],00000000
001B:01D93678 MOV EAX,[ESI+04]
001B:01D9367B MOV EDI,[ESP+44]
001B:01D9367F TEST EAX,EAX
001B:01D93681 MOV EBP,00000001
001B:01D93686 JNZ 01D93692
001B:01D93688 MOV EBP,00000005
001B:01D9368D JMP 01D937AA
001B:01D93692 OR EAX,-01
001B:01D93695 XOR EDX,EDX
001B:01D93697 DIV EDI
001B:01D93699 PUSH EBX
001B:01D9369A MOV EBX,00000001
001B:01D9369F MOV [ESP+10],EBX
001B:01D936A3 MOV ESI,EDI
001B:01D936A5 CMP EAX,EDI
001B:01D936A7 JBE 01D936BC
001B:01D936A9 IMUL ESI,EDI
001B:01D936AC OR EAX,-01
001B:01D936AF XOR EDX,EDX
001B:01D936B1 DIV ESI
001B:01D936B3 INC EBX
001B:01D936B4 CMP EAX,EDI
001B:01D936B6 JA 01D936A9
001B:01D936B8 MOV [ESP+10],EBX
001B:01D936BC MOV EAX,[ESP+14]
001B:01D936C0 LEA ECX,[ESP+18]
001B:01D936C4 PUSH EAX
001B:01D936C5 CALL 01D91190
001B:01D936CA MOV EAX,[ESP+1C]
001B:01D936CE MOV DWORD PTR [ESP+40],00000000
001B:01D936D6 TEST EAX,EAX
001B:01D936D8 JZ 01D93700
001B:01D936DA MOV ECX,[ESP+20]
001B:01D936DE MOV EDX,[EAX*4+ECX-04]
001B:01D936E2 SHR EDX,1F
001B:01D936E5 TEST DL,DL
001B:01D936E7 JZ 01D93700
001B:01D936E9 INC EAX
001B:01D936EA PUSH 00
001B:01D936EC PUSH EAX
001B:01D936ED LEA ECX,[ESP+20]
001B:01D936F1 CALL 01D912F0
001B:01D936F6 CMP EDI,0A
001B:01D936F9 JNZ 01D93700
001B:01D936FB MOV EBP,00000002
001B:01D93700 PUSH ESI
001B:01D93701 LEA ECX,[ESP+2C]
001B:01D93705 CALL 01D91060
001B:01D9370A PUSH EAX
001B:01D9370B LEA ECX,[ESP+1C]
001B:01D9370F MOV BYTE PTR [ESP+44],01
001B:01D93714 CALL 01D92460
001B:01D93719 LEA ECX,[ESP+28]
001B:01D9371D MOV [ESP+48],AL
001B:01D93721 MOV BYTE PTR [ESP+40],00
001B:01D93726 CALL 01D912C0
001B:01D9372B MOV AL,[ESP+48]
001B:01D9372F TEST AL,AL
001B:01D93731 JZ 01D93779
001B:01D93733 JMP 01D93739
001B:01D93735 MOV EBX,[ESP+10]
001B:01D93739 LEA EAX,[ESP+18]
001B:01D9373D PUSH 00
001B:01D9373F PUSH EAX
001B:01D93740 PUSH ESI
001B:01D93741 LEA ECX,[ESP+24]
001B:01D93745 CALL 01D929C0
001B:01D9374A PUSH ESI
001B:01D9374B LEA ECX,[ESP+2C]
001B:01D9374F ADD EBP,EBX
001B:01D93751 CALL 01D91060
001B:01D93756 PUSH EAX
001B:01D93757 LEA ECX,[ESP+1C]
001B:01D9375B MOV BYTE PTR [ESP+44],01
001B:01D93760 CALL 01D92460
001B:01D93765 LEA ECX,[ESP+28]
001B:01D93769 MOV BL,AL
001B:01D9376B MOV BYTE PTR [ESP+40],00
001B:01D93770 CALL 01D912C0
001B:01D93775 TEST BL,BL
001B:01D93777 JNZ 01D93735
001B:01D93779 MOV ECX,[ESP+20]
001B:01D9377D POP EBX
001B:01D9377E MOV EAX,[ECX]
001B:01D93780 TEST EAX,EAX
001B:01D93782 JZ 01D93795
001B:01D93784 XOR EDX,EDX
001B:01D93786 DIV EDI
001B:01D93788 INC EBP
001B:01D93789 MOV [ECX],EAX
001B:01D9378B MOV ECX,[ESP+1C]
001B:01D9378F MOV EAX,[ECX]
001B:01D93791 TEST EAX,EAX
001B:01D93793 JNZ 01D93784
001B:01D93795 LEA ECX,[ESP+14]
001B:01D93799 MOV DWORD PTR [ESP+3C],FFFFFFFF
001B:01D937A1 CALL 01D912C0
001B:01D937A6 MOV ESI,[ESP+10]
001B:01D937AA PUSH EBP
001B:01D937AB CALL 01D95990
001B:01D937B0 ADD ESP,04
001B:01D937B3 MOV ECX,ESI
001B:01D937B5 MOV [ESI+0C],EAX
001B:01D937B8 PUSH EDI
001B:01D937B9 PUSH 00
001B:01D937BB PUSH EBP
001B:01D937BC PUSH EAX
001B:01D937BD CALL 01D93410
001B:01D937C2 MOV ECX,[ESP+34]
001B:01D937C6 POP EDI
001B:01D937C7 POP ESI
001B:01D937C8 POP EBP
001B:01D937C9 MOV FS:[00000000],ECX
001B:01D937D0 ADD ESP,34
001B:01D937D3 RET 0004
////////////////////////////////////////////////////////////////////////////
功能: 字节数相加,/9求模,返回余数的ascii码
001B:01D94A80 PUSH ESI
001B:01D94A81 MOV ESI,[ESP+08]
001B:01D94A85 PUSH EDI
001B:01D94A86 MOV EDI,ESI
001B:01D94A88 OR ECX,-01
001B:01D94A8B XOR EAX,EAX
001B:01D94A8D XOR EDX,EDX
001B:01D94A8F REPNZ SCASB
001B:01D94A91 NOT ECX
001B:01D94A93 DEC ECX
001B:01D94A94 TEST ECX,ECX
001B:01D94A96 JLE 01D94AA3
001B:01D94A98 MOVSX EDI,BYTE PTR [ESI+EAX]
001B:01D94A9C ADD EDX,EDI
001B:01D94A9E INC EAX
001B:01D94A9F CMP EAX,ECX
001B:01D94AA1 JL 01D94A98
001B:01D94AA3 MOV EAX,EDX<-----地位eax
001B:01D94AA5 XOR EDX,EDX<-----高位0
001B:01D94AA7 MOV ECX,00000009<-------------eax/9求模
001B:01D94AAC POP EDI
001B:01D94AAD DIV ECX<---------------------edx=余数;eax=商
001B:01D94AAF POP ESI
001B:01D94AB0 MOV EAX,EDX
001B:01D94AB2 ADD EAX,30
001B:01D94AB5 RET
/////////////////////////////////////////////////////////////////////////////
|
