00401530 >/$ E8 BBFFFFFF call 1.004014F0
00401535 |. E8 5BFFFFFF call 1.00401495
0040153A |. 33C0 xor eax,eax
0040153C \. C3 retn
0040153D 90 nop
0040153E 90 nop
0040153F 90 nop
00401540 /$ A1 90389000 mov eax,dword ptr ds:[0x903890]
00401545 |. 85C0 test eax,eax
00401547 |. 75 07 jnz X1.00401550
00401549 |. 50 push eax ; /pModule => NULL
0040154A |. FF15 34304000 call dword ptr ds:[<&KERNEL32.GetModuleH>; \GetModuleHandleA
00401550 |> 8B48 3C mov ecx,dword ptr ds:[eax+0x3C]
00401553 |. 8B4C01 50 mov ecx,dword ptr ds:[ecx+eax+0x50]
00401557 |. A3 8C389000 mov dword ptr ds:[0x90388C],eax
0040155C |. 890D 94389000 mov dword ptr ds:[0x903894],ecx
00401562 |. 03C8 add ecx,eax
00401564 |. 890D 88389000 mov dword ptr ds:[0x903888],ecx
0040156A \. C3 retn
0040156B 90 nop
0040156C 90 nop
0040156D 90 nop
0040156E 90 nop
0040156F 90 nop
00401570 $ 55 push ebp
00401571 . 8BEC mov ebp,esp
00401573 . E8 88FFFFFF call 1.00401500
00401578 . A1 80389000 mov eax,dword ptr ds:[0x903880]
0040157D . 85C0 test eax,eax
0040157F . 75 0C jnz X1.0040158D
00401581 . 8B45 08 mov eax,dword ptr ss:[ebp+0x8]
00401584 . 50 push eax ; /ExitCode
00401585 . FF15 30304000 call dword ptr ds:[<&KERNEL32.ExitProces>; \ExitProcess
0040158B . 5D pop ebp
0040158C . C3 retn
0040158D > 8B45 08 mov eax,dword ptr ss:[ebp+0x8]
00401590 . 8B2D 84389000 mov ebp,dword ptr ds:[0x903884]
00401596 . 8B25 80389000 mov esp,dword ptr ds:[0x903880]
0040159C . 83EC 04 sub esp,0x4
0040159F . C3 retn
004015A0 . 5D pop ebp
004015A1 . C3 retn
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
