-
-
[旧帖] [求助]反编译过来的代码如何分析 0.00雪花
-
发表于: 2012-5-20 21:51 1433
-
#include <windows.h>
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR szCmdLine, int iCmdShow)
{
MessageBox(NULL,"世界你好","问好",MB_OK);
return 0 ;
}
我用c写的程序,用od调试出现了这么长的的代码:
00401000 /. 55 PUSH EBP
00401001 |. 89E5 MOV EBP,ESP
00401003 |. 83EC 18 SUB ESP,18
00401006 |. 895D F8 MOV DWORD PTR SS:[EBP-8],EBX
00401009 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0040100C |. 31DB XOR EBX,EBX
0040100E |. 8975 FC MOV DWORD PTR SS:[EBP-4],ESI
00401011 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00401013 |. 31F6 XOR ESI,ESI
00401015 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00401017 |. 3D 910000C0 CMP EAX,C0000091
0040101C |. 77 43 JA SHORT xiaoxiku.00401061
0040101E |. 3D 8D0000C0 CMP EAX,C000008D
00401023 |. 72 5B JB SHORT xiaoxiku.00401080
00401025 |> BE 01000000 MOV ESI,1
0040102A |> C70424 080000>MOV DWORD PTR SS:[ESP],8 ; |
00401031 |. 31D2 XOR EDX,EDX ; |
00401033 |. 895424 04 MOV DWORD PTR SS:[ESP+4],EDX ; |
00401037 |. E8 5C090000 CALL <JMP.&msvcrt.signal> ; \signal
0040103C |. 83F8 01 CMP EAX,1
0040103F |. 74 7A JE SHORT xiaoxiku.004010BB
00401041 |. 85C0 TEST EAX,EAX
00401043 |. 74 0E JE SHORT xiaoxiku.00401053
00401045 |. C70424 080000>MOV DWORD PTR SS:[ESP],8
0040104C |. FFD0 CALL EAX
0040104E |> BB FFFFFFFF MOV EBX,-1
00401053 |> 89D8 MOV EAX,EBX
00401055 |. 8B75 FC MOV ESI,DWORD PTR SS:[EBP-4]
00401058 |. 8B5D F8 MOV EBX,DWORD PTR SS:[EBP-8]
0040105B |. 89EC MOV ESP,EBP
0040105D |. 5D POP EBP
0040105E |. C2 0400 RETN 4
00401061 |> 3D 940000C0 CMP EAX,C0000094
00401066 |.^ 74 C2 JE SHORT xiaoxiku.0040102A
00401068 |. 77 4A JA SHORT xiaoxiku.004010B4
0040106A |. 3D 930000C0 CMP EAX,C0000093
0040106F |.^ 74 B4 JE SHORT xiaoxiku.00401025
00401071 |. 89D8 MOV EAX,EBX
00401073 |. 8B75 FC MOV ESI,DWORD PTR SS:[EBP-4]
00401076 |. 8B5D F8 MOV EBX,DWORD PTR SS:[EBP-8]
00401079 |. 89EC MOV ESP,EBP
0040107B |. 5D POP EBP
0040107C |. C2 0400 RETN 4
0040107F | 90 NOP
00401080 |> 3D 050000C0 CMP EAX,C0000005
00401085 |. 74 5B JE SHORT xiaoxiku.004010E2
00401087 |. 3D 1D0000C0 CMP EAX,C000001D
0040108C |>^ 75 C5 JNZ SHORT xiaoxiku.00401053 ; |
0040108E |. C70424 040000>MOV DWORD PTR SS:[ESP],4 ; |
00401095 |. 31F6 XOR ESI,ESI ; |
00401097 |. 897424 04 MOV DWORD PTR SS:[ESP+4],ESI ; |
0040109B |. E8 F8080000 CALL <JMP.&msvcrt.signal> ; \signal
004010A0 |. 83F8 01 CMP EAX,1
004010A3 |. 74 6A JE SHORT xiaoxiku.0040110F
004010A5 |. 85C0 TEST EAX,EAX
004010A7 |.^ 74 AA JE SHORT xiaoxiku.00401053
004010A9 |. C70424 040000>MOV DWORD PTR SS:[ESP],4
004010B0 |. FFD0 CALL EAX
004010B2 |.^ EB 9A JMP SHORT xiaoxiku.0040104E
004010B4 |> 3D 960000C0 CMP EAX,C0000096
004010B9 |.^ EB D1 JMP SHORT xiaoxiku.0040108C
004010BB |> C70424 080000>MOV DWORD PTR SS:[ESP],8 ; |
004010C2 |. B8 01000000 MOV EAX,1 ; |
004010C7 |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
004010CB |. E8 C8080000 CALL <JMP.&msvcrt.signal> ; \signal
004010D0 |. 85F6 TEST ESI,ESI
004010D2 |.^ 0F84 76FFFFFF JE xiaoxiku.0040104E
004010D8 |. E8 4B050000 CALL xiaoxiku.00401628
004010DD |.^ E9 6CFFFFFF JMP xiaoxiku.0040104E
004010E2 |> C70424 0B0000>MOV DWORD PTR SS:[ESP],0B ; |
004010E9 |. 31C0 XOR EAX,EAX ; |
004010EB |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
004010EF |. E8 A4080000 CALL <JMP.&msvcrt.signal> ; \signal
004010F4 |. 83F8 01 CMP EAX,1
004010F7 |. 74 30 JE SHORT xiaoxiku.00401129
004010F9 |. 85C0 TEST EAX,EAX
004010FB |.^ 0F84 52FFFFFF JE xiaoxiku.00401053
00401101 |. C70424 0B0000>MOV DWORD PTR SS:[ESP],0B
00401108 |. FFD0 CALL EAX
0040110A |.^ E9 3FFFFFFF JMP xiaoxiku.0040104E
0040110F |> C70424 040000>MOV DWORD PTR SS:[ESP],4 ; |
00401116 |. B9 01000000 MOV ECX,1 ; |
0040111B |. 894C24 04 MOV DWORD PTR SS:[ESP+4],ECX ; |
0040111F |. E8 74080000 CALL <JMP.&msvcrt.signal> ; \signal
00401124 |.^ E9 25FFFFFF JMP xiaoxiku.0040104E
00401129 |> C70424 0B0000>MOV DWORD PTR SS:[ESP],0B ; |
00401130 |. B8 01000000 MOV EAX,1 ; |
00401135 |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
00401139 |. E8 5A080000 CALL <JMP.&msvcrt.signal> ; \signal
0040113E \.^ E9 0BFFFFFF JMP xiaoxiku.0040104E
00401143 8DB6 00000000 LEA ESI,DWORD PTR DS:[ESI]
00401149 8D DB 8D
0040114A BC DB BC
0040114B 27 DB 27 ; CHAR '''
0040114C 00 DB 00
0040114D 00 DB 00
0040114E 00 DB 00
0040114F 00 DB 00
00401150 /$ 55 PUSH EBP
00401151 |. 89E5 MOV EBP,ESP
00401153 |. 53 PUSH EBX
00401154 |. 83EC 24 SUB ESP,24
00401157 |. C70424 001040>MOV DWORD PTR SS:[ESP],xiaoxiku.00401000 ; |
0040115E |. E8 8D080000 CALL <JMP.&KERNEL32.SetUnhandledExceptio>; \SetUnhandledExceptionFilter
00401163 |. 83EC 04 SUB ESP,4
00401166 |. E8 BD030000 CALL xiaoxiku.00401528
0040116B |. E8 B8040000 CALL xiaoxiku.00401628
00401170 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00401177 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0040117A |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
0040117E |. A1 00204000 MOV EAX,DWORD PTR DS:[402000]
00401183 |. C70424 044040>MOV DWORD PTR SS:[ESP],xiaoxiku.00404004
0040118A |. 894424 0C MOV DWORD PTR SS:[ESP+C],EAX
0040118E |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
00401191 |. 894424 08 MOV DWORD PTR SS:[ESP+8],EAX
00401195 |. B8 00404000 MOV EAX,xiaoxiku.00404000
0040119A |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX
0040119E |. E8 0D080000 CALL <JMP.&msvcrt.__getmainargs>
004011A3 |. A1 10404000 MOV EAX,DWORD PTR DS:[404010]
004011A8 |. 85C0 TEST EAX,EAX
004011AA |. 74 64 JE SHORT xiaoxiku.00401210
004011AC |. A3 10204000 MOV DWORD PTR DS:[402010],EAX
004011B1 |. 8B15 0C514000 MOV EDX,DWORD PTR DS:[<&msvcrt._iob>] ; msvcrt._iob
004011B7 |. 85D2 TEST EDX,EDX
004011B9 |. 0F85 A1000000 JNZ xiaoxiku.00401260
004011BF |> 83FA E0 CMP EDX,-20 ; |
004011C2 |. 74 1F JE SHORT xiaoxiku.004011E3 ; |
004011C4 |. A1 10404000 MOV EAX,DWORD PTR DS:[404010] ; |
004011C9 |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
004011CD |. A1 0C514000 MOV EAX,DWORD PTR DS:[<&msvcrt._iob>] ; |
004011D2 |. 8B40 30 MOV EAX,DWORD PTR DS:[EAX+30] ; |
004011D5 |. 890424 MOV DWORD PTR SS:[ESP],EAX ; |
004011D8 |. E8 CB070000 CALL <JMP.&msvcrt._setmode> ; \_setmode
004011DD |. 8B15 0C514000 MOV EDX,DWORD PTR DS:[<&msvcrt._iob>] ; msvcrt._iob
004011E3 |> 83FA C0 CMP EDX,-40 ; |
004011E6 |. 74 28 JE SHORT xiaoxiku.00401210 ; |
004011E8 |. A1 10404000 MOV EAX,DWORD PTR DS:[404010] ; |
004011ED |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
004011F1 |. A1 0C514000 MOV EAX,DWORD PTR DS:[<&msvcrt._iob>] ; |
004011F6 |. 8B40 50 MOV EAX,DWORD PTR DS:[EAX+50] ; |
004011F9 |. 890424 MOV DWORD PTR SS:[ESP],EAX ; |
004011FC |. E8 A7070000 CALL <JMP.&msvcrt._setmode> ; \_setmode
00401201 |. EB 0D JMP SHORT xiaoxiku.00401210
00401203 | 90 NOP
00401204 | 90 NOP
00401205 | 90 NOP
00401206 | 90 NOP
00401207 | 90 NOP
00401208 | 90 NOP
00401209 | 90 NOP
0040120A | 90 NOP
0040120B | 90 NOP
0040120C | 90 NOP
0040120D | 90 NOP
0040120E | 90 NOP
0040120F | 90 NOP
00401210 |> E8 8B070000 CALL <JMP.&msvcrt.__p__fmode>
00401215 |. 8B15 10204000 MOV EDX,DWORD PTR DS:[402010]
0040121B |. 8910 MOV DWORD PTR DS:[EAX],EDX
0040121D |. E8 D6020000 CALL xiaoxiku.004014F8
00401222 |. 83E4 F0 AND ESP,FFFFFFF0
00401225 |. E8 AE020000 CALL xiaoxiku.004014D8
0040122A |. E8 61070000 CALL <JMP.&msvcrt.__p__environ>
0040122F |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00401231 |. 894424 08 MOV DWORD PTR SS:[ESP+8],EAX
00401235 |. A1 00404000 MOV EAX,DWORD PTR DS:[404000]
0040123A |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX
0040123E |. A1 04404000 MOV EAX,DWORD PTR DS:[404004]
00401243 |. 890424 MOV DWORD PTR SS:[ESP],EAX
00401246 |. E8 DD000000 CALL xiaoxiku.00401328
0040124B |. 89C3 MOV EBX,EAX ; |
0040124D |. E8 36070000 CALL <JMP.&msvcrt._cexit> ; |[msvcrt._cexit
00401252 |. 891C24 MOV DWORD PTR SS:[ESP],EBX ; |
00401255 |. E8 8E070000 CALL <JMP.&KERNEL32.ExitProcess> ; \ExitProcess
0040125A | 8DB6 00000000 LEA ESI,DWORD PTR DS:[ESI]
00401260 |> 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
00401264 |. A1 0C514000 MOV EAX,DWORD PTR DS:[<&msvcrt._iob>] ; |
00401269 |. 8B40 10 MOV EAX,DWORD PTR DS:[EAX+10] ; |
0040126C |. 890424 MOV DWORD PTR SS:[ESP],EAX ; |
0040126F |. E8 34070000 CALL <JMP.&msvcrt._setmode> ; \_setmode
00401274 |. 8B15 0C514000 MOV EDX,DWORD PTR DS:[<&msvcrt._iob>] ; msvcrt._iob
0040127A \.^ E9 40FFFFFF JMP xiaoxiku.004011BF
0040127F 90 NOP
00401280 55 DB 55 ; CHAR 'U'
00401281 89 DB 89
00401282 E5 DB E5
00401283 83 DB 83
00401284 EC DB EC
00401285 08 DB 08
00401286 C7 DB C7
00401287 04 DB 04
00401288 24 DB 24 ; CHAR '$'
00401289 01 DB 01
0040128A 00 DB 00
0040128B 00 DB 00
0040128C 00 DB 00
0040128D FF DB FF
0040128E 15 DB 15
0040128F 00514000 DD <&msvcrt.__set_app_type>
00401293 E8 DB E8
00401294 B8 DB B8
00401295 FE DB FE
00401296 FF DB FF
00401297 FF DB FF
00401298 90 NOP
00401299 8D DB 8D
0040129A B4 DB B4
0040129B 26 DB 26 ; CHAR '&'
0040129C 00 DB 00
0040129D 00 DB 00
0040129E 00 DB 00
0040129F 00 DB 00
004012A0 > $ 55 PUSH EBP
004012A1 . 89E5 MOV EBP,ESP
004012A3 . 83EC 08 SUB ESP,8
004012A6 . C70424 020000>MOV DWORD PTR SS:[ESP],2
004012AD . FF15 00514000 CALL DWORD PTR DS:[<&msvcrt.__set_app_ty>; msvcrt.__set_app_type
004012B3 . E8 98FEFFFF CALL xiaoxiku.00401150
004012B8 . 90 NOP
004012B9 . 8DB426 000000>LEA ESI,DWORD PTR DS:[ESI]
004012C0 $ 55 PUSH EBP
004012C1 . 8B0D 1C514000 MOV ECX,DWORD PTR DS:[<&msvcrt.atexit>] ; msvcrt.atexit
004012C7 . 89E5 MOV EBP,ESP
004012C9 . 5D POP EBP
004012CA . FFE1 JMP ECX
004012CC 8D7426 00 LEA ESI,DWORD PTR DS:[ESI]
004012D0 . 55 PUSH EBP
004012D1 . 8B0D 10514000 MOV ECX,DWORD PTR DS:[<&msvcrt._onexit>] ; msvcrt._onexit
004012D7 . 89E5 MOV EBP,ESP
004012D9 . 5D POP EBP
004012DA . FFE1 JMP ECX
004012DC 90 NOP
004012DD 90 NOP
004012DE 90 NOP
004012DF 90 NOP
004012E0 > 55 PUSH EBP
004012E1 . 89E5 MOV EBP,ESP
004012E3 . 5D POP EBP
004012E4 . E9 FF030000 JMP xiaoxiku.004016E8
004012E9 90 NOP
004012EA 90 NOP
004012EB 90 NOP
004012EC 90 NOP
004012ED 90 NOP
004012EE 90 NOP
004012EF 90 NOP
004012F0 /$ 55 PUSH EBP
004012F1 |. 89E5 MOV EBP,ESP
004012F3 |. 83EC 18 SUB ESP,18
004012F6 |. C74424 0C 000>MOV DWORD PTR SS:[ESP+C],0 ; |
004012FE |. C74424 08 003>MOV DWORD PTR SS:[ESP+8],xiaoxiku.004030>; |
00401306 |. C74424 04 053>MOV DWORD PTR SS:[ESP+4],xiaoxiku.004030>; |
0040130E |. C70424 000000>MOV DWORD PTR SS:[ESP],0 ; |
00401315 |. E8 C6060000 CALL <JMP.&USER32.MessageBoxA> ; \MessageBoxA
0040131A |. 83EC 10 SUB ESP,10
0040131D |. B8 00000000 MOV EAX,0
00401322 |. C9 LEAVE
00401323 \. C2 1000 RETN 10
00401326 90 NOP
00401327 90 NOP
00401328 $ 55 PUSH EBP
00401329 . B8 10000000 MOV EAX,10
0040132E . 89E5 MOV EBP,ESP
00401330 . 53 PUSH EBX
00401331 . 83EC 64 SUB ESP,64
00401334 . 83E4 F0 AND ESP,FFFFFFF0
00401337 . E8 1C060000 CALL xiaoxiku.00401958
0040133C . E8 97010000 CALL xiaoxiku.004014D8
00401341 . E8 C2060000 CALL <JMP.&KERNEL32.GetCommandLineA> ; |[GetCommandLineA
00401346 . 89C3 MOV EBX,EAX ; |
00401348 . 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58] ; |
0040134B . 890424 MOV DWORD PTR SS:[ESP],EAX ; |
0040134E . E8 AD060000 CALL <JMP.&KERNEL32.GetStartupInfoA> ; \GetStartupInfoA
00401353 . 83EC 04 SUB ESP,4
00401356 . 85DB TEST EBX,EBX
00401358 . 75 06 JNZ SHORT xiaoxiku.00401360
0040135A . E9 9D000000 JMP xiaoxiku.004013FC
0040135F > 43 INC EBX
00401360 > 0FB60B MOVZX ECX,BYTE PTR DS:[EBX]
00401363 . 80F9 20 CMP CL,20
00401366 . 0F94C0 SETE AL
00401369 . 80F9 09 CMP CL,9
0040136C . 0F94C2 SETE DL
0040136F . 09D0 OR EAX,EDX
00401371 . A8 01 TEST AL,1
00401373 .^ 75 EA JNZ SHORT xiaoxiku.0040135F
00401375 . 80F9 22 CMP CL,22
00401378 . 74 3E JE SHORT xiaoxiku.004013B8
0040137A . 80F9 20 CMP CL,20
0040137D . 0F95C0 SETNE AL
00401380 . 31D2 XOR EDX,EDX
00401382 . 80F9 09 CMP CL,9
00401385 . 0F95C2 SETNE DL
00401388 . 85D0 TEST EAX,EDX
0040138A . 74 4C JE SHORT xiaoxiku.004013D8
0040138C . 8DB6 00000000 LEA ESI,DWORD PTR DS:[ESI]
00401392 . 8DBF 00000000 LEA EDI,DWORD PTR DS:[EDI]
00401398 > 84C9 TEST CL,CL
0040139A . 74 3C JE SHORT xiaoxiku.004013D8
0040139C . 43 INC EBX
0040139D . 0FB60B MOVZX ECX,BYTE PTR DS:[EBX]
004013A0 . 80F9 20 CMP CL,20
004013A3 . 0F95C0 SETNE AL
004013A6 . 31D2 XOR EDX,EDX
004013A8 . 80F9 09 CMP CL,9
004013AB . 0F95C2 SETNE DL
004013AE . 85D0 TEST EAX,EDX
004013B0 .^ 75 E6 JNZ SHORT xiaoxiku.00401398
004013B2 . EB 24 JMP SHORT xiaoxiku.004013D8
004013B4 8D7426 00 LEA ESI,DWORD PTR DS:[ESI]
004013B8 > 43 INC EBX
004013B9 . 0FB60B MOVZX ECX,BYTE PTR DS:[EBX]
004013BC . 80F9 22 CMP CL,22
004013BF . 0F95C0 SETNE AL
004013C2 . 31D2 XOR EDX,EDX
004013C4 . 84C9 TEST CL,CL
004013C6 . 0F95C2 SETNE DL
004013C9 . 85D0 TEST EAX,EDX
004013CB .^ 75 EB JNZ SHORT xiaoxiku.004013B8
004013CD . 80F9 22 CMP CL,22
004013D0 . 74 66 JE SHORT xiaoxiku.00401438
004013D2 . 8DB6 00000000 LEA ESI,DWORD PTR DS:[ESI]
004013D8 > 80F9 20 CMP CL,20
004013DB . 0F94C0 SETE AL
004013DE . 80F9 09 CMP CL,9
004013E1 . 0F94C2 SETE DL
004013E4 . EB 10 JMP SHORT xiaoxiku.004013F6
004013E6 . 66:90 NOP
004013E8 > 43 INC EBX
004013E9 . 0FB603 MOVZX EAX,BYTE PTR DS:[EBX]
004013EC . 3C 20 CMP AL,20
004013EE . 0F94C2 SETE DL
004013F1 . 3C 09 CMP AL,9
004013F3 . 0F94C0 SETE AL
004013F6 > 09D0 OR EAX,EDX
004013F8 . A8 01 TEST AL,1
004013FA .^ 75 EC JNZ SHORT xiaoxiku.004013E8
004013FC > C70424 000000>MOV DWORD PTR SS:[ESP],0 ; |
00401403 . E8 F0050000 CALL <JMP.&KERNEL32.GetModuleHandleA> ; \GetModuleHandleA
我不知道从哪里分析,请各位大虾帮忙?
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR szCmdLine, int iCmdShow)
{
MessageBox(NULL,"世界你好","问好",MB_OK);
return 0 ;
}
我用c写的程序,用od调试出现了这么长的的代码:
00401000 /. 55 PUSH EBP
00401001 |. 89E5 MOV EBP,ESP
00401003 |. 83EC 18 SUB ESP,18
00401006 |. 895D F8 MOV DWORD PTR SS:[EBP-8],EBX
00401009 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0040100C |. 31DB XOR EBX,EBX
0040100E |. 8975 FC MOV DWORD PTR SS:[EBP-4],ESI
00401011 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00401013 |. 31F6 XOR ESI,ESI
00401015 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00401017 |. 3D 910000C0 CMP EAX,C0000091
0040101C |. 77 43 JA SHORT xiaoxiku.00401061
0040101E |. 3D 8D0000C0 CMP EAX,C000008D
00401023 |. 72 5B JB SHORT xiaoxiku.00401080
00401025 |> BE 01000000 MOV ESI,1
0040102A |> C70424 080000>MOV DWORD PTR SS:[ESP],8 ; |
00401031 |. 31D2 XOR EDX,EDX ; |
00401033 |. 895424 04 MOV DWORD PTR SS:[ESP+4],EDX ; |
00401037 |. E8 5C090000 CALL <JMP.&msvcrt.signal> ; \signal
0040103C |. 83F8 01 CMP EAX,1
0040103F |. 74 7A JE SHORT xiaoxiku.004010BB
00401041 |. 85C0 TEST EAX,EAX
00401043 |. 74 0E JE SHORT xiaoxiku.00401053
00401045 |. C70424 080000>MOV DWORD PTR SS:[ESP],8
0040104C |. FFD0 CALL EAX
0040104E |> BB FFFFFFFF MOV EBX,-1
00401053 |> 89D8 MOV EAX,EBX
00401055 |. 8B75 FC MOV ESI,DWORD PTR SS:[EBP-4]
00401058 |. 8B5D F8 MOV EBX,DWORD PTR SS:[EBP-8]
0040105B |. 89EC MOV ESP,EBP
0040105D |. 5D POP EBP
0040105E |. C2 0400 RETN 4
00401061 |> 3D 940000C0 CMP EAX,C0000094
00401066 |.^ 74 C2 JE SHORT xiaoxiku.0040102A
00401068 |. 77 4A JA SHORT xiaoxiku.004010B4
0040106A |. 3D 930000C0 CMP EAX,C0000093
0040106F |.^ 74 B4 JE SHORT xiaoxiku.00401025
00401071 |. 89D8 MOV EAX,EBX
00401073 |. 8B75 FC MOV ESI,DWORD PTR SS:[EBP-4]
00401076 |. 8B5D F8 MOV EBX,DWORD PTR SS:[EBP-8]
00401079 |. 89EC MOV ESP,EBP
0040107B |. 5D POP EBP
0040107C |. C2 0400 RETN 4
0040107F | 90 NOP
00401080 |> 3D 050000C0 CMP EAX,C0000005
00401085 |. 74 5B JE SHORT xiaoxiku.004010E2
00401087 |. 3D 1D0000C0 CMP EAX,C000001D
0040108C |>^ 75 C5 JNZ SHORT xiaoxiku.00401053 ; |
0040108E |. C70424 040000>MOV DWORD PTR SS:[ESP],4 ; |
00401095 |. 31F6 XOR ESI,ESI ; |
00401097 |. 897424 04 MOV DWORD PTR SS:[ESP+4],ESI ; |
0040109B |. E8 F8080000 CALL <JMP.&msvcrt.signal> ; \signal
004010A0 |. 83F8 01 CMP EAX,1
004010A3 |. 74 6A JE SHORT xiaoxiku.0040110F
004010A5 |. 85C0 TEST EAX,EAX
004010A7 |.^ 74 AA JE SHORT xiaoxiku.00401053
004010A9 |. C70424 040000>MOV DWORD PTR SS:[ESP],4
004010B0 |. FFD0 CALL EAX
004010B2 |.^ EB 9A JMP SHORT xiaoxiku.0040104E
004010B4 |> 3D 960000C0 CMP EAX,C0000096
004010B9 |.^ EB D1 JMP SHORT xiaoxiku.0040108C
004010BB |> C70424 080000>MOV DWORD PTR SS:[ESP],8 ; |
004010C2 |. B8 01000000 MOV EAX,1 ; |
004010C7 |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
004010CB |. E8 C8080000 CALL <JMP.&msvcrt.signal> ; \signal
004010D0 |. 85F6 TEST ESI,ESI
004010D2 |.^ 0F84 76FFFFFF JE xiaoxiku.0040104E
004010D8 |. E8 4B050000 CALL xiaoxiku.00401628
004010DD |.^ E9 6CFFFFFF JMP xiaoxiku.0040104E
004010E2 |> C70424 0B0000>MOV DWORD PTR SS:[ESP],0B ; |
004010E9 |. 31C0 XOR EAX,EAX ; |
004010EB |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
004010EF |. E8 A4080000 CALL <JMP.&msvcrt.signal> ; \signal
004010F4 |. 83F8 01 CMP EAX,1
004010F7 |. 74 30 JE SHORT xiaoxiku.00401129
004010F9 |. 85C0 TEST EAX,EAX
004010FB |.^ 0F84 52FFFFFF JE xiaoxiku.00401053
00401101 |. C70424 0B0000>MOV DWORD PTR SS:[ESP],0B
00401108 |. FFD0 CALL EAX
0040110A |.^ E9 3FFFFFFF JMP xiaoxiku.0040104E
0040110F |> C70424 040000>MOV DWORD PTR SS:[ESP],4 ; |
00401116 |. B9 01000000 MOV ECX,1 ; |
0040111B |. 894C24 04 MOV DWORD PTR SS:[ESP+4],ECX ; |
0040111F |. E8 74080000 CALL <JMP.&msvcrt.signal> ; \signal
00401124 |.^ E9 25FFFFFF JMP xiaoxiku.0040104E
00401129 |> C70424 0B0000>MOV DWORD PTR SS:[ESP],0B ; |
00401130 |. B8 01000000 MOV EAX,1 ; |
00401135 |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
00401139 |. E8 5A080000 CALL <JMP.&msvcrt.signal> ; \signal
0040113E \.^ E9 0BFFFFFF JMP xiaoxiku.0040104E
00401143 8DB6 00000000 LEA ESI,DWORD PTR DS:[ESI]
00401149 8D DB 8D
0040114A BC DB BC
0040114B 27 DB 27 ; CHAR '''
0040114C 00 DB 00
0040114D 00 DB 00
0040114E 00 DB 00
0040114F 00 DB 00
00401150 /$ 55 PUSH EBP
00401151 |. 89E5 MOV EBP,ESP
00401153 |. 53 PUSH EBX
00401154 |. 83EC 24 SUB ESP,24
00401157 |. C70424 001040>MOV DWORD PTR SS:[ESP],xiaoxiku.00401000 ; |
0040115E |. E8 8D080000 CALL <JMP.&KERNEL32.SetUnhandledExceptio>; \SetUnhandledExceptionFilter
00401163 |. 83EC 04 SUB ESP,4
00401166 |. E8 BD030000 CALL xiaoxiku.00401528
0040116B |. E8 B8040000 CALL xiaoxiku.00401628
00401170 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00401177 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0040117A |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
0040117E |. A1 00204000 MOV EAX,DWORD PTR DS:[402000]
00401183 |. C70424 044040>MOV DWORD PTR SS:[ESP],xiaoxiku.00404004
0040118A |. 894424 0C MOV DWORD PTR SS:[ESP+C],EAX
0040118E |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
00401191 |. 894424 08 MOV DWORD PTR SS:[ESP+8],EAX
00401195 |. B8 00404000 MOV EAX,xiaoxiku.00404000
0040119A |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX
0040119E |. E8 0D080000 CALL <JMP.&msvcrt.__getmainargs>
004011A3 |. A1 10404000 MOV EAX,DWORD PTR DS:[404010]
004011A8 |. 85C0 TEST EAX,EAX
004011AA |. 74 64 JE SHORT xiaoxiku.00401210
004011AC |. A3 10204000 MOV DWORD PTR DS:[402010],EAX
004011B1 |. 8B15 0C514000 MOV EDX,DWORD PTR DS:[<&msvcrt._iob>] ; msvcrt._iob
004011B7 |. 85D2 TEST EDX,EDX
004011B9 |. 0F85 A1000000 JNZ xiaoxiku.00401260
004011BF |> 83FA E0 CMP EDX,-20 ; |
004011C2 |. 74 1F JE SHORT xiaoxiku.004011E3 ; |
004011C4 |. A1 10404000 MOV EAX,DWORD PTR DS:[404010] ; |
004011C9 |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
004011CD |. A1 0C514000 MOV EAX,DWORD PTR DS:[<&msvcrt._iob>] ; |
004011D2 |. 8B40 30 MOV EAX,DWORD PTR DS:[EAX+30] ; |
004011D5 |. 890424 MOV DWORD PTR SS:[ESP],EAX ; |
004011D8 |. E8 CB070000 CALL <JMP.&msvcrt._setmode> ; \_setmode
004011DD |. 8B15 0C514000 MOV EDX,DWORD PTR DS:[<&msvcrt._iob>] ; msvcrt._iob
004011E3 |> 83FA C0 CMP EDX,-40 ; |
004011E6 |. 74 28 JE SHORT xiaoxiku.00401210 ; |
004011E8 |. A1 10404000 MOV EAX,DWORD PTR DS:[404010] ; |
004011ED |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
004011F1 |. A1 0C514000 MOV EAX,DWORD PTR DS:[<&msvcrt._iob>] ; |
004011F6 |. 8B40 50 MOV EAX,DWORD PTR DS:[EAX+50] ; |
004011F9 |. 890424 MOV DWORD PTR SS:[ESP],EAX ; |
004011FC |. E8 A7070000 CALL <JMP.&msvcrt._setmode> ; \_setmode
00401201 |. EB 0D JMP SHORT xiaoxiku.00401210
00401203 | 90 NOP
00401204 | 90 NOP
00401205 | 90 NOP
00401206 | 90 NOP
00401207 | 90 NOP
00401208 | 90 NOP
00401209 | 90 NOP
0040120A | 90 NOP
0040120B | 90 NOP
0040120C | 90 NOP
0040120D | 90 NOP
0040120E | 90 NOP
0040120F | 90 NOP
00401210 |> E8 8B070000 CALL <JMP.&msvcrt.__p__fmode>
00401215 |. 8B15 10204000 MOV EDX,DWORD PTR DS:[402010]
0040121B |. 8910 MOV DWORD PTR DS:[EAX],EDX
0040121D |. E8 D6020000 CALL xiaoxiku.004014F8
00401222 |. 83E4 F0 AND ESP,FFFFFFF0
00401225 |. E8 AE020000 CALL xiaoxiku.004014D8
0040122A |. E8 61070000 CALL <JMP.&msvcrt.__p__environ>
0040122F |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
00401231 |. 894424 08 MOV DWORD PTR SS:[ESP+8],EAX
00401235 |. A1 00404000 MOV EAX,DWORD PTR DS:[404000]
0040123A |. 894424 04 MOV DWORD PTR SS:[ESP+4],EAX
0040123E |. A1 04404000 MOV EAX,DWORD PTR DS:[404004]
00401243 |. 890424 MOV DWORD PTR SS:[ESP],EAX
00401246 |. E8 DD000000 CALL xiaoxiku.00401328
0040124B |. 89C3 MOV EBX,EAX ; |
0040124D |. E8 36070000 CALL <JMP.&msvcrt._cexit> ; |[msvcrt._cexit
00401252 |. 891C24 MOV DWORD PTR SS:[ESP],EBX ; |
00401255 |. E8 8E070000 CALL <JMP.&KERNEL32.ExitProcess> ; \ExitProcess
0040125A | 8DB6 00000000 LEA ESI,DWORD PTR DS:[ESI]
00401260 |> 894424 04 MOV DWORD PTR SS:[ESP+4],EAX ; |
00401264 |. A1 0C514000 MOV EAX,DWORD PTR DS:[<&msvcrt._iob>] ; |
00401269 |. 8B40 10 MOV EAX,DWORD PTR DS:[EAX+10] ; |
0040126C |. 890424 MOV DWORD PTR SS:[ESP],EAX ; |
0040126F |. E8 34070000 CALL <JMP.&msvcrt._setmode> ; \_setmode
00401274 |. 8B15 0C514000 MOV EDX,DWORD PTR DS:[<&msvcrt._iob>] ; msvcrt._iob
0040127A \.^ E9 40FFFFFF JMP xiaoxiku.004011BF
0040127F 90 NOP
00401280 55 DB 55 ; CHAR 'U'
00401281 89 DB 89
00401282 E5 DB E5
00401283 83 DB 83
00401284 EC DB EC
00401285 08 DB 08
00401286 C7 DB C7
00401287 04 DB 04
00401288 24 DB 24 ; CHAR '$'
00401289 01 DB 01
0040128A 00 DB 00
0040128B 00 DB 00
0040128C 00 DB 00
0040128D FF DB FF
0040128E 15 DB 15
0040128F 00514000 DD <&msvcrt.__set_app_type>
00401293 E8 DB E8
00401294 B8 DB B8
00401295 FE DB FE
00401296 FF DB FF
00401297 FF DB FF
00401298 90 NOP
00401299 8D DB 8D
0040129A B4 DB B4
0040129B 26 DB 26 ; CHAR '&'
0040129C 00 DB 00
0040129D 00 DB 00
0040129E 00 DB 00
0040129F 00 DB 00
004012A0 > $ 55 PUSH EBP
004012A1 . 89E5 MOV EBP,ESP
004012A3 . 83EC 08 SUB ESP,8
004012A6 . C70424 020000>MOV DWORD PTR SS:[ESP],2
004012AD . FF15 00514000 CALL DWORD PTR DS:[<&msvcrt.__set_app_ty>; msvcrt.__set_app_type
004012B3 . E8 98FEFFFF CALL xiaoxiku.00401150
004012B8 . 90 NOP
004012B9 . 8DB426 000000>LEA ESI,DWORD PTR DS:[ESI]
004012C0 $ 55 PUSH EBP
004012C1 . 8B0D 1C514000 MOV ECX,DWORD PTR DS:[<&msvcrt.atexit>] ; msvcrt.atexit
004012C7 . 89E5 MOV EBP,ESP
004012C9 . 5D POP EBP
004012CA . FFE1 JMP ECX
004012CC 8D7426 00 LEA ESI,DWORD PTR DS:[ESI]
004012D0 . 55 PUSH EBP
004012D1 . 8B0D 10514000 MOV ECX,DWORD PTR DS:[<&msvcrt._onexit>] ; msvcrt._onexit
004012D7 . 89E5 MOV EBP,ESP
004012D9 . 5D POP EBP
004012DA . FFE1 JMP ECX
004012DC 90 NOP
004012DD 90 NOP
004012DE 90 NOP
004012DF 90 NOP
004012E0 > 55 PUSH EBP
004012E1 . 89E5 MOV EBP,ESP
004012E3 . 5D POP EBP
004012E4 . E9 FF030000 JMP xiaoxiku.004016E8
004012E9 90 NOP
004012EA 90 NOP
004012EB 90 NOP
004012EC 90 NOP
004012ED 90 NOP
004012EE 90 NOP
004012EF 90 NOP
004012F0 /$ 55 PUSH EBP
004012F1 |. 89E5 MOV EBP,ESP
004012F3 |. 83EC 18 SUB ESP,18
004012F6 |. C74424 0C 000>MOV DWORD PTR SS:[ESP+C],0 ; |
004012FE |. C74424 08 003>MOV DWORD PTR SS:[ESP+8],xiaoxiku.004030>; |
00401306 |. C74424 04 053>MOV DWORD PTR SS:[ESP+4],xiaoxiku.004030>; |
0040130E |. C70424 000000>MOV DWORD PTR SS:[ESP],0 ; |
00401315 |. E8 C6060000 CALL <JMP.&USER32.MessageBoxA> ; \MessageBoxA
0040131A |. 83EC 10 SUB ESP,10
0040131D |. B8 00000000 MOV EAX,0
00401322 |. C9 LEAVE
00401323 \. C2 1000 RETN 10
00401326 90 NOP
00401327 90 NOP
00401328 $ 55 PUSH EBP
00401329 . B8 10000000 MOV EAX,10
0040132E . 89E5 MOV EBP,ESP
00401330 . 53 PUSH EBX
00401331 . 83EC 64 SUB ESP,64
00401334 . 83E4 F0 AND ESP,FFFFFFF0
00401337 . E8 1C060000 CALL xiaoxiku.00401958
0040133C . E8 97010000 CALL xiaoxiku.004014D8
00401341 . E8 C2060000 CALL <JMP.&KERNEL32.GetCommandLineA> ; |[GetCommandLineA
00401346 . 89C3 MOV EBX,EAX ; |
00401348 . 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58] ; |
0040134B . 890424 MOV DWORD PTR SS:[ESP],EAX ; |
0040134E . E8 AD060000 CALL <JMP.&KERNEL32.GetStartupInfoA> ; \GetStartupInfoA
00401353 . 83EC 04 SUB ESP,4
00401356 . 85DB TEST EBX,EBX
00401358 . 75 06 JNZ SHORT xiaoxiku.00401360
0040135A . E9 9D000000 JMP xiaoxiku.004013FC
0040135F > 43 INC EBX
00401360 > 0FB60B MOVZX ECX,BYTE PTR DS:[EBX]
00401363 . 80F9 20 CMP CL,20
00401366 . 0F94C0 SETE AL
00401369 . 80F9 09 CMP CL,9
0040136C . 0F94C2 SETE DL
0040136F . 09D0 OR EAX,EDX
00401371 . A8 01 TEST AL,1
00401373 .^ 75 EA JNZ SHORT xiaoxiku.0040135F
00401375 . 80F9 22 CMP CL,22
00401378 . 74 3E JE SHORT xiaoxiku.004013B8
0040137A . 80F9 20 CMP CL,20
0040137D . 0F95C0 SETNE AL
00401380 . 31D2 XOR EDX,EDX
00401382 . 80F9 09 CMP CL,9
00401385 . 0F95C2 SETNE DL
00401388 . 85D0 TEST EAX,EDX
0040138A . 74 4C JE SHORT xiaoxiku.004013D8
0040138C . 8DB6 00000000 LEA ESI,DWORD PTR DS:[ESI]
00401392 . 8DBF 00000000 LEA EDI,DWORD PTR DS:[EDI]
00401398 > 84C9 TEST CL,CL
0040139A . 74 3C JE SHORT xiaoxiku.004013D8
0040139C . 43 INC EBX
0040139D . 0FB60B MOVZX ECX,BYTE PTR DS:[EBX]
004013A0 . 80F9 20 CMP CL,20
004013A3 . 0F95C0 SETNE AL
004013A6 . 31D2 XOR EDX,EDX
004013A8 . 80F9 09 CMP CL,9
004013AB . 0F95C2 SETNE DL
004013AE . 85D0 TEST EAX,EDX
004013B0 .^ 75 E6 JNZ SHORT xiaoxiku.00401398
004013B2 . EB 24 JMP SHORT xiaoxiku.004013D8
004013B4 8D7426 00 LEA ESI,DWORD PTR DS:[ESI]
004013B8 > 43 INC EBX
004013B9 . 0FB60B MOVZX ECX,BYTE PTR DS:[EBX]
004013BC . 80F9 22 CMP CL,22
004013BF . 0F95C0 SETNE AL
004013C2 . 31D2 XOR EDX,EDX
004013C4 . 84C9 TEST CL,CL
004013C6 . 0F95C2 SETNE DL
004013C9 . 85D0 TEST EAX,EDX
004013CB .^ 75 EB JNZ SHORT xiaoxiku.004013B8
004013CD . 80F9 22 CMP CL,22
004013D0 . 74 66 JE SHORT xiaoxiku.00401438
004013D2 . 8DB6 00000000 LEA ESI,DWORD PTR DS:[ESI]
004013D8 > 80F9 20 CMP CL,20
004013DB . 0F94C0 SETE AL
004013DE . 80F9 09 CMP CL,9
004013E1 . 0F94C2 SETE DL
004013E4 . EB 10 JMP SHORT xiaoxiku.004013F6
004013E6 . 66:90 NOP
004013E8 > 43 INC EBX
004013E9 . 0FB603 MOVZX EAX,BYTE PTR DS:[EBX]
004013EC . 3C 20 CMP AL,20
004013EE . 0F94C2 SETE DL
004013F1 . 3C 09 CMP AL,9
004013F3 . 0F94C0 SETE AL
004013F6 > 09D0 OR EAX,EDX
004013F8 . A8 01 TEST AL,1
004013FA .^ 75 EC JNZ SHORT xiaoxiku.004013E8
004013FC > C70424 000000>MOV DWORD PTR SS:[ESP],0 ; |
00401403 . E8 F0050000 CALL <JMP.&KERNEL32.GetModuleHandleA> ; \GetModuleHandleA
我不知道从哪里分析,请各位大虾帮忙?
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
赞赏
他的文章
- [求助]我想通过c学习逆向分析 1171
- [求助][讨论]这样简单的函数,怎么调用这么多库函数? 1224
- [求助]反编译过来的代码如何分析 1434
看原图
赞赏
雪币:
留言: