[求助]gossw-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]gossw 0.00雪花

发表于: 2012-7-12 11:38 4404

[旧帖] [求助]gossw 0.00雪花

bbsphixy

2012-7-12 11:38

4404

0041D5E9 .  56          push esi
0041D5EA .  8BF1          mov esi,ecx
0041D5EC .  E8 2FC4FFFF call HY_壳.00419A20
0041D5F1 .  837C24 0C 00 cmp dword ptr ss:[esp+C],0
0041D5F6 .  75 05       jnz short HY_壳.0041D5FD
0041D5F8 .  25 FFFDFFFF and eax,FFFFFDFF
0041D5FD >  50          push eax
0041D5FE .  6A 00       push 0
0041D600 .  8BCE          mov ecx,esi
0041D602 .  E8 FFC3FFFF call HY_壳.00419A06
0041D607 .  50          push eax                      ; |Style
0041D608 .  FF7424 14    push dword ptr ss:[esp+14]    ; |pRect
0041D60C .  FF15 E4434A00  call dword ptr ds:[<&user32.Adju>; \AdjustWindowRectEx
0041D612 .  5E          pop esi
0041D613 .  C2 0800       retn 8
0041D616 .  B8 68564A00 mov eax,HY_壳.004A5668
0041D61B .  C3          retn
0041D61C /.  55          push ebp
0041D61D |.  8BEC          mov ebp,esp
0041D61F |.  FF75 1C       push dword ptr ss:[ebp+1C]
0041D622 |.  FF75 18       push dword ptr ss:[ebp+18]
0041D625 |.  FF75 14       push dword ptr ss:[ebp+14]
0041D628 |.  FF75 10       push dword ptr ss:[ebp+10]
0041D62B |.  FF75 0C       push dword ptr ss:[ebp+C]
0041D62E |.  E8 F1FCFFFF call HY_壳.0041D324
0041D633 |.  5D          pop ebp
0041D634 \.  C2 1800       retn 18
0041D637 .  8B4424 08    mov eax,dword ptr ss:[esp+8]
0041D63B .  85C0          test eax,eax
0041D63D .  75 07       jnz short HY_壳.0041D646
0041D63F .  B8 03400080 mov eax,80004003
0041D644 .  EB 08       jmp short HY_壳.0041D64E
0041D646 >  C700 01000000  mov dword ptr ds:[eax],1
0041D64C .  33C0          xor eax,eax
0041D64E >  C2 0800       retn 8
0041D651 .  8B4424 08    mov eax,dword ptr ss:[esp+8]
0041D655 .  85C0          test eax,eax
0041D657 .  75 07       jnz short HY_壳.0041D660
0041D659 .  B8 03400080 mov eax,80004003
0041D65E .  EB 08       jmp short HY_壳.0041D668
0041D660 >  8320 00       and dword ptr ds:[eax],0
0041D663 .  B8 01400080 mov eax,80004001
0041D668 >  C2 0800       retn 8
0041D66B .  8D41 28       lea eax,dword ptr ds:[ecx+28]
0041D66E .  8338 00       cmp dword ptr ds:[eax],0
0041D671 .  75 14       jnz short HY_壳.0041D687
0041D673 .  50          push eax
0041D674 .  68 D45A4A00 push HY_壳.004A5AD4
0041D679 .  6A FC       push -4
0041D67B .  FF71 20       push dword ptr ds:[ecx+20]
0041D67E .  E8 6F320300 call HY_壳.004508F2
0041D683 .  85C0          test eax,eax
0041D685 .  7C 02       jl short HY_壳.0041D689
0041D687 >  33C0          xor eax,eax
0041D689 >  C3          retn
0041D68A .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D68D .  FF7424 04    push dword ptr ss:[esp+4]
0041D691 .  8B08          mov ecx,dword ptr ds:[eax]
0041D693 .  50          push eax
0041D694 .  FF51 1C       call dword ptr ds:[ecx+1C]
0041D697 .  C2 0400       retn 4
0041D69A .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D69D .  FF7424 04    push dword ptr ss:[esp+4]
0041D6A1 .  8B08          mov ecx,dword ptr ds:[eax]
0041D6A3 .  50          push eax
0041D6A4 .  FF51 20       call dword ptr ds:[ecx+20]
0041D6A7 .  C2 0400       retn 4
0041D6AA .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D6AD .  56          push esi
0041D6AE .  8B08          mov ecx,dword ptr ds:[eax]
0041D6B0 .  57          push edi
0041D6B1 .  FF7424 1C    push dword ptr ss:[esp+1C]
0041D6B5 .  8D7424 10    lea esi,dword ptr ss:[esp+10]
0041D6B9 .  83EC 10       sub esp,10
0041D6BC .  8BFC          mov edi,esp
0041D6BE .  A5          movs dword ptr es:[edi],dword pt>
0041D6BF .  A5          movs dword ptr es:[edi],dword pt>
0041D6C0 .  A5          movs dword ptr es:[edi],dword pt>
0041D6C1 .  50          push eax
0041D6C2 .  A5          movs dword ptr es:[edi],dword pt>
0041D6C3 .  FF51 24       call dword ptr ds:[ecx+24]
0041D6C6 .  5F          pop edi
0041D6C7 .  5E          pop esi
0041D6C8 .  C2 1400       retn 14
0041D6CB .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D6CE .  56          push esi
0041D6CF .  8B08          mov ecx,dword ptr ds:[eax]
0041D6D1 .  57          push edi
0041D6D2 .  FF7424 1C    push dword ptr ss:[esp+1C]
0041D6D6 .  8D7424 10    lea esi,dword ptr ss:[esp+10]
0041D6DA .  83EC 10       sub esp,10
0041D6DD .  8BFC          mov edi,esp
0041D6DF .  A5          movs dword ptr es:[edi],dword pt>
0041D6E0 .  A5          movs dword ptr es:[edi],dword pt>
0041D6E1 .  A5          movs dword ptr es:[edi],dword pt>
0041D6E2 .  50          push eax
0041D6E3 .  A5          movs dword ptr es:[edi],dword pt>
0041D6E4 .  FF51 28       call dword ptr ds:[ecx+28]
0041D6E7 .  5F          pop edi
0041D6E8 .  5E          pop esi
0041D6E9 .  C2 1400       retn 14
0041D6EC .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D6EF .  56          push esi
0041D6F0 .  8B08          mov ecx,dword ptr ds:[eax]
0041D6F2 .  57          push edi
0041D6F3 .  FF7424 1C    push dword ptr ss:[esp+1C]
0041D6F7 .  8D7424 10    lea esi,dword ptr ss:[esp+10]
0041D6FB .  83EC 10       sub esp,10
0041D6FE .  8BFC          mov edi,esp
0041D700 .  A5          movs dword ptr es:[edi],dword pt>
0041D701 .  A5          movs dword ptr es:[edi],dword pt>
0041D702 .  A5          movs dword ptr es:[edi],dword pt>
0041D703 .  50          push eax
0041D704 .  A5          movs dword ptr es:[edi],dword pt>
0041D705 .  FF51 2C       call dword ptr ds:[ecx+2C]
0041D708 .  5F          pop edi
0041D709 .  5E          pop esi
0041D70A .  C2 1400       retn 14
0041D70D .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D710 .  56          push esi
0041D711 .  8B08          mov ecx,dword ptr ds:[eax]
0041D713 .  57          push edi
0041D714 .  FF7424 1C    push dword ptr ss:[esp+1C]
0041D718 .  8D7424 10    lea esi,dword ptr ss:[esp+10]
0041D71C .  83EC 10       sub esp,10
0041D71F .  8BFC          mov edi,esp
0041D721 .  A5          movs dword ptr es:[edi],dword pt>
0041D722 .  A5          movs dword ptr es:[edi],dword pt>
0041D723 .  A5          movs dword ptr es:[edi],dword pt>
0041D724 .  50          push eax
0041D725 .  A5          movs dword ptr es:[edi],dword pt>
0041D726 .  FF51 30       call dword ptr ds:[ecx+30]
0041D729 .  5F          pop edi
0041D72A .  5E          pop esi
0041D72B .  C2 1400       retn 14
0041D72E .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D731 .  56          push esi
0041D732 .  8B08          mov ecx,dword ptr ds:[eax]
0041D734 .  57          push edi
0041D735 .  FF7424 1C    push dword ptr ss:[esp+1C]
0041D739 .  8D7424 10    lea esi,dword ptr ss:[esp+10]
0041D73D .  83EC 10       sub esp,10
0041D740 .  8BFC          mov edi,esp
0041D742 .  A5          movs dword ptr es:[edi],dword pt>
0041D743 .  A5          movs dword ptr es:[edi],dword pt>
0041D744 .  A5          movs dword ptr es:[edi],dword pt>
0041D745 .  50          push eax
0041D746 .  A5          movs dword ptr es:[edi],dword pt>
0041D747 .  FF51 34       call dword ptr ds:[ecx+34]
0041D74A .  5F          pop edi
0041D74B .  5E          pop esi
0041D74C .  C2 1400       retn 14
0041D74F .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D752 .  56          push esi
0041D753 .  8B08          mov ecx,dword ptr ds:[eax]
0041D755 .  57          push edi
0041D756 .  FF7424 1C    push dword ptr ss:[esp+1C]
0041D75A .  8D7424 10    lea esi,dword ptr ss:[esp+10]
0041D75E .  83EC 10       sub esp,10
0041D761 .  8BFC          mov edi,esp
0041D763 .  A5          movs dword ptr es:[edi],dword pt>
0041D764 .  A5          movs dword ptr es:[edi],dword pt>
0041D765 .  A5          movs dword ptr es:[edi],dword pt>
0041D766 .  50          push eax
0041D767 .  A5          movs dword ptr es:[edi],dword pt>
0041D768 .  FF51 38       call dword ptr ds:[ecx+38]
0041D76B .  5F          pop edi
0041D76C .  5E          pop esi
0041D76D .  C2 1400       retn 14
0041D770 .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D773 .  56          push esi
0041D774 .  8B08          mov ecx,dword ptr ds:[eax]
0041D776 .  57          push edi
0041D777 .  FF7424 1C    push dword ptr ss:[esp+1C]
0041D77B .  8D7424 10    lea esi,dword ptr ss:[esp+10]
0041D77F .  83EC 10       sub esp,10
0041D782 .  8BFC          mov edi,esp
0041D784 .  A5          movs dword ptr es:[edi],dword pt>
0041D785 .  A5          movs dword ptr es:[edi],dword pt>
0041D786 .  A5          movs dword ptr es:[edi],dword pt>
0041D787 .  50          push eax
0041D788 .  A5          movs dword ptr es:[edi],dword pt>
0041D789 .  FF51 3C       call dword ptr ds:[ecx+3C]
0041D78C .  5F          pop edi
0041D78D .  5E          pop esi
0041D78E .  C2 1400       retn 14
0041D791 .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D794 .  56          push esi
0041D795 .  57          push edi
0041D796 .  FF7424 20    push dword ptr ss:[esp+20]
0041D79A .  8B08          mov ecx,dword ptr ds:[eax]
0041D79C .  83EC 10       sub esp,10
0041D79F .  8BFC          mov edi,esp
0041D7A1 .  FF7424 20    push dword ptr ss:[esp+20]
0041D7A5 .  8D7424 28    lea esi,dword ptr ss:[esp+28]
0041D7A9 .  A5          movs dword ptr es:[edi],dword pt>
0041D7AA .  A5          movs dword ptr es:[edi],dword pt>
0041D7AB .  A5          movs dword ptr es:[edi],dword pt>
0041D7AC .  50          push eax
0041D7AD .  A5          movs dword ptr es:[edi],dword pt>
0041D7AE .  FF51 40       call dword ptr ds:[ecx+40]
0041D7B1 .  5F          pop edi
0041D7B2 .  5E          pop esi
0041D7B3 .  C2 1800       retn 18
0041D7B6 .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D7B9 .  56          push esi
0041D7BA .  8B08          mov ecx,dword ptr ds:[eax]
0041D7BC .  57          push edi
0041D7BD .  FF7424 1C    push dword ptr ss:[esp+1C]
0041D7C1 .  8D7424 10    lea esi,dword ptr ss:[esp+10]
0041D7C5 .  83EC 10       sub esp,10
0041D7C8 .  8BFC          mov edi,esp
0041D7CA .  A5          movs dword ptr es:[edi],dword pt>
0041D7CB .  A5          movs dword ptr es:[edi],dword pt>
0041D7CC .  A5          movs dword ptr es:[edi],dword pt>
0041D7CD .  50          push eax
0041D7CE .  A5          movs dword ptr es:[edi],dword pt>
0041D7CF .  FF51 44       call dword ptr ds:[ecx+44]
0041D7D2 .  5F          pop edi
0041D7D3 .  5E          pop esi
0041D7D4 .  C2 1400       retn 14
0041D7D7 .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D7DA .  FF7424 04    push dword ptr ss:[esp+4]
0041D7DE .  8B08          mov ecx,dword ptr ds:[eax]
0041D7E0 .  50          push eax
0041D7E1 .  FF51 48       call dword ptr ds:[ecx+48]
0041D7E4 .  C2 0400       retn 4
0041D7E7 .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D7EA .  FF7424 04    push dword ptr ss:[esp+4]
0041D7EE .  8B08          mov ecx,dword ptr ds:[eax]
0041D7F0 .  50          push eax
0041D7F1 .  FF51 4C       call dword ptr ds:[ecx+4C]
0041D7F4 .  C2 0400       retn 4
0041D7F7 .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D7FA .  56          push esi
0041D7FB .  8B08          mov ecx,dword ptr ds:[eax]
0041D7FD .  57          push edi
0041D7FE .  FF7424 1C    push dword ptr ss:[esp+1C]
0041D802 .  8D7424 10    lea esi,dword ptr ss:[esp+10]
0041D806 .  83EC 10       sub esp,10
0041D809 .  8BFC          mov edi,esp
0041D80B .  A5          movs dword ptr es:[edi],dword pt>
0041D80C .  A5          movs dword ptr es:[edi],dword pt>
0041D80D .  A5          movs dword ptr es:[edi],dword pt>
0041D80E .  50          push eax
0041D80F .  A5          movs dword ptr es:[edi],dword pt>
0041D810 .  FF51 50       call dword ptr ds:[ecx+50]
0041D813 .  5F          pop edi
0041D814 .  5E          pop esi
0041D815 .  C2 1400       retn 14
0041D818 .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D81B .  8B08          mov ecx,dword ptr ds:[eax]
0041D81D .  56          push esi
0041D81E .  57          push edi
0041D81F .  83EC 10       sub esp,10
0041D822 .  8BFC          mov edi,esp
0041D824 .  FF7424 1C    push dword ptr ss:[esp+1C]
0041D828 .  8D7424 24    lea esi,dword ptr ss:[esp+24]
0041D82C .  A5          movs dword ptr es:[edi],dword pt>
0041D82D .  A5          movs dword ptr es:[edi],dword pt>
0041D82E .  A5          movs dword ptr es:[edi],dword pt>
0041D82F .  50          push eax
0041D830 .  A5          movs dword ptr es:[edi],dword pt>
0041D831 .  FF51 54       call dword ptr ds:[ecx+54]
0041D834 .  5F          pop edi
0041D835 .  5E          pop esi
0041D836 .  C2 1400       retn 14
0041D839 /.  55          push ebp
0041D83A |.  8BEC          mov ebp,esp
0041D83C |.  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D83F |.  56          push esi
0041D840 |.  8B08          mov ecx,dword ptr ds:[eax]
0041D842 |.  57          push edi
0041D843 |.  83EC 10       sub esp,10
0041D846 |.  8BFC          mov edi,esp
0041D848 |.  FF75 14       push dword ptr ss:[ebp+14]
0041D84B |.  8D75 18       lea esi,dword ptr ss:[ebp+18]
0041D84E |.  FF75 10       push dword ptr ss:[ebp+10]
0041D851 |.  A5          movs dword ptr es:[edi],dword pt>
0041D852 |.  FF75 0C       push dword ptr ss:[ebp+C]
0041D855 |.  A5          movs dword ptr es:[edi],dword pt>
0041D856 |.  FF75 08       push dword ptr ss:[ebp+8]
0041D859 |.  A5          movs dword ptr es:[edi],dword pt>
0041D85A |.  50          push eax
0041D85B |.  A5          movs dword ptr es:[edi],dword pt>
0041D85C |.  FF51 58       call dword ptr ds:[ecx+58]
0041D85F |.  5F          pop edi
0041D860 |.  5E          pop esi
0041D861 |.  5D          pop ebp
0041D862 \.  C2 2000       retn 20
0041D865 .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D868 .  56          push esi
0041D869 .  57          push edi
0041D86A .  FF7424 20    push dword ptr ss:[esp+20]
0041D86E .  8B08          mov ecx,dword ptr ds:[eax]
0041D870 .  83EC 10       sub esp,10
0041D873 .  8BFC          mov edi,esp
0041D875 .  FF7424 20    push dword ptr ss:[esp+20]
0041D879 .  8D7424 28    lea esi,dword ptr ss:[esp+28]
0041D87D .  A5          movs dword ptr es:[edi],dword pt>
0041D87E .  A5          movs dword ptr es:[edi],dword pt>
0041D87F .  A5          movs dword ptr es:[edi],dword pt>
0041D880 .  50          push eax
0041D881 .  A5          movs dword ptr es:[edi],dword pt>
0041D882 .  FF51 5C       call dword ptr ds:[ecx+5C]
0041D885 .  5F          pop edi
0041D886 .  5E          pop esi
0041D887 .  C2 1800       retn 18
0041D88A .  FF7424 0C    push dword ptr ss:[esp+C]
0041D88E .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D891 .  FF7424 0C    push dword ptr ss:[esp+C]
0041D895 .  8B08          mov ecx,dword ptr ds:[eax]
0041D897 .  FF7424 0C    push dword ptr ss:[esp+C]
0041D89B .  50          push eax
0041D89C .  FF51 60       call dword ptr ds:[ecx+60]
0041D89F .  C2 0C00       retn 0C
0041D8A2 .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D8A5 .  8B08          mov ecx,dword ptr ds:[eax]
0041D8A7 .  56          push esi
0041D8A8 .  57          push edi
0041D8A9 .  83EC 10       sub esp,10
0041D8AC .  8BFC          mov edi,esp
0041D8AE .  8D7424 1C    lea esi,dword ptr ss:[esp+1C]
0041D8B2 .  A5          movs dword ptr es:[edi],dword pt>
0041D8B3 .  A5          movs dword ptr es:[edi],dword pt>
0041D8B4 .  A5          movs dword ptr es:[edi],dword pt>
0041D8B5 .  50          push eax
0041D8B6 .  A5          movs dword ptr es:[edi],dword pt>
0041D8B7 .  FF51 64       call dword ptr ds:[ecx+64]
0041D8BA .  5F          pop edi
0041D8BB .  5E          pop esi
0041D8BC .  C2 1000       retn 10
0041D8BF .  8B41 28       mov eax,dword ptr ds:[ecx+28]
0041D8C2 .  56          push esi
0041D8C3 .  8B08          mov ecx,dword ptr ds:[eax]
0041D8C5 .  57          push edi
0041D8C6 .  FF7424 1C    push dword ptr ss:[esp+1C]
0041D8CA .  8D7424 10    lea esi,dword ptr ss:[esp+10]
0041D8CE .  83EC 10       sub esp,10
0041D8D1 .  8BFC          mov edi,esp
0041D8D3 .  A5          movs dword ptr es:[edi],dword pt>
0041D8D4 .  A5          movs dword ptr es:[edi],dword pt>
0041D8D5 .  A5          movs dword ptr es:[edi],dword pt>
0041D8D6 .  50          push eax
0041D8D7 .  A5          movs dword ptr es:[edi],dword pt>
0041D8D8 .  FF51 68       call dword ptr ds:[ecx+68]
0041D8DB .  5F          pop edi
0041D8DC .  5E          pop esi
0041D8DD .  C2 1400       retn 14
0041D8E0 .  8B4424 04    mov eax,dword ptr ss:[esp+4]
0041D8E4 .  8941 2C       mov dword ptr ds:[ecx+2C],eax
0041D8E7 .  33C0          xor eax,eax
0041D8E9 .  C2 0400       retn 4
0041D8EC .  33C0          xor eax,eax
0041D8EE .  40          inc eax
0041D8EF .  C3          retn
0041D8F0 /$  8B5424 04    mov edx,dword ptr ss:[esp+4]
0041D8F4 |.  8B42 04       mov eax,dword ptr ds:[edx+4]
0041D8F7 |.  3D 00010000 cmp eax,100
0041D8FC |.  72 07       jb short HY_壳.0041D905
0041D8FE |.  3D 09010000 cmp eax,109
0041D903 |.  76 0E       jbe short HY_壳.0041D913
0041D905 |>  3D 00020000 cmp eax,200
0041D90A |.  72 0F       jb short HY_壳.0041D91B
0041D90C |.  3D 09020000 cmp eax,209
0041D911 |.  77 08       ja short HY_壳.0041D91B
0041D913 |>  52          push edx
0041D914 |.  E8 BBC0FFFF call HY_壳.004199D4
0041D919 |.  EB 02       jmp short HY_壳.0041D91D
0041D91B |>  33C0          xor eax,eax
0041D91D \>  C2 0400       retn 4
0041D920 /$  FF7424 04    push dword ptr ss:[esp+4]
0041D924 |.  E8 C2A8FFFF call HY_壳.004181EB
0041D929 |.  59          pop ecx
0041D92A \.  C2 0800       retn 8
0041D92D .  8B41 3C       mov eax,dword ptr ds:[ecx+3C]
0041D930 .  83E0 10       and eax,10
0041D933 .  C3          retn
0041D934 .  33C0          xor eax,eax
0041D936 .  C3          retn
0041D937 /$  8B81 A8000000  mov eax,dword ptr ds:[ecx+A8]
0041D93D |.  85C0          test eax,eax
0041D93F |.  74 12       je short HY_壳.0041D953
0041D941 |.  3D 02E00000 cmp eax,0E002
0041D946 |.  74 0B       je short HY_壳.0041D953
0041D948 |.  3D 01E00000 cmp eax,0E001
0041D94D |.  74 04       je short HY_壳.0041D953
0041D94F |.  33C0          xor eax,eax
0041D951 |.  40          inc eax
0041D952 |.  C3          retn
0041D953 |>  33C0          xor eax,eax
0041D955 \.  C3          retn
0041D956 .  8B4424 04    mov eax,dword ptr ss:[esp+4]
0041D95A .  85C0          test eax,eax
0041D95C .  75 05       jnz short HY_壳.0041D963
0041D95E .  E8 42510000 call HY_壳.00422AA5
0041D963 >  8320 00       and dword ptr ds:[eax],0
0041D966 .  33C0          xor eax,eax
0041D968 .  40          inc eax
0041D969 .  C2 0400       retn 4
0041D96C .  8B4424 08    mov eax,dword ptr ss:[esp+8]
0041D970 .  85C0          test eax,eax
0041D972 .  75 05       jnz short HY_壳.0041D979
0041D974 .  E8 2C510000 call HY_壳.00422AA5
0041D979 >  8320 00       and dword ptr ds:[eax],0
0041D97C .  33C0          xor eax,eax
0041D97E .  40          inc eax
0041D97F .  C2 1000       retn 10
0041D982 /$  8B41 4C       mov eax,dword ptr ds:[ecx+4C]
0041D985 \.  C3          retn
0041D986 .  B8 70564A00 mov eax,HY_壳.004A5670
0041D98B .  C3          retn
0041D98C .  6A 04       push 4
0041D98E .  B8 819C4900 mov eax,HY_壳.00499C81
0041D993 .  E8 EB000200 call HY_壳.0043DA83
0041D998 .  68 04010000 push 104
0041D99D .  E8 F85F0100 call HY_壳.0043399A
0041D9A2 .  8BC8          mov ecx,eax
0041D9A4 .  894D F0       mov dword ptr ss:[ebp-10],ecx
0041D9A7 .  33C0          xor eax,eax
0041D9A9 .  3BC8          cmp ecx,eax
0041D9AB .  8945 FC       mov dword ptr ss:[ebp-4],eax
0041D9AE .  74 05       je short HY_壳.0041D9B5
0041D9B0 .  E8 46C80000 call HY_壳.0042A1FB
0041D9B5 >  E8 A1010200 call HY_壳.0043DB5B
0041D9BA .  C3          retn
0041D9BB /$  6A 14       push 14
0041D9BD |.  68 48D14B00 push HY_壳.004BD148
0041D9C2 |.  E8 89050200 call HY_壳.0043DF50
0041D9C7 |.  33F6          xor esi,esi
0041D9C9 |.  8975 E0       mov dword ptr ss:[ebp-20],esi
0041D9CC |.  8D45 E0       lea eax,dword ptr ss:[ebp-20]
0041D9CF |.  50          push eax
0041D9D0 |.  E8 A1CE0000 call HY_壳.0042A876
0041D9D5 |.  FFB0 80000000  push dword ptr ds:[eax+80]
0041D9DB |.  E8 C9C60000 call HY_壳.0042A0A9
0041D9E0 |.  8945 DC       mov dword ptr ss:[ebp-24],eax
0041D9E3 |.  8975 E4       mov dword ptr ss:[ebp-1C],esi
0041D9E6 |.  3BC6          cmp eax,esi
0041D9E8 |.  75 05       jnz short HY_壳.0041D9EF
0041D9EA |.  66:33C0       xor ax,ax
0041D9ED |.  EB 22       jmp short HY_壳.0041DA11
0041D9EF |>  8975 FC       mov dword ptr ss:[ebp-4],esi
0041D9F2 |.  FF75 08       push dword ptr ss:[ebp+8]       ; /pWndClass
0041D9F5 |.  FF15 E0434A00  call dword ptr ds:[<&user32.Regi>; \RegisterClassA
0041D9FB |.  0FB7C0       movzx eax,ax
0041D9FE |.  8945 E4       mov dword ptr ss:[ebp-1C],eax
0041DA01 |.  C745 FC FEFFFF>mov dword ptr ss:[ebp-4],-2
0041DA08 |.  E8 0A000000 call HY_壳.0041DA17
0041DA0D |.  66:8B45 E4    mov ax,word ptr ss:[ebp-1C]
0041DA11 |>  E8 7F050200 call HY_壳.0043DF95
0041DA16 \.  C3          retn
0041DA17 /$  837D DC 02    cmp dword ptr ss:[ebp-24],2
0041DA1B |.  74 30       je short HY_壳.0041DA4D
0041DA1D |.  33C0          xor eax,eax
0041DA1F |.  66:3945 E4    cmp word ptr ss:[ebp-1C],ax
0041DA23 |.  0F94C0       sete al
0041DA26 |.  8BF0          mov esi,eax
0041DA28 |.  85F6          test esi,esi
0041DA2A |.  74 0A       je short HY_壳.0041DA36
0041DA2C |.  FF15 9C424A00  call dword ptr ds:[<&kernel32.Ge>; [GetLastError
0041DA32 |.  8BF8          mov edi,eax
0041DA34 |.  EB 02       jmp short HY_壳.0041DA38
0041DA36 |>  33FF          xor edi,edi
0041DA38 |>  FF75 E0       push dword ptr ss:[ebp-20]
0041DA3B |.  6A 00       push 0
0041DA3D |.  E8 57C60000 call HY_壳.0042A099
0041DA42 |.  85F6          test esi,esi
0041DA44 |.  74 07       je short HY_壳.0041DA4D
0041DA46 |.  57          push edi
0041DA47 |.  FF15 90424A00  call dword ptr ds:[<&kernel32.Re>;  ntdll.RtlSetLastWin32Error
0041DA4D \>  C3          retn
0041DA4E /$  6A 14       push 14
0041DA50 |.  68 68D14B00 push HY_壳.004BD168
0041DA55 |.  E8 F6040200 call HY_壳.0043DF50
0041DA5A |.  33DB          xor ebx,ebx
0041DA5C |.  895D E0       mov dword ptr ss:[ebp-20],ebx
0041DA5F |.  8D45 E0       lea eax,dword ptr ss:[ebp-20]
0041DA62 |.  50          push eax
0041DA63 |.  E8 0ECE0000 call HY_壳.0042A876
0041DA68 |.  FFB0 80000000  push dword ptr ds:[eax+80]
0041DA6E |.  E8 36C60000 call HY_壳.0042A0A9
0041DA73 |.  8945 DC       mov dword ptr ss:[ebp-24],eax
0041DA76 |.  895D E4       mov dword ptr ss:[ebp-1C],ebx
0041DA79 |.  3BC3          cmp eax,ebx
0041DA7B |.  75 04       jnz short HY_壳.0041DA81
0041DA7D |.  33C0          xor eax,eax
0041DA7F |.  EB 24       jmp short HY_壳.0041DAA5
0041DA81 |>  895D FC       mov dword ptr ss:[ebp-4],ebx
0041DA84 |.  FF75 10       push dword ptr ss:[ebp+10]    ; /pWndClass
0041DA87 |.  FF75 0C       push dword ptr ss:[ebp+C]       ; |Class
0041DA8A |.  FF75 08       push dword ptr ss:[ebp+8]       ; |hInst
0041DA8D |.  FF15 DC434A00  call dword ptr ds:[<&user32.GetC>; \GetClassInfoA
0041DA93 |.  8945 E4       mov dword ptr ss:[ebp-1C],eax
0041DA96 |.  C745 FC FEFFFF>mov dword ptr ss:[ebp-4],-2
0041DA9D |.  E8 0B000000 call HY_壳.0041DAAD
0041DAA2 |.  8B45 E4       mov eax,dword ptr ss:[ebp-1C]
0041DAA5 |>  E8 EB040200 call HY_壳.0043DF95
0041DAAA \.  C3          retn
0041DAAB    33          db 33                         ;  CHAR '3'
0041DAAC    DB          db DB
0041DAAD /$  837D DC 02    cmp dword ptr ss:[ebp-24],2
0041DAB1 |.  74 2E       je short HY_壳.0041DAE1
0041DAB3 |.  33C0          xor eax,eax
0041DAB5 |.  395D E4       cmp dword ptr ss:[ebp-1C],ebx
0041DAB8 |.  0F94C0       sete al
0041DABB |.  8BF0          mov esi,eax
0041DABD |.  3BF3          cmp esi,ebx
0041DABF |.  74 0A       je short HY_壳.0041DACB
0041DAC1 |.  FF15 9C424A00  call dword ptr ds:[<&kernel32.Ge>; [GetLastError
0041DAC7 |.  8BF8          mov edi,eax
0041DAC9 |.  EB 02       jmp short HY_壳.0041DACD
0041DACB |>  33FF          xor edi,edi
0041DACD |>  FF75 E0       push dword ptr ss:[ebp-20]
0041DAD0 |.  53          push ebx
0041DAD1 |.  E8 C3C50000 call HY_壳.0042A099
0041DAD6 |.  3BF3          cmp esi,ebx
0041DAD8 |.  74 07       je short HY_壳.0041DAE1
0041DADA |.  57          push edi
0041DADB |.  FF15 90424A00  call dword ptr ds:[<&kernel32.Re>;  ntdll.RtlSetLastWin32Error
0041DAE1 \>  C3          retn
0041DAE2 /$  6A 14       push 14
0041DAE4 |.  68 88D14B00 push HY_壳.004BD188
0041DAE9 |.  E8 62040200 call HY_壳.0043DF50
0041DAEE |.  33DB          xor ebx,ebx
0041DAF0 |.  895D E0       mov dword ptr ss:[ebp-20],ebx
0041DAF3 |.  8D45 E0       lea eax,dword ptr ss:[ebp-20]
0041DAF6 |.  50          push eax
0041DAF7 |.  E8 7ACD0000 call HY_壳.0042A876
0041DAFC |.  FFB0 80000000  push dword ptr ds:[eax+80]
0041DB02 |.  E8 A2C50000 call HY_壳.0042A0A9
0041DB07 |.  8945 DC       mov dword ptr ss:[ebp-24],eax
0041DB0A |.  895D E4       mov dword ptr ss:[ebp-1C],ebx
0041DB0D |.  3BC3          cmp eax,ebx
0041DB0F |.  75 04       jnz short HY_壳.0041DB15
0041DB11 |.  33C0          xor eax,eax
0041DB13 |.  EB 24       jmp short HY_壳.0041DB39
0041DB15 |>  895D FC       mov dword ptr ss:[ebp-4],ebx
0041DB18 |.  FF75 10       push dword ptr ss:[ebp+10]    ; /pWndClassEx
0041DB1B |.  FF75 0C       push dword ptr ss:[ebp+C]       ; |Class
0041DB1E |.  FF75 08       push dword ptr ss:[ebp+8]       ; |hInst
0041DB21 |.  FF15 D8434A00  call dword ptr ds:[<&user32.GetC>; \GetClassInfoExA
0041DB27 |.  8945 E4       mov dword ptr ss:[ebp-1C],eax
0041DB2A |.  C745 FC FEFFFF>mov dword ptr ss:[ebp-4],-2
0041DB31 |.  E8 0B000000 call HY_壳.0041DB41
0041DB36 |.  8B45 E4       mov eax,dword ptr ss:[ebp-1C]
0041DB39 |>  E8 57040200 call HY_壳.0043DF95
0041DB3E \.  C3          retn
0041DB3F    33          db 33                         ;  CHAR '3'
0041DB40    DB          db DB
0041DB41 /$  837D DC 02    cmp dword ptr ss:[ebp-24],2
0041DB45 |.  74 2E       je short HY_壳.0041DB75
0041DB47 |.  33C0          xor eax,eax
0041DB49 |.  395D E4       cmp dword ptr ss:[ebp-1C],ebx
0041DB4C |.  0F94C0       sete al
0041DB4F |.  8BF0          mov esi,eax
0041DB51 |.  3BF3          cmp esi,ebx
0041DB53 |.  74 0A       je short HY_壳.0041DB5F
0041DB55 |.  FF15 9C424A00  call dword ptr ds:[<&kernel32.Ge>; [GetLastError
0041DB5B |.  8BF8          mov edi,eax
0041DB5D |.  EB 02       jmp short HY_壳.0041DB61
0041DB5F |>  33FF          xor edi,edi
0041DB61 |>  FF75 E0       push dword ptr ss:[ebp-20]
0041DB64 |.  53          push ebx
0041DB65 |.  E8 2FC50000 call HY_壳.0042A099
0041DB6A |.  3BF3          cmp esi,ebx
0041DB6C |.  74 07       je short HY_壳.0041DB75
0041DB6E |.  57          push edi
0041DB6F |.  FF15 90424A00  call dword ptr ds:[<&kernel32.Re>;  ntdll.RtlSetLastWin32Error
0041DB75 \>  C3          retn
0041DB76 /$  6A 14       push 14
0041DB78 |.  68 A8D14B00 push HY_壳.004BD1A8
0041DB7D |.  E8 CE030200 call HY_壳.0043DF50
0041DB82 |.  33DB          xor ebx,ebx
0041DB84 |.  895D E0       mov dword ptr ss:[ebp-20],ebx
0041DB87 |.  8D45 E0       lea eax,dword ptr ss:[ebp-20]
0041DB8A |.  50          push eax
0041DB8B |.  E8 E6CC0000 call HY_壳.0042A876
0041DB90 |.  FFB0 80000000  push dword ptr ds:[eax+80]
0041DB96 |.  E8 0EC50000 call HY_壳.0042A0A9
0041DB9B |.  8945 DC       mov dword ptr ss:[ebp-24],eax
0041DB9E |.  895D E4       mov dword ptr ss:[ebp-1C],ebx
0041DBA1 |.  3BC3          cmp eax,ebx
0041DBA3 |.  75 04       jnz short HY_壳.0041DBA9
0041DBA5 |.  33C0          xor eax,eax
0041DBA7 |.  EB 3F       jmp short HY_壳.0041DBE8
0041DBA9 |>  895D FC       mov dword ptr ss:[ebp-4],ebx
0041DBAC |.  FF75 34       push dword ptr ss:[ebp+34]    ; /lParam
0041DBAF |.  FF75 30       push dword ptr ss:[ebp+30]    ; |hInst
0041DBB2 |.  FF75 2C       push dword ptr ss:[ebp+2C]    ; |hMenu
0041DBB5 |.  FF75 28       push dword ptr ss:[ebp+28]    ; |hParent
0041DBB8 |.  FF75 24       push dword ptr ss:[ebp+24]    ; |Height
0041DBBB |.  FF75 20       push dword ptr ss:[ebp+20]    ; |Width
0041DBBE |.  FF75 1C       push dword ptr ss:[ebp+1C]    ; |Y
0041DBC1 |.  FF75 18       push dword ptr ss:[ebp+18]    ; |X
0041DBC4 |.  FF75 14       push dword ptr ss:[ebp+14]    ; |Style
0041DBC7 |.  FF75 10       push dword ptr ss:[ebp+10]    ; |WindowName
0041DBCA |.  FF75 0C       push dword ptr ss:[ebp+C]       ; |Class
0041DBCD |.  FF75 08       push dword ptr ss:[ebp+8]       ; |ExtStyle
0041DBD0 |.  FF15 D4434A00  call dword ptr ds:[<&user32.Crea>; \CreateWindowExA
0041DBD6 |.  8945 E4       mov dword ptr ss:[ebp-1C],eax
0041DBD9 |.  C745 FC FEFFFF>mov dword ptr ss:[ebp-4],-2
0041DBE0 |.  E8 0B000000 call HY_壳.0041DBF0
0041DBE5 |.  8B45 E4       mov eax,dword ptr ss:[ebp-1C]
0041DBE8 |>  E8 A8030200 call HY_壳.0043DF95
0041DBED \.  C3          retn
0041DBEE    33          db 33                         ;  CHAR '3'
0041DBEF    DB          db DB
0041DBF0 /$  837D DC 02    cmp dword ptr ss:[ebp-24],2
0041DBF4 |.  74 2E       je short HY_壳.0041DC24
0041DBF6 |.  33C0          xor eax,eax
0041DBF8 |.  395D E4       cmp dword ptr ss:[ebp-1C],ebx
0041DBFB |.  0F94C0       sete al
0041DBFE |.  8BF0          mov esi,eax
0041DC00 |.  3BF3          cmp esi,ebx
0041DC02 |.  74 0A       je short HY_壳.0041DC0E
0041DC04 |.  FF15 9C424A00  call dword ptr ds:[<&kernel32.Ge>; [GetLastError
0041DC0A |.  8BF8          mov edi,eax
0041DC0C |.  EB 02       jmp short HY_壳.0041DC10
0041DC0E |>  33FF          xor edi,edi
0041DC10 |>  FF75 E0       push dword ptr ss:[ebp-20]
0041DC13 |.  53          push ebx
0041DC14 |.  E8 80C40000 call HY_壳.0042A099
0041DC19 |.  3BF3          cmp esi,ebx
0041DC1B |.  74 07       je short HY_壳.0041DC24
0041DC1D |.  57          push edi
0041DC1E |.  FF15 90424A00  call dword ptr ds:[<&kernel32.Re>;  ntdll.RtlSetLastWin32Error
0041DC24 \>  C3          retn
0041DC25 /$  6A 14       push 14
0041DC27 |.  68 C8D14B00 push HY_壳.004BD1C8
0041DC2C |.  E8 1F030200 call HY_壳.0043DF50
0041DC31 |.  33DB          xor ebx,ebx
0041DC33 |.  895D E0       mov dword ptr ss:[ebp-20],ebx
0041DC36 |.  8D45 E0       lea eax,dword ptr ss:[ebp-20]
0041DC39 |.  50          push eax
0041DC3A |.  E8 37CC0000 call HY_壳.0042A876
0041DC3F |.  FFB0 80000000  push dword ptr ds:[eax+80]
0041DC45 |.  E8 5FC40000 call HY_壳.0042A0A9
0041DC4A |.  8945 DC       mov dword ptr ss:[ebp-24],eax
0041DC4D |.  895D E4       mov dword ptr ss:[ebp-1C],ebx
0041DC50 |.  3BC3          cmp eax,ebx
0041DC52 |.  75 04       jnz short HY_壳.0041DC58
0041DC54 |.  33C0          xor eax,eax
0041DC56 |.  EB 27       jmp short HY_壳.0041DC7F
0041DC58 |>  895D FC       mov dword ptr ss:[ebp-4],ebx
0041DC5B |.  FF75 14       push dword ptr ss:[ebp+14]    ; /Style
0041DC5E |.  FF75 10       push dword ptr ss:[ebp+10]    ; |Title
0041DC61 |.  FF75 0C       push dword ptr ss:[ebp+C]       ; |Text
0041DC64 |.  FF75 08       push dword ptr ss:[ebp+8]       ; |hOwner
0041DC67 |.  FF15 D0434A00  call dword ptr ds:[<&user32.Mess>; \MessageBoxA
0041DC6D |.  8945 E4       mov dword ptr ss:[ebp-1C],eax
0041DC70 |.  C745 FC FEFFFF>mov dword ptr ss:[ebp-4],-2
0041DC77 |.  E8 0B000000 call HY_壳.0041DC87
0041DC7C |.  8B45 E4       mov eax,dword ptr ss:[ebp-1C]
0041DC7F |>  E8 11030200 call HY_壳.0043DF95
0041DC84 \.  C3          retn
0041DC85    33          db 33                         ;  CHAR '3'
0041DC86    DB          db DB
0041DC87 /$  837D DC 02    cmp dword ptr ss:[ebp-24],2
0041DC8B |.  74 2E       je short HY_壳.0041DCBB
0041DC8D |.  33C0          xor eax,eax
0041DC8F |.  395D E4       cmp dword ptr ss:[ebp-1C],ebx
0041DC92 |.  0F94C0       sete al
0041DC95 |.  8BF0          mov esi,eax
0041DC97 |.  3BF3          cmp esi,ebx
0041DC99 |.  74 0A       je short HY_壳.0041DCA5
0041DC9B |.  FF15 9C424A00  call dword ptr ds:[<&kernel32.Ge>; [GetLastError
0041DCA1 |.  8BF8          mov edi,eax
0041DCA3 |.  EB 02       jmp short HY_壳.0041DCA7
0041DCA5 |>  33FF          xor edi,edi
0041DCA7 |>  FF75 E0       push dword ptr ss:[ebp-20]
0041DCAA |.  53          push ebx
0041DCAB |.  E8 E9C30000 call HY_壳.0042A099
0041DCB0 |.  3BF3          cmp esi,ebx
0041DCB2 |.  74 07       je short HY_壳.0041DCBB
0041DCB4 |.  57          push edi
0041DCB5 |.  FF15 90424A00  call dword ptr ds:[<&kernel32.Re>;  ntdll.RtlSetLastWin32Error
0041DCBB \>  C3          retn
0041DCBC /$  6A 14       push 14
0041DCBE |.  68 E8D14B00 push HY_壳.004BD1E8
0041DCC3 |.  E8 88020200 call HY_壳.0043DF50
0041DCC8 |.  33DB          xor ebx,ebx
0041DCCA |.  895D E0       mov dword ptr ss:[ebp-20],ebx
0041DCCD |.  8D45 E0       lea eax,dword ptr ss:[ebp-20]
0041DCD0 |.  50          push eax
0041DCD1 |.  E8 A0CB0000 call HY_壳.0042A876
0041DCD6 |.  FFB0 80000000  push dword ptr ds:[eax+80]
0041DCDC |.  E8 C8C30000 call HY_壳.0042A0A9
0041DCE1 |.  8945 DC       mov dword ptr ss:[ebp-24],eax
0041DCE4 |.  895D E4       mov dword ptr ss:[ebp-1C],ebx
0041DCE7 |.  3BC3          cmp eax,ebx
0041DCE9 |.  75 04       jnz short HY_壳.0041DCEF
0041DCEB |.  33C0          xor eax,eax
0041DCED |.  EB 1E       jmp short HY_壳.0041DD0D
0041DCEF |>  895D FC       mov dword ptr ss:[ebp-4],ebx
0041DCF2 |.  FF75 08       push dword ptr ss:[ebp+8]       ; /FileName
0041DCF5 |.  FF15 E4424A00  call dword ptr ds:[<&kernel32.Lo>; \LoadLibraryA
0041DCFB |.  8945 E4       mov dword ptr ss:[ebp-1C],eax
0041DCFE |.  C745 FC FEFFFF>mov dword ptr ss:[ebp-4],-2
0041DD05 |.  E8 0B000000 call HY_壳.0041DD15
0041DD0A |.  8B45 E4       mov eax,dword ptr ss:[ebp-1C]
0041DD0D |>  E8 83020200 call HY_壳.0043DF95
0041DD12 \.  C3          retn
0041DD13    33          db 33                         ;  CHAR '3'
0041DD14    DB          db DB
0041DD15 /$  837D DC 02    cmp dword ptr ss:[ebp-24],2
0041DD19 |.  74 2E       je short HY_壳.0041DD49
0041DD1B |.  33C0          xor eax,eax
0041DD1D |.  395D E4       cmp dword ptr ss:[ebp-1C],ebx
0041DD20 |.  0F94C0       sete al
0041DD23 |.  8BF0          mov esi,eax
0041DD25 |.  3BF3          cmp esi,ebx
0041DD27 |.  74 0A       je short HY_壳.0041DD33
0041DD29 |.  FF15 9C424A00  call dword ptr ds:[<&kernel32.Ge>; [GetLastError
0041DD2F |.  8BF8          mov edi,eax
0041DD31 |.  EB 02       jmp short HY_壳.0041DD35
0041DD33 |>  33FF          xor edi,edi
0041DD35 |>  FF75 E0       push dword ptr ss:[ebp-20]
0041DD38 |.  53          push ebx
0041DD39 |.  E8 5BC30000 call HY_壳.0042A099
0041DD3E |.  3BF3          cmp esi,ebx
0041DD40 |.  74 07       je short HY_壳.0041DD49
0041DD42 |.  57          push edi
0041DD43 |.  FF15 90424A00  call dword ptr ds:[<&kernel32.Re>;  ntdll.RtlSetLastWin32Error
0041DD49 \>  C3          retn
0041DD4A /$  FF7424 04    push dword ptr ss:[esp+4]       ; /Pos
0041DD4E |.  FF71 04       push dword ptr ds:[ecx+4]       ; |hMenu
0041DD51 |.  FF15 C4434A00  call dword ptr ds:[<&user32.GetS>; \GetSubMenu
0041DD57 |.  50          push eax
0041DD58 |.  E8 09C20000 call HY_壳.00429F66
0041DD5D \.  C2 0400       retn 4
0041DD60 /$  56          push esi
0041DD61 |.  8B7424 08    mov esi,dword ptr ss:[esp+8]
0041DD65 |.  B8 FFFFFF7F mov eax,7FFFFFFF
0041DD6A |.  3BF0          cmp esi,eax
0041DD6C |.  74 11       je short HY_壳.0041DD7F
0041DD6E |.  8B11          mov edx,dword ptr ds:[ecx]
0041DD70 |.  3BD0          cmp edx,eax
0041DD72 |.  74 09       je short HY_壳.0041DD7D
0041DD74 |.  3BD6          cmp edx,esi
0041DD76 |.  74 05       je short HY_壳.0041DD7D
0041DD78 |>  E8 284D0000 call HY_壳.00422AA5
0041DD7D |>  8931          mov dword ptr ds:[ecx],esi
0041DD7F |>  8B09          mov ecx,dword ptr ds:[ecx]
0041DD81 |.  3BC8          cmp ecx,eax
0041DD83 |.^ 74 F3       je short HY_壳.0041DD78
0041DD85 |.  51          push ecx
0041DD86 |.  E8 37630100 call HY_壳.004340C2
0041DD8B |.  5E          pop esi
0041DD8C \.  C2 0400       retn 4
0041DD8F /$  56          push esi
0041DD90 |.  8BF1          mov esi,ecx
0041DD92 |.  8B06          mov eax,dword ptr ds:[esi]
0041DD94 |.  3D FFFFFF7F cmp eax,7FFFFFFF
0041DD99 |.  74 0C       je short HY_壳.0041DDA7
0041DD9B |.  50          push eax
0041DD9C |.  E8 8E630100 call HY_壳.0043412F
0041DDA1 |.  C706 FFFFFF7F  mov dword ptr ds:[esi],7FFFFFFF
0041DDA7 |>  5E          pop esi
0041DDA8 \.  C3          retn
0041DDA9 /$  56          push esi
0041DDAA |.  8BF1          mov esi,ecx
0041DDAC |.  E8 97440000 call HY_壳.00422248
0041DDB1 |.  33C0          xor eax,eax
0041DDB3 |.  C706 8C594A00  mov dword ptr ds:[esi],HY_壳.004A>
0041DDB9 |.  C746 30 FC584A>mov dword ptr ds:[esi+30],HY_壳.0>
0041DDC0 |.  C746 34 70594A>mov dword ptr ds:[esi+34],HY_壳.0>
0041DDC7 |.  8946 20       mov dword ptr ds:[esi+20],eax
0041DDCA |.  8846 24       mov byte ptr ds:[esi+24],al
0041DDCD |.  8946 2C       mov dword ptr ds:[esi+2C],eax
0041DDD0 |.  8946 28       mov dword ptr ds:[esi+28],eax
0041DDD3 |.  8946 38       mov dword ptr ds:[esi+38],eax
0041DDD6 |.  8946 3C       mov dword ptr ds:[esi+3C],eax
0041DDD9 |.  8946 40       mov dword ptr ds:[esi+40],eax
0041DDDC |.  8946 44       mov dword ptr ds:[esi+44],eax
0041DDDF |.  8946 48       mov dword ptr ds:[esi+48],eax
0041DDE2 |.  8946 4C       mov dword ptr ds:[esi+4C],eax
0041DDE5 |.  8946 50       mov dword ptr ds:[esi+50],eax
0041DDE8 |.  8BC6          mov eax,esi
0041DDEA |.  5E          pop esi
0041DDEB \.  C3          retn
0041DDEC /$  56          push esi
0041DDED |.  FF7424 0C    push dword ptr ss:[esp+C]       ; /pRect
0041DDF1 |.  8B7424 0C    mov esi,dword ptr ss:[esp+C]    ; |
0041DDF5 |.  FF76 20       push dword ptr ds:[esi+20]    ; |hWnd
0041DDF8 |.  FF15 F4444A00  call dword ptr ds:[<&user32.GetW>; \GetWindowRect
0041DDFE |.  8BCE          mov ecx,esi
0041DE00 |.  E8 01BCFFFF call HY_壳.00419A06
0041DE05 |.  8B4C24 10    mov ecx,dword ptr ss:[esp+10]
0041DE09 |.  8901          mov dword ptr ds:[ecx],eax
0041DE0B |.  5E          pop esi
0041DE0C \.  C2 0C00       retn 0C
0041DE0F /.  55          push ebp
0041DE10 |.  8BEC          mov ebp,esp
0041DE12 |.  8B45 1C       mov eax,dword ptr ss:[ebp+1C]
0041DE15 |.  85C0          test eax,eax
0041DE17 |.  53          push ebx
0041DE18 |.  56          push esi
0041DE19 |.  57          push edi
0041DE1A |.  75 04       jnz short HY_壳.0041DE20
0041DE1C |.  33FF          xor edi,edi
0041DE1E |.  EB 03       jmp short HY_壳.0041DE23
0041DE20 |>  8B78 20       mov edi,dword ptr ds:[eax+20]
0041DE23 |>  FF75 24       push dword ptr ss:[ebp+24]
0041DE26 |.  8B45 18       mov eax,dword ptr ss:[ebp+18]
0041DE29 |.  FF75 20       push dword ptr ss:[ebp+20]
0041DE2C |.  8B50 04       mov edx,dword ptr ds:[eax+4]
0041DE2F |.  8B30          mov esi,dword ptr ds:[eax]
0041DE31 |.  57          push edi
0041DE32 |.  8B78 0C       mov edi,dword ptr ds:[eax+C]
0041DE35 |.  8B40 08       mov eax,dword ptr ds:[eax+8]
0041DE38 |.  8B19          mov ebx,dword ptr ds:[ecx]
0041DE3A |.  2BFA          sub edi,edx
0041DE3C |.  57          push edi
0041DE3D |.  2BC6          sub eax,esi
0041DE3F |.  50          push eax
0041DE40 |.  52          push edx
0041DE41 |.  56          push esi
0041DE42 |.  FF75 14       push dword ptr ss:[ebp+14]
0041DE45 |.  FF75 10       push dword ptr ss:[ebp+10]
0041DE48 |.  FF75 0C       push dword ptr ss:[ebp+C]
0041DE4B |.  FF75 08       push dword ptr ss:[ebp+8]
0041DE4E |.  FF53 5C       call dword ptr ds:[ebx+5C]
0041DE51 |.  5F          pop edi
0041DE52 |.  5E          pop esi
0041DE53 |.  5B          pop ebx
0041DE54 |.  5D          pop ebp
0041DE55 \.  C2 2000       retn 20
0041DE58 /.  55          push ebp
0041DE59 |.  8BEC          mov ebp,esp
0041DE5B |.  8B45 18       mov eax,dword ptr ss:[ebp+18]
0041DE5E |.  85C0          test eax,eax
0041DE60 |.  53          push ebx
0041DE61 |.  56          push esi
0041DE62 |.  57          push edi
0041DE63 |.  75 04       jnz short HY_壳.0041DE69
0041DE65 |.  33FF          xor edi,edi
0041DE67 |.  EB 03       jmp short HY_壳.0041DE6C
0041DE69 |>  8B78 20       mov edi,dword ptr ds:[eax+20]
0041DE6C |>  FF75 20       push dword ptr ss:[ebp+20]
0041DE6F |.  8B45 14       mov eax,dword ptr ss:[ebp+14]
0041DE72 |.  FF75 1C       push dword ptr ss:[ebp+1C]
0041DE75 |.  8B50 04       mov edx,dword ptr ds:[eax+4]
0041DE78 |.  8B30          mov esi,dword ptr ds:[eax]
0041DE7A |.  8B19          mov ebx,dword ptr ds:[ecx]
0041DE7C |.  57          push edi
0041DE7D |.  8B78 0C       mov edi,dword ptr ds:[eax+C]
0041DE80 |.  8B40 08       mov eax,dword ptr ds:[eax+8]
0041DE83 |.  2BFA          sub edi,edx
0041DE85 |.  57          push edi
0041DE86 |.  2BC6          sub eax,esi
0041DE88 |.  50          push eax
0041DE89 |.  8B45 10       mov eax,dword ptr ss:[ebp+10]
0041DE8C |.  52          push edx
0041DE8D |.  56          push esi
0041DE8E |.  0D 00000040 or eax,40000000
0041DE93 |.  50          push eax
0041DE94 |.  FF75 0C       push dword ptr ss:[ebp+C]
0041DE97 |.  FF75 08       push dword ptr ss:[ebp+8]
0041DE9A |.  6A 00       push 0
0041DE9C |.  FF53 5C       call dword ptr ds:[ebx+5C]
0041DE9F |.  5F          pop edi
0041DEA0 |.  5E          pop esi
0041DEA1 |.  5B          pop ebx
0041DEA2 |.  5D          pop ebp
0041DEA3 \.  C2 1C00       retn 1C
0041DEA6 /$  56          push esi
0041DEA7 |.  E8 FDC90000 call HY_壳.0042A8A9
0041DEAC |.  8BF0          mov esi,eax
0041DEAE |.  8B46 3C       mov eax,dword ptr ds:[esi+3C]
0041DEB1 |.  85C0          test eax,eax
0041DEB3 |.  74 17       je short HY_壳.0041DECC
0041DEB5 |.  8B40 20       mov eax,dword ptr ds:[eax+20]
0041DEB8 |.  85C0          test eax,eax
0041DEBA |.  74 10       je short HY_壳.0041DECC
0041DEBC |.  6A 00       push 0                         ; /lParam = 0
0041DEBE |.  6A 00       push 0                         ; |wParam = 0
0041DEC0 |.  68 01040000 push 401                      ; |Message = WM_USER+1
0041DEC5 |.  50          push eax                      ; |hWnd
0041DEC6 |.  FF15 00454A00  call dword ptr ds:[<&user32.Send>; \SendMessageA
0041DECC |>  837C24 08 00 cmp dword ptr ss:[esp+8],0
0041DED1 |.  8B76 50       mov esi,dword ptr ds:[esi+50]
0041DED4 |.  74 1D       je short HY_壳.0041DEF3
0041DED6 |.  85F6          test esi,esi
0041DED8 |.  74 19       je short HY_壳.0041DEF3
0041DEDA |.  6A 01       push 1                         ; /Key = VK_LBUTTON
0041DEDC |.  FF15 88444A00  call dword ptr ds:[<&user32.GetK>; \GetKeyState
0041DEE2 |.  66:85C0       test ax,ax
0041DEE5 |.  7C 0C       jl short HY_壳.0041DEF3
0041DEE7 |.  8B06          mov eax,dword ptr ds:[esi]
0041DEE9 |.  6A FF       push -1
0041DEEB |.  8BCE          mov ecx,esi
0041DEED |.  FF90 64010000  call dword ptr ds:[eax+164]
0041DEF3 |>  5E          pop esi
0041DEF4 \.  C2 0400       retn 4
0041DEF7 /$  55          push ebp
0041DEF8 |.  8BEC          mov ebp,esp
0041DEFA |.  51          push ecx
0041DEFB |.  53          push ebx
0041DEFC |.  56          push esi
0041DEFD |.  57          push edi
0041DEFE |.  8BF9          mov edi,ecx
0041DF00 |.  E8 50C40000 call HY_壳.0042A355
0041DF05 |.  8BF0          mov esi,eax
0041DF07 |.  8B46 78       mov eax,dword ptr ds:[esi+78]
0041DF0A |.  8B5E 74       mov ebx,dword ptr ds:[esi+74]
0041DF0D |.  8945 FC       mov dword ptr ss:[ebp-4],eax
0041DF10 |.  8B45 14       mov eax,dword ptr ss:[ebp+14]
0041DF13 |.  85C0          test eax,eax
0041DF15 |.  74 03       je short HY_壳.0041DF1A
0041DF17 |.  8B40 20       mov eax,dword ptr ds:[eax+20]
0041DF1A |>  FF75 18       push dword ptr ss:[ebp+18]    ; /pRect
0041DF1D |.  8946 74       mov dword ptr ds:[esi+74],eax ; |
0041DF20 |.  8B4F 04       mov ecx,dword ptr ds:[edi+4]    ; |
0041DF23 |.  50          push eax                      ; |hWnd
0041DF24 |.  6A 00       push 0                         ; |Reserved = 0
0041DF26 |.  FF75 10       push dword ptr ss:[ebp+10]    ; |Y
0041DF29 |.  894E 78       mov dword ptr ds:[esi+78],ecx ; |
0041DF2C |.  FF75 0C       push dword ptr ss:[ebp+C]       ; |X
0041DF2F |.  FF75 08       push dword ptr ss:[ebp+8]       ; |Options
0041DF32 |.  FF77 04       push dword ptr ds:[edi+4]       ; |hMenu
0041DF35 |.  FF15 B4434A00  call dword ptr ds:[<&user32.Trac>; \TrackPopupMenu
0041DF3B |.  8B4D FC       mov ecx,dword ptr ss:[ebp-4]
0041DF3E |.  5F          pop edi
0041DF3F |.  895E 74       mov dword ptr ds:[esi+74],ebx
0041DF42 |.  894E 78       mov dword ptr ds:[esi+78],ecx
0041DF45 |.  5E          pop esi
0041DF46 |.  5B          pop ebx
0041DF47 |.  C9          leave
0041DF48 \.  C2 1400       retn 14
0041DF4B /$  55          push ebp
0041DF4C |.  8BEC          mov ebp,esp
0041DF4E |.  53          push ebx
0041DF4F |.  56          push esi
0041DF50 |.  8B75 08       mov esi,dword ptr ss:[ebp+8]
0041DF53 |.  85F6          test esi,esi
0041DF55 |.  57          push edi
0041DF56 |.  75 05       jnz short HY_壳.0041DF5D
0041DF58 |.  E8 484B0000 call HY_壳.00422AA5
0041DF5D |>  FF76 04       push dword ptr ds:[esi+4]       ; /hMenu
0041DF60 |.  FF15 CC434A00  call dword ptr ds:[<&user32.GetM>; \GetMenuItemCount
0041DF66 |.  33FF          xor edi,edi
0041DF68 |.  85C0          test eax,eax
0041DF6A |.  8945 08       mov dword ptr ss:[ebp+8],eax
0041DF6D |.  7E 35       jle short HY_壳.0041DFA4
0041DF6F |.  8B5D 0C       mov ebx,dword ptr ss:[ebp+C]
0041DF72 |>  57          /push edi
0041DF73 |.  8BCE          |mov ecx,esi
0041DF75 |.  E8 D0FDFFFF |call HY_壳.0041DD4A
0041DF7A |.  85C0          |test eax,eax
0041DF7C |.  74 12       |je short HY_壳.0041DF90
0041DF7E |.  3958 04       |cmp dword ptr ds:[eax+4],ebx
0041DF81 |.  74 2A       |je short HY_壳.0041DFAD
0041DF83 |.  53          |push ebx                      ; /Arg2
0041DF84 |.  50          |push eax                      ; |Arg1
0041DF85 |.  E8 C1FFFFFF |call HY_壳.0041DF4B             ; \HY_壳.0041DF4B
0041DF8A |.  85C0          |test eax,eax
0041DF8C |.  75 18       |jnz short HY_壳.0041DFA6
0041DF8E |.  EB 0E       |jmp short HY_壳.0041DF9E
0041DF90 |>  57          |push edi                      ; /Pos
0041DF91 |.  FF76 04       |push dword ptr ds:[esi+4]    ; |hMenu
0041DF94 |.  FF15 C8434A00  |call dword ptr ds:[<&user32.Get>; \GetMenuItemID
0041DF9A |.  3BC3          |cmp eax,ebx
0041DF9C |.  74 0F       |je short HY_壳.0041DFAD
0041DF9E |>  47          |inc edi
0041DF9F |.  3B7D 08       |cmp edi,dword ptr ss:[ebp+8]
0041DFA2 |.^ 7C CE       \jl short HY_壳.0041DF72
0041DFA4 |>  33C0          xor eax,eax
0041DFA6 |>  5F          pop edi
0041DFA7 |.  5E          pop esi
0041DFA8 |.  5B          pop ebx
0041DFA9 |.  5D          pop ebp
0041DFAA |.  C2 0800       retn 8
0041DFAD |>  FF76 04       push dword ptr ds:[esi+4]
0041DFB0 |.  E8 BFBF0000 call HY_壳.00429F74
0041DFB5 \.^ EB EF       jmp short HY_壳.0041DFA6
0041DFB7 /$  C701 F85A4A00  mov dword ptr ds:[ecx],HY_壳.004A>
0041DFBD |.  8B49 04       mov ecx,dword ptr ds:[ecx+4]
0041DFC0 |.  85C9          test ecx,ecx
0041DFC2 |.  74 07       je short HY_壳.0041DFCB
0041DFC4 |.  51          push ecx                      ; /hLibModule
0041DFC5 |.  FF15 DC424A00  call dword ptr ds:[<&kernel32.Fr>; \FreeLibrary
0041DFCB \>  C3          retn
0041DFCC .  56          push esi
0041DFCD .  8BF1          mov esi,ecx
0041DFCF .  E8 E3FFFFFF call HY_壳.0041DFB7
0041DFD4 .  F64424 08 01 test byte ptr ss:[esp+8],1
0041DFD9 .  74 06       je short HY_壳.0041DFE1
0041DFDB .  56          push esi
0041DFDC .  E8 D1590100 call HY_壳.004339B2
0041DFE1 >  8BC6          mov eax,esi
0041DFE3 .  5E          pop esi
0041DFE4 .  C2 0400       retn 4

在这断了下；
0041DC67 |.  FF15 D0434A00  call dword ptr ds:[<&user32.Mess>; \MessageBoxA

堆栈提示是这个：

0012AA4C    00CF7D10 |Text = "账号不可用或已到期!"

[课程]Android-CTF解题方法汇总！

收藏・0

免费・0

支持

最新回复 (9)
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 2 楼 why!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 2012-7-14 15:46 0
wwwzhigang 雪币： 274 活跃值： (40) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 202 粉丝 1 关注私信	wwwzhigang 3 楼 0041D6AF \|. 75 04 jnz short 小软件.0041D6B5 把其中的指令“75 04” 改成“90 90”，然后另存为一个新文件就不用验证了吧~~ 2012-7-14 17:31 0
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 4 楼 90 90 NOP掉，结果不行，软件出错：好悲催哦。有对策吗？~ 上传的附件： er.jpg （20.43kb，103次下载） 2012-7-14 17:58 0
wwwzhigang 雪币： 274 活跃值： (40) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 202 粉丝 1 关注私信	wwwzhigang 5 楼再往上找关键点吧 2012-7-14 18:50 0
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 6 楼没事弄了2~3天玩玩... hi ~ 我反复试过，没找着关键点，我都是蒙的，实在菜鸟。。可以帮我看看吗？~ 2012-7-14 19:00 0
ruoko 雪币： 122 活跃值： (72) 能力值： ( LV3，RANK：30 ) 在线值：发帖 35 回帖 226 粉丝 0 关注私信	ruoko 7 楼能不能把软件发出来 2012-7-15 08:31 0
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 8 楼已经添加附件，帮我看看，谢谢。。。 2012-7-15 10:00 0
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 9 楼升级!~~~~~~~ 2012-7-16 12:10 0
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 10 楼 why~~~~~~~~~~~ 2012-7-22 20:25 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

bbsphixy

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (9)
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 2 楼 why!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 2012-7-14 15:46 0
wwwzhigang 雪币： 274 活跃值： (40) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 202 粉丝 1 关注私信	wwwzhigang 3 楼 0041D6AF \|. 75 04 jnz short 小软件.0041D6B5 把其中的指令“75 04” 改成“90 90”，然后另存为一个新文件就不用验证了吧~~ 2012-7-14 17:31 0
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 4 楼 90 90 NOP掉，结果不行，软件出错：好悲催哦。有对策吗？~ 上传的附件： er.jpg （20.43kb，103次下载） 2012-7-14 17:58 0
wwwzhigang 雪币： 274 活跃值： (40) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 202 粉丝 1 关注私信	wwwzhigang 5 楼再往上找关键点吧 2012-7-14 18:50 0
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 6 楼没事弄了2~3天玩玩... hi ~ 我反复试过，没找着关键点，我都是蒙的，实在菜鸟。。可以帮我看看吗？~ 2012-7-14 19:00 0
ruoko 雪币： 122 活跃值： (72) 能力值： ( LV3，RANK：30 ) 在线值：发帖 35 回帖 226 粉丝 0 关注私信	ruoko 7 楼能不能把软件发出来 2012-7-15 08:31 0
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 8 楼已经添加附件，帮我看看，谢谢。。。 2012-7-15 10:00 0
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 9 楼升级!~~~~~~~ 2012-7-16 12:10 0
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 10 楼 why~~~~~~~~~~~ 2012-7-22 20:25 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复