00D9E6B1 > /6A 58 PUSH 58
00D9E6B3 . |68 30FF1201 PUSH xxxxxxxx.0112FF30
00D9E6B8 . |E8 FB680000 CALL xxxxxxxx.00DA4FB8
///////////////////////////////////////////////////////////////////////////////////////////////////
00D9E6BD . |33F6 XOR ESI,ESI
00D9E6BF . |8975 FC MOV DWORD PTR SS:[EBP-4],ESI
00D9E6C2 . |8D45 98 LEA EAX,DWORD PTR SS:[EBP-68]
00D9E6C5 . |50 PUSH EAX ; /pStartupinfo
00D9E6C6 . |FF15 44B2EE00 CALL DWORD PTR DS:[EEB244] ; \GetStartupInfoA
00D9E6CC . |6A FE PUSH -2
00D9E6CE . |5F POP EDI
00D9E6CF . |897D FC MOV DWORD PTR SS:[EBP-4],EDI
00D9E6D2 . |B8 4D5A0000 MOV EAX,5A4D
00D9E6D7 . |66:3905 00004000 CMP WORD PTR DS:[400000],AX
00D9E6DE . |75 38 JNZ SHORT xxxxxxxx.00D9E718
00D9E6E0 . |A1 3C004000 MOV EAX,DWORD PTR DS:[40003C]
00D9E6E5 . |81B8 00004000 504>CMP DWORD PTR DS:[EAX+400000],4550
00D9E6EF . |75 27 JNZ SHORT xxxxxxxx.00D9E718
00D9E6F1 . |B9 0B010000 MOV ECX,10B
00D9E6F6 . |66:3988 18004000 CMP WORD PTR DS:[EAX+400018],CX
00D9E6FD . |75 19 JNZ SHORT xxxxxxxx.00D9E718
00D9E6FF . |83B8 74004000 0E CMP DWORD PTR DS:[EAX+400074],0E
00D9E706 . |76 10 JBE SHORT xxxxxxxx.00D9E718
00D9E708 . |33C9 XOR ECX,ECX
00D9E70A . |39B0 E8004000 CMP DWORD PTR DS:[EAX+4000E8],ESI
00D9E710 . |0F95C1 SETNE CL
00D9E713 . |894D E4 MOV DWORD PTR SS:[EBP-1C],ECX
00D9E716 . |EB 03 JMP SHORT xxxxxxxx.00D9E71B
00D9E718 > |8975 E4 MOV DWORD PTR SS:[EBP-1C],ESI
/////////////////////////////////////////////////////////////////////////////////////////////
这边以下的和vc8.0很像
00D9E71B > |33DB XOR EBX,EBX
00D9E71D . |43 INC EBX
00D9E71E . |53 PUSH EBX
00D9E71F . |E8 B8770000 CALL xxxxxxxx.00DA5EDC
00D9E724 . |59 POP ECX
00D9E725 . |85C0 TEST EAX,EAX
00D9E727 . |75 08 JNZ SHORT xxxxxxxx.00D9E731
00D9E729 . |6A 1C PUSH 1C
00D9E72B . |E8 58FFFFFF CALL xxxxxxxx.00D9E688
00D9E730 . |59 POP ECX
00D9E731 > |E8 91600000 CALL xxxxxxxx.00DA47C7
00D9E736 . |85C0 TEST EAX,EAX
00D9E738 . |75 08 JNZ SHORT xxxxxxxx.00D9E742
00D9E73A . |6A 10 PUSH 10
00D9E73C . |E8 47FFFFFF CALL xxxxxxxx.00D9E688
00D9E741 . |59 POP ECX
00D9E742 > |E8 870A0100 CALL xxxxxxxx.00DAF1CE
00D9E747 . |895D FC MOV DWORD PTR SS:[EBP-4],EBX
00D9E74A . |E8 18E00000 CALL xxxxxxxx.00DAC767
00D9E74F . |85C0 TEST EAX,EAX
00D9E751 . |7D 08 JGE SHORT xxxxxxxx.00D9E75B
00D9E753 . |6A 1B PUSH 1B
00D9E755 . |E8 56650000 CALL xxxxxxxx.00DA4CB0
00D9E75A . |59 POP ECX
00D9E75B > |FF15 48B2EE00 CALL DWORD PTR DS:[EEB248] ; [GetCommandLineA
00D9E761 . |A3 C4311601 MOV DWORD PTR DS:[11631C4],EAX
00D9E766 . |E8 2C090100 CALL xxxxxxxx.00DAF097
00D9E76B . |A3 2CF01501 MOV DWORD PTR DS:[115F02C],EAX
00D9E770 . |E8 67080100 CALL xxxxxxxx.00DAEFDC
00D9E775 . |85C0 TEST EAX,EAX
00D9E777 . |7D 08 JGE SHORT xxxxxxxx.00D9E781
00D9E779 . |6A 08 PUSH 8
00D9E77B . |E8 30650000 CALL xxxxxxxx.00DA4CB0
00D9E780 . |59 POP ECX
00D9E781 > |E8 DE050100 CALL xxxxxxxx.00DAED64
00D9E786 . |85C0 TEST EAX,EAX
00D9E788 . |7D 08 JGE SHORT xxxxxxxx.00D9E792
00D9E78A . |6A 09 PUSH 9
00D9E78C . |E8 1F650000 CALL xxxxxxxx.00DA4CB0
00D9E791 . |59 POP ECX
00D9E792 > |53 PUSH EBX
00D9E793 . |E8 D7650000 CALL xxxxxxxx.00DA4D6F
00D9E798 . |59 POP ECX
00D9E799 . |3BC6 CMP EAX,ESI
00D9E79B . |74 07 JE SHORT xxxxxxxx.00D9E7A4
00D9E79D . |50 PUSH EAX
00D9E79E . |E8 0D650000 CALL xxxxxxxx.00DA4CB0
00D9E7A3 . |59 POP ECX
00D9E7A4 > |E8 5C050100 CALL xxxxxxxx.00DAED05
00D9E7A9 . |845D C4 TEST BYTE PTR SS:[EBP-3C],BL
00D9E7AC . |74 06 JE SHORT xxxxxxxx.00D9E7B4
00D9E7AE . |0FB74D C8 MOVZX ECX,WORD PTR SS:[EBP-38]
00D9E7B2 . |EB 03 JMP SHORT xxxxxxxx.00D9E7B7
00D9E7B4 > |6A 0A PUSH 0A
00D9E7B6 . |59 POP ECX
00D9E7B7 > |51 PUSH ECX
00D9E7B8 . |50 PUSH EAX
00D9E7B9 . |56 PUSH ESI
00D9E7BA . |68 00004000 PUSH xxxxxxxx.00400000
00D9E7BF . |E8 ECC7F5FF CALL xxxxxxxx.00CFAFB0
00D9E7C4 . |8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
00D9E7C7 . |3975 E4 CMP DWORD PTR SS:[EBP-1C],ESI
00D9E7CA . |75 06 JNZ SHORT xxxxxxxx.00D9E7D2
00D9E7CC . |50 PUSH EAX
00D9E7CD . |E8 4E670000 CALL xxxxxxxx.00DA4F20
00D9E7D2 > |E8 75670000 CALL xxxxxxxx.00DA4F4C
00D9E7D7 . |897D FC MOV DWORD PTR SS:[EBP-4],EDI
00D9E7DA . |EB 35 JMP SHORT xxxxxxxx.00D9E811
00D9E7DC . |8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
00D9E7DF . |8B08 MOV ECX,DWORD PTR DS:[EAX]
00D9E7E1 . |8B09 MOV ECX,DWORD PTR DS:[ECX]
00D9E7E3 . |894D DC MOV DWORD PTR SS:[EBP-24],ECX
00D9E7E6 . |50 PUSH EAX
00D9E7E7 . |51 PUSH ECX
00D9E7E8 . |E8 8CE70000 CALL xxxxxxxx.00DACF79
00D9E7ED . |59 POP ECX
00D9E7EE . |59 POP ECX
00D9E7EF . |C3 RETN
00D9E7F0 . |8B65 E8 MOV ESP,DWORD PTR SS:[EBP-18]
00D9E7F3 . |8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
00D9E7F6 . |8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
00D9E7F9 . |837D E4 00 CMP DWORD PTR SS:[EBP-1C],0
00D9E7FD . |75 06 JNZ SHORT xxxxxxxx.00D9E805
00D9E7FF . |50 PUSH EAX
00D9E800 . |E8 31670000 CALL xxxxxxxx.00DA4F36
00D9E805 > |E8 51670000 CALL xxxxxxxx.00DA4F5B
00D9E80A . |C745 FC FEFFFFFF MOV DWORD PTR SS:[EBP-4],-2
00D9E811 > |8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
00D9E814 . |EB 13 JMP SHORT xxxxxxxx.00D9E829
00D9E816 . |33C0 XOR EAX,EAX
00D9E818 . |40 INC EAX
00D9E819 . |C3 RETN
00D9E81A . |8B65 E8 MOV ESP,DWORD PTR SS:[EBP-18]
00D9E81D . |C745 FC FEFFFFFF MOV DWORD PTR SS:[EBP-4],-2
00D9E824 . |B8 FF000000 MOV EAX,0FF
00D9E829 > |E8 CF670000 CALL xxxxxxxx.00DA4FFD
00D9E82E . |C3 RETN
00D9E82F . |E8 E6090100 CALL xxxxxxxx.00DAF21A
[课程]Linux pwn 探索篇!
