76FC7094 > C3 RETN
76FC7095 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP]
76FC709C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP]
76FC70A0 > 8D5424 08 LEA EDX,DWORD PTR SS:[ESP+0x8]
76FC70A4 CD 2E INT 0x2E
76FC70A6 C3 RETN
76FC70A7 90 NOP
76FC70A8 > 55 PUSH EBP
76FC70A9 8BEC MOV EBP,ESP
76FC70AB 8DA424 30FDFFFF LEA ESP,DWORD PTR SS:[ESP-0x2D0]
76FC70B2 54 PUSH ESP
76FC70B3 E8 53010000 CALL ntdll.RtlCaptureContext
76FC70B8 8B55 04 MOV EDX,DWORD PTR SS:[EBP+0x4]
76FC70BB 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8]
76FC70BE 838424 C4000000 >ADD DWORD PTR SS:[ESP+0xC4],0x4
76FC70C6 8950 0C MOV DWORD PTR DS:[EAX+0xC],EDX
76FC70C9 C70424 07000100 MOV DWORD PTR SS:[ESP],0x10007
76FC70D0 8BCC MOV ECX,ESP
76FC70D2 6A 01 PUSH 0x1
76FC70D4 51 PUSH ECX
76FC70D5 FF75 08 PUSH DWORD PTR SS:[EBP+0x8]
76FC70D8 E8 BBF1FFFF CALL ntdll.ZwRaiseException
76FC70DD 50 PUSH EAX
76FC70DE E8 02000000 CALL ntdll.RtlRaiseStatus
76FC70E3 CC INT3
76FC70E4 90 NOP
76FC70E5 > 55 PUSH EBP
76FC70E6 8BEC MOV EBP,ESP
76FC70E8 8DA424 E0FCFFFF LEA ESP,DWORD PTR SS:[ESP-0x320]
76FC70EF 54 PUSH ESP
76FC70F0 E8 16010000 CALL ntdll.RtlCaptureContext
76FC70F5 838424 C4000000 >ADD DWORD PTR SS:[ESP+0xC4],0x4
76FC70FD 8D8C24 D0020000 LEA ECX,DWORD PTR SS:[ESP+0x2D0]
76FC7104 8B45 04 MOV EAX,DWORD PTR SS:[EBP+0x4]
76FC7107 C70424 07000100 MOV DWORD PTR SS:[ESP],0x10007
76FC710E 8941 0C MOV DWORD PTR DS:[ECX+0xC],EAX
76FC7111 8361 10 00 AND DWORD PTR DS:[ECX+0x10],0x0
76FC7115 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8]
76FC7118 8361 08 00 AND DWORD PTR DS:[ECX+0x8],0x0
76FC711C 8901 MOV DWORD PTR DS:[ECX],EAX
76FC711E C741 04 01000000 MOV DWORD PTR DS:[ECX+0x4],0x1
76FC7125 8BD4 MOV EDX,ESP
76FC7127 6A 01 PUSH 0x1
76FC7129 52 PUSH EDX
76FC712A 51 PUSH ECX
76FC712B E8 68F1FFFF CALL ntdll.ZwRaiseException
76FC7130 50 PUSH EAX
76FC7131 E8 AFFFFFFF CALL ntdll.RtlRaiseStatus
76FC7136 CC INT3
76FC7137 90 NOP
76FC7138 BA AD71FC76 MOV EDX,ntdll.76FC71AD
76FC713D EB 08 JMP Xntdll.76FC7147
76FC713F 90 NOP
76FC7140 BA D471FC76 MOV EDX,ntdll.76FC71D4
76FC7145 8D09 LEA ECX,DWORD PTR DS:[ECX]
76FC7147 53 PUSH EBX
76FC7148 56 PUSH ESI
76FC7149 57 PUSH EDI
76FC714A 33C0 XOR EAX,EAX
76FC714C 33DB XOR EBX,EBX
76FC714E 33F6 XOR ESI,ESI
76FC7150 33FF XOR EDI,EDI
76FC7152 FF7424 20 PUSH DWORD PTR SS:[ESP+0x20]
76FC7156 FF7424 20 PUSH DWORD PTR SS:[ESP+0x20]
76FC715A FF7424 20 PUSH DWORD PTR SS:[ESP+0x20]
76FC715E FF7424 20 PUSH DWORD PTR SS:[ESP+0x20]
76FC7162 FF7424 20 PUSH DWORD PTR SS:[ESP+0x20]
76FC7166 E8 08000000 CALL ntdll.76FC7173
76FC716B 5F POP EDI
76FC716C 5E POP ESI
76FC716D 5B POP EBX
76FC716E C2 1400 RETN 0x14
76FC7171 8BFF MOV EDI,EDI
76FC7173 55 PUSH EBP
76FC7174 8BEC MOV EBP,ESP
76FC7176 FF75 0C PUSH DWORD PTR SS:[EBP+0xC]
76FC7179 52 PUSH EDX
76FC717A 64:FF35 00000000 PUSH DWORD PTR FS:[0]
76FC7181 64:8925 00000000 MOV DWORD PTR FS:[0],ESP
76FC7188 FF75 14 PUSH DWORD PTR SS:[EBP+0x14]
76FC718B FF75 10 PUSH DWORD PTR SS:[EBP+0x10]
76FC718E FF75 0C PUSH DWORD PTR SS:[EBP+0xC]
76FC7191 FF75 08 PUSH DWORD PTR SS:[EBP+0x8]
76FC7194 8B4D 18 MOV ECX,DWORD PTR SS:[EBP+0x18]
76FC7197 FFD1 CALL ECX
76FC7199 64:8B25 00000000 MOV ESP,DWORD PTR FS:[0]
76FC71A0 64:8F05 00000000 POP DWORD PTR FS:[0]
76FC71A7 8BE5 MOV ESP,EBP
76FC71A9 5D POP EBP
76FC71AA C2 1400 RETN 0x14
76FC71AD 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+0x4]
76FC71B1 F741 04 06000000 TEST DWORD PTR DS:[ECX+0x4],0x6
76FC71B8 B8 01000000 MOV EAX,0x1
76FC71BD 75 12 JNZ Xntdll.76FC71D1
76FC71BF 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+0x8]
76FC71C3 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+0x10]
76FC71C7 8B41 08 MOV EAX,DWORD PTR DS:[ECX+0x8]
76FC71CA 8902 MOV DWORD PTR DS:[EDX],EAX
76FC71CC B8 02000000 MOV EAX,0x2
76FC71D1 C2 1000 RETN 0x10
76FC71D4 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+0x4]
76FC71D8 F741 04 06000000 TEST DWORD PTR DS:[ECX+0x4],0x6
76FC71DF B8 01000000 MOV EAX,0x1
76FC71E4 74 12 JE Xntdll.76FC71F8
76FC71E6 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+0x8]
76FC71EA 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+0x10]
76FC71EE 8B41 08 MOV EAX,DWORD PTR DS:[ECX+0x8]
76FC71F1 8902 MOV DWORD PTR DS:[EDX],EAX
76FC71F3 B8 03000000 MOV EAX,0x3
76FC71F8 C2 1000 RETN 0x10
76FC71FB 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+0x4]
76FC71FF 8B09 MOV ECX,DWORD PTR DS:[ECX]
76FC7201 64:890D 00000000 MOV DWORD PTR FS:[0],ECX
76FC7208 C2 0400 RETN 0x4
76FC720B > 53 PUSH EBX
76FC720C 8B5C24 08 MOV EBX,DWORD PTR SS:[ESP+0x8]
76FC7210 8983 B0000000 MOV DWORD PTR DS:[EBX+0xB0],EAX
76FC7216 898B AC000000 MOV DWORD PTR DS:[EBX+0xAC],ECX
76FC721C 8993 A8000000 MOV DWORD PTR DS:[EBX+0xA8],EDX
76FC7222 8B0424 MOV EAX,DWORD PTR SS:[ESP]
76FC7225 8983 A4000000 MOV DWORD PTR DS:[EBX+0xA4],EAX
76FC722B 89B3 A0000000 MOV DWORD PTR DS:[EBX+0xA0],ESI
76FC7231 89BB 9C000000 MOV DWORD PTR DS:[EBX+0x9C],EDI
76FC7237 EB 43 JMP Xntdll.76FC727C
76FC7239 8BFF MOV EDI,EDI
76FC723B 53 PUSH EBX
76FC723C 8B5C24 08 MOV EBX,DWORD PTR SS:[ESP+0x8]
76FC7240 C783 B0000000 00>MOV DWORD PTR DS:[EBX+0xB0],0x0
76FC724A C783 AC000000 00>MOV DWORD PTR DS:[EBX+0xAC],0x0
76FC7254 C783 A8000000 00>MOV DWORD PTR DS:[EBX+0xA8],0x0
76FC725E C783 A4000000 00>MOV DWORD PTR DS:[EBX+0xA4],0x0
76FC7268 C783 A0000000 00>MOV DWORD PTR DS:[EBX+0xA0],0x0
76FC7272 C783 9C000000 00>MOV DWORD PTR DS:[EBX+0x9C],0x0
76FC727C 8C8B BC000000 MOV WORD PTR DS:[EBX+0xBC],CS
76FC7282 8C9B 98000000 MOV WORD PTR DS:[EBX+0x98],DS
76FC7288 8C83 94000000 MOV WORD PTR DS:[EBX+0x94],ES
76FC728E 8CA3 90000000 MOV WORD PTR DS:[EBX+0x90],FS
76FC7294 8CAB 8C000000 MOV WORD PTR DS:[EBX+0x8C],GS
76FC729A 8C93 C8000000 MOV WORD PTR DS:[EBX+0xC8],SS
76FC72A0 9C PUSHFD
76FC72A1 8F83 C0000000 POP DWORD PTR DS:[EBX+0xC0]
76FC72A7 8B45 04 MOV EAX,DWORD PTR SS:[EBP+0x4]
76FC72AA 8983 B8000000 MOV DWORD PTR DS:[EBX+0xB8],EAX
76FC72B0 8B45 00 MOV EAX,DWORD PTR SS:[EBP]
76FC72B3 8983 B4000000 MOV DWORD PTR DS:[EBX+0xB4],EAX
76FC72B9 8D45 08 LEA EAX,DWORD PTR SS:[EBP+0x8]
76FC72BC 8983 C4000000 MOV DWORD PTR DS:[EBX+0xC4],EAX
76FC72C2 C703 07000100 MOV DWORD PTR DS:[EBX],0x10007
76FC72C8 5B POP EBX
76FC72C9 C2 0400 RETN 0x4
76FC72CC 8D49 00 LEA ECX,DWORD PTR DS:[ECX]
76FC72CF 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
76FC72D5 C3 RETN
76FC72D6 90 NOP
76FC72D7 B2 06 MOV DL,0x6
76FC72D9 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4]
76FC72DD 22D0 AND DL,AL
76FC72DF 80FA 04 CMP DL,0x4
76FC72E2 8B5424 08 MOV EDX,DWORD PTR SS:[ESP+0x8]
76FC72E6 74 06 JE Xntdll.76FC72EE
76FC72E8 0FAE ??? ; 未知命令
76FC72EA 21C2 AND EDX,EAX
76FC72EC 0800 OR BYTE PTR DS:[EAX],AL
76FC72EE FF71 18 PUSH DWORD PTR DS:[ECX+0x18]
76FC72F1 FF71 1C PUSH DWORD PTR DS:[ECX+0x1C]
76FC72F4 0FAE ??? ; 未知命令
76FC72F6 218F 411C8F41 AND DWORD PTR DS:[EDI+0x418F1C41],ECX
76FC72FC 18C2 SBB DL,AL
76FC72FE 0800 OR BYTE PTR DS:[EAX],AL
76FC7300 8D49 00 LEA ECX,DWORD PTR DS:[ECX]
76FC7303 9C PUSHFD
76FC7304 FA CLI
76FC7305 0F20C0 MOV EAX,CR0
76FC7308 50 PUSH EAX
76FC7309 A8 0E TEST AL,0xE
76FC730B 74 05 JE Xntdll.76FC7312
76FC730D 24 F1 AND AL,0xF1
76FC730F 0F22C0 MOV CR0,EAX ; 特权命令
76FC7312 FF7424 10 PUSH DWORD PTR SS:[ESP+0x10]
76FC7316 FF7424 10 PUSH DWORD PTR SS:[ESP+0x10]
76FC731A E8 B8FFFFFF CALL ntdll.76FC72D7
76FC731F 58 POP EAX
76FC7320 A8 0E TEST AL,0xE
76FC7322 74 03 JE Xntdll.76FC7327
76FC7324 0F22C0 MOV CR0,EAX ; 特权命令
76FC7327 9D POPFD
76FC7328 C2 0800 RETN 0x8
76FC732B B2 06 MOV DL,0x6
76FC732D 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4]
76FC7331 22D0 AND DL,AL
76FC7333 80FA 04 CMP DL,0x4
76FC7336 8B5424 08 MOV EDX,DWORD PTR SS:[ESP+0x8]
76FC733A 74 06 JE Xntdll.76FC7342
76FC733C 0FAE ??? ; 未知命令
76FC733E 29C2 SUB EDX,EAX
76FC7340 0800 OR BYTE PTR DS:[EAX],AL
76FC7342 FF71 18 PUSH DWORD PTR DS:[ECX+0x18]
76FC7345 0FAE59 18 STMXCSR DWORD PTR DS:[ECX+0x18]
76FC7349 0FAE ??? ; 未知命令
76FC734B 298F 4118C208 SUB DWORD PTR DS:[EDI+0x8C21841],ECX
76FC7351 0090 9CFA0F20 ADD BYTE PTR DS:[EAX+0x200FFA9C],DL
76FC7357 C050 A8 0E RCL BYTE PTR DS:[EAX-0x58],0xE
76FC735B 74 05 JE Xntdll.76FC7362
76FC735D 24 F1 AND AL,0xF1
76FC735F 0F22C0 MOV CR0,EAX ; 特权命令
76FC7362 FF7424 10 PUSH DWORD PTR SS:[ESP+0x10]
76FC7366 FF7424 10 PUSH DWORD PTR SS:[ESP+0x10]
76FC736A E8 BCFFFFFF CALL ntdll.76FC732B
76FC736F 58 POP EAX
76FC7370 A8 0E TEST AL,0xE
76FC7372 74 03 JE Xntdll.76FC7377
76FC7374 0F22C0 MOV CR0,EAX ; 特权命令
76FC7377 9D POPFD
76FC7378 C2 0800 RETN 0x8
76FC737B 90 NOP
76FC737C > 51 PUSH ECX
76FC737D 8D4C24 08 LEA ECX,DWORD PTR SS:[ESP+0x8]
76FC7381 2BC8 SUB ECX,EAX
76FC7383 83E1 0F AND ECX,0xF
76FC7386 03C1 ADD EAX,ECX
76FC7388 1BC9 SBB ECX,ECX
76FC738A 0BC1 OR EAX,ECX
76FC738C 59 POP ECX
76FC738D EB 15 JMP Xntdll._chkstk
76FC738F > 51 PUSH ECX
76FC7390 8D4C24 08 LEA ECX,DWORD PTR SS:[ESP+0x8]
76FC7394 2BC8 SUB ECX,EAX
76FC7396 83E1 07 AND ECX,0x7
76FC7399 03C1 ADD EAX,ECX
76FC739B 1BC9 SBB ECX,ECX
76FC739D 0BC1 OR EAX,ECX
76FC739F 59 POP ECX
76FC73A0 EB 02 JMP Xntdll._chkstk
76FC73A2 90 NOP
76FC73A3 90 NOP
76FC73A4 > 51 PUSH ECX
76FC73A5 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+0x4]
76FC73A9 2BC8 SUB ECX,EAX
76FC73AB 1BC0 SBB EAX,EAX
76FC73AD F7D0 NOT EAX
76FC73AF 23C8 AND ECX,EAX
76FC73B1 8BC4 MOV EAX,ESP
76FC73B3 25 00F0FFFF AND EAX,0xFFFFF000
76FC73B8 3BC8 CMP ECX,EAX
76FC73BA 72 0A JB Xntdll.76FC73C6
76FC73BC 8BC1 MOV EAX,ECX
76FC73BE 59 POP ECX
76FC73BF 94 XCHG EAX,ESP
76FC73C0 8B00 MOV EAX,DWORD PTR DS:[EAX]
76FC73C2 890424 MOV DWORD PTR SS:[ESP],EAX
76FC73C5 C3 RETN
76FC73C6 2D 00100000 SUB EAX,0x1000
76FC73CB 8500 TEST DWORD PTR DS:[EAX],EAX
76FC73CD ^EB E9 JMP Xntdll.76FC73B8
76FC73CF 90 NOP
76FC73D0 > EB 16 JMP Xntdll.76FC73E8
76FC73D2 8BFF MOV EDI,EDI
76FC73D4 > 83EC 0C SUB ESP,0xC
76FC73D7 DD1424 FST QWORD PTR SS:[ESP]
76FC73DA E8 89F9FFFF CALL ntdll.76FC6D68
76FC73DF E8 0D000000 CALL ntdll.76FC73F1
76FC73E4 83C4 0C ADD ESP,0xC
76FC73E7 C3 RETN
76FC73E8 8D5424 04 LEA EDX,DWORD PTR SS:[ESP+0x4]
76FC73EC E8 34F9FFFF CALL ntdll.76FC6D25
76FC73F1 52 PUSH EDX
76FC73F2 9B WAIT
76FC73F3 D93C24 FSTCW WORD PTR SS:[ESP]
76FC73F6 74 50 JE Xntdll.76FC7448
76FC73F8 66:813C24 7F02 CMP WORD PTR SS:[ESP],0x27F
76FC73FE 74 06 JE Xntdll.76FC7406
76FC7400 D92D 6C75FC76 FLDCW WORD PTR DS:[0x76FC756C]
76FC7406 D9FF FCOS
76FC7408 9B WAIT
76FC7409 DFE0 FSTSW AX
76FC740B 9E SAHF
76FC740C 7A 1D JPE Xntdll.76FC742B
76FC740E 833D 64D90577 00 CMP DWORD PTR DS:[0x7705D964],0x0
76FC7415 ^0F85 63F9FFFF JNZ ntdll.76FC6D7E
76FC741B BA 12000000 MOV EDX,0x12
76FC7420 8D0D D0D80577 LEA ECX,DWORD PTR DS:[0x7705D8D0]
76FC7426 ^E9 60F9FFFF JMP ntdll.76FC6D8B
76FC742B DB2D 8274FC76 FLD TBYTE PTR DS:[0x76FC7482]
76FC7431 D9C9 FXCH ST(1)
76FC7433 D9F5 FPREM1
76FC7435 9B WAIT
76FC7436 DFE0 FSTSW AX
76FC7438 9E SAHF
76FC7439 7A F8 JPE Xntdll.76FC7433
76FC743B DDD9 FSTP ST(1)
76FC743D D9FF FCOS
76FC743F ^EB CD JMP Xntdll.76FC740E
76FC7441 E8 C6F8FFFF CALL ntdll.76FC6D0C
76FC7446 EB 1B JMP Xntdll.76FC7463
76FC7448 A9 FFFF0F00 TEST EAX,0xFFFFF
76FC744D ^75 F2 JNZ Xntdll.76FC7441
76FC744F 837C24 08 00 CMP DWORD PTR SS:[ESP+0x8],0x0
76FC7454 ^75 EB JNZ Xntdll.76FC7441
76FC7456 DDD8 FSTP ST
76FC7458 DB2D 38D90577 FLD TBYTE PTR DS:[0x7705D938]
76FC745E B8 01000000 MOV EAX,0x1
76FC7463 833D 64D90577 00 CMP DWORD PTR DS:[0x7705D964],0x0
76FC746A ^0F85 0EF9FFFF JNZ ntdll.76FC6D7E
76FC7470 BA 12000000 MOV EDX,0x12
76FC7475 8D0D D0D80577 LEA ECX,DWORD PTR DS:[0x7705D8D0]
76FC747B E8 47FAFFFF CALL ntdll.76FC6EC7
76FC7480 5A POP EDX
76FC7481 C3 RETN
76FC7482 35 C26821A2 XOR EAX,0xA22168C2
76FC7487 DA0F FIMUL DWORD PTR DS:[EDI]
76FC7489 C9 LEAVE
76FC748A 3E:40 INC EAX ; 多余的前缀
76FC748C 90 NOP
76FC748D 90 NOP
76FC748E 90 NOP
76FC748F 90 NOP
76FC7490 > EB 16 JMP Xntdll.76FC74A8
76FC7492 8BFF MOV EDI,EDI
76FC7494 > 83EC 0C SUB ESP,0xC
76FC7497 DD1424 FST QWORD PTR SS:[ESP]
76FC749A E8 C9F8FFFF CALL ntdll.76FC6D68
76FC749F E8 0D000000 CALL ntdll.76FC74B1
76FC74A4 83C4 0C ADD ESP,0xC
76FC74A7 C3 RETN
76FC74A8 8D5424 04 LEA EDX,DWORD PTR SS:[ESP+0x4]
76FC74AC E8 74F8FFFF CALL ntdll.76FC6D25
76FC74B1 52 PUSH EDX
76FC74B2 9B WAIT
76FC74B3 D93C24 FSTCW WORD PTR SS:[ESP]
76FC74B6 74 4E JE Xntdll.76FC7506
76FC74B8 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+0xC]
76FC74BC 66:813C24 7F02 CMP WORD PTR SS:[ESP],0x27F
76FC74C2 74 06 JE Xntdll.76FC74CA
76FC74C4 D92D 6C75FC76 FLDCW WORD PTR DS:[0x76FC756C]
76FC74CA A9 0000F07F TEST EAX,0x7FF00000
76FC74CF 74 60 JE Xntdll.76FC7531
76FC74D1 A9 00000080 TEST EAX,0x80000000
76FC74D6 75 43 JNZ Xntdll.76FC751B
76FC74D8 D9ED FLDLN2
76FC74DA D9C9 FXCH ST(1)
76FC74DC D9F1 FYL2X
76FC74DE 833D 64D90577 00 CMP DWORD PTR DS:[0x7705D964],0x0
76FC74E5 ^0F85 93F8FFFF JNZ ntdll.76FC6D7E
76FC74EB 8D0D E0D80577 LEA ECX,DWORD PTR DS:[0x7705D8E0]
76FC74F1 BA 1A000000 MOV EDX,0x1A
76FC74F6 ^E9 90F8FFFF JMP ntdll.76FC6D8B
76FC74FB A9 00000080 TEST EAX,0x80000000
76FC7500 ^74 D6 JE Xntdll.76FC74D8
76FC7502 EB 17 JMP Xntdll.76FC751B
76FC7504 ^EB D2 JMP Xntdll.76FC74D8
76FC7506 A9 FFFF0F00 TEST EAX,0xFFFFF
76FC750B 75 1D JNZ Xntdll.76FC752A
76FC750D 837C24 08 00 CMP DWORD PTR SS:[ESP+0x8],0x0
76FC7512 75 16 JNZ Xntdll.76FC752A
76FC7514 25 00000080 AND EAX,0x80000000
76FC7519 ^74 C3 JE Xntdll.76FC74DE
76FC751B DDD8 FSTP ST
76FC751D DB2D 38D90577 FLD TBYTE PTR DS:[0x7705D938]
76FC7523 B8 01000000 MOV EAX,0x1
76FC7528 EB 22 JMP Xntdll.76FC754C
76FC752A E8 DDF7FFFF CALL ntdll.76FC6D0C
76FC752F EB 1B JMP Xntdll.76FC754C
76FC7531 A9 FFFF0F00 TEST EAX,0xFFFFF
76FC7536 ^75 C3 JNZ Xntdll.76FC74FB
76FC7538 837C24 08 00 CMP DWORD PTR SS:[ESP+0x8],0x0
76FC753D ^75 BC JNZ Xntdll.76FC74FB
76FC753F DDD8 FSTP ST
76FC7541 DB2D 5AD90577 FLD TBYTE PTR DS:[0x7705D95A]
76FC7547 B8 02000000 MOV EAX,0x2
76FC754C 833D 64D90577 00 CMP DWORD PTR DS:[0x7705D964],0x0
76FC7553 ^0F85 25F8FFFF JNZ ntdll.76FC6D7E
76FC7559 8D0D E0D80577 LEA ECX,DWORD PTR DS:[0x7705D8E0]
76FC755F BA 1A000000 MOV EDX,0x1A
76FC7564 E8 5EF9FFFF CALL ntdll.76FC6EC7
76FC7569 5A POP EDX
76FC756A C3 RETN
76FC756B 90 NOP
76FC756C 7F 02 JG Xntdll.strstr
76FC756E 90 NOP
76FC756F 90 NOP
76FC7570 > 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+0x8]
76FC7574 57 PUSH EDI
76FC7575 53 PUSH EBX
76FC7576 56 PUSH ESI
76FC7577 8A11 MOV DL,BYTE PTR DS:[ECX]
76FC7579 8B7C24 10 MOV EDI,DWORD PTR SS:[ESP+0x10]
76FC757D 84D2 TEST DL,DL
76FC757F 74 6E JE Xntdll.76FC75EF
76FC7581 8A71 01 MOV DH,BYTE PTR DS:[ECX+0x1]
76FC7584 84F6 TEST DH,DH
76FC7586 74 57 JE Xntdll.76FC75DF
76FC7588 8BF7 MOV ESI,EDI
76FC758A 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14]
76FC758E 8A07 MOV AL,BYTE PTR DS:[EDI]
76FC7590 83C6 01 ADD ESI,0x1
76FC7593 3AC2 CMP AL,DL
76FC7595 74 17 JE Xntdll.76FC75AE
76FC7597 84C0 TEST AL,AL
76FC7599 74 0D JE Xntdll.76FC75A8
76FC759B 8A06 MOV AL,BYTE PTR DS:[ESI]
76FC759D 83C6 01 ADD ESI,0x1
76FC75A0 3AC2 CMP AL,DL
76FC75A2 74 0A JE Xntdll.76FC75AE
76FC75A4 84C0 TEST AL,AL
76FC75A6 ^75 F3 JNZ Xntdll.76FC759B
76FC75A8 5E POP ESI
76FC75A9 5B POP EBX
76FC75AA 5F POP EDI
76FC75AB 33C0 XOR EAX,EAX
76FC75AD C3 RETN
76FC75AE 8A06 MOV AL,BYTE PTR DS:[ESI]
76FC75B0 83C6 01 ADD ESI,0x1
76FC75B3 3AC6 CMP AL,DH
76FC75B5 ^75 E9 JNZ Xntdll.76FC75A0
76FC75B7 8D7E FF LEA EDI,DWORD PTR DS:[ESI-0x1]
76FC75BA 8A61 02 MOV AH,BYTE PTR DS:[ECX+0x2]
76FC75BD 84E4 TEST AH,AH
76FC75BF 74 27 JE Xntdll.76FC75E8
76FC75C1 8A06 MOV AL,BYTE PTR DS:[ESI]
76FC75C3 83C6 02 ADD ESI,0x2
76FC75C6 3AC4 CMP AL,AH
76FC75C8 ^75 BE JNZ Xntdll.76FC7588
76FC75CA 8A41 03 MOV AL,BYTE PTR DS:[ECX+0x3]
76FC75CD 84C0 TEST AL,AL
76FC75CF 74 17 JE Xntdll.76FC75E8
76FC75D1 8A66 FF MOV AH,BYTE PTR DS:[ESI-0x1]
76FC75D4 83C1 02 ADD ECX,0x2
76FC75D7 3AC4 CMP AL,AH
76FC75D9 ^75 AD JNZ Xntdll.76FC7588
76FC75DB ^EB DD JMP Xntdll.76FC75BA
76FC75DD ^EB A9 JMP Xntdll.76FC7588
76FC75DF 33C0 XOR EAX,EAX
76FC75E1 5E POP ESI
76FC75E2 5B POP EBX
76FC75E3 5F POP EDI
76FC75E4 8AC2 MOV AL,DL
76FC75E6 EB 2E JMP Xntdll.76FC7616
76FC75E8 8D47 FF LEA EAX,DWORD PTR DS:[EDI-0x1]
76FC75EB 5E POP ESI
76FC75EC 5B POP EBX
76FC75ED 5F POP EDI
76FC75EE C3 RETN
76FC75EF 8BC7 MOV EAX,EDI
76FC75F1 5E POP ESI
76FC75F2 5B POP EBX
76FC75F3 5F POP EDI
76FC75F4 C3 RETN
76FC75F5 90 NOP
76FC75F6 90 NOP
76FC75F7 90 NOP
76FC75F8 90 NOP
76FC75F9 90 NOP
76FC75FA 90 NOP
76FC75FB 90 NOP
76FC75FC 90 NOP
76FC75FD 90 NOP
76FC75FE 90 NOP
76FC75FF 90 NOP
76FC7600 8D42 FF LEA EAX,DWORD PTR DS:[EDX-0x1]
76FC7603 5B POP EBX
76FC7604 C3 RETN
76FC7605 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP]
76FC760C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP]
76FC7610 > 33C0 XOR EAX,EAX
76FC7612 8A4424 08 MOV AL,BYTE PTR SS:[ESP+0x8]
76FC7616 53 PUSH EBX
76FC7617 8BD8 MOV EBX,EAX
76FC7619 C1E0 08 SHL EAX,0x8
76FC761C 8B5424 08 MOV EDX,DWORD PTR SS:[ESP+0x8]
76FC7620 F7C2 03000000 TEST EDX,0x3
76FC7626 74 15 JE Xntdll.76FC763D
76FC7628 8A0A MOV CL,BYTE PTR DS:[EDX]
76FC762A 83C2 01 ADD EDX,0x1
76FC762D 3ACB CMP CL,BL
76FC762F ^74 CF JE Xntdll.76FC7600
76FC7631 84C9 TEST CL,CL
76FC7633 74 51 JE Xntdll.76FC7686
76FC7635 F7C2 03000000 TEST EDX,0x3
76FC763B ^75 EB JNZ Xntdll.76FC7628
76FC763D 0BD8 OR EBX,EAX
76FC763F 57 PUSH EDI
76FC7640 8BC3 MOV EAX,EBX
76FC7642 C1E3 10 SHL EBX,0x10
76FC7645 56 PUSH ESI
76FC7646 0BD8 OR EBX,EAX
76FC7648 8B0A MOV ECX,DWORD PTR DS:[EDX]
76FC764A BF FFFEFE7E MOV EDI,0x7EFEFEFF
76FC764F 8BC1 MOV EAX,ECX
76FC7651 8BF7 MOV ESI,EDI
76FC7653 33CB XOR ECX,EBX
76FC7655 03F0 ADD ESI,EAX
76FC7657 03F9 ADD EDI,ECX
76FC7659 83F1 FF XOR ECX,0xFFFFFFFF
76FC765C 83F0 FF XOR EAX,0xFFFFFFFF
76FC765F 33CF XOR ECX,EDI
76FC7661 33C6 XOR EAX,ESI
76FC7663 83C2 04 ADD EDX,0x4
76FC7666 81E1 00010181 AND ECX,0x81010100
76FC766C 75 1C JNZ Xntdll.76FC768A
76FC766E 25 00010181 AND EAX,0x81010100
76FC7673 ^74 D3 JE Xntdll.76FC7648
76FC7675 25 00010101 AND EAX,0x1010100
76FC767A 75 08 JNZ Xntdll.76FC7684
76FC767C 81E6 00000080 AND ESI,0x80000000
76FC7682 ^75 C4 JNZ Xntdll.76FC7648
76FC7684 5E POP ESI
76FC7685 5F POP EDI
76FC7686 5B POP EBX
76FC7687 33C0 XOR EAX,EAX
76FC7689 C3 RETN
76FC768A 8B42 FC MOV EAX,DWORD PTR DS:[EDX-0x4]
76FC768D 3AC3 CMP AL,BL
76FC768F 74 38 JE Xntdll.76FC76C9
76FC7691 84C0 TEST AL,AL
76FC7693 ^74 EF JE Xntdll.76FC7684
76FC7695 3AE3 CMP AH,BL
76FC7697 74 29 JE Xntdll.76FC76C2
76FC7699 84E4 TEST AH,AH
76FC769B ^74 E7 JE Xntdll.76FC7684
76FC769D C1E8 10 SHR EAX,0x10
76FC76A0 3AC3 CMP AL,BL
76FC76A2 74 17 JE Xntdll.76FC76BB
76FC76A4 84C0 TEST AL,AL
76FC76A6 ^74 DC JE Xntdll.76FC7684
76FC76A8 3AE3 CMP AH,BL
76FC76AA 74 08 JE Xntdll.76FC76B4
76FC76AC 84E4 TEST AH,AH
76FC76AE ^75 98 JNZ Xntdll.76FC7648
76FC76B0 ^EB D2 JMP Xntdll.76FC7684
76FC76B2 ^EB 94 JMP Xntdll.76FC7648
[课程]Android-CTF解题方法汇总!