-
-
[旧帖] [求助]程序修改一闪就消失 0.00雪花
-
发表于: 2012-11-7 21:16 1220
-
我用PEID检测显示的是Microsoft Visual C++ 8 *,可是载入OD后就来到下面代码了:
0075AFA5 > $ E8 9E050000 call 123.0075B548 ; (Initial CPU selection)
0075AFAA .^ E9 36FDFFFF jmp 123.0075ACE5
0075AFAF CC int3
0075AFB0 $- FF25 34027700 jmp dword ptr ds:[<&MSVCR90._CIcos>] ; MSVCR90._CIcos
0075AFB6 $- FF25 38027700 jmp dword ptr ds:[<&MSVCR90._CIsin>] ; MSVCR90._CIsin
0075AFBC $- FF25 3C027700 jmp dword ptr ds:[<&MSVCR90._CIsqrt>] ; MSVCR90._CIsqrt
0075AFC2 $- FF25 40027700 jmp dword ptr ds:[<&MSVCR90._CIatan2>] ; MSVCR90._CIatan2
0075AFC8 $- FF25 44027700 jmp dword ptr ds:[<&MSVCR90._CItan>] ; MSVCR90._CItan
0075AFCE $- FF25 48027700 jmp dword ptr ds:[<&MSVCR90._CIatan>] ; MSVCR90._CIatan
0075AFD4 $- FF25 4C027700 jmp dword ptr ds:[<&MSVCR90._CIacos>] ; MSVCR90._CIacos
0075AFDA $- FF25 50027700 jmp dword ptr ds:[<&MSVCR90._CIasin>] ; MSVCR90._CIasin
0075AFE0 /$ 53 push ebx
0075AFE1 |. 56 push esi
0075AFE2 |. 8B4424 18 mov eax,dword ptr ss:[esp+18]
0075AFE6 |. 0BC0 or eax,eax
0075AFE8 |. 75 18 jnz short 123.0075B002
0075AFEA |. 8B4C24 14 mov ecx,dword ptr ss:[esp+14]
0075AFEE |. 8B4424 10 mov eax,dword ptr ss:[esp+10]
0075AFF2 |. 33D2 xor edx,edx
0075AFF4 |. F7F1 div ecx
0075AFF6 |. 8BD8 mov ebx,eax
0075AFF8 |. 8B4424 0C mov eax,dword ptr ss:[esp+C]
0075AFFC |. F7F1 div ecx
0075AFFE |. 8BD3 mov edx,ebx
0075B000 |. EB 41 jmp short 123.0075B043
0075B002 |> 8BC8 mov ecx,eax
0075B004 |. 8B5C24 14 mov ebx,dword ptr ss:[esp+14]
0075B008 |. 8B5424 10 mov edx,dword ptr ss:[esp+10]
0075B00C |. 8B4424 0C mov eax,dword ptr ss:[esp+C]
0075B010 |> D1E9 /shr ecx,1
0075B012 |. D1DB |rcr ebx,1
0075B014 |. D1EA |shr edx,1
0075B016 |. D1D8 |rcr eax,1
0075B018 |. 0BC9 |or ecx,ecx
0075B01A |.^ 75 F4 \jnz short 123.0075B010
0075B01C |. F7F3 div ebx
0075B01E |. 8BF0 mov esi,eax
0075B020 |. F76424 18 mul dword ptr ss:[esp+18]
0075B024 |. 8BC8 mov ecx,eax
0075B026 |. 8B4424 14 mov eax,dword ptr ss:[esp+14]
0075B02A |. F7E6 mul esi
0075B02C |. 03D1 add edx,ecx
0075B02E |. 72 0E jb short 123.0075B03E
0075B030 |. 3B5424 10 cmp edx,dword ptr ss:[esp+10]
0075B034 |. 77 08 ja short 123.0075B03E
0075B036 |. 72 07 jb short 123.0075B03F
0075B038 |. 3B4424 0C cmp eax,dword ptr ss:[esp+C]
0075B03C |. 76 01 jbe short 123.0075B03F
0075B03E |> 4E dec esi
0075B03F |> 33D2 xor edx,edx
0075B041 |. 8BC6 mov eax,esi
0075B043 |> 5E pop esi
0075B044 |. 5B pop ebx
0075B045 \. C2 1000 retn 10
这个程序是不是还有壳啊?入口怎么这么怪异?还有0075AFAA .^ E9 36FDFFFF jmp 123.0075ACE5
这一句跳转到下面的代码:
0075ACE5 > /6A 58 push 58
0075ACE7 . |68 80E97A00 push 123.007AE980
0075ACEC . |E8 AF050000 call 123.0075B2A0
0075ACF1 . |33DB xor ebx,ebx
0075ACF3 . |895D E4 mov dword ptr ss:[ebp-1C],ebx
0075ACF6 . |895D FC mov dword ptr ss:[ebp-4],ebx
0075ACF9 . |8D45 98 lea eax,dword ptr ss:[ebp-68]
0075ACFC . |50 push eax ; /pStartupinfo
0075ACFD . |FF15 00017700 call dword ptr ds:[<&KERNEL32.GetStartup>; \GetStartupInfoA
0075AD03 . |C745 FC FEFFF>mov dword ptr ss:[ebp-4],-2
0075AD0A . |C745 FC 01000>mov dword ptr ss:[ebp-4],1
0075AD11 . |64:A1 1800000>mov eax,dword ptr fs:[18]
0075AD17 . |8B70 04 mov esi,dword ptr ds:[eax+4]
0075AD1A . |BF E0128600 mov edi,123.008612E0
0075AD1F > |6A 00 push 0 ; /Arg3 = 00000000
0075AD21 . |56 push esi ; |Arg2
0075AD22 . |57 push edi ; |Arg1
0075AD23 . |FF15 04017700 call dword ptr ds:[<&KERNEL32.Interlocke>; \InterlockedCompareExchange
0075AD29 . |85C0 test eax,eax
0075AD2B . |74 18 je short 123.0075AD45
0075AD2D . |3BC6 cmp eax,esi
0075AD2F . |75 07 jnz short 123.0075AD38
0075AD31 . |33F6 xor esi,esi
0075AD33 . |46 inc esi
0075AD34 . |8BDE mov ebx,esi
0075AD36 . |EB 10 jmp short 123.0075AD48
0075AD38 > |68 E8030000 push 3E8 ; /Timeout = 1000. ms
0075AD3D . |FF15 BC017700 call dword ptr ds:[<&KERNEL32.Sleep>] ; \Sleep
0075AD43 .^|EB DA jmp short 123.0075AD1F
0075AD45 > |33F6 xor esi,esi
0075AD47 . |46 inc esi
0075AD48 > |A1 DC128600 mov eax,dword ptr ds:[8612DC]
0075AD4D . |3BC6 cmp eax,esi
0075AD4F . |75 0A jnz short 123.0075AD5B
0075AD51 . |6A 1F push 1F
0075AD53 . |E8 0A060000 call <jmp.&MSVCR90._amsg_exit>
0075AD58 . |59 pop ecx
0075AD59 . |EB 2F jmp short 123.0075AD8A
0075AD5B > |A1 DC128600 mov eax,dword ptr ds:[8612DC]
0075AD60 . |85C0 test eax,eax
0075AD62 . |75 20 jnz short 123.0075AD84
0075AD64 . |8935 DC128600 mov dword ptr ds:[8612DC],esi
0075AD6A . |68 E0177700 push 123.007717E0
0075AD6F . |68 D0177700 push 123.007717D0
0075AD74 . |E8 9B070000 call <jmp.&MSVCR90._initterm_e>
0075AD79 . |59 pop ecx
0075AD7A . |59 pop ecx
0075AD7B . |85C0 test eax,eax
0075AD7D . |74 0B je short 123.0075AD8A
0075AD7F . |E9 2E010000 jmp 123.0075AEB2
0075AD84 > |8935 900F8600 mov dword ptr ds:[860F90],esi
0075AD8A > |A1 DC128600 mov eax,dword ptr ds:[8612DC]
0075AD8F . |3BC6 cmp eax,esi
0075AD91 . |75 1B jnz short 123.0075ADAE
0075AD93 . |68 CC177700 push 123.007717CC
0075AD98 . |68 80167700 push 123.00771680
0075AD9D . |E8 6C070000 call <jmp.&MSVCR90._initterm>
0075ADA2 . |59 pop ecx
0075ADA3 . |59 pop ecx
0075ADA4 . |C705 DC128600>mov dword ptr ds:[8612DC],2
0075ADAE > |85DB test ebx,ebx
0075ADB0 . |75 08 jnz short 123.0075ADBA
0075ADB2 . |53 push ebx ; /NewValue
0075ADB3 . |57 push edi ; |pTarget
0075ADB4 . |FF15 08017700 call dword ptr ds:[<&KERNEL32.Interlocke>; \InterlockedExchange
0075ADBA > |833D E8128600>cmp dword ptr ds:[8612E8],0
0075ADC1 . |74 1B je short 123.0075ADDE
0075ADC3 . |68 E8128600 push 123.008612E8
0075ADC8 . |E8 83060000 call 123.0075B450
0075ADCD . |59 pop ecx
0075ADCE . |85C0 test eax,eax
0075ADD0 . |74 0C je short 123.0075ADDE
0075ADD2 . |6A 00 push 0
0075ADD4 . |6A 02 push 2
0075ADD6 . |6A 00 push 0
0075ADD8 . |FF15 E8128600 call dword ptr ds:[8612E8]
0075ADDE > |A1 94027700 mov eax,dword ptr ds:[<&MSVCR90._acmdln>>
0075ADE3 . |8B30 mov esi,dword ptr ds:[eax]
0075ADE5 > |8975 E0 mov dword ptr ss:[ebp-20],esi
0075ADE8 . |8A06 mov al,byte ptr ds:[esi]
0075ADEA . |3C 20 cmp al,20
0075ADEC . |77 4C ja short 123.0075AE3A
0075ADEE . |84C0 test al,al
0075ADF0 . |74 06 je short 123.0075ADF8
0075ADF2 . |837D E4 00 cmp dword ptr ss:[ebp-1C],0
0075ADF6 . |75 42 jnz short 123.0075AE3A
0075ADF8 > |8A06 mov al,byte ptr ds:[esi]
0075ADFA . |84C0 test al,al
0075ADFC . |74 0A je short 123.0075AE08
0075ADFE . |3C 20 cmp al,20
0075AE00 . |77 06 ja short 123.0075AE08
0075AE02 . |46 inc esi
0075AE03 . |8975 E0 mov dword ptr ss:[ebp-20],esi
0075AE06 .^|EB F0 jmp short 123.0075ADF8
0075AE08 > |F645 C4 01 test byte ptr ss:[ebp-3C],1
0075AE0C . |74 06 je short 123.0075AE14
0075AE0E . |0FB745 C8 movzx eax,word ptr ss:[ebp-38]
0075AE12 . |EB 03 jmp short 123.0075AE17
0075AE14 > |6A 0A push 0A
0075AE16 . |58 pop eax
0075AE17 > |50 push eax
0075AE18 . |56 push esi
0075AE19 . |6A 00 push 0
0075AE1B . |68 00004000 push 123.00400000
0075AE20 . |E8 3D080000 call 123.0075B662
0075AE25 . |A3 8C0F8600 mov dword ptr ds:[860F8C],eax
0075AE2A . |833D 800F8600>cmp dword ptr ds:[860F80],0
0075AE31 . |75 5B jnz short 123.0075AE8E
0075AE33 . |50 push eax ; /status
0075AE34 . |FF15 14027700 call dword ptr ds:[<&MSVCR90.exit>] ; \exit
0075AE3A > |3C 22 cmp al,22
0075AE3C . |75 0B jnz short 123.0075AE49
0075AE3E . |33C9 xor ecx,ecx
0075AE40 . |394D E4 cmp dword ptr ss:[ebp-1C],ecx
0075AE43 . |0F94C1 sete cl
0075AE46 . |894D E4 mov dword ptr ss:[ebp-1C],ecx
0075AE49 > |0FB6C0 movzx eax,al
0075AE4C . |50 push eax ; /c
0075AE4D . |FF15 90027700 call dword ptr ds:[<&MSVCR90._ismbblead>>; \_ismbblead
0075AE53 . |59 pop ecx
0075AE54 . |85C0 test eax,eax
0075AE56 . |74 04 je short 123.0075AE5C
0075AE58 . |46 inc esi
0075AE59 . |8975 E0 mov dword ptr ss:[ebp-20],esi
0075AE5C > |46 inc esi
0075AE5D .^|EB 86 jmp short 123.0075ADE5
0075AE5F . |8B45 EC mov eax,dword ptr ss:[ebp-14]
0075AE62 . |8B08 mov ecx,dword ptr ds:[eax]
0075AE64 . |8B09 mov ecx,dword ptr ds:[ecx]
0075AE66 . |894D DC mov dword ptr ss:[ebp-24],ecx
0075AE69 . |50 push eax
0075AE6A . |51 push ecx
0075AE6B . |E8 44050000 call <jmp.&MSVCR90._XcptFilter>
0075AE70 . |59 pop ecx
0075AE71 . |59 pop ecx
0075AE72 . |C3 retn
0075AE73 . |8B65 E8 mov esp,dword ptr ss:[ebp-18]
0075AE76 . |8B45 DC mov eax,dword ptr ss:[ebp-24]
0075AE79 . |A3 8C0F8600 mov dword ptr ds:[860F8C],eax
0075AE7E . |833D 800F8600>cmp dword ptr ds:[860F80],0
0075AE85 . |75 07 jnz short 123.0075AE8E
0075AE87 . |50 push eax ; /status
0075AE88 . |FF15 88027700 call dword ptr ds:[<&MSVCR90._exit>] ; \_exit
0075AE8E > |833D 900F8600>cmp dword ptr ds:[860F90],0
0075AE95 . |75 06 jnz short 123.0075AE9D
0075AE97 . |FF15 84027700 call dword ptr ds:[<&MSVCR90._cexit>] ; MSVCR90._cexit
0075AE9D > |C745 FC FEFFF>mov dword ptr ss:[ebp-4],-2
0075AEA4 . |A1 8C0F8600 mov eax,dword ptr ds:[860F8C]
0075AEA9 . |EB 13 jmp short 123.0075AEBE
0075AEAB . |33C0 xor eax,eax
0075AEAD . |40 inc eax
0075AEAE . |C3 retn
0075AEAF . |8B65 E8 mov esp,dword ptr ss:[ebp-18]
0075AEB2 > |C745 FC FEFFF>mov dword ptr ss:[ebp-4],-2
0075AEB9 . |B8 FF000000 mov eax,0FF
0075AEBE > |E8 22040000 call 123.0075B2E5
0075AEC3 . |C3 retn
0075AEC4 . |B8 4D5A0000 mov eax,5A4D
0075AEC9 . |66:3905 00004>cmp word ptr ds:[400000],ax
0075AED0 . |74 04 je short 123.0075AED6
0075AED2 > |33C0 xor eax,eax
0075AED4 . |EB 4D jmp short 123.0075AF23
0075AED6 > |A1 3C004000 mov eax,dword ptr ds:[40003C]
0075AEDB . |8D80 00004000 lea eax,dword ptr ds:[eax+400000]
0075AEE1 . |8138 50450000 cmp dword ptr ds:[eax],4550
0075AEE7 .^|75 E9 jnz short 123.0075AED2
0075AEE9 . |0FB748 18 movzx ecx,word ptr ds:[eax+18]
0075AEED . |81F9 0B010000 cmp ecx,10B
0075AEF3 . |74 1B je short 123.0075AF10
0075AEF5 . |81F9 0B020000 cmp ecx,20B
0075AEFB .^|75 D5 jnz short 123.0075AED2
0075AEFD . |83B8 84000000>cmp dword ptr ds:[eax+84],0E
0075AF04 .^|76 CC jbe short 123.0075AED2
0075AF06 . |33C9 xor ecx,ecx
0075AF08 . |3988 F8000000 cmp dword ptr ds:[eax+F8],ecx
0075AF0E . |EB 0E jmp short 123.0075AF1E
0075AF10 > |8378 74 0E cmp dword ptr ds:[eax+74],0E
0075AF14 .^|76 BC jbe short 123.0075AED2
0075AF16 . |33C9 xor ecx,ecx
0075AF18 . |3988 E8000000 cmp dword ptr ds:[eax+E8],ecx
0075AF1E > |0F95C1 setne cl
0075AF21 . |8BC1 mov eax,ecx
0075AF23 > |6A 02 push 2
0075AF25 . |A3 800F8600 mov dword ptr ds:[860F80],eax
0075AF2A . |FF15 B4027700 call dword ptr ds:[<&MSVCR90.__set_app_t>; MSVCR90.__set_app_type
0075AF30 . |6A FF push -1
0075AF32 . |FF15 68027700 call dword ptr ds:[<&MSVCR90._encode_poi>; MSVCR90._encode_pointer
0075AF38 . |59 pop ecx
0075AF39 . |59 pop ecx
0075AF3A . |A3 EC128600 mov dword ptr ds:[8612EC],eax
0075AF3F . |A3 F0128600 mov dword ptr ds:[8612F0],eax
0075AF44 . |FF15 B0027700 call dword ptr ds:[<&MSVCR90.__p__fmode>>; MSVCR90.__p__fmode
0075AF4A . |8B0D CC128600 mov ecx,dword ptr ds:[8612CC]
0075AF50 . |8908 mov dword ptr ds:[eax],ecx
0075AF52 . |FF15 AC027700 call dword ptr ds:[<&MSVCR90.__p__commod>; MSVCR90.__p__commode
0075AF58 . |8B0D C8128600 mov ecx,dword ptr ds:[8612C8]
0075AF5E . |8908 mov dword ptr ds:[eax],ecx
0075AF60 . |A1 A8027700 mov eax,dword ptr ds:[<&MSVCR90._adjust_>
0075AF65 . |8B00 mov eax,dword ptr ds:[eax]
0075AF67 . |A3 D8128600 mov dword ptr ds:[8612D8],eax
0075AF6C . |E8 F7030000 call 123.0075B368
0075AF71 . |E8 CF050000 call 123.0075B545
0075AF76 . |833D CC8C7B00>cmp dword ptr ds:[7B8CCC],0
0075AF7D . |75 0C jnz short 123.0075AF8B
0075AF7F . |68 45B57500 push 123.0075B545 ; 入口地址
0075AF84 . |FF15 A4027700 call dword ptr ds:[<&MSVCR90.__setuserma>; MSVCR90.__setusermatherr
0075AF8A . |59 pop ecx
0075AF8B > |E8 8A050000 call 123.0075B51A
0075AF90 . |833D C88C7B00>cmp dword ptr ds:[7B8CC8],-1
0075AF97 . |75 09 jnz short 123.0075AFA2
0075AF99 . |6A FF push -1
0075AF9B . |FF15 A0027700 call dword ptr ds:[<&MSVCR90._configthre>; MSVCR90._configthreadlocale
0075AFA1 . |59 pop ecx
0075AFA2 > |33C0 xor eax,eax
0075AFA4 . |C3 retn
0075AFA5 > $ |E8 9E050000 call 123.0075B548 ; (Initial CPU selection)
0075AFAA .^\E9 36FDFFFF jmp 123.0075ACE5
求高人帮忙分析分析,这段代码实现的什么?还有我随便改一处代码保存后,运行程序后只是闪一下程序的欢迎界面就没了,但是在任务管理器中还有程序进程,这是怎么回事啊?
0075AFA5 > $ E8 9E050000 call 123.0075B548 ; (Initial CPU selection)
0075AFAA .^ E9 36FDFFFF jmp 123.0075ACE5
0075AFAF CC int3
0075AFB0 $- FF25 34027700 jmp dword ptr ds:[<&MSVCR90._CIcos>] ; MSVCR90._CIcos
0075AFB6 $- FF25 38027700 jmp dword ptr ds:[<&MSVCR90._CIsin>] ; MSVCR90._CIsin
0075AFBC $- FF25 3C027700 jmp dword ptr ds:[<&MSVCR90._CIsqrt>] ; MSVCR90._CIsqrt
0075AFC2 $- FF25 40027700 jmp dword ptr ds:[<&MSVCR90._CIatan2>] ; MSVCR90._CIatan2
0075AFC8 $- FF25 44027700 jmp dword ptr ds:[<&MSVCR90._CItan>] ; MSVCR90._CItan
0075AFCE $- FF25 48027700 jmp dword ptr ds:[<&MSVCR90._CIatan>] ; MSVCR90._CIatan
0075AFD4 $- FF25 4C027700 jmp dword ptr ds:[<&MSVCR90._CIacos>] ; MSVCR90._CIacos
0075AFDA $- FF25 50027700 jmp dword ptr ds:[<&MSVCR90._CIasin>] ; MSVCR90._CIasin
0075AFE0 /$ 53 push ebx
0075AFE1 |. 56 push esi
0075AFE2 |. 8B4424 18 mov eax,dword ptr ss:[esp+18]
0075AFE6 |. 0BC0 or eax,eax
0075AFE8 |. 75 18 jnz short 123.0075B002
0075AFEA |. 8B4C24 14 mov ecx,dword ptr ss:[esp+14]
0075AFEE |. 8B4424 10 mov eax,dword ptr ss:[esp+10]
0075AFF2 |. 33D2 xor edx,edx
0075AFF4 |. F7F1 div ecx
0075AFF6 |. 8BD8 mov ebx,eax
0075AFF8 |. 8B4424 0C mov eax,dword ptr ss:[esp+C]
0075AFFC |. F7F1 div ecx
0075AFFE |. 8BD3 mov edx,ebx
0075B000 |. EB 41 jmp short 123.0075B043
0075B002 |> 8BC8 mov ecx,eax
0075B004 |. 8B5C24 14 mov ebx,dword ptr ss:[esp+14]
0075B008 |. 8B5424 10 mov edx,dword ptr ss:[esp+10]
0075B00C |. 8B4424 0C mov eax,dword ptr ss:[esp+C]
0075B010 |> D1E9 /shr ecx,1
0075B012 |. D1DB |rcr ebx,1
0075B014 |. D1EA |shr edx,1
0075B016 |. D1D8 |rcr eax,1
0075B018 |. 0BC9 |or ecx,ecx
0075B01A |.^ 75 F4 \jnz short 123.0075B010
0075B01C |. F7F3 div ebx
0075B01E |. 8BF0 mov esi,eax
0075B020 |. F76424 18 mul dword ptr ss:[esp+18]
0075B024 |. 8BC8 mov ecx,eax
0075B026 |. 8B4424 14 mov eax,dword ptr ss:[esp+14]
0075B02A |. F7E6 mul esi
0075B02C |. 03D1 add edx,ecx
0075B02E |. 72 0E jb short 123.0075B03E
0075B030 |. 3B5424 10 cmp edx,dword ptr ss:[esp+10]
0075B034 |. 77 08 ja short 123.0075B03E
0075B036 |. 72 07 jb short 123.0075B03F
0075B038 |. 3B4424 0C cmp eax,dword ptr ss:[esp+C]
0075B03C |. 76 01 jbe short 123.0075B03F
0075B03E |> 4E dec esi
0075B03F |> 33D2 xor edx,edx
0075B041 |. 8BC6 mov eax,esi
0075B043 |> 5E pop esi
0075B044 |. 5B pop ebx
0075B045 \. C2 1000 retn 10
这个程序是不是还有壳啊?入口怎么这么怪异?还有0075AFAA .^ E9 36FDFFFF jmp 123.0075ACE5
这一句跳转到下面的代码:
0075ACE5 > /6A 58 push 58
0075ACE7 . |68 80E97A00 push 123.007AE980
0075ACEC . |E8 AF050000 call 123.0075B2A0
0075ACF1 . |33DB xor ebx,ebx
0075ACF3 . |895D E4 mov dword ptr ss:[ebp-1C],ebx
0075ACF6 . |895D FC mov dword ptr ss:[ebp-4],ebx
0075ACF9 . |8D45 98 lea eax,dword ptr ss:[ebp-68]
0075ACFC . |50 push eax ; /pStartupinfo
0075ACFD . |FF15 00017700 call dword ptr ds:[<&KERNEL32.GetStartup>; \GetStartupInfoA
0075AD03 . |C745 FC FEFFF>mov dword ptr ss:[ebp-4],-2
0075AD0A . |C745 FC 01000>mov dword ptr ss:[ebp-4],1
0075AD11 . |64:A1 1800000>mov eax,dword ptr fs:[18]
0075AD17 . |8B70 04 mov esi,dword ptr ds:[eax+4]
0075AD1A . |BF E0128600 mov edi,123.008612E0
0075AD1F > |6A 00 push 0 ; /Arg3 = 00000000
0075AD21 . |56 push esi ; |Arg2
0075AD22 . |57 push edi ; |Arg1
0075AD23 . |FF15 04017700 call dword ptr ds:[<&KERNEL32.Interlocke>; \InterlockedCompareExchange
0075AD29 . |85C0 test eax,eax
0075AD2B . |74 18 je short 123.0075AD45
0075AD2D . |3BC6 cmp eax,esi
0075AD2F . |75 07 jnz short 123.0075AD38
0075AD31 . |33F6 xor esi,esi
0075AD33 . |46 inc esi
0075AD34 . |8BDE mov ebx,esi
0075AD36 . |EB 10 jmp short 123.0075AD48
0075AD38 > |68 E8030000 push 3E8 ; /Timeout = 1000. ms
0075AD3D . |FF15 BC017700 call dword ptr ds:[<&KERNEL32.Sleep>] ; \Sleep
0075AD43 .^|EB DA jmp short 123.0075AD1F
0075AD45 > |33F6 xor esi,esi
0075AD47 . |46 inc esi
0075AD48 > |A1 DC128600 mov eax,dword ptr ds:[8612DC]
0075AD4D . |3BC6 cmp eax,esi
0075AD4F . |75 0A jnz short 123.0075AD5B
0075AD51 . |6A 1F push 1F
0075AD53 . |E8 0A060000 call <jmp.&MSVCR90._amsg_exit>
0075AD58 . |59 pop ecx
0075AD59 . |EB 2F jmp short 123.0075AD8A
0075AD5B > |A1 DC128600 mov eax,dword ptr ds:[8612DC]
0075AD60 . |85C0 test eax,eax
0075AD62 . |75 20 jnz short 123.0075AD84
0075AD64 . |8935 DC128600 mov dword ptr ds:[8612DC],esi
0075AD6A . |68 E0177700 push 123.007717E0
0075AD6F . |68 D0177700 push 123.007717D0
0075AD74 . |E8 9B070000 call <jmp.&MSVCR90._initterm_e>
0075AD79 . |59 pop ecx
0075AD7A . |59 pop ecx
0075AD7B . |85C0 test eax,eax
0075AD7D . |74 0B je short 123.0075AD8A
0075AD7F . |E9 2E010000 jmp 123.0075AEB2
0075AD84 > |8935 900F8600 mov dword ptr ds:[860F90],esi
0075AD8A > |A1 DC128600 mov eax,dword ptr ds:[8612DC]
0075AD8F . |3BC6 cmp eax,esi
0075AD91 . |75 1B jnz short 123.0075ADAE
0075AD93 . |68 CC177700 push 123.007717CC
0075AD98 . |68 80167700 push 123.00771680
0075AD9D . |E8 6C070000 call <jmp.&MSVCR90._initterm>
0075ADA2 . |59 pop ecx
0075ADA3 . |59 pop ecx
0075ADA4 . |C705 DC128600>mov dword ptr ds:[8612DC],2
0075ADAE > |85DB test ebx,ebx
0075ADB0 . |75 08 jnz short 123.0075ADBA
0075ADB2 . |53 push ebx ; /NewValue
0075ADB3 . |57 push edi ; |pTarget
0075ADB4 . |FF15 08017700 call dword ptr ds:[<&KERNEL32.Interlocke>; \InterlockedExchange
0075ADBA > |833D E8128600>cmp dword ptr ds:[8612E8],0
0075ADC1 . |74 1B je short 123.0075ADDE
0075ADC3 . |68 E8128600 push 123.008612E8
0075ADC8 . |E8 83060000 call 123.0075B450
0075ADCD . |59 pop ecx
0075ADCE . |85C0 test eax,eax
0075ADD0 . |74 0C je short 123.0075ADDE
0075ADD2 . |6A 00 push 0
0075ADD4 . |6A 02 push 2
0075ADD6 . |6A 00 push 0
0075ADD8 . |FF15 E8128600 call dword ptr ds:[8612E8]
0075ADDE > |A1 94027700 mov eax,dword ptr ds:[<&MSVCR90._acmdln>>
0075ADE3 . |8B30 mov esi,dword ptr ds:[eax]
0075ADE5 > |8975 E0 mov dword ptr ss:[ebp-20],esi
0075ADE8 . |8A06 mov al,byte ptr ds:[esi]
0075ADEA . |3C 20 cmp al,20
0075ADEC . |77 4C ja short 123.0075AE3A
0075ADEE . |84C0 test al,al
0075ADF0 . |74 06 je short 123.0075ADF8
0075ADF2 . |837D E4 00 cmp dword ptr ss:[ebp-1C],0
0075ADF6 . |75 42 jnz short 123.0075AE3A
0075ADF8 > |8A06 mov al,byte ptr ds:[esi]
0075ADFA . |84C0 test al,al
0075ADFC . |74 0A je short 123.0075AE08
0075ADFE . |3C 20 cmp al,20
0075AE00 . |77 06 ja short 123.0075AE08
0075AE02 . |46 inc esi
0075AE03 . |8975 E0 mov dword ptr ss:[ebp-20],esi
0075AE06 .^|EB F0 jmp short 123.0075ADF8
0075AE08 > |F645 C4 01 test byte ptr ss:[ebp-3C],1
0075AE0C . |74 06 je short 123.0075AE14
0075AE0E . |0FB745 C8 movzx eax,word ptr ss:[ebp-38]
0075AE12 . |EB 03 jmp short 123.0075AE17
0075AE14 > |6A 0A push 0A
0075AE16 . |58 pop eax
0075AE17 > |50 push eax
0075AE18 . |56 push esi
0075AE19 . |6A 00 push 0
0075AE1B . |68 00004000 push 123.00400000
0075AE20 . |E8 3D080000 call 123.0075B662
0075AE25 . |A3 8C0F8600 mov dword ptr ds:[860F8C],eax
0075AE2A . |833D 800F8600>cmp dword ptr ds:[860F80],0
0075AE31 . |75 5B jnz short 123.0075AE8E
0075AE33 . |50 push eax ; /status
0075AE34 . |FF15 14027700 call dword ptr ds:[<&MSVCR90.exit>] ; \exit
0075AE3A > |3C 22 cmp al,22
0075AE3C . |75 0B jnz short 123.0075AE49
0075AE3E . |33C9 xor ecx,ecx
0075AE40 . |394D E4 cmp dword ptr ss:[ebp-1C],ecx
0075AE43 . |0F94C1 sete cl
0075AE46 . |894D E4 mov dword ptr ss:[ebp-1C],ecx
0075AE49 > |0FB6C0 movzx eax,al
0075AE4C . |50 push eax ; /c
0075AE4D . |FF15 90027700 call dword ptr ds:[<&MSVCR90._ismbblead>>; \_ismbblead
0075AE53 . |59 pop ecx
0075AE54 . |85C0 test eax,eax
0075AE56 . |74 04 je short 123.0075AE5C
0075AE58 . |46 inc esi
0075AE59 . |8975 E0 mov dword ptr ss:[ebp-20],esi
0075AE5C > |46 inc esi
0075AE5D .^|EB 86 jmp short 123.0075ADE5
0075AE5F . |8B45 EC mov eax,dword ptr ss:[ebp-14]
0075AE62 . |8B08 mov ecx,dword ptr ds:[eax]
0075AE64 . |8B09 mov ecx,dword ptr ds:[ecx]
0075AE66 . |894D DC mov dword ptr ss:[ebp-24],ecx
0075AE69 . |50 push eax
0075AE6A . |51 push ecx
0075AE6B . |E8 44050000 call <jmp.&MSVCR90._XcptFilter>
0075AE70 . |59 pop ecx
0075AE71 . |59 pop ecx
0075AE72 . |C3 retn
0075AE73 . |8B65 E8 mov esp,dword ptr ss:[ebp-18]
0075AE76 . |8B45 DC mov eax,dword ptr ss:[ebp-24]
0075AE79 . |A3 8C0F8600 mov dword ptr ds:[860F8C],eax
0075AE7E . |833D 800F8600>cmp dword ptr ds:[860F80],0
0075AE85 . |75 07 jnz short 123.0075AE8E
0075AE87 . |50 push eax ; /status
0075AE88 . |FF15 88027700 call dword ptr ds:[<&MSVCR90._exit>] ; \_exit
0075AE8E > |833D 900F8600>cmp dword ptr ds:[860F90],0
0075AE95 . |75 06 jnz short 123.0075AE9D
0075AE97 . |FF15 84027700 call dword ptr ds:[<&MSVCR90._cexit>] ; MSVCR90._cexit
0075AE9D > |C745 FC FEFFF>mov dword ptr ss:[ebp-4],-2
0075AEA4 . |A1 8C0F8600 mov eax,dword ptr ds:[860F8C]
0075AEA9 . |EB 13 jmp short 123.0075AEBE
0075AEAB . |33C0 xor eax,eax
0075AEAD . |40 inc eax
0075AEAE . |C3 retn
0075AEAF . |8B65 E8 mov esp,dword ptr ss:[ebp-18]
0075AEB2 > |C745 FC FEFFF>mov dword ptr ss:[ebp-4],-2
0075AEB9 . |B8 FF000000 mov eax,0FF
0075AEBE > |E8 22040000 call 123.0075B2E5
0075AEC3 . |C3 retn
0075AEC4 . |B8 4D5A0000 mov eax,5A4D
0075AEC9 . |66:3905 00004>cmp word ptr ds:[400000],ax
0075AED0 . |74 04 je short 123.0075AED6
0075AED2 > |33C0 xor eax,eax
0075AED4 . |EB 4D jmp short 123.0075AF23
0075AED6 > |A1 3C004000 mov eax,dword ptr ds:[40003C]
0075AEDB . |8D80 00004000 lea eax,dword ptr ds:[eax+400000]
0075AEE1 . |8138 50450000 cmp dword ptr ds:[eax],4550
0075AEE7 .^|75 E9 jnz short 123.0075AED2
0075AEE9 . |0FB748 18 movzx ecx,word ptr ds:[eax+18]
0075AEED . |81F9 0B010000 cmp ecx,10B
0075AEF3 . |74 1B je short 123.0075AF10
0075AEF5 . |81F9 0B020000 cmp ecx,20B
0075AEFB .^|75 D5 jnz short 123.0075AED2
0075AEFD . |83B8 84000000>cmp dword ptr ds:[eax+84],0E
0075AF04 .^|76 CC jbe short 123.0075AED2
0075AF06 . |33C9 xor ecx,ecx
0075AF08 . |3988 F8000000 cmp dword ptr ds:[eax+F8],ecx
0075AF0E . |EB 0E jmp short 123.0075AF1E
0075AF10 > |8378 74 0E cmp dword ptr ds:[eax+74],0E
0075AF14 .^|76 BC jbe short 123.0075AED2
0075AF16 . |33C9 xor ecx,ecx
0075AF18 . |3988 E8000000 cmp dword ptr ds:[eax+E8],ecx
0075AF1E > |0F95C1 setne cl
0075AF21 . |8BC1 mov eax,ecx
0075AF23 > |6A 02 push 2
0075AF25 . |A3 800F8600 mov dword ptr ds:[860F80],eax
0075AF2A . |FF15 B4027700 call dword ptr ds:[<&MSVCR90.__set_app_t>; MSVCR90.__set_app_type
0075AF30 . |6A FF push -1
0075AF32 . |FF15 68027700 call dword ptr ds:[<&MSVCR90._encode_poi>; MSVCR90._encode_pointer
0075AF38 . |59 pop ecx
0075AF39 . |59 pop ecx
0075AF3A . |A3 EC128600 mov dword ptr ds:[8612EC],eax
0075AF3F . |A3 F0128600 mov dword ptr ds:[8612F0],eax
0075AF44 . |FF15 B0027700 call dword ptr ds:[<&MSVCR90.__p__fmode>>; MSVCR90.__p__fmode
0075AF4A . |8B0D CC128600 mov ecx,dword ptr ds:[8612CC]
0075AF50 . |8908 mov dword ptr ds:[eax],ecx
0075AF52 . |FF15 AC027700 call dword ptr ds:[<&MSVCR90.__p__commod>; MSVCR90.__p__commode
0075AF58 . |8B0D C8128600 mov ecx,dword ptr ds:[8612C8]
0075AF5E . |8908 mov dword ptr ds:[eax],ecx
0075AF60 . |A1 A8027700 mov eax,dword ptr ds:[<&MSVCR90._adjust_>
0075AF65 . |8B00 mov eax,dword ptr ds:[eax]
0075AF67 . |A3 D8128600 mov dword ptr ds:[8612D8],eax
0075AF6C . |E8 F7030000 call 123.0075B368
0075AF71 . |E8 CF050000 call 123.0075B545
0075AF76 . |833D CC8C7B00>cmp dword ptr ds:[7B8CCC],0
0075AF7D . |75 0C jnz short 123.0075AF8B
0075AF7F . |68 45B57500 push 123.0075B545 ; 入口地址
0075AF84 . |FF15 A4027700 call dword ptr ds:[<&MSVCR90.__setuserma>; MSVCR90.__setusermatherr
0075AF8A . |59 pop ecx
0075AF8B > |E8 8A050000 call 123.0075B51A
0075AF90 . |833D C88C7B00>cmp dword ptr ds:[7B8CC8],-1
0075AF97 . |75 09 jnz short 123.0075AFA2
0075AF99 . |6A FF push -1
0075AF9B . |FF15 A0027700 call dword ptr ds:[<&MSVCR90._configthre>; MSVCR90._configthreadlocale
0075AFA1 . |59 pop ecx
0075AFA2 > |33C0 xor eax,eax
0075AFA4 . |C3 retn
0075AFA5 > $ |E8 9E050000 call 123.0075B548 ; (Initial CPU selection)
0075AFAA .^\E9 36FDFFFF jmp 123.0075ACE5
求高人帮忙分析分析,这段代码实现的什么?还有我随便改一处代码保存后,运行程序后只是闪一下程序的欢迎界面就没了,但是在任务管理器中还有程序进程,这是怎么回事啊?
赞赏
看原图
赞赏
雪币:
留言: