005486E0 > $ 55 push ebp ; DriverUpdate.sub_005486E0
005486E1 . 8BEC mov ebp,esp
005486E3 . B9 38000000 mov ecx,0x38
005486E8 > 6A 00 push 0x0
005486EA . 6A 00 push 0x0
005486EC . 49 dec ecx
005486ED .^ 75 F9 jnz short Computer.005486E8
005486EF . 51 push ecx
005486F0 . 53 push ebx
005486F1 . 56 push esi
005486F2 . 57 push edi
005486F3 . 8955 F8 mov dword ptr ss:[ebp-0x8],edx
005486F6 . 8945 FC mov dword ptr ss:[ebp-0x4],eax
005486F9 . 33C0 xor eax,eax
005486FB . 55 push ebp
005486FC . 68 7E945400 push Computer.0054947E
00548701 . 64:FF30 push dword ptr fs:[eax]
00548704 . 64:8920 mov dword ptr fs:[eax],esp
00548707 . C645 F7 00 mov byte ptr ss:[ebp-0x9],0x0
0054870B . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0054870E . 66:8378 0A 00 cmp word ptr ds:[eax+0xA],0x0
00548713 . 74 18 je short Computer.0054872D
00548715 . 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
00548718 . 8378 10 00 cmp dword ptr ds:[eax+0x10],0x0
0054871C . 74 0F je short Computer.0054872D
0054871E . 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
00548721 . 8B50 10 mov edx,dword ptr ds:[eax+0x10]
00548724 . 8B5D FC mov ebx,dword ptr ss:[ebp-0x4]
00548727 . 8B43 0C mov eax,dword ptr ds:[ebx+0xC]
0054872A . FF53 08 call dword ptr ds:[ebx+0x8]
0054872D > 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
00548730 . 8B10 mov edx,dword ptr ds:[eax]
00548732 . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
00548735 . E8 A6140000 call <Computer.DriverUpdate.sub_00549BE0>
0054873A . 84C0 test al,al
0054873C . 0F84 360B0000 je Computer.00549278
00548742 . 8D45 E0 lea eax,dword ptr ss:[ebp-0x20]
00548745 . 50 push eax
00548746 . A1 10A85B00 mov eax,dword ptr ds:[0x5BA810]
0054874B . 8B00 mov eax,dword ptr ds:[eax]
0054874D . 8B40 10 mov eax,dword ptr ds:[eax+0x10]
00548750 . 8945 B0 mov dword ptr ss:[ebp-0x50],eax
00548753 . C645 B4 00 mov byte ptr ss:[ebp-0x4C],0x0
00548757 . A1 10A85B00 mov eax,dword ptr ds:[0x5BA810]
0054875C . 8B00 mov eax,dword ptr ds:[eax]
0054875E . 8B40 14 mov eax,dword ptr ds:[eax+0x14]
00548761 . 8945 B8 mov dword ptr ss:[ebp-0x48],eax
00548764 . C645 BC 00 mov byte ptr ss:[ebp-0x44],0x0
00548768 . 8D55 B0 lea edx,dword ptr ss:[ebp-0x50]
0054876B . B9 01000000 mov ecx,0x1
00548770 . B8 9C945400 mov eax,Computer.0054949C ; %d.%d
00548775 . E8 3E53ECFF call <Computer.SysUtils.Format>
0054877A . A1 10A85B00 mov eax,dword ptr ds:[0x5BA810]
0054877F . 8B00 mov eax,dword ptr ds:[eax]
00548781 . 8078 50 00 cmp byte ptr ds:[eax+0x50],0x0
00548785 . 74 0F je short Computer.00548796
00548787 . 8D45 DC lea eax,dword ptr ss:[ebp-0x24]
0054878A . BA AC945400 mov edx,Computer.005494AC ; [B]64[/B]
0054878F . E8 40C6EBFF call <Computer.system.@LStrLAsg>
00548794 . EB 0D jmp short Computer.005487A3
00548796 > 8D45 DC lea eax,dword ptr ss:[ebp-0x24]
00548799 . BA B8945400 mov edx,Computer.005494B8 ; [B]32[/B]
0054879E . E8 31C6EBFF call <Computer.system.@LStrLAsg>
005487A3 > 8D45 D8 lea eax,dword ptr ss:[ebp-0x28]
005487A6 . 8B15 7CA05B00 mov edx,dword ptr ds:[0x5BA07C] ; Computer.005CA6A0
005487AC . 83C2 0C add edx,0xC
005487AF . B9 20000000 mov ecx,0x20
005487B4 . E8 F3C7EBFF call <Computer.system.@LStrFromArray>
005487B9 . A0 BC945400 mov al,byte ptr ds:[0x5494BC]
005487BE . 50 push eax
005487BF . 8D45 D4 lea eax,dword ptr ss:[ebp-0x2C]
005487C2 . 50 push eax
005487C3 . 8D55 AC lea edx,dword ptr ss:[ebp-0x54]
005487C6 . 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
005487C9 . 8B00 mov eax,dword ptr ds:[eax]
005487CB . E8 8036ECFF call <Computer.SysUtils.UpperCase>
005487D0 . 8B45 AC mov eax,dword ptr ss:[ebp-0x54]
005487D3 . B9 C8945400 mov ecx,Computer.005494C8 ; &
005487D8 . BA D4945400 mov edx,Computer.005494D4 ; @
005487DD . E8 4A97ECFF call <Computer.SysUtils.StringReplace>
005487E2 . 8D45 D0 lea eax,dword ptr ss:[ebp-0x30]
005487E5 . BA E0945400 mov edx,<Computer.aDefault_2> ; default
005487EA . E8 E5C5EBFF call <Computer.system.@LStrLAsg>
005487EF . 8D55 CC lea edx,dword ptr ss:[ebp-0x34]
005487F2 . 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
005487F5 . 8B40 24 mov eax,dword ptr ds:[eax+0x24]
005487F8 . E8 773FECFF call <Computer.SysUtils.IntToStr>
005487FD . FF75 E0 push dword ptr ss:[ebp-0x20]
00548800 . FF75 DC push dword ptr ss:[ebp-0x24]
00548803 . FF75 D8 push dword ptr ss:[ebp-0x28]
00548806 . FF75 D4 push dword ptr ss:[ebp-0x2C]
00548809 . FF75 D0 push dword ptr ss:[ebp-0x30]
0054880C . 8D45 E4 lea eax,dword ptr ss:[ebp-0x1C]
0054880F . BA 05000000 mov edx,0x5
00548814 . E8 A3C8EBFF call <Computer.system.@LStrCatN>
00548819 . 8D4D C4 lea ecx,dword ptr ss:[ebp-0x3C]
0054881C . BA 64000000 mov edx,0x64
00548821 . 8B45 E4 mov eax,dword ptr ss:[ebp-0x1C]
00548824 . E8 C333F7FF call <Computer.EncryptUtil.[B]sub_004BBBEC>[/B]
00548829 . 8D55 E4 lea edx,dword ptr ss:[ebp-0x1C]
0054882C . 8B45 C4 mov eax,dword ptr ss:[ebp-0x3C]
0054882F . E8 1035F7FF call <Computer.EncryptUtil.[B]sub_004BBD44>[/B] ;这两个加密函数产生KEY
00548834 . 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
00548837 . 05 90000000 add eax,0x90
0054883C . 8B55 E4 mov edx,dword ptr ss:[ebp-0x1C]
0054883F . E8 4CC5EBFF call <Computer.system.@LStrAsg>
00548844 . 8D45 F0 lea eax,dword ptr ss:[ebp-0x10]
00548847 . 50 push eax
00548848 . B8 F0945400 mov eax,<Computer.aHttpApi_driver> ; [B]http://api.driver.360safe.com/appserv/qd_queryc.2.0.php[/B]
0054884D . 8985 6CFFFFFF mov dword ptr ss:[ebp-0x94],eax
00548853 . C685 70FFFFFF 0>mov byte ptr ss:[ebp-0x90],0xB
0054885A . 8B45 E0 mov eax,dword ptr ss:[ebp-0x20]
0054885D . 8985 74FFFFFF mov dword ptr ss:[ebp-0x8C],eax
00548863 . C685 78FFFFFF 0>mov byte ptr ss:[ebp-0x88],0xB
0054886A . 8B45 DC mov eax,dword ptr ss:[ebp-0x24]
0054886D . 8985 7CFFFFFF mov dword ptr ss:[ebp-0x84],eax
00548873 . C645 80 0B mov byte ptr ss:[ebp-0x80],0xB
00548877 . 8B45 D8 mov eax,dword ptr ss:[ebp-0x28]
0054887A . 8945 84 mov dword ptr ss:[ebp-0x7C],eax
0054887D . C645 88 0B mov byte ptr ss:[ebp-0x78],0xB
00548881 . 8D95 68FFFFFF lea edx,dword ptr ss:[ebp-0x98]
00548887 . 8B45 D4 mov eax,dword ptr ss:[ebp-0x2C]
0054888A . E8 BD9FFFFF call <Computer.?Unit155.sub_0054284C>
0054888F . 8B85 68FFFFFF mov eax,dword ptr ss:[ebp-0x98]
00548895 . 8945 8C mov dword ptr ss:[ebp-0x74],eax
00548898 . C645 90 0B mov byte ptr ss:[ebp-0x70],0xB
0054889C . 8B45 D0 mov eax,dword ptr ss:[ebp-0x30]
0054889F . 8945 94 mov dword ptr ss:[ebp-0x6C],eax
005488A2 . C645 98 0B mov byte ptr ss:[ebp-0x68],0xB
005488A6 . 8B45 CC mov eax,dword ptr ss:[ebp-0x34]
005488A9 . 8945 9C mov dword ptr ss:[ebp-0x64],eax
005488AC . C645 A0 0B mov byte ptr ss:[ebp-0x60],0xB
005488B0 . 8B45 E4 mov eax,dword ptr ss:[ebp-0x1C]
005488B3 . 8945 A4 mov dword ptr ss:[ebp-0x5C],eax
005488B6 . C645 A8 0B mov byte ptr ss:[ebp-0x58],0xB
005488BA . 8D95 6CFFFFFF lea edx,dword ptr ss:[ebp-0x94]
005488C0 . B9 07000000 mov ecx,0x7
005488C5 . B8 30955400 mov eax,<Computer.aS?osSPfSCnSHid> ; [B] %s?os=%s&pf=%s&cn=%s&hid=%s&nw=%s&err=%s&c=%s[/B]
005488CA . E8 E951ECFF call <Computer.SysUtils.Format>
005488CF . 6A 01 push 0x1
005488D1 . 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
005488D4 . 8B00 mov eax,dword ptr ds:[eax]
005488D6 . 8945 B0 mov dword ptr ss:[ebp-0x50],eax
005488D9 . C645 B4 0B mov byte ptr ss:[ebp-0x4C],0xB
005488DD . 8B45 F0 mov eax,dword ptr ss:[ebp-0x10]
005488E0 . 8945 B8 mov dword ptr ss:[ebp-0x48],eax
005488E3 . C645 BC 0B mov byte ptr ss:[ebp-0x44],0xB
005488E7 . 8D4D B0 lea ecx,dword ptr ss:[ebp-0x50]
005488EA . A1 ECA95B00 mov eax,dword ptr ds:[0x5BA9EC]
005488EF . 8B00 mov eax,dword ptr ds:[eax]
005488F1 . BA 68955400 mov edx,Computer.00549568 ; [B]设备%s, URL:%s[/B]
005488F6 . E8 D1E6FFFF call <Computer.?Unit160.sub_00546FCC>
005488FB . B2 01 mov dl,0x1
005488FD . A1 64255400 mov eax,dword ptr ds:[0x542564]
00548902 . E8 919DFFFF call <Computer.?Unit155.TWinHTTPLib.Crea>
00548907 . 8945 EC mov dword ptr ss:[ebp-0x14],eax
0054890A . 8B45 EC mov eax,dword ptr ss:[ebp-0x14]
0054890D . C740 4C 409C000>mov dword ptr ds:[eax+0x4C],0x9C40
00548914 . 8B45 EC mov eax,dword ptr ss:[ebp-0x14]
00548917 . C740 48 3075000>mov dword ptr ds:[eax+0x48],0x7530
0054891E . 8B45 EC mov eax,dword ptr ss:[ebp-0x14]
00548921 . C740 50 3075000>mov dword ptr ds:[eax+0x50],0x7530
00548928 . 33C9 xor ecx,ecx
0054892A . 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0054892D . 8B45 EC mov eax,dword ptr ss:[ebp-0x14]
00548930 . E8 5FA1FFFF call <Computer.[B]QueryDownLoad[/B]>
00548935 . 84C0 test al,al
00548937 . 0F84 2C090000 je Computer.00549269
0054893D . 8D45 E8 lea eax,dword ptr ss:[ebp-0x18]
00548940 . E8 1BE3EBFF call <Computer.system.@IntfClear>
00548945 . 33C0 xor eax,eax
00548947 . 55 push ebp
00548948 . 68 E0895400 push Computer.005489E0
0054894D . 64:FF30 push dword ptr fs:[eax]
00548950 . 64:8920 mov dword ptr fs:[eax],esp
00548953 . 8D45 C8 lea eax,dword ptr ss:[ebp-0x38]
00548956 . 8B55 EC mov edx,dword ptr ss:[ebp-0x14]
00548959 . 8B52 14 mov edx,dword ptr ds:[edx+0x14]
0054895C . 8B52 04 mov edx,dword ptr ds:[edx+0x4]
0054895F . E8 D0C5EBFF call <Computer.system.@LStrFromPChar>
00548964 . 8D95 64FFFFFF lea edx,dword ptr ss:[ebp-0x9C]
0054896A . 8B45 C8 mov eax,dword ptr ss:[ebp-0x38]
0054896D . E8 429AFFFF call <Computer.?Unit153.sub_005423B4>
00548972 . 8B95 64FFFFFF mov edx,dword ptr ss:[ebp-0x9C]
00548978 . 8D45 C8 lea eax,dword ptr ss:[ebp-0x38]
0054897B . E8 54C4EBFF call <Computer.system.@LStrLAsg>
00548980 . 8D8D 5CFFFFFF lea ecx,dword ptr ss:[ebp-0xA4]
00548986 . BA 64000000 mov edx,0x64
0054898B . 8B45 C8 mov eax,dword ptr ss:[ebp-0x38]
0054898E . E8 5932F7FF call <Computer.EncryptUtil.sub_004BBBEC>
00548993 . 8B85 5CFFFFFF mov eax,dword ptr ss:[ebp-0xA4]
00548999 . 8D95 60FFFFFF lea edx,dword ptr ss:[ebp-0xA0]
0054899F . E8 FC4BECFF call <Computer.SysUtils.StrPas>
005489A4 . 8B95 60FFFFFF mov edx,dword ptr ss:[ebp-0xA0]
005489AA . 8D45 C8 lea eax,dword ptr ss:[ebp-0x38]
005489AD . E8 22C4EBFF call <Computer.system.@LStrLAsg>
005489B2 . 8B45 C8 mov eax,dword ptr ss:[ebp-0x38]
005489B5 . E8 52960500 call <Computer.?Unit233.sub_005A200C>
005489BA . 8D85 58FFFFFF lea eax,dword ptr ss:[ebp-0xA8]
005489C0 . 8B55 C8 mov edx,dword ptr ss:[ebp-0x38]
005489C3 . E8 14CCEBFF call <Computer.system.@WStrFromLStr>
005489C8 . 8B85 58FFFFFF mov eax,dword ptr ss:[ebp-0xA8]
005489CE . 8D55 E8 lea edx,dword ptr ss:[ebp-0x18]
005489D1 . E8 3216FFFF call <Computer.superobject.sub_0053A008>
005489D6 . 33C0 xor eax,eax
005489D8 . 5A pop edx
005489D9 . 59 pop ecx
005489DA . 59 pop ecx
005489DB . 64:8910 mov dword ptr fs:[eax],edx
0470FCFC 005494E0 ASCII "default"
0470FD00 015860D8 ASCII "USB\VID_18D1&PID_9025&REV_0231&MI_01" ;[B]HardwareId[/B]
0470FD04 01BE3EA8 ASCII "GIGABYTE" ;[B]motherboard?[/B]
0470FD08 005494B8 ASCII "32" ;[B]-bit[/B]
0470FD0C 0157A1F8
0157A1F8 00312E35 5.1. [B]OS: 5.1[/B].2600.0
01567898 CB213A43 C:!
0156789C B75D83D4 詢]
015678A0 90C35C0B \脨
015678A4 16B5FD45 E
015678A8 80E93AFE ?閫
015678AC 5AE2C5DF 吲鈀
015678B0 BDB6D6A3 V督
015678B4 2277912C ,憌"
015678B8 F6C0A77E ~Ю
015678BC 4CA3C245 E拢L
015678C0 54D96FA8 ╫賂
015678C4 865DC9BF 可]
015678C8 42F18E8F 弾馚
015678CC 2C905151 QQ?
0470FED0 015675C8 萿V ASCII "[B]151901a8[/B]"
void TestEntryptedKey(char* pUlrStr,int& ckey)
{
int TempKey[256]={0};
for (int i=0;i<0x100;i++)
{
int TempC=0;
int TempI=i*0x1000000;
for (int j=0;j<8;j++)
{
int TempEDI=TempC^TempI;
if (TempEDI>=0)
{
TempC=TempC*2;
}
else
{
TempC=TempC*2;
TempC=TempC^0x4C10DB7;
}
TempI=TempI*2;
}
TempKey[i]=TempC;
}
int UlrstrLen=strlen(pUlrStr);
unsigned int arg1=0x64;
for(int i=0;i<0x40;i++)
{
arg1=arg1*2;
unsigned int Temp1=(arg1/8)&1;
unsigned int Temp2=(arg1/0x8000)&1;
Temp1=Temp1^Temp2;
Temp2=(arg1/0x800000)&1;
Temp1=Temp1^Temp2;
Temp2=(arg1/0x80)&1;
Temp1=Temp1^Temp2;
if((Temp1-1)==0)
arg1=arg1|1;
}
int TempSet=0;
int TempNum=8;
for(int i=0;i<UlrstrLen;i++)
{
TempSet=0;
unsigned char* charTempSet=(unsigned char*)&TempSet;
for(int j=0;j<TempNum;j++)
{
unsigned int Temp1=arg1;
Temp1=Temp1/0x80000000;
Temp1=Temp1&1;
if((Temp1-1)==0)
{
*charTempSet=*charTempSet|1;
}
TempSet=TempSet*2;
arg1=arg1*2;
Temp1=(arg1/8)&1;
unsigned int Temp2=(arg1/0x8000)&1;
Temp1=Temp1^Temp2;
Temp2=(arg1/0x800000)&1;
Temp1=Temp1^Temp2;
Temp2=(arg1/0x80)&1;
Temp1=Temp1^Temp2;
if((Temp1-1)==0)
{
arg1=arg1|1;
}
}
pUlrStr[i]= (unsigned char)pUlrStr[i]^(unsigned char)(*charTempSet);
}
unsigned int key2=0;
for (int i=0;i<UlrstrLen;i++)
{
unsigned int TempA=key2/0x1000000;
unsigned int TempESI=(unsigned int)pUlrStr[i];
TempA=TempA^TempESI;
TempA=TempA&0x800000FF;
if (TempA<0)
{
TempA--;
TempA=TempA|-0x100;
TempA++;
}
key2=key2*0x100;
key2=key2^(unsigned int)TempKey[TempA];
}
ckey=key2;
}
"http://api.driver.360safe.com/appserv/qd_queryc.2.0.php?os=5.1&pf=32&cn=GIGABYTE&hid=USB%5CVID%5F18D1%26PID%5F9025%26REV%5F0231%26MI%5F01&nw=default&err=1&c=[B]151901a8[/B]"
DTZinZLmLsFmPP62dsGSMc9Omp/71r5s+4aDhh6rPDB2sNKKMLrMTKpsxkLCsDKGnMa2QEJNij1yFt+gMskkF1q8xN24FF98dPRpnFyr+HT+4LIQ0UhvIrYVA/z+o6u39hyw0S7yNvtnFMoldQ8AfTsRHOdu25KelI/G1M04nDvntTxUQCaec1pXMszF81eenuCLoSWJXiPu4TYi/t3PrsI/heCOfpoWeotGXv4mus5gaSyJgLTFLwZlUKSCvh7wGiHBnirkrUjpHNK5scMMYaVa/pXkAyWyM7kec8q2z585z/zmgF+abTO+K99sbNFm4Foc8tzmK0+4ovq2eJONJJpI8G4hhxCQIDXDgbE4A63U9MV8lxlq6aWQD5wIOzExWwQQTFt4ezEg59/cirEGEID2KFpiKTPwfqoY2UM1fICAwfpCI8NPGCOm9EcHvAntcW8NHDcNbpN+aMEec9xEDi8ALANoMCI2JcUxL30IhT6rLiSY66/CDHGd1o4omqzyxVy6ekQ720XyoA8NjZbRt9uUehjOonoG5+4vjPR1Ok/2Rq0yfFufjH9cCQX5xN+vX2YtAs1aQ2F3s2EEDzsrN6oxVfbwnGsbPC3YIM7sWBly3qIgxI87S29p0b6tp5e6cAYjo62raOFFF/XEzVXyqBaZGZybLgbAnPwNVkb4vMyseaCJmI8RmPmY6vSwKFtBBTxVFhTMYjojEiNiGCat+u1UGy627MIv49N3JLUYxNuyr7jSVnLvwGMKK0KgvAP8o5QggiogPDJ1sxrfPOH38fHH1mLMcCTuo5r/YEgQVjSvBvxe/nNiJUi6OjzXVYXKasHFA+IUhyx89lmwsyhQor/oJnewK3cK78q0BdRq0oq2KBYqM9cRysO83pAsacS+Oo0nrVdWbj447mh4BNYp0k6YhmdpeE8U+ua0117WT/h/KgpuHk1y0GJiHhHieQsv3u/sXiz7RPU5h6TjdNzax6e3Zjrg+GiiKDgftYzyake4n1qYbuCuKOTgU9RilDxkpxK6VrRTS1JAxHjP8r+hgoh3kPxRZFU/uDh1loGLQ6Qn5iJWr+Y6+mHJmTD0lHU+uNTpcT6NP/l6SZ0k/od8fvKqduF/fy96JEr8sHTkPv1sC7LpKOh28WMwaXAodiYmNDJ7bHFjcyIe8N0UbvqBVXIzIWT23Ujxf42n2KlHY8REGEd2WIc+fmDgxymQtAus711B
005429E0 |. 50 push eax
005429E1 |. 6A 00 push 0x0
005429E3 |. 6A 00 push 0x0
005429E5 |. 8B45 FC mov eax,[local.1]
005429E8 |. 50 push eax
005429E9 |. E8 AEFAFFFF call <Computer.[B]WinHttpCrackUrl[/B]> ; jmp 到 WINHTTP.WinHttpCrackUrl
005436B9 . 50 push eax
005436BA . E8 F5EDFFFF call <Computer.[B]WinHttpOpen[/B]> ; jmp 到 WINHTTP.WinHttpOpen
0461FC04 001B7B3C UNICODE "[B]Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)[/B]"
0054370D . 50 push eax
0054370E . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
00543711 . 8B40 6C mov eax,dword ptr ds:[eax+0x6C]
00543714 . 50 push eax
00543715 . E8 A2EDFFFF call <Computer.[B]WinHttpConnect[/B]> ; jmp 到 WINHTTP.WinHttpConnect
0461FC08 02A34000
0461FC0C 001AA514 UNICODE "api.driver.360safe.com"
0461FC10 01510050
0461FC14 00000000
0054373C . 56 push esi
0054373D . 6A 00 push 0x0
0054373F . 6A 00 push 0x0
00543741 . 6A 00 push 0x0
00543743 . 8B45 B4 mov eax,dword ptr ss:[ebp-0x4C]
00543746 . E8 A11EECFF call <Computer.system.@WStrToPWChar>
0054374B . 50 push eax
0054374C . 8B45 E4 mov eax,dword ptr ss:[ebp-0x1C]
0054374F . E8 981EECFF call <Computer.system.@WStrToPWChar>
00543754 . 50 push eax
00543755 . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
00543758 . 8B40 70 mov eax,dword ptr ds:[eax+0x70]
0054375B . 50 push eax
0054375C . E8 63EDFFFF call <Computer.[B]WinHttpOpenRequest[/B]> ; jmp 到 WINHTTP.WinHttpOpenRequest
0461FBFC 02A34100
0461FC00 001C88A4 UNICODE "GET"
0461FC04 001C3644 UNICODE "/appserv/qd_queryc.2.0.php?os=5.1&pf=32&cn=GIGABYTE&hid=USB%5CVID%5F18D1%26PID%5F9025%26REV%5F0231%2"
0461FC08 00000000
0461FC0C 00000000
0461FC10 00000000
0461FC14 00000000
0151771C 001AC1CC UNICODE "gzip, deflate"
01517720 00000000
01517724 001C43A4 UNICODE "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)"
01517728 001AAE54 UNICODE "*/*"
0151772C 00000000
01517730 00000000
01517734 00000000
01517738 00000000
0151773C 00000000
01517740 00000000
01517744 00000000
01517748 00007530
0151774C 00009C40
01517750 00007530
01517754 00000001
01517758 001AC224 UNICODE "Keep-Alive"
005433AF |. 6A 04 push 0x4
005433B1 |. 8D45 08 lea eax,[arg.1]
005433B4 |. 50 push eax
005433B5 |. 51 push ecx
005433B6 |. 52 push edx
005433B7 |. E8 D0F0FFFF call <Computer.[B]WinHttpSetOption[/B]> ; jmp 到 WINHTTP.WinHttpSetOption
0461FBFC 00EF2000
0461FC00 00000003 ;WINHTTP_OPTION_CONNECT_TIMEOUT
0461FC04 0461FC14
0461FC08 00000004
005433AF |. 6A 04 push 0x4
005433B1 |. 8D45 08 lea eax,[arg.1]
005433B4 |. 50 push eax
005433B5 |. 51 push ecx
005433B6 |. 52 push edx
005433B7 |. E8 D0F0FFFF call <Computer.WinHttpSetOption> ; jmp 到 WINHTTP.WinHttpSetOption
0461FBFC 00EF2000
0461FC00 00000005 ;WINHTTP_OPTION_SEND_TIMEOUT
0461FC04 0461FC14 ASCII "0u"
0461FC08 00000004
同上
0461FBFC 00EF2000
0461FC00 00000006 ;WINHTTP_OPTION_RECEIVE_TIMEOUT
0461FC04 0461FC14 ASCII "0u"
0461FC08 00000004
005432F6 |. 50 push eax
005432F7 |. 53 push ebx
005432F8 |. E8 97F1FFFF call <Computer.[B]WinHttpAddRequestHeaders[/B]> ; jmp 到 WINHTTP.WinHttpAddRequestHeaders
0461FBCC 00EF2000
0461FBD0 001C2E3C UNICODE "Accept:*/*"
0461FBCC 00EF2000
0461FBD0 0016AAAC UNICODE "Accept-Encoding:gzip, deflate"
0461FBCC 00EF2000
0461FBD0 0016AAAC UNICODE "Connection:Keep-Alive"
0461FBCC 00EF2000
0461FBD0 0016AAAC UNICODE "Accept-Language:zh-cn"
struct
{
wchar_t* AcceptData;
wchar_t* Encoding;
wchar_t* ContentType;
wchar_t* Language;
}Headers = {L"Accept:*/*\n",
L"Accept-Encoding:gzip,deflate\n",
L"Connection:Keep-Alive\n",
L"Accept-Language:zh-cn\n",};
// Add request header.
if (!AddRequestHeaders(hRequest, Headers.AcceptData)) {
printf("Error:AddRequestHeaders AcceptData failed!\n");
return -1;
}
// Add request header 。。。
005438CA . 6A 00 push 0x0
005438CC . 6A 00 push 0x0
005438CE . 6A 00 push 0x0
005438D0 . 6A 00 push 0x0
005438D2 . 6A 00 push 0x0
005438D4 . 6A 00 push 0x0
005438D6 . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
005438D9 . 8B40 74 mov eax,dword ptr ds:[eax+0x74]
005438DC . 50 push eax ; xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
005438DD . E8 EAEBFFFF call <Computer.WinHttpSendRequest> ; jmp 到 WINHTTP.WinHttpSendRequest
0461FBFC 00EF2000
0461FC00 00000000
0461FC04 00000000
0461FC08 00000000
0461FC0C 00000000
0461FC10 00000000
0461FC14 00000000
00543968 . 6A 00 push 0x0
0054396A . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0054396D . 8B40 74 mov eax,dword ptr ds:[eax+0x74]
00543970 . 50 push eax
00543971 . E8 5EEBFFFF call <Computer.WinHttpReceiveResponse> ; jmp 到 WINHTTP.WinHttpReceiveResponse
[B]Query header info.[/B]
00542B73 |. 6A 00 push 0x0
00542B75 |. 8D45 F8 lea eax,[local.2]
00542B78 |. 50 push eax
00542B79 |. 8B45 F4 mov eax,[local.3]
00542B7C |. 50 push eax
00542B7D |. 6A 00 push 0x0
00542B7F |. 56 push esi
00542B80 |. 53 push ebx
00542B81 |. E8 56F9FFFF call <Computer.WinHttpQueryHeaders> ; jmp 到 WINHTTP.WinHttpQueryHeaders
0461FBB8 00EF2000
0461FBBC 000000[COLOR="red"]13[/COLOR] ;WINHTTP_QUERY_STATUS_CODE
0461FBC0 00000000
0461FBC4 00000000
0471FBC8 0471FC04 --8 size
0471FBCC 00000000
0471FBB8 02A42000
0471FBBC 00000013
0471FBC0 00000000
0471FBC4 [COLOR="blue"]0157A230 buf[/COLOR]
0471FBC8 0471FC04 --8 size
0471FBCC 00000000
[COLOR="blue"]buf[/COLOR]
[COLOR="blue"]0157A230[/COLOR] 00300032 2.0.
0157A234 00000030 0...
0471FBB8 02A42000
0471FBBC 0000000[COLOR="Red"]1[/COLOR] ;WINHTTP_QUERY_CONTENT_TYPE
0471FBC0 00000000
0471FBC4 00000000
0471FBC8 [COLOR="blue"]0471FC04[/COLOR]
0471FBCC 00000000
[COLOR="blue"]0471FC04[/COLOR] 00000014 ...
0471FC08 00000000 ....
0471FBB8 02A42000
0471FBBC 00000001
0471FBC0 00000000
0471FBC4 [COLOR="Blue"]01BFE980 [/COLOR]
0471FBC8 0471FC04
0471FBCC 00000000
[COLOR="Blue"]01BFE980[/COLOR] text/html.
0471FBB8 02A42000
0471FBBC 000000[COLOR="Red"]1D[/COLOR] ;WINHTTP_QUERY_CONTENT_ENCODING
0471FBC0 00000000
0471FBC4 00000000
0471FBC8 0471FC04
0471FBCC 00000000
0471FBB8 02A42000
0471FBBC 000000[COLOR="red"]16[/COLOR] ;WINHTTP_QUERY_RAW_HEADERS_CRLF
0471FBC0 00000000
0471FBC4 00000000
0471FBC8 [COLOR="Blue"]0471FC04[/COLOR]
0471FBCC 00000000
[COLOR="blue"]0471FC04[/COLOR] 000001D2 ?..
0471FBB8 02A42000
0471FBBC 00000016
0471FBC0 00000000
0471FBC4 0147DC80
0471FBC8 0471FC04
0471FBCC 00000000
0471FBB8 02A42000
0471FBBC 80000016 WINHTTP_QUERY_FLAG_REQUEST_HEADERS|WINHTTP_QUERY_RAW_HEADERS_CRLF
0471FBC0 00000000
0471FBC4 00000000
0471FBC8 0471FC04
0471FBCC 00000000
0471FBB8 02A42000
0471FBBC 80000016
0471FBC0 00000000
0471FBC4 [COLOR="blue"]01C38890[/COLOR]
0471FBC8 0471FC04
0471FBCC 00000000
0471FC00 [COLOR="Blue"]01C38890[/COLOR] UNICODE "GET /appserv/qd_queryc.2.0.php?os=5.1&pf=32&cn=GIGABYTE&hid=USB%5CVID%5F18D1%26PID%5F9025%26REV%5F02"
0471FB84 02A42000
0471FB88 0000000[COLOR="Red"]5[/COLOR] ;WINHTTP_QUERY_CONTENT_LENGTH
0471FB8C 00000000
0471FB90 00000000
0471FB94 0471FBD0
0471FB98 00000000
0471FB84 02A42000
0471FB88 0000000[COLOR="Red"]5[/COLOR]
0471FB8C 00000000
0471FB90 [COLOR="blue"]0157A260[/COLOR]
0471FB94 0471FBD0
0471FB98 00000000
0471FBCC [COLOR="blue"]0157A260[/COLOR] UNICODE "1221"
0471FBB8 02A42000
0471FBBC 000000[COLOR="red"]2B[/COLOR] ;WINHTTP_QUERY_SET_COOKIE
0471FBC0 00000000
0471FBC4 00000000
0471FBC8 0471FC04
0471FBCC 00000000
0471FBE0 02A42000
0471FBE4 0000002B
0471FBE8 00000000
0471FBEC 00000000
0471FBF0 [COLOR="Blue"]0471FBF8[/COLOR]
0471FBF4 0471FBFC
0461FBB8 00EF2000
0461FBBC 0000001D
0461FBC0 00000000
0461FBC4 00000000
0461FBC8 0461FC04
0461FBCC 00000000
0461FBB8 00EF2000
0461FBBC 00000016
0461FBC0 00000000
0461FBC4 00000000
0461FBC8 0461FC04
0461FBCC 00000000
0461FC04 000001EC ?..
返回一个大小
AllocMem
0461FBB8 00EF2000
0461FBBC 00000016
0461FBC0 00000000
0461FBC4 0407ADB0
0461FBC8 0461FC04
0461FBCC 00000000
0461FBB8 00EF2000
0461FBBC 00000016
0461FBC0 00000000
0461FBC4 0407ADB0 UNICODE "HTTP/1.1 200 OK
Date: Sat, 15 Dec 2012 10:18:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Cache"
0461FBC8 0461FC04
0461FBCC 00000000
0461FBB8 00EF2000
0461FBBC 80000016
0461FBC0 00000000
0461FBC4 01C38890
0461FBC8 0461FC04
0461FBCC 00000000
0461FBB4 00542BB4 返回到 Computer.?Unit155.sub_00542B3C+78 来自 <Computer.WinHttpQueryHeaders>
0461FBB8 00EF2000
0461FBBC 80000016
0461FBC0 00000000
0461FBC4 01C38890 UNICODE "GET /appserv/qd_queryc.2.0.php?os=5.1&pf=32&cn=GIGABYTE&hid=USB%5CVID%5F18D1%26PID%5F9025%26REV%5F02"
0461FBC8 0461FC04
0461FBCC 00000000
0461FB84 00EF2000
0461FB88 00000005
0461FB8C 00000000
0461FB90 00000000
0461FB94 0461FBD0
0461FB98 00000000
0461FB80 00542BB4 返回到 Computer.?Unit155.sub_00542B3C+78 来自 <Computer.WinHttpQueryHeaders>
0461FB84 00EF2000
0461FB88 00000005
0461FB8C 00000000
0461FB90 0157A250 UNICODE "1221"
0461FB94 0461FBD0
0461FB98 00000000
0461FBB8 00EF2000
0461FBBC 0000002B
0461FBC0 00000000
0461FBC4 00000000
0461FBC8 0461FC04
0461FBCC 00000000
0461FBE0 00EF2000
0461FBE4 0000002B
0461FBE8 00000000
0461FBEC 00000000
0461FBF0 0461FBF8
0461FBF4 0461FBFC
Date: Sat, 16 Feb 2013 17:19:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Cache-Control: max-age=3600
Expires: Sat, 16 Feb 2013 18:19:15 GMT
Content-Length: 1221
Connection: close
Content-Type: text/html
]
headers Info:[Get /appserv/qd_queryc.2.0.php?os=5.1&pf=32&cn=GIGABYTE&hid=USB%5C
VID%5F18D1%26PID%5F9025%26REV%5F0231%26MI%5F01&nw=default&err=1&c=151901a8 HTTP/
1.1
Accept: */*
Accept-Encoding: gzip,deflate
Connection: Keep-Alive
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.5072
7)
Host: api.driver.360safe.com
Content-Length: 0
]
context Length:[1221]
00543B69 . 50 push eax
00543B6A . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
00543B6D . 8B40 74 mov eax,dword ptr ds:[eax+0x74]
00543B70 . 50 push eax
00543B71 . E8 6EE9FFFF call <Computer.[B]WinHttpQueryDataAvailable[/B]> ; jmp 到 WINHTTP.WinHttpQueryDataAvailable
0461FC10 00EF2000
0461FC14 0461FCB0
0471FCB0 00000318 .. [COLOR="blue"]size[/COLOR]
00543BE8 . 50 push eax
00543BE9 . 8B45 F0 mov eax,dword ptr ss:[ebp-0x10]
00543BEC . 50 push eax
00543BED . 8B45 E8 mov eax,dword ptr ss:[ebp-0x18]
00543BF0 . 50 push eax
00543BF1 . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
00543BF4 . 8B40 74 mov eax,dword ptr ds:[eax+0x74]
00543BF7 . 50 push eax
00543BF8 . E8 EFE8FFFF call <Computer.[B]WinHttpReadData[/B]> ; jmp 到 WINHTTP.WinHttpReadData
0471FC08 02A42000
0471FC0C 014F8650
0471FC10 00000318
0471FC14 0471FC98
OfpoWeotGXv4mus5ga".)
堆栈 ss:[0471FCA8]=014F8650, (ASCII "DTZinZLmLsFmPP62dsGSMc9Omp/71r5s+4aDhh6rPDB2sNKKMLrMTKpsxkLCsDKGnMa2QEJNij1yFt+gMskkF1q8xN24FF98dPRpnFyr+HT+4LIQ0UhvIrYVA/z+o6u39hyw0S7yNvtnFMoldQ8AfTsRHOdu25KelI/G1M04nDvntTxUQCaec1pXMszF81eenuCLoSWJXiPu4TYi/t3PrsI/heCOfpoWeotGXv4mus5ga".)
edx=00000000
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
