新手报道！PC Shrinker 0.71这个壳？-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

最新回复 (6)
wangshy 雪币： 446 活跃值： (758) 能力值： ( LV7，RANK：100 ) 在线值：发帖 39 回帖 614 粉丝 1 关注私信	wangshy 2 2 楼到5月分的资料里的新兵论坛去看看，好像Fly有写过的手壳教程的不要手脱，试试脱壳工具GUW32 2004-6-5 09:12 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 3 楼 http://bbs.pediy.com/pediybbs/index.php?sid=d73907e0054b0b3d9a4e76e4a7f0280b 搜索 PC Shrinker 2004-6-5 12:01 0
网络奇才雪币： 212 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 5 粉丝 0 关注私信	网络奇才 4 楼新兵论坛禁止新用户注册。我无法使用搜索功能。那么多张的帖子。。总不能让我一张一张的找吧！！哪位能帮我搜索一下告诉我地址！！！ 2004-6-5 13:38 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 5 楼最初由网络奇才发布新兵论坛禁止新用户注册。我无法使用搜索功能。那么多张的帖子。。总不能让我一张一张的找吧！！哪位能帮我搜索一下告诉我地址！！！可以搜索吧？ PC Shrinker V0.71 脱壳――PCSHRINK.EXE 主程序 http://bbs.pediy.com/pediybbs/viewtopic.php?t=5778&highlight=PC+Shrinker&sid=e78823c46a0bacd9f4600708eea2aaac 2004-6-5 14:49 0
wangshy 雪币： 446 活跃值： (758) 能力值： ( LV7，RANK：100 ) 在线值：发帖 39 回帖 614 粉丝 1 关注私信	wangshy 2 6 楼晕，自己不找，难道它自己跳出来吗？ 2004-6-5 18:02 0
forgot 雪币： 6075 活跃值： (2236) 能力值： (RANK：1060 ) 在线值：发帖 155 回帖 3771 粉丝 16 关注私信	forgot 26 7 楼看着源代码脱吧:D @Loader_Start: ; DATA XREF: CompressFile+4A9o ; CompressFile+52Ao ... pushf pusha ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ db 0BDh ; ? ; mov ebp @1 dd 0 ; DATA XREF: CompressFile+4AEw ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ add ss:@Dcomp_Buffer_Offset[ebp], ebp push ss:@Largest_Needed_Buffer[ebp] push GPTR call ss:_GlobalAlloc[ebp] push eax push eax sub eax, offset @Critical_Symbiont mov ss:@2[ebp], eax pop edi lea esi, @Critical_Symbiont[ebp] mov ecx, (@Loader_End - @Loader_Start)/4+1 rep movsd pop edi jmp edi ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ @Critical_Symbiont db 0BDh ; DATA XREF: pcs1:00403961o ; pcs1:0040396Dr @2 dd 0 ; DATA XREF: pcs1:00403966w ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ mov esi, edi add esi, 160h add edi, @Loader_End-@Loader_Start push edi push esi push edi push ebp push edi push esi call aP_Depack add esp, 8 pop ebp xchg eax, ecx pop esi pop edi rep movsb jmp decomp_done @Largest_Needed_Buffer dd 0 ; DATA XREF: CompressFile+3C2r ; CompressFile+3CAw ... @Dcomp_Buffer_Offset dd offset dcomp_buffer ; DATA XREF: pcs1:0040394Bw fake_import_table dd 28h ; DATA XREF: CompressFile+4BAw dd 2 dup(0) dword_403A64 dd 3Ch ; DATA XREF: CompressFile+4C0w dword_403A68 dd 28h ; DATA XREF: CompressFile+4C6w dd 5 dup(0) ; end marker _LoadLibraryA dd 49h ; DATA XREF: CompressFile+4CCw ; pcs1:00403B6Cr ... _GetProcAddress dd 58h ; DATA XREF: CompressFile+4D2w ; pcs1:00403B7Er ... _GlobalAlloc dd 69h ; DATA XREF: CompressFile+4D8w ; pcs1:00403959r _ExitProcess dd 77h ; DATA XREF: CompressFile+4DEw ; pcs1:00403B95r dd 0 aKernel32_dll_0 db 'KERNEL32.DLL',0 dw 0 aLoadlibrarya db 'LoadLibraryA',0 dw 0 aGetprocaddress db 'GetProcAddress',0 dw 0 aGlobalalloc db 'GlobalAlloc',0 dw 0 aExitprocess db 'ExitProcess',0 ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ decomp_done: ; CODE XREF: pcs1:004039A4j ; DATA XREF: sub_402185+45o ... pop edi lea esi, byte_403C71[ebp] loc_403AE4: ; CODE XREF: pcs1:00403B25j push ebp push edi push esi lodsd or eax, eax jz short loc_403B27 xchg eax, edx lodsd xchg eax, ecx push edi push ecx mov esi, edx rep movsb pop ecx pop edi cmp edx, ss:dword_403C6D[ebp] jnz short loc_403B15 mov eax, ss:RsrcDisplacement[ebp] pusha mov esi, edi mov edi, edx mov ecx, eax rep movsb popa add edi, eax add edx, eax sub ecx, eax loc_403B15: ; CODE XREF: pcs1:00403AFDj push edx push edi call aP_Depack add esp, 8 pop esi pop edi pop ebp add esi, 8 jmp short loc_403AE4 ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ loc_403B27: ; CODE XREF: pcs1:00403AEAj add esp, 0Ch lea esi, byte_403CC9[ebp] loc_403B30: ; CODE XREF: pcs1:00403B5Cj lodsd or eax, eax jz short loc_403B5E xchg eax, ebx lodsd xchg eax, edx lodsd xchg eax, ecx push edi push esi xchg ebx, esi push edi push ecx rep movsb pop ecx pop esi mov edi, edx rep movsb pop esi lodsd xchg eax, ecx xor eax, eax rep stosb mov edi, [esi-10h] mov ecx, [esi-0Ch] sub ecx, edi xor eax, eax rep stosb pop edi jmp short loc_403B30 ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ loc_403B5E: ; CODE XREF: pcs1:00403B33j call _ProcessImports jnb short goto_entry lea ebx, aUser32_dll_0[ebp] ; "USER32.DLL" push ebx call ss:_LoadLibraryA[ebp] or eax, eax jz short _No_Error_Message lea ebx, aMessageboxa[ebp] ; "MessageBoxA" push ebx push eax call ss:_GetProcAddress[ebp] lea ebx, aRequiredDllMis[ebp] ; "Required DLL missing!" push 30h push 0 push ebx push 0 call eax _No_Error_Message: ; CODE XREF: pcs1:00403B74j push 0 call ss:_ExitProcess[ebp] goto_entry: ; CODE XREF: pcs1:00403B63j popa popf ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ db 0BAh ; ? ; mov edx,dword host_eip dd 0 ; DATA XREF: CompressFile+507w ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ jmp edx ; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓 _ProcessImports proc near ; CODE XREF: pcs1:00403B5Ep mov esi, ss:iAddress[ebp] or esi, esi jz short @Success mov edx, ss:@ImageBase[ebp] add esi, edx @Process_IID_Loop: ; CODE XREF: _ProcessImports+22j push edx push esi call _ProcessImportDir ; ProcessImportDir(DWORD IMPORT_DIRECTORY_VA, DWORD IMAGEBASE) jb short @Error add esi, 14h ; size IID cmp dword ptr [esi+0Ch], 0 ; no Name? jnz short @Process_IID_Loop @Success: ; CODE XREF: _ProcessImports+8j clc retn ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ @Error: ; CODE XREF: _ProcessImports+19j stc retn _ProcessImports endp ; sp = -8 ; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓 ; ProcessImportDir(DWORD IMPORT_DIRECTORY_VA, DWORD IMAGEBASE) _ProcessImportDir proc near ; CODE XREF: _ProcessImports+14p pop eax pop esi ; 1st import dir pop edx ; edx->imagebase push eax mov ecx, [esi] ; OriginalFirstThunk mov edi, [esi+10h] ; FirstThunk or ecx, ecx jnz short @Original1stThunkOK mov ecx, edi @Original1stThunkOK: ; CODE XREF: _ProcessImportDir+Bj add ecx, edx add edi, edx mov eax, [esi+0Ch] ; eax->dll name add eax, edx ; +ImageBase push ecx push edx push eax call ss:_LoadLibraryA[ebp] pop edx pop ecx or eax, eax jz short @Error mov ss:DllHandle[ebp], eax @Process_Dir_Loop: ; CODE XREF: _ProcessImportDir+5Ej mov ebx, [ecx] or ebx, ebx jz short iret_success test ebx, IMAGE_ORDINAL_FLAG32 jnz short @Ordinal ; clear 31st bit add ebx, edx ; skip hint(WORD) inc ebx inc ebx @Ordinal: ; CODE XREF: _ProcessImportDir+39j and ebx, 7FFFFFFFh ; clear 31st bit push ecx push edx push ebx push ss:DllHandle[ebp] call ss:_GetProcAddress[ebp] pop edx pop ecx or eax, eax jz short @Error stosd add ecx, 4 jmp short @Process_Dir_Loop ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ iret_success: ; CODE XREF: _ProcessImportDir+31j clc retn ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ @Error: ; CODE XREF: _ProcessImportDir+25j ; _ProcessImportDir+58j stc retn _ProcessImportDir endp ; sp = 4 ; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ aRequiredDllMis db 'Required DLL missing!',0 ; DATA XREF: pcs1:00403B84r aUser32_dll_0 db 'USER32.DLL',0 ; DATA XREF: pcs1:00403B65r aMessageboxa db 'MessageBoxA',0 ; DATA XREF: pcs1:00403B76r DllHandle dd 0 ; DATA XREF: _ProcessImportDir+27w ; _ProcessImportDir+48r iAddress dd 0 ; DATA XREF: CompressFile+4EAw ; _ProcessImportsr @ImageBase dd 0 ; DATA XREF: CompressFile+E9w ; CompressFile+29Fr ... RsrcDisplacement dd 0 ; DATA XREF: Scan_Resource_Dir+7Br ; CompressFile+1FBw ... dword_403C6D dd 0 ; DATA XREF: CompressFile+1B3w ; CompressFile+287r ... byte_403C71 db 0 ; DATA XREF: CompressFile+25Co ; pcs1:00403ADEr dd 13h dup(0) db 3 dup(0) dword_403CC1 dd 2 dup(0) ; DATA XREF: CompressFile+271o byte_403CC9 db 67h dup(0) ; DATA XREF: CompressFile+233o ; CompressFile+243o ... @Loader_End db 36h dup(0) ; DATA XREF: pcs1:00403973t ; pcs1:0040398At db 3 dup(0) dcomp_buffer label BYTE 2004-6-5 19:36 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

wangshy

雪币： 446

活跃值： (758)

能力值：

( LV7，RANK：100 )

在线值：

发帖

39

回帖

614

粉丝

1

关注

私信

wangshy 2: 2 楼

到5月分的资料里的新兵论坛去看看，
好像Fly有写过的手壳教程的
不要手脱，试试脱壳工具GUW32

2004-6-5 09:12

0

fly

雪币： 898

活跃值： (4039)

能力值：

( LV9，RANK：3410 )

在线值：

发帖

294

回帖

7686

粉丝

32

关注

私信

fly 85: 3 楼

http://bbs.pediy.com/pediybbs/index.php?sid=d73907e0054b0b3d9a4e76e4a7f0280b

搜索 PC Shrinker

2004-6-5 12:01

0

网络奇才

雪币： 212

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

5

粉丝

0

关注

私信

网络奇才: 4 楼

新兵论坛禁止新用户注册。我无法使用搜索功能。那么多张的帖子。。总不能让我一张一张的找吧！！
哪位能帮我搜索一下告诉我地址！！！

2004-6-5 13:38

0

fly

雪币： 898

活跃值： (4039)

能力值：

( LV9，RANK：3410 )

在线值：

发帖

294

回帖

7686

粉丝

32

关注

私信

fly 85: 5 楼

最初由网络奇才发布
新兵论坛禁止新用户注册。我无法使用搜索功能。那么多张的帖子。。总不能让我一张一张的找吧！！
哪位能帮我搜索一下告诉我地址！！！

可以搜索吧？

PC Shrinker V0.71 脱壳――PCSHRINK.EXE 主程序

http://bbs.pediy.com/pediybbs/viewtopic.php?t=5778&highlight=PC+Shrinker&sid=e78823c46a0bacd9f4600708eea2aaac

2004-6-5 14:49

0

wangshy

雪币： 446

活跃值： (758)

能力值：

( LV7，RANK：100 )

在线值：

发帖

39

回帖

614

粉丝

1

关注

私信

wangshy 2: 6 楼

晕，自己不找，难道它自己跳出来吗？

2004-6-5 18:02

0

forgot

雪币： 6075

活跃值： (2236)

能力值： (RANK：1060 )

在线值：

发帖

155

回帖

3771

粉丝

16

关注

私信

forgot 26: 7 楼

看着源代码脱吧:D
@Loader_Start: ; DATA XREF: CompressFile+4A9o
; CompressFile+52Ao ...
pushf
pusha
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
db 0BDh ; ? ; mov ebp
@1 dd 0 ; DATA XREF: CompressFile+4AEw
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
add ss:@Dcomp_Buffer_Offset[ebp], ebp
push ss:@Largest_Needed_Buffer[ebp]
push GPTR
call ss:_GlobalAlloc[ebp]
push eax
push eax
sub eax, offset @Critical_Symbiont
mov ss:@2[ebp], eax
pop edi
lea esi, @Critical_Symbiont[ebp]
mov ecx, (@Loader_End - @Loader_Start)/4+1
rep movsd
pop edi
jmp edi
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@Critical_Symbiont db 0BDh ; DATA XREF: pcs1:00403961o
; pcs1:0040396Dr
@2 dd 0 ; DATA XREF: pcs1:00403966w
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
mov esi, edi
add esi, 160h
add edi, @Loader_End-@Loader_Start
push edi
push esi
push edi
push ebp
push edi
push esi
call aP_Depack
add esp, 8
pop ebp
xchg eax, ecx
pop esi
pop edi
rep movsb
jmp decomp_done

@Largest_Needed_Buffer dd 0 ; DATA XREF: CompressFile+3C2r
; CompressFile+3CAw ...
@Dcomp_Buffer_Offset dd offset dcomp_buffer ; DATA XREF: pcs1:0040394Bw
fake_import_table dd 28h ; DATA XREF: CompressFile+4BAw
dd 2 dup(0)
dword_403A64 dd 3Ch ; DATA XREF: CompressFile+4C0w
dword_403A68 dd 28h ; DATA XREF: CompressFile+4C6w
dd 5 dup(0) ; end marker
_LoadLibraryA dd 49h ; DATA XREF: CompressFile+4CCw
; pcs1:00403B6Cr ...
_GetProcAddress dd 58h ; DATA XREF: CompressFile+4D2w
; pcs1:00403B7Er ...
_GlobalAlloc dd 69h ; DATA XREF: CompressFile+4D8w
; pcs1:00403959r
_ExitProcess dd 77h ; DATA XREF: CompressFile+4DEw
; pcs1:00403B95r
dd 0
aKernel32_dll_0 db 'KERNEL32.DLL',0
dw 0
aLoadlibrarya db 'LoadLibraryA',0
dw 0
aGetprocaddress db 'GetProcAddress',0
dw 0
aGlobalalloc db 'GlobalAlloc',0
dw 0
aExitprocess db 'ExitProcess',0
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

decomp_done: ; CODE XREF: pcs1:004039A4j
; DATA XREF: sub_402185+45o ...
pop edi
lea esi, byte_403C71[ebp]

loc_403AE4: ; CODE XREF: pcs1:00403B25j
push ebp
push edi
push esi
lodsd
or eax, eax
jz short loc_403B27
xchg eax, edx
lodsd
xchg eax, ecx
push edi
push ecx
mov esi, edx
rep movsb
pop ecx
pop edi
cmp edx, ss:dword_403C6D[ebp]
jnz short loc_403B15
mov eax, ss:RsrcDisplacement[ebp]
pusha
mov esi, edi
mov edi, edx
mov ecx, eax
rep movsb
popa
add edi, eax
add edx, eax
sub ecx, eax

loc_403B15: ; CODE XREF: pcs1:00403AFDj
push edx
push edi
call aP_Depack
add esp, 8
pop esi
pop edi
pop ebp
add esi, 8
jmp short loc_403AE4
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_403B27: ; CODE XREF: pcs1:00403AEAj
add esp, 0Ch
lea esi, byte_403CC9[ebp]

loc_403B30: ; CODE XREF: pcs1:00403B5Cj
lodsd
or eax, eax
jz short loc_403B5E
xchg eax, ebx
lodsd
xchg eax, edx
lodsd
xchg eax, ecx
push edi
push esi
xchg ebx, esi
push edi
push ecx
rep movsb
pop ecx
pop esi
mov edi, edx
rep movsb
pop esi
lodsd
xchg eax, ecx
xor eax, eax
rep stosb
mov edi, [esi-10h]
mov ecx, [esi-0Ch]
sub ecx, edi
xor eax, eax
rep stosb
pop edi
jmp short loc_403B30
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

loc_403B5E: ; CODE XREF: pcs1:00403B33j
call _ProcessImports
jnb short goto_entry
lea ebx, aUser32_dll_0[ebp] ; "USER32.DLL"
push ebx
call ss:_LoadLibraryA[ebp]
or eax, eax
jz short _No_Error_Message
lea ebx, aMessageboxa[ebp] ; "MessageBoxA"
push ebx
push eax
call ss:_GetProcAddress[ebp]
lea ebx, aRequiredDllMis[ebp] ; "Required DLL missing!"
push 30h
push 0
push ebx
push 0
call eax

_No_Error_Message: ; CODE XREF: pcs1:00403B74j
push 0
call ss:_ExitProcess[ebp]

goto_entry: ; CODE XREF: pcs1:00403B63j
popa
popf
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
db 0BAh ; ? ; mov    edx,dword
host_eip dd 0 ; DATA XREF: CompressFile+507w
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
jmp edx

; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓

_ProcessImports proc near ; CODE XREF: pcs1:00403B5Ep
mov esi, ss:iAddress[ebp]
or esi, esi
jz short @Success
mov edx, ss:@ImageBase[ebp]
add esi, edx

@Process_IID_Loop: ; CODE XREF: _ProcessImports+22j
push edx
push esi
call _ProcessImportDir ; ProcessImportDir(DWORD *IMPORT_DIRECTORY_VA, DWORD *IMAGEBASE)
jb short @Error
add esi, 14h ; size IID
cmp dword ptr [esi+0Ch], 0 ; no Name?
jnz short @Process_IID_Loop

@Success: ; CODE XREF: _ProcessImports+8j
clc
retn
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@Error: ; CODE XREF: _ProcessImports+19j
stc
retn
_ProcessImports endp ; sp = -8

; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓

; ProcessImportDir(DWORD *IMPORT_DIRECTORY_VA, DWORD *IMAGEBASE)

_ProcessImportDir proc near ; CODE XREF: _ProcessImports+14p
pop eax
pop esi ; 1st import dir
pop edx ; edx->imagebase
push eax
mov ecx, [esi] ; OriginalFirstThunk
mov edi, [esi+10h] ; FirstThunk
or ecx, ecx
jnz short @Original1stThunkOK
mov ecx, edi

@Original1stThunkOK: ; CODE XREF: _ProcessImportDir+Bj
add ecx, edx
add edi, edx
mov eax, [esi+0Ch] ; eax->dll name
add eax, edx ; +ImageBase
push ecx
push edx
push eax
call ss:_LoadLibraryA[ebp]
pop edx
pop ecx
or eax, eax
jz short @Error
mov ss:DllHandle[ebp], eax

@Process_Dir_Loop: ; CODE XREF: _ProcessImportDir+5Ej
mov ebx, [ecx]
or ebx, ebx
jz short iret_success
test ebx, IMAGE_ORDINAL_FLAG32
jnz short @Ordinal ; clear 31st bit
add ebx, edx ; skip hint(WORD)
inc ebx
inc ebx

@Ordinal: ; CODE XREF: _ProcessImportDir+39j
and ebx, 7FFFFFFFh ; clear 31st bit
push ecx
push edx
push ebx
push ss:DllHandle[ebp]
call ss:_GetProcAddress[ebp]
pop edx
pop ecx
or eax, eax
jz short @Error
stosd
add ecx, 4
jmp short @Process_Dir_Loop
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

iret_success: ; CODE XREF: _ProcessImportDir+31j
clc
retn
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@Error: ; CODE XREF: _ProcessImportDir+25j
; _ProcessImportDir+58j
stc
retn
_ProcessImportDir endp ; sp =  4
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
aRequiredDllMis db 'Required DLL missing!',0 ; DATA XREF: pcs1:00403B84r
aUser32_dll_0 db 'USER32.DLL',0    ; DATA XREF: pcs1:00403B65r
aMessageboxa db 'MessageBoxA',0    ; DATA XREF: pcs1:00403B76r
DllHandle dd 0 ; DATA XREF: _ProcessImportDir+27w
; _ProcessImportDir+48r
iAddress dd 0 ; DATA XREF: CompressFile+4EAw
; _ProcessImportsr
@ImageBase dd 0 ; DATA XREF: CompressFile+E9w
; CompressFile+29Fr ...
RsrcDisplacement dd 0 ; DATA XREF: Scan_Resource_Dir+7Br
; CompressFile+1FBw ...
dword_403C6D dd 0 ; DATA XREF: CompressFile+1B3w
; CompressFile+287r ...
byte_403C71 db 0 ; DATA XREF: CompressFile+25Co
; pcs1:00403ADEr
dd 13h dup(0)
db 3 dup(0)
dword_403CC1 dd 2 dup(0) ; DATA XREF: CompressFile+271o
byte_403CC9 db 67h dup(0) ; DATA XREF: CompressFile+233o
; CompressFile+243o ...
@Loader_End db 36h dup(0) ; DATA XREF: pcs1:00403973t
; pcs1:0040398At
db 3 dup(0)
dcomp_buffer label BYTE

2004-6-5 19:36

0