用OLLYICE 打开后查找字符串注册成功,失败后找不到关键跳或者CALL大侠们指导。多谢了。代码如下:
004037FB . /75 05 jnz short 00403802
004037FD . |B8 84DF4700 mov eax, 0047DF84
00403802 > \50 push eax
00403803 . 68 01000400 push 40001
00403808 . 68 F5000116 push 160100F5
0040380D . 68 01000152 push 52010001
00403812 . 68 03000000 push 3
00403817 . B8 03000000 mov eax, 3
0040381C . BB 90584500 mov ebx, 00455890
00403821 . E8 CE260000 call 00405EF4
00403826 . 83C4 28 add esp, 28
00403829 . 8B5D F8 mov ebx, dword ptr [ebp-8]
0040382C . 85DB test ebx, ebx
0040382E . 74 09 je short 00403839
00403830 . 53 push ebx
00403831 . E8 AC260000 call 00405EE2
00403836 . 83C4 04 add esp, 4
00403839 > 8B5D F4 mov ebx, dword ptr [ebp-C]
0040383C . 85DB test ebx, ebx
0040383E . 74 09 je short 00403849
00403840 . 53 push ebx
00403841 . E8 9C260000 call 00405EE2
00403846 . 83C4 04 add esp, 4
00403849 > EB 01 jmp short 0040384C
0040384B 86 db 86
0040384C > F8 clc
0040384D . 73 01 jnb short 00403850
0040384F 7D db 7D ; CHAR '}'
00403850 . 68 04000080 push 80000004
00403855 . 6A 00 push 0
00403857 . 68 70E04700 push 0047E070
0040385C . 68 01030080 push 80000301
00403861 . 6A 00 push 0
00403863 . 68 40000000 push 40
00403868 . 68 04000080 push 80000004
0040386D . 6A 00 push 0
0040386F . 68 79E04700 push 0047E079
00403874 . 68 03000000 push 3
00403879 . BB 40704000 mov ebx, 00407040
0040387E . E8 6B260000 call 00405EEE
00403883 . 83C4 28 add esp, 28
00403886 . 6A 00 push 0
00403888 . 6A 00 push 0
0040388A . 6A 00 push 0
0040388C . 68 01000100 push 10001
00403891 . 68 00000106 push 6010000
00403896 . 68 01000152 push 52010001
0040389B . 68 02000000 push 2
004038A0 BB db BB
004038A1 B0714000 dd DSH.004071B0
004038A5 E8 db E8
004038A6 . 44 inc esp
004038A7 . 26:0000 add byte ptr es:[eax], al
004038AA . 83C4 1C add esp, 1C
004038AD . EB 01 jmp short 004038B0
004038AF 80 db 80
004038B0 > 68 02000080 push 80000002
004038B5 . 6A 00 push 0
004038B7 68 db 68 ; CHAR 'h'
004038B8 00 db 00
004038B9 . 0000 add byte ptr [eax], al
004038BB . 006A 00 add byte ptr [edx], ch
004038BE . 6A 00 push 0
004038C0 . 6A 00 push 0
004038C2 . 68 01000100 push 10001
004038C7 . 68 3B000106 push 601003B
004038CC . 68 3C000152 push 5201003C
004038D1 . 68 03000000 push 3
004038D6 . BB 70614000 mov ebx, 00406170
004038DB . E8 0E260000 call 00405EEE
004038E0 . 83C4 28 add esp, 28
004038E3 . EB 01 jmp short 004038E6
004038E5 BC db BC
004038E6 > 68 04000080 push 80000004
004038EB . 6A 00 push 0
004038ED . 68 F3E14700 push 0047E1F3 ; ASCII "gd"
004038F2 . 68 01000000 push 1
004038F7 . BB 50664000 mov ebx, 00406650
004038FC . E8 ED250000 call 00405EEE
00403901 . 83C4 10 add esp, 10
00403904 . 8945 FC mov dword ptr [ebp-4], eax
00403907 . E8 00000000 call 0040390C
0040390C /$ 830424 06 add dword ptr [esp], 6
00403910 \. C3 retn
00403911 8B db 8B
00403912 . 68 04000080 push 80000004
00403917 . 6A 00 push 0
00403919 . 8B45 FC mov eax, dword ptr [ebp-4]
0040391C . 85C0 test eax, eax
0040391E . 75 05 jnz short 00403925
00403920 . B8 84DF4700 mov eax, 0047DF84
00403925 > 50 push eax
00403926 . 68 04000080 push 80000004
0040392B . 6A 00 push 0
0040392D . 68 8FDF4700 push 0047DF8F ; software\microsoft\internet explorer\plugins\ywh\kaoshi\reg
00403932 . 68 01030080 push 80000301
00403937 . 6A 00 push 0
00403939 . 68 04000000 push 4
0040393E . 68 03000000 push 3
00403943 . BB 806F4000 mov ebx, 00406F80
00403948 . E8 A1250000 call 00405EEE
0040394D . 83C4 28 add esp, 28
00403950 . 8B5D FC mov ebx, dword ptr [ebp-4]
00403953 . 85DB test ebx, ebx
00403955 . 74 09 je short 00403960
00403957 . 53 push ebx
00403958 . E8 85250000 call 00405EE2
0040395D . 83C4 04 add esp, 4
00403960 > E9 D10F0000 jmp 00404936
00403965 > EB 01 jmp short 00403968
00403967 8A db 8A
00403968 > 68 15E24700 push 0047E215 ; ASCII "sd"
0040396D . FF35 98B46E00 push dword ptr [6EB498]
00403973 . B9 02000000 mov ecx, 2
00403978 . E8 F2D6FFFF call 0040106F
0040397D . 83C4 08 add esp, 8
00403980 . 8945 F8 mov dword ptr [ebp-8], eax
00403983 . F8 clc
00403984 . 73 01 jnb short 00403987
00403986 0F db 0F
00403987 > 68 04000080 push 80000004
0040398C . 6A 00 push 0
0040398E . 8B45 F8 mov eax, dword ptr [ebp-8]
00403991 . 85C0 test eax, eax
00403993 . 75 05 jnz short 0040399A
00403995 . B8 84DF4700 mov eax, 0047DF84
0040399A > 50 push eax
0040399B . 68 01000000 push 1
004039A0 . BB 80644000 mov ebx, 00406480
004039A5 . E8 44250000 call 00405EEE
004039AA . 83C4 10 add esp, 10
004039AD . 8945 F4 mov dword ptr [ebp-C], eax
004039B0 . 8B5D F8 mov ebx, dword ptr [ebp-8]
004039B3 . 85DB test ebx, ebx
004039B5 . 74 09 je short 004039C0
004039B7 . 53 push ebx
004039B8 . E8 25250000 call 00405EE2
004039BD . 83C4 04 add esp, 4
004039C0 > 6A FF push -1
004039C2 . 6A 08 push 8
004039C4 . 68 29000116 push 16010029
004039C9 . 68 01000152 push 52010001
004039CE . E8 27250000 call 00405EFA
004039D3 . 83C4 10 add esp, 10
004039D6 . 8945 F0 mov dword ptr [ebp-10], eax
004039D9 . E8 00000000 call 004039DE
004039DE /$ 830424 06 add dword ptr [esp], 6
004039E2 \. C3 retn
004039E3 82 db 82
004039E4 . 8B45 F4 mov eax, dword ptr [ebp-C]
004039E7 . 50 push eax
004039E8 . FF75 F0 push dword ptr [ebp-10]
004039EB . E8 E3DEFFFF call 004018D3
004039F0 . 83C4 08 add esp, 8
004039F3 . 83F8 00 cmp eax, 0
004039F6 . B8 00000000 mov eax, 0
004039FB . 0F94C0 sete al
004039FE . 8945 EC mov dword ptr [ebp-14], eax
00403A01 . 8B5D F0 mov ebx, dword ptr [ebp-10]
00403A04 . 85DB test ebx, ebx
00403A06 . 74 09 je short 00403A11
00403A08 . 53 push ebx
00403A09 . E8 D4240000 call 00405EE2
00403A0E . 83C4 04 add esp, 4
00403A11 > 8B5D F4 mov ebx, dword ptr [ebp-C]
00403A14 . 85DB test ebx, ebx
00403A16 . 74 09 je short 00403A21
00403A18 . 53 push ebx
00403A19 . E8 C4240000 call 00405EE2
00403A1E . 83C4 04 add esp, 4
00403A21 > 837D EC 00 cmp dword ptr [ebp-14], 0
00403A25 . 0F84 DF010000 je 00403C0A
00403A2B . 68 00000000 push 0
00403A30 . BB 00624000 mov ebx, 00406200 ; j
00403A35 . E8 B4240000 call 00405EEE
00403A3A . 83C4 04 add esp, 4
00403A3D . 8945 FC mov dword ptr [ebp-4], eax
00403A40 . F9 stc
00403A41 . 72 01 jb short 00403A44
00403A43 75 db 75 ; CHAR 'u'
00403A44 . 68 18E24700 push 0047E218 ; ASCII "\Exec\ufdata\zt112\2010\sd.zip"
00403A49 . FF75 FC push dword ptr [ebp-4]
00403A4C . B9 02000000 mov ecx, 2
00403A51 . E8 19D6FFFF call 0040106F
00403A56 . 83C4 08 add esp, 8
00403A59 . 8945 F8 mov dword ptr [ebp-8], eax
00403A5C . 8B5D FC mov ebx, dword ptr [ebp-4]
00403A5F . 85DB test ebx, ebx
00403A61 . 74 09 je short 00403A6C
00403A63 . 53 push ebx
00403A64 . E8 79240000 call 00405EE2
00403A69 . 83C4 04 add esp, 4
00403A6C > 68 00000000 push 0
00403A71 . BB 00624000 mov ebx, 00406200 ; j
00403A76 . E8 73240000 call 00405EEE
00403A7B . 83C4 04 add esp, 4
00403A7E . 8945 F4 mov dword ptr [ebp-C], eax
00403A81 . EB 01 jmp short 00403A84
00403A83 0F db 0F
00403A84 > EB 01 jmp short 00403A87
00403A86 B8 db B8
00403A87 > 68 04000080 push 80000004
00403A8C . 6A 00 push 0
00403A8E . 8B45 F4 mov eax, dword ptr [ebp-C]
00403A91 . 85C0 test eax, eax
00403A93 . 75 05 jnz short 00403A9A
00403A95 . B8 84DF4700 mov eax, 0047DF84
00403A9A > 50 push eax
00403A9B . 68 04000080 push 80000004
00403AA0 . 6A 00 push 0
00403AA2 . 8B45 F8 mov eax, dword ptr [ebp-8]
00403AA5 . 85C0 test eax, eax
00403AA7 . 75 05 jnz short 00403AAE
00403AA9 B8 db B8
00403AAA . 84DF test bh, bl
00403AAC . 47 inc edi
00403AAD . 0050 68 add byte ptr [eax+68], dl
00403AB0 . 0100 add dword ptr [eax], eax
00403AB2 . 04 00 add al, 0
00403AB4 . 68 F5000116 push 160100F5
00403AB9 . 68 01000152 push 52010001
00403ABE . 68 03000000 push 3
00403AC3 . B8 03000000 mov eax, 3
00403AC8 . BB 90584500 mov ebx, 00455890
00403ACD . E8 22240000 call 00405EF4
00403AD2 . 83C4 28 add esp, 28
00403AD5 . 8B5D F8 mov ebx, dword ptr [ebp-8]
00403AD8 . 85DB test ebx, ebx
00403ADA . 74 09 je short 00403AE5
00403ADC . 53 push ebx
00403ADD . E8 00240000 call 00405EE2
00403AE2 . 83C4 04 add esp, 4
00403AE5 > 8B5D F4 mov ebx, dword ptr [ebp-C]
00403AE8 . 85DB test ebx, ebx
00403AEA . 74 09 je short 00403AF5
00403AEC . 53 push ebx
00403AED . E8 F0230000 call 00405EE2
00403AF2 . 83C4 04 add esp, 4
00403AF5 > EB 01 jmp short 00403AF8
00403AF7 B6 db B6
00403AF8 > F9 stc
00403AF9 . 72 01 jb short 00403AFC
00403AFB B5 db B5
00403AFC . 68 04000080 push 80000004
00403B01 . 6A 00 push 0
00403B03 . 68 70E04700 push 0047E070
00403B08 . 68 01030080 push 80000301
00403B0D . 6A 00 push 0
00403B0F . 68 40000000 push 40
00403B14 . 68 04000080 push 80000004
00403B19 . 6A 00 push 0
00403B1B . 68 79E04700 push 0047E079
00403B20 . 68 03000000 push 3
00403B25 . BB 40704000 mov ebx, 00407040
00403B2A . E8 BF230000 call 00405EEE
00403B2F . 83C4 28 add esp, 28
00403B32 . 6A 00 push 0
00403B34 . 6A 00 push 0
00403B36 . 6A 00 push 0
00403B38 . 68 01000100 push 10001
00403B3D . 68 00000106 push 6010000
00403B42 . 68 01000152 push 52010001
00403B47 . 68 02000000 push 2
00403B4C BB db BB
00403B4D B0714000 dd DSH.004071B0
00403B51 E8 db E8
00403B52 . 98 cwde
00403B53 . 2300 and eax, dword ptr [eax]
00403B55 . 0083 C41CF972 add byte ptr [ebx+72F91CC4], al
00403B5B . 01BF 68020000 add dword ptr [edi+268], edi
00403B61 . 806A 00 68 sub byte ptr [edx], 68
00403B65 . 0000 add byte ptr [eax], al
00403B67 . 0000 add byte ptr [eax], al
00403B69 . 6A 00 push 0
00403B6B . 6A 00 push 0
00403B6D . 6A 00 push 0
00403B6F . 68 01000100 push 10001
00403B74 . 68 3B000106 push 601003B
00403B79 . 68 3C000152 push 5201003C
00403B7E . 68 03000000 push 3
00403B83 . BB 70614000 mov ebx, 00406170
00403B88 . E8 61230000 call 00405EEE
00403B8D . 83C4 28 add esp, 28
00403B90 > EB 01 jmp short 00403B93
00403B92 BA db BA
00403B93 > 68 04000080 push 80000004
00403B98 . 6A 00 push 0
00403B9A . 68 15E24700 push 0047E215 ; ASCII "sd"
00403B9F . 68 01000000 push 1
00403BA4 . BB 50664000 mov ebx, 00406650
00403BA9 . E8 40230000 call 00405EEE
00403BAE . 83C4 10 add esp, 10
00403BB1 . 8945 FC mov dword ptr [ebp-4], eax
00403BB4 . EB 01 jmp short 00403BB7
00403BB6 0F db 0F
00403BB7 > 68 04000080 push 80000004
00403BBC . 6A 00 push 0
00403BBE . 8B45 FC mov eax, dword ptr [ebp-4]
00403BC1 . 85C0 test eax, eax
00403BC3 . 75 05 jnz short 00403BCA
00403BC5 . B8 84DF4700 mov eax, 0047DF84
00403BCA > 50 push eax
00403BCB . 68 04000080 push 80000004
00403BD0 . 6A 00 push 0
00403BD2 . 68 8FDF4700 push 0047DF8F ; software\microsoft\internet explorer\plugins\ywh\kaoshi\reg
00403BD7 . 68 01030080 push 80000301
00403BDC . 6A 00 push 0
00403BDE . 68 04000000 push 4
00403BE3 . 68 03000000 push 3
00403BE8 . BB 806F4000 mov ebx, 00406F80
00403BED . E8 FC220000 call 00405EEE
00403BF2 . 83C4 28 add esp, 28
00403BF5 . 8B5D FC mov ebx, dword ptr [ebp-4]
00403BF8 . 85DB test ebx, ebx
00403BFA . 74 09 je short 00403C05
00403BFC . 53 push ebx
00403BFD . E8 E0220000 call 00405EE2
00403C02 . 83C4 04 add esp, 4
00403C05 > E9 2C0D0000 jmp 00404936
00403C0A > F8 clc
00403C0B . 73 01 jnb short 00403C0E
00403C0D 80 db 80
00403C0E . 68 37E24700 push 0047E237 ; ASCII "YN"
00403C13 . FF35 98B46E00 push dword ptr [6EB498]
00403C19 . B9 02000000 mov ecx, 2
00403C1E . E8 4CD4FFFF call 0040106F
00403C23 . 83C4 08 add esp, 8
00403C26 . 8945 F8 mov dword ptr [ebp-8], eax
00403C29 . EB 01 jmp short 00403C2C
00403C2B 7A db 7A ; CHAR 'z'
00403C2C > 68 04000080 push 80000004
00403C31 . 6A 00 push 0
00403C33 . 8B45 F8 mov eax, dword ptr [ebp-8]
00403C36 . 85C0 test eax, eax
00403C38 . 75 05 jnz short 00403C3F
00403C3A . B8 84DF4700 mov eax, 0047DF84
00403C3F > 50 push eax
00403C40 . 68 01000000 push 1
00403C45 . BB 80644000 mov ebx, 00406480
00403C4A . E8 9F220000 call 00405EEE
00403C4F . 83C4 10 add esp, 10
00403C52 . 8945 F4 mov dword ptr [ebp-C], eax
00403C55 . 8B5D F8 mov ebx, dword ptr [ebp-8]
00403C58 . 85DB test ebx, ebx
00403C5A . 74 09 je short 00403C65
00403C5C . 53 push ebx
00403C5D . E8 80220000 call 00405EE2
00403C62 . 83C4 04 add esp, 4
00403C65 > 6A FF push -1
00403C67 . 6A 08 push 8
00403C69 . 68 29000116 push 16010029
00403C6E . 68 01000152 push 52010001
00403C73 . E8 82220000 call 00405EFA
00403C78 . 83C4 10 add esp, 10
00403C7B . 8945 F0 mov dword ptr [ebp-10], eax
00403C7E . F8 clc
00403C7F . 73 01 jnb short 00403C82
00403C81 B6 db B6
00403C82 . 8B45 F4 mov eax, dword ptr [ebp-C]
00403C85 . 50 push eax
00403C86 . FF75 F0 push dword ptr [ebp-10]
00403C89 . E8 45DCFFFF call 004018D3
00403C8E . 83C4 08 add esp, 8
00403C91 . 83F8 00 cmp eax, 0
00403C94 . B8 00000000 mov eax, 0
00403C99 . 0F94C0 sete al
00403C9C . 8945 EC mov dword ptr [ebp-14], eax
00403C9F . 8B5D F0 mov ebx, dword ptr [ebp-10]
00403CA2 . 85DB test ebx, ebx
00403CA4 . 74 09 je short 00403CAF
00403CA6 . 53 push ebx
00403CA7 . E8 36220000 call 00405EE2
00403CAC . 83C4 04 add esp, 4
00403CAF > 8B5D F4 mov ebx, dword ptr [ebp-C]
00403CB2 . 85DB test ebx, ebx
00403CB4 . 74 09 je short 00403CBF
00403CB6 . 53 push ebx
00403CB7 . E8 26220000 call 00405EE2
00403CBC . 83C4 04 add esp, 4
00403CBF > 837D EC 00 cmp dword ptr [ebp-14], 0
00403CC3 . 0F84 E6010000 je 00403EAF
00403CC9 . 68 00000000 push 0
00403CCE . BB 00624000 mov ebx, 00406200 ; j
00403CD3 . E8 16220000 call 00405EEE
00403CD8 . 83C4 04 add esp, 4
00403CDB . 8945 FC mov dword ptr [ebp-4], eax
00403CDE . EB 01 jmp short 00403CE1
00403CE0 0F db 0F
00403CE1 > 68 3AE24700 push 0047E23A ; ASCII "\Exec\ufdata\zt112\2010\YN.zip"
00403CE6 . FF75 FC push dword ptr [ebp-4]
00403CE9 . B9 02000000 mov ecx, 2
00403CEE . E8 7CD3FFFF call 0040106F
00403CF3 . 83C4 08 add esp, 8
00403CF6 . 8945 F8 mov dword ptr [ebp-8], eax
00403CF9 . 8B5D FC mov ebx, dword ptr [ebp-4]
00403CFC . 85DB test ebx, ebx
00403CFE . 74 09 je short 00403D09
00403D00 . 53 push ebx
00403D01 . E8 DC210000 call 00405EE2
00403D06 . 83C4 04 add esp, 4
00403D09 > 68 00000000 push 0
00403D0E . BB 00624000 mov ebx, 00406200 ; j
00403D13 . E8 D6210000 call 00405EEE
00403D18 . 83C4 04 add esp, 4
00403D1B . 8945 F4 mov dword ptr [ebp-C], eax
00403D1E . E8 00000000 call 00403D23
00403D23 /$ 830424 06 add dword ptr [esp], 6
00403D27 \. C3 retn
00403D28 0F db 0F
00403D29 EB db EB
00403D2A 01 db 01
00403D2B 0F db 0F
00403D2C 68 db 68 ; CHAR 'h'
00403D2D 04 db 04
00403D2E 00 db 00
00403D2F 00806A00 dd DSH.006A8000
00403D33 8B db 8B
00403D34 45 db 45 ; CHAR 'E'
00403D35 F4 db F4
00403D36 85 db 85
00403D37 C0 db C0
00403D38 75 db 75 ; CHAR 'u'
00403D39 05 db 05
00403D3A B8 db B8
00403D3B 84DF4700 dd DSH.0047DF84
00403D3F 50 db 50 ; CHAR 'P'
00403D40 68 db 68 ; CHAR 'h'
00403D41 04 db 04
00403D42 00 db 00
00403D43 00806A00 dd DSH.006A8000
00403D47 8B db 8B
00403D48 45 db 45 ; CHAR 'E'
00403D49 F8 db F8
00403D4A 85 db 85
00403D4B C0 db C0
00403D4C 75 db 75 ; CHAR 'u'
00403D4D 05 db 05
00403D4E B8 db B8
00403D4F 84DF4700 dd DSH.0047DF84
00403D53 50 db 50 ; CHAR 'P'
00403D54 68 db 68 ; CHAR 'h'
00403D55 01 db 01
00403D56 00 db 00
00403D57 04 db 04
00403D58 00 db 00
00403D59 68 db 68 ; CHAR 'h'
00403D5A F5 db F5
00403D5B 00 db 00
00403D5C 01 db 01
00403D5D 16 db 16
00403D5E 68 db 68 ; CHAR 'h'
00403D5F 01 db 01
00403D60 00 db 00
00403D61 01 db 01
00403D62 52 db 52 ; CHAR 'R'
00403D63 68 db 68 ; CHAR 'h'
00403D64 03 db 03
00403D65 00 db 00
00403D66 00 db 00
00403D67 00 db 00
00403D68 B8 db B8
00403D69 03 db 03
00403D6A 00 db 00
00403D6B 00 db 00
00403D6C 00 db 00
00403D6D BB db BB
00403D6E 90 nop
00403D6F . 58 45 00 ascii "XE",0
00403D72 . E8 7D 21 00 ascii "鑮!",0
00403D76 00 db 00
00403D77 83 db 83
00403D78 C4 db C4
00403D79 28 db 28 ; CHAR '('
00403D7A 8B db 8B
00403D7B 5D db 5D ; CHAR ']'
00403D7C F8 db F8
00403D7D 85 db 85
00403D7E . DB 74 09 53 E>ascii "踭 S鑋!",0
00403D86 00 db 00
00403D87 83 db 83
00403D88 C4 db C4
00403D89 04 db 04
00403D8A 8B db 8B
00403D8B 5D db 5D ; CHAR ']'
00403D8C F4 db F4
00403D8D 85 db 85
00403D8E . DB 74 09 53 E>ascii "踭 S鐺!",0
00403D96 00 db 00
00403D97 83 db 83
00403D98 C4 db C4
00403D99 04 db 04
00403D9A F8 db F8
00403D9B 73 db 73 ; CHAR 's'
00403D9C 01 db 01
00403D9D B0 db B0
00403D9E . EB 01 jmp short 00403DA1
00403DA0 BD db BD
00403DA1 > 68 04000080 push 80000004
00403DA6 . 6A 00 push 0
00403DA8 . 68 70E04700 push 0047E070
00403DAD . 68 01030080 push 80000301
00403DB2 . 6A 00 push 0
00403DB4 . 68 40000000 push 40
00403DB9 . 68 04000080 push 80000004
00403DBE . 6A 00 push 0
00403DC0 . 68 79E04700 push 0047E079
00403DC5 . 68 03000000 push 3
00403DCA . BB 40704000 mov ebx, 00407040
00403DCF . E8 1A210000 call 00405EEE
00403DD4 . 83C4 28 add esp, 28
00403DD7 . 6A 00 push 0
00403DD9 . 6A 00 push 0
00403DDB . 6A 00 push 0
00403DDD . 68 01000100 push 10001
00403DE2 . 68 00000106 push 6010000
00403DE7 . 68 01000152 push 52010001
00403DEC . 68 02000000 push 2
00403DF1 . BB B0714000 mov ebx, 004071B0
00403DF6 . E8 F3200000 call 00405EEE
00403DFB . 83C4 1C add esp, 1C
00403DFE . EB 01 jmp short 00403E01
00403E00 0F db 0F
00403E01 > 68 02000080 push 80000002
00403E06 . 6A 00 push 0
00403E08 . 68 00000000 push 0
00403E0D . 6A 00 push 0
00403E0F . 6A 00 push 0
00403E11 . 6A 00 push 0
00403E13 . 68 01000100 push 10001
00403E18 . 68 3B000106 push 601003B
00403E1D . 68 3C000152 push 5201003C
00403E22 . 68 03000000 push 3
00403E27 . BB 70614000 mov ebx, 00406170
00403E2C . E8 BD200000 call 00405EEE
00403E31 . 83C4 28 add esp, 28
00403E34 . EB 01 jmp short 00403E37
00403E36 82 db 82
00403E37 > 68 04000080 push 80000004
00403E3C . 6A 00 push 0
00403E3E . 68 37E24700 push 0047E237 ; ASCII "YN"
00403E43 . 68 01000000 push 1
00403E48 . BB 50664000 mov ebx, 00406650
00403E4D . E8 9C200000 call 00405EEE
00403E52 . 83C4 10 add esp, 10
00403E55 . 8945 FC mov dword ptr [ebp-4], eax
00403E58 . F9 stc
00403E59 . 72 01 jb short 00403E5C
00403E5B 7F db 7F
00403E5C . 68 04000080 push 80000004
00403E61 . 6A 00 push 0
00403E63 . 8B45 FC mov eax, dword ptr [ebp-4]
00403E66 . 85C0 test eax, eax
00403E68 . 75 05 jnz short 00403E6F
00403E6A . B8 84DF4700 mov eax, 0047DF84
00403E6F > 50 push eax
00403E70 . 68 04000080 push 80000004
00403E75 . 6A 00 push 0
00403E77 . 68 8FDF4700 push 0047DF8F ; software\microsoft\internet explorer\plugins\ywh\kaoshi\reg
00403E7C . 68 01030080 push 80000301
00403E81 . 6A 00 push 0
00403E83 . 68 04000000 push 4
00403E88 . 68 03000000 push 3
00403E8D . BB 806F4000 mov ebx, 00406F80
00403E92 . E8 57200000 call 00405EEE
00403E97 . 83C4 28 add esp, 28
00403E9A . 8B5D FC mov ebx, dword ptr [ebp-4]
00403E9D . 85DB test ebx, ebx
00403E9F . 74 09 je short 00403EAA
00403EA1 . 53 push ebx
00403EA2 . E8 3B200000 call 00405EE2
00403EA7 . 83C4 04 add esp, 4
00403EAA > E9 870A0000 jmp 00404936
00403EAF > EB 01 jmp short 00403EB2
00403EB1 7A db 7A ; CHAR 'z'
00403EB2 > 68 59E24700 push 0047E259 ; ASCII "JL"
00403EB7 . FF35 98B46E00 push dword ptr [6EB498]
00403EBD . B9 02000000 mov ecx, 2
00403EC2 . E8 A8D1FFFF call 0040106F
00403EC7 . 83C4 08 add esp, 8
00403ECA . 8945 F8 mov dword ptr [ebp-8], eax
00403ECD . EB 01 jmp short 00403ED0
00403ECF 0F db 0F
00403ED0 > 68 04000080 push 80000004
00403ED5 . 6A 00 push 0
00403ED7 . 8B45 F8 mov eax, dword ptr [ebp-8]
00403EDA . 85C0 test eax, eax
00403EDC . 75 05 jnz short 00403EE3
00403EDE . B8 84DF4700 mov eax, 0047DF84
00403EE3 > 50 push eax
00403EE4 . 68 01000000 push 1
00403EE9 . BB 80644000 mov ebx, 00406480
00403EEE . E8 FB1F0000 call 00405EEE
00403EF3 . 83C4 10 add esp, 10
00403EF6 . 8945 F4 mov dword ptr [ebp-C], eax
00403EF9 . 8B5D F8 mov ebx, dword ptr [ebp-8]
00403EFC . 85DB test ebx, ebx
00403EFE . 74 09 je short 00403F09
00403F00 . 53 push ebx
00403F01 . E8 DC1F0000 call 00405EE2
00403F06 . 83C4 04 add esp, 4
00403F09 > 6A FF push -1
00403F0B . 6A 08 push 8
00403F0D . 68 29000116 push 16010029
00403F12 . 68 01000152 push 52010001
00403F17 . E8 DE1F0000 call 00405EFA
00403F1C . 83C4 10 add esp, 10
00403F1F . 8945 F0 mov dword ptr [ebp-10], eax
00403F22 . EB 01 jmp short 00403F25
00403F24 78 db 78 ; CHAR 'x'
00403F25 > 8B45 F4 mov eax, dword ptr [ebp-C]
00403F28 . 50 push eax
00403F29 . FF75 F0 push dword ptr [ebp-10]
00403F2C . E8 A2D9FFFF call 004018D3
00403F31 . 83C4 08 add esp, 8
00403F34 . 83F8 00 cmp eax, 0
00403F37 . B8 00000000 mov eax, 0
00403F3C . 0F94C0 sete al
00403F3F . 8945 EC mov dword ptr [ebp-14], eax
00403F42 . 8B5D F0 mov ebx, dword ptr [ebp-10]
00403F45 . 85DB test ebx, ebx
00403F47 . 74 09 je short 00403F52
00403F49 . 53 push ebx
00403F4A . E8 931F0000 call 00405EE2
00403F4F . 83C4 04 add esp, 4
00403F52 > 8B5D F4 mov ebx, dword ptr [ebp-C]
00403F55 . 85DB test ebx, ebx
00403F57 . 74 09 je short 00403F62
00403F59 . 53 push ebx
00403F5A . E8 831F0000 call 00405EE2
00403F5F . 83C4 04 add esp, 4
00403F62 > 837D EC 00 cmp dword ptr [ebp-14], 0
00403F66 . 0F84 E7010000 je 00404153
00403F6C . 68 00000000 push 0
00403F71 . BB 00624000 mov ebx, 00406200 ; j
00403F76 . E8 731F0000 call 00405EEE
00403F7B . 83C4 04 add esp, 4
00403F7E . 8945 FC mov dword ptr [ebp-4], eax
00403F81 . EB 01 jmp short 00403F84
00403F83 BB db BB
00403F84 > 68 5CE24700 push 0047E25C ; ASCII "\Exec\ufdata\zt112\2010\JL.zip"
00403F89 . FF75 FC push dword ptr [ebp-4]
00403F8C . B9 02000000 mov ecx, 2
00403F91 . E8 D9D0FFFF call 0040106F
00403F96 . 83C4 08 add esp, 8
00403F99 . 8945 F8 mov dword ptr [ebp-8], eax
00403F9C . 8B5D FC mov ebx, dword ptr [ebp-4]
00403F9F . 85DB test ebx, ebx
00403FA1 . 74 09 je short 00403FAC
00403FA3 . 53 push ebx
00403FA4 . E8 391F0000 call 00405EE2
00403FA9 . 83C4 04 add esp, 4
00403FAC > 68 00000000 push 0
00403FB1 . BB 00624000 mov ebx, 00406200 ; j
00403FB6 . E8 331F0000 call 00405EEE
00403FBB . 83C4 04 add esp, 4
00403FBE . 8945 F4 mov dword ptr [ebp-C], eax
00403FC1 . F9 stc
00403FC2 . 72 01 jb short 00403FC5
00403FC4 0F db 0F
00403FC5 . EB 01 jmp short 00403FC8
00403FC7 . 8468 04 test byte ptr [eax+4], ch
00403FCA . 0000 add byte ptr [eax], al
00403FCC . 806A 00 8B sub byte ptr [edx], 8B
00403FD0 . 45 inc ebp
00403FD1 . F4 hlt
00403FD2 . 85C0 test eax, eax
00403FD4 . 75 05 jnz short 00403FDB
00403FD6 . B8 84DF4700 mov eax, 0047DF84
00403FDB > 50 push eax
00403FDC . 68 04000080 push 80000004
00403FE1 . 6A 00 push 0
00403FE3 . 8B45 F8 mov eax, dword ptr [ebp-8]
00403FE6 . 85C0 test eax, eax
00403FE8 . 75 05 jnz short 00403FEF
00403FEA . B8 84DF4700 mov eax, 0047DF84
00403FEF > 50 push eax
00403FF0 . 68 01000400 push 40001
00403FF5 . 68 F5000116 push 160100F5
00403FFA . 68 01000152 push 52010001
00403FFF . 68 03000000 push 3
00404004 . B8 03000000 mov eax, 3
00404009 . BB 90584500 mov ebx, 00455890
0040400E . E8 E11E0000 call 00405EF4
00404013 . 83C4 28 add esp, 28
00404016 . 8B5D F8 mov ebx, dword ptr [ebp-8]
00404019 . 85DB test ebx, ebx
0040401B . 74 09 je short 00404026
0040401D . 53 push ebx
0040401E . E8 BF1E0000 call 00405EE2
00404023 . 83C4 04 add esp, 4
00404026 > 8B5D F4 mov ebx, dword ptr [ebp-C]
00404029 . 85DB test ebx, ebx
0040402B . 74 09 je short 00404036
0040402D . 53 push ebx
0040402E . E8 AF1E0000 call 00405EE2
00404033 . 83C4 04 add esp, 4
00404036 > EB 01 jmp short 00404039
00404038 72 db 72 ; CHAR 'r'
00404039 > E8 00000000 call 0040403E
0040403E /$ 830424 06 add dword ptr [esp], 6
00404042 \. C3 retn
00404043 0F db 0F
00404044 68 db 68 ; CHAR 'h'
00404045 04 db 04
00404046 00 db 00
00404047 00806A00 dd DSH.006A8000
0040404B . 68 70 E0 47 0>ascii "hp郍",0
00404050 68 db 68 ; CHAR 'h'
00404051 01 db 01
00404052 03 db 03
00404053 00806A00 dd DSH.006A8000
00404057 . 68 40 00 ascii "h@",0
0040405A 00 db 00
0040405B 00 db 00
0040405C 68 db 68 ; CHAR 'h'
0040405D 04 db 04
0040405E 00 db 00
0040405F 00806A00 dd DSH.006A8000
00404063 . 68 79 E0 47 0>ascii "hy郍",0
00404068 68 db 68 ; CHAR 'h'
00404069 03 db 03
0040406A 00 db 00
0040406B 00 db 00
0040406C 00 db 00
0040406D BB db BB
0040406E 40704000 dd DSH.00407040
00404072 E8 db E8
00404073 77 db 77 ; CHAR 'w'
00404074 1E db 1E
00404075 00 db 00
00404076 00 db 00
00404077 83 db 83
00404078 C4286A00 dd DSH.006A28C4
0040407C 6A006A00 dd DSH.006A006A
00404080 68 db 68 ; CHAR 'h'
00404081 01 db 01
00404082 00 db 00
00404083 01006800 dd DSH.00680001
00404087 00 db 00
00404088 01 db 01
00404089 06 db 06
0040408A 68 db 68 ; CHAR 'h'
0040408B 01 db 01
0040408C 00 db 00
0040408D 01 db 01
0040408E 52 db 52 ; CHAR 'R'
0040408F 68 db 68 ; CHAR 'h'
00404090 02 db 02
00404091 00 db 00
00404092 00 db 00
00404093 00 db 00
00404094 BB db BB
00404095 B0714000 dd DSH.004071B0
00404099 E8 db E8
0040409A 50 db 50 ; CHAR 'P'
0040409B 1E db 1E
0040409C 00 db 00
0040409D 00 db 00
0040409E 83 db 83
0040409F C4 db C4
004040A0 1C db 1C
004040A1 EB db EB
004040A2 01 db 01
004040A3 0F db 0F
004040A4 68 db 68 ; CHAR 'h'
004040A5 02 db 02
004040A6 00 db 00
004040A7 00806A00 dd DSH.006A8000
004040AB 68 db 68 ; CHAR 'h'
004040AC 00 db 00
004040AD 00 db 00
004040AE 00006A00 dd DSH.006A0000
004040B2 6A006A00 dd DSH.006A006A
004040B6 68 db 68 ; CHAR 'h'
004040B7 01 db 01
004040B8 00 db 00
004040B9 01 db 01
004040BA 00 db 00
004040BB . 68 3B 00 ascii "h;",0
004040BE 01 db 01
004040BF 06 db 06
004040C0 . 68 3C 00 ascii "h<",0
004040C3 01 db 01
004040C4 52 db 52 ; CHAR 'R'
004040C5 68 db 68 ; CHAR 'h'
004040C6 03 db 03
004040C7 00 db 00
004040C8 00 db 00
004040C9 00 db 00
004040CA BB db BB
004040CB 70614000 dd DSH.00406170
004040CF E8 db E8
004040D0 1A db 1A
004040D1 1E db 1E
004040D2 00 db 00
004040D3 00 db 00
004040D4 83 db 83
004040D5 C4 db C4
004040D6 28 db 28 ; CHAR '('
004040D7 F8 db F8
004040D8 73 db 73 ; CHAR 's'
004040D9 01 db 01
004040DA 0F db 0F
004040DB 68 db 68 ; CHAR 'h'
004040DC 04 db 04
004040DD 00 db 00
004040DE 00806A00 dd DSH.006A8000
004040E2 . 68 59 E2 47 0>ascii "hY釭",0
004040E7 68 db 68 ; CHAR 'h'
004040E8 01 db 01
004040E9 00 db 00
004040EA 00 db 00
004040EB 00 db 00
004040EC BB db BB
004040ED 50664000 dd DSH.00406650
004040F1 E8 db E8
004040F2 F8 db F8
004040F3 1D db 1D
004040F4 00 db 00
004040F5 00 db 00
004040F6 83 db 83
004040F7 C4 db C4
004040F8 10 db 10
004040F9 89 db 89
004040FA 45 db 45 ; CHAR 'E'
004040FB FC db FC
004040FC F8 db F8
004040FD 73 db 73 ; CHAR 's'
004040FE . 0187 68040000 add dword ptr [edi+468], eax
00404104 . 806A 00 8B sub byte ptr [edx], 8B
00404108 . 45 inc ebp
00404109 . FC cld
0040410A . 85C0 test eax, eax
0040410C . 75 05 jnz short 00404113
0040410E . B8 84DF4700 mov eax, 0047DF84
00404113 > 50 push eax
00404114 . 68 04000080 push 80000004
00404119 . 6A 00 push 0
0040411B . 68 8FDF4700 push 0047DF8F ; software\microsoft\internet explorer\plugins\ywh\kaoshi\reg
00404120 . 68 01030080 push 80000301
00404125 . 6A 00 push 0
00404127 . 68 04000000 push 4
0040412C . 68 03000000 push 3
00404131 . BB 806F4000 mov ebx, 00406F80
00404136 . E8 B31D0000 call 00405EEE
0040413B . 83C4 28 add esp, 28
0040413E . 8B5D FC mov ebx, dword ptr [ebp-4]
00404141 . 85DB test ebx, ebx
00404143 . 74 09 je short 0040414E
00404145 . 53 push ebx
00404146 . E8 971D0000 call 00405EE2
0040414B . 83C4 04 add esp, 4
0040414E > E9 E3070000 jmp 00404936
00404153 > F9 stc
00404154 . 72 01 jb short 00404157
00404156 89 db 89
00404157 . 68 04000080 push 80000004
0040415C . 6A 00 push 0
0040415E . A1 98B46E00 mov eax, dword ptr [6EB498]
00404163 . 85C0 test eax, eax
00404165 . 75 05 jnz short 0040416C
00404167 . B8 84DF4700 mov eax, 0047DF84
0040416C > 50 push eax
0040416D ? 68 01000000 push 1
00404172 . BB 80644000 mov ebx, 00406480
00404177 . E8 721D0000 call 00405EEE
0040417C . 83C4 10 add esp, 10
0040417F . 8945 F8 mov dword ptr [ebp-8], eax
00404182 . 6A FF push -1
00404184 . 6A 08 push 8
00404186 . 68 29000116 push 16010029
0040418B . 68 01000152 push 52010001
00404190 . E8 651D0000 call 00405EFA
00404195 . 83C4 10 add esp, 10
00404198 . 8945 F4 mov dword ptr [ebp-C], eax
0040419B . EB 01 jmp short 0040419E
0040419D BF db BF
0040419E > 8B45 F8 mov eax, dword ptr [ebp-8]
004041A1 . 50 push eax
004041A2 . FF75 F4 push dword ptr [ebp-C]
004041A5 . E8 29D7FFFF call 004018D3
004041AA . 83C4 08 add esp, 8
004041AD . 83F8 00 cmp eax, 0
004041B0 . B8 00000000 mov eax, 0
004041B5 . 0F94C0 sete al
004041B8 . 8945 F0 mov dword ptr [ebp-10], eax
004041BB . 8B5D F4 mov ebx, dword ptr [ebp-C]
004041BE . 85DB test ebx, ebx
004041C0 . 74 09 je short 004041CB
004041C2 . 53 push ebx
004041C3 . E8 1A1D0000 call 00405EE2
004041C8 . 83C4 04 add esp, 4
004041CB > 8B5D F8 mov ebx, dword ptr [ebp-8]
004041CE . 85DB test ebx, ebx
004041D0 . 74 09 je short 004041DB
004041D2 . 53 push ebx
004041D3 . E8 0A1D0000 call 00405EE2
004041D8 . 83C4 04 add esp, 4
004041DB > 837D F0 00 cmp dword ptr [ebp-10], 0
004041DF . 0F84 0C020000 je 004043F1
004041E5 . 68 00000000 push 0
004041EA . BB 00624000 mov ebx, 00406200 ; j
004041EF . E8 FA1C0000 call 00405EEE
004041F4 . 83C4 04 add esp, 4
004041F7 . 8945 FC mov dword ptr [ebp-4], eax
004041FA . EB 01 jmp short 004041FD
004041FC 8B db 8B
004041FD > 68 7BE24700 push 0047E27B ; ASCII "\Exec\ufdata\zt112\2010\TY.zip"
00404202 . FF75 FC push dword ptr [ebp-4]
00404205 . B9 02000000 mov ecx, 2
0040420A . E8 60CEFFFF call 0040106F
0040420F . 83C4 08 add esp, 8
00404212 . 8945 F8 mov dword ptr [ebp-8], eax
00404215 . 8B5D FC mov ebx, dword ptr [ebp-4]
00404218 . 85DB test ebx, ebx
0040421A . 74 09 je short 00404225
0040421C . 53 push ebx
0040421D . E8 C01C0000 call 00405EE2
00404222 . 83C4 04 add esp, 4
00404225 > 68 00000000 push 0
0040422A . BB 00624000 mov ebx, 00406200 ; j
0040422F . E8 BA1C0000 call 00405EEE
00404234 . 83C4 04 add esp, 4
00404237 . 8945 F4 mov dword ptr [ebp-C], eax
0040423A . F9 stc
0040423B . 72 01 jb short 0040423E
0040423D B9 db B9
0040423E . EB 01 jmp short 00404241
00404240 ? 7F 68 jg short 004042AA
00404242 . 04 00 add al, 0
00404244 . 0080 6A008B45 add byte ptr [eax+458B006A], al
0040424A . F4 hlt
0040424B . 85C0 test eax, eax
0040424D . 75 05 jnz short 00404254
0040424F . B8 84DF4700 mov eax, 0047DF84
00404254 > 50 push eax
00404255 . 68 04000080 push 80000004
0040425A . 6A 00 push 0
0040425C . 8B45 F8 mov eax, dword ptr [ebp-8]
0040425F . 85C0 test eax, eax
00404261 . 75 05 jnz short 00404268
00404263 . B8 84DF4700 mov eax, 0047DF84
00404268 > 50 push eax
00404269 . 68 01000400 push 40001
0040426E . 68 F5000116 push 160100F5
00404273 . 68 01000152 push 52010001
00404278 . 68 03000000 push 3
0040427D . B8 03000000 mov eax, 3
00404282 . BB 90584500 mov ebx, 00455890
00404287 . E8 681C0000 call 00405EF4
0040428C . 83C4 28 add esp, 28
0040428F . 8B5D F8 mov ebx, dword ptr [ebp-8]
00404292 . 85DB test ebx, ebx
00404294 . 74 09 je short 0040429F
00404296 . 53 push ebx
00404297 . E8 461C0000 call 00405EE2
0040429C . 83C4 04 add esp, 4
0040429F > 8B5D F4 mov ebx, dword ptr [ebp-C]
004042A2 . 85DB test ebx, ebx
004042A4 . 74 09 je short 004042AF
004042A6 . 53 push ebx
004042A7 . E8 361C0000 call 00405EE2
004042AC . 83C4 04 add esp, 4
004042AF > F8 clc
004042B0 . 73 01 jnb short 004042B3
004042B2 0F db 0F
004042B3 . EB 01 jmp short 004042B6
004042B5 . B6 68 mov dh, 68
004042B7 . 04 00 add al, 0
004042B9 . 0080 6A006870 add byte ptr [eax+7068006A], al
004042BF . E0 47 loopdne short 00404308
004042C1 . 0068 01 add byte ptr [eax+1], ch
004042C4 . 0300 add eax, dword ptr [eax]
004042C6 . 806A 00 68 sub byte ptr [edx], 68
004042CA . 40 inc eax
004042CB . 0000 add byte ptr [eax], al
004042CD . 0068 04 add byte ptr [eax+4], ch
004042D0 . 0000 add byte ptr [eax], al
004042D2 . 806A 00 68 sub byte ptr [edx], 68
004042D6 .^ 79 E0 jns short 004042B8
004042D8 . 47 inc edi
004042D9 . 0068 03 add byte ptr [eax+3], ch
004042DC . 0000 add byte ptr [eax], al
004042DE . 00BB 40704000 add byte ptr [ebx+407040], bh
004042E4 . E8 051C0000 call 00405EEE
004042E9 . 83C4 28 add esp, 28
004042EC . EB 01 jmp short 004042EF
004042EE BD db BD
004042EF > 68 05000080 push 80000005
004042F4 . 6A 00 push 0
004042F6 . 68 9AE24700 push 0047E29A
004042FB . 68 04000080 push 80000004
00404300 . 6A 00 push 0
00404302 . 68 A2826C00 push 006C82A2 ; ASCII "msjetdsh.dll"
00404307 68 db 68 ; CHAR 'h'
00404308 . 0200 add al, byte ptr [eax]
0040430A . 0000 add byte ptr [eax], al
0040430C . BB A0674000 mov ebx, 004067A0
00404311 . E8 D81B0000 call 00405EEE
00404316 . 83C4 1C add esp, 1C
00404319 . 6A 00 push 0
0040431B . 6A 00 push 0
0040431D . 6A 00 push 0
0040431F . 68 01000100 push 10001
00404324 . 68 00000106 push 6010000
00404329 . 68 01000152 push 52010001
0040432E . 68 02000000 push 2
00404333 . BB B0714000 mov ebx, 004071B0
00404338 . E8 B11B0000 call 00405EEE
0040433D . 83C4 1C add esp, 1C
00404340 . EB 01 jmp short 00404343
00404342 BA db BA
00404343 > 68 02000080 push 80000002
00404348 . 6A 00 push 0
0040434A . 68 00000000 push 0
0040434F . 6A 00 push 0
00404351 . 6A 00 push 0
00404353 . 6A 00 push 0
00404355 . 68 01000100 push 10001
0040435A . 68 3B000106 push 601003B
0040435F . 68 3C000152 push 5201003C
00404364 . 68 03000000 push 3
00404369 . BB 70614000 mov ebx, 00406170
0040436E . E8 7B1B0000 call 00405EEE
00404373 . 83C4 28 add esp, 28
00404376 . EB 01 jmp short 00404379
00404378 8B db 8B
00404379 > 68 04000080 push 80000004
0040437E . 6A 00 push 0
00404380 . 68 AF826C00 push 006C82AF ; ASCII "TY"
00404385 . 68 01000000 push 1
0040438A . BB 50664000 mov ebx, 00406650
0040438F . E8 5A1B0000 call 00405EEE
00404394 . 83C4 10 add esp, 10
00404397 . 8945 FC mov dword ptr [ebp-4], eax
0040439A . F9 stc
0040439B . 72 01 jb short 0040439E
0040439D 0F db 0F
0040439E > 68 04000080 push 80000004
004043A3 . 6A 00 push 0
004043A5 . 8B45 FC mov eax, dword ptr [ebp-4]
004043A8 . 85C0 test eax, eax
004043AA . 75 05 jnz short 004043B1
004043AC . B8 84DF4700 mov eax, 0047DF84
004043B1 > 50 push eax
004043B2 . 68 04000080 push 80000004
004043B7 . 6A 00 push 0
004043B9 . 68 8FDF4700 push 0047DF8F ; software\microsoft\internet explorer\plugins\ywh\kaoshi\reg
004043BE . 68 01030080 push 80000301
004043C3 . 6A 00 push 0
004043C5 . 68 04000000 push 4
004043CA . 68 03000000 push 3
004043CF . BB 806F4000 mov ebx, 00406F80
004043D4 . E8 151B0000 call 00405EEE
004043D9 . 83C4 28 add esp, 28
004043DC . 8B5D FC mov ebx, dword ptr [ebp-4]
004043DF . 85DB test ebx, ebx
004043E1 . 74 09 je short 004043EC
004043E3 . 53 push ebx
004043E4 . E8 F91A0000 call 00405EE2
004043E9 . 83C4 04 add esp, 4
004043EC > E9 45050000 jmp 00404936
004043F1 > EB 01 jmp short 004043F4
004043F3 0F db 0F
004043F4 > 68 B2826C00 push 006C82B2 ; ASCII "BJ"
004043F9 . FF35 98B46E00 push dword ptr [6EB498]
004043FF . B9 02000000 mov ecx, 2
00404404 . E8 66CCFFFF call 0040106F
00404409 . 83C4 08 add esp, 8
0040440C . 8945 F8 mov dword ptr [ebp-8], eax
0040440F . F9 stc
00404410 . 72 01 jb short 00404413
00404412 79 db 79 ; CHAR 'y'
00404413 . 68 04000080 push 80000004
00404418 . 6A 00 push 0
0040441A . 8B45 F8 mov eax, dword ptr [ebp-8]
0040441D . 85C0 test eax, eax
0040441F . 75 05 jnz short 00404426
00404421 . B8 84DF4700 mov eax, 0047DF84
00404426 > 50 push eax
00404427 . 68 01000000 push 1
0040442C . BB 80644000 mov ebx, 00406480
00404431 . E8 B81A0000 call 00405EEE
00404436 . 83C4 10 add esp, 10
00404439 . 8945 F4 mov dword ptr [ebp-C], eax
0040443C . 8B5D F8 mov ebx, dword ptr [ebp-8]
0040443F . 85DB test ebx, ebx
00404441 . 74 09 je short 0040444C
00404443 . 53 push ebx
00404444 . E8 991A0000 call 00405EE2
00404449 . 83C4 04 add esp, 4
0040444C > 6A FF push -1
0040444E . 6A 08 push 8
00404450 . 68 29000116 push 16010029
00404455 . 68 01000152 push 52010001
0040445A . E8 9B1A0000 call 00405EFA
0040445F . 83C4 10 add esp, 10
00404462 . 8945 F0 mov dword ptr [ebp-10], eax
00404465 . F9 stc
00404466 . 72 01 jb short 00404469
00404468 B8 db B8
00404469 . 8B45 F4 mov eax, dword ptr [ebp-C]
0040446C . 50 push eax
0040446D . FF75 F0 push dword ptr [ebp-10]
00404470 . E8 5ED4FFFF call 004018D3
00404475 . 83C4 08 add esp, 8
00404478 . 83F8 00 cmp eax, 0
0040447B B8 db B8
0040447C . 0000 add byte ptr [eax], al
0040447E . 0000 add byte ptr [eax], al
00404480 . 0F94C0 sete al
00404483 . 8945 EC mov dword ptr [ebp-14], eax
00404486 . 8B5D F0 mov ebx, dword ptr [ebp-10]
00404489 . 85DB test ebx, ebx
0040448B . 74 09 je short 00404496
0040448D . 53 push ebx
0040448E . E8 4F1A0000 call 00405EE2
00404493 . 83C4 04 add esp, 4
00404496 > 8B5D F4 mov ebx, dword ptr [ebp-C]
00404499 . 85DB test ebx, ebx
0040449B . 74 09 je short 004044A6
0040449D . 53 push ebx
0040449E . E8 3F1A0000 call 00405EE2
004044A3 . 83C4 04 add esp, 4
004044A6 > 837D EC 00 cmp dword ptr [ebp-14], 0
004044AA . 0F84 DF010000 je 0040468F
004044B0 . 68 00000000 push 0
004044B5 . BB 00624000 mov ebx, 00406200 ; j
004044BA . E8 2F1A0000 call 00405EEE
004044BF . 83C4 04 add esp, 4
004044C2 . 8945 FC mov dword ptr [ebp-4], eax
004044C5 . F8 clc
004044C6 . 73 01 jnb short 004044C9
004044C8 BF db BF
004044C9 . 68 B5826C00 push 006C82B5 ; ASCII "\Exec\ufdata\zt112\2010\BJ.zip"
004044CE . FF75 FC push dword ptr [ebp-4]
004044D1 . B9 02000000 mov ecx, 2
004044D6 . E8 94CBFFFF call 0040106F
004044DB . 83C4 08 add esp, 8
004044DE . 8945 F8 mov dword ptr [ebp-8], eax
004044E1 . 8B5D FC mov ebx, dword ptr [ebp-4]
004044E4 . 85DB test ebx, ebx
004044E6 . 74 09 je short 004044F1
004044E8 . 53 push ebx
004044E9 . E8 F4190000 call 00405EE2
004044EE . 83C4 04 add esp, 4
004044F1 > 68 00000000 push 0
004044F6 . BB 00624000 mov ebx, 00406200 ; j
004044FB . E8 EE190000 call 00405EEE
00404500 . 83C4 04 add esp, 4
00404503 . 8945 F4 mov dword ptr [ebp-C], eax
00404506 . EB 01 jmp short 00404509
00404508 B6 db B6
00404509 > F9 stc
0040450A . 72 01 jb short 0040450D
0040450C 8F db 8F
0040450D > 68 04000080 push 80000004
00404512 . 6A 00 push 0
00404514 . 8B45 F4 mov eax, dword ptr [ebp-C]
00404517 . 85C0 test eax, eax
00404519 . 75 05 jnz short 00404520
0040451B . B8 84DF4700 mov eax, 0047DF84
00404520 > 50 push eax
00404521 . 68 04000080 push 80000004
00404526 . 6A 00 push 0
00404528 . 8B45 F8 mov eax, dword ptr [ebp-8]
0040452B . 85C0 test eax, eax
0040452D . 75 05 jnz short 00404534
0040452F . B8 84DF4700 mov eax, 0047DF84
00404534 > 50 push eax
00404535 . 68 01000400 push 40001
0040453A . 68 F5000116 push 160100F5
0040453F . 68 01000152 push 52010001
00404544 . 68 03000000 push 3
00404549 . B8 03000000 mov eax, 3
0040454E . BB 90584500 mov ebx, 00455890
00404553 . E8 9C190000 call 00405EF4
00404558 . 83C4 28 add esp, 28
0040455B . 8B5D F8 mov ebx, dword ptr [ebp-8]
0040455E . 85DB test ebx, ebx
00404560 . 74 09 je short 0040456B
00404562 . 53 push ebx
00404563 . E8 7A190000 call 00405EE2
00404568 . 83C4 04 add esp, 4
0040456B > 8B5D F4 mov ebx, dword ptr [ebp-C]
0040456E . 85DB test ebx, ebx
00404570 . 74 09 je short 0040457B
00404572 . 53 push ebx
00404573 . E8 6A190000 call 00405EE2
00404578 . 83C4 04 add esp, 4
0040457B > EB 01 jmp short 0040457E
0040457D B0 db B0
0040457E > EB 01 jmp short 00404581
00404580 0F db 0F
00404581 > 68 04000080 push 80000004
00404586 . 6A 00 push 0
00404588 . 68 70E04700 push 0047E070 ; 注册成功
0040458D . 68 01030080 push 80000301
00404592 . 6A 00 push 0
00404594 . 68 40000000 push 40
00404599 . 68 04000080 push 80000004
0040459E . 6A 00 push 0
004045A0 . 68 79E04700 push 0047E079 ; 恭喜你,软件注册成功!
004045A5 . 68 03000000 push 3
004045AA . BB 40704000 mov ebx, 00407040
004045AF . E8 3A190000 call 00405EEE
004045B4 . 83C4 28 add esp, 28
004045B7 . 6A 00 push 0
004045B9 . 6A 00 push 0
004045BB . 6A 00 push 0
004045BD . 68 01000100 push 10001
004045C2 . 68 00000106 push 6010000
004045C7 . 68 01000152 push 52010001
004045CC . 68 02000000 push 2
004045D1 . BB B0714000 mov ebx, 004071B0
004045D6 . E8 13190000 call 00405EEE
004045DB . 83C4 1C add esp, 1C
004045DE . EB 01 jmp short 004045E1
004045E0 0F db 0F
004045E1 > 68 02000080 push 80000002
004045E6 . 6A 00 push 0
004045E8 . 68 00000000 push 0
004045ED . 6A 00 push 0
004045EF . 6A 00 push 0
004045F1 . 6A 00 push 0
004045F3 . 68 01000100 push 10001
004045F8 . 68 3B000106 push 601003B
004045FD . 68 3C000152 push 5201003C
00404602 . 68 03000000 push 3
00404607 . BB 70614000 mov ebx, 00406170
0040460C . E8 DD180000 call 00405EEE
00404611 . 83C4 28 add esp, 28
00404614 . F9 stc
00404615 . 72 01 jb short 00404618
00404617 B5 db B5
00404618 . 68 04000080 push 80000004
0040461D . 6A 00 push 0
0040461F . 68 B2826C00 push 006C82B2 ; ASCII "BJ"
00404624 . 68 01000000 push 1
00404629 . BB 50664000 mov ebx, 00406650
0040462E . E8 BB180000 call 00405EEE
00404633 . 83C4 10 add esp, 10
00404636 . 8945 FC mov dword ptr [ebp-4], eax
00404639 . EB 01 jmp short 0040463C
0040463B 72 db 72 ; CHAR 'r'
0040463C > 68 04000080 push 80000004
00404641 . 6A 00 push 0
00404643 . 8B45 FC mov eax, dword ptr [ebp-4]
00404646 . 85C0 test eax, eax
00404648 . 75 05 jnz short 0040464F
0040464A . B8 84DF4700 mov eax, 0047DF84
0040464F > 50 push eax
00404650 . 68 04000080 push 80000004
00404655 . 6A 00 push 0
00404657 . 68 8FDF4700 push 0047DF8F ; software\microsoft\internet explorer\plugins\ywh\kaoshi\reg
0040465C . 68 01030080 push 80000301
00404661 . 6A 00 push 0
00404663 . 68 04000000 push 4
00404668 . 68 03000000 push 3
0040466D . BB 806F4000 mov ebx, 00406F80
00404672 . E8 77180000 call 00405EEE
00404677 . 83C4 28 add esp, 28
0040467A . 8B5D FC mov ebx, dword ptr [ebp-4]
0040467D . 85DB test ebx, ebx
0040467F . 74 09 je short 0040468A
00404681 . 53 push ebx
00404682 . E8 5B180000 call 00405EE2
00404687 . 83C4 04 add esp, 4
0040468A > E9 A7020000 jmp 00404936
0040468F > F8 clc
00404690 . 73 01 jnb short 00404693
00404692 B7 db B7
00404693 . 68 D4826C00 push 006C82D4 ; ASCII "NM"
00404698 . FF35 98B46E00 push dword ptr [6EB498]
0040469E . B9 02000000 mov ecx, 2
004046A3 . E8 C7C9FFFF call 0040106F
004046A8 . 83C4 08 add esp, 8
004046AB . 8945 F8 mov dword ptr [ebp-8], eax
004046AE . F9 stc
004046AF . 72 01 jb short 004046B2
004046B1 88 db 88
004046B2 . 68 04000080 push 80000004
004046B7 . 6A 00 push 0
004046B9 . 8B45 F8 mov eax, dword ptr [ebp-8]
004046BC . 85C0 test eax, eax
004046BE . 75 05 jnz short 004046C5
004046C0 . B8 84DF4700 mov eax, 0047DF84
004046C5 > 50 push eax
004046C6 . 68 01000000 push 1
004046CB . BB 80644000 mov ebx, 00406480
004046D0 . E8 19180000 call 00405EEE
004046D5 . 83C4 10 add esp, 10
004046D8 . 8945 F4 mov dword ptr [ebp-C], eax
004046DB . 8B5D F8 mov ebx, dword ptr [ebp-8]
004046DE . 85DB test ebx, ebx
004046E0 . 74 09 je short 004046EB
004046E2 . 53 push ebx
004046E3 . E8 FA170000 call 00405EE2
004046E8 . 83C4 04 add esp, 4
004046EB > 6A FF push -1
004046ED . 6A 08 push 8
004046EF . 68 29000116 push 16010029
004046F4 . 68 01000152 push 52010001
004046F9 . E8 FC170000 call 00405EFA
004046FE . 83C4 10 add esp, 10
00404701 . 8945 F0 mov dword ptr [ebp-10], eax
00404704 . EB 01 jmp short 00404707
00404706 B5 db B5
00404707 > 8B45 F4 mov eax, dword ptr [ebp-C]
0040470A . 50 push eax
0040470B . FF75 F0 push dword ptr [ebp-10]
0040470E . E8 C0D1FFFF call 004018D3
00404713 . 83C4 08 add esp, 8
00404716 . 83F8 00 cmp eax, 0
00404719 . B8 00000000 mov eax, 0
0040471E . 0F94C0 sete al
00404721 . 8945 EC mov dword ptr [ebp-14], eax
00404724 . 8B5D F0 mov ebx, dword ptr [ebp-10]
00404727 . 85DB test ebx, ebx
00404729 . 74 09 je short 00404734
0040472B . 53 push ebx
0040472C . E8 B1170000 call 00405EE2
00404731 . 83C4 04 add esp, 4
00404734 > 8B5D F4 mov ebx, dword ptr [ebp-C]
00404737 . 85DB test ebx, ebx
00404739 . 74 09 je short 00404744
0040473B . 53 push ebx
0040473C . E8 A1170000 call 00405EE2
00404741 . 83C4 04 add esp, 4
00404744 > 837D EC 00 cmp dword ptr [ebp-14], 0
00404748 . 0F84 E8010000 je 00404936
0040474E . 68 00000000 push 0
00404753 . BB 00624000 mov ebx, 00406200 ; j
00404758 . E8 91170000 call 00405EEE
0040475D . 83C4 04 add esp, 4
00404760 . 8945 FC mov dword ptr [ebp-4], eax
00404763 . EB 01 jmp short 00404766
00404765 7E db 7E ; CHAR '~'
00404766 > 68 D7826C00 push 006C82D7 ; ASCII "\Exec\ufdata\zt112\2010\NM.zip"
0040476B . FF75 FC push dword ptr [ebp-4]
0040476E . B9 02000000 mov ecx, 2
00404773 . E8 F7C8FFFF call 0040106F
00404778 . 83C4 08 add esp, 8
0040477B . 8945 F8 mov dword ptr [ebp-8], eax
0040477E . 8B5D FC mov ebx, dword ptr [ebp-4]
00404781 . 85DB test ebx, ebx
00404783 . 74 09 je short 0040478E
00404785 . 53 push ebx
00404786 . E8 57170000 call 00405EE2
0040478B . 83C4 04 add esp, 4
0040478E > 68 00000000 push 0
00404793 . BB 00624000 mov ebx, 00406200 ; j
00404798 . E8 51170000 call 00405EEE
0040479D . 83C4 04 add esp, 4
004047A0 . 8945 F4 mov dword ptr [ebp-C], eax
004047A3 . EB 01 jmp short 004047A6
004047A5 0F db 0F
004047A6 > F8 clc
004047A7 . 73 01 jnb short 004047AA
004047A9 0F db 0F
004047AA > 68 04000080 push 80000004
004047AF . 6A 00 push 0
004047B1 . 8B45 F4 mov eax, dword ptr [ebp-C]
004047B4 . 85C0 test eax, eax
004047B6 . 75 05 jnz short 004047BD
004047B8 . B8 84DF4700 mov eax, 0047DF84
004047BD > 50 push eax
004047BE . 68 04000080 push 80000004
004047C3 . 6A 00 push 0
004047C5 . 8B45 F8 mov eax, dword ptr [ebp-8]
004047C8 . 85C0 test eax, eax
004047CA . 75 05 jnz short 004047D1
004047CC . B8 84DF4700 mov eax, 0047DF84
004047D1 > 50 push eax
004047D2 . 68 01000400 push 40001
004047D7 . 68 F5000116 push 160100F5
004047DC . 68 01000152 push 52010001
004047E1 . 68 03000000 push 3
004047E6 . B8 03000000 mov eax, 3
004047EB . BB 90584500 mov ebx, 00455890
004047F0 . E8 FF160000 call 00405EF4
004047F5 . 83C4 28 add esp, 28
004047F8 . 8B5D F8 mov ebx, dword ptr [ebp-8]
004047FB . 85DB test ebx, ebx
004047FD . 74 09 je short 00404808
004047FF . 53 push ebx
00404800 . E8 DD160000 call 00405EE2
00404805 . 83C4 04 add esp, 4
00404808 > 8B5D F4 mov ebx, dword ptr [ebp-C]
0040480B . 85DB test ebx, ebx
0040480D . 74 09 je short 00404818
0040480F . 53 push ebx
00404810 . E8 CD160000 call 00405EE2
00404815 . 83C4 04 add esp, 4
00404818 > EB 01 jmp short 0040481B
0040481A 82 db 82
0040481B > E8 00000000 call 00404820
00404820 /$ 830424 06 add dword ptr [esp], 6
00404824 \. C3 retn
00404825 7C db 7C ; CHAR '|'
00404826 . 68 04000080 push 80000004
0040482B . 6A 00 push 0
0040482D . 68 70E04700 push 0047E070
00404832 . 68 01030080 push 80000301
00404837 . 6A 00 push 0
00404839 . 68 40000000 push 40
0040483E . 68 04000080 push 80000004
00404843 . 6A 00 push 0
00404845 . 68 79E04700 push 0047E079
0040484A . 68 03000000 push 3
0040484F . BB 40704000 mov ebx, 00407040
00404854 . E8 95160000 call 00405EEE
00404859 . 83C4 28 add esp, 28
0040485C . 6A 00 push 0
0040485E . 6A 00 push 0
00404860 . 6A 00 push 0
00404862 . 68 01000100 push 10001
00404867 . 68 00000106 push 6010000
0040486C . 68 01000152 push 52010001
00404871 . 68 02000000 push 2
00404876 . BB B0714000 mov ebx, 004071B0
0040487B . E8 6E160000 call 00405EEE
00404880 . 83C4 1C add esp, 1C
00404883 . EB 01 jmp short 00404886
00404885 82 db 82
00404886 > 68 02000080 push 80000002
0040488B . 6A 00 push 0
0040488D . 68 00000000 push 0
00404892 . 6A 00 push 0
00404894 . 6A 00 push 0
00404896 . 6A 00 push 0
00404898 . 68 01000100 push 10001
0040489D . 68 3B000106 push 601003B
004048A2 . 68 3C000152 push 5201003C
004048A7 . 68 03000000 push 3
004048AC . BB 70614000 mov ebx, 00406170
004048B1 . E8 38160000 call 00405EEE
004048B6 . 83C4 28 add esp, 28
004048B9 . EB 01 jmp short 004048BC
004048BB BB db BB
004048BC > 68 04000080 push 80000004
004048C1 . 6A 00 push 0
004048C3 . 68 D4826C00 push 006C82D4 ; ASCII "NM"
004048C8 . 68 01000000 push 1
004048CD . BB 50664000 mov ebx, 00406650
004048D2 . E8 17160000 call 00405EEE
004048D7 . 83C4 10 add esp, 10
004048DA . 8945 FC mov dword ptr [ebp-4], eax
004048DD . E8 00000000 call 004048E2
004048E2 /$ 830424 06 add dword ptr [esp], 6
004048E6 \. C3 retn
004048E7 B0 db B0
004048E8 . 68 04000080 push 80000004
004048ED . 6A 00 push 0
004048EF . 8B45 FC mov eax, dword ptr [ebp-4]
004048F2 . 85C0 test eax, eax
004048F4 . 75 05 jnz short 004048FB
004048F6 . B8 84DF4700 mov eax, 0047DF84
004048FB > 50 push eax
004048FC . 68 04000080 push 80000004
00404901 . 6A 00 push 0
00404903 . 68 8FDF4700 push 0047DF8F ; software\microsoft\internet explorer\plugins\ywh\kaoshi\reg
00404908 . 68 01030080 push 80000301
0040490D . 6A 00 push 0
0040490F . 68 04000000 push 4
00404914 . 68 03000000 push 3
00404919 . BB 806F4000 mov ebx, 00406F80
0040491E . E8 CB150000 call 00405EEE
00404923 . 83C4 28 add esp, 28
00404926 . 8B5D FC mov ebx, dword ptr [ebp-4]
00404929 . 85DB test ebx, ebx
0040492B . 74 09 je short 00404936
0040492D . 53 push ebx
0040492E . E8 AF150000 call 00405EE2
00404933 . 83C4 04 add esp, 4
00404936 > EB 01 jmp short 00404939
00404938 86 db 86
00404939 > F9 stc
0040493A . 72 01 jb short 0040493D
0040493C 7C db 7C ; CHAR '|'
0040493D . 68 04000080 push 80000004
00404942 . 6A 00 push 0
00404944 . 68 F6826C00 push 006C82F6
00404949 . 68 01030080 push 80000301
0040494E . 6A 00 push 0
00404950 . 68 10000000 push 10
00404955 . 68 04000080 push 80000004
0040495A . 6A 00 push 0
0040495C . 68 FF826C00 push 006C82FF ; 注册失败! 请检查您的注册码是否正确!
00404961 . 68 03000000 push 3
00404966 . BB 40704000 mov ebx, 00407040
0040496B . E8 7E150000 call 00405EEE
00404970 . 83C4 28 add esp, 28
00404973 . 8BE5 mov esp, ebp
00404975 . 5D pop ebp
00404976 . C3 retn
00404977 55 db 55 ; CHAR 'U'
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
