-
-
传神199c破解笔记
-
发表于: 2005-12-14 09:55 6495
-
iat 0073F1A4
0080556F 8BCC MOV ECX,ESP
00805571 FF71 0C PUSH DWORD PTR [ECX+C]
00805574 FF71 08 PUSH DWORD PTR [ECX+8]
00805577 FF71 04 PUSH DWORD PTR [ECX+4]
0080557A E8 4EFEFFFF CALL 008053CD
0080557F 83C4 10 ADD ESP,10
00805582 FF6424 F0 JMP [ESP-10]
8B CC FF 71 0C FF 71 08 FF 71 04 E8 4E FE FF FF 83 C4 10 FF 64 24 F0 00 00 00 00 00 00 00 00 00
code
0080536B 55 PUSH EBP
0080536C 8BEC MOV EBP,ESP
0080536E 56 PUSH ESI
004203F5 8B00 MOV EAX,[EAX] ; main_dat.0057B3D0
0057B390 00 00 00 00 F8 E3 57 00 C0 B4 57 00 79 B7 35 00 ....?W.?W.y.5.
35b779
frmain addr
003ff789
007ff789
00502E3A 0000 ADD [EAX],AL
00502E3C C3 RETN
00502E3D 8BEC MOV EBP,ESP
41f
00 02 01 E8 BE 6F BF B8 17 AB 7F BF A7 0F 6D 93 30 A0 5B 6C 39 A0 89 A5 E4 54 35 8D 9C F0 A4 43
1D FC 7A 9A 60 ED 96 02 15 DB CE 37 5F 90 4E E9 6E 50 C7 74 E8 AC B9 B1 75 25 8D 49 DF 32 82 FE
81 7E 8A 57 B2 F1 7E 3D 41 89 A2 EC B9 FB 14 29 EB EA E8 10 22 80 C3 6D 5D C5 83 CC 4E 00 00 00
2F 7C 35 88 D0 2A 01 00 01 00 00 00 40 AB C6 1D 53 4A 7E 6B 29 52 0C D4 97 FF 28 F5 E4 47 60 71
F3 23 8D 6F 47 66 61 BA D1 75 A9 BD 6C D3 B0 9F B9 14 3A 03 52 0C C4 A3 01 00 00 00 00 EB 76 7D
39 35 C6 95 60 F4 21 C5 64 44 79 62 A9 BE A2 E7 75 6D 4B A6 D0 3F EB 3B 1A B9 ED 29 A1 77 B6 BE
16 15 D3 A8 AC F9 3C 62 BF 71 E2 4B 2E E6 7E CB 80 48 02 26 B8 54 F8 FE C4 9E D8 5C 43 E2 34 BF
F0 9D 4D 9E D5 0C A5 13 ED 28 CA 22 8C C3 08 5D 2E 2D 64 10 22 D0 6F 47 AD 99 00 93 BE 44 00 00
1B 23 AD 92 9D 25 19 66 57 14 5B 54 AD 69 31 30 E2 23 E1 C3 19 C5 72 9F 30 35 D1 B8 0F 6B 18 CE
55 A5 72 5D 6B 84 57 DA 71 E8 91 DD E5 24 5A 2A F0 2B A7 20 F4 2D 8B 4E 1A 43 64 02 2F 1F E2 00
E1 5C EE 6A 16 29 6E BF B0 84 69 65 89 2A 52 BD D2 98 83 11 75 8A 0A A1 BA 92 D4 DE 10 3F 42 DE
59 8A 0B 97 91 1B 01 8B EC 13 6F 69 68 C4 5E 56 FF 7F 6E 1A 74 53 AB B1 76 ED 0A 03 7D 83 82 01
74 B3 ED CD 02 43 66 11 6B 13 E0 FF 7B 6A 5C 21 F9 71 80 A2 22 67 25 3E C1 8C 47 2C A1 D8 96 9E
33 65 8A 00 99 B9 B3 91 89 34 93 6F 0C F6 70 5F 5A 01 AD D6 60 D6 C4 FC 75 9C C9 C5 CB E8 C9 B0
0A FA A9 8E 62 2B B0 C3 D7 9E 11 94 89 CA 36 E1 DD 33 69 17 7C 95 E5 FF 91 C6 99 00 AE 55 96 35
97 58 96 9E B1 0E 5B 0F B1 D4 DD B1 BF A4 D2 13 2F BC EE DA F8 17 27 5B E7 09 31 DD 35 E7 02 64
28 0A 58 F3 56 61 D4 02 E0 CE 58 EA 7B DA 4E 5E A4 06 13 02 C8 C9 B6 70 F9 42 BC D4 70 05 7A 1E
26 E5 BE 57 16 F8 7A 95 57 95 0E 6D C8 78 9A B8 03 81 90 CC 23 38 1B 57 87 15 FD 55 03 2B 0E 22
F3 A6 B4 72 06 A4 11 5F AC 6E E3 22 30 63 89 EE 75 7D C1 5D 2E 4C F0 6F 77 CB A4 18 9F CC F6 3B
C7 D1 38 E8 B2 1A BD 8E 33 BF 2B 65 1E 9B 9E F4 1D 6C F9 D5 3D 16 B8 32 B2 8C 03 15 DC AF 97 A0
A4 89 D7 1F 85 52 86 4E 07 E1 E2 2E 0D 1F 31 BF E4 0C 50 D3 FD 7A AD 1A AB E7 7E 6C D6 80 72 7F
EB 2A 3F 7B A5 E4 9E 4D 88 86 76 4B 0E 7A 42 FD D5 A6 AB 77 23 E4 A8 45 C4 47 6D FA 25 2F 1F DC
AB 2E 8B D8 86 7F C3 6A 3D C4 01 00 88 85 FC 38 72 19 B2 34 8D D3 9D 00 45 1C A3 67 20 01 8D 56
CE 0A 70 F9 B6 2C D6 FA 0B 9E D3 21 51 65 83 F0 54 49 92 00 89 E4 63 BA F1 9C 91 FA E4 52 D2 07
A1 7E F9 47 A5 3E DF 8E D8 A6 F1 12 8A 00 1E 6C 9E B1 ED 8F 9F 8F E9 F4 B5 44 1A 62 0B FA 6A 68
A6 FC CD 72 15 EB 8D 59 26 E4 C6 F8 58 BC 2E 8E 59 F6 E1 19 AB 49 C9 58 0C E1 2B E7 34 65 7E D3
AD A4 C8 69 91 C0 AA 9F AE 59 20 03 9E 85 C4 A8 90 5B 3C 00 A1 A5 9E 1D DA C6 E8 EA E6 F7 31 F8
68 28 A3 DC FC 65 E0 29 9C 65 3B E0 83 99 4E 97 CC E0 D0 F7 CC 5D 08 60 AA 72 4E 21 F7 95 11 96
D8 F7 E8 46 01 62 32 41 DF B5 4C C0 A4 2B 3B F2 1F B4 5B 74 67 C3 D1 2C FE F0 32 92 A1 E4 5B 5A
B7 0F C8 9D 44 BC A9 12 03 95 5D 41 3C E6 18 1F A8 C6 FE 24 48 34 55 B6 C4 D4 19 88 A4 A4 28 27
9E 1E F9 CA 0B 7F A4 72 A6 67 F5 BA 9E BF AF 3E F0 16 67 6F 06 28 77 33 04 C8 C5 B5 7F AC 96 57
DC D6 F8 CE 9C 1B BB 99 0D 76 0C 0B 24 AF F6 00 FA 8B 5E 46 1C 0D 27 42 0B 0E 59 25 08 0B 27 42
09 0A 26 00 53 34 26 44 01 27 50 3C 54 76 6B 2C 59 4A 5D 21 4E 56 43 1D 73 42 0E 7E 31 14 2B 00
004BB09F 90 NOP
004BB0A0 53 PUSH EBX ; recv
004BB0A1 56 PUSH ESI
004BB0A2 8BDA MOV EBX,EDX
recv data addr
3ff369
005A2450 B8 1F040000 MOV EAX,41F
005A2455 8BC8 MOV ECX,EAX
005A2457 BE 69F37F00 MOV ESI,007FF369
005A245C 8B3B MOV EDI,[EBX]
005A245E F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR [ESI>
005A2460 ^ E9 688CF1FF JMP 004BB0CD
B8 1F 04 00 00 8B C8 BE 69 F3 7F 00 8B 3B F3 A4 E9 68 8C F1 FF 00 00 00 00 00 00 00 00 00 00 00
004BB0AD B8 1F040000 MOV EAX,41F
004BB0B2 8BD0 MOV EDX,EAX
004BB0B4 8BC3 MOV EAX,EBX
004BB0B6 E8 19A2F4FF CALL 004052D4
004BB0BB E9 90730E00 JMP 005A2450
004BB0C0 90 NOP
004BB0C1 90 NOP
B8 1F 04 00 00 8B D0 8B C3 E8 19 A2 F4 FF E9 90 73 0E 00 90 90 8B C8 8B 13 8B C6 E8 5B FE FF FF
end addr
762ff0
763000
0058C36E PUSH 58C508 您的
0058C37A PUSH 58C518 剩余
构造登陆信息
00590D2B E8 E88FFEFF CALL 00579D18
00590D30 A1 AC085A00 MOV EAX,[5A08AC]
00590D35 8B00 MOV EAX,[EAX]
00590D2B E8 E88FFEFF CALL 00579D18
00590D30 E9 CB1A1D00 JMP 00762800
00590D35 8B00 MOV EAX,[EAX]
00762800 60 PUSHAD
00762801 8B15 A0F35800 MOV EDX,[58F3A0] ; main_dat.00408DC3
lstrcpyA
lstrlenA
1 00801534 kernel32.dll 0335 lstrcpy
1 00801898 kernel32.dll 033B lstrlen
632638: 00 FF
642918: 00 FF
70FD44: 00 FF
715DC4: 00 FF
715DD0 6bit
715E38 len
00762800 60 PUSHAD
00762801 8B15 80155A00 MOV EDX,[5A1580] ; main_dat.006325F4
00762807 42 INC EDX
00762808 52 PUSH EDX
00762809 68 9C287600 PUSH 0076289C
0076280E FF15 34158000 CALL [<&kernel32.lstrcpy>] ; kernel32.lstrcpyA
00762814 8BD8 MOV EBX,EAX
00762816 68 9C287600 PUSH 0076289C
0076281B FF15 98188000 CALL [<&kernel32.lstrlen>] ; kernel32.lstrlenA
00762821 03C3 ADD EAX,EBX
00762823 C600 2F MOV BYTE PTR [EAX],2F
00762826 40 INC EAX
00762827 8B15 9C0E5A00 MOV EDX,[5A0E9C] ; main_dat.0063260C
0076282D 42 INC EDX
0076282E 52 PUSH EDX
0076282F 50 PUSH EAX
00762830 FF15 34158000 CALL [<&kernel32.lstrcpy>] ; kernel32.lstrcpyA
00762836 68 9C287600 PUSH 0076289C
0076283B FF15 98188000 CALL [<&kernel32.lstrlen>] ; kernel32.lstrlenA
00762841 6A 00 PUSH 0
00762843 83C0 0C ADD EAX,0C
00762846 50 PUSH EAX
00762847 B9 D05D7100 MOV ECX,00715DD0
0076284C B8 90287600 MOV EAX,00762890
00762851 33D2 XOR EDX,EDX
00762853 E8 7823D4FF CALL 004A4BD0
00762858 68 D05D7100 PUSH 00715DD0
0076285D FF15 98188000 CALL [<&kernel32.lstrlen>] ; kernel32.lstrlenA
00762863 A3 385E7100 MOV [715E38],EAX
00762868 B8 FFFFFFFF MOV EAX,-1
0076286D A3 38266300 MOV [632638],EAX
00762872 A3 18296400 MOV [642918],EAX
00762877 A3 44FD7000 MOV [70FD44],EAX
0076287C A3 C45D7100 MOV [715DC4],EAX
00762881 61 POPAD
00762882 8B15 A0F35800 MOV EDX,[58F3A0] ; main_dat.00408DC3
00762888 ^ E9 A8E4E2FF JMP 00590D35
60 8B 15 80 15 5A 00 42 52 68 9C 28 76 00 FF 15 34 15 80 00 8B D8 68 9C 28 76 00 FF 15 98 18 80
00 03 C3 C6 00 2F 40 8B 15 9C 0E 5A 00 42 52 50 FF 15 34 15 80 00 68 9C 28 76 00 FF 15 98 18 80
00 6A 00 83 C0 0C 50 B9 D0 5D 71 00 B8 90 28 76 00 33 D2 E8 78 23 D4 FF 68 D0 5D 71 00 FF 15 98
18 80 00 A3 38 5E 71 00 B8 FF FF FF FF A3 38 26 63 00 A3 18 29 64 00 A3 44 FD 70 00 A3 C4 5D 71
00 61 8B 15 A0 F3 58 00 E9 A8 E4 E2 FF 00 00 00 00 00 00 00 67 00 00 00 00 00 00 00 00 00 00 00
bit6en
004A4BD0 55 PUSH EBP
00592580 55 PUSH EBP ; send
id
00592758 8B15 80155A00 MOV EDX,[5A1580] ; main_dat.006325F4
name
00592794 8B15 9C0E5A00 MOV EDX,[5A0E9C] ; main_dat.0063260C
00579B74 E8 67F5FFFF CALL 005790E0
00579B79 E9 8B000000 JMP 00579C09
00579B7E E8 89F2FFFF CALL 00578E0C
00579B83 E9 81000000 JMP 00579C09
00579B6F /E9 95000000 JMP 00579C09
00579B74 |90 NOP
00579B75 |90 NOP
00579B76 |90 NOP
00579B77 |90 NOP
00579B78 |90 NOP
00579B79 |E9 8B000000 JMP 00579C09
00579B7E |90 NOP
00579B7F |90 NOP
00579B80 |90 NOP
00579B81 |90 NOP
00579B82 |90 NOP
00579B83 |E9 81000000 JMP 00579C09
E9 95 00 00 00 90 90 90 90 90 E9 8B 00 00 00 90 90 90 90 90
Log data, item 0
Address=00402C36
Message=Invalid floating-point operation
00590D26 BA 080E5900 MOV EDX,00590E08
00590D2B E8 E88FFEFF CALL 00579D18
00590D30 E9 CB1A1D00 JMP 00762800
00590D26 BA 080E5900 MOV EDX,00590E08
00590D2B 90 NOP
00590D2C 90 NOP
00590D2D 90 NOP
00590D2E 90 NOP
00590D2F 90 NOP
00590D30 E9 CB1A1D00 JMP 00762800
00590D35 8B00 MOV EAX,[EAX]
relogin
00509451 8D05 4B945000 LEA EAX,[50944B]
00509457 8B00 MOV EAX,[EAX]
00509459 FF75 FC PUSH DWORD PTR [EBP-4]
0050945C FF75 F8 PUSH DWORD PTR [EBP-8]
0050945F FFD0 CALL EAX
00509461 33C0 XOR EAX,EAX
00509463 5A POP EDX
0050944B 8F 2E 35 00 ?5..
352e8f
55 8B EC 60 8B 7D 08 8B 75 0C 57 8B 1F 8B 4F 04 BA B9 79 37 9E 8B C2 C1 E0 05 BF 20 00 00 00 8B
EB C1 E5 04 2B CD 8B 6E 08 33 EB 2B CD 8B EB C1 ED 05 33 E8 2B CD 2B 4E 0C 8B E9 C1 E5 04 2B DD
8B 2E 33 E9 2B DD 8B E9 C1 ED 05 33 E8 2B DD 2B 5E 04 2B C2 4F 75 C8 5F 89 1F 89 4F 04 61 C9 C2
08 00
008055BF . 0000 ADD [EAX],AL
bf558000
0058C35B 8338 00 CMP DWORD PTR [EAX],0
0058C35E 7C 4D JL SHORT 0058C3AD
0058C360 6A 00 PUSH 0
0058C362 6A 00 PUSH 0
0058C35E /7C 4D JL SHORT 0058C3AD
0058C360 |E9 9B651D00 JMP 00762900
0058C365 |90 NOP
00762900 60 PUSHAD
00762901 B9 36000000 MOV ECX,36
00762906 BE 16017400 MOV ESI,00740116
0076290B 8136 24698724 XOR DWORD PTR [ESI],24876924
00762911 83C6 04 ADD ESI,4
00762914 ^ E2 F5 LOOPD SHORT 0076290B
00762916 E8 4B000000 CALL 00762966
0076291B 33C0 XOR EAX,EAX
0076291D BA 01000000 MOV EDX,1
00762922 E8 99FED9FF CALL 005027C0
00762927 E8 3A000000 CALL 00762966
0076292C B8 7D297600 MOV EAX,0076297D
00762931 BA 00C00000 MOV EDX,0C000
00762936 E8 85FED9FF CALL 005027C0
0076293B E8 26000000 CALL 00762966
00762940 33C0 XOR EAX,EAX
00762942 BA 01000000 MOV EDX,1
00762947 E8 74FED9FF CALL 005027C0
0076294C E8 15000000 CALL 00762966
00762951 B8 B7297600 MOV EAX,007629B7
00762956 BA 00C00000 MOV EDX,0C000
0076295B E8 60FED9FF CALL 005027C0
00762960 61 POPAD
00762961 ^ E9 479AE2FF JMP 0058C3AD
00762966 58 POP EAX
00762967 6A 00 PUSH 0
00762969 6A 00 PUSH 0
0076296B 6A 00 PUSH 0
0076296D 6A 00 PUSH 0
0076296F 6A 00 PUSH 0
00762971 6A 00 PUSH 0
00762973 6A 00 PUSH 0
00762975 33C9 XOR ECX,ECX
00762977 FFE0 JMP EAX
60 B9 36 00 00 00 BE 16 29 76 00 81 36 24 69 87 24 83 C6 04 E2 F5 CC 22 87 24 24 5A 47 9E 25 69
87 24 CC F0 79 FD DB 81 BD 24 24 69 3F 59 0D 1F 87 9E 24 A9 87 24 CC EC 79 FD DB 81 A1 24 24 69
B4 E4 9E 68 87 24 24 81 F3 DA FD 96 6F 31 24 69 87 9C 93 40 F1 24 9E 69 47 24 24 81 E7 DA FD 96
E6 CD 63 F3 65 DB 7C 03 87 4E 24 03 87 4E 24 03 87 4E 24 03 87 17 ED 96 67 12 24 69 87 EF E9 D1
7F EC EC B8 2D 90 8F AF 61 16 1C AE 7F E3 88 A9 23 F5 D0 D0 65 85 CC AD 7C E7 EE DB 5A 87 88 BE
24 EF D9 A5 6B E8 C8 BA 57 9E E7 B9 43 E3 CD 49 D9 7B 7A 5C 87 24 24 AD 7D 91 E0 A1 4F F5 8E DD
2C ED D5 A3 24 F7 C4 50 BE 1D 1D A5 6B 14 F4 C8 4D 95 04 2A F5 45 47 02 E2 40 04 0B FE 04 F4 C8
4F 8F 04 5B B7 14 11 44 BE 09 15 69 87 24 00 00
012DEF7C D0 2A 01 00 ?...
时间
00401081 |. E8 30010000 CALL <JMP.&wsock32.inet_ntoa>
00406590 68 0C674000 PUSH 0040670C ; ASCII "kernel32.dll"
00406595 E8 86ADFFFF CALL <JMP.&kernel32.GetModuleHandleA>
0040659A 8BF0 MOV ESI,EAX
0040659C 85F6 TEST ESI,ESI
0040659E 74 40 JE SHORT 004065E0
004065A0 68 1C674000 PUSH 0040671C ; ASCII "GetLongPathNameA"
004065A5 56 PUSH ESI
004065A6 E8 7DADFFFF CALL <JMP.&kernel32.GetProcAddress>
00762A00 68 3D2A7600 PUSH 00762A3D ; ASCII "582K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4Z5K9h3&6S2i4K6u0W2j5$3!0E0"
00762A05 FF15 0C1A8000 CALL [<&wsock32.gethostbyname>] ; WS2_32.gethostbyname
00762A0B 8B40 0C MOV EAX,[EAX+C]
00762A0E 8B08 MOV ECX,[EAX]
00762A10 8B09 MOV ECX,[ECX]
00762A12 51 PUSH ECX
00762A13 68 4B2A7600 PUSH 00762A4B ; ASCII "wsock32.dll"
00762A18 FF15 20128000 CALL [<&kernel32.GetModuleHandleA>] ; kernel32.GetModuleHandleA
00762A1E 68 572A7600 PUSH 00762A57 ; ASCII "inet_ntoa"
00762A23 50 PUSH EAX
00762A24 FF15 AC188000 CALL [<&kernel32.GetProcAddress>] ; kernel32.GetProcAddress
00762A2A FFD0 CALL EAX
00762A2C 50 PUSH EAX
00762A2D 68 612A7600 PUSH 00762A61
00762A32 FF15 34158000 CALL [<&kernel32.lstrcpy>] ; kernel32.lstrcpyA
00762A38 - E9 D4D689FF JMP 00000111
68 3D 2A 76 00 FF 15 0C 1A 80 00 8B 40 0C 8B 08 8B 09 51 68 4B 2A 76 00 FF 15 20 12 80 00 68 57
2A 76 00 50 FF 15 AC 18 80 00 FF D0 50 68 61 2A 76 00 FF 15 34 15 80 00 E9 D4 D6 89 FF 77 77 77
2E 63 68 69 6E 61 2E 63 6F 6D 00 77 73 6F 63 6B 33 32 2E 64 6C 6C 00 69 6E 65 74 5F 6E 74 6F 61
0050B797 /75 1F JNZ SHORT 0050B7B8
0050B799 |FF25 EC0E4000 JMP [400EEC]
0050B79F |68 18B85000 PUSH 0050B818
FF25 ????4000
DS:[00400EEC]=0035ADD1
0035ADD1 FF35 34F35900 PUSH DWORD PTR [59F334] ; main_dat.00502344
0035ADD7 68 9FB75000 PUSH 50B79F
0035ADDC C3 RETN
0050B797 /75 1F JNZ SHORT 0050B7B8
0050B799 |FF35 34F35900 PUSH DWORD PTR [59F334] ; main_dat.00502344
0050B79F |68 18B85000 PUSH 0050B818
$+444 > 00000000
$+448 > 00000000
$+44C >/015CFF38
$+450 >|004D9159 RETURN to main_dat.004D9159 from main_dat.004DFA3C
$+454 >|015CFF40 Pointer to next SEH record
$+458 >|004D9212 SE handler
$+45C >|015CFF38
$+460 >|0127A2E4
$+464 >|02BD8764 ASCII "vnext:0"
$+468 >|00000000
$+46C >|00000000
$+470 >|00000170
$+474 >|0012FA00
$+478 >|00000236
$+47C >|584DDC00
$+480 >|01986B9C ASCII "cmdno 368 count 566"
$+484 >|00002710
$+488 >]015CFF58
$+48C >|004D8459 RETURN to main_dat.004D8459 from main_dat.004D8E40
$+490 >|015CFF60 Pointer to next SEH record
$+494 >|004D847B SE handler
$+498 >|015CFF58
$+49C >|01226BCC
$+4A0 >|018D90CC ASCII "ts:1"
$+4A4 >|07B24C07
$+4A8 >]015CFF70
$+4AC >|005021ED RETURN to main_dat.005021ED from main_dat.004D8350
$+4B0 >|015CFF78 Pointer to next SEH record
$+4B4 >|0050226D SE handler
$+4B8 >|015CFF70
$+4BC >|012B0318
$+4C0 >]015CFFA0
$+4C4 >|00423C53 RETURN to main_dat.00423C53
$+4C8 >|015CFF84 Pointer to next SEH record
$+A4 > 00000000
$+A8 > 00000000
$+AC > 00000038
$+B0 > 00000023
$+B4 > 00000023
$+B8 > 0060B060 main_dat.0060B060
$+BC > 039DC1C4
$+C0 > 012BD778
$+C4 > 039C000C
$+C8 > 0000004E
Log data, item 1
Address=004DFA90
Message=Access violation when reading [039DC1C4]
004DFA57 64:FF30 PUSH DWORD PTR FS:[EAX]
004DFA5A 64:8920 MOV FS:[EAX],ESP
004DFA5D 33C0 XOR EAX,EAX
004DFA5F 8945 FC MOV [EBP-4],EAX
004DFA62 A1 E01B5A00 MOV EAX,[5A1BE0] ;++
004DFA67 8338 00 CMP DWORD PTR [EAX],0
004DFA6A 0F8C 9F040000 JL 004DFF0F
004DFA70 A1 E01B5A00 MOV EAX,[5A1BE0]
004DFA75 6B00 27 IMUL EAX,[EAX],27
004DFA78 8B15 341D5A00 MOV EDX,[5A1D34] ; main_dat.0060B2EC
0050A90D A1 58F35900 MOV EAX,[59F358]
0050A912 3B05 58B06000 CMP EAX,[60B058]
0050A918 7C 12 JL SHORT 0050A92C
0050B179 A1 10B36000 MOV EAX,[60B310]
0050B17E 0105 58B06000 ADD [60B058],EAX
0050B184 A1 58B06000 MOV EAX,[60B058]
0050B47D 8B15 FCB26000 MOV EDX,[60B2FC]
0050B483 8B8482 B4FEFFFF MOV EAX,[EDX+EAX*4-14C]
0050B48A A3 58B06000 MOV [60B058],EAX
005A1368 58 B0 60 00 X.`.
68135a
004DFA67 main_dat Always CMP DWORD PTR [EAX],0
0050A7E0 main_dat Always MOV EAX,[5A1240]
0050A912 main_dat Always CMP EAX,[60B058]
00403EA1 E8 B6030000 CALL 0040425C
00403EA6 C3 RETN
00403EA7 90 NOP
00403EA8 85C0 TEST EAX,EAX
00403EAA 74 07 JE SHORT 00403EB3
00403EAC B2 01 MOV DL,1
00403EAE 8B08 MOV ECX,[EAX]
00403EB0 FF51 FC CALL [ECX-4]
00403EB3 C3 RETN
00403EB4 53 PUSH EBX
00403EB5 56 PUSH ESI
00403EB6 57 PUSH EDI
00403EB7 89C3 MOV EBX,EAX
DS:[01264414]=???
ECX=00000000
0050A904 833D 58F35900 0>CMP DWORD PTR [59F358],0 ; -1
004D8F43 MOV DWORD PTR [EAX],-1 11111111begin
004D90FF INC DWORD PTR [EAX] +++++222222222
0050A75F MOV DWORD PTR [59F358],-1 buuuuuuuuuuuug!!!
0050A904 CMP DWORD PTR [59F358],0 -1
0050A90D MOV EAX,[59F358] -1
0050A912 CMP EAX,[60B058] 0
004D90A0 A1 F41D5A00 MOV EAX,[5A1DF4]
004D90A5 66:C740 02 0000 MOV WORD PTR [EAX+2],0
004D90AB A1 EC1E5A00 MOV EAX,[5A1EEC]
004D90B0 33D2 XOR EDX,EDX
004D90B2 8910 MOV [EAX],EDX
004D90B4 A1 20075A00 MOV EAX,[5A0720] ;
004D90B9 8B00 MOV EAX,[EAX]
004D90BB 35 CD070000 XOR EAX,7CD
004D90C0 8B15 640F5A00 MOV EDX,[5A0F64] ; 12dec54
004D90C6 8B12 MOV EDX,[EDX]
004D90C8 3302 XOR EAX,[EDX]
004D90CA 8B15 AC175A00 MOV EDX,[5A17AC] ; 12dec50
004D90D0 8B12 MOV EDX,[EDX]
004D90D2 3B02 CMP EAX,[EDX]
004D90D4 EB 24 JMP SHORT 004D90FA
004D90D6 B8 E8030000 MOV EAX,3E8
004D90DB E8 C8A2F2FF CALL 004033A8
0057EF96 3345 EC XOR EAX,[EBP-14]
0057EF99 35 CD070000 XOR EAX,7CD
0057EF9E 8B15 20075A00 MOV EDX,[5A0720] ; main_dat.00739A1C
0057EFA4 8902 MOV [EDX],EAX
0057EFA6 8B45 FC MOV EAX,[EBP-4]
004D90F2 8B15 A41C5A00 MOV EDX,[5A1CA4] ; main_dat.0059FD70
004D90F8 8902 MOV [EDX],EAX
004033A8 53 PUSH EBX
004033A9 31DB XOR EBX,EBX
004033AB 6993 08C05900 05840808 IMUL EDX,[EBX+59C008],8088405
004033B5 42 INC EDX
004033B6 8993 08C05900 MOV [EBX+59C008],EDX
004033BC F7E2 MUL EDX
004033BE 89D0 MOV EAX,EDX
004033C0 5B POP EBX
004033C1 C3 RETN
004EF736 A1 40205A00 MOV EAX,[5A2040]
004EF73B 8B00 MOV EAX,[EAX]
004EF73D 8A80 95000000 MOV AL,[EAX+95] ; 取0x95
004EF743 8B15 6C0B5A00 MOV EDX,[5A0B6C]; 保存0x95
004EF749 8802 MOV [EDX],AL
004EF74B A1 6C0B5A00 MOV EAX,[5A0B6C]
004EF750 8A00 MOV AL,[EAX]
004EF752 34 61 XOR AL,61
004EF754 8B15 041C5A00 MOV EDX,[5A1C04] ; !!!!!!!!!!
004EF75A 3A02 CMP AL,[EDX]
004EF75C 75 24 JNZ SHORT 004EF782
004EF75E A1 40205A00 MOV EAX,[5A2040]
004EF763 8B00 MOV EAX,[EAX]
004EF765 8A80 9C000000 MOV AL,[EAX+9C] ;取0x9c
004EF76B 8B15 F0235A00 MOV EDX,[5A23F0] ;存0x9c
004EF771 8802 MOV [EDX],AL
004EF773 A1 F0235A00 MOV EAX,[5A23F0]
004EF778 8A00 MOV AL,[EAX]
004EF77A 8B15 B4165A00 MOV EDX,[5A16B4] ;存0x9c
004EF780 8802 MOV [EDX],AL
004EF782 8B45 F4 MOV EAX,[EBP-C] ; leb2
004EF785 8B00 MOV EAX,[EAX]
DS:[0070FF28]=47 ('G')
AL=54 ('T')
循环怪物
004DA888 C745 F8 0000000>MOV DWORD PTR [EBP-8],0
004DA88F 6B45 F8 43 IMUL EAX,[EBP-8],43
004DA893 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
004DA899 833C82 00 CMP DWORD PTR [EDX+EAX*4],0
004DA89D 74 62 JE SHORT 004DA901
004DA89F 6B45 F8 43 IMUL EAX,[EBP-8],43
004DA8A3 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
004DA8A9 837C82 50 00 CMP DWORD PTR [EDX+EAX*4+50],0
004DA8AE 75 51 JNZ SHORT 004DA901
004DA8B0 6B45 F8 43 IMUL EAX,[EBP-8],43
004DA8B4 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
004DA8BA 8A4482 2E MOV AL,[EDX+EAX*4+2E]
004DA8BE 04 FA ADD AL,0FA
004DA8C0 2C 03 SUB AL,3
004DA8C2 72 3D JB SHORT 004DA901
004DA8C4 6B45 F8 43 IMUL EAX,[EBP-8],43
004DA8C8 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
004DA8CE 0FB74482 32 MOVZX EAX,WORD PTR [EDX+EAX*4+32]
004DA8D3 50 PUSH EAX
004DA8D4 6B45 F8 43 IMUL EAX,[EBP-8],43
004DA8D8 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
004DA8DE 0FB74C82 30 MOVZX ECX,WORD PTR [EDX+EAX*4+30]
004DA8E3 8B15 1C0F5A00 MOV EDX,[5A0F1C] ; main_dat.006243C4
004DA8E9 0FB752 38 MOVZX EDX,WORD PTR [EDX+38]
004DA8ED A1 1C0F5A00 MOV EAX,[5A0F1C]
004DA8F2 0FB740 36 MOVZX EAX,WORD PTR [EAX+36]
004DA8F6 E8 25880200 CALL 00503120
004DA8FB 48 DEC EAX
004DA8FC 7F 03 JG SHORT 004DA901
004DA8FE FF45 F4 INC DWORD PTR [EBP-C]
004DA901 FF45 F8 INC DWORD PTR [EBP-8]
004DA904 FF4D E8 DEC DWORD PTR [EBP-18]
004DA907 ^ 75 86 JNZ SHORT 004DA88F
0050A5AD A1 40205A00 MOV EAX,[5A2040]
0050A5B2 8B00 MOV EAX,[EAX]
0050A5B4 8A40 78 MOV AL,[EAX+78]
0050A5B7 8B15 041C5A00 MOV EDX,[5A1C04] ; main_dat.0070FF28
0050A5BD 8802 MOV [EDX],AL
[EAX+95](0x35) xor 0x61 = (0x54) cmp [EAX+78](0x47) ok
[EAX+95](0x35) xor 0x61 cmp [EAX+8] xx
DS:[005A0F64]=005A88EC (main_dat.005A88EC)
DS:[005A17AC]=005A88DC (main_dat.005A88DC)
005A88EC
ec 88 5a 00
004C1403 8B45 FC MOV EAX,[EBP-4]
004C1406 05 A4010000 ADD EAX,1A4
004C140B 8B15 B00A5A00 MOV EDX,[5A0AB0] ; main_dat.00710428
004C1411 8902 MOV [EDX],EAX
004C1413 8B45 FC MOV EAX,[EBP-4]
[005A0AB0]=00710428
28 04 71 00
0053AB58 55 PUSH EBP
0053AB59 8BEC MOV EBP,ESP
0053AB5B 81C4 E8FEFFFF ADD ESP,-118
0053AB61 33D2 XOR EDX,EDX
0053AB63 8995 E8FEFFFF MOV [EBP-118],EDX
0053AB69 8955 EC MOV [EBP-14],EDX
0053AB6C 8955 F0 MOV [EBP-10],EDX
0053AB6F 8945 FC MOV [EBP-4],EAX
0053AB72 33C0 XOR EAX,EAX
0053AB74 55 PUSH EBP
0053AB75 68 41B05300 PUSH 0053B041
0053AB7A 64:FF30 PUSH DWORD PTR FS:[EAX]
0053AB7D 64:8920 MOV FS:[EAX],ESP
0053AB80 6B45 FC 43 IMUL EAX,[EBP-4],43
0053AB84 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0053AB8A C64482 2E 00 MOV BYTE PTR [EDX+EAX*4+2E],0
0053AB8F B8 54B05300 MOV EAX,0053B054 ; ASCII "PK"
0053AB94 E8 7BA4FCFF CALL 00505014
0053AB99 8945 F8 MOV [EBP-8],EAX
0053AB9C 837D F8 00 CMP DWORD PTR [EBP-8],0
0053ABA0 0F8C A3010000 JL 0053AD49
0053AB8F MOV EAX,53B054 PK
0058936A MOV EAX,5895EC PK
User-defined comments
Address Disassembly Comment
004CD5CC MOV EAX,[5A188C] 012DEE67
004CD5D6 MOV EDX,[5A1EA4] 012DEE6B
004CD5E8 JE SHORT 004CD646 pass
004CF5F1 MOV EAX,[5A149C] 012DEBD6
004CF5FC MOV EDX,[5A20D4] 012DEBEB
004CF606 JE SHORT 004CF61F pass
004D8F43 MOV DWORD PTR [EAX],-1 11111111begin
004D90B4 MOV EAX,[5A0720] 第3个数
004D90C0 MOV EDX,[5A0F64] 12dec54
004D90CA MOV EDX,[5A17AC] 12dec50
004D90D2 CMP EAX,[EDX] edx=12dec50
004D90FA MOV EAX,[5A1BE0] leb2
004D90FF INC DWORD PTR [EAX] +++++222222222
004DFB1E CALL 00405094 比较是不是stop
004EA253 MOV EAX,[5A1B58] 012DEE56
004EA264 MOV EDX,[EDX] 012DEE88
004EA268 JE SHORT 004EA273 pass
004EF73D MOV AL,[EAX+95] 保存0x95
004EF754 MOV EDX,[5A1C04] !!!!!!!!!!
004EF782 MOV EAX,[EBP-C] leb2
004EFA55 MOV EAX,[5A0AA4] 012DEE5C
004EFA5F MOV EDX,[5A18C8] 012DEE60
004EFA71 JE SHORT 004EFABB pass
0050A75F MOV DWORD PTR [59F358],-1 buuuuuuuuuuuug!!!
0050A904 CMP DWORD PTR [59F358],0 -1
0050A90D MOV EAX,[59F358] -1
0050A912 CMP EAX,[60B058] 0
0050A91F MOV EDI,0060AC58 (Initial CPU selection)
0050F8BE MOV EAX,[5A1F70] 012DEB87
0050F8C7 MOV EDX,[5A1544] 012DECC8
0050F8E1 JNZ SHORT 0050F8F4 !!!!!!!
00535D3A CALL 0053AB58 pk
0058E523 CALL 0053AB58 pk
00595BCF MOV EAX,00595CC4 服务器忙
00595BFC MOV EDX,00595CD8 与服务器出现连接错误:
0040ADBE DB45 F8 FILD DWORD PTR [EBP-8]
0040ADC1 D835 DCAD4000 FDIV DWORD PTR [40ADDC]
0040ADC7 8B45 08 MOV EAX,[EBP+8]
0040ADCA DD18 FSTP QWORD PTR [EAX]
00535D32 E8 51D4ECFF CALL 00403188
00535D37 8B45 FC MOV EAX,[EBP-4]
00535D3A E8 194E0000 CALL 0053AB58 ; pk
00535D3F 6A 00 PUSH 0
;怪物和PK比较。。
00505056 8D45 EC LEA EAX,[EBP-14]
00505059 8B55 F4 MOV EDX,[EBP-C]
0050505C 8BCA MOV ECX,EDX
0050505E C1E2 05 SHL EDX,5
00505061 2BD1 SUB EDX,ECX
00505063 8B0D A41A5A00 MOV ECX,[5A1AA4] ; main_dat.00642920
00505069 8B09 MOV ECX,[ECX]
0050506B 8D1451 LEA EDX,[ECX+EDX*2]
0050506E E8 81FEEFFF CALL 00404EF4
00505073 8B45 EC MOV EAX,[EBP-14]
00505076 8B55 FC MOV EDX,[EBP-4]
00505079 E8 1600F0FF CALL 00405094
0050507E 75 08 JNZ SHORT 00505088
00505080 8B45 F4 MOV EAX,[EBP-C]
00505083 8945 F8 MOV [EBP-8],EAX
00505086 EB 08 JMP SHORT 00505090
00505088 FF45 F4 INC DWORD PTR [EBP-C]
0050508B FF4D F0 DEC DWORD PTR [EBP-10]
0050508E ^ 75 C6 JNZ SHORT 00505056
00505032 64:FF30 PUSH DWORD PTR FS:[EAX]
00505035 64:8920 MOV FS:[EAX],ESP
00505038 C745 F8 FFFFFFF>MOV DWORD PTR [EBP-8],-1
0050503F A1 50185A00 MOV EAX,[5A1850]
00505044 8B00 MOV EAX,[EAX]
00505046 48 DEC EAX
00505047 85C0 TEST EAX,EAX
00505049 7C 45 JL SHORT 00505090
0050504B 40 INC EAX
0050504C 8945 F0 MOV [EBP-10],EAX
0050504F C745 F4 0000000>MOV DWORD PTR [EBP-C],0
00505056 8D45 EC LEA EAX,[EBP-14]
00505059 8B55 F4 MOV EDX,[EBP-C]
[005A1850]=0064291C
0064291C=A6
0055692A E8 65E7EAFF CALL 00405094
0055692F 75 16 JNZ SHORT 00556947
0058ED80 55 PUSH EBP
0058ED81 8BEC MOV EBP,ESP
...
0058EDBE 8B15 C8115A00 MOV EDX,[5A11C8] ; main_dat.00624158
0058EDC4 8B12 MOV EDX,[EDX]
0058EDC6 A1 041F5A00 MOV EAX,[5A1F04]
0058EDCB B9 0CEE5800 MOV ECX,0058EE0C ; ASCII "setting\牛妹_3\"
0058EDD0 E8 C761E7FF CALL 00404F9C
0058EDD5 E8 AA6EFBFF CALL 00545C84
0058EDDA 33C0 XOR EAX,EAX
0058ED80
80 ed 58 00
00545C84 55 PUSH EBP
00545C85 8BEC MOV EBP,ESP
00545C87 B9 62000000 MOV ECX,62
00545C8C 6A 00 PUSH 0
00545C8E 6A 00 PUSH 0
00545C90 49 DEC ECX
00545C91 ^ 75 F9 JNZ SHORT 00545C8C
00545C93 51 PUSH ECX
00545C94 33C0 XOR EAX,EAX
00545C96 55 PUSH EBP
00545C97 68 B35F5400 PUSH 00545FB3
00545C9C 64:FF30 PUSH DWORD PTR FS:[EAX]
00545C9F 64:8920 MOV FS:[EAX],ESP
00545CA2 33C0 XOR EAX,EAX
00545CA4 8985 24FEFFFF MOV [EBP-1DC],EAX
00545CAA A1 50185A00 MOV EAX,[5A1850]
00545CAF 33D2 XOR EDX,EDX
00545CB1 8910 MOV [EAX],EDX
00545CB3 FF15 B0084000 CALL [4008B0]
00545CB9 8B12 MOV EDX,[EDX]
00545CBB 8D85 18FEFFFF LEA EAX,[EBP-1E8]
00545CC1 B9 C85F5400 MOV ECX,00545FC8 ; ASCII "NpcSet.ini"
0052601C 6B45 F0 43 IMUL EAX,[EBP-10],43
00526020 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
00526026 807C82 2F 01 CMP BYTE PTR [EDX+EAX*4+2F],1 ; 比较是不是人在打你
0064280C 20 0C 68 1A 08 B4 F8 B5 B6 BB A4 CE C0 5C BC 74 .h...?...卫\剪
0064281C C3 FB A1 EF CD F5 B3 AF 28 C9 B3 B0 CD BF CB 29 名.锿醭?沙.涂?
0064282C 5C 5B C8 CB C8 CB B0 AE 20 B5 C4 D5 C9(18)07 00 \[人人.?的丈...
User-defined comments
Address Disassembly Comment
004A4E61 MOV EAX,[EBP-14] 循环判断怪物属性
004A4E7E MOV EDX,[EBP-4] 00610438
004A4E95 MOV ECX,[EBP-4] 00610438
004A4EA9 MOV ECX,[EBP-8] 0061A078
004A4EAC MOV [ECX+EDX],AL 保存怪物类型
004CD5CC MOV EAX,[5A188C] 012DEE67
004CD5D6 MOV EDX,[5A1EA4] 012DEE6B
004CD5E8 JE SHORT 004CD646 pass
004CE16F MOV EAX,004CE524 发现怪物变成宝宝。停止攻击
004CE1C7 MOV EAX,004CE548 发现对方名字变白,停止攻击
004CE474 MOV EAX,004CE594 连续攻击发现对方不掉血
004CF5F1 MOV EAX,[5A149C] 012DEBD6
004CF5FC MOV EDX,[5A20D4] 012DEBEB
004CF606 JE SHORT 004CF61F pass
004D8F43 MOV DWORD PTR [EAX],-1 11111111begin
004D90B4 MOV EAX,[5A0720] 第3个数
004D90C0 MOV EDX,[5A0F64] 12dec54
004D90CA MOV EDX,[5A17AC] 12dec50
004D90D2 CMP EAX,[EDX] edx=12dec50
004D90FA MOV EAX,[5A1BE0] leb2
004D90FF INC DWORD PTR [EAX] +++++222222222
004DFB1E CALL 00405094 比较是不是stop
004EA253 MOV EAX,[5A1B58] 012DEE56
004EA264 MOV EDX,[EDX] 012DEE88
004EA268 JE SHORT 004EA273 pass
004EF73D MOV AL,[EAX+95] 保存0x95
004EF754 MOV EDX,[5A1C04] !!!!!!!!!!
004EF782 MOV EAX,[EBP-C] leb2
004EFA55 MOV EAX,[5A0AA4] 012DEE5C
004EFA5F MOV EDX,[5A18C8] 012DEE60
004EFA71 JE SHORT 004EFABB pass
00504FA7 MOV EDX,00505008 带刀护卫
0050A75F MOV DWORD PTR [59F358],-1 buuuuuuuuuuuug!!!
0050A904 CMP DWORD PTR [59F358],0 -1
0050A90D MOV EAX,[59F358] -1
0050A912 CMP EAX,[60B058] 0
0050F8BE MOV EAX,[5A1F70] 012DEB87
0050F8C7 MOV EDX,[5A1544] 012DECC8
0050F8E1 JNZ SHORT 0050F8F4 !!!!!!!
005252B1 CALL 00403188 复制人物名字
005252C2 MOV [EDX+2D],AL 关键1
00525481 CALL 0052F638 人物数据!!!!!!!!
00525E09 MOV EAX,[EBP-24] (Initial CPU selection)
0052600D MOV EAX,0052D5A4 发现卫士在扁你..逃离.
00526026 CMP BYTE PTR [EDX+EAX*4+2F],1 比较是不是人在打你
00526638 PUSH 0052D630 出现
0052695C MOV EDX,0052D670 宝宝:干掉一个
00526A37 MOV EDX,0052D690 被宝宝杀死
00527331 MOV EAX,0052D6E0 物品信息数据丢失!
0052F83C CALL 0052FD80 判断出现的怪物的种类
0052F84B MOV [ECX+EDX*4+2F],AL !!!!!!!!!!写人物
00535D3A CALL 0053AB58 pk
00535D9A CALL 005027C0 打印某某PK
005893F2 CMP AL,[EDX-11] 循环比较内容是否有:
00589459 MOV EAX,005895F8 你对
005894B6 MOV EAX,00589614 /
005894F3 MOV EAX,00589620 _
00589530 MOV EAX,0058962C -
0058979B CALL 00404F50 计算时间长度
005897A6 CALL 00404F50 计算内容长度
005897B6 CMP BYTE PTR [EAX+EDX],5B 0x5b = [
005897CD CALL 005892DC 比较是否是pk
0058E523 CALL 0053AB58 pk
00595BCF MOV EAX,00595CC4 服务器忙
00595BFC MOV EDX,00595CD8 与服务器出现连接错误:
0052E6CE 6A 00 PUSH 0
0052E6D0 B8 60A06100 MOV EAX,0061A060
0052E6D5 8B4D E8 MOV ECX,[EBP-18]
0052E6D8 33D2 XOR EDX,EDX
0052E6DA E8 7161FFFF CALL 00524850 ; 1111111111
0052E6DF ^ E9 41FEFFFF JMP 0052E525
;解码
0052E656 B9 60A06100 MOV ECX,0061A060
0052E65B 8B45 F0 MOV EAX,[EBP-10]
0052E65E 05 1D046100 ADD EAX,0061041D
0052E663 33D2 XOR EDX,EDX
0052E665 E8 9A69F7FF CALL 004A5004
;人物属性
005252B6 8B45 F8 MOV EAX,[EBP-8]
005252B9 8A40 0C MOV AL,[EAX+C]
005252BC 8B15 3C1F5A00 MOV EDX,[5A1F3C] ; main_dat.0064280C
005252C2 8842 2D MOV [EDX+2D],AL ; 关键1
////////////////////////////////////////////////////////////
Call stack of thread 00000858
Address Stack Procedure / arguments Called from Frame
01FFFF3C 004D8459 ? main_dat.004D8E40 main_dat.004D8454 01FFFF38
01FFFF5C 005021ED ? main_dat.004D8350 main_dat.005021E8 01FFFF58
01FFFF74 00423C53 Includes main_dat.005021ED main_dat.00423C50 01FFFF70
004DFA89 8BF9 MOV EDI,ECX
004DFA8B B9 4E000000 MOV ECX,4E
004DFA90 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [E>; 异常!!!!!!!!
004DFA92 A1 BC075A00 MOV EAX,[5A07BC]
004DFA97 66:83B8 3401000>CMP WORD PTR [EAX+134],0
ECX=0000004E (decimal 78.)
DS:[ESI]=[01D5A3A4]=???
ES:[EDI]=[0060B060]=00160000
004DFA75 6B00 27 IMUL EAX,[EAX],27
004DFA78 8B15 341D5A00 MOV EDX,[5A1D34] ; 怀疑地址出错
004DFA7E 8B12 MOV EDX,[EDX]
004DFA80 8B0D BC075A00 MOV ECX,[5A07BC] ; main_dat.0060B060
004DFA86 8D34C2 LEA ESI,[EDX+EAX*8]
004DFA89 8BF9 MOV EDI,ECX
004DFA8B B9 4E000000 MOV ECX,4E
004DFA90 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [E>; 异常!!!!!!!!
004DFA92 A1 BC075A00 MOV EAX,[5A07BC]
20 20 20 20 20 B5 C8 B4 FD 5B 31 30 30 30 5D BA C1 C3 EB 00 1E
Call stack of main thread
Address Stack Procedure / arguments Called from Frame
0012FA74 0040633E main_dat.004061A8 main_dat.00406339 0012FA70
0012FA7C 0050A3BA main_dat.00406334 main_dat.0050A3B5 0012FC18
0012FC1C 0050A576 ? main_dat.0050A154 main_dat.0050A571 0012FC18
0012FC34 00586FEE main_dat.0050A548 main_dat.00586FE9 0012FC30
00406326 8B45 FC MOV EAX,[EBP-4]
00406329 8918 MOV [EAX],EBX
0040632B 5F POP EDI
User-defined comments
Address Disassembly Comment
004A4E61 MOV EAX,[EBP-14] 循环判断怪物属性
004A4E7E MOV EDX,[EBP-4] 00610438
004A4E95 MOV ECX,[EBP-4] 00610438
004A4EA9 MOV ECX,[EBP-8] 0061A078
004A4EAC MOV [ECX+EDX],AL 保存怪物类型
004CD5CC MOV EAX,[5A188C] 012DEE67
004CD5D6 MOV EDX,[5A1EA4] 012DEE6B
004CD5E8 JE SHORT 004CD646 pass
004CE16F MOV EAX,004CE524 发现怪物变成宝宝。停止攻击
004CE1C7 MOV EAX,004CE548 发现对方名字变白,停止攻击
004CE474 MOV EAX,004CE594 连续攻击发现对方不掉血
004CF5F1 MOV EAX,[5A149C] 012DEBD6
004CF5FC MOV EDX,[5A20D4] 012DEBEB
004CF606 JE SHORT 004CF61F pass
004D8F43 MOV DWORD PTR [EAX],-1 11111111begin
004D90B4 MOV EAX,[5A0720] 第3个数
004D90C0 MOV EDX,[5A0F64] 12dec54
004D90CA MOV EDX,[5A17AC] 12dec50
004D90D2 CMP EAX,[EDX] edx=12dec50
004D90FA MOV EAX,[5A1BE0] leb2
004D90FF INC DWORD PTR [EAX] +++++222222222
004DFA78 MOV EDX,[5A1D34] 怀疑地址出错
004DFA80 MOV ECX,[5A07BC] 保存地址
004DFA90 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [E 异常!!!!!!!!
004DFB1E CALL 00405094 比较是不是stop
004EA253 MOV EAX,[5A1B58] 012DEE56
004EA264 MOV EDX,[EDX] 012DEE88
004EA268 JE SHORT 004EA273 pass
004EF73D MOV AL,[EAX+95] 保存0x95
004EF754 MOV EDX,[5A1C04] !!!!!!!!!!
004EF782 MOV EAX,[EBP-C] leb2
004EFA55 MOV EAX,[5A0AA4] 012DEE5C
004EFA5F MOV EDX,[5A18C8] 012DEE60
004EFA71 JE SHORT 004EFABB pass
00504FA7 MOV EDX,00505008 带刀护卫
0050A3B5 CALL 00406334 分配地址!!!!!!!!!!!!
0050A458 CALL 00406334 设置地址!!!!!!!!1
0050A75F MOV DWORD PTR [59F358],-1 buuuuuuuuuuuug!!!
0050A904 CMP DWORD PTR [59F358],0 -1
0050A90D MOV EAX,[59F358] -1
0050A912 CMP EAX,[60B058] 0
0050F8BE MOV EAX,[5A1F70] 012DEB87
0050F8C7 MOV EDX,[5A1544] 012DECC8
0050F8E1 JNZ SHORT 0050F8F4 !!!!!!!
005252B1 CALL 00403188 复制人物名字
005252C2 MOV [EDX+2D],AL 关键1
00525481 CALL 0052F638 人物数据!!!!!!!!
0052600D MOV EAX,0052D5A4 发现卫士在扁你..逃离.
00526026 CMP BYTE PTR [EDX+EAX*4+2F],1 比较是不是人在打你
00526638 PUSH 0052D630 出现
0052695C MOV EDX,0052D670 宝宝:干掉一个
00526A37 MOV EDX,0052D690 被宝宝杀死
00527331 MOV EAX,0052D6E0 物品信息数据丢失!
0052E656 MOV ECX,0061A060 dst
0052E65E ADD EAX,0061041D src
0052E665 CALL 004A5004 解码收到的信息
0052E6DA CALL 00524850 1111111111
0052F83C CALL 0052FD80 判断出现的怪物的种类
0052F84B MOV [ECX+EDX*4+2F],AL !!!!!!!!!!写人物
00535D3A CALL 0053AB58 pk
00535D9A CALL 005027C0 打印某某PK
005893F2 CMP AL,[EDX-11] 循环比较内容是否有:
00589459 MOV EAX,005895F8 你对
005894B6 MOV EAX,00589614 /
005894F3 MOV EAX,00589620 _
00589530 MOV EAX,0058962C -
0058979B CALL 00404F50 计算时间长度
005897A6 CALL 00404F50 计算内容长度
005897B6 CMP BYTE PTR [EAX+EDX],5B 0x5b = [
005897CD CALL 005892DC 比较是否是pk
0058E523 CALL 0053AB58 pk
00595BCF MOV EAX,00595CC4 服务器忙
00595BFC MOV EDX,00595CD8 与服务器出现连接错误:
00595C60 JE SHORT 00595C77 (Initial CPU selection)
016CFAA8 016CFAB0
016CFAAC 016CFACC
016CFAB0 C0000005
016CFAB4 00000000
$+B4 > 00000023
$+B8 > 0060B060 main_dat.0060B060
$+BC > 02294F30
0060B060 0000 ADD [EAX],AL
0060B062 16 PUSH SS
0060B063 0010 ADD [EAX],DL
0060B065 0000 ADD [EAX],AL
0060B067 00A3 00000000 ADD [EBX],AH
016CFAA8 016CFAB0
016CFAAC 016CFACC
016CFAB0 C0000005
016CFAB4 00000000
016CFAB8 00000000
016CFABC 004DFA90 main_dat.004DFA90
016CFAC0 00000002
016CFAC4 00000000
016CFAC8 02294F30
016CFACC 0001003F
016CFAD0 00000000
016CFAD4 00000000
016CFAD8 00000000
016CFADC 00000000
016CFAE0 00000000
016CFAE4 00000000
016CFAE8 FFFF1372
016CFAEC FFFF0120
016CFAF0 FFFFFFFF
016CFAF4 00503762 main_dat.00503762
016CFAF8 040F001B
016CFAFC 016CFDCC
016CFB00 FFFF0023
016CFB04 001D0B4E
016CFB08 00000047
016CFB0C 00470000 main_dat.00470000
016CFB10 BAAC0000
016CFB14 FA980123
016CFB18 77DFB9CC user32.77DFB9CC
016CFB1C 001D0B4E
016CFB20 FD1C0047
016CFB24 00010012 UNICODE "LLUSERSPROFILE=C:\Documents and Settings\All Users"
016CFB28 FC080000
016CFB2C 77DFB9CC user32.77DFB9CC
016CFB30 001D0B4E
016CFB34 FD1C0047
016CFB38 FC080012
016CFB3C BAAC0012
016CFB40 00000000
016CFB44 80000000
016CFB48 00003FFF
016CFB4C 00000000
016CFB50 4006C900
016CFB54 00000000
016CFB58 00000000
016CFB5C 00000038
016CFB60 00000023
016CFB64 00000023
016CFB68 0060B060 main_dat.0060B060
016CFB6C 02294F30
016CFB70 0125E3C0
016CFB74 0226B218
016CFB78 0000004E
016CFB7C 000053A3
016CFB80 016CFEFC
016CFB84 004DFA90 main_dat.004DFA90
016CFB88 0000001B
016CFB8C 00010206 UNICODE "nts and Settings\Administrator"
016CFB90 016CFD98
016CFB94 00000023
016CFB98 01201372
016CFB9C 040F0000
016CFBA0 00503762 main_dat.00503762
016CFBA4 0000001B
016CFBA8 016CFDCC
016CFBAC 00000023
016CFBB0 00001F80
016CFBB4 0000FFFF
016CFBB8 001D0B4E
016CFBBC 00000047
016CFBC0 00000000
016CFBC4 00000000
016CFBC8 00000047
016CFBCC 0123BAAC ASCII "xcJ"
016CFBD0 0000FA98
016CFBD4 00000000
016CFBD8 77DFB9CC user32.77DFB9CC
016CFBDC 001D0B4E
016CFBE0 00000047
016CFBE4 00000000
016CFBE8 0012FD1C
016CFBEC 00000001
016CFBF0 0000FC08
016CFBF4 00000000
016CFBF8 77DFB9CC user32.77DFB9CC
016CFBFC 001D0B4E
016CFC00 00000047
016CFC04 00000000
016CFC08 0012FD1C
016CFC0C 0012FC08
016CFC10 0000BAAC
016CFC14 00000000
016CFC18 00000000
016CFC1C 80000000
016CFC20 00003FFF
016CFC24 00000000
016CFC28 00000000
016CFC2C C9000000
016CFC30 00004006
016CFC34 00000000
016CFC38 0012FC8C
016CFC3C 0044D41F RETURN to main_dat.0044D41F
016CFC40 0012FC8C
016CFC44 0012FC8C
016CFC48 0123BAAC ASCII "xcJ"
016CFC4C 0012FC8C
016CFC50 00000000
016CFC54 00450C7F RETURN to main_dat.00450C7F from main_dat.0044DAFC
016CFC58 00450000 main_dat.00450000
016CFC5C 00000083
016CFC60 0123B7E4
016CFC64 0012FC8C
016CFC68 0044D41F RETURN to main_dat.0044D41F
016CFC6C 00000083
016CFC70 0012FC8C
016CFC74 0123B7E4
016CFC78 0001D7B0
016CFC7C 00000080
016CFC80 00000000
016CFC84 00000001
016CFC88 0012FC68
016CFC8C 00402DA4 main_dat.00402DA4
016CFC90 00402CF8 main_dat.00402CF8
016CFC94 00402D34 main_dat.00402D34
016CFC98 00402D84 main_dat.00402D84
016CFC9C 00000000
016CFCA0 00000000
016CFCA4 00000000
016CFCA8 00000000
016CFCAC 00000000
016CFCB0 00000000
016CFCB4 00000000
016CFCB8 00000000
016CFCBC 775C3A45
016CFCC0 71635C67
016CFCC4 63393931
016CFCC8 7465735C
016CFCCC 676E6974
016CFCD0 6665645C
016CFCD4 746C7561
016CFCD8 63706E5C
016CFCDC 696E692E
016CFCE0 00000000
016CFCE4 00000000
016CFCE8 00000000
016CFCEC 00000000
016CFCF0 00000000
016CFCF4 00000000
016CFCF8 00000000
016CFCFC 00000000
016CFD00 00000000
016CFD04 00000000
016CFD08 00000000
016CFD0C 00000000
016CFD10 00000000
016CFD14 00000000
016CFD18 00000000
016CFD1C 0012FC00
016CFD20 004502B0 RETURN to main_dat.004502B0 from main_dat.0044D294
016CFD24 00000000
016CFD28 00000000
016CFD2C 00000000
016CFD30 00000000
016CFD34 0012FD90
016CFD38 0012FD90
016CFD3C 01230684
016CFD40 0044D1EF RETURN to main_dat.0044D1EF
016CFD44 0043E2F4 main_dat.0043E2F4
016CFD48 0012FC6C
016CFD4C 0044D16B RETURN to main_dat.0044D16B
016CFD50 0012FC0C
016CFD54 0012FC08
016CFD58 00000000
016CFD5C 00000000
016CFD60 00000000
016CFD64 00000000
016CFD68 0012FC34
016CFD6C 0122D15C
016CFD70 0122D101
016CFD74 0044D05D RETURN to main_dat.0044D05D from main_dat.0044D0F4
016CFD78 0012FC38
016CFD7C 0012FC70
016CFD80 0122D15C
016CFD84 00000000
016CFD88 0044D780 RETURN to main_dat.0044D780 from main_dat.0044D034
016CFD8C 00000288
016CFD90 00000099
016CFD94 00000288
016CFD98 016CFF04 Pointer to next SEH record
016CFD9C 004DFF47 SE handler
016CFDA0 016CFEFC
016CFDA4 0012FA34
016CFDA8 77DFBA44 RETURN to user32.77DFBA44 from user32.77DF48C4
016CFDAC 0125E3C0
016CFDB0 00000000
016CFDB4 00000000
Log data, item 187
Address=004DFA90
Message=Access violation when reading [02294F30]
Log data, item 1
Address=0050A416
Message=Access violation when writing to [015D60B0]
004DFA8B B9 4E000000 MOV ECX,4E
004DFA90 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [ESI] ; 异常!!!!!!!!
004DFA92 A1 BC075A00 MOV EAX,[5A07BC]
004DFA97 66:83B8 3401000>CMP WORD PTR [EAX+134],0
0050A411 B9 4E000000 MOV ECX,4E
0050A416 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [ESI] ; 异常!!!!!!!!
0050A418 6B05 58B06000 0>IMUL EAX,[60B058],0B
004E94D4 A1 08185A00 MOV EAX,[5A1808]
004E94D9 8B00 MOV EAX,[EAX]
004E94DB 8B15 581B5A00 MOV EDX,[5A1B58] ; main_dat.005A90F4
004E94E1 3B02 CMP EAX,[EDX]
004E94E3 74 17 JE SHORT 004E94FC
004E94E5 A1 581B5A00 MOV EAX,[5A1B58]
004E94EA 8B00 MOV EAX,[EAX]
004E94EC 8A00 MOV AL,[EAX]
004E94EE 34 2E XOR AL,2E
004E94F0 8B15 08185A00 MOV EDX,[5A1808] ; main_dat.005A91BC
004E94F6 8B12 MOV EDX,[EDX]
004E94F8 3A02 CMP AL,[EDX]
004E94FA 74 0B JE SHORT 004E9507
004E94FC A1 A01E5A00 MOV EAX,[5A1EA0]
004E9501 C700 02000000 MOV DWORD PTR [EAX],2
004E9507 A1 100E5A00 MOV EAX,[5A0E10]
004E950C 33D2 XOR EDX,EDX
004E950E 8910 MOV [EAX],EDX
004E9510 C745 EC 0400000>MOV DWORD PTR [EBP-14],4
004E9517 A1 EC1C5A00 MOV EAX,[5A1CEC]
004E94D4 A1 08185A00 MOV EAX,[5A1808]
004E94D9 8B00 MOV EAX,[EAX]
004E94DB 8B15 581B5A00 MOV EDX,[5A1B58] ; main_dat.005A90F4
004E94E1 3B02 CMP EAX,[EDX]
DS:[005A90F4]=0130A806
EAX=0130A838
0050A3AF 8B15 60245000 MOV EDX,[502460] ; main_dat.00502464
0050A3B5 E8 7ABFEFFF CALL 00406334 ; 分配地址!!!!!!!!!!!!
0050A3BA 83C4 04 ADD ESP,4
004DFA70 A1 E01B5A00 MOV EAX,[5A1BE0]
004DFA75 6B00 27 IMUL EAX,[EAX],27
004DFA78 8B15 341D5A00 MOV EDX,[5A1D34] ; 怀疑地址出错
004DFA7E 8B12 MOV EDX,[EDX]
004DFA80 8B0D BC075A00 MOV ECX,[5A07BC] ; 保存地址
004DFA86 8D34C2 LEA ESI,[EDX+EAX*8] ; esi出错
004D90F2 8B15 A41C5A00 MOV EDX,[5A1CA4] ; main_dat.0059FD70
004D90F8 8902 MOV [EDX],EAX
004E2B40 A1 5C155A00 MOV EAX,[5A155C]
004E2B45 8B00 MOV EAX,[EAX]
004E2B47 BA 80808000 MOV EDX,808080
004E2B4C E8 277D0200 CALL 0050A878
004E2B51 EB 11 JMP SHORT 004E2B64
004E2B53 A1 5C155A00 MOV EAX,[5A155C]
0050A8CF A3 4CAD6000 MOV [60AD4C],EAX
0050A8D4 837D FC 00 CMP DWORD PTR [EBP-4],0
00585BB8 8B15 B4145A00 MOV EDX,[5A14B4] ; main_dat.0060AD4C
00585BBE 8B12 MOV EDX,[EDX]
00585BC0 33C9 XOR ECX,ECX
00585BC2 E8 F9CBF7FF CALL 005027C0
DS:[0060AD4C]=00808080
EDX=0060AD4C (main_dat.0060AD4C)
004D8FCC A1 480C5A00 MOV EAX,[5A0C48]
004D8FD1 8338 00 CMP DWORD PTR [EAX],0 ; -1
004D8FD4 7C 7B JL SHORT 004D9051
20:23:33 OK
20:23:33 当前脚本:边打边走到(抉择之地,271,107)
20:23:34 OK
20:23:34 当前脚本:边打边走到(抉择之地,240,95)
005184E9 8B15 701E5A00 MOV EDX,[5A1E70] ; main_dat.0073B3B0
005184EF 8B4482 18 MOV EAX,[EDX+EAX*4+18]
005184F3 3B45 FC CMP EAX,[EBP-4] ; main_dat.00750013
005184F6 75 08 JNZ SHORT 00518500
005184F8 8B45 F4 MOV EAX,[EBP-C]
Log data, item 1
Address=004A0AE5
Message=Access violation when reading [00642B3D]
Log data, item 29
Address=004DFA90
Message=Access violation when reading [01F0B0A4]
DS:[0059F358]=0000022E
004DFA62 A1 E01B5A00 MOV EAX,[5A1BE0]
0052F82E 8B95 D4FEFFFF MOV EDX,[EBP-12C]
0052F834 33C0 XOR EAX,EAX
0052F836 8A85 09FFFFFF MOV AL,[EBP-F7]
0052F83C E8 3F050000 CALL 0052FD80 ; 判断出现的怪物的种类,edx=出现的怪物名字
0052F841 6B55 FC 43 IMUL EDX,[EBP-4],43
0052F845 8B0D 8C0B5A00 MOV ECX,[5A0B8C] ; main_dat.00635594
0052F84B 884491 2F MOV [ECX+EDX*4+2F],AL ; !!!!!!!!!!写人物al=1(怪物)2(人物)3(NPC)
0052F84F 6B45 FC 43 IMUL EAX,[EBP-4],43
0052F853 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0052F859 807C82 2F 00 CMP BYTE PTR [EDX+EAX*4+2F],0
0052F85E 75 3A JNZ SHORT 0052F89A
0052F860 6B45 FC 43 IMUL EAX,[EBP-4],43
0035ADD0 C3 RETN
0035ADD1 FF35 34F35900 PUSH DWORD PTR [59F334] ; main_dat.00502344
0035ADD7 68 9FB75000 PUSH 50B79F
0035ADDC C3 RETN
00400EE0 BC AD 35 00 C3 AD 35 00 CA AD 35 00 D1 AD 35 00 ?5.?5.?5.?5.
00400EF0 DD AD 35 00 E4 AD 35 00 EB AD 35 00 F2 AD 35 00 ?5.?5.?5.?5.
400EEC
0052F7F7 FF15 08054000 CALL [400508]
CALL [400EEC]
EC0E4000
0050B799 - FF25 EC0E4000 JMP [400EEC]
0035ADD0 C3 RETN
0035ADD1 FF35 34F35900 PUSH DWORD PTR [59F334] ; main_dat.00502344
0035ADD7 68 9FB75000 PUSH 50B79F
0035ADDC C3 RETN
Stack SS:[0012F6ED]=00
AL=00
0064280C D4 64 44 2C 07 74 65 6D 70 30 32 61 00 00 00 00 凿D,.temp02a....
0064281C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0064282C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 ................
0064283C B2 00 46 01 00 00 00 00 00 00 00 00 06 00 00 00 ..F.............
0064280C D4 64 44 2C 07 74 65 6D 70 30 32 61 00 00 00 00 凿D,.temp02a....
0064281C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0064282C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 ................
0064283C B2 00 46 01 00 00 00 00 00 00 00 00 06 00 00 00 ..F.............
$-FC > 00000000
$-F8 > 00070000
$-F4 > 014600B2
00635594 D4 64 44 2C 07 74 65 6D 70 30 32 61 00 00 00 00 凿D,.temp02a....
006355A4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
006355B4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 01 ................
006355C4 B2 00 46 01 00 00 00 00 00 00 00 00 06 00 00 00 ..F.............
004D90EF 83C0 0C ADD EAX,0C
004D90F2 8B15 A41C5A00 MOV EDX,[5A1CA4] ; main_dat.0059FD70
004D90F8 8902 MOV [EDX],EAX
004E82F2 8B00 MOV EAX,[EAX]
004E82F4 48 DEC EAX
004E82F5 85C0 TEST EAX,EAX
004E82F7 7C 4E JL SHORT 004E8347
MOV EAX,[EAX]
DEC EAX
<抉择之地>
let k1=88
边打边走到(抉择之地,16,163)
边打边走到(抉择之地,69,63)0x22c
边打边走到(抉择之地,119,32)0x22d
边打边走到(抉择之地,117,174)0x22e
边打边走到(抉择之地,102,223)0x22f
边打边走到(抉择之地,163,234)0x230
边打边走到(抉择之地,119,139)
边打边走到(抉择之地,183,113)
边打边走到(抉择之地,215,127)
边打边走到(抉择之地,191,274)
边打边走到(抉择之地,237,242)
边打边走到(抉择之地,278,206)
边打边走到(抉择之地,271,107)
边打边走到(抉择之地,240,95)
跳转到标记<抉择之地>
send
CALL 004A579C
004BACAB 50 PUSH EAX
004BACAC E8 EBAAFEFF CALL <JMP.&wsock32.send>
004BACB1 8BC8 MOV ECX,EAX
004BADFA 50 PUSH EAX
004BADFB E8 9CA9FEFF CALL <JMP.&wsock32.send>
004BAE00 8945 F8 MOV [EBP-8],EAX
01EF9FC8
01EF9FC8
2
call 004BAC18 55 PUSH EBP
004C757B E8 2038FFFF CALL 004BADA0
Call stack of thread 0000092C
Address Stack Procedure / arguments Called from Frame
016CFF00 004D9159 ? main_dat.004DFA3C main_dat.004D9154 016CFEFC
016CFF3C 004D8459 ? main_dat.004D8E40 main_dat.004D8454 016CFF38
016CFF5C 005021ED ? main_dat.004D8350 main_dat.005021E8 016CFF58
016CFF74 00423C53 Includes main_dat.005021ED main_dat.00423C50 016CFF70
[005A937C]=0125DEBC
Call stack of thread 0000092C
Address Stack Procedure / arguments Called from Frame
016CFD14 004061A5 main_dat.00406454 main_dat.004061A0 016CFD48
016CFD18 004061DC main_dat.004061A0 main_dat.004061D7 016CFD48
016CFD4C 0040633E main_dat.004061A8 main_dat.00406339 016CFD48
016CFD50 016CFD58 Arg1 = 016CFD58
016CFD54 0050A78B main_dat.00406334 main_dat.0050A786 016CFD6C
016CFD5C 0050A559 main_dat.0050A72C main_dat.0050A554 016CFD6C
016CFD70 004E20D1 ? main_dat.0050A548 main_dat.004E20CC 016CFD6C
016CFD98 004E1CBC ? main_dat.004E1F24 main_dat.004E1CB7 016CFD94
016CFDD4 004E069F ? main_dat.004E19FC main_dat.004E069A 016CFDD0
016CFE4C 004D89D5 ? main_dat.004E027C main_dat.004D89D0 016CFE48
016CFF3C 004D8443 ? main_dat.004D84A8 main_dat.004D843E 016CFF38
016CFF5C 005021ED ? main_dat.004D8350 main_dat.005021E8 016CFF58
016CFF74 00423C53 Includes main_dat.005021ED main_dat.00423C50 016CFF70
Call stack of main thread
Address Stack Procedure / arguments Called from Frame
0012FE3C 004BA577 Includes main_dat.004BB130 main_dat.004BA574 0012FE48
0012FE4C 004BB0FC Includes main_dat.004BA577 main_dat.004BB0F9 0012FE48
0012FE70 0042517E Includes main_dat.004BB0FC main_dat.0042517C 0012FE6C
0012FE88 77E1A420 Includes main_dat.0042517E user32.77E1A41D 0012FE84
0012FEA8 77DF4605 user32.77E1A408 user32.77DF4600 0012FEA4
0012FF34 77DF5B77 user32.77DF4321 user32.77DF5B72 0012FF30
0012FF40 0046BE3C <JMP.&user32.DispatchMessageA> main_dat.0046BE37 0012FFA8
0012FF44 0012FF5C pMsg = WM_USER+1 hw = 31055C (class="TPUtilWindow") wParam = 1B0 lParam = 2
0012FF58 0046BE73 main_dat.0046BDB4 main_dat.0046BE6E 0012FFA8
0012FF7C 0046C093 main_dat.0046BE64 main_dat.0046C08E 0012FFA8
0012FFAC 008055BA main_dat.0046BFF8 main_dat.<ModuleEntryPoint>+ 0012FFA8
021E000C
021E000C
0220A204
021FC6A4 x
022351C4
0224A5A4
004020AC 8BF0 MOV ESI,EAX
004020AE BF 10365A00 MOV EDI,005A3610
004020B3 BD 14365A00 MOV EBP,005A3614
004020B8 8B1D 08365A00 MOV EBX,[5A3608]
004020BE 3B73 08 CMP ESI,[EBX+8]
004020C1 0F8E 84000000 JLE 0040214B
DS:[02248AF8]=00000004
ESI=000004EC
005021D9 E8 3A60FFFF CALL 004F8218
005021DE A1 58075A00 MOV EAX,[5A0758]
005021E3 8338 00 CMP DWORD PTR [EAX],0
005021E6 74 05 JE SHORT 005021ED
005021E8 E8 6361FDFF CALL 004D8350
005021ED 833D B89F6000 0>CMP DWORD PTR [609FB8],5
005021F4 7C 0B JL SHORT 00502201
005021F6 A1 B89F6000 MOV EAX,[609FB8]
005021FB 50 PUSH EAX
005021FC E8 47C3F0FF CALL <JMP.&kernel32.Sleep>
00502201 A1 68145A00 MOV EAX,[5A1468]
00502206 8338 00 CMP DWORD PTR [EAX],0
00502209 75 0A JNZ SHORT 00502215
0050220B A1 A0235A00 MOV EAX,[5A23A0]
00502210 8338 00 CMP DWORD PTR [EAX],0
00502213 ^ 75 C4 JNZ SHORT 005021D9
00502215 A1 A8165A00 MOV EAX,[5A16A8]
0050221A 8338 00 CMP DWORD PTR [EAX],0
0050221D 74 1F JE SHORT 0050223E
VirtualFree
GlobalFree
LocalAlloc
0040181C 8941 04 MOV [ECX+4],EAX
0040181F 8B35 E4355A00 MOV ESI,[5A35E4]
00401825 EB 38 JMP SHORT 0040185F
00401827 8B5E 08 MOV EBX,[ESI+8]
0040182A 8B7E 0C MOV EDI,[ESI+C]
0040182D 03FB ADD EDI,EBX
0040182F 3B1C24 CMP EBX,[ESP]
00401832 73 03 JNB SHORT 00401837
00401834 8B1C24 MOV EBX,[ESP]
00401837 3BEF CMP EBP,EDI
00401839 73 02 JNB SHORT 0040183D
0040183B 8BFD MOV EDI,EBP
0040183D 3BFB CMP EDI,EBX
0040183F 76 1C JBE SHORT 0040185D
00401841 68 00400000 PUSH 4000
00401846 2BFB SUB EDI,EBX
00401848 57 PUSH EDI
00401849 53 PUSH EBX
0040184A E8 ADFBFFFF CALL <JMP.&kernel32.VirtualFree>
0040184F 85C0 TEST EAX,EAX
00401851 75 0A JNZ SHORT 0040185D
00401853 C705 C0355A00 0>MOV DWORD PTR [5A35C0],2
0040185D 8B36 MOV ESI,[ESI]
0040185F 81FE E4355A00 CMP ESI,005A35E4
00401865 ^ 75 C0 JNZ SHORT 00401827
00401867 5A POP EDX
Call stack of thread 00000A48
Address Stack Procedure / arguments Called from Frame
01EAFC18 00401A57 main_dat.004017F0 main_dat.00401A52
01EAFC3C 00401E72 main_dat.00401A24 main_dat.00401E6D
01EAFC5C 00401F22 main_dat.00401E0C main_dat.00401F1D
01EAFC6C 00402495 main_dat.00401EBC main_dat.00402490
01EAFC90 00401D39 main_dat.0040232C main_dat.00401D34
01EAFC94 0040257C main_dat.00401D18 main_dat.00402577
01EAFCB0 004026F1 main_dat.004024D0 main_dat.004026EC
01EAFCD4 004027B7 main_dat.004026A0 main_dat.004027B1
01EAFCDC 00406268 main_dat.004027A4 main_dat.00406263 01EAFD0C
01EAFD10 0040633E main_dat.004061A8 main_dat.00406339 01EAFD0C
01EAFD14 01EAFD1C Arg1 = 01EAFD1C
01EAFD18 00503D11 main_dat.00406334 main_dat.00503D0C 01EAFDD8
01EAFDDC 004DA79D ? main_dat.00503C84 main_dat.004DA798 01EAFDD8
01EAFE4C 004D8C84 ? main_dat.004D9F48 main_dat.004D8C7F 01EAFE48
Call stack of thread 00000A48
Address Stack Procedure / arguments Called from Frame
01EAFC18 00401A57 main_dat.004017F0 main_dat.00401A52
01EAFC3C 00401E72 main_dat.00401A24 main_dat.00401E6D
01EAFC5C 00401F22 main_dat.00401E0C main_dat.00401F1D
01EAFC6C 00402495 main_dat.00401EBC main_dat.00402490
01EAFC90 00401D39 main_dat.0040232C main_dat.00401D34
01EAFC94 0040257C main_dat.00401D18 main_dat.00402577
01EAFCB0 004026F1 main_dat.004024D0 main_dat.004026EC
01EAFCD4 004027B7 main_dat.004026A0 main_dat.004027B1
01EAFCDC 00406268 main_dat.004027A4 main_dat.00406263 01EAFD0C
01EAFD10 0040633E main_dat.004061A8 main_dat.00406339 01EAFD0C
01EAFD14 01EAFD1C Arg1 = 01EAFD1C
01EAFD18 00503D11 main_dat.00406334 main_dat.00503D0C 01EAFDD8
01EAFDDC 004DA79D ? main_dat.00503C84 main_dat.004DA798 01EAFDD8
01EAFE4C 004D8C84 ? main_dat.004D9F48 main_dat.004D8C7F 01EAFE48
0050F8B6 A1 EC1C5A00 MOV EAX,[5A1CEC]
0050F8BB 8338 00 CMP DWORD PTR [EAX],0
0050F8BE A1 701F5A00 MOV EAX,[5A1F70] ; 012DEB87
0050F8C3 8B00 MOV EAX,[EAX]
0050F8C5 8A00 MOV AL,[EAX]
0050F8C7 8B15 44155A00 MOV EDX,[5A1544] ; 012DECC8
0050F8CD 8B12 MOV EDX,[EDX]
0050F8CF 3202 XOR AL,[EDX]
0050F8D1 25 FF000000 AND EAX,0FF
0050F8D6 83E8 42 SUB EAX,42
0050F8D9 8B15 EC1C5A00 MOV EDX,[5A1CEC] ; main_dat.0059FDC8
0050F8DF 3B02 CMP EAX,[EDX]
0050F8E1 75 11 JNZ SHORT 0050F8F4 ; !!!!!!!
0050F8E3 A1 700B5A00 MOV EAX,[5A0B70]
0050F8E8 8BF8 MOV EDI,EAX
0050F8EA 8D75 C8 LEA ESI,[EBP-38]
0050F8ED B9 0E000000 MOV ECX,0E
0050F8F2 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [E>
004D843A /74 1F JE SHORT 004D845B
004D843C |EB 22 JMP SHORT 004D8460
004D843E |E8 65000000 CALL 004D84A8 ; !!!!vxxxxxxxxx
004D8443 |A1 64235A00 MOV EAX,[5A2364]
004D8448 |8338 00 CMP DWORD PTR [EAX],0
004D844B |75 13 JNZ SHORT 004D8460
004D844D |E8 FA640300 CALL 0050E94C
005021CD A1 24F35900 MOV EAX,[59F324]
005021D2 A3 B89F6000 MOV [609FB8],EAX
005021D7 EB 32 JMP SHORT 0050220B
005021D9 E8 3A60FFFF CALL 004F8218
005021DE A1 58075A00 MOV EAX,[5A0758]
005021E3 8338 00 CMP DWORD PTR [EAX],0
005021E6 74 05 JE SHORT 005021ED
005021E8 E8 6361FDFF CALL 004D8350 ; !!!!!!!!!vx222222
005021ED 833D B89F6000 0>CMP DWORD PTR [609FB8],5
005021F4 7C 0B JL SHORT 00502201
005021F6 A1 B89F6000 MOV EAX,[609FB8]
005021FB 50 PUSH EAX
005021FC E8 47C3F0FF CALL <JMP.&kernel32.Sleep>
00502201 A1 68145A00 MOV EAX,[5A1468]
00401F1B 8BC7 MOV EAX,EDI
00401F1D E8 EAFEFFFF CALL 00401E0C
00401F22 84C0 TEST AL,AL
00401F24 75 17 JNZ SHORT 00401F3D
00401D17 C3 RETN
00401D18 FF05 B0355A00 INC DWORD PTR [5A35B0]
00401D1E 8BD0 MOV EDX,EAX
00401D20 83EA 04 SUB EDX,4
00401D23 8B12 MOV EDX,[EDX]
00401D25 81E2 FCFFFF7F AND EDX,7FFFFFFC
00401D2B 83EA 04 SUB EDX,4
00401D2E 0115 B4355A00 ADD [5A35B4],EDX
00401D34 E8 F3050000 CALL 0040232C
00401D39 C3 RETN
00401D3A 8BC0 MOV EAX,EAX
00503CBD E8 E6F6EFFF CALL 004033A8
00503CC2 8945 F8 MOV [EBP-8],EAX
00503CC5 A1 9C135A00 MOV EAX,[5A139C]
00503CCA 8338 00 CMP DWORD PTR [EAX],0
00503CCD 74 45 JE SHORT 00503D14
00503CCF A1 FC0C5A00 MOV EAX,[5A0CFC]
00503CD4 8B00 MOV EAX,[EAX]
00503CD6 33C9 XOR ECX,ECX
00503CD8 BA 6C023700 MOV EDX,37026C
00503CDD E8 6AEDFFFF CALL 00502A4C
00503CE2 85C0 TEST EAX,EAX
00503CE4 74 2E JE SHORT 00503D14
00503CE6 A1 9C135A00 MOV EAX,[5A139C]
37026C = 3605100
3605100 / 3600 x 1000
1个小时
00503CCA 8338 00 CMP DWORD PTR [EAX],0
00503CCD EB 45 JMP SHORT 00503D14
00503CCF A1 FC0C5A00 MOV EAX,[5A0CFC]
005828F6 8B45 E8 MOV EAX,[EBP-18]
005828F9 8A40 05 MOV AL,[EAX+5]
005828FC 8B15 38125A00 MOV EDX,[5A1238] ; main_dat.00737260
00582902 8A92 D3070000 MOV DL,[EDX+7D3]
00582908 8B0D 38125A00 MOV ECX,[5A1238] ; main_dat.00737260
0058290E 3291 DD070000 XOR DL,[ECX+7DD]
00582914 32C2 XOR AL,DL
00582916 25 FF000000 AND EAX,0FF
0058291B 8B15 38125A00 MOV EDX,[5A1238] ; main_dat.00737260
00582921 0FB692 C9070000 MOVZX EDX,BYTE PTR [EDX+7C9]
00582928 2BD0 SUB EDX,EAX
0058292A 8955 F4 MOV [EBP-C],EDX
0058292D 837D F4 00 CMP DWORD PTR [EBP-C],0
00582931 74 0B JE SHORT 0058293E
00582933 A1 9C135A00 MOV EAX,[5A139C]
00582938 C700 FFFFFFFF MOV DWORD PTR [EAX],-1
0058293E 833D E0E27300 0>CMP DWORD PTR [73E2E0],0
00582945 75 0C JNZ SHORT 00582953
00582947 E8 7080F2FF CALL <JMP.&winmm.timeGetTime>
0058294C A3 E0E27300 MOV [73E2E0],EAX
005865F9 A1 38125A00 MOV EAX,[5A1238]
005865FE 8A80 D5070000 MOV AL,[EAX+7D5]
00586604 8B15 38125A00 MOV EDX,[5A1238] ; main_dat.00737260
0058660A 3282 DF070000 XOR AL,[EDX+7DF]
00586610 8B55 F0 MOV EDX,[EBP-10]
00586613 3242 0A XOR AL,[EDX+A]
00586616 25 FF000000 AND EAX,0FF
0058661B 8B15 38125A00 MOV EDX,[5A1238] ; main_dat.00737260
00586621 0FB692 CB070000 MOVZX EDX,BYTE PTR [EDX+7CB]
00586628 2BD0 SUB EDX,EAX
0058662A 8955 F4 MOV [EBP-C],EDX
0058662D 837D F4 00 CMP DWORD PTR [EBP-C],0
00586631 74 12 JE SHORT 00586645
00586633 8B45 F4 MOV EAX,[EBP-C]
00586636 B9 32000000 MOV ECX,32
0058663B 99 CDQ
0058663C F7F9 IDIV ECX
0058663E A1 581C5A00 MOV EAX,[5A1C58]
00586643 8910 MOV [EAX],EDX
00586645 A1 F4055A00 MOV EAX,[5A05F4]
0058664A 8338 00 CMP DWORD PTR [EAX],0
0058664D 74 15 JE SHORT 00586664
00586598 A1 10165A00 MOV EAX,[5A1610]
0058659D 8338 00 CMP DWORD PTR [EAX],0
005865A0 0F84 9F000000 JE 00586645
00586598 A1 10165A00 MOV EAX,[5A1610]
0058659D 8338 00 CMP DWORD PTR [EAX],0
005865A0 0F84 9F000000 JE 00586645
005865A6 |8B45 F8 MOV EAX,[EBP-8]
005865A9 |B9 509E1B00 MOV ECX,1B9E50
005865AE |99 CDQ
005865AF |F7F9 IDIV ECX
005865B1 |81C2 E808DC00 ADD EDX,0DC08E8
005865B7 |A1 D41F5A00 MOV EAX,[5A1FD4]
005865BC |8B00 MOV EAX,[EAX]
005865BE |8B4D F8 MOV ECX,[EBP-8]
005865C1 |E8 86C4F7FF CALL 00502A4C
005865C6 |85C0 TEST EAX,EAX
005865C8 |74 7B JE SHORT 00586645
005865CA |A1 48E27300 MOV EAX,[73E248]
DC08E8 = 14420200
14420200 / 3600 x 1000
4个小时
0058A112 A1 1C0F5A00 MOV EAX,[5A0F1C]
0058A117 8078 06 00 CMP BYTE PTR [EAX+6],0
0058A11B 75 17 JNZ SHORT 0058A134
0058A11D A1 48E27300 MOV EAX,[73E248]
004DC2D8 8B15 2C0F5A00 MOV EDX,[5A0F2C] ; main_dat.0062BBA1
004DC2DE 3202 XOR AL,[EDX]
004DC2E0 25 FF000000 AND EAX,0FF
00580615 F7F9 IDIV ECX
00580617 81C2 EECBA400 ADD EDX,0A4CBEE
0058061D A1 900B5A00 MOV EAX,[5A0B90]
00580622 8B00 MOV EAX,[EAX]
00580624 33C9 XOR ECX,ECX
00580626 E8 2124F8FF CALL 00502A4C
0058062B 85C0 TEST EAX,EAX
0A4CBEE = 3个小时
004FA22C A1 FC105A00 MOV EAX,[5A10FC]
004FA231 8B00 MOV EAX,[EAX]
004FA233 33C9 XOR ECX,ECX
004FA235 BA 10046E00 MOV EDX,006E0410
004FA23A E8 0D880000 CALL 00502A4C
004FA23F 85C0 TEST EAX,EAX
004FA241 74 54 JE SHORT 004FA297
006E0410=2个小时
8B0033C9BA????????E8????????85C0
004FA290 A1 B40A5A00 MOV EAX,[5A0AB4]
004FA295 8910 MOV [EAX],EDX
004FA218 A1 88065A00 MOV EAX,[5A0688]
004FA21D 8038 00 CMP BYTE PTR [EAX],0
004FA220 74 75 JE SHORT 004FA297
004FA222 A1 FC105A00 MOV EAX,[5A10FC]
004FA227 8338 00 CMP DWORD PTR [EAX],0
004FA22A 74 6B JE SHORT 004FA297
004FA22C A1 FC105A00 MOV EAX,[5A10FC]
004FA231 8B00 MOV EAX,[EAX]
004FA233 33C9 XOR ECX,ECX
004FA235 BA 10046E00 MOV EDX,006E0410
004FA23A E8 0D880000 CALL 00502A4C
004FA23F 85C0 TEST EAX,EAX
004FA241 74 54 JE SHORT 004FA297
3小时
00A5917C
0012FDE4 0058062B RETURN to main_dat.0058062B from main_dat.00502A4C
2小时
006E0410
016CFD4C 004FA23F RETURN to main_dat.004FA23F from main_dat.00502A4C
??3小时
00580607 83F8 04 CMP EAX,4
0058060A EB 7F JMP SHORT 0058068B
0058060C 8B45 F8 MOV EAX,[EBP-8]
00580684 A1 5C215A00 MOV EAX,[5A215C]
00623D6C 00 00 00 00 00 00 00 00 01 00 00 00 D2 01 00 00 ............?..
00623D7C FF FF FF FF E8 0B 59 00 1C 10 59 00 FF FF FF FF ....?Y...Y.....
7c3d6200
005A1EE4 7C |
e41e5a00
药2小时
004FA21D 8038 00 CMP BYTE PTR [EAX],0
004FA220 EB 75 JMP SHORT 004FA297
004FA222 A1 FC105A00 MOV EAX,[5A10FC]
4小时
005865C1 E8 86C4F7FF CALL 00502A4C
005865C6 85C0 TEST EAX,EAX
005865C8 EB 7B JMP SHORT 00586645
005865CA A1 48E27300 MOV EAX,[73E248]
///////////////////////////////////////////////////////////////////
2.5小时,经验增加。
经验增加:63716
004CFE6D 8955 E4 MOV [EBP-1C],EDX
004CFE70 817D E4 7427000>CMP DWORD PTR [EBP-1C],2774
004CFE77 EB 53 JMP SHORT 004CFECC
004CFE79 A1 90095A00 MOV EAX,[5A0990]
004CFE7E 8178 18 5034030>CMP DWORD PTR [EAX+18],33450
004CFE85 7E 45 JLE SHORT 004CFECC
004CFE87 55 PUSH EBP
004CFE88 A1 481A5A00 MOV EAX,[5A1A48]
004CFE8D 8B00 MOV EAX,[EAX]
004CFE8F 33C9 XOR ECX,ECX
004CFE91 BA 48628C00 MOV EDX,8C6248
004CFE96 E8 F9FEFFFF CALL 004CFD94
004CFE9B 59 POP ECX
004CFE9C 85C0 TEST EAX,EAX
004CFE9E 74 2C JE SHORT 004CFECC
004CFEA0 E8 17ABFDFF CALL <JMP.&winmm.timeGetTime>
004CFEA5 B9 14000000 MOV ECX,14
004CFEAA 33D2 XOR EDX,EDX
躲避怪物攻击
///////////////////////////////////////////////////////////////////
pk
2.5 小时
没打死的怪物超过313只验证
004DACC7 A1 D0225A00 MOV EAX,[5A22D0]
004DACCC 8138 39010000 CMP DWORD PTR [EAX],139
004DACD2 7E 3B JLE SHORT 004DAD0F
004DACD4 A1 341E5A00 MOV EAX,[5A1E34]
0052FD24 55 PUSH EBP
0052FD25 8BEC MOV EBP,ESP
00526AF4 A1 D0235A00 MOV EAX,[5A23D0]
00526AF9 8B00 MOV EAX,[EAX]
00526AFB 3B45 F4 CMP EAX,[EBP-C]
00526AFE 75 49 JNZ SHORT 00526B49
00526B00 A1 A80A5A00 MOV EAX,[5A0AA8]
00526B05 C700 FFFFFFFF MOV DWORD PTR [EAX],-1
00526B0B A1 0C215A00 MOV EAX,[5A210C]
00526B10 C700 FFFFFFFF MOV DWORD PTR [EAX],-1
00526B16 A1 1C0F5A00 MOV EAX,[5A0F1C]
00526B1B 66:8B40 36 MOV AX,[EAX+36]
00526B1F 8B15 E0095A00 MOV EDX,[5A09E0] ; main_dat.0073B190
00526B25 66:8902 MOV [EDX],AX
00526B28 A1 1C0F5A00 MOV EAX,[5A0F1C]
00526B2D 66:8B40 38 MOV AX,[EAX+38]
00526B31 8B15 E0095A00 MOV EDX,[5A09E0] ; main_dat.0073B190
00526B37 66:8942 02 MOV [EDX+2],AX
00526B3B E8 7C3EF8FF CALL <JMP.&winmm.timeGetTime>
00526B40 8B15 E0095A00 MOV EDX,[5A09E0] ; main_dat.0073B190
00526B46 8942 04 MOV [EDX+4],EAX
00526B49 8B45 F4 MOV EAX,[EBP-C]
00526B4C E8 D3910000 CALL 0052FD24 ;!!!
00526B51 E9 8A680000 JMP 0052D3E0
00526B56 A1 74215A00 MOV EAX,[5A2174]
改
004DACC7 A1 D0225A00 MOV EAX,[5A22D0]
004DACCC 8138 39010000 CMP DWORD PTR [EAX],139
004DACD2 EB 3B JMP SHORT 004DAD0F
004DACD4 A1 341E5A00 MOV EAX,[5A1E34]
///////////////////////////////////////////////////////////////////
ri
004DC2F4 8955 EC MOV [EBP-14],EDX ; cracked
004DC2F7 837D EC 00 CMP DWORD PTR [EBP-14],0
004DC2FB EB 2C JMP SHORT 004DC329
004DC2FD A1 78195A00 MOV EAX,[5A1978]
///////////////////////////////////////////////////////////////////
??
004DD453 A1 38125A00 MOV EAX,[5A1238]
004DD458 05 54130000 ADD EAX,1354
004DD45D 8B00 MOV EAX,[EAX]
004DD45F 35 1A8709FA XOR EAX,FA09871A
004DD464 8B15 8C1B5A00 MOV EDX,[5A1B8C] ; main_dat.00736024
004DD46A 8B92 0C020000 MOV EDX,[EDX+20C]
004DD470 81F2 83000000 XOR EDX,83
004DD476 2BC2 SUB EAX,EDX
004DD478 8945 C8 MOV [EBP-38],EAX
004DD47B 817D C8 2727000>CMP DWORD PTR [EBP-38],2727
004DD482 76 27 JBE SHORT 004DD4AB
004DD484 8B45 C8 MOV EAX,[EBP-38]
004DD487 B9 14000000 MOV ECX,14
改
004DD47B 817D C8 2727000>CMP DWORD PTR [EBP-38],2727
004DD482 EB 27 JMP SHORT 004DD4AB
004DD484 8B45 C8 MOV EAX,[EBP-38]
///////////////////////////////////////////////////////////////////
x
004FF871 6945 FC 1A04000>IMUL EAX,[EBP-4],41A
004FF878 8B0D 38125A00 MOV ECX,[5A1238] ; main_dat.00737260
004FF87E 8D0401 LEA EAX,[ECX+EAX]
004FF881 B9 1A040000 MOV ECX,41A
004FF886 E8 2586F0FF CALL 00407EB0
004FF88B FF45 FC INC DWORD PTR [EBP-4]
004FF88E 837D FC 08 CMP DWORD PTR [EBP-4],8
004FF892 ^ 75 D1 JNZ SHORT 004FF865
004FF894 59 POP ECX
///////////////////////////////////////////////////////////////////
x
005828FC 8B15 38125A00 MOV EDX,[5A1238] ; main_dat.00737260
00582902 8A92 D3070000 MOV DL,[EDX+7D3]
00582908 8B0D 38125A00 MOV ECX,[5A1238] ; main_dat.00737260
0058290E 3291 DD070000 XOR DL,[ECX+7DD]
00582914 32C2 XOR AL,DL
00582916 25 FF000000 AND EAX,0FF
0058291B 8B15 38125A00 MOV EDX,[5A1238] ; main_dat.00737260
00582921 0FB692 C9070000 MOVZX EDX,BYTE PTR [EDX+7C9]
00582928 2BD0 SUB EDX,EAX
0058292A 8955 F4 MOV [EBP-C],EDX
0058292D 837D F4 00 CMP DWORD PTR [EBP-C],0
00582931 74 0B JE SHORT 0058293E
00582933 A1 9C135A00 MOV EAX,[5A139C]
00582938 C700 FFFFFFFF MOV DWORD PTR [EAX],-1
0058293E 833D E0E27300 0>CMP DWORD PTR [73E2E0],0
///////////////////////////////////////////////////////////////////
pk bug
found boss
Found commands
Address Disassembly Comment
0052FA34 CALL 005376C0
0052FADF CALL 005376C0
00530912 CALL 005376C0
00530917 IMUL EDX,[EBP-4],43 (Initial CPU selection)
0053AB58 55 PUSH EBP
0053AB59 8BEC MOV EBP,ESP
0053AB5B 81C4 E8FEFFFF ADD ESP,-118
0053AB61 33D2 XOR EDX,EDX
0053AB63 8995 E8FEFFFF MOV [EBP-118],EDX
0053AB69 8955 EC MOV [EBP-14],EDX
0053AB6C 8955 F0 MOV [EBP-10],EDX
0053AB6F 8945 FC MOV [EBP-4],EAX
0053AB72 33C0 XOR EAX,EAX
0053AB74 55 PUSH EBP
0053AB75 68 41B05300 PUSH 0053B041
0053AB7A 64:FF30 PUSH DWORD PTR FS:[EAX]
0053AB7D 64:8920 MOV FS:[EAX],ESP
0053AB80 6B45 FC 43 IMUL EAX,[EBP-4],43
0053AB84 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0053AB8A C64482 2E 00 MOV BYTE PTR [EDX+EAX*4+2E],0
0053AB8F B8 54B05300 MOV EAX,0053B054 ; pk
0053AB94 E8 7BA4FCFF CALL 00505014
Found commands
Address Disassembly Comment
00535D3A CALL 0053AB58
0058E523 CALL 0053AB58
004DA98D A1 500B5A00 MOV EAX,[5A0B50]
004DA992 8338 00 CMP DWORD PTR [EAX],0
004DA995 75 0D JNZ SHORT 004DA9A4
/////////////////////////////////////////////////////////////
004CFE70 817D E4 7427000>CMP DWORD PTR [EBP-1C],2774
004CFE77 EB 53 JMP SHORT 004CFECC
004CFE79 A1 90095A00 MOV EAX,[5A0990]
005828E2 83F8 06 CMP EAX,6
005828E5 EB 57 JMP SHORT 0058293E
005828E7 8D55 E8 LEA EDX,[EBP-18]
004DD450 8945 E4 MOV [EBP-1C],EAX
004DD453 EB 56 JMP SHORT 004DD4AB
004DD455 90 NOP
004DC2BC /E9 48080000 JMP 004DCB09
004DC2C1 |EB 66 JMP SHORT 004DC329
004DC2C3 |90 NOP
004CFE36 8945 EC MOV [EBP-14],EAX
004CFE39 E9 8E000000 JMP 004CFECC
004CFE3E 90 NOP
Log data, item 2
Address=0050395D
Message=Access violation when reading [00739E4C]
004FF85B C3 RETN
004FF85C 55 PUSH EBP
004FF85D 8BEC MOV EBP,ESP
004FF85F 51 PUSH ECX
004FF860 33C0 XOR EAX,EAX
004FF862 8945 FC MOV [EBP-4],EAX
004FF865 A1 54155A00 MOV EAX,[5A1554]
004FF86A E8 3159F0FF CALL 004051A0
004FF86F 8BD0 MOV EDX,EAX
004FF871 6945 FC 1A04000>IMUL EAX,[EBP-4],41A
004FF878 8B0D 38125A00 MOV ECX,[5A1238] ; main_dat.00737260
004FF87E 8D0401 LEA EAX,[ECX+EAX]
004FF881 B9 1A040000 MOV ECX,41A
004FF886 E8 2586F0FF CALL 00407EB0
004FF88B FF45 FC INC DWORD PTR [EBP-4]
004FF88E 837D FC 08 CMP DWORD PTR [EBP-4],8
004FF892 ^ 75 D1 JNZ SHORT 004FF865
004FF894 59 POP ECX
004FF895 5D POP EBP
004FF896 C3 RETN
0052EF4F A1 1C125A00 MOV EAX,[5A121C]
0052EF54 8338 00 CMP DWORD PTR [EAX],0
0052EF57 0F85 B2060000 JNZ 0052F60F
0052EF5D 833D 7C3D6200 0>CMP DWORD PTR [623D7C],0
0052EF64 0F84 95000000 JE 0052EFFF
005A1EE1 A9 73007C3D TEST EAX,3D7C0073
005A1EE6 6200 BOUND EAX,[EAX]
005A1EE4
e41e5a00
2005-10-10 14:11
0052F634 C3 RETN
0052F635 8D40 00 LEA EAX,[EAX]
0052F638 55 PUSH EBP ; 处理遇到的怪物
0052F639 8BEC MOV EBP,ESP
0052F63B 81C4 C4FEFFFF ADD ESP,-13C
///
;child call
00504F8D 83C0 04 ADD EAX,4
00504F90 BA 00505000 MOV EDX,00505000 ; ASCII 04,"卫士"
00504F95 33C9 XOR ECX,ECX
00504F97 8A08 MOV CL,[EAX]
00504F99 41 INC ECX
00504F9A E8 89E2EFFF CALL 00403228 ; 比较是不是卫士
00504F9F 74 17 JE SHORT 00504FB8
00504FA1 8B45 FC MOV EAX,[EBP-4]
00504FA4 83C0 04 ADD EAX,4
00504FA7 BA 08505000 MOV EDX,00505008
00504FAC 33C9 XOR ECX,ECX
00504FAE 8A08 MOV CL,[EAX]
00504FB0 41 INC ECX
00504FB1 E8 72E2EFFF CALL 00403228 ; 比较是不是带刀护卫
00504FB6 75 21 JNZ SHORT 00504FD9
00504FB8 8D45 F4 LEA EAX,[EBP-C]
00504FBB 8B55 FC MOV EDX,[EBP-4]
///
0052F6D2 8D85 DCFEFFFF LEA EAX,[EBP-124]
0052F6D8 E8 8358FDFF CALL 00504F60 ;up
0052F6DD 85C0 TEST EAX,EAX ; eax=1就是遇到卫士
0052F6DF 0F84 82000000 JE 0052F767
0052F6E5 A1 481B5A00 MOV EAX,[5A1B48]
0052F6EA 8338 00 CMP DWORD PTR [EAX],0
0052F6ED 74 21 JE SHORT 0052F710
0052F6EF A1 1C0F5A00 MOV EAX,[5A0F1C] ; 人物数据
0052F6F4 8078 04 F9 CMP BYTE PTR [EAX+4],0F9 ; 人物数据指针+4=f9(红名)=ff(白名)
0052F6F8 75 16 JNZ SHORT 0052F710
0052F6FA 33C9 XOR ECX,ECX
0052F6FC BA 68FC5200 MOV EDX,0052FC68 ; $ff
0052F701 B8 74FC5200 MOV EAX,0052FC74 ; 红名,遇卫士下线
0052F706 E8 2562FDFF CALL 00505930
0052F7EE E8 154E0000 CALL 00534608
0052F7F3 6B45 FC 43 IMUL EAX,[EBP-4],43
0052F7F7 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0052F7FD 8D3C82 LEA EDI,[EDX+EAX*4]
0052F800 8DB5 DCFEFFFF LEA ESI,[EBP-124] ; 复制栈里的怪物数据到怪物地址
0052F806 B9 43000000 MOV ECX,43
0052F80B F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [E>
0052F80D 6B45 FC 43 IMUL EAX,[EBP-4],43
0052F811 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0052F817 33C9 XOR ECX,ECX
0052F819 894C82 58 MOV [EDX+EAX*4+58],ECX
0052F81D 8D85 D4FEFFFF LEA EAX,[EBP-12C]
0052F823 8D95 E0FEFFFF LEA EDX,[EBP-120]
0052F829 E8 C656EDFF CALL 00404EF4 ; 未知
0052F82E 8B95 D4FEFFFF MOV EDX,[EBP-12C]
0052F834 33C0 XOR EAX,EAX
0052F836 8A85 09FFFFFF MOV AL,[EBP-F7] ; al=2d,遇到卫士
0052F83C E8 3F050000 CALL 0052FD80 ;in
///
;child call up
0052FD9F 64:8920 MOV FS:[EAX],ESP
0052FDA2 8B45 FC MOV EAX,[EBP-4]
0052FDA5 83F8 2D CMP EAX,2D ; eax=2d,遇到卫士
0052FDA8 7F 16 JG SHORT 0052FDC0
0052FDAA 74 47 JE SHORT 0052FDF3
0052FDAC 83E8 02 SUB EAX,2
0052FDAF 72 1E JB SHORT 0052FDCF
0052FDB1 83E8 0A SUB EAX,0A
0052FDB4 74 1F JE SHORT 0052FDD5
0052FDB6 83E8 0C SUB EAX,0C
0052FDB9 74 32 JE SHORT 0052FDED
0052FDBB E9 85000000 JMP 0052FE45
0052FDC0 83E8 32 SUB EAX,32
0052FDC3 74 28 JE SHORT 0052FDED
0052FDC5 05 51FFFFFF ADD EAX,-0AF
0052FDCA 83E8 06 SUB EAX,6
0052FDCD 73 76 JNB SHORT 0052FE45
0052FDCF C645 F7 01 MOV BYTE PTR [EBP-9],1
0052FDD3 EB 74 JMP SHORT 0052FE49
0052FDD5 8B45 F8 MOV EAX,[EBP-8]
0052FDD8 E8 3752FDFF CALL 00505014
0052FDDD 85C0 TEST EAX,EAX
0052FDDF 7D 06 JGE SHORT 0052FDE7
0052FDE1 C645 F7 03 MOV BYTE PTR [EBP-9],3
0052FDE5 EB 62 JMP SHORT 0052FE49
0052FDE7 C645 F7 00 MOV BYTE PTR [EBP-9],0
0052FDEB EB 5C JMP SHORT 0052FE49
0052FDED C645 F7 03 MOV BYTE PTR [EBP-9],3
0052FDF1 EB 56 JMP SHORT 0052FE49
0052FDF3 8B45 F8 MOV EAX,[EBP-8]
0052FDF6 BA 78FE5200 MOV EDX,0052FE78 ; ASCII "卫士"
0052FDFB E8 9452EDFF CALL 00405094
0052FE00 74 0F JE SHORT 0052FE11
0052FE02 8B45 F8 MOV EAX,[EBP-8]
0052FE05 BA 88FE5200 MOV EDX,0052FE88 ; 弓箭守卫
0052FE0A E8 8552EDFF CALL 00405094
0052FE0F 75 06 JNZ SHORT 0052FE17
0052FE11 C645 F7 03 MOV BYTE PTR [EBP-9],3
0052FE15 EB 32 JMP SHORT 0052FE49
0052FE17 8B45 F8 MOV EAX,[EBP-8]
0052FE1A BA 9CFE5200 MOV EDX,0052FE9C ; 恶魔弓箭手
0052FE1F E8 7052EDFF CALL 00405094
0052FE24 75 19 JNZ SHORT 0052FE3F
0052FE26 A1 A0185A00 MOV EAX,[5A18A0]
0052FE2B 8B00 MOV EAX,[EAX]
///
0052FA34 E8 877C0000 CALL 005376C0 ; 遇到BOSS,播放声音
0052FA39 6B55 FC 43 IMUL EDX,[EBP-4],43
0052FA3D 8B0D 8C0B5A00 MOV ECX,[5A0B8C] ; main_dat.00635594
0052FA43 894491 58 MOV [ECX+EDX*4+58],EAX
0052FA47 55 PUSH EBP
0052FA48 E8 EBF4FFFF CALL 0052EF38 ;in
0052FA4D 59 POP ECX
;child call
00537854 6A 00 PUSH 0
00537856 6A 00 PUSH 0
00537858 68 387A5300 PUSH 00537A38 ; 遇到BOSS
0053785D FF75 FC PUSH DWORD PTR [EBP-4]
00537860 68 4C7A5300 PUSH 00537A4C
00537865 FF75 E4 PUSH DWORD PTR [EBP-1C]
///
0052F0B9 8D5491 04 LEA EDX,[ECX+EDX*4+4]
0052F0BD E8 325EEDFF CALL 00404EF4 ; null
0052F0C2 8B45 F8 MOV EAX,[EBP-8]
0052F0C5 E8 4A5FFDFF CALL 00505014 ; 和158种怪物比较
0052F0CA 8B55 08 MOV EDX,[EBP+8]
;child call
00505038 C745 F8 FFFFFFF>MOV DWORD PTR [EBP-8],-1
0050503F A1 50185A00 MOV EAX,[5A1850] ; 158种怪物
00505044 8B00 MOV EAX,[EAX]
00505046 48 DEC EAX
00505047 85C0 TEST EAX,EAX
00505049 7C 45 JL SHORT 00505090
0050504B 40 INC EAX
0050504C 8945 F0 MOV [EBP-10],EAX
0050504F C745 F4 0000000>MOV DWORD PTR [EBP-C],0
00505056 8D45 EC LEA EAX,[EBP-14]
00505059 8B55 F4 MOV EDX,[EBP-C]
0050505C 8BCA MOV ECX,EDX
0050505E C1E2 05 SHL EDX,5
00505061 2BD1 SUB EDX,ECX
00505063 8B0D A41A5A00 MOV ECX,[5A1AA4] ; main_dat.00642920
00505069 8B09 MOV ECX,[ECX]
0050506B 8D1451 LEA EDX,[ECX+EDX*2]
0050506E E8 81FEEFFF CALL 00404EF4 ; null
00505073 8B45 EC MOV EAX,[EBP-14]
00505076 8B55 FC MOV EDX,[EBP-4]
00505079 E8 1600F0FF CALL 00405094 ; 比较
0050507E 75 08 JNZ SHORT 00505088
00505080 8B45 F4 MOV EAX,[EBP-C]
00558F90 B9 6C905500 MOV ECX,0055906C
00558F95 A1 4C195A00 MOV EAX,[5A194C]
00558F9A 8B00 MOV EAX,[EAX]
00558F9C E8 E731F1FF CALL 0046C188
00558FA1 83F8 06 CMP EAX,6
00558FA4 0F85 90000000 JNZ 0055903A
00558FAA 8B45 F4 MOV EAX,[EBP-C]
00558FAD 8B15 50185A00 MOV EDX,[5A1850] ; main_dat.0064291C
00558FB3 8B12 MOV EDX,[EDX]
00558FB5 83EA 02 SUB EDX,2
00558FB8 2BD0 SUB EDX,EAX
00558FBA 7C 43 JL SHORT 00558FFF
00525481 E8 B2A10000 CALL 0052F638 ; 处理遇到的怪物
00525486 A1 3C0F5A00 MOV EAX,[5A0F3C]
0052548B 8338 00 CMP DWORD PTR [EAX],0
0052548E 0F84 4C7F0000 JE 0052D3E0
0052F0B3 8B0D 8C0B5A00 MOV ECX,[5A0B8C] ; main_dat.00635594
0052F0B9 8D5491 04 LEA EDX,[ECX+EDX*4+4]
0052F0BD E8 325EEDFF CALL 00404EF4 ; null
0052F0C2 8B45 F8 MOV EAX,[EBP-8]
0052F0C5 E8 4A5FFDFF CALL 00505014 ; 和158种怪物比较
0052F0CA 8B55 08 MOV EDX,[EBP+8]
0052F0CD 8942 F8 MOV [EDX-8],EAX
0052F0D0 8B45 08 MOV EAX,[EBP+8]
0052F0D3 8378 F8 00 CMP DWORD PTR [EAX-8],0
0052F0D7 0F8C 8C020000 JL 0052F369
0052F0DD 8B45 08 MOV EAX,[EBP+8] ; 是怪物
0052F0E0 6B40 FC 43 IMUL EAX,[EAX-4],43
0052F0E4 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0052FA47 55 PUSH EBP
0052FA48 E8 EBF4FFFF CALL 0052EF38 ; 和158种怪物比较根call
0052FA4D 59 POP ECX ; 0012F7E4
0052FA4E E9 D7010000 JMP 0052FC2A
0052F829 E8 C656EDFF CALL 00404EF4 ; 未知
0052F82E 8B95 D4FEFFFF MOV EDX,[EBP-12C]
0052F834 33C0 XOR EAX,EAX
0052F836 8A85 09FFFFFF MOV AL,[EBP-F7] ; al=2d,遇到卫士,32=NPC,B=鸡
0052F83C E8 3F050000 CALL 0052FD80 ; al=3,遇到卫士,al=1(人),0=怪物
0052F841 6B55 FC 43 IMUL EDX,[EBP-4],43
0052F845 8B0D 8C0B5A00 MOV ECX,[5A0B8C] ; main_dat.00635594
0052F84B 884491 2F MOV [ECX+EDX*4+2F],AL
0052F84F 6B45 FC 43 IMUL EAX,[EBP-4],43
0052F853 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0052F859 807C82 2F 00 CMP BYTE PTR [EDX+EAX*4+2F],0 ; 11111111111111
0052F85E 75 3A JNZ SHORT 0052F89A
0052F860 6B45 FC 43 IMUL EAX,[EBP-4],43
0052F864 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0052EF5D 833D 7C3D6200 0>CMP DWORD PTR [623D7C],0
0052EF64 0F84 95000000 JE 0052EFFF
005A1EE1 A9 73007C3D TEST EAX,3D7C0073
005A1EE6 6200 BOUND EAX,[EAX]
005A1EE4
e41e5a00
005867C9 A1 9C165A00 MOV EAX,[5A169C]
005867CE FF00 INC DWORD PTR [EAX]
005867D0 A1 E41E5A00 MOV EAX,[5A1EE4]
005867D5 8338 00 CMP DWORD PTR [EAX],0
005867D8 0F85 8C000000 JNZ 0058686A
005867DE A1 D41D5A00 MOV EAX,[5A1DD4]
005867E3 8B00 MOV EAX,[EAX]
005867E5 8B15 FC185A00 MOV EDX,[5A18FC] ;0x18C
005867EB 3B02 CMP EAX,[EDX]
005867ED 7E 7B JLE SHORT 0058686A
005867EF A1 AC1D5A00 MOV EAX,[5A1DAC]
005867F4 C600 00 MOV BYTE PTR [EAX],0
005867F7 8D95 88FEFFFF LEA EDX,[EBP-178]
005867FD A1 4C195A00 MOV EAX,[5A194C]
00586802 8B00 MOV EAX,[EAX]
00586804 E8 C75DEEFF CALL 0046C5D0
00586809 8B95 88FEFFFF MOV EDX,[EBP-178]
0058680F 8D85 A0FEFFFF LEA EAX,[EBP-160]
00586815 E8 36C7E7FF CALL 00402F50
0058681A BA 01000000 MOV EDX,1
0058681F 8D85 A0FEFFFF LEA EAX,[EBP-160]
00586825 E8 B2CEE7FF CALL 004036DC
0058682A E8 9DC0E7FF CALL 004028CC
0058682F 8D85 A0FEFFFF LEA EAX,[EBP-160]
00586835 E8 02CBE7FF CALL 0040333C
0058683A E8 8DC0E7FF CALL 004028CC ; !!!!!!!!!!!!
0058683F 3D A0BB0D00 CMP EAX,0DBBA0
00586844 7E 0B JLE SHORT 00586851
00586846 A1 E41E5A00 MOV EAX,[5A1EE4]
0058684B C700 FFFFFFFF MOV DWORD PTR [EAX],-1
00586851 8D85 A0FEFFFF LEA EAX,[EBP-160]
00586857 E8 98C8E7FF CALL 004030F4
0057FC2D E8 BACFF3FF CALL <JMP.&cqb.inidata>
0057FC32 E8 311CFBFF CALL 00531868
0057FC37 E8 D417FBFF CALL 00531410
0057FC3C E8 A710FCFF CALL 00540CE8
0057FC41 8B45 FC MOV EAX,[EBP-4]
0057FC44 E8 034A0000 CALL 0058464C
0057FC49 8B45 FC MOV EAX,[EBP-4]
0057FC4C E8 238C0000 CALL 00588874
0057FC51 8B45 FC MOV EAX,[EBP-4]
0057FC54 E8 27000000 CALL 0057FC80
0057FC59 B8 2C010000 MOV EAX,12C
0057FC5E E8 4537E8FF CALL 004033A8
0057FC63 05 2C010000 ADD EAX,12C
0057FC68 8B15 FC185A00 MOV EDX,[5A18FC] ; main_dat.00623D78
0057FC6E 8902 MOV [EDX],EAX
0057FC70 A1 78085A00 MOV EAX,[5A0878]
0057FC75 C700 FFFFFFFF MOV DWORD PTR [EAX],-1
0057FC7B 59 POP ECX
0057FC7C 5D POP EBP
0057FC7D C3 RETN
2005-10-10 21:09
00586835 E8 02CBE7FF CALL 0040333C
0058683A E8 8DC0E7FF CALL 004028CC ; !!!!!!!!!!!!
0058683F 3D A0BB0D00 CMP EAX,0DBBA0 ; 大于900k就出错
00586844 7E 0B JLE SHORT 00586851
00586846 A1 E41E5A00 MOV EAX,[5A1EE4]
0058684B C700 FFFFFFFF MOV DWORD PTR [EAX],-1
962 KB (985,600 字节)
962 KB (985,088 字节)
F0B90=986000
DBBA0=900000
0058683F 3D 900B0F00 CMP EAX,0F0B90 ; 大于986k就出错
00586844 7E 0B JLE SHORT 00586851 ; 00586851
发送区名字
Call stack of thread 00000824
Address Stack Procedure / arguments Called from Frame
016EF954 004BAE00 <JMP.&wsock32.send> main_dat.004BADFB 016EF9B0
016EF958 000000C0 Socket = C0
016EF95C 005AA71C Data = main_dat.005AA71C
016EF960 00000034 DataSize = 34 (52.)
016EF964 00000000 Flags = 0
016EF9B4 004C753F ? main_dat.004BADA0 main_dat.004C753A 016EF9B0
016EF9F4 004F9D4D ? main_dat.004C7344 main_dat.004F9D48 016EF9F0
016EFA20 004F5281 main_dat.004F9D0C main_dat.004F527C 016EFA1C
016EFA24 0070FDB0 Arg1 = 0070FDB0
016EFEE8 004F6252 ? main_dat.004F4A18 main_dat.004F624D 016EFEE4
016EFF34 004F8384 ? main_dat.004F61DC main_dat.004F837F 016EFF30
016EFF5C 005021DE ? main_dat.004F8218 main_dat.005021D9 016EFF58
016EFF74 00423C53 Includes main_dat.005021DE main_dat.00423C50 016EFF70
004F522A 8D85 30FEFFFF LEA EAX,[EBP-1D0]
004F5230 8B15 CC0F5A00 MOV EDX,[5A0FCC] ; main_dat.00624184
004F5236 83C2 19 ADD EDX,19
004F5239 E8 B6FCF0FF CALL 00404EF4 ; 取得区名字
004F523E 8B85 30FEFFFF MOV EAX,[EBP-1D0]
004F5244 E8 8F20FDFF CALL 004C72D8
004F5249 A1 041E5A00 MOV EAX,[5A1E04]
004F524E 66:C740 02 E02E MOV WORD PTR [EAX+2],2EE0
004F5254 A1 041E5A00 MOV EAX,[5A1E04]
004F5259 66:C740 04 0000 MOV WORD PTR [EAX+4],0
004F525F A1 E40D5A00 MOV EAX,[5A0DE4]
004F5264 C600 00 MOV BYTE PTR [EAX],0
004F5267 A1 041E5A00 MOV EAX,[5A1E04]
004F526C 50 PUSH EAX
004F526D 8B0D 90115A00 MOV ECX,[5A1190] ; main_dat.005A9B5C
004F5273 8B09 MOV ECX,[ECX]
004F5275 A1 10235A00 MOV EAX,[5A2310]
004F527A 33D2 XOR EDX,EDX
004F527C E8 8B4A0000 CALL 004F9D0C ; 发送区名字
004F5281 85C0 TEST EAX,EAX
004F5283 75 41 JNZ SHORT 004F52C6
004F5285 6A 00 PUSH 0
C7ACC0A4 ;乾坤
B2D4CCEC ;苍天
00590D2B 90 NOP
00590D2C 90 NOP
00590D2D 90 NOP
00590D2E 90 NOP
00590D2F 90 NOP
00590D30 E9 CB1A1D00 JMP 00762800
E8 E8 8F FE FF A1 AC 08 5A 00 8B 00 83 B8 D4 00
发送验证信息
Call stack of main thread
Address Stack Procedure / arguments Called from Frame
0012FD8C 00595FCC main_dat.004BB0A0 main_dat.00595FC7 0012FDFC
0012FE00 00596AEB ? main_dat.00595F5C main_dat.00596AE6 0012FDFC
0012FE14 004BC375 Includes main_dat.00596AEB main_dat.004BC372 0012FE10
0012FE1C 004BC076 Includes main_dat.004BC375 main_dat.004BC073 0012FE24
0012FE28 004BAB8D Includes main_dat.004BC076 main_dat.004BAB8A 0012FE24
0012FE34 004BAF26 main_dat.004040A4 main_dat.004BAF21 0012FE48
0012FE3C 004BA567 Includes main_dat.004BAF26 main_dat.004BA564 0012FE48
0012FE4C 004BB0FC Includes main_dat.004BA567 main_dat.004BB0F9 0012FE48
0012FE70 0042517E Includes main_dat.004BB0FC main_dat.0042517C 0012FE6C
0012FE88 77E1A420 Includes main_dat.0042517E user32.77E1A41D 0012FE84
0012FEA8 77DF4605 user32.77E1A408 user32.77DF4600 0012FEA4
0012FF34 77DF5B77 user32.77DF4321 user32.77DF5B72 0012FF30
0012FF40 0046BE3C <JMP.&user32.DispatchMessageA> main_dat.0046BE37 0012FFA8
0012FF44 0012FF5C pMsg = WM_USER+1 hw = 14051E (clas
0012FF58 0046BE73 main_dat.0046BDB4 main_dat.0046BE6E 0012FFA8
0012FF7C 0046C093 main_dat.0046BE64 main_dat.0046C08E 0012FFA8
0012FFAC 008055BA main_dat.0046BFF8 main_dat.008055B5 0012FFA8
00595FB5 8D55 C0 LEA EDX,[EBP-40]
00595FB8 8B45 FC MOV EAX,[EBP-4]
00595FBB 8B80 E8080000 MOV EAX,[EAX+8E8]
00595FC1 8B80 90000000 MOV EAX,[EAX+90]
00595FC7 E8 D450F2FF CALL 004BB0A0 ; 发送验证数据
00595FCC 8B55 C0 MOV EDX,[EBP-40]
00595FCF A1 681A5A00 MOV EAX,[5A1A68]
00595FD4 E8 13EDE6FF CALL 00404CEC
005A2450 B8 1F040000 MOV EAX,41F
005A2455 8BC8 MOV ECX,EAX
005A2457 BE 69F37F00 MOV ESI,007FF369
005A245C 8B3B MOV EDI,[EBX]
005A245E F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR [ESI]
005A2460 ^ E9 688CF1FF JMP 004BB0CD
B8 1F 04 00 00 8B C8 BE 69 F3 7F 00 8B 3B F3 A4 E9 68 8C F1 FF 00 00 00 00 00 00 00 00 00 00 00
004BB0A0 53 PUSH EBX
004BB0A1 56 PUSH ESI
004BB0A2 8BDA MOV EBX,EDX
004BB0A4 8BF0 MOV ESI,EAX
004BB0A6 83C9 FF OR ECX,FFFFFFFF
004BB0A9 33D2 XOR EDX,EDX
004BB0AB 8BC6 MOV EAX,ESI
004BB0AD B8 1F040000 MOV EAX,41F
004BB0B2 8BD0 MOV EDX,EAX
004BB0B4 8BC3 MOV EAX,EBX
004BB0B6 E8 19A2F4FF CALL 004052D4
004BB0BB E9 90730E00 JMP 005A2450
004BB0C0 90 NOP
004BB0C1 90 NOP
004BB0C2 8BC8 MOV ECX,EAX
004BB0C4 8B13 MOV EDX,[EBX]
004BB0C6 8BC6 MOV EAX,ESI
004BB0C8 E8 5BFEFFFF CALL 004BAF28
004BB0CD 8BD0 MOV EDX,EAX
004BB0CF 8BC3 MOV EAX,EBX
004BB0D1 E8 FEA1F4FF CALL 004052D4
004BB0D6 5E POP ESI
004BB0D7 5B POP EBX
004BB0D8 C3 RETN
53 56 8B DA 8B F0 83 C9 FF 33 D2 8B C6 B8 1F 04 00 00 8B D0 8B C3 E8 19 A2 F4 FF
B8 1F 04 00 00 8B C8 BE 69 F3 7F 00 8B 3B F3 A4
8B D0 8B C3 E8 FE A1 F4 FF 5E 5B C3
004BB0B6 E8 19A2F4FF CALL 004052D4
004BB0BB E9 90730E00 JMP 005A2450
004BB0CD 8BD0 MOV EDX,EAX
004BB0CF 8BC3 MOV EAX,EBX
004BB0D1 E8 FEA1F4FF CALL 004052D4
53 56 8B DA 8B F0 83 C9 FF 33 D2 8B C6 B8 1F 04 00 00 8B D0 8B C3 E8 B9 5F C0 FF B8 1F 04 00 00
8B C8 BE 69 F3 7F 00 8B 3B F3 A4 8B D0 8B C3 E8 A0 5F C0 FF 5E 5B C3
;new call
007FF300 53 PUSH EBX
007FF301 56 PUSH ESI
007FF302 8BDA MOV EBX,EDX
007FF304 8BF0 MOV ESI,EAX
007FF306 83C9 FF OR ECX,FFFFFFFF
007FF309 33D2 XOR EDX,EDX
007FF30B 8BC6 MOV EAX,ESI
007FF30D B8 1F040000 MOV EAX,41F
007FF312 8BD0 MOV EDX,EAX
007FF314 8BC3 MOV EAX,EBX
007FF316 E8 B95FC0FF CALL 004052D4
007FF31B B8 1F040000 MOV EAX,41F
007FF320 8BC8 MOV ECX,EAX
007FF322 BE 69F37F00 MOV ESI,007FF369
007FF327 8B3B MOV EDI,[EBX]
007FF329 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR [ESI]
007FF32B 8BD0 MOV EDX,EAX
007FF32D 8BC3 MOV EAX,EBX
007FF32F E8 A05FC0FF CALL 004052D4
007FF334 5E POP ESI
007FF335 5B POP EBX
007FF336 C3 RETN
00595FC1 8B80 90000000 MOV EAX,[EAX+90]
00595FC7 E8 34932600 CALL 007FF300
00595FCC 8B55 C0 MOV EDX,[EBP-40]
;org call
004BB0A0 53 PUSH EBX
004BB0A1 56 PUSH ESI
004BB0A2 8BDA MOV EBX,EDX
53 56 8B DA 8B F0 83 C9 FF 33 D2 8B C6 E8 76 FE FF FF 8B D0 8B C3 E8 19 A2 F4 FF 8B 03 E8 8E 9E
F4 FF 8B C8 8B 13 8B C6 E8 5B FE FF FF 8B D0 8B C3 E8 FE A1 F4 FF 5E 5B C3 8D 40 00 55 8B EC 51
////////////
00762882 A1 AC085A00 MOV EAX,[5A08AC]
00762887 ^ E9 A9E4E2FF JMP 00590D35
0076288C 0000 ADD [EAX],AL
A1 AC 08 5A 00 E9 A9 E4 E2 FF 00 00 00 00 00 00
00590D2B E8 E88FFEFF CALL 00579D18
00590D30 E9 CB1A1D00 JMP 00762800
E8 E8 8F FE FF
/////////////////////////////////////////////////
60 8B 15 80 15 5A 00 42 52 68 9C 28 76 00 FF 15 34 15 80 00 8B D8 68 9C 28 76 00 FF 15 98 18 80
00 03 C3 C6 00 2F 40 8B 15 9C 0E 5A 00 42 52 50 FF 15 34 15 80 00 68 9C 28 76 00 FF 15 98 18 80
00 6A 00 83 C0 0C 50 B9 D0 5D 71 00 B8 90 28 76 00 33 D2 E8 78 23 D4 FF 68 D0 5D 71 00 FF 15 98
18 80 00 A3 38 5E 71 00 B8 FF FF FF FF A3 38 26 63 00 A3 18 29 64 00 A3 44 FD 70 00 A3 C4 5D 71
00 61 A1 AC 08 5A 00 E9 A9 E4 E2 FF 00 00 00 00 00 00 00 00 67 00 00 00 00 00 00 00 00 00 00 00
00762800 60 PUSHAD
00762801 8B15 80155A00 MOV EDX,[5A1580] ; main_dat.006325F4
00762807 42 INC EDX
00762808 52 PUSH EDX
00762809 68 9C287600 PUSH 76289C
0076280E FF15 34158000 CALL [801534] ; kernel32.lstrcpyA
00762814 8BD8 MOV EBX,EAX
00762816 68 9C287600 PUSH 76289C
0076281B FF15 98188000 CALL [801898] ; kernel32.lstrlenA
00762821 03C3 ADD EAX,EBX
00762823 C600 2F MOV BYTE PTR [EAX],2F
00762826 40 INC EAX
00762827 8B15 9C0E5A00 MOV EDX,[5A0E9C] ; main_dat.0063260C
0076282D 42 INC EDX
0076282E 52 PUSH EDX
0076282F 50 PUSH EAX
00762830 FF15 34158000 CALL [801534] ; kernel32.lstrcpyA
00762836 68 9C287600 PUSH 76289C
0076283B FF15 98188000 CALL [801898] ; kernel32.lstrlenA
00762841 6A 00 PUSH 0
00762843 83C0 0C ADD EAX,0C
00762846 50 PUSH EAX
00762847 B9 D05D7100 MOV ECX,715DD0
0076284C B8 90287600 MOV EAX,762890
00762851 33D2 XOR EDX,EDX
00762853 E8 7823D4FF CALL 004A4BD0 ; 004A4BD0
00762858 68 D05D7100 PUSH 715DD0
0076285D FF15 98188000 CALL [801898] ; kernel32.lstrlenA
00762863 A3 385E7100 MOV [715E38],EAX
00762868 B8 FFFFFFFF MOV EAX,-1
0076286D A3 38266300 MOV [632638],EAX
00762872 A3 18296400 MOV [642918],EAX
00762877 A3 44FD7000 MOV [70FD44],EAX
0076287C A3 C45D7100 MOV [715DC4],EAX
00762881 61 POPAD
00762882 A1 AC085A00 MOV EAX,[5A08AC]
00762887 ^ E9 A9E4E2FF JMP 00590D35 ; 00590D35
00762900 60 PUSHAD
00762901 B9 36000000 MOV ECX,36
00762906 BE 16297600 MOV ESI,762916
0076290B 8136 24698724 XOR DWORD PTR [ESI],24876924
00762911 83C6 04 ADD ESI,4
00762914 ^ E2 F5 LOOPD SHORT 0076290B ; 0076290B
60 B9 36 00 00 00 BE 16 29 76 00 81 36 24 69 87 24 83 C6 04 E2 F5
mycode
007FF200
007FF200 60 PUSHAD
007FF201 B9 20000000 MOV ECX,20
007FF206 BE 16F27F00 MOV ESI,7FF216
007FF20B 8136 24698724 XOR DWORD PTR [ESI],24876924
007FF211 83C6 04 ADD ESI,4
007FF214 ^ E2 F5 LOOPD SHORT 007FF20B ; 007FF20B
007FF216 8B15 80155A00 MOV EDX,[5A1580] ; main_dat.006325F4
007FF21C 42 INC EDX
007FF21D 52 PUSH EDX
007FF21E 68 DCF27F00 PUSH 7FF2DC
007FF223 FF15 34158000 CALL [801534] ; kernel32.lstrcpyA
007FF229 8BD8 MOV EBX,EAX
007FF22B 68 DCF27F00 PUSH 7FF2DC
007FF230 FF15 98188000 CALL [801898] ; kernel32.lstrlenA
007FF236 03C3 ADD EAX,EBX
007FF238 C600 2F MOV BYTE PTR [EAX],2F
007FF23B 40 INC EAX
007FF23C 8B15 9C0E5A00 MOV EDX,[5A0E9C] ; main_dat.0063260C
007FF242 42 INC EDX
007FF243 52 PUSH EDX
007FF244 50 PUSH EAX
007FF245 FF15 34158000 CALL [801534] ; kernel32.lstrcpyA
007FF24B 68 DCF27F00 PUSH 7FF2DC
007FF250 FF15 98188000 CALL [801898] ; kernel32.lstrlenA
007FF256 6A 00 PUSH 0
007FF258 83C0 0C ADD EAX,0C
007FF25B 50 PUSH EAX
007FF25C B9 D05D7100 MOV ECX,715DD0 ; ASCII "<<<<<BX<<<<<<<<<XryhTSEeXoTkdZZyxGgEmH^]ul"
007FF261 B8 D0F27F00 MOV EAX,7FF2D0
007FF266 33D2 XOR EDX,EDX
007FF268 E8 7823D4FF CALL 004A4BD0 ; 004A4BD0
007FF26D 68 D05D7100 PUSH 715DD0 ; ASCII "<<<<<BX<<<<<<<<<XryhTSEeXoTkdZZyxGgEmH^]ul"
007FF272 FF15 98188000 CALL [801898] ; kernel32.lstrlenA
007FF278 A3 385E7100 MOV [715E38],EAX
007FF27D B8 FFFFFFFF MOV EAX,-1
007FF282 A3 38266300 MOV [632638],EAX
007FF287 A3 18296400 MOV [642918],EAX
007FF28C A3 44FD7000 MOV [70FD44],EAX
007FF291 A3 C45D7100 MOV [715DC4],EAX
007FF296 B9 20000000 MOV ECX,20
007FF29B BE 16F27F00 MOV ESI,7FF216
007FF2A0 8136 24698724 XOR DWORD PTR [ESI],24876924
007FF2A6 83C6 04 ADD ESI,4
007FF2A9 ^\E2 F5 LOOPD SHORT 007FF2A0 ; 007FF2A0
007FF2AB 61 POPAD
007FF2AC - E9 7F1AD9FF JMP 00590D30 ; 00590D30
60 B9 20 00 00 00 BE 16 F2 7F 00 81 36 24 69 87 24 83 C6 04 E2 F5 AF 7C 07 31 7E 69 C5 76 4C B5
75 5B 24 96 92 10 31 E9 87 AF FC 01 5B D6 5B 69 78 31 BC 71 07 24 27 AA 41 24 0B 29 0C 31 B8 67
DD 24 66 3B D7 DB 31 5D 92 A4 24 01 5B D6 5B 69 78 31 BC 71 07 24 4E 69 04 E4 28 39 3E F4 79 18
87 9C F4 9B F8 24 17 BB 6F 47 7D A3 78 4C F4 34 F6 24 DB 7C 1F 3C A4 69 24 1C 7A 18 87 9C DB 96
78 DB 87 51 A1 47 24 CA 9F 0D 40 69 24 60 D9 19 87 87 E0 34 F6 24 B9 20 00 00 00 BE 16 F2 7F 00
81 36 24 69 87 24 83 C6 04 E2 F5 61 E9 7F 1A D9 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 67 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
;修改
00590D2B - E9 D0E42600 JMP 007FF200 ; 计算验证
00590D30 A1 AC085A00 MOV EAX,[5A08AC]
E9 D0 E4 26 00 A1 AC 08 5A 00 8B 00 83 B8 D4 00
/////////////////
00762900 60 PUSHAD
00762901 B9 36000000 MOV ECX,36
00762906 BE 16297600 MOV ESI,762916
0076290B 8136 24698724 XOR DWORD PTR [ESI],24876924
00762911 83C6 04 ADD ESI,4
00762914 ^ E2 F5 LOOPD SHORT 0076290B ; 0076290B
00762916 E8 4B000000 CALL 00762966 ; 00762966
0076291B 33C0 XOR EAX,EAX
0076291D BA 01000000 MOV EDX,1
00762922 E8 99FED9FF CALL 005027C0 ; 005027C0
00762927 E8 3A000000 CALL 00762966 ; 00762966
0076292C B8 7D297600 MOV EAX,76297D
00762931 BA 00C00000 MOV EDX,0C000
00762936 E8 85FED9FF CALL 005027C0 ; 005027C0
0076293B E8 26000000 CALL 00762966 ; 00762966
00762940 33C0 XOR EAX,EAX
00762942 BA 01000000 MOV EDX,1
00762947 E8 74FED9FF CALL 005027C0 ; 005027C0
0076294C E8 15000000 CALL 00762966 ; 00762966
00762951 B8 B7297600 MOV EAX,7629B7
00762956 BA 00C00000 MOV EDX,0C000
0076295B E8 60FED9FF CALL 005027C0 ; 005027C0
00762960 61 POPAD
00762961 ^ E9 479AE2FF JMP 0058C3AD ; 0058C3AD
00762966 58 POP EAX
00762967 6A 00 PUSH 0
00762969 6A 00 PUSH 0
0076296B 6A 00 PUSH 0
0076296D 6A 00 PUSH 0
0076296F 6A 00 PUSH 0
00762971 6A 00 PUSH 0
00762973 6A 00 PUSH 0
00762975 33C9 XOR ECX,ECX
00762977 FFE0 JMP EAX
;广告
36 00 00 00 CB CD B8 F8 C8 C8 D1 AA B4 AB C6 E6 32 38 C7 F8 C7 AC C0 A4 D1 F4 B9 E2 A1 E8 C4 FB
C3 CA B2 DD A3 AC D7 A3 CB FD CC EC CC EC D3 D0 BA C3 D0 C4 C7 E9 20 5E 5F 5E 36 00 00 00 C4 FA
B5 C4 C8 C8 D1 AA B4 AB C9 F1 CA A3 D3 E0 39 39 39 39 CC EC 30 D0 A1 CA B1 20 43 72 61 63 6B 65
64 20 62 79 20 D0 A1 C8 AB 20 32 30 30 35 2D 31 30 2D 31 30
60 B9 35 00 00 00 BE 16 29 76 00 81 36 24 69 87 24 83 C6 04 E2 F5 E8 4A 00 00 00 33 C0 BA 01 00
00 00 E8 99 FE D9 FF E8 39 00 00 00 B8 7C 29 76 00 BA 00 C0 00 00 E8 85 FE D9 FF E8 25 00 00 00
33 C0 BA 01 00 00 00 E8 74 FE D9 FF E8 14 00 00 00 B8 B6 29 76 00 BA 00 C0 00 00 E8 60 FE D9 FF
E9 87 00 00 00 58 6A 00 6A 00 6A 00 6A 00 6A 00 6A 00 6A 00 33 C9 FF E0 36 00 00 00 CB CD B8 F8
C8 C8 D1 AA B4 AB C6 E6 32 38 C7 F8 C7 AC C0 A4 D1 F4 B9 E2 A1 E8 C4 FB C3 CA B2 DD A3 AC D7 A3
CB FD CC EC CC EC D3 D0 BA C3 D0 C4 C7 E9 20 5E 5F 5E 36 00 00 00 C4 FA B5 C4 C8 C8 D1 AA B4 AB
C9 F1 CA A3 D3 E0 39 39 39 39 CC EC 30 D0 A1 CA B1 20 43 72 61 63 6B 65 64 20 62 79 20 D0 A1 C8
AB 20 32 30 30 35 2D 31 30 2D 31 30 B9 36 00 00 00 BE 16 29 76 00 81 36 24 69 87 24 83 C6 04 E2
F5 61 E9 A6 99 E2 FF 00 00 00 00 00 00 00 00 00
mycode
007FF0F0 60 PUSHAD
007FF0F1 B9 35000000 MOV ECX,35
60 B9 36 00 00 00 BE 06 F1 7F 00 81 36 24 69 87 24 83 C6 04 E2 F5 CC 23 87 24 24 5A 47 9E 25 69
87 24 CC C0 B1 F4 DB 81 BE 24 24 69 3F 48 D5 16 87 9E 24 A9 87 24 CC FC B1 F4 DB 81 A2 24 24 69
B4 E4 9E 68 87 24 24 81 03 12 F4 96 6F 30 24 69 87 9C 82 98 F8 24 9E 69 47 24 24 81 F7 12 F4 96
6E AD 24 69 87 7C 4E 69 ED 24 4E 69 ED 24 4E 69 ED 24 4E 69 B4 ED DB 89 B1 24 24 69 4C E9 9C 91
4F EC F5 C3 33 8F E2 8F B5 1C E3 91 40 88 E4 CD 56 D0 9D 8B 26 CC E0 92 44 EE 96 B4 24 88 F3 CA
4C D9 E8 85 4B C8 F7 B9 3D E7 F4 AD 40 CD 04 37 D8 7A 12 69 87 24 E0 93 32 E0 EC A1 56 8E 90 C2
4E D5 EE CA 54 C4 1D 50 BE 1D E8 85 B7 F4 85 A3 36 04 67 1B E6 47 4F 0C E3 04 46 10 A7 F4 85 A1
2C 04 16 59 B7 11 09 58 B7 09 15 59 87 24 B9 36 00 00 00 BE 06 F1 7F 00 81 36 24 69 87 24 83 C6
04 E2 F5 61 E9 B4 D1 D8 FF 00 00 00 00 00 00 00
007FF0F0 60 PUSHAD
007FF0F1 B9 36000000 MOV ECX,36
007FF0F6 BE 06F17F00 MOV ESI,7FF106
007FF0FB 8136 24698724 XOR DWORD PTR [ESI],24876924
007FF101 83C6 04 ADD ESI,4
007FF104 ^ E2 F5 LOOPD SHORT 007FF0FB ; 007FF0FB
007FF106 E8 4A000000 CALL 007FF155 ; 007FF155
007FF10B 33C0 XOR EAX,EAX
007FF10D BA 01000000 MOV EDX,1
007FF112 E8 A936D0FF CALL 005027C0 ; 005027C0
007FF117 E8 39000000 CALL 007FF155 ; 007FF155
007FF11C B8 6CF17F00 MOV EAX,7FF16C
007FF121 BA 00C00000 MOV EDX,0C000
007FF126 E8 9536D0FF CALL 005027C0 ; 005027C0
007FF12B E8 25000000 CALL 007FF155 ; 007FF155
007FF130 33C0 XOR EAX,EAX
007FF132 BA 01000000 MOV EDX,1
007FF137 E8 8436D0FF CALL 005027C0 ; 005027C0
007FF13C E8 14000000 CALL 007FF155 ; 007FF155
007FF141 B8 A6F17F00 MOV EAX,7FF1A6
007FF146 BA 00C00000 MOV EDX,0C000
007FF14B E8 7036D0FF CALL 005027C0 ; 005027C0
007FF150 E9 89000000 JMP 007FF1DE ; 007FF1DE
007FF155 58 POP EAX
007FF156 6A 00 PUSH 0
007FF158 6A 00 PUSH 0
007FF15A 6A 00 PUSH 0
007FF15C 6A 00 PUSH 0
007FF15E 6A 00 PUSH 0
007FF160 6A 00 PUSH 0
007FF162 6A 00 PUSH 0
007FF164 33C9 XOR ECX,ECX
007FF166 FFE0 JMP EAX
...
007FF1DE B9 36000000 MOV ECX,36
007FF1E3 BE 06F17F00 MOV ESI,7FF106
007FF1E8 8136 24698724 XOR DWORD PTR [ESI],24876924
007FF1EE 83C6 04 ADD ESI,4
007FF1F1 ^ E2 F5 LOOPD SHORT 007FF1E8 ; 007FF1E8
007FF1F3 61 POPAD
007FF1F4 - E9 B4D1D8FF JMP 0058C3AD ; 0058C3AD
007FF1F9 0000 ADD [EAX],AL
;修改
0058C360 - E9 8B2D2700 JMP 007FF0F0 ; 007FF0F0
0058C365 90 NOP
//////////////////////////////////////////////////////
004F5208 A1 CC0F5A00 MOV EAX,[5A0FCC]
004F520D C780 B8000000 F>MOV DWORD PTR [EAX+B8],-1
004F5208 - E9 F39D3000 JMP 007FF000 ; 007FF000
004F520D C780 B8000000 FFFFFFFF MOV DWORD PTR [EAX+B8],-1
00590D2B - E9 D0E42600 JMP 007FF200 ; 计算验证
0058C360 - E9 8B2D2700 JMP 007FF0F0 ; 广告
00590D2B E8 E88FFEFF CALL 00579D18 ; 计算验证
00590D30 A1 AC0
0058C360 6A 00 PUSH 0
0058C362 6A 00 PUSH 0
0058C364 00006A00
E9 8B2D27
272d8be9
00006A00
006a0000
E9 D0 E4 26 00 A1 AC 08
26e4d0e9 08aca100
007FF000 60 PUSHAD
007FF001 8B15 CC0F5A00 MOV EDX,[5A0FCC] ; main_dat.00624184
007FF007 83C2 1A ADD EDX,1A
007FF00A 8B02 MOV EAX,[EDX]
007FF00C 35 24698724 XOR EAX,24876924
007FF011 3D E3C54780 CMP EAX,8047C5E3
007FF016 74 2F JE SHORT 007FF047 ; 007FF047
007FF018 3D 96BD4BC8 CMP EAX,C84BBD96
007FF01D 74 28 JE SHORT 007FF047 ; 007FF047
007FF01F B8 2B0D5900 MOV EAX,590D2B
007FF024 C700 E9D0E426 MOV DWORD PTR [EAX],26E4D0E9
007FF02A 83C0 04 ADD EAX,4
007FF02D C700 00A1AC08 MOV DWORD PTR [EAX],8ACA100
007FF033 B8 60C35800 MOV EAX,58C360
007FF038 C700 E98B2D27 MOV DWORD PTR [EAX],272D8BE9
007FF03E 83C0 04 ADD EAX,4
007FF041 C700 00006A00 MOV DWORD PTR [EAX],6A0000
007FF047 61 POPAD
007FF048 A1 CC0F5A00 MOV EAX,[5A0FCC]
007FF04D - E9 BB61CFFF JMP 004F520D ; 004F520D
60 8B 15 CC 0F 5A 00 83 C2 1A 8B 02 35 24 69 87 24 3D E3 C5 47 80 74 2F 3D 96 BD 4B C8 74 28 B8
2B 0D 59 00 C7 00 E9 D0 E4 26 83 C0 04 C7 00 00 A1 AC 08 B8 60 C3 58 00 C7 00 E9 8B 2D 27 83 C0
04 C7 00 00 00 6A 00 61 A1 CC 0F 5A 00 E9 BB 61 CF FF
org
00590D2B E8 E88FFEFF CALL 00579D18 ; 计算验证
00590D30 A1 AC085A00 MOV EAX,[5A08AC]
E8 E8 8F FE FF A1 AC 08
0058C360 6A 00 PUSH 0
0058C362 6A 00 PUSH 0
0058C364 6A 00 PUSH 0
0058C366 6A 00 PUSH 0
6A 00 6A 00 6A 00 6A 00
007FF001 8B15 CC0F5A00 MOV EDX,[5A0FCC] ; main_dat.00624184
63dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4c8W2L8i4m8Q4x3X3g2E0K9h3&6A6k6r3&6K6i4K6u0W2L8X3g2@1i4K6u0r3k6r3!0%4L8W2)9J5c8X3y4I4x3e0V1&6j5#2)9J5k6i4u0S2M7R3`.`.
1,修正了2个明显的检查
2,修复n个不明显的检查
3,修正前版本的破解缺陷
4,优化了破解算法
5,限制28乾坤和90苍天的用户使用
2005-10-11 3:28
007FF016 /EB 07 JMP SHORT 007FF01F ; 007FF01F
007FF018 |3D 96BD4BC8 CMP EAX,C84BBD96
00586844 /EB 0B JMP SHORT 00586851 ; 00586851
00586846 |A1 E41E5A00 MOV EAX,[5A1EE4]
2005-10-12 16:34
Call stack of main thread
Address Stack Procedure / arguments Called from Frame
0012FD9C 77E8A243 Includes ntdll.77F8915E kernel32.77E8A241 0012FDB8
0012FDBC 77E8A20E kernel32.SleepEx kernel32.77E8A209 0012FDB8
0012FDC0 00000000 Timeout = 0. ms
0012FDC4 00000000 Alertable = FALSE
0012FDC8 004240B1 hotcs.0040E548 hotcs.004240AC 0012FE1C
0012FDFC 00423DBE hotcs.00424074 hotcs.00423DB9 0012FE1C
0012FE08 00403EB3 Includes hotcs.00423DBE hotcs.00403EB0 0012FE1C
0012FE0C 0059001C hotcs.00403EA8 hotcs.00590017 0012FE1C
0012FE20 0058E10E hotcs.0058FFD8 hotcs.0058E109 0012FE1C
0012FE44 0044162E Includes hotcs.0058E10E hotcs.0044162B 0012FE40
0012FE4C 00441514 hotcs.004040A4 hotcs.0044150F 0012FE6C
0012FE70 0042517E Includes hotcs.00441514 hotcs.0042517C 0012FE6C
0012FE88 77E1A420 Includes hotcs.0042517E user32.77E1A41D 0012FE84
0012FEA8 77DF4605 user32.77E1A408 user32.77DF4600 0012FEA4
0012FF34 77DF5B77 user32.77DF4321 user32.77DF5B72 0012FF30
0012FF40 0046BE3C hotcs.004079BC hotcs.0046BE37 0012FFA8
0012FF58 0046BE73 hotcs.0046BDB4 hotcs.0046BE6E 0012FFA8
0012FF7C 0046C093 hotcs.0046BE64 hotcs.0046C08E 0012FFA8
0012FFAC 008055BA hotcs.0046BFF8 hotcs.008055B5 0012FFA8
004240A5 E8 323CFEFF CALL 00407CDC ; 00407CDC
004240AA 6A 00 PUSH 0
004240AC E8 97A4FEFF CALL 0040E548 ; 0040E548
004240B1 E8 3AFAFFFF CALL 00423AF0 ; 00423AF0
0040E547 90 NOP
0040E548 - FF25 18168000 JMP [801618]
0040E54E 8BC0 MOV EAX,EAX
0040E550 55 PUSH EBP
0058E0F1 A1 90095A00 MOV EAX,[5A0990]
0058E0F6 8178 18 D07E010>CMP DWORD PTR [EAX+18],17ED0 ;经验值大于0x17ED0,开始检查
0058E0FD 7E 1C JLE SHORT 0058E11B ; 0058E11B
0058E0FF A1 48075A00 MOV EAX,[5A0748]
0058E104 8338 00 CMP DWORD PTR [EAX],0
0058E107 75 12 JNZ SHORT 0058E11B ; 0058E11B
0058E109 E8 CA1E0000 CALL 0058FFD8 ; 0058FFD8
0058E10E E8 A9C8F1FF CALL 004AA9BC ; <JMP.&winmm.timeGetTime>
0058FFFA 8B45 F4 MOV EAX,[EBP-C]
0058FFFD 66:8378 06 04 CMP WORD PTR [EAX+6],4 ;节数>4出错
00590002 76 42 JBE SHORT 00590046 ; 00590046
00590004 A1 D8195A00 MOV EAX,[5A19D8]
0058FFFD 66:8378 06 06 CMP WORD PTR [EAX+6],6
00590002 74 42 JE SHORT 00590046 ; 00590046
;出错随机
004ED98E A1 7C0B5A00 MOV EAX,[5A0B7C]
004ED993 8338 00 CMP DWORD PTR [EAX],0
;靠墙
00549F78 8B0D 8C225A00 MOV ECX,[5A228C] ; main_dat.007339C0
00549F7E 8B09 MOV ECX,[ECX]
00549F80 BA 5CB75400 MOV EDX,54B75C ; isnearwall
00549F85 B8 18AF5400 MOV EAX,54AF18 ; main
00549F8A E8 65F4FFFF CALL 005493F4 ; 005493F4
00541F02 B9 A03D5400 MOV ECX,543DA0 ; isnearwall
00541F07 BA 74355400 MOV EDX,543574 ; main
00541F0C 8B45 F8 MOV EAX,[EBP-8]
00541F0F 8B18 MOV EBX,[EAX]
00541F11 FF53 10 CALL [EBX+10]
00541F14 F6D8 NEG AL
00541F16 1BC0 SBB EAX,EAX
00541F18 8B15 8C225A00 MOV EDX,[5A228C] ; main_dat.007339C0
00541F1E 8902 MOV [EDX],EAX
0080556F 8BCC MOV ECX,ESP
00805571 FF71 0C PUSH DWORD PTR [ECX+C]
00805574 FF71 08 PUSH DWORD PTR [ECX+8]
00805577 FF71 04 PUSH DWORD PTR [ECX+4]
0080557A E8 4EFEFFFF CALL 008053CD
0080557F 83C4 10 ADD ESP,10
00805582 FF6424 F0 JMP [ESP-10]
8B CC FF 71 0C FF 71 08 FF 71 04 E8 4E FE FF FF 83 C4 10 FF 64 24 F0 00 00 00 00 00 00 00 00 00
code
0080536B 55 PUSH EBP
0080536C 8BEC MOV EBP,ESP
0080536E 56 PUSH ESI
004203F5 8B00 MOV EAX,[EAX] ; main_dat.0057B3D0
0057B390 00 00 00 00 F8 E3 57 00 C0 B4 57 00 79 B7 35 00 ....?W.?W.y.5.
35b779
frmain addr
003ff789
007ff789
00502E3A 0000 ADD [EAX],AL
00502E3C C3 RETN
00502E3D 8BEC MOV EBP,ESP
41f
00 02 01 E8 BE 6F BF B8 17 AB 7F BF A7 0F 6D 93 30 A0 5B 6C 39 A0 89 A5 E4 54 35 8D 9C F0 A4 43
1D FC 7A 9A 60 ED 96 02 15 DB CE 37 5F 90 4E E9 6E 50 C7 74 E8 AC B9 B1 75 25 8D 49 DF 32 82 FE
81 7E 8A 57 B2 F1 7E 3D 41 89 A2 EC B9 FB 14 29 EB EA E8 10 22 80 C3 6D 5D C5 83 CC 4E 00 00 00
2F 7C 35 88 D0 2A 01 00 01 00 00 00 40 AB C6 1D 53 4A 7E 6B 29 52 0C D4 97 FF 28 F5 E4 47 60 71
F3 23 8D 6F 47 66 61 BA D1 75 A9 BD 6C D3 B0 9F B9 14 3A 03 52 0C C4 A3 01 00 00 00 00 EB 76 7D
39 35 C6 95 60 F4 21 C5 64 44 79 62 A9 BE A2 E7 75 6D 4B A6 D0 3F EB 3B 1A B9 ED 29 A1 77 B6 BE
16 15 D3 A8 AC F9 3C 62 BF 71 E2 4B 2E E6 7E CB 80 48 02 26 B8 54 F8 FE C4 9E D8 5C 43 E2 34 BF
F0 9D 4D 9E D5 0C A5 13 ED 28 CA 22 8C C3 08 5D 2E 2D 64 10 22 D0 6F 47 AD 99 00 93 BE 44 00 00
1B 23 AD 92 9D 25 19 66 57 14 5B 54 AD 69 31 30 E2 23 E1 C3 19 C5 72 9F 30 35 D1 B8 0F 6B 18 CE
55 A5 72 5D 6B 84 57 DA 71 E8 91 DD E5 24 5A 2A F0 2B A7 20 F4 2D 8B 4E 1A 43 64 02 2F 1F E2 00
E1 5C EE 6A 16 29 6E BF B0 84 69 65 89 2A 52 BD D2 98 83 11 75 8A 0A A1 BA 92 D4 DE 10 3F 42 DE
59 8A 0B 97 91 1B 01 8B EC 13 6F 69 68 C4 5E 56 FF 7F 6E 1A 74 53 AB B1 76 ED 0A 03 7D 83 82 01
74 B3 ED CD 02 43 66 11 6B 13 E0 FF 7B 6A 5C 21 F9 71 80 A2 22 67 25 3E C1 8C 47 2C A1 D8 96 9E
33 65 8A 00 99 B9 B3 91 89 34 93 6F 0C F6 70 5F 5A 01 AD D6 60 D6 C4 FC 75 9C C9 C5 CB E8 C9 B0
0A FA A9 8E 62 2B B0 C3 D7 9E 11 94 89 CA 36 E1 DD 33 69 17 7C 95 E5 FF 91 C6 99 00 AE 55 96 35
97 58 96 9E B1 0E 5B 0F B1 D4 DD B1 BF A4 D2 13 2F BC EE DA F8 17 27 5B E7 09 31 DD 35 E7 02 64
28 0A 58 F3 56 61 D4 02 E0 CE 58 EA 7B DA 4E 5E A4 06 13 02 C8 C9 B6 70 F9 42 BC D4 70 05 7A 1E
26 E5 BE 57 16 F8 7A 95 57 95 0E 6D C8 78 9A B8 03 81 90 CC 23 38 1B 57 87 15 FD 55 03 2B 0E 22
F3 A6 B4 72 06 A4 11 5F AC 6E E3 22 30 63 89 EE 75 7D C1 5D 2E 4C F0 6F 77 CB A4 18 9F CC F6 3B
C7 D1 38 E8 B2 1A BD 8E 33 BF 2B 65 1E 9B 9E F4 1D 6C F9 D5 3D 16 B8 32 B2 8C 03 15 DC AF 97 A0
A4 89 D7 1F 85 52 86 4E 07 E1 E2 2E 0D 1F 31 BF E4 0C 50 D3 FD 7A AD 1A AB E7 7E 6C D6 80 72 7F
EB 2A 3F 7B A5 E4 9E 4D 88 86 76 4B 0E 7A 42 FD D5 A6 AB 77 23 E4 A8 45 C4 47 6D FA 25 2F 1F DC
AB 2E 8B D8 86 7F C3 6A 3D C4 01 00 88 85 FC 38 72 19 B2 34 8D D3 9D 00 45 1C A3 67 20 01 8D 56
CE 0A 70 F9 B6 2C D6 FA 0B 9E D3 21 51 65 83 F0 54 49 92 00 89 E4 63 BA F1 9C 91 FA E4 52 D2 07
A1 7E F9 47 A5 3E DF 8E D8 A6 F1 12 8A 00 1E 6C 9E B1 ED 8F 9F 8F E9 F4 B5 44 1A 62 0B FA 6A 68
A6 FC CD 72 15 EB 8D 59 26 E4 C6 F8 58 BC 2E 8E 59 F6 E1 19 AB 49 C9 58 0C E1 2B E7 34 65 7E D3
AD A4 C8 69 91 C0 AA 9F AE 59 20 03 9E 85 C4 A8 90 5B 3C 00 A1 A5 9E 1D DA C6 E8 EA E6 F7 31 F8
68 28 A3 DC FC 65 E0 29 9C 65 3B E0 83 99 4E 97 CC E0 D0 F7 CC 5D 08 60 AA 72 4E 21 F7 95 11 96
D8 F7 E8 46 01 62 32 41 DF B5 4C C0 A4 2B 3B F2 1F B4 5B 74 67 C3 D1 2C FE F0 32 92 A1 E4 5B 5A
B7 0F C8 9D 44 BC A9 12 03 95 5D 41 3C E6 18 1F A8 C6 FE 24 48 34 55 B6 C4 D4 19 88 A4 A4 28 27
9E 1E F9 CA 0B 7F A4 72 A6 67 F5 BA 9E BF AF 3E F0 16 67 6F 06 28 77 33 04 C8 C5 B5 7F AC 96 57
DC D6 F8 CE 9C 1B BB 99 0D 76 0C 0B 24 AF F6 00 FA 8B 5E 46 1C 0D 27 42 0B 0E 59 25 08 0B 27 42
09 0A 26 00 53 34 26 44 01 27 50 3C 54 76 6B 2C 59 4A 5D 21 4E 56 43 1D 73 42 0E 7E 31 14 2B 00
004BB09F 90 NOP
004BB0A0 53 PUSH EBX ; recv
004BB0A1 56 PUSH ESI
004BB0A2 8BDA MOV EBX,EDX
recv data addr
3ff369
005A2450 B8 1F040000 MOV EAX,41F
005A2455 8BC8 MOV ECX,EAX
005A2457 BE 69F37F00 MOV ESI,007FF369
005A245C 8B3B MOV EDI,[EBX]
005A245E F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR [ESI>
005A2460 ^ E9 688CF1FF JMP 004BB0CD
B8 1F 04 00 00 8B C8 BE 69 F3 7F 00 8B 3B F3 A4 E9 68 8C F1 FF 00 00 00 00 00 00 00 00 00 00 00
004BB0AD B8 1F040000 MOV EAX,41F
004BB0B2 8BD0 MOV EDX,EAX
004BB0B4 8BC3 MOV EAX,EBX
004BB0B6 E8 19A2F4FF CALL 004052D4
004BB0BB E9 90730E00 JMP 005A2450
004BB0C0 90 NOP
004BB0C1 90 NOP
B8 1F 04 00 00 8B D0 8B C3 E8 19 A2 F4 FF E9 90 73 0E 00 90 90 8B C8 8B 13 8B C6 E8 5B FE FF FF
end addr
762ff0
763000
0058C36E PUSH 58C508 您的
0058C37A PUSH 58C518 剩余
构造登陆信息
00590D2B E8 E88FFEFF CALL 00579D18
00590D30 A1 AC085A00 MOV EAX,[5A08AC]
00590D35 8B00 MOV EAX,[EAX]
00590D2B E8 E88FFEFF CALL 00579D18
00590D30 E9 CB1A1D00 JMP 00762800
00590D35 8B00 MOV EAX,[EAX]
00762800 60 PUSHAD
00762801 8B15 A0F35800 MOV EDX,[58F3A0] ; main_dat.00408DC3
lstrcpyA
lstrlenA
1 00801534 kernel32.dll 0335 lstrcpy
1 00801898 kernel32.dll 033B lstrlen
632638: 00 FF
642918: 00 FF
70FD44: 00 FF
715DC4: 00 FF
715DD0 6bit
715E38 len
00762800 60 PUSHAD
00762801 8B15 80155A00 MOV EDX,[5A1580] ; main_dat.006325F4
00762807 42 INC EDX
00762808 52 PUSH EDX
00762809 68 9C287600 PUSH 0076289C
0076280E FF15 34158000 CALL [<&kernel32.lstrcpy>] ; kernel32.lstrcpyA
00762814 8BD8 MOV EBX,EAX
00762816 68 9C287600 PUSH 0076289C
0076281B FF15 98188000 CALL [<&kernel32.lstrlen>] ; kernel32.lstrlenA
00762821 03C3 ADD EAX,EBX
00762823 C600 2F MOV BYTE PTR [EAX],2F
00762826 40 INC EAX
00762827 8B15 9C0E5A00 MOV EDX,[5A0E9C] ; main_dat.0063260C
0076282D 42 INC EDX
0076282E 52 PUSH EDX
0076282F 50 PUSH EAX
00762830 FF15 34158000 CALL [<&kernel32.lstrcpy>] ; kernel32.lstrcpyA
00762836 68 9C287600 PUSH 0076289C
0076283B FF15 98188000 CALL [<&kernel32.lstrlen>] ; kernel32.lstrlenA
00762841 6A 00 PUSH 0
00762843 83C0 0C ADD EAX,0C
00762846 50 PUSH EAX
00762847 B9 D05D7100 MOV ECX,00715DD0
0076284C B8 90287600 MOV EAX,00762890
00762851 33D2 XOR EDX,EDX
00762853 E8 7823D4FF CALL 004A4BD0
00762858 68 D05D7100 PUSH 00715DD0
0076285D FF15 98188000 CALL [<&kernel32.lstrlen>] ; kernel32.lstrlenA
00762863 A3 385E7100 MOV [715E38],EAX
00762868 B8 FFFFFFFF MOV EAX,-1
0076286D A3 38266300 MOV [632638],EAX
00762872 A3 18296400 MOV [642918],EAX
00762877 A3 44FD7000 MOV [70FD44],EAX
0076287C A3 C45D7100 MOV [715DC4],EAX
00762881 61 POPAD
00762882 8B15 A0F35800 MOV EDX,[58F3A0] ; main_dat.00408DC3
00762888 ^ E9 A8E4E2FF JMP 00590D35
60 8B 15 80 15 5A 00 42 52 68 9C 28 76 00 FF 15 34 15 80 00 8B D8 68 9C 28 76 00 FF 15 98 18 80
00 03 C3 C6 00 2F 40 8B 15 9C 0E 5A 00 42 52 50 FF 15 34 15 80 00 68 9C 28 76 00 FF 15 98 18 80
00 6A 00 83 C0 0C 50 B9 D0 5D 71 00 B8 90 28 76 00 33 D2 E8 78 23 D4 FF 68 D0 5D 71 00 FF 15 98
18 80 00 A3 38 5E 71 00 B8 FF FF FF FF A3 38 26 63 00 A3 18 29 64 00 A3 44 FD 70 00 A3 C4 5D 71
00 61 8B 15 A0 F3 58 00 E9 A8 E4 E2 FF 00 00 00 00 00 00 00 67 00 00 00 00 00 00 00 00 00 00 00
bit6en
004A4BD0 55 PUSH EBP
00592580 55 PUSH EBP ; send
id
00592758 8B15 80155A00 MOV EDX,[5A1580] ; main_dat.006325F4
name
00592794 8B15 9C0E5A00 MOV EDX,[5A0E9C] ; main_dat.0063260C
00579B74 E8 67F5FFFF CALL 005790E0
00579B79 E9 8B000000 JMP 00579C09
00579B7E E8 89F2FFFF CALL 00578E0C
00579B83 E9 81000000 JMP 00579C09
00579B6F /E9 95000000 JMP 00579C09
00579B74 |90 NOP
00579B75 |90 NOP
00579B76 |90 NOP
00579B77 |90 NOP
00579B78 |90 NOP
00579B79 |E9 8B000000 JMP 00579C09
00579B7E |90 NOP
00579B7F |90 NOP
00579B80 |90 NOP
00579B81 |90 NOP
00579B82 |90 NOP
00579B83 |E9 81000000 JMP 00579C09
E9 95 00 00 00 90 90 90 90 90 E9 8B 00 00 00 90 90 90 90 90
Log data, item 0
Address=00402C36
Message=Invalid floating-point operation
00590D26 BA 080E5900 MOV EDX,00590E08
00590D2B E8 E88FFEFF CALL 00579D18
00590D30 E9 CB1A1D00 JMP 00762800
00590D26 BA 080E5900 MOV EDX,00590E08
00590D2B 90 NOP
00590D2C 90 NOP
00590D2D 90 NOP
00590D2E 90 NOP
00590D2F 90 NOP
00590D30 E9 CB1A1D00 JMP 00762800
00590D35 8B00 MOV EAX,[EAX]
relogin
00509451 8D05 4B945000 LEA EAX,[50944B]
00509457 8B00 MOV EAX,[EAX]
00509459 FF75 FC PUSH DWORD PTR [EBP-4]
0050945C FF75 F8 PUSH DWORD PTR [EBP-8]
0050945F FFD0 CALL EAX
00509461 33C0 XOR EAX,EAX
00509463 5A POP EDX
0050944B 8F 2E 35 00 ?5..
352e8f
55 8B EC 60 8B 7D 08 8B 75 0C 57 8B 1F 8B 4F 04 BA B9 79 37 9E 8B C2 C1 E0 05 BF 20 00 00 00 8B
EB C1 E5 04 2B CD 8B 6E 08 33 EB 2B CD 8B EB C1 ED 05 33 E8 2B CD 2B 4E 0C 8B E9 C1 E5 04 2B DD
8B 2E 33 E9 2B DD 8B E9 C1 ED 05 33 E8 2B DD 2B 5E 04 2B C2 4F 75 C8 5F 89 1F 89 4F 04 61 C9 C2
08 00
008055BF . 0000 ADD [EAX],AL
bf558000
0058C35B 8338 00 CMP DWORD PTR [EAX],0
0058C35E 7C 4D JL SHORT 0058C3AD
0058C360 6A 00 PUSH 0
0058C362 6A 00 PUSH 0
0058C35E /7C 4D JL SHORT 0058C3AD
0058C360 |E9 9B651D00 JMP 00762900
0058C365 |90 NOP
00762900 60 PUSHAD
00762901 B9 36000000 MOV ECX,36
00762906 BE 16017400 MOV ESI,00740116
0076290B 8136 24698724 XOR DWORD PTR [ESI],24876924
00762911 83C6 04 ADD ESI,4
00762914 ^ E2 F5 LOOPD SHORT 0076290B
00762916 E8 4B000000 CALL 00762966
0076291B 33C0 XOR EAX,EAX
0076291D BA 01000000 MOV EDX,1
00762922 E8 99FED9FF CALL 005027C0
00762927 E8 3A000000 CALL 00762966
0076292C B8 7D297600 MOV EAX,0076297D
00762931 BA 00C00000 MOV EDX,0C000
00762936 E8 85FED9FF CALL 005027C0
0076293B E8 26000000 CALL 00762966
00762940 33C0 XOR EAX,EAX
00762942 BA 01000000 MOV EDX,1
00762947 E8 74FED9FF CALL 005027C0
0076294C E8 15000000 CALL 00762966
00762951 B8 B7297600 MOV EAX,007629B7
00762956 BA 00C00000 MOV EDX,0C000
0076295B E8 60FED9FF CALL 005027C0
00762960 61 POPAD
00762961 ^ E9 479AE2FF JMP 0058C3AD
00762966 58 POP EAX
00762967 6A 00 PUSH 0
00762969 6A 00 PUSH 0
0076296B 6A 00 PUSH 0
0076296D 6A 00 PUSH 0
0076296F 6A 00 PUSH 0
00762971 6A 00 PUSH 0
00762973 6A 00 PUSH 0
00762975 33C9 XOR ECX,ECX
00762977 FFE0 JMP EAX
60 B9 36 00 00 00 BE 16 29 76 00 81 36 24 69 87 24 83 C6 04 E2 F5 CC 22 87 24 24 5A 47 9E 25 69
87 24 CC F0 79 FD DB 81 BD 24 24 69 3F 59 0D 1F 87 9E 24 A9 87 24 CC EC 79 FD DB 81 A1 24 24 69
B4 E4 9E 68 87 24 24 81 F3 DA FD 96 6F 31 24 69 87 9C 93 40 F1 24 9E 69 47 24 24 81 E7 DA FD 96
E6 CD 63 F3 65 DB 7C 03 87 4E 24 03 87 4E 24 03 87 4E 24 03 87 17 ED 96 67 12 24 69 87 EF E9 D1
7F EC EC B8 2D 90 8F AF 61 16 1C AE 7F E3 88 A9 23 F5 D0 D0 65 85 CC AD 7C E7 EE DB 5A 87 88 BE
24 EF D9 A5 6B E8 C8 BA 57 9E E7 B9 43 E3 CD 49 D9 7B 7A 5C 87 24 24 AD 7D 91 E0 A1 4F F5 8E DD
2C ED D5 A3 24 F7 C4 50 BE 1D 1D A5 6B 14 F4 C8 4D 95 04 2A F5 45 47 02 E2 40 04 0B FE 04 F4 C8
4F 8F 04 5B B7 14 11 44 BE 09 15 69 87 24 00 00
012DEF7C D0 2A 01 00 ?...
时间
00401081 |. E8 30010000 CALL <JMP.&wsock32.inet_ntoa>
00406590 68 0C674000 PUSH 0040670C ; ASCII "kernel32.dll"
00406595 E8 86ADFFFF CALL <JMP.&kernel32.GetModuleHandleA>
0040659A 8BF0 MOV ESI,EAX
0040659C 85F6 TEST ESI,ESI
0040659E 74 40 JE SHORT 004065E0
004065A0 68 1C674000 PUSH 0040671C ; ASCII "GetLongPathNameA"
004065A5 56 PUSH ESI
004065A6 E8 7DADFFFF CALL <JMP.&kernel32.GetProcAddress>
00762A00 68 3D2A7600 PUSH 00762A3D ; ASCII "582K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4Z5K9h3&6S2i4K6u0W2j5$3!0E0"
00762A05 FF15 0C1A8000 CALL [<&wsock32.gethostbyname>] ; WS2_32.gethostbyname
00762A0B 8B40 0C MOV EAX,[EAX+C]
00762A0E 8B08 MOV ECX,[EAX]
00762A10 8B09 MOV ECX,[ECX]
00762A12 51 PUSH ECX
00762A13 68 4B2A7600 PUSH 00762A4B ; ASCII "wsock32.dll"
00762A18 FF15 20128000 CALL [<&kernel32.GetModuleHandleA>] ; kernel32.GetModuleHandleA
00762A1E 68 572A7600 PUSH 00762A57 ; ASCII "inet_ntoa"
00762A23 50 PUSH EAX
00762A24 FF15 AC188000 CALL [<&kernel32.GetProcAddress>] ; kernel32.GetProcAddress
00762A2A FFD0 CALL EAX
00762A2C 50 PUSH EAX
00762A2D 68 612A7600 PUSH 00762A61
00762A32 FF15 34158000 CALL [<&kernel32.lstrcpy>] ; kernel32.lstrcpyA
00762A38 - E9 D4D689FF JMP 00000111
68 3D 2A 76 00 FF 15 0C 1A 80 00 8B 40 0C 8B 08 8B 09 51 68 4B 2A 76 00 FF 15 20 12 80 00 68 57
2A 76 00 50 FF 15 AC 18 80 00 FF D0 50 68 61 2A 76 00 FF 15 34 15 80 00 E9 D4 D6 89 FF 77 77 77
2E 63 68 69 6E 61 2E 63 6F 6D 00 77 73 6F 63 6B 33 32 2E 64 6C 6C 00 69 6E 65 74 5F 6E 74 6F 61
0050B797 /75 1F JNZ SHORT 0050B7B8
0050B799 |FF25 EC0E4000 JMP [400EEC]
0050B79F |68 18B85000 PUSH 0050B818
FF25 ????4000
DS:[00400EEC]=0035ADD1
0035ADD1 FF35 34F35900 PUSH DWORD PTR [59F334] ; main_dat.00502344
0035ADD7 68 9FB75000 PUSH 50B79F
0035ADDC C3 RETN
0050B797 /75 1F JNZ SHORT 0050B7B8
0050B799 |FF35 34F35900 PUSH DWORD PTR [59F334] ; main_dat.00502344
0050B79F |68 18B85000 PUSH 0050B818
$+444 > 00000000
$+448 > 00000000
$+44C >/015CFF38
$+450 >|004D9159 RETURN to main_dat.004D9159 from main_dat.004DFA3C
$+454 >|015CFF40 Pointer to next SEH record
$+458 >|004D9212 SE handler
$+45C >|015CFF38
$+460 >|0127A2E4
$+464 >|02BD8764 ASCII "vnext:0"
$+468 >|00000000
$+46C >|00000000
$+470 >|00000170
$+474 >|0012FA00
$+478 >|00000236
$+47C >|584DDC00
$+480 >|01986B9C ASCII "cmdno 368 count 566"
$+484 >|00002710
$+488 >]015CFF58
$+48C >|004D8459 RETURN to main_dat.004D8459 from main_dat.004D8E40
$+490 >|015CFF60 Pointer to next SEH record
$+494 >|004D847B SE handler
$+498 >|015CFF58
$+49C >|01226BCC
$+4A0 >|018D90CC ASCII "ts:1"
$+4A4 >|07B24C07
$+4A8 >]015CFF70
$+4AC >|005021ED RETURN to main_dat.005021ED from main_dat.004D8350
$+4B0 >|015CFF78 Pointer to next SEH record
$+4B4 >|0050226D SE handler
$+4B8 >|015CFF70
$+4BC >|012B0318
$+4C0 >]015CFFA0
$+4C4 >|00423C53 RETURN to main_dat.00423C53
$+4C8 >|015CFF84 Pointer to next SEH record
$+A4 > 00000000
$+A8 > 00000000
$+AC > 00000038
$+B0 > 00000023
$+B4 > 00000023
$+B8 > 0060B060 main_dat.0060B060
$+BC > 039DC1C4
$+C0 > 012BD778
$+C4 > 039C000C
$+C8 > 0000004E
Log data, item 1
Address=004DFA90
Message=Access violation when reading [039DC1C4]
004DFA57 64:FF30 PUSH DWORD PTR FS:[EAX]
004DFA5A 64:8920 MOV FS:[EAX],ESP
004DFA5D 33C0 XOR EAX,EAX
004DFA5F 8945 FC MOV [EBP-4],EAX
004DFA62 A1 E01B5A00 MOV EAX,[5A1BE0] ;++
004DFA67 8338 00 CMP DWORD PTR [EAX],0
004DFA6A 0F8C 9F040000 JL 004DFF0F
004DFA70 A1 E01B5A00 MOV EAX,[5A1BE0]
004DFA75 6B00 27 IMUL EAX,[EAX],27
004DFA78 8B15 341D5A00 MOV EDX,[5A1D34] ; main_dat.0060B2EC
0050A90D A1 58F35900 MOV EAX,[59F358]
0050A912 3B05 58B06000 CMP EAX,[60B058]
0050A918 7C 12 JL SHORT 0050A92C
0050B179 A1 10B36000 MOV EAX,[60B310]
0050B17E 0105 58B06000 ADD [60B058],EAX
0050B184 A1 58B06000 MOV EAX,[60B058]
0050B47D 8B15 FCB26000 MOV EDX,[60B2FC]
0050B483 8B8482 B4FEFFFF MOV EAX,[EDX+EAX*4-14C]
0050B48A A3 58B06000 MOV [60B058],EAX
005A1368 58 B0 60 00 X.`.
68135a
004DFA67 main_dat Always CMP DWORD PTR [EAX],0
0050A7E0 main_dat Always MOV EAX,[5A1240]
0050A912 main_dat Always CMP EAX,[60B058]
00403EA1 E8 B6030000 CALL 0040425C
00403EA6 C3 RETN
00403EA7 90 NOP
00403EA8 85C0 TEST EAX,EAX
00403EAA 74 07 JE SHORT 00403EB3
00403EAC B2 01 MOV DL,1
00403EAE 8B08 MOV ECX,[EAX]
00403EB0 FF51 FC CALL [ECX-4]
00403EB3 C3 RETN
00403EB4 53 PUSH EBX
00403EB5 56 PUSH ESI
00403EB6 57 PUSH EDI
00403EB7 89C3 MOV EBX,EAX
DS:[01264414]=???
ECX=00000000
0050A904 833D 58F35900 0>CMP DWORD PTR [59F358],0 ; -1
004D8F43 MOV DWORD PTR [EAX],-1 11111111begin
004D90FF INC DWORD PTR [EAX] +++++222222222
0050A75F MOV DWORD PTR [59F358],-1 buuuuuuuuuuuug!!!
0050A904 CMP DWORD PTR [59F358],0 -1
0050A90D MOV EAX,[59F358] -1
0050A912 CMP EAX,[60B058] 0
004D90A0 A1 F41D5A00 MOV EAX,[5A1DF4]
004D90A5 66:C740 02 0000 MOV WORD PTR [EAX+2],0
004D90AB A1 EC1E5A00 MOV EAX,[5A1EEC]
004D90B0 33D2 XOR EDX,EDX
004D90B2 8910 MOV [EAX],EDX
004D90B4 A1 20075A00 MOV EAX,[5A0720] ;
004D90B9 8B00 MOV EAX,[EAX]
004D90BB 35 CD070000 XOR EAX,7CD
004D90C0 8B15 640F5A00 MOV EDX,[5A0F64] ; 12dec54
004D90C6 8B12 MOV EDX,[EDX]
004D90C8 3302 XOR EAX,[EDX]
004D90CA 8B15 AC175A00 MOV EDX,[5A17AC] ; 12dec50
004D90D0 8B12 MOV EDX,[EDX]
004D90D2 3B02 CMP EAX,[EDX]
004D90D4 EB 24 JMP SHORT 004D90FA
004D90D6 B8 E8030000 MOV EAX,3E8
004D90DB E8 C8A2F2FF CALL 004033A8
0057EF96 3345 EC XOR EAX,[EBP-14]
0057EF99 35 CD070000 XOR EAX,7CD
0057EF9E 8B15 20075A00 MOV EDX,[5A0720] ; main_dat.00739A1C
0057EFA4 8902 MOV [EDX],EAX
0057EFA6 8B45 FC MOV EAX,[EBP-4]
004D90F2 8B15 A41C5A00 MOV EDX,[5A1CA4] ; main_dat.0059FD70
004D90F8 8902 MOV [EDX],EAX
004033A8 53 PUSH EBX
004033A9 31DB XOR EBX,EBX
004033AB 6993 08C05900 05840808 IMUL EDX,[EBX+59C008],8088405
004033B5 42 INC EDX
004033B6 8993 08C05900 MOV [EBX+59C008],EDX
004033BC F7E2 MUL EDX
004033BE 89D0 MOV EAX,EDX
004033C0 5B POP EBX
004033C1 C3 RETN
004EF736 A1 40205A00 MOV EAX,[5A2040]
004EF73B 8B00 MOV EAX,[EAX]
004EF73D 8A80 95000000 MOV AL,[EAX+95] ; 取0x95
004EF743 8B15 6C0B5A00 MOV EDX,[5A0B6C]; 保存0x95
004EF749 8802 MOV [EDX],AL
004EF74B A1 6C0B5A00 MOV EAX,[5A0B6C]
004EF750 8A00 MOV AL,[EAX]
004EF752 34 61 XOR AL,61
004EF754 8B15 041C5A00 MOV EDX,[5A1C04] ; !!!!!!!!!!
004EF75A 3A02 CMP AL,[EDX]
004EF75C 75 24 JNZ SHORT 004EF782
004EF75E A1 40205A00 MOV EAX,[5A2040]
004EF763 8B00 MOV EAX,[EAX]
004EF765 8A80 9C000000 MOV AL,[EAX+9C] ;取0x9c
004EF76B 8B15 F0235A00 MOV EDX,[5A23F0] ;存0x9c
004EF771 8802 MOV [EDX],AL
004EF773 A1 F0235A00 MOV EAX,[5A23F0]
004EF778 8A00 MOV AL,[EAX]
004EF77A 8B15 B4165A00 MOV EDX,[5A16B4] ;存0x9c
004EF780 8802 MOV [EDX],AL
004EF782 8B45 F4 MOV EAX,[EBP-C] ; leb2
004EF785 8B00 MOV EAX,[EAX]
DS:[0070FF28]=47 ('G')
AL=54 ('T')
循环怪物
004DA888 C745 F8 0000000>MOV DWORD PTR [EBP-8],0
004DA88F 6B45 F8 43 IMUL EAX,[EBP-8],43
004DA893 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
004DA899 833C82 00 CMP DWORD PTR [EDX+EAX*4],0
004DA89D 74 62 JE SHORT 004DA901
004DA89F 6B45 F8 43 IMUL EAX,[EBP-8],43
004DA8A3 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
004DA8A9 837C82 50 00 CMP DWORD PTR [EDX+EAX*4+50],0
004DA8AE 75 51 JNZ SHORT 004DA901
004DA8B0 6B45 F8 43 IMUL EAX,[EBP-8],43
004DA8B4 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
004DA8BA 8A4482 2E MOV AL,[EDX+EAX*4+2E]
004DA8BE 04 FA ADD AL,0FA
004DA8C0 2C 03 SUB AL,3
004DA8C2 72 3D JB SHORT 004DA901
004DA8C4 6B45 F8 43 IMUL EAX,[EBP-8],43
004DA8C8 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
004DA8CE 0FB74482 32 MOVZX EAX,WORD PTR [EDX+EAX*4+32]
004DA8D3 50 PUSH EAX
004DA8D4 6B45 F8 43 IMUL EAX,[EBP-8],43
004DA8D8 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
004DA8DE 0FB74C82 30 MOVZX ECX,WORD PTR [EDX+EAX*4+30]
004DA8E3 8B15 1C0F5A00 MOV EDX,[5A0F1C] ; main_dat.006243C4
004DA8E9 0FB752 38 MOVZX EDX,WORD PTR [EDX+38]
004DA8ED A1 1C0F5A00 MOV EAX,[5A0F1C]
004DA8F2 0FB740 36 MOVZX EAX,WORD PTR [EAX+36]
004DA8F6 E8 25880200 CALL 00503120
004DA8FB 48 DEC EAX
004DA8FC 7F 03 JG SHORT 004DA901
004DA8FE FF45 F4 INC DWORD PTR [EBP-C]
004DA901 FF45 F8 INC DWORD PTR [EBP-8]
004DA904 FF4D E8 DEC DWORD PTR [EBP-18]
004DA907 ^ 75 86 JNZ SHORT 004DA88F
0050A5AD A1 40205A00 MOV EAX,[5A2040]
0050A5B2 8B00 MOV EAX,[EAX]
0050A5B4 8A40 78 MOV AL,[EAX+78]
0050A5B7 8B15 041C5A00 MOV EDX,[5A1C04] ; main_dat.0070FF28
0050A5BD 8802 MOV [EDX],AL
[EAX+95](0x35) xor 0x61 = (0x54) cmp [EAX+78](0x47) ok
[EAX+95](0x35) xor 0x61 cmp [EAX+8] xx
DS:[005A0F64]=005A88EC (main_dat.005A88EC)
DS:[005A17AC]=005A88DC (main_dat.005A88DC)
005A88EC
ec 88 5a 00
004C1403 8B45 FC MOV EAX,[EBP-4]
004C1406 05 A4010000 ADD EAX,1A4
004C140B 8B15 B00A5A00 MOV EDX,[5A0AB0] ; main_dat.00710428
004C1411 8902 MOV [EDX],EAX
004C1413 8B45 FC MOV EAX,[EBP-4]
[005A0AB0]=00710428
28 04 71 00
0053AB58 55 PUSH EBP
0053AB59 8BEC MOV EBP,ESP
0053AB5B 81C4 E8FEFFFF ADD ESP,-118
0053AB61 33D2 XOR EDX,EDX
0053AB63 8995 E8FEFFFF MOV [EBP-118],EDX
0053AB69 8955 EC MOV [EBP-14],EDX
0053AB6C 8955 F0 MOV [EBP-10],EDX
0053AB6F 8945 FC MOV [EBP-4],EAX
0053AB72 33C0 XOR EAX,EAX
0053AB74 55 PUSH EBP
0053AB75 68 41B05300 PUSH 0053B041
0053AB7A 64:FF30 PUSH DWORD PTR FS:[EAX]
0053AB7D 64:8920 MOV FS:[EAX],ESP
0053AB80 6B45 FC 43 IMUL EAX,[EBP-4],43
0053AB84 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0053AB8A C64482 2E 00 MOV BYTE PTR [EDX+EAX*4+2E],0
0053AB8F B8 54B05300 MOV EAX,0053B054 ; ASCII "PK"
0053AB94 E8 7BA4FCFF CALL 00505014
0053AB99 8945 F8 MOV [EBP-8],EAX
0053AB9C 837D F8 00 CMP DWORD PTR [EBP-8],0
0053ABA0 0F8C A3010000 JL 0053AD49
0053AB8F MOV EAX,53B054 PK
0058936A MOV EAX,5895EC PK
User-defined comments
Address Disassembly Comment
004CD5CC MOV EAX,[5A188C] 012DEE67
004CD5D6 MOV EDX,[5A1EA4] 012DEE6B
004CD5E8 JE SHORT 004CD646 pass
004CF5F1 MOV EAX,[5A149C] 012DEBD6
004CF5FC MOV EDX,[5A20D4] 012DEBEB
004CF606 JE SHORT 004CF61F pass
004D8F43 MOV DWORD PTR [EAX],-1 11111111begin
004D90B4 MOV EAX,[5A0720] 第3个数
004D90C0 MOV EDX,[5A0F64] 12dec54
004D90CA MOV EDX,[5A17AC] 12dec50
004D90D2 CMP EAX,[EDX] edx=12dec50
004D90FA MOV EAX,[5A1BE0] leb2
004D90FF INC DWORD PTR [EAX] +++++222222222
004DFB1E CALL 00405094 比较是不是stop
004EA253 MOV EAX,[5A1B58] 012DEE56
004EA264 MOV EDX,[EDX] 012DEE88
004EA268 JE SHORT 004EA273 pass
004EF73D MOV AL,[EAX+95] 保存0x95
004EF754 MOV EDX,[5A1C04] !!!!!!!!!!
004EF782 MOV EAX,[EBP-C] leb2
004EFA55 MOV EAX,[5A0AA4] 012DEE5C
004EFA5F MOV EDX,[5A18C8] 012DEE60
004EFA71 JE SHORT 004EFABB pass
0050A75F MOV DWORD PTR [59F358],-1 buuuuuuuuuuuug!!!
0050A904 CMP DWORD PTR [59F358],0 -1
0050A90D MOV EAX,[59F358] -1
0050A912 CMP EAX,[60B058] 0
0050A91F MOV EDI,0060AC58 (Initial CPU selection)
0050F8BE MOV EAX,[5A1F70] 012DEB87
0050F8C7 MOV EDX,[5A1544] 012DECC8
0050F8E1 JNZ SHORT 0050F8F4 !!!!!!!
00535D3A CALL 0053AB58 pk
0058E523 CALL 0053AB58 pk
00595BCF MOV EAX,00595CC4 服务器忙
00595BFC MOV EDX,00595CD8 与服务器出现连接错误:
0040ADBE DB45 F8 FILD DWORD PTR [EBP-8]
0040ADC1 D835 DCAD4000 FDIV DWORD PTR [40ADDC]
0040ADC7 8B45 08 MOV EAX,[EBP+8]
0040ADCA DD18 FSTP QWORD PTR [EAX]
00535D32 E8 51D4ECFF CALL 00403188
00535D37 8B45 FC MOV EAX,[EBP-4]
00535D3A E8 194E0000 CALL 0053AB58 ; pk
00535D3F 6A 00 PUSH 0
;怪物和PK比较。。
00505056 8D45 EC LEA EAX,[EBP-14]
00505059 8B55 F4 MOV EDX,[EBP-C]
0050505C 8BCA MOV ECX,EDX
0050505E C1E2 05 SHL EDX,5
00505061 2BD1 SUB EDX,ECX
00505063 8B0D A41A5A00 MOV ECX,[5A1AA4] ; main_dat.00642920
00505069 8B09 MOV ECX,[ECX]
0050506B 8D1451 LEA EDX,[ECX+EDX*2]
0050506E E8 81FEEFFF CALL 00404EF4
00505073 8B45 EC MOV EAX,[EBP-14]
00505076 8B55 FC MOV EDX,[EBP-4]
00505079 E8 1600F0FF CALL 00405094
0050507E 75 08 JNZ SHORT 00505088
00505080 8B45 F4 MOV EAX,[EBP-C]
00505083 8945 F8 MOV [EBP-8],EAX
00505086 EB 08 JMP SHORT 00505090
00505088 FF45 F4 INC DWORD PTR [EBP-C]
0050508B FF4D F0 DEC DWORD PTR [EBP-10]
0050508E ^ 75 C6 JNZ SHORT 00505056
00505032 64:FF30 PUSH DWORD PTR FS:[EAX]
00505035 64:8920 MOV FS:[EAX],ESP
00505038 C745 F8 FFFFFFF>MOV DWORD PTR [EBP-8],-1
0050503F A1 50185A00 MOV EAX,[5A1850]
00505044 8B00 MOV EAX,[EAX]
00505046 48 DEC EAX
00505047 85C0 TEST EAX,EAX
00505049 7C 45 JL SHORT 00505090
0050504B 40 INC EAX
0050504C 8945 F0 MOV [EBP-10],EAX
0050504F C745 F4 0000000>MOV DWORD PTR [EBP-C],0
00505056 8D45 EC LEA EAX,[EBP-14]
00505059 8B55 F4 MOV EDX,[EBP-C]
[005A1850]=0064291C
0064291C=A6
0055692A E8 65E7EAFF CALL 00405094
0055692F 75 16 JNZ SHORT 00556947
0058ED80 55 PUSH EBP
0058ED81 8BEC MOV EBP,ESP
...
0058EDBE 8B15 C8115A00 MOV EDX,[5A11C8] ; main_dat.00624158
0058EDC4 8B12 MOV EDX,[EDX]
0058EDC6 A1 041F5A00 MOV EAX,[5A1F04]
0058EDCB B9 0CEE5800 MOV ECX,0058EE0C ; ASCII "setting\牛妹_3\"
0058EDD0 E8 C761E7FF CALL 00404F9C
0058EDD5 E8 AA6EFBFF CALL 00545C84
0058EDDA 33C0 XOR EAX,EAX
0058ED80
80 ed 58 00
00545C84 55 PUSH EBP
00545C85 8BEC MOV EBP,ESP
00545C87 B9 62000000 MOV ECX,62
00545C8C 6A 00 PUSH 0
00545C8E 6A 00 PUSH 0
00545C90 49 DEC ECX
00545C91 ^ 75 F9 JNZ SHORT 00545C8C
00545C93 51 PUSH ECX
00545C94 33C0 XOR EAX,EAX
00545C96 55 PUSH EBP
00545C97 68 B35F5400 PUSH 00545FB3
00545C9C 64:FF30 PUSH DWORD PTR FS:[EAX]
00545C9F 64:8920 MOV FS:[EAX],ESP
00545CA2 33C0 XOR EAX,EAX
00545CA4 8985 24FEFFFF MOV [EBP-1DC],EAX
00545CAA A1 50185A00 MOV EAX,[5A1850]
00545CAF 33D2 XOR EDX,EDX
00545CB1 8910 MOV [EAX],EDX
00545CB3 FF15 B0084000 CALL [4008B0]
00545CB9 8B12 MOV EDX,[EDX]
00545CBB 8D85 18FEFFFF LEA EAX,[EBP-1E8]
00545CC1 B9 C85F5400 MOV ECX,00545FC8 ; ASCII "NpcSet.ini"
0052601C 6B45 F0 43 IMUL EAX,[EBP-10],43
00526020 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
00526026 807C82 2F 01 CMP BYTE PTR [EDX+EAX*4+2F],1 ; 比较是不是人在打你
0064280C 20 0C 68 1A 08 B4 F8 B5 B6 BB A4 CE C0 5C BC 74 .h...?...卫\剪
0064281C C3 FB A1 EF CD F5 B3 AF 28 C9 B3 B0 CD BF CB 29 名.锿醭?沙.涂?
0064282C 5C 5B C8 CB C8 CB B0 AE 20 B5 C4 D5 C9(18)07 00 \[人人.?的丈...
User-defined comments
Address Disassembly Comment
004A4E61 MOV EAX,[EBP-14] 循环判断怪物属性
004A4E7E MOV EDX,[EBP-4] 00610438
004A4E95 MOV ECX,[EBP-4] 00610438
004A4EA9 MOV ECX,[EBP-8] 0061A078
004A4EAC MOV [ECX+EDX],AL 保存怪物类型
004CD5CC MOV EAX,[5A188C] 012DEE67
004CD5D6 MOV EDX,[5A1EA4] 012DEE6B
004CD5E8 JE SHORT 004CD646 pass
004CE16F MOV EAX,004CE524 发现怪物变成宝宝。停止攻击
004CE1C7 MOV EAX,004CE548 发现对方名字变白,停止攻击
004CE474 MOV EAX,004CE594 连续攻击发现对方不掉血
004CF5F1 MOV EAX,[5A149C] 012DEBD6
004CF5FC MOV EDX,[5A20D4] 012DEBEB
004CF606 JE SHORT 004CF61F pass
004D8F43 MOV DWORD PTR [EAX],-1 11111111begin
004D90B4 MOV EAX,[5A0720] 第3个数
004D90C0 MOV EDX,[5A0F64] 12dec54
004D90CA MOV EDX,[5A17AC] 12dec50
004D90D2 CMP EAX,[EDX] edx=12dec50
004D90FA MOV EAX,[5A1BE0] leb2
004D90FF INC DWORD PTR [EAX] +++++222222222
004DFB1E CALL 00405094 比较是不是stop
004EA253 MOV EAX,[5A1B58] 012DEE56
004EA264 MOV EDX,[EDX] 012DEE88
004EA268 JE SHORT 004EA273 pass
004EF73D MOV AL,[EAX+95] 保存0x95
004EF754 MOV EDX,[5A1C04] !!!!!!!!!!
004EF782 MOV EAX,[EBP-C] leb2
004EFA55 MOV EAX,[5A0AA4] 012DEE5C
004EFA5F MOV EDX,[5A18C8] 012DEE60
004EFA71 JE SHORT 004EFABB pass
00504FA7 MOV EDX,00505008 带刀护卫
0050A75F MOV DWORD PTR [59F358],-1 buuuuuuuuuuuug!!!
0050A904 CMP DWORD PTR [59F358],0 -1
0050A90D MOV EAX,[59F358] -1
0050A912 CMP EAX,[60B058] 0
0050F8BE MOV EAX,[5A1F70] 012DEB87
0050F8C7 MOV EDX,[5A1544] 012DECC8
0050F8E1 JNZ SHORT 0050F8F4 !!!!!!!
005252B1 CALL 00403188 复制人物名字
005252C2 MOV [EDX+2D],AL 关键1
00525481 CALL 0052F638 人物数据!!!!!!!!
00525E09 MOV EAX,[EBP-24] (Initial CPU selection)
0052600D MOV EAX,0052D5A4 发现卫士在扁你..逃离.
00526026 CMP BYTE PTR [EDX+EAX*4+2F],1 比较是不是人在打你
00526638 PUSH 0052D630 出现
0052695C MOV EDX,0052D670 宝宝:干掉一个
00526A37 MOV EDX,0052D690 被宝宝杀死
00527331 MOV EAX,0052D6E0 物品信息数据丢失!
0052F83C CALL 0052FD80 判断出现的怪物的种类
0052F84B MOV [ECX+EDX*4+2F],AL !!!!!!!!!!写人物
00535D3A CALL 0053AB58 pk
00535D9A CALL 005027C0 打印某某PK
005893F2 CMP AL,[EDX-11] 循环比较内容是否有:
00589459 MOV EAX,005895F8 你对
005894B6 MOV EAX,00589614 /
005894F3 MOV EAX,00589620 _
00589530 MOV EAX,0058962C -
0058979B CALL 00404F50 计算时间长度
005897A6 CALL 00404F50 计算内容长度
005897B6 CMP BYTE PTR [EAX+EDX],5B 0x5b = [
005897CD CALL 005892DC 比较是否是pk
0058E523 CALL 0053AB58 pk
00595BCF MOV EAX,00595CC4 服务器忙
00595BFC MOV EDX,00595CD8 与服务器出现连接错误:
0052E6CE 6A 00 PUSH 0
0052E6D0 B8 60A06100 MOV EAX,0061A060
0052E6D5 8B4D E8 MOV ECX,[EBP-18]
0052E6D8 33D2 XOR EDX,EDX
0052E6DA E8 7161FFFF CALL 00524850 ; 1111111111
0052E6DF ^ E9 41FEFFFF JMP 0052E525
;解码
0052E656 B9 60A06100 MOV ECX,0061A060
0052E65B 8B45 F0 MOV EAX,[EBP-10]
0052E65E 05 1D046100 ADD EAX,0061041D
0052E663 33D2 XOR EDX,EDX
0052E665 E8 9A69F7FF CALL 004A5004
;人物属性
005252B6 8B45 F8 MOV EAX,[EBP-8]
005252B9 8A40 0C MOV AL,[EAX+C]
005252BC 8B15 3C1F5A00 MOV EDX,[5A1F3C] ; main_dat.0064280C
005252C2 8842 2D MOV [EDX+2D],AL ; 关键1
////////////////////////////////////////////////////////////
Call stack of thread 00000858
Address Stack Procedure / arguments Called from Frame
01FFFF3C 004D8459 ? main_dat.004D8E40 main_dat.004D8454 01FFFF38
01FFFF5C 005021ED ? main_dat.004D8350 main_dat.005021E8 01FFFF58
01FFFF74 00423C53 Includes main_dat.005021ED main_dat.00423C50 01FFFF70
004DFA89 8BF9 MOV EDI,ECX
004DFA8B B9 4E000000 MOV ECX,4E
004DFA90 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [E>; 异常!!!!!!!!
004DFA92 A1 BC075A00 MOV EAX,[5A07BC]
004DFA97 66:83B8 3401000>CMP WORD PTR [EAX+134],0
ECX=0000004E (decimal 78.)
DS:[ESI]=[01D5A3A4]=???
ES:[EDI]=[0060B060]=00160000
004DFA75 6B00 27 IMUL EAX,[EAX],27
004DFA78 8B15 341D5A00 MOV EDX,[5A1D34] ; 怀疑地址出错
004DFA7E 8B12 MOV EDX,[EDX]
004DFA80 8B0D BC075A00 MOV ECX,[5A07BC] ; main_dat.0060B060
004DFA86 8D34C2 LEA ESI,[EDX+EAX*8]
004DFA89 8BF9 MOV EDI,ECX
004DFA8B B9 4E000000 MOV ECX,4E
004DFA90 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [E>; 异常!!!!!!!!
004DFA92 A1 BC075A00 MOV EAX,[5A07BC]
20 20 20 20 20 B5 C8 B4 FD 5B 31 30 30 30 5D BA C1 C3 EB 00 1E
Call stack of main thread
Address Stack Procedure / arguments Called from Frame
0012FA74 0040633E main_dat.004061A8 main_dat.00406339 0012FA70
0012FA7C 0050A3BA main_dat.00406334 main_dat.0050A3B5 0012FC18
0012FC1C 0050A576 ? main_dat.0050A154 main_dat.0050A571 0012FC18
0012FC34 00586FEE main_dat.0050A548 main_dat.00586FE9 0012FC30
00406326 8B45 FC MOV EAX,[EBP-4]
00406329 8918 MOV [EAX],EBX
0040632B 5F POP EDI
User-defined comments
Address Disassembly Comment
004A4E61 MOV EAX,[EBP-14] 循环判断怪物属性
004A4E7E MOV EDX,[EBP-4] 00610438
004A4E95 MOV ECX,[EBP-4] 00610438
004A4EA9 MOV ECX,[EBP-8] 0061A078
004A4EAC MOV [ECX+EDX],AL 保存怪物类型
004CD5CC MOV EAX,[5A188C] 012DEE67
004CD5D6 MOV EDX,[5A1EA4] 012DEE6B
004CD5E8 JE SHORT 004CD646 pass
004CE16F MOV EAX,004CE524 发现怪物变成宝宝。停止攻击
004CE1C7 MOV EAX,004CE548 发现对方名字变白,停止攻击
004CE474 MOV EAX,004CE594 连续攻击发现对方不掉血
004CF5F1 MOV EAX,[5A149C] 012DEBD6
004CF5FC MOV EDX,[5A20D4] 012DEBEB
004CF606 JE SHORT 004CF61F pass
004D8F43 MOV DWORD PTR [EAX],-1 11111111begin
004D90B4 MOV EAX,[5A0720] 第3个数
004D90C0 MOV EDX,[5A0F64] 12dec54
004D90CA MOV EDX,[5A17AC] 12dec50
004D90D2 CMP EAX,[EDX] edx=12dec50
004D90FA MOV EAX,[5A1BE0] leb2
004D90FF INC DWORD PTR [EAX] +++++222222222
004DFA78 MOV EDX,[5A1D34] 怀疑地址出错
004DFA80 MOV ECX,[5A07BC] 保存地址
004DFA90 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [E 异常!!!!!!!!
004DFB1E CALL 00405094 比较是不是stop
004EA253 MOV EAX,[5A1B58] 012DEE56
004EA264 MOV EDX,[EDX] 012DEE88
004EA268 JE SHORT 004EA273 pass
004EF73D MOV AL,[EAX+95] 保存0x95
004EF754 MOV EDX,[5A1C04] !!!!!!!!!!
004EF782 MOV EAX,[EBP-C] leb2
004EFA55 MOV EAX,[5A0AA4] 012DEE5C
004EFA5F MOV EDX,[5A18C8] 012DEE60
004EFA71 JE SHORT 004EFABB pass
00504FA7 MOV EDX,00505008 带刀护卫
0050A3B5 CALL 00406334 分配地址!!!!!!!!!!!!
0050A458 CALL 00406334 设置地址!!!!!!!!1
0050A75F MOV DWORD PTR [59F358],-1 buuuuuuuuuuuug!!!
0050A904 CMP DWORD PTR [59F358],0 -1
0050A90D MOV EAX,[59F358] -1
0050A912 CMP EAX,[60B058] 0
0050F8BE MOV EAX,[5A1F70] 012DEB87
0050F8C7 MOV EDX,[5A1544] 012DECC8
0050F8E1 JNZ SHORT 0050F8F4 !!!!!!!
005252B1 CALL 00403188 复制人物名字
005252C2 MOV [EDX+2D],AL 关键1
00525481 CALL 0052F638 人物数据!!!!!!!!
0052600D MOV EAX,0052D5A4 发现卫士在扁你..逃离.
00526026 CMP BYTE PTR [EDX+EAX*4+2F],1 比较是不是人在打你
00526638 PUSH 0052D630 出现
0052695C MOV EDX,0052D670 宝宝:干掉一个
00526A37 MOV EDX,0052D690 被宝宝杀死
00527331 MOV EAX,0052D6E0 物品信息数据丢失!
0052E656 MOV ECX,0061A060 dst
0052E65E ADD EAX,0061041D src
0052E665 CALL 004A5004 解码收到的信息
0052E6DA CALL 00524850 1111111111
0052F83C CALL 0052FD80 判断出现的怪物的种类
0052F84B MOV [ECX+EDX*4+2F],AL !!!!!!!!!!写人物
00535D3A CALL 0053AB58 pk
00535D9A CALL 005027C0 打印某某PK
005893F2 CMP AL,[EDX-11] 循环比较内容是否有:
00589459 MOV EAX,005895F8 你对
005894B6 MOV EAX,00589614 /
005894F3 MOV EAX,00589620 _
00589530 MOV EAX,0058962C -
0058979B CALL 00404F50 计算时间长度
005897A6 CALL 00404F50 计算内容长度
005897B6 CMP BYTE PTR [EAX+EDX],5B 0x5b = [
005897CD CALL 005892DC 比较是否是pk
0058E523 CALL 0053AB58 pk
00595BCF MOV EAX,00595CC4 服务器忙
00595BFC MOV EDX,00595CD8 与服务器出现连接错误:
00595C60 JE SHORT 00595C77 (Initial CPU selection)
016CFAA8 016CFAB0
016CFAAC 016CFACC
016CFAB0 C0000005
016CFAB4 00000000
$+B4 > 00000023
$+B8 > 0060B060 main_dat.0060B060
$+BC > 02294F30
0060B060 0000 ADD [EAX],AL
0060B062 16 PUSH SS
0060B063 0010 ADD [EAX],DL
0060B065 0000 ADD [EAX],AL
0060B067 00A3 00000000 ADD [EBX],AH
016CFAA8 016CFAB0
016CFAAC 016CFACC
016CFAB0 C0000005
016CFAB4 00000000
016CFAB8 00000000
016CFABC 004DFA90 main_dat.004DFA90
016CFAC0 00000002
016CFAC4 00000000
016CFAC8 02294F30
016CFACC 0001003F
016CFAD0 00000000
016CFAD4 00000000
016CFAD8 00000000
016CFADC 00000000
016CFAE0 00000000
016CFAE4 00000000
016CFAE8 FFFF1372
016CFAEC FFFF0120
016CFAF0 FFFFFFFF
016CFAF4 00503762 main_dat.00503762
016CFAF8 040F001B
016CFAFC 016CFDCC
016CFB00 FFFF0023
016CFB04 001D0B4E
016CFB08 00000047
016CFB0C 00470000 main_dat.00470000
016CFB10 BAAC0000
016CFB14 FA980123
016CFB18 77DFB9CC user32.77DFB9CC
016CFB1C 001D0B4E
016CFB20 FD1C0047
016CFB24 00010012 UNICODE "LLUSERSPROFILE=C:\Documents and Settings\All Users"
016CFB28 FC080000
016CFB2C 77DFB9CC user32.77DFB9CC
016CFB30 001D0B4E
016CFB34 FD1C0047
016CFB38 FC080012
016CFB3C BAAC0012
016CFB40 00000000
016CFB44 80000000
016CFB48 00003FFF
016CFB4C 00000000
016CFB50 4006C900
016CFB54 00000000
016CFB58 00000000
016CFB5C 00000038
016CFB60 00000023
016CFB64 00000023
016CFB68 0060B060 main_dat.0060B060
016CFB6C 02294F30
016CFB70 0125E3C0
016CFB74 0226B218
016CFB78 0000004E
016CFB7C 000053A3
016CFB80 016CFEFC
016CFB84 004DFA90 main_dat.004DFA90
016CFB88 0000001B
016CFB8C 00010206 UNICODE "nts and Settings\Administrator"
016CFB90 016CFD98
016CFB94 00000023
016CFB98 01201372
016CFB9C 040F0000
016CFBA0 00503762 main_dat.00503762
016CFBA4 0000001B
016CFBA8 016CFDCC
016CFBAC 00000023
016CFBB0 00001F80
016CFBB4 0000FFFF
016CFBB8 001D0B4E
016CFBBC 00000047
016CFBC0 00000000
016CFBC4 00000000
016CFBC8 00000047
016CFBCC 0123BAAC ASCII "xcJ"
016CFBD0 0000FA98
016CFBD4 00000000
016CFBD8 77DFB9CC user32.77DFB9CC
016CFBDC 001D0B4E
016CFBE0 00000047
016CFBE4 00000000
016CFBE8 0012FD1C
016CFBEC 00000001
016CFBF0 0000FC08
016CFBF4 00000000
016CFBF8 77DFB9CC user32.77DFB9CC
016CFBFC 001D0B4E
016CFC00 00000047
016CFC04 00000000
016CFC08 0012FD1C
016CFC0C 0012FC08
016CFC10 0000BAAC
016CFC14 00000000
016CFC18 00000000
016CFC1C 80000000
016CFC20 00003FFF
016CFC24 00000000
016CFC28 00000000
016CFC2C C9000000
016CFC30 00004006
016CFC34 00000000
016CFC38 0012FC8C
016CFC3C 0044D41F RETURN to main_dat.0044D41F
016CFC40 0012FC8C
016CFC44 0012FC8C
016CFC48 0123BAAC ASCII "xcJ"
016CFC4C 0012FC8C
016CFC50 00000000
016CFC54 00450C7F RETURN to main_dat.00450C7F from main_dat.0044DAFC
016CFC58 00450000 main_dat.00450000
016CFC5C 00000083
016CFC60 0123B7E4
016CFC64 0012FC8C
016CFC68 0044D41F RETURN to main_dat.0044D41F
016CFC6C 00000083
016CFC70 0012FC8C
016CFC74 0123B7E4
016CFC78 0001D7B0
016CFC7C 00000080
016CFC80 00000000
016CFC84 00000001
016CFC88 0012FC68
016CFC8C 00402DA4 main_dat.00402DA4
016CFC90 00402CF8 main_dat.00402CF8
016CFC94 00402D34 main_dat.00402D34
016CFC98 00402D84 main_dat.00402D84
016CFC9C 00000000
016CFCA0 00000000
016CFCA4 00000000
016CFCA8 00000000
016CFCAC 00000000
016CFCB0 00000000
016CFCB4 00000000
016CFCB8 00000000
016CFCBC 775C3A45
016CFCC0 71635C67
016CFCC4 63393931
016CFCC8 7465735C
016CFCCC 676E6974
016CFCD0 6665645C
016CFCD4 746C7561
016CFCD8 63706E5C
016CFCDC 696E692E
016CFCE0 00000000
016CFCE4 00000000
016CFCE8 00000000
016CFCEC 00000000
016CFCF0 00000000
016CFCF4 00000000
016CFCF8 00000000
016CFCFC 00000000
016CFD00 00000000
016CFD04 00000000
016CFD08 00000000
016CFD0C 00000000
016CFD10 00000000
016CFD14 00000000
016CFD18 00000000
016CFD1C 0012FC00
016CFD20 004502B0 RETURN to main_dat.004502B0 from main_dat.0044D294
016CFD24 00000000
016CFD28 00000000
016CFD2C 00000000
016CFD30 00000000
016CFD34 0012FD90
016CFD38 0012FD90
016CFD3C 01230684
016CFD40 0044D1EF RETURN to main_dat.0044D1EF
016CFD44 0043E2F4 main_dat.0043E2F4
016CFD48 0012FC6C
016CFD4C 0044D16B RETURN to main_dat.0044D16B
016CFD50 0012FC0C
016CFD54 0012FC08
016CFD58 00000000
016CFD5C 00000000
016CFD60 00000000
016CFD64 00000000
016CFD68 0012FC34
016CFD6C 0122D15C
016CFD70 0122D101
016CFD74 0044D05D RETURN to main_dat.0044D05D from main_dat.0044D0F4
016CFD78 0012FC38
016CFD7C 0012FC70
016CFD80 0122D15C
016CFD84 00000000
016CFD88 0044D780 RETURN to main_dat.0044D780 from main_dat.0044D034
016CFD8C 00000288
016CFD90 00000099
016CFD94 00000288
016CFD98 016CFF04 Pointer to next SEH record
016CFD9C 004DFF47 SE handler
016CFDA0 016CFEFC
016CFDA4 0012FA34
016CFDA8 77DFBA44 RETURN to user32.77DFBA44 from user32.77DF48C4
016CFDAC 0125E3C0
016CFDB0 00000000
016CFDB4 00000000
Log data, item 187
Address=004DFA90
Message=Access violation when reading [02294F30]
Log data, item 1
Address=0050A416
Message=Access violation when writing to [015D60B0]
004DFA8B B9 4E000000 MOV ECX,4E
004DFA90 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [ESI] ; 异常!!!!!!!!
004DFA92 A1 BC075A00 MOV EAX,[5A07BC]
004DFA97 66:83B8 3401000>CMP WORD PTR [EAX+134],0
0050A411 B9 4E000000 MOV ECX,4E
0050A416 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [ESI] ; 异常!!!!!!!!
0050A418 6B05 58B06000 0>IMUL EAX,[60B058],0B
004E94D4 A1 08185A00 MOV EAX,[5A1808]
004E94D9 8B00 MOV EAX,[EAX]
004E94DB 8B15 581B5A00 MOV EDX,[5A1B58] ; main_dat.005A90F4
004E94E1 3B02 CMP EAX,[EDX]
004E94E3 74 17 JE SHORT 004E94FC
004E94E5 A1 581B5A00 MOV EAX,[5A1B58]
004E94EA 8B00 MOV EAX,[EAX]
004E94EC 8A00 MOV AL,[EAX]
004E94EE 34 2E XOR AL,2E
004E94F0 8B15 08185A00 MOV EDX,[5A1808] ; main_dat.005A91BC
004E94F6 8B12 MOV EDX,[EDX]
004E94F8 3A02 CMP AL,[EDX]
004E94FA 74 0B JE SHORT 004E9507
004E94FC A1 A01E5A00 MOV EAX,[5A1EA0]
004E9501 C700 02000000 MOV DWORD PTR [EAX],2
004E9507 A1 100E5A00 MOV EAX,[5A0E10]
004E950C 33D2 XOR EDX,EDX
004E950E 8910 MOV [EAX],EDX
004E9510 C745 EC 0400000>MOV DWORD PTR [EBP-14],4
004E9517 A1 EC1C5A00 MOV EAX,[5A1CEC]
004E94D4 A1 08185A00 MOV EAX,[5A1808]
004E94D9 8B00 MOV EAX,[EAX]
004E94DB 8B15 581B5A00 MOV EDX,[5A1B58] ; main_dat.005A90F4
004E94E1 3B02 CMP EAX,[EDX]
DS:[005A90F4]=0130A806
EAX=0130A838
0050A3AF 8B15 60245000 MOV EDX,[502460] ; main_dat.00502464
0050A3B5 E8 7ABFEFFF CALL 00406334 ; 分配地址!!!!!!!!!!!!
0050A3BA 83C4 04 ADD ESP,4
004DFA70 A1 E01B5A00 MOV EAX,[5A1BE0]
004DFA75 6B00 27 IMUL EAX,[EAX],27
004DFA78 8B15 341D5A00 MOV EDX,[5A1D34] ; 怀疑地址出错
004DFA7E 8B12 MOV EDX,[EDX]
004DFA80 8B0D BC075A00 MOV ECX,[5A07BC] ; 保存地址
004DFA86 8D34C2 LEA ESI,[EDX+EAX*8] ; esi出错
004D90F2 8B15 A41C5A00 MOV EDX,[5A1CA4] ; main_dat.0059FD70
004D90F8 8902 MOV [EDX],EAX
004E2B40 A1 5C155A00 MOV EAX,[5A155C]
004E2B45 8B00 MOV EAX,[EAX]
004E2B47 BA 80808000 MOV EDX,808080
004E2B4C E8 277D0200 CALL 0050A878
004E2B51 EB 11 JMP SHORT 004E2B64
004E2B53 A1 5C155A00 MOV EAX,[5A155C]
0050A8CF A3 4CAD6000 MOV [60AD4C],EAX
0050A8D4 837D FC 00 CMP DWORD PTR [EBP-4],0
00585BB8 8B15 B4145A00 MOV EDX,[5A14B4] ; main_dat.0060AD4C
00585BBE 8B12 MOV EDX,[EDX]
00585BC0 33C9 XOR ECX,ECX
00585BC2 E8 F9CBF7FF CALL 005027C0
DS:[0060AD4C]=00808080
EDX=0060AD4C (main_dat.0060AD4C)
004D8FCC A1 480C5A00 MOV EAX,[5A0C48]
004D8FD1 8338 00 CMP DWORD PTR [EAX],0 ; -1
004D8FD4 7C 7B JL SHORT 004D9051
20:23:33 OK
20:23:33 当前脚本:边打边走到(抉择之地,271,107)
20:23:34 OK
20:23:34 当前脚本:边打边走到(抉择之地,240,95)
005184E9 8B15 701E5A00 MOV EDX,[5A1E70] ; main_dat.0073B3B0
005184EF 8B4482 18 MOV EAX,[EDX+EAX*4+18]
005184F3 3B45 FC CMP EAX,[EBP-4] ; main_dat.00750013
005184F6 75 08 JNZ SHORT 00518500
005184F8 8B45 F4 MOV EAX,[EBP-C]
Log data, item 1
Address=004A0AE5
Message=Access violation when reading [00642B3D]
Log data, item 29
Address=004DFA90
Message=Access violation when reading [01F0B0A4]
DS:[0059F358]=0000022E
004DFA62 A1 E01B5A00 MOV EAX,[5A1BE0]
0052F82E 8B95 D4FEFFFF MOV EDX,[EBP-12C]
0052F834 33C0 XOR EAX,EAX
0052F836 8A85 09FFFFFF MOV AL,[EBP-F7]
0052F83C E8 3F050000 CALL 0052FD80 ; 判断出现的怪物的种类,edx=出现的怪物名字
0052F841 6B55 FC 43 IMUL EDX,[EBP-4],43
0052F845 8B0D 8C0B5A00 MOV ECX,[5A0B8C] ; main_dat.00635594
0052F84B 884491 2F MOV [ECX+EDX*4+2F],AL ; !!!!!!!!!!写人物al=1(怪物)2(人物)3(NPC)
0052F84F 6B45 FC 43 IMUL EAX,[EBP-4],43
0052F853 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0052F859 807C82 2F 00 CMP BYTE PTR [EDX+EAX*4+2F],0
0052F85E 75 3A JNZ SHORT 0052F89A
0052F860 6B45 FC 43 IMUL EAX,[EBP-4],43
0035ADD0 C3 RETN
0035ADD1 FF35 34F35900 PUSH DWORD PTR [59F334] ; main_dat.00502344
0035ADD7 68 9FB75000 PUSH 50B79F
0035ADDC C3 RETN
00400EE0 BC AD 35 00 C3 AD 35 00 CA AD 35 00 D1 AD 35 00 ?5.?5.?5.?5.
00400EF0 DD AD 35 00 E4 AD 35 00 EB AD 35 00 F2 AD 35 00 ?5.?5.?5.?5.
400EEC
0052F7F7 FF15 08054000 CALL [400508]
CALL [400EEC]
EC0E4000
0050B799 - FF25 EC0E4000 JMP [400EEC]
0035ADD0 C3 RETN
0035ADD1 FF35 34F35900 PUSH DWORD PTR [59F334] ; main_dat.00502344
0035ADD7 68 9FB75000 PUSH 50B79F
0035ADDC C3 RETN
Stack SS:[0012F6ED]=00
AL=00
0064280C D4 64 44 2C 07 74 65 6D 70 30 32 61 00 00 00 00 凿D,.temp02a....
0064281C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0064282C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 ................
0064283C B2 00 46 01 00 00 00 00 00 00 00 00 06 00 00 00 ..F.............
0064280C D4 64 44 2C 07 74 65 6D 70 30 32 61 00 00 00 00 凿D,.temp02a....
0064281C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0064282C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 ................
0064283C B2 00 46 01 00 00 00 00 00 00 00 00 06 00 00 00 ..F.............
$-FC > 00000000
$-F8 > 00070000
$-F4 > 014600B2
00635594 D4 64 44 2C 07 74 65 6D 70 30 32 61 00 00 00 00 凿D,.temp02a....
006355A4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
006355B4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 01 ................
006355C4 B2 00 46 01 00 00 00 00 00 00 00 00 06 00 00 00 ..F.............
004D90EF 83C0 0C ADD EAX,0C
004D90F2 8B15 A41C5A00 MOV EDX,[5A1CA4] ; main_dat.0059FD70
004D90F8 8902 MOV [EDX],EAX
004E82F2 8B00 MOV EAX,[EAX]
004E82F4 48 DEC EAX
004E82F5 85C0 TEST EAX,EAX
004E82F7 7C 4E JL SHORT 004E8347
MOV EAX,[EAX]
DEC EAX
<抉择之地>
let k1=88
边打边走到(抉择之地,16,163)
边打边走到(抉择之地,69,63)0x22c
边打边走到(抉择之地,119,32)0x22d
边打边走到(抉择之地,117,174)0x22e
边打边走到(抉择之地,102,223)0x22f
边打边走到(抉择之地,163,234)0x230
边打边走到(抉择之地,119,139)
边打边走到(抉择之地,183,113)
边打边走到(抉择之地,215,127)
边打边走到(抉择之地,191,274)
边打边走到(抉择之地,237,242)
边打边走到(抉择之地,278,206)
边打边走到(抉择之地,271,107)
边打边走到(抉择之地,240,95)
跳转到标记<抉择之地>
send
CALL 004A579C
004BACAB 50 PUSH EAX
004BACAC E8 EBAAFEFF CALL <JMP.&wsock32.send>
004BACB1 8BC8 MOV ECX,EAX
004BADFA 50 PUSH EAX
004BADFB E8 9CA9FEFF CALL <JMP.&wsock32.send>
004BAE00 8945 F8 MOV [EBP-8],EAX
01EF9FC8
01EF9FC8
2
call 004BAC18 55 PUSH EBP
004C757B E8 2038FFFF CALL 004BADA0
Call stack of thread 0000092C
Address Stack Procedure / arguments Called from Frame
016CFF00 004D9159 ? main_dat.004DFA3C main_dat.004D9154 016CFEFC
016CFF3C 004D8459 ? main_dat.004D8E40 main_dat.004D8454 016CFF38
016CFF5C 005021ED ? main_dat.004D8350 main_dat.005021E8 016CFF58
016CFF74 00423C53 Includes main_dat.005021ED main_dat.00423C50 016CFF70
[005A937C]=0125DEBC
Call stack of thread 0000092C
Address Stack Procedure / arguments Called from Frame
016CFD14 004061A5 main_dat.00406454 main_dat.004061A0 016CFD48
016CFD18 004061DC main_dat.004061A0 main_dat.004061D7 016CFD48
016CFD4C 0040633E main_dat.004061A8 main_dat.00406339 016CFD48
016CFD50 016CFD58 Arg1 = 016CFD58
016CFD54 0050A78B main_dat.00406334 main_dat.0050A786 016CFD6C
016CFD5C 0050A559 main_dat.0050A72C main_dat.0050A554 016CFD6C
016CFD70 004E20D1 ? main_dat.0050A548 main_dat.004E20CC 016CFD6C
016CFD98 004E1CBC ? main_dat.004E1F24 main_dat.004E1CB7 016CFD94
016CFDD4 004E069F ? main_dat.004E19FC main_dat.004E069A 016CFDD0
016CFE4C 004D89D5 ? main_dat.004E027C main_dat.004D89D0 016CFE48
016CFF3C 004D8443 ? main_dat.004D84A8 main_dat.004D843E 016CFF38
016CFF5C 005021ED ? main_dat.004D8350 main_dat.005021E8 016CFF58
016CFF74 00423C53 Includes main_dat.005021ED main_dat.00423C50 016CFF70
Call stack of main thread
Address Stack Procedure / arguments Called from Frame
0012FE3C 004BA577 Includes main_dat.004BB130 main_dat.004BA574 0012FE48
0012FE4C 004BB0FC Includes main_dat.004BA577 main_dat.004BB0F9 0012FE48
0012FE70 0042517E Includes main_dat.004BB0FC main_dat.0042517C 0012FE6C
0012FE88 77E1A420 Includes main_dat.0042517E user32.77E1A41D 0012FE84
0012FEA8 77DF4605 user32.77E1A408 user32.77DF4600 0012FEA4
0012FF34 77DF5B77 user32.77DF4321 user32.77DF5B72 0012FF30
0012FF40 0046BE3C <JMP.&user32.DispatchMessageA> main_dat.0046BE37 0012FFA8
0012FF44 0012FF5C pMsg = WM_USER+1 hw = 31055C (class="TPUtilWindow") wParam = 1B0 lParam = 2
0012FF58 0046BE73 main_dat.0046BDB4 main_dat.0046BE6E 0012FFA8
0012FF7C 0046C093 main_dat.0046BE64 main_dat.0046C08E 0012FFA8
0012FFAC 008055BA main_dat.0046BFF8 main_dat.<ModuleEntryPoint>+ 0012FFA8
021E000C
021E000C
0220A204
021FC6A4 x
022351C4
0224A5A4
004020AC 8BF0 MOV ESI,EAX
004020AE BF 10365A00 MOV EDI,005A3610
004020B3 BD 14365A00 MOV EBP,005A3614
004020B8 8B1D 08365A00 MOV EBX,[5A3608]
004020BE 3B73 08 CMP ESI,[EBX+8]
004020C1 0F8E 84000000 JLE 0040214B
DS:[02248AF8]=00000004
ESI=000004EC
005021D9 E8 3A60FFFF CALL 004F8218
005021DE A1 58075A00 MOV EAX,[5A0758]
005021E3 8338 00 CMP DWORD PTR [EAX],0
005021E6 74 05 JE SHORT 005021ED
005021E8 E8 6361FDFF CALL 004D8350
005021ED 833D B89F6000 0>CMP DWORD PTR [609FB8],5
005021F4 7C 0B JL SHORT 00502201
005021F6 A1 B89F6000 MOV EAX,[609FB8]
005021FB 50 PUSH EAX
005021FC E8 47C3F0FF CALL <JMP.&kernel32.Sleep>
00502201 A1 68145A00 MOV EAX,[5A1468]
00502206 8338 00 CMP DWORD PTR [EAX],0
00502209 75 0A JNZ SHORT 00502215
0050220B A1 A0235A00 MOV EAX,[5A23A0]
00502210 8338 00 CMP DWORD PTR [EAX],0
00502213 ^ 75 C4 JNZ SHORT 005021D9
00502215 A1 A8165A00 MOV EAX,[5A16A8]
0050221A 8338 00 CMP DWORD PTR [EAX],0
0050221D 74 1F JE SHORT 0050223E
VirtualFree
GlobalFree
LocalAlloc
0040181C 8941 04 MOV [ECX+4],EAX
0040181F 8B35 E4355A00 MOV ESI,[5A35E4]
00401825 EB 38 JMP SHORT 0040185F
00401827 8B5E 08 MOV EBX,[ESI+8]
0040182A 8B7E 0C MOV EDI,[ESI+C]
0040182D 03FB ADD EDI,EBX
0040182F 3B1C24 CMP EBX,[ESP]
00401832 73 03 JNB SHORT 00401837
00401834 8B1C24 MOV EBX,[ESP]
00401837 3BEF CMP EBP,EDI
00401839 73 02 JNB SHORT 0040183D
0040183B 8BFD MOV EDI,EBP
0040183D 3BFB CMP EDI,EBX
0040183F 76 1C JBE SHORT 0040185D
00401841 68 00400000 PUSH 4000
00401846 2BFB SUB EDI,EBX
00401848 57 PUSH EDI
00401849 53 PUSH EBX
0040184A E8 ADFBFFFF CALL <JMP.&kernel32.VirtualFree>
0040184F 85C0 TEST EAX,EAX
00401851 75 0A JNZ SHORT 0040185D
00401853 C705 C0355A00 0>MOV DWORD PTR [5A35C0],2
0040185D 8B36 MOV ESI,[ESI]
0040185F 81FE E4355A00 CMP ESI,005A35E4
00401865 ^ 75 C0 JNZ SHORT 00401827
00401867 5A POP EDX
Call stack of thread 00000A48
Address Stack Procedure / arguments Called from Frame
01EAFC18 00401A57 main_dat.004017F0 main_dat.00401A52
01EAFC3C 00401E72 main_dat.00401A24 main_dat.00401E6D
01EAFC5C 00401F22 main_dat.00401E0C main_dat.00401F1D
01EAFC6C 00402495 main_dat.00401EBC main_dat.00402490
01EAFC90 00401D39 main_dat.0040232C main_dat.00401D34
01EAFC94 0040257C main_dat.00401D18 main_dat.00402577
01EAFCB0 004026F1 main_dat.004024D0 main_dat.004026EC
01EAFCD4 004027B7 main_dat.004026A0 main_dat.004027B1
01EAFCDC 00406268 main_dat.004027A4 main_dat.00406263 01EAFD0C
01EAFD10 0040633E main_dat.004061A8 main_dat.00406339 01EAFD0C
01EAFD14 01EAFD1C Arg1 = 01EAFD1C
01EAFD18 00503D11 main_dat.00406334 main_dat.00503D0C 01EAFDD8
01EAFDDC 004DA79D ? main_dat.00503C84 main_dat.004DA798 01EAFDD8
01EAFE4C 004D8C84 ? main_dat.004D9F48 main_dat.004D8C7F 01EAFE48
Call stack of thread 00000A48
Address Stack Procedure / arguments Called from Frame
01EAFC18 00401A57 main_dat.004017F0 main_dat.00401A52
01EAFC3C 00401E72 main_dat.00401A24 main_dat.00401E6D
01EAFC5C 00401F22 main_dat.00401E0C main_dat.00401F1D
01EAFC6C 00402495 main_dat.00401EBC main_dat.00402490
01EAFC90 00401D39 main_dat.0040232C main_dat.00401D34
01EAFC94 0040257C main_dat.00401D18 main_dat.00402577
01EAFCB0 004026F1 main_dat.004024D0 main_dat.004026EC
01EAFCD4 004027B7 main_dat.004026A0 main_dat.004027B1
01EAFCDC 00406268 main_dat.004027A4 main_dat.00406263 01EAFD0C
01EAFD10 0040633E main_dat.004061A8 main_dat.00406339 01EAFD0C
01EAFD14 01EAFD1C Arg1 = 01EAFD1C
01EAFD18 00503D11 main_dat.00406334 main_dat.00503D0C 01EAFDD8
01EAFDDC 004DA79D ? main_dat.00503C84 main_dat.004DA798 01EAFDD8
01EAFE4C 004D8C84 ? main_dat.004D9F48 main_dat.004D8C7F 01EAFE48
0050F8B6 A1 EC1C5A00 MOV EAX,[5A1CEC]
0050F8BB 8338 00 CMP DWORD PTR [EAX],0
0050F8BE A1 701F5A00 MOV EAX,[5A1F70] ; 012DEB87
0050F8C3 8B00 MOV EAX,[EAX]
0050F8C5 8A00 MOV AL,[EAX]
0050F8C7 8B15 44155A00 MOV EDX,[5A1544] ; 012DECC8
0050F8CD 8B12 MOV EDX,[EDX]
0050F8CF 3202 XOR AL,[EDX]
0050F8D1 25 FF000000 AND EAX,0FF
0050F8D6 83E8 42 SUB EAX,42
0050F8D9 8B15 EC1C5A00 MOV EDX,[5A1CEC] ; main_dat.0059FDC8
0050F8DF 3B02 CMP EAX,[EDX]
0050F8E1 75 11 JNZ SHORT 0050F8F4 ; !!!!!!!
0050F8E3 A1 700B5A00 MOV EAX,[5A0B70]
0050F8E8 8BF8 MOV EDI,EAX
0050F8EA 8D75 C8 LEA ESI,[EBP-38]
0050F8ED B9 0E000000 MOV ECX,0E
0050F8F2 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [E>
004D843A /74 1F JE SHORT 004D845B
004D843C |EB 22 JMP SHORT 004D8460
004D843E |E8 65000000 CALL 004D84A8 ; !!!!vxxxxxxxxx
004D8443 |A1 64235A00 MOV EAX,[5A2364]
004D8448 |8338 00 CMP DWORD PTR [EAX],0
004D844B |75 13 JNZ SHORT 004D8460
004D844D |E8 FA640300 CALL 0050E94C
005021CD A1 24F35900 MOV EAX,[59F324]
005021D2 A3 B89F6000 MOV [609FB8],EAX
005021D7 EB 32 JMP SHORT 0050220B
005021D9 E8 3A60FFFF CALL 004F8218
005021DE A1 58075A00 MOV EAX,[5A0758]
005021E3 8338 00 CMP DWORD PTR [EAX],0
005021E6 74 05 JE SHORT 005021ED
005021E8 E8 6361FDFF CALL 004D8350 ; !!!!!!!!!vx222222
005021ED 833D B89F6000 0>CMP DWORD PTR [609FB8],5
005021F4 7C 0B JL SHORT 00502201
005021F6 A1 B89F6000 MOV EAX,[609FB8]
005021FB 50 PUSH EAX
005021FC E8 47C3F0FF CALL <JMP.&kernel32.Sleep>
00502201 A1 68145A00 MOV EAX,[5A1468]
00401F1B 8BC7 MOV EAX,EDI
00401F1D E8 EAFEFFFF CALL 00401E0C
00401F22 84C0 TEST AL,AL
00401F24 75 17 JNZ SHORT 00401F3D
00401D17 C3 RETN
00401D18 FF05 B0355A00 INC DWORD PTR [5A35B0]
00401D1E 8BD0 MOV EDX,EAX
00401D20 83EA 04 SUB EDX,4
00401D23 8B12 MOV EDX,[EDX]
00401D25 81E2 FCFFFF7F AND EDX,7FFFFFFC
00401D2B 83EA 04 SUB EDX,4
00401D2E 0115 B4355A00 ADD [5A35B4],EDX
00401D34 E8 F3050000 CALL 0040232C
00401D39 C3 RETN
00401D3A 8BC0 MOV EAX,EAX
00503CBD E8 E6F6EFFF CALL 004033A8
00503CC2 8945 F8 MOV [EBP-8],EAX
00503CC5 A1 9C135A00 MOV EAX,[5A139C]
00503CCA 8338 00 CMP DWORD PTR [EAX],0
00503CCD 74 45 JE SHORT 00503D14
00503CCF A1 FC0C5A00 MOV EAX,[5A0CFC]
00503CD4 8B00 MOV EAX,[EAX]
00503CD6 33C9 XOR ECX,ECX
00503CD8 BA 6C023700 MOV EDX,37026C
00503CDD E8 6AEDFFFF CALL 00502A4C
00503CE2 85C0 TEST EAX,EAX
00503CE4 74 2E JE SHORT 00503D14
00503CE6 A1 9C135A00 MOV EAX,[5A139C]
37026C = 3605100
3605100 / 3600 x 1000
1个小时
00503CCA 8338 00 CMP DWORD PTR [EAX],0
00503CCD EB 45 JMP SHORT 00503D14
00503CCF A1 FC0C5A00 MOV EAX,[5A0CFC]
005828F6 8B45 E8 MOV EAX,[EBP-18]
005828F9 8A40 05 MOV AL,[EAX+5]
005828FC 8B15 38125A00 MOV EDX,[5A1238] ; main_dat.00737260
00582902 8A92 D3070000 MOV DL,[EDX+7D3]
00582908 8B0D 38125A00 MOV ECX,[5A1238] ; main_dat.00737260
0058290E 3291 DD070000 XOR DL,[ECX+7DD]
00582914 32C2 XOR AL,DL
00582916 25 FF000000 AND EAX,0FF
0058291B 8B15 38125A00 MOV EDX,[5A1238] ; main_dat.00737260
00582921 0FB692 C9070000 MOVZX EDX,BYTE PTR [EDX+7C9]
00582928 2BD0 SUB EDX,EAX
0058292A 8955 F4 MOV [EBP-C],EDX
0058292D 837D F4 00 CMP DWORD PTR [EBP-C],0
00582931 74 0B JE SHORT 0058293E
00582933 A1 9C135A00 MOV EAX,[5A139C]
00582938 C700 FFFFFFFF MOV DWORD PTR [EAX],-1
0058293E 833D E0E27300 0>CMP DWORD PTR [73E2E0],0
00582945 75 0C JNZ SHORT 00582953
00582947 E8 7080F2FF CALL <JMP.&winmm.timeGetTime>
0058294C A3 E0E27300 MOV [73E2E0],EAX
005865F9 A1 38125A00 MOV EAX,[5A1238]
005865FE 8A80 D5070000 MOV AL,[EAX+7D5]
00586604 8B15 38125A00 MOV EDX,[5A1238] ; main_dat.00737260
0058660A 3282 DF070000 XOR AL,[EDX+7DF]
00586610 8B55 F0 MOV EDX,[EBP-10]
00586613 3242 0A XOR AL,[EDX+A]
00586616 25 FF000000 AND EAX,0FF
0058661B 8B15 38125A00 MOV EDX,[5A1238] ; main_dat.00737260
00586621 0FB692 CB070000 MOVZX EDX,BYTE PTR [EDX+7CB]
00586628 2BD0 SUB EDX,EAX
0058662A 8955 F4 MOV [EBP-C],EDX
0058662D 837D F4 00 CMP DWORD PTR [EBP-C],0
00586631 74 12 JE SHORT 00586645
00586633 8B45 F4 MOV EAX,[EBP-C]
00586636 B9 32000000 MOV ECX,32
0058663B 99 CDQ
0058663C F7F9 IDIV ECX
0058663E A1 581C5A00 MOV EAX,[5A1C58]
00586643 8910 MOV [EAX],EDX
00586645 A1 F4055A00 MOV EAX,[5A05F4]
0058664A 8338 00 CMP DWORD PTR [EAX],0
0058664D 74 15 JE SHORT 00586664
00586598 A1 10165A00 MOV EAX,[5A1610]
0058659D 8338 00 CMP DWORD PTR [EAX],0
005865A0 0F84 9F000000 JE 00586645
00586598 A1 10165A00 MOV EAX,[5A1610]
0058659D 8338 00 CMP DWORD PTR [EAX],0
005865A0 0F84 9F000000 JE 00586645
005865A6 |8B45 F8 MOV EAX,[EBP-8]
005865A9 |B9 509E1B00 MOV ECX,1B9E50
005865AE |99 CDQ
005865AF |F7F9 IDIV ECX
005865B1 |81C2 E808DC00 ADD EDX,0DC08E8
005865B7 |A1 D41F5A00 MOV EAX,[5A1FD4]
005865BC |8B00 MOV EAX,[EAX]
005865BE |8B4D F8 MOV ECX,[EBP-8]
005865C1 |E8 86C4F7FF CALL 00502A4C
005865C6 |85C0 TEST EAX,EAX
005865C8 |74 7B JE SHORT 00586645
005865CA |A1 48E27300 MOV EAX,[73E248]
DC08E8 = 14420200
14420200 / 3600 x 1000
4个小时
0058A112 A1 1C0F5A00 MOV EAX,[5A0F1C]
0058A117 8078 06 00 CMP BYTE PTR [EAX+6],0
0058A11B 75 17 JNZ SHORT 0058A134
0058A11D A1 48E27300 MOV EAX,[73E248]
004DC2D8 8B15 2C0F5A00 MOV EDX,[5A0F2C] ; main_dat.0062BBA1
004DC2DE 3202 XOR AL,[EDX]
004DC2E0 25 FF000000 AND EAX,0FF
00580615 F7F9 IDIV ECX
00580617 81C2 EECBA400 ADD EDX,0A4CBEE
0058061D A1 900B5A00 MOV EAX,[5A0B90]
00580622 8B00 MOV EAX,[EAX]
00580624 33C9 XOR ECX,ECX
00580626 E8 2124F8FF CALL 00502A4C
0058062B 85C0 TEST EAX,EAX
0A4CBEE = 3个小时
004FA22C A1 FC105A00 MOV EAX,[5A10FC]
004FA231 8B00 MOV EAX,[EAX]
004FA233 33C9 XOR ECX,ECX
004FA235 BA 10046E00 MOV EDX,006E0410
004FA23A E8 0D880000 CALL 00502A4C
004FA23F 85C0 TEST EAX,EAX
004FA241 74 54 JE SHORT 004FA297
006E0410=2个小时
8B0033C9BA????????E8????????85C0
004FA290 A1 B40A5A00 MOV EAX,[5A0AB4]
004FA295 8910 MOV [EAX],EDX
004FA218 A1 88065A00 MOV EAX,[5A0688]
004FA21D 8038 00 CMP BYTE PTR [EAX],0
004FA220 74 75 JE SHORT 004FA297
004FA222 A1 FC105A00 MOV EAX,[5A10FC]
004FA227 8338 00 CMP DWORD PTR [EAX],0
004FA22A 74 6B JE SHORT 004FA297
004FA22C A1 FC105A00 MOV EAX,[5A10FC]
004FA231 8B00 MOV EAX,[EAX]
004FA233 33C9 XOR ECX,ECX
004FA235 BA 10046E00 MOV EDX,006E0410
004FA23A E8 0D880000 CALL 00502A4C
004FA23F 85C0 TEST EAX,EAX
004FA241 74 54 JE SHORT 004FA297
3小时
00A5917C
0012FDE4 0058062B RETURN to main_dat.0058062B from main_dat.00502A4C
2小时
006E0410
016CFD4C 004FA23F RETURN to main_dat.004FA23F from main_dat.00502A4C
??3小时
00580607 83F8 04 CMP EAX,4
0058060A EB 7F JMP SHORT 0058068B
0058060C 8B45 F8 MOV EAX,[EBP-8]
00580684 A1 5C215A00 MOV EAX,[5A215C]
00623D6C 00 00 00 00 00 00 00 00 01 00 00 00 D2 01 00 00 ............?..
00623D7C FF FF FF FF E8 0B 59 00 1C 10 59 00 FF FF FF FF ....?Y...Y.....
7c3d6200
005A1EE4 7C |
e41e5a00
药2小时
004FA21D 8038 00 CMP BYTE PTR [EAX],0
004FA220 EB 75 JMP SHORT 004FA297
004FA222 A1 FC105A00 MOV EAX,[5A10FC]
4小时
005865C1 E8 86C4F7FF CALL 00502A4C
005865C6 85C0 TEST EAX,EAX
005865C8 EB 7B JMP SHORT 00586645
005865CA A1 48E27300 MOV EAX,[73E248]
///////////////////////////////////////////////////////////////////
2.5小时,经验增加。
经验增加:63716
004CFE6D 8955 E4 MOV [EBP-1C],EDX
004CFE70 817D E4 7427000>CMP DWORD PTR [EBP-1C],2774
004CFE77 EB 53 JMP SHORT 004CFECC
004CFE79 A1 90095A00 MOV EAX,[5A0990]
004CFE7E 8178 18 5034030>CMP DWORD PTR [EAX+18],33450
004CFE85 7E 45 JLE SHORT 004CFECC
004CFE87 55 PUSH EBP
004CFE88 A1 481A5A00 MOV EAX,[5A1A48]
004CFE8D 8B00 MOV EAX,[EAX]
004CFE8F 33C9 XOR ECX,ECX
004CFE91 BA 48628C00 MOV EDX,8C6248
004CFE96 E8 F9FEFFFF CALL 004CFD94
004CFE9B 59 POP ECX
004CFE9C 85C0 TEST EAX,EAX
004CFE9E 74 2C JE SHORT 004CFECC
004CFEA0 E8 17ABFDFF CALL <JMP.&winmm.timeGetTime>
004CFEA5 B9 14000000 MOV ECX,14
004CFEAA 33D2 XOR EDX,EDX
躲避怪物攻击
///////////////////////////////////////////////////////////////////
pk
2.5 小时
没打死的怪物超过313只验证
004DACC7 A1 D0225A00 MOV EAX,[5A22D0]
004DACCC 8138 39010000 CMP DWORD PTR [EAX],139
004DACD2 7E 3B JLE SHORT 004DAD0F
004DACD4 A1 341E5A00 MOV EAX,[5A1E34]
0052FD24 55 PUSH EBP
0052FD25 8BEC MOV EBP,ESP
00526AF4 A1 D0235A00 MOV EAX,[5A23D0]
00526AF9 8B00 MOV EAX,[EAX]
00526AFB 3B45 F4 CMP EAX,[EBP-C]
00526AFE 75 49 JNZ SHORT 00526B49
00526B00 A1 A80A5A00 MOV EAX,[5A0AA8]
00526B05 C700 FFFFFFFF MOV DWORD PTR [EAX],-1
00526B0B A1 0C215A00 MOV EAX,[5A210C]
00526B10 C700 FFFFFFFF MOV DWORD PTR [EAX],-1
00526B16 A1 1C0F5A00 MOV EAX,[5A0F1C]
00526B1B 66:8B40 36 MOV AX,[EAX+36]
00526B1F 8B15 E0095A00 MOV EDX,[5A09E0] ; main_dat.0073B190
00526B25 66:8902 MOV [EDX],AX
00526B28 A1 1C0F5A00 MOV EAX,[5A0F1C]
00526B2D 66:8B40 38 MOV AX,[EAX+38]
00526B31 8B15 E0095A00 MOV EDX,[5A09E0] ; main_dat.0073B190
00526B37 66:8942 02 MOV [EDX+2],AX
00526B3B E8 7C3EF8FF CALL <JMP.&winmm.timeGetTime>
00526B40 8B15 E0095A00 MOV EDX,[5A09E0] ; main_dat.0073B190
00526B46 8942 04 MOV [EDX+4],EAX
00526B49 8B45 F4 MOV EAX,[EBP-C]
00526B4C E8 D3910000 CALL 0052FD24 ;!!!
00526B51 E9 8A680000 JMP 0052D3E0
00526B56 A1 74215A00 MOV EAX,[5A2174]
改
004DACC7 A1 D0225A00 MOV EAX,[5A22D0]
004DACCC 8138 39010000 CMP DWORD PTR [EAX],139
004DACD2 EB 3B JMP SHORT 004DAD0F
004DACD4 A1 341E5A00 MOV EAX,[5A1E34]
///////////////////////////////////////////////////////////////////
ri
004DC2F4 8955 EC MOV [EBP-14],EDX ; cracked
004DC2F7 837D EC 00 CMP DWORD PTR [EBP-14],0
004DC2FB EB 2C JMP SHORT 004DC329
004DC2FD A1 78195A00 MOV EAX,[5A1978]
///////////////////////////////////////////////////////////////////
??
004DD453 A1 38125A00 MOV EAX,[5A1238]
004DD458 05 54130000 ADD EAX,1354
004DD45D 8B00 MOV EAX,[EAX]
004DD45F 35 1A8709FA XOR EAX,FA09871A
004DD464 8B15 8C1B5A00 MOV EDX,[5A1B8C] ; main_dat.00736024
004DD46A 8B92 0C020000 MOV EDX,[EDX+20C]
004DD470 81F2 83000000 XOR EDX,83
004DD476 2BC2 SUB EAX,EDX
004DD478 8945 C8 MOV [EBP-38],EAX
004DD47B 817D C8 2727000>CMP DWORD PTR [EBP-38],2727
004DD482 76 27 JBE SHORT 004DD4AB
004DD484 8B45 C8 MOV EAX,[EBP-38]
004DD487 B9 14000000 MOV ECX,14
改
004DD47B 817D C8 2727000>CMP DWORD PTR [EBP-38],2727
004DD482 EB 27 JMP SHORT 004DD4AB
004DD484 8B45 C8 MOV EAX,[EBP-38]
///////////////////////////////////////////////////////////////////
x
004FF871 6945 FC 1A04000>IMUL EAX,[EBP-4],41A
004FF878 8B0D 38125A00 MOV ECX,[5A1238] ; main_dat.00737260
004FF87E 8D0401 LEA EAX,[ECX+EAX]
004FF881 B9 1A040000 MOV ECX,41A
004FF886 E8 2586F0FF CALL 00407EB0
004FF88B FF45 FC INC DWORD PTR [EBP-4]
004FF88E 837D FC 08 CMP DWORD PTR [EBP-4],8
004FF892 ^ 75 D1 JNZ SHORT 004FF865
004FF894 59 POP ECX
///////////////////////////////////////////////////////////////////
x
005828FC 8B15 38125A00 MOV EDX,[5A1238] ; main_dat.00737260
00582902 8A92 D3070000 MOV DL,[EDX+7D3]
00582908 8B0D 38125A00 MOV ECX,[5A1238] ; main_dat.00737260
0058290E 3291 DD070000 XOR DL,[ECX+7DD]
00582914 32C2 XOR AL,DL
00582916 25 FF000000 AND EAX,0FF
0058291B 8B15 38125A00 MOV EDX,[5A1238] ; main_dat.00737260
00582921 0FB692 C9070000 MOVZX EDX,BYTE PTR [EDX+7C9]
00582928 2BD0 SUB EDX,EAX
0058292A 8955 F4 MOV [EBP-C],EDX
0058292D 837D F4 00 CMP DWORD PTR [EBP-C],0
00582931 74 0B JE SHORT 0058293E
00582933 A1 9C135A00 MOV EAX,[5A139C]
00582938 C700 FFFFFFFF MOV DWORD PTR [EAX],-1
0058293E 833D E0E27300 0>CMP DWORD PTR [73E2E0],0
///////////////////////////////////////////////////////////////////
pk bug
found boss
Found commands
Address Disassembly Comment
0052FA34 CALL 005376C0
0052FADF CALL 005376C0
00530912 CALL 005376C0
00530917 IMUL EDX,[EBP-4],43 (Initial CPU selection)
0053AB58 55 PUSH EBP
0053AB59 8BEC MOV EBP,ESP
0053AB5B 81C4 E8FEFFFF ADD ESP,-118
0053AB61 33D2 XOR EDX,EDX
0053AB63 8995 E8FEFFFF MOV [EBP-118],EDX
0053AB69 8955 EC MOV [EBP-14],EDX
0053AB6C 8955 F0 MOV [EBP-10],EDX
0053AB6F 8945 FC MOV [EBP-4],EAX
0053AB72 33C0 XOR EAX,EAX
0053AB74 55 PUSH EBP
0053AB75 68 41B05300 PUSH 0053B041
0053AB7A 64:FF30 PUSH DWORD PTR FS:[EAX]
0053AB7D 64:8920 MOV FS:[EAX],ESP
0053AB80 6B45 FC 43 IMUL EAX,[EBP-4],43
0053AB84 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0053AB8A C64482 2E 00 MOV BYTE PTR [EDX+EAX*4+2E],0
0053AB8F B8 54B05300 MOV EAX,0053B054 ; pk
0053AB94 E8 7BA4FCFF CALL 00505014
Found commands
Address Disassembly Comment
00535D3A CALL 0053AB58
0058E523 CALL 0053AB58
004DA98D A1 500B5A00 MOV EAX,[5A0B50]
004DA992 8338 00 CMP DWORD PTR [EAX],0
004DA995 75 0D JNZ SHORT 004DA9A4
/////////////////////////////////////////////////////////////
004CFE70 817D E4 7427000>CMP DWORD PTR [EBP-1C],2774
004CFE77 EB 53 JMP SHORT 004CFECC
004CFE79 A1 90095A00 MOV EAX,[5A0990]
005828E2 83F8 06 CMP EAX,6
005828E5 EB 57 JMP SHORT 0058293E
005828E7 8D55 E8 LEA EDX,[EBP-18]
004DD450 8945 E4 MOV [EBP-1C],EAX
004DD453 EB 56 JMP SHORT 004DD4AB
004DD455 90 NOP
004DC2BC /E9 48080000 JMP 004DCB09
004DC2C1 |EB 66 JMP SHORT 004DC329
004DC2C3 |90 NOP
004CFE36 8945 EC MOV [EBP-14],EAX
004CFE39 E9 8E000000 JMP 004CFECC
004CFE3E 90 NOP
Log data, item 2
Address=0050395D
Message=Access violation when reading [00739E4C]
004FF85B C3 RETN
004FF85C 55 PUSH EBP
004FF85D 8BEC MOV EBP,ESP
004FF85F 51 PUSH ECX
004FF860 33C0 XOR EAX,EAX
004FF862 8945 FC MOV [EBP-4],EAX
004FF865 A1 54155A00 MOV EAX,[5A1554]
004FF86A E8 3159F0FF CALL 004051A0
004FF86F 8BD0 MOV EDX,EAX
004FF871 6945 FC 1A04000>IMUL EAX,[EBP-4],41A
004FF878 8B0D 38125A00 MOV ECX,[5A1238] ; main_dat.00737260
004FF87E 8D0401 LEA EAX,[ECX+EAX]
004FF881 B9 1A040000 MOV ECX,41A
004FF886 E8 2586F0FF CALL 00407EB0
004FF88B FF45 FC INC DWORD PTR [EBP-4]
004FF88E 837D FC 08 CMP DWORD PTR [EBP-4],8
004FF892 ^ 75 D1 JNZ SHORT 004FF865
004FF894 59 POP ECX
004FF895 5D POP EBP
004FF896 C3 RETN
0052EF4F A1 1C125A00 MOV EAX,[5A121C]
0052EF54 8338 00 CMP DWORD PTR [EAX],0
0052EF57 0F85 B2060000 JNZ 0052F60F
0052EF5D 833D 7C3D6200 0>CMP DWORD PTR [623D7C],0
0052EF64 0F84 95000000 JE 0052EFFF
005A1EE1 A9 73007C3D TEST EAX,3D7C0073
005A1EE6 6200 BOUND EAX,[EAX]
005A1EE4
e41e5a00
2005-10-10 14:11
0052F634 C3 RETN
0052F635 8D40 00 LEA EAX,[EAX]
0052F638 55 PUSH EBP ; 处理遇到的怪物
0052F639 8BEC MOV EBP,ESP
0052F63B 81C4 C4FEFFFF ADD ESP,-13C
///
;child call
00504F8D 83C0 04 ADD EAX,4
00504F90 BA 00505000 MOV EDX,00505000 ; ASCII 04,"卫士"
00504F95 33C9 XOR ECX,ECX
00504F97 8A08 MOV CL,[EAX]
00504F99 41 INC ECX
00504F9A E8 89E2EFFF CALL 00403228 ; 比较是不是卫士
00504F9F 74 17 JE SHORT 00504FB8
00504FA1 8B45 FC MOV EAX,[EBP-4]
00504FA4 83C0 04 ADD EAX,4
00504FA7 BA 08505000 MOV EDX,00505008
00504FAC 33C9 XOR ECX,ECX
00504FAE 8A08 MOV CL,[EAX]
00504FB0 41 INC ECX
00504FB1 E8 72E2EFFF CALL 00403228 ; 比较是不是带刀护卫
00504FB6 75 21 JNZ SHORT 00504FD9
00504FB8 8D45 F4 LEA EAX,[EBP-C]
00504FBB 8B55 FC MOV EDX,[EBP-4]
///
0052F6D2 8D85 DCFEFFFF LEA EAX,[EBP-124]
0052F6D8 E8 8358FDFF CALL 00504F60 ;up
0052F6DD 85C0 TEST EAX,EAX ; eax=1就是遇到卫士
0052F6DF 0F84 82000000 JE 0052F767
0052F6E5 A1 481B5A00 MOV EAX,[5A1B48]
0052F6EA 8338 00 CMP DWORD PTR [EAX],0
0052F6ED 74 21 JE SHORT 0052F710
0052F6EF A1 1C0F5A00 MOV EAX,[5A0F1C] ; 人物数据
0052F6F4 8078 04 F9 CMP BYTE PTR [EAX+4],0F9 ; 人物数据指针+4=f9(红名)=ff(白名)
0052F6F8 75 16 JNZ SHORT 0052F710
0052F6FA 33C9 XOR ECX,ECX
0052F6FC BA 68FC5200 MOV EDX,0052FC68 ; $ff
0052F701 B8 74FC5200 MOV EAX,0052FC74 ; 红名,遇卫士下线
0052F706 E8 2562FDFF CALL 00505930
0052F7EE E8 154E0000 CALL 00534608
0052F7F3 6B45 FC 43 IMUL EAX,[EBP-4],43
0052F7F7 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0052F7FD 8D3C82 LEA EDI,[EDX+EAX*4]
0052F800 8DB5 DCFEFFFF LEA ESI,[EBP-124] ; 复制栈里的怪物数据到怪物地址
0052F806 B9 43000000 MOV ECX,43
0052F80B F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR [E>
0052F80D 6B45 FC 43 IMUL EAX,[EBP-4],43
0052F811 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0052F817 33C9 XOR ECX,ECX
0052F819 894C82 58 MOV [EDX+EAX*4+58],ECX
0052F81D 8D85 D4FEFFFF LEA EAX,[EBP-12C]
0052F823 8D95 E0FEFFFF LEA EDX,[EBP-120]
0052F829 E8 C656EDFF CALL 00404EF4 ; 未知
0052F82E 8B95 D4FEFFFF MOV EDX,[EBP-12C]
0052F834 33C0 XOR EAX,EAX
0052F836 8A85 09FFFFFF MOV AL,[EBP-F7] ; al=2d,遇到卫士
0052F83C E8 3F050000 CALL 0052FD80 ;in
///
;child call up
0052FD9F 64:8920 MOV FS:[EAX],ESP
0052FDA2 8B45 FC MOV EAX,[EBP-4]
0052FDA5 83F8 2D CMP EAX,2D ; eax=2d,遇到卫士
0052FDA8 7F 16 JG SHORT 0052FDC0
0052FDAA 74 47 JE SHORT 0052FDF3
0052FDAC 83E8 02 SUB EAX,2
0052FDAF 72 1E JB SHORT 0052FDCF
0052FDB1 83E8 0A SUB EAX,0A
0052FDB4 74 1F JE SHORT 0052FDD5
0052FDB6 83E8 0C SUB EAX,0C
0052FDB9 74 32 JE SHORT 0052FDED
0052FDBB E9 85000000 JMP 0052FE45
0052FDC0 83E8 32 SUB EAX,32
0052FDC3 74 28 JE SHORT 0052FDED
0052FDC5 05 51FFFFFF ADD EAX,-0AF
0052FDCA 83E8 06 SUB EAX,6
0052FDCD 73 76 JNB SHORT 0052FE45
0052FDCF C645 F7 01 MOV BYTE PTR [EBP-9],1
0052FDD3 EB 74 JMP SHORT 0052FE49
0052FDD5 8B45 F8 MOV EAX,[EBP-8]
0052FDD8 E8 3752FDFF CALL 00505014
0052FDDD 85C0 TEST EAX,EAX
0052FDDF 7D 06 JGE SHORT 0052FDE7
0052FDE1 C645 F7 03 MOV BYTE PTR [EBP-9],3
0052FDE5 EB 62 JMP SHORT 0052FE49
0052FDE7 C645 F7 00 MOV BYTE PTR [EBP-9],0
0052FDEB EB 5C JMP SHORT 0052FE49
0052FDED C645 F7 03 MOV BYTE PTR [EBP-9],3
0052FDF1 EB 56 JMP SHORT 0052FE49
0052FDF3 8B45 F8 MOV EAX,[EBP-8]
0052FDF6 BA 78FE5200 MOV EDX,0052FE78 ; ASCII "卫士"
0052FDFB E8 9452EDFF CALL 00405094
0052FE00 74 0F JE SHORT 0052FE11
0052FE02 8B45 F8 MOV EAX,[EBP-8]
0052FE05 BA 88FE5200 MOV EDX,0052FE88 ; 弓箭守卫
0052FE0A E8 8552EDFF CALL 00405094
0052FE0F 75 06 JNZ SHORT 0052FE17
0052FE11 C645 F7 03 MOV BYTE PTR [EBP-9],3
0052FE15 EB 32 JMP SHORT 0052FE49
0052FE17 8B45 F8 MOV EAX,[EBP-8]
0052FE1A BA 9CFE5200 MOV EDX,0052FE9C ; 恶魔弓箭手
0052FE1F E8 7052EDFF CALL 00405094
0052FE24 75 19 JNZ SHORT 0052FE3F
0052FE26 A1 A0185A00 MOV EAX,[5A18A0]
0052FE2B 8B00 MOV EAX,[EAX]
///
0052FA34 E8 877C0000 CALL 005376C0 ; 遇到BOSS,播放声音
0052FA39 6B55 FC 43 IMUL EDX,[EBP-4],43
0052FA3D 8B0D 8C0B5A00 MOV ECX,[5A0B8C] ; main_dat.00635594
0052FA43 894491 58 MOV [ECX+EDX*4+58],EAX
0052FA47 55 PUSH EBP
0052FA48 E8 EBF4FFFF CALL 0052EF38 ;in
0052FA4D 59 POP ECX
;child call
00537854 6A 00 PUSH 0
00537856 6A 00 PUSH 0
00537858 68 387A5300 PUSH 00537A38 ; 遇到BOSS
0053785D FF75 FC PUSH DWORD PTR [EBP-4]
00537860 68 4C7A5300 PUSH 00537A4C
00537865 FF75 E4 PUSH DWORD PTR [EBP-1C]
///
0052F0B9 8D5491 04 LEA EDX,[ECX+EDX*4+4]
0052F0BD E8 325EEDFF CALL 00404EF4 ; null
0052F0C2 8B45 F8 MOV EAX,[EBP-8]
0052F0C5 E8 4A5FFDFF CALL 00505014 ; 和158种怪物比较
0052F0CA 8B55 08 MOV EDX,[EBP+8]
;child call
00505038 C745 F8 FFFFFFF>MOV DWORD PTR [EBP-8],-1
0050503F A1 50185A00 MOV EAX,[5A1850] ; 158种怪物
00505044 8B00 MOV EAX,[EAX]
00505046 48 DEC EAX
00505047 85C0 TEST EAX,EAX
00505049 7C 45 JL SHORT 00505090
0050504B 40 INC EAX
0050504C 8945 F0 MOV [EBP-10],EAX
0050504F C745 F4 0000000>MOV DWORD PTR [EBP-C],0
00505056 8D45 EC LEA EAX,[EBP-14]
00505059 8B55 F4 MOV EDX,[EBP-C]
0050505C 8BCA MOV ECX,EDX
0050505E C1E2 05 SHL EDX,5
00505061 2BD1 SUB EDX,ECX
00505063 8B0D A41A5A00 MOV ECX,[5A1AA4] ; main_dat.00642920
00505069 8B09 MOV ECX,[ECX]
0050506B 8D1451 LEA EDX,[ECX+EDX*2]
0050506E E8 81FEEFFF CALL 00404EF4 ; null
00505073 8B45 EC MOV EAX,[EBP-14]
00505076 8B55 FC MOV EDX,[EBP-4]
00505079 E8 1600F0FF CALL 00405094 ; 比较
0050507E 75 08 JNZ SHORT 00505088
00505080 8B45 F4 MOV EAX,[EBP-C]
00558F90 B9 6C905500 MOV ECX,0055906C
00558F95 A1 4C195A00 MOV EAX,[5A194C]
00558F9A 8B00 MOV EAX,[EAX]
00558F9C E8 E731F1FF CALL 0046C188
00558FA1 83F8 06 CMP EAX,6
00558FA4 0F85 90000000 JNZ 0055903A
00558FAA 8B45 F4 MOV EAX,[EBP-C]
00558FAD 8B15 50185A00 MOV EDX,[5A1850] ; main_dat.0064291C
00558FB3 8B12 MOV EDX,[EDX]
00558FB5 83EA 02 SUB EDX,2
00558FB8 2BD0 SUB EDX,EAX
00558FBA 7C 43 JL SHORT 00558FFF
00525481 E8 B2A10000 CALL 0052F638 ; 处理遇到的怪物
00525486 A1 3C0F5A00 MOV EAX,[5A0F3C]
0052548B 8338 00 CMP DWORD PTR [EAX],0
0052548E 0F84 4C7F0000 JE 0052D3E0
0052F0B3 8B0D 8C0B5A00 MOV ECX,[5A0B8C] ; main_dat.00635594
0052F0B9 8D5491 04 LEA EDX,[ECX+EDX*4+4]
0052F0BD E8 325EEDFF CALL 00404EF4 ; null
0052F0C2 8B45 F8 MOV EAX,[EBP-8]
0052F0C5 E8 4A5FFDFF CALL 00505014 ; 和158种怪物比较
0052F0CA 8B55 08 MOV EDX,[EBP+8]
0052F0CD 8942 F8 MOV [EDX-8],EAX
0052F0D0 8B45 08 MOV EAX,[EBP+8]
0052F0D3 8378 F8 00 CMP DWORD PTR [EAX-8],0
0052F0D7 0F8C 8C020000 JL 0052F369
0052F0DD 8B45 08 MOV EAX,[EBP+8] ; 是怪物
0052F0E0 6B40 FC 43 IMUL EAX,[EAX-4],43
0052F0E4 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0052FA47 55 PUSH EBP
0052FA48 E8 EBF4FFFF CALL 0052EF38 ; 和158种怪物比较根call
0052FA4D 59 POP ECX ; 0012F7E4
0052FA4E E9 D7010000 JMP 0052FC2A
0052F829 E8 C656EDFF CALL 00404EF4 ; 未知
0052F82E 8B95 D4FEFFFF MOV EDX,[EBP-12C]
0052F834 33C0 XOR EAX,EAX
0052F836 8A85 09FFFFFF MOV AL,[EBP-F7] ; al=2d,遇到卫士,32=NPC,B=鸡
0052F83C E8 3F050000 CALL 0052FD80 ; al=3,遇到卫士,al=1(人),0=怪物
0052F841 6B55 FC 43 IMUL EDX,[EBP-4],43
0052F845 8B0D 8C0B5A00 MOV ECX,[5A0B8C] ; main_dat.00635594
0052F84B 884491 2F MOV [ECX+EDX*4+2F],AL
0052F84F 6B45 FC 43 IMUL EAX,[EBP-4],43
0052F853 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0052F859 807C82 2F 00 CMP BYTE PTR [EDX+EAX*4+2F],0 ; 11111111111111
0052F85E 75 3A JNZ SHORT 0052F89A
0052F860 6B45 FC 43 IMUL EAX,[EBP-4],43
0052F864 8B15 8C0B5A00 MOV EDX,[5A0B8C] ; main_dat.00635594
0052EF5D 833D 7C3D6200 0>CMP DWORD PTR [623D7C],0
0052EF64 0F84 95000000 JE 0052EFFF
005A1EE1 A9 73007C3D TEST EAX,3D7C0073
005A1EE6 6200 BOUND EAX,[EAX]
005A1EE4
e41e5a00
005867C9 A1 9C165A00 MOV EAX,[5A169C]
005867CE FF00 INC DWORD PTR [EAX]
005867D0 A1 E41E5A00 MOV EAX,[5A1EE4]
005867D5 8338 00 CMP DWORD PTR [EAX],0
005867D8 0F85 8C000000 JNZ 0058686A
005867DE A1 D41D5A00 MOV EAX,[5A1DD4]
005867E3 8B00 MOV EAX,[EAX]
005867E5 8B15 FC185A00 MOV EDX,[5A18FC] ;0x18C
005867EB 3B02 CMP EAX,[EDX]
005867ED 7E 7B JLE SHORT 0058686A
005867EF A1 AC1D5A00 MOV EAX,[5A1DAC]
005867F4 C600 00 MOV BYTE PTR [EAX],0
005867F7 8D95 88FEFFFF LEA EDX,[EBP-178]
005867FD A1 4C195A00 MOV EAX,[5A194C]
00586802 8B00 MOV EAX,[EAX]
00586804 E8 C75DEEFF CALL 0046C5D0
00586809 8B95 88FEFFFF MOV EDX,[EBP-178]
0058680F 8D85 A0FEFFFF LEA EAX,[EBP-160]
00586815 E8 36C7E7FF CALL 00402F50
0058681A BA 01000000 MOV EDX,1
0058681F 8D85 A0FEFFFF LEA EAX,[EBP-160]
00586825 E8 B2CEE7FF CALL 004036DC
0058682A E8 9DC0E7FF CALL 004028CC
0058682F 8D85 A0FEFFFF LEA EAX,[EBP-160]
00586835 E8 02CBE7FF CALL 0040333C
0058683A E8 8DC0E7FF CALL 004028CC ; !!!!!!!!!!!!
0058683F 3D A0BB0D00 CMP EAX,0DBBA0
00586844 7E 0B JLE SHORT 00586851
00586846 A1 E41E5A00 MOV EAX,[5A1EE4]
0058684B C700 FFFFFFFF MOV DWORD PTR [EAX],-1
00586851 8D85 A0FEFFFF LEA EAX,[EBP-160]
00586857 E8 98C8E7FF CALL 004030F4
0057FC2D E8 BACFF3FF CALL <JMP.&cqb.inidata>
0057FC32 E8 311CFBFF CALL 00531868
0057FC37 E8 D417FBFF CALL 00531410
0057FC3C E8 A710FCFF CALL 00540CE8
0057FC41 8B45 FC MOV EAX,[EBP-4]
0057FC44 E8 034A0000 CALL 0058464C
0057FC49 8B45 FC MOV EAX,[EBP-4]
0057FC4C E8 238C0000 CALL 00588874
0057FC51 8B45 FC MOV EAX,[EBP-4]
0057FC54 E8 27000000 CALL 0057FC80
0057FC59 B8 2C010000 MOV EAX,12C
0057FC5E E8 4537E8FF CALL 004033A8
0057FC63 05 2C010000 ADD EAX,12C
0057FC68 8B15 FC185A00 MOV EDX,[5A18FC] ; main_dat.00623D78
0057FC6E 8902 MOV [EDX],EAX
0057FC70 A1 78085A00 MOV EAX,[5A0878]
0057FC75 C700 FFFFFFFF MOV DWORD PTR [EAX],-1
0057FC7B 59 POP ECX
0057FC7C 5D POP EBP
0057FC7D C3 RETN
2005-10-10 21:09
00586835 E8 02CBE7FF CALL 0040333C
0058683A E8 8DC0E7FF CALL 004028CC ; !!!!!!!!!!!!
0058683F 3D A0BB0D00 CMP EAX,0DBBA0 ; 大于900k就出错
00586844 7E 0B JLE SHORT 00586851
00586846 A1 E41E5A00 MOV EAX,[5A1EE4]
0058684B C700 FFFFFFFF MOV DWORD PTR [EAX],-1
962 KB (985,600 字节)
962 KB (985,088 字节)
F0B90=986000
DBBA0=900000
0058683F 3D 900B0F00 CMP EAX,0F0B90 ; 大于986k就出错
00586844 7E 0B JLE SHORT 00586851 ; 00586851
发送区名字
Call stack of thread 00000824
Address Stack Procedure / arguments Called from Frame
016EF954 004BAE00 <JMP.&wsock32.send> main_dat.004BADFB 016EF9B0
016EF958 000000C0 Socket = C0
016EF95C 005AA71C Data = main_dat.005AA71C
016EF960 00000034 DataSize = 34 (52.)
016EF964 00000000 Flags = 0
016EF9B4 004C753F ? main_dat.004BADA0 main_dat.004C753A 016EF9B0
016EF9F4 004F9D4D ? main_dat.004C7344 main_dat.004F9D48 016EF9F0
016EFA20 004F5281 main_dat.004F9D0C main_dat.004F527C 016EFA1C
016EFA24 0070FDB0 Arg1 = 0070FDB0
016EFEE8 004F6252 ? main_dat.004F4A18 main_dat.004F624D 016EFEE4
016EFF34 004F8384 ? main_dat.004F61DC main_dat.004F837F 016EFF30
016EFF5C 005021DE ? main_dat.004F8218 main_dat.005021D9 016EFF58
016EFF74 00423C53 Includes main_dat.005021DE main_dat.00423C50 016EFF70
004F522A 8D85 30FEFFFF LEA EAX,[EBP-1D0]
004F5230 8B15 CC0F5A00 MOV EDX,[5A0FCC] ; main_dat.00624184
004F5236 83C2 19 ADD EDX,19
004F5239 E8 B6FCF0FF CALL 00404EF4 ; 取得区名字
004F523E 8B85 30FEFFFF MOV EAX,[EBP-1D0]
004F5244 E8 8F20FDFF CALL 004C72D8
004F5249 A1 041E5A00 MOV EAX,[5A1E04]
004F524E 66:C740 02 E02E MOV WORD PTR [EAX+2],2EE0
004F5254 A1 041E5A00 MOV EAX,[5A1E04]
004F5259 66:C740 04 0000 MOV WORD PTR [EAX+4],0
004F525F A1 E40D5A00 MOV EAX,[5A0DE4]
004F5264 C600 00 MOV BYTE PTR [EAX],0
004F5267 A1 041E5A00 MOV EAX,[5A1E04]
004F526C 50 PUSH EAX
004F526D 8B0D 90115A00 MOV ECX,[5A1190] ; main_dat.005A9B5C
004F5273 8B09 MOV ECX,[ECX]
004F5275 A1 10235A00 MOV EAX,[5A2310]
004F527A 33D2 XOR EDX,EDX
004F527C E8 8B4A0000 CALL 004F9D0C ; 发送区名字
004F5281 85C0 TEST EAX,EAX
004F5283 75 41 JNZ SHORT 004F52C6
004F5285 6A 00 PUSH 0
C7ACC0A4 ;乾坤
B2D4CCEC ;苍天
00590D2B 90 NOP
00590D2C 90 NOP
00590D2D 90 NOP
00590D2E 90 NOP
00590D2F 90 NOP
00590D30 E9 CB1A1D00 JMP 00762800
E8 E8 8F FE FF A1 AC 08 5A 00 8B 00 83 B8 D4 00
发送验证信息
Call stack of main thread
Address Stack Procedure / arguments Called from Frame
0012FD8C 00595FCC main_dat.004BB0A0 main_dat.00595FC7 0012FDFC
0012FE00 00596AEB ? main_dat.00595F5C main_dat.00596AE6 0012FDFC
0012FE14 004BC375 Includes main_dat.00596AEB main_dat.004BC372 0012FE10
0012FE1C 004BC076 Includes main_dat.004BC375 main_dat.004BC073 0012FE24
0012FE28 004BAB8D Includes main_dat.004BC076 main_dat.004BAB8A 0012FE24
0012FE34 004BAF26 main_dat.004040A4 main_dat.004BAF21 0012FE48
0012FE3C 004BA567 Includes main_dat.004BAF26 main_dat.004BA564 0012FE48
0012FE4C 004BB0FC Includes main_dat.004BA567 main_dat.004BB0F9 0012FE48
0012FE70 0042517E Includes main_dat.004BB0FC main_dat.0042517C 0012FE6C
0012FE88 77E1A420 Includes main_dat.0042517E user32.77E1A41D 0012FE84
0012FEA8 77DF4605 user32.77E1A408 user32.77DF4600 0012FEA4
0012FF34 77DF5B77 user32.77DF4321 user32.77DF5B72 0012FF30
0012FF40 0046BE3C <JMP.&user32.DispatchMessageA> main_dat.0046BE37 0012FFA8
0012FF44 0012FF5C pMsg = WM_USER+1 hw = 14051E (clas
0012FF58 0046BE73 main_dat.0046BDB4 main_dat.0046BE6E 0012FFA8
0012FF7C 0046C093 main_dat.0046BE64 main_dat.0046C08E 0012FFA8
0012FFAC 008055BA main_dat.0046BFF8 main_dat.008055B5 0012FFA8
00595FB5 8D55 C0 LEA EDX,[EBP-40]
00595FB8 8B45 FC MOV EAX,[EBP-4]
00595FBB 8B80 E8080000 MOV EAX,[EAX+8E8]
00595FC1 8B80 90000000 MOV EAX,[EAX+90]
00595FC7 E8 D450F2FF CALL 004BB0A0 ; 发送验证数据
00595FCC 8B55 C0 MOV EDX,[EBP-40]
00595FCF A1 681A5A00 MOV EAX,[5A1A68]
00595FD4 E8 13EDE6FF CALL 00404CEC
005A2450 B8 1F040000 MOV EAX,41F
005A2455 8BC8 MOV ECX,EAX
005A2457 BE 69F37F00 MOV ESI,007FF369
005A245C 8B3B MOV EDI,[EBX]
005A245E F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR [ESI]
005A2460 ^ E9 688CF1FF JMP 004BB0CD
B8 1F 04 00 00 8B C8 BE 69 F3 7F 00 8B 3B F3 A4 E9 68 8C F1 FF 00 00 00 00 00 00 00 00 00 00 00
004BB0A0 53 PUSH EBX
004BB0A1 56 PUSH ESI
004BB0A2 8BDA MOV EBX,EDX
004BB0A4 8BF0 MOV ESI,EAX
004BB0A6 83C9 FF OR ECX,FFFFFFFF
004BB0A9 33D2 XOR EDX,EDX
004BB0AB 8BC6 MOV EAX,ESI
004BB0AD B8 1F040000 MOV EAX,41F
004BB0B2 8BD0 MOV EDX,EAX
004BB0B4 8BC3 MOV EAX,EBX
004BB0B6 E8 19A2F4FF CALL 004052D4
004BB0BB E9 90730E00 JMP 005A2450
004BB0C0 90 NOP
004BB0C1 90 NOP
004BB0C2 8BC8 MOV ECX,EAX
004BB0C4 8B13 MOV EDX,[EBX]
004BB0C6 8BC6 MOV EAX,ESI
004BB0C8 E8 5BFEFFFF CALL 004BAF28
004BB0CD 8BD0 MOV EDX,EAX
004BB0CF 8BC3 MOV EAX,EBX
004BB0D1 E8 FEA1F4FF CALL 004052D4
004BB0D6 5E POP ESI
004BB0D7 5B POP EBX
004BB0D8 C3 RETN
53 56 8B DA 8B F0 83 C9 FF 33 D2 8B C6 B8 1F 04 00 00 8B D0 8B C3 E8 19 A2 F4 FF
B8 1F 04 00 00 8B C8 BE 69 F3 7F 00 8B 3B F3 A4
8B D0 8B C3 E8 FE A1 F4 FF 5E 5B C3
004BB0B6 E8 19A2F4FF CALL 004052D4
004BB0BB E9 90730E00 JMP 005A2450
004BB0CD 8BD0 MOV EDX,EAX
004BB0CF 8BC3 MOV EAX,EBX
004BB0D1 E8 FEA1F4FF CALL 004052D4
53 56 8B DA 8B F0 83 C9 FF 33 D2 8B C6 B8 1F 04 00 00 8B D0 8B C3 E8 B9 5F C0 FF B8 1F 04 00 00
8B C8 BE 69 F3 7F 00 8B 3B F3 A4 8B D0 8B C3 E8 A0 5F C0 FF 5E 5B C3
;new call
007FF300 53 PUSH EBX
007FF301 56 PUSH ESI
007FF302 8BDA MOV EBX,EDX
007FF304 8BF0 MOV ESI,EAX
007FF306 83C9 FF OR ECX,FFFFFFFF
007FF309 33D2 XOR EDX,EDX
007FF30B 8BC6 MOV EAX,ESI
007FF30D B8 1F040000 MOV EAX,41F
007FF312 8BD0 MOV EDX,EAX
007FF314 8BC3 MOV EAX,EBX
007FF316 E8 B95FC0FF CALL 004052D4
007FF31B B8 1F040000 MOV EAX,41F
007FF320 8BC8 MOV ECX,EAX
007FF322 BE 69F37F00 MOV ESI,007FF369
007FF327 8B3B MOV EDI,[EBX]
007FF329 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR [ESI]
007FF32B 8BD0 MOV EDX,EAX
007FF32D 8BC3 MOV EAX,EBX
007FF32F E8 A05FC0FF CALL 004052D4
007FF334 5E POP ESI
007FF335 5B POP EBX
007FF336 C3 RETN
00595FC1 8B80 90000000 MOV EAX,[EAX+90]
00595FC7 E8 34932600 CALL 007FF300
00595FCC 8B55 C0 MOV EDX,[EBP-40]
;org call
004BB0A0 53 PUSH EBX
004BB0A1 56 PUSH ESI
004BB0A2 8BDA MOV EBX,EDX
53 56 8B DA 8B F0 83 C9 FF 33 D2 8B C6 E8 76 FE FF FF 8B D0 8B C3 E8 19 A2 F4 FF 8B 03 E8 8E 9E
F4 FF 8B C8 8B 13 8B C6 E8 5B FE FF FF 8B D0 8B C3 E8 FE A1 F4 FF 5E 5B C3 8D 40 00 55 8B EC 51
////////////
00762882 A1 AC085A00 MOV EAX,[5A08AC]
00762887 ^ E9 A9E4E2FF JMP 00590D35
0076288C 0000 ADD [EAX],AL
A1 AC 08 5A 00 E9 A9 E4 E2 FF 00 00 00 00 00 00
00590D2B E8 E88FFEFF CALL 00579D18
00590D30 E9 CB1A1D00 JMP 00762800
E8 E8 8F FE FF
/////////////////////////////////////////////////
60 8B 15 80 15 5A 00 42 52 68 9C 28 76 00 FF 15 34 15 80 00 8B D8 68 9C 28 76 00 FF 15 98 18 80
00 03 C3 C6 00 2F 40 8B 15 9C 0E 5A 00 42 52 50 FF 15 34 15 80 00 68 9C 28 76 00 FF 15 98 18 80
00 6A 00 83 C0 0C 50 B9 D0 5D 71 00 B8 90 28 76 00 33 D2 E8 78 23 D4 FF 68 D0 5D 71 00 FF 15 98
18 80 00 A3 38 5E 71 00 B8 FF FF FF FF A3 38 26 63 00 A3 18 29 64 00 A3 44 FD 70 00 A3 C4 5D 71
00 61 A1 AC 08 5A 00 E9 A9 E4 E2 FF 00 00 00 00 00 00 00 00 67 00 00 00 00 00 00 00 00 00 00 00
00762800 60 PUSHAD
00762801 8B15 80155A00 MOV EDX,[5A1580] ; main_dat.006325F4
00762807 42 INC EDX
00762808 52 PUSH EDX
00762809 68 9C287600 PUSH 76289C
0076280E FF15 34158000 CALL [801534] ; kernel32.lstrcpyA
00762814 8BD8 MOV EBX,EAX
00762816 68 9C287600 PUSH 76289C
0076281B FF15 98188000 CALL [801898] ; kernel32.lstrlenA
00762821 03C3 ADD EAX,EBX
00762823 C600 2F MOV BYTE PTR [EAX],2F
00762826 40 INC EAX
00762827 8B15 9C0E5A00 MOV EDX,[5A0E9C] ; main_dat.0063260C
0076282D 42 INC EDX
0076282E 52 PUSH EDX
0076282F 50 PUSH EAX
00762830 FF15 34158000 CALL [801534] ; kernel32.lstrcpyA
00762836 68 9C287600 PUSH 76289C
0076283B FF15 98188000 CALL [801898] ; kernel32.lstrlenA
00762841 6A 00 PUSH 0
00762843 83C0 0C ADD EAX,0C
00762846 50 PUSH EAX
00762847 B9 D05D7100 MOV ECX,715DD0
0076284C B8 90287600 MOV EAX,762890
00762851 33D2 XOR EDX,EDX
00762853 E8 7823D4FF CALL 004A4BD0 ; 004A4BD0
00762858 68 D05D7100 PUSH 715DD0
0076285D FF15 98188000 CALL [801898] ; kernel32.lstrlenA
00762863 A3 385E7100 MOV [715E38],EAX
00762868 B8 FFFFFFFF MOV EAX,-1
0076286D A3 38266300 MOV [632638],EAX
00762872 A3 18296400 MOV [642918],EAX
00762877 A3 44FD7000 MOV [70FD44],EAX
0076287C A3 C45D7100 MOV [715DC4],EAX
00762881 61 POPAD
00762882 A1 AC085A00 MOV EAX,[5A08AC]
00762887 ^ E9 A9E4E2FF JMP 00590D35 ; 00590D35
00762900 60 PUSHAD
00762901 B9 36000000 MOV ECX,36
00762906 BE 16297600 MOV ESI,762916
0076290B 8136 24698724 XOR DWORD PTR [ESI],24876924
00762911 83C6 04 ADD ESI,4
00762914 ^ E2 F5 LOOPD SHORT 0076290B ; 0076290B
60 B9 36 00 00 00 BE 16 29 76 00 81 36 24 69 87 24 83 C6 04 E2 F5
mycode
007FF200
007FF200 60 PUSHAD
007FF201 B9 20000000 MOV ECX,20
007FF206 BE 16F27F00 MOV ESI,7FF216
007FF20B 8136 24698724 XOR DWORD PTR [ESI],24876924
007FF211 83C6 04 ADD ESI,4
007FF214 ^ E2 F5 LOOPD SHORT 007FF20B ; 007FF20B
007FF216 8B15 80155A00 MOV EDX,[5A1580] ; main_dat.006325F4
007FF21C 42 INC EDX
007FF21D 52 PUSH EDX
007FF21E 68 DCF27F00 PUSH 7FF2DC
007FF223 FF15 34158000 CALL [801534] ; kernel32.lstrcpyA
007FF229 8BD8 MOV EBX,EAX
007FF22B 68 DCF27F00 PUSH 7FF2DC
007FF230 FF15 98188000 CALL [801898] ; kernel32.lstrlenA
007FF236 03C3 ADD EAX,EBX
007FF238 C600 2F MOV BYTE PTR [EAX],2F
007FF23B 40 INC EAX
007FF23C 8B15 9C0E5A00 MOV EDX,[5A0E9C] ; main_dat.0063260C
007FF242 42 INC EDX
007FF243 52 PUSH EDX
007FF244 50 PUSH EAX
007FF245 FF15 34158000 CALL [801534] ; kernel32.lstrcpyA
007FF24B 68 DCF27F00 PUSH 7FF2DC
007FF250 FF15 98188000 CALL [801898] ; kernel32.lstrlenA
007FF256 6A 00 PUSH 0
007FF258 83C0 0C ADD EAX,0C
007FF25B 50 PUSH EAX
007FF25C B9 D05D7100 MOV ECX,715DD0 ; ASCII "<<<<<BX<<<<<<<<<XryhTSEeXoTkdZZyxGgEmH^]ul"
007FF261 B8 D0F27F00 MOV EAX,7FF2D0
007FF266 33D2 XOR EDX,EDX
007FF268 E8 7823D4FF CALL 004A4BD0 ; 004A4BD0
007FF26D 68 D05D7100 PUSH 715DD0 ; ASCII "<<<<<BX<<<<<<<<<XryhTSEeXoTkdZZyxGgEmH^]ul"
007FF272 FF15 98188000 CALL [801898] ; kernel32.lstrlenA
007FF278 A3 385E7100 MOV [715E38],EAX
007FF27D B8 FFFFFFFF MOV EAX,-1
007FF282 A3 38266300 MOV [632638],EAX
007FF287 A3 18296400 MOV [642918],EAX
007FF28C A3 44FD7000 MOV [70FD44],EAX
007FF291 A3 C45D7100 MOV [715DC4],EAX
007FF296 B9 20000000 MOV ECX,20
007FF29B BE 16F27F00 MOV ESI,7FF216
007FF2A0 8136 24698724 XOR DWORD PTR [ESI],24876924
007FF2A6 83C6 04 ADD ESI,4
007FF2A9 ^\E2 F5 LOOPD SHORT 007FF2A0 ; 007FF2A0
007FF2AB 61 POPAD
007FF2AC - E9 7F1AD9FF JMP 00590D30 ; 00590D30
60 B9 20 00 00 00 BE 16 F2 7F 00 81 36 24 69 87 24 83 C6 04 E2 F5 AF 7C 07 31 7E 69 C5 76 4C B5
75 5B 24 96 92 10 31 E9 87 AF FC 01 5B D6 5B 69 78 31 BC 71 07 24 27 AA 41 24 0B 29 0C 31 B8 67
DD 24 66 3B D7 DB 31 5D 92 A4 24 01 5B D6 5B 69 78 31 BC 71 07 24 4E 69 04 E4 28 39 3E F4 79 18
87 9C F4 9B F8 24 17 BB 6F 47 7D A3 78 4C F4 34 F6 24 DB 7C 1F 3C A4 69 24 1C 7A 18 87 9C DB 96
78 DB 87 51 A1 47 24 CA 9F 0D 40 69 24 60 D9 19 87 87 E0 34 F6 24 B9 20 00 00 00 BE 16 F2 7F 00
81 36 24 69 87 24 83 C6 04 E2 F5 61 E9 7F 1A D9 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 67 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
;修改
00590D2B - E9 D0E42600 JMP 007FF200 ; 计算验证
00590D30 A1 AC085A00 MOV EAX,[5A08AC]
E9 D0 E4 26 00 A1 AC 08 5A 00 8B 00 83 B8 D4 00
/////////////////
00762900 60 PUSHAD
00762901 B9 36000000 MOV ECX,36
00762906 BE 16297600 MOV ESI,762916
0076290B 8136 24698724 XOR DWORD PTR [ESI],24876924
00762911 83C6 04 ADD ESI,4
00762914 ^ E2 F5 LOOPD SHORT 0076290B ; 0076290B
00762916 E8 4B000000 CALL 00762966 ; 00762966
0076291B 33C0 XOR EAX,EAX
0076291D BA 01000000 MOV EDX,1
00762922 E8 99FED9FF CALL 005027C0 ; 005027C0
00762927 E8 3A000000 CALL 00762966 ; 00762966
0076292C B8 7D297600 MOV EAX,76297D
00762931 BA 00C00000 MOV EDX,0C000
00762936 E8 85FED9FF CALL 005027C0 ; 005027C0
0076293B E8 26000000 CALL 00762966 ; 00762966
00762940 33C0 XOR EAX,EAX
00762942 BA 01000000 MOV EDX,1
00762947 E8 74FED9FF CALL 005027C0 ; 005027C0
0076294C E8 15000000 CALL 00762966 ; 00762966
00762951 B8 B7297600 MOV EAX,7629B7
00762956 BA 00C00000 MOV EDX,0C000
0076295B E8 60FED9FF CALL 005027C0 ; 005027C0
00762960 61 POPAD
00762961 ^ E9 479AE2FF JMP 0058C3AD ; 0058C3AD
00762966 58 POP EAX
00762967 6A 00 PUSH 0
00762969 6A 00 PUSH 0
0076296B 6A 00 PUSH 0
0076296D 6A 00 PUSH 0
0076296F 6A 00 PUSH 0
00762971 6A 00 PUSH 0
00762973 6A 00 PUSH 0
00762975 33C9 XOR ECX,ECX
00762977 FFE0 JMP EAX
;广告
36 00 00 00 CB CD B8 F8 C8 C8 D1 AA B4 AB C6 E6 32 38 C7 F8 C7 AC C0 A4 D1 F4 B9 E2 A1 E8 C4 FB
C3 CA B2 DD A3 AC D7 A3 CB FD CC EC CC EC D3 D0 BA C3 D0 C4 C7 E9 20 5E 5F 5E 36 00 00 00 C4 FA
B5 C4 C8 C8 D1 AA B4 AB C9 F1 CA A3 D3 E0 39 39 39 39 CC EC 30 D0 A1 CA B1 20 43 72 61 63 6B 65
64 20 62 79 20 D0 A1 C8 AB 20 32 30 30 35 2D 31 30 2D 31 30
60 B9 35 00 00 00 BE 16 29 76 00 81 36 24 69 87 24 83 C6 04 E2 F5 E8 4A 00 00 00 33 C0 BA 01 00
00 00 E8 99 FE D9 FF E8 39 00 00 00 B8 7C 29 76 00 BA 00 C0 00 00 E8 85 FE D9 FF E8 25 00 00 00
33 C0 BA 01 00 00 00 E8 74 FE D9 FF E8 14 00 00 00 B8 B6 29 76 00 BA 00 C0 00 00 E8 60 FE D9 FF
E9 87 00 00 00 58 6A 00 6A 00 6A 00 6A 00 6A 00 6A 00 6A 00 33 C9 FF E0 36 00 00 00 CB CD B8 F8
C8 C8 D1 AA B4 AB C6 E6 32 38 C7 F8 C7 AC C0 A4 D1 F4 B9 E2 A1 E8 C4 FB C3 CA B2 DD A3 AC D7 A3
CB FD CC EC CC EC D3 D0 BA C3 D0 C4 C7 E9 20 5E 5F 5E 36 00 00 00 C4 FA B5 C4 C8 C8 D1 AA B4 AB
C9 F1 CA A3 D3 E0 39 39 39 39 CC EC 30 D0 A1 CA B1 20 43 72 61 63 6B 65 64 20 62 79 20 D0 A1 C8
AB 20 32 30 30 35 2D 31 30 2D 31 30 B9 36 00 00 00 BE 16 29 76 00 81 36 24 69 87 24 83 C6 04 E2
F5 61 E9 A6 99 E2 FF 00 00 00 00 00 00 00 00 00
mycode
007FF0F0 60 PUSHAD
007FF0F1 B9 35000000 MOV ECX,35
60 B9 36 00 00 00 BE 06 F1 7F 00 81 36 24 69 87 24 83 C6 04 E2 F5 CC 23 87 24 24 5A 47 9E 25 69
87 24 CC C0 B1 F4 DB 81 BE 24 24 69 3F 48 D5 16 87 9E 24 A9 87 24 CC FC B1 F4 DB 81 A2 24 24 69
B4 E4 9E 68 87 24 24 81 03 12 F4 96 6F 30 24 69 87 9C 82 98 F8 24 9E 69 47 24 24 81 F7 12 F4 96
6E AD 24 69 87 7C 4E 69 ED 24 4E 69 ED 24 4E 69 ED 24 4E 69 B4 ED DB 89 B1 24 24 69 4C E9 9C 91
4F EC F5 C3 33 8F E2 8F B5 1C E3 91 40 88 E4 CD 56 D0 9D 8B 26 CC E0 92 44 EE 96 B4 24 88 F3 CA
4C D9 E8 85 4B C8 F7 B9 3D E7 F4 AD 40 CD 04 37 D8 7A 12 69 87 24 E0 93 32 E0 EC A1 56 8E 90 C2
4E D5 EE CA 54 C4 1D 50 BE 1D E8 85 B7 F4 85 A3 36 04 67 1B E6 47 4F 0C E3 04 46 10 A7 F4 85 A1
2C 04 16 59 B7 11 09 58 B7 09 15 59 87 24 B9 36 00 00 00 BE 06 F1 7F 00 81 36 24 69 87 24 83 C6
04 E2 F5 61 E9 B4 D1 D8 FF 00 00 00 00 00 00 00
007FF0F0 60 PUSHAD
007FF0F1 B9 36000000 MOV ECX,36
007FF0F6 BE 06F17F00 MOV ESI,7FF106
007FF0FB 8136 24698724 XOR DWORD PTR [ESI],24876924
007FF101 83C6 04 ADD ESI,4
007FF104 ^ E2 F5 LOOPD SHORT 007FF0FB ; 007FF0FB
007FF106 E8 4A000000 CALL 007FF155 ; 007FF155
007FF10B 33C0 XOR EAX,EAX
007FF10D BA 01000000 MOV EDX,1
007FF112 E8 A936D0FF CALL 005027C0 ; 005027C0
007FF117 E8 39000000 CALL 007FF155 ; 007FF155
007FF11C B8 6CF17F00 MOV EAX,7FF16C
007FF121 BA 00C00000 MOV EDX,0C000
007FF126 E8 9536D0FF CALL 005027C0 ; 005027C0
007FF12B E8 25000000 CALL 007FF155 ; 007FF155
007FF130 33C0 XOR EAX,EAX
007FF132 BA 01000000 MOV EDX,1
007FF137 E8 8436D0FF CALL 005027C0 ; 005027C0
007FF13C E8 14000000 CALL 007FF155 ; 007FF155
007FF141 B8 A6F17F00 MOV EAX,7FF1A6
007FF146 BA 00C00000 MOV EDX,0C000
007FF14B E8 7036D0FF CALL 005027C0 ; 005027C0
007FF150 E9 89000000 JMP 007FF1DE ; 007FF1DE
007FF155 58 POP EAX
007FF156 6A 00 PUSH 0
007FF158 6A 00 PUSH 0
007FF15A 6A 00 PUSH 0
007FF15C 6A 00 PUSH 0
007FF15E 6A 00 PUSH 0
007FF160 6A 00 PUSH 0
007FF162 6A 00 PUSH 0
007FF164 33C9 XOR ECX,ECX
007FF166 FFE0 JMP EAX
...
007FF1DE B9 36000000 MOV ECX,36
007FF1E3 BE 06F17F00 MOV ESI,7FF106
007FF1E8 8136 24698724 XOR DWORD PTR [ESI],24876924
007FF1EE 83C6 04 ADD ESI,4
007FF1F1 ^ E2 F5 LOOPD SHORT 007FF1E8 ; 007FF1E8
007FF1F3 61 POPAD
007FF1F4 - E9 B4D1D8FF JMP 0058C3AD ; 0058C3AD
007FF1F9 0000 ADD [EAX],AL
;修改
0058C360 - E9 8B2D2700 JMP 007FF0F0 ; 007FF0F0
0058C365 90 NOP
//////////////////////////////////////////////////////
004F5208 A1 CC0F5A00 MOV EAX,[5A0FCC]
004F520D C780 B8000000 F>MOV DWORD PTR [EAX+B8],-1
004F5208 - E9 F39D3000 JMP 007FF000 ; 007FF000
004F520D C780 B8000000 FFFFFFFF MOV DWORD PTR [EAX+B8],-1
00590D2B - E9 D0E42600 JMP 007FF200 ; 计算验证
0058C360 - E9 8B2D2700 JMP 007FF0F0 ; 广告
00590D2B E8 E88FFEFF CALL 00579D18 ; 计算验证
00590D30 A1 AC0
0058C360 6A 00 PUSH 0
0058C362 6A 00 PUSH 0
0058C364 00006A00
E9 8B2D27
272d8be9
00006A00
006a0000
E9 D0 E4 26 00 A1 AC 08
26e4d0e9 08aca100
007FF000 60 PUSHAD
007FF001 8B15 CC0F5A00 MOV EDX,[5A0FCC] ; main_dat.00624184
007FF007 83C2 1A ADD EDX,1A
007FF00A 8B02 MOV EAX,[EDX]
007FF00C 35 24698724 XOR EAX,24876924
007FF011 3D E3C54780 CMP EAX,8047C5E3
007FF016 74 2F JE SHORT 007FF047 ; 007FF047
007FF018 3D 96BD4BC8 CMP EAX,C84BBD96
007FF01D 74 28 JE SHORT 007FF047 ; 007FF047
007FF01F B8 2B0D5900 MOV EAX,590D2B
007FF024 C700 E9D0E426 MOV DWORD PTR [EAX],26E4D0E9
007FF02A 83C0 04 ADD EAX,4
007FF02D C700 00A1AC08 MOV DWORD PTR [EAX],8ACA100
007FF033 B8 60C35800 MOV EAX,58C360
007FF038 C700 E98B2D27 MOV DWORD PTR [EAX],272D8BE9
007FF03E 83C0 04 ADD EAX,4
007FF041 C700 00006A00 MOV DWORD PTR [EAX],6A0000
007FF047 61 POPAD
007FF048 A1 CC0F5A00 MOV EAX,[5A0FCC]
007FF04D - E9 BB61CFFF JMP 004F520D ; 004F520D
60 8B 15 CC 0F 5A 00 83 C2 1A 8B 02 35 24 69 87 24 3D E3 C5 47 80 74 2F 3D 96 BD 4B C8 74 28 B8
2B 0D 59 00 C7 00 E9 D0 E4 26 83 C0 04 C7 00 00 A1 AC 08 B8 60 C3 58 00 C7 00 E9 8B 2D 27 83 C0
04 C7 00 00 00 6A 00 61 A1 CC 0F 5A 00 E9 BB 61 CF FF
org
00590D2B E8 E88FFEFF CALL 00579D18 ; 计算验证
00590D30 A1 AC085A00 MOV EAX,[5A08AC]
E8 E8 8F FE FF A1 AC 08
0058C360 6A 00 PUSH 0
0058C362 6A 00 PUSH 0
0058C364 6A 00 PUSH 0
0058C366 6A 00 PUSH 0
6A 00 6A 00 6A 00 6A 00
007FF001 8B15 CC0F5A00 MOV EDX,[5A0FCC] ; main_dat.00624184
63dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4c8W2L8i4m8Q4x3X3g2E0K9h3&6A6k6r3&6K6i4K6u0W2L8X3g2@1i4K6u0r3k6r3!0%4L8W2)9J5c8X3y4I4x3e0V1&6j5#2)9J5k6i4u0S2M7R3`.`.
1,修正了2个明显的检查
2,修复n个不明显的检查
3,修正前版本的破解缺陷
4,优化了破解算法
5,限制28乾坤和90苍天的用户使用
2005-10-11 3:28
007FF016 /EB 07 JMP SHORT 007FF01F ; 007FF01F
007FF018 |3D 96BD4BC8 CMP EAX,C84BBD96
00586844 /EB 0B JMP SHORT 00586851 ; 00586851
00586846 |A1 E41E5A00 MOV EAX,[5A1EE4]
2005-10-12 16:34
Call stack of main thread
Address Stack Procedure / arguments Called from Frame
0012FD9C 77E8A243 Includes ntdll.77F8915E kernel32.77E8A241 0012FDB8
0012FDBC 77E8A20E kernel32.SleepEx kernel32.77E8A209 0012FDB8
0012FDC0 00000000 Timeout = 0. ms
0012FDC4 00000000 Alertable = FALSE
0012FDC8 004240B1 hotcs.0040E548 hotcs.004240AC 0012FE1C
0012FDFC 00423DBE hotcs.00424074 hotcs.00423DB9 0012FE1C
0012FE08 00403EB3 Includes hotcs.00423DBE hotcs.00403EB0 0012FE1C
0012FE0C 0059001C hotcs.00403EA8 hotcs.00590017 0012FE1C
0012FE20 0058E10E hotcs.0058FFD8 hotcs.0058E109 0012FE1C
0012FE44 0044162E Includes hotcs.0058E10E hotcs.0044162B 0012FE40
0012FE4C 00441514 hotcs.004040A4 hotcs.0044150F 0012FE6C
0012FE70 0042517E Includes hotcs.00441514 hotcs.0042517C 0012FE6C
0012FE88 77E1A420 Includes hotcs.0042517E user32.77E1A41D 0012FE84
0012FEA8 77DF4605 user32.77E1A408 user32.77DF4600 0012FEA4
0012FF34 77DF5B77 user32.77DF4321 user32.77DF5B72 0012FF30
0012FF40 0046BE3C hotcs.004079BC hotcs.0046BE37 0012FFA8
0012FF58 0046BE73 hotcs.0046BDB4 hotcs.0046BE6E 0012FFA8
0012FF7C 0046C093 hotcs.0046BE64 hotcs.0046C08E 0012FFA8
0012FFAC 008055BA hotcs.0046BFF8 hotcs.008055B5 0012FFA8
004240A5 E8 323CFEFF CALL 00407CDC ; 00407CDC
004240AA 6A 00 PUSH 0
004240AC E8 97A4FEFF CALL 0040E548 ; 0040E548
004240B1 E8 3AFAFFFF CALL 00423AF0 ; 00423AF0
0040E547 90 NOP
0040E548 - FF25 18168000 JMP [801618]
0040E54E 8BC0 MOV EAX,EAX
0040E550 55 PUSH EBP
0058E0F1 A1 90095A00 MOV EAX,[5A0990]
0058E0F6 8178 18 D07E010>CMP DWORD PTR [EAX+18],17ED0 ;经验值大于0x17ED0,开始检查
0058E0FD 7E 1C JLE SHORT 0058E11B ; 0058E11B
0058E0FF A1 48075A00 MOV EAX,[5A0748]
0058E104 8338 00 CMP DWORD PTR [EAX],0
0058E107 75 12 JNZ SHORT 0058E11B ; 0058E11B
0058E109 E8 CA1E0000 CALL 0058FFD8 ; 0058FFD8
0058E10E E8 A9C8F1FF CALL 004AA9BC ; <JMP.&winmm.timeGetTime>
0058FFFA 8B45 F4 MOV EAX,[EBP-C]
0058FFFD 66:8378 06 04 CMP WORD PTR [EAX+6],4 ;节数>4出错
00590002 76 42 JBE SHORT 00590046 ; 00590046
00590004 A1 D8195A00 MOV EAX,[5A19D8]
0058FFFD 66:8378 06 06 CMP WORD PTR [EAX+6],6
00590002 74 42 JE SHORT 00590046 ; 00590046
;出错随机
004ED98E A1 7C0B5A00 MOV EAX,[5A0B7C]
004ED993 8338 00 CMP DWORD PTR [EAX],0
;靠墙
00549F78 8B0D 8C225A00 MOV ECX,[5A228C] ; main_dat.007339C0
00549F7E 8B09 MOV ECX,[ECX]
00549F80 BA 5CB75400 MOV EDX,54B75C ; isnearwall
00549F85 B8 18AF5400 MOV EAX,54AF18 ; main
00549F8A E8 65F4FFFF CALL 005493F4 ; 005493F4
00541F02 B9 A03D5400 MOV ECX,543DA0 ; isnearwall
00541F07 BA 74355400 MOV EDX,543574 ; main
00541F0C 8B45 F8 MOV EAX,[EBP-8]
00541F0F 8B18 MOV EBX,[EAX]
00541F11 FF53 10 CALL [EBX+10]
00541F14 F6D8 NEG AL
00541F16 1BC0 SBB EAX,EAX
00541F18 8B15 8C225A00 MOV EDX,[5A228C] ; main_dat.007339C0
00541F1E 8902 MOV [EDX],EAX
[培训]传播安全知识、拓宽行业人脉——看雪讲师团队等你加入!
赞赏
|
|
|---|---|
|
|
他的文章
- [原创]来个传说中不可破解的CrackMe--壹只老虎CrackMe01_Delphi 算密钥 5327
- 可以在softice下跑的icesword.v1.12 13497
- Themida1.3.3.0正式版破解 29217
- aspr族谱 4295
- 是不是原创?远程线程注入应用2则代码 4813
赞赏
雪币:
留言:
