0043EC30    .  64:A1 00>mov eax,dword ptr fs:[0]
0043EC36    .  6A FF    push -1
0043EC38    .  68 B8144>push USBTrace.004814B8
0043EC3D    .  50       push eax
0043EC3E    .  64:8925 >mov dword ptr fs:[0],esp
0043EC45    .  83EC 08  sub esp,8
0043EC48    .  53       push ebx
0043EC49    .  55       push ebp
0043EC4A    .  56       push esi
0043EC4B    .  57       push edi
0043EC4C    .  8BF1     mov esi,ecx
0043EC4E    .  6A 01    push 1
0043EC50    .  E8 2A370>call USBTrace.0046237F
0043EC55    .  E8 08600>call USBTrace.00464C62
0043EC5A    .  85C0     test eax,eax
0043EC5C    .  74 0B    je short USBTrace.0043EC69               ===>
0043EC5E    .  8B10     mov edx,dword ptr ds:[eax]
0043EC60    .  8BC8     mov ecx,eax
0043EC62    .  FF52 74  call dword ptr ds:[edx+74]
0043EC65    .  8BE8     mov ebp,eax
0043EC67    .  EB 02    jmp short USBTrace.0043EC6B
0043EC69    >  33ED     xor ebp,ebp
0043EC6B    >  51       push ecx
0043EC6C    .  8D7E 5C  lea edi,dword ptr ds:[esi+5C]
0043EC6F    .  8BCC     mov ecx,esp
0043EC71    .  896424 1>mov dword ptr ss:[esp+14],esp
0043EC75    .  57       push edi
0043EC76    .  E8 17460>call USBTrace.00463292
0043EC7B    .  51       push ecx
0043EC7C    .  8D5E 60  lea ebx,dword ptr ds:[esi+60]
0043EC7F    .  8BCC     mov ecx,esp
0043EC81    .  896424 1>mov dword ptr ss:[esp+1C],esp
0043EC85    .  53       push ebx
0043EC86    .  C74424 2>mov dword ptr ss:[esp+2C],0
0043EC8E    .  E8 FF450>call USBTrace.00463292
0043EC93    .  8BCD     mov ecx,ebp                              ; |
0043EC95    .  C74424 2>mov dword ptr ss:[esp+28],-1             ; |
0043EC9D    .  E8 AEF0F>call USBTrace.0043DD50                   ; \USBTrace.0043DD50
0043ECA2    .  85C0     test eax,eax                             ===>eax是call的返回值，eax＝1则成功，eax＝0则失败
0043ECA4    .  74 60    je short USBTrace.0043ED06               ===>不能跳
0043ECA6    .  E8 45830>call USBTrace.00476FF0
0043ECAB    .  8B68 04  mov ebp,dword ptr ds:[eax+4]
0043ECAE    .  8B03     mov eax,dword ptr ds:[ebx]
0043ECB0    .  50       push eax                                 ; /Arg3
0043ECB1    .  68 ACB74>push USBTrace.004AB7AC                   ; |Arg2 = 004AB7AC ASCII "UserName"
0043ECB6    .  68 A4B74>push USBTrace.004AB7A4                   ; |Arg1 = 004AB7A4 ASCII "RegInfo"
0043ECBB    .  8BCD     mov ecx,ebp                              ; |
0043ECBD    .  E8 F8B90>call USBTrace.0046A6BA                   ; \USBTrace.0046A6BA
0043ECC2    .  8B0F     mov ecx,dword ptr ds:[edi]
0043ECC4    .  51       push ecx                                 ; /Arg3
0043ECC5    .  68 9CB74>push USBTrace.004AB79C                   ; |Arg2 = 004AB79C ASCII "RegCode"
0043ECCA    .  68 A4B74>push USBTrace.004AB7A4                   ; |Arg1 = 004AB7A4 ASCII "RegInfo"
0043ECCF    .  8BCD     mov ecx,ebp                              ; |
0043ECD1    .  E8 E4B90>call USBTrace.0046A6BA                   ; \USBTrace.0046A6BA
0043ECD6    .  6A 40    push 40
0043ECD8    .  68 A4B14>push USBTrace.004AB1A4                   ;  ASCII "USBTrace"
0043ECDD    .  68 64B84>push USBTrace.004AB864                   ;  ASCII "Congratulations. You have successfully registered 

USBTrace"
0043ECE2    .  8BCE     mov ecx,esi
0043ECE4    .  E8 912A0>call USBTrace.0046177A
0043ECE9    .  8B16     mov edx,dword ptr ds:[esi]
0043ECEB    .  8BCE     mov ecx,esi
0043ECED    .  FF92 C40>call dword ptr ds:[edx+C4]
0043ECF3    .  8B4C24 1>mov ecx,dword ptr ss:[esp+18]
0043ECF7    .  64:890D >mov dword ptr fs:[0],ecx
0043ECFE    .  5F       pop edi
0043ECFF    .  5E       pop esi
0043ED00    .  5D       pop ebp
0043ED01    .  5B       pop ebx
0043ED02    .  83C4 14  add esp,14
0043ED05    .  C3       retn
0043ED06    >  6A 30    push 30
0043ED08    .  68 50B84>push USBTrace.004AB850                   ;  ASCII "Registration Failed"
0043ED0D    .  68 34B84>push USBTrace.004AB834                   ;  ASCII "Invalid registration code"
0043ED12    .  8BCE     mov ecx,esi
0043ED14    .  E8 612A0>call USBTrace.0046177A
0043ED19    .  8B06     mov eax,dword ptr ds:[esi]
0043ED1B    .  8BCE     mov ecx,esi
0043ED1D    .  FF90 C80>call dword ptr ds:[eax+C8]
0043ED23    .  8B4C24 1>mov ecx,dword ptr ss:[esp+18]
0043ED27    .  5F       pop edi
0043ED28    .  5E       pop esi
0043ED29    .  5D       pop ebp
0043ED2A    .  64:890D >mov dword ptr fs:[0],ecx
0043ED31    .  5B       pop ebx
0043ED32    .  83C4 14  add esp,14
0043ED35    .  C3       retn

0043DD50   /$  6A FF    push -1
0043DD52   |.  68 60134>push USBTrace.00481360                   ;  SE handler installation
0043DD57   |.  64:A1 00>mov eax,dword ptr fs:[0]
0043DD5D   |.  50       push eax
0043DD5E   |.  64:8925 >mov dword ptr fs:[0],esp
0043DD65   |.  83EC 0C  sub esp,0C
0043DD68   |.  56       push esi
0043DD69   |.  57       push edi
0043DD6A   |.  8BF9     mov edi,ecx
0043DD6C   |.  C74424 1>mov dword ptr ss:[esp+1C],0
0043DD74   |.  A1 A0DD4>mov eax,dword ptr ds:[4ADDA0]
0043DD79   |.  894424 0>mov dword ptr ss:[esp+C],eax
0043DD7D   |.  894424 0>mov dword ptr ss:[esp+8],eax
0043DD81   |.  8D4424 0>lea eax,dword ptr ss:[esp+C]
0043DD85   |.  8D5424 2>lea edx,dword ptr ss:[esp+24]
0043DD89   |.  50       push eax
0043DD8A   |.  51       push ecx
0043DD8B   |.  8BCC     mov ecx,esp
0043DD8D   |.  896424 1>mov dword ptr ss:[esp+18],esp
0043DD91   |.  52       push edx
0043DD92   |.  C64424 2>mov byte ptr ss:[esp+28],3
0043DD97   |.  E8 F6540>call USBTrace.00463292
0043DD9C   |.  8BCF     mov ecx,edi                              ; |
0043DD9E   |.  E8 DD000>call USBTrace.0043DE80                   ; \USBTrace.0043DE80 ＝＝》这个call要跟进
0043DDA3   |.  8BF0     mov esi,eax                              ；eax是标志，应该为1
0043DDA5   |.  85F6     test esi,esi                        
0043DDA7   |.  74 3F    je short USBTrace.0043DDE8
0043DDA9   |.  8D4424 2>lea eax,dword ptr ss:[esp+28]
0043DDAD   |.  8D4C24 0>lea ecx,dword ptr ss:[esp+8]
0043DDB1   |.  50       push eax
0043DDB2   |.  E8 9F580>call USBTrace.00463656
0043DDB7   |.  8D4C24 0>lea ecx,dword ptr ss:[esp+C]
0043DDBB   |.  51       push ecx
0043DDBC   |.  8BCF     mov ecx,edi
0043DDBE   |.  E8 7D000>call USBTrace.0043DE40

0043DDC3   |.  8D5424 0>lea edx,dword ptr ss:[esp+8]
0043DDC7   |.  8BCF     mov ecx,edi
0043DDC9   |.  52       push edx
0043DDCA   |.  E8 71000>call USBTrace.0043DE40

0043DDCF   |.  8B4424 0>mov eax,dword ptr ss:[esp+8]
0043DDD3   |.  8B4C24 0>mov ecx,dword ptr ss:[esp+C]
0043DDD7   |.  50       push eax                                 ; /Arg2＝假注册码
0043DDD8   |.  51       push ecx                                 ; |Arg1＝真注册码
0043DDD9   |.  E8 E8FC0>call USBTrace.0044DAC6                   ; \USBTrace.0044DAC6

0043DDDE   |.  8BF0     mov esi,eax                               ；eax为1，正确；为0，错误
0043DDE0   |.  83C4 08  add esp,8
0043DDE3   |.  F7DE     neg esi
0043DDE5   |.  1BF6     sbb esi,esi
0043DDE7   |.  46       inc esi
0043DDE8   |>  8D4C24 0>lea ecx,dword ptr ss:[esp+8]
0043DDEC   |.  C64424 1>mov byte ptr ss:[esp+1C],2
0043DDF1   |.  E8 27570>call USBTrace.0046351D
0043DDF6   |.  8D4C24 0>lea ecx,dword ptr ss:[esp+C]
0043DDFA   |.  C64424 1>mov byte ptr ss:[esp+1C],1
0043DDFF   |.  E8 19570>call USBTrace.0046351D
0043DE04   |.  8D4C24 2>lea ecx,dword ptr ss:[esp+24]
0043DE08   |.  C64424 1>mov byte ptr ss:[esp+1C],0
0043DE0D   |.  E8 0B570>call USBTrace.0046351D
0043DE12   |.  8D4C24 2>lea ecx,dword ptr ss:[esp+28]
0043DE16   |.  C74424 1>mov dword ptr ss:[esp+1C],-1
0043DE1E   |.  E8 FA560>call USBTrace.0046351D
0043DE23   |.  8B4C24 1>mov ecx,dword ptr ss:[esp+14]
0043DE27   |.  8BC6     mov eax,esi
0043DE29   |.  5F       pop edi
0043DE2A   |.  64:890D >mov dword ptr fs:[0],ecx
0043DE31   |.  5E       pop esi
0043DE32   |.  83C4 18  add esp,18
0043DE35   \.  C2 0800  retn 8

0043DE80   /$  6A FF    push -1
0043DE82   |.  68 A4134>push USBTrace.004813A4                   ;  SE handler installation
0043DE87   |.  64:A1 00>mov eax,dword ptr fs:[0]
0043DE8D   |.  50       push eax
0043DE8E   |.  64:8925 >mov dword ptr fs:[0],esp
0043DE95   |.  81EC 300>sub esp,130
0043DE9B   |.  53       push ebx
0043DE9C   |.  55       push ebp
0043DE9D   |.  56       push esi
0043DE9E   |.  57       push edi
0043DE9F   |.  A1 A0DD4>mov eax,dword ptr ds:[4ADDA0]
0043DEA4   |.  33F6     xor esi,esi
0043DEA6   |.  89B424 4>mov dword ptr ss:[esp+148],esi
0043DEAD   |.  33ED     xor ebp,ebp
0043DEAF   |.  894424 3>mov dword ptr ss:[esp+34],eax
0043DEB3   |.  897424 2>mov dword ptr ss:[esp+28],esi
0043DEB7   |.  897424 2>mov dword ptr ss:[esp+24],esi
0043DEBB   |.  897424 3>mov dword ptr ss:[esp+38],esi
0043DEBF   |.  33FF     xor edi,edi
0043DEC1   |.  894424 1>mov dword ptr ss:[esp+18],eax
0043DEC5   |.  894424 1>mov dword ptr ss:[esp+1C],eax
0043DEC9   |.  894424 1>mov dword ptr ss:[esp+14],eax
0043DECD   |.  8B8424 5>mov eax,dword ptr ss:[esp+150]
0043DED4   |.  C68424 4>mov byte ptr ss:[esp+148],4
0043DEDC   |.  8B40 F8  mov eax,dword ptr ds:[eax-8]              ；用户名的长度
0043DEDF   |.  83F8 04  cmp eax,4                                ；长度要大于等于4
0043DEE2   |.  0F8C F40>jl USBTrace.0043E0DC
0043DEE8   |.  E8 03910>call USBTrace.00476FF0
0043DEED   |.  8B40 08  mov eax,dword ptr ds:[eax+8]             ；eax＝00400000，上面call的返回值
0043DEF0   |.  8D4C24 3>lea ecx,dword ptr ss:[esp+3C]
0043DEF4   |.  68 04010>push 104                                 ; /BufSize = 104 (260.)
0043DEF9   |.  51       push ecx                                 ; |PathBuffer＝0012F228
0043DEFA   |.  50       push eax                                 ; |hModule = 00400000 (USBTrace)
0043DEFB   |.  FF15 EC4>call dword ptr ds:[<&KERNEL32.GetModuleF>; \GetModuleFileNameA

0043DF01   |.  85C0     test eax,eax
0043DF03   |.  0F84 D30>je USBTrace.0043E0DC
0043DF09   |.  8D5424 2>lea edx,dword ptr ss:[esp+24]
0043DF0D   |.  8D4424 3>lea eax,dword ptr ss:[esp+3C]
0043DF11   |.  52       push edx                                 ; /pHandle
0043DF12   |.  50       push eax                                 ; |FileName
0043DF13   |.  E8 84700>call <jmp.&VERSION.GetFileVersionInfoSiz>; \GetFileVersionInfoSizeA
0043DF18   |.  8BD8     mov ebx,eax
0043DF1A   |.  85DB     test ebx,ebx
0043DF1C   |.  0F84 BA0>je USBTrace.0043E0DC
0043DF22   |.  53       push ebx
0043DF23   |.  E8 27040>call USBTrace.0044E34F
0043DF28   |.  83C4 04  add esp,4
0043DF2B   |.  894424 2>mov dword ptr ss:[esp+20],eax
0043DF2F   |.  85C0     test eax,eax
0043DF31   |.  0F84 A50>je USBTrace.0043E0DC
0043DF37   |.  8B4C24 2>mov ecx,dword ptr ss:[esp+24]
0043DF3B   |.  50       push eax                                 ; /Buffer＝003F82B0
0043DF3C   |.  53       push ebx                                 ; |BufSize
0043DF3D   |.  8D5424 4>lea edx,dword ptr ss:[esp+44]            ; |
0043DF41   |.  51       push ecx                                 ; |Reserved
0043DF42   |.  52       push edx                                 ; |FileName
0043DF43   |.  E8 4E700>call <jmp.&VERSION.GetFileVersionInfoA>  ; \GetFileVersionInfoA
0043DF48   |.  85C0     test eax,eax
0043DF4A   |.  0F84 7F0>je USBTrace.0043E0CF
0043DF50   |.  8B5424 2>mov edx,dword ptr ss:[esp+20]            ；003F82B0，Buffer
0043DF54   |.  8D4424 3>lea eax,dword ptr ss:[esp+38]
0043DF58   |.  8D4C24 2>lea ecx,dword ptr ss:[esp+28]
0043DF5C   |.  50       push eax                                 ; /pValueSize
0043DF5D   |.  51       push ecx                                 ; |ppValue
0043DF5E   |.  68 00E94>push USBTrace.0049E900                   ; |pSubBlock = "\"
0043DF63   |.  52       push edx                                 ; |pBlock＝003F82B0
0043DF64   |.  E8 27700>call <jmp.&VERSION.VerQueryValueA>       ; \VerQueryValueA

[招生]系统0day安全班，企业级设备固件漏洞挖掘，Linux平台漏洞挖掘！