【文章标题】: abexcm1.exe
【文章作者】: Jammy
【作者邮箱】: Jammy.linux@gmail.com
【作者主页】: http://spaces.msn.com/jammyshare/
【作者声明】: 仅作技术交流之用
--------------------------------------------------------------------------------
【详细过程】
+++++++++++++++++++ ASSEMBLY CODE LISTING ++++++++++++++++++
//********************** Start of Code in Object CODE **************
Program Entry Point = 00401000 (abexcm1.exe File Offset:00001800)
//******************** Program Entry Point ********
:00401000 6A00 push 00000000
:00401002 6800204000 push 00402000
* Possible StringData Ref from Data Obj ->"Make me think your HD is a CD-Rom."
|
:00401007 6812204000 push 00402012
:0040100C 6A00 push 00000000
* Reference To: USER32.MessageBoxA, Ord:0000h
|
:0040100E E84E000000 Call 00401061
* Possible StringData Ref from Data Obj ->"c:\"
|
:00401013 6894204000 push 00402094
* Reference To: KERNEL32.GetDriveTypeA, Ord:0000h
//UINT GetDriveType(LPCTSTR lpRootPathName);
//lpRootPathName指向需要返回信息的磁盘的根目录的
//的非空字符串
//返回设备类型
:00401018 E838000000 Call 00401055
:0040101D 46 inc esi
:0040101E 48 dec eax
:0040101F EB00 jmp 00401021
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040101F(U)
|
:00401021 46 inc esi
:00401022 46 inc esi
:00401023 48 dec eax
:00401024 3BC6 cmp eax, esi
:00401026 7415 je 0040103D /////关键跳转
/////改为jmp,OK
:00401028 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"Error"
|
:0040102A 6835204000 push 00402035
* Possible StringData Ref from Data Obj ->"Nah... This is not a CD-ROM Drive!"
|
:0040102F 683B204000 push 0040203B
:00401034 6A00 push 00000000
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401026(C)
|
:0040103D 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"YEAH!"
|
:0040103F 685E204000 push 0040205E
* Possible StringData Ref from Data Obj ->"Ok, I really think that your HD "
->"is a CD-ROM! :p"
|
:00401044 6864204000 push 00402064
:00401049 6A00 push 00000000
* Reference To: USER32.MessageBoxA, Ord:0000h
|
:0040104B E811000000 Call 00401061
