能力值:
( LV2,RANK:10 )
|
-
-
7 楼
10001000 /$ 56 push esi
10001001 |. 57 push edi
10001002 |. FF15 08500010 call dword ptr ds:[<&KERNEL32.GetCom>; [GetCommandLineA
10001008 |. 8BF0 mov esi,eax
1000100A |. 8A06 mov al,byte ptr ds:[esi]
1000100C |. 46 inc esi
1000100D |. 3C 22 cmp al,22
1000100F |. 75 3E jnz short car_exam.1000104F
10001011 |. E8 DA000000 call car_exam.100010F0
10001016 |. 85C0 test eax,eax
10001018 |. 6A 22 push 22
1000101A |. 56 push esi
1000101B |. 74 07 je short car_exam.10001024
1000101D |. E8 7E070000 call car_exam.100017A0
10001022 |. EB 05 jmp short car_exam.10001029
10001024 |> E8 B7060000 call car_exam.100016E0
10001029 |> 8BD0 mov edx,eax
1000102B |. 83C4 08 add esp,8
1000102E |. 85D2 test edx,edx
10001030 |. 74 44 je short car_exam.10001076
10001032 |. 8BFA mov edi,edx
10001034 |. 83C9 FF or ecx,FFFFFFFF
10001037 |. 33C0 xor eax,eax
10001039 |. F2:AE repne scas byte ptr es:[edi]
1000103B |. F7D1 not ecx
1000103D |. 49 dec ecx
1000103E |. 83F9 02 cmp ecx,2
10001041 |. 77 07 ja short car_exam.1000104A
10001043 |. BE B0840010 mov esi,car_exam.100084B0
10001048 |. EB 2C jmp short car_exam.10001076
1000104A |> 8D72 02 lea esi,dword ptr ds:[edx+2]
1000104D |. EB 27 jmp short car_exam.10001076
1000104F |> E8 9C000000 call car_exam.100010F0
10001054 |. 85C0 test eax,eax
10001056 |. 6A 20 push 20
10001058 |. 56 push esi
10001059 |. 74 07 je short car_exam.10001062
1000105B |. E8 40070000 call car_exam.100017A0
10001060 |. EB 05 jmp short car_exam.10001067
10001062 |> E8 79060000 call car_exam.100016E0
10001067 |> 83C4 08 add esp,8
1000106A |. BE B4840010 mov esi,car_exam.100084B4
1000106F |. 85C0 test eax,eax
10001071 |. 74 03 je short car_exam.10001076
10001073 |. 8D70 01 lea esi,dword ptr ds:[eax+1]
10001076 |> 8B4C24 18 mov ecx,dword ptr ss:[esp+18]
1000107A |. 8B5424 10 mov edx,dword ptr ss:[esp+10]
1000107E |. 8B4424 0C mov eax,dword ptr ss:[esp+C]
10001082 |. 6A 00 push 0
10001084 |. 68 E8030000 push 3E8
10001089 |. 51 push ecx
1000108A |. 56 push esi
1000108B |. 52 push edx
1000108C |. 50 push eax
1000108D |. E8 2E060000 call <jmp.&PBVM80.#137>
10001092 |. 5F pop edi
10001093 |. 5E pop esi
10001094 \. C2 1000 retn 10
10001097 90 nop
10001098 90 nop
10001099 90 nop
1000109A 90 nop
1000109B 90 nop
1000109C 90 nop
1000109D 90 nop
1000109E 90 nop
1000109F 90 nop
100010A0 . E9 0B000000 jmp car_exam.100010B0
100010A5 90 nop
100010A6 90 nop
100010A7 90 nop
100010A8 90 nop
100010A9 90 nop
100010AA 90 nop
100010AB 90 nop
100010AC 90 nop
100010AD 90 nop
100010AE 90 nop
100010AF 90 nop
100010B0 > E8 0B000000 call car_exam.100010C0
100010B5 . A3 B8840010 mov dword ptr ds:[100084B8],eax
100010BA . C3 retn
100010BB 90 nop
100010BC 90 nop
100010BD 90 nop
100010BE 90 nop
100010BF 90 nop
100010C0 /$ 83EC 14 sub esp,14
100010C3 |. 8D4424 00 lea eax,dword ptr ss:[esp]
100010C7 |. 50 push eax ; /pCPInfo
100010C8 |. 6A 00 push 0 ; |CodePage = CP_ACP
100010CA |. FF15 0C500010 call dword ptr ds:[<&KERNEL32.GetCPI>; \GetCPInfo
100010D0 |. 8B5424 00 mov edx,dword ptr ss:[esp]
100010D4 |. B9 01000000 mov ecx,1
100010D9 |. 3BCA cmp ecx,edx
100010DB |. 1BC0 sbb eax,eax
100010DD |. F7D8 neg eax
100010DF |. 83C4 14 add esp,14
100010E2 \. C3 retn
100010E3 90 nop
100010E4 90 nop
100010E5 90 nop
100010E6 90 nop
100010E7 90 nop
100010E8 90 nop
100010E9 90 nop
100010EA 90 nop
100010EB 90 nop
100010EC 90 nop
100010ED 90 nop
100010EE 90 nop
100010EF 90 nop
100010F0 /$ A1 B8840010 mov eax,dword ptr ds:[100084B8]
100010F5 \. C3 retn
100010F6 90 nop
100010F7 90 nop
100010F8 90 nop
100010F9 90 nop
100010FA 90 nop
100010FB 90 nop
100010FC 90 nop
100010FD 90 nop
100010FE 90 nop
100010FF 90 nop
10001100 . 51 push ecx
10001101 . 8B4424 0C mov eax,dword ptr ss:[esp+C]
10001105 . 33D2 xor edx,edx
10001107 . 53 push ebx
10001108 . 55 push ebp
10001109 . 8AD4 mov dl,ah
1000110B . 56 push esi
1000110C . 8BC8 mov ecx,eax
1000110E . 57 push edi
1000110F . 8BEA mov ebp,edx
10001111 . 33FF xor edi,edi
10001113 . 81E1 FF000000 and ecx,0FF
10001119 . 85ED test ebp,ebp
1000111B . 894C24 10 mov dword ptr ss:[esp+10],ecx
1000111F . 75 20 jnz short car_exam.10001141
10001121 . 85C9 test ecx,ecx
10001123 . 75 1C jnz short car_exam.10001141
10001125 . 8B5424 18 mov edx,dword ptr ss:[esp+18]
10001129 . 83C9 FF or ecx,FFFFFFFF
1000112C . 8BFA mov edi,edx
1000112E . 33C0 xor eax,eax
10001130 . F2:AE repne scas byte ptr es:[edi]
10001132 . F7D1 not ecx
10001134 . 49 dec ecx
10001135 . 8BC1 mov eax,ecx
10001137 . 03C2 add eax,edx
10001139 . 5F pop edi
1000113A . 5E pop esi
1000113B . 5D pop ebp
1000113C . 5B pop ebx
1000113D . 59 pop ecx
1000113E . C2 0800 retn 8
10001141 > 8B7424 18 mov esi,dword ptr ss:[esp+18]
10001145 . 33DB xor ebx,ebx
10001147 . 803E 00 cmp byte ptr ds:[esi],0
1000114A . 74 51 je short car_exam.1000119D
1000114C . EB 04 jmp short car_exam.10001152
1000114E > 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
10001152 > 85FF test edi,edi
10001154 . 74 1D je short car_exam.10001173
10001156 . 33FF xor edi,edi
10001158 . 85ED test ebp,ebp
1000115A . 74 39 je short car_exam.10001195
1000115C . 8D46 FF lea eax,dword ptr ds:[esi-1]
1000115F . 33D2 xor edx,edx
10001161 . 8A10 mov dl,byte ptr ds:[eax]
10001163 . 3BD5 cmp edx,ebp
10001165 . 75 2E jnz short car_exam.10001195
10001167 . 33D2 xor edx,edx
10001169 . 8A16 mov dl,byte ptr ds:[esi]
1000116B . 3BD1 cmp edx,ecx
1000116D . 75 26 jnz short car_exam.10001195
1000116F . 8BD8 mov ebx,eax
10001171 . EB 22 jmp short car_exam.10001195
10001173 > 8A06 mov al,byte ptr ds:[esi]
10001175 . 50 push eax ; /TestChar
10001176 . FF15 10500010 call dword ptr ds:[<&KERNEL32.IsDBCS>; \IsDBCSLeadByte
1000117C . 85C0 test eax,eax
1000117E . 74 07 je short car_exam.10001187
10001180 . BF 01000000 mov edi,1
10001185 . EB 0E jmp short car_exam.10001195
10001187 > 8B4424 1C mov eax,dword ptr ss:[esp+1C]
1000118B . 33C9 xor ecx,ecx
1000118D . 8A0E mov cl,byte ptr ds:[esi]
1000118F . 3BC8 cmp ecx,eax
10001191 . 75 02 jnz short car_exam.10001195
10001193 . 8BDE mov ebx,esi
10001195 > 8A46 01 mov al,byte ptr ds:[esi+1]
10001198 . 46 inc esi
10001199 . 84C0 test al,al
1000119B .^ 75 B1 jnz short car_exam.1000114E
1000119D > 5F pop edi
1000119E . 5E pop esi
1000119F . 8BC3 mov eax,ebx
100011A1 . 5D pop ebp
100011A2 . 5B pop ebx
100011A3 . 59 pop ecx
100011A4 . C2 0800 retn 8
100011A7 90 nop
100011A8 90 nop
100011A9 90 nop
100011AA 90 nop
100011AB 90 nop
100011AC 90 nop
100011AD 90 nop
100011AE 90 nop
100011AF 90 nop
100011B0 /$ 51 push ecx
100011B1 |. 8B4424 0C mov eax,dword ptr ss:[esp+C]
100011B5 |. 53 push ebx
100011B6 |. 33C9 xor ecx,ecx
100011B8 |. 55 push ebp
100011B9 |. 56 push esi
100011BA |. 8ACC mov cl,ah
100011BC |. 57 push edi
100011BD |. 8BD8 mov ebx,eax
100011BF |. 33FF xor edi,edi
100011C1 |. 8BE9 mov ebp,ecx
100011C3 |. 81E3 FF000000 and ebx,0FF
100011C9 |. 3BEF cmp ebp,edi
100011CB |. 75 20 jnz short car_exam.100011ED
100011CD |. 3BDF cmp ebx,edi
100011CF |. 75 1C jnz short car_exam.100011ED
100011D1 |. 8B5424 18 mov edx,dword ptr ss:[esp+18]
100011D5 |. 83C9 FF or ecx,FFFFFFFF
100011D8 |. 8BFA mov edi,edx
100011DA |. 33C0 xor eax,eax
100011DC |. F2:AE repne scas byte ptr es:[edi]
100011DE |. F7D1 not ecx
100011E0 |. 49 dec ecx
100011E1 |. 8BC1 mov eax,ecx
100011E3 |. 03C2 add eax,edx
100011E5 |. 5F pop edi
100011E6 |. 5E pop esi
100011E7 |. 5D pop ebp
100011E8 |. 5B pop ebx
100011E9 |. 59 pop ecx
100011EA |. C2 0800 retn 8
100011ED |> 8B7424 18 mov esi,dword ptr ss:[esp+18]
100011F1 |. 897C24 10 mov dword ptr ss:[esp+10],edi
100011F5 |. 803E 00 cmp byte ptr ds:[esi],0
100011F8 |. 74 56 je short car_exam.10001250
100011FA |> 85FF /test edi,edi
100011FC |. 74 19 |je short car_exam.10001217
100011FE |. 33FF |xor edi,edi
10001200 |. 85ED |test ebp,ebp
10001202 |. 74 33 |je short car_exam.10001237
10001204 |. 33D2 |xor edx,edx
10001206 |. 8A56 FF |mov dl,byte ptr ds:[esi-1]
10001209 |. 3BD5 |cmp edx,ebp
1000120B |. 75 2A |jnz short car_exam.10001237
1000120D |. 33C0 |xor eax,eax
1000120F |. 8A06 |mov al,byte ptr ds:[esi]
10001211 |. 3BC3 |cmp eax,ebx
10001213 |. 74 36 |je short car_exam.1000124B
10001215 |. EB 20 |jmp short car_exam.10001237
10001217 |> 8A0E |mov cl,byte ptr ds:[esi]
10001219 |. 51 |push ecx ; /TestChar
1000121A |. FF15 10500010 |call dword ptr ds:[<&KERNEL32.IsDBC>; \IsDBCSLeadByte
10001220 |. 85C0 |test eax,eax
10001222 |. 74 07 |je short car_exam.1000122B
10001224 |. BF 01000000 |mov edi,1
10001229 |. EB 0C |jmp short car_exam.10001237
1000122B |> 8B4424 1C |mov eax,dword ptr ss:[esp+1C]
1000122F |. 33D2 |xor edx,edx
10001231 |. 8A16 |mov dl,byte ptr ds:[esi]
10001233 |. 3BD0 |cmp edx,eax
10001235 |. 74 15 |je short car_exam.1000124C
10001237 |> 8A46 01 |mov al,byte ptr ds:[esi+1]
1000123A |. 46 |inc esi
1000123B |. 84C0 |test al,al
1000123D |.^ 75 BB \jnz short car_exam.100011FA
1000123F |. 8B4424 10 mov eax,dword ptr ss:[esp+10]
10001243 |. 5F pop edi
10001244 |. 5E pop esi
10001245 |. 5D pop ebp
10001246 |. 5B pop ebx
10001247 |. 59 pop ecx
10001248 |. C2 0800 retn 8
1000124B |> 4E dec esi
1000124C |> 897424 10 mov dword ptr ss:[esp+10],esi
10001250 |> 8B4424 10 mov eax,dword ptr ss:[esp+10]
10001254 |. 5F pop edi
10001255 |. 5E pop esi
10001256 |. 5D pop ebp
10001257 |. 5B pop ebx
10001258 |. 59 pop ecx
10001259 \. C2 0800 retn 8
1000125C 90 nop
1000125D 90 nop
1000125E 90 nop
1000125F 90 nop
10001260 . 53 push ebx
10001261 . 55 push ebp
10001262 . 56 push esi
10001263 . 8B7424 10 mov esi,dword ptr ss:[esp+10]
10001267 . 33DB xor ebx,ebx
10001269 . 33ED xor ebp,ebp
1000126B . 8A06 mov al,byte ptr ds:[esi]
1000126D . 57 push edi
1000126E . 84C0 test al,al
10001270 . 74 5F je short car_exam.100012D1
10001272 . 8B7C24 14 mov edi,dword ptr ss:[esp+14]
10001276 > 85DB test ebx,ebx
10001278 . 74 0A je short car_exam.10001284
1000127A . 33C0 xor eax,eax
1000127C . 33DB xor ebx,ebx
1000127E . 8A06 mov al,byte ptr ds:[esi]
10001280 . 0BF8 or edi,eax
10001282 . EB 24 jmp short car_exam.100012A8
10001284 > 8A0E mov cl,byte ptr ds:[esi]
10001286 . 51 push ecx ; /TestChar
10001287 . FF15 10500010 call dword ptr ds:[<&KERNEL32.IsDBCS>; \IsDBCSLeadByte
1000128D . 85C0 test eax,eax
1000128F . 74 0F je short car_exam.100012A0
10001291 . 33D2 xor edx,edx
10001293 . BB 01000000 mov ebx,1
10001298 . 8A36 mov dh,byte ptr ds:[esi]
1000129A . 8BEE mov ebp,esi
1000129C . 8BFA mov edi,edx
1000129E . EB 17 jmp short car_exam.100012B7
100012A0 > 33C0 xor eax,eax
100012A2 . 8BEE mov ebp,esi
100012A4 . 8A06 mov al,byte ptr ds:[esi]
100012A6 . 8BF8 mov edi,eax
100012A8 > 8B4C24 18 mov ecx,dword ptr ss:[esp+18]
100012AC . 57 push edi
100012AD . 51 push ecx
100012AE . E8 FDFEFFFF call car_exam.100011B0
100012B3 . 85C0 test eax,eax
100012B5 . 75 11 jnz short car_exam.100012C8
100012B7 > 8A46 01 mov al,byte ptr ds:[esi+1]
100012BA . 46 inc esi
100012BB . 84C0 test al,al
100012BD .^ 75 B7 jnz short car_exam.10001276
100012BF . 33C0 xor eax,eax
100012C1 . 5F pop edi
100012C2 . 5E pop esi
100012C3 . 5D pop ebp
100012C4 . 5B pop ebx
100012C5 . C2 0800 retn 8
100012C8 > 8BC5 mov eax,ebp
100012CA . 5F pop edi
100012CB . 5E pop esi
100012CC . 5D pop ebp
100012CD . 5B pop ebx
100012CE . C2 0800 retn 8
100012D1 > 5F pop edi
100012D2 . 5E pop esi
100012D3 . 5D pop ebp
100012D4 . 33C0 xor eax,eax
100012D6 . 5B pop ebx
100012D7 . C2 0800 retn 8
100012DA 90 nop
100012DB 90 nop
100012DC 90 nop
100012DD 90 nop
100012DE 90 nop
100012DF 90 nop
100012E0 . 83EC 08 sub esp,8
100012E3 . 53 push ebx
100012E4 . 55 push ebp
100012E5 . 8B6C24 14 mov ebp,dword ptr ss:[esp+14]
100012E9 . 56 push esi
100012EA . 57 push edi
100012EB . C74424 10 000>mov dword ptr ss:[esp+10],0
100012F3 . 8A45 00 mov al,byte ptr ss:[ebp]
100012F6 . 896C24 1C mov dword ptr ss:[esp+1C],ebp
100012FA . 84C0 test al,al
100012FC . 0F84 C3000000 je car_exam.100013C5
10001302 > 8B7424 20 mov esi,dword ptr ss:[esp+20]
10001306 . 83C9 FF or ecx,FFFFFFFF
10001309 . 8BFE mov edi,esi
1000130B . 33C0 xor eax,eax
1000130D . F2:AE repne scas byte ptr es:[edi]
1000130F . F7D1 not ecx
10001311 . 49 dec ecx
10001312 . 8BFD mov edi,ebp
10001314 . 8BD1 mov edx,ecx
10001316 . 83C9 FF or ecx,FFFFFFFF
10001319 . F2:AE repne scas byte ptr es:[edi]
1000131B . F7D1 not ecx
1000131D . 49 dec ecx
1000131E . 3BD1 cmp edx,ecx
10001320 . 0F87 9F000000 ja car_exam.100013C5
10001326 . 8B4424 10 mov eax,dword ptr ss:[esp+10]
1000132A . 85C0 test eax,eax
1000132C . 74 0A je short car_exam.10001338
1000132E . C74424 10 000>mov dword ptr ss:[esp+10],0
10001336 . EB 65 jmp short car_exam.1000139D
10001338 > 8A45 00 mov al,byte ptr ss:[ebp]
1000133B . 50 push eax ; /TestChar
1000133C . FF15 10500010 call dword ptr ds:[<&KERNEL32.IsDBCS>; \IsDBCSLeadByte
10001342 . 85C0 test eax,eax
10001344 . 74 08 je short car_exam.1000134E
10001346 . C74424 10 010>mov dword ptr ss:[esp+10],1
1000134E > 8A06 mov al,byte ptr ds:[esi]
10001350 . 8BD6 mov edx,esi
10001352 . 84C0 test al,al
10001354 . 74 42 je short car_exam.10001398
10001356 . 2BEE sub ebp,esi
10001358 > 8A1C2A mov bl,byte ptr ds:[edx+ebp]
1000135B . 8D342A lea esi,dword ptr ds:[edx+ebp]
1000135E . 84DB test bl,bl
10001360 . 74 32 je short car_exam.10001394
10001362 . 8BFA mov edi,edx
10001364 . 83C9 FF or ecx,FFFFFFFF
10001367 . 33C0 xor eax,eax
10001369 . F2:AE repne scas byte ptr es:[edi]
1000136B . F7D1 not ecx
1000136D . 49 dec ecx
1000136E . 8BFE mov edi,esi
10001370 . 8BC1 mov eax,ecx
10001372 . 83C9 FF or ecx,FFFFFFFF
10001375 . 894424 14 mov dword ptr ss:[esp+14],eax
10001379 . 33C0 xor eax,eax
1000137B . F2:AE repne scas byte ptr es:[edi]
1000137D . 8B4424 14 mov eax,dword ptr ss:[esp+14]
10001381 . F7D1 not ecx
10001383 . 49 dec ecx
10001384 . 3BC8 cmp ecx,eax
10001386 . 72 0C jb short car_exam.10001394
10001388 . 3A1A cmp bl,byte ptr ds:[edx]
1000138A . 75 08 jnz short car_exam.10001394
1000138C . 8A42 01 mov al,byte ptr ds:[edx+1]
1000138F . 42 inc edx
10001390 . 84C0 test al,al
10001392 .^ 75 C4 jnz short car_exam.10001358
10001394 > 8B6C24 1C mov ebp,dword ptr ss:[esp+1C]
10001398 > 803A 00 cmp byte ptr ds:[edx],0
1000139B . 74 1C je short car_exam.100013B9
1000139D > 8A45 01 mov al,byte ptr ss:[ebp+1]
100013A0 . 45 inc ebp
100013A1 . 84C0 test al,al
100013A3 . 896C24 1C mov dword ptr ss:[esp+1C],ebp
100013A7 .^ 0F85 55FFFFFF jnz car_exam.10001302
100013AD . 33C0 xor eax,eax
100013AF . 5F pop edi
100013B0 . 5E pop esi
100013B1 . 5D pop ebp
100013B2 . 5B pop ebx
100013B3 . 83C4 08 add esp,8
100013B6 . C2 0800 retn 8
100013B9 > 8BC5 mov eax,ebp
100013BB . 5F pop edi
100013BC . 5E pop esi
100013BD . 5D pop ebp
100013BE . 5B pop ebx
100013BF . 83C4 08 add esp,8
100013C2 . C2 0800 retn 8
100013C5 > 5F pop edi
100013C6 . 5E pop esi
100013C7 . 5D pop ebp
100013C8 . 33C0 xor eax,eax
100013CA . 5B pop ebx
100013CB . 83C4 08 add esp,8
100013CE . C2 0800 retn 8
100013D1 90 nop
100013D2 90 nop
100013D3 90 nop
100013D4 90 nop
100013D5 90 nop
100013D6 90 nop
100013D7 90 nop
100013D8 90 nop
100013D9 90 nop
100013DA 90 nop
100013DB 90 nop
100013DC 90 nop
100013DD 90 nop
100013DE 90 nop
100013DF 90 nop
100013E0 /$ 53 push ebx
100013E1 |. 55 push ebp
100013E2 |. 56 push esi
100013E3 |. 8B7424 10 mov esi,dword ptr ss:[esp+10]
100013E7 |. 57 push edi
100013E8 |. 33ED xor ebp,ebp
100013EA |. 8A06 mov al,byte ptr ds:[esi]
100013EC |. 33FF xor edi,edi
100013EE |. 84C0 test al,al
100013F0 |. 74 76 je short car_exam.10001468
100013F2 |. 8A5C24 1C mov bl,byte ptr ss:[esp+1C]
100013F6 |> 3B6C24 18 /cmp ebp,dword ptr ss:[esp+18]
100013FA |. 7D 6C |jge short car_exam.10001468
100013FC |. 85FF |test edi,edi
100013FE |. 74 04 |je short car_exam.10001404
10001400 |. 33FF |xor edi,edi
10001402 |. EB 5B |jmp short car_exam.1000145F
10001404 |> 8A06 |mov al,byte ptr ds:[esi]
10001406 |. 50 |push eax ; /TestChar
10001407 |. FF15 10500010 |call dword ptr ds:[<&KERNEL32.IsDBC>; \IsDBCSLeadByte
1000140D |. 85C0 |test eax,eax
1000140F |. 74 07 |je short car_exam.10001418
10001411 |. BF 01000000 |mov edi,1
10001416 |. EB 47 |jmp short car_exam.1000145F
10001418 |> F6C3 01 |test bl,1
1000141B |. 74 1D |je short car_exam.1000143A
1000141D |. 33C9 |xor ecx,ecx
1000141F |. 8A0E |mov cl,byte ptr ds:[esi]
10001421 |. 51 |push ecx
10001422 |. E8 59050000 |call car_exam.10001980
10001427 |. 83C4 04 |add esp,4
1000142A |. 85C0 |test eax,eax
1000142C |. 74 0C |je short car_exam.1000143A
1000142E |. 33D2 |xor edx,edx
10001430 |. 8A16 |mov dl,byte ptr ds:[esi]
10001432 |. 52 |push edx
10001433 |. E8 78050000 |call car_exam.100019B0
10001438 |. EB 20 |jmp short car_exam.1000145A
1000143A |> F6C3 02 |test bl,2
1000143D |. 74 20 |je short car_exam.1000145F
1000143F |. 33C0 |xor eax,eax
10001441 |. 8A06 |mov al,byte ptr ds:[esi]
10001443 |. 50 |push eax
10001444 |. E8 07050000 |call car_exam.10001950
10001449 |. 83C4 04 |add esp,4
1000144C |. 85C0 |test eax,eax
1000144E |. 74 0F |je short car_exam.1000145F
10001450 |. 33C9 |xor ecx,ecx
10001452 |. 8A0E |mov cl,byte ptr ds:[esi]
10001454 |. 51 |push ecx
10001455 |. E8 F6030000 |call car_exam.10001850
1000145A |> 83C4 04 |add esp,4
1000145D |. 8806 |mov byte ptr ds:[esi],al
1000145F |> 8A46 01 |mov al,byte ptr ds:[esi+1]
10001462 |. 46 |inc esi
10001463 |. 45 |inc ebp
10001464 |. 84C0 |test al,al
10001466 |.^ 75 8E \jnz short car_exam.100013F6
10001468 |> 5F pop edi
10001469 |. 8BC5 mov eax,ebp
1000146B |. 5E pop esi
1000146C |. 5D pop ebp
1000146D |. 5B pop ebx
1000146E \. C2 0C00 retn 0C
10001471 90 nop
10001472 90 nop
10001473 90 nop
10001474 90 nop
10001475 90 nop
10001476 90 nop
10001477 90 nop
10001478 90 nop
10001479 90 nop
1000147A 90 nop
1000147B 90 nop
1000147C 90 nop
1000147D 90 nop
1000147E 90 nop
1000147F 90 nop
10001480 . 8B4424 08 mov eax,dword ptr ss:[esp+8]
10001484 . 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
10001488 . 6A 02 push 2
1000148A . 50 push eax
1000148B . 51 push ecx
1000148C . E8 4FFFFFFF call car_exam.100013E0
10001491 . C2 0800 retn 8
10001494 90 nop
10001495 90 nop
10001496 90 nop
10001497 90 nop
10001498 90 nop
10001499 90 nop
1000149A 90 nop
1000149B 90 nop
1000149C 90 nop
1000149D 90 nop
1000149E 90 nop
1000149F 90 nop
100014A0 . 8B4424 08 mov eax,dword ptr ss:[esp+8]
100014A4 . 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
100014A8 . 6A 01 push 1
100014AA . 50 push eax
100014AB . 51 push ecx
100014AC . E8 2FFFFFFF call car_exam.100013E0
100014B1 . C2 0800 retn 8
100014B4 90 nop
100014B5 90 nop
100014B6 90 nop
100014B7 90 nop
100014B8 90 nop
100014B9 90 nop
100014BA 90 nop
100014BB 90 nop
100014BC 90 nop
100014BD 90 nop
100014BE 90 nop
100014BF 90 nop
100014C0 . 56 push esi
100014C1 . 8B7424 08 mov esi,dword ptr ss:[esp+8]
100014C5 . 57 push edi
100014C6 . 8BFE mov edi,esi
100014C8 . 83C9 FF or ecx,FFFFFFFF
100014CB . 33C0 xor eax,eax
100014CD . F2:AE repne scas byte ptr es:[edi]
100014CF . F7D1 not ecx
100014D1 . 49 dec ecx
100014D2 . 6A 02 push 2
100014D4 . 51 push ecx
100014D5 . 56 push esi
100014D6 . E8 05FFFFFF call car_exam.100013E0
100014DB . 8BC6 mov eax,esi
100014DD . 5F pop edi
100014DE . 5E pop esi
100014DF . C2 0400 retn 4
100014E2 90 nop
100014E3 90 nop
100014E4 90 nop
100014E5 90 nop
100014E6 90 nop
100014E7 90 nop
100014E8 90 nop
100014E9 90 nop
100014EA 90 nop
100014EB 90 nop
100014EC 90 nop
100014ED 90 nop
100014EE 90 nop
100014EF 90 nop
100014F0 . 56 push esi
100014F1 . 8B7424 08 mov esi,dword ptr ss:[esp+8]
100014F5 . 57 push edi
100014F6 . 8BFE mov edi,esi
100014F8 . 83C9 FF or ecx,FFFFFFFF
100014FB . 33C0 xor eax,eax
100014FD . F2:AE repne scas byte ptr es:[edi]
100014FF . F7D1 not ecx
10001501 . 49 dec ecx
10001502 . 6A 01 push 1
10001504 . 51 push ecx
10001505 . 56 push esi
10001506 . E8 D5FEFFFF call car_exam.100013E0
1000150B . 8BC6 mov eax,esi
1000150D . 5F pop edi
1000150E . 5E pop esi
1000150F . C2 0400 retn 4
10001512 90 nop
10001513 90 nop
10001514 90 nop
10001515 90 nop
10001516 90 nop
10001517 90 nop
10001518 90 nop
10001519 90 nop
1000151A 90 nop
1000151B 90 nop
1000151C 90 nop
1000151D 90 nop
1000151E 90 nop
1000151F 90 nop
10001520 . 53 push ebx
10001521 . 55 push ebp
10001522 . 56 push esi
10001523 . 8B7424 10 mov esi,dword ptr ss:[esp+10]
10001527 . 57 push edi
10001528 . 83C8 FF or eax,FFFFFFFF
1000152B . 8A0E mov cl,byte ptr ds:[esi]
1000152D . 33FF xor edi,edi
1000152F . 84C9 test cl,cl
10001531 . 74 4B je short car_exam.1000157E
10001533 . 8B5C24 18 mov ebx,dword ptr ss:[esp+18]
10001537 . 8B2D 10500010 mov ebp,dword ptr ds:[<&KERNEL32.IsD>; kernel32.IsDBCSLeadByte
1000153D > 3BFB cmp edi,ebx
1000153F . 7F 3D jg short car_exam.1000157E
10001541 . 83F8 01 cmp eax,1
10001544 . 75 16 jnz short car_exam.1000155C
10001546 . 33C0 xor eax,eax
10001548 . 8A06 mov al,byte ptr ds:[esi]
1000154A . 50 push eax
1000154B . E8 80050000 call car_exam.10001AD0
10001550 . 83C4 04 add esp,4
10001553 . F7D8 neg eax
10001555 . 1BC0 sbb eax,eax
10001557 . 83E0 03 and eax,3
1000155A . EB 18 jmp short car_exam.10001574
1000155C > 8A0E mov cl,byte ptr ds:[esi]
1000155E . 51 push ecx
1000155F . FFD5 call ebp
10001561 . 85C0 test eax,eax
10001563 . 74 07 je short car_exam.1000156C
10001565 . B8 01000000 mov eax,1
1000156A . EB 09 jmp short car_exam.10001575
1000156C > 8A06 mov al,byte ptr ds:[esi]
1000156E . F6D8 neg al
10001570 . 1BC0 sbb eax,eax
10001572 . F7D8 neg eax
10001574 > 48 dec eax
10001575 > 8A4E 01 mov cl,byte ptr ds:[esi+1]
10001578 . 46 inc esi
10001579 . 47 inc edi
1000157A . 84C9 test cl,cl
1000157C .^ 75 BF jnz short car_exam.1000153D
1000157E > 5F pop edi
1000157F . 5E pop esi
10001580 . 5D pop ebp
10001581 . 5B pop ebx
10001582 . C2 0800 retn 8
10001585 90 nop
10001586 90 nop
10001587 90 nop
10001588 90 nop
10001589 90 nop
1000158A 90 nop
1000158B 90 nop
1000158C 90 nop
1000158D 90 nop
1000158E 90 nop
1000158F 90 nop
10001590 . 53 push ebx
10001591 . 55 push ebp
10001592 . 56 push esi
10001593 . 57 push edi
10001594 . 8B7C24 14 mov edi,dword ptr ss:[esp+14]
10001598 . 33F6 xor esi,esi
1000159A . 85FF test edi,edi
1000159C . 74 26 je short car_exam.100015C4
1000159E . 8A07 mov al,byte ptr ds:[edi]
100015A0 . 84C0 test al,al
100015A2 . 74 20 je short car_exam.100015C4
100015A4 . 8B2D 10500010 mov ebp,dword ptr ds:[<&KERNEL32.IsD>; kernel32.IsDBCSLeadByte
100015AA . 33DB xor ebx,ebx
100015AC > 85F6 test esi,esi
100015AE . 74 1D je short car_exam.100015CD
100015B0 . 33F6 xor esi,esi
100015B2 > 43 inc ebx
100015B3 > 8A47 01 mov al,byte ptr ds:[edi+1]
100015B6 . 47 inc edi
100015B7 . 84C0 test al,al
100015B9 .^ 75 F1 jnz short car_exam.100015AC
100015BB . 8BC3 mov eax,ebx
100015BD . 5F pop edi
100015BE . 5E pop esi
100015BF . 5D pop ebp
100015C0 . 5B pop ebx
100015C1 . C2 0400 retn 4
100015C4 > 5F pop edi
100015C5 . 5E pop esi
100015C6 . 5D pop ebp
100015C7 . 33C0 xor eax,eax
100015C9 . 5B pop ebx
100015CA . C2 0400 retn 4
100015CD > 50 push eax
100015CE . FFD5 call ebp
100015D0 . 85C0 test eax,eax
100015D2 .^ 74 DE je short car_exam.100015B2
100015D4 . BE 01000000 mov esi,1
100015D9 .^ EB D8 jmp short car_exam.100015B3
100015DB 90 nop
100015DC 90 nop
100015DD 90 nop
100015DE 90 nop
100015DF 90 nop
100015E0 . 53 push ebx
100015E1 . 55 push ebp
100015E2 . 56 push esi
100015E3 . 8B7424 10 mov esi,dword ptr ss:[esp+10]
100015E7 . 57 push edi
100015E8 . 33FF xor edi,edi
100015EA . 85F6 test esi,esi
100015EC . 74 29 je short car_exam.10001617
100015EE . 8A06 mov al,byte ptr ds:[esi]
100015F0 . 84C0 test al,al
100015F2 . 74 23 je short car_exam.10001617
100015F4 . 33ED xor ebp,ebp
100015F6 . 33DB xor ebx,ebx
100015F8 > 3B5C24 18 cmp ebx,dword ptr ss:[esp+18]
100015FC . 73 10 jnb short car_exam.1000160E
100015FE . 85FF test edi,edi
10001600 . 74 1E je short car_exam.10001620
10001602 . 33FF xor edi,edi
10001604 > 43 inc ebx
10001605 > 8A46 01 mov al,byte ptr ds:[esi+1]
10001608 . 46 inc esi
10001609 . 45 inc ebp
1000160A . 84C0 test al,al
1000160C .^ 75 EA jnz short car_exam.100015F8
1000160E > 8BC5 mov eax,ebp
10001610 . 5F pop edi
10001611 . 5E pop esi
10001612 . 5D pop ebp
10001613 . 5B pop ebx
10001614 . C2 0800 retn 8
10001617 > 5F pop edi
10001618 . 5E pop esi
10001619 . 5D pop ebp
1000161A . 33C0 xor eax,eax
1000161C . 5B pop ebx
1000161D . C2 0800 retn 8
10001620 > 50 push eax ; /TestChar
10001621 . FF15 10500010 call dword ptr ds:[<&KERNEL32.IsDBCS>; \IsDBCSLeadByte
10001627 . 85C0 test eax,eax
10001629 .^ 74 D9 je short car_exam.10001604
1000162B . BF 01000000 mov edi,1
10001630 .^ EB D3 jmp short car_exam.10001605
10001632 90 nop
10001633 90 nop
10001634 90 nop
10001635 90 nop
10001636 90 nop
10001637 90 nop
10001638 90 nop
10001639 90 nop
1000163A 90 nop
1000163B 90 nop
1000163C 90 nop
1000163D 90 nop
1000163E 90 nop
1000163F 90 nop
10001640 . 53 push ebx
10001641 . 55 push ebp
10001642 . 56 push esi
10001643 . 8B7424 10 mov esi,dword ptr ss:[esp+10]
10001647 . 57 push edi
10001648 . 33FF xor edi,edi
1000164A . 85F6 test esi,esi
1000164C . 74 29 je short car_exam.10001677
1000164E . 8A06 mov al,byte ptr ds:[esi]
10001650 . 84C0 test al,al
10001652 . 74 23 je short car_exam.10001677
10001654 . 33ED xor ebp,ebp
10001656 . 33DB xor ebx,ebx
10001658 > 3B5C24 18 cmp ebx,dword ptr ss:[esp+18]
1000165C . 73 10 jnb short car_exam.1000166E
1000165E . 85FF test edi,edi
10001660 . 74 1E je short car_exam.10001680
10001662 . 33FF xor edi,edi
10001664 > 45 inc ebp
10001665 > 8A46 01 mov al,byte ptr ds:[esi+1]
10001668 . 46 inc esi
10001669 . 43 inc ebx
1000166A . 84C0 test al,al
1000166C .^ 75 EA jnz short car_exam.10001658
1000166E > 8BC5 mov eax,ebp
10001670 . 5F pop edi
10001671 . 5E pop esi
10001672 . 5D pop ebp
10001673 . 5B pop ebx
10001674 . C2 0800 retn 8
10001677 > 5F pop edi
10001678 . 5E pop esi
10001679 . 5D pop ebp
1000167A . 33C0 xor eax,eax
1000167C . 5B pop ebx
1000167D . C2 0800 retn 8
10001680 > 50 push eax ; /TestChar
10001681 . FF15 10500010 call dword ptr ds:[<&KERNEL32.IsDBCS>; \IsDBCSLeadByte
10001687 . 85C0 test eax,eax
10001689 .^ 74 D9 je short car_exam.10001664
1000168B . BF 01000000 mov edi,1
10001690 .^ EB D3 jmp short car_exam.10001665
10001692 90 nop
10001693 90 nop
10001694 90 nop
10001695 90 nop
10001696 90 nop
10001697 90 nop
10001698 90 nop
10001699 90 nop
1000169A 90 nop
1000169B 90 nop
1000169C 90 nop
1000169D 90 nop
1000169E 90 nop
1000169F 90 nop
100016A0 . 8B4424 04 mov eax,dword ptr ss:[esp+4]
100016A4 . A8 80 test al,80
100016A6 . 75 12 jnz short car_exam.100016BA
100016A8 . 83F8 30 cmp eax,30
100016AB . 7C 0D jl short car_exam.100016BA
100016AD . 83F8 39 cmp eax,39
100016B0 . 7F 08 jg short car_exam.100016BA
100016B2 . B8 01000000 mov eax,1
100016B7 . C2 0400 retn 4
100016BA > 33C0 xor eax,eax
100016BC . C2 0400 retn 4
100016BF 90 nop
100016C0 $- FF25 94500010 jmp dword ptr ds:[<&PBVM80.#137>] ; PBVM80.FN_RunExecutable
100016C6 CC int3
100016C7 CC int3
100016C8 CC int3
100016C9 CC int3
100016CA CC int3
100016CB CC int3
100016CC CC int3
100016CD CC int3
100016CE CC int3
100016CF CC int3
100016D0 /> 8D42 FF lea eax,dword ptr ds:[edx-1]
100016D3 |. 5B pop ebx
100016D4 |. C3 retn
100016D5 | 2E db 2E ; CHAR '.'
100016D6 | 8BC0 mov eax,eax
100016D8 | 2E db 2E ; CHAR '.'
100016D9 | 8BC0 mov eax,eax
100016DB | 2E db 2E ; CHAR '.'
100016DC | 8BC0 mov eax,eax
100016DE | 8BC0 mov eax,eax
100016E0 |$ 33C0 xor eax,eax
100016E2 |. 8A4424 08 mov al,byte ptr ss:[esp+8]
100016E6 |. 53 push ebx
100016E7 |. 8BD8 mov ebx,eax
100016E9 |. C1E0 08 shl eax,8
100016EC |. 8B5424 08 mov edx,dword ptr ss:[esp+8]
100016F0 |. F7C2 03000000 test edx,3
100016F6 |. 74 13 je short car_exam.1000170B
100016F8 |> 8A0A /mov cl,byte ptr ds:[edx]
100016FA |. 42 |inc edx
100016FB |. 38D9 |cmp cl,bl
100016FD |.^ 74 D1 |je short car_exam.100016D0
100016FF |. 84C9 |test cl,cl
10001701 |. 74 51 |je short car_exam.10001754
10001703 |. F7C2 03000000 |test edx,3
10001709 |.^ 75 ED \jnz short car_exam.100016F8
1000170B |> 0BD8 or ebx,eax
1000170D |. 57 push edi
1000170E |. 8BC3 mov eax,ebx
10001710 |. C1E3 10 shl ebx,10
10001713 |. 56 push esi
10001714 |. 0BD8 or ebx,eax
10001716 |> 8B0A /mov ecx,dword ptr ds:[edx]
10001718 |. BF FFFEFE7E |mov edi,7EFEFEFF
1000171D |. 8BC1 |mov eax,ecx
1000171F |. 8BF7 |mov esi,edi
10001721 |. 33CB |xor ecx,ebx
10001723 |. 03F0 |add esi,eax
10001725 |. 03F9 |add edi,ecx
10001727 |. 83F1 FF |xor ecx,FFFFFFFF
1000172A |. 83F0 FF |xor eax,FFFFFFFF
1000172D |. 33CF |xor ecx,edi
1000172F |. 33C6 |xor eax,esi
10001731 |. 83C2 04 |add edx,4
10001734 |. 81E1 00010181 |and ecx,81010100
1000173A |. 75 1C |jnz short car_exam.10001758
1000173C |. 25 00010181 |and eax,81010100
10001741 |.^ 74 D3 |je short car_exam.10001716
10001743 |. 25 00010101 |and eax,1010100
10001748 |. 75 08 |jnz short car_exam.10001752
1000174A |. 81E6 00000080 |and esi,80000000
10001750 |.^ 75 C4 \jnz short car_exam.10001716
10001752 |> 5E pop esi
10001753 |. 5F pop edi
10001754 |> 5B pop ebx
10001755 |. 33C0 xor eax,eax
10001757 |. C3 retn
10001758 |> 8B42 FC mov eax,dword ptr ds:[edx-4]
1000175B |. 38D8 cmp al,bl
1000175D |. 74 36 je short car_exam.10001795
1000175F |. 84C0 test al,al
10001761 |.^ 74 EF je short car_exam.10001752
10001763 |. 38DC cmp ah,bl
10001765 |. 74 27 je short car_exam.1000178E
10001767 |. 84E4 test ah,ah
10001769 |.^ 74 E7 je short car_exam.10001752
1000176B |. C1E8 10 shr eax,10
1000176E |. 38D8 cmp al,bl
10001770 |. 74 15 je short car_exam.10001787
10001772 |. 84C0 test al,al
10001774 |.^ 74 DC je short car_exam.10001752
10001776 |. 38DC cmp ah,bl
10001778 |. 74 06 je short car_exam.10001780
1000177A |. 84E4 test ah,ah
1000177C |.^ 74 D4 je short car_exam.10001752
1000177E |.^ EB 96 jmp short car_exam.10001716
10001780 |> 5E pop esi
10001781 |. 5F pop edi
10001782 |. 8D42 FF lea eax,dword ptr ds:[edx-1]
10001785 |. 5B pop ebx
10001786 |. C3 retn
10001787 |> 8D42 FE lea eax,dword ptr ds:[edx-2]
1000178A |. 5E pop esi
1000178B |. 5F pop edi
1000178C |. 5B pop ebx
1000178D |. C3 retn
1000178E |> 8D42 FD lea eax,dword ptr ds:[edx-3]
10001791 |. 5E pop esi
10001792 |. 5F pop edi
10001793 |. 5B pop ebx
10001794 |. C3 retn
10001795 |> 8D42 FC lea eax,dword ptr ds:[edx-4]
10001798 |. 5E pop esi
10001799 |. 5F pop edi
1000179A |. 5B pop ebx
1000179B \. C3 retn
1000179C CC int3
1000179D CC int3
1000179E CC int3
1000179F CC int3
100017A0 /$ A1 D0860010 mov eax,dword ptr ds:[100086D0]
100017A5 |. 53 push ebx
100017A6 |. 85C0 test eax,eax
100017A8 |. 56 push esi
100017A9 |. 75 15 jnz short car_exam.100017C0
100017AB |. 8B4424 10 mov eax,dword ptr ss:[esp+10]
100017AF |. 8B4C24 0C mov ecx,dword ptr ss:[esp+C]
100017B3 |. 50 push eax
100017B4 |. 51 push ecx
100017B5 |. E8 26FFFFFF call car_exam.100016E0
100017BA |. 83C4 08 add esp,8
100017BD |. 5E pop esi
100017BE |. 5B pop ebx
100017BF |. C3 retn
100017C0 |> 8B5424 0C mov edx,dword ptr ss:[esp+C]
100017C4 |. 8B7424 10 mov esi,dword ptr ss:[esp+10]
100017C8 |. 66:0FB602 movzx ax,byte ptr ds:[edx]
100017CC |. 66:85C0 test ax,ax
100017CF |. 74 66 je short car_exam.10001837
100017D1 |. B3 04 mov bl,4
100017D3 |> 8BC8 /mov ecx,eax
100017D5 |. 81E1 FF000000 |and ecx,0FF
100017DB |. 8499 C9840010 |test byte ptr ds:[ecx+100084C9],bl
100017E1 |. 74 1E |je short car_exam.10001801
100017E3 |. 8A4A 01 |mov cl,byte ptr ds:[edx+1]
100017E6 |. 42 |inc edx
100017E7 |. 84C9 |test cl,cl
100017E9 |. 74 41 |je short car_exam.1000182C
100017EB |. 25 FFFF0000 |and eax,0FFFF
100017F0 |. 81E1 FF000000 |and ecx,0FF
100017F6 |. C1E0 08 |shl eax,8
100017F9 |. 0BC1 |or eax,ecx
100017FB |. 3BF0 |cmp esi,eax
100017FD |. 74 32 |je short car_exam.10001831
100017FF |. EB 0C |jmp short car_exam.1000180D
10001801 |> 8BC8 |mov ecx,eax
10001803 |. 81E1 FFFF0000 |and ecx,0FFFF
10001809 |. 3BF1 |cmp esi,ecx
1000180B |. 74 2A |je short car_exam.10001837
1000180D |> 66:0FB642 01 |movzx ax,byte ptr ds:[edx+1]
10001812 |. 42 |inc edx
10001813 |. 66:85C0 |test ax,ax
10001816 |.^ 75 BB \jnz short car_exam.100017D3
10001818 |. 25 FFFF0000 and eax,0FFFF
1000181D |. 33C9 xor ecx,ecx
1000181F |. 3BF0 cmp esi,eax
10001821 |. 0F95C1 setne cl
10001824 |. 49 dec ecx
10001825 |. 23CA and ecx,edx
10001827 |. 8BC1 mov eax,ecx
10001829 |. 5E pop esi
1000182A |. 5B pop ebx
1000182B |. C3 retn
1000182C |> 33C0 xor eax,eax
1000182E |. 5E pop esi
1000182F |. 5B pop ebx
10001830 |. C3 retn
10001831 |> 8D42 FF lea eax,dword ptr ds:[edx-1]
10001834 |. 5E pop esi
10001835 |. 5B pop ebx
10001836 |. C3 retn
10001837 |> 25 FFFF0000 and eax,0FFFF
1000183C |. 33C9 xor ecx,ecx
1000183E |. 3BF0 cmp esi,eax
10001840 |. 5E pop esi
10001841 |. 0F95C1 setne cl
10001844 |. 49 dec ecx
10001845 |. 5B pop ebx
10001846 |. 23CA and ecx,edx
10001848 |. 8BC1 mov eax,ecx
1000184A \. C3 retn
1000184B 90 nop
1000184C 90 nop
1000184D 90 nop
1000184E 90 nop
1000184F 90 nop
10001850 /$ A1 F8860010 mov eax,dword ptr ds:[100086F8]
10001855 |. 83EC 08 sub esp,8
10001858 |. 85C0 test eax,eax
1000185A |. 53 push ebx
1000185B |. 75 1E jnz short car_exam.1000187B
1000185D |. 8B4424 10 mov eax,dword ptr ss:[esp+10]
10001861 |. 83F8 41 cmp eax,41
10001864 |. 0F8C DF000000 jl car_exam.10001949
1000186A |. 83F8 5A cmp eax,5A
1000186D |. 0F8F D6000000 jg car_exam.10001949
10001873 |. 83C0 20 add eax,20
10001876 |. 5B pop ebx
10001877 |. 83C4 08 add esp,8
1000187A |. C3 retn
1000187B |> 8B5C24 10 mov ebx,dword ptr ss:[esp+10]
1000187F |. 81FB 00010000 cmp ebx,100
10001885 |. 7D 2C jge short car_exam.100018B3
10001887 |. 833D 3C630010>cmp dword ptr ds:[1000633C],1
1000188E |. 7E 0D jle short car_exam.1000189D
10001890 |. 6A 01 push 1
10001892 |. 53 push ebx
10001893 |. E8 E80B0000 call car_exam.10002480
10001898 |. 83C4 08 add esp,8
1000189B |. EB 0B jmp short car_exam.100018A8
1000189D |> A1 30610010 mov eax,dword ptr ds:[10006130]
100018A2 |. 8A0458 mov al,byte ptr ds:[eax+ebx*2]
100018A5 |. 83E0 01 and eax,1
100018A8 |> 85C0 test eax,eax
100018AA |. 75 07 jnz short car_exam.100018B3
100018AC |. 8BC3 mov eax,ebx
100018AE |. 5B pop ebx
100018AF |. 83C4 08 add esp,8
100018B2 |. C3 retn
100018B3 |> 8B15 30610010 mov edx,dword ptr ds:[10006130] ; car_exam.1000613A
100018B9 |. 8BC3 mov eax,ebx
100018BB |. C1F8 08 sar eax,8
100018BE |. 8BC8 mov ecx,eax
100018C0 |. 81E1 FF000000 and ecx,0FF
100018C6 |. F6444A 01 80 test byte ptr ds:[edx+ecx*2+1],80
100018CB |. 74 14 je short car_exam.100018E1
100018CD |. 884424 10 mov byte ptr ss:[esp+10],al
100018D1 |. 885C24 11 mov byte ptr ss:[esp+11],bl
100018D5 |. C64424 12 00 mov byte ptr ss:[esp+12],0
100018DA |. B8 02000000 mov eax,2
100018DF |. EB 0E jmp short car_exam.100018EF
100018E1 |> 885C24 10 mov byte ptr ss:[esp+10],bl
100018E5 |. C64424 11 00 mov byte ptr ss:[esp+11],0
100018EA |. B8 01000000 mov eax,1
100018EF |> 6A 01 push 1
100018F1 |. 6A 00 push 0
100018F3 |. 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
100018F7 |. 6A 03 push 3
100018F9 |. 51 push ecx
100018FA |. 8D5424 20 lea edx,dword ptr ss:[esp+20]
100018FE |. 50 push eax
100018FF |. A1 F8860010 mov eax,dword ptr ds:[100086F8]
10001904 |. 52 push edx
10001905 |. 68 00010000 push 100
1000190A |. 50 push eax
1000190B |. E8 10090000 call car_exam.10002220
10001910 |. 83C4 20 add esp,20
10001913 |. 85C0 test eax,eax
10001915 |. 75 07 jnz short car_exam.1000191E
10001917 |. 8BC3 mov eax,ebx
10001919 |. 5B pop ebx
1000191A |. 83C4 08 add esp,8
1000191D |. C3 retn
1000191E |> 83F8 01 cmp eax,1
10001921 |. 75 0E jnz short car_exam.10001931
10001923 |. 8B4424 04 mov eax,dword ptr ss:[esp+4]
10001927 |. 25 FF000000 and eax,0FF
1000192C |. 5B pop ebx
1000192D |. 83C4 08 add esp,8
10001930 |. C3 retn
10001931 |> 8B4424 05 mov eax,dword ptr ss:[esp+5]
10001935 |. 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
10001939 |. 25 FF000000 and eax,0FF
1000193E |. 81E1 FF000000 and ecx,0FF
10001944 |. C1E0 08 shl eax,8
10001947 |. 0BC1 or eax,ecx
10001949 |> 5B pop ebx
1000194A |. 83C4 08 add esp,8
1000194D \. C3 retn
1000194E 90 nop
1000194F 90 nop
10001950 /$ 833D 3C630010>cmp dword ptr ds:[1000633C],1
10001957 |. 7E 10 jle short car_exam.10001969
10001959 |. 8B4424 04 mov eax,dword ptr ss:[esp+4]
1000195D |. 6A 01 push 1
1000195F |. 50 push eax
10001960 |. E8 1B0B0000 call car_exam.10002480
10001965 |. 83C4 08 add esp,8
10001968 |. C3 retn
10001969 |> 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
1000196D |. 8B15 30610010 mov edx,dword ptr ds:[10006130] ; car_exam.1000613A
10001973 |. 8A044A mov al,byte ptr ds:[edx+ecx*2]
10001976 |. 83E0 01 and eax,1
10001979 \. C3 retn
1000197A 90 nop
1000197B 90 nop
1000197C 90 nop
1000197D 90 nop
1000197E 90 nop
1000197F 90 nop
10001980 /$ 833D 3C630010>cmp dword ptr ds:[1000633C],1
10001987 |. 7E 10 jle short car_exam.10001999
10001989 |. 8B4424 04 mov eax,dword ptr ss:[esp+4]
1000198D |. 6A 02 push 2
1000198F |. 50 push eax
10001990 |. E8 EB0A0000 call car_exam.10002480
10001995 |. 83C4 08 add esp,8
10001998 |. C3 retn
10001999 |> 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
1000199D |. 8B15 30610010 mov edx,dword ptr ds:[10006130] ; car_exam.1000613A
100019A3 |. 8A044A mov al,byte ptr ds:[edx+ecx*2]
100019A6 |. 83E0 02 and eax,2
100019A9 \. C3 retn
100019AA 90 nop
100019AB 90 nop
100019AC 90 nop
100019AD 90 nop
100019AE 90 nop
100019AF 90 nop
100019B0 /$ A1 F8860010 mov eax,dword ptr ds:[100086F8]
100019B5 |. 83EC 08 sub esp,8
100019B8 |. 85C0 test eax,eax
100019BA |. 53 push ebx
100019BB |. 75 1E jnz short car_exam.100019DB
100019BD |. 8B4424 10 mov eax,dword ptr ss:[esp+10]
100019C1 |. 83F8 61 cmp eax,61
100019C4 |. 0F8C DF000000 jl car_exam.10001AA9
100019CA |. 83F8 7A cmp eax,7A
100019CD |. 0F8F D6000000 jg car_exam.10001AA9
100019D3 |. 83E8 20 sub eax,20
100019D6 |. 5B pop ebx
100019D7 |. 83C4 08 add esp,8
100019DA |. C3 retn
100019DB |> 8B5C24 10 mov ebx,dword ptr ss:[esp+10]
100019DF |. 81FB 00010000 cmp ebx,100
100019E5 |. 7D 2C jge short car_exam.10001A13
100019E7 |. 833D 3C630010>cmp dword ptr ds:[1000633C],1
100019EE |. 7E 0D jle short car_exam.100019FD
100019F0 |. 6A 02 push 2
100019F2 |. 53 push ebx
100019F3 |. E8 880A0000 call car_exam.10002480
100019F8 |. 83C4 08 add esp,8
100019FB |. EB 0B jmp short car_exam.10001A08
100019FD |> A1 30610010 mov eax,dword ptr ds:[10006130]
10001A02 |. 8A0458 mov al,byte ptr ds:[eax+ebx*2]
10001A05 |. 83E0 02 and eax,2
10001A08 |> 85C0 test eax,eax
10001A0A |. 75 07 jnz short car_exam.10001A13
10001A0C |. 8BC3 mov eax,ebx
10001A0E |. 5B pop ebx
10001A0F |. 83C4 08 add esp,8
10001A12 |. C3 retn
10001A13 |> 8B15 30610010 mov edx,dword ptr ds:[10006130] ; car_exam.1000613A
10001A19 |. 8BC3 mov eax,ebx
10001A1B |. C1F8 08 sar eax,8
10001A1E |. 8BC8 mov ecx,eax
10001A20 |. 81E1 FF000000 and ecx,0FF
10001A26 |. F6444A 01 80 test byte ptr ds:[edx+ecx*2+1],80
10001A2B |. 74 14 je short car_exam.10001A41
10001A2D |. 884424 10 mov byte ptr ss:[esp+10],al
10001A31 |. 885C24 11 mov byte ptr ss:[esp+11],bl
10001A35 |. C64424 12 00 mov byte ptr ss:[esp+12],0
10001A3A |. B8 02000000 mov eax,2
10001A3F |. EB 0E jmp short car_exam.10001A4F
10001A41 |> 885C24 10 mov byte ptr ss:[esp+10],bl
10001A45 |. C64424 11 00 mov byte ptr ss:[esp+11],0
10001A4A |. B8 01000000 mov eax,1
10001A4F |> 6A 01 push 1
10001A51 |. 6A 00 push 0
10001A53 |. 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
10001A57 |. 6A 03 push 3
10001A59 |. 51 push ecx
10001A5A |. 8D5424 20 lea edx,dword ptr ss:[esp+20]
10001A5E |. 50 push eax
10001A5F |. A1 F8860010 mov eax,dword ptr ds:[100086F8]
10001A64 |. 52 push edx
10001A65 |. 68 00020000 push 200
10001A6A |. 50 push eax
10001A6B |. E8 B0070000 call car_exam.10002220
10001A70 |. 83C4 20 add esp,20
10001A73 |. 85C0 test eax,eax
10001A75 |. 75 07 jnz short car_exam.10001A7E
10001A77 |. 8BC3 mov eax,ebx
10001A79 |. 5B pop ebx
10001A7A |. 83C4 08 add esp,8
10001A7D |. C3 retn
10001A7E |> 83F8 01 cmp eax,1
10001A81 |. 75 0E jnz short car_exam.10001A91
10001A83 |. 8B4424 04 mov eax,dword ptr ss:[esp+4]
10001A87 |. 25 FF000000 and eax,0FF
10001A8C |. 5B pop ebx
10001A8D |. 83C4 08 add esp,8
10001A90 |. C3 retn
10001A91 |> 8B4424 05 mov eax,dword ptr ss:[esp+5]
10001A95 |. 8B4C24 04 mov ecx,dword ptr ss:[esp+4]
10001A99 |. 25 FF000000 and eax,0FF
10001A9E |. 81E1 FF000000 and ecx,0FF
10001AA4 |. C1E0 08 shl eax,8
10001AA7 |. 0BC1 or eax,ecx
10001AA9 |> 5B pop ebx
10001AAA |. 83C4 08 add esp,8
10001AAD \. C3 retn
10001AAE 90 nop
10001AAF 90 nop
10001AB0 /$ 8B4424 04 mov eax,dword ptr ss:[esp+4]
10001AB4 |. 6A 04 push 4
10001AB6 |. 6A 00 push 0
10001AB8 |. 50 push eax
10001AB9 |. E8 32000000 call car_exam.10001AF0
10001ABE |. 83C4 0C add esp,0C
10001AC1 \. C3 retn
10001AC2 90 nop
10001AC3 90 nop
10001AC4 90 nop
10001AC5 90 nop
10001AC6 90 nop
10001AC7 90 nop
10001AC8 90 nop
10001AC9 90 nop
10001ACA 90 nop
10001ACB 90 nop
10001ACC 90 nop
10001ACD 90 nop
10001ACE 90 nop
10001ACF 90 nop
10001AD0 /$ 8B4424 04 mov eax,dword ptr ss:[esp+4]
10001AD4 |. 6A 08 push 8
10001AD6 |. 6A 00 push 0
10001AD8 |. 50 push eax
10001AD9 |. E8 12000000 call car_exam.10001AF0
10001ADE |. 83C4 0C add esp,0C
10001AE1 \. C3 retn
10001AE2 90 nop
10001AE3 90 nop
10001AE4 90 nop
10001AE5 90 nop
10001AE6 90 nop
10001AE7 90 nop
10001AE8 90 nop
10001AE9 90 nop
10001AEA 90 nop
10001AEB 90 nop
10001AEC 90 nop
10001AED 90 nop
10001AEE 90 nop
10001AEF 90 nop
10001AF0 /$ 8B4424 04 mov eax,dword ptr ss:[esp+4]
10001AF4 |. 8A4C24 0C mov cl,byte ptr ss:[esp+C]
10001AF8 |. 25 FF000000 and eax,0FF
10001AFD |. 8488 C9840010 test byte ptr ds:[eax+100084C9],cl
10001B03 |. 75 1F jnz short car_exam.10001B24
10001B05 |. 8B4C24 08 mov ecx,dword ptr ss:[esp+8]
10001B09 |. 85C9 test ecx,ecx
10001B0B |. 74 10 je short car_exam.10001B1D
10001B0D |. 33D2 xor edx,edx
10001B0F |. 66:8B1445 3A6>mov dx,word ptr ds:[eax*2+1000613A]
10001B17 |. 8BC2 mov eax,edx
10001B19 |. 23C1 and eax,ecx
10001B1B |. EB 02 jmp short car_exam.10001B1F
10001B1D |> 33C0 xor eax,eax
10001B1F |> 85C0 test eax,eax
10001B21 |. 75 01 jnz short car_exam.10001B24
10001B23 |. C3 retn
10001B24 |> B8 01000000 mov eax,1
10001B29 \. C3 retn
10001B2A 90 nop
10001B2B 90 nop
10001B2C 90 nop
10001B2D 90 nop
10001B2E 90 nop
10001B2F 90 nop
10001B30 > $ 55 push ebp ; (初始化 cpu 选择状态)
10001B31 . 8BEC mov ebp,esp
10001B33 . 6A FF push -1
10001B35 . 68 A0500010 push car_exam.100050A0
10001B3A . 68 28300010 push car_exam.10003028 ; SE 句柄安装
10001B3F . 64:A1 0000000>mov eax,dword ptr fs:[0]
10001B45 . 50 push eax
10001B46 . 64:8925 00000>mov dword ptr fs:[0],esp
10001B4D . 83C4 A8 add esp,-58
10001B50 . 53 push ebx
10001B51 . 56 push esi
10001B52 . 57 push edi
10001B53 . 8965 E8 mov dword ptr ss:[ebp-18],esp
10001B56 . FF15 1C500010 call dword ptr ds:[<&KERNEL32.GetVer>; kernel32.GetVersion
10001B5C . 33D2 xor edx,edx
10001B5E . 8AD4 mov dl,ah
10001B60 . 8915 24870010 mov dword ptr ds:[10008724],edx
10001B66 . 8BC8 mov ecx,eax
10001B68 . 81E1 FF000000 and ecx,0FF
10001B6E . 890D 20870010 mov dword ptr ds:[10008720],ecx
10001B74 . C1E1 08 shl ecx,8
10001B77 . 03CA add ecx,edx
10001B79 . 890D 1C870010 mov dword ptr ds:[1000871C],ecx
10001B7F . C1E8 10 shr eax,10
10001B82 . A3 18870010 mov dword ptr ds:[10008718],eax
10001B87 . E8 64130000 call car_exam.10002EF0
10001B8C . 85C0 test eax,eax
10001B8E . 75 0A jnz short car_exam.10001B9A
10001B90 . 6A 1C push 1C
10001B92 . E8 69010000 call car_exam.10001D00
10001B97 . 83C4 04 add esp,4
10001B9A > C745 FC 00000>mov dword ptr ss:[ebp-4],0
10001BA1 . E8 4A110000 call car_exam.10002CF0
10001BA6 . E8 65060000 call car_exam.10002210
10001BAB . FF15 08500010 call dword ptr ds:[<&KERNEL32.GetCom>; [GetCommandLineA
10001BB1 . A3 B4890010 mov dword ptr ds:[100089B4],eax
10001BB6 . E8 D50F0000 call car_exam.10002B90
10001BBB . A3 BC840010 mov dword ptr ds:[100084BC],eax
10001BC0 . 85C0 test eax,eax
10001BC2 . 74 09 je short car_exam.10001BCD
10001BC4 . A1 B4890010 mov eax,dword ptr ds:[100089B4]
10001BC9 . 85C0 test eax,eax
10001BCB . 75 0A jnz short car_exam.10001BD7
10001BCD > 6A FF push -1
10001BCF . E8 7C090000 call car_exam.10002550
10001BD4 . 83C4 04 add esp,4
10001BD7 > E8 040D0000 call car_exam.100028E0
10001BDC . E8 0F0C0000 call car_exam.100027F0
10001BE1 . E8 3A090000 call car_exam.10002520
10001BE6 . 8B35 B4890010 mov esi,dword ptr ds:[100089B4]
10001BEC . 8975 9C mov dword ptr ss:[ebp-64],esi
10001BEF . 803E 22 cmp byte ptr ds:[esi],22
10001BF2 . 0F85 BE000000 jnz car_exam.10001CB6
10001BF8 > 46 inc esi
10001BF9 . 8975 9C mov dword ptr ss:[ebp-64],esi
10001BFC . 8A06 mov al,byte ptr ds:[esi]
10001BFE . 3C 22 cmp al,22
10001C00 . 74 1C je short car_exam.10001C1E
10001C02 . 84C0 test al,al
10001C04 . 74 18 je short car_exam.10001C1E
10001C06 . 25 FF000000 and eax,0FF
10001C0B . 50 push eax
10001C0C . E8 9FFEFFFF call car_exam.10001AB0
10001C11 . 83C4 04 add esp,4
10001C14 . 85C0 test eax,eax
10001C16 .^ 74 E0 je short car_exam.10001BF8
10001C18 . 46 inc esi
10001C19 . 8975 9C mov dword ptr ss:[ebp-64],esi
10001C1C .^ EB DA jmp short car_exam.10001BF8
10001C1E > 803E 22 cmp byte ptr ds:[esi],22
10001C21 . 75 04 jnz short car_exam.10001C27
10001C23 . 46 inc esi
10001C24 . 8975 9C mov dword ptr ss:[ebp-64],esi
10001C27 > 8A06 mov al,byte ptr ds:[esi]
10001C29 . 84C0 test al,al
10001C2B . 74 0A je short car_exam.10001C37
10001C2D . 3C 20 cmp al,20
10001C2F . 77 06 ja short car_exam.10001C37
10001C31 . 46 inc esi
10001C32 . 8975 9C mov dword ptr ss:[ebp-64],esi
10001C35 .^ EB F0 jmp short car_exam.10001C27
10001C37 > C745 D0 00000>mov dword ptr ss:[ebp-30],0
10001C3E . 8D45 A4 lea eax,dword ptr ss:[ebp-5C]
10001C41 . 50 push eax ; /pStartupinfo
10001C42 . FF15 18500010 call dword ptr ds:[<&KERNEL32.GetSta>; \GetStartupInfoA
10001C48 . F645 D0 01 test byte ptr ss:[ebp-30],1
10001C4C . 74 0A je short car_exam.10001C58
10001C4E . 8B45 D4 mov eax,dword ptr ss:[ebp-2C]
10001C51 . 25 FFFF0000 and eax,0FFFF
10001C56 . EB 05 jmp short car_exam.10001C5D
10001C58 > B8 0A000000 mov eax,0A
10001C5D > 50 push eax
10001C5E . 56 push esi
10001C5F . 6A 00 push 0
10001C61 . 6A 00 push 0 ; /pModule = NULL
10001C63 . FF15 14500010 call dword ptr ds:[<&KERNEL32.GetMod>; \GetModuleHandleA
10001C69 . 50 push eax
10001C6A . E8 91F3FFFF call car_exam.10001000
10001C6F . 8945 A0 mov dword ptr ss:[ebp-60],eax
10001C72 . 50 push eax
10001C73 . E8 D8080000 call car_exam.10002550
10001C78 . EB 21 jmp short car_exam.10001C9B
10001C7A . 8B45 EC mov eax,dword ptr ss:[ebp-14]
10001C7D . 8B08 mov ecx,dword ptr ds:[eax]
10001C7F . 8B09 mov ecx,dword ptr ds:[ecx]
10001C81 . 894D 98 mov dword ptr ss:[ebp-68],ecx
10001C84 . 50 push eax
10001C85 . 51 push ecx
10001C86 . E8 D5090000 call car_exam.10002660
10001C8B . 83C4 08 add esp,8
10001C8E . C3 retn
10001C8F . 8B65 E8 mov esp,dword ptr ss:[ebp-18]
10001C92 . 8B55 98 mov edx,dword ptr ss:[ebp-68]
10001C95 . 52 push edx
10001C96 . E8 D5080000 call car_exam.10002570
10001C9B > 83C4 04 add esp,4
10001C9E . C745 FC FFFFF>mov dword ptr ss:[ebp-4],-1
10001CA5 . 8B4D F0 mov ecx,dword ptr ss:[ebp-10]
10001CA8 . 64:890D 00000>mov dword ptr fs:[0],ecx
10001CAF . 5F pop edi
10001CB0 . 5E pop esi
10001CB1 . 5B pop ebx
10001CB2 . 8BE5 mov esp,ebp
10001CB4 . 5D pop ebp
10001CB5 . C3 retn
10001CB6 > 803E 20 cmp byte ptr ds:[esi],20
10001CB9 .^ 0F86 68FFFFFF jbe car_exam.10001C27
10001CBF . 46 inc esi
10001CC0 . 8975 9C mov dword ptr ss:[ebp-64],esi
10001CC3 .^ EB F1 jmp short car_exam.10001CB6
10001CC5 90 nop
10001CC6 90 nop
10001CC7 90 nop
10001CC8 90 nop
10001CC9 90 nop
10001CCA 90 nop
10001CCB 90 nop
10001CCC 90 nop
10001CCD 90 nop
10001CCE 90 nop
10001CCF 90 nop
10001CD0 /$ 833D C4840010>cmp dword ptr ds:[100084C4],1
10001CD7 |. 75 05 jnz short car_exam.10001CDE
10001CD9 |. E8 22140000 call car_exam.10003100
10001CDE |> 8B4424 04 mov eax,dword ptr ss:[esp+4]
10001CE2 |. 50 push eax
10001CE3 |. E8 58140000 call car_exam.10003140
10001CE8 |. 83C4 04 add esp,4
10001CEB |. 68 FF000000 push 0FF
10001CF0 |. FF15 30600010 call dword ptr ds:[10006030] ; car_exam.10002570
10001CF6 |. 83C4 04 add esp,4
10001CF9 \. C3 retn
10001CFA 90 nop
10001CFB 90 nop
10001CFC 90 nop
10001CFD 90 nop
10001CFE 90 nop
10001CFF 90 nop
10001D00 /$ 833D C4840010>cmp dword ptr ds:[100084C4],1
10001D07 |. 75 05 jnz short car_exam.10001D0E
10001D09 |. E8 F2130000 call car_exam.10003100
10001D0E |> 8B4424 04 mov eax,dword ptr ss:[esp+4]
10001D12 |. 50 push eax
10001D13 |. E8 28140000 call car_exam.10003140
10001D18 |. 83C4 04 add esp,4
10001D1B |. 68 FF000000 push 0FF ; /ExitCode = FF
10001D20 \. FF15 20500010 call dword ptr ds:[<&KERNEL32.ExitPr>; \ExitProcess
10001D26 . C3 retn
10001D27 90 nop
10001D28 90 nop
10001D29 90 nop
10001D2A 90 nop
10001D2B 90 nop
10001D2C 90 nop
10001D2D 90 nop
10001D2E 90 nop
10001D2F 90 nop
10001D30 /$ 8B4424 04 mov eax,dword ptr ss:[esp+4]
10001D34 |. 83EC 14 sub esp,14
10001D37 |. 53 push ebx
10001D38 |. 55 push ebp
10001D39 |. 56 push esi
10001D3A |. 57 push edi
10001D3B |. 50 push eax
10001D3C |. E8 FF010000 call car_exam.10001F40
10001D41 |. 8BC8 mov ecx,eax
10001D43 |. A1 D0860010 mov eax,dword ptr ds:[100086D0]
10001D48 |. 83C4 04 add esp,4
10001D4B |. 3BC8 cmp ecx,eax
10001D4D |. 894C24 28 mov dword ptr ss:[esp+28],ecx
10001D51 |. 75 0A jnz short car_exam.10001D5D
10001D53 |. 33C0 xor eax,eax
10001D55 |. 5F pop edi
10001D56 |. 5E pop esi
10001D57 |. 5D pop ebp
10001D58 |. 5B pop ebx
10001D59 |. 83C4 14 add esp,14
10001D5C |. C3 retn
10001D5D |> 85C9 test ecx,ecx
10001D5F |. 75 14 jnz short car_exam.10001D75
10001D61 |. E8 8A020000 call car_exam.10001FF0
10001D66 |. E8 C5020000 call car_exam.10002030
10001D6B |. 33C0 xor eax,eax
10001D6D |. 5F pop edi
10001D6E |. 5E pop esi
10001D6F |. 5D pop ebp
10001D70 |. 5B pop ebx
10001D71 |. 83C4 14 add esp,14
10001D74 |. C3 retn
10001D75 |> 33D2 xor edx,edx
10001D77 |. B8 40600010 mov eax,car_exam.10006040
10001D7C |> 3908 /cmp dword ptr ds:[eax],ecx
10001D7E |. 0F84 07010000 |je car_exam.10001E8B
10001D84 |. 83C0 30 |add eax,30
10001D87 |. 42 |inc edx
10001D88 |. 3D 30610010 |cmp eax,car_exam.10006130
10001D8D |.^ 72 ED \jb short car_exam.10001D7C
10001D8F |. 8D5424 10 lea edx,dword ptr ss:[esp+10]
10001D93 |. 52 push edx ; /pCPInfo
10001D94 |. 51 push ecx ; |CodePage
10001D95 |. FF15 0C500010 call dword ptr ds:[<&KERNEL32.GetCPI>; \GetCPInfo
10001D9B |. BE 01000000 mov esi,1
10001DA0 |. 3BC6 cmp eax,esi
10001DA2 |. 0F85 BB000000 jnz car_exam.10001E63
10001DA8 |. B9 40000000 mov ecx,40
10001DAD |. 33C0 xor eax,eax
10001DAF |. BF C8840010 mov edi,car_exam.100084C8
10001DB4 |. F3:AB rep stos dword ptr es:[edi]
10001DB6 |. 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
10001DBA |. AA stos byte ptr es:[edi]
10001DBB |. 8B7C24 28 mov edi,dword ptr ss:[esp+28]
10001DBF |. 33C0 xor eax,eax
10001DC1 |. 3BCE cmp ecx,esi
10001DC3 |. 893D D0860010 mov dword ptr ds:[100086D0],edi
10001DC9 |. A3 D4860010 mov dword ptr ds:[100086D4],eax
10001DCE |. 76 6E jbe short car_exam.10001E3E
10001DD0 |. 8A4424 16 mov al,byte ptr ss:[esp+16]
10001DD4 |. 84C0 test al,al
10001DD6 |. 74 37 je short car_exam.10001E0F
10001DD8 |. 8D5424 17 lea edx,dword ptr ss:[esp+17]
10001DDC |> 8A0A /mov cl,byte ptr ds:[edx]
10001DDE |. 84C9 |test cl,cl
10001DE0 |. 74 2D |je short car_exam.10001E0F
10001DE2 |. 33C0 |xor eax,eax
10001DE4 |. 81E1 FF000000 |and ecx,0FF
10001DEA |. 8A42 FF |mov al,byte ptr ds:[edx-1]
10001DED |. 3BC1 |cmp eax,ecx
10001DEF |. 77 14 |ja short car_exam.10001E05
10001DF1 |> 8A98 C9840010 |/mov bl,byte ptr ds:[eax+100084C9]
10001DF7 |. 80CB 04 ||or bl,4
10001DFA |. 8898 C9840010 ||mov byte ptr ds:[eax+100084C9],bl
10001E00 |. 40 ||inc eax
10001E01 |. 3BC1 ||cmp eax,ecx
10001E03 |.^ 76 EC |\jbe short car_exam.10001DF1
10001E05 |> 8A42 01 |mov al,byte ptr ds:[edx+1]
10001E08 |. 83C2 02 |add edx,2
10001E0B |. 84C0 |test al,al
10001E0D |.^ 75 CD \jnz short car_exam.10001DDC
10001E0F |> 8BC6 mov eax,esi
10001E11 |> 8A98 C9840010 /mov bl,byte ptr ds:[eax+100084C9]
10001E17 |. 80CB 08 |or bl,8
10001E1A |. 8898 C9840010 |mov byte ptr ds:[eax+100084C9],bl
10001E20 |. 40 |inc eax
10001E21 |. 3D FF000000 |cmp eax,0FF
10001E26 |.^ 72 E9 \jb short car_exam.10001E11
10001E28 |. 57 push edi
10001E29 |. E8 62010000 call car_exam.10001F90
10001E2E |. 83C4 04 add esp,4
10001E31 |. A3 D4860010 mov dword ptr ds:[100086D4],eax
10001E36 |. 8935 B0890010 mov dword ptr ds:[100089B0],esi
10001E3C |. EB 05 jmp short car_exam.10001E43
10001E3E |> A3 B0890010 mov dword ptr ds:[100089B0],eax
10001E43 |> 33C0 xor eax,eax
10001E45 |. A3 D8860010 mov dword ptr ds:[100086D8],eax
10001E4A |. A3 DC860010 mov dword ptr ds:[100086DC],eax
10001E4F |. A3 E0860010 mov dword ptr ds:[100086E0],eax
10001E54 |. E8 D7010000 call car_exam.10002030
10001E59 |. 33C0 xor eax,eax
10001E5B |. 5F pop edi
10001E5C |. 5E pop esi
10001E5D |. 5D pop ebp
10001E5E |. 5B pop ebx
10001E5F |. 83C4 14 add esp,14
10001E62 |. C3 retn
10001E63 |> A1 E4860010 mov eax,dword ptr ds:[100086E4]
10001E68 |. 85C0 test eax,eax
10001E6A |. 74 14 je short car_exam.10001E80
10001E6C |. E8 7F010000 call car_exam.10001FF0
10001E71 |. E8 BA010000 call car_exam.10002030
10001E76 |. 33C0 xor eax,eax
10001E78 |. 5F pop edi
10001E79 |. 5E pop esi
10001E7A |. 5D pop ebp
10001E7B |. 5B pop ebx
10001E7C |. 83C4 14 add esp,14
10001E7F |. C3 retn
10001E80 |> 83C8 FF or eax,FFFFFFFF
10001E83 |. 5F pop edi
10001E84 |. 5E pop esi
10001E85 |. 5D pop ebp
10001E86 |. 5B pop ebx
10001E87 |. 83C4 14 add esp,14
10001E8A |. C3 retn
10001E8B |> B9 40000000 mov ecx,40
10001E90 |. 33C0 xor eax,eax
10001E92 |. BF C8840010 mov edi,car_exam.100084C8
10001E97 |. 8D1C52 lea ebx,dword ptr ds:[edx+edx*2]
10001E9A |. F3:AB rep stos dword ptr es:[edi]
10001E9C |. AA stos byte ptr es:[edi]
10001E9D |. 33FF xor edi,edi
10001E9F |. C1E3 04 shl ebx,4
10001EA2 |. 8DAB 50600010 lea ebp,dword ptr ds:[ebx+10006050]
10001EA8 |> 8A45 00 /mov al,byte ptr ss:[ebp]
10001EAB |. 8BF5 |mov esi,ebp
10001EAD |. 84C0 |test al,al
10001EAF |. 74 30 |je short car_exam.10001EE1
10001EB1 |> 8A4E 01 |/mov cl,byte ptr ds:[esi+1]
10001EB4 |. 84C9 ||test cl,cl
10001EB6 |. 74 29 ||je short car_exam.10001EE1
10001EB8 |. 33C0 ||xor eax,eax
10001EBA |. 81E1 FF000000 ||and ecx,0FF
10001EC0 |. 8A06 ||mov al,byte ptr ds:[esi]
10001EC2 |. 3BC1 ||cmp eax,ecx
10001EC4 |. 77 11 ||ja short car_exam.10001ED7
10001EC6 |. 8A97 38600010 ||mov dl,byte ptr ds:[edi+10006038]
10001ECC |> 0890 C9840010 ||/or byte ptr ds:[eax+100084C9],dl
|
