-
-
[求助]关于脱VFP&EXENC5.0的破解请求
-
发表于: 2006-10-20 15:18 5254
-
按FLY脱VFP&EXENC方法脱出来这个程序怎么是DELPHI的??
0041FBD8 2> $ 55 push ebp
0041FBD9 . 8BEC mov ebp,esp
0041FBDB . B9 0A000000 mov ecx,0A
0041FBE0 > 6A 00 push 0
0041FBE2 . 6A 00 push 0
0041FBE4 . 49 dec ecx
0041FBE5 .^ 75 F9 jnz short 222.0041FBE0
0041FBE7 . 53 push ebx
0041FBE8 . 56 push esi
0041FBE9 . 57 push edi
0041FBEA . B8 38FB4100 mov eax,222.0041FB38
0041FBEF . E8 CC69FEFF call 222.004065C0
0041FBF4 . 33C0 xor eax,eax
0041FBF6 . 55 push ebp
0041FBF7 . 68 B50B4200 push 222.00420BB5
0041FBFC . 64:FF30 push dword ptr fs:[eax]
0041FBFF . 64:8920 mov dword ptr fs:[eax],esp
0041FC02 . B3 01 mov bl,1
0041FC04 . 68 04FC4100 push 222.0041FC04
0041FC09 . 8F05 E84042>pop dword ptr ds:[4240E8]
0041FC0F . A1 E8404200 mov eax,dword ptr ds:[4240E8]
0041FC14 . A3 F0404200 mov dword ptr ds:[4240F0],eax
0041FC19 . B0 01 mov al,1
0041FC1B . E8 90EBFFFF call 222.0041E7B0
0041FC20 . 33C0 xor eax,eax
0041FC22 . A3 703B4200 mov dword ptr ds:[423B70],eax
0041FC27 . B8 CC3D4200 mov eax,222.00423DCC
0041FC2C . E8 7746FEFF call 222.004042A8
0041FC31 . E8 2A2DFEFF call 222.00402960
0041FC36 . A3 A03B4200 mov dword ptr ds:[423BA0],eax
0041FC3B . 8B3D A03B42>mov edi,dword ptr ds:[423BA0]
0041FC41 . 85FF test edi,edi
0041FC43 . 7E 3D jle short 222.0041FC82
0041FC45 . C705 9C3B42>mov dword ptr ds:[423B9C],1
0041FC4F > FF35 CC3D42>push dword ptr ds:[423DCC]
0041FC55 . 8D55 EC lea edx,dword ptr ss:[ebp-14]
0041FC58 . A1 9C3B4200 mov eax,dword ptr ds:[423B9C]
0041FC5D . E8 5E2DFEFF call 222.004029C0
0041FC62 . FF75 EC push dword ptr ss:[ebp-14]
0041FC65 . 68 CC0B4200 push 222.00420BCC
0041FC6A . B8 CC3D4200 mov eax,222.00423DCC
0041FC6F . BA 03000000 mov edx,3
0041FC74 . E8 A749FEFF call 222.00404620
0041FC79 . FF05 9C3B42>inc dword ptr ds:[423B9C]
0041FC7F . 4F dec edi
0041FC80 .^ 75 CD jnz short 222.0041FC4F
0041FC82 > 8D55 E8 lea edx,dword ptr ss:[ebp-18]
0041FC85 . A1 CC3D4200 mov eax,dword ptr ds:[423DCC]
0041FC8A . E8 717DFEFF call 222.00407A00
0041FC8F . 8B55 E8 mov edx,dword ptr ss:[ebp-18]
0041FC92 . B8 CC3D4200 mov eax,222.00423DCC
0041FC97 . E8 6046FEFF call 222.004042FC
0041FC9C . 68 04010000 push 104 ; /BufSize = 104 (260.)
0041FCA1 . 68 DC3F4200 push 222.00423FDC ; |Buffer = 222.00423FDC
0041FCA6 . E8 E96AFEFF call <jmp.&kernel32.GetSystemDirec>; \GetSystemDirectoryA
0041FCAB . 8D55 E4 lea edx,dword ptr ss:[ebp-1C]
0041FCAE . B8 DC3F4200 mov eax,222.00423FDC
0041FCB3 . E8 2086FEFF call 222.004082D8
0041FCB8 . 8B55 E4 mov edx,dword ptr ss:[ebp-1C]
0041FCBB . B8 883B4200 mov eax,222.00423B88
0041FCC0 . E8 3746FEFF call 222.004042FC
0041FCC5 . A1 883B4200 mov eax,dword ptr ds:[423B88]
0041FCCA . E8 9148FEFF call 222.00404560
0041FCCF . 8B15 883B42>mov edx,dword ptr ds:[423B88]
0041FCD5 . 807C02 FF 5>cmp byte ptr ds:[edx+eax-1],5C
0041FCDA . 74 0F je short 222.0041FCEB
0041FCDC . B8 883B4200 mov eax,222.00423B88
0041FCE1 . BA D80B4200 mov edx,222.00420BD8
0041FCE6 . E8 7D48FEFF call 222.00404568
0041FCEB > 68 04010000 push 104 ; /BufSize = 104 (260.)
0041FCF0 . 68 DC3F4200 push 222.00423FDC ; |Buffer = 222.00423FDC
0041FCF5 . E8 C26AFEFF call <jmp.&kernel32.GetWindowsDire>; \GetWindowsDirectoryA
0041FCFA . 8D55 E0 lea edx,dword ptr ss:[ebp-20]
0041FCFD . B8 DC3F4200 mov eax,222.00423FDC
0041FD02 . E8 D185FEFF call 222.004082D8
0041FD07 . 8B55 E0 mov edx,dword ptr ss:[ebp-20]
0041FD0A . B8 8C3B4200 mov eax,222.00423B8C
0041FD0F . E8 E845FEFF call 222.004042FC
0041FD14 . A1 8C3B4200 mov eax,dword ptr ds:[423B8C]
0041FD19 . E8 4248FEFF call 222.00404560
0041FD1E . 8B15 8C3B42>mov edx,dword ptr ds:[423B8C]
0041FD24 . 807C02 FF 5>cmp byte ptr ds:[edx+eax-1],5C
0041FD29 . 74 0F je short 222.0041FD3A
0041FD2B . B8 8C3B4200 mov eax,222.00423B8C
0041FD30 . BA D80B4200 mov edx,222.00420BD8
0041FD35 . E8 2E48FEFF call 222.00404568
0041FD3A > 8D55 D8 lea edx,dword ptr ss:[ebp-28]
0041FD3D . 33C0 xor eax,eax
0041FD3F . E8 7C2CFEFF call 222.004029C0
0041FD44 . 8B45 D8 mov eax,dword ptr ss:[ebp-28]
0041FD47 . 8D55 DC lea edx,dword ptr ss:[ebp-24]
0041FD4A . E8 B17CFEFF call 222.00407A00
0041FD4F . 8B55 DC mov edx,dword ptr ss:[ebp-24]
0041FD52 . B8 C43D4200 mov eax,222.00423DC4
0041FD57 . E8 A045FEFF call 222.004042FC
0041FD5C . E8 BF2CFEFF call 222.00402A20
0041FD61 . 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
0041FD64 . A1 C43D4200 mov eax,dword ptr ds:[423DC4]
0041FD69 . E8 3E82FEFF call 222.00407FAC
0041FD6E . 8B55 D4 mov edx,dword ptr ss:[ebp-2C]
0041FD71 . B8 C83D4200 mov eax,222.00423DC8
0041FD76 . E8 8145FEFF call 222.004042FC
0041FD7B . A1 C83D4200 mov eax,dword ptr ds:[423DC8]
0041FD80 . E8 0384FEFF call 222.00408188
0041FD85 . BA 20000000 mov edx,20
0041FD8A . A1 C43D4200 mov eax,dword ptr ds:[423DC4]
0041FD8F . E8 B07EFEFF call 222.00407C44
0041FD94 . A3 943B4200 mov dword ptr ds:[423B94],eax
0041FD99 . 833D 943B42>cmp dword ptr ds:[423B94],0
0041FDA0 . 0F8C 090D00>jl 222.00420AAF
0041FDA6 . B9 02000000 mov ecx,2
0041FDAB . 33D2 xor edx,edx
0041FDAD . A1 943B4200 mov eax,dword ptr ds:[423B94]
0041FDB2 . E8 6D7FFEFF call 222.00407D24
0041FDB7 . A3 243B4200 mov dword ptr ds:[423B24],eax
0041FDBC . 33C9 xor ecx,ecx
0041FDBE . BA 00040000 mov edx,400
0041FDC3 . A1 943B4200 mov eax,dword ptr ds:[423B94]
0041FDC8 . E8 577FFEFF call 222.00407D24
0041FDCD . 68 CDFD4100 push 222.0041FDCD
0041FDD2 . 8F05 EC4042>pop dword ptr ds:[4240EC]
0041FDD8 . A1 EC404200 mov eax,dword ptr ds:[4240EC]
0041FDDD . 2B05 E84042>sub eax,dword ptr ds:[4240E8]
0041FDE3 . A3 A03B4200 mov dword ptr ds:[423BA0],eax
0041FDE8 . 8B35 E84042>mov esi,dword ptr ds:[4240E8]
0041FDEE . 8B3D A03B42>mov edi,dword ptr ds:[423BA0]
0041FDF4 . 85FF test edi,edi
0041FDF6 . 7E 1C jle short 222.0041FE14
0041FDF8 . C705 9C3B42>mov dword ptr ds:[423B9C],1
0041FE02 > A1 9C3B4200 mov eax,dword ptr ds:[423B9C]
0041FE07 . C60406 00 mov byte ptr ds:[esi+eax],0
0041FE0B . FF05 9C3B42>inc dword ptr ds:[423B9C]
0041FE11 . 4F dec edi
0041FE12 .^ 75 EE jnz short 222.0041FE02
0041FE14 > A1 EC404200 mov eax,dword ptr ds:[4240EC]
0041FE19 . A3 E8404200 mov dword ptr ds:[4240E8],eax
0041FE1E . B3 02 mov bl,2
0041FE20 . A1 C43D4200 mov eax,dword ptr ds:[423DC4]
0041FE25 . E8 2E49FEFF call 222.00404758
0041FE2A . 50 push eax ; /pModule
0041FE2B . E8 4469FEFF call <jmp.&kernel32.GetModuleHandl>; \GetModuleHandleA
0041FE30 . A3 B43B4200 mov dword ptr ds:[423BB4],eax
0041FE35 . A1 B43B4200 mov eax,dword ptr ds:[423BB4]
0041FE3A . A3 E0404200 mov dword ptr ds:[4240E0],eax
0041FE3F . BA B03B4200 mov edx,222.00423BB0
0041FE44 . A1 E0404200 mov eax,dword ptr ds:[4240E0]
0041FE49 . 83C0 3C add eax,3C
0041FE4C . B9 04000000 mov ecx,4
0041FE51 . E8 DE29FEFF call 222.00402834
0041FE56 . A1 E0404200 mov eax,dword ptr ds:[4240E0]
0041FE5B . 8B15 B03B42>mov edx,dword ptr ds:[423BB0]
0041FE61 . 8D4410 18 lea eax,dword ptr ds:[eax+edx+18]
0041FE65 . BA E43C4200 mov edx,222.00423CE4
0041FE6A . B9 E0000000 mov ecx,0E0
0041FE6F . E8 C029FEFF call 222.00402834
0041FE74 . A1 E0404200 mov eax,dword ptr ds:[4240E0]
0041FE79 . 8B15 B03B42>mov edx,dword ptr ds:[423BB0]
0041FE7F . 8D8410 9402>lea eax,dword ptr ds:[eax+edx+294]
0041FE86 . BA B83B4200 mov edx,222.00423BB8
0041FE8B . B9 04000000 mov ecx,4
0041FE90 . E8 9F29FEFF call 222.00402834
0041FE95 . BA B03B4200 mov edx,222.00423BB0
0041FE9A . A1 E0404200 mov eax,dword ptr ds:[4240E0]
0041FE9F . 83C0 7C add eax,7C
0041FEA2 . B9 04000000 mov ecx,4
0041FEA7 . E8 8829FEFF call 222.00402834
0041FEAC . A1 B03B4200 mov eax,dword ptr ds:[423BB0]
0041FEB1 . 3305 F43C42>xor eax,dword ptr ds:[423CF4]
0041FEB7 . A3 5C3B4200 mov dword ptr ds:[423B5C],eax
0041FEBC . A1 B83B4200 mov eax,dword ptr ds:[423BB8]
0041FEC1 . 05 10010000 add eax,110
0041FEC6 . A3 AC3B4200 mov dword ptr ds:[423BAC],eax
0041FECB . A1 E0404200 mov eax,dword ptr ds:[4240E0]
0041FED0 . 8B15 B83B42>mov edx,dword ptr ds:[423BB8]
0041FED6 . 03C2 add eax,edx
0041FED8 . BA D83D4200 mov edx,222.00423DD8
0041FEDD . B9 00020000 mov ecx,200
0041FEE2 . E8 4D29FEFF call 222.00402834
0041FEE7 . A0 D73F4200 mov al,byte ptr ds:[423FD7]
0041FEEC . A2 383B4200 mov byte ptr ds:[423B38],al
0041FEF1 . 68 F1FE4100 push 222.0041FEF1
0041FEF6 . 8F05 EC4042>pop dword ptr ds:[4240EC]
0041FEFC . B8 00020000 mov eax,200
0041FF01 . E8 B22FFEFF call 222.00402EB8
0041FF06 . A3 643B4200 mov dword ptr ds:[423B64],eax
0041FF0B . A1 EC404200 mov eax,dword ptr ds:[4240EC]
0041FF10 . 2B05 E84042>sub eax,dword ptr ds:[4240E8]
0041FF16 . A3 A03B4200 mov dword ptr ds:[423BA0],eax
0041FF1B . 8B35 E84042>mov esi,dword ptr ds:[4240E8]
0041FF21 . 8B3D A03B42>mov edi,dword ptr ds:[423BA0]
0041FF27 . 85FF test edi,edi
0041FF29 . 7E 1C jle short 222.0041FF47
0041FF2B . C705 9C3B42>mov dword ptr ds:[423B9C],1
0041FF35 > A1 9C3B4200 mov eax,dword ptr ds:[423B9C]
0041FF3A . C60406 00 mov byte ptr ds:[esi+eax],0
0041FF3E . FF05 9C3B42>inc dword ptr ds:[423B9C]
0041FF44 . 4F dec edi
0041FF45 .^ 75 EE jnz short 222.0041FF35
0041FF47 > A1 B43B4200 mov eax,dword ptr ds:[423BB4]
0041FF4C . 0305 B83B42>add eax,dword ptr ds:[423BB8]
0041FF52 . 05 10020000 add eax,210
0041FF57 . A3 B83B4200 mov dword ptr ds:[423BB8],eax
0041FF5C . 33C0 xor eax,eax
0041FF5E . A3 9C3B4200 mov dword ptr ds:[423B9C],eax
0041FF63 . B8 D83D4200 mov eax,222.00423DD8
0041FF68 > 8A10 mov dl,byte ptr ds:[eax]
0041FF6A . 3215 383B42>xor dl,byte ptr ds:[423B38]
0041FF70 . 84D2 test dl,dl
0041FF72 . 74 07 je short 222.0041FF7B
0041FF74 . 8038 00 cmp byte ptr ds:[eax],0
0041FF77 . 74 02 je short 222.0041FF7B
0041FF79 . 8810 mov byte ptr ds:[eax],dl
0041FF7B > FF05 9C3B42>inc dword ptr ds:[423B9C]
0041FF81 . 40 inc eax
0041FF82 . 813D 9C3B42>cmp dword ptr ds:[423B9C],1FF
0041FF8C .^ 75 DA jnz short 222.0041FF68
0041FF8E . A0 DE3D4200 mov al,byte ptr ds:[423DDE]
0041FF93 . A2 3A3B4200 mov byte ptr ds:[423B3A],al
0041FF98 . 33C0 xor eax,eax
0041FF9A . A3 7C3B4200 mov dword ptr ds:[423B7C],eax
0041FF9F . B8 86382351 mov eax,51233886
0041FFA4 . E8 0F2FFEFF call 222.00402EB8
0041FFA9 . 6BC0 0B imul eax,eax,0B
0041FFAC . A3 543B4200 mov dword ptr ds:[423B54],eax
0041FFB1 . 833D 643B42>cmp dword ptr ds:[423B64],0
0041FFB8 . 75 0F jnz short 222.0041FFC9
0041FFBA . B8 4D020000 mov eax,24D
0041FFBF . E8 F42EFEFF call 222.00402EB8
0041FFC4 . A3 643B4200 mov dword ptr ds:[423B64],eax
0041FFC9 > E8 5E67FEFF call <jmp.&kernel32.GetCurrentProc>; [GetCurrentProcessId
0041FFCE . A3 783B4200 mov dword ptr ds:[423B78],eax
0041FFD3 . 33D2 xor edx,edx
0041FFD5 . B8 02000000 mov eax,2
0041FFDA . E8 45DCFFFF call 222.0041DC24
0041FFDF . 8BF0 mov esi,eax
0041FFE1 . C705 BC3B42>mov dword ptr ds:[423BBC],128
0041FFEB . BA BC3B4200 mov edx,222.00423BBC
0041FFF0 . 8BC6 mov eax,esi
0041FFF2 . E8 4DDCFFFF call 222.0041DC44
0041FFF7 . EB 67 jmp short 222.00420060
0041FFF9 > 8D45 C8 lea eax,dword ptr ss:[ebp-38]
0041FFFC . BA E03B4200 mov edx,222.00423BE0
00420001 . B9 04010000 mov ecx,104
00420006 . E8 0545FEFF call 222.00404510
0042000B . 8B45 C8 mov eax,dword ptr ss:[ebp-38]
0042000E . 8D55 CC lea edx,dword ptr ss:[ebp-34]
00420011 . E8 CA7FFEFF call 222.00407FE0
00420016 . 8B45 CC mov eax,dword ptr ss:[ebp-34]
00420019 . 8D55 D0 lea edx,dword ptr ss:[ebp-30]
0042001C . E8 5F78FEFF call 222.00407880
00420021 . 8B55 D0 mov edx,dword ptr ss:[ebp-30]
00420024 . B8 D43D4200 mov eax,222.00423DD4
00420029 . E8 CE42FEFF call 222.004042FC
0042002E . A1 D43D4200 mov eax,dword ptr ds:[423DD4]
00420033 . BA E40B4200 mov edx,222.00420BE4 ; ASCII "EXPLORER.EXE"
00420038 . E8 6746FEFF call 222.004046A4
0042003D . 75 15 jnz short 222.00420054
0042003F . 833D 7C3B42>cmp dword ptr ds:[423B7C],0
00420046 . 75 0C jnz short 222.00420054
00420048 . A1 C43B4200 mov eax,dword ptr ds:[423BC4]
0042004D . A3 7C3B4200 mov dword ptr ds:[423B7C],eax
00420052 . EB 10 jmp short 222.00420064
00420054 > BA BC3B4200 mov edx,222.00423BBC
00420059 . 8BC6 mov eax,esi
0042005B . E8 04DCFFFF call 222.0041DC64
00420060 > 85C0 test eax,eax
00420062 .^ 75 95 jnz short 222.0041FFF9
00420064 > 56 push esi ; /hObject
00420065 . E8 3266FEFF call <jmp.&kernel32.CloseHandle> ; \CloseHandle
0042006A . B8 12658833 mov eax,33886512
0042006F . E8 442EFEFF call 222.00402EB8
00420074 . 6BC0 17 imul eax,eax,17
00420077 . A3 343B4200 mov dword ptr ds:[423B34],eax
0042007C . B8 FF000000 mov eax,0FF
00420081 . E8 322EFEFF call 222.00402EB8
00420086 . A2 4B3B4200 mov byte ptr ds:[423B4B],al
0042008B . A1 C43D4200 mov eax,dword ptr ds:[423DC4]
00420090 . 8038 5C cmp byte ptr ds:[eax],5C
00420093 . 75 10 jnz short 222.004200A5
00420095 . 803D E63D42>cmp byte ptr ds:[423DE6],1
0042009C . 75 07 jnz short 222.004200A5
0042009E . B3 06 mov bl,6
004200A0 . E9 0A0A0000 jmp 222.00420AAF
004200A5 > A1 B83B4200 mov eax,dword ptr ds:[423BB8]
004200AA . A3 303B4200 mov dword ptr ds:[423B30],eax
004200AF . BA 603B4200 mov edx,222.00423B60
004200B4 . A1 303B4200 mov eax,dword ptr ds:[423B30]
004200B9 . 83C0 F4 add eax,-0C
004200BC . B9 04000000 mov ecx,4
004200C1 . E8 6E27FEFF call 222.00402834
004200C6 . BA 103B4200 mov edx,222.00423B10
004200CB . A1 303B4200 mov eax,dword ptr ds:[423B30]
004200D0 . 83C0 F9 add eax,-7
004200D3 . B9 04000000 mov ecx,4
004200D8 . E8 5727FEFF call 222.00402834
004200DD . BA 983B4200 mov edx,222.00423B98
004200E2 . B8 A13E4200 mov eax,222.00423EA1
004200E7 . B9 04000000 mov ecx,4
004200EC . E8 4327FEFF call 222.00402834
004200F1 . BA 203B4200 mov edx,222.00423B20
004200F6 . B8 A53E4200 mov eax,222.00423EA5
004200FB . B9 04000000 mov ecx,4
00420100 . E8 2F27FEFF call 222.00402834
00420105 . 33C0 xor eax,eax
00420107 . A3 183B4200 mov dword ptr ds:[423B18],eax
0042010C . BA 1C3B4200 mov edx,222.00423B1C
00420111 . B8 E03E4200 mov eax,222.00423EE0
00420116 . B9 04000000 mov ecx,4
0042011B . E8 1427FEFF call 222.00402834
00420120 . BA 9C3B4200 mov edx,222.00423B9C
00420125 . B8 AD3F4200 mov eax,222.00423FAD
0042012A . B9 04000000 mov ecx,4
0042012F . E8 0027FEFF call 222.00402834
00420134 . BA 803B4200 mov edx,222.00423B80
00420139 . B8 E43E4200 mov eax,222.00423EE4
0042013E . B9 04000000 mov ecx,4
00420143 . E8 EC26FEFF call 222.00402834
00420148 . BA 843B4200 mov edx,222.00423B84
0042014D . B8 E83E4200 mov eax,222.00423EE8
00420152 . B9 04000000 mov ecx,4
00420157 . E8 D826FEFF call 222.00402834
0042015C . 833D 9C3B42>cmp dword ptr ds:[423B9C],0
00420163 . 0F8E 840000>jle 222.004201ED
00420169 . A1 9C3B4200 mov eax,dword ptr ds:[423B9C]
0042016E . E8 5D25FEFF call 222.004026D0
00420173 . A3 2C3B4200 mov dword ptr ds:[423B2C],eax
00420178 . A1 AC3B4200 mov eax,dword ptr ds:[423BAC]
0042017D . 05 00020000 add eax,200
00420182 . 0305 983B42>add eax,dword ptr ds:[423B98]
00420188 . 8B15 E04042>mov edx,dword ptr ds:[4240E0]
0042018E . 8D0402 lea eax,dword ptr ds:[edx+eax]
00420191 . 8B15 2C3B42>mov edx,dword ptr ds:[423B2C]
00420197 . 8B0D 9C3B42>mov ecx,dword ptr ds:[423B9C]
0042019D . E8 9226FEFF call 222.00402834
004201A2 . B8 2C3B4200 mov eax,222.00423B2C
004201A7 . 8B0D 9C3B42>mov ecx,dword ptr ds:[423B9C]
004201AD . BA FC0B4200 mov edx,222.00420BFC
004201B2 . E8 69E3FFFF call 222.0041E520
004201B7 . B8 903B4200 mov eax,222.00423B90
004201BC . 8B15 9C3B42>mov edx,dword ptr ds:[423B9C]
004201C2 . E8 C146FEFF call 222.00404888
004201C7 . B8 903B4200 mov eax,222.00423B90
004201CC . E8 DF45FEFF call 222.004047B0
004201D1 . 8BD0 mov edx,eax
004201D3 . A1 2C3B4200 mov eax,dword ptr ds:[423B2C]
004201D8 . 8B0D 9C3B42>mov ecx,dword ptr ds:[423B9C]
004201DE . E8 5126FEFF call 222.00402834
004201E3 . A1 2C3B4200 mov eax,dword ptr ds:[423B2C]
004201E8 . E8 0325FEFF call 222.004026F0
004201ED > B8 80000000 mov eax,80
004201F2 . E8 D924FEFF call 222.004026D0
004201F7 . A3 2C3B4200 mov dword ptr ds:[423B2C],eax
004201FC . 8B15 2C3B42>mov edx,dword ptr ds:[423B2C]
00420202 . A1 E0404200 mov eax,dword ptr ds:[4240E0]
00420207 . 05 80000000 add eax,80
0042020C . B9 80000000 mov ecx,80
00420211 . E8 1E26FEFF call 222.00402834
00420216 . A1 5C3B4200 mov eax,dword ptr ds:[423B5C]
0042021B . 33D2 xor edx,edx
0042021D . 52 push edx ; /Arg2 => 00000000
0042021E . 50 push eax ; |Arg1 => 00000000
0042021F . 8D55 C4 lea edx,dword ptr ss:[ebp-3C] ; |
00420222 . B8 08000000 mov eax,8 ; |
00420227 . E8 2879FEFF call 222.00407B54 ; \222.00407B54
0042022C . 8B55 C4 mov edx,dword ptr ss:[ebp-3C]
0042022F . B8 D03D4200 mov eax,222.00423DD0
00420234 . E8 C340FEFF call 222.004042FC
00420239 . B8 2C3B4200 mov eax,222.00423B2C
0042023E . B9 80000000 mov ecx,80
00420243 . 8B15 D03D42>mov edx,dword ptr ds:[423DD0]
00420249 . E8 D2E2FFFF call 222.0041E520
0042024E . BA 5C3B4200 mov edx,222.00423B5C
00420253 . A1 2C3B4200 mov eax,dword ptr ds:[423B2C]
00420258 . 83C0 35 add eax,35
0042025B . B9 04000000 mov ecx,4
00420260 . E8 CF25FEFF call 222.00402834
00420265 . BA A03B4200 mov edx,222.00423BA0
0042026A . A1 2C3B4200 mov eax,dword ptr ds:[423B2C]
0042026F . 83C0 3E add eax,3E
00420272 . B9 04000000 mov ecx,4
00420277 . E8 B825FEFF call 222.00402834
0042027C . A1 A03B4200 mov eax,dword ptr ds:[423BA0]
00420281 . 3105 5C3B42>xor dword ptr ds:[423B5C],eax
00420287 . B8 2C3B4200 mov eax,222.00423B2C
0042028C . B9 80000000 mov ecx,80
00420291 . 8B15 D03D42>mov edx,dword ptr ds:[423DD0]
00420297 . E8 84E2FFFF call 222.0041E520
0042029C . A1 2C3B4200 mov eax,dword ptr ds:[423B2C]
004202A1 . E8 4A24FEFF call 222.004026F0
004202A6 . 803D D83D42>cmp byte ptr ds:[423DD8],0FE
004202AD . 0F85 860000>jnz 222.00420339
004202B3 . BA A83B4200 mov edx,222.00423BA8
004202B8 . B8 DA3D4200 mov eax,222.00423DDA
004202BD . B9 04000000 mov ecx,4
004202C2 . E8 6D25FEFF call 222.00402834
004202C7 . 8B15 A83B42>mov edx,dword ptr ds:[423BA8]
004202CD . A0 D93D4200 mov al,byte ptr ds:[423DD9]
004202D2 . E8 8DF4FFFF call 222.0041F764
004202D7 . A3 A03B4200 mov dword ptr ds:[423BA0],eax
004202DC . A1 A03B4200 mov eax,dword ptr ds:[423BA0]
004202E1 . 3B05 A83B42>cmp eax,dword ptr ds:[423BA8]
004202E7 . 7D 09 jge short 222.004202F2
004202E9 . 833D A03B42>cmp dword ptr ds:[423BA0],0
004202F0 . 7D 47 jge short 222.00420339
004202F2 > BA A03B4200 mov edx,222.00423BA0
004202F7 . B8 E83D4200 mov eax,222.00423DE8
004202FC . B9 04000000 mov ecx,4
00420301 . E8 2E25FEFF call 222.00402834
00420306 . B8 CC3D4200 mov eax,222.00423DCC
0042030B . 8B15 A03B42>mov edx,dword ptr ds:[423BA0]
00420311 . E8 7245FEFF call 222.00404888
00420316 . B8 CC3D4200 mov eax,222.00423DCC
0042031B . E8 9044FEFF call 222.004047B0
00420320 . 8BD0 mov edx,eax
00420322 . B8 EC3D4200 mov eax,222.00423DEC
00420327 . 8B0D A03B42>mov ecx,dword ptr ds:[423BA0]
0042032D . E8 0225FEFF call 222.00402834
00420332 . B3 12 mov bl,12
00420334 . E9 76070000 jmp 222.00420AAF
00420339 > C605 393B42>mov byte ptr ds:[423B39],0
00420340 . 68 503B4200 push 222.00423B50 ; /pThreadId = 222.00423B50
00420345 . 6A 00 push 0 ; |CreationFlags = 0
00420347 . 6A 00 push 0 ; |pThreadParm = NULL
00420349 . 68 FCF34100 push 222.0041F3FC ; |ThreadFunction = 222.0041F3FC
0042034E . 6A 00 push 0 ; |StackSize = 0
00420350 . 6A 00 push 0 ; |pSecurity = NULL
00420352 . E8 6563FEFF call <jmp.&kernel32.CreateThread> ; \CreateThread
00420357 . A3 6C3B4200 mov dword ptr ds:[423B6C],eax
0042035C . 33C0 xor eax,eax
0042035E . A0 E03D4200 mov al,byte ptr ds:[423DE0]
00420363 . 83F8 09 cmp eax,9 ; Switch (cases 1..9)
00420366 . 0F87 8D0000>ja 222.004203F9
0042036C . FF2485 7303>jmp dword ptr ds:[eax*4+420373]
00420373 . F9034200 dd 222.004203F9 ; Switch table used at 0042036C
00420377 . 9B034200 dd 222.0042039B
0042037B . F9034200 dd 222.004203F9
0042037F . F9034200 dd 222.004203F9
00420383 . F9034200 dd 222.004203F9
00420387 . F9034200 dd 222.004203F9
0042038B . B7034200 dd 222.004203B7
0042038F . C8034200 dd 222.004203C8
00420393 . D9034200 dd 222.004203D9
00420397 . EA034200 dd 222.004203EA
0042039B > 8D55 C0 lea edx,dword ptr ss:[ebp-40] ; Case 1 of switch 00420363
0042039E . B8 EC3E4200 mov eax,222.00423EEC
004203A3 . E8 307FFEFF call 222.004082D8
004203A8 . 8B55 C0 mov edx,dword ptr ss:[ebp-40]
004203AB . B8 C83D4200 mov eax,222.00423DC8
004203B0 . E8 473FFEFF call 222.004042FC
004203B5 . EB 42 jmp short 222.004203F9
004203B7 > B8 C83D4200 mov eax,222.00423DC8 ; Case 6 of switch 00420363
004203BC . BA 2C0C4200 mov edx,222.00420C2C ; ASCII "vfp6r.dll"
004203C1 . E8 363FFEFF call 222.004042FC
004203C6 . EB 31 jmp short 222.004203F9
004203C8 > B8 C83D4200 mov eax,222.00423DC8 ; Case 7 of switch 00420363
004203CD . BA 400C4200 mov edx,222.00420C40 ; ASCII "vfp7r.dll"
004203D2 . E8 253FFEFF call 222.004042FC
004203D7 . EB 20 jmp short 222.004203F9
004203D9 > B8 C83D4200 mov eax,222.00423DC8 ; Case 8 of switch 00420363
004203DE . BA 540C4200 mov edx,222.00420C54 ; ASCII "vfp8r.dll"
004203E3 . E8 143FFEFF call 222.004042FC
004203E8 . EB 0F jmp short 222.004203F9
004203EA > B8 C83D4200 mov eax,222.00423DC8 ; Case 9 of switch 00420363
004203EF . BA 680C4200 mov edx,222.00420C68 ; ASCII "vfp9r.dll"
004203F4 . E8 033FFEFF call 222.004042FC
004203F9 > A1 C83D4200 mov eax,dword ptr ds:[423DC8] ; Default case of switch 00420363
004203FE . E8 D579FEFF call 222.00407DD8
00420403 . 84C0 test al,al
00420405 . 0F85 AD0000>jnz 222.004204B8
0042040B . 8D45 BC lea eax,dword ptr ss:[ebp-44]
0042040E . 8B0D C83D42>mov ecx,dword ptr ds:[423DC8]
00420414 . 8B15 883B42>mov edx,dword ptr ds:[423B88]
0042041A . E8 8D41FEFF call 222.004045AC
0042041F . 8B45 BC mov eax,dword ptr ss:[ebp-44]
00420422 . E8 B179FEFF call 222.00407DD8
00420427 . 84C0 test al,al
00420429 . 74 18 je short 222.00420443
0042042B . B8 C83D4200 mov eax,222.00423DC8
00420430 . 8B0D C83D42>mov ecx,dword ptr ds:[423DC8]
00420436 . 8B15 883B42>mov edx,dword ptr ds:[423B88]
0042043C . E8 6B41FEFF call 222.004045AC
00420441 . EB 75 jmp short 222.004204B8
00420443 > B8 D03D4200 mov eax,222.00423DD0
00420448 . BA 7C0C4200 mov edx,222.00420C7C ; ASCII "C:\Program Files\Common Files\Microsoft Shared\VFP\"
0042044D . E8 AA3EFEFF call 222.004042FC
00420452 . C705 9C3B42>mov dword ptr ds:[423B9C],1
0042045C > 8D45 B8 lea eax,dword ptr ss:[ebp-48]
0042045F . 8B0D C83D42>mov ecx,dword ptr ds:[423DC8]
00420465 . 8B15 D03D42>mov edx,dword ptr ds:[423DD0]
0042046B . E8 3C41FEFF call 222.004045AC
00420470 . 8B45 B8 mov eax,dword ptr ss:[ebp-48]
00420473 . E8 6079FEFF call 222.00407DD8
00420478 . 84C0 test al,al
0042047A . 74 18 je short 222.00420494
0042047C . B8 C83D4200 mov eax,222.00423DC8
00420481 . 8B0D C83D42>mov ecx,dword ptr ds:[423DC8]
00420487 . 8B15 D03D42>mov edx,dword ptr ds:[423DD0]
0042048D . E8 1A41FEFF call 222.004045AC
00420492 . EB 24 jmp short 222.004204B8
00420494 > B8 D03D4200 mov eax,222.00423DD0
00420499 . E8 1243FEFF call 222.004047B0
0042049E . 8B15 9C3B42>mov edx,dword ptr ds:[423B9C]
004204A4 . 83C2 43 add edx,43
004204A7 . 8810 mov byte ptr ds:[eax],dl
004204A9 . FF05 9C3B42>inc dword ptr ds:[423B9C]
004204AF . 833D 9C3B42>cmp dword ptr ds:[423B9C],9
004204B6 .^ 75 A4 jnz short 222.0042045C
004204B8 > A1 C83D4200 mov eax,dword ptr ds:[423DC8]
004204BD . E8 1679FEFF call 222.00407DD8
004204C2 . 84C0 test al,al
004204C4 . 0F85 BD0000>jnz 222.00420587
004204CA . 68 B80C4200 push 222.00420CB8 ; ASCII "\VisualFoxProRuntime."
004204CF . 8D55 B4 lea edx,dword ptr ss:[ebp-4C]
004204D2 . 33C0 xor eax,eax
004204D4 . A0 E03D4200 mov al,byte ptr ds:[423DE0]
004204D9 . E8 D675FEFF call 222.00407AB4
004204DE . FF75 B4 push dword ptr ss:[ebp-4C]
004204E1 . 68 D80C4200 push 222.00420CD8 ; ASCII "\Shell\Open\Command\"
004204E6 . B8 D03D4200 mov eax,222.00423DD0
004204EB . BA 03000000 mov edx,3
004204F0 . E8 2B41FEFF call 222.00404620
004204F5 . B2 01 mov dl,1
004204F7 . A1 C4DD4100 mov eax,dword ptr ds:[41DDC4]
004204FC . E8 93D9FFFF call 222.0041DE94
00420501 . 8BF0 mov esi,eax
00420503 . BA 00000080 mov edx,80000000
00420508 . 8BC6 mov eax,esi
0042050A . E8 25DAFFFF call 222.0041DF34
0042050F . 33C9 xor ecx,ecx
00420511 . 8B15 D03D42>mov edx,dword ptr ds:[423DD0]
00420517 . 8BC6 mov eax,esi
00420519 . E8 7ADAFFFF call 222.0041DF98
0042051E . 33D2 xor edx,edx
00420520 . 8BC6 mov eax,esi
00420522 . E8 F9DCFFFF call 222.0041E220
00420527 . 84C0 test al,al
00420529 . 74 1B je short 222.00420546
0042052B . 8D4D B0 lea ecx,dword ptr ss:[ebp-50]
0042052E . 33D2 xor edx,edx
00420530 . 8BC6 mov eax,esi
00420532 . E8 FDDBFFFF call 222.0041E134
00420537 . 8B55 B0 mov edx,dword ptr ss:[ebp-50]
0042053A . B8 C83D4200 mov eax,222.00423DC8
0042053F . E8 B83DFEFF call 222.004042FC
00420544 . EB 3A jmp short 222.00420580
00420546 > 8BC6 mov eax,esi
00420548 . E8 2330FEFF call 222.00403570
0042054D . 803D E03D42>cmp byte ptr ds:[423DE0],1
00420554 . 0F85 550500>jnz 222.00420AAF
0042055A . B3 05 mov bl,5
0042055C . 68 F80C4200 push 222.00420CF8
00420561 . FF35 C83D42>push dword ptr ds:[423DC8]
00420567 . 68 0C0D4200 push 222.00420D0C
0042056C . B8 CC3D4200 mov eax,222.00423DCC
00420571 . BA 03000000 mov edx,3
00420576 . E8 A540FEFF call 222.00404620
0042057B . E9 2F050000 jmp 222.00420AAF
00420580 > 8BC6 mov eax,esi
00420582 . E8 E92FFEFF call 222.00403570
00420587 > B3 03 mov bl,3
00420589 . E8 2AE8FFFF call 222.0041EDB8
0042058E . 83F8 04 cmp eax,4
00420591 . 7E 23 jle short 222.004205B6
00420593 . A1 C83D4200 mov eax,dword ptr ds:[423DC8]
00420598 . E8 D377FEFF call 222.00407D70
0042059D . 3D 0910E130 cmp eax,30E11009
004205A2 . 74 12 je short 222.004205B6
004205A4 . A1 C83D4200 mov eax,dword ptr ds:[423DC8]
004205A9 . E8 2EE9FFFF call 222.0041EEDC
004205AE . 85C0 test eax,eax
004205B0 . 0F84 F90400>je 222.00420AAF
004205B6 > A1 C83D4200 mov eax,dword ptr ds:[423DC8]
004205BB . E8 9841FEFF call 222.00404758
004205C0 . 50 push eax ; /FileName
004205C1 . E8 4662FEFF call <jmp.&kernel32.LoadLibraryA> ; \LoadLibraryA
004205C6 . A3 4C3B4200 mov dword ptr ds:[423B4C],eax
004205CB . 833D 4C3B42>cmp dword ptr ds:[423B4C],0
004205D2 . 0F84 D70400>je 222.00420AAF
004205D8 . B3 28 mov bl,28
004205DA . 8B35 4C3B42>mov esi,dword ptr ds:[423B4C]
004205E0 . BA B03B4200 mov edx,222.00423BB0
004205E5 . 8D46 3C lea eax,dword ptr ds:[esi+3C]
004205E8 . B9 04000000 mov ecx,4
004205ED . E8 4222FEFF call 222.00402834
004205F2 . A1 B03B4200 mov eax,dword ptr ds:[423BB0]
004205F7 . 8D4406 18 lea eax,dword ptr ds:[esi+eax+18]
004205FB . BA E43C4200 mov edx,222.00423CE4
00420600 . B9 E0000000 mov ecx,0E0
00420605 . E8 2A22FEFF call 222.00402834
0042060A . 813D 1C3D42>cmp dword ptr ds:[423D1C],330000
00420614 . 0F82 950400>jb 222.00420AAF
0042061A . 813D FC3C42>cmp dword ptr ds:[423CFC],2DC000
00420624 . 0F82 850400>jb 222.00420AAF
0042062A . B3 03 mov bl,3
0042062C . 803D 0D3F42>cmp byte ptr ds:[423F0D],6
00420633 . 75 16 jnz short 222.0042064B
00420635 . C705 0C3B42>mov dword ptr ds:[423B0C],30B
0042063F . C705 A03B42>mov dword ptr ds:[423BA0],290
00420649 . EB 14 jmp short 222.0042065F
0042064B > C705 0C3B42>mov dword ptr ds:[423B0C],0D1F
00420655 . C705 A03B42>mov dword ptr ds:[423BA0],2E0
0042065F > A1 0C3B4200 mov eax,dword ptr ds:[423B0C]
00420664 . 3B05 983B42>cmp eax,dword ptr ds:[423B98]
0042066A . 7E 0A jle short 222.00420676
0042066C . A1 983B4200 mov eax,dword ptr ds:[423B98]
00420671 . A3 0C3B4200 mov dword ptr ds:[423B0C],eax
00420676 > 8B3D 0C3B42>mov edi,dword ptr ds:[423B0C]
0042067C . 85FF test edi,edi
0042067E . 7C 29 jl short 222.004206A9
00420680 . 47 inc edi
00420681 . C705 9C3B42>mov dword ptr ds:[423B9C],0
0042068B > A1 A03B4200 mov eax,dword ptr ds:[423BA0]
00420690 . 0305 9C3B42>add eax,dword ptr ds:[423B9C]
00420696 . 0FB60406 movzx eax,byte ptr ds:[esi+eax]
0042069A . 0105 AC3B42>add dword ptr ds:[423BAC],eax
004206A0 . FF05 9C3B42>inc dword ptr ds:[423B9C]
004206A6 . 4F dec edi
004206A7 .^ 75 E2 jnz short 222.0042068B
004206A9 > 68 280D4200 push 222.00420D28 ; /ProcNameOrOrdinal = "DllWinMain"
004206AE . A1 4C3B4200 mov eax,dword ptr ds:[423B4C] ; |
004206B3 . 50 push eax ; |hModule => NULL
004206B4 . E8 C360FEFF call <jmp.&kernel32.GetProcAddress>; \GetProcAddress
004206B9 . 8BF0 mov esi,eax
004206BB . 8935 E44042>mov dword ptr ds:[4240E4],esi
004206C1 . 85F6 test esi,esi
004206C3 . 0F84 E60300>je 222.00420AAF
004206C9 . B8 24684000 mov eax,<jmp.&kernel32.ReadFile> ; 入口地址
004206CE . E8 DDDBFFFF call 222.0041E2B0
004206D3 . A3 083B4200 mov dword ptr ds:[423B08],eax
004206D8 . 68 340D4200 push 222.00420D34 ; /pModule = "KERNEL32.DLL"
004206DD . E8 9260FEFF call <jmp.&kernel32.GetModuleHandl>; \GetModuleHandleA
004206E2 . 8BD0 mov edx,eax
004206E4 . A1 083B4200 mov eax,dword ptr ds:[423B08]
004206E9 . 25 000000FF and eax,FF000000
004206EE . A3 B83B4200 mov dword ptr ds:[423BB8],eax
004206F3 . 8BC2 mov eax,edx
004206F5 . 25 000000FF and eax,FF000000
004206FA . 3B05 B83B42>cmp eax,dword ptr ds:[423BB8]
00420700 . 74 07 je short 222.00420709
00420702 . B3 28 mov bl,28
00420704 . E9 A6030000 jmp 222.00420AAF
00420709 > 68 09074200 push 222.00420709
0042070E . 8F05 E84042>pop dword ptr ds:[4240E8]
00420714 . A1 E8404200 mov eax,dword ptr ds:[4240E8]
00420719 . 2B05 EC4042>sub eax,dword ptr ds:[4240EC]
0042071F . A3 A03B4200 mov dword ptr ds:[423BA0],eax
00420724 . 8B35 EC4042>mov esi,dword ptr ds:[4240EC]
0042072A . 8B3D A03B42>mov edi,dword ptr ds:[423BA0]
00420730 . 85FF test edi,edi
00420732 . 7E 1C jle short 222.00420750
00420734 . C705 9C3B42>mov dword ptr ds:[423B9C],1
0042073E > A1 9C3B4200 mov eax,dword ptr ds:[423B9C]
00420743 . C60406 00 mov byte ptr ds:[esi+eax],0
00420747 . FF05 9C3B42>inc dword ptr ds:[423B9C]
0042074D . 4F dec edi
0042074E .^ 75 EE jnz short 222.0042073E
00420750 > C605 3B3B42>mov byte ptr ds:[423B3B],0
00420757 . 33C0 xor eax,eax
00420759 . A3 0C3B4200 mov dword ptr ds:[423B0C],eax
0042075E . 8B35 B43B42>mov esi,dword ptr ds:[423BB4]
00420764 . 0335 AC3B42>add esi,dword ptr ds:[423BAC]
0042076A . 81C6 000200>add esi,200
00420770 . 813D 983B42>cmp dword ptr ds:[423B98],200
0042077A . 7E 0C jle short 222.00420788
0042077C . C705 A43B42>mov dword ptr ds:[423BA4],200
00420786 . EB 0A jmp short 222.00420792
00420788 > A1 983B4200 mov eax,dword ptr ds:[423B98]
0042078D . A3 A43B4200 mov dword ptr ds:[423BA4],eax
00420792 > 8B3D A43B42>mov edi,dword ptr ds:[423BA4]
00420798 . 4F dec edi
00420799 . 85FF test edi,edi
0042079B . 7C 30 jl short 222.004207CD
0042079D . 47 inc edi
0042079E . C705 9C3B42>mov dword ptr ds:[423B9C],0
004207A8 . B8 D83D4200 mov eax,222.00423DD8
004207AD > 8B15 9C3B42>mov edx,dword ptr ds:[423B9C]
004207B3 . 8A1416 mov dl,byte ptr ds:[esi+edx]
004207B6 . 3210 xor dl,byte ptr ds:[eax]
004207B8 . 52 push edx
004207B9 . 8B15 9C3B42>mov edx,dword ptr ds:[423B9C]
004207BF . 59 pop ecx
004207C0 . 880C16 mov byte ptr ds:[esi+edx],cl
004207C3 . FF05 9C3B42>inc dword ptr ds:[423B9C]
004207C9 . 40 inc eax
004207CA . 4F dec edi
004207CB .^ 75 E0 jnz short 222.004207AD
004207CD > 803D DF3D42>cmp byte ptr ds:[423DDF],0FA
004207D4 . 0F85 AB0000>jnz 222.00420885
004207DA . B3 04 mov bl,4
004207DC . C605 3B3B42>mov byte ptr ds:[423B3B],1
004207E3 . B2 01 mov dl,1
004207E5 . A1 E0134100 mov eax,dword ptr ds:[4113E0]
004207EA . E8 512DFEFF call 222.00403540
004207EF . 8BF8 mov edi,eax
004207F1 . 8BD6 mov edx,esi
004207F3 . 8B0D 983B42>mov ecx,dword ptr ds:[423B98]
004207F9 . 8BC7 mov eax,edi
004207FB . E8 1439FFFF call 222.00414114
00420800 . A1 203B4200 mov eax,dword ptr ds:[423B20]
00420805 . 0305 643B42>add eax,dword ptr ds:[423B64]
0042080B . E8 C01EFEFF call 222.004026D0
00420810 . A3 683B4200 mov dword ptr ds:[423B68],eax
00420815 . B9 683B4200 mov ecx,222.00423B68
0042081A . 8B15 203B42>mov edx,dword ptr ds:[423B20]
00420820 . 8BC7 mov eax,edi
00420822 . E8 0DE6FFFF call 222.0041EE34
00420827 . 85C0 test eax,eax
00420829 . 0F8C 800200>jl 222.00420AAF
0042082F . 8BC7 mov eax,edi
00420831 . E8 3A2DFEFF call 222.00403570
00420836 . A1 203B4200 mov eax,dword ptr ds:[423B20]
0042083B . 3B05 243B42>cmp eax,dword ptr ds:[423B24]
00420841 . 76 0C jbe short 222.0042084F
00420843 . C705 283B42>mov dword ptr ds:[423B28],1000
0042084D . EB 10 jmp short 222.0042085F
0042084F > A1 243B4200 mov eax,dword ptr ds:[423B24]
00420854 . 2B05 203B42>sub eax,dword ptr ds:[423B20]
0042085A . A3 283B4200 mov dword ptr ds:[423B28],eax
0042085F > A1 243B4200 mov eax,dword ptr ds:[423B24]
00420864 . 2B05 283B42>sub eax,dword ptr ds:[423B28]
0042086A . A3 A43B4200 mov dword ptr ds:[423BA4],eax
0042086F . BA 463B4200 mov edx,222.00423B46
00420874 . B8 A43B4200 mov eax,222.00423BA4
00420879 . B9 04000000 mov ecx,4
0042087E . E8 B11FFEFF call 222.00402834
00420883 . EB 31 jmp short 222.004208B6
00420885 > 33C0 xor eax,eax
00420887 . A3 643B4200 mov dword ptr ds:[423B64],eax
0042088C . 8935 683B42>mov dword ptr ds:[423B68],esi
00420892 . A1 243B4200 mov eax,dword ptr ds:[423B24]
00420897 . 2B05 203B42>sub eax,dword ptr ds:[423B20]
0042089D . A3 283B4200 mov dword ptr ds:[423B28],eax
004208A2 . BA 463B4200 mov edx,222.00423B46
004208A7 . B8 203B4200 mov eax,222.00423B20
004208AC . B9 04000000 mov ecx,4
004208B1 . E8 7E1FFEFF call 222.00402834
004208B6 > C705 A43B42>mov dword ptr ds:[423BA4],222.0041>
004208C0 . BA 3C3B4200 mov edx,222.00423B3C
004208C5 . B8 A43B4200 mov eax,222.00423BA4
004208CA . B9 04000000 mov ecx,4
004208CF . E8 601FFEFF call 222.00402834
004208D4 . 33C0 xor eax,eax
004208D6 . A3 143B4200 mov dword ptr ds:[423B14],eax
004208DB . 68 4C0D4200 push 222.00420D4C
004208E0 . FF35 C43D42>push dword ptr ds:[423DC4]
004208E6 . 68 4C0D4200 push 222.00420D4C
004208EB . B8 C43D4200 mov eax,222.00423DC4
004208F0 . BA 03000000 mov edx,3
004208F5 . E8 263DFEFF call 222.00404620
004208FA . A1 CC3D4200 mov eax,dword ptr ds:[423DCC]
004208FF . E8 5C3CFEFF call 222.00404560
00420904 . 85C0 test eax,eax
00420906 . 7E 20 jle short 222.00420928
00420908 . FF35 C43D42>push dword ptr ds:[423DC4]
0042090E . 68 CC0B4200 push 222.00420BCC
00420913 . FF35 CC3D42>push dword ptr ds:[423DCC]
00420919 . B8 C43D4200 mov eax,222.00423DC4
0042091E . BA 03000000 mov edx,3
00420923 . E8 F83CFEFF call 222.00404620
00420928 > BA 58EA4100 mov edx,222.0041EA58
0042092D . 8B0D 4C3B42>mov ecx,dword ptr ds:[423B4C]
00420933 . A1 083B4200 mov eax,dword ptr ds:[423B08]
00420938 . E8 B7D9FFFF call 222.0041E2F4
0042093D . 68 3D094200 push 222.0042093D
00420942 . 8F05 EC4042>pop dword ptr ds:[4240EC]
00420948 . A1 EC404200 mov eax,dword ptr ds:[4240EC]
0042094D . 2B05 E84042>sub eax,dword ptr ds:[4240E8]
00420953 . A3 A03B4200 mov dword ptr ds:[423BA0],eax
00420958 . 8B35 E84042>mov esi,dword ptr ds:[4240E8]
0042095E . 6A 64 push 64 ; /Timeout = 100. ms
00420960 . E8 EBA0FEFF call <jmp.&kernel32.Sleep> ; \Sleep
00420965 . 803D 3A3B42>cmp byte ptr ds:[423B3A],1
0042096C . 76 1C jbe short 222.0042098A
0042096E . 68 583B4200 push 222.00423B58 ; /pThreadId = 222.00423B58
00420973 . 6A 00 push 0 ; |CreationFlags = 0
00420975 . 6A 00 push 0 ; |pThreadParm = NULL
00420977 . 68 C8F64100 push 222.0041F6C8 ; |ThreadFunction = 222.0041F6C8
0042097C . 6A 00 push 0 ; |StackSize = 0
0042097E . 6A 00 push 0 ; |pSecurity = NULL
00420980 . E8 375DFEFF call <jmp.&kernel32.CreateThread> ; \CreateThread
00420985 . A3 703B4200 mov dword ptr ds:[423B70],eax
0042098A > 8B3D A03B42>mov edi,dword ptr ds:[423BA0]
00420990 . 85FF test edi,edi
00420992 . 7E 1C jle short 222.004209B0
00420994 . C705 9C3B42>mov dword ptr ds:[423B9C],1
0042099E > A1 9C3B4200 mov eax,dword ptr ds:[423B9C]
004209A3 . C60406 00 mov byte ptr ds:[esi+eax],0
004209A7 . FF05 9C3B42>inc dword ptr ds:[423B9C]
004209AD . 4F dec edi
004209AE .^ 75 EE jnz short 222.0042099E
004209B0 > B8 D83D4200 mov eax,222.00423DD8
004209B5 . 33C9 xor ecx,ecx
004209B7 . BA FF010000 mov edx,1FF
004209BC . E8 D724FEFF call 222.00402E98
004209C1 . B8 00040000 mov eax,400
004209C6 . E8 051DFEFF call 222.004026D0
004209CB . A3 2C3B4200 mov dword ptr ds:[423B2C],eax
004209D0 . 8B15 2C3B42>mov edx,dword ptr ds:[423B2C]
004209D6 . B9 00040000 mov ecx,400
004209DB . A1 943B4200 mov eax,dword ptr ds:[423B94]
004209E0 . E8 E772FEFF call 222.00407CCC
004209E5 . A1 943B4200 mov eax,dword ptr ds:[423B94]
004209EA . E8 7973FEFF call 222.00407D68
004209EF . C705 AC3B42>mov dword ptr ds:[423BAC],0A
004209F9 . 68 AC3B4200 push 222.00423BAC
004209FE . A1 C43D4200 mov eax,dword ptr ds:[423DC4]
00420A03 . E8 503DFEFF call 222.00404758
00420A08 . 50 push eax
00420A09 . FF15 E44042>call dword ptr ds:[4240E4]
00420A0F . E8 A437FEFF call 222.004041B8
00420A14 . E9 81010000 jmp 222.00420B9A
00420A19 . 6A 40 68 50>ascii "j@hP
B",0
00420A20 . A1 CC3D4200 mov eax,dword ptr ds:[423DCC]
00420A25 . E8 2E3DFEFF call 222.00404758
00420A2A . 50 push eax ; |Text
00420A2B . 6A 00 push 0 ; |hOwner = NULL
00420A2D . E8 B25EFEFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00420A32 . 6A 40 push 40
00420A34 . 68 500D4200 push 222.00420D50
00420A39 . A1 CC3D4200 mov eax,dword ptr ds:[423DCC]
00420A3E . E8 153DFEFF call 222.00404758
00420A43 . 50 push eax ; |Text
00420A44 . 6A 00 push 0 ; |hOwner = NULL
00420A46 . E8 995EFEFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00420A4B . 6A 40 push 40
00420A4D . 68 500D4200 push 222.00420D50
00420A52 . A1 CC3D4200 mov eax,dword ptr ds:[423DCC]
00420A57 . E8 FC3CFEFF call 222.00404758
00420A5C . 50 push eax ; |Text
00420A5D . 6A 00 push 0 ; |hOwner = NULL
00420A5F . E8 805EFEFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00420A64 . 6A 40 push 40
00420A66 . 68 500D4200 push 222.00420D50
00420A6B . A1 CC3D4200 mov eax,dword ptr ds:[423DCC]
00420A70 . E8 E33CFEFF call 222.00404758
00420A75 . 50 push eax ; |Text
00420A76 . 6A 00 push 0 ; |hOwner = NULL
00420A78 . E8 675EFEFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00420A7D . 6A 40 push 40
00420A7F . 68 500D4200 push 222.00420D50
00420A84 . A1 CC3D4200 mov eax,dword ptr ds:[423DCC]
00420A89 . E8 CA3CFEFF call 222.00404758
00420A8E . 50 push eax ; |Text
00420A8F . 6A 00 push 0 ; |hOwner = NULL
00420A91 . E8 4E5EFEFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00420A96 . 6A 40 push 40
00420A98 . 68 500D4200 push 222.00420D50
00420A9D . A1 CC3D4200 mov eax,dword ptr ds:[423DCC]
00420AA2 . E8 B13CFEFF call 222.00404758
00420AA7 . 50 push eax ; |Text
00420AA8 . 6A 00 push 0 ; |hOwner = NULL
00420AAA . E8 355EFEFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00420AAF > 68 AF0A4200 push 222.00420AAF
00420AB4 . 8F05 E84042>pop dword ptr ds:[4240E8]
00420ABA . A1 E8404200 mov eax,dword ptr ds:[4240E8]
00420ABF . 2B05 F04042>sub eax,dword ptr ds:[4240F0]
00420AC5 . A3 A03B4200 mov dword ptr ds:[423BA0],eax
00420ACA . 8B35 F04042>mov esi,dword ptr ds:[4240F0]
00420AD0 . 8B3D A03B42>mov edi,dword ptr ds:[423BA0]
00420AD6 . 85FF test edi,edi
00420AD8 . 7E 1C jle short 222.00420AF6
00420ADA . C705 9C3B42>mov dword ptr ds:[423B9C],1
00420AE4 > A1 9C3B4200 mov eax,dword ptr ds:[423B9C]
00420AE9 . C60406 00 mov byte ptr ds:[esi+eax],0
00420AED . FF05 9C3B42>inc dword ptr ds:[423B9C]
00420AF3 . 4F dec edi
00420AF4 .^ 75 EE jnz short 222.00420AE4
00420AF6 > 33C0 xor eax,eax
00420AF8 . 8AC3 mov al,bl
00420AFA . 83F8 04 cmp eax,4 ; Switch (cases 1..28)
00420AFD . 7F 0D jg short 222.00420B0C
00420AFF . 74 4A je short 222.00420B4B
00420B01 . 48 dec eax
00420B02 . 74 14 je short 222.00420B18
00420B04 . 48 dec eax
00420B05 . 74 22 je short 222.00420B29
00420B07 . 48 dec eax
00420B08 . 74 30 je short 222.00420B3A
00420B0A . EB 70 jmp short 222.00420B7C
00420B0C > 83E8 06 sub eax,6
00420B0F . 74 4B je short 222.00420B5C
00420B11 . 83E8 22 sub eax,22
00420B14 . 74 57 je short 222.00420B6D
00420B16 . EB 64 jmp short 222.00420B7C
00420B18 > B8 CC3D4200 mov eax,222.00423DCC ; Case 1 of switch 00420AFA
00420B1D . BA 600D4200 mov edx,222.00420D60
00420B22 . E8 D537FEFF call 222.004042FC
00420B27 . EB 53 jmp short 222.00420B7C
00420B29 > B8 CC3D4200 mov eax,222.00423DCC ; Case 2 of switch 00420AFA
00420B2E . BA 840D4200 mov edx,222.00420D84
00420B33 . E8 C437FEFF call 222.004042FC
00420B38 . EB 42 jmp short 222.00420B7C
00420B3A > B8 CC3D4200 mov eax,222.00423DCC ; Case 3 of switch 00420AFA
00420B3F . BA B00D4200 mov edx,222.00420DB0
00420B44 . E8 B337FEFF call 222.004042FC
00420B49 . EB 31 jmp short 222.00420B7C
00420B4B > B8 CC3D4200 mov eax,222.00423DCC ; Case 4 of switch 00420AFA
00420B50 . BA D00D4200 mov edx,222.00420DD0
00420B55 . E8 A237FEFF call 222.004042FC
00420B5A . EB 20 jmp short 222.00420B7C
00420B5C > B8 CC3D4200 mov eax,222.00423DCC ; Case 6 of switch 00420AFA
00420B61 . BA F00D4200 mov edx,222.00420DF0
00420B66 . E8 9137FEFF call 222.004042FC
00420B6B . EB 0F jmp short 222.00420B7C
00420B6D > 68 00000005 push 5000000 ; /Timeout = 83886080. ms; Case 28 of switch 00420AFA
00420B72 . E8 D99EFEFF call <jmp.&kernel32.Sleep> ; \Sleep
00420B77 . E8 3C36FEFF call 222.004041B8
00420B7C > 6A 40 push 40 ; Default case of switch 00420AFA
00420B7E . 68 500D4200 push 222.00420D50
00420B83 . A1 CC3D4200 mov eax,dword ptr ds:[423DCC]
00420B88 . E8 CB3BFEFF call 222.00404758
00420B8D . 50 push eax ; |Text
00420B8E . 6A 00 push 0 ; |hOwner = NULL
00420B90 . E8 4F5DFEFF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00420B95 . E8 1E36FEFF call 222.004041B8
00420B9A > 33C0 xor eax,eax
00420B9C . 5A pop edx
00420B9D . 59 pop ecx
00420B9E . 59 pop ecx
00420B9F . 64:8910 mov dword ptr fs:[eax],edx
00420BA2 . 68 BC0B4200 push 222.00420BBC
00420BA7 > 8D45 B0 lea eax,dword ptr ss:[ebp-50]
00420BAA . BA 10000000 mov edx,10
00420BAF . E8 1837FEFF call 222.004042CC
00420BB4 . C3 retn
00420BB5 .^ E9 1631FEFF jmp 222.00403CD0
00420BBA .^ EB EB jmp short 222.00420BA7
00420BBC 5F db 5F ; CHAR '_'
00420BBD 5E db 5E ; CHAR '^'
00420BBE 5B db 5B ; CHAR '['
00420BBF E8 db E8
00420BC0 F4 db F4
00420BC1 35 db 35 ; CHAR '5'
00420BC2 FE db FE
00420BC3 FF db FF
00420BC4 . FFFFFFFF dd FFFFFFFF
00420BC8 . 01000000 dd 00000001
00420BCC . 20 00 ascii " ",0
00420BCE 00 db 00
00420BCF 00 db 00
00420BD0 . FFFFFFFF dd FFFFFFFF
00420BD4 . 01000000 dd 00000001
00420BD8 . 5C 00 ascii "\",0
00420BDA 00 db 00
00420BDB 00 db 00
00420BDC . FFFFFFFF dd FFFFFFFF
00420BE0 . 0C000000 dd 0000000C
00420BE4 . 45 58 50 4C>ascii "EXPLORER.EXE",0
00420BF1 00 db 00
00420BF2 00 db 00
00420BF3 00 db 00
00420BF4 FF db FF
00420BF5 FF db FF
00420BF6 FF db FF
00420BF7 FF db FF
00420BF8 24 db 24 ; CHAR '$'
00420BF9 00 db 00
00420BFA 00 db 00
00420BFB 00 db 00
00420BFC 68 db 68 ; CHAR 'h'
00420BFD C4F04100 dd 222.0041F0C4
00420C01 57 db 57 ; CHAR 'W'
00420C02 E8 db E8
00420C03 85 db 85
00420C04 8F db 8F
00420C05 00 db 00
00420C06 00 db 00
00420C07 59 db 59 ; CHAR 'Y'
00420C08 85 db 85
00420C09 C0 db C0
00420C0A 59 db 59 ; CHAR 'Y'
00420C0B 74 db 74 ; CHAR 't'
00420C0C 18 db 18
00420C0D 85 db 85
00420C0E DB db DB
00420C0F 75 db 75 ; CHAR 'u'
00420C10 22 db 22 ; CHAR '"'
00420C11 68 db 68 ; CHAR 'h'
00420C12 BCF04100 dd 222.0041F0BC
00420C16 E8 db E8
00420C17 21 db 21 ; CHAR '!'
00420C18 1A db 1A
00420C19 00 db 00
00420C1A 00 db 00
00420C1B 59 db 59 ; CHAR 'Y'
00420C1C 85 db 85
00420C1D F6 db F6
00420C1E 74 db 74 ; CHAR 't'
00420C1F 1E db 1E
00420C20 00 db 00
00420C21 00 db 00
00420C22 00 db 00
00420C23 00 db 00
00420C24 . FFFFFFFF dd FFFFFFFF
00420C28 . 09000000 dd 00000009
00420C2C . 76 66 70 36>ascii "vfp6r.dll",0
00420C36 00 db 00
00420C37 00 db 00
00420C38 . FFFFFFFF dd FFFFFFFF
00420C3C . 09000000 dd 00000009
00420C40 . 76 66 70 37>ascii "vfp7r.dll",0
00420C4A 00 db 00
00420C4B 00 db 00
00420C4C . FFFFFFFF dd FFFFFFFF
00420C50 . 09000000 dd 00000009
00420C54 . 76 66 70 38>ascii "vfp8r.dll",0
00420C5E 00 db 00
00420C5F 00 db 00
00420C60 . FFFFFFFF dd FFFFFFFF
00420C64 . 09000000 dd 00000009
00420C68 . 76 66 70 39>ascii "vfp9r.dll",0
00420C72 00 db 00
00420C73 00 db 00
00420C74 . FFFFFFFF dd FFFFFFFF
00420C78 . 33000000 dd 00000033
00420C7C . 43 3A 5C 50>ascii "C:\Program Files"
00420C8C . 5C 43 6F 6D>ascii "\Common Files\Mi"
00420C9C . 63 72 6F 73>ascii "crosoft Shared\V"
00420CAC . 46 50 5C 00>ascii "FP\",0
00420CB0 . FFFFFFFF dd FFFFFFFF
00420CB4 . 15000000 dd 00000015
00420CB8 . 5C 56 69 73>ascii "\VisualFoxProRun"
00420CC8 . 74 69 6D 65>ascii "time.",0
00420CCE 00 db 00
00420CCF 00 db 00
00420CD0 . FFFFFFFF dd FFFFFFFF
00420CD4 . 14000000 dd 00000014
00420CD8 . 5C 53 68 65>ascii "\Shell\Open\Comm"
00420CE8 . 61 6E 64 5C>ascii "and\",0
00420CED 00 db 00
00420CEE 00 db 00
00420CEF 00 db 00
00420CF0 FF db FF
00420CF1 FF db FF
00420CF2 FF db FF
00420CF3 FF db FF
00420CF4 08 db 08
00420CF5 00 db 00
00420CF6 00 db 00
00420CF7 00 db 00
00420CF8 D5 db D5
00420CF9 D2 db D2
00420CFA B2 db B2
00420CFB BB db BB
00420CFC B5 db B5
00420CFD BD db BD
00420CFE A3 db A3
00420CFF BA db BA
00420D00 00 db 00
00420D01 00 db 00
00420D02 00 db 00
00420D03 00 db 00
00420D04 FF db FF
00420D05 FF db FF
00420D06 FF db FF
00420D07 FF db FF
00420D08 1B db 1B
00420D09 00 db 00
00420D0A 00 db 00
00420D0B 00 db 00
00420D0C . 20D4 and ah,dl
00420D0E . CB retf
00420D0F D0 db D0
00420D10 D0 db D0
00420D11 BF db BF
00420D12 E2 db E2
00420D13 CE db CE
00420D14 C4 db C4
00420D15 BC db BC
00420D16 FE db FE
00420D17 A3 db A3
00420D18 AC db AC
00420D19 CE db CE
00420D1A DE db DE
00420D1B B7 db B7
00420D1C . A8 D4 test al,0D4
00420D1E . CB retf
00420D1F D0 db D0
00420D20 D0 db D0
00420D21 . 2C 20 2E 2E>ascii ", ... ",0
00420D28 . 44 6C 6C 57>ascii "DllWinMain",0
00420D33 00 db 00
00420D34 . 4B 45 52 4E>ascii "KERNEL32.DLL",0
00420D41 00 db 00
00420D42 00 db 00
00420D43 00 db 00
00420D44 . FFFFFFFF dd FFFFFFFF
00420D48 . 01000000 dd 00000001
00420D4C . 22 00 ascii """,0
00420D4E 00 db 00
00420D4F 00 db 00
00420D50 20 db 20 ; CHAR ' '
00420D51 CC int3
00420D52 E1 db E1
00420D53 CA db CA
00420D54 BE db BE
00420D55 20 db 20 ; CHAR ' '
00420D56 00 db 00
00420D57 00 db 00
00420D58 FF db FF
00420D59 FF db FF
00420D5A FF db FF
00420D5B FF db FF
00420D5C 1B db 1B
00420D5D 00 db 00
00420D5E 00 db 00
00420D5F 00 db 00
00420D60 20 db 20 ; CHAR ' '
00420D61 B4 db B4
00420D62 F2 db F2
00420D63 B2 db B2
00420D64 BB db BB
00420D65 BF db BF
00420D66 AA db AA
00420D67 CE db CE
00420D68 C4 db C4
00420D69 BC db BC
00420D6A FE db FE
00420D6B A3 db A3
00420D6C AC db AC
00420D6D CE db CE
00420D6E DE db DE
00420D6F B7 db B7
00420D70 . A8 D4 test al,0D4
00420D72 . CB retf
00420D73 D0 db D0
00420D74 D0 db D0
00420D75 . 20 2E 2E 2E>ascii " ... ",0
00420D7C FF db FF
00420D7D FF db FF
00420D7E FF db FF
00420D7F . FF23 jmp dword ptr ds:[ebx]
00420D81 00 db 00
00420D82 00 db 00
00420D83 00 db 00
00420D84 20 db 20 ; CHAR ' '
00420D85 D5 db D5
00420D86 D2 db D2
00420D87 B2 db B2
00420D88 BB db BB
00420D89 B5 db B5
00420D8A BD db BD
00420D8B 2E db 2E ; CHAR '.'
00420D8C 44 db 44 ; CHAR 'D'
00420D8D 4C db 4C ; CHAR 'L'
00420D8E 4C db 4C ; CHAR 'L'
00420D8F CF db CF
00420D90 B5 db B5
00420D91 CD db CD
00420D92 B3 db B3
00420D93 CE db CE
00420D94 C4 db C4
00420D95 BC db BC
00420D96 FE db FE
00420D97 A3 db A3
00420D98 AC db AC
00420D99 CE db CE
00420D9A DE db DE
00420D9B B7 db B7
00420D9C . A8 D4 test al,0D4
00420D9E . CB retf
00420D9F D0 db D0
00420DA0 D0 db D0
00420DA1 . 2C 20 2E 2E>ascii ", ... ",0
00420DA8 FF db FF
00420DA9 FF db FF
00420DAA FF db FF
00420DAB FF db FF
00420DAC 17 db 17
00420DAD 00 db 00
00420DAE 00 db 00
00420DAF 00 db 00
00420DB0 20 db 20 ; CHAR ' '
00420DB1 D7 db D7
00420DB2 B0 db B0
00420DB3 D4 db D4
00420DB4 D8 db D8
00420DB5 44 db 44 ; CHAR 'D'
00420DB6 4C db 4C ; CHAR 'L'
00420DB7 4C db 4C ; CHAR 'L'
00420DB8 CE db CE
00420DB9 C4 db C4
00420DBA BC db BC
00420DBB FE db FE
00420DBC B3 db B3
00420DBD F6 db F6
00420DBE B4 db B4
00420DBF ED db ED
00420DC0 A3 db A3
00420DC1 AC db AC
00420DC2 . 20 2E 2E 2E>ascii " ... ",0
00420DC8 FF db FF
00420DC9 FF db FF
00420DCA FF db FF
00420DCB FF db FF
00420DCC 16 db 16
00420DCD 00 db 00
00420DCE 00 db 00
00420DCF 00 db 00
00420DD0 20 db 20 ; CHAR ' '
00420DD1 CE db CE
00420DD2 DE db DE
00420DD3 B7 db B7
00420DD4 A8 db A8
00420DD5 BD db BD
00420DD6 E2 db E2
00420DD7 D1 db D1
00420DD8 B9 db B9
00420DD9 CB db CB
00420DDA F5 db F5
00420DDB CA db CA
00420DDC FD db FD
00420DDD BE db BE
00420DDE DD db DD
00420DDF . 20 20 2E 2E>ascii " ... ",0
00420DE7 00 db 00
00420DE8 FF db FF
00420DE9 FF db FF
00420DEA FF db FF
00420DEB FF db FF
00420DEC 3E db 3E ; CHAR '>'
00420DED 00 db 00
00420DEE 00 db 00
00420DEF 00 db 00
00420DF0 20 db 20 ; CHAR ' '
00420DF1 C7 db C7
00420DF2 EB db EB
00420DF3 BD db BD
00420DF4 AB db AB
00420DF5 CE db CE
00420DF6 C4 db C4
00420DF7 BC db BC
00420DF8 FE db FE
00420DF9 BF db BF
00420DFA . BD B1B4D6C1 mov ebp,C1D6B4B1
00420DFF . B9 A4D7F7D5 mov ecx,D5F7D7A4
00420E04 . BE BBF2C9E8 mov esi,E8C9F2BB
00420E09 . D6 salc
00420E0A . C3 retn
00420E0B CD db CD
00420E0C . F8 clc
00420E0D . C2 E7C2 retn 0C2E7
00420E10 . B7 BE mov bh,0BE
00420E12 . B6 CE mov dh,0CE
00420E14 . AA stos byte ptr es:[edi]
00420E15 . D2FE sar dh,cl
00420E17 . C9 leave
00420E18 . E4 CD in al,0CD
00420E1A . F8 clc
00420E1B . C2 E7C7 retn 0C7E7
00420E1E FD db FD
00420E1F B6 db B6
00420E20 AF db AF
00420E21 C6 db C6
00420E22 F7 db F7
00420E23 BA db BA
00420E24 F3 db F3
00420E25 D4 db D4
00420E26 D9 db D9
00420E27 D4 db D4
00420E28 . CB retf
00420E29 D0 db D0
00420E2A D0 db D0
00420E2B A3 db A3
00420E2C A1 db A1
00420E2D 20 db 20 ; CHAR ' '
00420E2E 00 db 00
00420E2F 00 db 00
00420E30 00 db 00
00420E31 00 db 00
00420E32 35 db 35 ; CHAR '5'
00420E33 2D db 2D ; CHAR '-'
00420E34 D5 db D5
00420E35 B5 db B5
00420E36 CD db CD
00420E37 57 db 57 ; CHAR 'W'
00420E38 B6 db B6
00420E39 B3 db B3
00420E3A 37 db 37 ; CHAR '7'
00420E3B DD db DD
00420E3C 06 db 06
00420E3D CD db CD
00420E3E 2C db 2C ; CHAR ','
00420E3F 95 db 95
00420E40 4E db 4E ; CHAR 'N'
00420E41 F6 db F6
00420E42 71 db 71 ; CHAR 'q'
00420E43 20 db 20 ; CHAR ' '
00420E44 66 db 66 ; CHAR 'f'
00420E45 6E db 6E ; CHAR 'n'
00420E46 D1 db D1
00420E47 56 db 56 ; CHAR 'V'
00420E48 8A db 8A
00420E49 3B db 3B ; CHAR ';'
00420E4A 5A db 5A ; CHAR 'Z'
00420E4B 7C db 7C ; CHAR '|'
00420E4C 3E db 3E ; CHAR '>'
00420E4D A5 db A5
00420E4E 31 db 31 ; CHAR '1'
00420E4F 9F db 9F
00420E50 6A db 6A ; CHAR 'j'
00420E51 87 db 87
00420E52 91 db 91
00420E53 95 db 95
00420E54 62 db 62 ; CHAR 'b'
00420E55 97 db 97
00420E56 CC int3
00420E57 5B db 5B ; CHAR '['
00420E58 D3 db D3
00420E59 12 db 12
00420E5A 5E db 5E ; CHAR '^'
00420E5B E3 db E3
00420E5C C1 db C1
00420E5D 6D db 6D ; CHAR 'm'
00420E5E 62 db 62 ; CHAR 'b'
00420E5F 96 db 96
00420E60 0E db 0E
00420E61 EB db EB
00420E62 0D db 0D
00420E63 F5 db F5
00420E64 40 db 40 ; CHAR '@'
00420E65 47 db 47 ; CHAR 'G'
00420E66 EC db EC
00420E67 4D db 4D ; CHAR 'M'
00420E68 7D db 7D ; CHAR '}'
00420E69 C1 db C1
00420E6A 13 db 13
00420E6B 45 db 45 ; CHAR 'E'
00420E6C E1 db E1
00420E6D 4D db 4D ; CHAR 'M'
00420E6E 71 db 71 ; CHAR 'q'
00420E6F C7 db C7
00420E70 B8 db B8
00420E71 AE db AE
00420E72 04 db 04
00420E73 9A db 9A
00420E74 41 db 41 ; CHAR 'A'
00420E75 BD db BD
00420E76 9B db 9B
00420E77 86ED xchg ch,ch
00420E79 1D db 1D
00420E7A 59 db 59 ; CHAR 'Y'
00420E7B 05 db 05
00420E7C 61 db 61 ; CHAR 'a'
00420E7D 1F db 1F
00420E7E 31 db 31 ; CHAR '1'
00420E7F BE db BE
00420E80 8F db 8F
00420E81 B1 db B1
00420E82 0A db 0A
00420E83 5A db 5A ; CHAR 'Z'
00420E84 BF db BF
00420E85 71 db 71 ; CHAR 'q'
00420E86 4C db 4C ; CHAR 'L'
00420E87 65 db 65 ; CHAR 'e'
00420E88 5B db 5B ; CHAR '['
00420E89 53 db 53 ; CHAR 'S'
00420E8A EF db EF
00420E8B 4F db 4F ; CHAR 'O'
00420E8C C5 db C5
00420E8D 7C db 7C ; CHAR '|'
00420E8E 6A db 6A ; CHAR 'j'
00420E8F CD db CD
00420E90 AB db AB
00420E91 37 db 37 ; CHAR '7'
00420E92 FC db FC
00420E93 1A db 1A
00420E94 7F db 7F
00420E95 23 db 23 ; CHAR '#'
00420E96 4D db 4D ; CHAR 'M'
00420E97 D6 db D6
00420E98 18 db 18
00420E99 03 db 03
00420E9A 45 db 45 ; CHAR 'E'
00420E9B A6 db A6
00420E9C A5 db A5
00420E9D CF db CF
00420E9E A6 db A6
00420E9F A4 db A4
00420EA0 6B db 6B ; CHAR 'k'
00420EA1 F9 db F9
00420EA2 D1 db D1
00420EA3 5C db 5C ; CHAR '\'
00420EA4 FB db FB
00420EA5 EA db EA
00420EA6 99 db 99
00420EA7 ED db ED
00420EA8 E2 db E2
00420EA9 43 db 43 ; CHAR 'C'
00420EAA 47 db 47 ; CHAR 'G'
00420EAB 72 db 72 ; CHAR 'r'
00420EAC F7 db F7
00420EAD 63 db 63 ; CHAR 'c'
00420EAE 06 db 06
00420EAF DA db DA
00420EB0 . C3 retn
00420EB1 35 db 35 ; CHAR '5'
00420EB2 61 db 61 ; CHAR 'a'
00420EB3 D3 db D3
00420EB4 BB db BB
00420EB5 48 db 48 ; CHAR 'H'
00420EB6 A7 db A7
00420EB7 6D db 6D ; CHAR 'm'
00420EB8 39 db 39 ; CHAR '9'
00420EB9 B8 db B8
00420EBA 33 db 33 ; CHAR '3'
00420EBB 92 db 92
00420EBC 64 db 64 ; CHAR 'd'
00420EBD 71 db 71 ; CHAR 'q'
00420EBE 08 db 08
00420EBF 82 db 82
00420EC0 8C db 8C
00420EC1 BA db BA
00420EC2 40 db 40 ; CHAR '@'
00420EC3 EE db EE
00420EC4 9D db 9D
00420EC5 35 db 35 ; CHAR '5'
00420EC6 37 db 37 ; CHAR '7'
00420EC7 5B db 5B ; CHAR '['
00420EC8 A3 db A3
00420EC9 A6 db A6
00420ECA 65 db 65 ; CHAR 'e'
00420ECB E9 db E9
00420ECC 94 db 94
00420ECD 34 db 34 ; CHAR '4'
00420ECE 61 db 61 ; CHAR 'a'
00420ECF B9 db B9
00420ED0 D5 db D5
00420ED1 FE db FE
00420ED2 88 db 88
00420ED3 6C db 6C ; CHAR 'l'
00420ED4 2B db 2B ; CHAR '+'
00420ED5 31 db 31 ; CHAR '1'
00420ED6 25 db 25 ; CHAR '%'
00420ED7 8F db 8F
00420ED8 0B db 0B
00420ED9 F8 db F8
00420EDA 28 db 28 ; CHAR '('
00420EDB F5 db F5
00420EDC 85 db 85
00420EDD F7 db F7
00420EDE C9 db C9
00420EDF 37 db 37 ; CHAR '7'
00420EE0 32 db 32 ; CHAR '2'
00420EE1 2C db 2C ; CHAR ','
00420EE2 A9 db A9
00420EE3 E7 db E7
00420EE4 E3 db E3
00420EE5 57 db 57 ; CHAR 'W'
00420EE6 39 db 39 ; CHAR '9'
00420EE7 44 db 44 ; CHAR 'D'
00420EE8 03 db 03
00420EE9 59 db 59 ; CHAR 'Y'
00420EEA 86 db 86
00420EEB 56 db 56 ; CHAR 'V'
00420EEC D0 db D0
00420EED 27 db 27 ; CHAR '''
00420EEE CD db CD
00420EEF DC db DC
00420EF0 0C db 0C
00420EF1 31 db 31 ; CHAR '1'
00420EF2 3E db 3E ; CHAR '>'
00420EF3 6D db 6D ; CHAR 'm'
00420EF4 94 db 94
00420EF5 66 db 66 ; CHAR 'f'
00420EF6 F4 db F4
00420EF7 A6 db A6
00420EF8 1D db 1D
00420EF9 3D db 3D ; CHAR '='
00420EFA 1C db 1C
00420EFB 63 db 63 ; CHAR 'c'
00420EFC 06 db 06
00420EFD 5D db 5D ; CHAR ']'
00420EFE 99 db 99
00420EFF 45 db 45 ; CHAR 'E'
00420F00 F0 db F0
00420F01 CD db CD
00420F02 D3 db D3
00420F03 04 db 04
00420F04 A1 db A1
00420F05 D9 db D9
00420F06 66 db 66 ; CHAR 'f'
00420F07 64 db 64 ; CHAR 'd'
00420F08 38 db 38 ; CHAR '8'
00420F09 F8 db F8
00420F0A E0 db E0
00420F0B BB db BB
00420F0C F3 db F3
00420F0D 76 db 76 ; CHAR 'v'
00420F0E D0 db D0
00420F0F 56 db 56 ; CHAR 'V'
00420F10 E4 db E4
00420F11 AA db AA
00420F12 C1 db C1
00420F13 43 db 43 ; CHAR 'C'
00420F14 56 db 56 ; CHAR 'V'
00420F15 F2 db F2
00420F16 F7 db F7
00420F17 3F db 3F ; CHAR '?'
00420F18 D0 db D0
00420F19 C8 db C8
00420F1A FC db FC
00420F1B D0 db D0
00420F1C F8 db F8
00420F1D 9D db 9D
00420F1E 56 db 56 ; CHAR 'V'
00420F1F D0 db D0
00420F20 AF db AF
00420F21 60 db 60 ; CHAR '`'
00420F22 F6 db F6
00420F23 DF db DF
00420F24 3B db 3B ; CHAR ';'
00420F25 CB db CB
00420F26 3D db 3D ; CHAR '='
00420F27 99 db 99
00420F28 51 db 51 ; CHAR 'Q'
00420F29 E7 db E7
00420F2A 98 db 98
00420F2B 7F db 7F
00420F2C 57 db 57 ; CHAR 'W'
00420F2D 60 db 60 ; CHAR '`'
00420F2E 24 db 24 ; CHAR '$'
00420F2F DF db DF
00420F30 31 db 31 ; CHAR '1'
00420F31 8F db 8F
00420F32 C7 db C7
00420F33 3E db 3E ; CHAR '>'
00420F34 5E db 5E ; CHAR '^'
00420F35 67 db 67 ; CHAR 'g'
00420F36 C5 db C5
00420F37 0B db 0B
00420F38 5E db 5E ; CHAR '^'
00420F39 9E db 9E
00420F3A AB db AB
00420F3B 97 db 97
00420F3C 81 db 81
00420F3D BA db BA
00420F3E 13 db 13
00420F3F A6 db A6
00420F40 AA db AA
00420F41 E8 db E8
00420F42 C1 db C1
00420F43 . 60 pushad
00420F44 . E8 00000000 call 222.00420F49
00420F49 $ 5D pop ebp
00420F4A . 81ED 061040>sub ebp,222.00401006
00420F50 . 8D85 561040>lea eax,dword ptr ss:[ebp+401056]
00420F56 . 50 push eax
00420F57 . 64:FF35 000>push dword ptr fs:[0]
00420F5E . 64:8925 000>mov dword ptr fs:[0],esp
00420F65 . CC int3
00420F66 . 90 nop
00420F67 . 64:8F05 000>pop dword ptr fs:[0]
00420F6E . 83C4 04 add esp,4
00420F71 . 74 05 je short 222.00420F78
00420F73 . 75 03 jnz short 222.00420F78
00420F75 . EB 07 jmp short 222.00420F7E
00420F77 . 59 pop ecx
00420F78 > 8D9D 001040>lea ebx,dword ptr ss:[ebp+401000]
00420F7E > 53 push ebx
00420F7F . 5F pop edi
00420F80 . 2BFA sub edi,edx
00420F82 . 57 push edi
00420F83 > 8A03 mov al,byte ptr ds:[ebx]
00420F85 . 3007 xor byte ptr ds:[edi],al
00420F87 . 43 inc ebx
00420F88 . 47 inc edi
00420F89 .^ E2 F8 loopd short 222.00420F83
00420F8B . 58 pop eax
00420F8C . 894424 1C mov dword ptr ss:[esp+1C],eax
00420F90 . 61 popad
00420F91 . FFE0 jmp eax
00420F93 74 db 74 ; CHAR 't'
00420F94 60 db 60 ; CHAR '`'
00420F95 75 db 75 ; CHAR 'u'
00420F96 5E db 5E ; CHAR '^'
00420F97 EB db EB
00420F98 /. 55 push ebp
00420F99 |. 55 push ebp
00420F9A |. 8BEC mov ebp,esp
00420F9C |. 53 push ebx
00420F9D |. 8B45 10 mov eax,dword ptr ss:[ebp+10]
00420FA0 |. 55 push ebp
00420FA1 |. 8B98 B40000>mov ebx,dword ptr ds:[eax+B4]
00420FA7 |. 8BEB mov ebp,ebx
00420FA9 |. 8D9D B91040>lea ebx,dword ptr ss:[ebp+4010B9]
00420FAF |. 8B0B mov ecx,dword ptr ds:[ebx]
00420FB1 |. 8988 A80000>mov dword ptr ds:[eax+A8],ecx
00420FB7 |. 83EB 04 sub ebx,4
00420FBA |. 8B0B mov ecx,dword ptr ds:[ebx]
00420FBC |. 8988 AC0000>mov dword ptr ds:[eax+AC],ecx
00420FC2 |. 5D pop ebp
00420FC3 |. FF80 B80000>inc dword ptr ds:[eax+B8]
00420FC9 |. 33DB xor ebx,ebx
00420FCB |. 8958 04 mov dword ptr ds:[eax+4],ebx
00420FCE |. 8958 08 mov dword ptr ds:[eax+8],ebx
00420FD1 |. 8958 0C mov dword ptr ds:[eax+C],ebx
00420FD4 |. 8958 10 mov dword ptr ds:[eax+10],ebx
00420FD7 |. 8160 14 F00>and dword ptr ds:[eax+14],FFFF0FF0
00420FDE |. C740 18 550>mov dword ptr ds:[eax+18],155
00420FE5 |. C700 170001>mov dword ptr ds:[eax],10017
00420FEB |. B8 00000000 mov eax,0
00420FF0 |. 5B pop ebx
00420FF1 |. C9 leave
00420FF2 \. C2 1000 retn 10
00420FF5 . 58 pop eax
00420FF6 . FFE1 jmp ecx
00420FF8 B5 db B5
00420FF9 00 db 00
00420FFA 00 db 00
00420FFB 00 db 00
00420FFC 6B db 6B ; CHAR 'k'
00420FFD 13 db 13
00420FFE 00 db 00
00420FFF 00 db 00
软件下载地址:ftp://guest:guest@fengqion.3322.org/商宇软件.rar
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
赞赏
|
|
|---|---|
|
|
飘过
|
|
|
有谁能破呀!我出高价学习呀!
QQ:78267988 |
|
|
等着被锁吧。
|
|
|
