00420B2B 90 nop
00420B2C /$ 55 push ebp
00420B2D |. 8BEC mov ebp, esp
00420B2F |. 83C4 D4 add esp, -2C
00420B32 |. B8 F05C5500 mov eax, 00555CF0
00420B37 |. 53 push ebx
00420B38 |. 56 push esi
00420B39 |. 8B5D 08 mov ebx, dword ptr [ebp+8]
00420B3C |. E8 AFC70F00 call 0051D2F0
00420B41 |. C683 41010200>mov byte ptr [ebx+20141], 1
00420B48 |. 83BB 1C010200>cmp dword ptr [ebx+2011C], 0
00420B4F |. 74 11 je short 00420B62
00420B51 |. B0 01 mov al, 1
00420B53 |. 8B55 D8 mov edx, dword ptr [ebp-28]
00420B56 |. 64:8915 00000>mov dword ptr fs:[0], edx
00420B5D |. E9 26010000 jmp 00420C88
00420B62 |> 68 E4010000 push 1E4 ; /Arg1 = 000001E4
00420B67 |. E8 84B40F00 call 0051BFF0 ; \dumped_.0051BFF0
00420B6C |. 59 pop ecx
00420B6D |. 8945 FC mov dword ptr [ebp-4], eax
00420B70 |. 85C0 test eax, eax
00420B72 |. 74 1B je short 00420B8F
00420B74 |. 66:C745 E8 14>mov word ptr [ebp-18], 14
00420B7A |. 8B55 FC mov edx, dword ptr [ebp-4]
00420B7D |. 52 push edx ; /Arg1
00420B7E |. E8 15020200 call 00440D98 ; \dumped_.00440D98
00420B83 |. 59 pop ecx
00420B84 |. 66:C745 E8 08>mov word ptr [ebp-18], 8
00420B8A |. 8B75 FC mov esi, dword ptr [ebp-4]
00420B8D |. EB 03 jmp short 00420B92
00420B8F |> 8B75 FC mov esi, dword ptr [ebp-4]
00420B92 |> 33C0 xor eax, eax
00420B94 |. 89B3 1C010200 mov dword ptr [ebx+2011C], esi
00420B9A |. 8946 04 mov dword ptr [esi+4], eax
00420B9D |. 33D2 xor edx, edx
00420B9F |. 8956 44 mov dword ptr [esi+44], edx
00420BA2 |. 33C9 xor ecx, ecx
00420BA4 |. C746 48 03000>mov dword ptr [esi+48], 3
00420BAB |. 898B 20010200 mov dword ptr [ebx+20120], ecx
00420BB1 |. 33C0 xor eax, eax
00420BB3 |. 8983 28010200 mov dword ptr [ebx+20128], eax
00420BB9 |. 8B83 38010200 mov eax, dword ptr [ebx+20138]
00420BBF |. 85C0 test eax, eax
00420BC1 |. 74 1D je short 00420BE0
00420BC3 |. 8B93 3C010200 mov edx, dword ptr [ebx+2013C]
00420BC9 |. 52 push edx ; /ExitCode
00420BCA |. 50 push eax ; |hThread
00420BCB |. E8 64F31100 call <jmp.&kernel32.TerminateThread> ; \TerminateThread
00420BD0 |. 33C9 xor ecx, ecx
00420BD2 |. 33C0 xor eax, eax
00420BD4 |. 898B 3C010200 mov dword ptr [ebx+2013C], ecx
00420BDA |. 8983 38010200 mov dword ptr [ebx+20138], eax
00420BE0 |> 8D55 D4 lea edx, dword ptr [ebp-2C]
00420BE3 |. 52 push edx ; /pThreadId
00420BE4 |. 6A 00 push 0 ; |CreationFlags = 0
00420BE6 |. 6A 00 push 0 ; |pThreadParm = NULL
00420BE8 |. 68 10B64100 push 0041B610 ; |ThreadFunction = dumped_.0041B610
00420BED |. 6A 00 push 0 ; |StackSize = 0
00420BEF |. 6A 00 push 0 ; |pSecurity = NULL
00420BF1 |. E8 DAF01100 call <jmp.&kernel32.CreateThread> ; \CreateThread
00420BF6 |. 8BF0 mov esi, eax
00420BF8 |. 89B3 38010200 mov dword ptr [ebx+20138], esi
00420BFE |. 85F6 test esi, esi
00420C00 |. 75 25 jnz short 00420C27
00420C02 |. 68 04515500 push 00555104 ; /认证连接线程创建失败!请尝试重启程序。 如果多次发生该情况,请检查系统
00420C07 |. 6A 03 push 3 ; |Arg3 = 00000003
00420C09 |. 6A 00 push 0 ; |Arg2 = 00000000
00420C0B |. A1 B4155500 mov eax, dword ptr [5515B4] ; |
00420C10 |. 50 push eax ; |Arg1 => 00000000
00420C11 |. E8 06B6FFFF call 0041C21C ; \dumped_.0041C21C
00420C16 |. 83C4 10 add esp, 10
00420C19 |. 33C0 xor eax, eax
00420C1B |. 8B55 D8 mov edx, dword ptr [ebp-28]
00420C1E |. 64:8915 00000>mov dword ptr fs:[0], edx
00420C25 |. EB 61 jmp short 00420C88
00420C27 |> 8D8B 3C010200 lea ecx, dword ptr [ebx+2013C]
00420C2D |. 51 push ecx ; /pExitCode
00420C2E |. 8B83 38010200 mov eax, dword ptr [ebx+20138] ; |
00420C34 |. 50 push eax ; |hThread
00420C35 |. E8 3EF11100 call <jmp.&kernel32.GetExitCodeThread>; \GetExitCodeThread
00420C3A |. 85C0 test eax, eax
00420C3C |. 75 26 jnz short 00420C64
00420C3E |. 68 54515500 push 00555154 ; /认证连接线程exitcode获取失败!请尝试重启程序。 如果多次发生该情况,请检查系统
00420C43 |. 6A 03 push 3 ; |Arg3 = 00000003
00420C45 |. 6A 00 push 0 ; |Arg2 = 00000000
00420C47 |. 8B15 B4155500 mov edx, dword ptr [5515B4] ; |
00420C4D |. 52 push edx ; |Arg1 => 00000000
00420C4E |. E8 C9B5FFFF call 0041C21C ; \dumped_.0041C21C
00420C53 |. 83C4 10 add esp, 10
00420C56 |. 33C0 xor eax, eax
00420C58 |. 8B55 D8 mov edx, dword ptr [ebp-28]
00420C5B |. 64:8915 00000>mov dword ptr fs:[0], edx
00420C62 |. EB 24 jmp short 00420C88
00420C64 |> 68 AC515500 push 005551AC ; /认证启动
00420C69 |. 6A 03 push 3 ; |Arg3 = 00000003
00420C6B |. 6A 00 push 0 ; |Arg2 = 00000000
00420C6D |. 8B0D B4155500 mov ecx, dword ptr [5515B4] ; |
00420C73 |. 51 push ecx ; |Arg1 => 00000000
00420C74 |. E8 A3B5FFFF call 0041C21C ; \dumped_.0041C21C
00420C79 |. 83C4 10 add esp, 10
00420C7C |. B0 01 mov al, 1
00420C7E |. 8B55 D8 mov edx, dword ptr [ebp-28]
00420C81 |. 64:8915 00000>mov dword ptr fs:[0], edx
00420C88 |> 5E pop esi
00420C89 |. 5B pop ebx
00420C8A |. 8BE5 mov esp, ebp
00420C8C |. 5D pop ebp
00420C8D \. C3 retn
00420C8E 90 nop
00420C8F 90 nop
00420C90 /$ 55 push ebp
00420C91 |. 8BEC mov ebp, esp
00420C93 |. 81C4 04F0FFFF add esp, -0FFC
00420C99 |. 50 push eax
00420C9A |. 83C4 F0 add esp, -10
00420C9D |. 803D 104C5500>cmp byte ptr [554C10], 0
00420CA4 |. 53 push ebx
00420CA5 |. 56 push esi
00420CA6 |. 57 push edi
00420CA7 |. 8B5D 08 mov ebx, dword ptr [ebp+8]
00420CAA |. 75 1B jnz short 00420CC7
00420CAC |. 80BB 48010200>cmp byte ptr [ebx+20148], 0
00420CB3 |. 74 12 je short 00420CC7
00420CB5 |. 53 push ebx ; /Arg1
00420CB6 |. E8 71FEFFFF call 00420B2C ; \dumped_.00420B2C
00420CBB |. 59 pop ecx
00420CBC |. 84C0 test al, al
00420CBE |. 74 07 je short 00420CC7
00420CC0 |. C605 104C5500>mov byte ptr [554C10], 1
00420CC7 |> E8 36F11100 call <jmp.&kernel32.GetTickCount> ; [GetTickCount
00420CCC |. 8945 FC mov dword ptr [ebp-4], eax
00420CCF |. 8B83 14010200 mov eax, dword ptr [ebx+20114]
00420CD5 |. 85C0 test eax, eax
00420CD7 |. 0F84 D3010000 je 00420EB0
00420CDD |. 8378 08 00 cmp dword ptr [eax+8], 0
00420CE1 |. 0F84 C9010000 je 00420EB0
00420CE7 |. 8B83 1C010200 mov eax, dword ptr [ebx+2011C]
00420CED |. 85C0 test eax, eax
00420CEF |. 0F84 BB010000 je 00420EB0
00420CF5 |. 50 push eax
00420CF6 |. E8 55060200 call 00441350
00420CFB |. 59 pop ecx
00420CFC |. 8B93 1C010200 mov edx, dword ptr [ebx+2011C]
00420D02 |. 52 push edx ; /Arg1
00420D03 |. E8 E8020200 call 00440FF0 ; \dumped_.00440FF0
00420D08 |. 59 pop ecx
00420D09 |. 83F8 02 cmp eax, 2
00420D0C |. 0F85 5D010000 jnz 00420E6F
00420D12 |. 8B4D FC mov ecx, dword ptr [ebp-4]
00420D15 |. 2B8B 20010200 sub ecx, dword ptr [ebx+20120]
00420D1B |. 3B8B 24010200 cmp ecx, dword ptr [ebx+20124]
00420D21 |. 0F86 07010000 jbe 00420E2E
00420D27 |. 8B45 FC mov eax, dword ptr [ebp-4]
00420D2A |. 8983 20010200 mov dword ptr [ebx+20120], eax
00420D30 |. E8 CDF01100 call <jmp.&kernel32.GetTickCount> ; [GetTickCount
00420D35 |. B9 E0930400 mov ecx, 493E0
00420D3A |. 33D2 xor edx, edx
00420D3C |. F7F1 div ecx
00420D3E |. 8993 24010200 mov dword ptr [ebx+20124], edx
00420D44 |. 83BB 14010200>cmp dword ptr [ebx+20114], 0
00420D4B |. 74 0B je short 00420D58
00420D4D |. 8B83 14010200 mov eax, dword ptr [ebx+20114]
00420D53 |. 8B70 08 mov esi, dword ptr [eax+8]
00420D56 |. EB 02 jmp short 00420D5A
00420D58 |> 33F6 xor esi, esi
00420D5A |> 8BFE mov edi, esi
00420D5C |. 68 00100000 push 1000 ; /Arg3 = 00001000
00420D61 |. C1E7 04 shl edi, 4 ; |
00420D64 |. 8D85 F0EFFFFF lea eax, dword ptr [ebp-1010] ; |
00420D6A |. 6A 00 push 0 ; |Arg2 = 00000000
00420D6C |. 50 push eax ; |Arg1
00420D6D |. 81C7 94000000 add edi, 94 ; |
00420D73 |. E8 98C00F00 call 0051CE10 ; \dumped_.0051CE10
00420D78 |. 83C4 0C add esp, 0C
00420D7B |. 8D95 F0EFFFFF lea edx, dword ptr [ebp-1010]
00420D81 |. 8955 F8 mov dword ptr [ebp-8], edx
00420D84 |. 8B4D F8 mov ecx, dword ptr [ebp-8]
00420D87 |. 66:8939 mov word ptr [ecx], di
00420D8A |. 8B45 F8 mov eax, dword ptr [ebp-8]
00420D8D |. 8B93 34010200 mov edx, dword ptr [ebx+20134]
00420D93 |. 8950 48 mov dword ptr [eax+48], edx
00420D96 |. 8B4D F8 mov ecx, dword ptr [ebp-8]
00420D99 |. 8971 44 mov dword ptr [ecx+44], esi
00420D9C |. 8B45 F8 mov eax, dword ptr [ebp-8]
00420D9F |. 8B93 30010200 mov edx, dword ptr [ebx+20130]
00420DA5 |. 8950 4C mov dword ptr [eax+4C], edx
00420DA8 |. 8B4D F8 mov ecx, dword ptr [ebp-8]
00420DAB |. 66:C741 02 00>mov word ptr [ecx+2], 0
00420DB1 |. C745 F4 94000>mov dword ptr [ebp-C], 94
00420DB8 |. 8B83 14010200 mov eax, dword ptr [ebx+20114]
00420DBE |. 8B08 mov ecx, dword ptr [eax]
00420DC0 |. 85C9 test ecx, ecx
00420DC2 |. 74 32 je short 00420DF6
00420DC4 |> 8B41 10 /mov eax, dword ptr [ecx+10]
00420DC7 |. 8D95 F0EFFFFF |lea edx, dword ptr [ebp-1010]
00420DCD |. 0355 F4 |add edx, dword ptr [ebp-C]
00420DD0 |. 8B75 F4 |mov esi, dword ptr [ebp-C]
00420DD3 |. 83C6 10 |add esi, 10
00420DD6 |. 8975 F4 |mov dword ptr [ebp-C], esi
00420DD9 |. 8B30 |mov esi, dword ptr [eax]
00420DDB |. 8932 |mov dword ptr [edx], esi
00420DDD |. 8B70 04 |mov esi, dword ptr [eax+4]
00420DE0 |. 8972 04 |mov dword ptr [edx+4], esi
00420DE3 |. 8B70 08 |mov esi, dword ptr [eax+8]
00420DE6 |. 8972 08 |mov dword ptr [edx+8], esi
00420DE9 |. 8B40 10 |mov eax, dword ptr [eax+10]
00420DEC |. 8942 0C |mov dword ptr [edx+C], eax
00420DEF |. 8B49 04 |mov ecx, dword ptr [ecx+4]
00420DF2 |. 85C9 |test ecx, ecx
00420DF4 |.^ 75 CE \jnz short 00420DC4
00420DF6 |> 8D95 F0EFFFFF lea edx, dword ptr [ebp-1010]
00420DFC |. 52 push edx ; /Arg2
00420DFD |. 53 push ebx ; |Arg1
00420DFE |. E8 09010000 call 00420F0C ; \dumped_.00420F0C
00420E03 |. 83C4 08 add esp, 8
00420E06 |. 8D95 F0EFFFFF lea edx, dword ptr [ebp-1010]
00420E0C |. 6A FF push -1 ; /Arg5 = FFFFFFFF
00420E0E |. 6A 01 push 1 ; |Arg4 = 00000001
00420E10 |. 8B4D F8 mov ecx, dword ptr [ebp-8] ; |
00420E13 |. 0FB701 movzx eax, word ptr [ecx] ; |
00420E16 |. 50 push eax ; |Arg3
00420E17 |. 52 push edx ; |Arg2
00420E18 |. 8B8B 1C010200 mov ecx, dword ptr [ebx+2011C] ; |
00420E1E |. 51 push ecx ; |Arg1
00420E1F |. E8 DC0B0200 call 00441A00 ; \dumped_.00441A00
00420E24 |. 83C4 14 add esp, 14
00420E27 |. C683 41010200>mov byte ptr [ebx+20141], 0
00420E2E |> 8B45 FC mov eax, dword ptr [ebp-4]
00420E31 |. 2B83 28010200 sub eax, dword ptr [ebx+20128]
00420E37 |. 3D 204E0000 cmp eax, 4E20
00420E3C |. 76 31 jbe short 00420E6F
00420E3E |. 66:C745 F0 04>mov word ptr [ebp-10], 4
00420E44 |. 66:C745 F2 01>mov word ptr [ebp-E], 1
00420E4A |. 6A FF push -1 ; /Arg5 = FFFFFFFF
00420E4C |. 6A 01 push 1 ; |Arg4 = 00000001
00420E4E |. 0FB755 F0 movzx edx, word ptr [ebp-10] ; |
00420E52 |. 52 push edx ; |Arg3
00420E53 |. 8D4D F0 lea ecx, dword ptr [ebp-10] ; |
00420E56 |. 51 push ecx ; |Arg2
00420E57 |. 8B83 1C010200 mov eax, dword ptr [ebx+2011C] ; |
00420E5D |. 50 push eax ; |Arg1
00420E5E |. E8 9D0B0200 call 00441A00 ; \dumped_.00441A00
00420E63 |. 83C4 14 add esp, 14
00420E66 |. 8B55 FC mov edx, dword ptr [ebp-4]
00420E69 |. 8993 28010200 mov dword ptr [ebx+20128], edx
00420E6F |> 8B8B 1C010200 mov ecx, dword ptr [ebx+2011C]
00420E75 |. 51 push ecx ; /Arg1
00420E76 |. E8 75010200 call 00440FF0 ; \dumped_.00440FF0
00420E7B |. 59 pop ecx
00420E7C |. 83F8 04 cmp eax, 4
00420E7F |. 75 2F jnz short 00420EB0
00420E81 |. 803D 114C5500>cmp byte ptr [554C11], 0
00420E88 |. 75 26 jnz short 00420EB0
00420E8A |. 68 B5515500 push 005551B5 ; /验证服务器断开链接.....
00420E8F |. 6A 03 push 3 ; |Arg3 = 00000003
00420E91 |. 6A 00 push 0 ; |Arg2 = 00000000
00420E93 |. A1 B4155500 mov eax, dword ptr [5515B4] ; |
00420E98 |. 50 push eax ; |Arg1 => 00000000
00420E99 |. E8 7EB3FFFF call 0041C21C ; \dumped_.0041C21C
00420E9E |. 83C4 10 add esp, 10
00420EA1 |. 33D2 xor edx, edx
00420EA3 |. 8993 44010200 mov dword ptr [ebx+20144], edx
00420EA9 |. C605 114C5500>mov byte ptr [554C11], 1
00420EB0 |> 5F pop edi
00420EB1 |. 5E pop esi
00420EB2 |. 5B pop ebx
00420EB3 |. 8BE5 mov esp, ebp
00420EB5 |. 5D pop ebp
00420EB6 \. C3 retn
00420EB7 90 nop
00420EB8 /$ 55 push ebp
00420EB9 |. 8BEC mov ebp, esp
00420EBB |. 81C4 04F0FFFF add esp, -0FFC
00420EC1 |. 50 push eax
00420EC2 |. 53 push ebx
00420EC3 |. 8B45 0C mov eax, dword ptr [ebp+C]
00420EC6 |. 8B5D 08 mov ebx, dword ptr [ebp+8]
00420EC9 |. 8BD0 mov edx, eax
00420ECB |. 66:837A 02 01 cmp word ptr [edx+2], 1
00420ED0 |. 74 33 je short 00420F05
00420ED2 |. 8B4D 10 mov ecx, dword ptr [ebp+10]
00420ED5 |. 51 push ecx ; /Arg3
00420ED6 |. 50 push eax ; |Arg2
00420ED7 |. 8D85 00F0FFFF lea eax, dword ptr [ebp-1000] ; |
00420EDD |. 50 push eax ; |Arg1
00420EDE |. E8 BDBE0F00 call 0051CDA0 ; \dumped_.0051CDA0
00420EE3 |. 83C4 0C add esp, 0C
00420EE6 |. 8D85 00F0FFFF lea eax, dword ptr [ebp-1000]
00420EEC |. 50 push eax
00420EED |. 53 push ebx
00420EEE |. E8 E1010000 call 004210D4
00420EF3 |. 83C4 08 add esp, 8
00420EF6 |. 8B15 9C4F5900 mov edx, dword ptr [594F9C] ; dumped_._Form_Main
00420EFC |. 8B0A mov ecx, dword ptr [edx]
00420EFE |. 51 push ecx
00420EFF |. E8 707FFEFF call 00408E74
00420F04 |. 59 pop ecx
00420F05 |> 5B pop ebx
00420F06 |. 8BE5 mov esp, ebp
00420F08 |. 5D pop ebp
00420F09 \. C3 retn
00420F0A 90 nop
00420F0B 90 nop
00420F0C /$ 55 push ebp
00420F0D |. 8BEC mov ebp, esp
00420F0F |. 83C4 F0 add esp, -10
00420F12 |. 53 push ebx
00420F13 |. 56 push esi
00420F14 |. 57 push edi
00420F15 |. 8B45 0C mov eax, dword ptr [ebp+C]
00420F18 |. 8945 FC mov dword ptr [ebp-4], eax
00420F1B |> E8 9878FFFF /call 004187B8
00420F20 |. 8BD8 |mov ebx, eax
00420F22 |. 8B45 FC |mov eax, dword ptr [ebp-4]
00420F25 |. 8958 50 |mov dword ptr [eax+50], ebx
00420F28 |. 81FB 00000010 |cmp ebx, 10000000
00420F2E |.^ 76 EB \jbe short 00420F1B
00420F30 |. 8B55 FC mov edx, dword ptr [ebp-4]
00420F33 |. 8B4A 44 mov ecx, dword ptr [edx+44]
00420F36 |. 894D F8 mov dword ptr [ebp-8], ecx
00420F39 |. B9 BC030000 mov ecx, 3BC
00420F3E |. 8B45 FC mov eax, dword ptr [ebp-4]
00420F41 |. 8170 50 EF12B>xor dword ptr [eax+50], 93B712EF
00420F48 |. 8B55 FC mov edx, dword ptr [ebp-4]
00420F4B |. 8B42 4C mov eax, dword ptr [edx+4C]
00420F4E |. 33D2 xor edx, edx
00420F50 |. F7F1 div ecx
00420F52 |. 8B45 FC mov eax, dword ptr [ebp-4]
00420F55 |. 8B4D FC mov ecx, dword ptr [ebp-4]
00420F58 |. 8BFA mov edi, edx
00420F5A |. 8B50 50 mov edx, dword ptr [eax+50]
00420F5D |. 3151 4C xor dword ptr [ecx+4C], edx
00420F60 |. 8B55 FC mov edx, dword ptr [ebp-4]
00420F63 |. 8B04BD 103C55>mov eax, dword ptr [edi*4+553C10]
00420F6A |. 3142 44 xor dword ptr [edx+44], eax
00420F6D |. 8B45 FC mov eax, dword ptr [ebp-4]
00420F70 |. 8B0CBD 203C55>mov ecx, dword ptr [edi*4+553C20]
00420F77 |. 3148 48 xor dword ptr [eax+48], ecx
00420F7A |. 33DB xor ebx, ebx
00420F7C |. 8B45 FC mov eax, dword ptr [ebp-4]
00420F7F |. 8D50 04 lea edx, dword ptr [eax+4]
00420F82 |. 8955 F4 mov dword ptr [ebp-C], edx
00420F85 |> 8B4D F4 /mov ecx, dword ptr [ebp-C]
00420F88 |. 8BF1 |mov esi, ecx
00420F8A |. E8 2978FFFF |call 004187B8
00420F8F |. 8906 |mov dword ptr [esi], eax
00420F91 |. 8D043B |lea eax, dword ptr [ebx+edi]
00420F94 |. 8B1485 F03B55>|mov edx, dword ptr [eax*4+553BF0]
00420F9B |. 3B16 |cmp edx, dword ptr [esi]
00420F9D |.^ 72 E6 |jb short 00420F85
00420F9F |. 43 |inc ebx
00420FA0 |. 8345 F4 04 |add dword ptr [ebp-C], 4
00420FA4 |. 83FB 10 |cmp ebx, 10
00420FA7 |.^ 7C DC \jl short 00420F85
00420FA9 |. 33DB xor ebx, ebx
00420FAB |. 8B45 FC mov eax, dword ptr [ebp-4]
00420FAE |. 8D50 54 lea edx, dword ptr [eax+54]
00420FB1 |. 8955 F0 mov dword ptr [ebp-10], edx
00420FB4 |> 8B4D F0 /mov ecx, dword ptr [ebp-10]
00420FB7 |. 8BF1 |mov esi, ecx
00420FB9 |. E8 FA77FFFF |call 004187B8
00420FBE |. 8D143B |lea edx, dword ptr [ebx+edi]
00420FC1 |. 8906 |mov dword ptr [esi], eax
00420FC3 |. 8B06 |mov eax, dword ptr [esi]
00420FC5 |. 3B0495 303C55>|cmp eax, dword ptr [edx*4+553C30]
00420FCC |.^ 72 E6 |jb short 00420FB4
00420FCE |. 43 |inc ebx
00420FCF |. 8345 F0 04 |add dword ptr [ebp-10], 4
00420FD3 |. 83FB 10 |cmp ebx, 10
00420FD6 |.^ 7C DC \jl short 00420FB4
00420FD8 |. 8B45 FC mov eax, dword ptr [ebp-4]
00420FDB |. 33C9 xor ecx, ecx
00420FDD |. 33DB xor ebx, ebx
00420FDF |. 8D50 04 lea edx, dword ptr [eax+4]
00420FE2 |> 8B02 /mov eax, dword ptr [edx]
00420FE4 |. 83E0 0F |and eax, 0F
00420FE7 |. 03C8 |add ecx, eax
00420FE9 |. 83FB 0F |cmp ebx, 0F
00420FEC |. 74 08 |je short 00420FF6
00420FEE |. 8B42 50 |mov eax, dword ptr [edx+50]
00420FF1 |. 83E0 0F |and eax, 0F
00420FF4 |. 03C8 |add ecx, eax
00420FF6 |> 43 |inc ebx
00420FF7 |. 83C2 04 |add edx, 4
00420FFA |. 83FB 10 |cmp ebx, 10
00420FFD |.^ 7C E3 \jl short 00420FE2
00420FFF |. 8B55 FC mov edx, dword ptr [ebp-4]
00421002 |. 33DB xor ebx, ebx
00421004 |. 8B82 90000000 mov eax, dword ptr [edx+90]
0042100A |. 25 0000FFFF and eax, FFFF0000
0042100F |. 0BC1 or eax, ecx
00421011 |. 8B4D FC mov ecx, dword ptr [ebp-4]
00421014 |. 8BD0 mov edx, eax
00421016 |. 8991 90000000 mov dword ptr [ecx+90], edx
0042101C |. 8B45 FC mov eax, dword ptr [ebp-4]
0042101F |. 3150 44 xor dword ptr [eax+44], edx
00421022 |. 8B55 FC mov edx, dword ptr [ebp-4]
00421025 |. 8B45 FC mov eax, dword ptr [ebp-4]
00421028 |. 8B8A 90000000 mov ecx, dword ptr [edx+90]
0042102E |. 3148 48 xor dword ptr [eax+48], ecx
00421031 |. 33C0 xor eax, eax
00421033 |. 3B5D F8 cmp ebx, dword ptr [ebp-8]
00421036 |. 0F8D 8F000000 jge 004210CB
0042103C |> 8BD3 /mov edx, ebx
0042103E |. C1E2 04 |shl edx, 4
00421041 |. 0355 0C |add edx, dword ptr [ebp+C]
00421044 |. 81C2 94000000 |add edx, 94
0042104A |. 8D0C38 |lea ecx, dword ptr [eax+edi]
0042104D |. 81E1 FF030080 |and ecx, 800003FF
00421053 |. 79 08 |jns short 0042105D
00421055 |. 49 |dec ecx
00421056 |. 81C9 00FCFFFF |or ecx, FFFFFC00
0042105C |. 41 |inc ecx
0042105D |> 8B0C8D F03B55>|mov ecx, dword ptr [ecx*4+553BF0]
00421064 |. 40 |inc eax
00421065 |. 310A |xor dword ptr [edx], ecx
00421067 |. 8D0C38 |lea ecx, dword ptr [eax+edi]
0042106A |. 81E1 FF030080 |and ecx, 800003FF
00421070 |. 79 08 |jns short 0042107A
00421072 |. 49 |dec ecx
00421073 |. 81C9 00FCFFFF |or ecx, FFFFFC00
00421079 |. 41 |inc ecx
0042107A |> 8B0C8D F03B55>|mov ecx, dword ptr [ecx*4+553BF0]
00421081 |. 40 |inc eax
00421082 |. 314A 04 |xor dword ptr [edx+4], ecx
00421085 |. 8D0C38 |lea ecx, dword ptr [eax+edi]
00421088 |. 81E1 FF030080 |and ecx, 800003FF
0042108E |. 79 08 |jns short 00421098
00421090 |. 49 |dec ecx
00421091 |. 81C9 00FCFFFF |or ecx, FFFFFC00
00421097 |. 41 |inc ecx
00421098 |> 8B0C8D F03B55>|mov ecx, dword ptr [ecx*4+553BF0]
0042109F |. 40 |inc eax
004210A0 |. 314A 08 |xor dword ptr [edx+8], ecx
004210A3 |. 8D0C38 |lea ecx, dword ptr [eax+edi]
004210A6 |. 81E1 FF030080 |and ecx, 800003FF
004210AC |. 79 08 |jns short 004210B6
004210AE |. 49 |dec ecx
004210AF |. 81C9 00FCFFFF |or ecx, FFFFFC00
004210B5 |. 41 |inc ecx
004210B6 |> 8B0C8D F03B55>|mov ecx, dword ptr [ecx*4+553BF0]
004210BD |. 314A 0C |xor dword ptr [edx+C], ecx
004210C0 |. 40 |inc eax
004210C1 |. 43 |inc ebx
004210C2 |. 3B5D F8 |cmp ebx, dword ptr [ebp-8]
004210C5 |.^ 0F8C 71FFFFFF \jl 0042103C
004210CB |> 5F pop edi
004210CC |. 5E pop esi
004210CD |. 5B pop ebx
004210CE |. 8BE5 mov esp, ebp
004210D0 |. 5D pop ebp
004210D1 \. C3 retn
004210D2 90 nop
004210D3 90 nop
004210D4 $ 55 push ebp
004210D5 . 8BEC mov ebp, esp
004210D7 . 83C4 F0 add esp, -10
004210DA . 33C0 xor eax, eax
004210DC . 53 push ebx
004210DD . 56 push esi
004210DE . 57 push edi
004210DF . 8945 FC mov dword ptr [ebp-4], eax
004210E2 . 8B55 0C mov edx, dword ptr [ebp+C]
004210E5 . 8955 F8 mov dword ptr [ebp-8], edx
004210E8 . 33D2 xor edx, edx
004210EA . 8B4D F8 mov ecx, dword ptr [ebp-8]
004210ED . 8171 44 31323>xor dword ptr [ecx+44], 88313231
004210F4 . 8B45 F8 mov eax, dword ptr [ebp-8]
004210F7 . B9 BC030000 mov ecx, 3BC
004210FC . 8B40 44 mov eax, dword ptr [eax+44]
004210FF . F7F1 div ecx
00421101 . 8BFA mov edi, edx
00421103 . 8B55 F8 mov edx, dword ptr [ebp-8]
00421106 . 8B04BD 0C3C55>mov eax, dword ptr [edi*4+553C0C]
0042110D . 3142 48 xor dword ptr [edx+48], eax
00421110 . 8B45 F8 mov eax, dword ptr [ebp-8]
00421113 . 8B0CBD 1C3C55>mov ecx, dword ptr [edi*4+553C1C]
0042111A . 3148 4C xor dword ptr [eax+4C], ecx
0042111D . 33F6 xor esi, esi
0042111F . 8B55 F8 mov edx, dword ptr [ebp-8]
00421122 . 8B4A 48 mov ecx, dword ptr [edx+48]
00421125 . 894D F4 mov dword ptr [ebp-C], ecx
00421128 . 33C0 xor eax, eax
0042112A . 8945 F0 mov dword ptr [ebp-10], eax
0042112D . 8B55 F0 mov edx, dword ptr [ebp-10]
00421130 . 3B55 F4 cmp edx, dword ptr [ebp-C]
00421133 . 0F8D FD010000 jge 00421336
00421139 > 8B5D F0 mov ebx, dword ptr [ebp-10]
0042113C . C1E3 02 shl ebx, 2
0042113F . 8D1C5B lea ebx, dword ptr [ebx+ebx*2]
00421142 . 035D 0C add ebx, dword ptr [ebp+C]
00421145 . 81C3 90000000 add ebx, 90
0042114B . 8D043E lea eax, dword ptr [esi+edi]
0042114E . 25 FF030080 and eax, 800003FF
00421153 . 79 07 jns short 0042115C
00421155 . 48 dec eax
00421156 . 0D 00FCFFFF or eax, FFFFFC00
0042115B . 40 inc eax
0042115C > 8B1485 F03B55>mov edx, dword ptr [eax*4+553BF0]
00421163 . 3113 xor dword ptr [ebx], edx
00421165 . 8B0B mov ecx, dword ptr [ebx]
00421167 . 51 push ecx ; /Arg2
00421168 . 8B45 08 mov eax, dword ptr [ebp+8] ; |
0042116B . 50 push eax ; |Arg1
0042116C . E8 87F8FFFF call 004209F8 ; \dumped_.004209F8
00421171 . 83C4 08 add esp, 8
00421174 . 46 inc esi
00421175 . 8D143E lea edx, dword ptr [esi+edi]
00421178 . 81E2 FF030080 and edx, 800003FF
0042117E . 79 08 jns short 00421188
00421180 . 4A dec edx
00421181 . 81CA 00FCFFFF or edx, FFFFFC00
00421187 . 42 inc edx
00421188 > 8B0C95 F03B55>mov ecx, dword ptr [edx*4+553BF0]
0042118F . 46 inc esi
00421190 . 314B 04 xor dword ptr [ebx+4], ecx
00421193 . 8D143E lea edx, dword ptr [esi+edi]
00421196 . 81E2 FF030080 and edx, 800003FF
0042119C . 79 08 jns short 004211A6
0042119E . 4A dec edx
0042119F . 81CA 00FCFFFF or edx, FFFFFC00
004211A5 . 42 inc edx
004211A6 > 8B0C95 F03B55>mov ecx, dword ptr [edx*4+553BF0]
004211AD . 314B 08 xor dword ptr [ebx+8], ecx
004211B0 . 85C0 test eax, eax
004211B2 . 8B55 08 mov edx, dword ptr [ebp+8]
004211B5 . 8B4B 08 mov ecx, dword ptr [ebx+8]
004211B8 . 898A 30010200 mov dword ptr [edx+20130], ecx
004211BE . 74 06 je short 004211C6
004211C0 . 8B53 08 mov edx, dword ptr [ebx+8]
004211C3 . 8950 10 mov dword ptr [eax+10], edx
004211C6 > 46 inc esi
004211C7 . 8B53 04 mov edx, dword ptr [ebx+4]
004211CA . 81FA FF000000 cmp edx, 0FF
004211D0 . 76 19 jbe short 004211EB
004211D2 . 81E2 00FF0000 and edx, 0FF00
004211D8 . C1EA 08 shr edx, 8
004211DB . 85C0 test eax, eax
004211DD . 74 43 je short 00421222
004211DF . 66:8950 0C mov word ptr [eax+C], dx
004211E3 . 66:C740 0E 02>mov word ptr [eax+E], 2
004211E9 . EB 37 jmp short 00421222
004211EB > 8B4B 04 mov ecx, dword ptr [ebx+4]
004211EE . 49 dec ecx ; Switch (cases 1..4)
004211EF . 74 0B je short 004211FC
004211F1 . 49 dec ecx
004211F2 . 74 10 je short 00421204
004211F4 . 49 dec ecx
004211F5 . 74 15 je short 0042120C
004211F7 . 49 dec ecx
004211F8 . 74 1A je short 00421214
004211FA . EB 20 jmp short 0042121C
004211FC > 66:C740 0E 03>mov word ptr [eax+E], 3 ; Case 1 of switch 004211EE
00421202 . EB 1E jmp short 00421222
00421204 > 66:C740 0E 03>mov word ptr [eax+E], 3 ; Case 2 of switch 004211EE
0042120A . EB 16 jmp short 00421222
0042120C > 66:C740 0E 04>mov word ptr [eax+E], 4 ; Case 3 of switch 004211EE
00421212 . EB 0E jmp short 00421222
00421214 > 66:C740 0E 05>mov word ptr [eax+E], 5 ; Case 4 of switch 004211EE
0042121A . EB 06 jmp short 00421222
0042121C > 66:C740 0E 03>mov word ptr [eax+E], 3 ; Default case of switch 004211EE
00421222 > 85C0 test eax, eax
00421224 . 0F84 C5000000 je 004212EF
0042122A . 0FB750 0E movzx edx, word ptr [eax+E]
0042122E . 83FA 05 cmp edx, 5 ; Switch (cases 2..5)
00421231 . 0F87 B8000000 ja 004212EF
00421237 . FF2495 3E1242>jmp dword ptr [edx*4+42123E]
0042123E . EF124200 dd dumped_.004212EF ; 分支表 被用于 00421237
00421242 . EF124200 dd dumped_.004212EF
00421246 . 5B124200 dd dumped_.0042125B
0042124A . 83124200 dd dumped_.00421283
0042124E . A7124200 dd dumped_.004212A7
00421252 . CC124200 dd dumped_.004212CC
00421256 . E9 94000000 jmp 004212EF
0042125B > FF45 FC inc dword ptr [ebp-4] ; Case 2 of switch 0042122E
0042125E . 8B48 08 mov ecx, dword ptr [eax+8]
00421261 . 51 push ecx ; /Arg7
00421262 . 8B0D B4155500 mov ecx, dword ptr [5515B4] ; |
00421268 . 8B50 04 mov edx, dword ptr [eax+4] ; |
0042126B . 52 push edx ; |Arg6
0042126C . 8B00 mov eax, dword ptr [eax] ; |
0042126E . 50 push eax ; |Arg5
0042126F . 68 CD515500 push 005551CD ; |验证成功
00421274 . 6A 01 push 1 ; |Arg3 = 00000001
00421276 . 6A 00 push 0 ; |Arg2 = 00000000
00421278 . 51 push ecx ; |Arg1 => 00000000
00421279 . E8 9EAFFFFF call 0041C21C ; \dumped_.0041C21C
0042127E . 83C4 1C add esp, 1C
00421281 . EB 6C jmp short 004212EF
00421283 > 8B50 08 mov edx, dword ptr [eax+8] ; Case 3 of switch 0042122E
00421286 . 52 push edx ; /Arg7
00421287 . 8B48 04 mov ecx, dword ptr [eax+4] ; |
0042128A . 51 push ecx ; |Arg6
0042128B . 8B00 mov eax, dword ptr [eax] ; |
0042128D . 50 push eax ; |Arg5
0042128E . 68 E6515500 push 005551E6 ; |错误,请核对
00421293 . 6A 03 push 3 ; |Arg3 = 00000003
00421295 . 6A 00 push 0 ; |Arg2 = 00000000
00421297 . A1 B4155500 mov eax, dword ptr [5515B4] ; |
0042129C . 50 push eax ; |Arg1 => 00000000
0042129D . E8 7AAFFFFF call 0041C21C ; \dumped_.0041C21C
004212A2 . 83C4 1C add esp, 1C
004212A5 . EB 48 jmp short 004212EF
004212A7 > 8B50 08 mov edx, dword ptr [eax+8] ; Case 4 of switch 0042122E
004212AA . 52 push edx ; /Arg7
004212AB . 8B15 B4155500 mov edx, dword ptr [5515B4] ; |
004212B1 . 8B48 04 mov ecx, dword ptr [eax+4] ; |
004212B4 . 51 push ecx ; |Arg6
004212B5 . 8B00 mov eax, dword ptr [eax] ; |
004212B7 . 50 push eax ; |Arg5
004212B8 . 68 02525500 push 00555202 ; |在其他机器登陆,请勿在10分钟内重复登陆
004212BD . 6A 03 push 3 ; |Arg3 = 00000003
004212BF . 6A 00 push 0 ; |Arg2 = 00000000
004212C1 . 52 push edx ; |Arg1 => 00000000
004212C2 . E8 55AFFFFF call 0041C21C ; \dumped_.0041C21C
004212C7 . 83C4 1C add esp, 1C
004212CA . EB 23 jmp short 004212EF
004212CC > 8B48 08 mov ecx, dword ptr [eax+8] ; Case 5 of switch 0042122E
004212CF . 51 push ecx ; /Arg7
004212D0 . 8B0D B4155500 mov ecx, dword ptr [5515B4] ; |
004212D6 . 8B50 04 mov edx, dword ptr [eax+4] ; |
004212D9 . 52 push edx ; |Arg6
004212DA . 8B00 mov eax, dword ptr [eax] ; |
004212DC . 50 push eax ; |Arg5
004212DD . 68 38525500 push 00555238 ; |已经过期
004212E2 . 6A 03 push 3 ; |Arg3 = 00000003
004212E4 . 6A 00 push 0 ; |Arg2 = 00000000
004212E6 . 51 push ecx ; |Arg1 => 00000000
004212E7 . E8 30AFFFFF call 0041C21C ; \dumped_.0041C21C
004212EC . 83C4 1C add esp, 1C
004212EF > 8B45 F8 mov eax, dword ptr [ebp-8] ; Default case of switch 0042122E
004212F2 . 8B55 08 mov edx, dword ptr [ebp+8]
004212F5 . 8B40 4C mov eax, dword ptr [eax+4C]
004212F8 . 3B82 2C010200 cmp eax, dword ptr [edx+2012C]
004212FE . 72 0B jb short 0042130B
00421300 . 8B4D 08 mov ecx, dword ptr [ebp+8]
00421303 . 8981 2C010200 mov dword ptr [ecx+2012C], eax
00421309 . EB 1C jmp short 00421327
0042130B > 68 51525500 push 00555251 ; /cycle数据非法
00421310 . 6A 02 push 2 ; |Arg3 = 00000002
00421312 . 6A 00 push 0 ; |Arg2 = 00000000
00421314 . A1 B4155500 mov eax, dword ptr [5515B4] ; |
00421319 . 50 push eax ; |Arg1 => 00000000
0042131A . E8 FDAEFFFF call 0041C21C ; \dumped_.0041C21C
0042131F . 83C4 10 add esp, 10
00421322 . 33D2 xor edx, edx
00421324 . 8955 FC mov dword ptr [ebp-4], edx
00421327 > FF45 F0 inc dword ptr [ebp-10]
0042132A . 8B4D F0 mov ecx, dword ptr [ebp-10]
0042132D . 3B4D F4 cmp ecx, dword ptr [ebp-C]
00421330 .^ 0F8C 03FEFFFF jl 00421139
00421336 > 837D FC 32 cmp dword ptr [ebp-4], 32
0042133A . 7E 07 jle short 00421343
0042133C . C745 FC 32000>mov dword ptr [ebp-4], 32
00421343 > 8B45 08 mov eax, dword ptr [ebp+8]
00421346 . 8B90 44010200 mov edx, dword ptr [eax+20144]
0042134C . 3B55 FC cmp edx, dword ptr [ebp-4]
0042134F . 7E 18 jle short 00421369
00421351 . 68 5F525500 push 0055525F ; /可用数减少,请检查数量及正确性,
00421356 . 6A 03 push 3 ; |Arg3 = 00000003
00421358 . 6A 00 push 0 ; |Arg2 = 00000000
0042135A . 8B0D B4155500 mov ecx, dword ptr [5515B4] ; |
00421360 . 51 push ecx ; |Arg1 => 00000000
00421361 . E8 B6AEFFFF call 0041C21C ; \dumped_.0041C21C
00421366 . 83C4 10 add esp, 10
00421369 > 8B45 08 mov eax, dword ptr [ebp+8]
0042136C . 8B55 FC mov edx, dword ptr [ebp-4]
0042136F . 8990 44010200 mov dword ptr [eax+20144], edx
00421375 . 33C0 xor eax, eax
00421377 . 8B55 F8 mov edx, dword ptr [ebp-8]
0042137A . 83C2 04 add edx, 4
0042137D > 8B1A mov ebx, dword ptr [edx]
0042137F . 8D0C38 lea ecx, dword ptr [eax+edi]
00421382 . 3B1C8D F03B55>cmp ebx, dword ptr [ecx*4+553BF0]
00421389 . 76 05 jbe short 00421390
0042138B . 83C8 FF or eax, FFFFFFFF
0042138E . EB 5F jmp short 004213EF
00421390 > 83F8 0F cmp eax, 0F
00421393 . 74 11 je short 004213A6
00421395 . 8B5A 4C mov ebx, dword ptr [edx+4C]
00421398 . 3B1C8D 303C55>cmp ebx, dword ptr [ecx*4+553C30]
0042139F . 73 05 jnb short 004213A6
004213A1 . 83C8 FF or eax, FFFFFFFF
004213A4 . EB 49 jmp short 004213EF
004213A6 > 40 inc eax
004213A7 . 83C2 04 add edx, 4
004213AA . 83F8 10 cmp eax, 10
004213AD .^ 7C CE jl short 0042137D
004213AF . 33DB xor ebx, ebx
004213B1 . 33C9 xor ecx, ecx
004213B3 . 8B45 F8 mov eax, dword ptr [ebp-8]
004213B6 . 8D50 04 lea edx, dword ptr [eax+4]
004213B9 > 8B02 mov eax, dword ptr [edx]
004213BB . 83E0 0F and eax, 0F
004213BE . 03D8 add ebx, eax
004213C0 . 83F9 0F cmp ecx, 0F
004213C3 . 74 08 je short 004213CD
004213C5 . 8B42 4C mov eax, dword ptr [edx+4C]
004213C8 . 83E0 0F and eax, 0F
004213CB . 03D8 add ebx, eax
004213CD > 41 inc ecx
004213CE . 83C2 04 add edx, 4
004213D1 . 83F9 10 cmp ecx, 10
004213D4 .^ 7C E3 jl short 004213B9
004213D6 . 8B55 F8 mov edx, dword ptr [ebp-8]
004213D9 . 8B82 8C000000 mov eax, dword ptr [edx+8C]
004213DF . 25 FFFF0000 and eax, 0FFFF
004213E4 . 3BC3 cmp eax, ebx
004213E6 . 74 05 je short 004213ED
004213E8 . 83C8 FF or eax, FFFFFFFF
004213EB . EB 02 jmp short 004213EF
004213ED > 33C0 xor eax, eax
004213EF > 5F pop edi
004213F0 . 5E pop esi
004213F1 . 5B pop ebx
004213F2 . 8BE5 mov esp, ebp
004213F4 . 5D pop ebp
004213F5 . C3 retn
004213F6 90 nop
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!