能力值:
( LV12,RANK:2670 )
|
-
-
3 楼
.text:00401000 ;
.text:00401000 ;※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※
.text:00401000 ;※ This file is generated by The Interactive Disassembler (IDA) ※
.text:00401000 ;※ Copyright (c) 2005 by DataRescue sa/nv, <ida@datarescue.com> ※
.text:00401000 ;※ Licensed to: Lennart Reus, 1 user, std, 07/2003 ※
.text:00401000 ;※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※
.text:00401000 ;
.text:00401000 ; 文件名称 : P:\revme_1\revme_1.exe
.text:00401000 ; 格式 : Portable executable for 80386 (PE)
.text:00401000 ; 映象地址 : 400000
.text:00401000 ; 区段 1. (虚拟地址 00001000)
.text:00401000 ; 虚拟地址大小 : 00000242 ( 578.)
.text:00401000 ; 文件区段大小 : 00000400 ( 1024.)
.text:00401000 ; Offset to raw data for section: 00000400
.text:00401000 ; Flags 60000020: Text Executable Readable
.text:00401000 ; Alignment : default
.text:00401000
.text:00401000 .686p
.text:00401000 .mmx
.text:00401000 .model flat
.text:00401000
.text:00401000 ; ###########################################################################
.text:00401000
.text:00401000 ; Segment type: Pure code
.text:00401000 ; Segment permissions: Read/Execute
.text:00401000 _text segment para public 'CODE' use32
.text:00401000 assume cs:_text
.text:00401000 ;org 401000h
.text:00401000 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
.text:00401000
.text:00401000 ; =============== S U B R O U T I N E ?=====================================
.text:00401000
.text:00401000 ; Attributes: bp-based frame
.text:00401000
.text:00401000 ; int __stdcall sub_401000(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam)
.text:00401000 sub_401000 proc near ; DATA XREF: sub_4010A0+24�o
.text:00401000
.text:00401000 hWnd = dword ptr 8
.text:00401000 Msg = dword ptr 0Ch
.text:00401000 wParam = dword ptr 10h
.text:00401000 lParam = dword ptr 14h
.text:00401000
.text:00401000 push ebp
.text:00401001 mov ebp, esp
.text:00401003 push ebx
.text:00401004 push esi
.text:00401005 push edi
.text:00401006 mov eax, [ebp+Msg]
.text:00401009 cmp eax, 111h
.text:0040100E jnz short loc_401048
.text:00401010 cmp [ebp+wParam], 2711h
.text:00401017 jnz short loc_401029
.text:00401019 push 0 ; lParam
.text:0040101B push 0 ; wParam
.text:0040101D push 10h ; Msg
.text:0040101F push [ebp+hWnd] ; hWnd
.text:00401022 call SendMessageA
.text:00401027 jmp short loc_401097
.text:00401029 ; ---------------------------------------------------------------------------
.text:00401029
.text:00401029 loc_401029: ; CODE XREF: sub_401000+17�j
.text:00401029 cmp [ebp+wParam], 2712h
.text:00401030 jnz short loc_401097
.text:00401032 push 0 ; uType
.text:00401034 push offset Caption ; "关于此reverse_me!"
.text:00401039 push offset Text ; "请?
.text:0040103E push [ebp+hWnd] ; hWnd
.text:00401041 call MessageBoxA
.text:00401046 jmp short loc_401097
.text:00401048 ; ---------------------------------------------------------------------------
.text:00401048
.text:00401048 loc_401048: ; CODE XREF: sub_401000+E�j
.text:00401048 cmp eax, 5
.text:0040104B jnz short loc_401069
.text:0040104D push 1 ; bRepaint
.text:0040104F push 0 ; nHeight
.text:00401051 push 0 ; nWidth
.text:00401053 push 0 ; Y
.text:00401055 push 0 ; X
.text:00401057 push hWnd ; hWnd
.text:0040105D call MoveWindow
.text:00401062 nop
.text:00401063 nop
.text:00401064 nop
.text:00401065 nop
.text:00401066 nop
.text:00401067 jmp short loc_401097
.text:00401069 ; ---------------------------------------------------------------------------
.text:00401069
.text:00401069 loc_401069: ; CODE XREF: sub_401000+4B�j
.text:00401069 cmp eax, 10h
.text:0040106C jnz short loc_40107F
.text:0040106E push [ebp+hWnd] ; hWnd
.text:00401071 call DestroyWindow
.text:00401076 push 0 ; nExitCode
.text:00401078 call PostQuitMessage
.text:0040107D jmp short loc_401097
.text:0040107F ; ---------------------------------------------------------------------------
.text:0040107F
.text:0040107F loc_40107F: ; CODE XREF: sub_401000+6C�j
.text:0040107F push [ebp+lParam] ; lParam
.text:00401082 push [ebp+wParam] ; wParam
.text:00401085 push [ebp+Msg] ; Msg
.text:00401088 push [ebp+hWnd] ; hWnd
.text:0040108B call DefWindowProcA
.text:00401090 pop edi
.text:00401091 pop esi
.text:00401092 pop ebx
.text:00401093 leave
.text:00401094 retn 10h
.text:00401097 ; ---------------------------------------------------------------------------
.text:00401097
.text:00401097 loc_401097: ; CODE XREF: sub_401000+27�j
.text:00401097 ; sub_401000+30�j ...
.text:00401097 xor eax, eax
.text:00401099 pop edi
.text:0040109A pop esi
.text:0040109B pop ebx
.text:0040109C leave
.text:0040109D retn 10h
.text:0040109D sub_401000 endp
.text:0040109D
.text:004010A0
.text:004010A0 ; =============== S U B R O U T I N E ?=====================================
.text:004010A0
.text:004010A0 ; Attributes: bp-based frame
.text:004010A0
.text:004010A0 ; int __stdcall sub_4010A0(HINSTANCE hInstance,int,int,int nCmdShow)
.text:004010A0 sub_4010A0 proc near ; CODE XREF: start+18�p
.text:004010A0
.text:004010A0 Msg = MSG ptr -4Ch
.text:004010A0 var_30 = WNDCLASSEXA ptr -30h
.text:004010A0 hInstance = dword ptr 8
.text:004010A0 nCmdShow = dword ptr 14h
.text:004010A0
.text:004010A0 push ebp
.text:004010A1 mov ebp, esp
.text:004010A3 add esp, 0FFFFFFB4h
.text:004010A6 call InitCommonControls
.text:004010AB push 30h
.text:004010AD lea eax, [ebp+var_30]
.text:004010B0 push eax
.text:004010B1 call RtlZeroMemory
.text:004010B6 mov [ebp+var_30.cbSize], 30h
.text:004010BD mov [ebp+var_30.style], 3
.text:004010C4 mov [ebp+var_30.lpfnWndProc], offset sub_401000
.text:004010CB push [ebp+hInstance]
.text:004010CE pop [ebp+var_30.hInstance]
.text:004010D1 push 7F00h ; lpIconName
.text:004010D6 push 0 ; hInstance
.text:004010D8 call LoadIconA
.text:004010DD mov [ebp+var_30.hIcon], eax
.text:004010E0 push 7F00h ; lpCursorName
.text:004010E5 push 0 ; hInstance
.text:004010E7 call LoadCursorA
.text:004010EC mov [ebp+var_30.hCursor], eax
.text:004010EF mov [ebp+var_30.lpszMenuName], 2710h
.text:004010F6 mov [ebp+var_30.hbrBackground], 6
.text:004010FD mov [ebp+var_30.lpszClassName], offset ClassName ; "This is a test program"
.text:00401104 lea eax, [ebp+var_30]
.text:00401107 push eax ; WNDCLASSEXA *
.text:00401108 call RegisterClassExA
.text:0040110D push 0 ; lpParam
.text:0040110F push [ebp+hInstance] ; hInstance
.text:00401112 push 0 ; hMenu
.text:00401114 push 0 ; hWndParent
.text:00401116 push 258h ; nHeight
.text:0040111B push 320h ; nWidth
.text:00401120 push 64h ; Y
.text:00401122 push 64h ; X
.text:00401124 push 0CF0000h ; dwStyle
.text:00401129 push offset WindowName ; "This is a reverse_me"
.text:0040112E push offset ClassName ; "This is a test program"
.text:00401133 push 200h ; dwExStyle
.text:00401138 call CreateWindowExA
.text:0040113D mov hwndParent, eax
.text:00401142 nop
.text:00401143 nop
.text:00401144 nop
.text:00401145 nop
.text:00401146 nop
.text:00401147 push 5DCh ; wID
.text:0040114C push hwndParent ; hwndParent
.text:00401152 push offset szText ; "Statusbar test"
.text:00401157 push 50000010h ; style
.text:0040115C call CreateStatusWindowA
.text:00401161 mov hWnd, eax
.text:00401166 push [ebp+nCmdShow] ; nCmdShow
.text:00401169 push hwndParent ; hWnd
.text:0040116F call ShowWindow
.text:00401174 push hwndParent ; hWnd
.text:0040117A call UpdateWindow
.text:0040117F
.text:0040117F loc_40117F: ; CODE XREF: sub_4010A0+106�j
.text:0040117F push 0 ; wMsgFilterMax
.text:00401181 push 0 ; wMsgFilterMin
.text:00401183 push 0 ; hWnd
.text:00401185 lea eax, [ebp+Msg]
.text:00401188 push eax ; lpMsg
.text:00401189 call GetMessageA
.text:0040118E inc eax
.text:0040118F jz short loc_4011AF
.text:00401191 dec eax
.text:00401192 jz short loc_4011A8
.text:00401194 lea eax, [ebp+Msg]
.text:00401197 push eax ; lpMsg
.text:00401198 call TranslateMessage
.text:0040119D lea eax, [ebp+Msg]
.text:004011A0 push eax ; lpMsg
.text:004011A1 call DispatchMessageA
.text:004011A6 jmp short loc_40117F
.text:004011A8 ; ---------------------------------------------------------------------------
.text:004011A8
.text:004011A8 loc_4011A8: ; CODE XREF: sub_4010A0+F2�j
.text:004011A8 ; sub_4010A0:loc_4011AF�j
.text:004011A8 mov eax, [ebp+Msg.wParam]
.text:004011AB leave
.text:004011AC retn 10h
.text:004011AF ; ---------------------------------------------------------------------------
.text:004011AF
.text:004011AF loc_4011AF: ; CODE XREF: sub_4010A0+EF�j
.text:004011AF jmp short loc_4011A8
.text:004011AF sub_4010A0 endp
.text:004011AF
.text:004011B1
.text:004011B1 ; =============== S U B R O U T I N E ?=====================================
.text:004011B1
.text:004011B1
.text:004011B1 public start
.text:004011B1 start proc near
.text:004011B1 push 0 ; lpModuleName
.text:004011B3 call GetModuleHandleA
.text:004011B8 mov hInstance, eax
.text:004011BD push 1 ; nCmdShow
.text:004011BF push 0 ; int
.text:004011C1 push 0 ; int
.text:004011C3 push hInstance ; hInstance
.text:004011C9 call sub_4010A0
.text:004011CE retn
.text:004011CE start endp
.text:004011CE
.text:004011CE ; ---------------------------------------------------------------------------
.text:004011CF align 10h
.text:004011D0 ; [00000006 BYTES: COLLAPSED FUNCTION GetModuleHandleA. PRESS KEYPAD "+" TO EXPAND]
.text:004011D6 ; [00000006 BYTES: COLLAPSED FUNCTION RtlZeroMemory. PRESS KEYPAD "+" TO EXPAND]
.text:004011DC ; [00000006 BYTES: COLLAPSED FUNCTION CreateWindowExA. PRESS KEYPAD "+" TO EXPAND]
.text:004011E2 ; [00000006 BYTES: COLLAPSED FUNCTION DefWindowProcA. PRESS KEYPAD "+" TO EXPAND]
.text:004011E8 ; [00000006 BYTES: COLLAPSED FUNCTION DestroyWindow. PRESS KEYPAD "+" TO EXPAND]
.text:004011EE ; [00000006 BYTES: COLLAPSED FUNCTION DispatchMessageA. PRESS KEYPAD "+" TO EXPAND]
.text:004011F4 ; [00000006 BYTES: COLLAPSED FUNCTION GetMessageA. PRESS KEYPAD "+" TO EXPAND]
.text:004011FA ; [00000006 BYTES: COLLAPSED FUNCTION LoadCursorA. PRESS KEYPAD "+" TO EXPAND]
.text:00401200 ; [00000006 BYTES: COLLAPSED FUNCTION LoadIconA. PRESS KEYPAD "+" TO EXPAND]
.text:00401206 ; [00000006 BYTES: COLLAPSED FUNCTION MessageBoxA. PRESS KEYPAD "+" TO EXPAND]
.text:0040120C ; [00000006 BYTES: COLLAPSED FUNCTION MoveWindow. PRESS KEYPAD "+" TO EXPAND]
.text:00401212 ; [00000006 BYTES: COLLAPSED FUNCTION PostQuitMessage. PRESS KEYPAD "+" TO EXPAND]
.text:00401218 ; [00000006 BYTES: COLLAPSED FUNCTION RegisterClassExA. PRESS KEYPAD "+" TO EXPAND]
.text:0040121E ; [00000006 BYTES: COLLAPSED FUNCTION SendMessageA. PRESS KEYPAD "+" TO EXPAND]
.text:00401224 ; [00000006 BYTES: COLLAPSED FUNCTION ShowWindow. PRESS KEYPAD "+" TO EXPAND]
.text:0040122A ; [00000006 BYTES: COLLAPSED FUNCTION TranslateMessage. PRESS KEYPAD "+" TO EXPAND]
.text:00401230 ; [00000006 BYTES: COLLAPSED FUNCTION UpdateWindow. PRESS KEYPAD "+" TO EXPAND]
.text:00401236 ; [00000006 BYTES: COLLAPSED FUNCTION CreateStatusWindowA. PRESS KEYPAD "+" TO EXPAND]
.text:0040123C ; [00000006 BYTES: COLLAPSED FUNCTION InitCommonControls. PRESS KEYPAD "+" TO EXPAND]
.text:00401242 align 200h
.text:00401242 _text ends
.text:00401242
.idata:00402000 ; 区段 2. (虚拟地址 00002000)
.idata:00402000 ; 虚拟地址大小 : 000002D8 ( 728.)
.idata:00402000 ; 文件区段大小 : 00000400 ( 1024.)
.idata:00402000 ; Offset to raw data for section: 00000800
.idata:00402000 ; Flags 40000040: Data Readable
.idata:00402000 ; Alignment : default
.idata:00402000 ;
.idata:00402000 ; Imports from comctl32
.idata:00402000 ;
.idata:00402000 ; ###########################################################################
.idata:00402000
.idata:00402000 ; Segment type: Externs
.idata:00402000 ; _idata
.idata:00402000 ; HWND __stdcall __imp_CreateStatusWindowA(LONG style,LPCSTR lpszText,HWND hwndParent,UINT wID)
.idata:00402000 extrn __imp_CreateStatusWindowA:dword
.idata:00402000 ; DATA XREF: CreateStatusWindowA�r
.idata:00402004 ; void _imp_InitCommonControls(void)
.idata:00402004 extrn __imp_InitCommonControls:dword
.idata:00402004 ; DATA XREF: InitCommonControls�r
.idata:00402008
.idata:0040200C ;
.idata:0040200C ; Imports from kernel32
.idata:0040200C ;
.idata:0040200C extrn __imp_RtlZeroMemory:dword ; DATA XREF: RtlZeroMemory�r
.idata:00402010 ; HMODULE __stdcall __imp_GetModuleHandleA(LPCSTR lpModuleName)
.idata:00402010 extrn __imp_GetModuleHandleA:dword
.idata:00402010 ; DATA XREF: GetModuleHandleA�r
.idata:00402014
.idata:00402018 ;
.idata:00402018 ; Imports from user32
.idata:00402018 ;
.idata:00402018 ; LONG __stdcall __imp_DispatchMessageA(const MSG *lpMsg)
.idata:00402018 extrn __imp_DispatchMessageA:dword
.idata:00402018 ; DATA XREF: DispatchMessageA�r
.idata:0040201C ; BOOL __stdcall __imp_GetMessageA(LPMSG lpMsg,HWND hWnd,UINT wMsgFilterMin,UINT wMsgFilterMax)
.idata:0040201C extrn __imp_GetMessageA:dword ; DATA XREF: GetMessageA�r
.idata:00402020 ; HCURSOR __stdcall __imp_LoadCursorA(HINSTANCE hInstance,LPCSTR lpCursorName)
.idata:00402020 extrn __imp_LoadCursorA:dword ; DATA XREF: LoadCursorA�r
.idata:00402024 ; HICON __stdcall __imp_LoadIconA(HINSTANCE hInstance,LPCSTR lpIconName)
.idata:00402024 extrn __imp_LoadIconA:dword ; DATA XREF: LoadIconA�r
.idata:00402028 ; int __stdcall __imp_MessageBoxA(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType)
.idata:00402028 extrn __imp_MessageBoxA:dword ; DATA XREF: MessageBoxA�r
.idata:0040202C ; BOOL __stdcall __imp_DestroyWindow(HWND hWnd)
.idata:0040202C extrn __imp_DestroyWindow:dword ; DATA XREF: DestroyWindow�r
.idata:00402030 ; void __stdcall __imp_PostQuitMessage(int nExitCode)
.idata:00402030 extrn __imp_PostQuitMessage:dword
.idata:00402030 ; DATA XREF: PostQuitMessage�r
.idata:00402034 ; ATOM __stdcall __imp_RegisterClassExA(const WNDCLASSEXA *)
.idata:00402034 extrn __imp_RegisterClassExA:dword
.idata:00402034 ; DATA XREF: RegisterClassExA�r
.idata:00402038 ; LRESULT __stdcall __imp_SendMessageA(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam)
.idata:00402038 extrn __imp_SendMessageA:dword ; DATA XREF: SendMessageA�r
.idata:0040203C ; BOOL __stdcall __imp_ShowWindow(HWND hWnd,int nCmdShow)
.idata:0040203C extrn __imp_ShowWindow:dword ; DATA XREF: ShowWindow�r
.idata:00402040 ; BOOL __stdcall __imp_TranslateMessage(const MSG *lpMsg)
.idata:00402040 extrn __imp_TranslateMessage:dword
.idata:00402040 ; DATA XREF: TranslateMessage�r
.idata:00402044 ; BOOL __stdcall __imp_UpdateWindow(HWND hWnd)
.idata:00402044 extrn __imp_UpdateWindow:dword ; DATA XREF: UpdateWindow�r
.idata:00402048 ; LRESULT __stdcall __imp_DefWindowProcA(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam)
.idata:00402048 extrn __imp_DefWindowProcA:dword
.idata:00402048 ; DATA XREF: DefWindowProcA�r
.idata:0040204C ; HWND __stdcall __imp_CreateWindowExA(DWORD dwExStyle,LPCSTR lpClassName,LPCSTR lpWindowName,DWORD
dwStyle,int X,int Y,int nWidth,int nHeight,HWND hWndParent,HMENU hMenu,HINSTANCE hInstance,LPVOID lpParam)
.idata:0040204C extrn __imp_CreateWindowExA:dword
.idata:0040204C ; DATA XREF: CreateWindowExA�r
.idata:00402050 ; BOOL __stdcall __imp_MoveWindow(HWND hWnd,int X,int Y,int nWidth,int nHeight,BOOL bRepaint)
.idata:00402050 extrn __imp_MoveWindow:dword ; DATA XREF: MoveWindow�r
.idata:00402054
.idata:00402054
.rdata:00402058 ; ###########################################################################
.rdata:00402058
.rdata:00402058 ; Segment type: Pure data
.rdata:00402058 ; Segment permissions: Read
.rdata:00402058 _rdata segment para public 'DATA' use32
.rdata:00402058 assume cs:_rdata
.rdata:00402058 ;org 402058h
.rdata:00402058 ; char szText[]
.rdata:00402058 szText db 'Statusbar test',0 ; DATA XREF: sub_4010A0+B2�o
.rdata:00402067 ; char ClassName[]
.rdata:00402067 ClassName db 'This is a test program',0 ; DATA XREF: sub_4010A0+5D�o
.rdata:00402067 ; sub_4010A0+8E�o
.rdata:0040207E ; char WindowName[]
.rdata:0040207E WindowName db 'This is a reverse_me',0 ; DATA XREF: sub_4010A0+89�o
.rdata:00402093 ; char Text[]
.rdata:00402093 Text db '请? ; DATA XREF: sub_401000+39�o
.rdata:00402096 dd 0D5F8B8FAh, 0B3F6B8E2h, 0D4F2D0CCh, 0D2D3BCF6h, 0B9F6B8BBh
.rdata:00402096 dd 0C0DFBEA4h
.rdata:004020AE db 0B8h, 0
.rdata:004020B0 ; char Caption[]
.rdata:004020B0 Caption db '关于此reverse_me!',0 ; DATA XREF: sub_401000+34�o
.rdata:004020C2 align 4
.rdata:004020C4 db ' !',0
.rdata:004020C7 dd 2 dup(0)
.rdata:004020CF align 10h
.rdata:004020D0 dd 2190h, 200Ch, 212Ch, 2 dup(0)
.rdata:004020E4 dd 2292h, 2018h, 2114h, 2 dup(0)
.rdata:004020F8 dd 22CAh, 2000h, 5 dup(0)
.rdata:00402114 dd 229Eh, 22B4h, 0
.rdata:00402120 dd 2180h, 216Ch, 0
.rdata:0040212C dd 21D2h, 21E6h, 21F4h, 2202h, 220Eh, 21C2h, 222Ah, 223Ch
.rdata:0040212C dd 2250h, 2260h, 226Eh, 2282h, 21B0h, 219Eh, 221Ch, 0
.rdata:0040216C dd 65470109h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 7452020Bh
.rdata:0040216C dd 72655A6Ch, 6D654D6Fh, 79726Fh, 6E72656Bh, 32336C65h
.rdata:0040216C dd 6C6C642Eh, 540000h, 61657243h, 69576574h, 776F646Eh
.rdata:0040216C dd 417845h, 6544007Eh, 6E695766h, 50776F64h, 41636F72h
.rdata:0040216C dd 870000h, 74736544h, 57796F72h, 6F646E69h, 8C0077h, 70736944h
.rdata:0040216C dd 68637461h, 7373654Dh, 41656761h, 1190000h, 4D746547h
.rdata:0040216C dd 61737365h, 416567h, 6F4C0180h, 75436461h, 726F7372h
.rdata:0040216C dd 1840041h, 64616F4Ch, 6E6F6349h, 19D0041h, 7373654Dh
.rdata:0040216C dd 42656761h, 41786Fh, 6F4D01A8h, 69576576h, 776F646Eh
.rdata:0040216C dd 1BF0000h, 74736F50h, 74697551h, 7373654Dh, 656761h
.rdata:0040216C dd 655201C8h, 74736967h, 6C437265h, 45737361h, 4178h, 655301E2h
.rdata:0040216C dd 654D646Eh, 67617373h, 4165h, 6853022Dh, 6957776Fh, 776F646Eh
.rdata:0040216C dd 2420000h, 6E617254h, 74616C73h, 73654D65h, 65676173h
.rdata:0040216C dd 24E0000h, 61647055h, 69576574h, 776F646Eh, 73750000h
.rdata:0040216C dd 32337265h, 6C6C642Eh, 30000h, 61657243h, 74536574h
.rdata:0040216C dd 73757461h, 646E6957h, 41776Fh, 6E49003Eh, 6F437469h
.rdata:0040216C dd 6E6F6D6Dh, 746E6F43h, 736C6F72h, 6F630000h, 6C74636Dh
.rdata:0040216C dd 642E3233h, 6C6Ch, 4Ah dup(0)
.rdata:0040216C _rdata ends
.rdata:0040216C
.data:00403000 ; 区段 3. (虚拟地址 00003000)
.data:00403000 ; 虚拟地址大小 : 0000000C ( 12.)
.data:00403000 ; 文件区段大小 : 00000200 ( 512.)
.data:00403000 ; Offset to raw data for section: 00000C00
.data:00403000 ; Flags C0000040: Data Readable Writable
.data:00403000 ; Alignment : default
.data:00403000 ; ###########################################################################
.data:00403000
.data:00403000 ; Segment type: Pure data
.data:00403000 ; Segment permissions: Read/Write
.data:00403000 _data segment para public 'DATA' use32
.data:00403000 assume cs:_data
.data:00403000 ;org 403000h
.data:00403000 ; HINSTANCE hInstance
.data:00403000 hInstance dd 0 ; DATA XREF: start+7�w
.data:00403000 ; start+12�r
.data:00403004 ; HWND hwndParent
.data:00403004 hwndParent dd 0 ; DATA XREF: sub_4010A0+9D�w
.data:00403004 ; sub_4010A0+AC�r ...
.data:00403008 ; HWND hWnd
.data:00403008 hWnd dd 0 ; DATA XREF: sub_401000+57�r
.data:00403008 ; sub_4010A0+C1�w
.data:0040300C align 200h
.data:0040300C _data ends
.data:0040300C
.rsrc:00404000 ; 区段 4. (虚拟地址 00004000)
.rsrc:00404000 ; 虚拟地址大小 : 00000088 ( 136.)
.rsrc:00404000 ; 文件区段大小 : 00000200 ( 512.)
.rsrc:00404000 ; Offset to raw data for section: 00000E00
.rsrc:00404000 ; Flags 40000040: Data Readable
.rsrc:00404000 ; Alignment : default
.rsrc:00404000 ; ###########################################################################
.rsrc:00404000
.rsrc:00404000 ; Segment type: Pure data
.rsrc:00404000 ; Segment permissions: Read
.rsrc:00404000 _rsrc segment para public 'DATA' use32
.rsrc:00404000 assume cs:_rsrc
.rsrc:00404000 ;org 404000h
.rsrc:00404000 dd 3 dup(0)
.rsrc:0040400C dd 10000h, 4, 80000018h, 3 dup(0)
.rsrc:00404024 dd 10000h, 2710h, 80000030h, 3 dup(0)
.rsrc:0040403C dd 10000h, 409h, 48h, 4060h, 28h, 5 dup(0)
.rsrc:00404064 dd 65870010h, 4EF6h, 27110080h, 51FA9000h, 900000h, 4E8E5173h
.rsrc:00404064 dd 800000h, 51732712h, 4E8Eh, 5Eh dup(0)
.rsrc:00404064 _rsrc ends
.rsrc:00404064
.rsrc:00404064
.rsrc:00404064 end start
|
