[求助]哪位大虾帮我看下,真不看懂了-经典问答-看雪-安全社区|安全招聘|kanxue.com

[求助]哪位大虾帮我看下,真不看懂了

发表于: 2007-3-17 10:43 3320

[求助]哪位大虾帮我看下,真不看懂了

lrlzzgs

活跃值

2007-3-17 10:43

3320

004658BD  |> \6A 01       PUSH 1
004658BF  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
004658C2  |.  E8 D1940000 CALL <JMP.&MFC42D.#5056>
004658C7  |.  85C0       TEST EAX,EAX
004658C9  |.  75 05       JNZ SHORT 000.004658D0
004658CB  |.  E9 0D030000 JMP 000.00465BDD
004658D0  |>  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
004658D3  |.  83C1 68    ADD ECX,68
004658D6  |.  E8 49990000 CALL <JMP.&MFC42D.#2640>
004658DB  |.  83F8 0A    CMP EAX,0A
004658DE  |.  74 13       JE SHORT 000.004658F3
004658E0  |.  6A 00       PUSH 0
004658E2  |.  6A 00       PUSH 0
004658E4  |.  68 CC594C00 PUSH 000.004C59CC                ;  配置代码无效！兼容问题未解决！
004658E9  |.  E8 38940000 CALL <JMP.&MFC42D.#1136>
004658EE  |.  E9 E2020000 JMP 000.00465BD5
004658F3  |>  C745 B8 00000>MOV DWORD PTR SS:[EBP-48],0
004658FA  |.  EB 09       JMP SHORT 000.00465905
004658FC  |>  8B4D B8    /MOV ECX,DWORD PTR SS:[EBP-48]
004658FF  |.  83C1 01    |ADD ECX,1
00465902  |.  894D B8    |MOV DWORD PTR SS:[EBP-48],ECX
00465905  |>  837D B8 0A    CMP DWORD PTR SS:[EBP-48],0A
00465909  |.  7D 1F       |JGE SHORT 000.0046592A
0046590B  |.  8B55 B8    |MOV EDX,DWORD PTR SS:[EBP-48]
0046590E  |.  52          |PUSH EDX
0046590F  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]
00465912  |.  83C1 68    |ADD ECX,68
00465915  |.  E8 54A00000 |CALL <JMP.&MFC42D.#850>
0046591A  |.  0FBEC0       |MOVSX EAX,AL
0046591D  |.  83E8 30    |SUB EAX,30
00465920  |.  8B4D B8    |MOV ECX,DWORD PTR SS:[EBP-48]
00465923  |.  66:89444D BC  |MOV WORD PTR SS:[EBP+ECX*2-44],AX
00465928  |.^ EB D2       \JMP SHORT 000.004658FC
0046592A  |>  66:C745 B4 00>MOV WORD PTR SS:[EBP-4C],0
00465930  |.  66:C745 B0 01>MOV WORD PTR SS:[EBP-50],1
00465936  |.  66:C745 AC 01>MOV WORD PTR SS:[EBP-54],1
0046593C  |.  C745 B8 00000>MOV DWORD PTR SS:[EBP-48],0
00465943  |.  EB 09       JMP SHORT 000.0046594E
00465945  |>  8B55 B8    /MOV EDX,DWORD PTR SS:[EBP-48]
00465948  |.  83C2 01    |ADD EDX,1
0046594B  |.  8955 B8    |MOV DWORD PTR SS:[EBP-48],EDX
0046594E  |>  837D B8 10    CMP DWORD PTR SS:[EBP-48],10
00465952  |.  7D 12       |JGE SHORT 000.00465966
00465954  |.  8B45 B8    |MOV EAX,DWORD PTR SS:[EBP-48]
00465957  |.  66:8B4D B4 |MOV CX,WORD PTR SS:[EBP-4C]
0046595B  |.  66:034C45 D0  |ADD CX,WORD PTR SS:[EBP+EAX*2-30]
00465960  |.  66:894D B4 |MOV WORD PTR SS:[EBP-4C],CX
00465964  |.^ EB DF       \JMP SHORT 000.00465945
00465966  |>  8B45 B4    MOV EAX,DWORD PTR SS:[EBP-4C]
00465969  |.  25 FFFF0000 AND EAX,0FFFF
0046596E  |.  99          CDQ
0046596F  |.  B9 64000000 MOV ECX,64
00465974  |.  F7F9       IDIV ECX
00465976  |.  66:8955 B4 MOV WORD PTR SS:[EBP-4C],DX
0046597A  |.  C745 B8 04000>MOV DWORD PTR SS:[EBP-48],4
00465981  |.  EB 09       JMP SHORT 000.0046598C
00465983  |>  8B55 B8    /MOV EDX,DWORD PTR SS:[EBP-48]
00465986  |.  83C2 01    |ADD EDX,1
00465989  |.  8955 B8    |MOV DWORD PTR SS:[EBP-48],EDX
0046598C  |>  837D B8 0C    CMP DWORD PTR SS:[EBP-48],0C
00465990  |.  7D 21       |JGE SHORT 000.004659B3
00465992  |.  8B45 B8    |MOV EAX,DWORD PTR SS:[EBP-48]
00465995  |.  33C9       |XOR ECX,ECX
00465997  |.  66:8B4C45 D0  |MOV CX,WORD PTR SS:[EBP+EAX*2-30]
0046599C  |.  85C9       |TEST ECX,ECX
0046599E  |.  74 11       |JE SHORT 000.004659B1
004659A0  |.  8B55 B8    |MOV EDX,DWORD PTR SS:[EBP-48]
004659A3  |.  66:8B45 B0 |MOV AX,WORD PTR SS:[EBP-50]
004659A7  |.  66:0FAF4455 D>|IMUL AX,WORD PTR SS:[EBP+EDX*2-30]
004659AD  |.  66:8945 B0 |MOV WORD PTR SS:[EBP-50],AX
004659B1  |>^ EB D0       \JMP SHORT 000.00465983
004659B3  |>  8B45 B0    MOV EAX,DWORD PTR SS:[EBP-50]
004659B6  |.  25 FFFF0000 AND EAX,0FFFF
004659BB  |.  99          CDQ
004659BC  |.  B9 64000000 MOV ECX,64
004659C1  |.  F7F9       IDIV ECX
004659C3  |.  66:8955 B0 MOV WORD PTR SS:[EBP-50],DX
004659C7  |.  C745 B8 00000>MOV DWORD PTR SS:[EBP-48],0
004659CE  |.  EB 09       JMP SHORT 000.004659D9
004659D0  |>  8B55 B8    /MOV EDX,DWORD PTR SS:[EBP-48]
004659D3  |.  83C2 01    |ADD EDX,1
004659D6  |.  8955 B8    |MOV DWORD PTR SS:[EBP-48],EDX
004659D9  |>  837D B8 06    CMP DWORD PTR SS:[EBP-48],6
004659DD  |.  7D 21       |JGE SHORT 000.00465A00
004659DF  |.  8B45 B8    |MOV EAX,DWORD PTR SS:[EBP-48]
004659E2  |.  33C9       |XOR ECX,ECX
004659E4  |.  66:8B4C45 BC  |MOV CX,WORD PTR SS:[EBP+EAX*2-44]
004659E9  |.  85C9       |TEST ECX,ECX
004659EB  |.  74 11       |JE SHORT 000.004659FE
004659ED  |.  8B55 B8    |MOV EDX,DWORD PTR SS:[EBP-48]
004659F0  |.  66:8B45 AC |MOV AX,WORD PTR SS:[EBP-54]
004659F4  |.  66:0FAF4455 B>|IMUL AX,WORD PTR SS:[EBP+EDX*2-44]
004659FA  |.  66:8945 AC |MOV WORD PTR SS:[EBP-54],AX
004659FE  |>^ EB D0       \JMP SHORT 000.004659D0
00465A00  |>  8B45 AC    MOV EAX,DWORD PTR SS:[EBP-54]
00465A03  |.  25 FFFF0000 AND EAX,0FFFF
00465A08  |.  99          CDQ
00465A09  |.  B9 64000000 MOV ECX,64
00465A0E  |.  F7F9       IDIV ECX
00465A10  |.  66:8955 AC MOV WORD PTR SS:[EBP-54],DX
00465A14  |.  8D4D 9C    LEA ECX,DWORD PTR SS:[EBP-64]
00465A17  |.  E8 E0980000 CALL <JMP.&MFC42D.#342>
00465A1C  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00465A23  |.  8B55 BC    MOV EDX,DWORD PTR SS:[EBP-44]
00465A26  |.  81E2 FFFF0000 AND EDX,0FFFF
00465A2C  |.  6BD2 0A    IMUL EDX,EDX,0A
00465A2F  |.  8B45 BE    MOV EAX,DWORD PTR SS:[EBP-42]
00465A32  |.  25 FFFF0000 AND EAX,0FFFF
00465A37  |.  03D0       ADD EDX,EAX
00465A39  |.  8B4D B4    MOV ECX,DWORD PTR SS:[EBP-4C]
00465A3C  |.  81E1 FFFF0000 AND ECX,0FFFF
00465A42  |.  3BD1       CMP EDX,ECX
00465A44  |.  0F85 6E010000 JNZ 000.00465BB8
00465A4A  |.  8B55 C0    MOV EDX,DWORD PTR SS:[EBP-40]
00465A4D  |.  81E2 FFFF0000 AND EDX,0FFFF
00465A53  |.  6BD2 0A    IMUL EDX,EDX,0A
00465A56  |.  8B45 C2    MOV EAX,DWORD PTR SS:[EBP-3E]
00465A59  |.  25 FFFF0000 AND EAX,0FFFF
00465A5E  |.  03D0       ADD EDX,EAX
00465A60  |.  8B4D B0    MOV ECX,DWORD PTR SS:[EBP-50]
00465A63  |.  81E1 FFFF0000 AND ECX,0FFFF
00465A69  |.  3BD1       CMP EDX,ECX
00465A6B  |.  0F85 47010000 JNZ 000.00465BB8
00465A71  |.  8B55 AC    MOV EDX,DWORD PTR SS:[EBP-54]
00465A74  |.  81E2 FFFF0000 AND EDX,0FFFF
00465A7A  |.  8B45 C8    MOV EAX,DWORD PTR SS:[EBP-38]
00465A7D  |.  25 FFFF0000 AND EAX,0FFFF
00465A82  |.  6BC0 0A    IMUL EAX,EAX,0A
00465A85  |.  8B4D CA    MOV ECX,DWORD PTR SS:[EBP-36]
00465A88  |.  81E1 FFFF0000 AND ECX,0FFFF
00465A8E  |.  03C1       ADD EAX,ECX
00465A90  |.  3BD0       CMP EDX,EAX
00465A92  |.  0F85 20010000 JNZ 000.00465BB8
00465A98  |.  8B45 BC    MOV EAX,DWORD PTR SS:[EBP-44]
00465A9B  |.  25 FFFF0000 AND EAX,0FFFF
00465AA0  |.  8B55 BE    MOV EDX,DWORD PTR SS:[EBP-42]
00465AA3  |.  81E2 FFFF0000 AND EDX,0FFFF
00465AA9  |.  03C2       ADD EAX,EDX
00465AAB  |.  8B4D C0    MOV ECX,DWORD PTR SS:[EBP-40]
00465AAE  |.  81E1 FFFF0000 AND ECX,0FFFF
00465AB4  |.  03C1       ADD EAX,ECX
00465AB6  |.  8B55 C2    MOV EDX,DWORD PTR SS:[EBP-3E]
00465AB9  |.  81E2 FFFF0000 AND EDX,0FFFF
00465ABF  |.  03C2       ADD EAX,EDX
00465AC1  |.  8B4D C4    MOV ECX,DWORD PTR SS:[EBP-3C]
00465AC4  |.  81E1 FFFF0000 AND ECX,0FFFF
00465ACA  |.  03C1       ADD EAX,ECX
00465ACC  |.  8B55 C6    MOV EDX,DWORD PTR SS:[EBP-3A]
00465ACF  |.  81E2 FFFF0000 AND EDX,0FFFF
00465AD5  |.  03C2       ADD EAX,EDX
00465AD7  |.  8B4D C8    MOV ECX,DWORD PTR SS:[EBP-38]
00465ADA  |.  81E1 FFFF0000 AND ECX,0FFFF
00465AE0  |.  03C1       ADD EAX,ECX
00465AE2  |.  8B55 CA    MOV EDX,DWORD PTR SS:[EBP-36]
00465AE5  |.  81E2 FFFF0000 AND EDX,0FFFF
00465AEB  |.  03C2       ADD EAX,EDX
00465AED  |.  99          CDQ
00465AEE  |.  B9 64000000 MOV ECX,64
00465AF3  |.  F7F9       IDIV ECX
00465AF5  |.  8B45 CC    MOV EAX,DWORD PTR SS:[EBP-34]
00465AF8  |.  25 FFFF0000 AND EAX,0FFFF
00465AFD  |.  6BC0 0A    IMUL EAX,EAX,0A
00465B00  |.  8B4D CE    MOV ECX,DWORD PTR SS:[EBP-32]
00465B03  |.  81E1 FFFF0000 AND ECX,0FFFF
00465B09  |.  03C1       ADD EAX,ECX
00465B0B  |.  3BD0       CMP EDX,EAX
00465B0D  |.  0F85 A5000000 JNZ 000.00465BB8
00465B13  |.  8B55 C4    MOV EDX,DWORD PTR SS:[EBP-3C]
00465B16  |.  81E2 FFFF0000 AND EDX,0FFFF
00465B1C  |.  6BD2 0A    IMUL EDX,EDX,0A
00465B1F  |.  8B45 C6    MOV EAX,DWORD PTR SS:[EBP-3A]
00465B22  |.  25 FFFF0000 AND EAX,0FFFF
00465B27  |.  03D0       ADD EDX,EAX
00465B29  |.  69D2 D0020000 IMUL EDX,EDX,2D0
00465B2F  |.  66:8955 B4 MOV WORD PTR SS:[EBP-4C],DX
00465B33  |.  8B4D B4    MOV ECX,DWORD PTR SS:[EBP-4C]
00465B36  |.  81E1 FFFF0000 AND ECX,0FFFF
00465B3C  |.  51          PUSH ECX
00465B3D  |.  68 A0000000 PUSH 0A0
00465B42  |.  6A 34       PUSH 34
00465B44  |.  6A 00       PUSH 0
00465B46  |.  B9 A8124D00 MOV ECX,000.004D12A8
00465B4B  |.  E8 E3C2F9FF CALL 000.00401E33
00465B50  |.  83F8 FF    CMP EAX,-1
00465B53  |.  75 53       JNZ SHORT 000.00465BA8
00465B55  |.  8BF4       MOV ESI,ESP
00465B57  |.  6A 64       PUSH 64                               ; /Timeout = 100. ms
00465B59  |.  FF15 F8935000 CALL DWORD PTR DS:[<&KERNEL32.Sleep>] ; \Sleep
00465B5F  |.  3BF4       CMP ESI,ESP
00465B61  |.  E8 20A00000 CALL <JMP.&MSVCRTD._chkesp>
00465B66  |.  8B55 B4    MOV EDX,DWORD PTR SS:[EBP-4C]
00465B69  |.  81E2 FFFF0000 AND EDX,0FFFF
00465B6F  |.  52          PUSH EDX
00465B70  |.  68 A0000000 PUSH 0A0
00465B75  |.  6A 34       PUSH 34
00465B77  |.  6A 00       PUSH 0
00465B79  |.  B9 A8124D00 MOV ECX,000.004D12A8
00465B7E  |.  E8 B0C2F9FF CALL 000.00401E33
00465B83  |.  83F8 FF    CMP EAX,-1
00465B86  |.  75 10       JNZ SHORT 000.00465B98
00465B88  |.  6A 00       PUSH 0
00465B8A  |.  6A 00       PUSH 0
00465B8C  |.  68 B0594C00 PUSH 000.004C59B0                ;  返回信息代码：036590
00465B91  |.  E8 90910000 CALL <JMP.&MFC42D.#1136>
00465B96  |.  EB 0E       JMP SHORT 000.00465BA6
00465B98  |>  6A 00       PUSH 0
00465B9A  |.  6A 00       PUSH 0
00465B9C  |.  68 94594C00 PUSH 000.004C5994                ;  返回信息代码：025578
00465BA1  |.  E8 80910000 CALL <JMP.&MFC42D.#1136>
00465BA6  |>  EB 0E       JMP SHORT 000.00465BB6
00465BA8  |>  6A 00       PUSH 0
00465BAA  |.  6A 00       PUSH 0
00465BAC  |.  68 78594C00 PUSH 000.004C5978                ;  返回信息代码：015578
00465BB1  |.  E8 70910000 CALL <JMP.&MFC42D.#1136>
00465BB6  |>  EB 0E       JMP SHORT 000.00465BC6
00465BB8  |>  6A 00       PUSH 0
00465BBA  |.  6A 00       PUSH 0
00465BBC  |.  68 5C594C00 PUSH 000.004C595C                ;  返回信息代码：045578

[课程]FART 脱壳王！加量不加价！FART作者讲授！

收藏・0

免费・0

支持

分享

最新回复 (2)
kanxue 雪币： 44229 活跃值： (19955) 能力值： (RANK：350 ) 在线值：发帖 2369 回帖 17027 粉丝 528 关注私信	kanxue 8 2 楼请多给些说明，让别人知道你要问什么。现在你的MFC相关函数没显示出来，在OD里（前提你的OD必须有MFC42.Lib，一般OD都有）：调试/选择导入库处理一下，即可得到MFC正常的函数名。 2007-3-17 11:31 0
lrlzzgs 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 34 粉丝 0 关注私信	lrlzzgs 3 楼问题已解决已找出算法了，谢谢了 2007-3-22 10:07 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

返回

lrlzzgs

发帖

回帖

RANK

他的文章

看雪公众号

专注于PC、移动、智能设备安全研究及逆向工程的开发者社区

//