-
-
[旧帖] 网络验证 高手强手进 新手也进来练 0.00雪花
-
发表于: 2007-4-8 12:37
-
我用PIED查了是说没有发现,说明没壳,再用IRIS侦听服务器是这个IP:61.139.126.12.可是用OLLYDBG查却发现连服务器也找不到
代码如下
00401000 /$ 33C0 xor eax, eax
00401002 |. 56 push esi
00401003 |. 50 push eax
00401004 |. 50 push eax
00401005 |. 8BF1 mov esi, ecx
00401007 |. 50 push eax
00401008 |. 6A 01 push 1
0040100A |. 68 F0764300 push 004376F0 ; ASCII "Nimo Software HTTP Retriever 1.0"
0040100F |. 8946 14 mov dword ptr [esi+14], eax
00401012 |. 8946 0C mov dword ptr [esi+C], eax
00401015 |. 8946 10 mov dword ptr [esi+10], eax
00401018 |. 8906 mov dword ptr [esi], eax
0040101A |. 8946 04 mov dword ptr [esi+4], eax
0040101D |. 8946 08 mov dword ptr [esi+8], eax
00401020 |. FF15 10754300 call dword ptr [<&WININET.InternetOpe>; WININET.InternetOpenA
00401026 |. 8906 mov dword ptr [esi], eax
00401028 |. 8BC6 mov eax, esi
0040102A |. 5E pop esi
0040102B \. C3 retn
0040102C CC int3
0040102D CC int3
0040102E CC int3
0040102F CC int3
00401030 > 56 push esi
00401031 . 8BF1 mov esi, ecx
00401033 . 8B46 0C mov eax, dword ptr [esi+C]
00401036 . 85C0 test eax, eax
00401038 . 57 push edi
00401039 . 74 09 je short 00401044
0040103B . 50 push eax
0040103C . E8 F5F90100 call 00420A36
00401041 . 83C4 04 add esp, 4
00401044 > 8B46 10 mov eax, dword ptr [esi+10]
00401047 . 85C0 test eax, eax
00401049 . 74 09 je short 00401054
0040104B . 50 push eax
0040104C . E8 E5F90100 call 00420A36
00401051 . 83C4 04 add esp, 4
00401054 > 8B06 mov eax, dword ptr [esi]
00401056 . 85C0 test eax, eax
00401058 . 8B3D 0C754300 mov edi, dword ptr [<&WININET.Intern>; WININET.InternetCloseHandle
0040105E . 74 03 je short 00401063
00401060 . 50 push eax
00401061 . FFD7 call edi ; <&WININET.InternetCloseHandle>
00401063 > 8B46 04 mov eax, dword ptr [esi+4]
00401066 . 85C0 test eax, eax
00401068 . 74 03 je short 0040106D
0040106A . 50 push eax
0040106B . FFD7 call edi
0040106D > 8B76 08 mov esi, dword ptr [esi+8]
00401070 . 85F6 test esi, esi
00401072 . 74 03 je short 00401077
00401074 . 56 push esi
00401075 . FFD7 call edi
00401077 > 5F pop edi
00401078 . 5E pop esi
00401079 . C3 retn
0040107A CC int3
0040107B CC int3
0040107C CC int3
0040107D CC int3
0040107E CC int3
0040107F CC int3
00401080 /$ 56 push esi
00401081 |. 8BF1 mov esi, ecx
00401083 |. 8B46 04 mov eax, dword ptr [esi+4]
00401086 |. 85C0 test eax, eax
00401088 |. 74 07 je short 00401091
0040108A |. 50 push eax
0040108B |. FF15 0C754300 call dword ptr [<&WININET.InternetClo>; WININET.InternetCloseHandle
00401091 |> 8B4424 08 mov eax, dword ptr [esp+8]
00401095 |. 8B0E mov ecx, dword ptr [esi]
00401097 |. 6A 00 push 0
00401099 |. 6A 09 push 9
0040109B |. 6A 00 push 0
0040109D |. 6A 00 push 0
0040109F |. 50 push eax
004010A0 |. 51 push ecx
004010A1 |. FF15 08754300 call dword ptr [<&WININET.InternetOpe>; WININET.InternetOpenUrlA
004010A7 |. 85C0 test eax, eax
004010A9 |. 8946 04 mov dword ptr [esi+4], eax
004010AC |. 74 06 je short 004010B4
004010AE |. B0 01 mov al, 1
004010B0 |. 5E pop esi
004010B1 |. C2 0400 retn 4
004010B4 |> FF15 A8724300 call dword ptr [<&KERNEL32.GetLastErr>; [GetLastError
004010BA |. 8946 14 mov dword ptr [esi+14], eax
004010BD |. 32C0 xor al, al
004010BF |. 5E pop esi
004010C0 \. C2 0400 retn 4
004010C3 CC int3
004010C4 CC int3
004010C5 CC int3
004010C6 CC int3
004010C7 CC int3
004010C8 CC int3
004010C9 CC int3
004010CA CC int3
004010CB CC int3
004010CC CC int3
004010CD CC int3
004010CE CC int3
004010CF CC int3
004010D0 /$ 81EC 88000000 sub esp, 88
004010D6 |. A1 20554400 mov eax, dword ptr [445520]
004010DB |. 33C4 xor eax, esp
004010DD |. 898424 840000>mov dword ptr [esp+84], eax
004010E4 |. 83BC24 940000>cmp dword ptr [esp+94], -1
004010EC |. 8B8424 900000>mov eax, dword ptr [esp+90]
004010F3 |. 53 push ebx
004010F4 |. 57 push edi
004010F5 |. 8BBC24 940000>mov edi, dword ptr [esp+94]
004010FC |. 8BD9 mov ebx, ecx
004010FE |. 894424 0C mov dword ptr [esp+C], eax
00401102 |. 75 15 jnz short 00401119
00401104 |. 8D50 01 lea edx, dword ptr [eax+1]
00401107 |> 8A08 /mov cl, byte ptr [eax]
00401109 |. 83C0 01 |add eax, 1
0040110C |. 84C9 |test cl, cl
0040110E |.^ 75 F7 \jnz short 00401107
00401110 |. 2BC2 sub eax, edx
00401112 |. 898424 9C0000>mov dword ptr [esp+9C], eax
00401119 |> B8 01000000 mov eax, 1
0040111E |. 55 push ebp
0040111F |. 56 push esi
00401120 |. 33F6 xor esi, esi
00401122 |. 894424 3C mov dword ptr [esp+3C], eax
00401126 |. 894424 58 mov dword ptr [esp+58], eax
0040112A |. 8BC7 mov eax, edi
0040112C |. C74424 28 3C0>mov dword ptr [esp+28], 3C
00401134 |. 897424 2C mov dword ptr [esp+2C], esi
00401138 |. 897424 30 mov dword ptr [esp+30], esi
0040113C |. 897424 38 mov dword ptr [esp+38], esi
00401140 |. 66:897424 40 mov word ptr [esp+40], si
00401145 |. 897424 44 mov dword ptr [esp+44], esi
00401149 |. 897424 48 mov dword ptr [esp+48], esi
0040114D |. 897424 4C mov dword ptr [esp+4C], esi
00401151 |. 897424 50 mov dword ptr [esp+50], esi
00401155 |. 897424 54 mov dword ptr [esp+54], esi
00401159 |. 897424 5C mov dword ptr [esp+5C], esi
0040115D |. 897424 60 mov dword ptr [esp+60], esi
00401161 |. 8D50 01 lea edx, dword ptr [eax+1]
00401164 |> 8A08 /mov cl, byte ptr [eax]
00401166 |. 83C0 01 |add eax, 1
00401169 |. 84C9 |test cl, cl
0040116B |.^ 75 F7 \jnz short 00401164
0040116D |. 8D4C24 28 lea ecx, dword ptr [esp+28]
00401171 |. 51 push ecx
00401172 |. 56 push esi
00401173 |. 2BC2 sub eax, edx
00401175 |. 50 push eax
00401176 |. 57 push edi
00401177 |. FF15 F8744300 call dword ptr [<&WININET.InternetCra>; WININET.InternetCrackUrlA
0040117D |. 8B43 08 mov eax, dword ptr [ebx+8]
00401180 |. 3BC6 cmp eax, esi
00401182 |. 8B3D 0C754300 mov edi, dword ptr [<&WININET.Intern>; WININET.InternetCloseHandle
00401188 |. 74 03 je short 0040118D
0040118A |. 50 push eax
0040118B |. FFD7 call edi ; <&WININET.InternetCloseHandle>
0040118D |> 8B5424 38 mov edx, dword ptr [esp+38]
00401191 |. 52 push edx
00401192 |. E8 2DF90100 call 00420AC4
00401197 |. 8B4C24 40 mov ecx, dword ptr [esp+40]
0040119B |. C60408 00 mov byte ptr [eax+ecx], 0
0040119F |. 8B5424 58 mov edx, dword ptr [esp+58]
004011A3 |. 52 push edx
004011A4 |. 894424 20 mov dword ptr [esp+20], eax
004011A8 |. E8 17F90100 call 00420AC4
004011AD |. 8B4C24 60 mov ecx, dword ptr [esp+60]
004011B1 |. 894424 18 mov dword ptr [esp+18], eax
004011B5 |. C60408 00 mov byte ptr [eax+ecx], 0
004011B9 |. 8B43 04 mov eax, dword ptr [ebx+4]
004011BC |. 83C4 08 add esp, 8
004011BF |. 3BC6 cmp eax, esi
004011C1 |. 74 03 je short 004011C6
004011C3 |. 50 push eax
004011C4 |. FFD7 call edi
004011C6 |> 66:8B6C24 40 mov bp, word ptr [esp+40]
004011CB |. 8B4424 40 mov eax, dword ptr [esp+40]
004011CF |. 6A 00 push 0
004011D1 |. 68 00000004 push 4000000
004011D6 |. 66:83ED 50 sub bp, 50
004011DA |. 6A 03 push 3
004011DC |. 66:F7DD neg bp
004011DF |. 68 4C774300 push 0043774C
004011E4 |. 68 4C774300 push 0043774C
004011E9 |. B9 0C000000 mov ecx, 0C
004011EE |. BE 1C774300 mov esi, 0043771C ; ASCII "Content-Type: application/x-www-form-urlencoded"
004011F3 |. 8D7C24 78 lea edi, dword ptr [esp+78]
004011F7 |. F3:A5 rep movs dword ptr es:[edi], dword p>
004011F9 |. 8B7C24 2C mov edi, dword ptr [esp+2C]
004011FD |. 8B0B mov ecx, dword ptr [ebx]
004011FF |. 50 push eax
00401200 |. 1BED sbb ebp, ebp
00401202 |. 57 push edi
00401203 |. 8D5424 38 lea edx, dword ptr [esp+38]
00401207 |. 81E5 00308000 and ebp, 803000
0040120D |. 51 push ecx
0040120E |. 81C5 00000004 add ebp, 4000000
00401214 |. C74424 3C 2A2>mov dword ptr [esp+3C], 2A2F2A
0040121C |. C74424 44 000>mov dword ptr [esp+44], 0
00401224 |. 895424 40 mov dword ptr [esp+40], edx
00401228 |. FF15 FC744300 call dword ptr [<&WININET.InternetCon>; WININET.InternetConnectA
0040122E |. 8B4C24 10 mov ecx, dword ptr [esp+10]
00401232 |. 6A 00 push 0
00401234 |. 55 push ebp
00401235 |. 8D5424 28 lea edx, dword ptr [esp+28]
00401239 |. 52 push edx
0040123A |. 6A 00 push 0
0040123C |. 6A 00 push 0
0040123E |. 51 push ecx
0040123F |. 68 14774300 push 00437714 ; ASCII "POST"
00401244 |. 50 push eax
00401245 |. 8943 08 mov dword ptr [ebx+8], eax
00401248 |. FF15 00754300 call dword ptr [<&WININET.HttpOpenReq>; WININET.HttpOpenRequestA
0040124E |. 8BF0 mov esi, eax
00401250 |. 8D4C24 64 lea ecx, dword ptr [esp+64]
00401254 |. 8973 04 mov dword ptr [ebx+4], esi
00401257 |. 8D69 01 lea ebp, dword ptr [ecx+1]
0040125A |. 8D9B 00000000 lea ebx, dword ptr [ebx]
00401260 |> 8A01 /mov al, byte ptr [ecx]
00401262 |. 83C1 01 |add ecx, 1
00401265 |. 84C0 |test al, al
00401267 |.^ 75 F7 \jnz short 00401260
00401269 |. 8B9424 A40000>mov edx, dword ptr [esp+A4]
00401270 |. 8B4424 14 mov eax, dword ptr [esp+14]
00401274 |. 52 push edx
00401275 |. 50 push eax
00401276 |. 2BCD sub ecx, ebp
00401278 |. 51 push ecx
00401279 |. 8D4C24 70 lea ecx, dword ptr [esp+70]
0040127D |. 51 push ecx
0040127E |. 56 push esi
0040127F |. FF15 04754300 call dword ptr [<&WININET.HttpSendReq>; WININET.HttpSendRequestA
00401285 |. 85C0 test eax, eax
00401287 |. 5E pop esi
00401288 |. 5D pop ebp
00401289 |. 75 20 jnz short 004012AB
0040128B |. FF15 A8724300 call dword ptr [<&KERNEL32.GetLastErr>; [GetLastError
00401291 |. 57 push edi
00401292 |. 8943 14 mov dword ptr [ebx+14], eax
00401295 |. E8 9CF70100 call 00420A36
0040129A |. 8B5424 0C mov edx, dword ptr [esp+C]
0040129E |. 52 push edx
0040129F |. E8 92F70100 call 00420A36
004012A4 |. 83C4 08 add esp, 8
004012A7 |. 32C0 xor al, al
004012A9 |. EB 15 jmp short 004012C0
004012AB |> 57 push edi
004012AC |. E8 85F70100 call 00420A36
004012B1 |. 8B4424 0C mov eax, dword ptr [esp+C]
004012B5 |. 50 push eax
004012B6 |. E8 7BF70100 call 00420A36
004012BB |. 83C4 08 add esp, 8
004012BE |. B0 01 mov al, 1
004012C0 |> 8B8C24 8C0000>mov ecx, dword ptr [esp+8C]
004012C7 |. 5F pop edi
004012C8 |. 5B pop ebx
004012C9 |. 33CC xor ecx, esp
004012CB |. E8 44F80100 call 00420B14
004012D0 |. 81C4 88000000 add esp, 88
004012D6 \. C2 0C00 retn 0C
004012D9 CC int3
004012DA CC int3
004012DB CC int3
004012DC CC int3
004012DD CC int3
004012DE CC int3
004012DF CC int3
004012E0 . B8 08200000 mov eax, 2008
004012E5 . E8 06FC0100 call 00420EF0
004012EA . A1 20554400 mov eax, dword ptr [445520]
004012EF . 33C4 xor eax, esp
004012F1 . 898424 042000>mov dword ptr [esp+2004], eax
004012F8 . 8B8424 0C2000>mov eax, dword ptr [esp+200C]
004012FF . 85C0 test eax, eax
00401301 . 55 push ebp
00401302 . 8BE9 mov ebp, ecx
00401304 . 8B8C24 182000>mov ecx, dword ptr [esp+2018]
0040130B . 75 21 jnz short 0040132E
0040130D . C745 14 FFFFF>mov dword ptr [ebp+14], -1
00401314 > 33C0 xor eax, eax
00401316 . 5D pop ebp
00401317 . 8B8C24 042000>mov ecx, dword ptr [esp+2004]
0040131E . 33CC xor ecx, esp
00401320 . E8 EFF70100 call 00420B14
00401325 . 81C4 08200000 add esp, 2008
0040132B . C2 1000 retn 10
0040132E > 80BC24 142000>cmp byte ptr [esp+2014], 0
00401336 . 74 2F je short 00401367
00401338 . 8B9424 1C2000>mov edx, dword ptr [esp+201C]
0040133F . 52 push edx ; /Arg3
00401340 . 51 push ecx ; |Arg2
00401341 . 50 push eax ; |Arg1
00401342 . 8BCD mov ecx, ebp ; |
00401344 . E8 87FDFFFF call 004010D0 ; \2.004010D0
00401349 . 84C0 test al, al
0040134B . 75 26 jnz short 00401373
0040134D . 33C0 xor eax, eax
0040134F . 5D pop ebp
00401350 . 8B8C24 042000>mov ecx, dword ptr [esp+2004]
00401357 . 33CC xor ecx, esp
00401359 . E8 B6F70100 call 00420B14
0040135E . 81C4 08200000 add esp, 2008
00401364 . C2 1000 retn 10
00401367 > 50 push eax
00401368 . 8BCD mov ecx, ebp
0040136A . E8 11FDFFFF call 00401080
0040136F . 84C0 test al, al
00401371 .^ 74 A1 je short 00401314
00401373 > 8B45 0C mov eax, dword ptr [ebp+C]
00401376 . 53 push ebx
00401377 . 33DB xor ebx, ebx
00401379 . 85C0 test eax, eax
0040137B . 74 09 je short 00401386
0040137D . 50 push eax
0040137E . E8 B3F60100 call 00420A36
00401383 . 83C4 04 add esp, 4
00401386 > 6A 01 push 1
00401388 . 68 01200000 push 2001
0040138D . E8 11FB0100 call 00420EA3
00401392 . 8B55 04 mov edx, dword ptr [ebp+4]
00401395 . 83C4 08 add esp, 8
00401398 . 8945 0C mov dword ptr [ebp+C], eax
0040139B . 8D4424 08 lea eax, dword ptr [esp+8]
0040139F . 50 push eax
004013A0 . 68 FF1F0000 push 1FFF
004013A5 . 8D4C24 14 lea ecx, dword ptr [esp+14]
004013A9 . 51 push ecx
004013AA . 52 push edx
004013AB . FF15 F4744300 call dword ptr [<&WININET.InternetRea>; WININET.InternetReadFile
004013B1 . 85C0 test eax, eax
004013B3 . 74 7E je short 00401433
004013B5 . 56 push esi
004013B6 . 57 push edi
004013B7 > 8B4424 10 mov eax, dword ptr [esp+10]
004013BB . 85C0 test eax, eax
004013BD . 74 72 je short 00401431
004013BF . C64404 14 00 mov byte ptr [esp+eax+14], 0
004013C4 . 03D8 add ebx, eax
004013C6 . 8B45 0C mov eax, dword ptr [ebp+C]
004013C9 . C60403 00 mov byte ptr [ebx+eax], 0
004013CD . 8D4424 14 lea eax, dword ptr [esp+14]
004013D1 . 8BC8 mov ecx, eax
004013D3 > 8A10 mov dl, byte ptr [eax]
004013D5 . 83C0 01 add eax, 1
004013D8 . 84D2 test dl, dl
004013DA .^ 75 F7 jnz short 004013D3
004013DC . 8B7D 0C mov edi, dword ptr [ebp+C]
004013DF . 2BC1 sub eax, ecx
004013E1 . 8BF1 mov esi, ecx
004013E3 . 83C7 FF add edi, -1
004013E6 > 8A4F 01 mov cl, byte ptr [edi+1]
004013E9 . 83C7 01 add edi, 1
004013EC . 84C9 test cl, cl
004013EE .^ 75 F6 jnz short 004013E6
004013F0 . 8BC8 mov ecx, eax
004013F2 . C1E9 02 shr ecx, 2
004013F5 . F3:A5 rep movs dword ptr es:[edi], dword p>
004013F7 . 8BC8 mov ecx, eax
004013F9 . 83E1 03 and ecx, 3
004013FC . F3:A4 rep movs byte ptr es:[edi], byte ptr>
004013FE . 8B55 0C mov edx, dword ptr [ebp+C]
00401401 . 8D8B 00200000 lea ecx, dword ptr [ebx+2000]
00401407 . 51 push ecx
00401408 . 52 push edx
00401409 . E8 15F70100 call 00420B23
0040140E . 83C4 08 add esp, 8
00401411 . 8945 0C mov dword ptr [ebp+C], eax
00401414 . 8B55 04 mov edx, dword ptr [ebp+4]
00401417 . 8D4424 10 lea eax, dword ptr [esp+10]
0040141B . 50 push eax
0040141C . 68 FF1F0000 push 1FFF
00401421 . 8D4C24 1C lea ecx, dword ptr [esp+1C]
00401425 . 51 push ecx
00401426 . 52 push edx
00401427 . FF15 F4744300 call dword ptr [<&WININET.InternetRea>; WININET.InternetReadFile
0040142D . 85C0 test eax, eax
0040142F .^ 75 86 jnz short 004013B7
00401431 > 5F pop edi
00401432 . 5E pop esi
00401433 > 8B45 0C mov eax, dword ptr [ebp+C]
00401436 . 8B8C24 0C2000>mov ecx, dword ptr [esp+200C]
0040143D . 5B pop ebx
0040143E . 5D pop ebp
0040143F . 33CC xor ecx, esp
00401441 . E8 CEF60100 call 00420B14
00401446 . 81C4 08200000 add esp, 2008
0040144C . C2 1000 retn 10
0040144F CC int3
00401450 . 8B4424 18 mov eax, dword ptr [esp+18]
00401454 . 8B5424 14 mov edx, dword ptr [esp+14]
00401458 . 6A 00 push 0 ; /Arg9 = 00000000
0040145A . 6A 00 push 0 ; |Arg8 = 00000000
0040145C . 6A 00 push 0 ; |Arg7 = 00000000
0040145E . 50 push eax ; |Arg6
0040145F . 8B4424 20 mov eax, dword ptr [esp+20] ; |
00401463 . 52 push edx ; |Arg5
00401464 . 8B5424 20 mov edx, dword ptr [esp+20] ; |
00401468 . 50 push eax ; |Arg4
00401469 . 8B4424 20 mov eax, dword ptr [esp+20] ; |
0040146D . 52 push edx ; |Arg3
0040146E . 50 push eax ; |Arg2
0040146F . 68 B0784300 push 004378B0 ; |Arg1 = 004378B0
00401474 . E8 1FBB0000 call 0040CF98 ; \2.0040CF98
00401479 . C2 1C00 retn 1C
0040147C CC int3
0040147D CC int3
0040147E CC int3
0040147F CC int3
00401480 > E9 D5730000 jmp 0040885A
00401485 CC int3
00401486 CC int3
00401487 CC int3
00401488 CC int3
00401489 CC int3
0040148A CC int3
0040148B CC int3
0040148C CC int3
0040148D CC int3
0040148E CC int3
0040148F CC int3
00401490 . B8 5C774300 mov eax, 0043775C ; ASCII "PwC"
00401495 . C3 retn
00401496 CC int3
00401497 CC int3
00401498 CC int3
00401499 CC int3
0040149A CC int3
0040149B CC int3
0040149C CC int3
0040149D CC int3
0040149E CC int3
0040149F CC int3
004014A0 /$ 8B4424 04 mov eax, dword ptr [esp+4]
004014A4 |. 50 push eax
004014A5 |. E8 3E450000 call 004059E8
004014AA |. 59 pop ecx
004014AB \. C2 0400 retn 4
004014AE CC int3
004014AF CC int3
004014B0 . 8B41 20 mov eax, dword ptr [ecx+20]
004014B3 . 6A 00 push 0 ; /Enable = FALSE
004014B5 . 50 push eax ; |hWnd
004014B6 . FF15 E8744300 call dword ptr [<&USER32.EnableWindow>; \EnableWindow
004014BC . C3 retn
004014BD CC int3
004014BE CC int3
004014BF CC int3
004014C0 . 8B41 20 mov eax, dword ptr [ecx+20]
004014C3 . 6A 01 push 1 ; /Enable = TRUE
004014C5 . 50 push eax ; |hWnd
004014C6 . FF15 E8744300 call dword ptr [<&USER32.EnableWindow>; \EnableWindow
004014CC . C3 retn
004014CD CC int3
004014CE CC int3
004014CF CC int3
004014D0 . 6A FF push -1
004014D2 . 68 AA484300 push 004348AA
004014D7 . 64:A1 0000000>mov eax, dword ptr fs:[0]
004014DD . 50 push eax
004014DE . 51 push ecx
004014DF . 56 push esi
004014E0 . A1 20554400 mov eax, dword ptr [445520]
004014E5 . 33C4 xor eax, esp
004014E7 . 50 push eax
004014E8 . 8D4424 0C lea eax, dword ptr [esp+C]
004014EC . 64:A3 0000000>mov dword ptr fs:[0], eax
004014F2 . 6A 74 push 74
004014F4 . E8 C4440000 call 004059BD
004014F9 . 8BF0 mov esi, eax
004014FB . 83C4 04 add esp, 4
004014FE . 897424 08 mov dword ptr [esp+8], esi
00401502 . 33C0 xor eax, eax
00401504 . 3BF0 cmp esi, eax
00401506 . 894424 14 mov dword ptr [esp+14], eax
0040150A . 74 0F je short 0040151B
0040150C . 8BCE mov ecx, esi
0040150E . E8 A0580000 call 00406DB3
00401513 . C706 7C774300 mov dword ptr [esi], 0043777C
00401519 . 8BC6 mov eax, esi
0040151B > 8B4C24 0C mov ecx, dword ptr [esp+C]
0040151F . 64:890D 00000>mov dword ptr fs:[0], ecx
00401526 . 59 pop ecx
00401527 . 5E pop esi
00401528 . 83C4 10 add esp, 10
0040152B . C3 retn
0040152C CC int3
0040152D CC int3
0040152E CC int3
0040152F CC int3
00401530 . 56 push esi
00401531 . 8BF1 mov esi, ecx
00401533 . E8 22730000 call 0040885A
00401538 . F64424 08 01 test byte ptr [esp+8], 1
0040153D . 74 09 je short 00401548
0040153F . 56 push esi
00401540 . E8 A3440000 call 004059E8
00401545 . 83C4 04 add esp, 4
00401548 > 8BC6 mov eax, esi
0040154A . 5E pop esi
0040154B . C2 0400 retn 4
0040154E CC int3
0040154F CC int3
00401550 /$ 8D41 0C lea eax, dword ptr [ecx+C]
00401553 |. 83CA FF or edx, FFFFFFFF
00401556 |. F0:0FC110 lock xadd dword ptr [eax], edx
0040155A |. 4A dec edx
0040155B |. 85D2 test edx, edx
0040155D |. 7F 0C jg short 0040156B
0040155F |. 8B01 mov eax, dword ptr [ecx]
00401561 |. 8B10 mov edx, dword ptr [eax]
00401563 |. 51 push ecx
00401564 |. 8BC8 mov ecx, eax
00401566 |. 8B42 04 mov eax, dword ptr [edx+4]
00401569 |. FFD0 call eax
0040156B \> C3 retn
0040156C CC int3
0040156D CC int3
0040156E CC int3
0040156F CC int3
00401570 . B8 C0784300 mov eax, 004378C0
00401575 . C3 retn
00401576 CC int3
00401577 CC int3
00401578 CC int3
00401579 CC int3
0040157A CC int3
0040157B CC int3
0040157C CC int3
0040157D CC int3
0040157E CC int3
0040157F CC int3
00401580 . 56 push esi
00401581 . 8BF1 mov esi, ecx
00401583 . E8 93C10000 call 0040D71B
00401588 . F64424 08 01 test byte ptr [esp+8], 1
0040158D . 74 09 je short 00401598
0040158F . 56 push esi
00401590 . E8 53440000 call 004059E8
00401595 . 83C4 04 add esp, 4
00401598 > 8BC6 mov eax, esi
0040159A . 5E pop esi
0040159B . C2 0400 retn 4
0040159E CC int3
0040159F CC int3
004015A0 > 8B01 mov eax, dword ptr [ecx]
004015A2 . 83E8 10 sub eax, 10
代码如下00401000 /$ 33C0 xor eax, eax
00401002 |. 56 push esi
00401003 |. 50 push eax
00401004 |. 50 push eax
00401005 |. 8BF1 mov esi, ecx
00401007 |. 50 push eax
00401008 |. 6A 01 push 1
0040100A |. 68 F0764300 push 004376F0 ; ASCII "Nimo Software HTTP Retriever 1.0"
0040100F |. 8946 14 mov dword ptr [esi+14], eax
00401012 |. 8946 0C mov dword ptr [esi+C], eax
00401015 |. 8946 10 mov dword ptr [esi+10], eax
00401018 |. 8906 mov dword ptr [esi], eax
0040101A |. 8946 04 mov dword ptr [esi+4], eax
0040101D |. 8946 08 mov dword ptr [esi+8], eax
00401020 |. FF15 10754300 call dword ptr [<&WININET.InternetOpe>; WININET.InternetOpenA
00401026 |. 8906 mov dword ptr [esi], eax
00401028 |. 8BC6 mov eax, esi
0040102A |. 5E pop esi
0040102B \. C3 retn
0040102C CC int3
0040102D CC int3
0040102E CC int3
0040102F CC int3
00401030 > 56 push esi
00401031 . 8BF1 mov esi, ecx
00401033 . 8B46 0C mov eax, dword ptr [esi+C]
00401036 . 85C0 test eax, eax
00401038 . 57 push edi
00401039 . 74 09 je short 00401044
0040103B . 50 push eax
0040103C . E8 F5F90100 call 00420A36
00401041 . 83C4 04 add esp, 4
00401044 > 8B46 10 mov eax, dword ptr [esi+10]
00401047 . 85C0 test eax, eax
00401049 . 74 09 je short 00401054
0040104B . 50 push eax
0040104C . E8 E5F90100 call 00420A36
00401051 . 83C4 04 add esp, 4
00401054 > 8B06 mov eax, dword ptr [esi]
00401056 . 85C0 test eax, eax
00401058 . 8B3D 0C754300 mov edi, dword ptr [<&WININET.Intern>; WININET.InternetCloseHandle
0040105E . 74 03 je short 00401063
00401060 . 50 push eax
00401061 . FFD7 call edi ; <&WININET.InternetCloseHandle>
00401063 > 8B46 04 mov eax, dword ptr [esi+4]
00401066 . 85C0 test eax, eax
00401068 . 74 03 je short 0040106D
0040106A . 50 push eax
0040106B . FFD7 call edi
0040106D > 8B76 08 mov esi, dword ptr [esi+8]
00401070 . 85F6 test esi, esi
00401072 . 74 03 je short 00401077
00401074 . 56 push esi
00401075 . FFD7 call edi
00401077 > 5F pop edi
00401078 . 5E pop esi
00401079 . C3 retn
0040107A CC int3
0040107B CC int3
0040107C CC int3
0040107D CC int3
0040107E CC int3
0040107F CC int3
00401080 /$ 56 push esi
00401081 |. 8BF1 mov esi, ecx
00401083 |. 8B46 04 mov eax, dword ptr [esi+4]
00401086 |. 85C0 test eax, eax
00401088 |. 74 07 je short 00401091
0040108A |. 50 push eax
0040108B |. FF15 0C754300 call dword ptr [<&WININET.InternetClo>; WININET.InternetCloseHandle
00401091 |> 8B4424 08 mov eax, dword ptr [esp+8]
00401095 |. 8B0E mov ecx, dword ptr [esi]
00401097 |. 6A 00 push 0
00401099 |. 6A 09 push 9
0040109B |. 6A 00 push 0
0040109D |. 6A 00 push 0
0040109F |. 50 push eax
004010A0 |. 51 push ecx
004010A1 |. FF15 08754300 call dword ptr [<&WININET.InternetOpe>; WININET.InternetOpenUrlA
004010A7 |. 85C0 test eax, eax
004010A9 |. 8946 04 mov dword ptr [esi+4], eax
004010AC |. 74 06 je short 004010B4
004010AE |. B0 01 mov al, 1
004010B0 |. 5E pop esi
004010B1 |. C2 0400 retn 4
004010B4 |> FF15 A8724300 call dword ptr [<&KERNEL32.GetLastErr>; [GetLastError
004010BA |. 8946 14 mov dword ptr [esi+14], eax
004010BD |. 32C0 xor al, al
004010BF |. 5E pop esi
004010C0 \. C2 0400 retn 4
004010C3 CC int3
004010C4 CC int3
004010C5 CC int3
004010C6 CC int3
004010C7 CC int3
004010C8 CC int3
004010C9 CC int3
004010CA CC int3
004010CB CC int3
004010CC CC int3
004010CD CC int3
004010CE CC int3
004010CF CC int3
004010D0 /$ 81EC 88000000 sub esp, 88
004010D6 |. A1 20554400 mov eax, dword ptr [445520]
004010DB |. 33C4 xor eax, esp
004010DD |. 898424 840000>mov dword ptr [esp+84], eax
004010E4 |. 83BC24 940000>cmp dword ptr [esp+94], -1
004010EC |. 8B8424 900000>mov eax, dword ptr [esp+90]
004010F3 |. 53 push ebx
004010F4 |. 57 push edi
004010F5 |. 8BBC24 940000>mov edi, dword ptr [esp+94]
004010FC |. 8BD9 mov ebx, ecx
004010FE |. 894424 0C mov dword ptr [esp+C], eax
00401102 |. 75 15 jnz short 00401119
00401104 |. 8D50 01 lea edx, dword ptr [eax+1]
00401107 |> 8A08 /mov cl, byte ptr [eax]
00401109 |. 83C0 01 |add eax, 1
0040110C |. 84C9 |test cl, cl
0040110E |.^ 75 F7 \jnz short 00401107
00401110 |. 2BC2 sub eax, edx
00401112 |. 898424 9C0000>mov dword ptr [esp+9C], eax
00401119 |> B8 01000000 mov eax, 1
0040111E |. 55 push ebp
0040111F |. 56 push esi
00401120 |. 33F6 xor esi, esi
00401122 |. 894424 3C mov dword ptr [esp+3C], eax
00401126 |. 894424 58 mov dword ptr [esp+58], eax
0040112A |. 8BC7 mov eax, edi
0040112C |. C74424 28 3C0>mov dword ptr [esp+28], 3C
00401134 |. 897424 2C mov dword ptr [esp+2C], esi
00401138 |. 897424 30 mov dword ptr [esp+30], esi
0040113C |. 897424 38 mov dword ptr [esp+38], esi
00401140 |. 66:897424 40 mov word ptr [esp+40], si
00401145 |. 897424 44 mov dword ptr [esp+44], esi
00401149 |. 897424 48 mov dword ptr [esp+48], esi
0040114D |. 897424 4C mov dword ptr [esp+4C], esi
00401151 |. 897424 50 mov dword ptr [esp+50], esi
00401155 |. 897424 54 mov dword ptr [esp+54], esi
00401159 |. 897424 5C mov dword ptr [esp+5C], esi
0040115D |. 897424 60 mov dword ptr [esp+60], esi
00401161 |. 8D50 01 lea edx, dword ptr [eax+1]
00401164 |> 8A08 /mov cl, byte ptr [eax]
00401166 |. 83C0 01 |add eax, 1
00401169 |. 84C9 |test cl, cl
0040116B |.^ 75 F7 \jnz short 00401164
0040116D |. 8D4C24 28 lea ecx, dword ptr [esp+28]
00401171 |. 51 push ecx
00401172 |. 56 push esi
00401173 |. 2BC2 sub eax, edx
00401175 |. 50 push eax
00401176 |. 57 push edi
00401177 |. FF15 F8744300 call dword ptr [<&WININET.InternetCra>; WININET.InternetCrackUrlA
0040117D |. 8B43 08 mov eax, dword ptr [ebx+8]
00401180 |. 3BC6 cmp eax, esi
00401182 |. 8B3D 0C754300 mov edi, dword ptr [<&WININET.Intern>; WININET.InternetCloseHandle
00401188 |. 74 03 je short 0040118D
0040118A |. 50 push eax
0040118B |. FFD7 call edi ; <&WININET.InternetCloseHandle>
0040118D |> 8B5424 38 mov edx, dword ptr [esp+38]
00401191 |. 52 push edx
00401192 |. E8 2DF90100 call 00420AC4
00401197 |. 8B4C24 40 mov ecx, dword ptr [esp+40]
0040119B |. C60408 00 mov byte ptr [eax+ecx], 0
0040119F |. 8B5424 58 mov edx, dword ptr [esp+58]
004011A3 |. 52 push edx
004011A4 |. 894424 20 mov dword ptr [esp+20], eax
004011A8 |. E8 17F90100 call 00420AC4
004011AD |. 8B4C24 60 mov ecx, dword ptr [esp+60]
004011B1 |. 894424 18 mov dword ptr [esp+18], eax
004011B5 |. C60408 00 mov byte ptr [eax+ecx], 0
004011B9 |. 8B43 04 mov eax, dword ptr [ebx+4]
004011BC |. 83C4 08 add esp, 8
004011BF |. 3BC6 cmp eax, esi
004011C1 |. 74 03 je short 004011C6
004011C3 |. 50 push eax
004011C4 |. FFD7 call edi
004011C6 |> 66:8B6C24 40 mov bp, word ptr [esp+40]
004011CB |. 8B4424 40 mov eax, dword ptr [esp+40]
004011CF |. 6A 00 push 0
004011D1 |. 68 00000004 push 4000000
004011D6 |. 66:83ED 50 sub bp, 50
004011DA |. 6A 03 push 3
004011DC |. 66:F7DD neg bp
004011DF |. 68 4C774300 push 0043774C
004011E4 |. 68 4C774300 push 0043774C
004011E9 |. B9 0C000000 mov ecx, 0C
004011EE |. BE 1C774300 mov esi, 0043771C ; ASCII "Content-Type: application/x-www-form-urlencoded"
004011F3 |. 8D7C24 78 lea edi, dword ptr [esp+78]
004011F7 |. F3:A5 rep movs dword ptr es:[edi], dword p>
004011F9 |. 8B7C24 2C mov edi, dword ptr [esp+2C]
004011FD |. 8B0B mov ecx, dword ptr [ebx]
004011FF |. 50 push eax
00401200 |. 1BED sbb ebp, ebp
00401202 |. 57 push edi
00401203 |. 8D5424 38 lea edx, dword ptr [esp+38]
00401207 |. 81E5 00308000 and ebp, 803000
0040120D |. 51 push ecx
0040120E |. 81C5 00000004 add ebp, 4000000
00401214 |. C74424 3C 2A2>mov dword ptr [esp+3C], 2A2F2A
0040121C |. C74424 44 000>mov dword ptr [esp+44], 0
00401224 |. 895424 40 mov dword ptr [esp+40], edx
00401228 |. FF15 FC744300 call dword ptr [<&WININET.InternetCon>; WININET.InternetConnectA
0040122E |. 8B4C24 10 mov ecx, dword ptr [esp+10]
00401232 |. 6A 00 push 0
00401234 |. 55 push ebp
00401235 |. 8D5424 28 lea edx, dword ptr [esp+28]
00401239 |. 52 push edx
0040123A |. 6A 00 push 0
0040123C |. 6A 00 push 0
0040123E |. 51 push ecx
0040123F |. 68 14774300 push 00437714 ; ASCII "POST"
00401244 |. 50 push eax
00401245 |. 8943 08 mov dword ptr [ebx+8], eax
00401248 |. FF15 00754300 call dword ptr [<&WININET.HttpOpenReq>; WININET.HttpOpenRequestA
0040124E |. 8BF0 mov esi, eax
00401250 |. 8D4C24 64 lea ecx, dword ptr [esp+64]
00401254 |. 8973 04 mov dword ptr [ebx+4], esi
00401257 |. 8D69 01 lea ebp, dword ptr [ecx+1]
0040125A |. 8D9B 00000000 lea ebx, dword ptr [ebx]
00401260 |> 8A01 /mov al, byte ptr [ecx]
00401262 |. 83C1 01 |add ecx, 1
00401265 |. 84C0 |test al, al
00401267 |.^ 75 F7 \jnz short 00401260
00401269 |. 8B9424 A40000>mov edx, dword ptr [esp+A4]
00401270 |. 8B4424 14 mov eax, dword ptr [esp+14]
00401274 |. 52 push edx
00401275 |. 50 push eax
00401276 |. 2BCD sub ecx, ebp
00401278 |. 51 push ecx
00401279 |. 8D4C24 70 lea ecx, dword ptr [esp+70]
0040127D |. 51 push ecx
0040127E |. 56 push esi
0040127F |. FF15 04754300 call dword ptr [<&WININET.HttpSendReq>; WININET.HttpSendRequestA
00401285 |. 85C0 test eax, eax
00401287 |. 5E pop esi
00401288 |. 5D pop ebp
00401289 |. 75 20 jnz short 004012AB
0040128B |. FF15 A8724300 call dword ptr [<&KERNEL32.GetLastErr>; [GetLastError
00401291 |. 57 push edi
00401292 |. 8943 14 mov dword ptr [ebx+14], eax
00401295 |. E8 9CF70100 call 00420A36
0040129A |. 8B5424 0C mov edx, dword ptr [esp+C]
0040129E |. 52 push edx
0040129F |. E8 92F70100 call 00420A36
004012A4 |. 83C4 08 add esp, 8
004012A7 |. 32C0 xor al, al
004012A9 |. EB 15 jmp short 004012C0
004012AB |> 57 push edi
004012AC |. E8 85F70100 call 00420A36
004012B1 |. 8B4424 0C mov eax, dword ptr [esp+C]
004012B5 |. 50 push eax
004012B6 |. E8 7BF70100 call 00420A36
004012BB |. 83C4 08 add esp, 8
004012BE |. B0 01 mov al, 1
004012C0 |> 8B8C24 8C0000>mov ecx, dword ptr [esp+8C]
004012C7 |. 5F pop edi
004012C8 |. 5B pop ebx
004012C9 |. 33CC xor ecx, esp
004012CB |. E8 44F80100 call 00420B14
004012D0 |. 81C4 88000000 add esp, 88
004012D6 \. C2 0C00 retn 0C
004012D9 CC int3
004012DA CC int3
004012DB CC int3
004012DC CC int3
004012DD CC int3
004012DE CC int3
004012DF CC int3
004012E0 . B8 08200000 mov eax, 2008
004012E5 . E8 06FC0100 call 00420EF0
004012EA . A1 20554400 mov eax, dword ptr [445520]
004012EF . 33C4 xor eax, esp
004012F1 . 898424 042000>mov dword ptr [esp+2004], eax
004012F8 . 8B8424 0C2000>mov eax, dword ptr [esp+200C]
004012FF . 85C0 test eax, eax
00401301 . 55 push ebp
00401302 . 8BE9 mov ebp, ecx
00401304 . 8B8C24 182000>mov ecx, dword ptr [esp+2018]
0040130B . 75 21 jnz short 0040132E
0040130D . C745 14 FFFFF>mov dword ptr [ebp+14], -1
00401314 > 33C0 xor eax, eax
00401316 . 5D pop ebp
00401317 . 8B8C24 042000>mov ecx, dword ptr [esp+2004]
0040131E . 33CC xor ecx, esp
00401320 . E8 EFF70100 call 00420B14
00401325 . 81C4 08200000 add esp, 2008
0040132B . C2 1000 retn 10
0040132E > 80BC24 142000>cmp byte ptr [esp+2014], 0
00401336 . 74 2F je short 00401367
00401338 . 8B9424 1C2000>mov edx, dword ptr [esp+201C]
0040133F . 52 push edx ; /Arg3
00401340 . 51 push ecx ; |Arg2
00401341 . 50 push eax ; |Arg1
00401342 . 8BCD mov ecx, ebp ; |
00401344 . E8 87FDFFFF call 004010D0 ; \2.004010D0
00401349 . 84C0 test al, al
0040134B . 75 26 jnz short 00401373
0040134D . 33C0 xor eax, eax
0040134F . 5D pop ebp
00401350 . 8B8C24 042000>mov ecx, dword ptr [esp+2004]
00401357 . 33CC xor ecx, esp
00401359 . E8 B6F70100 call 00420B14
0040135E . 81C4 08200000 add esp, 2008
00401364 . C2 1000 retn 10
00401367 > 50 push eax
00401368 . 8BCD mov ecx, ebp
0040136A . E8 11FDFFFF call 00401080
0040136F . 84C0 test al, al
00401371 .^ 74 A1 je short 00401314
00401373 > 8B45 0C mov eax, dword ptr [ebp+C]
00401376 . 53 push ebx
00401377 . 33DB xor ebx, ebx
00401379 . 85C0 test eax, eax
0040137B . 74 09 je short 00401386
0040137D . 50 push eax
0040137E . E8 B3F60100 call 00420A36
00401383 . 83C4 04 add esp, 4
00401386 > 6A 01 push 1
00401388 . 68 01200000 push 2001
0040138D . E8 11FB0100 call 00420EA3
00401392 . 8B55 04 mov edx, dword ptr [ebp+4]
00401395 . 83C4 08 add esp, 8
00401398 . 8945 0C mov dword ptr [ebp+C], eax
0040139B . 8D4424 08 lea eax, dword ptr [esp+8]
0040139F . 50 push eax
004013A0 . 68 FF1F0000 push 1FFF
004013A5 . 8D4C24 14 lea ecx, dword ptr [esp+14]
004013A9 . 51 push ecx
004013AA . 52 push edx
004013AB . FF15 F4744300 call dword ptr [<&WININET.InternetRea>; WININET.InternetReadFile
004013B1 . 85C0 test eax, eax
004013B3 . 74 7E je short 00401433
004013B5 . 56 push esi
004013B6 . 57 push edi
004013B7 > 8B4424 10 mov eax, dword ptr [esp+10]
004013BB . 85C0 test eax, eax
004013BD . 74 72 je short 00401431
004013BF . C64404 14 00 mov byte ptr [esp+eax+14], 0
004013C4 . 03D8 add ebx, eax
004013C6 . 8B45 0C mov eax, dword ptr [ebp+C]
004013C9 . C60403 00 mov byte ptr [ebx+eax], 0
004013CD . 8D4424 14 lea eax, dword ptr [esp+14]
004013D1 . 8BC8 mov ecx, eax
004013D3 > 8A10 mov dl, byte ptr [eax]
004013D5 . 83C0 01 add eax, 1
004013D8 . 84D2 test dl, dl
004013DA .^ 75 F7 jnz short 004013D3
004013DC . 8B7D 0C mov edi, dword ptr [ebp+C]
004013DF . 2BC1 sub eax, ecx
004013E1 . 8BF1 mov esi, ecx
004013E3 . 83C7 FF add edi, -1
004013E6 > 8A4F 01 mov cl, byte ptr [edi+1]
004013E9 . 83C7 01 add edi, 1
004013EC . 84C9 test cl, cl
004013EE .^ 75 F6 jnz short 004013E6
004013F0 . 8BC8 mov ecx, eax
004013F2 . C1E9 02 shr ecx, 2
004013F5 . F3:A5 rep movs dword ptr es:[edi], dword p>
004013F7 . 8BC8 mov ecx, eax
004013F9 . 83E1 03 and ecx, 3
004013FC . F3:A4 rep movs byte ptr es:[edi], byte ptr>
004013FE . 8B55 0C mov edx, dword ptr [ebp+C]
00401401 . 8D8B 00200000 lea ecx, dword ptr [ebx+2000]
00401407 . 51 push ecx
00401408 . 52 push edx
00401409 . E8 15F70100 call 00420B23
0040140E . 83C4 08 add esp, 8
00401411 . 8945 0C mov dword ptr [ebp+C], eax
00401414 . 8B55 04 mov edx, dword ptr [ebp+4]
00401417 . 8D4424 10 lea eax, dword ptr [esp+10]
0040141B . 50 push eax
0040141C . 68 FF1F0000 push 1FFF
00401421 . 8D4C24 1C lea ecx, dword ptr [esp+1C]
00401425 . 51 push ecx
00401426 . 52 push edx
00401427 . FF15 F4744300 call dword ptr [<&WININET.InternetRea>; WININET.InternetReadFile
0040142D . 85C0 test eax, eax
0040142F .^ 75 86 jnz short 004013B7
00401431 > 5F pop edi
00401432 . 5E pop esi
00401433 > 8B45 0C mov eax, dword ptr [ebp+C]
00401436 . 8B8C24 0C2000>mov ecx, dword ptr [esp+200C]
0040143D . 5B pop ebx
0040143E . 5D pop ebp
0040143F . 33CC xor ecx, esp
00401441 . E8 CEF60100 call 00420B14
00401446 . 81C4 08200000 add esp, 2008
0040144C . C2 1000 retn 10
0040144F CC int3
00401450 . 8B4424 18 mov eax, dword ptr [esp+18]
00401454 . 8B5424 14 mov edx, dword ptr [esp+14]
00401458 . 6A 00 push 0 ; /Arg9 = 00000000
0040145A . 6A 00 push 0 ; |Arg8 = 00000000
0040145C . 6A 00 push 0 ; |Arg7 = 00000000
0040145E . 50 push eax ; |Arg6
0040145F . 8B4424 20 mov eax, dword ptr [esp+20] ; |
00401463 . 52 push edx ; |Arg5
00401464 . 8B5424 20 mov edx, dword ptr [esp+20] ; |
00401468 . 50 push eax ; |Arg4
00401469 . 8B4424 20 mov eax, dword ptr [esp+20] ; |
0040146D . 52 push edx ; |Arg3
0040146E . 50 push eax ; |Arg2
0040146F . 68 B0784300 push 004378B0 ; |Arg1 = 004378B0
00401474 . E8 1FBB0000 call 0040CF98 ; \2.0040CF98
00401479 . C2 1C00 retn 1C
0040147C CC int3
0040147D CC int3
0040147E CC int3
0040147F CC int3
00401480 > E9 D5730000 jmp 0040885A
00401485 CC int3
00401486 CC int3
00401487 CC int3
00401488 CC int3
00401489 CC int3
0040148A CC int3
0040148B CC int3
0040148C CC int3
0040148D CC int3
0040148E CC int3
0040148F CC int3
00401490 . B8 5C774300 mov eax, 0043775C ; ASCII "PwC"
00401495 . C3 retn
00401496 CC int3
00401497 CC int3
00401498 CC int3
00401499 CC int3
0040149A CC int3
0040149B CC int3
0040149C CC int3
0040149D CC int3
0040149E CC int3
0040149F CC int3
004014A0 /$ 8B4424 04 mov eax, dword ptr [esp+4]
004014A4 |. 50 push eax
004014A5 |. E8 3E450000 call 004059E8
004014AA |. 59 pop ecx
004014AB \. C2 0400 retn 4
004014AE CC int3
004014AF CC int3
004014B0 . 8B41 20 mov eax, dword ptr [ecx+20]
004014B3 . 6A 00 push 0 ; /Enable = FALSE
004014B5 . 50 push eax ; |hWnd
004014B6 . FF15 E8744300 call dword ptr [<&USER32.EnableWindow>; \EnableWindow
004014BC . C3 retn
004014BD CC int3
004014BE CC int3
004014BF CC int3
004014C0 . 8B41 20 mov eax, dword ptr [ecx+20]
004014C3 . 6A 01 push 1 ; /Enable = TRUE
004014C5 . 50 push eax ; |hWnd
004014C6 . FF15 E8744300 call dword ptr [<&USER32.EnableWindow>; \EnableWindow
004014CC . C3 retn
004014CD CC int3
004014CE CC int3
004014CF CC int3
004014D0 . 6A FF push -1
004014D2 . 68 AA484300 push 004348AA
004014D7 . 64:A1 0000000>mov eax, dword ptr fs:[0]
004014DD . 50 push eax
004014DE . 51 push ecx
004014DF . 56 push esi
004014E0 . A1 20554400 mov eax, dword ptr [445520]
004014E5 . 33C4 xor eax, esp
004014E7 . 50 push eax
004014E8 . 8D4424 0C lea eax, dword ptr [esp+C]
004014EC . 64:A3 0000000>mov dword ptr fs:[0], eax
004014F2 . 6A 74 push 74
004014F4 . E8 C4440000 call 004059BD
004014F9 . 8BF0 mov esi, eax
004014FB . 83C4 04 add esp, 4
004014FE . 897424 08 mov dword ptr [esp+8], esi
00401502 . 33C0 xor eax, eax
00401504 . 3BF0 cmp esi, eax
00401506 . 894424 14 mov dword ptr [esp+14], eax
0040150A . 74 0F je short 0040151B
0040150C . 8BCE mov ecx, esi
0040150E . E8 A0580000 call 00406DB3
00401513 . C706 7C774300 mov dword ptr [esi], 0043777C
00401519 . 8BC6 mov eax, esi
0040151B > 8B4C24 0C mov ecx, dword ptr [esp+C]
0040151F . 64:890D 00000>mov dword ptr fs:[0], ecx
00401526 . 59 pop ecx
00401527 . 5E pop esi
00401528 . 83C4 10 add esp, 10
0040152B . C3 retn
0040152C CC int3
0040152D CC int3
0040152E CC int3
0040152F CC int3
00401530 . 56 push esi
00401531 . 8BF1 mov esi, ecx
00401533 . E8 22730000 call 0040885A
00401538 . F64424 08 01 test byte ptr [esp+8], 1
0040153D . 74 09 je short 00401548
0040153F . 56 push esi
00401540 . E8 A3440000 call 004059E8
00401545 . 83C4 04 add esp, 4
00401548 > 8BC6 mov eax, esi
0040154A . 5E pop esi
0040154B . C2 0400 retn 4
0040154E CC int3
0040154F CC int3
00401550 /$ 8D41 0C lea eax, dword ptr [ecx+C]
00401553 |. 83CA FF or edx, FFFFFFFF
00401556 |. F0:0FC110 lock xadd dword ptr [eax], edx
0040155A |. 4A dec edx
0040155B |. 85D2 test edx, edx
0040155D |. 7F 0C jg short 0040156B
0040155F |. 8B01 mov eax, dword ptr [ecx]
00401561 |. 8B10 mov edx, dword ptr [eax]
00401563 |. 51 push ecx
00401564 |. 8BC8 mov ecx, eax
00401566 |. 8B42 04 mov eax, dword ptr [edx+4]
00401569 |. FFD0 call eax
0040156B \> C3 retn
0040156C CC int3
0040156D CC int3
0040156E CC int3
0040156F CC int3
00401570 . B8 C0784300 mov eax, 004378C0
00401575 . C3 retn
00401576 CC int3
00401577 CC int3
00401578 CC int3
00401579 CC int3
0040157A CC int3
0040157B CC int3
0040157C CC int3
0040157D CC int3
0040157E CC int3
0040157F CC int3
00401580 . 56 push esi
00401581 . 8BF1 mov esi, ecx
00401583 . E8 93C10000 call 0040D71B
00401588 . F64424 08 01 test byte ptr [esp+8], 1
0040158D . 74 09 je short 00401598
0040158F . 56 push esi
00401590 . E8 53440000 call 004059E8
00401595 . 83C4 04 add esp, 4
00401598 > 8BC6 mov eax, esi
0040159A . 5E pop esi
0040159B . C2 0400 retn 4
0040159E CC int3
0040159F CC int3
004015A0 > 8B01 mov eax, dword ptr [ecx]
004015A2 . 83E8 10 sub eax, 10
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
要是LZ破解成功的话希望能把经验补上,让大家也学习学习
|
|
|
 还是不行 有谁想试试的 加我Q 我传原软件给他 上面那些代码只是一部分QQ275348336
|
