004060F4 S>/$ 55 push ebp
004060F5 |. 8BEC mov ebp,esp
004060F7 |. 83C4 DC add esp,-24
004060FA |. 53 push ebx
004060FB |. 8945 FC mov dword ptr ss:[ebp-4],eax
004060FE |. 833D 0C9>cmp dword ptr ds:[Checksn::Gi_UserCount],0
00406105 |. 7E 0D jle short Server.00406114
00406107 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
0040610A |. E8 D1020>call Server.Checksn::TCheckSn::DogExists
0040610F |. E9 83020>jmp Server.00406397
00406114 |> 8B45 FC mov eax,dword ptr ss:[ebp-4]
00406117 |. 8078 34 >cmp byte ptr ds:[eax+34],0
0040611B |. 75 0A jnz short Server.00406127
0040611D |. 68 B80B0>push 0BB8
00406122 |. E8 FFEB0>call <jmp.&kernel32.#711>
00406127 |> B8 E8030>mov eax,3E8
0040612C |. E8 03BB0>call Server.00451C34
00406131 |. 85C0 test eax,eax
00406133 |. 7E 1F jle short Server.00406154
00406135 |. 8945 E0 mov dword ptr ss:[ebp-20],eax
00406138 |. C745 F0 >mov dword ptr ss:[ebp-10],1
0040613F |> B8 10270>/mov eax,2710
00406144 |. E8 EBBA0>|call Server.00451C34
00406149 |. 8945 F8 |mov dword ptr ss:[ebp-8],eax
0040614C |. FF45 F0 |inc dword ptr ss:[ebp-10]
0040614F |. FF4D E0 |dec dword ptr ss:[ebp-20]
00406152 |.^ 75 EB \jnz short Server.0040613F
00406154 |> 8B45 FC mov eax,dword ptr ss:[ebp-4]
00406157 |. E8 84020>call Server.Checksn::TCheckSn::DogExists ; 请指点,这个call的作用是什么?是检测狗存在吗?
0040615C |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
0040615F |. E8 A8020>call Server.Checksn::TCheckSn::DogConvertCheck ;请指点,这个call的作用是什么?是检测狗存在吗?
00406164 |. 33C0 xor eax,eax
00406166 |. A3 F0934>mov dword ptr ds:[Checksn::DogCascade],eax
0040616B |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
0040616E |. E8 D9050>call Server.Checksn::TCheckSn::SetDogPwd ; 请指点,这个call的作用是什么?是读取还是写入密码?
00406173 |. 33C0 xor eax,eax
00406175 |. 8945 F4 mov dword ptr ss:[ebp-C],eax
00406178 |. 8D45 F4 lea eax,dword ptr ss:[ebp-C]
0040617B |. A3 04944>mov dword ptr ds:[Checksn::DogData],eax
00406180 |. C705 F89>mov dword ptr ds:[Checksn::DogBytes],4
0040618A |. C705 F49>mov dword ptr ds:[Checksn::DogAddr],0A
00406194 |. E8 10FEF>call Server.00405FA9 ; 请指点,这个call的作用是什么?
00406199 |. 8945 F8 mov dword ptr ss:[ebp-8],eax
0040619C |. 837D F8 >cmp dword ptr ss:[ebp-8],0
004061A0 |. 74 0A je short Server.004061AC
004061A2 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
004061A5 |. E8 EA050>call Server.Checksn::TCheckSn::Push
004061AA |. EB 2D jmp short Server.004061D9
004061AC |> A1 FC934>mov eax,dword ptr ds:[Checksn::DogPassword]
004061B1 |. 3145 F4 xor dword ptr ss:[ebp-C],eax
004061B4 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
004061B7 |. E8 E0010>call Server.Checksn::TCheckSn::GetDogID ; 请指点,这个call的作用是什么?
004061BC |. 33D2 xor edx,edx
004061BE |. 52 push edx
004061BF |. 50 push eax
004061C0 |. 8B45 F4 mov eax,dword ptr ss:[ebp-C]
004061C3 |. 99 cdq
004061C4 |. 3B5424 0>cmp edx,dword ptr ss:[esp+4]
004061C8 |. 75 03 jnz short Server.004061CD
004061CA |. 3B0424 cmp eax,dword ptr ss:[esp]
004061CD |> 5A pop edx
004061CE |. 58 pop eax
004061CF |. 74 08 je short Server.004061D9
004061D1 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
004061D4 |. E8 BB050>call Server.Checksn::TCheckSn::Push
004061D9 |> 33C0 xor eax,eax
004061DB |. 8945 F4 mov dword ptr ss:[ebp-C],eax
004061DE |. 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004061E1 |. A3 04944>mov dword ptr ds:[Checksn::DogData],eax
004061E6 |. C705 F89>mov dword ptr ds:[Checksn::DogBytes],4
004061F0 |. C705 F49>mov dword ptr ds:[Checksn::DogAddr],0F
004061FA |. E8 AAFDF>call Server.00405FA9 ; 请指点,这个call的作用是什么?
004061FF |. 8945 F8 mov dword ptr ss:[ebp-8],eax
00406202 |. 837D F8 >cmp dword ptr ss:[ebp-8],0
00406206 |. 74 0A je short Server.00406212
00406208 |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
0040620B |. E8 84050>call Server.Checksn::TCheckSn::Push
00406210 |. EB 0E jmp short Server.00406220
00406212 |> 8B45 F4 mov eax,dword ptr ss:[ebp-C]
00406215 |. 3305 FC9>xor eax,dword ptr ds:[Checksn::DogPassword]
0040621B |. A3 0C944>mov dword ptr ds:[Checksn::Gi_UserCount],eax
00406220 |> C645 E7 >mov byte ptr ss:[ebp-19],0
00406224 |. 8D45 E7 lea eax,dword ptr ss:[ebp-19]
00406227 |. A3 04944>mov dword ptr ds:[Checksn::DogData],eax
0040622C |. C705 F89>mov dword ptr ds:[Checksn::DogBytes],1
00406236 |. C705 F49>mov dword ptr ds:[Checksn::DogAddr],13
00406240 |. E8 64FDF>call Server.00405FA9
00406245 |. 8945 F8 mov dword ptr ss:[ebp-8],eax
00406248 |. 837D F8 >cmp dword ptr ss:[ebp-8],0
0040624C |. 74 08 je short Server.00406256
0040624E |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
00406251 |. E8 3E050>call Server.Checksn::TCheckSn::Push
00406256 |> 33C0 xor eax,eax
00406258 |. 8A45 E7 mov al,byte ptr ss:[ebp-19]
0040625B |. 50 push eax
0040625C |. B8 28944>mov eax,offset Server.Checksn::DogStr
00406261 |. B9 01000>mov ecx,1
00406266 |. 8B15 5C6>mov edx,dword ptr ds:[40605C] ; Server.Checksn::CheckSn__1
0040626C |. E8 A7DB0>call Server.00453E18
00406271 |. 83C4 04 add esp,4
00406274 |. C745 E8 >mov dword ptr ss:[ebp-18],14
0040627B |. A1 28944>mov eax,dword ptr ds:[Checksn::DogStr]
00406280 |. E8 DFD90>call Server.00453C64
00406285 |. 85C0 test eax,eax
00406287 |. 0F8C 0A0>jl Server.00406397
0040628D |. 40 inc eax
0040628E |. 8945 E0 mov dword ptr ss:[ebp-20],eax
00406291 |. C745 F0 >mov dword ptr ss:[ebp-10],0
00406298 |> 8D45 E7 /lea eax,dword ptr ss:[ebp-19]
0040629B |. A3 04944>|mov dword ptr ds:[Checksn::DogData],eax
004062A0 |. C705 F89>|mov dword ptr ds:[Checksn::DogBytes],1
004062AA |. 8B45 E8 |mov eax,dword ptr ss:[ebp-18]
004062AD |. A3 F4934>|mov dword ptr ds:[Checksn::DogAddr],eax
004062B2 |. E8 F2FCF>|call Server.00405FA9
004062B7 |. 8945 F8 |mov dword ptr ss:[ebp-8],eax
004062BA |. 837D F8 >|cmp dword ptr ss:[ebp-8],0
004062BE |. 74 08 |je short Server.004062C8
004062C0 |. 8B45 FC |mov eax,dword ptr ss:[ebp-4]
004062C3 |. E8 CC040>|call Server.Checksn::TCheckSn::Push
004062C8 |> FF45 E8 |inc dword ptr ss:[ebp-18]
004062CB |. 33D2 |xor edx,edx
004062CD |. 8A55 E7 |mov dl,byte ptr ss:[ebp-19]
004062D0 |. A1 28944>|mov eax,dword ptr ds:[Checksn::DogStr] DogStr有什么含义?
004062D5 |. 8B4D F0 |mov ecx,dword ptr ss:[ebp-10]
004062D8 |. 8D0488 |lea eax,dword ptr ds:[eax+ecx*4]
004062DB |. E8 F4CD0>|call Server.004530D4 ; 请指点,这个call的作用是什么?
004062E0 |. A1 28944>|mov eax,dword ptr ds:[Checksn::DogStr]
004062E5 |. 8B55 F0 |mov edx,dword ptr ss:[ebp-10]
004062E8 |. 8D0490 |lea eax,dword ptr ds:[eax+edx*4]
004062EB |. E8 C8CC0>|call Server.00452FB8
004062F0 |. A3 04944>|mov dword ptr ds:[Checksn::DogData],eax
004062F5 |. 33C0 |xor eax,eax
004062F7 |. 8A45 E7 |mov al,byte ptr ss:[ebp-19]
004062FA |. A3 F8934>|mov dword ptr ds:[Checksn::DogBytes],eax
004062FF |. 8B45 E8 |mov eax,dword ptr ss:[ebp-18]
00406302 |. A3 F4934>|mov dword ptr ds:[Checksn::DogAddr],eax
00406307 |. E8 9DFCF>|call Server.00405FA9
0040630C |. 8945 F8 |mov dword ptr ss:[ebp-8],eax
0040630F |. 837D F8 >|cmp dword ptr ss:[ebp-8],0
00406313 |. 74 0A |je short Server.0040631F
00406315 |. 8B45 FC |mov eax,dword ptr ss:[ebp-4]
00406318 |. E8 77040>|call Server.Checksn::TCheckSn::Push
0040631D |. EB 59 |jmp short Server.00406378
0040631F |> A1 28944>|mov eax,dword ptr ds:[Checksn::DogStr]
00406324 |. 8B55 F0 |mov edx,dword ptr ss:[ebp-10]
00406327 |. 8B0490 |mov eax,dword ptr ds:[eax+edx*4]
0040632A |. E8 B9CA0>|call Server.00452DE8
0040632F |. 85C0 |test eax,eax
00406331 |. 7E 45 |jle short Server.00406378
00406333 |. 8945 DC |mov dword ptr ss:[ebp-24],eax
00406336 |. C745 EC >|mov dword ptr ss:[ebp-14],1
0040633D |> A1 28944>|/mov eax,dword ptr ds:[Checksn::DogStr]
00406342 |. 8B55 F0 ||mov edx,dword ptr ss:[ebp-10]
00406345 |. 8D0490 ||lea eax,dword ptr ds:[eax+edx*4]
00406348 |. E8 6BCC0>||call Server.00452FB8
0040634D |. 8B55 EC ||mov edx,dword ptr ss:[ebp-14]
00406350 |. 8B0D 289>||mov ecx,dword ptr ds:[Checksn::DogStr]
00406356 |. 8B5D F0 ||mov ebx,dword ptr ss:[ebp-10]
00406359 |. 8B0C99 ||mov ecx,dword ptr ds:[ecx+ebx*4]
0040635C |. 8B5D EC ||mov ebx,dword ptr ss:[ebp-14]
0040635F |. 0FB64C19>||movzx ecx,byte ptr ds:[ecx+ebx-1]
00406364 |. 8B5D E8 ||mov ebx,dword ptr ss:[ebp-18]
00406367 |. 035D EC ||add ebx,dword ptr ss:[ebp-14]
0040636A |. 33CB ||xor ecx,ebx
0040636C |. 884C10 F>||mov byte ptr ds:[eax+edx-1],cl
00406370 |. FF45 EC ||inc dword ptr ss:[ebp-14]
00406373 |. FF4D DC ||dec dword ptr ss:[ebp-24]
00406376 |.^ 75 C5 |\jnz short Server.0040633D
00406378 |> A1 28944>|mov eax,dword ptr ds:[Checksn::DogStr]
0040637D |. 8B55 F0 |mov edx,dword ptr ss:[ebp-10]
00406380 |. 8B0490 |mov eax,dword ptr ds:[eax+edx*4]
00406383 |. E8 60CA0>|call Server.00452DE8
00406388 |. 0145 E8 |add dword ptr ss:[ebp-18],eax
0040638B |. FF45 F0 |inc dword ptr ss:[ebp-10]
0040638E |. FF4D E0 |dec dword ptr ss:[ebp-20]
00406391 |.^ 0F85 01F>\jnz Server.00406298
00406397 |> 5B pop ebx
00406398 |. 8BE5 mov esp,ebp
0040639A |. 5D pop ebp
0040639B \. C3 retn
00401924 /$ 55 push ebp
00401925 |. 8BEC mov ebp,esp
00401927 |. 81C4 D8F>add esp,-228
0040192D |. 53 push ebx
0040192E |. 56 push esi
0040192F |. 57 push edi
00401930 |. 33FF xor edi,edi
00401932 |. 68 15010>push 115 ; /Arg3 = 00000115
00401937 |. FF75 08 push dword ptr ss:[ebp+8] ; |Arg2
0040193A |. 8D85 E0F>lea eax,dword ptr ss:[ebp-120] ; |
00401940 |. 50 push eax ; |Arg1
00401941 |. E8 E9FEF>call Server.0040182F ; \Server.0040182F
00401946 |. 83C4 0C add esp,0C
00401949 |. BE 01000>mov esi,1
0040194E |. C685 E2F>mov byte ptr ss:[ebp-11E],1
00401955 |> 6A 00 /push 0 ; /hTemplateFile = NULL
00401957 |. 68 80000>|push 80 ; |Attributes = NORMAL
0040195C |. 6A 03 |push 3 ; |Mode = OPEN_EXISTING
0040195E |. 6A 00 |push 0 ; |pSecurity = NULL
00401960 |. 8BC6 |mov eax,esi ; |
00401962 |. 6A 07 |push 7 ; |ShareMode = FILE_SHARE_READ|FILE_SHARE_WRITE|4
00401964 |. 04 30 |add al,30 ; |
00401966 |. 68 00000>|push C0000000 ; |Access = GENERIC_READ|GENERIC_WRITE
0040196B |. 68 AA634>|push Server.004563AA ; |FileName = "\\.\LPTMH1"
00401970 |. A2 B3634>|mov byte ptr ds:[4563B3],al ; |
00401975 |. E8 FC310>|call <jmp.&kernel32.#57> ; \CreateFileA
0040197A |. 8BD8 |mov ebx,eax
0040197C |. 83FB FF |cmp ebx,-1 上面的函数是什么意思?成功返回值0还是1?
0040197F |. 74 46 |je short Server.004019C7
00401981 |. 8D45 FC |lea eax,dword ptr ss:[ebp-4]
00401984 |. 6A 00 |push 0 ; /pOverlapped = NULL
00401986 |. 50 |push eax ; |pBytesReturned
00401987 |. 8D95 D8F>|lea edx,dword ptr ss:[ebp-228] ; |
0040198D |. 68 07010>|push 107 ; |OutBufferSize = 107 (263.)
00401992 |. 52 |push edx ; |OutBuffer
00401993 |. 8D8D E0F>|lea ecx,dword ptr ss:[ebp-120] ; |
00401999 |. 68 15010>|push 115 ; |InBufferSize = 115 (277.)
0040199E |. 51 |push ecx ; |InBuffer
0040199F |. 68 B0210>|push 860021B0 ; |IoControlCode = 860021B0
004019A4 |. 53 |push ebx ; |hDevice
004019A5 |. E8 DE310>|call <jmp.&kernel32.#103> ; \DeviceIoControl
004019AA |. 85C0 |test eax,eax
004019AC |. 74 11 |je short Server.004019BF 上面的函数是什么意思?成功返回值0还是1?
004019AE |. 8B45 0C |mov eax,dword ptr ss:[ebp+C]
004019B1 |. 8918 |mov dword ptr ds:[eax],ebx
004019B3 |. 8B85 DBF>|mov eax,dword ptr ss:[ebp-225]
004019B9 |. 85C0 |test eax,eax
004019BB |. 74 2B |je short Server.004019E8
004019BD |. 8BF8 |mov edi,eax
004019BF |> 53 |push ebx ; /hObject
004019C0 |. E8 9F310>|call <jmp.&kernel32.#31> ; \CloseHandle
004019C5 |. EB 14 |jmp short Server.004019DB
004019C7 |> E8 34320>|call <jmp.&kernel32.#305> ; [GetLastError 函数有什么作用?
004019CC |. 83F8 05 |cmp eax,5
004019CF |. 75 07 |jnz short Server.004019D8
004019D1 |. B8 88660>|mov eax,6688
004019D6 |. EB 10 |jmp short Server.004019E8
004019D8 |> 897D F8 |mov dword ptr ss:[ebp-8],edi
004019DB |> 46 |inc esi
004019DC |. 83FE 04 |cmp esi,4
004019DF |.^ 0F8C 70F>\jl Server.00401955 为什么要循环到00401955
004019E5 |. 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004019E8 |> 5F pop edi
004019E9 |. 5E pop esi
004019EA |. 5B pop ebx
004019EB |. 8BE5 mov esp,ebp
004019ED |. 5D pop ebp
004019EE \. C3 retn
附件:213.rar [培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
