-
-
[旧帖] [求助]有关网络的一段代码,请帮忙看一下是什么意思 0.00雪花
-
发表于: 2007-5-18 22:11 6351
-
005B4000 . 832D B8D55B00>sub dword ptr [5BD5B8], 1
005B4007 . 0F83 87000000 jnb 005B4094
005B400D . E8 52EBE4FF call 00402B64
005B4012 . C605 0C505B00>mov byte ptr [5B500C], 2
005B4019 . C705 14D05B00>mov dword ptr [5BD014], <jmp.&kernel32.RaiseExcep>; 入口地址
005B4023 . C705 18D05B00>mov dword ptr [5BD018], <jmp.&kernel32.RtlUnwind> ; 入口地址
005B402D . C605 4ED05B00>mov byte ptr [5BD04E], 2
005B4034 . C705 00D05B00>mov dword ptr [5BD000], 00406610
005B403E . E8 B902E5FF call 004042FC
005B4043 . 84C0 test al, al
005B4045 . 74 05 je short 005B404C
005B4047 . E8 E002E5FF call 0040432C
005B404C > E8 9F03E5FF call 004043F0
005B4051 . 66:C705 54D05>mov word ptr [5BD054], 0D7B0
005B405A . 66:C705 20D25>mov word ptr [5BD220], 0D7B0
005B4063 . 66:C705 ECD35>mov word ptr [5BD3EC], 0D7B0
005B406C . E8 B3D2E4FF call <jmp.&kernel32.GetCommandLineA> ; [GetCommandLineA
005B4071 . A3 40D05B00 mov dword ptr [5BD040], eax
005B4076 . E8 89D3E4FF call 00401404
005B407B . A3 3CD05B00 mov dword ptr [5BD03C], eax
005B4080 . E8 3737E5FF call <jmp.&kernel32.GetACP> ; [GetACP
005B4085 . A3 BCD55B00 mov dword ptr [5BD5BC], eax
005B408A . E8 5DD3E4FF call <jmp.&kernel32.GetCurrentThreadId> ; [GetCurrentThreadId
005B408F . A3 34D05B00 mov dword ptr [5BD034], eax
005B4094 > C3 retn
005B4095 8D40 00 lea eax, dword ptr [eax]
005B4098 /. 55 push ebp
005B4099 |. 8BEC mov ebp, esp
005B409B |. 832D 00F85B00>sub dword ptr [5BF800], 1
005B40A2 |. 73 07 jnb short 005B40AB
005B40A4 |. 33C0 xor eax, eax
005B40A6 |. A3 04F85B00 mov dword ptr [5BF804], eax
005B40AB |> 5D pop ebp
005B40AC \. C3 retn
005B40AD 8D40 00 lea eax, dword ptr [eax]
005B40B0 . 55 push ebp
005B40B1 . 8BEC mov ebp, esp
005B40B3 . 33C0 xor eax, eax
005B40B5 . 55 push ebp
005B40B6 . 68 22415B00 push 005B4122
005B40BB . 64:FF30 push dword ptr fs:[eax]
005B40BE . 64:8920 mov dword ptr fs:[eax], esp
005B40C1 . 832D 18F95B00>sub dword ptr [5BF918], 1
005B40C8 . 73 4A jnb short 005B4114
005B40CA . B8 F8174100 mov eax, 004117F8
005B40CF . E8 6410E5FF call 00405138
005B40D4 . B8 E4184100 mov eax, 004118E4
005B40D9 . E8 8210E5FF call 00405160
005B40DE . 803D F5F75B00>cmp byte ptr [5BF7F5], 0
005B40E5 . 74 0F je short 005B40F6
005B40E7 . B8 44585B00 mov eax, 005B5844
005B40EC . BA 34415B00 mov edx, 005B4134 ; ASCII "0x"
005B40F1 . E8 CA13E5FF call 004054C0
005B40F6 > E8 8DB7E5FF call 0040F888
005B40FB . B8 500C4100 mov eax, 00410C50
005B4100 . E8 1F30E5FF call 00407124
005B4105 . E8 8AB8E5FF call 0040F994
005B410A . E8 E5CEE5FF call 00410FF4
005B410F . E8 D8C5E5FF call 004106EC
005B4114 > 33C0 xor eax, eax
005B4116 . 5A pop edx
005B4117 . 59 pop ecx
005B4118 . 59 pop ecx
005B4119 . 64:8910 mov dword ptr fs:[eax], edx
005B411C . 68 29415B00 push 005B4129
005B4121 > C3 retn ; RET 用作跳转到 005B4129
005B4122 .- E9 D90BE5FF jmp 00404D00
005B4127 .^ EB F8 jmp short 005B4121
005B4129 > 5D pop ebp
005B412A . C3 retn
005B412B 00 db 00
005B412C . FFFFFFFF dd FFFFFFFF
005B4130 . 02000000 dd 00000002
005B4134 . 30 78 00 ascii "0x",0
005B4137 00 db 00
005B4138 /. 55 push ebp
005B4139 |. 8BEC mov ebp, esp
005B413B |. 832D 80025C00>sub dword ptr [5C0280], 1
005B4142 |. 73 05 jnb short 005B4149
005B4144 |. E8 57E0E5FF call 004121A0
005B4149 |> 5D pop ebp
005B414A \. C3 retn
005B414B 90 nop
005B414C . 55 push ebp
005B414D . 8BEC mov ebp, esp
005B414F . 33C0 xor eax, eax
005B4151 . 55 push ebp
005B4152 . 68 ED415B00 push 005B41ED
005B4157 . 64:FF30 push dword ptr fs:[eax]
005B415A . 64:8920 mov dword ptr fs:[eax], esp
005B415D . 832D A4025C00>sub dword ptr [5C02A4], 1
005B4164 . 73 79 jnb short 005B41DF
005B4166 . B8 84025C00 mov eax, 005C0284
005B416B . E8 DC5EE6FF call 0041A04C
005B4170 . B8 BC304100 mov eax, 004130BC ; 入口地址
005B4175 . A3 94025C00 mov dword ptr [5C0294], eax
005B417A . B8 0C2C4100 mov eax, 00412C0C ; 入口地址
005B417F . A3 98025C00 mov dword ptr [5C0298], eax
005B4184 . BA 1C2B4100 mov edx, 00412B1C ; 入口地址
005B4189 . 8915 9C025C00 mov dword ptr [5C029C], edx
005B418F . A3 A0025C00 mov dword ptr [5C02A0], eax
005B4194 . B8 BC334100 mov eax, 004133BC ; 入口地址
005B4199 . 8B15 28BC5B00 mov edx, dword ptr [5BBC28] ; Unpacked.005B5010
005B419F . 8902 mov dword ptr [edx], eax
005B41A1 . B8 C89B4100 mov eax, 00419BC8 ; 入口地址
005B41A6 . 8B15 14B75B00 mov edx, dword ptr [5BB714] ; Unpacked.005B5014
005B41AC . 8902 mov dword ptr [edx], eax
005B41AE . B8 D4374100 mov eax, 004137D4 ; 入口地址
005B41B3 . 8B15 30BD5B00 mov edx, dword ptr [5BBD30] ; Unpacked.005B5018
005B41B9 . 8902 mov dword ptr [edx], eax
005B41BB . B8 506A4100 mov eax, 00416A50 ; 入口地址
005B41C0 . 8B15 44C05B00 mov edx, dword ptr [5BC044] ; Unpacked.005B501C
005B41C6 . 8902 mov dword ptr [edx], eax
005B41C8 . B8 70714100 mov eax, 00417170 ; 入口地址
005B41CD . 8B15 98BD5B00 mov edx, dword ptr [5BBD98] ; Unpacked.005B5020
005B41D3 . 8902 mov dword ptr [edx], eax
005B41D5 . 68 AC025C00 push 005C02AC ; /pCriticalSection = Unpacked.005C02AC
005B41DA . E8 D13BE5FF call <jmp.&kernel32.InitializeCriticalSection> ; \InitializeCriticalSection
005B41DF > 33C0 xor eax, eax
005B41E1 . 5A pop edx
005B41E2 . 59 pop ecx
005B41E3 . 59 pop ecx
005B41E4 . 64:8910 mov dword ptr fs:[eax], edx
005B41E7 . 68 F4415B00 push 005B41F4
005B41EC > C3 retn ; RET 用作跳转到 005B41F4
005B41ED .- E9 0E0BE5FF jmp 00404D00
005B41F2 .^ EB F8 jmp short 005B41EC
005B41F4 > 5D pop ebp
005B41F5 . C3 retn
005B41F6 8BC0 mov eax, eax
005B41F8 . 832D C4025C00>sub dword ptr [5C02C4], 1
005B41FF . C3 retn
005B4200 . 55 push ebp
005B4201 . 8BEC mov ebp, esp
005B4203 . 33C0 xor eax, eax
005B4205 . 55 push ebp
005B4206 . 68 89425B00 push 005B4289
005B420B . 64:FF30 push dword ptr fs:[eax]
005B420E . 64:8920 mov dword ptr fs:[eax], esp
005B4211 . 832D D4025C00>sub dword ptr [5C02D4], 1
005B4218 . 73 61 jnb short 005B427B
005B421A . E8 B570E7FF call 0042B2D4
005B421F . B8 84D44200 mov eax, 0042D484
005B4224 . E8 EB2EE5FF call 00407114
005B4229 . B2 01 mov dl, 1
005B422B . A1 A49A4000 mov eax, dword ptr [409AA4]
005B4230 . E8 23D0E5FF call 00411258
005B4235 . 8BD0 mov edx, eax
005B4237 . 85D2 test edx, edx
005B4239 . 74 03 je short 005B423E
005B423B . 83EA D4 sub edx, -2C
005B423E > B8 C8025C00 mov eax, 005C02C8 ; ASCII "??
005B4243 . E8 5430E5FF call 0040729C
005B4248 . B2 01 mov dl, 1
005B424A . A1 38D94100 mov eax, dword ptr [41D938]
005B424F . E8 949CE6FF call 0041DEE8
005B4254 . A3 DC025C00 mov dword ptr [5C02DC], eax
005B4259 . B2 01 mov dl, 1
005B425B . A1 F8C34100 mov eax, dword ptr [41C3F8]
005B4260 . E8 67BAE6FF call 0041FCCC
005B4265 . A3 D8025C00 mov dword ptr [5C02D8], eax
005B426A . B2 01 mov dl, 1
005B426C . A1 F8C34100 mov eax, dword ptr [41C3F8]
005B4271 . E8 56BAE6FF call 0041FCCC
005B4276 . A3 E4025C00 mov dword ptr [5C02E4], eax
005B427B > 33C0 xor eax, eax
005B427D . 5A pop edx
005B427E . 59 pop ecx
005B427F . 59 pop ecx
005B4280 . 64:8910 mov dword ptr fs:[eax], edx
005B4283 . 68 90425B00 push 005B4290
005B4288 > C3 retn ; RET 用作跳转到 005B4290
005B4289 .- E9 720AE5FF jmp 00404D00
005B428E .^ EB F8 jmp short 005B4288
005B4290 > 5D pop ebp
005B4291 . C3 retn
005B4292 8BC0 mov eax, eax
005B4294 /. 55 push ebp
005B4295 |. 8BEC mov ebp, esp
005B4297 |. 832D 0C035C00>sub dword ptr [5C030C], 1
005B429E |. 5D pop ebp
005B429F \. C3 retn
005B42A0 /. 55 push ebp
005B42A1 |. 8BEC mov ebp, esp
005B42A3 |. 832D 34035C00>sub dword ptr [5C0334], 1
005B42AA |. 73 05 jnb short 005B42B1
005B42AC |. E8 63BDE7FF call 00430014
005B42B1 |> 5D pop ebp
005B42B2 \. C3 retn
005B42B3 90 nop
005B42B4 . 832D 50035C00>sub dword ptr [5C0350], 1
005B42BB . C3 retn
005B42BC . 832D 54035C00>sub dword ptr [5C0354], 1
005B42C3 . C3 retn
005B42C4 . 832D 5C035C00>sub dword ptr [5C035C], 1
005B42CB . 0F83 ED000000 jnb 005B43BE
005B42D1 . E8 8A98E8FF call 0043DB60
005B42D6 . 68 74035C00 push 005C0374 ; /pCriticalSection = Unpacked.005C0374
005B42DB . E8 D03AE5FF call <jmp.&kernel32.InitializeCriticalSection> ; \InitializeCriticalSection
005B42E0 . 68 8C035C00 push 005C038C ; /pCriticalSection = Unpacked.005C038C
005B42E5 . E8 C63AE5FF call <jmp.&kernel32.InitializeCriticalSection> ; \InitializeCriticalSection
005B42EA . 6A 07 push 7 ; /ObjType = BLACK_PEN
005B42EC . E8 4F3DE5FF call <jmp.&gdi32.GetStockObject> ; \GetStockObject
005B42F1 . A3 64035C00 mov dword ptr [5C0364], eax
005B42F6 . 6A 05 push 5 ; /ObjType = NULL_BRUSH
005B42F8 . E8 433DE5FF call <jmp.&gdi32.GetStockObject> ; \GetStockObject
005B42FD . A3 68035C00 mov dword ptr [5C0368], eax
005B4302 . 6A 0D push 0D ; /ObjType = SYSTEM_FONT
005B4304 . E8 373DE5FF call <jmp.&gdi32.GetStockObject> ; \GetStockObject
005B4309 . A3 6C035C00 mov dword ptr [5C036C], eax
005B430E . 68 007F0000 push 7F00 ; /RsrcName = IDI_APPLICATION
005B4313 . 6A 00 push 0 ; |hInst = NULL
005B4315 . E8 BE42E5FF call <jmp.&user32.LoadIconA> ; \LoadIconA
005B431A . A3 70035C00 mov dword ptr [5C0370], eax
005B431F . E8 D498E8FF call 0043DBF8
005B4324 . 66:B9 3000 mov cx, 30
005B4328 . B2 01 mov dl, 1
005B432A . A1 84344300 mov eax, dword ptr [433484]
005B432F . E8 38F2E7FF call 0043356C
005B4334 . A3 A4035C00 mov dword ptr [5C03A4], eax
005B4339 . 66:B9 1000 mov cx, 10
005B433D . B2 01 mov dl, 1
005B433F . A1 84344300 mov eax, dword ptr [433484]
005B4344 . E8 23F2E7FF call 0043356C
005B4349 . A3 A8035C00 mov dword ptr [5C03A8], eax
005B434E . 66:B9 1000 mov cx, 10
005B4352 . B2 01 mov dl, 1
005B4354 . A1 EC344300 mov eax, dword ptr [4334EC]
005B4359 . E8 0EF2E7FF call 0043356C
005B435E . A3 AC035C00 mov dword ptr [5C03AC], eax
005B4363 . B2 01 mov dl, 1
005B4365 . A1 78DD4300 mov eax, dword ptr [43DD78]
005B436A . E8 659AE8FF call 0043DDD4
005B436F . A3 B4035C00 mov dword ptr [5C03B4], eax
005B4374 . B2 01 mov dl, 1
005B4376 . A1 F8C34100 mov eax, dword ptr [41C3F8]
005B437B . E8 4CB9E6FF call 0041FCCC
005B4380 . A3 C4605B00 mov dword ptr [5B60C4], eax
005B4385 . B2 01 mov dl, 1
005B4387 . A1 F8C34100 mov eax, dword ptr [41C3F8]
005B438C . E8 3BB9E6FF call 0041FCCC
005B4391 . A3 B0035C00 mov dword ptr [5C03B0], eax
005B4396 . B9 F43E4300 mov ecx, 00433EF4
005B439B . BA 1C3F4300 mov edx, 00433F1C
005B43A0 . A1 DC234300 mov eax, dword ptr [4323DC]
005B43A5 . E8 16A6E6FF call 0041E9C0
005B43AA . B9 5C414300 mov ecx, 0043415C
005B43AF . BA 84414300 mov edx, 00434184
005B43B4 . A1 0C254300 mov eax, dword ptr [43250C]
005B43B9 . E8 02A6E6FF call 0041E9C0
005B43BE > C3 retn
005B43BF 90 nop
005B43C0 /. 55 push ebp
005B43C1 |. 8BEC mov ebp, esp
005B43C3 |. 832D 74045C00>sub dword ptr [5C0474], 1
005B43CA |. 73 11 jnb short 005B43DD
005B43CC |. B2 01 mov dl, 1
005B43CE |. A1 70E24300 mov eax, dword ptr [43E270]
005B43D3 |. E8 189FE8FF call 0043E2F0
005B43D8 |. A3 80045C00 mov dword ptr [5C0480], eax
005B43DD |> 5D pop ebp
005B43DE \. C3 retn
005B43DF 90 nop
005B43E0 /. 55 push ebp
005B43E1 |. 8BEC mov ebp, esp
005B43E3 |. 832D 84045C00>sub dword ptr [5C0484], 1
005B43EA |. 5D pop ebp
005B43EB \. C3 retn
005B43EC /. 55 push ebp
005B43ED |. 8BEC mov ebp, esp
005B43EF |. 832D 88045C00>sub dword ptr [5C0488], 1
005B43F6 |. 73 75 jnb short 005B446D
005B43F8 |. E8 9F34E5FF call 0040789C
005B43FD |. 33D2 xor edx, edx
005B43FF |. 8990 1C000000 mov dword ptr [eax+1C], edx
005B4405 |. E8 9234E5FF call 0040789C
005B440A |. 33D2 xor edx, edx
005B440C |. 8990 20000000 mov dword ptr [eax+20], edx
005B4412 |. E8 8534E5FF call 0040789C
005B4417 |. 33D2 xor edx, edx
005B4419 |. 8990 24000000 mov dword ptr [eax+24], edx
005B441F |. E8 7834E5FF call 0040789C
005B4424 |. 33D2 xor edx, edx
005B4426 |. 8990 28000000 mov dword ptr [eax+28], edx
005B442C |. E8 6B34E5FF call 0040789C
005B4431 |. 33D2 xor edx, edx
005B4433 |. 8990 2C000000 mov dword ptr [eax+2C], edx
005B4439 |. E8 5E34E5FF call 0040789C
005B443E |. 33D2 xor edx, edx
005B4440 |. 8990 30000000 mov dword ptr [eax+30], edx
005B4446 |. E8 5134E5FF call 0040789C
005B444B |. 33D2 xor edx, edx
005B444D |. 8990 34000000 mov dword ptr [eax+34], edx
005B4453 |. E8 4434E5FF call 0040789C
005B4458 |. 33D2 xor edx, edx
005B445A |. 8990 38000000 mov dword ptr [eax+38], edx
005B4460 |. E8 3734E5FF call 0040789C
005B4465 |. 33D2 xor edx, edx
005B4467 |. 8990 3C000000 mov dword ptr [eax+3C], edx
005B446D |> 5D pop ebp
005B446E \. C3 retn
005B446F 90 nop
005B4470 . 832D 90045C00>sub dword ptr [5C0490], 1
005B4477 . 73 29 jnb short 005B44A2
005B4479 . A1 30B44600 mov eax, dword ptr [46B430]
005B447E . E8 85A3E6FF call 0041E808
005B4483 . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B4489 . A1 C43C4500 mov eax, dword ptr [453CC4]
005B448E . E8 C5A3E6FF call 0041E858
005B4493 . 68 A4445B00 push 005B44A4 ; /MsgName = "TaskbarCreated"
005B4498 . E8 EB41E5FF call <jmp.&user32.RegisterWindowMessageA> ; \RegisterWindowMessageA
005B449D . A3 8C045C00 mov dword ptr [5C048C], eax
005B44A2 > C3 retn
005B44A3 00 db 00
005B44A4 . 54 61 73 6B 6>ascii "TaskbarCreated",0
005B44B3 00 db 00
005B44B4 /. 55 push ebp
005B44B5 |. 8BEC mov ebp, esp
005B44B7 |. 832D 94045C00>sub dword ptr [5C0494], 1
005B44BE |. 73 33 jnb short 005B44F3
005B44C0 |. B8 BCFC4500 mov eax, 0045FCBC
005B44C5 |. E8 960CE5FF call 00405160
005B44CA |. E8 55B7EAFF call 0045FC24
005B44CF |. A1 30B44600 mov eax, dword ptr [46B430]
005B44D4 |. E8 2FA3E6FF call 0041E808
005B44D9 |. A1 30B44600 mov eax, dword ptr [46B430]
005B44DE |. E8 CDA3E6FF call 0041E8B0
005B44E3 |. 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B44E9 |. A1 9CE74500 mov eax, dword ptr [45E79C]
005B44EE |. E8 65A3E6FF call 0041E858
005B44F3 |> 5D pop ebp
005B44F4 \. C3 retn
005B44F5 8D40 00 lea eax, dword ptr [eax]
005B44F8 /. 55 push ebp
005B44F9 |. 8BEC mov ebp, esp
005B44FB |. 832D D0045C00>sub dword ptr [5C04D0], 1
005B4502 |. 73 27 jnb short 005B452B
005B4504 |. 68 30455B00 push 005B4530 ; /Format = "Delphi Picture"
005B4509 |. E8 6A41E5FF call <jmp.&user32.RegisterClipboardFormatA> ; \RegisterClipboardFormatA
005B450E |. 66:A3 CC045C0>mov word ptr [5C04CC], ax
005B4514 |. 68 40455B00 push 005B4540 ; /Format = "Delphi Component"
005B4519 |. E8 5A41E5FF call <jmp.&user32.RegisterClipboardFormatA> ; \RegisterClipboardFormatA
005B451E |. 66:A3 CE045C0>mov word ptr [5C04CE], ax
005B4524 |. 33C0 xor eax, eax
005B4526 |. A3 D4045C00 mov dword ptr [5C04D4], eax
005B452B |> 5D pop ebp
005B452C \. C3 retn
005B452D 00 db 00
005B452E 00 db 00
005B452F 00 db 00
005B4530 . 44 65 6C 70 6>ascii "Delphi Picture",0
005B453F 00 db 00
005B4540 . 44 65 6C 70 6>ascii "Delphi Component"
005B4550 . 00 ascii 0
005B4551 00 db 00
005B4552 00 db 00
005B4553 00 db 00
005B4554 /. 55 push ebp
005B4555 |. 8BEC mov ebp, esp
005B4557 |. 832D F8045C00>sub dword ptr [5C04F8], 1
005B455E |. 73 05 jnb short 005B4565
005B4560 |. E8 BFC4EAFF call 00460A24
005B4565 |> 5D pop ebp
005B4566 \. C3 retn
005B4567 90 nop
005B4568 /. 55 push ebp
005B4569 |. 8BEC mov ebp, esp
005B456B |. 832D 0C055C00>sub dword ptr [5C050C], 1
005B4572 |. 5D pop ebp
005B4573 \. C3 retn
005B4574 . 832D 1C055C00>sub dword ptr [5C051C], 1
005B457B . 73 7B jnb short 005B45F8
005B457D . B8 EC9D4600 mov eax, 00469DEC
005B4582 . E8 B10BE5FF call 00405138
005B4587 . A1 30B44600 mov eax, dword ptr [46B430]
005B458C . E8 77A2E6FF call 0041E808
005B4591 . A1 30B44600 mov eax, dword ptr [46B430]
005B4596 . E8 15A3E6FF call 0041E8B0
005B459B . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B45A1 . A1 18224600 mov eax, dword ptr [462218]
005B45A6 . E8 ADA2E6FF call 0041E858
005B45AB . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B45B1 . A1 3C264600 mov eax, dword ptr [46263C]
005B45B6 . E8 9DA2E6FF call 0041E858
005B45BB . A1 18224600 mov eax, dword ptr [462218]
005B45C0 . E8 2FA1E6FF call 0041E6F4
005B45C5 . B2 01 mov dl, 1
005B45C7 . A1 50C44100 mov eax, dword ptr [41C450]
005B45CC . E8 2BFFE4FF call 004044FC
005B45D1 . A3 20055C00 mov dword ptr [5C0520], eax
005B45D6 . B2 01 mov dl, 1
005B45D8 . A1 C02C4600 mov eax, dword ptr [462CC0]
005B45DD . E8 1AFFE4FF call 004044FC
005B45E2 . A3 14055C00 mov dword ptr [5C0514], eax
005B45E7 . B2 01 mov dl, 1
005B45E9 . A1 2C2D4600 mov eax, dword ptr [462D2C]
005B45EE . E8 9999E7FF call 0042DF8C
005B45F3 . A3 18055C00 mov dword ptr [5C0518], eax
005B45F8 > C3 retn
005B45F9 8D40 00 lea eax, dword ptr [eax]
005B45FC . 55 push ebp
005B45FD . 8BEC mov ebp, esp
005B45FF . 33C0 xor eax, eax
005B4601 . 55 push ebp
005B4602 . 68 82465B00 push 005B4682
005B4607 . 64:FF30 push dword ptr fs:[eax]
005B460A . 64:8920 mov dword ptr fs:[eax], esp
005B460D . 832D 34055C00>sub dword ptr [5C0534], 1
005B4614 . 73 5E jnb short 005B4674
005B4616 . E8 2D37E5FF call <jmp.&kernel32.GetVersion>
005B461B . 25 FF000000 and eax, 0FF
005B4620 . 66:83F8 04 cmp ax, 4
005B4624 . 0F9305 30055C>setnb byte ptr [5C0530]
005B462B . E8 FCDCECFF call 0048232C
005B4630 . A1 30B44600 mov eax, dword ptr [46B430]
005B4635 . E8 CEA1E6FF call 0041E808
005B463A . A1 30B44600 mov eax, dword ptr [46B430]
005B463F . E8 6CA2E6FF call 0041E8B0
005B4644 . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B464A . A1 F42B4800 mov eax, dword ptr [482BF4]
005B464F . E8 04A2E6FF call 0041E858
005B4654 . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B465A . A1 9C4C4800 mov eax, dword ptr [484C9C]
005B465F . E8 F4A1E6FF call 0041E858
005B4664 . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B466A . A1 584E4800 mov eax, dword ptr [484E58]
005B466F . E8 E4A1E6FF call 0041E858
005B4674 > 33C0 xor eax, eax
005B4676 . 5A pop edx
005B4677 . 59 pop ecx
005B4678 . 59 pop ecx
005B4679 . 64:8910 mov dword ptr fs:[eax], edx
005B467C . 68 89465B00 push 005B4689
005B4681 > C3 retn ; RET 用作跳转到 005B4689
005B4682 .- E9 7906E5FF jmp 00404D00
005B4687 .^ EB F8 jmp short 005B4681
005B4689 > 5D pop ebp
005B468A . C3 retn
005B468B 90 nop
005B468C /. 55 push ebp
005B468D |. 8BEC mov ebp, esp
005B468F |. 832D B4055C00>sub dword ptr [5C05B4], 1
005B4696 |. 73 20 jnb short 005B46B8
005B4698 |. 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B469E |. A1 584E4800 mov eax, dword ptr [484E58]
005B46A3 |. E8 B0A1E6FF call 0041E858
005B46A8 |. 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B46AE |. A1 9C4C4800 mov eax, dword ptr [484C9C]
005B46B3 |. E8 A0A1E6FF call 0041E858
005B46B8 |> 5D pop ebp
005B46B9 \. C3 retn
005B46BA 8BC0 mov eax, eax
005B46BC . 832D C0055C00>sub dword ptr [5C05C0], 1
005B46C3 . 73 2F jnb short 005B46F4
005B46C5 . B8 B49C4900 mov eax, 00499CB4
005B46CA . E8 910AE5FF call 00405160
005B46CF . E8 9054EEFF call 00499B64
005B46D4 . 68 F8465B00 push 005B46F8 ; /MsgName = "TaskbarCreated"
005B46D9 . E8 AA3FE5FF call <jmp.&user32.RegisterWindowMessageA> ; \RegisterWindowMessageA
005B46DE . A3 C4055C00 mov dword ptr [5C05C4], eax
005B46E3 . B8 40A74800 mov eax, 0048A740
005B46E8 . E8 E7A4E6FF call 0041EBD4
005B46ED . 33C0 xor eax, eax
005B46EF . A3 D8055C00 mov dword ptr [5C05D8], eax
005B46F4 > C3 retn
005B46F5 00 db 00
005B46F6 00 db 00
005B46F7 00 db 00
005B46F8 . 54 61 73 6B 6>ascii "TaskbarCreated",0
005B4707 00 db 00
005B4708 . 832D DC055C00>sub dword ptr [5C05DC], 1
005B470F . 73 1B jnb short 005B472C
005B4711 . B8 B0F44900 mov eax, 0049F4B0
005B4716 . E8 450AE5FF call 00405160
005B471B . B8 E0055C00 mov eax, 005C05E0
005B4720 . 33C9 xor ecx, ecx
005B4722 . BA 2C000000 mov edx, 2C
005B4727 . E8 D4F3E4FF call 00403B00
005B472C > C3 retn
005B472D 8D40 00 lea eax, dword ptr [eax]
005B4730 . 832D 0C065C00>sub dword ptr [5C060C], 1
005B4737 . 73 0A jnb short 005B4743
005B4739 . B8 ACF54900 mov eax, 0049F5AC
005B473E . E8 F509E5FF call 00405138
005B4743 > C3 retn
005B4744 /. 55 push ebp
005B4745 |. 8BEC mov ebp, esp
005B4747 |. 832D 10065C00>sub dword ptr [5C0610], 1
005B474E |. 5D pop ebp
005B474F \. C3 retn
005B4750 /. 55 push ebp
005B4751 |. 8BEC mov ebp, esp
005B4753 |. 832D 14065C00>sub dword ptr [5C0614], 1
005B475A |. 5D pop ebp
005B475B \. C3 retn
005B475C /. 55 push ebp
005B475D |. 8BEC mov ebp, esp
005B475F |. 832D 20065C00>sub dword ptr [5C0620], 1
005B4766 |. 5D pop ebp
005B4767 \. C3 retn
005B4768 /. 55 push ebp
005B4769 |. 8BEC mov ebp, esp
005B476B |. 832D 5C065C00>sub dword ptr [5C065C], 1
005B4772 |. 73 4B jnb short 005B47BF
005B4774 |. E8 0361F1FF call 004CA87C
005B4779 |. B8 ACAF4C00 mov eax, 004CAFAC ; 入口地址
005B477E |. 8B15 A8BD5B00 mov edx, dword ptr [5BBDA8] ; Unpacked.005C0294
005B4784 |. 8902 mov dword ptr [edx], eax
005B4786 |. A1 B8B75B00 mov eax, dword ptr [5BB7B8]
005B478B |. C700 74B24C00 mov dword ptr [eax], 004CB274
005B4791 |. B8 98A94C00 mov eax, 004CA998
005B4796 |. 8B15 58BE5B00 mov edx, dword ptr [5BBE58] ; Unpacked.005BD020
005B479C |. 8902 mov dword ptr [edx], eax
005B479E |. A1 ACB65B00 mov eax, dword ptr [5BB6AC]
005B47A3 |. 8038 00 cmp byte ptr [eax], 0
005B47A6 |. 75 17 jnz short 005B47BF
005B47A8 |. A1 A0BB5B00 mov eax, dword ptr [5BBBA0]
005B47AD |. 8B00 mov eax, dword ptr [eax]
005B47AF |. A3 68065C00 mov dword ptr [5C0668], eax
005B47B4 |. A1 A0BB5B00 mov eax, dword ptr [5BBBA0]
005B47B9 |. C700 50B34C00 mov dword ptr [eax], 004CB350
005B47BF |> 5D pop ebp
005B47C0 \. C3 retn
005B47C1 8D40 00 lea eax, dword ptr [eax]
005B47C4 /. 55 push ebp
005B47C5 |. 8BEC mov ebp, esp
005B47C7 |. 832D 74065C00>sub dword ptr [5C0674], 1
005B47CE |. 73 15 jnb short 005B47E5
005B47D0 |. 33C0 xor eax, eax
005B47D2 |. A3 70065C00 mov dword ptr [5C0670], eax
005B47D7 |. 33C0 xor eax, eax
005B47D9 |. A3 78065C00 mov dword ptr [5C0678], eax
005B47DE |. 33C0 xor eax, eax
005B47E0 |. A3 7C065C00 mov dword ptr [5C067C], eax
005B47E5 |> 5D pop ebp
005B47E6 \. C3 retn
005B47E7 90 nop
005B47E8 . 55 push ebp
005B47E9 . 8BEC mov ebp, esp
005B47EB . 33C0 xor eax, eax
005B47ED . 55 push ebp
005B47EE . 68 37485B00 push 005B4837
005B47F3 . 64:FF30 push dword ptr fs:[eax]
005B47F6 . 64:8920 mov dword ptr fs:[eax], esp
005B47F9 . 832D 8C065C00>sub dword ptr [5C068C], 1
005B4800 . 73 27 jnb short 005B4829
005B4802 . 33C0 xor eax, eax
005B4804 . A3 84065C00 mov dword ptr [5C0684], eax
005B4809 . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B480F . A1 24794D00 mov eax, dword ptr [4D7924]
005B4814 . E8 3FA0E6FF call 0041E858
005B4819 . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B481F . A1 806D4D00 mov eax, dword ptr [4D6D80]
005B4824 . E8 2FA0E6FF call 0041E858
005B4829 > 33C0 xor eax, eax
005B482B . 5A pop edx
005B482C . 59 pop ecx
005B482D . 59 pop ecx
005B482E . 64:8910 mov dword ptr fs:[eax], edx
005B4831 . 68 3E485B00 push 005B483E
005B4836 > C3 retn ; RET 用作跳转到 005B483E
005B4837 .- E9 C404E5FF jmp 00404D00
005B483C .^ EB F8 jmp short 005B4836
005B483E > 5D pop ebp
005B483F . C3 retn
005B4840 /. 55 push ebp
005B4841 |. 8BEC mov ebp, esp
005B4843 |. 832D 94065C00>sub dword ptr [5C0694], 1
005B484A |. 73 1B jnb short 005B4867
005B484C |. B2 01 mov dl, 1
005B484E |. A1 14954E00 mov eax, dword ptr [4E9514]
005B4853 |. E8 A4FCE4FF call 004044FC
005B4858 |. A3 90065C00 mov dword ptr [5C0690], eax
005B485D |. A1 90065C00 mov eax, dword ptr [5C0690]
005B4862 |. E8 151AF2FF call 004D627C
005B4867 |> 5D pop ebp
005B4868 \. C3 retn
005B4869 8D40 00 lea eax, dword ptr [eax]
005B486C /. 55 push ebp
005B486D |. 8BEC mov ebp, esp
005B486F |. 832D 9C065C00>sub dword ptr [5C069C], 1
005B4876 |. 73 29 jnb short 005B48A1
005B4878 |. 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B487E |. A1 20B14E00 mov eax, dword ptr [4EB120]
005B4883 |. E8 D09FE6FF call 0041E858
005B4888 |. 8B0D 2CBD5B00 mov ecx, dword ptr [5BBD2C] ; Unpacked.005C05B8
005B488E |. 8B09 mov ecx, dword ptr [ecx]
005B4890 |. B2 01 mov dl, 1
005B4892 |. A1 00B54E00 mov eax, dword ptr [4EB500]
005B4897 |. E8 5471F3FF call 004EB9F0
005B489C |. A3 88705B00 mov dword ptr [5B7088], eax
005B48A1 |> 5D pop ebp
005B48A2 \. C3 retn
005B48A3 90 nop
005B48A4 /. 55 push ebp
005B48A5 |. 8BEC mov ebp, esp
005B48A7 |. 83C4 F0 add esp, -10
005B48AA |. 56 push esi
005B48AB |. 57 push edi
005B48AC |. 832D 80085C00>sub dword ptr [5C0880], 1
005B48B3 |. 73 2D jnb short 005B48E2
005B48B5 |. 8D45 F0 lea eax, dword ptr [ebp-10]
005B48B8 |. E8 83E8F3FF call 004F3140
005B48BD |. 8D75 F0 lea esi, dword ptr [ebp-10]
005B48C0 |. BF 60085C00 mov edi, 005C0860
005B48C5 |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48C6 |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48C7 |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48C8 |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48C9 |. 8D45 F0 lea eax, dword ptr [ebp-10]
005B48CC |. E8 8BE8F3FF call 004F315C
005B48D1 |. 8D75 F0 lea esi, dword ptr [ebp-10]
005B48D4 |. BF 70085C00 mov edi, 005C0870
005B48D9 |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48DA |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48DB |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48DC |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48DD |. E8 16E7F3FF call 004F2FF8
005B48E2 |> 5F pop edi
005B48E3 |. 5E pop esi
005B48E4 |. 8BE5 mov esp, ebp
005B48E6 |. 5D pop ebp
005B48E7 \. C3 retn
005B48E8 /. 55 push ebp
005B48E9 |. 8BEC mov ebp, esp
005B48EB |. 832D 8C085C00>sub dword ptr [5C088C], 1
005B48F2 |. 73 22 jnb short 005B4916
005B48F4 |. A1 A4BA5B00 mov eax, dword ptr [5BBAA4]
005B48F9 |. 8B15 48404F00 mov edx, dword ptr [4F4048] ; Unpacked.004F4094
005B48FF |. 8910 mov dword ptr [eax], edx
005B4901 |. A1 ACC05B00 mov eax, dword ptr [5BC0AC]
005B4906 |. 8338 02 cmp dword ptr [eax], 2
005B4909 |. 75 0B jnz short 005B4916
005B490B |. A1 70BC5B00 mov eax, dword ptr [5BBC70]
005B4910 |. C700 9C4E4F00 mov dword ptr [eax], 004F4E9C
005B4916 |> 5D pop ebp
005B4917 \. C3 retn
005B4918 /. 55 push ebp
005B4919 |. 8BEC mov ebp, esp
005B491B |. 6A 00 push 0
005B491D |. 33C0 xor eax, eax
005B491F |. 55 push ebp
005B4920 |. 68 EB495B00 push 005B49EB
005B4925 |. 64:FF30 push dword ptr fs:[eax]
005B4928 |. 64:8920 mov dword ptr fs:[eax], esp
005B492B |. 832D 98085C00>sub dword ptr [5C0898], 1
005B4932 |. 0F83 9D000000 jnb 005B49D5
005B4938 |. 8D45 FC lea eax, dword ptr [ebp-4]
005B493B |. E8 8415F4FF call 004F5EC4
005B4940 |. 8B55 FC mov edx, dword ptr [ebp-4]
005B4943 |. B8 A0085C00 mov eax, 005C08A0 ; ASCII "貚?
005B4948 |. E8 730BE5FF call 004054C0
005B494D |. A1 1CBE5B00 mov eax, dword ptr [5BBE1C]
005B4952 |. 8B15 BC404F00 mov edx, dword ptr [4F40BC] ; Unpacked.004F4108
005B4958 |. 8910 mov dword ptr [eax], edx
005B495A |. A1 94C05B00 mov eax, dword ptr [5BC094]
005B495F |. BA F8495B00 mov edx, 005B49F8
005B4964 |. B1 20 mov cl, 20
005B4966 |. E8 79F5E4FF call 00403EE4
005B496B |. 75 0C jnz short 005B4979
005B496D |. C705 48765B00>mov dword ptr [5B7648], 004F6AEC
005B4977 |. EB 0A jmp short 005B4983
005B4979 |> B8 F4014100 mov eax, 004101F4 ; 入口地址
005B497E |. A3 48765B00 mov dword ptr [5B7648], eax
005B4983 |> 6A 01 push 1
005B4985 |. B8 90085C00 mov eax, 005C0890
005B498A |. B9 01000000 mov ecx, 1
005B498F |. 8B15 60564F00 mov edx, dword ptr [4F5660] ; Unpacked.004F5664
005B4995 |. E8 C621E5FF call 00406B60
005B499A |. 83C4 04 add esp, 4
005B499D |. A1 90085C00 mov eax, dword ptr [5C0890]
005B49A2 |. BA 204A5B00 mov edx, 005B4A20 ; ASCII "FALSE"
005B49A7 |. E8 140BE5FF call 004054C0
005B49AC |. 6A 01 push 1
005B49AE |. B8 94085C00 mov eax, 005C0894 ; ASCII "(O?
005B49B3 |. B9 01000000 mov ecx, 1
005B49B8 |. 8B15 84564F00 mov edx, dword ptr [4F5684] ; Unpacked.004F5688
005B49BE |. E8 9D21E5FF call 00406B60
005B49C3 |. 83C4 04 add esp, 4
005B49C6 |. A1 94085C00 mov eax, dword ptr [5C0894]
005B49CB |. BA 304A5B00 mov edx, 005B4A30 ; ASCII "TRUE"
005B49D0 |. E8 EB0AE5FF call 004054C0
005B49D5 |> 33C0 xor eax, eax
005B49D7 |. 5A pop edx
005B49D8 |. 59 pop ecx
005B49D9 |. 59 pop ecx
005B49DA |. 64:8910 mov dword ptr fs:[eax], edx
005B49DD |. 68 F2495B00 push 005B49F2
005B49E2 |> 8D45 FC lea eax, dword ptr [ebp-4]
005B49E5 |. E8 820AE5FF call 0040546C
005B49EA \. C3 retn
005B49EB .- E9 1003E5FF jmp 00404D00
005B49F0 .^ EB F0 jmp short 005B49E2
005B49F2 . 59 pop ecx
005B49F3 . 5D pop ebp
005B49F4 . C3 retn
005B49F5 00 db 00
005B49F6 00 db 00
005B49F7 00 db 00
005B49F8 00 db 00
005B49F9 00 db 00
005B49FA 00 db 00
005B49FB 00 db 00
005B49FC 00 db 00
005B49FD 00 db 00
005B49FE 00 db 00
005B49FF 00 db 00
005B4A00 00 db 00
005B4A01 00 db 00
005B4A02 00 db 00
005B4A03 00 db 00
005B4A04 00 db 00
005B4A05 00 db 00
005B4A06 00 db 00
005B4A07 00 db 00
005B4A08 00 db 00
005B4A09 00 db 00
005B4A0A 00 db 00
005B4A0B 00 db 00
005B4A0C 00 db 00
005B4A0D 00 db 00
005B4A0E 00 db 00
005B4A0F 00 db 00
005B4A10 00 db 00
005B4A11 00 db 00
005B4A12 00 db 00
005B4A13 00 db 00
005B4A14 00 db 00
005B4A15 00 db 00
005B4A16 00 db 00
005B4A17 00 db 00
005B4A18 . FFFFFFFF dd FFFFFFFF
005B4A1C . 05000000 dd 00000005
005B4A20 . 46 41 4C 53 4>ascii "FALSE",0
005B4A26 00 db 00
005B4A27 00 db 00
005B4A28 . FFFFFFFF dd FFFFFFFF
005B4A2C . 04000000 dd 00000004
005B4A30 . 54 52 55 45 0>ascii "TRUE",0
005B4A35 00 db 00
005B4A36 00 db 00
005B4A37 00 db 00
005B4A38 /. 55 push ebp
005B4A39 |. 8BEC mov ebp, esp
005B4A3B |. 832D A4085C00>sub dword ptr [5C08A4], 1
005B4A42 |. 73 1B jnb short 005B4A5F
005B4A44 |. B8 D07C4F00 mov eax, 004F7CD0
005B4A49 |. E8 EA06E5FF call 00405138
005B4A4E |. B2 01 mov dl, 1
005B4A50 |. A1 70E24300 mov eax, dword ptr [43E270]
005B4A55 |. E8 9698E8FF call 0043E2F0
005B4A5A |. A3 A8085C00 mov dword ptr [5C08A8], eax
005B4A5F |> 5D pop ebp
005B4A60 \. C3 retn
005B4A61 8D40 00 lea eax, dword ptr [eax]
005B4A64 . 55 push ebp
005B4A65 . 8BEC mov ebp, esp
005B4A67 . 33C0 xor eax, eax
005B4A69 . 55 push ebp
005B4A6A . 68 9D4A5B00 push 005B4A9D
005B4A6F . 64:FF30 push dword ptr fs:[eax]
005B4A72 . 64:8920 mov dword ptr fs:[eax], esp
005B4A75 . 832D B4085C00>sub dword ptr [5C08B4], 1
005B4A7C . 73 11 jnb short 005B4A8F
005B4A7E . E8 C532E5FF call <jmp.&kernel32.GetVersion>
005B4A83 . 3D 00000080 cmp eax, 80000000
005B4A88 . 0F9205 AC085C>setb byte ptr [5C08AC]
005B4A8F > 33C0 xor eax, eax
005B4A91 . 5A pop edx
005B4A92 . 59 pop ecx
005B4A93 . 59 pop ecx
005B4A94 . 64:8910 mov dword ptr fs:[eax], edx
005B4A97 . 68 A44A5B00 push 005B4AA4
005B4A9C > C3 retn ; RET 用作跳转到 005B4AA4
005B4A9D .- E9 5E02E5FF jmp 00404D00
005B4AA2 .^ EB F8 jmp short 005B4A9C
005B4AA4 > 5D pop ebp
005B4AA5 . C3 retn
005B4AA6 8BC0 mov eax, eax
005B4AA8 /. 55 push ebp
005B4AA9 |. 8BEC mov ebp, esp
005B4AAB |. 832D B8085C00>sub dword ptr [5C08B8], 1
005B4AB2 |. 5D pop ebp
005B4AB3 \. C3 retn
005B4AB4 . 55 push ebp
005B4AB5 . 8BEC mov ebp, esp
005B4AB7 . 33C0 xor eax, eax
005B4AB9 . 55 push ebp
005B4ABA . 68 E14A5B00 push 005B4AE1
005B4ABF . 64:FF30 push dword ptr fs:[eax]
005B4AC2 . 64:8920 mov dword ptr fs:[eax], esp
005B4AC5 . 832D 00095C00>sub dword ptr [5C0900], 1
005B4ACC . 73 05 jnb short 005B4AD3
005B4ACE . E8 7192F4FF call 004FDD44
005B4AD3 > 33C0 xor eax, eax
005B4AD5 . 5A pop edx
005B4AD6 . 59 pop ecx
005B4AD7 . 59 pop ecx
005B4AD8 . 64:8910 mov dword ptr fs:[eax], edx
005B4ADB . 68 E84A5B00 push 005B4AE8
005B4AE0 > C3 retn ; RET 用作跳转到 005B4AE8
005B4AE1 .- E9 1A02E5FF jmp 00404D00
005B4AE6 .^ EB F8 jmp short 005B4AE0
005B4AE8 > 5D pop ebp
005B4AE9 . C3 retn
005B4AEA 8BC0 mov eax, eax
005B4AEC . 832D 04095C00>sub dword ptr [5C0904], 1
005B4AF3 . C3 retn
005B4AF4 /. 55 push ebp
005B4AF5 |. 8BEC mov ebp, esp
005B4AF7 |. 6A 00 push 0
005B4AF9 |. 33C0 xor eax, eax
005B4AFB |. 55 push ebp
005B4AFC |. 68 4B4B5B00 push 005B4B4B
005B4B01 |. 64:FF30 push dword ptr fs:[eax]
005B4B04 |. 64:8920 mov dword ptr fs:[eax], esp
005B4B07 |. 832D 0C095C00>sub dword ptr [5C090C], 1
005B4B0E |. 73 25 jnb short 005B4B35
005B4B10 |. 8D55 FC lea edx, dword ptr [ebp-4]
005B4B13 |. A1 18BA5B00 mov eax, dword ptr [5BBA18]
005B4B18 |. 8B00 mov eax, dword ptr [eax]
005B4B1A |. E8 B553E5FF call 00409ED4
005B4B1F |. 8B55 FC mov edx, dword ptr [ebp-4]
005B4B22 |. B8 604B5B00 mov eax, 005B4B60 ; ASCII "YYYY"
005B4B27 |. E8 580FE5FF call 00405A84
005B4B2C |. 85C0 test eax, eax
005B4B2E |. 0F9F05 08095C>setg byte ptr [5C0908]
005B4B35 |> 33C0 xor eax, eax
005B4B37 |. 5A pop edx
005B4B38 |. 59 pop ecx
005B4B39 |. 59 pop ecx
005B4B3A |. 64:8910 mov dword ptr fs:[eax], edx
005B4B3D |. 68 524B5B00 push 005B4B52
005B4B42 |> 8D45 FC lea eax, dword ptr [ebp-4]
005B4B45 |. E8 2209E5FF call 0040546C
005B4B4A \. C3 retn
005B4B4B .- E9 B001E5FF jmp 00404D00
005B4B50 .^ EB F0 jmp short 005B4B42
005B4B52 . 59 pop ecx
005B4B53 . 5D pop ebp
005B4B54 . C3 retn
005B4B55 00 db 00
005B4B56 00 db 00
005B4B57 00 db 00
005B4B58 . FFFFFFFF dd FFFFFFFF
005B4B5C . 04000000 dd 00000004
005B4B60 . 59 59 59 59 0>ascii "YYYY",0
005B4B65 00 db 00
005B4B66 00 db 00
005B4B67 00 db 00
005B4B68 . 832D 10095C00>sub dword ptr [5C0910], 1
005B4B6F . 73 46 jnb short 005B4BB7
005B4B71 . 68 B84B5B00 push 005B4BB8 ; /RsrcName = "RX_HANDCUR"
005B4B76 . A1 F8F75B00 mov eax, dword ptr [5BF7F8] ; |
005B4B7B . 50 push eax ; |hInst => 00400000
005B4B7C . E8 4F3AE5FF call <jmp.&user32.LoadCursorA> ; \LoadCursorA
005B4B81 . 8BC8 mov ecx, eax
005B4B83 . A1 80C05B00 mov eax, dword ptr [5BC080]
005B4B88 . 8B00 mov eax, dword ptr [eax]
005B4B8A . BA B0360000 mov edx, 36B0
005B4B8F . E8 A006EEFF call 00495234
005B4B94 . 68 C44B5B00 push 005B4BC4 ; /RsrcName = "RX_DRAGCUR"
005B4B99 . A1 F8F75B00 mov eax, dword ptr [5BF7F8] ; |
005B4B9E . 50 push eax ; |hInst => 00400000
005B4B9F . E8 2C3AE5FF call <jmp.&user32.LoadCursorA> ; \LoadCursorA
005B4BA4 . 8BC8 mov ecx, eax
005B4BA6 . A1 80C05B00 mov eax, dword ptr [5BC080]
005B4BAB . 8B00 mov eax, dword ptr [eax]
005B4BAD . BA B1360000 mov edx, 36B1
005B4BB2 . E8 7D06EEFF call 00495234
005B4BB7 > C3 retn
005B4BB8 . 52 58 5F 48 4>ascii "RX_HANDCUR",0
005B4BC3 00 db 00
005B4BC4 . 52 58 5F 44 5>ascii "RX_DRAGCUR",0
005B4BCF 00 db 00
005B4BD0 . 832D 14095C00>sub dword ptr [5C0914], 1
005B4BD7 . 73 07 jnb short 005B4BE0
005B4BD9 . 33C0 xor eax, eax
005B4BDB . A3 18095C00 mov dword ptr [5C0918], eax
005B4BE0 > C3 retn
005B4BE1 8D40 00 lea eax, dword ptr [eax]
005B4BE4 . 832D 1C095C00>sub dword ptr [5C091C], 1
005B4BEB . C3 retn
005B4BEC . 832D 20095C00>sub dword ptr [5C0920], 1
005B4BF3 . C3 retn
005B4BF4 . 832D 24095C00>sub dword ptr [5C0924], 1
005B4BFB . C3 retn
005B4BFC . 832D 28095C00>sub dword ptr [5C0928], 1
005B4C03 . C3 retn
005B4C04 . 832D 2C095C00>sub dword ptr [5C092C], 1
005B4C0B . 73 07 jnb short 005B4C14
005B4C0D . 33C0 xor eax, eax
005B4C0F . A3 C0775B00 mov dword ptr [5B77C0], eax
005B4C14 > C3 retn
005B4C15 8D40 00 lea eax, dword ptr [eax]
005B4C18 . 832D 30095C00>sub dword ptr [5C0930], 1
005B4C1F . C3 retn
005B4C20 55 db 55 ; CHAR 'U'
005B4C21 8B db 8B
005B4C22 EC db EC
005B4C23 83 db 83
005B4C24 . 2D 34 09 5C 0>ascii "-4 \",0
005B4C29 01 db 01
005B4C2A 73 db 73 ; CHAR 's'
005B4C2B . 05 E8A38BF6 add eax, F68BA3E8
005B4C30 . FF5D C3 call far fword ptr [ebp-3D]
005B4C33 . 90 nop
005B4C34 /. 55 push ebp
005B4C35 |. 8BEC mov ebp, esp
005B4C37 |. 6A 00 push 0
005B4C39 |. 6A 00 push 0
005B4C3B |. 33C0 xor eax, eax
005B4C3D |. 55 push ebp
005B4C3E |. 68 BC4C5B00 push 005B4CBC
005B4C43 |. 64:FF30 push dword ptr fs:[eax]
005B4C46 |. 64:8920 mov dword ptr fs:[eax], esp
005B4C49 |. 832D 40095C00>sub dword ptr [5C0940], 1
005B4C50 |. 73 4F jnb short 005B4CA1
005B4C52 |. E8 71B3F6FF call 0051FFC8
005B4C57 |. A1 24EA5100 mov eax, dword ptr [51EA24]
005B4C5C |. 50 push eax
005B4C5D |. 8D55 FC lea edx, dword ptr [ebp-4]
005B4C60 |. A1 0CB75B00 mov eax, dword ptr [5BB70C]
005B4C65 |. E8 FA2AE5FF call 00407764
005B4C6A |. 8B4D FC mov ecx, dword ptr [ebp-4] ; |
005B4C6D |. BA D04C5B00 mov edx, 005B4CD0 ; |ASCII "jpeg"
005B4C72 |. A1 8C2F4300 mov eax, dword ptr [432F8C] ; |
005B4C77 |. E8 B83FE8FF call 00438C34 ; \Unpacked.00438C34
005B4C7C |. A1 24EA5100 mov eax, dword ptr [51EA24]
005B4C81 |. 50 push eax
005B4C82 |. 8D55 F8 lea edx, dword ptr [ebp-8]
005B4C85 |. A1 0CB75B00 mov eax, dword ptr [5BB70C]
005B4C8A |. E8 D52AE5FF call 00407764
005B4C8F |. 8B4D F8 mov ecx, dword ptr [ebp-8] ; |
005B4C92 |. BA E04C5B00 mov edx, 005B4CE0 ; |ASCII "jpg"
005B4C97 |. A1 8C2F4300 mov eax, dword ptr [432F8C] ; |
005B4C9C |. E8 933FE8FF call 00438C34 ; \Unpacked.00438C34
005B4CA1 |> 33C0 xor eax, eax
005B4CA3 |. 5A pop edx
005B4CA4 |. 59 pop ecx
005B4CA5 |. 59 pop ecx
005B4CA6 |. 64:8910 mov dword ptr fs:[eax], edx
005B4CA9 |. 68 C34C5B00 push 005B4CC3
005B4CAE |> 8D45 F8 lea eax, dword ptr [ebp-8]
005B4CB1 |. BA 02000000 mov edx, 2
005B4CB6 |. E8 D507E5FF call 00405490
005B4CBB \. C3 retn
005B4CBC .- E9 3F00E5FF jmp 00404D00
005B4CC1 .^ EB EB jmp short 005B4CAE
005B4CC3 . 59 pop ecx
005B4CC4 . 59 pop ecx
005B4CC5 . 5D pop ebp
005B4CC6 . C3 retn
005B4CC7 00 db 00
005B4CC8 . FFFFFFFF dd FFFFFFFF
005B4CCC . 04000000 dd 00000004
005B4CD0 . 6A 70 65 67 0>ascii "jpeg",0
005B4CD5 00 db 00
005B4CD6 00 db 00
005B4CD7 00 db 00
005B4CD8 . FFFFFFFF dd FFFFFFFF
005B4CDC . 03000000 dd 00000003
005B4CE0 . 6A 70 67 00 ascii "jpg",0
005B4CE4 . 832D 44095C00>sub dword ptr [5C0944], 1
005B4CEB . C3 retn
005B4CEC . 832D 4C095C00>sub dword ptr [5C094C], 1
005B4CF3 . 73 05 jnb short 005B4CFA
005B4CF5 . E8 AE4DF8FF call 00539AA8
005B4CFA > C3 retn
005B4CFB 90 nop
005B4CFC . 832D 540D5C00>sub dword ptr [5C0D54], 1
005B4D03 . 73 27 jnb short 005B4D2C
005B4D05 . 68 304D5B00 push 005B4D30 ; /Format = "Delphi Icon"
005B4D0A . E8 6939E5FF call <jmp.&user32.RegisterClipboardFormatA> ; \RegisterClipboardFormatA
005B4D0F . 66:A3 500D5C0>mov word ptr [5C0D50], ax
005B4D15 . 8B0D 84334300 mov ecx, dword ptr [433384] ; Unpacked.004333D0
005B4D1B . 0FB715 500D5C>movzx edx, word ptr [5C0D50]
005B4D22 . A1 8C2F4300 mov eax, dword ptr [432F8C]
005B4D27 . E8 343FE8FF call 00438C60
005B4D2C > C3 retn
005B4D2D 00 db 00
005B4D2E 00 db 00
005B4D2F 00 db 00
005B4D30 . 44 65 6C 70 6>ascii "Delphi Icon",0
005B4D3C /. 55 push ebp
005B4D3D |. 8BEC mov ebp, esp
005B4D3F |. 83C4 F4 add esp, -0C
005B4D42 |. 33C0 xor eax, eax
005B4D44 |. 8945 F4 mov dword ptr [ebp-C], eax
005B4D47 |. 33C0 xor eax, eax
005B4D49 |. 55 push ebp
005B4D4A |. 68 DD4D5B00 push 005B4DDD
005B4D4F |. 64:FF30 push dword ptr fs:[eax]
005B4D52 |. 64:8920 mov dword ptr fs:[eax], esp
005B4D55 |. 832D 5C0D5C00>sub dword ptr [5C0D5C], 1
005B4D5C |. 73 69 jnb short 005B4DC7
005B4D5E |. 68 E84D5B00 push 005B4DE8 ; /Format = "GIF Image"
005B4D63 |. E8 1039E5FF call <jmp.&user32.RegisterClipboardFormatA> ; \RegisterClipboardFormatA
005B4D68 |. 66:A3 580D5C0>mov word ptr [5C0D58], ax
005B4D6E |. A1 90AE5300 mov eax, dword ptr [53AE90]
005B4D73 |. 8945 F8 mov dword ptr [ebp-8], eax
005B4D76 |. A1 A8AD5300 mov eax, dword ptr [53ADA8]
005B4D7B |. 8945 FC mov dword ptr [ebp-4], eax
005B4D7E |. 8D45 F8 lea eax, dword ptr [ebp-8]
005B4D81 |. BA 01000000 mov edx, 1
005B4D86 |. E8 E199E6FF call 0041E76C
005B4D8B |. A1 A8AD5300 mov eax, dword ptr [53ADA8]
005B4D90 |. 50 push eax
005B4D91 |. 8D55 F4 lea edx, dword ptr [ebp-C]
005B4D94 |. B8 ACEE0000 mov eax, 0EEAC
005B4D99 |. E8 3A61E5FF call 0040AED8
005B4D9E |. 8B4D F4 mov ecx, dword ptr [ebp-C] ; |
005B4DA1 |. BA FC4D5B00 mov edx, 005B4DFC ; |ASCII "gif"
005B4DA6 |. A1 8C2F4300 mov eax, dword ptr [432F8C] ; |
005B4DAB |. E8 843EE8FF call 00438C34 ; \Unpacked.00438C34
005B4DB0 |. 8B0D A8AD5300 mov ecx, dword ptr [53ADA8] ; Unpacked.0053ADF4
005B4DB6 |. 0FB715 580D5C>movzx edx, word ptr [5C0D58]
005B4DBD |. A1 8C2F4300 mov eax, dword ptr [432F8C]
005B4DC2 |. E8 993EE8FF call 00438C60
005B4DC7 |> 33C0 xor eax, eax
005B4DC9 |. 5A pop edx
005B4DCA |. 59 pop ecx
005B4DCB |. 59 pop ecx
005B4DCC |. 64:8910 mov dword ptr fs:[eax], edx
005B4DCF |. 68 E44D5B00 push 005B4DE4
005B4DD4 |> 8D45 F4 lea eax, dword ptr [ebp-C]
005B4DD7 |. E8 9006E5FF call 0040546C
005B4DDC \. C3 retn
005B4DDD .- E9 1EFFE4FF jmp 00404D00
005B4DE2 .^ EB F0 jmp short 005B4DD4
005B4DE4 . 8BE5 mov esp, ebp
005B4DE6 . 5D pop ebp
005B4DE7 . C3 retn
005B4DE8 . 47 49 46 20 4>ascii "GIF Image",0
005B4DF2 00 db 00
005B4DF3 00 db 00
005B4DF4 . FFFFFFFF dd FFFFFFFF
005B4DF8 . 03000000 dd 00000003
005B4DFC . 67 69 66 00 ascii "gif",0
005B4E00 . 55 push ebp
005B4E01 . 8BEC mov ebp, esp
005B4E03 . 33C0 xor eax, eax
005B4E05 . 55 push ebp
005B4E06 . 68 2F4E5B00 push 005B4E2F
005B4E0B . 64:FF30 push dword ptr fs:[eax]
005B4E0E . 64:8920 mov dword ptr fs:[eax], esp
005B4E11 . 832D 740D5C00>sub dword ptr [5C0D74], 1
005B4E18 . 73 07 jnb short 005B4E21
005B4E1A . 33C0 xor eax, eax
005B4E1C . A3 6C0D5C00 mov dword ptr [5C0D6C], eax
005B4E21 > 33C0 xor eax, eax
005B4E23 . 5A pop edx
005B4E24 . 59 pop ecx
005B4E25 . 59 pop ecx
005B4E26 . 64:8910 mov dword ptr fs:[eax], edx
005B4E29 . 68 364E5B00 push 005B4E36
005B4E2E > C3 retn ; RET 用作跳转到 005B4E36
005B4E2F .- E9 CCFEE4FF jmp 00404D00
005B4E34 .^ EB F8 jmp short 005B4E2E
005B4E36 > 5D pop ebp
005B4E37 . C3 retn
005B4E38 . 832D 800D5C00>sub dword ptr [5C0D80], 1
005B4E3F . C3 retn
005B4E40 /. 55 push ebp
005B4E41 |. 8BEC mov ebp, esp
005B4E43 |. 832D 040E5C00>sub dword ptr [5C0E04], 1
005B4E4A |. 73 15 jnb short 005B4E61
005B4E4C |. B9 840D5C00 mov ecx, 005C0D84
005B4E51 |. 8B15 54A05B00 mov edx, dword ptr [5BA054] ; Unpacked.00544C7C
005B4E57 |. A1 84455400 mov eax, dword ptr [544584]
005B4E5C |. E8 03F8F8FF call 00544664
005B4E61 |> 5D pop ebp
005B4E62 \. C3 retn
005B4E63 90 nop
005B4E64 /. 55 push ebp
005B4E65 |. 8BEC mov ebp, esp
005B4E67 |. 832D 080E5C00>sub dword ptr [5C0E08], 1
005B4E6E |. 73 10 jnb short 005B4E80
005B4E70 |. 8B15 1C4E5400 mov edx, dword ptr [544E1C] ; Unpacked.00544E68
005B4E76 |. B8 8C4E5B00 mov eax, 005B4E8C ; ASCII "Basic"
005B4E7B |. E8 5001F9FF call 00544FD0
005B4E80 |> 5D pop ebp
005B4E81 \. C3 retn
005B4E82 00 db 00
005B4E83 00 db 00
005B4E84 . FFFFFFFF dd FFFFFFFF
005B4E88 . 05000000 dd 00000005
005B4E8C . 42 61 73 69 6>ascii "Basic",0
005B4E92 00 db 00
005B4E93 00 db 00
005B4E94 . 832D 0C0E5C00>sub dword ptr [5C0E0C], 1
005B4E9B . C3 retn
005B4E9C /. 55 push ebp
005B4E9D |. 8BEC mov ebp, esp
005B4E9F |. 832D 100E5C00>sub dword ptr [5C0E10], 1
005B4EA6 |. 5D pop ebp
005B4EA7 \. C3 retn
005B4EA8 /. 55 push ebp
005B4EA9 |. 8BEC mov ebp, esp
005B4EAB |. 832D 140E5C00>sub dword ptr [5C0E14], 1
005B4EB2 |. 5D pop ebp
005B4EB3 \. C3 retn
005B4EB4 . 832D 280E5C00>sub dword ptr [5C0E28], 1
005B4EBB . C3 retn
005B4EBC . 832D 600E5C00>sub dword ptr [5C0E60], 1
005B4EC3 . C3 retn
005B4EC4 . 832D 700E5C00>sub dword ptr [5C0E70], 1
005B4ECB . C3 retn
005B4ECC . 832D 740E5C00>sub dword ptr [5C0E74], 1
005B4ED3 . C3 retn
005B4ED4 . 832D A40E5C00>sub dword ptr [5C0EA4], 1
005B4EDB . C3 retn
005B4EDC . 832D A80E5C00>sub dword ptr [5C0EA8], 1
005B4EE3 . C3 retn
005B4EE4 . 832D B40E5C00>sub dword ptr [5C0EB4], 1
005B4EEB . C3 retn
005B4EEC . 832D B80E5C00>sub dword ptr [5C0EB8], 1
005B4EF3 . C3 retn
005B4EF4 . 832D BC0E5C00>sub dword ptr [5C0EBC], 1
005B4EFB . C3 retn
005B4EFC . 832D D00E5C00>sub dword ptr [5C0ED0], 1
005B4F03 . C3 retn
005B4F04 . 832D 1C0F5C00>sub dword ptr [5C0F1C], 1
005B4F0B . C3 retn
005B4F0C . 832D 20175C00>sub dword ptr [5C1720], 1
005B4F13 . C3 retn
005B4F14 . 832D 24175C00>sub dword ptr [5C1724], 1
005B4F1B . C3 retn
005B4F1C > $ 55 push ebp
005B4F1D . 8BEC mov ebp, esp
005B4F1F . 83C4 F0 add esp, -10
005B4F22 . B8 082C5B00 mov eax, 005B2C08
005B4F27 . E8 BC29E5FF call 004078E8
005B4F2C . A1 2CBD5B00 mov eax, dword ptr [5BBD2C]
005B4F31 . 8B00 mov eax, dword ptr [eax]
005B4F33 . E8 0C2FEEFF call 00497E44
005B4F38 . E8 5FA3FFFF call 005AF29C
005B4F3D . 48 dec eax
005B4F3E . 75 30 jnz short 005B4F70
005B4F40 . 8B0D D8BE5B00 mov ecx, dword ptr [5BBED8] ; Unpacked.005C0D60
005B4F46 . A1 2CBD5B00 mov eax, dword ptr [5BBD2C]
005B4F4B . 8B00 mov eax, dword ptr [eax]
005B4F4D . 8B15 F8F15300 mov edx, dword ptr [53F1F8] ; Unpacked.0053F244
005B4F53 . E8 0C2FEEFF call 00497E64
005B4F58 . 8B0D F0BA5B00 mov ecx, dword ptr [5BBAF0] ; Unpacked.005C0D64
005B4F5E . A1 2CBD5B00 mov eax, dword ptr [5BBD2C]
005B4F63 . 8B00 mov eax, dword ptr [eax]
005B4F65 . 8B15 D00F5400 mov edx, dword ptr [540FD0] ; Unpacked.0054101C
005B4F6B . E8 F42EEEFF call 00497E64
005B4F70 > A1 2CBD5B00 mov eax, dword ptr [5BBD2C]
005B4F75 . 8B00 mov eax, dword ptr [eax]
005B4F77 . E8 7C2FEEFF call 00497EF8
005B4F7C . E8 2303E5FF call 004052A4
005B4F81 . 8D40 00 lea eax, dword ptr [eax]
005B4F84 . 0000 add byte ptr [eax], al
005B4F86 . 0000 add byte ptr [eax], al
005B4F88 . 0000 add byte ptr [eax], al
005B4F8A . 0000 add byte ptr [eax], al
005B4F8C . 0000 add byte ptr [eax], al
005B4F8E . 0000 add byte ptr [eax], al
005B4F90 . 0000 add byte ptr [eax], al
005B4F92 . 0000 add byte ptr [eax], al
005B4F94 . 0000 add byte ptr [eax], al
005B4F96 . 0000 add byte ptr [eax], al
005B4F98 . 0000 add byte ptr [eax], al
005B4F9A . 0000 add byte ptr [eax], al
005B4F9C . 0000 add byte ptr [eax], al
005B4F9E . 0000 add byte ptr [eax], al
005B4FA0 . 0000 add byte ptr [eax], al
005B4FA2 . 0000 add byte ptr [eax], al
005B4FA4 . 0000 add byte ptr [eax], al
005B4FA6 . 0000 add byte ptr [eax], al
005B4FA8 . 0000 add byte ptr [eax], al
005B4FAA . 0000 add byte ptr [eax], al
005B4FAC . 0000 add byte ptr [eax], al
005B4FAE . 0000 add byte ptr [eax], al
005B4FB0 . 0000 add byte ptr [eax], al
005B4FB2 . 0000 add byte ptr [eax], al
005B4FB4 . 0000 add byte ptr [eax], al
005B4FB6 . 0000 add byte ptr [eax], al
005B4FB8 . 0000 add byte ptr [eax], al
005B4FBA . 0000 add byte ptr [eax], al
005B4FBC . 0000 add byte ptr [eax], al
005B4FBE . 0000 add byte ptr [eax], al
005B4FC0 . 0000 add byte ptr [eax], al
005B4FC2 . 0000 add byte ptr [eax], al
005B4FC4 . 0000 add byte ptr [eax], al
005B4FC6 . 0000 add byte ptr [eax], al
005B4FC8 . 0000 add byte ptr [eax], al
005B4FCA . 0000 add byte ptr [eax], al
005B4FCC . 0000 add byte ptr [eax], al
005B4FCE . 0000 add byte ptr [eax], al
005B4FD0 . 0000 add byte ptr [eax], al
005B4FD2 . 0000 add byte ptr [eax], al
005B4FD4 . 0000 add byte ptr [eax], al
005B4FD6 . 0000 add byte ptr [eax], al
005B4FD8 . 0000 add byte ptr [eax], al
005B4FDA . 0000 add byte ptr [eax], al
005B4FDC . 0000 add byte ptr [eax], al
005B4FDE . 0000 add byte ptr [eax], al
005B4FE0 . 0000 add byte ptr [eax], al
005B4FE2 . 0000 add byte ptr [eax], al
005B4FE4 . 0000 add byte ptr [eax], al
005B4FE6 . 0000 add byte ptr [eax], al
005B4FE8 . 0000 add byte ptr [eax], al
005B4FEA . 0000 add byte ptr [eax], al
005B4FEC . 0000 add byte ptr [eax], al
005B4FEE . 0000 add byte ptr [eax], al
005B4FF0 . 0000 add byte ptr [eax], al
005B4FF2 . 0000 add byte ptr [eax], al
005B4FF4 . 0000 add byte ptr [eax], al
005B4FF6 . 0000 add byte ptr [eax], al
005B4FF8 . 0000 add byte ptr [eax], al
005B4FFA . 0000 add byte ptr [eax], al
005B4FFC . 0000 add byte ptr [eax], al
005B4FFE . 0000 add byte ptr [eax], al
005B4007 . 0F83 87000000 jnb 005B4094
005B400D . E8 52EBE4FF call 00402B64
005B4012 . C605 0C505B00>mov byte ptr [5B500C], 2
005B4019 . C705 14D05B00>mov dword ptr [5BD014], <jmp.&kernel32.RaiseExcep>; 入口地址
005B4023 . C705 18D05B00>mov dword ptr [5BD018], <jmp.&kernel32.RtlUnwind> ; 入口地址
005B402D . C605 4ED05B00>mov byte ptr [5BD04E], 2
005B4034 . C705 00D05B00>mov dword ptr [5BD000], 00406610
005B403E . E8 B902E5FF call 004042FC
005B4043 . 84C0 test al, al
005B4045 . 74 05 je short 005B404C
005B4047 . E8 E002E5FF call 0040432C
005B404C > E8 9F03E5FF call 004043F0
005B4051 . 66:C705 54D05>mov word ptr [5BD054], 0D7B0
005B405A . 66:C705 20D25>mov word ptr [5BD220], 0D7B0
005B4063 . 66:C705 ECD35>mov word ptr [5BD3EC], 0D7B0
005B406C . E8 B3D2E4FF call <jmp.&kernel32.GetCommandLineA> ; [GetCommandLineA
005B4071 . A3 40D05B00 mov dword ptr [5BD040], eax
005B4076 . E8 89D3E4FF call 00401404
005B407B . A3 3CD05B00 mov dword ptr [5BD03C], eax
005B4080 . E8 3737E5FF call <jmp.&kernel32.GetACP> ; [GetACP
005B4085 . A3 BCD55B00 mov dword ptr [5BD5BC], eax
005B408A . E8 5DD3E4FF call <jmp.&kernel32.GetCurrentThreadId> ; [GetCurrentThreadId
005B408F . A3 34D05B00 mov dword ptr [5BD034], eax
005B4094 > C3 retn
005B4095 8D40 00 lea eax, dword ptr [eax]
005B4098 /. 55 push ebp
005B4099 |. 8BEC mov ebp, esp
005B409B |. 832D 00F85B00>sub dword ptr [5BF800], 1
005B40A2 |. 73 07 jnb short 005B40AB
005B40A4 |. 33C0 xor eax, eax
005B40A6 |. A3 04F85B00 mov dword ptr [5BF804], eax
005B40AB |> 5D pop ebp
005B40AC \. C3 retn
005B40AD 8D40 00 lea eax, dword ptr [eax]
005B40B0 . 55 push ebp
005B40B1 . 8BEC mov ebp, esp
005B40B3 . 33C0 xor eax, eax
005B40B5 . 55 push ebp
005B40B6 . 68 22415B00 push 005B4122
005B40BB . 64:FF30 push dword ptr fs:[eax]
005B40BE . 64:8920 mov dword ptr fs:[eax], esp
005B40C1 . 832D 18F95B00>sub dword ptr [5BF918], 1
005B40C8 . 73 4A jnb short 005B4114
005B40CA . B8 F8174100 mov eax, 004117F8
005B40CF . E8 6410E5FF call 00405138
005B40D4 . B8 E4184100 mov eax, 004118E4
005B40D9 . E8 8210E5FF call 00405160
005B40DE . 803D F5F75B00>cmp byte ptr [5BF7F5], 0
005B40E5 . 74 0F je short 005B40F6
005B40E7 . B8 44585B00 mov eax, 005B5844
005B40EC . BA 34415B00 mov edx, 005B4134 ; ASCII "0x"
005B40F1 . E8 CA13E5FF call 004054C0
005B40F6 > E8 8DB7E5FF call 0040F888
005B40FB . B8 500C4100 mov eax, 00410C50
005B4100 . E8 1F30E5FF call 00407124
005B4105 . E8 8AB8E5FF call 0040F994
005B410A . E8 E5CEE5FF call 00410FF4
005B410F . E8 D8C5E5FF call 004106EC
005B4114 > 33C0 xor eax, eax
005B4116 . 5A pop edx
005B4117 . 59 pop ecx
005B4118 . 59 pop ecx
005B4119 . 64:8910 mov dword ptr fs:[eax], edx
005B411C . 68 29415B00 push 005B4129
005B4121 > C3 retn ; RET 用作跳转到 005B4129
005B4122 .- E9 D90BE5FF jmp 00404D00
005B4127 .^ EB F8 jmp short 005B4121
005B4129 > 5D pop ebp
005B412A . C3 retn
005B412B 00 db 00
005B412C . FFFFFFFF dd FFFFFFFF
005B4130 . 02000000 dd 00000002
005B4134 . 30 78 00 ascii "0x",0
005B4137 00 db 00
005B4138 /. 55 push ebp
005B4139 |. 8BEC mov ebp, esp
005B413B |. 832D 80025C00>sub dword ptr [5C0280], 1
005B4142 |. 73 05 jnb short 005B4149
005B4144 |. E8 57E0E5FF call 004121A0
005B4149 |> 5D pop ebp
005B414A \. C3 retn
005B414B 90 nop
005B414C . 55 push ebp
005B414D . 8BEC mov ebp, esp
005B414F . 33C0 xor eax, eax
005B4151 . 55 push ebp
005B4152 . 68 ED415B00 push 005B41ED
005B4157 . 64:FF30 push dword ptr fs:[eax]
005B415A . 64:8920 mov dword ptr fs:[eax], esp
005B415D . 832D A4025C00>sub dword ptr [5C02A4], 1
005B4164 . 73 79 jnb short 005B41DF
005B4166 . B8 84025C00 mov eax, 005C0284
005B416B . E8 DC5EE6FF call 0041A04C
005B4170 . B8 BC304100 mov eax, 004130BC ; 入口地址
005B4175 . A3 94025C00 mov dword ptr [5C0294], eax
005B417A . B8 0C2C4100 mov eax, 00412C0C ; 入口地址
005B417F . A3 98025C00 mov dword ptr [5C0298], eax
005B4184 . BA 1C2B4100 mov edx, 00412B1C ; 入口地址
005B4189 . 8915 9C025C00 mov dword ptr [5C029C], edx
005B418F . A3 A0025C00 mov dword ptr [5C02A0], eax
005B4194 . B8 BC334100 mov eax, 004133BC ; 入口地址
005B4199 . 8B15 28BC5B00 mov edx, dword ptr [5BBC28] ; Unpacked.005B5010
005B419F . 8902 mov dword ptr [edx], eax
005B41A1 . B8 C89B4100 mov eax, 00419BC8 ; 入口地址
005B41A6 . 8B15 14B75B00 mov edx, dword ptr [5BB714] ; Unpacked.005B5014
005B41AC . 8902 mov dword ptr [edx], eax
005B41AE . B8 D4374100 mov eax, 004137D4 ; 入口地址
005B41B3 . 8B15 30BD5B00 mov edx, dword ptr [5BBD30] ; Unpacked.005B5018
005B41B9 . 8902 mov dword ptr [edx], eax
005B41BB . B8 506A4100 mov eax, 00416A50 ; 入口地址
005B41C0 . 8B15 44C05B00 mov edx, dword ptr [5BC044] ; Unpacked.005B501C
005B41C6 . 8902 mov dword ptr [edx], eax
005B41C8 . B8 70714100 mov eax, 00417170 ; 入口地址
005B41CD . 8B15 98BD5B00 mov edx, dword ptr [5BBD98] ; Unpacked.005B5020
005B41D3 . 8902 mov dword ptr [edx], eax
005B41D5 . 68 AC025C00 push 005C02AC ; /pCriticalSection = Unpacked.005C02AC
005B41DA . E8 D13BE5FF call <jmp.&kernel32.InitializeCriticalSection> ; \InitializeCriticalSection
005B41DF > 33C0 xor eax, eax
005B41E1 . 5A pop edx
005B41E2 . 59 pop ecx
005B41E3 . 59 pop ecx
005B41E4 . 64:8910 mov dword ptr fs:[eax], edx
005B41E7 . 68 F4415B00 push 005B41F4
005B41EC > C3 retn ; RET 用作跳转到 005B41F4
005B41ED .- E9 0E0BE5FF jmp 00404D00
005B41F2 .^ EB F8 jmp short 005B41EC
005B41F4 > 5D pop ebp
005B41F5 . C3 retn
005B41F6 8BC0 mov eax, eax
005B41F8 . 832D C4025C00>sub dword ptr [5C02C4], 1
005B41FF . C3 retn
005B4200 . 55 push ebp
005B4201 . 8BEC mov ebp, esp
005B4203 . 33C0 xor eax, eax
005B4205 . 55 push ebp
005B4206 . 68 89425B00 push 005B4289
005B420B . 64:FF30 push dword ptr fs:[eax]
005B420E . 64:8920 mov dword ptr fs:[eax], esp
005B4211 . 832D D4025C00>sub dword ptr [5C02D4], 1
005B4218 . 73 61 jnb short 005B427B
005B421A . E8 B570E7FF call 0042B2D4
005B421F . B8 84D44200 mov eax, 0042D484
005B4224 . E8 EB2EE5FF call 00407114
005B4229 . B2 01 mov dl, 1
005B422B . A1 A49A4000 mov eax, dword ptr [409AA4]
005B4230 . E8 23D0E5FF call 00411258
005B4235 . 8BD0 mov edx, eax
005B4237 . 85D2 test edx, edx
005B4239 . 74 03 je short 005B423E
005B423B . 83EA D4 sub edx, -2C
005B423E > B8 C8025C00 mov eax, 005C02C8 ; ASCII "??
005B4243 . E8 5430E5FF call 0040729C
005B4248 . B2 01 mov dl, 1
005B424A . A1 38D94100 mov eax, dword ptr [41D938]
005B424F . E8 949CE6FF call 0041DEE8
005B4254 . A3 DC025C00 mov dword ptr [5C02DC], eax
005B4259 . B2 01 mov dl, 1
005B425B . A1 F8C34100 mov eax, dword ptr [41C3F8]
005B4260 . E8 67BAE6FF call 0041FCCC
005B4265 . A3 D8025C00 mov dword ptr [5C02D8], eax
005B426A . B2 01 mov dl, 1
005B426C . A1 F8C34100 mov eax, dword ptr [41C3F8]
005B4271 . E8 56BAE6FF call 0041FCCC
005B4276 . A3 E4025C00 mov dword ptr [5C02E4], eax
005B427B > 33C0 xor eax, eax
005B427D . 5A pop edx
005B427E . 59 pop ecx
005B427F . 59 pop ecx
005B4280 . 64:8910 mov dword ptr fs:[eax], edx
005B4283 . 68 90425B00 push 005B4290
005B4288 > C3 retn ; RET 用作跳转到 005B4290
005B4289 .- E9 720AE5FF jmp 00404D00
005B428E .^ EB F8 jmp short 005B4288
005B4290 > 5D pop ebp
005B4291 . C3 retn
005B4292 8BC0 mov eax, eax
005B4294 /. 55 push ebp
005B4295 |. 8BEC mov ebp, esp
005B4297 |. 832D 0C035C00>sub dword ptr [5C030C], 1
005B429E |. 5D pop ebp
005B429F \. C3 retn
005B42A0 /. 55 push ebp
005B42A1 |. 8BEC mov ebp, esp
005B42A3 |. 832D 34035C00>sub dword ptr [5C0334], 1
005B42AA |. 73 05 jnb short 005B42B1
005B42AC |. E8 63BDE7FF call 00430014
005B42B1 |> 5D pop ebp
005B42B2 \. C3 retn
005B42B3 90 nop
005B42B4 . 832D 50035C00>sub dword ptr [5C0350], 1
005B42BB . C3 retn
005B42BC . 832D 54035C00>sub dword ptr [5C0354], 1
005B42C3 . C3 retn
005B42C4 . 832D 5C035C00>sub dword ptr [5C035C], 1
005B42CB . 0F83 ED000000 jnb 005B43BE
005B42D1 . E8 8A98E8FF call 0043DB60
005B42D6 . 68 74035C00 push 005C0374 ; /pCriticalSection = Unpacked.005C0374
005B42DB . E8 D03AE5FF call <jmp.&kernel32.InitializeCriticalSection> ; \InitializeCriticalSection
005B42E0 . 68 8C035C00 push 005C038C ; /pCriticalSection = Unpacked.005C038C
005B42E5 . E8 C63AE5FF call <jmp.&kernel32.InitializeCriticalSection> ; \InitializeCriticalSection
005B42EA . 6A 07 push 7 ; /ObjType = BLACK_PEN
005B42EC . E8 4F3DE5FF call <jmp.&gdi32.GetStockObject> ; \GetStockObject
005B42F1 . A3 64035C00 mov dword ptr [5C0364], eax
005B42F6 . 6A 05 push 5 ; /ObjType = NULL_BRUSH
005B42F8 . E8 433DE5FF call <jmp.&gdi32.GetStockObject> ; \GetStockObject
005B42FD . A3 68035C00 mov dword ptr [5C0368], eax
005B4302 . 6A 0D push 0D ; /ObjType = SYSTEM_FONT
005B4304 . E8 373DE5FF call <jmp.&gdi32.GetStockObject> ; \GetStockObject
005B4309 . A3 6C035C00 mov dword ptr [5C036C], eax
005B430E . 68 007F0000 push 7F00 ; /RsrcName = IDI_APPLICATION
005B4313 . 6A 00 push 0 ; |hInst = NULL
005B4315 . E8 BE42E5FF call <jmp.&user32.LoadIconA> ; \LoadIconA
005B431A . A3 70035C00 mov dword ptr [5C0370], eax
005B431F . E8 D498E8FF call 0043DBF8
005B4324 . 66:B9 3000 mov cx, 30
005B4328 . B2 01 mov dl, 1
005B432A . A1 84344300 mov eax, dword ptr [433484]
005B432F . E8 38F2E7FF call 0043356C
005B4334 . A3 A4035C00 mov dword ptr [5C03A4], eax
005B4339 . 66:B9 1000 mov cx, 10
005B433D . B2 01 mov dl, 1
005B433F . A1 84344300 mov eax, dword ptr [433484]
005B4344 . E8 23F2E7FF call 0043356C
005B4349 . A3 A8035C00 mov dword ptr [5C03A8], eax
005B434E . 66:B9 1000 mov cx, 10
005B4352 . B2 01 mov dl, 1
005B4354 . A1 EC344300 mov eax, dword ptr [4334EC]
005B4359 . E8 0EF2E7FF call 0043356C
005B435E . A3 AC035C00 mov dword ptr [5C03AC], eax
005B4363 . B2 01 mov dl, 1
005B4365 . A1 78DD4300 mov eax, dword ptr [43DD78]
005B436A . E8 659AE8FF call 0043DDD4
005B436F . A3 B4035C00 mov dword ptr [5C03B4], eax
005B4374 . B2 01 mov dl, 1
005B4376 . A1 F8C34100 mov eax, dword ptr [41C3F8]
005B437B . E8 4CB9E6FF call 0041FCCC
005B4380 . A3 C4605B00 mov dword ptr [5B60C4], eax
005B4385 . B2 01 mov dl, 1
005B4387 . A1 F8C34100 mov eax, dword ptr [41C3F8]
005B438C . E8 3BB9E6FF call 0041FCCC
005B4391 . A3 B0035C00 mov dword ptr [5C03B0], eax
005B4396 . B9 F43E4300 mov ecx, 00433EF4
005B439B . BA 1C3F4300 mov edx, 00433F1C
005B43A0 . A1 DC234300 mov eax, dword ptr [4323DC]
005B43A5 . E8 16A6E6FF call 0041E9C0
005B43AA . B9 5C414300 mov ecx, 0043415C
005B43AF . BA 84414300 mov edx, 00434184
005B43B4 . A1 0C254300 mov eax, dword ptr [43250C]
005B43B9 . E8 02A6E6FF call 0041E9C0
005B43BE > C3 retn
005B43BF 90 nop
005B43C0 /. 55 push ebp
005B43C1 |. 8BEC mov ebp, esp
005B43C3 |. 832D 74045C00>sub dword ptr [5C0474], 1
005B43CA |. 73 11 jnb short 005B43DD
005B43CC |. B2 01 mov dl, 1
005B43CE |. A1 70E24300 mov eax, dword ptr [43E270]
005B43D3 |. E8 189FE8FF call 0043E2F0
005B43D8 |. A3 80045C00 mov dword ptr [5C0480], eax
005B43DD |> 5D pop ebp
005B43DE \. C3 retn
005B43DF 90 nop
005B43E0 /. 55 push ebp
005B43E1 |. 8BEC mov ebp, esp
005B43E3 |. 832D 84045C00>sub dword ptr [5C0484], 1
005B43EA |. 5D pop ebp
005B43EB \. C3 retn
005B43EC /. 55 push ebp
005B43ED |. 8BEC mov ebp, esp
005B43EF |. 832D 88045C00>sub dword ptr [5C0488], 1
005B43F6 |. 73 75 jnb short 005B446D
005B43F8 |. E8 9F34E5FF call 0040789C
005B43FD |. 33D2 xor edx, edx
005B43FF |. 8990 1C000000 mov dword ptr [eax+1C], edx
005B4405 |. E8 9234E5FF call 0040789C
005B440A |. 33D2 xor edx, edx
005B440C |. 8990 20000000 mov dword ptr [eax+20], edx
005B4412 |. E8 8534E5FF call 0040789C
005B4417 |. 33D2 xor edx, edx
005B4419 |. 8990 24000000 mov dword ptr [eax+24], edx
005B441F |. E8 7834E5FF call 0040789C
005B4424 |. 33D2 xor edx, edx
005B4426 |. 8990 28000000 mov dword ptr [eax+28], edx
005B442C |. E8 6B34E5FF call 0040789C
005B4431 |. 33D2 xor edx, edx
005B4433 |. 8990 2C000000 mov dword ptr [eax+2C], edx
005B4439 |. E8 5E34E5FF call 0040789C
005B443E |. 33D2 xor edx, edx
005B4440 |. 8990 30000000 mov dword ptr [eax+30], edx
005B4446 |. E8 5134E5FF call 0040789C
005B444B |. 33D2 xor edx, edx
005B444D |. 8990 34000000 mov dword ptr [eax+34], edx
005B4453 |. E8 4434E5FF call 0040789C
005B4458 |. 33D2 xor edx, edx
005B445A |. 8990 38000000 mov dword ptr [eax+38], edx
005B4460 |. E8 3734E5FF call 0040789C
005B4465 |. 33D2 xor edx, edx
005B4467 |. 8990 3C000000 mov dword ptr [eax+3C], edx
005B446D |> 5D pop ebp
005B446E \. C3 retn
005B446F 90 nop
005B4470 . 832D 90045C00>sub dword ptr [5C0490], 1
005B4477 . 73 29 jnb short 005B44A2
005B4479 . A1 30B44600 mov eax, dword ptr [46B430]
005B447E . E8 85A3E6FF call 0041E808
005B4483 . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B4489 . A1 C43C4500 mov eax, dword ptr [453CC4]
005B448E . E8 C5A3E6FF call 0041E858
005B4493 . 68 A4445B00 push 005B44A4 ; /MsgName = "TaskbarCreated"
005B4498 . E8 EB41E5FF call <jmp.&user32.RegisterWindowMessageA> ; \RegisterWindowMessageA
005B449D . A3 8C045C00 mov dword ptr [5C048C], eax
005B44A2 > C3 retn
005B44A3 00 db 00
005B44A4 . 54 61 73 6B 6>ascii "TaskbarCreated",0
005B44B3 00 db 00
005B44B4 /. 55 push ebp
005B44B5 |. 8BEC mov ebp, esp
005B44B7 |. 832D 94045C00>sub dword ptr [5C0494], 1
005B44BE |. 73 33 jnb short 005B44F3
005B44C0 |. B8 BCFC4500 mov eax, 0045FCBC
005B44C5 |. E8 960CE5FF call 00405160
005B44CA |. E8 55B7EAFF call 0045FC24
005B44CF |. A1 30B44600 mov eax, dword ptr [46B430]
005B44D4 |. E8 2FA3E6FF call 0041E808
005B44D9 |. A1 30B44600 mov eax, dword ptr [46B430]
005B44DE |. E8 CDA3E6FF call 0041E8B0
005B44E3 |. 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B44E9 |. A1 9CE74500 mov eax, dword ptr [45E79C]
005B44EE |. E8 65A3E6FF call 0041E858
005B44F3 |> 5D pop ebp
005B44F4 \. C3 retn
005B44F5 8D40 00 lea eax, dword ptr [eax]
005B44F8 /. 55 push ebp
005B44F9 |. 8BEC mov ebp, esp
005B44FB |. 832D D0045C00>sub dword ptr [5C04D0], 1
005B4502 |. 73 27 jnb short 005B452B
005B4504 |. 68 30455B00 push 005B4530 ; /Format = "Delphi Picture"
005B4509 |. E8 6A41E5FF call <jmp.&user32.RegisterClipboardFormatA> ; \RegisterClipboardFormatA
005B450E |. 66:A3 CC045C0>mov word ptr [5C04CC], ax
005B4514 |. 68 40455B00 push 005B4540 ; /Format = "Delphi Component"
005B4519 |. E8 5A41E5FF call <jmp.&user32.RegisterClipboardFormatA> ; \RegisterClipboardFormatA
005B451E |. 66:A3 CE045C0>mov word ptr [5C04CE], ax
005B4524 |. 33C0 xor eax, eax
005B4526 |. A3 D4045C00 mov dword ptr [5C04D4], eax
005B452B |> 5D pop ebp
005B452C \. C3 retn
005B452D 00 db 00
005B452E 00 db 00
005B452F 00 db 00
005B4530 . 44 65 6C 70 6>ascii "Delphi Picture",0
005B453F 00 db 00
005B4540 . 44 65 6C 70 6>ascii "Delphi Component"
005B4550 . 00 ascii 0
005B4551 00 db 00
005B4552 00 db 00
005B4553 00 db 00
005B4554 /. 55 push ebp
005B4555 |. 8BEC mov ebp, esp
005B4557 |. 832D F8045C00>sub dword ptr [5C04F8], 1
005B455E |. 73 05 jnb short 005B4565
005B4560 |. E8 BFC4EAFF call 00460A24
005B4565 |> 5D pop ebp
005B4566 \. C3 retn
005B4567 90 nop
005B4568 /. 55 push ebp
005B4569 |. 8BEC mov ebp, esp
005B456B |. 832D 0C055C00>sub dword ptr [5C050C], 1
005B4572 |. 5D pop ebp
005B4573 \. C3 retn
005B4574 . 832D 1C055C00>sub dword ptr [5C051C], 1
005B457B . 73 7B jnb short 005B45F8
005B457D . B8 EC9D4600 mov eax, 00469DEC
005B4582 . E8 B10BE5FF call 00405138
005B4587 . A1 30B44600 mov eax, dword ptr [46B430]
005B458C . E8 77A2E6FF call 0041E808
005B4591 . A1 30B44600 mov eax, dword ptr [46B430]
005B4596 . E8 15A3E6FF call 0041E8B0
005B459B . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B45A1 . A1 18224600 mov eax, dword ptr [462218]
005B45A6 . E8 ADA2E6FF call 0041E858
005B45AB . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B45B1 . A1 3C264600 mov eax, dword ptr [46263C]
005B45B6 . E8 9DA2E6FF call 0041E858
005B45BB . A1 18224600 mov eax, dword ptr [462218]
005B45C0 . E8 2FA1E6FF call 0041E6F4
005B45C5 . B2 01 mov dl, 1
005B45C7 . A1 50C44100 mov eax, dword ptr [41C450]
005B45CC . E8 2BFFE4FF call 004044FC
005B45D1 . A3 20055C00 mov dword ptr [5C0520], eax
005B45D6 . B2 01 mov dl, 1
005B45D8 . A1 C02C4600 mov eax, dword ptr [462CC0]
005B45DD . E8 1AFFE4FF call 004044FC
005B45E2 . A3 14055C00 mov dword ptr [5C0514], eax
005B45E7 . B2 01 mov dl, 1
005B45E9 . A1 2C2D4600 mov eax, dword ptr [462D2C]
005B45EE . E8 9999E7FF call 0042DF8C
005B45F3 . A3 18055C00 mov dword ptr [5C0518], eax
005B45F8 > C3 retn
005B45F9 8D40 00 lea eax, dword ptr [eax]
005B45FC . 55 push ebp
005B45FD . 8BEC mov ebp, esp
005B45FF . 33C0 xor eax, eax
005B4601 . 55 push ebp
005B4602 . 68 82465B00 push 005B4682
005B4607 . 64:FF30 push dword ptr fs:[eax]
005B460A . 64:8920 mov dword ptr fs:[eax], esp
005B460D . 832D 34055C00>sub dword ptr [5C0534], 1
005B4614 . 73 5E jnb short 005B4674
005B4616 . E8 2D37E5FF call <jmp.&kernel32.GetVersion>
005B461B . 25 FF000000 and eax, 0FF
005B4620 . 66:83F8 04 cmp ax, 4
005B4624 . 0F9305 30055C>setnb byte ptr [5C0530]
005B462B . E8 FCDCECFF call 0048232C
005B4630 . A1 30B44600 mov eax, dword ptr [46B430]
005B4635 . E8 CEA1E6FF call 0041E808
005B463A . A1 30B44600 mov eax, dword ptr [46B430]
005B463F . E8 6CA2E6FF call 0041E8B0
005B4644 . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B464A . A1 F42B4800 mov eax, dword ptr [482BF4]
005B464F . E8 04A2E6FF call 0041E858
005B4654 . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B465A . A1 9C4C4800 mov eax, dword ptr [484C9C]
005B465F . E8 F4A1E6FF call 0041E858
005B4664 . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B466A . A1 584E4800 mov eax, dword ptr [484E58]
005B466F . E8 E4A1E6FF call 0041E858
005B4674 > 33C0 xor eax, eax
005B4676 . 5A pop edx
005B4677 . 59 pop ecx
005B4678 . 59 pop ecx
005B4679 . 64:8910 mov dword ptr fs:[eax], edx
005B467C . 68 89465B00 push 005B4689
005B4681 > C3 retn ; RET 用作跳转到 005B4689
005B4682 .- E9 7906E5FF jmp 00404D00
005B4687 .^ EB F8 jmp short 005B4681
005B4689 > 5D pop ebp
005B468A . C3 retn
005B468B 90 nop
005B468C /. 55 push ebp
005B468D |. 8BEC mov ebp, esp
005B468F |. 832D B4055C00>sub dword ptr [5C05B4], 1
005B4696 |. 73 20 jnb short 005B46B8
005B4698 |. 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B469E |. A1 584E4800 mov eax, dword ptr [484E58]
005B46A3 |. E8 B0A1E6FF call 0041E858
005B46A8 |. 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B46AE |. A1 9C4C4800 mov eax, dword ptr [484C9C]
005B46B3 |. E8 A0A1E6FF call 0041E858
005B46B8 |> 5D pop ebp
005B46B9 \. C3 retn
005B46BA 8BC0 mov eax, eax
005B46BC . 832D C0055C00>sub dword ptr [5C05C0], 1
005B46C3 . 73 2F jnb short 005B46F4
005B46C5 . B8 B49C4900 mov eax, 00499CB4
005B46CA . E8 910AE5FF call 00405160
005B46CF . E8 9054EEFF call 00499B64
005B46D4 . 68 F8465B00 push 005B46F8 ; /MsgName = "TaskbarCreated"
005B46D9 . E8 AA3FE5FF call <jmp.&user32.RegisterWindowMessageA> ; \RegisterWindowMessageA
005B46DE . A3 C4055C00 mov dword ptr [5C05C4], eax
005B46E3 . B8 40A74800 mov eax, 0048A740
005B46E8 . E8 E7A4E6FF call 0041EBD4
005B46ED . 33C0 xor eax, eax
005B46EF . A3 D8055C00 mov dword ptr [5C05D8], eax
005B46F4 > C3 retn
005B46F5 00 db 00
005B46F6 00 db 00
005B46F7 00 db 00
005B46F8 . 54 61 73 6B 6>ascii "TaskbarCreated",0
005B4707 00 db 00
005B4708 . 832D DC055C00>sub dword ptr [5C05DC], 1
005B470F . 73 1B jnb short 005B472C
005B4711 . B8 B0F44900 mov eax, 0049F4B0
005B4716 . E8 450AE5FF call 00405160
005B471B . B8 E0055C00 mov eax, 005C05E0
005B4720 . 33C9 xor ecx, ecx
005B4722 . BA 2C000000 mov edx, 2C
005B4727 . E8 D4F3E4FF call 00403B00
005B472C > C3 retn
005B472D 8D40 00 lea eax, dword ptr [eax]
005B4730 . 832D 0C065C00>sub dword ptr [5C060C], 1
005B4737 . 73 0A jnb short 005B4743
005B4739 . B8 ACF54900 mov eax, 0049F5AC
005B473E . E8 F509E5FF call 00405138
005B4743 > C3 retn
005B4744 /. 55 push ebp
005B4745 |. 8BEC mov ebp, esp
005B4747 |. 832D 10065C00>sub dword ptr [5C0610], 1
005B474E |. 5D pop ebp
005B474F \. C3 retn
005B4750 /. 55 push ebp
005B4751 |. 8BEC mov ebp, esp
005B4753 |. 832D 14065C00>sub dword ptr [5C0614], 1
005B475A |. 5D pop ebp
005B475B \. C3 retn
005B475C /. 55 push ebp
005B475D |. 8BEC mov ebp, esp
005B475F |. 832D 20065C00>sub dword ptr [5C0620], 1
005B4766 |. 5D pop ebp
005B4767 \. C3 retn
005B4768 /. 55 push ebp
005B4769 |. 8BEC mov ebp, esp
005B476B |. 832D 5C065C00>sub dword ptr [5C065C], 1
005B4772 |. 73 4B jnb short 005B47BF
005B4774 |. E8 0361F1FF call 004CA87C
005B4779 |. B8 ACAF4C00 mov eax, 004CAFAC ; 入口地址
005B477E |. 8B15 A8BD5B00 mov edx, dword ptr [5BBDA8] ; Unpacked.005C0294
005B4784 |. 8902 mov dword ptr [edx], eax
005B4786 |. A1 B8B75B00 mov eax, dword ptr [5BB7B8]
005B478B |. C700 74B24C00 mov dword ptr [eax], 004CB274
005B4791 |. B8 98A94C00 mov eax, 004CA998
005B4796 |. 8B15 58BE5B00 mov edx, dword ptr [5BBE58] ; Unpacked.005BD020
005B479C |. 8902 mov dword ptr [edx], eax
005B479E |. A1 ACB65B00 mov eax, dword ptr [5BB6AC]
005B47A3 |. 8038 00 cmp byte ptr [eax], 0
005B47A6 |. 75 17 jnz short 005B47BF
005B47A8 |. A1 A0BB5B00 mov eax, dword ptr [5BBBA0]
005B47AD |. 8B00 mov eax, dword ptr [eax]
005B47AF |. A3 68065C00 mov dword ptr [5C0668], eax
005B47B4 |. A1 A0BB5B00 mov eax, dword ptr [5BBBA0]
005B47B9 |. C700 50B34C00 mov dword ptr [eax], 004CB350
005B47BF |> 5D pop ebp
005B47C0 \. C3 retn
005B47C1 8D40 00 lea eax, dword ptr [eax]
005B47C4 /. 55 push ebp
005B47C5 |. 8BEC mov ebp, esp
005B47C7 |. 832D 74065C00>sub dword ptr [5C0674], 1
005B47CE |. 73 15 jnb short 005B47E5
005B47D0 |. 33C0 xor eax, eax
005B47D2 |. A3 70065C00 mov dword ptr [5C0670], eax
005B47D7 |. 33C0 xor eax, eax
005B47D9 |. A3 78065C00 mov dword ptr [5C0678], eax
005B47DE |. 33C0 xor eax, eax
005B47E0 |. A3 7C065C00 mov dword ptr [5C067C], eax
005B47E5 |> 5D pop ebp
005B47E6 \. C3 retn
005B47E7 90 nop
005B47E8 . 55 push ebp
005B47E9 . 8BEC mov ebp, esp
005B47EB . 33C0 xor eax, eax
005B47ED . 55 push ebp
005B47EE . 68 37485B00 push 005B4837
005B47F3 . 64:FF30 push dword ptr fs:[eax]
005B47F6 . 64:8920 mov dword ptr fs:[eax], esp
005B47F9 . 832D 8C065C00>sub dword ptr [5C068C], 1
005B4800 . 73 27 jnb short 005B4829
005B4802 . 33C0 xor eax, eax
005B4804 . A3 84065C00 mov dword ptr [5C0684], eax
005B4809 . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B480F . A1 24794D00 mov eax, dword ptr [4D7924]
005B4814 . E8 3FA0E6FF call 0041E858
005B4819 . 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B481F . A1 806D4D00 mov eax, dword ptr [4D6D80]
005B4824 . E8 2FA0E6FF call 0041E858
005B4829 > 33C0 xor eax, eax
005B482B . 5A pop edx
005B482C . 59 pop ecx
005B482D . 59 pop ecx
005B482E . 64:8910 mov dword ptr fs:[eax], edx
005B4831 . 68 3E485B00 push 005B483E
005B4836 > C3 retn ; RET 用作跳转到 005B483E
005B4837 .- E9 C404E5FF jmp 00404D00
005B483C .^ EB F8 jmp short 005B4836
005B483E > 5D pop ebp
005B483F . C3 retn
005B4840 /. 55 push ebp
005B4841 |. 8BEC mov ebp, esp
005B4843 |. 832D 94065C00>sub dword ptr [5C0694], 1
005B484A |. 73 1B jnb short 005B4867
005B484C |. B2 01 mov dl, 1
005B484E |. A1 14954E00 mov eax, dword ptr [4E9514]
005B4853 |. E8 A4FCE4FF call 004044FC
005B4858 |. A3 90065C00 mov dword ptr [5C0690], eax
005B485D |. A1 90065C00 mov eax, dword ptr [5C0690]
005B4862 |. E8 151AF2FF call 004D627C
005B4867 |> 5D pop ebp
005B4868 \. C3 retn
005B4869 8D40 00 lea eax, dword ptr [eax]
005B486C /. 55 push ebp
005B486D |. 8BEC mov ebp, esp
005B486F |. 832D 9C065C00>sub dword ptr [5C069C], 1
005B4876 |. 73 29 jnb short 005B48A1
005B4878 |. 8B15 30B44600 mov edx, dword ptr [46B430] ; Unpacked.0046B47C
005B487E |. A1 20B14E00 mov eax, dword ptr [4EB120]
005B4883 |. E8 D09FE6FF call 0041E858
005B4888 |. 8B0D 2CBD5B00 mov ecx, dword ptr [5BBD2C] ; Unpacked.005C05B8
005B488E |. 8B09 mov ecx, dword ptr [ecx]
005B4890 |. B2 01 mov dl, 1
005B4892 |. A1 00B54E00 mov eax, dword ptr [4EB500]
005B4897 |. E8 5471F3FF call 004EB9F0
005B489C |. A3 88705B00 mov dword ptr [5B7088], eax
005B48A1 |> 5D pop ebp
005B48A2 \. C3 retn
005B48A3 90 nop
005B48A4 /. 55 push ebp
005B48A5 |. 8BEC mov ebp, esp
005B48A7 |. 83C4 F0 add esp, -10
005B48AA |. 56 push esi
005B48AB |. 57 push edi
005B48AC |. 832D 80085C00>sub dword ptr [5C0880], 1
005B48B3 |. 73 2D jnb short 005B48E2
005B48B5 |. 8D45 F0 lea eax, dword ptr [ebp-10]
005B48B8 |. E8 83E8F3FF call 004F3140
005B48BD |. 8D75 F0 lea esi, dword ptr [ebp-10]
005B48C0 |. BF 60085C00 mov edi, 005C0860
005B48C5 |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48C6 |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48C7 |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48C8 |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48C9 |. 8D45 F0 lea eax, dword ptr [ebp-10]
005B48CC |. E8 8BE8F3FF call 004F315C
005B48D1 |. 8D75 F0 lea esi, dword ptr [ebp-10]
005B48D4 |. BF 70085C00 mov edi, 005C0870
005B48D9 |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48DA |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48DB |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48DC |. A5 movs dword ptr es:[edi], dword ptr [esi]
005B48DD |. E8 16E7F3FF call 004F2FF8
005B48E2 |> 5F pop edi
005B48E3 |. 5E pop esi
005B48E4 |. 8BE5 mov esp, ebp
005B48E6 |. 5D pop ebp
005B48E7 \. C3 retn
005B48E8 /. 55 push ebp
005B48E9 |. 8BEC mov ebp, esp
005B48EB |. 832D 8C085C00>sub dword ptr [5C088C], 1
005B48F2 |. 73 22 jnb short 005B4916
005B48F4 |. A1 A4BA5B00 mov eax, dword ptr [5BBAA4]
005B48F9 |. 8B15 48404F00 mov edx, dword ptr [4F4048] ; Unpacked.004F4094
005B48FF |. 8910 mov dword ptr [eax], edx
005B4901 |. A1 ACC05B00 mov eax, dword ptr [5BC0AC]
005B4906 |. 8338 02 cmp dword ptr [eax], 2
005B4909 |. 75 0B jnz short 005B4916
005B490B |. A1 70BC5B00 mov eax, dword ptr [5BBC70]
005B4910 |. C700 9C4E4F00 mov dword ptr [eax], 004F4E9C
005B4916 |> 5D pop ebp
005B4917 \. C3 retn
005B4918 /. 55 push ebp
005B4919 |. 8BEC mov ebp, esp
005B491B |. 6A 00 push 0
005B491D |. 33C0 xor eax, eax
005B491F |. 55 push ebp
005B4920 |. 68 EB495B00 push 005B49EB
005B4925 |. 64:FF30 push dword ptr fs:[eax]
005B4928 |. 64:8920 mov dword ptr fs:[eax], esp
005B492B |. 832D 98085C00>sub dword ptr [5C0898], 1
005B4932 |. 0F83 9D000000 jnb 005B49D5
005B4938 |. 8D45 FC lea eax, dword ptr [ebp-4]
005B493B |. E8 8415F4FF call 004F5EC4
005B4940 |. 8B55 FC mov edx, dword ptr [ebp-4]
005B4943 |. B8 A0085C00 mov eax, 005C08A0 ; ASCII "貚?
005B4948 |. E8 730BE5FF call 004054C0
005B494D |. A1 1CBE5B00 mov eax, dword ptr [5BBE1C]
005B4952 |. 8B15 BC404F00 mov edx, dword ptr [4F40BC] ; Unpacked.004F4108
005B4958 |. 8910 mov dword ptr [eax], edx
005B495A |. A1 94C05B00 mov eax, dword ptr [5BC094]
005B495F |. BA F8495B00 mov edx, 005B49F8
005B4964 |. B1 20 mov cl, 20
005B4966 |. E8 79F5E4FF call 00403EE4
005B496B |. 75 0C jnz short 005B4979
005B496D |. C705 48765B00>mov dword ptr [5B7648], 004F6AEC
005B4977 |. EB 0A jmp short 005B4983
005B4979 |> B8 F4014100 mov eax, 004101F4 ; 入口地址
005B497E |. A3 48765B00 mov dword ptr [5B7648], eax
005B4983 |> 6A 01 push 1
005B4985 |. B8 90085C00 mov eax, 005C0890
005B498A |. B9 01000000 mov ecx, 1
005B498F |. 8B15 60564F00 mov edx, dword ptr [4F5660] ; Unpacked.004F5664
005B4995 |. E8 C621E5FF call 00406B60
005B499A |. 83C4 04 add esp, 4
005B499D |. A1 90085C00 mov eax, dword ptr [5C0890]
005B49A2 |. BA 204A5B00 mov edx, 005B4A20 ; ASCII "FALSE"
005B49A7 |. E8 140BE5FF call 004054C0
005B49AC |. 6A 01 push 1
005B49AE |. B8 94085C00 mov eax, 005C0894 ; ASCII "(O?
005B49B3 |. B9 01000000 mov ecx, 1
005B49B8 |. 8B15 84564F00 mov edx, dword ptr [4F5684] ; Unpacked.004F5688
005B49BE |. E8 9D21E5FF call 00406B60
005B49C3 |. 83C4 04 add esp, 4
005B49C6 |. A1 94085C00 mov eax, dword ptr [5C0894]
005B49CB |. BA 304A5B00 mov edx, 005B4A30 ; ASCII "TRUE"
005B49D0 |. E8 EB0AE5FF call 004054C0
005B49D5 |> 33C0 xor eax, eax
005B49D7 |. 5A pop edx
005B49D8 |. 59 pop ecx
005B49D9 |. 59 pop ecx
005B49DA |. 64:8910 mov dword ptr fs:[eax], edx
005B49DD |. 68 F2495B00 push 005B49F2
005B49E2 |> 8D45 FC lea eax, dword ptr [ebp-4]
005B49E5 |. E8 820AE5FF call 0040546C
005B49EA \. C3 retn
005B49EB .- E9 1003E5FF jmp 00404D00
005B49F0 .^ EB F0 jmp short 005B49E2
005B49F2 . 59 pop ecx
005B49F3 . 5D pop ebp
005B49F4 . C3 retn
005B49F5 00 db 00
005B49F6 00 db 00
005B49F7 00 db 00
005B49F8 00 db 00
005B49F9 00 db 00
005B49FA 00 db 00
005B49FB 00 db 00
005B49FC 00 db 00
005B49FD 00 db 00
005B49FE 00 db 00
005B49FF 00 db 00
005B4A00 00 db 00
005B4A01 00 db 00
005B4A02 00 db 00
005B4A03 00 db 00
005B4A04 00 db 00
005B4A05 00 db 00
005B4A06 00 db 00
005B4A07 00 db 00
005B4A08 00 db 00
005B4A09 00 db 00
005B4A0A 00 db 00
005B4A0B 00 db 00
005B4A0C 00 db 00
005B4A0D 00 db 00
005B4A0E 00 db 00
005B4A0F 00 db 00
005B4A10 00 db 00
005B4A11 00 db 00
005B4A12 00 db 00
005B4A13 00 db 00
005B4A14 00 db 00
005B4A15 00 db 00
005B4A16 00 db 00
005B4A17 00 db 00
005B4A18 . FFFFFFFF dd FFFFFFFF
005B4A1C . 05000000 dd 00000005
005B4A20 . 46 41 4C 53 4>ascii "FALSE",0
005B4A26 00 db 00
005B4A27 00 db 00
005B4A28 . FFFFFFFF dd FFFFFFFF
005B4A2C . 04000000 dd 00000004
005B4A30 . 54 52 55 45 0>ascii "TRUE",0
005B4A35 00 db 00
005B4A36 00 db 00
005B4A37 00 db 00
005B4A38 /. 55 push ebp
005B4A39 |. 8BEC mov ebp, esp
005B4A3B |. 832D A4085C00>sub dword ptr [5C08A4], 1
005B4A42 |. 73 1B jnb short 005B4A5F
005B4A44 |. B8 D07C4F00 mov eax, 004F7CD0
005B4A49 |. E8 EA06E5FF call 00405138
005B4A4E |. B2 01 mov dl, 1
005B4A50 |. A1 70E24300 mov eax, dword ptr [43E270]
005B4A55 |. E8 9698E8FF call 0043E2F0
005B4A5A |. A3 A8085C00 mov dword ptr [5C08A8], eax
005B4A5F |> 5D pop ebp
005B4A60 \. C3 retn
005B4A61 8D40 00 lea eax, dword ptr [eax]
005B4A64 . 55 push ebp
005B4A65 . 8BEC mov ebp, esp
005B4A67 . 33C0 xor eax, eax
005B4A69 . 55 push ebp
005B4A6A . 68 9D4A5B00 push 005B4A9D
005B4A6F . 64:FF30 push dword ptr fs:[eax]
005B4A72 . 64:8920 mov dword ptr fs:[eax], esp
005B4A75 . 832D B4085C00>sub dword ptr [5C08B4], 1
005B4A7C . 73 11 jnb short 005B4A8F
005B4A7E . E8 C532E5FF call <jmp.&kernel32.GetVersion>
005B4A83 . 3D 00000080 cmp eax, 80000000
005B4A88 . 0F9205 AC085C>setb byte ptr [5C08AC]
005B4A8F > 33C0 xor eax, eax
005B4A91 . 5A pop edx
005B4A92 . 59 pop ecx
005B4A93 . 59 pop ecx
005B4A94 . 64:8910 mov dword ptr fs:[eax], edx
005B4A97 . 68 A44A5B00 push 005B4AA4
005B4A9C > C3 retn ; RET 用作跳转到 005B4AA4
005B4A9D .- E9 5E02E5FF jmp 00404D00
005B4AA2 .^ EB F8 jmp short 005B4A9C
005B4AA4 > 5D pop ebp
005B4AA5 . C3 retn
005B4AA6 8BC0 mov eax, eax
005B4AA8 /. 55 push ebp
005B4AA9 |. 8BEC mov ebp, esp
005B4AAB |. 832D B8085C00>sub dword ptr [5C08B8], 1
005B4AB2 |. 5D pop ebp
005B4AB3 \. C3 retn
005B4AB4 . 55 push ebp
005B4AB5 . 8BEC mov ebp, esp
005B4AB7 . 33C0 xor eax, eax
005B4AB9 . 55 push ebp
005B4ABA . 68 E14A5B00 push 005B4AE1
005B4ABF . 64:FF30 push dword ptr fs:[eax]
005B4AC2 . 64:8920 mov dword ptr fs:[eax], esp
005B4AC5 . 832D 00095C00>sub dword ptr [5C0900], 1
005B4ACC . 73 05 jnb short 005B4AD3
005B4ACE . E8 7192F4FF call 004FDD44
005B4AD3 > 33C0 xor eax, eax
005B4AD5 . 5A pop edx
005B4AD6 . 59 pop ecx
005B4AD7 . 59 pop ecx
005B4AD8 . 64:8910 mov dword ptr fs:[eax], edx
005B4ADB . 68 E84A5B00 push 005B4AE8
005B4AE0 > C3 retn ; RET 用作跳转到 005B4AE8
005B4AE1 .- E9 1A02E5FF jmp 00404D00
005B4AE6 .^ EB F8 jmp short 005B4AE0
005B4AE8 > 5D pop ebp
005B4AE9 . C3 retn
005B4AEA 8BC0 mov eax, eax
005B4AEC . 832D 04095C00>sub dword ptr [5C0904], 1
005B4AF3 . C3 retn
005B4AF4 /. 55 push ebp
005B4AF5 |. 8BEC mov ebp, esp
005B4AF7 |. 6A 00 push 0
005B4AF9 |. 33C0 xor eax, eax
005B4AFB |. 55 push ebp
005B4AFC |. 68 4B4B5B00 push 005B4B4B
005B4B01 |. 64:FF30 push dword ptr fs:[eax]
005B4B04 |. 64:8920 mov dword ptr fs:[eax], esp
005B4B07 |. 832D 0C095C00>sub dword ptr [5C090C], 1
005B4B0E |. 73 25 jnb short 005B4B35
005B4B10 |. 8D55 FC lea edx, dword ptr [ebp-4]
005B4B13 |. A1 18BA5B00 mov eax, dword ptr [5BBA18]
005B4B18 |. 8B00 mov eax, dword ptr [eax]
005B4B1A |. E8 B553E5FF call 00409ED4
005B4B1F |. 8B55 FC mov edx, dword ptr [ebp-4]
005B4B22 |. B8 604B5B00 mov eax, 005B4B60 ; ASCII "YYYY"
005B4B27 |. E8 580FE5FF call 00405A84
005B4B2C |. 85C0 test eax, eax
005B4B2E |. 0F9F05 08095C>setg byte ptr [5C0908]
005B4B35 |> 33C0 xor eax, eax
005B4B37 |. 5A pop edx
005B4B38 |. 59 pop ecx
005B4B39 |. 59 pop ecx
005B4B3A |. 64:8910 mov dword ptr fs:[eax], edx
005B4B3D |. 68 524B5B00 push 005B4B52
005B4B42 |> 8D45 FC lea eax, dword ptr [ebp-4]
005B4B45 |. E8 2209E5FF call 0040546C
005B4B4A \. C3 retn
005B4B4B .- E9 B001E5FF jmp 00404D00
005B4B50 .^ EB F0 jmp short 005B4B42
005B4B52 . 59 pop ecx
005B4B53 . 5D pop ebp
005B4B54 . C3 retn
005B4B55 00 db 00
005B4B56 00 db 00
005B4B57 00 db 00
005B4B58 . FFFFFFFF dd FFFFFFFF
005B4B5C . 04000000 dd 00000004
005B4B60 . 59 59 59 59 0>ascii "YYYY",0
005B4B65 00 db 00
005B4B66 00 db 00
005B4B67 00 db 00
005B4B68 . 832D 10095C00>sub dword ptr [5C0910], 1
005B4B6F . 73 46 jnb short 005B4BB7
005B4B71 . 68 B84B5B00 push 005B4BB8 ; /RsrcName = "RX_HANDCUR"
005B4B76 . A1 F8F75B00 mov eax, dword ptr [5BF7F8] ; |
005B4B7B . 50 push eax ; |hInst => 00400000
005B4B7C . E8 4F3AE5FF call <jmp.&user32.LoadCursorA> ; \LoadCursorA
005B4B81 . 8BC8 mov ecx, eax
005B4B83 . A1 80C05B00 mov eax, dword ptr [5BC080]
005B4B88 . 8B00 mov eax, dword ptr [eax]
005B4B8A . BA B0360000 mov edx, 36B0
005B4B8F . E8 A006EEFF call 00495234
005B4B94 . 68 C44B5B00 push 005B4BC4 ; /RsrcName = "RX_DRAGCUR"
005B4B99 . A1 F8F75B00 mov eax, dword ptr [5BF7F8] ; |
005B4B9E . 50 push eax ; |hInst => 00400000
005B4B9F . E8 2C3AE5FF call <jmp.&user32.LoadCursorA> ; \LoadCursorA
005B4BA4 . 8BC8 mov ecx, eax
005B4BA6 . A1 80C05B00 mov eax, dword ptr [5BC080]
005B4BAB . 8B00 mov eax, dword ptr [eax]
005B4BAD . BA B1360000 mov edx, 36B1
005B4BB2 . E8 7D06EEFF call 00495234
005B4BB7 > C3 retn
005B4BB8 . 52 58 5F 48 4>ascii "RX_HANDCUR",0
005B4BC3 00 db 00
005B4BC4 . 52 58 5F 44 5>ascii "RX_DRAGCUR",0
005B4BCF 00 db 00
005B4BD0 . 832D 14095C00>sub dword ptr [5C0914], 1
005B4BD7 . 73 07 jnb short 005B4BE0
005B4BD9 . 33C0 xor eax, eax
005B4BDB . A3 18095C00 mov dword ptr [5C0918], eax
005B4BE0 > C3 retn
005B4BE1 8D40 00 lea eax, dword ptr [eax]
005B4BE4 . 832D 1C095C00>sub dword ptr [5C091C], 1
005B4BEB . C3 retn
005B4BEC . 832D 20095C00>sub dword ptr [5C0920], 1
005B4BF3 . C3 retn
005B4BF4 . 832D 24095C00>sub dword ptr [5C0924], 1
005B4BFB . C3 retn
005B4BFC . 832D 28095C00>sub dword ptr [5C0928], 1
005B4C03 . C3 retn
005B4C04 . 832D 2C095C00>sub dword ptr [5C092C], 1
005B4C0B . 73 07 jnb short 005B4C14
005B4C0D . 33C0 xor eax, eax
005B4C0F . A3 C0775B00 mov dword ptr [5B77C0], eax
005B4C14 > C3 retn
005B4C15 8D40 00 lea eax, dword ptr [eax]
005B4C18 . 832D 30095C00>sub dword ptr [5C0930], 1
005B4C1F . C3 retn
005B4C20 55 db 55 ; CHAR 'U'
005B4C21 8B db 8B
005B4C22 EC db EC
005B4C23 83 db 83
005B4C24 . 2D 34 09 5C 0>ascii "-4 \",0
005B4C29 01 db 01
005B4C2A 73 db 73 ; CHAR 's'
005B4C2B . 05 E8A38BF6 add eax, F68BA3E8
005B4C30 . FF5D C3 call far fword ptr [ebp-3D]
005B4C33 . 90 nop
005B4C34 /. 55 push ebp
005B4C35 |. 8BEC mov ebp, esp
005B4C37 |. 6A 00 push 0
005B4C39 |. 6A 00 push 0
005B4C3B |. 33C0 xor eax, eax
005B4C3D |. 55 push ebp
005B4C3E |. 68 BC4C5B00 push 005B4CBC
005B4C43 |. 64:FF30 push dword ptr fs:[eax]
005B4C46 |. 64:8920 mov dword ptr fs:[eax], esp
005B4C49 |. 832D 40095C00>sub dword ptr [5C0940], 1
005B4C50 |. 73 4F jnb short 005B4CA1
005B4C52 |. E8 71B3F6FF call 0051FFC8
005B4C57 |. A1 24EA5100 mov eax, dword ptr [51EA24]
005B4C5C |. 50 push eax
005B4C5D |. 8D55 FC lea edx, dword ptr [ebp-4]
005B4C60 |. A1 0CB75B00 mov eax, dword ptr [5BB70C]
005B4C65 |. E8 FA2AE5FF call 00407764
005B4C6A |. 8B4D FC mov ecx, dword ptr [ebp-4] ; |
005B4C6D |. BA D04C5B00 mov edx, 005B4CD0 ; |ASCII "jpeg"
005B4C72 |. A1 8C2F4300 mov eax, dword ptr [432F8C] ; |
005B4C77 |. E8 B83FE8FF call 00438C34 ; \Unpacked.00438C34
005B4C7C |. A1 24EA5100 mov eax, dword ptr [51EA24]
005B4C81 |. 50 push eax
005B4C82 |. 8D55 F8 lea edx, dword ptr [ebp-8]
005B4C85 |. A1 0CB75B00 mov eax, dword ptr [5BB70C]
005B4C8A |. E8 D52AE5FF call 00407764
005B4C8F |. 8B4D F8 mov ecx, dword ptr [ebp-8] ; |
005B4C92 |. BA E04C5B00 mov edx, 005B4CE0 ; |ASCII "jpg"
005B4C97 |. A1 8C2F4300 mov eax, dword ptr [432F8C] ; |
005B4C9C |. E8 933FE8FF call 00438C34 ; \Unpacked.00438C34
005B4CA1 |> 33C0 xor eax, eax
005B4CA3 |. 5A pop edx
005B4CA4 |. 59 pop ecx
005B4CA5 |. 59 pop ecx
005B4CA6 |. 64:8910 mov dword ptr fs:[eax], edx
005B4CA9 |. 68 C34C5B00 push 005B4CC3
005B4CAE |> 8D45 F8 lea eax, dword ptr [ebp-8]
005B4CB1 |. BA 02000000 mov edx, 2
005B4CB6 |. E8 D507E5FF call 00405490
005B4CBB \. C3 retn
005B4CBC .- E9 3F00E5FF jmp 00404D00
005B4CC1 .^ EB EB jmp short 005B4CAE
005B4CC3 . 59 pop ecx
005B4CC4 . 59 pop ecx
005B4CC5 . 5D pop ebp
005B4CC6 . C3 retn
005B4CC7 00 db 00
005B4CC8 . FFFFFFFF dd FFFFFFFF
005B4CCC . 04000000 dd 00000004
005B4CD0 . 6A 70 65 67 0>ascii "jpeg",0
005B4CD5 00 db 00
005B4CD6 00 db 00
005B4CD7 00 db 00
005B4CD8 . FFFFFFFF dd FFFFFFFF
005B4CDC . 03000000 dd 00000003
005B4CE0 . 6A 70 67 00 ascii "jpg",0
005B4CE4 . 832D 44095C00>sub dword ptr [5C0944], 1
005B4CEB . C3 retn
005B4CEC . 832D 4C095C00>sub dword ptr [5C094C], 1
005B4CF3 . 73 05 jnb short 005B4CFA
005B4CF5 . E8 AE4DF8FF call 00539AA8
005B4CFA > C3 retn
005B4CFB 90 nop
005B4CFC . 832D 540D5C00>sub dword ptr [5C0D54], 1
005B4D03 . 73 27 jnb short 005B4D2C
005B4D05 . 68 304D5B00 push 005B4D30 ; /Format = "Delphi Icon"
005B4D0A . E8 6939E5FF call <jmp.&user32.RegisterClipboardFormatA> ; \RegisterClipboardFormatA
005B4D0F . 66:A3 500D5C0>mov word ptr [5C0D50], ax
005B4D15 . 8B0D 84334300 mov ecx, dword ptr [433384] ; Unpacked.004333D0
005B4D1B . 0FB715 500D5C>movzx edx, word ptr [5C0D50]
005B4D22 . A1 8C2F4300 mov eax, dword ptr [432F8C]
005B4D27 . E8 343FE8FF call 00438C60
005B4D2C > C3 retn
005B4D2D 00 db 00
005B4D2E 00 db 00
005B4D2F 00 db 00
005B4D30 . 44 65 6C 70 6>ascii "Delphi Icon",0
005B4D3C /. 55 push ebp
005B4D3D |. 8BEC mov ebp, esp
005B4D3F |. 83C4 F4 add esp, -0C
005B4D42 |. 33C0 xor eax, eax
005B4D44 |. 8945 F4 mov dword ptr [ebp-C], eax
005B4D47 |. 33C0 xor eax, eax
005B4D49 |. 55 push ebp
005B4D4A |. 68 DD4D5B00 push 005B4DDD
005B4D4F |. 64:FF30 push dword ptr fs:[eax]
005B4D52 |. 64:8920 mov dword ptr fs:[eax], esp
005B4D55 |. 832D 5C0D5C00>sub dword ptr [5C0D5C], 1
005B4D5C |. 73 69 jnb short 005B4DC7
005B4D5E |. 68 E84D5B00 push 005B4DE8 ; /Format = "GIF Image"
005B4D63 |. E8 1039E5FF call <jmp.&user32.RegisterClipboardFormatA> ; \RegisterClipboardFormatA
005B4D68 |. 66:A3 580D5C0>mov word ptr [5C0D58], ax
005B4D6E |. A1 90AE5300 mov eax, dword ptr [53AE90]
005B4D73 |. 8945 F8 mov dword ptr [ebp-8], eax
005B4D76 |. A1 A8AD5300 mov eax, dword ptr [53ADA8]
005B4D7B |. 8945 FC mov dword ptr [ebp-4], eax
005B4D7E |. 8D45 F8 lea eax, dword ptr [ebp-8]
005B4D81 |. BA 01000000 mov edx, 1
005B4D86 |. E8 E199E6FF call 0041E76C
005B4D8B |. A1 A8AD5300 mov eax, dword ptr [53ADA8]
005B4D90 |. 50 push eax
005B4D91 |. 8D55 F4 lea edx, dword ptr [ebp-C]
005B4D94 |. B8 ACEE0000 mov eax, 0EEAC
005B4D99 |. E8 3A61E5FF call 0040AED8
005B4D9E |. 8B4D F4 mov ecx, dword ptr [ebp-C] ; |
005B4DA1 |. BA FC4D5B00 mov edx, 005B4DFC ; |ASCII "gif"
005B4DA6 |. A1 8C2F4300 mov eax, dword ptr [432F8C] ; |
005B4DAB |. E8 843EE8FF call 00438C34 ; \Unpacked.00438C34
005B4DB0 |. 8B0D A8AD5300 mov ecx, dword ptr [53ADA8] ; Unpacked.0053ADF4
005B4DB6 |. 0FB715 580D5C>movzx edx, word ptr [5C0D58]
005B4DBD |. A1 8C2F4300 mov eax, dword ptr [432F8C]
005B4DC2 |. E8 993EE8FF call 00438C60
005B4DC7 |> 33C0 xor eax, eax
005B4DC9 |. 5A pop edx
005B4DCA |. 59 pop ecx
005B4DCB |. 59 pop ecx
005B4DCC |. 64:8910 mov dword ptr fs:[eax], edx
005B4DCF |. 68 E44D5B00 push 005B4DE4
005B4DD4 |> 8D45 F4 lea eax, dword ptr [ebp-C]
005B4DD7 |. E8 9006E5FF call 0040546C
005B4DDC \. C3 retn
005B4DDD .- E9 1EFFE4FF jmp 00404D00
005B4DE2 .^ EB F0 jmp short 005B4DD4
005B4DE4 . 8BE5 mov esp, ebp
005B4DE6 . 5D pop ebp
005B4DE7 . C3 retn
005B4DE8 . 47 49 46 20 4>ascii "GIF Image",0
005B4DF2 00 db 00
005B4DF3 00 db 00
005B4DF4 . FFFFFFFF dd FFFFFFFF
005B4DF8 . 03000000 dd 00000003
005B4DFC . 67 69 66 00 ascii "gif",0
005B4E00 . 55 push ebp
005B4E01 . 8BEC mov ebp, esp
005B4E03 . 33C0 xor eax, eax
005B4E05 . 55 push ebp
005B4E06 . 68 2F4E5B00 push 005B4E2F
005B4E0B . 64:FF30 push dword ptr fs:[eax]
005B4E0E . 64:8920 mov dword ptr fs:[eax], esp
005B4E11 . 832D 740D5C00>sub dword ptr [5C0D74], 1
005B4E18 . 73 07 jnb short 005B4E21
005B4E1A . 33C0 xor eax, eax
005B4E1C . A3 6C0D5C00 mov dword ptr [5C0D6C], eax
005B4E21 > 33C0 xor eax, eax
005B4E23 . 5A pop edx
005B4E24 . 59 pop ecx
005B4E25 . 59 pop ecx
005B4E26 . 64:8910 mov dword ptr fs:[eax], edx
005B4E29 . 68 364E5B00 push 005B4E36
005B4E2E > C3 retn ; RET 用作跳转到 005B4E36
005B4E2F .- E9 CCFEE4FF jmp 00404D00
005B4E34 .^ EB F8 jmp short 005B4E2E
005B4E36 > 5D pop ebp
005B4E37 . C3 retn
005B4E38 . 832D 800D5C00>sub dword ptr [5C0D80], 1
005B4E3F . C3 retn
005B4E40 /. 55 push ebp
005B4E41 |. 8BEC mov ebp, esp
005B4E43 |. 832D 040E5C00>sub dword ptr [5C0E04], 1
005B4E4A |. 73 15 jnb short 005B4E61
005B4E4C |. B9 840D5C00 mov ecx, 005C0D84
005B4E51 |. 8B15 54A05B00 mov edx, dword ptr [5BA054] ; Unpacked.00544C7C
005B4E57 |. A1 84455400 mov eax, dword ptr [544584]
005B4E5C |. E8 03F8F8FF call 00544664
005B4E61 |> 5D pop ebp
005B4E62 \. C3 retn
005B4E63 90 nop
005B4E64 /. 55 push ebp
005B4E65 |. 8BEC mov ebp, esp
005B4E67 |. 832D 080E5C00>sub dword ptr [5C0E08], 1
005B4E6E |. 73 10 jnb short 005B4E80
005B4E70 |. 8B15 1C4E5400 mov edx, dword ptr [544E1C] ; Unpacked.00544E68
005B4E76 |. B8 8C4E5B00 mov eax, 005B4E8C ; ASCII "Basic"
005B4E7B |. E8 5001F9FF call 00544FD0
005B4E80 |> 5D pop ebp
005B4E81 \. C3 retn
005B4E82 00 db 00
005B4E83 00 db 00
005B4E84 . FFFFFFFF dd FFFFFFFF
005B4E88 . 05000000 dd 00000005
005B4E8C . 42 61 73 69 6>ascii "Basic",0
005B4E92 00 db 00
005B4E93 00 db 00
005B4E94 . 832D 0C0E5C00>sub dword ptr [5C0E0C], 1
005B4E9B . C3 retn
005B4E9C /. 55 push ebp
005B4E9D |. 8BEC mov ebp, esp
005B4E9F |. 832D 100E5C00>sub dword ptr [5C0E10], 1
005B4EA6 |. 5D pop ebp
005B4EA7 \. C3 retn
005B4EA8 /. 55 push ebp
005B4EA9 |. 8BEC mov ebp, esp
005B4EAB |. 832D 140E5C00>sub dword ptr [5C0E14], 1
005B4EB2 |. 5D pop ebp
005B4EB3 \. C3 retn
005B4EB4 . 832D 280E5C00>sub dword ptr [5C0E28], 1
005B4EBB . C3 retn
005B4EBC . 832D 600E5C00>sub dword ptr [5C0E60], 1
005B4EC3 . C3 retn
005B4EC4 . 832D 700E5C00>sub dword ptr [5C0E70], 1
005B4ECB . C3 retn
005B4ECC . 832D 740E5C00>sub dword ptr [5C0E74], 1
005B4ED3 . C3 retn
005B4ED4 . 832D A40E5C00>sub dword ptr [5C0EA4], 1
005B4EDB . C3 retn
005B4EDC . 832D A80E5C00>sub dword ptr [5C0EA8], 1
005B4EE3 . C3 retn
005B4EE4 . 832D B40E5C00>sub dword ptr [5C0EB4], 1
005B4EEB . C3 retn
005B4EEC . 832D B80E5C00>sub dword ptr [5C0EB8], 1
005B4EF3 . C3 retn
005B4EF4 . 832D BC0E5C00>sub dword ptr [5C0EBC], 1
005B4EFB . C3 retn
005B4EFC . 832D D00E5C00>sub dword ptr [5C0ED0], 1
005B4F03 . C3 retn
005B4F04 . 832D 1C0F5C00>sub dword ptr [5C0F1C], 1
005B4F0B . C3 retn
005B4F0C . 832D 20175C00>sub dword ptr [5C1720], 1
005B4F13 . C3 retn
005B4F14 . 832D 24175C00>sub dword ptr [5C1724], 1
005B4F1B . C3 retn
005B4F1C > $ 55 push ebp
005B4F1D . 8BEC mov ebp, esp
005B4F1F . 83C4 F0 add esp, -10
005B4F22 . B8 082C5B00 mov eax, 005B2C08
005B4F27 . E8 BC29E5FF call 004078E8
005B4F2C . A1 2CBD5B00 mov eax, dword ptr [5BBD2C]
005B4F31 . 8B00 mov eax, dword ptr [eax]
005B4F33 . E8 0C2FEEFF call 00497E44
005B4F38 . E8 5FA3FFFF call 005AF29C
005B4F3D . 48 dec eax
005B4F3E . 75 30 jnz short 005B4F70
005B4F40 . 8B0D D8BE5B00 mov ecx, dword ptr [5BBED8] ; Unpacked.005C0D60
005B4F46 . A1 2CBD5B00 mov eax, dword ptr [5BBD2C]
005B4F4B . 8B00 mov eax, dword ptr [eax]
005B4F4D . 8B15 F8F15300 mov edx, dword ptr [53F1F8] ; Unpacked.0053F244
005B4F53 . E8 0C2FEEFF call 00497E64
005B4F58 . 8B0D F0BA5B00 mov ecx, dword ptr [5BBAF0] ; Unpacked.005C0D64
005B4F5E . A1 2CBD5B00 mov eax, dword ptr [5BBD2C]
005B4F63 . 8B00 mov eax, dword ptr [eax]
005B4F65 . 8B15 D00F5400 mov edx, dword ptr [540FD0] ; Unpacked.0054101C
005B4F6B . E8 F42EEEFF call 00497E64
005B4F70 > A1 2CBD5B00 mov eax, dword ptr [5BBD2C]
005B4F75 . 8B00 mov eax, dword ptr [eax]
005B4F77 . E8 7C2FEEFF call 00497EF8
005B4F7C . E8 2303E5FF call 004052A4
005B4F81 . 8D40 00 lea eax, dword ptr [eax]
005B4F84 . 0000 add byte ptr [eax], al
005B4F86 . 0000 add byte ptr [eax], al
005B4F88 . 0000 add byte ptr [eax], al
005B4F8A . 0000 add byte ptr [eax], al
005B4F8C . 0000 add byte ptr [eax], al
005B4F8E . 0000 add byte ptr [eax], al
005B4F90 . 0000 add byte ptr [eax], al
005B4F92 . 0000 add byte ptr [eax], al
005B4F94 . 0000 add byte ptr [eax], al
005B4F96 . 0000 add byte ptr [eax], al
005B4F98 . 0000 add byte ptr [eax], al
005B4F9A . 0000 add byte ptr [eax], al
005B4F9C . 0000 add byte ptr [eax], al
005B4F9E . 0000 add byte ptr [eax], al
005B4FA0 . 0000 add byte ptr [eax], al
005B4FA2 . 0000 add byte ptr [eax], al
005B4FA4 . 0000 add byte ptr [eax], al
005B4FA6 . 0000 add byte ptr [eax], al
005B4FA8 . 0000 add byte ptr [eax], al
005B4FAA . 0000 add byte ptr [eax], al
005B4FAC . 0000 add byte ptr [eax], al
005B4FAE . 0000 add byte ptr [eax], al
005B4FB0 . 0000 add byte ptr [eax], al
005B4FB2 . 0000 add byte ptr [eax], al
005B4FB4 . 0000 add byte ptr [eax], al
005B4FB6 . 0000 add byte ptr [eax], al
005B4FB8 . 0000 add byte ptr [eax], al
005B4FBA . 0000 add byte ptr [eax], al
005B4FBC . 0000 add byte ptr [eax], al
005B4FBE . 0000 add byte ptr [eax], al
005B4FC0 . 0000 add byte ptr [eax], al
005B4FC2 . 0000 add byte ptr [eax], al
005B4FC4 . 0000 add byte ptr [eax], al
005B4FC6 . 0000 add byte ptr [eax], al
005B4FC8 . 0000 add byte ptr [eax], al
005B4FCA . 0000 add byte ptr [eax], al
005B4FCC . 0000 add byte ptr [eax], al
005B4FCE . 0000 add byte ptr [eax], al
005B4FD0 . 0000 add byte ptr [eax], al
005B4FD2 . 0000 add byte ptr [eax], al
005B4FD4 . 0000 add byte ptr [eax], al
005B4FD6 . 0000 add byte ptr [eax], al
005B4FD8 . 0000 add byte ptr [eax], al
005B4FDA . 0000 add byte ptr [eax], al
005B4FDC . 0000 add byte ptr [eax], al
005B4FDE . 0000 add byte ptr [eax], al
005B4FE0 . 0000 add byte ptr [eax], al
005B4FE2 . 0000 add byte ptr [eax], al
005B4FE4 . 0000 add byte ptr [eax], al
005B4FE6 . 0000 add byte ptr [eax], al
005B4FE8 . 0000 add byte ptr [eax], al
005B4FEA . 0000 add byte ptr [eax], al
005B4FEC . 0000 add byte ptr [eax], al
005B4FEE . 0000 add byte ptr [eax], al
005B4FF0 . 0000 add byte ptr [eax], al
005B4FF2 . 0000 add byte ptr [eax], al
005B4FF4 . 0000 add byte ptr [eax], al
005B4FF6 . 0000 add byte ptr [eax], al
005B4FF8 . 0000 add byte ptr [eax], al
005B4FFA . 0000 add byte ptr [eax], al
005B4FFC . 0000 add byte ptr [eax], al
005B4FFE . 0000 add byte ptr [eax], al
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
赞赏
雪币:
留言:
