617F42AC > \6A 00 push 0 ; /hTemplateFile = NULL
617F42AE . A1 CE438261 mov eax, dword ptr [618243CE] ; |
617F42B3 . 6A 00 push 0 ; |Attributes = 0
617F42B5 . 6A 03 push 3 ; |Mode = OPEN_EXISTING
617F42B7 . 6A 00 push 0 ; |pSecurity = NULL
617F42B9 . 6A 03 push 3 ; |ShareMode = FILE_SHARE_READ|FILE_SHARE_WRITE
617F42BB . 68 000000C0 push C0000000 ; |Access = GENERIC_READ|GENERIC_WRITE
617F42C0 . FFF0 push eax ; |FileName => "\\.\FEnteDev"
617F42C2 . FF15 4C208261 call dword ptr [<&KERNEL32.CreateFile>; \CreateFileA
617F42C8 . 3D FFFFFFFF cmp eax, -1
617F42CD . 89C6 mov esi, eax
617F42CF . 0F85 1C000000 jnz 617F42F1
617F42D5 . 8D09 lea ecx, dword ptr [ecx]
617F42D7 . 74 03 je short 617F42DC
617F42D9 . AF scas dword ptr es:[edi]
617F42DA . D4 10 aam 10
617F42DC > 8B45 FC mov eax, dword ptr [ebp-4]
617F42DF . EB FF jmp short 617F42E0
617F42E1 F0 db F0
617F42E2 . FF15 64208261 call dword ptr [<&KERNEL32.LocalFree>>; \LocalFree
617F42E8 . 5F pop edi
617F42E9 . 5E pop esi
617F42EA . 5B pop ebx
617F42EB . 89EC mov esp, ebp
617F42ED . 5D pop ebp
617F42EE . C3 retn
617F42EF AC db AC
617F42F0 8A db 8A
617F42F1 > 6A 00 push 0 ; /pOverlapped = NULL
617F42F3 . C1EA 40 shr edx, 40 ; |
617F42F6 . 8D45 F0 lea eax, dword ptr [ebp-10] ; |
617F42F9 . 50 push eax ; |pBytesRead
617F42FA . 8B4D FC mov ecx, dword ptr [ebp-4] ; |
617F42FD . 68 00200000 push 2000 ; |BytesToRead = 2000 (8192.)
617F4302 . FFF1 push ecx ; |Buffer
617F4304 . 68 00200000 push 2000 ; |
617F4309 . EB FF jmp short 617F430A ; |
617F430B . F1 int1 ; |
617F430C . 68 A824409C push 9C4024A8 ; |DWORD dwIoControlCode, // operation //这个代码具体是干啥的?
617F4311 . FFF6 push esi ; |hFile
617F4313 . 89C0 mov eax, eax ; |
617F4315 . FF15 34208261 call dword ptr [<&KERNEL32.DeviceIoCo>; \ReadFile
617F431B . 89C7 mov edi, eax
617F431D . 56 push esi ; /hObject
617F431E . C0E0 20 shl al, 20 ; |
617F4321 . FF15 50208261 call dword ptr [<&KERNEL32.CloseHandl>; \CloseHandle
[课程]Android-CTF解题方法汇总!
