004049CB >/$ 55 push ebp ;
004049CC |. 8BEC mov ebp, esp
004049CE |. 6A FF push -1
004049D0 |. 68 40A24000 push 0040A240
004049D5 |. 68 305F4000 push 00405F30 ; SE 处理程序安装
004049DA |. 64:A1 0000000>mov eax, dword ptr fs:[0]
004049E0 |. 50 push eax
004049E1 |. 64:8925 00000>mov dword ptr fs:[0], esp
004049E8 |. 83EC 58 sub esp, 58
004049EB |. 53 push ebx
004049EC |. 56 push esi
004049ED |. 57 push edi
004049EE |. 8965 E8 mov dword ptr [ebp-18], esp
004049F1 |. FF15 F8A04000 call dword ptr [<&KERNEL32.GetVersion>;
KERNEL32.GetVersion
按F7后跳到
77E80D1D > 64:A1 18000000 mov eax, dword ptr fs:[18]
77E80D23 8B48 30 mov ecx, dword ptr [eax+30]
77E80D26 8B91 B0000000 mov edx, dword ptr [ecx+B0]
77E80D2C 0FB781 AC000000 movzx eax, word ptr [ecx+AC]
77E80D33 83F2 FE xor edx, FFFFFFFE
77E80D36 C1E2 0E shl edx, 0E
77E80D39 0BC2 or eax, edx
77E80D3B C1E0 08 shl eax, 8
77E80D3E 0B81 A8000000 or eax, dword ptr [ecx+A8]
77E80D44 C1E0 08 shl eax, 8
77E80D47 0B81 A4000000 or eax, dword ptr [ecx+A4]
77E80D4D C3 retn
按F7跳到
004049F7 |. 33D2 xor edx, edx
004049F9 |. 8AD4 mov dl, ah
004049FB |. 8915 B0D14000 mov dword ptr [40D1B0], edx
00404A01 |. 8BC8 mov ecx, eax
00404A03 |. 81E1 FF000000 and ecx, 0FF
00404A09 |. 890D ACD14000 mov dword ptr [40D1AC], ecx
00404A0F |. C1E1 08 shl ecx, 8
00404A12 |. 03CA add ecx, edx
00404A14 |. 890D A8D14000 mov dword ptr [40D1A8], ecx
00404A1A |. C1E8 10 shr eax, 10
00404A1D |. A3 A4D14000 mov dword ptr [40D1A4], eax
00404A22 |. 33F6 xor esi, esi
00404A24 |. 56 push esi
00404A25 |. E8 DE150000 call 00406008
按F7跳到
00406008 /$ 33C0 xor eax, eax
0040600A |. 6A 00 push 0 ; /MaximumSize = 0
0040600C |. 394424 08 cmp dword ptr [esp+8], eax ; |
00406010 |. 68 00100000 push 1000 ; |InitialSize = 1000 (4096.)
00406015 |. 0F94C0 sete al ; |
00406018 |. 50 push eax ; |Flags
00406019 |. FF15 08A14000 call dword ptr [<&KERNEL32.HeapCreate>; \HeapCreate
再按就回一开始去啦
请教大家, 像这种情况, 是需要算法来算密码吗
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!