-
-
[旧帖] [求助]能教我分析一下这段算法CALL吗? 0.00雪花
-
发表于: 2007-7-5 10:15
-
我已经找到算法CALL了,进入这个CALL,实在不会看这算法,哪位大侠教我分析一下这段算法吧!谢谢了!
::100021C5:: 55 PUSH EBP \:BYCALL CallBy:10005904,1000BDA0, ::100021C6:: 8BEC MOV EBP,ESP ::100021C8:: 81EC 80000000 SUB ESP,80 ::100021CE:: C645 B8 09 MOV BYTE PTR [EBP-48],9 ::100021D2:: C645 B9 02 MOV BYTE PTR [EBP-47],2 ::100021D6:: C645 BA 00 MOV BYTE PTR [EBP-46],0 ::100021DA:: C645 BB 00 MOV BYTE PTR [EBP-45],0 ::100021DE:: C645 BC 09 MOV BYTE PTR [EBP-44],9 ::100021E2:: C645 BD 03 MOV BYTE PTR [EBP-43],3 ::100021E6:: C645 BE 05 MOV BYTE PTR [EBP-42],5 ::100021EA:: C645 BF 08 MOV BYTE PTR [EBP-41],8 ::100021EE:: C645 C0 04 MOV BYTE PTR [EBP-40],4 ::100021F2:: C645 C1 03 MOV BYTE PTR [EBP-3F],3 ::100021F6:: C645 C2 00 MOV BYTE PTR [EBP-3E],0 ::100021FA:: C645 C3 01 MOV BYTE PTR [EBP-3D],1 ::100021FE:: C645 C4 00 MOV BYTE PTR [EBP-3C],0 ::10002202:: C645 C5 04 MOV BYTE PTR [EBP-3B],4 ::10002206:: C645 C6 08 MOV BYTE PTR [EBP-3A],8 ::1000220A:: C645 C7 02 MOV BYTE PTR [EBP-39],2 ::1000220E:: C745 FC 00000000 MOV DWORD PTR [EBP-4],0 ::10002215:: 8D45 84 LEA EAX,[EBP-7C] ::10002218:: 50 PUSH EAX ::10002219:: E8 9BF2FFFF CALL 100014B9 \:JMPUP ::1000221E:: 83C4 04 ADD ESP,4 ::10002221:: C745 80 00000000 MOV DWORD PTR [EBP-80],0 ::10002228:: EB 09 JMP SHORT 10002233 \:JMPDOWN ::1000222A:: 8B4D 80 MOV ECX,[EBP-80] \:BYJMP JmpBy:10002260, ::1000222D:: 83C1 01 ADD ECX,1 ::10002230:: 894D 80 MOV [EBP-80],ECX ::10002233:: 837D 80 0A CMP DWORD PTR [EBP-80],A \:BYJMP JmpBy:10002228, ::10002237:: 7D 29 JGE SHORT 10002262 \:JMPDOWN ::10002239:: 8D55 C8 LEA EDX,[EBP-38] ::1000223C:: 52 PUSH EDX ::1000223D:: E8 77F2FFFF CALL 100014B9 \:JMPUP ::10002242:: 83C4 04 ADD ESP,4 ::10002245:: 8D45 C8 LEA EAX,[EBP-38] ::10002248:: 50 PUSH EAX ::10002249:: 8D4D 84 LEA ECX,[EBP-7C] ::1000224C:: 51 PUSH ECX ::1000224D:: FF15 20310110 CALL [10013120] >>>: KERNEL32.DLL:lstrcmpA ::10002253:: 85C0 TEST EAX,EAX ::10002255:: 74 09 JE SHORT 10002260 \:JMPDOWN ::10002257:: C745 FC 01000000 MOV DWORD PTR [EBP-4],1 ::1000225E:: EB 02 JMP SHORT 10002262 \:JMPDOWN ::10002260:: EB C8 JMP SHORT 1000222A \:JMPUP\:BYJMP JmpBy:10002255, ::10002262:: 8D55 84 LEA EDX,[EBP-7C] \:BYJMP JmpBy:10002237,1000225E, ::10002265:: 52 PUSH EDX ::10002266:: FF15 28310110 CALL [10013128] >>>: KERNEL32.DLL:得到字符串长度 ::1000226C:: 85C0 TEST EAX,EAX ::1000226E:: 74 06 JE SHORT 10002276 \:JMPDOWN ::10002270:: 837D FC 00 CMP DWORD PTR [EBP-4],0 ::10002274:: 74 1A JE SHORT 10002290 \:JMPDOWN ::10002276:: 68 D4500110 PUSH 100150D4 \:BYJMP JmpBy:1000226E, \->: 4301048202 ::1000227B:: 8B45 08 MOV EAX,[EBP+8] ::1000227E:: 50 PUSH EAX ::1000227F:: FF15 20310110 CALL [10013120] >>>: KERNEL32.DLL:lstrcmpA ::10002285:: 85C0 TEST EAX,EAX ::10002287:: 75 07 JNZ SHORT 10002290 \:JMPDOWN ::10002289:: B8 01000000 MOV EAX,1 ::1000228E:: EB 43 JMP SHORT 100022D3 \:JMPDOWN ::10002290:: 6A 01 PUSH 1 \:BYJMP JmpBy:10002274,10002287, ::10002292:: 6A 10 PUSH 10 ::10002294:: 8D4D B8 LEA ECX,[EBP-48] ::10002297:: 51 PUSH ECX ::10002298:: 6A 10 PUSH 10 ::1000229A:: 8D55 84 LEA EDX,[EBP-7C] ::1000229D:: 52 PUSH EDX ::1000229E:: 8D45 84 LEA EAX,[EBP-7C] ::100022A1:: 50 PUSH EAX ::100022A2:: E8 A2F2FFFF CALL 10001549 \:JMPUP ::100022A7:: 83C4 18 ADD ESP,18 ::100022AA:: 8D4D 84 LEA ECX,[EBP-7C] ::100022AD:: 51 PUSH ECX ::100022AE:: E8 D7F8FFFF CALL 10001B8A \:JMPUP ::100022B3:: 83C4 04 ADD ESP,4 ::100022B6:: 8B55 08 MOV EDX,[EBP+8] ::100022B9:: 52 PUSH EDX ::100022BA:: 8D45 84 LEA EAX,[EBP-7C] ::100022BD:: 50 PUSH EAX ::100022BE:: E8 CDA70000 CALL 1000CA90 \:JMPDOWN ::100022C3:: 83C4 08 ADD ESP,8 ::100022C6:: 85C0 TEST EAX,EAX ::100022C8:: 75 07 JNZ SHORT 100022D1 \:JMPDOWN ::100022CA:: B8 01000000 MOV EAX,1 ::100022CF:: EB 02 JMP SHORT 100022D3 \:JMPDOWN ::100022D1:: 33C0 XOR EAX,EAX \:BYJMP JmpBy:100022C8, ::100022D3:: 8BE5 MOV ESP,EBP \:BYJMP JmpBy:1000228E,100022CF, ::100022D5:: 5D POP EBP ::100022D6:: C3 RETN
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
