-
-
[旧帖] [求助]请高手帮忙解决自校验问题 0.00雪花
-
发表于: 2008-1-30 02:24
-
前几天得到【PYG】学员毕业测试题,请高手帮忙解决自校验问题以下代码是脱壳和去nag后的:
00401000 > FC cld
00401001 B1 37 mov cl,37
00401003 6A 8D push -73
00401005 6937 6A6E9838 imul esi,dword ptr ds:[edi],38986E6A
0040100B 6A 2E push 2E
0040100D 72 35 jb short <&msvbvm60.__vbaOnError>
0040100F 6A 9E push -62
00401011 1038 adc byte ptr ds:[eax],bh
00401013 6A 0D push 0D
00401015 54 push esp
00401016 2A6A 73 sub ch,byte ptr ds:[edx+73]
00401019 1038 adc byte ptr ds:[eax],bh
0040101B 6A B0 push -50
0040101D DB2A fld tbyte ptr ds:[edx]
0040101F 6A 4E push 4E
00401021 6237 bound esi,qword ptr ds:[edi]
00401023 6A C9 push -37
00401025 66:2A6A D5 sub ch,byte ptr ds:[edx-2B]
00401029 68 376A2754 push 54276A37
0040102E 2A6A E1 sub ch,byte ptr ds:[edx-1F]
00401031 4B dec ebx
00401032 2A6A 02 sub ch,byte ptr ds:[edx+2]
00401035 6237 bound esi,qword ptr ds:[edi]
00401037 6A F5 push -0B
00401039 1F pop ds
0040103A 36:6A A7 push -59
0040103D 66:2A6A E3 sub ch,byte ptr ds:[edx-1D]
00401041 42 inc edx
00401042 2A6A 2C sub ch,byte ptr ds:[edx+2C]
00401045 45 inc ebp
00401046 2A6A 29 sub ch,byte ptr ds:[edx+29]
00401049 2F das
0040104A 36:6A F8 push -8
0040104D 3036 xor byte ptr ds:[esi],dh
0040104F 6A 9A push -66
00401051 6237 bound esi,qword ptr ds:[edi]
00401053 6A 98 push -68
00401055 45 inc ebp
00401056 2A6A 9A sub ch,byte ptr ds:[edx-66]
00401059 6337 arpl word ptr ds:[edi],si
0040105B 6A 07 push 7
0040105D 9E sahf
0040105E 386A 64 cmp byte ptr ds:[edx+64],ch
00401061 B3 37 mov bl,37
00401063 6A AF push -51
00401065 44 inc esp
00401066 2A6A D5 sub ch,byte ptr ds:[edx-2B]
00401069 632A arpl word ptr ds:[edx],bp
0040106B 6A 6F push 6F
0040106D D829 fsubr dword ptr ds:[ecx]
0040106F 6A 07 push 7
00401071 2236 and dh,byte ptr ds:[esi]
00401073 6A 13 push 13
00401075 48 dec eax
00401076 2A6A E6 sub ch,byte ptr ds:[edx-1A]
00401079 BB 386ADE49 mov ebx,49DE6A38
0040107E 2A6A 8A sub ch,byte ptr ds:[edx-76]
00401081 6937 6A85E32A imul esi,dword ptr ds:[edi],2AE3856A
00401087 6A 09 push 9
00401089 B4 37 mov ah,37
0040108B 6A 7C push 7C
0040108D 67:35 6ACC9E38 xor eax,389ECC6A
00401093 6A 5B push 5B
00401095 4E dec esi
00401096 2A6A 1D sub ch,byte ptr ds:[edx+1D]
00401099 66:37 aaa
0040109B 6A 4E push 4E
0040109D 6337 arpl word ptr ds:[edi],si
0040109F 6A 01 push 1
004010A1 6336 arpl word ptr ds:[esi],si
004010A3 6A 7F push 7F
004010A5 9D popfd
004010A6 386A E3 cmp byte ptr ds:[edx-1D],ch
004010A9 D236 sal byte ptr ds:[esi],cl
004010AB 6A 51 push 51
004010AD 24 36 and al,36
004010AF 6A 7C push 7C
004010B1 6936 6AC5B036 imul esi,dword ptr ds:[esi],36B0C56A
004010B7 6A A1 push -5F
004010B9 B2 37 mov dl,37
004010BB 6A D2 push -2E
004010BD 90 nop
004010BE 35 6A82582A xor eax,2A58826A
004010C3 6A 4C push 4C
004010C5 8C38 mov word ptr ds:[eax],seg? ; 未定义的段寄存器
004010C7 6A AC push -54
004010C9 C7 ??? ; 未知命令
004010CA 296A 60 sub dword ptr ds:[edx+60],ebp
004010CD 9D popfd
004010CE 36:6A 95 push -6B
004010D1 64: prefix fs:
004010D2 36:6A CE push -32
004010D5 6237 bound esi,qword ptr ds:[edi]
004010D7 6A CE push -32
004010D9 6337 arpl word ptr ds:[edi],si
004010DB 6A F6 push -0A
004010DD 44 inc esp
004010DE 2A6A 09 sub ch,byte ptr ds:[edx+9]
004010E1 64: prefix fs:
004010E2 36:6A B0 push -50
004010E5 48 dec eax
004010E6 2A6A 02 sub ch,byte ptr ds:[edx+2]
004010E9 6337 arpl word ptr ds:[edi],si
004010EB 6A 75 push 75
004010ED 65: prefix gs:
004010EE 36:6A 3D push 3D
004010F1 5D pop ebp
004010F2 37 aaa
004010F3 6A 3E push 3E
004010F5 DE28 fisubr word ptr ds:[eax]
004010F7 6A 77 push 77
004010F9 95 xchg eax,ebp
004010FA 36:6A 2D push 2D
004010FD A0 386ACA16 mov al,byte ptr ds:[16CA6A38]
00401102 386A 36 cmp byte ptr ds:[edx+36],ch
00401105 B1 37 mov cl,37
00401107 6A 5E push 5E
00401109 47 inc edi
0040110A 2A6A EA sub ch,byte ptr ds:[edx-16]
0040110D 2037 and byte ptr ds:[edi],dh
0040110F 6A BA push -46
00401111 B4 37 mov ah,37
00401113 6A 35 push 35
00401115 0F37 ??? ; 未知命令
00401117 6A D7 push -29
00401119 50 push eax
0040111A 2A6A FE sub ch,byte ptr ds:[edx-2]
0040111D 47 inc edi
0040111E 2A6A 00 sub ch,byte ptr ds:[edx]
00401121 0000 add byte ptr ds:[eax],al
00401123 0000 add byte ptr ds:[eax],al
00401125 0000 add byte ptr ds:[eax],al
00401127 0007 add byte ptr ds:[edi],al
00401129 0008 add byte ptr ds:[eax],cl
0040112B 000F add byte ptr ds:[edi],cl
0040112D 3A40 00 cmp al,byte ptr ds:[eax]
00401130 A0 3A40001A mov al,byte ptr ds:[1A00403A]
00401135 3A40 00 cmp al,byte ptr ds:[eax]
00401138 15 00100017 adc eax,17001000
0040113D 40 inc eax
0040113E 40 inc eax
0040113F 0000 add byte ptr ds:[eax],al
00401141 0000 add byte ptr ds:[eax],al
00401143 001F add byte ptr ds:[edi],bl
00401145 40 inc eax
00401146 40 inc eax
00401147 0050 11 add byte ptr ds:[eax+11],dl
0040114A 40 inc eax
0040114B 0000 add byte ptr ds:[eax],al
0040114D 0000 add byte ptr ds:[eax],al
0040114F 0001 add byte ptr ds:[ecx],al
00401151 0000 add byte ptr ds:[eax],al
00401153 0001 add byte ptr ds:[ecx],al
00401155 0000 add byte ptr ds:[eax],al
00401157 00BF 3F400000 add byte ptr ds:[edi+403F],bh
0040115D 0000 add byte ptr ds:[eax],al
0040115F 0000 add byte ptr ds:[eax],al
00401161 0000 add byte ptr ds:[eax],al
00401163 0000 add byte ptr ds:[eax],al
00401165 0018 add byte ptr ds:[eax],bl
00401167 40 inc eax
00401168 0000 add byte ptr ds:[eax],al
0040116A 0000 add byte ptr ds:[eax],al
0040116C 0000 add byte ptr ds:[eax],al
0040116E 2240 00 and al,byte ptr ds:[eax]
00401171 0000 add byte ptr ds:[eax],al
00401173 0000 add byte ptr ds:[eax],al
00401175 0020 add byte ptr ds:[eax],ah
00401177 40 inc eax
00401178 0000 add byte ptr ds:[eax],al
0040117A 0000 add byte ptr ds:[eax],al
0040117C 0000 add byte ptr ds:[eax],al
0040117E 3240 15 xor al,byte ptr ds:[eax+15]
00401181 0010 add byte ptr ds:[eax],dl
00401183 0036 add byte ptr ds:[esi],dh
00401185 4D dec ebp
00401186 40 inc eax
00401187 0000 add byte ptr ds:[eax],al
00401189 0000 add byte ptr ds:[eax],al
0040118B 0041 4D add byte ptr ds:[ecx+4D],al
0040118E 40 inc eax
0040118F 0098 11400000 add byte ptr ds:[eax+4011],bl
00401195 0000 add byte ptr ds:[eax],al
00401197 0001 add byte ptr ds:[ecx],al
00401199 0000 add byte ptr ds:[eax],al
0040119B 0001 add byte ptr ds:[ecx],al
0040119D 0000 add byte ptr ds:[eax],al
0040119F 00BE 4C400000 add byte ptr ds:[esi+404C],bh
004011A5 0000 add byte ptr ds:[eax],al
004011A7 0017 add byte ptr ds:[edi],dl
004011A9 0010 add byte ptr ds:[eax],dl
004011AB 0075 55 add byte ptr ss:[ebp+55],dh
004011AE 40 inc eax
004011AF 00B5 5540007D add byte ptr ss:[ebp+7D004055],dh
004011B5 55 push ebp
004011B6 40 inc eax
004011B7 00C0 add al,al
004011B9 1140 00 adc dword ptr ds:[eax],eax
004011BC 0000 add byte ptr ds:[eax],al
004011BE 0000 add byte ptr ds:[eax],al
004011C0 0100 add dword ptr ds:[eax],eax
004011C2 0000 add byte ptr ds:[eax],al
004011C4 0100 add dword ptr ds:[eax],eax
004011C6 0000 add byte ptr ds:[eax],al
004011C8 6F outs dx,dword ptr es:[edi]
004011C9 55 push ebp
004011CA 40 inc eax
004011CB 0000 add byte ptr ds:[eax],al
004011CD 0000 add byte ptr ds:[eax],al
004011CF 00FF add bh,bh
004011D1 25 64104000 and eax,401064
004011D6 - FF25 94104000 jmp dword ptr ds:[<&msvbvm60.__vbaEx>; msvbvm60.__vbaExceptHandler
004011DC - FF25 A4104000 jmp dword ptr ds:[<&msvbvm60.__vbaFP>; msvbvm60.__vbaFPException
004011E2 - FF25 50104000 jmp dword ptr ds:[<&msvbvm60._adj_fd>; msvbvm60._adj_fdiv_m16i
004011E8 - FF25 34104000 jmp dword ptr ds:[<&msvbvm60._adj_fd>; msvbvm60._adj_fdiv_m32
004011EE - FF25 D4104000 jmp dword ptr ds:[<&msvbvm60._adj_fd>; msvbvm60._adj_fdiv_m32i
004011F4 - FF25 20104000 jmp dword ptr ds:[<&msvbvm60._adj_fd>; msvbvm60._adj_fdiv_m64
004011FA - FF25 F0104000 jmp dword ptr ds:[<&msvbvm60._adj_fd>; msvbvm60._adj_fdiv_r
00401200 - FF25 58104000 jmp dword ptr ds:[<&msvbvm60._adj_fd>; msvbvm60._adj_fdivr_m16i
00401206 - FF25 E8104000 jmp dword ptr ds:[<&msvbvm60._adj_fd>; msvbvm60._adj_fdivr_m32
0040120C - FF25 D8104000 jmp dword ptr ds:[<&msvbvm60._adj_fd>; msvbvm60._adj_fdivr_m32i
00401212 - FF25 9C104000 jmp dword ptr ds:[<&msvbvm60._adj_fd>; msvbvm60._adj_fdivr_m64
00401218 - FF25 80104000 jmp dword ptr ds:[<&msvbvm60._adj_fp>; msvbvm60._adj_fpatan
0040121E - FF25 98104000 jmp dword ptr ds:[<&msvbvm60._adj_fp>; msvbvm60._adj_fprem
00401224 - FF25 28104000 jmp dword ptr ds:[<&msvbvm60._adj_fp>; msvbvm60._adj_fprem1
0040122A - FF25 04104000 jmp dword ptr ds:[<&msvbvm60._adj_fp>; msvbvm60._adj_fptan
00401230 - FF25 04114000 jmp dword ptr ds:[<&msvbvm60._CIatan>; msvbvm60._CIatan
00401236 - FF25 00104000 jmp dword ptr ds:[<&msvbvm60._CIcos>>; msvbvm60._CIcos
0040123C - FF25 14114000 jmp dword ptr ds:[<&msvbvm60._CIexp>>; msvbvm60._CIexp
00401242 - FF25 B8104000 jmp dword ptr ds:[<&msvbvm60._CIlog>>; msvbvm60._CIlog
00401248 - FF25 60104000 jmp dword ptr ds:[<&msvbvm60._CIsin>>; msvbvm60._CIsin
0040124E - FF25 88104000 jmp dword ptr ds:[<&msvbvm60._CIsqrt>; msvbvm60._CIsqrt
00401254 - FF25 10114000 jmp dword ptr ds:[<&msvbvm60._CItan>>; msvbvm60._CItan
0040125A - FF25 0C114000 jmp dword ptr ds:[<&msvbvm60._allmul>; msvbvm60._allmul
00401260 - FF25 B0104000 jmp dword ptr ds:[<&msvbvm60.__vbaSt>; msvbvm60.__vbaStrVarVal
00401266 - FF25 E0104000 jmp dword ptr ds:[<&msvbvm60.__vbaI4>; msvbvm60.__vbaI4Str
0040126C - FF25 7C104000 jmp dword ptr ds:[<&msvbvm60.__vbaI2>; msvbvm60.__vbaI2I4
00401272 - FF25 1C104000 jmp dword ptr ds:[<&msvbvm60.__vbaEn>; msvbvm60.__vbaEnd
00401278 - FF25 4C104000 jmp dword ptr ds:[<&msvbvm60.rtcInpu>; msvbvm60.rtcInputBox
0040127E - FF25 14104000 jmp dword ptr ds:[<&msvbvm60.__vbaSt>; msvbvm60.__vbaStrVarMove
00401284 - FF25 DC104000 jmp dword ptr ds:[<&msvbvm60.__vbaSt>; msvbvm60.__vbaStrCopy
0040128A - FF25 00114000 jmp dword ptr ds:[<&msvbvm60.__vbaVa>; msvbvm60.__vbaVarDup
00401290 - FF25 48104000 jmp dword ptr ds:[<&msvbvm60.rtcMsgB>; msvbvm60.rtcMsgBox
00401296 - FF25 A0104000 jmp dword ptr ds:[<&msvbvm60.rtcVarB>; msvbvm60.rtcVarBstrFromAnsi
0040129C - FF25 3C104000 jmp dword ptr ds:[<&msvbvm60.__vbaEx>; msvbvm60.__vbaExitProc
004012A2 - FF25 54104000 jmp dword ptr ds:[<&msvbvm60.__vbaOb>; msvbvm60.__vbaObjSetAddref
004012A8 - FF25 EC104000 jmp dword ptr ds:[<&msvbvm60.__vbaPo>; msvbvm60.__vbaPowerR8
004012AE - FF25 D0104000 jmp dword ptr ds:[<&msvbvm60.__vbaR8>; msvbvm60.__vbaR8Str
004012B4 - FF25 5C104000 jmp dword ptr ds:[<&msvbvm60.__vbaFp>; msvbvm60.__vbaFpR8
004012BA - FF25 68104000 jmp dword ptr ds:[<&msvbvm60.__vbaFi>; msvbvm60.__vbaFileClose
004012C0 - FF25 CC104000 jmp dword ptr ds:[<&msvbvm60.rtcFile>; msvbvm60.rtcFileLength
004012C6 - FF25 C8104000 jmp dword ptr ds:[<&msvbvm60.__vbaNe>; msvbvm60.__vbaNew2
004012CC - FF25 C0104000 jmp dword ptr ds:[<&msvbvm60.__vbaFi>; msvbvm60.__vbaFileOpen
004012D2 - FF25 44104000 jmp dword ptr ds:[<&msvbvm60.__vbaOn>; msvbvm60.__vbaOnError
004012D8 - FF25 BC104000 jmp dword ptr ds:[<&msvbvm60.__vbaEr>; msvbvm60.__vbaErrorOverflow
004012DE - FF25 1C114000 jmp dword ptr ds:[<&msvbvm60.__vbaFr>; msvbvm60.__vbaFreeStr
004012E4 - FF25 38104000 jmp dword ptr ds:[<&msvbvm60.__vbaAr>; msvbvm60.__vbaAryDestruct
004012EA - FF25 B4104000 jmp dword ptr ds:[<&msvbvm60.__vbaVa>; msvbvm60.__vbaVarCat
004012F0 - FF25 78104000 jmp dword ptr ds:[<&msvbvm60.__vbaVa>; msvbvm60.__vbaVarTstEq
004012F6 - FF25 10104000 jmp dword ptr ds:[<&msvbvm60.__vbaFr>; msvbvm60.__vbaFreeVar
004012FC - FF25 F8104000 jmp dword ptr ds:[<&msvbvm60.__vbaI4>; msvbvm60.__vbaI4Var
00401302 - FF25 70104000 jmp dword ptr ds:[<&msvbvm60.__vbaGe>; msvbvm60.__vbaGenerateBoundsError
00401308 - FF25 AC104000 jmp dword ptr ds:[<&msvbvm60.__vbaUb>; msvbvm60.__vbaUbound
0040130E - FF25 90104000 jmp dword ptr ds:[<&msvbvm60.__vbaVa>; msvbvm60.__vbaVarMul
00401314 - FF25 FC104000 jmp dword ptr ds:[<&msvbvm60.__vbaVa>; msvbvm60.__vbaVarAdd
0040131A - FF25 18104000 jmp dword ptr ds:[<&msvbvm60.__vbaFr>; msvbvm60.__vbaFreeVarList
00401320 - FF25 18114000 jmp dword ptr ds:[<&msvbvm60.__vbaFr>; msvbvm60.__vbaFreeObj
00401326 - FF25 A8104000 jmp dword ptr ds:[<&msvbvm60.rtcStrC>; msvbvm60.rtcStrConvVar2
0040132C - FF25 C4104000 jmp dword ptr ds:[<&msvbvm60.__vbaVa>; msvbvm60.__vbaVar2Vec
00401332 - FF25 0C104000 jmp dword ptr ds:[<&msvbvm60.__vbaAr>; msvbvm60.__vbaAryMove
00401338 - FF25 08104000 jmp dword ptr ds:[<&msvbvm60.__vbaVa>; msvbvm60.__vbaVarMove
0040133E - FF25 24104000 jmp dword ptr ds:[<&msvbvm60.__vbaFr>; msvbvm60.__vbaFreeObjList
00401344 - FF25 E4104000 jmp dword ptr ds:[<&msvbvm60.__vbaFr>; msvbvm60.__vbaFreeStrList
0040134A - FF25 2C104000 jmp dword ptr ds:[<&msvbvm60.__vbaSt>; msvbvm60.__vbaStrCat
00401350 - FF25 08114000 jmp dword ptr ds:[<&msvbvm60.__vbaSt>; msvbvm60.__vbaStrMove
00401356 - FF25 30104000 jmp dword ptr ds:[<&msvbvm60.__vbaHr>; msvbvm60.__vbaHresultCheckObj
0040135C - FF25 40104000 jmp dword ptr ds:[<&msvbvm60.__vbaOb>; msvbvm60.__vbaObjSet
00401362 - FF25 74104000 jmp dword ptr ds:[<&msvbvm60.__vbaSt>; msvbvm60.__vbaStrCmp
00401368 - FF25 8C104000 jmp dword ptr ds:[<&msvbvm60.EVENT_S>; msvbvm60.EVENT_SINK_QueryInterface
0040136E - FF25 6C104000 jmp dword ptr ds:[<&msvbvm60.EVENT_S>; msvbvm60.EVENT_SINK_AddRef
00401374 - FF25 84104000 jmp dword ptr ds:[<&msvbvm60.EVENT_S>; msvbvm60.EVENT_SINK_Release
0040137A - FF25 F4104000 jmp dword ptr ds:[<&msvbvm60.ThunRTM>; msvbvm60.ThunRTMain
00401380 > 68 CC1F4000 push PYG-nag.00401FCC ; <模块入口>
00401385 E8 F0FFFFFF call <jmp.&msvbvm60.ThunRTMain>
0040138A 0000 add byte ptr ds:[eax],al
0040138C 0000 add byte ptr ds:[eax],al
0040138E 0000 add byte ptr ds:[eax],al
00401390 3000 xor byte ptr ds:[eax],al
00401392 0000 add byte ptr ds:[eax],al
00401394 3800 cmp byte ptr ds:[eax],al
00401396 0000 add byte ptr ds:[eax],al
00401398 0000 add byte ptr ds:[eax],al
0040139A 0000 add byte ptr ds:[eax],al
0040139C - E9 3213970C jmp 0CD726D3
004013A1 A1 44418245 mov eax,dword ptr ds:[45824144]
004013A6 91 xchg eax,ecx
004013A7 02D6 add dl,dh
004013A9 58 pop eax
004013AA 77 7A ja short PYG-nag.00401426
004013AC 0000 add byte ptr ds:[eax],al
004013AE 0000 add byte ptr ds:[eax],al
004013B0 0000 add byte ptr ds:[eax],al
004013B2 0100 add dword ptr ds:[eax],eax
004013B4 0000 add byte ptr ds:[eax],al
004013B6 64: prefix fs:
004013B7 65:72 53 jb short PYG-nag.0040140D
004013BA 74 79 je short PYG-nag.00401435
004013BC B9 A4B3CC31 mov ecx,31CCB3A4
004013C1 0020 add byte ptr ds:[eax],ah
004013C3 3D 00000000 cmp eax,0
004013C8 FFCC dec esp
004013CA 3100 xor dword ptr ds:[eax],eax
004013CC 098422 1A632A67 or dword ptr ds:[edx+672A631A],eax
004013D3 7A 42 jpe short PYG-nag.00401417
004013D5 AE scas byte ptr es:[edi]
004013D6 A8 9E test al,9E
004013D8 17 pop ss
004013D9 9B wait
004013DA EB 38 jmp short PYG-nag.00401414
004013DC A9 1501B241 test eax,41B20115
004013E1 54 push esp
004013E2 48 dec eax
004013E3 304B 9A xor byte ptr ds:[ebx-66],cl
004013E6 93 xchg eax,ebx
004013E7 1F pop ds
004013E8 B9 E02B5A4E mov ecx,4E5A2BE0
004013ED 3A4F AD cmp cl,byte ptr ds:[edi-53]
004013F0 3399 66CF11B7 xor ebx,dword ptr ds:[ecx+B711CF66]
004013F6 0C 00 or al,0
004013F8 AA stos byte ptr es:[edi]
004013F9 0060 D3 add byte ptr ds:[eax-2D],ah
004013FC 93 xchg eax,ebx
004013FD 0000 add byte ptr ds:[eax],al
004013FF 0000 add byte ptr ds:[eax],al
00401401 0000 add byte ptr ds:[eax],al
00401403 0000 add byte ptr ds:[eax],al
00401405 0000 add byte ptr ds:[eax],al
00401407 0000 add byte ptr ds:[eax],al
00401409 0000 add byte ptr ds:[eax],al
0040140B 0000 add byte ptr ds:[eax],al
0040140D 0000 add byte ptr ds:[eax],al
0040140F 0000 add byte ptr ds:[eax],al
00401411 0000 add byte ptr ds:[eax],al
00401413 0000 add byte ptr ds:[eax],al
00401415 0000 add byte ptr ds:[eax],al
00401417 0000 add byte ptr ds:[eax],al
00401419 0000 add byte ptr ds:[eax],al
0040141B 0000 add byte ptr ds:[eax],al
0040141D 0000 add byte ptr ds:[eax],al
0040141F 0000 add byte ptr ds:[eax],al
00401421 52 push edx
00401422 0B00 or eax,dword ptr ds:[eax]
00401424 001A add byte ptr ds:[edx],bl
00401426 0900 or dword ptr ds:[eax],eax
00401428 0000 add byte ptr ds:[eax],al
0040142A 05 00466F72 add eax,726F4600
0040142F 6D ins dword ptr es:[edi],dx
00401430 3100 xor dword ptr ds:[eax],eax
00401432 0D 01170050 or eax,50001701
00401437 59 pop ecx
00401438 47 inc edi
00401439 B9 D9B7BDB6 mov ecx,B6BDB7D9
0040143E FEC6 inc dh
00401440 DAD1 fcmovbe st,st(1)
00401442 A7 cmps dword ptr ds:[esi],dword ptr es>
00401443 D4 B1 aam 0B1
00401445 B1 CF mov cl,0CF
00401447 D2B5 CAD4CCE2 sal byte ptr ss:[ebp+E2CCD4CA],cl
0040144D 0019 add byte ptr ds:[ecx],bl
0040144F 0100 add dword ptr ds:[eax],eax
00401451 42 inc edx
00401452 0022 add byte ptr ds:[edx],ah
00401454 0123 add dword ptr ds:[ebx],esp
00401456 C6 ??? ; 未知命令
00401457 0800 or byte ptr ds:[eax],al
00401459 006C74 00 add byte ptr ss:[esp+esi*2],ch
0040145D 00BE 08000000 add byte ptr ds:[esi+8],bh
00401463 0001 add byte ptr ds:[ecx],al
00401465 0001 add byte ptr ds:[ecx],al
00401467 0020 add byte ptr ds:[eax],ah
00401469 2000 and byte ptr ds:[eax],al
0040146B 0001 add byte ptr ds:[ecx],al
0040146D 0008 add byte ptr ds:[eax],cl
0040146F 00A8 08000016 add byte ptr ds:[eax+16000008],ch
00401475 0000 add byte ptr ds:[eax],al
00401477 0028 add byte ptr ds:[eax],ch
00401479 0000 add byte ptr ds:[eax],al
0040147B 0020 add byte ptr ds:[eax],ah
0040147D 0000 add byte ptr ds:[eax],al
0040147F 0040 00 add byte ptr ds:[eax],al
00401482 0000 add byte ptr ds:[eax],al
00401484 0100 add dword ptr ds:[eax],eax
00401486 0800 or byte ptr ds:[eax],al
00401488 0000 add byte ptr ds:[eax],al
0040148A 0000 add byte ptr ds:[eax],al
0040148C 800400 00 add byte ptr ds:[eax+eax],0
00401490 0000 add byte ptr ds:[eax],al
00401492 0000 add byte ptr ds:[eax],al
00401494 0000 add byte ptr ds:[eax],al
00401496 0000 add byte ptr ds:[eax],al
00401498 0001 add byte ptr ds:[ecx],al
0040149A 0000 add byte ptr ds:[eax],al
0040149C 0000 add byte ptr ds:[eax],al
0040149E 0000 add byte ptr ds:[eax],al
004014A0 0000 add byte ptr ds:[eax],al
004014A2 0000 add byte ptr ds:[eax],al
004014A4 FFFF ??? ; 未知命令
004014A6 FF00 inc dword ptr ds:[eax]
004014A8 0099 FF008888 add byte ptr ds:[ecx+888800FF],bl
004014AE 8800 mov byte ptr ds:[eax],al
004014B0 7C 7C jl short PYG-nag.0040152E
004014B2 7C 00 jl short PYG-nag.004014B4
004014B4 0001 add byte ptr ds:[ecx],al
004014B6 0100 add dword ptr ds:[eax],eax
004014B8 0D 0E0E0075 or eax,75000E0E
004014BD 78 79 js short PYG-nag.00401538
004014BF 0000 add byte ptr ds:[eax],al
004014C1 0203 add al,byte ptr ds:[ebx]
004014C3 0011 add byte ptr ds:[ecx],dl
004014C5 17 pop ss
004014C6 1A00 sbb al,byte ptr ds:[eax]
004014C8 2129 and dword ptr ds:[ecx],ebp
004014CA 2D 00404446 sub eax,46444000
004014CF 006B 6D add byte ptr ds:[ebx+6D],ch
004014D2 6E outs dx,byte ptr es:[edi]
004014D3 0000 add byte ptr ds:[eax],al
004014D5 07 pop es
004014D6 0B00 or eax,dword ptr ds:[eax]
004014D8 0C 13 or al,13
004014DA 17 pop ss
004014DB 003B add byte ptr ds:[ebx],bh
004014DD 42 inc edx
004014DE 46 inc esi
004014DF 0000 add byte ptr ds:[eax],al
004014E1 2136 and dword ptr ds:[esi],esi
004014E3 0000 add byte ptr ds:[eax],al
004014E5 1827 sbb byte ptr ds:[edi],ah
004014E7 0000 add byte ptr ds:[eax],al
004014E9 101A adc byte ptr ds:[edx],bl
004014EB 0000 add byte ptr ds:[eax],al
004014ED 0D 1500000B or eax,0B000015
004014F2 1200 adc al,byte ptr ds:[eax]
004014F4 0008 add byte ptr ds:[eax],cl
004014F6 0D 0008293E or eax,3E290800
004014FB 0033 add byte ptr ds:[ebx],dh
004014FD 57 push edi
004014FE 6E outs dx,byte ptr es:[edi]
004014FF 0031 add byte ptr ds:[ecx],dh
00401501 51 push ecx
00401502 65:0033 add byte ptr gs:[ebx],dh
00401505 46 inc esi
00401506 52 push edx
00401507 003C4C add byte ptr ss:[esp+ecx*2],bh
0040150A 56 push esi
0040150B 0039 add byte ptr ds:[ecx],bh
0040150D 44 inc esp
0040150E 4B dec ebx
0040150F 0061 71 add byte ptr ds:[ecx+71],ah
00401512 7B 00 jpo short PYG-nag.00401514
00401514 37 aaa
00401515 3F aas
00401516 44 inc esp
00401517 0073 78 add byte ptr ds:[ebx+78],dh
0040151A 7B 00 jpo short PYG-nag.0040151C
0040151C 0098 FD000097 add byte ptr ds:[eax+970000FD],bl
00401522 FC cld
00401523 0000 add byte ptr ds:[eax],al
00401525 96 xchg eax,esi
00401526 FA cli
00401527 0000 add byte ptr ds:[eax],al
00401529 95 xchg eax,ebp
0040152A F8 clc
0040152B 0000 add byte ptr ds:[eax],al
0040152D 94 xchg eax,esp
0040152E F700 0092F300 test dword ptr ds:[eax],0F39200
00401534 0091 F2000090 add byte ptr ds:[ecx+900000F2],dl
0040153A F0:0000 lock add byte ptr ds:[eax],al
0040153D 8F ??? ; 未知命令
0040153E EF out dx,eax
0040153F 0000 add byte ptr ds:[eax],al
00401541 8EED mov gs,bp
00401543 0000 add byte ptr ds:[eax],al
00401545 8DEB lea ebp,ebx ; 非法使用寄存器
00401547 0000 add byte ptr ds:[eax],al
00401549 8CE9 mov cx,gs
0040154B 0000 add byte ptr ds:[eax],al
0040154D 8BE8 mov ebp,eax
0040154F 0000 add byte ptr ds:[eax],al
00401551 8BE7 mov esp,edi
00401553 0000 add byte ptr ds:[eax],al
00401555 89E4 mov esp,esp
00401557 0000 add byte ptr ds:[eax],al
00401559 88E3 mov bl,ah
0040155B 0000 add byte ptr ds:[eax],al
0040155D 87E1 xchg ecx,esp
0040155F 0000 add byte ptr ds:[eax],al
00401561 85DE test esi,ebx
00401563 0000 add byte ptr ds:[eax],al
00401565 84DC test ah,bl
00401567 0000 add byte ptr ds:[eax],al
00401569 83DA 00 sbb edx,0
0040156C 0082 D8000081 add byte ptr ds:[edx+810000D8],al
00401572 D7 xlat byte ptr ds:[ebx+al]
00401573 0000 add byte ptr ds:[eax],al
00401575 80D5 00 adc ch,0
00401578 007F D4 add byte ptr ds:[edi-2C],bh
0040157B 0000 add byte ptr ds:[eax],al
0040157D ^ 7E D2 jle short PYG-nag.00401551
0040157F 0000 add byte ptr ds:[eax],al
00401581 ^ 7C CF jl short PYG-nag.00401552
00401583 0000 add byte ptr ds:[eax],al
00401585 7A CC jpe short PYG-nag.00401553
00401587 0000 add byte ptr ds:[eax],al
00401589 7A CB jpe short PYG-nag.00401556
0040158B 0000 add byte ptr ds:[eax],al
0040158D ^ 76 C5 jbe short PYG-nag.00401554
0040158F 0000 add byte ptr ds:[eax],al
00401591 ^ 71 BD jno short PYG-nag.00401550
00401593 0000 add byte ptr ds:[eax],al
00401595 6E outs dx,byte ptr es:[edi]
00401596 B8 00006AB0 mov eax,B06A0000
0040159B 0000 add byte ptr ds:[eax],al
0040159D 68 AD000067 push 670000AD
004015A2 AB stos dword ptr es:[edi]
004015A3 0000 add byte ptr ds:[eax],al
004015A5 64:A6 cmps byte ptr fs:[esi],byte ptr es:[>
004015A7 0000 add byte ptr ds:[eax],al
004015A9 62A3 000061A1 bound esp,qword ptr ds:[ebx+A1610000>
004015AF 0000 add byte ptr ds:[eax],al
004015B1 5E pop esi
004015B2 9D popfd
004015B3 0000 add byte ptr ds:[eax],al
004015B5 5C pop esp
004015B6 9A 00005A96 000>call far 0000:965A0000
004015BD 58 pop eax
004015BE 92 xchg eax,edx
004015BF 0000 add byte ptr ds:[eax],al
004015C1 57 push edi
004015C2 91 xchg eax,ecx
004015C3 0000 add byte ptr ds:[eax],al
004015C5 55 push ebp
004015C6 8E00 mov es,word ptr ds:[eax]
004015C8 0050 86 add byte ptr ds:[eax-7A],dl
004015CB 0000 add byte ptr ds:[eax],al
004015CD 4E dec esi
004015CE 8300 00 add dword ptr ds:[eax],0
004015D1 4B dec ebx
004015D2 7E 00 jle short PYG-nag.004015D4
004015D4 0047 77 add byte ptr ds:[edi+77],al
004015D7 0000 add byte ptr ds:[eax],al
004015D9 45 inc ebp
004015DA 72 00 jb short PYG-nag.004015DC
004015DC 0042 6D add byte ptr ds:[edx+6D],al
004015DF 0000 add byte ptr ds:[eax],al
004015E1 40 inc eax
004015E2 6A 00 push 0
004015E4 003F add byte ptr ds:[edi],bh
004015E6 6900 003D6500 imul eax,dword ptr ds:[eax],653D00
004015EC 003B add byte ptr ds:[ebx],bh
004015EE 6200 bound eax,qword ptr ds:[eax]
004015F0 0038 add byte ptr ds:[eax],bh
004015F2 5E pop esi
004015F3 0000 add byte ptr ds:[eax],al
004015F5 385D 00 cmp byte ptr ss:[ebp],bl
004015F8 0037 add byte ptr ds:[edi],dh
004015FA 5C pop esp
004015FB 0000 add byte ptr ds:[eax],al
004015FD 36:5A pop edx
004015FF 0000 add byte ptr ds:[eax],al
00401601 35 58000033 xor eax,33000058
00401606 55 push ebp
00401607 0000 add byte ptr ds:[eax],al
00401609 3253 00 xor dl,byte ptr ds:[ebx]
0040160C 0031 add byte ptr ds:[ecx],dh
0040160E 52 push edx
0040160F 0000 add byte ptr ds:[eax],al
00401611 3051 00 xor byte ptr ds:[ecx],dl
00401614 002F add byte ptr ds:[edi],ch
00401616 4F dec edi
00401617 0000 add byte ptr ds:[eax],al
00401619 2C 49 sub al,49
0040161B 0000 add byte ptr ds:[eax],al
0040161D 26:40 inc eax
0040161F 0000 add byte ptr ds:[eax],al
00401621 25 3D000023 and eax,2300003D
00401626 3B00 cmp eax,dword ptr ds:[eax]
00401628 0022 add byte ptr ds:[edx],ah
0040162A 3900 cmp dword ptr ds:[eax],eax
0040162C 001F add byte ptr ds:[edi],bl
0040162E 34 00 xor al,0
00401630 001F add byte ptr ds:[edi],bl
00401632 3300 xor eax,dword ptr ds:[eax]
00401634 001D 3000001C add byte ptr ds:[1C000030],bl
0040163A 2F das
0040163B 0000 add byte ptr ds:[eax],al
0040163D 1B2D 0000192A sbb ebp,dword ptr ds:[2A190000]
00401643 0000 add byte ptr ds:[eax],al
00401645 17 pop ss
00401646 27 daa
00401647 0000 add byte ptr ds:[eax],al
00401649 14 22 adc al,22
0040164B 0000 add byte ptr ds:[eax],al
0040164D 14 21 adc al,21
0040164F 0000 add byte ptr ds:[eax],al
00401651 121E adc bl,byte ptr ds:[esi]
00401653 0000 add byte ptr ds:[eax],al
00401655 111D 00000E17 adc dword ptr ds:[170E0000],ebx
0040165B 0000 add byte ptr ds:[eax],al
0040165D 0A11 or dl,byte ptr ds:[ecx]
0040165F 0000 add byte ptr ds:[eax],al
00401661 0305 000199FE add eax,dword ptr ds:[FE990100]
00401667 0001 add byte ptr ds:[ecx],al
00401669 93 xchg eax,ebx
0040166A F5 cmc
0040166B 0002 add byte ptr ds:[edx],al
0040166D 96 xchg eax,esi
0040166E F8 clc
0040166F 0002 add byte ptr ds:[edx],al
00401671 8AE4 mov ah,ah
00401673 0003 add byte ptr ds:[ebx],al
00401675 98 cwde
00401676 FC cld
00401677 0003 add byte ptr ds:[ebx],al
00401679 98 cwde
0040167A FB sti
0040167B 0003 add byte ptr ds:[ebx],al
0040167D 95 xchg eax,ebp
0040167E F700 0394F500 test dword ptr ds:[eax],0F59403
00401684 038F EC000385 add ecx,dword ptr ds:[edi+850300EC]
0040168A DC00 fadd qword ptr ds:[eax]
0040168C 04 98 add al,98
0040168E FA cli
0040168F 000494 add byte ptr ss:[esp+edx*4],al
00401692 F4 hlt
00401693 0003 add byte ptr ds:[ebx],al
00401695 ^ 71 BA jno short PYG-nag.00401651
00401697 0005 93F10005 add byte ptr ds:[500F193],al
0040169D 89E2 mov edx,esp
0040169F 000473 add byte ptr ds:[ebx+esi*2],al
004016A2 BD 000697F8 mov ebp,F8970600
004016A7 0005 72BA0007 add byte ptr ds:[700BA72],al
004016AD 90 nop
004016AE EC in al,dx
004016AF 0007 add byte ptr ds:[edi],al
004016B1 8F ??? ; 未知命令
004016B2 - E9 000897F6 jmp F6D71EB7
004016B7 0008 add byte ptr ds:[eax],cl
004016B9 97 xchg eax,edi
004016BA F5 cmc
004016BB 0008 add byte ptr ds:[eax],cl
004016BD 95 xchg eax,ebp
004016BE F4 hlt
004016BF 0008 add byte ptr ds:[eax],cl
004016C1 95 xchg eax,ebp
004016C2 F3: prefix rep:
004016C3 0008 add byte ptr ds:[eax],cl
004016C5 8DE5 lea esp,ebp ; 非法使用寄存器
004016C7 0009 add byte ptr ds:[ecx],cl
004016C9 8DE6 lea esp,esi ; 非法使用寄存器
004016CB 000A add byte ptr ds:[edx],cl
004016CD 8CE2 mov dx,fs
004016CF 000A add byte ptr ds:[edx],cl
004016D1 8BE2 mov esp,edx
004016D3 0007 add byte ptr ds:[edi],al
004016D5 629F 000B8ADE bound ebx,qword ptr ds:[edi+DE8A0B00>
004016DB 000D 95F0000C add byte ptr ds:[C00F095],cl
004016E1 84D4 test ah,dl
004016E3 0009 add byte ptr ds:[ecx],cl
004016E5 58 pop eax
004016E6 8D00 lea eax,dword ptr ds:[eax]
004016E8 0C 71 or al,71
004016EA B4 00 mov ah,0
004016EC - 0F82 CE001185 jb 855117C0
004016F2 D100 rol dword ptr ds:[eax],1
004016F4 07 pop es
004016F5 37 aaa
004016F6 57 push edi
004016F7 001494 add byte ptr ss:[esp+edx*4],dl
004016FA - E9 000F67A2 jmp A2A725FF
004016FF 0016 add byte ptr ds:[esi],dl
00401701 93 xchg eax,ebx
00401702 E7 00 out 0,eax
00401704 1380 CA00137D adc eax,dword ptr ds:[eax+7D1300CA]
0040170A C400 les eax,fword ptr ds:[eax]
0040170C 07 pop es
0040170D 2F das
0040170E 49 dec ecx
0040170F 001477 add byte ptr ds:[edi+esi*2],dl
00401712 B9 000C4368 mov ecx,68430C00
00401717 001B add byte ptr ds:[ebx],bl
00401719 91 xchg eax,ecx
0040171A E0 00 loopdne short PYG-nag.0040171C
0040171C 16 push ss
0040171D ^ 78 BA js short PYG-nag.004016D9
0040171F 000C3C add byte ptr ss:[esp+edi],cl
00401722 5C pop esp
00401723 000B add byte ptr ds:[ebx],cl
00401725 3855 00 cmp byte ptr ss:[ebp],dl
00401728 1E push ds
00401729 90 nop
0040172A DD00 fld qword ptr ds:[eax]
0040172C 1875 B2 sbb byte ptr ss:[ebp-4E],dh
0040172F 0017 add byte ptr ds:[edi],dl
00401731 ^ 70 AC jo short PYG-nag.004016DF
00401733 0021 add byte ptr ds:[ecx],ah
00401735 90 nop
00401736 DA00 fiadd dword ptr ds:[eax]
00401738 228F D7001A6D and cl,byte ptr ds:[edi+6D1A00D7]
0040173E A4 movs byte ptr es:[edi],byte ptr ds:[>
0040173F 001C70 add byte ptr ds:[eax+esi*2],bl
00401742 A8 00 test al,0
00401744 25 8ED5001D and eax,1D00D58E
00401749 6D ins dword ptr es:[edi],dx
0040174A A2 00268ED2 mov byte ptr ds:[D28E2600],al
0040174F 0021 add byte ptr ds:[ecx],ah
00401751 ^ 79 B3 jns short PYG-nag.00401706
00401753 001F add byte ptr ds:[edi],bl
00401755 ^ 71 A8 jno short PYG-nag.004016FF
00401757 0023 add byte ptr ds:[ebx],ah
00401759 ^ 7C B7 jl short PYG-nag.00401712
0040175B 0029 add byte ptr ds:[ecx],ch
0040175D 8ED1 mov ss,cx
0040175F 002B add byte ptr ds:[ebx],ch
00401761 8DCE lea ecx,esi ; 非法使用寄存器
00401763 0000 add byte ptr ds:[eax],al
00401765 0000 add byte ptr ds:[eax],al
00401767 000E add byte ptr ds:[esi],cl
00401769 2D 41002D8C sub eax,8C2D0041
0040176E CB retf
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
看你的代码头会大的
,还不如把你的毕业题传上来让高手分析。。。
|
|
|
|
|
|
|
|
|
|
