0041F47A > E8 F89D0000 call SyHelper.00429277
0041F47F ^\E9 16FEFFFF jmp SyHelper.0041F29A
0041F29A 6A 60 push 60
0041F29C 68 90044400 push SyHelper.00440490
0041F2A1 E8 76270000 call SyHelper.00421A1C
0041F2A6 8365 FC 00 and dword ptr ss:[ebp-4],0
0041F2AA 8D45 90 lea eax,dword ptr ss:[ebp-70]
0041F2AD 50 push eax
0041F2AE FF15 DC604300 call dword ptr ds:[<&KERNEL32.GetStartupInfoA>] ; kernel32.GetStartupInfoA
0041F2B4 C745 FC FEFFFFF>mov dword ptr ss:[ebp-4],-2
0041F2BB BF 94000000 mov edi,94
0041F2C0 57 push edi
0041F2C1 6A 00 push 0
0041F2C3 8B1D D8604300 mov ebx,dword ptr ds:[<&KERNEL32.GetProcessHeap>>; kernel32.GetProcessHeap
0041F2C9 FFD3 call ebx ; kernel32.GetProcessHeap
0041F2CB 50 push eax
0041F2CC FF15 BC604300 call dword ptr ds:[<&KERNEL32.HeapAlloc>] ; ntdll.RtlAllocateHeap
0041F2D2 8BF0 mov esi,eax
0041F2D4 85F6 test esi,esi
0041F2D6 /75 0D jnz short SyHelper.0041F2E5
0041F2E5 893E mov dword ptr ds:[esi],edi
0041F2E7 56 push esi
0041F2E8 FF15 14624300 call dword ptr ds:[<&KERNEL32.GetVersionExA>] ; kernel32.GetVersionExA
0041F2EE 56 push esi
0041F2EF 6A 00 push 0
0041F2F1 85C0 test eax,eax
0041F2F3 /75 0E jnz short SyHelper.0041F303
0041F303 8B46 10 mov eax,dword ptr ds:[esi+10]
0041F306 8945 E0 mov dword ptr ss:[ebp-20],eax
0041F309 8B46 04 mov eax,dword ptr ds:[esi+4]
0041F30C 8945 DC mov dword ptr ss:[ebp-24],eax
0041F30F 8B46 08 mov eax,dword ptr ds:[esi+8]
0041F312 8945 D8 mov dword ptr ss:[ebp-28],eax
0041F315 8B7E 0C mov edi,dword ptr ds:[esi+C]
0041F318 81E7 FF7F0000 and edi,7FFF
0041F31E FFD3 call ebx ; kernel32.GetProcessHeap
0041F320 50 push eax
0041F321 FF15B8604300 call dword ptr ds:[<&KERNEL32.HeapFree>] ; ntdll.RtlFreeHeap
0041F327 8B75 E0 mov esi,dword ptr ss:[ebp-20]
0041F32A 83FE 02 cmp esi,2
0041F32D /74 06 je short SyHelper.0041F335
0041F335 8B4D DC mov ecx,dword ptr ss:[ebp-24]
0041F338 8BC1 mov eax,ecx
0041F33A C1E0 08 shl eax,8
0041F33D 8B55 D8 mov edx,dword ptr ss:[ebp-28]
0041F340 03C2 add eax,edx
0041F342 8935 5C774400 mov dword ptr ds:[44775C],esi
0041F348 A3 64774400 mov dword ptr ds:[447764],eax
0041F34D 890D 68774400 mov dword ptr ds:[447768],ecx
0041F353 8915 6C774400 mov dword ptr ds:[44776C],edx
0041F359 893D 60774400 mov dword ptr ds:[447760],edi
0041F35F E8 F5FEFFFF call SyHelper.0041F259
0041F364 8945 E0 mov dword ptr ss:[ebp-20],eax
0041F367 33DB xor ebx,ebx ; kernel32.GetProcessHeap
0041F369 43 inc ebx
0041F36A 53 push ebx
0041F36B E8 F1400000 call SyHelper.00423461
0041F370 59 pop ecX
0041F371 85C0 test eax,eax
0041F373 /75 08 jnz short SyHelper.0041F37D
0041F37D E8 25590000 call SyHelper.00424CA7
0041F382 85C0 test eax,eax
0041F384 /75 08 jnz short SyHelper.0041F38E
0041F38E E8 9C9E0000 call SyHelper.0042922F
0041F393 895D FC mov dword ptr ss:[ebp-4],ebx
0041F396 E8 2B6D0000 call SyHelper.004260C6
0041F39B 85C0 test eax,eax
0041F39D /7D 08 jge short SyHelper.0041F3A7
0041F3A7 FF15 D4604300 call dword ptr ds:[<&KERNEL32.GetCommandLineA>] ; kernel32.GetCommandLineA
0041F3AD A3 B4944400 mov dword ptr ds:[4494B4],eax
0041F3B2 E8 439D0000 call SyHelper.004290FA
0041F3B7 A3 4C774400 mov dword ptr ds:[44774C],eax
0041F3BC E8 809C0000 call SyHelper.00429041
0041F3C1 85C0 test eax,eax
0041F3C3 /7D 08 jge short SyHelper.0041F3CD
0041F3CD E8 FC990000 call SyHelper.00428DCE
0041F3D2 85C0 test eax,eax
0041F3D4 /7D 08 jge short SyHelper.0041F3DE
0041F3DE 53 push ebx
0041F3DF E8 430A0000 call SyHelper.0041FE27
0041F3E4 59 pop ecx ; SyHelper.00435BC0
0041F3E5 85C0 test eax,eax
0041F3E7 /74 07 je short SyHelper.0041F3F0
0041F3F0 E8 7C990000 call SyHelper.00428D71
0041F3F5 845D BC test byte ptr ss:[ebp-44],bl
0041F3F8 /74 06 je short SyHelper.0041F400
0041F3FA 0FB74D C0 movzx ecx,word ptr ss:[ebp-40]
0041F3FE /EB 03 jmp short SyHelper.0041F403
0041F403 51 push ecx
0041F404 50 push eax
0041F405 6A 00 push 0
0041F407 68 00004000 push SyHelper.00400000
0041F40C E8 25500100 call SyHelper.00434436
0041F411 8945 E4 mov dword ptr ss:[ebp-1C],eax
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
