[求助]有人能看懂这个代码么？-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]有人能看懂这个代码么？ 0.00雪花

发表于: 2008-7-24 02:00 4204

[旧帖] [求助]有人能看懂这个代码么？ 0.00雪花

tobfox

2008-7-24 02:00

4204

70000000 - 4d                      - dec ebp
70000001 - 5a                      - pop edx
70000002 - 90                      - nop
70000003 - 00 03                   - add [ebx],al
70000005 - 00 00                   - add [eax],al
70000007 - 00 04 00                - add [eax+eax],al
7000000A - 00 00                   - add [eax],al
7000000C - ff                      - db ff
7000000D - ff 00                   - inc [eax]
7000000F - 00 b8 00 00 00 00       - add [eax+00000000],bh
70000015 - 00 00                   - add [eax],al
70000017 - 00 40 00                - add [eax+00],al
7000001A - 00 00                   - add [eax],al
7000001C - 00 00                   - add [eax],al
7000001E - 00 00                   - add [eax],al70077C5C
70000020 - 00 00                   - add [eax],al
70000022 - 00 00                   - add [eax],al
70000024 - 42                      - inc edx
70000025 - 75 2a                   - jne 70000051
70000027 - 4f                      - dec edi
70000028 - 00 00                   - add [eax],al
7000002A - 00 00                   - add [eax],al
7000002C - 00 00                   - add [eax],al
7000002E - 00 00                   - add [eax],al
70000030 - 00 00                   - add [eax],al
70000032 - 00 00                   - add [eax],al
70000034 - 00 00                   - add [eax],al
70000036 - 00 00                   - add [eax],al
70000038 - 00 00                   - add [eax],al
7000003A - 00 00                   - add [eax],al
7000003C - 40                      - inc eax
7000003D - 01 00                   - add [eax],eax
7000003F - 00 0e                   - add [esi],cl
70000041 - 1f                      - pop ds
70000042 - ba 0e 00 b4 09          - mov edx,09b4000e
70000047 - cd 21                   - int 21
70000049 - b8 01 4c cd 21          - mov eax,21cd4c01
7000004E - 54                      - push esp
7000004F - 68 69 73 20 70          - push 70207369
70000054 - 72 6f                   - jb 700000c5
70000056 - 67 72 61                - jb 700000ba
70000059 - 6d                      - insd
7000005A - 20 63 61                - and [ebx+61],ah
7000005D - 6e                      - outsb
7000005E - 6e                      - outsb
7000005F - 6f                      - outsd
70000060 - 74 20                   - je 70000082
70000062 - 62 65 20                - bound esp,[ebp+20]
70000065 - 72 75                   - jb 700000dc
70000067 - 6e                      - outsb
70000068 - 20 69 6e                - and [ecx+6e],ch
7000006B - 20 44 4f 53             - and [edi+ecx*2+53],al
7000006F - 20 6d 6f                - and [ebp+6f],ch
70000072 - 64 65 2e 0d 0d 0a 24 00 - or eax,00240a0d
7000007A - 00 00                   - add [eax],al
7000007C - 00 00                   - add [eax],al
7000007E - 00 00                   - add [eax],al
70000080 - 73 dc                   - jae 7000005e
70000082 - 6b ca 37                - imul ecx,edx,37
70000085 - bd 05 99 37 bd          - mov ebp,bd379905
7000008A - 05 99 37 bd 05          - add eax,05bd3799
7000008F - 99                      - cdq
70000090 - 31 9e 0e 99 35 bd       - xor [esi-42ca66f2],ebx
70000096 - 05 99 24 b5 58          - add eax,58b52499
7000009B - 99                      - cdq
7000009C - 35 bd 05 99 cd          - xor eax,cd9905bd
700000A1 - 9e                      - sahf
700000A2 - 1c 99                   - sbb al,99
700000A4 - 35 bd 05 99 37          - xor eax,379905bd
700000A9 - bd 05 99 34 bd          - mov ebp,bd349905
700000AE - 05 99 6e 9e 16          - add eax,169e6e99
700000B3 - 99                      - cdq
700000B4 - 3e bd 05 99 24 b5       - mov ebp,b5249905
700000BA - 6c                      - insb
700000BB - 99                      - cdq
700000BC - 35 bd 05 99 32          - xor eax,329905bd
700000C1 - b1 0a                   - mov cl,0a
700000C3 - 99                      - cdq
700000C4 - 19 bd 05 99 68 9f       - sbb [ebp-609766fb],edi
700000CA - 0e                      - push cs
700000CB - 99                      - cdq
700000CC - 33 bd 05 99 c8 9d       - xor edi,[ebp-623766fb]
700000D2 - 01 99 35 bd 05 99       - add [ecx-66fa42cb],ebx
700000D8 - b4 b5                   - mov ah,b5
700000DA - 58                      - pop eax
700000DB - 99                      - cdq
700000DC - 27                      - daa
700000DD - bd 05 99 32 b1          - mov ebp,b1329905
700000E2 - 5a                      - pop edx
700000E3 - 99                      - cdq
700000E4 - f2 bd 05 99 df a2       - repne mov ebp,a2df9905
700000EA - 01 99 35 bd 05 99       - add [ecx-66fa42cb],ebx
700000F0 - 32 b1 58 99 34 bd       - xor dh,[ecx-42cb66a8]
700000F6 - 05 99 37 bd 04          - add eax,04bd3799
700000FB - 99                      - cdq
700000FC - 12 bc 05 99 df a2 0f    - adc bh,byte ptr [ebp+eax+0fa2df99]
70000103 - 99                      - cdq
70000104 - 76 bd                   - jna 700000c3
70000106 - 05 99 32 b1 65          - add eax,65b13299
7000010B - 99                      - cdq
7000010C - ae                      - scasb
7000010D - b9 05 99 db b6          - mov ecx,b6db9905
70000112 - 5b                      - pop ebx
70000113 - 99                      - cdq
70000114 - 36 bd 05 99 32 b1       - mov ebp,b1329905
7000011A - 5f                      - pop edi
7000011B - 99                      - cdq
7000011C - 36 bd 05 99 52 69       - mov ebp,69529905
70000122 - 63 68 37                - arpl [eax+37],bp
70000125 - bd 05 99 00 00          - mov ebp,00009905
7000012A - 00 00                   - add [eax],al
7000012C - 00 00                   - add [eax],al
7000012E - 00 00                   - add [eax],al
70000130 - 00 00                   - add [eax],al
70000132 - 00 00                   - add [eax],al
70000134 - 00 00                   - add [eax],al
70000136 - 00 00                   - add [eax],al
70000138 - 00 00                   - add [eax],al
7000013A - 00 00                   - add [eax],al
7000013C - 00 00                   - add [eax],al
7000013E - 00 00                   - add [eax],al
70000140 - 50                      - push eax
70000141 - 45                      - inc ebp
70000142 - 00 00                   - add [eax],al
70000144 - 4c                      - dec esp
70000145 - 01 04 00                - add [eax+eax],eax
70000148 - 90                      - nop
70000149 - ec                      - in al,dx
7000014A - 86 48 00                - xchg [eax+00],cl
7000014D - 00 00                   - add [eax],al
7000014F - 00 00                   - add [eax],al
70000151 - 00 00                   - add [eax],al
70000153 - 00 e0                   - add al,ah
70000155 - 00 0f                   - add [edi],cl
70000157 - 01 0b                   - add [ebx],ecx
70000159 - 01 07                   - add [edi],eax
7000015B - 0a 00                   - or al,[eax]
7000015D - 30 2e                   - xor [esi],ch
7000015F - 00 00                   - add [eax],al
70000161 - a0 0f 00 00 00          - mov ax,[0000000f]
70000166 - 00 00                   - add [eax],al
70000168 - 00 00                   - add [eax],al
7000016A - 00 00                   - add [eax],al
7000016C - 00 10                   - add [eax],dl
7000016E - 00 00                   - add [eax],al
70000170 - 00 40 2e                - add [eax+2e],al
70000173 - 00 00                   - add [eax],al
70000175 - 00 00                   - add [eax],al
70000177 - 70 00                   - jo 70000179
70000179 - 10 00                   - adc [eax],al
7000017B - 00 00                   - add [eax],al
7000017D - 10 00                   - adc [eax],al
7000017F - 00 04 00                - add [eax+eax],al
70000182 - 00 00                   - add [eax],al
70000184 - 00 00                   - add [eax],al
70000186 - 00 00                   - add [eax],al
70000188 - 04 00                   - add al,00
7000018A - 00 00                   - add [eax],al
7000018C - 00 00                   - add [eax],al
7000018E - 00 00                   - add [eax],al
70000190 - 00 b0 53 00 00 10       - add [eax+10000053],dh
70000196 - 00 00                   - add [eax],al
70000198 - bf 27 20 00 02          - mov edi,02002027
7000019D - 00 00                   - add [eax],al
7000019F - 00 00                   - add [eax],al
700001A1 - 00 10                   - add [eax],dl
700001A3 - 00 00                   - add [eax],al
700001A5 - 10 00                   - adc [eax],al
700001A7 - 00 00                   - add [eax],al
700001A9 - 00 10                   - add [eax],dl
700001AB - 00 00                   - add [eax],al
700001AD - 10 00                   - adc [eax],al
700001AF - 00 00                   - add [eax],al
700001B1 - 00 00                   - add [eax],al
700001B3 - 00 10                   - add [eax],dl
700001B5 - 00 00                   - add [eax],al
700001B7 - 00 00                   - add [eax],al

[课程]Android-CTF解题方法汇总！

收藏・1

免费・0

支持

最新回复 (4)
isgod 雪币： 150 活跃值： (17) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 43 粉丝 0 关注私信	isgod 2 楼不是代码，有点似数据值 2008-7-24 09:01 0
zapline 雪币： 2362 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 66 回帖 2376 粉丝 0 关注私信	zapline 3 楼同意你的观点！ 2008-7-24 09:02 0
sessiondiy 雪币： 2067 活跃值： (82) 能力值： ( LV9，RANK：180 ) 在线值：发帖 37 回帖 3244 粉丝 6 关注私信	sessiondiy 4 4 楼这是档头 ,, 2008-7-24 09:19 0
gzgzlxg 雪币： 238 活跃值： (326) 能力值： ( LV12，RANK：450 ) 在线值：发帖 12 回帖 346 粉丝 7 关注私信	gzgzlxg 11 5 楼根本就不是代码，是PE文件头，前面最明显的标志都没有看到？不过是个不完整的PE头，应该由VC++编译生成的文件头。下面是LZ的这个不完整的文件头： 00000000 DOS_Header dw 5A4Dh ; e_magic 00000000 dw 90h ; e_cblp 00000000 dw 3 ; e_cp 00000000 dw 0 ; e_crlc 00000000 dw 4 ; e_cparhdr 00000000 dw 0 ; e_minalloc 00000000 dw 0FFFFh ; e_maxalloc 00000000 dw 0 ; e_ss 00000000 dw 0B8h ; e_sp 00000000 dw 0 ; e_csum 00000000 dw 0 ; e_ip 00000000 dw 0 ; e_cs 00000000 dw offset ShowInfo ; e_lfarlc 00000000 dw 0 ; e_ovno 00000000 dw 4 dup(0) ; e_res 00000000 dw 7542h ; e_oemid 00000000 dw 4F2Ah ; e_oeminfo 00000000 dw 0Ah dup(0) ; e_res2 00000000 dd PE_Header ; e_lfanew 00000040 ;----------------------------------------------------------------------- 00000040 +++++++++++++++++ DOS PROGRAM START ++++++++++++++++ 00000040 00000040 ; ************* S U B R O U T I N E *********************************** 00000040 00000040 00000040 ShowInfo proc near 00000040 push cs 00000041 pop ds 00000042 mov dx, 0Eh 00000045 mov ah, 9 00000047 int 21h ; DOS - PRINT STRING 00000047 ; DS:DX -> string terminated by "$" 00000049 mov ax, 4C01h 0000004C int 21h ; DOS - 2+ - QUIT WITH EXIT CODE (EXIT) 0000004C ; AL = exit code 0000004C 0000004C ShowInfo endp 0000004C 0000004E szImfo db 'This program cannot be run in DOS mode.',0Dh,0Dh,0Ah 0000004E db '$',0 0000007A db 6 dup(0) 00000080 +++++++++++++++++ DOS PROGRAM END ++++++++++++++ 00000080 ;======================================================================= 00000080 db 73h,0DCh, 6Bh,0CAh, 37h,0BDh, 5, 99h 00000080 db 37h,0BDh, 5, 99h, 37h,0BDh, 5, 99h 00000080 db 31h, 9Eh, 0Eh, 99h, 35h,0BDh, 5, 99h 00000080 db 24h,0B5h, 58h, 99h, 35h,0BDh, 5, 99h 00000080 db 0CDh, 9Eh, 1Ch, 99h, 35h,0BDh, 5, 99h 00000080 db 37h,0BDh, 5, 99h, 34h,0BDh, 5, 99h 00000080 db 6Eh, 9Eh, 16h, 99h, 3Eh,0BDh, 5, 99h 00000080 db 24h,0B5h, 6Ch, 99h, 35h,0BDh, 5, 99h 00000080 db 32h,0B1h, 0Ah, 99h, 19h,0BDh, 5, 99h 00000080 db 68h, 9Fh, 0Eh, 99h, 33h,0BDh, 5, 99h 00000080 db 0C8h, 9Dh, 1, 99h, 35h,0BDh, 5, 99h 00000080 db 0B4h,0B5h, 58h, 99h, 27h,0BDh, 5, 99h 00000080 db 32h,0B1h, 5Ah, 99h,0F2h,0BDh, 5, 99h 00000080 db 0DFh,0A2h, 1, 99h, 35h,0BDh, 5, 99h 00000080 db 32h,0B1h, 58h, 99h, 34h,0BDh, 5, 99h 00000080 db 37h,0BDh, 4, 99h, 12h,0BCh, 5, 99h 00000080 db 0DFh,0A2h, 0Fh, 99h, 76h,0BDh, 5, 99h 00000080 db 32h,0B1h, 65h, 99h,0AEh,0B9h, 5, 99h 00000080 db 0DBh,0B6h, 5Bh, 99h, 36h,0BDh, 5, 99h 00000080 db 32h,0B1h, 5Fh, 99h, 36h,0BDh, 5, 99h 00000120 szRich db 'Rich' 00000124 db 37h,0BDh, 5, 99h 00000128 db 18h dup(0) 00000140 ;======================================================================= 00000140 ;************ IMAGE_NT_HEADERS STRUCTURE START ************** 00000140 ;SIGNATURE 00000140 PE_Header db 'PE',0,0 ; Signature 00000140 dw 14Ch ; FileHeader.Machine 00000140 dw 4 ; FileHeader.NumberOfSections 00000140 dd 4886EC90h ; FileHeader.TimeDateStamp 00000140 dd 0 ; FileHeader.PointerToSymbolTable 00000140 dd 0 ; FileHeader.NumberOfSymbols 00000140 dw 0E0h ; FileHeader.SizeOfOptionalHeader 00000140 dw 10Fh ; FileHeader.Characteristics 00000140 dw 10Bh ; OptionalHeader.Magic 00000140 db 7 ; OptionalHeader.MajorLinkerVersion 00000140 db 0Ah ; OptionalHeader.MinorLinkerVersion 00000140 dd 2E3000h ; OptionalHeader.SizeOfCode 00000140 dd 0FA000h ; OptionalHeader.SizeOfInitializedData 00000140 dd 0 ; OptionalHeader.SizeOfUninitializedData 00000140 dd 0 ; OptionalHeader.AddressOfEntryPoint 00000140 dd 1000h ; OptionalHeader.BaseOfCode 00000140 dd 2E4000h ; OptionalHeader.BaseOfData 00000140 dd 70000000h ; OptionalHeader.ImageBase 00000140 dd 1000h ; OptionalHeader.SectionAlignment 00000140 dd 1000h ; OptionalHeader.FileAlignment 00000140 dw 4 ; OptionalHeader.MajorOperatingSystemVersion 00000140 dw 0 ; OptionalHeader.MinorOperatingSystemVersion 00000140 dw 0 ; OptionalHeader.MajorImageVersion 00000140 dw 0 ; OptionalHeader.MinorImageVersion 00000140 dw 4 ; OptionalHeader.MajorSubsystemVersion 00000140 dw 0 ; OptionalHeader.MinorSubsystemVersion 00000140 dd 0 ; OptionalHeader.Win32VersionValue 00000140 dd 53B000h ; OptionalHeader.SizeOfImage 00000140 dd 1000h ; OptionalHeader.SizeOfHeaders 00000140 dd 2027BFh ; OptionalHeader.CheckSum 00000140 dw 2 ; OptionalHeader.Subsystem 00000140 dw 0 ; OptionalHeader.DllCharacteristics 00000140 dd 100000h ; OptionalHeader.SizeOfStackReserve 00000140 dd 1000h ; OptionalHeader.SizeOfStackCommit 00000140 dd 100000h ; OptionalHeader.SizeOfHeapReserve 00000140 dd 1000h ; OptionalHeader.SizeOfHeapCommit 00000140 dd 0 ; OptionalHeader.LoaderFlags 00000140 dd 10h ; OptionalHeader.NumberOfRvaAndSizes 000001B8 IMAGE_DATA_DIRECTORY <0> 000001C0 db 40h dup(?) 000001C0 seg000 ends 2008-7-24 09:56 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

tobfox

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (4)
isgod 雪币： 150 活跃值： (17) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 43 粉丝 0 关注私信	isgod 2 楼不是代码，有点似数据值 2008-7-24 09:01 0
zapline 雪币： 2362 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 66 回帖 2376 粉丝 0 关注私信	zapline 3 楼同意你的观点！ 2008-7-24 09:02 0
sessiondiy 雪币： 2067 活跃值： (82) 能力值： ( LV9，RANK：180 ) 在线值：发帖 37 回帖 3244 粉丝 6 关注私信	sessiondiy 4 4 楼这是档头 ,, 2008-7-24 09:19 0
gzgzlxg 雪币： 238 活跃值： (326) 能力值： ( LV12，RANK：450 ) 在线值：发帖 12 回帖 346 粉丝 7 关注私信	gzgzlxg 11 5 楼根本就不是代码，是PE文件头，前面最明显的标志都没有看到？不过是个不完整的PE头，应该由VC++编译生成的文件头。下面是LZ的这个不完整的文件头： 00000000 DOS_Header dw 5A4Dh ; e_magic 00000000 dw 90h ; e_cblp 00000000 dw 3 ; e_cp 00000000 dw 0 ; e_crlc 00000000 dw 4 ; e_cparhdr 00000000 dw 0 ; e_minalloc 00000000 dw 0FFFFh ; e_maxalloc 00000000 dw 0 ; e_ss 00000000 dw 0B8h ; e_sp 00000000 dw 0 ; e_csum 00000000 dw 0 ; e_ip 00000000 dw 0 ; e_cs 00000000 dw offset ShowInfo ; e_lfarlc 00000000 dw 0 ; e_ovno 00000000 dw 4 dup(0) ; e_res 00000000 dw 7542h ; e_oemid 00000000 dw 4F2Ah ; e_oeminfo 00000000 dw 0Ah dup(0) ; e_res2 00000000 dd PE_Header ; e_lfanew 00000040 ;----------------------------------------------------------------------- 00000040 +++++++++++++++++ DOS PROGRAM START ++++++++++++++++ 00000040 00000040 ; ************* S U B R O U T I N E *********************************** 00000040 00000040 00000040 ShowInfo proc near 00000040 push cs 00000041 pop ds 00000042 mov dx, 0Eh 00000045 mov ah, 9 00000047 int 21h ; DOS - PRINT STRING 00000047 ; DS:DX -> string terminated by "$" 00000049 mov ax, 4C01h 0000004C int 21h ; DOS - 2+ - QUIT WITH EXIT CODE (EXIT) 0000004C ; AL = exit code 0000004C 0000004C ShowInfo endp 0000004C 0000004E szImfo db 'This program cannot be run in DOS mode.',0Dh,0Dh,0Ah 0000004E db '$',0 0000007A db 6 dup(0) 00000080 +++++++++++++++++ DOS PROGRAM END ++++++++++++++ 00000080 ;======================================================================= 00000080 db 73h,0DCh, 6Bh,0CAh, 37h,0BDh, 5, 99h 00000080 db 37h,0BDh, 5, 99h, 37h,0BDh, 5, 99h 00000080 db 31h, 9Eh, 0Eh, 99h, 35h,0BDh, 5, 99h 00000080 db 24h,0B5h, 58h, 99h, 35h,0BDh, 5, 99h 00000080 db 0CDh, 9Eh, 1Ch, 99h, 35h,0BDh, 5, 99h 00000080 db 37h,0BDh, 5, 99h, 34h,0BDh, 5, 99h 00000080 db 6Eh, 9Eh, 16h, 99h, 3Eh,0BDh, 5, 99h 00000080 db 24h,0B5h, 6Ch, 99h, 35h,0BDh, 5, 99h 00000080 db 32h,0B1h, 0Ah, 99h, 19h,0BDh, 5, 99h 00000080 db 68h, 9Fh, 0Eh, 99h, 33h,0BDh, 5, 99h 00000080 db 0C8h, 9Dh, 1, 99h, 35h,0BDh, 5, 99h 00000080 db 0B4h,0B5h, 58h, 99h, 27h,0BDh, 5, 99h 00000080 db 32h,0B1h, 5Ah, 99h,0F2h,0BDh, 5, 99h 00000080 db 0DFh,0A2h, 1, 99h, 35h,0BDh, 5, 99h 00000080 db 32h,0B1h, 58h, 99h, 34h,0BDh, 5, 99h 00000080 db 37h,0BDh, 4, 99h, 12h,0BCh, 5, 99h 00000080 db 0DFh,0A2h, 0Fh, 99h, 76h,0BDh, 5, 99h 00000080 db 32h,0B1h, 65h, 99h,0AEh,0B9h, 5, 99h 00000080 db 0DBh,0B6h, 5Bh, 99h, 36h,0BDh, 5, 99h 00000080 db 32h,0B1h, 5Fh, 99h, 36h,0BDh, 5, 99h 00000120 szRich db 'Rich' 00000124 db 37h,0BDh, 5, 99h 00000128 db 18h dup(0) 00000140 ;======================================================================= 00000140 ;************ IMAGE_NT_HEADERS STRUCTURE START ************** 00000140 ;SIGNATURE 00000140 PE_Header db 'PE',0,0 ; Signature 00000140 dw 14Ch ; FileHeader.Machine 00000140 dw 4 ; FileHeader.NumberOfSections 00000140 dd 4886EC90h ; FileHeader.TimeDateStamp 00000140 dd 0 ; FileHeader.PointerToSymbolTable 00000140 dd 0 ; FileHeader.NumberOfSymbols 00000140 dw 0E0h ; FileHeader.SizeOfOptionalHeader 00000140 dw 10Fh ; FileHeader.Characteristics 00000140 dw 10Bh ; OptionalHeader.Magic 00000140 db 7 ; OptionalHeader.MajorLinkerVersion 00000140 db 0Ah ; OptionalHeader.MinorLinkerVersion 00000140 dd 2E3000h ; OptionalHeader.SizeOfCode 00000140 dd 0FA000h ; OptionalHeader.SizeOfInitializedData 00000140 dd 0 ; OptionalHeader.SizeOfUninitializedData 00000140 dd 0 ; OptionalHeader.AddressOfEntryPoint 00000140 dd 1000h ; OptionalHeader.BaseOfCode 00000140 dd 2E4000h ; OptionalHeader.BaseOfData 00000140 dd 70000000h ; OptionalHeader.ImageBase 00000140 dd 1000h ; OptionalHeader.SectionAlignment 00000140 dd 1000h ; OptionalHeader.FileAlignment 00000140 dw 4 ; OptionalHeader.MajorOperatingSystemVersion 00000140 dw 0 ; OptionalHeader.MinorOperatingSystemVersion 00000140 dw 0 ; OptionalHeader.MajorImageVersion 00000140 dw 0 ; OptionalHeader.MinorImageVersion 00000140 dw 4 ; OptionalHeader.MajorSubsystemVersion 00000140 dw 0 ; OptionalHeader.MinorSubsystemVersion 00000140 dd 0 ; OptionalHeader.Win32VersionValue 00000140 dd 53B000h ; OptionalHeader.SizeOfImage 00000140 dd 1000h ; OptionalHeader.SizeOfHeaders 00000140 dd 2027BFh ; OptionalHeader.CheckSum 00000140 dw 2 ; OptionalHeader.Subsystem 00000140 dw 0 ; OptionalHeader.DllCharacteristics 00000140 dd 100000h ; OptionalHeader.SizeOfStackReserve 00000140 dd 1000h ; OptionalHeader.SizeOfStackCommit 00000140 dd 100000h ; OptionalHeader.SizeOfHeapReserve 00000140 dd 1000h ; OptionalHeader.SizeOfHeapCommit 00000140 dd 0 ; OptionalHeader.LoaderFlags 00000140 dd 10h ; OptionalHeader.NumberOfRvaAndSizes 000001B8 IMAGE_DATA_DIRECTORY <0> 000001C0 db 40h dup(?) 000001C0 seg000 ends 2008-7-24 09:56 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复