-
-
[旧帖] [讨论]MP4Converter XXX版 个人学习遇到的问题{请观注一下} 0.00雪花
-
发表于: 2008-8-12 23:25 4076
-
看了,那个《手动脱壳18例》,还没看完,看到例6,手就痒了。想试试手。
就在电脑中随便翻翻,看有没有小软件。
结果看到一个朋友在电脑中的一个文件夹,一个MP4视频转换器。用于把视频格式转换为MP4格式的。
打开一个,是个未注册版,但可以试用的。我就用OD载入,提示可能被压缩,就有Peid看了一下,有加壳 aspack 2.12 -> alexey solodovnikov正好是前几篇文章中看的那个文章中也是这个壳,就手动跟了一下,找出了00614000 这个入口点。
{确却的说,我还不知道,这个入口点正不正确}。
我就用OD自带插件的DUMP了一下。结果保存后,却无法运行,程序出错。刚开始还以为跟错了,后来试了几次,都是这个00614000这个地址。用ImportREC_fix.exe仍无法修复。后来,实在不行,就下载了一个自动脱壳的。“成功”脱壳以后,也能正常运行。看到软件脱壳后,入口点,也是00614000,才确定我找的入口点是对的,可是为什么DUMP是无法运行,怎么修复呢?
Peid检测也是VC6编写的。可是,不知道为什么OD载入时,仍提示加密!
请问一下,这是为什么呀?为什么,Peid检测没有壳了,而OD检测仍有加密呀?
就在电脑中随便翻翻,看有没有小软件。
结果看到一个朋友在电脑中的一个文件夹,一个MP4视频转换器。用于把视频格式转换为MP4格式的。
打开一个,是个未注册版,但可以试用的。我就用OD载入,提示可能被压缩,就有Peid看了一下,有加壳 aspack 2.12 -> alexey solodovnikov正好是前几篇文章中看的那个文章中也是这个壳,就手动跟了一下,找出了00614000 这个入口点。
{确却的说,我还不知道,这个入口点正不正确}。
我就用OD自带插件的DUMP了一下。结果保存后,却无法运行,程序出错。刚开始还以为跟错了,后来试了几次,都是这个00614000这个地址。用ImportREC_fix.exe仍无法修复。后来,实在不行,就下载了一个自动脱壳的。“成功”脱壳以后,也能正常运行。看到软件脱壳后,入口点,也是00614000,才确定我找的入口点是对的,可是为什么DUMP是无法运行,怎么修复呢?
Peid检测也是VC6编写的。可是,不知道为什么OD载入时,仍提示加密!
请问一下,这是为什么呀?为什么,Peid检测没有壳了,而OD检测仍有加密呀?
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
赞赏
|
|
|---|---|
|
|
OD中查找字符串好了
看看有没有“未注册”之类的 可以先忽略提示嘛 |
|
|
是不是有 pushad 之类的就一定有加壳呀?
代码里还有popad之类的,应该是还有加壳吧,可是像第一次那样分析,却分析不到入口点呀。 00614000 > 55 push ebp 00614001 8BEC mov ebp, esp 00614003 6A FF push -1 00614005 68 2A2C0A00 push 0A2C2A 0061400A 68 38900D00 push 0D9038 0061400F 64:A1 00000000 mov eax, dword ptr fs:[0] 00614015 50 push eax 00614016 64:8925 0000000>mov dword ptr fs:[0], esp 0061401D 83EC 68 sub esp, 68 00614020 53 push ebx 00614021 56 push esi 00614022 57 push edi 00614023 8965 FA mov dword ptr [ebp-6], esp 00614026 33DB xor ebx, ebx 00614028 895D F8 mov dword ptr [ebp-8], ebx 0061402B 6A 02 push 2 0061402D EB 01 jmp short 00614030 0061402F F8 clc 00614030 58 pop eax 00614031 5F pop edi 00614032 5E pop esi 00614033 5B pop ebx 00614034 64:8B25 0000000>mov esp, dword ptr fs:[0] 0061403B 64:8F05 0000000>pop dword ptr fs:[0] 00614042 58 pop eax 00614043 58 pop eax 00614044 58 pop eax 00614045 5D pop ebp 00614046 66:9C pushfw 00614048 E8 04000000 call 00614051 0061404D 0010 add byte ptr [eax], dl 0061404F 40 inc eax 00614050 0083 C404EB04 add byte ptr [ebx+4EB04C4], al 00614056 31C8 xor eax, ecx 00614058 3F aas 00614059 00EB add bl, ch 0061405B 04 F0 add al, 0F0 0061405D 0F4000 cmovo eax, dword ptr [eax] 00614060 66:9D popfw 00614062 E8 AA000000 call 00614111 00614067 8F40 21 pop dword ptr [eax+21] 0061406A 0000 add byte ptr [eax], al 0061406C 0000 add byte ptr [eax], al 0061406E 0000 add byte ptr [eax], al 00614070 0000 add byte ptr [eax], al 00614072 009F 4021008F add byte ptr [edi+8F002140], bl 00614078 40 inc eax 00614079 2100 and dword ptr [eax], eax 0061407B 0000 add byte ptr [eax], al 0061407D 0000 add byte ptr [eax], al 0061407F 0000 add byte ptr [eax], al 00614081 0000 add byte ptr [eax], al 00614083 0000 add byte ptr [eax], al 00614085 0000 add byte ptr [eax], al 00614087 0000 add byte ptr [eax], al 00614089 0000 add byte ptr [eax], al 0061408B 0000 add byte ptr [eax], al 0061408D 0000 add byte ptr [eax], al 0061408F > EC in al, dx 00614090 6F outs dx, dword ptr es:[edi] 00614091 EB 77 jmp short 0061410A 00614093 > 86AD E5779C6F xchg byte ptr [ebp+6F9C77E5], ch 00614099 EB 77 jmp short 00614112 0061409B 0000 add byte ptr [eax], al 0061409D 0000 add byte ptr [eax], al 0061409F 4B dec ebx 006140A0 45 inc ebp 006140A1 52 push edx 006140A2 4E dec esi 006140A3 45 inc ebp 006140A4 4C dec esp 006140A5 3332 xor esi, dword ptr [edx] 006140A7 2E: prefix cs: 006140A8 64:6C ins byte ptr es:[edi], dx 006140AA 6C ins byte ptr es:[edi], dx 006140AB 0000 add byte ptr [eax], al 006140AD 0000 add byte ptr [eax], al 006140AF 47 inc edi 006140B0 65:74 50 je short 00614103 006140B3 72 6F jb short 00614124 006140B5 6341 64 arpl word ptr [ecx+64], ax 006140B8 64:72 65 jb short 00614120 006140BB 73 73 jnb short 00614130 006140BD 0000 add byte ptr [eax], al 006140BF 0047 65 add byte ptr [edi+65], al 006140C2 74 4D je short 00614111 006140C4 6F outs dx, dword ptr es:[edi] 006140C5 64:75 6C jnz short 00614134 006140C8 65:48 dec eax 006140CA 61 popad 006140CB 6E outs dx, byte ptr es:[edi] 006140CC 64:6C ins byte ptr es:[edi], dx 006140CE 65:41 inc ecx 006140D0 0000 add byte ptr [eax], al 006140D2 004C6F 61 add byte ptr [edi+ebp*2+61], cl 006140D6 64:4C dec esp 006140D8 6962 72 6172794>imul esp, dword ptr [edx+72], 4179726> 006140DF 00B9 02000068 add byte ptr [ecx+68000002], bh 006140E5 3E:0000 add byte ptr [eax], al 006140E8 56 push esi 006140E9 6972 74 75616C4>imul esi, dword ptr [edx+74], 416C617> 006140F0 6C ins byte ptr es:[edi], dx 006140F1 6C ins byte ptr es:[edi], dx 006140F2 6F outs dx, dword ptr es:[edi] 006140F3 6300 arpl word ptr [eax], ax 006140F5 0000 add byte ptr [eax], al 006140F7 0000 add byte ptr [eax], al 006140F9 0060 52 add byte ptr [eax+52], ah 006140FC 0010 add byte ptr [eax], dl 006140FE 60 pushad 006140FF 52 push edx 00614100 00C0 add al, al 00614102 50 push eax 00614103 51 push ecx 00614104 0010 add byte ptr [eax], dl 00614106 70 52 jo short 0061415A 00614108 0000 add byte ptr [eax], al 0061410A 0000 add byte ptr [eax], al 0061410C 0000 add byte ptr [eax], al 0061410E 0000 add byte ptr [eax], al 00614110 005D 70 add byte ptr [ebp+70], bl 00614113 06 push es 00614114 71 04 jno short 0061411A 00614116 A8 C8 test al, 0C8 00614118 3F aas 00614119 0081 ED670000 add byte ptr [ecx+67ED], al 0061411F 0072 07 add byte ptr [edx+7], dh 00614122 73 05 jnb short 00614129 00614124 880F mov byte ptr [edi], cl 00614126 E0 3E loopdne short 00614166 00614128 008D B59F0000 add byte ptr [ebp+9FB5], cl 0061412E 0056 78 add byte ptr [esi+78], dl 00614131 07 pop es 00614132 79 05 jns short 00614139 00614134 EA 000F41FF FF9>jmp far 95FF:FF410F00 0061413B 93 xchg eax, ebx 0061413C 0000 add byte ptr [eax], al 0061413E 0066 9C add byte ptr [esi-64], ah 00614141 EB 01 jmp short 00614144 00614143 EB 57 jmp short 0061419C 00614145 EB 06 jmp short 0061414D 00614147 E8 00217254 call 54D3624C 0061414C 0AE8 or ch, al 0061414E 04 00 add al, 0 00614150 0000 add byte ptr [eax], al 00614152 EA EB0CB85F EB0>jmp far 01EB:5FB80CEB 00614159 E8 47EB01E5 call E5632CA5 0061415E FFE7 jmp edi 00614160 835F EB 05 **b dword ptr [edi-15], 5 00614164 - E9 0F5063F1 jmp F1C49178 00614169 66:9D popfw 0061416B EB 06 jmp short 00614173 0061416D E8 00104100 call 00A25172 00614172 888D B5E80000 mov byte ptr [ebp+E8B5], cl 00614178 0056 50 add byte ptr [esi+50], dl 0061417B 72 07 jb short 00614184 0061417D 73 05 jnb short 00614184 0061417F 880F mov byte ptr [edi], cl 00614181 E0 3E loopdne short 006141C1 00614183 00FF add bh, bh 00614185 95 xchg eax, ebp 00614186 8F00 pop dword ptr [eax] 00614188 0000 add byte ptr [eax], al 0061418A 66:9C pushfw 0061418C EB 06 jmp short 00614194 0061418E E8 01AADB3D call 3E3CEB94 00614193 006A 02 add byte ptr [edx+2], ch 00614196 EB 06 jmp short 0061419E 00614198 E8 A0994700 call 00A8DB3D 0061419D 9A 7311EB05 E80>call far 0AE8:05EB1173 006141A4 0029 add byte ptr [ecx], ch 006141A6 E9 E80C0000 jmp 00614E93 006141AB 008B FF0F41FE add byte ptr [ebx+FE410FFF], cl 006141B1 ^ 73 F4 jnb short 006141A7 006141B3 9A 20143100 83C>call far C483:00311420 006141BA 04 EB add al, 0EB 006141BC 04 D0 add al, 0D0 006141BE 39C7 cmp edi, eax 006141C0 00FF add bh, bh 006141C2 0C 24 or al, 24 006141C4 71 04 jno short 006141CA 006141C6 BA 88260079 mov edx, 79002688 006141CB D27A 01 sar byte ptr [edx+1], cl 006141CE E7 83 out 83, eax 006141D0 C40466 les eax, fword ptr [esi] 006141D3 9D popfd 006141D4 EB 05 jmp short 006141DB 006141D6 B8 EF0F410F mov eax, 0F410FEF 006141DB 8985 F5000000 mov dword ptr [ebp+F5], eax 006141E1 6A 04 push 4 006141E3 68 00100000 push 1000 006141E8 FFB5 E4000000 push dword ptr [ebp+E4] 006141EE 6A 00 push 0 006141F0 FF95 F5000000 call dword ptr [ebp+F5] 006141F6 50 push eax 006141F7 8B9D E0000000 mov ebx, dword ptr [ebp+E0] 006141FD 03DD add ebx, ebp 006141FF 8BCD mov ecx, ebp 00614201 50 push eax 00614202 53 push ebx 00614203 E8 06000000 call 0061420E 00614208 5A pop edx 00614209 8BC2 mov eax, edx 0061420B 51 push ecx 0061420C FFE0 jmp eax 0061420E 60 pushad 0061420F 8B7424 24 mov esi, dword ptr [esp+24] 00614213 8B7C24 28 mov edi, dword ptr [esp+28] 00614217 FC cld 00614218 B2 80 mov dl, 80 0061421A 33DB xor ebx, ebx 0061421C A4 movs byte ptr es:[edi], byte ptr [esi> 0061421D B3 02 mov bl, 2 0061421F E8 6D000000 call 00614291 00614224 ^ 73 F6 jnb short 0061421C 00614226 33C9 xor ecx, ecx 00614228 E8 64000000 call 00614291 0061422D 73 1C jnb short 0061424B 0061422F 33C0 xor eax, eax 00614231 E8 5B000000 call 00614291 00614236 73 23 jnb short 0061425B 00614238 B3 02 mov bl, 2 0061423A 41 inc ecx 0061423B B0 10 mov al, 10 0061423D E8 4F000000 call 00614291 00614242 12C0 adc al, al 00614244 ^ 73 F7 jnb short 0061423D 00614246 75 3F jnz short 00614287 00614248 AA stos byte ptr es:[edi] 00614249 ^ EB D4 jmp short 0061421F 0061424B E8 4D000000 call 0061429D 00614250 2BCB sub ecx, ebx 00614252 75 10 jnz short 00614264 00614254 E8 42000000 call 0061429B 00614259 EB 28 jmp short 00614283 0061425B AC lods byte ptr [esi] 0061425C D1E8 shr eax, 1 0061425E 74 4D je short 006142AD 00614260 13C9 adc ecx, ecx 00614262 EB 1C jmp short 00614280 00614264 91 xchg eax, ecx 00614265 48 dec eax 00614266 C1E0 08 shl eax, 8 00614269 AC lods byte ptr [esi] 0061426A E8 2C000000 call 0061429B 0061426F 3D 007D0000 cmp eax, 7D00 00614274 73 0A jnb short 00614280 00614276 80FC 05 cmp ah, 5 00614279 73 06 jnb short 00614281 0061427B 83F8 7F cmp eax, 7F 0061427E 77 02 ja short 00614282 00614280 41 inc ecx 00614281 41 inc ecx 00614282 95 xchg eax, ebp 00614283 8BC5 mov eax, ebp 00614285 B3 01 mov bl, 1 00614287 56 push esi 00614288 8BF7 mov esi, edi 0061428A 2BF0 sub esi, eax 0061428C F3:A4 rep movs byte ptr es:[edi], byte ptr> 0061428E 5E pop esi 0061428F ^ EB 8E jmp short 0061421F 00614291 02D2 add dl, dl 00614293 75 05 jnz short 0061429A 00614295 8A16 mov dl, byte ptr [esi] 00614297 46 inc esi 00614298 12D2 adc dl, dl 0061429A C3 retn 0061429B 33C9 xor ecx, ecx 0061429D 41 inc ecx 0061429E E8 EEFFFFFF call 00614291 006142A3 13C9 adc ecx, ecx 006142A5 E8 E7FFFFFF call 00614291 006142AA ^ 72 F2 jb short 0061429E 006142AC C3 retn 006142AD 2B7C24 28 sub edi, dword ptr [esp+28] 006142B1 897C24 1C mov dword ptr [esp+1C], edi 006142B5 61 popad 006142B6 C2 0800 retn 8 006142B9 E8 7005C302 call 0324482E 006142BE 0F01 ??? ; 未知命令 006142C0 ^ EB BF jmp short 00614281 006142C2 9E sahf 006142C3 6C ins byte ptr es:[edi], dx 006142C4 FB sti 006142C5 1283 1CC404B9 adc al, byte ptr [ebx+B904C41C] 006142CB B7 23 mov bh, 23 006142CD D6 salc 006142CE 1F pop ds 006142CF 0B3B or edi, dword ptr [ebx] 006142D1 ^ EB FA jmp short 006142CD 006142D3 B3 16 mov bl, 16 006142D5 0FE9C3 psubsw mm0, mm3 006142D8 F8 clc 006142D9 3E:0A58 8F or bl, byte ptr [eax-71] 006142DD 090F or dword ptr [edi], ecx 006142DF 25 E6F2FF02 and eax, 2FFF2E6 006142E4 EE out dx, al 006142E5 B9 1B4975F1 mov ecx, F175491B 006142EA 5E pop esi 006142EB 93 xchg eax, ebx 006142EC F9 stc 006142ED A0 F0D63318 mov al, byte ptr [1833D6F0] 006142F2 F6E8 imul al 006142F4 1045 8B adc byte ptr [ebp-75], al 006142F7 64:392408 cmp dword ptr fs:[eax+ecx], esp 006142FB A8 8F test al, 8F 006142FD 49 dec ecx 006142FE C3 retn 006142FF 51 push ecx 00614300 13C7 adc eax, edi 00614302 83F9 FF cmp ecx, -1 00614305 35 470C7289 xor eax, 89720C47 0061430A 25 8107ADCD and eax, CDAD0781 0061430F 204E 54 and byte ptr [esi+54], cl 00614312 E4 41 in al, 41 00614314 208B 5C240CD0 and byte ptr [ebx+D00C245C], cl 0061431A A3 C4D08B58 mov dword ptr [588BD0C4], eax 0061431F D199 15EB1458 rcr dword ptr [ecx+5814EB15], 1 00614325 A0 33C99905 mov al, byte ptr [599C933] 0061432A F7F1 div ecx 0061432C - E9 E80831C0 jmp C0924C19 00614331 83C0 D0 add eax, -30 00614334 50 push eax 00614335 C3 retn 00614336 33FF xor edi, edi 00614338 58 pop eax 00614339 0E push cs 0061433A 02AB E0291C0C add ch, byte ptr [ebx+C1C29E0] 00614340 D6 salc 00614341 5A pop edx 00614342 1D AA487E7D **b eax, 7D7E48AA 00614347 81EB 010F31F0 sub ebx, F0310F01 0061434D D5 0C aad 0C 0061434F F5 cmc 00614350 C8 E50350 enter 3E5, 50 00614354 CD 59 int 59 00614356 74 05 je short 0061435D 00614358 1F pop ds 00614359 ^ 75 F8 jnz short 00614353 0061435B 51 push ecx 0061435C CF iretd 0061435D F1 int1 0061435E E8 B843C784 call 8528871B 00614363 C5C7 lds eax, edi ; 非法使用寄存器 00614365 01E9 add ecx, ebp 00614367 0A92 07999435 or dl, byte ptr [edx+35949907] 0061436D 13B9 DA13EE1C adc edi, dword ptr [ecx+1CEE13DA] 00614373 1913 **b dword ptr [ebx], edx 00614375 EB 0B jmp short 00614382 00614377 2E:02A2 F8BDD93>add ah, byte ptr cs:[edx+3DD9BDF8] 0061437E 36:E8 5FBEFD4B call 4C5F01E3 00614384 52 push edx 00614385 E4 6E in al, 6E 00614387 BF 4357BD4B mov edi, 4BBD5743 0061438C 1890 EDEB4681 **b byte ptr [eax+8146EBED], dl 00614392 A9 5E56A47F test eax, 7FA4565E 00614397 D0D0 rcl al, 1 00614399 A8 AA test al, 0AA 0061439B D041 FA rol byte ptr [ecx-6], 1 0061439E D0AF BD33ACEF shr byte ptr [edi+EFAC33BD], 1 006143A4 49 dec ecx 006143A5 19AF D4B0FAD0 **b dword ptr [edi+D0FAB0D4], ebp 006143AB EF out dx, eax 006143AC AF scas dword ptr es:[edi] 006143AD 92 xchg eax, edx 006143AE 2F das 006143AF 87F4 xchg esp, esi 006143B1 8A2E mov ch, byte ptr [esi] 006143B3 AD lods dword ptr [esi] 006143B4 5E pop esi 006143B5 69E4 8F2BB47E imul esp, esp, 7EB42B8F 006143BB F7B5 3AE3428D div dword ptr [ebp+8D42E33A] 006143C1 BE D12DA923 mov esi, 23A92DD1 006143C6 B3 B4 mov bl, 0B4 006143C8 B7 4D mov bh, 4D 006143CA AB stos dword ptr es:[edi] 006143CB 59 pop ecx 006143CC 25 BED72A42 and eax, 422AD7BE 006143D1 F5 cmc 006143D2 7A 38 jpe short 0061440C 006143D4 B4 B7 mov ah, 0B7 006143D6 B1 A9 mov cl, 0A9 006143D8 2C 45 sub al, 45 006143DA AE scas byte ptr es:[edi] 006143DB D17F BF sar dword ptr [edi-41], 1 006143DE 4B dec ebx 006143DF 6B13 A4 imul edx, dword ptr [ebx], -5C 006143E2 7A 65 jpe short 00614449 006143E4 F4 hlt 006143E5 E6 1E out 1E, al 006143E7 EA 4A3A58D0 B9E>jmp far EBB9:D0583A4A 006143EE E5 8E in eax, 8E 006143F0 CC int3 006143F1 FD std 006143F2 4E dec esi 006143F3 CD FD int 0FD 006143F5 73 50 jnb short 00614447 006143F7 ED in eax, dx 006143F8 1F pop ds 006143F9 2D B5E2EFAB sub eax, ABEFE2B5 006143FE D4 74 aam 74 00614400 FA cli 00614401 D088 FE43E3FA ror byte ptr [eax+FAE343FE], 1 00614407 43 inc ebx 00614408 2F das 00614409 FB sti 0061440A 97 xchg eax, edi 0061440B CE into 0061440C 15 FD22A8AB adc eax, ABA822FD 00614411 92 xchg eax, edx 00614412 2B36 sub esi, dword ptr [esi] 00614414 A5 movs dword ptr es:[edi], dword ptr [e> 00614415 E6 01 out 1, al 00614417 BE 489DAEE4 mov esi, E4AE9D48 0061441C ^ 7F F1 jg short 0061440F 0061441E D0C9 ror cl, 1 00614420 FA cli 00614421 4A dec edx 00614422 DA76 FD fidiv dword ptr [esi-3] 00614425 6328 arpl word ptr [eax], bp 00614427 AB stos dword ptr es:[edi] 00614428 E4 6B in al, 6B 0061442A 2F das 0061442B BB AD3E6E90 mov ebx, 906E3EAD 00614430 A4 movs byte ptr es:[edi], byte ptr [esi> 00614431 F9 stc 00614432 F9 stc 00614433 FF92 E2E1AF4B call dword ptr [edx+4BAFE1E2] 00614439 8A1F mov bl, byte ptr [edi] 0061443B ED in eax, dx 0061443C 0021 add byte ptr [ecx], ah 0061443E 5A pop edx 0061443F 66:9C pushfw 00614441 DF3C1F fistp qword ptr [edi+ebx] 00614444 57 push edi 00614445 98 cwde 00614446 06 push es 00614447 1C 21 **b al, 21 00614449 72 3B jb short 00614486 0061444B 54 push esp 0061444C 0A4B 93 or cl, byte ptr [ebx-6D] 0061444F 48 dec eax 00614450 EA 1B56B85F 2CE>jmp far E32C:5FB8561B 00614457 47 inc edi 00614458 06 push es 00614459 08E5 or ch, ah 0061445B FFE7 jmp edi 0061445D 8316 28 adc dword ptr [esi], 28 00614460 05 E9AD0A63 add eax, 630AADE9 00614465 F1 int1 00614466 66:9D popfw 00614468 26:0E push cs 0061446A 1041 01 adc byte ptr [ecx+1], al 0061446D 8883 EA059C80 mov byte ptr [ebx+809C05EA], al 00614473 48 dec eax 00614474 0020 add byte ptr [eax], ah 00614476 40 inc eax 00614477 F0:1A59 7A lock **b bl, byte ptr [ecx+7A] ; 不允许锁定前缀 0061447B 41 inc ecx 0061447C F5 cmc 0061447D C17B E7 86 sar dword ptr [ebx-19], 86 00614481 2203 and al, byte ptr [ebx] 00614483 F4 hlt 00614484 815D 8F 8215830>**b dword ptr [ebp-71], 2831582 0061448B 0E push cs 0061448C 12AD BCFC3C2A adc ch, byte ptr [ebp+2A3CFCBC] 00614492 0100 add dword ptr [eax], eax 00614494 BD E0D0A059 mov ebp, 59A0D0E0 00614499 EB 25 jmp short 006144C0 0061449B 98 cwde 0061449C 0A53 71 or dl, byte ptr [ebx+71] 0061449F 67:04 2B add al, 2B 006144A2 3A80 6877A7F6 cmp al, byte ptr [eax+F6A77768] 006144A8 7B ED jpo short 00614497 006144AA EC in al, dx 006144AB 18DB **b bl, bl 006144AD 1E push ds 006144AE F1 int1 006144AF 62EE bound ebp, esi ; 非法使用寄存器 006144B1 35 0723223F xor eax, 3F222307 006144B6 10B2 80F5A845 adc byte ptr [edx+45A8F580], dh 006144BC 65:F0:0112 lock add dword ptr gs:[edx], edx 006144C0 BB 5DB9F42F mov ebx, 2FF4B95D 006144C5 70 07 jo short 006144CE 006144C7 06 push es 006144C8 71 04 jno short 006144CE 006144CA A8 C8 test al, 0C8 006144CC FE03 inc byte ptr [ebx] 006144CE 8DB5 8F031D74 lea esi, dword ptr [ebp+741D038F] 006144D4 0875 06 or byte ptr [ebp+6], dh 006144D7 9A 81E03DC0 E88>call far 8DE8:C03DE081 006144DE 18BA 5C0C2078 **b byte ptr [edx+78200C5C], bh 006144E4 07 pop es 006144E5 1279 05 adc bh, byte ptr [ecx+5] 006144E8 EA 003F41FF 8B0>jmp far 068B:FF413F00 006144EF 89F6 mov esi, esi 006144F1 8339 C6 cmp dword ptr [ecx], -3A 006144F4 04 B9 add al, 0B9 006144F6 C7 ??? ; 未知命令 006144F7 95 xchg eax, ebp 006144F8 ^ E2 F4 loopd short 006144EE 006144FA 33C2 xor eax, edx 006144FC 850E test dword ptr [esi], ecx 006144FE 0200 add al, byte ptr [eax] 00614500 72 07 jb short 00614509 00614502 73 05 jnb short 00614509 00614504 0E push cs 00614505 880F mov byte ptr [edi], cl 00614507 E0 3E loopdne short 00614547 00614509 0289 82849E32 add cl, byte ptr [ecx+329E8482] 0061450F 34 85 xor al, 85 00614511 F5 cmc 00614512 A3 50EFC50F mov dword ptr [FC5EF50], eax 00614517 AC lods byte ptr [esi] 00614518 99 cdq 00614519 A7 cmps dword ptr [esi], dword ptr es:[e> 0061451A E2 09 loopd short 00614525 0061451C 72 0C jb short 0061452A 0061451E 87B9 B8B60B29 xchg dword ptr [ecx+290BB6B8], edi 00614524 0FDD3E paddusw mm7, qword ptr [esi] 00614527 8305 CFF26176 A>add dword ptr [7661F2CF], -58 0061452E 0D AC224344 or eax, 444322AC 00614533 E5 20 in eax, 20 00614535 A1 970350EF mov eax, dword ptr [EF500397] 0061453A 05 CECF1940 add eax, 4019CFCE 0061453F 60 pushad 00614540 B8 9068108B mov eax, 8B106890 00614545 EA 6AE0FF7E 95C>jmp far CC95:7EFFE06A 0061454C 15 5145DD7F adc eax, 7FDD4551 00614551 DC34BB fdiv qword ptr [ebx+edi*4] 00614554 3199 85383332 xor dword ptr [ecx+32333885], ebx 0061455A B8 87A51210 mov eax, 1012A587 0061455F E7 AA out 0AA, eax 00614561 04 66 add al, 66 00614563 87C8 xchg eax, ecx 00614565 99 cdq 00614566 8287 C16850E8 F>add byte ptr [edi+E85068C1], -1 0061456D 30E1 xor cl, ah 0061456F - E9 8506B822 jmp 23194BF9 00614574 0D 213FEF91 or eax, 91EF3F21 00614579 3820 cmp byte ptr [eax], ah 0061457B 3E:D4 03 aam 3 0061457E D323 shl dword ptr [ebx], cl 00614580 F2: prefix repne: 00614581 8985 6C688370 mov dword ptr [ebp+7083686C], eax 00614587 35 A84B4840 xor eax, 40484BA8 0061458C B3 DF mov bl, 0DF 0061458E 15 31BC630C adc eax, 0C63BC31 00614593 F0:0F681E lock punpckhbw mm3, qword ptr [esi] ; 不允许锁定前缀 00614597 64:F719 neg dword ptr fs:[ecx] 0061459A 8845 56 mov byte ptr [ebp+56], al 0061459D 4A dec edx 0061459E D342 72 rol dword ptr [edx+72], cl 006145A1 030B add ecx, dword ptr [ebx] 006145A3 C075 07 56 sal byte ptr [ebp+7], 56 006145A7 2216 and dl, byte ptr [esi] 006145A9 64:85DE test esi, ebx 006145AC 898B F01E1C22 mov dword ptr [ebx+221C1EF0], ecx 006145B2 9D popfd 006145B3 95 xchg eax, ebp 006145B4 0053 56 add byte ptr [ebx+56], dl 006145B7 76 07 jbe short 006145C0 006145B9 77 05 ja short 006145C0 006145BB E7 BB out 0BB, eax 006145BD 35 EC3E6F6D xor eax, 6D6F3EEC 006145C2 2D 91EEA118 sub eax, 18A1EE91 006145C7 BB B50B833C mov ebx, 3C830BB5 006145CC 61 popad 006145CD 2B2484 sub esp, dword ptr [esp+eax*4] 006145D0 24 01 and al, 1 006145D2 92 xchg eax, edx 006145D3 5F pop edi 006145D4 6A 1C push 1C 006145D6 8D26 lea esp, dword ptr [esi] 006145D8 C9 leave 006145D9 85FF test edi, edi 006145DB 34 2B xor al, 2B 006145DD 27 daa 006145DE DAC8 fcmove st, st 006145E0 9B wait 006145E1 5B pop ebx 006145E2 AA stos byte ptr es:[edi] 006145E3 90 nop 006145E4 C3 retn 006145E5 03C5 add eax, ebp 006145E7 EC in al, dx 006145E8 78 57 js short 00614641 006145EA 04 67 add al, 67 006145EC 42 inc edx 006145ED 65:8203 BD add byte ptr gs:[ebx], -43 006145F1 6C ins byte ptr es:[edi], dx 006145F2 2256 57 and dl, byte ptr [esi+57] 006145F5 BA 5647035E mov edx, 5E034756 006145FA 8187 84232062 4>add dword ptr [edi+62202384], 615567> 00614604 71 50 jno short 00614656 00614606 820E 90 or byte ptr [esi], FFFFFF90 00614609 8665 10 xchg byte ptr [ebp+10], ah 0061460C C6 ??? ; 未知命令 0061460D 3270 9B xor dh, byte ptr [eax-65] 00614610 4C dec esp 00614611 2279 24 and bh, byte ptr [ecx+24] 00614614 E6 66 out 66, al 00614616 26:B2 88 mov dl, 88 00614619 9A E9120600 51E>call far E551:000612E9 00614620 8090 3EFFB03D 6>adc byte ptr [eax+3DB0FF3E], 6A 00614627 E8 24C72A6A call 6A8C0D50 0061462C D20A ror byte ptr [edx], cl 0061462E 6E outs dx, byte ptr es:[edi] 0061462F CA 808B retf 8B80 00614632 0C 2B or al, 2B 00614634 56 push esi 00614635 F3: prefix rep: 00614636 12A45E 53080A80 adc ah, byte ptr [esi+ebx*2+800A0853> 0061463D 2807 sub byte ptr [edi], al 0061463F A9 65A1105B test eax, 5B10A165 00614644 83C3 EC add ebx, -14 00614647 - E9 3ED2FED3 jmp D460188A 0061464C ^ E3 BA jecxz short 00614608 0061464E 48 dec eax 0061464F 8713 xchg dword ptr [ebx], edx 00614651 70 0C jo short 0061465F 00614653 39E6 cmp esi, esp 00614655 40 inc eax 00614656 DA0F fimul dword ptr [edi] 00614658 85CD test ebp, ecx 0061465A 49 dec ecx 0061465B 03D7 add edx, edi 0061465D A1 BD78A93E mov eax, dword ptr [3EA978BD] 00614662 76 5A jbe short 006146BE 00614664 96 xchg eax, esi 00614665 D991 CEC2770C fst dword ptr [ecx+C77C2CE] 0061466B 66:CB retf 0061466D 1801 **b byte ptr [ecx], al 0061466F AA stos byte ptr es:[edi] 00614670 DB ??? ; 未知命令 00614671 4C dec esp 00614672 6A 02 push 2 00614674 C3 retn 00614675 15 A0994780 adc eax, 804799A0 0061467A 9A 73119A6A 700>call far 0A70:6A9A1173 00614681 4C dec esp 00614682 2997 220C308B sub dword ptr [edi+8B300C22], edx 00614688 FF54FE 73 call dword ptr [esi+edi*8+73] 0061468C F4 hlt 0061468D 099A 201431B0 or dword ptr [edx+B0311420], ebx 00614693 6A D0 push -30 00614695 3948 C7 cmp dword ptr [eax-39], ecx 00614698 EB 18 jmp short 006146B2 0061469A 0C 24 or al, 24 0061469C F8 clc 0061469D BA 88702606 mov edx, 6267088 006146A2 ^ 79 D2 jns short 00614676 006146A4 7A 01 jpe short 006146A7 006146A6 E7 2F out 2F, eax 006146A8 91 xchg eax, ecx 006146A9 - E9 0DB8EF54 jmp 5550FEBB 006146AE C8 0BF62C enter 0F60B, 2C 006146B2 75 38 jnz short 006146EC 006146B4 20D7 and bh, dl 006146B6 8F ??? ; 未知命令 006146B7 - E9 07927AB4 jmp B4DBD8C3 006146BC C403 les eax, fword ptr [ebx] 006146BE B5 CD mov ch, 0CD 006146C0 55 push ebp 006146C1 5B pop ebx 006146C2 BB A4CA1BD3 mov ebx, D31BCAA4 006146C7 7B 98 jpo short 00614661 006146C9 D214F8 rcl byte ptr [eax+edi*8], cl 006146CC EA EE891716 E61>jmp far 1FE6:161789EE 006146D3 D275 03 sal byte ptr [ebp+3], cl 006146D6 8957 10 mov dword ptr [edi+10], edx 006146D9 16 push ss 006146DA E5 FA in eax, 0FA 006146DC 95 xchg eax, ebp 006146DD 46 inc esi 006146DE 6C ins byte ptr es:[edi], dx 006146DF C2 8B5F retn 5F8B 006146E2 1045 E2 adc byte ptr [ebp-1E], al 006146E5 8503 test dword ptr [ebx], eax 006146E7 9D popfd 006146E8 6C ins byte ptr es:[edi], dx 006146E9 9A BB53E5AB 128>call far 8B12:ABE553BB 006146F0 025433 4C add dl, byte ptr [ebx+esi+4C] 006146F4 30FA xor dl, bh 006146F6 75 53 jnz short 0061474B 006146F8 52 push edx 006146F9 99 cdq 006146FA A9 9A1C2C84 test eax, 842C1C9A 006146FF 42 inc edx 00614700 A9 90A2E285 test eax, 85E2A290 00614705 132D 6625403C adc ebp, dword ptr [3C402566] 0061470B 7F 50 jg short 0061475D 0061470D 49 dec ecx 0061470E 56 push esi 0061470F 5B pop ebx 00614710 EF out dx, eax 00614711 58 pop eax 00614712 26:EE out dx, al 00614714 D6 salc 00614715 24 DE and al, 0DE 00614717 2BB404 89035A5B sub esi, dword ptr [esp+eax+5B5A0389> 0061471E 8B38 mov edi, dword ptr [eax] 00614720 0983 C2041653 or dword ptr [ebx+531604C2], eax 00614726 98 cwde 00614727 CE into 00614728 F9 stc 00614729 236C85 E9 and ebp, dword ptr [ebp+eax*4-17] 0061472D AA stos byte ptr es:[edi] 0061472E 90 nop 0061472F D883 C7149159 fadd dword ptr [ebx+599114C7] 00614735 D5 86 aad 86 00614737 - E9 60FCB2EA jmp EB14439C 0061473C 51 push ecx 0061473D 65:0273 95 add dh, byte ptr gs:[ebx-6B] 00614741 88C4 mov ah, al 00614743 0378 D5 add edi, dword ptr [eax-2B] 00614746 123A adc bh, byte ptr [edx] 00614748 0BFF or edi, edi 0061474A 44 inc esp 0061474B 6B3E 02 imul edi, dword ptr [esi], 2 0061474E 9A EC53E988 BD7>call far 7FBD:88E953EC 00614755 CA 023C retf 3C02 00614758 0B8B F25635D0 or ecx, dword ptr [ebx+D03556F2] 0061475E - E9 B7CBE995 jmp 964B131A 00614763 90 nop 00614764 A6 cmps byte ptr [esi], byte ptr es:[edi> 00614765 D5 DD aad 0DD 00614767 24 69 and al, 69 00614769 F7840F B64EA3B0>test dword ptr [edi+ecx+B0A34EB6], A0> 00614774 03F1 add esi, ecx 00614776 8B5CD6 27 mov ebx, dword ptr [esi+edx*8+27] 0061477A 3A42 A6 cmp al, byte ptr [edx-5A] 0061477D 0A5A 9A or bl, byte ptr [edx-66] 00614780 51 push ecx 00614781 D86446 7E fsub dword ptr [esi+eax*2+7E] 00614785 387F 52 cmp byte ptr [edi+52], bh 00614788 F1 int1 00614789 61 popad 0061478A 1D 2289B489 **b eax, 89B48922 0061478F A0 4EF3CF89 mov al, byte ptr [89CFF34E] 00614794 2C 5A sub al, 5A 00614796 ^ 7D EB jge short 00614783 00614798 6E outs dx, byte ptr es:[edi] 00614799 24 70 and al, 70 0061479B 34 36 xor al, 36 0061479D F9 stc 0061479E B3 47 mov bl, 47 006147A0 BA 42E103D0 mov edx, D003E142 006147A5 D278 DB sar byte ptr [eax-25], cl 006147A8 0359 E2 add ebx, dword ptr [ecx-1E] 006147AB 95 xchg eax, ebp 006147AC - E9 B7FDEFEA jmp EB514568 006147B1 41 inc ecx 006147B2 ^ E1 8B loopde short 0061473F 006147B4 8574A1 49 test dword ptr [ecx+49], esi 006147B8 E6 D7 out 0D7, al 006147BA 8E83 F8807527 mov es, word ptr [ebx+277580F8] 006147C0 8BBD 7CC0BD03 mov edi, dword ptr [ebp+3BDC07C] 006147C6 FD std 006147C7 8DB5 659A27FC lea esi, dword ptr [ebp+FC279A65] 006147CD 07 pop es 006147CE AB stos dword ptr es:[edi] 006147CF E3 2E jecxz short 006147FF 006147D1 A2 11036FA0 mov byte ptr [A06F0311], al 006147D6 DE2B fisubr word ptr [ebx] 006147D8 D889 5850FC94 fmul dword ptr [ecx+94FC5058] 006147DE 082D EBE78462 or byte ptr [6284E7EB], ch 006147E4 305F 85 xor byte ptr [edi-7B], bl 006147E7 85C0 test eax, eax 006147E9 ^ 78 C1 js short 006147AC 006147EB 4E dec esi 006147EC 40 inc eax 006147ED 0C 9D or al, 9D 006147EF 07 pop es 006147F0 C7 ??? ; 未知命令 006147F1 93 xchg eax, ebx 006147F2 20D1 and cl, dl 006147F4 4A dec edx 006147F5 EB 1C jmp short 00614813 006147F7 6923 C085D279 imul esp, dword ptr [ebx], 79D285C0 006147FD 1083 267A08FE adc byte ptr [ebx+FE087A26], al 00614803 000A add byte ptr [edx], cl 00614805 8B52 04 mov edx, dword ptr [edx+4] 00614808 C742 50 501E643>mov dword ptr [edx+50], 36641E50 0061480F A1 1E6D6BCA mov eax, dword ptr [CA6B6D1E] 00614814 A8 17 test al, 17 00614816 2859 0B sub byte ptr [ecx+B], bl 00614819 0C 05 or al, 5 0061481B 83F9 FE cmp ecx, -2 0061481E 0223 add ah, byte ptr [ebx] 00614820 2982 AD700B71 sub dword ptr [edx+710B70AD], eax 00614826 15 E285809D adc eax, 9D8085E2 0061482B F7F2 div edx 0061482D C2 E75B retn 5BE7 00614830 5E pop esi 00614831 49 dec ecx 00614832 09CF or edi, ecx 00614834 9D popfd 00614835 8658 50 xchg byte ptr [eax+50], bl 00614838 8BFA mov edi, edx 0061483A 60 pushad 0061483B E6 D8 out 0D8, al 0061483D B4 F0 mov ah, 0F0 0061483F 6C ins byte ptr es:[edi], dx 00614840 035D FE add ebx, dword ptr [ebp-2] 00614843 6D ins dword ptr es:[edi], dx 00614844 CF iretd 00614845 847B DD test byte ptr [ebx-23], bh 00614848 92 xchg eax, edx 00614849 B5 33 mov ch, 33 0061484B 6A F5 push -0B 0061484D F0:06 lock push es ; 不允许锁定前缀 0061484F 33D2 xor edx, edx 00614851 30B9 0231F7E1 xor byte ptr [ecx+E1F73102], bh 00614857 D103 rol dword ptr [ebx], 1 00614859 E8 3BF87510 call 10D74099 0061485E 0AFD or bh, ch 00614860 813F E9A6A623 cmp dword ptr [edi], 23A6A6E9 00614866 1A98 AA0F83C6 **b bl, byte ptr [eax+C6830FAA] 0061486C 5B pop ebx 0061486D 086F 2E or byte ptr [edi+2E], ch 00614870 48 dec eax 00614871 45 inc ebp 00614872 AC lods byte ptr [esi] 00614873 EB 4C jmp short 006148C1 00614875 AD lods dword ptr [esi] 00614876 ^ 77 BD ja short 00614835 00614878 284D FB sub byte ptr [ebp-5], cl 0061487B 8F46 81 pop dword ptr [esi-7F] 0061487E 8903 mov dword ptr [ebx], eax 00614880 61 popad 00614881 58 pop eax 00614882 DE4A 3A fimul word ptr [edx+3A] 00614885 1B0B **b ecx, dword ptr [ebx] 00614887 41 inc ecx 00614888 3D 0EC29D01 cmp eax, 19DC20E 0061488D 9C pushfd 0061488E 0122 add dword ptr [edx], esp 00614890 3830 cmp byte ptr [eax], dh 00614892 1218 adc bl, byte ptr [eax] 00614894 55 push ebp 00614895 0D 0E704354 or eax, 5443700E 0061489A 11144B adc dword ptr [ebx+ecx*2], edx 0061489D 1C 45 **b al, 45 0061489F 52 push edx 006148A0 4E dec esi 006148A1 C04C33 32 2E ror byte ptr [ebx+esi+32], 2E 006148A6 64:6C ins byte ptr es:[edi], dx 006148A8 ^ E3 C0 jecxz short 0061486A 006148AA 56 push esi 006148AB 690F 72747561 imul ecx, dword ptr [edi], 61757472 006148B1 2E:46 inc esi 006148B3 CE into 006148B4 65:35 1D034578 xor eax, 7845031D 006148BA 697450 E9 6F63F>imul esi, dword ptr [eax+edx*2-17], 7> 006148C2 C6 ??? ; 未知命令 006148C3 90 nop 006148C4 42 inc edx 006148C5 90 nop 006148C6 1382 FA7F3864 adc eax, dword ptr [edx+64387FFA] 006148CC 0852 01 or byte ptr [edx+1], dl 006148CF ^ EB 80 jmp short 00614851 006148D1 8E1440 mov ss, word ptr [eax+eax*2] 006148D4 80B8 38315232 8>cmp byte ptr [eax+32523138], 86 006148DB 11BC24 7E48C091 adc dword ptr [esp+91C0487E], edi 006148E2 76 22 jbe short 00614906 006148E4 C4446E C8 les eax, fword ptr [esi+ebp*2-38] 006148E8 8966 12 mov dword ptr [esi+12], esp 006148EB CC int3 006148EC 24 5E and al, 5E 006148EE 48 dec eax 006148EF D091 5622D444 rcl byte ptr [ecx+44D42256], 1 006148F5 2AD8 sub bl, al 006148F7 8922 mov dword ptr [edx], esp 006148F9 12DC adc bl, ah 006148FB 24 1A and al, 1A 006148FD 48 dec eax 006148FE ^ E0 91 loopdne short 00614891 00614900 1222 adc ah, byte ptr [edx] 00614902 E4 20 in al, 20 00614904 F2: prefix repne: 00614905 1344E8 EA adc eax, dword ptr [eax+ebp*8-16] 00614909 89EC mov esp, ebp 0061490B 12CA adc cl, dl 0061490D 24 F0 and al, 0F0 0061490F 48 dec eax 00614910 C2 91F4 retn 0F491 00614913 22BA 44F8AA89 and bh, byte ptr [edx+89AAF844] 00614919 FC cld 0061491A 12A2 2E083211 adc ah, byte ptr [edx+1132082E] 00614920 9A 22044492 088>call far 8908:92440422 00614927 8A12 mov dl, byte ptr [edx] 00614929 0C 24 or al, 24 0061492B 8248 10 91 or byte ptr [eax+10], FFFFFF91 0061492F 7A 22 jpe short 00614953 00614931 14 44 adc al, 44 00614933 72 18 jb short 0061494D 00614935 896A 12 mov dword ptr [edx+12], ebp 00614938 1C 24 **b al, 24 0061493A 6248 20 bound ecx, qword ptr [eax+20] 0061493D 91 xchg eax, ecx 0061493E 5A pop edx 0061493F 2224F5 12282442 and ah, byte ptr [esi*8+42242812] 00614946 48 dec eax 00614947 2C 91 sub al, 91 00614949 3A22 cmp ah, byte ptr [edx] 0061494B 30F7 xor bh, dh 0061494D 123424 adc dh, byte ptr [esp] 00614950 2248 38 and cl, byte ptr [eax+38] 00614953 91 xchg eax, ecx 00614954 1A22 **b ah, byte ptr [edx] 00614956 3C 45 cmp al, 45 00614958 12EA adc ch, dl 0061495A 24 0A and al, 0A 0061495C 48 dec eax 0061495D 44 inc esp 0061495E 91 xchg eax, ecx 0061495F 0222 add ah, byte ptr [edx] 00614961 48 dec eax 00614962 20FA and dl, bh 00614964 12444C 1A adc al, byte ptr [esp+ecx*2+1A] 00614968 46 inc esi 00614969 2F das 0061496A 32F2 xor dh, dl 0061496C 2150 26 and dword ptr [eax+26], edx 0061496F EA 114454E2 895>jmp far 5889:E2544411 00614976 12DA adc bl, dl 00614978 24 5C and al, 5C 0061497A 48 dec eax 0061497B D291 6022CA44 rcl byte ptr [ecx+44CA2260], cl 00614981 64:C640 36 6C mov byte ptr fs:[eax+36], 6C 00614986 89B2 91A17032 mov dword ptr [edx+3270A191], esi 0061498C 4A dec edx 0061498D 117424 2A adc dword ptr [esp+2A], esi 00614991 48 dec eax 00614992 ^ 78 91 js short 00614925 00614994 E2 79 loopd short 00614A0F 00614996 89DA mov edx, ebx 00614998 128424 D2488888 adc al, byte ptr [esp+888848D2] 0061499F 0A1411 or dl, byte ptr [ecx+edx] 006149A2 90 nop 006149A3 2202 and al, byte ptr [edx] 006149A5 44 inc esp 006149A6 94 xchg eax, esp 006149A7 FA cli 006149A8 C8 319888 enter 9831, 88 006149AC E2 68 loopd short 00614A16 006149AE 11A0 32DA11A4 adc dword ptr [eax+A411DA32], esp 006149B4 24 D2 and al, 0D2 006149B6 48 dec eax 006149B7 A8 91 test al, 91 006149B9 CA 22AC retf 0AC22 006149BC 20B2 6B44B4AA and byte ptr [edx+AAB4446B], dh 006149C2 89B8 12A224BC mov dword ptr [eax+BC24A212], edi 006149C8 48 dec eax 006149C9 9A 91C02292 44C>call far C444:9222C091 006149D0 C2 406E retn 6E40 006149D3 CC int3 006149D4 89BA 12D024B2 mov dword ptr [edx+B224D012], edi 006149DA 48 dec eax 006149DB D4 91 aam 91 006149DD AA stos byte ptr es:[edi] 006149DE 22D8 and bl, al 006149E0 44 inc esp 006149E1 A2 DC899A12 mov byte ptr [129A89DC], al 006149E6 E0 24 loopdne short 00614A0C 006149E8 92 xchg eax, edx 006149E9 48 dec eax 006149EA E4 91 in al, 91 006149EC 8A22 mov ah, byte ptr [edx] 006149EE E8 4482EC89 call 8A4DCC37 006149F3 7A 12 jpe short 00614A07 006149F5 F0:24 72 lock and al, 72 ; 不允许锁定前缀 006149F8 48 dec eax 006149F9 F4 hlt 006149FA 91 xchg eax, ecx 006149FB 6A 22 push 22 006149FD F8 clc 006149FE 44 inc esp 006149FF 62FC bound edi, esp ; 非法使用寄存器 00614A01 895A 17 mov dword ptr [edx+17], ebx 00614A04 04 33 add al, 33 00614A06 1E push ds 00614A07 A2 44044A89 mov byte ptr [894A0444], al 00614A0C 0812 or byte ptr [edx], dl 00614A0E 42 inc edx 00614A0F 24 0C and al, 0C 00614A11 48 dec eax 00614A12 3A91 10223244 cmp dl, byte ptr [ecx+44322210] 00614A18 14 2A adc al, 2A 00614A1A 8918 mov dword ptr [eax], ebx 00614A1C 1222 adc ah, byte ptr [edx] 00614A1E 24 1C and al, 1C 00614A20 48 dec eax 00614A21 1A91 20221244 **b dl, byte ptr [ecx+44122220] 00614A27 24 0A and al, 0A 00614A29 8928 mov dword ptr [eax], ebp 00614A2B 1202 adc al, byte ptr [edx] 00614A2D 24 2C and al, 2C 00614A2F 44 inc esp 00614A30 FA cli 00614A31 6D ins dword ptr es:[edi], dx 00614A32 0830 or byte ptr [eax], dh 00614A34 91 xchg eax, ecx 00614A35 F2: prefix repne: 00614A36 223444 and dh, byte ptr [esp+eax*2] 00614A39 EA 3889E212 3C2>jmp far 243C:12E28938 00614A40 DA5E A2 ficomp dword ptr [esi-5E] 00614A43 44 inc esp 00614A44 D24489 CA rol byte ptr [ecx+ecx*4-36], cl 00614A48 1248 24 adc cl, byte ptr [eax+24] 00614A4B C2 484C retn 4C48 00614A4E 91 xchg eax, ecx 00614A4F BA 225044B2 mov edx, B2445022 00614A54 54 push esp 00614A55 89AA 125824A2 mov dword ptr [edx+A2245812], ebp 00614A5B 48 dec eax 00614A5C 5C pop esp 00614A5D 91 xchg eax, ecx 00614A5E 9A 22604492 648>call far 8964:92446022 00614A65 8A12 mov dl, byte ptr [edx] 00614A67 68 2482486C push 6C488224 00614A6C 91 xchg eax, ecx 00614A6D 7A 22 jpe short 00614A91 00614A6F 70 44 jo short 00614AB5 00614A71 72 74 jb short 00614AE7 00614A73 896A 12 mov dword ptr [edx+12], ebp 00614A76 78 24 js short 00614A9C 00614A78 6248 7C bound ecx, qword ptr [eax+7C] 00614A7B 91 xchg eax, ecx 00614A7C 5A pop edx 00614A7D ^ 79 8B jns short 00614A0A 00614A7F D4 48 aam 48 00614A81 8491 4A228844 test byte ptr [ecx+4488224A], dl 00614A87 42 inc edx 00614A88 8C89 3A129024 mov word ptr [ecx+2490123A], cs 00614A8E 3248 94 xor cl, byte ptr [eax-6C] 00614A91 91 xchg eax, ecx 00614A92 2A22 sub ah, byte ptr [edx] 00614A94 98 cwde 00614A95 44 inc esp 00614A96 229C89 1A12A024 and bl, byte ptr [ecx+ecx*4+24A0121A> 00614A9D 1248 A4 adc cl, byte ptr [eax-5C] 00614AA0 91 xchg eax, ecx 00614AA1 0A22 or ah, byte ptr [edx] 00614AA3 A8 44 test al, 44 00614AA5 02AC88 FA6C81B0 add ch, byte ptr [eax+ecx*4+B0816CFA> 00614AAC 12F2 adc dh, dl 00614AAE 24 B4 and al, 0B4 00614AB0 48 dec eax 00614AB1 EA 91B822E2 44B>jmp far BC44:E222B891 00614AB8 DA89 C012D224 fimul dword ptr [ecx+24D212C0] 00614ABE C448 CA les ecx, fword ptr [eax-36] 00614AC1 91 xchg eax, ecx 00614AC2 C8 22C244 enter 0C222, 44 00614AC6 CC int3 00614AC7 BA 89D012B2 mov edx, B212D089 00614ACC 24 D4 and al, 0D4 00614ACE 48 dec eax 00614ACF AA stos byte ptr es:[edi] 00614AD0 91 xchg eax, ecx 00614AD1 D822 fsub dword ptr [edx] 00614AD3 A2 44DC9A89 mov byte ptr [899ADC44], al 00614AD8 E0 12 loopdne short 00614AEC 00614ADA 92 xchg eax, edx 00614ADB 24 E4 and al, 0E4 00614ADD 48 dec eax 00614ADE 8A91 E8228244 mov dl, byte ptr [ecx+448222E8] 00614AE4 EC in al, dx 00614AE5 7A 89 jpe short 00614A70 00614AE7 F0:1272 24 lock adc dh, byte ptr [edx+24] ; 不允许锁定前缀 00614AEB F4 hlt 00614AEC 48 dec eax 00614AED 6A 91 push -6F 00614AEF F8 clc 00614AF0 2262 44 and ah, byte ptr [edx+44] 00614AF3 FC cld 00614AF4 5A pop edx 00614AF5 8B82 340F5122 mov eax, dword ptr [edx+22510F34] 00614AFB 04 44 add al, 44 00614AFD 4A dec edx 00614AFE 0889 42120C24 or byte ptr [ecx+240C1242], cl 00614B04 3A48 10 cmp cl, byte ptr [eax+10] 00614B07 91 xchg eax, ecx 00614B08 3222 xor ah, byte ptr [edx] 00614B0A 14 44 adc al, 44 00614B0C 2A18 sub bl, byte ptr [eax] 00614B0E 8922 mov dword ptr [edx], esp 00614B10 121C24 adc bl, byte ptr [esp] 00614B13 1A48 20 **b cl, byte ptr [eax+20] 00614B16 91 xchg eax, ecx 00614B17 1222 adc ah, byte ptr [edx] 00614B19 24 44 and al, 44 00614B1B 0A28 or ch, byte ptr [eax] 00614B1D 88E2 mov dl, ah 00614B1F 6B81 2C12D224 3>imul eax, dword ptr [ecx+24D2122C], 3> 00614B26 48 dec eax 00614B27 DAE4 fisub esp ; 非法使用寄存器 00614B29 CA 5FE2 retf 0E25F 00614B2C 44 inc esp 00614B2D C2 3889 retn 8938 00614B30 BA 123C22DA mov edx, DA223C12 00614B35 6E outs dx, byte ptr es:[edi] 00614B36 04 44 add al, 44 00614B38 48 dec eax 00614B39 D291 4822CA44 rcl byte ptr [ecx+44CA2248], cl 00614B3F 4C dec esp 00614B40 8A40 71 mov al, byte ptr [eax+71] 00614B43 54 push esp 00614B44 8982 1258247A mov dword ptr [edx+7A245812], eax 00614B4A 48 dec eax 00614B4B 5C pop esp 00614B4C 91 xchg eax, ecx 00614B4D 72 22 jb short 00614B71 00614B4F 60 pushad 00614B50 44 inc esp 00614B51 6A 64 push 64 00614B53 8962 12 mov dword ptr [edx+12], esp 00614B56 68 245A486C push 6C485A24 00614B5B BD 4470894A mov ebp, 4A897044 00614B60 127424 42 adc dh, byte ptr [esp+42] 00614B64 48 dec eax 00614B65 ^ 78 91 js short 00614AF8 00614B67 3A22 cmp ah, byte ptr [edx] 00614B69 7C 45 jl short 00614BB0 00614B6B 32E6 xor ah, dh 00614B6D 24 2A and al, 2A 00614B6F 48 dec eax 00614B70 8491 22228844 test byte ptr [ecx+44882222], dl 00614B76 1A8C89 12129024 **b cl, byte ptr [ecx+ecx*4+24901212> 00614B7D 0A48 94 or cl, byte ptr [eax-6C] 00614B80 91 xchg eax, ecx 00614B81 0222 add ah, byte ptr [edx] 00614B83 98 cwde 00614B84 20FA and dl, bh 00614B86 70 44 jo short 00614BCC 00614B88 9C pushfd 00614B89 F2: prefix repne: 00614B8A 89A0 12EA24A4 mov dword ptr [eax+A424EA12], esp 00614B90 48 dec eax 00614B91 ^ E2 91 loopd short 00614B24 00614B93 A8 22 test al, 22 00614B95 DA44AC D2 fiadd dword ptr [esp+ebp*4-2E] 00614B99 89B0 12CA24B4 mov dword ptr [eax+B424CA12], esi 00614B9F 48 dec eax 00614BA0 C2 91B8 retn 0B891 00614BA3 22BA 44BCB289 and bh, byte ptr [edx+89B2BC44] 00614BA9 C012 AA rcl byte ptr [edx], 0AA 00614BAC 24 C4 and al, 0C4 00614BAE 48 dec eax 00614BAF A2 91C8229A mov byte ptr [9A22C891], al 00614BB4 44 inc esp 00614BB5 CC int3 00614BB6 92 xchg eax, edx 00614BB7 89D0 mov eax, edx 00614BB9 128A 24D44882 adc cl, byte ptr [edx+8248D424] 00614BBF 91 xchg eax, ecx 00614BC0 D822 fsub dword ptr [edx] 00614BC2 7A 44 jpe short 00614C08 00614BC4 DC72 89 fdiv qword ptr [edx-77] 00614BC7 E0 12 loopdne short 00614BDB 00614BC9 6A 24 push 24 00614BCB E4 48 in al, 48 00614BCD 6291 E8225A45 bound edx, qword ptr [ecx+455A22E8] 00614BD3 EC in al, dx 00614BD4 EA 24F0484A 91F>jmp far F491:4A48F024 00614BDB 2242 44 and al, byte ptr [edx+44] 00614BDE F8 clc 00614BDF 3A89 FC12322E cmp cl, byte ptr [ecx+2E3212FC] 00614BE5 0835 112A2204 or byte ptr [4222A11], dh 00614BEB 44 inc esp 00614BEC 2208 and cl, byte ptr [eax] 00614BEE 891A mov dword ptr [edx], ebx 00614BF0 120C24 adc cl, byte ptr [esp] 00614BF3 1248 10 adc cl, byte ptr [eax+10] 00614BF6 91 xchg eax, ecx 00614BF7 0A22 or ah, byte ptr [edx] 00614BF9 14 44 adc al, 44 00614BFB 0218 add bl, byte ptr [eax] 00614BFD 88FA mov dl, bh 00614BFF 6F outs dx, dword ptr es:[edi] 00614C00 811C12 F2242048 **b dword ptr [edx+edx], 482024F2 00614C07 EA 912422E2 442>jmp far 2844:E2222491 00614C0E DA89 2C12D224 fimul dword ptr [ecx+24D2122C] 00614C14 3048 CA xor byte ptr [eax-36], cl 00614C17 91 xchg eax, ecx 00614C18 34 22 xor al, 22 00614C1A C2 4438 retn 3844 00614C1D BA 893C12B2 mov edx, B2123C89 00614C22 2F das 00614C23 51 push ecx 00614C24 22AA 4444A289 and ch, byte ptr [edx+89A24444] 00614C2A 48 dec eax 00614C2B 129A 244C4892 adc bl, byte ptr [edx+92484C24] 00614C31 91 xchg eax, ecx 00614C32 50 push eax 00614C33 228A 44548289 and cl, byte ptr [edx+89825444] 00614C39 58 pop eax 00614C3A 127A 24 adc bh, byte ptr [edx+24] 00614C3D 5C pop esp 00614C3E 48 dec eax 00614C3F ^ 72 91 jb short 00614BD2 00614C41 60 pushad 00614C42 226A 44 and ch, byte ptr [edx+44] 00614C45 64:6289 68125A2>bound ecx, qword ptr fs:[ecx+245A1268] 00614C4C 6C ins byte ptr es:[edi], dx 00614C4D 5E pop esi 00614C4E A2 44704A89 mov byte ptr [894A7044], al 00614C53 74 12 je short 00614C67 00614C55 42 inc edx 00614C56 24 78 and al, 78 00614C58 48 dec eax 00614C59 3A91 7C2232F3 cmp dl, byte ptr [ecx+F332227C] 00614C5F 122A adc ch, byte ptr [edx] 00614C61 24 84 and al, 84 00614C63 48 dec eax 00614C64 2291 88221A44 and dl, byte ptr [ecx+441A2288] 00614C6A 8C12 mov word ptr [edx], ss 00614C6C 8990 120A2494 mov dword ptr [eax+94240A12], edx 00614C72 48 dec eax 00614C73 0291 9810FA6E add dl, byte ptr [ecx+6EFA1098] 00614C79 229C44 F2A089EA and bl, byte ptr [esp+eax*2+EA89A0F2> 00614C80 12A424 E248A888 adc ah, byte ptr [esp+88A848E2] 00614C87 46 inc esi 00614C88 78 11 js short 00614C9B 00614C8A B0 10 mov al, 10 00614C8C 6277 22 bound esi, qword ptr [edi+22] 00614C8F B4 44 mov ah, 44 00614C91 5A pop edx 00614C92 B8 8BD448BC mov eax, BC48D48B 00614C97 91 xchg eax, ecx 00614C98 4A dec edx 00614C99 22C0 and al, al 00614C9B 44 inc esp 00614C9C 42 inc edx 00614C9D C489 3A12C824 les ecx, fword ptr [ecx+24C8123A] 00614CA3 3248 CC xor cl, byte ptr [eax-34] 00614CA6 91 xchg eax, ecx 00614CA7 2A22 sub ah, byte ptr [edx] 00614CA9 D04422 D4 rol byte ptr [edx-2C], 1 00614CAD 891A mov dword ptr [edx], ebx 00614CAF 12D8 adc bl, al 00614CB1 24 12 and al, 12 00614CB3 48 dec eax 00614CB4 DC91 0A22E044 fcom qword ptr [ecx+44E0220A] 00614CBA 02E4 add ah, ah 00614CBC 88FA mov dl, bh 00614CBE ^ 76 81 jbe short 00614C41 00614CC0 E8 12F224EC call EC863ED7 00614CC5 48 dec eax 00614CC6 EA 91F022E2 44F>jmp far F444:E222F091 00614CCD DA89 F812D224 fimul dword ptr [ecx+24D212F8] 00614CD3 FC cld 00614CD4 48 dec eax 00614CD5 CA B820 retf 20B8 00614CD8 36:44 inc esp 00614CDA C2 0489 retn 8904 00614CDD BA 120824B2 mov edx, B2240812 00614CE2 48 dec eax 00614CE3 0C 91 or al, 91 00614CE5 AA stos byte ptr es:[edi] 00614CE6 2210 and dl, byte ptr [eax] 00614CE8 44 inc esp 00614CE9 A2 14899A12 mov byte ptr [129A8914], al 00614CEE 182492 **b byte ptr [edx+edx*4], ah 00614CF1 48 dec eax 00614CF2 1C 91 **b al, 91 00614CF4 8A22 mov ah, byte ptr [edx] 00614CF6 204482 24 and byte ptr [edx+eax*4+24], al 00614CFA 897A 12 mov dword ptr [edx+12], edi 00614CFD 282472 sub byte ptr [edx+esi*2], ah 00614D00 48 dec eax 00614D01 2C 91 sub al, 91 00614D03 6A 22 push 22 00614D05 304462 34 xor byte ptr [edx+34], al 00614D09 895A 12 mov dword ptr [edx+12], ebx 00614D0C 382F cmp byte ptr [edi], ch 00614D0E 51 push ecx 00614D0F 223C45 4AEA2442 and bh, byte ptr [eax*2+4224EA4A] 00614D16 48 dec eax 00614D17 44 inc esp 00614D18 91 xchg eax, ecx 00614D19 3A22 cmp ah, byte ptr [edx] 00614D1B 48 dec eax 00614D1C 44 inc esp 00614D1D 324C89 2A xor cl, byte ptr [ecx+ecx*4+2A] 00614D21 1250 24 adc dl, byte ptr [eax+24] 00614D24 2248 54 and cl, byte ptr [eax+54] 00614D27 91 xchg eax, ecx 00614D28 1A22 **b ah, byte ptr [edx] 00614D2A 58 pop eax 00614D2B 44 inc esp 00614D2C 125C89 0A adc bl, byte ptr [ecx+ecx*4+A] 00614D30 1260 24 adc ah, byte ptr [eax+24] 00614D33 0248 64 add cl, byte ptr [eax+64] 00614D36 88FA mov dl, bh 00614D38 75 11 jnz short 00614D4B 00614D3A 68 22F2446C push 6C44F222 00614D3F EA 897012E2 247>jmp far 7424:E2127089 00614D46 48 dec eax 00614D47 DA91 7822D244 ficom dword ptr [ecx+44D22278] 00614D4D ^ 7C CA jl short 00614D19 00614D4F 8BCC mov ecx, esp 00614D51 48 dec eax 00614D52 C2 9184 retn 8491 00614D55 22BA 4488B289 and bh, byte ptr [edx+89B28844] 00614D5B 8C12 mov word ptr [edx], ss 00614D5D AA stos byte ptr es:[edi] 00614D5E 24 90 and al, 90 00614D60 48 dec eax 00614D61 A2 9194229A mov byte ptr [9A229491], al 00614D66 44 inc esp 00614D67 98 cwde 00614D68 92 xchg eax, edx 00614D69 899C12 8A24A048 mov dword ptr [edx+edx+48A0248A], eb> 00614D70 8291 A4227A44 A>adc byte ptr [ecx+447A22A4], -58 00614D77 ^ 72 89 jb short 00614D02 00614D79 AC lods byte ptr [esi] 00614D7A 126A 24 adc ch, byte ptr [edx+24] 00614D7D B0 48 mov al, 48 00614D7F 6291 B4225A45 bound edx, qword ptr [ecx+455A22B4] 00614D85 B8 EA24BC48 mov eax, 48BC24EA 00614D8A 4A dec edx 00614D8B 91 xchg eax, ecx 00614D8C C022 42 shl byte ptr [edx], 42 00614D8F 44 inc esp 00614D90 C43A les edi, fword ptr [edx] 00614D92 89C8 mov eax, ecx 00614D94 1232 adc dh, byte ptr [edx] 00614D96 24 CC and al, 0CC 00614D98 48 dec eax 00614D99 2A91 D0222244 sub dl, byte ptr [ecx+442222D0] 00614D9F D4 1A aam 1A 00614DA1 89D8 mov eax, ebx 00614DA3 1212 adc dl, byte ptr [edx] 00614DA5 24 DC and al, 0DC 00614DA7 48 dec eax 00614DA8 0A91 E0220244 or dl, byte ptr [ecx+440222E0] 00614DAE E4 FA in al, 0FA 00614DB0 40 inc eax 00614DB1 ^ 74 E8 je short 00614D9B 00614DB3 89F2 mov edx, esi 00614DB5 12EC adc ch, ah 00614DB7 24 EA and al, 0EA 00614DB9 48 dec eax 00614DBA F0:91 lock xchg eax, ecx 00614DBC E2 22 loopd short 00614DE0 00614DBE F4 hlt 00614DBF 44 inc esp 00614DC0 DAF8 fidivr eax ; 非法使用寄存器 00614DC2 89D2 mov edx, edx 00614DC4 12FC adc bh, ah 00614DC6 24 CA and al, 0CA 00614DC8 5C pop esp 00614DC9 1037 adc byte ptr [edi], dh 00614DCB 22BA 4404C28E and bh, byte ptr [edx+8EC20444] 00614DD1 44 inc esp 00614DD2 B2 08 mov dl, 8 00614DD4 89AA 120C24A2 mov dword ptr [edx+A2240C12], ebp 00614DDA 48 dec eax 00614DDB 1091 9A221444 adc byte ptr [ecx+4414229A], dl 00614DE1 92 xchg eax, edx 00614DE2 1889 8A121C24 **b byte ptr [ecx+241C128A], cl 00614DE8 8248 20 91 or byte ptr [eax+20], FFFFFF91 00614DEC 7A 22 jpe short 00614E10 00614DEE 24 44 and al, 44 00614DF0 6A 28 push 28 00614DF2 8962 12 mov dword ptr [edx+12], esp 00614DF5 2C 24 sub al, 24 00614DF7 5A pop edx 00614DF8 48 dec eax 00614DF9 30BD 4434894A xor byte ptr [ebp+4A893444], bh 00614DFF 1238 adc bh, byte ptr [eax] 00614E01 24 42 and al, 42 00614E03 48 dec eax 00614E04 3C 91 cmp al, 91 00614E06 3A7A 89 cmp bh, byte ptr [edx-77] 00614E09 3212 xor dl, byte ptr [edx] 00614E0B 44 inc esp 00614E0C 24 2A and al, 2A 00614E0E 48 dec eax 00614E0F 48 dec eax 00614E10 91 xchg eax, ecx 00614E11 2222 and ah, byte ptr [edx] 00614E13 4C dec esp 00614E14 44 inc esp 00614E15 1A50 89 **b dl, byte ptr [eax-77] 00614E18 1212 adc dl, byte ptr [edx] 00614E1A 54 push esp 00614E1B 24 72 and al, 72 00614E1D 72 0A jb short 00614E29 00614E1F 24 58 and al, 58 00614E21 48 dec eax 00614E22 0291 5C10FA73 add dl, byte ptr [ecx+73FA105C] 00614E28 2260 44 and ah, byte ptr [eax+44] 00614E2B F2:64: prefix repne: 00614E2D 89EA mov edx, ebp 00614E2F 1268 24 adc ch, byte ptr [eax+24] 00614E32 E2 48 loopd short 00614E7C 00614E34 6C ins byte ptr es:[edi], dx 00614E35 91 xchg eax, ecx 00614E36 DA22 fisub dword ptr [edx] 00614E38 70 44 jo short 00614E7E 00614E3A D27489 CA sal byte ptr [ecx+ecx*4-36], cl 00614E3E 1278 24 adc bh, byte ptr [eax+24] 00614E41 C2 487C retn 7C48 00614E44 91 xchg eax, ecx 00614E45 BA 7989B212 mov edx, 12B28979 00614E4A 8424AA test byte ptr [edx+ebp*4], ah 00614E4D 48 dec eax 00614E4E 8891 A2228C44 mov byte ptr [ecx+448C22A2], dl 00614E54 9A 90899212 942>call far 2494:12928990 00614E5B 8A48 98 mov cl, byte ptr [eax-68] 00614E5E 91 xchg eax, ecx 00614E5F 8222 9C and byte ptr [edx], FFFFFF9C 00614E62 44 inc esp 00614E63 7A A0 jpe short 00614E05 00614E65 8972 12 mov dword ptr [edx+12], esi 00614E68 A4 movs byte ptr es:[edi], byte ptr [esi> 00614E69 24 6A and al, 6A 00614E6B 48 dec eax 00614E6C A8 91 test al, 91 00614E6E 6222 bound esp, qword ptr [edx] 00614E70 AC lods byte ptr [esi] 00614E71 44 inc esp 00614E72 5A pop edx 00614E73 B0 8B mov al, 8B 00614E75 D4 48 aam 48 00614E77 B4 91 mov ah, 91 00614E79 4A dec edx 00614E7A 22B8 4442BC89 and bh, byte ptr [eax+89BC4244] 00614E80 3A12 cmp dl, byte ptr [edx] 00614E82 C02432 48 shl byte ptr [edx+esi], 48 00614E86 C491 2A22C844 les edx, fword ptr [ecx+44C8222A] 00614E8C 22CC and cl, ah 00614E8E 891A mov dword ptr [edx], ebx 00614E90 12D0 adc dl, al 00614E92 24 12 and al, 12 00614E94 48 dec eax 00614E95 D4 91 aam 91 00614E97 0A22 or ah, byte ptr [edx] 00614E99 D84402 DC fadd dword ptr [edx+eax-24] 00614E9D 88FA mov dl, bh 00614E9F ^ 72 81 jb short 00614E22 00614EA1 E0 12 loopdne short 00614EB5 00614EA3 F2: prefix repne: 00614EA4 24 E4 and al, 0E4 00614EA6 48 dec eax 00614EA7 EA 91E822E2 44E>jmp far EC44:E222E891 00614EAE DA89 F012D224 fimul dword ptr [ecx+24D212F0] 00614EB4 F4 hlt 00614EB5 48 dec eax 00614EB6 CA 91F8 retf 0F891 00614EB9 22C2 and al, dl 00614EBB 44 inc esp 00614EBC FC cld 00614EBD BA 8B823804 mov edx, 438828B 00614EC2 B2 48 mov dl, 48 00614EC4 04 91 add al, 91 00614EC6 AA stos byte ptr es:[edi] 00614EC7 2208 and cl, byte ptr [eax] 00614EC9 44 inc esp 00614ECA 9A 0C89A21C 928>call far 8992:1CA2890C 00614ED1 1012 adc byte ptr [edx], dl 00614ED3 8A2414 mov ah, byte ptr [esp+edx] 00614ED6 48 dec eax 00614ED7 8291 18227A45 1>adc byte ptr [ecx+457A2218], 1C 00614EDE FE ??? ; 未知命令 00614EDF 24 20 and al, 20 00614EE1 48 dec eax 00614EE2 6A 91 push -6F 00614EE4 24 22 and al, 22 00614EE6 624428 5A bound eax, qword ptr [eax+ebp+5A] 00614EEA 892C17 mov dword ptr [edi+edx], ebp 00614EED A8 91 test al, 91 00614EEF 3022 xor byte ptr [edx], ah 00614EF1 4A dec edx 00614EF2 44 inc esp 00614EF3 34 42 xor al, 42 00614EF5 8BFC mov edi, esp 00614EF7 48 dec eax 00614EF8 3A91 3C2232F5 cmp dl, byte ptr [ecx+F532223C] 00614EFE 122A adc ch, byte ptr [edx] 00614F00 24 44 and al, 44 00614F02 48 dec eax 00614F03 2291 48221A44 and dl, byte ptr [ecx+441A2248] 00614F09 4C dec esp 00614F0A 1289 50120A24 adc cl, byte ptr [ecx+240A1250] 00614F10 54 push esp 00614F11 48 dec eax 00614F12 0291 5810FA71 add dl, byte ptr [ecx+71FA1058] 00614F18 225C44 F2 and bl, byte ptr [esp+eax*2-E] 00614F1C 60 pushad 00614F1D 89EA mov edx, ebp 00614F1F 126424 E2 adc ah, byte ptr [esp-1E] 00614F23 48 dec eax 00614F24 68 91BA226C push 6C22BA91 00614F29 44 inc esp 00614F2A B2 70 mov dl, 70 00614F2C 89AA 127424CA mov dword ptr [edx+CA247412], ebp 00614F32 48 dec eax 00614F33 ^ 78 91 js short 00614EC6 00614F35 C2 227C retn 7C22 00614F38 45 inc ebp 00614F39 A2 E624DA48 mov byte ptr [48DA24E6], al 00614F3E 8491 D2228844 test byte ptr [ecx+448822D2], dl 00614F44 9A 8C899212 902>call far 2290:1292898C 00614F4B 26:E0 04 loopdne short 00614F52 00614F4E 98 cwde 00614F4F 44 inc esp 00614F50 7A F0 jpe short 00614F42 00614F52 08A0 917222A4 or byte ptr [eax+A4227291], ah 00614F58 44 inc esp 00614F59 6A A8 push -58 00614F5B 8962 12 mov dword ptr [edx+12], esp 00614F5E AC lods byte ptr [esi] 00614F5F 2216 and dl, byte ptr [esi] 00614F61 EC in al, dx 00614F62 04 B0 add al, 0B0 00614F64 48 dec eax 00614F65 0E push cs 00614F66 91 xchg eax, ecx 00614F67 B4 22 mov ah, 22 00614F69 06 push es 00614F6A 44 inc esp 00614F6B B8 FE40EBBC mov eax, BCEB40FE 00614F70 881E mov byte ptr [esi], bl 00614F72 74 48 je short 00614FBC 00614F74 41 inc ecx 00614F75 F0:41 lock inc ecx ; 不允许锁定前缀 00614F77 2891 11C8220E sub byte ptr [ecx+E22C811], dl 00614F7D 44 inc esp 00614F7E CC int3 00614F7F 06 push es 00614F80 89D0 mov eax, edx 00614F82 11FE adc esi, edi 00614F84 73 02 jnb short 00614F88 00614F86 D4 24 aam 24 00614F88 F6 ??? ; 未知命令 00614F89 48 dec eax 00614F8A D891 EE22DC44 fcom dword ptr [ecx+44DC22EE] 00614F90 E6 E0 out 0E0, al 00614F92 89DE mov esi, ebx 00614F94 12E4 adc ah, ah 00614F96 24 D6 and al, 0D6 00614F98 48 dec eax 00614F99 E8 91CE22EC call EC841E2F 00614F9E 44 inc esp 00614F9F C6 ??? ; 未知命令 00614FA0 F0:89BE 12F4263>lock mov dword ptr [esi+3626F412], edi ; 不允许锁定前缀 00614FA7 A1 44FC2EDC mov eax, dword ptr [DC2EFC44] 00614FAC 1110 adc dword ptr [eax], edx 00614FAE 3922 cmp dword ptr [edx], esp 00614FB0 26:44 inc esp 00614FB2 04 62 add al, 62 00614FB4 24 ED and al, 0ED 00614FB6 42 inc edx 00614FB7 D832 fdiv dword ptr [edx] 00614FB9 115A 24 adc dword ptr [edx+24], ebx 00614FBC 105E A2 adc byte ptr [esi-5E], bl 00614FBF 44 inc esp 00614FC0 14 4A adc al, 4A 00614FC2 8918 mov dword ptr [eax], ebx 00614FC4 17 pop ss 00614FC5 E8 911C223A call 3A836C5B 00614FCA 44 inc esp 00614FCB 2032 and byte ptr [edx], dh 00614FCD 892412 mov dword ptr [edx+edx], esp 00614FD0 2A2428 sub ah, byte ptr [eax+ebp] 00614FD3 48 dec eax 00614FD4 2291 2C221A44 and dl, byte ptr [ecx+441A222C] 00614FDA 3012 xor byte ptr [edx], dl 00614FDC 893412 mov dword ptr [edx+edx], esi 00614FDF 0A2438 or ah, byte ptr [eax+edi] 00614FE2 48 dec eax 00614FE3 0291 3C10FAEC add dl, byte ptr [ecx+ECFA103C] 00614FE9 2240 44 and al, byte ptr [eax+44] 00614FEC F2: prefix repne: 00614FED 44 inc esp 00614FEE 89EA mov edx, ebp 00614FF0 1248 24 adc cl, byte ptr [eax+24] 00614FF3 E2 48 loopd short 0061503D 00614FF5 4C dec esp 00614FF6 91 xchg eax, ecx 00614FF7 CA 2250 retf 5022 00614FFA 44 inc esp 00614FFB C2 5489 retn 8954 00614FFE BA 125824B2 mov edx, B2245812 00615003 48 dec eax 00615004 5C pop esp 00615005 91 xchg eax, ecx 00615006 AA stos byte ptr es:[edi] 00615007 2260 44 and ah, byte ptr [eax+44] 0061500A A2 64899A12 mov byte ptr [129A8964], al 0061500F 68 2A483210 push 1032482A 00615014 6C ins byte ptr es:[edi], dx 00615015 218A 194321D0 and dword ptr [edx+D0214319], ecx 0061501B 91 xchg eax, ecx 0061501C 1182 22782002 adc dword ptr [edx+2207822], eax 00615022 1AF3 **b dh, bl 00615024 12F2 adc dh, dl 00615026 24 88 and al, 88 00615028 48 dec eax 00615029 EA 918C22E2 449>jmp far 9044:E2228C91 00615030 3240 1B xor al, byte ptr [eax+1B] 00615033 98 cwde 00615034 8856 7C mov byte ptr [esi+7C], dl 00615037 48 dec eax 00615038 4C dec esp 00615039 C06411 4E 48 shl byte ptr [ecx+edx+4E], 48 0061503E A4 movs byte ptr es:[edi], byte ptr [esi> 0061503F 8886 7D11AC46 mov byte ptr [esi+46AC117D], al 00615045 0160 00 add dword ptr [eax], esp 00615048 0000 add byte ptr [eax], al 0061504A 0000 add byte ptr [eax], al 该怎么下手呢?给个提示嘛。 |
|
|
他的文章
赞赏
雪币:
留言:
