004F16A2 |. 83C1 02 add ecx, 2
004F16A5 |. 8D95 F8FEFFFF lea edx, dword ptr [ebp-108]
004F16AB |. 8BC7 mov eax, edi
004F16AD |. E8 7E9AFBFF call 004AB130
004F16B2 |. E9 AF000000 jmp 004F1766
004F16B7 |> 83C3 02 add ebx, 2
004F16BA |. 8A0B mov cl, byte ptr [ebx]
004F16BC |. A1 30BE4F00 mov eax, dword ptr [4FBE30]
004F16C1 |. 8B00 mov eax, dword ptr [eax]
004F16C3 |. BB 0A000000 mov ebx, 0A
004F16C8 |. 33D2 xor edx, edx
004F16CA |. F7F3 div ebx
004F16CC |. 2AC8 sub cl, al
004F16CE |. 80E9 03 sub cl, 3
004F16D1 75 2E jnz short 004F1701
004F16D3 |. B8 2CE24F00 mov eax, 004FE22C
004F16D8 |. BA D4174F00 mov edx, 004F17D4 ; 成功
004F16DD |. E8 7E30F1FF call 00404760
004F16E2 |. A1 30BE4F00 mov eax, dword ptr [4FBE30]
004F16E7 |. 33D2 xor edx, edx
004F16E9 |. 8910 mov dword ptr [eax], edx
004F16EB |. C605 84BA4F00>mov byte ptr [4FBA84], 1
004F16F2 |. 33D2 xor edx, edx
004F16F4 |. 8B86 04030000 mov eax, dword ptr [esi+304]
004F16FA |. 8B08 mov ecx, dword ptr [eax]
004F16FC |. FF51 64 call dword ptr [ecx+64]
004F16FF |. EB 65 jmp short 004F1766
004F1701 |> B8 2CE24F00 mov eax, 004FE22C
004F1706 |. BA E8174F00 mov edx, 004F17E8
004F170B |. E8 5030F1FF call 00404760
004F1710 |. B2 01 mov dl, 1
004F1712 |. 8B86 04030000 mov eax, dword ptr [esi+304]
004F1718 |. 8B08 mov ecx, dword ptr [eax]
004F171A |. FF51 64 call dword ptr [ecx+64]
004F171D |. C605 84BA4F00>mov byte ptr [4FBA84], 0
004F1724 |. 33D2 xor edx, edx
004F1726 |. 8B86 28080000 mov eax, dword ptr [esi+828]
004F172C |. E8 9B9FFBFF call 004AB6CC
004F1731 |. 8B86 28080000 mov eax, dword ptr [esi+828]
004F1737 |. E8 8CA1FBFF call 004AB8C8
004F173C |. EB 28 jmp short 004F1766
004F173E |> 8D95 E8FEFFFF lea edx, dword ptr [ebp-118]
004F1744 |. A1 24E24F00 mov eax, dword ptr [4FE224]
004F1749 |. E8 D639F9FF call 00485124
[课程]Linux pwn 探索篇!