-
-
[求助]代码分析
-
发表于: 2008-12-30 11:53
-
07566A20 6A FF PUSH -1 cpu初始
07566A22 68 69A15E07 PUSH dbcore.075EA169
07566A27 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
07566A2D 50 PUSH EAX
07566A2E 64:8925 0000000>MOV DWORD PTR FS:[0],ESP
07566A35 81EC 18030000 SUB ESP,318
07566A3B 55 PUSH EBP
07566A3C 56 PUSH ESI
07566A3D E8 001D0800 CALL <JMP.&MFC70.#982>
07566A42 8B10 MOV EDX,DWORD PTR DS:[EAX]
07566A44 8BC8 MOV ECX,EAX
07566A46 FF52 0C CALL DWORD PTR DS:[EDX+C]
07566A49 8D70 10 LEA ESI,DWORD PTR DS:[EAX+10]
07566A4C 897424 08 MOV DWORD PTR SS:[ESP+8],ESI
07566A50 33ED XOR EBP,EBP
07566A52 6A 20 PUSH 20
07566A54 89AC24 2C030000 MOV DWORD PTR SS:[ESP+32C],EBP
07566A5B E8 721D0800 CALL <JMP.&MFC70.#703>
07566A60 83C4 04 ADD ESP,4
07566A63 894424 0C MOV DWORD PTR SS:[ESP+C],EAX
07566A67 3BC5 CMP EAX,EBP
07566A69 C68424 28030000>MOV BYTE PTR SS:[ESP+328],1
07566A71 74 09 JE SHORT dbcore.07566A7C
07566A73 8BC8 MOV ECX,EAX
07566A75 E8 76140700 CALL dbcore.075D7EF0
07566A7A EB 02 JMP SHORT dbcore.07566A7E
07566A7C 33C0 XOR EAX,EAX
07566A7E C68424 28030000>MOV BYTE PTR SS:[ESP+328],0
07566A86 A3 A8276107 MOV DWORD PTR DS:[76127A8],EAX
07566A8B C705 94276107 F>MOV DWORD PTR DS:[7612794],1123F7
07566A95 E8 45E3FFFF CALL dbcore.07564DDF
07566A9A 3BC5 CMP EAX,EBP
07566A9C 75 22 JNZ SHORT dbcore.07566AC0
07566A9E 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+20]
07566AA2 A3 84276107 MOV DWORD PTR DS:[7612784],EAX
07566AA7 66:892D 9C27610>MOV WORD PTR DS:[761279C],BP
07566AAE 66:C705 9827610>MOV WORD PTR DS:[7612798],10
07566AB7 E8 3CE3FFFF CALL dbcore.07564DF8
07566ABC 85C0 TEST EAX,EAX
07566ABE 74 4C JE SHORT dbcore.07566B0C
07566AC0 55 PUSH EBP
07566AC1 55 PUSH EBP
07566AC2 68 08585F07 PUSH dbcore.075F5808 ; 请插入软件锁!!!
07566AC7 E8 6C1D0800 CALL <JMP.&MFC70.#1014>
07566ACC 8D46 F0 LEA EAX,DWORD PTR DS:[ESI-10]
07566ACF C78424 28030000>MOV DWORD PTR SS:[ESP+328],-1
07566ADA 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C]
07566ADD 83CA FF OR EDX,FFFFFFFF
07566AE0 F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀
07566AE4 4A DEC EDX
07566AE5 85D2 TEST EDX,EDX
07566AE7 0F8F 400A0000 JG dbcore.0756752D
07566AED 8B08 MOV ECX,DWORD PTR DS:[EAX]
07566AEF 8B11 MOV EDX,DWORD PTR DS:[ECX]
07566AF1 50 PUSH EAX
07566AF2 FF52 04 CALL DWORD PTR DS:[EDX+4]
07566AF5 5E POP ESI
07566AF6 5D POP EBP
07566AF7 8B8C24 18030000 MOV ECX,DWORD PTR SS:[ESP+318]
07566AFE 64:890D 0000000>MOV DWORD PTR FS:[0],ECX
07566B05 81C4 24030000 ADD ESP,324
07566B0B C3 RETN
07566B0C E8 53E3FFFF CALL dbcore.07564E64
07566B11 E8 5A2E0800 CALL <JMP.&ACAD.?acedGetAcadFrame@@YAPAV>
07566B16 8B40 20 MOV EAX,DWORD PTR DS:[EAX+20]
07566B19 3BC5 CMP EAX,EBP
07566B1B ^ 74 AF JE SHORT dbcore.07566ACC
分析了很久都没有搞定,上面几个跳转都改过,请求大家帮我讲解一下。谢谢
07566A22 68 69A15E07 PUSH dbcore.075EA169
07566A27 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
07566A2D 50 PUSH EAX
07566A2E 64:8925 0000000>MOV DWORD PTR FS:[0],ESP
07566A35 81EC 18030000 SUB ESP,318
07566A3B 55 PUSH EBP
07566A3C 56 PUSH ESI
07566A3D E8 001D0800 CALL <JMP.&MFC70.#982>
07566A42 8B10 MOV EDX,DWORD PTR DS:[EAX]
07566A44 8BC8 MOV ECX,EAX
07566A46 FF52 0C CALL DWORD PTR DS:[EDX+C]
07566A49 8D70 10 LEA ESI,DWORD PTR DS:[EAX+10]
07566A4C 897424 08 MOV DWORD PTR SS:[ESP+8],ESI
07566A50 33ED XOR EBP,EBP
07566A52 6A 20 PUSH 20
07566A54 89AC24 2C030000 MOV DWORD PTR SS:[ESP+32C],EBP
07566A5B E8 721D0800 CALL <JMP.&MFC70.#703>
07566A60 83C4 04 ADD ESP,4
07566A63 894424 0C MOV DWORD PTR SS:[ESP+C],EAX
07566A67 3BC5 CMP EAX,EBP
07566A69 C68424 28030000>MOV BYTE PTR SS:[ESP+328],1
07566A71 74 09 JE SHORT dbcore.07566A7C
07566A73 8BC8 MOV ECX,EAX
07566A75 E8 76140700 CALL dbcore.075D7EF0
07566A7A EB 02 JMP SHORT dbcore.07566A7E
07566A7C 33C0 XOR EAX,EAX
07566A7E C68424 28030000>MOV BYTE PTR SS:[ESP+328],0
07566A86 A3 A8276107 MOV DWORD PTR DS:[76127A8],EAX
07566A8B C705 94276107 F>MOV DWORD PTR DS:[7612794],1123F7
07566A95 E8 45E3FFFF CALL dbcore.07564DDF
07566A9A 3BC5 CMP EAX,EBP
07566A9C 75 22 JNZ SHORT dbcore.07566AC0
07566A9E 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+20]
07566AA2 A3 84276107 MOV DWORD PTR DS:[7612784],EAX
07566AA7 66:892D 9C27610>MOV WORD PTR DS:[761279C],BP
07566AAE 66:C705 9827610>MOV WORD PTR DS:[7612798],10
07566AB7 E8 3CE3FFFF CALL dbcore.07564DF8
07566ABC 85C0 TEST EAX,EAX
07566ABE 74 4C JE SHORT dbcore.07566B0C
07566AC0 55 PUSH EBP
07566AC1 55 PUSH EBP
07566AC2 68 08585F07 PUSH dbcore.075F5808 ; 请插入软件锁!!!
07566AC7 E8 6C1D0800 CALL <JMP.&MFC70.#1014>
07566ACC 8D46 F0 LEA EAX,DWORD PTR DS:[ESI-10]
07566ACF C78424 28030000>MOV DWORD PTR SS:[ESP+328],-1
07566ADA 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C]
07566ADD 83CA FF OR EDX,FFFFFFFF
07566AE0 F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀
07566AE4 4A DEC EDX
07566AE5 85D2 TEST EDX,EDX
07566AE7 0F8F 400A0000 JG dbcore.0756752D
07566AED 8B08 MOV ECX,DWORD PTR DS:[EAX]
07566AEF 8B11 MOV EDX,DWORD PTR DS:[ECX]
07566AF1 50 PUSH EAX
07566AF2 FF52 04 CALL DWORD PTR DS:[EDX+4]
07566AF5 5E POP ESI
07566AF6 5D POP EBP
07566AF7 8B8C24 18030000 MOV ECX,DWORD PTR SS:[ESP+318]
07566AFE 64:890D 0000000>MOV DWORD PTR FS:[0],ECX
07566B05 81C4 24030000 ADD ESP,324
07566B0B C3 RETN
07566B0C E8 53E3FFFF CALL dbcore.07564E64
07566B11 E8 5A2E0800 CALL <JMP.&ACAD.?acedGetAcadFrame@@YAPAV>
07566B16 8B40 20 MOV EAX,DWORD PTR DS:[EAX+20]
07566B19 3BC5 CMP EAX,EBP
07566B1B ^ 74 AF JE SHORT dbcore.07566ACC
分析了很久都没有搞定,上面几个跳转都改过,请求大家帮我讲解一下。谢谢
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
