004D0000 55 push ebp
004D0001 E9 44050000 jmp 004D054A
004D0006 8B45 FC mov eax, dword ptr [ebp-4]
004D0009 E9 76060000 jmp 004D0684
004D000E 99 cdq
004D000F F7FB idiv ebx
004D0011 81D3 B8F80323 adc ebx, 2303F8B8
004D0017 65:EB 01 jmp short 004D001B
004D001A - E9 BBD61246 jmp 465FD6DA
004D001F 0083 EB478D5C add byte ptr [ebx+5C8D47EB], al
004D0025 203B and byte ptr [ebx], bh
004D0027 8D5C0B C5 lea ebx, dword ptr [ebx+ecx-3B]
004D002B F3: prefix rep:
004D002C EB 02 jmp short 004D0030
004D002E CD20 2BD94985 vxdjump 8549D92B
004D0034 DBE9 fucomi st, st(1)
004D0036 B6 12 mov dh, 12
004D0038 0000 add byte ptr [eax], al
004D003A 83DE 0B sbb esi, 0B
004D003D 037424 38 add esi, dword ptr [esp+38]
004D0041 64:EB 02 jmp short 004D0046
004D0044 CD20 EB02CD20 vxdcall 20CD02EB
004D004A 8D7435 05 lea esi, dword ptr [ebp+esi+5]
004D004E 8DB1 48504700 lea esi, dword ptr [ecx+475048]
004D0054 2BF1 sub esi, ecx
004D0056 807B 28 00 cmp byte ptr [ebx+28], 0
004D005A 0F85 C2020000 jnz 004D0322
004D0060 E9 24100000 jmp 004D1089
004D0065 C2 0C00 retn 0C
004D0068 53 push ebx
004D0069 56 push esi
004D006A 57 push edi
004D006B 55 push ebp
004D006C 51 push ecx
004D006D 035C24 38 add ebx, dword ptr [esp+38]
004D0071 BB 86E34900 mov ebx, 0049E386
004D0076 64:EB 02 jmp short 004D007B
004D0079 CD20 6AAC669C vxdjump 9C66AC6A
004D007F 57 push edi
004D0080 81CF 84D7199C or edi, 9C19D784
004D0086 8BFC mov edi, esp
004D0088 83C7 06 add edi, 6
004D008B 6A A8 push -58
004D008D 55 push ebp
004D008E 1BE9 sbb ebp, ecx
004D0090 26:EB 02 jmp short 004D0095
004D0093 CD20 8D6C4757 vxdcall 57476C8D
004D0099 8D6C0D A9 lea ebp, dword ptr [ebp+ecx-57]
004D009D 2BE9 sub ebp, ecx
004D009F EB 02 jmp short 004D00A3
004D00A1 CD20 8DAC35D8 vxdjump D835AC8D
004D00A7 8845 00 mov byte ptr [ebp], al
004D00AA 2BEE sub ebp, esi
004D00AC 8D6C0C 34 lea ebp, dword ptr [esp+ecx+34]
004D00B0 F2: prefix repne:
004D00B1 EB 01 jmp short 004D00B4
004D00B3 F2: prefix repne:
004D00B4 2BE9 sub ebp, ecx
004D00B6 F3: prefix rep:
004D00B7 EB 02 jmp short 004D00BB
004D00B9 CD20 8D6C3DCC vxdcall CC3D6C8D
004D00BF EB 01 jmp short 004D00C2
004D00C1 F0:2BEF lock sub ebp, edi ; 不允许锁定前缀
004D00C4 83C5 04 add ebp, 4
004D00C7 EB 01 jmp short 004D00CA
004D00C9 9A 565364EB 02C>call far CD02:EB645356
004D00D0 2033 and byte ptr [ebx], dh
004D00D2 DDF2 fsave edx ; 非法使用寄存器
004D00D4 EB 01 jmp short 004D00D7
004D00D6 9A 8BDCF2EB 01F>call far F001:EBF2DC8B
004D00DD 8D5C0B 04 lea ebx, dword ptr [ebx+ecx+4]
004D00E1 2BD9 sub ebx, ecx
004D00E3 51 push ecx
004D00E4 83E9 33 sub ecx, 33
004D00E7 C1D9 8F rcr ecx, 8F
004D00EA 8D8C22 38564700 lea ecx, dword ptr [edx+475638]
004D00F1 EB 02 jmp short 004D00F5
004D00F3 CD20 2BCA518F vxdjump 8F51CA2B
004D00F9 0359 5B add ebx, dword ptr [ecx+5B]
004D00FC EB 01 jmp short 004D00FF
004D00FE F3: prefix rep:
004D00FF 8F45 00 pop dword ptr [ebp]
004D0102 5D pop ebp
004D0103 F3: prefix rep:
004D0104 EB 02 jmp short 004D0108
004D0106 CD20 8F075F66 vxdcall 665F078F
004D010C 9D popfd
004D010D F2: prefix repne:
004D010E EB 01 jmp short 004D0111
004D0110 F0:BB 7A584400 lock mov ebx, 0044587A ; 不允许锁定前缀
004D0116 C1CB F9 ror ebx, 0F9
004D0119 5B pop ebx
004D011A ^ E9 1BFFFFFF jmp 004D003A
004D011F 8D4451 66 lea eax, dword ptr [ecx+edx*2+66]
004D0123 8D4408 9A lea eax, dword ptr [eax+ecx-66]
004D0127 2BC1 sub eax, ecx
004D0129 53 push ebx
004D012A 81C8 F0B1A4C8 or eax, C8A4B1F0
004D0130 58 pop eax
004D0131 E9 17050000 jmp 004D064D
004D0136 33C0 xor eax, eax
004D0138 E9 510F0000 jmp 004D108E
004D013D 33C0 xor eax, eax
004D013F E9 2E0A0000 jmp 004D0B72
004D0144 B8 D6BD4900 mov eax, 0049BDD6
004D0149 B8 8EAD4600 mov eax, 0046AD8E
004D014E EB 02 jmp short 004D0152
004D0150 CD20 FF36C1D0 vxdcall D0C136FF
004D0156 45 inc ebp
004D0157 EB 01 jmp short 004D015A
004D0159 9A B86E4144 005>call far 5800:44416EB8
004D0160 890424 mov dword ptr [esp], eax
004D0163 33C0 xor eax, eax
004D0165 8906 mov dword ptr [esi], eax
004D0167 FF1424 call dword ptr [esp]
004D016A E9 8C110000 jmp 004D12FB
004D016F E8 8C9BF7FF call 00449D00
004D0174 ^ E9 A6FFFFFF jmp 004D011F
004D0179 337C24 28 xor edi, dword ptr [esp+28]
004D017D F2: prefix repne:
004D017E EB 01 jmp short 004D0181
004D0180 0FC1C7 xadd edi, eax
004D0183 47 inc edi
004D0184 6A F2 push -0E
004D0186 EB 01 jmp short 004D0189
004D0188 C7 ??? ; 未知命令
004D0189 66:9C pushfw
004D018B 53 push ebx
004D018C 2E:EB 01 jmp short 004D0190
004D018F E8 8D5C4773 call 73945E21
004D0194 8D5C23 8D lea ebx, dword ptr [ebx-73]
004D0198 8BDC mov ebx, esp
004D019A EB 02 jmp short 004D019E
004D019C CD20 8D5C2B06 vxdcall 62B5C8D
004D01A2 2BDD sub ebx, ebp
004D01A4 EB 02 jmp short 004D01A8
004D01A6 CD20 525736EB vxdcall EB365752
004D01AC 0169 8D add dword ptr [ecx-73], ebp
004D01AF BC 0B0EB446 mov esp, 46B40E0B
004D01B4 002B add byte ptr [ebx], ch
004D01B6 F9 stc
004D01B7 EB 02 jmp short 004D01BB
004D01B9 CD20 EB02CD20 vxdcall 20CD02EB
004D01BF 8D3C3A lea edi, dword ptr [edx+edi]
004D01C2 8D7C24 63 lea edi, dword ptr [esp+63]
004D01C6 83EF 63 sub edi, 63
004D01C9 8D7C1F 04 lea edi, dword ptr [edi+ebx+4]
004D01CD 26:EB 02 jmp short 004D01D2
004D01D0 CD20 2BFB36EB vxdjump EB36FB2B
004D01D6 01F0 add eax, esi
004D01D8 6A C4 push -3C
004D01DA 51 push ecx
004D01DB 0BCD or ecx, ebp
004D01DD 8BCC mov ecx, esp
004D01DF 8D4C39 04 lea ecx, dword ptr [ecx+edi+4]
004D01E3 2BCF sub ecx, edi
004D01E5 C701 0A000000 mov dword ptr [ecx], 0A
004D01EB 59 pop ecx
004D01EC EB 01 jmp short 004D01EF
004D01EE F0:8F07 lock pop dword ptr [edi] ; 不允许锁定前缀
004D01F1 5F pop edi
004D01F2 8F03 pop dword ptr [ebx]
004D01F4 5B pop ebx
004D01F5 66:9D popfw
004D01F7 037C24 18 add edi, dword ptr [esp+18]
004D01FB BF 5E544500 mov edi, 0045545E
004D0200 5F pop edi
004D0201 99 cdq
004D0202 F7FF idiv edi
004D0204 80C2 30 add dl, 30
004D0207 33C0 xor eax, eax
004D0209 8AC1 mov al, cl
004D020B 881406 mov byte ptr [esi+eax], dl
004D020E F2: prefix repne:
004D020F EB 01 jmp short 004D0212
004D0211 F3: prefix rep:
004D0212 C1D8 29 rcr eax, 29
004D0215 334424 28 xor eax, dword ptr [esp+28]
004D0219 36:EB 01 jmp short 004D021D
004D021C 6983 D08481E8 5>imul eax, dword ptr [ebx+E88184D0], C>
004D0226 8D43 3D lea eax, dword ptr [ebx+3D]
004D0229 8D40 C3 lea eax, dword ptr [eax-3D]
004D022C E9 670D0000 jmp 004D0F98
004D0231 6A C8 push -38
004D0233 66:9C pushfw
004D0235 53 push ebx
004D0236 2BDF sub ebx, edi
004D0238 EB 01 jmp short 004D023B
004D023A 9A 8D5C7572 8D5>call far 5C8D:72755C8D
004D0241 2B8E 2BDDC1CB sub ecx, dword ptr [esi+CBC1DD2B]
004D0247 C183 CB3D8D5C 0>rol dword ptr [ebx+5C8D3DCB], 4
004D024E 72 64 jb short 004D02B4
004D0250 EB 02 jmp short 004D0254
004D0252 CD20 2BD836EB vxdjump EB36D82B
004D0258 01F3 add ebx, esi
004D025A 8D5C33 8E lea ebx, dword ptr [ebx+esi-72]
004D025E 2BDE sub ebx, esi
004D0260 F3: prefix rep:
004D0261 EB 02 jmp short 004D0265
004D0263 CD20 8D5B0656 vxdcall 56065B8D
004D0269 8D7475 30 lea esi, dword ptr [ebp+esi*2+30]
004D026D 8D76 D0 lea esi, dword ptr [esi-30]
004D0270 81DE 72BDDB88 sbb esi, 88DBBD72
004D0276 8DB429 96284700 lea esi, dword ptr [ecx+ebp+472896]
004D027D 2BF5 sub esi, ebp
004D027F 2BF1 sub esi, ecx
004D0281 36:EB 01 jmp short 004D0285
004D0284 9A 89335E5B EB0>call far 02EB:5B5E3389
004D028B CD20 669DC3B1 vxdjump B1C39D66
004D0291 B4 4A mov ah, 4A
004D0293 B8 725F4100 mov eax, 00415F72
004D0298 83C8 B5 or eax, FFFFFFB5
004D029B EB 02 jmp short 004D029F
004D029D CD20 68DAB043 vxdjump 43B0DA68
004D02A3 0066 9C add byte ptr [esi-64], ah
004D02A6 51 push ecx
004D02A7 81F1 BE4CF919 xor ecx, 19F94CBE
004D02AD 0BCD or ecx, ebp
004D02AF 83E9 AB sub ecx, -55
004D02B2 C1D9 87 rcr ecx, 87
004D02B5 EB 02 jmp short 004D02B9
004D02B7 CD20 8D4C147A vxdcall 7A144C8D
004D02BD 2BCA sub ecx, edx
004D02BF EB 01 jmp short 004D02C2
004D02C1 F3: prefix rep:
004D02C2 8D49 86 lea ecx, dword ptr [ecx-7A]
004D02C5 F2: prefix repne:
004D02C6 EB 01 jmp short 004D02C9
004D02C8 - E9 8D4C3906 jmp 06864F5A
004D02CD 2BCF sub ecx, edi
004D02CF 68 E8254700 push 004725E8
004D02D4 8F01 pop dword ptr [ecx]
004D02D6 59 pop ecx
004D02D7 66:9D popfw
004D02D9 2E:EB 01 jmp short 004D02DD
004D02DC E8 B8286940 call 40B62B99
004D02E1 00EB add bl, ch
004D02E3 01F0 add eax, esi
004D02E5 36:EB 01 jmp short 004D02E9
004D02E8 9A 8D842FFC FA4>call far 40FA:FC2F848D
004D02EF 002B add byte ptr [ebx], ch
004D02F1 C558 E9 lds ebx, fword ptr [eax-17]
004D02F4 50 push eax
004D02F5 04 00 add al, 0
004D02F7 005B C3 add byte ptr [ebx-3D], bl
004D02FA E9 CA080000 jmp 004D0BC9
004D02FF 8B6B 10 mov ebp, dword ptr [ebx+10]
004D0302 8B75 10 mov esi, dword ptr [ebp+10]
004D0305 E9 2A000000 jmp 004D0334
004D030A E8 915AF3FF call 00405DA0
004D030F ^ E9 EBFFFFFF jmp 004D02FF
004D0314 5F pop edi
004D0315 E9 EC060000 jmp 004D0A06
004D031A 8B43 30 mov eax, dword ptr [ebx+30]
004D031D E9 DD060000 jmp 004D09FF
004D0322 833D 04304700 0>cmp dword ptr [473004], 0
004D0329 E9 DB0F0000 jmp 004D1309
004D032E 53 push ebx
004D032F E9 19000000 jmp 004D034D
004D0334 3B75 04 cmp esi, dword ptr [ebp+4]
004D0337 0F84 8E070000 je 004D0ACB
004D033D 85F6 test esi, esi
004D033F E9 D00F0000 jmp 004D1314
004D0344 837E 44 00 cmp dword ptr [esi+44], 0
004D0348 E9 53050000 jmp 004D08A0
004D034D 56 push esi
004D034E E9 F7000000 jmp 004D044A
004D0353 E8 983FF3FF call 004042F0
004D0358 E9 6D020000 jmp 004D05CA
004D035D E8 4630F9FF call 004633A8
004D0362 E9 A2030000 jmp 004D0709
004D0367 BD EE154200 mov ebp, 004215EE
004D036C BD 26404900 mov ebp, 00494026
004D0371 F3: prefix rep:
004D0372 EB 02 jmp short 004D0376
004D0374 CD20 8BECE90D vxdjump DE9EC8B
004D037A 05 000081CF add eax, CF810000
004D037F CE into
004D0380 90 nop
004D0381 8F ??? ; 未知命令
004D0382 ^ 77 F2 ja short 004D0376
004D0384 EB 01 jmp short 004D0387
004D0386 9A 81EF1424 EBA>call far ABEB:2414EF81
004D038D 8D7B 2D lea edi, dword ptr [ebx+2D]
004D0390 8D7F D3 lea edi, dword ptr [edi-2D]
004D0393 E9 3E060000 jmp 004D09D6
004D0398 E8 233FF3FF call 004042C0
004D039D E9 E7030000 jmp 004D0789
004D03A2 8B5E 0C mov ebx, dword ptr [esi+C]
004D03A5 8B40 04 mov eax, dword ptr [eax+4]
004D03A8 8945 FC mov dword ptr [ebp-4], eax
004D03AB 33C0 xor eax, eax
004D03AD 55 push ebp
004D03AE EB 01 jmp short 004D03B1
004D03B0 F2:64: prefix repne:
004D03B2 FF35 00000000 push dword ptr [0]
004D03B8 66:9C pushfw
004D03BA 51 push ecx
004D03BB 1BCD sbb ecx, ebp
004D03BD 26:EB 02 jmp short 004D03C2
004D03C0 CD20 81E18CE0 vxdjump E08CE181
004D03C6 77 01 ja short 004D03C9
004D03C8 8D4C24 6D lea ecx, dword ptr [esp+6D]
004D03CC EB 01 jmp short 004D03CF
004D03CE F2: prefix repne:
004D03CF 8D4C19 93 lea ecx, dword ptr [ecx+ebx-6D]
004D03D3 2BCB sub ecx, ebx
004D03D5 36:EB 01 jmp short 004D03D9
004D03D8 E8 8D4C1106 call 065E506A
004D03DD 2BCA sub ecx, edx
004D03DF 68 29414000 push 00404129
004D03E4 8F01 pop dword ptr [ecx]
004D03E6 59 pop ecx
004D03E7 66:9D popfw
004D03E9 64:FF30 push dword ptr fs:[eax]
004D03EC 64:8920 mov dword ptr fs:[eax], esp
004D03EF 85DB test ebx, ebx
004D03F1 0F8E 23000000 jle 004D041A
004D03F7 4B dec ebx
004D03F8 895E 0C mov dword ptr [esi+C], ebx
004D03FB 8B45 FC mov eax, dword ptr [ebp-4]
004D03FE 8B44D8 04 mov eax, dword ptr [eax+ebx*8+4]
004D0402 8945 F8 mov dword ptr [ebp-8], eax
004D0405 837D F8 00 cmp dword ptr [ebp-8], 0
004D0409 0F84 03000000 je 004D0412
004D040F FF55 F8 call dword ptr [ebp-8]
004D0412 85DB test ebx, ebx
004D0414 ^ 0F8F DDFFFFFF jg 004D03F7
004D041A 33C0 xor eax, eax
004D041C 5A pop edx
004D041D 59 pop ecx
004D041E 59 pop ecx
004D041F 64:8910 mov dword ptr fs:[eax], edx
004D0422 E9 17040000 jmp 004D083E
004D0427 E9 12040000 jmp 004D083E
004D042C E8 4B3FF3FF call 0040437C
004D0431 ^ E9 FBFDFFFF jmp 004D0231
004D0436 037424 38 add esi, dword ptr [esp+38]
004D043A BE C6214100 mov esi, 004121C6
004D043F 50 push eax
004D0440 8D7475 DB lea esi, dword ptr [ebp+esi*2-25]
004D0444 5E pop esi
004D0445 E9 4F0C0000 jmp 004D1099
004D044A 57 push edi
004D044B E9 84000000 jmp 004D04D4
004D0450 33C0 xor eax, eax
004D0452 A3 B0304700 mov dword ptr [4730B0], eax
004D0457 E9 73070000 jmp 004D0BCF
004D045C 83C8 ED or eax, FFFFFFED
004D045F B8 52E54700 mov eax, 0047E552
004D0464 EB 02 jmp short 004D0468
004D0466 CD20 65EB019A vxdjump 9A01EB65
004D046C FF3423 push dword ptr [ebx]
004D046F 81C0 D6CFFCC9 add eax, C9FCCFD6
004D0475 58 pop eax
004D0476 E9 33070000 jmp 004D0BAE
004D047B 897E 44 mov dword ptr [esi+44], edi
004D047E ^ E9 91FEFFFF jmp 004D0314
004D0483 33C0 xor eax, eax
004D0485 E9 F3030000 jmp 004D087D
004D048A 034424 38 add eax, dword ptr [esp+38]
004D048E B8 F67A4000 mov eax, 00407AF6
004D0493 53 push ebx
004D0494 F3: prefix rep:
004D0495 EB 02 jmp short 004D0499
004D0497 CD20 13C658E9 vxdjump E958C613
004D049D D8FC fdivr st, st(4)
004D049F FFFF ??? ; 未知命令
004D04A1 C1DB B1 rcr ebx, 0B1
004D04A4 83CB 2D or ebx, 2D
004D04A7 C1CB E5 ror ebx, 0E5
004D04AA 335C24 08 xor ebx, dword ptr [esp+8]
004D04AE EB 02 jmp short 004D04B2
004D04B0 CD20 8D5C7A2B vxdcall 2B7A5C8D
004D04B6 64:EB 02 jmp short 004D04BB
004D04B9 CD20 83EB2B64 vxdjump 642BEB83
004D04BF EB 02 jmp short 004D04C3
004D04C1 CD20 8D5C2844 vxdcall 44285C8D
004D04C7 2BDD sub ebx, ebp
004D04C9 8D5C03 BC lea ebx, dword ptr [ebx+eax-44]
004D04CD 2BD8 sub ebx, eax
004D04CF ^ E9 32FBFFFF jmp 004D0006
004D04D4 894D FC mov dword ptr [ebp-4], ecx
004D04D7 BB 5A454600 mov ebx, 0046455A
004D04DC F2: prefix repne:
004D04DD EB 01 jmp short 004D04E0
004D04DF 9A BBBE1242 00B>call far BB00:4212BEBB
004D04E6 AE scas byte ptr es:[edi]
004D04E7 15 4600BBE6 adc eax, E6BB0046
004D04EC A3 4A008D5C mov dword ptr [5C8D004A], eax
004D04F1 2249 8D and cl, byte ptr [ecx-73]
004D04F4 5C pop esp
004D04F5 23B7 E93AFFFF and esi, dword ptr [edi+FFFF3AE9]
004D04FB FF84C0 E9630600 inc dword ptr [eax+eax*8+663E9]
004D0502 001B add byte ptr [ebx], bl
004D0504 D950 33 fst dword ptr [eax+33]
004D0507 5C pop esp
004D0508 24 08 and al, 8
004D050A 335C24 28 xor ebx, dword ptr [esp+28]
004D050E 5B pop ebx
004D050F 33C0 xor eax, eax
004D0511 E9 3F060000 jmp 004D0B55
004D0516 B8 B61D4200 mov eax, 00421DB6 ; ASCII "AG"
004D051B 83D8 B7 sbb eax, -49
004D051E B8 5E4C4A00 mov eax, 004A4C5E
004D0523 EB 01 jmp short 004D0526
004D0525 9A B8E22545 008>call far 8100:4525E2B8
004D052C F0:D2A6 865E8D8>lock shl byte ptr [esi+848D5E86], cl ; 不允许锁定前缀
004D0533 2E:A4 movs byte ptr es:[edi], byte ptr cs:[>
004D0535 3047 00 xor byte ptr [edi], al
004D0538 F2: prefix repne:
004D0539 EB 01 jmp short 004D053C
004D053B 0F2B ??? ; 未知命令
004D053D C52B lds ebp, fword ptr [ebx]
004D053F C6 ??? ; 未知命令
004D0540 E8 4B58F3FF call 00405D90
004D0545 E9 46030000 jmp 004D0890
004D054A 83DD 03 sbb ebp, 3
004D054D F2: prefix repne:
004D054E EB 01 jmp short 004D0551
004D0550 0FBDCA bsr ecx, edx
004D0553 94 xchg eax, esp
004D0554 45 inc ebp
004D0555 0033 add byte ptr [ebx], dh
004D0557 6C ins byte ptr es:[edi], dx
004D0558 24 28 and al, 28
004D055A 336C24 08 xor ebp, dword ptr [esp+8]
004D055E 36:EB 01 jmp short 004D0562
004D0561 F2: prefix repne:
004D0562 BD D0FF4100 mov ebp, 0041FFD0
004D0567 F3: prefix rep:
004D0568 EB 02 jmp short 004D056C
004D056A CD20 23E98D6C vxdjump 6C8DE923
004D0570 04 17 add al, 17
004D0572 2BE8 sub ebp, eax
004D0574 8D6D E9 lea ebp, dword ptr [ebp-17]
004D0577 E9 00010000 jmp 004D067C
004D057C 5B pop ebx
004D057D C3 retn
004D057E 53 push ebx
004D057F 1BC7 sbb eax, edi
004D0581 2BC7 sub eax, edi
004D0583 EB 01 jmp short 004D0586
004D0585 F0:81D8 B6D4579>lock sbb eax, 9F57D4B6 ; 不允许锁定前缀
004D058C 8D840B 6C424700 lea eax, dword ptr [ebx+ecx+47426C]
004D0593 36:EB 01 jmp short 004D0597
004D0596 F3: prefix rep:
004D0597 2BC1 sub eax, ecx
004D0599 2BC3 sub eax, ebx
004D059B 8B00 mov eax, dword ptr [eax]
004D059D E9 7D0D0000 jmp 004D131F
004D05A2 334424 08 xor eax, dword ptr [esp+8]
004D05A6 36:EB 01 jmp short 004D05AA
004D05A9 9A 83F0BC53 B80>call far 06B8:53BCF083
004D05B0 97 xchg eax, edi
004D05B1 49 dec ecx
004D05B2 00F2 add dl, dh
004D05B4 EB 01 jmp short 004D05B7
004D05B6 0FC1D0 xadd eax, edx
004D05B9 E5 58 in eax, 58
004D05BB E9 42000000 jmp 004D0602
004D05C0 A3 AC304700 mov dword ptr [4730AC], eax
004D05C5 ^ E9 86FEFFFF jmp 004D0450
004D05CA 33C0 xor eax, eax
004D05CC A3 04304700 mov dword ptr [473004], eax
004D05D1 807B 28 02 cmp byte ptr [ebx+28], 2
004D05D5 0F85 A5020000 jnz 004D0880
004D05DB E9 4D0D0000 jmp 004D132D
004D05E0 EB 01 jmp short 004D05E3
004D05E2 9A 83E899B8 2A0>call far 0B2A:B899E883
004D05E9 46 inc esi
004D05EA 008D 4475A38D add byte ptr [ebp+8DA37544], cl
004D05F0 813443 470065EB xor dword ptr [ebx+eax*2], EB650047
004D05F7 01E8 add eax, ebp
004D05F9 2BC1 sub eax, ecx
004D05FB 8B00 mov eax, dword ptr [eax]
004D05FD E9 CA090000 jmp 004D0FCC
004D0602 F2: prefix repne:
004D0603 EB 01 jmp short 004D0606
004D0605 F2: prefix repne:
004D0606 335424 28 xor edx, dword ptr [esp+28]
004D060A 83EA 59 sub edx, 59
004D060D FF35 10904500 push dword ptr [459010] ; de_QQJQS.0045905C
004D0613 F3: prefix rep:
004D0614 EB 02 jmp short 004D0618
004D0616 CD20 8D545120 vxdcall 2051548D
004D061C 83EA 20 sub edx, 20
004D061F 2BD2 sub edx, edx
004D0621 5A pop edx
004D0622 E8 5932F3FF call 00403880
004D0627 ^ E9 D0FEFFFF jmp 004D04FC
004D062C 8D7C4B 58 lea edi, dword ptr [ebx+ecx*2+58]
004D0630 8D7C0F A8 lea edi, dword ptr [edi+ecx-58]
004D0634 2BF9 sub edi, ecx
004D0636 EB 02 jmp short 004D063A
004D0638 CD20 FF30037C vxdcall 7C0330FF
004D063E 24 18 and al, 18
004D0640 037C24 38 add edi, dword ptr [esp+38]
004D0644 5F pop edi
004D0645 FF57 2C call dword ptr [edi+2C]
004D0648 ^ E9 E9FAFFFF jmp 004D0136
004D064D EB 02 jmp short 004D0651
004D064F CD20 8D543AB8 vxdcall B83A548D
004D0655 F2: prefix repne:
004D0656 EB 01 jmp short 004D0659
004D0658 69FF 3083EA97 imul edi, edi, 97EA8330
004D065E 65:EB 01 jmp short 004D0662
004D0661 69BA 04324200 5>imul edi, dword ptr [edx+423204], 949>
004D066B 0000 add byte ptr [eax], al
004D066D 00E9 add cl, ch
004D066F 09FF or edi, edi
004D0671 FFFF ??? ; 未知命令
004D0673 807B 28 01 cmp byte ptr [ebx+28], 1
004D0677 E9 C30C0000 jmp 004D133F
004D067C 83C4 F0 add esp, -10
004D067F ^ E9 0FFCFFFF jmp 004D0293
004D0684 8918 mov dword ptr [eax], ebx
004D0686 ^ E9 B2FAFFFF jmp 004D013D
004D068B 807B 28 01 cmp byte ptr [ebx+28], 1
004D068F E9 B60C0000 jmp 004D134A
004D0694 8D544B 5D lea edx, dword ptr [ebx+ecx*2+5D]
004D0698 F3: prefix rep:
004D0699 EB 02 jmp short 004D069D
004D069B CD20 EB02CD20 vxdcall 20CD02EB
004D06A1 8D541A A3 lea edx, dword ptr [edx+ebx-5D]
004D06A5 2BD3 sub edx, ebx
004D06A7 64:FF35 0000000>push dword ptr fs:[0]
004D06AE 66:9C pushfw
004D06B0 53 push ebx
004D06B1 1BDF sbb ebx, edi
004D06B3 8BDC mov ebx, esp
004D06B5 EB 01 jmp short 004D06B8
004D06B7 - 0F8D 5C3B062B jge 2B534219
004D06BD DF68 A4 fild qword ptr [eax-5C]
004D06C0 3047 00 xor byte ptr [edi], al
004D06C3 8F03 pop dword ptr [ebx]
004D06C5 5B pop ebx
004D06C6 2E:EB 01 jmp short 004D06CA
004D06C9 F3:66: prefix rep:
004D06CB 9D popfd
004D06CC 81C2 B49DC837 add edx, 37C89DB4
004D06D2 5A pop edx
004D06D3 E9 1A050000 jmp 004D0BF2
004D06D8 034424 38 add eax, dword ptr [esp+38]
004D06DC 034424 18 add eax, dword ptr [esp+18]
004D06E0 C1D0 5B rcl eax, 5B
004D06E3 B8 6EEC4000 mov eax, 0040EC6E
004D06E8 8D8422 34434700 lea eax, dword ptr [edx+474334]
004D06EF 2BC2 sub eax, edx
004D06F1 F3: prefix rep:
004D06F2 EB 02 jmp short 004D06F6
004D06F4 CD20 FF3036EB vxdcall EB3630FF
004D06FA 0169 B8 add dword ptr [ecx-48], ebp
004D06FD 90 nop
004D06FE - E9 470003C3 jmp C350074A
004D0703 58 pop eax
004D0704 E9 62040000 jmp 004D0B6B
004D0709 034424 38 add eax, dword ptr [esp+38]
004D070D B8 A68C4900 mov eax, 00498CA6 ; ASCII "}殪"
004D0712 C1D8 4B rcr eax, 4B
004D0715 C1C8 27 ror eax, 27
004D0718 8D8422 34434700 lea eax, dword ptr [edx+474334]
004D071F 2BC2 sub eax, edx
004D0721 8B00 mov eax, dword ptr [eax]
004D0723 E9 36080000 jmp 004D0F5E
004D0728 F3: prefix rep:
004D0729 EB 02 jmp short 004D072D
004D072B CD20 23CE034C vxdjump 4C03CE23
004D0731 24 18 and al, 18
004D0733 B9 3E984600 mov ecx, 0046983E
004D0738 8D8C22 38414700 lea ecx, dword ptr [edx+474138]
004D073F 2BCA sub ecx, edx
004D0741 8B09 mov ecx, dword ptr [ecx]
004D0743 ^ E9 98FEFFFF jmp 004D05E0
004D0748 E8 6F5EF3FF call 004065BC
004D074D ^ E9 86FFFFFF jmp 004D06D8
004D0752 83CA DF or edx, FFFFFFDF
004D0755 BA F6FC4200 mov edx, 0042FCF6 ; ASCII "rentFont"
004D075A 03D3 add edx, ebx
004D075C 8D97 E0084700 lea edx, dword ptr [edi+4708E0]
004D0762 2BD7 sub edx, edi
004D0764 FF32 push dword ptr [edx]
004D0766 EB 01 jmp short 004D0769
004D0768 0FBA ??? ; 未知命令
004D076A C6C6 48 mov dh, 48
004D076D 00F2 add dl, dh
004D076F EB 01 jmp short 004D0772
004D0771 F3: prefix rep:
004D0772 BA 8AFB4600 mov edx, 0046FB8A
004D0777 5A pop edx
004D0778 ^ E9 E0FBFFFF jmp 004D035D
004D077D E9 D30B0000 jmp 004D1355
004D0782 59 pop ecx
004D0783 5D pop ebp
004D0784 E9 8F080000 jmp 004D1018
004D0789 E9 D90B0000 jmp 004D1367
004D078E E8 FD2BF9FF call 00463390
004D0793 E9 47080000 jmp 004D0FDF
004D0798 E9 D80B0000 jmp 004D1375
004D079D C3 retn
004D079E 53 push ebx
004D079F 56 push esi
004D07A0 57 push edi
004D07A1 BE 6A374900 mov esi, 0049376A
004D07A6 F2: prefix repne:
004D07A7 EB 01 jmp short 004D07AA
004D07A9 69C1 CEA781D6 imul eax, ecx, D681A7CE
004D07AF A0 BF12858D mov al, byte ptr [8D8512BF]
004D07B4 B3 6C mov bl, 6C
004D07B6 3047 00 xor byte ptr [edi], al
004D07B9 2BF3 sub esi, ebx
004D07BB B1 10 mov cl, 10
004D07BD 2E:EB 01 jmp short 004D07C1
004D07C0 698B 5C2410EB 0>imul ecx, dword ptr [ebx+EB10245C], 6>
004D07CA EB 01 jmp short 004D07CD
004D07CC 9A 8D5C5E4F 8D5>call far 5C8D:4F5E5C8D
004D07D3 0BB1 F3EB02CD or esi, dword ptr [ecx+CD02EBF3]
004D07D9 202B and byte ptr [ebx], ch
004D07DB D92B fldcw word ptr [ebx]
004D07DD DBFF fstp edi ; 非法使用寄存器
004D07DF 35 00304700 xor eax, 473000
004D07E4 C1C3 B1 rol ebx, 0B1
004D07E7 C1D3 2D rcl ebx, 2D
004D07EA 5B pop ebx
004D07EB ^ E9 9AFCFFFF jmp 004D048A
004D07F0 A3 68564700 mov dword ptr [475668], eax
004D07F5 B8 36754400 mov eax, 00447536
004D07FA B8 EE5E4000 mov eax, 00405EEE
004D07FF 034424 38 add eax, dword ptr [esp+38]
004D0803 EB 01 jmp short 004D0806
004D0805 9A C1C8B113 C18>call far 8DC1:13B1C8C1
004D080C 842E test byte ptr [esi], ch
004D080E 68 5647002B push 2B004756
004D0813 C52B lds ebp, fword ptr [ebx]
004D0815 C6 ??? ; 未知命令
004D0816 FF30 push dword ptr [eax]
004D0818 B8 B2DA4100 mov eax, 0041DAB2
004D081D 334424 28 xor eax, dword ptr [esp+28]
004D0821 58 pop eax
004D0822 A3 A8304700 mov dword ptr [4730A8], eax
004D0827 E9 89090000 jmp 004D11B5
004D082C 53 push ebx
004D082D ^ E9 D1FCFFFF jmp 004D0503
004D0832 FF53 24 call dword ptr [ebx+24]
004D0835 807B 28 00 cmp byte ptr [ebx+28], 0
004D0839 E9 490B0000 jmp 004D1387
004D083E 5F pop edi
004D083F 5E pop esi
004D0840 5B pop ebx
004D0841 59 pop ecx
004D0842 59 pop ecx
004D0843 5D pop ebp
004D0844 C3 retn
004D0845 C705 14504700 9>mov dword ptr [475014], <jmp.&kernel>
004D084F C705 18504700 A>mov dword ptr [475018], <jmp.&kernel>
004D0859 A3 40564700 mov dword ptr [475640], eax
004D085E 33C0 xor eax, eax
004D0860 A3 44564700 mov dword ptr [475644], eax
004D0865 8915 48564700 mov dword ptr [475648], edx
004D086B 8B42 04 mov eax, dword ptr [edx+4]
004D086E A3 30504700 mov dword ptr [475030], eax
004D0873 E8 1438F3FF call 0040408C
004D0878 E9 3E070000 jmp 004D0FBB
004D087D 8943 0C mov dword ptr [ebx+C], eax
004D0880 E8 4F38F3FF call 004040D4
004D0885 ^ E9 01FEFFFF jmp 004D068B
004D088A 51 push ecx
004D088B ^ E9 9EFAFFFF jmp 004D032E
004D0890 C3 retn
004D0891 ^ E9 96FFFFFF jmp 004D082C
004D0896 E8 C939F3FF call 00404264
004D089B ^ E9 B3FAFFFF jmp 004D0353
004D08A0 ^ 0F85 6EFAFFFF jnz 004D0314
004D08A6 ^ E9 F7FCFFFF jmp 004D05A2
004D08AB 83CA FF or edx, FFFFFFFF
004D08AE 1BC1 sbb eax, ecx
004D08B0 0BC1 or eax, ecx
004D08B2 65:EB 01 jmp short 004D08B6
004D08B5 - 0F8D 437352EB jge EB9F7BFE
004D08BB 01E8 add eax, ebp
004D08BD 51 push ecx
004D08BE 53 push ebx
004D08BF 035424 18 add edx, dword ptr [esp+18]
004D08C3 035424 38 add edx, dword ptr [esp+38]
004D08C7 52 push edx
004D08C8 66:9C pushfw
004D08CA 55 push ebp
004D08CB 0BE9 or ebp, ecx
004D08CD 8BEC mov ebp, esp
004D08CF 8D6C1D 06 lea ebp, dword ptr [ebp+ebx+6]
004D08D3 2BEB sub ebp, ebx
004D08D5 F3: prefix rep:
004D08D6 EB 02 jmp short 004D08DA
004D08D8 CD20 6868BFC2 vxdcall C2BF6868
004D08DE 0A55 81 or dl, byte ptr [ebp-7F]
004D08E1 E5 F2 in eax, 0F2
004D08E3 02AF AA8BECF3 add ch, byte ptr [edi+F3EC8BAA]
004D08E9 EB 02 jmp short 004D08ED
004D08EB CD20 8D6C1D04 vxdcall 41D6C8D
004D08F1 2BEB sub ebp, ebx
004D08F3 68 7081CA85 push 85CA8170
004D08F8 55 push ebp
004D08F9 81CD 3A7D400E or ebp, 0E407D3A
004D08FF 8BEC mov ebp, esp
004D0901 EB 01 jmp short 004D0904
004D0903 - 0F83 C5045083 jnb 839D0DCE
004D0909 E8 17EB010F call 0F4EF425
004D090E B8 32B84300 mov eax, 0043B832
004D0913 2E:EB 01 jmp short 004D0917
004D0916 9A 8D44510E 64E>call far EB64:0E51448D
004D091D 02CD add cl, ch
004D091F 208D 4428F22B and byte ptr [ebp+2BF22844], cl
004D0925 C5EB lds ebp, ebx ; 非法使用寄存器
004D0927 02CD add cl, ch
004D0929 208D 842EB862 and byte ptr [ebp+62B82E84], cl
004D092F 0C EA or al, 0EA
004D0931 2BC5 sub eax, ebp
004D0933 2BC6 sub eax, esi
004D0935 EB 01 jmp short 004D0938
004D0937 E8 26EB02CD call CD4FF462
004D093C 2050 8F and byte ptr [eax-71], dl
004D093F 45 inc ebp
004D0940 0058 5D add byte ptr [eax+5D], bl
004D0943 F2: prefix repne:
004D0944 EB 01 jmp short 004D0947
004D0946 F3: prefix rep:
004D0947 8F4425 00 pop dword ptr [ebp]
004D094B 5D pop ebp
004D094C 8F45 00 pop dword ptr [ebp]
004D094F 5D pop ebp
004D0950 66:9D popfw
004D0952 23D1 and edx, ecx
004D0954 5A pop edx
004D0955 52 push edx
004D0956 EB 02 jmp short 004D095A
004D0958 CD20 03DA5BC1 vxdjump C15BDA03
004D095E CB retf
004D095F A0 87CB83E9 mov al, byte ptr [E983CB87]
004D0964 3AF3 cmp dh, bl
004D0966 EB 02 jmp short 004D096A
004D0968 CD20 8D547A00 vxdcall 7A548D
004D096E 8BD1 mov edx, ecx
004D0970 81C2 BB9DF315 add edx, 15F39DBB
004D0976 4A dec edx
004D0977 2BC2 sub eax, edx
004D0979 BB 22F04300 mov ebx, 0043F022
004D097E 335C24 28 xor ebx, dword ptr [esp+28]
004D0982 5B pop ebx
004D0983 0BCF or ecx, edi
004D0985 59 pop ecx
004D0986 83DA B7 sbb edx, -49
004D0989 F2: prefix repne:
004D098A EB 01 jmp short 004D098D
004D098C 6933 5424085A imul esi, dword ptr [ebx], 5A082454
004D0992 8D4430 C5 lea eax, dword ptr [eax+esi-3B]
004D0996 2BC6 sub eax, esi
004D0998 ^ E9 8FFCFFFF jmp 004D062C
004D099D 64:FF30 push dword ptr fs:[eax]
004D09A0 64:8920 mov dword ptr fs:[eax], esp
004D09A3 034C24 38 add ecx, dword ptr [esp+38]
004D09A7 36:EB 01 jmp short 004D09AB
004D09AA F3: prefix rep:
004D09AB B9 54984200 mov ecx, 00429854
004D09B0 81C9 42DE68DF or ecx, DF68DE42
004D09B6 F3: prefix rep:
004D09B7 EB 02 jmp short 004D09BB
004D09B9 CD20 81E1C7C6 vxdjump C6C7E181
004D09BF 2E:D7 xlat byte ptr cs:[ebx+al]
004D09C1 8D4C2E 55 lea ecx, dword ptr [esi+ebp+55]
004D09C5 2BCD sub ecx, ebp
004D09C7 8D4C01 AB lea ecx, dword ptr [ecx+eax-55]
004D09CB 2E:EB 01 jmp short 004D09CF
004D09CE E8 2BC8E9D5 call D636D1FE
004D09D3 FE ??? ; 未知命令
004D09D4 FFFF ??? ; 未知命令
004D09D6 2BCF sub ecx, edi
004D09D8 36:EB 01 jmp short 004D09DC
004D09DB F2: prefix repne:
004D09DC C1D9 EB rcr ecx, 0EB
004D09DF 034C24 38 add ecx, dword ptr [esp+38]
004D09E3 8D8C22 0B000000 lea ecx, dword ptr [edx+B]
004D09EA 2BCA sub ecx, edx
004D09EC F3:A5 rep movs dword ptr es:[edi], dword p>
004D09EE ^ E9 DEFBFFFF jmp 004D05D1
004D09F3 ^ E9 1EFBFFFF jmp 004D0516
004D09F8 8B00 mov eax, dword ptr [eax]
004D09FA E9 94000000 jmp 004D0A93
004D09FF 85C0 test eax, eax
004D0A01 E9 8C090000 jmp 004D1392
004D0A06 5E pop esi
004D0A07 5B pop ebx
004D0A08 ^ E9 75FDFFFF jmp 004D0782
004D0A0D FF15 28504700 call dword ptr [475028]
004D0A13 E9 C7000000 jmp 004D0ADF
004D0A18 55 push ebp
004D0A19 81CD 020CB896 or ebp, 96B80C02
004D0A1F 0BE9 or ebp, ecx
004D0A21 BD FE8F4000 mov ebp, 00408FFE
004D0A26 EB 01 jmp short 004D0A29
004D0A28 9A 336C2408 EB0>call far 02EB:08246C33
004D0A2F CD20 8D6C3428 vxdcall 28346C8D
004D0A35 2BEE sub ebp, esi
004D0A37 8D6D D8 lea ebp, dword ptr [ebp-28]
004D0A3A 83C4 F8 add esp, -8
004D0A3D 53 push ebx
004D0A3E 56 push esi
004D0A3F 57 push edi
004D0A40 1BF7 sbb esi, edi
004D0A42 68 BE874A00 push 004A87BE
004D0A47 66:9C pushfw
004D0A49 56 push esi
004D0A4A 037424 38 add esi, dword ptr [esp+38]
004D0A4E EB 01 jmp short 004D0A51
004D0A50 9A C1CE598B F43>call far 3EF4:8B59CEC1
004D0A57 EB 02 jmp short 004D0A5B
004D0A59 CD20 8D740E06 vxdcall 60E748D
004D0A5F 2BF1 sub esi, ecx
004D0A61 EB 02 jmp short 004D0A65
004D0A63 CD20 5653EB02 vxdcall 2EB5356
004D0A69 CD20 33D88BDC vxdjump DC8BD833
004D0A6F 8D5C03 04 lea ebx, dword ptr [ebx+eax+4]
004D0A73 2BD8 sub ebx, eax
004D0A75 C703 38564700 mov dword ptr [ebx], 00475638
004D0A7B 5B pop ebx
004D0A7C 8F46 00 pop dword ptr [esi]
004D0A7F 5E pop esi
004D0A80 66:9D popfw
004D0A82 81C6 3ED1B8AC add esi, ACB8D13E
004D0A88 5E pop esi
004D0A89 8B46 08 mov eax, dword ptr [esi+8]
004D0A8C 85C0 test eax, eax
004D0A8E E9 0A090000 jmp 004D139D
004D0A93 2E:EB 01 jmp short 004D0A97
004D0A96 698B 54241081 C>imul ecx, dword ptr [ebx+81102454], 4>
004D0AA0 04 26 add al, 26
004D0AA2 EB 02 jmp short 004D0AA6
004D0AA4 CD20 81E27433 vxdjump 3374E281
004D0AAA 89F4 mov esp, esi
004D0AAC F2: prefix repne:
004D0AAD EB 01 jmp short 004D0AB0
004D0AAF - E9 81EA8A53 jmp 53D7F535
004D0AB4 4F dec edi
004D0AB5 52 push edx
004D0AB6 8D9429 A0284700 lea edx, dword ptr [ecx+ebp+4728A0]
004D0ABD 2BD5 sub edx, ebp
004D0ABF 2BD1 sub edx, ecx
004D0AC1 E8 B224F9FF call 00462F78
004D0AC6 ^ E9 5DFCFFFF jmp 004D0728
004D0ACB E8 DC35F3FF call 004040AC
004D0AD0 ^ E9 9EFBFFFF jmp 004D0673
004D0AD5 E8 4E29F9FF call 00463428
004D0ADA ^ E9 4DF9FFFF jmp 004D042C
004D0ADF 334424 08 xor eax, dword ptr [esp+8]
004D0AE3 C1D8 BD rcr eax, 0BD
004D0AE6 8D4475 7D lea eax, dword ptr [ebp+esi*2+7D]
004D0AEA 83E8 7D sub eax, 7D
004D0AED F3: prefix rep:
004D0AEE EB 02 jmp short 004D0AF2
004D0AF0 CD20 8D447A4D vxdcall 4D7A448D
004D0AF6 83E8 4D sub eax, 4D
004D0AF9 2BC7 sub eax, edi
004D0AFB 8D8429 00304700 lea eax, dword ptr [ecx+ebp+473000]
004D0B02 65:EB 01 jmp short 004D0B06
004D0B05 F0:2BC5 lock sub eax, ebp ; 不允许锁定前缀
004D0B08 2BC1 sub eax, ecx
004D0B0A F3: prefix rep:
004D0B0B EB 02 jmp short 004D0B0F
004D0B0D CD20 FF3065EB vxdcall EB6530FF
004D0B13 019A 83F02233 add dword ptr [edx+3322F083], ebx
004D0B19 C558 50 lds ebx, fword ptr [eax+50]
004D0B1C E8 A307F3FF call <jmp.&kernel32.ExitProcess>
004D0B21 ^ E9 36F9FFFF jmp 004D045C
004D0B26 81C7 A4710CAE add edi, AE0C71A4
004D0B2C 13FB adc edi, ebx
004D0B2E 8D7B 2A lea edi, dword ptr [ebx+2A]
004D0B31 8D7F D6 lea edi, dword ptr [edi-2A]
004D0B34 E9 F0030000 jmp 004D0F29
004D0B39 5B pop ebx
004D0B3A C3 retn
004D0B3B 53 push ebx
004D0B3C 1BDB sbb ebx, ebx
004D0B3E 13DB adc ebx, ebx
004D0B40 8D58 2F lea ebx, dword ptr [eax+2F]
004D0B43 8D5C2B D1 lea ebx, dword ptr [ebx+ebp-2F]
004D0B47 2BDD sub ebx, ebp
004D0B49 83BB 80010000 0>cmp dword ptr [ebx+180], 0
004D0B50 E9 3E040000 jmp 004D0F93
004D0B55 A3 9C304700 mov dword ptr [47309C], eax
004D0B5A 6A 00 push 0
004D0B5C E8 9759F3FF call <jmp.&kernel32.GetModuleHandleA>
004D0B61 ^ E9 8AFCFFFF jmp 004D07F0
004D0B66 E9 3D080000 jmp 004D13A8
004D0B6B 8B00 mov eax, dword ptr [eax]
004D0B6D ^ E9 1CFCFFFF jmp 004D078E
004D0B72 55 push ebp
004D0B73 6A 3A push 3A
004D0B75 66:9C pushfw
004D0B77 55 push ebp
004D0B78 8D6C11 9F lea ebp, dword ptr [ecx+edx-61]
004D0B7C 64:EB 02 jmp short 004D0B81
004D0B7F CD20 2BEA8BEC vxdjump EC8BEA2B
004D0B85 8D6C0D 06 lea ebp, dword ptr [ebp+ecx+6]
004D0B89 2BE9 sub ebp, ecx
004D0B8B 51 push ecx
004D0B8C 034C24 18 add ecx, dword ptr [esp+18]
004D0B90 034C24 38 add ecx, dword ptr [esp+38]
004D0B94 8D8C22 E6334600 lea ecx, dword ptr [edx+4633E6]
004D0B9B 2BCA sub ecx, edx
004D0B9D 36:EB 01 jmp short 004D0BA1
004D0BA0 C7 ??? ; 未知命令
004D0BA1 51 push ecx
004D0BA2 8F45 00 pop dword ptr [ebp]
004D0BA5 59 pop ecx
004D0BA6 5D pop ebp
004D0BA7 66:9D popfw
004D0BA9 ^ E9 EFFDFFFF jmp 004D099D
004D0BAE 8D7447 45 lea esi, dword ptr [edi+eax*2+45]
004D0BB2 F2: prefix repne:
004D0BB3 EB 01 jmp short 004D0BB6
004D0BB5 F0:8D742E BB lock lea esi, dword ptr [esi+ebp-45] ; 不允许锁定前缀
004D0BBA 2BF5 sub esi, ebp
004D0BBC 50 push eax
004D0BBD 81F6 649133A7 xor esi, A7339164
004D0BC3 5E pop esi
004D0BC4 ^ E9 B4F7FFFF jmp 004D037D
004D0BC9 55 push ebp
004D0BCA ^ E9 98F7FFFF jmp 004D0367
004D0BCF E8 DC59F3FF call 004065B0
004D0BD4 ^ E9 BBFAFFFF jmp 004D0694
004D0BD9 FF33 push dword ptr [ebx]
004D0BDB 83DB CD sbb ebx, -33
004D0BDE 335C24 08 xor ebx, dword ptr [esp+8]
004D0BE2 5B pop ebx
004D0BE3 E9 36040000 jmp 004D101E
004D0BE8 8B7B 10 mov edi, dword ptr [ebx+10]
004D0BEB 85FF test edi, edi
004D0BED E9 C1070000 jmp 004D13B3
004D0BF2 8D8435 18D54700 lea eax, dword ptr [ebp+esi+47D518]
004D0BF9 53 push ebx
004D0BFA B8 DEDA4200 mov eax, 0042DADE
004D0BFF B8 160E4500 mov eax, 00450E16
004D0C04 58 pop eax
004D0C05 E8 AA35F3FF call 004041B4
004D0C0A ^ E9 2AFFFFFF jmp 004D0B39
004D0C0F ^ E9 30F7FFFF jmp 004D0344
004D0C14 56 push esi
004D0C15 E8 CA06F3FF call <jmp.&kernel32.FreeLibrary>
004D0C1A ^ E9 ACFEFFFF jmp 004D0ACB
004D0C1F C1D3 83 rcl ebx, 83
004D0C22 EB 01 jmp short 004D0C25
004D0C24 69BB CA2B4100 F>imul edi, dword ptr [ebx+412BCA], 426>
004D0C2E 47 inc edi
004D0C2F 008D 5C355E36 add byte ptr [ebp+365E355C], cl
004D0C35 EB 01 jmp short 004D0C38
004D0C37 - E9 523EEB02 jmp 03384A8E
004D0C3C CD20 51EB01F2 vxdjump F201EB51
004D0C42 68 CCFFFFFF push -34
004D0C47 5A pop edx
004D0C48 87CA xchg edx, ecx
004D0C4A 83F1 26 xor ecx, 26
004D0C4D 83F1 F4 xor ecx, FFFFFFF4
004D0C50 36:EB 01 jmp short 004D0C54
004D0C53 9A BAF86646 003>call far 3300:4666F8BA
004D0C5A D7 xlat byte ptr [ebx+al]
004D0C5B F3: prefix rep:
004D0C5C EB 02 jmp short 004D0C60
004D0C5E CD20 81DAA56F vxdjump 6FA5DA81
004D0C64 B8 7DEB02CD mov eax, CD02EB7D
004D0C69 20F3 and bl, dh
004D0C6B EB 02 jmp short 004D0C6F
004D0C6D CD20 81F2190A vxdjump A19F281
004D0C73 9E sahf
004D0C74 63F3 arpl bx, si
004D0C76 EB 02 jmp short 004D0C7A
004D0C78 CD20 8D543917 vxdcall 1739548D
004D0C7E 2BD7 sub edx, edi
004D0C80 8D540A 86 lea edx, dword ptr [edx+ecx-7A]
004D0C84 56 push esi
004D0C85 50 push eax
004D0C86 57 push edi
004D0C87 1BC3 sbb eax, ebx
004D0C89 65:EB 01 jmp short 004D0C8D
004D0C8C - E9 68F9174E jmp 4E6505F9
004D0C91 52 push edx
004D0C92 81E8 A0323D2A sub eax, 2A3D32A0
004D0C98 58 pop eax
004D0C99 81C7 CE563BA9 add edi, A93B56CE
004D0C9F 8D7C35 6F lea edi, dword ptr [ebp+esi+6F]
004D0CA3 50 push eax
004D0CA4 52 push edx
004D0CA5 51 push ecx
004D0CA6 EB 01 jmp short 004D0CA9
004D0CA8 C7 ??? ; 未知命令
004D0CA9 8D91 211C419D lea edx, dword ptr [ecx+9D411C21]
004D0CAF 2BD1 sub edx, ecx
004D0CB1 83D9 45 sbb ecx, 45
004D0CB4 B9 028B4100 mov ecx, 00418B02
004D0CB9 52 push edx
004D0CBA 64:EB 02 jmp short 004D0CBF
004D0CBD CD20 8D4C11DB vxdcall DB114C8D
004D0CC3 52 push edx
004D0CC4 F3: prefix rep:
004D0CC5 EB 02 jmp short 004D0CC9
004D0CC7 CD20 BABD68CB vxdjump CB68BDBA
004D0CCD ^ E3 83 jecxz short 004D0C52
004D0CCF EA C0F7D281 F2B>jmp far BBF2:81D2F7C0
004D0CD6 32B4C8 81EAC3A5 xor dh, byte ptr [eax+ecx*8+A5C3EA81>
004D0CDD 80D4 F7 adc ah, 0F7
004D0CE0 DA2B fisubr dword ptr [ebx]
004D0CE2 CA 5A59 retf 595A
004D0CE5 81F1 E3DBDD46 xor ecx, 46DDDBE3
004D0CEB 49 dec ecx
004D0CEC 51 push ecx
004D0CED BA 12464100 mov edx, 00414612
004D0CF2 BA 0A084600 mov edx, 0046080A
004D0CF7 5A pop edx
004D0CF8 83C2 F8 add edx, -8
004D0CFB F7D2 not edx
004D0CFD 034424 38 add eax, dword ptr [esp+38]
004D0D01 83C8 93 or eax, FFFFFF93
004D0D04 8BC2 mov eax, edx
004D0D06 81E8 D9376324 sub eax, 246337D9
004D0D0C 48 dec eax
004D0D0D 50 push eax
004D0D0E F2: prefix repne:
004D0D0F EB 01 jmp short 004D0D12
004D0D11 9A 33542408 EB0>call far 01EB:08245433
004D0D18 6903 5424185A imul eax, dword ptr [ebx], 5A182454
004D0D1E 2BFA sub edi, edx
004D0D20 59 pop ecx
004D0D21 F2: prefix repne:
004D0D22 EB 01 jmp short 004D0D25
004D0D24 9A 5A582BFE 8D7>call far 7C8D:FE2B585A
004D0D2B 203D 83EF3D83 and byte ptr [833DEF83], bh
004D0D31 EF out dx, eax
004D0D32 74 33 je short 004D0D67
004D0D34 44 inc esp
004D0D35 24 08 and al, 8
004D0D37 B8 FAFC4600 mov eax, 0046FCFA
004D0D3C B8 6AE04600 mov eax, 0046E06A
004D0D41 334424 08 xor eax, dword ptr [esp+8]
004D0D45 8D47 28 lea eax, dword ptr [edi+28]
004D0D48 56 push esi
004D0D49 57 push edi
004D0D4A F2: prefix repne:
004D0D4B EB 01 jmp short 004D0D4E
004D0D4D 0F5103 sqrtps xmm0, dqword ptr [ebx]
004D0D50 74 24 je short 004D0D76
004D0D52 38C1 cmp cl, al
004D0D54 CE into
004D0D55 6BBE 2A000000 8>imul edi, dword ptr [esi+2A], -79
004D0D5C CE into
004D0D5D 83C1 7C add ecx, 7C
004D0D60 337C24 28 xor edi, dword ptr [esp+28]
004D0D64 337C24 08 xor edi, dword ptr [esp+8]
004D0D68 C1DF 89 rcr edi, 89
004D0D6B 337C24 28 xor edi, dword ptr [esp+28]
004D0D6F F3: prefix rep:
004D0D70 EB 02 jmp short 004D0D74
004D0D72 CD20 BF260444 vxdcall 440426BF
004D0D78 002E add byte ptr [esi], ch
004D0D7A EB 01 jmp short 004D0D7D
004D0D7C 9A 8B7C2430 8D7>call far 7C8D:30247C8B
004D0D83 115E EB adc dword ptr [esi-15], ebx
004D0D86 019A 2BFAF2EB add dword ptr [edx+EBF2FA2B], ebx
004D0D8C 01C7 add edi, eax
004D0D8E 65:EB 01 jmp short 004D0D92
004D0D91 - 0F8D 7C27A2C1 jge C1EF3513
004D0D97 CF iretd
004D0D98 ^ E1 BE loopde short 004D0D58
004D0D9A AE scas byte ptr es:[edi]
004D0D9B 194A 00 sbb dword ptr [edx], ecx
004D0D9E 037424 18 add esi, dword ptr [esp+18]
004D0DA2 EB 01 jmp short 004D0DA5
004D0DA4 E8 BE228A45 call 45D73067
004D0DA9 00C1 add cl, al
004D0DAB DE8D 8D776052 fimul word ptr [ebp+5260778D]
004D0DB1 53 push ebx
004D0DB2 55 push ebp
004D0DB3 83DA 25 sbb edx, 25
004D0DB6 65:EB 01 jmp short 004D0DBA
004D0DB9 0FBAF0 DD btr eax, 0DD
004D0DBD 42 inc edx
004D0DBE 0068 9C add byte ptr [eax-64], ch
004D0DC1 0000 add byte ptr [eax], al
004D0DC3 00C1 add cl, al
004D0DC5 D295 33542408 rcl byte ptr [ebp+8245433], cl
004D0DCB 5A pop edx
004D0DCC 87EA xchg edx, ebp
004D0DCE 83ED 14 sub ebp, 14
004D0DD1 87DD xchg ebp, ebx
004D0DD3 83EB 2D sub ebx, 2D
004D0DD6 53 push ebx
004D0DD7 81D2 BA17F7D6 adc edx, D6F717BA
004D0DDD 5A pop edx
004D0DDE 83F2 0F xor edx, 0F
004D0DE1 2BF2 sub esi, edx
004D0DE3 2BEB sub ebp, ebx
004D0DE5 5D pop ebp
004D0DE6 C1DB 9B rcr ebx, 9B
004D0DE9 C1DB 77 rcr ebx, 77
004D0DEC 3E:EB 02 jmp short 004D0DF1
004D0DEF CD20 5B8D5447 vxdjump 47548D5B
004D0DF5 75 5A jnz short 004D0E51
004D0DF7 36:EB 01 jmp short 004D0DFB
004D0DFA C7 ??? ; 未知命令
004D0DFB 8D7416 F4 lea esi, dword ptr [esi+edx-C]
004D0DFF 2BF2 sub esi, edx
004D0E01 83C6 B3 add esi, -4D
004D0E04 F3: prefix rep:
004D0E05 EB 02 jmp short 004D0E09
004D0E07 CD20 03C683E9 vxdjump E983C603
004D0E0D C9 leave
004D0E0E 334C24 28 xor ecx, dword ptr [esp+28]
004D0E12 59 pop ecx
004D0E13 81EF 18A5BE5C sub edi, 5CBEA518
004D0E19 5F pop edi
004D0E1A C1C6 AF rol esi, 0AF
004D0E1D C1CE 4B ror esi, 4B
004D0E20 5E pop esi
004D0E21 8D4428 ED lea eax, dword ptr [eax+ebp-13]
004D0E25 52 push edx
004D0E26 64:EB 02 jmp short 004D0E2B
004D0E29 CD20 5103D536 vxdcall 36D50351
004D0E2F EB 01 jmp short 004D0E32
004D0E31 9A BAE87711 FE5>call far 52FE:1177E8BA
004D0E38 C1D9 CD rcr ecx, 0CD
004D0E3B B9 12AB4100 mov ecx, 0041AB12
004D0E40 59 pop ecx
004D0E41 81C1 2B269176 add ecx, 7691262B
004D0E47 49 dec ecx
004D0E48 81F1 3327A69C xor ecx, 9CA62733
004D0E4E 49 dec ecx
004D0E4F 51 push ecx
004D0E50 035424 18 add edx, dword ptr [esp+18]
004D0E54 035424 38 add edx, dword ptr [esp+38]
004D0E58 5A pop edx
004D0E59 81EA 3BB904E8 sub edx, E804B93B
004D0E5F F7DA neg edx
004D0E61 2BC2 sub eax, edx
004D0E63 81D9 129E26DB sbb ecx, DB269E12
004D0E69 59 pop ecx
004D0E6A F2: prefix repne:
004D0E6B EB 01 jmp short 004D0E6E
004D0E6D E8 03542438 call 38716275
004D0E72 035424 18 add edx, dword ptr [esp+18]
004D0E76 5A pop edx
004D0E77 2BC5 sub eax, ebp
004D0E79 83E8 69 sub eax, 69
004D0E7C F7D0 not eax
004D0E7E BE 22384A00 mov esi, 004A3822
004D0E83 337424 28 xor esi, dword ptr [esp+28]
004D0E87 64:EB 02 jmp short 004D0E8C
004D0E8A CD20 8BF081EE vxdjump EE81F08B
004D0E90 ^ 7F E8 jg short 004D0E7A
004D0E92 B1 AD mov cl, 0AD
004D0E94 4E dec esi
004D0E95 B8 B6954900 mov eax, 004995B6
004D0E9A C1D8 B7 rcr eax, 0B7
004D0E9D 8BC6 mov eax, esi
004D0E9F 03D0 add edx, eax
004D0EA1 037C24 38 add edi, dword ptr [esp+38]
004D0EA5 037C24 18 add edi, dword ptr [esp+18]
004D0EA9 5F pop edi
004D0EAA 2E:EB 01 jmp short 004D0EAE
004D0EAD F0:8D4435 55 lock lea eax, dword ptr [ebp+esi+55] ; 不允许锁定前缀
004D0EB2 58 pop eax
004D0EB3 64:EB 02 jmp short 004D0EB8
004D0EB6 CD20 81F60C99 vxdjump 990CF681
004D0EBC 9A A45E2BD1 C1C>call far C2C1:D12B5EA4
004D0EC3 9F lahf
004D0EC4 03DA add ebx, edx
004D0EC6 EB 01 jmp short 004D0EC9
004D0EC8 F3: prefix rep:
004D0EC9 59 pop ecx
004D0ECA 5A pop edx
004D0ECB 8D5B DE lea ebx, dword ptr [ebx-22]
004D0ECE 56 push esi
004D0ECF 50 push eax
004D0ED0 57 push edi
004D0ED1 B8 4673750D mov eax, 0D757346
004D0ED6 87F8 xchg eax, edi
004D0ED8 C1CF 08 ror edi, 8
004D0EDB 57 push edi
004D0EDC 83E8 5B sub eax, 5B
004D0EDF B8 6E764700 mov eax, 0047766E
004D0EE4 58 pop eax
004D0EE5 83E8 F1 sub eax, -0F
004D0EE8 F7D0 not eax
004D0EEA C1C6 39 rol esi, 39
004D0EED C1CE 35 ror esi, 35
004D0EF0 26:EB 02 jmp short 004D0EF5
004D0EF3 CD20 5081EEA6 vxdjump A6EE8150
004D0EF9 ^ 7C 93 jl short 004D0E8E
004D0EFB 40 inc eax
004D0EFC 5E pop esi
004D0EFD 81C6 CF750D46 add esi, 460D75CF
004D0F03 4E dec esi
004D0F04 87C6 xchg esi, eax
004D0F06 2BD8 sub ebx, eax
004D0F08 5F pop edi
004D0F09 58 pop eax
004D0F0A 5E pop esi
004D0F0B 5B pop ebx
004D0F0C ^ E9 C8FCFFFF jmp 004D0BD9
004D0F11 8A92 8C304700 mov dl, byte ptr [edx+47308C]
004D0F17 33DB xor ebx, ebx
004D0F19 8AD9 mov bl, cl
004D0F1B 88141E mov byte ptr [esi+ebx], dl
004D0F1E C1E8 04 shr eax, 4
004D0F21 49 dec ecx
004D0F22 85C0 test eax, eax
004D0F24 E9 95040000 jmp 004D13BE
004D0F29 8D87 7C864A00 lea eax, dword ptr [edi+4A867C]
004D0F2F F2: prefix repne:
004D0F30 EB 01 jmp short 004D0F33
004D0F32 F3: prefix rep:
004D0F33 8D4447 15 lea eax, dword ptr [edi+eax*2+15]
004D0F37 EB 02 jmp short 004D0F3B
004D0F39 CD20 64EB02CD vxdjump CD02EB64
004D0F3F 2003 and byte ptr [ebx], al
004D0F41 C7 ??? ; 未知命令
004D0F42 F2: prefix repne:
004D0F43 EB 01 jmp short 004D0F46
004D0F45 F0:8D442F 53 lock lea eax, dword ptr [edi+ebp+53] ; 不允许锁定前缀
004D0F4A 2BC5 sub eax, ebp
004D0F4C 2E:EB 01 jmp short 004D0F50
004D0F4F - 0F8D 4420ADE8 jge E8FA2F99
004D0F55 A7 cmps dword ptr [esi], dword ptr es:[e>
004D0F56 8DF7 lea esi, edi ; 非法使用寄存器
004D0F58 FFE9 jmp far ecx ; 非法使用寄存器
004D0F5A 1D F5FFFFFF sbb eax, -0B
004D0F5F 30C1 xor cl, al
004D0F61 D017 rcl byte ptr [edi], 1
004D0F63 034424 18 add eax, dword ptr [esp+18]
004D0F67 58 pop eax
004D0F68 ^ E9 68FBFFFF jmp 004D0AD5
004D0F6D B1 1C mov cl, 1C
004D0F6F B8 A6E84200 mov eax, 0042E8A6
004D0F74 65:EB 01 jmp short 004D0F78
004D0F77 F2: prefix repne:
004D0F78 B8 1C2E4100 mov eax, 00412E1C
004D0F7D 8D4435 43 lea eax, dword ptr [ebp+esi+43]
004D0F81 2BC6 sub eax, esi
004D0F83 8D8421 04304700 lea eax, dword ptr [ecx+473004]
004D0F8A 2BC1 sub eax, ecx
004D0F8C 8B00 mov eax, dword ptr [eax]
004D0F8E E9 26030000 jmp 004D12B9
004D0F93 E9 31040000 jmp 004D13C9
004D0F98 8D5C0B CE lea ebx, dword ptr [ebx+ecx-32]
004D0F9C EB 01 jmp short 004D0F9F
004D0F9E C7 ??? ; 未知命令
004D0F9F 8D9B DE034600 lea ebx, dword ptr [ebx+4603DE]
004D0FA5 81E3 E663CF80 and ebx, 80CF63E6
004D0FAB 8D9C0F 0A000000 lea ebx, dword ptr [edi+ecx+A]
004D0FB2 2BD9 sub ebx, ecx
004D0FB4 2BDF sub ebx, edi
004D0FB6 ^ E9 53F0FFFF jmp 004D000E
004D0FBB C605 38504700 0>mov byte ptr [475038], 0
004D0FC2 E8 7D31F3FF call 00404144
004D0FC7 ^ E9 D1F7FFFF jmp 004D079D
004D0FCC FF30 push dword ptr [eax]
004D0FCE B8 164B4500 mov eax, 00454B16
004D0FD3 EB 01 jmp short 004D0FD6
004D0FD5 6983 D82D58E9 7>imul eax, dword ptr [ebx+E9582DD8], ->
004D0FDF 83C8 E1 or eax, FFFFFFE1
004D0FE2 334424 28 xor eax, dword ptr [esp+28]
004D0FE6 23C5 and eax, ebp
004D0FE8 034424 18 add eax, dword ptr [esp+18]
004D0FEC 65:EB 01 jmp short 004D0FF0
004D0FEF 9A 83C09E8D 841>call far 1184:8D9EC083
004D0FF6 34 43 xor al, 43
004D0FF8 47 inc edi
004D0FF9 002B add byte ptr [ebx], ch
004D0FFB C2 2BC1 retn 0C12B
004D0FFE 2E:EB 01 jmp short 004D1002
004D1001 9A FF3420EB 02C>call far CD02:EB2034FF
004D1008 208D 840BCE87 and byte ptr [ebp+87CE0B84], cl
004D100E 48 dec eax
004D100F 002B add byte ptr [ebx], ch
004D1011 C158 E9 E0 rcr dword ptr [eax-17], 0E0
004D1015 F9 stc
004D1016 FFFF ??? ; 未知命令
004D1018 C3 retn
004D1019 ^ E9 E2EFFFFF jmp 004D0000
004D101E FFD3 call ebx
004D1020 ^ E9 D3F2FFFF jmp 004D02F8
004D1025 C1D1 31 rcl ecx, 31
004D1028 B9 5AA34A00 mov ecx, 004AA35A
004D102D 68 E0497862 push 627849E0
004D1032 66:9C pushfw
004D1034 53 push ebx
004D1035 64:EB 02 jmp short 004D103A
004D1038 CD20 81CB965A vxdjump 5A96CB81
004D103E A9 378BDC8D test eax, 8DDC8B37
004D1043 5C pop esp
004D1044 3B06 cmp eax, dword ptr [esi]
004D1046 EB 02 jmp short 004D104A
004D1048 CD20 2BDFEB02 vxdjump 2EBDF2B
004D104E CD20 680B0000 vxdcall B68
004D1054 008F 035B669D add byte ptr [edi+9D665B03], cl
004D105A 034C24 18 add ecx, dword ptr [esp+18]
004D105E 83C9 B7 or ecx, FFFFFFB7
004D1061 59 pop ecx
004D1062 F3:A5 rep movs dword ptr es:[edi], dword p>
004D1064 5F pop edi
004D1065 5E pop esi
004D1066 C9 leave
004D1067 ^ E9 F9EFFFFF jmp 004D0065
004D106C 8B5F 18 mov ebx, dword ptr [edi+18]
004D106F 8B6F 14 mov ebp, dword ptr [edi+14]
004D1072 FF77 1C push dword ptr [edi+1C]
004D1075 FF77 20 push dword ptr [edi+20]
004D1078 2E:EB 01 jmp short 004D107C
004D107B 9A 8D740BB2 2BF>call far F12B:B20B748D
004D1082 8B37 mov esi, dword ptr [edi]
004D1084 ^ E9 9CFFFFFF jmp 004D1025
004D1089 E9 46030000 jmp 004D13D4
004D108E 5A pop edx
004D108F 59 pop ecx
004D1090 59 pop ecx
004D1091 64:8910 mov dword ptr fs:[eax], edx
004D1094 ^ E9 76FBFFFF jmp 004D0C0F
004D1099 334424 08 xor eax, dword ptr [esp+8]
004D109D 334424 28 xor eax, dword ptr [esp+28]
004D10A1 2E:EB 01 jmp short 004D10A5
004D10A4 F0:B8 A86B4500 lock mov eax, 00456BA8 ; 不允许锁定前缀
004D10AA 8D87 7C914700 lea eax, dword ptr [edi+47917C]
004D10B0 EB 02 jmp short 004D10B4
004D10B2 CD20 8D84222A vxdjump 2A22848D
004D10B8 45 inc ebp
004D10B9 45 inc ebp
004D10BA 008D 442B2CEB add byte ptr [ebp+EB2C2B44], cl
004D10C0 02CD add cl, ch
004D10C2 2056 57 and byte ptr [esi+57], dl
004D10C5 52 push edx
004D10C6 EB 01 jmp short 004D10C9
004D10C8 F2: prefix repne:
004D10C9 BA FA8D4100 mov edx, 00418DFA
004D10CE 2E:EB 01 jmp short 004D10D2
004D10D1 F2: prefix repne:
004D10D2 83F2 F0 xor edx, FFFFFFF0
004D10D5 F2: prefix repne:
004D10D6 EB 01 jmp short 004D10D9
004D10D8 - E9 68C2B78E jmp 8F04D345
004D10DD 34 BA xor al, 0BA
004D10DF 86D3 xchg bl, dl
004D10E1 45 inc ebp
004D10E2 0003 add byte ptr [ebx], al
004D10E4 54 push esp
004D10E5 24 38 and al, 38
004D10E7 5A pop edx
004D10E8 83EA 5F sub edx, 5F
004D10EB 42 inc edx
004D10EC 52 push edx
004D10ED 33FD xor edi, ebp
004D10EF 5F pop edi
004D10F0 81C7 414871CB add edi, CB714841
004D10F6 F7DF neg edi
004D10F8 81D6 08E25AA4 adc esi, A45AE208
004D10FE EB 01 jmp short 004D1101
004D1100 C7 ??? ; 未知命令
004D1101 8D741D 7B lea esi, dword ptr [ebp+ebx+7B]
004D1105 2BF3 sub esi, ebx
004D1107 8D77 09 lea esi, dword ptr [edi+9]
004D110A 8D740E AC lea esi, dword ptr [esi+ecx-54]
004D110E 53 push ebx
004D110F 50 push eax
004D1110 57 push edi
004D1111 EB 01 jmp short 004D1114
004D1113 E8 8D041168 call 685E15A5
004D1118 8579 8D test dword ptr [ecx-73], edi
004D111B 2383 E86F0344 and eax, dword ptr [ebx+44036FE8]
004D1121 24 18 and al, 18
004D1123 58 pop eax
004D1124 87F8 xchg eax, edi
004D1126 C1CF CA ror edi, 0CA
004D1129 57 push edi
004D112A B8 96EC4100 mov eax, 0041EC96
004D112F 83E8 27 sub eax, 27
004D1132 58 pop eax
004D1133 83C0 AD add eax, -53
004D1136 F7D0 not eax
004D1138 50 push eax
004D1139 C1C3 A9 rol ebx, 0A9
004D113C 335C24 28 xor ebx, dword ptr [esp+28]
004D1140 5B pop ebx
004D1141 81F3 BF1CB79E xor ebx, 9EB71CBF
004D1147 034424 38 add eax, dword ptr [esp+38]
004D114B 034424 18 add eax, dword ptr [esp+18]
004D114F 53 push ebx
004D1150 EB 02 jmp short 004D1154
004D1152 CD20 81D82B04 vxdjump 42BD881
004D1158 F3: prefix rep:
004D1159 F4 hlt
004D115A 58 pop eax
004D115B 03F0 add esi, eax
004D115D 3E:EB 02 jmp short 004D1162
004D1160 CD20 03FB5FF2 vxdjump F25FFB03
004D1166 EB 01 jmp short 004D1169
004D1168 F0:B8 422D4200 lock mov eax, 00422D42 ; 不允许锁定前缀
004D116E 334424 28 xor eax, dword ptr [esp+28]
004D1172 58 pop eax
004D1173 8D9F 5C1E4700 lea ebx, dword ptr [edi+471E5C]
004D1179 5B pop ebx
004D117A 2BF1 sub esi, ecx
004D117C 83EE 09 sub esi, 9
004D117F 87D6 xchg esi, edx
004D1181 03C2 add eax, edx
004D1183 23D1 and edx, ecx
004D1185 5A pop edx
004D1186 83EF 99 sub edi, -67
004D1189 F2: prefix repne:
004D118A EB 01 jmp short 004D118D
004D118C 6903 7C24185F imul eax, dword ptr [ebx], 5F18247C
004D1192 F3: prefix rep:
004D1193 EB 02 jmp short 004D1197
004D1195 CD20 8D7475A3 vxdcall A375748D
004D119B 5E pop esi
004D119C F2: prefix repne:
004D119D EB 01 jmp short 004D11A0
004D119F 9A 2BC536EB 019>call far 9A01:EB36C52B
004D11A6 EB 02 jmp short 004D11AA
004D11A8 CD20 8D4082FF vxdcall FF82408D
004D11AE 50 push eax
004D11AF F4 hlt
004D11B0 ^ E9 ECF2FFFF jmp 004D04A1
004D11B5 33C0 xor eax, eax
004D11B7 ^ E9 04F4FFFF jmp 004D05C0
004D11BC 0BC5 or eax, ebp
004D11BE 64:EB 02 jmp short 004D11C3
004D11C1 CD20 81E8ACAC vxdjump ACACE881
004D11C7 0B03 or eax, dword ptr [ebx]
004D11C9 F2: prefix repne:
004D11CA EB 01 jmp short 004D11CD
004D11CC - E9 2BC18D44 jmp 44DAD2FC
004D11D1 2F das
004D11D2 2D 2BC58D40 sub eax, 408DC52B
004D11D7 D3E9 shr ecx, cl
004D11D9 2D F1FFFF5F sub eax, 5FFFFFF1
004D11DE 5E pop esi
004D11DF 5B pop ebx
004D11E0 C3 retn
004D11E1 31C0 xor eax, eax
004D11E3 8705 00304700 xchg dword ptr [473000], eax
004D11E9 F7D8 neg eax
004D11EB 19C0 sbb eax, eax
004D11ED 40 inc eax
004D11EE 337C24 28 xor edi, dword ptr [esp+28]
004D11F2 EB 01 jmp short 004D11F5
004D11F4 9A BFBE2245 00E>call far EB00:4522BEBF
004D11FB 019A 337C2428 add dword ptr [edx+28247C33], ebx
004D1201 83EF D9 sub edi, -27
004D1204 8DBE 9022A915 lea edi, dword ptr [esi+15A92290]
004D120A 56 push esi
004D120B 50 push eax
004D120C B8 6A534700 mov eax, 0047536A
004D1211 F2: prefix repne:
004D1212 EB 01 jmp short 004D1215
004D1214 9A C1C8A768 D22>call far 2DD2:68A7C8C1
004D121B 95 xchg eax, ebp
004D121C 7A 66 jpe short 004D1284
004D121E 9C pushfd
004D121F 55 push ebp
004D1220 8DAC11 F0194400 lea ebp, dword ptr [ecx+edx+4419F0]
004D1227 EB 02 jmp short 004D122B
004D1229 CD20 2BEA81F5 vxdjump F581EA2B
004D122F 34 97 xor al, 97
004D1231 14 BD adc al, 0BD
004D1233 8D6C24 0C lea ebp, dword ptr [esp+C]
004D1237 EB 01 jmp short 004D123A
004D1239 - E9 EB02CD20 jmp 211A1529
004D123E 8D6C0D F4 lea ebp, dword ptr [ebp+ecx-C]
004D1242 2BE9 sub ebp, ecx
004D1244 83C5 06 add ebp, 6
004D1247 64:EB 02 jmp short 004D124C
004D124A CD20 6A7A5781 vxdcall 81577A6A
004D1250 F79428 E0EE33FB not dword ptr [eax+ebp+FB33EEE0]
004D1257 8D7C24 33 lea edi, dword ptr [esp+33]
004D125B 83EF 33 sub edi, 33
004D125E EB 01 jmp short 004D1261
004D1260 C783 C704C707 0>mov dword ptr [ebx+7C704C7], E0F0050>
004D126A 5F pop edi
004D126B 8F4425 00 pop dword ptr [ebp]
004D126F 5D pop ebp
004D1270 66:9D popfw
004D1272 83D8 0D sbb eax, 0D
004D1275 EB 01 jmp short 004D1278
004D1277 E8 03442438 call 3871567F
004D127C 58 pop eax
004D127D 83C0 80 add eax, -80
004D1280 40 inc eax
004D1281 83E8 1B sub eax, 1B
004D1284 40 inc eax
004D1285 87F0 xchg eax, esi
004D1287 81EE C7D051F6 sub esi, F651D0C7
004D128D F7DE neg esi
004D128F 87C6 xchg esi, eax
004D1291 2BF8 sub edi, eax
004D1293 EB 02 jmp short 004D1297
004D1295 CD20 26EB02CD vxdjump CD02EB26
004D129B 208D 447A29F2 and byte ptr [ebp+F2297A44], cl
004D12A1 EB 01 jmp short 004D12A4
004D12A3 E8 8D4418D7 call D7655735
004D12A8 2BC3 sub eax, ebx
004D12AA 2BC7 sub eax, edi
004D12AC 58 pop eax
004D12AD 8D7447 5D lea esi, dword ptr [edi+eax*2+5D]
004D12B1 5E pop esi
004D12B2 2BFE sub edi, esi
004D12B4 ^ E9 B3FDFFFF jmp 004D106C
004D12B9 BA 564A4800 mov edx, 00484A56
004D12BE F2: prefix repne:
004D12BF EB 01 jmp short 004D12C2
004D12C1 9A C1C2CD50 64E>call far EB64:50CDC2C1
004D12C8 02CD add cl, ch
004D12CA 2081 EA9E037F and byte ptr [ecx+7F039EEA], al
004D12D0 ED in eax, dx
004D12D1 5A pop edx
004D12D2 83E2 0F and edx, 0F
004D12D5 ^ E9 37FCFFFF jmp 004D0F11
004D12DA 0000 add byte ptr [eax], al
004D12DC 0000 add byte ptr [eax], al
004D12DE 0000 add byte ptr [eax], al
004D12E0 0000 add byte ptr [eax], al
004D12E2 0000 add byte ptr [eax], al
004D12E4 0000 add byte ptr [eax], al
004D12E6 0000 add byte ptr [eax], al
004D12E8 0000 add byte ptr [eax], al
004D12EA 0000 add byte ptr [eax], al
004D12EC 0000 add byte ptr [eax], al
004D12EE 0000 add byte ptr [eax], al
004D12F0 ^ 0F85 94F1FFFF jnz 004D048A
004D12F6 ^ E9 72FCFFFF jmp 004D0F6D
004D12FB 833E 00 cmp dword ptr [esi], 0
004D12FE ^ 0F85 40EEFFFF jnz 004D0144
004D1304 ^ E9 19F0FFFF jmp 004D0322
004D1309 ^ 0F84 C2F2FFFF je 004D05D1
004D130F ^ E9 82F5FFFF jmp 004D0896
004D1314 ^ 0F84 B1F7FFFF je 004D0ACB
004D131A ^ E9 F5F8FFFF jmp 004D0C14
004D131F 8338 00 cmp dword ptr [eax], 0
004D1322 ^ 0F84 D0EFFFFF je 004D02F8
004D1328 ^ E9 F2F8FFFF jmp 004D0C1F
004D132D 833D 00304700 0>cmp dword ptr [473000], 0
004D1334 ^ 0F85 46F5FFFF jnz 004D0880
004D133A ^ E9 44F1FFFF jmp 004D0483
004D133F ^ 0F85 F0F4FFFF jnz 004D0835
004D1345 ^ E9 E8F4FFFF jmp 004D0832
004D134A ^ 0F86 98F8FFFF jbe 004D0BE8
004D1350 ^ E9 28F4FFFF jmp 004D077D
004D1355 833D 00304700 0>cmp dword ptr [473000], 0
004D135C ^ 0F84 69F7FFFF je 004D0ACB
004D1362 ^ E9 81F8FFFF jmp 004D0BE8
004D1367 833B 00 cmp dword ptr [ebx], 0
004D136A ^ 0F85 ECF0FFFF jnz 004D045C
004D1370 ^ E9 23F4FFFF jmp 004D0798
004D1375 833D 28504700 0>cmp dword ptr [475028], 0
004D137C ^ 0F84 5DF7FFFF je 004D0ADF
004D1382 ^ E9 86F6FFFF jmp 004D0A0D
004D1387 ^ 0F84 FCF3FFFF je 004D0789
004D138D ^ E9 06F0FFFF jmp 004D0398
004D1392 ^ 0F84 87EDFFFF je 004D011F
004D1398 ^ E9 D2EDFFFF jmp 004D016F
004D139D ^ 0F84 9BF4FFFF je 004D083E
004D13A3 ^ E9 FAEFFFFF jmp 004D03A2
004D13A8 ^ 0F84 66EFFFFF je 004D0314
004D13AE ^ E9 73F7FFFF jmp 004D0B26
004D13B3 ^ 0F84 12F7FFFF je 004D0ACB
004D13B9 ^ E9 FEFDFFFF jmp 004D11BC
004D13BE ^ 0F85 F5FEFFFF jnz 004D12B9
004D13C4 ^ E9 14FEFFFF jmp 004D11DD
004D13C9 ^ 0F85 ADF1FFFF jnz 004D057C
004D13CF ^ E9 46EFFFFF jmp 004D031A
004D13D4 833E 00 cmp dword ptr [esi], 0
004D13D7 ^ 0F84 45EFFFFF je 004D0322
004D13DD ^ E9 62EDFFFF jmp 004D0144
跳过注册的关键点在哪???要怎么操作,不胜感谢!!!!!!!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
我已经自己脱了.555555找不到关键的..汇编不会..
