[讨论]np猥琐代码片段-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

[讨论]np猥琐代码片段

发表于: 2009-3-18 00:59 7074

[讨论]np猥琐代码片段

option

2009-3-18 00:59

7074

代码如下：实际的入口没意义，真正的入口是tls
SE:00AE3CC7 TlsCallback_0:
SE:00AE3CC7 pushf
SE:00AE3CC8 add    dword ptr [esp], 0D9AF4EDAh
//以上标志寄存器入栈并修改所存的标志值，以备后边检测TF之用
SE:00AE3CCF sub    esp, 4
SE:00AE3CD2 pop    dword ptr [esp-4]
//以后会出现许多以上的代码，对栈指针+4，-4
SE:00AE3CD6 call loc_AE4BC7
//变形JMP
SE:00AE3CD6 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3CDB db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh, 0FBh, 0E6h
SE:00AE3CDB db 64h
SE:00AE3CEA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3CEA
SE:00AE3CEA loc_AE3CEA:                            ; CODE XREF: SE:00AE3E5Ep
SE:00AE3CEA pop    dword ptr [esp-4]
SE:00AE3CEE call loc_AE3D7D
SE:00AE3CEE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3CF3 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE3CF3 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 0Eh, 43h, 0E2h, 0FAh
SE:00AE3CF3 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 0A7h, 8Ch, 0F9h, 90h
SE:00AE3CF3 db 48h, 5Ah, 0EBh, 59h, 0D6h, 0A3h, 60h, 61h, 0C9h, 0D2h, 0CDh, 0E1h, 1Dh
SE:00AE3D2D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3D2D
SE:00AE3D2D loc_AE3D2D:                            ; CODE XREF: SE:loc_AE3D9Cj
SE:00AE3D2D lea    esp, [esp+4]
SE:00AE3D31 call loc_AE3DA5
SE:00AE3D31 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3D36 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE3D36 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 5, 43h, 0E2h, 0FAh
SE:00AE3D36 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 0B9h, 0D0h, 1Fh, 16h
SE:00AE3D36 db 1Fh, 0F0h, 0EDh, 10h, 32h, 72h, 0D3h, 71h, 44h, 0F4h, 0C2h, 85h, 0D4h
SE:00AE3D36 db 66h, 0, 0DBh, 0F9h, 7Ch, 12h, 0BAh, 17h, 0D4h, 1Dh, 0E6h, 0ECh, 5Bh
SE:00AE3D7D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3D7D
SE:00AE3D7D loc_AE3D7D:                            ; CODE XREF: SE:00AE3CEEp
SE:00AE3D7D jmp    loc_AE3EA6
SE:00AE3D7D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3D82 db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh, 7Ch, 25h
SE:00AE3D82 db 0E2h, 39h, 51h, 0E8h, 0FCh, 0A5h, 4Eh, 57h, 32h, 5Dh, 0CCh, 88h
SE:00AE3D9C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3D9C
SE:00AE3D9C loc_AE3D9C:                            ; CODE XREF: SE:00AE4B86p
SE:00AE3D9C jmp    loc_AE3D2D
SE:00AE3D9C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3DA1 db 4, 0FCh, 92h, 0C0h
SE:00AE3DA5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3DA5
SE:00AE3DA5 loc_AE3DA5:                            ; CODE XREF: SE:00AE3D31p
SE:00AE3DA5 jmp    loc_AE3DB1
SE:00AE3DA5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3DAA db 53h, 0D7h, 0B3h, 0B4h, 74h, 7Eh, 0Fh
SE:00AE3DB1 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3DB1
SE:00AE3DB1 loc_AE3DB1:                            ; CODE XREF: SE:loc_AE3DA5j
SE:00AE3DB1 pop    dword ptr [esp-4]
SE:00AE3DB5 call loc_AE3DE6
SE:00AE3DB5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3DBA db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 8Dh, 3 dup(0), 0B9h, 9Eh
SE:00AE3DBA db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0EFh, 8Bh, 0BFh, 4Ch, 20h
SE:00AE3DBA db 52h, 85h, 47h, 5Ah, 92h, 24h, 8Dh, 2, 83h, 0EDh, 0FBh, 0FAh, 15h, 7Dh
SE:00AE3DE6 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3DE6
SE:00AE3DE6 loc_AE3DE6:                            ; CODE XREF: SE:00AE3DB5p
SE:00AE3DE6 pop    dword ptr [esp-4]
SE:00AE3DEA call loc_AE3E1B
SE:00AE3DEA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3DEF db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 4, 3 dup(0), 0B9h, 15h, 3 dup(0)
SE:00AE3DEF db 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 3Eh, 76h, 53h, 40h, 0CCh, 1Fh, 2Bh
SE:00AE3DEF db 22h, 0B3h, 0A5h, 0B3h, 93h, 11h, 2Dh, 0BBh, 0ADh, 10h, 89h, 0AEh
SE:00AE3E1B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3E1B
SE:00AE3E1B loc_AE3E1B:                            ; CODE XREF: SE:00AE3DEAp
SE:00AE3E1B add    esp, 4
SE:00AE3E1E call loc_AE3E5A
SE:00AE3E1E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3E23 db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh, 87h, 97h
SE:00AE3E23 db 7Ch, 0D0h, 92h, 2, 6, 85h, 0BAh, 0DEh, 70h, 0D3h, 0E0h, 64h, 36h, 5Ch
SE:00AE3E23 db 0C6h, 9Eh, 4Ah, 8Eh, 26h, 68h, 11h, 0F3h, 0ACh, 0B1h, 88h, 0D8h, 0A4h
SE:00AE3E23 db 9Fh, 0AAh, 0EEh, 17h, 39h, 72h, 88h, 0CAh, 68h, 7Bh, 0EBh, 50h, 38h
SE:00AE3E23 db 0Eh
SE:00AE3E5A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3E5A
SE:00AE3E5A loc_AE3E5A:                            ; CODE XREF: SE:00AE3E1Ep
SE:00AE3E5A pop    dword ptr [esp-4]
SE:00AE3E5E call loc_AE3CEA
SE:00AE3E5E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3E63 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE3E63 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 19h, 43h, 0E2h, 0FAh
SE:00AE3E63 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 0FCh, 3Bh, 45h, 81h
SE:00AE3E63 db 0A7h, 3Eh, 2Ch, 45h, 5Eh, 4Bh, 0AFh, 0FEh, 0F3h, 2Fh, 0B7h, 0DBh, 77h
SE:00AE3E63 db 4Dh, 71h, 0B1h, 29h, 66h, 0AAh, 0A3h, 5Fh, 9Ah
SE:00AE3EA6 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3EA6
SE:00AE3EA6 loc_AE3EA6:                            ; CODE XREF: SE:loc_AE3D7Dj
SE:00AE3EA6 lea    esp, [esp+4]
SE:00AE3EAA call loc_AE3EBC
SE:00AE3EAA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3EAF db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh, 38h
SE:00AE3EBC ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3EBC
SE:00AE3EBC loc_AE3EBC:                            ; CODE XREF: SE:00AE3EAAp
SE:00AE3EBC pop    dword ptr [esp-4]
SE:00AE3EC0 call loc_AE3EDD
SE:00AE3EC0 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3EC5 db 63h, 8Ah, 1Eh, 0BDh, 0F9h, 93h, 11h, 86h, 84h, 0AFh, 80h, 0D2h, 43h
SE:00AE3EC5 db 0Eh, 89h, 29h, 86h, 39h, 0E0h, 0C4h, 43h, 24h, 6Eh, 0B3h
SE:00AE3EDD ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3EDD
SE:00AE3EDD loc_AE3EDD:                            ; CODE XREF: SE:00AE3EC0p
SE:00AE3EDD lea    esp, [esp+4]
SE:00AE3EE1 call loc_AE3EE9
SE:00AE3EE1 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3EE6 db 71h, 0F0h, 4Ch
SE:00AE3EE9 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3EE9
SE:00AE3EE9 loc_AE3EE9:                            ; CODE XREF: SE:00AE3EE1p
SE:00AE3EE9 sub    esp, -4
SE:00AE3EEC call loc_AE3F04
SE:00AE3EEC ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3EF1 db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 0DBh, 1Dh, 0DDh
SE:00AE3EF1 db 0F5h, 0CFh, 0E8h, 24h, 0F4h
SE:00AE3F04 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3F04
SE:00AE3F04 loc_AE3F04:                            ; CODE XREF: SE:00AE3EECp
SE:00AE3F04 jmp    loc_AE3F49
SE:00AE3F04 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3F09 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 0A9h, 3 dup(0), 0B9h, 0BAh
SE:00AE3F09 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0D5h, 37h, 67h, 8Bh, 10h
SE:00AE3F09 db 41h, 9Eh, 3Eh, 75h, 35h, 0C7h, 51h, 2Fh, 0B4h, 6Ch, 99h, 0ACh, 95h
SE:00AE3F09 db 18h, 8Bh, 63h, 0ACh, 0A5h, 3Ah, 0C2h, 0A2h, 9Ch, 0Ah, 0B9h, 0C8h, 0BDh
SE:00AE3F09 db 0A2h, 40h, 0B5h, 3Ch, 0D9h, 79h, 24h, 0Fh
SE:00AE3F49 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3F49
SE:00AE3F49 loc_AE3F49:                            ; CODE XREF: SE:loc_AE3F04j
SE:00AE3F49 add    esp, 4
SE:00AE3F4C call loc_AE3F67
SE:00AE3F4C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3F51 db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 7, 5Dh, 4Eh
SE:00AE3F51 db 98h, 6Ah, 2Bh, 0F9h, 0Ch, 92h, 0C4h, 0AFh
SE:00AE3F67 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3F67
SE:00AE3F67 loc_AE3F67:                            ; CODE XREF: SE:00AE3F4Cp
SE:00AE3F67 add    esp, 4
SE:00AE3F6A call loc_AE3F9A
SE:00AE3F6A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3F6F db 6Eh, 2Ah, 0B0h, 0DAh, 69h, 0B9h, 0C2h, 49h, 27h, 70h, 39h, 0DCh, 52h
SE:00AE3F6F db 55h, 6Ah, 5Eh, 70h, 0DAh, 20h, 7Eh, 2Dh, 0, 1Dh, 0C0h, 13h, 0D0h, 67h
SE:00AE3F6F db 0Bh, 54h, 0E7h, 60h, 49h, 0EBh, 9Eh, 0F0h, 8Ch, 0E6h, 0B8h, 0A9h, 0D1h
SE:00AE3F6F db 7, 0AEh, 2Bh
SE:00AE3F9A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3F9A
SE:00AE3F9A loc_AE3F9A:                            ; CODE XREF: SE:00AE3F6Ap
SE:00AE3F9A jmp    loc_AE3FA1
SE:00AE3F9A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3F9F db 0DCh, 16h
SE:00AE3FA1 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3FA1
SE:00AE3FA1 loc_AE3FA1:                            ; CODE XREF: SE:loc_AE3F9Aj
SE:00AE3FA1 jmp    loc_AE3FDA
SE:00AE3FA1 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3FA6 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 98h, 3 dup(0), 0B9h, 0A9h
SE:00AE3FA6 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 77h, 3Eh, 68h, 0DDh, 6Ch
SE:00AE3FA6 db 42h, 0ADh, 44h, 61h, 3Dh, 57h, 0B5h, 5Eh, 0DBh, 0CFh, 22h, 0D8h, 99h
SE:00AE3FA6 db 0DDh, 49h, 99h, 0DDh, 30h, 4, 5Dh, 9, 3Eh
SE:00AE3FDA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3FDA
SE:00AE3FDA loc_AE3FDA:                            ; CODE XREF: SE:loc_AE3FA1j
SE:00AE3FDA jmp    loc_AE4002
SE:00AE3FDA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3FDF db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 15h, 3 dup(0), 0B9h, 26h
SE:00AE3FDF db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0BEh, 18h, 0FCh, 1, 0A6h
SE:00AE3FDF db 45h, 0A8h, 5Eh, 7Eh, 5Fh
SE:00AE4002 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4002
SE:00AE4002 loc_AE4002:                            ; CODE XREF: SE:loc_AE3FDAj
SE:00AE4002 add    esp, 4
SE:00AE4005 call loc_AE403B
SE:00AE4005 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE400A db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE400A db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 6Bh, 43h, 0E2h, 0FAh
SE:00AE400A db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 0E6h, 71h, 0B0h, 0Ah
SE:00AE400A db 0A3h, 0B3h, 91h, 5Ah
SE:00AE403B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE403B
SE:00AE403B loc_AE403B:                            ; CODE XREF: SE:00AE4005p
SE:00AE403B jmp    loc_AE4063
SE:00AE403B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4040 db 58h, 0ECh, 0C5h, 54h, 43h, 12h, 6Ah, 0BDh, 6Fh, 25h, 7Dh, 0F7h, 1Ch
SE:00AE4040 db 0C1h, 5Dh, 7Bh, 0D8h, 0AFh, 9Ch, 0CCh, 70h, 6Fh, 4Ah, 95h, 0ADh, 0D3h
SE:00AE4040 db 0DEh, 93h, 68h, 4Fh, 75h, 79h, 52h, 0CEh, 0AFh
SE:00AE4063 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4063
SE:00AE4063 loc_AE4063:                            ; CODE XREF: SE:loc_AE403Bj
SE:00AE4063 pop    dword ptr [esp-4]
SE:00AE4067 call loc_AE4083
SE:00AE4067 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE406C db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 0F4h, 36h, 5Ah
SE:00AE406C db 77h, 98h, 66h, 9Fh, 0DEh, 0EAh, 61h, 78h, 0C0h
SE:00AE4083 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4083
SE:00AE4083 loc_AE4083:                            ; CODE XREF: SE:00AE4067p
SE:00AE4083 lea    esp, [esp+4]
SE:00AE4087 call loc_AE4091
SE:00AE4087 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE408C db 0B4h, 0D0h, 0DAh, 0A9h, 31h
SE:00AE4091 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4091
SE:00AE4091 loc_AE4091:                            ; CODE XREF: SE:00AE4087p
SE:00AE4091 jmp    loc_AE40B2
SE:00AE4091 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4096 db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh, 0D7h, 0E5h
SE:00AE4096 db 35h, 0D3h, 5Ch, 0FCh, 3Eh, 6Bh, 5Eh, 0F0h, 40h, 97h, 10h, 0D5h, 0C9h
SE:00AE4096 db 0ABh
SE:00AE40B2 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE40B2
SE:00AE40B2 loc_AE40B2:                            ; CODE XREF: SE:loc_AE4091j
SE:00AE40B2 sub    esp, -4
SE:00AE40B5 call loc_AE40E4
SE:00AE40B5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE40BA db 34h, 62h, 6Ah, 9Dh, 0AAh, 0E4h, 0BDh, 13h, 24h, 0Bh, 9Bh, 35h, 6Dh
SE:00AE40BA db 0D7h, 0DFh, 99h, 7Ch, 50h, 93h, 60h, 0BEh, 4Bh, 0E5h, 10h, 0CEh, 0E4h
SE:00AE40BA db 8Bh, 68h, 9Ch, 4Fh, 96h, 74h, 1Ah, 18h, 84h, 3Eh, 0B4h, 0FFh, 93h, 0A8h
SE:00AE40BA db 0DAh, 44h
SE:00AE40E4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE40E4
SE:00AE40E4 loc_AE40E4:                            ; CODE XREF: SE:00AE40B5p
SE:00AE40E4 pop    dword ptr [esp-4]
SE:00AE40E8 call loc_AE40F4
SE:00AE40E8 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE40ED db 0A4h, 96h, 2Ch, 0Ah, 9Dh, 93h, 0BDh
SE:00AE40F4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE40F4
SE:00AE40F4 loc_AE40F4:                            ; CODE XREF: SE:00AE40E8p
SE:00AE40F4 add    esp, 4
SE:00AE40F7 call loc_AE4131
SE:00AE40F7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE40FC db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE40FC db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 2Ch, 43h, 0E2h, 0FAh
SE:00AE40FC db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 0BAh, 6Bh, 77h, 87h
SE:00AE40FC db 6Bh, 0F6h, 0DBh, 50h, 0C1h, 0BFh, 5Fh, 0C4h
SE:00AE4131 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4131
SE:00AE4131 loc_AE4131:                            ; CODE XREF: SE:00AE40F7p
SE:00AE4131 add    esp, 4
SE:00AE4134 call loc_AE4144
SE:00AE4134 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4139 db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4
SE:00AE4144 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4144
SE:00AE4144 loc_AE4144:                            ; CODE XREF: SE:00AE4134p
SE:00AE4144 jmp    loc_AE4152
SE:00AE4144 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4149 db 7Bh, 0A9h, 83h, 4Bh, 27h, 9Bh, 0DDh, 0EDh, 42h
SE:00AE4152 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4152
SE:00AE4152 loc_AE4152:                            ; CODE XREF: SE:loc_AE4144j
SE:00AE4152 pop    dword ptr [esp-4]
SE:00AE4156 call loc_AE41A0
SE:00AE4156 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE415B db 0E3h, 62h, 85h, 78h, 4Dh, 0Bh, 0A1h, 0ABh, 19h, 0B8h, 0BEh, 6Dh, 53h
SE:00AE415B db 0F8h, 17h, 0CCh, 50h, 7Fh, 0EBh, 0E0h, 0E9h, 8Ch, 7Ch, 2Eh, 0C8h, 0D4h
SE:00AE415B db 35h, 33h, 69h, 96h, 86h, 75h, 0B8h, 35h, 5Ch, 0A6h, 0C1h, 86h, 1Fh
SE:00AE415B db 0A9h, 88h, 0EAh, 4Eh, 0A9h, 96h, 0D6h, 42h, 13h, 97h, 0F9h, 33h, 44h
SE:00AE415B db 21h, 0FEh, 1Eh, 3, 75h, 8Fh, 4, 0Ch, 69h, 0DDh, 39h, 50h, 6, 0DDh, 51h
SE:00AE415B db 17h, 4Fh
SE:00AE41A0 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE41A0
SE:00AE41A0 loc_AE41A0:                            ; CODE XREF: SE:00AE4156p
SE:00AE41A0 jmp    loc_AE41AC
SE:00AE41A0 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE41A5 db 0C8h, 10h, 99h, 0B9h, 5Eh, 79h, 7Ah
SE:00AE41AC ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE41AC
SE:00AE41AC loc_AE41AC:                            ; CODE XREF: SE:loc_AE41A0j
SE:00AE41AC jmp    loc_AE41C8
SE:00AE41AC ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE41B1 db 17h, 59h, 0D9h, 14h, 16h, 0BEh, 95h, 2, 0Fh, 0B3h, 3Fh, 0C0h, 0E1h
SE:00AE41B1 db 42h, 0F2h, 0B0h, 36h, 5Ah, 0EBh, 71h, 0A4h, 0C9h, 27h
SE:00AE41C8 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE41C8
SE:00AE41C8 loc_AE41C8:                            ; CODE XREF: SE:loc_AE41ACj
SE:00AE41C8 add    esp, 4
SE:00AE41CB call loc_AE41DE
SE:00AE41CB ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE41D0 db 0C1h, 6, 76h, 0BCh, 1, 6, 8Eh, 0CAh, 2Dh, 0EFh, 0FBh, 62h, 0D9h, 0CFh
SE:00AE41DE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE41DE
SE:00AE41DE loc_AE41DE:                            ; CODE XREF: SE:00AE41CBp
SE:00AE41DE lea    esp, [esp+4]
SE:00AE41E2 call loc_AE41F4
SE:00AE41E2 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE41E7 db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 0EAh, 0DBh
SE:00AE41F4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE41F4
SE:00AE41F4 loc_AE41F4:                            ; CODE XREF: SE:00AE41E2p
SE:00AE41F4 add    esp, 4
SE:00AE41F7 call loc_AE4207
SE:00AE41F7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE41FC db 0BBh, 4Fh, 0C4h, 93h, 0B5h, 0CCh, 0C0h, 29h, 95h, 40h, 39h
SE:00AE4207 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4207
SE:00AE4207 loc_AE4207:                            ; CODE XREF: SE:00AE41F7p
SE:00AE4207 pop    dword ptr [esp-4]
SE:00AE420B call loc_AE4216
SE:00AE420B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4210 db 98h, 25h, 0D5h, 1, 79h, 0Dh
SE:00AE4216 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4216
SE:00AE4216 loc_AE4216:                            ; CODE XREF: SE:00AE420Bp
SE:00AE4216 pop    dword ptr [esp-4]
SE:00AE421A call loc_AE422C
SE:00AE421A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE421F db 9Ah, 35h, 93h, 56h, 0ACh, 0CFh, 21h, 0AAh, 99h, 2Fh, 0FAh, 0B9h, 0F5h
SE:00AE422C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE422C
SE:00AE422C loc_AE422C:                            ; CODE XREF: SE:00AE421Ap
SE:00AE422C pop    dword ptr [esp-4]
SE:00AE4230 call loc_AE4258
SE:00AE4230 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4235 db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 0C8h, 9Bh, 0D5h
SE:00AE4235 db 67h, 0D0h, 0F9h, 99h, 1Eh, 0E2h, 30h, 62h, 0FFh, 0E2h, 58h, 0F8h, 25h
SE:00AE4235 db 0E1h, 31h, 0FCh, 37h, 0A8h, 99h, 59h, 44h
SE:00AE4258 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4258
SE:00AE4258 loc_AE4258:                            ; CODE XREF: SE:00AE4230p
SE:00AE4258 pop    dword ptr [esp-4]
SE:00AE425C call loc_AE4276
SE:00AE425C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4261 db 0A2h, 48h, 4, 99h, 35h, 8Ch, 3Ch, 9Ah, 60h, 64h, 5Dh, 0AAh, 0D1h, 0E2h
SE:00AE4261 db 99h, 89h, 0EAh, 70h, 30h, 0E4h, 0FFh
SE:00AE4276 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4276
SE:00AE4276 loc_AE4276:                            ; CODE XREF: SE:00AE425Cp
SE:00AE4276 add    esp, 4
SE:00AE4279 call loc_AE429F
SE:00AE4279 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE427E db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 0C1h, 3 dup(0), 0B9h, 0D2h
SE:00AE427E db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 41h, 92h, 0E9h, 0CDh, 3Fh
SE:00AE427E db 79h, 45h, 80h
SE:00AE429F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE429F
SE:00AE429F loc_AE429F:                            ; CODE XREF: SE:00AE4279p
SE:00AE429F jmp    loc_AE42B3
SE:00AE429F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE42A4 db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh, 0E7h, 0FEh
SE:00AE42A4 db 0FBh
SE:00AE42B3 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE42B3
SE:00AE42B3 loc_AE42B3:                            ; CODE XREF: SE:loc_AE429Fj
SE:00AE42B3 pop    dword ptr [esp-4]
SE:00AE42B7 call loc_AE42EA
SE:00AE42B7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE42BC db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE42BC db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 0EBh, 43h, 0E2h, 0FAh
SE:00AE42BC db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 66h, 24h, 0B4h, 4Ah
SE:00AE42BC db 10h
SE:00AE42EA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE42EA
SE:00AE42EA loc_AE42EA:                            ; CODE XREF: SE:00AE42B7p
SE:00AE42EA sub    esp, -4
SE:00AE42ED call loc_AE430D
SE:00AE42ED ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE42F2 db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 0C6h, 0A0h, 0BFh
SE:00AE42F2 db 51h, 1Bh, 0B3h, 79h, 2Dh, 0C0h, 0CDh, 67h, 0D8h, 0CFh, 3Ch, 0CCh, 8Dh
SE:00AE430D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE430D
SE:00AE430D loc_AE430D:                            ; CODE XREF: SE:00AE42EDp
SE:00AE430D lea    esp, [esp+4]
SE:00AE4311 call loc_AE4361
SE:00AE4311 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4316 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 2Dh, 3 dup(0), 0B9h, 3Eh
SE:00AE4316 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0F3h, 96h, 9Ch, 50h, 0B5h
SE:00AE4316 db 0D0h, 97h, 8Dh, 28h, 50h, 29h, 26h, 6Ah, 0A3h, 0D4h, 88h, 28h, 98h
SE:00AE4316 db 0C0h, 48h, 40h, 0C0h, 8Ch, 5Ch, 0E0h, 4Ch, 0CCh, 18h, 60h, 0CCh, 0FCh
SE:00AE4316 db 78h, 0DCh, 0FCh, 0A8h, 54h, 80h, 5Ch, 0A4h, 5Ch, 9Ch, 0E4h, 0Ch, 0D4h
SE:00AE4316 db 84h, 30h, 0F4h, 4Ch, 7Ch, 0F0h
SE:00AE4361 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4361
SE:00AE4361 loc_AE4361:                            ; CODE XREF: SE:00AE4311p
SE:00AE4361 add    esp, 4
SE:00AE4364 call loc_AE439D
SE:00AE4364 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4369 db 0BCh, 24h, 0ACh, 0D0h, 0DCh, 0D4h, 0, 80h, 0BCh, 64h, 0A4h, 10h, 0CCh
SE:00AE4369 db 0F4h, 3Ch, 20h, 58h, 0D8h, 0B4h, 90h, 0ECh, 48h, 0B8h, 1Ch, 3Ch, 7Ch
SE:00AE4369 db 38h, 64h, 0, 84h, 14h, 6Ch, 0ECh, 0A8h, 0BCh, 10h, 7Ch, 90h, 48h, 34h
SE:00AE4369 db 74h, 10h, 68h, 88h, 84h, 0, 0C0h, 0B8h, 0FCh, 0ECh, 0, 9Ch
SE:00AE439D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE439D
SE:00AE439D loc_AE439D:                            ; CODE XREF: SE:00AE4364p
SE:00AE439D jmp    loc_AE43C6
SE:00AE439D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE43A2 db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh, 0F8h, 0C8h
SE:00AE43A2 db 0B4h, 1Ch, 0BCh, 28h, 0FCh, 50h, 0B8h, 50h, 80h, 64h, 24h, 9Ch, 0C4h
SE:00AE43A2 db 4, 0A0h, 14h, 48h, 64h, 0BCh, 0C8h, 0C4h, 44h
SE:00AE43C6 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE43C6
SE:00AE43C6 loc_AE43C6:                            ; CODE XREF: SE:loc_AE439Dj
SE:00AE43C6 jmp    loc_AE43EB
SE:00AE43C6 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE43CB db 0A8h, 74h, 9Ch, 7Ch, 0D0h, 54h, 0B0h, 30h, 34h, 2 dup(20h), 14h, 30h
SE:00AE43CB db 0F0h, 48h, 0FCh, 0E0h, 74h, 88h, 0B0h, 0B8h, 88h, 34h, 38h, 7Ch, 28h
SE:00AE43CB db 0ACh, 0C8h, 50h, 0B4h, 24h, 18h
SE:00AE43EB ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE43EB
SE:00AE43EB loc_AE43EB:                            ; CODE XREF: SE:loc_AE43C6j
SE:00AE43EB lea    esp, [esp+4]
SE:00AE43EF call loc_AE441C
SE:00AE43EF ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE43F4 db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh, 18h, 0F8h
SE:00AE43F4 db 68h, 78h, 0D4h, 0A0h, 2 dup(4), 0C0h, 54h, 0F8h, 54h, 58h, 0A4h, 20h
SE:00AE43F4 db 60h, 0C4h, 0E4h, 4Ch, 18h, 10h, 38h, 0A8h, 90h, 54h, 40h, 0A8h, 0DCh
SE:00AE441C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE441C
SE:00AE441C loc_AE441C:                            ; CODE XREF: SE:00AE43EFp
SE:00AE441C pop    dword ptr [esp-4]
SE:00AE4420 call loc_AE4471
SE:00AE4420 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4425 db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh, 8, 4, 90h
SE:00AE4425 db 34h, 44h, 0D8h, 7Ch, 88h, 78h, 5Ch, 2 dup(0D4h), 48h, 8Ch, 0D0h, 3Ch
SE:00AE4425 db 0B8h, 88h, 64h, 0C0h, 0D8h, 8, 50h, 9Ch, 2 dup(0F8h), 0ACh, 20h, 0E8h
SE:00AE4425 db 8Ch, 14h, 0F4h, 98h, 64h, 5Ch, 0Ch, 0C4h, 5Ch, 0BCh, 0A8h, 28h, 1Ch
SE:00AE4425 db 0ACh, 8Ch, 54h, 0C0h, 54h, 0E4h, 90h, 0B8h, 0D4h, 98h, 44h, 48h, 0DCh
SE:00AE4425 db 58h, 2Ch, 0D4h, 44h, 18h, 0DCh, 88h, 0C0h, 38h
SE:00AE4471 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4471
SE:00AE4471 loc_AE4471:                            ; CODE XREF: SE:00AE4420p
SE:00AE4471 pop    dword ptr [esp-4]
SE:00AE4475 call loc_AE44A6
SE:00AE4475 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE447A db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 0CCh, 0ECh, 0D8h
SE:00AE447A db 2Ch, 50h, 9Ch, 0A8h, 1Ch, 60h, 88h, 4Ch, 3Ch, 0B4h, 20h, 0F0h, 0C8h
SE:00AE447A db 0A8h, 7Ch, 0BCh, 9Ch, 18h, 84h, 74h, 0DCh, 0D0h, 28h, 74h, 18h, 0D4h
SE:00AE447A db 60h, 94h, 88h, 8Ch
SE:00AE44A6 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE44A6
SE:00AE44A6 loc_AE44A6:                            ; CODE XREF: SE:00AE4475p
SE:00AE44A6 add    esp, 4
SE:00AE44A9 call loc_AE44EE
SE:00AE44A9 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE44AE db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 43h, 3 dup(0), 0B9h, 54h
SE:00AE44AE db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 24h, 0, 40h, 0B0h, 38h, 8
SE:00AE44AE db 0E4h, 90h, 0BCh, 0E8h, 0, 68h, 0F4h, 44h, 8, 0C4h, 0B8h, 0E8h, 2 dup(0B8h)
SE:00AE44AE db 14h, 98h, 40h, 9Ch, 0A4h, 5Ch, 48h, 1Ch, 0D4h, 0, 54h, 60h, 14h, 0CCh
SE:00AE44AE db 0D4h, 94h, 5Ch, 54h, 0D8h
SE:00AE44EE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE44EE
SE:00AE44EE loc_AE44EE:                            ; CODE XREF: SE:00AE44A9p
SE:00AE44EE jmp    loc_AE452B
SE:00AE44EE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE44F3 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE44F3 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 7Ch, 43h, 0E2h, 0FAh
SE:00AE44F3 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 58h, 6Eh, 79h, 97h
SE:00AE44F3 db 0DCh, 4, 0CCh, 0A4h, 0F4h, 0Ch, 0C4h, 48h, 0B4h, 5Ch, 74h
SE:00AE452B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE452B
SE:00AE452B loc_AE452B:                            ; CODE XREF: SE:loc_AE44EEj
SE:00AE452B pop    dword ptr [esp-4]
SE:00AE452F call loc_AE4538
SE:00AE452F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4534 db 74h, 68h, 80h, 74h
SE:00AE4538 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4538
SE:00AE4538 loc_AE4538:                            ; CODE XREF: SE:00AE452Fp
SE:00AE4538 lea    esp, [esp+4]
SE:00AE453C call loc_AE4585
SE:00AE453C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4541 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 0E3h, 3 dup(0), 0B9h, 0F4h
SE:00AE4541 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0D0h, 34h, 0B0h, 0FCh, 84h
SE:00AE4541 db 2Ch, 64h, 0, 18h, 8, 3Ch, 68h, 0A4h, 0C8h, 0C4h, 94h, 0F0h, 74h, 1Ch
SE:00AE4541 db 0C8h, 18h, 0, 44h, 4Ch, 20h, 0B4h, 30h, 0C0h, 38h, 7Ch, 0D0h, 64h, 0F4h
SE:00AE4541 db 0A0h, 84h, 0CCh, 74h, 0ECh, 30h, 0C8h, 0ECh, 40h, 44h
SE:00AE4585 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4585
SE:00AE4585 loc_AE4585:                            ; CODE XREF: SE:00AE453Cp
SE:00AE4585 jmp    loc_AE458E
SE:00AE4585 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE458A db 34h, 4Ch, 6Ch, 58h
SE:00AE458E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE458E
SE:00AE458E loc_AE458E:                            ; CODE XREF: SE:loc_AE4585j
SE:00AE458E add    esp, 4
SE:00AE4591 call $+5
SE:00AE4596 lea    esp, [esp+4]
SE:00AE459A call loc_AE45CB
SE:00AE459A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE459F db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh, 78h, 3Ch
SE:00AE459F db 0ACh, 0D4h, 0C8h, 2Ch, 0A8h, 0A4h, 84h, 3Ch, 0FCh, 0CCh, 94h, 0FCh
SE:00AE459F db 0E0h, 70h, 9Ch, 0E0h, 4Ch, 5Ch, 8Ch, 0CCh, 0DCh, 60h, 48h, 0B8h, 74h
SE:00AE459F db 0ACh, 1Ch, 58h, 0D4h, 0A4h
SE:00AE45CB ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE45CB
SE:00AE45CB loc_AE45CB:                            ; CODE XREF: SE:00AE459Ap
SE:00AE45CB sub    esp, -4
SE:00AE45CE call loc_AE45FF
SE:00AE45CE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE45D3 db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 84h, 0ECh, 5Ch
SE:00AE45D3 db 0C0h, 0B8h, 7Ch, 0BCh, 4, 70h, 0F0h, 48h, 0D0h, 0F0h, 0ECh, 0D4h, 34h
SE:00AE45D3 db 0Ch, 98h, 64h, 18h, 0F4h, 90h, 94h, 84h, 0E4h, 90h, 0D4h, 0E8h, 4Ch
SE:00AE45D3 db 0ECh, 70h, 0B4h, 74h
SE:00AE45FF ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE45FF
SE:00AE45FF loc_AE45FF:                            ; CODE XREF: SE:00AE45CEp
SE:00AE45FF jmp    loc_AE4630
SE:00AE45FF ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4604 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 93h, 3 dup(0), 0B9h, 0A4h
SE:00AE4604 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 8, 0A0h, 0D8h, 0C0h, 70h
SE:00AE4604 db 0FCh, 4Ch, 0E8h, 0D8h, 0D4h, 0, 18h, 14h, 0, 70h, 0ECh, 0CCh, 20h, 10h
SE:00AE4630 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4630
SE:00AE4630 loc_AE4630:                            ; CODE XREF: SE:loc_AE45FFj
SE:00AE4630 jmp    loc_AE4641
SE:00AE4630 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4635 db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh
SE:00AE4641 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4641
SE:00AE4641 loc_AE4641:                            ; CODE XREF: SE:loc_AE4630j
SE:00AE4641 lea    esp, [esp+4]
SE:00AE4645 call loc_AE464E
SE:00AE4645 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE464A db 4, 6Ch, 88h, 0Ch
SE:00AE464E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE464E
SE:00AE464E loc_AE464E:                            ; CODE XREF: SE:00AE4645p
SE:00AE464E lea    esp, [esp+4]
SE:00AE4652 call loc_AE46A3
SE:00AE4652 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4657 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE4657 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 30h, 43h, 0E2h, 0FAh
SE:00AE4657 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 0C0h, 0CAh, 0C9h, 25h
SE:00AE4657 db 8Ch, 20h, 18h, 54h, 0E0h, 50h, 48h, 78h, 4Ch, 0A0h, 0B8h, 74h, 0C4h
SE:00AE4657 db 44h, 8Ch, 74h, 5Ch, 70h, 2 dup(0E8h), 0C8h, 0A0h, 0F0h, 30h, 20h, 0C4h
SE:00AE4657 db 6Ch, 3Ch, 98h, 44h, 18h
SE:00AE46A3 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE46A3
SE:00AE46A3 loc_AE46A3:                            ; CODE XREF: SE:00AE4652p
SE:00AE46A3 sub    esp, -4
SE:00AE46A6 call loc_AE46D3
SE:00AE46A6 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE46AB db 4, 0A8h, 0E0h, 0E4h, 0A8h, 2Ch, 8Ch, 0CCh, 0A4h, 28h, 24h, 44h, 0C0h
SE:00AE46AB db 0D0h, 54h, 9Ch, 44h, 0F0h, 0ACh, 34h, 58h, 0A8h, 0C4h, 0F8h, 48h, 90h
SE:00AE46AB db 34h, 80h, 0Ch, 9Ch, 90h, 0ECh, 0DCh, 5Ch, 0E8h, 38h, 0D4h, 58h, 0B4h
SE:00AE46AB db 0Ch
SE:00AE46D3 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE46D3
SE:00AE46D3 loc_AE46D3:                            ; CODE XREF: SE:00AE46A6p
SE:00AE46D3 sub    esp, -4
SE:00AE46D6 call loc_AE4713
SE:00AE46D6 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE46DB db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 58h, 9Ch, 0F8h
SE:00AE46DB db 90h, 48h, 24h, 30h, 0E4h, 14h, 90h, 1Ch, 68h, 7Ch, 0E8h, 3Ch, 0FCh
SE:00AE46DB db 34h, 8Ch, 0C4h, 74h, 58h, 7Ch, 9Ch, 0B0h, 30h, 0Ch, 38h, 64h, 38h, 0CCh
SE:00AE46DB db 64h, 8, 0C8h, 80h, 6Ch, 18h, 7Ch, 8, 0C0h, 64h, 0C0h, 30h, 1Ch, 0A0h
SE:00AE46DB db 60h
SE:00AE4713 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4713
SE:00AE4713 loc_AE4713:                            ; CODE XREF: SE:00AE46D6p
SE:00AE4713 add    esp, 4
SE:00AE4716 call loc_AE472B
SE:00AE4716 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE471B db 68h, 24h, 60h, 0A8h, 38h, 0ACh, 74h, 0ACh, 0D8h, 0ACh, 84h, 18h, 0DCh
SE:00AE471B db 0BCh, 6Ch, 40h
SE:00AE472B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE472B
SE:00AE472B loc_AE472B:                            ; CODE XREF: SE:00AE4716p
SE:00AE472B pop    dword ptr [esp-4]
SE:00AE472F call loc_AE4760
SE:00AE472F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4734 db 0F0h, 40h, 0F4h, 54h, 94h, 88h, 3Ch, 0B0h, 50h, 0A0h, 7Ch, 0ECh, 0B4h
SE:00AE4734 db 54h, 0A4h, 58h, 90h, 0A4h, 8, 58h, 0A0h, 1Ch, 30h, 0ECh, 7Ch, 4, 70h
SE:00AE4734 db 0B0h, 0CCh, 90h, 80h, 3Ch, 60h, 10h, 58h, 0FCh, 8Ch, 0F8h, 0A0h, 0E0h
SE:00AE4734 db 0D4h, 0CCh, 64h, 34h
SE:00AE4760 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4760
SE:00AE4760 loc_AE4760:                            ; CODE XREF: SE:00AE472Fp
SE:00AE4760 jmp    $+5
SE:00AE4765 add    esp, 4
SE:00AE4768 call loc_AE479D
SE:00AE4768 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE476D db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE476D db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 4Ch, 43h, 0E2h, 0FAh
SE:00AE476D db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 28h, 15h, 0B7h, 3Ah
SE:00AE476D db 40h, 18h, 48h
SE:00AE479D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE479D
SE:00AE479D loc_AE479D:                            ; CODE XREF: SE:00AE4768p
SE:00AE479D pop    dword ptr [esp-4]
SE:00AE47A1 call loc_AE47AE
SE:00AE47A1 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE47A6 db 88h, 0D4h, 0CCh, 90h, 64h, 34h, 3Ch, 4Ch
SE:00AE47AE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE47AE
SE:00AE47AE loc_AE47AE:                            ; CODE XREF: SE:00AE47A1p
SE:00AE47AE jmp    loc_AE47B7
SE:00AE47AE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE47B3 db 40h, 20h, 74h, 98h
SE:00AE47B7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE47B7
SE:00AE47B7 loc_AE47B7:                            ; CODE XREF: SE:loc_AE47AEj
SE:00AE47B7 pop    dword ptr [esp-4]
SE:00AE47BB call loc_AE47F4
SE:00AE47BB ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE47C0 db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 0BCh, 74h, 34h
SE:00AE47C0 db 0E8h, 14h, 3Ch, 0B0h, 0D0h, 64h, 34h, 0B0h, 90h, 0E4h, 0D4h, 14h, 20h
SE:00AE47C0 db 50h, 0DCh, 0FCh, 4Ch, 8Ch, 10h, 64h, 8, 7Ch, 0C8h, 2Ch, 0B8h, 4, 0FCh
SE:00AE47C0 db 98h, 0Ch, 40h, 0F0h, 0C4h, 70h, 84h, 0FCh, 0D4h, 0A4h, 50h
SE:00AE47F4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE47F4
SE:00AE47F4 loc_AE47F4:                            ; CODE XREF: SE:00AE47BBp
SE:00AE47F4 sub    esp, -4
SE:00AE47F7 call loc_AE4814
SE:00AE47F7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE47FC db 78h, 14h, 0D8h, 0DCh, 0A8h, 24h, 0A0h, 0ECh, 4Ch, 0F0h, 8Ch, 10h, 0B0h
SE:00AE47FC db 48h, 58h, 0B8h, 50h, 5Ch, 18h, 0D4h, 38h, 0C8h, 0D4h, 50h
SE:00AE4814 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4814
SE:00AE4814 loc_AE4814:                            ; CODE XREF: SE:00AE47F7p
SE:00AE4814 jmp    loc_AE4831
SE:00AE4814 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4819 db 30h, 0DCh, 2Ch, 0A8h, 4Ch, 0E0h, 0A0h, 7Ch, 18h, 1Ch, 5Ch, 0F8h, 0
SE:00AE4819 db 0BCh, 8, 50h, 0E4h, 4Ch, 98h, 0FCh, 88h, 24h, 14h, 10h
SE:00AE4831 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4831
SE:00AE4831 loc_AE4831:                            ; CODE XREF: SE:loc_AE4814j
SE:00AE4831 jmp    loc_AE485E
SE:00AE4831 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4836 db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 1Ch, 0D0h, 0C4h
SE:00AE4836 db 48h, 70h, 38h, 7Ch, 6Ch, 8Ch, 0C4h, 0, 4Ch, 14h, 3Ch, 0D4h, 0F4h, 1Ch
SE:00AE4836 db 0B8h, 4, 94h, 84h, 0D0h, 0D8h, 0A8h, 98h, 7Ch, 44h, 80h, 0BCh
SE:00AE485E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE485E
SE:00AE485E loc_AE485E:                            ; CODE XREF: SE:loc_AE4831j
SE:00AE485E jmp    loc_AE48AF
SE:00AE485E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4863 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 2Fh, 3 dup(0), 0B9h, 40h
SE:00AE4863 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 28h, 0B0h, 2 dup(0E8h), 0B8h
SE:00AE4863 db 0ACh, 0A0h, 0D8h, 0F0h, 64h, 0D0h, 0B8h, 0, 4Ch, 64h, 18h, 0F8h, 0F4h
SE:00AE4863 db 0, 0F4h, 38h, 24h, 34h, 0E4h, 4Ch, 3Ch, 0Ch, 24h, 84h, 0C8h, 0A4h, 14h
SE:00AE4863 db 3Ch, 2 dup(0E0h), 0ACh, 0E0h, 28h, 50h, 18h, 0C8h, 9Ch, 98h, 0CCh, 0D0h
SE:00AE4863 db 90h, 0C0h, 3Ch, 78h, 60h, 58h
SE:00AE48AF ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE48AF
SE:00AE48AF loc_AE48AF:                            ; CODE XREF: SE:loc_AE485Ej
SE:00AE48AF add    esp, 4
SE:00AE48B2 call loc_AE48BB
SE:00AE48B2 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE48B7 db 30h, 0E8h, 0C4h, 0D0h
SE:00AE48BB ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE48BB
SE:00AE48BB loc_AE48BB:                            ; CODE XREF: SE:00AE48B2p
SE:00AE48BB add    esp, 4
SE:00AE48BE call loc_AE48FB
SE:00AE48BE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE48C3 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 3Fh, 3 dup(0), 0B9h, 50h
SE:00AE48C3 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0BCh, 68h, 18h, 10h, 78h
SE:00AE48C3 db 0FCh, 54h, 24h, 0D8h, 24h, 0B4h, 10h, 84h, 20h, 38h, 94h, 40h, 0ECh
SE:00AE48C3 db 5Ch, 18h, 28h, 6Ch, 18h, 9Ch, 68h, 0F8h, 68h, 3Ch, 0BCh, 0B0h, 68h
SE:00AE48FB ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE48FB
SE:00AE48FB loc_AE48FB:                            ; CODE XREF: SE:00AE48BEp
SE:00AE48FB jmp    $+5
SE:00AE4900 jmp    loc_AE494D
SE:00AE4900 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4905 db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh, 34h, 50h
SE:00AE4905 db 14h, 48h, 6Ch, 28h, 94h, 6Ch, 8Ch, 0C4h, 44h, 8Ch, 0C4h, 70h, 94h, 0F0h
SE:00AE4905 db 74h, 38h, 3Ch, 58h, 0F4h, 24h, 0F0h, 0FCh, 5Ch, 0C8h, 0D0h, 14h, 58h
SE:00AE4905 db 80h, 0, 1Ch, 78h, 94h, 0F0h, 84h, 0E8h, 0E0h, 0CCh, 60h, 98h, 70h, 14h
SE:00AE4905 db 84h, 60h, 0CCh, 0E4h, 0C8h, 50h, 0C8h, 0F8h, 0B8h, 18h, 0A8h, 2 dup(0B0h)
SE:00AE4905 db 3Ch, 0A0h, 30h, 48h
SE:00AE494D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE494D
SE:00AE494D loc_AE494D:                            ; CODE XREF: SE:00AE4900j
SE:00AE494D lea    esp, [esp+4]
SE:00AE4951 call loc_AE499E
SE:00AE4951 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4956 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE4956 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 0E4h, 43h, 0E2h, 0FAh
SE:00AE4956 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 8Ch, 9Ch, 0C6h, 0Ah
SE:00AE4956 db 88h, 0D8h, 4Ch, 0C0h, 0C8h, 4Ch, 2Ch, 44h, 64h, 0BCh, 0CCh, 0E4h, 4
SE:00AE4956 db 0C8h, 0BCh, 0B0h, 60h, 58h, 0C0h, 0B0h, 20h, 50h, 0ECh, 18h, 0F0h, 6Ch
SE:00AE4956 db 7Ch
SE:00AE499E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE499E
SE:00AE499E loc_AE499E:                            ; CODE XREF: SE:00AE4951p
SE:00AE499E sub    esp, -4
SE:00AE49A1 call loc_AE49DE
SE:00AE49A1 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE49A6 db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 0D4h, 6Ch, 0FCh
SE:00AE49A6 db 0D4h, 0B0h, 9Ch, 0DCh, 28h, 0B0h, 58h, 30h, 78h, 0B4h, 0C0h, 74h, 38h
SE:00AE49A6 db 0A8h, 0D0h, 74h, 0C4h, 1Ch, 7Ch, 64h, 0ACh, 0D0h, 0A4h, 3Ch, 0A0h, 58h
SE:00AE49A6 db 0ECh, 64h, 0E4h, 0C4h, 0D8h, 54h, 3Ch, 1Ch, 38h, 0ACh, 88h, 3Ch, 0F4h
SE:00AE49A6 db 24h, 60h, 0F4h
SE:00AE49DE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE49DE
SE:00AE49DE loc_AE49DE:                            ; CODE XREF: SE:00AE49A1p
SE:00AE49DE jmp    loc_AE4A0F
SE:00AE49DE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE49E3 db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 1Ch, 0F4h, 0E8h
SE:00AE49E3 db 44h, 0C8h, 0D0h, 20h, 38h, 0F0h, 0E0h, 8, 38h, 78h, 0F4h, 0F0h, 3Ch
SE:00AE49E3 db 88h, 2Ch, 38h, 0BCh, 0E4h, 0D4h, 94h, 0A0h, 44h, 0FCh, 50h, 0A8h, 78h
SE:00AE49E3 db 0C0h, 0D8h, 0BCh, 0F4h
SE:00AE4A0F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4A0F
SE:00AE4A0F loc_AE4A0F:                            ; CODE XREF: SE:loc_AE49DEj
SE:00AE4A0F sub    esp, -4
SE:00AE4A12 call loc_AE4A4B
SE:00AE4A12 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4A17 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE4A17 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 0B8h, 43h, 0E2h, 0FAh
SE:00AE4A17 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 10h, 50h, 68h, 32h
SE:00AE4A17 db 50h, 0ACh, 6Ch, 0Ch, 0A4h, 0B4h, 64h
SE:00AE4A4B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4A4B
SE:00AE4A4B loc_AE4A4B:                            ; CODE XREF: SE:00AE4A12p
SE:00AE4A4B pop    dword ptr [esp-4]
SE:00AE4A4F call loc_AE4A84
SE:00AE4A4F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4A54 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 0Bh, 3 dup(0), 0B9h, 1Ch
SE:00AE4A54 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0FCh, 0C4h, 30h, 0C4h, 98h
SE:00AE4A54 db 84h, 5Ch, 18h, 30h, 0D8h, 0A0h, 48h, 0FCh, 0, 0ACh, 70h, 5Ch, 0E0h
SE:00AE4A54 db 0E4h, 68h, 0, 78h, 0E0h
SE:00AE4A84 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4A84
SE:00AE4A84 loc_AE4A84:                            ; CODE XREF: SE:00AE4A4Fp
SE:00AE4A84 jmp    loc_AE4AA9
SE:00AE4A84 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4A89 db 90h, 0ACh, 0Ch, 2 dup(38h), 80h, 60h, 0B0h, 30h, 0BCh, 0A0h, 0ECh, 1Ch
SE:00AE4A89 db 40h, 0A8h, 18h, 0A4h, 0D4h, 0B8h, 0C8h, 0A4h, 54h, 24h, 7Ch, 0ACh, 0F8h
SE:00AE4A89 db 48h, 40h, 74h, 0ECh, 44h, 0A8h
SE:00AE4AA9 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4AA9
SE:00AE4AA9 loc_AE4AA9:                            ; CODE XREF: SE:loc_AE4A84j
SE:00AE4AA9 jmp    loc_AE4AB2
SE:00AE4AA9 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4AAE db 4, 8Ch, 34h, 6Ch
SE:00AE4AB2 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4AB2
SE:00AE4AB2 loc_AE4AB2:                            ; CODE XREF: SE:loc_AE4AA9j
SE:00AE4AB2 pop    dword ptr [esp-4]
SE:00AE4AB6 call loc_AE4AFB
SE:00AE4AB6 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4ABB db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 0C4h, 0DCh, 0ECh
SE:00AE4ABB db 0B0h, 0C8h, 88h, 4, 30h, 78h, 10h, 38h, 0ECh, 4, 38h, 90h, 0ECh, 58h
SE:00AE4ABB db 0ACh, 78h, 68h, 0B4h, 94h, 60h, 64h, 0F4h, 88h, 0ACh, 24h, 94h, 0D4h
SE:00AE4ABB db 60h, 68h, 0B4h, 28h, 98h, 0FCh, 38h, 20h, 18h, 60h, 1Ch, 0D8h, 30h
SE:00AE4ABB db 0A8h, 0BCh, 24h, 68h, 0FCh, 88h, 0FCh, 70h, 78h, 58h
SE:00AE4AFB ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4AFB
SE:00AE4AFB loc_AE4AFB:                            ; CODE XREF: SE:00AE4AB6p
SE:00AE4AFB add    esp, 4
SE:00AE4AFE call loc_AE4B13
SE:00AE4AFE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4B03 db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh, 0ACh, 70h
SE:00AE4B03 db 44h, 14h
SE:00AE4B13 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4B13
SE:00AE4B13 loc_AE4B13:                            ; CODE XREF: SE:00AE4AFEp
SE:00AE4B13 jmp    loc_AE4B1C
SE:00AE4B13 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4B18 db 4Ch, 4, 74h, 58h
SE:00AE4B1C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4B1C
SE:00AE4B1C loc_AE4B1C:                            ; CODE XREF: SE:loc_AE4B13j
SE:00AE4B1C jmp    loc_AE4C5B
SE:00AE4B1C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4B21 db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh, 7Ch, 9Ch
SE:00AE4B21 db 8, 84h, 54h, 30h, 0DCh, 0C4h, 1Ch, 0B8h, 10h, 9Ch, 7Ch, 90h, 50h, 5Ch
SE:00AE4B21 db 94h, 40h, 58h, 90h, 58h, 18h, 64h, 6Ch, 14h, 0F4h, 78h, 54h, 5Ch, 0
SE:00AE4B21 db 20h, 8Ch, 0D4h, 2Ch, 24h, 0A4h, 4, 84h, 0F8h, 0D8h, 3Ch, 88h, 0C0h
SE:00AE4B21 db 54h, 24h, 0E4h, 0C0h, 0A0h, 78h, 0ACh, 60h, 0, 2Ch, 0A8h, 0E0h, 4Ch
SE:00AE4B21 db 50h, 0ACh, 0F0h, 0C8h, 50h, 5Ch, 20h, 5Ch
SE:00AE4B6D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4B6D
SE:00AE4B6D loc_AE4B6D:                            ; CODE XREF: SE:loc_AE4BE4j
SE:00AE4B6D pop    dword ptr [esp-4]
SE:00AE4B71 call loc_AE4C19
SE:00AE4B71 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4B76 db 81h, 6Ch, 24h, 4, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0C4h, 4, 9Dh
SE:00AE4B82 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4B82
SE:00AE4B82 loc_AE4B82:                            ; CODE XREF: SE:00AE4C55p
SE:00AE4B82 lea    esp, [esp+4]
SE:00AE4B86 call loc_AE3D9C
SE:00AE4B86 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4B8B db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 0C7h, 3 dup(0), 0B9h, 0D8h
SE:00AE4B8B db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0A4h, 0DCh, 5Ch, 0CCh, 74h
SE:00AE4B8B db 0ACh, 0DCh, 98h, 0E8h, 84h, 8, 64h, 0D8h, 0E0h, 70h, 0FCh, 0Ch, 28h
SE:00AE4B8B db 58h, 0E8h, 40h, 0A4h, 14h, 30h, 0D8h, 98h, 0B4h, 0A8h, 0Ch, 0D8h, 88h
SE:00AE4B8B db 0C0h, 30h, 0, 98h
SE:00AE4BC7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4BC7
SE:00AE4BC7 loc_AE4BC7:                            ; CODE XREF: SE:00AE3CD6p
SE:00AE4BC7 jmp    loc_AE4BE4
SE:00AE4BC7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4BCC db 9Ch, 81h, 4, 24h, 0DAh, 4Eh, 0AFh, 0D9h, 83h, 0ECh, 4, 10h, 0F4h, 40h
SE:00AE4BCC db 4, 88h, 7Ch, 0D8h, 0ACh, 0FCh, 2 dup(0C0h), 60h, 0C4h
SE:00AE4BE4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4BE4
SE:00AE4BE4 loc_AE4BE4:                            ; CODE XREF: SE:loc_AE4BC7j
SE:00AE4BE4 jmp    loc_AE4B6D
SE:00AE4BE4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4BE9 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE4BE9 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 8, 43h, 0E2h, 0FAh
SE:00AE4BE9 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 2Ch, 74h, 7Eh, 9Eh
SE:00AE4BE9 db 0A4h, 0C4h, 84h
SE:00AE4C19 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4C19
SE:00AE4C19 loc_AE4C19:                            ; CODE XREF: SE:00AE4B71p
SE:00AE4C19 sub    esp, -4
SE:00AE4C1C call loc_AE4C4D
SE:00AE4C1C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4C21 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 53h, 3 dup(0), 0B9h, 64h
SE:00AE4C21 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 2 dup(0), 0ECh, 10h, 98h
SE:00AE4C21 db 3Ch, 4, 0A8h, 74h, 0, 0A4h, 2Ch, 78h, 44h, 0E8h, 90h, 88h, 0F4h, 44h
SE:00AE4C4D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4C4D
SE:00AE4C4D loc_AE4C4D:                            ; CODE XREF: SE:00AE4C1Cp
SE:00AE4C4D jmp    $+5
SE:00AE4C52 sub    esp, 0FFFFFFFCh
SE:00AE4C55 call loc_AE4B82
SE:00AE4C55 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4C5A db 8Bh
SE:00AE4C5B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4C5B
SE:00AE4C5B loc_AE4C5B:                            ; CODE XREF: SE:loc_AE4B1Cj
SE:00AE4C5B sub    dword ptr [esp+4], 0D9AF4EDAh
SE:00AE4C63 add    esp, 4
SE:00AE4C66 popf
//记得开始的pushf，+ 0D9AF4EDAh？此处检测TF标志，防止追踪，但是ida会提示的，略过即可
SE:00AE4C67 cmp    ds:flag1, 0 ；什么标志？为1可能会game over？
SE:00AE4C6E jz    short loc_AE4C73
SE:00AE4C70 retn 10h
SE:00AE4C73 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4C73
SE:00AE4C73 loc_AE4C73:                            ; CODE XREF: SE:00AE4C6Ej
SE:00AE4C73 inc    ds:flag1
SE:00AE4C79 pushf
SE:00AE4C7A push ebx
SE:00AE4C7B push ecx
SE:00AE4C7C call $+5
SE:00AE4C81 mov    ebx, [esp]
SE:00AE4C84 add    ebx, 25h
SE:00AE4C87 xor    ecx, ecx
SE:00AE4C89 xchg ecx, [ebx-4]
//解码长度到ECX
SE:00AE4C8C cmp    ecx, 0
SE:00AE4C8F jz    short loc_AE4C97
SE:00AE4C91
SE:00AE4C91 loc_AE4C91:                            ; CODE XREF: SE:00AE4C95j
SE:00AE4C91 xor    byte ptr [ebx], 0C0h
//对[EBX]的内容解码
SE:00AE4C94 inc    ebx
SE:00AE4C95 loop loc_AE4C91
//解码结束
SE:00AE4C97 loc_AE4C97:                            ; CODE XREF: SE:00AE4C8Fj
SE:00AE4C97 add    esp, 4
SE:00AE4C9A pop    ecx
SE:00AE4C9B pop    ebx
SE:00AE4C9C popf
//又检测TF
SE:00AE4C9D jmp    loc_AE4CA6
SE:00AE4C9D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4CA2 db 4 dup(0)
SE:00AE4CA6 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4CA6
SE:00AE4CA6 loc_AE4CA6:                            ; CODE XREF: SE:00AE4C9Dj
SE:00AE4CA6 pushf
SE:00AE4CA7 add    dword ptr [esp], 0CE079146h
//do as above?
SE:00AE4CAE sub    esp, 4
SE:00AE4CB1 jmp    loc_AE5BFD
SE:00AE4CB1 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4CB6 db 9Ch, 81h, 4, 24h, 46h, 91h, 7, 0CEh, 83h, 0ECh, 4, 0B4h, 62h, 1Ch, 2
SE:00AE4CB6 db 0Ah, 0B0h, 0F0h, 0E4h, 0B4h, 14h, 4Eh, 66h, 0ACh, 90h, 16h, 4Eh, 28h
SE:00AE4CB6 db 0, 9Ah
SE:00AE4CD4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4CD4
SE:00AE4CD4 loc_AE4CD4:                            ; CODE XREF: SE:00AE4D0Dp
SE:00AE4CD4 add    esp, 4
SE:00AE4CD7 call loc_AE4D26
SE:00AE4CD7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4CDC db 0DAh, 0Ah, 5Ch, 38h, 0Eh, 96h, 0A8h, 1Ah, 0C4h, 0B2h, 32h, 0D6h, 8Ch
SE:00AE4CDC db 2Ah, 64h, 0ACh, 76h, 0AAh, 0F2h, 0B6h, 5Eh, 76h, 0C6h, 0FAh, 76h, 0D4h
SE:00AE4CDC db 24h, 0B4h, 1Eh, 66h
SE:00AE4CFA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4CFA
SE:00AE4CFA loc_AE4CFA:                            ; CODE XREF: SE:00AE4D7Dp
SE:00AE4CFA jmp    loc_AE4D82
SE:00AE4CFA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4CFF db 0E8h, 94h, 6Ah, 98h, 0, 2 dup(74h), 58h, 0BEh, 36h
SE:00AE4D09 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4D09
SE:00AE4D09 loc_AE4D09:                            ; CODE XREF: SE:00AE4D86p
SE:00AE4D09 pop    dword ptr [esp-4]
SE:00AE4D0D call loc_AE4CD4
SE:00AE4D0D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4D12 db 81h, 6Ch, 24h, 4, 46h, 91h, 7, 0CEh, 83h, 0C4h, 4, 9Dh, 0D4h, 66h, 0A4h
SE:00AE4D12 db 0B4h, 4Ch, 0A2h, 26h, 0C6h
SE:00AE4D26 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4D26
SE:00AE4D26 loc_AE4D26:                            ; CODE XREF: SE:00AE4CD7p
SE:00AE4D26 add    esp, 4
SE:00AE4D29 call loc_AE4D93
SE:00AE4D29 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4D2E db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE4D2E db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 0A0h, 43h, 0E2h, 0FAh
SE:00AE4D2E db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 62h, 8Bh, 54h, 73h
SE:00AE4D2E db 30h, 0C8h, 0E4h, 38h, 0A4h, 0C2h, 0A2h, 34h, 48h, 60h, 94h, 92h, 2Ah
SE:00AE4D2E db 2Eh, 0F0h, 7Eh, 44h, 0Eh, 0EAh, 42h, 62h, 0Ch, 0C4h, 72h, 8Ch, 9Ah
SE:00AE4D2E db 48h, 0DCh, 78h, 2 dup(1Eh)
SE:00AE4D7A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4D7A
SE:00AE4D7A loc_AE4D7A:                            ; CODE XREF: SE:00AE5C33p
SE:00AE4D7A sub    esp, -4
SE:00AE4D7D call loc_AE4CFA
SE:00AE4D82
SE:00AE4D82 loc_AE4D82:                            ; CODE XREF: SE:loc_AE4CFAj
SE:00AE4D82 pop    dword ptr [esp-4]
SE:00AE4D86 call loc_AE4D09
SE:00AE4D86 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4D8B db 22h, 3Ch, 7Eh, 3Ah, 0BEh, 52h, 0B8h, 80h
SE:00AE4D93 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4D93
SE:00AE4D93 loc_AE4D93:                            ; CODE XREF: SE:00AE4D29p
SE:00AE4D93 sub    esp, -4
SE:00AE4D96 call loc_AE4DE9
SE:00AE4D96 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4D9B db 94h, 0Ch, 0D4h, 0E4h, 50h, 0D2h, 14h, 0EEh, 54h, 82h, 96h, 0BEh, 62h
SE:00AE4D9B db 76h, 9Ah, 34h, 9Ch, 0E8h, 0AAh, 24h, 78h, 0A2h, 0B6h, 8Ch, 90h, 0D2h
SE:00AE4D9B db 0Eh, 62h, 0AEh, 5Eh, 0C4h, 2 dup(56h), 88h, 8Eh, 0E6h, 0, 0A0h, 6Eh
SE:00AE4D9B db 0DAh, 0E8h, 0A8h, 0ACh, 86h, 1Ah, 7Ah, 66h, 76h, 42h, 84h, 44h, 0C6h
SE:00AE4D9B db 88h, 0BEh, 20h, 0CEh, 1Ch, 50h, 2Eh, 4Ch, 86h, 88h, 0A4h, 56h, 8Eh
SE:00AE4D9B db 68h, 9Ch, 6Ch, 0EAh, 6Eh, 0BCh, 0B0h, 26h, 96h, 0EAh, 56h, 0C6h, 0AEh
SE:00AE4DE9 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4DE9
SE:00AE4DE9 loc_AE4DE9:                            ; CODE XREF: SE:00AE4D96p
SE:00AE4DE9 lea    esp, [esp+4]
SE:00AE4DED call loc_AE4DF4
SE:00AE4DED ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4DF2 db 0E8h, 0E0h
SE:00AE4DF4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4DF4
SE:00AE4DF4 loc_AE4DF4:                            ; CODE XREF: SE:00AE4DEDp
SE:00AE4DF4 add    esp, 4
SE:00AE4DF7 call loc_AE4E36
SE:00AE4DF7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4DFC db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 0CDh, 3 dup(0), 0B9h, 0DEh
SE:00AE4DFC db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0BAh, 64h, 0EEh, 2 dup(0Ch)
SE:00AE4DFC db 3Ch, 4Eh, 40h, 24h, 58h, 0C2h, 0Ch, 98h, 22h, 0E6h, 3Eh, 36h, 5Ch, 4Eh
SE:00AE4DFC db 72h, 0ECh, 50h, 3Ch, 0F8h, 30h, 0B0h, 8Ch, 0Ah, 0BAh, 80h, 0F4h, 9Ah
SE:00AE4DFC db 1Ah
SE:00AE4E36 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4E36
SE:00AE4E36 loc_AE4E36:                            ; CODE XREF: SE:00AE4DF7p
SE:00AE4E36 jmp    loc_AE4E73
SE:00AE4E36 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4E3B db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 9Bh, 3 dup(0), 0B9h, 0ACh
SE:00AE4E3B db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0F4h, 0B8h, 7Eh, 62h, 5Ch
SE:00AE4E3B db 0FEh, 54h, 50h, 64h, 0C2h, 0F4h, 0CEh, 50h, 6, 90h, 0A0h, 3Ah, 62h
SE:00AE4E3B db 22h, 0A6h, 0E8h, 6Ah, 26h, 0DEh, 3Ah, 0D8h, 30h, 72h, 8Ch, 7Eh, 8Eh
SE:00AE4E73 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4E73
SE:00AE4E73 loc_AE4E73:                            ; CODE XREF: SE:loc_AE4E36j
SE:00AE4E73 jmp    loc_AE4EB6
SE:00AE4E73 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4E78 db 81h, 6Ch, 24h, 4, 46h, 91h, 7, 0CEh, 83h, 0C4h, 4, 9Dh, 0DAh, 50h, 2Ah
SE:00AE4E78 db 0F6h, 40h, 7Eh, 16h, 0DAh, 4Ah, 4, 2, 4Ch, 0EAh, 8, 0B2h, 5Ah, 0D0h
SE:00AE4E78 db 32h, 0DAh, 0B6h, 0C0h, 0D6h, 12h, 0C4h, 0F4h, 14h, 32h, 10h, 0A2h, 2
SE:00AE4E78 db 46h, 2Eh, 0, 12h, 2 dup(0EAh), 84h, 82h, 6Ch, 56h, 0, 36h, 12h, 0E4h
SE:00AE4E78 db 56h, 0B4h, 24h, 5Ch, 4Eh, 72h
SE:00AE4EB6 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4EB6
SE:00AE4EB6 loc_AE4EB6:                            ; CODE XREF: SE:loc_AE4E73j
SE:00AE4EB6 add    esp, 4
SE:00AE4EB9 call loc_AE4EFC
SE:00AE4EB9 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4EBE db 0E6h, 5Ch, 54h, 4Ah, 3Ah, 9Ah, 0CAh, 0AAh, 9Ah, 1Eh, 30h, 80h, 98h
SE:00AE4EBE db 0C6h, 46h, 4Eh, 0F2h, 90h, 0F8h, 0CEh, 0BCh, 48h, 0F6h, 0B2h, 80h, 0B6h
SE:00AE4EBE db 0E6h, 0CCh, 0C6h, 0EEh, 88h, 0E4h, 4Ah, 0DCh, 5Ch, 26h, 10h, 8, 52h
SE:00AE4EBE db 9Ch, 0B2h, 0DCh, 9Eh, 84h, 0D0h, 0AEh, 80h, 0F8h, 2, 6, 18h, 0A2h, 0EAh
SE:00AE4EBE db 34h, 44h, 92h, 6Ch, 0C4h, 5Eh, 38h, 1Eh, 0CEh
SE:00AE4EFC ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4EFC
SE:00AE4EFC loc_AE4EFC:                            ; CODE XREF: SE:00AE4EB9p
SE:00AE4EFC sub    esp, -4
SE:00AE4EFF call loc_AE4F34
SE:00AE4EFF ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4F04 db 0A6h, 0CAh, 0B2h, 0B0h, 0AEh, 0C4h, 26h, 80h, 0F4h, 2 dup(0DAh), 76h
SE:00AE4F04 db 8Ah, 8Eh, 22h, 4Eh, 0B8h, 90h, 0B2h, 0, 14h, 0D6h, 0DEh, 0EAh, 0BAh
SE:00AE4F04 db 0DAh, 0FCh, 7Ch, 0D8h, 0B2h, 0, 0A8h, 44h, 8, 0F6h, 5Eh, 0AAh, 32h
SE:00AE4F04 db 70h, 0B8h, 0F4h, 58h, 44h, 0A4h, 0A6h, 76h, 0E4h, 3Eh
SE:00AE4F34 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4F34
SE:00AE4F34 loc_AE4F34:                            ; CODE XREF: SE:00AE4EFFp
SE:00AE4F34 lea    esp, [esp+4]
SE:00AE4F38 call loc_AE4F61
SE:00AE4F38 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4F3D db 81h, 6Ch, 24h, 4, 46h, 91h, 7, 0CEh, 83h, 0C4h, 4, 9Dh, 0DEh, 9Ah, 0C6h
SE:00AE4F3D db 3Ch, 40h, 1Ch, 0B0h, 0F4h, 66h, 58h, 0FEh, 0B2h, 9Ch, 0FEh, 0CCh, 0A0h
SE:00AE4F3D db 32h, 0B2h, 42h, 0F2h, 0D0h, 0FAh, 9Ch, 0B6h
SE:00AE4F61 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4F61
SE:00AE4F61 loc_AE4F61:                            ; CODE XREF: SE:00AE4F38p
SE:00AE4F61 sub    esp, -4
SE:00AE4F64 call loc_AE4F75
SE:00AE4F64 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4F69 db 74h, 6, 76h, 0C2h, 6Ah, 0AEh, 0BCh, 2Ah, 0A6h, 1Eh, 6Ah, 78h
SE:00AE4F75 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4F75
SE:00AE4F75 loc_AE4F75:                            ; CODE XREF: SE:00AE4F64p
SE:00AE4F75 add    esp, 4
SE:00AE4F78 call loc_AE4F93
SE:00AE4F78 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4F7D db 81h, 6Ch, 24h, 4, 46h, 91h, 7, 0CEh, 83h, 0C4h, 4, 9Dh, 0E0h, 3Ch, 2Eh
SE:00AE4F7D db 4, 0D2h, 0D8h, 0E2h, 0FEh, 0C4h, 56h
SE:00AE4F93 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4F93
SE:00AE4F93 loc_AE4F93:                            ; CODE XREF: SE:00AE4F78p
SE:00AE4F93 pop    dword ptr [esp-4]
SE:00AE4F97 call loc_AE4FB4
SE:00AE4F97 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4F9C db 81h, 6Ch, 24h, 4, 46h, 91h, 7, 0CEh, 83h, 0C4h, 4, 9Dh, 24h, 0DEh, 0C2h
SE:00AE4F9C db 0A8h, 14h, 28h, 2Ch, 86h, 78h, 24h, 40h, 26h
SE:00AE4FB4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4FB4
SE:00AE4FB4 loc_AE4FB4:                            ; CODE XREF: SE:00AE4F97p
SE:00AE4FB4 pop    dword ptr [esp-4]
SE:00AE4FB8 call loc_AE4FC3
SE:00AE4FB8 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4FBD db 8Ch, 0B4h, 0EEh, 0A2h, 58h, 4Eh
SE:00AE4FC3 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4FC3
SE:00AE4FC3 loc_AE4FC3:                            ; CODE XREF: SE:00AE4FB8p
SE:00AE4FC3 lea    esp, [esp+4]
SE:00AE4FC7 call loc_AE5018
SE:00AE4FC7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE4FCC db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE4FCC db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 60h, 43h, 0E2h, 0FAh
SE:00AE4FCC db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 26h, 6Dh, 0C0h, 83h
SE:00AE4FCC db 0C6h, 38h, 10h, 0B0h, 14h, 88h, 0C4h, 0CAh, 30h, 0D4h, 80h, 94h, 2Ah
SE:00AE4FCC db 0D2h, 0E4h, 0FCh, 0E4h, 94h, 0F2h, 0B4h, 68h, 0B2h, 5Eh, 6Eh, 34h, 3Ch
SE:00AE4FCC db 2, 82h, 4, 12h, 46h
SE:00AE5018 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5018
SE:00AE5018 loc_AE5018:                            ; CODE XREF: SE:00AE4FC7p
SE:00AE5018 lea    esp, [esp+4]
SE:00AE501C call loc_AE5041
SE:00AE501C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5021 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 9Fh, 3 dup(0), 0B9h, 0B0h
SE:00AE5021 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 30h, 0B8h, 90h, 98h, 5Eh
SE:00AE5021 db 0DEh, 8Eh
SE:00AE5041 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5041
SE:00AE5041 loc_AE5041:                            ; CODE XREF: SE:00AE501Cp
SE:00AE5041 lea    esp, [esp+4]
SE:00AE5045 call loc_AE5068
SE:00AE5045 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE504A db 0AAh, 0B4h, 0F0h, 0B0h, 46h, 6Eh, 98h, 2Ah, 5Eh, 70h, 62h, 22h, 0DEh
SE:00AE504A db 96h, 0DAh, 0F0h, 0AEh, 0E0h, 0F2h, 2, 48h, 68h, 4Ch, 0B4h, 2Ch, 94h
SE:00AE504A db 0C0h, 0AAh, 48h, 0F4h
SE:00AE5068 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5068
SE:00AE5068 loc_AE5068:                            ; CODE XREF: SE:00AE5045p
SE:00AE5068 jmp    loc_AE508B
SE:00AE5068 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE506D db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 7, 3 dup(0), 0B9h, 18h, 3 dup(0)
SE:00AE506D db 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 50h, 3Ch, 38h, 64h, 32h
SE:00AE508B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE508B
SE:00AE508B loc_AE508B:                            ; CODE XREF: SE:loc_AE5068j
SE:00AE508B jmp    loc_AE50C0
SE:00AE508B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5090 db 0AEh, 0, 0D2h, 64h, 2 dup(0BCh), 0CAh, 4, 0ACh, 70h, 0D0h, 0Ch, 0F6h
SE:00AE5090 db 1Ah, 5Ch, 4, 2Eh, 7Ch, 82h, 0E8h, 0A2h, 56h, 2 dup(5Ch), 1Eh, 0DAh
SE:00AE5090 db 0C6h, 8Eh, 0FEh, 0B6h, 0CAh, 0Ch, 94h, 0CEh, 8Ah, 0D6h, 0B0h, 76h, 94h
SE:00AE5090 db 0D6h, 90h, 2 dup(2Ah), 0ACh, 0C6h, 26h, 0Ah, 3Eh
SE:00AE50C0 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE50C0
SE:00AE50C0 loc_AE50C0:                            ; CODE XREF: SE:loc_AE508Bj
SE:00AE50C0 jmp    loc_AE50F1
SE:00AE50C0 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE50C5 db 81h, 6Ch, 24h, 4, 46h, 91h, 7, 0CEh, 83h, 0C4h, 4, 9Dh, 64h, 24h, 5Ch
SE:00AE50C5 db 44h, 9Ah, 8, 0B6h, 76h, 50h, 0Eh, 0C4h, 0F8h, 2Eh, 0Ch, 98h, 0EEh, 46h
SE:00AE50C5 db 0CAh, 12h, 0B6h, 0E4h, 78h, 0F0h, 0E4h, 82h, 48h, 0BCh, 34h, 0B0h, 70h
SE:00AE50C5 db 0C6h, 6Eh
SE:00AE50F1 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE50F1
SE:00AE50F1 loc_AE50F1:                            ; CODE XREF: SE:loc_AE50C0j
SE:00AE50F1 lea    esp, [esp+4]
SE:00AE50F5 call loc_AE5106
SE:00AE50F5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE50FA db 7Eh, 0A2h, 0F0h, 0DCh, 0EAh, 0F0h, 2Eh, 40h, 0CCh, 88h, 42h, 4Eh
SE:00AE5106 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5106
SE:00AE5106 loc_AE5106:                            ; CODE XREF: SE:00AE50F5p
SE:00AE5106 add    esp, 4
SE:00AE5109 call loc_AE5118
SE:00AE5109 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE510E db 88h, 90h, 2Eh, 58h, 16h, 7Ch, 56h, 0F8h, 0E2h, 0ACh
SE:00AE5118 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5118
SE:00AE5118 loc_AE5118:                            ; CODE XREF: SE:00AE5109p
SE:00AE5118 sub    esp, -4
SE:00AE511B call loc_AE5150
SE:00AE511B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5120 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE5120 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 36h, 43h, 0E2h, 0FAh
SE:00AE5120 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 0F8h, 0A4h, 54h, 0C1h
SE:00AE5120 db 0, 30h, 0EEh
SE:00AE5150 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5150
SE:00AE5150 loc_AE5150:                            ; CODE XREF: SE:00AE511Bp
SE:00AE5150 pop    dword ptr [esp-4]
SE:00AE5154 call loc_AE517F
SE:00AE5154 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5159 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 87h, 3 dup(0), 0B9h, 98h
SE:00AE5159 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 8Ch, 4Eh, 36h, 6Ah, 30h
SE:00AE5159 db 0EAh, 0D6h, 24h, 0CCh, 0F2h, 4Ch, 0C6h, 0FEh
SE:00AE517F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE517F
SE:00AE517F loc_AE517F:                            ; CODE XREF: SE:00AE5154p
SE:00AE517F sub    esp, -4
SE:00AE5182 call loc_AE51A9
SE:00AE5182 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5187 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 0Fh, 3 dup(0), 0B9h, 20h
SE:00AE5187 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 54h, 0E8h, 76h, 7Ch, 68h
SE:00AE5187 db 22h, 0CEh, 84h, 0A0h
SE:00AE51A9 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE51A9
SE:00AE51A9 loc_AE51A9:                            ; CODE XREF: SE:00AE5182p
SE:00AE51A9 pop    dword ptr [esp-4]
SE:00AE51AD call loc_AE51EA
SE:00AE51AD ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE51B2 db 0F6h, 0D6h, 0BAh, 0FAh, 84h, 0Ah, 32h, 90h, 78h, 2, 66h, 0DAh, 50h
SE:00AE51B2 db 92h, 34h, 2 dup(30h), 0B4h, 8, 0FAh, 0DEh, 36h, 0EAh, 0B4h, 10h, 0D0h
SE:00AE51B2 db 3Ah, 0D2h, 0F4h, 0A4h, 90h, 2 dup(38h), 82h, 78h, 34h, 6, 80h, 68h
SE:00AE51B2 db 26h, 6Ah, 0F8h, 66h, 0A8h, 0F0h, 4Eh, 0FEh, 0F0h, 50h, 34h, 16h, 84h
SE:00AE51B2 db 6Ah, 42h, 9Eh, 0CAh
SE:00AE51EA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE51EA
SE:00AE51EA loc_AE51EA:                            ; CODE XREF: SE:00AE51ADp
SE:00AE51EA pop    dword ptr [esp-4]
SE:00AE51EE call loc_AE51F7
SE:00AE51EE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE51F3 db 0C2h, 0C6h, 84h, 0FAh
SE:00AE51F7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE51F7
SE:00AE51F7 loc_AE51F7:                            ; CODE XREF: SE:00AE51EEp
SE:00AE51F7 add    esp, 4
SE:00AE51FA call loc_AE521B
SE:00AE51FA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE51FF db 81h, 6Ch, 24h, 4, 46h, 91h, 7, 0CEh, 83h, 0C4h, 4, 9Dh, 0ECh, 78h, 8Eh
SE:00AE51FF db 7Eh, 0F8h, 98h, 58h, 52h, 50h, 0ACh, 30h, 6Ah, 62h, 0D0h, 6, 5Ch
SE:00AE521B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE521B
SE:00AE521B loc_AE521B:                            ; CODE XREF: SE:00AE51FAp
SE:00AE521B add    esp, 4
SE:00AE521E call loc_AE5267
SE:00AE521E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5223 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 89h, 3 dup(0), 0B9h, 9Ah
SE:00AE5223 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0ECh, 0E2h, 50h, 0B0h, 0ACh
SE:00AE5223 db 8Ah, 0DAh, 80h, 16h, 56h, 0D8h, 54h, 52h, 6Eh, 0F2h, 0ECh, 40h, 46h
SE:00AE5223 db 0A6h, 6Eh, 32h, 0A0h, 0FCh, 0D6h, 0F6h, 6Ch, 2Eh, 16h, 0D6h, 0E0h, 16h
SE:00AE5223 db 9Eh, 74h, 70h, 78h, 4Ch, 84h, 44h, 0A0h, 52h, 90h, 2Eh, 4Eh
SE:00AE5267 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5267
SE:00AE5267 loc_AE5267:                            ; CODE XREF: SE:00AE521Ep
SE:00AE5267 pop    dword ptr [esp-4]
SE:00AE526B call loc_AE5280
SE:00AE526B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5270 db 81h, 6Ch, 24h, 4, 46h, 91h, 7, 0CEh, 83h, 0C4h, 4, 9Dh, 0A2h, 9Eh, 3Ch
SE:00AE5270 db 46h
SE:00AE5280 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5280
SE:00AE5280 loc_AE5280:                            ; CODE XREF: SE:00AE526Bp
SE:00AE5280 jmp    loc_AE52B7
SE:00AE5280 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5285 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE5285 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 84h, 43h, 0E2h, 0FAh
SE:00AE5285 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 90h, 0E8h, 24h, 2Fh
SE:00AE5285 db 1Ah, 1Ch, 92h, 34h, 22h
SE:00AE52B7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE52B7
SE:00AE52B7 loc_AE52B7:                            ; CODE XREF: SE:loc_AE5280j
SE:00AE52B7 sub    esp, -4
SE:00AE52BA call loc_AE52F3
SE:00AE52BA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE52BF db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE52BF db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 0D0h, 43h, 0E2h, 0FAh
SE:00AE52BF db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 76h, 93h, 0FEh, 0E4h
SE:00AE52BF db 64h, 22h, 72h, 0D0h, 0F2h, 20h, 5Ch
SE:00AE52F3 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE52F3
SE:00AE52F3 loc_AE52F3:                            ; CODE XREF: SE:00AE52BAp
SE:00AE52F3 sub    esp, -4
SE:00AE52F6 call loc_AE533F
SE:00AE52F6 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE52FB db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 0E3h, 3 dup(0), 0B9h, 0F4h
SE:00AE52FB db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0C2h, 2, 0F0h, 64h, 0A2h
SE:00AE52FB db 62h, 20h, 0AAh, 0A0h, 4, 2Ch, 30h, 90h, 0BAh, 84h, 52h, 44h, 2Eh, 3Eh
SE:00AE52FB db 62h, 4Eh, 10h, 5Eh, 2Eh, 0FCh, 0Ah, 70h, 4Ah, 32h, 4, 0FEh, 7Eh, 38h
SE:00AE52FB db 76h, 0CCh, 0B4h, 0D8h, 0ACh, 0C4h, 66h, 5Ch, 8Ch, 0A6h
SE:00AE533F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE533F
SE:00AE533F loc_AE533F:                            ; CODE XREF: SE:00AE52F6p
SE:00AE533F sub    esp, -4
SE:00AE5342 call loc_AE5349
SE:00AE5342 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5347 db 12h, 7Eh
SE:00AE5349 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5349
SE:00AE5349 loc_AE5349:                            ; CODE XREF: SE:00AE5342p
SE:00AE5349 add    esp, 4
SE:00AE534C call loc_AE535B
SE:00AE534C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5351 db 70h, 46h, 20h, 18h, 72h, 20h, 88h, 0C2h, 36h, 0F8h
SE:00AE535B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE535B
SE:00AE535B loc_AE535B:                            ; CODE XREF: SE:00AE534Cp
SE:00AE535B pop    dword ptr [esp-4]
SE:00AE535F call loc_AE539E
SE:00AE535F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5364 db 0F6h, 0DAh, 0A2h, 4Eh, 64h, 4Ch, 0C8h, 0BAh, 6, 34h, 0C8h, 58h, 0A4h
SE:00AE5364 db 0B8h, 8Ah, 0BEh, 4Ah, 1Ah, 0, 4Eh, 16h, 94h, 62h, 3Ah, 86h, 0B4h, 76h
SE:00AE5364 db 0F2h, 8Ch, 0AEh, 2Ah, 0B6h, 38h, 5Ah, 0C4h, 2, 58h, 0FAh, 36h, 0DAh
SE:00AE5364 db 3Ah, 0C4h, 66h, 38h, 0EEh, 62h, 0B0h, 56h, 4Eh, 94h, 0, 0A8h, 58h, 98h
SE:00AE5364 db 0F6h, 10h, 1Eh, 12h
SE:00AE539E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE539E
SE:00AE539E loc_AE539E:                            ; CODE XREF: SE:00AE535Fp
SE:00AE539E lea    esp, [esp+4]
SE:00AE53A2 call loc_AE53AF
SE:00AE53A2 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE53A7 db 0FCh, 0, 0D0h, 0F2h, 94h, 60h, 0BAh, 3Ah
SE:00AE53AF ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE53AF
SE:00AE53AF loc_AE53AF:                            ; CODE XREF: SE:00AE53A2p
SE:00AE53AF pop    dword ptr [esp-4]
SE:00AE53B3 call loc_AE53BA
SE:00AE53B3 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE53B8 db 0A8h, 0D2h
SE:00AE53BA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE53BA
SE:00AE53BA loc_AE53BA:                            ; CODE XREF: SE:00AE53B3p
SE:00AE53BA pop    dword ptr [esp-4]
SE:00AE53BE call loc_AE53FD
SE:00AE53BE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE53C3 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 0A1h, 3 dup(0), 0B9h, 0B2h
SE:00AE53C3 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 8, 0D0h, 2Eh, 18h, 3Ah, 0A0h
SE:00AE53C3 db 6Ah, 26h, 4Ah, 70h, 90h, 72h, 94h, 70h, 0A4h, 1Ch, 64h, 5Ch, 0AAh, 72h
SE:00AE53C3 db 0AAh, 0ECh, 54h, 0B8h, 74h, 22h, 0EAh, 42h, 44h, 5Eh, 0B2h, 98h, 72h
SE:00AE53FD ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE53FD
SE:00AE53FD loc_AE53FD:                            ; CODE XREF: SE:00AE53BEp
SE:00AE53FD add    esp, 4
SE:00AE5400 call loc_AE5447
SE:00AE5400 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5405 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE5405 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 0D6h, 43h, 0E2h, 0FAh
SE:00AE5405 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 0B2h, 74h, 0E6h, 0B7h
SE:00AE5405 db 0BEh, 76h, 18h, 40h, 0A0h, 1Eh, 58h, 6Eh, 40h, 0FAh, 28h, 6Ah, 0E6h
SE:00AE5405 db 46h, 0DCh, 0C0h, 82h, 0, 26h, 0CCh, 0ACh
SE:00AE5447 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5447
SE:00AE5447 loc_AE5447:                            ; CODE XREF: SE:00AE5400p
SE:00AE5447 lea    esp, [esp+4]
SE:00AE544B call loc_AE5476
SE:00AE544B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5450 db 9Ch, 81h, 4, 24h, 46h, 91h, 7, 0CEh, 83h, 0ECh, 4, 0F0h, 54h, 0E4h
SE:00AE5450 db 0ECh, 0D2h, 0FAh, 0D4h, 82h, 8Eh, 42h, 20h, 0B2h, 0FCh, 38h, 8Ah, 56h
SE:00AE5450 db 0BAh, 22h, 0Eh, 0B2h, 6Eh, 0, 1Eh, 0D6h, 0FCh, 0A2h, 5Eh
SE:00AE5476 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5476
SE:00AE5476 loc_AE5476:                            ; CODE XREF: SE:00AE544Bp
SE:00AE5476 pop    dword ptr [esp-4]
SE:00AE547A call loc_AE54BD
SE:00AE547A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE547F db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 6Fh, 3 dup(0), 0B9h, 80h
SE:00AE547F db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0C4h, 44h, 5Ch, 38h, 0EAh
SE:00AE547F db 0EEh, 0D0h, 4Ch, 24h, 46h, 7Ch, 66h, 0E4h, 16h, 5Ch, 84h, 16h, 74h
SE:00AE547F db 0A0h, 7Ch, 34h, 9Eh, 5Ch, 0D4h, 0C2h, 28h, 46h, 0E8h, 0D6h, 0D8h, 0C2h
SE:00AE547F db 4Eh, 0F2h, 32h, 0A0h, 5Ah, 2Eh
SE:00AE54BD ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE54BD
SE:00AE54BD loc_AE54BD:                            ; CODE XREF: SE:00AE547Ap
SE:00AE54BD sub    esp, -4
SE:00AE54C0 call loc_AE54CF
SE:00AE54C0 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE54C5 db 2 dup(36h), 0, 76h, 0D4h, 0ACh, 0, 0D0h, 0AEh, 0E6h
SE:00AE54CF ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE54CF
SE:00AE54CF loc_AE54CF:                            ; CODE XREF: SE:00AE54C0p
SE:00AE54CF lea    esp, [esp+4]
SE:00AE54D3 call loc_AE54F8
SE:00AE54D3 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE54D8 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 67h, 3 dup(0), 0B9h, 78h
SE:00AE54D8 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 68h, 0A6h, 0BEh, 0C8h, 0E6h
SE:00AE54D8 db 0FEh, 0A8h
SE:00AE54F8 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE54F8
SE:00AE54F8 loc_AE54F8:                            ; CODE XREF: SE:00AE54D3p
SE:00AE54F8 lea    esp, [esp+4]
SE:00AE54FC call loc_AE552F
SE:00AE54FC ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5501 db 6Eh, 9Ah, 7Ah, 48h, 96h, 6, 8, 0BEh, 9Ah, 0BEh, 0B8h, 0ECh, 34h, 90h
SE:00AE5501 db 0FAh, 7Eh, 80h, 82h, 50h, 0BEh, 0D8h, 0B2h, 0C6h, 0CAh, 0BCh, 0CCh
SE:00AE5501 db 78h, 0A8h, 0AEh, 18h, 3Ah, 4Eh, 0ECh, 36h, 34h, 2Ah, 0D8h, 0FEh, 44h
SE:00AE5501 db 0E4h, 0C8h, 0F6h, 3Eh, 0B8h, 86h, 60h
SE:00AE552F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE552F
SE:00AE552F loc_AE552F:                            ; CODE XREF: SE:00AE54FCp
SE:00AE552F pop    dword ptr [esp-4]
SE:00AE5533 call loc_AE5572
SE:00AE5533 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5538 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 0F7h, 3 dup(0), 0B9h, 8, 3 dup(0)
SE:00AE5538 db 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0E8h, 0B0h, 9Ch, 0B2h, 94h, 0F8h, 0D4h
SE:00AE5538 db 14h, 0FEh, 16h, 0E6h, 48h, 30h, 52h, 0B2h, 0CEh, 60h, 40h, 78h, 7Ah
SE:00AE5538 db 9Ch, 4Ch, 0F2h, 84h, 22h, 7Eh, 1Ch, 0A4h, 0C6h, 7Ah, 1Eh, 98h, 7Ah
SE:00AE5572 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5572
SE:00AE5572 loc_AE5572:                            ; CODE XREF: SE:00AE5533p
SE:00AE5572 add    esp, 4
SE:00AE5575 call loc_AE55B4
SE:00AE5575 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE557A db 0C0h, 8Ch, 68h, 46h, 0AAh, 0E4h, 9Eh, 0DEh, 0CCh, 0E4h, 4, 40h, 2 dup(0B0h)
SE:00AE557A db 42h, 8, 80h, 60h, 0C8h, 1Eh, 98h, 0D0h, 0B8h, 0DEh, 0F8h, 0ACh, 52h
SE:00AE557A db 4Ch, 6, 0FAh, 98h, 0F6h, 0FEh, 54h, 0E8h, 0CAh, 12h, 0B8h, 8Ah, 28h
SE:00AE557A db 0ACh, 94h, 0ECh, 5Ah, 76h, 50h, 76h, 60h, 9Ch, 42h, 3Ah, 0C6h, 1Ah
SE:00AE557A db 50h, 9Ah, 0CCh, 44h, 70h
SE:00AE55B4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE55B4
SE:00AE55B4 loc_AE55B4:                            ; CODE XREF: SE:00AE5575p
SE:00AE55B4 add    esp, 4
SE:00AE55B7 call loc_AE55C0
SE:00AE55B7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE55BC db 3Eh, 0B0h, 6Ah, 32h
SE:00AE55C0 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE55C0
SE:00AE55C0 loc_AE55C0:                            ; CODE XREF: SE:00AE55B7p
SE:00AE55C0 pop    dword ptr [esp-4]
SE:00AE55C4 call loc_AE55CF
SE:00AE55C4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE55C9 db 0B8h, 70h, 0D8h, 22h, 0CCh, 0AEh
SE:00AE55CF ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE55CF
SE:00AE55CF loc_AE55CF:                            ; CODE XREF: SE:00AE55C4p
SE:00AE55CF add    esp, 4
SE:00AE55D2 call loc_AE5623
SE:00AE55D2 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE55D7 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE55D7 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 54h, 43h, 0E2h, 0FAh
SE:00AE55D7 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 0CAh, 0D3h, 0C1h, 66h
SE:00AE55D7 db 6Ch, 0E2h, 32h, 0B0h, 34h, 8Eh, 2Eh, 0C6h, 0C8h, 5Ch, 0A6h, 0DCh, 30h
SE:00AE55D7 db 60h, 20h, 0A2h, 8, 0ACh, 0CCh, 2 dup(28h), 0CCh, 0E0h, 84h, 58h, 0DAh
SE:00AE55D7 db 0BAh, 0B0h, 26h, 0FAh, 0Eh
SE:00AE5623 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5623
SE:00AE5623 loc_AE5623:                            ; CODE XREF: SE:00AE55D2p
SE:00AE5623 pop    dword ptr [esp-4]
SE:00AE5627 call loc_AE566C
SE:00AE5627 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE562C db 81h, 6Ch, 24h, 4, 46h, 91h, 7, 0CEh, 83h, 0C4h, 4, 9Dh, 0B0h, 6Eh, 7Ah
SE:00AE562C db 64h, 96h, 0E2h, 0D0h, 70h, 6Ch, 66h, 54h, 0A8h, 0F8h, 0A6h, 3Ah, 9Ch
SE:00AE562C db 36h, 7Ch, 0FCh, 7Eh, 52h, 0D6h, 36h, 0D4h, 38h, 32h, 0A6h, 90h, 0A6h
SE:00AE562C db 54h, 7Ch, 36h, 0A4h, 0F2h, 14h, 24h, 50h, 0DEh, 8Ch, 88h, 0B4h, 9Ah
SE:00AE562C db 0C4h, 34h, 0EEh, 9Ah, 0AEh, 0ACh, 64h, 0D8h, 8, 0E2h
SE:00AE566C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE566C
SE:00AE566C loc_AE566C:                            ; CODE XREF: SE:00AE5627p
SE:00AE566C sub    esp, -4
SE:00AE566F call loc_AE568A
SE:00AE566F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5674 db 0ECh, 54h, 0D4h, 0A4h, 0B0h, 1Ah, 70h, 86h, 0Ah, 46h, 0A6h, 36h, 28h
SE:00AE5674 db 0CCh, 0C6h, 0CCh, 90h, 0AEh, 0DEh, 3Eh, 2Eh, 76h
SE:00AE568A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE568A
SE:00AE568A loc_AE568A:                            ; CODE XREF: SE:00AE566Fp
SE:00AE568A lea    esp, [esp+4]
SE:00AE568E call loc_AE56C7
SE:00AE568E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5693 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE5693 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 0AAh, 43h, 0E2h, 0FAh
SE:00AE5693 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 0D2h, 8Dh, 0B9h, 1Eh
SE:00AE5693 db 78h, 0BEh, 82h, 0Eh, 0E4h, 0A6h, 80h
SE:00AE56C7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE56C7
SE:00AE56C7 loc_AE56C7:                            ; CODE XREF: SE:00AE568Ep
SE:00AE56C7 jmp    $+5
SE:00AE56CC lea    esp, [esp+4]
SE:00AE56D0 call loc_AE56D9
SE:00AE56D0 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE56D5 db 6, 14h, 3Ch, 0BAh
SE:00AE56D9 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE56D9
SE:00AE56D9 loc_AE56D9:                            ; CODE XREF: SE:00AE56D0p
SE:00AE56D9 pop    dword ptr [esp-4]
SE:00AE56DD call loc_AE572A
SE:00AE56DD ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE56E2 db 0DEh, 5Eh, 14h, 0D2h, 0E4h, 8, 34h, 54h, 50h, 9Ch, 0CCh, 0Eh, 4, 0A0h
SE:00AE56E2 db 6Ch, 4Eh, 36h, 12h, 0Ah, 8Ch, 40h, 0B2h, 2Ah, 0Ah, 0ACh, 0Eh, 0E4h
SE:00AE56E2 db 0F2h, 4, 0FAh, 68h, 3Ch, 0AEh, 0FAh, 4Ah, 0B6h, 0BEh, 5Ch, 0C0h, 0BAh
SE:00AE56E2 db 2Eh, 74h, 0EEh, 4Eh, 0B0h, 2Ah, 3Ch, 4Eh, 2Ch, 0C2h, 8Ah, 8Ch, 92h
SE:00AE56E2 db 98h, 40h, 12h, 70h, 46h, 9Ah, 2Ah, 0C2h, 48h, 2Ch, 0A0h, 44h, 0DCh
SE:00AE56E2 db 2Eh, 10h, 42h, 78h, 74h, 28h
SE:00AE572A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE572A
SE:00AE572A loc_AE572A:                            ; CODE XREF: SE:00AE56DDp
SE:00AE572A jmp    loc_AE5765
SE:00AE572A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE572F db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE572F db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 74h, 43h, 0E2h, 0FAh
SE:00AE572F db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 82h, 66h, 0A0h, 13h
SE:00AE572F db 60h, 88h, 14h, 0Ah, 3Ah, 60h, 0C4h, 0BCh, 0D4h
SE:00AE5765 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5765
SE:00AE5765 loc_AE5765:                            ; CODE XREF: SE:loc_AE572Aj
SE:00AE5765 sub    esp, -4
SE:00AE5768 call loc_AE5777
SE:00AE5768 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE576D db 8Ah, 94h, 52h, 0E4h, 4Eh, 0CAh, 0AAh, 0FAh, 32h, 0A0h
SE:00AE5777 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5777
SE:00AE5777 loc_AE5777:                            ; CODE XREF: SE:00AE5768p
SE:00AE5777 lea    esp, [esp+4]
SE:00AE577B call loc_AE57C6
SE:00AE577B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5780 db 81h, 6Ch, 24h, 4, 46h, 91h, 7, 0CEh, 83h, 0C4h, 4, 9Dh, 20h, 0D2h, 0A0h
SE:00AE5780 db 0F6h, 0A0h, 50h, 0DCh, 44h, 0BCh, 6Ah, 0F2h, 9Ch, 0Ah, 5Ch, 0DAh, 2Ah
SE:00AE5780 db 54h, 50h, 36h, 62h, 5Eh, 6Ch, 0FAh, 94h, 0FCh, 8Eh, 0DAh, 0D0h, 7Ah
SE:00AE5780 db 72h, 0DAh, 0D8h, 2 dup(10h), 1Ah, 2 dup(0BEh), 2 dup(94h), 62h, 34h
SE:00AE5780 db 30h, 0E8h, 0F8h, 0C6h, 5Ah, 0BEh, 0CCh, 0Eh, 2Ah, 0D6h, 6Ch, 0Eh, 3Ah
SE:00AE5780 db 0Eh, 24h, 18h, 62h
SE:00AE57C6 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE57C6
SE:00AE57C6 loc_AE57C6:                            ; CODE XREF: SE:00AE577Bp
SE:00AE57C6 lea    esp, [esp+4]
SE:00AE57CA call loc_AE57F9
SE:00AE57CA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE57CF db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 31h, 3 dup(0), 0B9h, 42h
SE:00AE57CF db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 8Eh, 88h, 0AAh, 0BAh, 0C2h
SE:00AE57CF db 0EEh, 96h, 92h, 0E8h, 68h, 0B6h, 64h, 14h, 4Eh, 0BAh, 42h, 0E0h
SE:00AE57F9 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE57F9
SE:00AE57F9 loc_AE57F9:                            ; CODE XREF: SE:00AE57CAp
SE:00AE57F9 sub    esp, -4
SE:00AE57FC call loc_AE5809
SE:00AE57FC ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5801 db 24h, 0D8h, 84h, 0E6h, 0CCh, 3Eh, 0D0h, 36h
SE:00AE5809 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5809
SE:00AE5809 loc_AE5809:                            ; CODE XREF: SE:00AE57FCp
SE:00AE5809 lea    esp, [esp+4]
SE:00AE580D call loc_AE5860
SE:00AE580D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5812 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE5812 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 0CCh, 43h, 0E2h, 0FAh
SE:00AE5812 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 5Ch, 0FFh, 98h, 82h
SE:00AE5812 db 46h, 0A0h, 26h, 0E6h, 6Eh, 0D2h, 70h, 0BAh, 2Ch, 0Ch, 70h, 76h, 2Eh
SE:00AE5812 db 5Ah, 0AEh, 0C4h, 0ACh, 3Eh, 0C4h, 0EAh, 52h, 0F8h, 58h, 80h, 78h, 94h
SE:00AE5812 db 0DAh, 78h, 22h, 32h, 0Ah, 32h, 50h
SE:00AE5860 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5860
SE:00AE5860 loc_AE5860:                            ; CODE XREF: SE:00AE580Dp
SE:00AE5860 sub    esp, -4
SE:00AE5863 call $+5
SE:00AE5868 pop    dword ptr [esp-4]
SE:00AE586C call loc_AE58B1
SE:00AE586C ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5871 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 3Bh, 3 dup(0), 0B9h, 4Ch
SE:00AE5871 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0D0h, 40h, 78h, 0C6h, 4Eh
SE:00AE5871 db 92h, 40h, 56h, 94h, 0D2h, 9Ch, 86h, 5Ch, 20h, 86h, 9Eh, 40h, 14h, 0BEh
SE:00AE5871 db 22h, 6Ah, 50h, 5Ch, 0A4h, 0AEh, 0BEh, 70h, 42h, 80h, 50h, 96h, 1Ah
SE:00AE5871 db 54h, 56h, 20h, 0CAh, 94h, 3Eh, 7Ch
SE:00AE58B1 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE58B1
SE:00AE58B1 loc_AE58B1:                            ; CODE XREF: SE:00AE586Cp
SE:00AE58B1 jmp    loc_AE58FE
SE:00AE58B1 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE58B6 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE58B6 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 38h, 43h, 0E2h, 0FAh
SE:00AE58B6 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 0A4h, 0B6h, 90h, 29h
SE:00AE58B6 db 0FEh, 58h, 3Eh, 28h, 0EAh, 0CAh, 0C6h, 8Ch, 4, 0CCh, 0AEh, 0BAh, 0D4h
SE:00AE58B6 db 2 dup(0A0h), 8Eh, 8, 5Ch, 86h, 0F6h, 2, 40h, 86h, 0CEh, 0A0h, 18h, 68h
SE:00AE58FE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE58FE
SE:00AE58FE loc_AE58FE:                            ; CODE XREF: SE:loc_AE58B1j
SE:00AE58FE sub    esp, -4
SE:00AE5901 call loc_AE593A
SE:00AE5901 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5906 db 6Ah, 4Ah, 7Ah, 0C2h, 0CEh, 5Eh, 0E6h, 0D8h, 0B8h, 0E2h, 8Ah, 52h, 9Ah
SE:00AE5906 db 0FCh, 7Ch, 98h, 0F2h, 98h, 24h, 94h, 0, 5Ch, 2, 0B6h, 5Ah, 32h, 0B2h
SE:00AE5906 db 1Ch, 0A2h, 82h, 10h, 0DEh, 1Ah, 60h, 0Ch, 6, 0B8h, 22h, 2Ch, 50h, 0D0h
SE:00AE5906 db 0A6h, 1Ah, 24h, 6Eh, 0D0h, 0F8h, 0Eh, 0EAh, 0D0h, 4, 5Ch
SE:00AE593A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE593A
SE:00AE593A loc_AE593A:                            ; CODE XREF: SE:00AE5901p
SE:00AE593A pop    dword ptr [esp-4]
SE:00AE593E call loc_AE597D
SE:00AE593E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5943 db 62h, 2Ch, 0BAh, 0A0h, 12h, 0A4h, 0AEh, 0A4h, 0E6h, 8, 0EEh, 0DAh, 3Eh
SE:00AE5943 db 0C0h, 1Ch, 0A0h, 66h, 72h, 0DAh, 80h, 0Eh, 0C4h, 28h, 0BEh, 0E8h, 0E4h
SE:00AE5943 db 28h, 8, 66h, 0BEh, 92h, 62h, 0FAh, 28h, 90h, 4Ah, 32h, 0D2h, 4, 5Eh
SE:00AE5943 db 0B2h, 0CEh, 92h, 0Ch, 38h, 98h, 0CEh, 66h, 68h, 0B6h, 76h, 30h, 0E8h
SE:00AE5943 db 90h, 0B6h, 56h, 88h, 6Eh
SE:00AE597D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE597D
SE:00AE597D loc_AE597D:                            ; CODE XREF: SE:00AE593Ep
SE:00AE597D sub    esp, -4
SE:00AE5980 call loc_AE59B1
SE:00AE5980 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5985 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 5Dh, 3 dup(0), 0B9h, 6Eh
SE:00AE5985 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0BEh, 7Ah, 32h, 1Ah, 9Eh
SE:00AE5985 db 1Ah, 0FAh, 0BEh, 3Eh, 0BAh, 60h, 98h, 0C6h, 2, 0F4h, 18h, 0FCh, 0C0h
SE:00AE5985 db 0BEh
SE:00AE59B1 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE59B1
SE:00AE59B1 loc_AE59B1:                            ; CODE XREF: SE:00AE5980p
SE:00AE59B1 add    esp, 4
SE:00AE59B4 call loc_AE59C5
SE:00AE59B4 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE59B9 db 6, 0AEh, 26h, 14h, 6Eh, 0Eh, 0ECh, 78h, 88h, 28h, 2Ch, 0D4h
SE:00AE59C5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE59C5
SE:00AE59C5 loc_AE59C5:                            ; CODE XREF: SE:00AE59B4p
SE:00AE59C5 jmp    loc_AE59EA
SE:00AE59C5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE59CA db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 8Fh, 3 dup(0), 0B9h, 0A0h
SE:00AE59CA db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 5Ch, 0DEh, 78h, 12h, 3Eh
SE:00AE59CA db 0ACh, 32h
SE:00AE59EA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE59EA
SE:00AE59EA loc_AE59EA:                            ; CODE XREF: SE:loc_AE59C5j
SE:00AE59EA pop    dword ptr [esp-4]
SE:00AE59EE call $+5
SE:00AE59F3 pop    dword ptr [esp-4]
SE:00AE59F7 call loc_AE59FE
SE:00AE59F7 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE59FC db 8, 0FEh
SE:00AE59FE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE59FE
SE:00AE59FE loc_AE59FE:                            ; CODE XREF: SE:00AE59F7p
SE:00AE59FE pop    dword ptr [esp-4]
SE:00AE5A02 call loc_AE5A41
SE:00AE5A02 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5A07 db 9Ch, 53h, 51h, 0E8h, 4 dup(0), 8Bh, 1Ch, 24h, 83h, 0C3h, 25h, 33h, 0C9h
SE:00AE5A07 db 87h, 4Bh, 0FCh, 83h, 0F9h, 0, 74h, 6, 80h, 33h, 0ECh, 43h, 0E2h, 0FAh
SE:00AE5A07 db 83h, 0C4h, 4, 59h, 5Bh, 9Dh, 0E9h, 4, 3 dup(0), 0F6h, 0DDh, 0B0h, 61h
SE:00AE5A07 db 0FAh, 0C8h, 4, 56h, 0DCh, 0E4h, 0A4h, 8Eh, 10h, 92h, 9Ah, 0FEh, 1Ah
SE:00AE5A41 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5A41
SE:00AE5A41 loc_AE5A41:                            ; CODE XREF: SE:00AE5A02p
SE:00AE5A41 jmp    loc_AE5A7A
SE:00AE5A41 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5A46 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 0E3h, 3 dup(0), 0B9h, 0F4h
SE:00AE5A46 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 8Ch, 2Ch, 6Eh, 96h, 0FAh
SE:00AE5A46 db 0EAh, 0B2h, 16h, 5Ch, 0B6h, 0CAh, 0F0h, 44h, 0D6h, 0A8h, 4Ch, 0E6h
SE:00AE5A46 db 20h, 0BAh, 0AEh, 0D6h, 32h, 0EAh, 0B2h, 2, 10h, 7Ah
SE:00AE5A7A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5A7A
SE:00AE5A7A loc_AE5A7A:                            ; CODE XREF: SE:loc_AE5A41j
SE:00AE5A7A jmp    loc_AE5AAB
SE:00AE5A7A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5A7F db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 0ABh, 3 dup(0), 0B9h, 0BCh
SE:00AE5A7F db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0E2h, 0DAh, 0E0h, 12h, 10h
SE:00AE5A7F db 0AEh, 0B2h, 32h, 0E2h, 0AEh, 0FEh, 8Ch, 9Ah, 0B4h, 6Eh, 7Ch, 44h, 0F6h
SE:00AE5A7F db 3Ah
SE:00AE5AAB ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5AAB
SE:00AE5AAB loc_AE5AAB:                            ; CODE XREF: SE:loc_AE5A7Aj
SE:00AE5AAB lea    esp, [esp+4]
SE:00AE5AAF call loc_AE5AC2
SE:00AE5AAF ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5AB4 db 9Ch, 81h, 4, 24h, 46h, 91h, 7, 0CEh, 83h, 0ECh, 4, 0B2h, 36h, 76h
SE:00AE5AC2 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5AC2
SE:00AE5AC2 loc_AE5AC2:                            ; CODE XREF: SE:00AE5AAFp
SE:00AE5AC2 add    esp, 4
SE:00AE5AC5 call loc_AE5B12
SE:00AE5AC5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5ACA db 64h, 24h, 0B2h, 72h, 60h, 0E0h, 0BEh, 0F6h, 5Ch, 2, 0DCh, 62h, 0E8h
SE:00AE5ACA db 6Eh, 0A2h, 72h, 70h, 8Ch, 0BEh, 52h, 0F8h, 58h, 0AEh, 0D8h, 0FCh, 0Ah
SE:00AE5ACA db 98h, 54h, 0E6h, 0CAh, 76h, 3Eh, 0D6h, 86h, 6, 36h, 76h, 0ECh, 6Ah, 3Ch
SE:00AE5ACA db 7Ch, 0CCh, 5Eh, 0Eh, 20h, 0B4h, 34h, 0ECh, 0CEh, 0F6h, 0C6h, 0Ch, 0F8h
SE:00AE5ACA db 0E6h, 14h, 76h, 54h, 26h, 0AAh, 90h, 3Ah, 0FCh, 84h, 10h, 84h, 86h
SE:00AE5ACA db 0, 0CEh, 4Ah, 10h, 4Eh, 0E6h
SE:00AE5B12 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5B12
SE:00AE5B12 loc_AE5B12:                            ; CODE XREF: SE:00AE5AC5p
SE:00AE5B12 jmp    loc_AE5C3A
SE:00AE5B12 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5B17 db 81h, 6Ch, 24h, 4, 46h, 91h, 7, 0CEh, 83h, 0C4h, 4, 9Dh, 0ACh, 2, 0BEh
SE:00AE5B17 db 0EAh, 0A6h, 36h, 82h, 0B8h, 0B4h, 3Ah, 0E0h, 0Eh, 9Ch, 0E8h, 3Ch, 32h
SE:00AE5B17 db 8, 10h, 5Ch, 72h, 0BAh, 0B0h, 96h, 0E0h, 9Ch, 7Ah, 0C4h, 0D4h, 0C6h
SE:00AE5B17 db 98h, 0A0h, 34h, 60h, 0D6h, 0B8h, 0Eh, 0ECh, 64h, 0CAh, 0C8h, 12h, 30h
SE:00AE5B17 db 0E6h, 74h, 0BCh, 62h, 0B4h, 5Eh, 0F8h, 70h, 38h, 76h, 0E6h, 9Ah, 0D2h
SE:00AE5B17 db 0Eh, 0E0h, 0B8h, 60h, 2Ch
SE:00AE5B5F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5B5F
SE:00AE5B5F loc_AE5B5F:                            ; CODE XREF: SE:00AE5C00p
SE:00AE5B5F jmp    loc_AE5C05
SE:00AE5B5F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5B64 db 9Ch, 81h, 4, 24h, 46h, 91h, 7, 0CEh, 83h, 0ECh, 4, 0AAh
SE:00AE5B70 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5B70
SE:00AE5B70 loc_AE5B70:                            ; CODE XREF: SE:00AE5C26p
SE:00AE5B70 sub    esp, -4
SE:00AE5B73 call loc_AE5B90
SE:00AE5B73 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5B78 db 12h, 0A2h, 0D6h, 6Eh, 0F6h, 8, 1Ch, 0B4h, 2Eh, 20h, 0E6h, 0A0h, 98h
SE:00AE5B78 db 64h, 2Ch, 5Eh, 0D0h, 0CEh, 94h, 0B4h, 0A4h, 38h, 3Ch, 5Ch
SE:00AE5B90 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5B90
SE:00AE5B90 loc_AE5B90:                            ; CODE XREF: SE:00AE5B73p
SE:00AE5B90 jmp    loc_AE5BAE
SE:00AE5B90 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5B95 db 81h, 6Ch, 24h, 4, 46h, 91h, 7, 0CEh, 83h, 0C4h, 4, 9Dh
SE:00AE5BA1 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5BA1
SE:00AE5BA1 loc_AE5BA1:                            ; CODE XREF: SE:loc_AE5C2Bj
SE:00AE5BA1 lea    esp, [esp+4]
SE:00AE5BA5 call loc_AE5C30
SE:00AE5BA5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5BAA db 0A4h, 4Ch, 0C4h, 60h
SE:00AE5BAE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5BAE
SE:00AE5BAE loc_AE5BAE:                            ; CODE XREF: SE:loc_AE5B90j
SE:00AE5BAE lea    esp, [esp+4]
SE:00AE5BB2 call loc_AE5C2B
SE:00AE5BB2 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5BB7 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 79h, 3 dup(0), 0B9h, 8Ah
SE:00AE5BB7 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 72h, 16h, 0F0h, 0E4h, 4Ah
SE:00AE5BB7 db 3Eh, 16h, 30h, 0DCh, 4, 0E8h, 2Ah, 0C0h, 0A8h, 0A4h, 0DCh, 78h, 0F2h
SE:00AE5BB7 db 2 dup(0EEh), 0C4h, 7Eh, 0F0h, 2, 74h, 86h, 56h, 7Ah, 0ECh, 0D0h, 56h
SE:00AE5BB7 db 0BCh, 0C8h, 0A8h, 50h, 6Ch, 30h, 2Ah, 0ECh, 9Ah, 66h, 0Eh, 0, 9Eh, 0BCh
SE:00AE5BFD ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5BFD
SE:00AE5BFD loc_AE5BFD:                            ; CODE XREF: SE:00AE4CB1j
SE:00AE5BFD add    esp, 4
SE:00AE5C00 call loc_AE5B5F
SE:00AE5C05
SE:00AE5C05 loc_AE5C05:                            ; CODE XREF: SE:loc_AE5B5Fj
SE:00AE5C05 jmp    loc_AE5C22
SE:00AE5C05 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5C0A db 86h, 26h, 0CAh, 26h, 0D4h, 2Ah, 0E8h, 5Ah, 0B2h, 74h, 0F6h, 0ECh, 2
SE:00AE5C0A db 0F2h, 56h, 0A8h, 46h, 6Ch, 0F2h, 1Eh, 0B4h, 4, 1Ch, 90h
SE:00AE5C22 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5C22
SE:00AE5C22 loc_AE5C22:                            ; CODE XREF: SE:loc_AE5C05j
SE:00AE5C22 lea    esp, [esp+4]
SE:00AE5C26 call loc_AE5B70
SE:00AE5C2B
SE:00AE5C2B loc_AE5C2B:                            ; CODE XREF: SE:00AE5BB2p
SE:00AE5C2B jmp    loc_AE5BA1
SE:00AE5C30 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5C30
SE:00AE5C30 loc_AE5C30:                            ; CODE XREF: SE:00AE5BA5p
SE:00AE5C30 add    esp, 4
SE:00AE5C33 call loc_AE4D7A
SE:00AE5C33 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5C38 db 0FBh, 56h
SE:00AE5C3A ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE5C3A
SE:00AE5C3A loc_AE5C3A:                            ; CODE XREF: SE:loc_AE5B12j
SE:00AE5C3A sub    dword ptr [esp+4], 0CE079146h
SE:00AE5C42 add    esp, 4
SE:00AE5C45 popf
//check TF?
SE:00AE5C46 push 0AFD72D6Ah
SE:00AE5C4B add    dword ptr [esp], 50D70D52h
SE:00AE5C52 push large dword ptr fs:0
SE:00AE5C59 mov    large fs:0, esp
//set SEH handler? the ADDRESS is:00AE3ABC. So, set hardbreak point here and run.
SE:00AE5C60 pusha
SE:00AE5C61 int    3                            ; Trap to Debugger
//after above, it breaks at 00AE3ABC, and continue to do its work
//以下是SEH代码，具体分析还没想，希望有人能提醒，因为还不会躲过其中的检测，最终可能还是得自力更生
SE:00AE3ABC pushf
SE:00AE3ABD add    dword ptr [esp], 0CF1F9A66h
SE:00AE3AC4 sub    esp, 4
SE:00AE3AC7 sub    esp, 0FFFFFFFCh
SE:00AE3ACA call $+5
SE:00AE3ACF jmp    loc_AE3AFD
SE:00AE3ACF ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3AD4 db 9Ch, 81h, 4, 24h, 66h, 9Ah, 1Fh, 0CFh, 83h, 0ECh, 4, 7Eh, 1Ch, 54h
SE:00AE3AD4 db 26h, 0A6h, 0D1h, 4Bh, 56h, 45h, 78h, 4Fh, 2Ah, 0AFh, 0B1h, 0DCh, 0D5h
SE:00AE3AD4 db 0Fh, 0Bh, 15h, 0Ah, 28h, 7Bh, 5Fh, 0FBh, 0CBh, 59h, 0Eh, 82h, 0, 85h
SE:00AE3AFD ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3AFD
SE:00AE3AFD loc_AE3AFD:                            ; CODE XREF: SE:00AE3ACFj
SE:00AE3AFD jmp    loc_AE3B0B
SE:00AE3B02 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3B02
SE:00AE3B02 loc_AE3B02:                            ; CODE XREF: SE:00AE3B0Ep
SE:00AE3B02 lea    esp, [esp+4]
SE:00AE3B06 call loc_AE3B14
SE:00AE3B0B
SE:00AE3B0B loc_AE3B0B:                            ; CODE XREF: SE:loc_AE3AFDj
SE:00AE3B0B sub    esp, -4
SE:00AE3B0E call loc_AE3B02
SE:00AE3B0E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3B13 db  68h ; h
SE:00AE3B14 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3B14
SE:00AE3B14 loc_AE3B14:                            ; CODE XREF: SE:00AE3B06p
SE:00AE3B14 sub    dword ptr [esp+4], 0CF1F9A66h
SE:00AE3B1C add    esp, 4
SE:00AE3B1F popf
SE:00AE3B20 pushf
SE:00AE3B21 push ebx
SE:00AE3B22 push ecx
SE:00AE3B23 call $+5
SE:00AE3B28 mov    ebx, [esp]
SE:00AE3B2B add    ebx, 25h
SE:00AE3B2E xor    ecx, ecx
SE:00AE3B30 xchg ecx, [ebx-4]
SE:00AE3B33 cmp    ecx, 0
SE:00AE3B36 jz    short loc_AE3B3E
SE:00AE3B38
SE:00AE3B38 loc_AE3B38:                            ; CODE XREF: SE:00AE3B3Cj
SE:00AE3B38 xor    byte ptr [ebx], 63h
SE:00AE3B3B inc    ebx
SE:00AE3B3C loop loc_AE3B38
SE:00AE3B3E
SE:00AE3B3E loc_AE3B3E:                            ; CODE XREF: SE:00AE3B36j
SE:00AE3B3E add    esp, 4
SE:00AE3B41 pop    ecx
SE:00AE3B42 pop    ebx
SE:00AE3B43 popf
SE:00AE3B44 jmp    loc_AE3B4D
SE:00AE3B44 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3B49 db 4 dup(0)
SE:00AE3B4D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3B4D
SE:00AE3B4D loc_AE3B4D:                            ; CODE XREF: SE:00AE3B44j
SE:00AE3B4D pushf
SE:00AE3B4E add    dword ptr [esp], 5C4BD6F7h
SE:00AE3B55 sub    esp, 4
SE:00AE3B58 sub    esp, 0FFFFFFFCh
SE:00AE3B5B call loc_AE3B90
SE:00AE3B5B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3B60 db 60h, 9Ch, 0E8h, 4 dup(0), 5Fh, 81h, 0EFh, 8Fh, 3 dup(0), 0B9h, 0A0h
SE:00AE3B60 db 3 dup(0), 0B0h, 9Dh, 0F3h, 0AAh, 90h, 61h, 0C6h, 45h, 53h, 0FEh, 4Bh
SE:00AE3B60 db 41h, 89h, 0A9h, 74h
SE:00AE3B82 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3B82
SE:00AE3B82 loc_AE3B82:                            ; CODE XREF: SE:00AE3BE6j
SE:00AE3B82 cld
SE:00AE3B83
SE:00AE3B83 loc_AE3B83:                            ; CODE XREF: SE:00AE3B94p
SE:00AE3B83 sub    esp, 0FFFFFFFCh
SE:00AE3B86 call $+5
SE:00AE3B8B jmp    loc_AE3B99
SE:00AE3B90 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3B90
SE:00AE3B90 loc_AE3B90:                            ; CODE XREF: SE:00AE3B5Bp
SE:00AE3B90 lea    esp, [esp+4]
SE:00AE3B94 call loc_AE3B83
SE:00AE3B99
SE:00AE3B99 loc_AE3B99:                            ; CODE XREF: SE:00AE3B8Bj
SE:00AE3B99 pop    dword ptr [esp-4]
SE:00AE3B9D call loc_AE3BA5
SE:00AE3B9D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3BA2 db 0DAh, 0D7h, 33h
SE:00AE3BA5 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3BA5
SE:00AE3BA5 loc_AE3BA5:                            ; CODE XREF: SE:00AE3B9Dp
SE:00AE3BA5 sub    dword ptr [esp+4], 5C4BD6F7h
SE:00AE3BAD add    esp, 4
SE:00AE3BB0 popf
SE:00AE3BB1 pusha
SE:00AE3BB2 mov    eax, [ebp+8]
SE:00AE3BB5 mov    ecx, [ebp+10h]
SE:00AE3BB8 mov    esi, [eax]
SE:00AE3BBA mov    dword ptr [ecx+18h], 0
SE:00AE3BC1 sub    esi, 80000003h
SE:00AE3BC7 jo    short near ptr byte_AE3BF4
SE:00AE3BC9 mov    ebx, [ecx+0C1h]
SE:00AE3BCF and    ebx, 1
SE:00AE3BD2 cmp    esi, ebx
SE:00AE3BD4 ja    short near ptr byte_AE3BF4
SE:00AE3BD6 add    dword ptr [ecx+0B8h], 4
SE:00AE3BDD mov    eax, [ecx+0B8h]
SE:00AE3BE3 cmp    byte ptr [eax], 0CCh
SE:00AE3BE6 jz    loc_AE3B82
SE:00AE3BEC popa
SE:00AE3BED mov    eax, 0
SE:00AE3BF2 jmp    short loc_AE3BFA
SE:00AE3BF2 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3BF4 byte_AE3BF4 db 61h, 0B8h, 4 dup(0FFh) ; CODE XREF: SE:00AE3BC7j
SE:00AE3BF4                                        ; SE:00AE3BD4j
SE:00AE3BFA ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3BFA
SE:00AE3BFA loc_AE3BFA:                            ; CODE XREF: SE:00AE3BF2j
SE:00AE3BFA pushf
SE:00AE3BFB add    dword ptr [esp], 713BB86Dh
SE:00AE3C02 sub    esp, 4
SE:00AE3C05 lea    esp, [esp+4]
SE:00AE3C09 call loc_AE3C44
SE:00AE3C09 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3C0E db 81h, 6Ch, 24h, 4, 6Dh, 0B8h, 3Bh, 71h, 83h, 0C4h, 4, 9Dh, 55h, 0D7h
SE:00AE3C0E db 1Bh, 0A7h, 94h, 67h, 0F3h, 0F6h, 1Ch, 6Ah
SE:00AE3C24 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3C24
SE:00AE3C24 loc_AE3C24:                            ; CODE XREF: SE:00AE3C47p
SE:00AE3C24 lea    esp, [esp+4]
SE:00AE3C28 call loc_AE3C52
SE:00AE3C28 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3C2D db 81h, 6Ch, 24h, 4, 6Dh, 0B8h, 3Bh, 71h, 83h, 0C4h, 4, 9Dh, 62h, 11h
SE:00AE3C2D db 8Eh, 4Ch, 86h, 72h, 0FFh, 95h, 2Fh, 43h, 0C5h
SE:00AE3C44 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3C44
SE:00AE3C44 loc_AE3C44:                            ; CODE XREF: SE:00AE3C09p
SE:00AE3C44 add    esp, 4
SE:00AE3C47 call loc_AE3C24
SE:00AE3C47 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3C4C db 4Dh, 0F1h, 17h, 0FCh, 15h, 7Fh
SE:00AE3C52 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
SE:00AE3C52
SE:00AE3C52 loc_AE3C52:                            ; CODE XREF: SE:00AE3C28p
SE:00AE3C52 sub    dword ptr [esp+4], 713BB86Dh
SE:00AE3C5A add    esp, 4
SE:00AE3C5D popf
SE:00AE3C5E retn 10h

[课程]Linux pwn 探索篇！

收藏・2

免费・0

支持

最新回复 (10)
KooJiSung 雪币： 357 活跃值： (3118) 能力值： ( LV3，RANK：25 ) 在线值：发帖 8 回帖 682 粉丝 3 关注私信	KooJiSung 2 楼太猥琐了 2009-3-18 03:48 0
forgot 雪币： 6075 活跃值： (2236) 能力值： (RANK：1060 ) 在线值：发帖 155 回帖 3771 粉丝 15 关注私信	forgot 26 3 楼看起来没有空闲集分析，不如vmp猥琐啊 2009-3-18 05:16 0
海风月影雪币： 7309 活跃值： (3778) 能力值： (RANK：1130 ) 在线值：发帖 93 回帖 2308 粉丝 119 关注私信	海风月影 22 4 楼学习 2009-3-18 09:01 0
Nooby 雪币： 82 活跃值： (10) 能力值： (RANK：210 ) 在线值：发帖 44 回帖 629 粉丝 3 关注私信	Nooby 5 5 楼这一大段都是空跳,啥都不干,当中乱码全是水印. 2009-3-18 09:47 0
海风月影雪币： 7309 活跃值： (3778) 能力值： (RANK：1130 ) 在线值：发帖 93 回帖 2308 粉丝 119 关注私信	海风月影 22 6 楼 LS的胡萝卜快被偷光了，还不去管一管？ 2009-3-18 09:48 0
option 雪币： 8026 活跃值： (2511) 能力值： ( LV2，RANK：10 ) 在线值：发帖 39 回帖 712 粉丝 1 关注私信	option 7 楼全贴出来是想可能可以看出填充的数据的一些规律以及反反汇编的措施，再者是显示一下ida反汇编的优越之处。(我用的是ida pro 4.9 free) 2009-3-18 12:10 0
Nooby 雪币： 82 活跃值： (10) 能力值： (RANK：210 ) 在线值：发帖 44 回帖 629 粉丝 3 关注私信	Nooby 5 8 楼我自己都看不懂怎么checktrace,等楼下分析. 2009-3-19 17:13 0
aiie 雪币： 223 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 51 粉丝 0 关注私信	aiie 9 楼好久没看过，老版本的还看过下不知道哪里校验不好PATCH。 LS说的楼下泛指此楼下 2009-3-19 18:08 0
loveluck 雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 16 粉丝 0 关注私信	loveluck 10 楼空跳很好玩的_____________--------------------------____________________ 2009-3-21 13:26 0
tjszlqq 雪币： 1173 活跃值： (2031) 能力值： ( LV4，RANK：50 ) 在线值：发帖 46 回帖 876 粉丝 2 关注私信	tjszlqq 1 11 楼分析的不错啊，IDA真是强大，跳转太多了， 2009-3-21 13:39 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

option

发帖

712

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (10)
KooJiSung 雪币： 357 活跃值： (3118) 能力值： ( LV3，RANK：25 ) 在线值：发帖 8 回帖 682 粉丝 3 关注私信	KooJiSung 2 楼太猥琐了 2009-3-18 03:48 0
forgot 雪币： 6075 活跃值： (2236) 能力值： (RANK：1060 ) 在线值：发帖 155 回帖 3771 粉丝 15 关注私信	forgot 26 3 楼看起来没有空闲集分析，不如vmp猥琐啊 2009-3-18 05:16 0
海风月影雪币： 7309 活跃值： (3778) 能力值： (RANK：1130 ) 在线值：发帖 93 回帖 2308 粉丝 119 关注私信	海风月影 22 4 楼学习 2009-3-18 09:01 0
Nooby 雪币： 82 活跃值： (10) 能力值： (RANK：210 ) 在线值：发帖 44 回帖 629 粉丝 3 关注私信	Nooby 5 5 楼这一大段都是空跳,啥都不干,当中乱码全是水印. 2009-3-18 09:47 0
海风月影雪币： 7309 活跃值： (3778) 能力值： (RANK：1130 ) 在线值：发帖 93 回帖 2308 粉丝 119 关注私信	海风月影 22 6 楼 LS的胡萝卜快被偷光了，还不去管一管？ 2009-3-18 09:48 0
option 雪币： 8026 活跃值： (2511) 能力值： ( LV2，RANK：10 ) 在线值：发帖 39 回帖 712 粉丝 1 关注私信	option 7 楼全贴出来是想可能可以看出填充的数据的一些规律以及反反汇编的措施，再者是显示一下ida反汇编的优越之处。(我用的是ida pro 4.9 free) 2009-3-18 12:10 0
Nooby 雪币： 82 活跃值： (10) 能力值： (RANK：210 ) 在线值：发帖 44 回帖 629 粉丝 3 关注私信	Nooby 5 8 楼我自己都看不懂怎么checktrace,等楼下分析. 2009-3-19 17:13 0
aiie 雪币： 223 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 51 粉丝 0 关注私信	aiie 9 楼好久没看过，老版本的还看过下不知道哪里校验不好PATCH。 LS说的楼下泛指此楼下 2009-3-19 18:08 0
loveluck 雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 16 粉丝 0 关注私信	loveluck 10 楼空跳很好玩的_____________--------------------------____________________ 2009-3-21 13:26 0
tjszlqq 雪币： 1173 活跃值： (2031) 能力值： ( LV4，RANK：50 ) 在线值：发帖 46 回帖 876 粉丝 2 关注私信	tjszlqq 1 11 楼分析的不错啊，IDA真是强大，跳转太多了， 2009-3-21 13:39 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复