[求助]高手帮忙分析一下-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]高手帮忙分析一下 0.00雪花

发表于: 2009-10-16 18:10 2782

[旧帖] [求助]高手帮忙分析一下 0.00雪花

mrlif

2009-10-16 18:10

2782

00401000 /7F 58          jg short 大飞1016.0040105A
00401002 |1D 00620000    sbb eax,6200
00401007 |2000          and byte ptr ds:[eax],al
00401009 |002A          add byte ptr ds:[edx],ch
0040100B |A2 D988B267    mov byte ptr ds:[67B288D9],al
00401010 |98             cwde
00401011 |2996 3F081E44 sub dword ptr ds:[esi+441E083F],edx
00401017 |311C82       xor dword ptr ds:[edx+eax*4],ebx
0040101A |96             xchg eax,esi
0040101B |52             push edx
0040101C |52             push edx
0040101D |BB C1700ECA    mov ebx,CA0E70C1
00401022 |5C             pop esp
00401023 |B5 8D          mov ch,8D
00401025 |696C00 13 DD48D>imul ebp,dword ptr ds:[eax+eax+13],25DE48DD
0040102D |0D F68C35FD    or eax,FD358CF6
00401032 |E6 39          out 39,al
00401034 |9E             sahf
00401035 |2016          and byte ptr ds:[esi],dl
00401037 |1E             push ds
00401038 |8622          xchg byte ptr ds:[edx],ah
0040103A |02BCFC B80AC7E3 add bh,byte ptr ss:[esp+edi*8+E3C70AB8]
00401041 |D4 68          aam 68
00401043 |F5             cmc
00401044 |21FA          and edx,edi
00401046 |A3 34B164EA    mov dword ptr ds:[EA64B134],eax
0040104B |3D D13FCE93    cmp eax,93CE3FD1
00401050 |D7             xlat byte ptr ds:[ebx+al]
00401051 |6D             ins dword ptr es:[edi],dx
00401052  -|E0 81          loopdne short 大飞1016.00400FD5
00401054 |BE 218D6E0D    mov esi,0D6E8D21
00401059 |AC             lods byte ptr ds:[esi]
0040105A \CE             into
0040105B FF142F       call dword ptr ds:[edi+ebp]
0040105E A2 63059163    mov byte ptr ds:[63910563],al
00401063 65:55          push ebp
00401065 4F             dec edi
00401066 3A1E          cmp bl,byte ptr ds:[esi]
00401068 F9             stc
00401069 21B7 D9DF5E50 and dword ptr ds:[edi+505EDFD9],esi
0040106F 7A 33          jpe short 大飞1016.004010A4
00401071 2BA1 AA0DB5B3 sub esp,dword ptr ds:[ecx+B3B50DAA]
00401077 8B89 EEBF6CFD mov ecx,dword ptr ds:[ecx+FD6CBFEE]
0040107D A4             movs byte ptr es:[edi],byte ptr ds:[esi]
0040107E 97             xchg eax,edi
0040107F 40             inc eax
00401080 7A CE          jpe short 大飞1016.00401050
00401082 EC             in al,dx
00401083 51             push ecx
00401084 A7             cmps dword ptr ds:[esi],dword ptr es:[edi]
00401085 25 4D43080E    and eax,0E08434D
0040108A FFF5          push ebp
0040108C BA 6D26D816    mov edx,16D8266D
00401091 34 F5          xor al,0F5
00401093 F4             hlt
00401094 2965 1F       sub dword ptr ss:[ebp+1F],esp
00401097 B1 1B          mov cl,1B
00401099 F9             stc
0040109A 5E             pop esi
0040109B  ^ 79 B4          jns short 大飞1016.00401051
0040109D 54             push esp
0040109E DB91 D2D942EA fist dword ptr ds:[ecx+EA42D9D2]
004010A4 21AE B2C8DFFA and dword ptr ds:[esi+FADFC8B2],ebp
004010AA 180C08       sbb byte ptr ds:[eax+ecx],cl
004010AD FC             cld
004010AE 27             daa
004010AF A4             movs byte ptr es:[edi],byte ptr ds:[esi]
004010B0 AB             stos dword ptr es:[edi]
004010B1 D4 81          aam 81
004010B3 E5 DC          in eax,0DC
004010B5 33B9 739345A8 xor edi,dword ptr ds:[ecx+A8459373]
004010BB AC             lods byte ptr ds:[esi]
004010BC A1 5FA745FC    mov eax,dword ptr ds:[FC45A75F]
004010C1 75 62          jnz short 大飞1016.00401125
004010C3 AB             stos dword ptr es:[edi]
004010C4 B4 D1          mov ah,0D1
004010C6 6A 34          push 34
004010C8 FFAF 52498B19 jmp far fword ptr ds:[edi+198B4952]
004010CE A4             movs byte ptr es:[edi],byte ptr ds:[esi]
004010CF 90             nop
004010D0 CB             retf
004010D1 5D             pop ebp
004010D2  ^ 74 EA          je short 大飞1016.004010BE
004010D4 BF 4EFC7E1C    mov edi,1C7EFC4E
004010D9 3B8A 433EB30C cmp ecx,dword ptr ds:[edx+CB33E43]
004010DF 67:E7 2F       out 2F,eax
004010E2 BA FD5172E1    mov edx,E17251FD
004010E7 46             inc esi
004010E8  ^ 7D C7          jge short 大飞1016.004010B1
004010EA BD 14B4B849    mov ebp,49B8B414
004010EF AB             stos dword ptr es:[edi]
004010F0 A4             movs byte ptr es:[edi],byte ptr ds:[esi]
004010F1 AD             lods dword ptr ds:[esi]
004010F2 E0 16          loopdne short 大飞1016.0040110A
004010F4 1AE7          sbb ah,bh
004010F6 0A3CBE       or bh,byte ptr ds:[esi+edi*4]
004010F9 D7             xlat byte ptr ds:[ebx+al]
004010FA 34 E2          xor al,0E2
004010FC 0BCE          or ecx,esi
004010FE 2939          sub dword ptr ds:[ecx],edi
00401100 B8 35DCC464    mov eax,64C4DC35
00401105 2AD6          sub dl,dh
00401107 8F             ???                                        ; 未知命令
00401108 17             pop ss
00401109 49             dec ecx
0040110A 3151 D1       xor dword ptr ds:[ecx-2F],edx
0040110D 0A76 A0       or dh,byte ptr ds:[esi-60]
00401110 D0A9 6161101E shr byte ptr ds:[ecx+1E106161],1
00401116 BF 77EFC0A4    mov edi,A4C0EF77
0040111B A6             cmps byte ptr ds:[esi],byte ptr es:[edi]
0040111C BE 4D426969    mov esi,6969424D
00401121 71 26          jno short 大飞1016.00401149
00401123 1823          sbb byte ptr ds:[ebx],ah
00401125 90             nop
00401126 56             push esi
00401127 31D3          xor ebx,edx
00401129 61             popad
0040112A CA 2245       retf 4522
0040112D 68 172942F8    push F8422917
00401132 2E:4D          dec ebp
00401134 42             inc edx
00401135 02E0          add ah,al
00401137 D4 6D          aam 6D
00401139 68 E2D65825    push 2558D6E2
0040113E 0C BE          or al,0BE
00401140 BB C5A65405    mov ebx,554A6C5
00401145 9A DC1C009F 8D9>call far 968D:9F001CDC
0040114C F4             hlt
0040114D 61             popad
0040114E 38CE          cmp dh,cl
00401150 F3:          prefix rep:
00401151 3F             aas
00401152 D370 9B       sal dword ptr ds:[eax-65],cl
00401155 AB             stos dword ptr es:[edi]
00401156 7D 0C          jge short 大飞1016.00401164
00401158 03A3 743C1EDC add esp,dword ptr ds:[ebx+DC1E3C74]
0040115E A2 FC68D72D    mov byte ptr ds:[2DD768FC],al
00401163 6BBF D4C84DBE 9>imul edi,dword ptr ds:[edi+BE4DC8D4],-62
0040116A 41             inc ecx
0040116B FB             sti
0040116C A7             cmps dword ptr ds:[esi],dword ptr es:[edi]
0040116D  ^ E1 E6          loopde short 大飞1016.00401155
0040116F  ^ 71 E5          jno short 大飞1016.00401156
00401171 D7             xlat byte ptr ds:[ebx+al]
00401172 D6             salc
00401173 41             inc ecx
00401174 E1 7C          loopde short 大飞1016.004011F2
00401176 5F             pop edi
00401177 02B9 03B4B60E add bh,byte ptr ds:[ecx+EB6B403]
0040117D AB             stos dword ptr es:[edi]
0040117E A9 97832F74    test eax,742F8397
00401183 CD 77          int 77
00401185 4F             dec edi
00401186 2D 0A8D31A1    sub eax,A1318D0A
0040118B 44             inc esp
0040118C 95             xchg eax,ebp
0040118D 52             push edx
0040118E CE             into
0040118F D8A6 26D04D2A fsub dword ptr ds:[esi+2A4DD026]
00401195 53             push ebx
00401196 DE55 D5       ficom word ptr ss:[ebp-2B]
00401199 94             xchg eax,esp
0040119A 1032          adc byte ptr ds:[edx],dh
0040119C 8B72 20       mov esi,dword ptr ds:[edx+20]
0040119F 6B2F 74       imul ebp,dword ptr ds:[edi],74
004011A2  ^ E1 EC          loopde short 大飞1016.00401190
004011A4 04 E2          add al,0E2
004011A6 26:7B 44       jpo short 大飞1016.004011ED
004011A9 47             inc edi
004011AA AF             scas dword ptr es:[edi]
004011AB 14 0C          adc al,0C
004011AD 50             push eax
004011AE D9A0 716D4637 fldenv (28-byte) ptr ds:[eax+37466D71]
004011B4 7D 77          jge short 大飞1016.0040122D
004011B6 5E             pop esi
004011B7 96             xchg eax,esi
004011B8 0F31          rdtsc
004011BA 48             dec eax
004011BB 37             aaa
004011BC 3B13          cmp edx,dword ptr ds:[ebx]
004011BE DA26          fisub dword ptr ds:[esi]
004011C0 AB             stos dword ptr es:[edi]
004011C1 96             xchg eax,esi
004011C2 856C21 DF    test dword ptr ds:[ecx-21],ebp
004011C6 98             cwde
004011C7 AF             scas dword ptr es:[edi]
004011C8 A4             movs byte ptr es:[edi],byte ptr ds:[esi]
004011C9 4E             dec esi
004011CA 3841 BB       cmp byte ptr ds:[ecx-45],al
004011CD 8677 95       xchg byte ptr ds:[edi-6B],dh
004011D0 811C2E C487CC59 sbb dword ptr ds:[esi+ebp],59CC87C4
004011D7 C02C0D 417FD380>shr byte ptr ds:[ecx+80D37F41],0C0
004011DF 6915 D2357CA4 B>imul edx,dword ptr ds:[A47C35D2],D4AA3ABB
004011E9 0D 530CB8E6    or eax,E6B80C53
004011EE 1E             push ds
004011EF 91             xchg eax,ecx
004011F0 D27B 01       sar byte ptr ds:[ebx+1],cl
004011F3 BF BA2DD47A    mov edi,7AD42DBA
004011F8 51             push ecx
004011F9 C7C0 45F1F9C5 mov eax,C5F9F145
004011FF C9             leave
00401200 EC             in al,dx
00401201 D195 3B09DC6B rcl dword ptr ss:[ebp+6BDC093B],1
00401207 AA             stos byte ptr es:[edi]
00401208 0F24          ???                                        ; 未知命令
0040120A 94             xchg eax,esp
0040120B 3340 3B       xor eax,dword ptr ds:[eax+3B]
0040120E B9 9CF551FF    mov ecx,FF51F59C
00401213 5D             pop ebp
00401214 FB             sti
00401215 AE             scas byte ptr es:[edi]
00401216 FD             std
00401217 CC             int3
00401218 4E             dec esi
00401219 4E             dec esi
0040121A 6301          arpl word ptr ds:[ecx],ax
0040121C 90             nop
0040121D A6             cmps byte ptr ds:[esi],byte ptr es:[edi]
0040121E CC             int3
0040121F C2 5656       retn 5656
00401222 61             popad
00401223 1D 9EA4D369    sbb eax,69D3A49E
00401228 F0:04 D3       lock add al,0D3                            ; 不允许锁定前缀
0040122B E7 ED          out 0ED,eax
0040122D C9             leave
0040122E 832CAE 3F    sub dword ptr ds:[esi+ebp*4],3F
00401232 EE             out dx,al
00401233 A9 5A8D48E8    test eax,E8488D5A
00401238 12F8          adc bh,al
0040123A BA 39B344E6    mov edx,E644B339
0040123F  ^ 77 FC          ja short 大飞1016.0040123D
00401241 C0EB BC       shr bl,0BC
00401244 F3:          prefix rep:
00401245 3BCD          cmp ecx,ebp
00401247 300B          xor byte ptr ds:[ebx],cl
00401249 34 A9          xor al,0A9
0040124B 8529          test dword ptr ds:[ecx],ebp
0040124D 2943 35       sub dword ptr ds:[ebx+35],eax
00401250 70 38          jo short 大飞1016.0040128A
00401252 8F             ???                                        ; 未知命令
00401253 37             aaa
00401254 E7 BC          out 0BC,eax
00401256 D366 59       shl dword ptr ds:[esi+59],cl
00401259 A1 043E3BF3    mov eax,dword ptr ds:[F33B3E04]
0040125E 17             pop ss
0040125F A8 B0          test al,0B0
00401261 05 71CE9400    add eax,94CE71
00401266 DA78 A5       fidivr dword ptr ds:[eax-5B]
00401269 9E             sahf
0040126A 7A 73          jpe short 大飞1016.004012DF
0040126C E5 F1          in eax,0F1
0040126E 2E:14 70       adc al,70
00401271 1935 B36873AF sbb dword ptr ds:[AF7368B3],esi
00401277 42             inc edx
00401278 FC             cld
00401279 55             push ebp
0040127A 8108 0B273688 or dword ptr ds:[eax],8836270B
00401280 B9 E07C78C0    mov ecx,C0787CE0
00401285  - E9 5097014D    jmp 4D41A9DA
0040128A  ^ 7F 86          jg short 大飞1016.00401212
0040128C C4D0          les edx,eax                               ; 非法使用寄存器
0040128E 23FA          and edi,edx
00401290 EF             out dx,eax
00401291 4D             dec ebp
00401292 03C7          add eax,edi
00401294 33E3          xor esp,ebx
00401296 A0 AA1C9353    mov al,byte ptr ds:[53931CAA]
0040129B 25 67952D6D    and eax,6D2D9567
004012A0  ^ 78 DB          js short 大飞1016.0040127D
004012A2 E5 16          in eax,16
004012A4 9C             pushfd
004012A5 FC             cld
004012A6 9D             popfd
004012A7 B2 0E          mov dl,0E
004012A9 1C 53          sbb al,53
004012AB 8ED5          mov ss,bp
004012AD 031C6F       add ebx,dword ptr ds:[edi+ebp*2]
004012B0 00C9          add cl,cl
004012B2 E0 46          loopdne short 大飞1016.004012FA
004012B4 7E 0C          jle short 大飞1016.004012C2
004012B6 51             push ecx
004012B7 0E             push cs
004012B8 CA 5FE1       retf 0E15F
004012BB  ^ 75 A3          jnz short 大飞1016.00401260
004012BD C522          lds esp,fword ptr ds:[edx]
004012BF 9C             pushfd
004012C0 3D 8FD6E441    cmp eax,41E4D68F
004012C5 8207 FA       add byte ptr ds:[edi],-6
004012C8 A0 F328522B    mov al,byte ptr ds:[2B5228F3]
004012CD 49             dec ecx
004012CE 339B 15F87AA7 xor ebx,dword ptr ds:[ebx+A77AF815]
004012D4 75 55          jnz short 大飞1016.0040132B
004012D6 E7 45          out 45,eax
004012D8 391F          cmp dword ptr ds:[edi],ebx
004012DA 75 63          jnz short 大飞1016.0040133F
004012DC 7B 27          jpo short 大飞1016.00401305
004012DE 2BFC          sub edi,esp
004012E0 A0 7558E63D    mov al,byte ptr ds:[3DE65875]
004012E5 F3:          prefix rep:
004012E6 1E             push ds
004012E7 60             pushad
004012E8 8999 111AD626 mov dword ptr ds:[ecx+26D61A11],ebx
004012EE E1 40          loopde short 大飞1016.00401330
004012F0 06             push es
004012F1 CC             int3
004012F2 50             push eax
004012F3 DB             ???                                        ; 未知命令
004012F4 6281 BDABDCED bound eax,qword ptr ds:[ecx+EDDCABBD]
004012FA 4F             dec edi
004012FB F0:98          lock cwde                                  ; 不允许锁定前缀
004012FD 9F             lahf
004012FE E1 28          loopde short 大飞1016.00401328
00401300 F1             int1
00401301 9D             popfd
00401302 3932          cmp dword ptr ds:[edx],esi
00401304 3BCE          cmp ecx,esi
00401306 53             push ebx
00401307 ED             in eax,dx
00401308 F8             clc
00401309 1389 E51999FA adc ecx,dword ptr ds:[ecx+FA9919E5]
0040130F A6             cmps byte ptr ds:[esi],byte ptr es:[edi]
00401310 8AC5          mov al,ch
00401312 FE             ???                                        ; 未知命令
00401313 24 D6          and al,0D6
00401315 299C0C A09A08E1 sub dword ptr ss:[esp+ecx+E1089AA0],ebx
0040131C 8535 D12D064E test dword ptr ds:[4E062DD1],esi
00401322  ^ 72 C1          jb short 大飞1016.004012E5
00401324 97             xchg eax,edi
00401325 6A 92          push -6E
00401327 BC D4114AF6    mov esp,F64A11D4
0040132C 00A0 9F80BF49 add byte ptr ds:[eax+49BF809F],ah
00401332 D4 19          aam 19
00401334 60             pushad
00401335 AB             stos dword ptr es:[edi]
00401336 D2C8          ror al,cl
00401338 2F             das
00401339  ^ 77 95          ja short 大飞1016.004012D0
0040133B B3 46          mov bl,46
0040133D EF             out dx,eax
0040133E 57             push edi
0040133F 8EFC          mov seg?,sp                               ; 不明确的段位寄存器
00401341 85B7 A7D91BD5 test dword ptr ds:[edi+D51BD9A7],esi
00401347 AE             scas byte ptr es:[edi]
00401348 B3 B1          mov bl,0B1
0040134A BD 8E1CD485    mov ebp,85D41C8E
0040134F 9F             lahf
00401350 56             push esi
00401351 C48E 7CB59C3F les ecx,fword ptr ds:[esi+3F9CB57C]
00401357  ^ 76 C1          jbe short 大飞1016.0040131A
00401359 2C 4C          sub al,4C
0040135B 6218          bound ebx,qword ptr ds:[eax]
0040135D C3             retn
0040135E C9             leave
0040135F B8 5EC2D191    mov eax,91D1C25E
00401364 66:9C          pushfw
00401366 9F             lahf
00401367 87C2          xchg edx,eax
00401369 9F             lahf
0040136A 5E             pop esi
0040136B 76 7A          jbe short 大飞1016.004013E7
0040136D 4B             dec ebx
0040136E 13BF 4BC43F53 adc edi,dword ptr ds:[edi+533FC44B]
00401374 EF             out dx,eax
00401375 54             push esp
00401376 9C             pushfd
00401377 BD 9DB6FBA8    mov ebp,A8FBB69D
0040137C D957 95       fst dword ptr ds:[edi-6B]
0040137F C9             leave
00401380 4D             dec ebp
00401381 D32D 2A9CA704 shr dword ptr ds:[4A79C2A],cl
00401387 C7             ???                                        ; 未知命令
00401388 65:42          inc edx
0040138A 8D4B DF       lea ecx,dword ptr ds:[ebx-21]
0040138D 26:D2C5       rol ch,cl
00401390  ^ 72 D0          jb short 大飞1016.00401362
00401392 52             push edx
00401393  ^ 74 A8          je short 大飞1016.0040133D
00401395 77 1B          ja short 大飞1016.004013B2
00401397 0116          add dword ptr ds:[esi],edx
00401399 AD             lods dword ptr ds:[esi]
0040139A 0F1B          ???                                        ; 未知命令
0040139C 90             nop
0040139D 8E65 AD       mov fs,word ptr ss:[ebp-53]
004013A0 9E             sahf
004013A1  ^ E1 D3          loopde short 大飞1016.00401376
004013A3 68 6E784896    push 9648786E
004013A8 DCFD          fdiv st(5),st
004013AA B3 E6          mov bl,0E6
004013AC E5 10          in eax,10
004013AE 6F             outs dx,dword ptr es:[edi]
004013AF B4 B4          mov ah,0B4
004013B1 26:0C E9       or al,0E9
004013B4 0215 FC08483F add dl,byte ptr ds:[3F4808FC]
004013BA D2849F 5365D4F1 rol byte ptr ds:[edi+ebx*4+F1D46553],cl
004013C1 52             push edx
004013C2 70 15          jo short 大飞1016.004013D9
004013C4 0E             push cs
004013C5 B0 94          mov al,94
004013C7 B0 BE          mov al,0BE
004013C9 93             xchg eax,ebx
004013CA 29ED          sub ebp,ebp
004013CC 53             push ebx
004013CD 27             daa
004013CE 10A9 2141C360 adc byte ptr ds:[ecx+60C34121],ch
004013D4 50             push eax
004013D5 7A CB          jpe short 大飞1016.004013A2
004013D7 C6             ???                                        ; 未知命令
004013D8 19AF 4B0DFDBE sbb dword ptr ds:[edi+BEFD0D4B],ebp
004013DE  ^ 70 BB          jo short 大飞1016.0040139B
004013E0 BC 53C4C2A7    mov esp,A7C2C453
004013E5 53             push ebx
004013E6 64:A1 0CB1CB19  mov eax,dword ptr fs:[19CBB10C]
004013EC 4B             dec ebx
004013ED 73 11          jnb short 大飞1016.00401400
004013EF CE             into
004013F0 0898 8963CB83 or byte ptr ds:[eax+83CB6389],bl
004013F6 1D 1EB01682    sbb eax,8216B01E
004013FB 0F400CB7       cmovo ecx,dword ptr ds:[edi+esi*4]
004013FF 56             push esi
00401400 8F04BA       pop dword ptr ds:[edx+edi*4]
00401403 C4DF          les ebx,edi                               ; 非法使用寄存器
00401405 D5 4D          aad 4D
00401407 EB 54          jmp short 大飞1016.0040145D
00401409 3AF2          cmp dh,dl
0040140B FC             cld
0040140C 83B9 CD74F05E 5>cmp dword ptr ds:[ecx+5EF074CD],5D
00401413 2BDD          sub ebx,ebp
00401415 D4 8F          aam 8F
00401417 54             push esp
00401418 09D3          or ebx,edx
0040141A EF             out dx,eax
0040141B 03C6          add eax,esi
0040141D 3C 49          cmp al,49
0040141F  ^ 7E DE          jle short 大飞1016.004013FF
00401421 89E4          mov esp,esp
00401423 46             inc esi
00401424  ^ EB E1          jmp short 大飞1016.00401407
00401426 C9             leave
00401427 3919          cmp dword ptr ds:[ecx],ebx
00401429 F8             clc
0040142A 2D BCDE26E4    sub eax,E426DEBC
0040142F 2F             das
00401430 C431          les esi,fword ptr ds:[ecx]
00401432 AE             scas byte ptr es:[edi]
00401433 CD 26          int 26
00401435 51             push ecx
00401436 A4             movs byte ptr es:[edi],byte ptr ds:[esi]
00401437 2C CF          sub al,0CF
00401439 AE             scas byte ptr es:[edi]
0040143A 9C             pushfd
0040143B E5 54          in eax,54
0040143D 14 D8          adc al,0D8
0040143F 280B          sub byte ptr ds:[ebx],cl
00401441 D4 DC          aam 0DC
00401443 EC             in al,dx
00401444 03D0          add edx,eax
00401446 2BF3          sub esi,ebx
00401448 96             xchg eax,esi
00401449 7E 39          jle short 大飞1016.00401484
0040144B  ^ 7C E3          jl short 大飞1016.00401430
0040144D 16             push ss
0040144E 2E:F67D 8C    idiv byte ptr cs:[ebp-74]
00401452 06             push es
00401453 0A0F          or cl,byte ptr ds:[edi]
00401455 106481 F6    adc byte ptr ds:[ecx+eax*4-A],ah
00401459 1E             push ds
0040145A D5 3A          aad 3A
0040145C C6             ???                                        ; 未知命令
0040145D 53             push ebx
0040145E 15 774A6A87    adc eax,876A4A77
00401463 B7 73          mov bh,73
00401465 27             daa
00401466  ^ E3 ED          jecxz short 大飞1016.00401455
00401468 FD             std
00401469 002466       add byte ptr ds:[esi],ah
0040146C  ^ 74 F4          je short 大飞1016.00401462
0040146E E5 A2          in eax,0A2
00401470 34 D1          xor al,0D1
00401472 0BD5          or edx,ebp
00401474  ^ 7F DD          jg short 大飞1016.00401453
00401476 DA91 9D35F4E1 ficom dword ptr ds:[ecx+E1F4359D]
0040147C E8 E733970D    call 0DD74868
00401481 07             pop es
00401482 5D             pop ebp
00401483 CA E238       retf 38E2
00401486 CE             into
00401487 304D 7E       xor byte ptr ss:[ebp+7E],cl
0040148A 56             push esi
0040148B 5F             pop edi
0040148C 36:FF9F B3523C0>call far fword ptr ss:[edi+53C52B3]
00401493 BC B3BFBA8B    mov esp,8BBABFB3
00401498  ^ 7F A1          jg short 大飞1016.0040143B
0040149A 5B             pop ebx
0040149B 286F 97       sub byte ptr ds:[edi-69],ch
0040149E 83BA 53873604 F>cmp dword ptr ds:[edx+4368753],-4
004014A5 F6EA          imul dl
004014A7 BA BDBD1D59    mov edx,591DBDBD
004014AC D2C5          rol ch,cl
004014AE 86E3          xchg bl,ah
004014B0 E4 B4          in al,0B4
004014B2 10E3          adc bl,ah
004014B4 6B79 83 F0    imul edi,dword ptr ds:[ecx-7D],-10
004014B8 84FD          test ch,bh
004014BA 47             inc edi
004014BB CB             retf
004014BC FF82 BA969789 inc dword ptr ds:[edx+899796BA]
004014C2 76 29          jbe short 大飞1016.004014ED
004014C4 15 A18D8C03    adc eax,38C8DA1
004014C9 CF             iretd
004014CA 20D8          and al,bl
004014CC A0 9A480840    mov al,byte ptr ds:[4008489A]
004014D1 62CB          bound ecx,ebx                            ; 非法使用寄存器
004014D3 3E:14 2F       adc al,2F
004014D6 E4 B2          in al,0B2
004014D8  ^ 7C 99          jl short 大飞1016.00401473
004014DA 840CB4       test byte ptr ss:[esp+esi*4],cl
004014DD C139 1F       sar dword ptr ds:[ecx],1F
004014E0  - E9 C97F76C3    jmp C3B694AE
004014E5 64:290E       sub dword ptr fs:[esi],ecx
004014E8 9C             pushfd
004014E9 7E 5A          jle short 大飞1016.00401545
004014EB 90             nop
004014EC 76 02          jbe short 大飞1016.004014F0
004014EE C7             ???                                        ; 未知命令
004014EF 67:90          nop
004014F1 CA EBF1       retf 0F1EB
004014F4 6B01 73       imul eax,dword ptr ds:[ecx],73
004014F7 6981 F5718054 6>imul eax,dword ptr ds:[ecx+548071F5],CDAB00>
00401501 7D 76          jge short 大飞1016.00401579
00401503 07             pop es
00401504 B5 F5          mov ch,0F5
00401506 185B EE       sbb byte ptr ds:[ebx-12],bl
00401509 A8 24          test al,24
0040150B 6BF1 A8       imul esi,ecx,-58
0040150E 396A 7E       cmp dword ptr ds:[edx+7E],ebp
00401511 3F             aas
00401512 70 7A          jo short 大飞1016.0040158E
00401514  - E9 FEBC2738    jmp 3867D217
00401519 BE 75D9093D    mov esi,3D09D975
0040151E 96             xchg eax,esi
0040151F 46             inc esi
00401520 07             pop es
00401521 60             pushad
00401522 76 10          jbe short 大飞1016.00401534
00401524 C8 208C02    enter 8C20,2
00401528 84BA 398C7D5D test byte ptr ds:[edx+5D7D8C39],bh
0040152E AD             lods dword ptr ds:[esi]
0040152F C8 023CA9    enter 3C02,0A9
00401533 B9 17602CF2    mov ecx,F22C6017
00401538 8005 9CFFF67E 1>add byte ptr ds:[7EF6FF9C],1C
0040153F F9             stc
00401540 47             inc edi
00401541 0AF5          or dh,ch
00401543 BA 2787A814    mov edx,14A88727
00401548 C5FC          lds edi,esp                               ; 非法使用寄存器
0040154A EA 7463317D B5C>jmp far C9B5:7D316374
00401551 B6 EE          mov dh,0EE
00401553 54             push esp
00401554 5D             pop ebp
00401555 CB             retf
00401556 73 03          jnb short 大飞1016.0040155B
00401558 F3:          prefix rep:
00401559 BD B501C10B    mov ebp,0BC101B5
0040155E 8886 3CB4C154 mov byte ptr ds:[esi+54C1B43C],al
00401564 A3 260C0E13    mov dword ptr ds:[130E0C26],eax
00401569 CA A8A2       retf 0A2A8
0040156C 98             cwde
0040156D 67:0F23       ???                                        ; 未知命令
00401570 3A4A A0       cmp cl,byte ptr ds:[edx-60]
00401573 4C             dec esp
00401574 EC             in al,dx
00401575 DAAE 8F58F994 fisubr dword ptr ds:[esi+94F9588F]
0040157B 46             inc esi
0040157C 26:15 97FA2D3F  adc eax,3F2DFA97
00401582 5A             pop edx
00401583 8416          test byte ptr ds:[esi],dl
00401585 6906 14407E06 imul eax,dword ptr ds:[esi],67E4014
0040158B 55             push ebp
0040158C 223B          and bh,byte ptr ds:[ebx]
0040158E AD             lods dword ptr ds:[esi]
0040158F AF             scas dword ptr es:[edi]
00401590 ED             in eax,dx
00401591 6A 50          push 50
00401593 6E             outs dx,byte ptr es:[edi]
00401594 BC 83A14A11    mov esp,114AA183
00401599 9D             popfd
0040159A 67:78 DA       js short 大飞1016.00401577
0040159D A8 5F          test al,5F
0040159F 801D FD02FF02 B>sbb byte ptr ds:[2FF02FD],0B6
004015A6 58             pop eax
004015A7 3085 9CDFD779 xor byte ptr ss:[ebp+79D7DF9C],al
004015AD 57             push edi
004015AE F5             cmc
004015AF 27             daa
004015B0 EF             out dx,eax
004015B1 DFDD          fistp ebp                                  ; 非法使用寄存器
004015B3 7C 5B          jl short 大飞1016.00401610
004015B5 76 5D          jbe short 大飞1016.00401614
004015B7 BA 22D79A75    mov edx,759AD722
004015BC 64:07          pop es
004015BE 77 45          ja short 大飞1016.00401605
004015C0 2B5F 2D       sub ebx,dword ptr ds:[edi+2D]
004015C3 D5 C7          aad 0C7
004015C5 C0F5 1E       sal ch,1E
004015C8 0A17          or dl,byte ptr ds:[edi]
004015CA 2A5A C4       sub bl,byte ptr ds:[edx-3C]
004015CD CB             retf
004015CE E7 54          out 54,eax
004015D0 5C             pop esp
004015D1 1110          adc dword ptr ds:[eax],edx
004015D3 4A             dec edx
004015D4 29E0          sub eax,esp
004015D6 CD CB          int 0CB
004015D8 28CC          sub ah,cl
004015DA E8 C2F888EE    call EEC90EA1
004015DF AE             scas byte ptr es:[edi]
004015E0 F9             stc
004015E1  ^ 78 C7          js short 大飞1016.004015AA
004015E3 52             push edx
004015E4 5D             pop ebp
004015E5 9A 8A27C418 E42>call far 2EE4:18C4278A
004015EC 62EC          bound ebp,esp                            ; 非法使用寄存器
004015EE 99             cdq
004015EF 0207          add al,byte ptr ds:[edi]
004015F1 886C4C 2A    mov byte ptr ss:[esp+ecx*2+2A],ch
004015F5 FC             cld
004015F6 23E3          and esp,ebx
004015F8 40             inc eax
004015F9 80A451 1729EC44>and byte ptr ds:[ecx+edx*2+44EC2917],1B
00401601 DEA2 8A6506DF fisub word ptr ds:[edx+DF06658A]
00401607 D4 27          aam 27
00401609 B3 33          mov bl,33
0040160B CF             iretd
0040160C B5 02          mov ch,2
0040160E F8             clc
0040160F 325F EE       xor bl,byte ptr ds:[edi-12]
00401612 9B             wait
00401613 1179 8B       adc dword ptr ds:[ecx-75],edi
00401616 636E EA       arpl word ptr ds:[esi-16],bp
00401619 54             push esp
0040161A  ^ 76 FD          jbe short 大飞1016.00401619
0040161C 95             xchg eax,ebp
0040161D 17             pop ss
0040161E 45             inc ebp
0040161F 0B16          or edx,dword ptr ds:[esi]
00401621 4C             dec esp
00401622 2C 84          sub al,84
00401624 DD27          frstor (108-byte) ptr ds:[edi]
00401626 239CB2 DA7B420C and ebx,dword ptr ds:[edx+esi*4+C427BDA]
0040162D FEC2          inc dl
0040162F A9 E4D39DD6    test eax,D69DD3E4
00401634 7E 1A          jle short 大飞1016.00401650
00401636  ^ 74 A9          je short 大飞1016.004015E1
00401638 96             xchg eax,esi
00401639 D6             salc
0040163A 23BA BA75E5A3 and edi,dword ptr ds:[edx+A3E575BA]
00401640 AE             scas byte ptr es:[edi]
00401641 B8 0EE95770    mov eax,7057E90E
00401646  ^ 73 88          jnb short 大飞1016.004015D0
00401648  ^ 78 B6          js short 大飞1016.00401600
0040164A C2 F325       retn 25F3
0040164D 9A 96981151 C62>call far 2EC6:51119896
00401654 81F7 D3AFEAFE xor edi,FEEAAFD3
0040165A 3B43 69       cmp eax,dword ptr ds:[ebx+69]
0040165D 8F             ???                                        ; 未知命令
0040165E E7 95          out 95,eax
00401660 6F             outs dx,dword ptr es:[edi]
00401661 D10C4D 0B4BC5DB ror dword ptr ds:[ecx*2+DBC54B0B],1
00401668 E4 19          in al,19
0040166A 1F             pop ds
0040166B 35 5404E6D7    xor eax,D7E60454
00401670 A7             cmps dword ptr ds:[esi],dword ptr es:[edi]
00401671 C453 E0       les edx,fword ptr ds:[ebx-20]
00401674 F61C52       neg byte ptr ds:[edx+edx*2]
00401677 00C9          add cl,cl
00401679 C2 1B7D       retn 7D1B
0040167C DEA8 08158F2C fisubr word ptr ds:[eax+2C8F1508]
00401682 4D             dec ebp
00401683 41             inc ecx
00401684 DDDC          fstp st(4)
00401686 C5A9 9D123537 lds ebp,fword ptr ds:[ecx+3735129D]
0040168C 873F          xchg dword ptr ds:[edi],edi
0040168E 032E          add ebp,dword ptr ds:[esi]
00401690 44             inc esp
00401691  ^ 72 86          jb short 大飞1016.00401619
00401693 B5 CB          mov ch,0CB
00401695 F2:          prefix repne:
00401696 0C 9F          or al,9F
00401698 EC             in al,dx
00401699 CE             into
0040169A 9F             lahf
0040169B F0:9C          lock pushfd                               ; 不允许锁定前缀
0040169D 7C 5E          jl short 大飞1016.004016FD
0040169F 17             pop ss
004016A0 67:DF68 79    fild qword ptr ds:[bx+si+79]
004016A4 17             pop ss
004016A5 93             xchg eax,ebx
004016A6 0FC1EF       xadd edi,ebp
004016A9 B5 B8          mov ch,0B8
004016AB 6A A0          push -60
004016AD 8A7F 1E       mov bh,byte ptr ds:[edi+1E]
004016B0 87BE B572A441 xchg dword ptr ds:[esi+41A472B5],edi
004016B6 B5 0B          mov ch,0B
004016B8 C7C6 12190B65 mov esi,650B1912
004016BE 99             cdq
004016BF 7B C8          jpo short 大飞1016.00401689
004016C1 05 37254DD5    add eax,D54D2537
004016C6  ^ 74 A6          je short 大飞1016.0040166E
004016C8 45             inc ebp
004016C9 FA             cli
004016CA DC8B 6D2FA93C fmul qword ptr ds:[ebx+3CA92F6D]
004016D0 78 7B          js short 大飞1016.0040174D
004016D2 B7 3D          mov bh,3D
004016D4 66:114B 41    adc word ptr ds:[ebx+41],cx
004016D8 54             push esp
004016D9 297B 12       sub dword ptr ds:[ebx+12],edi
004016DC E8 47E03687    call 8776F728
004016E1 98             cwde
004016E2 9D             popfd
004016E3 34 EE          xor al,0EE
004016E5 C2 E50A       retn 0AE5
004016E8 F6A7 55AD61BF mul byte ptr ds:[edi+BF61AD55]
004016EE 13E8          adc ebp,eax
004016F0 BA 220E1D70    mov edx,701D0E22
004016F5 26:0052 EC    add byte ptr es:[edx-14],dl
004016F9 DEE3          fsubrp st(3),st
004016FB 234E 08       and ecx,dword ptr ds:[esi+8]
004016FE C2 4E56       retn 564E
00401701 F2:          prefix repne:
00401702 08BB E523EF27 or byte ptr ds:[ebx+27EF23E5],bh
00401708 40             inc eax
00401709 59             pop ecx
0040170A 66:4C          dec sp
0040170C 26:F5          cmc
0040170E 44             inc esp
0040170F 40             inc eax
00401710 A2 EBC16319    mov byte ptr ds:[1963C1EB],al
00401715 73 20          jnb short 大飞1016.00401737
00401717 65:BB 9195C472  mov ebx,72C49591
0040171D BA 5EDB478F    mov edx,8F47DB5E
00401722 45             inc ebp
00401723 D29F 0CF2F6D7 rcr byte ptr ds:[edi+D7F6F20C],cl
00401729 1F             pop ds
0040172A F8             clc
0040172B 26:6E          outs dx,byte ptr es:[edi]
0040172D 8F             ???                                        ; 未知命令
0040172E E5 E1          in eax,0E1
00401730 B0 B6          mov al,0B6
00401732 2F             das
00401733 12ACD4 BE547ACD adc ch,byte ptr ss:[esp+edx*8+CD7A54BE]
0040173A 9C             pushfd
0040173B F1             int1
0040173C 56             push esi
0040173D 8570 40       test dword ptr ds:[eax+40],esi
00401740 DD31          fsave (108-byte) ptr ds:[ecx]
00401742 0C 70          or al,70
00401744 0365 3F       add esp,dword ptr ss:[ebp+3F]
00401747 CF             iretd
00401748 12847C 6707ABB3 adc al,byte ptr ss:[esp+edi*2+B3AB0767]
0040174F F3:65:       prefix rep:
00401751 0FB1F1       cmpxchg ecx,esi
00401754 CD 02          int 2
00401756 D7             xlat byte ptr ds:[ebx+al]
00401757 C7             ???                                        ; 未知命令
00401758 FC             cld
00401759 F5             cmc
0040175A C9             leave
0040175B 96             xchg eax,esi
0040175C B4 85          mov ah,85
0040175E 7B DE          jpo short 大飞1016.0040173E
00401760 76 09          jbe short 大飞1016.0040176B
00401762 68 0DE4787D    push 7D78E40D
00401767 862F          xchg byte ptr ds:[edi],ch
00401769 A5             movs dword ptr es:[edi],dword ptr ds:[esi]
0040176A B0 9B          mov al,9B
0040176C 35 12B6AB1A    xor eax,1AABB612
00401771 CC             int3
00401772 66:36:52       push dx
00401775 4F             dec edi
00401776 A7             cmps dword ptr ds:[esi],dword ptr es:[edi]
00401777 FD             std
00401778 F6D6          not dh
0040177A CB             retf
0040177B B9 E05A0BA2    mov ecx,A20B5AE0
00401780 57             push edi
00401781 26:D5 67       aad 67
00401784 D111          rcl dword ptr ds:[ecx],1
00401786 BB 26A86C83    mov ebx,836CA826
0040178B A8 40          test al,40
0040178D CE             into
0040178E 36:E3 8F       jecxz short 大飞1016.00401720
00401791 C2 50B0       retn 0B050
00401794 B1 38          mov cl,38
00401796 4B             dec ebx
00401797 FF92 E548E67C call dword ptr ds:[edx+7CE648E5]
0040179D B5 40          mov ch,40
0040179F 895E 30       mov dword ptr ds:[esi+30],ebx
004017A2 C028 4F       shr byte ptr ds:[eax],4F
004017A5 3BE9          cmp ebp,ecx
004017A7 DCB43F DE37D498 fdiv qword ptr ds:[edi+edi+98D437DE]
004017AE 7F 0D          jg short 大飞1016.004017BD
004017B0 ED             in eax,dx
004017B1 3F             aas
004017B2 68 89A26772    push 7267A289
004017B7 A4             movs byte ptr es:[edi],byte ptr ds:[esi]
004017B8 1978 71       sbb dword ptr ds:[eax+71],edi
004017BB 49             dec ecx
004017BC BE 646D05EC    mov esi,EC056D64
004017C1 6F             outs dx,dword ptr es:[edi]
004017C2 17             pop ss
004017C3 6A 71          push 71
004017C5 92             xchg eax,edx
004017C6 FE             ???                                        ; 未知命令
004017C7 A9 0A3DDBF4    test eax,F4DB3D0A
004017CC FB             sti
004017CD A1 9694E466    mov eax,dword ptr ds:[66E49496]
004017D2 B6 51          mov dh,51
004017D4 94             xchg eax,esp
004017D5 C2 D09F       retn 9FD0
004017D8 D960 27       fldenv (28-byte) ptr ds:[eax+27]
004017DB CC             int3
004017DC 1F             pop ds
004017DD 06             push es
004017DE  ^ E1 AD          loopde short 大飞1016.0040178D
004017E0 FF9F DE21FDC4 call far fword ptr ds:[edi+C4FD21DE]
004017E6 1F             pop ds
004017E7 11A6 B180CA45 adc dword ptr ds:[esi+45CA80B1],esp
004017ED 92             xchg eax,edx
004017EE A5             movs dword ptr es:[edi],dword ptr ds:[esi]
004017EF 89F0          mov eax,esi
004017F1 76 47          jbe short 大飞1016.0040183A
004017F3 BB 858FA3C0    mov ebx,C0A38F85
004017F8  ^ 72 9A          jb short 大飞1016.00401794
004017FA 4F             dec edi
004017FB 3D 319C5520    cmp eax,20559C31
00401800 90             nop
00401801 94             xchg eax,esp
00401802 8D73 F5       lea esi,dword ptr ds:[ebx-B]
00401805 77 68          ja short 大飞1016.0040186F
00401807 F9             stc
00401808 D5 99          aad 99
0040180A 94             xchg eax,esp
0040180B  ^ 71 AA          jno short 大飞1016.004017B7
0040180D C18D E20A99AA 0>ror dword ptr ss:[ebp+AA990AE2],0B
00401814 38CF          cmp bh,cl
00401816 A6             cmps byte ptr ds:[esi],byte ptr es:[edi]
00401817 AA             stos byte ptr es:[edi]
00401818  ^ 7C BA          jl short 大飞1016.004017D4
0040181A C12D E56D4B1A B>shr dword ptr ds:[1A4B6DE5],0B2
00401821 D36CEB 4A    shr dword ptr ds:[ebx+ebp*8+4A],cl
00401825 D6             salc
00401826 9F             lahf
00401827 0C 12          or al,12
00401829 73 09          jnb short 大飞1016.00401834
0040182B 37             aaa
0040182C  ^ E0 A9          loopdne short 大飞1016.004017D7
0040182E 75 6F          jnz short 大飞1016.0040189F
00401830 624440 47    bound eax,qword ptr ds:[eax+eax*2+47]
00401834 56             push esi
00401835 6B62 5B C0    imul esp,dword ptr ds:[edx+5B],-40
00401839 34 E4          xor al,0E4
0040183B FC             cld
0040183C 29FC          sub esp,edi
0040183E B3 8F          mov bl,8F
00401840 8D28          lea ebp,dword ptr ds:[eax]
00401842 FC             cld
00401843 13D8          adc ebx,eax
00401845 1B5D 36       sbb ebx,dword ptr ss:[ebp+36]
00401848 4B             dec ebx
00401849 18AB AE1539EC sbb byte ptr ds:[ebx+EC3915AE],ch
0040184F 01B7 262BD102 add dword ptr ds:[edi+2D12B26],esi
00401855 C14D 16 29    ror dword ptr ss:[ebp+16],29
00401859 03149B       add edx,dword ptr ds:[ebx+ebx*4]
0040185C 1F             pop ds
0040185D 3A07          cmp al,byte ptr ds:[edi]
0040185F A7             cmps dword ptr ds:[esi],dword ptr es:[edi]
00401860 9C             pushfd
00401861 B8 DB9FC2DC    mov eax,DCC29FDB
00401866 A6             cmps byte ptr ds:[esi],byte ptr es:[edi]
00401867 E0 5B          loopdne short 大飞1016.004018C4
00401869 8DB7 033229EE lea esi,dword ptr ds:[edi+EE293203]
0040186F 1976 96       sbb dword ptr ds:[esi-6A],esi
00401872 F8             clc
00401873 56             push esi
00401874 A8 C5          test al,0C5
00401876 ED             in eax,dx
00401877 71 2E          jno short 大飞1016.004018A7
00401879 18F9          sbb cl,bh
0040187B D6             salc
0040187C 3E:5F          pop edi
0040187E 9C             pushfd
0040187F 03C0          add eax,eax
00401881 2D 8B437CC4    sub eax,C47C438B
00401886  ^ 78 AA          js short 大飞1016.00401832
00401888  ^ E0 8B          loopdne short 大飞1016.00401815
0040188A C602 CF       mov byte ptr ds:[edx],0CF
0040188D 3135 919832C0 xor dword ptr ds:[C0329891],esi
00401893 DC85 BFE01AB4 fadd qword ptr ss:[ebp+B41AE0BF]
00401899 9D             popfd
0040189A B2 0A          mov dl,0A
0040189C 41             inc ecx
0040189D F3:          prefix rep:
0040189E 16             push ss
0040189F 4D             dec ebp
004018A0 42             inc edx
004018A1 D6             salc
004018A2 5A             pop edx
004018A3 305C31 20    xor byte ptr ds:[ecx+esi+20],bl
004018A7 A9 6244FC54    test eax,54FC4462
004018AC 4A             dec edx
004018AD 67:4F          dec edi
004018AF 6365 EE       arpl word ptr ss:[ebp-12],sp
004018B2 C3             retn
004018B3 C3             retn
004018B4 9B             wait
004018B5 D3B9 D525A211 sar dword ptr ds:[ecx+11A225D5],cl
004018BB 3E:6C          ins byte ptr es:[edi],dx
004018BD FC             cld
004018BE 6F             outs dx,dword ptr es:[edi]
004018BF 620B          bound ecx,qword ptr ds:[ebx]
004018C1 1F             pop ds
004018C2 F3:          prefix rep:
004018C3 1D D4D07C76    sbb eax,767CD0D4
004018C8 51             push ecx
004018C9 1C 0F          sbb al,0F
004018CB 92             xchg eax,edx
004018CC 05 E8151B81    add eax,811B15E8
004018D1 BD 0DAE9218    mov ebp,1892AE0D
004018D6 EA 379995BF 8D4>jmp far 498D:BF959937
004018DD DFF3          fcomip st,st(3)
004018DF 1C 1C          sbb al,1C
004018E1 54             push esp
004018E2 57             push edi
004018E3 F5             cmc
004018E4  ^ E2 FB          loopd short 大飞1016.004018E1
004018E6 2C B6          sub al,0B6
004018E8 D2C0          rol al,cl
004018EA 1262 3C       adc ah,byte ptr ds:[edx+3C]
004018ED D6             salc
004018EE C2 8E98       retn 988E
004018F1 68 FFF5F14E    push 4EF1F5FF
004018F6 42             inc edx
004018F7 FC             cld
004018F8 BE DDA985FB    mov esi,FB85A9DD
004018FD 60             pushad
004018FE 3F             aas
004018FF 65:D993 9A3B8ED>fst dword ptr gs:[ebx+DF8E3B9A]
00401906 2A0F          sub cl,byte ptr ds:[edi]
00401908 EB 13          jmp short 大飞1016.0040191D
0040190A DBBE DE00D266 fstp tbyte ptr ds:[esi+66D200DE]
00401910 58             pop eax
00401911 C40D 7E941B75 les ecx,fword ptr ds:[751B947E]
00401917 C2 2F8A       retn 8A2F
0040191A C9             leave
0040191B 17             pop ss
0040191C 3B31          cmp esi,dword ptr ds:[ecx]
0040191E 2370 1A       and esi,dword ptr ds:[eax+1A]
00401921 5A             pop edx
00401922  ^ 78 9A          js short 大飞1016.004018BE
00401924 A2 2CD1AB80    mov byte ptr ds:[80ABD12C],al
00401929 41             inc ecx
0040192A AD             lods dword ptr ds:[esi]
0040192B FD             std
0040192C 11F6          adc esi,esi
0040192E F0:07          lock pop es                               ; 不允许锁定前缀
00401930 1D 16A6162A    sbb eax,2A16A616
00401935 10C1          adc cl,al
00401937 2BE9          sub ebp,ecx
00401939 87E7          xchg edi,esp
0040193B D6             salc
0040193C 9D             popfd
0040193D C3             retn
0040193E FD             std
0040193F  ^ E1 D0          loopde short 大飞1016.00401911
00401941 D1CB          ror ebx,1
00401943 55             push ebp
00401944 2218          and bl,byte ptr ds:[eax]
00401946 122E          adc ch,byte ptr ds:[esi]
00401948 C9             leave
00401949 97             xchg eax,edi
0040194A 0038          add byte ptr ds:[eax],bh
0040194C 90             nop
0040194D 48             dec eax
0040194E 1BD6          sbb edx,esi
00401950 45             inc ebp
00401951 AD             lods dword ptr ds:[esi]
00401952 6D             ins dword ptr es:[edi],dx
00401953 9A 8F9A3571 2BC>call far CE2B:71359A8F
0040195A AE             scas byte ptr es:[edi]
0040195B 3A5A 87       cmp bl,byte ptr ds:[edx-79]
0040195E  ^ EB BC          jmp short 大飞1016.0040191C
00401960 C43E          les edi,fword ptr ds:[esi]
00401962 B0 F0          mov al,0F0
00401964 07             pop es
00401965 3BF1          cmp esi,ecx
00401967 D865 DF       fsub dword ptr ss:[ebp-21]
0040196A  ^ 76 EC          jbe short 大飞1016.00401958
0040196C A0 2967740C    mov al,byte ptr ds:[C746729]
00401971 DE72 4A       fidiv word ptr ds:[edx+4A]
00401974 B5 A3          mov ch,0A3
00401976 0B65 25       or esp,dword ptr ss:[ebp+25]
00401979 A7             cmps dword ptr ds:[esi],dword ptr es:[edi]
0040197A 20CA          and dl,cl
0040197C 2B35 A439238B sub esi,dword ptr ds:[8B2339A4]
00401982 F6B2 BA2A412B div byte ptr ds:[edx+2B412ABA]
00401988 F1             int1
00401989 F66D 30       imul byte ptr ss:[ebp+30]
0040198C B0 D0          mov al,0D0
0040198E 7E 5A          jle short 大飞1016.004019EA
00401990 D93B          fstcw word ptr ds:[ebx]
00401992  ^ 7F 97          jg short 大飞1016.0040192B
00401994 F781 562DCDE5 1>test dword ptr ds:[ecx+E5CD2D56],CD9FA811
0040199E 1B8E 563FFEF9 sbb ecx,dword ptr ds:[esi+F9FE3F56]
004019A4 4B             dec ebx
004019A5 26:35 61315C19  xor eax,195C3161
004019AB 1E             push ds
004019AC  ^ 7E E6          jle short 大飞1016.00401994
004019AE 0C C6          or al,0C6
004019B0 6A 70          push 70
004019B2 6A 92          push -6E
004019B4  ^ E1 C6          loopde short 大飞1016.0040197C
004019B6 41             inc ecx
004019B7 9D             popfd
004019B8 B2 A1          mov dl,0A1
004019BA 193CCB       sbb dword ptr ds:[ebx+ecx*8],edi
004019BD B1 BC          mov cl,0BC
004019BF B0 D1          mov al,0D1
004019C1 DD             ???                                        ; 未知命令
004019C2 2982 5CE57BB6 sub dword ptr ds:[edx+B67BE55C],eax
004019C8 59             pop ecx
004019C9 3198 CEC6516E xor dword ptr ds:[eax+6E51C6CE],ebx
004019CF FE             ???                                        ; 未知命令
004019D0 DA048B       fiadd dword ptr ds:[ebx+ecx*4]
004019D3 A0 98E11D1E    mov al,byte ptr ds:[1E1DE198]
004019D8 48             dec eax
004019D9 25 92341444    and eax,44143492
004019DE 8775 F3       xchg dword ptr ss:[ebp-D],esi
004019E1 8D2D 1246B122 lea ebp,dword ptr ds:[22B14612]
004019E7 4A             dec edx
004019E8 57             push edi
004019E9 99             cdq
004019EA DAC8          fcmove st,st
004019EC 97             xchg eax,edi
004019ED F8             clc
004019EE  - E9 5F0DE5F2    jmp F3252752
004019F3 00CE          add dh,cl
004019F5 67:9C          pushfd
004019F7 8943 FD       mov dword ptr ds:[ebx-3],eax
004019FA 93             xchg eax,ebx
004019FB 06             push es
004019FC 6A CE          push -32
004019FE 47             inc edi
004019FF 6A C1          push -3F
00401A01 7E 78          jle short 大飞1016.00401A7B
00401A03 88F7          mov bh,dh
00401A05 AA             stos byte ptr es:[edi]
00401A06 96             xchg eax,esi
00401A07  ^ 78 A7          js short 大飞1016.004019B0
00401A09 F2:          prefix repne:
00401A0A C005 6096821E A>rol byte ptr ds:[1E829660],0AA
00401A11 8C4A 04       mov word ptr ds:[edx+4],cs
00401A14 4C             dec esp
00401A15 C7             ???                                        ; 未知命令
00401A16 DCE4          fsubr st(4),st
00401A18 C3             retn
00401A19 188E D483A547 sbb byte ptr ds:[esi+47A583D4],cl
00401A1F 116CD6 89    adc dword ptr ds:[esi+edx*8-77],ebp
00401A23 0D AA41A6DC    or eax,DCA641AA
00401A28 289A 1706417F sub byte ptr ds:[edx+7F410617],bl
00401A2E 104A 59       adc byte ptr ds:[edx+59],cl
00401A31 C8 42FA96    enter 0FA42,96
00401A35 05 3D71959E    add eax,9E95713D
00401A3A 85F7          test edi,esi
00401A3C E6 40          out 40,al
00401A3E B2 48          mov dl,48
00401A40 289D 653B6D2B sub byte ptr ss:[ebp+2B6D3B65],bl
00401A46 18AA DA0C2EEC sbb byte ptr ds:[edx+EC2E0CDA],ch
00401A4C 3E:9C          pushfd
00401A4E 8EFD          mov seg?,bp                               ; 不明确的段位寄存器
00401A50 54             push esp
00401A51 74 0A          je short 大飞1016.00401A5D
00401A53 AA             stos byte ptr es:[edi]
00401A54 06             push es
00401A55 2859 A9       sub byte ptr ds:[ecx-57],bl
00401A58 46             inc esi
00401A59 61             popad
00401A5A 865C49 79    xchg byte ptr ds:[ecx+ecx*2+79],bl
00401A5E 65:25 F71E944D  and eax,4D941EF7
00401A64 EF             out dx,eax
00401A65 3009          xor byte ptr ds:[ecx],cl
00401A67 D25B 58       rcr byte ptr ds:[ebx+58],cl
00401A6A 2F             das
00401A6B 58             pop eax
00401A6C 5C             pop esp
00401A6D 7B AE          jpo short 大飞1016.00401A1D
00401A6F 1F             pop ds
00401A70 5F             pop edi
00401A71 EA 16E692ED 101>jmp far 1810:ED92E616
00401A78 24 B2          and al,0B2
00401A7A B4 8C          mov ah,8C
00401A7C 25 58126974    and eax,74691258
00401A81 68 4BAB8C88    push 888CAB4B
00401A86 89F0          mov eax,esi
00401A88 48             dec eax
00401A89 A5             movs dword ptr es:[edi],dword ptr ds:[esi]
00401A8A 3342 AB       xor eax,dword ptr ds:[edx-55]
00401A8D 4B             dec ebx
00401A8E 0012          add byte ptr ds:[edx],dl
00401A90 085C71 55    or byte ptr ds:[ecx+esi*2+55],bl
00401A94 1E             push ds
00401A95 41             inc ecx
00401A96 92             xchg eax,edx
00401A97 56             push esi
00401A98 5F             pop edi
00401A99 EA 24B6EED2 A1D>jmp far D7A1:D2EEB624
00401AA0 94             xchg eax,esp
00401AA1 B1 0C          mov cl,0C
00401AA3 394A 9A       cmp dword ptr ds:[edx-66],ecx
00401AA6 2BF8          sub edi,eax
00401AA8 7A BE          jpe short 大飞1016.00401A68
00401AAA 77 07          ja short 大飞1016.00401AB3
00401AAC 9F             lahf
00401AAD 61             popad
00401AAE 90             nop
00401AAF E0 35          loopdne short 大飞1016.00401AE6
00401AB1 D7             xlat byte ptr ds:[ebx+al]
00401AB2 8A34A2       mov dh,byte ptr ds:[edx]
00401AB5  ^ 79 F2          jns short 大飞1016.00401AA9
00401AB7 014E 30       add dword ptr ds:[esi+30],ecx
00401ABA B1 0E          mov cl,0E
00401ABC 79 25          jns short 大飞1016.00401AE3
00401ABE B8 3B2BD69D    mov eax,9DD62B3B
00401AC3 D6             salc
00401AC4 C8 F8EFF3    enter 0EFF8,0F3
00401AC8 A1 45E0A06D    mov eax,dword ptr ds:[6DA0E045]
00401ACD 8F             ???                                        ; 未知命令
00401ACE 4E             dec esi
00401ACF AC             lods byte ptr ds:[esi]
00401AD0  ^ 7F B5          jg short 大飞1016.00401A87
00401AD2 381F          cmp byte ptr ds:[edi],bl
00401AD4 37             aaa
00401AD5 2224EC       and ah,byte ptr ss:[esp+ebp*8]
00401AD8 38CE          cmp dh,cl
00401ADA A8 2F          test al,2F
00401ADC 65:44          inc esp
00401ADE 135A 09       adc ebx,dword ptr ds:[edx+9]
00401AE1 105B 72       adc byte ptr ds:[ebx+72],bl
00401AE4 A1 730BED03    mov eax,dword ptr ds:[3ED0B73]
00401AE9 C065 37 53    shl byte ptr ss:[ebp+37],53
00401AED 0C 37          or al,37
00401AEF 20DE          and dh,bl
00401AF1 2BFD          sub edi,ebp
00401AF3 CE             into
00401AF4 8E7E 9D       mov seg?,word ptr ds:[esi-63]             ; 不明确的段位寄存器
00401AF7 6B3B 28       imul edi,dword ptr ds:[ebx],28
00401AFA 44             inc esp
00401AFB 04 F9          add al,0F9
00401AFD FFA1 ACBFCCB7 jmp dword ptr ds:[ecx+B7CCBFAC]
00401B03 B0 F8          mov al,0F8
00401B05 828E 163BB1D5 F>or byte ptr ds:[esi+D5B13B16],FFFFFFFD
00401B0C 4A             dec edx
00401B0D 2C 08          sub al,8
00401B0F 25 E64BC989    and eax,89C94BE6
00401B14 F8             clc
00401B15 58             pop eax
00401B16 BC DAA1975F    mov esp,5F97A1DA
00401B1B 28D5          sub ch,dl
00401B1D 0E             push cs
00401B1E 1AAB 327D84D6 sbb ch,byte ptr ds:[ebx+D6847D32]
00401B24 0A0B          or cl,byte ptr ds:[ebx]
00401B26 5C             pop esp
00401B27 07             pop es
00401B28 8D97 6C12ACAF lea edx,dword ptr ds:[edi+AFAC126C]
00401B2E 30C5          xor ch,al
00401B30 8251 7D 89    adc byte ptr ds:[ecx+7D],-77
00401B34 ED             in eax,dx
00401B35 6D             ins dword ptr es:[edi],dx
00401B36 5A             pop edx
00401B37 A7             cmps dword ptr ds:[esi],dword ptr es:[edi]
00401B38 1D 32ED8D2F    sbb eax,2F8DED32
00401B3D A2 C4199EF1    mov byte ptr ds:[F19E19C4],al
00401B42 A9 548419F6    test eax,F6198454
00401B47 FC             cld
00401B48 3821          cmp byte ptr ds:[ecx],ah
00401B4A 28FA          sub dl,bh
00401B4C 7F 7F          jg short 大飞1016.00401BCD
00401B4E 0C 13          or al,13
00401B50 3252 2B       xor dl,byte ptr ds:[edx+2B]
00401B53 F0:0B1E       lock or ebx,dword ptr ds:[esi]             ; 不允许锁定前缀
00401B56 15 BE0DE8DC    adc eax,DCE80DBE
00401B5B EA AE4BEFF0 F6A>jmp far A9F6:F0EF4BAE
00401B62 CB             retf
00401B63 E8 CC20B977    call 77F93C34
00401B68 6C             ins byte ptr es:[edi],dx
00401B69 7A 47          jpe short 大飞1016.00401BB2
00401B6B 0D 206DCF2E    or eax,2ECF6D20
00401B70 19B7 26B0C1B6 sbb dword ptr ds:[edi+B6C1B026],esi
00401B76 FD             std
00401B77 1251 A4       adc dl,byte ptr ds:[ecx-5C]
00401B7A AD             lods dword ptr ds:[esi]
00401B7B  ^ 7F C1          jg short 大飞1016.00401B3E
00401B7D 59             pop ecx
00401B7E  ^ 71 D8          jno short 大飞1016.00401B58
00401B80 FE0E          dec byte ptr ds:[esi]
00401B82 61             popad
00401B83 3C CC          cmp al,0CC
00401B85 37             aaa
00401B86 BD EB01DFB9    mov ebp,B9DF01EB
00401B8B 5A             pop edx
00401B8C A4             movs byte ptr es:[edi],byte ptr ds:[esi]
00401B8D 3E:876F 8B    xchg dword ptr ds:[edi-75],ebp
00401B91 43             inc ebx
00401B92 FC             cld
00401B93 8A00          mov al,byte ptr ds:[eax]
00401B95 2E:79 13       jns short 大飞1016.00401BAB
00401B98 03C1          add eax,ecx
00401B9A C3             retn
00401B9B 05 C2DAACB6    add eax,B6ACDAC2
00401BA0 BB 626E8112    mov ebx,12816E62
00401BA5 328C0A 53BC81B9 xor cl,byte ptr ds:[edx+ecx+B981BC53]
00401BAC 55             push ebp
00401BAD 06             push es
00401BAE 2F             das
00401BAF C196 9B539635 B>rcl dword ptr ds:[esi+3596539B],0BA
00401BB6  ^ E0 9E          loopdne short 大飞1016.00401B56
00401BB8 CF             iretd
00401BB9 D80E          fmul dword ptr ds:[esi]
00401BBB 76 7A          jbe short 大飞1016.00401C37
00401BBD CF             iretd
00401BBE 698B E179C978 9>imul ecx,dword ptr ds:[ebx+78C979E1],E84AE5>
00401BC8 6E             outs dx,byte ptr es:[edi]
00401BC9 6907 5CB9A03E imul eax,dword ptr ds:[edi],3EA0B95C
00401BCF 8DB1 89002F14 lea esi,dword ptr ds:[ecx+142F0089]
00401BD5 2E:42          inc edx
00401BD7 3347 49       xor eax,dword ptr ds:[edi+49]
00401BDA 1321          adc esp,dword ptr ds:[ecx]
00401BDC 1A13          sbb dl,byte ptr ds:[ebx]
00401BDE CA 050C       retf 0C05
00401BE1 61             popad
00401BE2 2BB2 5A5AE2DB sub esi,dword ptr ds:[edx+DBE25A5A]
00401BE8 2A87 94FBA348 sub al,byte ptr ds:[edi+48A3FB94]
00401BEE 0D 07F4ED91    or eax,91EDF407
00401BF3 94             xchg eax,esp
00401BF4 6C             ins byte ptr es:[edi],dx
00401BF5 A4             movs byte ptr es:[edi],byte ptr ds:[esi]
00401BF6 DB04FD C77A1F0E fild dword ptr ds:[edi*8+E1F7AC7]
00401BFD C172 F3 07    sal dword ptr ds:[edx-D],7
00401C01 A2 1F8F0CBB    mov byte ptr ds:[BB0C8F1F],al
00401C06 4D             dec ebp
00401C07 3E:91          xchg eax,ecx
00401C09 4A             dec edx
00401C0A 1D 0FAE48B7    sbb eax,B748AE0F
00401C0F A1 7F9070F7    mov eax,dword ptr ds:[F770907F]
00401C14 F4             hlt
00401C15 CF             iretd
00401C16 75 72          jnz short 大飞1016.00401C8A
00401C18 6D             ins dword ptr es:[edi],dx
00401C19 8709          xchg dword ptr ds:[ecx],ecx
00401C1B 4D             dec ebp
00401C1C 2B7E 9C       sub edi,dword ptr ds:[esi-64]
00401C1F 71 2B          jno short 大飞1016.00401C4C
00401C21 36:E9 412FFBB2  jmp B33B4B68
00401C27 FF61 01       jmp dword ptr ds:[ecx+1]
00401C2A FA             cli
00401C2B C48D 5BBEE6A4 les ecx,fword ptr ss:[ebp+A4E6BE5B]
00401C31 F1             int1
00401C32  ^ EB AA          jmp short 大飞1016.00401BDE
00401C34 D5 64          aad 64
00401C36 2A9D 6A5EDE46 sub bl,byte ptr ss:[ebp+46DE5E6A]
00401C3C 63BD AE8934E8 arpl word ptr ss:[ebp+E83489AE],di
00401C42 58             pop eax
00401C43 1BA0 683CFF9A sbb esp,dword ptr ds:[eax+9AFF3C68]
00401C49 10B9 A4070F56 adc byte ptr ds:[ecx+560F07A4],bh
00401C4F 25 D028433E    and eax,3E4328D0
00401C54 021CCA       add bl,byte ptr ds:[edx+ecx*8]
00401C57 80C8 15       or al,15
00401C5A  ^ EB 8A          jmp short 大飞1016.00401BE6
00401C5C D5 EE          aad 0EE
00401C5E 40             inc eax
00401C5F 815A 80 6A14D23>sbb dword ptr ds:[edx-80],38D2146A
00401C66 E5 77          in eax,77
00401C68 2E:A9 4B19F91D  test eax,1DF9194B
00401C6E 4D             dec ebp
00401C6F CA 324C       retf 4C32
00401C72 41             inc ecx
00401C73 CB             retf
00401C74 8840 CF       mov byte ptr ds:[eax-31],al
00401C77 1E             push ds
00401C78 49             dec ecx
00401C79 FA             cli
00401C7A 55             push ebp
00401C7B 60             pushad
00401C7C 851F          test dword ptr ds:[edi],ebx
00401C7E 1E             push ds
00401C7F 38BE 7FA6F8A7 cmp byte ptr ds:[esi+A7F8A67F],bh
00401C85 843A          test byte ptr ds:[edx],bh
00401C87 4F             dec edi
00401C88 E8 A8ABDEE3    call E41EC835
00401C8D 9D             popfd
00401C8E A7             cmps dword ptr ds:[esi],dword ptr es:[edi]
00401C8F 44             inc esp
00401C90 4E             dec esi
00401C91 16             push ss
00401C92 ED             in eax,dx
00401C93 89D9          mov ecx,ebx
00401C95 31DC          xor esp,ebx
00401C97 F615 C9CC9D60 not byte ptr ds:[609DCCC9]
00401C9D 1943 B6       sbb dword ptr ds:[ebx-4A],eax
00401CA0 A7             cmps dword ptr ds:[esi],dword ptr es:[edi]
00401CA1 49             dec ecx
00401CA2 8E70 AC       mov seg?,word ptr ds:[eax-54]             ; 不明确的段位寄存器
00401CA5 E8 3D0530CF    call CF7021E7
00401CAA 0376 2C       add esi,dword ptr ds:[esi+2C]
00401CAD 00A0 8B1FDE67 add byte ptr ds:[eax+67DE1F8B],ah
00401CB3 DDDF          fstp st(7)
00401CB5 81D5 F2075779 adc ebp,795707F2
00401CBB 16             push ss
00401CBC 94             xchg eax,esp
00401CBD 78 1C          js short 大飞1016.00401CDB
00401CBF BD 3889A7FC    mov ebp,FCA78938
00401CC4 91             xchg eax,ecx
00401CC5 57             push edi
00401CC6 C1E7 7A       shl edi,7A
00401CC9 ED             in eax,dx
00401CCA 73 2C          jnb short 大飞1016.00401CF8
00401CCC DEB8 A107A213 fidivr word ptr ds:[eax+13A207A1]
00401CD2 15 10F87B40    adc eax,407BF810
00401CD7 F8             clc
00401CD8 C3             retn
00401CD9 37             aaa
00401CDA  - E9 A526D9EE    jmp EF194384
00401CDF A4             movs byte ptr es:[edi],byte ptr ds:[esi]
00401CE0 29A3 227799B4 sub dword ptr ds:[ebx+B4997722],esp
00401CE6  ^ E3 86          jecxz short 大飞1016.00401C6E
00401CE8 06             push es
00401CE9 5B             pop ebx
00401CEA 42             inc edx
00401CEB 2C 7E          sub al,7E
00401CED 08A2 77150BE0 or byte ptr ds:[edx+E00B1577],ah
00401CF3 40             inc eax
00401CF4 56             push esi
00401CF5 34 83          xor al,83
00401CF7 CC             int3
00401CF8 0A3F          or bh,byte ptr ds:[edi]
00401CFA 8262 CB F6    and byte ptr ds:[edx-35],FFFFFFF6
00401CFE 2E:FD          std
00401D00 839B 2FAC14F5 8>sbb dword ptr ds:[ebx+F514AC2F],-79
00401D07 BB FEC862C2    mov ebx,C262C8FE
00401D0C EA 5ED211E2 85B>jmp far B385:E211D25E
00401D13 D4 FD          aam 0FD
00401D15 A7             cmps dword ptr ds:[esi],dword ptr es:[edi]
00401D16 47             inc edi
00401D17 43             inc ebx
00401D18 62F0          bound esi,eax                            ; 非法使用寄存器
00401D1A 3225 E3B88EB9 xor ah,byte ptr ds:[B98EB8E3]
00401D20 F9             stc
00401D21 63D3          arpl bx,dx
00401D23 30F5          xor ch,dh
00401D25 56             push esi
00401D26 8E78 2D       mov seg?,word ptr ds:[eax+2D]             ; 不明确的段位寄存器

部分代码

按f8两次停止了不允许锁定前缀
  访问违反请教高手指点

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法

收藏・0

免费・0

支持

最新回复 (2)
风随雨行雪币： 2523 活跃值： (520) 能力值： ( LV4，RANK：50 ) 在线值：发帖 3 回帖 604 粉丝 1 关注私信	风随雨行 1 2 楼 F8不行就F7 2009-10-16 18:43 0
qsyqsy 雪币： 234 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 28 回帖 685 粉丝 0 关注私信	qsyqsy 3 楼别发大断代码好吧，截图，没高亮看起来不舒服 F8步过，F7是跟进，查下关键跟进吧，不然先静态就是了 2009-10-16 21:02 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

mrlif

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
风随雨行雪币： 2523 活跃值： (520) 能力值： ( LV4，RANK：50 ) 在线值：发帖 3 回帖 604 粉丝 1 关注私信	风随雨行 1 2 楼 F8不行就F7 2009-10-16 18:43 0
qsyqsy 雪币： 234 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 28 回帖 685 粉丝 0 关注私信	qsyqsy 3 楼别发大断代码好吧，截图，没高亮看起来不舒服 F8步过，F7是跟进，查下关键跟进吧，不然先静态就是了 2009-10-16 21:02 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复