鍛戒護(hù)浣撻儴鍒嗙粡榪囨櫘閫氳В瀵嗗悗錛岃繕闇€瑕佹牴鎹竴涓帺鐮佹潵榪涜浜屾瑙e瘑
榪欓噷鏄簩嬈¤В瀵嗗懡浠や綋鐨勯儴鍒?br /> push ebp
mov ebp, esp
and esp, FFFFFFF8
push -1
push 004C833C
mov eax, dword ptr fs:[0]
push eax
mov dword ptr fs:[0], esp
push ecx
mov eax, 549C
call 004BC0B0
push ebx
push esi
push edi
mov edi, dword ptr [ebp+8]
cmp byte ptr [edi], 2B <------鍒ゆ柇絎竴涓瓧鑺傛槸鍚︿負(fù) +
mov ebx, ecx
jnz L029
inc edi
push edi
call 0042B0D0
mov ecx, dword ptr [esp+54AC]
mov dword ptr fs:[0], ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
L029:
push edi <----- 瀵嗘枃
lea eax, dword ptr [esp+3C]
push eax <------ 瀵嗘枃瑙e瘑鍚庤淇濆瓨鍦ㄨ繖閲?br /> call 004A0CE0
mov cx, word ptr [ebx+49B162]
xor word ptr [esp+3C], cx
xor edx, edx
mov dh, byte ptr [esp+43]
mov cl, byte ptr [ebx+49B161]
xor eax, eax
mov ah, byte ptr [esp+3F]
mov dl, byte ptr [esp+41]
mov al, byte ptr [esp+3D]
shl edx, 10
or edx, eax
mov al, byte ptr [ebx+49B160]
mov esi, edx
xor cl, byte ptr [esp+3C]
xor edx, edx
mov dh, cl
xor al, byte ptr [esp+38]
mov dword ptr [esp+1C], esi
mov dl, al
mov eax, dword ptr [esp+38]
shr eax, 10
mov cx, dx
movzx dx, byte ptr [esp+39]
mov dh, byte ptr [esp+3E]
mov word ptr [esp+20], cx
mov word ptr [esp+22], dx
xor edx, edx
mov dh, byte ptr [esp+40]
mov dl, al
movzx ax, ah
mov ah, byte ptr [esp+42]
mov word ptr [esp+24], dx
mov word ptr [esp+26], ax
movzx eax, cx
add eax, -138A
cmp eax, 123
ja 0043BF9D
movzx ecx, byte ptr [eax+43C220]
jmp dword ptr [ecx*4+43BFB4]
鍦?MIR3G浜屾鍔犺В瀵嗗弽姹囩紪鍒嗘瀽錛堜笁錛夆€斺€旇窡韙?nbsp; 涓湁4涓祴鍊?br /> mov byte ptr [ebx+49B160], al
mov byte ptr [ebx+49B161], ah
mov word ptr [ebx+49B162], ax
mov word ptr [ebx+49B164], ax
榪欏氨鏄懡浠や綋浜屾瑙e瘑鏃剁殑鎺╃爜
浠庝竴嬈¤В瀵嗙殑娑堟伅浣撲腑鎻愬彇鎺╃爜鐨勯儴鍒?br /> sub eax, edx
cmp eax, 3C ;鍒ゆ柇娑堟伅浣撻暱搴︽槸鍚︿負(fù)60
jnz 0043BF9D
mov ecx, dword ptr [esp+CA8] esp+CA8淇濆瓨鐨勫氨鏄粡榪囦竴嬈¤В瀵嗙殑娑堟伅浣擄紙涓嶅寘鍚懡浠や綋錛?br /> mov edx, dword ptr [esp+CAC]
mov eax, dword ptr [esp+CB0]
mov dword ptr [esp+38], ecx
mov ecx, dword ptr [esp+CB4]
mov dword ptr [esp+44], ecx
mov ecx, dword ptr [esp+CC0]
mov dword ptr [esp+3C], edx
mov edx, dword ptr [esp+CB8]
mov dword ptr [esp+40], eax
mov eax, dword ptr [esp+CBC]
mov dword ptr [esp+54], ecx
mov ecx, dword ptr [esp+CCC]
mov dword ptr [esp+48], edx
mov edx, dword ptr [esp+CC4]
mov dword ptr [esp+50], eax
mov eax, dword ptr [esp+CC8]
mov dword ptr [esp+60], ecx
mov ecx, dword ptr [esp+CD8]
mov dword ptr [esp+58], edx
mov edx, dword ptr [esp+CD0]
mov dword ptr [esp+5C], eax
mov eax, dword ptr [esp+CD4]
mov dword ptr [esp+24], ecx
lea ecx, dword ptr [esp+1C]
mov dword ptr [esp+1C], edx ;鏈€鍚?0涓瓧鑺?br /> mov edx, dword ptr [esp+CDC]
mov dword ptr [esp+20], eax
mov eax, dword ptr [esp+CE0]
push ecx
mov ecx, ebx
mov byte ptr [esp+50], 0
mov byte ptr [esp+68], 0
mov dword ptr [esp+2C], edx
mov dword ptr [esp+30], eax
mov byte ptr [esp+34], 0
call 0042BD60
lea edx, dword ptr [esp+38] 鍓?0涓瓧鑺?br /> push edx
mov ecx, ebx
mov byte ptr [ebx+49B160], al
mov byte ptr [ebx+49B161], ah
call 0042BD60
mov word ptr [ebx+49B162], ax
lea eax, dword ptr [esp+50]
push eax
mov ecx, ebx
call 0042BD60
mov word ptr [ebx+49B164], ax
鎻愬彇鎺╃爜鐨勫嚱鏁?0042BD60
push ebx
push esi
mov esi, dword ptr [esp+C] esi = arg1 ;娑堟伅浣?br /> mov eax, esi eax = arg1
xor ebx, ebx ebx = 0
lea edx, dword ptr [eax+1] edx = arg+1 錛屼粠絎簩涓瓧鑺傚紑濮?br /> lea ecx, dword ptr [ecx]
L007:
mov cl, byte ptr [eax]
inc eax
test cl, cl
jnz L007
sub eax, edx
cmp eax, 14 媯€(gè)鏌ュ弬鏁伴暱搴︽槸鍚︽槸20
jnb L018
pop esi
xor ax, ax
pop ebx
retn 4
L018:
mov eax, 2 ;eax =2
lea edx, dword ptr [esi+1] ;edx鎸囧悜絎簩涓瓧鑺?nbsp; edx = 1
push edi
L022:
mov cl, byte ptr [edx-1] ;cl = arg[edx-1]
movzx esi, byte ptr [edx+8] ;esi = ((long)(arg[edx+8]))
movzx ecx, cl ;ecx = ((long)cl)
add esi, ecx ;esi = esi+ecx
movzx ecx, byte ptr [edx] ;ecx = (long)arg[edx]
cmp ecx, esi ;if(ecx < esi) 璺寵漿鍒?L033
jl L033
lea ecx, dword ptr [eax-2] ; ecx = eax-2
mov edi, 8000 ; edi = 0x8000
sar edi, cl ; edi = edi >> cl
or ebx, edi ; ebx = ebx | edi
L033:
movzx ecx, byte ptr [edx+1] ;ecx = (long)arg[edx+1]
cmp ecx, esi ;if(ecx<esi) 璺寵漿鍒?L040
jl L040
lea ecx, dword ptr [eax-1] ;ecx = eax-2
mov edi, 8000 ;edi = 0x8000
sar edi, cl ;edi = edi >> arg[eax-1]
or ebx, edi ;ebx = ebx | edi
L040:
movzx ecx, byte ptr [edx+2] ;ecx = (long)arg[edx+2]
cmp ecx, esi ;if(ecx < esi) 璺寵漿鍒?L047
jl L047
mov edi, 8000 ;edi = 0x8000
mov ecx, eax ;ecx = eax
sar edi, cl ;edi = edi >> cl
or ebx, edi ;ebx = ebx | edi
L047:
movzx ecx, byte ptr [edx+3] ;ecx = (long)arg[edx+3]
cmp ecx, esi ; if(ecx < esi) 璺寵漿鍒?L054
jl L054
lea ecx, dword ptr [eax+1] ;ecx = eax+1
mov edi, 8000 ;edi = 0x8000
sar edi, cl ;edi = edi >> cl
or ebx, edi ;ebx = ebx | edi
L054:
movzx ecx, byte ptr [edx+4] ;ecx = (long)arg[edx+4]
cmp ecx, esi ; if(ecx < esi) 璺寵漿鍒?L061
jl L061
lea ecx, dword ptr [eax+2] ;ecx = eax+2
mov edi, 8000 ;edi = 0x8000
sar edi, cl ;edi = edi >> cl
or ebx, edi ;ebx = ebx | edi
L061:
movzx ecx, byte ptr [edx+5] ;ecx = (long)arg[edx+5]
cmp ecx, esi ; if(ecx < esi) 璺寵漿鍒?L068
jl L068
lea ecx, dword ptr [eax+3] ;ecx = eax+3
mov edi, 8000 ;edi = 0x8000
sar edi, cl ;edi = edi >> cl
or ebx, edi ;ebx = ebx | edi
L068:
movzx ecx, byte ptr [edx+6] ;ecx = (long)arg[edx+6]
cmp ecx, esi ; if(ecx < esi) 璺寵漿鍒?L075
jl L075
lea ecx, dword ptr [eax+4] ;ecx = eax+4
mov edi, 8000 ;edi = 0x8000
sar edi, cl ;edi = edi >> cl
or ebx, edi ;ebx = ebx | edi
L075:
movzx ecx, byte ptr [edx+7] ;ecx = (long)arg[edx+7]
cmp ecx, esi ; if(ecx < esi) 璺寵漿鍒?L082
jl L082
lea ecx, dword ptr [eax+5] ;ecx = eax+5
mov esi, 8000 ;edi = 0x8000
sar esi, cl ;edi = edi >> cl
or ebx, esi ;ebx = ebx | edi
L082:
add eax, 8 ;eax = eax+8
add edx, 0A ;edx = edx+0x0A
cmp eax, 0A ;if(eax <= 0X0A) 璺寵漿鍒?L022
jle L022
movzx edx, bl ;edx = (long)bl 浣?浣?鎵╁睍
movzx eax, bh ;eax = (long)bh 楂?浣?鎵╁睍
pop edi ;
xor edx, 87 ;edx = edx ^ 0x87
xor eax, 87 ;eax = eax ^ 0x87
shl edx, 8 ;edx << 8
pop esi
or eax, edx ;eax = eax | edx
pop ebx
retn 4
鑷蟲錛屾秷鎭殑鍔犺В瀵嗛儴鍒嗗凡緇忓叏閮ㄨ繕鍘?
Phrancol Yang 2008-06-07 16:06 鍙戣〃璇勮
]]> push 1FFF ;1FFF鍏ユ爤
lea eax, dword ptr [esp+CAC] ;(3244) 璺濈鏍堥《811涓瓨鍌ㄥ崟鍏?
push eax ;eax鍏ユ爤 瑙e瘑鍚庤瀛樺叆鐨勫湴鍧€鍏ユ爤
add edi, 10 ;edi=浠庡瓧絎︿覆絎?7涓瓧鑺傚紑濮嬪線鍚庣殑涓?br />
push edi ;瀵嗘枃鍏ユ爤
call 004A0BD0 ;璺熻繘鍙戠幇榪欐槸鏅€氱殑涓€嬈¤В瀵嗭紝瑙e瘑鍚庢暟鎹瓨鍦╡sp+CAC閲?
mov byte ptr [esp+eax+CA8], 0
xor eax, eax
mov ecx, 100 ;ecx=100 (256) 寰幆嬈℃暟
lea edi, dword ptr [esp+3F8] ;edi
rep stos dword ptr es:[edi] ;
lea ecx, dword ptr [esp+3F8]
push ecx
lea edx, dword ptr [ebx+3CD864]
push edx
mov ecx, ebx
call 0042C440 ;浜屾瑙e瘑錛岀敓鎴愬洖澶嶅瘑鏂?br />
lea eax, dword ptr [esp+3F8]
push eax
mov ecx, 004D5C70
call 0049F770 ;璋冪敤messageSend(char* msg)
lea eax, dword ptr [esp+CA8]
lea edx, dword ptr [eax+1]
L023:
mov cl, byte ptr [eax]
inc eax
test cl, cl
jnz L023
sub eax, edx
cmp eax, 3C
jnz 0043BF9D
mov ecx, dword ptr [esp+CA8]
mov edx, dword ptr [esp+CAC]
mov eax, dword ptr [esp+CB0]
mov dword ptr [esp+38], ecx
mov ecx, dword ptr [esp+CB4]
mov dword ptr [esp+44], ecx
mov ecx, dword ptr [esp+CC0]
mov dword ptr [esp+3C], edx
mov edx, dword ptr [esp+CB8]
mov dword ptr [esp+40], eax
mov eax, dword ptr [esp+CBC]
mov dword ptr [esp+54], ecx
mov ecx, dword ptr [esp+CCC]
mov dword ptr [esp+48], edx
mov edx, dword ptr [esp+CC4]
mov dword ptr [esp+50], eax
mov eax, dword ptr [esp+CC8]
mov dword ptr [esp+60], ecx
mov ecx, dword ptr [esp+CD8]
mov dword ptr [esp+58], edx
mov edx, dword ptr [esp+CD0]
mov dword ptr [esp+5C], eax
mov eax, dword ptr [esp+CD4]
mov dword ptr [esp+24], ecx
lea ecx, dword ptr [esp+1C]
mov dword ptr [esp+1C], edx
mov edx, dword ptr [esp+CDC]
mov dword ptr [esp+20], eax
mov eax, dword ptr [esp+CE0]
push ecx
mov ecx, ebx
mov byte ptr [esp+50], 0
mov byte ptr [esp+68], 0
mov dword ptr [esp+2C], edx
mov dword ptr [esp+30], eax
mov byte ptr [esp+34], 0
call 0042BD60
lea edx, dword ptr [esp+38]
push edx
mov ecx, ebx
mov byte ptr [ebx+49B160], al
mov byte ptr [ebx+49B161], ah
call 0042BD60
mov word ptr [ebx+49B162], ax
lea eax, dword ptr [esp+50]
push eax
mov ecx, ebx
call 0042BD60
mov word ptr [ebx+49B164], ax
mov ecx, dword ptr [esp+54AC]
mov dword ptr fs:[0], ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
鍒嗘瀽浠ヤ笂浠g爜鍙互綆€鍗曞緱鍑轟互涓嬬粨璁?br />
1. 浠巆all 004A0BD0 鐨勮皟鐢ㄥ彲浠ョ畝鍗曞垎鏋愬嚭浜屾瀵嗘枃鍙兘涔熸槸鏍囧噯娑堟伅緇撴瀯
2. 閫氳繃瀵規(guī)瘮鏈洿鏂扮増鏈笌鏈€鏂扮増鏈3EF鐨勫彂閫佹儏鍐碉紝鏈洿鏂扮増鏈彂閫?EF鏃訛紝娑堟伅浣撴槸絀猴紝鍛戒護(hù)浣撳叾浠栧弬鏁頒笉涓?錛屽啀緇嗗垎鏋愶紝
鏈洿鏂扮殑鐗堟湰鐨?EF鍏跺疄灝辨槸鍓茶倝鐨勫懡浠?..........
鏈€鏂扮増鏈殑瀹㈡埛绔敹鍒頒簩嬈″瘑鏂囧悗錛岀粡榪囦竴浜涘鐞嗭紝浠?EF涓哄懡浠ゅ彂鍚戞湇鍔″櫒
3. 浠巃dd edi, 10鍙互鐚滄祴錛屼簩嬈″瘑鏂囩殑鍛戒護(hù)浣撳彲鑳芥槸榪鋒儜浜虹敤鐨?br />
4. 浠巆all 0049F770榪欎釜璋冪敤鏂畾 esp+3F8 灝辨槸浜屾瑙e瘑鍚庣殑鏄庢枃
5. 瀵逛簬call 0042C440榪欎釜璋冪敤錛屽彲浠ョ寽嫻嬶紝榪欎釜灝辨槸浜屾瑙e瘑鐨勫嚱鏁?br />
6. 鏈嶅姟鍣ㄥ彂鏉ョ殑瀵嗘枃瀵逛簬鏈瑙e瘑鏄病鏈夊獎(jiǎng)鍝嶇殑錛屽彧鏄瀹冭繘琛屼簡(jiǎn)涓€浜涙搷浣滐紝鐢熸垚浜?涓暟騫惰繘琛屽涓嬩繚瀛?br />
mov byte ptr [ebx+49B160], al
mov byte ptr [ebx+49B161], ah
mov word ptr [ebx+49B162], ax
mov word ptr [ebx+49B164], ax
7. 浜屾瑙e瘑鍑芥暟鏈?涓弬鏁? arg1 = dword ptr [ebx+3CD864] , arg2 = [esp+3F8]
涔熷氨鏄牴鎹甦word ptr [ebx+3CD864]鏉ョ敓鎴愯В瀵嗘槑鏂囷紝騫跺瓨鍏ュ湴鍧€esp+3F8錛屼簬鏄痚bx+3CD864灝辨垚浜?jiǎn)瑙e瘑鐨勫叧閿?br />
Phrancol Yang 2008-06-01 20:12 鍙戣〃璇勮
]]>