Îҵĵڣ¿ÆªÆÆÎÄ£¨exescope v6.00£©£º
ÔÚ DedeÖп´µ½Ò»¸ö¿ÉÒɵÄÌøת004807D8£ºjz 0048086B
ÓÃÊó±êË«»÷Ìøµ½00480870£ºInvalid ID or Name£¬ºÇºÇÖªµÀÁË°É£º£©
|
004807D1 E85A790000 call
00488130
004807D6 84C0
test al, al ->¸ÄÕâÀïÈÃÏÂÒ»
¸öjz²»Ìø¾Í×¢²á³É¹¦£¡£¡£¡£¬À´Ó²µÄÐÞ¸ÄÕâÀï¾ÍºÃÁË¡£
004807D8 0F848D000000 jz
0048086B
///////////////////////////////////////////////////////////////////
* Possible String Reference to: 'Invalid ID or Name;“o˜^ID‚Ü‚½‚Í–¼‘O
|
‚ª–³Œø‚Å‚·'
|
00480870 B8FC084800 mov
eax, $004808FC
|
00480875 E8C625FDFF call
00452E40
0048087A 8B45F8
mov eax, [ebp-$08]
0048087D 668B0D2C094800 mov cx,
word ptr [$48092C]
00480884 B201
mov dl, $01
|
00480886 E841D7FBFF call
0043DFCC
0048088B 33C0
xor eax, eax
0048088D 5A
pop edx
0048088E 59
pop ecx
0048088F 59
pop ecx
00480890 648910
mov fs:[eax], edx
****** FINALLY
|
///////////////////////////////////////////////////////////////////////
/////////////////
×¢²áÅжϳÌÐò£º
004807D1 E85A790000 call
00488130
ÌøÈë
///////////////////////////////////////////////////////////////////////
////////////////
00488130 55
push ebp
00488131 8BEC
mov ebp, esp
00488133 51
push ecx
00488134 53
push ebx
00488135 8955FC
mov [ebp-$04], edx
00488138 8B45FC
mov eax, [ebp-$04]
|
0048813B E8F0BBF7FF call
00403D30
00488140 33C0
xor eax, eax
00488142 55
push ebp
* Possible String Reference to: 'éѱ÷ÿëð‹Ã[Y]?
|
00488143 68B2814800 push
$004881B2
***** TRY
|
00488148 64FF30
push dword ptr fs:[eax]
0048814B 648920
mov fs:[eax], esp
0048814E 33DB
xor ebx, ebx
00488150 8B45FC
mov eax, [ebp-$04]
|
00488153 E824BAF7FF call
00403B7C
00488158 83F80A
cmp eax, +$0A ->ÅжÏ×¢²áÂ볤
¶ÈÊÇ·ñΪ10λ
0048815B 753F
jnz 0048819C ->Y²»Ìø,
0048815D 8B55FC
mov edx, [ebp-$04]
* Possible String Reference to: 'A1910'
- >A191ÊÇÃÜÂëµÄ
Ç°ËÄλ
|
00488160 B8C8814800 mov
eax, $004881C8
|
00488165 E89EBCF7FF call
00403E08
0048816A 48
dec eax
0048816B 7410
jz 0048817D
0048816D 8B55FC
mov edx, [ebp-$04]
* Possible String Reference to: 'A1423'
- >ºÃÏóûʲôÓÃ
|
00488170 B8D8814800 mov
eax, $004881D8
|
00488175 E88EBCF7FF call
00403E08
0048817A 48
dec eax
0048817B 751F
jnz 0048819C
0048817D 8B45FC
mov eax, [ebp-$04]
00488180 0FB64008 movzx
eax, byte ptr [eax+$08]
->eax:µ¹ÊýµÚ¶þλASCIIÂë
00488184 8B55FC
mov edx, [ebp-$04]
00488187 0FB65209 movzx
edx, byte ptr [edx+$09]
->edx:µ¹ÊýµÚ1λASCIIÂë
0048818B 03C2
add eax, edx
->eax:µ¹ÊýÁ½Î»ASCIIÂëÖ®ºÍ
0048818D B90A000000 mov
ecx, $0000000A
00488192 99
cdq ->CDQ Ë«×ÖÀ©Õ¹.
(
°ÑEAXÖеÄ×ֵķûºÅÀ©Õ¹µ½EDXÖÐÈ¥)
00488193 F7F9
idiv ecx ->IDIV ÕûÊý³ý·¨. ÉÌ
»ØËÍAL,ÓàÊý»ØËÍAH, (×Ö½ÚÔËËã);
»ò
ÉÌ»ØËÍAX,Óà
Êý»ØËÍDX, (×ÖÔËËã).
00488195 83FA04
cmp edx, +$04 ->Óà4¾Í
¶ÔÁË£¬Èç(A1910???35)
00488198 7502
jnz 0048819C
->Âë²»ÕýȷʱÌø
0048819A B301
mov bl, $01
0048819C 33C0
xor eax, eax
0048819E 5A
pop edx
0048819F 59
pop ecx
004881A0 59
pop ecx
004881A1 648910
mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '‹Ã[Y]?
|
004881A4 68B9814800 push
$004881B9
004881A9 8D45FC
lea eax, [ebp-$04]
|
004881AC E84FB7F7FF call
00403900
004881B1 C3
ret
004881B2 E9D1B1F7FF jmp
00403388
004881B7 EBF0
jmp 004881A9
****** END
|
004881B9 8BC3
mov eax, ebx
004881BB 5B
pop ebx
004881BC 59
pop ecx
004881BD 5D
pop ebp
004881BE C3
ret
///////////////////////////////////////////////////////////////////////
//////
µÃµ½×¢²áÂ볤¶È£º
///////////////////////////////////////////////////////////////////////
/////
00403B7C 85C0
test eax, eax
00403B7E 7403
jz 00403B83
00403B80 8B40FC
mov eax, [eax-$04] -¡·³¤¶È
00403B83 C3
ret
///////////////////////////////////////////////////////////////////
:)×¢²áIDÓëÓû§ÃûÎ޹أ»
:)IDÇ°ËÄλ¹Ì¶¨ÎªA1910£»
:)IDλÊý¹Ì¶¨Îª10λ£»
:)IDµÚ6¡¢7¡¢8λÈÎÒ⣻
:)IDµÚ9¡¢10λASCIIÂëÖ®ºÍ³ýÒÔ0x0A(10D)Óà4¾ÍÕýÈ·£¡£¡£¡
it's your mama! ÍíÉÏÍøÉÏÒ»¿´£¬exescope 630³öÀ´ÁË£¬»¹ÓÐ×¢²á»ú£¬¿´¿´Éú³É
µÄ×¢²áÂ룬´óͬСÒ죬Æäʵû±ØҪдʲôע²á»ú£¨Ñ§±à³Ì£¿£¿£©£¬ÓÃÒ»¸öÂë¾ÍÐÐ
ÁË¡£
- ±ê Ì⣺Îҵĵڣ¿ÆªÆÆÎÄ£¨exescope v6.00£© (5ǧ×Ö)
- ×÷ Õߣºexdata
- ʱ ¼ä£º2001-12-21 12:33:40
- Á´ ½Ó£ºhttp://bbs.pediy.com