Õâ¸ö³ÌÐòÊÇÔÚKFC(Key Fans Club)ÉÏÃæ¿´µ½µÄ,ÎÒ¸øÒ»¸öÅóÓÑÍæ,¿ÉÄÜÊÇËûµÄ¼¼ÊõÌ«ÀÃÁË°É,¾ÍºÍÎÒ˵̫ÄÑÁËÍæ²»¹ý
Èç¹ûÓÐÎ޵аæ¾ÍºÃÁËÖ®ÀàµÄ»°.˳±ãÔÚ°ï°ï(»¹ÊǺ¦ÁËÄØ?)ÅóÓѵÄͬʱҲ¶ÍÁ¶Ò»ÏÂ×Ô¼ºµÄPE-DIYˮƽ°É.
ʹÓù¤¾ß:OllyDbg×ÔÐ޸İæ,LordPE,½ðɽÓÎÏÀ2002
ÓÃODÔØÈë³ÌÐò,ûÓмÓѹËõÌáʾ,Èë¿Ú´úÂëÊÇ¿´À´Ó¦¸ÃÊÇVCµÄ,³õ²½Åж¨³ÌÐòûÓмӿÇ,ÊÇVCдµÄ.(ÏÖÔÚÓеãÐŲ»¹ýPEIDÁË :D)
È»ºó°´F9ÔËÐгÌÐò,½øÈë³ÌÐò,½øÈëÓÎÏ·,ÈñðÈË´ò×Ô¼ºÒ»ÏÂ,ÄǸö"±»´ò·ÉÖµ"¾Í»áÔö¼Ó,ÓýðɽÓÎÏÀÑ°ÕÒ,
¼¸´Îºó,¾ÍÕÒµ½Á½¸öµØÖ·ÁË,ÈçÎÒµÄÊÇ79A1F94ºÍ79A1F98Á½¸öµØÖ·,ÓÃOD²é¿´ËùÔÚµÄÄÚ´æµØÖ·ÈçÏÂ:
079A1F84 00 00 1C 40 00 00 00 00 00 00 26 C0 03 00 00 00 ..@......&?...
079A1F94 20 00 00 00 20 00 00 00 02 00 00 00 02 00 00 00 ... .........
079A1FA4 03 00 00 00 03 00 00 00 03 00 00 00 80 03 00 00 .........€..
Á½¸öµØÖ·,Ò»°ã¿ÉÄÜÊÇÊýÖµµÄÒ»·ÝCOPY,·ÀֹijЩ·Ç·¨ÔÒò¸ü¸ÄÊý¾Ý,ÏÖÔÚÊÔÑéÒ»ÏÂ,°ÑµÚÒ»¸ö0x32¸ÄΪ0,
¼´:
079A1F84 00 00 1C 40 00 00 00 00 00 00 26 C0 03 00 00 00 ..@......&?...
079A1F94 00 00 00 00 20 00 00 00 02 00 00 00 02 00 00 00 ... .........
079A1FA4 03 00 00 00 03 00 00 00 03 00 00 00 80 03 00 00 .........€..
·µ»ØÓÎÏ·,·¢ÏÖûÓÐʲôÌáʾ˵ÊÇ·Ç·¨ÐÞ¸ÄÊý¾Ý,¶øÇÒ·¢ÏÖ"±»´ò·ÉÖµ"ÓÉ50(32h)Ö±½ÓϽµµ½0,¶øÇÒºóÃæµÄ0x32Ò²±ä³ÉÁË0,
³õ²½Åж¨Ç°ÃæµÄ73C288C¼Ç¼µÄÊÇÕæÕýµÄ"±»´ò·ÉÖµ",ºóÃæµÄ73C2890¼Ç¼µÄÊÇÓÎÏ·ÀïÃæÏÔʾµÄ"±»´ò·ÉÖµ",
ºóÀ´ÔÙÊÔÑé¶à¼¸´Î,Ҳ֤ʵÁË×Ô¼ºµÄÅжÏ.
ÕÒµ½ÁËÕæÕýµÄµØÖ·ºó,¾ÍÏÂÄÚ´æÓ²¼þ¶Ïµã,ÀàÐÍÊÇDWORDµÄwrite¶Ïµã,È»ºóÔÙ´ÎÔËÐгÌÐòÀ´µ½ÕâÀï:
0040A842 |. DD4424 10 fld qword ptr ss:[esp+10]
0040A846 |. DC8E 10030000 fmul qword ptr ds:[esi+310]
0040A84C |. DA86 44030000 fiadd dword ptr ds:[esi+344] ; ¸¡µãÊýÏà¼Ó(ÔÚÕâÀïÉè¶Ïµã)
0040A852 |. E8 69B60300 call KanoAir.00445EC0 ; Õâ¸öCALLÊǼÆËã´ò·ÉÖµµÄ
0040A857 |. 8BCE mov ecx,esi
0040A859 |. 8986 44030000 mov dword ptr ds:[esi+344],eax ; ¸ü¸Ä±»´ò·ÉÖµ
0040A85F |. E8 CC020000 call KanoAir.0040AB30 ; Ó²¼þÖж϶ÏÔÚÕâÀï
0040A864 |. DD87 18030000 fld qword ptr ds:[edi+318]
0040A86A |. 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
0040A86D |. DC0D 68E44500 fmul qword ptr ds:[45E468]
0040A873 |. 8D41 FB lea eax,dword ptr ds:[ecx-5] ; Switch (cases 5..17)
0040A876 |. 83F8 12 cmp eax,12
0040A879 |. DD5C24 10 fstp qword ptr ss:[esp+10]
ÏÂÁ˶ϵãÒÔºóÔÙ´ÎÔËÐгÌÐò,Ò»µ«±»´òÒÔºó,³ÌÐò¾Í»á¶ÏÏÂÀ´ÁË(±»KÒÔºó±»´ò·ÉÖµÊÇ»áÔö¼ÓµÄ),
Ò²¾ÍÊÇ˵ÿһ´Î¸Ä±ä±»´ò·ÉÖµ¾Í»á¾¹ýÕâÑùÒ»¶Î³ÌÐò,ÄǾͰÑ
0040A859 |. 8986 44030000 mov dword ptr ds:[esi+344],eax ; ¸ü¸Ä±»´ò·ÉÖµ
ÕâÒ»¾äNOPµô,ÕâÑùµÄ»°¾Í²»»áÔö¼ÓÁË,NOPÏÈ.
½Ó×ÅÓÖ·¢ÏÖÒ»¸öÎÊÌâ,×Ô¼ºµÄ±»´ò·ÉÖµ²»±ä,¿ÉÊÇÔõôÁ¬µÐÈ˵ÄÖµÒ²²»»á±äÄØ?´ó¼ÒµÄÖµ²»±ä,
Õâ²»ÊÇÎÒÐÞ¸ÄÓÎÏ·µÄÄ¿µÄ°¡-_-/// ¾Í²ÂÏë¿ÉÄÜÿһ¸öÈ˵ı»´ò·ÉÖµ¶¼ÊÇÓÉÕâÒ»¶Î´úÂëÐ޸ĵÄ,
ÄǾÍÒª¿¼ÂÇÌõ¼þµÄÎÊÌâÁË.
0040A846 |. DC8E 10030000 fmul qword ptr ds:[esi+310]
0040A84C |. DA86 44030000 fiadd dword ptr ds:[esi+344] ; ¸¡µãÊýÏà¼Ó(ÔÚÕâÀïÉè¶Ïµã)
ÕâÁ½¶Î´úÂëºÃÏñ·¢ÏÖÁËESIÊÇÒ»¸öÈËÎïÖ¸Õë,¿´¿´ÏÈ:
079A1C50 C8 E3 45 00 0D F0 AD BA CE 4C 4D 10 00 00 8B 40 ÈãE..ðºÎLM..‹@
079A1C60 42 89 C0 75 5B FF 8C 40 26 00 00 00 01 61 79 75 B‰Àu[ÿŒ@&...ayu
079A1C70 00 F0 AD BA 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA .ð?ð?ð?ð?
079A1C80 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA .ð?ð?ð?ð?
079A1C90 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA .ð?ð?ð?ð?
079A1CA0 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA .ð?ð?ð?ð?
079A1CB0 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA .ð?ð?ð?ð?
079A1CC0 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA 0D F0 AD BA .ð?ð?ð?ð?
079A1CD0 0D 73 79 73 74 65 6D 5C 61 79 75 2E 62 6D 70 00 .system\ayu.bmp.
àÅ?ayu?²»ÕýÊÇÎÒÔÚʹÓõÄÈËÎïÂð?×öÒ»¸öÈËÎïASCIIÂë¹ýÂ˾ͿÉÒÔÁËÂï,
µ«Ï¸ÏëÒ»ÏÂÓÖÐв»Í¨:ÈËÎïÒ»¹²ÓÐ9¸ö,ÈçºÎÅжÏ×Ô¼ºÊÇÓÃʲôÈËÎï°¡?
²»¹ÜÄÇô¶àÁË,¸ÄÁËÔÙ˵;
ÓÉÓÚÕâÀïÒѾûÓпռäÀ´¸Ä´úÂëÁË,ËùÒÔÕÒÁ˳ÌÐòµÄβ²¿À´¸Äд´úÂë,
ÎÒ¾ÍÓÃÁË45D9C0ÒÔºóµÄÒ»´óƬ´úÂë¿Õ¼äÀ´Ð´:
ÎÒ¾ÍÖ±½Ó¸Ä0040A852 |. E8 69B60300 call KanoAir.00445EC0 ; Õâ¸öCALLÊǼÆËã´ò·ÉÖµµÄ
Õâ¸öCALL°É
0045D9C0 > \83C4 F4 add esp,-0C ; ´ÓÕâÀ↑ʼ
0045D9C3 . 9B wait
0045D9C4 . D97D FE fstcw word ptr ss:[ebp-2]
0045D9C7 . 9B wait
0045D9C8 . 66:8B45 FE mov ax,word ptr ss:[ebp-2]
0045D9CC . 80CC 0C or ah,0C
0045D9CF . 66:8945 FC mov word ptr ss:[ebp-4],ax
0045D9D3 . D96D FC fldcw word ptr ss:[ebp-4]
0045D9D6 . DF7D F4 fistp qword ptr ss:[ebp-C]
0045D9D9 . D96D FE fldcw word ptr ss:[ebp-2]
0045D9DC . 8B45 F4 mov eax,dword ptr ss:[ebp-C]
0045D9DF . 8B55 F8 mov edx,dword ptr ss:[ebp-8] ; µ½ÕâÀïÖ®¼äµÄ´úÂëÊÇÔÀ´CALLÓеĴúÂë
0045D9E2 . 9C pushfd ; ±£´æÏÖ³¡
0045D9E3 . 60 pushad ; ±£´æÏÖ³¡
àÅ,±£´æÏÖ³¡ÒÔºó¾Í¿ªÊ¼¸É»µÊÂÁË :D
¾¹ý×Ô¼º¶à´ÎµÄµ÷ÊÔ·¢ÏÖ,ESIµÄÈËÎïµØÖ·Ö¸Õ붼ÊÇ0x6DxxxxxµÄÐÎʽµÄ,ÕâÑù¾Í¼ÓÉÏÒ»¸ö¹ýÂË:
0045D9E4 . 81FE 0000D006 cmp esi,6D00000 ; Ö¸ÕëÔÚESIÀïÃæ,¶øÇÒÊýÖµ´óÓÚ0x6D00000,¹ýÂËÒ»ÏÂ
0045D9EA . 7E 12 jle short KanoAir_.0045D9FE ; СÓÚ0x600000µÄ»°¾Í²»´¦Àí
0045D9F1 . EB 15 jmp short KanoAir_.0045DA08 ; ÎÞÌõ¼þÌøÏÂÈ¥
0045D9F3 . 36:C786 44030>mov dword ptr ss:[esi+344],0 ; ûÓõÄÖ¸Áî,ÍüÁËDELµô :p
0045D9FE > 61 popad ; »Ö¸´ÏÖ³¡
0045D9FF . 9D popfd ; »Ö¸´ÏÖ³¡
0045DA00 .^ E9 E084FEFF jmp KanoAir_.00445EE5 ; Ìø»ØÔ³ÌÐò¼ÌÐøÖ´ÐÐ
Ö®ºóµ÷ÊÔÓÖ·¢ÏÖÕâ¸öCALL²»Ö¹´¦ÀíÈËÎïµÄ´ò·ÉÖµ,»¹´¦ÀíһЩÇóÖªµÄ¶«Î÷,¾ßÌåÊÇЩʲô¶«Î÷ÎÒÒ²¸ã²»¶®,
Ì«ÂÒÁË,²»¹ý·¢ÏÖÈç¹ûÕâ¸öCALL´¦ÀíÈËÌØ´ò·ÉÖµµÄʱºò,µ±Ç°[ESI]µÄÖµÒ»¶¨ÊÇΪ0x45E3C8,
ÕâÑùµÄ»°¾Í¼ÓÉÏÁ˵ڶþ¸ö¹ýÂË:
0045DA08 > 813E C8E34500 cmp dword ptr ds:[esi],KanoAir_.0045E3C8 ; µØÖ·Ö¸Õë,ÖµÒ»¶¨Îª0x45E3C8
0045DA0E .^ 75 EE jnz short KanoAir_.0045D9FE ; µØÖ·Ö¸Õë²»¶ÔµÄ»°¾ÍÌø×ß,²»´¦Àí
½Ó×ÅÊÇ´¦ÀíÈËÃûÐÅÏ¢:
0045DA10 . 8B46 1C mov eax,dword ptr ds:[esi+1C] ; ESI+1C
//ESI+1CÊÇÕâÑùµÄ: 079A1C60 01 61 79 75 ayu
°Ñ×îºóһλÖÃ0¾Í¿ÉÒÔÁË
0045DA13 . B0 00 mov al,0
0045DA15 . 3D 00617975 cmp eax,75796100 ; ayu
0045DA1A . 74 38 je short KanoAir_.0045DA54
0045DA1C . 3D 006D616B cmp eax,6B616D00 ; Makoto
0045DA21 . 74 31 je short KanoAir_.0045DA54
0045DA23 . 3D 006D696E cmp eax,6E696D00 ; Minagi
0045DA28 . 74 2A je short KanoAir_.0045DA54
0045DA2A . 3D 006B616E cmp eax,6E616B00 ; Kano & Kanna
0045DA2F . 74 23 je short KanoAir_.0045DA54
0045DA31 . 3D 006D6973 cmp eax,73696D00 ; Misuzu
0045DA36 . 74 1C je short KanoAir_.0045DA54
0045DA38 . 3D 006D6169 cmp eax,69616D00 ; mai
0045DA3D . 74 15 je short KanoAir_.0045DA54
0045DA3F . 3D 00736869 cmp eax,69687300 ; shiori
0045DA44 . 74 0E je short KanoAir_.0045DA54
0045DA46 . 3D 006E6179 cmp eax,79616E00 ; Nayuki
0045DA4B . 74 07 je short KanoAir_.0045DA54
0045DA4D .^ EB AF jmp short KanoAir_.0045D9FE ; Èç¹û²»ÊÇÕ⼸¸öÈËÃûµÄ»°¾ÍÌø×ß,²»´¦Àí
ºóÀ´ÓÖµ÷ÊÔÎÞÊý´ÎÒÔºó·¢ÏÖÁË:ÿһ´Î¿ªÊ¼ÓÎϷʱ,µÚÒ»´Îµ÷ÓÃÕâ¸öCALLµÄÊÇ×Ô¼ºÓõÄÈËÎï.¹þ,Õâ¾ÍÓеã°ì·¨ÁË:
ÕÒ¸öµØ·½È¥µÚÒ»´Îµ÷ÓÃCALLµÄʱºòµÄESIÖµ¼Ç¼ÏÂÀ´,¹©ÒÔºóÐÞ¸ÄÓò»¾ÍÐÐÁËÂð,¶øÇÒ»¹Òª×öÒ»¸ö±ê¼Çλ,
ÓÃÀ´±ê¼ÇESIµØÖ·ÓÐûÓб»¼Ç¼,Èç¹ûÓмǼESIµØÖ·µÄ»°¾Í²»ÄÜÔٴμǼÁË,´úÂëÈçÏÂ:
0045DA5A . 36:8B1D A6DA4>mov ebx,dword ptr ss:[45DAA6] ; ¶ÁÈ¡ÄÚ´æµØÖ·
0045DA61 . 36:8B0D ABDA4>mov ecx,dword ptr ss:[45DAAB] ; ¶ÁÈ¡tigger(±ê¼Ç)
0045DA68 . 90 nop
0045DA69 . 90 nop
0045DA6A . 85C9 test ecx,ecx ; ¿´±ê¼ÇÊÇ·ñΪ0
0045DA6C . 75 17 jnz short KanoAir_.0045DA85 ; Ϊ0µÄ»°¾Í²»Ìø
0045DA6E . 36:8935 A6DA4>mov dword ptr ss:[45DAA6],esi ; °Ñµ±Ç°µØÖ·Ö¸Õë´æÈëÄÚ´æ
0045DA75 . 36:C705 ABDA4>mov dword ptr ss:[45DAAB],1 ; tigger(±ê¼Ç)¸³1±íʾÒѾ¼ÇÁËÄÚ´æÖ¸Õë
0045DA80 .^ E9 79FFFFFF jmp KanoAir_.0045D9FE ; Ìø×ß,²»´¦Àí
0045DA85 > 36:A1 A6DA450>mov eax,dword ptr ss:[45DAA6] ; ¸Õ²ÅÅжϱê¼Ç²»Îª¿ÕµÄ»°,¾Í°ÑÄÚ´æÖ¸Õë·ÅÈëEAX
ÕâÑùµÄ»°¾Í¿ÉÒ԰ѵÚÒ»´Îµ÷ÓÃCALLµÄESIµØÖ·¼Ç¼ÏÂÀ´ÁË,±¾À´Ó¦¸ÃÊǼǼÔÚ¶ÑÕ»ÀïÃæµÄ,µ«ÊÇÏëÏëºóÓÖµ£ÐÄÈç¹û¶ÑÕ»
²»Æ½ºâµÄ»°³ÌÐò¾ÍµÃ±ÀÀ£ÁË,¼Ç¼ÔÚSSÇøºÃÏñÒ²ÊǸöºÃ·½·¨:
0045DAA4 00 db 00
0045DAA5 00 db 00
0045DAA6 . 00000000 dd 00000000 ; ÄÚ´æÖ¸ÕëµØÖ·
0045DAAA 00 db 00
0045DAAB . 00000000 dd 00000000 ; tigger(񈬀)
0045DAAF 00 db 00
²»¹ýҪעÒâµÄÊÇÒ»¶¨²»ÄÜÈóÌÐòÓлú»áÖ´Ðе½ÕâÀï,²»ÖªµÄ»°¾Í¿Ï¶¨³ö´íµÄÁË,
»¹ÓÐÒ»¸öҪעÒâµÄÊÇÒª°Ñ´úÂëÇø(.textÇø¿é)ÉèΪ¿Éд.
¼´È»¼Ç¼ÁË×Ô¼ºÈËÎïµÄÄÚµØÖ·Ö¸Õë,ÄǾÍÿµ÷ÓÃÒ»´ÎÕâ¸öCALL¾ÍÈÃËüÐÞ¸ÄÒ»´Î°É:
0045DA85 > 36:A1 A6DA450>mov eax,dword ptr ss:[45DAA6] ; ¸Õ²ÅÅжϱê¼Ç²»Îª¿ÕµÄ»°,¾Í°ÑÄÚ´æÖ¸Õë·ÅÈëEAX
0045DA8B . C780 44030000>mov dword ptr ds:[eax+344],0 ; ±»´ò·ÉÖµ¹é0
0045DA95 . C780 40030000>mov dword ptr ds:[eax+340],3 ; ÉúÃüÊý¸ÄΪ3(3ÌõÃüÓ¦¸Ã¹»ÍæµÄ,¶øÇÒ»¹ÊÇËø¶¨µÄ)
(BTW:ÉúÃüÊýÒ²ÊÇÓÃÏàͬµÄ·½·¨ÕÒ³öÀ´µÄ)
ºÙºÙ,¸ã¶¨,±£´æPEÎļþ,È»ºóÓÃLordPE¸ü¸Ä.text¿éΪ¿Éд,Ö´ÐÐ.²»´í,µÐÈË´òÎÒºó±»´ò·ÉÖµ²»¼Ó,¶øÎÒ´òµÐÈ˵Ļ°µÐÈ˵Ä
±»´ò·ÉÖµ¾ÍÒ»Ö±ÔÚ¼Ó.˳±ã²âÊÔÁËÒ»ÏÂÉúÃüÊý,·¢ÏÖ×Ô¼ºÌØÒâÌøÑÂN´Î»¹ÊÇÓÐ3¿ÅÐÄ(3ÌõÃü),³É¹¦ÁË.
Ò»Ö±´òµ½ÏÂÒ»¾Ö,àÅ?ÓÐÎÊÌâÁË,Ôõô¸Õ²ÅµÄÎÞµÐʧЧµÄ?»¹ÓÐÉúÃüÊýÒ²Ëø²»×¡µÄ?ÎҾ;õ²»Í¬¾ÖµÄÈËÎïµØÖ·Ò²²»Í¬,
Ò²¾ÍÊÇ˵ÿ¹ýÒ»¾Ö¾ÍÒª¸üÐÂÒ»´ÎµØÖ·ÐÅÏ¢.×ܲ»ÄÜÊÖ¶¯¸üеİÉ,ÕâÑùÌ«Âé·³ÁË.ÔÚÿһ¾ÖµÄ¿ªÊ¼¶¼»áÓÐÒ»ÕÅͼƬ
ÏÔ³öÀ´µÄ,ÊÇ"Ready.....Fight!"ÕâÕÅͼƬ,²éÁËÒ»ÏÂ,ͼƬÃû×ÖÊǽÐ"readyfight.bmp" Ñ°ÕÒÒ»ÏÂ,·¢ÏÖÏÂÃæµÄ´úÂë:
0041A5DB > \8986 40150000 mov dword ptr ds:[esi+1540],eax
0041A5E1 . 8B10 mov edx,dword ptr ds:[eax]
0041A5E3 . 53 push ebx
0041A5E4 . 68 8CC34600 push KanoAir_.0046C38C ; ASCII "system\readyfight.bmp"
0041A5E9 . 8BC8 mov ecx,eax
0041A5EB . C64424 30 14 mov byte ptr ss:[esp+30],14
0041A5F0 . FF52 0C call dword ptr ds:[edx+C]
Éè¶Ïµãºóµ÷ÊÔ·¢ÏÖÕâ¶Î´úÂëÊǵÄÈ·ÊÇÿһ¾Ö¿ªÊ¼¶¼ÒªÖ´ÐÐÒ»´ÎµÄ,¿ÉÒÔÓÃËüÀ´Çå¿ÕÈËÎïÖ¸Õë:
ÓÉÓÚ´úÂëÓÖÊǺܽôÃÜ,ËùÒÔÓÖÒª·Åµ½Ìøµ½³ÌÐòβÀ´Ö´ÐÐ×Ô¼ºÐ´µÄ´úÂë:0045DAB0 > \8B8E 40150000 mov ecx,dword ptr ds:[esi+1540]
0045DAB6 . 6A 40 push 40
0045DAB8 . 6A 30 push 30
0045DABA . E8 B19DFCFF call KanoAir_.00427870
0045DABF . 8B8E 40150000 mov ecx,dword ptr ds:[esi+1540]
0045DAC5 . 36:C705 ABDA4>mov dword ptr ss:[45DAAB],0 ; ±ê¼Ç(tigger)Çå0
0045DAD0 .^ E9 33CBFBFF jmp KanoAir_.0041A608 ; Ìø»ØÔ´úÂë¼ÌÐøÖ´ÐÐ
tiggerÇå0ºó,ÉÏÃæдµÄ´úÂë¾ÍÄÜÔÙÒ»´Î¼Ç¼×Ô¼ºÊ¹ÓÃÈËÎïµÄµØÖ·ÁË.
×Ô¼ºÍæ¹ýÒ»´Îºó,·¢ÏÖûÓÐʲôÎÊÌâÁË,·´Õý¾ÍÊDz»ËÀ,²»¹ÜÄãBOSSÓжàÇ¿,ÎÒÎÞÏÞÌõÃüÄãÄÜ´òËÀÁË? :p
ÏÂÃæÊÇ×Ô¼ºÔö¼Ó´úÂëµÄ×ܽá,ÓÉÓÚ´úÂë¾¹ý±È½Ï¶àÐÞ¸Ä,ËùÒÔÓм¸¾äûÓõĴúÂëºÍһЩNOPÖ¸ÁîûÓÐDELµô
0045D9C0 > \83C4 F4 add esp,-0C ; ´ÓÕâÀ↑ʼ
0045D9C3 . 9B wait
0045D9C4 . D97D FE fstcw word ptr ss:[ebp-2]
0045D9C7 . 9B wait
0045D9C8 . 66:8B45 FE mov ax,word ptr ss:[ebp-2]
0045D9CC . 80CC 0C or ah,0C
0045D9CF . 66:8945 FC mov word ptr ss:[ebp-4],ax
0045D9D3 . D96D FC fldcw word ptr ss:[ebp-4]
0045D9D6 . DF7D F4 fistp qword ptr ss:[ebp-C]
0045D9D9 . D96D FE fldcw word ptr ss:[ebp-2]
0045D9DC . 8B45 F4 mov eax,dword ptr ss:[ebp-C]
0045D9DF . 8B55 F8 mov edx,dword ptr ss:[ebp-8] ; µ½ÕâÀïÖ®¼äµÄ´úÂëÊÇÔÀ´³ÌÐòÓеĴúÂë
0045D9E2 . 9C pushfd ; ±£´æÏÖ³¡
0045D9E3 . 60 pushad ; ±£´æÏÖ³¡
0045D9E4 . 81FE 0000D006 cmp esi,6D00000 ; Ö¸ÕëÔÚESIÀïÃæ,¶øÇÒÊýÖµ´óÓÚ0x6D00000,¹ýÂËÒ»ÏÂ
0045D9EA . 7E 12 jle short KanoAir_.0045D9FE ; СÓÚ0x600000µÄ»°¾Í²»´¦Àí
0045D9EC . 90 nop ;
0045D9ED . 90 nop
0045D9EE . 90 nop
0045D9EF . 90 nop
0045D9F0 . 90 nop
0045D9F1 . EB 15 jmp short KanoAir_.0045DA08 ; ÎÞÌõ¼þÌøÏÂÈ¥
0045D9F3 . 36:C786 44030>mov dword ptr ss:[esi+344],0 ; ûÓõÄÖ¸Áî,ÍüÁËDELµô :p
0045D9FE > 61 popad ; »Ö¸´ÏÖ³¡
0045D9FF . 9D popfd ; »Ö¸´ÏÖ³¡
0045DA00 .^ E9 E084FEFF jmp KanoAir_.00445EE5 ; Ìø»ØÔ³ÌÐò¼ÌÐøÖ´ÐÐ
0045DA05 90 nop
0045DA06 90 nop
0045DA07 90 nop
0045DA08 > 813E C8E34500 cmp dword ptr ds:[esi],KanoAir_.0045E3C8 ; µØÖ·Ö¸Õë,ÖµÒ»¶¨Îª0x45E3C8
0045DA0E .^ 75 EE jnz short KanoAir_.0045D9FE ; µØÖ·Ö¸Õë²»¶ÔµÄ»°¾ÍÌø×ß,²»´¦Àí
0045DA10 . 8B46 1C mov eax,dword ptr ds:[esi+1C] ; ÈËÃûÐÅÏ¢
0045DA13 . B0 00 mov al,0
0045DA15 . 3D 00617975 cmp eax,75796100 ; ayu
0045DA1A . 74 38 je short KanoAir_.0045DA54
0045DA1C . 3D 006D616B cmp eax,6B616D00 ; Makoto
0045DA21 . 74 31 je short KanoAir_.0045DA54
0045DA23 . 3D 006D696E cmp eax,6E696D00 ; Minagi
0045DA28 . 74 2A je short KanoAir_.0045DA54
0045DA2A . 3D 006B616E cmp eax,6E616B00 ; Kano & Kanna
0045DA2F . 74 23 je short KanoAir_.0045DA54
0045DA31 . 3D 006D6973 cmp eax,73696D00 ; Misuzu
0045DA36 . 74 1C je short KanoAir_.0045DA54
0045DA38 . 3D 006D6169 cmp eax,69616D00 ; mai
0045DA3D . 74 15 je short KanoAir_.0045DA54
0045DA3F . 3D 00736869 cmp eax,69687300 ; shiori
0045DA44 . 74 0E je short KanoAir_.0045DA54
0045DA46 . 3D 006E6179 cmp eax,79616E00 ; Nayuki
0045DA4B . 74 07 je short KanoAir_.0045DA54
0045DA4D .^ EB AF jmp short KanoAir_.0045D9FE ; Èç¹û²»ÊÇÕ⼸¸öÈËÃûµÄ»°¾ÍÌø×ß,²»´¦Àí
0045DA4F 90 nop
0045DA50 90 nop
0045DA51 90 nop
0045DA52 90 nop
0045DA53 90 nop
0045DA54 > 8B86 F4030000 mov eax,dword ptr ds:[esi+3F4] ; ÓÖÊÇÒ»¾äûÓõÄÖ¸Áî,ÍüÁËDEL :p
0045DA5A . 36:8B1D A6DA4>mov ebx,dword ptr ss:[45DAA6] ; ¶ÁÈ¡ÄÚ´æµØÖ·
0045DA61 . 36:8B0D ABDA4>mov ecx,dword ptr ss:[45DAAB] ; ¶ÁÈ¡tigger(±ê¼Ç)
0045DA68 . 90 nop
0045DA69 . 90 nop
0045DA6A . 85C9 test ecx,ecx ; ¿´±ê¼ÇÊÇ·ñΪ¿Õ
0045DA6C . 75 17 jnz short KanoAir_.0045DA85 ; ¿ÕµÄ»°¾Í¾Í²»Ìø
0045DA6E . 36:8935 A6DA4>mov dword ptr ss:[45DAA6],esi ; °Ñµ±Ç°µØÖ·Ö¸Õë´æÈëÄÚ´æ
0045DA75 . 36:C705 ABDA4>mov dword ptr ss:[45DAAB],1 ; tigger(±ê¼Ç)¸³1±íʾÒѾ¼ÇÁËÄÚ´æÖ¸Õë
0045DA80 .^ E9 79FFFFFF jmp KanoAir_.0045D9FE ; Ìø×ß,²»´¦Àí
0045DA85 > 36:A1 A6DA450>mov eax,dword ptr ss:[45DAA6] ; ¸Õ²ÅÅжϱê¼Ç²»Îª¿ÕµÄ»°,¾Í°ÑÄÚ´æÖ¸Õë·ÅÈëEAX
0045DA8B . C780 44030000>mov dword ptr ds:[eax+344],0 ; ±»´ò·ÉÖµ¹é0
0045DA95 . C780 40030000>mov dword ptr ds:[eax+340],3 ; ÉúÃüÊý¸ÄΪ3(3ÌõÃüÓ¦¸Ã¹»ÍæµÄ,¶øÇÒ»¹ÊÇËø¶¨µÄ)
0045DA9F .^ E9 5AFFFFFF jmp KanoAir_.0045D9FE ; ¸ã¶¨ÁË,Ìø»ØÈ¥
0045DAA4 00 db 00
0045DAA5 00 db 00
0045DAA6 . 00000000 dd 00000000 ; ÄÚ´æÖ¸ÕëµØÖ·
0045DAAA 00 db 00
0045DAAB . 00000000 dd 00000000 ; tigger(񈬀)
0045DAAF 00 db 00 ; ÏÂÃæÊÇÁíÒ»¶Î´úÂë
0045DAB0 > 8B8E 40150000 mov ecx,dword ptr ds:[esi+1540] ; ÕâÒ»¶Î´úÂëÊÇÿһ¾Ö¶¼ÒªÖ´ÐÐÒ»´ÎµÄ
0045DAB6 . 6A 40 push 40
0045DAB8 . 6A 30 push 30
0045DABA . E8 B19DFCFF call KanoAir_.00427870
0045DABF . 8B8E 40150000 mov ecx,dword ptr ds:[esi+1540] ; ÉÏÃ漸ÐÐÊÇÔ´úÂëµÄ
0045DAC5 . 36:C705 ABDA4>mov dword ptr ss:[45DAAB],0 ; tigger(±ê¼Ç)Çå0
0045DAD0 .^ E9 33CBFBFF jmp KanoAir_.0041A608 ; Ìø»Ø³ÌÐòÔÀ´µÄ´úÂë¼ÌÐøÖ´ÐÐ