好友 阅读权限 25
听众 最后登录 1970-1-1
本帖最后由 姐又寡闻了 于 2019-6-6 22:44 编辑 expasy@sina.com http://davidesperalta.com/download/imgconverter [Asm] 纯文本查看 复制代码
0012EF28 0049FD5D /CALL 到 CallWindowProcW 来自 ImgConve.0049FD58
0012EF2C 771A3DDA |PrevProc = comctl32.771A3DDA
0012EF30 002F0526 |hWnd = 002F0526 (class='TEdit',parent=001E0504)
0012EF34 0000000D |Message = WM_GETTEXT
0012EF38 0000000B |Count = B (11.)
0012EF3C 020EF51C \Buffer = 020EF51C [Asm] 纯文本查看 复制代码
0049FD44 |. 50 push eax ; /lParam = 0x771A3DDA
0049FD45 |. 8B43 04 mov eax,dword ptr ds:[ebx+0x4] ; |
0049FD48 |. 50 push eax ; |wParam = 0x771A3DDA
0049FD49 |. 57 push edi ; |Message = WM_GETTEXT
0049FD4A |. 8B86 60020000 mov eax,dword ptr ds:[esi+0x260] ; |
0049FD50 |. 50 push eax ; |hWnd = 771A3DDA
0049FD51 |. 8B86 5C020000 mov eax,dword ptr ds:[esi+0x25C] ; |comctl32.771A3DDA
0049FD57 |. 50 push eax ; |PrevProc = comctl32.771A3DDA
0049FD58 |. E8 E3FDF6FF call <jmp.&user32.CallWindowProcW> ; \CallWindowProcW
0049FD5D |. 8943 0C mov dword ptr ds:[ebx+0xC],eax ; comctl32.771A3DDA
---------->
004B696F . E8 0C93FEFF call ImgConve.0049FC80
004B6974 . 83C4 10 add esp,0x10
---------->
0049B2FD |. FF51 EC call near dword ptr ds:[ecx-0x14]
0049B300 |> 5F pop edi ; 0012F154
---------->
0049FC5B . E8 E0B3FFFF call ImgConve.0049B040
0049FC60 . 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
---------->
0049AF38 |. FF53 40 call near dword ptr ds:[ebx+0x40] ; ImgConve.0049F6A8
0049AF3B |> 8B45 FC mov eax,[local.1]
---------->
0049AF50 |. E8 BFFFFFFF call ImgConve.0049AF14
0049AF55 |. 5B pop ebx
---------->
00499956 |. E8 ED150000 call ImgConve.0049AF48
0049995B \. C3 retn
---------->
00499A02 |. E8 49FFFFFF call ImgConve.00499950
00499A07 |. 2BD8 sub ebx,eax
---------->
00695F06 |. E8 C93AE0FF call ImgConve.004999D4
00695F0B |. 8B45 FC mov eax,[local.1]
00695F0E |. E8 EDF0FFFF call ImgConve.00695000
00695F13 |. 84C0 test al,al
00695F15 |. 74 30 je short ImgConve.00695F47 [Asm] 纯文本查看 复制代码
00695F06 |. E8 C93AE0FF call ImgConve.004999D4 ; 取sn
00695F0B |. 8B45 FC mov eax,[local.1]
00695F0E |. E8 EDF0FFFF call ImgConve.00695000 ; 关键call之1
00695F13 |. 84C0 test al,al
00695F15 |. 74 30 je short ImgConve.00695F47 ; sn满足一定条件才取name
00695F17 |. 8D55 F8 lea edx,[local.2]
00695F1A |. 8B83 A4030000 mov eax,dword ptr ds:[ebx+0x3A4]
00695F20 |. E8 AF3AE0FF call ImgConve.004999D4
00695F25 |. 8B45 F8 mov eax,[local.2] ; kernel32.7C817080
00695F28 |. 50 push eax
00695F29 |. 8D55 F4 lea edx,[local.3]
00695F2C |. 8B83 9C030000 mov eax,dword ptr ds:[ebx+0x39C]
00695F32 |. E8 9D3AE0FF call ImgConve.004999D4 ; 取用户名
00695F37 |. 8B45 F4 mov eax,[local.3] ; kernel32.7C839AD8
00695F3A |. B9 89720100 mov ecx,0x17289
00695F3F |. 5A pop edx ; kernel32.7C817077
00695F40 |. E8 5BF1FFFF call ImgConve.006950A0 ; 关键call之2
00695F45 |. 8BF0 mov esi,eax
00695F47 |> 4E dec esi
00695F48 |. 75 3B jnz short ImgConve.00695F85 ; 不能跳
00695F4A |. A1 18EE7B00 mov eax,dword ptr ds:[0x7BEE18] ; 这个是flag,2未注册,1已注册
00695F4F |. C700 01000000 mov dword ptr ds:[eax],0x1
00695F55 |. 8D55 F0 lea edx,[local.4]
00695F58 |. 8B83 A4030000 mov eax,dword ptr ds:[ebx+0x3A4]
00695F5E |. E8 713AE0FF call ImgConve.004999D4
00695F63 |. 8B45 F0 mov eax,[local.4]
00695F66 |. 50 push eax
00695F67 |. 8D55 EC lea edx,[local.5]
00695F6A |. 8B83 9C030000 mov eax,dword ptr ds:[ebx+0x39C]
00695F70 |. E8 5F3AE0FF call ImgConve.004999D4
00695F75 |. 8B55 EC mov edx,[local.5]
00695F78 |. B8 C45F6900 mov eax,ImgConve.00695FC4 ; Software\David Esperalta\ImgConverter\Options\
00695F7D |. 59 pop ecx ; kernel32.7C817077
00695F7E |. E8 8DF6FFFF call ImgConve.00695610
00695F83 |. EB 0B jmp short ImgConve.00695F90
00695F85 |> A1 18EE7B00 mov eax,dword ptr ds:[0x7BEE18] ; flag [Asm] 纯文本查看 复制代码
地址 反汇编 注释
00695F4A mov eax,dword ptr ds:[0x7BEE18] 这个是flag,2未注册,1已注册
00695F85 mov eax,dword ptr ds:[0x7BEE18] flag
006A3611 mov eax,dword ptr ds:[0x7BEE18] [007BEE18]=008133A0
006A3ADE mov eax,dword ptr ds:[0x7BEE18] [007BEE18]=008133A0
006A3BC3 mov eax,dword ptr ds:[0x7BEE18] [007BEE18]=008133A0
006A3C46 mov eax,dword ptr ds:[0x7BEE18] [007BEE18]=008133A0
006A4189 mov eax,dword ptr ds:[0x7BEE18] (初始 CPU 选择) [Asm] 纯文本查看 复制代码
006A35D8 |. E8 3321FFFF call ImgConve.00695710 ; 重启验证,这里改了就爆破了
006A35DD |. 84C0 test al,al
006A35DF 74 3B je short ImgConve.006A361C
006A35E1 |. 8D4D F4 lea ecx,[local.3]
006A35E4 |. BA BC366A00 mov edx,ImgConve.006A36BC ; About...
006A35E9 |. 8BB3 C0030000 mov esi,dword ptr ds:[ebx+0x3C0]
006A35EF |. 8BC6 mov eax,esi
006A35F1 |. E8 F6C6F1FF call ImgConve.005BFCEC
006A35F6 |. 8B55 F4 mov edx,[local.3] ; kernel32.7C839AD8
006A35F9 |. 8D4D F8 lea ecx,[local.2]
006A35FC |. 8BC6 mov eax,esi
006A35FE |. E8 E9C6F1FF call ImgConve.005BFCEC
006A3603 |. 8B55 F8 mov edx,[local.2] ; kernel32.7C817080
006A3606 |. 8B83 AC030000 mov eax,dword ptr ds:[ebx+0x3AC]
006A360C |. E8 1F64DFFF call ImgConve.00499A30
006A3611 |. A1 18EE7B00 mov eax,dword ptr ds:[0x7BEE18] ; 又是flag吧
006A3616 |. C700 01000000 mov dword ptr ds:[eax],0x1
006A361C |> 33C0 xor eax,eax [Asm] 纯文本查看 复制代码
00695000 <>/$ 55 push ebp ; 关键call之1
00695001 |. 8BEC mov ebp,esp
00695003 |. 6A 00 push 0x0
00695005 |. 6A 00 push 0x0
00695007 |. 6A 00 push 0x0
00695009 |. 53 push ebx
0069500A |. 56 push esi
0069500B |. 8BF0 mov esi,eax
0069500D |. 33C0 xor eax,eax
0069500F |. 55 push ebp
00695010 |. 68 8F506900 push ImgConve.0069508F
00695015 |. 64:FF30 push dword ptr fs:[eax]
00695018 |. 64:8920 mov dword ptr fs:[eax],esp
0069501B |. 33DB xor ebx,ebx
0069501D |. 8D55 FC lea edx,[local.1]
00695020 |. 8BC6 mov eax,esi ; szCode
00695022 |. E8 65FFFFFF call <ImgConve.FormatCode> ; 去掉“-”符号,并且转大写
00695027 |. 8B45 FC mov eax,[local.1]
0069502A |. 85C0 test eax,eax
0069502C |. 74 05 je short ImgConve.00695033
0069502E |. 83E8 04 sub eax,0x4
00695031 |. 8B00 mov eax,dword ptr ds:[eax]
00695033 |> 83F8 1C cmp eax,0x1C ; strlength(szCode) == 0x1C (28),sn长度判断
00695036 |. 75 3C jnz short ImgConve.00695074
00695038 |. 8D45 F8 lea eax,[local.2]
0069503B |. 50 push eax
0069503C |. B9 04000000 mov ecx,0x4
00695041 |. BA 19000000 mov edx,0x19
00695046 |. 8B45 FC mov eax,[local.1] ; szCode
00695049 |. E8 3638D7FF call <ImgConve.System.@UStrCopy> ; mid(eax,edx,ecx),取最后4位,szCode25_28
0069504E |. 8D45 FC lea eax,[local.1]
00695051 |. BA 18000000 mov edx,0x18
00695056 |. E8 E135D7FF call <ImgConve.System.@UStrSetLength> ; 取前24位,szCode1_24
0069505B |. 8D55 F4 lea edx,[local.3]
0069505E |. 8B45 FC mov eax,[local.1]
00695061 |. E8 F2FDFFFF call <ImgConve.CalcSum_szCode> ; AscSum(szCode1_24+??)-->subxxx--->hex
00695066 |. 8B55 F4 mov edx,[local.3] ; kernel32.7C839AD8
00695069 |. 8B45 F8 mov eax,[local.2] ; szCode25_28 == ret_szCode1_24
0069506C |. E8 DB37D7FF call <ImgConve.System.@UStrEqual>
00695071 |. 0F94C3 sete bl
00695074 |> 33C0 xor eax,eax
00695076 |. 5A pop edx ; kernel32.7C817077
00695077 |. 59 pop ecx ; kernel32.7C817077
00695078 |. 59 pop ecx ; kernel32.7C817077
00695079 |. 64:8910 mov dword ptr fs:[eax],edx ; ntdll.KiFastSystemCallRet
0069507C |. 68 96506900 push ImgConve.00695096
00695081 |> 8D45 F4 lea eax,[local.3]
00695084 |. BA 03000000 mov edx,0x3
00695089 |. E8 F626D7FF call <ImgConve.System.@UStrArrayClr>
0069508E \. C3 retn [Asm] 纯文本查看 复制代码
00694E58 <>/$ 55 push ebp ; CalcSum_szCode
00694E59 |. 8BEC mov ebp,esp
00694E5B |. 83C4 F8 add esp,-0x8
00694E5E |. 53 push ebx
00694E5F |. 56 push esi
00694E60 |. 8955 F8 mov [local.2],edx ; ntdll.KiFastSystemCallRet
00694E63 |. 8945 FC mov [local.1],eax
00694E66 |. 8B45 FC mov eax,[local.1]
00694E69 |. E8 9A29D7FF call <ImgConve.System.@UStrAddRef>
00694E6E |. 33C0 xor eax,eax
00694E70 |. 55 push ebp
00694E71 |. 68 F34E6900 push ImgConve.00694EF3
00694E76 |. 64:FF30 push dword ptr fs:[eax]
00694E79 |. 64:8920 mov dword ptr fs:[eax],esp
00694E7C |. 66:BA 5600 mov dx,0x56
00694E80 |. 66:B8 AF00 mov ax,0xAF
00694E84 |. 8B4D FC mov ecx,[local.1]
00694E87 |. 85C9 test ecx,ecx
00694E89 |. 74 05 je short ImgConve.00694E90
00694E8B |. 83E9 04 sub ecx,0x4
00694E8E |. 8B09 mov ecx,dword ptr ds:[ecx] ; ntdll.7C92DCBA
00694E90 |> 85C9 test ecx,ecx
00694E92 |. 7E 31 jle short ImgConve.00694EC5
00694E94 |. 85C9 test ecx,ecx
00694E96 |. 7E 2D jle short ImgConve.00694EC5
00694E98 |. BB 01000000 mov ebx,0x1
00694E9D |> 8B75 FC /mov esi,[local.1] ; lea esi,[szCode1_24]
00694EA0 |. 0FB6745E FE |movzx esi,byte ptr ds:[esi+ebx*2-0x2] ; 依次取,由于是unicode编码所有*2
00694EA5 |. 66:03C6 |add ax,si
00694EA8 |. 66:3D FF00 |cmp ax,0xFF
00694EAC |. 76 04 |jbe short ImgConve.00694EB2
00694EAE |. 66:2D FF00 |sub ax,0xFF
00694EB2 |> 66:03D0 |add dx,ax
00694EB5 |. 66:81FA FF00 |cmp dx,0xFF
00694EBA |. 76 05 |jbe short ImgConve.00694EC1
00694EBC |. 66:81EA FF00 |sub dx,0xFF
00694EC1 |> 43 |inc ebx ; AscSum()字符串的ascii码和
00694EC2 |. 49 |dec ecx ; 结果的eax=(0AFh+AscSum(szCode1)) and 0xFF
00694EC3 |.^ 75 D8 \jnz short ImgConve.00694E9D ; 结果在edx=(56h+0AFh+AscSum(szCode1)) and 0xFF
00694EC5 |> 8BDA mov ebx,edx ; ntdll.KiFastSystemCallRet
00694EC7 |. C1E3 08 shl ebx,0x8 ; ebx=edx shl 08h====>xor ebx,ebx, mov bh,dl
00694ECA |. 66:03D8 add bx,ax ; ===>mov bl,al
00694ECD |. 8B4D F8 mov ecx,[local.2] ; kernel32.7C817080
00694ED0 |. 0FB7C3 movzx eax,bx
00694ED3 |. BA 04000000 mov edx,0x4
00694ED8 |. E8 27BDD8FF call <ImgConve.System.SysUtils.IntToHex> ; 转hex,只取4位,字符串
00694EDD |. 33C0 xor eax,eax
00694EDF |. 5A pop edx ; kernel32.7C817077
00694EE0 |. 59 pop ecx ; kernel32.7C817077
00694EE1 |. 59 pop ecx ; kernel32.7C817077
00694EE2 |. 64:8910 mov dword ptr fs:[eax],edx ; ntdll.KiFastSystemCallRet
00694EE5 |. 68 FA4E6900 push ImgConve.00694EFA
00694EEA |> 8D45 FC lea eax,[local.1]
00694EED |. E8 3228D7FF call <ImgConve.System.@UStrClr>
00694EF2 \. C3 retn [Asm] 纯文本查看 复制代码
006950A0 <>/$ 55 push ebp ; 关键call之2,返回1则成功,返回2,3,4都失败
006950A1 |. 8BEC mov ebp,esp
006950A3 |. 51 push ecx
006950A4 |. B9 09000000 mov ecx,0x9
006950A9 |> 6A 00 /push 0x0
006950AB |. 6A 00 |push 0x0
006950AD |. 49 |dec ecx
006950AE |.^ 75 F9 \jnz short ImgConve.006950A9
006950B0 |. 874D FC xchg [local.1],ecx
006950B3 |. 53 push ebx
006950B4 |. 56 push esi
006950B5 |. 57 push edi
006950B6 |. 894D EC mov [local.5],ecx
006950B9 |. 8BDA mov ebx,edx ;
006950BB |. 8BF8 mov edi,eax
006950BD |. 33C0 xor eax,eax
006950BF |. 55 push ebp
006950C0 |. 68 A7546900 push ImgConve.006954A7
006950C5 |. 64:FF30 push dword ptr fs:[eax]
006950C8 |. 64:8920 mov dword ptr fs:[eax],esp
006950CB |. BE 02000000 mov esi,0x2
006950D0 |. 8BC7 mov eax,edi
006950D2 |. E8 2DFCFFFF call <ImgConve.CheckNameLength> ; 用户名的长度验证,30~200位,好长
006950D7 |. 84C0 test al,al
006950D9 |. 0F84 A0030000 je ImgConve.0069547F
006950DF |. 8BC3 mov eax,ebx
006950E1 |. E8 1AFFFFFF call <ImgConve.CheckCodeLast4>
006950E6 |. 84C0 test al,al
006950E8 |. 0F84 91030000 je ImgConve.0069547F
006950EE |. 8D55 FC lea edx,[local.1]
006950F1 |. 8BC3 mov eax,ebx ; szCode
006950F3 |. E8 94FEFFFF call <ImgConve.FormatCode> ; 去“-”,转大写
006950F8 |. BE 01000000 mov esi,0x1
006950FD |. 8B1D D0EE7B00 mov ebx,dword ptr ds:[0x7BEED0] ;
00695103 |> 8D55 F4 /lea edx,[local.3]
00695106 |. 8B03 |mov eax,dword ptr ds:[ebx] ; "XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX"
00695108 |. E8 7FFEFFFF |call <ImgConve.FormatCode>
0069510D |. 8D45 F0 |lea eax,[local.4]
00695110 |. 8B55 FC |mov edx,[local.1]
00695113 |. E8 342AD7FF |call <ImgConve.System.@UStrLAsg>
00695118 |. 8B55 F0 |mov edx,[local.4]
0069511B |. 8B45 F4 |mov eax,[local.3] ;
0069511E |. E8 657EDCFF |call <ImgConve.strCompare>
00695123 |. 84C0 |test al,al
00695125 |. 74 0A |je short ImgConve.00695131
00695127 |. BE 03000000 |mov esi,0x3 ; 如果sn是上面一串的话,返回3,失败
0069512C |. E9 4E030000 |jmp ImgConve.0069547F
00695131 |> 83C3 04 |add ebx,0x4
00695134 |. 4E |dec esi
00695135 |.^ 75 CC \jnz short ImgConve.00695103
00695137 |. BE 04000000 mov esi,0x4
0069513C |. 8B45 EC mov eax,[local.5]
0069513F |. 99 cdq
00695140 |. 52 push edx ; ntdll.KiFastSystemCallRet
00695141 |. 50 push eax
00695142 |. 8BC7 mov eax,edi
00695144 |. E8 4FFCFFFF call <ImgConve.CalcSum_szName> ; 结果为szNameSum
00695149 |. E8 9642D7FF call <ImgConve.System.@_llmul> ; szNameSum * 0x17289 (这个来自上层调用的时候的一个参数)
0069514E |. 8945 E0 mov [local.8],eax
00695151 |. 8955 E4 mov [local.7],edx ; edx为乘积的更高位(sum>0B0DE),name最少176位才可能
00695154 |. 8D45 F8 lea eax,[local.2]
00695157 |. 50 push eax
00695158 |. B9 02000000 mov ecx,0x2
0069515D |. BA 01000000 mov edx,0x1
00695162 |. 8B45 FC mov eax,[local.1]
00695165 |. E8 1A37D7FF call <ImgConve.System.@UStrCopy> ; szCode1_2=mid(eax,edx,ecx)=mid(szCode,1,2)
0069516A |. FF75 E4 push [local.7]
0069516D |. FF75 E0 push [local.8]
00695170 |. B1 91 mov cl,0x91 ; ret1=loc8 shr (al mod 0xc)
00695172 |. B2 0B mov dl,0xB ; ret2=loc8 shr (dl mod 0x22)
00695174 |. B0 5E mov al,0x5E ; ret=ret1 xor (ret2 and/or cl)
00695176 |. E8 85FDFFFF call <ImgConve.exshr> ; sub(al,dl,cl,loc8,loc7)
0069517B |. 8BD8 mov ebx,eax
0069517D |. 8D4D DC lea ecx,[local.9]
00695180 |. 0FB6C3 movzx eax,bl ; eax=ret and 0xFF
00695183 |. BA 02000000 mov edx,0x2
00695188 |. E8 77BAD8FF call <ImgConve.System.SysUtils.IntToHex>
0069518D |. 8B55 DC mov edx,[local.9]
00695190 |. 8B45 F8 mov eax,[local.2] ; kernel32.7C817080
00695193 |. E8 B436D7FF call <ImgConve.System.@UStrEqual> ; 前2位是“21”,由用户名计算得出
......省略一大段相似代码,分别是计算验证sn前22位的......
。。。。。。。
。。。。。
。。。 [Asm] 纯文本查看 复制代码
00694D98 <>/$ 55 push ebp ; CalcSum_szName
00694D99 |. 8BEC mov ebp,esp
00694D9B |. 83C4 F0 add esp,-0x10
00694D9E |. 53 push ebx
00694D9F |. 33D2 xor edx,edx ; ntdll.KiFastSystemCallRet
00694DA1 |. 8955 F8 mov [local.2],edx ; ntdll.KiFastSystemCallRet
00694DA4 |. 8945 FC mov [local.1],eax
00694DA7 |. 8B45 FC mov eax,[local.1]
00694DAA |. E8 592AD7FF call <ImgConve.System.@UStrAddRef>
00694DAF |. 33C0 xor eax,eax
00694DB1 |. 55 push ebp
00694DB2 |. 68 434E6900 push ImgConve.00694E43
00694DB7 |. 64:FF30 push dword ptr fs:[eax]
00694DBA |. 64:8920 mov dword ptr fs:[eax],esp
00694DBD |. 33DB xor ebx,ebx
00694DBF |. 8B45 FC mov eax,[local.1]
00694DC2 |. E8 3DFFFFFF call <ImgConve.CheckNameLength>
00694DC7 |. 84C0 test al,al
00694DC9 |. 74 54 je short ImgConve.00694E1F
00694DCB |. 8D45 F8 lea eax,[local.2]
00694DCE |. 8B55 FC mov edx,[local.1]
00694DD1 |. E8 762DD7FF call <ImgConve.System.@UStrLAsg>
00694DD6 |. 8B45 F8 mov eax,[local.2] ; kernel32.7C817080
00694DD9 |. 85C0 test eax,eax
00694DDB |. 74 05 je short ImgConve.00694DE2
00694DDD |. 83E8 04 sub eax,0x4
00694DE0 |. 8B00 mov eax,dword ptr ds:[eax]
00694DE2 |> 8BD0 mov edx,eax
00694DE4 |. 85D2 test edx,edx ; ntdll.KiFastSystemCallRet
00694DE6 |. 7E 37 jle short ImgConve.00694E1F
00694DE8 |. B8 01000000 mov eax,0x1 ; ebx=0
00694DED |> 83F8 01 /cmp eax,0x1
00694DF0 |. 7E 16 |jle short ImgConve.00694E08
00694DF2 |. 8B4D F8 |mov ecx,[local.2] ; kernel32.7C817080
00694DF5 |. 0FB74C41 FE |movzx ecx,word ptr ds:[ecx+eax*2-0x2]
00694DFA |. 03D9 |add ebx,ecx
00694DFC |. 8B4D F8 |mov ecx,[local.2] ; kernel32.7C817080
00694DFF |. 0FB74C41 FC |movzx ecx,word ptr ds:[ecx+eax*2-0x4]
00694E04 |. 03D9 |add ebx,ecx
00694E06 |. EB 13 |jmp short ImgConve.00694E1B
00694E08 |> 8B4D F8 |mov ecx,[local.2] ; kernel32.7C817080
00694E0B |. 0FB74C41 FE |movzx ecx,word ptr ds:[ecx+eax*2-0x2]
00694E10 |. 03D9 |add ebx,ecx
00694E12 |. 8B4D F8 |mov ecx,[local.2] ; kernel32.7C817080
00694E15 |. 0FB70C41 |movzx ecx,word ptr ds:[ecx+eax*2]
00694E19 |. 03D9 |add ebx,ecx ; szName的ascii和,都取了2遍所以*2
00694E1B |> 40 |inc eax ; 第2位取了3次,最后一位只取了1次
00694E1C |. 4A |dec edx ; ntdll.KiFastSystemCallRet
00694E1D |.^ 75 CE \jnz short ImgConve.00694DED ; 结果为ebx=AscSum(szName)*2+szName[2]-szName[last]
00694E1F |> 8BC3 mov eax,ebx
00694E21 |. 99 cdq
00694E22 |. 8945 F0 mov [local.4],eax
00694E25 |. 8955 F4 mov [local.3],edx ; ntdll.KiFastSystemCallRet
00694E28 |. 33C0 xor eax,eax
00694E2A |. 5A pop edx ; kernel32.7C817077
00694E2B |. 59 pop ecx ; kernel32.7C817077
00694E2C |. 59 pop ecx ; kernel32.7C817077
00694E2D |. 64:8910 mov dword ptr fs:[eax],edx ; ntdll.KiFastSystemCallRet
00694E30 |. 68 4A4E6900 push ImgConve.00694E4A
00694E35 |> 8D45 F8 lea eax,[local.2]
00694E38 |. BA 02000000 mov edx,0x2
00694E3D |. E8 4229D7FF call <ImgConve.System.@UStrArrayClr>
00694E42 \. C3 retn
www.52pojie.cn/www. 飘云阁.com/expasy
ImgConverter1.1.7z
(7.5 KB, 下载次数: 44)
查看全部评分
[复制链接]
发表于 2016-6-17 10:18
|
发表于 2016-6-17 12:53
发表于 2016-6-17 16:58
