📄 stub.cod
字号:
00151 8b 0d 00 00 00
00 mov ecx, DWORD PTR ?dwLoadAddress@@3KA ; dwLoadAddress
00157 8b 06 mov eax, DWORD PTR [esi]
00159 83 c3 04 add ebx, 4
0015c 85 c0 test eax, eax
0015e 8d 14 08 lea edx, DWORD PTR [eax+ecx]
00161 89 55 fc mov DWORD PTR _pImport$[ebp], edx
00164 75 8e jne SHORT $L17317
$L17318:
; 173 : pAddress = (DWORD*)dwTemp;
; 174 :
; 175 : while(pThunk->u1.Function)
00166 8b 7d f8 mov edi, DWORD PTR _pIID$[ebp]
$L16799:
; 206 : pImport = (IMAGE_IMPORT_BY_NAME*)dwTemp;
; 207 : }
; 208 : }
; 209 :
; 210 : FillMemory((void*)pIID, sizeof(IMAGE_IMPORT_DESCRIPTOR), 0);
00169 8b cf mov ecx, edi
0016b 33 c0 xor eax, eax
; 211 : //memset((void*)pIID, 0, sizeof(IMAGE_IMPORT_DESCRIPTOR));
; 212 :
; 213 : pIID++;
0016d 83 c7 14 add edi, 20 ; 00000014H
00170 89 01 mov DWORD PTR [ecx], eax
00172 89 7d f8 mov DWORD PTR _pIID$[ebp], edi
00175 89 41 04 mov DWORD PTR [ecx+4], eax
00178 89 41 08 mov DWORD PTR [ecx+8], eax
0017b 89 41 0c mov DWORD PTR [ecx+12], eax
0017e 89 41 10 mov DWORD PTR [ecx+16], eax
00181 a1 00 00 00 00 mov eax, DWORD PTR ?dwLoadAddress@@3KA ; dwLoadAddress
00186 0f 85 01 ff ff
ff jne $L16779
$L16784:
; 214 : }
; 215 :
; 216 : pfnVirtualProtect((void*)(pSecHdr->VirtualAddress + dwLoadAddress), pSecHdr->Misc.VirtualSize, dwOldProtect, &dwOldProtect);
0018c 8b 4d f4 mov ecx, DWORD PTR _dwOldProtect$[ebp]
0018f 8d 55 f4 lea edx, DWORD PTR _dwOldProtect$[ebp]
00192 52 push edx
00193 51 push ecx
00194 8b 4d e8 mov ecx, DWORD PTR _pSecHdr$[ebp]
00197 8b 51 08 mov edx, DWORD PTR [ecx+8]
0019a 8b 49 0c mov ecx, DWORD PTR [ecx+12]
0019d 03 c8 add ecx, eax
0019f 52 push edx
001a0 51 push ecx
001a1 ff 15 00 00 00
00 call DWORD PTR ?pfnVirtualProtect@@3P6GHPAXKKPAK@ZA ; pfnVirtualProtect
001a7 5f pop edi
001a8 5e pop esi
001a9 5b pop ebx
; 217 : }
001aa 8b e5 mov esp, ebp
001ac 5d pop ebp
001ad c3 ret 0
?ResolveImports@@YAXXZ ENDP ; ResolveImports
_TEXT ENDS
; COMDAT ?CopyResources@@YAXPAU_IMAGE_RESOURCE_DIRECTORY@@0@Z
_TEXT SEGMENT
_pSourceRoot$ = 8
_pDestinationRoot$ = 12
_pSourceEntry$ = 8
_dwIconCount$ = -4
_dwGroupIconCount$ = -8
?CopyResources@@YAXPAU_IMAGE_RESOURCE_DIRECTORY@@0@Z PROC NEAR ; CopyResources, COMDAT
; 321 : {
00000 55 push ebp
00001 8b ec mov ebp, esp
00003 83 ec 24 sub esp, 36 ; 00000024H
; 326 : DWORD dwGroupIconCount = 0;
; 327 :
; 328 : int nDirectoryCount = pSourceRoot->NumberOfIdEntries + pSourceRoot->NumberOfNamedEntries;
00006 8b 45 08 mov eax, DWORD PTR _pSourceRoot$[ebp]
00009 56 push esi
0000a 33 c9 xor ecx, ecx
0000c 33 f6 xor esi, esi
0000e 66 8b 48 0e mov cx, WORD PTR [eax+14]
00012 66 8b 70 0c mov si, WORD PTR [eax+12]
00016 33 d2 xor edx, edx
00018 03 ce add ecx, esi
; 329 :
; 330 : pSourceEntry = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((DWORD)pSourceRoot + sizeof(IMAGE_RESOURCE_DIRECTORY));
0001a 8d 70 10 lea esi, DWORD PTR [eax+16]
; 331 : pDestinationEntry = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((DWORD)pDestinationRoot + sizeof(IMAGE_RESOURCE_DIRECTORY));
; 332 :
; 333 : for(int i = 0; i < nDirectoryCount; i++)
0001d 3b ca cmp ecx, edx
0001f 89 55 fc mov DWORD PTR _dwIconCount$[ebp], edx
00022 89 55 f8 mov DWORD PTR _dwGroupIconCount$[ebp], edx
00025 89 75 08 mov DWORD PTR _pSourceEntry$[ebp], esi
00028 0f 8e c5 01 00
00 jle $L16883
0002e 53 push ebx
0002f 8b 5d 0c mov ebx, DWORD PTR _pDestinationRoot$[ebp]
00032 8b f3 mov esi, ebx
00034 57 push edi
00035 2b f0 sub esi, eax
00037 89 4d e0 mov DWORD PTR -32+[ebp], ecx
0003a 89 75 dc mov DWORD PTR -36+[ebp], esi
0003d eb 03 jmp SHORT $L16881
$L17330:
; 322 : PIMAGE_RESOURCE_DIRECTORY_ENTRY pSourceEntry;
; 323 : PIMAGE_RESOURCE_DIRECTORY_ENTRY pDestinationEntry;
; 324 :
; 325 : DWORD dwIconCount = 0;
0003f 8b 75 dc mov esi, DWORD PTR -36+[ebp]
$L16881:
; 334 : {
; 335 : if(pSourceEntry->DataIsDirectory)
00042 8b 4d 08 mov ecx, DWORD PTR _pSourceEntry$[ebp]
00045 8b 49 04 mov ecx, DWORD PTR [ecx+4]
00048 f7 c1 00 00 00
80 test ecx, -2147483648 ; 80000000H
0004e 0f 84 87 01 00
00 je $L16905
; 336 : {
; 337 : PIMAGE_RESOURCE_DIRECTORY pSourceSubDirectory = (PIMAGE_RESOURCE_DIRECTORY)((DWORD)pSourceEntry->OffsetToDirectory + (DWORD)pSourceRoot);
00054 81 e1 ff ff ff
7f and ecx, 2147483647 ; 7fffffffH
; 338 : PIMAGE_RESOURCE_DIRECTORY pDestinationSubDirectory = (PIMAGE_RESOURCE_DIRECTORY)((DWORD)pDestinationEntry->OffsetToDirectory + (DWORD)pDestinationRoot);
; 339 :
; 340 : int nSubDirectoryCount = pSourceSubDirectory->NumberOfIdEntries + pSourceSubDirectory->NumberOfNamedEntries;
0005a 33 ff xor edi, edi
0005c 03 c8 add ecx, eax
0005e 8b d1 mov edx, ecx
00060 33 c9 xor ecx, ecx
00062 66 8b 4a 0e mov cx, WORD PTR [edx+14]
00066 66 8b 7a 0c mov di, WORD PTR [edx+12]
0006a 03 cf add ecx, edi
0006c 8b 7d 08 mov edi, DWORD PTR _pSourceEntry$[ebp]
0006f 8b 74 3e 04 mov esi, DWORD PTR [esi+edi+4]
00073 81 e6 ff ff ff
7f and esi, 2147483647 ; 7fffffffH
; 341 :
; 342 : PIMAGE_RESOURCE_DIRECTORY_ENTRY pSourceSubEntry = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((DWORD)pSourceSubDirectory + sizeof(IMAGE_RESOURCE_DIRECTORY));
; 343 : PIMAGE_RESOURCE_DIRECTORY_ENTRY pDestinationSubEntry = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((DWORD)pDestinationSubDirectory + sizeof(IMAGE_RESOURCE_DIRECTORY));
; 344 :
; 345 : for(int j = 0; j < nSubDirectoryCount; j++)
00079 85 c9 test ecx, ecx
0007b 8d 74 1e 10 lea esi, DWORD PTR [esi+ebx+16]
0007f 0f 8e 56 01 00
00 jle $L16905
00085 83 c6 04 add esi, 4
00088 83 c2 14 add edx, 20 ; 00000014H
0008b 89 75 e8 mov DWORD PTR -24+[ebp], esi
0008e 89 55 ec mov DWORD PTR -20+[ebp], edx
00091 89 4d e4 mov DWORD PTR -28+[ebp], ecx
$L16903:
; 346 : {
; 347 : if(pSourceSubEntry->DataIsDirectory)
00094 8b 0a mov ecx, DWORD PTR [edx]
00096 f7 c1 00 00 00
80 test ecx, -2147483648 ; 80000000H
0009c 0f 84 1a 01 00
00 je $L16927
; 348 : {
; 349 : PIMAGE_RESOURCE_DIRECTORY pSourceSubSubDirectory = (PIMAGE_RESOURCE_DIRECTORY)((DWORD)pSourceSubEntry->OffsetToDirectory + (DWORD)pSourceRoot);
; 350 : PIMAGE_RESOURCE_DIRECTORY pDestinationSubSubDirectory = (PIMAGE_RESOURCE_DIRECTORY)((DWORD)pDestinationSubEntry->OffsetToDirectory + (DWORD)pDestinationRoot);
000a2 8b 36 mov esi, DWORD PTR [esi]
000a4 81 e1 ff ff ff
7f and ecx, 2147483647 ; 7fffffffH
000aa 03 c8 add ecx, eax
; 351 :
; 352 : int nSubSubDirectoryCount = pSourceSubSubDirectory->NumberOfIdEntries + pSourceSubSubDirectory->NumberOfNamedEntries;
000ac 33 ff xor edi, edi
000ae 8b d1 mov edx, ecx
000b0 33 c9 xor ecx, ecx
000b2 81 e6 ff ff ff
7f and esi, 2147483647 ; 7fffffffH
000b8 66 8b 4a 0e mov cx, WORD PTR [edx+14]
000bc 66 8b 7a 0c mov di, WORD PTR [edx+12]
000c0 03 cf add ecx, edi
; 353 :
; 354 : PIMAGE_RESOURCE_DIRECTORY_ENTRY pSourceSubSubEntry = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((DWORD)pSourceSubSubDirectory + sizeof(IMAGE_RESOURCE_DIRECTORY));
; 355 : PIMAGE_RESOURCE_DIRECTORY_ENTRY pDestinationSubSubEntry = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((DWORD)pDestinationSubSubDirectory + sizeof(IMAGE_RESOURCE_DIRECTORY));
000c2 8d 74 1e 10 lea esi, DWORD PTR [esi+ebx+16]
; 356 :
; 357 : for(int k = 0; k < nSubSubDirectoryCount; k++)
000c6 85 c9 test ecx, ecx
000c8 0f 8e ee 00 00
00 jle $L16927
000ce 83 c6 04 add esi, 4
000d1 83 c2 14 add edx, 20 ; 00000014H
000d4 89 75 f4 mov DWORD PTR -12+[ebp], esi
000d7 89 55 0c mov DWORD PTR 12+[ebp], edx
000da 89 4d f0 mov DWORD PTR -16+[ebp], ecx
$L16925:
; 358 : {
; 359 : if(!(pSourceSubSubEntry->OffsetToData & 0x8000000))
000dd 8b 12 mov edx, DWORD PTR [edx]
000df f7 c2 00 00 00
08 test edx, 134217728 ; 08000000H
000e5 0f 85 b2 00 00
00 jne $L16936
; 360 : {
; 361 : PIMAGE_RESOURCE_DATA_ENTRY pSourceDataEntry = (PIMAGE_RESOURCE_DATA_ENTRY)((DWORD)pSourceRoot + pSourceSubSubEntry->OffsetToData);
; 362 : PIMAGE_RESOURCE_DATA_ENTRY pDestinationDataEntry = (PIMAGE_RESOURCE_DATA_ENTRY)((DWORD)pDestinationRoot + pDestinationSubSubEntry->OffsetToData);
000eb 8b 0e mov ecx, DWORD PTR [esi]
000ed 8b fb mov edi, ebx
000ef 03 f9 add edi, ecx
; 363 :
; 364 : switch(pSourceEntry->Name)
; 365 : {
000f1 8b 4d 08 mov ecx, DWORD PTR _pSourceEntry$[ebp]
000f4 8b 31 mov esi, DWORD PTR [ecx]
000f6 83 c6 fd add esi, -3 ; fffffffdH
000f9 83 fe 15 cmp esi, 21 ; 00000015H
000fc 0f 87 9b 00 00
00 ja $L16936
00102 33 c9 xor ecx, ecx
00104 8a 8e 00 00 00
00 mov cl, BYTE PTR $L17333[esi]
0010a ff 24 8d 00 00
00 00 jmp DWORD PTR $L17334[ecx*4]
$L16942:
; 366 : case RT_ICON:
; 367 : if(dwIconCount < gev.dwFirstGroupIconCount)
00111 8b 4d fc mov ecx, DWORD PTR _dwIconCount$[ebp]
00114 8b 35 10 00 00
00 mov esi, DWORD PTR ?gev@@3UGlobalExternalVars@@A+16
0011a 3b ce cmp ecx, esi
0011c 73 7f jae SHORT $L16936
; 368 : {
; 369 : DWORD dwTemp = pSourceDataEntry->OffsetToData - ((DWORD)pDestinationRoot - dwLoadAddress);
; 370 : CopyMemory((LPVOID)(pDestinationDataEntry->OffsetToData + dwLoadAddress), (LPVOID)(dwTemp + (DWORD)pSourceRoot), pSourceDataEntry->Size);
0011e 8b 34 02 mov esi, DWORD PTR [edx+eax]
00121 8b 4c 02 04 mov ecx, DWORD PTR [edx+eax+4]
00125 8b 15 00 00 00
00 mov edx, DWORD PTR ?dwLoadAddress@@3KA ; dwLoadAddress
0012b 8b 3f mov edi, DWORD PTR [edi]
0012d 2b f3 sub esi, ebx
0012f 03 fa add edi, edx
00131 03 f2 add esi, edx
00133 8b d1 mov edx, ecx
00135 03 f0 add esi, eax
00137 c1 e9 02 shr ecx, 2
0013a f3 a5 rep movsd
0013c 8b ca mov ecx, edx
0013e 83 e1 03 and ecx, 3
00141 f3 a4 rep movsb
; 371 :
; 372 : dwIconCount++;
00143 ff 45 fc inc DWORD PTR _dwIconCount$[ebp]
; 373 : }
; 374 : break;
00146 eb 55 jmp SHORT $L16936
$L16956:
; 375 : case RT_GROUP_ICON:
; 376 : if(dwGroupIconCount < 1)
00148 83 7d f8 01 cmp DWORD PTR _dwGroupIconCount$[ebp], 1
0014c 73 4f jae SHORT $L16936
; 377 : {
; 378 : DWORD dwTemp = pSourceDataEntry->OffsetToData - ((DWORD)pDestinationRoot - dwLoadAddress);
; 379 : CopyMemory((LPVOID)(pDestinationDataEntry->OffsetToData + dwLoadAddress), (LPVOID)(dwTemp + (DWORD)pSourceRoot), pSourceDataEntry->Size);
0014e 8b 34 02 mov esi, DWORD PTR [edx+eax]
00151 8b 4c 02 04 mov ecx, DWORD PTR [edx+eax+4]
00155 8b 15 00 00 00
00 mov edx, DWORD PTR ?dwLoadAddress@@3KA ; dwLoadAddress
0015b 8b 3f mov edi, DWORD PTR [edi]
0015d 2b f3 sub esi, ebx
0015f 03 fa add edi, edx
00161 03 f2 add esi, edx
00163 8b d1 mov edx, ecx
00165 03 f0 add esi, eax
00167 c1 e9 02 shr ecx, 2
0016a f3 a5 rep movsd
0016c 8b ca mov ecx, edx
0016e 83 e1 03 and ecx, 3
00171 f3 a4 rep movsb
; 380 :
; 381 : dwGroupIconCount++;
00173 ff 45 f8 inc DWORD PTR _dwGroupIconCount$[ebp]
; 382 : }
; 383 : break;
00176 eb 25 jmp SHORT $L16936
$L16966:
; 384 : case RT_VERSION:
; 385 : case 24: //RT_MANIFEST:
; 386 : DWORD dwTemp = pSourceDataEntry->OffsetToData - ((DWORD)pDestinationRoot - dwLoadAddress);
; 387 : CopyMemory((LPVOID)(pDestinationDataEntry->OffsetToData + dwLoadAddress), (LPVOID)(dwTemp + (DWORD)pSourceRoot), pSourceDataEntry->Size);
00178 8b 34 02 mov esi, DWORD PTR [edx+eax]
0017b 8b 4c 02 04 mov ecx, DWORD PTR [edx+eax+4]
0017f 8b 15 00 00 00
00 mov edx, DWORD PTR ?dwLoadAddress@@3KA ; dwLoadAddress
00185 8b 3f mov edi, DWORD PTR [edi]
00187 2b f3 sub esi, ebx
00189 03 fa add edi, edx
0018b 03 f2 add esi, edx
0018d 8b d1 mov edx, ecx
0018f 03 f0 add esi, eax
00191 c1 e9 02 shr ecx, 2
00194 f3 a5 rep movsd
00196 8b ca mov ecx, edx
00198 83 e1 03 and ecx, 3
0019b f3 a4 rep movsb
$L16936:
; 388 : break;
; 389 : }
; 390 : }
; 391 :
; 392 : pSourceSubSubEntry++;
0019d 8b 55 0c mov edx, DWORD PTR 12+[ebp]
; 393 : pDestinationSubSubEntry++;
001a0 8b 75 f4 mov esi, DWORD PTR -12+[ebp]
001a3 8b 4d f0 mov ecx, DWORD PTR -16+[ebp]
001a6 83 c2 08 add edx, 8
001a9 83 c6 08 add esi, 8
001ac 49 dec ecx
001ad 89 55 0c mov⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -