📄 p2pstock.0(初始化).txt
字号:
00406254 . 68 FF0F1F00 PUSH 1F0FFF ; |Access = PROCESS_ALL_ACCESS
00406259 . E8 9E810800 CALL <JMP.&KERNEL32.OpenProcess> ; \OpenProcess
0040625E . 8BF0 MOV ESI,EAX
00406260 . 8937 MOV DWORD PTR DS:[EDI],ESI
00406262 . 6A 04 PUSH 4
00406264 . 68 00100000 PUSH 1000
00406269 . 68 00001000 PUSH 100000
0040626E . 6A 00 PUSH 0
00406270 . 56 PUSH ESI
00406271 . E8 0A820800 CALL <JMP.&KERNEL32.VirtualAllocEx>
00406276 . A3 444B4A00 MOV DWORD PTR DS:[4A4B44],EAX
0040627B . 8B07 MOV EAX,DWORD PTR DS:[EDI]
0040627D . 85C0 TEST EAX,EAX
0040627F . 0F84 47010000 JE P2PStock.004063CC ; * 读数据区首地址:
00406285 . 6A 00 PUSH 0 ; /pBytesRead = NULL
00406287 . 6A 04 PUSH 4 ; |BytesToRead = 4
00406289 . 8D5424 0C LEA EDX,DWORD PTR SS:[ESP+C] ; |
0040628D . 52 PUSH EDX ; |Buffer
0040628E 68 B0F97500 PUSH 75F9B0
00406293 . 50 PUSH EAX ; |hProcess
00406294 . E8 75810800 CALL <JMP.&KERNEL32.ReadProcessMemory> ; \ReadProcessMemory
00406299 . 6A 00 PUSH 0 ; /pBytesRead = NULL
0040629B . 6A 40 PUSH 40 ; |BytesToRead = 40 (64.)
0040629D . 8D4C24 3C LEA ECX,DWORD PTR SS:[ESP+3C] ; |
004062A1 . 51 PUSH ECX ; |(初始 cpu 选择)
004062A2 . 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10] ; |
004062A6 . 50 PUSH EAX ; |pBaseAddress
004062A7 . 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004062A9 . 52 PUSH EDX ; |hProcess
004062AA . E8 5F810800 CALL <JMP.&KERNEL32.ReadProcessMemory> ; \ReadProcessMemory
004062AF . 8D4C24 6F LEA ECX,DWORD PTR SS:[ESP+6F] ; * :读数据头首地址?
004062B3 . 8D4424 64 LEA EAX,DWORD PTR SS:[ESP+64]
004062B7 . 8B28 MOV EBP,DWORD PTR DS:[EAX]
004062B9 . 8B31 MOV ESI,DWORD PTR DS:[ECX] ; * 读上证代码区数据长度:?
004062BB . 6A 00 PUSH 0 ; /pBytesRead = NULL
004062BD . 6A 04 PUSH 4 ; |BytesToRead = 4
004062BF . 68 484B4A00 PUSH P2PStock.004A4B48 ; |Buffer = P2PStock.004A4B48
004062C4 . 56 PUSH ESI ; |pBaseAddress
004062C5 . 8B07 MOV EAX,DWORD PTR DS:[EDI] ; |
004062C7 . 50 PUSH EAX ; |hProcess
004062C8 . E8 41810800 CALL <JMP.&KERNEL32.ReadProcessMemory> ; \ReadProcessMemory
004062CD . 0FBF15 484B4A>MOVSX EDX,WORD PTR DS:[4A4B48]
004062D4 . 8BCA MOV ECX,EDX
004062D6 . 83C6 76 ADD ESI,76
004062D9 . C1E1 04 SHL ECX,4 ; * 读上证代码:
004062DC . 6A 00 PUSH 0 ; /pBytesRead = NULL
004062DE . 03CA ADD ECX,EDX ; |
004062E0 . C1E1 02 SHL ECX,2 ; |
004062E3 . 51 PUSH ECX ; |BytesToRead
004062E4 . 68 2CBF4B00 PUSH P2PStock.004BBF2C ; |Buffer = P2PStock.004BBF2C
004062E9 . 56 PUSH ESI ; |pBaseAddress
004062EA . 8B07 MOV EAX,DWORD PTR DS:[EDI] ; |
004062EC . 50 PUSH EAX ; |hProcess
004062ED . E8 1C810800 CALL <JMP.&KERNEL32.ReadProcessMemory> ; \ReadProcessMemory
004062F2 . 6A 00 PUSH 0 ; /pBytesRead = NULL
004062F4 . 6A 04 PUSH 4 ; |BytesToRead = 4
004062F6 . 68 4A4B4A00 PUSH P2PStock.004A4B4A ; |Buffer = P2PStock.004A4B4A
004062FB . 55 PUSH EBP ; |pBaseAddress
004062FC . 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
004062FE . 52 PUSH EDX ; |hProcess
004062FF . E8 0A810800 CALL <JMP.&KERNEL32.ReadProcessMemory> ; \ReadProcessMemory
00406304 . 0FBF0D 4A4B4A>MOVSX ECX,WORD PTR DS:[4A4B4A] ; * :读深证代码区数据长度
0040630B . 8BC1 MOV EAX,ECX
0040630D . 83C5 76 ADD EBP,76
00406310 . C1E0 04 SHL EAX,4 ; * 读深证代码:
00406313 . 6A 00 PUSH 0 ; /pBytesRead = NULL
00406315 . 03C1 ADD EAX,ECX ; |
00406317 . C1E0 02 SHL EAX,2 ; |
0040631A . 50 PUSH EAX ; |BytesToRead
0040631B . 68 4C4B4A00 PUSH P2PStock.004A4B4C ; |Buffer = P2PStock.004A4B4C
00406320 . 55 PUSH EBP ; |pBaseAddress
00406321 . 8B17 MOV EDX,DWORD PTR DS:[EDI] ; |
00406323 . 52 PUSH EDX ; |hProcess
00406324 . E8 E5800800 CALL <JMP.&KERNEL32.ReadProcessMemory> ; \ReadProcessMemory
00406329 . 8B8B B4030000 MOV ECX,DWORD PTR DS:[EBX+3B4] ; *} 00406241- 00406329 获取大智慧信息
0040632F . 51 PUSH ECX ; /Arg1
00406330 . E8 D3E4FFFF CALL P2PStock.00404808 ; \P2PStock.00404808
00406335 . 59 POP ECX
00406336 . 57 PUSH EDI
00406337 . BE C8F14900 MOV ESI,P2PStock.0049F1C8
0040633C . 8D7C24 0C LEA EDI,DWORD PTR SS:[ESP+C]
00406340 . B9 08000000 MOV ECX,8
00406345 . F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
00406347 . 66:A5 MOVS WORD PTR ES:[EDI],WORD PTR DS:[ESI]
00406349 . 5F POP EDI
0040634A . 8B05 EAF14900 MOV EAX,DWORD PTR DS:[49F1EA]
00406350 . 894424 2C MOV DWORD PTR SS:[ESP+2C],EAX
00406354 . 66:8B05 EEF14>MOV AX,WORD PTR DS:[49F1EE]
0040635B . 66:894424 30 MOV WORD PTR SS:[ESP+30],AX
00406360 . 8BC3 MOV EAX,EBX
00406362 . E8 991A0600 CALL P2PStock.00467E00
00406367 . 8D5424 15 LEA EDX,DWORD PTR SS:[ESP+15]
0040636B . 8902 MOV DWORD PTR DS:[EDX],EAX ; * WriteProcessMemory
0040636D . 6A 00 PUSH 0 ; /pBytesWritten = NULL
0040636F . 6A 22 PUSH 22 ; |BytesToWrite = 22 (34.)
00406371 . 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10] ; |
00406375 . 51 PUSH ECX ; |Buffer
00406376 . 68 002C6B00 PUSH 6B2C00 ; |Address = 6B2C00
0040637B . 8B07 MOV EAX,DWORD PTR DS:[EDI] ; |
0040637D . 50 PUSH EAX ; |hProcess
0040637E . E8 2D810800 CALL <JMP.&KERNEL32.WriteProcessMemory> ; \WriteProcessMemory
00406383 . 6A 00 PUSH 0 ; /pBytesWritten = NULL
00406385 . 6A 06 PUSH 6 ; |BytesToWrite = 6
00406387 . 8D5424 34 LEA EDX,DWORD PTR SS:[ESP+34] ; |
0040638B . 52 PUSH EDX ; |Buffer
0040638C . 68 80306200 PUSH 623080 ; |Address = 623080
00406391 . 8B0F MOV ECX,DWORD PTR DS:[EDI] ; |
00406393 . 51 PUSH ECX ; |hProcess
00406394 . E8 17810800 CALL <JMP.&KERNEL32.WriteProcessMemory> ; \WriteProcessMemory
00406399 . EB 31 JMP SHORT P2PStock.004063CC
0040639B > 8B07 MOV EAX,DWORD PTR DS:[EDI]
0040639D . 85C0 TEST EAX,EAX
0040639F . 74 2B JE SHORT P2PStock.004063CC
004063A1 . 68 00400000 PUSH 4000
004063A6 . 8B15 444B4A00 MOV EDX,DWORD PTR DS:[4A4B44]
004063AC . 68 00001000 PUSH 100000
004063B1 . 52 PUSH EDX
004063B2 . 50 PUSH EAX
004063B3 . E8 D4800800 CALL <JMP.&KERNEL32.VirtualFreeEx>
004063B8 . 33C9 XOR ECX,ECX
004063BA . 890D 444B4A00 MOV DWORD PTR DS:[4A4B44],ECX
004063C0 . 8B07 MOV EAX,DWORD PTR DS:[EDI]
004063C2 . 50 PUSH EAX ; /hObject
004063C3 . E8 9C7E0800 CALL <JMP.&KERNEL32.CloseHandle> ; \CloseHandle
004063C8 . 33D2 XOR EDX,EDX
004063CA . 8917 MOV DWORD PTR DS:[EDI],EDX
004063CC > 83C4 74 ADD ESP,74
004063CF . 5D POP EBP
004063D0 . 5F POP EDI
004063D1 . 5E POP ESI
004063D2 . 5B POP EBX
004063D3 . C3 RETN
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -