📄 p2pstock.1(初始化).txt
字号:
00404A76 |. 51 PUSH ECX ; |wParam
00404A77 |. A1 3C4B4A00 MOV EAX,DWORD PTR DS:[4A4B3C] ; |
00404A7C |. 68 38040000 PUSH 438 ; |Message = MSG(438)
00404A81 |. 50 PUSH EAX ; |hWnd => 1300D6
00404A82 |. E8 F59F0800 CALL <JMP.&USER32.SendMessageA> ; \SendMessageA
00404A87 |. A1 9C4D4D00 MOV EAX,DWORD PTR DS:[4D4D9C]
00404A8C |. 33DB XOR EBX,EBX
00404A8E |. C700 01830100 MOV DWORD PTR DS:[EAX],18301
00404A94 |. 66:C740 07 5348 MOV WORD PTR DS:[EAX+7],4853
00404A9A |. 66:8B15 484B4A00 MOV DX,WORD PTR DS:[4A4B48]
00404AA1 |. 66:8950 09 MOV WORD PTR DS:[EAX+9],DX
00404AA5 |. EB 07 JMP SHORT P2PStock.00404AAE
00404AA7 |> 66:891F /MOV WORD PTR DS:[EDI],BX ; * 内存块序数化1,2,3,...
00404AAA |. 83C7 02 |ADD EDI,2
00404AAD |. 43 |INC EBX
00404AAE |> 0FBF05 484B4A00 MOVSX EAX,WORD PTR DS:[4A4B48]
00404AB5 |. 3BD8 |CMP EBX,EAX
00404AB7 |.^ 7C EE \JL SHORT P2PStock.00404AA7
00404AB9 |. 0FBF15 484B4A00 MOVSX EDX,WORD PTR DS:[4A4B48]
00404AC0 |. 03D2 ADD EDX,EDX ; * 写上证验证数据:???
00404AC2 |. 6A 00 PUSH 0 ; /pBytesWritten = NULL
00404AC4 |. 83C2 0B ADD EDX,0B ; |
00404AC7 |. 8B0D 9C4D4D00 MOV ECX,DWORD PTR DS:[4D4D9C] ; |
00404ACD |. 52 PUSH EDX ; |BytesToWrite
00404ACE |. 51 PUSH ECX ; |Buffer => 00D70004
00404ACF |. A1 444B4A00 MOV EAX,DWORD PTR DS:[4A4B44] ; |
00404AD4 |. 8B15 404B4A00 MOV EDX,DWORD PTR DS:[4A4B40] ; |
00404ADA |. 50 PUSH EAX ; |Address => 1C730000
00404ADB |. 52 PUSH EDX ; |hProcess => 000000E4
00404ADC |. E8 CF990800 CALL <JMP.&KERNEL32.WriteProcessMemory> ; \WriteProcessMemory
00404AE1 |. 0FBF05 484B4A00 MOVSX EAX,WORD PTR DS:[4A4B48]
00404AE8 |. 8B0D 444B4A00 MOV ECX,DWORD PTR DS:[4A4B44]
00404AEE |. 03C0 ADD EAX,EAX
00404AF0 |. 83C0 0B ADD EAX,0B ; * 写数据消息:
00404AF3 |. 51 PUSH ECX ; /lParam => 1C730000
00404AF4 |. 50 PUSH EAX ; |wParam
00404AF5 |. 8B15 3C4B4A00 MOV EDX,DWORD PTR DS:[4A4B3C] ; |
00404AFB |. 68 38040000 PUSH 438 ; |Message = MSG(438)
00404B00 |. 52 PUSH EDX ; |hWnd => 1300D6
00404B01 |. E8 769F0800 CALL <JMP.&USER32.SendMessageA> ; \SendMessageA
00404B06 |. 6A 0A PUSH 0A ; /Arg7 = 0000000A
00404B08 |. 6A 50 PUSH 50 ; |Arg6 = 00000050
00404B0A |. 6A 00 PUSH 0 ; |Arg5 = 00000000
00404B0C |. 68 17F44900 PUSH P2PStock.0049F417 ; |Arg4 = 0049F417
00404B11 |. 6A 00 PUSH 0 ; |Arg3 = 00000000
00404B13 |. 6A 04 PUSH 4 ; |Arg2 = 00000004
00404B15 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] (*0012F584+8) ; |
00404B18 |. 51 PUSH ECX ; |Arg1 = 00F30004
00404B19 |. E8 F2F4FFFF CALL P2PStock.00404010 ; \P2PStock.00404010
00404B1E |. 83C4 1C ADD ESP,1C
00404B21 |. B8 01000000 MOV EAX,1
00404B26 |. 5F POP EDI
00404B27 |. 5E POP ESI
00404B28 |. 5B POP EBX
00404B29 |. 5D POP EBP
00404B2A \. C3 RETN
00404B2B 90 NOP
============================================================================
00404010 /$ 55 PUSH EBP
00404011 |. 8BEC MOV EBP,ESP
00404013 |. 53 PUSH EBX
00404014 |. 56 PUSH ESI
00404015 |. 57 PUSH EDI
00404016 |. 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]
00404019 |. 8B83 CB050000 MOV EAX,DWORD PTR DS:[EBX+5CB] ; *00000003
0040401F |. 2B83 CF050000 SUB EAX,DWORD PTR DS:[EBX+5CF] ; *00000001
00404025 |. 83F8 40 CMP EAX,40
00404028 |. 7C 07 JL SHORT P2PStock.00404031
0040402A |. 33C0 XOR EAX,EAX
0040402C |. E9 0A010000 JMP P2PStock.0040413B
00404031 |> 8B55 14 MOV EDX,DWORD PTR SS:[EBP+14] ; *> P2PStock.0049F417
00404034 |. 52 PUSH EDX ; * P2PStock.0049F417
00404035 |. E8 7EF20700 CALL P2PStock.004832B8 ; * ???验证
0040403A |. 59 POP ECX
0040403B |. 85C0 TEST EAX,EAX ; * 0
0040403D |. 76 55 JBE SHORT P2PStock.00404094
0040403F |. 33F6 XOR ESI,ESI
00404041 |. 8DBB C7010000 LEA EDI,DWORD PTR DS:[EBX+1C7]
00404047 |> 8BC6 /MOV EAX,ESI
00404049 |. 8B55 14 |MOV EDX,DWORD PTR SS:[EBP+14]
0040404C |. C1E0 04 |SHL EAX,4
0040404F |. 03C3 |ADD EAX,EBX
00404051 |. 05 C9010000 |ADD EAX,1C9
00404056 |> 8A08 |/MOV CL,BYTE PTR DS:[EAX]
00404058 |. 3A0A ||CMP CL,BYTE PTR DS:[EDX]
0040405A |. 75 2F ||JNZ SHORT P2PStock.0040408B
0040405C |. 84C9 ||TEST CL,CL
0040405E |. 74 12 ||JE SHORT P2PStock.00404072
00404060 |. 8A48 01 ||MOV CL,BYTE PTR DS:[EAX+1]
00404063 |. 3A4A 01 ||CMP CL,BYTE PTR DS:[EDX+1]
00404066 |. 75 23 ||JNZ SHORT P2PStock.0040408B
00404068 |. 83C0 02 ||ADD EAX,2
0040406B |. 83C2 02 ||ADD EDX,2
0040406E |. 84C9 ||TEST CL,CL
00404070 |.^ 75 E4 |\JNZ SHORT P2PStock.00404056
00404072 |> 75 17 |JNZ SHORT P2PStock.0040408B
00404074 |. 8A07 |MOV AL,BYTE PTR DS:[EDI]
00404076 |. 3A45 0C |CMP AL,BYTE PTR SS:[EBP+C]
00404079 |. 75 10 |JNZ SHORT P2PStock.0040408B
0040407B |. 0FBE55 0C |MOVSX EDX,BYTE PTR SS:[EBP+C]
0040407F |. 83FA 0A |CMP EDX,0A
00404082 |. 7D 07 |JGE SHORT P2PStock.0040408B
00404084 |. 33C0 |XOR EAX,EAX
00404086 |. E9 B0000000 |JMP P2PStock.0040413B
0040408B |> 46 |INC ESI
0040408C |. 83C7 10 |ADD EDI,10
0040408F |. 83FE 40 |CMP ESI,40
00404092 |.^ 7C B3 \JL SHORT P2PStock.00404047
00404094 |> 8BB3 CB050000 MOV ESI,DWORD PTR DS:[EBX+5CB] ; * >
0040409A |. 81E6 3F000080 AND ESI,8000003F ; * 3
004040A0 |. 79 05 JNS SHORT P2PStock.004040A7
004040A2 |. 4E DEC ESI
004040A3 |. 83CE C0 OR ESI,FFFFFFC0
004040A6 |. 46 INC ESI
004040A7 |> 8BFE MOV EDI,ESI ; * >
004040A9 |. 8A45 0C MOV AL,BYTE PTR SS:[EBP+C] ; * 4
004040AC |. C1E7 04 SHL EDI,4
004040AF |. 88843B C7010000 MOV BYTE PTR DS:[EBX+EDI+1C7],AL
004040B6 |. 8A55 10 MOV DL,BYTE PTR SS:[EBP+10]
004040B9 |. 88943B C8010000 MOV BYTE PTR DS:[EBX+EDI+1C8],DL
004040C0 |. 8BD7 MOV EDX,EDI
004040C2 |. 66:8B4D 20 MOV CX,WORD PTR SS:[EBP+20]
004040C6 |. 03D3 ADD EDX,EBX
004040C8 |. 66:898C3B D5010000 MOV WORD PTR DS:[EBX+EDI+1D5],CX
004040D0 |. 6A 07 PUSH 7 ; /Arg3 = 00000007
004040D2 |. 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14] ; |
004040D5 |. 81C2 C9010000 ADD EDX,1C9 ; |
004040DB |. 50 PUSH EAX ; |Arg2
004040DC |. 52 PUSH EDX ; |Arg1
004040DD |. E8 86F00700 CALL P2PStock.00483168 ; \*P2PStock.00483168 内存拷贝
004040E2 |. 66:8B4D 18 MOV CX,WORD PTR SS:[EBP+18]
004040E6 |. 83C4 0C ADD ESP,0C
004040E9 |. 66:898C3B D1010000 MOV WORD PTR DS:[EBX+EDI+1D1],CX
004040F1 |. 66:8B45 1C MOV AX,WORD PTR SS:[EBP+1C]
004040F5 |. 66:89843B D3010000 MOV WORD PTR DS:[EBX+EDI+1D3],AX
004040FD |. 8B55 14 MOV EDX,DWORD PTR SS:[EBP+14]
00404100 |. 52 PUSH EDX
00404101 |. E8 B2F10700 CALL P2PStock.004832B8
00404106 |. 59 POP ECX
00404107 |. 85C0 TEST EAX,EAX ; * 0
00404109 |. 76 1E JBE SHORT P2PStock.00404129
0040410B |. C1E6 04 SHL ESI,4
0040410E |. 03F3 ADD ESI,EBX
00404110 |. 81C6 C8010000 ADD ESI,1C8
00404116 |. 56 PUSH ESI ; /Arg2
00404117 |. 53 PUSH EBX ; |Arg1
00404118 |. E8 470E0000 CALL P2PStock.00404F64 ; \P2PStock.00404F64
0040411D |. 83C4 08 ADD ESP,8
00404120 |. 66:85C0 TEST AX,AX
00404123 |. 7D 04 JGE SHORT P2PStock.00404129
00404125 |. 33C0 XOR EAX,EAX
00404127 |. EB 12 JMP SHORT P2PStock.0040413B
00404129 |> FF83 CB050000 INC DWORD PTR DS:[EBX+5CB] ; * >
0040412F |. 53 PUSH EBX ; /Arg1
00404130 |. E8 87F9FFFF CALL P2PStock.00403ABC ; \* P2PStock.00403ABC 初始化完成,进入工作程序。
00404135 |. 59 POP ECX
00404136 |. B8 01000000 MOV EAX,1
0040413B |> 5F POP EDI ; * > 初始化失败。
0040413C |. 5E POP ESI
0040413D |. 5B POP EBX
0040413E |. 5D POP EBP
0040413F \. C3 RETN
============================================================================
00467E00 /$ 53 PUSH EBX ; * EBX=00A0266C
00467E01 |. 8BD8 MOV EBX,EAX ; * EAX=00A0266C
00467E03 |. 8BC3 MOV EAX,EBX
00467E05 |. E8 D2FFFFFF CALL P2PStock.00467DDC
00467E0A |. 8B83 80010000 MOV EAX,DWORD PTR DS:[EBX+180]
00467E10 |. 5B POP EBX ; * EAX=0003075C
00467E11 \. C3 RETN
00467E12 90 NOP
00467DDC /$ 53 PUSH EBX ; * EBX=00A0266C
00467DDD |. 8BD8 MOV EBX,EAX
00467DDF |. 83BB 80010000>CMP DWORD PTR DS:[EBX+180],0 ; * [EBX+180=A027EC]=00030720
00467DE6 |. 75 16 JNZ SHORT P2PStock.00467DFE
00467DE8 |. 8B43 30 MOV EAX,DWORD PTR DS:[EBX+30]
00467DEB |. 85C0 TEST EAX,EAX
00467DED |. 74 05 JE SHORT P2PStock.00467DF4
00467DEF |. E8 E8FFFFFF CALL P2PStock.00467DDC
00467DF4 |> 8BC3 MOV EAX,EBX
00467DF6 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
00467DF8 |. FF92 94000000 CALL DWORD PTR DS:[EDX+94]
00467DFE |> 5B POP EBX
00467DFF \. C3 RETN
============================================================================
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -