📄 out1.asm
字号:
add ebx,byte +0x01
add eax,byte +0x28
cmp ebx,ecx
jc loc_412db2
loc_412dcb:
cmp ebx,ecx
jz loc_412e2c
loc_412dcf:
add ebx,byte +0x01
cmp byte [0x004171c8],0x00
jnz loc_412dfb
loc_412ddb:
cmp dword [0x004171c4],byte +0x00
jnz loc_412e2c
loc_412de4:
call dword fn_4130b0
test eax,eax
mov [0x004171c4],eax
jz loc_412e2c
loc_412df2:
mov byte [0x004171c8],0x01
jmp short loc_412e00
loc_412dfb:
mov eax,[0x004171c4]
loc_412e00:
push dword 0x004160b4
push eax
call dword near [KERNEL32.GetProcAddress]
xor esi,esi
cmp eax,esi
jz loc_412e2c
loc_412e12:
lea ecx,[ebp-0x10]
push ecx
mov ecx,[ebp+0x18]
push esi
push esi
lea edx,[ebp-0x28]
push edx
push esi
push esi
push esi
push ecx
call eax
add esp,byte +0x20
test eax,eax
jnz loc_412e35
loc_412e2c:
pop edi
pop ebx
xor eax,eax
pop esi
mov esp,ebp
pop ebp
ret
loc_412e35:
mov ecx,[ebp-0x10]
mov edx,[ecx]
mov eax,[edx]
mov [ebp-0x1c],esi
call eax
cmp eax,0x0131a5b5
jnz dword loc_412fde
loc_412e4c:
mov ecx,[ebp-0x10]
mov edx,[ecx]
mov edx,[edx+0x1c]
lea eax,[ebp-0x18]
push eax
push dword 0x004160b0
push esi
call edx
test eax,eax
jz dword loc_412fde
loc_412e68:
mov ecx,[ebp-0x18]
mov eax,[ecx]
mov eax,[eax+0x20]
push esi
push esi
push esi
lea edx,[ebp-0x0c]
push edx
push edi
push ebx
call eax
test eax,eax
jz dword loc_412fd4
loc_412e83:
mov ecx,[ebp-0x0c]
mov [ebp-0x04],esi
mov edx,[ecx]
mov edx,[edx+0x68]
lea eax,[ebp-0x04]
push eax
call edx
test al,al
jz dword loc_412fca
loc_412e9c:
mov ecx,[ebp-0x04]
cmp ecx,esi
jz dword loc_412fca
loc_412ea7:
mov eax,[ecx]
mov edx,[eax+0x08]
call edx
test eax,eax
jz dword loc_412fb1
loc_412eb6:
mov ecx,[ebp-0x04]
mov eax,[ecx]
mov eax,[eax+0x0c]
push byte +0x00
lea edx,[ebp-0x08]
push edx
lea edx,[ebp-0x20]
push edx
lea edx,[ebp+0x08]
push edx
lea edx,[ebp-0x14]
push edx
push byte +0x00
call eax
test al,al
jz dword loc_412fc1
loc_412edc:
movzx ecx,word [ebp+0x08]
cmp ecx,ebx
jnz loc_412ef4
loc_412ee4:
mov eax,[ebp-0x14]
cmp eax,edi
ja loc_412ef4
loc_412eeb:
mov edx,[ebp-0x20]
add eax,edx
cmp edi,eax
jc loc_412f07
loc_412ef4:
mov ecx,[ebp-0x04]
mov eax,[ecx]
mov edx,[eax+0x08]
call edx
test eax,eax
jnz loc_412eb6
loc_412f02:
jmp dword loc_412fb1
loc_412f07:
mov eax,[ebp-0x08]
test eax,eax
jz dword loc_412fc1
loc_412f12:
cmp eax,0x1fffffff
jnc dword loc_412fc1
loc_412f1d:
add eax,eax
add eax,eax
add eax,eax
push eax
push byte +0x00
call dword near [KERNEL32.GetProcessHeap]
push eax
call dword near [NTDLL.RtlAllocateHeap]
mov esi,eax
test esi,esi
jz dword loc_412fc1
loc_412f3d:
mov ecx,[ebp-0x04]
mov edx,[ecx]
mov edx,[edx+0x0c]
push esi
lea eax,[ebp-0x08]
push eax
push byte +0x00
push byte +0x00
push byte +0x00
lea eax,[ebp-0x24]
push eax
call edx
test al,al
jz loc_412fb1
loc_412f5a:
sub edi,[ebp-0x14]
cmp edi,[esi]
jc loc_412fb1
loc_412f61:
mov ecx,[ebp-0x08]
mov eax,0x00000001
cmp ecx,eax
jbe loc_412f7c
loc_412f6d:
lea ecx,[ecx+0x00]
loc_412f70:
cmp edi,[esi+eax*8]
jc loc_412f7c
loc_412f75:
add eax,byte +0x01
cmp eax,ecx
jc loc_412f70
loc_412f7c:
mov eax,[esi+eax*8-0x04]
mov ecx,[ebp+0x14]
push byte +0x00
and eax,0x00ffffff
mov [ecx],eax
mov ecx,[ebp-0x0c]
mov edx,[ecx]
mov edx,[edx+0x70]
push byte +0x00
push byte +0x00
lea eax,[ebp+0x10]
push eax
mov eax,[ebp+0x0c]
push eax
mov eax,[ebp-0x24]
push eax
call edx
test al,al
jz loc_412fb1
loc_412faa:
mov dword [ebp-0x1c],0x00000001
loc_412fb1:
push esi
push byte +0x00
call dword near [KERNEL32.GetProcessHeap]
push eax
call dword near [KERNEL32.HeapFree]
loc_412fc1:
mov ecx,[ebp-0x04]
mov eax,[ecx]
mov edx,[eax]
call edx
loc_412fca:
mov ecx,[ebp-0x0c]
mov eax,[ecx]
mov edx,[eax+0x40]
call edx
loc_412fd4:
mov ecx,[ebp-0x18]
mov eax,[ecx]
mov edx,[eax+0x38]
call edx
loc_412fde:
mov ecx,[ebp-0x10]
mov eax,[ecx]
mov edx,[eax+0x28]
call edx
mov eax,[ebp-0x1c]
pop edi
pop ebx
pop esi
mov esp,ebp
pop ebp
ret
; --- procedure at 41116d ---
; consists of 7 basic blocks.
; return depth: 0 bytes
; This procedure calls/invokes:
; - __FindPESection (direct)
; - __ValidateImageBase (direct)
fn_41116d:
jmp dword __IsNonwritableInCurrentImage
__IsNonwritableInCurrentImage: ; loc_412b90
push ebp
mov ebp,esp
push byte -0x02
push dword 0x00416ac8
push dword 0x00411087
mov eax,[fs:0x00000000]
push eax
add esp,byte -0x28
push ebx
push esi
push edi
mov eax,[___security_cookie]
xor [ebp-0x08],eax
xor eax,ebp
push eax
lea eax,[ebp-0x10]
mov [fs:0x00000000],eax
mov [ebp-0x18],esp
mov dword [ebp-0x1c],0x00400000
mov dword [ebp-0x04],0x00000000
mov eax,[ebp-0x1c]
push eax
call dword fn_4110e6
add esp,byte +0x04
test eax,eax
jnz loc_412bf7
loc_412be1:
mov dword [ebp-0x2c],0x00000000
mov dword [ebp-0x04],0xfffffffe
mov eax,[ebp-0x2c]
jmp dword loc_412c8e
loc_412bf7:
mov ecx,[ebp+0x08]
sub ecx,[ebp-0x1c]
mov [ebp-0x24],ecx
mov edx,[ebp-0x24]
push edx
mov eax,[ebp-0x1c]
push eax
call dword fn_4110c3
add esp,byte +0x08
mov [ebp-0x20],eax
cmp dword [ebp-0x20],byte +0x00
jnz loc_412c2c
loc_412c19:
mov dword [ebp-0x30],0x00000000
mov dword [ebp-0x04],0xfffffffe
mov eax,[ebp-0x30]
jmp short loc_412c8e
loc_412c2c:
mov ecx,[ebp-0x20]
mov edx,[ecx+0x24]
and edx,0x80000000
neg edx
sbb edx,edx
add edx,byte +0x01
mov [ebp-0x34],edx
mov dword [ebp-0x04],0xfffffffe
mov eax,[ebp-0x34]
jmp short loc_412c8e
loc_412c8e:
mov ecx,[ebp-0x10]
mov [fs:0x00000000],ecx
pop ecx
pop edi
pop esi
pop ebx
mov esp,ebp
pop ebp
ret
; --- procedure at 411177 ---
; consists of 2 basic blocks.
; This procedure calls/invokes:
; - MSVCR80D._amsg_exit (import)
fn_411177:
jmp dword __amsg_exit
__amsg_exit: ; loc_4128ec
jmp dword near [MSVCR80D._amsg_exit]
; --- procedure at 4111a4 ---
; consists of 6 basic blocks.
; return depth: 0 bytes
; This procedure calls/invokes:
; - fn_411d10 (direct)
fn_4111a4:
jmp dword ?_RTC_Failure@@YAXPAXH@Z
?_RTC_Failure@@YAXPAXH@Z: ; loc_411ca0
push ebp
mov ebp,esp
mov eax,[ebp+0x0c]
cmp eax,byte +0x04
ja loc_411ccf
loc_411cab:
mov ecx,[?_RTC_ErrorLevels@@3PAHA]
cmp ecx,byte -0x01
mov edx,[eax*4+0x00417014]
jz loc_411ccd
loc_411cbe:
push edx
push eax
mov eax,[ebp+0x08]
push ecx
push eax
call dword fn_411d10
add esp,byte +0x10
loc_411ccd:
pop ebp
ret
loc_411ccf:
mov edx,[0x00417028]
push edx
mov eax,0x00000005
push eax
mov eax,[ebp+0x08]
mov ecx,0x00000001
push ecx
push eax
call dword fn_411d10
add esp,byte +0x10
pop ebp
ret
; --- procedure at 4111c2 ---
; consists of 2 basic blocks.
; This procedure calls/invokes:
; - MSVCR80D._initterm_e (import)
fn_4111c2:
jmp dword __initterm_e
__initterm_e: ; loc_412cf0
jmp dword near [MSVCR80D._initterm_e]
; --- procedure at 4111c7 ---
; consists of 2 basic blocks.
; return depth: 0 bytes
fn_4111c7:
jmp dword ?_RTC_GetErrorFunc@@YAP6AHHPBDH00ZZPBX@Z
?_RTC_GetErrorFunc@@YAP6AHHPBDH00ZZPBX@Z: ; loc_412630
mov eax,[0x004171a8]
ret
; --- procedure at 411800 ---
; consists of 1d basic blocks.
; return depth: 0 bytes
; This procedure calls/invokes:
; - _wmain (direct)
; - __initterm (direct)
; - _NtCurrentTeb (direct)
; - __IsNonwritableInCurrentImage (direct)
; - __amsg_exit (direct)
; - __initterm_e (direct)
; - KERNEL32.InterlockedCompareExchange (import)
; - KERNEL32.InterlockedExchange (import)
; - KERNEL32.Sleep (import)
; - MSVCR80D._CrtDbgReportW (import)
; - MSVCR80D._CrtSetCheckCount (import)
; - MSVCR80D._cexit (import)
; - MSVCR80D.exit (import)
fn_411800:
push ebp
mov ebp,esp
push byte -0x02
push dword 0x00416a48
push dword 0x00411087
mov eax,[fs:0x00000000]
push eax
add esp,byte -0x1c
push ebx
push esi
push edi
mov eax,[___security_cookie]
xor [ebp-0x08],eax
xor eax,ebp
push eax
lea eax,[ebp-0x10]
mov [fs:0x00000000],eax
mov [ebp-0x18],esp
mov dword [ebp-0x04],0x00000000
mov dword [ebp-0x24],0x00000000
call dword fn_411104
mov eax,[eax+0x04]
mov [ebp-0x20],eax
mov dword [ebp-0x1c],0x00000000
loc_411853:
push byte +0x00
mov ecx,[ebp-0x20]
push ecx
push dword 0x004175a4
call dword near [KERNEL32.InterlockedCompareExchange]
mov [ebp-0x24],eax
cmp dword [ebp-0x24],byte +0x00
jz loc_41188b
loc_41186d:
mov edx,[ebp-0x24]
cmp edx,[ebp-0x20]
jnz loc_41187e
loc_411875:
mov dword [ebp-0x1c],0x00000001
jmp short loc_41188b
loc_41187e:
push dword 0x000003e8
call dword near [KERNEL32.Sleep]
jmp short loc_411853
loc_41188b:
cmp dword [___native_startup_state],byte +0x01
jnz loc_4118a0
loc_411894:
push byte +0x1f
call dword fn_411177
add esp,byte +0x04
jmp short loc_4118eb
loc_4118a0:
cmp dword [___native_startup_state],byte +0x00
jnz loc_4118e1
loc_4118a9:
mov dword [___native_startup_state],0x00000001
push dword 0x00415514
push dword 0x0041530c
call dword fn_4111c2
add esp,byte +0x08
test eax,eax
jz loc_4118df
loc_4118c9:
mov dword [ebp-0x2c],0x000000ff
mov dword [ebp-0x04],0xfffffffe
mov eax,[ebp-0x2c]
jmp dword loc_411a32
loc_4118df:
jmp short loc_4118eb
loc_4118e1:
mov dword [0x00417198],0x00000001
loc_4118eb:
cmp dword [___native_startup_state],byte +0x01
jnz loc_411910
loc_4118f4:
push dword 0x00415208
push dword 0x00415000
call dword fn_4110aa
add esp,byte +0x08
mov dword [___native_startup_state],0x00000002
loc_411910:
cmp dword [___native_startup_state],byte +0x02
jz loc_41193b
loc_411919:
push dword 0x004156c8
push byte +0x00
push dword 0x000001f8
push dword 0x00415650
push byte +0x02
call dword near [MSVCR80D._CrtDbgReportW]
add esp,byte +0x14
cmp eax,byte +0x01
jnz loc_41193b
loc_41193a:
int3
loc_41193b:
cmp dword [ebp-0x1c],byte +0x00
jnz loc_41194e
loc_411941:
push byte +0x00
push dword 0x004175a4
call dword near [KERNEL32.InterlockedExchange]
loc_41194e:
cmp dword [___dyn_tls_init_callback],byte +0x00
jz loc_411974
loc_411957:
push dword 0x004175c8
call dword fn_41116d
add esp,byte +0x04
test eax,eax
jz loc_411974
loc_411968:
push byte +0x00
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -