反汇编windows避让陷阱
来源:互联网 发布:魏晨退出非凡搭档 知乎 编辑:程序博客网 时间:2024/04/28 15:20
00401000 > $ 6A 00 push 0 ; |/pModule = NULL00401002 . E8 64020000 call <jmp.&KERNEL32.GetModuleHandleA> ; |\GetModuleHandleA00401007 . A3 77214000 mov dword ptr [402177], eax ; |0040100C . C705 97214000>mov dword ptr [402197], 4003 ; |00401016 . C705 9B214000>mov dword ptr [40219B], 004011A6 ; |00401020 . C705 9F214000>mov dword ptr [40219F], 0 ; |0040102A . C705 A3214000>mov dword ptr [4021A3], 0 ; |00401034 . A1 77214000 mov eax, dword ptr [402177] ; |00401039 . A3 A7214000 mov dword ptr [4021A7], eax ; |0040103E . 6A 04 push 4 ; |/RsrcName = 4.00401040 . 50 push eax ; ||hInst => NULL00401041 . E8 3F030000 call <jmp.&USER32.LoadIconA> ; |\LoadIconA00401046 . A3 AB214000 mov dword ptr [4021AB], eax ; |0040104B . 68 007F0000 push 7F00 ; |/RsrcName = IDC_ARROW00401050 . 6A 00 push 0 ; ||hInst = NULL00401052 . E8 C8020000 call <jmp.&USER32.LoadCursorA> ; |\LoadCursorA00401057 . A3 AF214000 mov dword ptr [4021AF], eax ; |0040105C . 6A 00 push 0 ; |/hTemplateFile = NULL0040105E . 68 6F214000 push 0040216F ; ||Attributes = READONLY|HIDDEN|SYSTEM|ARCHIVE|TEMPORARY|40204800401063 . 6A 03 push 3 ; ||Mode = OPEN_EXISTING00401065 . 6A 00 push 0 ; ||pSecurity = NULL00401067 . 6A 03 push 3 ; ||ShareMode = FILE_SHARE_READ|FILE_SHARE_WRITE00401069 . 68 000000C0 push C0000000 ; ||Access = GENERIC_READ|GENERIC_WRITE0040106E . 68 79204000 push 00402079 ; ||FileName = "Keyfile.dat"00401073 . E8 0B020000 call <jmp.&KERNEL32.CreateFileA> ; |\CreateFileA00401078 . 83F8 FF cmp eax, -1 ; |0040107B . 75 1D jnz short 0040109A ; |0040107D . 6A 00 push 0 ; |/Style = MB_OK|MB_APPLMODAL0040107F . 68 00204000 push 00402000 ; ||Title = " Key File ReverseMe"00401084 . 68 17204000 push 00402017 ; ||Text = "Evaluation period out of date. Purchase new license"00401089 . 6A 00 push 0 ; ||hOwner = NULL0040108B . E8 D7020000 call <jmp.&USER32.MessageBoxA> ; |\MessageBoxA00401090 . E8 24020000 call <jmp.&KERNEL32.ExitProcess> ; \ExitProcess00401095 . E9 83010000 jmp 0040121D0040109A > 6A 00 push 0 ; /pOverlapped = NULL0040109C . 68 73214000 push 00402173 ; |pBytesRead = reverseM.00402173004010A1 . 6A 46 push 46 ; |BytesToRead = 46 (70.)004010A3 . 68 1A214000 push 0040211A ; |Buffer = reverseM.0040211A004010A8 . 50 push eax ; |hFile004010A9 . E8 2F020000 call <jmp.&KERNEL32.ReadFile> ; \ReadFile004010AE . 85C0 test eax, eax004010B0 . 75 02 jnz short 004010B4004010B2 . EB 43 jmp short 004010F7004010B4 > 33DB xor ebx, ebx004010B6 . 33F6 xor esi, esi004010B8 . 833D 73214000>cmp dword ptr [402173], 10004010BF . 7C 36 jl short 004010F7004010C1 > 8A83 1A214000 mov al, byte ptr [ebx+40211A]004010C7 . 3C 00 cmp al, 0004010C9 . 74 08 je short 004010D3004010CB . 3C 47 cmp al, 47004010CD . 75 01 jnz short 004010D0004010CF . 46 inc esi004010D0 > 43 inc ebx004010D1 .^ EB EE jmp short 004010C1004010D3 > 83FE 08 cmp esi, 8004010D6 . 7C 1F jl short 004010F7004010D8 . E9 28010000 jmp 00401205004010DD 00 db 00004010DE . 00000000 dd 00000000004010E2 00 db 00004010E3 00 db 00004010E4 00 db 00004010E5 00 db 00004010E6 00 db 00004010E7 00 db 00004010E8 00 db 00004010E9 00 db 00004010EA 00 db 00004010EB 00 db 00004010EC 00 db 00004010ED 00 db 00004010EE 00 db 00004010EF 00 db 00004010F0 00 db 00004010F1 00 db 00004010F2 00 db 00004010F3 00 db 00004010F4 00 db 00004010F5 . EB 00 jmp short 004010F7004010F7 > 6A 00 push 0 ; |/Style = MB_OK|MB_APPLMODAL004010F9 . 68 00204000 push 00402000 ; ||Title = " Key File ReverseMe"004010FE . 68 86204000 push 00402086 ; ||Text = "Keyfile is not valid. Sorry."00401103 . 6A 00 push 0 ; ||hOwner = NULL00401105 . E8 5D020000 call <jmp.&USER32.MessageBoxA> ; |\MessageBoxA0040110A . E8 AA010000 call <jmp.&KERNEL32.ExitProcess> ; \ExitProcess
阅读全文
0 0
- 反汇编windows避让陷阱
- windows驱动反汇编基础
- 反汇编
- 反汇编
- 反汇编
- 反汇编
- 反汇编
- 反汇编
- 反汇编
- 反汇编
- 反汇编
- 反汇编
- 反汇编
- 汇编反汇编
- Gloomy对Windows内核的分析(内核反汇编技术)
- Gloomy对Windows内核的分析(内核反汇编技术)
- Gloomy对Windows内核的分析(内核反汇编技术)
- Windows热键注册(反汇编方法 查看win32api 原理)
- springmvc基础-1
- 洛谷P2234 [HNOI2002]营业额统计_Treap
- 读入输出优化
- java中final关键字测试总结
- 两个变量的交换方法总结
- 反汇编windows避让陷阱
- 编写多线程程序,模拟多个人通过一个山洞。这个山洞每次只能通过一个人,每个人通过山洞的时间为2秒(sleep)。
- java基础知识1
- 【SQL解惑】谜题15:找出最近两次工资
- hiho 180 Nature Numbers
- (作业)使用多线程实现一个网络服务访问程序
- 不使用中间变量交换两个变量(高端版本)
- CSS基础(12.background综合实例)
- JavaScript进制转换