关于欧阳刷宝石盗号的分析(没错我又来了)

社区服务
高级搜索
猴岛论坛跑跑卡丁车关于欧阳刷宝石盗号的分析(没错我又来了)
发帖 回复
正序阅读 最近浏览的帖子最近浏览的版块
104个回复

[游戏辅助]关于欧阳刷宝石盗号的分析(没错我又来了)

楼层直达
_╰浮夸゛

ZxID:18022985

等级: 少校
┃     为梦想而生     ┃

举报 只看楼主 使用道具 楼主   发表于: 2013-09-08 0


开始分析中
刚刚下载的【0908欧阳幻息】全自动刷宝石2.0
我不知道你们下载的是那个版本,所以我随机下载的
例图:

可以看到是易语言编译,不是静态编译的
所以有两个krnln.fnr和spec.fne

::0040F1F2:: FC                         CLD                          
::0040F1F3:: DBE3                       FINIT                        
::0040F1F5:: E8 00FBFFFF                CALL 0040ECFA                
::0040F1FA:: 68 74EE4000                PUSH 40EE74                  
::0040F1FF:: B8 03000000                MOV EAX,3                    
::0040F204:: E8 46000000                CALL 0040F24F                 调用12号服务
::0040F209:: 83C4 04                    ADD ESP,4                    
::0040F20C:: E8 CDF1FFFF                CALL 0040E3DE                
::0040F211:: E8 02F2FFFF                CALL 0040E418                
::0040F216:: E8 E0F1FFFF                CALL 0040E3FB                
::0040F21B:: E8 E6F8FFFF                CALL 0040EB06                
::0040F220:: 68 01000152                PUSH 52010001                 窗体单元1(父窗体)

::0040F225:: E8 1F000000                CALL 0040F249                 创建窗口(调用11号服务)
::0040F22A:: 83C4 04                    ADD ESP,4                    
::0040F22D:: 6A 00                      PUSH 0                        
::0040F22F:: E8 0F000000                CALL 0040F243                 进入窗口消息循环(调用10号服务)
::0040F234:: E8 04000000                CALL 0040F23D                 结束当前程序进程(调用9号服务)
::0040F239:: 83C4 04                    ADD ESP,4                    
::0040F23C:: C3                         RETN                          




  1. ::00408B94:: 55                         PUSH EBP                      
    ::00408B95:: 8BEC                       MOV EBP,ESP                  
    ::00408B97:: 81EC 14000000              SUB ESP,14                    
    ::00408B9D:: C745 FC 00000000           MOV DWORD PTR [EBP-4],0      
    ::00408BA4:: 6A FF                      PUSH -1                      
    ::00408BA6:: 6A 12                      PUSH 12                      
    ::00408BA8:: 68 1B000116                PUSH 1601001B                 自动建房(未知数据类型)
    ::00408BAD:: 68 01000152                PUSH 52010001                 窗体单元1(父窗体)
    ::00408BB2:: E8 C2660000                CALL 0040F279                 取窗体对象属性(调用4号服务)
    ::00408BB7:: 83C4 10                    ADD ESP,10                    
    ::00408BBA:: 8945 F4                    MOV [EBP-C],EAX              
    ::00408BBD:: 837D F4 01                 CMP DWORD PTR [EBP-C],1      
    ::00408BC1:: 0F85 22000000              JNZ 00408BE9                  
    ::00408BC7:: 6A 00                      PUSH 0                        
    ::00408BC9:: 68 00000000                PUSH 0                        
    ::00408BCE:: 6A FF                      PUSH -1                      
    ::00408BD0:: 6A 12                      PUSH 12                      
    ::00408BD2:: 68 1B000116                PUSH 1601001B                 自动建房(未知数据类型)
    ::00408BD7:: 68 01000152                PUSH 52010001                 窗体单元1(父窗体)
    ::00408BDC:: E8 9E660000                CALL 0040F27F                 修改窗体对象属性(调用5号服务)
    ::00408BE1:: 83C4 18                    ADD ESP,18                    
    ::00408BE4:: E9 1D000000                JMP 00408C06                  
    ::00408BE9:: 6A 00                      PUSH 0                        
    ::00408BEB:: 68 01000000                PUSH 1                        
    ::00408BF0:: 6A FF                      PUSH -1                      
    ::00408BF2:: 6A 12                      PUSH 12                      
    ::00408BF4:: 68 1B000116                PUSH 1601001B                 自动建房(未知数据类型)
    ::00408BF9:: 68 01000152                PUSH 52010001                 窗体单元1(父窗体)
    ::00408BFE:: E8 7C660000                CALL 0040F27F                 修改窗体对象属性(调用5号服务)
    ::00408C03:: 83C4 18                    ADD ESP,18                    
    ::00408C06:: 6A FF                      PUSH -1                      
    ::00408C08:: 6A 12                      PUSH 12                      
    ::00408C0A:: 68 1B000116                PUSH 1601001B                 自动建房(未知数据类型)
    ::00408C0F:: 68 01000152                PUSH 52010001                 窗体单元1(父窗体)
    ::00408C14:: E8 60660000                CALL 0040F279                 取窗体对象属性(调用4号服务)
    ::00408C19:: 83C4 10                    ADD ESP,10                    
    ::00408C1C:: 8945 F4                    MOV [EBP-C],EAX              
    ::00408C1F:: 837D F4 01                 CMP DWORD PTR [EBP-C],1      
    ::00408C23:: 0F85 32090000              JNZ 0040955B                  
    ::00408C29:: E8 31090000                CALL 0040955F                
    ::00408C2E:: 8945 FC                    MOV [EBP-4],EAX              
    ::00408C31:: 6A FF                      PUSH -1                      
    ::00408C33:: 6A 12                      PUSH 12                      
    ::00408C35:: 68 1B000116                PUSH 1601001B                 自动建房(未知数据类型)
    ::00408C3A:: 68 01000152                PUSH 52010001                 窗体单元1(父窗体)
    ::00408C3F:: E8 35660000                CALL 0040F279                 取窗体对象属性(调用4号服务)
    ::00408C44:: 83C4 10                    ADD ESP,10                    
    ::00408C47:: 8945 F4                    MOV [EBP-C],EAX              
    ::00408C4A:: 837D F4 01                 CMP DWORD PTR [EBP-C],1      
    ::00408C4E:: 0F85 07090000              JNZ 0040955B                  
    ::00408C54:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::00408C5B:: 6A 00                      PUSH 0                        
    ::00408C5D:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::00408C60:: 68 0A000000                PUSH A                        
    ::00408C65:: E8 4D090000                CALL 004095B7                
    ::00408C6A:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::00408C71:: 6A 00                      PUSH 0                        
    ::00408C73:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::00408C76:: 68 41000000                PUSH 41                      
    ::00408C7B:: 68 35000000                PUSH 35                      
    ::00408C80:: 6A 01                      PUSH 1                        
    ::00408C82:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00408C85:: E8 3B0C0000                CALL 004098C5                
    ::00408C8A:: 8945 F0                    MOV [EBP-10],EAX              
    ::00408C8D:: 817D F0 D0D0D000           CMP DWORD PTR [EBP-10],D0D0D0
    ::00408C94:: 0F85 FB060000              JNZ 00409395                  
    ::00408C9A:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00408C9F:: 6A 00                      PUSH 0                        
    ::00408CA1:: 68 F4010000                PUSH 1F4                      
    ::00408CA6:: 68 01000000                PUSH 1                        
    ::00408CAB:: BB 1C000000                MOV EBX,1C                    
    ::00408CB0:: B8 01000000                MOV EAX,1                    
    ::00408CB5:: E8 B9650000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00408CBA:: 83C4 10                    ADD ESP,10                    
    ::00408CBD:: 6A 01                      PUSH 1                        
    ::00408CBF:: 68 01000000                PUSH 1                        
    ::00408CC4:: 6A 01                      PUSH 1                        
    ::00408CC6:: 68 01000000                PUSH 1                        
    ::00408CCB:: 6A 01                      PUSH 1                        
    ::00408CCD:: 68 76000000                PUSH 76                      
    ::00408CD2:: 6A 01                      PUSH 1                        
    ::00408CD4:: 68 B1020000                PUSH 2B1                      
    ::00408CD9:: 6A 01                      PUSH 1                        
    ::00408CDB:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00408CDE:: E8 6B100000                CALL 00409D4E                
    ::00408CE3:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00408CE8:: 6A 00                      PUSH 0                        
    ::00408CEA:: 68 F4010000                PUSH 1F4                      
    ::00408CEF:: 68 01000000                PUSH 1                        
    ::00408CF4:: BB 1C000000                MOV EBX,1C                    
    ::00408CF9:: B8 01000000                MOV EAX,1                    
    ::00408CFE:: E8 70650000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00408D03:: 83C4 10                    ADD ESP,10                    
    ::00408D06:: 6A 01                      PUSH 1                        
    ::00408D08:: 68 01000000                PUSH 1                        
    ::00408D0D:: 6A 01                      PUSH 1                        
    ::00408D0F:: 68 01000000                PUSH 1                        
    ::00408D14:: 6A 01                      PUSH 1                        
    ::00408D16:: 68 AA000000                PUSH AA                      
    ::00408D1B:: 6A 01                      PUSH 1                        
    ::00408D1D:: 68 F3000000                PUSH F3                      
    ::00408D22:: 6A 01                      PUSH 1                        
    ::00408D24:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00408D27:: E8 22100000                CALL 00409D4E                
    ::00408D2C:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00408D31:: 6A 00                      PUSH 0                        
    ::00408D33:: 68 F4010000                PUSH 1F4                      
    ::00408D38:: 68 01000000                PUSH 1                        
    ::00408D3D:: BB 1C000000                MOV EBX,1C                    
    ::00408D42:: B8 01000000                MOV EAX,1                    
    ::00408D47:: E8 27650000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00408D4C:: 83C4 10                    ADD ESP,10                    
    ::00408D4F:: 6A 01                      PUSH 1                        
    ::00408D51:: 68 01000000                PUSH 1                        
    ::00408D56:: 6A 01                      PUSH 1                        
    ::00408D58:: 68 01000000                PUSH 1                        
    ::00408D5D:: 6A 01                      PUSH 1                        
    ::00408D5F:: 68 C2010000                PUSH 1C2                      
    ::00408D64:: 6A 01                      PUSH 1                        
    ::00408D66:: 68 04010000                PUSH 104                      
    ::00408D6B:: 6A 01                      PUSH 1                        
    ::00408D6D:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00408D70:: E8 D90F0000                CALL 00409D4E                
    ::00408D75:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00408D7A:: 6A 00                      PUSH 0                        
    ::00408D7C:: 68 F4010000                PUSH 1F4                      
    ::00408D81:: 68 01000000                PUSH 1                        
    ::00408D86:: BB 1C000000                MOV EBX,1C                    
    ::00408D8B:: B8 01000000                MOV EAX,1                    
    ::00408D90:: E8 DE640000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00408D95:: 83C4 10                    ADD ESP,10                    
    ::00408D98:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::00408D9F:: 6A 00                      PUSH 0                        
    ::00408DA1:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::00408DA4:: 6A 01                      PUSH 1                        
    ::00408DA6:: 68 03000000                PUSH 3                        
    ::00408DAB:: 68 51000000                PUSH 51                      
    ::00408DB0:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00408DB3:: E8 EF180000                CALL 0040A6A7                
    ::00408DB8:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00408DBD:: 6A 00                      PUSH 0                        
    ::00408DBF:: 68 32000000                PUSH 32                      
    ::00408DC4:: 68 01000000                PUSH 1                        
    ::00408DC9:: BB 1C000000                MOV EBX,1C                    
    ::00408DCE:: B8 01000000                MOV EAX,1                    
    ::00408DD3:: E8 9B640000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00408DD8:: 83C4 10                    ADD ESP,10                    
    ::00408DDB:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::00408DE2:: 6A 00                      PUSH 0                        
    ::00408DE4:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::00408DE7:: 6A 01                      PUSH 1                        
    ::00408DE9:: 68 04000000                PUSH 4                        
    ::00408DEE:: 68 51000000                PUSH 51                      
    ::00408DF3:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00408DF6:: E8 AC180000                CALL 0040A6A7                
    ::00408DFB:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00408E00:: 6A 00                      PUSH 0                        
    ::00408E02:: 68 64000000                PUSH 64                      
    ::00408E07:: 68 01000000                PUSH 1                        
    ::00408E0C:: BB 1C000000                MOV EBX,1C                    
    ::00408E11:: B8 01000000                MOV EAX,1                    
    ::00408E16:: E8 58640000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00408E1B:: 83C4 10                    ADD ESP,10                    
    ::00408E1E:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::00408E25:: 6A 00                      PUSH 0                        
    ::00408E27:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::00408E2A:: 6A 01                      PUSH 1                        
    ::00408E2C:: 68 03000000                PUSH 3                        
    ::00408E31:: 68 51000000                PUSH 51                      
    ::00408E36:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00408E39:: E8 69180000                CALL 0040A6A7                
    ::00408E3E:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00408E43:: 6A 00                      PUSH 0                        
    ::00408E45:: 68 32000000                PUSH 32                      
    ::00408E4A:: 68 01000000                PUSH 1                        
    ::00408E4F:: BB 1C000000                MOV EBX,1C                    
    ::00408E54:: B8 01000000                MOV EAX,1                    
    ::00408E59:: E8 15640000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00408E5E:: 83C4 10                    ADD ESP,10                    
    ::00408E61:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::00408E68:: 6A 00                      PUSH 0                        
    ::00408E6A:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::00408E6D:: 6A 01                      PUSH 1                        
    ::00408E6F:: 68 04000000                PUSH 4                        
    ::00408E74:: 68 51000000                PUSH 51                      
    ::00408E79:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00408E7C:: E8 26180000                CALL 0040A6A7                
    ::00408E81:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00408E86:: 6A 00                      PUSH 0                        
    ::00408E88:: 68 64000000                PUSH 64                      
    ::00408E8D:: 68 01000000                PUSH 1                        
    ::00408E92:: BB 1C000000                MOV EBX,1C                    
    ::00408E97:: B8 01000000                MOV EAX,1                    
    ::00408E9C:: E8 D2630000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00408EA1:: 83C4 10                    ADD ESP,10                    
    ::00408EA4:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::00408EAB:: 6A 00                      PUSH 0                        
    ::00408EAD:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::00408EB0:: 6A 01                      PUSH 1                        
    ::00408EB2:: 68 03000000                PUSH 3                        
    ::00408EB7:: 68 51000000                PUSH 51                      
    ::00408EBC:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00408EBF:: E8 E3170000                CALL 0040A6A7                
    ::00408EC4:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00408EC9:: 6A 00                      PUSH 0                        
    ::00408ECB:: 68 32000000                PUSH 32                      
    ::00408ED0:: 68 01000000                PUSH 1                        
    ::00408ED5:: BB 1C000000                MOV EBX,1C                    
    ::00408EDA:: B8 01000000                MOV EAX,1                    
    ::00408EDF:: E8 8F630000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00408EE4:: 83C4 10                    ADD ESP,10                    
    ::00408EE7:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::00408EEE:: 6A 00                      PUSH 0                        
    ::00408EF0:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::00408EF3:: 6A 01                      PUSH 1                        
    ::00408EF5:: 68 04000000                PUSH 4                        
    ::00408EFA:: 68 51000000                PUSH 51                      
    ::00408EFF:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00408F02:: E8 A0170000                CALL 0040A6A7                
    ::00408F07:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00408F0C:: 6A 00                      PUSH 0                        
    ::00408F0E:: 68 64000000                PUSH 64                      
    ::00408F13:: 68 01000000                PUSH 1                        
    ::00408F18:: BB 1C000000                MOV EBX,1C                    
    ::00408F1D:: B8 01000000                MOV EAX,1                    
    ::00408F22:: E8 4C630000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00408F27:: 83C4 10                    ADD ESP,10                    
    ::00408F2A:: 6A 01                      PUSH 1                        
    ::00408F2C:: 68 01000000                PUSH 1                        
    ::00408F31:: 6A 01                      PUSH 1                        
    ::00408F33:: 68 01000000                PUSH 1                        
    ::00408F38:: 6A 01                      PUSH 1                        
    ::00408F3A:: 68 EA010000                PUSH 1EA                      
    ::00408F3F:: 6A 01                      PUSH 1                        
    ::00408F41:: 68 43010000                PUSH 143                      
    ::00408F46:: 6A 01                      PUSH 1                        
    ::00408F48:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00408F4B:: E8 FE0D0000                CALL 00409D4E                
    ::00408F50:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00408F55:: 6A 00                      PUSH 0                        
    ::00408F57:: 68 F4010000                PUSH 1F4                      
    ::00408F5C:: 68 01000000                PUSH 1                        
    ::00408F61:: BB 1C000000                MOV EBX,1C                    
    ::00408F66:: B8 01000000                MOV EAX,1                    
    ::00408F6B:: E8 03630000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00408F70:: 83C4 10                    ADD ESP,10                    
    ::00408F73:: 6A 01                      PUSH 1                        
    ::00408F75:: 68 01000000                PUSH 1                        
    ::00408F7A:: 6A 01                      PUSH 1                        
    ::00408F7C:: 68 01000000                PUSH 1                        
    ::00408F81:: 6A 01                      PUSH 1                        
    ::00408F83:: 68 D6010000                PUSH 1D6                      
    ::00408F88:: 6A 01                      PUSH 1                        
    ::00408F8A:: 68 60010000                PUSH 160                      
    ::00408F8F:: 6A 01                      PUSH 1                        
    ::00408F91:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00408F94:: E8 B50D0000                CALL 00409D4E                
    ::00408F99:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00408F9E:: 6A 00                      PUSH 0                        
    ::00408FA0:: 68 DC050000                PUSH 5DC                      
    ::00408FA5:: 68 01000000                PUSH 1                        
    ::00408FAA:: BB 1C000000                MOV EBX,1C                    
    ::00408FAF:: B8 01000000                MOV EAX,1                    
    ::00408FB4:: E8 BA620000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00408FB9:: 83C4 10                    ADD ESP,10                    
    ::00408FBC:: 6A 01                      PUSH 1                        
    ::00408FBE:: 68 01000000                PUSH 1                        
    ::00408FC3:: 6A 01                      PUSH 1                        
    ::00408FC5:: 68 01000000                PUSH 1                        
    ::00408FCA:: 6A 01                      PUSH 1                        
    ::00408FCC:: 68 BA010000                PUSH 1BA                      
    ::00408FD1:: 6A 01                      PUSH 1                        
    ::00408FD3:: 68 31000000                PUSH 31                      
    ::00408FD8:: 6A 01                      PUSH 1                        
    ::00408FDA:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00408FDD:: E8 6C0D0000                CALL 00409D4E                
    ::00408FE2:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00408FE7:: 6A 00                      PUSH 0                        
    ::00408FE9:: 68 F4010000                PUSH 1F4                      
    ::00408FEE:: 68 01000000                PUSH 1                        
    ::00408FF3:: BB 1C000000                MOV EBX,1C                    
    ::00408FF8:: B8 01000000                MOV EAX,1                    
    ::00408FFD:: E8 71620000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00409002:: 83C4 10                    ADD ESP,10                    
    ::00409005:: 6A 01                      PUSH 1                        
    ::00409007:: 68 01000000                PUSH 1                        
    ::0040900C:: 6A 01                      PUSH 1                        
    ::0040900E:: 68 01000000                PUSH 1                        
    ::00409013:: 6A 01                      PUSH 1                        
    ::00409015:: 68 55000000                PUSH 55                      
    ::0040901A:: 6A 01                      PUSH 1                        
    ::0040901C:: 68 C7010000                PUSH 1C7                      
    ::00409021:: 6A 01                      PUSH 1                        
    ::00409023:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00409026:: E8 230D0000                CALL 00409D4E                
    ::0040902B:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00409030:: 6A 00                      PUSH 0                        
    ::00409032:: 68 F4010000                PUSH 1F4                      
    ::00409037:: 68 01000000                PUSH 1                        
    ::0040903C:: BB 1C000000                MOV EBX,1C                    
    ::00409041:: B8 01000000                MOV EAX,1                    
    ::00409046:: E8 28620000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::0040904B:: 83C4 10                    ADD ESP,10                    
    ::0040904E:: 6A 01                      PUSH 1                        
    ::00409050:: 68 01000000                PUSH 1                        
    ::00409055:: 6A 01                      PUSH 1                        
    ::00409057:: 68 01000000                PUSH 1                        
    ::0040905C:: 6A 01                      PUSH 1                        
    ::0040905E:: 68 9D000000                PUSH 9D                      
    ::00409063:: 6A 01                      PUSH 1                        
    ::00409065:: 68 C0010000                PUSH 1C0                      
    ::0040906A:: 6A 01                      PUSH 1                        
    ::0040906C:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::0040906F:: E8 DA0C0000                CALL 00409D4E                
    ::00409074:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00409079:: 6A 00                      PUSH 0                        
    ::0040907B:: 68 F4010000                PUSH 1F4                      
    ::00409080:: 68 01000000                PUSH 1                        
    ::00409085:: BB 1C000000                MOV EBX,1C                    
    ::0040908A:: B8 01000000                MOV EAX,1                    
    ::0040908F:: E8 DF610000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00409094:: 83C4 10                    ADD ESP,10                    
    ::00409097:: 6A 01                      PUSH 1                        
    ::00409099:: 68 01000000                PUSH 1                        
    ::0040909E:: 6A 01                      PUSH 1                        
    ::004090A0:: 68 01000000                PUSH 1                        
    ::004090A5:: 6A 01                      PUSH 1                        
    ::004090A7:: 68 EA000000                PUSH EA                      
    ::004090AC:: 6A 01                      PUSH 1                        
    ::004090AE:: 68 08020000                PUSH 208                      
    ::004090B3:: 6A 01                      PUSH 1                        
    ::004090B5:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::004090B8:: E8 910C0000                CALL 00409D4E                
    ::004090BD:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::004090C2:: 6A 00                      PUSH 0                        
    ::004090C4:: 68 F4010000                PUSH 1F4                      
    ::004090C9:: 68 01000000                PUSH 1                        
    ::004090CE:: BB 1C000000                MOV EBX,1C                    
    ::004090D3:: B8 01000000                MOV EAX,1                    
    ::004090D8:: E8 96610000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::004090DD:: 83C4 10                    ADD ESP,10                    
    ::004090E0:: 6A 01                      PUSH 1                        
    ::004090E2:: 68 01000000                PUSH 1                        
    ::004090E7:: 6A 01                      PUSH 1                        
    ::004090E9:: 68 01000000                PUSH 1                        
    ::004090EE:: 6A 01                      PUSH 1                        
    ::004090F0:: 68 FB010000                PUSH 1FB                      
    ::004090F5:: 6A 01                      PUSH 1                        
    ::004090F7:: 68 1A020000                PUSH 21A                      
    ::004090FC:: 6A 01                      PUSH 1                        
    ::004090FE:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00409101:: E8 480C0000                CALL 00409D4E                
    ::00409106:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::0040910B:: 6A 00                      PUSH 0                        
    ::0040910D:: 68 DC050000                PUSH 5DC                      
    ::00409112:: 68 01000000                PUSH 1                        
    ::00409117:: BB 1C000000                MOV EBX,1C                    
    ::0040911C:: B8 01000000                MOV EAX,1                    
    ::00409121:: E8 4D610000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00409126:: 83C4 10                    ADD ESP,10                    
    ::00409129:: 6A 01                      PUSH 1                        
    ::0040912B:: 68 01000000                PUSH 1                        
    ::00409130:: 6A 01                      PUSH 1                        
    ::00409132:: 68 01000000                PUSH 1                        
    ::00409137:: 6A 01                      PUSH 1                        
    ::00409139:: 68 52000000                PUSH 52                      
    ::0040913E:: 6A 01                      PUSH 1                        
    ::00409140:: 68 5F010000                PUSH 15F                      
    ::00409145:: 6A 01                      PUSH 1                        
    ::00409147:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::0040914A:: E8 FF0B0000                CALL 00409D4E                
    ::0040914F:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00409154:: 6A 00                      PUSH 0                        
    ::00409156:: 68 F4010000                PUSH 1F4                      
    ::0040915B:: 68 01000000                PUSH 1                        
    ::00409160:: BB 1C000000                MOV EBX,1C                    
    ::00409165:: B8 01000000                MOV EAX,1                    
    ::0040916A:: E8 04610000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::0040916F:: 83C4 10                    ADD ESP,10                    
    ::00409172:: 6A 01                      PUSH 1                        
    ::00409174:: 68 01000000                PUSH 1                        
    ::00409179:: 6A 01                      PUSH 1                        
    ::0040917B:: 68 01000000                PUSH 1                        
    ::00409180:: 6A 01                      PUSH 1                        
    ::00409182:: 68 52000000                PUSH 52                      
    ::00409187:: 6A 01                      PUSH 1                        
    ::00409189:: 68 DF010000                PUSH 1DF                      
    ::0040918E:: 6A 01                      PUSH 1                        
    ::00409190:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00409193:: E8 B60B0000                CALL 00409D4E                
    ::00409198:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::0040919D:: 6A 00                      PUSH 0                        
    ::0040919F:: 68 F4010000                PUSH 1F4                      
    ::004091A4:: 68 01000000                PUSH 1                        
    ::004091A9:: BB 1C000000                MOV EBX,1C                    
    ::004091AE:: B8 01000000                MOV EAX,1                    
    ::004091B3:: E8 BB600000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::004091B8:: 83C4 10                    ADD ESP,10                    
    ::004091BB:: 6A 01                      PUSH 1                        
    ::004091BD:: 68 01000000                PUSH 1                        
    ::004091C2:: 6A 01                      PUSH 1                        
    ::004091C4:: 68 01000000                PUSH 1                        
    ::004091C9:: 6A 01                      PUSH 1                        
    ::004091CB:: 68 52000000                PUSH 52                      
    ::004091D0:: 6A 01                      PUSH 1                        
    ::004091D2:: 68 5D020000                PUSH 25D                      
    ::004091D7:: 6A 01                      PUSH 1                        
    ::004091D9:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::004091DC:: E8 6D0B0000                CALL 00409D4E                
    ::004091E1:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::004091E6:: 6A 00                      PUSH 0                        
    ::004091E8:: 68 F4010000                PUSH 1F4                      
    ::004091ED:: 68 01000000                PUSH 1                        
    ::004091F2:: BB 1C000000                MOV EBX,1C                    
    ::004091F7:: B8 01000000                MOV EAX,1                    
    ::004091FC:: E8 72600000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00409201:: 83C4 10                    ADD ESP,10                    
    ::00409204:: 6A 01                      PUSH 1                        
    ::00409206:: 68 01000000                PUSH 1                        
    ::0040920B:: 6A 01                      PUSH 1                        
    ::0040920D:: 68 01000000                PUSH 1                        
    ::00409212:: 6A 01                      PUSH 1                        
    ::00409214:: 68 52000000                PUSH 52                      
    ::00409219:: 6A 01                      PUSH 1                        
    ::0040921B:: 68 DF020000                PUSH 2DF                      
    ::00409220:: 6A 01                      PUSH 1                        
    ::00409222:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00409225:: E8 240B0000                CALL 00409D4E                
    ::0040922A:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::0040922F:: 6A 00                      PUSH 0                        
    ::00409231:: 68 F4010000                PUSH 1F4                      
    ::00409236:: 68 01000000                PUSH 1                        
    ::0040923B:: BB 1C000000                MOV EBX,1C                    
    ::00409240:: B8 01000000                MOV EAX,1                    
    ::00409245:: E8 29600000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::0040924A:: 83C4 10                    ADD ESP,10                    
    ::0040924D:: 6A 01                      PUSH 1                        
    ::0040924F:: 68 01000000                PUSH 1                        
    ::00409254:: 6A 01                      PUSH 1                        
    ::00409256:: 68 01000000                PUSH 1                        
    ::0040925B:: 6A 01                      PUSH 1                        
    ::0040925D:: 68 44000000                PUSH 44                      
    ::00409262:: 6A 01                      PUSH 1                        
    ::00409264:: 68 34000000                PUSH 34                      
    ::00409269:: 6A 01                      PUSH 1                        
    ::0040926B:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::0040926E:: E8 DB0A0000                CALL 00409D4E                
    ::00409273:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00409278:: 6A 00                      PUSH 0                        
    ::0040927A:: 68 F4010000                PUSH 1F4                      
    ::0040927F:: 68 01000000                PUSH 1                        
    ::00409284:: BB 1C000000                MOV EBX,1C                    
    ::00409289:: B8 01000000                MOV EAX,1                    
    ::0040928E:: E8 E05F0000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00409293:: 83C4 10                    ADD ESP,10                    
    ::00409296:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040929D:: 6A 00                      PUSH 0                        
    ::0040929F:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::004092A2:: 68 2F010000                PUSH 12F                      
    ::004092A7:: 68 D1010000                PUSH 1D1                      
    ::004092AC:: 6A 01                      PUSH 1                        
    ::004092AE:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::004092B1:: E8 0F060000                CALL 004098C5                
    ::004092B6:: 8945 F0                    MOV [EBP-10],EAX              
    ::004092B9:: 817D F0 E8EFFC00           CMP DWORD PTR [EBP-10],FCEFE8
    ::004092C0:: 0F85 CF000000              JNZ 00409395                  
    ::004092C6:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::004092CD:: 6A 00                      PUSH 0                        
    ::004092CF:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::004092D2:: 6A 01                      PUSH 1                        
    ::004092D4:: 68 03000000                PUSH 3                        
    ::004092D9:: 68 0D000000                PUSH D                        
    ::004092DE:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::004092E1:: E8 C1130000                CALL 0040A6A7                
    ::004092E6:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::004092EB:: 6A 00                      PUSH 0                        
    ::004092ED:: 68 32000000                PUSH 32                      
    ::004092F2:: 68 01000000                PUSH 1                        
    ::004092F7:: BB 1C000000                MOV EBX,1C                    
    ::004092FC:: B8 01000000                MOV EAX,1                    
    ::00409301:: E8 6D5F0000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00409306:: 83C4 10                    ADD ESP,10                    
    ::00409309:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::00409310:: 6A 00                      PUSH 0                        
    ::00409312:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::00409315:: 6A 01                      PUSH 1                        
    ::00409317:: 68 04000000                PUSH 4                        
    ::0040931C:: 68 0D000000                PUSH D                        
    ::00409321:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00409324:: E8 7E130000                CALL 0040A6A7                
    ::00409329:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::0040932E:: 6A 00                      PUSH 0                        
    ::00409330:: 68 64000000                PUSH 64                      
    ::00409335:: 68 01000000                PUSH 1                        
    ::0040933A:: BB 1C000000                MOV EBX,1C                    
    ::0040933F:: B8 01000000                MOV EAX,1                    
    ::00409344:: E8 2A5F0000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00409349:: 83C4 10                    ADD ESP,10                    
    ::0040934C:: 6A 01                      PUSH 1                        
    ::0040934E:: 68 01000000                PUSH 1                        
    ::00409353:: 6A 01                      PUSH 1                        
    ::00409355:: 68 01000000                PUSH 1                        
    ::0040935A:: 6A 01                      PUSH 1                        
    ::0040935C:: 68 4B020000                PUSH 24B                      
    ::00409361:: 6A 01                      PUSH 1                        
    ::00409363:: 68 4A000000                PUSH 4A                      
    ::00409368:: 6A 01                      PUSH 1                        
    ::0040936A:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::0040936D:: E8 DC090000                CALL 00409D4E                
    ::00409372:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00409377:: 6A 00                      PUSH 0                        
    ::00409379:: 68 DC050000                PUSH 5DC                      
    ::0040937E:: 68 01000000                PUSH 1                        
    ::00409383:: BB 1C000000                MOV EBX,1C                    
    ::00409388:: B8 01000000                MOV EAX,1                    
    ::0040938D:: E8 E15E0000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00409392:: 83C4 10                    ADD ESP,10                    
    ::00409395:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040939C:: 6A 00                      PUSH 0                        
    ::0040939E:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::004093A1:: 68 6D000000                PUSH 6D                      
    ::004093A6:: 68 82000000                PUSH 82                      
    ::004093AB:: 6A 01                      PUSH 1                        
    ::004093AD:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::004093B0:: E8 10050000                CALL 004098C5                
    ::004093B5:: 8945 F0                    MOV [EBP-10],EAX              
    ::004093B8:: 817D F0 B7C8E300           CMP DWORD PTR [EBP-10],E3C8B7
    ::004093BF:: 0F85 49000000              JNZ 0040940E                  
    ::004093C5:: 6A 01                      PUSH 1                        
    ::004093C7:: 68 01000000                PUSH 1                        
    ::004093CC:: 6A 01                      PUSH 1                        
    ::004093CE:: 68 01000000                PUSH 1                        
    ::004093D3:: 6A 01                      PUSH 1                        
    ::004093D5:: 68 16000000                PUSH 16                      
    ::004093DA:: 6A 01                      PUSH 1                        
    ::004093DC:: 68 30000000                PUSH 30                      
    ::004093E1:: 6A 01                      PUSH 1                        
    ::004093E3:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::004093E6:: E8 63090000                CALL 00409D4E                
    ::004093EB:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::004093F0:: 6A 00                      PUSH 0                        
    ::004093F2:: 68 AC0D0000                PUSH DAC                      
    ::004093F7:: 68 01000000                PUSH 1                        
    ::004093FC:: BB 1C000000                MOV EBX,1C                    
    ::00409401:: B8 01000000                MOV EAX,1                    
    ::00409406:: E8 685E0000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::0040940B:: 83C4 10                    ADD ESP,10                    
    ::0040940E:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::00409415:: 6A 00                      PUSH 0                        
    ::00409417:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040941A:: 68 31010000                PUSH 131                      
    ::0040941F:: 68 C2010000                PUSH 1C2                      
    ::00409424:: 6A 01                      PUSH 1                        
    ::00409426:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00409429:: E8 97040000                CALL 004098C5                
    ::0040942E:: 8945 F0                    MOV [EBP-10],EAX              
    ::00409431:: 817D F0 E8EFFC00           CMP DWORD PTR [EBP-10],FCEFE8
    ::00409438:: 0F85 CF000000              JNZ 0040950D                  
    ::0040943E:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::00409445:: 6A 00                      PUSH 0                        
    ::00409447:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040944A:: 6A 01                      PUSH 1                        
    ::0040944C:: 68 03000000                PUSH 3                        
    ::00409451:: 68 0D000000                PUSH D                        
    ::00409456:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::00409459:: E8 49120000                CALL 0040A6A7                
    ::0040945E:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00409463:: 6A 00                      PUSH 0                        
    ::00409465:: 68 32000000                PUSH 32                      
    ::0040946A:: 68 01000000                PUSH 1                        
    ::0040946F:: BB 1C000000                MOV EBX,1C                    
    ::00409474:: B8 01000000                MOV EAX,1                    
    ::00409479:: E8 F55D0000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::0040947E:: 83C4 10                    ADD ESP,10                    
    ::00409481:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::00409488:: 6A 00                      PUSH 0                        
    ::0040948A:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040948D:: 6A 01                      PUSH 1                        
    ::0040948F:: 68 04000000                PUSH 4                        
    ::00409494:: 68 0D000000                PUSH D                        
    ::00409499:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::0040949C:: E8 06120000                CALL 0040A6A7                
    ::004094A1:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::004094A6:: 6A 00                      PUSH 0                        
    ::004094A8:: 68 64000000                PUSH 64                      
    ::004094AD:: 68 01000000                PUSH 1                        
    ::004094B2:: BB 1C000000                MOV EBX,1C                    
    ::004094B7:: B8 01000000                MOV EAX,1                    
    ::004094BC:: E8 B25D0000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::004094C1:: 83C4 10                    ADD ESP,10                    
    ::004094C4:: 6A 01                      PUSH 1                        
    ::004094C6:: 68 01000000                PUSH 1                        
    ::004094CB:: 6A 01                      PUSH 1                        
    ::004094CD:: 68 01000000                PUSH 1                        
    ::004094D2:: 6A 01                      PUSH 1                        
    ::004094D4:: 68 4B020000                PUSH 24B                      
    ::004094D9:: 6A 01                      PUSH 1                        
    ::004094DB:: 68 4A000000                PUSH 4A                      
    ::004094E0:: 6A 01                      PUSH 1                        
    ::004094E2:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::004094E5:: E8 64080000                CALL 00409D4E                
    ::004094EA:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::004094EF:: 6A 00                      PUSH 0                        
    ::004094F1:: 68 D0070000                PUSH 7D0                      
    ::004094F6:: 68 01000000                PUSH 1                        
    ::004094FB:: BB 1C000000                MOV EBX,1C                    
    ::00409500:: B8 01000000                MOV EAX,1                    
    ::00409505:: E8 695D0000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::0040950A:: 83C4 10                    ADD ESP,10                    
    ::0040950D:: 6A 01                      PUSH 1                        
    ::0040950F:: 68 01000000                PUSH 1                        
    ::00409514:: 6A 01                      PUSH 1                        
    ::00409516:: 68 01000000                PUSH 1                        
    ::0040951B:: 6A 01                      PUSH 1                        
    ::0040951D:: 68 52000000                PUSH 52                      
    ::00409522:: 6A 01                      PUSH 1                        
    ::00409524:: 68 34000000                PUSH 34                      
    ::00409529:: 6A 01                      PUSH 1                        
    ::0040952B:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::0040952E:: E8 1B080000                CALL 00409D4E                
    ::00409533:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::00409538:: 6A 00                      PUSH 0                        
    ::0040953A:: 68 2C010000                PUSH 12C                      
    ::0040953F:: 68 01000000                PUSH 1                        
    ::00409544:: BB 1C000000                MOV EBX,1C                    
    ::00409549:: B8 01000000                MOV EAX,1                    
    ::0040954E:: E8 205D0000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::00409553:: 83C4 10                    ADD ESP,10                    
    ::00409556:: E9 D6F6FFFF                JMP 00408C31                  
    ::0040955B:: 8BE5                       MOV ESP,EBP                  
    ::0040955D:: 5D                         POP EBP                      
    ::0040955E:: C3                         RETN                          




  • ::0040B140:: 55                         PUSH EBP                      
    ::0040B141:: 8BEC                       MOV EBP,ESP                  
    ::0040B143:: 81EC 10000000              SUB ESP,10                    
    ::0040B149:: EB 10                      JMP SHORT 0040B15B            
    ::0040B14B:: 56                         PUSH ESI                      
    ::0040B14C:: 4D                         DEC EBP                      
    ::0040B14D:: 50                         PUSH EAX                      
    ::0040B14E:: 72 6F                      JB SHORT 0040B1BF            
    ::0040B150:: 74 65                      JE SHORT 0040B1B7            
    ::0040B152:: 637420 62                  ARPL [EAX+62],ESI            
    ::0040B156:: 65:67:696E 00 6A01B8A7     IMUL EBP,GS:[BP],A7B8016A    
    ::0040B15F:: 3240 00                    XOR AL,[EAX]                  
    ::0040B162:: 8945 FC                    MOV [EBP-4],EAX              
    ::0040B165:: 8D45 FC                    LEA EAX,[EBP-4]              
    ::0040B168:: 50                         PUSH EAX                      
    ::0040B169:: 6A 01                      PUSH 1                        
    ::0040B16B:: B8 A7324000                MOV EAX,4032A7                PopKart Client(常量)
    ::0040B170:: 8945 F8                    MOV [EBP-8],EAX              
    ::0040B173:: 8D45 F8                    LEA EAX,[EBP-8]              
    ::0040B176:: 50                         PUSH EAX                      
    ::0040B177:: 6A 01                      PUSH 1                        
    ::0040B179:: B8 B6324000                MOV EAX,4032B6                KartRider.exe(常量)
    ::0040B17E:: 8945 F4                    MOV [EBP-C],EAX              
    ::0040B181:: 8D45 F4                    LEA EAX,[EBP-C]              
    ::0040B184:: 50                         PUSH EAX                      
    ::0040B185:: E8 19020000                CALL 0040B3A3                
    ::0040B18A:: 8945 F0                    MOV [EBP-10],EAX              
    ::0040B18D:: 8B5D F4                    MOV EBX,[EBP-C]              
    ::0040B190:: 85DB                       TEST EBX,EBX                  
    ::0040B192:: 74 09                      JE SHORT 0040B19D            
    ::0040B194:: 53                         PUSH EBX                      
    ::0040B195:: E8 BB400000                CALL 0040F255                 销毁从堆上分配到的内存(调用8号服务)
    ::0040B19A:: 83C4 04                    ADD ESP,4                    
    ::0040B19D:: 8B5D F8                    MOV EBX,[EBP-8]              
    ::0040B1A0:: 85DB                       TEST EBX,EBX                  
    ::0040B1A2:: 74 09                      JE SHORT 0040B1AD            
    ::0040B1A4:: 53                         PUSH EBX                      
    ::0040B1A5:: E8 AB400000                CALL 0040F255                 销毁从堆上分配到的内存(调用8号服务)
    ::0040B1AA:: 83C4 04                    ADD ESP,4                    
    ::0040B1AD:: 8B5D FC                    MOV EBX,[EBP-4]              
    ::0040B1B0:: 85DB                       TEST EBX,EBX                  
    ::0040B1B2:: 74 09                      JE SHORT 0040B1BD            
    ::0040B1B4:: 53                         PUSH EBX                      
    ::0040B1B5:: E8 9B400000                CALL 0040F255                 销毁从堆上分配到的内存(调用8号服务)
    ::0040B1BA:: 83C4 04                    ADD ESP,4                    
    ::0040B1BD:: 8B45 F0                    MOV EAX,[EBP-10]              
    ::0040B1C0:: A3 28069F00                MOV [9F0628],EAX              
    ::0040B1C5:: C745 FC 00000000           MOV DWORD PTR [EBP-4],0      
    ::0040B1CC:: 6A 00                      PUSH 0                        
    ::0040B1CE:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::0040B1D1:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040B1D8:: 6A 00                      PUSH 0                        
    ::0040B1DA:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040B1DD:: C745 F4 00000000           MOV DWORD PTR [EBP-C],0      
    ::0040B1E4:: 6A 00                      PUSH 0                        
    ::0040B1E6:: FF75 F4                    PUSH DWORD PTR [EBP-C]        
    ::0040B1E9:: 68 71000000                PUSH 71                      
    ::0040B1EE:: 68 C6E34000                PUSH 40E3C6                  
    ::0040B1F3:: E8 FE160000                CALL 0040C8F6                
    ::0040B1F8:: C745 FC 00000000           MOV DWORD PTR [EBP-4],0      
    ::0040B1FF:: 6A 00                      PUSH 0                        
    ::0040B201:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::0040B204:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040B20B:: 6A 00                      PUSH 0                        
    ::0040B20D:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040B210:: C745 F4 00000000           MOV DWORD PTR [EBP-C],0      
    ::0040B217:: 6A 00                      PUSH 0                        
    ::0040B219:: FF75 F4                    PUSH DWORD PTR [EBP-C]        
    ::0040B21C:: 68 70000000                PUSH 70                      
    ::0040B221:: 68 D2E34000                PUSH 40E3D2                  
    ::0040B226:: E8 CB160000                CALL 0040C8F6                
    ::0040B22B:: EB 0E                      JMP SHORT 0040B23B            
    ::0040B22D:: 56                         PUSH ESI                      
    ::0040B22E:: 4D                         DEC EBP                      
    ::0040B22F:: 50                         PUSH EAX                      
    ::0040B230:: 72 6F                      JB SHORT 0040B2A1            
    ::0040B232:: 74 65                      JE SHORT 0040B299            
    ::0040B234:: 637420 65                  ARPL [EAX+65],ESI            
    ::0040B238:: 6E                         OUTS DX,BYTE PTR ES:[EDI]    
    ::0040B239:: 64:008B E55DC38B           ADD FS:[EBX+8BC35DE5],CL      
    ::0040B240:: 54                         PUSH ESP                      
    ::0040B241:: 24 04                      AND AL,4                      
    ::0040B243:: 8B4C24 08                  MOV ECX,[ESP+8]              
    ::0040B247:: 85D2                       TEST EDX,EDX                  
    ::0040B249:: 75 0D                      JNZ SHORT 0040B258            
    ::0040B24B:: 33C0                       XOR EAX,EAX                  
    ::0040B24D:: 85C9                       TEST ECX,ECX                  
    ::0040B24F:: 74 06                      JE SHORT 0040B257            
    ::0040B251:: 8039 00                    CMP BYTE PTR [ECX],0          
    ::0040B254:: 74 01                      JE SHORT 0040B257            
    ::0040B256:: 48                         DEC EAX                      
    ::0040B257:: C3                         RETN                          


  1. ::0040D5D0:: 55                         PUSH EBP                      
    ::0040D5D1:: 8BEC                       MOV EBP,ESP                  
    ::0040D5D3:: 81EC 14000000              SUB ESP,14                    
    ::0040D5D9:: C745 FC 00000000           MOV DWORD PTR [EBP-4],0      
    ::0040D5E0:: 6A FF                      PUSH -1                      
    ::0040D5E2:: 6A 12                      PUSH 12                      
    ::0040D5E4:: 68 1A000116                PUSH 1601001A                 自动刷球(未知数据类型)
    ::0040D5E9:: 68 01000152                PUSH 52010001                 窗体单元1(父窗体)
    ::0040D5EE:: E8 861C0000                CALL 0040F279                 取窗体对象属性(调用4号服务)
    ::0040D5F3:: 83C4 10                    ADD ESP,10                    
    ::0040D5F6:: 8945 F4                    MOV [EBP-C],EAX              
    ::0040D5F9:: 837D F4 01                 CMP DWORD PTR [EBP-C],1      
    ::0040D5FD:: 0F85 22000000              JNZ 0040D625                  
    ::0040D603:: 6A 00                      PUSH 0                        
    ::0040D605:: 68 00000000                PUSH 0                        
    ::0040D60A:: 6A FF                      PUSH -1                      
    ::0040D60C:: 6A 12                      PUSH 12                      
    ::0040D60E:: 68 1A000116                PUSH 1601001A                 自动刷球(未知数据类型)
    ::0040D613:: 68 01000152                PUSH 52010001                 窗体单元1(父窗体)
    ::0040D618:: E8 621C0000                CALL 0040F27F                 修改窗体对象属性(调用5号服务)
    ::0040D61D:: 83C4 18                    ADD ESP,18                    
    ::0040D620:: E9 1D000000                JMP 0040D642                  
    ::0040D625:: 6A 00                      PUSH 0                        
    ::0040D627:: 68 01000000                PUSH 1                        
    ::0040D62C:: 6A FF                      PUSH -1                      
    ::0040D62E:: 6A 12                      PUSH 12                      
    ::0040D630:: 68 1A000116                PUSH 1601001A                 自动刷球(未知数据类型)
    ::0040D635:: 68 01000152                PUSH 52010001                 窗体单元1(父窗体)
    ::0040D63A:: E8 401C0000                CALL 0040F27F                 修改窗体对象属性(调用5号服务)
    ::0040D63F:: 83C4 18                    ADD ESP,18                    
    ::0040D642:: 6A FF                      PUSH -1                      
    ::0040D644:: 6A 12                      PUSH 12                      
    ::0040D646:: 68 1A000116                PUSH 1601001A                 自动刷球(未知数据类型)
    ::0040D64B:: 68 01000152                PUSH 52010001                 窗体单元1(父窗体)
    ::0040D650:: E8 241C0000                CALL 0040F279                 取窗体对象属性(调用4号服务)
    ::0040D655:: 83C4 10                    ADD ESP,10                    
    ::0040D658:: 8945 F4                    MOV [EBP-C],EAX              
    ::0040D65B:: 837D F4 01                 CMP DWORD PTR [EBP-C],1      
    ::0040D65F:: 0F85 54020000              JNZ 0040D8B9                  
    ::0040D665:: E8 F5BEFFFF                CALL 0040955F                
    ::0040D66A:: 8945 FC                    MOV [EBP-4],EAX              
    ::0040D66D:: 6A FF                      PUSH -1                      
    ::0040D66F:: 6A 12                      PUSH 12                      
    ::0040D671:: 68 1A000116                PUSH 1601001A                 自动刷球(未知数据类型)
    ::0040D676:: 68 01000152                PUSH 52010001                 窗体单元1(父窗体)
    ::0040D67B:: E8 F91B0000                CALL 0040F279                 取窗体对象属性(调用4号服务)
    ::0040D680:: 83C4 10                    ADD ESP,10                    
    ::0040D683:: 8945 F4                    MOV [EBP-C],EAX              
    ::0040D686:: 837D F4 01                 CMP DWORD PTR [EBP-C],1      
    ::0040D68A:: 0F85 29020000              JNZ 0040D8B9                  
    ::0040D690:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040D697:: 6A 00                      PUSH 0                        
    ::0040D699:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040D69C:: 68 52000000                PUSH 52                      
    ::0040D6A1:: C745 F4 00000000           MOV DWORD PTR [EBP-C],0      
    ::0040D6A8:: 6A 00                      PUSH 0                        
    ::0040D6AA:: FF75 F4                    PUSH DWORD PTR [EBP-C]        
    ::0040D6AD:: E8 0B020000                CALL 0040D8BD                
    ::0040D6B2:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::0040D6B7:: 6A 00                      PUSH 0                        
    ::0040D6B9:: 68 05000000                PUSH 5                        
    ::0040D6BE:: 68 01000000                PUSH 1                        
    ::0040D6C3:: BB 7C060000                MOV EBX,67C                  
    ::0040D6C8:: E8 A01B0000                CALL 0040F26D                 调用核心支持库命令(调用3号服务)
    ::0040D6CD:: 83C4 10                    ADD ESP,10                    
    ::0040D6D0:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040D6D7:: 6A 00                      PUSH 0                        
    ::0040D6D9:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040D6DC:: 68 52000000                PUSH 52                      
    ::0040D6E1:: C745 F4 00000000           MOV DWORD PTR [EBP-C],0      
    ::0040D6E8:: 6A 00                      PUSH 0                        
    ::0040D6EA:: FF75 F4                    PUSH DWORD PTR [EBP-C]        
    ::0040D6ED:: E8 6E050000                CALL 0040DC60                
    ::0040D6F2:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::0040D6F7:: 6A 00                      PUSH 0                        
    ::0040D6F9:: 68 05000000                PUSH 5                        
    ::0040D6FE:: 68 01000000                PUSH 1                        
    ::0040D703:: BB 7C060000                MOV EBX,67C                  
    ::0040D708:: E8 601B0000                CALL 0040F26D                 调用核心支持库命令(调用3号服务)
    ::0040D70D:: 83C4 10                    ADD ESP,10                    
    ::0040D710:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040D717:: 6A 00                      PUSH 0                        
    ::0040D719:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040D71C:: 6A 01                      PUSH 1                        
    ::0040D71E:: 68 03000000                PUSH 3                        
    ::0040D723:: 68 11000000                PUSH 11                      
    ::0040D728:: E8 D6080000                CALL 0040E003                
    ::0040D72D:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::0040D732:: 6A 00                      PUSH 0                        
    ::0040D734:: 68 05000000                PUSH 5                        
    ::0040D739:: 68 01000000                PUSH 1                        
    ::0040D73E:: BB 1C000000                MOV EBX,1C                    
    ::0040D743:: B8 01000000                MOV EAX,1                    
    ::0040D748:: E8 261B0000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::0040D74D:: 83C4 10                    ADD ESP,10                    
    ::0040D750:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040D757:: 6A 00                      PUSH 0                        
    ::0040D759:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040D75C:: 6A 01                      PUSH 1                        
    ::0040D75E:: 68 04000000                PUSH 4                        
    ::0040D763:: 68 11000000                PUSH 11                      
    ::0040D768:: E8 96080000                CALL 0040E003                
    ::0040D76D:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::0040D772:: 6A 00                      PUSH 0                        
    ::0040D774:: 68 05000000                PUSH 5                        
    ::0040D779:: 68 01000000                PUSH 1                        
    ::0040D77E:: BB 1C000000                MOV EBX,1C                    
    ::0040D783:: B8 01000000                MOV EAX,1                    
    ::0040D788:: E8 E61A0000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::0040D78D:: 83C4 10                    ADD ESP,10                    
    ::0040D790:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040D797:: 6A 00                      PUSH 0                        
    ::0040D799:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040D79C:: 6A 01                      PUSH 1                        
    ::0040D79E:: 68 03000000                PUSH 3                        
    ::0040D7A3:: 68 24000000                PUSH 24                      
    ::0040D7A8:: E8 56080000                CALL 0040E003                
    ::0040D7AD:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::0040D7B2:: 6A 00                      PUSH 0                        
    ::0040D7B4:: 68 05000000                PUSH 5                        
    ::0040D7B9:: 68 01000000                PUSH 1                        
    ::0040D7BE:: BB 1C000000                MOV EBX,1C                    
    ::0040D7C3:: B8 01000000                MOV EAX,1                    
    ::0040D7C8:: E8 A61A0000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::0040D7CD:: 83C4 10                    ADD ESP,10                    
    ::0040D7D0:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040D7D7:: 6A 00                      PUSH 0                        
    ::0040D7D9:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040D7DC:: 6A 01                      PUSH 1                        
    ::0040D7DE:: 68 04000000                PUSH 4                        
    ::0040D7E3:: 68 24000000                PUSH 24                      
    ::0040D7E8:: E8 16080000                CALL 0040E003                
    ::0040D7ED:: 68 01030080                PUSH 80000301                 整数型(基本数据类型)
    ::0040D7F2:: 6A 00                      PUSH 0                        
    ::0040D7F4:: 68 05000000                PUSH 5                        
    ::0040D7F9:: 68 01000000                PUSH 1                        
    ::0040D7FE:: BB 1C000000                MOV EBX,1C                    
    ::0040D803:: B8 01000000                MOV EAX,1                    
    ::0040D808:: E8 661A0000                CALL 0040F273                 调用其他支持库命令(调用2号服务)
    ::0040D80D:: 83C4 10                    ADD ESP,10                    
    ::0040D810:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040D817:: 6A 00                      PUSH 0                        
    ::0040D819:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040D81C:: 68 33000000                PUSH 33                      
    ::0040D821:: 68 82000000                PUSH 82                      
    ::0040D826:: 6A 01                      PUSH 1                        
    ::0040D828:: FF75 FC                    PUSH DWORD PTR [EBP-4]        
    ::0040D82B:: E8 95C0FFFF                CALL 004098C5                
    ::0040D830:: 8945 F0                    MOV [EBP-10],EAX              
    ::0040D833:: 817D F0 F9090300           CMP DWORD PTR [EBP-10],309F9  
    ::0040D83A:: 0F85 74000000              JNZ 0040D8B4                  
    ::0040D840:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040D847:: 6A 00                      PUSH 0                        
    ::0040D849:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040D84C:: 6A 01                      PUSH 1                        
    ::0040D84E:: 68 03000000                PUSH 3                        
    ::0040D853:: 68 26000000                PUSH 26                      
    ::0040D858:: E8 A6070000                CALL 0040E003                
    ::0040D85D:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040D864:: 6A 00                      PUSH 0                        
    ::0040D866:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040D869:: 6A 01                      PUSH 1                        
    ::0040D86B:: 68 03000000                PUSH 3                        
    ::0040D870:: 68 11000000                PUSH 11                      
    ::0040D875:: E8 89070000                CALL 0040E003                
    ::0040D87A:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040D881:: 6A 00                      PUSH 0                        
    ::0040D883:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040D886:: 6A 01                      PUSH 1                        
    ::0040D888:: 68 04000000                PUSH 4                        
    ::0040D88D:: 68 11000000                PUSH 11                      
    ::0040D892:: E8 6C070000                CALL 0040E003                
    ::0040D897:: C745 F8 00000000           MOV DWORD PTR [EBP-8],0      
    ::0040D89E:: 6A 00                      PUSH 0                        
    ::0040D8A0:: FF75 F8                    PUSH DWORD PTR [EBP-8]        
    ::0040D8A3:: 6A 01                      PUSH 1                        
    ::0040D8A5:: 68 04000000                PUSH 4                        
    ::0040D8AA:: 68 26000000                PUSH 26                      
    ::0040D8AF:: E8 4F070000                CALL 0040E003                
    ::0040D8B4:: E9 B4FDFFFF                JMP 0040D66D                  
    ::0040D8B9:: 8BE5                       MOV ESP,EBP                  
    ::0040D8BB:: 5D                         POP EBP                      
    ::0040D8BC:: C3                         RETN                          



至于什么ftp啊 QQ邮箱啊 163邮箱盗号这类命令我是没看见哦




    老话:是挂三分毒,或许你用过别的辅助,导致留下了某些dll文件~!

不要一用了这个就是只认这个盗号·!

Ps:


                                好了,分析就到此结束,  可能代码多了点






  
      


    
本帖de评分: 6 条评分 DB +6
DB+1 2013-09-09

惊现牛逼的大婶儿!

DB+1 2013-09-08

用墨含的源码而已.

DB+1 2013-09-08

我就问一点,为什么文件名上注明大神墨涵作品,不是在冒充大神吧

DB+1 2013-09-08

大神,挤挤

DB+1 2013-09-08

惊现大神,挤挤

DB+1 2013-09-08

无ftp  无message  无内存读取

逆天跑

ZxID:28574119

等级: 新兵
举报 只看该作者 104楼  发表于: 2013-09-11 0
@@具体点啊
太匆匆°

ZxID:23713210

等级: 大校
alone.
举报 只看该作者 103楼  发表于: 2013-09-10 0
电脑渣,表示不懂

际遇之神

惩罚

发帖后一心想要帖子火起来,付DB6给大大走后门

_________简单丶

ZxID:1183

等级: 上将
配偶: 可人
╔━━━━━━━━╗┃   简 简 单 单 丶  ┃╚━━━━━━━━╝ & ..
举报 只看该作者 102楼  发表于: 2013-09-10 0
说实话  不懂
不困与情

ZxID:27650913

等级: 中士
看毛线看
举报 只看该作者 101楼  发表于: 2013-09-10 0
看半天解析代码,好像有点多啊。
咪咪967c

ZxID:27482349

等级: 中尉
举报 只看该作者 100楼  发表于: 2013-09-09 0
不懂
s881021sc

ZxID:22504286

等级: 少校
举报 只看该作者 99楼  发表于: 2013-09-09 0
尼玛!看天书...
宿命→№

ZxID:22273318

等级: 中尉
举报 只看该作者 98楼  发表于: 2013-09-09 0
请版主和管理参与此贴!如果欧阳真被冤枉!也去请版主和管理帮欧阳正身!
zhaoruihua219

ZxID:19559835

等级: 中校
褒姒不是祸
举报 只看该作者 97楼  发表于: 2013-09-09 0
看不懂
也没用

际遇之神

奖励

捡到版主移动硬盘,要挟成功,得6DB

真相永远只有一个!
虞妹

ZxID:21828032

等级: 禁止发言
配偶: 虞弟

举报 只看该作者 96楼  发表于: 2013-09-09 0
给欧阳正身了,不错
aa923219483

ZxID:27845459

等级: 中将
举报 只看该作者 95楼  发表于: 2013-09-09 0
看不懂。现在不是初夏的都不敢用
硪伤妳叻

ZxID:23734998

等级: 少校
举报 只看该作者 94楼  发表于: 2013-09-09 0
见好就收,已经不刷了
┏KΣiㄒAツ

ZxID:25095226

等级: 中尉
Atmel
举报 只看该作者 93楼  发表于: 2013-09-09 0
这是易语言?怎么跟汇编指令差不多的。
不要在错误中消沉,人谁无错。
韩服跑跑卡丁车

ZxID:13155826

等级: 上将
猴岛:丶逝去的那些年韩服跑跑:Machino    服务器:韩服代理

举报 只看该作者 92楼  发表于: 2013-09-09 0
惊现牛逼的大婶儿!
yeji521

ZxID:26869421

等级: 上将
现在的人真JB扯淡,随便说句话,发个帖的,都有各种理由喷、骂!看来满世界都有吃了屎的狗嘴!

举报 只看该作者 91楼  发表于: 2013-09-09 0
扯淡了!!!
灰太狼b649

ZxID:20213455

等级: 上将
举报 只看该作者 90楼  发表于: 2013-09-09 0
还是没明白


0.0.
xjc9507

ZxID:29324369

等级: 列兵
举报 只看该作者 89楼  发表于: 2013-09-09 0
不清楚
qzuserc2f6

ZxID:20486341

等级: 上将
举报 只看该作者 88楼  发表于: 2013-09-09 0
看不懂
三日别非阿蒙

ZxID:12137268

等级: 中将
表哥表妹一家亲!
举报 只看该作者 87楼  发表于: 2013-09-09 0
专业帝 支持
东莞表哥hoho
三日别非阿蒙

ZxID:12137268

等级: 中将
表哥表妹一家亲!
举报 只看该作者 86楼  发表于: 2013-09-09 0
我的咋用不了···
东莞表哥hoho
« 返回列表
发帖 回复