斩魂
00895BB0 55 PUSH EBP ; push进来1个结构...,HookSendAddr00895BB1 8BEC MOV EBP,ESP
00895BB3 6A FF PUSH -0x1
00895BB5 68 1041E700 PUSH zh.00E74110
00895BBA 64:A1 00000000MOV EAX,DWORD PTR FS:
00895BC0 50 PUSH EAX
00895BC1 83EC 2C SUB ESP,0x2C
00895BC4 53 PUSH EBX
00895BC5 56 PUSH ESI
00895BC6 57 PUSH EDI
00895BC7 A1 581C2001 MOV EAX,DWORD PTR DS:
00895BCC 33C5 XOR EAX,EBP
00895BCE 50 PUSH EAX
00895BXF 8D45 F4 LEA EAX,DWORD PTR SS:
00895BD2 64:A3 00000000MOV DWORD PTR FS:,EAX
00895BD8 8BF1 MOV ESI,ECX
00895BDA 837E 10 00 CMP DWORD PTR DS:,0x0
00895BDE 75 17 JNZ Xzh.00895BF7
00895BE0 83C8 FF OR EAX,0xFFFFFFFF
00895BE3 8B4D F4 MOV ECX,DWORD PTR SS:
00895BE6 64:890D 0000000>MOV DWORD PTR FS:,ECX
00895BED 59 POP ECX
00895BEE 5F POP EDI
00895BEF 5E POP ESI
00895BF0 5B POP EBX
00895BF1 8BE5 MOV ESP,EBP
00895BF3 5D POP EBP
00895BF4 C2 0400 RETN 0x4
00895BF7 6A 01 PUSH 0x1
00895BF9 8D86 DC000000 LEA EAX,DWORD PTR DS:
00895BFF 50 PUSH EAX
00895C00 8D4D C8 LEA ECX,DWORD PTR SS:
00895C03 E8 28ADB7FF CALL zh.00410930
00895C08 8B4D 08 MOV ECX,DWORD PTR SS:
00895C0B 8B41 04 MOV EAX,DWORD PTR DS:
00895C0E 8B78 0C MOV EDI,DWORD PTR DS:
00895C11 8B50 04 MOV EDX,DWORD PTR DS:
00895C14 83C7 04 ADD EDI,0x4
00895C17 8D4D DC LEA ECX,DWORD PTR SS:
00895C1A C745 FC 0000000>MOV DWORD PTR SS:,0x0
00895C21 8955 E8 MOV DWORD PTR SS:,EDX
00895C24 897D 08 MOV DWORD PTR SS:,EDI
00895C27 E8 84E6B6FF CALL zh.004042B0
00895C2C 8B4D E0 MOV ECX,DWORD PTR SS:
00895C2F 57 PUSH EDI
00895C30 C645 FC 01 MOV BYTE PTR SS:,0x1
00895C34 E8 87B3B7FF CALL zh.00410FC0
00895C39 8B4D E0 MOV ECX,DWORD PTR SS:
00895C3C E8 6FCC2B00 CALL zh.?depth_total@StackTraceTable@tcm>
00895C41 8B9E F4000000 MOV EBX,DWORD PTR DS:
00895C47 339E F0000000 XOR EBX,DWORD PTR DS:
00895C4D 8945 EC MOV DWORD PTR SS:,EAX
00895C50 90 NOP
00895C51 E8 3C912978 CALL MSVCR100.rand
00895C56 69C0 05840808 IMUL EAX,EAX,0x8088405
00895C5C 8BC8 MOV ECX,EAX
00895C5E C1E1 10 SHL ECX,0x10
00895C61 0BC8 OR ECX,EAX
00895C63 898E F4000000 MOV DWORD PTR DS:,ECX
00895C69 33CB XOR ECX,EBX
00895C6B 898E F0000000 MOV DWORD PTR DS:,ECX
00895C71 E8 FAD4B7FF CALL zh.00413170
00895C76 8BBE F4000000 MOV EDI,DWORD PTR DS:
00895C7C 33BE F0000000 XOR EDI,DWORD PTR DS:
00895C82 8945 F0 MOV DWORD PTR SS:,EAX
00895C85 90 NOP
00895C86 E8 07912978 CALL MSVCR100.rand
00895C8B 69C0 05840808 IMUL EAX,EAX,0x8088405
00895C91 8BC8 MOV ECX,EAX
00895C93 C1E1 10 SHL ECX,0x10
00895C96 0BC8 OR ECX,EAX
00895C98 8B45 F0 MOV EAX,DWORD PTR SS:
00895C9B 898E F4000000 MOV DWORD PTR DS:,ECX
00895CA1 33XF XOR ECX,EDI
00895CA3 898E F0000000 MOV DWORD PTR DS:,ECX
00895CA9 3BC7 CMP EAX,EDI
00895CAB 77 38 JA Xzh.00895CE5
00895CAD 8BBE F4000000 MOV EDI,DWORD PTR DS:
00895CB3 33F9 XOR EDI,ECX
00895CB5 90 NOP
00895CB6 E8 D7902978 CALL MSVCR100.rand
00895CBB 69C0 05840808 IMUL EAX,EAX,0x8088405
00895CC1 8BC8 MOV ECX,EAX
00895CC3 C1E1 10 SHL ECX,0x10
00895CC6 0BC8 OR ECX,EAX
00895CC8 898E F4000000 MOV DWORD PTR DS:,ECX
00895CCE 33XF XOR ECX,EDI
00895CD0 898E F0000000 MOV DWORD PTR DS:,ECX
00895CD6 47 INC EDI
00895CD7 33BE F4000000 XOR EDI,DWORD PTR DS:
00895CDD 89BE F0000000 MOV DWORD PTR DS:,EDI
00895CE3 EB 0E JMP Xzh.00895XF3
00895CE5 8B8E F4000000 MOV ECX,DWORD PTR DS:
00895CEB 33C8 XOR ECX,EAX
00895CED 898E F0000000 MOV DWORD PTR DS:,ECX
00895XF3 8BBE F4000000 MOV EDI,DWORD PTR DS:
00895XF9 33BE F0000000 XOR EDI,DWORD PTR DS:
00895XFF 90 NOP
00895D00 E8 8D902978 CALL MSVCR100.rand
00895D05 69C0 05840808 IMUL EAX,EAX,0x8088405
00895D0B 8BC8 MOV ECX,EAX
00895D0D C1E1 10 SHL ECX,0x10
00895D10 0BC8 OR ECX,EAX
00895D12 8B45 EC MOV EAX,DWORD PTR SS:
00895D15 53 PUSH EBX
00895D16 57 PUSH EDI
00895D17 898E F4000000 MOV DWORD PTR DS:,ECX
00895D1D 33XF XOR ECX,EDI
00895D1F 8D55 08 LEA EDX,DWORD PTR SS:
00895D22 52 PUSH EDX
00895D23 8B55 E8 MOV EDX,DWORD PTR SS:
00895D26 898E F0000000 MOV DWORD PTR DS:,ECX
00895D2C 8B4D 08 MOV ECX,DWORD PTR SS:
00895D2F 50 PUSH EAX
00895D30 51 PUSH ECX
00895D31 52 PUSH EDX
00895D32 E8 19F4FFFF CALL zh.00895150
00895D37 83C4 18 ADD ESP,0x18
00895D3A 84C0 TEST AL,AL
00895D3C 75 4A JNZ Xzh.00895D88
00895D3E 68 247XF500 PUSH zh.00F57C24 ; ASCII "tcp_client::send encrypt failed.
"
00895D43 90 NOP
00895D44 E8 3BF82678 CALL MSVCR100.printf
00895D49 83C4 04 ADD ESP,0x4
00895D4C 8D4D DC LEA ECX,DWORD PTR SS:
00895D4F C645 FC 00 MOV BYTE PTR SS:,0x0
00895D53 E8 28E6B6FF CALL zh.00404380
00895D58 8D4D D0 LEA ECX,DWORD PTR SS:
00895D5B C745 FC FFFFFFF>MOV DWORD PTR SS:,-0x1
00895D62 E8 D9ACB7FF CALL zh.00410A40
00895D67 8D4D D0 LEA ECX,DWORD PTR SS:
00895D6A E8 41E8B6FF CALL zh.004045B0
00895D6F B8 03000000 MOV EAX,0x3
00895D74 8B4D F4 MOV ECX,DWORD PTR SS:
00895D77 64:890D 0000000>MOV DWORD PTR FS:,ECX
00895D7E 59 POP ECX
00895D7F 5F POP EDI
00895D80 5E POP ESI
00895D81 5B POP EBX
00895D82 8BE5 MOV ESP,EBP
00895D84 5D POP EBP
00895D85 C2 0400 RETN 0x4
00895D88 8B4E 48 MOV ECX,DWORD PTR DS:
00895D8B 6A 00 PUSH 0x0
00895D8D 6A 00 PUSH 0x0
00895D8F 8D45 DC LEA EAX,DWORD PTR SS:
00895D92 50 PUSH EAX
00895D93 E8 78ABB9FF CALL zh.00430910 ; ****
00895D98 8D4D DC LEA ECX,DWORD PTR SS:
00895D9B 8BF0 MOV ESI,EAX
00895D9D C645 FC 00 MOV BYTE PTR SS:,0x0
00895DA1 E8 DAE5B6FF CALL zh.00404380
00895DA6 8D4D D0 LEA ECX,DWORD PTR SS:
00895DA9 C745 FC FFFFFFF>MOV DWORD PTR SS:,-0x1
00895DB0 E8 8BACB7FF CALL zh.00410A40
00895DB5 8D4D D0 LEA ECX,DWORD PTR SS:
00895DB8 E8 F3E7B6FF CALL zh.004045B0
00895DBD 8BC6 MOV EAX,ESI
00895DBF 8B4D F4 MOV ECX,DWORD PTR SS:
00895DC2 64:890D 0000000>MOV DWORD PTR FS:,ECX
00895DC9 59 POP ECX
00895DCA 5F POP EDI
00895DCB 5E POP ESI
00895DCC 5B POP EBX
00895DCD 8BE5 MOV ESP,EBP
00895DXF 5D POP EBP
00895DD0 C2 0400 RETN 0x4
->
00847600 55 PUSH EBP
00847601 8BEC MOV EBP,ESP
00847603 6A FF PUSH -0x1
00847605 68 F0CCE600 PUSH zh.00E6CXF0
0084760A 64:A1 00000000MOV EAX,DWORD PTR FS:
00847610 50 PUSH EAX
00847611 83EC 30 SUB ESP,0x30
00847614 53 PUSH EBX
00847615 56 PUSH ESI
00847616 57 PUSH EDI
00847617 A1 581C2001 MOV EAX,DWORD PTR DS:
0084761C 33C5 XOR EAX,EBP
0084761E 50 PUSH EAX
0084761F 8D45 F4 LEA EAX,DWORD PTR SS:
00847622 64:A3 00000000MOV DWORD PTR FS:,EAX
00847628 8BF9 MOV EDI,ECX
0084762A 8D4D C4 LEA ECX,DWORD PTR SS:
0084762D E8 3EA2FFFF CALL zh.00841870
00847632 8D4D DC LEA ECX,DWORD PTR SS:
00847635 51 PUSH ECX
00847636 8BC8 MOV ECX,EAX
00847638 C745 FC 0000000>MOV DWORD PTR SS:,0x0
0084763F E8 3C17FFFF CALL zh.00838D80
00847644 8B5D E4 MOV EBX,DWORD PTR SS:
00847647 8B75 E0 MOV ESI,DWORD PTR SS:
0084764A C645 FC 01 MOV BYTE PTR SS:,0x1
0084764E C745 D0 F448F50>MOV DWORD PTR SS:,zh.00F548F4
00847655 8975 D4 MOV DWORD PTR SS:,ESI
00847658 895D D8 MOV DWORD PTR SS:,EBX
0084765B 85DB TEST EBX,EBX
0084765D 74 07 JE Xzh.00847666
0084765F 8BCB MOV ECX,EBX
00847661 E8 5ACEBBFF CALL zh.004044C0
00847666 C645 FC 03 MOV BYTE PTR SS:,0x3
0084766A 85DB TEST EBX,EBX
0084766C 74 07 JE Xzh.00847675
0084766E 8BCB MOV ECX,EBX
00847670 E8 8BCEBBFF CALL zh.00404500
00847675 8B4D CC MOV ECX,DWORD PTR SS:
00847678 C645 FC 04 MOV BYTE PTR SS:,0x4
0084767C C745 C4 F448F50>MOV DWORD PTR SS:,zh.00F548F4
00847683 85C9 TEST ECX,ECX
00847685 74 05 JE Xzh.0084768C
00847687 E8 74CEBBFF CALL zh.00404500
0084768C 66:8B55 08 MOV DX,WORD PTR SS:
00847690 8B45 10 MOV EAX,DWORD PTR SS:
00847693 66:8956 06 MOV WORD PTR DS:,DX
00847697 8B55 0C MOV EDX,DWORD PTR SS:
0084769A 8946 08 MOV DWORD PTR DS:,EAX
0084769D 8BC2 MOV EAX,EDX
0084769F 8D58 01 LEA EBX,DWORD PTR DS:
008476A2 8D4E 10 LEA ECX,DWORD PTR DS:
008476A5 895D 08 MOV DWORD PTR SS:,EBX
008476A8 8A18 MOV BL,BYTE PTR DS:
008476AA 40 INC EAX
008476AB 84DB TEST BL,BL
008476AD^ 75 F9 JNZ Xzh.008476A8
008476AF 2B45 08 SUB EAX,DWORD PTR SS:
008476B2 50 PUSH EAX
008476B3 52 PUSH EDX
008476B4 E8 27B4BBFF CALL zh.00402AE0
008476B9 8B16 MOV EDX,DWORD PTR DS:
008476BB 8D4D E8 LEA ECX,DWORD PTR SS:
008476BE 51 PUSH ECX
008476BF 8B4A 08 MOV ECX,DWORD PTR DS:
008476C2 03CE ADD ECX,ESI
008476C4 E8 5768EXFF CALL zh.0070DF20
008476C9 8B0F MOV ECX,DWORD PTR DS:
008476CB 8B49 08 MOV ECX,DWORD PTR DS:
008476CE 8D45 E8 LEA EAX,DWORD PTR SS:
008476D1 50 PUSH EAX
008476D2 03XF ADD ECX,EDI
008476D4 C645 FC 05 MOV BYTE PTR SS:,0x5
008476D8 E8 D3E40400 CALL zh.00895BB0 ; **喊话调用**
008476DD 8B4D F0 MOV ECX,DWORD PTR SS:
008476E0 85C0 TEST EAX,EAX
008476E2 0F94C3 SETE BL
008476E5 C645 FC 04 MOV BYTE PTR SS:,0x4
008476E9 C745 E8 605XF20>MOV DWORD PTR SS:,zh.00F25C60
008476F0 85C9 TEST ECX,ECX
008476F2 74 05 JE Xzh.008476F9
008476F4 E8 07CEBBFF CALL zh.00404500
008476F9 8B4D E4 MOV ECX,DWORD PTR SS:
008476FC C745 FC FFFFFFF>MOV DWORD PTR SS:,-0x1
00847703 85C9 TEST ECX,ECX
00847705 74 05 JE Xzh.0084770C
00847707 E8 F4CDBBFF CALL zh.00404500
0084770C 8AC3 MOV AL,BL
0084770E 8B4D F4 MOV ECX,DWORD PTR SS:
00847711 64:890D 0000000>MOV DWORD PTR FS:,ECX
00847718 59 POP ECX
00847719 5F POP EDI
0084771A 5E POP ESI
0084771B 5B POP EBX
0084771C 8BE5 MOV ESP,EBP
0084771E 5D POP EBP
0084771F C2 0C00 RETN 0xC
帮你顶.... 学习一下了..... 过来看看的 看帖不能灌水啊,回复是美德 看看 再说 拿分 我抢、我抢、我抢沙发~ 强烈支持楼主ing…… 纯粹路过,没任何兴趣,仅仅是看在老用户份上回复一下 发发呆,回回帖,工作结束~
页:
[1]
2