能力值:
( LV2,RANK:10 )
|
-
-
2 楼
0056F3DA > 833D AC115600 00 CMP DWORD PTR DS:[5611AC],0
0056F3E1 55 PUSH EBP
0056F3E2 8BEC MOV EBP,ESP
0056F3E4 56 PUSH ESI
0056F3E5 57 PUSH EDI
0056F3E6 75 65 JNZ SHORT Save-N-S.0056F44D
0056F3E8 68 00010000 PUSH 100
0056F3ED E8 D80A0000 CALL Save-N-S.0056FECA
0056F3F2 83C4 04 ADD ESP,4
0056F3F5 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
0056F3F8 A3 AC115600 MOV DWORD PTR DS:[5611AC],EAX
0056F3FD 85F6 TEST ESI,ESI
0056F3FF 74 1D JE SHORT Save-N-S.0056F41E
0056F401 68 FF000000 PUSH 0FF
0056F406 50 PUSH EAX
0056F407 56 PUSH ESI
0056F408 FF15 F4D15600 CALL DWORD PTR DS:[<&KERNEL32.GetModuleF>; kernel32.GetModuleFileNameA
0056F40E 85C0 TEST EAX,EAX
0056F410 74 0C JE SHORT Save-N-S.0056F41E
0056F412 C705 9CCF5600 01>MOV DWORD PTR DS:[56CF9C],1
0056F41C EB 32 JMP SHORT Save-N-S.0056F450
0056F41E 33FF XOR EDI,EDI
0056F420 57 PUSH EDI
0056F421 893D 9CCF5600 MOV DWORD PTR DS:[56CF9C],EDI
0056F427 FF15 80D25600 CALL DWORD PTR DS:[<&KERNEL32.GetModuleH>; kernel32.GetModuleHandleA
0056F42D 8BF0 MOV ESI,EAX
0056F42F 68 FF000000 PUSH 0FF
0056F434 A1 AC115600 MOV EAX,DWORD PTR DS:[5611AC]
0056F439 897D 10 MOV DWORD PTR SS:[EBP+10],EDI
0056F43C C745 0C 01000000 MOV DWORD PTR SS:[EBP+C],1
0056F443 50 PUSH EAX
0056F444 56 PUSH ESI
0056F445 FF15 F4D15600 CALL DWORD PTR DS:[<&KERNEL32.GetModuleF>; kernel32.GetModuleFileNameA
0056F44B EB 03 JMP SHORT Save-N-S.0056F450
0056F44D 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
0056F450 E8 ABEBFFFF CALL Save-N-S.0056E000
0056F455 FF75 10 PUSH DWORD PTR SS:[EBP+10]
0056F458 FF75 0C PUSH DWORD PTR SS:[EBP+C]
0056F45B 56 PUSH ESI
0056F45C E8 06000000 CALL Save-N-S.0056F467
0056F461 5F POP EDI
0056F462 5E POP ESI
0056F463 5D POP EBP
0056F464 C2 0C00 RETN 0C
这是载入的刚开始
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
跟到这里:
0050D514 /. 55 PUSH EBP
0050D515 |. 8BEC MOV EBP,ESP
0050D517 |. B9 09000000 MOV ECX,9
0050D51C |> 6A 00 /PUSH 0
0050D51E |. 6A 00 |PUSH 0
0050D520 |. 49 |DEC ECX
0050D521 |.^75 F9 \JNZ SHORT Save-N-S.0050D51C
0050D523 |. 53 PUSH EBX
0050D524 |. 56 PUSH ESI
0050D525 |. 57 PUSH EDI
0050D526 |. B8 1CD15000 MOV EAX,Save-N-S.0050D11C
0050D52B |. E8 F499EFFF CALL Save-N-S.00406F24
0050D530 |. 8B1D 60115100 MOV EBX,DWORD PTR DS:[511160] ; Save-N-S.00513094
0050D536 |. 8B35 780E5100 MOV ESI,DWORD PTR DS:[510E78] ; Save-N-S.00512C18
0050D53C |. BF AC335100 MOV EDI,Save-N-S.005133AC
0050D541 |. 33C0 XOR EAX,EAX
0050D543 |. 55 PUSH EBP
0050D544 |. 68 5ADA5000 PUSH Save-N-S.0050DA5A
0050D549 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0050D54C |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0050D54F |. 68 04010000 PUSH 104 ; /BufSize = 104 (260.)
0050D554 |. 57 PUSH EDI ; |Buffer => Save-N-S.005133AC
0050D555 |. E8 5E9EEFFF CALL Save-N-S.004073B8 ; \GetSystemDirectoryA
0050D55A |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
0050D55D |. 8BD7 MOV EDX,EDI
0050D55F |. B9 05010000 MOV ECX,105
0050D564 |. E8 237FEFFF CALL Save-N-S.0040548C
0050D569 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
0050D56C |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
0050D56F |. E8 2033F9FF CALL Save-N-S.004A0894
0050D574 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
0050D577 |. A1 040A5100 MOV EAX,DWORD PTR DS:[510A04]
0050D57C |. E8 A37DEFFF CALL Save-N-S.00405324
0050D581 |. 68 04010000 PUSH 104 ; /BufSize = 104 (260.)
0050D586 |. 57 PUSH EDI ; |Buffer
0050D587 |. E8 749EEFFF CALL Save-N-S.00407400 ; \GetWindowsDirectoryA
0050D58C |. 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
0050D58F |. 8BD7 MOV EDX,EDI
0050D591 |. B9 05010000 MOV ECX,105
0050D596 |. E8 F17EEFFF CALL Save-N-S.0040548C
0050D59B |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
0050D59E |. 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
0050D5A1 |. E8 EE32F9FF CALL Save-N-S.004A0894
0050D5A6 |. 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
0050D5A9 |. A1 E40E5100 MOV EAX,DWORD PTR DS:[510EE4]
0050D5AE |. E8 717DEFFF CALL Save-N-S.00405324
0050D5B3 |. 57 PUSH EDI ; /Buffer
0050D5B4 |. 68 04010000 PUSH 104 ; |BufSize = 104 (260.)
0050D5B9 |. E8 0A9EEFFF CALL Save-N-S.004073C8 ; \GetTempPathA
0050D5BE |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
0050D5C1 |. 8BD7 MOV EDX,EDI
0050D5C3 |. B9 05010000 MOV ECX,105
0050D5C8 |. E8 BF7EEFFF CALL Save-N-S.0040548C
0050D5CD |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
0050D5D0 |. 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
0050D5D3 |. E8 BC32F9FF CALL Save-N-S.004A0894
0050D5D8 |. 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24]
0050D5DB |. A1 D0105100 MOV EAX,DWORD PTR DS:[5110D0]
0050D5E0 |. E8 3F7DEFFF CALL Save-N-S.00405324
0050D5E5 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
0050D5E7 |. BA 74DA5000 MOV EDX,Save-N-S.0050DA74 ; ASCII "Save-N-Sync v3.0"
0050D5EC |. E8 5FEEF7FF CALL Save-N-S.0048C450
0050D5F1 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
0050D5F3 |. E8 60F2F7FF CALL Save-N-S.0048C858
0050D5F8 |. A1 C00E5100 MOV EAX,DWORD PTR DS:[510EC0]
0050D5FD |. BA 90DA5000 MOV EDX,Save-N-S.0050DA90 ; ASCII "3.0"
0050D602 |. E8 F175EFFF CALL Save-N-S.00404BF8
0050D607 |. A1 540A5100 MOV EAX,DWORD PTR DS:[510A54]
0050D60C |. C700 04000000 MOV DWORD PTR DS:[EAX],4
0050D612 |. A1 E00F5100 MOV EAX,DWORD PTR DS:[510FE0]
0050D617 |. BA 9CDA5000 MOV EDX,Save-N-S.0050DA9C ; ASCII "January 29, 2004"
0050D61C |. E8 D775EFFF CALL Save-N-S.00404BF8
0050D621 |. A1 2C095100 MOV EAX,DWORD PTR DS:[51092C]
0050D626 |. BA B8DA5000 MOV EDX,Save-N-S.0050DAB8 ; ASCII "PSSNS30"
0050D62B |. E8 C875EFFF CALL Save-N-S.00404BF8
0050D630 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
0050D632 |. C740 0C 010000>MOV DWORD PTR DS:[EAX+C],1
0050D639 |. 8BCB MOV ECX,EBX
0050D63B |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
0050D63D |. 8B15 70864D00 MOV EDX,DWORD PTR DS:[4D8670] ; Save-N-S.004D86BC
0050D643 |. E8 28F2F7FF CALL Save-N-S.0048C870
0050D648 |. 8B0D 480B5100 MOV ECX,DWORD PTR DS:[510B48] ; Save-N-S.00512F88
0050D64E |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
0050D650 |. 8B15 D0834C00 MOV EDX,DWORD PTR DS:[4C83D0] ; Save-N-S.004C841C
0050D656 |. E8 15F2F7FF CALL Save-N-S.0048C870
0050D65B |. 8B0D 180F5100 MOV ECX,DWORD PTR DS:[510F18] ; Save-N-S.00512FAC
0050D661 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
0050D663 |. 8B15 680F4D00 MOV EDX,DWORD PTR DS:[4D0F68] ; Save-N-S.004D0FB4
0050D669 |. E8 02F2F7FF CALL Save-N-S.0048C870
0050D66E |. 8B0D 14095100 MOV ECX,DWORD PTR DS:[510914] ; Save-N-S.00512FA4
0050D674 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
0050D676 |. 8B15 7CF74C00 MOV EDX,DWORD PTR DS:[4CF77C] ; Save-N-S.004CF7C8
0050D67C |. E8 EFF1F7FF CALL Save-N-S.0048C870
0050D681 |. 8B0D B40B5100 MOV ECX,DWORD PTR DS:[510BB4] ; Save-N-S.00512F68
0050D687 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
0050D689 |. 8B15 10734C00 MOV EDX,DWORD PTR DS:[4C7310] ; Save-N-S.004C735C
0050D68F |. E8 DCF1F7FF CALL Save-N-S.0048C870
0050D694 |. 8B0D 180B5100 MOV ECX,DWORD PTR DS:[510B18] ; Save-N-S.00512F2C
0050D69A |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
0050D69C |. 8B15 60F04B00 MOV EDX,DWORD PTR DS:[4BF060] ; Save-N-S.004BF0AC
0050D6A2 |. E8 C9F1F7FF CALL Save-N-S.0048C870
0050D6A7 |. A1 C40F5100 MOV EAX,DWORD PTR DS:[510FC4]
0050D6AC |. 8038 00 CMP BYTE PTR DS:[EAX],0
0050D6AF |. 75 7D JNZ SHORT Save-N-S.0050D72E
0050D6B1 |. 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
0050D6B4 |. A1 A0105100 MOV EAX,DWORD PTR DS:[5110A0]
0050D6B9 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0050D6BB |. E8 40BBEFFF CALL Save-N-S.00409200
0050D6C0 |. 8B55 D4 MOV EDX,DWORD PTR SS:[EBP-2C]
0050D6C3 |. B8 C8DA5000 MOV EAX,Save-N-S.0050DAC8 ; ASCII "LANMAN"
用Import REC怎么dump出来的程序在XP下,一启动就死?
|
