通过堆栈调用转到跳出窗口的代码串。然后就死活找不到关键CALL和跳。。。看了无数教程,还是不太明白~~求大大们指点,拜谢
00458646 /. 55 push ebp
00458647 |. 8BEC mov ebp,esp
00458649 |. 83EC 30 sub esp,0x30
0045864C |. 53 push ebx
0045864D |. 56 push esi
0045864E |. 57 push edi
0045864F |. 8B7D 08 mov edi,[arg.1]
00458652 |. 8B47 08 mov eax,dword ptr ds:[edi+0x8]
00458655 |. 894D F8 mov [local.2],ecx
00458658 |. 8B4F 04 mov ecx,dword ptr ds:[edi+0x4]
0045865B |. 8945 F4 mov [local.3],eax
0045865E |. 8B41 04 mov eax,dword ptr ds:[ecx+0x4]
00458661 |. 50 push eax
00458662 |. E8 F9A7FFFF call 夺宝岛4_.00452E60
00458667 |. 8B50 04 mov edx,dword ptr ds:[eax+0x4]
0045866A |. 8B30 mov esi,dword ptr ds:[eax]
0045866C |. 8B48 08 mov ecx,dword ptr ds:[eax+0x8]
0045866F |. 8B40 0C mov eax,dword ptr ds:[eax+0xC]
00458672 |. FF00 inc dword ptr ds:[eax]
00458674 |. 8955 D4 mov [local.11],edx
00458677 |. 8B57 04 mov edx,dword ptr ds:[edi+0x4]
0045867A |. 8945 DC mov [local.9],eax
0045867D |. 8B42 08 mov eax,dword ptr ds:[edx+0x8]
00458680 |. 50 push eax
00458681 |. 8975 D0 mov [local.12],esi
00458684 |. 894D D8 mov [local.10],ecx
00458687 |. E8 D4A7FFFF call 夺宝岛4_.00452E60
0045868C |. 8B08 mov ecx,dword ptr ds:[eax]
0045868E |. 8B50 04 mov edx,dword ptr ds:[eax+0x4]
00458691 |. 894D E0 mov [local.8],ecx
00458694 |. 8B48 08 mov ecx,dword ptr ds:[eax+0x8]
00458697 |. 8B40 0C mov eax,dword ptr ds:[eax+0xC]
0045869A |. FF00 inc dword ptr ds:[eax]
0045869C |. 8955 E4 mov [local.7],edx
0045869F |. 8B57 04 mov edx,dword ptr ds:[edi+0x4]
004586A2 |. 894D E8 mov [local.6],ecx
004586A5 |. 8B0A mov ecx,dword ptr ds:[edx]
004586A7 |. 8945 EC mov [local.5],eax
004586AA |. 33DB xor ebx,ebx
004586AC |. E8 3F42FBFF call 夺宝岛4_.0040C8F0
004586B1 |. 83F8 FF cmp eax,-0x1
004586B4 74 24 je X夺宝岛4_.004586DA
004586B6 |. 8B47 04 mov eax,dword ptr ds:[edi+0x4]
004586B9 |. 8B00 mov eax,dword ptr ds:[eax]
004586BB |. 50 push eax
004586BC |. 8945 08 mov [arg.1],eax
004586BF |. E8 CA23FFFF call 夺宝岛4_.0044AA8E
004586C4 |. 84C0 test al,al
004586C6 75 12 jnz X夺宝岛4_.004586DA
004586C8 |. 8B4D 08 mov ecx,[arg.1]
004586CB |. E8 2042FBFF call 夺宝岛4_.0040C8F0
004586D0 |. 0D 00000100 or eax,0x10000
004586D5 |. 8945 FC mov [local.1],eax
004586D8 |. EB 03 jmp X夺宝岛4_.004586DD
004586DA |> 895D FC mov [local.1],ebx
004586DD |> 8B4F 04 mov ecx,dword ptr ds:[edi+0x4]
004586E0 |. 8B51 04 mov edx,dword ptr ds:[ecx+0x4]
004586E3 |. 52 push edx
004586E4 |. E8 A523FFFF call 夺宝岛4_.0044AA8E
004586E9 |. 84C0 test al,al
004586EB 74 14 je X夺宝岛4_.00458701
004586ED |. 8B45 F8 mov eax,[local.2]
004586F0 |. 05 B8000000 add eax,0xB8
004586F5 |. 50 push eax
004586F6 |. 8D75 D0 lea esi,[local.12]
004586F9 |. E8 125DFBFF call 夺宝岛4_.0040E410
004586FE |. 8B75 D0 mov esi,[local.12]
00458701 |> 817D E4 00400>cmp [local.7],0x4000
00458708 |. 76 11 jbe X夺宝岛4_.0045871B
0045870A |. 68 00400000 push 0x4000
0045870F |. 8D4D E0 lea ecx,[local.8]
00458712 |. 51 push ecx
00458713 |. 83C8 FF or eax,0xFFFFFFFF
00458716 |. E8 8541FBFF call 夺宝岛4_.0040C8A0
0045871B |> 837D F4 05 cmp [local.3],0x5
0045871F |. 72 0E jb X夺宝岛4_.0045872F
00458721 |. 8B57 04 mov edx,dword ptr ds:[edi+0x4]
00458724 |. 8B42 10 mov eax,dword ptr ds:[edx+0x10]
00458727 |. 50 push eax
00458728 |. E8 F128FFFF call 夺宝岛4_.0044B01E
0045872D |. 8BD8 mov ebx,eax
0045872F |> 837F 08 04 cmp dword ptr ds:[edi+0x8],0x4
00458733 |. 72 60 jb X夺宝岛4_.00458795
00458735 |. 8B47 04 mov eax,dword ptr ds:[edi+0x4]
00458738 |. 8B78 0C mov edi,dword ptr ds:[eax+0xC]
0045873B |. 57 push edi
0045873C |. E8 4D23FFFF call 夺宝岛4_.0044AA8E
00458741 |. 84C0 test al,al
00458743 75 50 jnz X夺宝岛4_.00458795
00458745 |. 8BCF mov ecx,edi
00458747 |. E8 F435FBFF call 夺宝岛4_.0040BD40
0045874C |. DD05 D0BD4800 fld qword ptr ds:[0x48BDD0]
00458752 |. D8D9 fcomp st(1)
00458754 |. DFE0 fstsw ax
00458756 |. F6C4 41 test ah,0x41
00458759 |. 75 04 jnz X夺宝岛4_.0045875F
0045875B |. DDD8 fstp st
0045875D |. D9EE fldz
0045875F |> DC0D 98BD4800 fmul qword ptr ds:[0x48BD98]
00458765 |. 8B55 FC mov edx,[local.1]
00458768 |. D97D 0A fstcw word ptr ss:[ebp+0xA]
0045876B |. 0FB745 0A movzx eax,word ptr ss:[ebp+0xA]
0045876F |. 0D 000C0000 or eax,0xC00
00458774 |. 8945 F4 mov [local.3],eax
00458777 |. 8B45 E0 mov eax,[local.8]
0045877A |. D96D F4 fldcw word ptr ss:[ebp-0xC]
0045877D |. DF7D F0 fistp qword ptr ss:[ebp-0x10]
00458780 |. 8B4D F0 mov ecx,[local.4]
00458783 |. 51 push ecx
00458784 |. 52 push edx
00458785 |. D96D 0A fldcw word ptr ss:[ebp+0xA]
00458788 |. 56 push esi
00458789 |. 50 push eax
0045878A |. 53 push ebx
0045878B |. E8 3DB2FEFF call 夺宝岛4_.004439CD
00458790 |. 83C4 14 add esp,0x14
00458793 |. EB 10 jmp X夺宝岛4_.004587A5
00458795 |> 8B4D FC mov ecx,[local.1]
00458798 |. 8B55 E0 mov edx,[local.8]
0045879B |. 51 push ecx ; /Style
0045879C |. 56 push esi ; |Title
0045879D |. 52 push edx ; |Text
0045879E |. 53 push ebx ; |hOwner
0045879F |. FF15 70164800 call dword ptr ds:[<&USER32.MessageBoxW>>; \MessageBoxW
004587A5 |> 8B75 0C mov esi,[arg.2]
004587A8 |. 8BF8 mov edi,eax
004587AA |. E8 310AFBFF call 夺宝岛4_.004091E0
004587AF |. 8D4D E0 lea ecx,[local.8]
004587B2 |. 893E mov dword ptr ds:[esi],edi
004587B4 |. C746 08 01000>mov dword ptr ds:[esi+0x8],0x1
004587BB |. E8 A09AFAFF call 夺宝岛4_.00402260
004587C0 |. 8D4D D0 lea ecx,[local.12]
004587C3 |. E8 989AFAFF call 夺宝岛4_.00402260
004587C8 |. 5F pop edi
004587C9 |. 5E pop esi
004587CA |. 33C0 xor eax,eax
004587CC |. 5B pop ebx
004587CD |. 8BE5 mov esp,ebp
004587CF |. 5D pop ebp
004587D0 \. C2 0800 retn 0x8
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
