[求助]Visual FoxPro加壳-付费问答-看雪-安全社区|安全招聘|kanxue.com

最新回复 (1)
wofeixiang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 4 粉丝 0 关注私信	wofeixiang 2 楼请高手指点指点吧，对于菜鸟来说就像天书一样，根本找不到关键点！ 00401000 /$ 8B0D AC314000 mov ecx, dword ptr [4031AC] 00401006 \|. E8 7C000000 call 00401087 0040100B \|. 8A15 E0324000 mov dl, byte ptr [4032E0] 00401011 \|. 8A0D E6334000 mov cl, byte ptr [4033E6] 00401017 \|. 84D2 test dl, dl 00401019 \|. 75 0C jnz short 00401027 0040101B \|. 84C9 test cl, cl 0040101D \|. 75 08 jnz short 00401027 0040101F \|. 6A 02 push 2 00401021 \|. 83C9 FF or ecx, FFFFFFFF 00401024 \|. 5A pop edx 00401025 \|. EB 54 jmp short 0040107B 00401027 \|> 83C8 FF or eax, FFFFFFFF 0040102A \|. 84C9 test cl, cl 0040102C \|. A3 C8324000 mov dword ptr [4032C8], eax 00401031 \|. 74 08 je short 0040103B 00401033 \|. 6A 01 push 1 00401035 \|. 58 pop eax 00401036 \|. A3 C8324000 mov dword ptr [4032C8], eax 0040103B \|> 84D2 test dl, dl 0040103D \|. 74 14 je short 00401053 0040103F \|. 833D 90314000>cmp dword ptr [403190], 0 00401046 \|. 75 04 jnz short 0040104C 00401048 \|. 84C9 test cl, cl 0040104A \|. 75 07 jnz short 00401053 0040104C \|> 33C0 xor eax, eax 0040104E \|. A3 C8324000 mov dword ptr [4032C8], eax 00401053 \|> 83F8 FF cmp eax, -1 00401056 \|. 74 28 je short 00401080 00401058 \|. 69C0 06010000 imul eax, eax, 106 0040105E \|. 05 E0324000 add eax, 004032E0 00401063 \|. 6A 00 push 0 ; /amode = 0 00401065 \|. 50 push eax ; \|path 00401066 \|. FF15 58204000 call dword ptr [<&MSVCRT._access>] ; \_access 0040106C \|. 59 pop ecx 0040106D \|. 85C0 test eax, eax 0040106F \|. 59 pop ecx 00401070 \|. 74 11 je short 00401083 00401072 \|. 8B0D C8324000 mov ecx, dword ptr [4032C8] 00401078 \|. 6A 02 push 2 0040107A \|. 5A pop edx 0040107B \|> E8 F8020000 call 00401378 00401080 \|> 33C0 xor eax, eax 00401082 \|. C3 retn 00401083 \|> 6A 01 push 1 00401085 \|. 58 pop eax 00401086 \. C3 retn 00401087 /$ 55 push ebp 00401088 \|. 8BEC mov ebp, esp 0040108A \|. 81EC 1C010000 sub esp, 11C 00401090 \|. 53 push ebx 00401091 \|. 8365 FC 00 and dword ptr [ebp-4], 0 00401095 \|. 56 push esi 00401096 \|. 57 push edi 00401097 \|. 6A 01 push 1 00401099 \|. 5B pop ebx 0040109A \|. 8BD3 mov edx, ebx 0040109C \|. 8BCB mov ecx, ebx 0040109E \|. E8 13020000 call 004012B6 004010A3 \|. 803D E6334000>cmp byte ptr [4033E6], 0 004010AA \|. 8B3D 58204000 mov edi, dword ptr [<&MSVCRT._access>; MSVCRT._access 004010B0 \|. 75 3A jnz short 004010EC 004010B2 \|. BE E6334000 mov esi, 004033E6 004010B7 \|. B9 18304000 mov ecx, 00403018 ; ASCII "VisualFoxProRuntime.6" 004010BC \|. 8BD6 mov edx, esi 004010BE \|. E8 BB000000 call 0040117E 004010C3 \|. 85C0 test eax, eax 004010C5 \|. 74 25 je short 004010EC 004010C7 \|. 6A 00 push 0 004010C9 \|. 56 push esi 004010CA \|. 895D FC mov dword ptr [ebp-4], ebx 004010CD \|. FFD7 call edi 004010CF \|. 59 pop ecx 004010D0 \|. 85C0 test eax, eax 004010D2 \|. 59 pop ecx 004010D3 \|. 74 17 je short 004010EC 004010D5 \|. 8025 E6334000>and byte ptr [4033E6], 0 004010DC \|. 8BD3 mov edx, ebx 004010DE \|. 8BCB mov ecx, ebx 004010E0 \|. C745 FC 02000>mov dword ptr [ebp-4], 2 004010E7 \|. E8 CA010000 call 004012B6 004010EC \|> 837D FC 02 cmp dword ptr [ebp-4], 2 004010F0 \|. 0F84 83000000 je 00401179 004010F6 \|. 803D E6334000>cmp byte ptr [4033E6], 0 004010FD \|. 75 7A jnz short 00401179 004010FF \|. 8D85 E4FEFFFF lea eax, dword ptr [ebp-11C] 00401105 \|. 68 04010000 push 104 ; /BufSize = 104 (260.) 0040110A \|. 50 push eax ; \|Buffer 0040110B \|. FF15 38204000 call dword ptr [<&KERNEL32.GetSystemD>; \GetSystemDirectoryA 00401111 \|. 85C0 test eax, eax 00401113 \|. 74 52 je short 00401167 00401115 \|. 83C0 0C add eax, 0C 00401118 \|. 3D 05010000 cmp eax, 105 0040111D \|. 7F 48 jg short 00401167 0040111F \|. 8B35 3C204000 mov esi, dword ptr [<&KERNEL32.lstrc>; kernel32.lstrcatA 00401125 \|. 8D85 E4FEFFFF lea eax, dword ptr [ebp-11C] 0040112B \|. 68 14304000 push 00403014 ; /StringToAdd = "\" 00401130 \|. 50 push eax ; \|ConcatString 00401131 \|. FFD6 call esi ; \lstrcatA 00401133 \|. 8BCB mov ecx, ebx 00401135 \|. E8 55010000 call 0040128F 0040113A \|. 50 push eax 0040113B \|. 8D85 E4FEFFFF lea eax, dword ptr [ebp-11C] 00401141 \|. 50 push eax 00401142 \|. FFD6 call esi 00401144 \|. 8D85 E4FEFFFF lea eax, dword ptr [ebp-11C] 0040114A \|. 6A 00 push 0 0040114C \|. 50 push eax 0040114D \|. FFD7 call edi 0040114F \|. 59 pop ecx 00401150 \|. 85C0 test eax, eax 00401152 \|. 59 pop ecx 00401153 \|. 75 12 jnz short 00401167 00401155 \|. 8D85 E4FEFFFF lea eax, dword ptr [ebp-11C] 0040115B \|. 50 push eax ; /String2 0040115C \|. 68 E6334000 push 004033E6 ; \|String1 = 汽车公告.004033E6 00401161 \|. FF15 40204000 call dword ptr [<&KERNEL32.lstrcpyA>] ; \lstrcpyA 00401167 \|> 803D E6334000>cmp byte ptr [4033E6], 0 0040116E \|. 75 09 jnz short 00401179 00401170 \|. 8BD3 mov edx, ebx 00401172 \|. 8BCB mov ecx, ebx 00401174 \|. E8 3D010000 call 004012B6 00401179 \|> 5F pop edi 0040117A \|. 5E pop esi 0040117B \|. 5B pop ebx 0040117C \|. C9 leave 0040117D \. C3 retn 0040117E /$ 55 push ebp 0040117F \|. 8BEC mov ebp, esp 00401181 \|. 81EC 10020000 sub esp, 210 00401187 \|. 56 push esi 00401188 \|. 8D45 FC lea eax, dword ptr [ebp-4] 0040118B \|. 57 push edi 0040118C \|. 50 push eax ; /pHandle 0040118D \|. 6A 00 push 0 ; \|Subkey = NULL 0040118F \|. 8955 F4 mov dword ptr [ebp-C], edx ; \| 00401192 \|. 8BF1 mov esi, ecx ; \| 00401194 \|. 68 00000080 push 80000000 ; \|hKey = HKEY_CLASSES_ROOT 00401199 \|. FF15 04204000 call dword ptr [<&ADVAPI32.RegOpenKey>; \RegOpenKeyA 0040119F \|. 85C0 test eax, eax 004011A1 \|. 75 51 jnz short 004011F4 004011A3 \|. 8D85 F0FEFFFF lea eax, dword ptr [ebp-110] 004011A9 \|. 56 push esi ; /String2 004011AA \|. 50 push eax ; \|String1 004011AB \|. FF15 40204000 call dword ptr [<&KERNEL32.lstrcpyA>] ; \lstrcpyA 004011B1 \|. 8D85 F0FEFFFF lea eax, dword ptr [ebp-110] 004011B7 \|. 68 30304000 push 00403030 ; /StringToAdd = "\Shell\Open\Command" 004011BC \|. 50 push eax ; \|ConcatString 004011BD \|. FF15 3C204000 call dword ptr [<&KERNEL32.lstrcatA>] ; \lstrcatA 004011C3 \|. 8D45 F0 lea eax, dword ptr [ebp-10] 004011C6 \|. C745 F0 05010>mov dword ptr [ebp-10], 105 004011CD \|. 50 push eax ; /pValueSize 004011CE \|. 8D85 F0FDFFFF lea eax, dword ptr [ebp-210] ; \| 004011D4 \|. 50 push eax ; \|Value 004011D5 \|. 8D85 F0FEFFFF lea eax, dword ptr [ebp-110] ; \| 004011DB \|. 50 push eax ; \|Subkey 004011DC \|. FF75 FC push dword ptr [ebp-4] ; \|hKey 004011DF \|. FF15 00204000 call dword ptr [<&ADVAPI32.RegQueryVa>; \RegQueryValueA 004011E5 \|. 8BF0 mov esi, eax 004011E7 \|. FF75 FC push dword ptr [ebp-4] ; /hKey 004011EA \|. FF15 08204000 call dword ptr [<&ADVAPI32.RegCloseKe>; \RegCloseKey 004011F0 \|. 85F6 test esi, esi 004011F2 \|. 74 07 je short 004011FB 004011F4 \|> 33C0 xor eax, eax 004011F6 \|. E9 90000000 jmp 0040128B 004011FB \|> 80BD F0FDFFFF>cmp byte ptr [ebp-210], 0 00401202 \|. 8B3D 94204000 mov edi, dword ptr [<&MSVCRT._isctyp>; MSVCRT._isctype 00401208 \|. 8DB5 F0FDFFFF lea esi, dword ptr [ebp-210] 0040120E \|. 74 31 je short 00401241 00401210 \|> A1 98204000 /mov eax, dword ptr [<&MSVCRT.__mb_c> 00401215 \|. 8338 01 \|cmp dword ptr [eax], 1 00401218 \|. 7E 0C \|jle short 00401226 0040121A \|. 0FBE06 \|movsx eax, byte ptr [esi] 0040121D 68 00010000 push 100 00401222 \|. 59 \|pop ecx 00401223 \|. 59 \|pop ecx 00401224 \|. EB 11 \|jmp short 00401237 00401226 \|> 8B0D 90204000 \|mov ecx, dword ptr [<&MSVCRT._pctyp>; MSVCRT._pctype 0040122C \|. 0FBE06 \|movsx eax, byte ptr [esi] 0040122F \|. 8B09 \|mov ecx, dword ptr [ecx] 00401231 \|. 8A0441 \|mov al, byte ptr [ecx+eax2] 00401234 \|. 83E0 08 \|and eax, 8 00401237 \|> 85C0 \|test eax, eax 00401239 \|. 74 06 \|je short 00401241 0040123B \|. 46 \|inc esi 0040123C \|. 803E 00 \|cmp byte ptr [esi], 0 0040123F \|.^ 75 CF \jnz short 00401210 00401241 \|> 8975 F8 mov dword ptr [ebp-8], esi 00401244 \|> 8A06 /mov al, byte ptr [esi] 00401246 \|. 84C0 \|test al, al 00401248 \|. 74 2F \|je short 00401279 0040124A \|. 8B0D 98204000 \|mov ecx, dword ptr [<&MSVCRT.__mb_c>; MSVCRT.__mb_cur_max 00401250 \|. 8339 01 \|cmp dword ptr [ecx], 1 00401253 \|. 7E 0C \|jle short 00401261 00401255 \|. 0FBEC0 \|movsx eax, al 00401258 68 00010000 push 100 0040125D \|. 59 \|pop ecx 0040125E \|. 59 \|pop ecx 0040125F \|. EB 11 \|jmp short 00401272 00401261 \|> 8B0D 90204000 \|mov ecx, dword ptr [<&MSVCRT._pctyp>; MSVCRT._pctype 00401267 \|. 0FBEC0 \|movsx eax, al 0040126A \|. 8B09 \|mov ecx, dword ptr [ecx] 0040126C \|. 8A0441 \|mov al, byte ptr [ecx+eax2] 0040126F \|. 83E0 08 \|and eax, 8 00401272 \|> 85C0 \|test eax, eax 00401274 \|. 75 03 \|jnz short 00401279 00401276 \|. 46 \|inc esi 00401277 \|.^ EB CB \jmp short 00401244 00401279 \|> FF75 F8 push dword ptr [ebp-8] ; /String2 0040127C \|. 8026 00 and byte ptr [esi], 0 ; \| 0040127F \|. FF75 F4 push dword ptr [ebp-C] ; \|String1 00401282 \|. FF15 40204000 call dword ptr [<&KERNEL32.lstrcpyA>] ; \lstrcpyA 00401288 \|. 6A 01 push 1 0040128A \|. 58 pop eax 0040128B \|> 5F pop edi 0040128C \|. 5E pop esi 0040128D \|. C9 leave 0040128E \. C3 retn 0040128F /$ 56 push esi 00401290 \|. BE 90304000 mov esi, 00403090 00401295 \|. 68 00010000 push 100 ; /Count = 100 (256.) 0040129A \|. 56 push esi ; \|Buffer => 汽车公告.00403090 0040129B \|. 51 push ecx ; \|RsrcID 0040129C \|. FF35 AC314000 push dword ptr [4031AC] ; \|hInst = NULL 004012A2 \|. FF15 AC204000 call dword ptr [<&USER32.LoadStringA>>; \LoadStringA 004012A8 \|. 85C0 test eax, eax 004012AA \|. 75 06 jnz short 004012B2 004012AC \|. 2005 90304000 and byte ptr [403090], al 004012B2 \|> 8BC6 mov eax, esi 004012B4 \|. 5E pop esi 004012B5 \. C3 retn 004012B6 /$ 55 push ebp 004012B7 \|. 8BEC mov ebp, esp 004012B9 \|. 81EC 1C010000 sub esp, 11C 004012BF \|. 69C9 06010000 imul ecx, ecx, 106 004012C5 \|. 80B9 E0324000>cmp byte ptr [ecx+4032E0], 0 004012CC \|. 53 push ebx 004012CD \|. 8D99 E0324000 lea ebx, dword ptr [ecx+4032E0] 004012D3 \|. 56 push esi 004012D4 \|. 57 push edi 004012D5 \|. 8955 FC mov dword ptr [ebp-4], edx 004012D8 \|. 0F85 95000000 jnz 00401373 004012DE \|. BE C0314000 mov esi, 004031C0 004012E3 \|. 6A 5C push 5C 004012E5 \|. 56 push esi 004012E6 \|. FF15 88204000 call dword ptr [<&MSVCRT._mbsrchr>] ; MSVCRT._mbsrchr 004012EC \|. 8BF8 mov edi, eax 004012EE \|. 59 pop ecx 004012EF \|. 85FF test edi, edi 004012F1 \|. 59 pop ecx 004012F2 \|. 75 14 jnz short 00401308 004012F4 \|. 8D85 E4FEFFFF lea eax, dword ptr [ebp-11C] 004012FA \|. 50 push eax ; /Buffer 004012FB \|. 68 04010000 push 104 ; \|BufSize = 104 (260.) 00401300 \|. FF15 34204000 call dword ptr [<&KERNEL32.GetCurrent>; \GetCurrentDirectoryA 00401306 \|. EB 22 jmp short 0040132A 00401308 \|> 8BC7 mov eax, edi 0040130A \|. 2BC6 sub eax, esi 0040130C \|. 50 push eax 0040130D \|. 8D85 E4FEFFFF lea eax, dword ptr [ebp-11C] 00401313 \|. 56 push esi 00401314 \|. 50 push eax 00401315 \|. FF15 8C204000 call dword ptr [<&MSVCRT._mbsncpy>] ; MSVCRT._mbsncpy 0040131B \|. 8D85 E4FEFFFF lea eax, dword ptr [ebp-11C] 00401321 \|. 83C4 0C add esp, 0C 00401324 \|. 2BC6 sub eax, esi 00401326 \|. 802438 00 and byte ptr [eax+edi], 0 0040132A \|> 8B35 3C204000 mov esi, dword ptr [<&KERNEL32.lstrc>; kernel32.lstrcatA 00401330 \|. 8D85 E4FEFFFF lea eax, dword ptr [ebp-11C] 00401336 \|. 68 14304000 push 00403014 ; /StringToAdd = "\" 0040133B \|. 50 push eax ; \|ConcatString 0040133C \|. FFD6 call esi ; \lstrcatA 0040133E \|. 8B4D FC mov ecx, dword ptr [ebp-4] 00401341 \|. E8 49FFFFFF call 0040128F 00401346 \|. 50 push eax 00401347 \|. 8D85 E4FEFFFF lea eax, dword ptr [ebp-11C] 0040134D \|. 50 push eax 0040134E \|. FFD6 call esi 00401350 \|. 8D85 E4FEFFFF lea eax, dword ptr [ebp-11C] 00401356 \|. 6A 00 push 0 ; /amode = 0 00401358 \|. 50 push eax ; \|path 00401359 \|. FF15 58204000 call dword ptr [<&MSVCRT._access>] ; \_access 0040135F \|. 59 pop ecx 00401360 \|. 85C0 test eax, eax 00401362 \|. 59 pop ecx 00401363 \|. 75 0E jnz short 00401373 00401365 \|. 8D85 E4FEFFFF lea eax, dword ptr [ebp-11C] 0040136B \|. 50 push eax ; /String2 0040136C \|. 53 push ebx ; \|String1 0040136D \|. FF15 40204000 call dword ptr [<&KERNEL32.lstrcpyA>] ; \lstrcpyA 00401373 \|> 5F pop edi 00401374 \|. 5E pop esi 00401375 \|. 5B pop ebx 00401376 \|. C9 leave 00401377 \. C3 retn 00401378 /$ 55 push ebp 00401379 \|. 8BEC mov ebp, esp 0040137B \|. 81EC 00050000 sub esp, 500 00401381 \|. 57 push edi 00401382 \|. 8BFA mov edi, edx 00401384 \|. 85FF test edi, edi 00401386 \|. 8BC1 mov eax, ecx 00401388 \|. 0F84 BF000000 je 0040144D 0040138E \|. 56 push esi 0040138F \|. 8B35 40204000 mov esi, dword ptr [<&KERNEL32.lstrc>; kernel32.lstrcpyA 00401395 \|. 83E8 00 sub eax, 0 ; Switch (cases 0..1) 00401398 \|. 74 11 je short 004013AB 0040139A \|. 48 dec eax 0040139B \|. 74 09 je short 004013A6 0040139D \|. 80A5 00FFFFFF>and byte ptr [ebp-100], 0 ; Default case of switch 00401395 004013A4 \|. EB 16 jmp short 004013BC 004013A6 \|> 6A 01 push 1 ; Case 1 of switch 00401395 004013A8 \|. 59 pop ecx 004013A9 \|. EB 02 jmp short 004013AD 004013AB \|> 33C9 xor ecx, ecx ; Case 0 of switch 00401395 004013AD \|> E8 DDFEFFFF call 0040128F 004013B2 \|. 50 push eax 004013B3 \|. 8D85 00FFFFFF lea eax, dword ptr [ebp-100] 004013B9 \|. 50 push eax 004013BA \|. FFD6 call esi 004013BC \|> 83FF 02 cmp edi, 2 ; Switch (cases 2..C1) 004013BF \|. 72 50 jb short 00401411 004013C1 \|. 83FF 03 cmp edi, 3 004013C4 \|. 76 37 jbe short 004013FD 004013C6 \|. 83FF 0B cmp edi, 0B 004013C9 \|. 74 10 je short 004013DB 004013CB \|. 81FF BF000000 cmp edi, 0BF 004013D1 \|. 76 3E jbe short 00401411 004013D3 \|. 81FF C1000000 cmp edi, 0C1 004013D9 \|. 77 36 ja short 00401411 004013DB \|> 8D85 00FFFFFF lea eax, dword ptr [ebp-100] ; Cases B,C0,C1 of switch 004013BC 004013E1 \|. 50 push eax 004013E2 \|. 6A 05 push 5 004013E4 \|. 59 pop ecx 004013E5 \|. E8 A5FEFFFF call 0040128F 004013EA \|. 50 push eax ; \|Format 004013EB \|. 8D85 00FBFFFF lea eax, dword ptr [ebp-500] ; \| 004013F1 \|. 50 push eax ; \|s 004013F2 \|. FF15 A4204000 call dword ptr [<&USER32.wsprintfA>] ; \wsprintfA 004013F8 \|. 83C4 0C add esp, 0C 004013FB \|. EB 35 jmp short 00401432 004013FD \|> 6A 04 push 4 ; Cases 2,3 of switch 004013BC 004013FF \|. 59 pop ecx 00401400 \|. E8 8AFEFFFF call 0040128F 00401405 \|. 50 push eax 00401406 \|. 8D85 00FBFFFF lea eax, dword ptr [ebp-500] 0040140C \|. 50 push eax 0040140D \|. FFD6 call esi 0040140F \|. EB 21 jmp short 00401432 00401411 \|> 8D85 00FFFFFF lea eax, dword ptr [ebp-100] ; Default case of switch 004013BC 00401417 \|. 57 push edi 00401418 \|. 50 push eax 00401419 \|. 6A 06 push 6 0040141B \|. 59 pop ecx 0040141C \|. E8 6EFEFFFF call 0040128F 00401421 \|. 50 push eax ; \|Format 00401422 \|. 8D85 00FBFFFF lea eax, dword ptr [ebp-500] ; \| 00401428 \|. 50 push eax ; \|s 00401429 \|. FF15 A4204000 call dword ptr [<&USER32.wsprintfA>] ; \wsprintfA 0040142F \|. 83C4 10 add esp, 10 00401432 \|> 6A 00 push 0 00401434 \|. 6A 03 push 3 00401436 \|. 59 pop ecx 00401437 \|. E8 53FEFFFF call 0040128F 0040143C \|. 50 push eax ; \|Title 0040143D \|. 8D85 00FBFFFF lea eax, dword ptr [ebp-500] ; \| 00401443 \|. 50 push eax ; \|Text 00401444 \|. 6A 00 push 0 ; \|hOwner = NULL 00401446 \|. FF15 A8204000 call dword ptr [<&USER32.MessageBoxA>>; \MessageBoxA 0040144C \|. 5E pop esi 0040144D \|> 5F pop edi 0040144E \|. C9 leave 0040144F \. C3 retn 00401450 /$ 55 push ebp 00401451 \|. 8BEC mov ebp, esp 00401453 \|. 81EC 08040000 sub esp, 408 00401459 \|. 8B45 08 mov eax, dword ptr [ebp+8] 0040145C \|. 8365 F8 00 and dword ptr [ebp-8], 0 00401460 \|. 8365 FC 00 and dword ptr [ebp-4], 0 00401464 \|. 80A5 F8FBFFFF>and byte ptr [ebp-408], 0 0040146B \|. 53 push ebx 0040146C \|. 56 push esi 0040146D \|. 57 push edi 0040146E \|. BF C0314000 mov edi, 004031C0 00401473 \|. 68 06010000 push 106 ; /BufSize = 106 (262.) 00401478 \|. 57 push edi ; \|PathBuffer => 汽车公告.004031C0 00401479 \|. 50 push eax ; \|hModule 0040147A \|. A3 AC314000 mov dword ptr [4031AC], eax ; \| 0040147F \|. FF15 28204000 call dword ptr [<&KERNEL32.GetModuleF>; \GetModuleFileNameA 00401485 \|. E8 D9010000 call 00401663 0040148A \|. 8B35 3C204000 mov esi, dword ptr [<&KERNEL32.lstrc>; kernel32.lstrcatA 00401490 \|. BB 7C304000 mov ebx, 0040307C 00401495 \|. 85C0 test eax, eax 00401497 \|. 74 6A je short 00401503 00401499 \|. 6A 20 push 20 ; /c = 20 (' ') 0040149B \|. 57 push edi ; \|s 0040149C \|. FF15 7C204000 call dword ptr [<&MSVCRT._mbschr>] ; \_mbschr 004014A2 \|. 59 pop ecx 004014A3 \|. 85C0 test eax, eax 004014A5 \|. 59 pop ecx 004014A6 \|. 74 2C je short 004014D4 004014A8 \|. 8D85 F8FBFFFF lea eax, dword ptr [ebp-408] 004014AE \|. 68 78304000 push 00403078 ; /String2 = """" 004014B3 \|. 50 push eax ; \|String1 004014B4 \|. FF15 40204000 call dword ptr [<&KERNEL32.lstrcpyA>] ; \lstrcpyA 004014BA \|. 8D85 F8FBFFFF lea eax, dword ptr [ebp-408] 004014C0 \|. 57 push edi 004014C1 \|. 50 push eax 004014C2 \|. FFD6 call esi 004014C4 \|. 8D85 F8FBFFFF lea eax, dword ptr [ebp-408] 004014CA \|. 68 78304000 push 00403078 004014CF \|. 50 push eax 004014D0 \|. FFD6 call esi 004014D2 \|. EB 0E jmp short 004014E2 004014D4 \|> 8D85 F8FBFFFF lea eax, dword ptr [ebp-408] 004014DA \|. 57 push edi ; /String2 004014DB \|. 50 push eax ; \|String1 004014DC \|. FF15 40204000 call dword ptr [<&KERNEL32.lstrcpyA>] ; \lstrcpyA 004014E2 \|> 8D85 F8FBFFFF lea eax, dword ptr [ebp-408] 004014E8 \|. 53 push ebx 004014E9 \|. 50 push eax 004014EA \|. FFD6 call esi 004014EC \|. 833D 10304000>cmp dword ptr [403010], 0 004014F3 \|. 75 0E jnz short 00401503 004014F5 \|. 8D85 F8FBFFFF lea eax, dword ptr [ebp-408] 004014FB \|. 68 74304000 push 00403074 ; ASCII "-T " 00401500 \|. 50 push eax 00401501 \|. FFD6 call esi 00401503 \|> 53 push ebx ; /s2 00401504 \|. FF75 10 push dword ptr [ebp+10] ; \|s1 00401507 \|> FF15 80204000 /call dword ptr [<&MSVCRT.strtok>] ; \strtok 0040150D \|. 8BF8 \|mov edi, eax 0040150F \|. 59 \|pop ecx 00401510 \|. 85FF \|test edi, edi 00401512 \|. 59 \|pop ecx 00401513 \|. 0F84 A1000000 \|je 004015BA 00401519 \|. 8A07 \|mov al, byte ptr [edi] 0040151B \|. 3C 2F \|cmp al, 2F 0040151D \|. 74 04 \|je short 00401523 0040151F \|. 3C 2D \|cmp al, 2D 00401521 \|. 75 53 \|jnz short 00401576 00401523 \|> 8A4F 01 \|mov cl, byte ptr [edi+1] 00401526 \|. 8D47 01 \|lea eax, dword ptr [edi+1] 00401529 \|. 80F9 45 \|cmp cl, 45 0040152C \|. 74 7A \|je short 004015A8 0040152E \|. 80F9 65 \|cmp cl, 65 00401531 \|. 74 75 \|je short 004015A8 00401533 \|. 80F9 44 \|cmp cl, 44 00401536 \|. 74 54 \|je short 0040158C 00401538 \|. 80F9 64 \|cmp cl, 64 0040153B 74 4F je short 0040158C 0040153D 68 68304000 push 00403068 ; ASCII "regserver" 00401542 50 push eax 00401543 FF15 84204000 \|call dword ptr [<&MSVCRT._mbsicmp>] ; \_mbsicmp 00401549 \|. 59 \|pop ecx 0040154A \|. 85C0 \|test eax, eax 0040154C \|. 59 \|pop ecx 0040154D \|. 75 09 \|jnz short 00401558 0040154F \|. C745 FC 01000>\|mov dword ptr [ebp-4], 1 00401556 \|. EB 5A \|jmp short 004015B2 00401558 \|> 8D47 01 \|lea eax, dword ptr [edi+1] 0040155B \|. 68 5C304000 \|push 0040305C ; /s2 = "unregserver" 00401560 \|. 50 \|push eax ; \|s1 00401561 \|. FF15 84204000 \|call dword ptr [<&MSVCRT._mbsicmp>] ; \_mbsicmp 00401567 \|. 59 \|pop ecx 00401568 \|. 85C0 \|test eax, eax 0040156A \|. 59 \|pop ecx 0040156B \|. 75 09 \|jnz short 00401576 0040156D \|. C745 FC 02000>\|mov dword ptr [ebp-4], 2 00401574 \|. EB 3C \|jmp short 004015B2 00401576 \|> 8D85 F8FBFFFF \|lea eax, dword ptr [ebp-408] 0040157C \|. 57 \|push edi 0040157D \|. 50 \|push eax 0040157E \|. FFD6 \|call esi 00401580 \|. 8D85 F8FBFFFF \|lea eax, dword ptr [ebp-408] 00401586 \|. 53 \|push ebx 00401587 \|. 50 \|push eax 00401588 \|. FFD6 \|call esi 0040158A \|. EB 26 \|jmp short 004015B2 0040158C \|> 83C7 02 \|add edi, 2 0040158F \|. 57 \|push edi ; /String2 00401590 \|. 68 E6334000 \|push 004033E6 ; \|String1 = 汽车公告.004033E6 00401595 \|. FF15 40204000 \|call dword ptr [<&KERNEL32.lstrcpyA>>; \lstrcpyA 0040159B \|. 6A 01 \|push 1 0040159D \|. 58 \|pop eax 0040159E \|. A3 C8324000 \|mov dword ptr [4032C8], eax 004015A3 \|. 8945 F8 \|mov dword ptr [ebp-8], eax 004015A6 \|. EB 0A \|jmp short 004015B2 004015A8 \|> C705 90314000>\|mov dword ptr [403190], 1 004015B2 \|> 53 \|push ebx 004015B3 \|. 6A 00 \|push 0 004015B5 \|.^ E9 4DFFFFFF \jmp 00401507 004015BA \|> 837D F8 00 cmp dword ptr [ebp-8], 0 004015BE \|. 75 09 jnz short 004015C9 004015C0 \|. E8 3BFAFFFF call 00401000 004015C5 \|. 85C0 test eax, eax 004015C7 \|. 74 7B je short 00401644 004015C9 \|> A1 C8324000 mov eax, dword ptr [4032C8] 004015CE \|. 69C0 06010000 imul eax, eax, 106 004015D4 \|. 05 E0324000 add eax, 004032E0 004015D9 \|. 50 push eax ; /FileName 004015DA \|. FF15 2C204000 call dword ptr [<&KERNEL32.LoadLibrar>; \LoadLibraryA 004015E0 \|. 85C0 test eax, eax 004015E2 \|. A3 94314000 mov dword ptr [403194], eax 004015E7 \|. 74 5F je short 00401648 004015E9 \|. 8B35 30204000 mov esi, dword ptr [<&KERNEL32.GetPr>; kernel32.GetProcAddress 004015EF \|. 68 50304000 push 00403050 ; /ProcNameOrOrdinal = "DllWinMain" 004015F4 \|. 50 push eax ; \|hModule 004015F5 \|. FFD6 call esi ; \GetProcAddress 004015F7 \|. 68 44304000 push 00403044 ; /ProcNameOrOrdinal = "DllOleInit" 004015FC \|. 8BF8 mov edi, eax ; \| 004015FE \|. FF35 94314000 push dword ptr [403194] ; \|hModule = NULL 00401604 \|. FFD6 call esi ; \GetProcAddress 00401606 \|. 85FF test edi, edi 00401608 \|. A3 A8314000 mov dword ptr [4031A8], eax 0040160D \|. 74 39 je short 00401648 0040160F \|. 85C0 test eax, eax 00401611 \|. 74 35 je short 00401648 00401613 \|. 8B4D FC mov ecx, dword ptr [ebp-4] 00401616 \|. 85C9 test ecx, ecx 00401618 \|. 74 0F je short 00401629 0040161A \|. 83C1 0A add ecx, 0A 0040161D \|. 6A 00 push 0 0040161F \|. 51 push ecx 00401620 \|. 68 C0314000 push 004031C0 00401625 \|. FFD0 call eax 00401627 \|. EB 33 jmp short 0040165C 00401629 \|> FF75 14 push dword ptr [ebp+14] 0040162C \|. 8D85 F8FBFFFF lea eax, dword ptr [ebp-408] 00401632 \|. 50 push eax 00401633 \|. FFD7 call edi 00401635 \|. 6A 00 push 0 00401637 \|. 6A 14 push 14 00401639 \|. 68 C0314000 push 004031C0 0040163E \|. FF15 A8314000 call dword ptr [4031A8] 00401644 \|> 33C0 xor eax, eax 00401646 \|. EB 14 jmp short 0040165C 00401648 \|> 8B0D C8324000 mov ecx, dword ptr [4032C8] 0040164E \|. BE C0000000 mov esi, 0C0 00401653 \|. 8BD6 mov edx, esi 00401655 \|. E8 1EFDFFFF call 00401378 0040165A \|. 8BC6 mov eax, esi 0040165C \|> 5F pop edi 0040165D \|. 5E pop esi 0040165E \|. 5B pop ebx 0040165F \|. C9 leave 00401660 \. C2 1000 retn 10 00401663 /$ 56 push esi 00401664 \|. 6A 00 push 0 ; /OpenMode = OF_READ\|OF_SHARE_COMPAT 00401666 \|. 68 C0314000 push 004031C0 ; \|FileName = "" 0040166B \|. FF15 20204000 call dword ptr [<&KERNEL32._lopen>] ; \_lopen 00401671 \|. 8BF0 mov esi, eax 00401673 \|. 85F6 test esi, esi 00401675 \|. 75 02 jnz short 00401679 00401677 \|. 5E pop esi 00401678 \|. C3 retn 00401679 \|> 57 push edi 0040167A \|. B2 41 mov dl, 41 0040167C \|. 8BCE mov ecx, esi 0040167E \|. E8 0E000000 call 00401691 00401683 \|. 8BF8 mov edi, eax 00401685 \|. 56 push esi ; /hFile 00401686 \|. FF15 24204000 call dword ptr [<&KERNEL32._lclose>] ; \_lclose 0040168C \|. 8BC7 mov eax, edi 0040168E \|. 5F pop edi 0040168F \|. 5E pop esi 00401690 \. C3 retn 00401691 /$ 55 push ebp 00401692 \|. 8BEC mov ebp, esp 00401694 \|. 83EC 18 sub esp, 18 00401697 \|. 53 push ebx 00401698 \|. 8B1D 18204000 mov ebx, dword ptr [<&KERNEL32._llse>; kernel32._llseek 0040169E \|. 56 push esi 0040169F \|. 57 push edi 004016A0 \|. 6A 02 push 2 ; /Origin = FILE_END 004016A2 \|. 6A 00 push 0 ; \|Offset = 0 004016A4 \|. 8855 FF mov byte ptr [ebp-1], dl ; \| 004016A7 \|. 51 push ecx ; \|hFile 004016A8 \|. 894D F8 mov dword ptr [ebp-8], ecx ; \| 004016AB \|. FFD3 call ebx ; \_llseek 004016AD \|. 8BF0 mov esi, eax 004016AF \|. 33C0 xor eax, eax 004016B1 \|. 8D7D E8 lea edi, dword ptr [ebp-18] 004016B4 \|. AB stos dword ptr es:[edi] 004016B5 \|. AB stos dword ptr es:[edi] 004016B6 \|. AB stos dword ptr es:[edi] 004016B7 \|. 66:AB stos word ptr es:[edi] 004016B9 \|. 8B45 F2 mov eax, dword ptr [ebp-E] 004016BC \|. 8D48 0E lea ecx, dword ptr [eax+E] 004016BF \|. 3BF1 cmp esi, ecx 004016C1 \|. 7C 44 jl short 00401707 004016C3 \|. 8B3D 1C204000 mov edi, dword ptr [<&KERNEL32._lrea>; kernel32._lread 004016C9 \|> 2BF0 /sub esi, eax 004016CB \|. 6A 00 \|push 0 004016CD \|. 8D46 F2 \|lea eax, dword ptr [esi-E] 004016D0 \|. 50 \|push eax 004016D1 \|. FF75 F8 \|push dword ptr [ebp-8] 004016D4 \|. FFD3 \|call ebx 004016D6 \|. 8D45 E8 \|lea eax, dword ptr [ebp-18] 004016D9 \|. 6A 0E \|push 0E 004016DB \|. 50 \|push eax 004016DC \|. FF75 F8 \|push dword ptr [ebp-8] 004016DF \|. FFD7 \|call edi 004016E1 \|. 0FB745 E8 \|movzx eax, word ptr [ebp-18] 004016E5 \|. 3D 00830000 \|cmp eax, 8300 004016EA \|. 74 09 \|je short 004016F5 004016EC \|. 3D 86830000 \|cmp eax, 8386 004016F1 \|. 75 14 \|jnz short 00401707 004016F3 \|. EB 08 \|jmp short 004016FD 004016F5 \|> 8A45 FF \|mov al, byte ptr [ebp-1] 004016F8 \|. 3845 EA \|cmp byte ptr [ebp-16], al 004016FB \|. 74 0E \|je short 0040170B 004016FD \|> 8B45 F2 \|mov eax, dword ptr [ebp-E] 00401700 \|. 8D48 0E \|lea ecx, dword ptr [eax+E] 00401703 \|. 3BF1 \|cmp esi, ecx 00401705 \|.^ 7D C2 \jge short 004016C9 00401707 \|> 33C0 xor eax, eax 00401709 \|. EB 28 jmp short 00401733 0040170B \|> 2B75 F2 sub esi, dword ptr [ebp-E] 0040170E \|. 6A 00 push 0 00401710 \|. 46 inc esi 00401711 \|. 46 inc esi 00401712 \|. 56 push esi 00401713 \|. FF75 F8 push dword ptr [ebp-8] 00401716 \|. FFD3 call ebx 00401718 \|. 8D45 FC lea eax, dword ptr [ebp-4] 0040171B \|. 6A 02 push 2 0040171D \|. 50 push eax 0040171E \|. FF75 F8 push dword ptr [ebp-8] 00401721 \|. FFD7 call edi 00401723 \|. F645 FC 02 test byte ptr [ebp-4], 2 00401727 \|. 75 07 jnz short 00401730 00401729 \|. 8325 10304000>and dword ptr [403010], 0 00401730 \|> 6A 01 push 1 00401732 \|. 58 pop eax 00401733 \|> 5F pop edi 00401734 \|. 5E pop esi 00401735 \|. 5B pop ebx 00401736 \|. C9 leave 00401737 \. C3 retn 00401738 CC int3 00401739 CC int3 0040173A CC int3 0040173B CC int3 0040173C CC int3 0040173D CC int3 0040173E CC int3 0040173F CC int3 00401740 > $ 55 push ebp 00401741 . 8BEC mov ebp, esp 00401743 . 6A FF push -1 00401745 . 68 B8204000 push 004020B8 0040174A . 68 40194000 push <jmp.&MSVCRT._except_handler3> ; SE 处理程序安装 0040174F . 64:A1 0000000>mov eax, dword ptr fs:[0] 00401755 . 50 push eax 00401756 . 64:8925 00000>mov dword ptr fs:[0], esp 0040175D . 83C4 98 add esp, -68 00401760 . 53 push ebx 00401761 . 56 push esi 00401762 . 57 push edi 00401763 . 8965 E8 mov dword ptr [ebp-18], esp 00401766 . C745 FC 00000>mov dword ptr [ebp-4], 0 0040176D . 6A 02 push 2 0040176F . FF15 48204000 call dword ptr [<&MSVCRT.__set_app_ty>; MSVCRT.__set_app_type 00401775 . 83C4 04 add esp, 4 00401778 . C705 EC344000>mov dword ptr [4034EC], -1 00401782 . C705 F0344000>mov dword ptr [4034F0], -1 0040178C . FF15 4C204000 call dword ptr [<&MSVCRT.__p__fmode>] ; MSVCRT.__p__fmode 00401792 . 8B0D A4314000 mov ecx, dword ptr [4031A4] 00401798 . 8908 mov dword ptr [eax], ecx 0040179A . FF15 5C204000 call dword ptr [<&MSVCRT.__p__commode>; MSVCRT.__p__commode 004017A0 . 8B15 A0314000 mov edx, dword ptr [4031A0] 004017A6 . 8910 mov dword ptr [eax], edx 004017A8 . A1 50204000 mov eax, dword ptr [<&MSVCRT._adjust> 004017AD . 8B08 mov ecx, dword ptr [eax] 004017AF . 890D F4344000 mov dword ptr [4034F4], ecx 004017B5 . E8 76010000 call 00401930 004017BA . A1 80304000 mov eax, dword ptr [403080] 004017BF . 85C0 test eax, eax 004017C1 . 75 0E jnz short 004017D1 004017C3 . 68 20194000 push 00401920 004017C8 . FF15 60204000 call dword ptr [<&MSVCRT.__setusermat>; MSVCRT.__setusermatherr 004017CE . 83C4 04 add esp, 4 004017D1 > E8 2A010000 call 00401900 004017D6 . 68 0C304000 push 0040300C 004017DB . 68 08304000 push 00403008 004017E0 . E8 11010000 call <jmp.&MSVCRT._initterm> 004017E5 . 83C4 08 add esp, 8 004017E8 . 8B15 9C314000 mov edx, dword ptr [40319C] 004017EE . 8955 94 mov dword ptr [ebp-6C], edx 004017F1 . 8D45 94 lea eax, dword ptr [ebp-6C] 004017F4 . 50 push eax 004017F5 . 8B0D 98314000 mov ecx, dword ptr [403198] 004017FB . 51 push ecx 004017FC . 8D55 9C lea edx, dword ptr [ebp-64] 004017FF . 52 push edx 00401800 . 8D45 90 lea eax, dword ptr [ebp-70] 00401803 . 50 push eax 00401804 . 8D4D A0 lea ecx, dword ptr [ebp-60] 00401807 . 51 push ecx 00401808 . FF15 68204000 call dword ptr [<&MSVCRT.__getmainarg>; MSVCRT.__getmainargs 0040180E . 83C4 14 add esp, 14 00401811 . 68 04304000 push 00403004 00401816 . 68 00304000 push 00403000 0040181B . E8 D6000000 call <jmp.&MSVCRT._initterm> 00401820 . 83C4 08 add esp, 8 00401823 . FF15 6C204000 call dword ptr [<&MSVCRT.__p__acmdln>>; MSVCRT.__p__acmdln 00401829 . 8B30 mov esi, dword ptr [eax] 0040182B . 8975 8C mov dword ptr [ebp-74], esi 0040182E . 803E 22 cmp byte ptr [esi], 22 00401831 . 0F85 A8000000 jnz 004018DF 00401837 > 46 inc esi 00401838 . 8975 8C mov dword ptr [ebp-74], esi 0040183B . 8A06 mov al, byte ptr [esi] 0040183D . 84C0 test al, al 0040183F . 74 04 je short 00401845 00401841 . 3C 22 cmp al, 22 00401843 .^ 75 F2 jnz short 00401837 00401845 > 803E 22 cmp byte ptr [esi], 22 00401848 . 75 04 jnz short 0040184E 0040184A . 46 inc esi 0040184B . 8975 8C mov dword ptr [ebp-74], esi 0040184E > 8A06 mov al, byte ptr [esi] 00401850 . 84C0 test al, al 00401852 . 74 0A je short 0040185E 00401854 . 3C 20 cmp al, 20 00401856 . 77 06 ja short 0040185E 00401858 . 46 inc esi 00401859 . 8975 8C mov dword ptr [ebp-74], esi 0040185C .^ EB F0 jmp short 0040184E 0040185E > C745 D0 00000>mov dword ptr [ebp-30], 0 00401865 . 8D55 A4 lea edx, dword ptr [ebp-5C] 00401868 . 52 push edx ; /pStartupinfo 00401869 . FF15 10204000 call dword ptr [<&KERNEL32.GetStartup>; \GetStartupInfoA 0040186F . F645 D0 01 test byte ptr [ebp-30], 1 00401873 . 74 0A je short 0040187F 00401875 . 8B45 D4 mov eax, dword ptr [ebp-2C] 00401878 . 25 FFFF0000 and eax, 0FFFF 0040187D . EB 05 jmp short 00401884 0040187F > B8 0A000000 mov eax, 0A 00401884 > 50 push eax ; /Arg4 00401885 . 56 push esi ; \|Arg3 00401886 . 6A 00 push 0 ; \|Arg2 = 00000000 00401888 . 6A 00 push 0 ; \|/pModule = NULL 0040188A . FF15 14204000 call dword ptr [<&KERNEL32.GetModuleH>; \|\GetModuleHandleA 00401890 . 50 push eax ; \|Arg1 00401891 . E8 BAFBFFFF call 00401450 ; \汽车公告.00401450 00401896 . 8945 98 mov dword ptr [ebp-68], eax 00401899 . 50 push eax ; /status 0040189A . FF15 70204000 call dword ptr [<&MSVCRT.exit>] ; \exit 004018A0 . EB 22 jmp short 004018C4 004018A2 . 8B45 EC mov eax, dword ptr [ebp-14] 004018A5 . 8B08 mov ecx, dword ptr [eax] 004018A7 . 8B09 mov ecx, dword ptr [ecx] 004018A9 . 894D 88 mov dword ptr [ebp-78], ecx 004018AC . 50 push eax 004018AD . 51 push ecx 004018AE . E8 3D000000 call <jmp.&MSVCRT._XcptFilter> 004018B3 . 83C4 08 add esp, 8 004018B6 . C3 retn 004018B7 . 8B65 E8 mov esp, dword ptr [ebp-18] 004018BA . 8B55 88 mov edx, dword ptr [ebp-78] 004018BD . 52 push edx ; /status 004018BE . FF15 78204000 call dword ptr [<&MSVCRT._exit>] ; \_exit 004018C4 > 83C4 04 add esp, 4 004018C7 . C745 FC FFFFF>mov dword ptr [ebp-4], -1 004018CE . 8B4D F0 mov ecx, dword ptr [ebp-10] 004018D1 . 64:890D 00000>mov dword ptr fs:[0], ecx 004018D8 . 5F pop edi 004018D9 . 5E pop esi 004018DA . 5B pop ebx 004018DB . 8BE5 mov esp, ebp 004018DD . 5D pop ebp 004018DE . C3 retn 004018DF > 803E 20 cmp byte ptr [esi], 20 004018E2 .^ 0F86 66FFFFFF jbe 0040184E 004018E8 . 46 inc esi 004018E9 . 8975 8C mov dword ptr [ebp-74], esi 004018EC .^ EB F1 jmp short 004018DF 004018EE 90 nop 004018EF 90 nop 004018F0 $- FF25 74204000 jmp dword ptr [<&MSVCRT._XcptFilter>>; MSVCRT._XcptFilter 004018F6 $- FF25 64204000 jmp dword ptr [<&MSVCRT._initterm>] ; MSVCRT._initterm 004018FC CC int3 004018FD CC int3 004018FE CC int3 004018FF CC int3 00401900 /$ 68 00000300 push 30000 ; /CWmask = 30000 00401905 \|. 68 00000100 push 10000 ; \|CWnew = 10000 0040190A \|. E8 37000000 call <jmp.&MSVCRT._controlfp> ; \_controlfp 0040190F \|. 83C4 08 add esp, 8 2008-1-13 00:00 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (1)

wofeixiang

雪币： 200

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

回帖

粉丝

关注

私信

wofeixiang: 2 楼

请高手指点指点吧，对于菜鸟来说就像天书一样，根本找不到关键点！

00401000  /$  8B0D AC314000 mov    ecx, dword ptr [4031AC]
00401006  |.  E8 7C000000 call 00401087
0040100B  |.  8A15 E0324000 mov    dl, byte ptr [4032E0]
00401011  |.  8A0D E6334000 mov    cl, byte ptr [4033E6]
00401017  |.  84D2       test dl, dl
00401019  |.  75 0C       jnz    short 00401027
0040101B  |.  84C9       test cl, cl
0040101D  |.  75 08       jnz    short 00401027
0040101F  |.  6A 02       push 2
00401021  |.  83C9 FF    or    ecx, FFFFFFFF
00401024  |.  5A          pop    edx
00401025  |.  EB 54       jmp    short 0040107B
00401027  |>  83C8 FF    or    eax, FFFFFFFF
0040102A  |.  84C9       test cl, cl
0040102C  |.  A3 C8324000 mov    dword ptr [4032C8], eax
00401031  |.  74 08       je    short 0040103B
00401033  |.  6A 01       push 1
00401035  |.  58          pop    eax
00401036  |.  A3 C8324000 mov    dword ptr [4032C8], eax
0040103B  |>  84D2       test dl, dl
0040103D  |.  74 14       je    short 00401053
0040103F  |.  833D 90314000>cmp    dword ptr [403190], 0
00401046  |.  75 04       jnz    short 0040104C
00401048  |.  84C9       test cl, cl
0040104A  |.  75 07       jnz    short 00401053
0040104C  |>  33C0       xor    eax, eax
0040104E  |.  A3 C8324000 mov    dword ptr [4032C8], eax
00401053  |>  83F8 FF    cmp    eax, -1
00401056  |.  74 28       je    short 00401080
00401058  |.  69C0 06010000 imul eax, eax, 106
0040105E  |.  05 E0324000 add    eax, 004032E0
00401063  |.  6A 00       push 0                               ; /amode = 0
00401065  |.  50          push eax                            ; |path
00401066  |.  FF15 58204000 call dword ptr [<&MSVCRT._access>] ; \_access
0040106C  |.  59          pop    ecx
0040106D  |.  85C0       test eax, eax
0040106F  |.  59          pop    ecx
00401070  |.  74 11       je    short 00401083
00401072  |.  8B0D C8324000 mov    ecx, dword ptr [4032C8]
00401078  |.  6A 02       push 2
0040107A  |.  5A          pop    edx
0040107B  |>  E8 F8020000 call 00401378
00401080  |>  33C0       xor    eax, eax
00401082  |.  C3          retn
00401083  |>  6A 01       push 1
00401085  |.  58          pop    eax
00401086  \.  C3          retn
00401087  /$  55          push ebp
00401088  |.  8BEC       mov    ebp, esp
0040108A  |.  81EC 1C010000 sub    esp, 11C
00401090  |.  53          push ebx
00401091  |.  8365 FC 00 and    dword ptr [ebp-4], 0
00401095  |.  56          push esi
00401096  |.  57          push edi
00401097  |.  6A 01       push 1
00401099  |.  5B          pop    ebx
0040109A  |.  8BD3       mov    edx, ebx
0040109C  |.  8BCB       mov    ecx, ebx
0040109E  |.  E8 13020000 call 004012B6
004010A3  |.  803D E6334000>cmp    byte ptr [4033E6], 0
004010AA  |.  8B3D 58204000 mov    edi, dword ptr [<&MSVCRT._access>;  MSVCRT._access
004010B0  |.  75 3A       jnz    short 004010EC
004010B2  |.  BE E6334000 mov    esi, 004033E6
004010B7  |.  B9 18304000 mov    ecx, 00403018                   ;  ASCII "VisualFoxProRuntime.6"
004010BC  |.  8BD6       mov    edx, esi
004010BE  |.  E8 BB000000 call 0040117E
004010C3  |.  85C0       test eax, eax
004010C5  |.  74 25       je    short 004010EC
004010C7  |.  6A 00       push 0
004010C9  |.  56          push esi
004010CA  |.  895D FC    mov    dword ptr [ebp-4], ebx
004010CD  |.  FFD7       call edi
004010CF  |.  59          pop    ecx
004010D0  |.  85C0       test eax, eax
004010D2  |.  59          pop    ecx
004010D3  |.  74 17       je    short 004010EC
004010D5  |.  8025 E6334000>and    byte ptr [4033E6], 0
004010DC  |.  8BD3       mov    edx, ebx
004010DE  |.  8BCB       mov    ecx, ebx
004010E0  |.  C745 FC 02000>mov    dword ptr [ebp-4], 2
004010E7  |.  E8 CA010000 call 004012B6
004010EC  |>  837D FC 02 cmp    dword ptr [ebp-4], 2
004010F0  |.  0F84 83000000 je    00401179
004010F6  |.  803D E6334000>cmp    byte ptr [4033E6], 0
004010FD  |.  75 7A       jnz    short 00401179
004010FF  |.  8D85 E4FEFFFF lea    eax, dword ptr [ebp-11C]
00401105  |.  68 04010000 push 104                            ; /BufSize = 104 (260.)
0040110A  |.  50          push eax                            ; |Buffer
0040110B  |.  FF15 38204000 call dword ptr [<&KERNEL32.GetSystemD>; \GetSystemDirectoryA
00401111  |.  85C0       test eax, eax
00401113  |.  74 52       je    short 00401167
00401115  |.  83C0 0C    add    eax, 0C
00401118  |.  3D 05010000 cmp    eax, 105
0040111D  |.  7F 48       jg    short 00401167
0040111F  |.  8B35 3C204000 mov    esi, dword ptr [<&KERNEL32.lstrc>;  kernel32.lstrcatA
00401125  |.  8D85 E4FEFFFF lea    eax, dword ptr [ebp-11C]
0040112B  |.  68 14304000 push 00403014                      ; /StringToAdd = "\"
00401130  |.  50          push eax                            ; |ConcatString
00401131  |.  FFD6       call esi                            ; \lstrcatA
00401133  |.  8BCB       mov    ecx, ebx
00401135  |.  E8 55010000 call 0040128F
0040113A  |.  50          push eax
0040113B  |.  8D85 E4FEFFFF lea    eax, dword ptr [ebp-11C]
00401141  |.  50          push eax
00401142  |.  FFD6       call esi
00401144  |.  8D85 E4FEFFFF lea    eax, dword ptr [ebp-11C]
0040114A  |.  6A 00       push 0
0040114C  |.  50          push eax
0040114D  |.  FFD7       call edi
0040114F  |.  59          pop    ecx
00401150  |.  85C0       test eax, eax
00401152  |.  59          pop    ecx
00401153  |.  75 12       jnz    short 00401167
00401155  |.  8D85 E4FEFFFF lea    eax, dword ptr [ebp-11C]
0040115B  |.  50          push eax                            ; /String2
0040115C  |.  68 E6334000 push 004033E6                      ; |String1 = 汽车公告.004033E6
00401161  |.  FF15 40204000 call dword ptr [<&KERNEL32.lstrcpyA>] ; \lstrcpyA
00401167  |>  803D E6334000>cmp    byte ptr [4033E6], 0
0040116E  |.  75 09       jnz    short 00401179
00401170  |.  8BD3       mov    edx, ebx
00401172  |.  8BCB       mov    ecx, ebx
00401174  |.  E8 3D010000 call 004012B6
00401179  |>  5F          pop    edi
0040117A  |.  5E          pop    esi
0040117B  |.  5B          pop    ebx
0040117C  |.  C9          leave
0040117D  \.  C3          retn
0040117E  /$  55          push ebp
0040117F  |.  8BEC       mov    ebp, esp
00401181  |.  81EC 10020000 sub    esp, 210
00401187  |.  56          push esi
00401188  |.  8D45 FC    lea    eax, dword ptr [ebp-4]
0040118B  |.  57          push edi
0040118C  |.  50          push eax                            ; /pHandle
0040118D  |.  6A 00       push 0                               ; |Subkey = NULL
0040118F  |.  8955 F4    mov    dword ptr [ebp-C], edx          ; |
00401192  |.  8BF1       mov    esi, ecx                      ; |
00401194  |.  68 00000080 push 80000000                      ; |hKey = HKEY_CLASSES_ROOT
00401199  |.  FF15 04204000 call dword ptr [<&ADVAPI32.RegOpenKey>; \RegOpenKeyA
0040119F  |.  85C0       test eax, eax
004011A1  |.  75 51       jnz    short 004011F4
004011A3  |.  8D85 F0FEFFFF lea    eax, dword ptr [ebp-110]
004011A9  |.  56          push esi                            ; /String2
004011AA  |.  50          push eax                            ; |String1
004011AB  |.  FF15 40204000 call dword ptr [<&KERNEL32.lstrcpyA>] ; \lstrcpyA
004011B1  |.  8D85 F0FEFFFF lea    eax, dword ptr [ebp-110]
004011B7  |.  68 30304000 push 00403030                      ; /StringToAdd = "\Shell\Open\Command"
004011BC  |.  50          push eax                            ; |ConcatString
004011BD  |.  FF15 3C204000 call dword ptr [<&KERNEL32.lstrcatA>] ; \lstrcatA
004011C3  |.  8D45 F0    lea    eax, dword ptr [ebp-10]
004011C6  |.  C745 F0 05010>mov    dword ptr [ebp-10], 105
004011CD  |.  50          push eax                            ; /pValueSize
004011CE  |.  8D85 F0FDFFFF lea    eax, dword ptr [ebp-210]       ; |
004011D4  |.  50          push eax                            ; |Value
004011D5  |.  8D85 F0FEFFFF lea    eax, dword ptr [ebp-110]       ; |
004011DB  |.  50          push eax                            ; |Subkey
004011DC  |.  FF75 FC    push dword ptr [ebp-4]             ; |hKey
004011DF  |.  FF15 00204000 call dword ptr [<&ADVAPI32.RegQueryVa>; \RegQueryValueA
004011E5  |.  8BF0       mov    esi, eax
004011E7  |.  FF75 FC    push dword ptr [ebp-4]             ; /hKey
004011EA  |.  FF15 08204000 call dword ptr [<&ADVAPI32.RegCloseKe>; \RegCloseKey
004011F0  |.  85F6       test esi, esi
004011F2  |.  74 07       je    short 004011FB
004011F4  |>  33C0       xor    eax, eax
004011F6  |.  E9 90000000 jmp    0040128B
004011FB  |>  80BD F0FDFFFF>cmp    byte ptr [ebp-210], 0
00401202  |.  8B3D 94204000 mov    edi, dword ptr [<&MSVCRT._isctyp>;  MSVCRT._isctype
00401208  |.  8DB5 F0FDFFFF lea    esi, dword ptr [ebp-210]
0040120E  |.  74 31       je    short 00401241
00401210  |>  A1 98204000 /mov    eax, dword ptr [<&MSVCRT.__mb_c>
00401215  |.  8338 01    |cmp    dword ptr [eax], 1
00401218  |.  7E 0C       |jle    short 00401226
0040121A  |.  0FBE06       |movsx eax, byte ptr [esi]
0040121D    68 00010000 push 100
00401222  |.  59          |pop    ecx
00401223  |.  59          |pop    ecx
00401224  |.  EB 11       |jmp    short 00401237
00401226  |>  8B0D 90204000 |mov    ecx, dword ptr [<&MSVCRT._pctyp>;  MSVCRT._pctype
0040122C  |.  0FBE06       |movsx eax, byte ptr [esi]
0040122F  |.  8B09       |mov    ecx, dword ptr [ecx]
00401231  |.  8A0441       |mov    al, byte ptr [ecx+eax*2]
00401234  |.  83E0 08    |and    eax, 8
00401237  |>  85C0       |test eax, eax
00401239  |.  74 06       |je    short 00401241
0040123B  |.  46          |inc    esi
0040123C  |.  803E 00    |cmp    byte ptr [esi], 0
0040123F  |.^ 75 CF       \jnz    short 00401210
00401241  |>  8975 F8    mov    dword ptr [ebp-8], esi
00401244  |>  8A06       /mov    al, byte ptr [esi]
00401246  |.  84C0       |test al, al
00401248  |.  74 2F       |je    short 00401279
0040124A  |.  8B0D 98204000 |mov    ecx, dword ptr [<&MSVCRT.__mb_c>;  MSVCRT.__mb_cur_max
00401250  |.  8339 01    |cmp    dword ptr [ecx], 1
00401253  |.  7E 0C       |jle    short 00401261
00401255  |.  0FBEC0       |movsx eax, al
00401258    68 00010000 push 100
0040125D  |.  59          |pop    ecx
0040125E  |.  59          |pop    ecx
0040125F  |.  EB 11       |jmp    short 00401272
00401261  |>  8B0D 90204000 |mov    ecx, dword ptr [<&MSVCRT._pctyp>;  MSVCRT._pctype
00401267  |.  0FBEC0       |movsx eax, al
0040126A  |.  8B09       |mov    ecx, dword ptr [ecx]
0040126C  |.  8A0441       |mov    al, byte ptr [ecx+eax*2]
0040126F  |.  83E0 08    |and    eax, 8
00401272  |>  85C0       |test eax, eax
00401274  |.  75 03       |jnz    short 00401279
00401276  |.  46          |inc    esi
00401277  |.^ EB CB       \jmp    short 00401244
00401279  |>  FF75 F8    push dword ptr [ebp-8]             ; /String2
0040127C  |.  8026 00    and    byte ptr [esi], 0             ; |
0040127F  |.  FF75 F4    push dword ptr [ebp-C]             ; |String1
00401282  |.  FF15 40204000 call dword ptr [<&KERNEL32.lstrcpyA>] ; \lstrcpyA
00401288  |.  6A 01       push 1
0040128A  |.  58          pop    eax
0040128B  |>  5F          pop    edi
0040128C  |.  5E          pop    esi
0040128D  |.  C9          leave
0040128E  \.  C3          retn
0040128F  /$  56          push esi
00401290  |.  BE 90304000 mov    esi, 00403090
00401295  |.  68 00010000 push 100                            ; /Count = 100 (256.)
0040129A  |.  56          push esi                            ; |Buffer => 汽车公告.00403090
0040129B  |.  51          push ecx                            ; |RsrcID
0040129C  |.  FF35 AC314000 push dword ptr [4031AC]             ; |hInst = NULL
004012A2  |.  FF15 AC204000 call dword ptr [<&USER32.LoadStringA>>; \LoadStringA
004012A8  |.  85C0       test eax, eax
004012AA  |.  75 06       jnz    short 004012B2
004012AC  |.  2005 90304000 and    byte ptr [403090], al
004012B2  |>  8BC6       mov    eax, esi
004012B4  |.  5E          pop    esi
004012B5  \.  C3          retn
004012B6  /$  55          push ebp
004012B7  |.  8BEC       mov    ebp, esp
004012B9  |.  81EC 1C010000 sub    esp, 11C
004012BF  |.  69C9 06010000 imul ecx, ecx, 106
004012C5  |.  80B9 E0324000>cmp    byte ptr [ecx+4032E0], 0
004012CC  |.  53          push ebx
004012CD  |.  8D99 E0324000 lea    ebx, dword ptr [ecx+4032E0]
004012D3  |.  56          push esi
004012D4  |.  57          push edi
004012D5  |.  8955 FC    mov    dword ptr [ebp-4], edx
004012D8  |.  0F85 95000000 jnz    00401373
004012DE  |.  BE C0314000 mov    esi, 004031C0
004012E3  |.  6A 5C       push 5C
004012E5  |.  56          push esi
004012E6  |.  FF15 88204000 call dword ptr [<&MSVCRT._mbsrchr>] ;  MSVCRT._mbsrchr
004012EC  |.  8BF8       mov    edi, eax
004012EE  |.  59          pop    ecx
004012EF  |.  85FF       test edi, edi
004012F1  |.  59          pop    ecx
004012F2  |.  75 14       jnz    short 00401308
004012F4  |.  8D85 E4FEFFFF lea    eax, dword ptr [ebp-11C]
004012FA  |.  50          push eax                            ; /Buffer
004012FB  |.  68 04010000 push 104                            ; |BufSize = 104 (260.)
00401300  |.  FF15 34204000 call dword ptr [<&KERNEL32.GetCurrent>; \GetCurrentDirectoryA
00401306  |.  EB 22       jmp    short 0040132A
00401308  |>  8BC7       mov    eax, edi
0040130A  |.  2BC6       sub    eax, esi
0040130C  |.  50          push eax
0040130D  |.  8D85 E4FEFFFF lea    eax, dword ptr [ebp-11C]
00401313  |.  56          push esi
00401314  |.  50          push eax
00401315  |.  FF15 8C204000 call dword ptr [<&MSVCRT._mbsncpy>] ;  MSVCRT._mbsncpy
0040131B  |.  8D85 E4FEFFFF lea    eax, dword ptr [ebp-11C]
00401321  |.  83C4 0C    add    esp, 0C
00401324  |.  2BC6       sub    eax, esi
00401326  |.  802438 00    and    byte ptr [eax+edi], 0
0040132A  |>  8B35 3C204000 mov    esi, dword ptr [<&KERNEL32.lstrc>;  kernel32.lstrcatA
00401330  |.  8D85 E4FEFFFF lea    eax, dword ptr [ebp-11C]
00401336  |.  68 14304000 push 00403014                      ; /StringToAdd = "\"
0040133B  |.  50          push eax                            ; |ConcatString
0040133C  |.  FFD6       call esi                            ; \lstrcatA
0040133E  |.  8B4D FC    mov    ecx, dword ptr [ebp-4]
00401341  |.  E8 49FFFFFF call 0040128F
00401346  |.  50          push eax
00401347  |.  8D85 E4FEFFFF lea    eax, dword ptr [ebp-11C]
0040134D  |.  50          push eax
0040134E  |.  FFD6       call esi
00401350  |.  8D85 E4FEFFFF lea    eax, dword ptr [ebp-11C]
00401356  |.  6A 00       push 0                               ; /amode = 0
00401358  |.  50          push eax                            ; |path
00401359  |.  FF15 58204000 call dword ptr [<&MSVCRT._access>] ; \_access
0040135F  |.  59          pop    ecx
00401360  |.  85C0       test eax, eax
00401362  |.  59          pop    ecx
00401363  |.  75 0E       jnz    short 00401373
00401365  |.  8D85 E4FEFFFF lea    eax, dword ptr [ebp-11C]
0040136B  |.  50          push eax                            ; /String2
0040136C  |.  53          push ebx                            ; |String1
0040136D  |.  FF15 40204000 call dword ptr [<&KERNEL32.lstrcpyA>] ; \lstrcpyA
00401373  |>  5F          pop    edi
00401374  |.  5E          pop    esi
00401375  |.  5B          pop    ebx
00401376  |.  C9          leave
00401377  \.  C3          retn
00401378  /$  55          push ebp
00401379  |.  8BEC       mov    ebp, esp
0040137B  |.  81EC 00050000 sub    esp, 500
00401381  |.  57          push edi
00401382  |.  8BFA       mov    edi, edx
00401384  |.  85FF       test edi, edi
00401386  |.  8BC1       mov    eax, ecx
00401388  |.  0F84 BF000000 je    0040144D
0040138E  |.  56          push esi
0040138F  |.  8B35 40204000 mov    esi, dword ptr [<&KERNEL32.lstrc>;  kernel32.lstrcpyA
00401395  |.  83E8 00    sub    eax, 0                         ;  Switch (cases 0..1)
00401398  |.  74 11       je    short 004013AB
0040139A  |.  48          dec    eax
0040139B  |.  74 09       je    short 004013A6
0040139D  |.  80A5 00FFFFFF>and    byte ptr [ebp-100], 0          ;  Default case of switch 00401395
004013A4  |.  EB 16       jmp    short 004013BC
004013A6  |>  6A 01       push 1                               ;  Case 1 of switch 00401395
004013A8  |.  59          pop    ecx
004013A9  |.  EB 02       jmp    short 004013AD
004013AB  |>  33C9       xor    ecx, ecx                      ;  Case 0 of switch 00401395
004013AD  |>  E8 DDFEFFFF call 0040128F
004013B2  |.  50          push eax
004013B3  |.  8D85 00FFFFFF lea    eax, dword ptr [ebp-100]
004013B9  |.  50          push eax
004013BA  |.  FFD6       call esi
004013BC  |>  83FF 02    cmp    edi, 2                         ;  Switch (cases 2..C1)
004013BF  |.  72 50       jb    short 00401411
004013C1  |.  83FF 03    cmp    edi, 3
004013C4  |.  76 37       jbe    short 004013FD
004013C6  |.  83FF 0B    cmp    edi, 0B
004013C9  |.  74 10       je    short 004013DB
004013CB  |.  81FF BF000000 cmp    edi, 0BF
004013D1  |.  76 3E       jbe    short 00401411
004013D3  |.  81FF C1000000 cmp    edi, 0C1
004013D9  |.  77 36       ja    short 00401411
004013DB  |>  8D85 00FFFFFF lea    eax, dword ptr [ebp-100]       ;  Cases B,C0,C1 of switch 004013BC
004013E1  |.  50          push eax
004013E2  |.  6A 05       push 5
004013E4  |.  59          pop    ecx
004013E5  |.  E8 A5FEFFFF call 0040128F
004013EA  |.  50          push eax                            ; |Format
004013EB  |.  8D85 00FBFFFF lea    eax, dword ptr [ebp-500]       ; |
004013F1  |.  50          push eax                            ; |s
004013F2  |.  FF15 A4204000 call dword ptr [<&USER32.wsprintfA>]  ; \wsprintfA
004013F8  |.  83C4 0C    add    esp, 0C
004013FB  |.  EB 35       jmp    short 00401432
004013FD  |>  6A 04       push 4                               ;  Cases 2,3 of switch 004013BC
004013FF  |.  59          pop    ecx
00401400  |.  E8 8AFEFFFF call 0040128F
00401405  |.  50          push eax
00401406  |.  8D85 00FBFFFF lea    eax, dword ptr [ebp-500]
0040140C  |.  50          push eax
0040140D  |.  FFD6       call esi
0040140F  |.  EB 21       jmp    short 00401432
00401411  |>  8D85 00FFFFFF lea    eax, dword ptr [ebp-100]       ;  Default case of switch 004013BC
00401417  |.  57          push edi
00401418  |.  50          push eax
00401419  |.  6A 06       push 6
0040141B  |.  59          pop    ecx
0040141C  |.  E8 6EFEFFFF call 0040128F
00401421  |.  50          push eax                            ; |Format
00401422  |.  8D85 00FBFFFF lea    eax, dword ptr [ebp-500]       ; |
00401428  |.  50          push eax                            ; |s
00401429  |.  FF15 A4204000 call dword ptr [<&USER32.wsprintfA>]  ; \wsprintfA
0040142F  |.  83C4 10    add    esp, 10
00401432  |>  6A 00       push 0
00401434  |.  6A 03       push 3
00401436  |.  59          pop    ecx
00401437  |.  E8 53FEFFFF call 0040128F
0040143C  |.  50          push eax                            ; |Title
0040143D  |.  8D85 00FBFFFF lea    eax, dword ptr [ebp-500]       ; |
00401443  |.  50          push eax                            ; |Text
00401444  |.  6A 00       push 0                               ; |hOwner = NULL
00401446  |.  FF15 A8204000 call dword ptr [<&USER32.MessageBoxA>>; \MessageBoxA
0040144C  |.  5E          pop    esi
0040144D  |>  5F          pop    edi
0040144E  |.  C9          leave
0040144F  \.  C3          retn
00401450  /$  55          push ebp
00401451  |.  8BEC       mov    ebp, esp
00401453  |.  81EC 08040000 sub    esp, 408
00401459  |.  8B45 08    mov    eax, dword ptr [ebp+8]
0040145C  |.  8365 F8 00 and    dword ptr [ebp-8], 0
00401460  |.  8365 FC 00 and    dword ptr [ebp-4], 0
00401464  |.  80A5 F8FBFFFF>and    byte ptr [ebp-408], 0
0040146B  |.  53          push ebx
0040146C  |.  56          push esi
0040146D  |.  57          push edi
0040146E  |.  BF C0314000 mov    edi, 004031C0
00401473  |.  68 06010000 push 106                            ; /BufSize = 106 (262.)
00401478  |.  57          push edi                            ; |PathBuffer => 汽车公告.004031C0
00401479  |.  50          push eax                            ; |hModule
0040147A  |.  A3 AC314000 mov    dword ptr [4031AC], eax       ; |
0040147F  |.  FF15 28204000 call dword ptr [<&KERNEL32.GetModuleF>; \GetModuleFileNameA
00401485  |.  E8 D9010000 call 00401663
0040148A  |.  8B35 3C204000 mov    esi, dword ptr [<&KERNEL32.lstrc>;  kernel32.lstrcatA
00401490  |.  BB 7C304000 mov    ebx, 0040307C
00401495  |.  85C0       test eax, eax
00401497  |.  74 6A       je    short 00401503
00401499  |.  6A 20       push 20                            ; /c = 20  (' ')
0040149B  |.  57          push edi                            ; |s
0040149C  |.  FF15 7C204000 call dword ptr [<&MSVCRT._mbschr>] ; \_mbschr
004014A2  |.  59          pop    ecx
004014A3  |.  85C0       test eax, eax
004014A5  |.  59          pop    ecx
004014A6  |.  74 2C       je    short 004014D4
004014A8  |.  8D85 F8FBFFFF lea    eax, dword ptr [ebp-408]
004014AE  |.  68 78304000 push 00403078                      ; /String2 = """"
004014B3  |.  50          push eax                            ; |String1
004014B4  |.  FF15 40204000 call dword ptr [<&KERNEL32.lstrcpyA>] ; \lstrcpyA
004014BA  |.  8D85 F8FBFFFF lea    eax, dword ptr [ebp-408]
004014C0  |.  57          push edi
004014C1  |.  50          push eax
004014C2  |.  FFD6       call esi
004014C4  |.  8D85 F8FBFFFF lea    eax, dword ptr [ebp-408]
004014CA  |.  68 78304000 push 00403078
004014CF  |.  50          push eax
004014D0  |.  FFD6       call esi
004014D2  |.  EB 0E       jmp    short 004014E2
004014D4  |>  8D85 F8FBFFFF lea    eax, dword ptr [ebp-408]
004014DA  |.  57          push edi                            ; /String2
004014DB  |.  50          push eax                            ; |String1
004014DC  |.  FF15 40204000 call dword ptr [<&KERNEL32.lstrcpyA>] ; \lstrcpyA
004014E2  |>  8D85 F8FBFFFF lea    eax, dword ptr [ebp-408]
004014E8  |.  53          push ebx
004014E9  |.  50          push eax
004014EA  |.  FFD6       call esi
004014EC  |.  833D 10304000>cmp    dword ptr [403010], 0
004014F3  |.  75 0E       jnz    short 00401503
004014F5  |.  8D85 F8FBFFFF lea    eax, dword ptr [ebp-408]
004014FB  |.  68 74304000 push 00403074                      ;  ASCII "-T "
00401500  |.  50          push eax
00401501  |.  FFD6       call esi
00401503  |>  53          push ebx                            ; /s2
00401504  |.  FF75 10    push dword ptr [ebp+10]             ; |s1
00401507  |>  FF15 80204000 /call dword ptr [<&MSVCRT.strtok>] ; \strtok
0040150D  |.  8BF8       |mov    edi, eax
0040150F  |.  59          |pop    ecx
00401510  |.  85FF       |test edi, edi
00401512  |.  59          |pop    ecx
00401513  |.  0F84 A1000000 |je    004015BA
00401519  |.  8A07       |mov    al, byte ptr [edi]
0040151B  |.  3C 2F       |cmp    al, 2F
0040151D  |.  74 04       |je    short 00401523
0040151F  |.  3C 2D       |cmp    al, 2D
00401521  |.  75 53       |jnz    short 00401576
00401523  |>  8A4F 01    |mov    cl, byte ptr [edi+1]
00401526  |.  8D47 01    |lea    eax, dword ptr [edi+1]
00401529  |.  80F9 45    |cmp    cl, 45
0040152C  |.  74 7A       |je    short 004015A8
0040152E  |.  80F9 65    |cmp    cl, 65
00401531  |.  74 75       |je    short 004015A8
00401533  |.  80F9 44    |cmp    cl, 44
00401536  |.  74 54       |je    short 0040158C
00401538  |.  80F9 64    |cmp    cl, 64
0040153B    74 4F       je    short 0040158C
0040153D    68 68304000 push 00403068                      ;  ASCII "regserver"
00401542    50          push eax
00401543    FF15 84204000 |call dword ptr [<&MSVCRT._mbsicmp>]  ; \_mbsicmp
00401549  |.  59          |pop    ecx
0040154A  |.  85C0       |test eax, eax
0040154C  |.  59          |pop    ecx
0040154D  |.  75 09       |jnz    short 00401558
0040154F  |.  C745 FC 01000>|mov    dword ptr [ebp-4], 1
00401556  |.  EB 5A       |jmp    short 004015B2
00401558  |>  8D47 01    |lea    eax, dword ptr [edi+1]
0040155B  |.  68 5C304000 |push 0040305C                      ; /s2 = "unregserver"
00401560  |.  50          |push eax                            ; |s1
00401561  |.  FF15 84204000 |call dword ptr [<&MSVCRT._mbsicmp>]  ; \_mbsicmp
00401567  |.  59          |pop    ecx
00401568  |.  85C0       |test eax, eax
0040156A  |.  59          |pop    ecx
0040156B  |.  75 09       |jnz    short 00401576
0040156D  |.  C745 FC 02000>|mov    dword ptr [ebp-4], 2
00401574  |.  EB 3C       |jmp    short 004015B2
00401576  |>  8D85 F8FBFFFF |lea    eax, dword ptr [ebp-408]
0040157C  |.  57          |push edi
0040157D  |.  50          |push eax
0040157E  |.  FFD6       |call esi
00401580  |.  8D85 F8FBFFFF |lea    eax, dword ptr [ebp-408]
00401586  |.  53          |push ebx
00401587  |.  50          |push eax
00401588  |.  FFD6       |call esi
0040158A  |.  EB 26       |jmp    short 004015B2
0040158C  |>  83C7 02    |add    edi, 2
0040158F  |.  57          |push edi                            ; /String2
00401590  |.  68 E6334000 |push 004033E6                      ; |String1 = 汽车公告.004033E6
00401595  |.  FF15 40204000 |call dword ptr [<&KERNEL32.lstrcpyA>>; \lstrcpyA
0040159B  |.  6A 01       |push 1
0040159D  |.  58          |pop    eax
0040159E  |.  A3 C8324000 |mov    dword ptr [4032C8], eax
004015A3  |.  8945 F8    |mov    dword ptr [ebp-8], eax
004015A6  |.  EB 0A       |jmp    short 004015B2
004015A8  |>  C705 90314000>|mov    dword ptr [403190], 1
004015B2  |>  53          |push ebx
004015B3  |.  6A 00       |push 0
004015B5  |.^ E9 4DFFFFFF \jmp    00401507
004015BA  |>  837D F8 00 cmp    dword ptr [ebp-8], 0
004015BE  |.  75 09       jnz    short 004015C9
004015C0  |.  E8 3BFAFFFF call 00401000
004015C5  |.  85C0       test eax, eax
004015C7  |.  74 7B       je    short 00401644
004015C9  |>  A1 C8324000 mov    eax, dword ptr [4032C8]
004015CE  |.  69C0 06010000 imul eax, eax, 106
004015D4  |.  05 E0324000 add    eax, 004032E0
004015D9  |.  50          push eax                            ; /FileName
004015DA  |.  FF15 2C204000 call dword ptr [<&KERNEL32.LoadLibrar>; \LoadLibraryA
004015E0  |.  85C0       test eax, eax
004015E2  |.  A3 94314000 mov    dword ptr [403194], eax
004015E7  |.  74 5F       je    short 00401648
004015E9  |.  8B35 30204000 mov    esi, dword ptr [<&KERNEL32.GetPr>;  kernel32.GetProcAddress
004015EF  |.  68 50304000 push 00403050                      ; /ProcNameOrOrdinal = "DllWinMain"
004015F4  |.  50          push eax                            ; |hModule
004015F5  |.  FFD6       call esi                            ; \GetProcAddress
004015F7  |.  68 44304000 push 00403044                      ; /ProcNameOrOrdinal = "DllOleInit"
004015FC  |.  8BF8       mov    edi, eax                      ; |
004015FE  |.  FF35 94314000 push dword ptr [403194]             ; |hModule = NULL
00401604  |.  FFD6       call esi                            ; \GetProcAddress
00401606  |.  85FF       test edi, edi
00401608  |.  A3 A8314000 mov    dword ptr [4031A8], eax
0040160D  |.  74 39       je    short 00401648
0040160F  |.  85C0       test eax, eax
00401611  |.  74 35       je    short 00401648
00401613  |.  8B4D FC    mov    ecx, dword ptr [ebp-4]
00401616  |.  85C9       test ecx, ecx
00401618  |.  74 0F       je    short 00401629
0040161A  |.  83C1 0A    add    ecx, 0A
0040161D  |.  6A 00       push 0
0040161F  |.  51          push ecx
00401620  |.  68 C0314000 push 004031C0
00401625  |.  FFD0       call eax
00401627  |.  EB 33       jmp    short 0040165C
00401629  |>  FF75 14    push dword ptr [ebp+14]
0040162C  |.  8D85 F8FBFFFF lea    eax, dword ptr [ebp-408]
00401632  |.  50          push eax
00401633  |.  FFD7       call edi
00401635  |.  6A 00       push 0
00401637  |.  6A 14       push 14
00401639  |.  68 C0314000 push 004031C0
0040163E  |.  FF15 A8314000 call dword ptr [4031A8]
00401644  |>  33C0       xor    eax, eax
00401646  |.  EB 14       jmp    short 0040165C
00401648  |>  8B0D C8324000 mov    ecx, dword ptr [4032C8]
0040164E  |.  BE C0000000 mov    esi, 0C0
00401653  |.  8BD6       mov    edx, esi
00401655  |.  E8 1EFDFFFF call 00401378
0040165A  |.  8BC6       mov    eax, esi
0040165C  |>  5F          pop    edi
0040165D  |.  5E          pop    esi
0040165E  |.  5B          pop    ebx
0040165F  |.  C9          leave
00401660  \.  C2 1000    retn 10
00401663  /$  56          push esi
00401664  |.  6A 00       push 0                               ; /OpenMode = OF_READ|OF_SHARE_COMPAT
00401666  |.  68 C0314000 push 004031C0                      ; |FileName = ""
0040166B  |.  FF15 20204000 call dword ptr [<&KERNEL32._lopen>] ; \_lopen
00401671  |.  8BF0       mov    esi, eax
00401673  |.  85F6       test esi, esi
00401675  |.  75 02       jnz    short 00401679
00401677  |.  5E          pop    esi
00401678  |.  C3          retn
00401679  |>  57          push edi
0040167A  |.  B2 41       mov    dl, 41
0040167C  |.  8BCE       mov    ecx, esi
0040167E  |.  E8 0E000000 call 00401691
00401683  |.  8BF8       mov    edi, eax
00401685  |.  56          push esi                            ; /hFile
00401686  |.  FF15 24204000 call dword ptr [<&KERNEL32._lclose>]  ; \_lclose
0040168C  |.  8BC7       mov    eax, edi
0040168E  |.  5F          pop    edi
0040168F  |.  5E          pop    esi
00401690  \.  C3          retn
00401691  /$  55          push ebp
00401692  |.  8BEC       mov    ebp, esp
00401694  |.  83EC 18    sub    esp, 18
00401697  |.  53          push ebx
00401698  |.  8B1D 18204000 mov    ebx, dword ptr [<&KERNEL32._llse>;  kernel32._llseek
0040169E  |.  56          push esi
0040169F  |.  57          push edi
004016A0  |.  6A 02       push 2                               ; /Origin = FILE_END
004016A2  |.  6A 00       push 0                               ; |Offset = 0
004016A4  |.  8855 FF    mov    byte ptr [ebp-1], dl          ; |
004016A7  |.  51          push ecx                            ; |hFile
004016A8  |.  894D F8    mov    dword ptr [ebp-8], ecx          ; |
004016AB  |.  FFD3       call ebx                            ; \_llseek
004016AD  |.  8BF0       mov    esi, eax
004016AF  |.  33C0       xor    eax, eax
004016B1  |.  8D7D E8    lea    edi, dword ptr [ebp-18]
004016B4  |.  AB          stos dword ptr es:[edi]
004016B5  |.  AB          stos dword ptr es:[edi]
004016B6  |.  AB          stos dword ptr es:[edi]
004016B7  |.  66:AB       stos word ptr es:[edi]
004016B9  |.  8B45 F2    mov    eax, dword ptr [ebp-E]
004016BC  |.  8D48 0E    lea    ecx, dword ptr [eax+E]
004016BF  |.  3BF1       cmp    esi, ecx
004016C1  |.  7C 44       jl    short 00401707
004016C3  |.  8B3D 1C204000 mov    edi, dword ptr [<&KERNEL32._lrea>;  kernel32._lread
004016C9  |>  2BF0       /sub    esi, eax
004016CB  |.  6A 00       |push 0
004016CD  |.  8D46 F2    |lea    eax, dword ptr [esi-E]
004016D0  |.  50          |push eax
004016D1  |.  FF75 F8    |push dword ptr [ebp-8]
004016D4  |.  FFD3       |call ebx
004016D6  |.  8D45 E8    |lea    eax, dword ptr [ebp-18]
004016D9  |.  6A 0E       |push 0E
004016DB  |.  50          |push eax
004016DC  |.  FF75 F8    |push dword ptr [ebp-8]
004016DF  |.  FFD7       |call edi
004016E1  |.  0FB745 E8    |movzx eax, word ptr [ebp-18]
004016E5  |.  3D 00830000 |cmp    eax, 8300
004016EA  |.  74 09       |je    short 004016F5
004016EC  |.  3D 86830000 |cmp    eax, 8386
004016F1  |.  75 14       |jnz    short 00401707
004016F3  |.  EB 08       |jmp    short 004016FD
004016F5  |>  8A45 FF    |mov    al, byte ptr [ebp-1]
004016F8  |.  3845 EA    |cmp    byte ptr [ebp-16], al
004016FB  |.  74 0E       |je    short 0040170B
004016FD  |>  8B45 F2    |mov    eax, dword ptr [ebp-E]
00401700  |.  8D48 0E    |lea    ecx, dword ptr [eax+E]
00401703  |.  3BF1       |cmp    esi, ecx
00401705  |.^ 7D C2       \jge    short 004016C9
00401707  |>  33C0       xor    eax, eax
00401709  |.  EB 28       jmp    short 00401733
0040170B  |>  2B75 F2    sub    esi, dword ptr [ebp-E]
0040170E  |.  6A 00       push 0
00401710  |.  46          inc    esi
00401711  |.  46          inc    esi
00401712  |.  56          push esi
00401713  |.  FF75 F8    push dword ptr [ebp-8]
00401716  |.  FFD3       call ebx
00401718  |.  8D45 FC    lea    eax, dword ptr [ebp-4]
0040171B  |.  6A 02       push 2
0040171D  |.  50          push eax
0040171E  |.  FF75 F8    push dword ptr [ebp-8]
00401721  |.  FFD7       call edi
00401723  |.  F645 FC 02 test byte ptr [ebp-4], 2
00401727  |.  75 07       jnz    short 00401730
00401729  |.  8325 10304000>and    dword ptr [403010], 0
00401730  |>  6A 01       push 1
00401732  |.  58          pop    eax
00401733  |>  5F          pop    edi
00401734  |.  5E          pop    esi
00401735  |.  5B          pop    ebx
00401736  |.  C9          leave
00401737  \.  C3          retn
00401738    CC          int3
00401739    CC          int3
0040173A    CC          int3
0040173B    CC          int3
0040173C    CC          int3
0040173D    CC          int3
0040173E    CC          int3
0040173F    CC          int3
00401740 > $  55          push ebp
00401741 .  8BEC       mov    ebp, esp
00401743 .  6A FF       push -1
00401745 .  68 B8204000 push 004020B8
0040174A .  68 40194000 push <jmp.&MSVCRT._except_handler3> ;  SE 处理程序安装
0040174F .  64:A1 0000000>mov    eax, dword ptr fs:[0]
00401755 .  50          push eax
00401756 .  64:8925 00000>mov    dword ptr fs:[0], esp
0040175D .  83C4 98    add    esp, -68
00401760 .  53          push ebx
00401761 .  56          push esi
00401762 .  57          push edi
00401763 .  8965 E8    mov    dword ptr [ebp-18], esp
00401766 .  C745 FC 00000>mov    dword ptr [ebp-4], 0
0040176D .  6A 02       push 2
0040176F .  FF15 48204000 call dword ptr [<&MSVCRT.__set_app_ty>;  MSVCRT.__set_app_type
00401775 .  83C4 04    add    esp, 4
00401778 .  C705 EC344000>mov    dword ptr [4034EC], -1
00401782 .  C705 F0344000>mov    dword ptr [4034F0], -1
0040178C .  FF15 4C204000 call dword ptr [<&MSVCRT.__p__fmode>] ;  MSVCRT.__p__fmode
00401792 .  8B0D A4314000 mov    ecx, dword ptr [4031A4]
00401798 .  8908       mov    dword ptr [eax], ecx
0040179A .  FF15 5C204000 call dword ptr [<&MSVCRT.__p__commode>;  MSVCRT.__p__commode
004017A0 .  8B15 A0314000 mov    edx, dword ptr [4031A0]
004017A6 .  8910       mov    dword ptr [eax], edx
004017A8 .  A1 50204000 mov    eax, dword ptr [<&MSVCRT._adjust>
004017AD .  8B08       mov    ecx, dword ptr [eax]
004017AF .  890D F4344000 mov    dword ptr [4034F4], ecx
004017B5 .  E8 76010000 call 00401930
004017BA .  A1 80304000 mov    eax, dword ptr [403080]
004017BF .  85C0       test eax, eax
004017C1 .  75 0E       jnz    short 004017D1
004017C3 .  68 20194000 push 00401920
004017C8 .  FF15 60204000 call dword ptr [<&MSVCRT.__setusermat>;  MSVCRT.__setusermatherr
004017CE .  83C4 04    add    esp, 4
004017D1 >  E8 2A010000 call 00401900
004017D6 .  68 0C304000 push 0040300C
004017DB .  68 08304000 push 00403008
004017E0 .  E8 11010000 call <jmp.&MSVCRT._initterm>
004017E5 .  83C4 08    add    esp, 8
004017E8 .  8B15 9C314000 mov    edx, dword ptr [40319C]
004017EE .  8955 94    mov    dword ptr [ebp-6C], edx
004017F1 .  8D45 94    lea    eax, dword ptr [ebp-6C]
004017F4 .  50          push eax
004017F5 .  8B0D 98314000 mov    ecx, dword ptr [403198]
004017FB .  51          push ecx
004017FC .  8D55 9C    lea    edx, dword ptr [ebp-64]
004017FF .  52          push edx
00401800 .  8D45 90    lea    eax, dword ptr [ebp-70]
00401803 .  50          push eax
00401804 .  8D4D A0    lea    ecx, dword ptr [ebp-60]
00401807 .  51          push ecx
00401808 .  FF15 68204000 call dword ptr [<&MSVCRT.__getmainarg>;  MSVCRT.__getmainargs
0040180E .  83C4 14    add    esp, 14
00401811 .  68 04304000 push 00403004
00401816 .  68 00304000 push 00403000
0040181B .  E8 D6000000 call <jmp.&MSVCRT._initterm>
00401820 .  83C4 08    add    esp, 8
00401823 .  FF15 6C204000 call dword ptr [<&MSVCRT.__p__acmdln>>;  MSVCRT.__p__acmdln
00401829 .  8B30       mov    esi, dword ptr [eax]
0040182B .  8975 8C    mov    dword ptr [ebp-74], esi
0040182E .  803E 22    cmp    byte ptr [esi], 22
00401831 .  0F85 A8000000 jnz    004018DF
00401837 >  46          inc    esi
00401838 .  8975 8C    mov    dword ptr [ebp-74], esi
0040183B .  8A06       mov    al, byte ptr [esi]
0040183D .  84C0       test al, al
0040183F .  74 04       je    short 00401845
00401841 .  3C 22       cmp    al, 22
00401843 .^ 75 F2       jnz    short 00401837
00401845 >  803E 22    cmp    byte ptr [esi], 22
00401848 .  75 04       jnz    short 0040184E
0040184A .  46          inc    esi
0040184B .  8975 8C    mov    dword ptr [ebp-74], esi
0040184E >  8A06       mov    al, byte ptr [esi]
00401850 .  84C0       test al, al
00401852 .  74 0A       je    short 0040185E
00401854 .  3C 20       cmp    al, 20
00401856 .  77 06       ja    short 0040185E
00401858 .  46          inc    esi
00401859 .  8975 8C    mov    dword ptr [ebp-74], esi
0040185C .^ EB F0       jmp    short 0040184E
0040185E >  C745 D0 00000>mov    dword ptr [ebp-30], 0
00401865 .  8D55 A4    lea    edx, dword ptr [ebp-5C]
00401868 .  52          push edx                            ; /pStartupinfo
00401869 .  FF15 10204000 call dword ptr [<&KERNEL32.GetStartup>; \GetStartupInfoA
0040186F .  F645 D0 01 test byte ptr [ebp-30], 1
00401873 .  74 0A       je    short 0040187F
00401875 .  8B45 D4    mov    eax, dword ptr [ebp-2C]
00401878 .  25 FFFF0000 and    eax, 0FFFF
0040187D .  EB 05       jmp    short 00401884
0040187F >  B8 0A000000 mov    eax, 0A
00401884 >  50          push eax                            ; /Arg4
00401885 .  56          push esi                            ; |Arg3
00401886 .  6A 00       push 0                               ; |Arg2 = 00000000
00401888 .  6A 00       push 0                               ; |/pModule = NULL
0040188A .  FF15 14204000 call dword ptr [<&KERNEL32.GetModuleH>; |\GetModuleHandleA
00401890 .  50          push eax                            ; |Arg1
00401891 .  E8 BAFBFFFF call 00401450                      ; \汽车公告.00401450
00401896 .  8945 98    mov    dword ptr [ebp-68], eax
00401899 .  50          push eax                            ; /status
0040189A .  FF15 70204000 call dword ptr [<&MSVCRT.exit>]    ; \exit
004018A0 .  EB 22       jmp    short 004018C4
004018A2 .  8B45 EC    mov    eax, dword ptr [ebp-14]
004018A5 .  8B08       mov    ecx, dword ptr [eax]
004018A7 .  8B09       mov    ecx, dword ptr [ecx]
004018A9 .  894D 88    mov    dword ptr [ebp-78], ecx
004018AC .  50          push eax
004018AD .  51          push ecx
004018AE .  E8 3D000000 call <jmp.&MSVCRT._XcptFilter>
004018B3 .  83C4 08    add    esp, 8
004018B6 .  C3          retn
004018B7 .  8B65 E8    mov    esp, dword ptr [ebp-18]
004018BA .  8B55 88    mov    edx, dword ptr [ebp-78]
004018BD .  52          push edx                            ; /status
004018BE .  FF15 78204000 call dword ptr [<&MSVCRT._exit>]    ; \_exit
004018C4 >  83C4 04    add    esp, 4
004018C7 .  C745 FC FFFFF>mov    dword ptr [ebp-4], -1
004018CE .  8B4D F0    mov    ecx, dword ptr [ebp-10]
004018D1 .  64:890D 00000>mov    dword ptr fs:[0], ecx
004018D8 .  5F          pop    edi
004018D9 .  5E          pop    esi
004018DA .  5B          pop    ebx
004018DB .  8BE5       mov    esp, ebp
004018DD .  5D          pop    ebp
004018DE .  C3          retn
004018DF >  803E 20    cmp    byte ptr [esi], 20
004018E2 .^ 0F86 66FFFFFF jbe    0040184E
004018E8 .  46          inc    esi
004018E9 .  8975 8C    mov    dword ptr [ebp-74], esi
004018EC .^ EB F1       jmp    short 004018DF
004018EE    90          nop
004018EF    90          nop
004018F0 $- FF25 74204000 jmp    dword ptr [<&MSVCRT._XcptFilter>>;  MSVCRT._XcptFilter
004018F6 $- FF25 64204000 jmp    dword ptr [<&MSVCRT._initterm>]  ;  MSVCRT._initterm
004018FC    CC          int3
004018FD    CC          int3
004018FE    CC          int3
004018FF    CC          int3
00401900  /$  68 00000300 push 30000                         ; /CWmask = 30000
00401905  |.  68 00000100 push 10000                         ; |CWnew = 10000
0040190A  |.  E8 37000000 call <jmp.&MSVCRT._controlfp>       ; \_controlfp
0040190F  |.  83C4 08    add    esp, 8

2008-1-13 00:00

[旧帖] [求助]Visual FoxPro加壳 0.00雪花