00413BEC /$ 55 PUSH EBP
00413BED |. 8BEC MOV EBP,ESP
00413BEF |. 51 PUSH ECX
00413BF0 |. 53 PUSH EBX
00413BF1 |. 56 PUSH ESI
00413BF2 |. 57 PUSH EDI
00413BF3 |. 33C0 XOR EAX,EAX
00413BF5 |. 33FF XOR EDI,EDI
00413BF7 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00413BFA |. 33DB XOR EBX,EBX
00413BFC |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00413BFF |. 8BF0 MOV ESI,EAX
00413C01 |> 8A06 /MOV AL,BYTE PTR DS:[ESI]
00413C03 |. 50 |PUSH EAX ; /Arg1
00413C04 |. E8 4BFFFFFF |CALL RzCliNtC.00413B54 ; \RzCliNtC.00413B54
00413C09 |. 59 |POP ECX
00413C0A |. 83F8 FF |CMP EAX,-1
00413C0D |. 75 04 |JNZ SHORT RzCliNtC.00413C13
00413C0F |. 33C0 |XOR EAX,EAX
00413C11 |. EB 3B |JMP SHORT RzCliNtC.00413C4E
00413C13 |> 8BD3 |MOV EDX,EBX
00413C15 |. 81E2 01000080 |AND EDX,80000001
00413C1B |. 79 05 |JNS SHORT RzCliNtC.00413C22
00413C1D |. 4A |DEC EDX
00413C1E |. 83CA FE |OR EDX,FFFFFFFE
00413C21 |. 42 |INC EDX
00413C22 |> 85D2 |TEST EDX,EDX
00413C24 |. 75 03 |JNZ SHORT RzCliNtC.00413C29
00413C26 |. C1E0 04 |SHL EAX,4
00413C29 |> 83FB 52 |CMP EBX,52
00413C2C |. 7D 05 |JGE SHORT RzCliNtC.00413C33
00413C2E |. 0145 FC |ADD DWORD PTR SS:[EBP-4],EAX
00413C31 |. EB 02 |JMP SHORT RzCliNtC.00413C35
00413C33 |> 03F8 |ADD EDI,EAX
00413C35 |> 43 |INC EBX
00413C36 |. 46 |INC ESI
00413C37 |. 83FB 54 |CMP EBX,54
00413C3A |.^ 7C C5 \JL SHORT RzCliNtC.00413C01
00413C3C |. 8165 FC FF000>AND DWORD PTR SS:[EBP-4],0FF
00413C43 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00413C46 |. 3BF9 CMP EDI,ECX
00413C48 |. 0F94C0 SETE AL
00413C4B |. 83E0 01 AND EAX,1
00413C4E |> 5F POP EDI
00413C4F |. 5E POP ESI
00413C50 |. 5B POP EBX
00413C51 |. 59 POP ECX
00413C52 |. 5D POP EBP
00413C53 \. C2 0400 RETN 4
CALL RzCliNtC.00413B54 代码
00413B54 /$ 55 PUSH EBP
00413B55 |. 8BEC MOV EBP,ESP
00413B57 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00413B5A |. 0FBED0 MOVSX EDX,AL
00413B5D |. 83FA 30 CMP EDX,30
00413B60 |. 7C 0C JL SHORT RzCliNtC.00413B6E
00413B62 |. 83FA 39 CMP EDX,39
00413B65 |. 7F 07 JG SHORT RzCliNtC.00413B6E
00413B67 |. 83C2 D0 ADD EDX,-30
00413B6A |. 8BC2 MOV EAX,EDX
00413B6C |. 5D POP EBP
00413B6D |. C3 RETN
00413B6E |> 0FBEC0 MOVSX EAX,AL
00413B71 |. 83C0 D6 ADD EAX,-2A ; Switch (cases 2A..3E)
00413B74 |. 83F8 14 CMP EAX,14
00413B77 |. 77 68 JA SHORT RzCliNtC.00413BE1
00413B79 |. 8A80 863B4100 MOV AL,BYTE PTR DS:[EAX+413B86]
00413B7F |. FF2485 9B3B41>JMP DWORD PTR DS:[EAX*4+413B9B]
00413B86 |. 06 DB 06 ; 分支 00413B9B 索引表
00413B87 |. 05 DB 05
00413B88 |. 00 DB 00
00413B89 |. 04 DB 04
00413B8A |. 00 DB 00
00413B8B |. 03 DB 03
00413B8C |. 00 DB 00
00413B8D |. 00 DB 00
00413B8E |. 00 DB 00
00413B8F |. 00 DB 00
00413B90 |. 00 DB 00
00413B91 |. 00 DB 00
00413B92 |. 00 DB 00
00413B93 |. 00 DB 00
00413B94 |. 00 DB 00
00413B95 |. 00 DB 00
00413B96 |. 00 DB 00
00413B97 |. 00 DB 00
00413B98 |. 02 DB 02
00413B99 |. 00 DB 00
00413B9A |. 01 DB 01
00413B9B |. E13B4100 DD RzCliNtC.00413BE1 ; 分支表 被用于 00413B7F
00413B9F |. DA3B4100 DD RzCliNtC.00413BDA
00413BA3 |. D33B4100 DD RzCliNtC.00413BD3
00413BA7 |. CC3B4100 DD RzCliNtC.00413BCC
00413BAB |. BE3B4100 DD RzCliNtC.00413BBE
00413BAF |. B73B4100 DD RzCliNtC.00413BB7
00413BB3 |. C53B4100 DD RzCliNtC.00413BC5
00413BB7 |> B8 0A000000 MOV EAX,0A ; Case 2B ('+') of switch 00413B71
00413BBC |. 5D POP EBP
00413BBD |. C3 RETN
00413BBE |> B8 0B000000 MOV EAX,0B ; Case 2D ('-') of switch 00413B71
00413BC3 |. 5D POP EBP
00413BC4 |. C3 RETN
00413BC5 |> B8 0C000000 MOV EAX,0C ; Case 2A ('*') of switch 00413B71
00413BCA |. 5D POP EBP
00413BCB |. C3 RETN
00413BCC |> B8 0D000000 MOV EAX,0D ; Case 2F ('/') of switch 00413B71
00413BD1 |. 5D POP EBP
00413BD2 |. C3 RETN
00413BD3 |> B8 0E000000 MOV EAX,0E ; Case 3C ('<') of switch 00413B71
00413BD8 |. 5D POP EBP
00413BD9 |. C3 RETN
00413BDA |> B8 0F000000 MOV EAX,0F ; Case 3E ('>') of switch 00413B71
00413BDF |. 5D POP EBP
00413BE0 |. C3 RETN
00413BE1 |> 83C8 FF OR EAX,FFFFFFFF ; Default case of switch 00413B71
00413BE4 |. 5D POP EBP
00413BE5 \. C3 RETN
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
