?? p2pstock.1(初始化).txt
字號(hào):
模塊 子模塊
P2PStock.00406098 P2PStock.004833AC
P2PStock.00406098 P2PStock.00406000
P2PStock.00406098 P2PStock.0048A144
P2PStock.00406098 P2PStock.00404010
P2PStock.00406098 P2PStock.00404808 -> P2PStock.00404010
P2PStock.00406098 P2PStock.00467E00
============================================================================
00404808 /$ 55 PUSH EBP ; * (WriteProcessMemory)
00404809 |. 8BEC MOV EBP,ESP
0040480B |. 53 PUSH EBX
0040480C |. 56 PUSH ESI
0040480D |. A1 9C4D4D00 MOV EAX,DWORD PTR DS:[4D4D9C]
00404812 |. 57 PUSH EDI
00404813 |. 8BF0 MOV ESI,EAX
00404815 |. 6A 53 PUSH 53 ; /*Arg3 = 00000053 鏈表長(zhǎng)度
00404817 |. 83C6 59 ADD ESI,59 ; |
0040481A |. 8BF8 MOV EDI,EAX ; |
0040481C |. 6A 00 PUSH 0 ; |*Arg2 = 00000000 欲設(shè)數(shù)值
0040481E |. 50 PUSH EAX ; |*Arg1 => 00000000 鏈表頭指針{ 數(shù)據(jù)結(jié)構(gòu): [6*(long,long)](鏈指針) }
0040481F |. 83C7 0B ADD EDI,0B ; |
00404822 |. E8 B1E90700 CALL P2PStock.004831D8 ; \*P2PStock.004831D8 鏈表數(shù)值設(shè)初值
00404827 |. 83C4 0C ADD ESP,0C ; * ESP=0012F56C+0C
0040482A |. A1 9C4D4D00 MOV EAX,DWORD PTR DS:[4D4D9C] ; * EAX=00D70004
0040482F |. C700 00830100 MOV DWORD PTR DS:[EAX],18300
00404835 |. 6A 07 PUSH 7 ; /*Arg3 = 00000007 字節(jié)數(shù)
00404837 |. 68 09F44900 PUSH P2PStock.0049F409 ; |*Arg2 = 0049F409("szszse")源地址
0040483C |. 83C0 07 ADD EAX,7 ; |
0040483F |. 50 PUSH EAX ; |*Arg1 = 00D7000B 目標(biāo)地址
00404840 |. E8 23E90700 CALL P2PStock.00483168 ; \*P2PStock.00483168 內(nèi)存拷貝
00404845 |. A1 9C4D4D00 MOV EAX,DWORD PTR DS:[4D4D9C]
0040484A |. 83C4 0C ADD ESP,0C
0040484D |. 33DB XOR EBX,EBX
0040484F |. C640 29 08 MOV BYTE PTR DS:[EAX+29],8 ; * EAX=00D70004
00404853 |. C640 2D 01 MOV BYTE PTR DS:[EAX+2D],1
00404857 |. C640 31 02 MOV BYTE PTR DS:[EAX+31],2
0040485B |. C740 33 A2031405 MOV DWORD PTR DS:[EAX+33],51403A2
00404862 |. C740 43 6A04DC05 MOV DWORD PTR DS:[EAX+43],5DC046A
00404869 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0040486C |. 8B8A 74060000 MOV ECX,DWORD PTR DS:[EDX+674]
00404872 |. 8948 53 MOV DWORD PTR DS:[EAX+53],ECX ; * ECX=01326603
00404875 |. 66:8B15 4A4B4A00 MOV DX,WORD PTR DS:[4A4B4A]
0040487C |. 66:8950 57 MOV WORD PTR DS:[EAX+57],DX
00404880 |. EB 30 JMP SHORT P2PStock.004048B2
00404882 |> 6A 30 /PUSH 30 ; /Arg3 = 00000030
00404884 |. 8BC3 |MOV EAX,EBX ; |
00404886 |. C1E0 04 |SHL EAX,4 ; |
00404889 |. 03C3 |ADD EAX,EBX ; |
0040488B |. C1E0 02 |SHL EAX,2 ; |
0040488E |. 81C0 4C4B4A00 |ADD EAX,P2PStock.004A4B4C ; |
00404894 |. 50 |PUSH EAX ; |Arg2
00404895 |. 56 |PUSH ESI ; |Arg1
00404896 |. E8 CDE80700 |CALL P2PStock.00483168 ; \*P2PStock.00483168 內(nèi)存拷貝
0040489B |. 83C4 0C |ADD ESP,0C
0040489E |. 8D56 30 |LEA EDX,DWORD PTR DS:[ESI+30]
004048A1 |. 6A 10 |PUSH 10 ; /Arg3 = 00000010
004048A3 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
004048A5 |. 52 |PUSH EDX ; |Arg1
004048A6 |. E8 2DE90700 |CALL P2PStock.004831D8 ; \*P2PStock.004831D8 鏈表數(shù)值設(shè)初值 (清0)
004048AB |. 83C4 0C |ADD ESP,0C
004048AE |. 83C6 40 |ADD ESI,40
004048B1 |. 43 |INC EBX
004048B2 |> 0FBF0D 4A4B4A00 MOVSX ECX,WORD PTR DS:[4A4B4A]
004048B9 |. 3BD9 |CMP EBX,ECX ; * EBX=0, ECX=000004F8
004048BB |.^ 7C C5 \JL SHORT P2PStock.00404882
004048BD |. 0FBF05 4A4B4A00 MOVSX EAX,WORD PTR DS:[4A4B4A] ; * EAX=000004F8
004048C4 |. C1E0 06 SHL EAX,6 ; * 寫(xiě)深證數(shù)據(jù):
004048C7 |. 6A 00 PUSH 0 ; /pBytesWritten = NULL
004048C9 |. 83C0 59 ADD EAX,59 ; |
004048CC |. 8B15 9C4D4D00 MOV EDX,DWORD PTR DS:[4D4D9C] ; |
004048D2 |. 50 PUSH EAX ; |BytesToWrite
004048D3 |. 52 PUSH EDX ; |Buffer => 00D70004
004048D4 |. 8B0D 444B4A00 MOV ECX,DWORD PTR DS:[4A4B44] ; |
004048DA |. A1 404B4A00 MOV EAX,DWORD PTR DS:[4A4B40] ; |
004048DF |. 51 PUSH ECX ; |Address => 1C730000
004048E0 |. 50 PUSH EAX ; |hProcess => 000000E4
004048E1 |. E8 CA9B0800 CALL <JMP.&KERNEL32.WriteProcessMemory> ; \WriteProcessMemory
004048E6 |. 0FBF0D 4A4B4A00 MOVSX ECX,WORD PTR DS:[4A4B4A]
004048ED |. C1E1 06 SHL ECX,6
004048F0 |. 8B15 444B4A00 MOV EDX,DWORD PTR DS:[4A4B44] ; * 寫(xiě)數(shù)據(jù)消息:
004048F6 |. 52 PUSH EDX ; /lParam => 1C730000
004048F7 |. 83C1 59 ADD ECX,59 ; |
004048FA |. 51 PUSH ECX ; |wParam
004048FB |. A1 3C4B4A00 MOV EAX,DWORD PTR DS:[4A4B3C] ; |
00404900 |. 68 38040000 PUSH 438 ; |Message = MSG(438)
00404905 |. 50 PUSH EAX ; |hWnd => 1300D6
00404906 |. E8 71A10800 CALL <JMP.&USER32.SendMessageA> ; \SendMessageA
0040490B |. A1 9C4D4D00 MOV EAX,DWORD PTR DS:[4D4D9C] ; * EAX=00D70004
00404910 |. 33DB XOR EBX,EBX
00404912 |. C700 01830100 MOV DWORD PTR DS:[EAX],18301
00404918 |. 66:C740 07 535A MOV WORD PTR DS:[EAX+7],5A53
0040491E |. 66:8B15 4A4B4A00 MOV DX,WORD PTR DS:[4A4B4A] ; * EDX=7C9204F8
00404925 |. 66:8950 09 MOV WORD PTR DS:[EAX+9],DX
00404929 |. EB 07 JMP SHORT P2PStock.00404932
0040492B |> 66:891F /MOV WORD PTR DS:[EDI],BX ; * 內(nèi)存塊序數(shù)化1,2,3,...
0040492E |. 83C7 02 |ADD EDI,2
00404931 |. 43 |INC EBX
00404932 |> 0FBF05 4A4B4A00 MOVSX EAX,WORD PTR DS:[4A4B4A]
00404939 |. 3BD8 |CMP EBX,EAX
0040493B |.^ 7C EE \JL SHORT P2PStock.0040492B
0040493D |. 0FBF15 4A4B4A00 MOVSX EDX,WORD PTR DS:[4A4B4A]
00404944 |. 03D2 ADD EDX,EDX ; * 寫(xiě)深證驗(yàn)證數(shù)據(jù):???
00404946 |. 6A 00 PUSH 0 ; /pBytesWritten = NULL
00404948 |. 83C2 0B ADD EDX,0B ; |
0040494B |. 8B0D 9C4D4D00 MOV ECX,DWORD PTR DS:[4D4D9C] ; |
00404951 |. 52 PUSH EDX ; |BytesToWrite
00404952 |. 51 PUSH ECX ; |Buffer => 00D70004
00404953 |. A1 444B4A00 MOV EAX,DWORD PTR DS:[4A4B44] ; |
00404958 |. 8B15 404B4A00 MOV EDX,DWORD PTR DS:[4A4B40] ; |
0040495E |. 50 PUSH EAX ; |Address => 1C730000
0040495F |. 52 PUSH EDX ; |hProcess => 000000E4
00404960 |. E8 4B9B0800 CALL <JMP.&KERNEL32.WriteProcessMemory> ; \WriteProcessMemory
00404965 |. 0FBF05 4A4B4A00 MOVSX EAX,WORD PTR DS:[4A4B4A]
0040496C |. 8B0D 444B4A00 MOV ECX,DWORD PTR DS:[4A4B44]
00404972 |. 03C0 ADD EAX,EAX
00404974 |. 83C0 0B ADD EAX,0B ; * 寫(xiě)數(shù)據(jù)消息:
00404977 |. 51 PUSH ECX ; /lParam => 1C730000
00404978 |. 50 PUSH EAX ; |wParam
00404979 |. 8B15 3C4B4A00 MOV EDX,DWORD PTR DS:[4A4B3C] ; |
0040497F |. 68 38040000 PUSH 438 ; |Message = MSG(438)
00404984 |. 52 PUSH EDX ; |hWnd => 1300D6
00404985 |. E8 F2A00800 CALL <JMP.&USER32.SendMessageA> ; \SendMessageA
0040498A |. A1 9C4D4D00 MOV EAX,DWORD PTR DS:[4D4D9C]
0040498F |. 6A 53 PUSH 53 ; /Arg3 = 00000053
00404991 |. 8BF0 MOV ESI,EAX ; |
00404993 |. 8BF8 MOV EDI,EAX ; |
00404995 |. 83C6 59 ADD ESI,59 ; |
00404998 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
0040499A |. 50 PUSH EAX ; |Arg1 => 00D70004
0040499B |. 83C7 0B ADD EDI,0B ; |
0040499E |. E8 35E80700 CALL P2PStock.004831D8 ; \*P2PStock.004831D8 鏈表數(shù)值設(shè)初值 (清0)
004049A3 |. 83C4 0C ADD ESP,0C
004049A6 |. A1 9C4D4D00 MOV EAX,DWORD PTR DS:[4D4D9C]
004049AB |. C700 00830100 MOV DWORD PTR DS:[EAX],18300
004049B1 |. 6A 07 PUSH 7 ; /Arg3 = 00000007
004049B3 |. 68 10F44900 PUSH P2PStock.0049F410 ; |shshse
004049B8 |. 83C0 07 ADD EAX,7 ; |
004049BB |. 50 PUSH EAX ; |Arg1
004049BC |. E8 A7E70700 CALL P2PStock.00483168 ; \*P2PStock.00483168 內(nèi)存拷貝
004049C1 |. A1 9C4D4D00 MOV EAX,DWORD PTR DS:[4D4D9C]
004049C6 |. 83C4 0C ADD ESP,0C
004049C9 |. 33DB XOR EBX,EBX
004049CB |. C640 29 08 MOV BYTE PTR DS:[EAX+29],8
004049CF |. C640 2D 01 MOV BYTE PTR DS:[EAX+2D],1
004049D3 |. C640 31 02 MOV BYTE PTR DS:[EAX+31],2
004049D7 |. C740 33 A2031405 MOV DWORD PTR DS:[EAX+33],51403A2
004049DE |. C740 43 6A04DC05 MOV DWORD PTR DS:[EAX+43],5DC046A
004049E5 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
004049E8 |. 8B8A 74060000 MOV ECX,DWORD PTR DS:[EDX+674]
004049EE |. 8948 53 MOV DWORD PTR DS:[EAX+53],ECX
004049F1 |. 66:8B15 484B4A00 MOV DX,WORD PTR DS:[4A4B48]
004049F8 |. 66:8950 57 MOV WORD PTR DS:[EAX+57],DX
004049FC |. EB 30 JMP SHORT P2PStock.00404A2E
004049FE |> 6A 30 /PUSH 30 ; /Arg3 = 00000030
00404A00 |. 8BC3 |MOV EAX,EBX ; |
00404A02 |. C1E0 04 |SHL EAX,4 ; |
00404A05 |. 03C3 |ADD EAX,EBX ; |
00404A07 |. C1E0 02 |SHL EAX,2 ; |
00404A0A |. 81C0 2CBF4B00 |ADD EAX,P2PStock.004BBF2C ; |
00404A10 |. 50 |PUSH EAX ; |Arg2
00404A11 |. 56 |PUSH ESI ; |Arg1
00404A12 |. E8 51E70700 |CALL P2PStock.00483168 ; \*P2PStock.00483168 內(nèi)存拷貝
00404A17 |. 83C4 0C |ADD ESP,0C
00404A1A |. 8D56 30 |LEA EDX,DWORD PTR DS:[ESI+30]
00404A1D |. 6A 10 |PUSH 10 ; /Arg3 = 00000010
00404A1F |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00404A21 |. 52 |PUSH EDX ; |Arg1
00404A22 |. E8 B1E70700 |CALL P2PStock.004831D8 ; \P2PStock.004831D8
00404A27 |. 83C4 0C |ADD ESP,0C
00404A2A |. 83C6 40 |ADD ESI,40
00404A2D |. 43 |INC EBX
00404A2E |> 0FBF0D 484B4A00 MOVSX ECX,WORD PTR DS:[4A4B48]
00404A35 |. 3BD9 |CMP EBX,ECX
00404A37 |.^ 7C C5 \JL SHORT P2PStock.004049FE
00404A39 |. 0FBF05 484B4A00 MOVSX EAX,WORD PTR DS:[4A4B48]
00404A40 |. C1E0 06 SHL EAX,6 ; * 寫(xiě)上證數(shù)據(jù):
00404A43 |. 6A 00 PUSH 0 ; /pBytesWritten = NULL
00404A45 |. 83C0 59 ADD EAX,59 ; |
00404A48 |. 8B15 9C4D4D00 MOV EDX,DWORD PTR DS:[4D4D9C] ; |
00404A4E |. 50 PUSH EAX ; |BytesToWrite
00404A4F |. 52 PUSH EDX ; |Buffer => 00D70004
00404A50 |. 8B0D 444B4A00 MOV ECX,DWORD PTR DS:[4A4B44] ; |
00404A56 |. A1 404B4A00 MOV EAX,DWORD PTR DS:[4A4B40] ; |
00404A5B |. 51 PUSH ECX ; |Address => 1C730000
00404A5C |. 50 PUSH EAX ; |hProcess => 000000E4
00404A5D |. E8 4E9A0800 CALL <JMP.&KERNEL32.WriteProcessMemory> ; \WriteProcessMemory
00404A62 |. 0FBF0D 484B4A00 MOVSX ECX,WORD PTR DS:[4A4B48]
00404A69 |. C1E1 06 SHL ECX,6
00404A6C |. 8B15 444B4A00 MOV EDX,DWORD PTR DS:[4A4B44] ; * 寫(xiě)數(shù)據(jù)消息:
00404A72 |. 52 PUSH EDX ; /lParam => 1C730000
00404A73 |. 83C1 59 ADD ECX,59 ; |
?? 快捷鍵說(shuō)明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -