ڴϵesp PEtite 2.2 -> Ian Luck  ѿּ


0046D042 >  B8 00D04600     MOV EAX,AD_CM#3.0046D000     //ODͣ쳣F9УSHIFT +F9󣬳 
0046D047    68 B4A64500     PUSH AD_CM#3.0045A6B4
0046D04C    64:FF35 0000000>PUSH DWORD PTR FS:[0]
0046D053    64:8925 0000000>MOV DWORD PTR FS:[0],ESP
0046D05A    66:9C           PUSHFW
0046D05C    60              PUSHAD


0045A74D    5A              POP EDX       ; AD_CM#3.0046D1B8      //ͨһ쳣ڴʶϵ
0045A74E    64:8F05 0000000>POP DWORD PTR FS:[0]
0045A755    58              POP EAX
0045A756    6A 00           PUSH 0
0045A758    53              PUSH EBX


ڴ澵Ŀ 19
 ַ=00401000
 С=0005A000 (368640.)
 Owner=AD_CM#3  00400000
 =.petite
 =code                          //˴ڴʶϵ
 =Imag 01001002
 =R
 ʼ=RWE


0045A976    33C0            XOR EAX,EAX                         //жڴˣȻȡڴϵ㣬esp0012ffc0Ӳд-dwordϵ㡣0012ffa0¶ҲԣҪ߼ܵڴ
0045A978    64:8B18         MOV EBX,DWORD PTR FS:[EAX]
0045A97B    8B1B            MOV EBX,DWORD PTR DS:[EBX]
0045A97D    8D63 AE         LEA ESP,DWORD PTR DS:[EBX-52]
0045A980    61              POPAD


004584C1    8BEC            MOV EBP,ESP              //ӲжϺڴˡǽƣ£
004584C3    83C4 F4         ADD ESP,-0C
004584C6    B8 70834500     MOV EAX,AD_CM#3.00458370
004584CB    E8 60DAFAFF     CALL AD_CM#3.00405F30
004584D0    A1 80A54500     MOV EAX,DWORD PTR DS:[45A580]


004584BF    0055 8B         ADD BYTE PTR SS:[EBP-75],DL          //ƺָ ˴һָ00 nop
004584C2    EC              IN AL,DX                                 ; I/O 
004584C3    83C4 F4         ADD ESP,-0C
004584C6    B8 70834500     MOV EAX,AD_CM#3.00458370
004584CB    E8 60DAFAFF     CALL AD_CM#3.00405F30
004584D0    A1 80A54500     MOV EAX,DWORD PTR DS:[45A580]


004584C0    55              PUSH EBP                     //nopǲڴ!!dumpɡ
004584C1    8BEC            MOV EBP,ESP
004584C3    83C4 F4         ADD ESP,-0C
004584C6    B8 70834500     MOV EAX,AD_CM#3.00458370
004584CB    E8 60DAFAFF     CALL AD_CM#3.00405F30
004584D0    A1 80A54500     MOV EAX,DWORD PTR DS:[45A580]


impr޸У˳쳣ѿ޸ĳ򿴿쳣F9Уٵرաܿͳ쳣ˡջ
0012FF7C   0040364C  ص 1_.0040364C               //ע0040364CַˣӦþĴ!
0012FF80   0012FFB4  ָ뵽һ SEH ¼
0012FF84   0040365A  SE 
0012FF88   0012FF98


ãѿ޸ĳCTRL+G 0040364C
00403648   . /74 02         JE SHORT 1_.0040364C      // ¶ϡرճжЩ˴δ0040364C޸Ϊjmp
0040364A   . |FFD0          CALL EAX                  //ִд˾䣬쳣
0040364C   > \85DB          TEST EBX,EBX
һOKˡУûκδˡչˡ

뵽
http://www.chinadfcg.com/viewthread.php?tid=6452
ѾĺѿĿһˡṩռ̫Сϴ
