21,597
社区成员
发帖
与我相关
我的任务
分享动态库的函数,已经反汇编成汇编程序,请教函数VLSgetMachineID的输入参数和返回参数(高分相送)
Exported fn(): VLSgetMachineID - Ord:0021h
:100159BB 55 push ebp
:100159BC 8BEC mov ebp, esp
:100159BE 56 push esi
:100159BF FF7510 push [ebp+10]
:100159C2 8B750C mov esi, dword ptr [ebp+0C]
:100159C5 56 push esi
:100159C6 FF7508 push [ebp+08]
:100159C9 E896FEFFFF call 10015864
:100159CE 83C40C add esp, 0000000C
:100159D1 85C0 test eax, eax
:100159D3 7524 jne 100159F9
:100159D5 F6450808 test [ebp+08], 08
:100159D9 741C je 100159F7
:100159DB 83C648 add esi, 00000048
:100159DE 803E00 cmp byte ptr [esi], 00
:100159E1 7414 je 100159F7
:100159E3 6A40 push 00000040
:100159E5 56 push esi
:100159E6 E807030100 call 10025CF2
:100159EB 83C408 add esp, 00000008
:100159EE 56 push esi
:100159EF E853F60000 call 10025047
:100159F4 83C404 add esp, 00000004
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:100159D9(C), :100159E1(C)
|
:100159F7 33C0 xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100159D3(C)
|
:100159F9 5E pop esi
:100159FA 5D pop ebp
:100159FB C3 ret
* Referenced by a CALL at Addresses:
|:1000E4AF , :10015C7D , :10015CF4 , :10015D2A , :10033738
|:100411DD , :1004174C , :1004178A , :10041844 , :10041873
|
:100159FC 55 push ebp
:100159FD 8BEC mov ebp, esp
:100159FF 83EC04 sub esp, 00000004
:10015A02 C745FC00000000 mov [ebp-04], 00000000
:10015A09 53 push ebx
:10015A0A 56 push esi
:10015A0B 57 push edi
:10015A0C 8B7510 mov esi, dword ptr [ebp+10]
:10015A0F 85F6 test esi, esi
:10015A11 750A jne 10015A1D
:10015A13 B8FFFFFFFF mov eax, FFFFFFFF
:10015A18 E9FE000000 jmp 10015B1B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015A11(C)
|
:10015A1D F7C602000000 test esi, 00000002
:10015A23 745A je 10015A7F
:10015A25 833DF400081000 cmp dword ptr [100800F4], 00000000
:10015A2C 753B jne 10015A69
:10015A2E 8B7D08 mov edi, dword ptr [ebp+08]
:10015A31 57 push edi
:10015A32 E8DCF5FFFF call 10015013
:10015A37 83C404 add esp, 00000004
:10015A3A 85C0 test eax, eax
:10015A3C 7544 jne 10015A82
:10015A3E 6A14 push 00000014
:10015A40 BBE0000810 mov ebx, 100800E0
:10015A45 6A00 push 00000000
:10015A47 53 push ebx
:10015A48 E8C3B50400 call 10061010
:10015A4D 83C40C add esp, 0000000C
:10015A50 8D4704 lea eax, dword ptr [edi+04]
:10015A53 50 push eax
:10015A54 53 push ebx
:10015A55 E8A6B00400 call 10060B00
:10015A5A C705F400081001000000 mov dword ptr [100800F4], 00000001
:10015A64 83C408 add esp, 00000008
:10015A67 EB19 jmp 10015A82
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015A2C(C)
|
:10015A69 68E0000810 push 100800E0
:10015A6E 8B7D08 mov edi, dword ptr [ebp+08]
:10015A71 8D4704 lea eax, dword ptr [edi+04]
:10015A74 50 push eax
:10015A75 E886B00400 call 10060B00
:10015A7A 83C408 add esp, 00000008
:10015A7D EB03 jmp 10015A82
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015A23(C)
|
:10015A7F 8B7D08 mov edi, dword ptr [ebp+08]
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:10015A3C(C), :10015A67(U), :10015A7D(U)
|
:10015A82 F7C680000000 test esi, 00000080
:10015A88 7458 je 10015AE2
:10015A8A 833D8833071000 cmp dword ptr [10073388], 00000000
:10015A91 753B jne 10015ACE
:10015A93 57 push edi
:10015A94 E847F8FFFF call 100152E0
:10015A99 83C404 add esp, 00000004
:10015A9C 85C0 test eax, eax
:10015A9E 7542 jne 10015AE2
:10015AA0 6A40 push 00000040
:10015AA2 BB80000810 mov ebx, 10080080
:10015AA7 6A00 push 00000000
:10015AA9 53 push ebx
:10015AAA E861B50400 call 10061010
:10015AAF 83C40C add esp, 0000000C
:10015AB2 8D87D0000000 lea eax, dword ptr [edi+000000D0]
:10015AB8 50 push eax
:10015AB9 53 push ebx
:10015ABA E841B00400 call 10060B00
:10015ABF C705F400081001000000 mov dword ptr [100800F4], 00000001
:10015AC9 83C408 add esp, 00000008
:10015ACC EB14 jmp 10015AE2(待续1)
:100159BB 55 push ebp
:100159BC 8BEC mov ebp, esp
:100159BE 56 push esi
:100159BF FF7510 push [ebp+10]
:100159C2 8B750C mov esi, dword ptr [ebp+0C]
:100159C5 56 push esi
:100159C6 FF7508 push [ebp+08]
:100159C9 E896FEFFFF call 10015864
:100159CE 83C40C add esp, 0000000C
:100159D1 85C0 test eax, eax
:100159D3 7524 jne 100159F9
:100159D5 F6450808 test [ebp+08], 08
:100159D9 741C je 100159F7
:100159DB 83C648 add esi, 00000048
:100159DE 803E00 cmp byte ptr [esi], 00
:100159E1 7414 je 100159F7
:100159E3 6A40 push 00000040
:100159E5 56 push esi
:100159E6 E807030100 call 10025CF2
:100159EB 83C408 add esp, 00000008
:100159EE 56 push esi
:100159EF E853F60000 call 10025047
:100159F4 83C404 add esp, 00000004
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:100159D9(C), :100159E1(C)
|
:100159F7 33C0 xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100159D3(C)
|
:100159F9 5E pop esi
:100159FA 5D pop ebp
:100159FB C3 ret
* Referenced by a CALL at Addresses:
|:1000E4AF , :10015C7D , :10015CF4 , :10015D2A , :10033738
|:100411DD , :1004174C , :1004178A , :10041844 , :10041873
|
:100159FC 55 push ebp
:100159FD 8BEC mov ebp, esp
:100159FF 83EC04 sub esp, 00000004
:10015A02 C745FC00000000 mov [ebp-04], 00000000
:10015A09 53 push ebx
:10015A0A 56 push esi
:10015A0B 57 push edi
:10015A0C 8B7510 mov esi, dword ptr [ebp+10]
:10015A0F 85F6 test esi, esi
:10015A11 750A jne 10015A1D
:10015A13 B8FFFFFFFF mov eax, FFFFFFFF
:10015A18 E9FE000000 jmp 10015B1B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015A11(C)
|
:10015A1D F7C602000000 test esi, 00000002
:10015A23 745A je 10015A7F
:10015A25 833DF400081000 cmp dword ptr [100800F4], 00000000
:10015A2C 753B jne 10015A69
:10015A2E 8B7D08 mov edi, dword ptr [ebp+08]
:10015A31 57 push edi
:10015A32 E8DCF5FFFF call 10015013
:10015A37 83C404 add esp, 00000004
:10015A3A 85C0 test eax, eax
:10015A3C 7544 jne 10015A82
:10015A3E 6A14 push 00000014
:10015A40 BBE0000810 mov ebx, 100800E0
:10015A45 6A00 push 00000000
:10015A47 53 push ebx
:10015A48 E8C3B50400 call 10061010
:10015A4D 83C40C add esp, 0000000C
:10015A50 8D4704 lea eax, dword ptr [edi+04]
:10015A53 50 push eax
:10015A54 53 push ebx
:10015A55 E8A6B00400 call 10060B00
:10015A5A C705F400081001000000 mov dword ptr [100800F4], 00000001
:10015A64 83C408 add esp, 00000008
:10015A67 EB19 jmp 10015A82
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015A2C(C)
|
:10015A69 68E0000810 push 100800E0
:10015A6E 8B7D08 mov edi, dword ptr [ebp+08]
:10015A71 8D4704 lea eax, dword ptr [edi+04]
:10015A74 50 push eax
:10015A75 E886B00400 call 10060B00
:10015A7A 83C408 add esp, 00000008
:10015A7D EB03 jmp 10015A82
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015A23(C)
|
:10015A7F 8B7D08 mov edi, dword ptr [ebp+08]
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:10015A3C(C), :10015A67(U), :10015A7D(U)
|
:10015A82 F7C680000000 test esi, 00000080
:10015A88 7458 je 10015AE2
:10015A8A 833D8833071000 cmp dword ptr [10073388], 00000000
:10015A91 753B jne 10015ACE
:10015A93 57 push edi
:10015A94 E847F8FFFF call 100152E0
:10015A99 83C404 add esp, 00000004
:10015A9C 85C0 test eax, eax
:10015A9E 7542 jne 10015AE2
:10015AA0 6A40 push 00000040
:10015AA2 BB80000810 mov ebx, 10080080
:10015AA7 6A00 push 00000000
:10015AA9 53 push ebx
:10015AAA E861B50400 call 10061010
:10015AAF 83C40C add esp, 0000000C
:10015AB2 8D87D0000000 lea eax, dword ptr [edi+000000D0]
:10015AB8 50 push eax
:10015AB9 53 push ebx
:10015ABA E841B00400 call 10060B00
:10015ABF C705F400081001000000 mov dword ptr [100800F4], 00000001
:10015AC9 83C408 add esp, 00000008
:10015ACC EB14 jmp 10015AE2(待续1)
...全文
请发表友善的回复…
发表回复
benan 2005-05-25
- 打赏
- 举报
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015D1B(C)
|
:10015D36 F60780 test byte ptr [edi], 80
:10015D39 7506 jne 10015D41
:10015D3B F6472C80 test [edi+2C], 80
:10015D3F 7406 je 10015D47
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015D39(C)
|
:10015D41 F645F880 test [ebp-08], 80
:10015D45 742C je 10015D73
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015D3F(C)
|
:10015D47 83C704 add edi, 00000004
:10015D4A 83C311 add ebx, 00000011
:10015D4D FF45D1 inc [ebp-2F]
:10015D50 8B45D1 mov eax, dword ptr [ebp-2F]
:10015D53 3986B0010000 cmp dword ptr [esi+000001B0], eax
:10015D59 0F8F72FFFFFF jg 10015CD1
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:10015B35(C), :10015C2D(C), :10015C6A(C), :10015C87(C), :10015CC5(C)
|
:10015D5F B8FFFFFFFF mov eax, FFFFFFFF
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:10015B4B(U), :10015C49(C), :10015C8F(U), :10015C96(U), :10015CB1(C)
|:10015D6D(U), :10015D71(U), :10015D78(U)
|
:10015D64 5F pop edi
:10015D65 5E pop esi
:10015D66 5B pop ebx
:10015D67 8BE5 mov esp, ebp
:10015D69 5D pop ebp
:10015D6A C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015CFE(C)
|
:10015D6B 33C0 xor eax, eax
:10015D6D EBF5 jmp 10015D64
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015D34(C)
|
:10015D6F 33C0 xor eax, eax
:10015D71 EBF1 jmp 10015D64
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015D45(C)
|
:10015D73 B830000000 mov eax, 00000030
:10015D78 EBEA jmp 10015D64
* Referenced by a CALL at Addresses:
|:100054B9 , :10010061
|
:10015D7A 55 push ebp
* Possible StringData Ref from Data Obj ->"&&"
|
:10015D7B BAD8340710 mov edx, 100734D8
:10015D80 8BEC mov ebp, esp
:10015D82 81EC40010000 sub esp, 00000140
:10015D88 8B4D08 mov ecx, dword ptr [ebp+08]
:10015D8B FFB114010000 push dword ptr [ecx+00000114]
:10015D91 52 push edx
:10015D92 8D8118010000 lea eax, dword ptr [ecx+00000118]
:10015D98 50 push eax
:10015D99 52 push edx
:10015D9A FFB110010000 push dword ptr [ecx+00000110]
:10015DA0 52 push edx
:10015DA1 8D81D0000000 lea eax, dword ptr [ecx+000000D0]
:10015DA7 50 push eax
:10015DA8 52 push edx
:10015DA9 FFB1CC000000 push dword ptr [ecx+000000CC]
:10015DAF 52 push edx
:10015DB0 FFB1C8000000 push dword ptr [ecx+000000C8]
:10015DB6 52 push edx
:10015DB7 8D8188000000 lea eax, dword ptr [ecx+00000088]
:10015DBD 50 push eax
:10015DBE 52 push edx
:10015DBF 8D4148 lea eax, dword ptr [ecx+48]
:10015DC2 50 push eax
:10015DC3 52 push edx
:10015DC4 FF7144 push [ecx+44]
:10015DC7 52 push edx
:10015DC8 8D4104 lea eax, dword ptr [ecx+04]
:10015DCB 50 push eax
:10015DCC 52 push edx
:10015DCD FF31 push dword ptr [ecx]
* Possible StringData Ref from Data Obj ->"%lx%s%s%s%lx%s%s%s%s%s%lx%s%lx%s%s%s%lx%s%s%s%"
->"lx"
|
:10015DCF 68A4340710 push 100734A4
:10015DD4 8D95C0FEFFFF lea edx, dword ptr [ebp+FFFFFEC0]
:10015DDA 52 push edx
:10015DDB E890AE0400 call 10060C70
:10015DE0 83C45C add esp, 0000005C
:10015DE3 8D8DC0FEFFFF lea ecx, dword ptr [ebp+FFFFFEC0]
:10015DE9 51 push ecx
:10015DEA E801AE0400 call 10060BF0
:10015DEF 83C404 add esp, 00000004
:10015DF2 3B4510 cmp eax, dword ptr [ebp+10]
:10015DF5 B8FFFFFFFF mov eax, FFFFFFFF
:10015DFA 7314 jnb 10015E10
:10015DFC 8D85C0FEFFFF lea eax, dword ptr [ebp+FFFFFEC0]
:10015E02 50 push eax
:10015E03 FF750C push [ebp+0C]
:10015E06 E8F5AC0400 call 10060B00
:10015E0B 83C408 add esp, 00000008
:10015E0E 33C0 xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015DFA(C)
|
:10015E10 8BE5 mov esp, ebp
:10015E12 5D pop ebp
:10015E13 C3 ret
* Referenced by a CALL at Addresses:
|:1003371D , :1004D941
|
:10015E14 55 push ebp
:10015E15 8BEC mov ebp, esp
:10015E17 83EC04 sub esp, 00000004
:10015E1A 56 push esi
:10015E1B 8B7508 mov esi, dword ptr [ebp+08]
:10015E1E 56 push esi
:10015E1F E82CF5FFFF call 10015350
:10015E24 83C404 add esp, 00000004
:10015E27 85C0 test eax, eax
:10015E29 0F85D5010000 jne 10016004
:10015E2F 8D45FC lea eax, dword ptr [ebp-04]
:10015E32 50 push eax
* Possible StringData Ref from Data Obj ->"&&"
|
:10015E33 68D8340710 push 100734D8
:10015E38 6A00 push 00000000
:10015E3A FF750C push [ebp+0C]
:10015E3D E8B6490100 call 1002A7F8
:10015E42 83C410 add esp, 00000010
:10015E45 85C0 test eax, eax
:10015E47 740F je 10015E58
:10015E49 56 push esi
|:10015D1B(C)
|
:10015D36 F60780 test byte ptr [edi], 80
:10015D39 7506 jne 10015D41
:10015D3B F6472C80 test [edi+2C], 80
:10015D3F 7406 je 10015D47
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015D39(C)
|
:10015D41 F645F880 test [ebp-08], 80
:10015D45 742C je 10015D73
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015D3F(C)
|
:10015D47 83C704 add edi, 00000004
:10015D4A 83C311 add ebx, 00000011
:10015D4D FF45D1 inc [ebp-2F]
:10015D50 8B45D1 mov eax, dword ptr [ebp-2F]
:10015D53 3986B0010000 cmp dword ptr [esi+000001B0], eax
:10015D59 0F8F72FFFFFF jg 10015CD1
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:10015B35(C), :10015C2D(C), :10015C6A(C), :10015C87(C), :10015CC5(C)
|
:10015D5F B8FFFFFFFF mov eax, FFFFFFFF
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:10015B4B(U), :10015C49(C), :10015C8F(U), :10015C96(U), :10015CB1(C)
|:10015D6D(U), :10015D71(U), :10015D78(U)
|
:10015D64 5F pop edi
:10015D65 5E pop esi
:10015D66 5B pop ebx
:10015D67 8BE5 mov esp, ebp
:10015D69 5D pop ebp
:10015D6A C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015CFE(C)
|
:10015D6B 33C0 xor eax, eax
:10015D6D EBF5 jmp 10015D64
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015D34(C)
|
:10015D6F 33C0 xor eax, eax
:10015D71 EBF1 jmp 10015D64
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015D45(C)
|
:10015D73 B830000000 mov eax, 00000030
:10015D78 EBEA jmp 10015D64
* Referenced by a CALL at Addresses:
|:100054B9 , :10010061
|
:10015D7A 55 push ebp
* Possible StringData Ref from Data Obj ->"&&"
|
:10015D7B BAD8340710 mov edx, 100734D8
:10015D80 8BEC mov ebp, esp
:10015D82 81EC40010000 sub esp, 00000140
:10015D88 8B4D08 mov ecx, dword ptr [ebp+08]
:10015D8B FFB114010000 push dword ptr [ecx+00000114]
:10015D91 52 push edx
:10015D92 8D8118010000 lea eax, dword ptr [ecx+00000118]
:10015D98 50 push eax
:10015D99 52 push edx
:10015D9A FFB110010000 push dword ptr [ecx+00000110]
:10015DA0 52 push edx
:10015DA1 8D81D0000000 lea eax, dword ptr [ecx+000000D0]
:10015DA7 50 push eax
:10015DA8 52 push edx
:10015DA9 FFB1CC000000 push dword ptr [ecx+000000CC]
:10015DAF 52 push edx
:10015DB0 FFB1C8000000 push dword ptr [ecx+000000C8]
:10015DB6 52 push edx
:10015DB7 8D8188000000 lea eax, dword ptr [ecx+00000088]
:10015DBD 50 push eax
:10015DBE 52 push edx
:10015DBF 8D4148 lea eax, dword ptr [ecx+48]
:10015DC2 50 push eax
:10015DC3 52 push edx
:10015DC4 FF7144 push [ecx+44]
:10015DC7 52 push edx
:10015DC8 8D4104 lea eax, dword ptr [ecx+04]
:10015DCB 50 push eax
:10015DCC 52 push edx
:10015DCD FF31 push dword ptr [ecx]
* Possible StringData Ref from Data Obj ->"%lx%s%s%s%lx%s%s%s%s%s%lx%s%lx%s%s%s%lx%s%s%s%"
->"lx"
|
:10015DCF 68A4340710 push 100734A4
:10015DD4 8D95C0FEFFFF lea edx, dword ptr [ebp+FFFFFEC0]
:10015DDA 52 push edx
:10015DDB E890AE0400 call 10060C70
:10015DE0 83C45C add esp, 0000005C
:10015DE3 8D8DC0FEFFFF lea ecx, dword ptr [ebp+FFFFFEC0]
:10015DE9 51 push ecx
:10015DEA E801AE0400 call 10060BF0
:10015DEF 83C404 add esp, 00000004
:10015DF2 3B4510 cmp eax, dword ptr [ebp+10]
:10015DF5 B8FFFFFFFF mov eax, FFFFFFFF
:10015DFA 7314 jnb 10015E10
:10015DFC 8D85C0FEFFFF lea eax, dword ptr [ebp+FFFFFEC0]
:10015E02 50 push eax
:10015E03 FF750C push [ebp+0C]
:10015E06 E8F5AC0400 call 10060B00
:10015E0B 83C408 add esp, 00000008
:10015E0E 33C0 xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015DFA(C)
|
:10015E10 8BE5 mov esp, ebp
:10015E12 5D pop ebp
:10015E13 C3 ret
* Referenced by a CALL at Addresses:
|:1003371D , :1004D941
|
:10015E14 55 push ebp
:10015E15 8BEC mov ebp, esp
:10015E17 83EC04 sub esp, 00000004
:10015E1A 56 push esi
:10015E1B 8B7508 mov esi, dword ptr [ebp+08]
:10015E1E 56 push esi
:10015E1F E82CF5FFFF call 10015350
:10015E24 83C404 add esp, 00000004
:10015E27 85C0 test eax, eax
:10015E29 0F85D5010000 jne 10016004
:10015E2F 8D45FC lea eax, dword ptr [ebp-04]
:10015E32 50 push eax
* Possible StringData Ref from Data Obj ->"&&"
|
:10015E33 68D8340710 push 100734D8
:10015E38 6A00 push 00000000
:10015E3A FF750C push [ebp+0C]
:10015E3D E8B6490100 call 1002A7F8
:10015E42 83C410 add esp, 00000010
:10015E45 85C0 test eax, eax
:10015E47 740F je 10015E58
:10015E49 56 push esi
benan 2005-05-25
- 打赏
- 举报
* Possible StringData Ref from Data Obj ->"%lx"
|
:10015B88 BB6C340710 mov ebx, 1007346C
:10015B8D E87AF0FFFF call 10014C0C
:10015B92 83C408 add esp, 00000008
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015C1F(C)
|
:10015B95 8D85A0FEFFFF lea eax, dword ptr [ebp+FFFFFEA0]
:10015B9B 50 push eax
* Reference To: LSAPIW32.VLSinitMachineID
|
:10015B9C E868040000 call 10016009
:10015BA1 83C404 add esp, 00000004
:10015BA4 8D45E4 lea eax, dword ptr [ebp-1C]
:10015BA7 6A14 push 00000014
:10015BA9 6A00 push 00000000
:10015BAB 50 push eax
:10015BAC E85FB40400 call 10061010
:10015BB1 83C40C add esp, 0000000C
:10015BB4 8D4DE4 lea ecx, dword ptr [ebp-1C]
:10015BB7 FF37 push dword ptr [edi]
:10015BB9 53 push ebx
:10015BBA 51 push ecx
:10015BBB E8B0B00400 call 10060C70
:10015BC0 83C40C add esp, 0000000C
:10015BC3 8D8DA0FEFFFF lea ecx, dword ptr [ebp+FFFFFEA0]
:10015BC9 8D55E4 lea edx, dword ptr [ebp-1C]
:10015BCC 51 push ecx
:10015BCD 53 push ebx
:10015BCE 52 push edx
:10015BCF E85CBC0400 call 10061830
:10015BD4 83C40C add esp, 0000000C
:10015BD7 8D4DFC lea ecx, dword ptr [ebp-04]
:10015BDA 8D95A0FEFFFF lea edx, dword ptr [ebp+FFFFFEA0]
:10015BE0 51 push ecx
:10015BE1 6A01 push 00000001
:10015BE3 52 push edx
* Reference To: LSAPIW32.VLSmachineIDtoLockCode
|
:10015BE4 E853040000 call 1001603C
:10015BE9 83C40C add esp, 0000000C
:10015BEC 8D55E4 lea edx, dword ptr [ebp-1C]
:10015BEF FF75FC push [ebp-04]
* Possible StringData Ref from Data Obj ->"%lX"
|
:10015BF2 68A0340710 push 100734A0
:10015BF7 52 push edx
:10015BF8 E873B00400 call 10060C70
:10015BFD 83C40C add esp, 0000000C
:10015C00 8D4DE4 lea ecx, dword ptr [ebp-1C]
:10015C03 8D86B4010000 lea eax, dword ptr [esi+000001B4]
:10015C09 51 push ecx
:10015C0A 50 push eax
:10015C0B E8D0B00400 call 10060CE0
:10015C10 83C408 add esp, 00000008
:10015C13 85C0 test eax, eax
:10015C15 747D je 10015C94
:10015C17 83C704 add edi, 00000004
:10015C1A 8D45E4 lea eax, dword ptr [ebp-1C]
:10015C1D 3BF8 cmp edi, eax
:10015C1F 0F8270FFFFFF jb 10015B95
:10015C25 B900010000 mov ecx, 00000100
:10015C2A 394E40 cmp dword ptr [esi+40], ecx
:10015C2D 0F852C010000 jne 10015D5F
:10015C33 8D45F8 lea eax, dword ptr [ebp-08]
:10015C36 8D9568FDFFFF lea edx, dword ptr [ebp+FFFFFD68]
:10015C3C 50 push eax
:10015C3D 52 push edx
:10015C3E 51 push ecx
:10015C3F E820FCFFFF call 10015864
:10015C44 83C40C add esp, 0000000C
:10015C47 85C0 test eax, eax
:10015C49 0F8515010000 jne 10015D64
:10015C4F 8D45FC lea eax, dword ptr [ebp-04]
:10015C52 8D8E6F020000 lea ecx, dword ptr [esi+0000026F]
:10015C58 50 push eax
* Possible StringData Ref from Data Obj ->"%lx"
|
:10015C59 686C340710 push 1007346C
:10015C5E 51 push ecx
:10015C5F E8CCBB0400 call 10061830
:10015C64 83C40C add esp, 0000000C
:10015C67 83F801 cmp eax, 00000001
:10015C6A 0F85EF000000 jne 10015D5F
:10015C70 FF7640 push [esi+40]
:10015C73 FF75FC push [ebp-04]
:10015C76 8D9568FDFFFF lea edx, dword ptr [ebp+FFFFFD68]
:10015C7C 52 push edx
:10015C7D E87AFDFFFF call 100159FC
:10015C82 83C40C add esp, 0000000C
:10015C85 85C0 test eax, eax
:10015C87 0F85D2000000 jne 10015D5F
:10015C8D 33C0 xor eax, eax
:10015C8F E9D0000000 jmp 10015D64
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015C15(C)
|
:10015C94 33C0 xor eax, eax
:10015C96 E9C9000000 jmp 10015D64
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:10015B70(C), :10015B79(C)
|
:10015C9B 8D45F8 lea eax, dword ptr [ebp-08]
:10015C9E 8D9568FDFFFF lea edx, dword ptr [ebp+FFFFFD68]
:10015CA4 50 push eax
:10015CA5 52 push edx
:10015CA6 51 push ecx
:10015CA7 E8B8FBFFFF call 10015864
:10015CAC 83C40C add esp, 0000000C
:10015CAF 85C0 test eax, eax
:10015CB1 0F85AD000000 jne 10015D64
:10015CB7 C745D100000000 mov [ebp-2F], 00000000
:10015CBE 83BEB001000000 cmp dword ptr [esi+000001B0], 00000000
:10015CC5 0F8E94000000 jle 10015D5F
:10015CCB 8D9EB4010000 lea ebx, dword ptr [esi+000001B4]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015D59(C)
|
:10015CD1 8D45FC lea eax, dword ptr [ebp-04]
:10015CD4 50 push eax
* Possible StringData Ref from Data Obj ->"%lx"
|
:10015CD5 686C340710 push 1007346C
:10015CDA 53 push ebx
:10015CDB E850BB0400 call 10061830
:10015CE0 83C40C add esp, 0000000C
:10015CE3 83F801 cmp eax, 00000001
:10015CE6 7518 jne 10015D00
:10015CE8 FF37 push dword ptr [edi]
:10015CEA FF75FC push [ebp-04]
:10015CED 8D9568FDFFFF lea edx, dword ptr [ebp+FFFFFD68]
:10015CF3 52 push edx
:10015CF4 E803FDFFFF call 100159FC
:10015CF9 83C40C add esp, 0000000C
:10015CFC 85C0 test eax, eax
:10015CFE 746B je 10015D6B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015CE6(C)
|
:10015D00 8D45FC lea eax, dword ptr [ebp-04]
:10015D03 8D8BBB000000 lea ecx, dword ptr [ebx+000000BB]
:10015D09 50 push eax
* Possible StringData Ref from Data Obj ->"%lx"
|
:10015D0A 686C340710 push 1007346C
:10015D0F 51 push ecx
:10015D10 E81BBB0400 call 10061830
:10015D15 83C40C add esp, 0000000C
:10015D18 83F801 cmp eax, 00000001
:10015D1B 7519 jne 10015D36
:10015D1D FF772C push [edi+2C]
:10015D20 FF75FC push [ebp-04]
:10015D23 8D9568FDFFFF lea edx, dword ptr [ebp+FFFFFD68]
:10015D29 52 push edx
:10015D2A E8CDFCFFFF call 100159FC
:10015D2F 83C40C add esp, 0000000C
:10015D32 85C0 test eax, eax
:10015D34 7439 je 10015D6F
|
:10015B88 BB6C340710 mov ebx, 1007346C
:10015B8D E87AF0FFFF call 10014C0C
:10015B92 83C408 add esp, 00000008
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015C1F(C)
|
:10015B95 8D85A0FEFFFF lea eax, dword ptr [ebp+FFFFFEA0]
:10015B9B 50 push eax
* Reference To: LSAPIW32.VLSinitMachineID
|
:10015B9C E868040000 call 10016009
:10015BA1 83C404 add esp, 00000004
:10015BA4 8D45E4 lea eax, dword ptr [ebp-1C]
:10015BA7 6A14 push 00000014
:10015BA9 6A00 push 00000000
:10015BAB 50 push eax
:10015BAC E85FB40400 call 10061010
:10015BB1 83C40C add esp, 0000000C
:10015BB4 8D4DE4 lea ecx, dword ptr [ebp-1C]
:10015BB7 FF37 push dword ptr [edi]
:10015BB9 53 push ebx
:10015BBA 51 push ecx
:10015BBB E8B0B00400 call 10060C70
:10015BC0 83C40C add esp, 0000000C
:10015BC3 8D8DA0FEFFFF lea ecx, dword ptr [ebp+FFFFFEA0]
:10015BC9 8D55E4 lea edx, dword ptr [ebp-1C]
:10015BCC 51 push ecx
:10015BCD 53 push ebx
:10015BCE 52 push edx
:10015BCF E85CBC0400 call 10061830
:10015BD4 83C40C add esp, 0000000C
:10015BD7 8D4DFC lea ecx, dword ptr [ebp-04]
:10015BDA 8D95A0FEFFFF lea edx, dword ptr [ebp+FFFFFEA0]
:10015BE0 51 push ecx
:10015BE1 6A01 push 00000001
:10015BE3 52 push edx
* Reference To: LSAPIW32.VLSmachineIDtoLockCode
|
:10015BE4 E853040000 call 1001603C
:10015BE9 83C40C add esp, 0000000C
:10015BEC 8D55E4 lea edx, dword ptr [ebp-1C]
:10015BEF FF75FC push [ebp-04]
* Possible StringData Ref from Data Obj ->"%lX"
|
:10015BF2 68A0340710 push 100734A0
:10015BF7 52 push edx
:10015BF8 E873B00400 call 10060C70
:10015BFD 83C40C add esp, 0000000C
:10015C00 8D4DE4 lea ecx, dword ptr [ebp-1C]
:10015C03 8D86B4010000 lea eax, dword ptr [esi+000001B4]
:10015C09 51 push ecx
:10015C0A 50 push eax
:10015C0B E8D0B00400 call 10060CE0
:10015C10 83C408 add esp, 00000008
:10015C13 85C0 test eax, eax
:10015C15 747D je 10015C94
:10015C17 83C704 add edi, 00000004
:10015C1A 8D45E4 lea eax, dword ptr [ebp-1C]
:10015C1D 3BF8 cmp edi, eax
:10015C1F 0F8270FFFFFF jb 10015B95
:10015C25 B900010000 mov ecx, 00000100
:10015C2A 394E40 cmp dword ptr [esi+40], ecx
:10015C2D 0F852C010000 jne 10015D5F
:10015C33 8D45F8 lea eax, dword ptr [ebp-08]
:10015C36 8D9568FDFFFF lea edx, dword ptr [ebp+FFFFFD68]
:10015C3C 50 push eax
:10015C3D 52 push edx
:10015C3E 51 push ecx
:10015C3F E820FCFFFF call 10015864
:10015C44 83C40C add esp, 0000000C
:10015C47 85C0 test eax, eax
:10015C49 0F8515010000 jne 10015D64
:10015C4F 8D45FC lea eax, dword ptr [ebp-04]
:10015C52 8D8E6F020000 lea ecx, dword ptr [esi+0000026F]
:10015C58 50 push eax
* Possible StringData Ref from Data Obj ->"%lx"
|
:10015C59 686C340710 push 1007346C
:10015C5E 51 push ecx
:10015C5F E8CCBB0400 call 10061830
:10015C64 83C40C add esp, 0000000C
:10015C67 83F801 cmp eax, 00000001
:10015C6A 0F85EF000000 jne 10015D5F
:10015C70 FF7640 push [esi+40]
:10015C73 FF75FC push [ebp-04]
:10015C76 8D9568FDFFFF lea edx, dword ptr [ebp+FFFFFD68]
:10015C7C 52 push edx
:10015C7D E87AFDFFFF call 100159FC
:10015C82 83C40C add esp, 0000000C
:10015C85 85C0 test eax, eax
:10015C87 0F85D2000000 jne 10015D5F
:10015C8D 33C0 xor eax, eax
:10015C8F E9D0000000 jmp 10015D64
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015C15(C)
|
:10015C94 33C0 xor eax, eax
:10015C96 E9C9000000 jmp 10015D64
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:10015B70(C), :10015B79(C)
|
:10015C9B 8D45F8 lea eax, dword ptr [ebp-08]
:10015C9E 8D9568FDFFFF lea edx, dword ptr [ebp+FFFFFD68]
:10015CA4 50 push eax
:10015CA5 52 push edx
:10015CA6 51 push ecx
:10015CA7 E8B8FBFFFF call 10015864
:10015CAC 83C40C add esp, 0000000C
:10015CAF 85C0 test eax, eax
:10015CB1 0F85AD000000 jne 10015D64
:10015CB7 C745D100000000 mov [ebp-2F], 00000000
:10015CBE 83BEB001000000 cmp dword ptr [esi+000001B0], 00000000
:10015CC5 0F8E94000000 jle 10015D5F
:10015CCB 8D9EB4010000 lea ebx, dword ptr [esi+000001B4]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015D59(C)
|
:10015CD1 8D45FC lea eax, dword ptr [ebp-04]
:10015CD4 50 push eax
* Possible StringData Ref from Data Obj ->"%lx"
|
:10015CD5 686C340710 push 1007346C
:10015CDA 53 push ebx
:10015CDB E850BB0400 call 10061830
:10015CE0 83C40C add esp, 0000000C
:10015CE3 83F801 cmp eax, 00000001
:10015CE6 7518 jne 10015D00
:10015CE8 FF37 push dword ptr [edi]
:10015CEA FF75FC push [ebp-04]
:10015CED 8D9568FDFFFF lea edx, dword ptr [ebp+FFFFFD68]
:10015CF3 52 push edx
:10015CF4 E803FDFFFF call 100159FC
:10015CF9 83C40C add esp, 0000000C
:10015CFC 85C0 test eax, eax
:10015CFE 746B je 10015D6B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015CE6(C)
|
:10015D00 8D45FC lea eax, dword ptr [ebp-04]
:10015D03 8D8BBB000000 lea ecx, dword ptr [ebx+000000BB]
:10015D09 50 push eax
* Possible StringData Ref from Data Obj ->"%lx"
|
:10015D0A 686C340710 push 1007346C
:10015D0F 51 push ecx
:10015D10 E81BBB0400 call 10061830
:10015D15 83C40C add esp, 0000000C
:10015D18 83F801 cmp eax, 00000001
:10015D1B 7519 jne 10015D36
:10015D1D FF772C push [edi+2C]
:10015D20 FF75FC push [ebp-04]
:10015D23 8D9568FDFFFF lea edx, dword ptr [ebp+FFFFFD68]
:10015D29 52 push edx
:10015D2A E8CDFCFFFF call 100159FC
:10015D2F 83C40C add esp, 0000000C
:10015D32 85C0 test eax, eax
:10015D34 7439 je 10015D6F
benan 2005-05-25
- 打赏
- 举报
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015A91(C)
|
:10015ACE 6880000810 push 10080080
:10015AD3 8D87D0000000 lea eax, dword ptr [edi+000000D0]
:10015AD9 50 push eax
:10015ADA E821B00400 call 10060B00
:10015ADF 83C408 add esp, 00000008
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
(待续2)
|:10015A88(C), :10015A9E(C), :10015ACC(U)
|
:10015AE2 E847EDFFFF call 1001482E
:10015AE7 85C0 test eax, eax
:10015AE9 740F je 10015AFA
:10015AEB 8B450C mov eax, dword ptr [ebp+0C]
:10015AEE 394744 cmp dword ptr [edi+44], eax
:10015AF1 7426 je 10015B19
:10015AF3 B8FFFFFFFF mov eax, FFFFFFFF
:10015AF8 EB21 jmp 10015B1B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015AE9(C)
|
:10015AFA 8D45FC lea eax, dword ptr [ebp-04]
:10015AFD 50 push eax
:10015AFE 56 push esi
:10015AFF 57 push edi
:10015B00 E85AF9FFFF call 1001545F
:10015B05 83C40C add esp, 0000000C
:10015B08 85C0 test eax, eax
:10015B0A 750F jne 10015B1B
:10015B0C 8B450C mov eax, dword ptr [ebp+0C]
:10015B0F 3945FC cmp dword ptr [ebp-04], eax
:10015B12 B8FFFFFFFF mov eax, FFFFFFFF
:10015B17 7502 jne 10015B1B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015AF1(C)
|
:10015B19 33C0 xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:10015A18(U), :10015AF8(U), :10015B0A(C), :10015B17(C)
|
:10015B1B 5F pop edi
:10015B1C 5E pop esi
:10015B1D 5B pop ebx
:10015B1E 8BE5 mov esp, ebp
:10015B20 5D pop ebp
:10015B21 C3 ret
* Referenced by a CALL at Addresses:
|:100345EC , :1003475D
|
:10015B22 55 push ebp
:10015B23 33C9 xor ecx, ecx
:10015B25 8BEC mov ebp, esp
:10015B27 81EC98020000 sub esp, 00000298
:10015B2D 53 push ebx
:10015B2E 56 push esi
:10015B2F 57 push edi
:10015B30 8B7508 mov esi, dword ptr [ebp+08]
:10015B33 3BF1 cmp esi, ecx
:10015B35 0F8424020000 je 10015D5F
:10015B3B 8D7E14 lea edi, dword ptr [esi+14]
:10015B3E 833F00 cmp dword ptr [edi], 00000000
:10015B41 750D jne 10015B50
:10015B43 837E4000 cmp dword ptr [esi+40], 00000000
:10015B47 7507 jne 10015B50
:10015B49 33C0 xor eax, eax
:10015B4B E914020000 jmp 10015D64
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:10015B41(C), :10015B47(C)
|
:10015B50 8B86B0010000 mov eax, dword ptr [esi+000001B0]
:10015B56 85C0 test eax, eax
:10015B58 7E0F jle 10015B69
:10015B5A 8BD7 mov edx, edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015B67(C)
|
:10015B5C 8B5A2C mov ebx, dword ptr [edx+2C]
:10015B5F 0B1A or ebx, dword ptr [edx]
:10015B61 83C204 add edx, 00000004
:10015B64 0BCB or ecx, ebx
:10015B66 48 dec eax
:10015B67 75F3 jne 10015B5C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015B58(C)
|
:10015B69 83BE5406000004 cmp dword ptr [esi+00000654], 00000004
:10015B70 0F8525010000 jne 10015C9B
:10015B76 833F01 cmp dword ptr [edi], 00000001
:10015B79 0F851C010000 jne 10015C9B
:10015B7F 6A0C push 0000000C
:10015B81 8D45D8 lea eax, dword ptr [ebp-28]
:10015B84 50 push eax
:10015B85 8D7DD8 lea edi, dword ptr [ebp-28]
|:10015A91(C)
|
:10015ACE 6880000810 push 10080080
:10015AD3 8D87D0000000 lea eax, dword ptr [edi+000000D0]
:10015AD9 50 push eax
:10015ADA E821B00400 call 10060B00
:10015ADF 83C408 add esp, 00000008
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
(待续2)
|:10015A88(C), :10015A9E(C), :10015ACC(U)
|
:10015AE2 E847EDFFFF call 1001482E
:10015AE7 85C0 test eax, eax
:10015AE9 740F je 10015AFA
:10015AEB 8B450C mov eax, dword ptr [ebp+0C]
:10015AEE 394744 cmp dword ptr [edi+44], eax
:10015AF1 7426 je 10015B19
:10015AF3 B8FFFFFFFF mov eax, FFFFFFFF
:10015AF8 EB21 jmp 10015B1B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015AE9(C)
|
:10015AFA 8D45FC lea eax, dword ptr [ebp-04]
:10015AFD 50 push eax
:10015AFE 56 push esi
:10015AFF 57 push edi
:10015B00 E85AF9FFFF call 1001545F
:10015B05 83C40C add esp, 0000000C
:10015B08 85C0 test eax, eax
:10015B0A 750F jne 10015B1B
:10015B0C 8B450C mov eax, dword ptr [ebp+0C]
:10015B0F 3945FC cmp dword ptr [ebp-04], eax
:10015B12 B8FFFFFFFF mov eax, FFFFFFFF
:10015B17 7502 jne 10015B1B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015AF1(C)
|
:10015B19 33C0 xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:10015A18(U), :10015AF8(U), :10015B0A(C), :10015B17(C)
|
:10015B1B 5F pop edi
:10015B1C 5E pop esi
:10015B1D 5B pop ebx
:10015B1E 8BE5 mov esp, ebp
:10015B20 5D pop ebp
:10015B21 C3 ret
* Referenced by a CALL at Addresses:
|:100345EC , :1003475D
|
:10015B22 55 push ebp
:10015B23 33C9 xor ecx, ecx
:10015B25 8BEC mov ebp, esp
:10015B27 81EC98020000 sub esp, 00000298
:10015B2D 53 push ebx
:10015B2E 56 push esi
:10015B2F 57 push edi
:10015B30 8B7508 mov esi, dword ptr [ebp+08]
:10015B33 3BF1 cmp esi, ecx
:10015B35 0F8424020000 je 10015D5F
:10015B3B 8D7E14 lea edi, dword ptr [esi+14]
:10015B3E 833F00 cmp dword ptr [edi], 00000000
:10015B41 750D jne 10015B50
:10015B43 837E4000 cmp dword ptr [esi+40], 00000000
:10015B47 7507 jne 10015B50
:10015B49 33C0 xor eax, eax
:10015B4B E914020000 jmp 10015D64
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:10015B41(C), :10015B47(C)
|
:10015B50 8B86B0010000 mov eax, dword ptr [esi+000001B0]
:10015B56 85C0 test eax, eax
:10015B58 7E0F jle 10015B69
:10015B5A 8BD7 mov edx, edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015B67(C)
|
:10015B5C 8B5A2C mov ebx, dword ptr [edx+2C]
:10015B5F 0B1A or ebx, dword ptr [edx]
:10015B61 83C204 add edx, 00000004
:10015B64 0BCB or ecx, ebx
:10015B66 48 dec eax
:10015B67 75F3 jne 10015B5C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10015B58(C)
|
:10015B69 83BE5406000004 cmp dword ptr [esi+00000654], 00000004
:10015B70 0F8525010000 jne 10015C9B
:10015B76 833F01 cmp dword ptr [edi], 00000001
:10015B79 0F851C010000 jne 10015C9B
:10015B7F 6A0C push 0000000C
:10015B81 8D45D8 lea eax, dword ptr [ebp-28]
:10015B84 50 push eax
:10015B85 8D7DD8 lea edi, dword ptr [ebp-28]
