* Possible StringData Ref from Data Obj ->"WindowsApp"
|
:004012CA B810404000 mov eax, 00404010
:004012CF 898D50FFFFFF mov dword ptr [ebp+FFFFFF50], ecx
:004012D5 BA08000000 mov edx, 00000008
:004012DA B930000000 mov ecx, 00000030
:004012DF 89954CFFFFFF mov dword ptr [ebp+FFFFFF4C], edx
:004012E5 898D48FFFFFF mov dword ptr [ebp+FFFFFF48], ecx
:004012EB 899D5CFFFFFF mov dword ptr [ebp+FFFFFF5C], ebx
:004012F1 898570FFFFFF mov dword ptr [ebp+FFFFFF70], eax
:004012F7 C7442404007F0000 mov [esp+04], 00007F00
:004012FF C7042400000000 mov dword ptr [esp], 00000000
* Reference To: USER32.LoadIconA, Ord:0195h
|
:00401306 E8A5230000 Call 004036B0
:0040130B 898560FFFFFF mov dword ptr [ebp+FFFFFF60], eax
:00401311 83EC08 sub esp, 00000008
:00401314 C7442404007F0000 mov [esp+04], 00007F00
:0040131C C7042400000000 mov dword ptr [esp], 00000000
* Reference To: USER32.LoadIconA, Ord:0195h
|
:00401323 E888230000 Call 004036B0
:00401328 898574FFFFFF mov dword ptr [ebp+FFFFFF74], eax
:0040132E 83EC08 sub esp, 00000008
:00401331 C7442404007F0000 mov [esp+04], 00007F00
:00401339 C7042400000000 mov dword ptr [esp], 00000000
* Reference To: USER32.LoadCursorA, Ord:0191h
|
:00401340 E87B230000 Call 004036C0
:00401345 898564FFFFFF mov dword ptr [ebp+FFFFFF64], eax
:0040134B 31D2 xor edx, edx
:0040134D 83EC08 sub esp, 00000008
:00401350 89956CFFFFFF mov dword ptr [ebp+FFFFFF6C], edx
:00401356 31C9 xor ecx, ecx
:00401358 B801000000 mov eax, 00000001
:0040135D 898D54FFFFFF mov dword ptr [ebp+FFFFFF54], ecx
:00401363 31D2 xor edx, edx
:00401365 899558FFFFFF mov dword ptr [ebp+FFFFFF58], edx
:0040136B 8D9548FFFFFF lea edx, dword ptr [ebp+FFFFFF48]
:00401371 891424 mov dword ptr [esp], edx
:00401374 898568FFFFFF mov dword ptr [ebp+FFFFFF68], eax
* Reference To: USER32.RegisterClassExA, Ord:01D7h
|
:0040137A E851230000 Call 004036D0
:0040137F 83EC04 sub esp, 00000004
:00401382 31D2 xor edx, edx
:00401384 6685C0 test ax, ax
:00401387 7509 jne 00401392
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401435(C), :004014DF(U), :004014F2(C), :00401637(U), :00401658(U)
|
:00401389 8B5DFC mov ebx, dword ptr [ebp-04]
:0040138C 89D0 mov eax, edx
:0040138E C9 leave
:0040138F C21000 ret 0010
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401387(C)
|
:00401392 895C2428 mov dword ptr [esp+28], ebx
:00401396 C744242C00000000 mov [esp+2C], 00000000
:0040139E C744242400000000 mov [esp+24], 00000000
:004013A6 C7442420FDFFFFFF mov [esp+20], FFFFFFFD
:004013AE C744241C77010000 mov [esp+1C], 00000177
:004013B6 C744241820020000 mov [esp+18], 00000220
:004013BE C744241400000080 mov [esp+14], 80000000
:004013C6 C744241000000080 mov [esp+10], 80000000
:004013CE C744240C0000CF00 mov [esp+0C], 00CF0000
:004013D6 C744240890124000 mov [esp+08], 00401290
* Possible StringData Ref from Data Obj ->"WindowsApp"
|
:004013DE C744240410404000 mov [esp+04], 00404010
:004013E6 C7042400000000 mov dword ptr [esp], 00000000
* Reference To: USER32.CreateWindowExA, Ord:0059h
|
:004013ED E8EE220000 Call 004036E0
:004013F2 A320504000 mov dword ptr [00405020], eax
:004013F7 83EC30 sub esp, 00000030
:004013FA E881020000 call 00401680
:004013FF 8B5D10 mov ebx, dword ptr [ebp+10]
:00401402 891C24 mov dword ptr [esp], ebx
:00401405 E896030000 call 004017A0
* Possible StringData Ref from Code Obj ->"j_33_d23d_ds3"
|
:0040140A C74424089E124000 mov [esp+08], 0040129E
:00401412 C744240401000000 mov [esp+04], 00000001
:0040141A C7042400000000 mov dword ptr [esp], 00000000
* Reference To: KERNEL32.CreateMutexA, Ord:004Fh
|
:00401421 E85A230000 Call 00403780
:00401426 83EC0C sub esp, 0000000C
* Reference To: KERNEL32.GetLastError, Ord:0143h
|
:00401429 E862230000 Call 00403790
:0040142E 31D2 xor edx, edx
:00401430 3DB7000000 cmp eax, 000000B7
:00401435 0F844EFFFFFF je 00401389
:0040143B C744240450514000 mov [esp+04], 00405150
:00401443 C7042460524000 mov dword ptr [esp], 00405260
* Reference To: msvcrt.strcmp, Ord:0299h
|
:0040144A E811220000 Call 00403660
:0040144F 85C0 test eax, eax
:00401451 0F848D000000 je 004014E4
:00401457 C744240801000000 mov [esp+08], 00000001
:0040145F 8D5DA8 lea ebx, dword ptr [ebp-58]
:00401462 C744240480544000 mov [esp+04], 00405480
:0040146A C7042470534000 mov dword ptr [esp], 00405370
* Reference To: KERNEL32.CopyFileA, Ord:0035h
|
:00401471 E82A230000 Call 004037A0
:00401476 83EC0C sub esp, 0000000C
:00401479 891C24 mov dword ptr [esp], ebx
* Reference To: KERNEL32.GetStartupInfoA, Ord:0180h
|
:0040147C E82F230000 Call 004037B0
:00401481 C745A844000000 mov [ebp-58], 00000044
:00401488 83EC04 sub esp, 00000004
:0040148B 8D4D98 lea ecx, dword ptr [ebp-68]
:0040148E 894C2424 mov dword ptr [esp+24], ecx
:00401492 895C2420 mov dword ptr [esp+20], ebx
:00401496 C744241C50514000 mov [esp+1C], 00405150
:0040149E C744241800000000 mov [esp+18], 00000000
:004014A6 C744241400000000 mov [esp+14], 00000000
:004014AE C744241000000000 mov [esp+10], 00000000
:004014B6 C744240C00000000 mov [esp+0C], 00000000
:004014BE C744240800000000 mov [esp+08], 00000000
:004014C6 C744240400000000 mov [esp+04], 00000000
:004014CE C7042480544000 mov dword ptr [esp], 00405480
* Reference To: KERNEL32.CreateProcessA, Ord:0054h
|
:004014D5 E8E6220000 Call 004037C0
:004014DA 83EC28 sub esp, 00000028
:004014DD 31D2 xor edx, edx
:004014DF E9A5FEFFFF jmp 00401389
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401451(C)
|
:004014E4 E877150000 call 00402A60
:004014E9 85C0 test eax, eax
:004014EB 89C3 mov ebx, eax
:004014ED BAFFFFFFFF mov edx, FFFFFFFF
:004014F2 0F8491FEFFFF je 00401389
:004014F8 C744241400000000 mov [esp+14], 00000000
:00401500 C744241000000000 mov [esp+10], 00000000
:00401508 8944240C mov dword ptr [esp+0C], eax
* Possible StringData Ref from Code Obj ->"U夊S冹�媇�嵍"
|
:0040150C C7442408502F4000 mov [esp+08], 00402F50
:00401514 C744240400000000 mov [esp+04], 00000000
:0040151C C7042400000000 mov dword ptr [esp], 00000000
* Reference To: KERNEL32.CreateThread, Ord:005Ah
|
:00401523 E8A8220000 Call 004037D0
:00401528 83EC18 sub esp, 00000018
:0040152B 85C0 test eax, eax
:0040152D 0F8415010000 je 00401648
:00401533 C744240C00000000 mov [esp+0C], 00000000
:0040153B 8B1520504000 mov edx, dword ptr [00405020]
:00401541 C744240810270000 mov [esp+08], 00002710
:00401549 C744240464040000 mov [esp+04], 00000464
:00401551 891424 mov dword ptr [esp], edx
* Reference To: USER32.SetTimer, Ord:0228h
|
:00401554 E897210000 Call 004036F0
:00401559 8B0D20504000 mov ecx, dword ptr [00405020]
:0040155F 83EC10 sub esp, 00000010
:00401562 C744240C00000000 mov [esp+0C], 00000000
:0040156A C7442408E8030000 mov [esp+08], 000003E8
:00401572 890C24 mov dword ptr [esp], ecx
:00401575 C744240465040000 mov [esp+04], 00000465
* Reference To: USER32.SetTimer, Ord:0228h
|
:0040157D E86E210000 Call 004036F0
:00401582 8B1D20504000 mov ebx, dword ptr [00405020]
:00401588 83EC10 sub esp, 00000010
:0040158B C744240C00000000 mov [esp+0C], 00000000
:00401593 C744240860EA0000 mov [esp+08], 0000EA60
:0040159B 891C24 mov dword ptr [esp], ebx
:0040159E 8D9D78FFFFFF lea ebx, dword ptr [ebp+FFFFFF78]
:004015A4 C744240466040000 mov [esp+04], 00000466
* Reference To: USER32.SetTimer, Ord:0228h
|
:004015AC E83F210000 Call 004036F0
:004015B1 8B1520504000 mov edx, dword ptr [00405020]
:004015B7 83EC10 sub esp, 00000010
:004015BA C744240C00000000 mov [esp+0C], 00000000
:004015C2 C7442408401F0000 mov [esp+08], 00001F40
:004015CA C744240467040000 mov [esp+04], 00000467
:004015D2 891424 mov dword ptr [esp], edx
* Reference To: USER32.SetTimer, Ord:0228h
|
:004015D5 E816210000 Call 004036F0
:004015DA 83EC10 sub esp, 00000010
:004015DD 8D7600 lea esi, dword ptr [esi+00]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401626(U)
|
:004015E0 C744240C00000000 mov [esp+0C], 00000000
:004015E8 C744240800000000 mov [esp+08], 00000000
:004015F0 C744240400000000 mov [esp+04], 00000000
:004015F8 891C24 mov dword ptr [esp], ebx
* Reference To: USER32.GetMessageA, Ord:0124h
|
:004015FB E800210000 Call 00403700
:00401600 83EC10 sub esp, 00000010
:00401603 85C0 test eax, eax
:00401605 7435 je 0040163C
:00401607 A130504000 mov eax, dword ptr [00405030]
:0040160C 85C0 test eax, eax
:0040160E 7518 jne 00401628
:00401610 891C24 mov dword ptr [esp], ebx
* Reference To: USER32.TranslateMessage, Ord:0255h
|
:00401613 E8F8200000 Call 00403710
:00401618 83EC04 sub esp, 00000004
:0040161B 891C24 mov dword ptr [esp], ebx
* Reference To: USER32.DispatchMessageA, Ord:0094h
|
:0040161E E8FD200000 Call 00403720
:00401623 83EC04 sub esp, 00000004
:00401626 EBB8 jmp 004015E0
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040160E(C), :00401646(U)
|
:00401628 C7042401000000 mov dword ptr [esp], 00000001
:0040162F E83C090000 call 00401F70
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401644(C)
|
:00401634 8B5580 mov edx, dword ptr [ebp-80]
:00401637 E94DFDFFFF jmp 00401389
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401605(C)
|
:0040163C 8B1D30504000 mov ebx, dword ptr [00405030]
:00401642 85DB test ebx, ebx
:00401644 74EE je 00401634
:00401646 EBE0 jmp 00401628
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040152D(C)
|
:00401648 891C24 mov dword ptr [esp], ebx
* Reference To: KERNEL32.CloseHandle, Ord:0026h
|
:0040164B E890210000 Call 004037E0
:00401650 83EC04 sub esp, 00000004
:00401653 BAFFFFFFFF mov edx, FFFFFFFF
:00401658 E92CFDFFFF jmp 00401389
:0040165D 5C pop esp
:0040165E 736F jnb 004016CF
:00401660 756E jne 004016D0
:00401662 64 BYTE 064h |
发表于 2007-1-13 20:54:29
楼主