PDA

查看完整版本 : 这个软件加了什么壳,用侦壳工具说是C++7.0[Overlay]


kitty
2006-02-18, 16:36:13
这个软件加了什么壳,用侦壳工具说是C++7.0[Overlay] ,但我觉得不是,给点意见
代码如下:
100010DD non> 6A 60 push 60
100010DF 68 D8500010 push noname.100050D8
100010E4 E8 7F0D0000 call noname.10001E68
100010E9 BF 94000000 mov edi,94
100010EE 8BC7 mov eax,edi
100010F0 E8 CB0E0000 call noname.10001FC0
100010F5 8965 E8 mov dword ptr ss:[ebp-18],esp
100010F8 8BF4 mov esi,esp
100010FA 893E mov dword ptr ds:[esi],edi
100010FC 56 push esi
100010FD FF15 24500010 call dword ptr ds:[<&KERNEL32.>; kernel32.GetVersionExA
10001103 8B4E 10 mov ecx,dword ptr ds:[esi+10]
10001106 890D B8720010 mov dword ptr ds:[100072B8],ec>
1000110C 8B46 04 mov eax,dword ptr ds:[esi+4]
1000110F A3 C4720010 mov dword ptr ds:[100072C4],ea>
10001114 8B56 08 mov edx,dword ptr ds:[esi+8]
10001117 8915 C8720010 mov dword ptr ds:[100072C8],ed>
1000111D 8B76 0C mov esi,dword ptr ds:[esi+C]
10001120 81E6 FF7F0000 and esi,7FFF
10001126 8935 BC720010 mov dword ptr ds:[100072BC],es>
1000112C 83F9 02 cmp ecx,2
1000112F 74 0C je short noname.1000113D
10001131 81CE 00800000 or esi,8000
10001137 8935 BC720010 mov dword ptr ds:[100072BC],es>
1000113D C1E0 08 shl eax,8
10001140 03C2 add eax,edx
10001142 A3 C0720010 mov dword ptr ds:[100072C0],ea>
10001147 33F6 xor esi,esi
10001149 56 push esi
1000114A 8B3D 18500010 mov edi,dword ptr ds:[<&KERNEL>; kernel32.GetModuleHandleA
10001150 FFD7 call edi
10001152 66:8138 4D5A cmp word ptr ds:[eax],5A4D
10001157 75 1F jnz short noname.10001178
10001159 8B48 3C mov ecx,dword ptr ds:[eax+3C]
1000115C 03C8 add ecx,eax
1000115E 8139 50450000 cmp dword ptr ds:[ecx],4550
10001164 75 12 jnz short noname.10001178
10001166 0FB741 18 movzx eax,word ptr ds:[ecx+18]
1000116A 3D 0B010000 cmp eax,10B
1000116F 74 1F je short noname.10001190
10001171 3D 0B020000 cmp eax,20B
10001176 74 05 je short noname.1000117D
10001178 8975 E4 mov dword ptr ss:[ebp-1C],esi
1000117B EB 27 jmp short noname.100011A4
1000117D 83B9 84000000 >cmp dword ptr ds:[ecx+84],0E
10001184 ^ 76 F2 jbe short noname.10001178
10001186 33C0 xor eax,eax
10001188 39B1 F8000000 cmp dword ptr ds:[ecx+F8],esi
1000118E EB 0E jmp short noname.1000119E
10001190 8379 74 0E cmp dword ptr ds:[ecx+74],0E
10001194 ^ 76 E2 jbe short noname.10001178
10001196 33C0 xor eax,eax
10001198 39B1 E8000000 cmp dword ptr ds:[ecx+E8],esi
1000119E 0F95C0 setne al
100011A1 8945 E4 mov dword ptr ss:[ebp-1C],eax
100011A4 56 push esi
100011A5 E8 6C0C0000 call noname.10001E16
100011AA 59 pop ecx
100011AB 85C0 test eax,eax
100011AD 75 21 jnz short noname.100011D0
100011AF 833D A8720010 >cmp dword ptr ds:[100072A8],1
100011B6 75 05 jnz short noname.100011BD
100011B8 E8 0E040000 call noname.100015CB
100011BD 6A 1C push 1C
100011BF E8 90020000 call noname.10001454
100011C4 68 FF000000 push 0FF
100011C9 E8 EB000000 call noname.100012B9
100011CE 59 pop ecx
100011CF 59 pop ecx
100011D0 E8 9F0B0000 call noname.10001D74
100011D5 8975 FC mov dword ptr ss:[ebp-4],esi
100011D8 E8 EC090000 call noname.10001BC9
100011DD 85C0 test eax,eax
100011DF 7D 08 jge short noname.100011E9
100011E1 6A 1B push 1B
100011E3 E8 D0FEFFFF call noname.100010B8
100011E8 59 pop ecx
100011E9 FF15 20500010 call dword ptr ds:[<&KERNEL32.>; kernel32.GetCommandLineA
100011EF A3 34780010 mov dword ptr ds:[10007834],ea>
100011F4 E8 AE080000 call noname.10001AA7
100011F9 A3 A0720010 mov dword ptr ds:[100072A0],ea>
100011FE E8 02080000 call noname.10001A05
10001203 85C0 test eax,eax
10001205 7D 08 jge short noname.1000120F
10001207 6A 08 push 8
10001209 E8 AAFEFFFF call noname.100010B8
1000120E 59 pop ecx
1000120F E8 BE050000 call noname.100017D2
10001214 85C0 test eax,eax
10001216 7D 08 jge short noname.10001220
10001218 6A 09 push 9
1000121A E8 99FEFFFF call noname.100010B8
1000121F 59 pop ecx
10001220 6A 01 push 1
10001222 E8 C2000000 call noname.100012E9
10001227 59 pop ecx
10001228 8945 D8 mov dword ptr ss:[ebp-28],eax
1000122B 3BC6 cmp eax,esi
1000122D 74 07 je short noname.10001236
1000122F 50 push eax
10001230 E8 83FEFFFF call noname.100010B8
10001235 59 pop ecx
10001236 8975 BC mov dword ptr ss:[ebp-44],esi
10001239 8D45 90 lea eax,dword ptr ss:[ebp-70]
1000123C 50 push eax
1000123D FF15 1C500010 call dword ptr ds:[<&KERNEL32.>; kernel32.GetStartupInfoA
10001243 E8 2D050000 call noname.10001775
10001248 8945 E0 mov dword ptr ss:[ebp-20],eax
1000124B F645 BC 01 test byte ptr ss:[ebp-44],1
1000124F 74 06 je short noname.10001257
10001251 0FB745 C0 movzx eax,word ptr ss:[ebp-40]
10001255 EB 03 jmp short noname.1000125A
10001257 6A 0A push 0A
10001259 58 pop eax
1000125A 50 push eax
1000125B FF75 E0 push dword ptr ss:[ebp-20]
1000125E 56 push esi
1000125F 56 push esi
10001260 FFD7 call edi
10001262 50 push eax
10001263 E8 98FDFFFF call noname.10001000
10001268 8BF8 mov edi,eax
1000126A 897D D4 mov dword ptr ss:[ebp-2C],edi
1000126D 3975 E4 cmp dword ptr ss:[ebp-1C],esi
10001270 75 06 jnz short noname.10001278
10001272 57 push edi
10001273 E8 9C010000 call noname.10001414
10001278 E8 B9010000 call noname.10001436
1000127D EB 2B jmp short noname.100012AA
1000127F 8B45 EC mov eax,dword ptr ss:[ebp-14]
10001282 8B08 mov ecx,dword ptr ds:[eax]
10001284 8B09 mov ecx,dword ptr ds:[ecx]
10001286 894D DC mov dword ptr ss:[ebp-24],ecx
10001289 50 push eax
1000128A 51 push ecx
1000128B E8 74030000 call noname.10001604
10001290 59 pop ecx
10001291 59 pop ecx
10001292 C3 retn
10001293 8B65 E8 mov esp,dword ptr ss:[ebp-18]
10001296 8B7D DC mov edi,dword ptr ss:[ebp-24]
10001299 837D E4 00 cmp dword ptr ss:[ebp-1C],0
1000129D 75 06 jnz short noname.100012A5
1000129F 57 push edi
100012A0 E8 80010000 call noname.10001425
100012A5 E8 9B010000 call noname.10001445
100012AA 834D FC FF or dword ptr ss:[ebp-4],FFFFFF>
100012AE 8BC7 mov eax,edi
100012B0 8D65 84 lea esp,dword ptr ss:[ebp-7C]
100012B3 E8 EB0B0000 call noname.10001EA3
100012B8 C3 retn
100012B9 68 F4500010 push noname.100050F4 ; ASCII "mscoree.dll"
100012BE FF15 18500010 call dword ptr ds:[<&KERNEL32.>; kernel32.GetModuleHandleA
100012C4 85C0 test eax,eax
100012C6 74 16 je short noname.100012DE
100012C8 68 E4500010 push noname.100050E4 ; ASCII "CorExitProcess"
100012CD 50 push eax
100012CE FF15 2C500010 call dword ptr ds:[<&KERNEL32.>; kernel32.GetProcAddress
100012D4 85C0 test eax,eax
100012D6 74 06 je short noname.100012DE
100012D8 FF7424 04 push dword ptr ss:[esp+4]
100012DC FFD0 call eax
100012DE FF7424 04 push dword ptr ss:[esp+4]
100012E2 FF15 28500010 call dword ptr ds:[<&KERNEL32.>; kernel32.ExitProcess
100012E8 CC int3
100012E9 A1 30780010 mov eax,dword ptr ds:[10007830>
100012EE 85C0 test eax,eax
100012F0 74 07 je short noname.100012F9
100012F2 FF7424 04 push dword ptr ss:[esp+4]
100012F6 FFD0 call eax
100012F8 59 pop ecx
100012F9 56 push esi
100012FA 57 push edi
100012FB B9 0C700010 mov ecx,noname.1000700C
10001300 BF 18700010 mov edi,noname.10007018
10001305 33C0 xor eax,eax
10001307 3BCF cmp ecx,edi
10001309 8BF1 mov esi,ecx
1000130B 73 17 jnb short noname.10001324
1000130D 85C0 test eax,eax
1000130F 75 3F jnz short noname.10001350
10001311 8B0E mov ecx,dword ptr ds:[esi]
10001313 85C9 test ecx,ecx
10001315 74 02 je short noname.10001319
10001317 FFD1 call ecx
10001319 83C6 04 add esi,4
1000131C 3BF7 cmp esi,edi
1000131E ^ 72 ED jb short noname.1000130D
10001320 85C0 test eax,eax
10001322 75 2C jnz short noname.10001350
10001324 68 B81D0010 push noname.10001DB8
10001329 E8 510D0000 call noname.1000207F
1000132E BE 00700010 mov esi,noname.10007000
10001333 8BC6 mov eax,esi
10001335 BF 08700010 mov edi,noname.10007008
1000133A 3BC7 cmp eax,edi
1000133C 59 pop ecx
1000133D 73 0F jnb short noname.1000134E
1000133F 8B06 mov eax,dword ptr ds:[esi]
10001341 85C0 test eax,eax
10001343 74 02 je short noname.10001347
10001345 FFD0 call eax
10001347 83C6 04 add esi,4
1000134A 3BF7 cmp esi,edi
1000134C ^ 72 F1 jb short noname.1000133F
1000134E 33C0 xor eax,eax
10001350 5F pop edi
10001351 5E pop esi
10001352 C3 retn
10001353 55 push ebp
10001354 8BEC mov ebp,esp
10001356 56 push esi
10001357 33F6 xor esi,esi
10001359 46 inc esi
1000135A 3935 F8720010 cmp dword ptr ds:[100072F8],es>
10001360 57 push edi
10001361 75 10 jnz short noname.10001373
10001363 FF75 08 push dword ptr ss:[ebp+8]
10001366 FF15 34500010 call dword ptr ds:[<&KERNEL32.>; kernel32.GetCurrentProcess
1000136C 50 push eax
1000136D FF15 30500010 call dword ptr ds:[<&KERNEL32.>; kernel32.TerminateProcess
10001373 837D 0C 00 cmp dword ptr ss:[ebp+C],0
10001377 8A45 10 mov al,byte ptr ss:[ebp+10]
1000137A 8935 F4720010 mov dword ptr ds:[100072F4],es>
10001380 A2 F0720010 mov byte ptr ds:[100072F0],al
10001385 75 52 jnz short noname.100013D9
10001387 8B0D 28780010 mov ecx,dword ptr ds:[10007828>
1000138D 85C9 test ecx,ecx
1000138F 74 29 je short noname.100013BA
10001391 A1 24780010 mov eax,dword ptr ds:[10007824>
10001396 83E8 04 sub eax,4
10001399 3BC1 cmp eax,ecx
1000139B EB 16 jmp short noname.100013B3
1000139D 8B00 mov eax,dword ptr ds:[eax]
1000139F 85C0 test eax,eax
100013A1 74 02 je short noname.100013A5
100013A3 FFD0 call eax
100013A5 A1 24780010 mov eax,dword ptr ds:[10007824>
100013AA 83E8 04 sub eax,4
100013AD 3B05 28780010 cmp eax,dword ptr ds:[10007828>
100013B3 A3 24780010 mov dword ptr ds:[10007824],ea>
100013B8 ^ 73 E3 jnb short noname.1000139D
100013BA B8 1C700010 mov eax,noname.1000701C
100013BF BE 20700010 mov esi,noname.10007020
100013C4 3BC6 cmp eax,esi
100013C6 8BF8 mov edi,eax
100013C8 73 0F jnb short noname.100013D9
100013CA 8B07 mov eax,dword ptr ds:[edi]
100013CC 85C0 test eax,eax
100013CE 74 02 je short noname.100013D2
100013D0 FFD0 call eax
100013D2 83C7 04 add edi,4
100013D5 3BFE cmp edi,esi
100013D7 ^ 72 F1 jb short noname.100013CA
100013D9 B8 24700010 mov eax,noname.10007024
100013DE BE 28700010 mov esi,noname.10007028
100013E3 3BC6 cmp eax,esi
100013E5 8BF8 mov edi,eax
100013E7 73 0F jnb short noname.100013F8
100013E9 8B07 mov eax,dword ptr ds:[edi]
100013EB 85C0 test eax,eax
100013ED 74 02 je short noname.100013F1
100013EF FFD0 call eax
100013F1 83C7 04 add edi,4
100013F4 3BFE cmp edi,esi
100013F6 ^ 72 F1 jb short noname.100013E9
100013F8 837D 10 00 cmp dword ptr ss:[ebp+10],0
100013FC 5F pop edi
100013FD 5E pop esi
100013FE 75 12 jnz short noname.10001412
10001400 FF75 08 push dword ptr ss:[ebp+8]
10001403 C705 F8720010 >mov dword ptr ds:[100072F8],1
1000140D E8 A7FEFFFF call noname.100012B9
10001412 5D pop ebp
10001413 C3 retn
10001414 6A 00 push 0
10001416 6A 00 push 0
10001418 FF7424 0C push dword ptr ss:[esp+C]
1000141C E8 32FFFFFF call noname.10001353
10001421 83C4 0C add esp,0C
10001424 C3 retn
10001425 6A 00 push 0
10001427 6A 01 push 1
10001429 FF7424 0C push dword ptr ss:[esp+C]
1000142D E8 21FFFFFF call noname.10001353
10001432 83C4 0C add esp,0C
10001435 C3 retn
10001436 6A 01 push 1
10001438 6A 00 push 0
1000143A 6A 00 push 0
1000143C E8 12FFFFFF call noname.10001353
10001441 83C4 0C add esp,0C
10001444 C3 retn
10001445 6A 01 push 1
10001447 6A 01 push 1
10001449 6A 00 push 0
1000144B E8 03FFFFFF call noname.10001353
10001450 83C4 0C add esp,0C
10001453 C3 retn

kitty
2006-02-18, 21:03:18
发觉有对pbvm100.dll的调用,还有对很多pb开头的代码调用,我想它是pb程序,跟了一下,有下面代码,用pbkiller不能反编译,我现在要找找这里的pb教程,有好提议或教程,各位请指点一下.
11227600 PBV> 55 push ebp
11227601 8BEC mov ebp,esp
11227603 83EC 1C sub esp,1C
11227606 8B45 08 mov eax,dword ptr ss:[ebp+8]
11227609 50 push eax
1122760A E8 2170FCFF call PBVM100.FN_MinimumVersion
1122760F 85C0 test eax,eax
11227611 75 04 jnz short PBVM100.11227617
11227613 33C0 xor eax,eax
11227615 EB 43 jmp short PBVM100.1122765A
11227617 C745 FC 607>mov dword ptr ss:[ebp-4],PBVM100.FN_RunEx>
1122761E 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
11227621 894D E4 mov dword ptr ss:[ebp-1C],ecx
11227624 8B55 0C mov edx,dword ptr ss:[ebp+C]
11227627 8955 E8 mov dword ptr ss:[ebp-18],edx
1122762A 8B45 10 mov eax,dword ptr ss:[ebp+10]
1122762D 8945 EC mov dword ptr ss:[ebp-14],eax
11227630 8B4D 14 mov ecx,dword ptr ss:[ebp+14]
11227633 894D F0 mov dword ptr ss:[ebp-10],ecx
11227636 8B55 18 mov edx,dword ptr ss:[ebp+18]
11227639 8955 F4 mov dword ptr ss:[ebp-C],edx
1122763C 8B45 1C mov eax,dword ptr ss:[ebp+1C]
1122763F 8945 F8 mov dword ptr ss:[ebp-8],eax
11227642 837D 1C 00 cmp dword ptr ss:[ebp+1C],0
11227646 74 0B je short PBVM100.11227653
11227648 8D4D E4 lea ecx,dword ptr ss:[ebp-1C]
1122764B 51 push ecx
1122764C E8 0F000000 call PBVM100.FN_RunExecutableEx
11227651 EB 07 jmp short PBVM100.1122765A
11227653 8D55 E4 lea edx,dword ptr ss:[ebp-1C]
11227656 52 push edx
11227657 FF55 FC call dword ptr ss:[ebp-4]
1122765A 8BE5 mov esp,ebp
1122765C 5D pop ebp
1122765D C2 1800 retn 18
11227660 PBV> 55 push ebp
11227661 8BEC mov ebp,esp
11227663 83EC 58 sub esp,58
11227666 56 push esi
11227667 57 push edi
11227668 8B45 08 mov eax,dword ptr ss:[ebp+8]
1122766B 8B08 mov ecx,dword ptr ds:[eax]
1122766D 894D E8 mov dword ptr ss:[ebp-18],ecx
11227670 8B55 08 mov edx,dword ptr ss:[ebp+8]
11227673 8B42 04 mov eax,dword ptr ds:[edx+4]
11227676 8945 DC mov dword ptr ss:[ebp-24],eax
11227679 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
1122767C 8B51 08 mov edx,dword ptr ds:[ecx+8]
1122767F 8955 C0 mov dword ptr ss:[ebp-40],edx
11227682 8B45 08 mov eax,dword ptr ss:[ebp+8]
11227685 8B48 0C mov ecx,dword ptr ds:[eax+C]
11227688 894D EC mov dword ptr ss:[ebp-14],ecx
1122768B 8B55 08 mov edx,dword ptr ss:[ebp+8]
1122768E 8B42 10 mov eax,dword ptr ds:[edx+10]
11227691 8945 F4 mov dword ptr ss:[ebp-C],eax
11227694 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
11227697 8B51 14 mov edx,dword ptr ds:[ecx+14]
1122769A 8955 CC mov dword ptr ss:[ebp-34],edx
1122769D C745 D0 600>mov dword ptr ss:[ebp-30],60
112276A4 6A 00 push 0
112276A6 E8 355B1A00 call <jmp.&PBSHR100.#3_pbstg_begin>
112276AB 8945 D4 mov dword ptr ss:[ebp-2C],eax
112276AE 837D D4 00 cmp dword ptr ss:[ebp-2C],0
112276B2 74 15 je short PBVM100.112276C9
112276B4 8B45 D4 mov eax,dword ptr ss:[ebp-2C]
112276B7 C740 0C 641>mov dword ptr ds:[eax+C],PBVM100.113F1E64 ; UNICODE "Executable RTE/RTF"
112276BE 8B4D D4 mov ecx,dword ptr ss:[ebp-2C]
112276C1 8B51 0C mov edx,dword ptr ds:[ecx+C]
112276C4 8955 A8 mov dword ptr ss:[ebp-58],edx
112276C7 EB 07 jmp short PBVM100.112276D0
112276C9 C745 A8 000>mov dword ptr ss:[ebp-58],0
112276D0 8B45 D4 mov eax,dword ptr ss:[ebp-2C]
112276D3 50 push eax
112276D4 E8 D75A1A00 call <jmp.&PBSHR100.#179_sh_dbg_init>
112276D9 8945 F8 mov dword ptr ss:[ebp-8],eax
112276DC 6A 00 push 0
112276DE 68 04010000 push 104
112276E3 8B4D D4 mov ecx,dword ptr ss:[ebp-2C]
112276E6 51 push ecx
112276E7 E8 30551A00 call <jmp.&PBSHR100.#5_pbstg_alc>
112276EC 8945 B4 mov dword ptr ss:[ebp-4C],eax
112276EF 68 04010000 push 104
112276F4 8B55 B4 mov edx,dword ptr ss:[ebp-4C]
112276F7 52 push edx
112276F8 8B45 E8 mov eax,dword ptr ss:[ebp-18]
112276FB 50 push eax
112276FC FF15 F4913E>call dword ptr ds:[<&KERNEL32.GetModuleFi>; kernel32.GetModuleFileNameW
11227702 6A 00 push 0
11227704 8B4D C0 mov ecx,dword ptr ss:[ebp-40]
11227707 51 push ecx
11227708 8B55 D4 mov edx,dword ptr ss:[ebp-2C]
1122770B 52 push edx
1122770C E8 8F551A00 call <jmp.&PBSHR100.#37_pbstg_strdup>
11227711 8945 F0 mov dword ptr ss:[ebp-10],eax
11227714 8B45 F0 mov eax,dword ptr ss:[ebp-10]
11227717 50 push eax
11227718 FF15 C4933E>call dword ptr ds:[<&MSVCR71._wcsupr>] ; MSVCR71._wcsupr
1122771E 83C4 04 add esp,4
11227721 C745 C8 000>mov dword ptr ss:[ebp-38],0
11227728 C745 BC 000>mov dword ptr ss:[ebp-44],0
1122772F 8B4D F0 mov ecx,dword ptr ss:[ebp-10]
11227732 894D B0 mov dword ptr ss:[ebp-50],ecx
11227735 EB 09 jmp short PBVM100.11227740
11227737 8B55 B0 mov edx,dword ptr ss:[ebp-50]
1122773A 83C2 02 add edx,2
1122773D 8955 B0 mov dword ptr ss:[ebp-50],edx
11227740 8B45 B0 mov eax,dword ptr ss:[ebp-50]
11227743 0FB708 movzx ecx,word ptr ds:[eax]
11227746 85C9 test ecx,ecx
11227748 0F84 DA0000>je PBVM100.11227828
1122774E B9 02000000 mov ecx,2
11227753 BF 8C1E3F11 mov edi,PBVM100.113F1E8C ; UNICODE "/PBDEBUG"
11227758 8B75 B0 mov esi,dword ptr ss:[ebp-50]
1122775B 33D2 xor edx,edx
1122775D F3:A7 repe cmps dword ptr es:[edi],dword ptr ds>
1122775F 74 13 je short PBVM100.11227774
11227761 B9 02000000 mov ecx,2
11227766 BF A01E3F11 mov edi,PBVM100.113F1EA0 ; UNICODE "-PBDEBUG"
1122776B 8B75 B0 mov esi,dword ptr ss:[ebp-50]
1122776E 33C0 xor eax,eax
11227770 F3:A7 repe cmps dword ptr es:[edi],dword ptr ds>
11227772 75 1F jnz short PBVM100.11227793
11227774 8B4D B0 mov ecx,dword ptr ss:[ebp-50]
11227777 8B15 B41E3F>mov edx,dword ptr ds:[113F1EB4]
1122777D 8911 mov dword ptr ds:[ecx],edx
1122777F A1 B81E3F11 mov eax,dword ptr ds:[113F1EB8]
11227784 8941 04 mov dword ptr ds:[ecx+4],eax
11227787 C745 C8 010>mov dword ptr ss:[ebp-38],1
1122778E E9 95000000 jmp PBVM100.11227828
11227793 B9 07000000 mov ecx,7
11227798 BF C81E3F11 mov edi,PBVM100.113F1EC8 ; UNICODE "/DEBUG="
1122779D 8B75 B0 mov esi,dword ptr ss:[ebp-50]
112277A0 33D2 xor edx,edx
112277A2 F3:A6 repe cmps byte ptr es:[edi],byte ptr ds:[>
112277A4 74 13 je short PBVM100.112277B9
112277A6 B9 07000000 mov ecx,7
112277AB BF D81E3F11 mov edi,PBVM100.113F1ED8 ; UNICODE "-DEBUG="
112277B0 8B75 B0 mov esi,dword ptr ss:[ebp-50]
112277B3 33C0 xor eax,eax
112277B5 F3:A6 repe cmps byte ptr es:[edi],byte ptr ds:[>
112277B7 75 6A jnz short PBVM100.11227823
112277B9 8B4D B0 mov ecx,dword ptr ss:[ebp-50]
112277BC 8B15 E81E3F>mov edx,dword ptr ds:[113F1EE8]
112277C2 8911 mov dword ptr ds:[ecx],edx
112277C4 66:A1 EC1E3>mov ax,word ptr ds:[113F1EEC]
112277CA 66:8941 04 mov word ptr ds:[ecx+4],ax
112277CE 8A15 EE1E3F>mov dl,byte ptr ds:[113F1EEE]
112277D4 8851 06 mov byte ptr ds:[ecx+6],dl
112277D7 8B45 B0 mov eax,dword ptr ss:[ebp-50]
112277DA 83C0 0E add eax,0E
112277DD 8945 B0 mov dword ptr ss:[ebp-50],eax
112277E0 C745 C8 010>mov dword ptr ss:[ebp-38],1
112277E7 8B4D B0 mov ecx,dword ptr ss:[ebp-50]
112277EA 0FB711 movzx edx,word ptr ds:[ecx]
112277ED 83FA 30 cmp edx,30
112277F0 7C 31 jl short PBVM100.11227823
112277F2 8B45 B0 mov eax,dword ptr ss:[ebp-50]
112277F5 0FB708 movzx ecx,word ptr ds:[eax]
112277F8 83F9 39 cmp ecx,39
112277FB 7F 26 jg short PBVM100.11227823
112277FD 8B55 BC mov edx,dword ptr ss:[ebp-44]
11227800 6BD2 0A imul edx,edx,0A
11227803 8B45 B0 mov eax,dword ptr ss:[ebp-50]
11227806 0FB708 movzx ecx,word ptr ds:[eax]
11227809 8D540A D0 lea edx,dword ptr ds:[edx+ecx-30]
1122780D 8955 BC mov dword ptr ss:[ebp-44],edx
11227810 8B45 B0 mov eax,dword ptr ss:[ebp-50]
11227813 66:C700 200>mov word ptr ds:[eax],20
11227818 8B4D B0 mov ecx,dword ptr ss:[ebp-50]
1122781B 83C1 02 add ecx,2
1122781E 894D B0 mov dword ptr ss:[ebp-50],ecx
11227821 ^ EB C4 jmp short PBVM100.112277E7
11227823 ^ E9 0FFFFFFF jmp PBVM100.11227737
11227828 837D C8 00 cmp dword ptr ss:[ebp-38],0
1122782C 74 66 je short PBVM100.11227894
1122782E 8B55 B4 mov edx,dword ptr ss:[ebp-4C]
11227831 52 push edx
11227832 6A 00 push 0
11227834 8B45 D4 mov eax,dword ptr ss:[ebp-2C]
11227837 50 push eax
11227838 E8 9D591A00 call <jmp.&PBSHR100.#120_osPathCreate>
1122783D 8945 E4 mov dword ptr ss:[ebp-1C],eax
11227840 68 F81E3F11 push PBVM100.113F1EF8 ; UNICODE "dbg"

kitty
2006-02-21, 19:34:39
有高手就给点意见

aki
2006-02-21, 21:23:30
你从哪觉得不是vc7.0?俺怎么就没看出来