DWORD Code_ofs0,Code_ofs1,SizeLen; __asm
{
mov Code_ofs0,offset Get_Explorer_0
mov Code_ofs1,offset Get_Explorer_4
jmp Get_Explorer_4Get_Explorer_0:
call Get_Explorer_A
Get_Explorer_A:
pop eax
mov ebx,offset Get_Explorer_4
sub ebx,offset Get_Explorer_A
add eax,ebx
push eax
call Get_Explorer_C
ret
Get_Explorer_C:
push ebp
mov ebp,esp
sub esp,18h
push ebx
push esi
mov esi,[ebp+8]
and dword ptr [ebp-4],0
push edi
mov ecx,[esi+4]
mov eax,[esi]
mov [ebp-0Ch],ecx
mov ecx,[esi+8]
mov [ebp-10h],ecx
mov ecx,[esi+0Ch]
mov [ebp+8],ecx
mov ecx,[esi+10h]
mov [ebp-8],ecx
mov ecx,[esi+14h]
lea edi,[esi+18h]
mov [ebp-18h],ecx
push edi
call eax
mov ebx,eax
test ebx,ebx
jz loc_0040109B
mov eax,[ebx+34h]
mov [ebp-14h],eax
call dword ptr [ebx+30h]
loc_00401045:
cmp dword ptr [ebp-4],0
jnz loc_00401061
cmp byte ptr [esi+11Ch],0
lea eax,[esi+11Ch]
jz loc_00401061
push eax
call dword ptr [ebp+8]
mov [ebp-4],eax
loc_00401061:
lea eax,[esi+220h]
push eax
push 0
push 1F0003h
call dword ptr [ebp-0Ch]
test eax,eax
jnz loc_00401080
push 1F4h
call dword ptr [ebp-8]
jmp loc_00401045
loc_00401080:
push eax
call dword ptr [ebp-10h]
call dword ptr [ebp-14h]
push ebx
call dword ptr [ebp-18h]
push edi
call dword ptr [ebp+8]
push 0C8h
call dword ptr [ebp-8]
push edi
call dword ptr [ebp+8]
loc_0040109B:
pop edi
pop esi
pop ebx
leave
ret 4
Get_Explorer_4:
} SizeLen = Code_ofs1 - Code_ofs0;
*CodeSize = SizeLen;
memcpy(aBuf,(void*)Code_ofs0,SizeLen);由于小弟汇编语言能力有限,恳请各位求助上述代码的含义,多谢.
{
mov Code_ofs0,offset Get_Explorer_0
mov Code_ofs1,offset Get_Explorer_4
jmp Get_Explorer_4Get_Explorer_0:
call Get_Explorer_A
Get_Explorer_A:
pop eax
mov ebx,offset Get_Explorer_4
sub ebx,offset Get_Explorer_A
add eax,ebx
push eax
call Get_Explorer_C
ret
Get_Explorer_C:
push ebp
mov ebp,esp
sub esp,18h
push ebx
push esi
mov esi,[ebp+8]
and dword ptr [ebp-4],0
push edi
mov ecx,[esi+4]
mov eax,[esi]
mov [ebp-0Ch],ecx
mov ecx,[esi+8]
mov [ebp-10h],ecx
mov ecx,[esi+0Ch]
mov [ebp+8],ecx
mov ecx,[esi+10h]
mov [ebp-8],ecx
mov ecx,[esi+14h]
lea edi,[esi+18h]
mov [ebp-18h],ecx
push edi
call eax
mov ebx,eax
test ebx,ebx
jz loc_0040109B
mov eax,[ebx+34h]
mov [ebp-14h],eax
call dword ptr [ebx+30h]
loc_00401045:
cmp dword ptr [ebp-4],0
jnz loc_00401061
cmp byte ptr [esi+11Ch],0
lea eax,[esi+11Ch]
jz loc_00401061
push eax
call dword ptr [ebp+8]
mov [ebp-4],eax
loc_00401061:
lea eax,[esi+220h]
push eax
push 0
push 1F0003h
call dword ptr [ebp-0Ch]
test eax,eax
jnz loc_00401080
push 1F4h
call dword ptr [ebp-8]
jmp loc_00401045
loc_00401080:
push eax
call dword ptr [ebp-10h]
call dword ptr [ebp-14h]
push ebx
call dword ptr [ebp-18h]
push edi
call dword ptr [ebp+8]
push 0C8h
call dword ptr [ebp-8]
push edi
call dword ptr [ebp+8]
loc_0040109B:
pop edi
pop esi
pop ebx
leave
ret 4
Get_Explorer_4:
} SizeLen = Code_ofs1 - Code_ofs0;
*CodeSize = SizeLen;
memcpy(aBuf,(void*)Code_ofs0,SizeLen);由于小弟汇编语言能力有限,恳请各位求助上述代码的含义,多谢.
某软件某功能的反汇编代码