PE 快餐车续集
本帖最后由 whypro 于 2010-5-23 22:00 编辑前面有火把的贴就是一个系列的。
00401847|.FF35 80114000 push dword ptr ds:
0040184D|.FF35 64114000 push dword ptr ds:
00401853|.E8 68050000 call yC.00401DC0
00401858|.50 push eax ; /Arg2
00401859|.FF35 64114000 push dword ptr ds: ; |Arg1 = 00199DA0
0040185F|.E8 65040000 call yC.00401CC9 ; \yC.00401CC9
00401864|.0BC0 or eax,eax
00401866|.75 1B jnz short yC.00401883
00401868|.FF35 64114000 push dword ptr ds: ; /hMem = 00199DA0
0040186E|.E8 FD120000 call <jmp.&KERNEL32.GlobalFree> ; \GlobalFree
00401873|.FF35 84114000 push dword ptr ds: ; /hObject = 0000020C (window)
00401879|.E8 C8120000 call <jmp.&KERNEL32.CloseHandle> ; \CloseHandle
0040187E|.E9 3D020000 jmp yC.00401AC0
未完待续! 继续占位学习,因是续集,就不加分了哈,/:018
页:
[1]