|
2004/06/24(木)
...
|
|
|
わかんなくなってきた。全体の構造がさっぱりぽんぽん
1011CD46
Showぱらめた(画面左)
ESI=0x17FB3D0
newESI(decryptルーチンにて)=ESI+54=0x17FB424
EAX=[ESI+4]=898B0C0
[ESI+8]=0x8F // key
[EAX]=8F87608F
8F87608F^0x8F8F8F8F=0x0008EF00
1011CCE0 81EC 20010000 SUB ESP,120
1011CCE6 57 PUSH EDI
1011CCE7 8BF9 MOV EDI,ECX
1011CCE9 8A87 8C020000 MOV AL,BYTE PTR DS:[EDI+28C]
1011CCEF 84C0 TEST AL,AL
1011CCF1 0F84 CF010000 JE Inphas_1.1011CEC6
1011CCF7 8B8F 28020000 MOV ECX,DWORD PTR DS:[EDI+228]
1011CCFD 8B01 MOV EAX,DWORD PTR DS:[ECX]
1011CCFF FF50 18 CALL DWORD PTR DS:[EAX+18]
1011CD02 A1 987E2110 MOV EAX,DWORD PTR DS:[10217E98]
1011CD07 85C0 TEST EAX,EAX
1011CD09 74 14 JE SHORT Inphas_1.1011CD1F
1011CD0B 8A88 BCC30000 MOV CL,BYTE PTR DS:[EAX+C3BC]
1011CD11 84C9 TEST CL,CL
1011CD13 74 0A JE SHORT Inphas_1.1011CD1F
1011CD15 8B80 68C30000 MOV EAX,DWORD PTR DS:[EAX+C368]
1011CD1B 85C0 TEST EAX,EAX
1011CD1D 75 0A JNZ SHORT Inphas_1.1011CD29
1011CD1F 32C0 XOR AL,AL
1011CD21 5F POP EDI
1011CD22 81C4 20010000 ADD ESP,120
1011CD28 C3 RETN
1011CD29 8B48 74 MOV ECX,DWORD PTR DS:[EAX+74]
1011CD2C 56 PUSH ESI
1011CD2D 8B71 20 MOV ESI,DWORD PTR DS:[ECX+20]
1011CD30 8D4E 6C LEA ECX,DWORD PTR DS:[ESI+6C]
1011CD33 E8 E6BAEEFF CALL Inphas_1.1000881E
1011CD38 50 PUSH EAX
1011CD39 8D4E 54 LEA ECX,DWORD PTR DS:[ESI+54]
1011CD3C E8 DDBAEEFF CALL Inphas_1.1000881E
1011CD41 50 PUSH EAX
1011CD42 8D5424 30 LEA EDX,DWORD PTR SS:[ESP+30]
1011CD46 68 982A2010 PUSH Inphas_1.10202A98 ; ASCII "%u/%u"
|
|
|
前の月