|
发表于 2023-12-3 22:02:27
|
查看: 1508 |
回复: 0
68??0000005668FC030000FF?? //明文包CALL 喊话CALL
$-122 0 | 33C0 | xor eax, eax |
$-120 0 | 8DBC24 B0000000 | lea edi, dword ptr ss:[esp+B0] |
$-119 0 | 68 280AEE00 | push qqsg.EE0A28 | EE0A28:"/C25消息内容有误,请确认后再输入."
$-114 0 | F3:AB | rep stosd |
$-112 0 | 8D8424 B4000000 | lea eax, dword ptr ss:[esp+B4] |
$-10B 0 | 6A 7F | push 7F |
$-109 0 | 50 | push eax |
$-108 0 | FF15 30B8D200 | call dword ptr ds:[<&_snprintf>] |
$-102 0 | 8D8C24 BC000000 | lea ecx, dword ptr ss:[esp+BC] |
$-FB 0 | 6A 05 | push 5 |
$-F9 0 | 51 | push ecx | ecx:"|v?"
$-F8 0 | 6A 01 | push 1 |
$-F6 0 | E8 7DEB3C00 | call qqsg.A007E0 |
$-F1 0 | 8B4424 58 | mov eax, dword ptr ss:[esp+58] |
$-ED 0 | 83C4 18 | add esp, 18 |
$-EA 0 | 3BC6 | cmp eax, esi |
$-E8 0 | 74 1D | je qqsg.631C8B |
$-E6 0 | 8D48 FF | lea ecx, dword ptr ds:[eax-1] | ecx:"|v?"
$-E3 0 | 8A40 FF | mov al, byte ptr ds:[eax-1] |
$-E0 0 | 84C0 | test al, al |
$-DE 0 | 74 0A | je qqsg.631C82 |
$-DC 0 | 3C FF | cmp al, FF |
$-DA 0 | 74 06 | je qqsg.631C82 |
$-D8 0 | FEC8 | dec al |
$-D6 0 | 8801 | mov byte ptr ds:[ecx], al | ecx:"|v?"
$-D4 0 | EB 09 | jmp qqsg.631C8B |
$-D2 0 | 51 | push ecx | ecx:"|v?"
$-D1 0 | E8 C6EA6A00 | call <JMP.&??3@YAXPAX@Z> |
$-CC 0 | 83C4 04 | add esp, 4 |
$-C9 0 | 8B5C24 20 | mov ebx, dword ptr ss:[esp+20] |
$-C5 0 | 8B7C24 1C | mov edi, dword ptr ss:[esp+1C] |
$-C1 0 | 3BFB | cmp edi, ebx |
$-BF 0 | 897424 40 | mov dword ptr ss:[esp+40], esi |
$-BB 0 | 897424 44 | mov dword ptr ss:[esp+44], esi |
$-B7 0 | 897424 48 | mov dword ptr ss:[esp+48], esi |
$-B3 0 | C68424 2C1A0000 01 | mov byte ptr ss:[esp+1A2C], 1 |
$-AB 0 | 74 15 | je qqsg.631CC0 |
$-A9 0 | 6A 01 | push 1 |
$-A7 0 | 8BCF | mov ecx, edi | ecx:"|v?"
$-A5 0 | FF15 A4B5D200 | call dword ptr ds:[<&?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$al |
$-9F 0 | 83C7 10 | add edi, 10 |
$-9C 0 | 3BFB | cmp edi, ebx |
$-9A 0 | 75 EF | jne qqsg.631CAB |
$-98 0 | 8B7C24 1C | mov edi, dword ptr ss:[esp+1C] |
$-94 0 | 57 | push edi |
$-93 0 | E8 88EA6A00 | call <JMP.&??3@YAXPAX@Z> |
$-8E 0 | 8B5424 34 | mov edx, dword ptr ss:[esp+34] |
$-8A 0 | 897424 20 | mov dword ptr ss:[esp+20], esi |
$-86 0 | 897424 24 | mov dword ptr ss:[esp+24], esi |
$-82 0 | 897424 28 | mov dword ptr ss:[esp+28], esi |
$-7E 0 | 52 | push edx |
$-7D 0 | E8 72EA6A00 | call <JMP.&??3@YAXPAX@Z> |
$-78 0 | 83C4 08 | add esp, 8 |
$-75 0 | 897424 30 | mov dword ptr ss:[esp+30], esi |
$-71 0 | 897424 34 | mov dword ptr ss:[esp+34], esi |
$-6D 0 | 897424 38 | mov dword ptr ss:[esp+38], esi |
$-69 0 | E9 8E000000 | jmp qqsg.631D7E |
$-64 0 | B9 20000000 | mov ecx, 20 | ecx:"|v?", 20:' '
$-5F 0 | 33C0 | xor eax, eax |
$-5D 0 | 8DBC24 F4020000 | lea edi, dword ptr ss:[esp+2F4] |
$-56 0 | 68 280AEE00 | push qqsg.EE0A28 | EE0A28:"/C25消息内容有误,请确认后再输入."
$-51 0 | F3:AB | rep stosd |
$-4F 0 | 8D8424 F8020000 | lea eax, dword ptr ss:[esp+2F8] |
$-48 0 | 6A 7F | push 7F |
$-46 0 | 50 | push eax |
$-45 0 | FF15 30B8D200 | call dword ptr ds:[<&_snprintf>] |
$-3F 0 | 8D8C24 00030000 | lea ecx, dword ptr ss:[esp+300] |
$-38 0 | 6A 05 | push 5 |
$-36 0 | 51 | push ecx | ecx:"|v?"
$-35 0 | 6A 01 | push 1 |
$-33 0 | E8 BAEA3C00 | call qqsg.A007E0 |
$-2E 0 | 83C4 18 | add esp, 18 |
$-2B 0 | 8D4C24 3C | lea ecx, dword ptr ss:[esp+3C] |
$-27 0 | C68424 2C1A0000 02 | mov byte ptr ss:[esp+1A2C], 2 |
$-1F 0 | FF15 80B5D200 | call dword ptr ds:[<&??1?$basic_string@DU?$char_traits@D@std@@V?$alloca |
$-19 0 | EB 1F | jmp qqsg.631D5C |
$-17 0 | 8D9424 74030000 | lea edx, dword ptr ss:[esp+374] |
$-10 0 | 52 | push edx |
$-F 0 | E8 26F5FBFF | call qqsg.5F1270 |
$-A 0 | EB 0D | jmp qqsg.631D59 |
$-8 0 | 8D8424 34010000 | lea eax, dword ptr ss:[esp+134] |
$-1 0 | 50 | push eax | eax+1 //喊话内容
$ ==> 0 | E8 C7F4FBFF | call qqsg.5F1220 | 喊话CALL
$+5 0 | 83C4 04 | add esp, 4 |
$+8 0 | 8D4C24 18 | lea ecx, dword ptr ss:[esp+18] |
$+C 0 | C68424 2C1A0000 01 | mov byte ptr ss:[esp+1A2C], 1 |
$+14 0 | E8 83FAE2FF | call qqsg.4617F0 |
$+19 0 | 8D4C24 2C | lea ecx, dword ptr ss:[esp+2C] |
$+1D 0 | C68424 2C1A0000 00 | mov byte ptr ss:[esp+1A2C], 0 |
$+25 0 | E8 32DB0100 | call qqsg.64F8B0 |
$+2A 0 | 8D8C24 88000000 | lea ecx, dword ptr ss:[esp+88] |
$+31 0 | C78424 2C1A0000 FFFFF | mov dword ptr ss:[esp+1A2C], FFFFFFFF |
$+3C 0 | E8 0BBC6700 | call qqsg.CAD9A0 |
$+41 0 | 8B8C24 241A0000 | mov ecx, dword ptr ss:[esp+1A24] |
$+48 0 | 5F | pop edi |
$+49 0 | 5E | pop esi |
$+4A 0 | 5D | pop ebp |
$+4B 0 | 33C0 | xor eax, eax |
$+4D 0 | 5B | pop ebx |
$+4E 0 | 64:890D 00000000 | mov dword ptr fs:[0], ecx | ecx:"|v?"
$+55 0 | 81C4 201A0000 | add esp, 1A20 |
$+5B 0 | C3 | ret |
005F1220 | 8B0D 50B52F01 | mov ecx, dword ptr ds:[12FB550] | ecx:"|v?"
005F1226 | 85C9 | test ecx, ecx | ecx:"|v?"
005F1228 | 75 03 | jne qqsg.5F122D |
005F122A | 32C0 | xor al, al |
005F122C | C3 | ret |
005F122D | 56 | push esi |
005F122E | 8B7424 08 | mov esi, dword ptr ss:[esp+8] |
005F1232 | 803E 01 | cmp byte ptr ds:[esi], 1 |
005F1235 | 75 28 | jne qqsg.5F125F |
005F1237 | A1 90982E01 | mov eax, dword ptr ds:[12E9890] | 012E9890:"P$W$"
005F123C | 6A 01 | push 1 |
005F123E | 6A 00 | push 0 |
005F1240 | 8B48 04 | mov ecx, dword ptr ds:[eax+4] | ecx:"|v?", eax+4:"33333333333"
005F1243 | E8 884B3100 | call qqsg.905DD0 |
005F1248 | 8B80 200C0000 | mov eax, dword ptr ds:[eax+C20] |
005F124E | 8D4E 67 | lea ecx, dword ptr ds:[esi+67] | ecx:"|v?"
005F1251 | 51 | push ecx | ecx:"|v?"
005F1252 | 8BC8 | mov ecx, eax | ecx:"|v?"
005F1254 | E8 97B31400 | call qqsg.73C5F0 |
005F1259 | 8B0D 50B52F01 | mov ecx, dword ptr ds:[12FB550] | ecx:"|v?"
005F125F | 8B11 | mov edx, dword ptr ds:[ecx] | ecx:"|v?"
005F1261 | 68 88000000 | push 88 | 68??0000005668FC030000FF10
005F1266 | 56 | push esi | esi+1//喊话内容
005F1267 | 68 FC030000 | push 3FC |
005F126C | FF12 | call dword ptr ds:[edx] | 明文喊话CALL
005F126E | 5E | pop esi |
005F126F | C3 | ret |
005F1270 | 8B0D 50B52F01 | mov ecx, dword ptr ds:[12FB550] | ecx:"|v?"
005F1276 | 85C9 | test ecx, ecx | ecx:"|v?"
005F1278 | 75 03 | jne qqsg.5F127D |
005F127A | 32C0 | xor al, al |
005F127C | C3 | ret |
QQSG.exe+1F1228 - 75 03 - jne QQSG.exe+1F122D
QQSG.exe+1F122A - 32 C0 - xor al,al
QQSG.exe+1F122C - C3 - ret
QQSG.exe+1F122D - 56 - push esi
QQSG.exe+1F122E - 8B 74 24 08 - mov esi,[esp+08]
QQSG.exe+1F1232 - 80 3E 01 - cmp byte ptr [esi],01
QQSG.exe+1F1235 - 75 28 - jne QQSG.exe+1F125F
QQSG.exe+1F1237 - A1 90982E01 - mov eax,[QQSG.exe+EE9890]
QQSG.exe+1F123C - 6A 01 - push 01
QQSG.exe+1F123E - 6A 00 - push 00
QQSG.exe+1F1240 - 8B 48 04 - mov ecx,[eax+04]
QQSG.exe+1F1243 - E8 884B3100 - call QQSG.exe+505DD0
QQSG.exe+1F1248 - 8B 80 200C0000 - mov eax,[eax+00000C20]
QQSG.exe+1F124E - 8D 4E 67 - lea ecx,[esi+67]
QQSG.exe+1F1251 - 51 - push ecx
QQSG.exe+1F1252 - 8B C8 - mov ecx,eax
QQSG.exe+1F1254 - E8 97B31400 - call QQSG.exe+33C5F0
QQSG.exe+1F1259 - 8B 0D 50B52F01 - mov ecx,[QQSG.exe+EFB550]
QQSG.exe+1F125F - 8B 11 - mov edx,[ecx]
QQSG.exe+1F1261 - 68 88000000 - push 00000088
QQSG.exe+1F1266 - 56 - push esi
QQSG.exe+1F1267 - 68 FC030000 - push 000003FC
QQSG.exe+1F126C - FF 12 - call dword ptr [edx] 喊话CALL
QQSG.exe+1F126E - 5E - pop esi
QQSG.exe+1F126F - C3 - ret
QQSG.exe+1F1270 - 8B 0D 50B52F01 - mov ecx,[QQSG.exe+EFB550]
QQSG.exe+1F1276 - 85 C9 - test ecx,ecx
QQSG.exe+1F1278 - 75 03 - jne QQSG.exe+1F127D
QQSG.exe+1F127A - 32 C0 - xor al,al
QQSG.exe+1F127C - C3 - ret
QQSG.exe+1F127D - 56 - push esi
地址 反汇编 字符串
00A841DF push qqsg.12CBB94 "NETWORK_ERR_NET_DOWN, can read, socket select err,neterr=%d,winerr=%d"
00A842EF push qqsg.12CBBDC "NETWORK_ERR_NET_DOWN, can write, socket select err,neterr=%d, winerr=%d"
00A8458D push qqsg.12CBC9C "NETWORK_ERR_NET_DOWN, sendlen = 0, lasterr=%d, winerr=%d"
00A8416A | 8D4C24 18 | lea ecx, dword ptr ss:[esp+18] |
00A8416E | 8B86 20010000 | mov eax, dword ptr ds:[esi+120] |
00A84174 | 33FF | xor edi, edi |
00A84176 | 51 | push ecx |
00A84177 | 57 | push edi |
00A84178 | 8D5424 34 | lea edx, dword ptr ss:[esp+34] |
00A8417C | 57 | push edi |
00A8417D | 52 | push edx |
00A8417E | 57 | push edi |
00A8417F | 897C24 2C | mov dword ptr ss:[esp+2C], edi |
00A84183 | C74424 30 E8030000 | mov dword ptr ss:[esp+30], 3E8 |
00A8418B | 894424 44 | mov dword ptr ss:[esp+44], eax |
00A8418F | C74424 40 01000000 | mov dword ptr ss:[esp+40], 1 |
00A84197 | FF15 D0BAD200 | call dword ptr ds:[<&JMP.&select>] |
00A8419D | 83F8 FF | cmp eax, FFFFFFFF |
00A841A0 | 0F85 93000000 | jne qqsg.A84239 |
00A841A6 | C786 B4010000 0900000 | mov dword ptr ds:[esi+1B4], 9 | 9:'\t'
00A841B0 | FF15 A4BAD200 | call dword ptr ds:[D2BAA4] |
00A841B6 | 897C24 20 | mov dword ptr ss:[esp+20], edi |
00A841BA | 897C24 24 | mov dword ptr ss:[esp+24], edi |
00A841BE | BF 03000000 | mov edi, 3 |
00A841C3 | 8986 B8010000 | mov dword ptr ds:[esi+1B8], eax | esi+1B8:"3|\x01"
00A841C9 | 897C24 28 | mov dword ptr ss:[esp+28], edi |
00A841CD | FF15 9CB2D200 | call dword ptr ds:[<&JMP.&GetLastError>] |
00A841D3 | 50 | push eax |
00A841D4 | 8B86 B8010000 | mov eax, dword ptr ds:[esi+1B8] | esi+1B8:"3|\x01"
00A841DA | 50 | push eax |
00A841DB | 8D4C24 28 | lea ecx, dword ptr ss:[esp+28] |
00A841DF | 68 94BB2C01 | push qqsg.12CBB94 | 12CBB94:"NETWORK_ERR_NET_DOWN, can read, socket select err,neterr=%d,winerr=%d"
00A84270 | 81EC 28010000 | sub esp, 128 |
00A84276 | 56 | push esi | esi:L"繸▎\x01"
00A84277 | 8BF1 | mov esi, ecx | esi:L"繸▎\x01"
00A84279 | 57 | push edi |
00A8427A | 8D4C24 18 | lea ecx, dword ptr ss:[esp+18] |
00A8427E | 8B86 20010000 | mov eax, dword ptr ds:[esi+120] |
00A84284 | 33FF | xor edi, edi |
00A84286 | 51 | push ecx |
00A84287 | 8D5424 30 | lea edx, dword ptr ss:[esp+30] |
00A8428B | 57 | push edi |
00A8428C | 52 | push edx |
00A8428D | 57 | push edi |
00A8428E | 57 | push edi |
00A8428F | 897C24 2C | mov dword ptr ss:[esp+2C], edi |
00A84293 | C74424 30 E8030000 | mov dword ptr ss:[esp+30], 3E8 |
00A8429B | 894424 44 | mov dword ptr ss:[esp+44], eax |
00A8429F | C74424 40 01000000 | mov dword ptr ss:[esp+40], 1 |
00A842A7 | FF15 D0BAD200 | call dword ptr ds:[<&JMP.&select>] |
00A842AD | 83F8 FF | cmp eax, FFFFFFFF |
00A842B0 | 0F85 93000000 | jne qqsg.A84349 |
00A842B6 | C786 B4010000 0900000 | mov dword ptr ds:[esi+1B4], 9 | 9:'\t'
00A842C0 | FF15 A4BAD200 | call dword ptr ds:[D2BAA4] |
00A842C6 | 897C24 20 | mov dword ptr ss:[esp+20], edi |
00A842CA | 897C24 24 | mov dword ptr ss:[esp+24], edi |
00A842CE | BF 03000000 | mov edi, 3 |
00A842D3 | 8986 B8010000 | mov dword ptr ds:[esi+1B8], eax | esi+1B8:"3|\x01"
00A842D9 | 897C24 28 | mov dword ptr ss:[esp+28], edi |
00A842DD | FF15 9CB2D200 | call dword ptr ds:[<&JMP.&GetLastError>] |
00A842E3 | 50 | push eax |
00A842E4 | 8B86 B8010000 | mov eax, dword ptr ds:[esi+1B8] | esi+1B8:"3|\x01"
00A842EA | 50 | push eax |
00A842EB | 8D4C24 28 | lea ecx, dword ptr ss:[esp+28] |
00A842EF | 68 DCBB2C01 | push qqsg.12CBBDC | 12CBBDC:"NETWORK_ERR_NET_DOWN, can write, socket select err,neterr=%d, winerr=%d"
00A844EC | 00748D 64 | add byte ptr ss:[ebp+ecx*4+64], dh |
00A844F0 | 24 04 | and al, 4 |
00A844F2 | 52 | push edx |
00A844F3 | 53 | push ebx |
00A844F4 | 50 | push eax |
00A844F5 | 56 | push esi |
00A844F6 | 9C | pushfd |
00A844F7 | 55 | push ebp |
00A844F8 | E8 A243C400 | call qqsg.16C889F |
00A844FD | 7B 8D | jnp qqsg.A8448C |
00A844FF | 64:24 04 | and al, 4 |
00A84502 | AD | lodsd |
00A84503 | 81C6 01000000 | add esi, 1 |
00A84509 | E8 FBA0C400 | call qqsg.16CE609 |
00A8450E | 76 CC | jbe qqsg.A844DC |
00A84510 | 83EC 20 | sub esp, 20 |
00A84513 | 56 | push esi |
00A84514 | 8BF1 | mov esi, ecx |
00A84516 | 57 | push edi |
00A84517 | 33FF | xor edi, edi |
00A84519 | 8B86 88010000 | mov eax, dword ptr ds:[esi+188] |
00A8451F | 85C0 | test eax, eax |
00A84521 | 0F8E FE000000 | jle qqsg.A84625 |
00A84527 | 8B8E 20010000 | mov ecx, dword ptr ds:[esi+120] |
00A8452D | 57 | push edi |
00A8452E | 50 | push eax |
00A8452F | 8B86 80010000 | mov eax, dword ptr ds:[esi+180] |
00A84535 | 50 | push eax |
00A84536 | 51 | push ecx |
00A84537 | FF15 FCBAD200 | call dword ptr ds:[<&JMP.&send>] |
00A8453D | 8BF8 | mov edi, eax |
00A8453F | 83FF FF | cmp edi, FFFFFFFF |
00A84542 | 897C24 08 | mov dword ptr ss:[esp+8], edi |
00A84546 | 0F85 98000000 | jne qqsg.A845E4 |
00A8454C | C786 B4010000 0900000 | mov dword ptr ds:[esi+1B4], 9 | 9:'\t'
00A84556 | FF15 A4BAD200 | call dword ptr ds:[D2BAA4] |
00A8455C | BF 03000000 | mov edi, 3 |
00A84561 | 8986 B8010000 | mov dword ptr ds:[esi+1B8], eax |
00A84567 | C74424 0C 00000000 | mov dword ptr ss:[esp+C], 0 |
00A8456F | C74424 10 00000000 | mov dword ptr ss:[esp+10], 0 |
00A84577 | 897C24 14 | mov dword ptr ss:[esp+14], edi |
00A8457B | FF15 9CB2D200 | call dword ptr ds:[<&JMP.&GetLastError>] |
00A84581 | 8B96 B8010000 | mov edx, dword ptr ds:[esi+1B8] |
00A84587 | 50 | push eax |
00A84588 | 52 | push edx |
00A84589 | 8D4424 14 | lea eax, dword ptr ss:[esp+14] |
00A8458D | 68 9CBC2C01 | push qqsg.12CBC9C | 12CBC9C:"NETWORK_ERR_NET_DOWN, sendlen = 0, lasterr=%d, winerr=%d"
|
游戏安全课程 学员办理咨询联系QQ150330575 手机 139 9636 2600 免费课程 在 www.bilibili.com 搜 郁金香灬老师
|
|