之所以要反汇编这个文件是想查看其调用的函数信息,但是反汇编后还是不明白一下内容里有什么有用的信息,求解释。
Object01: .text RVA: 00001000 Offset: 00000400 Size: 000D5200 Flags: 60000020
Object02: RT RVA: 000D7000 Offset: 000D5600 Size: 00000200 Flags: 60000020
Object03: .data RVA: 000D8000 Offset: 000D5800 Size: 00006C00 Flags: C0000040
Object04: .rsrc RVA: 000E1000 Offset: 000DC400 Size: 00056200 Flags: 40000040
Object05: .reloc RVA: 00138000 Offset: 00132600 Size: 00004E00 Flags: 42000040
+++++++++++++++++++ 菜 单 信 息 ++++++++++++++++++
程序没有菜单选项
+++++++++++++++++ 对话框信息 ++++++++++++++++++
There Are No Dialog Resources in This Application
+++++++++++++++++++ 导入函数 ++++++++++++++++++
Number of Imported Modules = 0 (decimal)
+++++++++++++++++++ 重要模块资料 +++++++++++++++
+++++++++++++++++++ 导出函数 ++++++++++++++++++
Number of Exported Functions = 0000 (decimal)
+++++++++++++++++++ ASSEMBLY CODE LISTING ++++++++++++++++++
//********************** Start of Code in Object .text **************
Program Entry Point Not Available
:77EC1000 53 push ebx
:77EC11B3 8D4DFC lea ecx, dword ptr [ebp-04]
:77EC11B6 51 push ecx
:77EC11B7 6A00 push 00000000
:77EC11B9 50 push eax
:77EC11BA 57 push edi
:77EC11BB E83A000000 call 77EC11FA
:77EC11C0 837DFC00 cmp dword ptr [ebp-04], 00000000
:77EC11C4 0F8727A80900 ja 77F5B9F1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77EC11B1(C)
|
:77EC11CA 837DF800 cmp dword ptr [ebp-08], 00000000
:77EC11CE 7415 je 77EC11E5
:77EC11D0 8B4510 mov eax, dword ptr [ebp+10]
:77EC11D3 85C0 test eax, eax
:77EC11D5 0F8539A80900 jne 77F5BA14
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77F5BA19(U)
|
:77EC11DB 33C0 xor eax, eax
:77EC11DD 40 inc eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77F5B9EC(U)
|
:77EC11DE 5F pop edi
:77EC11DF 5E pop esi
:77EC11E0 5B pop ebx
:77EC11E1 C9 leave
:77EC11E2 C20C00 ret 000C
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:77EC1193(C), :77EC11CE(C), :77F5B9E0(U), :77F5BA00(C), :77F5BA09(C)
|
:77EC11E5 8B4510 mov eax, dword ptr [ebp+10]
:77EC11E8 85C0 test eax, eax
:77EC11EA 0F85F5A70900 jne 77F5B9E5
:77EC11F0 E9F5A70900 jmp 77F5B9EA
:77EC11F5 90 nop
:77EC11F6 90 nop
:77EC11F7 90 nop
:77EC11F8 90 nop
:77EC11F9 90 nop
* Referenced by a CALL at Address:
|:77EC11BB
|
:77EC11FA 8BFF mov edi, edi
:77EC11FC 55 push ebp
:77EC11FD 8BEC mov ebp, esp
:77EC11FF 83EC0C sub esp, 0000000C
:77EC1202 33C9 xor ecx, ecx
:77EC1204 53 push ebx
:77EC1205 8B5D08 mov ebx, dword ptr [ebp+08]
:77EC1208 56 push esi
:77EC1209 894DF4 mov dword ptr [ebp-0C], ecx
:77EC120C 894DF8 mov dword ptr [ebp-08], ecx
:77EC120F 894DFC mov dword ptr [ebp-04], ecx
:77EC1212 3BD9 cmp ebx, ecx
:77EC1214 0F8437010000 je 77EC1351
:77EC121A 8B430C mov eax, dword ptr [ebx+0C]
:77EC121D 3BC1 cmp eax, ecx
:77EC121F 0F842C010000 je 77EC1351
:77EC1225 8B750C mov esi, dword ptr [ebp+0C]
:77EC1228 3B7048 cmp esi, dword ptr [eax+48]
:77EC122B 0F8320010000 jnb 77EC1351
:77EC1231 8B4514 mov eax, dword ptr [ebp+14]
:77EC1234 3BC1 cmp eax, ecx
:77EC1236 7402 je 77EC123A
:77EC1238 8908 mov dword ptr [eax], ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77EC1236(C)
|
:77EC123A 51 push ecx
:77EC123B 8D45FC lea eax, dword ptr [ebp-04]
:77EC123E 50 push eax
:77EC123F E881FEFFFF call 77EC10C5
:77EC1244 85C0 test eax, eax
:77EC1246 0F84DB000000 je 77EC1327
:77EC124C FF75FC push [ebp-04]
:77EC124F 56 push esi
:77EC1250 E832030000 call 77EC1587
:77EC1255 85C0 test eax, eax
:77EC1257 0F84CA000000 je 77EC1327
:77EC125D 57 push edi
:77EC125E FF75FC push [ebp-04]
:77EC1261 8D450C lea eax, dword ptr [ebp+0C]
:77EC1264 50 push eax
:77EC1265 E8F8000000 call 77EC1362
:77EC126A 85C0 test eax, eax
:77EC126C 0F84AD000000 je 77EC131F
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77EC1314(C)
|
:77EC1272 8B750C mov esi, dword ptr [ebp+0C]
:77EC1275 6BF630 imul esi, 00000030
:77EC1278 037318 add esi, dword ptr [ebx+18]
:77EC127B 8B4620 mov eax, dword ptr [esi+20]
:77EC127E 8B7E14 mov edi, dword ptr [esi+14]
:77EC1281 85C0 test eax, eax
:77EC1283 7C11 jl 77EC1296
:77EC1285 FF75FC push [ebp-04]
:77EC1288 50 push eax
:77EC1289 E8F9020000 call 77EC1587
:77EC128E 85C0 test eax, eax
:77EC1290 0F8490000000 je 77EC1326
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77EC1283(C)
|
:77EC1296 8B4628 mov eax, dword ptr [esi+28]
:77EC1299 85C0 test eax, eax
:77EC129B 7C0D jl 77EC12AA
:77EC129D FF75FC push [ebp-04]
:77EC12A0 50 push eax
:77EC12A1 E8E1020000 call 77EC1587
:77EC12A6 85C0 test eax, eax
:77EC12A8 747C je 77EC1326
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77EC129B(C)
|
:77EC12AA 8B4624 mov eax, dword ptr [esi+24]
:77EC12AD 85C0 test eax, eax
:77EC12AF 0F8D9FAF0900 jnl 77F5C254
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77EC133A(C)
|
:77EC12B5 8B562C mov edx, dword ptr [esi+2C]
:77EC12B8 F6C201 test dl, 01
:77EC12BB 7549 jne 77EC1306
:77EC12BD 8B06 mov eax, dword ptr [esi]
:77EC12BF 0B4604 or eax, dword ptr [esi+04]
:77EC12C2 0F849AAF0900 je 77F5C262
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77F5C268(C)
|
:77EC12C8 8B4610 mov eax, dword ptr [esi+10]
:77EC12CB 85C0 test eax, eax
:77EC12CD 7473 je 77EC1342
:77EC12CF 250000FFFF and eax, FFFF0000
:77EC12D4 0F8599AF0900 jne 77F5C273
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77F5C278(C)
|
:77EC12DA 8B4B0C mov ecx, dword ptr [ebx+0C]
:77EC12DD 3B7944 cmp edi, dword ptr [ecx+44]
:77EC12E0 7360 jnb 77EC1342
:77EC12E2 8B4310 mov eax, dword ptr [ebx+10]
:77EC12E5 C1E705 shl edi, 05
:77EC12E8 03C7 add eax, edi
:77EC12EA 83781800 cmp dword ptr [eax+18], 00000000
:77EC12EE 7516 jne 77EC1306
:77EC12F0 8B7E1C mov edi, dword ptr [esi+1C]
:77EC12F3 037E18 add edi, dword ptr [esi+18]
:77EC12F6 397804 cmp dword ptr [eax+04], edi
:77EC12F9 7247 jb 77EC1342
:77EC12FB 8B4014 mov eax, dword ptr [eax+14]
:77EC12FE 85C0 test eax, eax
:77EC1300 0F8D7DAF0900 jnl 77F5C283
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:77EC12BB(C), :77EC12EE(C), :77F5C28C(U), :77F5C2A5(C), :77F5C2AD(U)
|
:77EC1306 FF75FC push [ebp-04]
:77EC1309 8D450C lea eax, dword ptr [ebp+0C]
:77EC130C 50 push eax
:77EC130D E850000000 call 77EC1362
:77EC1312 85C0 test eax, eax
:77EC1314 0F8558FFFFFF jne 77EC1272
:77EC131A 3945F8 cmp dword ptr [ebp-08], eax
:77EC131D 7507 jne 77EC1326
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77EC126C(C)
|
:77EC131F C745F401000000 mov [ebp-0C], 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:77EC1290(C), :77EC12A8(C), :77EC131D(C), :77EC1340(U)
|
:77EC1326 5F pop edi
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:77EC1246(C), :77EC1257(C)
|
:77EC1327 FF75FC push [ebp-04]
:77EC132A E818FDFFFF call 77EC1047
:77EC132F 8B45F4 mov eax, dword ptr [ebp-0C]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77F5C2B4(U)
|
:77EC1332 5E pop esi
:77EC1333 5B pop ebx
:77EC1334 C9 leave
:77EC1335 C21000 ret 0010
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77F5C25D(U)
|
:77EC1338 85C0 test eax, eax
:77EC133A 0F8575FFFFFF jne 77EC12B5
:77EC1340 EBE4 jmp 77EC1326
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:77EC12CD(C), :77EC12E0(C), :77EC12F9(C), :77F5C26E(U), :77F5C27E(U)
|:77F5C286(C)
|
:77EC1342 837D1000 cmp dword ptr [ebp+10], 00000000
:77EC1346 0F8545AF0900 jne 77F5C291
:77EC134C E948AF0900 jmp 77F5C299
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:77EC1214(C), :77EC121F(C), :77EC122B(C)
|
:77EC1351 6A57 push 00000057
:77EC1353 E882100500 call 77F123DA
:77EC1358 E955AF0900 jmp 77F5C2B2
:77EC135D 90 nop
:77EC135E 90 nop
:77EC135F 90 nop
:77EC1360 90 nop
:77EC1361 90 nop
* Referenced by a CALL at Addresses:
|:77EC1265 , :77EC130D , :77EC148D , :77EC1556
|
:77EC1362 8BFF mov edi, edi
:77EC1364 55 push ebp
:77EC1365 8BEC mov ebp, esp
:77EC1367 8B4D0C mov ecx, dword ptr [ebp+0C]
:77EC136A 56 push esi
:77EC136B 85C9 test ecx, ecx
:77EC136D 7424 je 77EC1393
:77EC136F 8B7508 mov esi, dword ptr [ebp+08]
:77EC1372 85F6 test esi, esi
:77EC1374 741D je 77EC1393
:77EC1376 8B5108 mov edx, dword ptr [ecx+08]
:77EC1379 85D2 test edx, edx
:77EC137B 7416 je 77EC1393
:77EC137D 8B01 mov eax, dword ptr [ecx]
:77EC137F 85C0 test eax, eax
:77EC1381 7410 je 77EC1393
:77EC1383 48 dec eax
:77EC1384 8901 mov dword ptr [ecx], eax
:77EC1386 8B0482 mov eax, dword ptr [edx+4*eax]
:77EC1389 8906 mov dword ptr [esi], eax
:77EC138B 33C0 xor eax, eax
:77EC138D 40 inc eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77EC1395(U)
|
:77EC138E 5E pop esi
:77EC138F 5D pop ebp
:77EC1390 C20800 ret 0008
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:77EC136D(C), :77EC1374(C), :77EC137B(C), :77EC1381(C)
|
:77EC1393 33C0 xor eax, eax
:77EC1395 EBF7 jmp 77EC138E
:77EC1397 90 nop
:77EC1398 90 nop
:77EC1399 90 nop
:77EC139A 90 nop
:77EC139B 90 nop
* Referenced by a CALL at Address:
|:77EC119C
|
:77EC139C 8BFF mov edi, edi
:77EC139E 55 push ebp
:77EC139F 8BEC mov ebp, esp
:77EC13A1 51 push ecx
:77EC13A2 53 push ebx
:77EC13A3 56 push esi
:77EC13A4 8B7508 mov esi, dword ptr [ebp+08]
:77EC13A7 33D2 xor edx, edx
:77EC13A9 42 inc edx
:77EC13AA 33DB xor ebx, ebx
:77EC13AC 57 push edi
:77EC13AD 8955FC mov dword ptr [ebp-04], edx
:77EC13B0 3BF3 cmp esi, ebx
:77EC13B2 0F848D000000 je 77EC1445
:77EC13B8 8B460C mov eax, dword ptr [esi+0C]
:77EC13BB 3BC3 cmp eax, ebx
:77EC13BD 0F8482000000 je 77EC1445
:77EC13C3 8B4848 mov ecx, dword ptr [eax+48]
:77EC13C6 3BCB cmp ecx, ebx
:77EC13C8 0F84ACA50900 je 77F5B97A
:77EC13CE 395858 cmp dword ptr [eax+58], ebx
:77EC13D1 0F8CAAA50900 jl 77F5B981
:77EC1001 005900 add byte ptr [ecx+00], bl
:77EC1004 53 push ebx
:77EC1005 00540045 add byte ptr [eax+eax+45], dl
:77EC1009 004D00 add byte ptr [ebp+00], cl
:77EC100C 0000 add byte ptr [eax], al
:77EC100E 90 nop
:77EC100F 90 nop
:77EC1010 7200 jb 77EC1012
:77EC1012 6300 arpl dword ptr [eax], eax
:77EC1014 0000 add byte ptr [eax], al
:77EC1016 8B460C mov eax, dword ptr [esi+0C]
:77EC1019 3BC7 cmp eax, edi
:77EC101B 0F856EA60900 jne 77F5B68F
:77EC1021 64A118000000 mov eax, dword ptr fs:[00000018]
:77EC1027 8B4030 mov eax, dword ptr [eax+30]
:77EC102A 56 push esi
:77EC102B 57 push edi
:77EC102C FF7018 push [eax+18]
:77EC102F E8150F0500 call 77F11F49
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:77F5B65D(C), :77F5B66A(U)
|
:77EC1034 33C0 xor eax, eax
:77EC1036 E997F50600 jmp 77F305D2
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77F305AC(C)
|
:77EC103B 33C0 xor eax, eax
:77EC103D E976F50600 jmp 77F305B8
:77EC1042 90 nop
:77EC1043 90 nop
:77EC1044 90 nop
:77EC1045 90 nop
:77EC1046 90 nop
* Referenced by a CALL at Addresses:
|:77EC132A , :77EC1570
|
:77EC1047 8BFF mov edi, edi
:77EC1049 55 push ebp
:77EC104A 8BEC mov ebp, esp
:77EC104C 56 push esi
:77EC104D 8B7508 mov esi, dword ptr [ebp+08]
:77EC1050 85F6 test esi, esi
:77EC1052 742F je 77EC1083
:77EC1054 8B4608 mov eax, dword ptr [esi+08]
:77EC1057 85C0 test eax, eax
:77EC1059 7414 je 77EC106F
:77EC105B 50 push eax
:77EC105C 64A118000000 mov eax, dword ptr fs:[00000018]
:77EC1062 8B4030 mov eax, dword ptr [eax+30]
:77EC1065 6A00 push 00000000
:77EC1067 FF7018 push [eax+18]
:77EC106A E8DA0E0500 call 77F11F49
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77EC1059(C)
|
:77EC106F 64A118000000 mov eax, dword ptr fs:[00000018]
:77EC1075 8B4030 mov eax, dword ptr [eax+30]
:77EC1078 56 push esi
:77EC1079 6A00 push 00000000
:77EC107B FF7018 push [eax+18]
:77EC107E E8C60E0500 call 77F11F49
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77EC1052(C)
|
:77EC1083 5E pop esi
:77EC1084 5D pop ebp
:77EC1085 C20400 ret 0004
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77F307D1(C)
|
:77EC1088 83CF02 or edi, 00000002
:77EC108B E947F70600 jmp 77F307D7
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77F307E3(C)
|
:77EC1090 83CF08 or edi, 00000008
:77EC1093 E951F70600 jmp 77F307E9
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:77F3081E(C), :77F5BA3B(U)
|
:77EC1098 33C0 xor eax, eax
:77EC109A E9B5F70600 jmp 77F30854
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:77F30829(C)
|
:77EC109F 394D10 cmp dword ptr [ebp+10], ecx
:77EC10A2 0F8487F70600 je 77F3082F
:77EC10A8 E988A90900 jmp 77F5BA35
未完……文件实在太长,不懂,求解释。
分享到:
相关推荐
W32asm反汇编利器绿色版.rar W32asm反汇编利器绿色版.rar W32asm反汇编利器绿色版.rar
W32asm反汇编.rar 一宽反汇编软件
W32asm 无极版 反汇编工具,Windows程序exe文件汇编
C32Asm 反汇编工具比较方便,当然需要更强大的反汇编工具大家还是去下载OD吧
经典的反汇编工具W32ASM,经典的反汇编工具W32ASM
w32api_register_function("kernel32.dll","GetTickCount","long"); w32api_register_function("User32.dll","MessageBoxA","long"); $ticks = GetTickCount(); $secs = floor($ticks / 1000); $mins = floor($secs ...
w32time.dll windows 时间服务dll
用 od w32asm 等软件能见到汇编代码 通过分析汇编代码能得到程序大体思路 但不能还原成源代码 language2000 peid fi 等查壳工具一般都能查到。
OllyDbg很好的反汇编工具, W32ASM配合使用的反汇编工具
win32反汇编工具, 有界面的, 如果想要cmd的反汇编工具, 请访问我的空间.
W32asm无极版,bug很少,我觉得用过的版本这个是最好的吧
W32asm无极版.专业的去壳专家. 绿色无毒,放心使用
W32asm 无极版 反汇编工具W32asm 无极版 反汇编工具
可把EXE文件反汇编成汇编语言,也可再上面调试操作
W32asm 无极版.
bink2w32.dll 直接拷贝该文件到系统目录里: 1、Windows 95/98/Me系统,将dll复制到C:\Windows\System目录下。 2、Windows NT/2000系统,将dll复制到C:\WINNT\System32目录下。 3、Windows XP/WIN7系统,将dll...
the thing you will need
rtapi_w32.dll用于ke2000的系统
syntec 新代最新22ma模拟器
W32asmW32asmW32asmW32asmW32asmW32asm