οϣ  ᷴġKOEIܲٴ롷
            ܴġܲٴexeֺܡ
            ϴġֱ뱦Ч
            zhangjuġЧ,˵뷨ʵ֡



л      GodtypeָһƪµĴ󣬲ṩο


飺      ƾܼ򵥣ᷴѾװˣֻҪٵþͺˣѵǵִ߼
            ڸӵ߼ø߼дǿƼWIN32ࣩͨ
            ֱӸƶҪעΪԶתָԤռ

            ھظõĺָдɺ꺯

            󲿷ֵطʹѹջճĴʹ8λָ32λʡֽڿռ

            ϷȤĻһ£ѧܶණ




       ½ϳ, ṩı޸Ĺزο

       ͣ, ʿ޷ڶڻظ, дΪ, лл!!

;------------------------------------------------------------------------------------------------------------

лӳ----[׹ʽ]

          ͨ䡢޷ֱߴ͸3񣬱佫һʽ1~2౻͸
          佫һʽ֮ǰеһ֣Ҳ


޸Ĵһ  Ӿַ

         UEвַ:           : A1 BE BE F8 A1 BF
         ļƫ: 00126500H

         оĩβճַ: ׹ʽ

         鿴ļƫƶӦ: .rdata2    00155000    00004800    00125E00    00004800    E0000060

         鿴PEӳַ: 00400000H

         ַڴַ = 00400000H + 00155000H + (00126500H - 00125E00H) = 555700H

         00555700  A1 BE BE F8 A1 BF C8 FD B0 E5 B8 AB 00 00 00 0A  師....
         00555710  A1 BE BE F8 A1 BF B2 D4 C1 FA B9 FD D5 F3 C7 B9  ǹ
         00555720  00 A1 BE BE F8 A1 BF C9 B1 CA D6 EF B5 00 00 00  .ɱ...
         00555730  A1 BE BE F8 A1 BF BB D8 C2 ED C7 B9 00 00 00 00  ǹ....
         00555740  A1 BE BE F8 A1 BF BE A1 C3 FC C8 FD B4 B8 00 00  ..
         00555750  A1 BE BE F8 A1 BF CD FE D5 F0 B0 CB BB C4 00 00  ˻..
         00555760  A1 BE BE F8 A1 BF BA E1 C9 A8 C7 A7 BE FC 00 00  ɨǧ..
         00555770  A1 BE BE F8 A1 BF CC A4 C6 C6 C1 AC D3 AA 00 00  ̤Ӫ..
         00555780  A1 BE BE F8 A1 BF D7 D3 C4 B8 B4 A9 D4 C6 C6 C6  ĸ
         00555790  00 CE DE 00 00 00 00 00 00 00 00 00 00 00 00 00  ..............
         005557A0  A1 BE BC BC A1 BF B7 EF CE E8 BE C5 CC EC 00 00  ..
         005557B0  A1 BE BC BC A1 BF C1 FA D2 F7 00 00 00 00 00 00  ......
         005557C0  A1 BE BC BC A1 BF B9 ED C3 C5 B5 B6 00 00 00 00  ŵ....
         005557D0  00 00 A1 BE BC BC A1 BF BA E1 CD C6 B0 CB C2 ED  ..ư
         005557E0  B5 B9 00 00 A1 BE BC BC A1 BF CB AB C0 D7 D2 FD  ..˫
         005557F0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
         00555800  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
         00555810  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
         00555820  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
         00555830  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
         00555840  A1 BE BE F8 A1 BF D7 B9 CC EC B9 E1 C8 D5 CA BD  ׹ʽ
         00555850  00 00 A1 BE BC BC A1 BF D6 EF CF C9 BD A3 00 00  ..ɽ..
         00555860  00 00 00 00 A1 BE BC BC A1 BF D1 AA C4 A7 B5 B6  ....Ѫħ
         00555870  00 00 00 00 00 00 A1 BE BC BC A1 BF D5 E6 BF D5  ......
         00555880  C8 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ..............




޸Ĵ  Ҽ佫ʱʾ

         004D3C1E   /E9 ED000000     jmp     004D3D10


         004D3D10   83F8 22         cmp     eax, 22                        ; ް
         004D3D13  ^74 9D           je      short 004D3CB2
         004D3D15   83F8 2B         cmp     eax, 2B                        ; κͨ
         004D3D18  ^74 A2           je      short 004D3CBC
         004D3D1A   83F8 2C         cmp     eax, 2C                        ; 
         004D3D1D  ^74 A7           je      short 004D3CC6
         004D3D1F   83F8 18         cmp     eax, 18                        ; лӳ
         004D3D22  ^74 84           je      short 004D3CA8
         004D3D24   83F8 23         cmp     eax, 23                        ; 
         004D3D27  ^0F84 71FFFFFF   je      004D3C9E
         004D3D2D  ^E9 97FEFFFF     jmp     004D3BC9


         004D3C9E   68 52585500     push    00555852
         004D3CA3  -E9 8F4AFAFF     jmp     00478737
         004D3CA8   68 40585500     push    00555840
         004D3CAD  -E9 854AFAFF     jmp     00478737



޸Ĵ  þаť

         004D5495   83F8 18         cmp     eax, 18                          ; лӳ DATA_24
         004D5498  ^74 9B           je      short 004D5435
         004D549A  ^EB 92           jmp     short 004D542E


޸Ĵģ  佫Ӧ

         004D3183   /EB 15           jmp     short 004D319A
         004D3185   |90              nop
         004D3186   |90              nop
         004D3187   |90              nop
         004D3188   |90              nop


         004D319A   /0F84 AE000000   je      004D324E                         ; ޳
         004D31A0   |83FB 18         cmp     ebx, 18                          ; Ƿлӳ??
         004D31A3   |0F84 A70B0000   je      004DA10C
         004D31A9  ^|EB DE           jmp     short 004D3189                   ; 佫


޸Ĵ壺  佫һ̨ʣ㣬Բģ

         Fhua.wa ==> Imsg.e5

޸Ĵ  ʹͨб˺ֿ㣬Բģ

00405F44 .  8D8C90 84000000   lea     ecx, dword ptr [eax+edx*4+84]    ;  ȡڴ[eax+edx*4+84]ƫ
00405F4B .  51                push    ecx                              ;  ƫƵַ
00405F4C .  8B09              mov     ecx, dword ptr [ecx]             ;  ȡ˺ֵ
00405F4E    8B45 F8           mov     eax, dword ptr [ebp-8]           ;  SAVӳָ
00405F51    50                push    eax
00405F52 .  8B45 F4           mov     eax, dword ptr [ebp-C]           ;  ȡϢָ
00405F55    8B40 08           mov     eax, dword ptr [eax+8]           ;  SAVӳָ
00405F58    50                push    eax
00405F59    51                push    ecx
00405F5A    E8 A1400D00       call    004DA000                         ;  ±˺㺯
00405F5F    59                pop     ecx                              ;  [eax+edx*4+84]ƫ
00405F60    8901              mov     dword ptr [ecx], eax             ;  㵽ı˺ֵ
00405F62    90                nop
00405F63    90                nop
00405F64 .  90                nop
00405F65 .  90                nop


         ݣ  ݴCTRL+Gַָ==> CTRL+E༭ݣ
                       ==> SHIFT+INSERTճݣ

         8D 8C 90 84 00 00 00 51 8B 09 8B 45 F8 50 8B 45
         F4 8B 40 08 50 51 E8 A1 40 0D 00 59 89 01 90 90
         90 90

         ע⣺  淴CALLԶתָĵַ

004D9FFF  90                 nop
004DA000  55                 push    ebp                            ; ±˺㺯Խ˺Խ
004DA001  8BEC               mov     ebp, esp                       ; ͨб
004DA003  83EC 0C            sub     esp, 0C
004DA006  8B45 08            mov     eax, dword ptr [ebp+8]
004DA009  85C0               test    eax, eax                       ; ˺ֵǷΪ0
004DA00B  0F84 95000000      je      004DA0A6                       ; Ϊ0ʾMISS
004DA011  833D 14F34C00 00   cmp     dword ptr [4CF314], 0          ; Ǿбһ㱬
004DA018  75 0E              jnz     short 004DA028
004DA01A  B9 82000000        mov     ecx, 82                          ; ͨ˺130%
004DA01F  C745 F4 A0000000   mov     dword ptr [ebp-C], 0A0           ; ͨ160%
004DA026  EB 19              jmp     short 004DA041
004DA028  8B4D 0C            mov     ecx, dword ptr [ebp+C]
004DA02B  66:8B11            mov     dx, word ptr [ecx]             ; ȡ佫
004DA02E  66:81FA 1810       cmp     dx, 1018                       ; Ƿлӳо
004DA033^ 74 E5              je      short 004DA01A                 ; ͨ˺
004DA035  B9 AA000000        mov     ecx, 0AA                       ; б˺170%
004DA03A  C745 F4 C8000000   mov     dword ptr [ebp-C], 0C8         ; б200
004DA041  F7E1               mul     ecx
004DA043  B9 64000000        mov     ecx, 64
004DA048  33D2               xor     edx, edx
004DA04A  F7F1               div     ecx
004DA04C  8945 FC            mov     dword ptr [ebp-4], eax         ; 
004DA04F  8B4D 10            mov     ecx, dword ptr [ebp+10]
004DA052  6A 01              push    1
004DA054  6A 00              push    0
004DA056  E8 3FD0F2FF        call    0040709A                       ; ȡ
004DA05B  8945 F8            mov     dword ptr [ebp-8], eax
004DA05E  8B4D 0C            mov     ecx, dword ptr [ebp+C]
004DA061  6A 01              push    1
004DA063  6A 00              push    0
004DA065  E8 30D0F2FF        call    0040709A                       ; ȡ
004DA06A  2B45 F8            sub     eax, dword ptr [ebp-8]         ; ˫
004DA06D  83F8 CE            cmp     eax, -32
004DA070  7C 24              jl      short 004DA096                 ; ڱ50
004DA072  83C0 64            add     eax, 64                        ; +100
004DA075  8945 F8            mov     dword ptr [ebp-8], eax
004DA078  8B45 08            mov     eax, dword ptr [ebp+8]
004DA07B  F765 F4            mul     dword ptr [ebp-C]              ; *
004DA07E  B9 64000000        mov     ecx, 64
004DA083  33D2               xor     edx, edx
004DA085  F7F1               div     ecx
004DA087  F765 F8            mul     dword ptr [ebp-8]
004DA08A  33D2               xor     edx, edx
004DA08C  F7F1               div     ecx                            ; */100*(+100)/100
004DA08E  3B45 FC            cmp     eax, dword ptr [ebp-4]         ; µı˺˺
004DA091  72 03              jb      short 004DA096
004DA093  8945 FC            mov     dword ptr [ebp-4], eax
004DA096  6A 08              push    8
004DA098  E8 765AFAFF        call    0047FB13                       ; 0~7
004DA09D  83C4 04            add     esp, 4
004DA0A0  83E8 03            sub     eax, 3                         ; ȡֵ-3~4
004DA0A3  0345 FC            add     eax, dword ptr [ebp-4]         ; +˺ֵ
004DA0A6  8BE5               mov     esp, ebp
004DA0A8  5D                 pop     ebp
004DA0A9  C2 0C00            retn    0C
004DA0AC  90                 nop
004DA0AD  90                 nop


         ݣ  

         90 55 8B EC 83 EC 0C 8B 45 08 85 C0 0F 84 95 00
         00 00 83 3D 14 F3 4C 00 00 75 0E B9 82 00 00 00
         C7 45 F4 A0 00 00 00 EB 19 8B 4D 0C 66 8B 11 66
         81 FA 18 10 74 E5 B9 AA 00 00 00 C7 45 F4 C8 00
         00 00 F7 E1 B9 64 00 00 00 33 D2 F7 F1 89 45 FC
         8B 4D 10 6A 01 6A 00 E8 3F D0 F2 FF 89 45 F8 8B
         4D 0C 6A 01 6A 00 E8 30 D0 F2 FF 2B 45 F8 83 F8
         CE 7C 24 83 C0 64 89 45 F8 8B 45 08 F7 65 F4 B9
         64 00 00 00 33 D2 F7 F1 F7 65 F8 33 D2 F7 F1 3B
         45 FC 72 03 89 45 FC 6A 08 E8 76 5A FA FF 83 C4
         04 83 E8 03 03 45 FC 8B E5 5D C2 0C 00 90 90


޸Ĵߣ  ͸Ч

00407821   /E9 28050000        jmp     00407D4E
00407826   |E8 A5FFFFFF        call    004077D0               ;  ȡECX佫ְҵ(תΪһְҵ)
0040782B   |833D 20AC5500 01   cmp     dword ptr [55AC20], 1  ;  ַеֵΪ1Ź͸
00407832   |74 41              je      short 00407875


00407D4E    803D 14F34C00 00   cmp     byte ptr [4CF314], 0           ;  з־
00407D55   -0F85 89230D00      jnz     004DA0E4
00407D5B    C645 FC 00         mov     byte ptr [ebp-4], 0            ;  ʼֲΪ0(޴͸)
00407D5F   ^E9 C2FAFFFF        jmp     00407826                       ;  һж


004DA0E4    0FB701             movzx   eax, word ptr [ecx]            ; ȡ佫
004DA0E7    66:3D 1810         cmp     ax, 1018                       ; Ƿлӳ
004DA0EB    74 09              je      short 004DA0F6
004DA0ED    C645 FC 00         mov     byte ptr [ebp-4], 0            ; ԭ
004DA0F1   -E9 30D7F2FF        jmp     00407826
004DA0F6    66:B8 0700         mov     ax, 7                          ; 3
004DA0FA   -E9 8CD7F2FF        jmp     0040788B                       ; ת͸
004DA0FF    90                 nop


00435D26    0FB64D 0C          movzx   ecx, byte ptr [ebp+C]
00435D2A    894D E0            mov     dword ptr [ebp-20], ecx
00435D2D    80F9 06            cmp     cl, 6                          ;  鴩͸Чֵ
00435D30    76 0A              jbe     short 00435D3C
00435D32    806D E0 05         sub     byte ptr [ebp-20], 5           ;  Чֵ-5Ϊѭ
00435D36    E9 4F040000        jmp     0043618A
00435D3B    90                 nop


0043623A   /EB 03              jmp     short 0043623F                 ;  forѭͷ
0043623C   |FF45 F0            inc     dword ptr [ebp-10]             ;  ǰѭ
0043623F   \8B4D F0            mov     ecx, dword ptr [ebp-10]
00436242    3B4D E0            cmp     ecx, dword ptr [ebp-20]        ;  ҪѭĴ
00436245    90                 nop
00436246    90                 nop
00436247    90                 nop
00436248    90                 nop


޸Ĵˣ  ¼͸佫ս

00405E46    0FB645 FC          movzx   eax, byte ptr [ebp-4]
00405E4A    8B4D F4            mov     ecx, dword ptr [ebp-C]
00405E4D    8A5408 10          mov     dl, byte ptr [eax+ecx+10]      ;  ȡ佫ս
00405E51    80FA FF            cmp     dl, 0FF                        ;  Ƿ255
00405E54    0F84 23030000      je      0040617D
00405E5A    8851 01            mov     byte ptr [ecx+1], dl           ;  ת汻佫ս
00405E5D    B9 14F34C00        mov     ecx, 004CF314
00405E62    83C1 06            add     ecx, 6                         ;  б־λ+6
00405E65    8079 FC 18         cmp     byte ptr [ecx-4], 18           ;  Ƿлӳǵľ
00405E69    75 13              jnz     short 00405E7E
00405E6B    8079 FE 00         cmp     byte ptr [ecx-2], 0            ;  Ҫ¼佫
00405E6F    74 0D              je      short 00405E7E
00405E71    FE49 FE            dec     byte ptr [ecx-2]
00405E74    0FB641 FF          movzx   eax, byte ptr [ecx-1]          ;  ȡǰֵ
00405E78    881408             mov     byte ptr [eax+ecx], dl
00405E7B    FE41 FF            inc     byte ptr [ecx-1]
00405E7E    0FB6CA             movzx   ecx, dl
00405E81    90                 nop


         ݣ

         0F B6 45 FC 8B 4D F4 8A 54 08 10 80 FA FF 0F 84
         23 03 00 00 88 51 01 B9 14 F3 4C 00 83 C1 06 80
         79 FC 18 75 13 80 79 FE 00 74 0D FE 49 FE 0F B6
         41 FF 88 14 08 FE 41 FF 0F B6 CA 90



޸Ĵţ  ִ߼

004DA100  6A 01            push    1                                ; Ϊ0ʾ
004DA102  6A 00            push    0                                ; Ϊ6ӣ3
004DA104  50               push    eax                              ; Ҫ࣬0=1=~~5=004DA105  52               push    edx                              ; Ҫ佫DATA
004DA106  E8 5109F8FF      call    0045AA5C                         ; 佫ECX4B5DF0h
004DA10B  C3               retn
004DA10C  E8 D9C3FFFF      call    004D64EA                         ; ƺɫդ
004DA111  68 46585500      push    00555846                         ; "׹ʽ"
004DA116  B9 083D4B00      mov     ecx, 004B3D08
004DA11B  E8 46C2FFFF      call    004D6366                         ; սʾ
004DA120  B9 14F34C00      mov     ecx, 004CF314
004DA125  C641 02 18       mov     byte ptr [ecx+2], 18             ; длӳDATA
004DA129  83C1 04          add     ecx, 4                           ; ָб־+4
004DA12C  894D C4          mov     dword ptr [ebp-3C], ecx
004DA12F  8B01             mov     eax, dword ptr [ecx]
004DA131  8B51 04          mov     edx, dword ptr [ecx+4]
004DA134  8945 CC          mov     dword ptr [ebp-34], eax          ; ԭȫֱ
004DA137  8945 D0          mov     dword ptr [ebp-30], eax          ; עջַɸ
004DA13A  66:C701 0200     mov     word ptr [ecx], 2                ; Ҫ¼͸佫6Ỻ
004DA13F  FF75 F8          push    dword ptr [ebp-8]
004DA142  FF75 E4          push    dword ptr [ebp-1C]
004DA145  E8 3794FFFF      call    004D3581                         ; һ̨ʲ
004DA14A  8B45 CC          mov     eax, dword ptr [ebp-34]
004DA14D  8B4D C4          mov     ecx, dword ptr [ebp-3C]
004DA150  8701             xchg    dword ptr [ecx], eax
004DA152  8945 CC          mov     dword ptr [ebp-34], eax          ; עջַɸ
004DA155  8B45 D0          mov     eax, dword ptr [ebp-30]
004DA158  8741 04          xchg    dword ptr [ecx+4], eax
004DA15B  8945 D0          mov     dword ptr [ebp-30], eax
004DA15E  33C0             xor     eax, eax
004DA160  8945 E0          mov     dword ptr [ebp-20], eax          ; ͸佫0
004DA163  48               dec     eax
004DA164  8945 DC          mov     dword ptr [ebp-24], eax          ; ־(1)Ϊδ
004DA167  8945 D8          mov     dword ptr [ebp-28], eax          ; ־(2)Ϊδ
004DA16A  C745 C8 F05D4B00 mov     dword ptr [ebp-38], 004B5DF0
004DA171  E8 00C4FFFF      call    004D6576
004DA176  6A 0A            push    0A
004DA178  E8 9659FAFF      call    0047FB13                         ; 0~9
004DA17D  59               pop     ecx
004DA17E  8945 D4          mov     dword ptr [ebp-2C], eax          ; һ
004DA181  3C 05            cmp     al, 5
004DA183  77 12            ja      short 004DA197                   ; 5ڶλ
004DA185  75 02            jnz     short 004DA189                   ; ȡֵ0~4
004DA187  B0 01            mov     al, 1                            ; Ԥ
004DA189  8945 DC          mov     dword ptr [ebp-24], eax          ; ĵһ
004DA18C  8B55 F0          mov     edx, dword ptr [ebp-10]
004DA18F  8B4D C8          mov     ecx, dword ptr [ebp-38]
004DA192  E8 69FFFFFF      call    004DA100                         ; ü
004DA197  6A 0A            push    0A
004DA199  E8 7559FAFF      call    0047FB13
004DA19E  59               pop     ecx
004DA19   0145 D4          add     dword ptr [ebp-2C], eax          ; ֮
004DA1A2  3C 04            cmp     al, 4
004DA1A4  77 23            ja      short 004DA1C9                   ; 4ת佫
004DA1A6  8B4D DC          mov     ecx, dword ptr [ebp-24]
004DA1A9  8BD1             mov     edx, ecx
004DA1AB  42               inc     edx                              ; 鷢½Ĵ
004DA1AC  75 05            jnz     short 004DA1B3                   ; 佫ѷ½һ
004DA1AE  8945 DC          mov     dword ptr [ebp-24], eax
004DA1B1  EB 0B            jmp     short 004DA1BE
004DA1B3  3AC1             cmp     al, cl                           ; ڶһǷͬ
004DA1B5  75 04            jnz     short 004DA1BB
004DA1B7  B0 05            mov     al, 5
004DA1B9  FEC8             dec     al                               ; ǰһ֣ظ
004DA1BB  8945 D8          mov     dword ptr [ebp-28], eax
004DA1BE  8B55 F0          mov     edx, dword ptr [ebp-10]
004DA1C1  8B4D C8          mov     ecx, dword ptr [ebp-38]
004DA1C4  E8 37FFFFFF      call    004DA100
004DA1C9  8D5D CC          lea     ebx, dword ptr [ebp-34]          ; ͸佫½
004DA1CC  83C3 02          add     ebx, 2
004DA1CF  807B FF 01       cmp     byte ptr [ebx-1], 1              ; ⱻ͸佫
004DA1D3  76 56            jbe     short 004DA22B                   ; ڵ1
004DA1D5  8B45 DC          mov     eax, dword ptr [ebp-24]
004DA1D8  40               inc     eax                              ; 鱻佫½
004DA1D9  74 50            je      short 004DA22B                   ; λᶼʧת
004DA1DB  8B45 D8          mov     eax, dword ptr [ebp-28]
004DA1DE  8BC8             mov     ecx, eax
004DA1E0  41               inc     ecx
004DA1E1  74 0D            je      short 004DA1F0                   ; 佫ֻһ½
004DA1E3  8A4D D4          mov     cl, byte ptr [ebp-2C]
004DA1E6  F6C1 01          test    cl, 1                            ; ֮͵λ
004DA1E9  75 10            jnz     short 004DA1FB
004DA1EB  8B45 DC          mov     eax, dword ptr [ebp-24]          ; λΪ0ȡһ
004DA1EE  EB 0B            jmp     short 004DA1FB
004DA1F0  8A4D D4          mov     cl, byte ptr [ebp-2C]
004DA1F3  F6C1 01          test    cl, 1                            ; ֮͵λ
004DA1F6  74 33            je      short 004DA22B                   ; תѭ
004DA1F8  8B45 DC          mov     eax, dword ptr [ebp-24]
004DA1FB  8B4D C8          mov     ecx, dword ptr [ebp-38]
004DA1FE  8A53 FF          mov     dl, byte ptr [ebx-1]
004DA201  FECA             dec     dl                               ; ѭ=Ҫ¼-1
004DA203  3855 E0          cmp     byte ptr [ebp-20], dl
004DA206  73 23            jnb     short 004DA22B
004DA208  FE45 E0          inc     byte ptr [ebp-20]                ; ǰѭ1
004DA20B  0FB655 E0        movzx   edx, byte ptr [ebp-20]           ; ȡǰѭַ
004DA20F  0FB6141A         movzx   edx, byte ptr [edx+ebx]          ; ȡ¼佫ս
004DA213  6BD2 24          imul    edx, edx, 24
004DA216  81C2 502C4B00    add     edx, 004B2C50                    ; 佫սϢַ
004DA21C  8B12             mov     edx, dword ptr [edx]             ; ȡDATA
004DA21E  53               push    ebx
004DA21F  51               push    ecx
004DA220  50               push    eax
004DA221  E8 DAFEFFFF      call    004DA100
004DA226  58               pop     eax
004DA227  59               pop     ecx
004DA228  5B               pop     ebx
004DA229 ^EB D3            jmp     short 004DA1FE
004DA22B ^E9 598FFFFF      jmp     004D3189                         ; лӳǾд


         ݣ̫Ҫβճ

         6A 01 6A 00 50 52 E8 51 09 F8 FF C3 E8 D9 C3 FF
         FF 68 46 58 55 00 B9 08 3D 4B 00 E8 46 C2 FF FF
         B9 14 F3 4C 00 C6 41 02 18 83 C1 04 89 4D C4 8B
         01 8B 51 04 89 45 CC 89 45 D0 66 C7 01 02 00 FF
         75 F8 FF 75 E4 E8 37 94 FF FF 8B 45 CC 8B 4D C4
         87 01 89 45 CC 8B 45 D0 87 41 04 89 45 D0 33 C0
         89 45 E0 48 89 45 DC 89 45 D8 C7 45 C8 F0 5D 4B
         00 E8 00 C4 FF FF 6A 0A E8 96 59 FA FF 59 89 45
         D4 3C 05 77 12 75 02 B0 01 89 45 DC 8B 55 F0 8B
         4D C8 E8 69 FF FF FF 6A 0A E8 75 59 FA FF 59 01
         45 D4 3C 04 77 23 8B 4D DC 8B D1 42 75 05 89 45
         DC EB 0B 3A C1 75 04 B0 05 FE C8 89 45 D8 8B 55
         F0 8B 4D C8 E8 37 FF FF FF

                                    8D 5D CC 83 C3 02 80
         7B FF 01 76 56 8B 45 DC 40 74 50 8B 45 D8 8B C8
         41 74 0D 8A 4D D4 F6 C1 01 75 10 8B 45 DC EB 0B
         8A 4D D4 F6 C1 01 74 33 8B 45 DC 8B 4D C8 8A 53
         FF FE CA 38 55 E0 73 23 FE 45 E0 0F B6 55 E0 0F
         B6 14 1A 6B D2 24 81 C2 50 2C 4B 00 8B 12 53 51
         50 E8 DA FE FF FF 58 59 5B EB D3 E9 59 8F FF FF

;------------------------------------------------------------------------------------------------------------
---- Ӵԣ̱ʱ


޸Ĵһ

         004D3A9D   /E9 BA030000     jmp     004DA300


         004D3AA8   /E9 8B040000     jmp     004DA400


޸Ĵ  ɹԤ

004DA300  60                pushad                               ; 㴵ɹԤ
004DA301  BE 14F34C00       mov     esi, 004CF314
004DA306  83C6 04           add     esi, 4
004DA309  8975 D8           mov     dword ptr [ebp-28], esi
004DA30C  8B06              mov     eax, dword ptr [esi]
004DA30E  8945 E0           mov     dword ptr [ebp-20], eax      ; ȫֱ
004DA311  8B46 04           mov     eax, dword ptr [esi+4]
004DA314  8945 DC           mov     dword ptr [ebp-24], eax
004DA317  8B45 F4           mov     eax, dword ptr [ebp-C]       ; 佫սϢָ
004DA31A  8906              mov     dword ptr [esi], eax
004DA31C  83C6 04           add     esi, 4
004DA31F  66:C746 02 0010   mov     word ptr [esi+2], 1000       ; 佫
004DA325  8A45 ED           mov     al, byte ptr [ebp-13]        ; ս꣨)
004DA328  8A5D EC           mov     bl, byte ptr [ebp-14]        ; ս꣨ϵ
004DA32B  8A4D EF           mov     cl, byte ptr [ebp-11]
004DA32E  8A55 EE           mov     dl, byte ptr [ebp-12]
004DA331  3AC1              cmp     al, cl
004DA333  75 0D             jnz     short 004DA342
004DA335  3ADA              cmp     bl, dl
004DA337  73 09             jnb     short 004DA342
004DA339  880E              mov     byte ptr [esi], cl           ; ڱϷʱ
004DA33B  FEC2              inc     dl
004DA33D  8856 01           mov     byte ptr [esi+1], dl
004DA340  EB 36             jmp     short 004DA378
004DA342  3AC1              cmp     al, cl
004DA344  75 0D             jnz     short 004DA353
004DA346  3ADA              cmp     bl, dl
004DA348  76 09             jbe     short 004DA353
004DA34A  880E              mov     byte ptr [esi], cl           ; ڱ·ʱ
004DA34C  FECA              dec     dl
004DA34E  8856 01           mov     byte ptr [esi+1], dl
004DA351  EB 25             jmp     short 004DA378
004DA353  3ADA              cmp     bl, dl
004DA355  75 0D             jnz     short 004DA364
004DA357  3AC1              cmp     al, cl
004DA359  73 09             jnb     short 004DA364
004DA35B  FEC1              inc     cl
004DA35D  880E              mov     byte ptr [esi], cl           ; ڱʱ
004DA35F  8856 01           mov     byte ptr [esi+1], dl
004DA362  EB 14             jmp     short 004DA378
004DA364  3ADA              cmp     bl, dl
004DA366  75 0D             jnz     short 004DA375
004DA368  3AC1              cmp     al, cl
004DA36A  76 09             jbe     short 004DA375
004DA36C  FEC9              dec     cl                           ; ڱҲʱ
004DA36E  880E              mov     byte ptr [esi], cl
004DA370  8856 01           mov     byte ptr [esi+1], dl
004DA373  EB 03             jmp     short 004DA378
004DA375  61                popad                                ; Ƕ̱
004DA376  EB 2B             jmp     short 004DA3A3
004DA378  61                popad
004DA379  8B55 D8           mov     edx, dword ptr [ebp-28]
004DA37C  83C2 04           add     edx, 4
004DA37F  52                push    edx                          ; Ҫָ
004DA380  E8 FFB4F5FF       call    00435884                     ; ȡ08ջ佫ս
004DA385  5A                pop     edx
004DA386  3C FF             cmp     al, 0FF                      ; 佫򷵻0FFh
004DA388  75 19             jnz     short 004DA3A3
004DA38A  52                push    edx                          ; Ҫָ
004DA38B  E8 01B6F5FF       call    00435991                     ; ǷϷ
004DA390  5A                pop     edx
004DA391  25 FF000000       and     eax, 0FF
004DA396  50                push    eax
004DA397  8B4D F4           mov     ecx, dword ptr [ebp-C]       ; 佫սϢָ
004DA39A  E8 3054F6FF       call    0043F7CF                     ; ȡƶĿλĵƶ
004DA39F  3C FF             cmp     al, 0FF                      ; 0FFhΪƶ
004DA3A1  75 0B             jnz     short 004DA3AE
004DA3A3  33C0              xor     eax, eax
004DA3A5  48                dec     eax
004DA3A6  8B4D D8           mov     ecx, dword ptr [ebp-28]
004DA3A9  8901              mov     dword ptr [ecx], eax         ; ȫֱ־λ(1)
004DA3AB  8941 04           mov     dword ptr [ecx+4], eax       ; ȫֱ־λ(2)
004DA3AE  FF75 F8           push    dword ptr [ebp-8]
004DA3B1  FF75 E4           push    dword ptr [ebp-1C]
004DA3B4 ^E9 EA96FFFF       jmp     004D3AA3


         ݣ

         60 BE 14 F3 4C 00 83 C6 04 89 75 D8 8B 06 89 45
         E0 8B 46 04 89 45 DC 8B 45 F4 89 06 83 C6 04 66
         C7 46 02 00 10 8A 45 ED 8A 5D EC 8A 4D EF 8A 55
         EE 3A C1 75 0D 3A DA 73 09 88 0E FE C2 88 56 01
         EB 36 3A C1 75 0D 3A DA 76 09 88 0E FE CA 88 56
         01 EB 25 3A DA 75 0D 3A C1 73 09 FE C1 88 0E 88
         56 01 EB 14 3A DA 75 0D 3A C1 76 09 FE C9 88 0E
         88 56 01 EB 03 61 EB 2B 61 8B 55 D8 83 C2 04 52
         E8 FF B4 F5 FF 5A 3C FF 75 19 52 E8 01 B6 F5 FF
         5A 25 FF 00 00 00 50 8B 4D F4 E8 30 54 F6 FF 3C
         FF 75 0B 33 C0 48 8B 4D D8 89 01 89 41 04 FF 75
         F8 FF 75 E4 E9 EA 96 FF FF 90


޸Ĵ  غȫֱ

004DA3C0  8B45 E0      mov     eax, dword ptr [ebp-20]
004DA3C3  8B4D D8      mov     ecx, dword ptr [ebp-28]
004DA3C6  8901         mov     dword ptr [ecx], eax        ; ȫֱ
004DA3C8  8B45 DC      mov     eax, dword ptr [ebp-24]
004DA3CB  8941 04      mov     dword ptr [ecx+4], eax
004DA3CE  E8 A3C1FFFF  call    004D6576
004DA3D3 ^E9 D596FFFF  jmp     004D3AAD


         ݣ

         8B 45 E0 8B 4D D8 89 01 8B 45 DC 89 41 04 E8 A3
         C1 FF FF E9 D5 96 FF FF


޸Ĵģ  ʱ

0040463C -E9 AFFD0C00     jmp     004DA407
00404641  90              nop


004DA3E0  51              push    ecx                        ; 佫ʧֺ꣩ECX佫սϢָ
004DA3E1  50              push    eax                        ; EAXսţ0FFHʾʧ
004DA3E2  8D41 06         lea     eax, dword ptr [ecx+6]     ; ȡ佫ַ
004DA3E5  50              push    eax
004DA3E6  E8 15B5F5FF     call    00435900                   ; װر󣿣
004DA3EB  83C4 08         add     esp, 8
004DA3EE  59              pop     ecx
004DA3EF  E8 D558F6FF     call    0043FCC9                   ; ˢ
004DA3F4  C3              retn
004DA3F5  6A 01           push    1
004DA3F7  EB 06           jmp     short 004DA3FF
004DA3F9  6A 02           push    2
004DA3FB  EB 02           jmp     short 004DA3FF
004DA3FD  6A 0D           push    0D
004DA3FF  FF15 44614800   call    dword ptr [486144]         ; kernel32.Sleep
004DA405  EB 34           jmp     short 004DA43B
004DA407  8B8D F0EFFFFF   mov     ecx, dword ptr [ebp-1010]
004DA40D  B8 14F34C00     mov     eax, 004CF314
004DA412  8338 00         cmp     dword ptr [eax], 0         ; з־
004DA415  74 24           je      short 004DA43B
004DA417  83C0 04         add     eax, 4
004DA41A  66:8178 06 0010 cmp     word ptr [eax+6], 1000     ; 佫
004DA420  75 19           jnz     short 004DA43B
004DA422  8B10            mov     edx, dword ptr [eax]
004DA424  42              inc     edx                        ; Ƿ񷢶
004DA425  74 14           je      short 004DA43B
004DA427  80F9 09         cmp     cl, 9                      ; 佫
004DA42A ^74 C9           je      short 004DA3F5
004DA42C  80F9 0F         cmp     cl, 0F                     ; 佫
004DA42F ^74 CC           je      short 004DA3FD
004DA431  80F9 10         cmp     cl, 10                     ; ʾ˺ֵ
004DA434 ^74 C3           je      short 004DA3F9
004DA436  80F9 13         cmp     cl, 13                     ; ֶʾѭ
004DA439  74 05           je      short 004DA440
004DA43B -E9 02A2F2FF     jmp     00404642
004DA440  60              pushad
004DA441  8BEC            mov     ebp, esp
004DA443  83C4 F8         add     esp, -8
004DA446  8945 F8         mov     dword ptr [ebp-8], eax     ; EAX=004CF318
004DA449  8B08            mov     ecx, dword ptr [eax]       ; ȡ佫սϢָ
004DA44B  894D FC         mov     dword ptr [ebp-4], ecx
004DA44E  B8 FF000000     mov     eax, 0FF                   ; 佫
004DA453  E8 88FFFFFF     call    004DA3E0
004DA458  8B55 F8         mov     edx, dword ptr [ebp-8]
004DA45B  8A42 04         mov     al, byte ptr [edx+4]       ; ȡ
004DA45E  8B4D FC         mov     ecx, dword ptr [ebp-4]
004DA461  8841 06         mov     byte ptr [ecx+6], al
004DA464  8A42 05         mov     al, byte ptr [edx+5]       ; ȡ
004DA467  8841 07         mov     byte ptr [ecx+7], al
004DA46A  B8 502C4B00     mov     eax, 004B2C50
004DA46F  8A40 0F         mov     al, byte ptr [eax+F]       ; ȡĳ
004DA472  3C 01           cmp     al, 1
004DA474  77 04           ja      short 004DA47A
004DA476  04 02           add     al, 2                      ; ȡ
004DA478  EB 02           jmp     short 004DA47C
004DA47A  2C 02           sub     al, 2
004DA47C  8841 0F         mov     byte ptr [ecx+F], al       ; 浽佫սϢ
004DA47F  0FB641 04       movzx   eax, byte ptr [ecx+4]      ; ȡ佫ս
004DA483  E8 58FFFFFF     call    004DA3E0                   ; 佫
004DA488  8B45 F8         mov     eax, dword ptr [ebp-8]
004DA48B  33C9            xor     ecx, ecx
004DA48D  49              dec     ecx
004DA48E  8908            mov     dword ptr [eax], ecx       ; ȫֱ־λ(1)
004DA490  8948 04         mov     dword ptr [eax+4], ecx     ; ȫֱ־λ(2)
004DA493  8BE5            mov     esp, ebp
004DA495  61              popad
004DA496 -E9 62B2F2FF     jmp     004056FD


         ݣ

         51 50 8D 41 06 50 E8 15 B5 F5 FF 83 C4 08 59 E8
         D5 58 F6 FF C3 6A 01 EB 06 6A 02 EB 02 6A 0D FF
         15 44 61 48 00 EB 34 8B 8D F0 EF FF FF B8 14 F3
         4C 00 83 38 00 74 24 83 C0 04 66 81 78 06 00 10
         75 19 8B 10 42 74 14 80 F9 09 74 C9 80 F9 0F 74
         CC 80 F9 10 74 C3 80 F9 13 74 05 E9 02 A2 F2 FF
         60 8B EC 83 C4 F8 89 45 F8 8B 08 89 4D FC B8 FF
         00 00 00 E8 88 FF FF FF 8B 55 F8 8A 42 04 8B 4D
         FC 88 41 06 8A 42 05 88 41 07 B8 50 2C 4B 00 8A
         40 0F 3C 01 77 04 04 02 EB 02 2C 02 88 41 0F 0F
         B6 41 04 E8 58 FF FF FF 8B 45 F8 33 C9 49 89 08
         89 48 04 8B E5 61 E9 62 B2 F2 FF


;------------------------------------------------------------------------------------------------------------

----[ɽ]

          ޷˺


޸Ĵһ  Ӿַ¥

޸Ĵ  Ҽ佫ʱʾ¥


޸Ĵ  AIжʱ󶨷

004D777E   /75 26            jnz     short 004D77A6
004D7780   |90               nop
004D7781   |90               nop
004D7782   |90               nop
004D7783   |90               nop


004D77A6   83F8 23           cmp     eax, 23                          ;  DATA_35
004D77A9  /0F84 322D0000     je      004DA4E1
004D77AF  ^E9 0FFFFFFF       jmp     004D76C3


004D77FA   FF75 EC           push    dword ptr [ebp-14]               ; 佫DATA
004D77FD   FF75 0C           push    dword ptr [ebp+C]                ; 佫DATA
004D7800   E8 CDFDFFFF       call    004D75D2                         ; ο˫ʿ
004D7805   C3                retn


004DA4E0   90                nop
004DA4E1   E8 14D3FFFF       call    004D77FA
004DA4E6   85C0              test    eax, eax                         ; 0ʾ
004DA4E8  ^0F84 D5D1FFFF     je      004D76C3
004DA4EE   C605 50AC5500 01  mov     byte ptr [55AC50], 1             ; Ҿ־λ
004DA4F5  ^E9 CDD1FFFF       jmp     004D76C7


޸Ĵģ  ʱı

004D79A6   /75 19             jnz     short 004D79C1


004D79C1   803D 50AC5500 00   cmp     byte ptr [55AC50], 0
004D79C8  /0F85 F42A0000      jnz     004DA4C2
004D79CE  ^E9 0BFFFFFF        jmp     004D78DE

004DA4C1   90                 nop
004DA4C2   E8 23C0FFFF        call    004D64EA                         ; Ʊɫդ
004DA4C7   68 58585500        push    00555858                         ; "ɽ"
004DA4CC   B9 083D4B00        mov     ecx, 004B3D08
004DA4D1   E8 90BEFFFF        call    004D6366                         ; սʾ
004DA4D6   E8 9BC0FFFF        call    004D6576                         ; դ
004DA4DB  ^E9 FED3FFFF        jmp     004D78DE


޸Ĵ壺  趨

004D2FA1 ^\EB DF              jmp     short 004D2F82

004D2F82   803D 50AC5500 00   cmp     byte ptr [55AC50], 0
004D2F89   75 20              jnz     short 004D2FAB
004D2F8B  -E9 0986F6FF        jmp     0043B599                         ; Ϊ0ο


޸Ĵ  ޷

0040588C   83EC 14            sub     esp, 14

00406462  -E9 94400D00        jmp     004DA4FB                         ;  ޷Ч

004DA4FA   90                 nop
004DA4FB   B8 50AC5500        mov     eax, 0055AC50
004DA500   8038 00            cmp     byte ptr [eax], 0                ; Ҿ־
004DA503   74 08              je      short 004DA50D
004DA505   C600 00            mov     byte ptr [eax], 0
004DA508  -E9 DFBFF2FF        jmp     004064EC                         ; ת
004DA50D   6A 2C              push    2C                               ; ԭĴ
004DA50F   8B4D F0            mov     ecx, dword ptr [ebp-10]
004DA512  -E9 50BFF2FF        jmp     00406467


004064EC  -E9 C43F0D00        jmp     004DA4B5

004DA4B5   C605 50AC5500 00   mov     byte ptr [55AC50], 0
004DA4BC   5E                 pop     esi
004DA4BD   8BE5               mov     esp, ebp
004DA4BF   5D                 pop     ebp
004DA4C0   C3                 retn


޸Ĵߣ  뾫񹥻

00405A6A  -E9 A94A0D00        jmp     004DA518

004DA518   803D 50AC5500 00   cmp     byte ptr [55AC50], 0             ; Ҿ־
004DA51F   75 0C              jnz     short 004DA52D
004DA521   8B55 FC            mov     edx, dword ptr [ebp-4]           ; ԭĴ
004DA524   52                 push    edx
004DA525   8B45 F8            mov     eax, dword ptr [ebp-8]
004DA528  -E9 44B5F2FF        jmp     00405A71
004DA52D   8B45 F4            mov     eax, dword ptr [ebp-C]
004DA530   05 84000000        add     eax, 84
004DA535   8945 F0            mov     dword ptr [ebp-10], eax
004DA538   8B00               mov     eax, dword ptr [eax]
004DA53A   85C0               test    eax, eax                         ; ˺ֵǷΪ0
004DA53C   74 48              je      short 004DA586
004DA53E   8B4D F4            mov     ecx, dword ptr [ebp-C]
004DA541   0FB641 01          movzx   eax, byte ptr [ecx+1]            ; 佫ս
004DA545   6BC0 24            imul    eax, eax, 24
004DA548   05 502C4B00        add     eax, 004B2C50                    ; 佫սϢָ
004DA54D   8945 EC            mov     dword ptr [ebp-14], eax
004DA550   0FB640 14          movzx   eax, byte ptr [eax+14]           ; ȡ佫MPCur
004DA554   85C0               test    eax, eax
004DA556   74 2E              je      short 004DA586
004DA558   50                 push    eax                              ; 佫MPCur
004DA559   8B45 F0            mov     eax, dword ptr [ebp-10]
004DA55C   8B00               mov     eax, dword ptr [eax]             ; ȡ˺ֵ
004DA55E   33D2               xor     edx, edx
004DA560   B9 03000000        mov     ecx, 3
004DA565   F7F1               div     ecx                              ; ˺ֵ/3
004DA567   59                 pop     ecx
004DA568   3BC8               cmp     ecx, eax                         ; ȽMPCur루˺ֵ/3
004DA56A   7D 02              jge     short 004DA56E
004DA56C   8BC1               mov     eax, ecx                         ; 佫MPCurΪ˺ֵ
004DA56E   8945 F0            mov     dword ptr [ebp-10], eax
004DA571   8B55 F8            mov     edx, dword ptr [ebp-8]
004DA574   81E2 FF000000      and     edx, 0FF
004DA57A   8B4D F4            mov     ecx, dword ptr [ebp-C]
004DA57D   898491 54020000    mov     dword ptr [ecx+edx*4+254], eax   ; 佫MPCur˺ֵȫֱ
004DA584  ^EB 9B              jmp     short 004DA521
004DA586   33C0               xor     eax, eax
004DA588   48                 dec     eax
004DA589   8945 F0            mov     dword ptr [ebp-10], eax          ; MP޷ձ־
004DA58C  ^EB 93              jmp     short 004DA521


޸Ĵˣ  뾫մ

004DA590   803D 51AC5500 00  cmp     byte ptr [55AC51], 0
004DA597   0F85 A9010000     jnz     004DA746                         ; ɾѪ
004DA59D   803D 50AC5500 00  cmp     byte ptr [55AC50], 0            ; Ҿ־
004DA5A4   75 0E             jnz     short 004DA5B4
004DA5A6   8B55 F8           mov     edx, dword ptr [ebp-8]           ; ԭĴ
004DA5A9   81E2 FF000000     and     edx, 0FF
004DA5AF  -E9 99B5F2FF       jmp     00405B4D
004DA5B4   8B45 F0           mov     eax, dword ptr [ebp-10]
004DA5B7   40                inc     eax                              ;  MPǷ޷
004DA5B8  ^74 EC             je      short 004DA5A6
004DA5BA   8B4D F4           mov     ecx, dword ptr [ebp-C]
004DA5BD   8B49 08           mov     ecx, dword ptr [ecx+8]           ; 佫SAVӳ
004DA5C0   0FB641 20         movzx   eax, byte ptr [ecx+20]           ; ȡ浵еĹ佫MPֵ
004DA5C4   50                push    eax
004DA5C5   6A 06             push    6
004DA5C7   E8 42D6F2FF       call    00407C0E                         ; ȡECX佫ȫװĳһļӳɣ08ջ
004DA5CC   59                pop     ecx
004DA5CD   03C1              add     eax, ecx                         ; MPӳ+ֵ
004DA5CF   8945 EC           mov     dword ptr [ebp-14], eax
004DA5D2   8B4D F4           mov     ecx, dword ptr [ebp-C]
004DA5D5   8B49 0C           mov     ecx, dword ptr [ecx+C]           ; 佫սϢָ
004DA5D8   0FB641 14         movzx   eax, byte ptr [ecx+14]           ; ȡMPCur
004DA5DC   3B45 EC           cmp     eax, dword ptr [ebp-14]          ; 鹥佫MPǷ
004DA5DF  ^7D C5             jge     short 004DA5A6
004DA5E1   D16D F0           shr     dword ptr [ebp-10], 1            ; 佫MPֵ/2
004DA5E4   8BD0              mov     edx, eax
004DA5E6   0345 F0           add     eax, dword ptr [ebp-10]          ; MPCur+ֵ
004DA5E9   3B45 EC           cmp     eax, dword ptr [ebp-14]          ; Ƿ񳬹ֵ
004DA5EC   7C 07             jl      short 004DA5F5
004DA5EE   8B4D EC           mov     ecx, dword ptr [ebp-14]
004DA5F1   2BCA              sub     ecx, edx                         ; ֵ-MPCur
004DA5F3   8BC1              mov     eax, ecx
004DA5F5   8945 F0           mov     dword ptr [ebp-10], eax          ; ֵ
004DA5F8   F7D8              neg     eax                              ; 
004DA5FA   6A 01             push    1                                ; Ƿʾ
004DA5FC   6A 00             push    0                                ; EXPֵ
004DA5FE   6A 00             push    0                                ; EXPֵ
004DA600   6A 00             push    0                                ; 佫õľֵ
004DA602   50                push    eax                              ; MP
004DA603   6A 00             push    0                                ; HP
004DA605   8B4D F4           mov     ecx, dword ptr [ebp-C]
004DA608   0FB641 01         movzx   eax, byte ptr [ecx+1]
004DA60C   50                push    eax                              ; òһ佫ս
004DA60D   0FB601            movzx   eax, byte ptr [ecx]
004DA610   50                push    eax                              ; Ҫӻٵ佫ս
004DA611   E8 205AF7FF       call    00450036
004DA616   83C4 20           add     esp, 20
004DA619   8B4D F4           mov     ecx, dword ptr [ebp-C]
004DA61C   8B41 0C           mov     eax, dword ptr [ecx+C]
004DA61F   8A55 F0           mov     dl, byte ptr [ebp-10]
004DA622   0050 14           add     byte ptr [eax+14], dl            ; ظ佫MPCurֵ
004DA625  ^E9 7CFFFFFF       jmp     004DA5A6


         ݣ޸Ĵ~~ˣ004DA4C1~~004DA625

         90 E8 23 C0 FF FF 68 58 58 55 00 B9 08 3D 4B 00
         E8 90 BE FF FF E8 9B C0 FF FF E9 FE D3 FF FF 90
         E8 14 D3 FF FF 85 C0 0F 84 D5 D1 FF FF C6 05 50
         AC 55 00 01 E9 CD D1 FF FF 90 B8 50 AC 55 00 80
         38 00 74 08 C6 00 00 E9 DF BF F2 FF 6A 2C 8B 4D
         F0 E9 50 BF F2 FF 90 80 3D 50 AC 55 00 00 75 0C
         8B 55 FC 52 8B 45 F8 E9 44 B5 F2 FF 8B 45 F4 05
         84 00 00 00 89 45 F0 8B 00 85 C0 74 48 8B 4D F4
         0F B6 41 01 6B C0 24 05 50 2C 4B 00 89 45 EC 0F
         B6 40 14 85 C0 74 2E 50 8B 45 F0 8B 00 33 D2 B9
         03 00 00 00 F7 F1 59 3B C8 7D 02 8B C1 89 45 F0
         8B 55 F8 81 E2 FF 00 00 00 8B 4D F4 89 84 91 54
         02 00 00 EB 9B 33 C0 48 89 45 F0 EB 93 90 90 80
         3D 51 AC 55 00 00 0F 85 A9 01 00 00 80 3D 50 AC
         55 00 00 75 0E 8B 55 F8 81 E2 FF 00 00 00 E9 99
         B5 F2 FF 8B 45 F0 40 74 EC 8B 4D F4 8B 49 08 0F
         B6 41 20 50 6A 06 E8 42 D6 F2 FF 59 03 C1 89 45
         EC 8B 4D F4 8B 49 0C 0F B6 41 14 3B 45 EC 7D C5
         D1 6D F0 8B D0 03 45 F0 3B 45 EC 7C 07 8B 4D EC
         2B CA 8B C1 89 45 F0 F7 D8 6A 01 6A 00 6A 00 6A
         00 50 6A 00 8B 4D F4 0F B6 41 01 50 0F B6 01 50
         E8 20 5A F7 FF 83 C4 20 8B 4D F4 8B 41 0C 8A 55
         F0 00 50 14 E9 7C FF FF FF

;------------------------------------------------------------------------------------------------------------

----[Ѫħ]

          Ѫ˺40%

          ע⣺˴޸ǽڣ--[ɽ]޸ĵĻ


޸Ĵһ  Ӿַ¥


޸Ĵ  Ҽ佫ʱʾ

004D3D2D   83F8 2E           cmp     eax, 2E                          ; 
004D3D30   0F84 CA690000     je      004DA700
004D3D36  ^E9 8EFEFFFF       jmp     004D3BC9


޸Ĵ  AIжʱ󶨷

004D77AF   83F8 2E           cmp     eax, 2E                          ;  DATA_46
004D77B2   0F84 542F0000     je      004DA70C
004D77B8  ^E9 06FFFFFF       jmp     004D76C3


޸Ĵģ  ʱı

004D79CE   803D 51AC5500 00  cmp     byte ptr [55AC51], 0
004D79D5   0F85 4B2D0000     jnz     004DA726
004D79DB  ^E9 FEFEFFFF       jmp     004D78DE


޸Ĵ壺  ʱ־

004D7A1A   A2 51AC5500     mov     byte ptr [55AC51], al
004D7A1F   E8 5DE7F2FF     call    00406181                         ; жǷ
004D7A24  -E9 30EBF2FF     jmp     00406559


޸Ĵ  Ѫ루޸Ĵ~~Ĵ룩

004DA700   68 64585500       push    00555864
004DA705  -E9 2DE0F9FF       jmp     00478737
004DA70A   0000              add     byte ptr [eax], al
004DA70C   E8 E9D0FFFF       call    004D77FA
004DA711   85C0              test    eax, eax
004DA713  ^0F84 AACFFFFF     je      004D76C3
004DA719   C605 51AC5500 01  mov     byte ptr [55AC51], 1
004DA720  ^E9 A2CFFFFF       jmp     004D76C7
004DA725   90                nop
004DA726   E8 BFBDFFFF       call    004D64EA
004DA72B   68 6A585500       push    0055586A
004DA730   B9 083D4B00       mov     ecx, 004B3D08
004DA735   E8 2CBCFFFF       call    004D6366
004DA73A   E8 37BEFFFF       call    004D6576
004DA73F  ^E9 9AD1FFFF       jmp     004D78DE
004DA744   0000              add     byte ptr [eax], al
004DA746   8B45 F4           mov     eax, dword ptr [ebp-C]
004DA749   8BC8              mov     ecx, eax
004DA74B   05 84000000       add     eax, 84
004DA750   8B00              mov     eax, dword ptr [eax]             ; ȡ˺ֵ
004DA752   8945 F0           mov     dword ptr [ebp-10], eax
004DA755   85C0              test    eax, eax
004DA757   75 05             jnz     short 004DA75E
004DA759  ^E9 48FEFFFF       jmp     004DA5A6                         ; תԭĴ
004DA75E   8B49 08           mov     ecx, dword ptr [ecx+8]           ; 佫SAVӳ
004DA761   8B41 1C           mov     eax, dword ptr [ecx+1C]          ; ȡ浵еĹ佫HPֵ
004DA764   50                push    eax
004DA765   6A 05             push    5                                ; HP
004DA767   E8 A2D4F2FF       call    00407C0E                         ; ȡECX佫ȫװĳһļӳɣ08ջ
004DA76C   59                pop     ecx
004DA76D   03C1              add     eax, ecx                         ; HPӳ+ֵ
004DA76F   8945 EC           mov     dword ptr [ebp-14], eax
004DA772   8B4D F4           mov     ecx, dword ptr [ebp-C]
004DA775   8B49 0C           mov     ecx, dword ptr [ecx+C]
004DA778   8B41 10           mov     eax, dword ptr [ecx+10]          ; ȡHPCur
004DA77B   3B45 EC           cmp     eax, dword ptr [ebp-14]
004DA77E  ^7D D9             jge     short 004DA759
004DA780   50                push    eax
004DA781   8B45 F0           mov     eax, dword ptr [ebp-10]
004DA784   33C9              xor     ecx, ecx
004DA786   B1 28             mov     cl, 28
004DA788   F7E1              mul     ecx                              ; ˺*40
004DA78A   33D2              xor     edx, edx
004DA78C   B1 64             mov     cl, 64
004DA78E   F7F1              div     ecx                              ; ˺*40/100
004DA790   59                pop     ecx                              ; HPCur
004DA791   8BD1              mov     edx, ecx
004DA793   03C8              add     ecx, eax                         ; HPCur+Ѫֵ
004DA795   3B4D EC           cmp     ecx, dword ptr [ebp-14]          ; Ƿ񳬳ֵ
004DA798   7C 07             jl      short 004DA7A1
004DA79A   8B4D EC           mov     ecx, dword ptr [ebp-14]
004DA79D   2BCA              sub     ecx, edx                         ; ֵ-HPCur
004DA79F   8BC1              mov     eax, ecx
004DA7A1   8945 F0           mov     dword ptr [ebp-10], eax
004DA7A4   6A 01             push    1
004DA7A6   6A 00             push    0
004DA7A8   6A 00             push    0
004DA7AA   6A 00             push    0
004DA7AC   6A 00             push    0
004DA7AE   F7D8              neg     eax
004DA7B0   50                push    eax
004DA7B1   8B4D F4           mov     ecx, dword ptr [ebp-C]
004DA7B4   0FB641 01         movzx   eax, byte ptr [ecx+1]
004DA7B8   50                push    eax
004DA7B9   0FB601            movzx   eax, byte ptr [ecx]
004DA7BC   50                push    eax
004DA7BD   E8 7458F7FF       call    00450036                         ; ߡ佫EXPMPHPӼ
004DA7C2   83C4 20           add     esp, 20
004DA7C5   8B4D F4           mov     ecx, dword ptr [ebp-C]
004DA7C8   8B41 0C           mov     eax, dword ptr [ecx+C]           ; 佫սϢָ
004DA7CB   8B4D F0           mov     ecx, dword ptr [ebp-10]          ; Ѫֵ
004DA7CE   0148 10           add     dword ptr [eax+10], ecx          ; ظ佫HPCurֵ
004DA7D1  ^E9 D0FDFFFF       jmp     004DA5A6                         ; תԭĴ
004DA7D6   90                nop


         ݣ޸Ĵ~~ġ004DA700~~004DA7D6

         68 64 58 55 00 E9 2D E0 F9 FF 00 00 E8 E9 D0 FF
         FF 85 C0 0F 84 AA CF FF FF C6 05 51 AC 55 00 01
         E9 A2 CF FF FF 90 E8 BF BD FF FF 68 6A 58 55 00
         B9 08 3D 4B 00 E8 2C BC FF FF E8 37 BE FF FF E9
         9A D1 FF FF 00 00 8B 45 F4 8B C8 05 84 00 00 00
         8B 00 89 45 F0 85 C0 75 05 E9 48 FE FF FF 8B 49
         08 8B 41 1C 50 6A 05 E8 A2 D4 F2 FF 59 03 C1 89
         45 EC 8B 4D F4 8B 49 0C 8B 41 10 3B 45 EC 7D D9
         50 8B 45 F0 33 C9 B1 28 F7 E1 33 D2 B1 64 F7 F1
         59 8B D1 03 C8 3B 4D EC 7C 07 8B 4D EC 2B CA 8B
         C1 89 45 F0 6A 01 6A 00 6A 00 6A 00 6A 00 F7 D8
         50 8B 4D F4 0F B6 41 01 50 0F B6 01 50 E8 74 58
         F7 FF 83 C4 20 8B 4D F4 8B 41 0C 8B 4D F0 01 48
         10 E9 D0 FD FF FF 90

;------------------------------------------------------------------------------------------------------------

ʦͽ----

          ì͸

          ע⣺˴޸ǽڣ--[Ѫħ]޸ĵĻ


޸Ĵһ  Ӿַ¥


޸Ĵ  Ҽ佫ʱʾ

004D3D36   83F8 2A           cmp     eax, 2A                          ; ʦͽ
004D3D39   0F84 31690000     je      004DA670
004D3D3F  ^E9 85FEFFFF       jmp     004D3BC9


޸Ĵ  AIжʱ󶨷

004D77B8   83F8 2A           cmp     eax, 2A                          ; ʦͽ DATA_42
004D77BB   0F84 BB2E0000     je      004DA67C
004D77C1  ^E9 FDFEFFFF       jmp     004D76C3


޸Ĵģ  ʱı

004D79DB   803D 52AC5500 00  cmp     byte ptr [55AC52], 0
004D79E2   0F85 AE2C0000     jnz     004DA696
004D79E8  ^E9 F1FEFFFF       jmp     004D78DE


޸Ĵ壺  ʱ־

004D7A1F   A2 52AC5500       mov     byte ptr [55AC52], al
004D7A24   E8 58E7F2FF       call    00406181                         ; жǷ
004D7A29  -E9 2BEBF2FF       jmp     00406559


޸Ĵ  봩͸ô루޸Ĵ~~Ĵ룩

004DA670   68 76585500       push    00555876
004DA675  -E9 BDE0F9FF       jmp     00478737
004DA67A   0000              add     byte ptr [eax], al
004DA67C   E8 79D1FFFF       call    004D77FA
004DA681   85C0              test    eax, eax
004DA683  ^0F84 3AD0FFFF     je      004D76C3
004DA689   C605 52AC5500 01  mov     byte ptr [55AC52], 1
004DA690  ^E9 32D0FFFF       jmp     004D76C7
004DA695   90                nop
004DA696   E8 4FBEFFFF       call    004D64EA
004DA69B   68 7C585500       push    0055587C                         ; ASCII ""
004DA6A0   B9 083D4B00       mov     ecx, 004B3D08
004DA6A5   E8 BCBCFFFF       call    004D6366
004DA6AA   E8 C7BEFFFF       call    004D6576
004DA6AF  ^E9 2AD2FFFF       jmp     004D78DE
004DA6B4   0000              add     byte ptr [eax], al
004DA6B6   66:B8 0400        mov     ax, 4                            ; ì͸
004DA6BA  -E9 CCD1F2FF       jmp     0040788B                         ; ת͸
004DA6BF   90                nop


         ݣ޸Ĵ~~ġ004DA670~~004DA6BF

         68 76 58 55 00 E9 BD E0 F9 FF 00 00 E8 79 D1 FF
         FF 85 C0 0F 84 3A D0 FF FF C6 05 52 AC 55 00 01
         E9 32 D0 FF FF 90 E8 4F BE FF FF 68 7C 58 55 00
         B9 08 3D 4B 00 E8 BC BC FF FF E8 C7 BE FF FF E9
         2A D2 FF FF 00 00 66 B8 04 00 E9 CC D1 F2 FF 90

;------------------------------------------------------------------------------------------------------------

[޸]



ʹȫԱʹΪоѾսԣǱеͨ

          ע⣺˴޸ǽڣʹͨб˺ֿ޸ĵĻ


޸Ĵһ
 
00405EFB    - E9 02490D00   jmp     004DA802


޸Ĵ Ӿ־λ

004DA801   90              nop
004DA802   B8 1CAC5500     mov     eax, 0055AC1C
004DA807   8338 00         cmp     dword ptr [eax], 0               ;  DATA_32
004DA80A   75 37           jnz     short 004DA843
004DA80C   8378 04 00      cmp     dword ptr [eax+4], 0             ; ĳɶ DATA_33
004DA810   75 31           jnz     short 004DA843
004DA812   8378 08 00      cmp     dword ptr [eax+8], 0             ; ƽ DATA_101
004DA816   75 2B           jnz     short 004DA843
004DA818   8378 0C 00      cmp     dword ptr [eax+C], 0             ; Ԫ DATA_34
004DA81C   75 25           jnz     short 004DA843
004DA81E   8378 10 00      cmp     dword ptr [eax+10], 0            ;  DATA_44
004DA822   75 1F           jnz     short 004DA843
004DA824   8378 20 00      cmp     dword ptr [eax+20], 0            ; κͨ DATA_43
004DA828   75 19           jnz     short 004DA843
004DA82A   83C0 34         add     eax, 34                          ; EAX=55AC50H
004DA82D   8038 00         cmp     byte ptr [eax], 0                ;  DATA_35
004DA830   75 11           jnz     short 004DA843
004DA832   8078 01 00      cmp     byte ptr [eax+1], 0              ;  DATA_46
004DA836   75 0B           jnz     short 004DA843
004DA838   8078 02 00      cmp     byte ptr [eax+2], 0              ; ʦͽ DATA_42
004DA83C   75 05           jnz     short 004DA843
004DA83E  ^E9 868CFFFF     jmp     004D34C9
004DA843  -E9 F0B6F2FF     jmp     00405F38


         ݣ

         90 B8 1C AC 55 00 83 38 00 75 37 83 78 04 00 75
         31 83 78 08 00 75 2B 83 78 0C 00 75 25 83 78 10
         00 75 1F 83 78 20 00 75 19 83 C0 34 80 38 00 75
         11 80 78 01 00 75 0B 80 78 02 00 75 05 E9 86 8C
         FF FF E9 F0 B6 F2 FF

;------------------------------------------------------------------------------------------------------------

佫ʱָɳMPֵ޲ΪMPδ޷ʹþеź..


޸Ĵһ
 
004D6778  /E9 F5400000     jmp     004DA872                         ; 佫SAVӳָ


޸Ĵ

004DA872   50              push    eax                              ; ճɳֵǰMPֵӺĽ
004DA873   8B4D FC         mov     ecx, dword ptr [ebp-4]           ; 佫SAVӳָ
004DA876   6A 06           push    6                                ; MP
004DA878   E8 91D3F2FF     call    00407C0E                         ; ȡECX佫ȫװĳһļӳɣ08ջ
004DA87D   59              pop     ecx
004DA87E   03C1            add     eax, ecx                         ; ֵ+ȫװӳ
004DA880   50              push    eax                              ; ֵ
004DA881   8B4D FC         mov     ecx, dword ptr [ebp-4]
004DA884   66:8B01         mov     ax, word ptr [ecx]               ; ȡ佫
004DA887   25 FF0F0000     and     eax, 0FFF                        ; ȡ佫DATA
004DA88C   50              push    eax
004DA88D   E8 443CF6FF     call    0043E4D6                         ; ȡ08ջ佫ս
004DA892   5A              pop     edx
004DA893   3D FF000000     cmp     eax, 0FF
004DA898   74 17           je      short 004DA8B1
004DA89A   6BC0 24         imul    eax, eax, 24
004DA89D   05 502C4B00     add     eax, 004B2C50                    ; 佫սϢָ
004DA8A2   0FB648 14       movzx   ecx, byte ptr [eax+14]           ; ȡ佫MPCur
004DA8A6   024D 0C         add     cl, byte ptr [ebp+C]             ; MPCur+ɳֵ
004DA8A9   5A              pop     edx
004DA8AA   3ACA            cmp     cl, dl                           ; Ƿֵ
004DA8AC   77 0D           ja      short 004DA8BB
004DA8AE   8848 14         mov     byte ptr [eax+14], cl            ; 佫MPCur
004DA8B1   8B4D FC         mov     ecx, dword ptr [ebp-4]           ; ԭ
004DA8B4   8B01            mov     eax, dword ptr [ecx]
004DA8B6  ^E9 C2BEFFFF     jmp     004D677D
004DA8BB   8ACA            mov     cl, dl
004DA8BD  ^EB EF           jmp     short 004DA8AE
004DA8BF   90              nop


         ݣ

         50 8B 4D FC 6A 06 E8 91 D3 F2 FF 59 03 C1 50 8B
         4D FC 66 8B 01 25 FF 0F 00 00 50 E8 44 3C F6 FF
         5A 3D FF 00 00 00 74 17 6B C0 24 05 50 2C 4B 00
         0F B6 48 14 02 4D 0C 5A 3A CA 77 0D 88 48 14 8B
         4D FC 8B 01 E9 C2 BE FF FF 8A CA EB EF 90

;------------------------------------------------------------------------------------------------------------

˷ǳĴ룬һЩעͲֲһ׼ȷο



[ťϢӦ] ϸᷴġе޸İ취


0043E17B   .- E9 99460900            jmp     004D2819



004D2819    837D D0 06               cmp     dword ptr [ebp-30], 6
004D281D  - 0F87 90B9F6FF            ja      0043E1B3
004D2823    837D D0 04               cmp     dword ptr [ebp-30], 4            ; []ťID
004D2827    74 02                    je      short 004D282B
004D2829    EB 0D                    jmp     short 004D2838
004D282B    8B4D D4                  mov     ecx, dword ptr [ebp-2C]          ; ȡ佫սϢָ
004D282E    E8 D4070000              call    004D3007                         ; аťӦ
004D2833  - E9 7BB9F6FF              jmp     0043E1B3
004D2838    837D D0 05               cmp     dword ptr [ebp-30], 5



004D3007    55                       push    ebp                              ; аťӦ
004D3008    8BEC                     mov     ebp, esp
004D300A    83EC 20                  sub     esp, 20
004D300D    894D FC                  mov     dword ptr [ebp-4], ecx           ; 佫սϢָ
004D3010    E8 5BC6F8FF              call    0045F670                         ; ȡECX佫DATA
004D3015    8945 F8                  mov     dword ptr [ebp-8], eax
004D3018    50                       push    eax
004D3019    E8 26240000              call    004D5444                         ; 08ջ佫Ƿھ
004D301E    83C4 04                  add     esp, 4
004D3021    85C0                     test    eax, eax
004D3023    75 11                    jnz     short 004D3036
004D3025    68 20555500              push    00555520                         ; ASCII "޾"
004D302A    6A 02                    push    2
004D302C    E8 68C6F5FF              call    0042F699
004D3031    83C4 08                  add     esp, 8
004D3034    EB 60                    jmp     short 004D3096
004D3036    90                       nop
004D3037    90                       nop
004D3038    90                       nop
004D3039    8B45 F8                  mov     eax, dword ptr [ebp-8]           ; ȡ佫DATA
004D303C    6BC0 48                  imul    eax, eax, 48
004D303F    05 0000D600              add     eax, 0D60000                     ; 佫SAVӳ
004D3044    8BC8                     mov     ecx, eax                         ; ECXĿ佫SAVӳ
004D3046    6A 06                    push    6
004D3048    E8 3A3DF3FF              call    00406D87                         ; ȡECX佫MPֵ
004D304D    8945 F4                  mov     dword ptr [ebp-C], eax
004D3050    8B4D FC                  mov     ecx, dword ptr [ebp-4]           ; 佫սϢָ
004D3053    E8 E8F7F9FF              call    00472840                         ; ȡECX佫MPCur
004D3058    8B4D F4                  mov     ecx, dword ptr [ebp-C]
004D305B    3BC1                     cmp     eax, ecx                         ; MPǷ
004D305D    74 14                    je      short 004D3073
004D305F    68 28555500              push    00555528
004D3064    6A 02                    push    2
004D3066    E8 2EC6F5FF              call    0042F699                         ; ʾMPδ
004D306B    83C4 08                  add     esp, 8
004D306E    EB 26                    jmp     short 004D3096                   ; תаť¼
004D3070    90                       nop
004D3071    90                       nop
004D3072    90                       nop
004D3073    C705 14F34C00 01000000   mov     dword ptr [4CF314], 1            ; дз
004D307D    8B45 F8                  mov     eax, dword ptr [ebp-8]
004D3080    50                       push    eax                              ; @1佫DATA
004D3081    8B4D FC                  mov     ecx, dword ptr [ebp-4]           ; @ECX佫սϢָ
004D3084    E8 1C000000              call    004D30A5                         ; д
004D3089    83C4 04                  add     esp, 4
004D308C    C705 14F34C00 00000000   mov     dword ptr [4CF314], 0            ; б
004D3096    8BE5                     mov     esp, ebp
004D3098    5D                       pop     ebp
004D3099    C3                       retn



004D5444    55                       push    ebp                              ; 08ջ佫Ƿھ
004D5445    8BEC                     mov     ebp, esp
004D5447    83EC 0C                  sub     esp, 0C
004D544A    33C0                     xor     eax, eax
004D544C    8B45 08                  mov     eax, dword ptr [ebp+8]           ; 佫DATA
004D544F    85C0                     test    eax, eax
004D5451  ^ 74 E2                    je      short 004D5435                   ;  DATA_00
004D5453    83F8 01                  cmp     eax, 1                           ; ҧ DATA_01
004D5456    74 02                    je      short 004D545A
004D5458    EB 18                    jmp     short 004D5472
004D545A    33C0                     xor     eax, eax
004D545C    66:A1 04AC5500           mov     ax, word ptr [55AC04]            ; ƣȫֱ־λ
004D5462    85C0                     test    eax, eax
004D5464  ^ 74 C8                    je      short 004D542E
004D5466    A0 06AC5500              mov     al, byte ptr [55AC06]            ; ƣȫֱ־λ
004D546B    90                       nop
004D546C    85C0                     test    eax, eax
004D546E  ^ 74 C5                    je      short 004D5435
004D5470  ^ EB BC                    jmp     short 004D542E
004D5472    83F8 05                  cmp     eax, 5                           ;  DATA_05
004D5475  ^ 74 BE                    je      short 004D5435
004D5477    83F8 07                  cmp     eax, 7                           ;  DATA_07
004D547A  ^ 74 B9                    je      short 004D5435
004D547C    83F8 08                  cmp     eax, 8                           ;  DATA_08
004D547F  ^ 74 B4                    je      short 004D5435
004D5481    83F8 0E                  cmp     eax, 0E                          ;  DATA_14
004D5484  ^ 74 AF                    je      short 004D5435
004D5486    83F8 11                  cmp     eax, 11                          ; Ԫ DATA_17
004D5489  ^ 74 AA                    je      short 004D5435
004D548B    83F8 13                  cmp     eax, 13                          ; ޳ DATA_19
004D548E  ^ 74 A5                    je      short 004D5435
004D5490    83F8 1A                  cmp     eax, 1A                          ;  DATA_26
004D5493  ^ 74 A0                    je      short 004D5435
004D5495    83F8 18                  cmp     eax, 18                          ; лӳ DATA_24
004D5498  ^ 74 9B                    je      short 004D5435
004D549A  ^ EB 92                    jmp     short 004D542E

004D319A   /0F84 AE000000            je      004D324E                         ; ޳
004D31A0   |83FB 18                  cmp     ebx, 18                          ; Ƿлӳ
004D31A3   |0F84 636F0000            je      004DA10C
004D31A9  ^|EB DE                    jmp     short 004D3189                   ; 佫

004D542E    33C0                     xor     eax, eax
004D5430    8BE5                     mov     esp, ebp
004D5432    5D                       pop     ebp
004D5433    C3                       retn
004D5434    90                       nop
004D5435    B8 01000000              mov     eax, 1                           ; 棬ʾо
004D543A    8BE5                     mov     esp, ebp
004D543C    5D                       pop     ebp
004D543D    C3                       retn



004D30A5    55                       push    ebp                              ; д
004D30A6    8BEC                     mov     ebp, esp
004D30A8    83EC 44                  sub     esp, 44                          ; 68ֽڶջ
004D30AB    894D FC                  mov     dword ptr [ebp-4], ecx           ; 佫սϢָ
004D30AE    837D 08 1A               cmp     dword ptr [ebp+8], 1A            ; 佫ǷΪ  DATA_26
004D30B2    75 0A                    jnz     short 004D30BE
004D30B4    90                       nop
004D30B5    90                       nop
004D30B6    90                       nop
004D30B7    90                       nop
004D30B8    90                       nop
004D30B9    E9 1B050000              jmp     004D35D9                         ; 
004D30BE    68 FF000000              push    0FF                              ; @0045533D4
004D30C3    6A 01                    push    1                                ; @0045533D3
004D30C5    8B4D FC                  mov     ecx, dword ptr [ebp-4]           ; 佫սϢָ
004D30C8    E8 F1C7F6FF              call    0043F8BE                         ; ȡECX佫ĹΧ
004D30CD    50                       push    eax                              ; @0045533D2
004D30CE    8B45 FC                  mov     eax, dword ptr [ebp-4]           ; 佫սϢָ
004D30D1    8A48 04                  mov     cl, byte ptr [eax+4]             ; սϢ+4Ϊս
004D30D4    51                       push    ecx                              ; @0045533D1
004D30D5    B9 50424B00              mov     ecx, 004B4250                    ; @0045533D ECX
004D30DA    E8 5E22F8FF              call    0045533D                         ; ȴȡѡеĵ
004D30DF    8845 F4                  mov     byte ptr [ebp-C], al             ; ر佫ս
004D30E2    25 FF000000              and     eax, 0FF
004D30E7    3D FF000000              cmp     eax, 0FF
004D30EC    0F84 A1000000            je      004D3193                         ; ǵо
004D30F2    8945 F8                  mov     dword ptr [ebp-8], eax           ; 佫ս
004D30F5    6BC0 24                  imul    eax, eax, 24
004D30F8    05 502C4B00              add     eax, 004B2C50
004D30FD    8945 F4                  mov     dword ptr [ebp-C], eax           ; ָ򱻹佫սϢ
004D3100    8B45 FC                  mov     eax, dword ptr [ebp-4]           ; 佫սϢָ
004D3103    33DB                     xor     ebx, ebx
004D3105    8A58 04                  mov     bl, byte ptr [eax+4]
004D3108    895D E4                  mov     dword ptr [ebp-1C], ebx          ; 佫ս
004D310B    8B4D FC                  mov     ecx, dword ptr [ebp-4]
004D310E    C641 14 00               mov     byte ptr [ecx+14], 0             ; 佫MPCur0
004D3112    33D2                     xor     edx, edx
004D3114    8B4D FC                  mov     ecx, dword ptr [ebp-4]
004D3117    8A51 06                  mov     dl, byte ptr [ecx+6]             ; ս()
004D311A    3E:8855 ED               mov     byte ptr ds:[ebp-13], dl
004D311E    8A51 07                  mov     dl, byte ptr [ecx+7]             ; ս(ϵ)
004D3121    3E:8855 EC               mov     byte ptr ds:[ebp-14], dl
004D3125    8B45 F8                  mov     eax, dword ptr [ebp-8]           ; 佫ս
004D3128    6BC0 24                  imul    eax, eax, 24
004D312B    05 502C4B00              add     eax, 004B2C50                    ; 佫սϢַ
004D3130    8A50 06                  mov     dl, byte ptr [eax+6]             ; ս()
004D3133    3E:8855 EF               mov     byte ptr ds:[ebp-11], dl
004D3137    8A50 07                  mov     dl, byte ptr [eax+7]             ; ս(ϵ)
004D313A    3E:8855 EE               mov     byte ptr ds:[ebp-12], dl
004D313E    8B10                     mov     edx, dword ptr [eax]             ; DATA
004D3140    8955 F0                  mov     dword ptr [ebp-10], edx
004D3143    8B5D 08                  mov     ebx, dword ptr [ebp+8]           ; 1佫DATA
004D3146    85DB                     test    ebx, ebx
004D3148    0F84 3B090000            je      004D3A89                         ; 
004D314E    83FB 01                  cmp     ebx, 1                           ; ҧ
004D3151  ^ 0F84 01FDFFFF            je      004D2E58
004D3157    83FB 05                  cmp     ebx, 5                           ; 
004D315A    0F84 E5070000            je      004D3945
004D3160    83FB 07                  cmp     ebx, 7                           ; 
004D3163    0F84 0E070000            je      004D3877
004D3169    83FB 08                  cmp     ebx, 8                           ; 
004D316C    74 52                    je      short 004D31C0
004D316E    83FB 0E                  cmp     ebx, 0E                          ; 
004D3171    0F84 A6000000            je      004D321D
004D3177    83FB 11                  cmp     ebx, 11                          ; Ԫ
004D317A    0F84 AF030000            je      004D352F
004D3180    83FB 13                  cmp     ebx, 13                          ; Ƿ޳
004D3183    EB 15                    jmp     short 004D319A
004D3185    90                       nop
004D3186    90                       nop
004D3187    90                       nop
004D3188    90                       nop
004D3189    6A 06                    push    6
004D318B    8B4D FC                  mov     ecx, dword ptr [ebp-4]           ; 佫սϢָ
004D318E    E8 85F5F6FF              call    00442718                         ; 佫Ƿж
004D3193    8BE5                     mov     esp, ebp
004D3195    5D                       pop     ebp
004D3196    C3                       retn



0043F8BE   $  55                     push    ebp                              ;  ȡECX佫Χ
0043F8BF   .  8BEC                   mov     ebp, esp
0043F8C1   .  83EC 08                sub     esp, 8
0043F8C4   .  894D FC                mov     dword ptr [ebp-4], ecx           ;  佫սϢָ
0043F8C7   .- E9 613B0900            jmp     004D342D
0043F8CC   .  8B08                   mov     ecx, dword ptr [eax]
0043F8CE   .  6BC9 48                imul    ecx, ecx, 48
0043F8D1   .  81C1 0000D600          add     ecx, 0D60000
0043F8D7   .  894D F8                mov     dword ptr [ebp-8], ecx           ;  佫SAVӳ
0043F8DA   .  E8 2A81FCFF            call    00407A09                         ;  ECX佫ǷװЧΪ08ջĵ
0043F8DF   .  85C0                   test    eax, eax
0043F8E1   .  74 0C                  je      short 0043F8EF
0043F8E3   .  6A 2A                  push    2A
0043F8E5   .  8B4D F8                mov     ecx, dword ptr [ebp-8]
0043F8E8   .  E8 0582FCFF            call    00407AF2                         ;  ȡECX佫װΪ08ջߵЧֵ
0043F8ED   .  EB 24                  jmp     short 0043F913
0043F8EF   >  90                     nop
0043F8F0   .^ E9 0ADAFEFF            jmp     0042D2FF
0043F8F5   >  8B4D FC                mov     ecx, dword ptr [ebp-4]           ;  佫սϢָ
0043F8F8   .  E8 73E6FDFF            call    0041DF70                         ;  ȡECX佫ı
0043F8FD   .  8AC8                   mov     cl, al
0043F8FF   .  81E1 FF000000          and     ecx, 0FF
0043F905   .  6BC9 1B                imul    ecx, ecx, 1B
0043F908   .  81C1 A0BF4A00          add     ecx, 004ABFA0
0043F90E   .  E8 8D000100            call    0044F9A0                         ;  ȡECXֵĹΧ
0043F913   >  8BE5                   mov     esp, ebp
0043F915   .  5D                     pop     ebp
0043F916   .  C3                     retn

004D342D    A1 14F34C00              mov     eax, dword ptr [4CF314]          ; з־
004D3432    85C0                     test    eax, eax
004D3434    75 0A                    jnz     short 004D3440
004D3436    6A 2A                    push    2A                               ; 2AHЧţԶ๥
004D3438    8B45 FC                  mov     eax, dword ptr [ebp-4]           ; 佫սϢָ
004D343B  - E9 8CC4F6FF              jmp     0043F8CC                         ; Ǳеľлͨж
004D3440    8B01                     mov     eax, dword ptr [ecx]             ; ȡ佫DATA
004D3442    83F8 08                  cmp     eax, 8                           ; 
004D3445    75 0A                    jnz     short 004D3451
004D3447    B8 06000000              mov     eax, 6                           ; ıԭΧʮ
004D344C  - E9 C2C4F6FF              jmp     0043F913                         ; תȡΧ
004D3451    83F8 05                  cmp     eax, 5                           ; 
004D3454    74 11                    je      short 004D3467
004D3456    83F8 07                  cmp     eax, 7                           ; 
004D3459    74 0C                    je      short 004D3467
004D345B    83F8 0E                  cmp     eax, 0E                          ; 
004D345E    74 07                    je      short 004D3467
004D3460    83F8 13                  cmp     eax, 13                          ; ޳
004D3463    74 02                    je      short 004D3467
004D3465  ^ EB CF                    jmp     short 004D3436                   ; 佫
004D3467    33C0                     xor     eax, eax                         ; ̶̱
004D3469  - E9 A5C4F6FF              jmp     0043F913                         ; תȡΧ

0042D2FF   > /6A 15                  push    15                               ;  15HЧţÿغϻEXP
0042D301   . |8B4D F8                mov     ecx, dword ptr [ebp-8]           ;  佫SAVӳ
0042D304   . |E8 00A7FDFF            call    00407A09                         ;  ECX佫ǷװЧΪ08ջĵ
0042D309   . |84C0                   test    al, al
0042D30B   . |74 23                  je      short 0042D330
0042D30D   . |8B4D F8                mov     ecx, dword ptr [ebp-8]           ;  佫SAVӳ
0042D310   . |E8 FB92FDFF            call    00406610                         ;  ȡECX佫ı
0042D315   . |3C 0F                  cmp     al, 0F                           ;  ̽; Switch (cases F..11)
0042D317   . |75 04                  jnz     short 0042D31D
0042D319   . |B0 07                  mov     al, 7                            ;  ıԭΧ; Case F of switch 0042D315
0042D31B   . |EB 0E                  jmp     short 0042D32B
0042D31D   > |3C 10                  cmp     al, 10                           ;  ̿
0042D31F   . |75 04                  jnz     short 0042D325
0042D321   . |B0 08                  mov     al, 8                            ;  Case 10 of switch 0042D315
0042D323   . |EB 06                  jmp     short 0042D32B
0042D325   > |3C 11                  cmp     al, 11                           ;  Ӱ
0042D327   . |75 07                  jnz     short 0042D330
0042D329   . |B0 08                  mov     al, 8                            ;  Case 11 of switch 0042D315
0042D32B   > |E9 E3250100            jmp     0043F913                         ;  תȡΧ

;------------------------------------------------------------------------------------------------------------

[еı趨]

004D2F82    803D 50AC5500 00         cmp     byte ptr [55AC50], 0
004D2F89    75 20                    jnz     short 004D2FAB
004D2F8B  - E9 0986F6FF              jmp     0043B599                         ; Ϊ0ο
004D2F90    E8 DBC6F8FF              call    0045F670                         ; ȡECX佫DATA
004D2F95    33C9                     xor     ecx, ecx
004D2F97    8B0D 14F34C00            mov     ecx, dword ptr [4CF314]
004D2F9D    85C9                     test    ecx, ecx                         ; з־
004D2F9F    75 05                    jnz     short 004D2FA6
004D2FA1  ^ EB DF                    jmp     short 004D2F82
004D2FA3    90                       nop
004D2FA4    90                       nop
004D2FA5    90                       nop
004D2FA6    83F8 01                  cmp     eax, 1                           ; ǷΪҧ
004D2FA9    74 0A                    je      short 004D2FB5                   ; ߼
004D2FAB    B8 64000000              mov     eax, 64                          ; Ϊ100
004D2FB0  - E9 7D87F6FF              jmp     0043B732
004D2FB5    6A 08                    push    8                                ; ԶƵ3λ
004D2FB7    8B4D DC                  mov     ecx, dword ptr [ebp-24]          ; սϢָ
004D2FBA    E8 2137F3FF              call    004066E0                         ; ECX佫쳣״̬
004D2FBF    85C0                     test    eax, eax                         ; Ƶ3λΪ1򷵻
004D2FC1  ^ 75 E8                    jnz     short 004D2FAB                   ; д״̬Ϊ100
004D2FC3    B8 32000000              mov     eax, 32                          ; Ϊ50
004D2FC8  - E9 6587F6FF              jmp     0043B732



[һ]

004D34C9    33DB                     xor     ebx, ebx
004D34CB    8B1D 14F34C00            mov     ebx, dword ptr [4CF314]
004D34D1    85DB                     test    ebx, ebx                         ; з־
004D34D3    75 0A                    jnz     short 004D34DF
004D34D5    E8 8F28F3FF              call    00405D69                         ; ȡ佫һ
004D34DA  - E9 212AF3FF              jmp     00405F00
004D34DF    8B45 F4                  mov     eax, dword ptr [ebp-C]           ; ȡϢָ
004D34E2    8B48 0C                  mov     ecx, dword ptr [eax+C]           ; 4927F0+0C Ϊ佫սϢָ
004D34E5    E8 86C1F8FF              call    0045F670                         ; ȡDATA
004D34EA    83F8 07                  cmp     eax, 7                           ; 
004D34ED    74 0A                    je      short 004D34F9
004D34EF    83F8 1A                  cmp     eax, 1A                          ; 
004D34F2    74 05                    je      short 004D34F9
004D34F4  - E9 3F2AF3FF              jmp     00405F38                         ; ֱӷ
004D34F9    33C0                     xor     eax, eax                         ; 0
004D34FB  ^ 74 DD                    je      short 004D34DA


[ӷ趨]

004D3501    E8 8FC0F6FF              call    0043F595                         ; ȡз״̬
004D3506    33C9                     xor     ecx, ecx
004D3508    8B0D 14F34C00            mov     ecx, dword ptr [4CF314]
004D350E    85C9                     test    ecx, ecx                         ; з־
004D3510  - 0F84 DA87F6FF            je      0043BCF0                         ; δת
004D3516    8B4D D4                  mov     ecx, dword ptr [ebp-2C]          ; ȡսϢָ
004D3519    8B11                     mov     edx, dword ptr [ecx]             ; ȡ佫DATA
004D351B    83FA 11                  cmp     edx, 11                          ; з佫ǷΪԪ
004D351E  - 0F85 CC87F6FF            jnz     0043BCF0
004D3524    33C0                     xor     eax, eax
004D3526  - E9 C587F6FF              jmp     0043BCF0                         ; з0


[͸Чж]

00407818   $  55                     push    ebp                              ;  ͸ж
00407819   .  8BEC                   mov     ebp, esp
0040781B   .  83EC 0C                sub     esp, 0C
0040781E   .  894D F8                mov     dword ptr [ebp-8], ecx           ;  ָ򹥻佫SAVӳ
00407821      E9 28050000            jmp     00407D4E
00407826      E8 A5FFFFFF            call    004077D0                         ;  ȡECX佫ְҵ(תΪһְҵ)
0040782B      833D 20AC5500 01       cmp     dword ptr [55AC20], 1            ;  ĳɶ־Ź͸
00407832      74 41                  je      short 00407875
00407834   .  90                     nop
00407835   .  3C 17                  cmp     al, 17                           ;  ڳ
00407837   .  74 06                  je      short 0040783F
00407839   .  3C 02                  cmp     al, 2                            ;  ǹ
0040783B   .  74 08                  je      short 00407845
0040783D   .  EB 0C                  jmp     short 0040784B
0040783F   >  C645 FC 05             mov     byte ptr [ebp-4], 5              ;  6
00407843   .  EB 43                  jmp     short 00407888
00407845   >  C645 FC 04             mov     byte ptr [ebp-4], 4              ;  2
00407849   .  EB 3D                  jmp     short 00407888
0040784B   >  6A 15                  push    15                               ;  ÿغϻEXP??
0040784D   .  8B4D F8                mov     ecx, dword ptr [ebp-8]
00407850   .  E8 B4010000            call    00407A09                         ;  ECX佫ǷװЧΪ08ջ
00407855   .  85C0                   test    eax, eax
00407857   .  74 22                  je      short 0040787B
00407859   .  8B4D F8                mov     ecx, dword ptr [ebp-8]
0040785C   .  E8 AFEDFFFF            call    00406610                         ;  ȡECX佫ı(0~52)
00407861   .  3C 0F                  cmp     al, 0F                           ;  ̽; Switch (cases F..11)
00407863   .  75 02                  jnz     short 00407867
00407865   .  EB 04                  jmp     short 0040786B                   ;  Case F of switch 00407861
00407867   >  3C 10                  cmp     al, 10                           ;  ̿
00407869   .  75 06                  jnz     short 00407871
0040786B   >  C645 FC 01             mov     byte ptr [ebp-4], 1              ;  ʮִ͸; Case 10 of switch 00407861
0040786F   .  EB 17                  jmp     short 00407888
00407871   >  3C 11                  cmp     al, 11                           ;  Ӱ
00407873   .  75 06                  jnz     short 0040787B
00407875   >  C645 FC 02             mov     byte ptr [ebp-4], 2              ;  Ź͸; Case 11 of switch 00407861
00407879   .  EB 0D                  jmp     short 00407888
0040787B   >  6A 2B                  push    2B                               ;  ͸Ч; Default case of switch 00407861
0040787D   .  8B4D F8                mov     ecx, dword ptr [ebp-8]           ;  ָ򹥻佫SAVӳ
00407880   .  E9 B05A0200            jmp     0042D335                         ;  佫Ƿװ͸߲ȡЧֵ
00407885   .  8845 FC                mov     byte ptr [ebp-4], al
00407888   >  8A45 FC                mov     al, byte ptr [ebp-4]
0040788B   .  8BE5                   mov     esp, ebp
0040788D   .  5D                     pop     ebp
0040788E   .  C3                     retn

00407D4E      803D 14F34C00 00       cmp     byte ptr [4CF314], 0             ;  з־
00407D55    - 0F85 89230D00          jnz     004DA0E4
00407D5B      803D 3FAC5500 00       cmp     byte ptr [55AC3F], 0             ;  []־
00407D62    - 0F85 4E290D00          jnz     004DA6B6
00407D68      C645 FC 00             mov     byte ptr [ebp-4], 0              ;  ʼֲΪ0(޴͸)
00407D6C    ^ E9 B5FAFFFF            jmp     00407826                         ;  һж

0042D335   > \E8 CFA6FDFF            call    00407A09                         ;  ECX佫ǷװЧΪ08ջ
0042D33A   .  85C0                   test    eax, eax
0042D33C   .  74 0D                  je      short 0042D34B
0042D33E   .  6A 2B                  push    2B
0042D340   .  8B4D F8                mov     ecx, dword ptr [ebp-8]
0042D343   .  E8 AAA7FDFF            call    00407AF2                         ;  ȡECX佫װЧΪ08ջߵЧֵ
0042D348   .  8845 FC                mov     byte ptr [ebp-4], al
0042D34B   >^ E9 38A5FDFF            jmp     00407888                         ;  ת͸ж



;------------------------------------------------------------------------------------------------------------

[еĲͬ] ֻ˼أûжȫԱз


[]

004D31C0    E8 25330000              call    004D64EA                         ; ƺɫդ
004D31C5    68 27575500              push    00555727                         ; ASCII "ɱ"
004D31CA    B9 083D4B00              mov     ecx, 004B3D08
004D31CF    E8 92310000              call    004D6366                         ; սʾ
004D31D4    FF75 F8                  push    dword ptr [ebp-8]
004D31D7    FF75 E4                  push    dword ptr [ebp-1C]
004D31DA    E8 A2030000              call    004D3581                         ; ʾһ̨ʲ
004D31DF    E8 92330000              call    004D6576                         ; դ
004D31E4    6A 01                    push    1
004D31E6    6A 00                    push    0
004D31E8    6A 00                    push    0
004D31EA    FF75 F0                  push    dword ptr [ebp-10]
004D31ED    B9 F05D4B00              mov     ecx, 004B5DF0
004D31F2    E8 6578F8FF              call    0045AA5C                         ; й
004D31F7    6A 01                    push    1
004D31F9    6A 00                    push    0
004D31FB    6A 01                    push    1
004D31FD    FF75 F0                  push    dword ptr [ebp-10]
004D3200    B9 F05D4B00              mov     ecx, 004B5DF0
004D3205    E8 5278F8FF              call    0045AA5C                         ; з
004D320A  ^ E9 7AFFFFFF              jmp     004D3189                         ; д

;------------------------------------------------------------------------------------------------------------

[]

004D3A89    E8 5C2A0000              call    004D64EA                         ; Ʊɫդ
004D3A8E    68 16575500              push    00555716                         ; ASCII "ǹ"
004D3A93    B9 083D4B00              mov     ecx, 004B3D08
004D3A98    E8 C9280000              call    004D6366                         ; սʾ
004D3A9D    E9 5E680000              jmp     004DA300
004D3AA2    90                       nop
004D3AA3    E8 D9FAFFFF              call    004D3581                         ; һ̨ʲ˺
004D3AA8    E9 13690000              jmp     004DA3C0
004D3AAD    6A 01                    push    1
004D3AAF    6A 06                    push    6
004D3AB1    6A 00                    push    0
004D3AB3    FF75 08                  push    dword ptr [ebp+8]
004D3AB6    B9 F05D4B00              mov     ecx, 004B5DF0
004D3ABB    E8 9C6FF8FF              call    0045AA5C
004D3AC0    6A 01                    push    1
004D3AC2    6A 00                    push    0
004D3AC4    6A 00                    push    0
004D3AC6    FF75 F0                  push    dword ptr [ebp-10]
004D3AC9    B9 F05D4B00              mov     ecx, 004B5DF0
004D3ACE    E8 896FF8FF              call    0045AA5C
004D3AD3    833D 08AC5500 01         cmp     dword ptr [55AC08], 1
004D3ADA    75 26                    jnz     short 004D3B02
004D3ADC    6A 02                    push    2
004D3ADE    6A 06                    push    6
004D3AE0    6A 00                    push    0
004D3AE2    FF75 08                  push    dword ptr [ebp+8]
004D3AE5    B9 F05D4B00              mov     ecx, 004B5DF0
004D3AEA    E8 6D6FF8FF              call    0045AA5C
004D3AEF    6A 02                    push    2
004D3AF1    6A 00                    push    0
004D3AF3    6A 00                    push    0
004D3AF5    FF75 F0                  push    dword ptr [ebp-10]
004D3AF8    B9 F05D4B00              mov     ecx, 004B5DF0
004D3AFD    E8 5A6FF8FF              call    0045AA5C
004D3B02    833D 0CAC5500 01         cmp     dword ptr [55AC0C], 1
004D3B09    75 2D                    jnz     short 004D3B38
004D3B0B    6A 04                    push    4
004D3B0D    6A 06                    push    6
004D3B0F    6A 00                    push    0
004D3B11    FF75 08                  push    dword ptr [ebp+8]
004D3B14    B9 F05D4B00              mov     ecx, 004B5DF0
004D3B19    E8 3E6FF8FF              call    0045AA5C
004D3B1E    6A 04                    push    4
004D3B20    6A 00                    push    0
004D3B22    6A 00                    push    0
004D3B24    FF75 F0                  push    dword ptr [ebp-10]
004D3B27    B9 F05D4B00              mov     ecx, 004B5DF0
004D3B2C    E8 2B6FF8FF              call    0045AA5C
004D3B31    833D 10AC5500 01         cmp     dword ptr [55AC10], 1
004D3B38    75 26                    jnz     short 004D3B60
004D3B3A    6A 03                    push    3
004D3B3C    6A 06                    push    6
004D3B3E    6A 00                    push    0
004D3B40    FF75 08                  push    dword ptr [ebp+8]
004D3B43    B9 F05D4B00              mov     ecx, 004B5DF0
004D3B48    E8 0F6FF8FF              call    0045AA5C
004D3B4D    6A 03                    push    3
004D3B4F    6A 00                    push    0
004D3B51    6A 00                    push    0
004D3B53    FF75 F0                  push    dword ptr [ebp-10]
004D3B56    B9 F05D4B00              mov     ecx, 004B5DF0
004D3B5B    E8 FC6EF8FF              call    0045AA5C
004D3B60    833D 14AC5500 01         cmp     dword ptr [55AC14], 1
004D3B67    75 26                    jnz     short 004D3B8F
004D3B69    6A 05                    push    5
004D3B6B    6A 06                    push    6
004D3B6D    6A 00                    push    0
004D3B6F    FF75 08                  push    dword ptr [ebp+8]
004D3B72    B9 F05D4B00              mov     ecx, 004B5DF0
004D3B77    E8 E06EF8FF              call    0045AA5C
004D3B7C    6A 05                    push    5
004D3B7E    6A 00                    push    0
004D3B80    6A 00                    push    0
004D3B82    FF75 F0                  push    dword ptr [ebp-10]
004D3B85    B9 F05D4B00              mov     ecx, 004B5DF0
004D3B8A    E8 CD6EF8FF              call    0045AA5C
004D3B8F  ^ E9 F5F5FFFF              jmp     004D3189

;------------------------------------------------------------------------------------------------------------

[]

004D3945    33D2                     xor     edx, edx                         ; پ
004D3947    33C9                     xor     ecx, ecx
004D3949    8A4D ED                  mov     cl, byte ptr [ebp-13]            ; ս꣨
004D394C    8A55 EF                  mov     dl, byte ptr [ebp-11]            ; ս꣨
004D394F    3BCA                     cmp     ecx, edx
004D3951    75 19                    jnz     short 004D396C
004D3953    8855 E9                  mov     byte ptr [ebp-17], dl            ; Һ==к,»ƺ
004D3956    8A4D EC                  mov     cl, byte ptr [ebp-14]            ; ս꣨ϵ
004D3959    8A55 EE                  mov     dl, byte ptr [ebp-12]            ; ս꣨ϵ
004D395C    3BCA                     cmp     ecx, edx
004D395E    77 06                    ja      short 004D3966
004D3960    42                       inc     edx                              ; <,ƺ+1()
004D3961    8855 E8                  mov     byte ptr [ebp-18], dl            ; ʱ
004D3964    EB 1A                    jmp     short 004D3980
004D3966    4A                       dec     edx                              ; >,ƺ-1()
004D3967    8855 E8                  mov     byte ptr [ebp-18], dl
004D396A    EB 14                    jmp     short 004D3980
004D396C    3BCA                     cmp     ecx, edx                         ; Һ!=кʱ,Һк
004D396E    77 06                    ja      short 004D3976
004D3970    42                       inc     edx                              ; Һ<к,ƺ+1
004D3971    8855 E9                  mov     byte ptr [ebp-17], dl
004D3974    EB 04                    jmp     short 004D397A
004D3976    4A                       dec     edx                              ; Һ>к,ƺ-1
004D3977    8855 E9                  mov     byte ptr [ebp-17], dl
004D397A    8A55 EC                  mov     dl, byte ptr [ebp-14]            ; Һ!=к,ȡԭ
004D397D    8855 E8                  mov     byte ptr [ebp-18], dl
004D3980    8A55 E8                  mov     dl, byte ptr [ebp-18]
004D3983    8855 EA                  mov     byte ptr [ebp-16], dl            ; ƺ=ʱ
004D3986    E8 5F2B0000              call    004D64EA                         ; ƺɫդ
004D398B    68 76575500              push    00555776                         ; "̤Ӫ"
004D3990    B9 083D4B00              mov     ecx, 004B3D08
004D3995    E8 CC290000              call    004D6366                         ; ʾ
004D399A    FF75 F8                  push    dword ptr [ebp-8]
004D399D    FF75 E4                  push    dword ptr [ebp-1C]
004D39A0    E8 DCFBFFFF              call    004D3581                         ; һ̨ʲ˺
004D39A5    8D55 E9                  lea     edx, dword ptr [ebp-17]          ; ȡƺ
004D39A8    52                       push    edx                              ; Ҫָ
004D39A9    E8 D61EF6FF              call    00435884                         ; ȡ08ջϵ佫ս
004D39AE    83C4 04                  add     esp, 4
004D39B1    25 FF000000              and     eax, 0FF
004D39B6    3D FF000000              cmp     eax, 0FF
004D39BB    75 76                    jnz     short 004D3A33
004D39BD    8D55 E9                  lea     edx, dword ptr [ebp-17]          ; Ҫָ
004D39C0    52                       push    edx
004D39C1    E8 CB1FF6FF              call    00435991                         ; ȡͼ
004D39C6    83C4 04                  add     esp, 4
004D39C9    25 FF000000              and     eax, 0FF                         ; EAX24λ
004D39CE    50                       push    eax
004D39CF    8B4D FC                  mov     ecx, dword ptr [ebp-4]           ; 佫սϢָ
004D39D2    E8 F8BDF6FF              call    0043F7CF                         ; ζ·ƶZOC
004D39D7    3D FF000000              cmp     eax, 0FF                         ; 255ʾƶ
004D39DC    74 55                    je      short 004D3A33
004D39DE    90                       nop
004D39DF    90                       nop
004D39E0    90                       nop
004D39E1    6A 02                    push    2                                ; Զλ1
004D39E3    8B4D FC                  mov     ecx, dword ptr [ebp-4]           ; ȡҷ佫սϢ
004D39E6    E8 F52CF3FF              call    004066E0                         ; ECX佫쳣״̬08ջAND
004D39EB    85C0                     test    eax, eax
004D39ED    75 44                    jnz     short 004D3A33                   ; ״̬ƶ佫
004D39EF    90                       nop
004D39F0    90                       nop
004D39F1    90                       nop
004D39F2    90                       nop
004D39F3    68 FFFF0000              push    0FFFF
004D39F8    8A45 E8                  mov     al, byte ptr [ebp-18]            ; ȡʱ
004D39FB    50                       push    eax
004D39FC    8A45 E9                  mov     al, byte ptr [ebp-17]            ; ȡƺ
004D39FF    50                       push    eax
004D3A00    FF75 08                  push    dword ptr [ebp+8]                ; зDATA
004D3A03    B9 F05D4B00              mov     ecx, 004B5DF0
004D3A08    E8 7A5AF8FF              call    00459487                         ; ƶ佫
004D3A0D    6A 01                    push    1                                ; ʾ
004D3A0F    6A 06                    push    6                                ; 
004D3A11    6A 05                    push    5                                ; ƶ
004D3A13    FF75 08                  push    dword ptr [ebp+8]
004D3A16    B9 F05D4B00              mov     ecx, 004B5DF0
004D3A1B    E8 3C70F8FF              call    0045AA5C                         ; 
004D3A20    6A 01                    push    1
004D3A22    6A 00                    push    0
004D3A24    6A 05                    push    5
004D3A26    FF75 F0                  push    dword ptr [ebp-10]
004D3A29    B9 F05D4B00              mov     ecx, 004B5DF0                    ; ƶ
004D3A2E    E8 2970F8FF              call    0045AA5C
004D3A33    E8 3E2B0000              call    004D6576                         ; դ
004D3A38  ^ E9 4CF7FFFF              jmp     004D3189
004D3A3D    E8 EC43F6FF              call    00437E2E
004D3A42    33C9                     xor     ecx, ecx
004D3A44    8B0D 14F34C00            mov     ecx, dword ptr [4CF314]
004D3A4A    85C9                     test    ecx, ecx
004D3A4C  - 0F84 716FF6FF            je      0043A9C3
004D3A52    8B4D E8                  mov     ecx, dword ptr [ebp-18]
004D3A55    8B19                     mov     ebx, dword ptr [ecx]
004D3A57    83FB 05                  cmp     ebx, 5
004D3A5A  - 0F85 636FF6FF            jnz     0043A9C3
004D3A60    8A59 0F                  mov     bl, byte ptr [ecx+F]
004D3A63    8818                     mov     byte ptr [eax], bl
004D3A65    8858 01                  mov     byte ptr [eax+1], bl
004D3A68  - E9 566FF6FF              jmp     0043A9C3

;------------------------------------------------------------------------------------------------------------

[]

004D35D9    33D2                     xor     edx, edx                         ; 
004D35DB    8B4D FC                  mov     ecx, dword ptr [ebp-4]           ; ָ򹥻佫սϢ
004D35DE    8A51 07                  mov     dl, byte ptr [ecx+7]             ; ս
004D35E1    3E:8855 ED               mov     byte ptr ds:[ebp-13], dl
004D35E5    8A51 06                  mov     dl, byte ptr [ecx+6]
004D35E8    3E:8855 EC               mov     byte ptr ds:[ebp-14], dl         ; ս
004D35EC    33C9                     xor     ecx, ecx
004D35EE    894D E0                  mov     dword ptr [ebp-20], ecx          ; dword ptr [ebp-20] = 0
004D35F1    8B4D FC                  mov     ecx, dword ptr [ebp-4]           ; ָ򹥻佫սϢ
004D35F4    E8 C5C2F6FF              call    0043F8BE
004D35F9    25 FF000000              and     eax, 0FF
004D35FE    85C0                     test    eax, eax
004D3600    0F84 E8000000            je      004D36EE
004D3606    33D2                     xor     edx, edx
004D3608    8A55 ED                  mov     dl, byte ptr [ebp-13]
004D360B    4A                       dec     edx                              ; ս-1
004D360C    8855 E9                  mov     byte ptr [ebp-17], dl
004D360F    33D2                     xor     edx, edx
004D3611    8A55 EC                  mov     dl, byte ptr [ebp-14]
004D3614    4A                       dec     edx                              ; ս-1
004D3615    8855 E8                  mov     byte ptr [ebp-18], dl
004D3618    8D55 E8                  lea     edx, dword ptr [ebp-18]          ; 
004D361B    52                       push    edx
004D361C    E8 6322F6FF              call    00435884                         ; ȡ08ջϵ佫ս
004D3621    83C4 04                  add     esp, 4
004D3624    25 FF000000              and     eax, 0FF
004D3629    3D FF000000              cmp     eax, 0FF
004D362E    74 10                    je      short 004D3640
004D3630    83F8 23                  cmp     eax, 23
004D3633    7C 0B                    jl      short 004D3640
004D3635    8B4D E0                  mov     ecx, dword ptr [ebp-20]
004D3638    89448D C0                mov     dword ptr [ebp+ecx*4-40], eax
004D363C    41                       inc     ecx
004D363D    894D E0                  mov     dword ptr [ebp-20], ecx
004D3640    33D2                     xor     edx, edx
004D3642    8A55 ED                  mov     dl, byte ptr [ebp-13]
004D3645    42                       inc     edx                              ; ս+1
004D3646    8855 E9                  mov     byte ptr [ebp-17], dl
004D3649    33D2                     xor     edx, edx
004D364B    8A55 EC                  mov     dl, byte ptr [ebp-14]
004D364E    4A                       dec     edx                              ; ս-1
004D364F    8855 E8                  mov     byte ptr [ebp-18], dl
004D3652    8D55 E8                  lea     edx, dword ptr [ebp-18]
004D3655    52                       push    edx                              ; 
004D3656    E8 2922F6FF              call    00435884                         ; ȡ08ջϵ佫ս
004D365B    83C4 04                  add     esp, 4
004D365E    25 FF000000              and     eax, 0FF
004D3663    3D FF000000              cmp     eax, 0FF
004D3668    74 10                    je      short 004D367A
004D366A    83F8 23                  cmp     eax, 23
004D366D    7C 0B                    jl      short 004D367A
004D366F    8B4D E0                  mov     ecx, dword ptr [ebp-20]
004D3672    89448D C0                mov     dword ptr [ebp+ecx*4-40], eax
004D3676    41                       inc     ecx
004D3677    894D E0                  mov     dword ptr [ebp-20], ecx
004D367A    33D2                     xor     edx, edx
004D367C    8A55 ED                  mov     dl, byte ptr [ebp-13]
004D367F    4A                       dec     edx
004D3680    8855 E9                  mov     byte ptr [ebp-17], dl
004D3683    33D2                     xor     edx, edx
004D3685    8A55 EC                  mov     dl, byte ptr [ebp-14]
004D3688    42                       inc     edx
004D3689    8855 E8                  mov     byte ptr [ebp-18], dl
004D368C    8D55 E8                  lea     edx, dword ptr [ebp-18]
004D368F    52                       push    edx
004D3690    E8 EF21F6FF              call    00435884                         ; ȡ08ջϵ佫ս
004D3695    83C4 04                  add     esp, 4
004D3698    25 FF000000              and     eax, 0FF
004D369D    3D FF000000              cmp     eax, 0FF
004D36A2    74 10                    je      short 004D36B4
004D36A4    83F8 23                  cmp     eax, 23
004D36A7    7C 0B                    jl      short 004D36B4
004D36A9    8B4D E0                  mov     ecx, dword ptr [ebp-20]
004D36AC    89448D C0                mov     dword ptr [ebp+ecx*4-40], eax
004D36B0    41                       inc     ecx
004D36B1    894D E0                  mov     dword ptr [ebp-20], ecx
004D36B4    33D2                     xor     edx, edx
004D36B6    8A55 ED                  mov     dl, byte ptr [ebp-13]
004D36B9    42                       inc     edx
004D36BA    8855 E9                  mov     byte ptr [ebp-17], dl
004D36BD    33D2                     xor     edx, edx
004D36BF    8A55 EC                  mov     dl, byte ptr [ebp-14]
004D36C2    42                       inc     edx
004D36C3    8855 E8                  mov     byte ptr [ebp-18], dl
004D36C6    8D55 E8                  lea     edx, dword ptr [ebp-18]
004D36C9    52                       push    edx
004D36CA    E8 B521F6FF              call    00435884                         ; ȡ08ջϵ佫ս
004D36CF    83C4 04                  add     esp, 4
004D36D2    25 FF000000              and     eax, 0FF
004D36D7    3D FF000000              cmp     eax, 0FF
004D36DC    74 10                    je      short 004D36EE
004D36DE    83F8 23                  cmp     eax, 23
004D36E1    7C 0B                    jl      short 004D36EE
004D36E3    8B4D E0                  mov     ecx, dword ptr [ebp-20]
004D36E6    89448D C0                mov     dword ptr [ebp+ecx*4-40], eax
004D36EA    41                       inc     ecx
004D36EB    894D E0                  mov     dword ptr [ebp-20], ecx
004D36EE    33D2                     xor     edx, edx
004D36F0    8A55 ED                  mov     dl, byte ptr [ebp-13]
004D36F3    4A                       dec     edx
004D36F4    8855 E9                  mov     byte ptr [ebp-17], dl            ; ս-1
004D36F7    33D2                     xor     edx, edx
004D36F9    8A55 EC                  mov     dl, byte ptr [ebp-14]
004D36FC    8855 E8                  mov     byte ptr [ebp-18], dl            ; ս
004D36FF    8D55 E8                  lea     edx, dword ptr [ebp-18]          ; (Ϸ)
004D3702    52                       push    edx
004D3703    E8 7C21F6FF              call    00435884                         ; ȡ08ջϵ佫ս
004D3708    83C4 04                  add     esp, 4                           ; ڼ޵
004D370B    25 FF000000              and     eax, 0FF
004D3710    3D FF000000              cmp     eax, 0FF
004D3715    74 10                    je      short 004D3727
004D3717    83F8 23                  cmp     eax, 23
004D371A    7C 0B                    jl      short 004D3727
004D371C    8B4D E0                  mov     ecx, dword ptr [ebp-20]
004D371F    89448D C0                mov     dword ptr [ebp+ecx*4-40], eax
004D3723    41                       inc     ecx
004D3724    894D E0                  mov     dword ptr [ebp-20], ecx
004D3727    33D2                     xor     edx, edx
004D3729    8A55 ED                  mov     dl, byte ptr [ebp-13]
004D372C    8855 E9                  mov     byte ptr [ebp-17], dl            ; ս
004D372F    33D2                     xor     edx, edx
004D3731    8A55 EC                  mov     dl, byte ptr [ebp-14]
004D3734    4A                       dec     edx                              ; ս-1
004D3735    8855 E8                  mov     byte ptr [ebp-18], dl
004D3738    8D55 E8                  lea     edx, dword ptr [ebp-18]
004D373B    52                       push    edx                              ; ()
004D373C    E8 4321F6FF              call    00435884                         ; ȡ08ջϵ佫ս
004D3741    83C4 04                  add     esp, 4
004D3744    25 FF000000              and     eax, 0FF
004D3749    3D FF000000              cmp     eax, 0FF
004D374E    74 10                    je      short 004D3760
004D3750    83F8 23                  cmp     eax, 23
004D3753    7C 0B                    jl      short 004D3760
004D3755    8B4D E0                  mov     ecx, dword ptr [ebp-20]
004D3758    89448D C0                mov     dword ptr [ebp+ecx*4-40], eax
004D375C    41                       inc     ecx
004D375D    894D E0                  mov     dword ptr [ebp-20], ecx
004D3760    33D2                     xor     edx, edx
004D3762    8A55 ED                  mov     dl, byte ptr [ebp-13]
004D3765    42                       inc     edx
004D3766    8855 E9                  mov     byte ptr [ebp-17], dl            ; ս+1
004D3769    8A55 EC                  mov     dl, byte ptr [ebp-14]
004D376C    8855 E8                  mov     byte ptr [ebp-18], dl            ; ս
004D376F    8D55 E8                  lea     edx, dword ptr [ebp-18]
004D3772    52                       push    edx                              ; ()
004D3773    E8 0C21F6FF              call    00435884                         ; ȡ08ջϵ佫ս
004D3778    83C4 04                  add     esp, 4
004D377B    25 FF000000              and     eax, 0FF
004D3780    3D FF000000              cmp     eax, 0FF
004D3785    74 10                    je      short 004D3797
004D3787    83F8 23                  cmp     eax, 23
004D378A    7C 0B                    jl      short 004D3797
004D378C    8B4D E0                  mov     ecx, dword ptr [ebp-20]
004D378F    89448D C0                mov     dword ptr [ebp+ecx*4-40], eax
004D3793    41                       inc     ecx
004D3794    894D E0                  mov     dword ptr [ebp-20], ecx
004D3797    33D2                     xor     edx, edx
004D3799    8A55 ED                  mov     dl, byte ptr [ebp-13]
004D379C    8855 E9                  mov     byte ptr [ebp-17], dl            ; ս
004D379F    8A55 EC                  mov     dl, byte ptr [ebp-14]
004D37A2    42                       inc     edx
004D37A3    8855 E8                  mov     byte ptr [ebp-18], dl            ; ս+1
004D37A6    8D55 E8                  lea     edx, dword ptr [ebp-18]
004D37A9    52                       push    edx                              ; (Ҳ)
004D37AA    E8 D520F6FF              call    00435884                         ; ȡ08ջϵ佫ս
004D37AF    83C4 04                  add     esp, 4
004D37B2    25 FF000000              and     eax, 0FF
004D37B7    3D FF000000              cmp     eax, 0FF
004D37BC    74 10                    je      short 004D37CE
004D37BE    83F8 23                  cmp     eax, 23
004D37C1    7C 0B                    jl      short 004D37CE
004D37C3    8B4D E0                  mov     ecx, dword ptr [ebp-20]
004D37C6    89448D C0                mov     dword ptr [ebp+ecx*4-40], eax
004D37CA    41                       inc     ecx
004D37CB    894D E0                  mov     dword ptr [ebp-20], ecx
004D37CE    8B4D E0                  mov     ecx, dword ptr [ebp-20]
004D37D1    85C9                     test    ecx, ecx                         ; ڵĵ
004D37D3    75 14                    jnz     short 004D37E9
004D37D5    68 14E34800              push    0048E314                         ; ASCII"Χ޵о"
004D37DA    6A 02                    push    2
004D37DC    E8 B8BEF5FF              call    0042F699
004D37E1    83C4 08                  add     esp, 8
004D37E4  ^ E9 AAF9FFFF              jmp     004D3193
004D37E9    E8 FC2C0000              call    004D64EA                         ; ƺɫդ
004D37EE    68 56575500              push    00555756                         ; ASCII"˻"
004D37F3    B9 083D4B00              mov     ecx, 004B3D08
004D37F8    E8 692B0000              call    004D6366                         ; ʾ
004D37FD    E8 742D0000              call    004D6576                         ; դ
004D3802    8B45 FC                  mov     eax, dword ptr [ebp-4]           ; ָ򹥻佫սϢ
004D3805    33DB                     xor     ebx, ebx
004D3807    8A58 04                  mov     bl, byte ptr [eax+4]             ; ȡս
004D380A    895D E4                  mov     dword ptr [ebp-1C], ebx
004D380D    33C0                     xor     eax, eax
004D380F    8B4D E0                  mov     ecx, dword ptr [ebp-20]          ; ΧڵоΪѭ
004D3812    3BC1                     cmp     eax, ecx
004D3814  ^ 0F84 6FF9FFFF            je      004D3189                         ; 
004D381A    8945 BC                  mov     dword ptr [ebp-44], eax          ; dword ptr[ebp-44]0
004D381D    8B4C85 C0                mov     ecx, dword ptr [ebp+eax*4-40]
004D3821    51                       push    ecx
004D3822    FF75 E4                  push    dword ptr [ebp-1C]               ; ս
004D3825    E8 FF1FF6FF              call    00435829
004D382A    83C4 08                  add     esp, 8
004D382D    8B45 BC                  mov     eax, dword ptr [ebp-44]          ; ѲĹ
004D3830    8B4C85 C0                mov     ecx, dword ptr [ebp+eax*4-40]
004D3834    51                       push    ecx                              ; ս
004D3835    FF75 E4                  push    dword ptr [ebp-1C]               ; ս
004D3838    B9 F0274900              mov     ecx, 004927F0                    ; 4927F0ΪϢַ
004D383D    E8 C63F0000              call    004D7808                         ; $$ܷһ
004D3842    8B4D FC                  mov     ecx, dword ptr [ebp-4]           ; ָ򹥻佫սϢ
004D3845    E8 46F4F9FF              call    00472C90                         ; ECX佫ǰ
004D384A    85C0                     test    eax, eax
004D384C    25 FFFF0000              and     eax, 0FFFF                       ; 16λ
004D3851    85C0                     test    eax, eax
004D3853  ^ 0F84 30F9FFFF            je      004D3189                         ; Ϊ0
004D3859    8B45 BC                  mov     eax, dword ptr [ebp-44]          ; ѲĹ
004D385C    40                       inc     eax
004D385D  ^ EB B0                    jmp     short 004D380F

;------------------------------------------------------------------------------------------------------------

[ؼ]

004D7808    55                       push    ebp
004D7809    8BEC                     mov     ebp, esp
004D780B    83EC 10                  sub     esp, 10
004D780E    894D FC                  mov     dword ptr [ebp-4], ecx           ; Ϣָ
004D7811    8BC1                     mov     eax, ecx
004D7813    33C9                     xor     ecx, ecx
004D7815    8A88 08060000            mov     cl, byte ptr [eax+608]
004D781B    85C9                     test    ecx, ecx
004D781D    75 6D                    jnz     short 004D788C
004D781F    8A4D 08                  mov     cl, byte ptr [ebp+8]             ; 佫ս
004D7822    6BC9 24                  imul    ecx, ecx, 24
004D7825    81C1 502C4B00            add     ecx, 004B2C50
004D782B    E8 407EF8FF              call    0045F670                         ; ȡECX佫DATA
004D7830    8945 F8                  mov     dword ptr [ebp-8], eax           ; 佫DATA
004D7833    8165 0C FF000000         and     dword ptr [ebp+C], 0FF           ; 佫ս
004D783A    8B4D 0C                  mov     ecx, dword ptr [ebp+C]
004D783D    6BC9 24                  imul    ecx, ecx, 24
004D7840    81C1 502C4B00            add     ecx, 004B2C50
004D7846    E8 257EF8FF              call    0045F670                         ; ȡECX佫DATA
004D784B    8945 F0                  mov     dword ptr [ebp-10], eax          ; 佫DATA
004D784E    FF75 F8                  push    dword ptr [ebp-8]                ; 佫DATA
004D7851    FF75 0C                  push    dword ptr [ebp+C]                ; 佫ս
004D7854    E8 77FEFFFF              call    004D76D0                         ; оѾԺ
004D7859    83C4 08                  add     esp, 8
004D785C    85C0                     test    eax, eax                         ; Ƿѷ
004D785E    75 2C                    jnz     short 004D788C
004D7860    8945 F4                  mov     dword ptr [ebp-C], eax
004D7863    FF75 F8                  push    dword ptr [ebp-8]                ; 佫DATA
004D7866    FF75 0C                  push    dword ptr [ebp+C]                ; 佫ս
004D7869    E8 76FCFFFF              call    004D74E4
004D786E    85C0                     test    eax, eax                         ; 鶨ƽǷɹ
004D7870    74 1A                    je      short 004D788C
004D7872    C705 24AC5500 01000000   mov     dword ptr [55AC24], 1
004D787C    FF75 08                  push    dword ptr [ebp+8]                ; Ĺ뱻佫սѹջ˳
004D787F    FF75 0C                  push    dword ptr [ebp+C]
004D7882    8B4D FC                  mov     ecx, dword ptr [ebp-4]           ; Ϣָ
004D7885    E8 67ECF2FF              call    004064F1                         ; 
004D788A    EB 0E                    jmp     short 004D789A
004D788C    FF75 0C                  push    dword ptr [ebp+C]                ; 佫ս
004D788F    FF75 08                  push    dword ptr [ebp+8]                ; 佫ս
004D7892    8B4D FC                  mov     ecx, dword ptr [ebp-4]           ; ECX=004927F0H
004D7895    E8 57ECF2FF              call    004064F1                         ; 
004D789A    8BE5                     mov     esp, ebp
004D789C    5D                       pop     ebp
004D789D    C2 0800                  retn    8



004D76D0    55                       push    ebp                              ; оѾԺ
004D76D1    8BEC                     mov     ebp, esp
004D76D3    83EC 1C                  sub     esp, 1C
004D76D6    8B4D 08                  mov     ecx, dword ptr [ebp+8]           ; 佫ս
004D76D9    6BC9 24                  imul    ecx, ecx, 24
004D76DC    81C1 502C4B00            add     ecx, 004B2C50                    ; 佫սϢַ
004D76E2    E8 897FF8FF              call    0045F670                         ; ȡECX佫DATA
004D76E7    8945 EC                  mov     dword ptr [ebp-14], eax          ; 佫DATA
004D76EA    8B45 0C                  mov     eax, dword ptr [ebp+C]           ; 佫DATA
004D76ED    83F8 2C                  cmp     eax, 2C                          ;  DATA_44
004D76F0    75 1B                    jnz     short 004D770D
004D76F2    FF75 EC                  push    dword ptr [ebp-14]
004D76F5    FF75 0C                  push    dword ptr [ebp+C]
004D76F8    E8 D5FEFFFF              call    004D75D2
004D76FD    85C0                     test    eax, eax
004D76FF  ^ 74 C2                    je      short 004D76C3
004D7701    C705 2CAC5500 01000000   mov     dword ptr [55AC2C], 1
004D770B  ^ EB BA                    jmp     short 004D76C7
004D770D    83F8 22                  cmp     eax, 22                          ; Ԫ DATA_34
004D7710    75 1B                    jnz     short 004D772D
004D7712    FF75 EC                  push    dword ptr [ebp-14]
004D7715    FF75 0C                  push    dword ptr [ebp+C]
004D7718    E8 B5FEFFFF              call    004D75D2
004D771D    85C0                     test    eax, eax
004D771F  ^ 74 A2                    je      short 004D76C3
004D7721    C705 28AC5500 01000000   mov     dword ptr [55AC28], 1
004D772B  ^ EB 9A                    jmp     short 004D76C7
004D772D    83F8 21                  cmp     eax, 21                          ; ĳɶ DATA_33
004D7730    75 1E                    jnz     short 004D7750
004D7732    FF75 EC                  push    dword ptr [ebp-14]               ; 佫DATA
004D7735    FF75 0C                  push    dword ptr [ebp+C]                ; 佫DATA
004D7738    E8 95FEFFFF              call    004D75D2                         ; ο˫ʿ
004D773D    85C0                     test    eax, eax                         ; 0ʾ
004D773F  ^ 74 82                    je      short 004D76C3
004D7741    C705 20AC5500 01000000   mov     dword ptr [55AC20], 1            ; ĳɶؼ־λ
004D774B  ^ E9 77FFFFFF              jmp     004D76C7
004D7750    83F8 20                  cmp     eax, 20                          ;  DATA_32
004D7753    75 26                    jnz     short 004D777B
004D7755    90                       nop
004D7756    90                       nop
004D7757    90                       nop
004D7758    90                       nop
004D7759    FF75 EC                  push    dword ptr [ebp-14]
004D775C    FF75 0C                  push    dword ptr [ebp+C]
004D775F    E8 6EFEFFFF              call    004D75D2
004D7764    85C0                     test    eax, eax
004D7766  ^ 0F84 57FFFFFF            je      004D76C3
004D776C    C705 1CAC5500 01000000   mov     dword ptr [55AC1C], 1
004D7776  ^ E9 4CFFFFFF              jmp     004D76C7
004D777B    83F8 2B                  cmp     eax, 2B                          ; κͨ DATA_43
004D777E    75 26                    jnz     short 004D77A6
004D7780    90                       nop
004D7781    90                       nop
004D7782    90                       nop
004D7783    90                       nop
004D7784    FF75 EC                  push    dword ptr [ebp-14]
004D7787    FF75 0C                  push    dword ptr [ebp+C]
004D778A    E8 43FEFFFF              call    004D75D2
004D778F    85C0                     test    eax, eax
004D7791  ^ 0F84 2CFFFFFF            je      004D76C3
004D7797    C705 3CAC5500 01000000   mov     dword ptr [55AC3C], 1
004D77A1  ^ E9 21FFFFFF              jmp     004D76C7
004D77A6    83F8 23                  cmp     eax, 23                          ;  DATA_35
004D77A9    0F84 322D0000            je      004DA4E1
004D77AF    83F8 2E                  cmp     eax, 2E                          ;  DATA_46
004D77B2    0F84 542F0000            je      004DA70C
004D77B8    83F8 2A                  cmp     eax, 2A                          ; ʦͽ DATA_42
004D77BB    0F84 BB2E0000            je      004DA67C
004D77C1  ^ E9 FDFEFFFF              jmp     004D76C3



004D75D2    55                       push    ebp                              ; ο˫ʿ㷢ʣ¼Ƿ
004D75D3    8BEC                     mov     ebp, esp
004D75D5    83EC 0C                  sub     esp, 0C
004D75D8    FF75 08                  push    dword ptr [ebp+8]                ; 佫DATA
004D75DB    E8 F66EF6FF              call    0043E4D6                         ; ȡ08ջ佫ս
004D75E0    83C4 04                  add     esp, 4
004D75E3    3D FF000000              cmp     eax, 0FF
004D75E8    74 5E                    je      short 004D7648
004D75EA    6BC0 24                  imul    eax, eax, 24
004D75ED    B9 502C4B00              mov     ecx, 004B2C50
004D75F2    03C8                     add     ecx, eax
004D75F4    90                       nop
004D75F5    90                       nop
004D75F6    E8 8480F6FF              call    0043F67F
004D75FB    8945 FC                  mov     dword ptr [ebp-4], eax
004D75FE    FF75 0C                  push    dword ptr [ebp+C]                ; 佫DATA
004D7601    E8 D06EF6FF              call    0043E4D6                         ; ȡ08ջ佫ս
004D7606    83C4 04                  add     esp, 4
004D7609    3D FF000000              cmp     eax, 0FF
004D760E    74 38                    je      short 004D7648
004D7610    6BC0 24                  imul    eax, eax, 24
004D7613    B9 502C4B00              mov     ecx, 004B2C50
004D7618    03C8                     add     ecx, eax
004D761A    90                       nop
004D761B    90                       nop
004D761C    E8 5E80F6FF              call    0043F67F
004D7621    8945 F8                  mov     dword ptr [ebp-8], eax
004D7624    8B45 FC                  mov     eax, dword ptr [ebp-4]
004D7627    6BC0 32                  imul    eax, eax, 32                     ; (װʿֵ*12/10)*50/(װʿֵ*12/10)
004D762A    8B4D F8                  mov     ecx, dword ptr [ebp-8]
004D762D    33D2                     xor     edx, edx
004D762F    F7F1                     div     ecx
004D7631    83F8 64                  cmp     eax, 64
004D7634    90                       nop
004D7635    90                       nop
004D7636    76 05                    jbe     short 004D763D
004D7638    B8 64000000              mov     eax, 64
004D763D    50                       push    eax
004D763E    E8 EF84FAFF              call    0047FB32                         ; ԸΪ08ջ¼Ƿ
004D7643    83C4 04                  add     esp, 4
004D7646    EB 02                    jmp     short 004D764A
004D7648    33C0                     xor     eax, eax
004D764A    8BE5                     mov     esp, ebp
004D764C    5D                       pop     ebp
004D764D    C2 0800                  retn    8



0043F67F  /$  55                     push    ebp
0043F680  |.  8BEC                   mov     ebp, esp
0043F682  |.  83EC 0C                sub     esp, 0C
0043F685  |.  894D F8                mov     dword ptr [ebp-8], ecx
0043F688  |.  8B45 F8                mov     eax, dword ptr [ebp-8]
0043F68B  |.  8A48 1C                mov     cl, byte ptr [eax+1C]            ;  ȡECX佫ʿֵ
0043F68E  |.  51                     push    ecx
0043F68F  |.  8B55 F8                mov     edx, dword ptr [ebp-8]
0043F692  |.  8B0A                   mov     ecx, dword ptr [edx]
0043F694  |.  6BC9 48                imul    ecx, ecx, 48                     ;  ȡECX佫DATA
0043F697  |.  81C1 0000D600          add     ecx, 0D60000                     ;  ECX佫SAVӳ
0043F69D  |.  E8 487BFCFF            call    004071EA                         ;  ȡECX佫װʿ
0043F6A2  |.  50                     push    eax
0043F6A3  |.  E8 A4FEFFFF            call    0043F54C
0043F6A8  |.  83C4 08                add     esp, 8
0043F6AB  |.  8945 FC                mov     dword ptr [ebp-4], eax           ;  װʿֵ*12/10
0043F6AE  |.  817D FC D0020000       cmp     dword ptr [ebp-4], 2D0           ;  Ƿ񳬹720
0043F6B5  |.  73 08                  jnb     short 0043F6BF
0043F6B7  |.  8B45 FC                mov     eax, dword ptr [ebp-4]
0043F6BA  |.  8945 F4                mov     dword ptr [ebp-C], eax
0043F6BD  |.  EB 07                  jmp     short 0043F6C6
0043F6BF  |>  C745 F4 0F270000       mov     dword ptr [ebp-C], 270F          ;  Ϊ720
0043F6C6  |>  8B45 F4                mov     eax, dword ptr [ebp-C]
0043F6C9  |.  8BE5                   mov     esp, ebp
0043F6CB  |.  5D                     pop     ebp
0043F6CC  \.  C3                     retn



0043F54C  /$  55                     push    ebp
0043F54D  |.  8BEC                   mov     ebp, esp
0043F54F  |.  8B45 0C                mov     eax, dword ptr [ebp+C]           ;  սϵʿֵ
0043F552  |.  25 FF000000            and     eax, 0FF
0043F557  |.  83F8 04                cmp     eax, 4
0043F55A  |.  7C 14                  jl      short 0043F570
0043F55C  |.  8B45 08                mov     eax, dword ptr [ebp+8]           ;  浵ļеʿֵ
0043F55F  |.  6BC0 0C                imul    eax, eax, 0C
0043F562  |.  33D2                   xor     edx, edx
0043F564  |.  B9 0A000000            mov     ecx, 0A
0043F569  |.  F7F1                   div     ecx                              ;  װʿֵ*12/10
0043F56B  |.  8945 08                mov     dword ptr [ebp+8], eax
0043F56E  |.  EB 20                  jmp     short 0043F590
0043F570  |>  8B55 0C                mov     edx, dword ptr [ebp+C]
0043F573  |.  81E2 FF000000          and     edx, 0FF
0043F579  |.  83FA 02                cmp     edx, 2
0043F57C  |.  7F 12                  jg      short 0043F590
0043F57E  |.  8B45 08                mov     eax, dword ptr [ebp+8]
0043F581  |.  6BC0 08                imul    eax, eax, 8
0043F584  |.  33D2                   xor     edx, edx
0043F586  |.  B9 0A000000            mov     ecx, 0A
0043F58B  |.  F7F1                   div     ecx
0043F58D  |.  8945 08                mov     dword ptr [ebp+8], eax
0043F590  |>  8B45 08                mov     eax, dword ptr [ebp+8]
0043F593  |.  5D                     pop     ebp
0043F594  \.  C3                     retn

;------------------------------------------------------------------------------------------------------------

[չĹ]

004064F1   $  55                     push    ebp                              ;  
004064F2   .  8BEC                   mov     ebp, esp
004064F4   .  51                     push    ecx                              ;  پֲ
004064F5   .  894D FC                mov     dword ptr [ebp-4], ecx           ;  ECX=004927F0H
004064F8   .  8A45 0C                mov     al, byte ptr [ebp+C]             ;  佫ս
004064FB   .  50                     push    eax
004064FC   .  8A4D 08                mov     cl, byte ptr [ebp+8]             ;  佫ս
004064FF   .  51                     push    ecx
00406500   .  8B4D FC                mov     ecx, dword ptr [ebp-4]
00406503   .  E8 F4FCFFFF            call    004061FC                         ;  սϢʼ뻺
00406508   .  8B55 FC                mov     edx, dword ptr [ebp-4]
0040650B   .  C682 08060000 00       mov     byte ptr [edx+608], 0            ;  ѭ0
00406512   .  EB 15                  jmp     short 00406529
00406514   >  8B45 FC                mov     eax, dword ptr [ebp-4]
00406517   .  8A88 08060000          mov     cl, byte ptr [eax+608]
0040651D   .  80C1 01                add     cl, 1                            ;  ѭ+1
00406520   .  8B55 FC                mov     edx, dword ptr [ebp-4]
00406523   .  888A 08060000          mov     byte ptr [edx+608], cl
00406529   >  8B45 FC                mov     eax, dword ptr [ebp-4]
0040652C   .  33C9                   xor     ecx, ecx
0040652E   .  8A88 08060000          mov     cl, byte ptr [eax+608]           ;  ȡǰֵ
00406534   .  83F9 02                cmp     ecx, 2                           ;  ڵ2
00406537   .  7D 28                  jge     short 00406561
00406539   .  8B4D FC                mov     ecx, dword ptr [ebp-4]
0040653C   .  E8 C2F8FFFF            call    00405E03                         ;  ˺
00406541   .  8B4D FC                mov     ecx, dword ptr [ebp-4]
00406544   .- E9 7D130D00            jmp     004D78C6                         ;  ת⴦
00406549   .  8B4D FC                mov     ecx, dword ptr [ebp-4]
0040654C   .  E8 38F3FFFF            call    00405889                         ;  󸽼Դ
00406551   .  8B4D FC                mov     ecx, dword ptr [ebp-4]
00406554   .- E9 97140D00            jmp     004D79F0                         ;  վ־жǷ
00406559      85C0                   test    eax, eax
0040655B   .  75 02                  jnz     short 0040655F
0040655D   .  EB 02                  jmp     short 00406561
0040655F   >^ EB B3                  jmp     short 00406514
00406561   >  8B4D FC                mov     ecx, dword ptr [ebp-4]
00406564      E8 03F7FFFF            call    00405C6C                         ;  ֵʾ
00406569   .  8B4D FC                mov     ecx, dword ptr [ebp-4]
0040656C   .  E8 29FEFFFF            call    0040639A                         ;  
00406571      8BE5                   mov     esp, ebp
00406573      5D                     pop     ebp
00406574      C2 0800                retn    8

004D78C6    E8 17000000              call    004D78E2                         ; 
004D78CB    8B4D FC                  mov     ecx, dword ptr [ebp-4]
004D78CE    E8 71DEF2FF              call    00405744                         ; ʾ
004D78D3  - E9 71ECF2FF              jmp     00406549

004D78DE    8BE5                     mov     esp, ebp
004D78E0    5D                       pop     ebp
004D78E1    C3                       retn
004D78E2    55                       push    ebp                              ; 
004D78E3    8BEC                     mov     ebp, esp
004D78E5    833D 1CAC5500 01         cmp     dword ptr [55AC1C], 1
004D78EC    75 1B                    jnz     short 004D7909
004D78EE    E8 F7EBFFFF              call    004D64EA                         ; Ʊɫդ
004D78F3    68 B6575500              push    005557B6                         ; ""
004D78F8    B9 083D4B00              mov     ecx, 004B3D08
004D78FD    E8 64EAFFFF              call    004D6366                         ; սʾ
004D7902    E8 6FECFFFF              call    004D6576                         ; դ
004D7907  ^ EB D5                    jmp     short 004D78DE
004D7909    833D 20AC5500 01         cmp     dword ptr [55AC20], 1
004D7910    75 1B                    jnz     short 004D792D
004D7912    E8 D3EBFFFF              call    004D64EA
004D7917    68 A6575500              push    005557A6                         ; ""
004D791C    B9 083D4B00              mov     ecx, 004B3D08
004D7921    E8 40EAFFFF              call    004D6366
004D7926    E8 4BECFFFF              call    004D6576
004D792B  ^ EB B1                    jmp     short 004D78DE
004D792D    833D 24AC5500 01         cmp     dword ptr [55AC24], 1
004D7934    75 1B                    jnz     short 004D7951
004D7936    E8 AFEBFFFF              call    004D64EA
004D793B    68 EA575500              push    005557EA                         ; "˫"
004D7940    B9 083D4B00              mov     ecx, 004B3D08
004D7945    E8 1CEAFFFF              call    004D6366
004D794A    E8 27ECFFFF              call    004D6576
004D794F  ^ EB 8D                    jmp     short 004D78DE
004D7951    833D 28AC5500 01         cmp     dword ptr [55AC28], 1
004D7958    75 1E                    jnz     short 004D7978
004D795A    E8 8BEBFFFF              call    004D64EA
004D795F    68 F6575500              push    005557F6
004D7964    B9 083D4B00              mov     ecx, 004B3D08
004D7969    E8 F8E9FFFF              call    004D6366
004D796E    E8 03ECFFFF              call    004D6576
004D7973  ^ E9 66FFFFFF              jmp     004D78DE
004D7978    833D 2CAC5500 01         cmp     dword ptr [55AC2C], 1
004D797F    75 1E                    jnz     short 004D799F
004D7981    E8 64EBFFFF              call    004D64EA
004D7986    68 D8575500              push    005557D8                         ; "ư"
004D798B    B9 083D4B00              mov     ecx, 004B3D08
004D7990    E8 D1E9FFFF              call    004D6366
004D7995    E8 DCEBFFFF              call    004D6576
004D799A  ^ E9 3FFFFFFF              jmp     004D78DE
004D799F    833D 38AC5500 01         cmp     dword ptr [55AC38], 1
004D79A6    75 19                    jnz     short 004D79C1
004D79A8    E8 3DEBFFFF              call    004D64EA
004D79AD    68 C6575500              push    005557C6                         ; "ŵ"
004D79B2    B9 083D4B00              mov     ecx, 004B3D08
004D79B7    E8 AAE9FFFF              call    004D6366
004D79BC    E8 B5EBFFFF              call    004D6576
004D79C1    803D 50AC5500 00         cmp     byte ptr [55AC50], 0
004D79C8    0F85 F42A0000            jnz     004DA4C2
004D79CE    803D 51AC5500 00         cmp     byte ptr [55AC51], 0
004D79D5    0F85 4B2D0000            jnz     004DA726
004D79DB    803D 52AC5500 00         cmp     byte ptr [55AC52], 0
004D79E2    0F85 AE2C0000            jnz     004DA696
004D79E8  ^ E9 F1FEFFFF              jmp     004D78DE

004D79F0    33C0                     xor     eax, eax                         ; վ־
004D79F2    A3 1CAC5500              mov     dword ptr [55AC1C], eax
004D79F7    A3 20AC5500              mov     dword ptr [55AC20], eax
004D79FC    A3 24AC5500              mov     dword ptr [55AC24], eax
004D7A01    A3 28AC5500              mov     dword ptr [55AC28], eax
004D7A06    A3 2CAC5500              mov     dword ptr [55AC2C], eax
004D7A0B    A3 30AC5500              mov     dword ptr [55AC30], eax
004D7A10    A3 34AC5500              mov     dword ptr [55AC34], eax
004D7A15    A3 38AC5500              mov     dword ptr [55AC38], eax
004D7A1A    A2 51AC5500              mov     byte ptr [55AC51], al
004D7A1F    A2 52AC5500              mov     byte ptr [55AC52], al
004D7A24    E8 58E7F2FF              call    00406181                         ; жǷ
004D7A29  - E9 2BEBF2FF              jmp     00406559


;------------------------------------------------------------------------------------------------------------

[󸽼Դ]

00405889   $  55                     push    ebp                              ;  󸽼Դ
0040588A   .  8BEC                   mov     ebp, esp
0040588C      83EC 14                sub     esp, 14
0040588F   .  894D F4                mov     dword ptr [ebp-C], ecx           ;  Ϣָ
00405892   .  8B45 F4                mov     eax, dword ptr [ebp-C]
00405895   .  33C9                   xor     ecx, ecx
00405897   .  8A88 24040000          mov     cl, byte ptr [eax+424]           ;  ͸ͺţ
0040589D   .  F7D9                   neg     ecx                              ;  
0040589F   .  1BC9                   sbb     ecx, ecx
004058A1   .  41                     inc     ecx
004058A2   .  894D FC                mov     dword ptr [ebp-4], ecx
004058A5   .  C645 F8 00             mov     byte ptr [ebp-8], 0
004058A9   .  EB 09                  jmp     short 004058B4
004058AB   >  8A55 F8                mov     dl, byte ptr [ebp-8]             ;  󸽼Դڲѭ
004058AE   .  80C2 01                add     dl, 1                            ;  1
004058B1   .  8855 F8                mov     byte ptr [ebp-8], dl
004058B4   >  8B45 F8                mov     eax, dword ptr [ebp-8]
004058B7   .  25 FF000000            and     eax, 0FF
004058BC   .  8B4D F4                mov     ecx, dword ptr [ebp-C]
004058BF   .  33D2                   xor     edx, edx
004058C1   .  8A5401 10              mov     dl, byte ptr [ecx+eax+10]        ;  佫ս
004058C5   .  81FA FF000000          cmp     edx, 0FF                         ;  ѭڶʱᵼԽ
004058CB   .- E9 101A0D00            jmp     004D72E0
004058D0      90                     nop
004058D1   .  8B45 F8                mov     eax, dword ptr [ebp-8]
004058D4   .  25 FF000000            and     eax, 0FF
004058D9   .  8B4D F4                mov     ecx, dword ptr [ebp-C]           ;  Ϣָ
004058DC   .  8B55 F4                mov     edx, dword ptr [ebp-C]
004058DF   .  8A4402 10              mov     al, byte ptr [edx+eax+10]        ;  佫ս
004058E3   .  8841 01                mov     byte ptr [ecx+1], al             ;  ת汻佫ս
004058E6   .  8B4D F8                mov     ecx, dword ptr [ebp-8]
004058E9   .  81E1 FF000000          and     ecx, 0FF
004058EF   .  8B55 F4                mov     edx, dword ptr [ebp-C]
004058F2   .  83BC8A 84000000 00     cmp     dword ptr [edx+ecx*4+84], 0
004058FA   .  75 19                  jnz     short 00405915
004058FC   .  8B45 F8                mov     eax, dword ptr [ebp-8]
004058FF   .  25 FF000000            and     eax, 0FF
00405904   .  8B4D F4                mov     ecx, dword ptr [ebp-C]
00405907   .  83BC81 54020000 00     cmp     dword ptr [ecx+eax*4+254], 0
0040590F   .  0F84 55010000          je      00405A6A
00405915   >- E9 32190D00            jmp     004D724C
0040591A   .  8B4A 08                mov     ecx, dword ptr [edx+8]
0040591D   .- E9 9F090D00            jmp     004D62C1
00405922   .  85C0                   test    eax, eax
00405924   .  74 18                  je      short 0040593E
00405926   .  6A 08                  push    8
00405928   .  8B45 F4                mov     eax, dword ptr [ebp-C]
0040592B   .  33C9                   xor     ecx, ecx
0040592D   .  8A48 01                mov     cl, byte ptr [eax+1]
00405930   .  6BC9 24                imul    ecx, ecx, 24
00405933   .  81C1 502C4B00          add     ecx, 004B2C50
00405939   .  E8 820D0000            call    004066C0                         ;  ECX佫쳣״̬OR
0040593E   >  8B55 F4                mov     edx, dword ptr [ebp-C]           ;  Ϣָ
00405941   .  8B4A 08                mov     ecx, dword ptr [edx+8]           ;  佫SAVӳ
00405944   .  E8 C70C0000            call    00406610                         ;  ȡECX佫
00405949   .  25 FF000000            and     eax, 0FF
0040594E      83F8 32                cmp     eax, 32                          ;  鹥ǷΪ
00405951   .  75 26                  jnz     short 00405979
00405953   .  6A 3C                  push    3C
00405955   .  E8 D8A10700            call    0047FB32                         ;  Ϊ08ջ¼Ƿ
0040595A   .  83C4 04                add     esp, 4
0040595D   .  85C0                   test    eax, eax
0040595F   .  74 18                  je      short 00405979
00405961   .  6A 08                  push    8                                ;  쳣
00405963   .  8B45 F4                mov     eax, dword ptr [ebp-C]           ;  Ϣָ
00405966   .  33C9                   xor     ecx, ecx
00405968   .  8A48 01                mov     cl, byte ptr [eax+1]             ;  ȡ佫ս
0040596B   .  6BC9 24                imul    ecx, ecx, 24
0040596E   .  81C1 502C4B00          add     ecx, 004B2C50                    ;  佫սϢָ
00405974   .  E8 470D0000            call    004066C0                         ;  ECX佫쳣״̬OR
00405979   >  6A 24                  push    24                               ;  жЧ
0040597B   .  8B55 F4                mov     edx, dword ptr [ebp-C]
0040597E   .  8B4A 08                mov     ecx, dword ptr [edx+8]
00405981   .  E8 83200000            call    00407A09                         ;  ECX佫ǷװЧΪ08ջ
00405986   .  85C0                   test    eax, eax
00405988   .  74 18                  je      short 004059A2
0040598A   .  6A 10                  push    10
0040598C   .  8B45 F4                mov     eax, dword ptr [ebp-C]
0040598F   .  33C9                   xor     ecx, ecx
00405991   .  8A48 01                mov     cl, byte ptr [eax+1]
00405994   .  6BC9 24                imul    ecx, ecx, 24
00405997   .  81C1 502C4B00          add     ecx, 004B2C50
0040599D   .  E8 1E0D0000            call    004066C0
004059A2   >  8B55 F4                mov     edx, dword ptr [ebp-C]           ;  Ϣָ
004059A5   .  8B4A 08                mov     ecx, dword ptr [edx+8]           ;  佫SAVӳ
004059A8   .  E8 630C0000            call    00406610                         ;  ȡECX佫
004059AD   .  25 FF000000            and     eax, 0FF
004059B2   .  83F8 2D                cmp     eax, 2D                          ;  鹥ǷΪʿ
004059B5   .  75 26                  jnz     short 004059DD
004059B7   .  6A 3C                  push    3C                               ;  3CH=60
004059B9   .  E8 74A10700            call    0047FB32                         ;  Ϊ08ջ¼Ƿ
004059BE   .  83C4 04                add     esp, 4
004059C1   .  85C0                   test    eax, eax
004059C3   .  74 18                  je      short 004059DD
004059C5   .  6A 02                  push    2                                ;  쳣
004059C7   .  8B45 F4                mov     eax, dword ptr [ebp-C]
004059CA   .  33C9                   xor     ecx, ecx
004059CC   .  8A48 01                mov     cl, byte ptr [eax+1]
004059CF   .  6BC9 24                imul    ecx, ecx, 24
004059D2   .  81C1 502C4B00          add     ecx, 004B2C50                    ;  佫սϢָ
004059D8   .  E8 E30C0000            call    004066C0                         ;  ECX佫쳣״̬OR
004059DD   >  6A 25                  push    25                               ;  ԹЧ
004059DF   .  8B55 F4                mov     edx, dword ptr [ebp-C]
004059E2   .  8B4A 08                mov     ecx, dword ptr [edx+8]
004059E5   .  E8 1F200000            call    00407A09                         ;  ECX佫ǷװЧΪ08ջ
004059EA   .  85C0                   test    eax, eax
004059EC   .  74 18                  je      short 00405A06
004059EE   .  6A 02                  push    2
004059F0   .  8B45 F4                mov     eax, dword ptr [ebp-C]
004059F3   .  33C9                   xor     ecx, ecx
004059F5   .  8A48 01                mov     cl, byte ptr [eax+1]
004059F8   .  6BC9 24                imul    ecx, ecx, 24
004059FB   .  81C1 502C4B00          add     ecx, 004B2C50
00405A01   .  E8 BA0C0000            call    004066C0
00405A06   >  8B55 F4                mov     edx, dword ptr [ebp-C]
00405A09   .  8B4A 08                mov     ecx, dword ptr [edx+8]           ;  佫SAVӳ
00405A0C   .  E8 FF0B0000            call    00406610                         ;  ȡECX佫
00405A11   .  25 FF000000            and     eax, 0FF
00405A16   .  83F8 26                cmp     eax, 26                          ;  鹥ǷΪ
00405A19   .  75 26                  jnz     short 00405A41
00405A1B   .  6A 28                  push    28                               ;  28H=40
00405A1D   .  E8 10A10700            call    0047FB32                         ;  Ϊ08ջ¼Ƿ
00405A22   .  83C4 04                add     esp, 4
00405A25   .  85C0                   test    eax, eax
00405A27   .  74 18                  je      short 00405A41
00405A29   .  6A 08                  push    8                                ;  쳣
00405A2B   .  8B45 F4                mov     eax, dword ptr [ebp-C]
00405A2E   .  33C9                   xor     ecx, ecx
00405A30   .  8A48 01                mov     cl, byte ptr [eax+1]
00405A33   .  6BC9 24                imul    ecx, ecx, 24
00405A36   .  81C1 502C4B00          add     ecx, 004B2C50                    ;  佫սϢָ
00405A3C   .  E8 7F0C0000            call    004066C0                         ;  ECX佫쳣״̬OR
00405A41   >  E9 F7360000            jmp     0040913D
00405A46   >  8B4A 08                mov     ecx, dword ptr [edx+8]           ;  佫SAVӳָ
00405A49   .  E8 BB1F0000            call    00407A09                         ;  ECX佫ǷװЧΪ08ջ
00405A4E   .  85C0                   test    eax, eax
00405A50   .  74 18                  je      short 00405A6A
00405A52   .  6A 04                  push    4                                ;  쳣
00405A54   .  8B45 F4                mov     eax, dword ptr [ebp-C]
00405A57   .  33C9                   xor     ecx, ecx
00405A59   .  8A48 01                mov     cl, byte ptr [eax+1]
00405A5C   .  6BC9 24                imul    ecx, ecx, 24
00405A5F   .  81C1 502C4B00          add     ecx, 004B2C50                    ;  佫սϢָ
00405A65   .  E8 560C0000            call    004066C0                         ;  ECX佫쳣״̬OR
00405A6A    - E9 A94A0D00            jmp     004DA518                         ;  $$񹥻ڴ˲
00405A6F      90                     nop
00405A70      90                     nop
00405A71   .  25 FF000000            and     eax, 0FF
00405A76   .  8B4D F4                mov     ecx, dword ptr [ebp-C]
00405A79   .  8B9481 30040000        mov     edx, dword ptr [ecx+eax*4+430]
00405A80   .  52                     push    edx
00405A81   .  6A 00                  push    0
00405A83   .  6A 00                  push    0
00405A85   .  8B45 F8                mov     eax, dword ptr [ebp-8]
00405A88   .  25 FF000000            and     eax, 0FF
00405A8D   .  8B4D F4                mov     ecx, dword ptr [ebp-C]
00405A90   .  8B9481 54020000        mov     edx, dword ptr [ecx+eax*4+254]
00405A97   .  52                     push    edx
00405A98   .  8B45 F8                mov     eax, dword ptr [ebp-8]
00405A9B   .  25 FF000000            and     eax, 0FF
00405AA0   .  8B4D F4                mov     ecx, dword ptr [ebp-C]
00405AA3   .  8B9481 84000000        mov     edx, dword ptr [ecx+eax*4+84]
00405AAA   .  52                     push    edx
00405AAB   .  8B45 F4                mov     eax, dword ptr [ebp-C]
00405AAE   .  8A08                   mov     cl, byte ptr [eax]               ;  佫ս
00405AB0   .  51                     push    ecx
00405AB1   .  8B55 F4                mov     edx, dword ptr [ebp-C]
00405AB4   .  8A42 01                mov     al, byte ptr [edx+1]             ;  佫ս
00405AB7   .  50                     push    eax
00405AB8      E8 C7AE0400            call    00450984                         ;  Ѫ쳣
00405ABD   .  83C4 20                add     esp, 20
00405AC0   .  8B4D F4                mov     ecx, dword ptr [ebp-C]
00405AC3   .  33D2                   xor     edx, edx
00405AC5   .  8A51 01                mov     dl, byte ptr [ecx+1]
00405AC8   .  8BCA                   mov     ecx, edx
00405ACA   .  6BC9 24                imul    ecx, ecx, 24
00405ACD   .  81C1 502C4B00          add     ecx, 004B2C50                    ;  佫սϢָ
00405AD3   .  E8 B8D10600            call    00472C90                         ;  ECX佫ǰ
00405AD8   .  8B4D F8                mov     ecx, dword ptr [ebp-8]
00405ADB   .  81E1 FF000000          and     ecx, 0FF
00405AE1   .  8B55 F4                mov     edx, dword ptr [ebp-C]
00405AE4   .  2B848A 84000000        sub     eax, dword ptr [edx+ecx*4+84]
00405AEB   .  50                     push    eax
00405AEC   .  8B45 F4                mov     eax, dword ptr [ebp-C]
00405AEF   .  33C9                   xor     ecx, ecx
00405AF1   .  8A48 01                mov     cl, byte ptr [eax+1]
00405AF4   .  6BC9 24                imul    ecx, ecx, 24
00405AF7   .  81C1 502C4B00          add     ecx, 004B2C50                    ;  佫սϢָ
00405AFD   .  E8 CB9B0300            call    0043F6CD                         ;  08ջֵECX佫HPCurοȫװļӳ
00405B02   .  8B55 F4                mov     edx, dword ptr [ebp-C]
00405B05   .  33C0                   xor     eax, eax
00405B07   .  8A42 01                mov     al, byte ptr [edx+1]
00405B0A   .  8BC8                   mov     ecx, eax
00405B0C   .  6BC9 24                imul    ecx, ecx, 24
00405B0F   .  81C1 502C4B00          add     ecx, 004B2C50                    ;  佫սϢָ
00405B15   .  E8 26CD0600            call    00472840                         ;  ECX佫MPCur
00405B1A   .  8B4D F8                mov     ecx, dword ptr [ebp-8]
00405B1D   .  81E1 FF000000          and     ecx, 0FF
00405B23   .  8B55 F4                mov     edx, dword ptr [ebp-C]
00405B26   .  2B848A 54020000        sub     eax, dword ptr [edx+ecx*4+254]
00405B2D   .  50                     push    eax
00405B2E   .  8B45 F4                mov     eax, dword ptr [ebp-C]
00405B31   .  33C9                   xor     ecx, ecx
00405B33   .  8A48 01                mov     cl, byte ptr [eax+1]
00405B36   .  6BC9 24                imul    ecx, ecx, 24
00405B39   .  81C1 502C4B00          add     ecx, 004B2C50                    ;  佫սϢָ
00405B3F   .  E8 CA9B0300            call    0043F70E                         ;  08ջֵECX佫MPCurοȫװӳ
00405B44    - E9 474A0D00            jmp     004DA590                         ;  $$ڴ˲չ
00405B49      90                     nop
00405B4A      90                     nop
00405B4B      90                     nop
00405B4C      90                     nop
00405B4D   .  8B45 F4                mov     eax, dword ptr [ebp-C]
00405B50   .  8B8C90 30040000        mov     ecx, dword ptr [eax+edx*4+430]
00405B57   .  51                     push    ecx
00405B58   .  6A 01                  push    1
00405B5A   .  8B55 F4                mov     edx, dword ptr [ebp-C]
00405B5D   .  33C0                   xor     eax, eax
00405B5F   .  8A42 01                mov     al, byte ptr [edx+1]
00405B62   .  8BC8                   mov     ecx, eax
00405B64   .  6BC9 24                imul    ecx, ecx, 24
00405B67   .  81C1 502C4B00          add     ecx, 004B2C50                    ;  佫սϢָ
00405B6D   .  E8 FE9A0500            call    0045F670                         ;  ȡECX佫DATA
00405B72   .  8BC8                   mov     ecx, eax
00405B74   .  6BC9 48                imul    ecx, ecx, 48
00405B77   .  81C1 0000D600          add     ecx, 0D60000                     ;  佫SAVӳָ
00405B7D   .  E8 54270000            call    004082D6
00405B82   .  8B4D F8                mov     ecx, dword ptr [ebp-8]
00405B85   .  81E1 FF000000          and     ecx, 0FF
00405B8B   .  8B55 F4                mov     edx, dword ptr [ebp-C]
00405B8E   .  83BC8A 84000000 00     cmp     dword ptr [edx+ecx*4+84], 0
00405B96   .  0F8E AD000000          jle     00405C49
00405B9C      8B45 F4                mov     eax, dword ptr [ebp-C]
00405B9F      33C9                   xor     ecx, ecx
00405BA1   .  8A48 01                mov     cl, byte ptr [eax+1]
00405BA4   .  6BC9 24                imul    ecx, ecx, 24
00405BA7   .  81C1 502C4B00          add     ecx, 004B2C50
00405BAD   .  E8 DED00600            call    00472C90                         ;  ECX佫ǰ
00405BB2   .  85C0                   test    eax, eax
00405BB4   .  0F86 8F000000          jbe     00405C49
00405BBA   .  6A 3E                  push    3E                               ;  ԶʹЧ
00405BBC   .  8B55 F4                mov     edx, dword ptr [ebp-C]           ;  Ϣָ
00405BBF   .  33C0                   xor     eax, eax
00405BC1   .  8A42 01                mov     al, byte ptr [edx+1]
00405BC4   .  8BC8                   mov     ecx, eax
00405BC6   .  6BC9 24                imul    ecx, ecx, 24
00405BC9   .  81C1 502C4B00          add     ecx, 004B2C50                    ;  佫սϢָ
00405BCF   .  E8 9C9A0500            call    0045F670                         ;  ȡECX佫DATA
00405BD4   .  8BC8                   mov     ecx, eax
00405BD6   .  6BC9 48                imul    ecx, ecx, 48
00405BD9   .  81C1 0000D600          add     ecx, 0D60000                     ;  佫SAVӳָ
00405BDF   .  E8 251E0000            call    00407A09                         ;  ECX佫ǷװЧΪ08ջ
00405BE4   .  85C0                   test    eax, eax
00405BE6   .  74 61                  je      short 00405C49
00405BE8   .  8B4D F4                mov     ecx, dword ptr [ebp-C]           ;  Ϣָ
00405BEB   .  33D2                   xor     edx, edx
00405BED   .  8A51 01                mov     dl, byte ptr [ecx+1]
00405BF0   .  8BCA                   mov     ecx, edx
00405BF2   .  6BC9 24                imul    ecx, ecx, 24
00405BF5   .  81C1 502C4B00          add     ecx, 004B2C50                    ;  佫սϢָ
00405BFB   .  E8 54A30300            call    0043FF54                         ;  ȡECX佫ҷ??
00405C00   .  85C0                   test    eax, eax
00405C02   .  74 2E                  je      short 00405C32
00405C04   .  6A 57                  push    57
00405C06   .  B9 70074B00            mov     ecx, 004B0770
00405C0B   .  E8 2E7F0000            call    0040DB3E
00405C10   .  25 FF000000            and     eax, 0FF
00405C15   .  85C0                   test    eax, eax
00405C17   .  7E 17                  jle     short 00405C30
00405C19   .  6A 00                  push    0
00405C1B   .  6A 00                  push    0
00405C1D   .  8B45 F4                mov     eax, dword ptr [ebp-C]
00405C20   .  8A48 01                mov     cl, byte ptr [eax+1]             ;  佫ս
00405C23   .  51                     push    ecx
00405C24   .  6A 57                  push    57                               ;  ͷ߱
00405C26   .  B9 50774900            mov     ecx, 00497750
00405C2B   .  E8 13800100            call    0041DC43                         ;  ʹõ߶HPֵ
00405C30   >  EB 17                  jmp     short 00405C49
00405C32   >  6A 01                  push    1
00405C34   .  6A 00                  push    0
00405C36   .  8B55 F4                mov     edx, dword ptr [ebp-C]
00405C39   .  8A42 01                mov     al, byte ptr [edx+1]             ;  佫ս
00405C3C   .  50                     push    eax
00405C3D   .  6A 57                  push    57                               ;  ͷ߱
00405C3F   .  B9 50774900            mov     ecx, 00497750
00405C44   .  E8 FA7F0100            call    0041DC43                         ;  ʹõ߶HPֵ
00405C49   >  6A 20                  push    20
00405C4B   .  8B4D F4                mov     ecx, dword ptr [ebp-C]
00405C4E   .  33D2                   xor     edx, edx
00405C50   .  8A51 01                mov     dl, byte ptr [ecx+1]
00405C53   .  8BCA                   mov     ecx, edx
00405C55   .  6BC9 24                imul    ecx, ecx, 24
00405C58   .  81C1 502C4B00          add     ecx, 004B2C50                    ;  佫սϢָ
00405C5E   .  E8 2D0A0000            call    00406690                         ;  ָECX佫ж
00405C63   .^ E9 43FCFFFF            jmp     004058AB
00405C68   .  8BE5                   mov     esp, ebp
00405C6A   .  5D                     pop     ebp
00405C6B   .  C3                     retn

004D724C    8B45 F4                  mov     eax, dword ptr [ebp-C]           ; Ϣָ
004D724F    E8 12000000              call    004D7266
004D7254    85C0                     test    eax, eax
004D7256  - 0F85 0EE8F2FF            jnz     00405A6A
004D725C    6A 23                    push    23                               ; ҹЧ
004D725E    8B55 F4                  mov     edx, dword ptr [ebp-C]
004D7261  - E9 B4E6F2FF              jmp     0040591A

004D62C1    E8 4317F3FF              call    00407A09                         ; ECX佫ǷװЧΪ08ջ
004D62C6    85C0                     test    eax, eax
004D62C8  - 0F84 70F6F2FF            je      0040593E
004D62CE    6A 3C                    push    3C
004D62D0    E8 5D98FAFF              call    0047FB32
004D62D5    83C4 04                  add     esp, 4
004D62D8    85C0                     test    eax, eax
004D62DA  - 0F84 5EF6F2FF            je      0040593E
004D62E0  - E9 41F6F2FF              jmp     00405926

0040913D   > \6A 22                  push    22                               ;  ·ƶЧ
0040913F   .  8B55 F4                mov     edx, dword ptr [ebp-C]
00409142   .  8B4A 08                mov     ecx, dword ptr [edx+8]           ;  佫SAVӳָ
00409145   .  E8 BFE8FFFF            call    00407A09                         ;  ECX佫ǷװЧΪ08ջ
0040914A   .  85C0                   test    eax, eax
0040914C   .  74 26                  je      short 00409174
0040914E   .  6A 3C                  push    3C                               ;  3CH=60
00409150   .  E8 DD690700            call    0047FB32                         ;  Ϊ08ջ¼Ƿ
00409155   .  83C4 04                add     esp, 4
00409158   .  85C0                   test    eax, eax
0040915A   .  74 18                  je      short 00409174
0040915C   .  6A 02                  push    2                                ;  쳣
0040915E   .  8B45 F4                mov     eax, dword ptr [ebp-C]
00409161   .  33C9                   xor     ecx, ecx
00409163   .  8A48 01                mov     cl, byte ptr [eax+1]
00409166   .  6BC9 24                imul    ecx, ecx, 24
00409169   .  81C1 502C4B00          add     ecx, 004B2C50                    ;  佫սϢָ
0040916F   .  E8 4CD5FFFF            call    004066C0                         ;  ECX佫쳣״̬OR
00409174   >  6A 26                  push    26                               ;  ɱЧ
00409176   .  8B55 F4                mov     edx, dword ptr [ebp-C]
00409179   .^ E9 C8C8FFFF            jmp     00405A46

;------------------------------------------------------------------------------------------------------------

[]

0040639A  /$  55                     push    ebp                              ;  
0040639B  |.  8BEC                   mov     ebp, esp
0040639D  |.  83EC 10                sub     esp, 10
004063A0  |.  56                     push    esi                              ;  ĴESI
004063A1  |.  894D F0                mov     dword ptr [ebp-10], ecx          ;  Ϣָ
004063A4  |.  8B45 F0                mov     eax, dword ptr [ebp-10]
004063A7  |.  8B4D F0                mov     ecx, dword ptr [ebp-10]
004063AA  |.  8A51 10                mov     dl, byte ptr [ecx+10]
004063AD  |.  8850 01                mov     byte ptr [eax+1], dl             ;  ת汻佫ս
004063B0  |.  8B45 F0                mov     eax, dword ptr [ebp-10]
004063B3  |.  33C9                   xor     ecx, ecx
004063B5  |.  8A48 01                mov     cl, byte ptr [eax+1]
004063B8  |.  6BC9 24                imul    ecx, ecx, 24
004063BB  |.  81C1 502C4B00          add     ecx, 004B2C50
004063C1  |.  894D FC                mov     dword ptr [ebp-4], ecx           ;  佫սϢַ
004063C4  |.  833D 042E4900 01       cmp     dword ptr [492E04], 1
004063CB  |.  77 27                  ja      short 004063F4
004063CD  |.  833D 042E4900 00       cmp     dword ptr [492E04], 0
004063D4  |.  76 2D                  jbe     short 00406403
004063D6  |.  6A 28                  push    28                               ;  󷴻Ч
004063D8  |.  8B4D FC                mov     ecx, dword ptr [ebp-4]
004063DB  |.  E8 90920500            call    0045F670                         ;  ȡECX佫DATA
004063E0  |.  8BC8                   mov     ecx, eax
004063E2  |.  6BC9 48                imul    ecx, ecx, 48
004063E5  |.  81C1 0000D600          add     ecx, 0D60000                     ;  佫SAVӳ
004063EB  |.  E8 19160000            call    00407A09                         ;  ECX佫ǷװЧΪ08ջ
004063F0  |.  85C0                   test    eax, eax
004063F2  |.  75 0F                  jnz     short 00406403
004063F4  |>  C705 042E4900 00000000 mov     dword ptr [492E04], 0
004063FE  |.  E9 E9000000            jmp     004064EC
00406403  |>  C745 F8 01000000       mov     dword ptr [ebp-8], 1
0040640A  |.  8B4D FC                mov     ecx, dword ptr [ebp-4]           ;  佫սϢַ
0040640D  |.  E8 4ECFFFFF            call    00403360                         ;  ĺECX6ٷ
00406412  |.  50                     push    eax
00406413  |.  8B4D F0                mov     ecx, dword ptr [ebp-10]          ;  Ϣָ
00406416  |.  81C1 25040000          add     ecx, 425
0040641C  |.  E8 7F010000            call    004065A0                         ;  ת湥佫492C15H
00406421  |.  8B4D FC                mov     ecx, dword ptr [ebp-4]
00406424  |.  E8 95940300            call    0043F8BE                         ;  ȡECX佫Χ
00406429  |.  8845 F4                mov     byte ptr [ebp-C], al
0040642C  |.  8B55 F0                mov     edx, dword ptr [ebp-10]
0040642F  |.  8A02                   mov     al, byte ptr [edx]               ;  佫ս
00406431  |.  A2 282C4B00            mov     byte ptr [4B2C28], al
00406436  |.  8B4D FC                mov     ecx, dword ptr [ebp-4]           ;  佫սϢָ
00406439  |.  E8 52C80600            call    00472C90                         ;  ECX佫ǰ
0040643E  |.  85C0                   test    eax, eax
00406440  |.  75 09                  jnz     short 0040644B
00406442  |.  C745 F8 00000000       mov     dword ptr [ebp-8], 0
00406449  |.  EB 64                  jmp     short 004064AF
0040644B  |>  6A 08                  push    8                                ;  쳣
0040644D  |.  8B4D FC                mov     ecx, dword ptr [ebp-4]
00406450  |.  E8 8B020000            call    004066E0                         ;  ⱻ佫Ƿڻ״̬
00406455  |.  85C0                   test    eax, eax
00406457  |.  74 09                  je      short 00406462
00406459  |.  C745 F8 00000000       mov     dword ptr [ebp-8], 0
00406460  |.  EB 4D                  jmp     short 004064AF
00406462    - E9 94400D00            jmp     004DA4FB                         ;  ޷Ч
00406467  |.  8B49 08                mov     ecx, dword ptr [ecx+8]           ;  佫SAVӳ
0040646A  |.  E8 9A150000            call    00407A09                         ;  ECX佫ǷװЧΪ08ջ
0040646F  |.  85C0                   test    eax, eax
00406471  |.  74 09                  je      short 0040647C
00406473  |.  C745 F8 00000000       mov     dword ptr [ebp-8], 0             ;  佫0
0040647A  |.  EB 33                  jmp     short 004064AF
0040647C  |>  8B55 F0                mov     edx, dword ptr [ebp-10]
0040647F  |.  33C0                   xor     eax, eax
00406481  |.  8A02                   mov     al, byte ptr [edx]               ;  佫ս
00406483  |.  8BF0                   mov     esi, eax
00406485  |.  6A 00                  push    0
00406487  |.  6A 00                  push    0
00406489  |.  8A4D F4                mov     cl, byte ptr [ebp-C]             ;  佫ĹΧ
0040648C  |.  51                     push    ecx
0040648D  |.  8B55 F0                mov     edx, dword ptr [ebp-10]
00406490  |.  81C2 25040000          add     edx, 425                         ;  佫ָ
00406496  |.  52                     push    edx
00406497  |.  8B4D FC                mov     ecx, dword ptr [ebp-4]           ;  佫սϢָ
0040649A  |.  E8 E7000300            call    00436586
0040649F  |.  25 FF000000            and     eax, 0FF
004064A4  |.  3BF0                   cmp     esi, eax
004064A6  |.  74 07                  je      short 004064AF
004064A8  |.  C745 F8 00000000       mov     dword ptr [ebp-8], 0
004064AF  |>  837D F8 00             cmp     dword ptr [ebp-8], 0
004064B3  |.  74 37                  je      short 004064EC
004064B5  |.  A1 042E4900            mov     eax, dword ptr [492E04]
004064BA  |.  83C0 01                add     eax, 1
004064BD  |.  A3 042E4900            mov     dword ptr [492E04], eax
004064C2  |.  8B4D F0                mov     ecx, dword ptr [ebp-10]
004064C5  |.  8A11                   mov     dl, byte ptr [ecx]               ;  佫ս
004064C7  |.  52                     push    edx
004064C8  |.  8B45 F0                mov     eax, dword ptr [ebp-10]
004064CB  |.  8A48 01                mov     cl, byte ptr [eax+1]             ;  佫ս
004064CE  |.  51                     push    ecx
004064CF  |.  E8 55F30200            call    00435829
004064D4  |.  83C4 08                add     esp, 8
004064D7  |.  8B55 F0                mov     edx, dword ptr [ebp-10]
004064DA  |.  8A02                   mov     al, byte ptr [edx]               ;  佫ս
004064DC  |.  50                     push    eax
004064DD  |.  8B4D F0                mov     ecx, dword ptr [ebp-10]
004064E0  |.  8A51 01                mov     dl, byte ptr [ecx+1]             ;  佫ս
004064E3  |.  52                     push    edx
004064E4  |.  8B4D F0                mov     ecx, dword ptr [ebp-10]
004064E7  |.  E8 05000000            call    004064F1                         ;  
004064EC    - E9 C43F0D00            jmp     004DA4B5

004DA4B5    C605 50AC5500 00         mov     byte ptr [55AC50], 0
004DA4BC    5E                       pop     esi
004DA4BD    8BE5                     mov     esp, ebp
004DA4BF    5D                       pop     ebp
004DA4C0    C3                       retn

;------------------------------------------------------------------------------------------------------------

[ؼĲͬ] ͬûжȫԱз


[]

004D72E0  - 0F84 82E9F2FF            je      00405C68                         ; Խʱת
004D72E6    8B45 F4                  mov     eax, dword ptr [ebp-C]           ; Ϣָ
004D72E9    E8 78FFFFFF              call    004D7266
004D72EE    85C0                     test    eax, eax
004D72F0  - 0F85 DBE5F2FF            jnz     004058D1
004D72F6    833D 1CAC5500 01         cmp     dword ptr [55AC1C], 1            ;  DATA_32
004D72FD    75 5B                    jnz     short 004D735A
004D72FF    8B45 F4                  mov     eax, dword ptr [ebp-C]           ; Ϣָ
004D7302    33C9                     xor     ecx, ecx
004D7304    8A48 01                  mov     cl, byte ptr [eax+1]             ; 佫ս
004D7307    6BC9 24                  imul    ecx, ecx, 24
004D730A    81C1 502C4B00            add     ecx, 004B2C50                    ; 佫սϢָ
004D7310    E8 5B83F8FF              call    0045F670                         ; ȡECX佫DATA
004D7315    6BC0 48                  imul    eax, eax, 48
004D7318    05 0000D600              add     eax, 0D60000                     ; 佫SAVӳ
004D731D    8BD8                     mov     ebx, eax
004D731F    6A 32                    push    32                               ; 32H=50
004D7321    E8 0C88FAFF              call    0047FB32                         ; Ϊ08ջ¼Ƿ
004D7326    83C4 04                  add     esp, 4
004D7329    85C0                     test    eax, eax
004D732B    74 15                    je      short 004D7342
004D732D    807B 2F 00               cmp     byte ptr [ebx+2F], 0             ; 鱻佫װȼǷΪ0
004D7331    74 22                    je      short 004D7355
004D7333    FE4B 2F                  dec     byte ptr [ebx+2F]                ; ȼ1
004D7336    807B 30 FF               cmp     byte ptr [ebx+30], 0FF           ; ǷΪMAX
004D733A    75 19                    jnz     short 004D7355
004D733C    C643 30 00               mov     byte ptr [ebx+30], 0             ; 0
004D7340    EB 13                    jmp     short 004D7355
004D7342    807B 32 00               cmp     byte ptr [ebx+32], 0             ; 鱻佫װķߵȼǷΪ0
004D7346    74 0D                    je      short 004D7355
004D7348    FE4B 32                  dec     byte ptr [ebx+32]                ; ߵȼ1
004D734B    807B 33 FF               cmp     byte ptr [ebx+33], 0FF           ; ߾ǷΪMAX
004D734F    75 04                    jnz     short 004D7355
004D7351    C643 33 00               mov     byte ptr [ebx+33], 0             ; ߾0
004D7355  - E9 77E5F2FF              jmp     004058D1                         ; ص_004058D1
004D735A    833D 38AC5500 01         cmp     dword ptr [55AC38], 1
004D7361    75 27                    jnz     short 004D738A
004D7363    8B45 F4                  mov     eax, dword ptr [ebp-C]
004D7366    33C9                     xor     ecx, ecx
004D7368    8A48 01                  mov     cl, byte ptr [eax+1]
004D736B    6BC9 24                  imul    ecx, ecx, 24
004D736E    81C1 502C4B00            add     ecx, 004B2C50
004D7374    E8 F782F8FF              call    0045F670                         ; ȡECX佫DATA
004D7379    6A 01                    push    1
004D737B    6A 00                    push    0
004D737D    6A 05                    push    5
004D737F    50                       push    eax
004D7380    B9 F05D4B00              mov     ecx, 004B5DF0
004D7385    E8 D236F8FF              call    0045AA5C
004D738A  - E9 42E5F2FF              jmp     004058D1



[ƽ]

004D7863    FF75 F8                  push    dword ptr [ebp-8]                ; 佫DATA
004D7866    FF75 0C                  push    dword ptr [ebp+C]                ; 佫ս
004D7869    E8 76FCFFFF              call    004D74E4
004D786E    85C0                     test    eax, eax                         ; 鶨ƽǷɹ
004D7870    74 1A                    je      short 004D788C
004D7872    C705 24AC5500 01000000   mov     dword ptr [55AC24], 1
004D787C    FF75 08                  push    dword ptr [ebp+8]                ; Ĺ뱻佫սѹջ˳
004D787F    FF75 0C                  push    dword ptr [ebp+C]
004D7882    8B4D FC                  mov     ecx, dword ptr [ebp-4]           ; Ϣָ
004D7885    E8 67ECF2FF              call    004064F1                         ; 
004D788A    EB 0E                    jmp     short 004D789A

004D74E4    55                       push    ebp
004D74E5    8BEC                     mov     ebp, esp
004D74E7    83EC 14                  sub     esp, 14
004D74EA    8B45 0C                  mov     eax, dword ptr [ebp+C]           ; 佫DATA
004D74ED    8945 F8                  mov     dword ptr [ebp-8], eax
004D74F0    8B45 08                  mov     eax, dword ptr [ebp+8]           ; 佫ս
004D74F3    8945 FC                  mov     dword ptr [ebp-4], eax
004D74F6    25 FF000000              and     eax, 0FF
004D74FB    6BC0 24                  imul    eax, eax, 24
004D74FE    05 502C4B00              add     eax, 004B2C50                    ; 佫սϢָ
004D7503    8945 F4                  mov     dword ptr [ebp-C], eax
004D7506    8B4D F4                  mov     ecx, dword ptr [ebp-C]
004D7509    E8 6281F8FF              call    0045F670                         ; ȡECX佫DATA
004D750E    8945 EC                  mov     dword ptr [ebp-14], eax
004D7511    83F8 65                  cmp     eax, 65                          ; ǷΪƽ DATA_101
004D7514    75 7D                    jnz     short 004D7593
004D7516    6A 08                    push    8                                ; 쳣
004D7518    8B4D F4                  mov     ecx, dword ptr [ebp-C]           ; 佫սϢָ
004D751B    E8 C0F1F2FF              call    004066E0                         ; ECX佫08ջ쳣״̬ANDķ
004D7520    85C0                     test    eax, eax                         ; 佫Ƿڻ״̬
004D7522    74 02                    je      short 004D7526
004D7524    EB 6D                    jmp     short 004D7593
004D7526    8B45 F8                  mov     eax, dword ptr [ebp-8]           ; 佫DATA
004D7529    90                       nop
004D752A    90                       nop
004D752B    90                       nop
004D752C    90                       nop
004D752D    90                       nop
004D752E    8945 F0                  mov     dword ptr [ebp-10], eax
004D7531    6A 01                    push    1
004D7533    FF75 F0                  push    dword ptr [ebp-10]
004D7536    FF75 EC                  push    dword ptr [ebp-14]               ; 佫ս
004D7539    B9 F05D4B00              mov     ecx, 004B5DF0
004D753E    E8 873AF8FF              call    0045AFCA
004D7543    85C0                     test    eax, eax
004D7545    74 4C                    je      short 004D7593
004D7547    FF75 F0                  push    dword ptr [ebp-10]               ; 佫DATA
004D754A    FF75 EC                  push    dword ptr [ebp-14]               ; 佫DATA
004D754D    E8 80000000              call    004D75D2                         ; ο˫ʿ㷢ʣ¼Ƿ
004D7552    85C0                     test    eax, eax
004D7554    74 3D                    je      short 004D7593
004D7556    6A 00                    push    0
004D7558    6A 01                    push    1
004D755A    6A 00                    push    0
004D755C    68 FF000000              push    0FF
004D7561    FF75 F0                  push    dword ptr [ebp-10]               ; 佫DATA
004D7564    FF75 EC                  push    dword ptr [ebp-14]               ; 佫DATA
004D7567    B9 F05D4B00              mov     ecx, 004B5DF0
004D756C    E8 B7FEF7FF              call    00457428                         ; 佫ת
004D7571    6A 00                    push    0
004D7573    6A 01                    push    1
004D7575    6A 00                    push    0
004D7577    68 FF000000              push    0FF
004D757C    FF75 EC                  push    dword ptr [ebp-14]
004D757F    FF75 F0                  push    dword ptr [ebp-10]
004D7582    B9 F05D4B00              mov     ecx, 004B5DF0
004D7587    E8 9CFEF7FF              call    00457428                         ; 佫ת
004D758C    B8 01000000              mov     eax, 1
004D7591    EB 02                    jmp     short 004D7595
004D7593    33C0                     xor     eax, eax
004D7595    8BE5                     mov     esp, ebp
004D7597    5D                       pop     ebp
004D7598    C2 0800                  retn    8



[ĳɶ]

0040782B      833D 20AC5500 01       cmp     dword ptr [55AC20], 1            ;  ĳɶ־Ź͸
00407832      74 41                  je      short 00407875

00407875   > \C645 FC 02             mov     byte ptr [ebp-4], 2              ;  Ź͸; Case 11 of switch 00407861
00407879   .  EB 0D                  jmp     short 00407888

;------------------------------------------------------------------------------------------------------------