ߍս[]װ޸ģ

    һԻ֧ߡҪһΪ





    սϽһҲʮ鷳µSTAR 5.6Ҳ

    رߣ   LordPE     ==> װļ
                 FixRes     ==> תԴ
                 Stud_PE    ==> ԴĿ¼
                 ResHacker  ==> Դ


    Ƕοˣڼֻο


;------------------------------------------------------------------------------------------------------------
һ޸ģ װPEļԴ

    *. ±ԴʹԴ󣬲ʹļƫ



1. ȽWaGan.waĺ׺Ϊ.exeٽִļһݵһĿ¼ΪWaGan2.exe


2. LordPE ==> [ѡ] ==> ͼ_004һ ==> [PE༭] ==> WaGan2.exe ==> [] ==> Ҽ ==> []

   ==> [NewSec]Ҽ ==> [༭] ͼ_005һ ==> [ȷ] ==> ˳LordPE


3. FixRes ==> [Dump] ==> ͼ_006һ ==> [Dump Resource] ==> ɾWaGan2.exeļ

   תɹʱ½ǻʾResource was dumped successfully.


4. LordPE ==> [PE༭] ==> WaGan.exeע⣺δһ ==> [] ==> Ҽ ==> [Ӵ] 

   ==>  rsrc.bin ==>   ʾɹ  ==> [.rsrc]Ҽ ==> [༭] ==> ƸΪ .nodata

   ==> СΪ 0EC00  ==> ־ߵ[ ..]ť ==> ͼ_007һ 


  ע⣺ .nodataڿʹˣȫֱȫ0ԽPEļɾ


   ==> [rsrc.bin]Ҽ ==> [༭] ==> ƸΪ .rsrc ==> [ ..]ť ==> ͼ_008һ

   ==> [ȷ] ==> ļ˳LordPE


5. Stud_PE ==> WaGan.exe ==> ͼ_009ԴĿ¼ [IMAGE_DIR_ENTRY_RESOURCE] ==> [浽ļ] ==> ˳Stud_PE

   ==> WaGan.exe ĺ׺Ļ.wa



   *. 岽ͿResHacker eXeScope ֮Ĺ߱༭Դ

;---------------------------------------------------------------------------------------------------------------------------

ڶ޸ģ ǨPEļĹԴĿ¼һµĶԻԴ

    *. ڶԻĿ¼ֱӸŹڶĿ¼Ǩƾ޷µĶԻ



6. ODWaGan.waڶĿ¼ǨƵ005A9AB4H = 0059B000H + EAB4H

    *. ǨƴС70H(DEC: 112) 0059B2C8H - 0059B258H

       00 00 00 00 00 00 00 00 04 00 00 00 00 00 0C 00
       73 00 00 00 20 08 00 80 74 00 00 00 38 08 00 80
       75 00 00 00 50 08 00 80 76 00 00 00 68 08 00 80
       77 00 00 00 80 08 00 80 78 00 00 00 98 08 00 80
       79 00 00 00 B0 08 00 80 7A 00 00 00 C8 08 00 80
       7B 00 00 00 E0 08 00 80 7D 00 00 00 F8 08 00 80
       7E 00 00 00 10 09 00 80 7F 00 00 00 28 09 00 80



7. Ŀ¼¹offsetΪ: 0EAB4H

       0059B03C    58 02  ==>   B4 EA


8. 0059B258Hλԭ

       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


9. IDĶԻ

       0059B156    1F 00  ==>  20 00 


10. (ڶ) IMAGE_RESOURCE_DIRECTORY_ENTRYĿ¼ṹ

       0059B258    00 00 00 00 00 00 00 00  ==>  90 01 00 00 68 02 00 80


11. () IMAGE_RESOURCE_DIRECTORY IMAGE_RESOURCE_DATA_ENTRY ṹ0059B268H:

       00 00 00 00 00 00 00 00 04 00 00 00 00 00 01 00
       04 08 00 00 80 02 00 00 24 9B 1A 00 2C 00 00 00
       E4 04 00 00 00 00 00 00


    *. 0059B268  00 00 00 00    ; ¶ԻIMAGE_RESOURCE_DIRECTORYṹ
                 00 00 00 00
                 04 00
                 00 00
                 00 00
                 01 00

    *. 0059B278  04 08 00 00
                 80 02 00 00    ; λΪ0λָIMAGE_RESOURCE_DATA_ENTRYṹ

    *. 0059B280  24 9B 1A 00    ; ԴRVA(ڴ涨λʱ+װַ)  005A9B24H
                 2C 00 00 00    ; Դݳ  2CH
                 E4 04 00 00    ; ҳһΪ0
                 00 00 00 00    ; ֶ



12. Դݿ005A9B24H

       01 00 FF FF 00 00 00 00 00 00 02 00 40 00 20 40
       00 00 00 00 00 00 BB 00 5E 00 00 00 00 00 00 00
       09 00 00 00 00 01 8B 5B 53 4F 00 00



13. ResHackerWaGan.wa ==> [Ի] ==> [400] ==> CTRL+A ==> DELETE, ճԴű


400 DIALOGEX 0, 0, 334, 120
STYLE DS_MODALFRAME | DS_SETFOREGROUND | DS_CENTER | WS_POPUP
CAPTION ""
LANGUAGE LANG_CHINESE, 0x2
FONT 9, ""
{
   CONTROL "ѡԷһװ", -1, BUTTON, BS_GROUPBOX | WS_CHILD | WS_VISIBLE, 1, 1, 331, 117 
   CONTROL "ȡ", 2, BUTTON, BS_DEFPUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_GROUP | WS_TABSTOP, 276, 101, 48, 11 
   CONTROL "", -1, STATIC, SS_BLACKFRAME | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 30, 96, 276, 1 
   CONTROL "OK", 1990, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 152, 87, 14, 8 
   CONTROL "OK", 1991, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 232, 87, 14, 8 
   CONTROL "OK", 1992, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 312, 85, 14, 8 
   CONTROL "NameA", 1139, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 25, 104, 40, 9 
   CONTROL "AttributeA", 1141, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 75, 104, 40, 9 
   CONTROL "Lv", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 130, 104, 8, 8 
   CONTROL "99", 1017, STATIC, SS_RIGHT | WS_CHILD | WS_VISIBLE, 142, 104, 14, 9 , 0x00001000
   CONTROL "", 1994, STATIC, SS_BITMAP | WS_CHILD | WS_VISIBLE, 6, 13, 80, 80 
   CONTROL "", 1995, STATIC, SS_WHITERECT | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 162, 104, 51, 8 
   CONTROL "Wepon:", 1391, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 96, 25, 68, 8 
   CONTROL "", 1410, STATIC, SS_ICON | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 96, 37, 23, 23 
   CONTROL "99", 1392, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 134, 39, 12, 8 
   CONTROL "Lv", 1418, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 120, 39, 8, 8 
   CONTROL "", 1422, STATIC, SS_WHITERECT | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 132, 49, 33, 8 
   CONTROL "Exp", 1419, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 119, 49, 12, 8 
   CONTROL "Effect", 1401, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 97, 63, 68, 8 
   CONTROL "Additional Effect", 1416, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 97, 73, 68, 8 
   CONTROL "", 1424, STATIC, SS_ETCHEDFRAME | WS_CHILD | WS_VISIBLE | WS_GROUP, 91, 22, 77, 63 
   CONTROL "Armor:", 1394, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 176, 25, 68, 8 
   CONTROL "", 1411, STATIC, SS_ICON | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 176, 37, 23, 23 
   CONTROL "99", 1395, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 214, 39, 12, 8 
   CONTROL "Lv", 1420, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 200, 39, 8, 8 
   CONTROL "", 1423, STATIC, SS_WHITERECT | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 212, 49, 33, 8 
   CONTROL "Exp", 1421, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 199, 49, 12, 8 
   CONTROL "Effect", 1400, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 176, 63, 68, 8 
   CONTROL "Additional Effect", 1417, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 176, 73, 68, 8 
   CONTROL "", 1425, STATIC, SS_ETCHEDFRAME | WS_CHILD | WS_VISIBLE | WS_GROUP, 171, 22, 77, 63 
   CONTROL "Sub Item:", 1397, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 256, 35, 68, 8 
   CONTROL "", 1412, STATIC, SS_ICON | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 256, 46, 23, 23 
   CONTROL "Effect", 1402, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 256, 71, 68, 8 
   CONTROL "", 1426, STATIC, SS_ETCHEDFRAME | WS_CHILD | WS_VISIBLE | WS_GROUP, 251, 31, 77, 52 
}

   ==> [ű (C)] ==> ļ ע⣺ResHackerʱԶݵļƫƣ

   ==> [Ի] ==> [279] ==> "" Ϊ "" ==> [ű (C)] ==> ļ ==> ˳ResHacker




   *. ãԻѾ˲ĻԼٸĸġ
;------------------------------------------------------------------------------------------------------------

޸ģ

14. ʾַ

00555900  C7 EB D1 A1 D4 F1 B2 CE D3 EB BD BB BB BB CE E4  ѡ뽻
00555910  BD AB 00 00 B8 C3 CE E4 BD AB B2 BB CA F4 D3 DA  ..佫
00555920  CE D2 BE FC 00 00 D7 B0 B1 B8 C9 CF 25 73 00 00  Ҿ..װ%s..





15. Զ[]ťӦ


004D2844    E8 B7800000     call    004DA900

004DA900    55              push    ebp                              ; []ťӦ
004DA901    8BEC            mov     ebp, esp
004DA903    83C4 B8         add     esp, -48
004DA906    57              push    edi                              ; Ĵ
004DA907    56              push    esi
004DA908    8D7D C0         lea     edi, dword ptr [ebp-40]
004DA90B    BE 00E04B00     mov     esi, 004BE000                    ; ԭԴ׵ַָ
004DA910    8975 B8         mov     dword ptr [ebp-48], esi
004DA913    B9 10000000     mov     ecx, 10
004DA918    AD              lods    dword ptr [esi]
004DA919    AB              stos    dword ptr es:[edi]               ; ѭ16*4ֽڵȫֱջ
004DA91A  ^ E2 FC           loopd   short 004DA918
004DA91C    8B45 08         mov     eax, dword ptr [ebp+8]           ; 佫AսϢָ
004DA91F    8946 D0         mov     dword ptr [esi-30], eax
004DA922    5E              pop     esi
004DA923    5F              pop     edi
004DA924    8945 BC         mov     dword ptr [ebp-44], eax
004DA927    8B45 BC         mov     eax, dword ptr [ebp-44]          ; 佫AսϢָ
004DA92A    33C9            xor     ecx, ecx
004DA92C    B1 FF           mov     cl, 0FF
004DA92E    51              push    ecx                              ; Զֵ0FFH
004DA92F    6A 04           push    4                                ; ΧҾо
004DA931    6A 01           push    1                                ; Χ
004DA933    8A48 04         mov     cl, byte ptr [eax+4]
004DA936    51              push    ecx                              ; 佫Aս
004DA937    B9 50424B00     mov     ecx, 004B4250
004DA93C    E8 FCA9F7FF     call    0045533D                         ; ʾΧȴѡ
004DA941    3C FF           cmp     al, 0FF                          ; ǷҼ
004DA943    0F84 DF000000   je      004DAA28
004DA949    8B4D BC         mov     ecx, dword ptr [ebp-44]
004DA94C    8A49 04         mov     cl, byte ptr [ecx+4]             ; 佫Aս
004DA94F    38C8            cmp     al, cl                           ; ѡǷǰ佫A
004DA951  ^ 74 D4           je      short 004DA927                   ; תѡ
004DA953    0FB6C0          movzx   eax, al
004DA956    6BC0 24         imul    eax, eax, 24
004DA959    05 502C4B00     add     eax, 004B2C50                    ; 佫BսϢָ
004DA95E    8A48 05         mov     cl, byte ptr [eax+5]
004DA961    84C9            test    cl, cl                           ; 佫BǷҾ
004DA963    74 11           je      short 004DA976
004DA965    68 14595500     push    00555914                         ; "佫Ҿ"
004DA96A    6A 02           push    2
004DA96C    E8 284DF5FF     call    0042F699                         ; ʽַʾʾϢ
004DA971    83C4 08         add     esp, 8
004DA974  ^ EB B1           jmp     short 004DA927
004DA976    57              push    edi
004DA977    8B7D B8         mov     edi, dword ptr [ebp-48]          ; ԭԴ׵ַָ
004DA97A    8947 1C         mov     dword ptr [edi+1C], eax          ; 佫BսϢָ
004DA97D    8B00            mov     eax, dword ptr [eax]
004DA97F    8947 24         mov     dword ptr [edi+24], eax          ; 佫B_DATA
004DA982    6BC0 48         imul    eax, eax, 48
004DA985    05 0000D600     add     eax, 0D60000
004DA98A    8947 20         mov     dword ptr [edi+20], eax          ; 佫B_SAVӳָ
004DA98D    8B45 BC         mov     eax, dword ptr [ebp-44]
004DA990    8B00            mov     eax, dword ptr [eax]
004DA992    8947 18         mov     dword ptr [edi+18], eax          ; 佫A_DATA
004DA995    6BC0 48         imul    eax, eax, 48
004DA998    05 0000D600     add     eax, 0D60000
004DA99D    8947 14         mov     dword ptr [edi+14], eax          ; 佫A_SAVӳָ
004DA9A0    83C7 28         add     edi, 28                          ; EDI=004BE028H
004DA9A3    BA 786A4B00     mov     edx, 004B6A78
004DA9A8    B9 02000000     mov     ecx, 2
004DA9AD    83C2 04         add     edx, 4
004DA9B0    8B02            mov     eax, dword ptr [edx]
004DA9B2    AB              stos    dword ptr es:[edi]               ; ȫ־(ICON)
004DA9B3  ^ E2 F8           loopd   short 004DA9AD
004DA9B5    81C2 58020000   add     edx, 258
004DA9BB    B1 02           mov     cl, 2
004DA9BD    83C2 04         add     edx, 4
004DA9C0    8B02            mov     eax, dword ptr [edx]
004DA9C2    AB              stos    dword ptr es:[edi]               ; ȫ־(ICON)
004DA9C3  ^ E2 F8           loopd   short 004DA9BD
004DA9C5    81C2 10080000   add     edx, 810
004DA9CB    B1 02           mov     cl, 2
004DA9CD    83C2 04         add     edx, 4
004DA9D0    8B02            mov     eax, dword ptr [edx]
004DA9D2    AB              stos    dword ptr es:[edi]               ; ȫ־(ICON)
004DA9D3  ^ E2 F8           loopd   short 004DA9CD
004DA9D5    33C0            xor     eax, eax
004DA9D7    48              dec     eax
004DA9D8    8947 C0         mov     dword ptr [edi-40], eax          ; []Ի־
004DA9DB    5F              pop     edi
004DA9DC    E8 7F000000     call    004DAA60                         ; ˫佫תú
004DA9E1    E8 8A030000     call    004DAD70                         ; ģ̬Ի򴴽
004DA9E6    57              push    edi
004DA9E7    56              push    esi
004DA9E8    BF 786A4B00     mov     edi, 004B6A78
004DA9ED    83C7 04         add     edi, 4
004DA9F0    8B75 B8         mov     esi, dword ptr [ebp-48]          ; ԭԴ׵ַָ
004DA9F3    83C6 28         add     esi, 28
004DA9F6    B9 02000000     mov     ecx, 2
004DA9FB    AD              lods    dword ptr [esi]
004DA9FC    AB              stos    dword ptr es:[edi]               ; ԭȫ־
004DA9FD  ^ E2 FC           loopd   short 004DA9FB
004DA9FF    81C7 58020000   add     edi, 258
004DAA05    B1 02           mov     cl, 2
004DAA07    AD              lods    dword ptr [esi]
004DAA08    AB              stos    dword ptr es:[edi]
004DAA09  ^ E2 FC           loopd   short 004DAA07
004DAA0B    81C7 10080000   add     edi, 810
004DAA11    B1 02           mov     cl, 2
004DAA13    AD              lods    dword ptr [esi]
004DAA14    AB              stos    dword ptr es:[edi]
004DAA15  ^ E2 FC           loopd   short 004DAA13
004DAA17    8D75 C0         lea     esi, dword ptr [ebp-40]
004DAA1A    8B7D B8         mov     edi, dword ptr [ebp-48]
004DAA1D    B9 10000000     mov     ecx, 10
004DAA22    AD              lods    dword ptr [esi]
004DAA23    AB              stos    dword ptr es:[edi]               ; ӶջлԭԭԴ
004DAA24  ^ E2 FC           loopd   short 004DAA22
004DAA26    5E              pop     esi
004DAA27    5F              pop     edi
004DAA28    C9              leave
004DAA29    C2 0400         retn    4


         ݣ  

         55 8B EC 83 C4 B8 57 56 8D 7D C0 BE 00 E0 4B 00
         89 75 B8 B9 10 00 00 00 AD AB E2 FC 8B 45 08 89
         46 D0 5E 5F 89 45 BC 8B 45 BC 33 C9 B1 FF 51 6A
         04 6A 01 8A 48 04 51 B9 50 42 4B 00 E8 FC A9 F7
         FF 3C FF 0F 84 DF 00 00 00 8B 4D BC 8A 49 04 38
         C8 74 D4 0F B6 C0 6B C0 24 05 50 2C 4B 00 8A 48
         05 84 C9 74 11 68 14 59 55 00 6A 02 E8 28 4D F5
         FF 83 C4 08 EB B1 57 8B 7D B8 89 47 1C 8B 00 89
         47 24 6B C0 48 05 00 00 D6 00 89 47 20 8B 45 BC
         8B 00 89 47 18 6B C0 48 05 00 00 D6 00 89 47 14
         83 C7 28 BA 78 6A 4B 00 B9 02 00 00 00 83 C2 04
         8B 02 AB E2 F8 81 C2 58 02 00 00 B1 02 83 C2 04
         8B 02 AB E2 F8 81 C2 10 08 00 00 B1 02 83 C2 04
         8B 02 AB E2 F8 33 C0 48 89 47 C0 5F E8 7F 00 00
         00 E8 8A 03 00 00 57 56 BF 78 6A 4B 00 83 C7 04
         8B 75 B8 83 C6 28 B9 02 00 00 00 AD AB E2 FC 81
         C7 58 02 00 00 B1 02 AD AB E2 FC 81 C7 10 08 00
         00 B1 02 AD AB E2 FC 8D 75 C0 8B 7D B8 B9 10 00
         00 00 AD AB E2 FC 5E 5F C9 C2 04 00






16. ʱʾ"ѡ뽻佫"

004412C6    - E9 75970900   jmp     004DAA40
004412CB      90            nop
004412CC      90            nop
004412CD      90            nop
004412CE      90            nop


004DAA40    807D 1C FF      cmp     byte ptr [ebp+1C], 0FF           ; []ťӦԶֵ0FFH
004DAA44    74 09           je      short 004DAA4F
004DAA46    0FB655 FC       movzx   edx, byte ptr [ebp-4]
004DAA4A  - E9 8068F6FF     jmp     004412CF
004DAA4F    68 00595500     push    00555900                         ; "ѡ뽻佫"
004DAA54  - E9 7E68F6FF     jmp     004412D7






17. תú

004DAA60    60              pushad                                   ; תú
004DAA61    BF 00E04B00     mov     edi, 004BE000                    ; ԭԴ׵ַָ
004DAA66    8B77 10         mov     esi, dword ptr [edi+10]          ; 佫AսϢָ
004DAA69    0FB646 06       movzx   eax, byte ptr [esi+6]            ; 佫Aս
004DAA6D    0FB65E 07       movzx   ebx, byte ptr [esi+7]            ; 佫Aս
004DAA71    8B77 1C         mov     esi, dword ptr [edi+1C]          ; 佫BսϢָ
004DAA74    0FB64E 0F       movzx   ecx, byte ptr [esi+F]            ; 佫B
004DAA78    41              inc     ecx
004DAA79    F7D9            neg     ecx                              ; 
004DAA7B    894F 04         mov     dword ptr [edi+4], ecx           ; ʧ
004DAA7E    0FB64E 06       movzx   ecx, byte ptr [esi+6]            ; 佫Bս
004DAA82    0FB656 07       movzx   edx, byte ptr [esi+7]            ; 佫Bս
004DAA86    38D3            cmp     bl, dl                           ; 佫A佫BϷϡʱ
004DAA88    73 0B           jnb     short 004DAA95
004DAA8A    B0 02           mov     al, 2                            ; 佫A
004DAA8C    B1 00           mov     cl, 0                            ; 佫B
004DAA8E    32DB            xor     bl, bl                           ; ־ֵ0
004DAA90    E9 F6010000     jmp     004DAC8B
004DAA95    38D3            cmp     bl, dl                           ; 佫A佫B·¡ʱ
004DAA97    76 0B           jbe     short 004DAAA4
004DAA99    B0 00           mov     al, 0                            ; 佫A
004DAA9B    B1 02           mov     cl, 2                            ; 佫B
004DAA9D    32DB            xor     bl, bl                           ; ־ֵ0
004DAA9F    E9 E7010000     jmp     004DAC8B
004DAAA4    38C8            cmp     al, cl                           ; 佫A佫Bʱ
004DAAA6    0F83 EE000000   jnb     004DAB9A
004DAAAC    8B77 10         mov     esi, dword ptr [edi+10]          ; 佫AսϢָ
004DAAAF    8A46 0F         mov     al, byte ptr [esi+F]             ; 佫A
004DAAB2    8B77 1C         mov     esi, dword ptr [edi+1C]          ; 佫BսϢָ
004DAAB5    8A4E 0F         mov     cl, byte ptr [esi+F]             ; 佫B
004DAAB8    0AC0            or      al, al                           ; al == 0 && cl == 0
004DAABA    75 0B           jnz     short 004DAAC7
004DAABC    0AC9            or      cl, cl
004DAABE    75 07           jnz     short 004DAAC7
004DAAC0    B3 01           mov     bl, 1
004DAAC2    E9 CA000000     jmp     004DAB91
004DAAC7    0AC0            or      al, al                           ; al == 0 && cl == 1
004DAAC9    75 0C           jnz     short 004DAAD7
004DAACB    80F9 01         cmp     cl, 1
004DAACE    75 07           jnz     short 004DAAD7
004DAAD0    B3 02           mov     bl, 2
004DAAD2    E9 BA000000     jmp     004DAB91
004DAAD7    0AC0            or      al, al                           ; al == 0 && cl == 2
004DAAD9    75 0C           jnz     short 004DAAE7
004DAADB    80F9 02         cmp     cl, 2
004DAADE    75 07           jnz     short 004DAAE7
004DAAE0    B3 03           mov     bl, 3
004DAAE2    E9 AA000000     jmp     004DAB91
004DAAE7    0AC0            or      al, al                           ; al == 0 && cl == 3
004DAAE9    75 0C           jnz     short 004DAAF7
004DAAEB    80F9 03         cmp     cl, 3
004DAAEE    75 07           jnz     short 004DAAF7
004DAAF0    B3 04           mov     bl, 4
004DAAF2    E9 9A000000     jmp     004DAB91
004DAAF7    3C 01           cmp     al, 1                            ; al == 1 && cl == 0
004DAAF9    75 0B           jnz     short 004DAB06
004DAAFB    0AC9            or      cl, cl
004DAAFD    75 07           jnz     short 004DAB06
004DAAFF    B3 05           mov     bl, 5
004DAB01    E9 8B000000     jmp     004DAB91
004DAB06    3C 01           cmp     al, 1                            ; al == 1 && cl == 1
004DAB08    75 09           jnz     short 004DAB13
004DAB0A    80F9 01         cmp     cl, 1
004DAB0D    75 04           jnz     short 004DAB13
004DAB0F    B3 06           mov     bl, 6
004DAB11    EB 7E           jmp     short 004DAB91
004DAB13    3C 01           cmp     al, 1                            ; al == 1 && cl == 2
004DAB15    75 09           jnz     short 004DAB20
004DAB17    80F9 02         cmp     cl, 2
004DAB1A    75 04           jnz     short 004DAB20
004DAB1C    B3 07           mov     bl, 7
004DAB1E    EB 71           jmp     short 004DAB91
004DAB20    3C 01           cmp     al, 1                            ; al == 1 && cl == 3
004DAB22    75 09           jnz     short 004DAB2D
004DAB24    80F9 03         cmp     cl, 3
004DAB27    75 04           jnz     short 004DAB2D
004DAB29    32DB            xor     bl, bl
004DAB2B    EB 64           jmp     short 004DAB91
004DAB2D    3C 02           cmp     al, 2                            ; al == 2 && cl == 0
004DAB2F    75 08           jnz     short 004DAB39
004DAB31    0AC9            or      cl, cl
004DAB33    75 04           jnz     short 004DAB39
004DAB35    B3 09           mov     bl, 9
004DAB37    EB 58           jmp     short 004DAB91
004DAB39    3C 02           cmp     al, 2                            ; al == 2 && cl == 1
004DAB3B    75 09           jnz     short 004DAB46
004DAB3D    80F9 01         cmp     cl, 1
004DAB40    75 04           jnz     short 004DAB46
004DAB42    B3 0A           mov     bl, 0A
004DAB44    EB 4B           jmp     short 004DAB91
004DAB46    3C 02           cmp     al, 2                            ; al == 2 && cl == 2
004DAB48    75 09           jnz     short 004DAB53
004DAB4A    80F9 02         cmp     cl, 2
004DAB4D    75 04           jnz     short 004DAB53
004DAB4F    B3 0B           mov     bl, 0B
004DAB51    EB 3E           jmp     short 004DAB91
004DAB53    3C 02           cmp     al, 2                            ; al == 2 && cl == 3
004DAB55    75 09           jnz     short 004DAB60
004DAB57    80F9 03         cmp     cl, 3
004DAB5A    75 04           jnz     short 004DAB60
004DAB5C    B3 0C           mov     bl, 0C
004DAB5E    EB 31           jmp     short 004DAB91
004DAB60    3C 03           cmp     al, 3                            ; al == 3 && cl == 0
004DAB62    75 08           jnz     short 004DAB6C
004DAB64    0AC9            or      cl, cl
004DAB66    75 04           jnz     short 004DAB6C
004DAB68    B3 0D           mov     bl, 0D
004DAB6A    EB 25           jmp     short 004DAB91
004DAB6C    3C 03           cmp     al, 3                            ; al == 3 && cl == 1
004DAB6E    75 09           jnz     short 004DAB79
004DAB70    80F9 01         cmp     cl, 1
004DAB73    75 04           jnz     short 004DAB79
004DAB75    B3 0E           mov     bl, 0E
004DAB77    EB 18           jmp     short 004DAB91
004DAB79    3C 03           cmp     al, 3                            ; al == 3 && cl == 2
004DAB7B    75 09           jnz     short 004DAB86
004DAB7D    80F9 02         cmp     cl, 2
004DAB80    75 04           jnz     short 004DAB86
004DAB82    B3 0F           mov     bl, 0F
004DAB84    EB 0B           jmp     short 004DAB91
004DAB86    3C 03           cmp     al, 3                            ; al == 3 && cl == 3
004DAB88    75 07           jnz     short 004DAB91
004DAB8A    80F9 03         cmp     cl, 3
004DAB8D    75 02           jnz     short 004DAB91
004DAB8F    B3 10           mov     bl, 10
004DAB91    B0 01           mov     al, 1                            ; 佫A
004DAB93    B1 03           mov     cl, 3                            ; 佫B
004DAB95    E9 F1000000     jmp     004DAC8B
004DAB9A    38C8            cmp     al, cl                           ; 佫A佫BҲʱ
004DAB9C    0F86 E9000000   jbe     004DAC8B
004DABA2    8B77 10         mov     esi, dword ptr [edi+10]
004DABA5    8A46 0F         mov     al, byte ptr [esi+F]             ; 佫A
004DABA8    8B77 1C         mov     esi, dword ptr [edi+1C]
004DABAB    8A4E 0F         mov     cl, byte ptr [esi+F]             ; 佫B
004DABAE    0AC0            or      al, al                           ; al == 0 && cl == 0
004DABB0    75 0B           jnz     short 004DABBD
004DABB2    0AC9            or      cl, cl
004DABB4    75 07           jnz     short 004DABBD
004DABB6    B3 11           mov     bl, 11
004DABB8    E9 CA000000     jmp     004DAC87
004DABBD    0AC0            or      al, al                           ; al == 0 && cl == 1
004DABBF    75 0C           jnz     short 004DABCD
004DABC1    80F9 01         cmp     cl, 1
004DABC4    75 07           jnz     short 004DABCD
004DABC6    B3 12           mov     bl, 12
004DABC8    E9 BA000000     jmp     004DAC87
004DABCD    0AC0            or      al, al                           ; al == 0 && cl == 2
004DABCF    75 0C           jnz     short 004DABDD
004DABD1    80F9 02         cmp     cl, 2
004DABD4    75 07           jnz     short 004DABDD
004DABD6    B3 13           mov     bl, 13
004DABD8    E9 AA000000     jmp     004DAC87
004DABDD    0AC0            or      al, al                           ; al == 0 && cl == 3
004DABDF    75 0C           jnz     short 004DABED
004DABE1    80F9 03         cmp     cl, 3
004DABE4    75 07           jnz     short 004DABED
004DABE6    B3 14           mov     bl, 14
004DABE8    E9 9A000000     jmp     004DAC87
004DABED    3C 01           cmp     al, 1                            ; al == 1 && cl == 0
004DABEF    75 0B           jnz     short 004DABFC
004DABF1    0AC9            or      cl, cl
004DABF3    75 07           jnz     short 004DABFC
004DABF5    B3 15           mov     bl, 15
004DABF7    E9 8B000000     jmp     004DAC87
004DABFC    3C 01           cmp     al, 1                            ; al == 1 && cl == 1
004DABFE    75 09           jnz     short 004DAC09
004DAC00    80F9 01         cmp     cl, 1
004DAC03    75 04           jnz     short 004DAC09
004DAC05    B3 16           mov     bl, 16
004DAC07    EB 7E           jmp     short 004DAC87
004DAC09    3C 01           cmp     al, 1                            ; al == 1 && cl == 2
004DAC0B    75 09           jnz     short 004DAC16
004DAC0D    80F9 02         cmp     cl, 2
004DAC10    75 04           jnz     short 004DAC16
004DAC12    B3 17           mov     bl, 17
004DAC14    EB 71           jmp     short 004DAC87
004DAC16    3C 01           cmp     al, 1                            ; al == 1 && cl == 3
004DAC18    75 09           jnz     short 004DAC23
004DAC1A    80F9 03         cmp     cl, 3
004DAC1D    75 04           jnz     short 004DAC23
004DAC1F    B3 18           mov     bl, 18
004DAC21    EB 64           jmp     short 004DAC87
004DAC23    3C 02           cmp     al, 2                            ; al == 2 && cl == 0
004DAC25    75 08           jnz     short 004DAC2F
004DAC27    0AC9            or      cl, cl
004DAC29    75 04           jnz     short 004DAC2F
004DAC2B    B3 19           mov     bl, 19
004DAC2D    EB 58           jmp     short 004DAC87
004DAC2F    3C 02           cmp     al, 2                            ; al == 2 && cl == 1
004DAC31    75 09           jnz     short 004DAC3C
004DAC33    80F9 01         cmp     cl, 1
004DAC36    75 04           jnz     short 004DAC3C
004DAC38    B3 1A           mov     bl, 1A
004DAC3A    EB 4B           jmp     short 004DAC87
004DAC3C    3C 02           cmp     al, 2                            ; al == 2 && cl == 2
004DAC3E    75 09           jnz     short 004DAC49
004DAC40    80F9 02         cmp     cl, 2
004DAC43    75 04           jnz     short 004DAC49
004DAC45    B3 1B           mov     bl, 1B
004DAC47    EB 3E           jmp     short 004DAC87
004DAC49    3C 02           cmp     al, 2                            ; al == 2 && cl == 3
004DAC4B    75 09           jnz     short 004DAC56
004DAC4D    80F9 03         cmp     cl, 3
004DAC50    75 04           jnz     short 004DAC56
004DAC52    B3 1C           mov     bl, 1C
004DAC54    EB 31           jmp     short 004DAC87
004DAC56    3C 03           cmp     al, 3                            ; al == 3 && cl == 0
004DAC58    75 08           jnz     short 004DAC62
004DAC5A    0AC9            or      cl, cl
004DAC5C    75 04           jnz     short 004DAC62
004DAC5E    B3 1D           mov     bl, 1D
004DAC60    EB 25           jmp     short 004DAC87
004DAC62    3C 03           cmp     al, 3                            ; al == 3 && cl == 1
004DAC64    75 09           jnz     short 004DAC6F
004DAC66    80F9 01         cmp     cl, 1
004DAC69    75 04           jnz     short 004DAC6F
004DAC6B    32DB            xor     bl, bl
004DAC6D    EB 18           jmp     short 004DAC87
004DAC6F    3C 03           cmp     al, 3                            ; al == 3 && cl == 2
004DAC71    75 09           jnz     short 004DAC7C
004DAC73    80F9 02         cmp     cl, 2
004DAC76    75 04           jnz     short 004DAC7C
004DAC78    B3 1F           mov     bl, 1F
004DAC7A    EB 0B           jmp     short 004DAC87
004DAC7C    3C 03           cmp     al, 3                            ; al == 3 && cl == 3
004DAC7E    75 07           jnz     short 004DAC87
004DAC80    80F9 03         cmp     cl, 3
004DAC83    75 02           jnz     short 004DAC87
004DAC85    B3 20           mov     bl, 20
004DAC87    B0 03           mov     al, 3                            ; 佫A
004DAC89    B1 01           mov     cl, 1                            ; 佫B
004DAC8B    8B77 1C         mov     esi, dword ptr [edi+1C]          ; 佫BսϢָ
004DAC8E    884E 0F         mov     byte ptr [esi+F], cl             ; 佫Bս
004DAC91    8B4F 10         mov     ecx, dword ptr [edi+10]          ; 佫AսϢָ
004DAC94    8841 0F         mov     byte ptr [ecx+F], al             ; 佫Aս
004DAC97    56              push    esi
004DAC98    51              push    ecx
004DAC99    53              push    ebx
004DAC9A    E8 11000000     call    004DACB0                         ; ת
004DAC9F    61              popad
004DACA0    C3              retn


         ݣ

         60 BF 00 E0 4B 00 8B 77 10 0F B6 46 06 0F B6 5E
         07 8B 77 1C 0F B6 4E 0F 41 F7 D9 89 4F 04 0F B6
         4E 06 0F B6 56 07 38 D3 73 0B B0 02 B1 00 32 DB
         E9 F6 01 00 00 38 D3 76 0B B0 00 B1 02 32 DB E9
         E7 01 00 00 38 C8 0F 83 EE 00 00 00 8B 77 10 8A
         46 0F 8B 77 1C 8A 4E 0F 0A C0 75 0B 0A C9 75 07
         B3 01 E9 CA 00 00 00 0A C0 75 0C 80 F9 01 75 07
         B3 02 E9 BA 00 00 00 0A C0 75 0C 80 F9 02 75 07
         B3 03 E9 AA 00 00 00 0A C0 75 0C 80 F9 03 75 07
         B3 04 E9 9A 00 00 00 3C 01 75 0B 0A C9 75 07 B3
         05 E9 8B 00 00 00 3C 01 75 09 80 F9 01 75 04 B3
         06 EB 7E 3C 01 75 09 80 F9 02 75 04 B3 07 EB 71
         3C 01 75 09 80 F9 03 75 04 32 DB EB 64 3C 02 75
         08 0A C9 75 04 B3 09 EB 58 3C 02 75 09 80 F9 01
         75 04 B3 0A EB 4B 3C 02 75 09 80 F9 02 75 04 B3
         0B EB 3E 3C 02 75 09 80 F9 03 75 04 B3 0C EB 31
         3C 03 75 08 0A C9 75 04 B3 0D EB 25 3C 03 75 09
         80 F9 01 75 04 B3 0E EB 18 3C 03 75 09 80 F9 02
         75 04 B3 0F EB 0B 3C 03 75 07 80 F9 03 75 02 B3
         10 B0 01 B1 03 E9 F1 00 00 00 38 C8 0F 86 E9 00
         00 00 8B 77 10 8A 46 0F 8B 77 1C 8A 4E 0F 0A C0
         75 0B 0A C9 75 07 B3 11 E9 CA 00 00 00 0A C0 75
         0C 80 F9 01 75 07 B3 12 E9 BA 00 00 00 0A C0 75
         0C 80 F9 02 75 07 B3 13 E9 AA 00 00 00 0A C0 75
         0C 80 F9 03 75 07 B3 14 E9 9A 00 00 00 3C 01 75
         0B 0A C9 75 07 B3 15 E9 8B 00 00 00 3C 01 75 09
         80 F9 01 75 04 B3 16 EB 7E 3C 01 75 09 80 F9 02
         75 04 B3 17 EB 71 3C 01 75 09 80 F9 03 75 04 B3
         18 EB 64 3C 02 75 08 0A C9 75 04 B3 19 EB 58 3C
         02 75 09 80 F9 01 75 04 B3 1A EB 4B 3C 02 75 09
         80 F9 02 75 04 B3 1B EB 3E 3C 02 75 09 80 F9 03
         75 04 B3 1C EB 31 3C 03 75 08 0A C9 75 04 B3 1D
         EB 25 3C 03 75 09 80 F9 01 75 04 32 DB EB 18 3C
         03 75 09 80 F9 02 75 04 B3 1F EB 0B 3C 03 75 07
         80 F9 03 75 02 B3 20 B0 03 B1 01 8B 77 1C 88 4E
         0F 8B 4F 10 88 41 0F 56 51 53 E8 11 00 00 00 61
         C3 90





18. 佫ת

004DACB0    55              push    ebp                              ; ת
004DACB1    8BEC            mov     ebp, esp
004DACB3    83C4 FC         add     esp, -4
004DACB6    EB 46           jmp     short 004DACFE
004DACB8    90              nop                                      ; ݿ佫սǷҪ䷴
004DACB9    90              nop  ; 0ֱˢ£1ת򲻱棬2䷴棬3䷴棬4䷴棬ȡĳ
004DACBA    0000            add     byte ptr [eax], al
004DACBC    0203            add     al, byte ptr [ebx]
004DACBE    0203            add     al, byte ptr [ebx]
004DACC0    0203            add     al, byte ptr [ebx]
004DACC2    0200            add     al, byte ptr [eax]
004DACC4    0003            add     byte ptr [ebx], al
004DACC6    0003            add     byte ptr [ebx], al
004DACC8    0003            add     byte ptr [ebx], al
004DACCA    0000            add     byte ptr [eax], al
004DACCC    0203            add     al, byte ptr [ebx]
004DACCE    0203            add     al, byte ptr [ebx]
004DACD0    0203            add     al, byte ptr [ebx]
004DACD2    0200            add     al, byte ptr [eax]
004DACD4    0203            add     al, byte ptr [ebx]
004DACD6    0203            add     al, byte ptr [ebx]
004DACD8    0203            add     al, byte ptr [ebx]
004DACDA    0200            add     al, byte ptr [eax]
004DACDC    0102            add     dword ptr [edx], eax
004DACDE    0100            add     dword ptr [eax], eax
004DACE0    0102            add     dword ptr [edx], eax
004DACE2    010401          add     dword ptr [ecx+eax], eax
004DACE5    0001            add     byte ptr [ecx], al
004DACE7    0001            add     byte ptr [ecx], al
004DACE9    0201            add     al, byte ptr [ecx]
004DACEB    04 01           add     al, 1
004DACED    04 01           add     al, 1
004DACEF    0001            add     byte ptr [ecx], al
004DACF1    0001            add     byte ptr [ecx], al
004DACF3    04 00           add     al, 0
004DACF5    04 00           add     al, 0
004DACF7    0000            add     byte ptr [eax], al
004DACF9    0200            add     al, byte ptr [eax]
004DACFB    04 90           add     al, 90
004DACFD    90              nop
004DACFE    8B45 08         mov     eax, dword ptr [ebp+8]           ; ת־ֵ
004DAD01    B9 BAAC4D00     mov     ecx, 004DACBA                    ; ָ
004DAD06    0FB70441        movzx   eax, word ptr [ecx+eax*2]        ; ȡֽ
004DAD0A    0FB6C8          movzx   ecx, al                          ; 佫Aת߼
004DAD0D    C1E8 08         shr     eax, 8
004DAD10    8945 FC         mov     dword ptr [ebp-4], eax           ; 佫Bת߼
004DAD13    83F9 00         cmp     ecx, 0
004DAD16    76 0A           jbe     short 004DAD22                   ; 佫AǷҪת
004DAD18    49              dec     ecx                              ; 佫AҪ䷴
004DAD19    51              push    ecx
004DAD1A    8B4D 0C         mov     ecx, dword ptr [ebp+C]           ; 佫AսϢָ
004DAD1D    E8 1250F6FF     call    0043FD34                         ; װݣ
004DAD22    8B4D 0C         mov     ecx, dword ptr [ebp+C]           ; 佫AսϢָ
004DAD25    E8 9F4FF6FF     call    0043FCC9                         ; ˢ
004DAD2A    8B45 FC         mov     eax, dword ptr [ebp-4]           ; 佫Bת߼
004DAD2D    83F8 02         cmp     eax, 2                           ; ǷҪ䷴
004DAD30    76 10           jbe     short 004DAD42
004DAD32    83E8 03         sub     eax, 3
004DAD35    B9 00E04B00     mov     ecx, 004BE000                    ; ԭԴ׵ַָ
004DAD3A    66:8941 06      mov     word ptr [ecx+6], ax             ; ䷴߼
004DAD3E    EB 08           jmp     short 004DAD48
004DAD40    EB 0F           jmp     short 004DAD51
004DAD42    83F8 00         cmp     eax, 0
004DAD45    76 0A           jbe     short 004DAD51
004DAD47    48              dec     eax
004DAD48    50              push    eax                              ; ䷴߼
004DAD49    8B4D 10         mov     ecx, dword ptr [ebp+10]          ; 佫BսϢָ
004DAD4C    E8 E34FF6FF     call    0043FD34
004DAD51    8B4D 10         mov     ecx, dword ptr [ebp+10]          ; 佫BսϢָ
004DAD54    E8 704FF6FF     call    0043FCC9                         ; ˢ
004DAD59    C9              leave
004DAD5A    C2 0C00         retn    0C
004DAD5D    90              nop


         ݣ

         55 8B EC 83 C4 FC EB 46 90 90 00 00 02 03 02 03
         02 03 02 00 00 03 00 03 00 03 00 00 02 03 02 03
         02 03 02 00 02 03 02 03 02 03 02 00 01 02 01 00
         01 02 01 04 01 00 01 00 01 02 01 04 01 04 01 00
         01 00 01 04 00 04 00 00 00 02 00 04 90 90 8B 45
         08 B9 BA AC 4D 00 0F B7 04 41 0F B6 C8 C1 E8 08
         89 45 FC 83 F9 00 76 0A 49 51 8B 4D 0C E8 12 50
         F6 FF 8B 4D 0C E8 9F 4F F6 FF 8B 45 FC 83 F8 02
         76 10 83 E8 03 B9 00 E0 4B 00 66 89 41 06 EB 08
         EB 0F 83 F8 00 76 0A 48 50 8B 4D 10 E8 E3 4F F6
         FF 8B 4D 10 E8 70 4F F6 FF C9 C2 0C 00 90






19. ģ̬Ի

004DAD70    55              push    ebp                              ; ģ̬Ի򴴽
004DAD71    8BEC            mov     ebp, esp
004DAD73    81C4 F4FEFFFF   add     esp, -10C
004DAD79    8D8D F4FEFFFF   lea     ecx, dword ptr [ebp-10C]
004DAD7F    E8 BC35F6FF     call    0043E340                         ; ֲ
004DAD84    B8 00E04B00     mov     eax, 004BE000                    ; ԭԴ׵ַ
004DAD89    FF70 10         push    dword ptr [eax+10]               ; 佫AսϢָ
004DAD8C    8D8D F4FEFFFF   lea     ecx, dword ptr [ebp-10C]
004DAD92    E8 797CF9FF     call    00472A10                         ; ֲ
004DAD97    8D8D F4FEFFFF   lea     ecx, dword ptr [ebp-10C]
004DAD9D    51              push    ecx                              ; lParam = ֲָ
004DAD9E    68 F8D04600     push    0046D0F8                         ; DlgProc
004DADA3    B8 606A4B00     mov     eax, 004B6A60
004DADA8    FF70 08         push    dword ptr [eax+8]                ; ھ
004DADAB    68 90010000     push    190                              ; ԻID
004DADB0    FF30            push    dword ptr [eax]                  ; hInst
004DADB2    FF15 A0624800   call    dword ptr [<&USER32.DialogBoxPar>; USER32.DialogBoxParamA
004DADB8    BA 00E04B00     mov     edx, 004BE000                    ; ԭԴ׵ַ
004DADBD    8B42 04         mov     eax, dword ptr [edx+4]           ; &ת־λ
004DADC0    48              dec     eax
004DADC1    83F8 02         cmp     eax, 2                           ; Ƿȡ
004DADC4    77 08           ja      short 004DADCE
004DADC6    50              push    eax                              ; ݱ־ֵ
004DADC7    E8 8D050000     call    004DB359                         ; ݴ
004DADCC    EB 3C           jmp     short 004DAE0A
004DADCE    8B42 04         mov     eax, dword ptr [edx+4]           ; ȡת־λ
004DADD1    8BC8            mov     ecx, eax
004DADD3    F7D9            neg     ecx
004DADD5    49              dec     ecx
004DADD6    83F9 04         cmp     ecx, 4                           ; ǷҪ䷴
004DADD9    72 23           jb      short 004DADFE
004DADDB    50              push    eax                              ; ȡת־λ
004DADDC    0FBFC0          movsx   eax, ax
004DADDF    F7D8            neg     eax
004DADE1    48              dec     eax                              ; ȡ佫Bԭ
004DADE2    8B4A 1C         mov     ecx, dword ptr [edx+1C]          ; ȡ佫BսϢָ
004DADE5    8841 0F         mov     byte ptr [ecx+F], al             ; ԭ佫B
004DADE8    58              pop     eax                              ; ת־λ
004DADE9    C1E8 08         shr     eax, 8
004DADEC    C1E8 08         shr     eax, 8                           ; ߼16λ
004DADEF    0C 00           or      al, 0                            ; ˢCPU־
004DADF1    0F94C0          sete    al                               ; ־λAL1
004DADF4    51              push    ecx                              ; 佫BսϢָ
004DADF5    50              push    eax                              ; ䷴߼
004DADF6    E8 394FF6FF     call    0043FD34                         ; װݣ
004DADFB    59              pop     ecx
004DADFC    EB 07           jmp     short 004DAE05
004DADFE    8B42 1C         mov     eax, dword ptr [edx+1C]          ; ȡ佫BսϢָ
004DAE01    8848 0F         mov     byte ptr [eax+F], cl             ; ԭ佫B
004DAE04    91              xchg    eax, ecx
004DAE05    E8 BF4EF6FF     call    0043FCC9                         ; ˢ
004DAE0A    C9              leave
004DAE0B    C3              retn
004DAE0C    C3              retn


         ݣ

         55 8B EC 81 C4 F4 FE FF FF 8D 8D F4 FE FF FF E8
         BC 35 F6 FF B8 00 E0 4B 00 FF 70 10 8D 8D F4 FE
         FF FF E8 79 7C F9 FF 8D 8D F4 FE FF FF 51 68 F8
         D0 46 00 B8 60 6A 4B 00 FF 70 08 68 90 01 00 00
         FF 30 FF 15 A0 62 48 00 BA 00 E0 4B 00 8B 42 04
         48 83 F8 02 77 08 50 E8 8D 05 00 00 EB 3C 8B 42
         04 8B C8 F7 D9 49 83 F9 04 72 23 50 0F BF C0 F7
         D8 48 8B 4A 1C 88 41 0F 58 C1 E8 08 C1 E8 08 0C
         00 0F 94 C0 51 50 E8 39 4F F6 FF 59 EB 07 8B 42
         1C 88 48 0F 91 E8 BF 4E F6 FF C9 C3 C3 90






20. ضԻӦϢ

0046D113    - E9 28DD0600   jmp     004DAE40
0046D118      90            nop

004DAE40    8B45 0C         mov     eax, dword ptr [ebp+C]           ; wMsg
004DAE43    8945 E4         mov     dword ptr [ebp-1C], eax
004DAE46    BA 00E04B00     mov     edx, 004BE000                    ; ԭԴ׵ַ
004DAE4B    8B0A            mov     ecx, dword ptr [edx]
004DAE4D    41              inc     ecx                              ; []Ի־
004DAE4E    75 19           jnz     short 004DAE69                   ; []Ի򽻻Ĭϴڹ̴
004DAE50    3D 10010000     cmp     eax, 110                         ; WM_INITDIALOG
004DAE55    75 17           jnz     short 004DAE6E
004DAE57    6A 00           push    0
004DAE59    6A 00           push    0
004DAE5B    68 90050000     push    590                              ; ԶϢԻڴ
004DAE60    FF75 08         push    dword ptr [ebp+8]                ; Ի
004DAE63    FF15 18634800   call    dword ptr [<&USER32.PostMessageA>; USER32.PostMessageA
004DAE69  - E9 AB22F9FF     jmp     0046D119
004DAE6E    3D 38010000     cmp     eax, 138                         ; ؼϢ
004DAE73    75 11           jnz     short 004DAE86
004DAE75    6A 00           push    0
004DAE77    6A 00           push    0
004DAE79    6A 0F           push    0F                               ;  WM_PAINTϢڹ
004DAE7B    FF75 08         push    dword ptr [ebp+8]
004DAE7E    FF15 18634800   call    dword ptr [<&USER32.PostMessageA>; USER32.PostMessageA
004DAE84  ^ EB E3           jmp     short 004DAE69
004DAE86    83F8 0F         cmp     eax, 0F                          ; WM_PAINT
004DAE89    75 07           jnz     short 004DAE92
004DAE8B    E8 A0030000     call    004DB230                         ; SS_WHITERECT ؼ꺯
004DAE90  ^ EB D7           jmp     short 004DAE69
004DAE92    83F8 02         cmp     eax, 2
004DAE95    75 10           jnz     short 004DAEA7
004DAE97    B9 00E04B00     mov     ecx, 004BE000
004DAE9C    FF71 0C         push    dword ptr [ecx+C]                ; 佫ͷڴλͼ
004DAE9F    FF15 48604800   call    dword ptr [<&GDI32.DeleteObject>>; GDI32.DeleteObject
004DAEA5  ^ EB C2           jmp     short 004DAE69
004DAEA7    3D 90050000     cmp     eax, 590
004DAEAC    75 0D           jnz     short 004DAEBB
004DAEAE    FF75 08         push    dword ptr [ebp+8]                ; Ի
004DAEB1    8F42 08         pop     dword ptr [edx+8]
004DAEB4    E8 87000000     call    004DAF40                         ; ؼʼ
004DAEB9  ^ EB AE           jmp     short 004DAE69
004DAEBB    3D 11010000     cmp     eax, 111                         ; WM_COMMAND
004DAEC0  ^ 75 A7           jnz     short 004DAE69
004DAEC2    0FB74D 10       movzx   ecx, word ptr [ebp+10]           ; wParam
004DAEC6    81F9 C6070000   cmp     ecx, 7C6                         ; [OK]ťϢ
004DAECC    75 07           jnz     short 004DAED5
004DAECE    6A 01           push    1
004DAED0    8F42 04         pop     dword ptr [edx+4]                ; []
004DAED3    EB 20           jmp     short 004DAEF5
004DAED5    81F9 C7070000   cmp     ecx, 7C7                         ; [OK]ťϢ
004DAEDB    75 07           jnz     short 004DAEE4
004DAEDD    6A 02           push    2
004DAEDF    8F42 04         pop     dword ptr [edx+4]
004DAEE2    EB 11           jmp     short 004DAEF5
004DAEE4    81F9 C8070000   cmp     ecx, 7C8                         ; [OK]ťϢ
004DAEEA  - 0F85 2922F9FF   jnz     0046D119
004DAEF0    6A 03           push    3
004DAEF2    8F42 04         pop     dword ptr [edx+4]
004DAEF5    6A 00           push    0
004DAEF7    6A 00           push    0
004DAEF9    6A 10           push    10                               ; WM_CLOSE
004DAEFB    FF75 08         push    dword ptr [ebp+8]
004DAEFE    FF15 18634800   call    dword ptr [<&USER32.PostMessageA>; USER32.PostMessageA
004DAF04  - E9 BC22F9FF     jmp     0046D1C5
004DAF09    90              nop


         ݣ

         8B 45 0C 89 45 E4 BA 00 E0 4B 00 8B 0A 41 75 19
         3D 10 01 00 00 75 17 6A 00 6A 00 68 90 05 00 00
         FF 75 08 FF 15 18 63 48 00 E9 AB 22 F9 FF 3D 38
         01 00 00 75 11 6A 00 6A 00 6A 0F FF 75 08 FF 15
         18 63 48 00 EB E3 83 F8 0F 75 07 E8 A0 03 00 00
         EB D7 83 F8 02 75 10 B9 00 E0 4B 00 FF 71 0C FF
         15 48 60 48 00 EB C2 3D 90 05 00 00 75 0D FF 75
         08 8F 42 08 E8 87 00 00 00 EB AE 3D 11 01 00 00
         75 A7 0F B7 4D 10 81 F9 C6 07 00 00 75 07 6A 01
         8F 42 04 EB 20 81 F9 C7 07 00 00 75 07 6A 02 8F
         42 04 EB 11 81 F9 C8 07 00 00 0F 85 29 22 F9 FF
         6A 03 8F 42 04 6A 00 6A 00 6A 10 FF 75 08 FF 15
         18 63 48 00 E9 BC 22 F9 FF 90






21. ؼʼ

004DAF40    55              push    ebp                              ; ؼʼ
004DAF41    8BEC            mov     ebp, esp
004DAF43    83C4 F0         add     esp, -10
004DAF46    B8 00E04B00     mov     eax, 004BE000                    ; ԭԴ׵ַ
004DAF4B    FF70 08         push    dword ptr [eax+8]
004DAF4E    8F45 FC         pop     dword ptr [ebp-4]                ; Ի򴰿ھ
004DAF51    8945 F8         mov     dword ptr [ebp-8], eax
004DAF54    FF70 20         push    dword ptr [eax+20]
004DAF57    8F45 F4         pop     dword ptr [ebp-C]                ; 佫B_SAVӳָ
004DAF5A    68 142E4900     push    00492E14                         ; ASCII "@?"
004DAF5F    8F45 F0         pop     dword ptr [ebp-10]
004DAF62    68 82050000     push    582                              ; ͼԴID
004DAF67    FF75 FC         push    dword ptr [ebp-4]
004DAF6A    FF15 DC624800   call    dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DAF70    B9 D86C4B00     mov     ecx, 004B6CD8
004DAF75    51              push    ecx
004DAF76    50              push    eax                              ; ͼؼ
004DAF77    E8 8E78F8FF     call    0046280A                         ; ıؼ
004DAF7C    59              pop     ecx
004DAF7D    8B45 F0         mov     eax, dword ptr [ebp-10]          ; EAX = 492E14H
004DAF80    FF30            push    dword ptr [eax]
004DAF82    E8 F683F8FF     call    0046337D
004DAF87    68 83050000     push    583                              ; ͼԴID
004DAF8C    FF75 FC         push    dword ptr [ebp-4]
004DAF8F    FF15 DC624800   call    dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DAF95    B9 786A4B00     mov     ecx, 004B6A78
004DAF9A    51              push    ecx
004DAF9B    50              push    eax
004DAF9C    E8 6978F8FF     call    0046280A
004DAFA1    59              pop     ecx
004DAFA2    8B45 F0         mov     eax, dword ptr [ebp-10]          ; EAX = 492E14H
004DAFA5    FF30            push    dword ptr [eax]
004DAFA7    E8 D183F8FF     call    0046337D
004DAFAC    68 84050000     push    584                              ; ͼԴID
004DAFB1    FF75 FC         push    dword ptr [ebp-4]
004DAFB4    FF15 DC624800   call    dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DAFBA    B9 F0744B00     mov     ecx, 004B74F0
004DAFBF    51              push    ecx
004DAFC0    50              push    eax
004DAFC1    E8 4478F8FF     call    0046280A
004DAFC6    59              pop     ecx
004DAFC7    8B45 F0         mov     eax, dword ptr [ebp-10]
004DAFCA    FF30            push    dword ptr [eax]
004DAFCC    E8 AC83F8FF     call    0046337D
004DAFD1    8B4D F4         mov     ecx, dword ptr [ebp-C]           ; 佫B_SAVӳָ
004DAFD4    E8 CEC5F2FF     call    004075A7                         ; ȡ佫ͷ
004DAFD9    05 2D010000     add     eax, 12D                         ; ͷʼ301
004DAFDE    6A 40           push    40                               ; LR_DEFAULTSIZE
004DAFE0    6A 00           push    0                                ; CyDesired
004DAFE2    6A 00           push    0                                ; cxDesired
004DAFE4    6A 00           push    0                                ; IMAGE_BITMAP
004DAFE6    50              push    eax                              ; ԴID(佫ͷ)
004DAFE7    FF35 00F14C00   push    dword ptr [4CF100]               ; sge.dllʵ
004DAFED    FF15 34D04C00   call    dword ptr [4CD034]               ; USER32.LoadImageA
004DAFF3    8B4D F8         mov     ecx, dword ptr [ebp-8]
004DAFF6    8941 0C         mov     dword ptr [ecx+C], eax
004DAFF9    50              push    eax                              ; ڴλͼ
004DAFFA    6A 00           push    0                                ; IMAGE_BITMAP
004DAFFC    68 72010000     push    172                              ; STM_SETIMAGE
004DB001    68 CA070000     push    7CA                              ; Ի佫ͷλͼԴID
004DB006    FF75 FC         push    dword ptr [ebp-4]
004DB009    FF15 90634800   call    dword ptr [<&USER32.SendDlgItemM>; USER32.SendDlgItemMessageA
004DB00F    8B4D F4         mov     ecx, dword ptr [ebp-C]           ; 佫B_SAVӳָ
004DB012    8D41 08         lea     eax, dword ptr [ecx+8]           ; 佫B_Ƶַָ
004DB015    50              push    eax
004DB016    68 73040000     push    473                              ; 佫ԴID
004DB01B    FF75 FC         push    dword ptr [ebp-4]
004DB01E    FF15 D8624800   call    dword ptr [<&USER32.SetDlgItemTe>; USER32.SetDlgItemTextA
004DB024    8B4D F4         mov     ecx, dword ptr [ebp-C]
004DB027    0FB641 2B       movzx   eax, byte ptr [ecx+2B]           ; ȡ佫Bִ
004DB02B    8B0485 A8BE4800 mov     eax, dword ptr [eax*4+48BEA8]    ; ȡ
004DB032    50              push    eax
004DB033    68 75040000     push    475                              ; ԴID
004DB038    FF75 FC         push    dword ptr [ebp-4]
004DB03B    FF15 D8624800   call    dword ptr [<&USER32.SetDlgItemTe>; USER32.SetDlgItemTextA
004DB041    8B4D F4         mov     ecx, dword ptr [ebp-C]
004DB044    0FB641 2C       movzx   eax, byte ptr [ecx+2C]           ; ȡ佫Bȼ
004DB048    6A 00           push    0
004DB04A    50              push    eax
004DB04B    68 F9030000     push    3F9                              ; ȼֵԴID
004DB050    FF75 FC         push    dword ptr [ebp-4]
004DB053    FF15 E4624800   call    dword ptr [<&USER32.SetDlgItemIn>; USER32.SetDlgItemInt
004DB059    FF75 FC         push    dword ptr [ebp-4]                ; Ի򴰿ھ
004DB05C    8B4D F4         mov     ecx, dword ptr [ebp-C]           ; 佫B_SAVӳָ
004DB05F    E8 47BEF9FF     call    00476EAB                         ; װϢʾ
004DB064    E8 27000000     call    004DB090                         ; װ+Чֵʾ
004DB069    E8 92000000     call    004DB100                         ; [OK]ťƺ
004DB06E    C9              leave
004DB06F    C3              retn


         ݣ

         55 8B EC 83 C4 F0 B8 00 E0 4B 00 FF 70 08 8F 45
         FC 89 45 F8 FF 70 20 8F 45 F4 68 14 2E 49 00 8F
         45 F0 68 82 05 00 00 FF 75 FC FF 15 DC 62 48 00
         B9 D8 6C 4B 00 51 50 E8 8E 78 F8 FF 59 8B 45 F0
         FF 30 E8 F6 83 F8 FF 68 83 05 00 00 FF 75 FC FF
         15 DC 62 48 00 B9 78 6A 4B 00 51 50 E8 69 78 F8
         FF 59 8B 45 F0 FF 30 E8 D1 83 F8 FF 68 84 05 00
         00 FF 75 FC FF 15 DC 62 48 00 B9 F0 74 4B 00 51
         50 E8 44 78 F8 FF 59 8B 45 F0 FF 30 E8 AC 83 F8
         FF 8B 4D F4 E8 CE C5 F2 FF 05 2D 01 00 00 6A 40
         6A 00 6A 00 6A 00 50 FF 35 00 F1 4C 00 FF 15 34
         D0 4C 00 8B 4D F8 89 41 0C 50 6A 00 68 72 01 00
         00 68 CA 07 00 00 FF 75 FC FF 15 90 63 48 00 8B
         4D F4 8D 41 08 50 68 73 04 00 00 FF 75 FC FF 15
         D8 62 48 00 8B 4D F4 0F B6 41 2B 8B 04 85 A8 BE
         48 00 50 68 75 04 00 00 FF 75 FC FF 15 D8 62 48
         00 8B 4D F4 0F B6 41 2C 6A 00 50 68 F9 03 00 00
         FF 75 FC FF 15 E4 62 48 00 FF 75 FC 8B 4D F4 E8
         47 BE F9 FF E8 27 00 00 00 E8 92 00 00 00 C9 C3







22. װ + Чֵʾ

004DB090    55              push    ebp                              ; װ+Чֵʾ
004DB091    8BEC            mov     ebp, esp
004DB093    83C4 D8         add     esp, -28
004DB096    B8 00E04B00     mov     eax, 004BE000                    ; ԭԴ׵ַ
004DB09B    FF70 08         push    dword ptr [eax+8]
004DB09E    8F45 DC         pop     dword ptr [ebp-24]               ; Ի򴰿ھ
004DB0A1    FF70 20         push    dword ptr [eax+20]
004DB0A4    8F45 D8         pop     dword ptr [ebp-28]               ; 佫B_SAVӳָ
004DB0A7    8B4D D8         mov     ecx, dword ptr [ebp-28]
004DB0AA    0FB641 2E       movzx   eax, byte ptr [ecx+2E]           ; ȡ佫Bװ
004DB0AE    50              push    eax
004DB0AF    8D45 E0         lea     eax, dword ptr [ebp-20]
004DB0B2    50              push    eax                              ; 㹻װ+ЧֵĻָ
004DB0B3    E8 BC70F8FF     call    00462174                         ; 0Cջװʽ08ջָĻ
004DB0B8    83C4 08         add     esp, 8
004DB0BB    8D45 E0         lea     eax, dword ptr [ebp-20]
004DB0BE    50              push    eax                              ; װ+Чֵַָ
004DB0BF    68 88050000     push    588                              ; ԴID
004DB0C4    FF75 DC         push    dword ptr [ebp-24]
004DB0C7    FF15 D8624800   call    dword ptr [<&USER32.SetDlgItemTe>; USER32.SetDlgItemTextA
004DB0CD    8B4D D8         mov     ecx, dword ptr [ebp-28]
004DB0D0    0FB641 31       movzx   eax, byte ptr [ecx+31]           ; ȡ佫BװĻߴ
004DB0D4    50              push    eax
004DB0D5    8D45 E0         lea     eax, dword ptr [ebp-20]
004DB0D8    50              push    eax                              ; 㹻װ+ЧֵĻָ
004DB0D9    E8 9670F8FF     call    00462174                         ; 0Cջװʽ08ջָĻ
004DB0DE    83C4 08         add     esp, 8
004DB0E1    8D45 E0         lea     eax, dword ptr [ebp-20]
004DB0E4    50              push    eax                              ; װ+Чֵַָ
004DB0E5    68 89050000     push    589                              ; ԴID
004DB0EA    FF75 DC         push    dword ptr [ebp-24]
004DB0ED    FF15 D8624800   call    dword ptr [<&USER32.SetDlgItemTe>; USER32.SetDlgItemTextA
004DB0F3    C9              leave
004DB0F4    C3              retn



         ݣ
         55 8B EC 83 C4 D8 B8 00 E0 4B 00 FF 70 08 8F 45
         DC FF 70 20 8F 45 D8 8B 4D D8 0F B6 41 2E 50 8D
         45 E0 50 E8 BC 70 F8 FF 83 C4 08 8D 45 E0 50 68
         88 05 00 00 FF 75 DC FF 15 D8 62 48 00 8B 4D D8
         0F B6 41 31 50 8D 45 E0 50 E8 96 70 F8 FF 83 C4
         08 8D 45 E0 50 68 89 05 00 00 FF 75 DC FF 15 D8
         62 48 00 C9 C3 90







23. 佫Ƿ [OK] ť

004DB100    55              push    ebp                              ; [OK]ťƺ
004DB101    8BEC            mov     ebp, esp
004DB103    83C4 EC         add     esp, -14
004DB106    B8 00E04B00     mov     eax, 004BE000                    ; ԭԴ׵ַ
004DB10B    8945 F0         mov     dword ptr [ebp-10], eax
004DB10E    8B48 08         mov     ecx, dword ptr [eax+8]
004DB111    894D FC         mov     dword ptr [ebp-4], ecx           ; Ի򴰿ھ
004DB114    8B50 20         mov     edx, dword ptr [eax+20]
004DB117    8955 F4         mov     dword ptr [ebp-C], edx           ; 佫B_SAVӳָ
004DB11A    8B48 14         mov     ecx, dword ptr [eax+14]
004DB11D    894D F8         mov     dword ptr [ebp-8], ecx           ; 佫A_SAVӳָ
004DB120    0FB642 2E       movzx   eax, byte ptr [edx+2E]
004DB124    8945 EC         mov     dword ptr [ebp-14], eax          ; 佫Bװ
004DB127    50              push    eax
004DB128    E8 DAC7F2FF     call    00407907                         ; 佫Aܷװ佫B
004DB12D    85C0            test    eax, eax                         ; 0ʾװ
004DB12F    74 1D           je      short 004DB14E
004DB131    8B55 F8         mov     edx, dword ptr [ebp-8]           ; 佫A_SAVӳָ
004DB134    0FB642 2E       movzx   eax, byte ptr [edx+2E]           ; ȡ佫Aװ
004DB138    3C FF           cmp     al, 0FF                          ; ǷΪ
004DB13A    75 05           jnz     short 004DB141
004DB13C    3A45 EC         cmp     al, byte ptr [ebp-14]            ; 佫BװǷҲΪ
004DB13F    74 0D           je      short 004DB14E
004DB141    50              push    eax                              ; 佫Aװ
004DB142    8B4D F4         mov     ecx, dword ptr [ebp-C]           ; 佫B_SAVӳָ
004DB145    E8 BDC7F2FF     call    00407907                         ; 佫Bܷװ佫A
004DB14A    85C0            test    eax, eax
004DB14C    75 17           jnz     short 004DB165
004DB14E    68 C6070000     push    7C6                              ; [OK]ťԴID
004DB153    FF75 FC         push    dword ptr [ebp-4]
004DB156    FF15 DC624800   call    dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DB15C    6A 00           push    0                                ; 
004DB15E    50              push    eax
004DB15F    FF15 E8624800   call    dword ptr [<&USER32.EnableWindow>; USER32.EnableWindow
004DB165    8B55 F4         mov     edx, dword ptr [ebp-C]           ; 佫B_SAVӳָ
004DB168    0FB642 31       movzx   eax, byte ptr [edx+31]
004DB16C    8945 EC         mov     dword ptr [ebp-14], eax          ; ȡ佫BװĻߴ
004DB16F    50              push    eax
004DB170    8B4D F8         mov     ecx, dword ptr [ebp-8]           ; 佫A_SAVӳָ
004DB173    E8 8FC7F2FF     call    00407907                         ; 佫Aܷװ佫BĻ
004DB178    85C0            test    eax, eax
004DB17A    74 1D           je      short 004DB199
004DB17C    8B55 F8         mov     edx, dword ptr [ebp-8]
004DB17F    0FB642 31       movzx   eax, byte ptr [edx+31]           ; ȡ佫AװĻߴ
004DB183    3C FF           cmp     al, 0FF                          ; ǷΪ
004DB185    75 05           jnz     short 004DB18C
004DB187    3A45 EC         cmp     al, byte ptr [ebp-14]            ; 佫BװǷҲΪ
004DB18A    74 0D           je      short 004DB199
004DB18C    50              push    eax                              ; 佫AװĻߴ
004DB18D    8B4D F4         mov     ecx, dword ptr [ebp-C]           ; 佫B_SAVӳָ
004DB190    E8 72C7F2FF     call    00407907                         ; 佫Bܷװ佫AĻ
004DB195    85C0            test    eax, eax
004DB197    75 17           jnz     short 004DB1B0
004DB199    68 C7070000     push    7C7                              ; [OK]ťԴID
004DB19E    FF75 FC         push    dword ptr [ebp-4]
004DB1A1    FF15 DC624800   call    dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DB1A7    6A 00           push    0                                ; 
004DB1A9    50              push    eax
004DB1AA    FF15 E8624800   call    dword ptr [<&USER32.EnableWindow>; USER32.EnableWindow
004DB1B0    8B55 F4         mov     edx, dword ptr [ebp-C]           ; 佫B_SAVӳָ
004DB1B3    0FB642 34       movzx   eax, byte ptr [edx+34]           ; ȡ佫Bװĸ
004DB1B7    8945 EC         mov     dword ptr [ebp-14], eax
004DB1BA    90              nop
004DB1BB    8B4D F8         mov     ecx, dword ptr [ebp-8]           ; 佫A_SAVӳָ
004DB1BE    50              push    eax
004DB1BF    E8 43C7F2FF     call    00407907                         ; 佫Aܷװ佫Bĸ
004DB1C4    85C0            test    eax, eax
004DB1C6    74 1D           je      short 004DB1E5
004DB1C8    8B55 F8         mov     edx, dword ptr [ebp-8]
004DB1CB    0FB642 34       movzx   eax, byte ptr [edx+34]           ; ȡ佫Aװĸ
004DB1CF    3C FF           cmp     al, 0FF                          ; ǷΪ
004DB1D1    75 05           jnz     short 004DB1D8
004DB1D3    3A45 EC         cmp     al, byte ptr [ebp-14]            ; 佫BװǷҲΪ
004DB1D6    74 0D           je      short 004DB1E5
004DB1D8    50              push    eax
004DB1D9    8B4D F4         mov     ecx, dword ptr [ebp-C]           ; 佫B_SAVӳָ
004DB1DC    E8 26C7F2FF     call    00407907                         ; 佫Bܷװ佫Aĸ
004DB1E1    85C0            test    eax, eax
004DB1E3    75 17           jnz     short 004DB1FC
004DB1E5    68 C8070000     push    7C8                              ; [OK]ťԴID
004DB1EA    FF75 FC         push    dword ptr [ebp-4]
004DB1ED    FF15 DC624800   call    dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DB1F3    6A 00           push    0                                ; 
004DB1F5    50              push    eax
004DB1F6    FF15 E8624800   call    dword ptr [<&USER32.EnableWindow>; USER32.EnableWindow
004DB1FC    6A 00           push    0
004DB1FE    FF15 AC614800   call    dword ptr [<&KERNEL32.GetModuleH>; kernel32.GetModuleHandleA
004DB204    6A 7F           push    7F                               ; ָԴID
004DB206    50              push    eax                              ; ģ
004DB207    FF15 B0634800   call    dword ptr [<&USER32.LoadCursorA>>; USER32.LoadCursorA
004DB20D    50              push    eax
004DB20E    6A 02           push    2                                ; [ȡ]ťID
004DB210    FF75 FC         push    dword ptr [ebp-4]
004DB213    FF15 DC624800   call    dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DB219    6A F4           push    -0C                              ; GCL_HCURSOR
004DB21B    50              push    eax
004DB21C    FF15 B8624800   call    dword ptr [<&USER32.SetClassLong>; USER32.SetClassLongA
004DB222    C9              leave
004DB223    C3              retn


         ݣ

         55 8B EC 83 C4 EC B8 00 E0 4B 00 89 45 F0 8B 48
         08 89 4D FC 8B 50 20 89 55 F4 8B 48 14 89 4D F8
         0F B6 42 2E 89 45 EC 50 E8 DA C7 F2 FF 85 C0 74
         1D 8B 55 F8 0F B6 42 2E 3C FF 75 05 3A 45 EC 74
         0D 50 8B 4D F4 E8 BD C7 F2 FF 85 C0 75 17 68 C6
         07 00 00 FF 75 FC FF 15 DC 62 48 00 6A 00 50 FF
         15 E8 62 48 00 8B 55 F4 0F B6 42 31 89 45 EC 50
         8B 4D F8 E8 8F C7 F2 FF 85 C0 74 1D 8B 55 F8 0F
         B6 42 31 3C FF 75 05 3A 45 EC 74 0D 50 8B 4D F4
         E8 72 C7 F2 FF 85 C0 75 17 68 C7 07 00 00 FF 75
         FC FF 15 DC 62 48 00 6A 00 50 FF 15 E8 62 48 00
         8B 55 F4 0F B6 42 34 89 45 EC 90 8B 4D F8 50 E8
         43 C7 F2 FF 85 C0 74 1D 8B 55 F8 0F B6 42 34 3C
         FF 75 05 3A 45 EC 74 0D 50 8B 4D F4 E8 26 C7 F2
         FF 85 C0 75 17 68 C8 07 00 00 FF 75 FC FF 15 DC
         62 48 00 6A 00 50 FF 15 E8 62 48 00 6A 00 FF 15
         AC 61 48 00 6A 7F 50 FF 15 B0 63 48 00 50 6A 02
         FF 75 FC FF 15 DC 62 48 00 6A F4 50 FF 15 B8 62
         48 00 C9 C3







24. ֵʾ

004DB230    55              push    ebp                              ; SS_WHITERECT ؼ꺯
004DB231    8BEC            mov     ebp, esp
004DB233    83EC 48         sub     esp, 48
004DB236    B9 00E04B00     mov     ecx, 004BE000                    ; ԭԴ׵ַ
004DB23B    FF71 08         push    dword ptr [ecx+8]
004DB23E    8F45 CC         pop     dword ptr [ebp-34]               ; Ի򴰿ھ
004DB241    FF71 20         push    dword ptr [ecx+20]
004DB244    8F45 C8         pop     dword ptr [ebp-38]               ; 佫B_SAVӳָ
004DB247    B8 8E050000     mov     eax, 58E                         ; ԴID
004DB24C    8945 B8         mov     dword ptr [ebp-48], eax
004DB24F    40              inc     eax
004DB250    8945 BC         mov     dword ptr [ebp-44], eax          ; ߾ԴID
004DB253    05 3C020000     add     eax, 23C
004DB258    8945 C0         mov     dword ptr [ebp-40], eax          ; 佫BﾭԴID
004DB25B    33C0            xor     eax, eax
004DB25D    8945 C4         mov     dword ptr [ebp-3C], eax          ; ѭ0
004DB260    837D C4 02      cmp     dword ptr [ebp-3C], 2
004DB264    0F87 96000000   ja      004DB300
004DB26A    8D4D B8         lea     ecx, dword ptr [ebp-48]          ; ȡһֲַ
004DB26D    8B45 C4         mov     eax, dword ptr [ebp-3C]          ; ȡѭֵ
004DB270    FF3481          push    dword ptr [ecx+eax*4]            ; ѹ뵱ǰԴID
004DB273    FF75 CC         push    dword ptr [ebp-34]               ; Ի򴰿ھ
004DB276    FF15 DC624800   call    dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DB27C    50              push    eax                              ; ǰĿؼ
004DB27D    8D4D F0         lea     ecx, dword ptr [ebp-10]
004DB280    51              push    ecx                              ; lpRect
004DB281    50              push    eax                              ; ҪȡͻСĴھ
004DB282    FF15 EC624800   call    dword ptr [<&USER32.GetClientRec>; USER32.GetClientRect
004DB288    5A              pop     edx
004DB289    8D45 F0         lea     eax, dword ptr [ebp-10]
004DB28C    50              push    eax                              ; lpPoint
004DB28D    52              push    edx                              ; ǰĿؼ
004DB28E    FF15 20634800   call    dword ptr [<&USER32.ClientToScre>; USER32.ClientToScreen
004DB294    8D45 F0         lea     eax, dword ptr [ebp-10]
004DB297    50              push    eax                              ; lpPoint
004DB298    FF75 CC         push    dword ptr [ebp-34]               ; Ի򴰿ھ
004DB29B    FF15 64624800   call    dword ptr [<&USER32.ScreenToClie>; USER32.ScreenToClient
004DB2A1    8B45 F0         mov     eax, dword ptr [ebp-10]          ; ۿؼλеLeftλ
004DB2A4    0145 F8         add     dword ptr [ebp-8], eax           ; Right
004DB2A7    8B45 F4         mov     eax, dword ptr [ebp-C]           ; Top
004DB2AA    0145 FC         add     dword ptr [ebp-4], eax           ; Bottom
004DB2AD    8B4D C8         mov     ecx, dword ptr [ebp-38]          ; 佫B_SAVӳָ
004DB2B0    8B45 C4         mov     eax, dword ptr [ebp-3C]          ; ѭֵ
004DB2B3    84C0            test    al, al                           ; ⵱ǰһ
004DB2B5    74 08           je      short 004DB2BF
004DB2B7    48              dec     eax
004DB2B8    74 0B           je      short 004DB2C5
004DB2BA    48              dec     eax
004DB2BB    74 0E           je      short 004DB2CB
004DB2BD    EB 41           jmp     short 004DB300
004DB2BF    0FB641 30       movzx   eax, byte ptr [ecx+30]           ; 佫B_ֵ
004DB2C3    EB 0A           jmp     short 004DB2CF
004DB2C5    0FB641 33       movzx   eax, byte ptr [ecx+33]           ; 佫B_߾ֵ
004DB2C9    EB 04           jmp     short 004DB2CF
004DB2CB    0FB641 2D       movzx   eax, byte ptr [ecx+2D]           ; 佫B_ﾭֵ
004DB2CF    6A 26           push    26
004DB2D1    6A 64           push    64
004DB2D3    6A 64           push    64
004DB2D5    50              push    eax
004DB2D6    8D4D D0         lea     ecx, dword ptr [ebp-30]
004DB2D9    E8 1561F8FF     call    004613F3                         ; д
004DB2DE    6A 05           push    5
004DB2E0    6A 00           push    0
004DB2E2    8D55 F0         lea     edx, dword ptr [ebp-10]
004DB2E5    52              push    edx                              ; lpRect
004DB2E6    FF75 CC         push    dword ptr [ebp-34]               ; Ի򴰿ھ
004DB2E9    FF15 98624800   call    dword ptr [<&USER32.GetDC>]      ; USER32.GetDC
004DB2EF    50              push    eax
004DB2F0    8D4D D0         lea     ecx, dword ptr [ebp-30]          ; Ļָ
004DB2F3    E8 7761F8FF     call    0046146F                         ; 滭ۺ
004DB2F8    FF45 C4         inc     dword ptr [ebp-3C]               ; ѭֵ1
004DB2FB  ^ E9 60FFFFFF     jmp     004DB260
004DB300    C9              leave
004DB301    C3              retn



         ݣ

         55 8B EC 83 EC 48 B9 00 E0 4B 00 FF 71 08 8F 45
         CC FF 71 20 8F 45 C8 B8 8E 05 00 00 89 45 B8 40
         89 45 BC 05 3C 02 00 00 89 45 C0 33 C0 89 45 C4
         83 7D C4 02 0F 87 96 00 00 00 8D 4D B8 8B 45 C4
         FF 34 81 FF 75 CC FF 15 DC 62 48 00 50 8D 4D F0
         51 50 FF 15 EC 62 48 00 5A 8D 45 F0 50 52 FF 15
         20 63 48 00 8D 45 F0 50 FF 75 CC FF 15 64 62 48
         00 8B 45 F0 01 45 F8 8B 45 F4 01 45 FC 8B 4D C8
         8B 45 C4 84 C0 74 08 48 74 0B 48 74 0E EB 41 0F
         B6 41 30 EB 0A 0F B6 41 33 EB 04 0F B6 41 2D 6A
         26 6A 64 6A 64 50 8D 4D D0 E8 15 61 F8 FF 6A 05
         6A 00 8D 55 F0 52 FF 75 CC FF 15 98 62 48 00 50
         8D 4D D0 E8 77 61 F8 FF FF 45 C4 E9 60 FF FF FF
         C9 C3







25. ɫλͼˢ䳤

004618CC    - E9 3F9A0700   jmp     004DB310
004618D1      90            nop


004DB310    834D D0 00      or      dword ptr [ebp-30], 0            ; ޸lpRectTopLeftֶΣֲΪ0
004DB314    75 0B           jnz     short 004DB321
004DB316    8B55 D8         mov     edx, dword ptr [ebp-28]
004DB319    2B55 D0         sub     edx, dword ptr [ebp-30]
004DB31C  - E9 B165F8FF     jmp     004618D2
004DB321    8B8D 70FFFFFF   mov     ecx, dword ptr [ebp-90]
004DB327    8B01            mov     eax, dword ptr [ecx]             ; ȡҪʾľֵ
004DB329    33D2            xor     edx, edx                         ; λ0
004DB32B    6A 64           push    64                               ; ʮ100
004DB32D    F73424          div     dword ptr [esp]                  ; ȡҪʾľֵ/100
004DB330    8B4D 0C         mov     ecx, dword ptr [ebp+C]           ; lpRectָ
004DB333    8B41 08         mov     eax, dword ptr [ecx+8]
004DB336    2B01            sub     eax, dword ptr [ecx]             ; ȡ
004DB338    F7E2            mul     edx                              ; *(Ҫʾľֵ/100)
004DB33A    33D2            xor     edx, edx
004DB33C    F73424          div     dword ptr [esp]                  ; Ҫʾĳ=*(Ҫʾľֵ/100)/100
004DB33F    5A              pop     edx
004DB340    50              push    eax                              ; Ҫʾĳ
004DB341  - E9 8D65F8FF     jmp     004618D3



         ݣ

         83 4D D0 00 75 0B 8B 55 D8 2B 55 D0 E9 B1 65 F8
         FF 8B 8D 70 FF FF FF 8B 01 33 D2 6A 64 F7 34 24
         8B 4D 0C 8B 41 08 2B 01 F7 E2 33 D2 F7 34 24 5A
         50 E9 8D 65 F8 FF







26. Ի򷵻غ[]ݴ

004DB359    55              push    ebp                              ; []ݴ
004DB35A    8BEC            mov     ebp, esp
004DB35C    83C4 CC         add     esp, -34
004DB35F    B8 00E04B00     mov     eax, 004BE000                    ; ԭԴ׵ַ
004DB364    8B48 08         mov     ecx, dword ptr [eax+8]
004DB367    894D FC         mov     dword ptr [ebp-4], ecx           ; Ի򴰿ھ
004DB36A    8B48 18         mov     ecx, dword ptr [eax+18]
004DB36D    894D EC         mov     dword ptr [ebp-14], ecx          ; 佫A_DATA
004DB370    8B48 14         mov     ecx, dword ptr [eax+14]
004DB373    894D F0         mov     dword ptr [ebp-10], ecx          ; 佫A_SAVӳָ
004DB376    8B50 24         mov     edx, dword ptr [eax+24]
004DB379    8955 D8         mov     dword ptr [ebp-28], edx          ; 佫B_DATA
004DB37C    8B50 20         mov     edx, dword ptr [eax+20]
004DB37F    8955 DC         mov     dword ptr [ebp-24], edx          ; 佫B_SAVӳָ
004DB382    8B45 08         mov     eax, dword ptr [ebp+8]           ; ȡID
004DB385    85C0            test    eax, eax
004DB387    74 0B           je      short 004DB394
004DB389    48              dec     eax
004DB38A    74 34           je      short 004DB3C0
004DB38C    48              dec     eax
004DB38D    74 5D           je      short 004DB3EC
004DB38F    E9 5D020000     jmp     004DB5F1
004DB394    0FB641 2E       movzx   eax, byte ptr [ecx+2E]
004DB398    8945 E8         mov     dword ptr [ebp-18], eax          ; 佫Aװ
004DB39B    0FB641 2F       movzx   eax, byte ptr [ecx+2F]
004DB39F    8945 E4         mov     dword ptr [ebp-1C], eax          ; 佫Aװȼ
004DB3A2    0FB641 30       movzx   eax, byte ptr [ecx+30]
004DB3A6    8945 E0         mov     dword ptr [ebp-20], eax          ; 佫Aװ
004DB3A9    0FB642 2E       movzx   eax, byte ptr [edx+2E]
004DB3AD    8945 D4         mov     dword ptr [ebp-2C], eax          ; 佫Bװ
004DB3B0    0FB642 2F       movzx   eax, byte ptr [edx+2F]
004DB3B4    8945 D0         mov     dword ptr [ebp-30], eax          ; 佫Bװȼ
004DB3B7    0FB642 30       movzx   eax, byte ptr [edx+30]
004DB3BB    8945 CC         mov     dword ptr [ebp-34], eax          ; 佫Bװ
004DB3BE    EB 56           jmp     short 004DB416
004DB3C0    0FB641 31       movzx   eax, byte ptr [ecx+31]
004DB3C4    8945 E8         mov     dword ptr [ebp-18], eax          ; 佫AװĻߴ
004DB3C7    0FB641 32       movzx   eax, byte ptr [ecx+32]
004DB3CB    8945 E4         mov     dword ptr [ebp-1C], eax          ; 佫AװĻߵȼ
004DB3CE    0FB641 33       movzx   eax, byte ptr [ecx+33]
004DB3D2    8945 E0         mov     dword ptr [ebp-20], eax          ; 佫AװĻ߾
004DB3D5    0FB642 31       movzx   eax, byte ptr [edx+31]
004DB3D9    8945 D4         mov     dword ptr [ebp-2C], eax
004DB3DC    0FB642 32       movzx   eax, byte ptr [edx+32]
004DB3E0    8945 D0         mov     dword ptr [ebp-30], eax
004DB3E3    0FB642 33       movzx   eax, byte ptr [edx+33]
004DB3E7    8945 CC         mov     dword ptr [ebp-34], eax
004DB3EA    EB 2A           jmp     short 004DB416
004DB3EC    0FB641 34       movzx   eax, byte ptr [ecx+34]           ; 佫Aװĸ
004DB3F0    8945 E8         mov     dword ptr [ebp-18], eax
004DB3F3    0FB641 35       movzx   eax, byte ptr [ecx+35]
004DB3F7    8945 E4         mov     dword ptr [ebp-1C], eax          ; ̶Ϊ0FFH
004DB3FA    0FB641 36       movzx   eax, byte ptr [ecx+36]
004DB3FE    8945 E0         mov     dword ptr [ebp-20], eax          ; ̶Ϊ0FFH
004DB401    0FB642 34       movzx   eax, byte ptr [edx+34]
004DB405    8945 D4         mov     dword ptr [ebp-2C], eax
004DB408    0FB642 35       movzx   eax, byte ptr [edx+35]
004DB40C    8945 D0         mov     dword ptr [ebp-30], eax
004DB40F    0FB642 36       movzx   eax, byte ptr [edx+36]
004DB413    8945 CC         mov     dword ptr [ebp-34], eax
004DB416    FF75 CC         push    dword ptr [ebp-34]               ; װ
004DB419    FF75 D0         push    dword ptr [ebp-30]               ; װȼ
004DB41C    FF75 D4         push    dword ptr [ebp-2C]               ; װ
004DB41F    FF75 08         push    dword ptr [ebp+8]                ; װλ
004DB422    8B4D F0         mov     ecx, dword ptr [ebp-10]          ; 佫A_SAVӳָ
004DB425    E8 4EC9F2FF     call    00407D78                         ; ECX佫08ջλװ
004DB42A    FF75 E0         push    dword ptr [ebp-20]               ; װ
004DB42D    FF75 E4         push    dword ptr [ebp-1C]               ; װȼ
004DB430    FF75 E8         push    dword ptr [ebp-18]               ; װ
004DB433    FF75 08         push    dword ptr [ebp+8]                ; װλ
004DB436    8B4D DC         mov     ecx, dword ptr [ebp-24]          ; 佫B_SAVӳָ
004DB439    E8 3AC9F2FF     call    00407D78                 ; ECX佫08ջλװ,0Cջߴ,10ջȼ,14ջ
004DB43E    33C0            xor     eax, eax
004DB440    8BC8            mov     ecx, eax
004DB442    40              inc     eax
004DB443    807D E8 FF      cmp     byte ptr [ebp-18], 0FF           ; 佫AԭװǷΪ
004DB447    75 05           jnz     short 004DB44E
004DB449    894D F8         mov     dword ptr [ebp-8], ecx           ; ־λ0
004DB44C    EB 03           jmp     short 004DB451
004DB44E    8945 F8         mov     dword ptr [ebp-8], eax           ; ־λλ
004DB451    807D D4 FF      cmp     byte ptr [ebp-2C], 0FF           ; 佫BԭװǷΪ
004DB455    75 05           jnz     short 004DB45C
004DB457    894D F4         mov     dword ptr [ebp-C], ecx           ; ־λ0
004DB45A    EB 03           jmp     short 004DB45F
004DB45C    8945 F4         mov     dword ptr [ebp-C], eax           ; ־λλ
004DB45F    834D F8 00      or      dword ptr [ebp-8], 0             ; 佫AԭװλΪʾȡƷ
004DB463    74 62           je      short 004DB4C7
004DB465    68 FF000000     push    0FF
004DB46A    68 FF000000     push    0FF
004DB46F    6A 01           push    1                                ; 
004DB471    FF75 EC         push    dword ptr [ebp-14]               ; 佫A_DATA
004DB474    B9 F05D4B00     mov     ecx, 004B5DF0
004DB479    E8 11C3F7FF     call    0045778F                         ; ʾ佫
004DB47E    6A 00           push    0
004DB480    6A 00           push    0
004DB482    6A 08           push    8
004DB484    6A 20           push    20
004DB486    6A 08           push    8
004DB488    FF75 E8         push    dword ptr [ebp-18]               ; 佫Aԭװ
004DB48B    FF75 EC         push    dword ptr [ebp-14]               ; 佫A_DATA
004DB48E    E8 D376FFFF     call    004D2B66                         ; ʾ佫ȡƷ
004DB493    68 FF000000     push    0FF
004DB498    68 FF000000     push    0FF
004DB49D    6A 00           push    0                                ; 
004DB49F    FF75 EC         push    dword ptr [ebp-14]               ; 佫A_DATA
004DB4A2    B9 F05D4B00     mov     ecx, 004B5DF0
004DB4A7    E8 E3C2F7FF     call    0045778F                         ; ʾ佫
004DB4AC    8B45 E8         mov     eax, dword ptr [ebp-18]          ; 佫Aԭװ
004DB4AF    6BC0 19         imul    eax, eax, 19
004DB4B2    05 40114A00     add     eax, 004A1140                    ; DATAӳָ
004DB4B7    50              push    eax
004DB4B8    68 C0545500     push    005554C0                         ; "%s"
004DB4BD    6A 02           push    2
004DB4BF    E8 D541F5FF     call    0042F699                         ; ʽַʾʾϢ
004DB4C4    83C4 0C         add     esp, 0C
004DB4C7    834D F4 00      or      dword ptr [ebp-C], 0             ; 佫BԭװλΪʾȡƷ
004DB4CB    74 47           je      short 004DB514
004DB4CD    68 FF000000     push    0FF
004DB4D2    68 FF000000     push    0FF
004DB4D7    6A 01           push    1                                ; 
004DB4D9    FF75 D8         push    dword ptr [ebp-28]               ; 佫B_DATA
004DB4DC    B9 F05D4B00     mov     ecx, 004B5DF0
004DB4E1    E8 A9C2F7FF     call    0045778F                         ; ʾ佫
004DB4E6    6A 00           push    0
004DB4E8    6A 00           push    0
004DB4EA    6A 08           push    8
004DB4EC    6A 20           push    20
004DB4EE    6A 08           push    8
004DB4F0    FF75 D4         push    dword ptr [ebp-2C]               ; 佫Bԭװ
004DB4F3    FF75 D8         push    dword ptr [ebp-28]               ; 佫B_DATA
004DB4F6    E8 6B76FFFF     call    004D2B66
004DB4FB    68 FF000000     push    0FF
004DB500    68 FF000000     push    0FF
004DB505    6A 00           push    0
004DB507    FF75 D8         push    dword ptr [ebp-28]
004DB50A    B9 F05D4B00     mov     ecx, 004B5DF0
004DB50F    E8 7BC2F7FF     call    0045778F
004DB514    834D F8 00      or      dword ptr [ebp-8], 0             ; 佫AԭװλΪ佫BʾƷ
004DB518    74 47           je      short 004DB561
004DB51A    68 FF000000     push    0FF
004DB51F    68 FF000000     push    0FF
004DB524    6A 01           push    1
004DB526    FF75 D8         push    dword ptr [ebp-28]
004DB529    B9 F05D4B00     mov     ecx, 004B5DF0
004DB52E    E8 5CC2F7FF     call    0045778F                         ; ʾ佫ֶ
004DB533    6A 01           push    1
004DB535    6A 0E           push    0E
004DB537    6A 08           push    8
004DB539    6A 00           push    0
004DB53B    6A FF           push    -1
004DB53D    FF75 E8         push    dword ptr [ebp-18]               ; 佫Aԭװ
004DB540    FF75 D8         push    dword ptr [ebp-28]               ; 佫B_DATA
004DB543    E8 1E76FFFF     call    004D2B66                         ; ʾ佫õƷ
004DB548    68 FF000000     push    0FF
004DB54D    68 FF000000     push    0FF
004DB552    6A 00           push    0
004DB554    FF75 D8         push    dword ptr [ebp-28]
004DB557    B9 F05D4B00     mov     ecx, 004B5DF0
004DB55C    E8 2EC2F7FF     call    0045778F
004DB561    834D F4 00      or      dword ptr [ebp-C], 0             ; 佫BԭװλΪ佫AʾƷ
004DB565    74 47           je      short 004DB5AE
004DB567    68 FF000000     push    0FF
004DB56C    68 FF000000     push    0FF
004DB571    6A 01           push    1
004DB573    FF75 EC         push    dword ptr [ebp-14]               ; 佫A_DATA
004DB576    B9 F05D4B00     mov     ecx, 004B5DF0
004DB57B    E8 0FC2F7FF     call    0045778F                         ; ʾ佫ֶ
004DB580    6A 01           push    1
004DB582    6A 0E           push    0E
004DB584    6A 08           push    8
004DB586    6A 00           push    0
004DB588    6A FF           push    -1
004DB58A    FF75 D4         push    dword ptr [ebp-2C]               ; 佫Bԭװ
004DB58D    FF75 EC         push    dword ptr [ebp-14]               ; 佫A_DATA
004DB590    E8 D175FFFF     call    004D2B66                         ; ʾ佫õƷ
004DB595    68 FF000000     push    0FF
004DB59A    68 FF000000     push    0FF
004DB59F    6A 00           push    0
004DB5A1    FF75 EC         push    dword ptr [ebp-14]
004DB5A4    B9 F05D4B00     mov     ecx, 004B5DF0
004DB5A9    E8 E1C1F7FF     call    0045778F
004DB5AE    6A 06           push    6
004DB5B0    B8 00E04B00     mov     eax, 004BE000
004DB5B5    8B48 10         mov     ecx, dword ptr [eax+10]          ; 佫AսϢָ
004DB5B8    E8 5B71F6FF     call    00442718                         ; 佫Ƿж
004DB5BD    6A 00           push    0
004DB5BF    6A 00           push    0
004DB5C1    6A 00           push    0
004DB5C3    FF75 EC         push    dword ptr [ebp-14]               ; 佫A_DATA
004DB5C6    B9 F05D4B00     mov     ecx, 004B5DF0
004DB5CB    E8 BFC1F7FF     call    0045778F                         ; ʾ佫ת䰵
004DB5D0    834D F4 00      or      dword ptr [ebp-C], 0             ; 佫BԭװλΪʾƷϢ
004DB5D4    74 1B           je      short 004DB5F1
004DB5D6    8B45 D4         mov     eax, dword ptr [ebp-2C]          ; 佫Bԭװ
004DB5D9    6BC0 19         imul    eax, eax, 19
004DB5DC    05 40114A00     add     eax, 004A1140                    ; DATAӳָ
004DB5E1    50              push    eax
004DB5E2    68 26595500     push    00555926                         ; "װ%s"
004DB5E7    6A 02           push    2
004DB5E9    E8 AB40F5FF     call    0042F699                         ; ʽַʾʾϢ
004DB5EE    83C4 0C         add     esp, 0C
004DB5F1    C9              leave
004DB5F2    C2 0400         retn    4


         ݣ

         55 8B EC 83 C4 CC B8 00 E0 4B 00 8B 48 08 89 4D
         FC 8B 48 18 89 4D EC 8B 48 14 89 4D F0 8B 50 24
         89 55 D8 8B 50 20 89 55 DC 8B 45 08 85 C0 74 0B
         48 74 34 48 74 5D E9 5D 02 00 00 0F B6 41 2E 89
         45 E8 0F B6 41 2F 89 45 E4 0F B6 41 30 89 45 E0
         0F B6 42 2E 89 45 D4 0F B6 42 2F 89 45 D0 0F B6
         42 30 89 45 CC EB 56 0F B6 41 31 89 45 E8 0F B6
         41 32 89 45 E4 0F B6 41 33 89 45 E0 0F B6 42 31
         89 45 D4 0F B6 42 32 89 45 D0 0F B6 42 33 89 45
         CC EB 2A 0F B6 41 34 89 45 E8 0F B6 41 35 89 45
         E4 0F B6 41 36 89 45 E0 0F B6 42 34 89 45 D4 0F
         B6 42 35 89 45 D0 0F B6 42 36 89 45 CC FF 75 CC
         FF 75 D0 FF 75 D4 FF 75 08 8B 4D F0 E8 4E C9 F2
         FF FF 75 E0 FF 75 E4 FF 75 E8 FF 75 08 8B 4D DC
         E8 3A C9 F2 FF 33 C0 8B C8 40 80 7D E8 FF 75 05
         89 4D F8 EB 03 89 45 F8 80 7D D4 FF 75 05 89 4D
         F4 EB 03 89 45 F4 83 4D F8 00 74 62 68 FF 00 00
         00 68 FF 00 00 00 6A 01 FF 75 EC B9 F0 5D 4B 00
         E8 11 C3 F7 FF 6A 00 6A 00 6A 08 6A 20 6A 08 FF
         75 E8 FF 75 EC E8 D3 76 FF FF 68 FF 00 00 00 68
         FF 00 00 00 6A 00 FF 75 EC B9 F0 5D 4B 00 E8 E3
         C2 F7 FF 8B 45 E8 6B C0 19 05 40 11 4A 00 50 68
         C0 54 55 00 6A 02 E8 D5 41 F5 FF 83 C4 0C 83 4D
         F4 00 74 47 68 FF 00 00 00 68 FF 00 00 00 6A 01
         FF 75 D8 B9 F0 5D 4B 00 E8 A9 C2 F7 FF 6A 00 6A
         00 6A 08 6A 20 6A 08 FF 75 D4 FF 75 D8 E8 6B 76
         FF FF 68 FF 00 00 00 68 FF 00 00 00 6A 00 FF 75
         D8 B9 F0 5D 4B 00 E8 7B C2 F7 FF 83 4D F8 00 74
         47 68 FF 00 00 00 68 FF 00 00 00 6A 01 FF 75 D8
         B9 F0 5D 4B 00 E8 5C C2 F7 FF 6A 01 6A 0E 6A 08
         6A 00 6A FF FF 75 E8 FF 75 D8 E8 1E 76 FF FF 68
         FF 00 00 00 68 FF 00 00 00 6A 00 FF 75 D8 B9 F0
         5D 4B 00 E8 2E C2 F7 FF 83 4D F4 00 74 47 68 FF
         00 00 00 68 FF 00 00 00 6A 01 FF 75 EC B9 F0 5D
         4B 00 E8 0F C2 F7 FF 6A 01 6A 0E 6A 08 6A 00 6A
         FF FF 75 D4 FF 75 EC E8 D1 75 FF FF 68 FF 00 00
         00 68 FF 00 00 00 6A 00 FF 75 EC B9 F0 5D 4B 00
         E8 E1 C1 F7 FF 6A 06 B8 00 E0 4B 00 8B 48 10 E8
         5B 71 F6 FF 6A 00 6A 00 6A 00 FF 75 EC B9 F0 5D
         4B 00 E8 BF C1 F7 FF 83 4D F4 00 74 1B 8B 45 D4
         6B C0 19 05 40 11 4A 00 50 68 26 59 55 00 6A 02
         E8 AB 40 F5 FF 83 C4 0C C9 C2 04 00

;---------------------------------------------------------------------------------------------------------------------------
һԴĿ¼ݷ

[Ŀ¼_һ]

004BE000  00 00 00 00    ; Ŀ¼IMAGE_RESOURCE_DIRECTORYṹ
          00 00 00 00
          04 00
          00 00
          00 00
          08 00          ; 8IMAGE_RESOURCE_DIRECTORY_ENTRYṹ

004BE010  01 00 00 00    ; ڵһʱʾԴ----
          50 00 00 80    ; λΪ1, ʾеڶĿ¼, ַ=λ(offset)+׵ַ
004BE018  02 00 00 00    ; λͼ
          C0 00 00 80
004BE020  03 00 00 00    ; ͼ
          10 01 00 80
004BE028  04 00 00 00    ; ˵
          30 01 00 80
004BE030  05 00 00 00    ; Ի
          48 01 00 80
004BE038  0C 00 00 00    ; 
          58 02 00 80
004BE040  0E 00 00 00    ; ͼ
          C8 02 00 80
004BE048  10 00 00 00    ; 汾Ϣ
          E0 02 00 80


[ڶ] (ҪԻ򲿷)

004BE148  00 00 00 00    ; ڶ¶ԻIMAGE_RESOURCE_DIRECTORYṹ
          00 00 00 00
          04 00
          00 00
          01 00          ; ַԴ
          1F 00          ; IDԴ

004BE158  D0 0D 00 80    ; 1, ڶIMAGE_RESOURCE_DIRECTORY_ENTRYṹ, λΪ1ʾλΪָʹ
                         ;    ָIMAGE_RESOURCE_DIR_STRING_Uṹ(ýṹUNICODEַ)
          20 05 00 80    ;    λΪ1ʱ, λָһ()ݵַ
                |
                |-->     004BEDD0  07 00 4B 00 41 00 4E 00 4B 00 59 00 4F 00 55 00  .K.A.N.K.Y.O.U.
                         004BEDE0  00 00                                            ..

004BE160  A6 00 00 00    ; 2
          38 05 00 80

004BE168  A7 00 00 00    ; 3
          50 05 00 80

004BE170  B2 00 00 00    ; 4
          68 05 00 80

004BE178  B3 00 00 00    ; 5
          80 05 00 80

004BE180  BA 00 00 00    ; 6
          98 05 00 80

004BE188  C1 00 00 00    ; 7
          B0 05 00 80

004BE190  C8 00 00 00    ; 8
          C8 05 00 80

004BE198  CD 00 00 00    ; 9
          E0 05 00 80

004BE1A0  EC 00 00 00    ; 10
          F8 05 00 80

004BE1A8  F2 00 00 00    ; 11
          10 06 00 80

004BE1B0  17 01 00 00    ; 12
          28 06 00 80

004BE1B8  1A 01 00 00    ; 13
          40 06 00 80

004BE1C0  1C 01 00 00    ; 14
          58 06 00 80

004BE1C8  1D 01 00 00    ; 15
          70 06 00 80

004BE1D0  29 01 00 00    ; 16
          88 06 00 80

004BE1D8  40 01 00 00    ; 17
          A0 06 00 80

004BE1E0  45 01 00 00    ; 18
          B8 06 00 80

004BE1E8  47 01 00 00    ; 19
          D0 06 00 80

004BE1F0  48 01 00 00    ; 20
          E8 06 00 80

004BE1F8  49 01 00 00    ; 21
          00 07 00 80

004BE220  4D 01 00 00    ; 22
          18 07 00 80

004BE208  4E 01 00 00    ; 23
          30 07 00 80

004BE210  4F 01 00 00    ; 24
          48 07 00 80

004BE218  51 01 00 00    ; 25
          60 07 00 80

004BE220  52 01 00 00    ; 26
          78 07 00 80

004BE228  53 01 00 00    ; 27
          90 07 00 80

004BE230  54 01 00 00    ; 28
          A8 07 00 80

004BE238  59 01 00 00    ; 29
          C0 07 00 80

004BE240  5A 01 00 00    ; 30
          D8 07 00 80

004BE248  5B 01 00 00    ; 31
          F0 07 00 80

004BE250  5C 01 00 00    ; 32
          08 08 00 80


[] (ҪԻַ)

004BE520  00 00 00 00    ; ¶ԻIMAGE_RESOURCE_DIRECTORYṹ
          00 00 00 00
          04 00
          00 00
          00 00
          01 00

004BE530  04 08 00 00    ; ҳ
          E0 0A 00 00    ; λΪ0λָIMAGE_RESOURCE_DATA_ENTRYṹ
                |
                |-->     004BEAE0  1C 83 0C 00    ; ԴRVA(ڴ涨λʱ+װַ)
                                   64 03 00 00    ; Դݳ
                                   E4 04 00 00    ; һΪ0
                                   00 00 00 00    ; ֶ

;---------------------------------------------------------------------------------------------------------------------------
[汾Ϣ]

004BE2E0  00 00 00 00    ; ڶ°汾ϢIMAGE_RESOURCE_DIRECTORYṹ
          00 00 00 00
          04 00
          00 00
          00 00
          01 00          ; IDԴ

004BE2F0  01 00 00 00    ; ID=1
          58 09 00 80    ; λΪ1ʱ, λָһ()ݵַ


004BE958  00 00 00 00    ; °汾ϢIMAGE_RESOURCE_DIRECTORYṹ
          00 00 00 00
          04 00
          00 00
          00 00
          01 00

004BE968  04 08 00 00    ; ҳ
          B0 0D 00 00    ; λΪ0λָIMAGE_RESOURCE_DATA_ENTRYṹ
                |
                |-->     004BEDB0  C4 C6 0C 00    ; ԴRVA(ڴ涨λʱ+װַ)
                                   F0 03 00 00    ; Դݳ
                                   E4 04 00 00
                                   00 00 00 00

;---------------------------------------------------------------------------------------------------------------------------
[]

004BE050  00 00 00 00    ; ڶ¶ԻIMAGE_RESOURCE_DIRECTORYṹ
          00 00 00 00
          04 00
          00 00
          00 00          ; ַԴ
          0C 00          ; IDԴ


004BE060  01 00 00 00    ; λΪ0ʾΪIDʹ
          F8 02 00 80    ; λΪ1ʱ, λָһ()ݵַ

          02 00 00 00
          10 03 00 80

004BE070  03 00 00 00
          28 03 00 80

          04 00 00 00
          40 03 00 80

004BE080  05 00 00 00
          58 03 00 80

          06 00 00 00
          70 03 00 80

004BE090  07 00 00 00
          88 03 00 80

          08 00 00 00
          A0 03 00 80

004BE0A0  09 00 00 00
          B8 03 00 80

          0A 00 00 00
          D0 03 00 80

004BE0B0  0B 00 00 00
          E8 03 00 80

          0C 00 00 00
          00 04 00 80



004BE2F8  00 00 00 00    ; ¹IMAGE_RESOURCE_DIRECTORYṹ
          00 00 00 00
          04 00
          00 00
          00 00
          01 00

004BE308  04 08 00 00    ; ҳ
          70 09 00 00    ; λΪ0λָIMAGE_RESOURCE_DATA_ENTRYṹ
                |
                |-->     004BE970  E0 ED 0B 00    ; ԴRVA(ڴ涨λʱ+װַ)
                                   34 01 00 00    ; Դݳ
                                   E4 04 00 00
                                   00 00 00 00

;---------------------------------------------------------------------------------------------------------------------------
ԭ[]ťӦ


004D2838    837D D0 05      cmp     dword ptr [ebp-30], 5            ; []ťID
004D283C    74 02           je      short 004D2840
004D283E    EB 0E           jmp     short 004D284E
004D2840    8B4D D4         mov     ecx, dword ptr [ebp-2C]          ; 佫սϢָ
004D2843    51              push    ecx
004D2844    E8 79000000     call    004D28C2
004D2849  - E9 65B9F6FF     jmp     0043E1B3


004D28C2    55              push    ebp
004D28C3    8BEC            mov     ebp, esp
004D28C5    83EC 20         sub     esp, 20
004D28C8    894D FC         mov     dword ptr [ebp-4], ecx           ; 佫սϢָ
004D28CB    E8 A0CDF8FF     call    0045F670                         ; ȡECX佫DATA
004D28D0    6BC0 48         imul    eax, eax, 48
004D28D3    05 0000D600     add     eax, 0D60000
004D28D8    8945 E8         mov     dword ptr [ebp-18], eax          ; 佫SAVӳָ
004D28DB    6A 02           push    2                                ; 
004D28DD    8BC8            mov     ecx, eax                         ; 佫SAVӳָ
004D28DF    E8 0C3DF3FF     call    004065F0                         ; ȡECX佫ĵߴ
004D28E4    8945 F8         mov     dword ptr [ebp-8], eax
004D28E7    25 FF000000     and     eax, 0FF
004D28EC    3D FF000000     cmp     eax, 0FF
004D28F1    75 14           jnz     short 004D2907
004D28F3    68 A0545500     push    005554A0                         ; "佫װΪ"
004D28F8    6A 02           push    2
004D28FA    E8 9ACDF5FF     call    0042F699
004D28FF    83C4 08         add     esp, 8
004D2902    E9 7A010000     jmp     004D2A81
004D2907    C745 F4 50774900   mov     dword ptr [ebp-C], 00497750
004D290E    8B4D F4         mov     ecx, dword ptr [ebp-C]
004D2911    8AC8            mov     cl, al                           ; װߴ
004D2913    51              push    ecx                              ; ѡ佫ʱʾЧַ
004D2914    6A 04           push    4                                ; ڼⷶΧ޵о4ҾѾ
004D2916    B1 01           mov     cl, 1
004D2918    51              push    ecx                              ; Χ
004D2919    8B45 FC         mov     eax, dword ptr [ebp-4]           ; 佫սϢָ
004D291C    8A48 04         mov     cl, byte ptr [eax+4]
004D291F    51              push    ecx                              ; 佫ս
004D2920    B9 50424B00     mov     ecx, 004B4250
004D2925    E8 132AF8FF     call    0045533D                         ; Χѡ
004D292A    8845 F0         mov     byte ptr [ebp-10], al            ; ѡ佫ս
004D292D    25 FF000000     and     eax, 0FF
004D2932    3D FF000000     cmp     eax, 0FF
004D2937    0F84 44010000   je      004D2A81
004D293D    6BC0 24         imul    eax, eax, 24
004D2940    05 502C4B00     add     eax, 004B2C50                    ; []Ŀ佫սϢָ
004D2945    8BC8            mov     ecx, eax
004D2947    E8 24CDF8FF     call    0045F670                         ; ȡECX佫DATA
004D294C    6BC0 48         imul    eax, eax, 48
004D294F    05 0000D600     add     eax, 0D60000                     ; []Ŀ佫SAVӳָ
004D2954    8945 E4         mov     dword ptr [ebp-1C], eax
004D2957    8B4D E8         mov     ecx, dword ptr [ebp-18]          ; 佫SAVӳָ
004D295A    3BC8            cmp     ecx, eax
004D295C    75 05           jnz     short 004D2963
004D295E    8B45 F8         mov     eax, dword ptr [ebp-8]
004D2961  ^ EB A4           jmp     short 004D2907                   ; תѡ[]Ŀ佫
004D2963    6A 02           push    2
004D2965    8BC8            mov     ecx, eax                         ; []Ŀ佫SAVӳָ
004D2967    E8 843CF3FF     call    004065F0                         ; ȡECX佫ĵߴ
004D296C    8945 EC         mov     dword ptr [ebp-14], eax
004D296F    25 FF000000     and     eax, 0FF
004D2974    3D FF000000     cmp     eax, 0FF
004D2979    74 17           je      short 004D2992
004D297B    68 F0545500     push    005554F0                         ; "佫װΪ"
004D2980    6A 02           push    2
004D2982    E8 12CDF5FF     call    0042F699                         ; ʾ[ʾϢ]
004D2987    83C4 08         add     esp, 8
004D298A    8B45 F8         mov     eax, dword ptr [ebp-8]
004D298D  ^ E9 75FFFFFF     jmp     004D2907                         ; תѡ[]Ŀ佫
004D2992    8B5D F8         mov     ebx, dword ptr [ebp-8]
004D2995    53              push    ebx
004D2996    8B4D E4         mov     ecx, dword ptr [ebp-1C]          ; []Ŀ佫SAVӳָ
004D2999    E8 694FF3FF     call    00407907                         ; ECX佫Ƿװ08ջ
004D299E    85C0            test    eax, eax
004D29A0    75 17           jnz     short 004D29B9
004D29A2    68 D0545500     push    005554D0                         ; "佫װø"
004D29A7    6A 02           push    2
004D29A9    E8 EBCCF5FF     call    0042F699                         ; ʾ[ʾϢ]
004D29AE    83C4 08         add     esp, 8
004D29B1    8B45 F8         mov     eax, dword ptr [ebp-8]
004D29B4  ^ E9 4EFFFFFF     jmp     004D2907                         ; תѡ[]Ŀ佫
004D29B9    68 FF000000     push    0FF
004D29BE    83EB 33         sub     ebx, 33
004D29C1    53              push    ebx
004D29C2    6A 02           push    2
004D29C4    8B4D E4         mov     ecx, dword ptr [ebp-1C]          ; []Ŀ佫SAVӳָ
004D29C7    E8 2054F3FF     call    00407DEC    ; ECX佫װϵȼΪ10ջĵ0CջװλΪ08ջ(012)
004D29CC    6A 02           push    2                                ; װ
004D29CE    8B4D E8         mov     ecx, dword ptr [ebp-18]          ; 佫SAVӳָ
004D29D1    E8 EE53F3FF     call    00407DC4                         ; ECX佫װ08ջװ롢ȼ
004D29D6    68 FF000000     push    0FF
004D29DB    68 FF000000     push    0FF
004D29E0    6A 01           push    1
004D29E2    8B4D FC         mov     ecx, dword ptr [ebp-4]           ; 佫սϢָ
004D29E5    E8 86CCF8FF     call    0045F670                         ; ȡECX佫DATA
004D29EA    25 FFFF0000     and     eax, 0FFFF
004D29EF    50              push    eax
004D29F0    B9 F05D4B00     mov     ecx, 004B5DF0
004D29F5    E8 954DF8FF     call    0045778F                         ; ʾ佫ֶ
004D29FA    6A 06           push    6
004D29FC    8B4D FC         mov     ecx, dword ptr [ebp-4]
004D29FF    E8 14FDF6FF     call    00442718                         ; 佫Ƿж
004D2A04    33C9            xor     ecx, ecx
004D2A06    8A4D F0         mov     cl, byte ptr [ebp-10]            ; []佫ս
004D2A09    6BC9 24         imul    ecx, ecx, 24
004D2A0C    81C1 502C4B00   add     ecx, 004B2C50                    ; []佫սϢַ
004D2A12    E8 59CCF8FF     call    0045F670                         ; ȡECX佫DATA
004D2A17    8945 E0         mov     dword ptr [ebp-20], eax
004D2A1A    6A 00           push    0
004D2A1C    6A 00           push    0
004D2A1E    6A 08           push    8
004D2A20    6A 20           push    20
004D2A22    6A 08           push    8
004D2A24    8B5D F8         mov     ebx, dword ptr [ebp-8]           ; []ߴ
004D2A27    53              push    ebx
004D2A28    8B4D FC         mov     ecx, dword ptr [ebp-4]           ; 佫սϢָ
004D2A2B    E8 40CCF8FF     call    0045F670                         ; ȡECX佫DATA
004D2A30    50              push    eax
004D2A31    E8 30010000     call    004D2B66                         ; ʾ佫ȡƷ
004D2A36    6A 00           push    0
004D2A38    6A 00           push    0
004D2A3A    6A 00           push    0
004D2A3C    8B4D FC         mov     ecx, dword ptr [ebp-4]           ; 佫սϢָ
004D2A3F    E8 2CCCF8FF     call    0045F670                         ; ȡECX佫DATA
004D2A44    50              push    eax
004D2A45    B9 F05D4B00     mov     ecx, 004B5DF0
004D2A4A    E8 404DF8FF     call    0045778F                         ; ʾ佫ת䰵ʾж
004D2A4F    6A 01           push    1
004D2A51    6A 0E           push    0E
004D2A53    6A 08           push    8
004D2A55    6A 00           push    0
004D2A57    6A FF           push    -1
004D2A59    8B5D F8         mov     ebx, dword ptr [ebp-8]           ; []ߴ
004D2A5C    53              push    ebx
004D2A5D    8B45 E0         mov     eax, dword ptr [ebp-20]
004D2A60    50              push    eax                              ; []佫DATA
004D2A61    E8 00010000     call    004D2B66                         ; ʾ佫õƷ
004D2A66    8B45 F8         mov     eax, dword ptr [ebp-8]
004D2A69    6BC0 19         imul    eax, eax, 19
004D2A6C    05 40114A00     add     eax, 004A1140
004D2A71    50              push    eax
004D2A72    68 C0545500     push    005554C0                         ; "%S"
004D2A77    6A 02           push    2
004D2A79    E8 1BCCF5FF     call    0042F699                         ; ʾ[ʾϢ]
004D2A7E    83C4 0C         add     esp, 0C
004D2A81    8BE5            mov     esp, ebp
004D2A83    5D              pop     ebp
004D2A84    C2 0400         retn    4

;---------------------------------------------------------------------------------------------------------------------------