Mu Blue MAIN1.06D+ 跳NP 、中文话汇编修改地址
0061461B . /EB 55 jmp short 00614672
0061461D . |68 80889000 push 00908880 ; /Arg2 = 00908880
00614622 . |68 38381608 push 08163838 ; |Arg1 = 08163838
00614627 . |E8 49730D00 call 006EB975 ; \main.006EB975
0061462C . |83C4 08 add esp, 8
006148EA . /75 32 jnz short 0061491E
006148EC . |68 38899000 push 00908938 ; /Arg2 = 00908938 ASCII "config.ini read error",CR,LF,""
006148F1 . |68 38381608 push 08163838 ; |Arg1 = 08163838
006148F6 . |E8 7A700D00 call 006EB975 ; \main.006EB975
006148FB . |83C4 08 add esp, 8
0061497E . /0F85 89000000 jnz 00614A0D
00614984 . |68 50899000 push 00908950 ; /Arg2 = 00908950 ASCII "gg init error",CR,LF,""
00614989 . |68 38381608 push 08163838 ; |Arg1 = 08163838
0061498E . |E8 E26F0D00 call 006EB975 ; \main.006EB975
00614993 . |83C4 08 add esp, 8
00630996 . /EB 47 je short 006309DF
00630998 . |B9 B0411608 mov ecx, 081641B0
0063099D . |E8 9ED80300 call 0066E240
006309A2 . |8D9424 8C0900>lea edx, dword ptr [esp+98C]
006309A9 . |52 push edx ; /Arg3
006309AA . |68 A49A9000 push 00909AA4 ; |Arg2 = 00909AA4 ASCII "> ResourceGuard Error!!(%s)",CR,LF,""
006309AF . |68 38381608 push 08163838 ; |Arg1 = 08163838
006309B4 . |E8 BCAF0B00 call 006EB975 ; \main.006EB975
006309B9 . |83C4 0C add esp, 0C
006309BC . |8D4C24 54 lea ecx, dword ptr [esp+54]
006309C0 . |C74424 4C B00>mov dword ptr [esp+4C], 008C03B0
006309C8 . |C78424 981A00>mov dword ptr [esp+1A98], -1
006309D3 . |E8 38C62300 call 0086D010
006309D8 . |33C0 xor eax, eax
006309DA . |E9 18030000 jmp 00630CF7
006309DF > \8B0D 443C1608 mov ecx, dword ptr [8163C44]
006E9476 |. /74 12 JE SHORT main.006E948A
006E9478 |. |8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
006E947B |. |50 PUSH EAX ; /Arg2
006E947C |. |6A 00 PUSH 0 ; |Arg1 = 00000000
006E947E |. |E8 9A000000 CALL main.006E951D ; \main.006E951D
006E9483 |. |83C4 08 ADD ESP,8
006E9486 |. |32C0 XOR AL,AL
006E9488 |. |EB 0F JMP SHORT main.006E9499
006E948A |> \68 789B6E00 PUSH main.006E9B78 ; 入口地址
006E94D6 /EB 11 jnz SHORT main.006E94E9
006E94D8 |. |6A 01 PUSH 1 ; /Arg2 = 00000001
006E94DA |. |8B0D 583C1608 MOV ECX,DWORD PTR DS:[8163C58] ; |
006E94E0 |. |51 PUSH ECX ; |Arg1 => 00000000
006E94E1 |. |E8 7783F2FF CALL main.0061185D ; \main.0061185D
006E94E6 |. |83C4 08 ADD ESP,8
006E94E9 |> \5D POP EBP
006E9509 |. /74 10 JE SHORT main.006E951B
006E950B |. |6A 01 PUSH 1 ; /Arg2 = 00000001
006E950D |. |A1 583C1608 MOV EAX,DWORD PTR DS:[8163C58] ; |
006E9512 |. |50 PUSH EAX ; |Arg1 => 00000000
006E9513 |. |E8 4583F2FF CALL main.0061185D ; \main.0061185D
006E9518 |. |83C4 08 ADD ESP,8
006E951B |> \5D POP EBP
00884665 . /0F85 1D010000 jnz 00884788
0088466B . |8D4D D4 lea ecx, dword ptr [ebp-2C]
0088466E . |8D95 D8FEFFFF lea edx, dword ptr [ebp-128>
00884674 . |51 push ecx ; /pProcessInfo
00884675 . |52 push edx ; |pStartupInfo
00884676 . |57 push edi ; |CurrentDir => NULL
00884677 . |57 push edi ; |pEnvironment => NULL
00884678 . |57 push edi ; |CreationFlags => 0
00884679 . |6A 01 push 1 ; |InheritHandles = TRUE
0088467B . |57 push edi ; |pThreadSecurity => NULL
0088467C . |8D85 C0F4FFFF lea eax, dword ptr [ebp-B40>; |
00884682 . |57 push edi ; |pProcessSecurity => NULL
00884683 . |8D8D D0FCFFFF lea ecx, dword ptr [ebp-330>; |
00884689 . |50 push eax ; |CommandLine
0088468A . |51 push ecx ; |ModuleFileName
0088468B . |FF15 14D18B00 call dword ptr [<&KERNEL32.C>; \CreateProcessA
00884691 . |85C0 test eax, eax
00884693 . |75 1E jnz short 008846B3
00884695 . |8B35 90D18B00 mov esi, dword ptr [<&KERNE>; ntdll.RtlGetLastWin32Error
0061461B . /EB 55 jmp short 00614672
0061461D . |68 80889000 push 00908880 ; /Arg2 = 00908880
00614622 . |68 38381608 push 08163838 ; |Arg1 = 08163838
00614627 . |E8 49730D00 call 006EB975 ; \main.006EB975
0061462C . |83C4 08 add esp, 8
006148EA . /75 32 jnz short 0061491E
006148EC . |68 38899000 push 00908938 ; /Arg2 = 00908938 ASCII "config.ini read error",CR,LF,""
006148F1 . |68 38381608 push 08163838 ; |Arg1 = 08163838
006148F6 . |E8 7A700D00 call 006EB975 ; \main.006EB975
006148FB . |83C4 08 add esp, 8
0061497E . /0F85 89000000 jnz 00614A0D
00614984 . |68 50899000 push 00908950 ; /Arg2 = 00908950 ASCII "gg init error",CR,LF,""
00614989 . |68 38381608 push 08163838 ; |Arg1 = 08163838
0061498E . |E8 E26F0D00 call 006EB975 ; \main.006EB975
00614993 . |83C4 08 add esp, 8
00630996 . /EB 47 je short 006309DF
00630998 . |B9 B0411608 mov ecx, 081641B0
0063099D . |E8 9ED80300 call 0066E240
006309A2 . |8D9424 8C0900>lea edx, dword ptr [esp+98C]
006309A9 . |52 push edx ; /Arg3
006309AA . |68 A49A9000 push 00909AA4 ; |Arg2 = 00909AA4 ASCII "> ResourceGuard Error!!(%s)",CR,LF,""
006309AF . |68 38381608 push 08163838 ; |Arg1 = 08163838
006309B4 . |E8 BCAF0B00 call 006EB975 ; \main.006EB975
006309B9 . |83C4 0C add esp, 0C
006309BC . |8D4C24 54 lea ecx, dword ptr [esp+54]
006309C0 . |C74424 4C B00>mov dword ptr [esp+4C], 008C03B0
006309C8 . |C78424 981A00>mov dword ptr [esp+1A98], -1
006309D3 . |E8 38C62300 call 0086D010
006309D8 . |33C0 xor eax, eax
006309DA . |E9 18030000 jmp 00630CF7
006309DF > \8B0D 443C1608 mov ecx, dword ptr [8163C44]
006E9476 |. /74 12 JE SHORT main.006E948A
006E9478 |. |8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
006E947B |. |50 PUSH EAX ; /Arg2
006E947C |. |6A 00 PUSH 0 ; |Arg1 = 00000000
006E947E |. |E8 9A000000 CALL main.006E951D ; \main.006E951D
006E9483 |. |83C4 08 ADD ESP,8
006E9486 |. |32C0 XOR AL,AL
006E9488 |. |EB 0F JMP SHORT main.006E9499
006E948A |> \68 789B6E00 PUSH main.006E9B78 ; 入口地址
006E94D6 /EB 11 jnz SHORT main.006E94E9
006E94D8 |. |6A 01 PUSH 1 ; /Arg2 = 00000001
006E94DA |. |8B0D 583C1608 MOV ECX,DWORD PTR DS:[8163C58] ; |
006E94E0 |. |51 PUSH ECX ; |Arg1 => 00000000
006E94E1 |. |E8 7783F2FF CALL main.0061185D ; \main.0061185D
006E94E6 |. |83C4 08 ADD ESP,8
006E94E9 |> \5D POP EBP
006E9509 |. /74 10 JE SHORT main.006E951B
006E950B |. |6A 01 PUSH 1 ; /Arg2 = 00000001
006E950D |. |A1 583C1608 MOV EAX,DWORD PTR DS:[8163C58] ; |
006E9512 |. |50 PUSH EAX ; |Arg1 => 00000000
006E9513 |. |E8 4583F2FF CALL main.0061185D ; \main.0061185D
006E9518 |. |83C4 08 ADD ESP,8
006E951B |> \5D POP EBP
00884665 . /0F85 1D010000 jnz 00884788
0088466B . |8D4D D4 lea ecx, dword ptr [ebp-2C]
0088466E . |8D95 D8FEFFFF lea edx, dword ptr [ebp-128>
00884674 . |51 push ecx ; /pProcessInfo
00884675 . |52 push edx ; |pStartupInfo
00884676 . |57 push edi ; |CurrentDir => NULL
00884677 . |57 push edi ; |pEnvironment => NULL
00884678 . |57 push edi ; |CreationFlags => 0
00884679 . |6A 01 push 1 ; |InheritHandles = TRUE
0088467B . |57 push edi ; |pThreadSecurity => NULL
0088467C . |8D85 C0F4FFFF lea eax, dword ptr [ebp-B40>; |
00884682 . |57 push edi ; |pProcessSecurity => NULL
00884683 . |8D8D D0FCFFFF lea ecx, dword ptr [ebp-330>; |
00884689 . |50 push eax ; |CommandLine
0088468A . |51 push ecx ; |ModuleFileName
0088468B . |FF15 14D18B00 call dword ptr [<&KERNEL32.C>; \CreateProcessA
00884691 . |85C0 test eax, eax
00884693 . |75 1E jnz short 008846B3
00884695 . |8B35 90D18B00 mov esi, dword ptr [<&KERNE>; ntdll.RtlGetLastWin32Error
UE改中文
00 00 00 00 81 00 00 00 01 00 00 00 88 00 00 00