[Asm] 纯文本查看 复制代码
00328564 B8 94110000 mov eax,0x1194
00328569 E8 163B0000 call 0032C084
0032856E 53 push ebx
0032856F 56 push esi
00328570 57 push edi
00328571 B9 FF030000 mov ecx,0x3FF
00328576 33C0 xor eax,eax
00328578 8DBC24 A1010000 lea edi,dword ptr ss:[esp+0x1A1]
0032857F C68424 A0010000 00 mov byte ptr ss:[esp+0x1A0],0x0
00328587 33F6 xor esi,esi
00328589 F3:AB rep stos dword ptr es:[edi]
0032858B 66:AB stos word ptr es:[edi]
0032858D AA stos byte ptr es:[edi]
0032858E 8D4424 28 lea eax,dword ptr ss:[esp+0x28]
00328592 897424 10 mov dword ptr ss:[esp+0x10],esi
00328596 50 push eax
00328597 E8 6E2C0000 call 0032B20A ; jmp 到 hid.HidD_GetHidGuid
0032859C 6A 12 push 0x12
0032859E 56 push esi
0032859F 8D4C24 30 lea ecx,dword ptr ss:[esp+0x30]
003285A3 56 push esi
003285A4 51 push ecx
003285A5 FF15 50053200 call dword ptr ds:[0x320550] ; setupapi.SetupDiGetClassDevsA
003285AB 8BD8 mov ebx,eax
003285AD 83FB FF cmp ebx,-0x1
003285B0 75 0F jnz short 003285C1
003285B2 5F pop edi
003285B3 5E pop esi
003285B4 B8 02000080 mov eax,0x80000002
003285B9 5B pop ebx
003285BA 81C4 94110000 add esp,0x1194
003285C0 C3 retn
003285C1 55 push ebp
003285C2 8BAC24 AC110000 mov ebp,dword ptr ss:[esp+0x11AC]
003285C9 C74424 3C 1C000000 mov dword ptr ss:[esp+0x3C],0x1C
003285D1 897424 10 mov dword ptr ss:[esp+0x10],esi
003285D5 8B4424 10 mov eax,dword ptr ss:[esp+0x10]
003285D9 8D5424 3C lea edx,dword ptr ss:[esp+0x3C]
003285DD 52 push edx
003285DE 8D4C24 30 lea ecx,dword ptr ss:[esp+0x30]
003285E2 50 push eax
003285E3 51 push ecx
003285E4 6A 00 push 0x0
003285E6 53 push ebx
003285E7 FF15 4C053200 call dword ptr ds:[0x32054C] ; setupapi.SetupDiEnumDeviceInterfaces
003285ED 85C0 test eax,eax
003285EF 0F84 C1010000 je 003287B6
003285F5 8B35 48053200 mov esi,dword ptr ds:[0x320548] ; setupapi.SetupDiGetDeviceInterfaceDetailA
003285FB 8D5424 24 lea edx,dword ptr ss:[esp+0x24]
003285FF 6A 00 push 0x0
00328601 52 push edx
00328602 6A 00 push 0x0
00328604 8D4424 48 lea eax,dword ptr ss:[esp+0x48]
00328608 6A 00 push 0x0
0032860A 50 push eax
0032860B 53 push ebx
0032860C FFD6 call esi
0032860E 8B5424 24 mov edx,dword ptr ss:[esp+0x24]
00328612 81FA 00100000 cmp edx,0x1000
00328618 0F87 98010000 ja 003287B6
0032861E B9 00040000 mov ecx,0x400
00328623 33C0 xor eax,eax
00328625 8DBC24 A4010000 lea edi,dword ptr ss:[esp+0x1A4]
0032862C 50 push eax
0032862D F3:AB rep stos dword ptr es:[edi]
0032862F 8D4C24 2C lea ecx,dword ptr ss:[esp+0x2C]
00328633 8D4424 40 lea eax,dword ptr ss:[esp+0x40]
00328637 51 push ecx
00328638 52 push edx
00328639 8D9424 B0010000 lea edx,dword ptr ss:[esp+0x1B0]
00328640 C78424 B0010000 05000000 mov dword ptr ss:[esp+0x1B0],0x5
0032864B 52 push edx
0032864C 50 push eax
0032864D 53 push ebx
0032864E FFD6 call esi
00328650 85C0 test eax,eax
00328652 0F84 4C010000 je 003287A4
00328658 6A 00 push 0x0
0032865A 68 00000060 push 0x60000000
0032865F 6A 03 push 0x3
00328661 6A 00 push 0x0
00328663 6A 03 push 0x3
00328665 8D8C24 BC010000 lea ecx,dword ptr ss:[esp+0x1BC]
0032866C 68 000000C0 push 0xC0000000
00328671 51 push ecx
00328672 FF15 2C053200 call dword ptr ds:[0x32052C] ; kernel32.CreateFileA
00328678 8BF0 mov esi,eax
0032867A 83FE FF cmp esi,-0x1
0032867D 0F84 21010000 je 003287A4
00328683 33D2 xor edx,edx
00328685 8D4424 18 lea eax,dword ptr ss:[esp+0x18]
00328689 895424 18 mov dword ptr ss:[esp+0x18],edx
0032868D 50 push eax
0032868E 895424 20 mov dword ptr ss:[esp+0x20],edx
00328692 56 push esi
00328693 895424 28 mov dword ptr ss:[esp+0x28],edx
00328697 C74424 20 0C000000 mov dword ptr ss:[esp+0x20],0xC
0032869F E8 602B0000 call 0032B204 ; jmp 到 hid.HidD_GetAttributes
003286A4 84C0 test al,al
003286A6 0F84 F1000000 je 0032879D
003286AC 66:8B4C24 1C mov cx,word ptr ss:[esp+0x1C]
003286B1 66:3B0D 143C3200 cmp cx,word ptr ds:[0x323C14]
003286B8 0F85 DF000000 jnz 0032879D
003286BE 66:8B5424 1E mov dx,word ptr ss:[esp+0x1E]
003286C3 66:3B15 163C3200 cmp dx,word ptr ds:[0x323C16]
003286CA 0F85 CD000000 jnz 0032879D
003286D0 56 push esi
003286D1 FF15 18053200 call dword ptr ds:[0x320518] ; kernel32.CloseHandle
003286D7 B9 53000000 mov ecx,0x53
003286DC 33C0 xor eax,eax
003286DE 8D7C24 58 lea edi,dword ptr ss:[esp+0x58]
003286E2 F3:AB rep stos dword ptr es:[edi]
003286E4 8D8424 A8010000 lea eax,dword ptr ss:[esp+0x1A8]
003286EB 8D4C24 68 lea ecx,dword ptr ss:[esp+0x68]
003286EF 50 push eax
003286F0 51 push ecx
003286F1 C74424 60 01000000 mov dword ptr ss:[esp+0x60],0x1
003286F9 FF15 EC033200 call dword ptr ds:[0x3203EC] ; kernel32.lstrcpyA
003286FF 8D5424 58 lea edx,dword ptr ss:[esp+0x58]
00328703 52 push edx
00328704 E8 0B060000 call 00328D14
00328709 83C4 04 add esp,0x4
0032870C 85C0 test eax,eax
0032870E 0F85 90000000 jnz 003287A4
00328714 8B8424 A8110000 mov eax,dword ptr ss:[esp+0x11A8]
0032871B 85C0 test eax,eax
0032871D 74 09 je short 00328728
0032871F 3B8424 78010000 cmp eax,dword ptr ss:[esp+0x178]
00328726 75 64 jnz short 0032878C
00328728 A1 ACFE3300 mov eax,dword ptr ds:[0x33FEAC]
0032872D 8B5424 14 mov edx,dword ptr ss:[esp+0x14]
00328731 42 inc edx
00328732 8D7424 58 lea esi,dword ptr ss:[esp+0x58]
00328736 8D0C80 lea ecx,dword ptr ds:[eax+eax*4]
00328739 895424 14 mov dword ptr ss:[esp+0x14],edx
0032873D 85ED test ebp,ebp
0032873F 8D14C8 lea edx,dword ptr ds:[eax+ecx*8]
00328742 8D0C50 lea ecx,dword ptr ds:[eax+edx*2]
00328745 8D3C8D 94543300 lea edi,dword ptr ds:[ecx*4+0x335494]
0032874C B9 53000000 mov ecx,0x53
00328751 F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[esi]
00328753 74 25 je short 0032877A
00328755 6A 28 push 0x28
00328757 55 push ebp
00328758 FF15 F8033200 call dword ptr ds:[0x3203F8] ; kernel32.IsBadWritePtr
0032875E 85C0 test eax,eax
00328760 75 13 jnz short 00328775
00328762 B9 0A000000 mov ecx,0xA
00328767 8DB424 6C010000 lea esi,dword ptr ss:[esp+0x16C]
0032876E 8BFD mov edi,ebp
00328770 83C5 28 add ebp,0x28
00328773 F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[esi]
00328775 A1 ACFE3300 mov eax,dword ptr ds:[0x33FEAC]
0032877A 40 inc eax
0032877B A3 ACFE3300 mov dword ptr ds:[0x33FEAC],eax
00328780 48 dec eax
00328781 50 push eax
00328782 E8 9D060000 call 00328E24
00328787 83C4 04 add esp,0x4
0032878A EB 18 jmp short 003287A4
0032878C A1 ACFE3300 mov eax,dword ptr ds:[0x33FEAC]
00328791 48 dec eax
00328792 50 push eax
00328793 E8 8C060000 call 00328E24
00328798 83C4 04 add esp,0x4
0032879B EB 07 jmp short 003287A4
0032879D 56 push esi
0032879E FF15 18053200 call dword ptr ds:[0x320518] ; kernel32.CloseHandle
003287A4 8B4424 10 mov eax,dword ptr ss:[esp+0x10]
003287A8 40 inc eax
003287A9 83F8 40 cmp eax,0x40
003287AC 894424 10 mov dword ptr ss:[esp+0x10],eax
003287B0 ^ 0F8C 1FFEFFFF jl 003285D5
003287B6 53 push ebx
003287B7 FF15 54053200 call dword ptr ds:[0x320554] ; setupapi.SetupDiDestroyDeviceInfoList
003287BD 8B4424 14 mov eax,dword ptr ss:[esp+0x14]
003287C1 8B9424 B0110000 mov edx,dword ptr ss:[esp+0x11B0]
003287C8 33C9 xor ecx,ecx
003287CA 5D pop ebp
003287CB 85C0 test eax,eax
003287CD 0f9ec1 setle cl
003287D0 49 dec ecx
003287D1 5F pop edi
003287D2 81E1 FFFFFF7F and ecx,0x7FFFFFFF
003287D8 8902 mov dword ptr ds:[edx],eax
003287DA 81C1 01000080 add ecx,0x80000001
003287E0 5E pop esi
003287E1 8BC1 mov eax,ecx
003287E3 5B pop ebx
003287E4 81C4 94110000 add esp,0x1194
003287EA C3 retn
003287EB 90 nop
003287EC 90 nop
003287ED 90 nop
003287EE 90 nop
发表于 2020-12-15 16:55
|
发表于 2020-12-26 08:55
