nbsp; add [eax],al 000dbcc2: 0000 add [eax],al 下面是在w32dasm里的样子,加了注释: //******************** program entry point ******** :0049ddf1 e94cde0300 jmp 004dbc42 ;跳到后面 * referenced by a (u)nconditional or (c)onditional jump at address: |:004dbcbb(u) | :0049ddf6 68a8aa4e00 push 004eaaa8 :0049ddfb 68dc214a00 push 004a21dc :0049de00 64a100000000 mov eax, dword ptr fs:[00000000] :0049de06 50 push eax :0049de07 64892500000000 mov dword ptr fs:[00000000], esp /////////////////////////////////////////////////////////// :004dbc38 b8c0055000 mov eax, 005005c0 :004dbc3d e999f8fbff jmp 0049b4db * referenced by a (u)nconditional or (c)onditional jump at address: |:0049ddf1(u) | :004dbc42 6a0a push 0000000a ;缓冲区的长度 :004dbc44 6800be4d00 push 004dbe00 ;返回的日期字串的地址 :004dbc49 6a00 push 00000000 :004dbc4b 6a00 push 00000000 :004dbc4d 6a01 push 00000001 ;date_shortdate,短日期 :004dbc4f 6a00 push 00000000 :004dbc51 ff151e005400 call dword ptr [0054001e] ;getdateformat :004dbc57 680bbe4d00 push 004dbe0b ;返回值的地址,没用 :004dbc5c 6810be4d00 push 004dbe10 ;hkey的地址,重要 :004dbc61 6a00 push 00000000 :004dbc63 683f001f00 push 001f003f ;key_all_access :004dbc68 6a01 push 00000001 ;reg_option_volatile :004dbc6a 6a00 push 00000000 :004dbc6c 6a00 push 00000000 * possible stringdata ref from data obj ->".default\software\jetcar\jetcar\download " ->"default" | :004dbc6e 6896805000 push 00508096 ;打开的子键,注意先在[508096]这里写好
本站最佳浏览方式为 分辨率 1024x768 IE 6.0(或更高版本的 IE浏览器)
