MeTERMan
February 26th, 2001, 18:37
Hello!
I dump it!
EAX=9805EB64 EBX=9805EB64 ECX=0000CCFD EDX=00000000 ESI=00BF2E6A
EDI=00000000 EBP=006CF3EC ESP=006CF1FC EIP=00456B5E o d I s Z a P c
CS=0167 DS=016F SS=016F ES=016F FS=3DB7 GS=0000
ДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДPROT32Д
0167:00456B07 8D8520FEFFFF LEA EAX,[EBP-01E0]
0167:00456B0D E80AECFAFF CALL 0040571C
0167:00456B12 E885BCFAFF CALL 0040279C
0167:00456B17 31DB XOR EBX,EBX
0167:00456B19 31C0 XOR EAX,EAX
0167:00456B1B 31D2 XOR EDX,EDX
0167:00456B1D 8B75F4 MOV ESI,[EBP-0C]
0167:00456B20 803E00 CMP BYTE PTR [ESI],00
0167:00456B23 740D JZ 00456B32
0167:00456B25 AC LODSB
0167:00456B26 80E830 SUB AL,30
0167:00456B29 01C3 ADD EBX,EAX
0167:00456B2B 6BDB0A IMUL EBX,EBX,0A
0167:00456B2E 31C0 XOR EAX,EAX
0167:00456B30 EBEE JMP 00456B20
0167:00456B32 B90A000000 MOV ECX,0000000A
0167:00456B37 89D8 MOV EAX,EBX
0167:00456B39 F7F9 IDIV ECX
0167:00456B3B 8945F0 MOV [EBP-10],EAX
0167:00456B3E 89C3 MOV EBX,EAX
0167:00456B40 B908020000 MOV ECX,00000208
0167:00456B45 8B45F0 MOV EAX,[EBP-10]
0167:00456B48 0FAFD8 IMUL EBX,EAX
0167:00456B4B 3B1D10834500 CMP EBX,[00458310]
0167:00456B51 7210 JB 00456B63
0167:00456B53 31D2 XOR EDX,EDX
0167:00456B55 51 PUSH ECX
0167:00456B56 89D8 MOV EAX,EBX
0167:00456B58 8B0D10834500 MOV ECX,[00458310] I am here! Cursor!
0167:00456B5E F7F9 IDIV ECX This give me cripps!
0167:00456B60 59 POP ECX
0167:00456B61 89D3 MOV EBX,EDX
0167:00456B63 E2E0 LOOP 00456B45
0167:00456B65 81FBF7310000 CMP EBX,000031F7
0167:00456B6B 7504 JNZ 00456B71
0167:00456B6D C645EF01 MOV BYTE PTR [EBP-11],01
0167:00456B71 8D8520FEFFFF LEA EAX,[EBP-01E0]
0167:00456B77 E858EAFAFF CALL 004055D4
0167:00456B7C E81BBCFAFF CALL 0040279C
0167:00456B81 807DEF01 CMP BYTE PTR [EBP-11],01
0167:00456B85 7512 JNZ 00456B99
there is :Eax= as you can see above
EAX=9805EB64 EBX=9805EB64 ECX=0000CCFD EDX=00000000!
So the fucktion does moves ccfd to ECx!And idiv Ecx ;The same as Eax=eax/ecx!
Right!So you get right nothing new!!
But this is the strange thing! Look down::
I dump it!
EAX=9805EB64 EBX=9805EB64 ECX=0000CCFD EDX=00000000 ESI=00BF2E6A
EDI=00000000 EBP=006CF3EC ESP=006CF1FC EIP=00456B5E o d I s Z a P c
CS=0167 DS=016F SS=016F ES=016F FS=3DB7 GS=0000
ДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДPROT32Д
0167:00456B07 8D8520FEFFFF LEA EAX,[EBP-01E0]
0167:00456B0D E80AECFAFF CALL 0040571C
0167:00456B12 E885BCFAFF CALL 0040279C
0167:00456B17 31DB XOR EBX,EBX
0167:00456B19 31C0 XOR EAX,EAX
0167:00456B1B 31D2 XOR EDX,EDX
0167:00456B1D 8B75F4 MOV ESI,[EBP-0C]
0167:00456B20 803E00 CMP BYTE PTR [ESI],00
0167:00456B23 740D JZ 00456B32
0167:00456B25 AC LODSB
0167:00456B26 80E830 SUB AL,30
0167:00456B29 01C3 ADD EBX,EAX
0167:00456B2B 6BDB0A IMUL EBX,EBX,0A
0167:00456B2E 31C0 XOR EAX,EAX
0167:00456B30 EBEE JMP 00456B20
0167:00456B32 B90A000000 MOV ECX,0000000A
0167:00456B37 89D8 MOV EAX,EBX
0167:00456B39 F7F9 IDIV ECX
0167:00456B3B 8945F0 MOV [EBP-10],EAX
0167:00456B3E 89C3 MOV EBX,EAX
0167:00456B40 B908020000 MOV ECX,00000208
0167:00456B45 8B45F0 MOV EAX,[EBP-10]
0167:00456B48 0FAFD8 IMUL EBX,EAX
0167:00456B4B 3B1D10834500 CMP EBX,[00458310]
0167:00456B51 7210 JB 00456B63
0167:00456B53 31D2 XOR EDX,EDX
0167:00456B55 51 PUSH ECX
0167:00456B56 89D8 MOV EAX,EBX
0167:00456B58 8B0D10834500 MOV ECX,[00458310] I am here! Cursor!
0167:00456B5E F7F9 IDIV ECX This give me cripps!
0167:00456B60 59 POP ECX
0167:00456B61 89D3 MOV EBX,EDX
0167:00456B63 E2E0 LOOP 00456B45
0167:00456B65 81FBF7310000 CMP EBX,000031F7
0167:00456B6B 7504 JNZ 00456B71
0167:00456B6D C645EF01 MOV BYTE PTR [EBP-11],01
0167:00456B71 8D8520FEFFFF LEA EAX,[EBP-01E0]
0167:00456B77 E858EAFAFF CALL 004055D4
0167:00456B7C E81BBCFAFF CALL 0040279C
0167:00456B81 807DEF01 CMP BYTE PTR [EBP-11],01
0167:00456B85 7512 JNZ 00456B99
there is :Eax= as you can see above
EAX=9805EB64 EBX=9805EB64 ECX=0000CCFD EDX=00000000!
So the fucktion does moves ccfd to ECx!And idiv Ecx ;The same as Eax=eax/ecx!
Right!So you get right nothing new!!
But this is the strange thing! Look down::