acedEvaluateLisp函数的反汇编-白红宇

acedEvaluateLisp函数的反汇编

阅读量：5313 次

发布时间：2019-06-14

本文共 29372 字，大约阅读时间需要 97 分钟。

0DFD3346 8BF0 mov esi,eax

0DFD3348 52 push edx

0DFD3349 56 push esi

0DFD334A E8 CFBC0300 call <jmp.&ACAD.acedEvaluateLisp>

0DFD334F 8BC6 mov eax,esi

0DFD3351 83C4 08 add esp,0x8

acedEvaluateLisp入口：

00B11DE0 > 53 push ebx

00B11DE1 8B5C24 0C mov ebx,dword ptr ss:[esp+0xC]

00B11DE5 C703 00000000 mov dword ptr ds:[ebx],0x0

00B11DEB A1 043AD700 mov eax,dword ptr ds:[0xD73A04]

00B11DF0 8B40 08 mov eax,dword ptr ds:[eax+0x8]

00B11DF3 85C0 test eax,eax

00B11DF5 75 02 jnz short acad.00B11DF9

00B11DF7 5B pop ebx ; ddd.0DFD334F

00B11DF8 C3 retn

00B11DF9 56 push esi

00B11DFA 8BB0 DC030000 mov esi,dword ptr ds:[eax+0x3DC] ; acad.0064006E

00B11E00 85F6 test esi,esi

00B11E02 75 05 jnz short acad.00B11E09

00B11E04 5E pop esi ; ddd.0DFD334F

00B11E05 33C0 xor eax,eax

00B11E07 5B pop ebx ; ddd.0DFD334F

00B11E08 C3 retn

00B11E09 57 push edi

00B11E0A 8B3D BC07D600 mov edi,dword ptr ds:[0xD607BC]

00B11E10 8BCE mov ecx,esi

00B11E12 C705 BC07D600 0>mov dword ptr ds:[0xD607BC],0x1

00B11E1C E8 BF2097FF call acad.00483EE0

00483EE0 56 push esi

00483EE1 8BF1 mov esi,ecx

00483EE3 8B86 DC050000 mov eax,dword ptr ds:[esi+0x5DC]

00483EE9 85C0 test eax,eax

00483EEB 74 13 je short acad.00483F00

00483EED 50 push eax

00483EEE E8 AD0B0000 call acad.00484AA0

00483EF3 83C4 04 add esp,0x4

00483EF6 C786 DC050000 0>mov dword ptr ds:[esi+0x5DC],0x0

00483F00 5E pop esi ; acad.00B11E21

00483F01 C3 retn

00B11E21 8B4C24 10 mov ecx,dword ptr ss:[esp+0x10]

00B11E25 6A 00 push 0x0

00B11E27 51 push ecx

00B11E28 56 push esi

00B11E29 E8 C2BE97FF call acad.0048DCF0

0048DCF0 83EC 4C sub esp,0x4C

0048DCF3 A1 0CB9D500 mov eax,dword ptr ds:[0xD5B90C]

0048DCF8 33C4 xor eax,esp

0048DCFA 894424 48 mov dword ptr ss:[esp+0x48],eax

0048DCFE 8B4424 54 mov eax,dword ptr ss:[esp+0x54]

0048DD02 53 push ebx

0048DD03 55 push ebp

0048DD04 8B6C24 58 mov ebp,dword ptr ss:[esp+0x58]

0048DD08 56 push esi

0048DD09 33DB xor ebx,ebx

0048DD0B 66:8338 01 cmp word ptr ds:[eax],0x1

0048DD0F 57 push edi

0048DD10 8BBD CC050000 mov edi,dword ptr ss:[ebp+0x5CC]

0048DD16 894424 10 mov dword ptr ss:[esp+0x10],eax

0048DD1A 895C24 14 mov dword ptr ss:[esp+0x14],ebx

0048DD1E 75 18 jnz short acad.0048DD38

0048DD20 83C0 02 add eax,0x2

0048DD23 50 push eax

0048DD24 E8 4766FFFF call acad.00484370

0048DD29 8BF0 mov esi,eax

0048DD2B 83C4 04 add esp,0x4

0048DD2E 85F6 test esi,esi

0048DD30 0F84 99000000 je acad.0048DDCF

0048DD36 EB 66 jmp short acad.0048DD9E

0048DD38 8BB7 FC000000 mov esi,dword ptr ds:[edi+0xFC]

0048DD3E 85F6 test esi,esi

0048DD40 75 1D jnz short acad.0048DD5F

0048DD42 68 04BAC200 push acad.00C2BA04 ; UNICODE "Veval-str+"

0048DD47 E8 2466FFFF call acad.00484370

0048DD4C 8BF0 mov esi,eax

0048DD4E 83C4 04 add esp,0x4

0048DD51 85F6 test esi,esi

0048DD53 74 7A je short acad.0048DDCF

0048DD55 8B4424 10 mov eax,dword ptr ss:[esp+0x10]

0048DD59 89B7 FC000000 mov dword ptr ds:[edi+0xFC],esi

0048DD5F 66:0FB64C24 68 movzx cx,byte ptr ss:[esp+0x68]

0048DD65 894424 40 mov dword ptr ss:[esp+0x40],eax

0048DD69 8D4424 14 lea eax,dword ptr ss:[esp+0x14]

0048DD6D 66:894C24 20 mov word ptr ss:[esp+0x20],cx

0048DD72 50 push eax

0048DD73 8D4C24 3C lea ecx,dword ptr ss:[esp+0x3C]

0048DD77 8D5424 1C lea edx,dword ptr ss:[esp+0x1C]

0048DD7B 51 push ecx

0048DD7C 66:C74424 24 8B>mov word ptr ss:[esp+0x24],0x138B

0048DD83 895C24 20 mov dword ptr ss:[esp+0x20],ebx

0048DD87 66:C74424 44 8D>mov word ptr ss:[esp+0x44],0x138D

0048DD8E 895424 40 mov dword ptr ss:[esp+0x40],edx

0048DD92 E8 E968FFFF call acad.00484680

00484680 55 push ebp

00484681 8BEC mov ebp,esp

00484683 83E4 F8 and esp,-0x8

00484686 8B45 0C mov eax,dword ptr ss:[ebp+0xC]

00484689 83EC 0C sub esp,0xC

0048468C 53 push ebx

0048468D 56 push esi

0048468E 57 push edi

0048468F 8B7D 08 mov edi,dword ptr ss:[ebp+0x8]

00484692 85FF test edi,edi

00484694 C700 00000000 mov dword ptr ds:[eax],0x0

0048469A 75 0A jnz short acad.004846A6

0048469C 83C8 FF or eax,-0x1

0048469F 5F pop edi ; acad.0048DD97

004846A0 5E pop esi ; acad.0048DD97

004846A1 5B pop ebx ; acad.0048DD97

004846A2 8BE5 mov esp,ebp

004846A4 5D pop ebp ; acad.0048DD97

004846A5 C3 retn

004846A6 C74424 10 00000>mov dword ptr ss:[esp+0x10],0x0

004846AE 8BFF mov edi,edi

004846B0 0FBF5F 04 movsx ebx,word ptr ds:[edi+0x4]

004846B4 81FB 88130000 cmp ebx,0x1388

004846BA 7C 24 jl short acad.004846E0

004846BC 81FB 9C130000 cmp ebx,0x139C

004846C2 74 1C je short acad.004846E0

004846C4 85DB test ebx,ebx

004846C6 7D 0C jge short acad.004846D4

004846C8 8D8B 88130000 lea ecx,dword ptr ds:[ebx+0x1388]

004846CE 894C24 0C mov dword ptr ss:[esp+0xC],ecx

004846D2 EB 19 jmp short acad.004846ED

004846D4 8D93 78ECFFFF lea edx,dword ptr ds:[ebx-0x1388]

004846DA 895424 0C mov dword ptr ss:[esp+0xC],edx

004846DE EB 0D jmp short acad.004846ED

004846E0 53 push ebx

004846E1 E8 1AE10900 call acad.00522800

004846E6 83C4 04 add esp,0x4

004846E9 894424 0C mov dword ptr ss:[esp+0xC],eax

004846ED 8B4424 0C mov eax,dword ptr ss:[esp+0xC]

004846F1 50 push eax

004846F2 E8 CD366800 call <jmp.&acdb17.acutNewRb>

acutNewRb()函数分配一新的结果缓冲区，并设置restype字段为v。acutNewRb()函数返回一个指向新分配的结果缓冲区的指针。参数v应为在adscodes.h文件中定义的结果类型码中的一个(例如RTPOINT)。别忘记调用acutRelRb()函数释放用acutNewRb()函数分配的内存。

004846F7 8BF0 mov esi,eax

004846F9 83C4 04 add esp,0x4

004846FC 85F6 test esi,esi

004846FE ^ 74 9C je short acad.0048469C

00484700 81FB 9C130000 cmp ebx,0x139C

00484706 75 08 jnz short acad.00484710

00484708 66:C746 04 0000 mov word ptr ds:[esi+0x4],0x0

0048470E EB 04 jmp short acad.00484714

00484710 66:895E 04 mov word ptr ds:[esi+0x4],bx

00484714 8B4424 0C mov eax,dword ptr ss:[esp+0xC]

00484718 83C0 FF add eax,-0x1

0048471B 83F8 1E cmp eax,0x1E

0048471E 0F87 2A010000 ja acad.0048484E

00484724 0FB688 90494800 movzx ecx,byte ptr ds:[eax+0x484990]

0048472B FF248D 68494800 jmp dword ptr ds:[ecx*4+0x484968]

00484732 81FB 88130000 cmp ebx,0x1388

00484738 DD47 08 fld qword ptr ds:[edi+0x8]

0048473B DD5E 08 fstp qword ptr ds:[esi+0x8]

0048473E 0F8E DE000000 jle acad.00484822

00484744 66:C746 04 8913 mov word ptr ds:[esi+0x4],0x1389

0048474A E9 D3000000 jmp acad.00484822

0048474F DD47 08 fld qword ptr ds:[edi+0x8]

00484752 DD5E 08 fstp qword ptr ds:[esi+0x8]

00484755 DD47 10 fld qword ptr ds:[edi+0x10]

00484758 DD5E 10 fstp qword ptr ds:[esi+0x10]

0048475B D9EE fldz

0048475D DD5E 18 fstp qword ptr ds:[esi+0x18]

00484760 E9 BD000000 jmp acad.00484822

00484765 DD47 08 fld qword ptr ds:[edi+0x8]

00484768 DD5E 08 fstp qword ptr ds:[esi+0x8]

0048476B DD47 10 fld qword ptr ds:[edi+0x10]

0048476E DD5E 10 fstp qword ptr ds:[esi+0x10]

00484771 DD47 18 fld qword ptr ds:[edi+0x18]

00484774 DD5E 18 fstp qword ptr ds:[esi+0x18]

00484777 E9 A6000000 jmp acad.00484822

0048477C 66:8B57 08 mov dx,word ptr ds:[edi+0x8]

00484780 66:8956 08 mov word ptr ds:[esi+0x8],dx

00484784 E9 99000000 jmp acad.00484822

00484789 83FB FD cmp ebx,-0x3

0048478C 0F84 90000000 je acad.00484822

00484792 81FB EC030000 cmp ebx,0x3EC

00484798 74 27 je short acad.004847C1

0048479A B8 67666666 mov eax,0x66666667

0048479F F7EB imul ebx

004847A1 C1FA 02 sar edx,0x2

004847A4 8BC2 mov eax,edx

004847A6 C1E8 1F shr eax,0x1F

004847A9 03C2 add eax,edx

004847AB 83F8 1F cmp eax,0x1F

004847AE 74 11 je short acad.004847C1

004847B0 8B4F 08 mov ecx,dword ptr ds:[edi+0x8]

004847B3 51 push ecx

004847B4 E8 A7E5FFFF call acad.00482D60

00482D60 57 push edi

00482D61 8B7C24 08 mov edi,dword ptr ss:[esp+0x8]

00482D65 85FF test edi,edi

00482D67 75 04 jnz short acad.00482D6D

00482D69 33C0 xor eax,eax

00482D6B 5F pop edi ; acad.004847B9

00482D6C C3 retn

00482D6D 56 push esi

00482D6E 57 push edi

00482D6F E8 9C202400 call acad.006C4E10

得到字符串的长度？

006C4E10 8B4C24 04 mov ecx,dword ptr ss:[esp+0x4]

006C4E14 33C0 xor eax,eax

006C4E16 66:3901 cmp word ptr ds:[ecx],ax

006C4E19 74 11 je short acad.006C4E2C

006C4E1B EB 03 jmp short acad.006C4E20

006C4E1D 8D49 00 lea ecx,dword ptr ds:[ecx]

006C4E20 83C1 02 add ecx,0x2

006C4E23 83C0 01 add eax,0x1

006C4E26 66:8339 00 cmp word ptr ds:[ecx],0x0

006C4E2A ^ 75 F4 jnz short acad.006C4E20

006C4E2C C2 0400 retn 0x4

006C4E2F CC int3

00482D74 8D4400 02 lea eax,dword ptr ds:[eax+eax+0x2]

00482D78 50 push eax

00482D79 FF15 B803BC00 call dword ptr ds:[<&MSVCR80.malloc>] ; msvcr80.malloc

00482D7F 8BF0 mov esi,eax 分配的内存地址

00482D81 83C4 04 add esp,0x4

00482D84 85F6 test esi,esi

00482D86 74 0F je short acad.00482D97

00482D88 57 push edi 源字符串

00482D89 56 push esi 分配的内存

00482D8A E8 D11BF8FF call acad.00404960

；把源字符串复制到分配的内存中

00404960 8B4424 04 mov eax,dword ptr ss:[esp+0x4]

00404964 56 push esi

00404965 8B7424 0C mov esi,dword ptr ss:[esp+0xC]

00404969 0FB70E movzx ecx,word ptr ds:[esi]

0040496C 66:85C9 test cx,cx

0040496F 8BD0 mov edx,eax

00404971 74 11 je short acad.00404984

00404973 83C6 02 add esi,0x2

00404976 66:890A mov word ptr ds:[edx],cx

00404979 0FB70E movzx ecx,word ptr ds:[esi]

0040497C 83C2 02 add edx,0x2

0040497F 66:85C9 test cx,cx ；为0结束

00404982 ^ 75 EF jnz short acad.00404973；循环

00404984 66:8B0E mov cx,word ptr ds:[esi]

00404987 66:890A mov word ptr ds:[edx],cx

0040498A 5E pop esi ；分配的内存地址

0040498B C3 retn

00482D8F 83C4 08 add esp,0x8

00482D92 8BC6 mov eax,esi

00482D94 5E pop esi ; acad.004847B9

00482D95 5F pop edi ; acad.004847B9

00482D96 C3 retn

00482D97 5E pop esi ; acad.004847B9

00482D98 33C0 xor eax,eax

00482D9A 5F pop edi ; acad.004847B9

00482D9B C3 retn

004847B9 83C4 04 add esp,0x4

004847BC 8946 08 mov dword ptr ds:[esi+0x8],eax

004847BF EB 61 jmp short acad.00484822

004847C1 66:8B57 08 mov dx,word ptr ds:[edi+0x8]

004847C5 66:8956 08 mov word ptr ds:[esi+0x8],dx

004847C9 0FBF47 08 movsx eax,word ptr ds:[edi+0x8]

004847CD 50 push eax

004847CE 6A 01 push 0x1

004847D0 FF15 2C03BC00 call dword ptr ds:[<&MSVCR80.calloc>] ; msvcr80.calloc

004847D6 83C4 08 add esp,0x8

004847D9 85C0 test eax,eax

004847DB 8946 0C mov dword ptr ds:[esi+0xC],eax

004847DE ^ 0F84 B8FEFFFF je acad.0048469C

004847E4 0FBF4F 08 movsx ecx,word ptr ds:[edi+0x8]

004847E8 8B57 0C mov edx,dword ptr ds:[edi+0xC]

004847EB 51 push ecx

004847EC 52 push edx

004847ED 50 push eax

004847EE E8 BF9D6A00 call <jmp.&MSVCR80.memcpy>

004847F3 83C4 0C add esp,0xC

004847F6 EB 2A jmp short acad.00484822

004847F8 8B47 08 mov eax,dword ptr ds:[edi+0x8]

004847FB 8946 08 mov dword ptr ds:[esi+0x8],eax

004847FE 8B4F 0C mov ecx,dword ptr ds:[edi+0xC]

00484801 894E 0C mov dword ptr ds:[esi+0xC],ecx

00484804 EB 1C jmp short acad.00484822

00484806 8B57 08 mov edx,dword ptr ds:[edi+0x8]

00484809 8956 08 mov dword ptr ds:[esi+0x8],edx

0048480C 8B47 0C mov eax,dword ptr ds:[edi+0xC]

0048480F 8946 0C mov dword ptr ds:[esi+0xC],eax

00484812 EB 0E jmp short acad.00484822

00484814 8B4F 08 mov ecx,dword ptr ds:[edi+0x8]

00484817 894E 08 mov dword ptr ds:[esi+0x8],ecx

0048481A EB 06 jmp short acad.00484822

0048481C 66:C746 08 FFFF mov word ptr ds:[esi+0x8],0xFFFF

00484822 8B45 0C mov eax,dword ptr ss:[ebp+0xC]

00484825 8338 00 cmp dword ptr ds:[eax],0x0

00484828 75 04 jnz short acad.0048482E

0048482A 8930 mov dword ptr ds:[eax],esi

0048482C EB 06 jmp short acad.00484834

0048482E 8B4C24 10 mov ecx,dword ptr ss:[esp+0x10]

00484832 8931 mov dword ptr ds:[ecx],esi

00484834 8B3F mov edi,dword ptr ds:[edi]

00484836 85FF test edi,edi

00484838 897424 10 mov dword ptr ss:[esp+0x10],esi

0048483C ^ 0F85 6EFEFFFF jnz acad.004846B0

00484842 B8 64000000 mov eax,0x64

00484847 5F pop edi ; acad.0048DD97

00484848 5E pop esi ; acad.0048DD97

00484849 5B pop ebx ; acad.0048DD97

0048484A 8BE5 mov esp,ebp

0048484C 5D pop ebp ; acad.0048DD97

0048484D C3 retn

0048484E E8 4D62F9FF call acad.0041AAA0

00484853 8BD8 mov ebx,eax

00484855 85DB test ebx,ebx

00484857 75 07 jnz short acad.00484860

00484859 A1 98DDD700 mov eax,dword ptr ds:[0xD7DD98]

0048485E EB 34 jmp short acad.00484894

00484860 8B7B 10 mov edi,dword ptr ds:[ebx+0x10]

00484863 FF15 F01FD700 call dword ptr ds:[0xD71FF0] ; acad.00468D10

00484869 3B47 14 cmp eax,dword ptr ds:[edi+0x14]

0048486C 75 05 jnz short acad.00484873

0048486E 8D47 08 lea eax,dword ptr ds:[edi+0x8]

00484871 EB 12 jmp short acad.00484885

00484873 3B47 2C cmp eax,dword ptr ds:[edi+0x2C]

00484876 75 05 jnz short acad.0048487D

00484878 8D47 20 lea eax,dword ptr ds:[edi+0x20]

0048487B EB 08 jmp short acad.00484885

0048487D 3B47 44 cmp eax,dword ptr ds:[edi+0x44]

00484880 75 07 jnz short acad.00484889

00484882 8D47 38 lea eax,dword ptr ds:[edi+0x38]

00484885 85C0 test eax,eax

00484887 75 08 jnz short acad.00484891

00484889 8B83 E4050000 mov eax,dword ptr ds:[ebx+0x5E4]

0048488F EB 03 jmp short acad.00484894

00484891 8B40 14 mov eax,dword ptr ds:[eax+0x14]

00484894 85C0 test eax,eax

00484896 74 0B je short acad.004848A3

00484898 8B40 14 mov eax,dword ptr ds:[eax+0x14]

0048489B 85C0 test eax,eax

0048489D 74 04 je short acad.004848A3

0048489F 3BC6 cmp eax,esi

004848A1 74 11 je short acad.004848B4

004848A3 8B3E mov edi,dword ptr ds:[esi] ; acad.00C2CDD4

004848A5 56 push esi

004848A6 E8 C5060000 call acad.00484F70

004848AB 83C4 04 add esp,0x4

004848AE 85FF test edi,edi

004848B0 8BF7 mov esi,edi

004848B2 ^ 75 EF jnz short acad.004848A3

004848B4 8B55 0C mov edx,dword ptr ss:[ebp+0xC]

004848B7 8B1A mov ebx,dword ptr ds:[edx]

004848B9 E8 E261F9FF call acad.0041AAA0

004848BE 8BF8 mov edi,eax

004848C0 85FF test edi,edi

004848C2 75 07 jnz short acad.004848CB

004848C4 A1 98DDD700 mov eax,dword ptr ds:[0xD7DD98]

004848C9 EB 34 jmp short acad.004848FF

004848CB 8B77 10 mov esi,dword ptr ds:[edi+0x10]

004848CE FF15 F01FD700 call dword ptr ds:[0xD71FF0] ; acad.00468D10

004848D4 3B46 14 cmp eax,dword ptr ds:[esi+0x14]

004848D7 75 05 jnz short acad.004848DE

004848D9 8D46 08 lea eax,dword ptr ds:[esi+0x8]

004848DC EB 12 jmp short acad.004848F0

004848DE 3B46 2C cmp eax,dword ptr ds:[esi+0x2C]

004848E1 75 05 jnz short acad.004848E8

004848E3 8D46 20 lea eax,dword ptr ds:[esi+0x20]

004848E6 EB 08 jmp short acad.004848F0

004848E8 3B46 44 cmp eax,dword ptr ds:[esi+0x44] ; acad.00490044

004848EB 75 07 jnz short acad.004848F4

004848ED 8D46 38 lea eax,dword ptr ds:[esi+0x38]

004848F0 85C0 test eax,eax

004848F2 75 08 jnz short acad.004848FC

004848F4 8B87 E4050000 mov eax,dword ptr ds:[edi+0x5E4] ; acad.00430043

004848FA EB 03 jmp short acad.004848FF

004848FC 8B40 14 mov eax,dword ptr ds:[eax+0x14]

004848FF 85C0 test eax,eax

00484901 74 0B je short acad.0048490E

00484903 8B40 14 mov eax,dword ptr ds:[eax+0x14]

00484906 85C0 test eax,eax

00484908 74 04 je short acad.0048490E

0048490A 3BC3 cmp eax,ebx

0048490C 74 17 je short acad.00484925

0048490E 85DB test ebx,ebx

00484910 8BC3 mov eax,ebx

00484912 74 11 je short acad.00484925

00484914 8B30 mov esi,dword ptr ds:[eax]

00484916 50 push eax

00484917 E8 54060000 call acad.00484F70

0048491C 83C4 04 add esp,0x4

0048491F 85F6 test esi,esi

00484921 8BC6 mov eax,esi

00484923 ^ 75 EF jnz short acad.00484914

00484925 8B45 0C mov eax,dword ptr ss:[ebp+0xC]

00484928 8D4C24 14 lea ecx,dword ptr ss:[esp+0x14]

0048492C 68 8C590000 push 0x598C

00484931 51 push ecx

00484932 C700 00000000 mov dword ptr ds:[eax],0x0

00484938 E8 1363F9FF call acad.0041AC50

0048493D 83C4 08 add esp,0x8

00484940 8BC8 mov ecx,eax

00484942 FF15 4CF7BB00 call dword ptr ds:[<&MFC80U.#ATL::CSimpleS>; mfc80u.#ATL::CSimpleStringT<char,1>::GetString_3391

00484948 50 push eax

00484949 E8 DEA76A00 call <jmp.&acdb17.acdbFail>

0048494E 83C4 04 add esp,0x4

00484951 8D4C24 14 lea ecx,dword ptr ss:[esp+0x14]

00484955 FF15 58F7BB00 call dword ptr ds:[<&MFC80U.#ATL::CStringT>; mfc80u.#ATL::CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char> > >::~CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char> > >_578

0048495B 5F pop edi ; acad.0048DD97

0048495C 5E pop esi ; acad.0048DD97

0048495D 83C8 FF or eax,-0x1

00484960 5B pop ebx ; acad.0048DD97

00484961 8BE5 mov esp,ebp

00484963 5D pop ebp ; acad.0048DD97

00484964 C3 retn

0048DD97 8B5C24 1C mov ebx,dword ptr ss:[esp+0x1C] ; ddd.0DFD334F

0048DD9B 83C4 08 add esp,0x8

0048DD9E 8BCF mov ecx,edi

0048DDA0 E8 2B67FFFF call acad.004844D0

004844D0 56 push esi

004844D1 8BF1 mov esi,ecx

004844D3 8B8E F8000000 mov ecx,dword ptr ds:[esi+0xF8]

004844D9 85C9 test ecx,ecx

004844DB 74 27 je short acad.00484504

004844DD E8 4E99FFFF call acad.0047DE30

0047DE30 85C9 test ecx,ecx

0047DE32 74 5F je short acad.0047DE93

0047DE34 F681 70050000 0>test byte ptr ds:[ecx+0x570],0x1

0047DE3B 75 56 jnz short acad.0047DE93

0047DE3D 8379 70 00 cmp dword ptr ds:[ecx+0x70],0x0

0047DE41 75 50 jnz short acad.0047DE93

0047DE43 8B41 18 mov eax,dword ptr ds:[ecx+0x18]

0047DE46 8B90 0C040000 mov edx,dword ptr ds:[eax+0x40C]

0047DE4C 85D2 test edx,edx

0047DE4E 74 43 je short acad.0047DE93

0047DE50 66:83BA 3004000>cmp word ptr ds:[edx+0x430],0x0

0047DE58 75 39 jnz short acad.0047DE93

0047DE5A 66:833D A841D60>cmp word ptr ds:[0xD641A8],0x0

0047DE62 75 2F jnz short acad.0047DE93

0047DE64 8B81 CC050000 mov eax,dword ptr ds:[ecx+0x5CC]

0047DE6A 85C0 test eax,eax

0047DE6C 74 25 je short acad.0047DE93

0047DE6E 8378 04 00 cmp dword ptr ds:[eax+0x4],0x0

0047DE72 7F 1F jg short acad.0047DE93

0047DE74 66:83BA A80D000>cmp word ptr ds:[edx+0xDA8],0x0

0047DE7C 75 15 jnz short acad.0047DE93

0047DE7E 80B9 E9050000 0>cmp byte ptr ds:[ecx+0x5E9],0x0

0047DE85 74 0C je short acad.0047DE93

0047DE87 80BA 901C0000 0>cmp byte ptr ds:[edx+0x1C90],0x0

0047DE8E 75 03 jnz short acad.0047DE93

0047DE90 B0 01 mov al,0x1

0047DE92 C3 retn

0047DE93 32C0 xor al,al

0047DE95 C3 retn

004844E2 84C0 test al,al

004844E4 74 1E je short acad.00484504

004844E6 E8 1579F8FF call acad.acDocManagerPtr

.获得当前文档管理对象指针

ACCORE_PORT AcApDocManager* acDocManagerPtr();

004844EB 8B10 mov edx,dword ptr ds:[eax]

004844ED 8BC8 mov ecx,eax

004844EF 8B42 18 mov eax,dword ptr ds:[edx+0x18]

004844F2 FFD0 call eax

004844F4 8B10 mov edx,dword ptr ds:[eax]

004844F6 8BC8 mov ecx,eax

004844F8 8B42 3C mov eax,dword ptr ds:[edx+0x3C]

004844FB FFD0 call eax

004844FD 8BC8 mov ecx,eax

004844FF E8 8C330200 call acad.004A7890

00484504 8346 04 01 add dword ptr ds:[esi+0x4],0x1

00484508 5E pop esi ; acad.0048DDA5

00484509 C3 retn

0048DDA5 6A 00 push 0x0

0048DDA7 8D5424 14 lea edx,dword ptr ss:[esp+0x14]

0048DDAB 52 push edx

0048DDAC 53 push ebx

0048DDAD 56 push esi

0048DDAE 8BCD mov ecx,ebp

0048DDB0 E8 5B67FFFF call acad.00484510

00484510 83EC 10 sub esp,0x10

00484513 8B4424 1C mov eax,dword ptr ss:[esp+0x1C]

00484517 85C0 test eax,eax

00484519 53 push ebx

0048451A 8BD9 mov ebx,ecx

0048451C 57 push edi

0048451D 895C24 14 mov dword ptr ss:[esp+0x14],ebx

00484521 74 06 je short acad.00484529

00484523 C700 00000000 mov dword ptr ds:[eax],0x0

00484529 8B4424 28 mov eax,dword ptr ss:[esp+0x28]

0048452D 85C0 test eax,eax

0048452F 74 06 je short acad.00484537

00484531 C700 96130000 mov dword ptr ds:[eax],0x1396

00484537 8B7C24 1C mov edi,dword ptr ss:[esp+0x1C]

0048453B 85FF test edi,edi

0048453D 75 0B jnz short acad.0048454A

0048453F 5F pop edi ; acad.0048DDB5

00484540 83C8 FF or eax,-0x1

00484543 5B pop ebx ; acad.0048DDB5

00484544 83C4 10 add esp,0x10

00484547 C2 1000 retn 0x10

0048454A 8B07 mov eax,dword ptr ds:[edi]

0048454C 8B50 28 mov edx,dword ptr ds:[eax+0x28]

0048454F 55 push ebp

00484550 56 push esi

00484551 8BCF mov ecx,edi

00484553 FFD2 call edx

00801F00 8B41 1C mov eax,dword ptr ds:[ecx+0x1C]

00801F03 C3 retn

00484555 8B10 mov edx,dword ptr ds:[eax]

00484557 8BC8 mov ecx,eax

00484559 8B42 18 mov eax,dword ptr ds:[edx+0x18]

0048455C FFD0 call eax

00F6F9D0 > 56 push esi

00F6F9D1 8BF1 mov esi,ecx

00F6F9D3 837E 14 00 cmp dword ptr ds:[esi+0x14],0x0

00F6F9D7 75 1D jnz short acdb17.00F6F9F6

00F6F9D9 837E 0C 00 cmp dword ptr ds:[esi+0xC],0x0

00F6F9DD 75 11 jnz short acdb17.00F6F9F0

00F6F9DF 8B4E 08 mov ecx,dword ptr ds:[esi+0x8]

00F6F9E2 85C9 test ecx,ecx

00F6F9E4 74 0A je short acdb17.00F6F9F0

00F6F9E6 8B01 mov eax,dword ptr ds:[ecx] ; acdb17.017029D0

00F6F9E8 8B50 28 mov edx,dword ptr ds:[eax+0x28]

00F6F9EB FFD2 call edx ; acdb17.017029D0

00F6F9ED 8946 0C mov dword ptr ds:[esi+0xC],eax ; acdb17.AcRxGenHand::getAppInfoPtr

00F6F9F0 8B46 0C mov eax,dword ptr ds:[esi+0xC]

00F6F9F3 8946 14 mov dword ptr ds:[esi+0x14],eax ; acdb17.AcRxGenHand::getAppInfoPtr

00F6F9F6 8D46 10 lea eax,dword ptr ds:[esi+0x10]

00F6F9F9 5E pop esi ; acad.0048455E

00F6F9FA C3 retn

0048455E 8BF0 mov esi,eax

00484560 56 push esi

00484561 8BCB mov ecx,ebx

00484563 E8 B847FEFF call acad.00468D20

00468D20 56 push esi

00468D21 57 push edi

00468D22 8BF9 mov edi,ecx

00468D24 8B77 10 mov esi,dword ptr ds:[edi+0x10]

00468D27 FF15 F01FD700 call dword ptr ds:[0xD71FF0] ; acad.00468D10

00468D10 64:A1 10000000 mov eax,dword ptr fs:[0x10]

00468D16 C3 retn

00468D2D 3B46 14 cmp eax,dword ptr ds:[esi+0x14]

00468D30 75 05 jnz short acad.00468D37

00468D32 8D46 08 lea eax,dword ptr ds:[esi+0x8]

00468D35 EB 12 jmp short acad.00468D49

00468D37 3B46 2C cmp eax,dword ptr ds:[esi+0x2C]

00468D3A 75 05 jnz short acad.00468D41

00468D3C 8D46 20 lea eax,dword ptr ds:[esi+0x20]

00468D3F EB 08 jmp short acad.00468D49

00468D41 3B46 44 cmp eax,dword ptr ds:[esi+0x44]

00468D44 75 07 jnz short acad.00468D4D

00468D46 8D46 38 lea eax,dword ptr ds:[esi+0x38]

00468D49 85C0 test eax,eax

00468D4B 75 17 jnz short acad.00468D64

00468D4D 8B5424 0C mov edx,dword ptr ss:[esp+0xC]

00468D51 8B87 E4050000 mov eax,dword ptr ds:[edi+0x5E4] ; acad.00540055

00468D57 8D8F E4050000 lea ecx,dword ptr ds:[edi+0x5E4]

00468D5D 5F pop edi ; acad.00484568

00468D5E 8911 mov dword ptr ds:[ecx],edx ; acdb17.017029D0

00468D60 5E pop esi ; acad.00484568

00468D61 C2 0400 retn 0x4

00468D64 8B5424 0C mov edx,dword ptr ss:[esp+0xC]

00468D68 8D48 14 lea ecx,dword ptr ds:[eax+0x14]

00468D6B 8B01 mov eax,dword ptr ds:[ecx] ; acad.00C09664

00468D6D 5F pop edi ; acad.00484568

00468D6E 8911 mov dword ptr ds:[ecx],edx ; acdb17.017029D0

00468D70 5E pop esi ; acad.00484568

00468D71 C2 0400 retn 0x4

00484568 8B56 20 mov edx,dword ptr ds:[esi+0x20]

0048456B 8B4E 14 mov ecx,dword ptr ds:[esi+0x14]

0048456E 894424 18 mov dword ptr ss:[esp+0x18],eax

00484572 8B46 24 mov eax,dword ptr ds:[esi+0x24]

00484575 8D5E 14 lea ebx,dword ptr ds:[esi+0x14]

00484578 895424 10 mov dword ptr ss:[esp+0x10],edx

0048457C C703 00000000 mov dword ptr ds:[ebx],0x0

00484582 C746 20 0000000>mov dword ptr ds:[esi+0x20],0x0

00484589 C746 24 9613000>mov dword ptr ds:[esi+0x24],0x1396

00484590 8B17 mov edx,dword ptr ds:[edi]

00484592 894C24 24 mov dword ptr ss:[esp+0x24],ecx

00484596 894424 14 mov dword ptr ss:[esp+0x14],eax

0048459A 8B42 34 mov eax,dword ptr ds:[edx+0x34]

0048459D 8BCF mov ecx,edi

0048459F FFD0 call eax

0045A5F0 8B41 20 mov eax,dword ptr ds:[ecx+0x20]

0045A5F3 C3 retn

004845A1 8B4C24 28 mov ecx,dword ptr ss:[esp+0x28]

004845A5 53 push ebx

004845A6 51 push ecx

004845A7 8946 0C mov dword ptr ds:[esi+0xC],eax

004845AA E8 D1000000 call acad.00484680

004845AF 8346 10 01 add dword ptr ds:[esi+0x10],0x1

004845B3 8B17 mov edx,dword ptr ds:[edi]

004845B5 8B42 24 mov eax,dword ptr ds:[edx+0x24]

004845B8 83C4 08 add esp,0x8

004845BB 8BCF mov ecx,edi

004845BD 83CD FF or ebp,-0x1

004845C0 FFD0 call eax

004845C2 85C0 test eax,eax

004845C4 74 25 je short acad.004845EB

004845C6 57 push edi

004845C7 E8 E4CE6800 call acad.00B114B0

004845CC 8BE8 mov ebp,eax

004845CE 83C4 04 add esp,0x4

004845D1 83FD 01 cmp ebp,0x1

004845D4 74 04 je short acad.004845DA

004845D6 85ED test ebp,ebp

004845D8 75 07 jnz short acad.004845E1

004845DA BD 64000000 mov ebp,0x64

004845DF EB 2A jmp short acad.0048460B

004845E1 83FD 64 cmp ebp,0x64

004845E4 74 25 je short acad.0048460B

004845E6 83CD FF or ebp,-0x1

004845E9 EB 20 jmp short acad.0048460B

004845EB 837E 10 02 cmp dword ptr ds:[esi+0x10],0x2

004845EF 7D 1A jge short acad.0048460B

004845F1 8B4E 1C mov ecx,dword ptr ds:[esi+0x1C]

004845F4 51 push ecx

004845F5 6A 05 push 0x5

004845F7 E8 54CF6800 call acad.00B11550

004845FC 83C4 08 add esp,0x8

004845FF F7D8 neg eax

00484601 1BC0 sbb eax,eax

00484603 83E0 65 and eax,0x65

00484606 83C0 FF add eax,-0x1

00484609 8BE8 mov ebp,eax

0048460B 8B4424 30 mov eax,dword ptr ss:[esp+0x30]

0048460F 85C0 test eax,eax

00484611 74 05 je short acad.00484618

00484613 8B56 24 mov edx,dword ptr ds:[esi+0x24]

00484616 8910 mov dword ptr ds:[eax],edx

00484618 8B4424 2C mov eax,dword ptr ss:[esp+0x2C]

0048461C 8346 10 FF add dword ptr ds:[esi+0x10],-0x1

00484620 85C0 test eax,eax

00484622 74 0D je short acad.00484631

00484624 50 push eax

00484625 8B46 20 mov eax,dword ptr ds:[esi+0x20]

00484628 50 push eax

00484629 E8 52000000 call acad.00484680

0048462E 83C4 08 add esp,0x8

00484631 8B03 mov eax,dword ptr ds:[ebx]

00484633 8B4C24 24 mov ecx,dword ptr ss:[esp+0x24]

00484637 50 push eax

00484638 890B mov dword ptr ds:[ebx],ecx

0048463A E8 61040000 call acad.00484AA0

0048463F 8B56 20 mov edx,dword ptr ds:[esi+0x20]

00484642 52 push edx

00484643 E8 58040000 call acad.00484AA0

00484648 8B4C24 1C mov ecx,dword ptr ss:[esp+0x1C]

0048464C 8B5424 20 mov edx,dword ptr ss:[esp+0x20]

00484650 8B4424 18 mov eax,dword ptr ss:[esp+0x18]

00484654 83C4 08 add esp,0x8

00484657 894E 24 mov dword ptr ds:[esi+0x24],ecx

0048465A 8B4C24 1C mov ecx,dword ptr ss:[esp+0x1C]

0048465E 52 push edx

0048465F 8946 20 mov dword ptr ds:[esi+0x20],eax

00484662 E8 B946FEFF call acad.00468D20

00484667 5E pop esi ; acad.0048DDB5

00484668 8BC5 mov eax,ebp

0048466A 5D pop ebp ; acad.0048DDB5

0048466B 5F pop edi ; acad.0048DDB5

0048466C 5B pop ebx ; acad.0048DDB5

0048466D 83C4 10 add esp,0x10

00484670 C2 1000 retn 0x10

0048DDB5 8B4424 10 mov eax,dword ptr ss:[esp+0x10]

0048DDB9 8BCF mov ecx,edi

0048DDBB 8985 DC050000 mov dword ptr ss:[ebp+0x5DC],eax

0048DDC1 E8 BA72FFFF call acad.00485080

00485080 8341 04 FF add dword ptr ds:[ecx+0x4],-0x1

00485084 8B89 F8000000 mov ecx,dword ptr ds:[ecx+0xF8]

0048508A 85C9 test ecx,ecx

0048508C 74 27 je short acad.004850B5

0048508E E8 9D8DFFFF call acad.0047DE30

00485093 84C0 test al,al

00485095 74 1E je short acad.004850B5

00485097 E8 646DF8FF call acad.acDocManagerPtr

0048509C 8B10 mov edx,dword ptr ds:[eax]

0048509E 8BC8 mov ecx,eax

004850A0 8B42 18 mov eax,dword ptr ds:[edx+0x18]

004850A3 FFD0 call eax

004850A5 8B10 mov edx,dword ptr ds:[eax]

004850A7 8BC8 mov ecx,eax

004850A9 8B42 3C mov eax,dword ptr ds:[edx+0x3C]

004850AC FFD0 call eax

004850AE 8BC8 mov ecx,eax

004850B0 E9 7BA51000 jmp acad.0058F630

004850B5 C3 retn

0048DDC6 53 push ebx

0048DDC7 E8 D46CFFFF call acad.00484AA0

00484AA0 E8 6BDAFFFF call acad.00482510

00484AA5 85C0 test eax,eax

00484AA7 8B4C24 04 mov ecx,dword ptr ss:[esp+0x4]

00484AAB 74 11 je short acad.00484ABE

00484AAD 8B40 14 mov eax,dword ptr ds:[eax+0x14]

00484AB0 85C0 test eax,eax

00484AB2 74 0A je short acad.00484ABE

00484AB4 3BC1 cmp eax,ecx

00484AB6 75 06 jnz short acad.00484ABE

00484AB8 B8 77ECFFFF mov eax,-0x1389

00484ABD C3 retn

00484ABE 85C9 test ecx,ecx

00484AC0 8BC1 mov eax,ecx

00484AC2 74 13 je short acad.00484AD7

00484AC4 56 push esi

00484AC5 8B30 mov esi,dword ptr ds:[eax]

00484AC7 50 push eax

00484AC8 E8 A3040000 call acad.00484F70

00484F70 56 push esi

00484F71 8B7424 08 mov esi,dword ptr ss:[esp+0x8]

00484F75 85F6 test esi,esi

00484F77 0F84 C6000000 je acad.00485043

00484F7D 0FB74E 04 movzx ecx,word ptr ds:[esi+0x4]

00484F81 66:81F9 8813 cmp cx,0x1388

00484F86 57 push edi

00484F87 8B3D 6803BC00 mov edi,dword ptr ds:[<&MSVCR80.free>] ; msvcr80.free

00484F8D 0F8D 83000000 jge acad.00485016

00484F93 66:81F9 EC03 cmp cx,0x3EC

00484F98 74 77 je short acad.00485011

00484F9A 0FBFD1 movsx edx,cx

00484F9D B8 67666666 mov eax,0x66666667

00484FA2 F7EA imul edx

00484FA4 C1FA 02 sar edx,0x2

00484FA7 8BC2 mov eax,edx

00484FA9 C1E8 1F shr eax,0x1F

00484FAC 03C2 add eax,edx

00484FAE 83F8 1F cmp eax,0x1F

00484FB1 74 5E je short acad.00485011

00484FB3 66:83F9 FC cmp cx,0xFFFC

00484FB7 74 3F je short acad.00484FF8

00484FB9 66:81F9 E803 cmp cx,0x3E8

00484FBE 7C 0A jl short acad.00484FCA

00484FC0 81C1 18FCFFFF add ecx,-0x3E8

00484FC6 66:894E 04 mov word ptr ds:[esi+0x4],cx

00484FCA 0FB74E 04 movzx ecx,word ptr ds:[esi+0x4]

00484FCE 81E1 FF010000 and ecx,0x1FF

00484FD4 B8 67666666 mov eax,0x66666667

00484FD9 F7E9 imul ecx

00484FDB C1FA 02 sar edx,0x2

00484FDE 8BC2 mov eax,edx

00484FE0 C1E8 1F shr eax,0x1F

00484FE3 03C2 add eax,edx

00484FE5 83F8 29 cmp eax,0x29

00484FE8 77 52 ja short acad.0048503C

00484FEA 0FB688 50504800 movzx ecx,byte ptr ds:[eax+0x485050]

00484FF1 FF248D 48504800 jmp dword ptr ds:[ecx*4+0x485048]

00484FF8 8B46 08 mov eax,dword ptr ds:[esi+0x8]

00484FFB 85C0 test eax,eax

00484FFD 74 3D je short acad.0048503C

00484FFF 50 push eax

00485000 E8 9B0E0100 call acad.00495EA0

00485005 83C4 04 add esp,0x4

00485008 56 push esi

00485009 FFD7 call edi

0048500B 83C4 04 add esp,0x4

0048500E 5F pop edi ; acad.00484ACD

0048500F 5E pop esi ; acad.00484ACD

00485010 C3 retn

00484ACD 83C4 04 add esp,0x4

00484AD0 85F6 test esi,esi

00484AD2 8BC6 mov eax,esi

00484AD4 ^ 75 EF jnz short acad.00484AC5

00484AD6 5E pop esi ; acad.0048DDCC

00484AD7 B8 EC130000 mov eax,0x13EC

00484ADC C3 retn

0048DDCC 83C4 04 add esp,0x4

0048DDCF 8B4C24 58 mov ecx,dword ptr ss:[esp+0x58]

0048DDD3 5F pop edi ; acad.00B11E2E

0048DDD4 5E pop esi ; acad.00B11E2E

0048DDD5 5D pop ebp ; acad.00B11E2E

0048DDD6 5B pop ebx ; acad.00B11E2E

0048DDD7 33CC xor ecx,esp

0048DDD9 E8 8E056A00 call acad.00B2E36C

0048DDDE 83C4 4C add esp,0x4C

0048DDE1 C3 retn

00B11E2E 8B96 DC050000 mov edx,dword ptr ds:[esi+0x5DC]

00B11E34 8913 mov dword ptr ds:[ebx],edx

00B11E36 83C4 0C add esp,0xC

00B11E39 C786 DC050000 0>mov dword ptr ds:[esi+0x5DC],0x0

00B11E43 893D BC07D600 mov dword ptr ds:[0xD607BC],edi

00B11E49 5F pop edi ; ddd.0DFD334F

00B11E4A 5E pop esi ; ddd.0DFD334F

00B11E4B B8 01000000 mov eax,0x1

00B11E50 5B pop ebx ; ddd.0DFD334F

00B11E51 C3 retn

转载于:https://www.cnblogs.com/dianziguan/p/10236988.html

你可能感兴趣的文章

Information Retrieval 倒排索引学习笔记

查看>>

js多维数组扁平化

查看>>

[Leetcode Week15]Populating Next Right Pointers in Each Node