File: iWebOffice2003.ocx
Path: C:\Documents and Settings\Administrator\桌面\
Size: 389,792
Type: PE
Base Of Code: 00001000, Code Size: 000C4400
Base Of Data: 000C6000, Data Size: 0001EE00
Image Base: 00400000
Entry Point: 004E9001
Sections:
Name | VirtAddr | VirtSize | Offset | PhysSize | Flags | Code
----------+----------+----------+----------+----------+----------+------
CODE | 00401000 | 000C5000 | 00000400 | 0004CC00 | C0000040 |
DATA | 004C6000 | 00002000 | 0004D000 | 00000E00 | C0000040 |
BSS | 004C8000 | 00003000 | 0004DE00 | 00000000 | C0000040 |
.idata | 004CB000 | 00003000 | 0004DE00 | 00001200 | C0000040 |
.edata | 004CE000 | 00001000 | 0004F000 | 00000200 | C0000040 |
.reloc | 004CF000 | 0000C000 | 0004F200 | 00006A00 | C0000040 |
.rsrc | 004DB000 | 0000E000 | 00055C00 | 00006A00 | C0000040 |
.aspack | 004E9000 | 00002000 | 0005C600 | 00001600 | C0000040 | Yes
.adata | 004EB000 | 00001000 | 0005DC00 | 00000000 | C0000040 |
Section .aspack
004E9000: 90 nop
* Entry Point:
004E9001: 60 pushad
004E9002: E803000000 call 004E900A
004E9007: E9EB045D45 jmp 45AB94F7
004E900C: 55 push ebp
004E900D: C3 ret
004E900E: E801000000 call 004E9014
004E9013: EB5D jmp 004E9072
004E9015: BBEDFFFFFF mov ebx, FFFFFFED
004E901A: 03DD add ebx, ebp
004E901C: 81EB00900E00 sub ebx, 000E9000
004E9022: 83BD2204000000 cmp dword ptr [ebp+00000422], 00000000
004E9029: 899D22040000 mov [ebp+00000422], ebx
004E902F: 0F8565030000 jne 004E939A
004E9035: 8D852E040000 lea eax, [ebp+0000042E]
004E903B: 50 push eax
004E903C: FF954D0F0000 call [ebp+00000F4D]
004E9042: 898526040000 mov [ebp+00000426], eax
004E9048: 8BF8 mov edi, eax
004E904A: 8D5D5E lea ebx, [ebp+5E]
004E904D: 53 push ebx
004E904E: 50 push eax
004E904F: FF95490F0000 call [ebp+00000F49]
004E9055: 89854D050000 mov [ebp+0000054D], eax
004E905B: 8D5D6B lea ebx, [ebp+6B]
004E905E: 53 push ebx
004E905F: 57 push edi
004E9060: FF95490F0000 call [ebp+00000F49]
004E9066: 898551050000 mov [ebp+00000551], eax
004E906C: 8D4577 lea eax, [ebp+77]
004E906F: FFE0 jmp eax
004E9071: 56 push esi
* Jump:
004E9013(U)
004E9072: 69727475616C41 imul esi, dword ptr [edx+74], 416C6175
004E9079: 6C insb
004E907A: 6C insb
004E907B: 6F outsd
004E907C: 6300 arpl [eax], ax
004E907E: 56 push esi
004E907F: 69727475616C46 imul esi, dword ptr [edx+74], 466C6175
004E9086: 7265 jb 004E90ED
004E9088: 65008B9D310500 add gs:[ebx+0005319D], cl
004E908F: 000B add [ebx], cl
004E9091: DB
004E9092: 740A je 004E909E
004E9094: 8B03 mov eax, [ebx]
004E9096: 878535050000 xchg eax, [ebp+00000535]
004E909C: 8903 mov [ebx], eax
* Jump:
004E9092(C)
004E909E: 8DB569050000 lea esi, [ebp+00000569]
004E90A4: 833E00 cmp dword ptr [esi], 00000000
004E90A7: 0F8421010000 je 004E91CE
004E90AD: 6A04 push 00000004
004E90AF: 6800100000 push 00001000
004E90B4: 6800180000 push 00001800
004E90B9: 6A00 push 00000000
004E90BB: FF954D050000 call [ebp+0000054D]
004E90C1: 898556010000 mov [ebp+00000156], eax
* Jump:
004E91A3(C)
004E90C7: 8B4604 mov eax, [esi+04]
004E90CA: 050E010000 add eax, 0000010E
004E90CF: 6A04 push 00000004
004E90D1: 6800100000 push 00001000
004E90D6: 50 push eax
004E90D7: 6A00 push 00000000
004E90D9: FF954D050000 call [ebp+0000054D]
004E90DF: 898552010000 mov [ebp+00000152], eax
004E90E5: 56 push esi
004E90E6: 8B1E mov ebx, [esi]
004E90E8: 039D22040000 add ebx, [ebp+00000422]
004E90EE: FFB556010000 push dword ptr [ebp+00000156]
004E90F4: FF7604 push dword ptr [esi+04]
004E90F7: 50 push eax
004E90F8: 53 push ebx
004E90F9: E86E050000 call 004E966C
004E90FE: B300 mov bl, 00
004E9100: 80FB00 cmp bl, 00
004E9103: 755E jne 004E9163
004E9105: FE85EC000000 inc byte ptr [ebp+000000EC]
004E910B: 8B3E mov edi, [esi]
004E910D: 03BD22040000 add edi, [ebp+00000422]
004E9113: FF37 push dword ptr [edi]
004E9115: C607C3 mov byte ptr [edi], C3
004E9118: FFD7 call edi
004E911A: 8F07 pop dword ptr [edi]
004E911C: 50 push eax
004E911D: 51 push ecx
004E911E: 56 push esi
004E911F: 53 push ebx
004E9120: 8BC8 mov ecx, eax
004E9122: 83E906 sub ecx, 00000006
004E9125: 8BB552010000 mov esi, [ebp+00000152]
004E912B: 33DB xor ebx, ebx
* Jump:
004E9140(U), 004E915D(U)
004E912D: 0BC9 or ecx, ecx
004E912F: 742E je 004E915F
004E9131: 782C js 004E915F
004E9133: AC lodsb
004E9134: 3CE8 cmp al, E8
004E9136: 740A je 004E9142
004E9138: EB00 jmp 004E913A
* Jump:
004E9138(U)
004E913A: 3CE9 cmp al, E9
004E913C: 7404 je 004E9142
* Jump:
004E9149(C)
004E913E: 43 inc ebx
004E913F: 49 dec ecx
004E9140: EBEB jmp 004E912D
* Jump:
004E9136(C), 004E913C(C)
004E9142: 8B06 mov eax, [esi]
004E9144: EB00 jmp 004E9146
* Jump:
004E9144(U)
004E9146: 803E21 cmp byte ptr [esi], 21 ;'!'
004E9149: 75F3 jne 004E913E
004E914B: 2400 and al, 00
004E914D: C1C018 rol eax, 18
004E9150: 2BC3 sub eax, ebx
004E9152: 8906 mov [esi], eax
004E9154: 83C305 add ebx, 00000005
004E9157: 83C604 add esi, 00000004
004E915A: 83E905 sub ecx, 00000005
004E915D: EBCE jmp 004E912D
* Jump:
004E912F(C), 004E9131(C)
004E915F: 5B pop ebx
004E9160: 5E pop esi
004E9161: 59 pop ecx
004E9162: 58 pop eax
* Jump:
004E9103(C)
004E9163: EB08 jmp 004E916D
004E9165: 0000 add [eax], al
004E9167: 0000 add [eax], al
004E9169: 0000 add [eax], al
004E916B: 0000 add [eax], al