Mu Blue MAIN1.06D+ 跳NP 、中文话汇编修改地址

0061461B   . /EB 55         jmp     short 00614672
0061461D   . |68 80889000   push    00908880                         ; /Arg2 = 00908880
00614622   . |68 38381608   push    08163838                         ; |Arg1 = 08163838
00614627   . |E8 49730D00   call    006EB975                         ; \main.006EB975
0061462C   . |83C4 08       add     esp, 8
006148EA   . /75 32         jnz     short 0061491E
006148EC   . |68 38899000   push    00908938                         ; /Arg2 = 00908938 ASCII "config.ini read error",CR,LF,""
006148F1   . |68 38381608   push    08163838                         ; |Arg1 = 08163838
006148F6   . |E8 7A700D00   call    006EB975                         ; \main.006EB975
006148FB   . |83C4 08       add     esp, 8
0061497E   . /0F85 89000000 jnz     00614A0D
00614984   . |68 50899000   push    00908950                         ; /Arg2 = 00908950 ASCII "gg init error",CR,LF,""
00614989   . |68 38381608   push    08163838                         ; |Arg1 = 08163838
0061498E   . |E8 E26F0D00   call    006EB975                         ; \main.006EB975
00614993   . |83C4 08       add     esp, 8
00630996   . /EB 47         je     short 006309DF
00630998   . |B9 B0411608   mov     ecx, 081641B0
0063099D   . |E8 9ED80300   call    0066E240
006309A2   . |8D9424 8C0900>lea     edx, dword ptr [esp+98C]
006309A9   . |52            push    edx                              ; /Arg3
006309AA   . |68 A49A9000   push    00909AA4                         ; |Arg2 = 00909AA4 ASCII "> ResourceGuard Error!!(%s)",CR,LF,""
006309AF   . |68 38381608   push    08163838                         ; |Arg1 = 08163838
006309B4   . |E8 BCAF0B00   call    006EB975                         ; \main.006EB975
006309B9   . |83C4 0C       add     esp, 0C
006309BC   . |8D4C24 54     lea     ecx, dword ptr [esp+54]
006309C0   . |C74424 4C B00>mov     dword ptr [esp+4C], 008C03B0
006309C8   . |C78424 981A00>mov     dword ptr [esp+1A98], -1
006309D3   . |E8 38C62300   call    0086D010
006309D8   . |33C0          xor     eax, eax
006309DA   . |E9 18030000   jmp     00630CF7
006309DF   > \8B0D 443C1608 mov     ecx, dword ptr [8163C44]

006E9476  |. /74 12         JE SHORT main.006E948A
006E9478  |. |8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
006E947B  |. |50            PUSH EAX                                 ; /Arg2
006E947C  |. |6A 00         PUSH 0                                   ; |Arg1 = 00000000
006E947E  |. |E8 9A000000   CALL main.006E951D                       ; \main.006E951D
006E9483  |. |83C4 08       ADD ESP,8
006E9486  |. |32C0          XOR AL,AL
006E9488  |. |EB 0F         JMP SHORT main.006E9499
006E948A  |> \68 789B6E00   PUSH main.006E9B78                       ;  入口地址
006E94D6     /EB 11         jnz SHORT main.006E94E9
006E94D8  |. |6A 01         PUSH 1                                   ; /Arg2 = 00000001
006E94DA  |. |8B0D 583C1608 MOV ECX,DWORD PTR DS:[8163C58]           ; |
006E94E0  |. |51            PUSH ECX                                 ; |Arg1 => 00000000
006E94E1  |. |E8 7783F2FF   CALL main.0061185D                       ; \main.0061185D
006E94E6  |. |83C4 08       ADD ESP,8
006E94E9  |> \5D            POP EBP
006E9509  |. /74 10         JE SHORT main.006E951B
006E950B  |. |6A 01         PUSH 1                                   ; /Arg2 = 00000001
006E950D  |. |A1 583C1608   MOV EAX,DWORD PTR DS:[8163C58]           ; |
006E9512  |. |50            PUSH EAX                                 ; |Arg1 => 00000000
006E9513  |. |E8 4583F2FF   CALL main.0061185D                       ; \main.0061185D
006E9518  |. |83C4 08       ADD ESP,8
006E951B  |> \5D            POP EBP

00884665   . /0F85 1D010000 jnz     00884788
0088466B   . |8D4D D4       lea     ecx, dword ptr [ebp-2C]
0088466E   . |8D95 D8FEFFFF lea     edx, dword ptr [ebp-128>
00884674   . |51            push    ecx                     ; /pProcessInfo
00884675   . |52            push    edx                     ; |pStartupInfo
00884676   . |57            push    edi                     ; |CurrentDir => NULL
00884677   . |57            push    edi                     ; |pEnvironment => NULL
00884678   . |57            push    edi                     ; |CreationFlags => 0
00884679   . |6A 01         push    1                       ; |InheritHandles = TRUE
0088467B   . |57            push    edi                     ; |pThreadSecurity => NULL
0088467C   . |8D85 C0F4FFFF lea     eax, dword ptr [ebp-B40>; |
00884682   . |57            push    edi                     ; |pProcessSecurity => NULL
00884683   . |8D8D D0FCFFFF lea     ecx, dword ptr [ebp-330>; |
00884689   . |50            push    eax                     ; |CommandLine
0088468A   . |51            push    ecx                     ; |ModuleFileName
0088468B   . |FF15 14D18B00 call    dword ptr [<&KERNEL32.C>; \CreateProcessA
00884691   . |85C0          test    eax, eax
00884693   . |75 1E         jnz     short 008846B3
00884695   . |8B35 90D18B00 mov     esi, dword ptr [<&KERNE>;  ntdll.RtlGetLastWin32Error

0061461B   . /EB 55         jmp     short 00614672
0061461D   . |68 80889000   push    00908880                         ; /Arg2 = 00908880
00614622   . |68 38381608   push    08163838                         ; |Arg1 = 08163838
00614627   . |E8 49730D00   call    006EB975                         ; \main.006EB975
0061462C   . |83C4 08       add     esp, 8
006148EA   . /75 32         jnz     short 0061491E
006148EC   . |68 38899000   push    00908938                         ; /Arg2 = 00908938 ASCII "config.ini read error",CR,LF,""
006148F1   . |68 38381608   push    08163838                         ; |Arg1 = 08163838
006148F6   . |E8 7A700D00   call    006EB975                         ; \main.006EB975
006148FB   . |83C4 08       add     esp, 8
0061497E   . /0F85 89000000 jnz     00614A0D
00614984   . |68 50899000   push    00908950                         ; /Arg2 = 00908950 ASCII "gg init error",CR,LF,""
00614989   . |68 38381608   push    08163838                         ; |Arg1 = 08163838
0061498E   . |E8 E26F0D00   call    006EB975                         ; \main.006EB975
00614993   . |83C4 08       add     esp, 8
00630996   . /EB 47         je     short 006309DF
00630998   . |B9 B0411608   mov     ecx, 081641B0
0063099D   . |E8 9ED80300   call    0066E240
006309A2   . |8D9424 8C0900>lea     edx, dword ptr [esp+98C]
006309A9   . |52            push    edx                              ; /Arg3
006309AA   . |68 A49A9000   push    00909AA4                         ; |Arg2 = 00909AA4 ASCII "> ResourceGuard Error!!(%s)",CR,LF,""
006309AF   . |68 38381608   push    08163838                         ; |Arg1 = 08163838
006309B4   . |E8 BCAF0B00   call    006EB975                         ; \main.006EB975
006309B9   . |83C4 0C       add     esp, 0C
006309BC   . |8D4C24 54     lea     ecx, dword ptr [esp+54]
006309C0   . |C74424 4C B00>mov     dword ptr [esp+4C], 008C03B0
006309C8   . |C78424 981A00>mov     dword ptr [esp+1A98], -1
006309D3   . |E8 38C62300   call    0086D010
006309D8   . |33C0          xor     eax, eax
006309DA   . |E9 18030000   jmp     00630CF7
006309DF   > \8B0D 443C1608 mov     ecx, dword ptr [8163C44]

006E9476  |. /74 12         JE SHORT main.006E948A
006E9478  |. |8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
006E947B  |. |50            PUSH EAX                                 ; /Arg2
006E947C  |. |6A 00         PUSH 0                                   ; |Arg1 = 00000000
006E947E  |. |E8 9A000000   CALL main.006E951D                       ; \main.006E951D
006E9483  |. |83C4 08       ADD ESP,8
006E9486  |. |32C0          XOR AL,AL
006E9488  |. |EB 0F         JMP SHORT main.006E9499
006E948A  |> \68 789B6E00   PUSH main.006E9B78                       ;  入口地址
006E94D6     /EB 11         jnz SHORT main.006E94E9
006E94D8  |. |6A 01         PUSH 1                                   ; /Arg2 = 00000001
006E94DA  |. |8B0D 583C1608 MOV ECX,DWORD PTR DS:[8163C58]           ; |
006E94E0  |. |51            PUSH ECX                                 ; |Arg1 => 00000000
006E94E1  |. |E8 7783F2FF   CALL main.0061185D                       ; \main.0061185D
006E94E6  |. |83C4 08       ADD ESP,8
006E94E9  |> \5D            POP EBP
006E9509  |. /74 10         JE SHORT main.006E951B
006E950B  |. |6A 01         PUSH 1                                   ; /Arg2 = 00000001
006E950D  |. |A1 583C1608   MOV EAX,DWORD PTR DS:[8163C58]           ; |
006E9512  |. |50            PUSH EAX                                 ; |Arg1 => 00000000
006E9513  |. |E8 4583F2FF   CALL main.0061185D                       ; \main.0061185D
006E9518  |. |83C4 08       ADD ESP,8
006E951B  |> \5D            POP EBP

00884665   . /0F85 1D010000 jnz     00884788
0088466B   . |8D4D D4       lea     ecx, dword ptr [ebp-2C]
0088466E   . |8D95 D8FEFFFF lea     edx, dword ptr [ebp-128>
00884674   . |51            push    ecx                     ; /pProcessInfo
00884675   . |52            push    edx                     ; |pStartupInfo
00884676   . |57            push    edi                     ; |CurrentDir => NULL
00884677   . |57            push    edi                     ; |pEnvironment => NULL
00884678   . |57            push    edi                     ; |CreationFlags => 0
00884679   . |6A 01         push    1                       ; |InheritHandles = TRUE
0088467B   . |57            push    edi                     ; |pThreadSecurity => NULL
0088467C   . |8D85 C0F4FFFF lea     eax, dword ptr [ebp-B40>; |
00884682   . |57            push    edi                     ; |pProcessSecurity => NULL
00884683   . |8D8D D0FCFFFF lea     ecx, dword ptr [ebp-330>; |
00884689   . |50            push    eax                     ; |CommandLine
0088468A   . |51            push    ecx                     ; |ModuleFileName
0088468B   . |FF15 14D18B00 call    dword ptr [<&KERNEL32.C>; \CreateProcessA
00884691   . |85C0          test    eax, eax
00884693   . |75 1E         jnz     short 008846B3
00884695   . |8B35 90D18B00 mov     esi, dword ptr [<&KERNE>;  ntdll.RtlGetLastWin32Error

UE改中文  

00 00 00 00 81 00 00 00 01 00 00 00 88 00 00 00   

本文出自 7j45 > 奇迹一条龙