\n\n\n\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n
8<\/div>\n
9<\/div>\n
10<\/div>\n
11<\/div>\n
12<\/div>\n
13<\/div>\n
14<\/div>\n<\/td>\n
C in rt3d.dll<\/code><\/div>\nint __stdcall e3_NODE__ChildsDraw(struc_1 *a1, int a2, int a3, int a4)<\/code><\/div>\n{<\/code><\/div>\n\u00a0\u00a0<\/code>struc_1 *node; \/\/ esi@1<\/code><\/div>\n\u00a0\u00a0<\/code>int result; \/\/ eax@2<\/code><\/div>\n<\/div>\n\u00a0\u00a0<\/code>for ( node = (struc_1 *)a1->first_node; node; node = (struc_1 *)node->next_node )<\/code><\/div>\n\u00a0\u00a0<\/code>{<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>result = (*(int (__stdcall **)(_DWORD, _DWORD, _DWORD, _DWORD))(node->cobject + 0xC4))(node, a2, a3, a4);\/\/ rt3d!e3_NODE::Draw<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>if ( result < 0 )<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>return result;<\/code><\/div>\n\u00a0\u00a0<\/code>}<\/code><\/div>\n\u00a0\u00a0<\/code>return 1;<\/code><\/div>\n}<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\ne3_NODE::Draw\u51fd\u6570\u4e2d\u4f1a\u8c03\u7528sub_ 101819E7\uff08\u547d\u540d\u4e3aTake_Fill_Node\uff09\u51fd\u6570\uff0c\u8be5\u51fd\u6570\u4f1a\u7533\u8bf7sizeof(struct1)* node_count\u5927\u5c0f\u7684\u5185\u5b58\uff0csizeof(struct1)=0xa0 ,\u7136\u540e\u5faa\u73af(\u8fd9\u91cc\u603b\u51715\u4e2a\u8282\u70b9\uff0c\u4ece0-4)\u5c06\u5c06node+0\u00d768\u5904\u7684\u4e00\u4e2a\u5bf9\u8c61\u6307\u9488\u8d4b\u7ed9\u7533\u8bf7\u7684\u5185\u5b58\u7ed3\u6784\u4e2d\u3002\u6b64\u65f6\u8fd9\u4e2a\u5bf9\u8c61\u6307\u9488+0\u00d754\u504f\u79fb\u5904\u5df2\u7ecf\u662f\u88ab\u4fee\u6539\u7684\u975e\u6cd5\u503c52520026\uff0c\u56e0\u6b64\u9700\u8981\u77e5\u9053\u8fd9\u4e2a\u5bf9\u8c61\u662f\u4ece\u54ea\u6765\u7684\u3002<\/p>\n
node+0\u00d768\u7684\u5bf9\u8c61\u6307\u9488\u4ece\u54ea\u6765\u7684\u5462\uff0c\u8fd9\u91cc\u5c31\u8981\u770bnode\u8282\u70b9\u7684\u5206\u914d\u60c5\u51b5\u3002\u4ecert3d.dll\u4e2d\u770b\u5230\u6709\u5173\u4e8ee3_NoDE:\u7c7b\uff0c\u5176\u4e2d\u6709e3_NODE__AddChild\u548ce3_NODE__Create\u7b49\u8282\u70b9\u64cd\u4f5c\u51fd\u6570\uff0c\u5f88\u81ea\u7136\u7684\u5728\u8282\u70b9\u7684\u5206\u914d\u51fa\u4e0b\u65ad\u70b9\u3002<\/p>\n
\n\n\n\n\n\n1<\/div>\n2<\/div>\n3<\/div>\n4<\/div>\n5<\/div>\n<\/td>\n \n\nbu !rt3d+165CCA \".if(1){.echo addchild;gc}\"<\/code><\/div>\nbu !rt3d+181A56 \".if(1){.echo malloc base;db eax;}\"<\/code><\/div>\nbu !rt3d+168050 \".if(1){.echo create new child node;r eax;gc}\"<\/code><\/div>\nbu rt3d!e3_NODE::ChildsDraw+0x19 \".if(1){.echo ChildsDraw childnode ;r esi;dd esi+0x48} l4\"<\/code><\/div>\nbu !rt3d+166EB0 \".if(1){.echo call Take_Fill_Node;dd esp l4;dd poi(esp+4)+0x48}\"<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\nnode\u8282\u70b9\u7684\u5206\u914d\u60c5\u51b5<\/p>\n
\n\n\n\n\n\n1<\/div>\n2<\/div>\n3<\/div>\n4<\/div>\n5<\/div>\n6<\/div>\n7<\/div>\n8<\/div>\n9<\/div>\n10<\/div>\n11<\/div>\n12<\/div>\n13<\/div>\n14<\/div>\n15<\/div>\n16<\/div>\n17<\/div>\n18<\/div>\n19<\/div>\n20<\/div>\n21<\/div>\n22<\/div>\n23<\/div>\n24<\/div>\n25<\/div>\n26<\/div>\n27<\/div>\n28<\/div>\n29<\/div>\n30<\/div>\n31<\/div>\n32<\/div>\n33<\/div>\n34<\/div>\n35<\/div>\n36<\/div>\n37<\/div>\n38<\/div>\n39<\/div>\n40<\/div>\n41<\/div>\n42<\/div>\n43<\/div>\n44<\/div>\n45<\/div>\n46<\/div>\n47<\/div>\n48<\/div>\n49<\/div>\n50<\/div>\n51<\/div>\n52<\/div>\n53<\/div>\n54<\/div>\n55<\/div>\n56<\/div>\n57<\/div>\n58<\/div>\n59<\/div>\n60<\/div>\n61<\/div>\n62<\/div>\n63<\/div>\n64<\/div>\n65<\/div>\n66<\/div>\n67<\/div>\n68<\/div>\n69<\/div>\n70<\/div>\n71<\/div>\n72<\/div>\n73<\/div>\n74<\/div>\n75<\/div>\n76<\/div>\n77<\/div>\n78<\/div>\n79<\/div>\n80<\/div>\n81<\/div>\n82<\/div>\n83<\/div>\n84<\/div>\n85<\/div>\n86<\/div>\n87<\/div>\n88<\/div>\n89<\/div>\n90<\/div>\n91<\/div>\n92<\/div>\n93<\/div>\n94<\/div>\n95<\/div>\n96<\/div>\n97<\/div>\n98<\/div>\n99<\/div>\n100<\/div>\n101<\/div>\n102<\/div>\n103<\/div>\n104<\/div>\n105<\/div>\n106<\/div>\n107<\/div>\n108<\/div>\n109<\/div>\n110<\/div>\n111<\/div>\n112<\/div>\n113<\/div>\n114<\/div>\n115<\/div>\n<\/td>\n \n\ncreate new child node<\/code><\/div>\neax=03217ac8\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 --allocate root node<\/code><\/div>\naddchild<\/code><\/div>\nModLoad: 668a0000 66a63000\u00a0\u00a0 C:\\Windows\\system32\\d3d9.dll<\/code><\/div>\nModLoad: 70be0000 70be6000\u00a0\u00a0 C:\\Windows\\system32\\d3d8thk.dll<\/code><\/div>\nModLoad: 6b400000 6b421000\u00a0\u00a0 C:\\Windows\\system32\\vm3dum.dll<\/code><\/div>\nModLoad: 67ed0000 67fd5000\u00a0\u00a0 C:\\Windows\\system32\\d3d8.dll<\/code><\/div>\n*** ERROR: Symbol file could not be found.\u00a0 Defaulted to export symbols for C:\\Program Files\\Adobe Reader 9.4.0\\Reader 9.0\\Reader\\plug_ins3d\\3difr.x3d -<\/code><\/div>\ncreate new child node<\/code><\/div>\neax=0321c918\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 --allocate node1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ---second break<\/code><\/div>\naddchild<\/code><\/div>\ncreate new child node<\/code><\/div>\neax=0321d3b8\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 --allocate node2<\/code><\/div>\naddchild<\/code><\/div>\ncreate new child node<\/code><\/div>\neax=0321d488\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 --allocate node3<\/code><\/div>\naddchild<\/code><\/div>\ncreate new child node<\/code><\/div>\neax=0321d558\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 --allocate node4<\/code><\/div>\naddchild<\/code><\/div>\ncreate new child node<\/code><\/div>\neax=0321d628\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 --allocate node5<\/code><\/div>\naddchild<\/code><\/div>\nModLoad: 69fa0000 6a00c000\u00a0\u00a0 C:\\Program Files\\Adobe Reader 9.4.0\\Reader 9.0\\Reader\\AdobeXMP.dll<\/code><\/div>\nModLoad: 6f8d0000 70350000\u00a0\u00a0 C:\\Windows\\system32\\ieframe.dll<\/code><\/div>\nModLoad: 718a0000 718dc000\u00a0\u00a0 C:\\Windows\\system32\\OLEACC.dll<\/code><\/div>\nADOBE_READLOGGER_CMD:PAUSE_LOG<\/code><\/div>\nModLoad: 6b3d0000 6b3f1000\u00a0\u00a0 C:\\Windows\\system32\\vm3dum.dll<\/code><\/div>\nChildsDraw childnode<\/code><\/div>\nesi=03217ac8\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ---root node<\/code><\/div>\n03217b10\u00a0 0321c918 00000000 00000000 00000000<\/code><\/div>\nChildsDraw childnode<\/code><\/div>\nesi=0321c918\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ---node 1<\/code><\/div>\n0321c960\u00a0 00000000 03217ac8 0321d3b8 0321d3b8<\/code><\/div>\nChildsDraw childnode<\/code><\/div>\nesi=0321d3b8\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ---node 2<\/code><\/div>\n0321d400\u00a0 00000000 00000000 0321d488 0321d488<\/code><\/div>\nChildsDraw childnode<\/code><\/div>\nesi=0321d488\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ---node 3<\/code><\/div>\n0321d4d0\u00a0 00000000 00000000 0321d558 0321d558<\/code><\/div>\nChildsDraw childnode<\/code><\/div>\nesi=0321d558\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ---node 4<\/code><\/div>\n0321d5a0\u00a0 00000000 00000000 0321d628 0321d628<\/code><\/div>\nChildsDraw childnode<\/code><\/div>\nesi=0321d628\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ---node 5<\/code><\/div>\n0321d670\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\ncall Take_Fill_Node<\/code><\/div>\n0016e860\u00a0 0321d628 03213ba0 0016e87c 00000000\u00a0\u00a0 ---node5\u00a0 *(node5+0x68)<\/code><\/div>\noffset48<\/code><\/div>\n03213be8\u00a0 00000000 0321ba70 00000000 00000000<\/code><\/div>\n03213bf8\u00a0 00000000 41700000 00000000 00000000<\/code><\/div>\n03213c08\u00a0 3f800000 3f800000 00000000 00000000<\/code><\/div>\n03213c18\u00a0 00000011 00000000 18bd34db 88000000<\/code><\/div>\n03213c28\u00a0 0321c788 00000000 00000000 00000000<\/code><\/div>\n03213c38\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n03213c48\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n03213c58\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\ncall Take_Fill_Node<\/code><\/div>\n0016e9b4\u00a0 0321d558 03213870 0016e9d0 00000000\u00a0\u00a0 ---node4\u00a0 *(node4+0x68)<\/code><\/div>\noffset48<\/code><\/div>\n032138b8\u00a0 00000000 0321b9e0 00000000 00000000<\/code><\/div>\n032138c8\u00a0 00000000 41200000 00000000 00000000<\/code><\/div>\n032138d8\u00a0 3f800000 3f800000 00000000 00000000<\/code><\/div>\n032138e8\u00a0 00000011 00000000 18bd3441 88000000<\/code><\/div>\n032138f8\u00a0 0321c788 00000000 00000000 00000000<\/code><\/div>\n03213908\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n03213918\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n03213928\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\ncall Take_Fill_Node<\/code><\/div>\n0016eb08\u00a0 0321d488 032135c8 03213298 00000000\u00a0\u00a0 ---node3\u00a0 *(node3+0x68)<\/code><\/div>\noffset48<\/code><\/div>\n03213610\u00a0 00000000 0321b950 00000000 00000000<\/code><\/div>\n03213620\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n03213630\u00a0 3f800000 3f800000 00000000 00000000<\/code><\/div>\n03213640\u00a0 00000011 00000000 18bd3596 88000000<\/code><\/div>\n03213650\u00a0 0321c788 00000000 00000000 00000000<\/code><\/div>\n03213660\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n03213670\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n03213680\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\ncall Take_Fill_Node<\/code><\/div>\n0016ec5c\u00a0 0321d3b8 03213320 03213298 00000000\u00a0\u00a0 ---node2\u00a0 *(node2+0x68)<\/code><\/div>\noffset48<\/code><\/div>\n03213368\u00a0 00000000 0321b8c0 00000000 00000000<\/code><\/div>\n03213378\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n03213388\u00a0 3f800000 3f800000 00000000 00000000<\/code><\/div>\n03213398\u00a0 00000011 00000000 18bd352b 88000000<\/code><\/div>\n032133a8\u00a0 0321c788 00000000 00000000 00000000<\/code><\/div>\n032133b8\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n032133c8\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n032133d8\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\ncall Take_Fill_Node<\/code><\/div>\n0016edb0\u00a0 0321c918 03213fe0 032140f0 00000000\u00a0\u00a0 ---node1\u00a0 *(node1+0x68)<\/code><\/div>\noffset48<\/code><\/div>\n03214028\u00a0 0321d1e8 0321c788 00000000 00000014<\/code><\/div>\n03214038\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n03214048\u00a0 03208ff8 00000014 0320c008 03214178<\/code><\/div>\n03214058\u00a0 0321bdd0 00000000 18bd3b53 88000000<\/code><\/div>\n03214068\u00a0 0321c918 00000000 00000000 00000000<\/code><\/div>\n03214078\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n03214088\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n03214098\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\neax=00000000 ebx=00000000 ecx=03216d58 edx=0016ecc0 esi=03216d58 edi=00000004<\/code><\/div>\neip=68881a6b esp=0016eda0 ebp=0016eee4 iopl=0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 nv up ei pl nz ac pe nc<\/code><\/div>\ncs=001b\u00a0 ss=0023\u00a0 ds=0023\u00a0 es=0023\u00a0 fs=003b\u00a0 gs=0000\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 efl=00000216<\/code><\/div>\nrt3d!e3_LAYER::DeleteThis+0x351:<\/code><\/div>\n68881a6b 69ffa0000000\u00a0\u00a0\u00a0 imul\u00a0\u00a0\u00a0 edi,edi,0A0h<\/code><\/div>\n0:000> dd 0321d1e8+54<\/code><\/div>\n0321d23c\u00a0 52520026 13b80100 00140307 00000000\u00a0\u00a0 ---52520026 \u975e\u6cd5\u7684\u503c<\/code><\/div>\n0321d24c\u00a0 00000000 00000000 1e080000 00300322<\/code><\/div>\n0321d25c\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n0321d26c\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n0321d27c\u00a0 63380000 00000306 64680000 00000306<\/code><\/div>\n0321d28c\u00a0 b3bc0000 00240206 00000000 00030000<\/code><\/div>\n0321d29c\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n0321d2ac\u00a0 00000000 00000000 fa3a0000 4d24c105<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\u521d\u6b65\u4ece\u4e0a\u9762\u7684\u6253\u5370\u65e5\u5fd7\u6765\u770b\uff0c\u662f\u7b2c\u4e00\u4e2anode\u8282\u70b9\u51fa\u4e86\u95ee\u9898unkown_class=*(node1+0\u00d768) ; *(*(unkown_class+0\u00d748)+0\u00d754)=0\u00d752520026<\/p>\n
Node+0\u00d768\u662f\u4ec0\u4e48\u65f6\u5019\u521d\u59cb\u5316\u7684\u5462\uff0c\u6062\u590d\u865a\u62df\u673a\u5feb\u7167\uff0c\u91cd\u65b0\u6765\u8fc7\uff0c\u5728\u7b2c\u4e00\u4e2anode\u5b50\u8282\u70b9\u5206\u914d\u6210\u529f\u540e\u65ad\u4e0b\u6765 \u7136\u540e\u4e0b ba w 1 (node+0\u00d768)\u7684\u8bbf\u95ee\u65ad\u70b9\u3002
\n\uff08\u8fd9\u91cc\u5206\u4eab\u4e2a\u8c03\u8bd5\u7684\u6280\u5de7 \u53ef\u4ee5\u7528\u865a\u62df\u673a\u6765\u4fdd\u5b58\u5f00\u59cb\u8c03\u8bd5\u65f6\u5019\u7684\u72b6\u6001\uff0c\u8fd9\u91cc\u4ee5\u540e\u91cd\u65b0\u8c03\u8bd5\u7684\u65f6\u5019\u76f4\u63a5\u6062\u590d\u865a\u62df\u673a\u5feb\u7167\uff0c\u5806\u5206\u914d\u7684\u5730\u5740\u90fd\u662f\u4e00\u6837\u7684\uff0c\u53ef\u4ee5\u76f4\u63a5\u4e0b\u8bbf\u95ee\u65ad\u70b9\u3002\uff09<\/p>\n
\n\n\n\n\n\n1<\/div>\n2<\/div>\n3<\/div>\n4<\/div>\n5<\/div>\n6<\/div>\n7<\/div>\n8<\/div>\n9<\/div>\n10<\/div>\n11<\/div>\n12<\/div>\n13<\/div>\n14<\/div>\n15<\/div>\n16<\/div>\n17<\/div>\n18<\/div>\n19<\/div>\n20<\/div>\n21<\/div>\n22<\/div>\n23<\/div>\n24<\/div>\n25<\/div>\n26<\/div>\n27<\/div>\n<\/td>\n \n\nchar __userpurge e3_NODE__SetObject(int a1, int node, int a3)<\/code><\/div>\n{<\/code><\/div>\n\u00a0\u00a0<\/code>int v3; \/\/ eax@1<\/code><\/div>\n\u00a0\u00a0<\/code>int v4; \/\/ ebx@2<\/code><\/div>\n\u00a0\u00a0<\/code>int v6; \/\/ [sp-4h] [bp-Ch]@2<\/code><\/div>\n<\/div>\n\u00a0\u00a0<\/code>v3 = *(_DWORD *)(node + 0x68);<\/code><\/div>\n\u00a0\u00a0<\/code>if ( a3 != v3 )<\/code><\/div>\n\u00a0\u00a0<\/code>{<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>v6 = a1;<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>v4 = *(_DWORD *)(node + 0x68);<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>if ( v3 )<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>(*(void (__stdcall **)(int, int))(*(_DWORD *)v3 + 48))(v3, node);<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>*(_DWORD *)(node + 0x68) = a3;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 a3=unkown_class\u00a0 \u8fd9\u91cc\u8fdb\u884c\u7684\u521d\u59cb\u5316<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>if ( a3 )<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>{<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>(*(void (__stdcall **)(int, int))(*(_DWORD *)a3 + 44))(a3, node);<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>(*(void (__stdcall **)(_DWORD))(**(_DWORD **)(node + 104) + 4))(*(_DWORD *)(node + 104));<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>}<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>(*(void (__stdcall **)(int, signed int, int, int))(*(_DWORD *)node + 52))(node, 1006, v4, v6);<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>if ( v4 )<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>(*(void (__stdcall **)(int))(*(_DWORD *)v4 + 8))(v4);<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>(*(void (__cdecl **)(int))(*(_DWORD *)node + 224))(node);<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>sub_1013C568(*(_DWORD *)(node + 32));<\/code><\/div>\n\u00a0\u00a0<\/code>}<\/code><\/div>\n\u00a0\u00a0<\/code>return 1;<\/code><\/div>\n}<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\u5c06a3\u8d4b\u7ed9node+0\u00d768\u504f\u79fb\u5904\uff0c\u6b64\u65f6*(a3+48)+54\u5df2\u7ecf\u662f\u975e\u6cd5\u503c\u4e86<\/p>\n
\n\n\n\n\n\n1<\/div>\n2<\/div>\n3<\/div>\n4<\/div>\n5<\/div>\n6<\/div>\n7<\/div>\n8<\/div>\n9<\/div>\n10<\/div>\n11<\/div>\n12<\/div>\n13<\/div>\n14<\/div>\n<\/td>\n \n\neax=00000000 ebx=00000000 ecx=03372b58 edx=688d078c esi=03166560 edi=03373360<\/code><\/div>\neip=68855496 esp=002dd5b0 ebp=03373360 iopl=0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 nv up ei pl nz na pe nc<\/code><\/div>\ncs=001b\u00a0 ss=0023\u00a0 ds=0023\u00a0 es=0023\u00a0 fs=003b\u00a0 gs=0000\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 efl=00000206<\/code><\/div>\nrt3d!e3_NODE::SetObject+0x24:<\/code><\/div>\n68855496 7410\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 je\u00a0\u00a0\u00a0\u00a0\u00a0 rt3d!e3_NODE::SetObject+0x36 (688554a8) [br=0]<\/code><\/div>\n0:000> dd 03373360+54<\/code><\/div>\n033733b4\u00a0 52520034 57b80100 00140337 00000000\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ------\u6b64\u65f6\u5df2\u7ecf\u662f52520034 \u4e86<\/code><\/div>\n033733c4\u00a0 00000000 00000000 86580000 00300337<\/code><\/div>\n033733d4\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n033733e4\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n033733f4\u00a0 98580000 00000337 98f00000 00000337<\/code><\/div>\n03373404\u00a0 bef40000 00240329 00000000 00030000<\/code><\/div>\n03373414\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n03373424\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\u7ee7\u7eed\u5f80\u4e0a\u8ffd
\nasm in 3difr.x3d<\/p>\n
\n\n\n\n\n\n1<\/div>\n2<\/div>\n3<\/div>\n4<\/div>\n5<\/div>\n6<\/div>\n7<\/div>\n8<\/div>\n9<\/div>\n10<\/div>\n11<\/div>\n12<\/div>\n13<\/div>\n14<\/div>\n<\/td>\n \n\ntext:10002DBD\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 edi, [esp+8+arg_0]<\/code><\/div>\n.text:10002DC1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 esi, [esp+8+arg_4]<\/code><\/div>\n.text:10002DC5\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 edx, [edi]<\/code><\/div>\n.text:10002DC7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 eax, [edx+0C8h]<\/code><\/div>\n.text:10002DCD\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 esi\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; esi \u4e3a\u67d0\u4e2a\u5bf9\u8c61\u9996\u5730\u5740<\/code><\/div>\n.text:10002DCE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 edi<\/code><\/div>\n.text:10002DCF\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 eax\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/\/e3_NODE__SetObject\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 3difr!E3DLLFunc+0xb3f<\/code><\/div>\n<\/div>\nxt:1000415B\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 edx<\/code><\/div>\n.text:1000415C\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 eax\u00a0 \/\/\/\/---<\/code><\/div>\n.text:1000415D\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 ebp<\/code><\/div>\n.text:1000415E\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 esi<\/code><\/div>\n.text:1000415F\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 sub_10002D00<\/code><\/div>\n.text:10004164\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 add\u00a0\u00a0\u00a0\u00a0 esp, 10h<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\nbu 3difr!E3DLLFunc+0xb3f
\nbu !3difr+415F<\/p>\n
bu !3difr+401F
\nbu !3difr+2b91 \u201c.if(1){db poi(poi(esp))}\u201d
\n\u6d41\u7a0b\u592a\u590d\u6742 \u524d\u9762\u8ffd\u8e2a\u7684\u90fd\u4e0d\u592a\u8bb0\u5f97\u4e86\u3002\u3002\u3002<\/p>\n
\/\/\u731c\u6d4b\u90a3\u4e2a03373360 \u4e5f\u662f\u4e00\u4e2aOBJ\u5bf9\u8c61\uff0c\u56e0\u6b64\u76f4\u63a5\u5728\u8fd9\u91cc\u4e0b\u65ad\u70b9 \u8fd9\u91cc\u662fobj\u5206\u914d\u5185\u5b58\u7136\u540e\u521d\u59cb\u5316\u7684\u5730\u65b9\u3002\uff08\uff09
\nbu !rt3d+158DF8<\/p>\n
\u8fd9\u91cc\u4e3a\u4ec0\u4e48\u4f1a\u731c\u6d4b\u8fd9\u4e2a03373360\u662f\u4ee5OBJ\u5bf9\u8c61\u5462\uff0c\u770b\u4e0b\u9762<\/p>\n
\n\n\n\n\n\n1<\/div>\n2<\/div>\n3<\/div>\n4<\/div>\n5<\/div>\n6<\/div>\n7<\/div>\n8<\/div>\n9<\/div>\n10<\/div>\n11<\/div>\n12<\/div>\n13<\/div>\n14<\/div>\n15<\/div>\n16<\/div>\n17<\/div>\n18<\/div>\n19<\/div>\n20<\/div>\n21<\/div>\n22<\/div>\n23<\/div>\n24<\/div>\n25<\/div>\n26<\/div>\n27<\/div>\n28<\/div>\n29<\/div>\n30<\/div>\n31<\/div>\n32<\/div>\n33<\/div>\n34<\/div>\n35<\/div>\n36<\/div>\n37<\/div>\n38<\/div>\n39<\/div>\n40<\/div>\n41<\/div>\n42<\/div>\n43<\/div>\n44<\/div>\n45<\/div>\n46<\/div>\n47<\/div>\n48<\/div>\n49<\/div>\n50<\/div>\n51<\/div>\n52<\/div>\n53<\/div>\n54<\/div>\n55<\/div>\n56<\/div>\n57<\/div>\n58<\/div>\n59<\/div>\n60<\/div>\n61<\/div>\n62<\/div>\n63<\/div>\n64<\/div>\n65<\/div>\n66<\/div>\n<\/td>\n \n\nRt3d!dll<\/code><\/div>\n.text:101594DD sub_101594DD\u00a0\u00a0\u00a0 proc near\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; DATA XREF: .rdata:101DFA20o<\/code><\/div>\n.text:101594DD<\/code><\/div>\n.text:101594DD arg_0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = dword ptr\u00a0 4<\/code><\/div>\n.text:101594DD arg_4\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = dword ptr\u00a0 8<\/code><\/div>\n.text:101594DD<\/code><\/div>\n.text:101594DD\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 esi<\/code><\/div>\n.text:101594DE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 edi<\/code><\/div>\n.text:101594DF\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 158h\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; unsigned int<\/code><\/div>\n.text:101594E4\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 ??2@YAPAXI@Z\u00a0\u00a0\u00a0 ; operator new(uint)\u00a0 \u5206\u914d\u4e00\u4e2aOBJ\u5bf9\u8c61<\/code><\/div>\n<\/div>\neax=033784a8 ebx=033751c8 ecx=00000158 edx=03378608 esi=033751c8 edi=00000000<\/code><\/div>\neip=688494e9 esp=002ddd40 ebp=002de0c8 iopl=0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 nv up ei pl nz na po nc<\/code><\/div>\ncs=001b\u00a0 ss=0023\u00a0 ds=0023\u00a0 es=0023\u00a0 fs=003b\u00a0 gs=0000\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 efl=00000202<\/code><\/div>\nrt3d!QUAT::QUAT+0xcb8d:<\/code><\/div>\n688494e9 85c0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 test\u00a0\u00a0\u00a0 eax,eax<\/code><\/div>\n0:000> dd 033784a8+54<\/code><\/div>\n033784fc\u00a0 bf7fffff 00000000 00000000 00000000\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u521a\u7533\u8bf7\u65f6\u7684\u5185\u5b58\u91cc\u9762\u586b\u5145\u4e86\u968f\u673a\u7684\u6570\u636e<\/code><\/div>\n0337850c\u00a0 bf7fffff 00000000 3f7fffff 00000000<\/code><\/div>\n0337851c\u00a0 00000000 13000013 0029590f 0337f570<\/code><\/div>\n0337852c\u00a0 01fff998 00000001 00000003 00000000<\/code><\/div>\n0337853c\u00a0 00000001 00000001 00000002 00000006<\/code><\/div>\n0337854c\u00a0 00000004 00000001 00000000 00000002<\/code><\/div>\n0337855c\u00a0 00000008 00000000 00000000 00000001<\/code><\/div>\n0337856c\u00a0 00000002 00000009 00000001 00000001<\/code><\/div>\n<\/div>\n.text:101594E9\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 test\u00a0\u00a0\u00a0 eax, eax<\/code><\/div>\n.text:101594EB\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 edi, [esp+0Ch+arg_0]<\/code><\/div>\n.text:101594EF\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 pop\u00a0\u00a0\u00a0\u00a0 ecx<\/code><\/div>\n.text:101594F0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jz\u00a0\u00a0\u00a0\u00a0\u00a0 short loc_10159500<\/code><\/div>\n.text:101594F2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 dword ptr [edi+20h]<\/code><\/div>\n.text:101594F5\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ecx, eax<\/code><\/div>\n.text:101594F7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 sub_10158DF8<\/code><\/div>\n.text:101594FC\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 esi, eax<\/code><\/div>\n.text:101594FE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jmp\u00a0\u00a0\u00a0\u00a0 short loc_10159502<\/code><\/div>\n.text:10159500 ; ---------------------------------------------------------------------------<\/code><\/div>\n.text:10159500<\/code><\/div>\n.text:10159500 loc_10159500:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; CODE XREF: sub_101594DD+13j<\/code><\/div>\n.text:10159500\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xor\u00a0\u00a0\u00a0\u00a0 esi, esi<\/code><\/div>\n.text:10159502<\/code><\/div>\n.text:10159502 loc_10159502:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; CODE XREF: sub_101594DD+21j<\/code><\/div>\n.text:10159502\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 0<\/code><\/div>\n.text:10159504\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 [esp+0Ch+arg_4]<\/code><\/div>\n.text:10159508\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ecx, edi<\/code><\/div>\n.text:1015950A\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 esi<\/code><\/div>\n.text:1015950B\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 sub_10155AA3\u00a0\u00a0\u00a0\u00a0 \u4ece\u53c2\u6570\u4e00\u5bf9\u8c61\u4e2d\u76f4\u63a5\u62f7\u8d1d\u4e860x54\u504f\u79fb\u7684\u6210\u5458\u7ed9\u4e88\u8fd9\u4e2aOBJ\u00a0 \u56e0\u6b64\u6b64\u65f6\u9700\u8981\u8ffd\u8e2a\u8fd9\u4e2a\u53c2\u6570\u4e00\u5bf9\u8c61\u4ec0\u4e48\u65f6\u5019\u521d\u59cb\u5316\u7684+54\u504f\u79fb\u6210\u5458\u53d8\u91cf\uff0c\u800c\u8fd9\u4e2a\u53c2\u6570\u4e00 \u5c31\u662f 03373360 \uff0c\u56e0\u6b64\u731c\u6d4b\u4e5f\u662f\u4e00\u4e2aOBJ\u5bf9\u8c61<\/code><\/div>\n<\/div>\n.text:10159510\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 test\u00a0\u00a0\u00a0 eax, eax<\/code><\/div>\n.text:10159512\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jge\u00a0\u00a0\u00a0\u00a0 short loc_10159528<\/code><\/div>\n.text:10159514\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 test\u00a0\u00a0\u00a0 esi, esi<\/code><\/div>\n.text:10159516\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jz\u00a0\u00a0\u00a0\u00a0\u00a0 short loc_10159526<\/code><\/div>\n.text:10159518\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ecx, esi<\/code><\/div>\n.text:1015951A\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 sub_10155E10<\/code><\/div>\n.text:1015951F\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 esi\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; void *<\/code><\/div>\n.text:10159520\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 ??3@YAXPAX@Z\u00a0\u00a0\u00a0 ; operator delete(void *)<\/code><\/div>\n.text:10159525\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 pop\u00a0\u00a0\u00a0\u00a0 ecx<\/code><\/div>\n.text:10159526<\/code><\/div>\n.text:10159526 loc_10159526:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; CODE XREF: sub_101594DD+39j<\/code><\/div>\n.text:10159526\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xor\u00a0\u00a0\u00a0\u00a0 esi, esi<\/code><\/div>\n.text:10159528<\/code><\/div>\n.text:10159528 loc_10159528:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; CODE XREF: sub_101594DD+35j<\/code><\/div>\n.text:10159528\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 pop\u00a0\u00a0\u00a0\u00a0 edi<\/code><\/div>\n.text:10159529\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 eax, esi<\/code><\/div>\n.text:1015952B\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 pop\u00a0\u00a0\u00a0\u00a0 esi<\/code><\/div>\n.text:1015952C\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 retn\u00a0\u00a0\u00a0 8<\/code><\/div>\n.text:1015952C sub_101594DD\u00a0\u00a0\u00a0 endp<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\nRt3d!dll \/\/\u8fd9\u91cc\u8fdb\u884cOBJ\u5bf9\u8c61\u7684\u521d\u59cb\u5316 OBJ\u5bf9\u8c61\u5927\u5c0f0\u00d7158<\/p>\n
\n\n\n\n\n\n1<\/div>\n2<\/div>\n3<\/div>\n4<\/div>\n5<\/div>\n6<\/div>\n7<\/div>\n8<\/div>\n9<\/div>\n10<\/div>\n11<\/div>\n12<\/div>\n13<\/div>\n14<\/div>\n15<\/div>\n<\/td>\n \n\nint __thiscall sub_10158DF8(void *OBJ, int a2)<\/code><\/div>\n{<\/code><\/div>\n\u00a0\u00a0<\/code>int Temp_OBJ; \/\/ esi@1<\/code><\/div>\n<\/div>\n\u00a0\u00a0<\/code>Temp_OBJ = (int)OBJ;<\/code><\/div>\n\u00a0\u00a0<\/code>e3_OBJECT__e3_OBJECT(OBJ);<\/code><\/div>\n\u00a0\u00a0<\/code>*(_DWORD *)Temp_OBJ = &off_101DF9BC;<\/code><\/div>\n\u00a0\u00a0<\/code>e3_GENERIC__Init(Temp_OBJ, 0x158u);<\/code><\/div>\n\u00a0\u00a0<\/code>if ( a2 )<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>sub_1014D0F6(Temp_OBJ, a2);<\/code><\/div>\n\u00a0\u00a0<\/code>*(_DWORD *)(Temp_OBJ + 0x50) = 7;<\/code><\/div>\n\u00a0\u00a0<\/code>*(_BYTE *)(Temp_OBJ + 0x58) = 0;<\/code><\/div>\n\u00a0\u00a0<\/code>*(_BYTE *)(Temp_OBJ + 0x59) = 1;<\/code><\/div>\n\u00a0\u00a0<\/code>return Temp_OBJ;<\/code><\/div>\n}<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\u5728\u5206\u914dOBJ\u5bf9\u8c61\u4e4b\u540e \uff0c\u6b64\u65f6\u5728\u8fd9\u4e0b\u8bbf\u95ee\u65ad\u70b9ba w 1 03373360+0\u00d754<\/p>\n
\n\n\n\n\n\n1<\/div>\n2<\/div>\n3<\/div>\n4<\/div>\n5<\/div>\n6<\/div>\n7<\/div>\n8<\/div>\n9<\/div>\n10<\/div>\n11<\/div>\n12<\/div>\n13<\/div>\n14<\/div>\n15<\/div>\n16<\/div>\n17<\/div>\n18<\/div>\n19<\/div>\n20<\/div>\n21<\/div>\n22<\/div>\n23<\/div>\n24<\/div>\n25<\/div>\n26<\/div>\n27<\/div>\n28<\/div>\n29<\/div>\n30<\/div>\n31<\/div>\n32<\/div>\n33<\/div>\n34<\/div>\n35<\/div>\n36<\/div>\n37<\/div>\n38<\/div>\n39<\/div>\n40<\/div>\n41<\/div>\n42<\/div>\n<\/td>\n \n\naddchild<\/code><\/div>\nBreakpoint 9 hit<\/code><\/div>\neax=52520034 ebx=00717498 ecx=00747a70 edx=007479f0 esi=00000024 edi=03373360<\/code><\/div>\neip=69d9b785 esp=002dd4f8 ebp=01ff0708 iopl=0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 nv up ei pl zr na pe nc<\/code><\/div>\ncs=001b\u00a0 ss=0023\u00a0 ds=0023\u00a0 es=0023\u00a0 fs=003b\u00a0 gs=0000\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 efl=00000246<\/code><\/div>\n3difr!E3DLLFunc+0x94f5:<\/code><\/div>\n69d9b785 e86e460200\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 3difr!e3_SORTEDCOLLECTION::Create+0xc4 (69dbfdf8)\/\/\u4e0a\u4e00\u6761\u6307\u4ee4\u4fee\u6539\u4e8603373360+0x54<\/code><\/div>\n0:000> dd 03373360+54<\/code><\/div>\n033733b4\u00a0 52520034 56000100 00140337 00000000<\/code><\/div>\n033733c4\u00a0 00000000 00000000 69b00000 00300337<\/code><\/div>\n033733d4\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n033733e4\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n033733f4\u00a0 a7a00000 00000337 a8380000 00000337<\/code><\/div>\n03373404\u00a0 bef40000 00240329 00000000 00030000<\/code><\/div>\n03373414\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n03373424\u00a0 00000000 00000000 00000000 00000000<\/code><\/div>\n<\/div>\n.text:1000B759\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ecx, [esp+78h+var_5C]<\/code><\/div>\n.text:1000B75D\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 edi<\/code><\/div>\n.text:1000B75E\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 sub_10008780<\/code><\/div>\n.text:1000B763\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ebx, eax<\/code><\/div>\n.text:1000B765\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 eax, [esp+78h+var_60]<\/code><\/div>\n.text:1000B769\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 cmp\u00a0\u00a0\u00a0\u00a0 dword ptr [eax+18h], 1<\/code><\/div>\n.text:1000B76D\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jnz\u00a0\u00a0\u00a0\u00a0 short loc_1000B7B7<\/code><\/div>\n.text:1000B76F\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 test\u00a0\u00a0\u00a0 ebx, ebx<\/code><\/div>\n.text:1000B771\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jz\u00a0\u00a0\u00a0\u00a0\u00a0 short loc_1000B799<\/code><\/div>\n.text:1000B773\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 cmp\u00a0\u00a0\u00a0\u00a0 dword ptr [ebx], 1<\/code><\/div>\n.text:1000B776\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jnz\u00a0\u00a0\u00a0\u00a0 short loc_1000B799<\/code><\/div>\n.text:1000B778\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ecx, [ebx+4]<\/code><\/div>\n.text:1000B77B\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 edx, [esp+78h+var_58]<\/code><\/div>\n.text:1000B77F\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 eax, [ecx]<\/code><\/div>\n.text:1000B781\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 edx\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; void *<\/code><\/div>\n.text:1000B782\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 [edi+54h], eax<\/code><\/div>\n.text:1000B785\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 ??_V@YAXPAX@Z\u00a0\u00a0 ; operator delete[](void *)0:000> db ecx<\/code><\/div>\n00747a70\u00a0 34 00 52 52 52 00 80 3f-b7 48 9c 4a 64 4d 00 88\u00a0 4.RRR..?.H.JdM..<\/code><\/div>\n00747a80\u00a0 42 6f 78 30 31 52 58 00-a9 48 9c 4a 00 00 00 88\u00a0 Box01RX..H.J....<\/code><\/div>\n00747a90\u00a0 42 6f 78 30 31 52 58 00-ab 48 9c 4a 00 00 00 8c\u00a0 Box01RX..H.J....<\/code><\/div>\n00747aa0\u00a0 90 64 16 03 00 00 00 00-ad 48 9c 4a 00 00 00 8c\u00a0 .d.......H.J....<\/code><\/div>\n00747ab0\u00a0 e0 c6 36 03 58 e8 29 03-af 48 9c 4a 00 00 00 8c\u00a0 ..6.X.)..H.J....<\/code><\/div>\n00747ac0\u00a0 00 00 00 00 ec 41 0e 02-a1 48 9c 4a 00 00 00 88\u00a0 .....A...H.J....<\/code><\/div>\n00747ad0\u00a0 c0 63 16 03 f0 63 16 03-a3 48 9c 4a 64 4d 00 88\u00a0 .c...c...H.JdM..<\/code><\/div>\n00747ae0\u00a0 70 00 72 00 63 00 00 00-a5 48 9c 4a 00 00 00 88\u00a0 p.r.c....H.J....<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\u8fd9\u91cc\u7a81\u7136\u60f3\u5230\u4e86\u4e00\u4e2a\u8ddf\u8e2a\u6570\u636e\u6d41\u7684\u597d\u529e\u6cd5 \u5bf9\u4e8e\u5730\u5740\u4e0d\u56fa\u5b9a\u7684\u5806\u6765\u8bf4\uff08\u54c8\u54c8\uff09\u5229\u7528\u524d\u9762\u7684\u865a\u62df\u673a\u5feb\u7167 \u76f4\u63a5\u5bf9 00747a70 \u4e0b\u8bbf\u95ee\u65ad\u70b9ba w 1 00747a70 ba w 1 033684c8<\/p>\n
\u7b2c\u4e8c\u6b21\u65ad\u4e0b\u540e<\/p>\n
\n\n\n\n\n\n1<\/div>\n2<\/div>\n3<\/div>\n4<\/div>\n5<\/div>\n6<\/div>\n7<\/div>\n8<\/div>\n9<\/div>\n10<\/div>\n11<\/div>\n12<\/div>\n13<\/div>\n14<\/div>\n15<\/div>\n<\/td>\n \n\nAsm in 3difr<\/code><\/div>\n.text:100045CE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 edx\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; Src<\/code><\/div>\n.text:100045CF\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 eax\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; Dst<\/code><\/div>\n.text:100045D0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 [esp+34h+var_4], 0FFFFFFFFh<\/code><\/div>\n.text:100045D8\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 memcpy<\/code><\/div>\nedx\u6307\u5411<\/code><\/div>\n\/\/ 0337343a\u00a0 52 52 52 52 52 01 00 00-00 a6 04 a8 96 b9 3f c5\u00a0 RRRRR.........?.<\/code><\/div>\n\/\/ 0337344a\u00a0 43 b2 df 2a 31 b5 56 93-40 00 01 00 00 00 00 00\u00a0 C..*1.V.@.......<\/code><\/div>\n\/\/ 0337345a\u00a0 00 05 00 52 52 52 52 52-01 00 00 00 01 00 2e 01\u00a0 ...RRRRR........<\/code><\/div>\n\/\/ 0337346a\u00a0 00 76 00 00 00 00 45 ff-ff ff 23 00 00 00 00 00\u00a0 .v....E...#.....<\/code><\/div>\n\/\/ 0337347a\u00a0 00 00 09 00 43 43 43 43-42 6f 78 30 31 02 00 00\u00a0 ....CCCCBox01...<\/code><\/div>\n\/\/ 0337348a\u00a0 00 00 00 00 00 01 00 00-00 00 00 00 00 06 00 42\u00a0 ...............B<\/code><\/div>\n\/\/ 0337349a\u00a0 6f 02 00 00 00 00 16 ff-ff ff 30 00 00 00 00 00\u00a0 o.........0.....<\/code><\/div>\n\/\/ 033734aa\u00a0 00 00 01 00 52 01 00 00-00 a6 04 a8 96 b9 3f c5\u00a0 ....R.........?.<\/code><\/div>\n\u62f7\u8d1d\u957f\u5ea6\u662f0x5<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\u5728\u7ee7\u7eed<\/p>\n
\n\n\n\n\n\n1<\/div>\n2<\/div>\n3<\/div>\n4<\/div>\n5<\/div>\n6<\/div>\n7<\/div>\n8<\/div>\n9<\/div>\n10<\/div>\n11<\/div>\n12<\/div>\n13<\/div>\n14<\/div>\n15<\/div>\n16<\/div>\n17<\/div>\n18<\/div>\n19<\/div>\n20<\/div>\n21<\/div>\n22<\/div>\n23<\/div>\n24<\/div>\n25<\/div>\n26<\/div>\n27<\/div>\n28<\/div>\n29<\/div>\n30<\/div>\n<\/td>\n \n\n0:000 g<\/code><\/div>\nBreakpoint 9 hit<\/code><\/div>\n0:000> r<\/code><\/div>\neax=00550034 ebx=0000001a ecx=00000056 edx=00000055 esi=00776940 edi=00747a68<\/code><\/div>\neip=77262d75 esp=002dd41c ebp=002dd450 iopl=0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ov up ei pl nz na po nc<\/code><\/div>\ncs=001b\u00a0 ss=0023\u00a0 ds=0023\u00a0 es=0023\u00a0 fs=003b\u00a0 gs=0000\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 efl=00000a02<\/code><\/div>\nntdll!RtlpLowFragHeapFree+0xa6:<\/code><\/div>\n77262d75 2b7df4\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sub\u00a0\u00a0\u00a0\u00a0 edi,dword ptr [ebp-0Ch] ss:0023:002dd444=007478a8<\/code><\/div>\n0:000> kb<\/code><\/div>\nChildEBP RetAddr\u00a0 Args to Child<\/code><\/div>\n002dd450 77262ce8 00747a70 00717570 00000000 ntdll!RtlpLowFragHeapFree+0xa6 \/\/00747a70\u6307\u5411\u7684\u5185\u5b58\u88ab\u91ca\u653e<\/code><\/div>\n002dd468 757cc3d4 007e0000 00000000 00747a70 ntdll!RtlFreeHeap+0x105<\/code><\/div>\n002dd47c 71664c39 007e0000 00000000 00747a70 kernel32!HeapFree+0x14<\/code><\/div>\n002dd4c8 69da181d 00747a70 00000000 002dde98 MSVCR80!free+0xcd<\/code><\/div>\nWARNING: Stack unwind information not available. Following frames may be wrong.<\/code><\/div>\n002dd518 69d9372b 00000000 002dde98 00000002 3difr!E3DLLFunc+0xf58d<\/code><\/div>\n002dd530 69da039a 002dde90 176fc977 002dde90 3difr!E3DLLFunc+0x149b<\/code><\/div>\n002dd550 77262fe7 77262e82 00000020 176fc953 3difr!E3DLLFunc+0xe10a<\/code><\/div>\n002dd5d4 687219e8 03373360 0000017c 69d92f36 ntdll!RtlpLowFragHeapAllocFromContext+0xaec<\/code><\/div>\n00000000 00000000 00000000 00000000 00000000 rt3d!V4CUnloadRT+0x2b278<\/code><\/div>\n\u6b64\u65f6<\/code><\/div>\n0:000> dd 00747a70<\/code><\/div>\n00747a70\u00a0 52520034 3f800052 4a9c48b7 88004d64<\/code><\/div>\n00747a80\u00a0 30786f42 00585231 4a9c48a9 88000000<\/code><\/div>\n00747a90\u00a0 30786f42 00585231 4a9c48ab 8c000000<\/code><\/div>\n00747aa0\u00a0 03166490 00000000 4a9c48ad 8c000000<\/code><\/div>\n00747ab0\u00a0 0336c6e0 0329e858 4a9c48af 8c000000<\/code><\/div>\n00747ac0\u00a0 00000000 020e41ec 4a9c48a1 88000000<\/code><\/div>\n00747ad0\u00a0 031663c0 031663f0 4a9c48a3 88004d64<\/code><\/div>\n00747ae0\u00a0 00720070 00000063 4a9c48a5 88000000<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\u5185\u5b58\u91ca\u653e\u6389\u4e4b\u540e \u4e0b\u9762\u53c8\u91cd\u65b0\u7533\u8bf7\u4e86\u8fd9\u4e2a\u5730\u65b9\u7684\u5185\u5b5800747a70<\/p>\n
\n\n\n\n\n\n1<\/div>\n2<\/div>\n3<\/div>\n4<\/div>\n5<\/div>\n6<\/div>\n7<\/div>\n8<\/div>\n9<\/div>\n10<\/div>\n11<\/div>\n12<\/div>\n13<\/div>\n14<\/div>\n15<\/div>\n16<\/div>\n17<\/div>\n18<\/div>\n19<\/div>\n20<\/div>\n21<\/div>\n22<\/div>\n23<\/div>\n24<\/div>\n25<\/div>\n26<\/div>\n27<\/div>\n28<\/div>\n29<\/div>\n30<\/div>\n31<\/div>\n32<\/div>\n33<\/div>\n34<\/div>\n35<\/div>\n36<\/div>\n37<\/div>\n38<\/div>\n39<\/div>\n40<\/div>\n41<\/div>\n42<\/div>\n43<\/div>\n44<\/div>\n45<\/div>\n46<\/div>\n47<\/div>\n48<\/div>\n49<\/div>\n50<\/div>\n51<\/div>\n52<\/div>\n53<\/div>\n54<\/div>\n55<\/div>\n56<\/div>\n<\/td>\n \n\n10009DEB\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 or\u00a0\u00a0\u00a0\u00a0\u00a0 ecx, eax<\/code><\/div>\n.text:10009DED\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 ecx\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; unsigned int<\/code><\/div>\n.text:10009DEE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 j_??2@YAPAXI@Z\u00a0 ; operator new(uint)<\/code><\/div>\n.text:10009DF3\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 add\u00a0\u00a0\u00a0\u00a0 esp, 4<\/code><\/div>\n.text:10009DF6\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 test\u00a0\u00a0\u00a0 esi, esi<\/code><\/div>\n.text:10009DF8\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 [ebp+4], eax\u00a0\u00a0\u00a0\u00a0 \/\/eax = 00747a70<\/code><\/div>\n.text:10009DFB\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jbe\u00a0\u00a0\u00a0\u00a0 loc_10009E89<\/code><\/div>\n.text:10009E01<\/code><\/div>\n.text:10009E01 loc_10009E01:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; CODE XREF: sub_10009D00+183j<\/code><\/div>\n.text:10009E01\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 1<\/code><\/div>\n.text:10009E03\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 4<\/code><\/div>\n.text:10009E05\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ecx, edi<\/code><\/div>\n.text:10009E07\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 sub_10002A00<\/code><\/div>\n.text:10009E0C\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 test\u00a0\u00a0\u00a0 eax, eax<\/code><\/div>\n.text:10009E0E\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jz\u00a0\u00a0\u00a0\u00a0\u00a0 short loc_10009E7E<\/code><\/div>\n.text:10009E10\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 eax, [eax]<\/code><\/div>\n.text:10009E12\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 test\u00a0\u00a0\u00a0 eax, eax<\/code><\/div>\n.text:10009E14\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jbe\u00a0\u00a0\u00a0\u00a0 short loc_10009E7E<\/code><\/div>\n.text:10009E16\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 [esp+28h+var_10], eax<\/code><\/div>\n.text:10009E1A\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lea\u00a0\u00a0\u00a0\u00a0 ebx, [ebx+0]<\/code><\/div>\n.text:10009E20<\/code><\/div>\n.text:10009E20 loc_10009E20:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; CODE XREF: sub_10009D00+178j<\/code><\/div>\n.text:10009E20\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ecx, edi<\/code><\/div>\n.text:10009E22\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 sub_10004520<\/code><\/div>\n.text:10009E27\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 esi, eax<\/code><\/div>\n.text:10009E29\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 eax, [esi]<\/code><\/div>\n.text:10009E2B\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 test\u00a0\u00a0\u00a0 eax, eax<\/code><\/div>\n.text:10009E2D\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jz\u00a0\u00a0\u00a0\u00a0\u00a0 short loc_10009E34<\/code><\/div>\n.text:10009E2F\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 cmp\u00a0\u00a0\u00a0\u00a0 byte ptr [eax], 0<\/code><\/div>\n.text:10009E32\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jnz\u00a0\u00a0\u00a0\u00a0 short loc_10009E38<\/code><\/div>\n.text:10009E34<\/code><\/div>\n.text:10009E34 loc_10009E34:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; CODE XREF: sub_10009D00+12Dj<\/code><\/div>\n.text:10009E34\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xor\u00a0\u00a0\u00a0\u00a0 eax, eax<\/code><\/div>\n.text:10009E36\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jmp\u00a0\u00a0\u00a0\u00a0 short loc_10009E45<\/code><\/div>\n.text:10009E38 ; ---------------------------------------------------------------------------<\/code><\/div>\n.text:10009E38<\/code><\/div>\n.text:10009E38 loc_10009E38:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; CODE XREF: sub_10009D00+132j<\/code><\/div>\n.text:10009E38\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 eax, [esi+4]<\/code><\/div>\n.text:10009E3B\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; float<\/code><\/div>\n.text:10009E3D\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 eax\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; wchar_t *<\/code><\/div>\n.text:10009E3E\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ecx, edi<\/code><\/div>\n.text:10009E40\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 sub_100084B0<\/code><\/div>\n.text:10009E45<\/code><\/div>\n.text:10009E45 loc_10009E45:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; CODE XREF: sub_10009D00+136j<\/code><\/div>\n.text:10009E45\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ecx, [ebp+4]<\/code><\/div>\n.text:10009E48\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 [ecx+ebx*4], eax<\/code><\/div>\n.text:10009E4B\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 eax, [esi]<\/code><\/div>\n.text:10009E4D\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 test\u00a0\u00a0\u00a0 eax, eax<\/code><\/div>\n.text:10009E4F\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jz\u00a0\u00a0\u00a0\u00a0\u00a0 short loc_10009E5A<\/code><\/div>\n.text:10009E51\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 eax\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; void *<\/code><\/div>\n.text:10009E52\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call\u00a0\u00a0\u00a0 ??_V@YAXPAX@Z\u00a0\u00a0 ; operator delete[](void *)<\/code><\/div>\n.text:10009E57\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 add\u00a0\u00a0\u00a0\u00a0 esp, 4<\/code><\/div>\n.text:10009E5A<\/code><\/div>\n.text:10009E5A loc_10009E5A:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; CODE XREF: sub_10009D00+14Fj<\/code><\/div>\n.text:10009E5A\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 eax, [esi+4]<\/code><\/div>\n.text:10009E5D\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 test\u00a0\u00a0\u00a0 eax, eax<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n\n\n\n1<\/div>\n2<\/div>\n3<\/div>\n4<\/div>\n5<\/div>\n6<\/div>\n7<\/div>\n8<\/div>\n9<\/div>\n10<\/div>\n11<\/div>\n12<\/div>\n13<\/div>\n14<\/div>\n15<\/div>\n16<\/div>\n17<\/div>\n18<\/div>\n19<\/div>\n20<\/div>\n21<\/div>\n22<\/div>\n23<\/div>\n24<\/div>\n25<\/div>\n26<\/div>\n27<\/div>\n28<\/div>\n29<\/div>\n30<\/div>\n31<\/div>\n32<\/div>\n<\/td>\n \n\nc in 3difi<\/code><\/div>\n<\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>v10 = sub_10002A00(4, 1);<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>if ( v10 )<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>{<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>v11 = *(_DWORD *)v10;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 v10=03373493<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>if ( v11 )\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/\/\u8fd9\u91ccv11=0 \u76f4\u63a5\u8df3\u8fc7\u4e86\u521d\u59cb\u5316 \u5bfc\u81f4\u540e\u9762\u4f7f\u7528\u4e86\u5df2\u7ecf\u91ca\u653e\u6389\u7684\u5185\u5b58<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>{<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>v18 = v11;<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>do<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>{<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>v14 = sub_10004520(v2);<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>v13 = v14;<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>v12 = *(_DWORD *)v14;<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>if ( v12 && *(_BYTE *)v12 )<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>v15 = sub_100084B0(*(wchar_t **)(v13 + 4), 0.0);<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>else<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>v15 = 0;<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>*(_DWORD *)(*(_DWORD *)(v5 + 4) + 4 * v1) = v15;\/\/ \u8fd9\u91cc\u521d\u59cb\u5316\u521a\u521a\u5206\u914d\u7684\u5185\u5b58<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>if ( *(_DWORD *)v13 )<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>operator delete__(*(void **)v13);<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>if ( *(_DWORD *)(v13 + 4) )<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>operator delete__(*(void **)(v13 + 4));<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>operator delete((void *)v13);<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>}<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>while ( v18-- != 1 );<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>v7 = v17;<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>}<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>}<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code>++v1;<\/code><\/div>\n\u00a0\u00a0\u00a0\u00a0<\/code>}<\/code><\/div>\nwhile ( v1 < v7 );<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\nSummary\u00a0<\/strong>
\n\u4ece\u4e0a\u9762\u7684\u5206\u6790\u53ef\u4ee5\u77e5\u9053\uff0c\u6f0f\u6d1e\u6210\u56e0\u662f\u5bf9\u65b0\u5206\u914d\u7684\u5185\u5b58\u6ca1\u6709\u6b63\u786e\u7684\u521d\u59cb\u5316\uff0c\u5bfc\u81f4\u91cd\u7528\u4e86\u4e4b\u524d\u5206\u914d\u7684\u5185\u5b58\u7a7a\u95f4\uff0c\u800c\u521a\u597d\u4e4b\u524d\u5206\u914d\u7684\u5185\u5b58\u7a7a\u95f4\u7684\u6570\u636e\u6765\u81ea\u6587\u4ef6offset =0\u00d710a \u3002\u800c\u672a\u521d\u59cb\u5316\u7684\u53d8\u91cf\u521a\u597d\u662f\u67d0\u4e2a\u5bf9\u8c61\u7684\u9996\u5730\u5740\uff0c\u4ece\u800c\u6709\u673a\u4f1a\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002<\/p>\n
The Final Reason<\/strong><\/p>\n
\u8fd9\u91cc\u5206\u6790\u4e3a\u4ec0\u4e48\u4e0a\u9762\u7684\u521d\u59cb\u5316\u88ab\u7ed5\u8fc7
\n\u5bf910002A00\u51fd\u6570\u4e0b\u65ad\u70b9
\nBu !3difr+2a00<\/p>\n
\n\n\n\n\n\n1<\/div>\n2<\/div>\n3<\/div>\n4<\/div>\n5<\/div>\n6<\/div>\n7<\/div>\n8<\/div>\n9<\/div>\n10<\/div>\n11<\/div>\n12<\/div>\n13<\/div>\n14<\/div>\n15<\/div>\n16<\/div>\n17<\/div>\n18<\/div>\n19<\/div>\n20<\/div>\n21<\/div>\n22<\/div>\n23<\/div>\n24<\/div>\n25<\/div>\n26<\/div>\n27<\/div>\n28<\/div>\n29<\/div>\n30<\/div>\n31<\/div>\n32<\/div>\n33<\/div>\n34<\/div>\n35<\/div>\n36<\/div>\n37<\/div>\n38<\/div>\n39<\/div>\n40<\/div>\n41<\/div>\n42<\/div>\n<\/td>\n \n\neax=00747a70 ebx=00000000 ecx=002dde98 edx=00680048 esi=00000001 edi=002dde98<\/code><\/div>\neip=69d92a00 esp=002dd4e8 ebp=00717498 iopl=0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 nv up ei pl nz na po nc<\/code><\/div>\ncs=001b\u00a0 ss=0023\u00a0 ds=0023\u00a0 es=0023\u00a0 fs=003b\u00a0 gs=0000\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 efl=00000202<\/code><\/div>\n3difr!E3DLLFunc+0x770:<\/code><\/div>\n69d92a00 56\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0\u00a0 esi<\/code><\/div>\n0:000> dd ecx+40<\/code><\/div>\n002dded8\u00a0 00000133 00000000 ffffff14 0000017c\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/\/133\u662f\u504f\u79fb<\/code><\/div>\n002ddee8\u00a0 0000011c 00000000 00000001 031ea1b8<\/code><\/div>\n002ddef8\u00a0 03299108 03298c28 03372378 033723a8<\/code><\/div>\n002ddf08\u00a0 033723d8 03372408 03372438 0329be18<\/code><\/div>\n002ddf18\u00a0 0329be58 00000000 00000000 031ea398<\/code><\/div>\n002ddf28\u00a0 00000000 002de6e0 69dc0deb 00000000<\/code><\/div>\n002ddf38\u00a0 6887e073 00000001 002de678 0336b970<\/code><\/div>\n002ddf48\u00a0 03363920 00000001 002de678 0336b970<\/code><\/div>\n0:000> dd ecx+34<\/code><\/div>\n002ddecc\u00a0 03373360 ffffff45 00000024 00000133\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/\/03373360 \u6307\u5411\u6587\u4ef6\u4e2doffset=30h<\/code><\/div>\n002ddedc\u00a0 00000000 ffffff14 0000017c 0000011c<\/code><\/div>\n002ddeec\u00a0 00000000 00000001 031ea1b8 03299108<\/code><\/div>\n002ddefc\u00a0 03298c28 03372378 033723a8 033723d8<\/code><\/div>\n002ddf0c\u00a0 03372408 03372438 0329be18 0329be58<\/code><\/div>\n002ddf1c\u00a0 00000000 00000000 031ea398 00000000<\/code><\/div>\n002ddf2c\u00a0 002de6e0 69dc0deb 00000000 6887e073<\/code><\/div>\n002ddf3c\u00a0 00000001 002de678 0336b970 033639200:000><\/code><\/div>\n0:000> db 03373360<\/code><\/div>\n03373360\u00a0 09 00 43 43 43 43 42 6f-78 30 31 00 00 00 00 00\u00a0 ..CCCCBox01.....<\/code><\/div>\n03373370\u00a0 00 00 00 00 05 00 00 00-22 ff ff ff 5e 00 00 00\u00a0 ........\"...^...<\/code><\/div>\n03373380\u00a0 00 00 00 00 09 00 43 43-43 43 42 6f 78 30 31 01\u00a0 ......CCCCBox01.<\/code><\/div>\n03373390\u00a0 00 00 00 00 00 00 00 81-3f 00 00 00 00 00 00 00\u00a0 ........?.......<\/code><\/div>\n033733a0\u00a0 00 00 00 00 00 00 00 00-00 00 00 81 3f 00 00 00\u00a0 ............?...<\/code><\/div>\n033733b0\u00a0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 81\u00a0 ................<\/code><\/div>\n033733c0\u00a0 3f 00 00 00 00 54 8a 55-c0 a2 02 7c c2 00 00 00\u00a0 ?....T.U...|....<\/code><\/div>\n033733d0\u00a0 00 00 00 81 3f 07 00 42-6f 78 30 31 52 58 01 00\u00a0 ....?..Box01RX..<\/code><\/div>\n<\/div>\n0:000> db 03373360 +133<\/code><\/div>\n03373493\u00a0 00 00 00 00 06 00 42 6f-02 00 00 00 00 16 ff ff\u00a0 ......Bo........<\/code><\/div>\n033734a3\u00a0 ff 30 00 00 00 00 00 00-00 01 00 52 01 00 00 00\u00a0 .0.........R....<\/code><\/div>\n033734b3\u00a0 a6 04 a8 96 b9 3f c5 43-b2 df 2a 31 b5 56 93 40\u00a0 .....?.C..*1.V.@<\/code><\/div>\n033734c3\u00a0 00 01 00 00 00 00 00 00-01 00 52 01 00 00 00 01\u00a0 ..........R.....<\/code><\/div>\n033734d3\u00a0 00 2e 01 00 76 00 00 00-00 00 00 00 00 00 00 00\u00a0 ....v...........<\/code><\/div>\n033734e3\u00a0 00 00 00 00 00 ee 0d f6-58 2d 59 29 08 80 2e 35\u00a0 ........X-Y)...5<\/code><\/div>\n033734f3\u00a0 03 68 f0 2c 03 0c 00 00-00 c0 d0 e0 f0 98 66 b6\u00a0 .h.,..........f.<\/code><\/div>\n03373503\u00a0 49 00 00 00 80 1e 00 00-00 00 00 00 00 05 00 04\u00a0 I...............<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/a><\/p>\n
\u5c06shader_list_count\u6539\u62101 \u53d1\u73b0\u6f0f\u6d1e\u5c31\u4e0d\u89e6\u53d1\u4e86\uff0c\u4e0a\u9762\u90a3\u5730\u65b9\u5c31\u53ef\u4ee5\u6b63\u5e38\u521d\u59cb\u5316\u4e86\u3002<\/p>\n
010\u68c0\u6d4b\u8be5\u6f0f\u6d1e
\nShader_list_count!=0
\nSls.shader_count=0<\/p>\n
Exploit<\/strong>
\n\u81ea\u5df1\u5206\u6790\u53bb<\/p>\n
POC<\/strong>
\nREF http:\/\/www.9bplus.com\/file\/tester.pdf<\/p>\n
 <\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
\u6765\u6e90\uff1ahttp:\/\/blog.vulnhunt.com\/index.php\/20 …<\/p>\n
\u7ee7\u7eed\u9605\u8bfb »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[177],"class_list":["post-772","post","type-post","status-publish","format-standard","hentry","tag-177"],"views":1838,"_links":{"self":[{"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/posts\/772","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/comments?post=772"}],"version-history":[{"count":0,"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/posts\/772\/revisions"}],"wp:attachment":[{"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/media?parent=772"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/categories?post=772"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/tags?post=772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}