代码拉取完成,页面将自动刷新
同步操作将从 chengciming/wechatPc 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
小号
wxid_vju0phxgdhgp22
大号
Lemonice-cheng
能强
wxid_sbrnzc86ibft22
资料:
hook基址:441894
call 54594B70
0f080000
0F4F7A37 8945 EC mov dword ptr ss:[ebp-0x14],eax
0F4F7A3A C745 F0 0000000>mov dword ptr ss:[ebp-0x10],0x0
0F4F7A41 FF15 34722710 call dword ptr ds:[<&KERNEL32.EnterCriti>; ntdll.RtlEnterCriticalSection
0F4F7A47 8D45 08 lea eax,dword ptr ss:[ebp+0x8]
0F4F7A4A C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
0F4F7A4E 8D9E 84000000 lea ebx,dword ptr ds:[esi+0x84]
0F4F7A54 50 push eax
0F4F7A55 8BCB mov ecx,ebx
0F4F7A57 E8 449EBDFF call WeChatWi.0F0D18A0
0F4F7A5C 8BF0 mov esi,eax
0F4F7A5E 3B33 cmp esi,dword ptr ds:[ebx]
0F4F7A60 74 1F je short WeChatWi.0F4F7A81
0F4F7A62 8B46 10 mov eax,dword ptr ds:[esi+0x10]
0F4F7A65 85C0 test eax,eax
0F4F7A67 74 06 je short WeChatWi.0F4F7A6F
0F4F7A69 66:8338 00 cmp word ptr ds:[eax],0x0
0F4F7A6D 75 05 jnz short WeChatWi.0F4F7A74
0F4F7A6F B8 A0A64910 mov eax,WeChatWi.1049A6A0
0F4F7A74 50 push eax
0F4F7A75 8D4D 08 lea ecx,dword ptr ss:[ebp+0x8]
//hook下面这行
0F4F7A78 E8 D3540600 call WeChatWi.0F55CF50
0F4F7A7D 85C0 test eax,eax
头像:
基址:57320000
5747B751 8BEC mov ebp,esp
5747B753 6A FF push -0x1
5747B755 68 6F7F1558 push WeChatWi.58157F6F
5747B75A 64:A1 00000000 mov eax,dword ptr fs:[0]
5747B760 50 push eax
5747B761 83EC 08 sub esp,0x8
5747B764 53 push ebx
5747B765 56 push esi
5747B766 57 push edi
5747B767 A1 C4805258 mov eax,dword ptr ds:[0x585280C4]
5747B76C 33C5 xor eax,ebp
5747B76E 50 push eax
5747B76F 8D45 F4 lea eax,dword ptr ss:[ebp-0xC]
5747B772 64:A3 00000000 mov dword ptr fs:[0],eax
5747B778 8BF9 mov edi,ecx
5747B77A 8B75 0C mov esi,dword ptr ss:[ebp+0xC]
5747B77D 8D87 54010000 lea eax,dword ptr ds:[edi+0x154]
5747B783 50 push eax
5747B784 56 push esi
5747B785 8D87 80040000 lea eax,dword ptr ds:[edi+0x480]
5747B78B 50 push eax
5747B78C FF15 ACC72058 call dword ptr ds:[<&USER32.IntersectRec>; user32.IntersectRect
5747B792 85C0 test eax,eax
5747B794 0F84 ED010000 je WeChatWi.5747B987
5747B79A 56 push esi
5747B79B 8B75 08 mov esi,dword ptr ss:[ebp+0x8]
5747B79E 8BCF mov ecx,edi
5747B7A0 56 push esi
5747B7A1 E8 2C7D5800 call WeChatWi.57A034D2
5747B7A6 8D45 EC lea eax,dword ptr ss:[ebp-0x14]
5747B7A9 6A 00 push 0x0
5747B7AB 50 push eax
5747B7AC E8 1F719200 call WeChatWi.57DA28D0
5747B7B1 A1 B8DF5858 mov eax,dword ptr ds:[0x5858DFB8]
5747B7B6 83C4 08 add esp,0x8
5747B7B9 85C0 test eax,eax
5747B7BB 75 27 jnz short WeChatWi.5747B7E4
5747B7BD 6A 3C push 0x3C
5747B7BF E8 26F58E00 call WeChatWi.57D6ACEA
5747B7C4 83C4 04 add esp,0x4
5747B7C7 8945 0C mov dword ptr ss:[ebp+0xC],eax
5747B7CA 8BC8 mov ecx,eax
5747B7CC C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
5747B7D3 E8 180A0000 call WeChatWi.5747C1F0
5747B7D8 C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
5747B7DF A3 B8DF5858 mov dword ptr ds:[0x5858DFB8],eax
5747B7E4 8D9F 4C090000 lea ebx,dword ptr ds:[edi+0x94C]
5747B7EA 8BC8 mov ecx,eax
5747B7EC 53 push ebx
5747B7ED E8 5E270000 call WeChatWi.5747DF50
5747B7F2 84C0 test al,al
5747B7F4 0F85 0C010000 jnz WeChatWi.5747B906
5747B7FA 837B 04 00 cmp dword ptr ds:[ebx+0x4],0x0
5747B7FE 0F9EC0 setle al
5747B801 84C0 test al,al
5747B803 0F85 FD000000 jnz WeChatWi.5747B906
5747B809 83BF D8090000 0>cmp dword ptr ds:[edi+0x9D8],0x0
5747B810 7F 37 jg short WeChatWi.5747B849
5747B812 8D87 88090000 lea eax,dword ptr ds:[edi+0x988]
5747B818 50 push eax
5747B819 8D8F D4090000 lea ecx,dword ptr ds:[edi+0x9D4]
5747B81F 53 push ebx
5747B820 51 push ecx
5747B821 E8 9AE5F7FF call WeChatWi.573F9DC0
5747B826 8BC8 mov ecx,eax
5747B828 E8 F3FC1400 call WeChatWi.575CB520
5747B82D 84C0 test al,al
5747B82F 74 18 je short WeChatWi.5747B849
5747B831 83EC 08 sub esp,0x8
5747B834 8D87 D4090000 lea eax,dword ptr ds:[edi+0x9D4]
5747B83A 8BCC mov ecx,esp
5747B83C 50 push eax
5747B83D E8 BE473200 call WeChatWi.577A0000 ; 调用这行后,取ebx
5747B842 8BCF mov ecx,edi
5747B844 E8 97FBFFFF call WeChatWi.5747B3E0
5747B849 83BF E0090000 0>cmp dword ptr ds:[edi+0x9E0],0x0
5747B850 0F8F B0000000 jg WeChatWi.5747B906
5747B856 80BF CC090000 0>cmp byte ptr ds:[edi+0x9CC],0x0
5747B85D 0F84 A3000000 je WeChatWi.5747B906
5747B863 E8 4847EFFF call WeChatWi.5736FFB0
5747B868 8BCB mov ecx,ebx
5747B86A E8 E17E1100 call WeChatWi.57593750
5747B86F 84C0 test al,al
5747B871 0F85 8F000000 jnz WeChatWi.5747B906
5747B877 0F1005 D03D3258 movups xmm0,dqword ptr ds:[0x58323DD0]
5747B87E 83EC 10 sub esp,0x10
5747B881 8DB7 9C090000 lea esi,dword ptr ds:[edi+0x99C]
5747B887 8BC4 mov eax,esp
5747B889 8BCE mov ecx,esi
5747B88B 83EC 10 sub esp,0x10
5747B88E 0F1100 movups dqword ptr ds:[eax],xmm0
5747B891 8BC4 mov eax,esp
5747B893 83EC 10 sub esp,0x10
5747B896 0F1100 movups dqword ptr ds:[eax],xmm0
5747B899 8BC4 mov eax,esp
5747B89B 83EC 10 sub esp,0x10
5747B89E 0F1100 movups dqword ptr ds:[eax],xmm0
5747B8A1 8BC4 mov eax,esp
5747B8A3 0F1100 movups dqword ptr ds:[eax],xmm0
5747B8A6 E8 C5D0EFFF call WeChatWi.57378970
5747B8AB 83EC 10 sub esp,0x10
5747B8AE 8BCC mov ecx,esp
5747B8B0 C601 02 mov byte ptr ds:[ecx],0x2
5747B8B3 8941 08 mov dword ptr ds:[ecx+0x8],eax
5747B8B6 8BCB mov ecx,ebx
5747B8B8 E8 B3D0EFFF call WeChatWi.57378970
5747B8BD 83EC 10 sub esp,0x10
5747B8C0 BA 58C43658 mov edx,WeChatWi.5836C458 ; ASCII "01_ui\common\HeadImgUI.cpp"
5747B8C5 8BCC mov ecx,esp
5747B8C7 68 1CC53658 push WeChatWi.5836C51C ; ASCII "DoPaint user: %s, url: %s"
5747B8CC 68 A8C43658 push WeChatWi.5836C4A8 ; ASCII "HeadImgUI"
5747B8D1 C601 02 mov byte ptr ds:[ecx],0x2
5747B8D4 8941 08 mov dword ptr ds:[ecx+0x8],eax
5747B8D7 B9 02000000 mov ecx,0x2
5747B8DC 68 D4C43658 push WeChatWi.5836C4D4 ; ASCII "HeadImgUI::DoPaint"
5747B8E1 68 1B010000 push 0x11B
5747B8E6 E8 55533200 call WeChatWi.577A0C40
5747B8EB 83C4 6C add esp,0x6C
5747B8EE 8D87 DC090000 lea eax,dword ptr ds:[edi+0x9DC]
5747B8F4 56 push esi
5747B8F5 53 push ebx
5747B8F6 50 push eax
5747B8F7 E8 C4E4F7FF call WeChatWi.573F9DC0
5747B8FC 8BC8 mov ecx,eax
5747B8FE E8 2D101500 call WeChatWi.575CC930
5747B903 8B75 08 mov esi,dword ptr ss:[ebp+0x8]
5747B906 80BF E4090000 0>cmp byte ptr ds:[edi+0x9E4],0x0
5747B90D 74 44 je short WeChatWi.5747B953
5747B90F 83EC 08 sub esp,0x8
5747B912 8BF4 mov esi,esp
5747B914 C706 00000000 mov dword ptr ds:[esi],0x0
5747B91A C746 04 0000000>mov dword ptr ds:[esi+0x4],0x0
5747B921 8B87 D4090000 mov eax,dword ptr ds:[edi+0x9D4]
5747B927 8B9F D8090000 mov ebx,dword ptr ds:[edi+0x9D8]
5747B92D 8945 0C mov dword ptr ss:[ebp+0xC],eax
5747B930 85C0 test eax,eax
5747B932 74 1A je short WeChatWi.5747B94E
5747B934 85DB test ebx,ebx
5747B936 7E 16 jle short WeChatWi.5747B94E
5747B938 53 push ebx
5747B939 8BCE mov ecx,esi
5747B93B E8 D0473200 call WeChatWi.577A0110
5747B940 53 push ebx
5747B941 FF75 0C push dword ptr ss:[ebp+0xC]
5747B944 FF36 push dword ptr ds:[esi]
5747B946 E8 65E5C800 call WeChatWi.58109EB0
5747B94B 83C4 0C add esp,0xC
5747B94E FF75 08 push dword ptr ss:[ebp+0x8]
个人ebx
036FF85C 0AFD6E28 UNICODE "wxid_8du0u27rttry22"
036FF860 00000013
036FF864 00000020
036FF868 00000000
036FF86C 00000000
036FF870 00000000
036FF874 00000000
036FF878 00000000
036FF87C 00000000
036FF880 00000000
036FF884 00000000
036FF888 00000000
036FF88C 00000000
036FF890 00000000
036FF894 00000000
036FF898 0AED82C8 UNICODE "http://wx.qlogo.cn/mmhead/ver_1/iaozoXP9ibb2XMWbH6"
036FF89C 00000094
036FF8A0 00000100
036FF8A4 00000000
036FF8A8 00000000
036FF8AC 0AED7E78 UNICODE "http://wx.qlogo.cn/mmhead/ver_1/iaozoXP9ibb2XMWbH6"
036FF8B0 00000092
036FF8B4 00000100
036FF8B8 00000000
036FF8BC 00000000
036FF8C0 0ADB4DCC
036FF8C4 00000000
036FF8C8 00000000
036FF8CC 00000000
036FF8D0 00000000
036FF8D4 00000000
036FF8D8 00000003
群ebx
036F4F34 0AFD7198 UNICODE "9199093107@chatroom"
036F4F38 00000013
036F4F3C 00000020
036F4F40 00000000
036F4F44 00000000
036F4F48 00000000
036F4F4C 00000000
036F4F50 00000000
036F4F54 00000000
036F4F58 00000000
036F4F5C 00000000
036F4F60 00000000
036F4F64 00000000
036F4F68 00000000
036F4F6C 00000000
036F4F70 0AEDA998 UNICODE "http://wx.qlogo.cn/mmcrhead/xxib5HEohdRiaO26jEOkqq"
036F4F74 00000084
036F4F78 00000100
036F4F7C 00000000
036F4F80 00000000
036F4F84 00000000
036F4F88 00000000
036F4F8C 00000000
036F4F90 00000000
036F4F94 00000000
036F4F98 0ADB4DCC
036F4F9C 00000000
036F4FA0 00000000
036F4FA4 00000000
036F4FA8 00000000
036F4FAC 00000000
036F4FB0 00000003
公众号ebx
0AE05934 02ED4CE8 UNICODE "gh_3dfda90e39d6"
0AE05938 0000000F
0AE0593C 00000010
0AE05940 00000000
0AE05944 00000000
0AE05948 00000000
0AE0594C 00000000
0AE05950 00000000
0AE05954 00000000
0AE05958 00000000
0AE0595C 00000000
0AE05960 00000000
0AE05964 00000000
0AE05968 00000000
0AE0596C 00000000
0AE05970 04A59430 UNICODE "http://wx.qlogo.cn/mmhead/Q3auHgzwzM6CtTmrloqERDq5"
0AE05974 00000056
0AE05978 00000080
0AE0597C 00000000
0AE05980 00000000
0AE05984 04A59890 UNICODE "http://wx.qlogo.cn/mmhead/Q3auHgzwzM6CtTmrloqERDq5"
0AE05988 00000054
0AE0598C 00000080
0AE05990 00000000
0AE05994 00000000
0AE05998 0ADB4DCC
0AE0599C 00000000
0AE059A0 00000000
0AE059A4 00000000
0AE059A8 00000000
0AE059AC 00000000
0AE059B0 00000002
同意加好友请求:
消息类型:好友确认
收到好友消息:
好友wxid:
fmessage
v1_63a5c79810b2f39abe44093512a11d03de8b383ae9f83a539d559fe68e1b1544@stranger
v2_679c6c2dd446a8f2f8d78a8447887527c58deb9778c87900ebefa4bf9894f27df3f9f67f5c9e59c7c297f3ca75985bce44130a20ebbce742bc71dcf063e75ad6fc52e55b8227b00eabd0df846512d8d9@stranger
消息内容:
<msg fromusername="Lemonice-cheng" encryptusername="v1_63a5c79810b2f39abe44093512a11d03de8b383ae9f83a539d559fe68e1b1544@stranger" fromnickname="Lemonice" content="" fullpy="Lemonice" shortpy="LEMONICE" imagestatus="3" scene="6" country="CN" province="Guangdong" city="Guangzhou" sign="怎么样的人就有怎么样的故事。。。" percard="1" sex="1" alias="" weibo="" albumflag="0" albumstyle="0" albumbgimgid="" snsflag="273" snsbgimgid="http://mmsns.qpic.cn/mmsns/PiajxSqBRaEKINstXA9yy06n206ibnut057ribI40rib8lmKDMibs3pXC4qNibO23GZXuE/0" snsbgobjectid="11795503932415816424" mhash="312995dae082495f25daa5168e520716" mfullhash="312995dae082495f25daa5168e520716" bigheadimgurl="http://wx.qlogo.cn/mmhead/ver_1/VM4Xs3LB7QmicNWs7qicYaP0aFVZ1mA6L2iaPLTAPRFiccfbdLSaU9laySQHNzfnicPicgWibH3UE17XicnfFL48WOXoGhOic4HH1YrReLtlQyicAgXCQ/0" smallheadimgurl="http://wx.qlogo.cn/mmhead/ver_1/VM4Xs3LB7QmicNWs7qicYaP0aFVZ1mA6L2iaPLTAPRFiccfbdLSaU9laySQHNzfnicPicgWibH3UE17XicnfFL48WOXoGhOic4HH1YrReLtlQyicAgXCQ/96" ticket="v2_679c6c2dd446a8f2f8d78a8447887527c58deb9778c87900ebefa4bf9894f27df3f9f67f5c9e59c7c297f3ca75985bce44130a20ebbce742bc71dcf063e75ad6fc52e55b8227b00eabd0df846512d8d9@stranger" opcode="2" googlecontact="" qrticket="" chatroomusername="" sourceusername="" sourcenickname="" sharecardusername="" sharecardnickname="" cardversion=""><brandlist count="0" ver="698484744"></brandlist></msg>
基址:56F30000
570CDCE0 55 push ebp
570CDCE1 8BEC mov ebp,esp
570CDCE3 6A FF push -0x1
570CDCE5 68 E8330358 push WeChatWi.580333E8
570CDCEA 64:A1 00000000 mov eax,dword ptr fs:[0]
570CDCF0 50 push eax
570CDCF1 83EC 18 sub esp,0x18
570CDCF4 56 push esi
570CDCF5 57 push edi
570CDCF6 A1 942B4F58 mov eax,dword ptr ds:[0x584F2B94]
570CDCFB 33C5 xor eax,ebp
570CDCFD 50 push eax
570CDCFE 8D45 F4 lea eax,dword ptr ss:[ebp-0xC]
570CDD01 64:A3 00000000 mov dword ptr fs:[0],eax
570CDD07 8BF9 mov edi,ecx
570CDD09 8B8F F0060000 mov ecx,dword ptr ds:[edi+0x6F0]
570CDD0F FFB1 28040000 push dword ptr ds:[ecx+0x428]
570CDD15 83EC 14 sub esp,0x14
570CDD18 54 push esp
570CDD19 E8 32730000 call WeChatWi.570D5050 ; 传入v2
570CDD1E 8B8F F0060000 mov ecx,dword ptr ds:[edi+0x6F0]
570CDD24 8D45 DC lea eax,dword ptr ss:[ebp-0x24]
570CDD27 50 push eax
570CDD28 E8 93A8EAFF call WeChatWi.56F785C0 ; 传入v1
570CDD2D 8BF0 mov esi,eax
570CDD2F 83EC 08 sub esp,0x8
570CDD32 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
570CDD39 8B0D E8CE5458 mov ecx,dword ptr ds:[0x5854CEE8] ; 参数地址
570CDD3F E8 7C7DF4FF call WeChatWi.57015AC0 ; 获取eax的值
570CDD44 8BD7 mov edx,edi
570CDD46 8D8F BC060000 lea ecx,dword ptr ds:[edi+0x6BC]
570CDD4C F7DA neg edx
570CDD4E 50 push eax ; 这个是上面的call回来的
570CDD4F 1BD2 sbb edx,edx
570CDD51 23D1 and edx,ecx
570CDD53 8D8F F4060000 lea ecx,dword ptr ds:[edi+0x6F4]
570CDD59 52 push edx ; 0x130大小的空缓冲区
570CDD5A 56 push esi ; v1结构体
570CDD5B E8 70BCFEFF call WeChatWi.570B99D0 ; 同意好友主要的call
570CDD60 8B45 DC mov eax,dword ptr ss:[ebp-0x24]
570CDD63 85C0 test eax,eax
570CDD65 74 10 je short WeChatWi.570CDD77
570CDD67 50 push eax
570CDD68 E8 C7C4F300 call WeChatWi.5800A234
570CDD6D 83C4 04 add esp,0x4
570CDD70 C745 DC 0000000>mov dword ptr ss:[ebp-0x24],0x0
570CDD77 8B45 E8 mov eax,dword ptr ss:[ebp-0x18] ; user32.73DE4F8A
570CDD7A C745 E4 0000000>mov dword ptr ss:[ebp-0x1C],0x0
570CDD81 C745 E0 0000000>mov dword ptr ss:[ebp-0x20],0x0
570CDD88 85C0 test eax,eax
570CDD8A 74 09 je short WeChatWi.570CDD95
570CDD8C 50 push eax
570CDD8D E8 A2C4F300 call WeChatWi.5800A234
570CDD92 83C4 04 add esp,0x4
570CDD95 B0 01 mov al,0x1
570CDD97 8B4D F4 mov ecx,dword ptr ss:[ebp-0xC]
570CDD9A 64:890D 0000000>mov dword ptr fs:[0],ecx
570CDDA1 59 pop ecx ; user32.73DE4F8A
570CDDA2 5F pop edi ; user32.73DE4F8A
570CDDA3 5E pop esi ; user32.73DE4F8A
570CDDA4 8BE5 mov esp,ebp
570CDDA6 5D pop ebp ; user32.73DE4F8A
570CDDA7 C3 retn
570CDDA8 CC int3
570CDDA9 CC int3
570CDDAA CC int3
570CDDAB CC int3
570CDDAC CC int3
570CDDAD CC int3
570CDDAE CC int3
570CDDAF CC int3
570CDDB0 55 push ebp
570CDDB1 8BEC mov ebp,esp
570CDDB3 6A FF push -0x1
570CDDB5 68 E8330358 push WeChatWi.580333E8
570CDDBA 64:A1 00000000 mov eax,dword ptr fs:[0]
570CDDC0 50 push eax
570CDDC1 83EC 1C sub esp,0x1C
570CDDC4 56 push esi
570CDDC5 A1 942B4F58 mov eax,dword ptr ds:[0x584F2B94]
570CDDCA 33C5 xor eax,ebp
570CDDCC 50 push eax
570CDDCD 8D45 F4 lea eax,dword ptr ss:[ebp-0xC]
570CDDD0 64:A3 00000000 mov dword ptr fs:[0],eax
570CDDD6 8BF1 mov esi,ecx
570CDDD8 83EC 14 sub esp,0x14
570CDDDB 8BCC mov ecx,esp
570CDDDD 6A FF push -0x1
570CDDDF C701 00000000 mov dword ptr ds:[ecx],0x0
570CDDE5 C741 04 0000000>mov dword ptr ds:[ecx+0x4],0x0
570CDDEC C741 08 0000000>mov dword ptr ds:[ecx+0x8],0x0
570CDDF3 68 08892958 push WeChatWi.58298908
570CDDF8 C741 0C 0000000>mov dword ptr ds:[ecx+0xC],0x0
570CDDFF C741 10 0000000>mov dword ptr ds:[ecx+0x10],0x0
570CDE06 E8 A5123400 call WeChatWi.5740F0B0
570CDE0B 83EC 14 sub esp,0x14
570CDE0E 8BCC mov ecx,esp
570CDE10 6A FF push -0x1
570CDE12 C701 00000000 mov dword ptr ds:[ecx],0x0
570CDE18 C741 04 0000000>mov dword ptr ds:[ecx+0x4],0x0
570CDE1F C741 08 0000000>mov dword ptr ds:[ecx+0x8],0x0
570CDE26 68 08892958 push WeChatWi.58298908
570CDE2B C741 0C 0000000>mov dword ptr ds:[ecx+0xC],0x0
570CDE32 C741 10 0000000>mov dword ptr ds:[ecx+0x10],0x0
570CDE39 E8 72123400 call WeChatWi.5740F0B0
570CDE3E 8B8E F0060000 mov ecx,dword ptr ds:[esi+0x6F0]
570CDE44 8D45 DC lea eax,dword ptr ss:[ebp-0x24]
570CDE47 50 push eax
570CDE48 E8 73A7EAFF call WeChatWi.56F785C0
570CDE4D 8BD0 mov edx,eax
570CDE4F C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
570CDE56 8B8E F0060000 mov ecx,dword ptr ds:[esi+0x6F0]
570CDE5C 6A 01 push 0x1
570CDE5E FFB1 28040000 push dword ptr ds:[ecx+0x428]
570CDE64 8B0D E8CE5458 mov ecx,dword ptr ds:[0x5854CEE8]
570CDE6A 6A 01 push 0x1
570CDE6C E8 4F7CF4FF call WeChatWi.57015AC0
570CDE71 8BCE mov ecx,esi
570CDE73 F7D9 neg ecx
570CDE75 50 push eax
570CDE76 1BC9 sbb ecx,ecx
570CDE78 8D86 BC060000 lea eax,dword ptr ds:[esi+0x6BC]
570CDE7E 23C8 and ecx,eax
570CDE80 51 push ecx
570CDE81 52 push edx
570CDE82 8D8E F4060000 lea ecx,dword ptr ds:[esi+0x6F4]
570CDE88 E8 B3B8FEFF call WeChatWi.570B9740
570CDE8D 8B45 DC mov eax,dword ptr ss:[ebp-0x24]
570CDE90 85C0 test eax,eax
加好友:
基址:56F30000
570B303D 8D95 3CFFFFFF lea edx,dword ptr ss:[ebp-0xC4]
570B3043 52 push edx
570B3044 8B01 mov eax,dword ptr ds:[ecx]
570B3046 FF50 04 call dword ptr ds:[eax+0x4]
570B3049 68 50372B58 push WeChatWi.582B3750 ; UNICODE "okbtn"
570B304E 8BC8 mov ecx,eax
570B3050 E8 2B916800 call WeChatWi.5773C180
570B3055 50 push eax
570B3056 E8 B38FF400 call WeChatWi.57FFC00E
570B305B 83C4 08 add esp,0x8
570B305E 8D8D 3CFFFFFF lea ecx,dword ptr ss:[ebp-0xC4]
570B3064 85C0 test eax,eax
570B3066 0F94C3 sete bl
570B3069 E8 AB916800 call WeChatWi.5773C219
570B306E 84DB test bl,bl
570B3070 0F84 8C010000 je WeChatWi.570B3202
570B3076 83BE 44030000 0>cmp dword ptr ds:[esi+0x344],0x0
570B307D 0F84 57030000 je WeChatWi.570B33DA
570B3083 6A FF push -0x1
570B3085 68 08892958 push WeChatWi.58298908
570B308A 8D8D 28FFFFFF lea ecx,dword ptr ss:[ebp-0xD8]
570B3090 E8 1BBD3500 call WeChatWi.5740EDB0
570B3095 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
570B309C C745 E4 0000000>mov dword ptr ss:[ebp-0x1C],0x0
570B30A3 C745 E8 0000000>mov dword ptr ss:[ebp-0x18],0x0
570B30AA C745 EC 0000000>mov dword ptr ss:[ebp-0x14],0x0
570B30B1 8D45 E4 lea eax,dword ptr ss:[ebp-0x1C]
570B30B4 C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
570B30B8 8B8E 44030000 mov ecx,dword ptr ds:[esi+0x344]
570B30BE 50 push eax
570B30BF E8 BCE8F2FF call WeChatWi.56FE1980
570B30C4 8B4D E8 mov ecx,dword ptr ss:[ebp-0x18] ; user32.73DE4F8A
570B30C7 B8 398EE338 mov eax,0x38E38E39
570B30CC 8B7D E4 mov edi,dword ptr ss:[ebp-0x1C] ; user32.73DE895C
570B30CF 2BCF sub ecx,edi
570B30D1 F7E9 imul ecx
570B30D3 C1FA 03 sar edx,0x3
570B30D6 8BC2 mov eax,edx
570B30D8 C1E8 1F shr eax,0x1F
570B30DB 03C2 add eax,edx
570B30DD 74 14 je short WeChatWi.570B30F3
570B30DF 833F 01 cmp dword ptr ds:[edi],0x1
570B30E2 75 0F jnz short WeChatWi.570B30F3
570B30E4 8D47 04 lea eax,dword ptr ds:[edi+0x4]
570B30E7 50 push eax
570B30E8 8D8D 28FFFFFF lea ecx,dword ptr ss:[ebp-0xD8]
570B30EE E8 EDC13500 call WeChatWi.5740F2E0
570B30F3 8BBD 28FFFFFF mov edi,dword ptr ss:[ebp-0xD8]
570B30F9 8D8E 48030000 lea ecx,dword ptr ds:[esi+0x348]
570B30FF 85FF test edi,edi
570B3101 74 08 je short WeChatWi.570B310B
570B3103 66:833F 00 cmp word ptr ds:[edi],0x0
570B3107 8BC7 mov eax,edi
570B3109 75 05 jnz short WeChatWi.570B3110
570B310B B8 08892958 mov eax,WeChatWi.58298908
570B3110 FFB5 2CFFFFFF push dword ptr ss:[ebp-0xD4]
570B3116 50 push eax
570B3117 E8 94BF3500 call WeChatWi.5740F0B0
570B311C 8D9E 24030000 lea ebx,dword ptr ds:[esi+0x324]
570B3122 8BCB mov ecx,ebx
570B3124 E8 47E85800 call WeChatWi.57641970
570B3129 84C0 test al,al
570B312B 74 3A je short WeChatWi.570B3167
570B312D 6A 00 push 0x0
570B312F 8D86 68030000 lea eax,dword ptr ds:[esi+0x368]
570B3135 50 push eax
570B3136 8D4D C4 lea ecx,dword ptr ss:[ebp-0x3C]
570B3139 E8 C2BD3500 call WeChatWi.5740EF00
570B313E 8D45 C4 lea eax,dword ptr ss:[ebp-0x3C]
570B3141 C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
570B3145 50 push eax
570B3146 8D85 28FFFFFF lea eax,dword ptr ss:[ebp-0xD8]
570B314C 50 push eax
570B314D 53 push ebx
570B314E E8 BD5DEFFF call WeChatWi.56FA8F10
570B3153 8BC8 mov ecx,eax
570B3155 E8 36F85800 call WeChatWi.57642990
570B315A 8D4D C4 lea ecx,dword ptr ss:[ebp-0x3C]
570B315D E8 3E9EECFF call WeChatWi.56F7CFA0
570B3162 E9 83000000 jmp WeChatWi.570B31EA
570B3167 83EC 18 sub esp,0x18
570B316A 8BCC mov ecx,esp
570B316C 89A5 24FFFFFF mov dword ptr ss:[ebp-0xDC],esp
570B3172 68 949C2958 push WeChatWi.58299C94 ; 参数地址
570B3177 E8 D4F3ECFF call WeChatWi.56F82550 ; 调用1
570B317C 83EC 18 sub esp,0x18
570B317F C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
570B3183 8D86 68030000 lea eax,dword ptr ds:[esi+0x368]
570B3189 89A5 1CFFFFFF mov dword ptr ss:[ebp-0xE4],esp
570B318F 8BCC mov ecx,esp
570B3191 50 push eax
570B3192 E8 79B7EEFF call WeChatWi.56F9E910 ; 调用2
570B3197 FFB6 64030000 push dword ptr ds:[esi+0x364]
570B319D 85FF test edi,edi
570B319F 74 06 je short WeChatWi.570B31A7
570B31A1 66:833F 00 cmp word ptr ds:[edi],0x0
570B31A5 75 05 jnz short WeChatWi.570B31AC
570B31A7 BF 08892958 mov edi,WeChatWi.58298908
570B31AC 83EC 14 sub esp,0x14
570B31AF 8BCC mov ecx,esp
570B31B1 89A5 18FFFFFF mov dword ptr ss:[ebp-0xE8],esp
570B31B7 6A FF push -0x1
570B31B9 57 push edi
570B31BA E8 F1BB3500 call WeChatWi.5740EDB0 ; 调用3
570B31BF FFB6 5C030000 push dword ptr ds:[esi+0x35C]
570B31C5 83EC 14 sub esp,0x14
570B31C8 8BCC mov ecx,esp
570B31CA 89A5 20FFFFFF mov dword ptr ss:[ebp-0xE0],esp
570B31D0 53 push ebx
570B31D1 E8 1ABC3500 call WeChatWi.5740EDF0 ; 调用4
570B31D6 C645 FC 06 mov byte ptr ss:[ebp-0x4],0x6
570B31DA E8 41B5ECFF call WeChatWi.56F7E720 ; 调用5
570B31DF 8BC8 mov ecx,eax
570B31E1 C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
570B31E5 E8 867D1200 call WeChatWi.571DAF70 ; 调用6
570B31EA 8D4D E4 lea ecx,dword ptr ss:[ebp-0x1C]
570B31ED E8 2E2AF3FF call WeChatWi.56FE5C20
570B31F2 8D8D 28FFFFFF lea ecx,dword ptr ss:[ebp-0xD8]
570B31F8 E8 A39DECFF call WeChatWi.56F7CFA0
570B31FD E9 D8010000 jmp WeChatWi.570B33DA
570B3202 8B8F 08010000 mov ecx,dword ptr ds:[edi+0x108] ; ntdll.770B562E
570B3208 8D95 3CFFFFFF lea edx,dword ptr ss:[ebp-0xC4]
570B320E 52 push edx
570B320F 8B01 mov eax,dword ptr ds:[ecx]
570B3211 FF50 04 call dword ptr ds:[eax+0x4]
570B3214 68 04212B58 push WeChatWi.582B2104 ; UNICODE "cancelbtn"
570B3219 8BC8 mov ecx,eax
570B321B E8 608F6800 call WeChatWi.5773C180
570B3220 50 push eax
570B3221 E8 E88DF400 call WeChatWi.57FFC00E
570B3226 83C4 08 add esp,0x8
570B3229 8D8D 3CFFFFFF lea ecx,dword ptr ss:[ebp-0xC4]
570B322F 85C0 test eax,eax
570B3231 0F94C3 sete bl
570B3234 E8 E08F6800 call WeChatWi.5773C219
570B3239 84DB test bl,bl
570B323B 75 3F jnz short WeChatWi.570B327C
570B323D 8B8F 08010000 mov ecx,dword ptr ds:[edi+0x108] ; ntdll.770B562E
570B3243 8D95 3CFFFFFF lea edx,dword ptr ss:[ebp-0xC4]
570B3249 52 push edx
570B324A 8B01 mov eax,dword ptr ds:[ecx]
570B324C FF50 04 call dword ptr ds:[eax+0x4]
570B324F 68 10E32158 push WeChatWi.5821E310 ; UNICODE "closebtn"
570B3254 8BC8 mov ecx,eax
570B3256 E8 258F6800 call WeChatWi.5773C180
570B325B 50 push eax
570B325C E8 AD8DF400 call WeChatWi.57FFC00E
570B3261 83C4 08 add esp,0x8
570B3264 8D8D 3CFFFFFF lea ecx,dword ptr ss:[ebp-0xC4]
570B326A 85C0 test eax,eax
570B326C 0F94C3 sete bl
570B326F E8 A58F6800 call WeChatWi.5773C219
570B3274 84DB test bl,bl
570B3276 0F84 56010000 je WeChatWi.570B33D2
570B327C 8B46 E0 mov eax,dword ptr ds:[esi-0x20] ; WeChatWi.57741459
570B327F 8D4E E0 lea ecx,dword ptr ds:[esi-0x20]
570B3282 6A 02 push 0x2
570B3284 FF10 call dword ptr ds:[eax]
570B3286 E9 4F010000 jmp WeChatWi.570B33DA
570B328B 68 1CE72958 push WeChatWi.5829E71C ; UNICODE "textchanged"
570B3290 8BCF mov ecx,edi
570B3292 E8 E98E6800 call WeChatWi.5773C180
570B3297 50 push eax
570B3298 E8 718DF400 call WeChatWi.57FFC00E
570B329D 83C4 08 add esp,0x8
570B32A0 85C0 test eax,eax
570B32A2 0F85 2A010000 jnz WeChatWi.570B33D2
570B32A8 8B8F 08010000 mov ecx,dword ptr ds:[edi+0x108] ; ntdll.770B562E
570B32AE 8D95 3CFFFFFF lea edx,dword ptr ss:[ebp-0xC4]
570B32B4 52 push edx
570B32B5 8B01 mov eax,dword ptr ds:[ecx]
570B32B7 FF50 04 call dword ptr ds:[eax+0x4]
570B32BA 68 68EB2958 push WeChatWi.5829EB68 ; UNICODE "contendEdit"
570B32BF 8BC8 mov ecx,eax
570B32C1 E8 BA8E6800 call WeChatWi.5773C180
570B32C6 50 push eax
570B32C7 E8 428DF400 call WeChatWi.57FFC00E
570B32CC 83C4 08 add esp,0x8
570B32CF 8D8D 3CFFFFFF lea ecx,dword ptr ss:[ebp-0xC4]
570B32D5 85C0 test eax,eax
570B32D7 0F94C3 sete bl
570B32DA E8 3A8F6800 call WeChatWi.5773C219
570B32DF 84DB test bl,bl
570B32E1 0F84 EB000000 je WeChatWi.570B33D2
570B32E7 8B8E 44030000 mov ecx,dword ptr ds:[esi+0x344]
570B32ED 8D95 3CFFFFFF lea edx,dword ptr ss:[ebp-0xC4]
570B32F3 52 push edx
570B32F4 8B01 mov eax,dword ptr ds:[ecx]
570B32F6 FF50 3C call dword ptr ds:[eax+0x3C]
570B32F9 6A FF push -0x1
570B32FB 8BC8 mov ecx,eax
570B32FD E8 7E8E6800 call WeChatWi.5773C180
570B3302 50 push eax
570B3303 8D8D 28FFFFFF lea ecx,dword ptr ss:[ebp-0xD8]
570B3309 E8 A2BA3500 call WeChatWi.5740EDB0
570B330E 8D8D 3CFFFFFF lea ecx,dword ptr ss:[ebp-0xC4]
570B3314 C745 FC 0700000>mov dword ptr ss:[ebp-0x4],0x7
570B331B E8 F98E6800 call WeChatWi.5773C219
570B3320 8B9D 2CFFFFFF mov ebx,dword ptr ss:[ebp-0xD4]
570B3326 83FB 14 cmp ebx,0x14
570B3329 0F8E 91000000 jle WeChatWi.570B33C0
570B332F 83EC 14 sub esp,0x14
570B3332 8D85 28FFFFFF lea eax,dword ptr ss:[ebp-0xD8]
570B3338 8BCC mov ecx,esp
570B333A 50 push eax
570B333B E8 B0BA3500 call WeChatWi.5740EDF0
570B3340 E8 0BFCFFFF call WeChatWi.570B2F50
570B3345 83C4 14 add esp,0x14
570B3348 83F8 28 cmp eax,0x28
570B334B 7E 73 jle short WeChatWi.570B33C0
570B334D 8B85 28FFFFFF mov eax,dword ptr ss:[ebp-0xD8]
570B3353 85C0 test eax,eax
570B3355 74 06 je short WeChatWi.570B335D
570B3357 66:8338 00 cmp word ptr ds:[eax],0x0
570B335B 75 05 jnz short WeChatWi.570B3362
570B335D B8 08892958 mov eax,WeChatWi.58298908
570B3362 50 push eax
570B3363 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40]
570B3366 E8 6591EEFF call WeChatWi.56F9C4D0
570B336B C645 FC 08 mov byte ptr ss:[ebp-0x4],0x8
570B336F 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40]
570B3372 8B45 D0 mov eax,dword ptr ss:[ebp-0x30]
570B3375 48 dec eax
570B3376 50 push eax
570B3377 6A 00 push 0x0
570B3379 8D45 D8 lea eax,dword ptr ss:[ebp-0x28]
570B337C 50 push eax
570B337D E8 7E5FFAFF call WeChatWi.57059300
570B3382 8BD0 mov edx,eax
570B3384 C645 FC 09 mov byte ptr ss:[ebp-0x4],0x9
570B3388 837A 14 08 cmp dword ptr ds:[edx+0x14],0x8
570B338C 72 02 jb short WeChatWi.570B3390
570B338E 8B12 mov edx,dword ptr ds:[edx]
570B3390 8B8E 44030000 mov ecx,dword ptr ds:[esi+0x344]
570B3396 52 push edx
570B3397 8B01 mov eax,dword ptr ds:[ecx]
570B3399 FF50 40 call dword ptr ds:[eax+0x40]
570B339C 8D4D D8 lea ecx,dword ptr ss:[ebp-0x28]
570B339F C645 FC 08 mov byte ptr ss:[ebp-0x4],0x8
570B33A3 E8 58B6EEFF call WeChatWi.56F9EA00
570B33A8 8B8E 44030000 mov ecx,dword ptr ds:[esi+0x344]
获取好友详情:22905167168@chatroom
基址:56F30000
571556D9 33C5 xor eax,ebp
571556DB 8945 F0 mov dword ptr ss:[ebp-0x10],eax
571556DE 53 push ebx
571556DF 56 push esi
571556E0 57 push edi
571556E1 50 push eax
571556E2 8D45 F4 lea eax,dword ptr ss:[ebp-0xC]
571556E5 64:A3 00000000 mov dword ptr fs:[0],eax
571556EB 8BF1 mov esi,ecx
571556ED C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
571556F4 8B86 480A0000 mov eax,dword ptr ds:[esi+0xA48]
571556FA 85C0 test eax,eax
571556FC 74 10 je short WeChatWi.5715570E
571556FE B2 01 mov dl,0x1
57155700 C680 890B0000 0>mov byte ptr ds:[eax+0xB89],0x0
57155707 32C9 xor cl,cl
57155709 E8 825DE5FF call WeChatWi.56FAB490
5715570E 8B8E AC0B0000 mov ecx,dword ptr ds:[esi+0xBAC]
57155714 6A 00 push 0x0
57155716 8B01 mov eax,dword ptr ds:[ecx]
57155718 FF90 EC000000 call dword ptr ds:[eax+0xEC]
5715571E 8B5D 0C mov ebx,dword ptr ss:[ebp+0xC]
57155721 85DB test ebx,ebx
57155723 0F9EC0 setle al
57155726 84C0 test al,al
57155728 0F85 FC020000 jnz WeChatWi.57155A2A
5715572E A1 14625558 mov eax,dword ptr ds:[0x58556214]
57155733 85C0 test eax,eax
57155735 74 06 je short WeChatWi.5715573D
57155737 66:8338 00 cmp word ptr ds:[eax],0x0
5715573B 75 05 jnz short WeChatWi.57155742
5715573D B8 08892958 mov eax,WeChatWi.58298908
57155742 50 push eax
57155743 8D4D 08 lea ecx,dword ptr ss:[ebp+0x8]
57155746 E8 C59C2B00 call WeChatWi.5740F410
5715574B 8B7D 08 mov edi,dword ptr ss:[ebp+0x8]
5715574E 85C0 test eax,eax
57155750 0F84 4F020000 je WeChatWi.571559A5
57155756 85FF test edi,edi
57155758 74 08 je short WeChatWi.57155762
5715575A 66:833F 00 cmp word ptr ds:[edi],0x0
5715575E 8BC7 mov eax,edi
57155760 75 05 jnz short WeChatWi.57155767
57155762 B8 08892958 mov eax,WeChatWi.58298908
57155767 50 push eax
57155768 B9 28625558 mov ecx,WeChatWi.58556228
5715576D E8 9E9C2B00 call WeChatWi.5740F410
57155772 85C0 test eax,eax
57155774 0F84 2B020000 je WeChatWi.571559A5
5715577A 85FF test edi,edi
5715577C 74 08 je short WeChatWi.57155786
5715577E 66:833F 00 cmp word ptr ds:[edi],0x0
57155782 8BC7 mov eax,edi
57155784 75 05 jnz short WeChatWi.5715578B
57155786 B8 08892958 mov eax,WeChatWi.58298908
5715578B 50 push eax
5715578C B9 3C625558 mov ecx,WeChatWi.5855623C
57155791 E8 7A9C2B00 call WeChatWi.5740F410
57155796 85C0 test eax,eax
57155798 0F84 07020000 je WeChatWi.571559A5
5715579E E8 7D8FE2FF call WeChatWi.56F7E720
571557A3 8D45 08 lea eax,dword ptr ss:[ebp+0x8]
571557A6 50 push eax
571557A7 E8 54930800 call WeChatWi.571DEB00
571557AC 83F8 02 cmp eax,0x2
571557AF 0F84 EA010000 je WeChatWi.5715599F
571557B5 8DBE 500C0000 lea edi,dword ptr ds:[esi+0xC50]
571557BB 57 push edi
571557BC 83EC 14 sub esp,0x14
571557BF 8D45 08 lea eax,dword ptr ss:[ebp+0x8]
571557C2 8BCC mov ecx,esp
571557C4 8965 D4 mov dword ptr ss:[ebp-0x2C],esp
571557C7 50 push eax
571557C8 E8 23962B00 call WeChatWi.5740EDF0 ; call1
571557CD C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
571557D1 E8 4A8FE2FF call WeChatWi.56F7E720 ; call2
571557D6 C645 FC 00 mov byte ptr ss:[ebp-0x4],0x0
571557DA E8 A1720800 call WeChatWi.571DCA80 ; call3
571557DF 84C0 test al,al
571557E1 0F84 43020000 je WeChatWi.57155A2A
571557E7 81EC E0030000 sub esp,0x3E0
571557ED 8BCC mov ecx,esp
571557EF 57 push edi
571557F0 E8 1B51EDFF call WeChatWi.5702A910
571557F5 8BCE mov ecx,esi
571557F7 E8 84020000 call WeChatWi.57155A80
571557FC 8D45 C0 lea eax,dword ptr ss:[ebp-0x40]
571557FF 8BCF mov ecx,edi
57155801 50 push eax
57155802 E8 B968E5FF call WeChatWi.56FAC0C0
57155807 8DBE 58100000 lea edi,dword ptr ds:[esi+0x1058]
5715580D 50 push eax
5715580E 8BCF mov ecx,edi
57155810 E8 7BA02B00 call WeChatWi.5740F890
57155815 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40]
57155818 E8 8377E2FF call WeChatWi.56F7CFA0
5715581D 6A 00 push 0x0
5715581F 8BCE mov ecx,esi
57155821 E8 BA1A0000 call WeChatWi.571572E0
57155826 8BCF mov ecx,edi
57155828 E8 23780800 call WeChatWi.571DD050
5715582D 84C0 test al,al
5715582F 0F84 01010000 je WeChatWi.57155936
57155835 8D45 D8 lea eax,dword ptr ss:[ebp-0x28]
57155838 50 push eax
57155839 E8 72CBE2FF call WeChatWi.56F823B0
5715583E 8BC8 mov ecx,eax
57155840 E8 FB962100 call WeChatWi.5736EF40
57155845 6A 00 push 0x0
57155847 50 push eax
57155848 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40]
5715584B E8 B0962B00 call WeChatWi.5740EF00
57155850 8D4D D8 lea ecx,dword ptr ss:[ebp-0x28]
57155853 C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
57155857 E8 047AE2FF call WeChatWi.56F7D260
5715585C E8 DF0AE4FF call WeChatWi.56F96340
57155861 8D45 C0 lea eax,dword ptr ss:[ebp-0x40]
57155864 50 push eax
57155865 57 push edi
57155866 E8 35A20700 call WeChatWi.571CFAA0
5715586B 84C0 test al,al
5715586D 74 1E je short WeChatWi.5715588D
5715586F 57 push edi
57155870 8BCE mov ecx,esi
57155872 E8 19140000 call WeChatWi.57156C90
57155877 6A 05 push 0x5
57155879 8BCE mov ecx,esi
5715587B E8 90270000 call WeChatWi.57158010
57155880 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40]
57155883 E8 1877E2FF call WeChatWi.56F7CFA0
57155888 E9 9D010000 jmp WeChatWi.57155A2A
5715588D 8B8E 7C0A0000 mov ecx,dword ptr ds:[esi+0xA7C]
57155893 6A 00 push 0x0
57155895 8B01 mov eax,dword ptr ds:[ecx]
57155897 FF90 EC000000 call dword ptr ds:[eax+0xEC]
5715589D 6A 00 push 0x0
5715589F 8BCE mov ecx,esi
571558A1 E8 3A1A0000 call WeChatWi.571572E0
571558A6 8B8E 900A0000 mov ecx,dword ptr ds:[esi+0xA90]
571558AC 6A 00 push 0x0
571558AE 8B01 mov eax,dword ptr ds:[ecx]
571558B0 FF90 EC000000 call dword ptr ds:[eax+0xEC]
571558B6 8B8E A80B0000 mov ecx,dword ptr ds:[esi+0xBA8]
571558BC 6A 00 push 0x0
571558BE 8B01 mov eax,dword ptr ds:[ecx]
571558C0 FF90 EC000000 call dword ptr ds:[eax+0xEC]
571558C6 8B8E 080B0000 mov ecx,dword ptr ds:[esi+0xB08]
571558CC 85C9 test ecx,ecx
571558CE 74 0A je short WeChatWi.571558DA
571558D0 8B01 mov eax,dword ptr ds:[ecx]
571558D2 6A 00 push 0x0
571558D4 FF90 EC000000 call dword ptr ds:[eax+0xEC]
571558DA 8B8E 7C0A0000 mov ecx,dword ptr ds:[esi+0xA7C]
571558E0 6A 01 push 0x1
571558E2 8B01 mov eax,dword ptr ds:[ecx]
571558E4 FF90 EC000000 call dword ptr ds:[eax+0xEC]
571558EA 8BCE mov ecx,esi
571558EC E8 AF150000 call WeChatWi.57156EA0
571558F1 83EC 14 sub esp,0x14
571558F4 BA 22040000 mov edx,0x422
571558F9 8BCC mov ecx,esp
571558FB 8965 D4 mov dword ptr ss:[ebp-0x2C],esp
571558FE 32DB xor bl,bl
57155900 E8 DBA32B00 call WeChatWi.5740FCE0
57155905 83EC 14 sub esp,0x14
57155908 C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
5715590C BA 0E040000 mov edx,0x40E
57155911 8BCC mov ecx,esp
57155913 E8 C8A32B00 call WeChatWi.5740FCE0
57155918 C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
5715591C 8AD3 mov dl,bl
5715591E 8B4E 04 mov ecx,dword ptr ds:[esi+0x4]
57155921 E8 7A5DF0FF call WeChatWi.5705B6A0
57155926 83C4 28 add esp,0x28
57155929 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40]
5715592C E8 6F76E2FF call WeChatWi.56F7CFA0
57155931 E9 F4000000 jmp WeChatWi.57155A2A
57155936 8B8E 7C0A0000 mov ecx,dword ptr ds:[esi+0xA7C]
5715593C 6A 00 push 0x0
5715593E 8B01 mov eax,dword ptr ds:[ecx]
57155940 FF90 EC000000 call dword ptr ds:[eax+0xEC]
57155946 6A 00 push 0x0
57155948 8BCE mov ecx,esi
5715594A E8 91190000 call WeChatWi.571572E0
个人edi
0D589BB0 00000000
0D589BB4 00000000
0D589BB8 0D8CFDC0 UNICODE "wxid_ex8vs2ew6u5j12" 0x8
0D589BBC 00000013
0D589BC0 00000020
0D589BC4 00000000
0D589BC8 00000000
0D589BCC 0DB7B730 UNICODE "yfsx5201314" 0x1C
0D589BD0 0000000B
0D589BD4 00000010
0D589BD8 00000000
0D589BDC 00000000
0D589BE0 0D871910 UNICODE "v1_d0bebd57db3ead25fdc4c9632853fe0a6a11f06cc4c3b29" 0x30
0D589BE4 0000006C
0D589BE8 00000080
0D589BEC 00000000
0D589BF0 00000000
0D589BF4 00000000
0D589BF8 00000001
0D589BFC 00000000
0D589C00 0DB715A8 UNICODE "瓷肌-森贤" 0x50
0D589C04 00000005
0D589C08 00000008
0D589C0C 00000000
0D589C10 00000000
0D589C14 0DA15B40 UNICODE "雨雪纷飞" 0x64
0D589C18 00000004
0D589C1C 00000008
0D589C20 00000000
0D589C24 00000000
0D589C28 00000000
0D589C2C 00000000
0D589C30 00000000
0D589C34 00000000
0D589C38 00000000
0D589C3C 00000000
0D589C40 00000000
0D589C44 00000000
0D589C48 00000000
0D589C4C 00000000
0D589C50 00000001
0D589C54 0DA15A20 UNICODE "YXFF"
0D589C58 00000004
0D589C5C 00000008
0D589C60 00000000
0D589C64 00000000
0D589C68 0DA51A08 UNICODE "yuxuefenfei"
0D589C6C 0000000B
0D589C70 00000010
0D589C74 00000000
0D589C78 00000000
0D589C7C 0DC69890 UNICODE "CJSX"
0D589C80 00000004
0D589C84 00000004
0D589C88 00000000
0D589C8C 00000000
0D589C90 0DB7B7C0 UNICODE "cijisenxian"
0D589C94 0000000B
0D589C98 00000010
0D589C9C 00000000
0D589CA0 00000000
0D589CA4 0D842E90 UNICODE "http://wx.qlogo.cn/mmhead/ver_1/59RvVaxnaqKNgiaNT3"
0D589CA8 00000093
0D589CAC 00000100
0D589CB0 00000000
0D589CB4 00000000
0D589CB8 0DC2C2B0 UNICODE "http://wx.qlogo.cn/mmhead/ver_1/59RvVaxnaqKNgiaNT3" 0x108
0D589CBC 00000095
0D589CC0 00000100
0D589CC4 00000000
0D589CC8 00000000
0D589CCC 0DB929D0 ASCII "747e527aec4b24b1f1ca46779ddbd49a"
0D589CD0 01010101
0D589CD4 01010101
0D589CD8 01010101
0D589CDC 00000020
0D589CE0 0000002F
0D589CE4 00000000
群edi
0D589BB0 00000000
0D589BB4 00000000
0D589BB8 0D8CFDC0 UNICODE "22905167168@chatroom"
0D589BBC 00000014
0D589BC0 00000020
0D589BC4 00000000
0D589BC8 00000000
0D589BCC 0DB7BB20
0D589BD0 00000000
0D589BD4 00000000
0D589BD8 00000000
0D589BDC 00000000
0D589BE0 0D871910 UNICODE "v1_ea7731173e71074c543ba3ea16c35d5b30f48fed5b7a445"
0D589BE4 0000006C
0D589BE8 00000080
0D589BEC 00000000
0D589BF0 00000000
0D589BF4 00000000
0D589BF8 00000003
0D589BFC 00000000
0D589C00 0DB71228
0D589C04 00000000
0D589C08 00000000
0D589C0C 00000000
0D589C10 00000000
0D589C14 0DA15B40 UNICODE "机器人测试群"
0D589C18 00000006
0D589C1C 00000008
0D589C20 00000000
0D589C24 00000000
0D589C28 00000000
0D589C2C 00000000
0D589C30 00000000
0D589C34 00000000
0D589C38 00000000
0D589C3C 00000000
0D589C40 00000000
0D589C44 00000000
0D589C48 00000000
0D589C4C 00000000
0D589C50 00000001
0D589C54 0DA15A20 UNICODE "JQRCSQ"
0D589C58 00000006
0D589C5C 00000008
0D589C60 00000000
0D589C64 00000000
0D589C68 0DA51A08 UNICODE "jiqirenceshiqun"
0D589C6C 0000000F
0D589C70 00000010
0D589C74 00000000
0D589C78 00000000
0D589C7C 0DC69B00
0D589C80 00000000
0D589C84 00000000
0D589C88 00000000
0D589C8C 00000000
0D589C90 0DB7BBE0
0D589C94 00000000
0D589C98 00000000
0D589C9C 00000000
0D589CA0 00000000
0D589CA4 0DC2BE60
0D589CA8 00000000
0D589CAC 00000000
0D589CB0 00000000
0D589CB4 00000000
0D589CB8 0DC2C2B0 UNICODE "http://wx.qlogo.cn/mmcrhead/0ZyuZuQycibGWZddg404UX"
0D589CBC 00000083
0D589CC0 00000100
0D589CC4 00000000
0D589CC8 00000000
0D589CCC 0DB929D0
0D589CD0 01010101
0D589CD4 01010101
0D589CD8 01010101
0D589CDC 00000000
发送群公告:群:22905167168@chatroom
基址:56F30000
56F9F830 /0F84 42010000 je WeChatWi.56F9F978
56F9F836 |C785 30FFFFFF 0>mov dword ptr ss:[ebp-0xD0],0x0
56F9F840 |C785 34FFFFFF 0>mov dword ptr ss:[ebp-0xCC],0x0
56F9F84A |C785 38FFFFFF 0>mov dword ptr ss:[ebp-0xC8],0x0
56F9F854 |8D8D A0FEFFFF lea ecx,dword ptr ss:[ebp-0x160]
56F9F85A |E8 71C43F00 call WeChatWi.5739BCD0
56F9F85F |68 248E2958 push WeChatWi.58298E24 ; UNICODE ""
56F9F864 |68 28ED2958 push WeChatWi.5829ED28 ; UNICODE "\r"
56F9F869 |8D8D 18FFFFFF lea ecx,dword ptr ss:[ebp-0xE8]
56F9F86F |C645 FC 12 mov byte ptr ss:[ebp-0x4],0x12
56F9F873 |E8 E8054700 call WeChatWi.5740FE60
56F9F878 |68 248E2958 push WeChatWi.58298E24 ; UNICODE ""
56F9F87D |68 30ED2958 push WeChatWi.5829ED30 ; UNICODE "\r"
56F9F882 |8D8D 18FFFFFF lea ecx,dword ptr ss:[ebp-0xE8]
56F9F888 |E8 D3054700 call WeChatWi.5740FE60
56F9F88D |8D85 18FFFFFF lea eax,dword ptr ss:[ebp-0xE8]
56F9F893 |50 push eax
56F9F894 |8D8D A0FEFFFF lea ecx,dword ptr ss:[ebp-0x160]
56F9F89A |E8 51302400 call WeChatWi.571E28F0
56F9F89F |8D85 00FFFFFF lea eax,dword ptr ss:[ebp-0x100]
56F9F8A5 |50 push eax
56F9F8A6 |8D8E 28030000 lea ecx,dword ptr ds:[esi+0x328]
56F9F8AC |E8 AF11FFFF call WeChatWi.56F90A60
56F9F8B1 |50 push eax
56F9F8B2 |8D8D A0FEFFFF lea ecx,dword ptr ss:[ebp-0x160]
56F9F8B8 |E8 F38E1F00 call WeChatWi.571987B0
56F9F8BD |8D8D 00FFFFFF lea ecx,dword ptr ss:[ebp-0x100]
56F9F8C3 |E8 D8D6FDFF call WeChatWi.56F7CFA0
56F9F8C8 |8D85 44FFFFFF lea eax,dword ptr ss:[ebp-0xBC]
56F9F8CE |50 push eax
56F9F8CF |E8 DC2AFEFF call WeChatWi.56F823B0
56F9F8D4 |8BC8 mov ecx,eax
56F9F8D6 |E8 65F63C00 call WeChatWi.5736EF40
56F9F8DB |6A 00 push 0x0
56F9F8DD |50 push eax
56F9F8DE |8D8D 00FFFFFF lea ecx,dword ptr ss:[ebp-0x100]
56F9F8E4 |E8 17F64600 call WeChatWi.5740EF00
56F9F8E9 |8D8D 44FFFFFF lea ecx,dword ptr ss:[ebp-0xBC]
56F9F8EF |C645 FC 13 mov byte ptr ss:[ebp-0x4],0x13
56F9F8F3 |E8 68D9FDFF call WeChatWi.56F7D260
56F9F8F8 |8D85 00FFFFFF lea eax,dword ptr ss:[ebp-0x100]
56F9F8FE |50 push eax
56F9F8FF |8D8D A0FEFFFF lea ecx,dword ptr ss:[ebp-0x160]
56F9F905 |E8 B62F2400 call WeChatWi.571E28C0
56F9F90A |6A 00 push 0x0
56F9F90C |E8 126A0601 call WeChatWi.58006323
56F9F911 |83C4 04 add esp,0x4
56F9F914 |8985 E0FEFFFF mov dword ptr ss:[ebp-0x120],eax
56F9F91A |8D85 A0FEFFFF lea eax,dword ptr ss:[ebp-0x160]
56F9F920 |8D8D 30FFFFFF lea ecx,dword ptr ss:[ebp-0xD0]
56F9F926 |50 push eax
56F9F927 |E8 B40B0000 call WeChatWi.56FA04E0
56F9F92C |E8 0F6AFFFF call WeChatWi.56F96340
56F9F931 |8D85 30FFFFFF lea eax,dword ptr ss:[ebp-0xD0]
56F9F937 |50 push eax
56F9F938 |E8 03292300 call WeChatWi.571D2240 ; 调用地址
56F9F93D |8B46 E0 mov eax,dword ptr ds:[esi-0x20] ; WeChatWi.57741459
56F9F940 |8D4E E0 lea ecx,dword ptr ds:[esi-0x20]
56F9F943 |6A 01 push 0x1
56F9F945 |FF10 call dword ptr ds:[eax]
56F9F947 |8D8D 00FFFFFF lea ecx,dword ptr ss:[ebp-0x100]
56F9F94D |E8 4ED6FDFF call WeChatWi.56F7CFA0
56F9F952 |8D8D A0FEFFFF lea ecx,dword ptr ss:[ebp-0x160]
56F9F958 |E8 33C43F00 call WeChatWi.5739BD90
56F9F95D |8D8D 30FFFFFF lea ecx,dword ptr ss:[ebp-0xD0]
56F9F963 |E8 080C0000 call WeChatWi.56FA0570
56F9F968 |8D8D 18FFFFFF lea ecx,dword ptr ss:[ebp-0xE8]
56F9F96E |E8 2DD6FDFF call WeChatWi.56F7CFA0
56F9F973 |E9 18030000 jmp WeChatWi.56F9FC90
56F9F978 \6A 01 push 0x1
56F9F97A FF76 E4 push dword ptr ds:[esi-0x1C]
56F9F97D FF15 28A91258 call dword ptr ds:[<&USER32.EnableWindow>; user32.EnableWindow
56F9F983 FF76 E4 push dword ptr ds:[esi-0x1C]
56F9F986 FF15 24A91258 call dword ptr ds:[<&USER32.SetFocus>] ; user32.SetFocus
56F9F98C 8D8D 18FFFFFF lea ecx,dword ptr ss:[ebp-0xE8]
56F9F992 E8 09D6FDFF call WeChatWi.56F7CFA0
56F9F997 E9 F4020000 jmp WeChatWi.56F9FC90
56F9F99C 68 04E32158 push WeChatWi.5821E304 ; UNICODE "timer"
56F9F9A1 8BCF mov ecx,edi
56F9F9A3 E8 D8C77900 call WeChatWi.5773C180
56F9F9A8 50 push eax
56F9F9A9 E8 60C60501 call WeChatWi.57FFC00E
56F9F9AE 83C4 08 add esp,0x8
56F9F9B1 85C0 test eax,eax
56F9F9B3 75 48 jnz short WeChatWi.56F9F9FD
56F9F9B5 81BF 18010000 5>cmp dword ptr ds:[edi+0x118],0x45A
56F9F9BF 0F85 CB020000 jnz WeChatWi.56F9FC90
56F9F9C5 FF76 E4 push dword ptr ds:[esi-0x1C]
56F9F9C8 FF15 24A91258 call dword ptr ds:[<&USER32.SetFocus>] ; user32.SetFocus
56F9F9CE 8B86 90030000 mov eax,dword ptr ds:[esi+0x390]
56F9F9D4 85C0 test eax,eax
56F9F9D6 74 0D je short WeChatWi.56F9F9E5
56F9F9D8 6A 00 push 0x0
56F9F9DA 6A 00 push 0x0
56F9F9DC 50 push eax
56F9F9DD 8D4E 10 lea ecx,dword ptr ds:[esi+0x10]
56F9F9E0 E8 9E1A7A00 call WeChatWi.57741483
56F9F9E5 68 5A040000 push 0x45A
56F9F9EA FFB6 90030000 push dword ptr ds:[esi+0x390]
56F9F9F0 8D4E 10 lea ecx,dword ptr ds:[esi+0x10]
56F9F9F3 E8 7E1D7A00 call WeChatWi.57741776
56F9F9F8 E9 93020000 jmp WeChatWi.56F9FC90
56F9F9FD 68 1CE72958 push WeChatWi.5829E71C ; UNICODE "textchanged"
56F9FA02 8BCF mov ecx,edi
56F9FA04 E8 77C77900 call WeChatWi.5773C180
56F9FA09 50 push eax
56F9FA0A E8 FFC50501 call WeChatWi.57FFC00E
56F9FA0F 83C4 08 add esp,0x8
56F9FA12 85C0 test eax,eax
56F9FA14 0F85 D1000000 jnz WeChatWi.56F9FAEB
56F9FA1A 8B8F 08010000 mov ecx,dword ptr ds:[edi+0x108] ; ntdll.770B562E
56F9FA20 8D95 5CFFFFFF lea edx,dword ptr ss:[ebp-0xA4]
56F9FA26 52 push edx
56F9FA27 8B01 mov eax,dword ptr ds:[ecx]
56F9FA29 FF50 04 call dword ptr ds:[eax+0x4]
56F9FA2C 68 68EB2958 push WeChatWi.5829EB68 ; UNICODE "contendEdit"
56F9FA31 8BC8 mov ecx,eax
56F9FA33 E8 48C77900 call WeChatWi.5773C180
56F9FA38 50 push eax
56F9FA39 E8 D0C50501 call WeChatWi.57FFC00E
56F9FA3E 83C4 08 add esp,0x8
56F9FA41 8D8D 5CFFFFFF lea ecx,dword ptr ss:[ebp-0xA4]
56F9FA47 85C0 test eax,eax
56F9FA49 0F94C3 sete bl
56F9FA4C E8 C8C77900 call WeChatWi.5773C219
56F9FA51 84DB test bl,bl
56F9FA53 0F84 37020000 je WeChatWi.56F9FC90
56F9FA59 8B8E 90030000 mov ecx,dword ptr ds:[esi+0x390]
56F9FA5F 8D95 5CFFFFFF lea edx,dword ptr ss:[ebp-0xA4]
56F9FA65 52 push edx
56F9FA66 8B01 mov eax,dword ptr ds:[ecx]
56F9FA68 FF50 3C call dword ptr ds:[eax+0x3C]
56F9FA6B 6A FF push -0x1
56F9FA6D 8BC8 mov ecx,eax
56F9FA6F E8 0CC77900 call WeChatWi.5773C180
56F9FA74 50 push eax
56F9FA75 8D8D 18FFFFFF lea ecx,dword ptr ss:[ebp-0xE8]
56F9FA7B E8 30F34600 call WeChatWi.5740EDB0
56F9FA80 8D8D 5CFFFFFF lea ecx,dword ptr ss:[ebp-0xA4]
56F9FA86 C745 FC 1400000>mov dword ptr ss:[ebp-0x4],0x14
56F9FA8D E8 87C77900 call WeChatWi.5773C219
56F9FA92 8D8D 18FFFFFF lea ecx,dword ptr ss:[ebp-0xE8]
56F9FA98 E8 63A64700 call WeChatWi.5741A100
56F9FA9D 8D86 B8030000 lea eax,dword ptr ds:[esi+0x3B8]
56F9FAA3 50 push eax
56F9FAA4 8D8D 18FFFFFF lea ecx,dword ptr ss:[ebp-0xE8]
56F9FAAA E8 91F84600 call WeChatWi.5740F340
56F9FAAF 8B8E A0030000 mov ecx,dword ptr ds:[esi+0x3A0]
56F9FAB5 84C0 test al,al
56F9FAB7 8B01 mov eax,dword ptr ds:[ecx]
56F9FAB9 74 18 je short WeChatWi.56F9FAD3
56F9FABB 6A 00 push 0x0
56F9FABD FF90 F8000000 call dword ptr ds:[eax+0xF8]
56F9FAC3 8D8D 18FFFFFF lea ecx,dword ptr ss:[ebp-0xE8]
退出群聊:群:22905167168@chatroom
基址:56F30000
5714A338 50 push eax
5714A339 8D4B 04 lea ecx,dword ptr ds:[ebx+0x4]
5714A33C E8 FF4F2C00 call WeChatWi.5740F340
5714A341 84C0 test al,al
5714A343 0F84 0A130000 je WeChatWi.5714B653
5714A349 83EC 14 sub esp,0x14
5714A34C 8BCC mov ecx,esp
5714A34E 6A FF push -0x1
5714A350 68 08892958 push WeChatWi.58298908
5714A355 E8 564A2C00 call WeChatWi.5740EDB0
5714A35A 8D8F C4FCFFFF lea ecx,dword ptr ds:[edi-0x33C]
5714A360 E8 5B160100 call WeChatWi.5715B9C0
5714A365 8B87 0C070000 mov eax,dword ptr ds:[edi+0x70C]
5714A36B B2 01 mov dl,0x1
5714A36D 8ACA mov cl,dl
5714A36F C680 890B0000 0>mov byte ptr ds:[eax+0xB89],0x0
5714A376 E8 1511E6FF call WeChatWi.56FAB490
5714A37B 83EC 1C sub esp,0x1C
5714A37E 8BCC mov ecx,esp
5714A380 6A FF push -0x1
5714A382 68 08892958 push WeChatWi.58298908
5714A387 E8 244A2C00 call WeChatWi.5740EDB0
5714A38C 8D8F C4FCFFFF lea ecx,dword ptr ds:[edi-0x33C]
5714A392 E8 A9BA0000 call WeChatWi.57155E40
5714A397 E9 B7120000 jmp WeChatWi.5714B653
5714A39C 85DB test ebx,ebx
5714A39E 0F84 AF120000 je WeChatWi.5714B653
5714A3A4 83C3 04 add ebx,0x4
5714A3A7 53 push ebx
5714A3A8 E8 F3BFE4FF call WeChatWi.56F963A0
5714A3AD 8BC8 mov ecx,eax
5714A3AF E8 1C2AEDFF call WeChatWi.5701CDD0
5714A3B4 85C0 test eax,eax
5714A3B6 74 08 je short WeChatWi.5714A3C0
5714A3B8 8B10 mov edx,dword ptr ds:[eax]
5714A3BA 8BC8 mov ecx,eax
5714A3BC 6A 01 push 0x1
5714A3BE FF12 call dword ptr ds:[edx]
5714A3C0 8B87 0C070000 mov eax,dword ptr ds:[edi+0x70C]
5714A3C6 B2 01 mov dl,0x1
5714A3C8 8ACA mov cl,dl
5714A3CA C680 890B0000 0>mov byte ptr ds:[eax+0xB89],0x0
5714A3D1 E8 BA10E6FF call WeChatWi.56FAB490
5714A3D6 8BCB mov ecx,ebx
5714A3D8 E8 F36F3D00 call WeChatWi.575213D0
5714A3DD 84C0 test al,al
5714A3DF 0F84 93000000 je WeChatWi.5714A478
5714A3E5 83EC 14 sub esp,0x14
5714A3E8 8BCC mov ecx,esp
5714A3EA 8965 EC mov dword ptr ss:[ebp-0x14],esp
5714A3ED 53 push ebx
5714A3EE E8 FD492C00 call WeChatWi.5740EDF0
5714A3F3 C745 FC 3700000>mov dword ptr ss:[ebp-0x4],0x37
5714A3FA E8 3128EDFF call WeChatWi.5701CC30
5714A3FF C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
5714A406 E8 45053E00 call WeChatWi.5752A950
5714A40B 8DB7 080D0000 lea esi,dword ptr ds:[edi+0xD08]
5714A411 8BCB mov ecx,ebx
5714A413 56 push esi
5714A414 E8 274F2C00 call WeChatWi.5740F340
5714A419 84C0 test al,al
5714A41B 0F84 32120000 je WeChatWi.5714B653
5714A421 6A FF push -0x1
5714A423 68 08892958 push WeChatWi.58298908
5714A428 8D8D 68F2FFFF lea ecx,dword ptr ss:[ebp-0xD98]
5714A42E E8 7D492C00 call WeChatWi.5740EDB0
5714A433 C745 FC 3800000>mov dword ptr ss:[ebp-0x4],0x38
5714A43A E8 E142E3FF call WeChatWi.56F7E720
5714A43F 8D85 68F2FFFF lea eax,dword ptr ss:[ebp-0xD98]
5714A445 50 push eax
5714A446 56 push esi
5714A447 E8 94470900 call WeChatWi.571DEBE0
5714A44C 83EC 1C sub esp,0x1C
5714A44F 8D85 68F2FFFF lea eax,dword ptr ss:[ebp-0xD98]
5714A455 8BCC mov ecx,esp
5714A457 50 push eax
5714A458 E8 93492C00 call WeChatWi.5740EDF0
5714A45D 8D8F C4FCFFFF lea ecx,dword ptr ds:[edi-0x33C]
5714A463 E8 D8B90000 call WeChatWi.57155E40
5714A468 8D8D 68F2FFFF lea ecx,dword ptr ss:[ebp-0xD98]
5714A46E E8 2D2BE3FF call WeChatWi.56F7CFA0
5714A473 E9 DB110000 jmp WeChatWi.5714B653
5714A478 E8 C3BEE4FF call WeChatWi.56F96340
5714A47D 53 push ebx
5714A47E E8 9D500800 call WeChatWi.571CF520 ; 调用这行
5714A483 8D87 080D0000 lea eax,dword ptr ds:[edi+0xD08]
5714A489 8BCB mov ecx,ebx
5714A48B 50 push eax
5714A48C E8 AF4E2C00 call WeChatWi.5740F340
5714A491 84C0 test al,al
5714A493 0F84 BA110000 je WeChatWi.5714B653
5714A499 83EC 14 sub esp,0x14
5714A49C 8BCC mov ecx,esp
5714A49E 6A FF push -0x1
5714A4A0 68 08892958 push WeChatWi.58298908
5714A4A5 E8 06492C00 call WeChatWi.5740EDB0
5714A4AA 8D8F C4FCFFFF lea ecx,dword ptr ds:[edi-0x33C]
5714A4B0 E8 0B150100 call WeChatWi.5715B9C0
5714A4B5 ^ E9 C1FEFFFF jmp WeChatWi.5714A37B
5714A4BA E8 E1BEE4FF call WeChatWi.56F963A0
5714A4BF 8D87 340D0000 lea eax,dword ptr ds:[edi+0xD34]
5714A4C5 81C7 F40C0000 add edi,0xCF4
5714A4CB 50 push eax
5714A4CC 57 push edi
5714A4CD 53 push ebx
5714A4CE 56 push esi
5714A4CF E8 7C37EDFF call WeChatWi.5701DC50
5714A4D4 E9 7A110000 jmp WeChatWi.5714B653
5714A4D9 8B87 C8FCFFFF mov eax,dword ptr ds:[edi-0x338]
5714A4DF 8985 00F3FFFF mov dword ptr ss:[ebp-0xD00],eax
5714A4E5 8BC6 mov eax,esi
5714A4E7 0B85 FCF2FFFF or eax,dword ptr ss:[ebp-0xD04]
5714A4ED 74 06 je short WeChatWi.5714A4F5
5714A4EF 89B5 00F3FFFF mov dword ptr ss:[ebp-0xD00],esi
5714A4F5 85DB test ebx,ebx
5714A4F7 0F84 56110000 je WeChatWi.5714B653
5714A4FD 837B 08 01 cmp dword ptr ds:[ebx+0x8],0x1
5714A501 0F85 B4000000 jnz WeChatWi.5714A5BB
5714A507 837B 0C 00 cmp dword ptr ds:[ebx+0xC],0x0
5714A50B 0F85 AA000000 jnz WeChatWi.5714A5BB
5714A511 8D87 080D0000 lea eax,dword ptr ds:[edi+0xD08]
5714A517 50 push eax
5714A518 8D8D 54F2FFFF lea ecx,dword ptr ss:[ebp-0xDAC]
5714A51E E8 CD482C00 call WeChatWi.5740EDF0
5714A523 C745 FC 3B00000>mov dword ptr ss:[ebp-0x4],0x3B
5714A52A 8B9D 00F3FFFF mov ebx,dword ptr ss:[ebp-0xD00]
5714A530 3B9F C8FCFFFF cmp ebx,dword ptr ds:[edi-0x338]
5714A536 74 2B je short WeChatWi.5714A563
5714A538 8D85 14F1FFFF lea eax,dword ptr ss:[ebp-0xEEC]
5714A53E 53 push ebx
5714A53F 50 push eax
5714A540 E8 5BBEE4FF call WeChatWi.56F963A0
5714A545 8BC8 mov ecx,eax
5714A547 E8 5436EDFF call WeChatWi.5701DBA0
5714A54C 50 push eax
5714A54D 8D8D 54F2FFFF lea ecx,dword ptr ss:[ebp-0xDAC]
5714A553 E8 38532C00 call WeChatWi.5740F890
5714A558 8D8D 14F1FFFF lea ecx,dword ptr ss:[ebp-0xEEC]
5714A55E E8 3D2AE3FF call WeChatWi.56F7CFA0
5714A563 68 E00C0000 push 0xCE0
5714A568 E8 80FAAB00 call WeChatWi.57C09FED
5714A56D 8BF0 mov esi,eax
5714A56F 83C4 04 add esp,0x4
5714A572 89B5 F8F2FFFF mov dword ptr ss:[ebp-0xD08],esi
5714A578 C645 FC 3C mov byte ptr ss:[ebp-0x4],0x3C
5714A57C 8D85 54F2FFFF lea eax,dword ptr ss:[ebp-0xDAC]
5714A582 8B8F 84070000 mov ecx,dword ptr ds:[edi+0x784]
5714A588 6A 01 push 0x1
5714A58A 6A 00 push 0x0
5714A58C FFB1 A40E0000 push dword ptr ds:[ecx+0xEA4]
5714A592 83EC 14 sub esp,0x14
5714A595 8BCC mov ecx,esp
5714A597 50 push eax
5714A598 E8 53482C00 call WeChatWi.5740EDF0
5714A59D 53 push ebx
5714A59E 8BCE mov ecx,esi
5714A5A0 E8 5BBEE4FF call WeChatWi.56F96400
5714A5A5 8D8D 54F2FFFF lea ecx,dword ptr ss:[ebp-0xDAC]
5714A5AB C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
5714A5B2 8BF0 mov esi,eax
5714A5B4 E8 E729E3FF call WeChatWi.56F7CFA0
5714A5B9 EB 54 jmp short WeChatWi.5714A60F
5714A5BB 68 E00C0000 push 0xCE0
5714A5C0 E8 28FAAB00 call WeChatWi.57C09FED
5714A5C5 8BF0 mov esi,eax
5714A5C7 83C4 04 add esp,0x4
5714A5CA 89B5 F8F2FFFF mov dword ptr ss:[ebp-0xD08],esi
5714A5D0 6A 01 push 0x1
5714A5D2 C745 FC 3D00000>mov dword ptr ss:[ebp-0x4],0x3D
5714A5D9 8B8F 84070000 mov ecx,dword ptr ds:[edi+0x784]
5714A5DF 6A 00 push 0x0
5714A5E1 FFB1 A40E0000 push dword ptr ds:[ecx+0xEA4]
5714A5E7 83EC 14 sub esp,0x14
5714A5EA 8BCC mov ecx,esp
5714A5EC 6A FF push -0x1
5714A5EE 68 08892958 push WeChatWi.58298908
5714A5F3 E8 B8472C00 call WeChatWi.5740EDB0
5714A5F8 8B9D 00F3FFFF mov ebx,dword ptr ss:[ebp-0xD00]
5714A5FE 8BCE mov ecx,esi
5714A600 53 push ebx
5714A601 E8 FABDE4FF call WeChatWi.56F96400
5714A606 8BF0 mov esi,eax
5714A608 C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
5714A60F 8B45 EC mov eax,dword ptr ss:[ebp-0x14]
5714A612 0B85 FCF2FFFF or eax,dword ptr ss:[ebp-0xD04]
5714A618 74 25 je short WeChatWi.5714A63F
5714A61A 8D4D E0 lea ecx,dword ptr ss:[ebp-0x20]
5714A61D E8 54185F00 call WeChatWi.5773BE76
5714A622 8BC1 mov eax,ecx
5714A624 50 push eax
5714A625 53 push ebx
5714A626 FF15 04A91258 call dword ptr ds:[<&USER32.GetWindowRec>; user32.GetWindowRect
删除好友:
基址:56F30000
570C0824 8BCC mov ecx,esp
570C0826 8965 E4 mov dword ptr ss:[ebp-0x1C],esp
570C0829 6A FF push -0x1
570C082B 68 08892958 push WeChatWi.58298908
570C0830 E8 7BE53400 call WeChatWi.5740EDB0
570C0835 8B45 98 mov eax,dword ptr ss:[ebp-0x68] ; user32.73DC6531
570C0838 85C0 test eax,eax
570C083A 74 06 je short WeChatWi.570C0842
570C083C 66:8338 00 cmp word ptr ds:[eax],0x0
570C0840 75 05 jnz short WeChatWi.570C0847
570C0842 B8 08892958 mov eax,WeChatWi.58298908
570C0847 83EC 14 sub esp,0x14
570C084A 8BCC mov ecx,esp
570C084C 8965 E0 mov dword ptr ss:[ebp-0x20],esp
570C084F 6A FF push -0x1
570C0851 50 push eax
570C0852 E8 59E53400 call WeChatWi.5740EDB0
570C0857 83EC 14 sub esp,0x14
570C085A C645 FC 0A mov byte ptr ss:[ebp-0x4],0xA
570C085E BA 5C040000 mov edx,0x45C
570C0863 8BCC mov ecx,esp
570C0865 E8 76F43400 call WeChatWi.5740FCE0
570C086A 8B8B 9C020000 mov ecx,dword ptr ds:[ebx+0x29C]
570C0870 E8 0BB96700 call WeChatWi.5773C180
570C0875 BA 01000000 mov edx,0x1
570C087A C645 FC 05 mov byte ptr ss:[ebp-0x4],0x5
570C087E 8BC8 mov ecx,eax
570C0880 E8 1BCBF9FF call WeChatWi.5705D3A0
570C0885 83C4 6C add esp,0x6C
570C0888 84C0 test al,al
570C088A 0F84 CD000000 je WeChatWi.570C095D
570C0890 E8 1B1BECFF call WeChatWi.56F823B0
570C0895 8A80 44050000 mov al,byte ptr ds:[eax+0x544]
570C089B 84C0 test al,al
570C089D 0F84 BA000000 je WeChatWi.570C095D
570C08A3 8BCF mov ecx,edi
570C08A5 E8 C6105800 call WeChatWi.57641970
570C08AA 84C0 test al,al
570C08AC 74 18 je short WeChatWi.570C08C6
570C08AE E8 5D86EEFF call WeChatWi.56FA8F10
570C08B3 E8 18E95700 call WeChatWi.5763F1D0
570C08B8 57 push edi
570C08B9 E8 72455800 call WeChatWi.57644E30
570C08BE 8D4D 98 lea ecx,dword ptr ss:[ebp-0x68]
570C08C1 E9 1E050000 jmp WeChatWi.570C0DE4
570C08C6 0F1005 E0882958 movups xmm0,dqword ptr ds:[0x582988E0]
570C08CD 83EC 10 sub esp,0x10
570C08D0 8BC4 mov eax,esp
570C08D2 83EC 10 sub esp,0x10
570C08D5 0F1100 movups dqword ptr ds:[eax],xmm0
570C08D8 8BC4 mov eax,esp
570C08DA 83EC 10 sub esp,0x10
570C08DD 0F1100 movups dqword ptr ds:[eax],xmm0
570C08E0 8BC4 mov eax,esp
570C08E2 83EC 10 sub esp,0x10
570C08E5 0F1100 movups dqword ptr ds:[eax],xmm0
570C08E8 8BC4 mov eax,esp
570C08EA 83EC 10 sub esp,0x10
570C08ED 0F1100 movups dqword ptr ds:[eax],xmm0
570C08F0 8BC4 mov eax,esp
570C08F2 83EC 14 sub esp,0x14
570C08F5 8BCC mov ecx,esp
570C08F7 57 push edi
570C08F8 0F1100 movups dqword ptr ds:[eax],xmm0
570C08FB E8 F0E43400 call WeChatWi.5740EDF0
570C0900 8D8D 34FFFFFF lea ecx,dword ptr ss:[ebp-0xCC]
570C0906 E8 A5293600 call WeChatWi.574232B0
570C090B 83C4 14 add esp,0x14
570C090E 8BC8 mov ecx,eax
570C0910 E8 9BD7EDFF call WeChatWi.56F9E0B0
570C0915 83EC 10 sub esp,0x10
570C0918 BA ECD52E58 mov edx,WeChatWi.582ED5EC ; ASCII 30,"1_ui\contact\ContactListUI.cpp"
570C091D 8BCC mov ecx,esp
570C091F 68 0CD62E58 push WeChatWi.582ED60C ; ASCII 4D,"enuCmdDeleteFriend username = %s"
570C0924 68 30D62E58 push WeChatWi.582ED630 ; ASCII 43,"ontactListUI"
570C0929 C601 02 mov byte ptr ds:[ecx],0x2
570C092C 8941 08 mov dword ptr ds:[ecx+0x8],eax
570C092F B9 02000000 mov ecx,0x2
570C0934 68 60D62E58 push WeChatWi.582ED660 ; ASCII 43,"ontactListUI::OnMenuItemClicked"
570C0939 68 EE000000 push 0xEE
570C093E E8 BDD73400 call WeChatWi.5740E100
570C0943 83C4 70 add esp,0x70
570C0946 8D8D 34FFFFFF lea ecx,dword ptr ss:[ebp-0xCC]
570C094C E8 4FC6EBFF call WeChatWi.56F7CFA0
570C0951 E8 CADDEBFF call WeChatWi.56F7E720
570C0956 51 push ecx
570C0957 57 push edi
570C0958 E8 03D61100 call WeChatWi.571DDF60 ; 调用这行
570C095D 8D4D 98 lea ecx,dword ptr ss:[ebp-0x68]
570C0960 E9 7F040000 jmp WeChatWi.570C0DE4
570C0965 8B4D 08 mov ecx,dword ptr ss:[ebp+0x8]
570C0968 68 E8D42E58 push WeChatWi.582ED4E8 ; UNICODE "menuCmdDeletePublicUser"
570C096D E8 9EEA3400 call WeChatWi.5740F410
570C0972 85C0 test eax,eax
570C0974 0F85 FF000000 jnz WeChatWi.570C0A79
570C097A 83EC 14 sub esp,0x14
570C097D 8BCC mov ecx,esp
570C097F 6A FF push -0x1
570C0981 68 08892958 push WeChatWi.58298908
570C0986 E8 25E43400 call WeChatWi.5740EDB0
570C098B 8B8B 9C020000 mov ecx,dword ptr ds:[ebx+0x29C]
570C0991 83EC 08 sub esp,0x8
570C0994 6A 01 push 0x1
570C0996 6A 00 push 0x0
570C0998 6A 00 push 0x0
570C099A 68 60040000 push 0x460
570C099F E8 DCB76700 call WeChatWi.5773C180
570C09A4 BA 5E040000 mov edx,0x45E
570C09A9 8BC8 mov ecx,eax
570C09AB E8 10C7F9FF call WeChatWi.5705D0C0
570C09B0 83C4 2C add esp,0x2C
570C09B3 84C0 test al,al
570C09B5 0F84 2E040000 je WeChatWi.570C0DE9
570C09BB E8 F019ECFF call WeChatWi.56F823B0
570C09C0 8A80 44050000 mov al,byte ptr ds:[eax+0x544]
570C09C6 84C0 test al,al
570C09C8 0F84 1B040000 je WeChatWi.570C0DE9
570C09CE 0F1005 E0882958 movups xmm0,dqword ptr ds:[0x582988E0]
570C09D5 83EC 10 sub esp,0x10
570C09D8 8BC4 mov eax,esp
570C09DA 83EC 10 sub esp,0x10
570C09DD 0F1100 movups dqword ptr ds:[eax],xmm0
570C09E0 8BC4 mov eax,esp
570C09E2 83EC 10 sub esp,0x10
570C09E5 0F1100 movups dqword ptr ds:[eax],xmm0
570C09E8 8BC4 mov eax,esp
570C09EA 83EC 10 sub esp,0x10
570C09ED 0F1100 movups dqword ptr ds:[eax],xmm0
570C09F0 8BC4 mov eax,esp
570C09F2 83EC 10 sub esp,0x10
570C09F5 0F1100 movups dqword ptr ds:[eax],xmm0
570C09F8 8BC4 mov eax,esp
570C09FA 83EC 14 sub esp,0x14
570C09FD 8BCC mov ecx,esp
570C09FF 57 push edi
570C0A00 0F1100 movups dqword ptr ds:[eax],xmm0
570C0A03 E8 E8E33400 call WeChatWi.5740EDF0
570C0A08 8D8D 20FFFFFF lea ecx,dword ptr ss:[ebp-0xE0]
570C0A0E E8 9D283600 call WeChatWi.574232B0
570C0A13 83C4 14 add esp,0x14
570C0A16 8BC8 mov ecx,eax
570C0A18 E8 93D6EDFF call WeChatWi.56F9E0B0
570C0A1D 83EC 10 sub esp,0x10
570C0A20 BA ECD52E58 mov edx,WeChatWi.582ED5EC ; ASCII 30,"1_ui\contact\ContactListUI.cpp"
570C0A25 8BCC mov ecx,esp
570C0A27 68 84D62E58 push WeChatWi.582ED684
570C0A2C 68 30D62E58 push WeChatWi.582ED630 ; ASCII 43,"ontactListUI"
570C0A31 C601 02 mov byte ptr ds:[ecx],0x2
570C0A34 8941 08 mov dword ptr ds:[ecx+0x8],eax
570C0A37 B9 02000000 mov ecx,0x2
570C0A3C 68 60D62E58 push WeChatWi.582ED660 ; ASCII 43,"ontactListUI::OnMenuItemClicked"
570C0A41 68 FB000000 push 0xFB
570C0A46 E8 B5D63400 call WeChatWi.5740E100
570C0A4B 83C4 70 add esp,0x70
570C0A4E 8D8D 20FFFFFF lea ecx,dword ptr ss:[ebp-0xE0]
570C0A54 E8 47C5EBFF call WeChatWi.56F7CFA0
570C0A59 E8 C2DCEBFF call WeChatWi.56F7E720
570C0A5E 51 push ecx
570C0A5F 57 push edi
570C0A60 E8 FBD41100 call WeChatWi.571DDF60
570C0A65 8B4D F4 mov ecx,dword ptr ss:[ebp-0xC]
570C0A68 64:890D 0000000>mov dword ptr fs:[0],ecx
570C0A6F 59 pop ecx ; user32.73DE4F8A
570C0A70 5F pop edi ; user32.73DE4F8A
570C0A71 5E pop esi ; user32.73DE4F8A
570C0A72 5B pop ebx ; user32.73DE4F8A
570C0A73 8BE5 mov esp,ebp
570C0A75 5D pop ebp ; user32.73DE4F8A
570C0A76 C2 0800 retn 0x8
570C0A79 8B4D 08 mov ecx,dword ptr ss:[ebp+0x8]
570C0A7C 68 74D42E58 push WeChatWi.582ED474 ; UNICODE "menuCmdModifyRoomName"
570C0A81 E8 8AE93400 call WeChatWi.5740F410
570C0A86 85C0 test eax,eax
570C0A88 75 6E jnz short WeChatWi.570C0AF8
570C0A8A 50 push eax
570C0A8B 8D8B 00F4FFFF lea ecx,dword ptr ds:[ebx-0xC00]
570C0A91 F7D9 neg ecx
570C0A93 8D43 04 lea eax,dword ptr ds:[ebx+0x4]
570C0A96 6A 20 push 0x20
570C0A98 1BC9 sbb ecx,ecx
570C0A9A 23C8 and ecx,eax
570C0A9C 8D86 FC030000 lea eax,dword ptr ds:[esi+0x3FC]
570C0AA2 51 push ecx
570C0AA3 83EC 14 sub esp,0x14
570C0AA6 8BCC mov ecx,esp
570C0AA8 50 push eax
570C0AA9 E8 42E33400 call WeChatWi.5740EDF0
570C0AAE 83EC 14 sub esp,0x14
570C0AB1 8BCC mov ecx,esp
570C0AB3 57 push edi
570C0AB4 E8 37E33400 call WeChatWi.5740EDF0
570C0AB9 83EC 14 sub esp,0x14
570C0ABC 8BCC mov ecx,esp
570C0ABE 6A FF push -0x1
发xml消息(发送名片):
消息格式:
<?xml version="1.0"?>
<msg
bigheadimgurl="http://wx.qlogo.cn/mmhead/ver_1/7IiaGRVxyprWcBA9v2IA1NLRa1K5YbEX5dBzmcEKw4OupNxsYuYSBt1zG91O6p07XlIOQIFhPCC3hU1icJMk3z28Ygh6IhfZrV4oYtXZXEU5A/0"
smallheadimgurl="http://wx.qlogo.cn/mmhead/ver_1/7IiaGRVxyprWcBA9v2IA1NLRa1K5YbEX5dBzmcEKw4OupNxsYuYSBt1zG91O6p07XlIOQIFhPCC3hU1icJMk3z28Ygh6IhfZrV4oYtXZXEU5A/132"
username="%s" nickname="%s" fullpy="?" shortpy="" alias="%s" imagestatus="3"
scene="17" province="北京" city="中国" sign="" sex="2" certflag="0"
certinfo="" brandIconUrl="" brandHomeUrl="" brandSubscriptConfigUrl= ""
brandFlags="0" regionCode="CN_BeiJing_BeiJing"
/>
基址:56F30000
56F8079B E8 00DF2300 call WeChatWi.571BE6A0
56F807A0 C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
56F807A4 B8 67666666 mov eax,0x66666667
56F807A9 8B7D 20 mov edi,dword ptr ss:[ebp+0x20]
56F807AC 8BCF mov ecx,edi
56F807AE 8B75 1C mov esi,dword ptr ss:[ebp+0x1C] ; WeChat.01390000
56F807B1 2BCE sub ecx,esi
56F807B3 F7E9 imul ecx
56F807B5 C1FA 03 sar edx,0x3
56F807B8 8BC2 mov eax,edx
56F807BA C1E8 1F shr eax,0x1F
56F807BD 03C2 add eax,edx
56F807BF 0F84 C4000000 je WeChatWi.56F80889
56F807C5 3BF7 cmp esi,edi
56F807C7 0F84 BC000000 je WeChatWi.56F80889
56F807CD 0F1F ??? ; 未知命令
56F807CF 006A FF add byte ptr ds:[edx-0x1],ch
56F807D2 0F57C0 xorps xmm0,xmm0
56F807D5 C745 EC 0000000>mov dword ptr ss:[ebp-0x14],0x0
56F807DC 68 94952958 push WeChatWi.58299594 ; UNICODE "ForwardShareCard"
56F807E1 8D4D DC lea ecx,dword ptr ss:[ebp-0x24]
56F807E4 0F1145 DC movups dqword ptr ss:[ebp-0x24],xmm0
56F807E8 E8 C3E84800 call WeChatWi.5740F0B0
56F807ED 8B5D DC mov ebx,dword ptr ss:[ebp-0x24]
56F807F0 85DB test ebx,ebx
56F807F2 74 08 je short WeChatWi.56F807FC
56F807F4 66:833B 00 cmp word ptr ds:[ebx],0x0
56F807F8 8BC3 mov eax,ebx
56F807FA 75 05 jnz short WeChatWi.56F80801
56F807FC B8 08892958 mov eax,WeChatWi.58298908
56F80801 50 push eax
56F80802 8D4D 08 lea ecx,dword ptr ss:[ebp+0x8]
56F80805 E8 06EC4800 call WeChatWi.5740F410
56F8080A 8945 F0 mov dword ptr ss:[ebp-0x10],eax
56F8080D 85DB test ebx,ebx
56F8080F 74 09 je short WeChatWi.56F8081A
56F80811 53 push ebx
56F80812 E8 1D9A0801 call WeChatWi.5800A234
56F80817 83C4 04 add esp,0x4
56F8081A 8B45 E8 mov eax,dword ptr ss:[ebp-0x18] ; user32.73DE4F8A
56F8081D 85C0 test eax,eax
56F8081F 74 09 je short WeChatWi.56F8082A
56F80821 50 push eax
56F80822 E8 0D9A0801 call WeChatWi.5800A234
56F80827 83C4 04 add esp,0x4
56F8082A 837D F0 00 cmp dword ptr ss:[ebp-0x10],0x0
56F8082E 75 4E jnz short WeChatWi.56F8087E
56F80830 A1 60CD5458 mov eax,dword ptr ds:[0x5854CD60]
56F80835 A8 01 test al,0x1
56F80837 75 22 jnz short WeChatWi.56F8085B
56F80839 83C8 01 or eax,0x1
56F8083C A3 60CD5458 mov dword ptr ds:[0x5854CD60],eax
56F80841 C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
56F80845 E8 B6232D00 call WeChatWi.57252C00
56F8084A 68 B04B0F58 push WeChatWi.580F4BB0
56F8084F E8 049BC800 call WeChatWi.57C0A358
56F80854 83C4 04 add esp,0x4
56F80857 C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
56F8085B 6A 2A push 0x2A
56F8085D 8D45 C8 lea eax,dword ptr ss:[ebp-0x38]
56F80860 8BD6 mov edx,esi
56F80862 6A 00 push 0x0
56F80864 50 push eax
56F80865 8D8D E8FDFFFF lea ecx,dword ptr ss:[ebp-0x218]
56F8086B E8 80932D00 call WeChatWi.57259BF0 ; 调用这里
56F80870 83C4 0C add esp,0xC
56F80873 8D8D E8FDFFFF lea ecx,dword ptr ss:[ebp-0x218]
56F80879 E8 7280FFFF call WeChatWi.56F788F0
56F8087E 83C6 14 add esi,0x14
56F80881 3BF7 cmp esi,edi
56F80883 ^ 0F85 47FFFFFF jnz WeChatWi.56F807D0
56F80889 8B45 C8 mov eax,dword ptr ss:[ebp-0x38] ; WeChatRe.02CD24A6
56F8088C 85C0 test eax,eax
56F8088E 74 09 je short WeChatWi.56F80899
56F80890 50 push eax
56F80891 E8 9E990801 call WeChatWi.5800A234
56F80896 83C4 04 add esp,0x4
56F80899 8B45 D4 mov eax,dword ptr ss:[ebp-0x2C]
56F8089C 85C0 test eax,eax
56F8089E 74 09 je short WeChatWi.56F808A9
56F808A0 50 push eax
56F808A1 E8 8E990801 call WeChatWi.5800A234
56F808A6 83C4 04 add esp,0x4
56F808A9 8B45 08 mov eax,dword ptr ss:[ebp+0x8]
56F808AC 85C0 test eax,eax
56F808AE 74 10 je short WeChatWi.56F808C0
56F808B0 50 push eax
56F808B1 E8 7E990801 call WeChatWi.5800A234
56F808B6 83C4 04 add esp,0x4
56F808B9 C745 08 0000000>mov dword ptr ss:[ebp+0x8],0x0
56F808C0 8B45 14 mov eax,dword ptr ss:[ebp+0x14]
56F808C3 C745 10 0000000>mov dword ptr ss:[ebp+0x10],0x0
56F808CA C745 0C 0000000>mov dword ptr ss:[ebp+0xC],0x0
56F808D1 85C0 test eax,eax
56F808D3 74 17 je short WeChatWi.56F808EC
56F808D5 50 push eax
56F808D6 E8 59990801 call WeChatWi.5800A234
56F808DB 83C4 04 add esp,0x4
56F808DE C745 14 0000000>mov dword ptr ss:[ebp+0x14],0x0
56F808E5 C745 18 0000000>mov dword ptr ss:[ebp+0x18],0x0
56F808EC 8B75 1C mov esi,dword ptr ss:[ebp+0x1C] ; WeChat.01390000
56F808EF 85F6 test esi,esi
56F808F1 74 33 je short WeChatWi.56F80926
56F808F3 FF75 24 push dword ptr ss:[ebp+0x24]
56F808F6 8B55 20 mov edx,dword ptr ss:[ebp+0x20]
56F808F9 51 push ecx
56F808FA 8BCE mov ecx,esi
56F808FC E8 1F7FFFFF call WeChatWi.56F78820
56F80901 8B4D 24 mov ecx,dword ptr ss:[ebp+0x24]
56F80904 B8 67666666 mov eax,0x66666667
56F80909 8B75 1C mov esi,dword ptr ss:[ebp+0x1C] ; WeChat.01390000
56F8090C 2BCE sub ecx,esi
56F8090E F7E9 imul ecx
56F80910 6A 14 push 0x14
56F80912 C1FA 03 sar edx,0x3
56F80915 8BC2 mov eax,edx
56F80917 C1E8 1F shr eax,0x1F
56F8091A 03C2 add eax,edx
56F8091C 50 push eax
56F8091D 56 push esi
56F8091E E8 9D32FFFF call WeChatWi.56F73BC0
56F80923 83C4 14 add esp,0x14
56F80926 B0 01 mov al,0x1
56F80928 8B4D F4 mov ecx,dword ptr ss:[ebp-0xC]
56F8092B 64:890D 0000000>mov dword ptr fs:[0],ecx
修改群名称:群:22905167168@chatroom
基址:56F30000
56FA7180 0F94C0 sete al
56FA7183 84C0 test al,al
56FA7185 0F84 94000000 je WeChatWi.56FA721F
56FA718B 8D8D 1CFBFFFF lea ecx,dword ptr ss:[ebp-0x4E4]
56FA7191 E8 8AC85800 call WeChatWi.57533A20
56FA7196 C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
56FA719A E8 9100FDFF call WeChatWi.56F77230
56FA719F 8BF0 mov esi,eax
56FA71A1 8BCE mov ecx,esi
56FA71A3 E8 68605800 call WeChatWi.5752D210
56FA71A8 8B4E 24 mov ecx,dword ptr ds:[esi+0x24]
56FA71AB 8D85 1CFBFFFF lea eax,dword ptr ss:[ebp-0x4E4]
56FA71B1 50 push eax
56FA71B2 57 push edi
56FA71B3 E8 D8C35800 call WeChatWi.57533590
56FA71B8 84C0 test al,al
56FA71BA 74 49 je short WeChatWi.56FA7205
56FA71BC 8D85 DCFBFFFF lea eax,dword ptr ss:[ebp-0x424]
56FA71C2 50 push eax
56FA71C3 8D8D 1CFBFFFF lea ecx,dword ptr ss:[ebp-0x4E4]
56FA71C9 E8 F22A0000 call WeChatWi.56FA9CC0
56FA71CE 8D8D F4FBFFFF lea ecx,dword ptr ss:[ebp-0x40C]
56FA71D4 51 push ecx
56FA71D5 8BC8 mov ecx,eax
56FA71D7 E8 64814600 call WeChatWi.5740F340
56FA71DC 8D8D DCFBFFFF lea ecx,dword ptr ss:[ebp-0x424]
56FA71E2 8AD8 mov bl,al
56FA71E4 E8 B75DFDFF call WeChatWi.56F7CFA0
56FA71E9 84DB test bl,bl
56FA71EB 75 12 jnz short WeChatWi.56FA71FF
56FA71ED E8 7EF5FCFF call WeChatWi.56F76770
56FA71F2 8D85 F4FBFFFF lea eax,dword ptr ss:[ebp-0x40C]
56FA71F8 50 push eax
56FA71F9 57 push edi
56FA71FA E8 91D15700 call WeChatWi.57524390
56FA71FF 8B9D 08FCFFFF mov ebx,dword ptr ss:[ebp-0x3F8]
56FA7205 8D8D 1CFBFFFF lea ecx,dword ptr ss:[ebp-0x4E4]
56FA720B C645 FC 00 mov byte ptr ss:[ebp-0x4],0x0
56FA720F E8 BCB6FFFF call WeChatWi.56FA28D0
56FA7214 8D85 F4FBFFFF lea eax,dword ptr ss:[ebp-0x40C]
56FA721A E9 9F000000 jmp WeChatWi.56FA72BE
56FA721F 8D8D 0CFCFFFF lea ecx,dword ptr ss:[ebp-0x3F4]
56FA7225 E8 06DA3F00 call WeChatWi.573A4C30
56FA722A 8D85 0CFCFFFF lea eax,dword ptr ss:[ebp-0x3F4]
56FA7230 50 push eax
56FA7231 83EC 14 sub esp,0x14
56FA7234 8BCC mov ecx,esp
56FA7236 89A5 F0FBFFFF mov dword ptr ss:[ebp-0x410],esp
56FA723C 57 push edi
56FA723D E8 AE7B4600 call WeChatWi.5740EDF0
56FA7242 C645 FC 04 mov byte ptr ss:[ebp-0x4],0x4
56FA7246 E8 D574FDFF call WeChatWi.56F7E720
56FA724B C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
56FA724F E8 2C582300 call WeChatWi.571DCA80
56FA7254 84C0 test al,al
56FA7256 74 49 je short WeChatWi.56FA72A1
56FA7258 8D85 DCFBFFFF lea eax,dword ptr ss:[ebp-0x424]
56FA725E 50 push eax
56FA725F 8D8D 0CFCFFFF lea ecx,dword ptr ss:[ebp-0x3F4]
56FA7265 E8 16DD3D00 call WeChatWi.57384F80
56FA726A 8D8D F4FBFFFF lea ecx,dword ptr ss:[ebp-0x40C]
56FA7270 51 push ecx
56FA7271 8BC8 mov ecx,eax
56FA7273 E8 C8804600 call WeChatWi.5740F340
56FA7278 8D8D DCFBFFFF lea ecx,dword ptr ss:[ebp-0x424]
56FA727E 8AD8 mov bl,al
56FA7280 E8 1B5DFDFF call WeChatWi.56F7CFA0
56FA7285 84DB test bl,bl
56FA7287 75 12 jnz short WeChatWi.56FA729B
56FA7289 E8 B2F0FEFF call WeChatWi.56F96340
56FA728E 8D95 F4FBFFFF lea edx,dword ptr ss:[ebp-0x40C]
56FA7294 8BCF mov ecx,edi
56FA7296 E8 55772200 call WeChatWi.571CE9F0 ; 调用这行
56FA729B 8B9D 08FCFFFF mov ebx,dword ptr ss:[ebp-0x3F8]
56FA72A1 8D8D 0CFCFFFF lea ecx,dword ptr ss:[ebp-0x3F4]
56FA72A7 C645 FC 00 mov byte ptr ss:[ebp-0x4],0x0
56FA72AB E8 40E23F00 call WeChatWi.573A54F0
56FA72B0 8D85 F4FBFFFF lea eax,dword ptr ss:[ebp-0x40C]
56FA72B6 EB 06 jmp short WeChatWi.56FA72BE
56FA72B8 8D83 BC080000 lea eax,dword ptr ds:[ebx+0x8BC]
56FA72BE 50 push eax
56FA72BF 8BCB mov ecx,ebx
56FA72C1 E8 FAF5FFFF call WeChatWi.56FA68C0
56FA72C6 8B85 F4FBFFFF mov eax,dword ptr ss:[ebp-0x40C]
56FA72CC 85C0 test eax,eax
56FA72CE 74 09 je short WeChatWi.56FA72D9
56FA72D0 50 push eax
56FA72D1 E8 5E2F0601 call WeChatWi.5800A234
56FA72D6 83C4 04 add esp,0x4
56FA72D9 8B85 00FCFFFF mov eax,dword ptr ss:[ebp-0x400]
56FA72DF 85C0 test eax,eax
56FA72E1 74 09 je short WeChatWi.56FA72EC
56FA72E3 50 push eax
56FA72E4 E8 4B2F0601 call WeChatWi.5800A234
56FA72E9 83C4 04 add esp,0x4
56FA72EC 8B4D F4 mov ecx,dword ptr ss:[ebp-0xC]
56FA72EF 64:890D 0000000>mov dword ptr fs:[0],ecx
56FA72F6 59 pop ecx ; 0018EFE0
56FA72F7 5F pop edi ; 0018EFE0
56FA72F8 5E pop esi ; 0018EFE0
56FA72F9 5B pop ebx ; 0018EFE0
56FA72FA 8B4D EC mov ecx,dword ptr ss:[ebp-0x14] ; WeChatWi.573EB624
56FA72FD 33CD xor ecx,ebp
56FA72FF E8 A72CC600 call WeChatWi.57C09FAB
56FA7304 8BE5 mov esp,ebp
56FA7306 5D pop ebp ; 0018EFE0
56FA7307 C2 0400 retn 0x4
56FA730A CC int3
56FA730B CC int3
56FA730C CC int3
56FA730D CC int3
56FA730E CC int3
56FA730F CC int3
56FA7310 55 push ebp
56FA7311 8BEC mov ebp,esp
56FA7313 6A FF push -0x1
56FA7315 68 4C460358 push WeChatWi.5803464C
56FA731A 64:A1 00000000 mov eax,dword ptr fs:[0]
56FA7320 50 push eax
56FA7321 83EC 44 sub esp,0x44
56FA7324 A1 942B4F58 mov eax,dword ptr ds:[0x584F2B94]
获取群成员微信ID:
基址:56F30000
57156D04 81C1 48060000 add ecx,0x648
57156D0A FF56 14 call dword ptr ds:[esi+0x14]
57156D0D 8B8F 70110000 mov ecx,dword ptr ds:[edi+0x1170]
57156D13 6A 01 push 0x1
57156D15 8B01 mov eax,dword ptr ds:[ecx]
57156D17 FF90 EC000000 call dword ptr ds:[eax+0xEC]
57156D1D A1 14625558 mov eax,dword ptr ds:[0x58556214]
57156D22 85C0 test eax,eax
57156D24 74 06 je short WeChatWi.57156D2C
57156D26 66:8338 00 cmp word ptr ds:[eax],0x0
57156D2A 75 05 jnz short WeChatWi.57156D31
57156D2C B8 08892958 mov eax,WeChatWi.58298908
57156D31 50 push eax
57156D32 8BCB mov ecx,ebx
57156D34 E8 D7862B00 call WeChatWi.5740F410
57156D39 85C0 test eax,eax
57156D3B 75 1D jnz short WeChatWi.57156D5A
57156D3D 8B87 C00A0000 mov eax,dword ptr ds:[edi+0xAC0] ; WeChat.<ModuleEntryPoint>
57156D43 8B8F 70110000 mov ecx,dword ptr ds:[edi+0x1170]
57156D49 FFB0 A40E0000 push dword ptr ds:[eax+0xEA4]
57156D4F 53 push ebx
57156D50 E8 8B34F6FF call WeChatWi.570BA1E0
57156D55 E9 28010000 jmp WeChatWi.57156E82
57156D5A 833D 20CF5458 0>cmp dword ptr ds:[0x5854CF20],0x0
57156D61 75 2A jnz short WeChatWi.57156D8D
57156D63 6A 48 push 0x48
57156D65 E8 8332AB00 call WeChatWi.57C09FED
57156D6A 83C4 04 add esp,0x4
57156D6D 8985 98FEFFFF mov dword ptr ss:[ebp-0x168],eax
57156D73 8BC8 mov ecx,eax
57156D75 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
57156D7C E8 6F3B0800 call WeChatWi.571DA8F0
57156D81 C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57156D88 A3 20CF5458 mov dword ptr ds:[0x5854CF20],eax
57156D8D 53 push ebx
57156D8E E8 6D7D0800 call WeChatWi.571DEB00
57156D93 83F8 02 cmp eax,0x2
57156D96 75 1D jnz short WeChatWi.57156DB5
57156D98 8B87 C00A0000 mov eax,dword ptr ds:[edi+0xAC0] ; WeChat.<ModuleEntryPoint>
57156D9E 8B8F 70110000 mov ecx,dword ptr ds:[edi+0x1170]
57156DA4 FFB0 A40E0000 push dword ptr ds:[eax+0xEA4]
57156DAA 53 push ebx
57156DAB E8 3035F6FF call WeChatWi.570BA2E0
57156DB0 E9 CD000000 jmp WeChatWi.57156E82
57156DB5 8D8D 9CFEFFFF lea ecx,dword ptr ss:[ebp-0x164]
57156DBB E8 20142400 call WeChatWi.573981E0 ; call1
57156DC0 C745 FC 0100000>mov dword ptr ss:[ebp-0x4],0x1
57156DC7 C785 8CFEFFFF 0>mov dword ptr ss:[ebp-0x174],0x0
57156DD1 C785 90FEFFFF 0>mov dword ptr ss:[ebp-0x170],0x0
57156DDB C785 94FEFFFF 0>mov dword ptr ss:[ebp-0x16C],0x0
57156DE5 8D85 9CFEFFFF lea eax,dword ptr ss:[ebp-0x164]
57156DEB C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
57156DEF 50 push eax
57156DF0 53 push ebx
57156DF1 E8 3A170D00 call WeChatWi.57228530 ; call2拿到数据库句柄
57156DF6 8BC8 mov ecx,eax
57156DF8 E8 037D2400 call WeChatWi.5739EB00 ; call3获取列表
57156DFD 8D85 8CFEFFFF lea eax,dword ptr ss:[ebp-0x174]
57156E03 50 push eax
57156E04 8D8D 9CFEFFFF lea ecx,dword ptr ss:[ebp-0x164]
57156E0A E8 C11E2400 call WeChatWi.57398CD0 ; call4拿到处理好的群用户列表
57156E0F 83EC 0C sub esp,0xC
57156E12 8D85 8CFEFFFF lea eax,dword ptr ss:[ebp-0x174]
57156E18 8BCC mov ecx,esp
57156E1A 89A5 98FEFFFF mov dword ptr ss:[ebp-0x168],esp
57156E20 50 push eax
57156E21 E8 7AAAE2FF call WeChatWi.56F818A0
57156E26 C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
57156E2A 833D 20CF5458 0>cmp dword ptr ds:[0x5854CF20],0x0
57156E31 75 24 jnz short WeChatWi.57156E57
57156E33 6A 48 push 0x48
57156E35 E8 B331AB00 call WeChatWi.57C09FED
57156E3A 83C4 04 add esp,0x4
57156E3D 8985 88FEFFFF mov dword ptr ss:[ebp-0x178],eax
57156E43 8BC8 mov ecx,eax
57156E45 C645 FC 04 mov byte ptr ss:[ebp-0x4],0x4
57156E49 E8 A23A0800 call WeChatWi.571DA8F0
57156E4E C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
57156E52 A3 20CF5458 mov dword ptr ds:[0x5854CF20],eax
57156E57 C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
57156E5B E8 B0890800 call WeChatWi.571DF810
57156E60 8B8F 70110000 mov ecx,dword ptr ds:[edi+0x1170]
57156E66 53 push ebx
57156E67 E8 8432F6FF call WeChatWi.570BA0F0
57156E6C 8D8D 8CFEFFFF lea ecx,dword ptr ss:[ebp-0x174]
57156E72 E8 091AE2FF call WeChatWi.56F78880
57156E77 8D8D 9CFEFFFF lea ecx,dword ptr ss:[ebp-0x164]
57156E7D E8 3E152400 call WeChatWi.573983C0
57156E82 8B4D F4 mov ecx,dword ptr ss:[ebp-0xC]
57156E85 64:890D 0000000>mov dword ptr fs:[0],ecx
57156E8C 59 pop ecx ; user32.73DE4F8A
57156E8D 5F pop edi ; user32.73DE4F8A
57156E8E 5E pop esi ; user32.73DE4F8A
57156E8F 5B pop ebx ; user32.73DE4F8A
57156E90 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
57156E93 33CD xor ecx,ebp
57156E95 E8 1131AB00 call WeChatWi.57C09FAB
57156E9A 8BE5 mov esp,ebp
57156E9C 5D pop ebp ; user32.73DE4F8A
57156E9D C2 0400 retn 0x4
57156EA0 56 push esi
57156EA1 8BF1 mov esi,ecx
57156EA3 8B8E 70110000 mov ecx,dword ptr ds:[esi+0x1170]
57156EA9 85C9 test ecx,ecx
57156EAB 74 30 je short WeChatWi.57156EDD
57156EAD 8B01 mov eax,dword ptr ds:[ecx]
57156EAF 6A 00 push 0x0
57156EB1 FF90 EC000000 call dword ptr ds:[eax+0xEC]
57156EB7 8B96 70110000 mov edx,dword ptr ds:[esi+0x1170]
57156EBD 85D2 test edx,edx
57156EBF 74 1C je short WeChatWi.57156EDD
57156EC1 8B8E 840A0000 mov ecx,dword ptr ds:[esi+0xA84]
57156EC7 81C1 48060000 add ecx,0x648
57156ECD 52 push edx
57156ECE 8B01 mov eax,dword ptr ds:[ecx]
57156ED0 FF50 18 call dword ptr ds:[eax+0x18]
57156ED3 C786 70110000 0>mov dword ptr ds:[esi+0x1170],0x0
57156EDD 5E pop esi ; user32.73DE4F8A
57156EDE C3 retn
57156EDF CC int3
57156EE0 55 push ebp
57156EE1 8BEC mov ebp,esp
57156EE3 56 push esi
57156EE4 8BF1 mov esi,ecx
57156EE6 6A 00 push 0x0
57156EE8 8B8E 7C0A0000 mov ecx,dword ptr ds:[esi+0xA7C]
57156EEE 8B01 mov eax,dword ptr ds:[ecx]
57156EF0 FF90 EC000000 call dword ptr ds:[eax+0xEC]
57156EF6 6A 00 push 0x0
57156EF8 8BCE mov ecx,esi
57156EFA E8 E1030000 call WeChatWi.571572E0
57156EFF 8B8E 900A0000 mov ecx,dword ptr ds:[esi+0xA90]
57156F05 6A 00 push 0x0
添加群成员:群:22905167168@chatroom 能强:wxid_sbrnzc86ibft22
基址:56F30000
56F9A480 55 push ebp
56F9A481 8BEC mov ebp,esp
56F9A483 6A FF push -0x1
56F9A485 68 B3370358 push WeChatWi.580337B3
56F9A48A 64:A1 00000000 mov eax,dword ptr fs:[0]
56F9A490 50 push eax
56F9A491 83EC 34 sub esp,0x34
56F9A494 53 push ebx
56F9A495 56 push esi
56F9A496 57 push edi
56F9A497 A1 942B4F58 mov eax,dword ptr ds:[0x584F2B94]
56F9A49C 33C5 xor eax,ebp
56F9A49E 50 push eax
56F9A49F 8D45 F4 lea eax,dword ptr ss:[ebp-0xC]
56F9A4A2 64:A3 00000000 mov dword ptr fs:[0],eax
56F9A4A8 8BD9 mov ebx,ecx
56F9A4AA C745 E8 0000000>mov dword ptr ss:[ebp-0x18],0x0
56F9A4B1 83BB 9C0C0000 0>cmp dword ptr ds:[ebx+0xC9C],0x0
56F9A4B8 75 18 jnz short WeChatWi.56F9A4D2
56F9A4BA 8B03 mov eax,dword ptr ds:[ebx]
56F9A4BC 6A 01 push 0x1
56F9A4BE FF10 call dword ptr ds:[eax]
56F9A4C0 8B4D F4 mov ecx,dword ptr ss:[ebp-0xC]
56F9A4C3 64:890D 0000000>mov dword ptr fs:[0],ecx
56F9A4CA 59 pop ecx ; user32.73DE4F8A
56F9A4CB 5F pop edi ; user32.73DE4F8A
56F9A4CC 5E pop esi ; user32.73DE4F8A
56F9A4CD 5B pop ebx ; user32.73DE4F8A
56F9A4CE 8BE5 mov esp,ebp
56F9A4D0 5D pop ebp ; user32.73DE4F8A
56F9A4D1 C3 retn
56F9A4D2 FF75 E8 push dword ptr ss:[ebp-0x18] ; user32.73DE4F8A
56F9A4D5 8B93 A40C0000 mov edx,dword ptr ds:[ebx+0xCA4]
56F9A4DB 8DB3 A00C0000 lea esi,dword ptr ds:[ebx+0xCA0]
56F9A4E1 51 push ecx
56F9A4E2 8B0E mov ecx,dword ptr ds:[esi]
56F9A4E4 E8 37E3FDFF call WeChatWi.56F78820
56F9A4E9 8B06 mov eax,dword ptr ds:[esi]
56F9A4EB 83C4 08 add esp,0x8
56F9A4EE 8946 04 mov dword ptr ds:[esi+0x4],eax
56F9A4F1 8B83 980C0000 mov eax,dword ptr ds:[ebx+0xC98]
56F9A4F7 8B00 mov eax,dword ptr ds:[eax]
56F9A4F9 8945 EC mov dword ptr ss:[ebp-0x14],eax
56F9A4FC 3B83 980C0000 cmp eax,dword ptr ds:[ebx+0xC98]
56F9A502 74 1E je short WeChatWi.56F9A522
56F9A504 83C0 10 add eax,0x10
56F9A507 8BCE mov ecx,esi
56F9A509 50 push eax
56F9A50A E8 E11D0000 call WeChatWi.56F9C2F0 ; 调用第一个
56F9A50F 8D4D EC lea ecx,dword ptr ss:[ebp-0x14]
56F9A512 E8 C928FEFF call WeChatWi.56F7CDE0
56F9A517 8B45 EC mov eax,dword ptr ss:[ebp-0x14]
56F9A51A 3B83 980C0000 cmp eax,dword ptr ds:[ebx+0xC98]
56F9A520 ^ 75 E2 jnz short WeChatWi.56F9A504
56F9A522 8D8B B0080000 lea ecx,dword ptr ds:[ebx+0x8B0]
56F9A528 E8 732B2400 call WeChatWi.571DD0A0
56F9A52D 84C0 test al,al
56F9A52F 75 24 jnz short WeChatWi.56F9A555
56F9A531 8D45 C0 lea eax,dword ptr ss:[ebp-0x40]
56F9A534 50 push eax
56F9A535 8D8B B0080000 lea ecx,dword ptr ds:[ebx+0x8B0]
56F9A53B E8 801B0100 call WeChatWi.56FAC0C0 ; 调用第三个
56F9A540 B9 01000000 mov ecx,0x1
56F9A545 8378 04 00 cmp dword ptr ds:[eax+0x4],0x0
56F9A549 0F9EC0 setle al
56F9A54C 84C0 test al,al
56F9A54E 75 08 jnz short WeChatWi.56F9A558
56F9A550 884D F3 mov byte ptr ss:[ebp-0xD],cl
56F9A553 EB 07 jmp short WeChatWi.56F9A55C
56F9A555 8B4D E8 mov ecx,dword ptr ss:[ebp-0x18] ; user32.73DE4F8A
56F9A558 C645 F3 00 mov byte ptr ss:[ebp-0xD],0x0
56F9A55C F6C1 01 test cl,0x1
56F9A55F 74 08 je short WeChatWi.56F9A569
56F9A561 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40]
56F9A564 E8 372AFEFF call WeChatWi.56F7CFA0
56F9A569 807D F3 00 cmp byte ptr ss:[ebp-0xD],0x0
56F9A56D 74 26 je short WeChatWi.56F9A595
56F9A56F 8D45 C0 lea eax,dword ptr ss:[ebp-0x40]
56F9A572 50 push eax
56F9A573 8D8B B0080000 lea ecx,dword ptr ds:[ebx+0x8B0]
56F9A579 E8 421B0100 call WeChatWi.56FAC0C0 ; 调用第三个
56F9A57E 50 push eax
56F9A57F 8BCE mov ecx,esi
56F9A581 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
56F9A588 E8 731E0000 call WeChatWi.56F9C400
56F9A58D 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40]
56F9A590 E8 0B2AFEFF call WeChatWi.56F7CFA0
56F9A595 A1 CCC75458 mov eax,dword ptr ds:[0x5854C7CC]
56F9A59A A8 01 test al,0x1
56F9A59C 75 21 jnz short WeChatWi.56F9A5BF
56F9A59E 83C8 01 or eax,0x1
56F9A5A1 A3 CCC75458 mov dword ptr ds:[0x5854C7CC],eax
56F9A5A6 C745 FC 0100000>mov dword ptr ss:[ebp-0x4],0x1
56F9A5AD E8 AE443D00 call WeChatWi.5736EA60
56F9A5B2 68 D04B0F58 push WeChatWi.580F4BD0
56F9A5B7 E8 9CFDC600 call WeChatWi.57C0A358
56F9A5BC 83C4 04 add esp,0x4
56F9A5BF 6A 00 push 0x0
56F9A5C1 68 14C85458 push WeChatWi.5854C814 ; 第一个参数地址
56F9A5C6 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40]
56F9A5C9 E8 32494700 call WeChatWi.5740EF00 ; 调用第二个
56F9A5CE C745 FC 0200000>mov dword ptr ss:[ebp-0x4],0x2
56F9A5D5 8B36 mov esi,dword ptr ds:[esi]
56F9A5D7 8BBB A40C0000 mov edi,dword ptr ds:[ebx+0xCA4]
56F9A5DD 3BF7 cmp esi,edi
56F9A5DF 74 29 je short WeChatWi.56F9A60A
56F9A5E1 8B45 C0 mov eax,dword ptr ss:[ebp-0x40]
56F9A5E4 85C0 test eax,eax
56F9A5E6 74 06 je short WeChatWi.56F9A5EE
56F9A5E8 66:8338 00 cmp word ptr ds:[eax],0x0
56F9A5EC 75 05 jnz short WeChatWi.56F9A5F3
56F9A5EE B8 08892958 mov eax,WeChatWi.58298908
56F9A5F3 50 push eax
56F9A5F4 8BCE mov ecx,esi
56F9A5F6 E8 154E4700 call WeChatWi.5740F410
56F9A5FB 85C0 test eax,eax
56F9A5FD 0F84 D0000000 je WeChatWi.56F9A6D3
56F9A603 83C6 14 add esi,0x14
56F9A606 3BF7 cmp esi,edi
56F9A608 ^ 75 D7 jnz short WeChatWi.56F9A5E1
56F9A60A 8DB3 A00C0000 lea esi,dword ptr ds:[ebx+0xCA0]
56F9A610 8D45 D4 lea eax,dword ptr ss:[ebp-0x2C]
56F9A613 50 push eax
56F9A614 8D8B B0080000 lea ecx,dword ptr ds:[ebx+0x8B0]
56F9A61A E8 A11A0100 call WeChatWi.56FAC0C0 ; 调用第三个A
56F9A61F 8378 04 00 cmp dword ptr ds:[eax+0x4],0x0
56F9A623 0F9EC0 setle al
56F9A626 84C0 test al,al
56F9A628 75 13 jnz short WeChatWi.56F9A63D
56F9A62A 8D8B B0080000 lea ecx,dword ptr ds:[ebx+0x8B0]
56F9A630 E8 6B2A2400 call WeChatWi.571DD0A0
56F9A635 C645 F3 01 mov byte ptr ss:[ebp-0xD],0x1
56F9A639 84C0 test al,al
56F9A63B 75 04 jnz short WeChatWi.56F9A641
56F9A63D C645 F3 00 mov byte ptr ss:[ebp-0xD],0x0
56F9A641 8B45 D4 mov eax,dword ptr ss:[ebp-0x2C]
56F9A644 85C0 test eax,eax
56F9A646 74 10 je short WeChatWi.56F9A658
56F9A648 50 push eax
56F9A649 E8 E6FB0601 call WeChatWi.5800A234
56F9A64E 83C4 04 add esp,0x4
56F9A651 C745 D4 0000000>mov dword ptr ss:[ebp-0x2C],0x0
56F9A658 8B45 E0 mov eax,dword ptr ss:[ebp-0x20]
56F9A65B C745 DC 0000000>mov dword ptr ss:[ebp-0x24],0x0
56F9A662 C745 D8 0000000>mov dword ptr ss:[ebp-0x28],0x0
56F9A669 85C0 test eax,eax
56F9A66B 74 09 je short WeChatWi.56F9A676
56F9A66D 50 push eax
56F9A66E E8 C1FB0601 call WeChatWi.5800A234
56F9A673 83C4 04 add esp,0x4
56F9A676 807D F3 00 cmp byte ptr ss:[ebp-0xD],0x0
56F9A67A 74 6E je short WeChatWi.56F9A6EA
56F9A67C 83EC 14 sub esp,0x14
56F9A67F 8D8B B0080000 lea ecx,dword ptr ds:[ebx+0x8B0]
56F9A685 8BC4 mov eax,esp
56F9A687 8965 E8 mov dword ptr ss:[ebp-0x18],esp
56F9A68A 50 push eax
56F9A68B E8 301A0100 call WeChatWi.56FAC0C0 ; 调用第三个B
56F9A690 C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
56F9A694 A1 2C3E5658 mov eax,dword ptr ds:[0x58563E2C]
56F9A699 A8 01 test al,0x1
56F9A69B 75 22 jnz short WeChatWi.56F9A6BF
56F9A69D 83C8 01 or eax,0x1
56F9A6A0 A3 2C3E5658 mov dword ptr ds:[0x58563E2C],eax
56F9A6A5 C645 FC 04 mov byte ptr ss:[ebp-0x4],0x4
56F9A6A9 E8 82EE2200 call WeChatWi.571C9530
56F9A6AE 68 90580F58 push WeChatWi.580F5890
56F9A6B3 E8 A0FCC600 call WeChatWi.57C0A358
56F9A6B8 83C4 04 add esp,0x4
56F9A6BB C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
56F9A6BF 56 push esi
56F9A6C0 B9 203D5658 mov ecx,WeChatWi.58563D20 ; 第二个参数地址
56F9A6C5 C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
56F9A6C9 E8 02FA2200 call WeChatWi.571CA0D0 ; 调用第四个
56F9A6CE E9 70010000 jmp WeChatWi.56F9A843
56F9A6D3 56 push esi
56F9A6D4 8D45 E8 lea eax,dword ptr ss:[ebp-0x18]
56F9A6D7 8DB3 A00C0000 lea esi,dword ptr ds:[ebx+0xCA0]
56F9A6DD 50 push eax
56F9A6DE 8BCE mov ecx,esi
56F9A6E0 E8 AB1B0000 call WeChatWi.56F9C290
56F9A6E5 ^ E9 26FFFFFF jmp WeChatWi.56F9A610
56F9A6EA 8B4E 04 mov ecx,dword ptr ds:[esi+0x4]
56F9A6ED B8 67666666 mov eax,0x66666667
56F9A6F2 2B0E sub ecx,dword ptr ds:[esi]
56F9A6F4 F7E9 imul ecx
56F9A6F6 C1FA 03 sar edx,0x3
56F9A6F9 8BC2 mov eax,edx
56F9A6FB C1E8 1F shr eax,0x1F
56F9A6FE 03C2 add eax,edx
56F9A700 83F8 01 cmp eax,0x1
56F9A703 0F85 01010000 jnz WeChatWi.56F9A80A
56F9A709 80BB D40C0000 0>cmp byte ptr ds:[ebx+0xCD4],0x0
56F9A710 0F84 82000000 je WeChatWi.56F9A798
56F9A716 6A 58 push 0x58
56F9A718 E8 D0F8C600 call WeChatWi.57C09FED
56F9A71D 8BF8 mov edi,eax
56F9A71F 83C4 04 add esp,0x4
56F9A722 897D E8 mov dword ptr ss:[ebp-0x18],edi
56F9A725 C645 FC 05 mov byte ptr ss:[ebp-0x4],0x5
56F9A729 B8 67666666 mov eax,0x66666667
56F9A72E 8B4E 04 mov ecx,dword ptr ds:[esi+0x4]
56F9A731 2B0E sub ecx,dword ptr ds:[esi]
56F9A733 F7E9 imul ecx
56F9A735 C1FA 03 sar edx,0x3
56F9A738 8BC2 mov eax,edx
56F9A73A C1E8 1F shr eax,0x1F
56F9A73D 03C2 add eax,edx
56F9A73F 75 0A jnz short WeChatWi.56F9A74B
56F9A741 68 C8EA2958 push WeChatWi.5829EAC8 ; ASCII "invalid vector<T> subscript"
56F9A746 E8 6699C500 call WeChatWi.57BF40B1
56F9A74B FF36 push dword ptr ds:[esi]
56F9A74D 8BCF mov ecx,edi
56F9A74F E8 2C0B3100 call WeChatWi.572AB280
56F9A754 8BF8 mov edi,eax
56F9A756 C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
56F9A75A A1 88CF5458 mov eax,dword ptr ds:[0x5854CF88]
56F9A75F 85C0 test eax,eax
56F9A761 75 24 jnz short WeChatWi.56F9A787
56F9A763 68 84000000 push 0x84
56F9A768 E8 80F8C600 call WeChatWi.57C09FED
56F9A76D 83C4 04 add esp,0x4
56F9A770 8945 E8 mov dword ptr ss:[ebp-0x18],eax
56F9A773 8BC8 mov ecx,eax
56F9A775 C645 FC 06 mov byte ptr ss:[ebp-0x4],0x6
56F9A779 E8 D2DB3000 call WeChatWi.572A8350
56F9A77E C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
56F9A782 A3 88CF5458 mov dword ptr ds:[0x5854CF88],eax
56F9A787 57 push edi
56F9A788 6A 00 push 0x0
56F9A78A 6A 00 push 0x0
56F9A78C 68 01030000 push 0x301
56F9A791 8BC8 mov ecx,eax
56F9A793 E8 38EF3000 call WeChatWi.572A96D0
56F9A798 83BB D00C0000 0>cmp dword ptr ds:[ebx+0xCD0],0x0
56F9A79F 74 5F je short WeChatWi.56F9A800
56F9A7A1 8B4E 04 mov ecx,dword ptr ds:[esi+0x4]
56F9A7A4 B8 67666666 mov eax,0x66666667
56F9A7A9 8B3E mov edi,dword ptr ds:[esi]
56F9A7AB 2BCF sub ecx,edi
56F9A7AD F7E9 imul ecx
56F9A7AF C1FA 03 sar edx,0x3
56F9A7B2 8BC2 mov eax,edx
56F9A7B4 C1E8 1F shr eax,0x1F
56F9A7B7 03C2 add eax,edx
56F9A7B9 75 0A jnz short WeChatWi.56F9A7C5
56F9A7BB 68 C8EA2958 push WeChatWi.5829EAC8 ; ASCII "invalid vector<T> subscript"
56F9A7C0 E8 EC98C500 call WeChatWi.57BF40B1
56F9A7C5 83EC 14 sub esp,0x14
56F9A7C8 8BCC mov ecx,esp
56F9A7CA 6A FF push -0x1
56F9A7CC C701 00000000 mov dword ptr ds:[ecx],0x0
56F9A7D2 C741 04 0000000>mov dword ptr ds:[ecx+0x4],0x0
删除群成员:
基址:56F30000
5705F492 /75 05 jnz short WeChatWi.5705F499
5705F494 |BA 08892958 mov edx,WeChatWi.58298908
5705F499 \0F1085 14FEFFFF movups xmm0,dqword ptr ss:[ebp-0x1EC]
5705F4A0 8B85 24FEFFFF mov eax,dword ptr ss:[ebp-0x1DC] ; user32.73DC70AC
5705F4A6 83EC 14 sub esp,0x14
5705F4A9 8BCC mov ecx,esp
5705F4AB 52 push edx
5705F4AC 0F1101 movups dqword ptr ds:[ecx],xmm0
5705F4AF 8941 10 mov dword ptr ds:[ecx+0x10],eax
5705F4B2 8D85 40FEFFFF lea eax,dword ptr ss:[ebp-0x1C0]
5705F4B8 50 push eax
5705F4B9 E8 D2023B00 call WeChatWi.5740F790
5705F4BE 83C4 08 add esp,0x8
5705F4C1 8BCC mov ecx,esp
5705F4C3 89A5 54FEFFFF mov dword ptr ss:[ebp-0x1AC],esp
5705F4C9 6A FF push -0x1
5705F4CB 68 08892958 push WeChatWi.58298908
5705F4D0 E8 DBF83A00 call WeChatWi.5740EDB0
5705F4D5 6A 00 push 0x0
5705F4D7 6A 00 push 0x0
5705F4D9 83EC 14 sub esp,0x14
5705F4DC C645 FC 06 mov byte ptr ss:[ebp-0x4],0x6
5705F4E0 BA 7C040000 mov edx,0x47C
5705F4E5 89A5 60FEFFFF mov dword ptr ss:[ebp-0x1A0],esp
5705F4EB 8BCC mov ecx,esp
5705F4ED E8 EE073B00 call WeChatWi.5740FCE0
5705F4F2 83EC 14 sub esp,0x14
5705F4F5 C645 FC 07 mov byte ptr ss:[ebp-0x4],0x7
5705F4F9 BA FB0C0000 mov edx,0xCFB
5705F4FE 8BCC mov ecx,esp
5705F500 E8 DB073B00 call WeChatWi.5740FCE0
5705F505 83EC 14 sub esp,0x14
5705F508 8D85 40FEFFFF lea eax,dword ptr ss:[ebp-0x1C0]
5705F50E 8BCC mov ecx,esp
5705F510 50 push eax
5705F511 E8 DAF83A00 call WeChatWi.5740EDF0
5705F516 83EC 14 sub esp,0x14
5705F519 8BCC mov ecx,esp
5705F51B 6A FF push -0x1
5705F51D 68 08892958 push WeChatWi.58298908
5705F522 E8 89F83A00 call WeChatWi.5740EDB0
5705F527 C645 FC 05 mov byte ptr ss:[ebp-0x4],0x5
5705F52B BA 01000000 mov edx,0x1
5705F530 8B4B E4 mov ecx,dword ptr ds:[ebx-0x1C]
5705F533 E8 68DEFFFF call WeChatWi.5705D3A0
5705F538 83C4 6C add esp,0x6C
5705F53B 84C0 test al,al
5705F53D 74 3B je short WeChatWi.5705F57A
5705F53F 83EC 14 sub esp,0x14
5705F542 8D83 80040000 lea eax,dword ptr ds:[ebx+0x480]
5705F548 8BCC mov ecx,esp
5705F54A 89A5 58FEFFFF mov dword ptr ss:[ebp-0x1A8],esp
5705F550 50 push eax
5705F551 E8 9AF83A00 call WeChatWi.5740EDF0 ; 调用1
5705F556 57 push edi
5705F557 C645 FC 08 mov byte ptr ss:[ebp-0x4],0x8
5705F55B E8 E06DF3FF call WeChatWi.56F96340 ; 调用2
5705F560 8BC8 mov ecx,eax
5705F562 C645 FC 05 mov byte ptr ss:[ebp-0x4],0x5
5705F566 E8 85AD1600 call WeChatWi.571CA2F0 ; 调用3
5705F56B 8BBD 5CFEFFFF mov edi,dword ptr ss:[ebp-0x1A4]
5705F571 C687 A4040000 0>mov byte ptr ds:[edi+0x4A4],0x1
5705F578 EB 06 jmp short WeChatWi.5705F580
5705F57A 8BBD 5CFEFFFF mov edi,dword ptr ss:[ebp-0x1A4]
5705F580 8B47 E0 mov eax,dword ptr ds:[edi-0x20]
5705F583 8D4F E0 lea ecx,dword ptr ds:[edi-0x20]
5705F586 6A 01 push 0x1
5705F588 FF10 call dword ptr ds:[eax]
5705F58A 8D8D 40FEFFFF lea ecx,dword ptr ss:[ebp-0x1C0]
5705F590 E8 0BDAF1FF call WeChatWi.56F7CFA0
5705F595 8D8D 14FEFFFF lea ecx,dword ptr ss:[ebp-0x1EC]
5705F59B C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
5705F5A2 E8 F9D9F1FF call WeChatWi.56F7CFA0
5705F5A7 8BB5 3CFEFFFF mov esi,dword ptr ss:[ebp-0x1C4]
5705F5AD E9 94020000 jmp WeChatWi.5705F846
5705F5B2 8B8E 08010000 mov ecx,dword ptr ds:[esi+0x108]
5705F5B8 8D95 6CFFFFFF lea edx,dword ptr ss:[ebp-0x94]
5705F5BE 52 push edx
5705F5BF 8B01 mov eax,dword ptr ds:[ecx]
5705F5C1 FF50 04 call dword ptr ds:[eax+0x4]
5705F5C4 68 ECE62958 push WeChatWi.5829E6EC ; UNICODE "cancel_btn"
5705F5C9 8BC8 mov ecx,eax
5705F5CB E8 B0CB6D00 call WeChatWi.5773C180
5705F5D0 50 push eax
5705F5D1 E8 38CAF900 call WeChatWi.57FFC00E
5705F5D6 83C4 08 add esp,0x8
5705F5D9 8D8D 6CFFFFFF lea ecx,dword ptr ss:[ebp-0x94]
5705F5DF 85C0 test eax,eax
5705F5E1 0F94C3 sete bl
5705F5E4 E8 30CC6D00 call WeChatWi.5773C219
5705F5E9 84DB test bl,bl
5705F5EB 0F84 55020000 je WeChatWi.5705F846
5705F5F1 8B47 E0 mov eax,dword ptr ds:[edi-0x20]
5705F5F4 8D4F E0 lea ecx,dword ptr ds:[edi-0x20]
5705F5F7 6A 01 push 0x1
5705F5F9 FF10 call dword ptr ds:[eax]
5705F5FB E9 46020000 jmp WeChatWi.5705F846
5705F600 68 1CE72958 push WeChatWi.5829E71C ; UNICODE "textchanged"
5705F605 8BCE mov ecx,esi
5705F607 E8 74CB6D00 call WeChatWi.5773C180
5705F60C 50 push eax
5705F60D E8 FCC9F900 call WeChatWi.57FFC00E
5705F612 83C4 08 add esp,0x8
5705F615 85C0 test eax,eax
5705F617 0F85 29020000 jnz WeChatWi.5705F846
5705F61D 8B8E 08010000 mov ecx,dword ptr ds:[esi+0x108]
5705F623 8D95 6CFFFFFF lea edx,dword ptr ss:[ebp-0x94]
5705F629 52 push edx
5705F62A 8B01 mov eax,dword ptr ds:[ecx]
5705F62C FF50 04 call dword ptr ds:[eax+0x4]
5705F62F 68 04E52958 push WeChatWi.5829E504 ; UNICODE "search_bar"
5705F634 8BC8 mov ecx,eax
5705F636 E8 45CB6D00 call WeChatWi.5773C180
5705F63B 50 push eax
5705F63C E8 CDC9F900 call WeChatWi.57FFC00E
5705F641 83C4 08 add esp,0x8
5705F644 8D8D 6CFFFFFF lea ecx,dword ptr ss:[ebp-0x94]
5705F64A 85C0 test eax,eax
5705F64C 0F94C3 sete bl
5705F64F E8 C5CB6D00 call WeChatWi.5773C219
5705F654 84DB test bl,bl
5705F656 0F84 EA010000 je WeChatWi.5705F846
5705F65C 8B8F A8040000 mov ecx,dword ptr ds:[edi+0x4A8]
5705F662 8D95 E8FEFFFF lea edx,dword ptr ss:[ebp-0x118]
5705F668 52 push edx
5705F669 8B01 mov eax,dword ptr ds:[ecx]
5705F66B FF50 3C call dword ptr ds:[eax+0x3C]
5705F66E 6A FF push -0x1
5705F670 8BC8 mov ecx,eax
5705F672 E8 09CB6D00 call WeChatWi.5773C180
5705F677 50 push eax
5705F678 8D8D 40FEFFFF lea ecx,dword ptr ss:[ebp-0x1C0]
5705F67E E8 2DF73A00 call WeChatWi.5740EDB0
5705F683 8D8D E8FEFFFF lea ecx,dword ptr ss:[ebp-0x118]
5705F689 C745 FC 0900000>mov dword ptr ss:[ebp-0x4],0x9
5705F690 E8 84CB6D00 call WeChatWi.5773C219
5705F695 83EC 14 sub esp,0x14
5705F698 8D85 40FEFFFF lea eax,dword ptr ss:[ebp-0x1C0]
5705F69E 8BCC mov ecx,esp
5705F6A0 50 push eax
5705F6A1 E8 4AF73A00 call WeChatWi.5740EDF0
5705F6A6 8D4F E0 lea ecx,dword ptr ds:[edi-0x20]
5705F6A9 E8 C20C0000 call WeChatWi.57060370
5705F6AE E9 81010000 jmp WeChatWi.5705F834
5705F6B3 8B8E 08010000 mov ecx,dword ptr ds:[esi+0x108]
5705F6B9 8B01 mov eax,dword ptr ds:[ecx]
5705F6BB FF50 24 call dword ptr ds:[eax+0x24]
5705F6BE 8BC8 mov ecx,eax
5705F6C0 8B10 mov edx,dword ptr ds:[eax]
5705F6C2 FF52 24 call dword ptr ds:[edx+0x24]
5705F6C5 8D8D 64FEFFFF lea ecx,dword ptr ss:[ebp-0x19C]
5705F6CB 51 push ecx
5705F6CC 8BC8 mov ecx,eax
5705F6CE 8B10 mov edx,dword ptr ds:[eax]
5705F6D0 FF52 04 call dword ptr ds:[edx+0x4]
5705F6D3 B9 01000000 mov ecx,0x1
5705F6D8 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
5705F6DF 898D 60FEFFFF mov dword ptr ss:[ebp-0x1A0],ecx
5705F6E5 898D 54FEFFFF mov dword ptr ss:[ebp-0x1AC],ecx
5705F6EB 8BC8 mov ecx,eax
5705F6ED 68 14512B58 push WeChatWi.582B5114 ; UNICODE "member_list"
5705F6F2 E8 89CA6D00 call WeChatWi.5773C180
5705F6F7 50 push eax
5705F6F8 E8 11C9F900 call WeChatWi.57FFC00E
5705F6FD 83C4 08 add esp,0x8
5705F700 85C0 test eax,eax
5705F702 74 47 je short WeChatWi.5705F74B
5705F704 8B8E 08010000 mov ecx,dword ptr ds:[esi+0x108]
5705F70A 8B01 mov eax,dword ptr ds:[ecx]
发送图片消息:
基址:56F30000
发送的call:
57013119 83F8 01 cmp eax,0x1
5701311C 0F85 24010000 jnz WeChatWi.57013246
57013122 6A 00 push 0x0
57013124 6A 00 push 0x0
57013126 6A 00 push 0x0
57013128 68 15030000 push 0x315
5701312D E8 1E532900 call WeChatWi.572A8450
57013132 8BC8 mov ecx,eax
57013134 E8 97652900 call WeChatWi.572A96D0
57013139 8D4D 88 lea ecx,dword ptr ss:[ebp-0x78]
5701313C C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57013143 E8 589EF6FF call WeChatWi.56F7CFA0
57013148 E9 8C070000 jmp WeChatWi.570138D9
5701314D E8 8EB6F6FF call WeChatWi.56F7E7E0
57013152 8B55 B0 mov edx,dword ptr ss:[ebp-0x50]
57013155 8D43 14 lea eax,dword ptr ds:[ebx+0x14]
57013158 6A 01 push 0x1
5701315A 50 push eax
5701315B 53 push ebx
5701315C 8D8D 84F7FFFF lea ecx,dword ptr ss:[ebp-0x87C]
57013162 E8 896A2400 call WeChatWi.57259BF0
57013167 83C4 0C add esp,0xC
5701316A 50 push eax
5701316B 8D8D 44FBFFFF lea ecx,dword ptr ss:[ebp-0x4BC]
57013171 C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
57013175 E8 A630F6FF call WeChatWi.56F76220
5701317A 8D8D 84F7FFFF lea ecx,dword ptr ss:[ebp-0x87C]
57013180 C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
57013184 E8 6757F6FF call WeChatWi.56F788F0
57013189 E8 624E1A00 call WeChatWi.571B7FF0
5701318E 8BC8 mov ecx,eax
57013190 E8 1BB33700 call WeChatWi.5738E4B0
57013195 8D8D 44FBFFFF lea ecx,dword ptr ss:[ebp-0x4BC]
5701319B 8955 B8 mov dword ptr ss:[ebp-0x48],edx
5701319E 8BF8 mov edi,eax
570131A0 E8 0BB33700 call WeChatWi.5738E4B0
570131A5 3BC7 cmp eax,edi
570131A7 75 09 jnz short WeChatWi.570131B2
570131A9 3B55 B8 cmp edx,dword ptr ss:[ebp-0x48]
570131AC 0F84 89000000 je WeChatWi.5701323B
570131B2 8B7D AC mov edi,dword ptr ss:[ebp-0x54]
570131B5 8BCF mov ecx,edi
570131B7 E8 04220000 call WeChatWi.570153C0
570131BC 84C0 test al,al
570131BE 74 7B je short WeChatWi.5701323B
570131C0 8D8D 24FDFFFF lea ecx,dword ptr ss:[ebp-0x2DC]
570131C6 E8 C55DF6FF call WeChatWi.56F78F90
570131CB 0F57C0 xorps xmm0,xmm0
570131CE 66:C785 04FFFFF>mov word ptr ss:[ebp-0xFC],0x0
570131D7 0F1185 08FFFFFF movups dqword ptr ss:[ebp-0xF8],xmm0
570131DE C785 18FFFFFF 0>mov dword ptr ss:[ebp-0xE8],0x0
570131E8 8D85 44FBFFFF lea eax,dword ptr ss:[ebp-0x4BC]
570131EE C645 FC 05 mov byte ptr ss:[ebp-0x4],0x5
570131F2 50 push eax
570131F3 8D8D 24FDFFFF lea ecx,dword ptr ss:[ebp-0x2DC]
570131F9 C785 1CFFFFFF F>mov dword ptr ss:[ebp-0xE4],-0x1
57013203 E8 58D7F8FF call WeChatWi.56FA0960
57013208 6A 01 push 0x1
5701320A 8D85 24FDFFFF lea eax,dword ptr ss:[ebp-0x2DC]
57013210 C645 FC 06 mov byte ptr ss:[ebp-0x4],0x6
57013214 50 push eax
57013215 8BCF mov ecx,edi
57013217 E8 04120000 call WeChatWi.57014420
5701321C 8D8D 24FDFFFF lea ecx,dword ptr ss:[ebp-0x2DC]
57013222 C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
57013226 E8 0592FBFF call WeChatWi.56FCC430
5701322B 8D45 88 lea eax,dword ptr ss:[ebp-0x78]
5701322E 50 push eax
5701322F E8 8CC4FFFF call WeChatWi.5700F6C0
57013234 8BC8 mov ecx,eax
57013236 E8 35471A00 call WeChatWi.571B7970
5701323B 8D8D 44FBFFFF lea ecx,dword ptr ss:[ebp-0x4BC]
57013241 E8 AA56F6FF call WeChatWi.56F788F0
57013246 8D4D 88 lea ecx,dword ptr ss:[ebp-0x78]
57013249 C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57013250 E8 4B9DF6FF call WeChatWi.56F7CFA0
57013255 E9 7F060000 jmp WeChatWi.570138D9
5701325A 53 push ebx
5701325B FF75 B0 push dword ptr ss:[ebp-0x50]
5701325E 8D85 44FBFFFF lea eax,dword ptr ss:[ebp-0x4BC]
57013264 50 push eax
57013265 51 push ecx
57013266 E8 75B5F6FF call WeChatWi.56F7E7E0 ; 图片call1
5701326B 83C4 04 add esp,0x4
5701326E 8BC8 mov ecx,eax
57013270 E8 6B632400 call WeChatWi.572595E0 ; 图片call2
57013275 C745 FC 0700000>mov dword ptr ss:[ebp-0x4],0x7
5701327C E8 6F4D1A00 call WeChatWi.571B7FF0
57013281 8BC8 mov ecx,eax
57013283 E8 28B23700 call WeChatWi.5738E4B0
57013288 8D8D 44FBFFFF lea ecx,dword ptr ss:[ebp-0x4BC]
5701328E 8955 B8 mov dword ptr ss:[ebp-0x48],edx
57013291 8BF8 mov edi,eax
57013293 E8 18B23700 call WeChatWi.5738E4B0
57013298 3BC7 cmp eax,edi
5701329A 75 4A jnz short WeChatWi.570132E6
5701329C 3B55 B8 cmp edx,dword ptr ss:[ebp-0x48]
5701329F 75 45 jnz short WeChatWi.570132E6
570132A1 E8 9AB5F6FF call WeChatWi.56F7E840
570132A6 6A 00 push 0x0
570132A8 6A 01 push 0x1
570132AA 6A 01 push 0x1
570132AC 6A 0D push 0xD
570132AE 6A 5F push 0x5F
570132B0 E8 5B62C000 call WeChatWi.57C19510
570132B5 83C4 14 add esp,0x14
570132B8 E8 83B5F6FF call WeChatWi.56F7E840
570132BD 6A 00 push 0x0
570132BF 6A 01 push 0x1
570132C1 6A 01 push 0x1
570132C3 6A 10 push 0x10
570132C5 6A 5F push 0x5F
570132C7 E8 4462C000 call WeChatWi.57C19510
570132CC 83C4 14 add esp,0x14
570132CF C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
570132D6 8D8D 44FBFFFF lea ecx,dword ptr ss:[ebp-0x4BC]
570132DC E8 0F56F6FF call WeChatWi.56F788F0
570132E1 E9 F3050000 jmp WeChatWi.570138D9
570132E6 8B7D AC mov edi,dword ptr ss:[ebp-0x54]
570132E9 8B8F 68040000 mov ecx,dword ptr ds:[edi+0x468]
570132EF 85C9 test ecx,ecx
570132F1 75 04 jnz short WeChatWi.570132F7
570132F3 B0 01 mov al,0x1
570132F5 EB 07 jmp short WeChatWi.570132FE
570132F7 8B01 mov eax,dword ptr ds:[ecx]
570132F9 8B40 24 mov eax,dword ptr ds:[eax+0x24]
570132FC FFD0 call eax
570132FE 84C0 test al,al
57013300 74 67 je short WeChatWi.57013369
57013302 8D8D 24FDFFFF lea ecx,dword ptr ss:[ebp-0x2DC]
57013308 E8 835CF6FF call WeChatWi.56F78F90
5701330D 0F57C0 xorps xmm0,xmm0
57013310 66:C785 04FFFFF>mov word ptr ss:[ebp-0xFC],0x0
57013319 0F1185 08FFFFFF movups dqword ptr ss:[ebp-0xF8],xmm0
57013320 C785 18FFFFFF 0>mov dword ptr ss:[ebp-0xE8],0x0
5701332A 8D85 44FBFFFF lea eax,dword ptr ss:[ebp-0x4BC]
57013330 C645 FC 09 mov byte ptr ss:[ebp-0x4],0x9
57013334 50 push eax
57013335 8D8D 24FDFFFF lea ecx,dword ptr ss:[ebp-0x2DC]
5701333B C785 1CFFFFFF F>mov dword ptr ss:[ebp-0xE4],-0x1
57013345 E8 16D6F8FF call WeChatWi.56FA0960
5701334A 6A 01 push 0x1
5701334C 8D85 24FDFFFF lea eax,dword ptr ss:[ebp-0x2DC]
57013352 C645 FC 0A mov byte ptr ss:[ebp-0x4],0xA
57013356 50 push eax
57013357 8BCF mov ecx,edi
57013359 E8 C2100000 call WeChatWi.57014420
5701335E 8D8D 24FDFFFF lea ecx,dword ptr ss:[ebp-0x2DC]
57013364 E8 C790FBFF call WeChatWi.56FCC430
57013369 8D8D 44FBFFFF lea ecx,dword ptr ss:[ebp-0x4BC]
5701336F C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57013376 E8 7555F6FF call WeChatWi.56F788F0
5701337B E9 59050000 jmp WeChatWi.570138D9
57013380 53 push ebx
57013381 8D4D 88 lea ecx,dword ptr ss:[ebp-0x78]
57013384 E8 67BA3F00 call WeChatWi.5740EDF0
57013389 8D4D 88 lea ecx,dword ptr ss:[ebp-0x78]
5701338C C745 FC 0B00000>mov dword ptr ss:[ebp-0x4],0xB
57013393 E8 C8C63E00 call WeChatWi.573FFA60
57013398 84C0 test al,al
5701339A 0F84 6A010000 je WeChatWi.5701350A
570133A0 8D8D 50FFFFFF lea ecx,dword ptr ss:[ebp-0xB0]
570133A6 C645 B7 00 mov byte ptr ss:[ebp-0x49],0x0
570133AA E8 B19E3E00 call WeChatWi.573FD260
570133AF 8B85 50FFFFFF mov eax,dword ptr ss:[ebp-0xB0]
570133B5 85C0 test eax,eax
570133B7 74 06 je short WeChatWi.570133BF
570133B9 66:8338 00 cmp word ptr ds:[eax],0x0
570133BD 75 05 jnz short WeChatWi.570133C4
570133BF B8 08892958 mov eax,WeChatWi.58298908
570133C4 50 push eax
570133C5 8D4D 88 lea ecx,dword ptr ss:[ebp-0x78]
570133C8 E8 E3C13F00 call WeChatWi.5740F5B0
570133CD 0FB64D B7 movzx ecx,byte ptr ss:[ebp-0x49]
570133D1 84C0 test al,al
570133D3 0F45CF cmovne ecx,edi
570133D6 884D A4 mov byte ptr ss:[ebp-0x5C],cl
去掉锁文件:
57256287 E8 146DD2FF call WeChatWi.56F7CFA0
5725628C 8D4D C8 lea ecx,dword ptr ss:[ebp-0x38]
5725628F E8 0C6DD2FF call WeChatWi.56F7CFA0
57256294 8D4D 9C lea ecx,dword ptr ss:[ebp-0x64]
57256297 E8 046DD2FF call WeChatWi.56F7CFA0
5725629C 8D8D 40FFFFFF lea ecx,dword ptr ss:[ebp-0xC0]
572562A2 E8 F96CD2FF call WeChatWi.56F7CFA0
572562A7 8BC6 mov eax,esi
572562A9 E9 BB040000 jmp WeChatWi.57256769
572562AE 8D8D F8FBFFFF lea ecx,dword ptr ss:[ebp-0x408]
572562B4 E8 D72CD2FF call WeChatWi.56F78F90
572562B9 8B85 C4FDFFFF mov eax,dword ptr ss:[ebp-0x23C]
572562BF 8D8D 00FFFFFF lea ecx,dword ptr ss:[ebp-0x100]
572562C5 83E0 10 and eax,0x10
572562C8 C785 28FCFFFF 0>mov dword ptr ss:[ebp-0x3D8],0x3
572562D2 83E0 20 and eax,0x20
572562D5 C785 2CFCFFFF 0>mov dword ptr ss:[ebp-0x3D4],0x1
572562DF 8985 C4FDFFFF mov dword ptr ss:[ebp-0x23C],eax
572562E5 E8 E6E3E0FF call WeChatWi.570646D0
572562EA FFB5 64FFFFFF push dword ptr ss:[ebp-0x9C]
572562F0 C645 FC 14 mov byte ptr ss:[ebp-0x4],0x14
572562F4 8D85 00FFFFFF lea eax,dword ptr ss:[ebp-0x100]
572562FA FF75 E8 push dword ptr ss:[ebp-0x18] ; user32.73DE4F8A
572562FD 68 F0143158 push WeChatWi.583114F0 ; UNICODE "<msg><img length="%d" hdlength="0" /><commenturl><"
57256302 50 push eax
57256303 E8 88941B00 call WeChatWi.5740F790
57256308 83C4 10 add esp,0x10
5725630B 8D85 00FFFFFF lea eax,dword ptr ss:[ebp-0x100]
57256311 8D8D F8FBFFFF lea ecx,dword ptr ss:[ebp-0x408]
57256317 50 push eax
57256318 E8 237ED4FF call WeChatWi.56F9E140
5725631D 8B73 0C mov esi,dword ptr ds:[ebx+0xC]
57256320 8D8D F8FBFFFF lea ecx,dword ptr ss:[ebp-0x408]
57256326 56 push esi
57256327 E8 547ED4FF call WeChatWi.56F9E180
5725632C 8B85 C4FDFFFF mov eax,dword ptr ss:[ebp-0x23C]
57256332 8B4D C4 mov ecx,dword ptr ss:[ebp-0x3C]
57256335 83E0 40 and eax,0x40
57256338 898D 34FCFFFF mov dword ptr ss:[ebp-0x3CC],ecx
5725633E 25 80000000 and eax,0x80
57256343 8D8D F8FBFFFF lea ecx,dword ptr ss:[ebp-0x408]
57256349 C785 30FCFFFF 0>mov dword ptr ss:[ebp-0x3D0],0x1
57256353 8985 C4FDFFFF mov dword ptr ss:[ebp-0x23C],eax
57256359 E8 A2D8E7FF call WeChatWi.570D3C00
5725635E 8D55 C8 lea edx,dword ptr ss:[ebp-0x38]
57256361 8D8D 00FEFFFF lea ecx,dword ptr ss:[ebp-0x200]
57256367 E8 64521A00 call WeChatWi.573FB5D0
5725636C 50 push eax
5725636D 8D8D F8FBFFFF lea ecx,dword ptr ss:[ebp-0x408]
57256373 C645 FC 15 mov byte ptr ss:[ebp-0x4],0x15
57256377 E8 B423F4FF call WeChatWi.57198730
5725637C 8D8D 00FEFFFF lea ecx,dword ptr ss:[ebp-0x200]
57256382 C645 FC 14 mov byte ptr ss:[ebp-0x4],0x14
57256386 E8 156CD2FF call WeChatWi.56F7CFA0
5725638B 8D95 7CFFFFFF lea edx,dword ptr ss:[ebp-0x84]
57256391 8D8D ECFDFFFF lea ecx,dword ptr ss:[ebp-0x214]
57256397 E8 34521A00 call WeChatWi.573FB5D0
5725639C 50 push eax
5725639D 8D8D F8FBFFFF lea ecx,dword ptr ss:[ebp-0x408]
572563A3 C645 FC 16 mov byte ptr ss:[ebp-0x4],0x16
572563A7 E8 0423F4FF call WeChatWi.571986B0
572563AC 8D8D ECFDFFFF lea ecx,dword ptr ss:[ebp-0x214]
572563B2 C645 FC 14 mov byte ptr ss:[ebp-0x4],0x14
572563B6 E8 E56BD2FF call WeChatWi.56F7CFA0
572563BB 8BCF mov ecx,edi
572563BD E8 1E311B00 call WeChatWi.574094E0 ; 图片patch, 修改574094E0方法,不调用
572563C2 84C0 test al,al
572563C4 74 6A je short WeChatWi.57256430
572563C6 E8 157DD4FF call WeChatWi.56F9E0E0
572563CB 83EC 14 sub esp,0x14
572563CE 8D8D F8FBFFFF lea ecx,dword ptr ss:[ebp-0x408]
572563D4 54 push esp
572563D5 E8 66A4D4FF call WeChatWi.56FA0840
572563DA 8D8D D8FDFFFF lea ecx,dword ptr ss:[ebp-0x228]
572563E0 E8 3B42F6FF call WeChatWi.571BA620
572563E5 83C4 14 add esp,0x14
572563E8 8BD0 mov edx,eax
572563EA C645 FC 17 mov byte ptr ss:[ebp-0x4],0x17
572563EE 8D8D ECFEFFFF lea ecx,dword ptr ss:[ebp-0x114]
572563F4 E8 B74C1A00 call WeChatWi.573FB0B0
572563F9 8D8D D8FDFFFF lea ecx,dword ptr ss:[ebp-0x228]
572563FF C645 FC 19 mov byte ptr ss:[ebp-0x4],0x19
57256403 E8 986BD2FF call WeChatWi.56F7CFA0
57256408 8D95 ECFEFFFF lea edx,dword ptr ss:[ebp-0x114]
5725640E 8D4D B0 lea ecx,dword ptr ss:[ebp-0x50]
57256411 E8 0AA31A00 call WeChatWi.57400720
57256416 8D8D ECFEFFFF lea ecx,dword ptr ss:[ebp-0x114]
5725641C E8 9FF21800 call WeChatWi.573E56C0
57256421 8D8D ECFEFFFF lea ecx,dword ptr ss:[ebp-0x114]
57256427 C645 FC 14 mov byte ptr ss:[ebp-0x4],0x14
5725642B E8 706BD2FF call WeChatWi.56F7CFA0
57256430 8BCE mov ecx,esi
57256432 E8 99AF2C00 call WeChatWi.575213D0
57256437 84C0 test al,al
57256439 74 56 je short WeChatWi.57256491
5725643B E8 3003D2FF call WeChatWi.56F76770
57256440 6A 00 push 0x0
57256442 8D85 F8FBFFFF lea eax,dword ptr ss:[ebp-0x408]
57256448 50 push eax
57256449 8D85 D8FEFFFF lea eax,dword ptr ss:[ebp-0x128]
5725644F 50 push eax
57256450 E8 FBB52C00 call WeChatWi.57521A50
57256455 C645 FC 1A mov byte ptr ss:[ebp-0x4],0x1A
57256459 E8 1203D2FF call WeChatWi.56F76770
5725645E 6A 01 push 0x1
57256460 8D8D F8FBFFFF lea ecx,dword ptr ss:[ebp-0x408]
57256466 51 push ecx
57256467 8B10 mov edx,dword ptr ds:[eax]
57256469 8BC8 mov ecx,eax
5725646B FF52 04 call dword ptr ds:[edx+0x4]
5725646E 8D85 D8FEFFFF lea eax,dword ptr ss:[ebp-0x128]
57256474 50 push eax
57256475 8D8D F8FBFFFF lea ecx,dword ptr ss:[ebp-0x408]
5725647B E8 007DD4FF call WeChatWi.56F9E180
57256480 8D8D D8FEFFFF lea ecx,dword ptr ss:[ebp-0x128]
57256486 C645 FC 14 mov byte ptr ss:[ebp-0x4],0x14
5725648A E8 116BD2FF call WeChatWi.56F7CFA0
5725648F EB 15 jmp short WeChatWi.572564A6
57256491 E8 4A7CD4FF call WeChatWi.56F9E0E0
57256496 6A 01 push 0x1
57256498 8D8D F8FBFFFF lea ecx,dword ptr ss:[ebp-0x408]
5725649E 51 push ecx
5725649F 8B10 mov edx,dword ptr ds:[eax]
572564A1 8BC8 mov ecx,eax
572564A3 FF52 14 call dword ptr ds:[edx+0x14]
572564A6 8D8D F8FBFFFF lea ecx,dword ptr ss:[ebp-0x408]
572564AC E8 FF7F1300 call WeChatWi.5738E4B0
572564B1 8BBD 60FFFFFF mov edi,dword ptr ss:[ebp-0xA0]
572564B7 8985 18FFFFFF mov dword ptr ss:[ebp-0xE8],eax
572564BD 8B85 30FFFFFF mov eax,dword ptr ss:[ebp-0xD0]
572564C3 8985 20FFFFFF mov dword ptr ss:[ebp-0xE0],eax
572564C9 8B85 34FFFFFF mov eax,dword ptr ss:[ebp-0xCC] ; user32.73DC6B08
572564CF 8D4F 10 lea ecx,dword ptr ds:[edi+0x10]
572564D2 8985 24FFFFFF mov dword ptr ss:[ebp-0xDC],eax
572564D8 8D85 18FFFFFF lea eax,dword ptr ss:[ebp-0xE8]
572564DE 50 push eax
572564DF 8995 1CFFFFFF mov dword ptr ss:[ebp-0xE4],edx
572564E5 E8 564E0000 call WeChatWi.5725B340
572564EA 50 push eax
572564EB 83C0 10 add eax,0x10
572564EE 50 push eax
572564EF 51 push ecx
572564F0 8D85 D0FEFFFF lea eax,dword ptr ss:[ebp-0x130]
572564F6 50 push eax
572564F7 8D4F 10 lea ecx,dword ptr ds:[edi+0x10]
572564FA E8 41EBDEFF call WeChatWi.57045040
572564FF FF47 18 inc dword ptr ds:[edi+0x18]
57256502 807D EE 00 cmp byte ptr ss:[ebp-0x12],0x0
57256506 0F84 07010000 je WeChatWi.57256613
5725650C E8 2F83D2FF call WeChatWi.56F7E840
57256511 6A 00 push 0x0
57256513 6A 01 push 0x1
57256515 6A 01 push 0x1
57256517 6A 0B push 0xB
57256519 6A 5F push 0x5F
5725651B E8 F02F9C00 call WeChatWi.57C19510
接收消息:
基址:56F30000
57284961 8BF8 mov edi,eax
57284963 83C4 04 add esp,0x4
57284966 C707 00000000 mov dword ptr ds:[edi],0x0
5728496C C747 04 0000000>mov dword ptr ds:[edi+0x4],0x0
57284973 C747 08 0000000>mov dword ptr ds:[edi+0x8],0x0
5728497A 893D 8C5D5658 mov dword ptr ds:[0x58565D8C],edi
57284980 8B77 04 mov esi,dword ptr ds:[edi+0x4] ; WeChatWi.5771B53E
57284983 F6C3 01 test bl,0x1
57284986 75 2F jnz short WeChatWi.572849B7
57284988 83CB 01 or ebx,0x1
5728498B 891D 305D5658 mov dword ptr ds:[0x58565D30],ebx
57284991 C745 FC 0200000>mov dword ptr ss:[ebp-0x4],0x2
57284998 E8 4372FFFF call WeChatWi.5727BBE0
5728499D 68 A0121058 push WeChatWi.581012A0
572849A2 E8 B1599800 call WeChatWi.57C0A358
572849A7 C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
572849AE 83C4 04 add esp,0x4
572849B1 8B3D 8C5D5658 mov edi,dword ptr ds:[0x58565D8C]
572849B7 85FF test edi,edi
572849B9 75 26 jnz short WeChatWi.572849E1
572849BB 6A 0C push 0xC
572849BD E8 2B569800 call WeChatWi.57C09FED
572849C2 8BF8 mov edi,eax
572849C4 83C4 04 add esp,0x4
572849C7 C707 00000000 mov dword ptr ds:[edi],0x0
572849CD C747 04 0000000>mov dword ptr ds:[edi+0x4],0x0
572849D4 C747 08 0000000>mov dword ptr ds:[edi+0x8],0x0
572849DB 893D 8C5D5658 mov dword ptr ds:[0x58565D8C],edi
572849E1 8A45 EC mov al,byte ptr ss:[ebp-0x14]
572849E4 8B0F mov ecx,dword ptr ds:[edi]
572849E6 8BFE mov edi,esi
572849E8 8845 F0 mov byte ptr ss:[ebp-0x10],al
572849EB 2BF9 sub edi,ecx
572849ED 8D45 F0 lea eax,dword ptr ss:[ebp-0x10]
572849F0 50 push eax
572849F1 B8 89888888 mov eax,0x88888889
572849F6 F7EF imul edi
572849F8 03D7 add edx,edi
572849FA C1FA 08 sar edx,0x8
572849FD 8BC2 mov eax,edx
572849FF C1E8 1F shr eax,0x1F
57284A02 03C2 add eax,edx
57284A04 8BD6 mov edx,esi
57284A06 50 push eax
57284A07 E8 D4D0D1FF call WeChatWi.56FA1AE0
57284A0C A1 903C5658 mov eax,dword ptr ds:[0x58563C90]
57284A11 83C4 08 add esp,0x8
57284A14 A8 01 test al,0x1
57284A16 75 28 jnz short WeChatWi.57284A40
57284A18 83C8 01 or eax,0x1
57284A1B A3 903C5658 mov dword ptr ds:[0x58563C90],eax
57284A20 C745 FC 0300000>mov dword ptr ss:[ebp-0x4],0x3
57284A27 E8 943CF3FF call WeChatWi.571B86C0
57284A2C 68 70590F58 push WeChatWi.580F5970
57284A31 E8 22599800 call WeChatWi.57C0A358
57284A36 83C4 04 add esp,0x4
57284A39 C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57284A40 A1 305D5658 mov eax,dword ptr ds:[0x58565D30]
57284A45 A8 01 test al,0x1
57284A47 75 28 jnz short WeChatWi.57284A71
57284A49 83C8 01 or eax,0x1
57284A4C A3 305D5658 mov dword ptr ds:[0x58565D30],eax
57284A51 C745 FC 0400000>mov dword ptr ss:[ebp-0x4],0x4
57284A58 E8 8371FFFF call WeChatWi.5727BBE0
57284A5D 68 A0121058 push WeChatWi.581012A0
57284A62 E8 F1589800 call WeChatWi.57C0A358
57284A67 83C4 04 add esp,0x4
57284A6A C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57284A71 A1 8C5D5658 mov eax,dword ptr ds:[0x58565D8C]
57284A76 85C0 test eax,eax
57284A78 75 23 jnz short WeChatWi.57284A9D
57284A7A 6A 0C push 0xC
57284A7C E8 6C559800 call WeChatWi.57C09FED
57284A81 83C4 04 add esp,0x4
57284A84 C700 00000000 mov dword ptr ds:[eax],0x0
57284A8A C740 04 0000000>mov dword ptr ds:[eax+0x4],0x0
57284A91 C740 08 0000000>mov dword ptr ds:[eax+0x8],0x0
57284A98 A3 8C5D5658 mov dword ptr ds:[0x58565D8C],eax
57284A9D 50 push eax
57284A9E A1 983C5658 mov eax,dword ptr ds:[0x58563C98]
57284AA3 B9 983C5658 mov ecx,WeChatWi.58563C98 ; Hook这行
57284AA8 FF50 08 call dword ptr ds:[eax+0x8]
57284AAB 8B1D 305D5658 mov ebx,dword ptr ds:[0x58565D30]
57284AB1 F6C3 01 test bl,0x1
57284AB4 75 2F jnz short WeChatWi.57284AE5
57284AB6 83CB 01 or ebx,0x1
57284AB9 891D 305D5658 mov dword ptr ds:[0x58565D30],ebx
57284ABF C745 FC 0500000>mov dword ptr ss:[ebp-0x4],0x5
57284AC6 E8 1571FFFF call WeChatWi.5727BBE0
57284ACB 68 A0121058 push WeChatWi.581012A0
57284AD0 E8 83589800 call WeChatWi.57C0A358
57284AD5 C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57284ADC 83C4 04 add esp,0x4
57284ADF 8B1D 305D5658 mov ebx,dword ptr ds:[0x58565D30]
57284AE5 8B3D 8C5D5658 mov edi,dword ptr ds:[0x58565D8C]
57284AEB 85FF test edi,edi
57284AED 75 2C jnz short WeChatWi.57284B1B
57284AEF 6A 0C push 0xC
57284AF1 E8 F7549800 call WeChatWi.57C09FED
57284AF6 8B1D 305D5658 mov ebx,dword ptr ds:[0x58565D30]
57284AFC 8BF8 mov edi,eax
57284AFE 83C4 04 add esp,0x4
57284B01 C707 00000000 mov dword ptr ds:[edi],0x0
57284B07 C747 04 0000000>mov dword ptr ds:[edi+0x4],0x0
57284B0E C747 08 0000000>mov dword ptr ds:[edi+0x8],0x0
57284B15 893D 8C5D5658 mov dword ptr ds:[0x58565D8C],edi
57284B1B 8B47 04 mov eax,dword ptr ds:[edi+0x4] ; WeChatWi.5771B53E
57284B1E 8B37 mov esi,dword ptr ds:[edi]
57284B20 8945 E8 mov dword ptr ss:[ebp-0x18],eax
57284B23 3BF0 cmp esi,eax
57284B25 74 20 je short WeChatWi.57284B47
57284B27 8BD8 mov ebx,eax
57284B29 0F1F ??? ; 未知命令
57284B2B 8000 00 add byte ptr ds:[eax],0x0
57284B2E 0000 add byte ptr ds:[eax],al
57284B30 8BCE mov ecx,esi
57284B32 E8 B93DCFFF call WeChatWi.56F788F0
57284B37 81C6 E0010000 add esi,0x1E0
57284B3D 3BF3 cmp esi,ebx
57284B3F ^ 75 EF jnz short WeChatWi.57284B30
57284B41 8B1D 305D5658 mov ebx,dword ptr ds:[0x58565D30]
57284B47 8B07 mov eax,dword ptr ds:[edi]
57284B49 8947 04 mov dword ptr ds:[edi+0x4],eax
57284B4C F6C3 01 test bl,0x1
57284B4F 75 2F jnz short WeChatWi.57284B80
57284B51 83CB 01 or ebx,0x1
57284B54 891D 305D5658 mov dword ptr ds:[0x58565D30],ebx
57284B5A C745 FC 0600000>mov dword ptr ss:[ebp-0x4],0x6
57284B61 E8 7A70FFFF call WeChatWi.5727BBE0
57284B66 68 A0121058 push WeChatWi.581012A0
57284B6B E8 E8579800 call WeChatWi.57C0A358
57284B70 C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57284B77 83C4 04 add esp,0x4
57284B7A 8B1D 305D5658 mov ebx,dword ptr ds:[0x58565D30]
57284B80 8B3D 905D5658 mov edi,dword ptr ds:[0x58565D90]
57284B86 85FF test edi,edi
57284B88 75 2C jnz short WeChatWi.57284BB6
57284B8A 6A 0C push 0xC
57284B8C E8 5C549800 call WeChatWi.57C09FED
57284B91 8B1D 305D5658 mov ebx,dword ptr ds:[0x58565D30]
57284B97 8BF8 mov edi,eax
57284B99 83C4 04 add esp,0x4
57284B9C C707 00000000 mov dword ptr ds:[edi],0x0
57284BA2 C747 04 0000000>mov dword ptr ds:[edi+0x4],0x0
57284BA9 C747 08 0000000>mov dword ptr ds:[edi+0x8],0x0
57284BB0 893D 905D5658 mov dword ptr ds:[0x58565D90],edi
57284BB6 8B4F 04 mov ecx,dword ptr ds:[edi+0x4] ; WeChatWi.5771B53E
57284BB9 B8 89888888 mov eax,0x88888889
57284BBE 2B0F sub ecx,dword ptr ds:[edi]
57284BC0 F7E9 imul ecx
57284BC2 03D1 add edx,ecx
57284BC4 C1FA 08 sar edx,0x8
57284BC7 8BC2 mov eax,edx
57284BC9 C1E8 1F shr eax,0x1F
57284BCC 03C2 add eax,edx
57284BCE 0F84 F7020000 je WeChatWi.57284ECB
57284BD4 F6C3 01 test bl,0x1
57284BD7 75 35 jnz short WeChatWi.57284C0E
57284BD9 83CB 01 or ebx,0x1
57284BDC 891D 305D5658 mov dword ptr ds:[0x58565D30],ebx
57284BE2 C745 FC 0700000>mov dword ptr ss:[ebp-0x4],0x7
57284BE9 E8 F26FFFFF call WeChatWi.5727BBE0
57284BEE 68 A0121058 push WeChatWi.581012A0
57284BF3 E8 60579800 call WeChatWi.57C0A358
57284BF8 C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57284BFF 83C4 04 add esp,0x4
57284C02 8B1D 305D5658 mov ebx,dword ptr ds:[0x58565D30]
登录二维码URL值:
基址:56F30000
57250BEE CC int3
57250BEF CC int3
57250BF0 56 push esi
57250BF1 8BF1 mov esi,ecx
57250BF3 6A 00 push 0x0
57250BF5 68 949C2958 push WeChatWi.58299C94
57250BFA 8D4E 08 lea ecx,dword ptr ds:[esi+0x8]
57250BFD C646 04 00 mov byte ptr ds:[esi+0x4],0x0
57250C01 E8 0A18D3FF call WeChatWi.56F82410 ; 断点这里,获取ecx的值
57250C06 6A 00 push 0x0
57250C08 68 949C2958 push WeChatWi.58299C94
57250C0D 8D4E 2C lea ecx,dword ptr ds:[esi+0x2C]
57250C10 C746 28 0000000>mov dword ptr ds:[esi+0x28],0x0
57250C17 E8 F417D3FF call WeChatWi.56F82410
57250C1C 6A 00 push 0x0
57250C1E 68 949C2958 push WeChatWi.58299C94
57250C23 8D4E 44 lea ecx,dword ptr ds:[esi+0x44]
57250C26 C746 24 0000000>mov dword ptr ds:[esi+0x24],0x0
57250C2D E8 DE17D3FF call WeChatWi.56F82410
57250C32 6A 00 push 0x0
57250C34 68 949C2958 push WeChatWi.58299C94
57250C39 8D4E 5C lea ecx,dword ptr ds:[esi+0x5C]
57250C3C E8 CF17D3FF call WeChatWi.56F82410
57250C41 83EC 10 sub esp,0x10
57250C44 C646 74 00 mov byte ptr ds:[esi+0x74],0x0
57250C48 0F1005 E0882958 movups xmm0,dqword ptr ds:[0x582988E0]
57250C4F 8BC4 mov eax,esp
57250C51 BA CC0E3158 mov edx,WeChatWi.58310ECC ; ASCII "02_manager\QRCodeLoginMgr.cpp"
57250C56 83EC 10 sub esp,0x10
57250C59 B9 02000000 mov ecx,0x2
57250C5E 0F1100 movups dqword ptr ds:[eax],xmm0
57250C61 8BC4 mov eax,esp
57250C63 83EC 10 sub esp,0x10
57250C66 0F1100 movups dqword ptr ds:[eax],xmm0
57250C69 8BC4 mov eax,esp
57250C6B 83EC 10 sub esp,0x10
57250C6E 0F1100 movups dqword ptr ds:[eax],xmm0
57250C71 8BC4 mov eax,esp
57250C73 83EC 10 sub esp,0x10
57250C76 0F1100 movups dqword ptr ds:[eax],xmm0
57250C79 8BC4 mov eax,esp
57250C7B 83EC 10 sub esp,0x10
57250C7E 0F1100 movups dqword ptr ds:[eax],xmm0
57250C81 8BC4 mov eax,esp
57250C83 68 580E3158 push WeChatWi.58310E58 ; ASCII "qrCodeLogin mgr reset()"
57250C88 68 9C0E3158 push WeChatWi.58310E9C ; ASCII "QRCodeLoginMgr"
57250C8D 68 700E3158 push WeChatWi.58310E70 ; ASCII "QRCodeLoginMgr::reset"
57250C92 6A 45 push 0x45
57250C94 0F1100 movups dqword ptr ds:[eax],xmm0
57250C97 E8 64D41B00 call WeChatWi.5740E100
57250C9C 0F57C0 xorps xmm0,xmm0
57250C9F 83C4 70 add esp,0x70
57250CA2 0F1186 8C000000 movups dqword ptr ds:[esi+0x8C],xmm0
57250CA9 0F1186 9C000000 movups dqword ptr ds:[esi+0x9C],xmm0
57250CB0 C786 AC000000 0>mov dword ptr ds:[esi+0xAC],0x0
57250CBA 5E pop esi ; user32.73DE4F8A
57250CBB C3 retn
调用显示登录二维码:
基址:56F30000
57143B20 55 push ebp
57143B21 8BEC mov ebp,esp
57143B23 6A FF push -0x1
57143B25 68 280F0358 push WeChatWi.58030F28
57143B2A 64:A1 00000000 mov eax,dword ptr fs:[0]
57143B30 50 push eax
57143B31 83EC 14 sub esp,0x14
57143B34 56 push esi
57143B35 A1 942B4F58 mov eax,dword ptr ds:[0x584F2B94]
57143B3A 33C5 xor eax,ebp
57143B3C 50 push eax
57143B3D 8D45 F4 lea eax,dword ptr ss:[ebp-0xC]
57143B40 64:A3 00000000 mov dword ptr fs:[0],eax
57143B46 8BF1 mov esi,ecx
57143B48 8B8E 54030000 mov ecx,dword ptr ds:[esi+0x354]
57143B4E 85C9 test ecx,ecx
57143B50 0F84 9E000000 je WeChatWi.57143BF4
57143B56 83BE 58030000 0>cmp dword ptr ds:[esi+0x358],0x0
57143B5D 0F84 91000000 je WeChatWi.57143BF4
57143B63 83BE 5C030000 0>cmp dword ptr ds:[esi+0x35C],0x0
57143B6A 0F84 84000000 je WeChatWi.57143BF4
57143B70 83BE 70030000 0>cmp dword ptr ds:[esi+0x370],0x0
57143B77 74 7B je short WeChatWi.57143BF4
57143B79 6A 01 push 0x1
57143B7B 6A 01 push 0x1
57143B7D E8 FFFD5F00 call WeChatWi.57743981
57143B82 8B8E 5C030000 mov ecx,dword ptr ds:[esi+0x35C]
57143B88 6A 00 push 0x0
57143B8A 8B01 mov eax,dword ptr ds:[ecx]
57143B8C FF90 EC000000 call dword ptr ds:[eax+0xEC]
57143B92 8B8E 58030000 mov ecx,dword ptr ds:[esi+0x358]
57143B98 6A 01 push 0x1
57143B9A 6A 00 push 0x0
57143B9C E8 E0FD5F00 call WeChatWi.57743981
57143BA1 BA 07040000 mov edx,0x407
57143BA6 C686 79030000 0>mov byte ptr ds:[esi+0x379],0x0
57143BAD 8D4D E0 lea ecx,dword ptr ss:[ebp-0x20]
57143BB0 E8 2BC12C00 call WeChatWi.5740FCE0
57143BB5 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
57143BBC 8B10 mov edx,dword ptr ds:[eax]
57143BBE 85D2 test edx,edx
57143BC0 74 06 je short WeChatWi.57143BC8
57143BC2 66:833A 00 cmp word ptr ds:[edx],0x0
57143BC6 75 05 jnz short WeChatWi.57143BCD
57143BC8 BA 08892958 mov edx,WeChatWi.58298908
57143BCD 8B8E 70030000 mov ecx,dword ptr ds:[esi+0x370]
57143BD3 52 push edx
57143BD4 8B01 mov eax,dword ptr ds:[ecx]
57143BD6 FF50 40 call dword ptr ds:[eax+0x40]
57143BD9 8D4D E0 lea ecx,dword ptr ss:[ebp-0x20]
57143BDC C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
57143BE3 E8 B893E3FF call WeChatWi.56F7CFA0
57143BE8 E8 93C6FFFF call WeChatWi.57140280 ; 调用1
57143BED 8BC8 mov ecx,eax
57143BEF E8 6CDA1000 call WeChatWi.57251660 ; 调用2
57143BF4 8B4D F4 mov ecx,dword ptr ss:[ebp-0xC]
57143BF7 64:890D 0000000>mov dword ptr fs:[0],ecx
57143BFE 59 pop ecx ; user32.73DE4F8A
57143BFF 5E pop esi ; user32.73DE4F8A
57143C00 8BE5 mov esp,ebp
57143C02 5D pop ebp ; user32.73DE4F8A
57143C03 C3 retn
好友列表:
基址:56F30000
573A9EB0 55 push ebp
573A9EB1 8BEC mov ebp,esp
573A9EB3 6A FF push -0x1
573A9EB5 68 30C60758 push WeChatWi.5807C630
573A9EBA 64:A1 00000000 mov eax,dword ptr fs:[0]
573A9EC0 50 push eax
573A9EC1 83EC 08 sub esp,0x8
573A9EC4 53 push ebx
573A9EC5 56 push esi
573A9EC6 A1 942B4F58 mov eax,dword ptr ds:[0x584F2B94]
573A9ECB 33C5 xor eax,ebp
573A9ECD 50 push eax
573A9ECE 8D45 F4 lea eax,dword ptr ss:[ebp-0xC]
573A9ED1 64:A3 00000000 mov dword ptr fs:[0],eax
573A9ED7 8BF1 mov esi,ecx
573A9ED9 8D86 B4000000 lea eax,dword ptr ds:[esi+0xB4]
573A9EDF C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
573A9EE6 50 push eax
573A9EE7 8945 EC mov dword ptr ss:[ebp-0x14],eax
573A9EEA C745 F0 0000000>mov dword ptr ss:[ebp-0x10],0x0
573A9EF1 FF15 34A21258 call dword ptr ds:[<&KERNEL32.EnterCriti>; ntdll.RtlEnterCriticalSection
573A9EF7 8D45 08 lea eax,dword ptr ss:[ebp+0x8]
573A9EFA C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
573A9EFE 8D9E 84000000 lea ebx,dword ptr ds:[esi+0x84]
573A9F04 50 push eax
573A9F05 8BCB mov ecx,ebx
573A9F07 E8 847CBDFF call WeChatWi.56F81B90
573A9F0C 8BF0 mov esi,eax
573A9F0E 3B33 cmp esi,dword ptr ds:[ebx]
573A9F10 74 1F je short WeChatWi.573A9F31
573A9F12 8B46 10 mov eax,dword ptr ds:[esi+0x10]
573A9F15 85C0 test eax,eax
573A9F17 74 06 je short WeChatWi.573A9F1F
573A9F19 66:8338 00 cmp word ptr ds:[eax],0x0
573A9F1D 75 05 jnz short WeChatWi.573A9F24
573A9F1F B8 08892958 mov eax,WeChatWi.58298908
573A9F24 50 push eax
573A9F25 8D4D 08 lea ecx,dword ptr ss:[ebp+0x8]
573A9F28 E8 E3540600 call WeChatWi.5740F410 ; Hook这行,取esi
573A9F2D 85C0 test eax,eax
573A9F2F 79 02 jns short WeChatWi.573A9F33
573A9F31 8B33 mov esi,dword ptr ds:[ebx]
573A9F33 3B33 cmp esi,dword ptr ds:[ebx]
573A9F35 74 10 je short WeChatWi.573A9F47
573A9F37 8B4D 1C mov ecx,dword ptr ss:[ebp+0x1C] ; WeChat.00910000
573A9F3A 83C6 28 add esi,0x28
573A9F3D 56 push esi
573A9F3E E8 CD55BDFF call WeChatWi.56F7F510
573A9F43 B3 01 mov bl,0x1
573A9F45 EB 02 jmp short WeChatWi.573A9F49
573A9F47 32DB xor bl,bl
573A9F49 FF75 EC push dword ptr ss:[ebp-0x14]
573A9F4C FF15 30A21258 call dword ptr ds:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection
573A9F52 8B45 08 mov eax,dword ptr ss:[ebp+0x8]
573A9F55 85C0 test eax,eax
573A9F57 74 10 je short WeChatWi.573A9F69
573A9F59 50 push eax
573A9F5A E8 D502C600 call WeChatWi.5800A234
573A9F5F 83C4 04 add esp,0x4
573A9F62 C745 08 0000000>mov dword ptr ss:[ebp+0x8],0x0
573A9F69 8B45 14 mov eax,dword ptr ss:[ebp+0x14]
573A9F6C C745 10 0000000>mov dword ptr ss:[ebp+0x10],0x0
573A9F73 C745 0C 0000000>mov dword ptr ss:[ebp+0xC],0x0
573A9F7A 85C0 test eax,eax
573A9F7C 74 09 je short WeChatWi.573A9F87
573A9F7E 50 push eax
573A9F7F E8 B002C600 call WeChatWi.5800A234
573A9F84 83C4 04 add esp,0x4
573A9F87 8AC3 mov al,bl
573A9F89 8B4D F4 mov ecx,dword ptr ss:[ebp-0xC]
573A9F8C 64:890D 0000000>mov dword ptr fs:[0],ecx
573A9F93 59 pop ecx ; user32.73DE4F8A
573A9F94 5E pop esi ; user32.73DE4F8A
573A9F95 5B pop ebx ; user32.73DE4F8A
573A9F96 8BE5 mov esp,ebp
573A9F98 5D pop ebp ; user32.73DE4F8A
573A9F99 C2 1800 retn 0x18
退出微信:
基址:0F790000
0FBCF7A0 E5 00 in eax,0x0
0FBCF7A2 0000 add byte ptr ds:[eax],al
0FBCF7A4 006A 0A add byte ptr ds:[edx+0xA],ch
0FBCF7A7 51 push ecx
0FBCF7A8 50 push eax
0FBCF7A9 66:C745 E9 0000 mov word ptr ss:[ebp-0x17],0x0
0FBCF7AF E8 D9ADC900 call WeChatWi.1086A58D
0FBCF7B4 83C4 0C add esp,0xC
0FBCF7B7 8D45 DC lea eax,dword ptr ss:[ebp-0x24]
0FBCF7BA 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40]
0FBCF7BD 6A FF push -0x1
0FBCF7BF 6A 00 push 0x0
0FBCF7C1 50 push eax
0FBCF7C2 E8 B9F60900 call WeChatWi.0FC6EE80
0FBCF7C7 6A 01 push 0x1
0FBCF7C9 6A 01 push 0x1
0FBCF7CB C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0FBCF7D2 83EC 14 sub esp,0x14
0FBCF7D5 8B7D C0 mov edi,dword ptr ss:[ebp-0x40]
0FBCF7D8 8BCC mov ecx,esp
0FBCF7DA 8965 D8 mov dword ptr ss:[ebp-0x28],esp
0FBCF7DD 6A FF push -0x1
0FBCF7DF C701 00000000 mov dword ptr ds:[ecx],0x0
0FBCF7E5 C741 04 0000000>mov dword ptr ds:[ecx+0x4],0x0
0FBCF7EC C741 08 0000000>mov dword ptr ds:[ecx+0x8],0x0
0FBCF7F3 57 push edi
0FBCF7F4 C741 0C 0000000>mov dword ptr ds:[ecx+0xC],0x0
0FBCF7FB C741 10 0000000>mov dword ptr ds:[ecx+0x10],0x0
0FBCF802 E8 A9F80900 call WeChatWi.0FC6F0B0
0FBCF807 C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
0FBCF80B A1 1CCDDA10 mov eax,dword ptr ds:[0x10DACD1C]
0FBCF810 A8 01 test al,0x1
0FBCF812 75 22 jnz short WeChatWi.0FBCF836
0FBCF814 83C8 01 or eax,0x1
0FBCF817 A3 1CCDDA10 mov dword ptr ds:[0x10DACD1C],eax
0FBCF81C C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
0FBCF820 E8 FBFDEAFF call WeChatWi.0FA7F620
0FBCF825 68 C04B9510 push WeChatWi.10954BC0
0FBCF82A E8 29AB8900 call WeChatWi.1046A358
0FBCF82F 83C4 04 add esp,0x4
0FBCF832 C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
0FBCF836 68 422B0000 push 0x2B42
0FBCF83B C645 FC 00 mov byte ptr ss:[ebp-0x4],0x0
0FBCF83F E8 5CFFEAFF call WeChatWi.0FA7F7A0
0FBCF844 C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0FBCF84B 85FF test edi,edi
0FBCF84D 74 09 je short WeChatWi.0FBCF858
0FBCF84F 57 push edi
0FBCF850 E8 DFA9C900 call WeChatWi.1086A234
0FBCF855 83C4 04 add esp,0x4
0FBCF858 8B45 CC mov eax,dword ptr ss:[ebp-0x34]
0FBCF85B 85C0 test eax,eax
0FBCF85D 74 09 je short WeChatWi.0FBCF868
0FBCF85F 50 push eax
0FBCF860 E8 CFA9C900 call WeChatWi.1086A234
0FBCF865 83C4 04 add esp,0x4
0FBCF868 8A06 mov al,byte ptr ds:[esi]
0FBCF86A 0F1005 E088AF10 movups xmm0,dqword ptr ds:[0x10AF88E0]
0FBCF871 83EC 10 sub esp,0x10
0FBCF874 BA 082BB910 mov edx,WeChatWi.10B92B08 ; ASCII "03_service\service\AccountService.cpp"
0FBCF879 84C0 test al,al
0FBCF87B B9 02000000 mov ecx,0x2
0FBCF880 8BC4 mov eax,esp
0FBCF882 0F1100 movups dqword ptr ds:[eax],xmm0
0FBCF885 75 49 jnz short WeChatWi.0FBCF8D0
0FBCF887 83EC 10 sub esp,0x10
0FBCF88A 8BC4 mov eax,esp
0FBCF88C 83EC 10 sub esp,0x10
0FBCF88F 0F1100 movups dqword ptr ds:[eax],xmm0
0FBCF892 8BC4 mov eax,esp
0FBCF894 83EC 10 sub esp,0x10
0FBCF897 0F1100 movups dqword ptr ds:[eax],xmm0
0FBCF89A 8BC4 mov eax,esp
0FBCF89C 83EC 10 sub esp,0x10
0FBCF89F 0F1100 movups dqword ptr ds:[eax],xmm0
0FBCF8A2 8BC4 mov eax,esp
0FBCF8A4 83EC 10 sub esp,0x10
0FBCF8A7 0F1100 movups dqword ptr ds:[eax],xmm0
0FBCF8AA 8BC4 mov eax,esp
0FBCF8AC 68 982AB910 push WeChatWi.10B92A98 ; ASCII "Already Logout!!"
0FBCF8B1 68 E02AB910 push WeChatWi.10B92AE0 ; ASCII "AccountService"
0FBCF8B6 68 C82AB910 push WeChatWi.10B92AC8 ; ASCII "AccountService::logout"
0FBCF8BB 68 5D010000 push 0x15D
0FBCF8C0 0F1100 movups dqword ptr ds:[eax],xmm0
0FBCF8C3 E8 38E80900 call WeChatWi.0FC6E100
0FBCF8C8 83C4 70 add esp,0x70
0FBCF8CB E9 9F010000 jmp WeChatWi.0FBCFA6F
0FBCF8D0 83EC 10 sub esp,0x10
0FBCF8D3 8BC4 mov eax,esp
0FBCF8D5 83EC 10 sub esp,0x10
0FBCF8D8 0F1100 movups dqword ptr ds:[eax],xmm0
0FBCF8DB 8BC4 mov eax,esp
0FBCF8DD 83EC 10 sub esp,0x10
0FBCF8E0 0F1100 movups dqword ptr ds:[eax],xmm0
0FBCF8E3 8BC4 mov eax,esp
0FBCF8E5 83EC 10 sub esp,0x10
0FBCF8E8 0F1100 movups dqword ptr ds:[eax],xmm0
0FBCF8EB 8BC4 mov eax,esp
0FBCF8ED 83EC 10 sub esp,0x10
0FBCF8F0 807D 08 00 cmp byte ptr ss:[ebp+0x8],0x0
0FBCF8F4 0F1100 movups dqword ptr ds:[eax],xmm0
0FBCF8F7 8BC4 mov eax,esp
0FBCF8F9 0F1100 movups dqword ptr ds:[eax],xmm0
0FBCF8FC 75 23 jnz short WeChatWi.0FBCF921
0FBCF8FE 68 BC2AB910 push WeChatWi.10B92ABC ; ASCII "User Logout"
0FBCF903 68 E02AB910 push WeChatWi.10B92AE0 ; ASCII "AccountService"
0FBCF908 68 C82AB910 push WeChatWi.10B92AC8 ; ASCII "AccountService::logout"
0FBCF90D 68 63010000 push 0x163
0FBCF912 E8 E9E70900 call WeChatWi.0FC6E100
0FBCF917 83C4 6C add esp,0x6C
0FBCF91A E8 01070000 call WeChatWi.0FBD0020 ; 调用call
0FBCF91F EB 1C jmp short WeChatWi.0FBCF93D
0FBCF921 68 EC2BB910 push WeChatWi.10B92BEC ; ASCII "Kicked by Srv Logout onLogout(0,0,0)"
0FBCF926 68 E02AB910 push WeChatWi.10B92AE0 ; ASCII "AccountService"
0FBCF92B 68 C82AB910 push WeChatWi.10B92AC8 ; ASCII "AccountService::logout"
0FBCF930 68 68010000 push 0x168
0FBCF935 E8 C6E70900 call WeChatWi.0FC6E100
0FBCF93A 83C4 70 add esp,0x70
0FBCF93D 32C0 xor al,al
0FBCF93F 8606 xchg byte ptr ds:[esi],al
0FBCF941 A1 10DEDA10 mov eax,dword ptr ds:[0x10DADE10]
0FBCF946 85C0 test eax,eax
0FBCF948 75 19 jnz short WeChatWi.0FBCF963
0FBCF94A 6A 40 push 0x40
0FBCF94C E8 9CA68900 call WeChatWi.10469FED
0FBCF951 83C4 04 add esp,0x4
0FBCF954 8945 D8 mov dword ptr ss:[ebp-0x28],eax
0FBCF957 8BC8 mov ecx,eax
0FBCF959 E8 12AD2F00 call WeChatWi.0FECA670
0FBCF95E A3 10DEDA10 mov dword ptr ds:[0x10DADE10],eax
0FBCF963 8BC8 mov ecx,eax
0FBCF965 E8 56AE2F00 call WeChatWi.0FECA7C0
0FBCF96A A1 4854DC10 mov eax,dword ptr ds:[0x10DC5448]
0FBCF96F A8 01 test al,0x1
0FBCF971 75 29 jnz short WeChatWi.0FBCF99C
0FBCF973 83C8 01 or eax,0x1
0FBCF976 A3 4854DC10 mov dword ptr ds:[0x10DC5448],eax
0FBCF97B 51 push ecx
0FBCF97C C745 FC 0300000>mov dword ptr ss:[ebp-0x4],0x3
0FBCF983 E8 683B3300 call WeChatWi.0FF034F0
0FBCF988 68 90959510 push WeChatWi.10959590
0FBCF98D E8 C6A98900 call WeChatWi.1046A358
0FBCF992 83C4 04 add esp,0x4
0FBCF995 C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0FBCF99C B9 C845DC10 mov ecx,WeChatWi.10DC45C8
0FBCF9A1 E8 BA5B3300 call WeChatWi.0FF05560
0FBCF9A6 A1 F45DDC10 mov eax,dword ptr ds:[0x10DC5DF4]
0FBCF9AB A8 01 test al,0x1
0FBCF9AD 75 1C jnz short WeChatWi.0FBCF9CB
0FBCF9AF 83C8 01 or eax,0x1
0FBCF9B2 C605 F05DDC10 0>mov byte ptr ds:[0x10DC5DF0],0x0
0FBCF9B9 68 801C9610 push WeChatWi.10961C80
0FBCF9BE A3 F45DDC10 mov dword ptr ds:[0x10DC5DF4],eax
0FBCF9C3 E8 90A98900 call WeChatWi.1046A358
0FBCF9C8 83C4 04 add esp,0x4
0FBCF9CB 833D B8CEDA10 0>cmp dword ptr ds:[0x10DACEB8],0x0
0FBCF9D2 74 1D je short WeChatWi.0FBCF9F1
0FBCF9D4 803D F05DDC10 0>cmp byte ptr ds:[0x10DC5DF0],0x0
0FBCF9DB 75 14 jnz short WeChatWi.0FBCF9F1
0FBCF9DD E8 9E4CDCFF call WeChatWi.0F994680
0FBCF9E2 6A 01 push 0x1
0FBCF9E4 8BC8 mov ecx,eax
0FBCF9E6 8B10 mov edx,dword ptr ds:[eax]
0FBCF9E8 FF12 call dword ptr ds:[edx]
0FBCF9EA C605 F05DDC10 0>mov byte ptr ds:[0x10DC5DF0],0x1
0FBCF9F1 6A 01 push 0x1
0FBCF9F3 6A 33 push 0x33
0FBCF9F5 E8 A6140600 call WeChatWi.0FC30EA0
0FBCF9FA 8BC8 mov ecx,eax
0FBCF9FC E8 1F370300 call WeChatWi.0FC03120
0FBCFA01 A1 88CFDA10 mov eax,dword ptr ds:[0x10DACF88]
0FBCFA06 85C0 test eax,eax
0FBCFA08 75 2A jnz short WeChatWi.0FBCFA34
0FBCFA0A 68 84000000 push 0x84
0FBCFA0F E8 D9A58900 call WeChatWi.10469FED
0FBCFA14 83C4 04 add esp,0x4
0FBCFA17 8945 D8 mov dword ptr ss:[ebp-0x28],eax
0FBCFA1A 8BC8 mov ecx,eax
0FBCFA1C C745 FC 0500000>mov dword ptr ss:[ebp-0x4],0x5
0FBCFA23 E8 2889F3FF call WeChatWi.0FB08350
0FBCFA28 C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0FBCFA2F A3 88CFDA10 mov dword ptr ds:[0x10DACF88],eax
0FBCFA34 51 push ecx
0FBCFA35 6A 00 push 0x0
0FBCFA37 6A 00 push 0x0
0FBCFA39 68 A2020000 push 0x2A2
0FBCFA3E 8BC8 mov ecx,eax
0FBCFA40 E8 CB9CF3FF call WeChatWi.0FB09710
0FBCFA45 83EC 08 sub esp,0x8
0FBCFA48 E8 D3020000 call WeChatWi.0FBCFD20
0FBCFA4D A1 30D0DA10 mov eax,dword ptr ds:[0x10DAD030]
0FBCFA52 83C4 08 add esp,0x8
0FBCFA55 85C0 test eax,eax
0FBCFA57 74 11 je short WeChatWi.0FBCFA6A
0FBCFA59 50 push eax
发送xml文章、小程序:
基址:0F780000
0F9E039D E8 FECBDEFF call WeChatWi.0F7CCFA0
0F9E03A2 8D95 64FFFFFF lea edx,dword ptr ss:[ebp-0x9C]
0F9E03A8 8D8D 34FFFFFF lea ecx,dword ptr ss:[ebp-0xCC]
0F9E03AE E8 6D032700 call WeChatWi.0FC50720
0F9E03B3 84C0 test al,al
0F9E03B5 75 07 jnz short WeChatWi.0F9E03BE
0F9E03B7 32DB xor bl,bl
0F9E03B9 E9 31040000 jmp WeChatWi.0F9E07EF
0F9E03BE 6A FF push -0x1
0F9E03C0 68 0889AE10 push WeChatWi.10AE8908
0F9E03C5 8D8D 78FFFFFF lea ecx,dword ptr ss:[ebp-0x88]
0F9E03CB E8 E0E92700 call WeChatWi.0FC5EDB0
0F9E03D0 8D45 A0 lea eax,dword ptr ss:[ebp-0x60]
0F9E03D3 C645 FC 11 mov byte ptr ss:[ebp-0x4],0x11
0F9E03D7 50 push eax
0F9E03D8 8BCE mov ecx,esi
0F9E03DA E8 6104E1FF call WeChatWi.0F7F0840
0F9E03DF 8BD0 mov edx,eax
0F9E03E1 C645 FC 12 mov byte ptr ss:[ebp-0x4],0x12
0F9E03E5 8D8D 50FFFFFF lea ecx,dword ptr ss:[ebp-0xB0]
0F9E03EB E8 C0AC2600 call WeChatWi.0FC4B0B0
0F9E03F0 8D4D A0 lea ecx,dword ptr ss:[ebp-0x60]
0F9E03F3 C645 FC 14 mov byte ptr ss:[ebp-0x4],0x14
0F9E03F7 E8 A4CBDEFF call WeChatWi.0F7CCFA0
0F9E03FC 83BD 54FFFFFF 0>cmp dword ptr ss:[ebp-0xAC],0x0
0F9E0403 0F9EC0 setle al
0F9E0406 84C0 test al,al
0F9E0408 0F85 B2000000 jnz WeChatWi.0F9E04C0
0F9E040E 8D8D 50FFFFFF lea ecx,dword ptr ss:[ebp-0xB0]
0F9E0414 E8 47F62600 call WeChatWi.0FC4FA60
0F9E0419 84C0 test al,al
0F9E041B 0F84 9F000000 je WeChatWi.0F9E04C0
0F9E0421 E8 9A0DE2FF call WeChatWi.0F8011C0
0F9E0426 6A 00 push 0x0
0F9E0428 8D85 F0F5FFFF lea eax,dword ptr ss:[ebp-0xA10]
0F9E042E 50 push eax
0F9E042F 8D85 28FDFFFF lea eax,dword ptr ss:[ebp-0x2D8]
0F9E0435 50 push eax
0F9E0436 8D45 B4 lea eax,dword ptr ss:[ebp-0x4C]
0F9E0439 50 push eax
0F9E043A E8 41391E00 call WeChatWi.0FBC3D80
0F9E043F 50 push eax
0F9E0440 8D8D 78FFFFFF lea ecx,dword ptr ss:[ebp-0x88]
0F9E0446 E8 45F42700 call WeChatWi.0FC5F890
0F9E044B 8D4D B4 lea ecx,dword ptr ss:[ebp-0x4C]
0F9E044E E8 4DCBDEFF call WeChatWi.0F7CCFA0
0F9E0453 83BD 6CF6FFFF 0>cmp dword ptr ss:[ebp-0x994],0x6
0F9E045A 75 4F jnz short WeChatWi.0F9E04AB
0F9E045C 80BE C8010000 0>cmp byte ptr ds:[esi+0x1C8],0x0
0F9E0463 75 19 jnz short WeChatWi.0F9E047E
0F9E0465 8D86 84000000 lea eax,dword ptr ds:[esi+0x84]
0F9E046B 50 push eax
0F9E046C 8D8E DC000000 lea ecx,dword ptr ds:[esi+0xDC]
0F9E0472 E8 B9DB1F00 call WeChatWi.0FBDE030
0F9E0477 C686 C8010000 0>mov byte ptr ds:[esi+0x1C8],0x1
0F9E047E F686 94010000 0>test byte ptr ds:[esi+0x194],0x1
0F9E0485 74 24 je short WeChatWi.0F9E04AB
0F9E0487 68 2028B510 push WeChatWi.10B52820 ; UNICODE ".tmp"
0F9E048C 8D8D 78FFFFFF lea ecx,dword ptr ss:[ebp-0x88]
0F9E0492 E8 B9F02700 call WeChatWi.0FC5F550
0F9E0497 84C0 test al,al
0F9E0499 75 10 jnz short WeChatWi.0F9E04AB
0F9E049B 68 2028B510 push WeChatWi.10B52820 ; UNICODE ".tmp"
0F9E04A0 8D8D 78FFFFFF lea ecx,dword ptr ss:[ebp-0x88]
0F9E04A6 E8 85ED2700 call WeChatWi.0FC5F230
0F9E04AB 8D95 78FFFFFF lea edx,dword ptr ss:[ebp-0x88]
0F9E04B1 8D8D 50FFFFFF lea ecx,dword ptr ss:[ebp-0xB0]
0F9E04B7 E8 64022700 call WeChatWi.0FC50720
0F9E04BC 84C0 test al,al
0F9E04BE 74 34 je short WeChatWi.0F9E04F4
0F9E04C0 FFB5 6CF6FFFF push dword ptr ss:[ebp-0x994] ; ntdll.7708B6F2
0F9E04C6 8D85 78FFFFFF lea eax,dword ptr ss:[ebp-0x88]
0F9E04CC 50 push eax
0F9E04CD 8D85 64FFFFFF lea eax,dword ptr ss:[ebp-0x9C]
0F9E04D3 50 push eax
0F9E04D4 8D85 20FFFFFF lea eax,dword ptr ss:[ebp-0xE0]
0F9E04DA 50 push eax
0F9E04DB 53 push ebx
0F9E04DC 8D95 48F7FFFF lea edx,dword ptr ss:[ebp-0x8B8]
0F9E04E2 8D8D 28FDFFFF lea ecx,dword ptr ss:[ebp-0x2D8]
0F9E04E8 E8 D3DDFFFF call WeChatWi.0F9DE2C0 ; call1
0F9E04ED 83C4 14 add esp,0x14
0F9E04F0 84C0 test al,al
0F9E04F2 75 07 jnz short WeChatWi.0F9E04FB
0F9E04F4 32DB xor bl,bl
0F9E04F6 E9 DE020000 jmp WeChatWi.0F9E07D9
0F9E04FB 8D85 0CFFFFFF lea eax,dword ptr ss:[ebp-0xF4]
0F9E0501 32DB xor bl,bl
0F9E0503 50 push eax
0F9E0504 8D8D 28FDFFFF lea ecx,dword ptr ss:[ebp-0x2D8]
0F9E050A 895D CC mov dword ptr ss:[ebp-0x34],ebx
0F9E050D E8 2E03E1FF call WeChatWi.0F7F0840 ; call2
0F9E0512 8BD0 mov edx,eax
0F9E0514 C645 FC 15 mov byte ptr ss:[ebp-0x4],0x15
0F9E0518 8D4D A0 lea ecx,dword ptr ss:[ebp-0x60]
0F9E051B E8 90AB2600 call WeChatWi.0FC4B0B0 ; call3
0F9E0520 8D8D 0CFFFFFF lea ecx,dword ptr ss:[ebp-0xF4]
0F9E0526 C645 FC 17 mov byte ptr ss:[ebp-0x4],0x17
0F9E052A E8 71CADEFF call WeChatWi.0F7CCFA0 ; call4
0F9E052F 837D A4 00 cmp dword ptr ss:[ebp-0x5C],0x0
0F9E0533 0F9EC0 setle al
0F9E0536 84C0 test al,al
0F9E0538 75 18 jnz short WeChatWi.0F9E0552
0F9E053A 8D4D A0 lea ecx,dword ptr ss:[ebp-0x60]
0F9E053D E8 1EF52600 call WeChatWi.0FC4FA60 ; call5
0F9E0542 84C0 test al,al
0F9E0544 0FB6DB movzx ebx,bl
0F9E0547 B9 01000000 mov ecx,0x1
0F9E054C 0F45D9 cmovne ebx,ecx
0F9E054F 895D CC mov dword ptr ss:[ebp-0x34],ebx
0F9E0552 8D8D 78FFFFFF lea ecx,dword ptr ss:[ebp-0x88]
0F9E0558 E8 63482500 call WeChatWi.0FC34DC0 ; call6
0F9E055D 84C0 test al,al
0F9E055F 75 2E jnz short WeChatWi.0F9E058F
0F9E0561 8D8D 64FFFFFF lea ecx,dword ptr ss:[ebp-0x9C]
0F9E0567 E8 54482500 call WeChatWi.0FC34DC0 ; call6
0F9E056C 84C0 test al,al
0F9E056E 75 1F jnz short WeChatWi.0F9E058F
0F9E0570 68 A497DA10 push WeChatWi.10DA97A4 ; 参数
0F9E0575 68 A497DA10 push WeChatWi.10DA97A4
0F9E057A 8AD3 mov dl,bl
0F9E057C 8D8D 28FDFFFF lea ecx,dword ptr ss:[ebp-0x2D8]
0F9E0582 E8 49DFFFFF call WeChatWi.0F9DE4D0 ; call7
0F9E0587 83C4 08 add esp,0x8
0F9E058A E9 18020000 jmp WeChatWi.0F9E07A7
0F9E058F 8D85 78FFFFFF lea eax,dword ptr ss:[ebp-0x88]
0F9E0595 50 push eax
0F9E0596 8D4D B4 lea ecx,dword ptr ss:[ebp-0x4C]
0F9E0599 E8 52E82700 call WeChatWi.0FC5EDF0
0F9E059E C645 FC 18 mov byte ptr ss:[ebp-0x4],0x18
0F9E05A2 E8 39DBE0FF call WeChatWi.0F7EE0E0
0F9E05A7 E8 24260300 call WeChatWi.0FA12BD0
0F9E05AC 8D4D DC lea ecx,dword ptr ss:[ebp-0x24]
0F9E05AF 8BF8 mov edi,eax
0F9E05B1 8BF2 mov esi,edx
0F9E05B3 E8 18AE0900 call WeChatWi.0FA7B3D0
0F9E05B8 8BD8 mov ebx,eax
0F9E05BA 56 push esi
0F9E05BB 57 push edi
0F9E05BC 8D4D 8C lea ecx,dword ptr ss:[ebp-0x74]
0F9E05BF C645 FC 19 mov byte ptr ss:[ebp-0x4],0x19
0F9E05C3 E8 C8AB0900 call WeChatWi.0FA7B190
0F9E05C8 83C4 08 add esp,0x8
0F9E05CB 8BD0 mov edx,eax
0F9E05CD 8BCB mov ecx,ebx
0F9E05CF C645 FC 1A mov byte ptr ss:[ebp-0x4],0x1A
0F9E05D3 E8 E8EC2700 call WeChatWi.0FC5F2C0
0F9E05D8 50 push eax
0F9E05D9 8BCA mov ecx,edx
0F9E05DB E8 E0EC2700 call WeChatWi.0FC5F2C0
0F9E05E0 50 push eax
0F9E05E1 8D4D B4 lea ecx,dword ptr ss:[ebp-0x4C]
0F9E05E4 E8 77F82700 call WeChatWi.0FC5FE60
0F9E05E9 8D4D 8C lea ecx,dword ptr ss:[ebp-0x74]
0F9E05EC E8 AFC9DEFF call WeChatWi.0F7CCFA0
0F9E05F1 8D4D DC lea ecx,dword ptr ss:[ebp-0x24]
0F9E05F4 C645 FC 18 mov byte ptr ss:[ebp-0x4],0x18
0F9E05F8 E8 A3C9DEFF call WeChatWi.0F7CCFA0
0F9E05FD 6A 00 push 0x0
0F9E05FF 83EC 14 sub esp,0x14
0F9E0602 8D45 B4 lea eax,dword ptr ss:[ebp-0x4C]
0F9E0605 8BCC mov ecx,esp
0F9E0607 50 push eax
0F9E0608 E8 E3E72700 call WeChatWi.0FC5EDF0
0F9E060D 8D95 78FFFFFF lea edx,dword ptr ss:[ebp-0x88]
0F9E0613 8D4D DC lea ecx,dword ptr ss:[ebp-0x24]
0F9E0616 E8 15562500 call WeChatWi.0FC35C30
0F9E061B 83C4 18 add esp,0x18
0F9E061E 8BC8 mov ecx,eax
0F9E0620 E8 9BEC2700 call WeChatWi.0FC5F2C0
0F9E0625 8D4D DC lea ecx,dword ptr ss:[ebp-0x24]
0F9E0628 8BF0 mov esi,eax
0F9E062A E8 71C9DEFF call WeChatWi.0F7CCFA0
0F9E062F 85F6 test esi,esi
0F9E0631 75 61 jnz short WeChatWi.0F9E0694
0F9E0633 0F1005 E088AE10 movups xmm0,dqword ptr ds:[0x10AE88E0]
0F9E063A 83EC 10 sub esp,0x10
0F9E063D 8BC4 mov eax,esp
0F9E063F 83EC 10 sub esp,0x10
0F9E0642 0F1100 movups dqword ptr ds:[eax],xmm0
0F9E0645 8BC4 mov eax,esp
0F9E0647 83EC 10 sub esp,0x10
0F9E064A 0F1100 movups dqword ptr ds:[eax],xmm0
0F9E064D 8BC4 mov eax,esp
0F9E064F 83EC 10 sub esp,0x10
0F9E0652 0F1100 movups dqword ptr ds:[eax],xmm0
0F9E0655 8BC4 mov eax,esp
0F9E0657 83EC 10 sub esp,0x10
0F9E065A 0F1100 movups dqword ptr ds:[eax],xmm0
0F9E065D 8BC4 mov eax,esp
0F9E065F 83EC 10 sub esp,0x10
0F9E0662 8BCC mov ecx,esp
0F9E0664 0F1100 movups dqword ptr ds:[eax],xmm0
0F9E0667 8D45 B4 lea eax,dword ptr ss:[ebp-0x4C]
0F9E066A 50 push eax
0F9E066B E8 D0C0E2FF call WeChatWi.0F80C740
0F9E0670 68 A82BB510 push WeChatWi.10B52BA8 ; ASCII "move temp image file fail. %s"
0F9E0675 68 DC27B510 push WeChatWi.10B527DC ; ASCII "AppMsgMgr"
0F9E067A 68 002BB510 push WeChatWi.10B52B00 ; ASCII "AppMsgMgr::forwardAppMsg"
0F9E067F 68 B9050000 push 0x5B9
0F9E0684 BA 2C28B510 mov edx,WeChatWi.10B5282C ; ASCII "02_manager\AppMsgMgr.cpp"
0F9E0689 8D4E 02 lea ecx,dword ptr ds:[esi+0x2]
0F9E068C E8 6FDA2700 call WeChatWi.0FC5E100
0F9E0691 83C4 70 add esp,0x70
0F9E0694 8D85 64FFFFFF lea eax,dword ptr ss:[ebp-0x9C]
0F9E069A 50 push eax
自动收款:
基址:0F790000
0FF3A0E0 55 push ebp
0FF3A0E1 8BEC mov ebp,esp
0FF3A0E3 6A FF push -0x1
0FF3A0E5 68 1B7F9010 push WeChatWi.10907F1B
0FF3A0EA 64:A1 00000000 mov eax,dword ptr fs:[0]
0FF3A0F0 50 push eax
0FF3A0F1 83EC 50 sub esp,0x50
0FF3A0F4 A1 942BD510 mov eax,dword ptr ds:[0x10D52B94]
0FF3A0F9 33C5 xor eax,ebp
0FF3A0FB 50 push eax
0FF3A0FC 8D45 F4 lea eax,dword ptr ss:[ebp-0xC]
0FF3A0FF 64:A3 00000000 mov dword ptr fs:[0],eax
0FF3A105 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0FF3A10C 0F57C0 xorps xmm0,xmm0
0FF3A10F C745 C8 0000000>mov dword ptr ss:[ebp-0x38],0x0
0FF3A116 0F1145 A8 movups dqword ptr ss:[ebp-0x58],xmm0
0FF3A11A C745 CC 0000000>mov dword ptr ss:[ebp-0x34],0x0
0FF3A121 0F1145 B8 movups dqword ptr ss:[ebp-0x48],xmm0
0FF3A125 6A 00 push 0x0
0FF3A127 8D85 38010000 lea eax,dword ptr ss:[ebp+0x138]
0FF3A12D C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
0FF3A131 50 push eax
0FF3A132 8D4D DC lea ecx,dword ptr ss:[ebp-0x24]
0FF3A135 E8 C64DD3FF call WeChatWi.0FC6EF00
0FF3A13A 8D45 DC lea eax,dword ptr ss:[ebp-0x24]
0FF3A13D 50 push eax
0FF3A13E 8D4D BC lea ecx,dword ptr ss:[ebp-0x44]
0FF3A141 E8 4A57D3FF call WeChatWi.0FC6F890
0FF3A146 8B45 DC mov eax,dword ptr ss:[ebp-0x24]
0FF3A149 85C0 test eax,eax
0FF3A14B 74 09 je short WeChatWi.0FF3A156
0FF3A14D 50 push eax
0FF3A14E E8 E1009300 call WeChatWi.1086A234
0FF3A153 83C4 04 add esp,0x4
0FF3A156 8B45 E8 mov eax,dword ptr ss:[ebp-0x18] ; user32.73DE4F8A
0FF3A159 85C0 test eax,eax
0FF3A15B 74 09 je short WeChatWi.0FF3A166
0FF3A15D 50 push eax
0FF3A15E E8 D1009300 call WeChatWi.1086A234
0FF3A163 83C4 04 add esp,0x4
0FF3A166 8B45 3C mov eax,dword ptr ss:[ebp+0x3C]
0FF3A169 85C0 test eax,eax
0FF3A16B 74 06 je short WeChatWi.0FF3A173
0FF3A16D 66:8338 00 cmp word ptr ds:[eax],0x0
0FF3A171 75 05 jnz short WeChatWi.0FF3A178
0FF3A173 B8 0889AF10 mov eax,WeChatWi.10AF8908
0FF3A178 FF75 40 push dword ptr ss:[ebp+0x40]
0FF3A17B 8D4D A8 lea ecx,dword ptr ss:[ebp-0x58]
0FF3A17E 50 push eax
0FF3A17F E8 2C4FD3FF call WeChatWi.0FC6F0B0
0FF3A184 8B45 34 mov eax,dword ptr ss:[ebp+0x34]
0FF3A187 83EC 30 sub esp,0x30
0FF3A18A 8945 D0 mov dword ptr ss:[ebp-0x30],eax
0FF3A18D 8BCC mov ecx,esp
0FF3A18F 8D45 A8 lea eax,dword ptr ss:[ebp-0x58]
0FF3A192 C745 D4 0000000>mov dword ptr ss:[ebp-0x2C],0x0
0FF3A199 50 push eax
0FF3A19A E8 51000000 call WeChatWi.0FF3A1F0 ; call1
0FF3A19F E8 CC000000 call WeChatWi.0FF3A270 ; call2
0FF3A1A4 83C4 30 add esp,0x30
0FF3A1A7 8D4D A8 lea ecx,dword ptr ss:[ebp-0x58]
0FF3A1AA E8 D1408CFF call WeChatWi.0F7FE280
0FF3A1AF 8D4D 08 lea ecx,dword ptr ss:[ebp+0x8]
0FF3A1B2 E8 694F8EFF call WeChatWi.0F81F120
0FF3A1B7 8B85 4C010000 mov eax,dword ptr ss:[ebp+0x14C]
0FF3A1BD 83F8 10 cmp eax,0x10
0FF3A1C0 72 12 jb short WeChatWi.0FF3A1D4
0FF3A1C2 6A 01 push 0x1
0FF3A1C4 40 inc eax
0FF3A1C5 50 push eax
0FF3A1C6 FFB5 38010000 push dword ptr ss:[ebp+0x138]
0FF3A1CC E8 EF9989FF call WeChatWi.0F7D3BC0
0FF3A1D1 83C4 0C add esp,0xC
0FF3A1D4 8B4D F4 mov ecx,dword ptr ss:[ebp-0xC]
0FF3A1D7 64:890D 0000000>mov dword ptr fs:[0],ecx
0FF3A1DE 59 pop ecx ; user32.73DE4F8A
0FF3A1DF 8BE5 mov esp,ebp
0FF3A1E1 5D pop ebp ; user32.73DE4F8A
0FF3A1E2 C3 retn
通过名片加好友:
基址:0F790000
0F912FF3 8BCF mov ecx,edi
0F912FF5 68 CCE2A710 push WeChatWi.10A7E2CC ; UNICODE "windowinit"
0F912FFA E8 81916800 call WeChatWi.0FF9C180
0F912FFF 50 push eax
0F913000 E8 0990F400 call WeChatWi.1085C00E
0F913005 83C4 08 add esp,0x8
0F913008 85C0 test eax,eax
0F91300A 75 0E jnz short WeChatWi.0F91301A
0F91300C 51 push ecx
0F91300D 8D4E E0 lea ecx,dword ptr ds:[esi-0x20]
0F913010 E8 EB030000 call WeChatWi.0F913400
0F913015 E9 B8030000 jmp WeChatWi.0F9133D2
0F91301A 68 E4E2A710 push WeChatWi.10A7E2E4 ; UNICODE "click"
0F91301F 8BCF mov ecx,edi
0F913021 E8 5A916800 call WeChatWi.0FF9C180
0F913026 50 push eax
0F913027 E8 E28FF400 call WeChatWi.1085C00E
0F91302C 83C4 08 add esp,0x8
0F91302F 85C0 test eax,eax
0F913031 0F85 54020000 jnz WeChatWi.0F91328B
0F913037 8B8F 08010000 mov ecx,dword ptr ds:[edi+0x108]
0F91303D 8D95 3CFFFFFF lea edx,dword ptr ss:[ebp-0xC4]
0F913043 52 push edx
0F913044 8B01 mov eax,dword ptr ds:[ecx]
0F913046 FF50 04 call dword ptr ds:[eax+0x4]
0F913049 68 5037B110 push WeChatWi.10B13750 ; UNICODE "okbtn"
0F91304E 8BC8 mov ecx,eax
0F913050 E8 2B916800 call WeChatWi.0FF9C180
0F913055 50 push eax
0F913056 E8 B38FF400 call WeChatWi.1085C00E
0F91305B 83C4 08 add esp,0x8
0F91305E 8D8D 3CFFFFFF lea ecx,dword ptr ss:[ebp-0xC4]
0F913064 85C0 test eax,eax
0F913066 0F94C3 sete bl
0F913069 E8 AB916800 call WeChatWi.0FF9C219
0F91306E 84DB test bl,bl
0F913070 0F84 8C010000 je WeChatWi.0F913202
0F913076 83BE 44030000 0>cmp dword ptr ds:[esi+0x344],0x0
0F91307D 0F84 57030000 je WeChatWi.0F9133DA
0F913083 6A FF push -0x1
0F913085 68 0889AF10 push WeChatWi.10AF8908
0F91308A 8D8D 28FFFFFF lea ecx,dword ptr ss:[ebp-0xD8]
0F913090 E8 1BBD3500 call WeChatWi.0FC6EDB0
0F913095 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0F91309C C745 E4 0000000>mov dword ptr ss:[ebp-0x1C],0x0
0F9130A3 C745 E8 0000000>mov dword ptr ss:[ebp-0x18],0x0
0F9130AA C745 EC 0000000>mov dword ptr ss:[ebp-0x14],0x0
0F9130B1 8D45 E4 lea eax,dword ptr ss:[ebp-0x1C]
0F9130B4 C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
0F9130B8 8B8E 44030000 mov ecx,dword ptr ds:[esi+0x344]
0F9130BE 50 push eax
0F9130BF E8 BCE8F2FF call WeChatWi.0F841980
0F9130C4 8B4D E8 mov ecx,dword ptr ss:[ebp-0x18] ; user32.73DE4F8A
0F9130C7 B8 398EE338 mov eax,0x38E38E39
0F9130CC 8B7D E4 mov edi,dword ptr ss:[ebp-0x1C] ; user32.73DE895C
0F9130CF 2BCF sub ecx,edi
0F9130D1 F7E9 imul ecx
0F9130D3 C1FA 03 sar edx,0x3
0F9130D6 8BC2 mov eax,edx
0F9130D8 C1E8 1F shr eax,0x1F
0F9130DB 03C2 add eax,edx
0F9130DD 74 14 je short WeChatWi.0F9130F3
0F9130DF 833F 01 cmp dword ptr ds:[edi],0x1
0F9130E2 75 0F jnz short WeChatWi.0F9130F3
0F9130E4 8D47 04 lea eax,dword ptr ds:[edi+0x4]
0F9130E7 50 push eax
0F9130E8 8D8D 28FFFFFF lea ecx,dword ptr ss:[ebp-0xD8]
0F9130EE E8 EDC13500 call WeChatWi.0FC6F2E0
0F9130F3 8BBD 28FFFFFF mov edi,dword ptr ss:[ebp-0xD8]
0F9130F9 8D8E 48030000 lea ecx,dword ptr ds:[esi+0x348]
0F9130FF 85FF test edi,edi
0F913101 74 08 je short WeChatWi.0F91310B
0F913103 66:833F 00 cmp word ptr ds:[edi],0x0
0F913107 8BC7 mov eax,edi
0F913109 75 05 jnz short WeChatWi.0F913110
0F91310B B8 0889AF10 mov eax,WeChatWi.10AF8908
0F913110 FFB5 2CFFFFFF push dword ptr ss:[ebp-0xD4]
0F913116 50 push eax
0F913117 E8 94BF3500 call WeChatWi.0FC6F0B0
0F91311C 8D9E 24030000 lea ebx,dword ptr ds:[esi+0x324]
0F913122 8BCB mov ecx,ebx
0F913124 E8 47E85800 call WeChatWi.0FEA1970
0F913129 84C0 test al,al
0F91312B 74 3A je short WeChatWi.0F913167
0F91312D 6A 00 push 0x0
0F91312F 8D86 68030000 lea eax,dword ptr ds:[esi+0x368]
0F913135 50 push eax
0F913136 8D4D C4 lea ecx,dword ptr ss:[ebp-0x3C]
0F913139 E8 C2BD3500 call WeChatWi.0FC6EF00
0F91313E 8D45 C4 lea eax,dword ptr ss:[ebp-0x3C]
0F913141 C645 FC 02 mov byte ptr ss:[ebp-0x4],0x2
0F913145 50 push eax
0F913146 8D85 28FFFFFF lea eax,dword ptr ss:[ebp-0xD8]
0F91314C 50 push eax
0F91314D 53 push ebx
0F91314E E8 BD5DEFFF call WeChatWi.0F808F10
0F913153 8BC8 mov ecx,eax
0F913155 E8 36F85800 call WeChatWi.0FEA2990
0F91315A 8D4D C4 lea ecx,dword ptr ss:[ebp-0x3C]
0F91315D E8 3E9EECFF call WeChatWi.0F7DCFA0
0F913162 E9 83000000 jmp WeChatWi.0F9131EA
0F913167 83EC 18 sub esp,0x18
0F91316A 8BCC mov ecx,esp
0F91316C 89A5 24FFFFFF mov dword ptr ss:[ebp-0xDC],esp
0F913172 68 949CAF10 push WeChatWi.10AF9C94 ; 参数
0F913177 E8 D4F3ECFF call WeChatWi.0F7E2550 ; call1
0F91317C 83EC 18 sub esp,0x18
0F91317F C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3
0F913183 8D86 68030000 lea eax,dword ptr ds:[esi+0x368]
0F913189 89A5 1CFFFFFF mov dword ptr ss:[ebp-0xE4],esp
0F91318F 8BCC mov ecx,esp
0F913191 50 push eax
0F913192 E8 79B7EEFF call WeChatWi.0F7FE910 ; call2
0F913197 FFB6 64030000 push dword ptr ds:[esi+0x364]
0F91319D 85FF test edi,edi
0F91319F 74 06 je short WeChatWi.0F9131A7
0F9131A1 66:833F 00 cmp word ptr ds:[edi],0x0
0F9131A5 75 05 jnz short WeChatWi.0F9131AC
0F9131A7 BF 0889AF10 mov edi,WeChatWi.10AF8908
0F9131AC 83EC 14 sub esp,0x14
0F9131AF 8BCC mov ecx,esp
0F9131B1 89A5 18FFFFFF mov dword ptr ss:[ebp-0xE8],esp
0F9131B7 6A FF push -0x1
0F9131B9 57 push edi
0F9131BA E8 F1BB3500 call WeChatWi.0FC6EDB0 ; call3
0F9131BF FFB6 5C030000 push dword ptr ds:[esi+0x35C]
0F9131C5 83EC 14 sub esp,0x14
0F9131C8 8BCC mov ecx,esp
0F9131CA 89A5 20FFFFFF mov dword ptr ss:[ebp-0xE0],esp
0F9131D0 53 push ebx
0F9131D1 E8 1ABC3500 call WeChatWi.0FC6EDF0 ; call4
0F9131D6 C645 FC 06 mov byte ptr ss:[ebp-0x4],0x6
0F9131DA E8 41B5ECFF call WeChatWi.0F7DE720
0F9131DF 8BC8 mov ecx,eax
0F9131E1 C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1
0F9131E5 E8 867D1200 call WeChatWi.0FA3AF70 ; call5
0F9131EA 8D4D E4 lea ecx,dword ptr ss:[ebp-0x1C]
0F9131ED E8 2E2AF3FF call WeChatWi.0F845C20
0F9131F2 8D8D 28FFFFFF lea ecx,dword ptr ss:[ebp-0xD8]
0F9131F8 E8 A39DECFF call WeChatWi.0F7DCFA0
0F9131FD E9 D8010000 jmp WeChatWi.0F9133DA
0F913202 8B8F 08010000 mov ecx,dword ptr ds:[edi+0x108]
0F913208 8D95 3CFFFFFF lea edx,dword ptr ss:[ebp-0xC4]
0F91320E 52 push edx
0F91320F 8B01 mov eax,dword ptr ds:[ecx]
0F913211 FF50 04 call dword ptr ds:[eax+0x4]
0F913214 68 0421B110 push WeChatWi.10B12104 ; UNICODE "cancelbtn"
0F913219 8BC8 mov ecx,eax
0F91321B E8 608F6800 call WeChatWi.0FF9C180
0F913220 50 push eax
0F913221 E8 E88DF400 call WeChatWi.1085C00E
0F913226 83C4 08 add esp,0x8
0F913229 8D8D 3CFFFFFF lea ecx,dword ptr ss:[ebp-0xC4]
0F91322F 85C0 test eax,eax
0F913231 0F94C3 sete bl
0F913234 E8 E08F6800 call WeChatWi.0FF9C219
0F913239 84DB test bl,bl
0F91323B 75 3F jnz short WeChatWi.0F91327C
0F91323D 8B8F 08010000 mov ecx,dword ptr ds:[edi+0x108]
0F913243 8D95 3CFFFFFF lea edx,dword ptr ss:[ebp-0xC4]
0F913249 52 push edx
0F91324A 8B01 mov eax,dword ptr ds:[ecx]
0F91324C FF50 04 call dword ptr ds:[eax+0x4]
0F91324F 68 10E3A710 push WeChatWi.10A7E310 ; UNICODE "closebtn"
0F913254 8BC8 mov ecx,eax
0F913256 E8 258F6800 call WeChatWi.0FF9C180
0F91325B 50 push eax
0F91325C E8 AD8DF400 call WeChatWi.1085C00E
0F913261 83C4 08 add esp,0x8
0F913264 8D8D 3CFFFFFF lea ecx,dword ptr ss:[ebp-0xC4]
0F91326A 85C0 test eax,eax
0F91326C 0F94C3 sete bl
0F91326F E8 A58F6800 call WeChatWi.0FF9C219
0F913274 84DB test bl,bl
0F913276 0F84 56010000 je WeChatWi.0F9133D2
0F91327C 8B46 E0 mov eax,dword ptr ds:[esi-0x20] ; WeChatWi.0FFA1459
0F91327F 8D4E E0 lea ecx,dword ptr ds:[esi-0x20]
0F913282 6A 02 push 0x2
0F913284 FF10 call dword ptr ds:[eax]
0F913286 E9 4F010000 jmp WeChatWi.0F9133DA
0F91328B 68 1CE7AF10 push WeChatWi.10AFE71C ; UNICODE "textchanged"
0F913290 8BCF mov ecx,edi
0F913292 E8 E98E6800 call WeChatWi.0FF9C180
0F913297 50 push eax
0F913298 E8 718DF400 call WeChatWi.1085C00E
0F91329D 83C4 08 add esp,0x8
0F9132A0 85C0 test eax,eax
0F9132A2 0F85 2A010000 jnz WeChatWi.0F9133D2
0F9132A8 8B8F 08010000 mov ecx,dword ptr ds:[edi+0x108]
0F9132AE 8D95 3CFFFFFF lea edx,dword ptr ss:[ebp-0xC4]
0F9132B4 52 push edx
0F9132B5 8B01 mov eax,dword ptr ds:[ecx]
0F9132B7 FF50 04 call dword ptr ds:[eax+0x4]
0F9132BA 68 68EBAF10 push WeChatWi.10AFEB68 ; UNICODE "contendEdit"
0F9132BF 8BC8 mov ecx,eax
0F9132C1 E8 BA8E6800 call WeChatWi.0FF9C180
0F9132C6 50 push eax
0F9132C7 E8 428DF400 call WeChatWi.1085C00E
0F9132CC 83C4 08 add esp,0x8
0F9132CF 8D8D 3CFFFFFF lea ecx,dword ptr ss:[ebp-0xC4]
0F9132D5 85C0 test eax,eax
0F9132D7 0F94C3 sete bl
0F9132DA E8 3A8F6800 call WeChatWi.0FF9C219
0F9132DF 84DB test bl,bl
0F9132E1 0F84 EB000000 je WeChatWi.0F9133D2
0F9132E7 8B8E 44030000 mov ecx,dword ptr ds:[esi+0x344]
0F9132ED 8D95 3CFFFFFF lea edx,dword ptr ss:[ebp-0xC4]
0F9132F3 52 push edx
0F9132F4 8B01 mov eax,dword ptr ds:[ecx]
0F9132F6 FF50 3C call dword ptr ds:[eax+0x3C]
0F9132F9 6A FF push -0x1
0F9132FB 8BC8 mov ecx,eax
0F9132FD E8 7E8E6800 call WeChatWi.0FF9C180
0F913302 50 push eax
0F913303 8D8D 28FFFFFF lea ecx,dword ptr ss:[ebp-0xD8]
0F913309 E8 A2BA3500 call WeChatWi.0FC6EDB0
0F91330E 8D8D 3CFFFFFF lea ecx,dword ptr ss:[ebp-0xC4]
0F913314 C745 FC 0700000>mov dword ptr ss:[ebp-0x4],0x7
发送附件:
基址:0F790000
0F873291 8BF8 mov edi,eax
0F873293 E8 18B23700 call WeChatWi.0FBEE4B0
0F873298 3BC7 cmp eax,edi
0F87329A 75 4A jnz short WeChatWi.0F8732E6
0F87329C 3B55 B8 cmp edx,dword ptr ss:[ebp-0x48]
0F87329F 75 45 jnz short WeChatWi.0F8732E6
0F8732A1 E8 9AB5F6FF call WeChatWi.0F7DE840
0F8732A6 6A 00 push 0x0
0F8732A8 6A 01 push 0x1
0F8732AA 6A 01 push 0x1
0F8732AC 6A 0D push 0xD
0F8732AE 6A 5F push 0x5F
0F8732B0 E8 5B62C000 call WeChatWi.10479510
0F8732B5 83C4 14 add esp,0x14
0F8732B8 E8 83B5F6FF call WeChatWi.0F7DE840
0F8732BD 6A 00 push 0x0
0F8732BF 6A 01 push 0x1
0F8732C1 6A 01 push 0x1
0F8732C3 6A 10 push 0x10
0F8732C5 6A 5F push 0x5F
0F8732C7 E8 4462C000 call WeChatWi.10479510
0F8732CC 83C4 14 add esp,0x14
0F8732CF C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0F8732D6 8D8D 44FBFFFF lea ecx,dword ptr ss:[ebp-0x4BC]
0F8732DC E8 0F56F6FF call WeChatWi.0F7D88F0
0F8732E1 E9 F3050000 jmp WeChatWi.0F8738D9
0F8732E6 8B7D AC mov edi,dword ptr ss:[ebp-0x54]
0F8732E9 8B8F 68040000 mov ecx,dword ptr ds:[edi+0x468]
0F8732EF 85C9 test ecx,ecx
0F8732F1 75 04 jnz short WeChatWi.0F8732F7
0F8732F3 B0 01 mov al,0x1
0F8732F5 EB 07 jmp short WeChatWi.0F8732FE
0F8732F7 8B01 mov eax,dword ptr ds:[ecx]
0F8732F9 8B40 24 mov eax,dword ptr ds:[eax+0x24]
0F8732FC FFD0 call eax
0F8732FE 84C0 test al,al
0F873300 74 67 je short WeChatWi.0F873369
0F873302 8D8D 24FDFFFF lea ecx,dword ptr ss:[ebp-0x2DC]
0F873308 E8 835CF6FF call WeChatWi.0F7D8F90
0F87330D 0F57C0 xorps xmm0,xmm0
0F873310 66:C785 04FFFFF>mov word ptr ss:[ebp-0xFC],0x0
0F873319 0F1185 08FFFFFF movups dqword ptr ss:[ebp-0xF8],xmm0
0F873320 C785 18FFFFFF 0>mov dword ptr ss:[ebp-0xE8],0x0
0F87332A 8D85 44FBFFFF lea eax,dword ptr ss:[ebp-0x4BC]
0F873330 C645 FC 09 mov byte ptr ss:[ebp-0x4],0x9
0F873334 50 push eax
0F873335 8D8D 24FDFFFF lea ecx,dword ptr ss:[ebp-0x2DC]
0F87333B C785 1CFFFFFF F>mov dword ptr ss:[ebp-0xE4],-0x1
0F873345 E8 16D6F8FF call WeChatWi.0F800960
0F87334A 6A 01 push 0x1
0F87334C 8D85 24FDFFFF lea eax,dword ptr ss:[ebp-0x2DC]
0F873352 C645 FC 0A mov byte ptr ss:[ebp-0x4],0xA
0F873356 50 push eax
0F873357 8BCF mov ecx,edi
0F873359 E8 C2100000 call WeChatWi.0F874420
0F87335E 8D8D 24FDFFFF lea ecx,dword ptr ss:[ebp-0x2DC]
0F873364 E8 C790FBFF call WeChatWi.0F82C430
0F873369 8D8D 44FBFFFF lea ecx,dword ptr ss:[ebp-0x4BC]
0F87336F C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0F873376 E8 7555F6FF call WeChatWi.0F7D88F0
0F87337B E9 59050000 jmp WeChatWi.0F8738D9
0F873380 53 push ebx
0F873381 8D4D 88 lea ecx,dword ptr ss:[ebp-0x78]
0F873384 E8 67BA3F00 call WeChatWi.0FC6EDF0
0F873389 8D4D 88 lea ecx,dword ptr ss:[ebp-0x78]
0F87338C C745 FC 0B00000>mov dword ptr ss:[ebp-0x4],0xB
0F873393 E8 C8C63E00 call WeChatWi.0FC5FA60
0F873398 84C0 test al,al
0F87339A 0F84 6A010000 je WeChatWi.0F87350A
0F8733A0 8D8D 50FFFFFF lea ecx,dword ptr ss:[ebp-0xB0]
0F8733A6 C645 B7 00 mov byte ptr ss:[ebp-0x49],0x0
0F8733AA E8 B19E3E00 call WeChatWi.0FC5D260
0F8733AF 8B85 50FFFFFF mov eax,dword ptr ss:[ebp-0xB0]
0F8733B5 85C0 test eax,eax
0F8733B7 74 06 je short WeChatWi.0F8733BF
0F8733B9 66:8338 00 cmp word ptr ds:[eax],0x0
0F8733BD 75 05 jnz short WeChatWi.0F8733C4
0F8733BF B8 0889AF10 mov eax,WeChatWi.10AF8908
0F8733C4 50 push eax
0F8733C5 8D4D 88 lea ecx,dword ptr ss:[ebp-0x78]
0F8733C8 E8 E3C13F00 call WeChatWi.0FC6F5B0
0F8733CD 0FB64D B7 movzx ecx,byte ptr ss:[ebp-0x49]
0F8733D1 84C0 test al,al
0F8733D3 0F45CF cmovne ecx,edi
0F8733D6 884D A4 mov byte ptr ss:[ebp-0x5C],cl
0F8733D9 FF75 A4 push dword ptr ss:[ebp-0x5C]
0F8733DC 83EC 14 sub esp,0x14
0F8733DF 8BCC mov ecx,esp
0F8733E1 8965 B8 mov dword ptr ss:[ebp-0x48],esp
0F8733E4 6A FF push -0x1
0F8733E6 68 0889AF10 push WeChatWi.10AF8908 ; 参数
0F8733EB E8 C0B93F00 call WeChatWi.0FC6EDB0 ; call1
0F8733F0 83EC 14 sub esp,0x14
0F8733F3 8BCC mov ecx,esp
0F8733F5 8965 A0 mov dword ptr ss:[ebp-0x60],esp
0F8733F8 53 push ebx
0F8733F9 E8 F2B93F00 call WeChatWi.0FC6EDF0 ; call2
0F8733FE 83EC 14 sub esp,0x14
0F873401 8BCC mov ecx,esp
0F873403 8965 9C mov dword ptr ss:[ebp-0x64],esp
0F873406 FF75 B0 push dword ptr ss:[ebp-0x50]
0F873409 E8 E2B93F00 call WeChatWi.0FC6EDF0 ; call2
0F87340E 8D85 44FBFFFF lea eax,dword ptr ss:[ebp-0x4BC]
0F873414 C645 FC 0F mov byte ptr ss:[ebp-0x4],0xF
0F873418 50 push eax
0F873419 E8 C212F7FF call WeChatWi.0F7E46E0 ; call3
0F87341E 8BC8 mov ecx,eax
0F873420 C645 FC 0C mov byte ptr ss:[ebp-0x4],0xC
0F873424 E8 97B11700 call WeChatWi.0F9EE5C0 ; call4
0F873429 C645 FC 10 mov byte ptr ss:[ebp-0x4],0x10
0F87342D E8 BE4B1A00 call WeChatWi.0FA17FF0
0F873432 8BC8 mov ecx,eax
0F873434 E8 77B03700 call WeChatWi.0FBEE4B0
0F873439 8D8D 44FBFFFF lea ecx,dword ptr ss:[ebp-0x4BC]
0F87343F 8955 B8 mov dword ptr ss:[ebp-0x48],edx
0F873442 8BF8 mov edi,eax
0F873444 E8 67B03700 call WeChatWi.0FBEE4B0
0F873449 3BC7 cmp eax,edi
0F87344B 75 09 jnz short WeChatWi.0F873456
0F87344D 3B55 B8 cmp edx,dword ptr ss:[ebp-0x48]
0F873450 0F84 9E000000 je WeChatWi.0F8734F4
0F873456 8D8D 44FBFFFF lea ecx,dword ptr ss:[ebp-0x4BC]
0F87345C E8 4FB03700 call WeChatWi.0FBEE4B0
0F873461 8B7D AC mov edi,dword ptr ss:[ebp-0x54]
0F873464 8985 64FFFFFF mov dword ptr ss:[ebp-0x9C],eax
0F87346A 8D85 64FFFFFF lea eax,dword ptr ss:[ebp-0x9C]
0F873470 50 push eax
0F873471 8995 68FFFFFF mov dword ptr ss:[ebp-0x98],edx
0F873477 8D8F 40040000 lea ecx,dword ptr ds:[edi+0x440]
0F87347D E8 3E200000 call WeChatWi.0F8754C0
0F873482 8BCF mov ecx,edi
0F873484 E8 371F0000 call WeChatWi.0F8753C0
0F873489 84C0 test al,al
0F87348B 74 67 je short WeChatWi.0F8734F4
0F87348D 8D8D 24FDFFFF lea ecx,dword ptr ss:[ebp-0x2DC]
0F873493 E8 F85AF6FF call WeChatWi.0F7D8F90
0F873498 0F57C0 xorps xmm0,xmm0
0F87349B 66:C785 04FFFFF>mov word ptr ss:[ebp-0xFC],0x0
0F8734A4 0F1185 08FFFFFF movups dqword ptr ss:[ebp-0xF8],xmm0
0F8734AB C785 18FFFFFF 0>mov dword ptr ss:[ebp-0xE8],0x0
0F8734B5 8D85 44FBFFFF lea eax,dword ptr ss:[ebp-0x4BC]
0F8734BB C645 FC 12 mov byte ptr ss:[ebp-0x4],0x12
0F8734BF 50 push eax
0F8734C0 8D8D 24FDFFFF lea ecx,dword ptr ss:[ebp-0x2DC]
0F8734C6 C785 1CFFFFFF F>mov dword ptr ss:[ebp-0xE4],-0x1
0F8734D0 E8 8BD4F8FF call WeChatWi.0F800960
0F8734D5 6A 01 push 0x1
0F8734D7 8D85 24FDFFFF lea eax,dword ptr ss:[ebp-0x2DC]
0F8734DD C645 FC 13 mov byte ptr ss:[ebp-0x4],0x13
0F8734E1 50 push eax
0F8734E2 8BCF mov ecx,edi
0F8734E4 E8 370F0000 call WeChatWi.0F874420
0F8734E9 8D8D 24FDFFFF lea ecx,dword ptr ss:[ebp-0x2DC]
0F8734EF E8 3C8FFBFF call WeChatWi.0F82C430
0F8734F4 8D8D 44FBFFFF lea ecx,dword ptr ss:[ebp-0x4BC]
0F8734FA E8 F153F6FF call WeChatWi.0F7D88F0
0F8734FF 8D8D 50FFFFFF lea ecx,dword ptr ss:[ebp-0xB0]
0F873505 E8 969AF6FF call WeChatWi.0F7DCFA0
0F87350A 8D4D 88 lea ecx,dword ptr ss:[ebp-0x78]
0F87350D C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0F873514 E8 879AF6FF call WeChatWi.0F7DCFA0
0F873519 E9 BB030000 jmp WeChatWi.0F8738D9
0F87351E 8B7D B0 mov edi,dword ptr ss:[ebp-0x50]
0F873521 8BCF mov ecx,edi
0F873523 E8 A8DE5000 call WeChatWi.0FD813D0
0F873528 84C0 test al,al
0F87352A 0F85 A9030000 jnz WeChatWi.0F8738D9
0F873530 8BCB mov ecx,ebx
0F873532 E8 29C53E00 call WeChatWi.0FC5FA60
0F873537 84C0 test al,al
0F873539 0F84 9A030000 je WeChatWi.0F8738D9
0F87353F E8 FCB2F6FF call WeChatWi.0F7DE840
0F873544 6A 02 push 0x2
0F873546 E8 B5DD2000 call WeChatWi.0FA81300
0F87354B 6A 00 push 0x0
0F87354D 83EC 14 sub esp,0x14
0F873550 8BCC mov ecx,esp
0F873552 8965 9C mov dword ptr ss:[ebp-0x64],esp
0F873555 6A FF push -0x1
0F873557 68 0889AF10 push WeChatWi.10AF8908
0F87355C E8 4FB83F00 call WeChatWi.0FC6EDB0
0F873561 6A 02 push 0x2
0F873563 83EC 14 sub esp,0x14
0F873566 C745 FC 1400000>mov dword ptr ss:[ebp-0x4],0x14
0F87356D 8BCC mov ecx,esp
0F87356F 8965 A0 mov dword ptr ss:[ebp-0x60],esp
0F873572 57 push edi
0F873573 E8 78B83F00 call WeChatWi.0FC6EDF0
0F873578 83EC 14 sub esp,0x14
0F87357B 8BCC mov ecx,esp
0F87357D 8965 B8 mov dword ptr ss:[ebp-0x48],esp
0F873580 6A FF push -0x1
0F873582 68 0889AF10 push WeChatWi.10AF8908
0F873587 E8 24B83F00 call WeChatWi.0FC6EDB0
0F87358C 83EC 14 sub esp,0x14
0F87358F 8BCC mov ecx,esp
0F873591 8965 A8 mov dword ptr ss:[ebp-0x58],esp
0F873594 53 push ebx
0F873595 E8 56B83F00 call WeChatWi.0FC6EDF0
0F87359A C645 FC 17 mov byte ptr ss:[ebp-0x4],0x17
0F87359E E8 9DDAF9FF call WeChatWi.0F811040
0F8735A3 8BC8 mov ecx,eax
0F8735A5 C745 FC FFFFFFF>mov dword ptr ss:[ebp-0x4],-0x1
0F8735AC E8 CF1F1D00 call WeChatWi.0FA45580
0F8735B1 E9 23030000 jmp WeChatWi.0F8738D9
0F8735B6 8B7D B0 mov edi,dword ptr ss:[ebp-0x50]
0F8735B9 8BCF mov ecx,edi
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手