我也是,第一步是9c
第二步是 eax+esi*4
第三步是3a0,往下用CE找是死循环,OD是这样的但我看不懂
006700A2 |. 8BF1 mov esi, ecx
006700A4 |. E8 C70DFAFF call 00610E70
006700A9 |. 33C0 xor eax, eax
006700AB |. C706 8464D200 mov dword ptr [esi], 00D26484
006700B1 |. C786 84000000>mov dword ptr [esi+84], 00D2643C
006700BB |. 8986 A0030000 mov dword ptr [esi+3A0], eax
006700C1 |. 8986 A4030000 mov dword ptr [esi+3A4], eax
006700C7 |. 8986 A8030000 mov dword ptr [esi+3A8], eax
006700CD |. 8986 B0030000 mov dword ptr [esi+3B0], eax
006700D3 |. 8986 B4030000 mov dword ptr [esi+3B4], eax
006700D9 |. 8986 B8030000 mov dword ptr [esi+3B8], eax
006700DF |. 8986 C0030000 mov dword ptr [esi+3C0], eax
006700E5 |. 8986 C4030000 mov dword ptr [esi+3C4], eax
006700EB |. 8986 C8030000 mov dword ptr [esi+3C8], eax
006700F1 |. 83C9 FF or ecx, FFFFFFFF
006700F4 |. 8986 6C030000 mov dword ptr [esi+36C], eax
006700FA |. 8986 70030000 mov dword ptr [esi+370], eax
00670100 |. 8986 D0030000 mov dword ptr [esi+3D0], eax
00670106 |. 8986 90030000 mov dword ptr [esi+390], eax
0067010C |. 8886 CC030000 mov byte ptr [esi+3CC], al
00670112 |. 8986 78030000 mov dword ptr [esi+378], eax
00670118 |. 8986 7C030000 mov dword ptr [esi+37C], eax
0067011E |. 8986 D4030000 mov dword ptr [esi+3D4], eax
00670124 |. 66:8986 D8030>mov word ptr [esi+3D8], ax
0067012B |. 8986 DC030000 mov dword ptr [esi+3DC], eax
00670131 |. 8986 E0030000 mov dword ptr [esi+3E0], eax
00670137 |. 8986 E4030000 mov dword ptr [esi+3E4], eax
0067013D |. 8986 E8030000 mov dword ptr [esi+3E8], eax
00670143 |. 898E 84030000 mov dword ptr [esi+384], ecx
00670149 |. 898E 80030000 mov dword ptr [esi+380], ecx |