来源:安全中国
修改trw2000.sys:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00029137(C)
|
:000292F0 8D7E70 lea edi, dword ptr [esi+70]
:000292F3 57 push edi
:000292F4 E815B3FFFF call 0002460E
:000292F9 57 push edi
:000292FA E86DB3FFFF call 0002466C
:000292FF 803F00 cmp byte ptr [edi], 00
:00029302 7470 je 00029374
:00029304 E895BCFFFF call 00024F9E
:00029309 6A06 push 00000006
:0002930B 33D2 xor edx, edx
:0002930D 59 pop ecx
:0002930E F7F1 div ecx
:00029310 85D2 test edx, edx
:00029312 7505 jne 00029319
^^^^
EB05
:00029314 E8663EFFFF call 0001D17F
:00029319 .......
* Referenced by a CALL at Address:
|:00023306
|
:000377F6 68C5770300 push 000377C5
:000377FB 68E4C90500 push 0005C9E4
:00037800 E833BDFEFF call 00023538
:00037805 817C2404D0070000 cmp dword ptr [esp+04], 000007D0
:0003780D 7515 jne 00037824
^^^^
9090
:0003780F 837C240802 cmp dword ptr [esp+08], 00000002
:00037814 7413 je 00037829
^^^^
EB13
:00037816 837C240803 cmp dword ptr [esp+08], 00000003
:0003781B 740C je 00037829
^^^^
EB0C
:0003781D 837C240804 cmp dword ptr [esp+08], 00000004
:00037822 7405 je 00037829
^^^^
EB05
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0003780D(C)
|
:00037824 E865FFFFFF call 0003778E
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00037814(C), :0003781B(C), :00037822(C)
|
:00037829 C20800 ret 0008 |
