MIR部分[内挂代码]

58 X
41 A
51 Q
46 F
48 H

MIR部分内挂代码，下面的代码是加在普通MIR上的（部分）

部分内挂代码：
1:
00462187   > 8B45 F8         mov eax, dword ptr ss:[ebp-8]         ; kernel32.77E62B00
0046218A   . 0FB700         movzx eax, word ptr ds:[eax]
0046218D   . 83E8 1B         sub eax, 1B                     ; Switch (cases 1B..28)
00462190   . 74 14           je short 004621A6
00462192   . 83E8 06         sub eax, 6
00462195   . 74 5A           je short 004621F1
00462197   . 48             dec eax
00462198   . 74 74           je short 0046220E
0046219A   . 83E8 04         sub eax, 4
0046219D   . 74 28           je short 004621C7
0046219F   . 83E8 02         sub eax, 2
004621A2   . 74 33           je short 004621D7
004621A4   . EB 49           jmp short 004621EF
004621A6   > A1 9C7D4F00       mov eax, dword ptr ds:[4F7D9C]       ; Case 1B of switch 0046218D
004621AB   . 8B80 50A80500     mov eax, dword ptr ds:[eax+5A850]
004621B1   . 8078 47 00       cmp byte ptr ds:[eax+47], 0
004621B5   . 75 0E           jnz short 004621C5
004621B7   . 6A 00           push 0                       ; /Arg1 = 00000000
004621B9   . A1 10434A00       mov eax, dword ptr ds:[4A4310]       ; |
004621BE   . 8B00           mov eax, dword ptr ds:[eax]         ; |
004621C0   . E8 BBEA0200       call 00490C80                   ; \Bb.00490C80
004621C5   > EB 28           jmp short 004621EF
004621C7   > A1 8C7D4F00       mov eax, dword ptr ds:[4F7D8C]       ; Case 26 of switch 0046218D
004621CC   . 8378 20 00       cmp dword ptr ds:[eax+20], 0
004621D0   . 7E 1D           jle short 004621EF
004621D2   . FF48 20         dec dword ptr ds:[eax+20]
004621D5   . EB 1C           jmp short 004621F3
004621D7   > A1 8C7D4F00       mov eax, dword ptr ds:[4F7D8C]       ; Case 28 of switch 0046218D
004621DC   . 50             push eax
004621DD   . 8B40 18         mov eax, dword ptr ds:[eax+18]
004621E0   . 8B10           mov edx, dword ptr ds:[eax]
004621E2   . FF52 14         call dword ptr ds:[edx+14]
004621E5   . 48             dec eax
004621E6   . 5A             pop edx                       ; kernel32.77E887E7
004621E7   . 3B42 20         cmp eax, dword ptr ds:[edx+20]
004621EA   . 7E 03           jle short 004621EF
004621EC   . FF42 20         inc dword ptr ds:[edx+20]
004621EF   > EB 72           jmp short 00462263               ; Default case of switch 0046218D
004621F1   > A1 8C7D4F00       mov eax, dword ptr ds:[4F7D8C]       ; Case 21 of switch 0046218D
004621F6   . 8378 20 09       cmp dword ptr ds:[eax+20], 9
004621FA   . 7E 06           jle short 00462202
004621FC   . 8368 20 09       sub dword ptr ds:[eax+20], 9
00462200   . EB 61           jmp short 00462263
00462202   > A1 8C7D4F00       mov eax, dword ptr ds:[4F7D8C]
00462207   . 33D2           xor edx, edx
00462209   . 8950 20         mov dword ptr ds:[eax+20], edx
0046220C   . EB 55           jmp short 00462263
0046220E   > A1 8C7D4F00       mov eax, dword ptr ds:[4F7D8C]       ; Case 22 of switch 0046218D
00462213   . 8B40 18         mov eax, dword ptr ds:[eax+18]
00462216   . 8B10           mov edx, dword ptr ds:[eax]
00462218   . FF52 14         call dword ptr ds:[edx+14]
0046221B   . 48             dec eax
0046221C   . 8B15 8C7D4F00     mov edx, dword ptr ds:[4F7D8C]
00462222   . 8B52 20         mov edx, dword ptr ds:[edx+20]
00462225   . 83C2 09         add edx, 9
00462228   . 3BC2           cmp eax, edx
0046222A   . 7E 0B           jle short 00462237
0046222C   . A1 8C7D4F00       mov eax, dword ptr ds:[4F7D8C]
00462231   . 8340 20 09       add dword ptr ds:[eax+20], 9
00462235   . EB 17           jmp short 0046224E
00462237   > A1 8C7D4F00       mov eax, dword ptr ds:[4F7D8C]
0046223C   . 8B40 18         mov eax, dword ptr ds:[eax+18]
0046223F   . 8B10           mov edx, dword ptr ds:[eax]
00462241   . FF52 14         call dword ptr ds:[edx+14]
00462244   > 48             dec eax
00462245   . 8B15 8C7D4F00     mov edx, dword ptr ds:[4F7D8C]
0046224B   . 8942 20         mov dword ptr ds:[edx+20], eax
0046224E   > A1 8C7D4F00       mov eax, dword ptr ds:[4F7D8C]

00462253   . 8378 20 00       cmp dword ptr ds:[eax+20], 0
00462257   . 7D 0A           jge short 00462263
00462259   . A1 8C7D4F00       mov eax, dword ptr ds:[4F7D8C]
0046225E   . 33D2           xor edx, edx
00462260   . 8950 20         mov dword ptr ds:[eax+20], edx
00462263   > 5B             pop ebx                       ; kernel32.77E887E7
00462264   . 8BE5           mov esp, ebp
00462266   . 5D             pop ebp                       ; kernel32.77E887E7

00462267   . C2 0400         retn 4







2:
————————————————————————————————————
:004644CB 8B45F8             mov eax, dword ptr [ebp-08]
:004644CE 0FB700             movzx eax, word ptr [eax]
:004644D1 83E81B             sub eax, 0000001B
:004644D4 7414             je 004644EA   ;;;;;;;;
...................

;;;;;;;;;
:004644EA A1B89D4F00         mov eax, dword ptr [004F9DB8]
:004644EF 8B8050A80500         mov eax, dword ptr [eax+0005A850]
:004644F5 80784700           cmp byte ptr [eax+47], 00
:004644F9 750E             jne 00464509
:004644FB 6A00             push 00000000
:004644FD A1B0634A00         mov eax, dword ptr [004A63B0]
:00464502 8B00             mov eax, dword ptr [eax]
:00464504 E897EB0200         call 004930A0

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004644F9(C)
|
:00464509 EB28             jmp 00464533
————————————————————————————————————


子程序：
————————————————————————————————————
* Referenced by a CALL at Address:
|:00464504  
|
:004930A0 55               push ebp
:004930A1 8BEC             mov ebp, esp
:004930A3 83C4F4             add esp, FFFFFFF4
:004930A6 894DF4             mov dword ptr [ebp-0C], ecx
:004930A9 8955F8             mov dword ptr [ebp-08], edx
:004930AC 8945FC             mov dword ptr [ebp-04], eax
:004930AF A10C614A00         mov eax, dword ptr [004A610C]
:004930B4 833800             cmp dword ptr [eax], 00000000
:004930B7 7537             jne 004930F0
:004930B9 E8EA30F7FF         call 004061A8
:004930BE 8B15C85E4A00         mov edx, dword ptr [004A5EC8]

:004930C4 3B02             cmp eax, dword ptr [edx]
:004930C6 7655             jbe 0049311D
:004930C8 E8DB30F7FF         call 004061A8
:004930CD 05B80B0000         add eax, 00000BB8
:004930D2 8B15C85E4A00         mov edx, dword ptr [004A5EC8]
:004930D8 8902             mov dword ptr [edx], eax
:004930DA A170604A00         mov eax, dword ptr [004A6070]
:004930DF 8B00             mov eax, dword ptr [eax]
:004930E1 E89658FDFF         call 0046897C
:004930E6 A138634A00         mov eax, dword ptr [004A6338]
:004930EB C60001             mov byte ptr [eax], 01

:004930EE EB2D             jmp 0049311D

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004930B7(C)
|
:004930F0 A10C614A00         mov eax, dword ptr [004A610C]
:004930F5 FF00             inc dword ptr [eax]
:004930F7 A10C614A00         mov eax, dword ptr [004A610C]
:004930FC 833802             cmp dword ptr [eax], 00000002
:004930FF 7E1C             jle 0049311D
:00493101 A10C614A00         mov eax, dword ptr [004A610C]
:00493106 33D2             xor edx, edx
:00493108 8910             mov dword ptr [eax], edx
:0049310A A1E0604A00         mov eax, dword ptr [004A60E0]
:0049310F C70001000000         mov dword ptr [eax], 00000001
:00493115 A138634A00         mov eax, dword ptr [004A6338]
:0049311A C60000             mov byte ptr [eax], 00

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004930C6(C), :004930EE(U), :004930FF(C)
|
:0049311D 8BE5             mov esp, ebp
:0049311F 5D               pop ebp
:00493120 C20400             ret 0004
————————————————————————————————————