2025 AIS3 Pre-Exam Reverse 題解

這次主要做Reverse的題目

dashboard

AIS3 Tiny Server - Reverse

ida反編譯後用strings 看一下

tiny1

有明顯的 flag correct 的字串以及Wrong Flag的樣式，追過去看會來到sub_2110，

tiny2

主要是這段，當將p_s丟進sub_1E20時回傳值會決定是對的還是錯的，因此可以確定sub_1E20是一個flag checker

_BOOL4 __cdecl sub_1E20(int a1)
{
  unsigned int v1; // ecx
  char v2; // si
  char v3; // al
  int i; // eax
  char v5; // dl
  _BYTE v7[10]; // [esp+7h] [ebp-49h] BYREF
  _DWORD v8[11]; // [esp+12h] [ebp-3Eh]
  __int16 v9; // [esp+3Eh] [ebp-12h]

  v1 = 0;
  v2 = 51;
  v9 = 20;
  v3 = 114;
  v8[0] = 1480073267;
  v8[1] = 1197221906;
  v8[2] = 254628393;
  v8[3] = 920154;
  v8[4] = 1343445007;
  v8[5] = 874076697;
  v8[6] = 1127428440;
  v8[7] = 1510228243;
  v8[8] = 743978009;
  v8[9] = 54940467;
  v8[10] = 1246382110;
  qmemcpy(v7, "rikki_l0v3", sizeof(v7));
  while ( 1 )
  {
    *((_BYTE *)v8 + v1++) = v2 ^ v3;
    if ( v1 == 45 )
      break;
    v2 = *((_BYTE *)v8 + v1);
    v3 = v7[v1 % 0xA];
  }
  for ( i = 0; i != 45; ++i )
  {
    v5 = *(_BYTE *)(a1 + i);
    if ( !v5 || v5 != *((_BYTE *)v8 + i) )
      return 0;
  }
  return *(_BYTE *)(a1 + 45) == 0;
}

xor加密可以寫出下面的解密script解出他想要的flag

def decrypt_sub_1E20():
    v8_ints = [
        1480073267,
        1197221906,
        254628393,
        920154,
        1343445007,
        874076697,
        1127428440,
        1510228243,
        743978009,
        54940467,
        1246382110
    ]

    orig = bytearray(45)
    idx = 0
    for val in v8_ints:
        orig[idx:idx+4] = val.to_bytes(4, byteorder='little')
        idx += 4
    orig[44] = 20

    key = b"rikki_l0v3"

    result = bytearray(45)
    v2 = 51
    v3 = 114
    for i in range(45):
        result[i] = v2 ^ v3
        if i == 44:
            break
        v2 = orig[i+1]
        v3 = key[(i+1) % len(key)]

    try:
        return result.decode('ascii')
    except UnicodeDecodeError:
        return result.hex()

if __name__ == "__main__":
    plaintext = decrypt_sub_1E20()
    print(plaintext)

tiny3

:flags:AIS3{w0w_a_f1ag_check3r_1n_serv3r_1s_c00l!!!}

web flag checker

F12 看一下原始碼

web1

這段出現了flag checker 的邏輯

接下來在index.wsam中有flag checker的函式內容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
(func $flagchecker (;9;) (export "flagchecker") (param $var0 i32) (result i32)
(local $var1 i32)
(local $var2 i32)
(local $var3 i32)
(local $var4 i32)
(local $var5 i32)
(local $var6 i32)
(local $var7 i64)
(local $var8 i32)
(local $var9 i32)
(local $var10 i32)
(local $var11 i32)
(local $var12 i64)
(local $var13 i64)
(local $var14 i64)
(local $var15 i64)
(local $var16 i64)
(local $var17 i32)
(local $var18 i32)
(local $var19 i32)
(local $var20 i32)
(local $var21 i32)
(local $var22 i32)
(local $var23 i32)
(local $var24 i32)
(local $var25 i32)
(local $var26 i32)
(local $var27 i32)
(local $var28 i32)
(local $var29 i32)
(local $var30 i32)
(local $var31 i32)
(local $var32 i32)
(local $var33 i32)
(local $var34 i32)
(local $var35 i32)
(local $var36 i32)
(local $var37 i32)
(local $var38 i32)
(local $var39 i32)
(local $var40 i32)
(local $var41 i64)
(local $var42 i32)
(local $var43 i32)
(local $var44 i32)
(local $var45 i32)
(local $var46 i32)
(local $var47 i32)
(local $var48 i32)
(local $var49 i64)
(local $var50 i32)
(local $var51 i64)
(local $var52 i32)
(local $var53 i32)
(local $var54 i32)
(local $var55 i32)
(local $var56 i32)
(local $var57 i32)
(local $var58 i32)
(local $var59 i64)
(local $var60 i32)
(local $var61 i32)
(local $var62 i32)
(local $var63 i32)
(local $var64 i32)
(local $var65 i32)
(local $var66 i32)
(local $var67 i32)
(local $var68 i32)
(local $var69 i32)
(local $var70 i32)
global.get $global0
local.set $var1
i32.const 96
local.set $var2
local.get $var1
local.get $var2
i32.sub
local.set $var3
local.get $var3
global.set $global0
local.get $var3
local.get $var0
i32.store offset=88
i32.const -39934163
local.set $var4
local.get $var3
local.get $var4
i32.store offset=84
i32.const 64
local.set $var5
local.get $var3
local.get $var5
i32.add
local.set $var6
i64.const 0
local.set $var7
local.get $var6
local.get $var7
i64.store
i32.const 56
local.set $var8
local.get $var3
local.get $var8
i32.add
local.set $var9
local.get $var9
local.get $var7
i64.store
i32.const 48
local.set $var10
local.get $var3
local.get $var10
i32.add
local.set $var11
local.get $var11
local.get $var7
i64.store
local.get $var3
local.get $var7
i64.store offset=40
local.get $var3
local.get $var7
i64.store offset=32
i64.const 7577352992956835434
local.set $var12
local.get $var3
local.get $var12
i64.store offset=32
i64.const 7148661717033493303
local.set $var13
local.get $var3
local.get $var13
i64.store offset=40
i64.const -7081446828746089091
local.set $var14
local.get $var3
local.get $var14
i64.store offset=48
i64.const -7479441386887439825
local.set $var15
local.get $var3
local.get $var15
i64.store offset=56
i64.const 8046961146294847270
local.set $var16
local.get $var3
local.get $var16
i64.store offset=64
local.get $var3
i32.load offset=88
local.set $var17
i32.const 0
local.set $var18
local.get $var17
local.get $var18
i32.ne
local.set $var19
i32.const 1
local.set $var20
local.get $var19
local.get $var20
i32.and
local.set $var21
block $label2
  block $label1
    block $label0
      local.get $var21
      i32.eqz
      br_if $label0
      local.get $var3
      i32.load offset=88
      local.set $var22
      local.get $var22
      call $func13
      local.set $var23
      i32.const 40
      local.set $var24
      local.get $var23
      local.get $var24
      i32.ne
      local.set $var25
      i32.const 1
      local.set $var26
      local.get $var25
      local.get $var26
      i32.and
      local.set $var27
      local.get $var27
      i32.eqz
      br_if $label1
    end $label0
    i32.const 0
    local.set $var28
    local.get $var3
    local.get $var28
    i32.store offset=92
    br $label2
  end $label1
  local.get $var3
  i32.load offset=88
  local.set $var29
  local.get $var3
  local.get $var29
  i32.store offset=28
  i32.const 0
  local.set $var30
  local.get $var3
  local.get $var30
  i32.store offset=24
  block $label3
    loop $label5
      local.get $var3
      i32.load offset=24
      local.set $var31
      i32.const 5
      local.set $var32
      local.get $var31
      local.get $var32
      i32.lt_s
      local.set $var33
      i32.const 1
      local.set $var34
      local.get $var33
      local.get $var34
      i32.and
      local.set $var35
      local.get $var35
      i32.eqz
      br_if $label3
      local.get $var3
      i32.load offset=28
      local.set $var36
      local.get $var3
      i32.load offset=24
      local.set $var37
      i32.const 3
      local.set $var38
      local.get $var37
      local.get $var38
      i32.shl
      local.set $var39
      local.get $var36
      local.get $var39
      i32.add
      local.set $var40
      local.get $var40
      i64.load
      local.set $var41
      local.get $var3
      local.get $var41
      i64.store offset=16
      local.get $var3
      i32.load offset=24
      local.set $var42
      i32.const 6
      local.set $var43
      local.get $var42
      local.get $var43
      i32.mul
      local.set $var44
      i32.const -39934163
      local.set $var45
      local.get $var45
      local.get $var44
      i32.shr_u
      local.set $var46
      i32.const 63
      local.set $var47
      local.get $var46
      local.get $var47
      i32.and
      local.set $var48
      local.get $var3
      local.get $var48
      i32.store offset=12
      local.get $var3
      i64.load offset=16
      local.set $var49
      local.get $var3
      i32.load offset=12
      local.set $var50
      local.get $var49
      local.get $var50
      call $func8
      local.set $var51
      local.get $var3
      i32.load offset=24
      local.set $var52
      i32.const 32
      local.set $var53
      local.get $var3
      local.get $var53
      i32.add
      local.set $var54
      local.get $var54
      local.set $var55
      i32.const 3
      local.set $var56
      local.get $var52
      local.get $var56
      i32.shl
      local.set $var57
      local.get $var55
      local.get $var57
      i32.add
      local.set $var58
      local.get $var58
      i64.load
      local.set $var59
      local.get $var51
      local.get $var59
      i64.ne
      local.set $var60
      i32.const 1
      local.set $var61
      local.get $var60
      local.get $var61
      i32.and
      local.set $var62
      block $label4
        local.get $var62
        i32.eqz
        br_if $label4
        i32.const 0
        local.set $var63
        local.get $var3
        local.get $var63
        i32.store offset=92
        br $label2
      end $label4
      local.get $var3
      i32.load offset=24
      local.set $var64
      i32.const 1
      local.set $var65
      local.get $var64
      local.get $var65
      i32.add
      local.set $var66
      local.get $var3
      local.get $var66
      i32.store offset=24
      br $label5
    end $label5
  end $label3
  i32.const 1
  local.set $var67
  local.get $var3
  local.get $var67
  i32.store offset=92
end $label2
local.get $var3
i32.load offset=92
local.set $var68
i32.const 96
local.set $var69
local.get $var3
local.get $var69
i32.add
local.set $var70
local.get $var70
global.set $global0
local.get $var68
return
)

給chatgpt整理分析以上的加密方式為

magic = 0xFD9EA72D 計算旋轉位數
expected[0] = 0x69282A668AEF666A; expected[1] = 0x633525F4D7372337; expected[2] = 0x9DB9A5A0DCC5DD7D; expected[3] = 0x9833AFAFB8381A2F; expected[4] = 0x6FAC8C8726464726;
是經過旋轉之後預期的flag

接下來把使用者輸入的每一個chunk取出來進行rot

for (int i = 0; i < 5; i++) {
    uint64_t chunk = *(uint64_t*)(input + i*8);

    uint32_t r = (magic >> (i*6)) & 63;

    uint64_t rot = (chunk << r) | (chunk >> (64 - r));

    if (rot != expected[i]) {
        result = 0;
        goto done;
    }
}
result = 1;

總結可以寫出解密的script

expected = [
    0x69282A668AEF666A,
    0x633525F4D7372337,
    0x9DB9A5A0DCC5DD7D,
    0x9833AFAFB8381A2F,
    0x6FAC8C8726464726
]
magic = 0xFD9EA72D

mask64 = (1 << 64) - 1

def rotr(x, r):
    return ((x >> r) | ((x << (64 - r)) & mask64)) & mask64

flag_bytes = []
for i, exp in enumerate(expected):
    r = (magic >> (6 * i)) & 0x3F
    chunk = rotr(exp, r)
    for j in range(8):
        flag_bytes.append((chunk >> (8 * j)) & 0xFF)

flag = bytes(flag_bytes).decode('ascii')

print(flag)

web2

:flags:AIS3{W4SM_R3v3rsing_w17h_g0_4pp_39229dd}

A_simple_snake_game

是一個貪吃蛇遊戲，用ida 反編譯後找一下主要加密函式，找到了draw_text函式

void __userpurge SnakeGame::Screen::drawText(_DWORD *a1@<ecx>, #220 *this, int a3, int a4)
{
  unsigned int v4; // eax
  int v5; // eax
  int v6; // eax
  int Error; // eax
  int v8; // eax
  char v9; // [esp+23h] [ebp-F5h]
  char lpuexcpt; // [esp+24h] [ebp-F4h]
  struct _Unwind_Exception *lpuexcpta; // [esp+24h] [ebp-F4h]
  struct _Unwind_Exception *lpuexcptb; // [esp+24h] [ebp-F4h]
  _DWORD v14[10]; // [esp+6Dh] [ebp-ABh] BYREF
  __int16 v15; // [esp+95h] [ebp-83h]
  char v16; // [esp+97h] [ebp-81h]
  int v17; // [esp+98h] [ebp-80h]
  int v18; // [esp+9Ch] [ebp-7Ch]
  int v19; // [esp+A0h] [ebp-78h]
  int v20; // [esp+A4h] [ebp-74h]
  int v21; // [esp+A8h] [ebp-70h]
  _BYTE v22[24]; // [esp+ACh] [ebp-6Ch] BYREF
  int v23; // [esp+C4h] [ebp-54h]
  int v24; // [esp+C8h] [ebp-50h]
  int v25; // [esp+CCh] [ebp-4Ch]
  int v26; // [esp+D0h] [ebp-48h]
  int v27; // [esp+D4h] [ebp-44h]
  _BYTE v28[27]; // [esp+D8h] [ebp-40h] BYREF
  char v29; // [esp+F3h] [ebp-25h] BYREF
  int TextureFromSurface; // [esp+F4h] [ebp-24h]
  int v31; // [esp+F8h] [ebp-20h]
  unsigned int i; // [esp+FCh] [ebp-1Ch]

  if ( (int)this <= 11451419 || a3 <= 19810 )
  {
    SnakeGame::Screen::createText[abi:cxx11](a1, this, a3);
    v27 = 0xFFFFFF;
    v8 = std::string::c_str(v28);
    a1[3] = TTF_RenderText_Solid(a1[5], v8, 0xFFFFFF);
    a1[4] = SDL_CreateTextureFromSurface(a1[1], a1[3]);
    v23 = 400;
    v24 = 565;
    v25 = 320;
    v26 = 30;
    SDL_RenderCopy(a1[1], a1[4]);
    std::string::~string(v28);
  }
  else
  {
    v14[0] = -831958911;
    v14[1] = -1047254091;
    v14[2] = -1014295699;
    v14[3] = -620220219;
    v14[4] = 2001515017;
    v14[5] = -317711271;
    v14[6] = 1223368792;
    v14[7] = 1697251023;
    v14[8] = 496855031;
    v14[9] = -569364828;
    v15 = 26365;
    v16 = 40;
    std::allocator<char>::allocator(&v29);
    std::string::basic_string(v14, 43, &v29);
    std::allocator<char>::~allocator(&v29);
    for ( i = 0; ; ++i )
    {
      v4 = std::string::length(v22);
      if ( i >= v4 )
        break;
      lpuexcpt = *(_BYTE *)std::string::operator[](i);
      v9 = SnakeGame::hex_array1[i];
      *(_BYTE *)std::string::operator[](i) = v9 ^ lpuexcpt;
    }
    v21 = 0xFFFFFF;
    v5 = std::string::c_str(v22);
    v31 = TTF_RenderText_Solid(a1[5], v5, v21);
    if ( v31 )
    {
      TextureFromSurface = SDL_CreateTextureFromSurface(a1[1], v31);
      if ( TextureFromSurface )
      {
        v17 = 200;
        v18 = 565;
        v19 = 590;
        v20 = 30;
        SDL_RenderCopy(a1[1], TextureFromSurface);
        SDL_FreeSurface(v31);
        SDL_DestroyTexture(TextureFromSurface);
      }
      else
      {
        lpuexcptb = (struct _Unwind_Exception *)std::operator<<<std::char_traits<char>>(
                                                  &std::cerr,
                                                  "SDL_CreateTextureFromSurface: ");
        Error = SDL_GetError();
        std::operator<<<std::char_traits<char>>(lpuexcptb, Error);
        std::ostream::operator<<(std::endl<char,std::char_traits<char>>);
        SDL_FreeSurface(v31);
      }
    }
    else
    {
      lpuexcpta = (struct _Unwind_Exception *)std::operator<<<std::char_traits<char>>(
                                                &std::cerr,
                                                "TTF_RenderText_Solid: ");
      v6 = SDL_GetError();
      std::operator<<<std::char_traits<char>>(lpuexcpta, v6);
      std::ostream::operator<<(std::endl<char,std::char_traits<char>>);
    }
    std::string::~string(v22);
  }
}

看起來是進到else條件後會出現flag文字，並且是用XOR加解密

可以寫出下面的解密script

import struct

v14 = [
    -831958911, -1047254091, -1014295699, -620220219,
    2001515017, -317711271, 1223368792, 1697251023,
    496855031, -569364828
]

raw_bytes = b''.join(struct.pack('<I', x & 0xFFFFFFFF) for x in v14)
raw_bytes += struct.pack('<H', 26365)
raw_bytes += struct.pack('B', 40)

key = bytes([
    0x0C, 0x19, 0x3A, 0xFD, 0xCE, 0x68, 0xDC, 0xF2, 0x0C, 0x47,
    0xD4, 0x86, 0xAB, 0x57, 0x39, 0xB5, 0x3A, 0x8D, 0x13, 0x47,
    0x3F, 0x7F, 0x71, 0x98, 0x6D, 0x13, 0xB4, 0x01, 0x90, 0x9C,
    0x46, 0x3A, 0xC6, 0x33, 0xC2, 0x7F, 0xDD, 0x71, 0x78, 0x9F,
    0x93, 0x22, 0x55, 0x15
])

decrypted = bytes(raw_bytes[i] ^ key[i] for i in range(43))

print("flag：", decrypted)

:flags:AIS3{CH3aT_Eng1n3?_0fcau53_I_bo_1T_by_hAnD}

verysafe_image_encrypter

ida 反編譯之後無法辨識，用DIE看一下

發現有加了壓縮殼，並且看起來是自製的殼，因此先利用x64dbg去看哪裡是OEP 並用scylla dump 出脫殼程式

在找OEP之前可以先用CFF explore 把ASLR關掉

F9執行到這邊後會執行到popad 的下一行jmp dword ptr ss:[esp-24]

jmp之後跳到這邊

在經過一次jmp之後會到這邊

這邊看起來非常像原本程式的OEP，因此401170可以先猜測為OEP

使用scylla dump 出來參考：https://feifeitan.cn/index.php/archives/216/

將dump 出來的用ida反編譯後會得到原本的程式碼

經過分析後主要圖片加密功能會sub_4018EA中的sub_401520

int __cdecl sub_4018EA(char a1)
{
  int v1; // eax
  int v3; // [esp+0h] [ebp-88h] BYREF
  int v4; // [esp+18h] [ebp-70h]
  char v5[4]; // [esp+1Ch] [ebp-6Ch] BYREF
  int v6; // [esp+20h] [ebp-68h]
  int (__cdecl *v7)(int, int, int, int, int, int); // [esp+34h] [ebp-54h]
  int *v8; // [esp+38h] [ebp-50h]
  int *v9; // [esp+3Ch] [ebp-4Ch]
  void *v10; // [esp+40h] [ebp-48h]
  int *v11; // [esp+44h] [ebp-44h]
  char v12[16]; // [esp+58h] [ebp-30h] BYREF
  char *v13; // [esp+68h] [ebp-20h]
  char *v14; // [esp+6Ch] [ebp-1Ch]
  char *v15; // [esp+78h] [ebp-10h]
  int savedregs; // [esp+88h] [ebp+0h] BYREF

  v15 = &a1;
  v7 = sub_4CCCF0;
  v8 = &dword_4CE4D4;
  v9 = &savedregs;
  v10 = &loc_4019D0;
  v11 = &v3;
  sub_40C590(v5);
  sub_40A8B0();
  v14 = aInputImagePng;
  v13 = aEncryptedImage;
  v6 = -1;
  sub_401580(v12, aInputImagePng);
  v12[15] = 114;
  sub_401520(v12, 114);
  v6 = 1;
  sub_40177D(v13, v12);
  v1 = sub_4C87B0(&dword_4D27C0, (char *)dword_4D303C);
  sub_4C87B0(v1, v13);
  sub_47DFC0(sub_4C6890);
  v4 = 0;
  sub_4B0FB8(v12);
  sub_40C860(v5);
  return v4;
}

bool __cdecl sub_401520(int a1, char a2)
{
  bool result; // al
  _BYTE *v3; // eax
  _BYTE *v4; // eax
  unsigned int i; // [esp+2Ch] [ebp-Ch]

  for ( i = 0; ; ++i )
  {
    result = i < sub_4315C4(a1);
    if ( !result )
      break;
    v3 = (_BYTE *)sub_4B1020(i);
    *v3 ^= a2;
    v4 = (_BYTE *)sub_4B1020(i);
    *v4 += 4;
  }
  return result;
}

很簡單可以看出來他將圖片的每個byte經過0x72的xor之後+4
因此可以用以下的script解密出來

def decrypt(data: bytes, key: int) -> bytes:
    return bytes(((c - 4) & 0xFF) ^ key for c in data)

if __name__ == "__main__":
    key = ord('r')
    with open('./encrypted_image.png', 'rb') as f:
        cipher = f.read()
        plain = decrypt(cipher, key)
        print(''.join(f'{b:02x}' for b in plain))

將解密出來的16進位丟到cyberchef之後就會得到下面的照片

:flags:AIS3{rwx_53gm3nttt_s0_5AS}

BabyUnicorn

顯示用pwntools 的disassembly 看一下 shellcode

??? note “BabyUnicorn Shellcode Assembly”

0: 83 fe 20 cmp esi, 0x20
3: 0f 84 a3 03 00 00 je 0x3ac
9: 83 fe 0d cmp esi, 0xd
c: 0f 84 13 04 00 00 je 0x425
12: 83 fe 15 cmp esi, 0x15
15: 0f 84 49 04 00 00 je 0x464
1b: 83 fe 5a cmp esi, 0x5a
1e: 0f 84 c1 04 00 00 je 0x4e5
24: 83 fe 3d cmp esi, 0x3d
27: 0f 84 e7 04 00 00 je 0x514
2d: 83 fe 36 cmp esi, 0x36
30: 0f 84 70 04 00 00 je 0x4a6
36: 83 fe 31 cmp esi, 0x31
39: 0f 84 46 05 00 00 je 0x585
3f: 83 fe 0f cmp esi, 0xf
42: 0f 84 7f 05 00 00 je 0x5c7
48: 83 fe 50 cmp esi, 0x50
4b: 0f 84 a4 05 00 00 je 0x5f5
51: 83 fe 59 cmp esi, 0x59
54: 0f 84 fc 04 00 00 je 0x556
5a: 83 fe 4a cmp esi, 0x4a
5d: 0f 84 c1 05 00 00 je 0x624
63: 83 fe 06 cmp esi, 0x6
66: 0f 84 e4 05 00 00 je 0x650
6c: 83 fe 0c cmp esi, 0xc
6f: 0f 84 39 06 00 00 je 0x6ae
75: 83 fe 16 cmp esi, 0x16
78: 0f 84 01 06 00 00 je 0x67f
7e: 83 fe 2b cmp esi, 0x2b
81: 0f 84 56 06 00 00 je 0x6dd
87: 83 fe 34 cmp esi, 0x34
8a: 0f 84 7c 06 00 00 je 0x70c
90: 83 fe 55 cmp esi, 0x55
93: 0f 84 ce 06 00 00 je 0x767
99: 83 fe 17 cmp esi, 0x17
9c: 0f 84 96 06 00 00 je 0x738
a2: 83 fe 0e cmp esi, 0xe
a5: 0f 84 ac 0c 00 00 je 0xd57
ab: 83 fe 11 cmp esi, 0x11
ae: 0f 84 79 0c 00 00 je 0xd2d
b4: 83 fe 4f cmp esi, 0x4f
b7: 0f 84 44 0c 00 00 je 0xd01
bd: 83 fe 47 cmp esi, 0x47
c0: 0f 84 0c 0c 00 00 je 0xcd2
c6: 83 fe 2f cmp esi, 0x2f
c9: 0f 84 d4 0b 00 00 je 0xca3
cf: 83 fe 30 cmp esi, 0x30
d2: 0f 84 9c 0b 00 00 je 0xc74
d8: 83 fe 04 cmp esi, 0x4
db: 0f 84 67 0b 00 00 je 0xc48
e1: 83 fe 2c cmp esi, 0x2c
e4: 0f 84 2f 0b 00 00 je 0xc19
ea: 83 fe 40 cmp esi, 0x40
ed: 0f 84 5b 0f 00 00 je 0x104e
f3: 83 fe 1a cmp esi, 0x1a
f6: 0f 84 23 0f 00 00 je 0x101f
fc: 83 fe 38 cmp esi, 0x38
ff: 0f 84 eb 0e 00 00 je 0xff0
105: 83 fe 32 cmp esi, 0x32
108: 0f 84 b3 0e 00 00 je 0xfc1
10e: 83 fe 46 cmp esi, 0x46
111: 0f 84 7b 0e 00 00 je 0xf92
117: 83 fe 43 cmp esi, 0x43
11a: 0f 84 46 0e 00 00 je 0xf66
120: 83 fe 39 cmp esi, 0x39
123: 0f 84 0e 0e 00 00 je 0xf37
129: 83 fe 53 cmp esi, 0x53
12c: 0f 84 d6 0d 00 00 je 0xf08
132: 83 fe 23 cmp esi, 0x23
135: 0f 84 9e 0d 00 00 je 0xed9
13b: 83 fe 37 cmp esi, 0x37
13e: 0f 84 66 0d 00 00 je 0xeaa
144: 83 fe 2a cmp esi, 0x2a
147: 0f 84 2e 0d 00 00 je 0xe7b
14d: 83 fe 29 cmp esi, 0x29
150: 0f 84 f6 0c 00 00 je 0xe4c
156: 83 fe 1e cmp esi, 0x1e
159: 0f 84 b4 0c 00 00 je 0xe13
15f: 83 fe 51 cmp esi, 0x51
162: 0f 84 7c 0c 00 00 je 0xde4
168: 83 fe 27 cmp esi, 0x27
16b: 0f 84 44 0c 00 00 je 0xdb5
171: 83 fe 63 cmp esi, 0x63
174: 0f 84 0c 0c 00 00 je 0xd86
17a: 83 fe 52 cmp esi, 0x52
17d: 0f 84 9e 14 00 00 je 0x1621
183: 83 fe 60 cmp esi, 0x60
186: 0f 84 66 14 00 00 je 0x15f2
18c: 83 fe 44 cmp esi, 0x44
18f: 0f 84 2e 14 00 00 je 0x15c3
195: 83 fe 2e cmp esi, 0x2e
198: 0f 84 f9 13 00 00 je 0x1597
19e: 83 fe 07 cmp esi, 0x7
1a1: 0f 84 c4 13 00 00 je 0x156b
1a7: 83 fe 21 cmp esi, 0x21
1aa: 0f 84 8c 13 00 00 je 0x153c
1b0: 83 fe 45 cmp esi, 0x45
1b3: 0f 84 54 13 00 00 je 0x150d
1b9: 83 fe 33 cmp esi, 0x33
1bc: 0f 84 1c 13 00 00 je 0x14de
1c2: 83 fe 5e cmp esi, 0x5e
1c5: 0f 84 e7 12 00 00 je 0x14b2
1cb: 83 fe 2d cmp esi, 0x2d
1ce: 0f 84 af 12 00 00 je 0x1483
1d4: 83 fe 08 cmp esi, 0x8
1d7: 0f 84 77 12 00 00 je 0x1454
1dd: 83 fe 61 cmp esi, 0x61
1e0: 0f 84 41 12 00 00 je 0x1427
1e6: 83 fe 02 cmp esi, 0x2
1e9: 0f 84 09 12 00 00 je 0x13f8
1ef: 83 fe 4b cmp esi, 0x4b
1f2: 0f 84 d1 11 00 00 je 0x13c9
1f8: 83 fe 22 cmp esi, 0x22
1fb: 0f 84 99 11 00 00 je 0x139a
201: 83 fe 3b cmp esi, 0x3b
204: 0f 84 61 11 00 00 je 0x136b
20a: 83 fe 3c cmp esi, 0x3c
20d: 0f 84 29 11 00 00 je 0x133c
213: 83 fe 25 cmp esi, 0x25
216: 0f 84 f1 10 00 00 je 0x130d
21c: 83 fe 4c cmp esi, 0x4c
21f: 0f 84 bb 10 00 00 je 0x12e0
225: 83 fe 19 cmp esi, 0x19
228: 0f 84 83 10 00 00 je 0x12b1
22e: 83 fe 12 cmp esi, 0x12
231: 0f 84 4b 10 00 00 je 0x1282
237: 83 fe 1c cmp esi, 0x1c
23a: 0f 84 13 10 00 00 je 0x1253
240: 83 fe 5c cmp esi, 0x5c
243: 0f 84 db 0f 00 00 je 0x1224
249: 83 fe 03 cmp esi, 0x3
24c: 0f 84 a3 0f 00 00 je 0x11f5
252: 83 fe 62 cmp esi, 0x62
255: 0f 84 6b 0f 00 00 je 0x11c6
25b: 83 fe 4e cmp esi, 0x4e
25e: 0f 84 33 0f 00 00 je 0x1197
264: 83 fe 4d cmp esi, 0x4d
267: 0f 84 fb 0e 00 00 je 0x1168
26d: 83 fe 42 cmp esi, 0x42
270: 0f 84 c3 0e 00 00 je 0x1139
276: 83 fe 3f cmp esi, 0x3f
279: 0f 84 8b 0e 00 00 je 0x110a
27f: 83 fe 58 cmp esi, 0x58
282: 0f 84 53 0e 00 00 je 0x10db
288: 83 fe 54 cmp esi, 0x54
28b: 0f 84 1b 0e 00 00 je 0x10ac
291: 83 fe 05 cmp esi, 0x5
294: 0f 84 e3 0d 00 00 je 0x107d
29a: 83 fe 10 cmp esi, 0x10
29d: 0f 84 d8 07 00 00 je 0xa7b
2a3: 83 fe 64 cmp esi, 0x64
2a6: 0f 84 a0 07 00 00 je 0xa4c
2ac: 83 fe 1d cmp esi, 0x1d
2af: 0f 84 68 07 00 00 je 0xa1d
2b5: 83 fe 13 cmp esi, 0x13
2b8: 0f 84 30 07 00 00 je 0x9ee
2be: 83 fe 0b cmp esi, 0xb
2c1: 0f 84 f8 06 00 00 je 0x9bf
2c7: 83 fe 01 cmp esi, 0x1
2ca: 0f 84 c0 06 00 00 je 0x990
2d0: 83 fe 3a cmp esi, 0x3a
2d3: 0f 84 88 06 00 00 je 0x961
2d9: 83 fe 48 cmp esi, 0x48
2dc: 0f 84 50 06 00 00 je 0x932
2e2: 83 fe 49 cmp esi, 0x49
2e5: 0f 84 18 06 00 00 je 0x903
2eb: 83 fe 1b cmp esi, 0x1b
2ee: 0f 84 e0 05 00 00 je 0x8d4
2f4: 83 fe 56 cmp esi, 0x56
2f7: 0f 84 a8 05 00 00 je 0x8a5
2fd: 83 fe 26 cmp esi, 0x26
300: 0f 84 70 05 00 00 je 0x876
306: 83 fe 14 cmp esi, 0x14
309: 0f 84 38 05 00 00 je 0x847
30f: 83 fe 0a cmp esi, 0xa
312: 0f 84 03 05 00 00 je 0x81b
318: 83 fe 09 cmp esi, 0x9
31b: 0f 84 ce 04 00 00 je 0x7ef
321: 83 fe 1f cmp esi, 0x1f
324: 0f 84 96 04 00 00 je 0x7c0
32a: 83 fe 3e cmp esi, 0x3e
32d: 0f 84 ba 08 00 00 je 0xbed
333: 83 fe 5b cmp esi, 0x5b
336: 0f 84 82 08 00 00 je 0xbbe
33c: 83 fe 5d cmp esi, 0x5d
33f: 0f 84 4a 08 00 00 je 0xb8f
345: 83 fe 28 cmp esi, 0x28
348: 0f 84 12 08 00 00 je 0xb60
34e: 83 fe 35 cmp esi, 0x35
351: 0f 84 da 07 00 00 je 0xb31
357: 83 fe 41 cmp esi, 0x41
35a: 0f 84 a5 07 00 00 je 0xb05
360: 83 fe 57 cmp esi, 0x57
363: 0f 84 6d 07 00 00 je 0xad6
369: 83 fe 5f cmp esi, 0x5f
36c: 0f 84 38 07 00 00 je 0xaaa
372: 83 fe 18 cmp esi, 0x18
375: 0f 84 1b 04 00 00 je 0x796
37b: 83 fe 24 cmp esi, 0x24
37e: 75 6d jne 0x3ed
380: 8d 74 24 fa lea esi, [esp-0x6]
384: b9 26 00 00 00 mov ecx, 0x26
389: bf 2f 00 00 00 mov edi, 0x2f
38e: 89 c8 mov eax, ecx
390: 99 cdq
391: f7 ff idiv edi
393: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
398: 30 04 0e xor BYTE PTR [esi+ecx*1], al
39b: 83 c1 01 add ecx, 0x1
39e: 83 f9 4d cmp ecx, 0x4d
3a1: 75 eb jne 0x38e
3a3: cd 51 int 0x51
3a5: be 1b 00 00 00 mov esi, 0x1b
3aa: eb 41 jmp 0x3ed
3ac: 8d 74 24 15 lea esi, [esp+0x15]
3b0: b9 0b 00 00 00 mov ecx, 0xb
3b5: bf 5d 41 4c ae mov edi, 0xae4c415d
3ba: 8d 74 26 00 lea esi, [esi+eiz*1+0x0]
3be: 89 c8 mov eax, ecx
3c0: f7 ef imul edi
3c2: 8d 04 0a lea eax, [edx+ecx*1]
3c5: 89 ca mov edx, ecx
3c7: c1 fa 1f sar edx, 0x1f
3ca: c1 f8 05 sar eax, 0x5
3cd: 29 d0 sub eax, edx
3cf: 89 ca mov edx, ecx
3d1: 6b c0 2f imul eax, eax, 0x2f
3d4: 29 c2 sub edx, eax
3d6: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
3db: 30 04 0e xor BYTE PTR [esi+ecx*1], al
3de: 83 c1 01 add ecx, 0x1
3e1: 83 f9 17 cmp ecx, 0x17
3e4: 75 d8 jne 0x3be
3e6: cd 2b int 0x2b
3e8: be 64 00 00 00 mov esi, 0x64
3ed: 89 74 24 04 mov DWORD PTR [esp+0x4], esi
3f1: 8d 74 24 20 lea esi, [esp+0x20]
3f5: c7 04 24 68 70 40 00 mov DWORD PTR [esp], 0x407068
3fc: e8 e5 f9 ff ff call 0xfffffde6
401: 0f be 06 movsx eax, BYTE PTR [esi]
404: c7 04 24 6c 70 40 00 mov DWORD PTR [esp], 0x40706c
40b: 83 c6 01 add esi, 0x1
40e: 89 44 24 04 mov DWORD PTR [esp+0x4], eax
412: e8 cf f9 ff ff call 0xfffffde6
417: 39 f3 cmp ebx, esi
419: 75 e6 jne 0x401
41b: 8d 65 f4 lea esp, [ebp-0xc]
41e: 31 c0 xor eax, eax
420: 5b pop ebx
421: 5e pop esi
422: 5f pop edi
423: 5d pop ebp
424: c3 ret
425: 8d 74 24 0d lea esi, [esp+0xd]
429: b9 13 00 00 00 mov ecx, 0x13
42e: bf 5d 41 4c ae mov edi, 0xae4c415d
433: 89 c8 mov eax, ecx
435: f7 ef imul edi
437: 8d 04 0a lea eax, [edx+ecx*1]
43a: 89 ca mov edx, ecx
43c: c1 fa 1f sar edx, 0x1f
43f: c1 f8 05 sar eax, 0x5
442: 29 d0 sub eax, edx
444: 89 ca mov edx, ecx
446: 6b c0 2f imul eax, eax, 0x2f
449: 29 c2 sub edx, eax
44b: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
450: 30 04 0e xor BYTE PTR [esi+ecx*1], al
453: 83 c1 01 add ecx, 0x1
456: 83 f9 27 cmp ecx, 0x27
459: 75 d8 jne 0x433
45b: cd 23 int 0x23
45d: be 50 00 00 00 mov esi, 0x50
462: eb 89 jmp 0x3ed
464: 8d 74 24 14 lea esi, [esp+0x14]
468: b9 0c 00 00 00 mov ecx, 0xc
46d: bf 5d 41 4c ae mov edi, 0xae4c415d
472: 89 c8 mov eax, ecx
474: f7 ef imul edi
476: 8d 04 0a lea eax, [edx+ecx*1]
479: 89 ca mov edx, ecx
47b: c1 fa 1f sar edx, 0x1f
47e: c1 f8 05 sar eax, 0x5
481: 29 d0 sub eax, edx
483: 89 ca mov edx, ecx
485: 6b c0 2f imul eax, eax, 0x2f
488: 29 c2 sub edx, eax
48a: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
48f: 30 04 0e xor BYTE PTR [esi+ecx*1], al
492: 83 c1 01 add ecx, 0x1
495: 83 f9 19 cmp ecx, 0x19
498: 75 d8 jne 0x472
49a: cd 08 int 0x8
49c: be 47 00 00 00 mov esi, 0x47
4a1: e9 47 ff ff ff jmp 0x3ed
4a6: b9 1f 00 00 00 mov ecx, 0x1f
4ab: be 5d 41 4c ae mov esi, 0xae4c415d
4b0: 89 c8 mov eax, ecx
4b2: 89 cf mov edi, ecx
4b4: f7 ee imul esi
4b6: 8d 04 0a lea eax, [edx+ecx*1]
4b9: 89 ca mov edx, ecx
4bb: c1 fa 1f sar edx, 0x1f
4be: c1 f8 05 sar eax, 0x5
4c1: 29 d0 sub eax, edx
4c3: 6b c0 2f imul eax, eax, 0x2f
4c6: 29 c7 sub edi, eax
4c8: 0f b6 44 3c 20 movzx eax, BYTE PTR [esp+edi*1+0x20]
4cd: 30 44 0c 01 xor BYTE PTR [esp+ecx*1+0x1], al
4d1: 83 c1 01 add ecx, 0x1
4d4: 83 f9 3f cmp ecx, 0x3f
4d7: 75 d7 jne 0x4b0
4d9: cd 12 int 0x12
4db: be 21 00 00 00 mov esi, 0x21
4e0: e9 08 ff ff ff jmp 0x3ed
4e5: 8d 74 24 1c lea esi, [esp+0x1c]
4e9: b9 04 00 00 00 mov ecx, 0x4
4ee: bf 2f 00 00 00 mov edi, 0x2f
4f3: 89 c8 mov eax, ecx
4f5: 99 cdq
4f6: f7 ff idiv edi
4f8: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
4fd: 30 04 0e xor BYTE PTR [esi+ecx*1], al
500: 83 c1 01 add ecx, 0x1
503: 83 f9 09 cmp ecx, 0x9
506: 75 eb jne 0x4f3
508: cd 3a int 0x3a
50a: be 1d 00 00 00 mov esi, 0x1d
50f: e9 d9 fe ff ff jmp 0x3ed
514: 8d 74 24 06 lea esi, [esp+0x6]
518: b9 1a 00 00 00 mov ecx, 0x1a
51d: bf 5d 41 4c ae mov edi, 0xae4c415d
522: 89 c8 mov eax, ecx
524: f7 ef imul edi
526: 8d 04 0a lea eax, [edx+ecx*1]
529: 89 ca mov edx, ecx
52b: c1 fa 1f sar edx, 0x1f
52e: c1 f8 05 sar eax, 0x5
531: 29 d0 sub eax, edx
533: 89 ca mov edx, ecx
535: 6b c0 2f imul eax, eax, 0x2f
538: 29 c2 sub edx, eax
53a: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
53f: 30 04 0e xor BYTE PTR [esi+ecx*1], al
542: 83 c1 01 add ecx, 0x1
545: 83 f9 35 cmp ecx, 0x35
548: 75 d8 jne 0x522
54a: cd 4f int 0x4f
54c: be 60 00 00 00 mov esi, 0x60
551: e9 97 fe ff ff jmp 0x3ed
556: 8d 74 24 19 lea esi, [esp+0x19]
55a: b9 07 00 00 00 mov ecx, 0x7
55f: bf 2f 00 00 00 mov edi, 0x2f
564: 89 c8 mov eax, ecx
566: 99 cdq
567: f7 ff idiv edi
569: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
56e: 30 04 0e xor BYTE PTR [esi+ecx*1], al
571: 83 c1 01 add ecx, 0x1
574: 83 f9 0f cmp ecx, 0xf
577: 75 eb jne 0x564
579: cd 5d int 0x5d
57b: be 3d 00 00 00 mov esi, 0x3d
580: e9 68 fe ff ff jmp 0x3ed
585: 8d 74 24 0e lea esi, [esp+0xe]
589: b9 12 00 00 00 mov ecx, 0x12
58e: bf 5d 41 4c ae mov edi, 0xae4c415d
593: 89 c8 mov eax, ecx
595: f7 ef imul edi
597: 8d 04 0a lea eax, [edx+ecx*1]
59a: 89 ca mov edx, ecx
59c: c1 fa 1f sar edx, 0x1f
59f: c1 f8 05 sar eax, 0x5
5a2: 29 d0 sub eax, edx
5a4: 89 ca mov edx, ecx
5a6: 6b c0 2f imul eax, eax, 0x2f
5a9: 29 c2 sub edx, eax
5ab: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
5b0: 30 04 0e xor BYTE PTR [esi+ecx*1], al
5b3: 83 c1 01 add ecx, 0x1
5b6: 83 f9 25 cmp ecx, 0x25
5b9: 75 d8 jne 0x593
5bb: cd 13 int 0x13
5bd: be 09 00 00 00 mov esi, 0x9
5c2: e9 26 fe ff ff jmp 0x3ed
5c7: 8d 74 24 15 lea esi, [esp+0x15]
5cb: b9 0b 00 00 00 mov ecx, 0xb
5d0: bf 2f 00 00 00 mov edi, 0x2f
5d5: 89 c8 mov eax, ecx
5d7: 99 cdq
5d8: f7 ff idiv edi
5da: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
5df: 30 04 0e xor BYTE PTR [esi+ecx*1], al
5e2: 83 c1 01 add ecx, 0x1
5e5: 83 f9 17 cmp ecx, 0x17
5e8: 75 eb jne 0x5d5
5ea: cc int3
5eb: be 3a 00 00 00 mov esi, 0x3a
5f0: e9 f8 fd ff ff jmp 0x3ed
5f5: 8d 74 24 0e lea esi, [esp+0xe]
5f9: b9 12 00 00 00 mov ecx, 0x12
5fe: bf 2f 00 00 00 mov edi, 0x2f
603: 89 c8 mov eax, ecx
605: 99 cdq
606: f7 ff idiv edi
608: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
60d: 30 04 0e xor BYTE PTR [esi+ecx*1], al
610: 83 c1 01 add ecx, 0x1
613: 83 f9 25 cmp ecx, 0x25
616: 75 eb jne 0x603
618: cd 44 int 0x44
61a: be 26 00 00 00 mov esi, 0x26
61f: e9 c9 fd ff ff jmp 0x3ed
624: b9 1b 00 00 00 mov ecx, 0x1b
629: be 2f 00 00 00 mov esi, 0x2f
62e: 89 c8 mov eax, ecx
630: 99 cdq
631: f7 fe idiv esi
633: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
638: 30 44 0c 05 xor BYTE PTR [esp+ecx*1+0x5], al
63c: 83 c1 01 add ecx, 0x1
63f: 83 f9 37 cmp ecx, 0x37
642: 75 ea jne 0x62e
644: cd 0b int 0xb
646: be 33 00 00 00 mov esi, 0x33
64b: e9 9d fd ff ff jmp 0x3ed
650: 8d 74 24 03 lea esi, [esp+0x3]
654: b9 1d 00 00 00 mov ecx, 0x1d
659: bf 2f 00 00 00 mov edi, 0x2f
65e: 89 c8 mov eax, ecx
660: 99 cdq
661: f7 ff idiv edi
663: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
668: 30 04 0e xor BYTE PTR [esi+ecx*1], al
66b: 83 c1 01 add ecx, 0x1
66e: 83 f9 3b cmp ecx, 0x3b
671: 75 eb jne 0x65e
673: cd 2d int 0x2d
675: be 11 00 00 00 mov esi, 0x11
67a: e9 6e fd ff ff jmp 0x3ed
67f: 8d 74 24 f5 lea esi, [esp-0xb]
683: b9 2b 00 00 00 mov ecx, 0x2b
688: bf 2f 00 00 00 mov edi, 0x2f
68d: 89 c8 mov eax, ecx
68f: 99 cdq
690: f7 ff idiv edi
692: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
697: 30 04 0e xor BYTE PTR [esi+ecx*1], al
69a: 83 c1 01 add ecx, 0x1
69d: 83 f9 57 cmp ecx, 0x57
6a0: 75 eb jne 0x68d
6a2: cd 4c int 0x4c
6a4: be 13 00 00 00 mov esi, 0x13
6a9: e9 3f fd ff ff jmp 0x3ed
6ae: 8d 74 24 fc lea esi, [esp-0x4]
6b2: b9 24 00 00 00 mov ecx, 0x24
6b7: bf 2f 00 00 00 mov edi, 0x2f
6bc: 89 c8 mov eax, ecx
6be: 99 cdq
6bf: f7 ff idiv edi
6c1: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
6c6: 30 04 0e xor BYTE PTR [esi+ecx*1], al
6c9: 83 c1 01 add ecx, 0x1
6cc: 83 f9 49 cmp ecx, 0x49
6cf: 75 eb jne 0x6bc
6d1: cd 5b int 0x5b
6d3: be 0d 00 00 00 mov esi, 0xd
6d8: e9 10 fd ff ff jmp 0x3ed
6dd: 8d 4c 24 13 lea ecx, [esp+0x13]
6e1: be 0d 00 00 00 mov esi, 0xd
6e6: bf 2f 00 00 00 mov edi, 0x2f
6eb: 89 f0 mov eax, esi
6ed: 99 cdq
6ee: f7 ff idiv edi
6f0: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
6f5: 30 04 31 xor BYTE PTR [ecx+esi*1], al
6f8: 83 c6 01 add esi, 0x1
6fb: 83 fe 1b cmp esi, 0x1b
6fe: 75 eb jne 0x6eb
700: cd 50 int 0x50
702: be 3b 00 00 00 mov esi, 0x3b
707: e9 e1 fc ff ff jmp 0x3ed
70c: b9 2d 00 00 00 mov ecx, 0x2d
711: be 2f 00 00 00 mov esi, 0x2f
716: 89 c8 mov eax, ecx
718: 99 cdq
719: f7 fe idiv esi
71b: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
720: 30 44 0c f3 xor BYTE PTR [esp+ecx*1-0xd], al
724: 83 c1 01 add ecx, 0x1
727: 83 f9 5b cmp ecx, 0x5b
72a: 75 ea jne 0x716
72c: cd 49 int 0x49
72e: be 29 00 00 00 mov esi, 0x29
733: e9 b5 fc ff ff jmp 0x3ed
738: 8d 4c 24 0f lea ecx, [esp+0xf]
73c: be 11 00 00 00 mov esi, 0x11
741: bf 2f 00 00 00 mov edi, 0x2f
746: 89 f0 mov eax, esi
748: 99 cdq
749: f7 ff idiv edi
74b: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
750: 30 04 31 xor BYTE PTR [ecx+esi*1], al
753: 83 c6 01 add esi, 0x1
756: 83 fe 23 cmp esi, 0x23
759: 75 eb jne 0x746
75b: cd 01 int 0x1
75d: be 30 00 00 00 mov esi, 0x30
762: e9 86 fc ff ff jmp 0x3ed
767: 8d 74 24 03 lea esi, [esp+0x3]
76b: b9 1d 00 00 00 mov ecx, 0x1d
770: bf 2f 00 00 00 mov edi, 0x2f
775: 89 c8 mov eax, ecx
777: 99 cdq
778: f7 ff idiv edi
77a: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
77f: 30 04 0e xor BYTE PTR [esi+ecx*1], al
782: 83 c1 01 add ecx, 0x1
785: 83 f9 3b cmp ecx, 0x3b
788: 75 eb jne 0x775
78a: cd 48 int 0x48
78c: be 14 00 00 00 mov esi, 0x14
791: e9 57 fc ff ff jmp 0x3ed
796: 8d 4c 24 08 lea ecx, [esp+0x8]
79a: bf 2f 00 00 00 mov edi, 0x2f
79f: 89 f0 mov eax, esi
7a1: 99 cdq
7a2: f7 ff idiv edi
7a4: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
7a9: 30 04 31 xor BYTE PTR [ecx+esi*1], al
7ac: 83 c6 01 add esi, 0x1
7af: 83 fe 31 cmp esi, 0x31
7b2: 75 eb jne 0x79f
7b4: cd 58 int 0x58
7b6: be 4e 00 00 00 mov esi, 0x4e
7bb: e9 2d fc ff ff jmp 0x3ed
7c0: 8d 74 24 03 lea esi, [esp+0x3]
7c4: b9 1d 00 00 00 mov ecx, 0x1d
7c9: bf 2f 00 00 00 mov edi, 0x2f
7ce: 89 c8 mov eax, ecx
7d0: 99 cdq
7d1: f7 ff idiv edi
7d3: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
7d8: 30 04 0e xor BYTE PTR [esi+ecx*1], al
7db: 83 c1 01 add ecx, 0x1
7de: 83 f9 3b cmp ecx, 0x3b
7e1: 75 eb jne 0x7ce
7e3: cd 31 int 0x31
7e5: be 4b 00 00 00 mov esi, 0x4b
7ea: e9 fe fb ff ff jmp 0x3ed
7ef: b9 2e 00 00 00 mov ecx, 0x2e
7f4: be 2f 00 00 00 mov esi, 0x2f
7f9: 89 c8 mov eax, ecx
7fb: 99 cdq
7fc: f7 fe idiv esi
7fe: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
803: 30 44 0c f2 xor BYTE PTR [esp+ecx*1-0xe], al
807: 83 c1 01 add ecx, 0x1
80a: 83 f9 5d cmp ecx, 0x5d
80d: 75 ea jne 0x7f9
80f: cd 3c int 0x3c
811: be 52 00 00 00 mov esi, 0x52
816: e9 d2 fb ff ff jmp 0x3ed
81b: b9 03 00 00 00 mov ecx, 0x3
820: be 2f 00 00 00 mov esi, 0x2f
825: 89 c8 mov eax, ecx
827: 99 cdq
828: f7 fe idiv esi
82a: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
82f: 30 44 0c 1d xor BYTE PTR [esp+ecx*1+0x1d], al
833: 83 c1 01 add ecx, 0x1
836: 83 f9 07 cmp ecx, 0x7
839: 75 ea jne 0x825
83b: cd 1c int 0x1c
83d: be 4d 00 00 00 mov esi, 0x4d
842: e9 a6 fb ff ff jmp 0x3ed
847: 8d 4c 24 f7 lea ecx, [esp-0x9]
84b: be 29 00 00 00 mov esi, 0x29
850: bf 2f 00 00 00 mov edi, 0x2f
855: 89 f0 mov eax, esi
857: 99 cdq
858: f7 ff idiv edi
85a: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
85f: 30 04 31 xor BYTE PTR [ecx+esi*1], al
862: 83 c6 01 add esi, 0x1
865: 83 fe 53 cmp esi, 0x53
868: 75 eb jne 0x855
86a: cd 06 int 0x6
86c: be 2a 00 00 00 mov esi, 0x2a
871: e9 77 fb ff ff jmp 0x3ed
876: 8d 74 24 17 lea esi, [esp+0x17]
87a: b9 09 00 00 00 mov ecx, 0x9
87f: bf 2f 00 00 00 mov edi, 0x2f
884: 89 c8 mov eax, ecx
886: 99 cdq
887: f7 ff idiv edi
889: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
88e: 30 04 0e xor BYTE PTR [esi+ecx*1], al
891: 83 c1 01 add ecx, 0x1
894: 83 f9 13 cmp ecx, 0x13
897: 75 eb jne 0x884
899: cd 35 int 0x35
89b: be 4a 00 00 00 mov esi, 0x4a
8a0: e9 48 fb ff ff jmp 0x3ed
8a5: 8d 74 24 fc lea esi, [esp-0x4]
8a9: b9 24 00 00 00 mov ecx, 0x24
8ae: bf 2f 00 00 00 mov edi, 0x2f
8b3: 89 c8 mov eax, ecx
8b5: 99 cdq
8b6: f7 ff idiv edi
8b8: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
8bd: 30 04 0e xor BYTE PTR [esi+ecx*1], al
8c0: 83 c1 01 add ecx, 0x1
8c3: 83 f9 49 cmp ecx, 0x49
8c6: 75 eb jne 0x8b3
8c8: cd 54 int 0x54
8ca: be 38 00 00 00 mov esi, 0x38
8cf: e9 19 fb ff ff jmp 0x3ed
8d4: 8d 4c 24 18 lea ecx, [esp+0x18]
8d8: be 08 00 00 00 mov esi, 0x8
8dd: bf 2f 00 00 00 mov edi, 0x2f
8e2: 89 f0 mov eax, esi
8e4: 99 cdq
8e5: f7 ff idiv edi
8e7: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
8ec: 30 04 31 xor BYTE PTR [ecx+esi*1], al
8ef: 83 c6 01 add esi, 0x1
8f2: 83 fe 11 cmp esi, 0x11
8f5: 75 eb jne 0x8e2
8f7: cd 2f int 0x2f
8f9: be 0f 00 00 00 mov esi, 0xf
8fe: e9 ea fa ff ff jmp 0x3ed
903: 8d 74 24 fc lea esi, [esp-0x4]
907: b9 24 00 00 00 mov ecx, 0x24
90c: bf 2f 00 00 00 mov edi, 0x2f
911: 89 c8 mov eax, ecx
913: 99 cdq
914: f7 ff idiv edi
916: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
91b: 30 04 0e xor BYTE PTR [esi+ecx*1], al
91e: 83 c1 01 add ecx, 0x1
921: 83 f9 49 cmp ecx, 0x49
924: 75 eb jne 0x911
926: cd 43 int 0x43
928: be 43 00 00 00 mov esi, 0x43
92d: e9 bb fa ff ff jmp 0x3ed
932: 8d 4c 24 12 lea ecx, [esp+0x12]
936: be 0e 00 00 00 mov esi, 0xe
93b: bf 2f 00 00 00 mov edi, 0x2f
940: 89 f0 mov eax, esi
942: 99 cdq
943: f7 ff idiv edi
945: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
94a: 30 04 31 xor BYTE PTR [ecx+esi*1], al
94d: 83 c6 01 add esi, 0x1
950: 83 fe 1d cmp esi, 0x1d
953: 75 eb jne 0x940
955: cd 0a int 0xa
957: be 57 00 00 00 mov esi, 0x57
95c: e9 8c fa ff ff jmp 0x3ed
961: 8d 4c 24 1e lea ecx, [esp+0x1e]
965: be 02 00 00 00 mov esi, 0x2
96a: bf 2f 00 00 00 mov edi, 0x2f
96f: 89 f0 mov eax, esi
971: 99 cdq
972: f7 ff idiv edi
974: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
979: 30 04 31 xor BYTE PTR [ecx+esi*1], al
97c: 83 c6 01 add esi, 0x1
97f: 83 fe 05 cmp esi, 0x5
982: 75 eb jne 0x96f
984: cd 04 int 0x4
986: be 28 00 00 00 mov esi, 0x28
98b: e9 5d fa ff ff jmp 0x3ed
990: 8d 74 24 1c lea esi, [esp+0x1c]
994: b9 04 00 00 00 mov ecx, 0x4
999: bf 2f 00 00 00 mov edi, 0x2f
99e: 89 c8 mov eax, ecx
9a0: 99 cdq
9a1: f7 ff idiv edi
9a3: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
9a8: 30 04 0e xor BYTE PTR [esi+ecx*1], al
9ab: 83 c1 01 add ecx, 0x1
9ae: 83 f9 09 cmp ecx, 0x9
9b1: 75 eb jne 0x99e
9b3: cd 52 int 0x52
9b5: be 44 00 00 00 mov esi, 0x44
9ba: e9 2e fa ff ff jmp 0x3ed
9bf: 8d 4c 24 18 lea ecx, [esp+0x18]
9c3: be 08 00 00 00 mov esi, 0x8
9c8: bf 2f 00 00 00 mov edi, 0x2f
9cd: 89 f0 mov eax, esi
9cf: 99 cdq
9d0: f7 ff idiv edi
9d2: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
9d7: 30 04 31 xor BYTE PTR [ecx+esi*1], al
9da: 83 c6 01 add esi, 0x1
9dd: 83 fe 11 cmp esi, 0x11
9e0: 75 eb jne 0x9cd
9e2: cd 4b int 0x4b
9e4: be 10 00 00 00 mov esi, 0x10
9e9: e9 ff f9 ff ff jmp 0x3ed
9ee: 8d 4c 24 13 lea ecx, [esp+0x13]
9f2: be 0d 00 00 00 mov esi, 0xd
9f7: bf 2f 00 00 00 mov edi, 0x2f
9fc: 89 f0 mov eax, esi
9fe: 99 cdq
9ff: f7 ff idiv edi
a01: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
a06: 30 04 31 xor BYTE PTR [ecx+esi*1], al
a09: 83 c6 01 add esi, 0x1
a0c: 83 fe 1b cmp esi, 0x1b
a0f: 75 eb jne 0x9fc
a11: cd 56 int 0x56
a13: be 51 00 00 00 mov esi, 0x51
a18: e9 d0 f9 ff ff jmp 0x3ed
a1d: 8d 4c 24 1e lea ecx, [esp+0x1e]
a21: be 02 00 00 00 mov esi, 0x2
a26: bf 2f 00 00 00 mov edi, 0x2f
a2b: 89 f0 mov eax, esi
a2d: 99 cdq
a2e: f7 ff idiv edi
a30: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
a35: 30 04 31 xor BYTE PTR [ecx+esi*1], al
a38: 83 c6 01 add esi, 0x1
a3b: 83 fe 05 cmp esi, 0x5
a3e: 75 eb jne 0xa2b
a40: cd 5e int 0x5e
a42: be 2f 00 00 00 mov esi, 0x2f
a47: e9 a1 f9 ff ff jmp 0x3ed
a4c: 8d 4c 24 0a lea ecx, [esp+0xa]
a50: be 16 00 00 00 mov esi, 0x16
a55: bf 2f 00 00 00 mov edi, 0x2f
a5a: 89 f0 mov eax, esi
a5c: 99 cdq
a5d: f7 ff idiv edi
a5f: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
a64: 30 04 31 xor BYTE PTR [ecx+esi*1], al
a67: 83 c6 01 add esi, 0x1
a6a: 83 fe 2d cmp esi, 0x2d
a6d: 75 eb jne 0xa5a
a6f: cd 5a int 0x5a
a71: be 5a 00 00 00 mov esi, 0x5a
a76: e9 72 f9 ff ff jmp 0x3ed
a7b: 8d 4c 24 08 lea ecx, [esp+0x8]
a7f: be 18 00 00 00 mov esi, 0x18
a84: bf 2f 00 00 00 mov edi, 0x2f
a89: 89 f0 mov eax, esi
a8b: 99 cdq
a8c: f7 ff idiv edi
a8e: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
a93: 30 04 31 xor BYTE PTR [ecx+esi*1], al
a96: 83 c6 01 add esi, 0x1
a99: 83 fe 31 cmp esi, 0x31
a9c: 75 eb jne 0xa89
a9e: cd 37 int 0x37
aa0: be 18 00 00 00 mov esi, 0x18
aa5: e9 43 f9 ff ff jmp 0x3ed
aaa: b9 27 00 00 00 mov ecx, 0x27
aaf: be 2f 00 00 00 mov esi, 0x2f
ab4: 89 c8 mov eax, ecx
ab6: 99 cdq
ab7: f7 fe idiv esi
ab9: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
abe: 30 44 0c f9 xor BYTE PTR [esp+ecx*1-0x7], al
ac2: 83 c1 01 add ecx, 0x1
ac5: 83 f9 4f cmp ecx, 0x4f
ac8: 75 ea jne 0xab4
aca: cd 25 int 0x25
acc: be 3c 00 00 00 mov esi, 0x3c
ad1: e9 17 f9 ff ff jmp 0x3ed
ad6: 8d 4c 24 f7 lea ecx, [esp-0x9]
ada: be 29 00 00 00 mov esi, 0x29
adf: bf 2f 00 00 00 mov edi, 0x2f
ae4: 89 f0 mov eax, esi
ae6: 99 cdq
ae7: f7 ff idiv edi
ae9: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
aee: 30 04 31 xor BYTE PTR [ecx+esi*1], al
af1: 83 c6 01 add esi, 0x1
af4: 83 fe 53 cmp esi, 0x53
af7: 75 eb jne 0xae4
af9: cd 57 int 0x57
afb: be 02 00 00 00 mov esi, 0x2
b00: e9 e8 f8 ff ff jmp 0x3ed
b05: b9 21 00 00 00 mov ecx, 0x21
b0a: be 2f 00 00 00 mov esi, 0x2f
b0f: 89 c8 mov eax, ecx
b11: 99 cdq
b12: f7 fe idiv esi
b14: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
b19: 30 44 0c ff xor BYTE PTR [esp+ecx*1-0x1], al
b1d: 83 c1 01 add ecx, 0x1
b20: 83 f9 43 cmp ecx, 0x43
b23: 75 ea jne 0xb0f
b25: cd 53 int 0x53
b27: be 59 00 00 00 mov esi, 0x59
b2c: e9 bc f8 ff ff jmp 0x3ed
b31: 8d 74 24 fc lea esi, [esp-0x4]
b35: b9 24 00 00 00 mov ecx, 0x24
b3a: bf 2f 00 00 00 mov edi, 0x2f
b3f: 89 c8 mov eax, ecx
b41: 99 cdq
b42: f7 ff idiv edi
b44: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
b49: 30 04 0e xor BYTE PTR [esi+ecx*1], al
b4c: 83 c1 01 add ecx, 0x1
b4f: 83 f9 49 cmp ecx, 0x49
b52: 75 eb jne 0xb3f
b54: cd 46 int 0x46
b56: be 24 00 00 00 mov esi, 0x24
b5b: e9 8d f8 ff ff jmp 0x3ed
b60: 8d 4c 24 0a lea ecx, [esp+0xa]
b64: be 16 00 00 00 mov esi, 0x16
b69: bf 2f 00 00 00 mov edi, 0x2f
b6e: 89 f0 mov eax, esi
b70: 99 cdq
b71: f7 ff idiv edi
b73: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
b78: 30 04 31 xor BYTE PTR [ecx+esi*1], al
b7b: 83 c6 01 add esi, 0x1
b7e: 83 fe 2d cmp esi, 0x2d
b81: 75 eb jne 0xb6e
b83: cd 30 int 0x30
b85: be 40 00 00 00 mov esi, 0x40
b8a: e9 5e f8 ff ff jmp 0x3ed
b8f: 8d 74 24 14 lea esi, [esp+0x14]
b93: b9 0c 00 00 00 mov ecx, 0xc
b98: bf 2f 00 00 00 mov edi, 0x2f
b9d: 89 c8 mov eax, ecx
b9f: 99 cdq
ba0: f7 ff idiv edi
ba2: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
ba7: 30 04 0e xor BYTE PTR [esi+ecx*1], al
baa: 83 c1 01 add ecx, 0x1
bad: 83 f9 19 cmp ecx, 0x19
bb0: 75 eb jne 0xb9d
bb2: cd 62 int 0x62
bb4: be 41 00 00 00 mov esi, 0x41
bb9: e9 2f f8 ff ff jmp 0x3ed
bbe: 8d 74 24 fc lea esi, [esp-0x4]
bc2: b9 24 00 00 00 mov ecx, 0x24
bc7: bf 2f 00 00 00 mov edi, 0x2f
bcc: 89 c8 mov eax, ecx
bce: 99 cdq
bcf: f7 ff idiv edi
bd1: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
bd6: 30 04 0e xor BYTE PTR [esi+ecx*1], al
bd9: 83 c1 01 add ecx, 0x1
bdc: 83 f9 49 cmp ecx, 0x49
bdf: 75 eb jne 0xbcc
be1: cd 63 int 0x63
be3: be 12 00 00 00 mov esi, 0x12
be8: e9 00 f8 ff ff jmp 0x3ed
bed: b9 22 00 00 00 mov ecx, 0x22
bf2: be 2f 00 00 00 mov esi, 0x2f
bf7: 89 c8 mov eax, ecx
bf9: 99 cdq
bfa: f7 fe idiv esi
bfc: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
c01: 30 44 0c fe xor BYTE PTR [esp+ecx*1-0x2], al
c05: 83 c1 01 add ecx, 0x1
c08: 83 f9 45 cmp ecx, 0x45
c0b: 75 ea jne 0xbf7
c0d: cd 45 int 0x45
c0f: be 2c 00 00 00 mov esi, 0x2c
c14: e9 d4 f7 ff ff jmp 0x3ed
c19: 8d 74 24 0d lea esi, [esp+0xd]
c1d: b9 13 00 00 00 mov ecx, 0x13
c22: bf 2f 00 00 00 mov edi, 0x2f
c27: 89 c8 mov eax, ecx
c29: 99 cdq
c2a: f7 ff idiv edi
c2c: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
c31: 30 04 0e xor BYTE PTR [esi+ecx*1], al
c34: 83 c1 01 add ecx, 0x1
c37: 83 f9 27 cmp ecx, 0x27
c3a: 75 eb jne 0xc27
c3c: cd 09 int 0x9
c3e: be 63 00 00 00 mov esi, 0x63
c43: e9 a5 f7 ff ff jmp 0x3ed
c48: b9 0a 00 00 00 mov ecx, 0xa
c4d: be 2f 00 00 00 mov esi, 0x2f
c52: 89 c8 mov eax, ecx
c54: 99 cdq
c55: f7 fe idiv esi
c57: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
c5c: 30 44 0c 16 xor BYTE PTR [esp+ecx*1+0x16], al
c60: 83 c1 01 add ecx, 0x1
c63: 83 f9 15 cmp ecx, 0x15
c66: 75 ea jne 0xc52
c68: cd 26 int 0x26
c6a: be 53 00 00 00 mov esi, 0x53
c6f: e9 79 f7 ff ff jmp 0x3ed
c74: 8d 74 24 f5 lea esi, [esp-0xb]
c78: b9 2b 00 00 00 mov ecx, 0x2b
c7d: bf 2f 00 00 00 mov edi, 0x2f
c82: 89 c8 mov eax, ecx
c84: 99 cdq
c85: f7 ff idiv edi
c87: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
c8c: 30 04 0e xor BYTE PTR [esi+ecx*1], al
c8f: 83 c1 01 add ecx, 0x1
c92: 83 f9 57 cmp ecx, 0x57
c95: 75 eb jne 0xc82
c97: cd 33 int 0x33
c99: be 20 00 00 00 mov esi, 0x20
c9e: e9 4a f7 ff ff jmp 0x3ed
ca3: 8d 4c 24 18 lea ecx, [esp+0x18]
ca7: be 08 00 00 00 mov esi, 0x8
cac: bf 2f 00 00 00 mov edi, 0x2f
cb1: 89 f0 mov eax, esi
cb3: 99 cdq
cb4: f7 ff idiv edi
cb6: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
cbb: 30 04 31 xor BYTE PTR [ecx+esi*1], al
cbe: 83 c6 01 add esi, 0x1
cc1: 83 fe 11 cmp esi, 0x11
cc4: 75 eb jne 0xcb1
cc6: cd 5c int 0x5c
cc8: be 54 00 00 00 mov esi, 0x54
ccd: e9 1b f7 ff ff jmp 0x3ed
cd2: 8d 4c 24 f8 lea ecx, [esp-0x8]
cd6: be 28 00 00 00 mov esi, 0x28
cdb: bf 2f 00 00 00 mov edi, 0x2f
ce0: 89 f0 mov eax, esi
ce2: 99 cdq
ce3: f7 ff idiv edi
ce5: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
cea: 30 04 31 xor BYTE PTR [ecx+esi*1], al
ced: 83 c6 01 add esi, 0x1
cf0: 83 fe 51 cmp esi, 0x51
cf3: 75 eb jne 0xce0
cf5: cd 17 int 0x17
cf7: be 05 00 00 00 mov esi, 0x5
cfc: e9 ec f6 ff ff jmp 0x3ed
d01: b9 05 00 00 00 mov ecx, 0x5
d06: be 2f 00 00 00 mov esi, 0x2f
d0b: 89 c8 mov eax, ecx
d0d: 99 cdq
d0e: f7 fe idiv esi
d10: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
d15: 30 44 0c 1b xor BYTE PTR [esp+ecx*1+0x1b], al
d19: 83 c1 01 add ecx, 0x1
d1c: 83 f9 0b cmp ecx, 0xb
d1f: 75 ea jne 0xd0b
d21: cd 1a int 0x1a
d23: be 0c 00 00 00 mov esi, 0xc
d28: e9 c0 f6 ff ff jmp 0x3ed
d2d: 8d 4c 24 0f lea ecx, [esp+0xf]
d31: bf 2f 00 00 00 mov edi, 0x2f
d36: 89 f0 mov eax, esi
d38: 99 cdq
d39: f7 ff idiv edi
d3b: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
d40: 30 04 31 xor BYTE PTR [ecx+esi*1], al
d43: 83 c6 01 add esi, 0x1
d46: 83 fe 23 cmp esi, 0x23
d49: 75 eb jne 0xd36
d4b: cd 07 int 0x7
d4d: be 0b 00 00 00 mov esi, 0xb
d52: e9 96 f6 ff ff jmp 0x3ed
d57: 8d 74 24 f6 lea esi, [esp-0xa]
d5b: b9 2a 00 00 00 mov ecx, 0x2a
d60: bf 2f 00 00 00 mov edi, 0x2f
d65: 89 c8 mov eax, ecx
d67: 99 cdq
d68: f7 ff idiv edi
d6a: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
d6f: 30 04 0e xor BYTE PTR [esi+ecx*1], al
d72: 83 c1 01 add ecx, 0x1
d75: 83 f9 55 cmp ecx, 0x55
d78: 75 eb jne 0xd65
d7a: cd 39 int 0x39
d7c: be 46 00 00 00 mov esi, 0x46
d81: e9 67 f6 ff ff jmp 0x3ed
d86: 8d 4c 24 f8 lea ecx, [esp-0x8]
d8a: be 28 00 00 00 mov esi, 0x28
d8f: bf 2f 00 00 00 mov edi, 0x2f
d94: 89 f0 mov eax, esi
d96: 99 cdq
d97: f7 ff idiv edi
d99: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
d9e: 30 04 31 xor BYTE PTR [ecx+esi*1], al
da1: 83 c6 01 add esi, 0x1
da4: 83 fe 51 cmp esi, 0x51
da7: 75 eb jne 0xd94
da9: cd 05 int 0x5
dab: be 4c 00 00 00 mov esi, 0x4c
db0: e9 38 f6 ff ff jmp 0x3ed
db5: 8d 74 24 06 lea esi, [esp+0x6]
db9: b9 1a 00 00 00 mov ecx, 0x1a
dbe: bf 2f 00 00 00 mov edi, 0x2f
dc3: 89 c8 mov eax, ecx
dc5: 99 cdq
dc6: f7 ff idiv edi
dc8: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
dcd: 30 04 0e xor BYTE PTR [esi+ecx*1], al
dd0: 83 c1 01 add ecx, 0x1
dd3: 83 f9 35 cmp ecx, 0x35
dd6: 75 eb jne 0xdc3
dd8: cd 18 int 0x18
dda: be 5b 00 00 00 mov esi, 0x5b
ddf: e9 09 f6 ff ff jmp 0x3ed
de4: 8d 4c 24 0b lea ecx, [esp+0xb]
de8: be 15 00 00 00 mov esi, 0x15
ded: bf 2f 00 00 00 mov edi, 0x2f
df2: 89 f0 mov eax, esi
df4: 99 cdq
df5: f7 ff idiv edi
df7: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
dfc: 30 04 31 xor BYTE PTR [ecx+esi*1], al
dff: 83 c6 01 add esi, 0x1
e02: 83 fe 2b cmp esi, 0x2b
e05: 75 eb jne 0xdf2
e07: cd 4d int 0x4d
e09: be 0a 00 00 00 mov esi, 0xa
e0e: e9 da f5 ff ff jmp 0x3ed
e13: 8d 4c 24 13 lea ecx, [esp+0x13]
e17: c7 44 24 1c 0d 00 00 00 mov DWORD PTR [esp+0x1c], 0xd
e1f: 8b 44 24 1c mov eax, DWORD PTR [esp+0x1c]
e23: bf 2f 00 00 00 mov edi, 0x2f
e28: 99 cdq
e29: f7 ff idiv edi
e2b: 8b 7c 24 1c mov edi, DWORD PTR [esp+0x1c]
e2f: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
e34: 30 04 39 xor BYTE PTR [ecx+edi*1], al
e37: 89 f8 mov eax, edi
e39: 83 c0 01 add eax, 0x1
e3c: 83 f8 1b cmp eax, 0x1b
e3f: 89 44 24 1c mov DWORD PTR [esp+0x1c], eax
e43: 75 da jne 0xe1f
e45: cd 14 int 0x14
e47: e9 a1 f5 ff ff jmp 0x3ed
e4c: 8d 4c 24 08 lea ecx, [esp+0x8]
e50: be 18 00 00 00 mov esi, 0x18
e55: bf 2f 00 00 00 mov edi, 0x2f
e5a: 89 f0 mov eax, esi
e5c: 99 cdq
e5d: f7 ff idiv edi
e5f: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
e64: 30 04 31 xor BYTE PTR [ecx+esi*1], al
e67: 83 c6 01 add esi, 0x1
e6a: 83 fe 31 cmp esi, 0x31
e6d: 75 eb jne 0xe5a
e6f: cd 3d int 0x3d
e71: be 07 00 00 00 mov esi, 0x7
e76: e9 72 f5 ff ff jmp 0x3ed
e7b: 8d 74 24 0c lea esi, [esp+0xc]
e7f: b9 14 00 00 00 mov ecx, 0x14
e84: bf 2f 00 00 00 mov edi, 0x2f
e89: 89 c8 mov eax, ecx
e8b: 99 cdq
e8c: f7 ff idiv edi
e8e: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
e93: 30 04 0e xor BYTE PTR [esi+ecx*1], al
e96: 83 c1 01 add ecx, 0x1
e99: 83 f9 29 cmp ecx, 0x29
e9c: 75 eb jne 0xe89
e9e: cd 19 int 0x19
ea0: be 36 00 00 00 mov esi, 0x36
ea5: e9 43 f5 ff ff jmp 0x3ed
eaa: 8d 74 24 fc lea esi, [esp-0x4]
eae: b9 24 00 00 00 mov ecx, 0x24
eb3: bf 2f 00 00 00 mov edi, 0x2f
eb8: 89 c8 mov eax, ecx
eba: 99 cdq
ebb: f7 ff idiv edi
ebd: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
ec2: 30 04 0e xor BYTE PTR [esi+ecx*1], al
ec5: 83 c1 01 add ecx, 0x1
ec8: 83 f9 49 cmp ecx, 0x49
ecb: 75 eb jne 0xeb8
ecd: cd 1f int 0x1f
ecf: be 0e 00 00 00 mov esi, 0xe
ed4: e9 14 f5 ff ff jmp 0x3ed
ed9: 8d 74 24 14 lea esi, [esp+0x14]
edd: b9 0c 00 00 00 mov ecx, 0xc
ee2: bf 2f 00 00 00 mov edi, 0x2f
ee7: 89 c8 mov eax, ecx
ee9: 99 cdq
eea: f7 ff idiv edi
eec: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
ef1: 30 04 0e xor BYTE PTR [esi+ecx*1], al
ef4: 83 c1 01 add ecx, 0x1
ef7: 83 f9 19 cmp ecx, 0x19
efa: 75 eb jne 0xee7
efc: cd 34 int 0x34
efe: be 01 00 00 00 mov esi, 0x1
f03: e9 e5 f4 ff ff jmp 0x3ed
f08: 8d 74 24 f6 lea esi, [esp-0xa]
f0c: b9 2a 00 00 00 mov ecx, 0x2a
f11: bf 2f 00 00 00 mov edi, 0x2f
f16: 89 c8 mov eax, ecx
f18: 99 cdq
f19: f7 ff idiv edi
f1b: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
f20: 30 04 0e xor BYTE PTR [esi+ecx*1], al
f23: 83 c1 01 add ecx, 0x1
f26: 83 f9 55 cmp ecx, 0x55
f29: 75 eb jne 0xf16
f2b: cd 2c int 0x2c
f2d: be 1a 00 00 00 mov esi, 0x1a
f32: e9 b6 f4 ff ff jmp 0x3ed
f37: 8d 74 24 0c lea esi, [esp+0xc]
f3b: b9 14 00 00 00 mov ecx, 0x14
f40: bf 2f 00 00 00 mov edi, 0x2f
f45: 89 c8 mov eax, ecx
f47: 99 cdq
f48: f7 ff idiv edi
f4a: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
f4f: 30 04 0e xor BYTE PTR [esi+ecx*1], al
f52: 83 c1 01 add ecx, 0x1
f55: 83 f9 29 cmp ecx, 0x29
f58: 75 eb jne 0xf45
f5a: cd 0f int 0xf
f5c: be 04 00 00 00 mov esi, 0x4
f61: e9 87 f4 ff ff jmp 0x3ed
f66: b9 23 00 00 00 mov ecx, 0x23
f6b: be 2f 00 00 00 mov esi, 0x2f
f70: 89 c8 mov eax, ecx
f72: 99 cdq
f73: f7 fe idiv esi
f75: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
f7a: 30 44 0c fd xor BYTE PTR [esp+ecx*1-0x3], al
f7e: 83 c1 01 add ecx, 0x1
f81: 83 f9 47 cmp ecx, 0x47
f84: 75 ea jne 0xf70
f86: cd 28 int 0x28
f88: be 49 00 00 00 mov esi, 0x49
f8d: e9 5b f4 ff ff jmp 0x3ed
f92: 8d 74 24 f4 lea esi, [esp-0xc]
f96: b9 2c 00 00 00 mov ecx, 0x2c
f9b: bf 2f 00 00 00 mov edi, 0x2f
fa0: 89 c8 mov eax, ecx
fa2: 99 cdq
fa3: f7 ff idiv edi
fa5: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
faa: 30 04 0e xor BYTE PTR [esi+ecx*1], al
fad: 83 c1 01 add ecx, 0x1
fb0: 83 f9 59 cmp ecx, 0x59
fb3: 75 eb jne 0xfa0
fb5: cd 60 int 0x60
fb7: be 45 00 00 00 mov esi, 0x45
fbc: e9 2c f4 ff ff jmp 0x3ed
fc1: 8d 74 24 0d lea esi, [esp+0xd]
fc5: b9 13 00 00 00 mov ecx, 0x13
fca: bf 2f 00 00 00 mov edi, 0x2f
fcf: 89 c8 mov eax, ecx
fd1: 99 cdq
fd2: f7 ff idiv edi
fd4: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
fd9: 30 04 0e xor BYTE PTR [esi+ecx*1], al
fdc: 83 c1 01 add ecx, 0x1
fdf: 83 f9 27 cmp ecx, 0x27
fe2: 75 eb jne 0xfcf
fe4: cd 24 int 0x24
fe6: be 3f 00 00 00 mov esi, 0x3f
feb: e9 fd f3 ff ff jmp 0x3ed
ff0: 8d 4c 24 0b lea ecx, [esp+0xb]
ff4: be 15 00 00 00 mov esi, 0x15
ff9: bf 2f 00 00 00 mov edi, 0x2f
ffe: 89 f0 mov eax, esi
1000: 99 cdq
1001: f7 ff idiv edi
1003: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
1008: 30 04 31 xor BYTE PTR [ecx+esi*1], al
100b: 83 c6 01 add esi, 0x1
100e: 83 fe 2b cmp esi, 0x2b
1011: 75 eb jne 0xffe
1013: cd 15 int 0x15
1015: be 5c 00 00 00 mov esi, 0x5c
101a: e9 ce f3 ff ff jmp 0x3ed
101f: 8d 4c 24 f8 lea ecx, [esp-0x8]
1023: be 28 00 00 00 mov esi, 0x28
1028: bf 2f 00 00 00 mov edi, 0x2f
102d: 89 f0 mov eax, esi
102f: 99 cdq
1030: f7 ff idiv edi
1032: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
1037: 30 04 31 xor BYTE PTR [ecx+esi*1], al
103a: 83 c6 01 add esi, 0x1
103d: 83 fe 51 cmp esi, 0x51
1040: 75 eb jne 0x102d
1042: cd 59 int 0x59
1044: be 5e 00 00 00 mov esi, 0x5e
1049: e9 9f f3 ff ff jmp 0x3ed
104e: 8d 4c 24 12 lea ecx, [esp+0x12]
1052: be 0e 00 00 00 mov esi, 0xe
1057: bf 2f 00 00 00 mov edi, 0x2f
105c: 89 f0 mov eax, esi
105e: 99 cdq
105f: f7 ff idiv edi
1061: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
1066: 30 04 31 xor BYTE PTR [ecx+esi*1], al
1069: 83 c6 01 add esi, 0x1
106c: 83 fe 1d cmp esi, 0x1d
106f: 75 eb jne 0x105c
1071: cd 0e int 0xe
1073: be 16 00 00 00 mov esi, 0x16
1078: e9 70 f3 ff ff jmp 0x3ed
107d: 8d 74 24 19 lea esi, [esp+0x19]
1081: b9 07 00 00 00 mov ecx, 0x7
1086: bf 2f 00 00 00 mov edi, 0x2f
108b: 89 c8 mov eax, ecx
108d: 99 cdq
108e: f7 ff idiv edi
1090: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
1095: 30 04 0e xor BYTE PTR [esi+ecx*1], al
1098: 83 c1 01 add ecx, 0x1
109b: 83 f9 0f cmp ecx, 0xf
109e: 75 eb jne 0x108b
10a0: cd 42 int 0x42
10a2: be 37 00 00 00 mov esi, 0x37
10a7: e9 41 f3 ff ff jmp 0x3ed
10ac: 8d 74 24 15 lea esi, [esp+0x15]
10b0: b9 0b 00 00 00 mov ecx, 0xb
10b5: bf 2f 00 00 00 mov edi, 0x2f
10ba: 89 c8 mov eax, ecx
10bc: 99 cdq
10bd: f7 ff idiv edi
10bf: 0f b6 44 14 20 movzx eax, BYTE PTR [esp+edx*1+0x20]
10c4: 30 04 0e xor BYTE PTR [esi+ecx*1], al
10c7: 83 c1 01 add ecx, 0x1
10ca: 83 f9 17 cmp ecx, 0x17:q

    10cd:       75 eb                   jne    0x10ba
    10cf:       0f a2                   cpuid
    10d1:       be 2e 00 00 00          mov    esi, 0x2e
    10d6:       e9 12 f3 ff ff          jmp    0x3ed
    10db:       8d 4c 24 08             lea    ecx, [esp+0x8]
    10df:       be 18 00 00 00          mov    esi, 0x18
    10e4:       bf 2f 00 00 00          mov    edi, 0x2f
    10e9:       89 f0                   mov    eax, esi
    10eb:       99                      cdq
    10ec:       f7 ff                   idiv   edi
    10ee:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    10f3:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    10f6:       83 c6 01                add    esi, 0x1
    10f9:       83 fe 31                cmp    esi, 0x31
    10fc:       75 eb                   jne    0x10e9
    10fe:       cd 3b                   int    0x3b
    1100:       be 1f 00 00 00          mov    esi, 0x1f
    1105:       e9 e3 f2 ff ff          jmp    0x3ed
    110a:       8d 4c 24 0a             lea    ecx, [esp+0xa]
    110e:       be 16 00 00 00          mov    esi, 0x16
    1113:       bf 2f 00 00 00          mov    edi, 0x2f
    1118:       89 f0                   mov    eax, esi
    111a:       99                      cdq
    111b:       f7 ff                   idiv   edi
    111d:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    1122:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    1125:       83 c6 01                add    esi, 0x1
    1128:       83 fe 2d                cmp    esi, 0x2d
    112b:       75 eb                   jne    0x1118
    112d:       cd 16                   int    0x16
    112f:       be 25 00 00 00          mov    esi, 0x25
    1134:       e9 b4 f2 ff ff          jmp    0x3ed
    1139:       8d 74 24 f4             lea    esi, [esp-0xc]
    113d:       b9 2c 00 00 00          mov    ecx, 0x2c
    1142:       bf 2f 00 00 00          mov    edi, 0x2f
    1147:       89 c8                   mov    eax, ecx
    1149:       99                      cdq
    114a:       f7 ff                   idiv   edi
    114c:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    1151:       30 04 0e                xor    BYTE PTR [esi+ecx*1], al
    1154:       83 c1 01                add    ecx, 0x1
    1157:       83 f9 59                cmp    ecx, 0x59
    115a:       75 eb                   jne    0x1147
    115c:       cd 0c                   int    0xc
    115e:       be 48 00 00 00          mov    esi, 0x48
    1163:       e9 85 f2 ff ff          jmp    0x3ed
    1168:       8d 74 24 03             lea    esi, [esp+0x3]
    116c:       b9 1d 00 00 00          mov    ecx, 0x1d
    1171:       bf 2f 00 00 00          mov    edi, 0x2f
    1176:       89 c8                   mov    eax, ecx
    1178:       99                      cdq
    1179:       f7 ff                   idiv   edi
    117b:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    1180:       30 04 0e                xor    BYTE PTR [esi+ecx*1], al
    1183:       83 c1 01                add    ecx, 0x1
    1186:       83 f9 3b                cmp    ecx, 0x3b
    1189:       75 eb                   jne    0x1176
    118b:       cd 64                   int    0x64
    118d:       be 17 00 00 00          mov    esi, 0x17
    1192:       e9 56 f2 ff ff          jmp    0x3ed
    1197:       8d 74 24 fa             lea    esi, [esp-0x6]
    119b:       b9 26 00 00 00          mov    ecx, 0x26
    11a0:       bf 2f 00 00 00          mov    edi, 0x2f
    11a5:       89 c8                   mov    eax, ecx
    11a7:       99                      cdq
    11a8:       f7 ff                   idiv   edi
    11aa:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    11af:       30 04 0e                xor    BYTE PTR [esi+ecx*1], al
    11b2:       83 c1 01                add    ecx, 0x1
    11b5:       83 f9 4d                cmp    ecx, 0x4d
    11b8:       75 eb                   jne    0x11a5
    11ba:       cd 22                   int    0x22
    11bc:       be 3e 00 00 00          mov    esi, 0x3e
    11c1:       e9 27 f2 ff ff          jmp    0x3ed
    11c6:       8d 4c 24 0f             lea    ecx, [esp+0xf]
    11ca:       be 11 00 00 00          mov    esi, 0x11
    11cf:       bf 2f 00 00 00          mov    edi, 0x2f
    11d4:       89 f0                   mov    eax, esi
    11d6:       99                      cdq
    11d7:       f7 ff                   idiv   edi
    11d9:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    11de:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    11e1:       83 c6 01                add    esi, 0x1
    11e4:       83 fe 23                cmp    esi, 0x23
    11e7:       75 eb                   jne    0x11d4
    11e9:       cd 29                   int    0x29
    11eb:       be 58 00 00 00          mov    esi, 0x58
    11f0:       e9 f8 f1 ff ff          jmp    0x3ed
    11f5:       8d 74 24 1a             lea    esi, [esp+0x1a]
    11f9:       b9 06 00 00 00          mov    ecx, 0x6
    11fe:       bf 2f 00 00 00          mov    edi, 0x2f
    1203:       89 c8                   mov    eax, ecx
    1205:       99                      cdq
    1206:       f7 ff                   idiv   edi
    1208:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    120d:       30 04 0e                xor    BYTE PTR [esi+ecx*1], al
    1210:       83 c1 01                add    ecx, 0x1
    1213:       83 f9 0d                cmp    ecx, 0xd
    1216:       75 eb                   jne    0x1203
    1218:       cd 27                   int    0x27
    121a:       be 56 00 00 00          mov    esi, 0x56
    121f:       e9 c9 f1 ff ff          jmp    0x3ed
    1224:       8d 4c 24 f7             lea    ecx, [esp-0x9]
    1228:       be 29 00 00 00          mov    esi, 0x29
    122d:       bf 2f 00 00 00          mov    edi, 0x2f
    1232:       89 f0                   mov    eax, esi
    1234:       99                      cdq
    1235:       f7 ff                   idiv   edi
    1237:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    123c:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    123f:       83 c6 01                add    esi, 0x1
    1242:       83 fe 53                cmp    esi, 0x53
    1245:       75 eb                   jne    0x1232
    1247:       cd 20                   int    0x20
    1249:       be 55 00 00 00          mov    esi, 0x55
    124e:       e9 9a f1 ff ff          jmp    0x3ed
    1253:       8d 4c 24 08             lea    ecx, [esp+0x8]
    1257:       be 18 00 00 00          mov    esi, 0x18
    125c:       bf 2f 00 00 00          mov    edi, 0x2f
    1261:       89 f0                   mov    eax, esi
    1263:       99                      cdq
    1264:       f7 ff                   idiv   edi
    1266:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    126b:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    126e:       83 c6 01                add    esi, 0x1
    1271:       83 fe 31                cmp    esi, 0x31
    1274:       75 eb                   jne    0x1261
    1276:       cd 1b                   int    0x1b
    1278:       be 62 00 00 00          mov    esi, 0x62
    127d:       e9 6b f1 ff ff          jmp    0x3ed
    1282:       8d 4c 24 0b             lea    ecx, [esp+0xb]
    1286:       be 15 00 00 00          mov    esi, 0x15
    128b:       bf 2f 00 00 00          mov    edi, 0x2f
    1290:       89 f0                   mov    eax, esi
    1292:       99                      cdq
    1293:       f7 ff                   idiv   edi
    1295:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    129a:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    129d:       83 c6 01                add    esi, 0x1
    12a0:       83 fe 2b                cmp    esi, 0x2b
    12a3:       75 eb                   jne    0x1290
    12a5:       cd 40                   int    0x40
    12a7:       be 2d 00 00 00          mov    esi, 0x2d
    12ac:       e9 3c f1 ff ff          jmp    0x3ed
    12b1:       8d 4c 24 13             lea    ecx, [esp+0x13]
    12b5:       be 0d 00 00 00          mov    esi, 0xd
    12ba:       bf 2f 00 00 00          mov    edi, 0x2f
    12bf:       89 f0                   mov    eax, esi
    12c1:       99                      cdq
    12c2:       f7 ff                   idiv   edi
    12c4:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    12c9:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    12cc:       83 c6 01                add    esi, 0x1
    12cf:       83 fe 1b                cmp    esi, 0x1b
    12d2:       75 eb                   jne    0x12bf
    12d4:       cd 4e                   int    0x4e
    12d6:       be 35 00 00 00          mov    esi, 0x35
    12db:       e9 0d f1 ff ff          jmp    0x3ed
    12e0:       b9 20 00 00 00          mov    ecx, 0x20
    12e5:       89 e6                   mov    esi, esp
    12e7:       bf 2f 00 00 00          mov    edi, 0x2f
    12ec:       89 c8                   mov    eax, ecx
    12ee:       99                      cdq
    12ef:       f7 ff                   idiv   edi
    12f1:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    12f6:       30 04 0e                xor    BYTE PTR [esi+ecx*1], al
    12f9:       83 c1 01                add    ecx, 0x1
    12fc:       83 f9 41                cmp    ecx, 0x41
    12ff:       75 eb                   jne    0x12ec
    1301:       cd 0d                   int    0xd
    1303:       be 39 00 00 00          mov    esi, 0x39
    1308:       e9 e0 f0 ff ff          jmp    0x3ed
    130d:       8d 74 24 06             lea    esi, [esp+0x6]
    1311:       b9 1a 00 00 00          mov    ecx, 0x1a
    1316:       bf 2f 00 00 00          mov    edi, 0x2f
    131b:       89 c8                   mov    eax, ecx
    131d:       99                      cdq
    131e:       f7 ff                   idiv   edi
    1320:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    1325:       30 04 0e                xor    BYTE PTR [esi+ecx*1], al
    1328:       83 c1 01                add    ecx, 0x1
    132b:       83 f9 35                cmp    ecx, 0x35
    132e:       75 eb                   jne    0x131b
    1330:       cd 41                   int    0x41
    1332:       be 5f 00 00 00          mov    esi, 0x5f
    1337:       e9 b1 f0 ff ff          jmp    0x3ed
    133c:       8d 4c 24 08             lea    ecx, [esp+0x8]
    1340:       be 18 00 00 00          mov    esi, 0x18
    1345:       bf 2f 00 00 00          mov    edi, 0x2f
    134a:       89 f0                   mov    eax, esi
    134c:       99                      cdq
    134d:       f7 ff                   idiv   edi
    134f:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    1354:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    1357:       83 c6 01                add    esi, 0x1
    135a:       83 fe 31                cmp    esi, 0x31
    135d:       75 eb                   jne    0x134a
    135f:       cd 1e                   int    0x1e
    1361:       be 42 00 00 00          mov    esi, 0x42
    1366:       e9 82 f0 ff ff          jmp    0x3ed
    136b:       8d 74 24 03             lea    esi, [esp+0x3]
    136f:       b9 1d 00 00 00          mov    ecx, 0x1d
    1374:       bf 2f 00 00 00          mov    edi, 0x2f
    1379:       89 c8                   mov    eax, ecx
    137b:       99                      cdq
    137c:       f7 ff                   idiv   edi
    137e:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    1383:       30 04 0e                xor    BYTE PTR [esi+ecx*1], al
    1386:       83 c1 01                add    ecx, 0x1
    1389:       83 f9 3b                cmp    ecx, 0x3b
    138c:       75 eb                   jne    0x1379
    138e:       cd 55                   int    0x55
    1390:       be 32 00 00 00          mov    esi, 0x32
    1395:       e9 53 f0 ff ff          jmp    0x3ed
    139a:       8d 74 24 17             lea    esi, [esp+0x17]
    139e:       b9 09 00 00 00          mov    ecx, 0x9
    13a3:       bf 2f 00 00 00          mov    edi, 0x2f
    13a8:       89 c8                   mov    eax, ecx
    13aa:       99                      cdq
    13ab:       f7 ff                   idiv   edi
    13ad:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    13b2:       30 04 0e                xor    BYTE PTR [esi+ecx*1], al
    13b5:       83 c1 01                add    ecx, 0x1
    13b8:       83 f9 13                cmp    ecx, 0x13
    13bb:       75 eb                   jne    0x13a8
    13bd:       cd 5f                   int    0x5f
    13bf:       be 2b 00 00 00          mov    esi, 0x2b
    13c4:       e9 24 f0 ff ff          jmp    0x3ed
    13c9:       8d 74 24 1a             lea    esi, [esp+0x1a]
    13cd:       b9 06 00 00 00          mov    ecx, 0x6
    13d2:       bf 2f 00 00 00          mov    edi, 0x2f
    13d7:       89 c8                   mov    eax, ecx
    13d9:       99                      cdq
    13da:       f7 ff                   idiv   edi
    13dc:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    13e1:       30 04 0e                xor    BYTE PTR [esi+ecx*1], al
    13e4:       83 c1 01                add    ecx, 0x1
    13e7:       83 f9 0d                cmp    ecx, 0xd
    13ea:       75 eb                   jne    0x13d7
    13ec:       cd 32                   int    0x32
    13ee:       be 06 00 00 00          mov    esi, 0x6
    13f3:       e9 f5 ef ff ff          jmp    0x3ed
    13f8:       8d 4c 24 f8             lea    ecx, [esp-0x8]
    13fc:       be 28 00 00 00          mov    esi, 0x28
    1401:       bf 2f 00 00 00          mov    edi, 0x2f
    1406:       89 f0                   mov    eax, esi
    1408:       99                      cdq
    1409:       f7 ff                   idiv   edi
    140b:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    1410:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    1413:       83 c6 01                add    esi, 0x1
    1416:       83 fe 51                cmp    esi, 0x51
    1419:       75 eb                   jne    0x1406
    141b:       cd 61                   int    0x61
    141d:       be 27 00 00 00          mov    esi, 0x27
    1422:       e9 c6 ef ff ff          jmp    0x3ed
    1427:       b9 20 00 00 00          mov    ecx, 0x20
    142c:       89 e6                   mov    esi, esp
    142e:       bf 2f 00 00 00          mov    edi, 0x2f
    1433:       89 c8                   mov    eax, ecx
    1435:       99                      cdq
    1436:       f7 ff                   idiv   edi
    1438:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    143d:       30 04 0e                xor    BYTE PTR [esi+ecx*1], al
    1440:       83 c1 01                add    ecx, 0x1
    1443:       83 f9 41                cmp    ecx, 0x41
    1446:       75 eb                   jne    0x1433
    1448:       cd 10                   int    0x10
    144a:       be 5d 00 00 00          mov    esi, 0x5d
    144f:       e9 99 ef ff ff          jmp    0x3ed
    1454:       8d 74 24 f5             lea    esi, [esp-0xb]
    1458:       b9 2b 00 00 00          mov    ecx, 0x2b
    145d:       bf 2f 00 00 00          mov    edi, 0x2f
    1462:       89 c8                   mov    eax, ecx
    1464:       99                      cdq
    1465:       f7 ff                   idiv   edi
    1467:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    146c:       30 04 0e                xor    BYTE PTR [esi+ecx*1], al
    146f:       83 c1 01                add    ecx, 0x1
    1472:       83 f9 57                cmp    ecx, 0x57
    1475:       75 eb                   jne    0x1462
    1477:       cd 38                   int    0x38
    1479:       be 31 00 00 00          mov    esi, 0x31
    147e:       e9 6a ef ff ff          jmp    0x3ed
    1483:       8d 4c 24 08             lea    ecx, [esp+0x8]
    1487:       be 18 00 00 00          mov    esi, 0x18
    148c:       bf 2f 00 00 00          mov    edi, 0x2f
    1491:       89 f0                   mov    eax, esi
    1493:       99                      cdq
    1494:       f7 ff                   idiv   edi
    1496:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    149b:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    149e:       83 c6 01                add    esi, 0x1
    14a1:       83 fe 31                cmp    esi, 0x31
    14a4:       75 eb                   jne    0x1491
    14a6:       cd 36                   int    0x36
    14a8:       be 23 00 00 00          mov    esi, 0x23
    14ad:       e9 3b ef ff ff          jmp    0x3ed
    14b2:       b9 17 00 00 00          mov    ecx, 0x17
    14b7:       be 2f 00 00 00          mov    esi, 0x2f
    14bc:       89 c8                   mov    eax, ecx
    14be:       99                      cdq
    14bf:       f7 fe                   idiv   esi
    14c1:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    14c6:       30 44 0c 09             xor    BYTE PTR [esp+ecx*1+0x9], al
    14ca:       83 c1 01                add    ecx, 0x1
    14cd:       83 f9 2f                cmp    ecx, 0x2f
    14d0:       75 ea                   jne    0x14bc
    14d2:       cd 21                   int    0x21
    14d4:       be 4f 00 00 00          mov    esi, 0x4f
    14d9:       e9 0f ef ff ff          jmp    0x3ed
    14de:       8d 4c 24 08             lea    ecx, [esp+0x8]
    14e2:       be 18 00 00 00          mov    esi, 0x18
    14e7:       bf 2f 00 00 00          mov    edi, 0x2f
    14ec:       89 f0                   mov    eax, esi
    14ee:       99                      cdq
    14ef:       f7 ff                   idiv   edi
    14f1:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    14f6:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    14f9:       83 c6 01                add    esi, 0x1
    14fc:       83 fe 31                cmp    esi, 0x31
    14ff:       75 eb                   jne    0x14ec
    1501:       cd 4a                   int    0x4a
    1503:       be 34 00 00 00          mov    esi, 0x34
    1508:       e9 e0 ee ff ff          jmp    0x3ed
    150d:       8d 4c 24 1e             lea    ecx, [esp+0x1e]
    1511:       be 02 00 00 00          mov    esi, 0x2
    1516:       bf 2f 00 00 00          mov    edi, 0x2f
    151b:       89 f0                   mov    eax, esi
    151d:       99                      cdq
    151e:       f7 ff                   idiv   edi
    1520:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    1525:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    1528:       83 c6 01                add    esi, 0x1
    152b:       83 fe 05                cmp    esi, 0x5
    152e:       75 eb                   jne    0x151b
    1530:       cd 2a                   int    0x2a
    1532:       be 19 00 00 00          mov    esi, 0x19
    1537:       e9 b1 ee ff ff          jmp    0x3ed
    153c:       8d 4c 24 0f             lea    ecx, [esp+0xf]
    1540:       be 11 00 00 00          mov    esi, 0x11
    1545:       bf 2f 00 00 00          mov    edi, 0x2f
    154a:       89 f0                   mov    eax, esi
    154c:       99                      cdq
    154d:       f7 ff                   idiv   edi
    154f:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    1554:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    1557:       83 c6 01                add    esi, 0x1
    155a:       83 fe 23                cmp    esi, 0x23
    155d:       75 eb                   jne    0x154a
    155f:       cd 47                   int    0x47
    1561:       be 08 00 00 00          mov    esi, 0x8
    1566:       e9 82 ee ff ff          jmp    0x3ed
    156b:       b9 0f 00 00 00          mov    ecx, 0xf
    1570:       be 2f 00 00 00          mov    esi, 0x2f
    1575:       89 c8                   mov    eax, ecx
    1577:       99                      cdq
    1578:       f7 fe                   idiv   esi
    157a:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    157f:       30 44 0c 11             xor    BYTE PTR [esp+ecx*1+0x11], al
    1583:       83 c1 01                add    ecx, 0x1
    1586:       83 f9 1f                cmp    ecx, 0x1f
    1589:       75 ea                   jne    0x1575
    158b:       cd 3e                   int    0x3e
    158d:       be 15 00 00 00          mov    esi, 0x15
    1592:       e9 56 ee ff ff          jmp    0x3ed
    1597:       b9 19 00 00 00          mov    ecx, 0x19
    159c:       be 2f 00 00 00          mov    esi, 0x2f
    15a1:       89 c8                   mov    eax, ecx
    15a3:       99                      cdq
    15a4:       f7 fe                   idiv   esi
    15a6:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    15ab:       30 44 0c 07             xor    BYTE PTR [esp+ecx*1+0x7], al
    15af:       83 c1 01                add    ecx, 0x1
    15b2:       83 f9 33                cmp    ecx, 0x33
    15b5:       75 ea                   jne    0x15a1
    15b7:       cd 1d                   int    0x1d
    15b9:       be 03 00 00 00          mov    esi, 0x3
    15be:       e9 2a ee ff ff          jmp    0x3ed
    15c3:       8d 4c 24 12             lea    ecx, [esp+0x12]
    15c7:       be 0e 00 00 00          mov    esi, 0xe
    15cc:       bf 2f 00 00 00          mov    edi, 0x2f
    15d1:       89 f0                   mov    eax, esi
    15d3:       99                      cdq
    15d4:       f7 ff                   idiv   edi
    15d6:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    15db:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    15de:       83 c6 01                add    esi, 0x1
    15e1:       83 fe 1d                cmp    esi, 0x1d
    15e4:       75 eb                   jne    0x15d1
    15e6:       cd 2e                   int    0x2e
    15e8:       be 61 00 00 00          mov    esi, 0x61
    15ed:       e9 fb ed ff ff          jmp    0x3ed
    15f2:       8d 4c 24 1e             lea    ecx, [esp+0x1e]
    15f6:       be 02 00 00 00          mov    esi, 0x2
    15fb:       bf 2f 00 00 00          mov    edi, 0x2f
    1600:       89 f0                   mov    eax, esi
    1602:       99                      cdq
    1603:       f7 ff                   idiv   edi
    1605:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    160a:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    160d:       83 c6 01                add    esi, 0x1
    1610:       83 fe 05                cmp    esi, 0x5
    1613:       75 eb                   jne    0x1600
    1615:       cd 11                   int    0x11
    1617:       be 1c 00 00 00          mov    esi, 0x1c
    161c:       e9 cc ed ff ff          jmp    0x3ed
    1621:       8d 4c 24 0b             lea    ecx, [esp+0xb]
    1625:       be 15 00 00 00          mov    esi, 0x15
    162a:       bf 2f 00 00 00          mov    edi, 0x2f
    162f:       89 f0                   mov    eax, esi
    1631:       99                      cdq
    1632:       f7 ff                   idiv   edi
    1634:       0f b6 44 14 20          movzx  eax, BYTE PTR [esp+edx*1+0x20]
    1639:       30 04 31                xor    BYTE PTR [ecx+esi*1], al
    163c:       83 c6 01                add    esi, 0x1
    163f:       83 fe 2b                cmp    esi, 0x2b
    1642:       75 eb                   jne    0x162f
    1644:       cd 3f                   int    0x3f
    1646:       be 22 00 00 00          mov    esi, 0x22
    164b:       e9                      .byte 0xe9
    ```

主要可以知道的是shellcode 會根據ESI的狀態跳到對應的地方並且進行區間跟自己的xor

因此我們需要先抓所有eip所變化的所有狀態

```python
def hook_exception(uc, exception_type, user_data):
    global ck,cmp_collet
    if ck == 1 and exception_type == 0x2d:
        #uc.emu_stop()
        return 0
    if exception_type == 0x2d:
        ck = 1

    EIP = ADDRESS_CODE
    ESI = exception_type
    print(f"[STATE] ESI ← 0x{exception_type:02X}")
    cmp_collet=False
    uc.reg_write(UC_X86_REG_EIP, EIP)
    uc.reg_write(UC_X86_REG_ESI, ESI)
    return 0

先把ESI的每個狀態輸出出來

??? note “Unicorn esi”
[STATE] ESI ← 0x61 [STATE] ESI ← 0x10 [STATE] ESI ← 0x37 [STATE] ESI ← 0x1F [STATE] ESI ← 0x31 [STATE] ESI ← 0x13 [STATE] ESI ← 0x56 [STATE] ESI ← 0x54 [STATE] ESI ← 0x2D [STATE] ESI ← 0x36 [STATE] ESI ← 0x12 [STATE] ESI ← 0x40 [STATE] ESI ← 0x0E [STATE] ESI ← 0x39 [STATE] ESI ← 0x0F [STATE] ESI ← 0x03 [STATE] ESI ← 0x27 [STATE] ESI ← 0x18 [STATE] ESI ← 0x58 [STATE] ESI ← 0x3B [STATE] ESI ← 0x55 [STATE] ESI ← 0x48 [STATE] ESI ← 0x0A [STATE] ESI ← 0x1C [STATE] ESI ← 0x1B [STATE] ESI ← 0x2F [STATE] ESI ← 0x5C [STATE] ESI ← 0x20 [STATE] ESI ← 0x2B [STATE] ESI ← 0x50 [STATE] ESI ← 0x44 [STATE] ESI ← 0x2E [STATE] ESI ← 0x1D [STATE] ESI ← 0x5E [STATE] ESI ← 0x21 [STATE] ESI ← 0x47 [STATE] ESI ← 0x17 [STATE] ESI ← 0x01 [STATE] ESI ← 0x52 [STATE] ESI ← 0x3F [STATE] ESI ← 0x16 [STATE] ESI ← 0x4C [STATE] ESI ← 0x0D [STATE] ESI ← 0x23 [STATE] ESI ← 0x34 [STATE] ESI ← 0x49 [STATE] ESI ← 0x43 [STATE] ESI ← 0x28 [STATE] ESI ← 0x30 [STATE] ESI ← 0x33 [STATE] ESI ← 0x4A [STATE] ESI ← 0x0B [STATE] ESI ← 0x4B [STATE] ESI ← 0x32 [STATE] ESI ← 0x24 [STATE] ESI ← 0x51 [STATE] ESI ← 0x4D [STATE] ESI ← 0x64 [STATE] ESI ← 0x5A [STATE] ESI ← 0x3A [STATE] ESI ← 0x04 [STATE] ESI ← 0x26 [STATE] ESI ← 0x35 [STATE] ESI ← 0x46 [STATE] ESI ← 0x60 [STATE] ESI ← 0x11 [STATE] ESI ← 0x07 [STATE] ESI ← 0x3E [STATE] ESI ← 0x45 [STATE] ESI ← 0x2A [STATE] ESI ← 0x19 [STATE] ESI ← 0x4E [STATE] ESI ← 0x22 [STATE] ESI ← 0x5F [STATE] ESI ← 0x25 [STATE] ESI ← 0x41 [STATE] ESI ← 0x53 [STATE] ESI ← 0x2C [STATE] ESI ← 0x09 [STATE] ESI ← 0x3C [STATE] ESI ← 0x1E [STATE] ESI ← 0x14

接下來要取得xor會從哪裡到哪裡，在shellcode中是使用mov esi XXX 以及cmp ecx YYY ，代表XXX 到YYY 進行xor

def hook_mov_esi(uc, address, size, user_data):
    # 读出当前指令的机器码
    global cmp_collet
    mc = uc.mem_read(address, size)
    # 机器码前 1 字节是 0xBE (mov esi, imm32)，后面 4 字节是 little-endian 的 imm32
    if mc[0] == 0xBE:
        imm = int.from_bytes(mc[1:5], 'little')
        print(f"[HOOK MOV] @0x{address:08x}: mov esi, {hex(imm)}")
        cmp_collet = False
    if mc[0] == 0xB9:
        imm = int.from_bytes(mc[1:5], 'little')
        print(f"[HOOK MOV] @0x{address:08x}: mov esi, {hex(imm)}")
        cmp_collet = False
    if mc[0] == 0xBF:
        imm = int.from_bytes(mc[1:5], 'little')
        if(imm != 0x2f):
            print(f"[HOOK MOV] @0x{address:08x}: mov esi, {hex(imm)}")
            cmp_collet = False

def hook_cmp_esi(uc, address, size, user_data):
    global cmp_collet
    mc = uc.mem_read(address, size)
    if(cmp_collet == True):
        return 0
    # cmp esi, imm8 的编码是 0x83 0xFE imm8
    if mc[0] == 0x83 and mc[1] == 0xFE:
        imm8 = mc[2]
        print(f"[HOOK CMP] @0x{address:08x}: cmp esi, {hex(imm8)}")
        cmp_collet = True
        return 0
    if mc[0] == 0x83 and mc[1] == 0xf9:
        imm8 = mc[2]
        print(f"[HOOK CMP] @0x{address:08x}: cmp esi, {hex(imm8)}")
        cmp_collet = True
        return 0

mu.hook_add(UC_HOOK_CODE, hook_mov_esi, None, 1, 0, UC_X86_INS_CPUID)
mu.hook_add(UC_HOOK_CODE, hook_cmp_esi, None, 0x1000380, ADDRESS_CODE + CODE_SIZE, UC_X86_INS_CPUID)

??? note “Unicorn cmp mov”
python [HOOK MOV] @0x010013fc: mov esi, 0x28 [HOOK CMP] @0x01001416: cmp esi, 0x51 [STATE] ESI ← 0x61 [HOOK MOV] @0x01001427: mov esi, 0x20 [HOOK CMP] @0x01001443: cmp esi, 0x41 [STATE] ESI ← 0x10 [HOOK MOV] @0x01000a7f: mov esi, 0x18 [HOOK CMP] @0x01000a99: cmp esi, 0x31 [STATE] ESI ← 0x37 [HOOK MOV] @0x01000eae: mov esi, 0x24 [HOOK CMP] @0x01000ec8: cmp esi, 0x49 [STATE] ESI ← 0x1F [HOOK MOV] @0x010007c4: mov esi, 0x1d [HOOK CMP] @0x010007de: cmp esi, 0x3b [STATE] ESI ← 0x31 [HOOK MOV] @0x01000589: mov esi, 0x12 [HOOK MOV] @0x0100058e: mov esi, 0xae4c415d [HOOK CMP] @0x010005b6: cmp esi, 0x25 [STATE] ESI ← 0x13 [HOOK MOV] @0x010009f2: mov esi, 0xd [HOOK CMP] @0x01000a0c: cmp esi, 0x1b [STATE] ESI ← 0x56 [HOOK MOV] @0x010008a9: mov esi, 0x24 [HOOK CMP] @0x010008c3: cmp esi, 0x49 [STATE] ESI ← 0x54 [HOOK MOV] @0x010010b0: mov esi, 0xb [HOOK CMP] @0x010010ca: cmp esi, 0x17 [HOOK MOV] @0x010010d1: mov esi, 0x2e [HOOK MOV] @0x01000654: mov esi, 0x1d [HOOK CMP] @0x0100066e: cmp esi, 0x3b [STATE] ESI ← 0x2D [HOOK MOV] @0x01001487: mov esi, 0x18 [HOOK CMP] @0x010014a1: cmp esi, 0x31 [STATE] ESI ← 0x36 [HOOK MOV] @0x010004a6: mov esi, 0x1f [HOOK MOV] @0x010004ab: mov esi, 0xae4c415d [HOOK CMP] @0x010004d4: cmp esi, 0x3f [STATE] ESI ← 0x12 [HOOK MOV] @0x01001286: mov esi, 0x15 [HOOK CMP] @0x010012a0: cmp esi, 0x2b [STATE] ESI ← 0x40 [HOOK MOV] @0x01001052: mov esi, 0xe [HOOK CMP] @0x0100106c: cmp esi, 0x1d [STATE] ESI ← 0x0E [HOOK MOV] @0x01000d5b: mov esi, 0x2a [HOOK CMP] @0x01000d75: cmp esi, 0x55 [STATE] ESI ← 0x39 [HOOK MOV] @0x01000f3b: mov esi, 0x14 [HOOK CMP] @0x01000f55: cmp esi, 0x29 [STATE] ESI ← 0x0F [HOOK MOV] @0x010005cb: mov esi, 0xb [HOOK CMP] @0x010005e5: cmp esi, 0x17 [STATE] ESI ← 0x03 [HOOK MOV] @0x010011f9: mov esi, 0x6 [HOOK CMP] @0x01001213: cmp esi, 0xd [STATE] ESI ← 0x27 [HOOK MOV] @0x01000db9: mov esi, 0x1a [HOOK CMP] @0x01000dd3: cmp esi, 0x35 [STATE] ESI ← 0x18 [HOOK CMP] @0x010007af: cmp esi, 0x31 [STATE] ESI ← 0x58 [HOOK MOV] @0x010010df: mov esi, 0x18 [HOOK CMP] @0x010010f9: cmp esi, 0x31 [STATE] ESI ← 0x3B [HOOK MOV] @0x0100136f: mov esi, 0x1d [HOOK CMP] @0x01001389: cmp esi, 0x3b [STATE] ESI ← 0x55 [HOOK MOV] @0x0100076b: mov esi, 0x1d [HOOK CMP] @0x01000785: cmp esi, 0x3b [STATE] ESI ← 0x48 [HOOK MOV] @0x01000936: mov esi, 0xe [HOOK CMP] @0x01000950: cmp esi, 0x1d [STATE] ESI ← 0x0A [HOOK MOV] @0x0100081b: mov esi, 0x3 [HOOK MOV] @0x01000820: mov esi, 0x2f [HOOK CMP] @0x01000836: cmp esi, 0x7 [STATE] ESI ← 0x1C [HOOK MOV] @0x01001257: mov esi, 0x18 [HOOK CMP] @0x01001271: cmp esi, 0x31 [STATE] ESI ← 0x1B [HOOK MOV] @0x010008d8: mov esi, 0x8 [HOOK CMP] @0x010008f2: cmp esi, 0x11 [STATE] ESI ← 0x2F [HOOK MOV] @0x01000ca7: mov esi, 0x8 [HOOK CMP] @0x01000cc1: cmp esi, 0x11 [STATE] ESI ← 0x5C [HOOK MOV] @0x01001228: mov esi, 0x29 [HOOK CMP] @0x01001242: cmp esi, 0x53 [STATE] ESI ← 0x20 [HOOK MOV] @0x010003b0: mov esi, 0xb [HOOK MOV] @0x010003b5: mov esi, 0xae4c415d [HOOK CMP] @0x010003e1: cmp esi, 0x17 [STATE] ESI ← 0x2B [HOOK MOV] @0x010006e1: mov esi, 0xd [HOOK CMP] @0x010006fb: cmp esi, 0x1b [STATE] ESI ← 0x50 [HOOK MOV] @0x010005f9: mov esi, 0x12 [HOOK CMP] @0x01000613: cmp esi, 0x25 [STATE] ESI ← 0x44 [HOOK MOV] @0x010015c7: mov esi, 0xe [HOOK CMP] @0x010015e1: cmp esi, 0x1d [STATE] ESI ← 0x2E [HOOK MOV] @0x01001597: mov esi, 0x19 [HOOK MOV] @0x0100159c: mov esi, 0x2f [HOOK CMP] @0x010015b2: cmp esi, 0x33 [STATE] ESI ← 0x1D [HOOK MOV] @0x01000a21: mov esi, 0x2 [HOOK CMP] @0x01000a3b: cmp esi, 0x5 [STATE] ESI ← 0x5E [HOOK MOV] @0x010014b2: mov esi, 0x17 [HOOK MOV] @0x010014b7: mov esi, 0x2f [HOOK CMP] @0x010014cd: cmp esi, 0x2f [STATE] ESI ← 0x21 [HOOK MOV] @0x01001540: mov esi, 0x11 [HOOK CMP] @0x0100155a: cmp esi, 0x23 [STATE] ESI ← 0x47 [HOOK MOV] @0x01000cd6: mov esi, 0x28 [HOOK CMP] @0x01000cf0: cmp esi, 0x51 [STATE] ESI ← 0x17 [HOOK MOV] @0x0100073c: mov esi, 0x11 [HOOK CMP] @0x01000756: cmp esi, 0x23 [STATE] ESI ← 0x01 [HOOK MOV] @0x01000994: mov esi, 0x4 [HOOK CMP] @0x010009ae: cmp esi, 0x9 [STATE] ESI ← 0x52 [HOOK MOV] @0x01001625: mov esi, 0x15 [HOOK CMP] @0x0100163f: cmp esi, 0x2b [STATE] ESI ← 0x3F [HOOK MOV] @0x0100110e: mov esi, 0x16 [HOOK CMP] @0x01001128: cmp esi, 0x2d [STATE] ESI ← 0x16 [HOOK MOV] @0x01000683: mov esi, 0x2b [HOOK CMP] @0x0100069d: cmp esi, 0x57 [STATE] ESI ← 0x4C [HOOK MOV] @0x010012e0: mov esi, 0x20 [HOOK CMP] @0x010012fc: cmp esi, 0x41 [STATE] ESI ← 0x0D [HOOK MOV] @0x01000429: mov esi, 0x13 [HOOK MOV] @0x0100042e: mov esi, 0xae4c415d [HOOK CMP] @0x01000456: cmp esi, 0x27 [STATE] ESI ← 0x23 [HOOK MOV] @0x01000edd: mov esi, 0xc [HOOK CMP] @0x01000ef7: cmp esi, 0x19 [STATE] ESI ← 0x34 [HOOK MOV] @0x0100070c: mov esi, 0x2d [HOOK MOV] @0x01000711: mov esi, 0x2f [HOOK CMP] @0x01000727: cmp esi, 0x5b [STATE] ESI ← 0x49 [HOOK MOV] @0x01000907: mov esi, 0x24 [HOOK CMP] @0x01000921: cmp esi, 0x49 [STATE] ESI ← 0x43 [HOOK MOV] @0x01000f66: mov esi, 0x23 [HOOK MOV] @0x01000f6b: mov esi, 0x2f [HOOK CMP] @0x01000f81: cmp esi, 0x47 [STATE] ESI ← 0x28 [HOOK MOV] @0x01000b64: mov esi, 0x16 [HOOK CMP] @0x01000b7e: cmp esi, 0x2d [STATE] ESI ← 0x30 [HOOK MOV] @0x01000c78: mov esi, 0x2b [HOOK CMP] @0x01000c92: cmp esi, 0x57 [STATE] ESI ← 0x33 [HOOK MOV] @0x010014e2: mov esi, 0x18 [HOOK CMP] @0x010014fc: cmp esi, 0x31 [STATE] ESI ← 0x4A [HOOK MOV] @0x01000624: mov esi, 0x1b [HOOK MOV] @0x01000629: mov esi, 0x2f [HOOK CMP] @0x0100063f: cmp esi, 0x37 [STATE] ESI ← 0x0B [HOOK MOV] @0x010009c3: mov esi, 0x8 [HOOK CMP] @0x010009dd: cmp esi, 0x11 [STATE] ESI ← 0x4B [HOOK MOV] @0x010013cd: mov esi, 0x6 [HOOK CMP] @0x010013e7: cmp esi, 0xd [STATE] ESI ← 0x32 [HOOK MOV] @0x01000fc5: mov esi, 0x13 [HOOK CMP] @0x01000fdf: cmp esi, 0x27 [STATE] ESI ← 0x24 [HOOK MOV] @0x01000384: mov esi, 0x26 [HOOK CMP] @0x0100039e: cmp esi, 0x4d [STATE] ESI ← 0x51 [HOOK MOV] @0x01000de8: mov esi, 0x15 [HOOK CMP] @0x01000e02: cmp esi, 0x2b [STATE] ESI ← 0x4D [HOOK MOV] @0x0100116c: mov esi, 0x1d [HOOK CMP] @0x01001186: cmp esi, 0x3b [STATE] ESI ← 0x64 [HOOK MOV] @0x01000a50: mov esi, 0x16 [HOOK CMP] @0x01000a6a: cmp esi, 0x2d [STATE] ESI ← 0x5A [HOOK MOV] @0x010004e9: mov esi, 0x4 [HOOK CMP] @0x01000503: cmp esi, 0x9 [STATE] ESI ← 0x3A [HOOK MOV] @0x01000965: mov esi, 0x2 [HOOK CMP] @0x0100097f: cmp esi, 0x5 [STATE] ESI ← 0x04 [HOOK MOV] @0x01000c48: mov esi, 0xa [HOOK MOV] @0x01000c4d: mov esi, 0x2f [HOOK CMP] @0x01000c63: cmp esi, 0x15 [STATE] ESI ← 0x26 [HOOK MOV] @0x0100087a: mov esi, 0x9 [HOOK CMP] @0x01000894: cmp esi, 0x13 [STATE] ESI ← 0x35 [HOOK MOV] @0x01000b35: mov esi, 0x24 [HOOK CMP] @0x01000b4f: cmp esi, 0x49 [STATE] ESI ← 0x46 [HOOK MOV] @0x01000f96: mov esi, 0x2c [HOOK CMP] @0x01000fb0: cmp esi, 0x59 [STATE] ESI ← 0x60 [HOOK MOV] @0x010015f6: mov esi, 0x2 [HOOK CMP] @0x01001610: cmp esi, 0x5 [STATE] ESI ← 0x11 [HOOK CMP] @0x01000d46: cmp esi, 0x23 [STATE] ESI ← 0x07 [HOOK MOV] @0x0100156b: mov esi, 0xf [HOOK MOV] @0x01001570: mov esi, 0x2f [HOOK CMP] @0x01001586: cmp esi, 0x1f [STATE] ESI ← 0x3E [HOOK MOV] @0x01000bed: mov esi, 0x22 [HOOK MOV] @0x01000bf2: mov esi, 0x2f [HOOK CMP] @0x01000c08: cmp esi, 0x45 [STATE] ESI ← 0x45 [HOOK MOV] @0x01001511: mov esi, 0x2 [HOOK CMP] @0x0100152b: cmp esi, 0x5 [STATE] ESI ← 0x2A [HOOK MOV] @0x01000e7f: mov esi, 0x14 [HOOK CMP] @0x01000e99: cmp esi, 0x29 [STATE] ESI ← 0x19 [HOOK MOV] @0x010012b5: mov esi, 0xd [HOOK CMP] @0x010012cf: cmp esi, 0x1b [STATE] ESI ← 0x4E [HOOK MOV] @0x0100119b: mov esi, 0x26 [HOOK CMP] @0x010011b5: cmp esi, 0x4d [STATE] ESI ← 0x22 [HOOK MOV] @0x0100139e: mov esi, 0x9 [HOOK CMP] @0x010013b8: cmp esi, 0x13 [STATE] ESI ← 0x5F [HOOK MOV] @0x01000aaa: mov esi, 0x27 [HOOK MOV] @0x01000aaf: mov esi, 0x2f [HOOK CMP] @0x01000ac5: cmp esi, 0x4f [STATE] ESI ← 0x25 [HOOK MOV] @0x01001311: mov esi, 0x1a [HOOK CMP] @0x0100132b: cmp esi, 0x35 [STATE] ESI ← 0x41 [HOOK MOV] @0x01000b05: mov esi, 0x21 [HOOK MOV] @0x01000b0a: mov esi, 0x2f [HOOK CMP] @0x01000b20: cmp esi, 0x43 [STATE] ESI ← 0x53 [HOOK MOV] @0x01000f0c: mov esi, 0x2a [HOOK CMP] @0x01000f26: cmp esi, 0x55 [STATE] ESI ← 0x2C [HOOK MOV] @0x01000c1d: mov esi, 0x13 [HOOK CMP] @0x01000c37: cmp esi, 0x27 [STATE] ESI ← 0x09 [HOOK MOV] @0x010007ef: mov esi, 0x2e [HOOK MOV] @0x010007f4: mov esi, 0x2f [HOOK CMP] @0x0100080a: cmp esi, 0x5d [STATE] ESI ← 0x3C [HOOK MOV] @0x01001340: mov esi, 0x18 [HOOK CMP] @0x0100135a: cmp esi, 0x31 [STATE] ESI ← 0x1E [STATE] ESI ← 0x14 [HOOK MOV] @0x0100084b: mov esi, 0x29 [HOOK CMP] @0x01000865: cmp esi, 0x53 [HOOK MOV] @0x01000654: mov esi, 0x1d [HOOK CMP] @0x0100066e: cmp esi, 0x3b [HOOK MOV] @0x01000675: mov esi, 0x11

再來要知道他是怎麼進行XOR加密的

def hook_xor_insn(uc, address, size, user_data):
    mc = uc.mem_read(address, size)
    if mc.startswith(b'\x30\x04'):
        eip = address
        ecx = uc.reg_read(UC_X86_REG_ECX)
        esi = uc.reg_read(UC_X86_REG_ESI)
        dest = ecx + esi
        old = uc.mem_read(dest, 1)[0]
        al = uc.reg_read(UC_X86_REG_EAX) & 0xff
        result = old ^ al

        print(f"[XOR @0x{eip:x}] MEM[0x{dest:x}] 0x{old:02x} ^ AL(0x{al:02x}) → 0x{result:02x}")
        after = uc.mem_read(dest,1)[0]
        print(f" 寫入後 MEM = 0x{after:02x}")

def hook_mem_write(uc, access, addr, size, value, user_data):
    print(f"[WRITE] @0x{addr:x} ← 0x{value:02x}")

mu.hook_add(UC_HOOK_CODE, hook_xor_insn,None , 1,0,UC_X86_INS_CPUID)
mu.hook_add(UC_HOOK_MEM_WRITE, hook_mem_write)

??? note “Unicorn XOE dump”
Unicorn CHAL By:ShallowFeather Enter the flag: --- Starting emulation --- [HOOK MOV] @0x010013fc: mov esi, 0x28 [XOR @0x1001410] MEM[0x2003f20] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x01001416: cmp esi, 0x51 [XOR @0x1001410] MEM[0x2003f21] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x32 [XOR @0x1001410] MEM[0x2003f22] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f22 ← 0x33 [XOR @0x1001410] MEM[0x2003f23] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f23 ← 0x31 [XOR @0x1001410] MEM[0x2003f24] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f24 ← 0x32 [XOR @0x1001410] MEM[0x2003f25] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f25 ← 0x33 [XOR @0x1001410] MEM[0x2003f26] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x31 [XOR @0x1001410] MEM[0x2003f27] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f27 ← 0x03 [XOR @0x1001410] MEM[0x2003f28] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f28 ← 0x01 [XOR @0x1001410] MEM[0x2003f29] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f29 ← 0x02 [XOR @0x1001410] MEM[0x2003f2a] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f2a ← 0x03 [XOR @0x1001410] MEM[0x2003f2b] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f2b ← 0x01 [XOR @0x1001410] MEM[0x2003f2c] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f2c ← 0x02 [XOR @0x1001410] MEM[0x2003f2d] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f2d ← 0x03 [XOR @0x1001410] MEM[0x2003f2e] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f2e ← 0x30 [XOR @0x1001410] MEM[0x2003f2f] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f2f ← 0x30 [XOR @0x1001410] MEM[0x2003f30] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f30 ← 0x30 [XOR @0x1001410] MEM[0x2003f31] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f31 ← 0x30 [XOR @0x1001410] MEM[0x2003f32] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f32 ← 0x30 [XOR @0x1001410] MEM[0x2003f33] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f33 ← 0x30 [XOR @0x1001410] MEM[0x2003f34] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f34 ← 0x30 [XOR @0x1001410] MEM[0x2003f35] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f35 ← 0x30 [XOR @0x1001410] MEM[0x2003f36] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f36 ← 0x30 [XOR @0x1001410] MEM[0x2003f37] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f37 ← 0x30 [XOR @0x1001410] MEM[0x2003f38] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f38 ← 0x30 [XOR @0x1001410] MEM[0x2003f39] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f39 ← 0x30 [XOR @0x1001410] MEM[0x2003f3a] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f3a ← 0x30 [XOR @0x1001410] MEM[0x2003f3b] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f3b ← 0x30 [XOR @0x1001410] MEM[0x2003f3c] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f3c ← 0x30 [XOR @0x1001410] MEM[0x2003f3d] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f3d ← 0x30 [XOR @0x1001410] MEM[0x2003f3e] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f3e ← 0x30 [XOR @0x1001410] MEM[0x2003f3f] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f3f ← 0x30 [XOR @0x1001410] MEM[0x2003f40] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f40 ← 0x30 [XOR @0x1001410] MEM[0x2003f41] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f41 ← 0x30 [XOR @0x1001410] MEM[0x2003f42] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f42 ← 0x30 [XOR @0x1001410] MEM[0x2003f43] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f43 ← 0x30 [XOR @0x1001410] MEM[0x2003f44] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f44 ← 0x30 [XOR @0x1001410] MEM[0x2003f45] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f45 ← 0x30 [XOR @0x1001410] MEM[0x2003f46] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f46 ← 0x30 [XOR @0x1001410] MEM[0x2003f47] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f47 ← 0x30 [XOR @0x1001410] MEM[0x2003f48] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f48 ← 0x30 [STATE] ESI ← 0x61 [HOOK MOV] @0x01001427: mov esi, 0x20 [XOR @0x100143d] MEM[0x2003f20] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x01 [HOOK CMP] @0x01001443: cmp esi, 0x41 [XOR @0x100143d] MEM[0x2003f21] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x02 [XOR @0x100143d] MEM[0x2003f22] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f22 ← 0x03 [XOR @0x100143d] MEM[0x2003f23] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f23 ← 0x01 [XOR @0x100143d] MEM[0x2003f24] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f24 ← 0x02 [XOR @0x100143d] MEM[0x2003f25] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f25 ← 0x03 [XOR @0x100143d] MEM[0x2003f26] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x01 [XOR @0x100143d] MEM[0x2003f27] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f27 ← 0x33 [XOR @0x100143d] MEM[0x2003f28] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f28 ← 0x31 [XOR @0x100143d] MEM[0x2003f29] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f29 ← 0x02 [XOR @0x100143d] MEM[0x2003f2a] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f2a ← 0x03 [XOR @0x100143d] MEM[0x2003f2b] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f2b ← 0x01 [XOR @0x100143d] MEM[0x2003f2c] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x02 [XOR @0x100143d] MEM[0x2003f2d] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f2d ← 0x03 [XOR @0x100143d] MEM[0x2003f2e] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f2e ← 0x30 [XOR @0x100143d] MEM[0x2003f2f] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f2f ← 0x31 [XOR @0x100143d] MEM[0x2003f30] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f30 ← 0x32 [XOR @0x100143d] MEM[0x2003f31] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f31 ← 0x33 [XOR @0x100143d] MEM[0x2003f32] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f32 ← 0x31 [XOR @0x100143d] MEM[0x2003f33] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f33 ← 0x32 [XOR @0x100143d] MEM[0x2003f34] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f34 ← 0x33 [XOR @0x100143d] MEM[0x2003f35] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f35 ← 0x31 [XOR @0x100143d] MEM[0x2003f36] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f36 ← 0x03 [XOR @0x100143d] MEM[0x2003f37] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f37 ← 0x01 [XOR @0x100143d] MEM[0x2003f38] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f38 ← 0x32 [XOR @0x100143d] MEM[0x2003f39] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f39 ← 0x33 [XOR @0x100143d] MEM[0x2003f3a] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f3a ← 0x31 [XOR @0x100143d] MEM[0x2003f3b] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f3b ← 0x32 [XOR @0x100143d] MEM[0x2003f3c] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f3c ← 0x33 [XOR @0x100143d] MEM[0x2003f3d] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f3d ← 0x00 [XOR @0x100143d] MEM[0x2003f3e] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f3e ← 0x01 [XOR @0x100143d] MEM[0x2003f3f] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f3f ← 0x02 [XOR @0x100143d] MEM[0x2003f40] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f40 ← 0x03 [STATE] ESI ← 0x10 [HOOK MOV] @0x01000a7f: mov esi, 0x18 [XOR @0x1000a93] MEM[0x2003f20] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f20 ← 0x33 [HOOK CMP] @0x01000a99: cmp esi, 0x31 [XOR @0x1000a93] MEM[0x2003f21] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f21 ← 0x31 [XOR @0x1000a93] MEM[0x2003f22] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f22 ← 0x32 [XOR @0x1000a93] MEM[0x2003f23] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f23 ← 0x33 [XOR @0x1000a93] MEM[0x2003f24] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f24 ← 0x31 [XOR @0x1000a93] MEM[0x2003f25] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x03 [XOR @0x1000a93] MEM[0x2003f26] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f26 ← 0x00 [XOR @0x1000a93] MEM[0x2003f27] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f27 ← 0x31 [XOR @0x1000a93] MEM[0x2003f28] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x32 [XOR @0x1000a93] MEM[0x2003f29] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f29 ← 0x32 [XOR @0x1000a93] MEM[0x2003f2a] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f2a ← 0x33 [XOR @0x1000a93] MEM[0x2003f2b] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f2b ← 0x31 [XOR @0x1000a93] MEM[0x2003f2c] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x32 [XOR @0x1000a93] MEM[0x2003f2d] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f2d ← 0x33 [XOR @0x1000a93] MEM[0x2003f2e] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f2e ← 0x00 [XOR @0x1000a93] MEM[0x2003f2f] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f2f ← 0x01 [XOR @0x1000a93] MEM[0x2003f30] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f30 ← 0x02 [XOR @0x1000a93] MEM[0x2003f31] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f31 ← 0x33 [XOR @0x1000a93] MEM[0x2003f32] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f32 ← 0x31 [XOR @0x1000a93] MEM[0x2003f33] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f33 ← 0x32 [XOR @0x1000a93] MEM[0x2003f34] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f34 ← 0x33 [XOR @0x1000a93] MEM[0x2003f35] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f35 ← 0x31 [XOR @0x1000a93] MEM[0x2003f36] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f36 ← 0x03 [XOR @0x1000a93] MEM[0x2003f37] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f37 ← 0x32 [XOR @0x1000a93] MEM[0x2003f38] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f38 ← 0x03 [STATE] ESI ← 0x37 [HOOK MOV] @0x01000eae: mov esi, 0x24 [XOR @0x1000ec2] MEM[0x2003f20] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f20 ← 0x03 [HOOK CMP] @0x01000ec8: cmp esi, 0x49 [XOR @0x1000ec2] MEM[0x2003f21] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f21 ← 0x01 [XOR @0x1000ec2] MEM[0x2003f22] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f22 ← 0x02 [XOR @0x1000ec2] MEM[0x2003f23] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f23 ← 0x03 [XOR @0x1000ec2] MEM[0x2003f24] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f24 ← 0x01 [XOR @0x1000ec2] MEM[0x2003f25] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x03 [XOR @0x1000ec2] MEM[0x2003f26] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f26 ← 0x00 [XOR @0x1000ec2] MEM[0x2003f27] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f27 ← 0x31 [XOR @0x1000ec2] MEM[0x2003f28] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f28 ← 0x32 [XOR @0x1000ec2] MEM[0x2003f29] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f29 ← 0x32 [XOR @0x1000ec2] MEM[0x2003f2a] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x33 [XOR @0x1000ec2] MEM[0x2003f2b] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f2b ← 0x32 [XOR @0x1000ec2] MEM[0x2003f2c] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f2c ← 0x33 [XOR @0x1000ec2] MEM[0x2003f2d] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f2d ← 0x31 [XOR @0x1000ec2] MEM[0x2003f2e] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f2e ← 0x03 [XOR @0x1000ec2] MEM[0x2003f2f] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f2f ← 0x00 [XOR @0x1000ec2] MEM[0x2003f30] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f30 ← 0x01 [XOR @0x1000ec2] MEM[0x2003f31] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f31 ← 0x33 [XOR @0x1000ec2] MEM[0x2003f32] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f32 ← 0x00 [XOR @0x1000ec2] MEM[0x2003f33] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f33 ← 0x00 [XOR @0x1000ec2] MEM[0x2003f34] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f34 ← 0x01 [XOR @0x1000ec2] MEM[0x2003f35] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f35 ← 0x02 [XOR @0x1000ec2] MEM[0x2003f36] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f36 ← 0x31 [XOR @0x1000ec2] MEM[0x2003f37] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f37 ← 0x01 [XOR @0x1000ec2] MEM[0x2003f38] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f38 ← 0x32 [XOR @0x1000ec2] MEM[0x2003f39] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f39 ← 0x30 [XOR @0x1000ec2] MEM[0x2003f3a] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f3a ← 0x31 [XOR @0x1000ec2] MEM[0x2003f3b] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f3b ← 0x33 [XOR @0x1000ec2] MEM[0x2003f3c] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f3c ← 0x00 [XOR @0x1000ec2] MEM[0x2003f3d] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f3d ← 0x00 [XOR @0x1000ec2] MEM[0x2003f3e] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f3e ← 0x01 [XOR @0x1000ec2] MEM[0x2003f3f] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f3f ← 0x03 [XOR @0x1000ec2] MEM[0x2003f40] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f40 ← 0x01 [XOR @0x1000ec2] MEM[0x2003f41] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f41 ← 0x01 [XOR @0x1000ec2] MEM[0x2003f42] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f42 ← 0x31 [XOR @0x1000ec2] MEM[0x2003f43] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f43 ← 0x02 [XOR @0x1000ec2] MEM[0x2003f44] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f44 ← 0x00 [STATE] ESI ← 0x1F [HOOK MOV] @0x010007c4: mov esi, 0x1d [XOR @0x10007d8] MEM[0x2003f20] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f20 ← 0x03 [HOOK CMP] @0x010007de: cmp esi, 0x3b [XOR @0x10007d8] MEM[0x2003f21] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f21 ← 0x00 [XOR @0x10007d8] MEM[0x2003f22] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f22 ← 0x01 [XOR @0x10007d8] MEM[0x2003f23] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f23 ← 0x02 [XOR @0x10007d8] MEM[0x2003f24] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f24 ← 0x00 [XOR @0x10007d8] MEM[0x2003f25] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x32 [XOR @0x10007d8] MEM[0x2003f26] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f26 ← 0x02 [XOR @0x10007d8] MEM[0x2003f27] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f27 ← 0x31 [XOR @0x10007d8] MEM[0x2003f28] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f28 ← 0x02 [XOR @0x10007d8] MEM[0x2003f29] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f29 ← 0x02 [XOR @0x10007d8] MEM[0x2003f2a] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x03 [XOR @0x10007d8] MEM[0x2003f2b] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f2b ← 0x02 [XOR @0x10007d8] MEM[0x2003f2c] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f2c ← 0x33 [XOR @0x10007d8] MEM[0x2003f2d] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f2d ← 0x31 [XOR @0x10007d8] MEM[0x2003f2e] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f2e ← 0x03 [XOR @0x10007d8] MEM[0x2003f2f] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f2f ← 0x00 [XOR @0x10007d8] MEM[0x2003f30] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f30 ← 0x01 [XOR @0x10007d8] MEM[0x2003f31] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f31 ← 0x33 [XOR @0x10007d8] MEM[0x2003f32] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f32 ← 0x03 [XOR @0x10007d8] MEM[0x2003f33] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f33 ← 0x00 [XOR @0x10007d8] MEM[0x2003f34] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f34 ← 0x00 [XOR @0x10007d8] MEM[0x2003f35] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f35 ← 0x00 [XOR @0x10007d8] MEM[0x2003f36] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f36 ← 0x31 [XOR @0x10007d8] MEM[0x2003f37] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f37 ← 0x33 [XOR @0x10007d8] MEM[0x2003f38] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f38 ← 0x30 [XOR @0x10007d8] MEM[0x2003f39] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f39 ← 0x01 [XOR @0x10007d8] MEM[0x2003f3a] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f3a ← 0x33 [XOR @0x10007d8] MEM[0x2003f3b] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f3b ← 0x31 [XOR @0x10007d8] MEM[0x2003f3c] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f3c ← 0x03 [XOR @0x10007d8] MEM[0x2003f3d] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f3d ← 0x02 [STATE] ESI ← 0x31 [HOOK MOV] @0x01000589: mov esi, 0x12 [HOOK MOV] @0x0100058e: mov esi, 0xae4c415d [XOR @0x10005b0] MEM[0x2003f20] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f20 ← 0x00 [HOOK CMP] @0x010005b6: cmp esi, 0x25 [XOR @0x10005b0] MEM[0x2003f21] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f21 ← 0x00 [XOR @0x10005b0] MEM[0x2003f22] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f22 ← 0x01 [XOR @0x10005b0] MEM[0x2003f23] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f23 ← 0x02 [XOR @0x10005b0] MEM[0x2003f24] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f24 ← 0x31 [XOR @0x10005b0] MEM[0x2003f25] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f25 ← 0x01 [XOR @0x10005b0] MEM[0x2003f26] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f26 ← 0x32 [XOR @0x10005b0] MEM[0x2003f27] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f27 ← 0x30 [XOR @0x10005b0] MEM[0x2003f28] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f28 ← 0x31 [XOR @0x10005b0] MEM[0x2003f29] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f29 ← 0x33 [XOR @0x10005b0] MEM[0x2003f2a] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f2a ← 0x00 [XOR @0x10005b0] MEM[0x2003f2b] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f2b ← 0x00 [XOR @0x10005b0] MEM[0x2003f2c] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f2c ← 0x32 [XOR @0x10005b0] MEM[0x2003f2d] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f2d ← 0x32 [XOR @0x10005b0] MEM[0x2003f2e] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f2e ← 0x02 [XOR @0x10005b0] MEM[0x2003f2f] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f2f ← 0x01 [XOR @0x10005b0] MEM[0x2003f30] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f30 ← 0x30 [XOR @0x10005b0] MEM[0x2003f31] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f31 ← 0x31 [XOR @0x10005b0] MEM[0x2003f32] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f32 ← 0x03 [STATE] ESI ← 0x13 [HOOK MOV] @0x010009f2: mov esi, 0xd [XOR @0x1000a06] MEM[0x2003f20] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f20 ← 0x32 [HOOK CMP] @0x01000a0c: cmp esi, 0x1b [XOR @0x1000a06] MEM[0x2003f21] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f21 ← 0x02 [XOR @0x1000a06] MEM[0x2003f22] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f22 ← 0x00 [XOR @0x1000a06] MEM[0x2003f23] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f23 ← 0x32 [XOR @0x1000a06] MEM[0x2003f24] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f24 ← 0x00 [XOR @0x1000a06] MEM[0x2003f25] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f25 ← 0x02 [XOR @0x1000a06] MEM[0x2003f26] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f26 ← 0x32 [XOR @0x1000a06] MEM[0x2003f27] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x30 [XOR @0x1000a06] MEM[0x2003f28] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x31 [XOR @0x1000a06] MEM[0x2003f29] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f29 ← 0x02 [XOR @0x1000a06] MEM[0x2003f2a] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f2a ← 0x33 [XOR @0x1000a06] MEM[0x2003f2b] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f2b ← 0x30 [XOR @0x1000a06] MEM[0x2003f2c] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f2c ← 0x33 [XOR @0x1000a06] MEM[0x2003f2d] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f2d ← 0x01 [STATE] ESI ← 0x56 [HOOK MOV] @0x010008a9: mov esi, 0x24 [XOR @0x10008bd] MEM[0x2003f20] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f20 ← 0x32 [HOOK CMP] @0x010008c3: cmp esi, 0x49 [XOR @0x10008bd] MEM[0x2003f21] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f21 ← 0x32 [XOR @0x10008bd] MEM[0x2003f22] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f22 ← 0x30 [XOR @0x10008bd] MEM[0x2003f23] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f23 ← 0x02 [XOR @0x10008bd] MEM[0x2003f24] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f24 ← 0x30 [XOR @0x10008bd] MEM[0x2003f25] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f25 ← 0x02 [XOR @0x10008bd] MEM[0x2003f26] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f26 ← 0x32 [XOR @0x10008bd] MEM[0x2003f27] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x30 [XOR @0x10008bd] MEM[0x2003f28] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x31 [XOR @0x10008bd] MEM[0x2003f29] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f29 ← 0x02 [XOR @0x10008bd] MEM[0x2003f2a] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x33 [XOR @0x10008bd] MEM[0x2003f2b] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f2b ← 0x02 [XOR @0x10008bd] MEM[0x2003f2c] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f2c ← 0x01 [XOR @0x10008bd] MEM[0x2003f2d] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f2d ← 0x31 [XOR @0x10008bd] MEM[0x2003f2e] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f2e ← 0x00 [XOR @0x10008bd] MEM[0x2003f2f] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f2f ← 0x31 [XOR @0x10008bd] MEM[0x2003f30] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f30 ← 0x32 [XOR @0x10008bd] MEM[0x2003f31] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f31 ← 0x03 [XOR @0x10008bd] MEM[0x2003f32] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f32 ← 0x33 [XOR @0x10008bd] MEM[0x2003f33] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f33 ← 0x31 [XOR @0x10008bd] MEM[0x2003f34] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f34 ← 0x02 [XOR @0x10008bd] MEM[0x2003f35] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f35 ← 0x33 [XOR @0x10008bd] MEM[0x2003f36] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f36 ← 0x33 [XOR @0x10008bd] MEM[0x2003f37] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f37 ← 0x32 [XOR @0x10008bd] MEM[0x2003f38] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f38 ← 0x01 [XOR @0x10008bd] MEM[0x2003f39] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f39 ← 0x01 [XOR @0x10008bd] MEM[0x2003f3a] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f3a ← 0x02 [XOR @0x10008bd] MEM[0x2003f3b] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f3b ← 0x03 [XOR @0x10008bd] MEM[0x2003f3c] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f3c ← 0x00 [XOR @0x10008bd] MEM[0x2003f3d] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f3d ← 0x31 [XOR @0x10008bd] MEM[0x2003f3e] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f3e ← 0x30 [XOR @0x10008bd] MEM[0x2003f3f] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f3f ← 0x01 [XOR @0x10008bd] MEM[0x2003f40] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f40 ← 0x32 [XOR @0x10008bd] MEM[0x2003f41] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f41 ← 0x32 [XOR @0x10008bd] MEM[0x2003f42] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f42 ← 0x03 [XOR @0x10008bd] MEM[0x2003f43] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f43 ← 0x03 [XOR @0x10008bd] MEM[0x2003f44] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f44 ← 0x01 [STATE] ESI ← 0x54 [HOOK MOV] @0x010010b0: mov esi, 0xb [XOR @0x10010c4] MEM[0x2003f20] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x010010ca: cmp esi, 0x17 [XOR @0x10010c4] MEM[0x2003f21] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x33 [XOR @0x10010c4] MEM[0x2003f22] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f22 ← 0x01 [XOR @0x10010c4] MEM[0x2003f23] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f23 ← 0x02 [XOR @0x10010c4] MEM[0x2003f24] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f24 ← 0x01 [XOR @0x10010c4] MEM[0x2003f25] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f25 ← 0x30 [XOR @0x10010c4] MEM[0x2003f26] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f26 ← 0x31 [XOR @0x10010c4] MEM[0x2003f27] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x03 [XOR @0x10010c4] MEM[0x2003f28] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x00 [XOR @0x10010c4] MEM[0x2003f29] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f29 ← 0x00 [XOR @0x10010c4] MEM[0x2003f2a] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x00 [XOR @0x10010c4] MEM[0x2003f2b] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f2b ← 0x31 [HOOK MOV] @0x010010d1: mov esi, 0x2e [HOOK MOV] @0x01000654: mov esi, 0x1d [XOR @0x1000668] MEM[0x2003f20] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x01 [HOOK CMP] @0x0100066e: cmp esi, 0x3b [XOR @0x1000668] MEM[0x2003f21] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f21 ← 0x03 [XOR @0x1000668] MEM[0x2003f22] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f22 ← 0x00 [XOR @0x1000668] MEM[0x2003f23] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f23 ← 0x30 [XOR @0x1000668] MEM[0x2003f24] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f24 ← 0x33 [XOR @0x1000668] MEM[0x2003f25] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f25 ← 0x33 [XOR @0x1000668] MEM[0x2003f26] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x32 [XOR @0x1000668] MEM[0x2003f27] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f27 ← 0x02 [XOR @0x1000668] MEM[0x2003f28] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f28 ← 0x30 [XOR @0x1000668] MEM[0x2003f29] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f29 ← 0x30 [XOR @0x1000668] MEM[0x2003f2a] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f2a ← 0x30 [XOR @0x1000668] MEM[0x2003f2b] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f2b ← 0x01 [XOR @0x1000668] MEM[0x2003f2c] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f2c ← 0x01 [XOR @0x1000668] MEM[0x2003f2d] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f2d ← 0x31 [XOR @0x1000668] MEM[0x2003f2e] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f2e ← 0x00 [XOR @0x1000668] MEM[0x2003f2f] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f2f ← 0x31 [XOR @0x1000668] MEM[0x2003f30] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f30 ← 0x32 [XOR @0x1000668] MEM[0x2003f31] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f31 ← 0x03 [XOR @0x1000668] MEM[0x2003f32] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f32 ← 0x32 [XOR @0x1000668] MEM[0x2003f33] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f33 ← 0x32 [XOR @0x1000668] MEM[0x2003f34] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f34 ← 0x02 [XOR @0x1000668] MEM[0x2003f35] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f35 ← 0x03 [XOR @0x1000668] MEM[0x2003f36] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f36 ← 0x00 [XOR @0x1000668] MEM[0x2003f37] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f37 ← 0x01 [XOR @0x1000668] MEM[0x2003f38] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f38 ← 0x33 [XOR @0x1000668] MEM[0x2003f39] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f39 ← 0x03 [XOR @0x1000668] MEM[0x2003f3a] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f3a ← 0x32 [XOR @0x1000668] MEM[0x2003f3b] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f3b ← 0x33 [XOR @0x1000668] MEM[0x2003f3c] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f3c ← 0x30 [XOR @0x1000668] MEM[0x2003f3d] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f3d ← 0x30 [STATE] ESI ← 0x2D [HOOK MOV] @0x01001487: mov esi, 0x18 [XOR @0x100149b] MEM[0x2003f20] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f20 ← 0x32 [HOOK CMP] @0x010014a1: cmp esi, 0x31 [XOR @0x100149b] MEM[0x2003f21] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f21 ← 0x00 [XOR @0x100149b] MEM[0x2003f22] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f22 ← 0x32 [XOR @0x100149b] MEM[0x2003f23] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f23 ← 0x03 [XOR @0x100149b] MEM[0x2003f24] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f24 ← 0x03 [XOR @0x100149b] MEM[0x2003f25] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f25 ← 0x03 [XOR @0x100149b] MEM[0x2003f26] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f26 ← 0x02 [XOR @0x100149b] MEM[0x2003f27] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f27 ← 0x03 [XOR @0x100149b] MEM[0x2003f28] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f28 ← 0x02 [XOR @0x100149b] MEM[0x2003f29] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f29 ← 0x02 [XOR @0x100149b] MEM[0x2003f2a] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f2a ← 0x33 [XOR @0x100149b] MEM[0x2003f2b] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f2b ← 0x02 [XOR @0x100149b] MEM[0x2003f2c] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f2c ← 0x00 [XOR @0x100149b] MEM[0x2003f2d] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f2d ← 0x01 [XOR @0x100149b] MEM[0x2003f2e] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f2e ← 0x30 [XOR @0x100149b] MEM[0x2003f2f] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f2f ← 0x01 [XOR @0x100149b] MEM[0x2003f30] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f30 ← 0x02 [XOR @0x100149b] MEM[0x2003f31] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f31 ← 0x03 [XOR @0x100149b] MEM[0x2003f32] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f32 ← 0x32 [XOR @0x100149b] MEM[0x2003f33] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f33 ← 0x32 [XOR @0x100149b] MEM[0x2003f34] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f34 ← 0x02 [XOR @0x100149b] MEM[0x2003f35] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f35 ← 0x03 [XOR @0x100149b] MEM[0x2003f36] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f36 ← 0x00 [XOR @0x100149b] MEM[0x2003f37] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f37 ← 0x33 [XOR @0x100149b] MEM[0x2003f38] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f38 ← 0x33 [STATE] ESI ← 0x36 [HOOK MOV] @0x010004a6: mov esi, 0x1f [HOOK MOV] @0x010004ab: mov esi, 0xae4c415d [WRITE] @0x2003f20 ← 0x33 [HOOK CMP] @0x010004d4: cmp esi, 0x3f [WRITE] @0x2003f21 ← 0x32 [WRITE] @0x2003f22 ← 0x00 [WRITE] @0x2003f23 ← 0x00 [WRITE] @0x2003f24 ← 0x00 [WRITE] @0x2003f25 ← 0x02 [WRITE] @0x2003f26 ← 0x32 [WRITE] @0x2003f27 ← 0x33 [WRITE] @0x2003f28 ← 0x32 [WRITE] @0x2003f29 ← 0x32 [WRITE] @0x2003f2a ← 0x33 [WRITE] @0x2003f2b ← 0x02 [WRITE] @0x2003f2c ← 0x00 [WRITE] @0x2003f2d ← 0x01 [WRITE] @0x2003f2e ← 0x30 [WRITE] @0x2003f2f ← 0x01 [WRITE] @0x2003f30 ← 0x31 [WRITE] @0x2003f31 ← 0x31 [WRITE] @0x2003f32 ← 0x32 [WRITE] @0x2003f33 ← 0x32 [WRITE] @0x2003f34 ← 0x02 [WRITE] @0x2003f35 ← 0x01 [WRITE] @0x2003f36 ← 0x32 [WRITE] @0x2003f37 ← 0x00 [WRITE] @0x2003f38 ← 0x01 [WRITE] @0x2003f39 ← 0x31 [WRITE] @0x2003f3a ← 0x01 [WRITE] @0x2003f3b ← 0x31 [WRITE] @0x2003f3c ← 0x30 [WRITE] @0x2003f3d ← 0x31 [WRITE] @0x2003f3e ← 0x00 [WRITE] @0x2003f3f ← 0x00 [STATE] ESI ← 0x12 [HOOK MOV] @0x01001286: mov esi, 0x15 [XOR @0x100129a] MEM[0x2003f20] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f20 ← 0x32 [HOOK CMP] @0x010012a0: cmp esi, 0x2b [XOR @0x100129a] MEM[0x2003f21] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x00 [XOR @0x100129a] MEM[0x2003f22] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f22 ← 0x00 [XOR @0x100129a] MEM[0x2003f23] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x01 [XOR @0x100129a] MEM[0x2003f24] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f24 ← 0x31 [XOR @0x100129a] MEM[0x2003f25] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f25 ← 0x03 [XOR @0x100129a] MEM[0x2003f26] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f26 ← 0x03 [XOR @0x100129a] MEM[0x2003f27] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f27 ← 0x03 [XOR @0x100129a] MEM[0x2003f28] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f28 ← 0x03 [XOR @0x100129a] MEM[0x2003f29] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f29 ← 0x32 [XOR @0x100129a] MEM[0x2003f2a] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x33 [XOR @0x100129a] MEM[0x2003f2b] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f2b ← 0x30 [XOR @0x100129a] MEM[0x2003f2c] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f2c ← 0x32 [XOR @0x100129a] MEM[0x2003f2d] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f2d ← 0x02 [XOR @0x100129a] MEM[0x2003f2e] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f2e ← 0x33 [XOR @0x100129a] MEM[0x2003f2f] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f2f ← 0x00 [XOR @0x100129a] MEM[0x2003f30] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f30 ← 0x01 [XOR @0x100129a] MEM[0x2003f31] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f31 ← 0x01 [XOR @0x100129a] MEM[0x2003f32] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f32 ← 0x02 [XOR @0x100129a] MEM[0x2003f33] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f33 ← 0x02 [XOR @0x100129a] MEM[0x2003f34] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f34 ← 0x02 [XOR @0x100129a] MEM[0x2003f35] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f35 ← 0x01 [STATE] ESI ← 0x40 [HOOK MOV] @0x01001052: mov esi, 0xe [XOR @0x1001066] MEM[0x2003f20] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f20 ← 0x01 [HOOK CMP] @0x0100106c: cmp esi, 0x1d [XOR @0x1001066] MEM[0x2003f21] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f21 ← 0x00 [XOR @0x1001066] MEM[0x2003f22] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f22 ← 0x01 [XOR @0x1001066] MEM[0x2003f23] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f23 ← 0x00 [XOR @0x1001066] MEM[0x2003f24] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f24 ← 0x33 [XOR @0x1001066] MEM[0x2003f25] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x01 [XOR @0x1001066] MEM[0x2003f26] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f26 ← 0x01 [XOR @0x1001066] MEM[0x2003f27] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f27 ← 0x02 [XOR @0x1001066] MEM[0x2003f28] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f28 ← 0x31 [XOR @0x1001066] MEM[0x2003f29] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f29 ← 0x32 [XOR @0x1001066] MEM[0x2003f2a] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x32 [XOR @0x1001066] MEM[0x2003f2b] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f2b ← 0x01 [XOR @0x1001066] MEM[0x2003f2c] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f2c ← 0x33 [XOR @0x1001066] MEM[0x2003f2d] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f2d ← 0x33 [XOR @0x1001066] MEM[0x2003f2e] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f2e ← 0x03 [STATE] ESI ← 0x0E [HOOK MOV] @0x01000d5b: mov esi, 0x2a [XOR @0x1000d6f] MEM[0x2003f20] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f20 ← 0x01 [HOOK CMP] @0x01000d75: cmp esi, 0x55 [XOR @0x1000d6f] MEM[0x2003f21] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f21 ← 0x00 [XOR @0x1000d6f] MEM[0x2003f22] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f22 ← 0x01 [XOR @0x1000d6f] MEM[0x2003f23] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x00 [XOR @0x1000d6f] MEM[0x2003f24] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f24 ← 0x33 [XOR @0x1000d6f] MEM[0x2003f25] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f25 ← 0x00 [XOR @0x1000d6f] MEM[0x2003f26] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f26 ← 0x01 [XOR @0x1000d6f] MEM[0x2003f27] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f27 ← 0x03 [XOR @0x1000d6f] MEM[0x2003f28] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x31 [XOR @0x1000d6f] MEM[0x2003f29] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f29 ← 0x01 [XOR @0x1000d6f] MEM[0x2003f2a] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f2a ← 0x32 [XOR @0x1000d6f] MEM[0x2003f2b] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f2b ← 0x00 [XOR @0x1000d6f] MEM[0x2003f2c] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f2c ← 0x30 [XOR @0x1000d6f] MEM[0x2003f2d] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f2d ← 0x02 [XOR @0x1000d6f] MEM[0x2003f2e] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f2e ← 0x02 [XOR @0x1000d6f] MEM[0x2003f2f] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f2f ← 0x32 [XOR @0x1000d6f] MEM[0x2003f30] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f30 ← 0x01 [XOR @0x1000d6f] MEM[0x2003f31] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x31 [XOR @0x1000d6f] MEM[0x2003f32] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f32 ← 0x00 [XOR @0x1000d6f] MEM[0x2003f33] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f33 ← 0x00 [XOR @0x1000d6f] MEM[0x2003f34] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f34 ← 0x30 [XOR @0x1000d6f] MEM[0x2003f35] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f35 ← 0x00 [XOR @0x1000d6f] MEM[0x2003f36] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f36 ← 0x03 [XOR @0x1000d6f] MEM[0x2003f37] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f37 ← 0x00 [XOR @0x1000d6f] MEM[0x2003f38] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f38 ← 0x01 [XOR @0x1000d6f] MEM[0x2003f39] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f39 ← 0x01 [XOR @0x1000d6f] MEM[0x2003f3a] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f3a ← 0x01 [XOR @0x1000d6f] MEM[0x2003f3b] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f3b ← 0x32 [XOR @0x1000d6f] MEM[0x2003f3c] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f3c ← 0x30 [XOR @0x1000d6f] MEM[0x2003f3d] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f3d ← 0x30 [XOR @0x1000d6f] MEM[0x2003f3e] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f3e ← 0x01 [XOR @0x1000d6f] MEM[0x2003f3f] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f3f ← 0x01 [XOR @0x1000d6f] MEM[0x2003f40] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f40 ← 0x00 [XOR @0x1000d6f] MEM[0x2003f41] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f41 ← 0x02 [XOR @0x1000d6f] MEM[0x2003f42] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f42 ← 0x33 [XOR @0x1000d6f] MEM[0x2003f43] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f43 ← 0x02 [XOR @0x1000d6f] MEM[0x2003f44] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f44 ← 0x00 [XOR @0x1000d6f] MEM[0x2003f45] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f45 ← 0x30 [XOR @0x1000d6f] MEM[0x2003f46] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f46 ← 0x32 [XOR @0x1000d6f] MEM[0x2003f47] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f47 ← 0x03 [XOR @0x1000d6f] MEM[0x2003f48] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f48 ← 0x32 [XOR @0x1000d6f] MEM[0x2003f49] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f49 ← 0x00 [XOR @0x1000d6f] MEM[0x2003f4a] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f4a ← 0x30 [STATE] ESI ← 0x39 [HOOK MOV] @0x01000f3b: mov esi, 0x14 [XOR @0x1000f4f] MEM[0x2003f20] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x01000f55: cmp esi, 0x29 [XOR @0x1000f4f] MEM[0x2003f21] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f21 ← 0x00 [XOR @0x1000f4f] MEM[0x2003f22] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f22 ← 0x02 [XOR @0x1000f4f] MEM[0x2003f23] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x00 [XOR @0x1000f4f] MEM[0x2003f24] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f24 ← 0x32 [XOR @0x1000f4f] MEM[0x2003f25] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f25 ← 0x01 [XOR @0x1000f4f] MEM[0x2003f26] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f26 ← 0x00 [XOR @0x1000f4f] MEM[0x2003f27] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f27 ← 0x31 [XOR @0x1000f4f] MEM[0x2003f28] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x01 [XOR @0x1000f4f] MEM[0x2003f29] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f29 ← 0x31 [XOR @0x1000f4f] MEM[0x2003f2a] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f2a ← 0x33 [XOR @0x1000f4f] MEM[0x2003f2b] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f2b ← 0x01 [XOR @0x1000f4f] MEM[0x2003f2c] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f2c ← 0x30 [XOR @0x1000f4f] MEM[0x2003f2d] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f2d ← 0x00 [XOR @0x1000f4f] MEM[0x2003f2e] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f2e ← 0x31 [XOR @0x1000f4f] MEM[0x2003f2f] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f2f ← 0x30 [XOR @0x1000f4f] MEM[0x2003f30] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f30 ← 0x01 [XOR @0x1000f4f] MEM[0x2003f31] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f31 ← 0x01 [XOR @0x1000f4f] MEM[0x2003f32] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f32 ← 0x32 [XOR @0x1000f4f] MEM[0x2003f33] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f33 ← 0x03 [XOR @0x1000f4f] MEM[0x2003f34] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f34 ← 0x02 [STATE] ESI ← 0x0F [HOOK MOV] @0x010005cb: mov esi, 0xb [XOR @0x10005df] MEM[0x2003f20] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x010005e5: cmp esi, 0x17 [XOR @0x10005df] MEM[0x2003f21] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f21 ← 0x30 [XOR @0x10005df] MEM[0x2003f22] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f22 ← 0x02 [XOR @0x10005df] MEM[0x2003f23] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x31 [XOR @0x10005df] MEM[0x2003f24] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f24 ← 0x02 [XOR @0x10005df] MEM[0x2003f25] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f25 ← 0x00 [XOR @0x10005df] MEM[0x2003f26] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f26 ← 0x01 [XOR @0x10005df] MEM[0x2003f27] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f27 ← 0x03 [XOR @0x10005df] MEM[0x2003f28] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f28 ← 0x02 [XOR @0x10005df] MEM[0x2003f29] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f29 ← 0x33 [XOR @0x10005df] MEM[0x2003f2a] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x33 [XOR @0x10005df] MEM[0x2003f2b] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f2b ← 0x02 [STATE] ESI ← 0x03 [HOOK MOV] @0x010011f9: mov esi, 0x6 [XOR @0x100120d] MEM[0x2003f20] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x01001213: cmp esi, 0xd [XOR @0x100120d] MEM[0x2003f21] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f21 ← 0x33 [XOR @0x100120d] MEM[0x2003f22] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f22 ← 0x00 [XOR @0x100120d] MEM[0x2003f23] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f23 ← 0x02 [XOR @0x100120d] MEM[0x2003f24] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f24 ← 0x31 [XOR @0x100120d] MEM[0x2003f25] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f25 ← 0x02 [XOR @0x100120d] MEM[0x2003f26] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f26 ← 0x31 [STATE] ESI ← 0x27 [HOOK MOV] @0x01000db9: mov esi, 0x1a [XOR @0x1000dcd] MEM[0x2003f20] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x01000dd3: cmp esi, 0x35 [XOR @0x1000dcd] MEM[0x2003f21] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f21 ← 0x01 [XOR @0x1000dcd] MEM[0x2003f22] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f22 ← 0x30 [XOR @0x1000dcd] MEM[0x2003f23] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f23 ← 0x32 [XOR @0x1000dcd] MEM[0x2003f24] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f24 ← 0x30 [XOR @0x1000dcd] MEM[0x2003f25] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f25 ← 0x03 [XOR @0x1000dcd] MEM[0x2003f26] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x31 [XOR @0x1000dcd] MEM[0x2003f27] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f27 ← 0x01 [XOR @0x1000dcd] MEM[0x2003f28] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f28 ← 0x31 [XOR @0x1000dcd] MEM[0x2003f29] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f29 ← 0x31 [XOR @0x1000dcd] MEM[0x2003f2a] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x33 [XOR @0x1000dcd] MEM[0x2003f2b] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f2b ← 0x32 [XOR @0x1000dcd] MEM[0x2003f2c] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f2c ← 0x02 [XOR @0x1000dcd] MEM[0x2003f2d] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f2d ← 0x03 [XOR @0x1000dcd] MEM[0x2003f2e] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f2e ← 0x03 [XOR @0x1000dcd] MEM[0x2003f2f] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f2f ← 0x30 [XOR @0x1000dcd] MEM[0x2003f30] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f30 ← 0x31 [XOR @0x1000dcd] MEM[0x2003f31] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x01 [XOR @0x1000dcd] MEM[0x2003f32] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f32 ← 0x32 [XOR @0x1000dcd] MEM[0x2003f33] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f33 ← 0x03 [XOR @0x1000dcd] MEM[0x2003f34] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f34 ← 0x02 [XOR @0x1000dcd] MEM[0x2003f35] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f35 ← 0x30 [XOR @0x1000dcd] MEM[0x2003f36] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f36 ← 0x02 [XOR @0x1000dcd] MEM[0x2003f37] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f37 ← 0x30 [XOR @0x1000dcd] MEM[0x2003f38] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f38 ← 0x33 [XOR @0x1000dcd] MEM[0x2003f39] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f39 ← 0x31 [XOR @0x1000dcd] MEM[0x2003f3a] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f3a ← 0x02 [STATE] ESI ← 0x18 [XOR @0x10007a9] MEM[0x2003f20] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x03 [HOOK CMP] @0x010007af: cmp esi, 0x31 [XOR @0x10007a9] MEM[0x2003f21] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f21 ← 0x30 [XOR @0x10007a9] MEM[0x2003f22] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f22 ← 0x32 [XOR @0x10007a9] MEM[0x2003f23] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f23 ← 0x00 [XOR @0x10007a9] MEM[0x2003f24] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f24 ← 0x00 [XOR @0x10007a9] MEM[0x2003f25] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x33 [XOR @0x10007a9] MEM[0x2003f26] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x30 [XOR @0x10007a9] MEM[0x2003f27] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f27 ← 0x00 [XOR @0x10007a9] MEM[0x2003f28] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x31 [XOR @0x10007a9] MEM[0x2003f29] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f29 ← 0x33 [XOR @0x10007a9] MEM[0x2003f2a] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x00 [XOR @0x10007a9] MEM[0x2003f2b] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f2b ← 0x30 [XOR @0x10007a9] MEM[0x2003f2c] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x02 [XOR @0x10007a9] MEM[0x2003f2d] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f2d ← 0x33 [XOR @0x10007a9] MEM[0x2003f2e] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f2e ← 0x31 [XOR @0x10007a9] MEM[0x2003f2f] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f2f ← 0x33 [XOR @0x10007a9] MEM[0x2003f30] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f30 ← 0x03 [XOR @0x10007a9] MEM[0x2003f31] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x01 [XOR @0x10007a9] MEM[0x2003f32] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f32 ← 0x02 [XOR @0x10007a9] MEM[0x2003f33] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f33 ← 0x03 [XOR @0x10007a9] MEM[0x2003f34] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f34 ← 0x02 [XOR @0x10007a9] MEM[0x2003f35] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f35 ← 0x30 [XOR @0x10007a9] MEM[0x2003f36] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f36 ← 0x02 [XOR @0x10007a9] MEM[0x2003f37] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f37 ← 0x33 [XOR @0x10007a9] MEM[0x2003f38] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f38 ← 0x03 [STATE] ESI ← 0x58 [HOOK MOV] @0x010010df: mov esi, 0x18 [XOR @0x10010f3] MEM[0x2003f20] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f20 ← 0x00 [HOOK CMP] @0x010010f9: cmp esi, 0x31 [XOR @0x10010f3] MEM[0x2003f21] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f21 ← 0x01 [XOR @0x10010f3] MEM[0x2003f22] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f22 ← 0x30 [XOR @0x10010f3] MEM[0x2003f23] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x32 [XOR @0x10010f3] MEM[0x2003f24] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f24 ← 0x30 [XOR @0x10010f3] MEM[0x2003f25] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f25 ← 0x03 [XOR @0x10010f3] MEM[0x2003f26] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f26 ← 0x31 [XOR @0x10010f3] MEM[0x2003f27] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f27 ← 0x01 [XOR @0x10010f3] MEM[0x2003f28] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x31 [XOR @0x10010f3] MEM[0x2003f29] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f29 ← 0x31 [XOR @0x10010f3] MEM[0x2003f2a] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f2a ← 0x33 [XOR @0x10010f3] MEM[0x2003f2b] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f2b ← 0x32 [XOR @0x10010f3] MEM[0x2003f2c] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x02 [XOR @0x10010f3] MEM[0x2003f2d] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f2d ← 0x03 [XOR @0x10010f3] MEM[0x2003f2e] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f2e ← 0x03 [XOR @0x10010f3] MEM[0x2003f2f] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f2f ← 0x30 [XOR @0x10010f3] MEM[0x2003f30] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f30 ← 0x31 [XOR @0x10010f3] MEM[0x2003f31] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x01 [XOR @0x10010f3] MEM[0x2003f32] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f32 ← 0x32 [XOR @0x10010f3] MEM[0x2003f33] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f33 ← 0x03 [XOR @0x10010f3] MEM[0x2003f34] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f34 ← 0x02 [XOR @0x10010f3] MEM[0x2003f35] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f35 ← 0x30 [XOR @0x10010f3] MEM[0x2003f36] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f36 ← 0x02 [XOR @0x10010f3] MEM[0x2003f37] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f37 ← 0x33 [XOR @0x10010f3] MEM[0x2003f38] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f38 ← 0x02 [STATE] ESI ← 0x3B [HOOK MOV] @0x0100136f: mov esi, 0x1d [XOR @0x1001383] MEM[0x2003f20] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x01001389: cmp esi, 0x3b [XOR @0x1001383] MEM[0x2003f21] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f21 ← 0x00 [XOR @0x1001383] MEM[0x2003f22] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f22 ← 0x31 [XOR @0x1001383] MEM[0x2003f23] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f23 ← 0x32 [XOR @0x1001383] MEM[0x2003f24] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f24 ← 0x32 [XOR @0x1001383] MEM[0x2003f25] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x30 [XOR @0x1001383] MEM[0x2003f26] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x33 [XOR @0x1001383] MEM[0x2003f27] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f27 ← 0x01 [XOR @0x1001383] MEM[0x2003f28] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x01 [XOR @0x1001383] MEM[0x2003f29] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f29 ← 0x03 [XOR @0x1001383] MEM[0x2003f2a] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x30 [XOR @0x1001383] MEM[0x2003f2b] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f2b ← 0x00 [XOR @0x1001383] MEM[0x2003f2c] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x02 [XOR @0x1001383] MEM[0x2003f2d] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f2d ← 0x33 [XOR @0x1001383] MEM[0x2003f2e] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f2e ← 0x03 [XOR @0x1001383] MEM[0x2003f2f] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f2f ← 0x30 [XOR @0x1001383] MEM[0x2003f30] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f30 ← 0x31 [XOR @0x1001383] MEM[0x2003f31] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x01 [XOR @0x1001383] MEM[0x2003f32] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f32 ← 0x02 [XOR @0x1001383] MEM[0x2003f33] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f33 ← 0x03 [XOR @0x1001383] MEM[0x2003f34] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f34 ← 0x33 [XOR @0x1001383] MEM[0x2003f35] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f35 ← 0x02 [XOR @0x1001383] MEM[0x2003f36] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f36 ← 0x30 [XOR @0x1001383] MEM[0x2003f37] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f37 ← 0x03 [XOR @0x1001383] MEM[0x2003f38] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f38 ← 0x31 [XOR @0x1001383] MEM[0x2003f39] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f39 ← 0x30 [XOR @0x1001383] MEM[0x2003f3a] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f3a ← 0x03 [XOR @0x1001383] MEM[0x2003f3b] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f3b ← 0x31 [XOR @0x1001383] MEM[0x2003f3c] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f3c ← 0x00 [XOR @0x1001383] MEM[0x2003f3d] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f3d ← 0x30 [STATE] ESI ← 0x55 [HOOK MOV] @0x0100076b: mov esi, 0x1d [XOR @0x100077f] MEM[0x2003f20] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x00 [HOOK CMP] @0x01000785: cmp esi, 0x3b [XOR @0x100077f] MEM[0x2003f21] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f21 ← 0x01 [XOR @0x100077f] MEM[0x2003f22] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f22 ← 0x30 [XOR @0x100077f] MEM[0x2003f23] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f23 ← 0x32 [XOR @0x100077f] MEM[0x2003f24] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f24 ← 0x30 [XOR @0x100077f] MEM[0x2003f25] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f25 ← 0x03 [XOR @0x100077f] MEM[0x2003f26] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f26 ← 0x31 [XOR @0x100077f] MEM[0x2003f27] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f27 ← 0x01 [XOR @0x100077f] MEM[0x2003f28] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f28 ← 0x31 [XOR @0x100077f] MEM[0x2003f29] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f29 ← 0x31 [XOR @0x100077f] MEM[0x2003f2a] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f2a ← 0x33 [XOR @0x100077f] MEM[0x2003f2b] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f2b ← 0x32 [XOR @0x100077f] MEM[0x2003f2c] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x02 [XOR @0x100077f] MEM[0x2003f2d] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f2d ← 0x03 [XOR @0x100077f] MEM[0x2003f2e] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f2e ← 0x03 [XOR @0x100077f] MEM[0x2003f2f] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f2f ← 0x30 [XOR @0x100077f] MEM[0x2003f30] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f30 ← 0x31 [XOR @0x100077f] MEM[0x2003f31] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x01 [XOR @0x100077f] MEM[0x2003f32] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f32 ← 0x02 [XOR @0x100077f] MEM[0x2003f33] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f33 ← 0x02 [XOR @0x100077f] MEM[0x2003f34] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f34 ← 0x03 [XOR @0x100077f] MEM[0x2003f35] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f35 ← 0x30 [XOR @0x100077f] MEM[0x2003f36] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f36 ← 0x00 [XOR @0x100077f] MEM[0x2003f37] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f37 ← 0x00 [XOR @0x100077f] MEM[0x2003f38] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f38 ← 0x00 [XOR @0x100077f] MEM[0x2003f39] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f39 ← 0x31 [XOR @0x100077f] MEM[0x2003f3a] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f3a ← 0x32 [XOR @0x100077f] MEM[0x2003f3b] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f3b ← 0x00 [XOR @0x100077f] MEM[0x2003f3c] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f3c ← 0x33 [XOR @0x100077f] MEM[0x2003f3d] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f3d ← 0x02 [STATE] ESI ← 0x48 [HOOK MOV] @0x01000936: mov esi, 0xe [XOR @0x100094a] MEM[0x2003f20] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f20 ← 0x03 [HOOK CMP] @0x01000950: cmp esi, 0x1d [XOR @0x100094a] MEM[0x2003f21] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f21 ← 0x31 [XOR @0x100094a] MEM[0x2003f22] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f22 ← 0x01 [XOR @0x100094a] MEM[0x2003f23] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f23 ← 0x33 [XOR @0x100094a] MEM[0x2003f24] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f24 ← 0x32 [XOR @0x100094a] MEM[0x2003f25] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x01 [XOR @0x100094a] MEM[0x2003f26] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x32 [XOR @0x100094a] MEM[0x2003f27] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f27 ← 0x31 [XOR @0x100094a] MEM[0x2003f28] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x31 [XOR @0x100094a] MEM[0x2003f29] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f29 ← 0x31 [XOR @0x100094a] MEM[0x2003f2a] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x33 [XOR @0x100094a] MEM[0x2003f2b] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f2b ← 0x03 [XOR @0x100094a] MEM[0x2003f2c] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x30 [XOR @0x100094a] MEM[0x2003f2d] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f2d ← 0x03 [XOR @0x100094a] MEM[0x2003f2e] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f2e ← 0x30 [STATE] ESI ← 0x0A [HOOK MOV] @0x0100081b: mov esi, 0x3 [HOOK MOV] @0x01000820: mov esi, 0x2f [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x01000836: cmp esi, 0x7 [WRITE] @0x2003f21 ← 0x03 [WRITE] @0x2003f22 ← 0x00 [WRITE] @0x2003f23 ← 0x01 [STATE] ESI ← 0x1C [HOOK MOV] @0x01001257: mov esi, 0x18 [XOR @0x100126b] MEM[0x2003f20] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x01001271: cmp esi, 0x31 [XOR @0x100126b] MEM[0x2003f21] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f21 ← 0x32 [XOR @0x100126b] MEM[0x2003f22] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f22 ← 0x32 [XOR @0x100126b] MEM[0x2003f23] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f23 ← 0x01 [XOR @0x100126b] MEM[0x2003f24] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f24 ← 0x01 [XOR @0x100126b] MEM[0x2003f25] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f25 ← 0x03 [XOR @0x100126b] MEM[0x2003f26] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f26 ← 0x33 [XOR @0x100126b] MEM[0x2003f27] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f27 ← 0x30 [XOR @0x100126b] MEM[0x2003f28] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x31 [XOR @0x100126b] MEM[0x2003f29] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f29 ← 0x33 [XOR @0x100126b] MEM[0x2003f2a] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x00 [XOR @0x100126b] MEM[0x2003f2b] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f2b ← 0x01 [XOR @0x100126b] MEM[0x2003f2c] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f2c ← 0x30 [XOR @0x100126b] MEM[0x2003f2d] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f2d ← 0x33 [XOR @0x100126b] MEM[0x2003f2e] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f2e ← 0x02 [XOR @0x100126b] MEM[0x2003f2f] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f2f ← 0x33 [XOR @0x100126b] MEM[0x2003f30] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f30 ← 0x03 [XOR @0x100126b] MEM[0x2003f31] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x01 [XOR @0x100126b] MEM[0x2003f32] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f32 ← 0x32 [XOR @0x100126b] MEM[0x2003f33] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f33 ← 0x02 [XOR @0x100126b] MEM[0x2003f34] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f34 ← 0x03 [XOR @0x100126b] MEM[0x2003f35] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f35 ← 0x30 [XOR @0x100126b] MEM[0x2003f36] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f36 ← 0x00 [XOR @0x100126b] MEM[0x2003f37] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f37 ← 0x30 [XOR @0x100126b] MEM[0x2003f38] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f38 ← 0x32 [STATE] ESI ← 0x1B [HOOK MOV] @0x010008d8: mov esi, 0x8 [XOR @0x10008ec] MEM[0x2003f20] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x01 [HOOK CMP] @0x010008f2: cmp esi, 0x11 [XOR @0x10008ec] MEM[0x2003f21] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x01 [XOR @0x10008ec] MEM[0x2003f22] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f22 ← 0x32 [XOR @0x10008ec] MEM[0x2003f23] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f23 ← 0x00 [XOR @0x10008ec] MEM[0x2003f24] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f24 ← 0x31 [XOR @0x10008ec] MEM[0x2003f25] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x30 [XOR @0x10008ec] MEM[0x2003f26] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f26 ← 0x31 [XOR @0x10008ec] MEM[0x2003f27] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x03 [XOR @0x10008ec] MEM[0x2003f28] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x32 [STATE] ESI ← 0x2F [HOOK MOV] @0x01000ca7: mov esi, 0x8 [XOR @0x1000cbb] MEM[0x2003f20] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f20 ← 0x33 [HOOK CMP] @0x01000cc1: cmp esi, 0x11 [XOR @0x1000cbb] MEM[0x2003f21] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f21 ← 0x32 [XOR @0x1000cbb] MEM[0x2003f22] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f22 ← 0x32 [XOR @0x1000cbb] MEM[0x2003f23] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x01 [XOR @0x1000cbb] MEM[0x2003f24] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f24 ← 0x01 [XOR @0x1000cbb] MEM[0x2003f25] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f25 ← 0x03 [XOR @0x1000cbb] MEM[0x2003f26] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x33 [XOR @0x1000cbb] MEM[0x2003f27] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f27 ← 0x30 [XOR @0x1000cbb] MEM[0x2003f28] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f28 ← 0x31 [STATE] ESI ← 0x5C [HOOK MOV] @0x01001228: mov esi, 0x29 [XOR @0x100123c] MEM[0x2003f20] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f20 ← 0x33 [HOOK CMP] @0x01001242: cmp esi, 0x53 [XOR @0x100123c] MEM[0x2003f21] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x02 [XOR @0x100123c] MEM[0x2003f22] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f22 ← 0x32 [XOR @0x100123c] MEM[0x2003f23] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f23 ← 0x01 [XOR @0x100123c] MEM[0x2003f24] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f24 ← 0x01 [XOR @0x100123c] MEM[0x2003f25] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x03 [XOR @0x100123c] MEM[0x2003f26] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f26 ← 0x00 [XOR @0x100123c] MEM[0x2003f27] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x32 [XOR @0x100123c] MEM[0x2003f28] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x03 [XOR @0x100123c] MEM[0x2003f29] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f29 ← 0x32 [XOR @0x100123c] MEM[0x2003f2a] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f2a ← 0x01 [XOR @0x100123c] MEM[0x2003f2b] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f2b ← 0x02 [XOR @0x100123c] MEM[0x2003f2c] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f2c ← 0x30 [XOR @0x100123c] MEM[0x2003f2d] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f2d ← 0x01 [XOR @0x100123c] MEM[0x2003f2e] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f2e ← 0x01 [XOR @0x100123c] MEM[0x2003f2f] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f2f ← 0x01 [XOR @0x100123c] MEM[0x2003f30] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f30 ← 0x02 [XOR @0x100123c] MEM[0x2003f31] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x03 [XOR @0x100123c] MEM[0x2003f32] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f32 ← 0x02 [XOR @0x100123c] MEM[0x2003f33] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f33 ← 0x03 [XOR @0x100123c] MEM[0x2003f34] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f34 ← 0x02 [XOR @0x100123c] MEM[0x2003f35] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f35 ← 0x31 [XOR @0x100123c] MEM[0x2003f36] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f36 ← 0x02 [XOR @0x100123c] MEM[0x2003f37] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f37 ← 0x33 [XOR @0x100123c] MEM[0x2003f38] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f38 ← 0x30 [XOR @0x100123c] MEM[0x2003f39] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f39 ← 0x32 [XOR @0x100123c] MEM[0x2003f3a] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f3a ← 0x30 [XOR @0x100123c] MEM[0x2003f3b] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f3b ← 0x31 [XOR @0x100123c] MEM[0x2003f3c] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f3c ← 0x31 [XOR @0x100123c] MEM[0x2003f3d] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f3d ← 0x31 [XOR @0x100123c] MEM[0x2003f3e] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f3e ← 0x31 [XOR @0x100123c] MEM[0x2003f3f] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f3f ← 0x33 [XOR @0x100123c] MEM[0x2003f40] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f40 ← 0x30 [XOR @0x100123c] MEM[0x2003f41] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f41 ← 0x33 [XOR @0x100123c] MEM[0x2003f42] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f42 ← 0x02 [XOR @0x100123c] MEM[0x2003f43] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f43 ← 0x33 [XOR @0x100123c] MEM[0x2003f44] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f44 ← 0x31 [XOR @0x100123c] MEM[0x2003f45] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f45 ← 0x03 [XOR @0x100123c] MEM[0x2003f46] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f46 ← 0x02 [XOR @0x100123c] MEM[0x2003f47] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f47 ← 0x30 [XOR @0x100123c] MEM[0x2003f48] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f48 ← 0x30 [XOR @0x100123c] MEM[0x2003f49] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f49 ← 0x33 [STATE] ESI ← 0x20 [HOOK MOV] @0x010003b0: mov esi, 0xb [HOOK MOV] @0x010003b5: mov esi, 0xae4c415d [XOR @0x10003db] MEM[0x2003f20] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x010003e1: cmp esi, 0x17 [XOR @0x10003db] MEM[0x2003f21] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f21 ← 0x32 [XOR @0x10003db] MEM[0x2003f22] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f22 ← 0x33 [XOR @0x10003db] MEM[0x2003f23] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f23 ← 0x00 [XOR @0x10003db] MEM[0x2003f24] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f24 ← 0x00 [XOR @0x10003db] MEM[0x2003f25] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x01 [XOR @0x10003db] MEM[0x2003f26] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f26 ← 0x03 [XOR @0x10003db] MEM[0x2003f27] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f27 ← 0x30 [XOR @0x10003db] MEM[0x2003f28] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f28 ← 0x00 [XOR @0x10003db] MEM[0x2003f29] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f29 ← 0x30 [XOR @0x10003db] MEM[0x2003f2a] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f2a ← 0x30 [XOR @0x10003db] MEM[0x2003f2b] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f2b ← 0x00 [STATE] ESI ← 0x2B [HOOK MOV] @0x010006e1: mov esi, 0xd [XOR @0x10006f5] MEM[0x2003f20] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x010006fb: cmp esi, 0x1b [XOR @0x10006f5] MEM[0x2003f21] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x33 [XOR @0x10006f5] MEM[0x2003f22] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f22 ← 0x32 [XOR @0x10006f5] MEM[0x2003f23] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x02 [XOR @0x10006f5] MEM[0x2003f24] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f24 ← 0x03 [XOR @0x10006f5] MEM[0x2003f25] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f25 ← 0x03 [XOR @0x10006f5] MEM[0x2003f26] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f26 ← 0x00 [XOR @0x10006f5] MEM[0x2003f27] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x32 [XOR @0x10006f5] MEM[0x2003f28] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f28 ← 0x31 [XOR @0x10006f5] MEM[0x2003f29] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f29 ← 0x32 [XOR @0x10006f5] MEM[0x2003f2a] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f2a ← 0x03 [XOR @0x10006f5] MEM[0x2003f2b] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f2b ← 0x30 [XOR @0x10006f5] MEM[0x2003f2c] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f2c ← 0x02 [XOR @0x10006f5] MEM[0x2003f2d] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f2d ← 0x31 [STATE] ESI ← 0x50 [HOOK MOV] @0x010005f9: mov esi, 0x12 [XOR @0x100060d] MEM[0x2003f20] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x32 [HOOK CMP] @0x01000613: cmp esi, 0x25 [XOR @0x100060d] MEM[0x2003f21] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f21 ← 0x30 [XOR @0x100060d] MEM[0x2003f22] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f22 ← 0x30 [XOR @0x100060d] MEM[0x2003f23] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f23 ← 0x33 [XOR @0x100060d] MEM[0x2003f24] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f24 ← 0x01 [XOR @0x100060d] MEM[0x2003f25] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x30 [XOR @0x100060d] MEM[0x2003f26] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f26 ← 0x30 [XOR @0x100060d] MEM[0x2003f27] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f27 ← 0x00 [XOR @0x100060d] MEM[0x2003f28] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x01 [XOR @0x100060d] MEM[0x2003f29] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f29 ← 0x03 [XOR @0x100060d] MEM[0x2003f2a] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f2a ← 0x32 [XOR @0x100060d] MEM[0x2003f2b] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f2b ← 0x01 [XOR @0x100060d] MEM[0x2003f2c] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x33 [XOR @0x100060d] MEM[0x2003f2d] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f2d ← 0x02 [XOR @0x100060d] MEM[0x2003f2e] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f2e ← 0x31 [XOR @0x100060d] MEM[0x2003f2f] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f2f ← 0x32 [XOR @0x100060d] MEM[0x2003f30] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f30 ← 0x00 [XOR @0x100060d] MEM[0x2003f31] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f31 ← 0x30 [XOR @0x100060d] MEM[0x2003f32] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f32 ← 0x33 [STATE] ESI ← 0x44 [HOOK MOV] @0x010015c7: mov esi, 0xe [XOR @0x10015db] MEM[0x2003f20] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f20 ← 0x03 [HOOK CMP] @0x010015e1: cmp esi, 0x1d [XOR @0x10015db] MEM[0x2003f21] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f21 ← 0x02 [XOR @0x10015db] MEM[0x2003f22] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f22 ← 0x30 [XOR @0x10015db] MEM[0x2003f23] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f23 ← 0x03 [XOR @0x10015db] MEM[0x2003f24] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f24 ← 0x32 [XOR @0x10015db] MEM[0x2003f25] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f25 ← 0x33 [XOR @0x10015db] MEM[0x2003f26] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f26 ← 0x32 [XOR @0x10015db] MEM[0x2003f27] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f27 ← 0x31 [XOR @0x10015db] MEM[0x2003f28] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f28 ← 0x03 [XOR @0x10015db] MEM[0x2003f29] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f29 ← 0x30 [XOR @0x10015db] MEM[0x2003f2a] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f2a ← 0x02 [XOR @0x10015db] MEM[0x2003f2b] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f2b ← 0x33 [XOR @0x10015db] MEM[0x2003f2c] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f2c ← 0x03 [XOR @0x10015db] MEM[0x2003f2d] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f2d ← 0x33 [XOR @0x10015db] MEM[0x2003f2e] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f2e ← 0x00 [STATE] ESI ← 0x2E [HOOK MOV] @0x01001597: mov esi, 0x19 [HOOK MOV] @0x0100159c: mov esi, 0x2f [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x010015b2: cmp esi, 0x33 [WRITE] @0x2003f21 ← 0x32 [WRITE] @0x2003f22 ← 0x01 [WRITE] @0x2003f23 ← 0x32 [WRITE] @0x2003f24 ← 0x03 [WRITE] @0x2003f25 ← 0x02 [WRITE] @0x2003f26 ← 0x01 [WRITE] @0x2003f27 ← 0x01 [WRITE] @0x2003f28 ← 0x30 [WRITE] @0x2003f29 ← 0x32 [WRITE] @0x2003f2a ← 0x31 [WRITE] @0x2003f2b ← 0x02 [WRITE] @0x2003f2c ← 0x00 [WRITE] @0x2003f2d ← 0x31 [WRITE] @0x2003f2e ← 0x30 [WRITE] @0x2003f2f ← 0x02 [WRITE] @0x2003f30 ← 0x33 [WRITE] @0x2003f31 ← 0x00 [WRITE] @0x2003f32 ← 0x33 [WRITE] @0x2003f33 ← 0x03 [WRITE] @0x2003f34 ← 0x02 [WRITE] @0x2003f35 ← 0x31 [WRITE] @0x2003f36 ← 0x33 [WRITE] @0x2003f37 ← 0x01 [WRITE] @0x2003f38 ← 0x31 [WRITE] @0x2003f39 ← 0x00 [STATE] ESI ← 0x1D [HOOK MOV] @0x01000a21: mov esi, 0x2 [XOR @0x1000a35] MEM[0x2003f20] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x01000a3b: cmp esi, 0x5 [XOR @0x1000a35] MEM[0x2003f21] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x00 [XOR @0x1000a35] MEM[0x2003f22] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f22 ← 0x02 [STATE] ESI ← 0x5E [HOOK MOV] @0x010014b2: mov esi, 0x17 [HOOK MOV] @0x010014b7: mov esi, 0x2f [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x010014cd: cmp esi, 0x2f [WRITE] @0x2003f21 ← 0x31 [WRITE] @0x2003f22 ← 0x02 [WRITE] @0x2003f23 ← 0x02 [WRITE] @0x2003f24 ← 0x32 [WRITE] @0x2003f25 ← 0x33 [WRITE] @0x2003f26 ← 0x30 [WRITE] @0x2003f27 ← 0x30 [WRITE] @0x2003f28 ← 0x03 [WRITE] @0x2003f29 ← 0x02 [WRITE] @0x2003f2a ← 0x02 [WRITE] @0x2003f2b ← 0x00 [WRITE] @0x2003f2c ← 0x33 [WRITE] @0x2003f2d ← 0x00 [WRITE] @0x2003f2e ← 0x33 [WRITE] @0x2003f2f ← 0x00 [WRITE] @0x2003f30 ← 0x03 [WRITE] @0x2003f31 ← 0x30 [WRITE] @0x2003f32 ← 0x00 [WRITE] @0x2003f33 ← 0x33 [WRITE] @0x2003f34 ← 0x02 [WRITE] @0x2003f35 ← 0x31 [WRITE] @0x2003f36 ← 0x33 [WRITE] @0x2003f37 ← 0x01 [STATE] ESI ← 0x21 [HOOK MOV] @0x01001540: mov esi, 0x11 [XOR @0x1001554] MEM[0x2003f20] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x01 [HOOK CMP] @0x0100155a: cmp esi, 0x23 [XOR @0x1001554] MEM[0x2003f21] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f21 ← 0x31 [XOR @0x1001554] MEM[0x2003f22] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f22 ← 0x31 [XOR @0x1001554] MEM[0x2003f23] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f23 ← 0x00 [XOR @0x1001554] MEM[0x2003f24] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f24 ← 0x03 [XOR @0x1001554] MEM[0x2003f25] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f25 ← 0x00 [XOR @0x1001554] MEM[0x2003f26] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f26 ← 0x31 [XOR @0x1001554] MEM[0x2003f27] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x01 [XOR @0x1001554] MEM[0x2003f28] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f28 ← 0x03 [XOR @0x1001554] MEM[0x2003f29] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f29 ← 0x32 [XOR @0x1001554] MEM[0x2003f2a] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f2a ← 0x33 [XOR @0x1001554] MEM[0x2003f2b] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f2b ← 0x31 [XOR @0x1001554] MEM[0x2003f2c] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f2c ← 0x02 [XOR @0x1001554] MEM[0x2003f2d] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f2d ← 0x31 [XOR @0x1001554] MEM[0x2003f2e] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f2e ← 0x00 [XOR @0x1001554] MEM[0x2003f2f] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f2f ← 0x30 [XOR @0x1001554] MEM[0x2003f30] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f30 ← 0x30 [XOR @0x1001554] MEM[0x2003f31] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f31 ← 0x32 [STATE] ESI ← 0x47 [HOOK MOV] @0x01000cd6: mov esi, 0x28 [XOR @0x1000cea] MEM[0x2003f20] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x01000cf0: cmp esi, 0x51 [XOR @0x1000cea] MEM[0x2003f21] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f21 ← 0x02 [XOR @0x1000cea] MEM[0x2003f22] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f22 ← 0x01 [XOR @0x1000cea] MEM[0x2003f23] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x00 [XOR @0x1000cea] MEM[0x2003f24] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f24 ← 0x03 [XOR @0x1000cea] MEM[0x2003f25] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f25 ← 0x00 [XOR @0x1000cea] MEM[0x2003f26] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x31 [XOR @0x1000cea] MEM[0x2003f27] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f27 ← 0x30 [XOR @0x1000cea] MEM[0x2003f28] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f28 ← 0x01 [XOR @0x1000cea] MEM[0x2003f29] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f29 ← 0x33 [XOR @0x1000cea] MEM[0x2003f2a] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x33 [XOR @0x1000cea] MEM[0x2003f2b] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f2b ← 0x32 [XOR @0x1000cea] MEM[0x2003f2c] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x02 [XOR @0x1000cea] MEM[0x2003f2d] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f2d ← 0x00 [XOR @0x1000cea] MEM[0x2003f2e] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f2e ← 0x30 [XOR @0x1000cea] MEM[0x2003f2f] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f2f ← 0x31 [XOR @0x1000cea] MEM[0x2003f30] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f30 ← 0x03 [XOR @0x1000cea] MEM[0x2003f31] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f31 ← 0x01 [XOR @0x1000cea] MEM[0x2003f32] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f32 ← 0x32 [XOR @0x1000cea] MEM[0x2003f33] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f33 ← 0x31 [XOR @0x1000cea] MEM[0x2003f34] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f34 ← 0x02 [XOR @0x1000cea] MEM[0x2003f35] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f35 ← 0x01 [XOR @0x1000cea] MEM[0x2003f36] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f36 ← 0x02 [XOR @0x1000cea] MEM[0x2003f37] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f37 ← 0x02 [XOR @0x1000cea] MEM[0x2003f38] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f38 ← 0x30 [XOR @0x1000cea] MEM[0x2003f39] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f39 ← 0x32 [XOR @0x1000cea] MEM[0x2003f3a] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f3a ← 0x01 [XOR @0x1000cea] MEM[0x2003f3b] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f3b ← 0x33 [XOR @0x1000cea] MEM[0x2003f3c] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f3c ← 0x30 [XOR @0x1000cea] MEM[0x2003f3d] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f3d ← 0x33 [XOR @0x1000cea] MEM[0x2003f3e] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f3e ← 0x33 [XOR @0x1000cea] MEM[0x2003f3f] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f3f ← 0x03 [XOR @0x1000cea] MEM[0x2003f40] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f40 ← 0x02 [XOR @0x1000cea] MEM[0x2003f41] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f41 ← 0x32 [XOR @0x1000cea] MEM[0x2003f42] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f42 ← 0x31 [XOR @0x1000cea] MEM[0x2003f43] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f43 ← 0x03 [XOR @0x1000cea] MEM[0x2003f44] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f44 ← 0x02 [XOR @0x1000cea] MEM[0x2003f45] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f45 ← 0x30 [XOR @0x1000cea] MEM[0x2003f46] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f46 ← 0x01 [XOR @0x1000cea] MEM[0x2003f47] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f47 ← 0x32 [XOR @0x1000cea] MEM[0x2003f48] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f48 ← 0x02 [STATE] ESI ← 0x17 [HOOK MOV] @0x0100073c: mov esi, 0x11 [XOR @0x1000750] MEM[0x2003f20] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x01000756: cmp esi, 0x23 [XOR @0x1000750] MEM[0x2003f21] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f21 ← 0x30 [XOR @0x1000750] MEM[0x2003f22] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f22 ← 0x30 [XOR @0x1000750] MEM[0x2003f23] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x02 [XOR @0x1000750] MEM[0x2003f24] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f24 ← 0x02 [XOR @0x1000750] MEM[0x2003f25] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f25 ← 0x02 [XOR @0x1000750] MEM[0x2003f26] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x33 [XOR @0x1000750] MEM[0x2003f27] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x00 [XOR @0x1000750] MEM[0x2003f28] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f28 ← 0x33 [XOR @0x1000750] MEM[0x2003f29] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f29 ← 0x32 [XOR @0x1000750] MEM[0x2003f2a] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x00 [XOR @0x1000750] MEM[0x2003f2b] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f2b ← 0x02 [XOR @0x1000750] MEM[0x2003f2c] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x31 [XOR @0x1000750] MEM[0x2003f2d] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f2d ← 0x33 [XOR @0x1000750] MEM[0x2003f2e] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f2e ← 0x33 [XOR @0x1000750] MEM[0x2003f2f] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f2f ← 0x33 [XOR @0x1000750] MEM[0x2003f30] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f30 ← 0x31 [XOR @0x1000750] MEM[0x2003f31] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x30 [STATE] ESI ← 0x01 [HOOK MOV] @0x01000994: mov esi, 0x4 [XOR @0x10009a8] MEM[0x2003f20] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x32 [HOOK CMP] @0x010009ae: cmp esi, 0x9 [XOR @0x10009a8] MEM[0x2003f21] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f21 ← 0x32 [XOR @0x10009a8] MEM[0x2003f22] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f22 ← 0x03 [XOR @0x10009a8] MEM[0x2003f23] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f23 ← 0x02 [XOR @0x10009a8] MEM[0x2003f24] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f24 ← 0x31 [STATE] ESI ← 0x52 [HOOK MOV] @0x01001625: mov esi, 0x15 [XOR @0x1001639] MEM[0x2003f20] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f20 ← 0x33 [HOOK CMP] @0x0100163f: cmp esi, 0x2b [XOR @0x1001639] MEM[0x2003f21] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x30 [XOR @0x1001639] MEM[0x2003f22] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f22 ← 0x01 [XOR @0x1001639] MEM[0x2003f23] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f23 ← 0x32 [XOR @0x1001639] MEM[0x2003f24] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f24 ← 0x03 [XOR @0x1001639] MEM[0x2003f25] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f25 ← 0x03 [XOR @0x1001639] MEM[0x2003f26] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f26 ← 0x00 [XOR @0x1001639] MEM[0x2003f27] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f27 ← 0x30 [XOR @0x1001639] MEM[0x2003f28] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f28 ← 0x00 [XOR @0x1001639] MEM[0x2003f29] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f29 ← 0x01 [XOR @0x1001639] MEM[0x2003f2a] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f2a ← 0x03 [XOR @0x1001639] MEM[0x2003f2b] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f2b ← 0x00 [XOR @0x1001639] MEM[0x2003f2c] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f2c ← 0x03 [XOR @0x1001639] MEM[0x2003f2d] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f2d ← 0x02 [XOR @0x1001639] MEM[0x2003f2e] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f2e ← 0x30 [XOR @0x1001639] MEM[0x2003f2f] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f2f ← 0x31 [XOR @0x1001639] MEM[0x2003f30] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f30 ← 0x01 [XOR @0x1001639] MEM[0x2003f31] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f31 ← 0x31 [XOR @0x1001639] MEM[0x2003f32] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f32 ← 0x00 [XOR @0x1001639] MEM[0x2003f33] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f33 ← 0x33 [XOR @0x1001639] MEM[0x2003f34] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f34 ← 0x31 [XOR @0x1001639] MEM[0x2003f35] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f35 ← 0x31 [STATE] ESI ← 0x3F [HOOK MOV] @0x0100110e: mov esi, 0x16 [XOR @0x1001122] MEM[0x2003f20] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x01001128: cmp esi, 0x2d [XOR @0x1001122] MEM[0x2003f21] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f21 ← 0x32 [XOR @0x1001122] MEM[0x2003f22] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f22 ← 0x31 [XOR @0x1001122] MEM[0x2003f23] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f23 ← 0x00 [XOR @0x1001122] MEM[0x2003f24] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f24 ← 0x02 [XOR @0x1001122] MEM[0x2003f25] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x30 [XOR @0x1001122] MEM[0x2003f26] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f26 ← 0x30 [XOR @0x1001122] MEM[0x2003f27] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x03 [XOR @0x1001122] MEM[0x2003f28] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f28 ← 0x33 [XOR @0x1001122] MEM[0x2003f29] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f29 ← 0x02 [XOR @0x1001122] MEM[0x2003f2a] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f2a ← 0x01 [XOR @0x1001122] MEM[0x2003f2b] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f2b ← 0x32 [XOR @0x1001122] MEM[0x2003f2c] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f2c ← 0x32 [XOR @0x1001122] MEM[0x2003f2d] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f2d ← 0x01 [XOR @0x1001122] MEM[0x2003f2e] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f2e ← 0x32 [XOR @0x1001122] MEM[0x2003f2f] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f2f ← 0x01 [XOR @0x1001122] MEM[0x2003f30] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f30 ← 0x00 [XOR @0x1001122] MEM[0x2003f31] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f31 ← 0x03 [XOR @0x1001122] MEM[0x2003f32] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f32 ← 0x02 [XOR @0x1001122] MEM[0x2003f33] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f33 ← 0x00 [XOR @0x1001122] MEM[0x2003f34] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f34 ← 0x01 [XOR @0x1001122] MEM[0x2003f35] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f35 ← 0x31 [XOR @0x1001122] MEM[0x2003f36] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f36 ← 0x02 [STATE] ESI ← 0x16 [HOOK MOV] @0x01000683: mov esi, 0x2b [XOR @0x1000697] MEM[0x2003f20] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x0100069d: cmp esi, 0x57 [XOR @0x1000697] MEM[0x2003f21] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x32 [XOR @0x1000697] MEM[0x2003f22] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f22 ← 0x31 [XOR @0x1000697] MEM[0x2003f23] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x00 [XOR @0x1000697] MEM[0x2003f24] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f24 ← 0x33 [XOR @0x1000697] MEM[0x2003f25] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f25 ← 0x02 [XOR @0x1000697] MEM[0x2003f26] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f26 ← 0x01 [XOR @0x1000697] MEM[0x2003f27] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f27 ← 0x03 [XOR @0x1000697] MEM[0x2003f28] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f28 ← 0x00 [XOR @0x1000697] MEM[0x2003f29] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f29 ← 0x00 [XOR @0x1000697] MEM[0x2003f2a] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f2a ← 0x00 [XOR @0x1000697] MEM[0x2003f2b] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f2b ← 0x31 [XOR @0x1000697] MEM[0x2003f2c] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f2c ← 0x32 [XOR @0x1000697] MEM[0x2003f2d] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f2d ← 0x01 [XOR @0x1000697] MEM[0x2003f2e] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f2e ← 0x32 [XOR @0x1000697] MEM[0x2003f2f] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f2f ← 0x30 [XOR @0x1000697] MEM[0x2003f30] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f30 ← 0x32 [XOR @0x1000697] MEM[0x2003f31] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f31 ← 0x02 [XOR @0x1000697] MEM[0x2003f32] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f32 ← 0x30 [XOR @0x1000697] MEM[0x2003f33] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f33 ← 0x30 [XOR @0x1000697] MEM[0x2003f34] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f34 ← 0x33 [XOR @0x1000697] MEM[0x2003f35] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f35 ← 0x33 [XOR @0x1000697] MEM[0x2003f36] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f36 ← 0x32 [XOR @0x1000697] MEM[0x2003f37] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f37 ← 0x32 [XOR @0x1000697] MEM[0x2003f38] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f38 ← 0x03 [XOR @0x1000697] MEM[0x2003f39] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f39 ← 0x01 [XOR @0x1000697] MEM[0x2003f3a] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f3a ← 0x33 [XOR @0x1000697] MEM[0x2003f3b] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f3b ← 0x01 [XOR @0x1000697] MEM[0x2003f3c] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f3c ← 0x33 [XOR @0x1000697] MEM[0x2003f3d] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f3d ← 0x32 [XOR @0x1000697] MEM[0x2003f3e] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f3e ← 0x00 [XOR @0x1000697] MEM[0x2003f3f] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f3f ← 0x02 [XOR @0x1000697] MEM[0x2003f40] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f40 ← 0x31 [XOR @0x1000697] MEM[0x2003f41] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f41 ← 0x00 [XOR @0x1000697] MEM[0x2003f42] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f42 ← 0x31 [XOR @0x1000697] MEM[0x2003f43] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f43 ← 0x01 [XOR @0x1000697] MEM[0x2003f44] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f44 ← 0x33 [XOR @0x1000697] MEM[0x2003f45] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f45 ← 0x30 [XOR @0x1000697] MEM[0x2003f46] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f46 ← 0x30 [XOR @0x1000697] MEM[0x2003f47] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f47 ← 0x33 [XOR @0x1000697] MEM[0x2003f48] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f48 ← 0x31 [XOR @0x1000697] MEM[0x2003f49] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f49 ← 0x03 [XOR @0x1000697] MEM[0x2003f4a] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f4a ← 0x00 [XOR @0x1000697] MEM[0x2003f4b] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f4b ← 0x33 [STATE] ESI ← 0x4C [HOOK MOV] @0x010012e0: mov esi, 0x20 [XOR @0x10012f6] MEM[0x2003f20] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x00 [HOOK CMP] @0x010012fc: cmp esi, 0x41 [XOR @0x10012f6] MEM[0x2003f21] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x32 [XOR @0x10012f6] MEM[0x2003f22] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f22 ← 0x00 [XOR @0x10012f6] MEM[0x2003f23] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x01 [XOR @0x10012f6] MEM[0x2003f24] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f24 ← 0x00 [XOR @0x10012f6] MEM[0x2003f25] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f25 ← 0x32 [XOR @0x10012f6] MEM[0x2003f26] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f26 ← 0x31 [XOR @0x10012f6] MEM[0x2003f27] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f27 ← 0x30 [XOR @0x10012f6] MEM[0x2003f28] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f28 ← 0x31 [XOR @0x10012f6] MEM[0x2003f29] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f29 ← 0x03 [XOR @0x10012f6] MEM[0x2003f2a] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f2a ← 0x00 [XOR @0x10012f6] MEM[0x2003f2b] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f2b ← 0x02 [XOR @0x10012f6] MEM[0x2003f2c] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f2c ← 0x32 [XOR @0x10012f6] MEM[0x2003f2d] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f2d ← 0x01 [XOR @0x10012f6] MEM[0x2003f2e] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f2e ← 0x32 [XOR @0x10012f6] MEM[0x2003f2f] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f2f ← 0x30 [XOR @0x10012f6] MEM[0x2003f30] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f30 ← 0x00 [XOR @0x10012f6] MEM[0x2003f31] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f31 ← 0x02 [XOR @0x10012f6] MEM[0x2003f32] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f32 ← 0x31 [XOR @0x10012f6] MEM[0x2003f33] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f33 ← 0x30 [XOR @0x10012f6] MEM[0x2003f34] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f34 ← 0x01 [XOR @0x10012f6] MEM[0x2003f35] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f35 ← 0x02 [XOR @0x10012f6] MEM[0x2003f36] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f36 ← 0x02 [XOR @0x10012f6] MEM[0x2003f37] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f37 ← 0x03 [XOR @0x10012f6] MEM[0x2003f38] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f38 ← 0x00 [XOR @0x10012f6] MEM[0x2003f39] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f39 ← 0x01 [XOR @0x10012f6] MEM[0x2003f3a] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f3a ← 0x31 [XOR @0x10012f6] MEM[0x2003f3b] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f3b ← 0x33 [XOR @0x10012f6] MEM[0x2003f3c] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f3c ← 0x32 [XOR @0x10012f6] MEM[0x2003f3d] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f3d ← 0x00 [XOR @0x10012f6] MEM[0x2003f3e] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f3e ← 0x30 [XOR @0x10012f6] MEM[0x2003f3f] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f3f ← 0x02 [XOR @0x10012f6] MEM[0x2003f40] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f40 ← 0x33 [STATE] ESI ← 0x0D [HOOK MOV] @0x01000429: mov esi, 0x13 [HOOK MOV] @0x0100042e: mov esi, 0xae4c415d [XOR @0x1000450] MEM[0x2003f20] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x01000456: cmp esi, 0x27 [XOR @0x1000450] MEM[0x2003f21] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x33 [XOR @0x1000450] MEM[0x2003f22] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f22 ← 0x02 [XOR @0x1000450] MEM[0x2003f23] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f23 ← 0x03 [XOR @0x1000450] MEM[0x2003f24] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f24 ← 0x03 [XOR @0x1000450] MEM[0x2003f25] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f25 ← 0x32 [XOR @0x1000450] MEM[0x2003f26] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x30 [XOR @0x1000450] MEM[0x2003f27] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x01 [XOR @0x1000450] MEM[0x2003f28] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x02 [XOR @0x1000450] MEM[0x2003f29] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f29 ← 0x31 [XOR @0x1000450] MEM[0x2003f2a] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f2a ← 0x00 [XOR @0x1000450] MEM[0x2003f2b] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f2b ← 0x32 [XOR @0x1000450] MEM[0x2003f2c] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f2c ← 0x30 [XOR @0x1000450] MEM[0x2003f2d] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f2d ← 0x32 [XOR @0x1000450] MEM[0x2003f2e] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f2e ← 0x32 [XOR @0x1000450] MEM[0x2003f2f] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f2f ← 0x01 [XOR @0x1000450] MEM[0x2003f30] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f30 ← 0x01 [XOR @0x1000450] MEM[0x2003f31] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f31 ← 0x31 [XOR @0x1000450] MEM[0x2003f32] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f32 ← 0x01 [XOR @0x1000450] MEM[0x2003f33] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f33 ← 0x00 [STATE] ESI ← 0x23 [HOOK MOV] @0x01000edd: mov esi, 0xc [XOR @0x1000ef1] MEM[0x2003f20] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x00 [HOOK CMP] @0x01000ef7: cmp esi, 0x19 [XOR @0x1000ef1] MEM[0x2003f21] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f21 ← 0x01 [XOR @0x1000ef1] MEM[0x2003f22] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f22 ← 0x30 [XOR @0x1000ef1] MEM[0x2003f23] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f23 ← 0x02 [XOR @0x1000ef1] MEM[0x2003f24] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f24 ← 0x02 [XOR @0x1000ef1] MEM[0x2003f25] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f25 ← 0x03 [XOR @0x1000ef1] MEM[0x2003f26] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f26 ← 0x31 [XOR @0x1000ef1] MEM[0x2003f27] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f27 ← 0x01 [XOR @0x1000ef1] MEM[0x2003f28] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f28 ← 0x03 [XOR @0x1000ef1] MEM[0x2003f29] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f29 ← 0x33 [XOR @0x1000ef1] MEM[0x2003f2a] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f2a ← 0x02 [XOR @0x1000ef1] MEM[0x2003f2b] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f2b ← 0x31 [XOR @0x1000ef1] MEM[0x2003f2c] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f2c ← 0x30 [STATE] ESI ← 0x34 [HOOK MOV] @0x0100070c: mov esi, 0x2d [HOOK MOV] @0x01000711: mov esi, 0x2f [WRITE] @0x2003f20 ← 0x00 [HOOK CMP] @0x01000727: cmp esi, 0x5b [WRITE] @0x2003f21 ← 0x01 [WRITE] @0x2003f22 ← 0x30 [WRITE] @0x2003f23 ← 0x03 [WRITE] @0x2003f24 ← 0x32 [WRITE] @0x2003f25 ← 0x00 [WRITE] @0x2003f26 ← 0x03 [WRITE] @0x2003f27 ← 0x01 [WRITE] @0x2003f28 ← 0x00 [WRITE] @0x2003f29 ← 0x32 [WRITE] @0x2003f2a ← 0x02 [WRITE] @0x2003f2b ← 0x03 [WRITE] @0x2003f2c ← 0x32 [WRITE] @0x2003f2d ← 0x31 [WRITE] @0x2003f2e ← 0x00 [WRITE] @0x2003f2f ← 0x30 [WRITE] @0x2003f30 ← 0x01 [WRITE] @0x2003f31 ← 0x01 [WRITE] @0x2003f32 ← 0x00 [WRITE] @0x2003f33 ← 0x01 [WRITE] @0x2003f34 ← 0x01 [WRITE] @0x2003f35 ← 0x03 [WRITE] @0x2003f36 ← 0x03 [WRITE] @0x2003f37 ← 0x00 [WRITE] @0x2003f38 ← 0x03 [WRITE] @0x2003f39 ← 0x01 [WRITE] @0x2003f3a ← 0x32 [WRITE] @0x2003f3b ← 0x32 [WRITE] @0x2003f3c ← 0x00 [WRITE] @0x2003f3d ← 0x32 [WRITE] @0x2003f3e ← 0x30 [WRITE] @0x2003f3f ← 0x30 [WRITE] @0x2003f40 ← 0x03 [WRITE] @0x2003f41 ← 0x30 [WRITE] @0x2003f42 ← 0x32 [WRITE] @0x2003f43 ← 0x31 [WRITE] @0x2003f44 ← 0x01 [WRITE] @0x2003f45 ← 0x01 [WRITE] @0x2003f46 ← 0x31 [WRITE] @0x2003f47 ← 0x32 [WRITE] @0x2003f48 ← 0x00 [WRITE] @0x2003f49 ← 0x31 [WRITE] @0x2003f4a ← 0x00 [WRITE] @0x2003f4b ← 0x02 [WRITE] @0x2003f4c ← 0x00 [WRITE] @0x2003f4d ← 0x02 [STATE] ESI ← 0x49 [HOOK MOV] @0x01000907: mov esi, 0x24 [XOR @0x100091b] MEM[0x2003f20] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f20 ← 0x01 [HOOK CMP] @0x01000921: cmp esi, 0x49 [XOR @0x100091b] MEM[0x2003f21] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f21 ← 0x00 [XOR @0x100091b] MEM[0x2003f22] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f22 ← 0x01 [XOR @0x100091b] MEM[0x2003f23] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f23 ← 0x31 [XOR @0x100091b] MEM[0x2003f24] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f24 ← 0x32 [XOR @0x100091b] MEM[0x2003f25] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f25 ← 0x31 [XOR @0x100091b] MEM[0x2003f26] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f26 ← 0x03 [XOR @0x100091b] MEM[0x2003f27] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f27 ← 0x03 [XOR @0x100091b] MEM[0x2003f28] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f28 ← 0x00 [XOR @0x100091b] MEM[0x2003f29] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f29 ← 0x30 [XOR @0x100091b] MEM[0x2003f2a] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f2a ← 0x02 [XOR @0x100091b] MEM[0x2003f2b] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f2b ← 0x02 [XOR @0x100091b] MEM[0x2003f2c] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f2c ← 0x32 [XOR @0x100091b] MEM[0x2003f2d] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f2d ← 0x30 [XOR @0x100091b] MEM[0x2003f2e] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f2e ← 0x31 [XOR @0x100091b] MEM[0x2003f2f] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f2f ← 0x02 [XOR @0x100091b] MEM[0x2003f30] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f30 ← 0x30 [XOR @0x100091b] MEM[0x2003f31] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x02 [XOR @0x100091b] MEM[0x2003f32] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f32 ← 0x03 [XOR @0x100091b] MEM[0x2003f33] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f33 ← 0x01 [XOR @0x100091b] MEM[0x2003f34] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f34 ← 0x31 [XOR @0x100091b] MEM[0x2003f35] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f35 ← 0x01 [XOR @0x100091b] MEM[0x2003f36] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f36 ← 0x01 [XOR @0x100091b] MEM[0x2003f37] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f37 ← 0x32 [XOR @0x100091b] MEM[0x2003f38] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f38 ← 0x33 [XOR @0x100091b] MEM[0x2003f39] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f39 ← 0x30 [XOR @0x100091b] MEM[0x2003f3a] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f3a ← 0x30 [XOR @0x100091b] MEM[0x2003f3b] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f3b ← 0x02 [XOR @0x100091b] MEM[0x2003f3c] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f3c ← 0x02 [XOR @0x100091b] MEM[0x2003f3d] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f3d ← 0x31 [XOR @0x100091b] MEM[0x2003f3e] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f3e ← 0x31 [XOR @0x100091b] MEM[0x2003f3f] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f3f ← 0x01 [XOR @0x100091b] MEM[0x2003f40] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f40 ← 0x02 [XOR @0x100091b] MEM[0x2003f41] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f41 ← 0x31 [XOR @0x100091b] MEM[0x2003f42] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f42 ← 0x00 [XOR @0x100091b] MEM[0x2003f43] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f43 ← 0x02 [XOR @0x100091b] MEM[0x2003f44] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f44 ← 0x31 [STATE] ESI ← 0x43 [HOOK MOV] @0x01000f66: mov esi, 0x23 [HOOK MOV] @0x01000f6b: mov esi, 0x2f [WRITE] @0x2003f20 ← 0x03 [HOOK CMP] @0x01000f81: cmp esi, 0x47 [WRITE] @0x2003f21 ← 0x31 [WRITE] @0x2003f22 ← 0x00 [WRITE] @0x2003f23 ← 0x00 [WRITE] @0x2003f24 ← 0x00 [WRITE] @0x2003f25 ← 0x31 [WRITE] @0x2003f26 ← 0x32 [WRITE] @0x2003f27 ← 0x03 [WRITE] @0x2003f28 ← 0x02 [WRITE] @0x2003f29 ← 0x30 [WRITE] @0x2003f2a ← 0x00 [WRITE] @0x2003f2b ← 0x02 [WRITE] @0x2003f2c ← 0x31 [WRITE] @0x2003f2d ← 0x01 [WRITE] @0x2003f2e ← 0x31 [WRITE] @0x2003f2f ← 0x02 [WRITE] @0x2003f30 ← 0x30 [WRITE] @0x2003f31 ← 0x33 [WRITE] @0x2003f32 ← 0x31 [WRITE] @0x2003f33 ← 0x02 [WRITE] @0x2003f34 ← 0x33 [WRITE] @0x2003f35 ← 0x31 [WRITE] @0x2003f36 ← 0x01 [WRITE] @0x2003f37 ← 0x30 [WRITE] @0x2003f38 ← 0x02 [WRITE] @0x2003f39 ← 0x31 [WRITE] @0x2003f3a ← 0x01 [WRITE] @0x2003f3b ← 0x00 [WRITE] @0x2003f3c ← 0x32 [WRITE] @0x2003f3d ← 0x02 [WRITE] @0x2003f3e ← 0x00 [WRITE] @0x2003f3f ← 0x03 [WRITE] @0x2003f40 ← 0x31 [WRITE] @0x2003f41 ← 0x00 [WRITE] @0x2003f42 ← 0x01 [WRITE] @0x2003f43 ← 0x32 [STATE] ESI ← 0x28 [HOOK MOV] @0x01000b64: mov esi, 0x16 [XOR @0x1000b78] MEM[0x2003f20] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f20 ← 0x02 [HOOK CMP] @0x01000b7e: cmp esi, 0x2d [XOR @0x1000b78] MEM[0x2003f21] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f21 ← 0x01 [XOR @0x1000b78] MEM[0x2003f22] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f22 ← 0x02 [XOR @0x1000b78] MEM[0x2003f23] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x31 [XOR @0x1000b78] MEM[0x2003f24] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f24 ← 0x01 [XOR @0x1000b78] MEM[0x2003f25] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f25 ← 0x31 [XOR @0x1000b78] MEM[0x2003f26] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f26 ← 0x00 [XOR @0x1000b78] MEM[0x2003f27] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f27 ← 0x01 [XOR @0x1000b78] MEM[0x2003f28] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f28 ← 0x02 [XOR @0x1000b78] MEM[0x2003f29] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f29 ← 0x33 [XOR @0x1000b78] MEM[0x2003f2a] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f2a ← 0x31 [XOR @0x1000b78] MEM[0x2003f2b] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f2b ← 0x02 [XOR @0x1000b78] MEM[0x2003f2c] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f2c ← 0x30 [XOR @0x1000b78] MEM[0x2003f2d] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f2d ← 0x33 [XOR @0x1000b78] MEM[0x2003f2e] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f2e ← 0x00 [XOR @0x1000b78] MEM[0x2003f2f] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f2f ← 0x03 [XOR @0x1000b78] MEM[0x2003f30] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f30 ← 0x01 [XOR @0x1000b78] MEM[0x2003f31] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f31 ← 0x01 [XOR @0x1000b78] MEM[0x2003f32] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f32 ← 0x31 [XOR @0x1000b78] MEM[0x2003f33] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f33 ← 0x33 [XOR @0x1000b78] MEM[0x2003f34] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f34 ← 0x33 [XOR @0x1000b78] MEM[0x2003f35] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f35 ← 0x33 [XOR @0x1000b78] MEM[0x2003f36] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f36 ← 0x01 [STATE] ESI ← 0x30 [HOOK MOV] @0x01000c78: mov esi, 0x2b [XOR @0x1000c8c] MEM[0x2003f20] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f20 ← 0x00 [HOOK CMP] @0x01000c92: cmp esi, 0x57 [XOR @0x1000c8c] MEM[0x2003f21] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f21 ← 0x01 [XOR @0x1000c8c] MEM[0x2003f22] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f22 ← 0x00 [XOR @0x1000c8c] MEM[0x2003f23] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f23 ← 0x31 [XOR @0x1000c8c] MEM[0x2003f24] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f24 ← 0x01 [XOR @0x1000c8c] MEM[0x2003f25] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f25 ← 0x30 [XOR @0x1000c8c] MEM[0x2003f26] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f26 ← 0x00 [XOR @0x1000c8c] MEM[0x2003f27] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f27 ← 0x30 [XOR @0x1000c8c] MEM[0x2003f28] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f28 ← 0x03 [XOR @0x1000c8c] MEM[0x2003f29] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f29 ← 0x03 [XOR @0x1000c8c] MEM[0x2003f2a] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f2a ← 0x31 [XOR @0x1000c8c] MEM[0x2003f2b] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f2b ← 0x32 [XOR @0x1000c8c] MEM[0x2003f2c] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f2c ← 0x33 [XOR @0x1000c8c] MEM[0x2003f2d] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f2d ← 0x30 [XOR @0x1000c8c] MEM[0x2003f2e] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f2e ← 0x31 [XOR @0x1000c8c] MEM[0x2003f2f] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f2f ← 0x31 [XOR @0x1000c8c] MEM[0x2003f30] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f30 ← 0x32 [XOR @0x1000c8c] MEM[0x2003f31] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x31 [XOR @0x1000c8c] MEM[0x2003f32] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f32 ← 0x00 [XOR @0x1000c8c] MEM[0x2003f33] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f33 ← 0x02 [XOR @0x1000c8c] MEM[0x2003f34] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f34 ← 0x01 [XOR @0x1000c8c] MEM[0x2003f35] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f35 ← 0x02 [XOR @0x1000c8c] MEM[0x2003f36] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f36 ← 0x01 [XOR @0x1000c8c] MEM[0x2003f37] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f37 ← 0x32 [XOR @0x1000c8c] MEM[0x2003f38] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f38 ← 0x03 [XOR @0x1000c8c] MEM[0x2003f39] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f39 ← 0x33 [XOR @0x1000c8c] MEM[0x2003f3a] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f3a ← 0x00 [XOR @0x1000c8c] MEM[0x2003f3b] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f3b ← 0x32 [XOR @0x1000c8c] MEM[0x2003f3c] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f3c ← 0x31 [XOR @0x1000c8c] MEM[0x2003f3d] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f3d ← 0x31 [XOR @0x1000c8c] MEM[0x2003f3e] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f3e ← 0x00 [XOR @0x1000c8c] MEM[0x2003f3f] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f3f ← 0x31 [XOR @0x1000c8c] MEM[0x2003f40] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f40 ← 0x00 [XOR @0x1000c8c] MEM[0x2003f41] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f41 ← 0x31 [XOR @0x1000c8c] MEM[0x2003f42] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f42 ← 0x01 [XOR @0x1000c8c] MEM[0x2003f43] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f43 ← 0x03 [XOR @0x1000c8c] MEM[0x2003f44] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f44 ← 0x31 [XOR @0x1000c8c] MEM[0x2003f45] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f45 ← 0x30 [XOR @0x1000c8c] MEM[0x2003f46] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f46 ← 0x30 [XOR @0x1000c8c] MEM[0x2003f47] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f47 ← 0x31 [XOR @0x1000c8c] MEM[0x2003f48] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f48 ← 0x31 [XOR @0x1000c8c] MEM[0x2003f49] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f49 ← 0x01 [XOR @0x1000c8c] MEM[0x2003f4a] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f4a ← 0x30 [XOR @0x1000c8c] MEM[0x2003f4b] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f4b ← 0x33 [STATE] ESI ← 0x33 [HOOK MOV] @0x010014e2: mov esi, 0x18 [XOR @0x10014f6] MEM[0x2003f20] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f20 ← 0x03 [HOOK CMP] @0x010014fc: cmp esi, 0x31 [XOR @0x10014f6] MEM[0x2003f21] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f21 ← 0x32 [XOR @0x10014f6] MEM[0x2003f22] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f22 ← 0x00 [XOR @0x10014f6] MEM[0x2003f23] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f23 ← 0x03 [XOR @0x10014f6] MEM[0x2003f24] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f24 ← 0x30 [XOR @0x10014f6] MEM[0x2003f25] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f25 ← 0x01 [XOR @0x10014f6] MEM[0x2003f26] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f26 ← 0x00 [XOR @0x10014f6] MEM[0x2003f27] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x01 [XOR @0x10014f6] MEM[0x2003f28] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f28 ← 0x03 [XOR @0x10014f6] MEM[0x2003f29] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f29 ← 0x32 [XOR @0x10014f6] MEM[0x2003f2a] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f2a ← 0x30 [XOR @0x10014f6] MEM[0x2003f2b] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f2b ← 0x31 [XOR @0x10014f6] MEM[0x2003f2c] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f2c ← 0x02 [XOR @0x10014f6] MEM[0x2003f2d] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f2d ← 0x00 [XOR @0x10014f6] MEM[0x2003f2e] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f2e ← 0x01 [XOR @0x10014f6] MEM[0x2003f2f] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f2f ← 0x00 [XOR @0x10014f6] MEM[0x2003f30] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f30 ← 0x03 [XOR @0x10014f6] MEM[0x2003f31] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f31 ← 0x30 [XOR @0x10014f6] MEM[0x2003f32] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f32 ← 0x30 [XOR @0x10014f6] MEM[0x2003f33] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f33 ← 0x31 [XOR @0x10014f6] MEM[0x2003f34] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f34 ← 0x01 [XOR @0x10014f6] MEM[0x2003f35] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f35 ← 0x00 [XOR @0x10014f6] MEM[0x2003f36] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f36 ← 0x01 [XOR @0x10014f6] MEM[0x2003f37] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f37 ← 0x31 [XOR @0x10014f6] MEM[0x2003f38] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f38 ← 0x31 [STATE] ESI ← 0x4A [HOOK MOV] @0x01000624: mov esi, 0x1b [HOOK MOV] @0x01000629: mov esi, 0x2f [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x0100063f: cmp esi, 0x37 [WRITE] @0x2003f21 ← 0x03 [WRITE] @0x2003f22 ← 0x31 [WRITE] @0x2003f23 ← 0x03 [WRITE] @0x2003f24 ← 0x01 [WRITE] @0x2003f25 ← 0x01 [WRITE] @0x2003f26 ← 0x31 [WRITE] @0x2003f27 ← 0x00 [WRITE] @0x2003f28 ← 0x00 [WRITE] @0x2003f29 ← 0x03 [WRITE] @0x2003f2a ← 0x00 [WRITE] @0x2003f2b ← 0x01 [WRITE] @0x2003f2c ← 0x33 [WRITE] @0x2003f2d ← 0x31 [WRITE] @0x2003f2e ← 0x00 [WRITE] @0x2003f2f ← 0x30 [WRITE] @0x2003f30 ← 0x30 [WRITE] @0x2003f31 ← 0x30 [WRITE] @0x2003f32 ← 0x32 [WRITE] @0x2003f33 ← 0x31 [WRITE] @0x2003f34 ← 0x30 [WRITE] @0x2003f35 ← 0x03 [WRITE] @0x2003f36 ← 0x30 [WRITE] @0x2003f37 ← 0x32 [WRITE] @0x2003f38 ← 0x30 [WRITE] @0x2003f39 ← 0x32 [WRITE] @0x2003f3a ← 0x31 [WRITE] @0x2003f3b ← 0x32 [STATE] ESI ← 0x0B [HOOK MOV] @0x010009c3: mov esi, 0x8 [XOR @0x10009d7] MEM[0x2003f20] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x010009dd: cmp esi, 0x11 [XOR @0x10009d7] MEM[0x2003f21] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f21 ← 0x00 [XOR @0x10009d7] MEM[0x2003f22] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f22 ← 0x31 [XOR @0x10009d7] MEM[0x2003f23] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f23 ← 0x02 [XOR @0x10009d7] MEM[0x2003f24] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f24 ← 0x32 [XOR @0x10009d7] MEM[0x2003f25] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f25 ← 0x30 [XOR @0x10009d7] MEM[0x2003f26] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x31 [XOR @0x10009d7] MEM[0x2003f27] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f27 ← 0x30 [XOR @0x10009d7] MEM[0x2003f28] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f28 ← 0x30 [STATE] ESI ← 0x4B [HOOK MOV] @0x010013cd: mov esi, 0x6 [XOR @0x10013e1] MEM[0x2003f20] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x00 [HOOK CMP] @0x010013e7: cmp esi, 0xd [XOR @0x10013e1] MEM[0x2003f21] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f21 ← 0x30 [XOR @0x10013e1] MEM[0x2003f22] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f22 ← 0x01 [XOR @0x10013e1] MEM[0x2003f23] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f23 ← 0x01 [XOR @0x10013e1] MEM[0x2003f24] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f24 ← 0x32 [XOR @0x10013e1] MEM[0x2003f25] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f25 ← 0x31 [XOR @0x10013e1] MEM[0x2003f26] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x02 [STATE] ESI ← 0x32 [HOOK MOV] @0x01000fc5: mov esi, 0x13 [XOR @0x1000fd9] MEM[0x2003f20] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x01000fdf: cmp esi, 0x27 [XOR @0x1000fd9] MEM[0x2003f21] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f21 ← 0x00 [XOR @0x1000fd9] MEM[0x2003f22] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f22 ← 0x02 [XOR @0x1000fd9] MEM[0x2003f23] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f23 ← 0x31 [XOR @0x1000fd9] MEM[0x2003f24] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f24 ← 0x00 [XOR @0x1000fd9] MEM[0x2003f25] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f25 ← 0x01 [XOR @0x1000fd9] MEM[0x2003f26] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f26 ← 0x30 [XOR @0x1000fd9] MEM[0x2003f27] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x01 [XOR @0x1000fd9] MEM[0x2003f28] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f28 ← 0x02 [XOR @0x1000fd9] MEM[0x2003f29] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f29 ← 0x32 [XOR @0x1000fd9] MEM[0x2003f2a] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f2a ← 0x31 [XOR @0x1000fd9] MEM[0x2003f2b] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f2b ← 0x01 [XOR @0x1000fd9] MEM[0x2003f2c] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f2c ← 0x02 [XOR @0x1000fd9] MEM[0x2003f2d] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f2d ← 0x31 [XOR @0x1000fd9] MEM[0x2003f2e] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f2e ← 0x31 [XOR @0x1000fd9] MEM[0x2003f2f] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f2f ← 0x31 [XOR @0x1000fd9] MEM[0x2003f30] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f30 ← 0x33 [XOR @0x1000fd9] MEM[0x2003f31] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f31 ← 0x01 [XOR @0x1000fd9] MEM[0x2003f32] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f32 ← 0x02 [XOR @0x1000fd9] MEM[0x2003f33] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f33 ← 0x01 [STATE] ESI ← 0x24 [HOOK MOV] @0x01000384: mov esi, 0x26 [XOR @0x1000398] MEM[0x2003f20] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x01 [HOOK CMP] @0x0100039e: cmp esi, 0x4d [XOR @0x1000398] MEM[0x2003f21] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f21 ← 0x31 [XOR @0x1000398] MEM[0x2003f22] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f22 ← 0x33 [XOR @0x1000398] MEM[0x2003f23] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f23 ← 0x30 [XOR @0x1000398] MEM[0x2003f24] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f24 ← 0x30 [XOR @0x1000398] MEM[0x2003f25] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f25 ← 0x32 [XOR @0x1000398] MEM[0x2003f26] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f26 ← 0x30 [XOR @0x1000398] MEM[0x2003f27] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f27 ← 0x03 [XOR @0x1000398] MEM[0x2003f28] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f28 ← 0x02 [XOR @0x1000398] MEM[0x2003f29] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f29 ← 0x33 [XOR @0x1000398] MEM[0x2003f2a] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f2a ← 0x00 [XOR @0x1000398] MEM[0x2003f2b] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f2b ← 0x32 [XOR @0x1000398] MEM[0x2003f2c] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x32 [XOR @0x1000398] MEM[0x2003f2d] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f2d ← 0x01 [XOR @0x1000398] MEM[0x2003f2e] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f2e ← 0x03 [XOR @0x1000398] MEM[0x2003f2f] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f2f ← 0x01 [XOR @0x1000398] MEM[0x2003f30] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f30 ← 0x30 [XOR @0x1000398] MEM[0x2003f31] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x03 [XOR @0x1000398] MEM[0x2003f32] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f32 ← 0x31 [XOR @0x1000398] MEM[0x2003f33] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f33 ← 0x01 [XOR @0x1000398] MEM[0x2003f34] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f34 ← 0x02 [XOR @0x1000398] MEM[0x2003f35] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f35 ← 0x31 [XOR @0x1000398] MEM[0x2003f36] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f36 ← 0x31 [XOR @0x1000398] MEM[0x2003f37] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f37 ← 0x31 [XOR @0x1000398] MEM[0x2003f38] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f38 ← 0x31 [XOR @0x1000398] MEM[0x2003f39] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f39 ← 0x02 [XOR @0x1000398] MEM[0x2003f3a] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f3a ← 0x32 [XOR @0x1000398] MEM[0x2003f3b] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f3b ← 0x03 [XOR @0x1000398] MEM[0x2003f3c] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f3c ← 0x30 [XOR @0x1000398] MEM[0x2003f3d] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f3d ← 0x33 [XOR @0x1000398] MEM[0x2003f3e] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f3e ← 0x31 [XOR @0x1000398] MEM[0x2003f3f] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f3f ← 0x00 [XOR @0x1000398] MEM[0x2003f40] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f40 ← 0x31 [XOR @0x1000398] MEM[0x2003f41] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f41 ← 0x00 [XOR @0x1000398] MEM[0x2003f42] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f42 ← 0x03 [XOR @0x1000398] MEM[0x2003f43] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f43 ← 0x31 [XOR @0x1000398] MEM[0x2003f44] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f44 ← 0x32 [XOR @0x1000398] MEM[0x2003f45] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f45 ← 0x00 [XOR @0x1000398] MEM[0x2003f46] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f46 ← 0x03 [STATE] ESI ← 0x51 [HOOK MOV] @0x01000de8: mov esi, 0x15 [XOR @0x1000dfc] MEM[0x2003f20] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x01000e02: cmp esi, 0x2b [XOR @0x1000dfc] MEM[0x2003f21] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f21 ← 0x00 [XOR @0x1000dfc] MEM[0x2003f22] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f22 ← 0x02 [XOR @0x1000dfc] MEM[0x2003f23] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f23 ← 0x01 [XOR @0x1000dfc] MEM[0x2003f24] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f24 ← 0x32 [XOR @0x1000dfc] MEM[0x2003f25] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f25 ← 0x00 [XOR @0x1000dfc] MEM[0x2003f26] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f26 ← 0x33 [XOR @0x1000dfc] MEM[0x2003f27] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f27 ← 0x33 [XOR @0x1000dfc] MEM[0x2003f28] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f28 ← 0x31 [XOR @0x1000dfc] MEM[0x2003f29] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f29 ← 0x02 [XOR @0x1000dfc] MEM[0x2003f2a] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f2a ← 0x00 [XOR @0x1000dfc] MEM[0x2003f2b] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f2b ← 0x03 [XOR @0x1000dfc] MEM[0x2003f2c] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f2c ← 0x32 [XOR @0x1000dfc] MEM[0x2003f2d] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f2d ← 0x02 [XOR @0x1000dfc] MEM[0x2003f2e] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f2e ← 0x32 [XOR @0x1000dfc] MEM[0x2003f2f] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f2f ← 0x33 [XOR @0x1000dfc] MEM[0x2003f30] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f30 ← 0x30 [XOR @0x1000dfc] MEM[0x2003f31] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f31 ← 0x00 [XOR @0x1000dfc] MEM[0x2003f32] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f32 ← 0x00 [XOR @0x1000dfc] MEM[0x2003f33] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f33 ← 0x30 [XOR @0x1000dfc] MEM[0x2003f34] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f34 ← 0x03 [XOR @0x1000dfc] MEM[0x2003f35] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f35 ← 0x01 [STATE] ESI ← 0x4D [HOOK MOV] @0x0100116c: mov esi, 0x1d [XOR @0x1001180] MEM[0x2003f20] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x03 [HOOK CMP] @0x01001186: cmp esi, 0x3b [XOR @0x1001180] MEM[0x2003f21] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f21 ← 0x31 [XOR @0x1001180] MEM[0x2003f22] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f22 ← 0x02 [XOR @0x1001180] MEM[0x2003f23] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f23 ← 0x30 [XOR @0x1001180] MEM[0x2003f24] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f24 ← 0x32 [XOR @0x1001180] MEM[0x2003f25] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f25 ← 0x03 [XOR @0x1001180] MEM[0x2003f26] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f26 ← 0x02 [XOR @0x1001180] MEM[0x2003f27] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f27 ← 0x01 [XOR @0x1001180] MEM[0x2003f28] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x31 [XOR @0x1001180] MEM[0x2003f29] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f29 ← 0x01 [XOR @0x1001180] MEM[0x2003f2a] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f2a ← 0x31 [XOR @0x1001180] MEM[0x2003f2b] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f2b ← 0x32 [XOR @0x1001180] MEM[0x2003f2c] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f2c ← 0x33 [XOR @0x1001180] MEM[0x2003f2d] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f2d ← 0x32 [XOR @0x1001180] MEM[0x2003f2e] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f2e ← 0x01 [XOR @0x1001180] MEM[0x2003f2f] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f2f ← 0x33 [XOR @0x1001180] MEM[0x2003f30] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f30 ← 0x32 [XOR @0x1001180] MEM[0x2003f31] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f31 ← 0x00 [XOR @0x1001180] MEM[0x2003f32] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f32 ← 0x03 [XOR @0x1001180] MEM[0x2003f33] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f33 ← 0x01 [XOR @0x1001180] MEM[0x2003f34] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f34 ← 0x01 [XOR @0x1001180] MEM[0x2003f35] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f35 ← 0x31 [XOR @0x1001180] MEM[0x2003f36] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f36 ← 0x03 [XOR @0x1001180] MEM[0x2003f37] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f37 ← 0x32 [XOR @0x1001180] MEM[0x2003f38] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f38 ← 0x33 [XOR @0x1001180] MEM[0x2003f39] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f39 ← 0x03 [XOR @0x1001180] MEM[0x2003f3a] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f3a ← 0x03 [XOR @0x1001180] MEM[0x2003f3b] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f3b ← 0x02 [XOR @0x1001180] MEM[0x2003f3c] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f3c ← 0x01 [XOR @0x1001180] MEM[0x2003f3d] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f3d ← 0x01 [STATE] ESI ← 0x64 [HOOK MOV] @0x01000a50: mov esi, 0x16 [XOR @0x1000a64] MEM[0x2003f20] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f20 ← 0x00 [HOOK CMP] @0x01000a6a: cmp esi, 0x2d [XOR @0x1000a64] MEM[0x2003f21] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f21 ← 0x03 [XOR @0x1000a64] MEM[0x2003f22] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f22 ← 0x31 [XOR @0x1000a64] MEM[0x2003f23] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f23 ← 0x33 [XOR @0x1000a64] MEM[0x2003f24] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f24 ← 0x31 [XOR @0x1000a64] MEM[0x2003f25] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x01 [XOR @0x1000a64] MEM[0x2003f26] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f26 ← 0x03 [XOR @0x1000a64] MEM[0x2003f27] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f27 ← 0x00 [XOR @0x1000a64] MEM[0x2003f28] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x00 [XOR @0x1000a64] MEM[0x2003f29] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f29 ← 0x01 [XOR @0x1000a64] MEM[0x2003f2a] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f2a ← 0x00 [XOR @0x1000a64] MEM[0x2003f2b] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f2b ← 0x32 [XOR @0x1000a64] MEM[0x2003f2c] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f2c ← 0x30 [XOR @0x1000a64] MEM[0x2003f2d] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f2d ← 0x03 [XOR @0x1000a64] MEM[0x2003f2e] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f2e ← 0x33 [XOR @0x1000a64] MEM[0x2003f2f] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f2f ← 0x33 [XOR @0x1000a64] MEM[0x2003f30] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f30 ← 0x31 [XOR @0x1000a64] MEM[0x2003f31] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f31 ← 0x31 [XOR @0x1000a64] MEM[0x2003f32] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f32 ← 0x32 [XOR @0x1000a64] MEM[0x2003f33] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f33 ← 0x00 [XOR @0x1000a64] MEM[0x2003f34] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f34 ← 0x31 [XOR @0x1000a64] MEM[0x2003f35] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f35 ← 0x02 [XOR @0x1000a64] MEM[0x2003f36] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f36 ← 0x03 [STATE] ESI ← 0x5A [HOOK MOV] @0x010004e9: mov esi, 0x4 [XOR @0x10004fd] MEM[0x2003f20] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x01000503: cmp esi, 0x9 [XOR @0x10004fd] MEM[0x2003f21] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f21 ← 0x02 [XOR @0x10004fd] MEM[0x2003f22] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f22 ← 0x32 [XOR @0x10004fd] MEM[0x2003f23] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f23 ← 0x33 [XOR @0x10004fd] MEM[0x2003f24] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f24 ← 0x31 [STATE] ESI ← 0x3A [HOOK MOV] @0x01000965: mov esi, 0x2 [XOR @0x1000979] MEM[0x2003f20] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x03 [HOOK CMP] @0x0100097f: cmp esi, 0x5 [XOR @0x1000979] MEM[0x2003f21] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f21 ← 0x31 [XOR @0x1000979] MEM[0x2003f22] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f22 ← 0x03 [STATE] ESI ← 0x04 [HOOK MOV] @0x01000c48: mov esi, 0xa [HOOK MOV] @0x01000c4d: mov esi, 0x2f [WRITE] @0x2003f20 ← 0x03 [HOOK CMP] @0x01000c63: cmp esi, 0x15 [WRITE] @0x2003f21 ← 0x03 [WRITE] @0x2003f22 ← 0x33 [WRITE] @0x2003f23 ← 0x30 [WRITE] @0x2003f24 ← 0x02 [WRITE] @0x2003f25 ← 0x32 [WRITE] @0x2003f26 ← 0x32 [WRITE] @0x2003f27 ← 0x31 [WRITE] @0x2003f28 ← 0x32 [WRITE] @0x2003f29 ← 0x01 [WRITE] @0x2003f2a ← 0x31 [STATE] ESI ← 0x26 [HOOK MOV] @0x0100087a: mov esi, 0x9 [XOR @0x100088e] MEM[0x2003f20] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f20 ← 0x02 [HOOK CMP] @0x01000894: cmp esi, 0x13 [XOR @0x100088e] MEM[0x2003f21] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f21 ← 0x32 [XOR @0x100088e] MEM[0x2003f22] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f22 ← 0x01 [XOR @0x100088e] MEM[0x2003f23] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f23 ← 0x00 [XOR @0x100088e] MEM[0x2003f24] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f24 ← 0x01 [XOR @0x100088e] MEM[0x2003f25] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f25 ← 0x01 [XOR @0x100088e] MEM[0x2003f26] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f26 ← 0x01 [XOR @0x100088e] MEM[0x2003f27] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f27 ← 0x00 [XOR @0x100088e] MEM[0x2003f28] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f28 ← 0x03 [XOR @0x100088e] MEM[0x2003f29] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f29 ← 0x33 [STATE] ESI ← 0x35 [HOOK MOV] @0x01000b35: mov esi, 0x24 [XOR @0x1000b49] MEM[0x2003f20] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x01000b4f: cmp esi, 0x49 [XOR @0x1000b49] MEM[0x2003f21] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x32 [XOR @0x1000b49] MEM[0x2003f22] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f22 ← 0x02 [XOR @0x1000b49] MEM[0x2003f23] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x31 [XOR @0x1000b49] MEM[0x2003f24] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f24 ← 0x30 [XOR @0x1000b49] MEM[0x2003f25] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f25 ← 0x00 [XOR @0x1000b49] MEM[0x2003f26] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f26 ← 0x31 [XOR @0x1000b49] MEM[0x2003f27] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f27 ← 0x33 [XOR @0x1000b49] MEM[0x2003f28] 0x03 ^ AL(0x00) → 0x03 寫入後 MEM = 0x03 [WRITE] @0x2003f28 ← 0x03 [XOR @0x1000b49] MEM[0x2003f29] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f29 ← 0x31 [XOR @0x1000b49] MEM[0x2003f2a] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f2a ← 0x31 [XOR @0x1000b49] MEM[0x2003f2b] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f2b ← 0x02 [XOR @0x1000b49] MEM[0x2003f2c] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f2c ← 0x02 [XOR @0x1000b49] MEM[0x2003f2d] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f2d ← 0x01 [XOR @0x1000b49] MEM[0x2003f2e] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f2e ← 0x02 [XOR @0x1000b49] MEM[0x2003f2f] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f2f ← 0x03 [XOR @0x1000b49] MEM[0x2003f30] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f30 ← 0x31 [XOR @0x1000b49] MEM[0x2003f31] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f31 ← 0x00 [XOR @0x1000b49] MEM[0x2003f32] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f32 ← 0x01 [XOR @0x1000b49] MEM[0x2003f33] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f33 ← 0x03 [XOR @0x1000b49] MEM[0x2003f34] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f34 ← 0x00 [XOR @0x1000b49] MEM[0x2003f35] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f35 ← 0x33 [XOR @0x1000b49] MEM[0x2003f36] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f36 ← 0x01 [XOR @0x1000b49] MEM[0x2003f37] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f37 ← 0x30 [XOR @0x1000b49] MEM[0x2003f38] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f38 ← 0x32 [XOR @0x1000b49] MEM[0x2003f39] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f39 ← 0x01 [XOR @0x1000b49] MEM[0x2003f3a] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f3a ← 0x00 [XOR @0x1000b49] MEM[0x2003f3b] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f3b ← 0x33 [XOR @0x1000b49] MEM[0x2003f3c] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f3c ← 0x01 [XOR @0x1000b49] MEM[0x2003f3d] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f3d ← 0x00 [XOR @0x1000b49] MEM[0x2003f3e] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f3e ← 0x32 [XOR @0x1000b49] MEM[0x2003f3f] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f3f ← 0x00 [XOR @0x1000b49] MEM[0x2003f40] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f40 ← 0x02 [XOR @0x1000b49] MEM[0x2003f41] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f41 ← 0x01 [XOR @0x1000b49] MEM[0x2003f42] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f42 ← 0x33 [XOR @0x1000b49] MEM[0x2003f43] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f43 ← 0x03 [XOR @0x1000b49] MEM[0x2003f44] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f44 ← 0x33 [STATE] ESI ← 0x46 [HOOK MOV] @0x01000f96: mov esi, 0x2c [XOR @0x1000faa] MEM[0x2003f20] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x01000fb0: cmp esi, 0x59 [XOR @0x1000faa] MEM[0x2003f21] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x30 [XOR @0x1000faa] MEM[0x2003f22] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f22 ← 0x02 [XOR @0x1000faa] MEM[0x2003f23] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f23 ← 0x01 [XOR @0x1000faa] MEM[0x2003f24] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f24 ← 0x00 [XOR @0x1000faa] MEM[0x2003f25] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f25 ← 0x02 [XOR @0x1000faa] MEM[0x2003f26] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x30 [XOR @0x1000faa] MEM[0x2003f27] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f27 ← 0x33 [XOR @0x1000faa] MEM[0x2003f28] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f28 ← 0x01 [XOR @0x1000faa] MEM[0x2003f29] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f29 ← 0x01 [XOR @0x1000faa] MEM[0x2003f2a] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f2a ← 0x02 [XOR @0x1000faa] MEM[0x2003f2b] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f2b ← 0x03 [XOR @0x1000faa] MEM[0x2003f2c] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x03 [XOR @0x1000faa] MEM[0x2003f2d] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f2d ← 0x03 [XOR @0x1000faa] MEM[0x2003f2e] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f2e ← 0x01 [XOR @0x1000faa] MEM[0x2003f2f] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f2f ← 0x00 [XOR @0x1000faa] MEM[0x2003f30] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f30 ← 0x32 [XOR @0x1000faa] MEM[0x2003f31] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f31 ← 0x01 [XOR @0x1000faa] MEM[0x2003f32] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f32 ← 0x01 [XOR @0x1000faa] MEM[0x2003f33] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f33 ← 0x31 [XOR @0x1000faa] MEM[0x2003f34] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f34 ← 0x01 [XOR @0x1000faa] MEM[0x2003f35] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f35 ← 0x32 [XOR @0x1000faa] MEM[0x2003f36] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f36 ← 0x30 [XOR @0x1000faa] MEM[0x2003f37] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f37 ← 0x31 [XOR @0x1000faa] MEM[0x2003f38] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f38 ← 0x00 [XOR @0x1000faa] MEM[0x2003f39] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f39 ← 0x31 [XOR @0x1000faa] MEM[0x2003f3a] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f3a ← 0x31 [XOR @0x1000faa] MEM[0x2003f3b] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f3b ← 0x33 [XOR @0x1000faa] MEM[0x2003f3c] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f3c ← 0x30 [XOR @0x1000faa] MEM[0x2003f3d] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f3d ← 0x31 [XOR @0x1000faa] MEM[0x2003f3e] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f3e ← 0x01 [XOR @0x1000faa] MEM[0x2003f3f] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f3f ← 0x30 [XOR @0x1000faa] MEM[0x2003f40] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f40 ← 0x33 [XOR @0x1000faa] MEM[0x2003f41] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f41 ← 0x00 [XOR @0x1000faa] MEM[0x2003f42] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f42 ← 0x03 [XOR @0x1000faa] MEM[0x2003f43] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f43 ← 0x30 [XOR @0x1000faa] MEM[0x2003f44] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f44 ← 0x33 [XOR @0x1000faa] MEM[0x2003f45] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f45 ← 0x03 [XOR @0x1000faa] MEM[0x2003f46] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f46 ← 0x33 [XOR @0x1000faa] MEM[0x2003f47] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f47 ← 0x02 [XOR @0x1000faa] MEM[0x2003f48] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f48 ← 0x32 [XOR @0x1000faa] MEM[0x2003f49] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f49 ← 0x32 [XOR @0x1000faa] MEM[0x2003f4a] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f4a ← 0x32 [XOR @0x1000faa] MEM[0x2003f4b] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f4b ← 0x01 [XOR @0x1000faa] MEM[0x2003f4c] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f4c ← 0x32 [STATE] ESI ← 0x60 [HOOK MOV] @0x010015f6: mov esi, 0x2 [XOR @0x100160a] MEM[0x2003f20] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x32 [HOOK CMP] @0x01001610: cmp esi, 0x5 [XOR @0x100160a] MEM[0x2003f21] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f21 ← 0x31 [XOR @0x100160a] MEM[0x2003f22] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f22 ← 0x02 [STATE] ESI ← 0x11 [XOR @0x1000d40] MEM[0x2003f20] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f20 ← 0x33 [HOOK CMP] @0x01000d46: cmp esi, 0x23 [XOR @0x1000d40] MEM[0x2003f21] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f21 ← 0x30 [XOR @0x1000d40] MEM[0x2003f22] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f22 ← 0x33 [XOR @0x1000d40] MEM[0x2003f23] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f23 ← 0x00 [XOR @0x1000d40] MEM[0x2003f24] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f24 ← 0x32 [XOR @0x1000d40] MEM[0x2003f25] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f25 ← 0x32 [XOR @0x1000d40] MEM[0x2003f26] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f26 ← 0x01 [XOR @0x1000d40] MEM[0x2003f27] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f27 ← 0x33 [XOR @0x1000d40] MEM[0x2003f28] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f28 ← 0x30 [XOR @0x1000d40] MEM[0x2003f29] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f29 ← 0x30 [XOR @0x1000d40] MEM[0x2003f2a] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f2a ← 0x31 [XOR @0x1000d40] MEM[0x2003f2b] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f2b ← 0x33 [XOR @0x1000d40] MEM[0x2003f2c] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f2c ← 0x32 [XOR @0x1000d40] MEM[0x2003f2d] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f2d ← 0x02 [XOR @0x1000d40] MEM[0x2003f2e] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f2e ← 0x31 [XOR @0x1000d40] MEM[0x2003f2f] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f2f ← 0x33 [XOR @0x1000d40] MEM[0x2003f30] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f30 ← 0x32 [XOR @0x1000d40] MEM[0x2003f31] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x02 [STATE] ESI ← 0x07 [HOOK MOV] @0x0100156b: mov esi, 0xf [HOOK MOV] @0x01001570: mov esi, 0x2f [WRITE] @0x2003f20 ← 0x00 [HOOK CMP] @0x01001586: cmp esi, 0x1f [WRITE] @0x2003f21 ← 0x02 [WRITE] @0x2003f22 ← 0x31 [WRITE] @0x2003f23 ← 0x01 [WRITE] @0x2003f24 ← 0x03 [WRITE] @0x2003f25 ← 0x33 [WRITE] @0x2003f26 ← 0x33 [WRITE] @0x2003f27 ← 0x03 [WRITE] @0x2003f28 ← 0x01 [WRITE] @0x2003f29 ← 0x30 [WRITE] @0x2003f2a ← 0x00 [WRITE] @0x2003f2b ← 0x02 [WRITE] @0x2003f2c ← 0x01 [WRITE] @0x2003f2d ← 0x32 [WRITE] @0x2003f2e ← 0x00 [WRITE] @0x2003f2f ← 0x32 [STATE] ESI ← 0x3E [HOOK MOV] @0x01000bed: mov esi, 0x22 [HOOK MOV] @0x01000bf2: mov esi, 0x2f [WRITE] @0x2003f20 ← 0x03 [HOOK CMP] @0x01000c08: cmp esi, 0x45 [WRITE] @0x2003f21 ← 0x32 [WRITE] @0x2003f22 ← 0x02 [WRITE] @0x2003f23 ← 0x02 [WRITE] @0x2003f24 ← 0x30 [WRITE] @0x2003f25 ← 0x31 [WRITE] @0x2003f26 ← 0x01 [WRITE] @0x2003f27 ← 0x31 [WRITE] @0x2003f28 ← 0x33 [WRITE] @0x2003f29 ← 0x31 [WRITE] @0x2003f2a ← 0x32 [WRITE] @0x2003f2b ← 0x00 [WRITE] @0x2003f2c ← 0x01 [WRITE] @0x2003f2d ← 0x31 [WRITE] @0x2003f2e ← 0x32 [WRITE] @0x2003f2f ← 0x30 [WRITE] @0x2003f30 ← 0x30 [WRITE] @0x2003f31 ← 0x32 [WRITE] @0x2003f32 ← 0x30 [WRITE] @0x2003f33 ← 0x30 [WRITE] @0x2003f34 ← 0x30 [WRITE] @0x2003f35 ← 0x01 [WRITE] @0x2003f36 ← 0x01 [WRITE] @0x2003f37 ← 0x03 [WRITE] @0x2003f38 ← 0x00 [WRITE] @0x2003f39 ← 0x30 [WRITE] @0x2003f3a ← 0x00 [WRITE] @0x2003f3b ← 0x01 [WRITE] @0x2003f3c ← 0x00 [WRITE] @0x2003f3d ← 0x01 [WRITE] @0x2003f3e ← 0x33 [WRITE] @0x2003f3f ← 0x00 [WRITE] @0x2003f40 ← 0x03 [WRITE] @0x2003f41 ← 0x30 [WRITE] @0x2003f42 ← 0x02 [STATE] ESI ← 0x45 [HOOK MOV] @0x01001511: mov esi, 0x2 [XOR @0x1001525] MEM[0x2003f20] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f20 ← 0x01 [HOOK CMP] @0x0100152b: cmp esi, 0x5 [XOR @0x1001525] MEM[0x2003f21] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x30 [XOR @0x1001525] MEM[0x2003f22] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f22 ← 0x32 [STATE] ESI ← 0x2A [HOOK MOV] @0x01000e7f: mov esi, 0x14 [XOR @0x1000e93] MEM[0x2003f20] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x01000e99: cmp esi, 0x29 [XOR @0x1000e93] MEM[0x2003f21] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f21 ← 0x31 [XOR @0x1000e93] MEM[0x2003f22] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f22 ← 0x33 [XOR @0x1000e93] MEM[0x2003f23] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f23 ← 0x01 [XOR @0x1000e93] MEM[0x2003f24] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f24 ← 0x30 [XOR @0x1000e93] MEM[0x2003f25] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f25 ← 0x01 [XOR @0x1000e93] MEM[0x2003f26] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f26 ← 0x01 [XOR @0x1000e93] MEM[0x2003f27] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f27 ← 0x30 [XOR @0x1000e93] MEM[0x2003f28] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f28 ← 0x33 [XOR @0x1000e93] MEM[0x2003f29] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f29 ← 0x30 [XOR @0x1000e93] MEM[0x2003f2a] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f2a ← 0x01 [XOR @0x1000e93] MEM[0x2003f2b] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f2b ← 0x00 [XOR @0x1000e93] MEM[0x2003f2c] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f2c ← 0x02 [XOR @0x1000e93] MEM[0x2003f2d] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f2d ← 0x01 [XOR @0x1000e93] MEM[0x2003f2e] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f2e ← 0x30 [XOR @0x1000e93] MEM[0x2003f2f] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f2f ← 0x00 [XOR @0x1000e93] MEM[0x2003f30] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f30 ← 0x03 [XOR @0x1000e93] MEM[0x2003f31] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f31 ← 0x31 [XOR @0x1000e93] MEM[0x2003f32] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f32 ← 0x03 [XOR @0x1000e93] MEM[0x2003f33] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f33 ← 0x32 [XOR @0x1000e93] MEM[0x2003f34] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f34 ← 0x02 [STATE] ESI ← 0x19 [HOOK MOV] @0x010012b5: mov esi, 0xd [XOR @0x10012c9] MEM[0x2003f20] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x010012cf: cmp esi, 0x1b [XOR @0x10012c9] MEM[0x2003f21] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f21 ← 0x01 [XOR @0x10012c9] MEM[0x2003f22] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f22 ← 0x33 [XOR @0x10012c9] MEM[0x2003f23] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f23 ← 0x02 [XOR @0x10012c9] MEM[0x2003f24] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f24 ← 0x01 [XOR @0x10012c9] MEM[0x2003f25] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f25 ← 0x02 [XOR @0x10012c9] MEM[0x2003f26] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f26 ← 0x33 [XOR @0x10012c9] MEM[0x2003f27] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x32 [XOR @0x10012c9] MEM[0x2003f28] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f28 ← 0x32 [XOR @0x10012c9] MEM[0x2003f29] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f29 ← 0x31 [XOR @0x10012c9] MEM[0x2003f2a] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f2a ← 0x02 [XOR @0x10012c9] MEM[0x2003f2b] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f2b ← 0x00 [XOR @0x10012c9] MEM[0x2003f2c] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x32 [XOR @0x10012c9] MEM[0x2003f2d] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f2d ← 0x01 [STATE] ESI ← 0x4E [HOOK MOV] @0x0100119b: mov esi, 0x26 [XOR @0x10011af] MEM[0x2003f20] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x03 [HOOK CMP] @0x010011b5: cmp esi, 0x4d [XOR @0x10011af] MEM[0x2003f21] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f21 ← 0x03 [XOR @0x10011af] MEM[0x2003f22] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f22 ← 0x01 [XOR @0x10011af] MEM[0x2003f23] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f23 ← 0x30 [XOR @0x10011af] MEM[0x2003f24] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f24 ← 0x33 [XOR @0x10011af] MEM[0x2003f25] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f25 ← 0x03 [XOR @0x10011af] MEM[0x2003f26] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f26 ← 0x01 [XOR @0x10011af] MEM[0x2003f27] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f27 ← 0x30 [XOR @0x10011af] MEM[0x2003f28] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f28 ← 0x32 [XOR @0x10011af] MEM[0x2003f29] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f29 ← 0x32 [XOR @0x10011af] MEM[0x2003f2a] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f2a ← 0x01 [XOR @0x10011af] MEM[0x2003f2b] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f2b ← 0x01 [XOR @0x10011af] MEM[0x2003f2c] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f2c ← 0x02 [XOR @0x10011af] MEM[0x2003f2d] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f2d ← 0x32 [XOR @0x10011af] MEM[0x2003f2e] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f2e ← 0x33 [XOR @0x10011af] MEM[0x2003f2f] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f2f ← 0x01 [XOR @0x10011af] MEM[0x2003f30] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f30 ← 0x33 [XOR @0x10011af] MEM[0x2003f31] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f31 ← 0x03 [XOR @0x10011af] MEM[0x2003f32] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f32 ← 0x31 [XOR @0x10011af] MEM[0x2003f33] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f33 ← 0x33 [XOR @0x10011af] MEM[0x2003f34] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f34 ← 0x03 [XOR @0x10011af] MEM[0x2003f35] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f35 ← 0x03 [XOR @0x10011af] MEM[0x2003f36] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f36 ← 0x33 [XOR @0x10011af] MEM[0x2003f37] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f37 ← 0x30 [XOR @0x10011af] MEM[0x2003f38] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f38 ← 0x01 [XOR @0x10011af] MEM[0x2003f39] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f39 ← 0x03 [XOR @0x10011af] MEM[0x2003f3a] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f3a ← 0x03 [XOR @0x10011af] MEM[0x2003f3b] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f3b ← 0x30 [XOR @0x10011af] MEM[0x2003f3c] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f3c ← 0x33 [XOR @0x10011af] MEM[0x2003f3d] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f3d ← 0x02 [XOR @0x10011af] MEM[0x2003f3e] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f3e ← 0x30 [XOR @0x10011af] MEM[0x2003f3f] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f3f ← 0x33 [XOR @0x10011af] MEM[0x2003f40] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f40 ← 0x33 [XOR @0x10011af] MEM[0x2003f41] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f41 ← 0x31 [XOR @0x10011af] MEM[0x2003f42] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f42 ← 0x01 [XOR @0x10011af] MEM[0x2003f43] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f43 ← 0x33 [XOR @0x10011af] MEM[0x2003f44] 0x33 ^ AL(0x30) → 0x03 寫入後 MEM = 0x33 [WRITE] @0x2003f44 ← 0x03 [XOR @0x10011af] MEM[0x2003f45] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f45 ← 0x30 [XOR @0x10011af] MEM[0x2003f46] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f46 ← 0x31 [STATE] ESI ← 0x22 [HOOK MOV] @0x0100139e: mov esi, 0x9 [XOR @0x10013b2] MEM[0x2003f20] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f20 ← 0x31 [HOOK CMP] @0x010013b8: cmp esi, 0x13 [XOR @0x10013b2] MEM[0x2003f21] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f21 ← 0x02 [XOR @0x10013b2] MEM[0x2003f22] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f22 ← 0x00 [XOR @0x10013b2] MEM[0x2003f23] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f23 ← 0x32 [XOR @0x10013b2] MEM[0x2003f24] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f24 ← 0x01 [XOR @0x10013b2] MEM[0x2003f25] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f25 ← 0x30 [XOR @0x10013b2] MEM[0x2003f26] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f26 ← 0x00 [XOR @0x10013b2] MEM[0x2003f27] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x03 [XOR @0x10013b2] MEM[0x2003f28] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f28 ← 0x31 [XOR @0x10013b2] MEM[0x2003f29] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f29 ← 0x03 [STATE] ESI ← 0x5F [HOOK MOV] @0x01000aaa: mov esi, 0x27 [HOOK MOV] @0x01000aaf: mov esi, 0x2f [WRITE] @0x2003f20 ← 0x33 [HOOK CMP] @0x01000ac5: cmp esi, 0x4f [WRITE] @0x2003f21 ← 0x30 [WRITE] @0x2003f22 ← 0x32 [WRITE] @0x2003f23 ← 0x00 [WRITE] @0x2003f24 ← 0x00 [WRITE] @0x2003f25 ← 0x02 [WRITE] @0x2003f26 ← 0x02 [WRITE] @0x2003f27 ← 0x03 [WRITE] @0x2003f28 ← 0x02 [WRITE] @0x2003f29 ← 0x33 [WRITE] @0x2003f2a ← 0x33 [WRITE] @0x2003f2b ← 0x01 [WRITE] @0x2003f2c ← 0x02 [WRITE] @0x2003f2d ← 0x30 [WRITE] @0x2003f2e ← 0x31 [WRITE] @0x2003f2f ← 0x02 [WRITE] @0x2003f30 ← 0x31 [WRITE] @0x2003f31 ← 0x30 [WRITE] @0x2003f32 ← 0x02 [WRITE] @0x2003f33 ← 0x32 [WRITE] @0x2003f34 ← 0x01 [WRITE] @0x2003f35 ← 0x33 [WRITE] @0x2003f36 ← 0x02 [WRITE] @0x2003f37 ← 0x32 [WRITE] @0x2003f38 ← 0x30 [WRITE] @0x2003f39 ← 0x33 [WRITE] @0x2003f3a ← 0x01 [WRITE] @0x2003f3b ← 0x02 [WRITE] @0x2003f3c ← 0x32 [WRITE] @0x2003f3d ← 0x31 [WRITE] @0x2003f3e ← 0x32 [WRITE] @0x2003f3f ← 0x01 [WRITE] @0x2003f40 ← 0x03 [WRITE] @0x2003f41 ← 0x02 [WRITE] @0x2003f42 ← 0x00 [WRITE] @0x2003f43 ← 0x31 [WRITE] @0x2003f44 ← 0x31 [WRITE] @0x2003f45 ← 0x01 [WRITE] @0x2003f46 ← 0x03 [WRITE] @0x2003f47 ← 0x03 [STATE] ESI ← 0x25 [HOOK MOV] @0x01001311: mov esi, 0x1a [XOR @0x1001325] MEM[0x2003f20] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f20 ← 0x32 [HOOK CMP] @0x0100132b: cmp esi, 0x35 [XOR @0x1001325] MEM[0x2003f21] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f21 ← 0x32 [XOR @0x1001325] MEM[0x2003f22] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f22 ← 0x00 [XOR @0x1001325] MEM[0x2003f23] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x31 [XOR @0x1001325] MEM[0x2003f24] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f24 ← 0x32 [XOR @0x1001325] MEM[0x2003f25] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f25 ← 0x03 [XOR @0x1001325] MEM[0x2003f26] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f26 ← 0x01 [XOR @0x1001325] MEM[0x2003f27] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f27 ← 0x01 [XOR @0x1001325] MEM[0x2003f28] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f28 ← 0x02 [XOR @0x1001325] MEM[0x2003f29] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f29 ← 0x02 [XOR @0x1001325] MEM[0x2003f2a] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f2a ← 0x02 [XOR @0x1001325] MEM[0x2003f2b] 0x01 ^ AL(0x01) → 0x00 寫入後 MEM = 0x01 [WRITE] @0x2003f2b ← 0x00 [XOR @0x1001325] MEM[0x2003f2c] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f2c ← 0x01 [XOR @0x1001325] MEM[0x2003f2d] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f2d ← 0x33 [XOR @0x1001325] MEM[0x2003f2e] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f2e ← 0x03 [XOR @0x1001325] MEM[0x2003f2f] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f2f ← 0x30 [XOR @0x1001325] MEM[0x2003f30] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f30 ← 0x03 [XOR @0x1001325] MEM[0x2003f31] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f31 ← 0x31 [XOR @0x1001325] MEM[0x2003f32] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f32 ← 0x30 [XOR @0x1001325] MEM[0x2003f33] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f33 ← 0x30 [XOR @0x1001325] MEM[0x2003f34] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f34 ← 0x01 [XOR @0x1001325] MEM[0x2003f35] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f35 ← 0x01 [XOR @0x1001325] MEM[0x2003f36] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f36 ← 0x30 [XOR @0x1001325] MEM[0x2003f37] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f37 ← 0x32 [XOR @0x1001325] MEM[0x2003f38] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f38 ← 0x01 [XOR @0x1001325] MEM[0x2003f39] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f39 ← 0x01 [XOR @0x1001325] MEM[0x2003f3a] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f3a ← 0x02 [STATE] ESI ← 0x41 [HOOK MOV] @0x01000b05: mov esi, 0x21 [HOOK MOV] @0x01000b0a: mov esi, 0x2f [WRITE] @0x2003f20 ← 0x30 [HOOK CMP] @0x01000b20: cmp esi, 0x43 [WRITE] @0x2003f21 ← 0x32 [WRITE] @0x2003f22 ← 0x31 [WRITE] @0x2003f23 ← 0x00 [WRITE] @0x2003f24 ← 0x33 [WRITE] @0x2003f25 ← 0x00 [WRITE] @0x2003f26 ← 0x02 [WRITE] @0x2003f27 ← 0x33 [WRITE] @0x2003f28 ← 0x30 [WRITE] @0x2003f29 ← 0x30 [WRITE] @0x2003f2a ← 0x03 [WRITE] @0x2003f2b ← 0x32 [WRITE] @0x2003f2c ← 0x03 [WRITE] @0x2003f2d ← 0x33 [WRITE] @0x2003f2e ← 0x33 [WRITE] @0x2003f2f ← 0x02 [WRITE] @0x2003f30 ← 0x32 [WRITE] @0x2003f31 ← 0x31 [WRITE] @0x2003f32 ← 0x03 [WRITE] @0x2003f33 ← 0x30 [WRITE] @0x2003f34 ← 0x03 [WRITE] @0x2003f35 ← 0x32 [WRITE] @0x2003f36 ← 0x00 [WRITE] @0x2003f37 ← 0x02 [WRITE] @0x2003f38 ← 0x02 [WRITE] @0x2003f39 ← 0x33 [WRITE] @0x2003f3a ← 0x01 [WRITE] @0x2003f3b ← 0x31 [WRITE] @0x2003f3c ← 0x01 [WRITE] @0x2003f3d ← 0x33 [WRITE] @0x2003f3e ← 0x00 [WRITE] @0x2003f3f ← 0x30 [WRITE] @0x2003f40 ← 0x00 [WRITE] @0x2003f41 ← 0x32 [STATE] ESI ← 0x53 [HOOK MOV] @0x01000f0c: mov esi, 0x2a [XOR @0x1000f20] MEM[0x2003f20] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f20 ← 0x02 [HOOK CMP] @0x01000f26: cmp esi, 0x55 [XOR @0x1000f20] MEM[0x2003f21] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x33 [XOR @0x1000f20] MEM[0x2003f22] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f22 ← 0x03 [XOR @0x1000f20] MEM[0x2003f23] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f23 ← 0x02 [XOR @0x1000f20] MEM[0x2003f24] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f24 ← 0x33 [XOR @0x1000f20] MEM[0x2003f25] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f25 ← 0x02 [XOR @0x1000f20] MEM[0x2003f26] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f26 ← 0x31 [XOR @0x1000f20] MEM[0x2003f27] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f27 ← 0x30 [XOR @0x1000f20] MEM[0x2003f28] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f28 ← 0x32 [XOR @0x1000f20] MEM[0x2003f29] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f29 ← 0x03 [XOR @0x1000f20] MEM[0x2003f2a] 0x03 ^ AL(0x02) → 0x01 寫入後 MEM = 0x03 [WRITE] @0x2003f2a ← 0x01 [XOR @0x1000f20] MEM[0x2003f2b] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f2b ← 0x03 [XOR @0x1000f20] MEM[0x2003f2c] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f2c ← 0x33 [XOR @0x1000f20] MEM[0x2003f2d] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f2d ← 0x01 [XOR @0x1000f20] MEM[0x2003f2e] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f2e ← 0x30 [XOR @0x1000f20] MEM[0x2003f2f] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f2f ← 0x03 [XOR @0x1000f20] MEM[0x2003f30] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f30 ← 0x31 [XOR @0x1000f20] MEM[0x2003f31] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f31 ← 0x02 [XOR @0x1000f20] MEM[0x2003f32] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f32 ← 0x02 [XOR @0x1000f20] MEM[0x2003f33] 0x30 ^ AL(0x30) → 0x00 寫入後 MEM = 0x30 [WRITE] @0x2003f33 ← 0x00 [XOR @0x1000f20] MEM[0x2003f34] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f34 ← 0x00 [XOR @0x1000f20] MEM[0x2003f35] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f35 ← 0x03 [XOR @0x1000f20] MEM[0x2003f36] 0x00 ^ AL(0x02) → 0x02 寫入後 MEM = 0x00 [WRITE] @0x2003f36 ← 0x02 [XOR @0x1000f20] MEM[0x2003f37] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f37 ← 0x00 [XOR @0x1000f20] MEM[0x2003f38] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f38 ← 0x02 [XOR @0x1000f20] MEM[0x2003f39] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f39 ← 0x33 [XOR @0x1000f20] MEM[0x2003f3a] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f3a ← 0x02 [XOR @0x1000f20] MEM[0x2003f3b] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f3b ← 0x33 [XOR @0x1000f20] MEM[0x2003f3c] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f3c ← 0x01 [XOR @0x1000f20] MEM[0x2003f3d] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f3d ← 0x31 [XOR @0x1000f20] MEM[0x2003f3e] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f3e ← 0x33 [XOR @0x1000f20] MEM[0x2003f3f] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f3f ← 0x32 [XOR @0x1000f20] MEM[0x2003f40] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f40 ← 0x33 [XOR @0x1000f20] MEM[0x2003f41] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f41 ← 0x33 [XOR @0x1000f20] MEM[0x2003f42] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f42 ← 0x31 [XOR @0x1000f20] MEM[0x2003f43] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f43 ← 0x02 [XOR @0x1000f20] MEM[0x2003f44] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f44 ← 0x03 [XOR @0x1000f20] MEM[0x2003f45] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f45 ← 0x32 [XOR @0x1000f20] MEM[0x2003f46] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f46 ← 0x30 [XOR @0x1000f20] MEM[0x2003f47] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f47 ← 0x32 [XOR @0x1000f20] MEM[0x2003f48] 0x32 ^ AL(0x02) → 0x30 寫入後 MEM = 0x32 [WRITE] @0x2003f48 ← 0x30 [XOR @0x1000f20] MEM[0x2003f49] 0x32 ^ AL(0x03) → 0x31 寫入後 MEM = 0x32 [WRITE] @0x2003f49 ← 0x31 [XOR @0x1000f20] MEM[0x2003f4a] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f4a ← 0x00 [STATE] ESI ← 0x2C [HOOK MOV] @0x01000c1d: mov esi, 0x13 [XOR @0x1000c31] MEM[0x2003f20] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f20 ← 0x02 [HOOK CMP] @0x01000c37: cmp esi, 0x27 [XOR @0x1000c31] MEM[0x2003f21] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f21 ← 0x33 [XOR @0x1000c31] MEM[0x2003f22] 0x03 ^ AL(0x03) → 0x00 寫入後 MEM = 0x03 [WRITE] @0x2003f22 ← 0x00 [XOR @0x1000c31] MEM[0x2003f23] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f23 ← 0x00 [XOR @0x1000c31] MEM[0x2003f24] 0x33 ^ AL(0x00) → 0x33 寫入後 MEM = 0x33 [WRITE] @0x2003f24 ← 0x33 [XOR @0x1000c31] MEM[0x2003f25] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f25 ← 0x00 [XOR @0x1000c31] MEM[0x2003f26] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x02 [XOR @0x1000c31] MEM[0x2003f27] 0x30 ^ AL(0x02) → 0x32 寫入後 MEM = 0x30 [WRITE] @0x2003f27 ← 0x32 [XOR @0x1000c31] MEM[0x2003f28] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f28 ← 0x01 [XOR @0x1000c31] MEM[0x2003f29] 0x03 ^ AL(0x01) → 0x02 寫入後 MEM = 0x03 [WRITE] @0x2003f29 ← 0x02 [XOR @0x1000c31] MEM[0x2003f2a] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f2a ← 0x30 [XOR @0x1000c31] MEM[0x2003f2b] 0x03 ^ AL(0x33) → 0x30 寫入後 MEM = 0x03 [WRITE] @0x2003f2b ← 0x30 [XOR @0x1000c31] MEM[0x2003f2c] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f2c ← 0x01 [XOR @0x1000c31] MEM[0x2003f2d] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f2d ← 0x32 [XOR @0x1000c31] MEM[0x2003f2e] 0x30 ^ AL(0x33) → 0x03 寫入後 MEM = 0x30 [WRITE] @0x2003f2e ← 0x03 [XOR @0x1000c31] MEM[0x2003f2f] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f2f ← 0x32 [XOR @0x1000c31] MEM[0x2003f30] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f30 ← 0x33 [XOR @0x1000c31] MEM[0x2003f31] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f31 ← 0x01 [XOR @0x1000c31] MEM[0x2003f32] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f32 ← 0x30 [XOR @0x1000c31] MEM[0x2003f33] 0x00 ^ AL(0x30) → 0x30 寫入後 MEM = 0x00 [WRITE] @0x2003f33 ← 0x30 [STATE] ESI ← 0x09 [HOOK MOV] @0x010007ef: mov esi, 0x2e [HOOK MOV] @0x010007f4: mov esi, 0x2f [WRITE] @0x2003f20 ← 0x02 [HOOK CMP] @0x0100080a: cmp esi, 0x5d [WRITE] @0x2003f21 ← 0x31 [WRITE] @0x2003f22 ← 0x31 [WRITE] @0x2003f23 ← 0x31 [WRITE] @0x2003f24 ← 0x02 [WRITE] @0x2003f25 ← 0x02 [WRITE] @0x2003f26 ← 0x00 [WRITE] @0x2003f27 ← 0x32 [WRITE] @0x2003f28 ← 0x33 [WRITE] @0x2003f29 ← 0x31 [WRITE] @0x2003f2a ← 0x01 [WRITE] @0x2003f2b ← 0x31 [WRITE] @0x2003f2c ← 0x30 [WRITE] @0x2003f2d ← 0x02 [WRITE] @0x2003f2e ← 0x01 [WRITE] @0x2003f2f ← 0x33 [WRITE] @0x2003f30 ← 0x00 [WRITE] @0x2003f31 ← 0x01 [WRITE] @0x2003f32 ← 0x31 [WRITE] @0x2003f33 ← 0x01 [WRITE] @0x2003f34 ← 0x01 [WRITE] @0x2003f35 ← 0x02 [WRITE] @0x2003f36 ← 0x00 [WRITE] @0x2003f37 ← 0x00 [WRITE] @0x2003f38 ← 0x02 [WRITE] @0x2003f39 ← 0x31 [WRITE] @0x2003f3a ← 0x33 [WRITE] @0x2003f3b ← 0x00 [WRITE] @0x2003f3c ← 0x01 [WRITE] @0x2003f3d ← 0x30 [WRITE] @0x2003f3e ← 0x03 [WRITE] @0x2003f3f ← 0x31 [WRITE] @0x2003f40 ← 0x02 [WRITE] @0x2003f41 ← 0x31 [WRITE] @0x2003f42 ← 0x00 [WRITE] @0x2003f43 ← 0x02 [WRITE] @0x2003f44 ← 0x01 [WRITE] @0x2003f45 ← 0x33 [WRITE] @0x2003f46 ← 0x03 [WRITE] @0x2003f47 ← 0x31 [WRITE] @0x2003f48 ← 0x01 [WRITE] @0x2003f49 ← 0x30 [WRITE] @0x2003f4a ← 0x30 [WRITE] @0x2003f4b ← 0x31 [WRITE] @0x2003f4c ← 0x03 [WRITE] @0x2003f4d ← 0x01 [WRITE] @0x2003f4e ← 0x01 [STATE] ESI ← 0x3C [HOOK MOV] @0x01001340: mov esi, 0x18 [XOR @0x1001354] MEM[0x2003f20] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f20 ← 0x00 [HOOK CMP] @0x0100135a: cmp esi, 0x31 [XOR @0x1001354] MEM[0x2003f21] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f21 ← 0x00 [XOR @0x1001354] MEM[0x2003f22] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f22 ← 0x02 [XOR @0x1001354] MEM[0x2003f23] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f23 ← 0x31 [XOR @0x1001354] MEM[0x2003f24] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f24 ← 0x03 [XOR @0x1001354] MEM[0x2003f25] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f25 ← 0x32 [XOR @0x1001354] MEM[0x2003f26] 0x00 ^ AL(0x03) → 0x03 寫入後 MEM = 0x00 [WRITE] @0x2003f26 ← 0x03 [XOR @0x1001354] MEM[0x2003f27] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f27 ← 0x03 [XOR @0x1001354] MEM[0x2003f28] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f28 ← 0x31 [XOR @0x1001354] MEM[0x2003f29] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f29 ← 0x00 [XOR @0x1001354] MEM[0x2003f2a] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f2a ← 0x01 [XOR @0x1001354] MEM[0x2003f2b] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f2b ← 0x33 [XOR @0x1001354] MEM[0x2003f2c] 0x30 ^ AL(0x01) → 0x31 寫入後 MEM = 0x30 [WRITE] @0x2003f2c ← 0x31 [XOR @0x1001354] MEM[0x2003f2d] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f2d ← 0x31 [XOR @0x1001354] MEM[0x2003f2e] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f2e ← 0x02 [XOR @0x1001354] MEM[0x2003f2f] 0x33 ^ AL(0x31) → 0x02 寫入後 MEM = 0x33 [WRITE] @0x2003f2f ← 0x02 [XOR @0x1001354] MEM[0x2003f30] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f30 ← 0x01 [XOR @0x1001354] MEM[0x2003f31] 0x01 ^ AL(0x30) → 0x31 寫入後 MEM = 0x01 [WRITE] @0x2003f31 ← 0x31 [XOR @0x1001354] MEM[0x2003f32] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f32 ← 0x01 [XOR @0x1001354] MEM[0x2003f33] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f33 ← 0x30 [XOR @0x1001354] MEM[0x2003f34] 0x01 ^ AL(0x03) → 0x02 寫入後 MEM = 0x01 [WRITE] @0x2003f34 ← 0x02 [XOR @0x1001354] MEM[0x2003f35] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f35 ← 0x03 [XOR @0x1001354] MEM[0x2003f36] 0x00 ^ AL(0x01) → 0x01 寫入後 MEM = 0x00 [WRITE] @0x2003f36 ← 0x01 [XOR @0x1001354] MEM[0x2003f37] 0x00 ^ AL(0x00) → 0x00 寫入後 MEM = 0x00 [WRITE] @0x2003f37 ← 0x00 [XOR @0x1001354] MEM[0x2003f38] 0x02 ^ AL(0x00) → 0x02 寫入後 MEM = 0x02 [WRITE] @0x2003f38 ← 0x02 [STATE] ESI ← 0x1E [WRITE] @0x2003f1c ← 0x0d [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x31 [WRITE] @0x2003f1c ← 0x0e [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f21 ← 0x02 [WRITE] @0x2003f1c ← 0x0f [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f22 ← 0x00 [WRITE] @0x2003f1c ← 0x10 [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f23 ← 0x30 [WRITE] @0x2003f1c ← 0x11 [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f24 ← 0x32 [WRITE] @0x2003f1c ← 0x12 [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f25 ← 0x33 [WRITE] @0x2003f1c ← 0x13 [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f26 ← 0x33 [WRITE] @0x2003f1c ← 0x14 [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f27 ← 0x01 [WRITE] @0x2003f1c ← 0x15 [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f28 ← 0x32 [WRITE] @0x2003f1c ← 0x16 [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f29 ← 0x01 [WRITE] @0x2003f1c ← 0x17 [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x00) → 0x31 寫入後 MEM = 0x31 [WRITE] @0x2003f2a ← 0x01 [WRITE] @0x2003f1c ← 0x18 [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f2b ← 0x31 [WRITE] @0x2003f1c ← 0x19 [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x31) → 0x00 寫入後 MEM = 0x31 [WRITE] @0x2003f2c ← 0x00 [WRITE] @0x2003f1c ← 0x1a [XOR @0x1000e34] MEM[0x2003f31] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f2d ← 0x02 [WRITE] @0x2003f1c ← 0x1b [STATE] ESI ← 0x14 [HOOK MOV] @0x0100084b: mov esi, 0x29 [XOR @0x100085f] MEM[0x2003f20] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f20 ← 0x01 [HOOK CMP] @0x01000865: cmp esi, 0x53 [XOR @0x100085f] MEM[0x2003f21] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f21 ← 0x32 [XOR @0x100085f] MEM[0x2003f22] 0x00 ^ AL(0x31) → 0x31 寫入後 MEM = 0x00 [WRITE] @0x2003f22 ← 0x31 [XOR @0x100085f] MEM[0x2003f23] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f23 ← 0x33 [XOR @0x100085f] MEM[0x2003f24] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f24 ← 0x33 [XOR @0x100085f] MEM[0x2003f25] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f25 ← 0x32 [XOR @0x100085f] MEM[0x2003f26] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f26 ← 0x32 [XOR @0x100085f] MEM[0x2003f27] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f27 ← 0x33 [XOR @0x100085f] MEM[0x2003f28] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f28 ← 0x03 [XOR @0x100085f] MEM[0x2003f29] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f29 ← 0x32 [XOR @0x100085f] MEM[0x2003f2a] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f2a ← 0x32 [XOR @0x100085f] MEM[0x2003f2b] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f2b ← 0x03 [XOR @0x100085f] MEM[0x2003f2c] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f2c ← 0x32 [XOR @0x100085f] MEM[0x2003f2d] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f2d ← 0x31 [XOR @0x100085f] MEM[0x2003f2e] 0x02 ^ AL(0x03) → 0x01 寫入後 MEM = 0x02 [WRITE] @0x2003f2e ← 0x01 [XOR @0x100085f] MEM[0x2003f2f] 0x02 ^ AL(0x32) → 0x30 寫入後 MEM = 0x02 [WRITE] @0x2003f2f ← 0x30 [XOR @0x100085f] MEM[0x2003f30] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f30 ← 0x33 [XOR @0x100085f] MEM[0x2003f31] 0x31 ^ AL(0x03) → 0x32 寫入後 MEM = 0x31 [WRITE] @0x2003f31 ← 0x32 [XOR @0x100085f] MEM[0x2003f32] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f32 ← 0x33 [XOR @0x100085f] MEM[0x2003f33] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f33 ← 0x01 [XOR @0x100085f] MEM[0x2003f34] 0x02 ^ AL(0x01) → 0x03 寫入後 MEM = 0x02 [WRITE] @0x2003f34 ← 0x03 [XOR @0x100085f] MEM[0x2003f35] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f35 ← 0x33 [XOR @0x100085f] MEM[0x2003f36] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f36 ← 0x32 [XOR @0x100085f] MEM[0x2003f37] 0x00 ^ AL(0x32) → 0x32 寫入後 MEM = 0x00 [WRITE] @0x2003f37 ← 0x32 [XOR @0x100085f] MEM[0x2003f38] 0x02 ^ AL(0x33) → 0x31 寫入後 MEM = 0x02 [WRITE] @0x2003f38 ← 0x31 [XOR @0x100085f] MEM[0x2003f39] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f39 ← 0x30 [XOR @0x100085f] MEM[0x2003f3a] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f3a ← 0x30 [XOR @0x100085f] MEM[0x2003f3b] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f3b ← 0x33 [XOR @0x100085f] MEM[0x2003f3c] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f3c ← 0x33 [XOR @0x100085f] MEM[0x2003f3d] 0x30 ^ AL(0x32) → 0x02 寫入後 MEM = 0x30 [WRITE] @0x2003f3d ← 0x02 [XOR @0x100085f] MEM[0x2003f3e] 0x03 ^ AL(0x31) → 0x32 寫入後 MEM = 0x03 [WRITE] @0x2003f3e ← 0x32 [XOR @0x100085f] MEM[0x2003f3f] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f3f ← 0x01 [XOR @0x100085f] MEM[0x2003f40] 0x02 ^ AL(0x30) → 0x32 寫入後 MEM = 0x02 [WRITE] @0x2003f40 ← 0x32 [XOR @0x100085f] MEM[0x2003f41] 0x31 ^ AL(0x33) → 0x02 寫入後 MEM = 0x31 [WRITE] @0x2003f41 ← 0x02 [XOR @0x100085f] MEM[0x2003f42] 0x00 ^ AL(0x33) → 0x33 寫入後 MEM = 0x00 [WRITE] @0x2003f42 ← 0x33 [XOR @0x100085f] MEM[0x2003f43] 0x02 ^ AL(0x02) → 0x00 寫入後 MEM = 0x02 [WRITE] @0x2003f43 ← 0x00 [XOR @0x100085f] MEM[0x2003f44] 0x01 ^ AL(0x32) → 0x33 寫入後 MEM = 0x01 [WRITE] @0x2003f44 ← 0x33 [XOR @0x100085f] MEM[0x2003f45] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f45 ← 0x32 [XOR @0x100085f] MEM[0x2003f46] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f46 ← 0x31 [XOR @0x100085f] MEM[0x2003f47] 0x31 ^ AL(0x02) → 0x33 寫入後 MEM = 0x31 [WRITE] @0x2003f47 ← 0x33 [XOR @0x100085f] MEM[0x2003f48] 0x01 ^ AL(0x33) → 0x32 寫入後 MEM = 0x01 [WRITE] @0x2003f48 ← 0x32 [XOR @0x100085f] MEM[0x2003f49] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f49 ← 0x30 [HOOK MOV] @0x01000654: mov esi, 0x1d [XOR @0x1000668] MEM[0x2003f20] 0x01 ^ AL(0x02) → 0x03 寫入後 MEM = 0x01 [WRITE] @0x2003f20 ← 0x03 [HOOK CMP] @0x0100066e: cmp esi, 0x3b [XOR @0x1000668] MEM[0x2003f21] 0x32 ^ AL(0x32) → 0x00 寫入後 MEM = 0x32 [WRITE] @0x2003f21 ← 0x00 [XOR @0x1000668] MEM[0x2003f22] 0x31 ^ AL(0x01) → 0x30 寫入後 MEM = 0x31 [WRITE] @0x2003f22 ← 0x30 [XOR @0x1000668] MEM[0x2003f23] 0x33 ^ AL(0x32) → 0x01 寫入後 MEM = 0x33 [WRITE] @0x2003f23 ← 0x01 [XOR @0x1000668] MEM[0x2003f24] 0x33 ^ AL(0x02) → 0x31 寫入後 MEM = 0x33 [WRITE] @0x2003f24 ← 0x31 [XOR @0x1000668] MEM[0x2003f25] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f25 ← 0x01 [XOR @0x1000668] MEM[0x2003f26] 0x32 ^ AL(0x00) → 0x32 寫入後 MEM = 0x32 [WRITE] @0x2003f26 ← 0x32 [XOR @0x1000668] MEM[0x2003f27] 0x33 ^ AL(0x33) → 0x00 寫入後 MEM = 0x33 [WRITE] @0x2003f27 ← 0x00 [XOR @0x1000668] MEM[0x2003f28] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f28 ← 0x31 [XOR @0x1000668] MEM[0x2003f29] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f29 ← 0x03 [XOR @0x1000668] MEM[0x2003f2a] 0x32 ^ AL(0x33) → 0x01 寫入後 MEM = 0x32 [WRITE] @0x2003f2a ← 0x01 [XOR @0x1000668] MEM[0x2003f2b] 0x03 ^ AL(0x32) → 0x31 寫入後 MEM = 0x03 [WRITE] @0x2003f2b ← 0x31 [XOR @0x1000668] MEM[0x2003f2c] 0x32 ^ AL(0x30) → 0x02 寫入後 MEM = 0x32 [WRITE] @0x2003f2c ← 0x02 [XOR @0x1000668] MEM[0x2003f2d] 0x31 ^ AL(0x30) → 0x01 寫入後 MEM = 0x31 [WRITE] @0x2003f2d ← 0x01 [XOR @0x1000668] MEM[0x2003f2e] 0x01 ^ AL(0x31) → 0x30 寫入後 MEM = 0x01 [WRITE] @0x2003f2e ← 0x30 [XOR @0x1000668] MEM[0x2003f2f] 0x30 ^ AL(0x03) → 0x33 寫入後 MEM = 0x30 [WRITE] @0x2003f2f ← 0x33 [XOR @0x1000668] MEM[0x2003f30] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f30 ← 0x32 [XOR @0x1000668] MEM[0x2003f31] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f31 ← 0x33 [XOR @0x1000668] MEM[0x2003f32] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f32 ← 0x30 [XOR @0x1000668] MEM[0x2003f33] 0x01 ^ AL(0x00) → 0x01 寫入後 MEM = 0x01 [WRITE] @0x2003f33 ← 0x01 [XOR @0x1000668] MEM[0x2003f34] 0x03 ^ AL(0x30) → 0x33 寫入後 MEM = 0x03 [WRITE] @0x2003f34 ← 0x33 [XOR @0x1000668] MEM[0x2003f35] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f35 ← 0x32 [XOR @0x1000668] MEM[0x2003f36] 0x32 ^ AL(0x31) → 0x03 寫入後 MEM = 0x32 [WRITE] @0x2003f36 ← 0x03 [XOR @0x1000668] MEM[0x2003f37] 0x32 ^ AL(0x01) → 0x33 寫入後 MEM = 0x32 [WRITE] @0x2003f37 ← 0x33 [XOR @0x1000668] MEM[0x2003f38] 0x31 ^ AL(0x32) → 0x03 寫入後 MEM = 0x31 [WRITE] @0x2003f38 ← 0x03 [XOR @0x1000668] MEM[0x2003f39] 0x30 ^ AL(0x00) → 0x30 寫入後 MEM = 0x30 [WRITE] @0x2003f39 ← 0x30 [XOR @0x1000668] MEM[0x2003f3a] 0x30 ^ AL(0x31) → 0x01 寫入後 MEM = 0x30 [WRITE] @0x2003f3a ← 0x01 [XOR @0x1000668] MEM[0x2003f3b] 0x33 ^ AL(0x03) → 0x30 寫入後 MEM = 0x33 [WRITE] @0x2003f3b ← 0x30 [XOR @0x1000668] MEM[0x2003f3c] 0x33 ^ AL(0x01) → 0x32 寫入後 MEM = 0x33 [WRITE] @0x2003f3c ← 0x32 [XOR @0x1000668] MEM[0x2003f3d] 0x02 ^ AL(0x31) → 0x33 寫入後 MEM = 0x02 [WRITE] @0x2003f3d ← 0x33 [HOOK MOV] @0x01000675: mov esi, 0x11 [WRITE] @0x2003f04 ← 0x11 [WRITE] @0x2003f00 ← 0x407068

根據以上可以總結

每次eip 會有0xaa 到0xbb的變動長度進行xor，進行的方式為
1
2
for i in range(0xbb):
flag[i] = flag[i] ^ f[(0xaa + i)%47]
結束後將eip更新
其中有一段特別的XOR加密，是從0x0d + i 的數值去做xor加密
1
2
for i in range(0xbb):
flag[i] = flag[i] ^ 0x0d+i

??? note “special case”
[WRITE] @0x2003f1c ← 0x0d [WRITE] @0x2003f20 ← 0x32 [WRITE] @0x2003f1c ← 0x0e [WRITE] @0x2003f21 ← 0x02 [WRITE] @0x2003f1c ← 0x0f [WRITE] @0x2003f22 ← 0x30 [WRITE] @0x2003f1c ← 0x10 [WRITE] @0x2003f23 ← 0x00 [WRITE] @0x2003f1c ← 0x11 [WRITE] @0x2003f24 ← 0x01 [WRITE] @0x2003f1c ← 0x12 [WRITE] @0x2003f25 ← 0x02 [WRITE] @0x2003f1c ← 0x13 [WRITE] @0x2003f26 ← 0x30 [WRITE] @0x2003f1c ← 0x14 [WRITE] @0x2003f27 ← 0x03 [WRITE] @0x2003f1c ← 0x15 [WRITE] @0x2003f28 ← 0x02 [WRITE] @0x2003f1c ← 0x16 [WRITE] @0x2003f29 ← 0x00 [WRITE] @0x2003f1c ← 0x17 [WRITE] @0x2003f2a ← 0x33 [WRITE] @0x2003f1c ← 0x18 [WRITE] @0x2003f2b ← 0x03 [WRITE] @0x2003f1c ← 0x19 [WRITE] @0x2003f2c ← 0x31 [WRITE] @0x2003f1c ← 0x1a [WRITE] @0x2003f2d ← 0x30 [WRITE] @0x2003f1c ← 0x1b

剩下的也是進行第一點的加密方式

綜合以上可以寫出下面的解密script

step = [
    (0x28,0x51),(0x20,0x41),(0x18,0x31),(0x24,0x49),(0x1d,0x3b),(0x12,0x25),
    (0x0d,0x1b),(0x24,0x49),(0x0b,0x17),(0x1d,0x3b),(0x18,0x31),(0x1f,0x3f),
    (0x15,0x2b),(0x0e,0x1d),(0x2a,0x55),(0x14,0x29),(0x0b,0x17),(0x06,0x0d),
    (0x1a,0x35),(0x18,0x31),(0x18,0x31),(0x1d,0x3b),(0x1d,0x3b),(0x0e,0x1d),
    (0x03,0x07),(0x18,0x31),(0x08,0x11),(0x08,0x11),(0x29,0x53),(0x0b,0x17),
    (0x0d,0x1b),(0x12,0x25),(0x0e,0x1d),(0x19,0x33),(0x02,0x05),(0x17,0x2f),
    (0x11,0x23),(0x28,0x51),(0x11,0x23),(0x04,0x09),(0x15,0x2b),(0x16,0x2d),
    (0x2b,0x57),(0x20,0x41),(0x13,0x27),(0x0c,0x19),(0x2d,0x5b),(0x24,0x49),
    (0x23,0x47),(0x16,0x2d),(0x2b,0x57),(0x18,0x31),(0x1b,0x37),(0x08,0x11),
    (0x06,0x0d),(0x13,0x27),(0x26,0x4d),(0x15,0x2b),(0x1d,0x3b),(0x16,0x2d),
    (0x04,0x09),(0x02,0x05),(0x0a,0x15),(0x09,0x13),(0x24,0x49),(0x2c,0x59),
    (0x02,0x05),(0x11,0x23),(0x0f,0x1f),(0x22,0x45),(0x02,0x05),(0x14,0x29),
    (0x0d,0x1b),(0x26,0x4d),(0x09,0x13),(0x27,0x4f),(0x1a,0x35),(0x21,0x43),
    (0x2a,0x55),(0x13,0x27),(0x2e,0x5d),(0x18,0x31)
]

step2 = [
    (0x29, 0x53),
    (0x1d, 0x3b)
]

cipher_bytes = bytes([
    0x5a,0x60,0x61,0x0f,0x08,0x29,0x42,0x32,0x25,0x23,0x42,0x68,0x4b,0x41,
    0x63,0x55,0x37,0x43,0x6a,0x50,0x40,0x6f,0x2e,0x66,0x49,0x7f,0x09,0x66,
    0x79,0x7c,0x37,0x18,0x5d,0x35,0x46,0x41,0x37,0x0f,0x19,0x1c,0x30,0x79,
    0x29,0x69,0x0a,0x46,0x3b
])

def decrypt(first: int, length: int, data: bytearray) -> None:
    now = first
    for i in range(length - 1, -1, -1):
        j = (now + i) % 47
        data[i] ^= data[j]

def undo_xor_segment(data: bytearray) -> None:
    for k in range((0x1b - 0x0d) - 1, -1, -1):
        data[k] ^= data[k + 0x0d]

def main():
    buf = bytearray(cipher_bytes)

    for a, b in reversed(step2):
        decrypt(a, b - a, buf)

    undo_xor_segment(buf)

    for a, b in reversed(step):
        decrypt(a, b - a, buf)

    print(buf)

if __name__ == "__main__":
    main()

unicorn1

:flags:AIS3{UniCorn_2.1.3_fk_s1ow_BUT_this_chal_cool?}

AntiDbg++++

賽後解