未完成的DNF外挂代码。

push ebp
mov ebp, esp
push ecx
push esi
mov esi, ecx
call 004E1550
lea ecx, dword ptr [esi+9C]
call 00A45680
push eax
lea ecx, dword ptr [esi+2668]
call 009CC840
test al, al
je short 0076E8F1
mov eax, dword ptr [esi]
mov ecx, esi
call dword ptr [eax+34C]
test eax, eax
je short 0076E8F1
mov edx, dword ptr [esi]
push 0
mov ecx, esi
call dword ptr [edx+340]
cmp dword ptr [esi+152C], 8
jnz 0076EA36
push edi
lea ecx, dword ptr [esi+1760]
call 00A52920
sub eax, 0
je 0076EA6C
dec eax
jnz 0076EA35
mov al, byte ptr [esi+267C]
test al, al
je 0076EA3B
mov eax, dword ptr [esi+100]
cmp dword ptr [eax+118], 6
jl 0076EA35
mov edi, dword ptr [esi]
push 1
push 0
push 0
push 0
push 0
push 0
push 0
push 0
push 1
mov ecx, esi
mov byte ptr [esi+267C], 0
call dword ptr [edi+380]
push eax
push 1
mov ecx, esi
call dword ptr [edi+F8]
mov ecx, esi
call 0048ABF0
test al, al
je 0076EA35
mov edx, dword ptr [esi]
push ebx
push 4F
mov ecx, esi
call dword ptr [edx+6AC]
mov ebx, eax
mov eax, dword ptr [esi]
push 4F
mov ecx, esi
call dword ptr [eax+6B0]
mov edx, dword ptr [esi]
push 0
push CE3424
push CD60B0
push 0
mov ecx, esi
mov dword ptr [ebp-4], eax
call dword ptr [edx+34C]
push eax
call 00A6C23D
add esp, 14
test ebx, ebx
mov edi, eax
je short 0076EA34
test edi, edi
je short 0076EA34
mov eax, dword ptr [edi]
push 0
mov ecx, edi
call dword ptr [eax+1C8]
mov ecx, dword ptr [ebp-4]
push eax
push edi
push ecx

push C
mov ecx, ebx
call 004B4540
mov edx, dword ptr [esi]
push C01684
mov ecx, esi
mov edi, eax
call dword ptr [edx+2B8]
push edi
mov ecx, CD579C
mov ebx, eax
mov dword ptr [CD57A4], 0
call 004C8C90
mov ecx, dword ptr [CD57A0]
mov edx, dword ptr [CD57A4]
push 0
push 0
mov eax, dword ptr [esi]
push ecx
push edx
push 0
push 4
push A
push 0
push 1E
push 0
push ebx
push 0
push XXXX  --  技能代码  隐藏处理

mov ecx, esi
call dword ptr [eax+2B0]
pop ebx
pop edi
pop esi
mov esp, ebp
pop ebp

SHELLCODE--->ASM
MODIFY
ASM->SHELLCODE

IF TOO SMALL THEN
ENCODE
DENCODE
ELSE
CODEINJECTOR
END IF