腾讯管家攻防驱动分析-TsDefenseBt

2024年1月10日发(作者：)

360FixSvc3600FixSvc360SFixSvcFix360SafeServiceSafeFix360XFixSvcFix360Service360FixService360FixSafeFixSafeServiceRepairSafezage360csvcsFix360Fixcsvcs360ServiceFixs360SafeFixService360SafeFixOk360Fix360Safe360Fix360trayFix360trayService360Fix360trayService360Fix360trayServices360Fix360trayServicess360Fix360trayFix360trayFixService360trayFixsSvc360trayFixsSvcx360trayRunFix360trayRunFixs360traysRunFix360sRunFix360ssxxaRunFix360stxaFixFixSafe360FixsvcSafe360FixsvcServiceSafe360FixServiceSafe360taryFixSafe360taryServices505Fix360Safe505360Saferepair505505repairsaferepairrepairtrayrepair360startrepSoS360SafeS0S360Safe360Sos36OSosSafe36OOKS0SSafe360OKS0SSafe3600KSOSSafe36O0OKSOSafe36000KSOSSafe36000OKSOSSafe36O00OKSOSSafe36O00OsKSOSSafe36O0OOKSOSSafe36O00OsKSOSSafe3605050Safe36OSOSFixSafe删除baidu注册表项

roid PC

__except(0) { Attached = FALSE; } InitializeObjectAttributes(&Oa,&FullPath,OBJ_KERNEL_HANDLE,NULL,NULL); if(NT_SUCCESS(ZwOpenFile(&FileHandle, SYNCHRONIZE | FILE_READ_ATTRIBUTES, &Oa, &Ios, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE))) ObReferenceObjectByHandle(FileHandle, 0, *IoFileObjectType, KernelMode, (PVOID*)&FileObject, NULL); } if(Attached) KeDetachProcess(); if(FileHandle) { ZwClose(FileHandle); FileHandle = NULL; } if(Process) { ObDereferenceObject(Process); Process = NULL; } if(Buffer) ExFreePool(Buffer); return FileObject;}4.2 由线程句柄获取进程对象PEPROCESS GetProcessObjectFromThreadHandle(HANDLE ThreadHandle){ PETHREAD Thread = NULL; PEPROCESS Process = NULL; if(ThreadHandle) { if(NT_SUCCESS(ObReferenceObjectByHandle(ThreadHandle, 0, *PsThreadType,

IsKernelHandle(ThreadHandle)?KernelMode:UserMode, (PVOID*)&Thread, NULL))) { Process = IoThreadToProcess(Thread); ObDereferenceObject(Thread); } } return Process;}4.3 由线程对象获取进程Id

{0x00,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x01,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x02,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x03,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x04,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x05,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x06,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x07,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x08,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x09,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x0a,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x0b,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x0c,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x0d,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x0e,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x0f,0x03,0x03,0x02,0x00,0x00,0x00,}, {0x10,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x11,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x12,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x13,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x14,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x15,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x16,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x17,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x18,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x19,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x1a,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x1b,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x1c,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x1d,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x1e,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x1f,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x20,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x21,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x22,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x23,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x24,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x25,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x26,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x27,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x28,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x29,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x2a,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x2b,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x2c,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x2d,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x2e,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x2f,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x30,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x31,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x32,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x33,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x34,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x35,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x36,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x37,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x38,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x39,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x3a,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x3b,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x3c,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x3d,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x3e,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x3f,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x40,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x41,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x42,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x43,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x44,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x45,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x46,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x47,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x48,0x02,0x02,0x01,0x00,0x00,0x00,},

{0x49,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x4a,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x4b,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x4c,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x4d,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x4e,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x4f,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x50,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x51,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x52,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x53,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x54,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x55,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x56,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x57,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x58,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x59,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x5a,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x5b,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x5c,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x5d,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x5e,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x5f,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x60,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x61,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x62,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x63,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x64,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x65,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x66,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x67,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x68,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x69,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x6a,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x6b,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x6c,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x6d,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x6e,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x6f,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x70,0x03,0x03,0x01,0x00,0x01,0x00,}, {0x71,0x03,0x03,0x01,0x00,0x01,0x00,}, {0x72,0x03,0x03,0x01,0x00,0x01,0x00,}, {0x73,0x03,0x03,0x01,0x00,0x01,0x00,}, {0x74,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x75,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x76,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x77,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x78,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x79,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x7a,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x7b,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x7c,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x7d,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x7e,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x7f,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x80,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x81,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x82,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x83,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x84,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x85,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x86,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x87,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x88,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x89,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x8a,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x8b,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x8c,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x8d,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x8e,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x8f,0x05,0x03,0x00,0x01,0x00,0x00,}, {0x90,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x91,0x02,0x02,0x01,0x00,0x00,0x00,},

{0x91,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x92,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x93,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x94,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x95,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x96,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x97,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x98,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x99,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x9a,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x9b,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x9c,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x9d,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x9e,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x9f,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xa0,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xa1,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xa2,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xa3,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xa4,0x03,0x03,0x01,0x00,0x01,0x00,}, {0xa5,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xa6,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xa7,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xa8,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xa9,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xaa,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xab,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xac,0x03,0x03,0x01,0x00,0x01,0x00,}, {0xad,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xae,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xaf,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xb0,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xb1,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xb2,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xb3,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xb4,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xb5,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xb6,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xb7,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xb8,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xb9,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xba,0x03,0x03,0x01,0x00,0x01,0x00,}, {0xbb,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xbc,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xbd,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xbe,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xbf,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xc0,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xc1,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xc2,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xc3,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xc4,0x03,0x03,0x01,0x00,0x01,0x00,}, {0xc5,0x03,0x03,0x01,0x00,0x01,0x00,}, {0xc6,0x03,0x03,0x01,0x00,0x01,0x00,}, {0xc7,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xc8,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xc9,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xca,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xcb,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xcc,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xcd,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xce,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xcf,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xd0,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xd1,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xd2,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xd3,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xd4,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xd5,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xd6,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xd7,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xd8,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xd9,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xda,0x02,0x02,0x01,0x00,0x00,0x00,},

{0xda,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xdb,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xdc,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xdd,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xde,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xdf,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xe0,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xe1,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xe2,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xe3,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xe4,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xe5,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xe6,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xe7,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xe8,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xe9,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xea,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xeb,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xec,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xed,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xee,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xef,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xf0,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xf1,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xf2,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xf3,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xf4,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xf5,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xf6,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xf7,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xf8,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xf9,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xfa,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xfb,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xfc,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xfd,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xfe,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xff,0x01,0x01,0x00,0x00,0x00,0x00,}, }; unsigned long decode2[256][7]= { {0x00,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x01,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x02,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x03,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x04,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x05,0x05,0x03,0x00,0x00,0x00,0x00,}, {0x06,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x07,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x08,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x09,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x0a,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x0b,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x0c,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x0d,0x05,0x03,0x00,0x00,0x00,0x00,}, {0x0e,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x0f,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x10,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x11,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x12,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x13,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x14,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x15,0x05,0x03,0x00,0x00,0x00,0x00,}, {0x16,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x17,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x18,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x19,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x1a,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x1b,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x1c,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x1d,0x05,0x03,0x00,0x00,0x00,0x00,}, {0x1e,0x01,0x01,0x00,0x00,0x00,0x00,},

{0x1f,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x20,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x21,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x22,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x23,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x24,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x25,0x05,0x03,0x00,0x00,0x00,0x00,}, {0x26,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x27,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x28,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x29,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x2a,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x2b,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x2c,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x2d,0x05,0x03,0x00,0x00,0x00,0x00,}, {0x2e,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x2f,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x30,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x31,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x32,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x33,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x34,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x35,0x05,0x03,0x00,0x00,0x00,0x00,}, {0x36,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x37,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x38,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x39,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x3a,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x3b,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x3c,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x3d,0x05,0x03,0x00,0x00,0x00,0x00,}, {0x3e,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x3f,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x40,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x41,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x42,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x43,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x44,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x45,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x46,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x47,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x48,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x49,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x4a,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x4b,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x4c,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x4d,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x4e,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x4f,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x50,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x51,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x52,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x53,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x54,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x55,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x56,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x57,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x58,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x59,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x5a,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x5b,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x5c,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x5d,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x5e,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x5f,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x60,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x61,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x62,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x63,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x64,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x65,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x66,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x67,0x01,0x01,0x00,0x00,0x00,0x00,},

{0x67,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x68,0x05,0x03,0x00,0x00,0x00,0x00,}, {0x69,0x06,0x04,0x01,0x00,0x04,0x00,}, {0x6a,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x6b,0x03,0x03,0x01,0x00,0x01,0x00,}, {0x6c,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x6d,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x6e,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x6f,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x70,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x71,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x72,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x73,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x74,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x75,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x76,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x77,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x78,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x79,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x7a,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x7b,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x7c,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x7d,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x7e,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x7f,0x02,0x02,0x00,0x01,0x00,0x00,}, {0x80,0x03,0x03,0x01,0x00,0x01,0x00,}, {0x81,0x06,0x04,0x01,0x00,0x04,0x00,}, {0x82,0x02,0x02,0x00,0x00,0x00,0x00,}, {0x83,0x03,0x03,0x01,0x00,0x01,0x00,}, {0x84,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x85,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x86,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x87,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x88,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x89,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x8a,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x8b,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x8c,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x8d,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x8e,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x8f,0x02,0x02,0x01,0x00,0x00,0x00,}, {0x90,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x91,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x92,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x93,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x94,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x95,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x96,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x97,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x98,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x99,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x9a,0x07,0x05,0x00,0x00,0x00,0x01,}, {0x9b,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x9c,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x9d,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x9e,0x01,0x01,0x00,0x00,0x00,0x00,}, {0x9f,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xa0,0x05,0x03,0x00,0x00,0x00,0x02,}, {0xa1,0x05,0x03,0x00,0x00,0x00,0x02,}, {0xa2,0x05,0x03,0x00,0x00,0x00,0x02,}, {0xa3,0x05,0x03,0x00,0x00,0x00,0x02,}, {0xa4,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xa5,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xa6,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xa7,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xa8,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xa9,0x05,0x03,0x00,0x00,0x00,0x00,}, {0xaa,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xab,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xac,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xad,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xae,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xaf,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xb0,0x02,0x02,0x00,0x00,0x00,0x00,},

{0xb0,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xb1,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xb2,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xb3,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xb4,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xb5,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xb6,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xb7,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xb8,0x05,0x03,0x00,0x00,0x00,0x08,}, {0xb9,0x05,0x03,0x00,0x00,0x00,0x00,}, {0xba,0x05,0x03,0x00,0x00,0x00,0x00,}, {0xbb,0x05,0x03,0x00,0x00,0x00,0x00,}, {0xbc,0x05,0x03,0x00,0x00,0x00,0x00,}, {0xbd,0x05,0x03,0x00,0x00,0x00,0x00,}, {0xbe,0x05,0x03,0x00,0x00,0x00,0x00,}, {0xbf,0x05,0x03,0x00,0x00,0x00,0x00,}, {0xc0,0x03,0x03,0x01,0x00,0x01,0x00,}, {0xc1,0x03,0x03,0x01,0x00,0x01,0x00,}, {0xc2,0x03,0x03,0x00,0x00,0x00,0x00,}, {0xc3,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xc4,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xc5,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xc6,0x03,0x03,0x01,0x00,0x01,0x00,}, {0xc7,0x06,0x04,0x01,0x00,0x04,0x00,}, {0xc8,0x04,0x04,0x00,0x00,0x00,0x00,}, {0xc9,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xca,0x03,0x03,0x00,0x00,0x00,0x01,}, {0xcb,0x01,0x01,0x00,0x00,0x00,0x01,}, {0xcc,0x01,0x01,0x00,0x00,0x00,0x01,}, {0xcd,0x02,0x02,0x00,0x00,0x00,0x01,}, {0xce,0x01,0x01,0x00,0x00,0x00,0x01,}, {0xcf,0x01,0x01,0x00,0x00,0x00,0x01,}, {0xd0,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xd1,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xd2,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xd3,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xd4,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xd5,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xd6,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xd7,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xd8,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xd9,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xda,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xdb,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xdc,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xdd,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xde,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xdf,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xe0,0x02,0x02,0x00,0x01,0x00,0x04,}, {0xe1,0x02,0x02,0x00,0x01,0x00,0x04,}, {0xe2,0x02,0x02,0x00,0x01,0x00,0x04,}, {0xe3,0x02,0x02,0x00,0x01,0x00,0x00,}, {0xe4,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xe5,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xe6,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xe7,0x02,0x02,0x00,0x00,0x00,0x00,}, {0xe8,0x05,0x03,0x00,0x01,0x00,0x00,}, {0xe9,0x05,0x03,0x00,0x01,0x00,0x00,}, {0xea,0x07,0x05,0x00,0x00,0x00,0x01,}, {0xeb,0x02,0x02,0x00,0x01,0x00,0x00,}, {0xec,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xed,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xee,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xef,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xf0,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xf1,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xf2,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xf3,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xf4,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xf5,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xf6,0x00,0x00,0x00,0x00,0x00,0x00,}, {0xf7,0x00,0x00,0x00,0x00,0x00,0x00,}, {0xf8,0x01,0x01,0x00,0x00,0x00,0x00,},

{0xf9,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xfa,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xfb,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xfc,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xfd,0x01,0x01,0x00,0x00,0x00,0x00,}, {0xfe,0x02,0x02,0x01,0x00,0x00,0x00,}, {0xff,0x02,0x02,0x01,0x00,0x00,0x00,}, }; unsigned char decode3[256]= { 0x00,0x00,0x00,0x00,0x11,0x24,0x00,0x00,0x00,0x00,0x00,0x00,0x11,0x24,0x00,0x00, 0x00,0x00,0x00,0x00,0x11,0x24,0x00,0x00,0x00,0x00,0x00,0x00,0x11,0x24,0x00,0x00, 0x00,0x00,0x00,0x00,0x11,0x24,0x00,0x00,0x00,0x00,0x00,0x00,0x11,0x24,0x00,0x00, 0x00,0x00,0x00,0x00,0x11,0x24,0x00,0x00,0x00,0x00,0x00,0x00,0x11,0x24,0x00,0x00, 0x01,0x01,0x01,0x01,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x02,0x01,0x01,0x01, 0x01,0x01,0x01,0x01,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x02,0x01,0x01,0x01, 0x01,0x01,0x01,0x01,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x02,0x01,0x01,0x01, 0x01,0x01,0x01,0x01,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x02,0x01,0x01,0x01, 0x04,0x04,0x04,0x04,0x05,0x04,0x04,0x04,0x04,0x04,0x04,0x04,0x05,0x04,0x04,0x04, 0x04,0x04,0x04,0x04,0x05,0x04,0x04,0x04,0x04,0x04,0x04,0x04,0x05,0x04,0x04,0x04, 0x04,0x04,0x04,0x04,0x05,0x04,0x04,0x04,0x04,0x04,0x04,0x04,0x05,0x04,0x04,0x04, 0x04,0x04,0x04,0x04,0x05,0x04,0x04,0x04,0x04,0x04,0x04,0x04,0x05,0x04,0x04,0x04, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, }; unsigned char* ptr = bytecode; unsigned long len = 0,var2 = 0,var3 = 0, decodel[7]={0}; unsigned long* pdecode = 0; switch(*ptr) { case 0xF: ptr++; len = 1; pdecode = &decode1[*ptr][0]; break; case 0x26: case 0x2E: case 0x36: case 0x3E: case 0x64: case 0x65: len = 1; ptr++; break; case 0x66: len = 1; var3 = 1; ptr++; break; case 0x67: len = 1; var2 = 1; ptr++; break; case 0xF0: case 0xF2: case 0xF3: len = 1; ptr++; break; case 0xF6: decodel[0] = 0xF6; if(*(ptr+1) & 0x38) { decodel[1] = 2; decodel[2] = 2; decodel[3] = 1; decodel[5] = 0;

decodel[5] = 0; } else { decodel[1] = 3; decodel[2] = 3; decodel[3] = 1; decodel[5] = 1; } pdecode = decodel; break; case 0xF7: decodel[0] = 0xF6; decodel[3] = 1; if(*(ptr+1) & 0x38) { decodel[1] = 6; decodel[2] = 4; decodel[5] = 4; } else { decodel[1] = 2; decodel[2] = 2; decodel[5] = 0; } pdecode = decodel; break; default: break; } if(!pdecode) pdecode = decode2[*ptr]; if(pdecode[6] & 2) { if(var2 == 0) len += pdecode[1]; else len += pdecode[2]; } else { if(var3 == 0) len += pdecode[1]; else len += pdecode[2]; } if(pdecode[3]) { unsigned char var4 = ptr[pdecode[3]]; len += decode3[var4] & 0xF; if((decode3[var4] & 0x10) && (ptr[pdecode[3] + 1] & 7) == 5) { switch(var4 & 0xC0) { case 0x40: len++; break; case 0x00: case 0x80: len += 4; break; default: break; } } } return len;}