'[Full-disclosure] WPS Office Wpsio.dll Stack Buffer Overflow Vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] WPS Office Wpsio.dll Stack Buffer Overflow Vulnerability
From:       zhangjiantao <zhangjiantao () dptechnology ! net>
Date:       2013-04-27 2:46:23
Message-ID: 201304271046227662344 () dptechnology ! net
[Download RAW message or body]

[Attachment #2 (multipart/related)]

[Attachment #4 (multipart/alternative)]

[Attachment #6 (text/plain)]

WPS Office Wpsio.dll Stack Buffer Overflow Vulnerability

1 Summary
CVE number: CVE-2012-4886
Impact: High
Vendor homepage: http://www.wps.cn
Credit: Zhangjiantao of Hangzhou DPtech Technologies
2 Affected Prodects
Affected Version: http://wdl.cache.ijinshan.com/wps/download/special/WPS2012.12012.exe
The WPS office is a free desktop office suite (compatible with Microsoft office),popular in \
China.  
3 Vulnerability Details
In module wpsio.dll, a BSTR string stored in the file is copied to the stack buffer, without \
strict length inspection, leading to a stack buffer overflow.  This sample exploit this issue \
to cover an object stored in the stack, leading to crash during the virtual function call. \
Successfully exploited this vulnerability will lead to arbitrary code execution.  
4 Crash info
crash info:
(b70.eb8): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0012c0a4 ebx=770f4b39 ecx=90909090 edx=0012be00 esi=0012c0a4 edi=0018bd54
eip=45e25208 esp=0012bdec ebp=0012bdf8 iopl=0  nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246
wpsio!TxExport+0x37b1:
45e25208 ff5114  call    dword ptr [ecx+14h] ds:0023:909090a4=????????
 
module info:
start    end        module name
45e00000 4606f000   wpsio      (export symbols)       C:\Program Files\Kingsoft\WPS Office \
Personal\office6\wpsio.dll  Loaded symbol image file: C:\Program Files\Kingsoft\WPS Office \
Personal\office6\wpsio.dll  Image path: C:\Program Files\Kingsoft\WPS Office \
Personal\office6\wpsio.dll  Image name: wpsio.dll
    Timestamp:        Mon May 28 04:10:12 2012 (4FC28A24)
    CheckSum:         0026D933
    ImageSize:        0026F000
    File version:     8.1.0.3238
    Product version:  8.1.0.3238
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        0.0 Unknown
    File date:        00000000.00000000
    Translations:     0000.04b0
    CompanyName:      Zhuhai Kingsoft Office-software Co.,Ltd
    ProductName:      Kingsoft Office
    InternalName:     wpsio
    OriginalFilename: wpsio.dll
    ProductVersion:   8,1,0,3238
    FileVersion:      8,1,0,3238
    FileDescription:  wpsio
    LegalCopyright:   Copyright �1988-2011 Kingsoft Corporation.  All rights reserved.
 
5 Analysis
In sub_45E2CC84:
 
.text:45E2CC84 var_210         = byte ptr -210h ;buffer size 0x200
.text:45E2CC84 var_4           = dword ptr -4
 
 
.text:45E2CDB3                 push    [ebp+Src]       ; BSTR
.text:45E2CDB9                 call    esi ; SysStringLen
.text:45E2CDBB                 mov     [ebp+var_244], eax
.text:45E2CDC1                 add     eax, eax        ;size is 0x170
.text:45E2CDC3                 push    eax             ; Size
.text:45E2CDC4                 push    [ebp+Src]       ; Src
.text:45E2CDCA                 lea     eax, [ebp+var_210]
.text:45E2CDD0                 push    eax             ; Dst
.text:45E2CDD1                 call    memcpy
 
First time,copy 0x170 bytes to buffer var_210.
 
.text:45E2CE16                 push    edi             ; BSTR
.text:45E2CE17                 mov     [ebp+var_234], ax
.text:45E2CE1E                 call    esi ; SysStringLen
.text:45E2CE20                 add     eax, eax
.text:45E2CE22                 push    eax             ; Size
.text:45E2CE23                 movzx   eax, [ebp+var_234] ;length
.text:45E2CE2A                 lea     eax, [ebp+eax*2+var_210]
.text:45E2CE31                 push    edi             ; Src
.text:45E2CE32                 push    eax             ; Dst
.text:45E2CE33                 call    memcpy
 
Second time,copy the same string, placed after the first string. var_234 is the length of the \
string. Total copy 0x2e0 bytes. After copy,return address and SEH record has been overwritten.
 
0:000> k
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
0012c070 90909090 wpsio!TxExport+0xb3e1
0012c148 45e2a113 0x90909090
 
0:000> !exchain
0012c064: 90909090
Invalid exception stack at 90909090
 
The source data of memcpy is from the file poc.wps,offset 0x41d7.

 
6 Exploit
As described above, using a suitable data overwrite SEH record or return address, eip is \
controllable. So,We think this is a security vulnerability.





zhangjiantao
Hangzhou DPtech Technologies Co., Ltd.
http://www.dptechnology.net


[Attachment #7 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns:o = "urn:schemas-microsoft-com:office:office"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<STYLE>
BLOCKQUOTE {
	MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; MARGIN-LEFT: 2em
}
OL {
	MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
UL {
	MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
P {
	MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
BODY {
	FONT-SIZE: 10.5pt; COLOR: #000000; LINE-HEIGHT: 1.5; FONT-FAMILY: &#23435; 20307: 
}
</STYLE>

<META content="MSHTML 6.00.2900.5726" name=GENERATOR></HEAD>
<BODY style="MARGIN: 10px">
<DIV>
<DIV align=center>
<DIV align=center>
<TABLE class=MsoNormalTable 
style="mso-yfti-tbllook: 1184; mso-padding-alt: 1.5pt 1.5pt 1.5pt 1.5pt; mso-cellspacing: 0cm; \
mso-table-layout-alt: fixed"  cellSpacing=0 cellPadding=0 width="98%" border=0>
  <TBODY>
  <TR style="HEIGHT: 22.5pt; mso-yfti-irow: 0; mso-yfti-firstrow: yes">
    <TD 
    style="BORDER-RIGHT: #ece9d8; PADDING-RIGHT: 1.5pt; BORDER-TOP: #ece9d8; PADDING-LEFT: \
1.5pt; PADDING-BOTTOM: 1.5pt; BORDER-LEFT: #ece9d8; WIDTH: 100%; PADDING-TOP: 1.5pt; \
BORDER-BOTTOM: #ece9d8; HEIGHT: 22.5pt; BACKGROUND-COLOR: transparent"   width="100%">
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan" 
      align=left><B><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: \
                宋体; mso-font-kerning: 0pt">WPS 
      Office Wpsio.dll Stack Buffer Overflow </SPAN></B><B><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; BACKGROUND: white; FONT-FAMILY: \
'Verdana','sans-serif'">Vulnerability</SPAN></B><SPAN   lang=EN-US 
      style="FONT-SIZE: 12pt; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: \
宋体; mso-font-kerning: 0pt"><o:p></o:p></SPAN></P></TD></TR>  <TR style="mso-yfti-irow: 4; \
mso-yfti-lastrow: yes">  <TD 
    style="BORDER-RIGHT: #ece9d8; PADDING-RIGHT: 1.5pt; BORDER-TOP: #ece9d8; PADDING-LEFT: \
1.5pt; PADDING-BOTTOM: 1.5pt; BORDER-LEFT: #ece9d8; WIDTH: 100%; PADDING-TOP: 1.5pt; \
BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent"   width="100%">
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; \
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"></SPAN>&nbsp;</P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; \
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-outline-level: 3"   \
                align=left><B><SPAN lang=EN-US 
      style="FONT-SIZE: 13.5pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; \
mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">1   \
Summary<o:p></o:p></SPAN></B></P><PRE><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; COLOR: black; \
FONT-FAMILY: 'Verdana','sans-serif'">CVE number: \
CVE-2012-4886<o:p></o:p></SPAN></PRE><PRE><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; COLOR: \
black; FONT-FAMILY: 'Verdana','sans-serif'">Impact: High<o:p></o:p></SPAN></PRE><PRE><SPAN \
lang=EN-US style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'">Vendor \
homepage: http://www.wps.cn</SPAN><o:p></o:p></SPAN></PRE><PRE><SPAN lang=EN-US \
style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'">Credit: \
Zhangjiantao of </SPAN><SPAN lang=EN-US style="FONT-SIZE: 10pt; BACKGROUND: white; COLOR: \
black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: Arial">Hangzhou DPtech \
Technologies</SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; COLOR: black; FONT-FAMILY: \
'Verdana','sans-serif'"><o:p></o:p></SPAN></PRE>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; \
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-outline-level: 3"   \
                align=left><B><SPAN lang=EN-US 
      style="FONT-SIZE: 13.5pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; \
mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">2&nbsp;Affected   Prodects</SPAN></B><SPAN \
                lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><BR>Affected   Version: 
      http://wdl.cache.ijinshan.com/wps/download/special/WPS2012.12012.exe<o:p></o:p></SPAN></P>
  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; \
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">The 
      WPS office is a free desktop office suite (compatible with Microsoft 
      office),popular in China.</SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; \
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><o:p></o:p></SPAN>&nbsp;</P>  <P \
                class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; \
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-outline-level: 3"   \
                align=left><B><SPAN lang=EN-US 
      style="FONT-SIZE: 13.5pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; \
mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">3&nbsp;Vulnerability   \
Details<o:p></o:p></SPAN></B></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; \
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">In 
      module wpsio.dll, a BSTR string stored in the file is copied to the stack 
      buffer, without strict length inspection, leading to a stack buffer 
      overflow. <SPAN style="mso-spacerun: yes">&nbsp;</SPAN>This sample exploit 
      this issue to cover an object stored in the stack, leading to crash during 
      the virtual function call.</SPAN><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-size: 10.5pt"> 
      Successfully exploited this vulnerability will lead to arbitrary code 
      execution.</SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; \
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-size: \
10.5pt"></SPAN><SPAN   lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><o:p></o:p></SPAN>&nbsp;</P>  <P \
                class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; \
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-outline-level: 3"   \
                align=left><B><SPAN lang=EN-US 
      style="FONT-SIZE: 13.5pt; COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; \
mso-bidi-font-family: 宋体; mso-font-kerning: 0pt">4&nbsp;Crash   \
info<o:p></o:p></SPAN></B></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">crash   info:<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">(b70.eb8): 
      Access violation - code c0000005 (first chance)<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">First   chance exceptions are reported \
before any exception   handling.<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">This   exception may be expected and \
handled.<o:p></o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">eax=0012c0a4   ebx=770f4b39 ecx=90909090 \
edx=0012be00 esi=0012c0a4   edi=0018bd54<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">eip=45e25208 
      esp=0012bdec ebp=0012bdf8 iopl=0<SPAN style="mso-spacerun: yes">&nbsp; 
      </SPAN>nv up ei pl zr na pe nc<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">cs=001b 
      ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">wpsio!TxExport+0x37b1:<o:p></o:p></SPAN></P> \
<P class=MsoNormal   style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: \
widow-orphan; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt \
458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">45e25208   ff5114<SPAN style="mso-spacerun: \
                yes">&nbsp; </SPAN>call<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>dword ptr [ecx+14h] 
      ds:0023:909090a4=????????<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><o:p>&nbsp;</o:p></SPAN></P>  <P \
class=MsoNormal   style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; \
tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt \
503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">module   info:<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">start<SPAN   style="mso-spacerun: \
                yes">&nbsp;&nbsp;&nbsp; </SPAN>end<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>module name<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">45e00000 
      4606f000<SPAN style="mso-spacerun: yes">&nbsp;&nbsp; </SPAN>wpsio <SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN>(export 
      symbols)<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>C:\Program Files\Kingsoft\WPS Office 
      Personal\office6\wpsio.dll<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>Loaded symbol image 
      file: C:\Program Files\Kingsoft\WPS Office 
      Personal\office6\wpsio.dll<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>Image path: C:\Program 
      Files\Kingsoft\WPS Office Personal\office6\wpsio.dll<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN   style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp; </SPAN>Image name:   wpsio.dll<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN   style="mso-spacerun: \
                yes">&nbsp;&nbsp;&nbsp; </SPAN>Timestamp:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>Mon May 28 04:10:12 2012 (4FC28A24)<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN   style="mso-spacerun: \
                yes">&nbsp;&nbsp;&nbsp; </SPAN>CheckSum:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>0026D933<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN   style="mso-spacerun: \
                yes">&nbsp;&nbsp;&nbsp; </SPAN>ImageSize:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>0026F000<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>File version:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>8.1.0.3238<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>Product version:<SPAN 
      style="mso-spacerun: yes">&nbsp; </SPAN>8.1.0.3238<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>File flags:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>0 
      (Mask 3F)<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN   style="mso-spacerun: \
                yes">&nbsp;&nbsp;&nbsp; </SPAN>File OS:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>40004 NT Win32<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN   style="mso-spacerun: \
                yes">&nbsp;&nbsp;&nbsp; </SPAN>File type:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>0.0 Unknown<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN   style="mso-spacerun: \
                yes">&nbsp;&nbsp;&nbsp; </SPAN>File date:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>00000000.00000000<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>Translations:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>0000.04b0<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>CompanyName:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>Zhuhai 
      Kingsoft Office-software Co.,Ltd<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>ProductName:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>Kingsoft 
      Office<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>InternalName:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>wpsio<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>OriginalFilename: 
      wpsio.dll<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>ProductVersion:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp; 
      </SPAN>8,1,0,3238<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>FileVersion:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>8,1,0,3238<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>FileDescription:<SPAN 
      style="mso-spacerun: yes">&nbsp; </SPAN>wpsio<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>LegalCopyright:<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp; </SPAN>Copyright �1988-2011 Kingsoft 
      Corporation.<SPAN style="mso-spacerun: yes">&nbsp; </SPAN>All rights 
      reserved.<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt"><o:p>&nbsp;</o:p></SPAN></P>  <P \
                class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; \
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-outline-level: 3"   \
align=left><B><SPAN lang=EN-US   style="FONT-SIZE: 13.5pt; COLOR: black; FONT-FAMILY: \
'Verdana','sans-serif'; mso-bidi-font-family: 宋体; mso-font-kerning: \
0pt">5&nbsp;Analysis<o:p></o:p></SPAN></B></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt">In   sub_45E2CC84:<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt"><o:p>&nbsp;</o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; BACKGROUND: lime; COLOR: black; FONT-FAMILY: 宋体; \
mso-bidi-font-family: 宋体; mso-font-kerning: 0pt; mso-highlight: lime">.text:45E2CC84   \
                var_210<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>= byte ptr -210h ;</SPAN><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; BACKGROUND: lime; COLOR: red; FONT-FAMILY: 宋体; \
mso-bidi-font-family: 宋体; mso-font-kerning: 0pt; mso-highlight: lime">buffer   size \
                0x200</SPAN><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt"><o:p></o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt">.text:45E2CC84   var_4<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>= dword ptr -4<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt"><o:p>&nbsp;</o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt"><o:p>&nbsp;</o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CDB3<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; 
      </SPAN>[ebp+Src]<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>; 
      BSTR<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CDB9<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
                
      </SPAN>call<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>esi ; 
      SysStringLen<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CDBB<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN><SPAN 
      style="mso-spacerun: \
                yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN>mov<SPAN \
                
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>[ebp+var_244], 
      eax<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; BACKGROUND: lime; COLOR: black; FONT-FAMILY: 宋体; \
                mso-bidi-font-family: 宋体; mso-font-kerning: 0pt; mso-highlight: \
                lime">.text:45E2CDC1<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>add<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>eax, eax<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>;</SPAN><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; BACKGROUND: lime; COLOR: red; FONT-FAMILY: 宋体; \
mso-bidi-font-family: 宋体; mso-font-kerning: 0pt; mso-highlight: lime">size   is \
                0x170</SPAN><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt"><o:p></o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CDC3<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; 
      </SPAN>eax<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   </SPAN>; \
Size<o:p></o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CDC4<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; 
      </SPAN>[ebp+Src]<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>; 
      Src<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CDCA<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN><SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN>lea<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>eax, 
      [ebp+var_210]<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CDD0<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; 
      </SPAN>eax<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   </SPAN>; \
Dst<o:p></o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CDD1<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>call<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; 
      </SPAN>memcpy<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt"><o:p>&nbsp;</o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt">First   time,copy 0x170 bytes to buffer var_210.<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt"><o:p>&nbsp;</o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CE16<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; 
      </SPAN>edi<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   </SPAN>; \
BSTR<o:p></o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CE17<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN><SPAN style="BACKGROUND: lime; mso-highlight: lime">[ebp+var_234], 
      ax</SPAN><o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CE1E<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
                
      </SPAN>call<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>esi ; 
      SysStringLen<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CE20<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>add<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>eax, eax<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CE22<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; 
      </SPAN>eax<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   </SPAN>; \
Size<o:p></o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CE23<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
                
      </SPAN><SPAN style="BACKGROUND: lime; mso-highlight: lime">movzx<SPAN 
      style="mso-spacerun: yes">&nbsp;&nbsp; </SPAN>eax, [ebp+var_234] 
      ;length</SPAN><o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CE2A<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>lea<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; 
      </SPAN>eax, [ebp+eax*2+var_210]<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CE31<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; 
      </SPAN>edi<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   </SPAN>; \
Src<o:p></o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CE32<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; 
      </SPAN>eax<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   </SPAN>; \
Dst<o:p></o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">.text:45E2CE33<SPAN 
      style="mso-spacerun: \
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
  </SPAN>call<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; 
      </SPAN>memcpy<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt"><o:p>&nbsp;</o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">Second 
      time,copy the same string, placed after the first string. var_234 is the 
      length of the string.</SPAN><SPAN lang=EN-US><FONT face="Times New Roman"> 
      </FONT></SPAN><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt">Total   copy 0x2e0 bytes.<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt">After   copy,return address and SEH record has been 
      overwritten.<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt"><o:p>&nbsp;</o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt">0:000&gt;   k<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt">ChildEBP   RetAddr<SPAN style="mso-spacerun: yes">&nbsp; 
</SPAN><o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt">WARNING:   Stack unwind information not available. Following frames may \
be   wrong.<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt">0012c070   90909090 wpsio!TxExport+0xb3e1<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt">0012c148   45e2a113 0x90909090<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt"><o:p>&nbsp;</o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt">0:000&gt; 
      !exchain<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt">0012c064:   90909090<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt">Invalid   exception stack at 90909090<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt"><o:p>&nbsp;</o:p></SPAN></P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt">The   source data of memcpy is from the file poc.wps,offset 
      0x41d7.<o:p></o:p></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt"><IMG 
      height=329 src="cid:_Foxmail.0@EFA1D1FC-C5A1-4237-85D5-E977D68F5D6B" 
      width=546 v:shapes="_x0000_i1025"></SPAN></P>
      <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; tab-stops: \
45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt \
595.4pt 641.2pt 687.0pt 732.8pt"   align=left><SPAN lang=EN-US 
      style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 宋体; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt"><o:p></o:p></SPAN>&nbsp;</P>  <P class=MsoNormal 
      style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; \
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-outline-level: 3"   \
align=left><B><SPAN lang=EN-US   style="FONT-SIZE: 13.5pt; COLOR: black; FONT-FAMILY: \
'Verdana','sans-serif'; mso-bidi-font-family: 宋体; mso-font-kerning: \
0pt">6&nbsp;Exploit<o:p></o:p></SPAN></B></P>  <P class=MsoNormal style="MARGIN: 0cm 0cm \
                0pt"><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
                mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">As 
      described above, using a suitable data overwrite SEH record or return 
      address, eip is controllable.<o:p></o:p></SPAN></P>
      <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US 
      style="COLOR: black; FONT-FAMILY: 'Verdana','sans-serif'; mso-bidi-font-family: 宋体; \
mso-font-kerning: 0pt; mso-bidi-font-size: 10.5pt">So,We   think this is a security 
vulnerability.<o:p></o:p></SPAN></P></TD></TR></TBODY></TABLE></DIV><!--EndFragment--></DIV><!--EndFragment--></DIV>
 <DIV>&nbsp;</DIV>
<HR style="WIDTH: 210px; HEIGHT: 1px" align=left color=#b5c4df SIZE=1>

<DIV><SPAN>
<DIV><SPAN style="FONT-SIZE: 10.5pt; COLOR: #000000; FONT-FAMILY: 宋体">
<DIV><SPAN><SPAN style="FONT-SIZE: 10.5pt; COLOR: #000000; FONT-FAMILY: 宋体">
<P class=MsoNormal 
style="BACKGROUND: white; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left" 
align=left><SPAN lang=EN-US 
style="FONT-SIZE: 11pt; FONT-FAMILY: 'Arial','sans-serif'">zhangjiantao</SPAN></P>
<P class=MsoNormal 
style="BACKGROUND: white; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left" 
align=left><SPAN lang=EN-US 
style="FONT-SIZE: 11pt; FONT-FAMILY: 'Arial','sans-serif'"><SPAN 
style="DISPLAY: inline! important; FLOAT: none; WORD-SPACING: 0px; FONT: 13px Verdana, \
Helvetica, sans-serif; TEXT-TRANSFORM: none; COLOR: rgb(0,0,0); TEXT-INDENT: 0px; WHITE-SPACE: \
normal; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); orphans: 2; widows: 2; \
webkit-text-size-adjust: auto; webkit-text-stroke-width: 0px">Hangzhou  DPtech Technologies \
Co., Ltd.</SPAN></SPAN></P> <P class=MsoNormal 
style="BACKGROUND: white; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left" 
align=left><SPAN lang=EN-US 
style="FONT-SIZE: 11pt; FONT-FAMILY: 'Arial','sans-serif'"><SPAN 
style="DISPLAY: inline! important; FLOAT: none; WORD-SPACING: 0px; FONT: 13px Verdana, \
Helvetica, sans-serif; TEXT-TRANSFORM: none; COLOR: rgb(0,0,0); TEXT-INDENT: 0px; WHITE-SPACE: \
normal; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); orphans: 2; widows: 2; \
webkit-text-size-adjust: auto; webkit-text-stroke-width: 0px"><A  \
href="http://www.dptechnology.net/">http://www.dptechnology.net</A></SPAN></SPAN></SPAN></SPAN></P></DIV></SPAN></DIV></SPAN></DIV></BODY></HTML>



["clip_image002(04-27-10-46-10).jpg" (image/jpeg)]
["poc.zip" (application/octet-stream)]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic