Contact::IsFlagValid(unsigned long, unsigned long)

55 8B EC 6A FF
3180D810   55                   push    ebp
3180D811   8BEC                mov     ebp, esp
3180D813   6A FF                push    -1

E9 8B 0B 05 00
3180D810   E9 8B0B0500          jmp     3185E3A0

5E3A0 - D810 - 5 = 50B8B

60 E8 FA ED FA FF 3B 44  24 24 75 07 61 B8 01 00 00 00 C3 61 55 8B EC 6A  FF E9 57 F4 FA FF

3185E3A0   60                  pushad
3185E3A1   E8 FAEDFAFF       call    Util::Contact::GetSelfUin  //调用后EAX=当前登陆QQ号码
3185E3A6   3B4424 24           cmp     eax, dword ptr [esp+24]
3185E3AA   75 07               jnz     short 3185E3B3
3185E3AC   61                  popad
3185E3AD   B8 01000000         mov     eax, 1
3185E3B2   C3                  retn
3185E3B3   61                   popad
3185E3B4   55                   push    ebp
3185E3B5   8BEC                mov     ebp, esp
3185E3B7   6A FF                push    -1
3185E3B9   E9 57F4FAFF          jmp     3180D815


60E8D4F2FAFF3B442424750761B801000000C361558BEC6AFFE911F9FAFF
.text:3185DA66  pusha                            //60
.text:3185DA67  call Util::Contact::GetSelfUin(void)    // E8 D4F2FAFF
.text:3185DA6C  cmp eax, [esp+20h+arg_0]           //3B4424 24
.text:3185DA70  jnz short loc_3185DA79         //7507
.text:3185DA72  popa                   //61
.text:3185DA73  mov eax, 1            // B8 01000000
.text:3185DA78  retn                     //C3
.text:3185DA79  popa                    //61
.text:3185DA7A  push ebp                //55
.text:3185DA7B  mov ebp, esp                //8BEC
.text:3185DA7D  push 0FFFFFFFFh                //6AFF
.text:3185DA7F  jmp loc_3180D395      //E9 11F9FAFF

3180D390 E9 D1060500    jmp     3185DA66
3185DA66 - 3180D390 - 5 = 506D1
目标地址(3185DA66)=3180D390+506D1(D1060500的正序)+5(指令长度)


3185DA7F   E9 11F9FAFF    jmp     3180D395
3180D395 - 3185DA7F + 5 -1 = FFFAF911(11F9FAFF)

取反+1,前面加上"-"
100000000 - 506EF = FFFAF911
FFFAF911 + 506EF = 100000000 => 00000000
系统只取后 8 个 0,所以最前面的 1 不见了.