0101F000 2D 11020000 sub eax,0x211
0101F005 - 0F84 0E2FFEFF je winmine.01001F19 ; 先把本来的两句抄过来
0101F00B 83F8 01 cmp eax,0x1 ; 因为这里我们的是0x212,减去0x211后就是0x1了,和0x1比较
0101F00E 74 05 je short winmine.0101F015
0101F010 - E9 CE2EFEFF jmp winmine.01001EE3 ; 不是0x212就跳回到之前的代码执行
0101F015 33C0 xor eax,eax
0101F017 3905 00000201 cmp dword ptr ds:[0x1020000],eax
0101F01D 0F94C0 sete al
0101F020 A3 00000201 mov dword ptr ds:[0x1020000],eax ; 这4句是给0x1020000值取反的,就是1变成0,0变成1
0101F025 - E9 202FFEFF jmp winmine.01001F4A
0101F02A 0000 add byte ptr ds:[eax],al
0101F02C 0000 add byte ptr ds:[eax],al
0101F02E 0000 add byte ptr ds:[eax],al
0101F030 33C0 xor eax,eax
0101F032 66:833D A056000>cmp word ptr ds:[0x10056A0],0x3
0101F03A 0F94C0 sete al
0101F03D 50 push eax
0101F03E 68 0C020000 push 0x20C
0101F043 E8 7C4CFEFF call winmine.01003CC4
0101F048 FF35 C8560001 push dword ptr ds:[0x10056C8]
0101F04E 68 11020000 push 0x211
0101F053 E8 6C4CFEFF call winmine.01003CC4
0101F058 FF35 BC560001 push dword ptr ds:[0x10056BC]
0101F05E 68 0F020000 push 0x20F
0101F063 E8 5C4CFEFF call winmine.01003CC4
0101F068 FF35 B8560001 push dword ptr ds:[0x10056B8]
0101F06E 68 0E020000 push 0x20E
0101F073 E8 4C4CFEFF call winmine.01003CC4 ; 这里之前都是把原来的抄过来
0101F078 FF35 00000201 push dword ptr ds:[0x1020000] ; 这里就是传入0x1020000的值
0101F07E 68 12020000 push 0x212 ; 这里是我们添加的选项的数字
0101F083 E8 3C4CFEFF call winmine.01003CC4
0101F088 - E9 1825FEFF jmp winmine.010015A5 ; 跳到刚刚call的返回处