朋友帮我看一下!!怎么样去注册窗口?
本软件为KEYFIILE保护,运行出现注册窗口0049DF16 C3 retn
0049DF17 CC int3
0049DF18 CC int3
0049DF19 CC int3
0049DF1A CC int3
0049DF1B CC int3
0049DF1C CC int3
0049DF1D CC int3
0049DF1E CC int3
0049DF1F CC int3
0049DF20 55 push ebp
0049DF21 8BEC mov ebp,esp
0049DF23 6A FF push -1
0049DF25 68 918B5000 push 00508B91
0049DF2A 64:A1 00000000mov eax,dword ptr fs:
0049DF30 50 push eax
0049DF31 64:8925 0000000>mov dword ptr fs:,esp
0049DF38 81EC 1C0B0000 sub esp,0B1C
0049DF3E A1 C0525200 mov eax,dword ptr ds:
0049DF43 8945 EC mov dword ptr ss:,eax
0049DF46 898D E4F4FFFF mov dword ptr ss:,ecx
0049DF4C FF15 38B05000 call dword ptr ds:[<&COMCTL32.#17>]
0049DF52 8B8D E4F4FFFF mov ecx,dword ptr ss:
0049DF58 E8 114B0600 call 00502A6E
0049DF5D 6A 3C push 3C
0049DF5F 6A 00 push 0
0049DF61 8D85 C8F6FFFF lea eax,dword ptr ss:
0049DF67 50 push eax
0049DF68 E8 83BD0400 call 004E9CF0
0049DF6D 83C4 0C add esp,0C
0049DF70 C785 C8F6FFFF 1>mov dword ptr ss:,10
0049DF7A 68 D00F5100 push 00510FD0
0049DF7F 8D8D E4F6FFFF lea ecx,dword ptr ss:
0049DF85 51 push ecx
0049DF86 E8 85C00400 call 004EA010
0049DF8B 83C4 08 add esp,8
0049DF8E C785 C8F6FFFF 1>mov dword ptr ss:,10
0049DF98 8D95 C8F6FFFF lea edx,dword ptr ss:
0049DF9E 52 push edx
0049DF9F FF15 F4B05000 call dword ptr ds:[<&GDI32.CreateFontIndire>
0049DFA5 50 push eax
0049DFA6 8B8D E4F4FFFF mov ecx,dword ptr ss:
0049DFAC 81C1 A0000000 add ecx,0A0
0049DFB2 E8 52150600 call 004FF509
0049DFB7 8D85 BCF5FFFF lea eax,dword ptr ss:
0049DFBD 50 push eax
0049DFBE 68 04010000 push 104
0049DFC3 FF15 D8B25000 call dword ptr ds:[<&KERNEL32.GetCurrentDir>
0049DFC9 8B8D E4F4FFFF mov ecx,dword ptr ss:
0049DFCF 81C1 A8000000 add ecx,0A8
0049DFD5 898D 18F5FFFF mov dword ptr ss:,ecx
0049DFDB 8D95 BCF5FFFF lea edx,dword ptr ss:
0049DFE1 85D2 test edx,edx
0049DFE3 75 0C jnz short 0049DFF1
0049DFE5 C785 30F5FFFF 0>mov dword ptr ss:,0
0049DFEF EB 15 jmp short 0049E006
0049DFF1 8D85 BCF5FFFF lea eax,dword ptr ss:
0049DFF7 50 push eax
0049DFF8 E8 73B80400 call 004E9870
0049DFFD 83C4 04 add esp,4
0049E000 8985 30F5FFFF mov dword ptr ss:,eax
0049E006 8B8D 30F5FFFF mov ecx,dword ptr ss:
0049E00C 51 push ecx
0049E00D 8D95 BCF5FFFF lea edx,dword ptr ss:
0049E013 52 push edx
0049E014 8B8D 18F5FFFF mov ecx,dword ptr ss:
0049E01A E8 219BF6FF call 00407B40
0049E01F 8B85 E4F4FFFF mov eax,dword ptr ss:
0049E025 05 B8000000 add eax,0B8
0049E02A 50 push eax
0049E02B E8 206BF6FF call 00404B50
0049E030 83C4 04 add esp,4
0049E033 6A 00 push 0
0049E035 E8 D2340400 call 004E150C
0049E03A 83C4 04 add esp,4
0049E03D C785 54FFFFFF 9>mov dword ptr ss:,94
0049E047 68 88B85000 push 0050B888
0049E04C 8B8D E4F4FFFF mov ecx,dword ptr ss:
0049E052 81C1 A8000000 add ecx,0A8
0049E058 51 push ecx
0049E059 8D95 40F5FFFF lea edx,dword ptr ss:
0049E05F 52 push edx
0049E060 E8 2B91F6FF call 00407190
0049E065 83C4 0C add esp,0C
0049E068 8985 E0F4FFFF mov dword ptr ss:,eax
0049E06E 8B85 E0F4FFFF mov eax,dword ptr ss:
0049E074 8985 00F5FFFF mov dword ptr ss:,eax
0049E07A C745 FC 0000000>mov dword ptr ss:,0
0049E081 8B8D E4F4FFFF mov ecx,dword ptr ss:
0049E087 81C1 D8030000 add ecx,3D8
0049E08D 898D FCF4FFFF mov dword ptr ss:,ecx
0049E093 8B95 00F5FFFF mov edx,dword ptr ss:
0049E099 52 push edx
0049E09A 8B8D FCF4FFFF mov ecx,dword ptr ss:
0049E0A0 E8 7B98F6FF call 00407920
0049E0A5 C745 FC FFFFFFF>mov dword ptr ss:,-1
0049E0AC 8D8D 40F5FFFF lea ecx,dword ptr ss:
0049E0B2 E8 2998F6FF call 004078E0
0049E0B7 8D85 54FFFFFF lea eax,dword ptr ss:
0049E0BD 50 push eax
0049E0BE FF15 2CB35000 call dword ptr ds:[<&KERNEL32.GetVersionExA>
0049E0C4 83BD 64FFFFFF 0>cmp dword ptr ss:,2
0049E0CB 75 0F jnz short 0049E0DC
0049E0CD 8B8D E4F4FFFF mov ecx,dword ptr ss:
0049E0D3 C681 B1000000 0>mov byte ptr ds:,1
0049E0DA EB 0D jmp short 0049E0E9
0049E0DC 8B95 E4F4FFFF mov edx,dword ptr ss:
0049E0E2 C682 B1000000 0>mov byte ptr ds:,0
0049E0E9 6A 00 push 0
0049E0EB 8D8D 04F7FFFF lea ecx,dword ptr ss:
0049E0F1 E8 CA070000 call 0049E8C0
0049E0F6 C745 FC 0100000>mov dword ptr ss:,1
0049E0FD 8D8D 04F7FFFF lea ecx,dword ptr ss:
0049E103 E8 E8AA0200 call 004C8BF0
0049E108 0FB6C0 movzx eax,al
0049E10B 85C0 test eax,eax
0049E10D 75 70 jnz short 0049E17F
0049E10F 6A 00 push 0
0049E111 51 push ecx
0049E112 8BCC mov ecx,esp
0049E114 89A5 3CF5FFFF mov dword ptr ss:,esp
0049E11A 51 push ecx
0049E11B 8D8D 04F7FFFF lea ecx,dword ptr ss:
0049E121 E8 1A930200 call 004C7440
0049E126 8985 DCF4FFFF mov dword ptr ss:,eax
0049E12C 8D8D 44F5FFFF lea ecx,dword ptr ss:
0049E132 E8 49F9FFFF call 0049DA80
0049E137 8985 D8F4FFFF mov dword ptr ss:,eax
0049E13D C645 FC 02 mov byte ptr ss:,2
0049E141 8D8D 44F5FFFF lea ecx,dword ptr ss:
0049E147 E8 E2EC0500 call 004FCE2E==跳出注册窗口(跟进)
004FCE2E B8 0CA85000 mov eax,0050A80C(光标停在此行)
004FCE33 E8 3CE2FEFF call 004EB074
004FCE38 83EC 18 sub esp,18
004FCE3B 53 push ebx
004FCE3C 56 push esi
004FCE3D 8BF1 mov esi,ecx
004FCE3F 8B46 58 mov eax,dword ptr ds:
004FCE42 8B5E 5C mov ebx,dword ptr ds:
004FCE45 57 push edi
004FCE46 8965 F0 mov dword ptr ss:,esp
004FCE49 8975 E4 mov dword ptr ss:,esi
004FCE4C 8945 E8 mov dword ptr ss:,eax
004FCE4F E8 DE530000 call 00502232
004FCE54 837E 54 00 cmp dword ptr ds:,0
004FCE58 8B78 0C mov edi,dword ptr ds:
004FCE5B 74 1F je short 004FCE7C
004FCE5D E8 D0530000 call 00502232
004FCE62 8B78 0C mov edi,dword ptr ds:
004FCE65 6A 05 push 5
004FCE67 FF76 54 push dword ptr ds:
004FCE6A 57 push edi
004FCE6B FF15 0CB35000 call dword ptr ds:[<&KERNEL32.FindResourceA>
004FCE71 50 push eax
004FCE72 57 push edi
004FCE73 FF15 00B35000 call dword ptr ds:[<&KERNEL32.LoadResource>>
004FCE79 8945 E8 mov dword ptr ss:,eax
004FCE7C 837D E8 00 cmp dword ptr ss:,0
004FCE80 74 0B je short 004FCE8D
004FCE82 FF75 E8 push dword ptr ss:
004FCE85 FF15 04B35000 call dword ptr ds:[<&KERNEL32.LockResource>>
004FCE8B 8BD8 mov ebx,eax
004FCE8D 85DB test ebx,ebx
004FCE8F 75 08 jnz short 004FCE99
004FCE91 83C8 FF or eax,FFFFFFFF
004FCE94 E9 03010000 jmp 004FCF9C
004FCE99 8BCE mov ecx,esi
004FCE9B E8 CEFAFFFF call 004FC96E
004FCEA0 8945 EC mov dword ptr ss:,eax
004FCEA3 E8 24C2FFFF call 004F90CC
004FCEA8 8365 E0 00 and dword ptr ss:,0
004FCEAC 837D EC 00 cmp dword ptr ss:,0
004FCEB0 74 2A je short 004FCEDC
004FCEB2 FF15 C8B35000 call dword ptr ds:[<&USER32.GetDesktopWindo>
004FCEB8 3945 EC cmp dword ptr ss:,eax
004FCEBB 74 1F je short 004FCEDC
004FCEBD FF75 EC push dword ptr ss:
004FCEC0 FF15 0CB45000 call dword ptr ds:[<&USER32.IsWindowEnabled>
004FCEC6 85C0 test eax,eax
004FCEC8 74 12 je short 004FCEDC
004FCECA 6A 00 push 0
004FCECC FF75 EC push dword ptr ss:
004FCECF FF15 C4B45000 call dword ptr ds:[<&USER32.EnableWindow>]
004FCED5 C745 E0 0100000>mov dword ptr ss:,1
004FCEDC 8365 FC 00 and dword ptr ss:,0
004FCEE0 56 push esi
004FCEE1 E8 76D4FFFF call 004FA35C
004FCEE6 FF75 EC push dword ptr ss:
004FCEE9 E8 36C1FFFF call 004F9024
004FCEEE 57 push edi
004FCEEF 50 push eax
004FCEF0 53 push ebx
004FCEF1 8BCE mov ecx,esi
004FCEF3 E8 29FDFFFF call 004FCC21==跳出注册窗口(跟进)
004FCC21 B8 02A85000 mov eax,0050A802(光标停在此行)
004FCC26 E8 49E4FEFF call 004EB074
004FCC2B 83EC 3C sub esp,3C
004FCC2E 53 push ebx
004FCC2F 56 push esi
004FCC30 57 push edi
004FCC31 33FF xor edi,edi
004FCC33 397D 10 cmp dword ptr ss:,edi
004FCC36 8BD9 mov ebx,ecx
004FCC38 8965 F0 mov dword ptr ss:,esp
004FCC3B 895D E0 mov dword ptr ss:,ebx
004FCC3E 75 0B jnz short 004FCC4B
004FCC40 E8 ED550000 call 00502232
004FCC45 8B40 0C mov eax,dword ptr ds:
004FCC48 8945 10 mov dword ptr ss:,eax
004FCC4B E8 E2550000 call 00502232
004FCC50 8BB0 38100000 mov esi,dword ptr ds:
004FCC56 6A 10 push 10
004FCC58 8975 D8 mov dword ptr ss:,esi
004FCC5B 897D EC mov dword ptr ss:,edi
004FCC5E 897D DC mov dword ptr ss:,edi
004FCC61 897D FC mov dword ptr ss:,edi
004FCC64 E8 14C0FFFF call 004F8C7D
004FCC69 68 00C00700 push 7C000
004FCC6E E8 0AC0FFFF call 004F8C7D
004FCC73 3BF7 cmp esi,edi
004FCC75 74 2B je short 004FCCA2
004FCC77 8B03 mov eax,dword ptr ds:
004FCC79 8D4D B8 lea ecx,dword ptr ss:
004FCC7C 51 push ecx
004FCC7D 8BCB mov ecx,ebx
004FCC7F FF90 2C010000 call dword ptr ds:
004FCC85 3BC7 cmp eax,edi
004FCC87 75 07 jnz short 004FCC90
004FCC89 33C0 xor eax,eax
004FCC8B E9 8D010000 jmp 004FCE1D
004FCC90 FF75 08 push dword ptr ss:
004FCC93 8B06 mov eax,dword ptr ds:
004FCC95 8D4D B8 lea ecx,dword ptr ss:
004FCC98 51 push ecx
004FCC99 8BCE mov ecx,esi
004FCC9B FF50 10 call dword ptr ds:
004FCC9E 8BF0 mov esi,eax
004FCCA0 EB 03 jmp short 004FCCA5
004FCCA2 8B75 08 mov esi,dword ptr ss:
004FCCA5 3BF7 cmp esi,edi
004FCCA7^ 74 E0 je short 004FCC89
004FCCA9 E8 F3EFFFFF call 004FBCA1
004FCCAE 8B10 mov edx,dword ptr ds:
004FCCB0 8BC8 mov ecx,eax
004FCCB2 FF52 0C call dword ptr ds:
004FCCB5 83C0 10 add eax,10
004FCCB8 8945 E4 mov dword ptr ss:,eax
004FCCBB 8D45 E8 lea eax,dword ptr ss:
004FCCBE 50 push eax
004FCCBF 8D45 E4 lea eax,dword ptr ss:
004FCCC2 50 push eax
004FCCC3 56 push esi
004FCCC4 C645 FC 01 mov byte ptr ss:,1
004FCCC8 897D E8 mov dword ptr ss:,edi
004FCCCB E8 4B1E0000 call 004FEB1B
004FCCD0 33C9 xor ecx,ecx
004FCCD2 83C4 0C add esp,0C
004FCCD5 3BC7 cmp eax,edi
004FCCD7 0F94C1 sete cl
004FCCDA 393D 24AF5200 cmp dword ptr ds:,edi
004FCCE0 8BC1 mov eax,ecx
004FCCE2 74 36 je short 004FCD1A
004FCCE4 3BC7 cmp eax,edi
004FCCE6 75 36 jnz short 004FCD1E
004FCCE8 6A 2A push 2A
004FCCEA FF15 88B55000 call dword ptr ds:[<&USER32.GetSystemMetric>
004FCCF0 85C0 test eax,eax
004FCCF2 74 69 je short 004FCD5D
004FCCF4 68 34495100 push 00514934
004FCCF9 FF75 E4 push dword ptr ss:
004FCCFC E8 4FD0FEFF call 004E9D50
004FCD01 F7D8 neg eax
004FCD03 1AC0 sbb al,al
004FCD05 FEC0 inc al
004FCD07 0FB6C0 movzx eax,al
004FCD0A 3BC7 cmp eax,edi
004FCD0C 59 pop ecx
004FCD0D 59 pop ecx
004FCD0E 74 4D je short 004FCD5D
004FCD10 66:837D E8 08 cmp word ptr ss:,8
004FCD15 75 03 jnz short 004FCD1A
004FCD17 897D E8 mov dword ptr ss:,edi
004FCD1A 3BC7 cmp eax,edi
004FCD1C 74 3F je short 004FCD5D
004FCD1E 56 push esi
004FCD1F 8D4D C8 lea ecx,dword ptr ss:
004FCD22 E8 C51D0000 call 004FEAEC
004FCD27 FF75 E8 push dword ptr ss:
004FCD2A 8D4D C8 lea ecx,dword ptr ss:
004FCD2D C645 FC 02 mov byte ptr ss:,2
004FCD31 E8 181D0000 call 004FEA4E
004FCD36 8D4D C8 lea ecx,dword ptr ss:
004FCD39 E8 C41A0000 call 004FE802
004FCD3E 8D4D C8 lea ecx,dword ptr ss:
004FCD41 8945 EC mov dword ptr ss:,eax
004FCD44 C645 FC 01 mov byte ptr ss:,1
004FCD48 E8 A71A0000 call 004FE7F4
004FCD4D 397D EC cmp dword ptr ss:,edi
004FCD50 74 0B je short 004FCD5D
004FCD52 FF75 EC push dword ptr ss:
004FCD55 FF15 ECB25000 call dword ptr ds:[<&KERNEL32.GlobalLock>]
004FCD5B 8BF0 mov esi,eax
004FCD5D 834B 40 FF or dword ptr ds:,FFFFFFFF
004FCD61 834B 38 10 or dword ptr ds:,10
004FCD65 53 push ebx
004FCD66 E8 F1D5FFFF call 004FA35C
004FCD6B 8B45 0C mov eax,dword ptr ss:
004FCD6E 3BC7 cmp eax,edi
004FCD70 75 04 jnz short 004FCD76
004FCD72 33C0 xor eax,eax
004FCD74 EB 03 jmp short 004FCD79
004FCD76 8B40 1C mov eax,dword ptr ds:
004FCD79 57 push edi
004FCD7A 68 B7C64F00 push 004FC6B7
004FCD7F 50 push eax
004FCD80 56 push esi
004FCD81 FF75 10 push dword ptr ss:
004FCD84 FF15 D0B35000 call dword ptr ds:[<&USER32.CreateDialogInd>==跳出注册窗口
004FCD8A 8B4D E4 mov ecx,dword ptr ss: 004FCD70 75 04 jnz short 004FCD76 //改ZF标志跟踪下
004FCD72 33C0 xor eax,eax
004FCD74 EB 03 jmp short 004FCD79
004FCD76 8B40 1C mov eax,dword ptr ds: //这个传递的值似乎比较重要,内存断点之 认真学习!
页:
[1]