ylpx 发表于 2007-6-11 08:52:45

如何不进行判断,直接执行命令

如何不进行判断,直接执行命令

美萍记录管理器,要注册.
按删除命令后就弹出要注册的窗口。注册后,就可以直接删除。不弹出那个要注册的窗口。
想知道怎么样不进行判断是否已注册,按删除命令后就直接执行删除命令.会的高手看看


这个好像是执行删除后运行的一段程序,谁知道怎么样真接执行删除命令而不进行判断是否已注册


0046E66C /$ 55 push ebp
0046E66D |. 8BEC mov ebp,esp
0046E66F |. 83C4 AC add esp,-54
0046E672 |. 53 push ebx
0046E673 |. 56 push esi
0046E674 |. 33C9 xor ecx,ecx
0046E676 |. 894D AC mov dword ptr ss:,ecx
0046E679 |. 894D B4 mov dword ptr ss:,ecx
0046E67C |. 894D B0 mov dword ptr ss:,ecx
0046E67F |. 894D B8 mov dword ptr ss:,ecx
0046E682 |. 894D FC mov dword ptr ss:,ecx
0046E685 |. 33C0 xor eax,eax
0046E687 |. 55 push ebp
0046E688 |. 68 D6E74600 push mp2.0046E7D6
0046E68D |. 64:FF30 push dword ptr fs:
0046E690 |. 64:8920 mov dword ptr fs:,esp
0046E693 |. A1 182D4700 mov eax,dword ptr ds:
0046E698 |. E8 A365F9FF call mp2.00404C40
0046E69D |. 50 push eax ; /String2
0046E69E |. 8D45 BE lea eax,dword ptr ss: ; |
0046E6A1 |. 50 push eax ; |String1
0046E6A2 |. E8 FD82F9FF call <jmp.&kernel32.lstrcpyA> ; \lstrcpyA
0046E6A7 |. A1 182D4700 mov eax,dword ptr ds:
0046E6AC |. E8 8F63F9FF call mp2.00404A40
0046E6B1 |. 8BF0 mov esi,eax
0046E6B3 |. 4E dec esi
0046E6B4 |. 85F6 test esi,esi
0046E6B6 |. 7C 24 jl short mp2.0046E6DC
0046E6B8 |. 46 inc esi
0046E6B9 |. 8D5D BE lea ebx,dword ptr ss:
0046E6BC |> 8D4D B8 /lea ecx,dword ptr ss:
0046E6BF |. 33C0 |xor eax,eax
0046E6C1 |. 8A03 |mov al,byte ptr ds:
0046E6C3 |. BA 02000000 |mov edx,2
0046E6C8 |. E8 13A2F9FF |call mp2.004088E0
0046E6CD |. 8B55 B8 |mov edx,dword ptr ss:
0046E6D0 |. 8D45 FC |lea eax,dword ptr ss:
0046E6D3 |. E8 7063F9FF |call mp2.00404A48
0046E6D8 |. 43 |inc ebx
0046E6D9 |. 4E |dec esi
0046E6DA |.^ 75 E0 \jnz short mp2.0046E6BC
0046E6DC |> A1 BC134700 mov eax,dword ptr ds:
0046E6E1 |. 8B00 mov eax,dword ptr ds:
0046E6E3 |. 8B80 0C030000 mov eax,dword ptr ds:
0046E6E9 |. 8B55 FC mov edx,dword ptr ss:
0046E6EC |. E8 43EEFCFF call mp2.0043D534
0046E6F1 |. A1 BC134700 mov eax,dword ptr ds:
0046E6F6 |. 8B00 mov eax,dword ptr ds:
0046E6F8 |. 8B80 14030000 mov eax,dword ptr ds:
0046E6FE |. BA ECE74600 mov edx,mp2.0046E7EC
0046E703 |. E8 2CEEFCFF call mp2.0043D534
0046E708 |. 8D55 B0 lea edx,dword ptr ss:
0046E70B |. B8 BADBD020 mov eax,20D0DBBA
0046E710 |. E8 B7A0F9FF call mp2.004087CC
0046E715 |. 8B4D B0 mov ecx,dword ptr ss:
0046E718 |. 8D45 B4 lea eax,dword ptr ss:
0046E71B |. BA 04E84600 mov edx,mp2.0046E804
0046E720 |. E8 6763F9FF call mp2.00404A8C
0046E725 |. 8B55 B4 mov edx,dword ptr ss:
0046E728 |. A1 BC134700 mov eax,dword ptr ds:
0046E72D |. 8B00 mov eax,dword ptr ds:
0046E72F |. 8B80 18030000 mov eax,dword ptr ds:
0046E735 |. E8 FAEDFCFF call mp2.0043D534
0046E73A |. E8 BDBFF9FF call mp2.0040A6FC
0046E73F |. DC1D F82D4700 fcomp qword ptr ds:
0046E745 |. DFE0 fstsw ax
0046E747 |. 9E sahf
0046E748 73 5A jnb short mp2.0046E7A4
0046E74A |. B8 1CE84600 mov eax,mp2.0046E81C ; ASCII "2005-12-1"
0046E74F |. E8 88D5F9FF call mp2.0040BCDC
0046E754 |. DC1D F82D4700 fcomp qword ptr ds:
0046E75A |. DFE0 fstsw ax
0046E75C |. 9E sahf
0046E75D 73 45 jnb short mp2.0046E7A4
0046E75F |. A1 BC134700 mov eax,dword ptr ds:
0046E764 |. 8B00 mov eax,dword ptr ds:
0046E766 |. 8B80 18030000 mov eax,dword ptr ds:
0046E76C |. BA 30E84600 mov edx,mp2.0046E830
0046E771 |. E8 BEEDFCFF call mp2.0043D534
0046E776 |. FF35 FC2D4700 push dword ptr ds: ; /Arg2 = 00000000
0046E77C |. FF35 F82D4700 push dword ptr ds: ; |Arg1 = 00000000
0046E782 |. 8D55 AC lea edx,dword ptr ss: ; |
0046E785 |. B8 40E84600 mov eax,mp2.0046E840 ; |
0046E78A |. E8 71CCF9FF call mp2.0040B400 ; \mp2.0040B400
0046E78F |. 8B55 AC mov edx,dword ptr ss:
0046E792 |. A1 BC134700 mov eax,dword ptr ds:
0046E797 |. 8B00 mov eax,dword ptr ds:
0046E799 |. 8B80 14030000 mov eax,dword ptr ds:
0046E79F |. E8 90EDFCFF call mp2.0043D534
0046E7A4 |> A1 BC134700 mov eax,dword ptr ds:
0046E7A9 |. 8B00 mov eax,dword ptr ds:
0046E7AB |. 8B10 mov edx,dword ptr ds:
0046E7AD |. FF92 EC000000 call dword ptr ds:
0046E7B3 |. 33C0 xor eax,eax
0046E7B5 |. 5A pop edx
0046E7B6 |. 59 pop ecx
0046E7B7 |. 59 pop ecx
0046E7B8 |. 64:8910 mov dword ptr fs:,edx
0046E7BB |. 68 DDE74600 push mp2.0046E7DD
0046E7C0 |> 8D45 AC lea eax,dword ptr ss:
0046E7C3 |. BA 04000000 mov edx,4
0046E7C8 |. E8 D75FF9FF call mp2.004047A4
0046E7CD |. 8D45 FC lea eax,dword ptr ss:
0046E7D0 |. E8 AB5FF9FF call mp2.00404780
0046E7D5 C3 retn


发现一个可疑call
0046D581 E802C2FEFF call 00459788
Local Calls from 0044831F, 00458A60, 0045C2E8, 0046C9F1, 0046CAC5, 0046CAD1, 0046CD7B, 0046CECB, 0046D105, 0046D1AB, 0046D581
call的内容如下
00459788 /$ 53 push ebx
00459789 |. 56 push esi
0045978A |. 51 push ecx
0045978B |. 8BD8 mov ebx,eax
0045978D |. F683 F4020000 08 test byte ptr ds:,8
00459794 |. 74 0F je short mp2.004597A5
00459796 |. C783 4C020000 020>mov dword ptr ds:,2
004597A0 |. E9 80000000 jmp mp2.00459825
004597A5 |> 8BC3 mov eax,ebx
004597A7 |. 8B10 mov edx,dword ptr ds:
004597A9 |. FF92 E4000000 call dword ptr ds:
004597AF |. 84C0 test al,al
004597B1 |. 74 72 je short mp2.00459825
004597B3 |. 80BB 2F020000 01 cmp byte ptr ds:,1
004597BA |. 75 15 jnz short mp2.004597D1
004597BC |. F683 28020000 02 test byte ptr ds:,2
004597C3 |. 74 06 je short mp2.004597CB
004597C5 |. C60424 03 mov byte ptr ss:,3
004597C9 |. EB 0A jmp short mp2.004597D5
004597CB |> C60424 00 mov byte ptr ss:,0
004597CF |. EB 04 jmp short mp2.004597D5
004597D1 |> C60424 01 mov byte ptr ss:,1
004597D5 |> 8BD4 mov edx,esp
004597D7 |. 8BC3 mov eax,ebx
004597D9 |. 66:BE B0FF mov si,0FFB0
004597DD |. E8 4AA4FAFF call mp2.00403C2C
004597E2 |. 803C24 00 cmp byte ptr ss:,0
004597E6 |. 74 3D je short mp2.00459825
004597E8 |. A1 E42B4700 mov eax,dword ptr ds:
004597ED |. 3B58 44 cmp ebx,dword ptr ds:
004597F0 |. 75 0C jnz short mp2.004597FE
004597F2 |. A1 E42B4700 mov eax,dword ptr ds:
004597F7 |. E8 10370000 call mp2.0045CF0C
004597FC |. EB 27 jmp short mp2.00459825
004597FE |> 803C24 01 cmp byte ptr ss:,1
00459802 |. 75 09 jnz short mp2.0045980D
00459804 |. 8BC3 mov eax,ebx
00459806 |. E8 1D010000 call mp2.00459928
0045980B |. EB 18 jmp short mp2.00459825
0045980D |> 803C24 03 cmp byte ptr ss:,3
00459811 |. 75 0B jnz short mp2.0045981E
00459813 |. B2 01 mov dl,1
00459815 |. 8BC3 mov eax,ebx
00459817 |. E8 F8DCFFFF call mp2.00457514
0045981C |. EB 07 jmp short mp2.00459825
0045981E |> 8BC3 mov eax,ebx
00459820 |. E8 9F010000 call mp2.004599C4
00459825 |> 5A pop edx
00459826 |. 5E pop esi
00459827 |. 5B pop ebx
00459828 \. C3 retn

bhcjl 发表于 2007-6-12 09:52:46

下载研究一下
页: [1]
查看完整版本: 如何不进行判断,直接执行命令