某国产数据处理系统的破解(版本8.5)
声明:初学Crack,只是感兴趣,没有其他目的。失误之处敬请体谅!保护方式:Nspack壳,自校验(通过检查文件大小),重启验证注册码
1 脱壳(Nspack壳,手动脱)
1. 寻找入口:
Ctrl+B 寻找二进制: 61 9d e9
04BCB9F7 C2 0C00 retn 0C
04BCB9FA 61 popad
04BCB9FB 9D popfd
04BCB9FC- E9 DB188CFF jmp 0448D2DC
04BCBA01 8BB5 B6EAFFFFmov esi,dword ptr ss:
04BCB9FC- E9 DB188CFF jmp 0448D2DC
(可以认为0448D2DC就是程序的入口)
这里壳己将程序解压完毕,下断!!
2. Dump(转存解压后的文件)
重新加载DPS,运行,断在入口
用LordPE抓取解压到内存中的文件,另存为ddps.exe
此时程序还不能运行,接下来就是重建输入表。
3. 重建输入表
l 运行ImportREC,在下拉列表框中选择dps_0.exe进程
l 上面己得知dps_0.exe的OEP地址是0448D2DC,则在左下角OEP处填入OEP的RVA值,这里填上0048D2DC。点击“自动查找IAT”按钮,让其自动检测IAT偏移和大小,IAT地址:00001000,大小00BC1000。
l 点击“获取输入表”按钮,让其分析IAT结构得到基本信息。
l 勾选“添加一个新的节”,点击“修复转存文件”,选择第2步中另存的文件ddps.exe。
双击修复好的ddps.exe,发现它已经可以正常运行,不很正常地显示界面了。
2 调试
转载请注明出处:http://zanjero.ygblog.com/
1--------------------------------------------
044618CC .8B15 2C174A04 mov edx, dword ptr ;DPS.044AAC90
044618D2 .8902 mov dword ptr , eax
044618D4 .8B45 FC mov eax, dword ptr
044618D7 .EB 6B jmp short 04461944 //原子程序获取文件大小(自校验) 改后跳过隐藏菜单,重设控件高、宽
044618D9 90 nop
044618DA 90 nop
044618DB 90 nop
044618DC .8B15 00104A04 mov edx, dword ptr ;DPS.044AA3A8
044618E2 .0302 add eax, dword ptr
044618E4 .8945 CC mov dword ptr , eax
044618E7 .DB45 CC fild dword ptr
044618EA .D9FA fsqrt
044618EC .DC65 F0 fsub qword ptr
044618EF .D9E1 fabs
044618F1 .DB2D 94254604 fld tbyte ptr
044618F7 .DED9 fcompp
044618F9 .DFE0 fstsw ax
044618FB .9E sahf
044618FC .EB 46 jmp short 04461944
044618FE .8B45 FC mov eax, dword ptr
04461901 .8B80 A00D0000 mov eax, dword ptr
04461907 .33D2 xor edx, edx
04461909 .E8 E61ABAFF call <jmp.&vcl60.Controls::TControl::>
0446190E .8B45 FC mov eax, dword ptr
04461911 .8B80 F0020000 mov eax, dword ptr
04461917 .8B40 34 mov eax, dword ptr
0446191A .E8 9D19BAFF call <jmp.&vcl60.Menus::TMenuItem::Cl>
0446191F .8B45 FC mov eax, dword ptr
04461922 .8B80 38030000 mov eax, dword ptr
04461928 .33D2 xor edx, edx
0446192A .E8 C51ABAFF call <jmp.&vcl60.Controls::TControl::>
0446192F .8B45 FC mov eax, dword ptr
04461932 .8B80 20090000 mov eax, dword ptr
04461938 .33D2 xor edx, edx
0446193A .E8 B51ABAFF call <jmp.&vcl60.Controls::TControl::>
0446193F .E9 020C0000 jmp 04462546
04461944 >8D55 C8 lea edx, dword ptr
04461947 .8B45 FC mov eax, dword ptr
0446194A .8B80 040E0000 mov eax, dword ptr
04461950 .E8 BF1ABAFF call <jmp.&vcl60.Controls::TControl::>
04461955 .8B45 C8 mov eax, dword ptr
04461958 .8D55 F8 lea edx, dword ptr
0446195B .E8 D0F8B9FF call <jmp.&rtl60.System::ValExt>
04461960 .DD1D E04F9A04 fstp qword ptr
04461966 .9B wait
2--------------------------------------------
04461A0C .BA 04010000 mov edx, 104
04461A11 .E8 7619BAFF call <jmp.&vcl60.Controls::TControl::>
04461A16 .8B45 FC mov eax, dword ptr
04461A19 .E9 B8000000 jmp 04461AD6 //原子程序获取文件大小(自校验) 改后跳过隐藏菜单,重设控件高、宽
04461A1E .8B15 00104A04 mov edx, dword ptr ;DPS.044AA3A8
04461A24 .0302 add eax, dword ptr
04461A26 .8945 CC mov dword ptr , eax
04461A29 .DB45 CC fild dword ptr
04461A2C .D9FA fsqrt
04461A2E .DC75 F0 fdiv qword ptr
04461A31 .D825 A4254604 fsub dword ptr
04461A37 .D9E1 fabs
04461A39 .DB2D 20264604 fld tbyte ptr
04461A3F .DED9 fcompp
04461A41 .DFE0 fstsw ax
04461A43 .9E sahf
04461A44 .E9 8D000000 jmp 04461AD6
04461A49 90 nop
04461A4A .C745 F8 01000>mov dword ptr , 1
04461A51 .8B1D 94224A04 mov ebx, dword ptr ;DPS.044AABE8
04461A57 >B8 F4010000 mov eax, 1F4
04461A5C .E8 CFF6B9FF call <jmp.&rtl60.System::RandInt>
04461A61 .8945 CC mov dword ptr , eax
04461A64 .DB45 CC fild dword ptr
04461A67 .D835 2C264604 fdiv dword ptr
04461A6D .D805 30264604 fadd dword ptr
04461A73 .D825 A4254604 fsub dword ptr
04461A79 .D91B fstp dword ptr
04461A7B .9B wait
04461A7C .FF45 F8 inc dword ptr
04461A7F .83C3 04 add ebx, 4
04461A82 .837D F8 0B cmp dword ptr , 0B
04461A86 .^ 75 CF jnz short 04461A57
04461A88 .8B45 FC mov eax, dword ptr
04461A8B .8B80 F0020000 mov eax, dword ptr
04461A91 .8B40 34 mov eax, dword ptr
04461A94 .E8 2318BAFF call <jmp.&vcl60.Menus::TMenuItem::Cl>
04461A99 .C745 F8 01000>mov dword ptr , 1
04461AA0 .8B1D 94224A04 mov ebx, dword ptr ;DPS.044AABE8
04461AA6 >B8 E8030000 mov eax, 3E8
04461AAB .E8 80F6B9FF call <jmp.&rtl60.System::RandInt>
04461AB0 .8945 CC mov dword ptr , eax
04461AB3 .DB45 CC fild dword ptr
04461AB6 .D835 34264604 fdiv dword ptr
04461ABC .D805 A4254604 fadd dword ptr
04461AC2 .D91B fstp dword ptr
04461AC4 .9B wait
04461AC5 .FF45 F8 inc dword ptr
04461AC8 .83C3 04 add ebx, 4
04461ACB .837D F8 0B cmp dword ptr , 0B
04461ACF .^ 75 D5 jnz short 04461AA6
04461AD1 .E9 700A0000 jmp 04462546
04461AD6 >8B45 FC mov eax, dword ptr
04461AD9 .8D90 B0100000 lea edx, dword ptr
04461ADF .8B45 FC mov eax, dword ptr
04461AE2 .E8 B5A8FFFF call 0445C39C
04461AE7 .A1 7C394A04 mov eax, dword ptr
04461AEC .C700 F8020000 mov dword ptr , 2F8
04461AF2 .8D45 D0 lea eax, dword ptr
3、4-----------------------------------------
04462068 .8B55 9C mov edx, dword ptr
0446206B .A1 90104A04 mov eax, dword ptr
04462070 .E8 E3F2B9FF call <jmp.&rtl60.System::LStrAsg>
04462075 .C705 B04F9A04>mov dword ptr , -1
0446207F .BA E44C9A04 mov edx, 049A4CE4
04462084 .A1 40164A04 mov eax, dword ptr
04462089 .8B00 mov eax, dword ptr
0446208B .E8 349AFFFF call 0445BAC4
04462090 .E8 2392FFFF call 0445B2B8
04462095 .84C0 test al, al
04462097 90 nop //启动时关键跳转(注册标志)
04462098 90 nop
04462099 90 nop
0446209A 90 nop
0446209B 90 nop
0446209C 90 nop
0446209D .E8 DA7DFFFF call 04459E7C
044620A2 .8B45 FC mov eax, dword ptr
044620A5 .8B80 A00D0000 mov eax, dword ptr
044620AB .B2 01 mov dl, 1
044620AD 90 nop //启动时关键跳转,改后启动不显示“系统信息”
044620AE 90 nop
044620AF 90 nop
044620B0 90 nop
044620B1 90 nop
044620B2 .8B45 FC mov eax, dword ptr
044620B5 .8B80 D00D0000 mov eax, dword ptr
044620BB .B2 01 mov dl, 1
044620BD .E8 3213BAFF call <jmp.&vcl60.Controls::TControl::>
044620C2 .E8 35FEB9FF call <jmp.&rtl60.Sysutils::Time>
044620C7 .DD1D C44F9A04 fstp qword ptr
044620CD .9B wait
044620CE .8B15 58FE4904 mov edx, dword ptr ;DPS.044AA3EC
044620D4 .33C0 xor eax, eax
044620D6 .E8 75EFB9FF call <jmp.&rtl60.System::ParamStr>
044620DB .EB 1D jmp short 044620FA
044620DD >A1 58FE4904 mov eax, dword ptr
044620E2 .8B00 mov eax, dword ptr
044620E4 .E8 B7F2B9FF call <jmp.&rtl60.System::LStrLen>
044620E9 .8BD0 mov edx, eax
044620EB .A1 58FE4904 mov eax, dword ptr
044620F0 .B9 01000000 mov ecx, 1
044620F5 .E8 F6F2B9FF call <jmp.&rtl60.System::LStrDelete>
044620FA >A1 58FE4904 mov eax, dword ptr
044620FF .8B00 mov eax, dword ptr
5--------------------------------------------
04460CA3|.B8 06000000 mov eax, 6
04460CA8|.E8 8304BAFF call <jmp.&rtl60.System::RandInt>
04460CAD|.40 inc eax
04460CAE|.8985 70FFFFFF mov dword ptr , eax
04460CB4|.8B85 58FFFFFF mov eax, dword ptr
04460CBA|.8B95 70FFFFFF mov edx, dword ptr
04460CC0|.8A4410 FF mov al, byte ptr
04460CC4|.8B95 2CFFFFFF mov edx, dword ptr
04460CCA|.8B8D 70FFFFFF mov ecx, dword ptr
04460CD0|.3A440A FF cmp al, byte ptr
04460CD4 E9 BC000000 jmp 04460D95
04460CD9 90 nop
04460CDA|.BB 01000000 mov ebx, 1
04460CDF|.8DB5 B8FCFFFF lea esi, dword ptr
04460CE5|>33C0 /xor eax, eax
04460CE7|.8906 |mov dword ptr , eax
04460CE9|.C746 04 0000F>|mov dword ptr , 3FF00000
04460CF0|.43 |inc ebx
04460CF1|.83C6 08 |add esi, 8
04460CF4|.83FB 0B |cmp ebx, 0B
04460CF7|.^ 75 EC \jnz short 04460CE5
04460CF9|.B8 05000000 mov eax, 5
04460CFE|.E8 2D04BAFF call <jmp.&rtl60.System::RandInt>
04460D03|.40 inc eax
04460D04|.8985 70FFFFFF mov dword ptr , eax
04460D0A|.8B85 58FFFFFF mov eax, dword ptr
04460D10|.8B95 70FFFFFF mov edx, dword ptr
04460D16|.8A4410 FF mov al, byte ptr
04460D1A|.8B95 2CFFFFFF mov edx, dword ptr
04460D20|.8B8D 70FFFFFF mov ecx, dword ptr
04460D26|.3A440A FF cmp al, byte ptr
04460D2A|.74 69 je short 04460D95
04460D2C|.8B45 F4 mov eax, dword ptr
04460D2F|.B9 0A000000 mov ecx, 0A
04460D34|.99 cdq
04460D35|.F7F9 idiv ecx
04460D37|.A1 94224A04 mov eax, dword ptr
04460D3C|.D90490 fld dword ptr
04460D3F|.D825 48154604 fsub dword ptr
04460D45|.D9E1 fabs
04460D47|.DB2D 74164604 fld tbyte ptr
04460D4D|.DED9 fcompp
04460D4F|.DFE0 fstsw ax
04460D51|.9E sahf
04460D52|.73 41 jnb short 04460D95
04460D54|.BA 68164604 mov edx, 04461668 ;ASCII "Work.$$$"
04460D59|.8D85 30FDFFFF lea eax, dword ptr
04460D5F|.E8 6403BAFF call <jmp.&rtl60.System::Assign>
04460D64|.8D85 30FDFFFF lea eax, dword ptr
04460D6A|.E8 4103BAFF call <jmp.&rtl60.System::ResetText>
04460D6F|.8D85 30FDFFFF lea eax, dword ptr
04460D75|.E8 6E03BAFF call <jmp.&rtl60.System::Close>
04460D7A|.8D85 30FDFFFF lea eax, dword ptr
04460D80|.E8 9B03BAFF call <jmp.&rtl60.System::Erase>
04460D85|.8D85 400DE5FF lea eax, dword ptr
04460D8B|.E8 5092FFFF call 04459FE0
04460D90|.E9 C6060000 jmp 0446145B
04460D95|>8B4D F0 mov ecx, dword ptr
04460D98|.41 inc ecx
04460D99|.BA 01000000 mov edx, 1
04460D9E|.8B45 FC mov eax, dword ptr
04460DA1|.E8 F611C0FF call 04061F9C
04460DA6|.8B45 D8 mov eax, dword ptr
6--------------------------------------------
0445883B|.2BD0 sub edx, eax
0445883D|.0F8C 85020000 jl 04458AC8
04458843|.42 inc edx
04458844|.8955 9C mov dword ptr , edx
04458847|.8945 FC mov dword ptr , eax
0445884A|>8B35 38044A04 /mov esi, dword ptr ;DPS.044AA3C4
04458850|.8B36 |mov esi, dword ptr
04458852|.8B1D F0064A04 |mov ebx, dword ptr ;DPS.044AA3CC
04458858|.8B1B |mov ebx, dword ptr
0445885A|.2BDE |sub ebx, esi
0445885C E9 5B020000 jmp 04458ABC //数据序列检验时断下,不知何用
04458861 90 nop
04458862|.43 |inc ebx
04458863|>B8 0E000000 |/mov eax, 0E
04458868|.E8 C388BAFF ||call <jmp.&rtl60.System::RandInt>
0445886D|.40 ||inc eax
0445886E|.8945 F4 ||mov dword ptr , eax
04458871|.8B45 B0 ||mov eax, dword ptr
04458874|.50 ||push eax
04458875|.8D45 94 ||lea eax, dword ptr
04458878|.50 ||push eax
04458879|.A1 301D9A04 ||mov eax, dword ptr
0445887E|.8B80 B0100000 ||mov eax, dword ptr
04458884|.8B4D FC ||mov ecx, dword ptr
04458887|.8BD6 ||mov edx, esi
04458889|.E8 468EC0FF ||call 040616D4
...
04458A81|.A1 301D9A04 ||mov eax, dword ptr
04458A86|.8B80 B0100000 ||mov eax, dword ptr
04458A8C|.8B4D FC ||mov ecx, dword ptr
04458A8F|.8BD6 ||mov edx, esi
04458A91|.E8 36A5C0FF ||call 04062FCC
04458A96|.C745 F8 01000>||mov dword ptr , 1
04458A9D|.A1 94224A04 ||mov eax, dword ptr
04458AA2|>C700 0000803F ||/mov dword ptr , 3F800000
04458AA8|.FF45 F8 |||inc dword ptr
04458AAB|.83C0 04 |||add eax, 4
04458AAE|.837D F8 0B |||cmp dword ptr , 0B
04458AB2|.^ 75 EE ||\jnz short 04458AA2
04458AB4|>46 ||inc esi
04458AB5|.4B ||dec ebx
04458AB6|.^ 0F85 A7FDFFFF |\jnz 04458863
04458ABC|>FF45 FC |inc dword ptr
04458ABF|.FF4D 9C |dec dword ptr
04458AC2|.^ 0F85 82FDFFFF \jnz 0445884A
04458AC8|>8B45 E8 mov eax, dword ptr
04458ACB|.85C0 test eax, eax
04458ACD|.0F8E A6000000 jle 04458B79
04458AD3|.8945 9C mov dword ptr , eax
04458AD6|.C745 FC 01000>mov dword ptr , 1
04458ADD|>8B5D EC /mov ebx, dword ptr
04458AE0|.85DB |test ebx, ebx
04458AE2|.0F8E 85000000 |jle 04458B6D
04458AE8|.BE 01000000 |mov esi, 1
04458AED|>8B45 A0 |/mov eax, dword ptr
04458AF0|.8B55 FC ||mov edx, dword ptr
04458AF3|.8B0490 ||mov eax, dword ptr
04458AF6|.803C30 00 ||cmp byte ptr , 0
04458AFA|.74 6D ||je short 04458B69
04458AFC|.A1 70284A04 ||mov eax, dword ptr
04458B01|.8B00 ||mov eax, dword ptr
04458B03|.E8 E4A6BAFF ||call <jmp.&vcl60.Dialogs::ShowMessa>
04458B08|.A1 04104A04 ||mov eax, dword ptr
7--------------------------------------------
044591E8|.2BD0 sub edx, eax
044591EA|.0F8C A7020000 jl 04459497
044591F0|.42 inc edx
044591F1|.8955 9C mov dword ptr , edx
044591F4|.8945 FC mov dword ptr , eax
044591F7|>8B35 38044A04 /mov esi, dword ptr ;DPS.044AA3C4
044591FD|.8B36 |mov esi, dword ptr
044591FF|.8B1D F0064A04 |mov ebx, dword ptr ;DPS.044AA3CC
04459205|.8B1B |mov ebx, dword ptr
04459207|.2BDE |sub ebx, esi
04459209 E9 7D020000 jmp 0445948B
0445920E 90 nop
0445920F|.43 |inc ebx
04459210|>B8 0E000000 |/mov eax, 0E
04459215|.E8 167FBAFF ||call <jmp.&rtl60.System::RandInt>
0445921A|.40 ||inc eax
0445921B|.8945 F4 ||mov dword ptr , eax
0445921E|.8B45 B0 ||mov eax, dword ptr
04459221|.50 ||push eax
...
04459441|.A1 301D9A04 ||mov eax, dword ptr
04459446|.8B80 B0100000 ||mov eax, dword ptr
0445944C|.8B4D FC ||mov ecx, dword ptr
0445944F|.8BD6 ||mov edx, esi
04459451|.E8 769BC0FF ||call 04062FCC
04459456|.A1 B03A4A04 ||mov eax, dword ptr
0445945B|.BA 40964504 ||mov edx, 04459640
04459460|.E8 F37EBAFF ||call <jmp.&rtl60.System::LStrAsg>
04459465|.C745 F8 01000>||mov dword ptr , 1
0445946C|.A1 94224A04 ||mov eax, dword ptr
04459471|>C700 0000803F ||/mov dword ptr , 3F800000
04459477|.FF45 F8 |||inc dword ptr
0445947A|.83C0 04 |||add eax, 4
0445947D|.837D F8 0B |||cmp dword ptr , 0B
04459481|.^ 75 EE ||\jnz short 04459471
04459483|>46 ||inc esi
04459484|.4B ||dec ebx
04459485|.^ 0F85 85FDFFFF |\jnz 04459210
0445948B|>FF45 FC |inc dword ptr
0445948E|.FF4D 9C |dec dword ptr
04459491|.^ 0F85 60FDFFFF \jnz 044591F7
04459497|>8B45 E8 mov eax, dword ptr
0445949A|.85C0 test eax, eax
0445949C|.0F8E A6000000 jle 04459548
044594A2|.8945 9C mov dword ptr , eax
044594A5|.C745 FC 01000>mov dword ptr , 1
044594AC|>8B5D EC /mov ebx, dword ptr
044594AF|.85DB |test ebx, ebx
044594B1|.0F8E 85000000 |jle 0445953C
044594B7|.BE 01000000 |mov esi, 1
044594BC|>8B45 A0 |/mov eax, dword ptr
044594BF|.8B55 FC ||mov edx, dword ptr
044594C2|.8B0490 ||mov eax, dword ptr
044594C5|.803C30 00 ||cmp byte ptr , 0
044594C9|.74 6D ||je short 04459538
044594CB|.A1 70284A04 ||mov eax, dword ptr
8--------------------------------------------
http://zanjero.ygblog.com/
04459A4C|.2BD0 sub edx, eax
04459A4E|.0F8C 79010000 jl 04459BCD
04459A54|.42 inc edx
04459A55|.8955 B8 mov dword ptr , edx
04459A58|.8945 F0 mov dword ptr , eax
04459A5B|>8B35 38044A04 /mov esi, dword ptr ;DPS.044AA3C4
04459A61|.8B36 |mov esi, dword ptr
04459A63|.8B1D F0064A04 |mov ebx, dword ptr ;DPS.044AA3CC
04459A69|.8B1B |mov ebx, dword ptr
04459A6B|.2BDE |sub ebx, esi
04459A6D E9 4F010000 jmp 04459BC1
04459A72 90 nop
04459A73|.43 |inc ebx
04459A74|>B8 0E000000 |/mov eax, 0E
04459A79|.E8 B276BAFF ||call <jmp.&rtl60.System::RandInt>
04459A7E|.8BF8 ||mov edi, eax
04459A80|.47 ||inc edi
04459A81|.8B45 E4 ||mov eax, dword ptr
04459A84|.50 ||push eax
04459A85|.8D45 B4 ||lea eax, dword ptr
04459A88|.50 ||push eax
04459A89|.8B45 FC ||mov eax, dword ptr
04459A8C|.8B80 B0100000 ||mov eax, dword ptr
04459A92|.8B4D F0 ||mov ecx, dword ptr
04459A95|.8BD6 ||mov edx, esi
04459A97|.E8 387CC0FF ||call 040616D4
04459A9C|.8B55 B4 ||mov edx, dword ptr
04459A9F|.8D45 C4 ||lea eax, dword ptr
04459AA2|.E8 E978BAFF ||call <jmp.&rtl60.System::LStrFromWS>
04459AA7|.B8 E8030000 ||mov eax, 3E8
04459AAC|.E8 7F76BAFF ||call <jmp.&rtl60.System::RandInt>
04459AB1|.B9 03000000 ||mov ecx, 3
...
04459B8F|.8BC7 ||mov eax, edi
04459B91|.8B4D F0 ||mov ecx, dword ptr
04459B94|.8BD6 ||mov edx, esi
04459B96|.E8 3194C0FF ||call 04062FCC
04459B9B|.C745 EC 01000>||mov dword ptr , 1
04459BA2|.A1 94224A04 ||mov eax, dword ptr
04459BA7|>C700 0000803F ||/mov dword ptr , 3F800000
04459BAD|.FF45 EC |||inc dword ptr
04459BB0|.83C0 04 |||add eax, 4
04459BB3|.837D EC 0B |||cmp dword ptr , 0B
04459BB7|.^ 75 EE ||\jnz short 04459BA7
04459BB9|>46 ||inc esi
04459BBA|.4B ||dec ebx
04459BBB|.^ 0F85 B3FEFFFF |\jnz 04459A74
04459BC1|>FF45 F0 |inc dword ptr
04459BC4|.FF4D B8 |dec dword ptr
04459BC7|.^ 0F85 8EFEFFFF \jnz 04459A5B
04459BCD|>33C0 xor eax, eax
04459BCF|.5A pop edx
9--------------------------------------------
0445B713 .C3 retn
0445B714 .0000803F dd float 1.000000
0445B718 .FFFFFFFF dd FFFFFFFF
0445B71C .01000000 dd 00000001
0445B720 .5C 00 ascii "\",0
0445B722 00 db 00
0445B723 00 db 00
0445B724 .00003443 dd float 180.0000
0445B728 .2384471B47ACC>dt float 9.9999999999999999990e-06
0445B732 00 db 00
0445B733 00 db 00
0445B734/$C3 retn//返回而不计算机器码(两处调用)
0445B735|.8BEC mov ebp, esp
0445B737|.83C4 88 add esp, -78
0445B73A|.53 push ebx
0445B73B|.56 push esi
0445B73C|.57 push edi
0445B73D|.33C9 xor ecx, ecx
10--------------------------------------------
044603B3|.E8 5C30BAFF call <jmp.&vcl60.Controls::TControl::>
044603B8|.8B85 640DE5FF mov eax, dword ptr
044603BE|.8D55 84 lea edx, dword ptr
044603C1|.E8 7619BAFF call <jmp.&rtl60.Sysutils::Trim>
044603C6|.8B45 84 mov eax, dword ptr
044603C9|.E8 D20FBAFF call <jmp.&rtl60.System::LStrLen>
044603CE|.83F8 18 cmp eax, 18
044603D1|.EB 18 jmp short 044603EB //比较注册码长度的跳转
044603D3|.8B15 24144A04 mov edx, dword ptr ;DPS.044AAC94
044603D9|.8B12 mov edx, dword ptr
044603DB|.A1 301D9A04 mov eax, dword ptr
044603E0|.8B80 C80D0000 mov eax, dword ptr
044603E6|.E8 3130BAFF call <jmp.&vcl60.Controls::TControl::>
044603EB|>8D95 600DE5FF lea edx, dword ptr
044603F1|.A1 301D9A04 mov eax, dword ptr
11--------------------------------------------
04460468|.DD9D 30FFFFFF fstp qword ptr
0446046E|.9B wait
0446046F|.813D 404E9A04>cmp dword ptr , 120D439
04460479|.75 2D jnz short 044604A8
0446047B|.803D A14F9A04>cmp byte ptr , 0
04460482|.74 24 je short 044604A8
04460484|.BB 01000000 mov ebx, 1
04460489|.8DB5 B8FCFFFF lea esi, dword ptr
0446048F|>33C0 /xor eax, eax
04460491|.8906 |mov dword ptr , eax
04460493|.C746 04 0000F>|mov dword ptr , 3FF00000
0446049A|.43 |inc ebx
0446049B|.83C6 08 |add esi, 8
0446049E|.83FB 0B |cmp ebx, 0B
044604A1|.^ 75 EC \jnz short 0446048F
044604A3|.E9 2B050000 jmp 044609D3
044604A8|>E8 E33AC0FF call 04063F90
044604AD|.85C0 test eax, eax
044604AF E9 53030000 jmp 04460807
044604B4 90 nop
044604B5|.B8 05000000 mov eax, 5
044604BA|.E8 710CBAFF call <jmp.&rtl60.System::RandInt>
044604BF|.40 inc eax
044604C0|.8985 70FFFFFF mov dword ptr , eax
044604C6|.33C0 xor eax, eax
044604C8|.8985 40FFFFFF mov dword ptr , eax
044604CE|.C785 44FFFFFF>mov dword ptr , 40C0FB00
044604D8|.BB 01000000 mov ebx, 1
044604DD|.8B35 94224A04 mov esi, dword ptr ;DPS.044AABE8
044604E3|>B8 64000000 /mov eax, 64
044604E8|.E8 430CBAFF |call <jmp.&rtl60.System::RandInt>
044604ED|.8985 5C0DE5FF |mov dword ptr , eax
044604F3|.DB85 5C0DE5FF |fild dword ptr
044604F9|.D835 44154604 |fdiv dword ptr
044604FF|.D805 48154604 |fadd dword ptr
04460505|.D91E |fstp dword ptr
04460507|.9B |wait
04460508|.43 |inc ebx
04460509|.83C6 04 |add esi, 4
0446050C|.83FB 0B |cmp ebx, 0B
0446050F|.^ 75 D2 \jnz short 044604E3
04460511|.8B85 58FFFFFF mov eax, dword ptr
...
044607C6|.84C0 test al, al
044607C8|.74 13 je short 044607DD
044607CA|.D905 48154604 fld dword ptr
044607D0|.DCA5 08FFFFFF fsub qword ptr
044607D6|.DD9D 08FFFFFF fstp qword ptr
044607DC|.9B wait
044607DD|>E8 5EECFFFF call 0445F440
044607E2|.8A85 2BFFFFFF mov al, byte ptr
044607E8|.34 01 xor al, 1
044607EA|.84C0 test al, al
044607EC|.74 19 je short 04460807
044607EE|.DB2D 48164604 fld tbyte ptr
044607F4|.DC8D 08FFFFFF fmul qword ptr
044607FA|.D82D 48154604 fsubr dword ptr
04460800|.DD9D 08FFFFFF fstp qword ptr
04460806|.9B wait
04460807|>E8 8437C0FF call 04063F90
0446080C|.85C0 test eax, eax
0446080E|.75 05 jnz short 04460815
04460810|.E8 8F15C1FF call 04071DA4
04460815|>A1 580A4A04 mov eax, dword ptr
0446081A|.33D2 xor edx, edx
0446081C|.8910 mov dword ptr , edx
12--------------------------------------------
04460F33|.8B55 A4 ||mov edx, dword ptr
04460F36|.B8 94164604 ||mov eax, 04461694 ;ASCII "||"
04460F3B|.E8 C004BAFF ||call <jmp.&rtl60.System::LStrPos>
04460F40|.8945 EC ||mov dword ptr , eax
04460F43|.8B85 58FFFFFF ||mov eax, dword ptr
04460F49|.8A4430 FF ||mov al, byte ptr
04460F4D|.8B95 2CFFFFFF ||mov edx, dword ptr
04460F53|.3A4432 FF ||cmp al, byte ptr
04460F57|.EB 2A ||jmp short 04460F83
04460F59|.B8 64000000 ||mov eax, 64
04460F5E|.E8 CD01BAFF ||call <jmp.&rtl60.System::RandInt>
04460F63|.8985 5C0DE5FF ||mov dword ptr , eax
04460F69|.DB85 5C0DE5FF ||fild dword ptr
04460F6F|.D835 44154604 ||fdiv dword ptr
04460F75|.D805 48154604 ||fadd dword ptr
04460F7B|.DD9CF5 B0FCFF>||fstp qword ptr
04460F82|.9B ||wait
04460F83|>837D EC 00 ||cmp dword ptr , 0
04460F87|.7E 20 ||jle short 04460FA9
04460F89|.8D45 A4 ||lea eax, dword ptr
04460F8C|.B9 02000000 ||mov ecx, 2
04460F91|.8B55 EC ||mov edx, dword ptr
13--------------------------------------------
044610C0|.8A0C10 ||mov cl, byte ptr
044610C3|.8BC7 ||mov eax, edi
044610C5|.51 ||push ecx
044610C6|.B9 0A000000 ||mov ecx, 0A
044610CB|.99 ||cdq
044610CC|.F7F9 ||idiv ecx
044610CE|.59 ||pop ecx
044610CF|.8B85 2CFFFFFF ||mov eax, dword ptr
044610D5|.3A0C10 ||cmp cl, byte ptr
044610D8|.EB 26 ||jmp short 04461100
044610DA|.B8 64000000 ||mov eax, 64
044610DF|.E8 4C00BAFF ||call <jmp.&rtl60.System::RandInt>
044610E4|.8985 5C0DE5FF ||mov dword ptr , eax
044610EA|.DB85 5C0DE5FF ||fild dword ptr
044610F0|.D835 44154604 ||fdiv dword ptr
044610F6|.D805 48154604 ||fadd dword ptr
044610FC|.DB7D B8 ||fstp tbyte ptr
044610FF|.9B ||wait
04461100|>837D E8 00 ||cmp dword ptr , 0
04461104|.0F8E 46020000 ||jle 04461350
0446110A|.8D55 EC ||lea edx, dword ptr
0446110D|.8B45 A0 ||mov eax, dword ptr
04461110|.E8 1B01BAFF ||call <jmp.&rtl60.System::ValExt>
04461115|.DB7D C8 ||fstp tbyte ptr
04461118|.9B ||wait
04461119|.DB6D C8 ||fld tbyte ptr
0446111C|.DB6D B8 ||fld tbyte ptr
0446111F|.DEC9 ||fmulp st(1), st
04461121|.DB7D C8 ||fstp tbyte ptr
04461124|.9B ||wait
14--------------------------------------------
044611B9|.B8 F8164604 ||mov eax, 044616F8
044611BE|.E8 3D02BAFF ||call <jmp.&rtl60.System::LStrPos>
044611C3|.85C0 ||test eax, eax
044611C5|.75 07 ||jnz short 044611CE
044611C7|.33C0 ||xor eax, eax
044611C9|.8945 E4 ||mov dword ptr , eax
044611CC|.EB 07 ||jmp short 044611D5
044611CE|>C745 E4 04000>||mov dword ptr , 4
044611D5|>837D E4 05 ||cmp dword ptr , 5
044611D9|.7E 07 ||jle short 044611E2
044611DB|.C745 E4 05000>||mov dword ptr , 5
044611E2|>8B45 D8 ||mov eax, dword ptr
044611E5|.50 ||push eax
044611E6|.6A 01 ||push 1
044611E8|.8BCF ||mov ecx, edi
044611EA|.8B55 E0 ||mov edx, dword ptr
044611ED|.8B45 FC ||mov eax, dword ptr
044611F0|.E8 CB09C0FF ||call 04061BC0
044611F5|.8B45 D8 ||mov eax, dword ptr
044611F8|.50 ||push eax
044611F9|.8BC7 ||mov eax, edi
044611FB|.B9 0C000000 ||mov ecx, 0C
04461200|.99 ||cdq
04461201|.F7F9 ||idiv ecx
04461203|.8B85 58FFFFFF ||mov eax, dword ptr
04461209|.33C9 ||xor ecx, ecx
0446120B|.8A0C10 ||mov cl, byte ptr
0446120E|.8BC7 ||mov eax, edi
04461210|.51 ||push ecx
04461211|.B9 0C000000 ||mov ecx, 0C
04461216|.99 ||cdq
04461217|.F7F9 ||idiv ecx
04461219|.59 ||pop ecx
0446121A|.8B85 2CFFFFFF ||mov eax, dword ptr
04461220|.0FB60410 ||movzx eax, byte ptr
04461224|.2BC9 ||sub ecx, ecx //使添加误差:x=x*(1+(RandInt(1)-RandInt(2))/1000) 改为:x=x*(1+(RandInt(1)-RandInt(1))/1000
04461226|.898D 5C0DE5FF ||mov dword ptr , ecx
0446122C|.DB85 5C0DE5FF ||fild dword ptr
04461232|.D835 44154604 ||fdiv dword ptr
04461238|.D805 48154604 ||fadd dword ptr
0446123E|.DB6D C8 ||fld tbyte ptr
04461241|.DEC9 ||fmulp st(1), st
04461243|.83C4 F8 ||add esp, -8
04461246|.DD1C24 ||fstp qword ptr
04461249|.9B ||wait
0446124A|.8BCF ||mov ecx, edi
0446124C|.8B55 E0 ||mov edx, dword ptr
0446124F|.8B45 FC ||mov eax, dword ptr
04461252|.E8 751DC0FF ||call 04062FCC
04461257|.8B45 D8 ||mov eax, dword ptr
0446125A|.50 ||push eax
0446125B|.8B45 E4 ||mov eax, dword ptr
0446125E|.50 ||push eax
0446125F|.8BCF ||mov ecx, edi
04461261|.8B55 E0 ||mov edx, dword ptr
04461264|.8B45 FC ||mov eax, dword ptr
04461267|.E8 7C07C0FF ||call 040619E8
0446126C|.EB 5A ||jmp short 044612C8
0446126E|>8B45 D8 ||mov eax, dword ptr
04461271|.50 ||push eax 详情请看:
http://zanjero.ygblog.com/ 学习下,,,不太明白 blog的北京音乐吓我一跳!呵呵 多谢,用起来感觉不错. 多谢,/:014 /:014 /:014 很好 很强大 没看懂 不过没事 收了 慢慢看 厉害啊!我也是新人,正在努力! 慢慢看/:011
页:
[1]