CALL内循环不出来了.
本人破解Themida/WinLicense V1.8.2.0 +-> Oreans Technologies * Sign.By.fly *做的挂,用脱壳机脱壳后,用PE 0.94外部扫描什么也没发现,用核心扫描发现是Borland Delphi 6.0 - 7.0编写的,脱壳后的程序能正常使用。随便输入一个帐号后用OD载入后跟踪来到一个CALL内,用F8在这个CALL内跟踪过一个多小时也没有循环出来。但如果按F9马上就运行完了。请问各位大侠这是怎么一问事啊。从一个CALL进来就到了这里:
77D2DA19 8BFF mov edi, edi
77D2DA1B 55 push ebp
77D2DA1C 8BEC mov ebp, esp
77D2DA1E 83EC 20 sub esp, 20
77D2DA21 8B4D 08 mov ecx, dword ptr
77D2DA24 53 push ebx
77D2DA25 33DB xor ebx, ebx
77D2DA27 3BCB cmp ecx, ebx
77D2DA29 56 push esi
77D2DA2A 895D FC mov dword ptr , ebx
77D2DA2D 0F84 6E410000 je 77D31BA1
77D2DA33 E8 98AAFEFF call 77D184D0
77D2DA38 8BF0 mov esi, eax
77D2DA3A 3BF3 cmp esi, ebx
77D2DA3C 0F84 9DAF0100 je 77D489DF
77D2DA42 E8 93BAFEFF call GetCapture
77D2DA47 3BC3 cmp eax, ebx
77D2DA49 0F85 C3AF0100 jnz 77D48A12
77D2DA4F 8B86 A8000000 mov eax, dword ptr
77D2DA55 33C9 xor ecx, ecx
77D2DA57 395D 10 cmp dword ptr , ebx
77D2DA5A 57 push edi
77D2DA5B 0F95C1 setne cl
77D2DA5E D1E1 shl ecx, 1
77D2DA60 3348 14 xor ecx, dword ptr
77D2DA63 83E1 02 and ecx, 2
77D2DA66 3148 14 xor dword ptr , ecx
77D2DA69 8B7E 20 mov edi, dword ptr
77D2DA6C 33C0 xor eax, eax
77D2DA6E 8A46 23 mov al, byte ptr
77D2DA71 C1EF 08 shr edi, 8
77D2DA74 F7D7 not edi
77D2DA76 83E7 01 and edi, 1
77D2DA79 83E0 10 and eax, 10
77D2DA7C 8945 10 mov dword ptr , eax
77D2DA7F A1 8000D777 mov eax, dword ptr
77D2DA84 F680 E4060000 0>test byte ptr , 1
77D2DA8B 0F85 90AF0100 jnz 77D48A21
77D2DA91 8B86 A8000000 mov eax, dword ptr H点
77D2DA97 3BC3 cmp eax, ebx
77D2DA99 74 5E je short 77D2DAF9
77D2DA9B F640 14 01 test byte ptr , 1
77D2DA9F 75 58 jnz short 77D2DAF9
77D2DAA1 6A 01 push 1
77D2DAA3 53 push ebx
77D2DAA4 53 push ebx
77D2DAA5 53 push ebx
77D2DAA6 8D45 E0 lea eax, dword ptr
77D2DAA9 50 push eax
77D2DAAA E8 ECB7FEFF call PeekMessageW
77D2DAAF 85C0 test eax, eax
77D2DAB1 0F84 A0000000 je 77D2DB57
77D2DAB7 837D E4 12 cmp dword ptr , 12
77D2DABB 895D FC mov dword ptr , ebx
77D2DABE 0F84 E4400000 je 77D31BA8
77D2DAC4 F646 14 20 test byte ptr , 20
77D2DAC8 0F85 C3C40000 jnz 77D39F91 跳到A点(从A-B-C-D-E-F-G-H-A反复循环)
77D2DACE 8D45 E0 lea eax, dword ptr
77D39F8C /E9 06D60000 jmp 77D47597
77D39F91 |817D E4 0201000>cmp dword ptr , 102 A点
77D39F98 |0F84 A1EA0000 je 77D48A3F
77D39F9E |817D E4 0001000>cmp dword ptr , 100
77D39FA5^|0F85 233BFFFF jnz 77D2DACE 跳到B点
77D39FAB |807D E8 2D cmp byte ptr , 2D
77D39F8C /E9 06D60000 jmp 77D47597
77D39F91 |817D E4 0201000>cmp dword ptr , 102 B点
77D39F98 |0F84 A1EA0000 je 77D48A3F
77D39F9E |817D E4 0001000>cmp dword ptr , 100
77D39FA5^|0F85 233BFFFF jnz 77D2DACE 跳到C点
77D39FAB |807D E8 2D cmp byte ptr , 2D
77D2DAC8 /0F85 C3C40000 jnz 77D39F91
77D2DACE |8D45 E0 lea eax, dword ptr C点
77D2DAD1 |50 push eax
77D2DAD2 |FF75 08 push dword ptr
77D2DAD5 |E8 E8FDFFFF call IsDialogMessageW
77D2DADA |85C0 test eax, eax
77D2DADC |0F84 CB000000 je 77D2DBAD 跳到D点
77D2DAE2 |395D 10 cmp dword ptr , ebx
77D2DBA8^\E9 3EFFFFFF jmp 77D2DAEB
77D2DBAD 8D45 E0 lea eax, dword ptr D点
77D2DBB0 50 push eax
77D2DBB1 E8 40B0FEFF call TranslateMessage
77D2DBB6 8D45 E0 lea eax, dword ptr
77D2DBB9 50 push eax
77D2DBBA E8 42AEFEFF call DispatchMessageW
77D2DBBF^ E9 1EFFFFFF jmp 77D2DAE2 跳到E点
77D2DBC4 90 nop
77D2DADC /0F84 CB000000 je 77D2DBAD
77D2DAE2 |395D 10 cmp dword ptr , ebx E点
77D2DAE5 |0F84 D1400000 je 77D31BBC 跳到F点
77D2DAEB |8B4D 08 mov ecx, dword ptr
77D31BB7^\E9 69BFFFFF jmp 77D2DB25
77D31BBC 817D E4 1301000>cmp dword ptr , 113 F点
77D31BC3^ 74 B4 je short 77D31B79
77D31BC5 817D E4 1801000>cmp dword ptr , 118
77D31BCC^ 74 AB je short 77D31B79
77D31BCE 817D E4 0401000>cmp dword ptr , 104
77D31BD5^ 0F85 10BFFFFF jnz 77D2DAEB 跳到G点
77D31BDB^ E9 77BFFFFF jmp 77D2DB57
77D2DAE5 /0F84 D1400000 je 77D31BBC
77D2DAEB |8B4D 08 mov ecx, dword ptr G点
77D2DAEE |B2 01 mov dl, 1
77D2DAF0 |E8 0502FFFF call 77D1DCFA
77D2DAF5 |85C0 test eax, eax
77D2DAF7^|75 98 jnz short 77D2DA91 跳到H点
77D2DAF9 |53 push ebx
[ 本帖最后由 hnld 于 2008-3-21 22:29 编辑 ]
页:
[1]