2010年 解密小组招募考题1
【文章标题】: 2010年 解密小组招募考题1【文章作者】: fghtiger
【作者邮箱】: [email protected]
【作者QQ号】: 28011309
【软件名称】: 定时播放王C
【下载地址】: 自己搜索下载
【软件介绍】: 解决试用无限制.rar (绿色软件、暴破)
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
该软件有20天试用限制。破解的思路 监视了软件的运行,发现软件第一次运行时会在 C:\WINDOWS\system 中
创建这两个文件 dinggc.ini 、biangc.ini这个文件中保存着首次运行的日期的 "ning>40200>guang" 、
"string>40200>good"当试用天数过20后,文件dinggc.ini会被删除,文件biangc.ini中的字串会改为
"string>1818>good"。
过程分析如下。
根据删除dinggc.ini文件特点下 DeleteFileA断点
看堆栈
0012F834 004698B4/CALL 到 DeleteFileA 来自 定时播放.004698AE
0012F838 0012F840\FileName = "C:\WINDOWS\system\dinggc.ini"
004698AE|.FF15 4CFA5000 call dword ptr ds:[<&KERNEL32.DeleteF>; \DeleteFileA
004698B4|.85C0 test eax, eax
004698B6|.75 3A jnz short <loc_4698F2>
004698B8|.8D4424 04 lea eax, dword ptr ss:
004698BC|.50 push eax ; /FileName
004698BD|.FF15 80FA5000 call dword ptr ds:[<&KERNEL32.GetFile>; \GetFileAttributesA
004698C3|.83F8 FF cmp eax, -1
004698C6|.74 1D je short <loc_4698E5>
004698C8|.A8 10 test al, 10
004698CA|.74 19 je short <loc_4698E5>
004698CC|.8D4424 04 lea eax, dword ptr ss:
004698D0|.50 push eax ; /Path
004698D1|.FF15 5CFA5000 call dword ptr ds:[<&KERNEL32.RemoveD>; \RemoveDirectoryA
004698D7|.85C0 test eax, eax
004698D9|.74 0A je short <loc_4698E5>
004698DB|.33C0 xor eax, eax
004698DD|.5E pop esi
004698DE|.81C4 08010000 add esp, 108
004698E4|.C3 retn
004698E5 >|> \E8 36050000 call <GetLastError> ;
004698EA|.5E pop esi
004698EB|.81C4 08010000 add esp, 108
004698F1|.C3 retn
004698F2 >|>33C0 xor eax, eax ;
004698F4|.5E pop esi
004698F5|.81C4 08010000 add esp, 108
004698FB|.C3 retn //// 返回到 004B3938
004698FC >|>33C0 xor eax, eax ;
004698FE|.5E pop esi
004698FF|.81C4 08010000 add esp, 108
00469905\.C3 retn
返回到 004B3938
004B392E >|> \8B4424 14 mov eax, dword ptr ss: ;
004B3932|.50 push eax
004B3933|.E8 185FFBFF call <sub_469850> ;删除dinggc.ini
004B3938|.8B4424 18 mov eax, dword ptr ss:
004B393C|.83C4 04 add esp, 4
004B393F|.50 push eax
004B3940|.E8 5B57FBFF call <sub_4690A0>
004B3945|.83C4 04 add esp, 4
004B3948|.85C0 test eax, eax
004B394A|.75 22 jnz short <loc_4B396E>
004B394C|.8B4424 14 mov eax, dword ptr ss:
004B3950|.6A 02 push 2
004B3952|.50 push eax
004B3953|.E8 A865FBFF call <sub_469F00>
004B3958|.894424 20 mov dword ptr ss:, eax
004B395C|.894424 28 mov dword ptr ss:, eax
004B3960|.895424 2C mov dword ptr ss:, edx
004B3964|.83C4 08 add esp, 8
004B3967|.837C24 18 00cmp dword ptr ss:, 0
004B396C|.74 07 je short <loc_4B3975>
004B396E >|>E8 9D47FBFF call <sub_468110> ;
004B3973|.8BF0 mov esi, eax
004B3975 >|>837C24 20 00cmp dword ptr ss:, 0 ;
004B397A|.0F84 E2000000 je <loc_4B3A62>
004B3980|.8B8424 380100>mov eax, dword ptr ss:
004B3987|.33F6 xor esi, esi
004B3989|.83C0 10 add eax, 10
004B398C|.894424 18 mov dword ptr ss:, eax
004B3990|.50 push eax
004B3991|.E8 9A9AFAFF call <sub_45D430>
004B3996|.C64424 16 0Dmov byte ptr ss:, 0D
004B399B|.C64424 17 0Amov byte ptr ss:, 0A
004B39A0|.83C4 04 add esp, 4
004B39A3|.8BD8 mov ebx, eax
004B39A5 >|>6A 0D /push 0D ;
004B39A7|.53 |push ebx
004B39A8|.E8 93EB0000 |call <sub_4C2540>
004B39AD|.83C4 08 |add esp, 8
004B39B0|.8BF8 |mov edi, eax
004B39B2|.85FF |test edi, edi
004B39B4|.74 59 |je short <loc_4B3A0F>
004B39B6|.53 |push ebx ;
004B39B7|.C607 00 |mov byte ptr ds:, 0 ;
004B39BA|.FF15 8CF95000 |call dword ptr ds:[<&KERNEL32.lstrle>;
004B39C0|.8BE8 |mov ebp, eax
004B39C2|.6A 00 |push 0
004B39C4|.8B4424 24 |mov eax, dword ptr ss:
004B39C8|.6A 01 |push 1
004B39CA|.8B4C24 2C |mov ecx, dword ptr ss:
004B39CE|.55 |push ebp
004B39CF|.53 |push ebx
004B39D0|.51 |push ecx
004B39D1|.50 |push eax
004B39D2|.E8 E95BFBFF |call <sub_4695C0>
004B39D7|.83C4 18 |add esp, 18
004B39DA|.3BC5 |cmp eax, ebp
004B39DC|.75 2A |jnz short <loc_4B3A08>
004B39DE|.8D4424 12 |lea eax, dword ptr ss:
004B39E2|.6A 00 |push 0
004B39E4|.8B5424 24 |mov edx, dword ptr ss:
004B39E8|.6A 01 |push 1
004B39EA|.8B4C24 2C |mov ecx, dword ptr ss:
004B39EE|.6A 02 |push 2
004B39F0|.50 |push eax
004B39F1|.51 |push ecx
004B39F2|.52 |push edx
004B39F3|.E8 C85BFBFF |call <sub_4695C0>
004B39F8|.83C4 18 |add esp, 18
004B39FB|.83F8 02 |cmp eax, 2
004B39FE|.75 08 |jnz short <loc_4B3A08>
004B3A00|.8D5F 01 |lea ebx, dword ptr ds:
004B3A03|.C607 0D |mov byte ptr ds:, 0D
004B3A06|.^ EB 9D \jmp short <loc_4B39A5>
004B3A08 >|>E8 0347FBFF call <sub_468110> ;
004B3A0D|.8BF0 mov esi, eax
004B3A0F >|>85F6 test esi, esi ;
004B3A11|.75 30 jnz short <loc_4B3A43>
004B3A13|.53 push ebx ;
004B3A14|.FF15 8CF95000 call dword ptr ds:[<&KERNEL32.lstrlen>;
004B3A1A|.8BF8 mov edi, eax
004B3A1C|.85FF test edi, edi
004B3A1E|.7E 23 jle short <loc_4B3A43>
004B3A20|.8B4424 20 mov eax, dword ptr ss:
004B3A24|.6A 00 push 0
004B3A26|.8B4C24 28 mov ecx, dword ptr ss:
004B3A2A|.6A 01 push 1
004B3A2C|.57 push edi
004B3A2D|.53 push ebx
004B3A2E|.51 push ecx
004B3A2F|.50 push eax
004B3A30|.E8 8B5BFBFF call <sub_4695C0> ;
004B3A35|.83C4 18 add esp, 18
004B3A38|.3BC7 cmp eax, edi
004B3A3A|.74 07 je short <loc_4B3A43>
004B3A3C|.E8 CF46FBFF call <sub_468110>
004B3A41|.8BF0 mov esi, eax
004B3A43 >|>8B4424 20 mov eax, dword ptr ss: ;
004B3A47|.8B4C24 24 mov ecx, dword ptr ss:
004B3A4B|.51 push ecx
004B3A4C|.50 push eax
004B3A4D|.E8 BE57FBFF call <sub_469210>
004B3A52|.8B4C24 20 mov ecx, dword ptr ss:
004B3A56|.83C4 08 add esp, 8
004B3A59|.51 push ecx
004B3A5A|.E8 619AFAFF call <sub_45D4C0>
004B3A5F|.83C4 04 add esp, 4
004B3A62 >|>8B4424 14 mov eax, dword ptr ss: ;
004B3A66|.50 push eax
004B3A67|.E8 F4A9FBFF call <sub_46E460>
004B3A6C|.83C4 04 add esp, 4
004B3A6F|.56 push esi
004B3A70|.6A 00 push 0
004B3A72|.68 7C200000 push 207C
004B3A77|.E8 3417F8FF call <sub_4351B0>
004B3A7C|.50 push eax
004B3A7D|.E8 CE93FAFF call <sub_45CE50>
004B3A82|.83C4 10 add esp, 10
004B3A85|.8BC6 mov eax, esi
004B3A87|.5D pop ebp
004B3A88|.5F pop edi
004B3A89|.5E pop esi
004B3A8A|.5B pop ebx
004B3A8B|.81C4 20010000 add esp, 120
004B3A91\.C3 retn //// 返回到 004B3AB1
返回到 004B3AB1
004B3AA0 > .8B4424 08 mov eax, dword ptr ss: ;
004B3AA4 .6A 00 push 0
004B3AA6 .8B4C24 08 mov ecx, dword ptr ss:
004B3AAA .50 push eax
004B3AAB .51 push ecx
004B3AAC .E8 1FFDFFFF call <sub_4B37D0>
004B3AB1 .83C4 0C add esp, 0C
004B3AB4 .C3 retn ///// 返回到 004352C9
返回到 004352C9
004352C7|.FF13 call dword ptr ds: //// 当是 004BD2B0时进入
004352C9|.8B5424 3C mov edx, dword ptr ss:
004352CD|.83C4 08 add esp, 8
004352D0|.C642 01 01 mov byte ptr ds:, 1
004352D4|.8942 02 mov dword ptr ds:, eax /////eax=现在的日期 这个是跟入004BD2B0得到的
现在就对下硬件访问断点
00428D70|.8B01 |mov eax, dword ptr ds:
00428D72|.8903 |mov dword ptr ds:, eax ;跟到这
00428D74|.8B51 04 |mov edx, dword ptr ds:
下内存访问断点
0042A169|.8B7E 02 mov edi, dword ptr ds: ;取相差的天数
0042A16C 2B7C24 0A sub edi, dword ptr ss: ;31(相差的天数)-20天=11
0042A170|.E9 91000000 jmp <loc_42A206>
0042A206 >|> \56 push esi
0042A207|.6A 00 push 0
0042A209|.E8 42E6FFFF call <sub_428850>
0042A20E|.8B4424 2C mov eax, dword ptr ss:
0042A212|.83C4 08 add esp, 8
0042A215|.83E8 07 sub eax, 7 ;
0042A218|.83F8 05 cmp eax, 5
0042A21B|.77 07 ja short <loc_42A224>
0042A21D|.FF2485 9CA242>jmp dword ptr ds:[eax*4+<off_42A2>
0042A224 >|>66:C705 14215>mov word ptr ds:, 0FFFD
0042A22D|.5F pop edi
0042A22E|.5E pop esi
0042A22F|.83C4 18 add esp, 18
0042A232|.C3 retn
0042A233 >|>85FF test edi, edi
0042A235 75 5C jnz short <loc_42A293>
0042A237|.C746 02 01000>mov dword ptr ds:, 1
0042A23E|.5F pop edi
0042A23F|.5E pop esi
0042A240|.83C4 18 add esp, 18
0042A243|.C3 retn
0042A244 >|>85FF test edi, edi
0042A246|.7E 4B jle short <loc_42A293>
0042A248|.C746 02 01000>mov dword ptr ds:, 1
0042A24F|.5F pop edi
0042A250|.5E pop esi
0042A251|.83C4 18 add esp, 18
0042A254|.C3 retn
0042A255 >|>85FF test edi, edi
0042A257|.7D 3A jge short <loc_42A293>
0042A259|.C746 02 01000>mov dword ptr ds:, 1
0042A260|.5F pop edi
0042A261|.5E pop esi
0042A262|.83C4 18 add esp, 18
0042A265|.C3 retn
0042A266 >|>85FF test edi, edi
0042A268|.7F 29 jg short <loc_42A293>
0042A26A|.C746 02 01000>mov dword ptr ds:, 1
0042A271|.5F pop edi
0042A272|.5E pop esi
0042A273|.83C4 18 add esp, 18
0042A276|.C3 retn
0042A277 >|>85FF test edi, edi
0042A279 7C 18 jl short <loc_42A293> ;暴破点改为jmp
0042A27B|.C746 02 01000>mov dword ptr ds:, 1
0042A282|.5F pop edi
0042A283|.5E pop esi
0042A284|.83C4 18 add esp, 18
0042A287|.C3 retn
0042A288 >|>85FF test edi, edi ;
0042A28A|.74 07 je short <loc_42A293>
0042A28C|.C746 02 01000>mov dword ptr ds:, 1
0042A293 >|>5F pop edi ;
0042A294|.5E pop esi
0042A295|.83C4 18 add esp, 18
0042A298\.C3 retn
跟入004BD2B0
004BD2B0 > .8B4424 08 mov eax, dword ptr ss:
004BD2B4 .8B48 02 mov ecx, dword ptr ds:
004BD2B7 .8B50 12 mov edx, dword ptr ds:
004BD2BA .8B40 22 mov eax, dword ptr ds:
004BD2BD .83F8 46 cmp eax, 46 ;2010 与70
004BD2C0 .7D 06 jge short <loc_4BD2C8>
004BD2C2 .B8 E0630000 mov eax, 63E0
004BD2C7 .C3 retn
004BD2C8 > >83F8 64 cmp eax, 64 ;2010 100
004BD2CB .7D 11 jge short <loc_4BD2DE>
004BD2CD .05 6C070000 add eax, 76C
004BD2D2 > >83FA 01 cmp edx, 1
004BD2D5 .7D 21 jge short <loc_4BD2F8>
004BD2D7 .BA 01000000 mov edx, 1
004BD2DC .EB 24 jmp short <loc_4BD302>
004BD2DE > >3D B2070000 cmp eax, 7B2 ;2010 与1970
004BD2E3 .7D 06 jge short <loc_4BD2EB>
004BD2E5 .B8 E0630000 mov eax, 63E0
004BD2EA .C3 retn
004BD2EB > >3D F4070000 cmp eax, 7F4 ;2010 与2036
004BD2F0 .^ 7E E0 jle short <loc_4BD2D2>
004BD2F2 .B8 2DC20000 mov eax, 0C22D
004BD2F7 .C3 retn
004BD2F8 > >83FA 0C cmp edx, 0C ;2月与12
004BD2FB .7E 05 jle short <loc_4BD302>
004BD2FD .BA 0C000000 mov edx, 0C
004BD302 > >83F9 01 cmp ecx, 1 ;26 号与1
004BD305 .7D 07 jge short <loc_4BD30E>
004BD307 .B9 01000000 mov ecx, 1
004BD30C .EB 0A jmp short <loc_4BD318>
004BD30E > >83F9 1F cmp ecx, 1F ;26与31
004BD311 .7E 05 jle short <loc_4BD318>
004BD313 .B9 1F000000 mov ecx, 1F
004BD318 > >3D B2070000 cmp eax, 7B2 ;2010 1970
004BD31D .75 10 jnz short <loc_4BD32F>
004BD31F .83FA 01 cmp edx, 1
004BD322 .7D 0B jge short <loc_4BD32F>
004BD324 .83F9 01 cmp ecx, 1
004BD327 .7D 06 jge short <loc_4BD32F>
004BD329 .B8 E0630000 mov eax, 63E0
004BD32E .C3 retn
004BD32F > >3D F4070000 cmp eax, 7F4 ;2010 2036
004BD334 .75 10 jnz short <loc_4BD346>
004BD336 .83FA 02 cmp edx, 2
004BD339 .7E 0B jle short <loc_4BD346>
004BD33B .83F9 05 cmp ecx, 5
004BD33E .7E 06 jle short <loc_4BD346>
004BD340 .B8 2DC20000 mov eax, 0C22D
004BD345 .C3 retn
004BD346 > >50 push eax ;loc_4BD346
004BD347 .52 push edx
004BD348 .51 push ecx
004BD349 .E8 F2B3FBFF call <sub_478740> ;跟入
004BD34E .83C4 0C add esp, 0C
004BD351 .B9 80510100 mov ecx, 15180 ;60*60*24=86400
004BD356 .2BD2 sub edx, edx
004BD358 .F7F1 div ecx ;eax=现在的日期
004BD35A .C3 retn
跟入004BD349
00478740 >/$83EC 24 sub esp, 24 ;sub_478740
00478743|.33C0 xor eax, eax
00478745|.B9 09000000 mov ecx, 9
0047874A|.57 push edi
0047874B|.8D7C24 04 lea edi, dword ptr ss:
0047874F|.F3:AB rep stos dword ptr es:
00478751|.8B4424 34 mov eax, dword ptr ss: ;2010
00478755|.8B4C24 2C mov ecx, dword ptr ss: ;26号
00478759|.2D 6C070000 sub eax, 76C ;2010-1900=110
0047875E|.8D5424 04 lea edx, dword ptr ss:
00478762|.894424 18 mov dword ptr ss:, eax
00478766|.52 push edx
00478767|.8B4424 34 mov eax, dword ptr ss:
0047876B|.894C24 14 mov dword ptr ss:, ecx
0047876F|.48 dec eax
00478770|.894424 18 mov dword ptr ss:, eax
00478774|.E8 F7790700 call <sub_4F0170> ;跟入
00478779|.83C4 04 add esp, 4
0047877C|.2B05 20505000 sub eax, dword ptr ds:
00478782|.2D 0030547C sub eax, 7C543000
00478787|.5F pop edi
00478788|.83C4 24 add esp, 24
0047878B\.C3 retn
跟入00478774
004F0170 >/$8B4424 04 mov eax, dword ptr ss: ;sub_4F0170
004F0174|.6A 01 push 1
004F0176|.50 push eax
004F0177|.E8 04000000 call <__make_time_t> ;跟入
004F017C|.83C4 08 add esp, 8
004F017F\.C3 retn
跟入 004F0177
004F0180 >/$83EC 04 sub esp, 4 ;__make_time_t
004F0183|.56 push esi
004F0184|.57 push edi
004F0185|.8B7C24 10 mov edi, dword ptr ss:
004F0189|.8B47 14 mov eax, dword ptr ds:
004F018C|.894424 08 mov dword ptr ss:, eax
004F0190|.83F8 45 cmp eax, 45
004F0193|.0F8C 3B020000 jl <loc_4F03D4>
004F0199|.3D 8B000000 cmp eax, 8B
004F019E|.0F8F 30020000 jg <loc_4F03D4>
004F01A4|.8B77 10 mov esi, dword ptr ds:
004F01A7|.85F6 test esi, esi
004F01A9|.7C 05 jl short <loc_4F01B0>
004F01AB|.83FE 0B cmp esi, 0B
004F01AE|.7E 3C jle short <loc_4F01EC>
004F01B0 >|>B9 0C000000 mov ecx, 0C ;loc_4F01B0
004F01B5|.8BC6 mov eax, esi
004F01B7|.99 cdq
004F01B8|.F7F9 idiv ecx
004F01BA|.014424 08 add dword ptr ss:, eax
004F01BE|.8BC6 mov eax, esi
004F01C0|.99 cdq
004F01C1|.F7F9 idiv ecx
004F01C3|.8957 10 mov dword ptr ds:, edx
004F01C6|.85D2 test edx, edx
004F01C8|.7D 09 jge short <loc_4F01D3>
004F01CA|.03D1 add edx, ecx
004F01CC|.FF4C24 08 dec dword ptr ss:
004F01D0|.8957 10 mov dword ptr ds:, edx
004F01D3 >|>837C24 08 45cmp dword ptr ss:, 45 ;loc_4F01D3
004F01D8|.0F8C F6010000 jl <loc_4F03D4>
004F01DE|.817C24 08 8B0>cmp dword ptr ss:, 8B
004F01E6|.0F8F E8010000 jg <loc_4F03D4>
004F01EC >|>8B47 10 mov eax, dword ptr ds: ;loc_4F01EC
004F01EF|.F64424 08 03test byte ptr ss:, 3
004F01F4|.8B3485 205A50>mov esi, dword ptr ds:
004F01FB|.75 06 jnz short <loc_4F0203>
004F01FD|.83F8 01 cmp eax, 1
004F0200|.7E 01 jle short <loc_4F0203>
004F0202|.46 inc esi
004F0203 >|>8B4424 08 mov eax, dword ptr ss: ;loc_4F0203
004F0207|.8B4C24 08 mov ecx, dword ptr ss:
004F020B|.48 dec eax
004F020C|.8BD1 mov edx, ecx ;以下是年月日的算法
004F020E|.C1F8 02 sar eax, 2
004F0211|.8D0CC9 lea ecx, dword ptr ds:
004F0214|.8D14CA lea edx, dword ptr ds:
004F0217|.8D0C92 lea ecx, dword ptr ds:
004F021A|.03C1 add eax, ecx
004F021C|.8D8C30 219CFF>lea ecx, dword ptr ds:[eax+esi+FFFF9>
004F0223|.8B47 0C mov eax, dword ptr ds:
004F0226|.85C9 test ecx, ecx
004F0228|.8D1408 lea edx, dword ptr ds:
004F022B|.895424 08 mov dword ptr ss:, edx
004F022F|.7C 10 jl short <loc_4F0241>
004F0231|.85C0 test eax, eax
004F0233|.7C 08 jl short <loc_4F023D>
004F0235|.85D2 test edx, edx
004F0237|.0F8C 97010000 jl <loc_4F03D4>
004F023D >|>85C9 test ecx, ecx ;loc_4F023D
004F023F|.7D 0F jge short <loc_4F0250>
004F0241 >|>85C0 test eax, eax ;loc_4F0241
004F0243|.7D 0B jge short <loc_4F0250>
004F0245|.837C24 08 00cmp dword ptr ss:, 0
004F024A|.0F8D 84010000 jge <loc_4F03D4>
004F0250 >|>8B4424 08 mov eax, dword ptr ss: ;loc_4F0250
004F0254|.85C0 test eax, eax
004F0256|.8D0C40 lea ecx, dword ptr ds:
004F0259|.B8 00000000 mov eax, 0
004F025E|.8D34CD 000000>lea esi, dword ptr ds:
004F0265|.74 10 je short <loc_4F0277>
004F0267|.8BC6 mov eax, esi
004F0269|.99 cdq
004F026A|.F77C24 08 idiv dword ptr ss:
004F026E|.83E8 18 sub eax, 18
004F0271|.83F8 01 cmp eax, 1
004F0274|.1BC0 sbb eax, eax
004F0276|.40 inc eax
004F0277 >|>85C0 test eax, eax ;loc_4F0277
004F0279|.0F85 55010000 jnz <loc_4F03D4>
004F027F|.8B47 08 mov eax, dword ptr ds:
004F0282|.85F6 test esi, esi
004F0284|.8D0C06 lea ecx, dword ptr ds:
004F0287|.894C24 08 mov dword ptr ss:, ecx
004F028B|.7C 10 jl short <loc_4F029D>
004F028D|.85C0 test eax, eax
004F028F|.7C 08 jl short <loc_4F0299>
004F0291|.85C9 test ecx, ecx
004F0293|.0F8C 3B010000 jl <loc_4F03D4>
004F0299 >|>85F6 test esi, esi ;loc_4F0299
004F029B|.7D 0F jge short <loc_4F02AC>
004F029D >|>85C0 test eax, eax ;loc_4F029D
004F029F|.7D 0B jge short <loc_4F02AC>
004F02A1|.837C24 08 00cmp dword ptr ss:, 0
004F02A6|.0F8D 28010000 jge <loc_4F03D4>
004F02AC >|>8B4424 08 mov eax, dword ptr ss: ;loc_4F02AC
004F02B0|.C1E0 02 shl eax, 2
004F02B3|.8D0C40 lea ecx, dword ptr ds:
004F02B6|.B8 00000000 mov eax, 0
004F02BB|.837C24 08 00cmp dword ptr ss:, 0
004F02C0|.8D3489 lea esi, dword ptr ds:
004F02C3|.74 10 je short <loc_4F02D5>
004F02C5|.8BC6 mov eax, esi
004F02C7|.99 cdq
004F02C8|.F77C24 08 idiv dword ptr ss:
004F02CC|.83E8 3C sub eax, 3C
004F02CF|.83F8 01 cmp eax, 1
004F02D2|.1BC0 sbb eax, eax
004F02D4|.40 inc eax
004F02D5 >|>85C0 test eax, eax ;loc_4F02D5
004F02D7|.0F85 F7000000 jnz <loc_4F03D4>
004F02DD|.8B47 04 mov eax, dword ptr ds:
004F02E0|.85F6 test esi, esi
004F02E2|.8D0C06 lea ecx, dword ptr ds:
004F02E5|.894C24 08 mov dword ptr ss:, ecx
004F02E9|.7C 10 jl short <loc_4F02FB>
004F02EB|.85C0 test eax, eax
004F02ED|.7C 08 jl short <loc_4F02F7>
004F02EF|.85C9 test ecx, ecx
004F02F1|.0F8C DD000000 jl <loc_4F03D4>
004F02F7 >|>85F6 test esi, esi ;loc_4F02F7
004F02F9|.7D 0F jge short <loc_4F030A>
004F02FB >|>85C0 test eax, eax ;loc_4F02FB
004F02FD|.7D 0B jge short <loc_4F030A>
004F02FF|.837C24 08 00cmp dword ptr ss:, 0
004F0304|.0F8D CA000000 jge <loc_4F03D4>
004F030A >|>8B4424 08 mov eax, dword ptr ss: ;loc_4F030A
004F030E|.C1E0 02 shl eax, 2
004F0311|.8D0C40 lea ecx, dword ptr ds:
004F0314|.B8 00000000 mov eax, 0
004F0319|.837C24 08 00cmp dword ptr ss:, 0
004F031E|.8D3489 lea esi, dword ptr ds:
004F0321|.74 10 je short <loc_4F0333>
004F0323|.8BC6 mov eax, esi
004F0325|.99 cdq
004F0326|.F77C24 08 idiv dword ptr ss:
004F032A|.83E8 3C sub eax, 3C
004F032D|.83F8 01 cmp eax, 1
004F0330|.1BC0 sbb eax, eax
004F0332|.40 inc eax
004F0333 >|>85C0 test eax, eax ;loc_4F0333
004F0335|.0F85 99000000 jnz <loc_4F03D4>
004F033B|.8B07 mov eax, dword ptr ds:
004F033D|.85F6 test esi, esi
004F033F|.8D0C06 lea ecx, dword ptr ds:
004F0342|.894C24 08 mov dword ptr ss:, ecx
004F0346|.7C 10 jl short <loc_4F0358>
004F0348|.85C0 test eax, eax
004F034A|.7C 08 jl short <loc_4F0354>
004F034C|.85C9 test ecx, ecx
004F034E|.0F8C 80000000 jl <loc_4F03D4>
004F0354 >|>85F6 test esi, esi ;loc_4F0354
004F0356|.7D 0B jge short <loc_4F0363>
004F0358 >|>85C0 test eax, eax ;loc_4F0358
004F035A|.7D 07 jge short <loc_4F0363>
004F035C|.837C24 08 00cmp dword ptr ss:, 0
004F0361|.7D 71 jge short <loc_4F03D4>
004F0363 >|>837C24 14 00cmp dword ptr ss:, 0 ;loc_4F0363
004F0368|.74 46 je short <loc_4F03B0>
004F036A|.E8 91410000 call <___tzset>
004F036F|.A1 20505000 mov eax, dword ptr ds:
004F0374|.8D4C24 08 lea ecx, dword ptr ss:
004F0378|.014424 08 add dword ptr ss:, eax
004F037C|.51 push ecx ; /timet
004F037D|.E8 1EFCFFFF call <_localtime> ; \_localtime
004F0382|.83C4 04 add esp, 4
004F0385|.85C0 test eax, eax
004F0387|.74 4B je short <loc_4F03D4>
004F0389|.8B4F 20 mov ecx, dword ptr ds:
004F038C|.85C9 test ecx, ecx
004F038E|.7F 08 jg short <loc_4F0398>
004F0390|.7D 2F jge short <loc_4F03C1>
004F0392|.8378 20 00 cmp dword ptr ds:, 0
004F0396|.7E 29 jle short <loc_4F03C1>
004F0398 >|>A1 28505000 mov eax, dword ptr ds: ;loc_4F0398
004F039D|.8D4C24 08 lea ecx, dword ptr ss:
004F03A1|.014424 08 add dword ptr ss:, eax
004F03A5|.51 push ecx ; /timet
004F03A6|.E8 F5FBFFFF call <_localtime> ; \_localtime
004F03AB|.83C4 04 add esp, 4
004F03AE|.EB 11 jmp short <loc_4F03C1>
004F03B0 >|>8D4424 08 lea eax, dword ptr ss: ;loc_4F03B0
004F03B4|.50 push eax ; /timet
004F03B5|.E8 06480000 call <_gmtime> ; \_gmtime
004F03BA|.83C4 04 add esp, 4
004F03BD|.85C0 test eax, eax
004F03BF|.74 13 je short <loc_4F03D4>
004F03C1 >|>8BF0 mov esi, eax ;loc_4F03C1
004F03C3|.B9 09000000 mov ecx, 9
004F03C8|.F3:A5 rep movs dword ptr es:, dword p>
004F03CA|.8B4424 08 mov eax, dword ptr ss:
004F03CE|.5F pop edi
004F03CF|.5E pop esi
004F03D0|.83C4 04 add esp, 4
004F03D3|.C3 retn
004F03D4 >|>B8 FFFFFFFF mov eax, -1 ;loc_4F03D4
004F03D9|.5F pop edi
004F03DA|.5E pop esi
004F03DB|.83C4 04 add esp, 4
004F03DE\.C3 retn
--------------------------------------------------------------------------------
【版权声明】: 转载请注明作者并保持文章的完整, 谢谢!
补丁
[ 本帖最后由 fghtiger 于 2010-3-1 13:07 编辑 ] /:good
页:
[1]