- UID
- 30090
注册时间2007-4-1
阅读权限10
最后登录1970-1-1
周游历练
该用户从未签到
|
声明:初学Crack,只是感兴趣,没有其他目的。失误之处敬请体谅!
保护方式:Nspack壳,自校验(通过检查文件大小),重启验证注册码
1 脱壳(Nspack壳,手动脱)
1. 寻找入口:
Ctrl+B 寻找二进制: 61 9d e9
04BCB9F7 C2 0C00 retn 0C
04BCB9FA 61 popad
04BCB9FB 9D popfd
04BCB9FC - E9 DB188CFF jmp 0448D2DC
04BCBA01 8BB5 B6EAFFFF mov esi,dword ptr ss:[ebp-154A]
04BCB9FC - E9 DB188CFF jmp 0448D2DC
(可以认为0448D2DC就是程序的入口)
这里壳己将程序解压完毕,下断!!
2. Dump(转存解压后的文件)
重新加载DPS,运行,断在入口
用LordPE抓取解压到内存中的文件,另存为ddps.exe
此时程序还不能运行,接下来就是重建输入表。
3. 重建输入表
l 运行ImportREC,在下拉列表框中选择dps_0.exe进程
l 上面己得知dps_0.exe的OEP地址是0448D2DC,则在左下角OEP处填入OEP的RVA值,这里填上0048D2DC。点击“自动查找IAT”按钮,让其自动检测IAT偏移和大小,IAT地址:00001000,大小00BC1000。
l 点击“获取输入表”按钮,让其分析IAT结构得到基本信息。
l 勾选“添加一个新的节”,点击“修复转存文件”,选择第2步中另存的文件ddps.exe。
双击修复好的ddps.exe,发现它已经可以正常运行,不很正常地显示界面了。
2 调试
转载请注明出处:http://zanjero.ygblog.com/
1--------------------------------------------
044618CC . 8B15 2C174A04 mov edx, dword ptr [44A172C] ; DPS.044AAC90
044618D2 . 8902 mov dword ptr [edx], eax
044618D4 . 8B45 FC mov eax, dword ptr [ebp-4]
044618D7 . EB 6B jmp short 04461944 //原子程序获取文件大小(自校验) 改后跳过隐藏菜单,重设控件高、宽
044618D9 90 nop
044618DA 90 nop
044618DB 90 nop
044618DC . 8B15 00104A04 mov edx, dword ptr [44A1000] ; DPS.044AA3A8
044618E2 . 0302 add eax, dword ptr [edx]
044618E4 . 8945 CC mov dword ptr [ebp-34], eax
044618E7 . DB45 CC fild dword ptr [ebp-34]
044618EA . D9FA fsqrt
044618EC . DC65 F0 fsub qword ptr [ebp-10]
044618EF . D9E1 fabs
044618F1 . DB2D 94254604 fld tbyte ptr [4462594]
044618F7 . DED9 fcompp
044618F9 . DFE0 fstsw ax
044618FB . 9E sahf
044618FC . EB 46 jmp short 04461944
044618FE . 8B45 FC mov eax, dword ptr [ebp-4]
04461901 . 8B80 A00D0000 mov eax, dword ptr [eax+DA0]
04461907 . 33D2 xor edx, edx
04461909 . E8 E61ABAFF call <jmp.&vcl60.Controls::TControl::>
0446190E . 8B45 FC mov eax, dword ptr [ebp-4]
04461911 . 8B80 F0020000 mov eax, dword ptr [eax+2F0]
04461917 . 8B40 34 mov eax, dword ptr [eax+34]
0446191A . E8 9D19BAFF call <jmp.&vcl60.Menus::TMenuItem::Cl>
0446191F . 8B45 FC mov eax, dword ptr [ebp-4]
04461922 . 8B80 38030000 mov eax, dword ptr [eax+338]
04461928 . 33D2 xor edx, edx
0446192A . E8 C51ABAFF call <jmp.&vcl60.Controls::TControl::>
0446192F . 8B45 FC mov eax, dword ptr [ebp-4]
04461932 . 8B80 20090000 mov eax, dword ptr [eax+920]
04461938 . 33D2 xor edx, edx
0446193A . E8 B51ABAFF call <jmp.&vcl60.Controls::TControl::>
0446193F . E9 020C0000 jmp 04462546
04461944 > 8D55 C8 lea edx, dword ptr [ebp-38]
04461947 . 8B45 FC mov eax, dword ptr [ebp-4]
0446194A . 8B80 040E0000 mov eax, dword ptr [eax+E04]
04461950 . E8 BF1ABAFF call <jmp.&vcl60.Controls::TControl::>
04461955 . 8B45 C8 mov eax, dword ptr [ebp-38]
04461958 . 8D55 F8 lea edx, dword ptr [ebp-8]
0446195B . E8 D0F8B9FF call <jmp.&rtl60.System::ValExt>
04461960 . DD1D E04F9A04 fstp qword ptr [49A4FE0]
04461966 . 9B wait
2--------------------------------------------
04461A0C . BA 04010000 mov edx, 104
04461A11 . E8 7619BAFF call <jmp.&vcl60.Controls::TControl::>
04461A16 . 8B45 FC mov eax, dword ptr [ebp-4]
04461A19 . E9 B8000000 jmp 04461AD6 //原子程序获取文件大小(自校验) 改后跳过隐藏菜单,重设控件高、宽
04461A1E . 8B15 00104A04 mov edx, dword ptr [44A1000] ; DPS.044AA3A8
04461A24 . 0302 add eax, dword ptr [edx]
04461A26 . 8945 CC mov dword ptr [ebp-34], eax
04461A29 . DB45 CC fild dword ptr [ebp-34]
04461A2C . D9FA fsqrt
04461A2E . DC75 F0 fdiv qword ptr [ebp-10]
04461A31 . D825 A4254604 fsub dword ptr [44625A4]
04461A37 . D9E1 fabs
04461A39 . DB2D 20264604 fld tbyte ptr [4462620]
04461A3F . DED9 fcompp
04461A41 . DFE0 fstsw ax
04461A43 . 9E sahf
04461A44 . E9 8D000000 jmp 04461AD6
04461A49 90 nop
04461A4A . C745 F8 01000>mov dword ptr [ebp-8], 1
04461A51 . 8B1D 94224A04 mov ebx, dword ptr [44A2294] ; DPS.044AABE8
04461A57 > B8 F4010000 mov eax, 1F4
04461A5C . E8 CFF6B9FF call <jmp.&rtl60.System::RandInt>
04461A61 . 8945 CC mov dword ptr [ebp-34], eax
04461A64 . DB45 CC fild dword ptr [ebp-34]
04461A67 . D835 2C264604 fdiv dword ptr [446262C]
04461A6D . D805 30264604 fadd dword ptr [4462630]
04461A73 . D825 A4254604 fsub dword ptr [44625A4]
04461A79 . D91B fstp dword ptr [ebx]
04461A7B . 9B wait
04461A7C . FF45 F8 inc dword ptr [ebp-8]
04461A7F . 83C3 04 add ebx, 4
04461A82 . 837D F8 0B cmp dword ptr [ebp-8], 0B
04461A86 .^ 75 CF jnz short 04461A57
04461A88 . 8B45 FC mov eax, dword ptr [ebp-4]
04461A8B . 8B80 F0020000 mov eax, dword ptr [eax+2F0]
04461A91 . 8B40 34 mov eax, dword ptr [eax+34]
04461A94 . E8 2318BAFF call <jmp.&vcl60.Menus::TMenuItem::Cl>
04461A99 . C745 F8 01000>mov dword ptr [ebp-8], 1
04461AA0 . 8B1D 94224A04 mov ebx, dword ptr [44A2294] ; DPS.044AABE8
04461AA6 > B8 E8030000 mov eax, 3E8
04461AAB . E8 80F6B9FF call <jmp.&rtl60.System::RandInt>
04461AB0 . 8945 CC mov dword ptr [ebp-34], eax
04461AB3 . DB45 CC fild dword ptr [ebp-34]
04461AB6 . D835 34264604 fdiv dword ptr [4462634]
04461ABC . D805 A4254604 fadd dword ptr [44625A4]
04461AC2 . D91B fstp dword ptr [ebx]
04461AC4 . 9B wait
04461AC5 . FF45 F8 inc dword ptr [ebp-8]
04461AC8 . 83C3 04 add ebx, 4
04461ACB . 837D F8 0B cmp dword ptr [ebp-8], 0B
04461ACF .^ 75 D5 jnz short 04461AA6
04461AD1 . E9 700A0000 jmp 04462546
04461AD6 > 8B45 FC mov eax, dword ptr [ebp-4]
04461AD9 . 8D90 B0100000 lea edx, dword ptr [eax+10B0]
04461ADF . 8B45 FC mov eax, dword ptr [ebp-4]
04461AE2 . E8 B5A8FFFF call 0445C39C
04461AE7 . A1 7C394A04 mov eax, dword ptr [44A397C]
04461AEC . C700 F8020000 mov dword ptr [eax], 2F8
04461AF2 . 8D45 D0 lea eax, dword ptr [ebp-30]
3、4-----------------------------------------
04462068 . 8B55 9C mov edx, dword ptr [ebp-64]
0446206B . A1 90104A04 mov eax, dword ptr [44A1090]
04462070 . E8 E3F2B9FF call <jmp.&rtl60.System::LStrAsg>
04462075 . C705 B04F9A04>mov dword ptr [49A4FB0], -1
0446207F . BA E44C9A04 mov edx, 049A4CE4
04462084 . A1 40164A04 mov eax, dword ptr [44A1640]
04462089 . 8B00 mov eax, dword ptr [eax]
0446208B . E8 349AFFFF call 0445BAC4
04462090 . E8 2392FFFF call 0445B2B8
04462095 . 84C0 test al, al
04462097 90 nop //启动时关键跳转(注册标志)
04462098 90 nop
04462099 90 nop
0446209A 90 nop
0446209B 90 nop
0446209C 90 nop
0446209D . E8 DA7DFFFF call 04459E7C
044620A2 . 8B45 FC mov eax, dword ptr [ebp-4]
044620A5 . 8B80 A00D0000 mov eax, dword ptr [eax+DA0]
044620AB . B2 01 mov dl, 1
044620AD 90 nop //启动时关键跳转,改后启动不显示“系统信息”
044620AE 90 nop
044620AF 90 nop
044620B0 90 nop
044620B1 90 nop
044620B2 . 8B45 FC mov eax, dword ptr [ebp-4]
044620B5 . 8B80 D00D0000 mov eax, dword ptr [eax+DD0]
044620BB . B2 01 mov dl, 1
044620BD . E8 3213BAFF call <jmp.&vcl60.Controls::TControl::>
044620C2 . E8 35FEB9FF call <jmp.&rtl60.Sysutils::Time>
044620C7 . DD1D C44F9A04 fstp qword ptr [49A4FC4]
044620CD . 9B wait
044620CE . 8B15 58FE4904 mov edx, dword ptr [449FE58] ; DPS.044AA3EC
044620D4 . 33C0 xor eax, eax
044620D6 . E8 75EFB9FF call <jmp.&rtl60.System::ParamStr>
044620DB . EB 1D jmp short 044620FA
044620DD > A1 58FE4904 mov eax, dword ptr [449FE58]
044620E2 . 8B00 mov eax, dword ptr [eax]
044620E4 . E8 B7F2B9FF call <jmp.&rtl60.System::LStrLen>
044620E9 . 8BD0 mov edx, eax
044620EB . A1 58FE4904 mov eax, dword ptr [449FE58]
044620F0 . B9 01000000 mov ecx, 1
044620F5 . E8 F6F2B9FF call <jmp.&rtl60.System::LStrDelete>
044620FA > A1 58FE4904 mov eax, dword ptr [449FE58]
044620FF . 8B00 mov eax, dword ptr [eax]
5--------------------------------------------
04460CA3 |. B8 06000000 mov eax, 6
04460CA8 |. E8 8304BAFF call <jmp.&rtl60.System::RandInt>
04460CAD |. 40 inc eax
04460CAE |. 8985 70FFFFFF mov dword ptr [ebp-90], eax
04460CB4 |. 8B85 58FFFFFF mov eax, dword ptr [ebp-A8]
04460CBA |. 8B95 70FFFFFF mov edx, dword ptr [ebp-90]
04460CC0 |. 8A4410 FF mov al, byte ptr [eax+edx-1]
04460CC4 |. 8B95 2CFFFFFF mov edx, dword ptr [ebp-D4]
04460CCA |. 8B8D 70FFFFFF mov ecx, dword ptr [ebp-90]
04460CD0 |. 3A440A FF cmp al, byte ptr [edx+ecx-1]
04460CD4 E9 BC000000 jmp 04460D95
04460CD9 90 nop
04460CDA |. BB 01000000 mov ebx, 1
04460CDF |. 8DB5 B8FCFFFF lea esi, dword ptr [ebp-348]
04460CE5 |> 33C0 /xor eax, eax
04460CE7 |. 8906 |mov dword ptr [esi], eax
04460CE9 |. C746 04 0000F>|mov dword ptr [esi+4], 3FF00000
04460CF0 |. 43 |inc ebx
04460CF1 |. 83C6 08 |add esi, 8
04460CF4 |. 83FB 0B |cmp ebx, 0B
04460CF7 |.^ 75 EC \jnz short 04460CE5
04460CF9 |. B8 05000000 mov eax, 5
04460CFE |. E8 2D04BAFF call <jmp.&rtl60.System::RandInt>
04460D03 |. 40 inc eax
04460D04 |. 8985 70FFFFFF mov dword ptr [ebp-90], eax
04460D0A |. 8B85 58FFFFFF mov eax, dword ptr [ebp-A8]
04460D10 |. 8B95 70FFFFFF mov edx, dword ptr [ebp-90]
04460D16 |. 8A4410 FF mov al, byte ptr [eax+edx-1]
04460D1A |. 8B95 2CFFFFFF mov edx, dword ptr [ebp-D4]
04460D20 |. 8B8D 70FFFFFF mov ecx, dword ptr [ebp-90]
04460D26 |. 3A440A FF cmp al, byte ptr [edx+ecx-1]
04460D2A |. 74 69 je short 04460D95
04460D2C |. 8B45 F4 mov eax, dword ptr [ebp-C]
04460D2F |. B9 0A000000 mov ecx, 0A
04460D34 |. 99 cdq
04460D35 |. F7F9 idiv ecx
04460D37 |. A1 94224A04 mov eax, dword ptr [44A2294]
04460D3C |. D90490 fld dword ptr [eax+edx*4]
04460D3F |. D825 48154604 fsub dword ptr [4461548]
04460D45 |. D9E1 fabs
04460D47 |. DB2D 74164604 fld tbyte ptr [4461674]
04460D4D |. DED9 fcompp
04460D4F |. DFE0 fstsw ax
04460D51 |. 9E sahf
04460D52 |. 73 41 jnb short 04460D95
04460D54 |. BA 68164604 mov edx, 04461668 ; ASCII "Work.$$$"
04460D59 |. 8D85 30FDFFFF lea eax, dword ptr [ebp-2D0]
04460D5F |. E8 6403BAFF call <jmp.&rtl60.System::Assign>
04460D64 |. 8D85 30FDFFFF lea eax, dword ptr [ebp-2D0]
04460D6A |. E8 4103BAFF call <jmp.&rtl60.System::ResetText>
04460D6F |. 8D85 30FDFFFF lea eax, dword ptr [ebp-2D0]
04460D75 |. E8 6E03BAFF call <jmp.&rtl60.System::Close>
04460D7A |. 8D85 30FDFFFF lea eax, dword ptr [ebp-2D0]
04460D80 |. E8 9B03BAFF call <jmp.&rtl60.System::Erase>
04460D85 |. 8D85 400DE5FF lea eax, dword ptr [ebp+FFE50D40]
04460D8B |. E8 5092FFFF call 04459FE0
04460D90 |. E9 C6060000 jmp 0446145B
04460D95 |> 8B4D F0 mov ecx, dword ptr [ebp-10]
04460D98 |. 41 inc ecx
04460D99 |. BA 01000000 mov edx, 1
04460D9E |. 8B45 FC mov eax, dword ptr [ebp-4]
04460DA1 |. E8 F611C0FF call 04061F9C
04460DA6 |. 8B45 D8 mov eax, dword ptr [ebp-28]
6--------------------------------------------
0445883B |. 2BD0 sub edx, eax
0445883D |. 0F8C 85020000 jl 04458AC8
04458843 |. 42 inc edx
04458844 |. 8955 9C mov dword ptr [ebp-64], edx
04458847 |. 8945 FC mov dword ptr [ebp-4], eax
0445884A |> 8B35 38044A04 /mov esi, dword ptr [44A0438] ; DPS.044AA3C4
04458850 |. 8B36 |mov esi, dword ptr [esi]
04458852 |. 8B1D F0064A04 |mov ebx, dword ptr [44A06F0] ; DPS.044AA3CC
04458858 |. 8B1B |mov ebx, dword ptr [ebx]
0445885A |. 2BDE |sub ebx, esi
0445885C E9 5B020000 jmp 04458ABC //数据序列检验时断下,不知何用
04458861 90 nop
04458862 |. 43 |inc ebx
04458863 |> B8 0E000000 |/mov eax, 0E
04458868 |. E8 C388BAFF ||call <jmp.&rtl60.System::RandInt>
0445886D |. 40 ||inc eax
0445886E |. 8945 F4 ||mov dword ptr [ebp-C], eax
04458871 |. 8B45 B0 ||mov eax, dword ptr [ebp-50]
04458874 |. 50 ||push eax
04458875 |. 8D45 94 ||lea eax, dword ptr [ebp-6C]
04458878 |. 50 ||push eax
04458879 |. A1 301D9A04 ||mov eax, dword ptr [49A1D30]
0445887E |. 8B80 B0100000 ||mov eax, dword ptr [eax+10B0]
04458884 |. 8B4D FC ||mov ecx, dword ptr [ebp-4]
04458887 |. 8BD6 ||mov edx, esi
04458889 |. E8 468EC0FF ||call 040616D4
...
04458A81 |. A1 301D9A04 ||mov eax, dword ptr [49A1D30]
04458A86 |. 8B80 B0100000 ||mov eax, dword ptr [eax+10B0]
04458A8C |. 8B4D FC ||mov ecx, dword ptr [ebp-4]
04458A8F |. 8BD6 ||mov edx, esi
04458A91 |. E8 36A5C0FF ||call 04062FCC
04458A96 |. C745 F8 01000>||mov dword ptr [ebp-8], 1
04458A9D |. A1 94224A04 ||mov eax, dword ptr [44A2294]
04458AA2 |> C700 0000803F ||/mov dword ptr [eax], 3F800000
04458AA8 |. FF45 F8 |||inc dword ptr [ebp-8]
04458AAB |. 83C0 04 |||add eax, 4
04458AAE |. 837D F8 0B |||cmp dword ptr [ebp-8], 0B
04458AB2 |.^ 75 EE ||\jnz short 04458AA2
04458AB4 |> 46 ||inc esi
04458AB5 |. 4B ||dec ebx
04458AB6 |.^ 0F85 A7FDFFFF |\jnz 04458863
04458ABC |> FF45 FC |inc dword ptr [ebp-4]
04458ABF |. FF4D 9C |dec dword ptr [ebp-64]
04458AC2 |.^ 0F85 82FDFFFF \jnz 0445884A
04458AC8 |> 8B45 E8 mov eax, dword ptr [ebp-18]
04458ACB |. 85C0 test eax, eax
04458ACD |. 0F8E A6000000 jle 04458B79
04458AD3 |. 8945 9C mov dword ptr [ebp-64], eax
04458AD6 |. C745 FC 01000>mov dword ptr [ebp-4], 1
04458ADD |> 8B5D EC /mov ebx, dword ptr [ebp-14]
04458AE0 |. 85DB |test ebx, ebx
04458AE2 |. 0F8E 85000000 |jle 04458B6D
04458AE8 |. BE 01000000 |mov esi, 1
04458AED |> 8B45 A0 |/mov eax, dword ptr [ebp-60]
04458AF0 |. 8B55 FC ||mov edx, dword ptr [ebp-4]
04458AF3 |. 8B0490 ||mov eax, dword ptr [eax+edx*4]
04458AF6 |. 803C30 00 ||cmp byte ptr [eax+esi], 0
04458AFA |. 74 6D ||je short 04458B69
04458AFC |. A1 70284A04 ||mov eax, dword ptr [44A2870]
04458B01 |. 8B00 ||mov eax, dword ptr [eax]
04458B03 |. E8 E4A6BAFF ||call <jmp.&vcl60.Dialogs::ShowMessa>
04458B08 |. A1 04104A04 ||mov eax, dword ptr [44A1004]
7--------------------------------------------
044591E8 |. 2BD0 sub edx, eax
044591EA |. 0F8C A7020000 jl 04459497
044591F0 |. 42 inc edx
044591F1 |. 8955 9C mov dword ptr [ebp-64], edx
044591F4 |. 8945 FC mov dword ptr [ebp-4], eax
044591F7 |> 8B35 38044A04 /mov esi, dword ptr [44A0438] ; DPS.044AA3C4
044591FD |. 8B36 |mov esi, dword ptr [esi]
044591FF |. 8B1D F0064A04 |mov ebx, dword ptr [44A06F0] ; DPS.044AA3CC
04459205 |. 8B1B |mov ebx, dword ptr [ebx]
04459207 |. 2BDE |sub ebx, esi
04459209 E9 7D020000 jmp 0445948B
0445920E 90 nop
0445920F |. 43 |inc ebx
04459210 |> B8 0E000000 |/mov eax, 0E
04459215 |. E8 167FBAFF ||call <jmp.&rtl60.System::RandInt>
0445921A |. 40 ||inc eax
0445921B |. 8945 F4 ||mov dword ptr [ebp-C], eax
0445921E |. 8B45 B0 ||mov eax, dword ptr [ebp-50]
04459221 |. 50 ||push eax
...
04459441 |. A1 301D9A04 ||mov eax, dword ptr [49A1D30]
04459446 |. 8B80 B0100000 ||mov eax, dword ptr [eax+10B0]
0445944C |. 8B4D FC ||mov ecx, dword ptr [ebp-4]
0445944F |. 8BD6 ||mov edx, esi
04459451 |. E8 769BC0FF ||call 04062FCC
04459456 |. A1 B03A4A04 ||mov eax, dword ptr [44A3AB0]
0445945B |. BA 40964504 ||mov edx, 04459640
04459460 |. E8 F37EBAFF ||call <jmp.&rtl60.System::LStrAsg>
04459465 |. C745 F8 01000>||mov dword ptr [ebp-8], 1
0445946C |. A1 94224A04 ||mov eax, dword ptr [44A2294]
04459471 |> C700 0000803F ||/mov dword ptr [eax], 3F800000
04459477 |. FF45 F8 |||inc dword ptr [ebp-8]
0445947A |. 83C0 04 |||add eax, 4
0445947D |. 837D F8 0B |||cmp dword ptr [ebp-8], 0B
04459481 |.^ 75 EE ||\jnz short 04459471
04459483 |> 46 ||inc esi
04459484 |. 4B ||dec ebx
04459485 |.^ 0F85 85FDFFFF |\jnz 04459210
0445948B |> FF45 FC |inc dword ptr [ebp-4]
0445948E |. FF4D 9C |dec dword ptr [ebp-64]
04459491 |.^ 0F85 60FDFFFF \jnz 044591F7
04459497 |> 8B45 E8 mov eax, dword ptr [ebp-18]
0445949A |. 85C0 test eax, eax
0445949C |. 0F8E A6000000 jle 04459548
044594A2 |. 8945 9C mov dword ptr [ebp-64], eax
044594A5 |. C745 FC 01000>mov dword ptr [ebp-4], 1
044594AC |> 8B5D EC /mov ebx, dword ptr [ebp-14]
044594AF |. 85DB |test ebx, ebx
044594B1 |. 0F8E 85000000 |jle 0445953C
044594B7 |. BE 01000000 |mov esi, 1
044594BC |> 8B45 A0 |/mov eax, dword ptr [ebp-60]
044594BF |. 8B55 FC ||mov edx, dword ptr [ebp-4]
044594C2 |. 8B0490 ||mov eax, dword ptr [eax+edx*4]
044594C5 |. 803C30 00 ||cmp byte ptr [eax+esi], 0
044594C9 |. 74 6D ||je short 04459538
044594CB |. A1 70284A04 ||mov eax, dword ptr [44A2870]
8--------------------------------------------
http://zanjero.ygblog.com/
04459A4C |. 2BD0 sub edx, eax
04459A4E |. 0F8C 79010000 jl 04459BCD
04459A54 |. 42 inc edx
04459A55 |. 8955 B8 mov dword ptr [ebp-48], edx
04459A58 |. 8945 F0 mov dword ptr [ebp-10], eax
04459A5B |> 8B35 38044A04 /mov esi, dword ptr [44A0438] ; DPS.044AA3C4
04459A61 |. 8B36 |mov esi, dword ptr [esi]
04459A63 |. 8B1D F0064A04 |mov ebx, dword ptr [44A06F0] ; DPS.044AA3CC
04459A69 |. 8B1B |mov ebx, dword ptr [ebx]
04459A6B |. 2BDE |sub ebx, esi
04459A6D E9 4F010000 jmp 04459BC1
04459A72 90 nop
04459A73 |. 43 |inc ebx
04459A74 |> B8 0E000000 |/mov eax, 0E
04459A79 |. E8 B276BAFF ||call <jmp.&rtl60.System::RandInt>
04459A7E |. 8BF8 ||mov edi, eax
04459A80 |. 47 ||inc edi
04459A81 |. 8B45 E4 ||mov eax, dword ptr [ebp-1C]
04459A84 |. 50 ||push eax
04459A85 |. 8D45 B4 ||lea eax, dword ptr [ebp-4C]
04459A88 |. 50 ||push eax
04459A89 |. 8B45 FC ||mov eax, dword ptr [ebp-4]
04459A8C |. 8B80 B0100000 ||mov eax, dword ptr [eax+10B0]
04459A92 |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
04459A95 |. 8BD6 ||mov edx, esi
04459A97 |. E8 387CC0FF ||call 040616D4
04459A9C |. 8B55 B4 ||mov edx, dword ptr [ebp-4C]
04459A9F |. 8D45 C4 ||lea eax, dword ptr [ebp-3C]
04459AA2 |. E8 E978BAFF ||call <jmp.&rtl60.System::LStrFromWS>
04459AA7 |. B8 E8030000 ||mov eax, 3E8
04459AAC |. E8 7F76BAFF ||call <jmp.&rtl60.System::RandInt>
04459AB1 |. B9 03000000 ||mov ecx, 3
...
04459B8F |. 8BC7 ||mov eax, edi
04459B91 |. 8B4D F0 ||mov ecx, dword ptr [ebp-10]
04459B94 |. 8BD6 ||mov edx, esi
04459B96 |. E8 3194C0FF ||call 04062FCC
04459B9B |. C745 EC 01000>||mov dword ptr [ebp-14], 1
04459BA2 |. A1 94224A04 ||mov eax, dword ptr [44A2294]
04459BA7 |> C700 0000803F ||/mov dword ptr [eax], 3F800000
04459BAD |. FF45 EC |||inc dword ptr [ebp-14]
04459BB0 |. 83C0 04 |||add eax, 4
04459BB3 |. 837D EC 0B |||cmp dword ptr [ebp-14], 0B
04459BB7 |.^ 75 EE ||\jnz short 04459BA7
04459BB9 |> 46 ||inc esi
04459BBA |. 4B ||dec ebx
04459BBB |.^ 0F85 B3FEFFFF |\jnz 04459A74
04459BC1 |> FF45 F0 |inc dword ptr [ebp-10]
04459BC4 |. FF4D B8 |dec dword ptr [ebp-48]
04459BC7 |.^ 0F85 8EFEFFFF \jnz 04459A5B
04459BCD |> 33C0 xor eax, eax
04459BCF |. 5A pop edx
9--------------------------------------------
0445B713 . C3 retn
0445B714 . 0000803F dd float 1.000000
0445B718 . FFFFFFFF dd FFFFFFFF
0445B71C . 01000000 dd 00000001
0445B720 . 5C 00 ascii "\",0
0445B722 00 db 00
0445B723 00 db 00
0445B724 . 00003443 dd float 180.0000
0445B728 . 2384471B47ACC>dt float 9.9999999999999999990e-06
0445B732 00 db 00
0445B733 00 db 00
0445B734 /$ C3 retn //返回而不计算机器码(两处调用)
0445B735 |. 8BEC mov ebp, esp
0445B737 |. 83C4 88 add esp, -78
0445B73A |. 53 push ebx
0445B73B |. 56 push esi
0445B73C |. 57 push edi
0445B73D |. 33C9 xor ecx, ecx
10--------------------------------------------
044603B3 |. E8 5C30BAFF call <jmp.&vcl60.Controls::TControl::>
044603B8 |. 8B85 640DE5FF mov eax, dword ptr [ebp+FFE50D64]
044603BE |. 8D55 84 lea edx, dword ptr [ebp-7C]
044603C1 |. E8 7619BAFF call <jmp.&rtl60.Sysutils::Trim>
044603C6 |. 8B45 84 mov eax, dword ptr [ebp-7C]
044603C9 |. E8 D20FBAFF call <jmp.&rtl60.System::LStrLen>
044603CE |. 83F8 18 cmp eax, 18
044603D1 |. EB 18 jmp short 044603EB //比较注册码长度的跳转
044603D3 |. 8B15 24144A04 mov edx, dword ptr [44A1424] ; DPS.044AAC94
044603D9 |. 8B12 mov edx, dword ptr [edx]
044603DB |. A1 301D9A04 mov eax, dword ptr [49A1D30]
044603E0 |. 8B80 C80D0000 mov eax, dword ptr [eax+DC8]
044603E6 |. E8 3130BAFF call <jmp.&vcl60.Controls::TControl::>
044603EB |> 8D95 600DE5FF lea edx, dword ptr [ebp+FFE50D60]
044603F1 |. A1 301D9A04 mov eax, dword ptr [49A1D30]
11--------------------------------------------
04460468 |. DD9D 30FFFFFF fstp qword ptr [ebp-D0]
0446046E |. 9B wait
0446046F |. 813D 404E9A04>cmp dword ptr [49A4E40], 120D439
04460479 |. 75 2D jnz short 044604A8
0446047B |. 803D A14F9A04>cmp byte ptr [49A4FA1], 0
04460482 |. 74 24 je short 044604A8
04460484 |. BB 01000000 mov ebx, 1
04460489 |. 8DB5 B8FCFFFF lea esi, dword ptr [ebp-348]
0446048F |> 33C0 /xor eax, eax
04460491 |. 8906 |mov dword ptr [esi], eax
04460493 |. C746 04 0000F>|mov dword ptr [esi+4], 3FF00000
0446049A |. 43 |inc ebx
0446049B |. 83C6 08 |add esi, 8
0446049E |. 83FB 0B |cmp ebx, 0B
044604A1 |.^ 75 EC \jnz short 0446048F
044604A3 |. E9 2B050000 jmp 044609D3
044604A8 |> E8 E33AC0FF call 04063F90
044604AD |. 85C0 test eax, eax
044604AF E9 53030000 jmp 04460807
044604B4 90 nop
044604B5 |. B8 05000000 mov eax, 5
044604BA |. E8 710CBAFF call <jmp.&rtl60.System::RandInt>
044604BF |. 40 inc eax
044604C0 |. 8985 70FFFFFF mov dword ptr [ebp-90], eax
044604C6 |. 33C0 xor eax, eax
044604C8 |. 8985 40FFFFFF mov dword ptr [ebp-C0], eax
044604CE |. C785 44FFFFFF>mov dword ptr [ebp-BC], 40C0FB00
044604D8 |. BB 01000000 mov ebx, 1
044604DD |. 8B35 94224A04 mov esi, dword ptr [44A2294] ; DPS.044AABE8
044604E3 |> B8 64000000 /mov eax, 64
044604E8 |. E8 430CBAFF |call <jmp.&rtl60.System::RandInt>
044604ED |. 8985 5C0DE5FF |mov dword ptr [ebp+FFE50D5C], eax
044604F3 |. DB85 5C0DE5FF |fild dword ptr [ebp+FFE50D5C]
044604F9 |. D835 44154604 |fdiv dword ptr [4461544]
044604FF |. D805 48154604 |fadd dword ptr [4461548]
04460505 |. D91E |fstp dword ptr [esi]
04460507 |. 9B |wait
04460508 |. 43 |inc ebx
04460509 |. 83C6 04 |add esi, 4
0446050C |. 83FB 0B |cmp ebx, 0B
0446050F |.^ 75 D2 \jnz short 044604E3
04460511 |. 8B85 58FFFFFF mov eax, dword ptr [ebp-A8]
...
044607C6 |. 84C0 test al, al
044607C8 |. 74 13 je short 044607DD
044607CA |. D905 48154604 fld dword ptr [4461548]
044607D0 |. DCA5 08FFFFFF fsub qword ptr [ebp-F8]
044607D6 |. DD9D 08FFFFFF fstp qword ptr [ebp-F8]
044607DC |. 9B wait
044607DD |> E8 5EECFFFF call 0445F440
044607E2 |. 8A85 2BFFFFFF mov al, byte ptr [ebp-D5]
044607E8 |. 34 01 xor al, 1
044607EA |. 84C0 test al, al
044607EC |. 74 19 je short 04460807
044607EE |. DB2D 48164604 fld tbyte ptr [4461648]
044607F4 |. DC8D 08FFFFFF fmul qword ptr [ebp-F8]
044607FA |. D82D 48154604 fsubr dword ptr [4461548]
04460800 |. DD9D 08FFFFFF fstp qword ptr [ebp-F8]
04460806 |. 9B wait
04460807 |> E8 8437C0FF call 04063F90
0446080C |. 85C0 test eax, eax
0446080E |. 75 05 jnz short 04460815
04460810 |. E8 8F15C1FF call 04071DA4
04460815 |> A1 580A4A04 mov eax, dword ptr [44A0A58]
0446081A |. 33D2 xor edx, edx
0446081C |. 8910 mov dword ptr [eax], edx
12--------------------------------------------
04460F33 |. 8B55 A4 ||mov edx, dword ptr [ebp-5C]
04460F36 |. B8 94164604 ||mov eax, 04461694 ; ASCII "||"
04460F3B |. E8 C004BAFF ||call <jmp.&rtl60.System::LStrPos>
04460F40 |. 8945 EC ||mov dword ptr [ebp-14], eax
04460F43 |. 8B85 58FFFFFF ||mov eax, dword ptr [ebp-A8]
04460F49 |. 8A4430 FF ||mov al, byte ptr [eax+esi-1]
04460F4D |. 8B95 2CFFFFFF ||mov edx, dword ptr [ebp-D4]
04460F53 |. 3A4432 FF ||cmp al, byte ptr [edx+esi-1]
04460F57 |. EB 2A ||jmp short 04460F83
04460F59 |. B8 64000000 ||mov eax, 64
04460F5E |. E8 CD01BAFF ||call <jmp.&rtl60.System::RandInt>
04460F63 |. 8985 5C0DE5FF ||mov dword ptr [ebp+FFE50D5C], eax
04460F69 |. DB85 5C0DE5FF ||fild dword ptr [ebp+FFE50D5C]
04460F6F |. D835 44154604 ||fdiv dword ptr [4461544]
04460F75 |. D805 48154604 ||fadd dword ptr [4461548]
04460F7B |. DD9CF5 B0FCFF>||fstp qword ptr [ebp+esi*8-350]
04460F82 |. 9B ||wait
04460F83 |> 837D EC 00 ||cmp dword ptr [ebp-14], 0
04460F87 |. 7E 20 ||jle short 04460FA9
04460F89 |. 8D45 A4 ||lea eax, dword ptr [ebp-5C]
04460F8C |. B9 02000000 ||mov ecx, 2
04460F91 |. 8B55 EC ||mov edx, dword ptr [ebp-14]
13--------------------------------------------
044610C0 |. 8A0C10 ||mov cl, byte ptr [eax+edx]
044610C3 |. 8BC7 ||mov eax, edi
044610C5 |. 51 ||push ecx
044610C6 |. B9 0A000000 ||mov ecx, 0A
044610CB |. 99 ||cdq
044610CC |. F7F9 ||idiv ecx
044610CE |. 59 ||pop ecx
044610CF |. 8B85 2CFFFFFF ||mov eax, dword ptr [ebp-D4]
044610D5 |. 3A0C10 ||cmp cl, byte ptr [eax+edx]
044610D8 |. EB 26 ||jmp short 04461100
044610DA |. B8 64000000 ||mov eax, 64
044610DF |. E8 4C00BAFF ||call <jmp.&rtl60.System::RandInt>
044610E4 |. 8985 5C0DE5FF ||mov dword ptr [ebp+FFE50D5C], eax
044610EA |. DB85 5C0DE5FF ||fild dword ptr [ebp+FFE50D5C]
044610F0 |. D835 44154604 ||fdiv dword ptr [4461544]
044610F6 |. D805 48154604 ||fadd dword ptr [4461548]
044610FC |. DB7D B8 ||fstp tbyte ptr [ebp-48]
044610FF |. 9B ||wait
04461100 |> 837D E8 00 ||cmp dword ptr [ebp-18], 0
04461104 |. 0F8E 46020000 ||jle 04461350
0446110A |. 8D55 EC ||lea edx, dword ptr [ebp-14]
0446110D |. 8B45 A0 ||mov eax, dword ptr [ebp-60]
04461110 |. E8 1B01BAFF ||call <jmp.&rtl60.System::ValExt>
04461115 |. DB7D C8 ||fstp tbyte ptr [ebp-38]
04461118 |. 9B ||wait
04461119 |. DB6D C8 ||fld tbyte ptr [ebp-38]
0446111C |. DB6D B8 ||fld tbyte ptr [ebp-48]
0446111F |. DEC9 ||fmulp st(1), st
04461121 |. DB7D C8 ||fstp tbyte ptr [ebp-38]
04461124 |. 9B ||wait
14--------------------------------------------
044611B9 |. B8 F8164604 ||mov eax, 044616F8
044611BE |. E8 3D02BAFF ||call <jmp.&rtl60.System::LStrPos>
044611C3 |. 85C0 ||test eax, eax
044611C5 |. 75 07 ||jnz short 044611CE
044611C7 |. 33C0 ||xor eax, eax
044611C9 |. 8945 E4 ||mov dword ptr [ebp-1C], eax
044611CC |. EB 07 ||jmp short 044611D5
044611CE |> C745 E4 04000>||mov dword ptr [ebp-1C], 4
044611D5 |> 837D E4 05 ||cmp dword ptr [ebp-1C], 5
044611D9 |. 7E 07 ||jle short 044611E2
044611DB |. C745 E4 05000>||mov dword ptr [ebp-1C], 5
044611E2 |> 8B45 D8 ||mov eax, dword ptr [ebp-28]
044611E5 |. 50 ||push eax
044611E6 |. 6A 01 ||push 1
044611E8 |. 8BCF ||mov ecx, edi
044611EA |. 8B55 E0 ||mov edx, dword ptr [ebp-20]
044611ED |. 8B45 FC ||mov eax, dword ptr [ebp-4]
044611F0 |. E8 CB09C0FF ||call 04061BC0
044611F5 |. 8B45 D8 ||mov eax, dword ptr [ebp-28]
044611F8 |. 50 ||push eax
044611F9 |. 8BC7 ||mov eax, edi
044611FB |. B9 0C000000 ||mov ecx, 0C
04461200 |. 99 ||cdq
04461201 |. F7F9 ||idiv ecx
04461203 |. 8B85 58FFFFFF ||mov eax, dword ptr [ebp-A8]
04461209 |. 33C9 ||xor ecx, ecx
0446120B |. 8A0C10 ||mov cl, byte ptr [eax+edx]
0446120E |. 8BC7 ||mov eax, edi
04461210 |. 51 ||push ecx
04461211 |. B9 0C000000 ||mov ecx, 0C
04461216 |. 99 ||cdq
04461217 |. F7F9 ||idiv ecx
04461219 |. 59 ||pop ecx
0446121A |. 8B85 2CFFFFFF ||mov eax, dword ptr [ebp-D4]
04461220 |. 0FB60410 ||movzx eax, byte ptr [eax+edx]
04461224 |. 2BC9 ||sub ecx, ecx //使添加误差:x=x*(1+(RandInt(1)-RandInt(2))/1000) 改为:x=x*(1+(RandInt(1)-RandInt(1))/1000
04461226 |. 898D 5C0DE5FF ||mov dword ptr [ebp+FFE50D5C], ecx
0446122C |. DB85 5C0DE5FF ||fild dword ptr [ebp+FFE50D5C]
04461232 |. D835 44154604 ||fdiv dword ptr [4461544]
04461238 |. D805 48154604 ||fadd dword ptr [4461548]
0446123E |. DB6D C8 ||fld tbyte ptr [ebp-38]
04461241 |. DEC9 ||fmulp st(1), st
04461243 |. 83C4 F8 ||add esp, -8
04461246 |. DD1C24 ||fstp qword ptr [esp]
04461249 |. 9B ||wait
0446124A |. 8BCF ||mov ecx, edi
0446124C |. 8B55 E0 ||mov edx, dword ptr [ebp-20]
0446124F |. 8B45 FC ||mov eax, dword ptr [ebp-4]
04461252 |. E8 751DC0FF ||call 04062FCC
04461257 |. 8B45 D8 ||mov eax, dword ptr [ebp-28]
0446125A |. 50 ||push eax
0446125B |. 8B45 E4 ||mov eax, dword ptr [ebp-1C]
0446125E |. 50 ||push eax
0446125F |. 8BCF ||mov ecx, edi
04461261 |. 8B55 E0 ||mov edx, dword ptr [ebp-20]
04461264 |. 8B45 FC ||mov eax, dword ptr [ebp-4]
04461267 |. E8 7C07C0FF ||call 040619E8
0446126C |. EB 5A ||jmp short 044612C8
0446126E |> 8B45 D8 ||mov eax, dword ptr [ebp-28]
04461271 |. 50 ||push eax |
|
IP卡
发表于 2007-12-19 18:00:28
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2007-12-26 08:26:14
发表于 2008-3-16 22:56:12
