- UID
- 33252
注册时间2007-8-4
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 无聊
2024-12-30 17:29 |
|---|
签到天数: 633 天 [LV.9]以坛为家II
|
【文章标题】: 2010年 解密小组招募考题1
【文章作者】: fghtiger
【作者邮箱】: [email protected]
【作者QQ号】: 28011309
【软件名称】: 定时播放王C
【下载地址】: 自己搜索下载
【软件介绍】: 解决试用无限制.rar (绿色软件、暴破)
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
该软件有20天试用限制。破解的思路 监视了软件的运行,发现软件第一次运行时会在 C:\WINDOWS\system 中
创建这两个文件 dinggc.ini 、biangc.ini这个文件中保存着首次运行的日期的 "ning>40200>guang" 、
"string>40200>good" 当试用天数过20后,文件dinggc.ini会被删除,文件biangc.ini中的字串会改为
"string>1818>good"。
过程分析如下。
根据删除dinggc.ini文件特点下 DeleteFileA断点
看堆栈
0012F834 004698B4 /CALL 到 DeleteFileA 来自 定时播放.004698AE
0012F838 0012F840 \FileName = "C:\WINDOWS\system\dinggc.ini"
004698AE |. FF15 4CFA5000 call dword ptr ds:[<&KERNEL32.DeleteF>; \DeleteFileA
004698B4 |. 85C0 test eax, eax
004698B6 |. 75 3A jnz short <loc_4698F2>
004698B8 |. 8D4424 04 lea eax, dword ptr ss:[esp+4]
004698BC |. 50 push eax ; /FileName
004698BD |. FF15 80FA5000 call dword ptr ds:[<&KERNEL32.GetFile>; \GetFileAttributesA
004698C3 |. 83F8 FF cmp eax, -1
004698C6 |. 74 1D je short <loc_4698E5>
004698C8 |. A8 10 test al, 10
004698CA |. 74 19 je short <loc_4698E5>
004698CC |. 8D4424 04 lea eax, dword ptr ss:[esp+4]
004698D0 |. 50 push eax ; /Path
004698D1 |. FF15 5CFA5000 call dword ptr ds:[<&KERNEL32.RemoveD>; \RemoveDirectoryA
004698D7 |. 85C0 test eax, eax
004698D9 |. 74 0A je short <loc_4698E5>
004698DB |. 33C0 xor eax, eax
004698DD |. 5E pop esi
004698DE |. 81C4 08010000 add esp, 108
004698E4 |. C3 retn
004698E5 >|> \E8 36050000 call <GetLastError> ;
004698EA |. 5E pop esi
004698EB |. 81C4 08010000 add esp, 108
004698F1 |. C3 retn
004698F2 >|> 33C0 xor eax, eax ;
004698F4 |. 5E pop esi
004698F5 |. 81C4 08010000 add esp, 108
004698FB |. C3 retn //// 返回到 004B3938
004698FC >|> 33C0 xor eax, eax ;
004698FE |. 5E pop esi
004698FF |. 81C4 08010000 add esp, 108
00469905 \. C3 retn
返回到 004B3938
004B392E >|> \8B4424 14 mov eax, dword ptr ss:[esp+14] ;
004B3932 |. 50 push eax
004B3933 |. E8 185FFBFF call <sub_469850> ; 删除dinggc.ini
004B3938 |. 8B4424 18 mov eax, dword ptr ss:[esp+18]
004B393C |. 83C4 04 add esp, 4
004B393F |. 50 push eax
004B3940 |. E8 5B57FBFF call <sub_4690A0>
004B3945 |. 83C4 04 add esp, 4
004B3948 |. 85C0 test eax, eax
004B394A |. 75 22 jnz short <loc_4B396E>
004B394C |. 8B4424 14 mov eax, dword ptr ss:[esp+14]
004B3950 |. 6A 02 push 2
004B3952 |. 50 push eax
004B3953 |. E8 A865FBFF call <sub_469F00>
004B3958 |. 894424 20 mov dword ptr ss:[esp+20], eax
004B395C |. 894424 28 mov dword ptr ss:[esp+28], eax
004B3960 |. 895424 2C mov dword ptr ss:[esp+2C], edx
004B3964 |. 83C4 08 add esp, 8
004B3967 |. 837C24 18 00 cmp dword ptr ss:[esp+18], 0
004B396C |. 74 07 je short <loc_4B3975>
004B396E >|> E8 9D47FBFF call <sub_468110> ;
004B3973 |. 8BF0 mov esi, eax
004B3975 >|> 837C24 20 00 cmp dword ptr ss:[esp+20], 0 ;
004B397A |. 0F84 E2000000 je <loc_4B3A62>
004B3980 |. 8B8424 380100>mov eax, dword ptr ss:[esp+138]
004B3987 |. 33F6 xor esi, esi
004B3989 |. 83C0 10 add eax, 10
004B398C |. 894424 18 mov dword ptr ss:[esp+18], eax
004B3990 |. 50 push eax
004B3991 |. E8 9A9AFAFF call <sub_45D430>
004B3996 |. C64424 16 0D mov byte ptr ss:[esp+16], 0D
004B399B |. C64424 17 0A mov byte ptr ss:[esp+17], 0A
004B39A0 |. 83C4 04 add esp, 4
004B39A3 |. 8BD8 mov ebx, eax
004B39A5 >|> 6A 0D /push 0D ;
004B39A7 |. 53 |push ebx
004B39A8 |. E8 93EB0000 |call <sub_4C2540>
004B39AD |. 83C4 08 |add esp, 8
004B39B0 |. 8BF8 |mov edi, eax
004B39B2 |. 85FF |test edi, edi
004B39B4 |. 74 59 |je short <loc_4B3A0F>
004B39B6 |. 53 |push ebx ;
004B39B7 |. C607 00 |mov byte ptr ds:[edi], 0 ;
004B39BA |. FF15 8CF95000 |call dword ptr ds:[<&KERNEL32.lstrle>;
004B39C0 |. 8BE8 |mov ebp, eax
004B39C2 |. 6A 00 |push 0
004B39C4 |. 8B4424 24 |mov eax, dword ptr ss:[esp+24]
004B39C8 |. 6A 01 |push 1
004B39CA |. 8B4C24 2C |mov ecx, dword ptr ss:[esp+2C]
004B39CE |. 55 |push ebp
004B39CF |. 53 |push ebx
004B39D0 |. 51 |push ecx
004B39D1 |. 50 |push eax
004B39D2 |. E8 E95BFBFF |call <sub_4695C0>
004B39D7 |. 83C4 18 |add esp, 18
004B39DA |. 3BC5 |cmp eax, ebp
004B39DC |. 75 2A |jnz short <loc_4B3A08>
004B39DE |. 8D4424 12 |lea eax, dword ptr ss:[esp+12]
004B39E2 |. 6A 00 |push 0
004B39E4 |. 8B5424 24 |mov edx, dword ptr ss:[esp+24]
004B39E8 |. 6A 01 |push 1
004B39EA |. 8B4C24 2C |mov ecx, dword ptr ss:[esp+2C]
004B39EE |. 6A 02 |push 2
004B39F0 |. 50 |push eax
004B39F1 |. 51 |push ecx
004B39F2 |. 52 |push edx
004B39F3 |. E8 C85BFBFF |call <sub_4695C0>
004B39F8 |. 83C4 18 |add esp, 18
004B39FB |. 83F8 02 |cmp eax, 2
004B39FE |. 75 08 |jnz short <loc_4B3A08>
004B3A00 |. 8D5F 01 |lea ebx, dword ptr ds:[edi+1]
004B3A03 |. C607 0D |mov byte ptr ds:[edi], 0D
004B3A06 |.^ EB 9D \jmp short <loc_4B39A5>
004B3A08 >|> E8 0347FBFF call <sub_468110> ;
004B3A0D |. 8BF0 mov esi, eax
004B3A0F >|> 85F6 test esi, esi ;
004B3A11 |. 75 30 jnz short <loc_4B3A43>
004B3A13 |. 53 push ebx ;
004B3A14 |. FF15 8CF95000 call dword ptr ds:[<&KERNEL32.lstrlen>;
004B3A1A |. 8BF8 mov edi, eax
004B3A1C |. 85FF test edi, edi
004B3A1E |. 7E 23 jle short <loc_4B3A43>
004B3A20 |. 8B4424 20 mov eax, dword ptr ss:[esp+20]
004B3A24 |. 6A 00 push 0
004B3A26 |. 8B4C24 28 mov ecx, dword ptr ss:[esp+28]
004B3A2A |. 6A 01 push 1
004B3A2C |. 57 push edi
004B3A2D |. 53 push ebx
004B3A2E |. 51 push ecx
004B3A2F |. 50 push eax
004B3A30 |. E8 8B5BFBFF call <sub_4695C0> ;
004B3A35 |. 83C4 18 add esp, 18
004B3A38 |. 3BC7 cmp eax, edi
004B3A3A |. 74 07 je short <loc_4B3A43>
004B3A3C |. E8 CF46FBFF call <sub_468110>
004B3A41 |. 8BF0 mov esi, eax
004B3A43 >|> 8B4424 20 mov eax, dword ptr ss:[esp+20] ;
004B3A47 |. 8B4C24 24 mov ecx, dword ptr ss:[esp+24]
004B3A4B |. 51 push ecx
004B3A4C |. 50 push eax
004B3A4D |. E8 BE57FBFF call <sub_469210>
004B3A52 |. 8B4C24 20 mov ecx, dword ptr ss:[esp+20]
004B3A56 |. 83C4 08 add esp, 8
004B3A59 |. 51 push ecx
004B3A5A |. E8 619AFAFF call <sub_45D4C0>
004B3A5F |. 83C4 04 add esp, 4
004B3A62 >|> 8B4424 14 mov eax, dword ptr ss:[esp+14] ;
004B3A66 |. 50 push eax
004B3A67 |. E8 F4A9FBFF call <sub_46E460>
004B3A6C |. 83C4 04 add esp, 4
004B3A6F |. 56 push esi
004B3A70 |. 6A 00 push 0
004B3A72 |. 68 7C200000 push 207C
004B3A77 |. E8 3417F8FF call <sub_4351B0>
004B3A7C |. 50 push eax
004B3A7D |. E8 CE93FAFF call <sub_45CE50>
004B3A82 |. 83C4 10 add esp, 10
004B3A85 |. 8BC6 mov eax, esi
004B3A87 |. 5D pop ebp
004B3A88 |. 5F pop edi
004B3A89 |. 5E pop esi
004B3A8A |. 5B pop ebx
004B3A8B |. 81C4 20010000 add esp, 120
004B3A91 \. C3 retn //// 返回到 004B3AB1
返回到 004B3AB1
004B3AA0 > . 8B4424 08 mov eax, dword ptr ss:[esp+8] ;
004B3AA4 . 6A 00 push 0
004B3AA6 . 8B4C24 08 mov ecx, dword ptr ss:[esp+8]
004B3AAA . 50 push eax
004B3AAB . 51 push ecx
004B3AAC . E8 1FFDFFFF call <sub_4B37D0>
004B3AB1 . 83C4 0C add esp, 0C
004B3AB4 . C3 retn ///// 返回到 004352C9
返回到 004352C9
004352C7 |. FF13 call dword ptr ds:[ebx] //// 当是 004BD2B0时进入
004352C9 |. 8B5424 3C mov edx, dword ptr ss:[esp+3C]
004352CD |. 83C4 08 add esp, 8
004352D0 |. C642 01 01 mov byte ptr ds:[edx+1], 1
004352D4 |. 8942 02 mov dword ptr ds:[edx+2], eax ///// eax=现在的日期 这个是跟入004BD2B0得到的
现在就对[edx+2]下硬件访问断点
00428D70 |. 8B01 |mov eax, dword ptr ds:[ecx]
00428D72 |. 8903 |mov dword ptr ds:[ebx], eax ; 跟到这
00428D74 |. 8B51 04 |mov edx, dword ptr ds:[ecx+4]
[ebx]下内存访问断点
0042A169 |. 8B7E 02 mov edi, dword ptr ds:[esi+2] ; 取相差的天数
0042A16C 2B7C24 0A sub edi, dword ptr ss:[esp+A] ; 31(相差的天数)-20天=11
0042A170 |. E9 91000000 jmp <loc_42A206>
0042A206 >|> \56 push esi
0042A207 |. 6A 00 push 0
0042A209 |. E8 42E6FFFF call <sub_428850>
0042A20E |. 8B4424 2C mov eax, dword ptr ss:[esp+2C]
0042A212 |. 83C4 08 add esp, 8
0042A215 |. 83E8 07 sub eax, 7 ;
0042A218 |. 83F8 05 cmp eax, 5
0042A21B |. 77 07 ja short <loc_42A224>
0042A21D |. FF2485 9CA242>jmp dword ptr ds:[eax*4+<off_42A2>
0042A224 >|> 66:C705 14215>mov word ptr ds:[502114], 0FFFD
0042A22D |. 5F pop edi
0042A22E |. 5E pop esi
0042A22F |. 83C4 18 add esp, 18
0042A232 |. C3 retn
0042A233 >|> 85FF test edi, edi
0042A235 75 5C jnz short <loc_42A293>
0042A237 |. C746 02 01000>mov dword ptr ds:[esi+2], 1
0042A23E |. 5F pop edi
0042A23F |. 5E pop esi
0042A240 |. 83C4 18 add esp, 18
0042A243 |. C3 retn
0042A244 >|> 85FF test edi, edi
0042A246 |. 7E 4B jle short <loc_42A293>
0042A248 |. C746 02 01000>mov dword ptr ds:[esi+2], 1
0042A24F |. 5F pop edi
0042A250 |. 5E pop esi
0042A251 |. 83C4 18 add esp, 18
0042A254 |. C3 retn
0042A255 >|> 85FF test edi, edi
0042A257 |. 7D 3A jge short <loc_42A293>
0042A259 |. C746 02 01000>mov dword ptr ds:[esi+2], 1
0042A260 |. 5F pop edi
0042A261 |. 5E pop esi
0042A262 |. 83C4 18 add esp, 18
0042A265 |. C3 retn
0042A266 >|> 85FF test edi, edi
0042A268 |. 7F 29 jg short <loc_42A293>
0042A26A |. C746 02 01000>mov dword ptr ds:[esi+2], 1
0042A271 |. 5F pop edi
0042A272 |. 5E pop esi
0042A273 |. 83C4 18 add esp, 18
0042A276 |. C3 retn
0042A277 >|> 85FF test edi, edi
0042A279 7C 18 jl short <loc_42A293> ; 暴破点改为jmp
0042A27B |. C746 02 01000>mov dword ptr ds:[esi+2], 1
0042A282 |. 5F pop edi
0042A283 |. 5E pop esi
0042A284 |. 83C4 18 add esp, 18
0042A287 |. C3 retn
0042A288 >|> 85FF test edi, edi ;
0042A28A |. 74 07 je short <loc_42A293>
0042A28C |. C746 02 01000>mov dword ptr ds:[esi+2], 1
0042A293 >|> 5F pop edi ;
0042A294 |. 5E pop esi
0042A295 |. 83C4 18 add esp, 18
0042A298 \. C3 retn
跟入004BD2B0
004BD2B0 > . 8B4424 08 mov eax, dword ptr ss:[esp+8]
004BD2B4 . 8B48 02 mov ecx, dword ptr ds:[eax+2]
004BD2B7 . 8B50 12 mov edx, dword ptr ds:[eax+12]
004BD2BA . 8B40 22 mov eax, dword ptr ds:[eax+22]
004BD2BD . 83F8 46 cmp eax, 46 ; 2010 与70
004BD2C0 . 7D 06 jge short <loc_4BD2C8>
004BD2C2 . B8 E0630000 mov eax, 63E0
004BD2C7 . C3 retn
004BD2C8 > > 83F8 64 cmp eax, 64 ; 2010 100
004BD2CB . 7D 11 jge short <loc_4BD2DE>
004BD2CD . 05 6C070000 add eax, 76C
004BD2D2 > > 83FA 01 cmp edx, 1
004BD2D5 . 7D 21 jge short <loc_4BD2F8>
004BD2D7 . BA 01000000 mov edx, 1
004BD2DC . EB 24 jmp short <loc_4BD302>
004BD2DE > > 3D B2070000 cmp eax, 7B2 ; 2010 与1970
004BD2E3 . 7D 06 jge short <loc_4BD2EB>
004BD2E5 . B8 E0630000 mov eax, 63E0
004BD2EA . C3 retn
004BD2EB > > 3D F4070000 cmp eax, 7F4 ; 2010 与2036
004BD2F0 .^ 7E E0 jle short <loc_4BD2D2>
004BD2F2 . B8 2DC20000 mov eax, 0C22D
004BD2F7 . C3 retn
004BD2F8 > > 83FA 0C cmp edx, 0C ; 2月与12
004BD2FB . 7E 05 jle short <loc_4BD302>
004BD2FD . BA 0C000000 mov edx, 0C
004BD302 > > 83F9 01 cmp ecx, 1 ; 26 号与1
004BD305 . 7D 07 jge short <loc_4BD30E>
004BD307 . B9 01000000 mov ecx, 1
004BD30C . EB 0A jmp short <loc_4BD318>
004BD30E > > 83F9 1F cmp ecx, 1F ; 26与31
004BD311 . 7E 05 jle short <loc_4BD318>
004BD313 . B9 1F000000 mov ecx, 1F
004BD318 > > 3D B2070000 cmp eax, 7B2 ; 2010 1970
004BD31D . 75 10 jnz short <loc_4BD32F>
004BD31F . 83FA 01 cmp edx, 1
004BD322 . 7D 0B jge short <loc_4BD32F>
004BD324 . 83F9 01 cmp ecx, 1
004BD327 . 7D 06 jge short <loc_4BD32F>
004BD329 . B8 E0630000 mov eax, 63E0
004BD32E . C3 retn
004BD32F > > 3D F4070000 cmp eax, 7F4 ; 2010 2036
004BD334 . 75 10 jnz short <loc_4BD346>
004BD336 . 83FA 02 cmp edx, 2
004BD339 . 7E 0B jle short <loc_4BD346>
004BD33B . 83F9 05 cmp ecx, 5
004BD33E . 7E 06 jle short <loc_4BD346>
004BD340 . B8 2DC20000 mov eax, 0C22D
004BD345 . C3 retn
004BD346 > > 50 push eax ; loc_4BD346
004BD347 . 52 push edx
004BD348 . 51 push ecx
004BD349 . E8 F2B3FBFF call <sub_478740> ; 跟入
004BD34E . 83C4 0C add esp, 0C
004BD351 . B9 80510100 mov ecx, 15180 ; 60*60*24=86400
004BD356 . 2BD2 sub edx, edx
004BD358 . F7F1 div ecx ; eax=现在的日期
004BD35A . C3 retn
跟入004BD349
00478740 >/$ 83EC 24 sub esp, 24 ; sub_478740
00478743 |. 33C0 xor eax, eax
00478745 |. B9 09000000 mov ecx, 9
0047874A |. 57 push edi
0047874B |. 8D7C24 04 lea edi, dword ptr ss:[esp+4]
0047874F |. F3:AB rep stos dword ptr es:[edi]
00478751 |. 8B4424 34 mov eax, dword ptr ss:[esp+34] ; 2010
00478755 |. 8B4C24 2C mov ecx, dword ptr ss:[esp+2C] ; 26号
00478759 |. 2D 6C070000 sub eax, 76C ; 2010-1900=110
0047875E |. 8D5424 04 lea edx, dword ptr ss:[esp+4]
00478762 |. 894424 18 mov dword ptr ss:[esp+18], eax
00478766 |. 52 push edx
00478767 |. 8B4424 34 mov eax, dword ptr ss:[esp+34]
0047876B |. 894C24 14 mov dword ptr ss:[esp+14], ecx
0047876F |. 48 dec eax
00478770 |. 894424 18 mov dword ptr ss:[esp+18], eax
00478774 |. E8 F7790700 call <sub_4F0170> ; 跟入
00478779 |. 83C4 04 add esp, 4
0047877C |. 2B05 20505000 sub eax, dword ptr ds:[505020]
00478782 |. 2D 0030547C sub eax, 7C543000
00478787 |. 5F pop edi
00478788 |. 83C4 24 add esp, 24
0047878B \. C3 retn
跟入00478774
004F0170 >/$ 8B4424 04 mov eax, dword ptr ss:[esp+4] ; sub_4F0170
004F0174 |. 6A 01 push 1
004F0176 |. 50 push eax
004F0177 |. E8 04000000 call <__make_time_t> ; 跟入
004F017C |. 83C4 08 add esp, 8
004F017F \. C3 retn
跟入 004F0177
004F0180 >/$ 83EC 04 sub esp, 4 ; __make_time_t
004F0183 |. 56 push esi
004F0184 |. 57 push edi
004F0185 |. 8B7C24 10 mov edi, dword ptr ss:[esp+10]
004F0189 |. 8B47 14 mov eax, dword ptr ds:[edi+14]
004F018C |. 894424 08 mov dword ptr ss:[esp+8], eax
004F0190 |. 83F8 45 cmp eax, 45
004F0193 |. 0F8C 3B020000 jl <loc_4F03D4>
004F0199 |. 3D 8B000000 cmp eax, 8B
004F019E |. 0F8F 30020000 jg <loc_4F03D4>
004F01A4 |. 8B77 10 mov esi, dword ptr ds:[edi+10]
004F01A7 |. 85F6 test esi, esi
004F01A9 |. 7C 05 jl short <loc_4F01B0>
004F01AB |. 83FE 0B cmp esi, 0B
004F01AE |. 7E 3C jle short <loc_4F01EC>
004F01B0 >|> B9 0C000000 mov ecx, 0C ; loc_4F01B0
004F01B5 |. 8BC6 mov eax, esi
004F01B7 |. 99 cdq
004F01B8 |. F7F9 idiv ecx
004F01BA |. 014424 08 add dword ptr ss:[esp+8], eax
004F01BE |. 8BC6 mov eax, esi
004F01C0 |. 99 cdq
004F01C1 |. F7F9 idiv ecx
004F01C3 |. 8957 10 mov dword ptr ds:[edi+10], edx
004F01C6 |. 85D2 test edx, edx
004F01C8 |. 7D 09 jge short <loc_4F01D3>
004F01CA |. 03D1 add edx, ecx
004F01CC |. FF4C24 08 dec dword ptr ss:[esp+8]
004F01D0 |. 8957 10 mov dword ptr ds:[edi+10], edx
004F01D3 >|> 837C24 08 45 cmp dword ptr ss:[esp+8], 45 ; loc_4F01D3
004F01D8 |. 0F8C F6010000 jl <loc_4F03D4>
004F01DE |. 817C24 08 8B0>cmp dword ptr ss:[esp+8], 8B
004F01E6 |. 0F8F E8010000 jg <loc_4F03D4>
004F01EC >|> 8B47 10 mov eax, dword ptr ds:[edi+10] ; loc_4F01EC
004F01EF |. F64424 08 03 test byte ptr ss:[esp+8], 3
004F01F4 |. 8B3485 205A50>mov esi, dword ptr ds:[eax*4+505A20]
004F01FB |. 75 06 jnz short <loc_4F0203>
004F01FD |. 83F8 01 cmp eax, 1
004F0200 |. 7E 01 jle short <loc_4F0203>
004F0202 |. 46 inc esi
004F0203 >|> 8B4424 08 mov eax, dword ptr ss:[esp+8] ; loc_4F0203
004F0207 |. 8B4C24 08 mov ecx, dword ptr ss:[esp+8]
004F020B |. 48 dec eax
004F020C |. 8BD1 mov edx, ecx ; 以下是年月日的算法
004F020E |. C1F8 02 sar eax, 2
004F0211 |. 8D0CC9 lea ecx, dword ptr ds:[ecx+ecx*8]
004F0214 |. 8D14CA lea edx, dword ptr ds:[edx+ecx*8]
004F0217 |. 8D0C92 lea ecx, dword ptr ds:[edx+edx*4]
004F021A |. 03C1 add eax, ecx
004F021C |. 8D8C30 219CFF>lea ecx, dword ptr ds:[eax+esi+FFFF9>
004F0223 |. 8B47 0C mov eax, dword ptr ds:[edi+C]
004F0226 |. 85C9 test ecx, ecx
004F0228 |. 8D1408 lea edx, dword ptr ds:[eax+ecx]
004F022B |. 895424 08 mov dword ptr ss:[esp+8], edx
004F022F |. 7C 10 jl short <loc_4F0241>
004F0231 |. 85C0 test eax, eax
004F0233 |. 7C 08 jl short <loc_4F023D>
004F0235 |. 85D2 test edx, edx
004F0237 |. 0F8C 97010000 jl <loc_4F03D4>
004F023D >|> 85C9 test ecx, ecx ; loc_4F023D
004F023F |. 7D 0F jge short <loc_4F0250>
004F0241 >|> 85C0 test eax, eax ; loc_4F0241
004F0243 |. 7D 0B jge short <loc_4F0250>
004F0245 |. 837C24 08 00 cmp dword ptr ss:[esp+8], 0
004F024A |. 0F8D 84010000 jge <loc_4F03D4>
004F0250 >|> 8B4424 08 mov eax, dword ptr ss:[esp+8] ; loc_4F0250
004F0254 |. 85C0 test eax, eax
004F0256 |. 8D0C40 lea ecx, dword ptr ds:[eax+eax*2]
004F0259 |. B8 00000000 mov eax, 0
004F025E |. 8D34CD 000000>lea esi, dword ptr ds:[ecx*8]
004F0265 |. 74 10 je short <loc_4F0277>
004F0267 |. 8BC6 mov eax, esi
004F0269 |. 99 cdq
004F026A |. F77C24 08 idiv dword ptr ss:[esp+8]
004F026E |. 83E8 18 sub eax, 18
004F0271 |. 83F8 01 cmp eax, 1
004F0274 |. 1BC0 sbb eax, eax
004F0276 |. 40 inc eax
004F0277 >|> 85C0 test eax, eax ; loc_4F0277
004F0279 |. 0F85 55010000 jnz <loc_4F03D4>
004F027F |. 8B47 08 mov eax, dword ptr ds:[edi+8]
004F0282 |. 85F6 test esi, esi
004F0284 |. 8D0C06 lea ecx, dword ptr ds:[esi+eax]
004F0287 |. 894C24 08 mov dword ptr ss:[esp+8], ecx
004F028B |. 7C 10 jl short <loc_4F029D>
004F028D |. 85C0 test eax, eax
004F028F |. 7C 08 jl short <loc_4F0299>
004F0291 |. 85C9 test ecx, ecx
004F0293 |. 0F8C 3B010000 jl <loc_4F03D4>
004F0299 >|> 85F6 test esi, esi ; loc_4F0299
004F029B |. 7D 0F jge short <loc_4F02AC>
004F029D >|> 85C0 test eax, eax ; loc_4F029D
004F029F |. 7D 0B jge short <loc_4F02AC>
004F02A1 |. 837C24 08 00 cmp dword ptr ss:[esp+8], 0
004F02A6 |. 0F8D 28010000 jge <loc_4F03D4>
004F02AC >|> 8B4424 08 mov eax, dword ptr ss:[esp+8] ; loc_4F02AC
004F02B0 |. C1E0 02 shl eax, 2
004F02B3 |. 8D0C40 lea ecx, dword ptr ds:[eax+eax*2]
004F02B6 |. B8 00000000 mov eax, 0
004F02BB |. 837C24 08 00 cmp dword ptr ss:[esp+8], 0
004F02C0 |. 8D3489 lea esi, dword ptr ds:[ecx+ecx*4]
004F02C3 |. 74 10 je short <loc_4F02D5>
004F02C5 |. 8BC6 mov eax, esi
004F02C7 |. 99 cdq
004F02C8 |. F77C24 08 idiv dword ptr ss:[esp+8]
004F02CC |. 83E8 3C sub eax, 3C
004F02CF |. 83F8 01 cmp eax, 1
004F02D2 |. 1BC0 sbb eax, eax
004F02D4 |. 40 inc eax
004F02D5 >|> 85C0 test eax, eax ; loc_4F02D5
004F02D7 |. 0F85 F7000000 jnz <loc_4F03D4>
004F02DD |. 8B47 04 mov eax, dword ptr ds:[edi+4]
004F02E0 |. 85F6 test esi, esi
004F02E2 |. 8D0C06 lea ecx, dword ptr ds:[esi+eax]
004F02E5 |. 894C24 08 mov dword ptr ss:[esp+8], ecx
004F02E9 |. 7C 10 jl short <loc_4F02FB>
004F02EB |. 85C0 test eax, eax
004F02ED |. 7C 08 jl short <loc_4F02F7>
004F02EF |. 85C9 test ecx, ecx
004F02F1 |. 0F8C DD000000 jl <loc_4F03D4>
004F02F7 >|> 85F6 test esi, esi ; loc_4F02F7
004F02F9 |. 7D 0F jge short <loc_4F030A>
004F02FB >|> 85C0 test eax, eax ; loc_4F02FB
004F02FD |. 7D 0B jge short <loc_4F030A>
004F02FF |. 837C24 08 00 cmp dword ptr ss:[esp+8], 0
004F0304 |. 0F8D CA000000 jge <loc_4F03D4>
004F030A >|> 8B4424 08 mov eax, dword ptr ss:[esp+8] ; loc_4F030A
004F030E |. C1E0 02 shl eax, 2
004F0311 |. 8D0C40 lea ecx, dword ptr ds:[eax+eax*2]
004F0314 |. B8 00000000 mov eax, 0
004F0319 |. 837C24 08 00 cmp dword ptr ss:[esp+8], 0
004F031E |. 8D3489 lea esi, dword ptr ds:[ecx+ecx*4]
004F0321 |. 74 10 je short <loc_4F0333>
004F0323 |. 8BC6 mov eax, esi
004F0325 |. 99 cdq
004F0326 |. F77C24 08 idiv dword ptr ss:[esp+8]
004F032A |. 83E8 3C sub eax, 3C
004F032D |. 83F8 01 cmp eax, 1
004F0330 |. 1BC0 sbb eax, eax
004F0332 |. 40 inc eax
004F0333 >|> 85C0 test eax, eax ; loc_4F0333
004F0335 |. 0F85 99000000 jnz <loc_4F03D4>
004F033B |. 8B07 mov eax, dword ptr ds:[edi]
004F033D |. 85F6 test esi, esi
004F033F |. 8D0C06 lea ecx, dword ptr ds:[esi+eax]
004F0342 |. 894C24 08 mov dword ptr ss:[esp+8], ecx
004F0346 |. 7C 10 jl short <loc_4F0358>
004F0348 |. 85C0 test eax, eax
004F034A |. 7C 08 jl short <loc_4F0354>
004F034C |. 85C9 test ecx, ecx
004F034E |. 0F8C 80000000 jl <loc_4F03D4>
004F0354 >|> 85F6 test esi, esi ; loc_4F0354
004F0356 |. 7D 0B jge short <loc_4F0363>
004F0358 >|> 85C0 test eax, eax ; loc_4F0358
004F035A |. 7D 07 jge short <loc_4F0363>
004F035C |. 837C24 08 00 cmp dword ptr ss:[esp+8], 0
004F0361 |. 7D 71 jge short <loc_4F03D4>
004F0363 >|> 837C24 14 00 cmp dword ptr ss:[esp+14], 0 ; loc_4F0363
004F0368 |. 74 46 je short <loc_4F03B0>
004F036A |. E8 91410000 call <___tzset>
004F036F |. A1 20505000 mov eax, dword ptr ds:[505020]
004F0374 |. 8D4C24 08 lea ecx, dword ptr ss:[esp+8]
004F0378 |. 014424 08 add dword ptr ss:[esp+8], eax
004F037C |. 51 push ecx ; /timet
004F037D |. E8 1EFCFFFF call <_localtime> ; \_localtime
004F0382 |. 83C4 04 add esp, 4
004F0385 |. 85C0 test eax, eax
004F0387 |. 74 4B je short <loc_4F03D4>
004F0389 |. 8B4F 20 mov ecx, dword ptr ds:[edi+20]
004F038C |. 85C9 test ecx, ecx
004F038E |. 7F 08 jg short <loc_4F0398>
004F0390 |. 7D 2F jge short <loc_4F03C1>
004F0392 |. 8378 20 00 cmp dword ptr ds:[eax+20], 0
004F0396 |. 7E 29 jle short <loc_4F03C1>
004F0398 >|> A1 28505000 mov eax, dword ptr ds:[505028] ; loc_4F0398
004F039D |. 8D4C24 08 lea ecx, dword ptr ss:[esp+8]
004F03A1 |. 014424 08 add dword ptr ss:[esp+8], eax
004F03A5 |. 51 push ecx ; /timet
004F03A6 |. E8 F5FBFFFF call <_localtime> ; \_localtime
004F03AB |. 83C4 04 add esp, 4
004F03AE |. EB 11 jmp short <loc_4F03C1>
004F03B0 >|> 8D4424 08 lea eax, dword ptr ss:[esp+8] ; loc_4F03B0
004F03B4 |. 50 push eax ; /timet
004F03B5 |. E8 06480000 call <_gmtime> ; \_gmtime
004F03BA |. 83C4 04 add esp, 4
004F03BD |. 85C0 test eax, eax
004F03BF |. 74 13 je short <loc_4F03D4>
004F03C1 >|> 8BF0 mov esi, eax ; loc_4F03C1
004F03C3 |. B9 09000000 mov ecx, 9
004F03C8 |. F3:A5 rep movs dword ptr es:[edi], dword p>
004F03CA |. 8B4424 08 mov eax, dword ptr ss:[esp+8]
004F03CE |. 5F pop edi
004F03CF |. 5E pop esi
004F03D0 |. 83C4 04 add esp, 4
004F03D3 |. C3 retn
004F03D4 >|> B8 FFFFFFFF mov eax, -1 ; loc_4F03D4
004F03D9 |. 5F pop edi
004F03DA |. 5E pop esi
004F03DB |. 83C4 04 add esp, 4
004F03DE \. C3 retn
--------------------------------------------------------------------------------
【版权声明】: 转载请注明作者并保持文章的完整, 谢谢!
补丁
考题1的补丁.rar
(4.39 KB, 下载次数: 0)
[ 本帖最后由 fghtiger 于 2010-3-1 13:07 编辑 ] |
|
IP卡
发表于 2010-1-26 08:59:47
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2010-1-26 10:39:28