求追码分析过程

cylaban · 发表于 2009-3-3 14:18:58

小生最近偶然发现了一款库管软件，但是是共享版本的，小生也学习了几天飘云偶像的追吗教程，但偶苦求无果，特怀着一份与大家共同学习，请教的心态上来发个帖子，请求大家的帮助，谢谢了
OD载入程序：
查找ASCII 中找到注册码错误！请与我们联系！点击来到005F10D7
看代码：
005F10D0 .  6A 00       PUSH 0
005F10D2 >  B9 EC105F00 MOV ECX,projshop.005F10EC             ;  警告框
005F10D7 .  BA F4105F00 MOV EDX,projshop.005F10F4             ;  注册码错误!请与我们联系!
005F10DC .  A1 043D7500 MOV EAX,DWORD PTR DS:[753D04]
005F10E1 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
005F10E3 .  E8 44AEEBFF CALL projshop.004ABF2C       我判断这个可能是算法，F7进去看看
005F10E8 .  C3          RETN
005F10E9    00          DB 00
005F10EA    00          DB 00
005F10EB    00          DB 00
005F10EC    BE          DB BE
005F10ED    AF          DB AF
005F10EE    B8          DB B8
005F10EF    E6          DB E6
005F10F0    BF          DB BF
005F10F1    F2          DB F2
005F10F2    00          DB 00
005F10F3    00          DB 00
005F10F4    D7          DB D7
005F10F5    A2          DB A2
005F10F6    B2          DB B2
005F10F7    E1          DB E1
005F10F8 .  C2 EBB4    RETN 0B4EB
005F10FB    ED          DB ED
005F10FC    CE          DB CE
005F10FD    F3          DB F3
005F10FE    21          DB 21                                  ;  CHAR '!'
005F10FF    C7          DB C7
005F1100    EB          DB EB
005F1101    D3          DB D3
005F1102 .^ EB CE       JMP SHORT projshop.005F10D2
我不知道为什么我的都是从下往上走的这个1102却调转到了005F10D2
005F1104    D2          DB D2
005F1105 .  C3          RETN
005F1106    C7          DB C7
005F1107    C1          DB C1
005F1108    AA          DB AA
005F1109    CF          DB CF
005F110A    B5          DB B5
005F110B    21          DB 21                                  ;  CHAR '!'
005F110C    00          DB 00
005F110D    00          DB 00
005F110E    00          DB 00
005F110F    00          DB 00

005F10E3  F7进去后来到
00748199  |.  8BEC       MOV EBP,ESP
0074819B  |.  83C4 EC    ADD ESP,-14
0074819E  |.  53          PUSH EBX
0074819F  |.  56          PUSH ESI
007481A0  |.  33C0       XOR EAX,EAX
007481A2  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX
007481A5  |.  B8 D8797400 MOV EAX,projshop.007479D8
007481AA  |.  E8 09EECBFF CALL projshop.00406FB8
007481AF  |.  BE 60737500 MOV ESI,projshop.00757360
007481B4  |.  33C0       XOR EAX,EAX
007481B6  |.  55          PUSH EBP
007481B7  |.  68 E8827400 PUSH projshop.007482E8
007481BC  |.  64:FF30    PUSH DWORD PTR FS:[EAX]
007481BF  |.  64:8920    MOV DWORD PTR FS:[EAX],ESP
007481C2  |.  6A 00       PUSH 0                                  ; /Title = NULL
007481C4  |.  68 F8827400 PUSH projshop.007482F8                ; |Class = "Tfrmjxclogin"
007481C9  |.  E8 C2FACBFF CALL <JMP.&user32.FindWindowA>          ; \FindWindowA
007481CE  |.  85C0       TEST EAX,EAX
007481D0  |.  74 18       JE SHORT projshop.007481EA
007481D2  |.  6A 00       PUSH 0                                  ; /Style = MB_OK|MB_APPLMODAL
007481D4  |.  68 08837400 PUSH projshop.00748308                ; |Title = "运行"
007481D9  |.  68 10837400 PUSH projshop.00748310                ; |Text = "该程序已经有一个在运行中！"
007481DE  |.  6A 00       PUSH 0                                  ; |hOwner = NULL
007481E0  |.  E8 4BFDCBFF CALL <JMP.&user32.MessageBoxA>          ; \MessageBoxA
007481E5  |.  E8 96C5CBFF CALL projshop.00404780
007481EA  |>  A1 043D7500 MOV EAX,DWORD PTR DS:[753D04]
007481EF  |.  8B00       MOV EAX,DWORD PTR DS:[EAX]
007481F1  |.  E8 0E3BD6FF CALL projshop.004ABD04
007481F6  |.  A1 043D7500 MOV EAX,DWORD PTR DS:[753D04]
007481FB  |.  8B00       MOV EAX,DWORD PTR DS:[EAX]
007481FD  |.  BA 34837400 MOV EDX,projshop.00748334
00748202  |.  E8 B536D6FF CALL projshop.004AB8BC
00748207  |.  6A 01       PUSH 1                                  ; /String2 = 00000001 ???
00748209  |.  E8 42F2CBFF CALL <JMP.&kernel32.GetCurrentProcessId> ; |[GetCurrentProcessId
0074820E  |.  50          PUSH EAX                               ; |String1
0074820F  |.  E8 94F7FFFF CALL <JMP.&kernel32.lstrcpyA>          ; \lstrcpyA
00748214  |.  6A 00       PUSH 0                                  ; /Relation = GW_HWNDFIRST
00748216  |.  A1 043D7500 MOV EAX,DWORD PTR DS:[753D04]          ; |
0074821B  |.  8B00       MOV EAX,DWORD PTR DS:[EAX]             ; |
0074821D  |.  8B40 30    MOV EAX,DWORD PTR DS:[EAX+30]          ; |
00748220  |.  50          PUSH EAX                               ; |hWnd
00748221  |.  E8 F2FBCBFF CALL <JMP.&user32.GetWindow>          ; \GetWindow
00748226  |.  8BD8       MOV EBX,EAX
00748228  |.  85DB       TEST EBX,EBX
0074822A  |.  74 46       JE SHORT projshop.00748272
0074822C  |>  68 FF000000 /PUSH 0FF                               ; /Count = FF (255.)
00748231  |.  56          |PUSH ESI                               ; |Buffer
00748232  |.  53          |PUSH EBX                               ; |hWnd
00748233  |.  E8 08FCCBFF |CALL <JMP.&user32.GetWindowTextA>    ; \GetWindowTextA
00748238  |.  85C0       |TEST EAX,EAX
0074823A  |.  7E 28       |JLE SHORT projshop.00748264
0074823C  |.  8D55 EC    |LEA EDX,DWORD PTR SS:[EBP-14]
0074823F  |.  8BC6       |MOV EAX,ESI
00748241  |.  E8 8A33CCFF |CALL projshop.0040B5D0
00748246  |.  8B55 EC    |MOV EDX,DWORD PTR SS:[EBP-14]
00748249  |.  B8 4C837400 |MOV EAX,projshop.0074834C             ;  ASCII "DeDe"
0074824E  |.  E8 C5CCCBFF |CALL projshop.00404F18
00748253  |.  85C0       |TEST EAX,EAX
00748255  |.  74 0D       |JE SHORT projshop.00748264
00748257  |.  6A 00       |PUSH 0                               ; /Enable = FALSE
00748259  |.  53          |PUSH EBX                               ; |hWnd
0074825A  |.  E8 E9F9CBFF |CALL <JMP.&user32.EnableWindow>       ; \EnableWindow
0074825F  |.  E8 1CC5CBFF |CALL projshop.00404780
00748264  |>  6A 02       |PUSH 2                               ; /Relation = GW_HWNDNEXT
00748266  |.  53          |PUSH EBX                               ; |hWnd
00748267  |.  E8 ACFBCBFF |CALL <JMP.&user32.GetWindow>          ; \GetWindow
0074826C  |.  8BD8       |MOV EBX,EAX
0074826E  |.  85DB       |TEST EBX,EBX
00748270  |.^ 75 BA       \JNZ SHORT projshop.0074822C
00748272  |>  68 54837400 PUSH projshop.00748354                ; /Arg3 = 00748354
00748277  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
00748279  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
0074827B  |.  E8 00F1CBFF CALL projshop.00407380                ; \projshop.00407380
00748280  |.  8BD8       MOV EBX,EAX
00748282  |.  E8 19F2CBFF CALL <JMP.&kernel32.GetLastError>       ; [GetLastError
00748287  |.  3D B7000000 CMP EAX,0B7
0074828C  |.  74 26       JE SHORT projshop.007482B4
0074828E  |.  8B0D E03A7500 MOV ECX,DWORD PTR DS:[753AE0]          ;  projshop.00756FE8
00748294  |.  A1 043D7500 MOV EAX,DWORD PTR DS:[753D04]
00748299  |.  8B00       MOV EAX,DWORD PTR DS:[EAX]
0074829B  |.  8B15 C0345F00 MOV EDX,DWORD PTR DS:[5F34C0]          ;  projshop.005F350C
007482A1  |.  E8 763AD6FF CALL projshop.004ABD1C
007482A6  |.  A1 043D7500 MOV EAX,DWORD PTR DS:[753D04]
007482AB  |.  8B00       MOV EAX,DWORD PTR DS:[EAX]
007482AD  |.  E8 EA3AD6FF CALL projshop.004ABD9C
007482B2  |.  EB 18       JMP SHORT projshop.007482CC
007482B4  |>  6A 00       PUSH 0
007482B6  |.  B9 64837400 MOV ECX,projshop.00748364
007482BB  |.  BA 6C837400 MOV EDX,projshop.0074836C
007482C0  |.  A1 043D7500 MOV EAX,DWORD PTR DS:[753D04]
007482C5  |.  8B00       MOV EAX,DWORD PTR DS:[EAX]
007482C7  |.  E8 603CD6FF CALL projshop.004ABF2C
007482CC  |>  53          PUSH EBX                               ; /hMutex
007482CD  |.  E8 FEF2CBFF CALL <JMP.&kernel32.ReleaseMutex>       ; \ReleaseMutex
007482D2  |.  33C0       XOR EAX,EAX
007482D4  |.  5A          POP EDX
007482D5  |.  59          POP ECX
007482D6  |.  59          POP ECX
007482D7  |.  64:8910    MOV DWORD PTR FS:[EAX],EDX
007482DA  |.  68 EF827400 PUSH projshop.007482EF
007482DF  |>  8D45 EC    LEA EAX,DWORD PTR SS:[EBP-14]
007482E2  |.  E8 2DC6CBFF CALL projshop.00404914
007482E7  \.  C3          RETN

进来这了我F8一步一步的来但走到我就不知道怎么走了那位能知道下谢谢！~~~我找不出来了啊呵呵谢谢

[ 本帖最后由 cylaban 于 2009-3-31 16:49 编辑 ]

qinhuwei · 发表于 2009-3-3 21:21:42

z同甘共苦！

Luckly · 发表于 2009-3-3 22:28:56

如果你在破解软件的时候连分析都不能走出一步那么可以肯定这个软件你搞不定,得继续找资料学习. 而不是发下载地址让大家帮你破解.

下不为例.

cylaban · 发表于 2009-3-4 07:48:19

呵呵谢谢啊，我会吧我分析的过程贴上来的！~~~~哦了！~~~~

静慕者 · 发表于 2009-3-4 14:09:29

嗯？~怎么也没有名字~也没有地址呢？~

cylaban · 发表于 2009-3-31 23:01:00

???没人啊、。我自己顶起！~~~

冬天的雷雨 · 发表于 2009-4-1 08:06:58

加油啊！朋友/:014

zmjxx341 · 发表于 2009-4-1 12:32:32

005F10D7 . BA F4105F00 MOV EDX,projshop.005F10F4 ; 注册码错误!请与我们联系!
这一行向上找跳转啊!!

puti67 · 发表于 2009-4-1 21:54:50

005F10D2 > B9 EC105F00 MOV CX,projshop.005F10EC ; 警告框

跳转到了这一行！！！向上找到跳到这一行的跳转。“>”就是跳转到这里的标志！

cylaban · 发表于 2009-4-2 15:33:06

原帖由 puti67 于 2009-4-1 21:54 发表
005F10D2 > B9 EC105F00 MOV CX,projshop.005F10EC ; 警告框

跳转到了这一行！！！向上找到跳到这一行的跳转。“>”就是跳转到这里的标志！

先谢谢你们的解答，我开始也是这么想的但我往上找在这个段里面没游PUSH EBD (我记得格式应该是PUSH EBD.......RETN) 上面很多RETN 但很少有PUSH !!~~~~~~
下面的代码就是我往上找的结果并且我已经说过了 [fly]005F10D2[/fly] > B9 EC105F00 MOV CX,projshop.005F10EC             ;  警告框这段是由他下面的005F1102 .^\EB CE       JMP SHORT projshop.005F10D2   跳转来的

005F0D80 > /C3          RETN                                  ;  RET 用作跳转到 005F0D88
005F0D81 .^|E9 0E34E1FF JMP projshop.00404194
005F0D86 .^\EB F8       JMP SHORT projshop.005F0D80
005F0D88 >  5D          POP EBP
005F0D89 .  C3          RETN
005F0D8A    8BC0       MOV EAX,EAX
005F0D8C .  832D CC6F7500>SUB DWORD PTR DS:[756FCC],1
005F0D93 .  C3          RETN
005F0D94 .  E00D5F00    DD projshop.005F0DE0
005F0D98    00          DB 00
005F0D99    00          DB 00
005F0D9A    00          DB 00
005F0D9B    00          DB 00
005F0D9C    00          DB 00
005F0D9D    00          DB 00
005F0D9E    00          DB 00
005F0D9F    00          DB 00
005F0DA0 .  D40E5F00    DD projshop.005F0ED4
005F0DA4 .  B0105F00    DD projshop.005F10B0
005F0DA8 .  E60E5F00    DD projshop.005F0EE6
005F0DAC .  3E105F00    DD projshop.005F103E
005F0DB0    00          DB 00
005F0DB1    00          DB 00
005F0DB2    00          DB 00
005F0DB3    00          DB 00
005F0DB4 .  75105F00    DD projshop.005F1075                   ;  ASCII 09,"TFrm_ljzc"
005F0DB8    50          DB 50                                  ;  CHAR 'P'
005F0DB9    03          DB 03
005F0DBA    00          DB 00
005F0DBB    00          DB 00
005F0DBC .  40114A00    DD projshop.004A1140
005F0DC0 .  20C34200    DD projshop.0042C320
005F0DC4 .  583F4A00    DD projshop.004A3F58
005F0DC8 .  0C414A00    DD projshop.004A410C
005F0DCC .  5C3C4000    DD projshop.00403C5C
005F0DD0 .  78654A00    DD projshop.004A6578
005F0DD4 .  98394000    DD projshop.00403998                   ;  入口地址
005F0DD8 .  B4394000    DD projshop.004039B4                   ;  入口地址
005F0DDC .  74414A00    DD projshop.004A4174                   ;  入口地址
005F0DE0 .  0C144900    DD projshop.0049140C
005F0DE4 .  E4464A00    DD projshop.004A46E4
005F0DE8 .  20194200    DD projshop.00421920                   ;  入口地址
005F0DEC .  34434A00    DD projshop.004A4334                   ;  入口地址
005F0DF0 .  70434A00    DD projshop.004A4370
005F0DF4 .  7C444A00    DD projshop.004A447C                   ;  入口地址
005F0DF8 .  C09B4800    DD projshop.00489BC0
005F0DFC .  48C34200    DD projshop.0042C348
005F0E00 .  F44C4A00    DD projshop.004A4CF4
005F0E04 .  74BF4200    DD projshop.0042BF74
005F0E08 .  D88B4A00    DD projshop.004A8BD8
005F0E0C .  CC3D4A00    DD projshop.004A3DCC                   ;  入口地址
005F0E10 .  200F4900    DD projshop.00490F20
005F0E14 .  3C144900    DD projshop.0049143C                   ;  入口地址
005F0E18 .  88134900    DD projshop.00491388                   ;  入口地址
005F0E1C .  F4904800    DD projshop.004890F4
005F0E20 .  9C094900    DD projshop.0049099C
005F0E24 .  D4494A00    DD projshop.004A49D4
005F0E28 .  D4064900    DD projshop.004906D4
005F0E2C .  3C904800    DD projshop.0048903C
005F0E30 .  40904800    DD projshop.00489040
005F0E34 .  C84A4A00    DD projshop.004A4AC8
005F0E38 .  3CC14800    DD projshop.0048C13C
005F0E3C .  A89B4800    DD projshop.00489BA8
005F0E40 .  B8914800    DD projshop.004891B8                   ;  入口地址
005F0E44 .  349D4800    DD projshop.00489D34
005F0E48 .  BC4C4A00    DD projshop.004A4CBC
005F0E4C .  884B4A00    DD projshop.004A4B88
005F0E50 .  6C9E4800    DD projshop.00489E6C
005F0E54 .  344D4A00    DD projshop.004A4D34                   ;  入口地址
005F0E58 .  C0C14800    DD projshop.0048C1C0
005F0E5C .  28074900    DD projshop.00490728                   ;  入口地址
005F0E60 .  E4074900    DD projshop.004907E4
005F0E64 .  38024900    DD projshop.00490238                   ;  入口地址
005F0E68 .  C8074900    DD projshop.004907C8
005F0E6C .  D43B4A00    DD projshop.004A3BD4                   ;  入口地址
005F0E70 .  D8534A00    DD projshop.004A53D8                   ;  入口地址
005F0E74 .  68DC4800    DD projshop.0048DC68                   ;  入口地址
005F0E78 .  9C604A00    DD projshop.004A609C                   ;  入口地址
005F0E7C .  FC634A00    DD projshop.004A63FC
005F0E80 .  B8624A00    DD projshop.004A62B8
005F0E84 .  00DD4800    DD projshop.0048DD00
005F0E88 .  04DD4800    DD projshop.0048DD04
005F0E8C .  34654A00    DD projshop.004A6534
005F0E90 .  64DB4800    DD projshop.0048DB64                   ;  入口地址
005F0E94 .  08094900    DD projshop.00490908
005F0E98 .  286C4A00    DD projshop.004A6C28
005F0E9C .  FC1A4900    DD projshop.00491AFC                   ;  入口地址
005F0EA0 .  84054900    DD projshop.00490584                   ;  入口地址
005F0EA4 .  80844A00    DD projshop.004A8480
005F0EA8 .  88354A00    DD projshop.004A3588
005F0EAC .  38384A00    DD projshop.004A3838
005F0EB0 .  1C724A00    DD projshop.004A721C
005F0EB4 .  58424A00    DD projshop.004A4258
005F0EB8 .  D4424A00    DD projshop.004A42D4
005F0EBC .  60884A00    DD projshop.004A8860
005F0EC0 .  903F4A00    DD projshop.004A3F90                   ;  入口地址
005F0EC4 .  20804A00    DD projshop.004A8020
005F0EC8 .  00674A00    DD projshop.004A6700
005F0ECC .  18854A00    DD projshop.004A8518
005F0ED0 .  B84C4A00    DD projshop.004A4CB8
005F0ED4    0E          DB 0E
005F0ED5    00          DB 00
005F0ED6    00          DB 00
005F0ED7    00          DB 00
005F0ED8    00          DB 00
005F0ED9    00          DB 00
005F0EDA    01          DB 01
005F0EDB    00          DB 00
005F0EDC    00          DB 00
005F0EDD    00          DB 00
005F0EDE .  20114000    DD projshop.00401120
005F0EE2    48          DB 48                                  ;  CHAR 'H'
005F0EE3    03          DB 03
005F0EE4    00          DB 00
005F0EE5    00          DB 00
005F0EE6    14          DB 14
005F0EE7    00          DB 00
005F0EE8 .  7F105F00    DD projshop.005F107F
005F0EEC    F8          DB F8
005F0EED    02          DB 02
005F0EEE    00          DB 00
005F0EEF    00          DB 00
005F0EF0    00          DB 00
005F0EF1    00          DB 00
005F0EF2 .  0F          DB 0F
005F0EF3 .  73 70 53 6B 6>ASCII "spSkinGroupBox1"
005F0F02    FC          DB FC
005F0F03    02          DB 02
005F0F04    00          DB 00
005F0F05    00          DB 00
005F0F06    01          DB 01
005F0F07    00          DB 00
005F0F08 .  0F          DB 0F
005F0F09 .  73 70 53 6B 6>ASCII "spSkinStdLabel1"
005F0F18    00          DB 00
005F0F19    03          DB 03
005F0F1A    00          DB 00
005F0F1B    00          DB 00
005F0F1C    02          DB 02
005F0F1D    00          DB 00
005F0F1E .  06          DB 06
005F0F1F .  4C 61 62 65 6>ASCII "Label3"
005F0F25    04          DB 04
005F0F26    03          DB 03
005F0F27    00          DB 00
005F0F28    00          DB 00
005F0F29    01          DB 01
005F0F2A    00          DB 00
005F0F2B .  0F          DB 0F
005F0F2C .  73 70 53 6B 6>ASCII "spSkinStdLabel6"
005F0F3B    08          DB 08
005F0F3C    03          DB 03
005F0F3D    00          DB 00
005F0F3E    00          DB 00
005F0F3F    02          DB 02
005F0F40    00          DB 00
005F0F41 .  06          DB 06
005F0F42 .  4C 61 62 65 6>ASCII "Label6"
005F0F48    0C          DB 0C
005F0F49    03          DB 03
005F0F4A    00          DB 00
005F0F4B    00          DB 00
005F0F4C    02          DB 02
005F0F4D    00          DB 00
005F0F4E .  06          DB 06
005F0F4F .  4C 61 62 65 6>ASCII "Label4"
005F0F55    10          DB 10
005F0F56    03          DB 03
005F0F57    00          DB 00
005F0F58    00          DB 00
005F0F59    02          DB 02
005F0F5A    00          DB 00
005F0F5B .  06          DB 06
005F0F5C .  4C 61 62 65 6>ASCII "Label5"
005F0F62    14          DB 14
005F0F63    03          DB 03
005F0F64    00          DB 00
005F0F65    00          DB 00
005F0F66    03          DB 03
005F0F67    00          DB 00
005F0F68 .  0C          DB 0C
005F0F69 .  45 64 69 74 5>ASCII "Edit_RegCode"
005F0F75    18          DB 18
005F0F76    03          DB 03
005F0F77    00          DB 00
005F0F78    00          DB 00
005F0F79    04          DB 04
005F0F7A    00          DB 00
005F0F7B .  07          DB 07
005F0F7C .  42 74 6E 4C 6>ASCII "BtnLjzc"
005F0F83    1C          DB 1C
005F0F84    03          DB 03
005F0F85    00          DB 00
005F0F86    00          DB 00
005F0F87    03          DB 03
005F0F88    00          DB 00
005F0F89 .  06          DB 06
005F0F8A .  45 64 52 65 6>ASCII "EdReg1"
005F0F90    20          DB 20                                  ;  CHAR ' '
005F0F91    03          DB 03
005F0F92    00          DB 00
005F0F93    00          DB 00
005F0F94    03          DB 03
005F0F95    00          DB 00
005F0F96 .  06          DB 06
005F0F97 .  45 64 52 65 6>ASCII "EdReg2"
005F0F9D    24          DB 24                                  ;  CHAR '$'
005F0F9E    03          DB 03
005F0F9F    00          DB 00
005F0FA0    00          DB 00
005F0FA1    03          DB 03
005F0FA2    00          DB 00
005F0FA3 .  06          DB 06
005F0FA4 .  45 64 52 65 6>ASCII "EdReg3"
005F0FAA    28          DB 28                                  ;  CHAR '('
005F0FAB    03          DB 03
005F0FAC    00          DB 00
005F0FAD    00          DB 00
005F0FAE    03          DB 03
005F0FAF    00          DB 00
005F0FB0 .  06          DB 06
005F0FB1 .  45 64 52 65 6>ASCII "EdReg4"
005F0FB7    2C          DB 2C                                  ;  CHAR ','
005F0FB8    03          DB 03
005F0FB9    00          DB 00
005F0FBA    00          DB 00
005F0FBB    04          DB 04
005F0FBC    00          DB 00
005F0FBD .  07          DB 07
005F0FBE .  42 74 6E 52 6>ASCII "BtnRhzc"
005F0FC5    30          DB 30                                  ;  CHAR '0'
005F0FC6    03          DB 03
005F0FC7    00          DB 00
005F0FC8    00          DB 00
005F0FC9    05          DB 05
005F0FCA    00          DB 00
005F0FCB .  0A          DB 0A
005F0FCC .  45 64 55 73 6>ASCII "EdUserCode"
005F0FD6    34          DB 34                                  ;  CHAR '4'
005F0FD7    03          DB 03
005F0FD8    00          DB 00
005F0FD9    00          DB 00
005F0FDA    06          DB 06
005F0FDB    00          DB 00
005F0FDC .  17          DB 17
005F0FDD .  73 70 43 6F 6>ASCII "spCompressedStor"
005F0FED .  65 64 53 6B 6>ASCII "edSkin1"
005F0FF4    38          DB 38                                  ;  CHAR '8'
005F0FF5    03          DB 03
005F0FF6    00          DB 00
005F0FF7    00          DB 00
005F0FF8    07          DB 07
005F0FF9    00          DB 00
005F0FFA .  0B          DB 0B
005F0FFB .  73 70 53 6B 6>ASCII "spSkinData1"
005F1006    3C          DB 3C                                  ;  CHAR '<'
005F1007    03          DB 03
005F1008    00          DB 00
005F1009    00          DB 00
005F100A    08          DB 08
005F100B    00          DB 00
005F100C .  12          DB 12
005F100D .  73 70 44 79 6>ASCII "spDynamicSkinFor"
005F101D .  6D 31       ASCII "m1"
005F101F    40          DB 40                                  ;  CHAR '@'
005F1020    03          DB 03
005F1021    00          DB 00
005F1022    00          DB 00
005F1023    02          DB 02
005F1024    00          DB 00
005F1025 .  06          DB 06
005F1026 .  4C 61 62 65 6>ASCII "Label1"
005F102C    44          DB 44                                  ;  CHAR 'D'
005F102D    03          DB 03
005F102E    00          DB 00
005F102F    00          DB 00
005F1030    09          DB 09
005F1031    00          DB 00
005F1032 .  0B          DB 0B
005F1033 .  73 70 53 6B 6>ASCII "spSkinMemo1"
005F103E    03          DB 03
005F103F    00          DB 00
005F1040    13          DB 13
005F1041    00          DB 00
005F1042 .  D0105F00    DD projshop.005F10D0
005F1046 .  0C          DB 0C
005F1047 .  42 74 6E 4C 6>ASCII "BtnLjzcClick"
005F1053    0F          DB 0F
005F1054    00          DB 00
005F1055 .  10115F00    DD projshop.005F1110
005F1059 .  08          DB 08
005F105A .  46 6F 72 6D 5>ASCII "FormShow"
005F1062    13          DB 13
005F1063    00          DB 00
005F1064 .  74125F00    DD projshop.005F1274
005F1068 .  0C          DB 0C
005F1069 .  42 74 6E 52 6>ASCII "BtnRhzcClick"
005F1075 .  09          DB 09
005F1076 .  54 46 72 6D 5>ASCII "TFrm_ljzc"
005F107F    0A          DB 0A
005F1080    00          DB 00
005F1081 .  B4D95100    DD projshop.0051D9B4
005F1085 .  54F05100    DD projshop.0051F054
005F1089 .  085B4700    DD projshop.00475B08
005F108D .  345E4E00    DD projshop.004E5E34
005F1091 .  BCDB5100    DD projshop.0051DBBC
005F1095 .  A4634700    DD projshop.004763A4
005F1099 .  A0CE4C00    DD projshop.004CCEA0
005F109D .  04D14C00    DD projshop.004CD104
005F10A1 .  1CD94F00    DD projshop.004FD91C
005F10A5 .  F4674E00    DD projshop.004E67F4
005F10A9    8D40 00    LEA EAX,DWORD PTR DS:[EAX]
005F10AC .  B0105F00    DD projshop.005F10B0
005F10B0    07          DB 07
005F10B1 .  09          DB 09
005F10B2 .  54 46 72 6D 5>ASCII "TFrm_ljzc"
005F10BB .  E00D5F00    DD projshop.005F0DE0
005F10BF .  88124A00    DD projshop.004A1288
005F10C3    5E          DB 5E                                  ;  CHAR '^'
005F10C4    00          DB 00
005F10C5 .  06          DB 06
005F10C6 .  5A 43 46 6F 7>ASCII "ZCForm"
005F10CC    00          DB 00
005F10CD    00          DB 00
005F10CE    8BC0       MOV EAX,EAX
005F10D0 .  6A 00       PUSH 0
005F10D2 >  B9 EC105F00 MOV ECX,projshop.005F10EC             ;  警告框
005F10D7 .  BA F4105F00 MOV EDX,projshop.005F10F4             ;  注册码错误!请与我们联系!
005F10DC .  A1 043D7500 MOV EAX,DWORD PTR DS:[753D04]
005F10E1 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
005F10E3 .  E8 44AEEBFF CALL projshop.004ABF2C
005F10E8 .  C3          RETN

		自动登录	找回密码
密码			加入我们

[讨论] 求追码分析过程

相关帖子