|
[高分求解]软件脱壳后,用DEDE找到的断点在OD无法找到呢!
DEDE中的按钮事件,在OD中根本找不到呀! |
|
[高分求解]软件脱壳后,用DEDE找到的断点在OD无法找到呢!
OD打开只能显示到! 0055E000 832D B8859A00 0>sub dword ptr [9A85B8], 1 0055E007 0F83 87000000 jnb 0055E094 0055E00D E8 E64BEAFF call 00402BF8 0055E012 C605 08005600 0>mov byte ptr [560008], 2 0055E019 C705 14809A00 5>mov dword ptr [9A8014], <jmp.&kernel> 0055E023 C705 18809A00 6>mov dword ptr [9A8018], <jmp.&kernel> 0055E02D C605 4E809A00 0>mov byte ptr [9A804E], 2 0055E034 C705 00809A00 A>mov dword ptr [9A8000], 004064A8 0055E03E E8 D15FEAFF call 00404014 0055E043 84C0 test al, al 0055E045 74 05 je short 0055E04C 0055E047 E8 F85FEAFF call 00404044 0055E04C E8 B760EAFF call 00404108 0055E051 66:C705 54809A0>mov word ptr [9A8054], 0D7B0 0055E05A 66:C705 20829A0>mov word ptr [9A8220], 0D7B0 0055E063 66:C705 EC839A0>mov word ptr [9A83EC], 0D7B0 0055E06C E8 5733EAFF call <jmp.&kernel32.GetCommandLineA> 0055E071 A3 40809A00 mov dword ptr [9A8040], eax 0055E076 E8 1D34EAFF call 00401498 0055E07B A3 3C809A00 mov dword ptr [9A803C], eax 0055E080 E8 8F98EAFF call <jmp.&kernel32.GetACP> 0055E085 A3 BC859A00 mov dword ptr [9A85BC], eax 0055E08A E8 0134EAFF call <jmp.&kernel32.GetCurrentThreadI> 0055E08F A3 34809A00 mov dword ptr [9A8034], eax 0055E094 C3 retn 0055E095 8D40 00 lea eax, dword ptr [eax] 0055E098 832D 00A89A00 0>sub dword ptr [9AA800], 1 0055E09F 73 07 jnb short 0055E0A8 0055E0A1 33C0 xor eax, eax 0055E0A3 A3 04A89A00 mov dword ptr [9AA804], eax 0055E0A8 C3 retn 0055E0A9 8D40 00 lea eax, dword ptr [eax] 0055E0AC 55 push ebp 0055E0AD 8BEC mov ebp, esp 0055E0AF 33C0 xor eax, eax 0055E0B1 55 push ebp 0055E0B2 68 1EE15500 push 0055E11E 0055E0B7 64:FF30 push dword ptr fs:[eax] 0055E0BA 64:8920 mov dword ptr fs:[eax], esp 0055E0BD 832D 18A99A00 0>sub dword ptr [9AA918], 1 0055E0C4 73 4A jnb short 0055E110 0055E0C6 B8 1C164100 mov eax, 0041161C 0055E0CB E8 4C6EEAFF call 00404F1C 0055E0D0 B8 08174100 mov eax, 00411708 0055E0D5 E8 6A6EEAFF call 00404F44 0055E0DA 803D F5A79A00 0>cmp byte ptr [9AA7F5], 0 0055E0E1 74 0F je short 0055E0F2 0055E0E3 B8 30085600 mov eax, 00560830 0055E0E8 BA 30E15500 mov edx, 0055E130 ; ASCII "0x" 0055E0ED E8 1A71EAFF call 0040520C 0055E0F2 E8 A51AEBFF call 0040FB9C 0055E0F7 B8 780B4100 mov eax, 00410B78 0055E0FC E8 5F91EAFF call 00407260 0055E101 E8 9A1BEBFF call 0040FCA0 0055E106 E8 8D2EEBFF call 00410F98 0055E10B E8 4025EBFF call 00410650 0055E110 33C0 xor eax, eax 0055E112 5A pop edx 0055E113 59 pop ecx 0055E114 59 pop ecx 0055E115 64:8910 mov dword ptr fs:[eax], edx 0055E118 68 25E15500 push 0055E125 0055E11D C3 retn ; RET 用作跳转到 0055E125 0055E11E - E9 FD68EAFF jmp 00404A20 0055E123 ^ EB F8 jmp short 0055E11D 0055E125 5D pop ebp 0055E126 C3 retn 0055E127 00FF add bh, bh 0055E129 FFFF ??? ; 未知命令 0055E12B FF02 inc dword ptr [edx] 0055E12D 0000 add byte ptr [eax], al 0055E12F 0030 add byte ptr [eax], dh 0055E131 78 00 js short 0055E133 0055E133 0083 2D80B29A add byte ptr [ebx+9AB2802D], al 0055E139 0001 add byte ptr [ecx], al 0055E13B 73 05 jnb short 0055E142 0055E13D E8 1E3EEBFF call 00411F60 0055E142 C3 retn 0055E143 90 nop 0055E144 55 push ebp 0055E145 8BEC mov ebp, esp 0055E147 33C0 xor eax, eax 0055E149 55 push ebp 0055E14A 68 E5E15500 push 0055E1E5 0055E14F 64:FF30 push dword ptr fs:[eax] 0055E152 64:8920 mov dword ptr fs:[eax], esp 0055E155 832D A4B29A00 0>sub dword ptr [9AB2A4], 1 0055E15C 73 79 jnb short 0055E1D7 0055E15E B8 84B29A00 mov eax, 009AB284 0055E163 E8 6CB9EBFF call 00419AD4 0055E168 B8 F02F4100 mov eax, 00412FF0 ; 入口地址 0055E16D A3 94B29A00 mov dword ptr [9AB294], eax 0055E172 B8 402B4100 mov eax, 00412B40 ; 入口地址 0055E177 A3 98B29A00 mov dword ptr [9AB298], eax 0055E17C BA 502A4100 mov edx, 00412A50 ; 入口地址 0055E181 8915 9CB29A00 mov dword ptr [9AB29C], edx 0055E187 A3 A0B29A00 mov dword ptr [9AB2A0], eax 0055E18C B8 F0324100 mov eax, 004132F0 ; 入口地址 0055E191 8B15 FC6B9A00 mov edx, dword ptr [9A6BFC] ; unRecove.0056000C 0055E197 8902 mov dword ptr [edx], eax 0055E199 B8 94954100 mov eax, 00419594 ; 入口地址 0055E19E 8B15 98669A00 mov edx, dword ptr [9A6698] ; unRecove.00560010 0055E1A4 8902 mov dword ptr [edx], eax 0055E1A6 B8 08374100 mov eax, 00413708 ; 入口地址 0055E1AB 8B15 346D9A00 mov edx, dword ptr [9A6D34] ; unRecove.00560014 0055E1B1 8902 mov dword ptr [edx], eax 0055E1B3 B8 84694100 mov eax, 00416984 ; 入口地址 0055E1B8 8B15 58709A00 mov edx, dword ptr [9A7058] ; unRecove.00560018 0055E1BE 8902 mov dword ptr [edx], eax 0055E1C0 B8 A4704100 mov eax, 004170A4 ; 入口地址 0055E1C5 8B15 8C6D9A00 mov edx, dword ptr [9A6D8C] ; unRecove.0056001C 0055E1CB 8902 mov dword ptr [edx], eax 0055E1CD 68 ACB29A00 push 009AB2AC 0055E1D2 E8 719CEAFF call <jmp.&kernel32.InitializeCritica> 0055E1D7 33C0 xor eax, eax 0055E1D9 5A pop edx 0055E1DA 59 pop ecx 0055E1DB 59 pop ecx 0055E1DC 64:8910 mov dword ptr fs:[eax], edx 0055E1DF 68 ECE15500 push 0055E1EC 0055E1E4 C3 retn ; RET 用作跳转到 0055E1EC 0055E1E5 - E9 3668EAFF jmp 00404A20 0055E1EA ^ EB F8 jmp short 0055E1E4 0055E1EC 5D pop ebp 0055E1ED C3 retn 0055E1EE 8BC0 mov eax, eax 0055E1F0 832D C4B29A00 0>sub dword ptr [9AB2C4], 1 0055E1F7 C3 retn 0055E1F8 55 push ebp 0055E1F9 8BEC mov ebp, esp 0055E1FB 33C0 xor eax, eax 0055E1FD 55 push ebp 0055E1FE 68 81E25500 push 0055E281 0055E203 64:FF30 push dword ptr fs:[eax] 0055E206 64:8920 mov dword ptr fs:[eax], esp 0055E209 832D D4B29A00 0>sub dword ptr [9AB2D4], 1 0055E210 73 61 jnb short 0055E273 0055E212 E8 FDBFECFF call 0042A214 0055E217 B8 F0B44200 mov eax, 0042B4F0 0055E21C E8 2F90EAFF call 00407250 0055E221 B2 01 mov dl, 1 0055E223 A1 209B4000 mov eax, dword ptr [409B20] 0055E228 E8 2F2FEBFF call 0041115C 0055E22D 8BD0 mov edx, eax 0055E22F 85D2 test edx, edx 0055E231 74 03 je short 0055E236 0055E233 83EA D4 sub edx, -2C 0055E236 B8 C8B29A00 mov eax, 009AB2C8 0055E23B E8 9891EAFF call 004073D8 0055E240 B2 01 mov dl, 1 0055E242 A1 D8F54100 mov eax, dword ptr [41F5D8] 0055E247 E8 0418ECFF call 0041FA50 0055E24C A3 DCB29A00 mov dword ptr [9AB2DC], eax 0055E251 B2 01 mov dl, 1 0055E253 A1 90E14100 mov eax, dword ptr [41E190] 0055E258 E8 872FECFF call 004211E4 0055E25D A3 D8B29A00 mov dword ptr [9AB2D8], eax 0055E262 B2 01 mov dl, 1 0055E264 A1 90E14100 mov eax, dword ptr [41E190] 0055E269 E8 762FECFF call 004211E4 0055E26E A3 E4B29A00 mov dword ptr [9AB2E4], eax 0055E273 33C0 xor eax, eax 0055E275 5A pop edx 0055E276 59 pop ecx 0055E277 59 pop ecx 0055E278 64:8910 mov dword ptr fs:[eax], edx 0055E27B 68 88E25500 push 0055E288 0055E280 C3 retn ; RET 用作跳转到 0055E288 0055E281 - E9 9A67EAFF jmp 00404A20 0055E286 ^ EB F8 jmp short 0055E280 0055E288 5D pop ebp 0055E289 C3 retn 0055E28A 8BC0 mov eax, eax 0055E28C 832D 08B39A00 0>sub dword ptr [9AB308], 1 0055E293 C3 retn 0055E294 832D 30B39A00 0>sub dword ptr [9AB330], 1 0055E29B 73 05 jnb short 0055E2A2 0055E29D E8 3AF0ECFF call 0042D2DC 0055E2A2 C3 retn 0055E2A3 90 nop 0055E2A4 832D 4CB39A00 0>sub dword ptr [9AB34C], 1 0055E2AB C3 retn 0055E2AC 832D 50B39A00 0>sub dword ptr [9AB350], 1 0055E2B3 C3 retn 0055E2B4 832D 58B39A00 0>sub dword ptr [9AB358], 1 0055E2BB 0F83 ED000000 jnb 0055E3AE 0055E2C1 E8 FE94EDFF call 004377C4 0055E2C6 68 70B39A00 push 009AB370 0055E2CB E8 789BEAFF call <jmp.&kernel32.InitializeCritica> 0055E2D0 68 88B39A00 push 009AB388 0055E2D5 E8 6E9BEAFF call <jmp.&kernel32.InitializeCritica> 0055E2DA 6A 07 push 7 0055E2DC E8 DF9DEAFF call <jmp.&gdi32.GetStockObject> 0055E2E1 A3 60B39A00 mov dword ptr [9AB360], eax 0055E2E6 6A 05 push 5 0055E2E8 E8 D39DEAFF call <jmp.&gdi32.GetStockObject> 0055E2ED A3 64B39A00 mov dword ptr [9AB364], eax 0055E2F2 6A 0D push 0D 0055E2F4 E8 C79DEAFF call <jmp.&gdi32.GetStockObject> 0055E2F9 A3 68B39A00 mov dword ptr [9AB368], eax 0055E2FE 68 007F0000 push 7F00 0055E303 6A 00 push 0 0055E305 E8 1EA3EAFF call <jmp.&user32.LoadIconA> 0055E30A A3 6CB39A00 mov dword ptr [9AB36C], eax 0055E30F E8 2C95EDFF call 00437840 0055E314 66:B9 3000 mov cx, 30 0055E318 B2 01 mov dl, 1 0055E31A A1 48F34200 mov eax, dword ptr [42F348] 0055E31F E8 0C11EDFF call 0042F430 0055E324 A3 A0B39A00 mov dword ptr [9AB3A0], eax 0055E329 66:B9 1000 mov cx, 10 0055E32D B2 01 mov dl, 1 0055E32F A1 48F34200 mov eax, dword ptr [42F348] 0055E334 E8 F710EDFF call 0042F430 0055E339 A3 A4B39A00 mov dword ptr [9AB3A4], eax 0055E33E 66:B9 1000 mov cx, 10 0055E342 B2 01 mov dl, 1 0055E344 A1 B0F34200 mov eax, dword ptr [42F3B0] 0055E349 E8 E210EDFF call 0042F430 0055E34E A3 A8B39A00 mov dword ptr [9AB3A8], eax 0055E353 B2 01 mov dl, 1 0055E355 A1 C0794300 mov eax, dword ptr [4379C0] 0055E35A E8 BD96EDFF call 00437A1C 0055E35F A3 B0B39A00 mov dword ptr [9AB3B0], eax 0055E364 B2 01 mov dl, 1 0055E366 A1 90E14100 mov eax, dword ptr [41E190] 0055E36B E8 742EECFF call 004211E4 0055E370 A3 50105600 mov dword ptr [561050], eax 0055E375 B2 01 mov dl, 1 0055E377 A1 90E14100 mov eax, dword ptr [41E190] 0055E37C E8 632EECFF call 004211E4 0055E381 A3 ACB39A00 mov dword ptr [9AB3AC], eax 0055E386 B9 B4FC4200 mov ecx, 0042FCB4 0055E38B BA C4FC4200 mov edx, 0042FCC4 0055E390 A1 08E34200 mov eax, dword ptr [42E308] 0055E395 E8 CE1FECFF call 00420368 0055E39A B9 BCFE4200 mov ecx, 0042FEBC 0055E39F BA CCFE4200 mov edx, 0042FECC 0055E3A4 A1 38E44200 mov eax, dword ptr [42E438] 0055E3A9 E8 BA1FECFF call 00420368 0055E3AE C3 retn 0055E3AF 90 nop 0055E3B0 832D 70B49A00 0>sub dword ptr [9AB470], 1 0055E3B7 73 11 jnb short 0055E3CA 0055E3B9 B2 01 mov dl, 1 0055E3BB A1 3C7E4300 mov eax, dword ptr [437E3C] 0055E3C0 E8 E79AEDFF call 00437EAC 0055E3C5 A3 7CB49A00 mov dword ptr [9AB47C], eax 0055E3CA C3 retn 0055E3CB 90 nop 0055E3CC 832D 80B49A00 0>sub dword ptr [9AB480], 1 0055E3D3 C3 retn 0055E3D4 832D 84B49A00 0>sub dword ptr [9AB484], 1 0055E3DB 73 75 jnb short 0055E452 0055E3DD E8 1296EAFF call 004079F4 0055E3E2 33D2 xor edx, edx 0055E3E4 8990 10000000 mov dword ptr [eax+10], edx 0055E3EA E8 0596EAFF call 004079F4 0055E3EF 33D2 xor edx, edx 0055E3F1 8990 14000000 mov dword ptr [eax+14], edx 0055E3F7 E8 F895EAFF call 004079F4 0055E3FC 33D2 xor edx, edx 0055E3FE 8990 18000000 mov dword ptr [eax+18], edx 0055E404 E8 EB95EAFF call 004079F4 0055E409 33D2 xor edx, edx 0055E40B 8990 1C000000 mov dword ptr [eax+1C], edx 0055E411 E8 DE95EAFF call 004079F4 0055E416 33D2 xor edx, edx 0055E418 8990 20000000 mov dword ptr [eax+20], edx 0055E41E E8 D195EAFF call 004079F4 0055E423 33D2 xor edx, edx 0055E425 8990 24000000 mov dword ptr [eax+24], edx 0055E42B E8 C495EAFF call 004079F4 0055E430 33D2 xor edx, edx 0055E432 8990 28000000 mov dword ptr [eax+28], edx 0055E438 E8 B795EAFF call 004079F4 0055E43D 33D2 xor edx, edx 0055E43F 8990 2C000000 mov dword ptr [eax+2C], edx 0055E445 E8 AA95EAFF call 004079F4 0055E44A 33D2 xor edx, edx 0055E44C 8990 30000000 mov dword ptr [eax+30], edx 0055E452 C3 retn 0055E453 90 nop 0055E454 832D 8CB49A00 0>sub dword ptr [9AB48C], 1 0055E45B 73 29 jnb short 0055E486 0055E45D A1 1C714500 mov eax, dword ptr [45711C] 0055E462 E8 751DECFF call 004201DC 0055E467 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168 0055E46D A1 686F4400 mov eax, dword ptr [446F68] 0055E472 E8 B11DECFF call 00420228 0055E477 68 88E45500 push 0055E488 ; ASCII "TaskbarCreated" 0055E47C E8 47A2EAFF call <jmp.&user32.RegisterClipboardFo> 0055E481 A3 88B49A00 mov dword ptr [9AB488], eax 0055E486 C3 retn 0055E487 005461 73 add byte ptr [ecx+73], dl 0055E48B 6B62 61 72 imul esp, dword ptr [edx+61], 72 0055E48F 43 inc ebx 0055E490 72 65 jb short 0055E4F7 0055E492 61 popad 0055E493 74 65 je short 0055E4FA 0055E495 64:0000 add byte ptr fs:[eax], al 0055E498 832D 90B49A00 0>sub dword ptr [9AB490], 1 0055E49F 73 33 jnb short 0055E4D4 0055E4A1 B8 40D24400 mov eax, 0044D240 0055E4A6 E8 996AEAFF call 00404F44 0055E4AB E8 F4ECEEFF call 0044D1A4 0055E4B0 A1 1C714500 mov eax, dword ptr [45711C] 0055E4B5 E8 221DECFF call 004201DC 0055E4BA A1 1C714500 mov eax, dword ptr [45711C] 0055E4BF E8 B81DECFF call 0042027C 0055E4C4 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168 0055E4CA A1 D0AB4400 mov eax, dword ptr [44ABD0] 0055E4CF E8 541DECFF call 00420228 0055E4D4 C3 retn 0055E4D5 8D40 00 lea eax, dword ptr [eax] 0055E4D8 832D CCB49A00 0>sub dword ptr [9AB4CC], 1 0055E4DF 73 27 jnb short 0055E508 0055E4E1 68 0CE55500 push 0055E50C ; ASCII "Delphi Picture" 0055E4E6 E8 D5A1EAFF call <jmp.&user32.RegisterClipboardFo> 0055E4EB 66:A3 C8B49A00 mov word ptr [9AB4C8], ax 0055E4F1 68 1CE55500 push 0055E51C ; ASCII "Delphi Component" 0055E4F6 E8 C5A1EAFF call <jmp.&user32.RegisterClipboardFo> 0055E4FB 66:A3 CAB49A00 mov word ptr [9AB4CA], ax 0055E501 33C0 xor eax, eax 0055E503 A3 D0B49A00 mov dword ptr [9AB4D0], eax 0055E508 C3 retn 0055E509 0000 add byte ptr [eax], al 0055E50B 004465 6C add byte ptr [ebp+6C], al 0055E50F 70 68 jo short 0055E579 0055E511 6920 50696374 imul esp, dword ptr [eax], 74636950 0055E517 75 72 jnz short 0055E58B 0055E519 65:0000 add byte ptr gs:[eax], al 0055E51C 44 inc esp 0055E51D 65:6C ins byte ptr es:[edi], dx 0055E51F 70 68 jo short 0055E589 0055E521 6920 436F6D70 imul esp, dword ptr [eax], 706D6F43 0055E527 6F outs dx, dword ptr es:[edi] 0055E528 6E outs dx, byte ptr es:[edi] 0055E529 65:6E outs dx, byte ptr es:[edi] 0055E52B 74 00 je short 0055E52D 0055E52D 0000 add byte ptr [eax], al 0055E52F 0083 2DF4B49A add byte ptr [ebx+9AB4F42D], al 0055E535 0001 add byte ptr [ecx], al 0055E537 73 05 jnb short 0055E53E 0055E539 E8 DEF9EEFF call 0044DF1C 0055E53E C3 retn 0055E53F 90 nop 0055E540 832D 08B59A00 0>sub dword ptr [9AB508], 1 0055E547 C3 retn 0055E548 832D 18B59A00 0>sub dword ptr [9AB518], 1 0055E54F 73 7B jnb short 0055E5CC 0055E551 B8 585B4500 mov eax, 00455B58 0055E556 E8 C169EAFF call 00404F1C 0055E55B A1 1C714500 mov eax, dword ptr [45711C] 0055E560 E8 771CECFF call 004201DC 0055E565 A1 1C714500 mov eax, dword ptr [45711C] 0055E56A E8 0D1DECFF call 0042027C 0055E56F 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168 0055E575 A1 64F54400 mov eax, dword ptr [44F564] 0055E57A E8 A91CECFF call 00420228 0055E57F 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168 0055E585 A1 88F94400 mov eax, dword ptr [44F988] 0055E58A E8 991CECFF call 00420228 0055E58F A1 64F54400 mov eax, dword ptr [44F564] 0055E594 E8 531BECFF call 004200EC 0055E599 B2 01 mov dl, 1 0055E59B A1 5CE34100 mov eax, dword ptr [41E35C] 0055E5A0 E8 6F5CEAFF call 00404214 0055E5A5 A3 1CB59A00 mov dword ptr [9AB51C], eax 0055E5AA B2 01 mov dl, 1 0055E5AC A1 0C004500 mov eax, dword ptr [45000C] 0055E5B1 E8 5E5CEAFF call 00404214 0055E5B6 A3 10B59A00 mov dword ptr [9AB510], eax 0055E5BB B2 01 mov dl, 1 0055E5BD A1 78004500 mov eax, dword ptr [450078] 0055E5C2 E8 89D4ECFF call 0042BA50 0055E5C7 A3 14B59A00 mov dword ptr [9AB514], eax 0055E5CC C3 retn 0055E5CD 8D40 00 lea eax, dword ptr [eax] 0055E5D0 55 push ebp 0055E5D1 8BEC mov ebp, esp 0055E5D3 33C0 xor eax, eax 0055E5D5 55 push ebp 0055E5D6 68 56E65500 push 0055E656 0055E5DB 64:FF30 push dword ptr fs:[eax] 0055E5DE 64:8920 mov dword ptr fs:[eax], esp 0055E5E1 832D 30B59A00 0>sub dword ptr [9AB530], 1 0055E5E8 73 5E jnb short 0055E648 0055E5EA E8 F997EAFF call <jmp.&kernel32.GetVersion> 0055E5EF 25 FF000000 and eax, 0FF 0055E5F4 66:83F8 04 cmp ax, 4 0055E5F8 0F9305 2CB59A00 setnb byte ptr [9AB52C] 0055E5FF E8 5CB0F0FF call 00469660 0055E604 A1 1C714500 mov eax, dword ptr [45711C] 0055E609 E8 CE1BECFF call 004201DC 0055E60E A1 1C714500 mov eax, dword ptr [45711C] 0055E613 E8 641CECFF call 0042027C 0055E618 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168 0055E61E A1 809D4600 mov eax, dword ptr [469D80] 0055E623 E8 001CECFF call 00420228 0055E628 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168 0055E62E A1 ACBA4600 mov eax, dword ptr [46BAAC] 0055E633 E8 F01BECFF call 00420228 0055E638 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168 0055E63E A1 D0BB4600 mov eax, dword ptr [46BBD0] 0055E643 E8 E01BECFF call 00420228 0055E648 33C0 xor eax, eax 0055E64A 5A pop edx 0055E64B 59 pop ecx 0055E64C 59 pop ecx 0055E64D 64:8910 mov dword ptr fs:[eax], edx 0055E650 68 5DE65500 push 0055E65D 0055E655 C3 retn ; RET 用作跳转到 0055E65D 0055E656 - E9 C563EAFF jmp 00404A20 0055E65B ^ EB F8 jmp short 0055E655 0055E65D 5D pop ebp 0055E65E C3 retn 0055E65F 90 nop 0055E660 832D B0B59A00 0>sub dword ptr [9AB5B0], 1 0055E667 73 20 jnb short 0055E689 0055E669 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168 0055E66F A1 D0BB4600 mov eax, dword ptr [46BBD0] 0055E674 E8 AF1BECFF call 00420228 0055E679 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168 0055E67F A1 ACBA4600 mov eax, dword ptr [46BAAC] 0055E684 E8 9F1BECFF call 00420228 0055E689 C3 retn 0055E68A 8BC0 mov eax, eax 0055E68C 832D BCB59A00 0>sub dword ptr [9AB5BC], 1 0055E693 73 2F jnb short 0055E6C4 0055E695 B8 D8AE4700 mov eax, 0047AED8 0055E69A E8 A568EAFF call 00404F44 0055E69F E8 4CC7F1FF call 0047ADF0 0055E6A4 68 C8E65500 push 0055E6C8 ; ASCII "TaskbarCreated" 0055E6A9 E8 1AA0EAFF call <jmp.&user32.RegisterClipboardFo> 0055E6AE A3 C0B59A00 mov dword ptr [9AB5C0], eax 0055E6B3 B8 58F14600 mov eax, 0046F158 0055E6B8 E8 531EECFF call 00420510 0055E6BD 33C0 xor eax, eax 0055E6BF A3 D4B59A00 mov dword ptr [9AB5D4], eax 0055E6C4 C3 retn 0055E6C5 0000 add byte ptr [eax], al 0055E6C7 005461 73 add byte ptr [ecx+73], dl 0055E6CB 6B62 61 72 imul esp, dword ptr [edx+61], 72 0055E6CF 43 inc ebx 0055E6D0 72 65 jb short 0055E737 0055E6D2 61 popad 0055E6D3 74 65 je short 0055E73A 0055E6D5 64:0000 add byte ptr fs:[eax], al 0055E6D8 832D D8B59A00 0>sub dword ptr [9AB5D8], 1 0055E6DF 73 1B jnb short 0055E6FC 0055E6E1 B8 98974800 mov eax, 00489798 0055E6E6 E8 5968EAFF call 00404F44 0055E6EB B8 DCB59A00 mov eax, 009AB5DC 0055E6F0 33C9 xor ecx, ecx 0055E6F2 BA 2C000000 mov edx, 2C 0055E6F7 E8 7852EAFF call 00403974 0055E6FC C3 retn 0055E6FD 8D40 00 lea eax, dword ptr [eax] 0055E700 832D 08B69A00 0>sub dword ptr [9AB608], 1 0055E707 73 0A jnb short 0055E713 0055E709 B8 94984800 mov eax, 00489894 0055E70E E8 0968EAFF call 00404F1C 0055E713 C3 retn 0055E714 832D 0CB69A00 0>sub dword ptr [9AB60C], 1 0055E71B C3 retn 0055E71C 832D 10B69A00 0>sub dword ptr [9AB610], 1 0055E723 C3 retn 0055E724 832D 1CB69A00 0>sub dword ptr [9AB61C], 1 0055E72B C3 retn 0055E72C 832D 2CB69A00 0>sub dword ptr [9AB62C], 1 0055E733 73 0F jnb short 0055E744 0055E735 BA 341D5600 mov edx, 00561D34 ; ASCII "8yI" 0055E73A A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055E73F E8 B891F3FF call 004978FC 0055E744 C3 retn 0055E745 8D40 00 lea eax, dword ptr [eax] 0055E748 832D 30B69A00 0>sub dword ptr [9AB630], 1 0055E74F 73 0F jnb short 0055E760 0055E751 BA 4C1D5600 mov edx, 00561D4C 0055E756 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055E75B E8 9C91F3FF call 004978FC 0055E760 C3 retn 0055E761 8D40 00 lea eax, dword ptr [eax] 0055E764 832D 34B69A00 0>sub dword ptr [9AB634], 1 0055E76B 73 0F jnb short 0055E77C 0055E76D BA 941D5600 mov edx, 00561D94 0055E772 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055E777 E8 8091F3FF call 004978FC 0055E77C C3 retn 0055E77D 8D40 00 lea eax, dword ptr [eax] 0055E780 832D 38B69A00 0>sub dword ptr [9AB638], 1 0055E787 73 0F jnb short 0055E798 0055E789 BA AC1D5600 mov edx, 00561DAC 0055E78E A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055E793 E8 6491F3FF call 004978FC 0055E798 C3 retn 0055E799 8D40 00 lea eax, dword ptr [eax] 0055E79C 832D 3CB69A00 0>sub dword ptr [9AB63C], 1 0055E7A3 73 19 jnb short 0055E7BE 0055E7A5 B8 088B4900 mov eax, 00498B08 0055E7AA E8 6D67EAFF call 00404F1C 0055E7AF BA FC215600 mov edx, 005621FC 0055E7B4 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055E7B9 E8 3E91F3FF call 004978FC 0055E7BE C3 retn 0055E7BF 90 nop 0055E7C0 832D 40B69A00 0>sub dword ptr [9AB640], 1 0055E7C7 73 0F jnb short 0055E7D8 0055E7C9 BA 14225600 mov edx, 00562214 0055E7CE A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055E7D3 E8 2491F3FF call 004978FC 0055E7D8 C3 retn 0055E7D9 8D40 00 lea eax, dword ptr [eax] 0055E7DC 832D 44B69A00 0>sub dword ptr [9AB644], 1 0055E7E3 73 4B jnb short 0055E830 0055E7E5 E8 36ACF3FF call 00499420 0055E7EA B8 8C9A4900 mov eax, 00499A8C 0055E7EF 8B15 9C6D9A00 mov edx, dword ptr [9A6D9C] ; unRecove.009AB294 0055E7F5 8902 mov dword ptr [edx], eax 0055E7F7 A1 1C679A00 mov eax, dword ptr [9A671C] 0055E7FC C700 FC9C4900 mov dword ptr [eax], 00499CFC 0055E802 B8 24954900 mov eax, 00499524 0055E807 8B15 706E9A00 mov edx, dword ptr [9A6E70] ; unRecove.009A8020 0055E80D 8902 mov dword ptr [edx], eax 0055E80F A1 44669A00 mov eax, dword ptr [9A6644] 0055E814 8038 00 cmp byte ptr [eax], 0 0055E817 75 17 jnz short 0055E830 0055E819 A1 6C6B9A00 mov eax, dword ptr [9A6B6C] 0055E81E 8B00 mov eax, dword ptr [eax] 0055E820 A3 50B69A00 mov dword ptr [9AB650], eax 0055E825 A1 6C6B9A00 mov eax, dword ptr [9A6B6C] 0055E82A C700 D89D4900 mov dword ptr [eax], 00499DD8 0055E830 C3 retn 0055E831 8D40 00 lea eax, dword ptr [eax] 0055E834 832D 58B69A00 0>sub dword ptr [9AB658], 1 0055E83B 73 0F jnb short 0055E84C 0055E83D BA 5C225600 mov edx, 0056225C 0055E842 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055E847 E8 B090F3FF call 004978FC 0055E84C C3 retn 0055E84D 8D40 00 lea eax, dword ptr [eax] 0055E850 832D 60B69A00 0>sub dword ptr [9AB660], 1 0055E857 73 0F jnb short 0055E868 0055E859 BA DC225600 mov edx, 005622DC 0055E85E A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055E863 E8 9490F3FF call 004978FC 0055E868 C3 retn 0055E869 8D40 00 lea eax, dword ptr [eax] 0055E86C 55 push ebp 0055E86D 8BEC mov ebp, esp 0055E86F 33C0 xor eax, eax 0055E871 55 push ebp 0055E872 68 B8E95500 push 0055E9B8 0055E877 64:FF30 push dword ptr fs:[eax] 0055E87A 64:8920 mov dword ptr fs:[eax], esp 0055E87D 832D 6CB69A00 0>sub dword ptr [9AB66C], 1 0055E884 0F83 20010000 jnb 0055E9AA 0055E88A A1 44669A00 mov eax, dword ptr [9A6644] 0055E88F 8038 00 cmp byte ptr [eax], 0 0055E892 74 3E je short 0055E8D2 0055E894 B8 64B69A00 mov eax, 009AB664 0055E899 BA 2C010000 mov edx, 12C 0055E89E E8 7170EAFF call 00405914 0055E8A3 A1 64B69A00 mov eax, dword ptr [9AB664] 0055E8A8 E8 DB6BEAFF call 00405488 0055E8AD 50 push eax 0055E8AE A1 64B69A00 mov eax, dword ptr [9AB664] 0055E8B3 E8 D46DEAFF call 0040568C 0055E8B8 50 push eax 0055E8B9 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055E8BE 50 push eax 0055E8BF E8 DC94EAFF call <jmp.&kernel32.GetModuleFileName> 0055E8C4 8BD0 mov edx, eax 0055E8C6 B8 64B69A00 mov eax, 009AB664 0055E8CB E8 4470EAFF call 00405914 0055E8D0 EB 0C jmp short 0055E8DE 0055E8D2 BA 64B69A00 mov edx, 009AB664 0055E8D7 33C0 xor eax, eax 0055E8D9 E8 4A4AEAFF call 00403328 0055E8DE B2 01 mov dl, 1 0055E8E0 A1 C4C44900 mov eax, dword ptr [49C4C4] 0055E8E5 E8 2E05F4FF call 0049EE18 0055E8EA A3 70B69A00 mov dword ptr [9AB670], eax 0055E8EF A1 70B69A00 mov eax, dword ptr [9AB670] 0055E8F4 E8 8702F4FF call 0049EB80 0055E8F9 B2 01 mov dl, 1 0055E8FB A1 0CE94100 mov eax, dword ptr [41E90C] 0055E900 E8 0F59EAFF call 00404214 0055E905 A3 78B69A00 mov dword ptr [9AB678], eax 0055E90A BA CCE95500 mov edx, 0055E9CC ; ASCII "default" 0055E90F A1 78B69A00 mov eax, dword ptr [9AB678] 0055E914 8B08 mov ecx, dword ptr [eax] 0055E916 FF51 38 call dword ptr [ecx+38] 0055E919 B2 01 mov dl, 1 0055E91B A1 209B4000 mov eax, dword ptr [409B20] 0055E920 E8 3728EBFF call 0041115C 0055E925 A3 74B69A00 mov dword ptr [9AB674], eax 0055E92A B2 01 mov dl, 1 0055E92C A1 D4C34900 mov eax, dword ptr [49C3D4] 0055E931 E8 52F5F3FF call 0049DE88 0055E936 A3 68B69A00 mov dword ptr [9AB668], eax 0055E93B A1 E4709A00 mov eax, dword ptr [9A70E4] 0055E940 8338 02 cmp dword ptr [eax], 2 0055E943 0F9405 F4225600 sete byte ptr [5622F4] 0055E94A 68 14D44900 push 0049D414 0055E94F 6A 00 push 0 0055E951 B9 BC784000 mov ecx, 004078BC ; 入口地址 0055E956 B2 01 mov dl, 1 0055E958 A1 88C54900 mov eax, dword ptr [49C588] 0055E95D E8 BA08F4FF call 0049F21C 0055E962 A3 7CB69A00 mov dword ptr [9AB67C], eax 0055E967 68 50D54900 push 0049D550 0055E96C 6A 00 push 0 0055E96E B9 20AF4000 mov ecx, 0040AF20 0055E973 B2 01 mov dl, 1 0055E975 A1 88C54900 mov eax, dword ptr [49C588] 0055E97A E8 9D08F4FF call 0049F21C 0055E97F A3 80B69A00 mov dword ptr [9AB680], eax 0055E984 68 C8D54900 push 0049D5C8 0055E989 6A 00 push 0 0055E98B B9 34AF4000 mov ecx, 0040AF34 0055E990 B2 01 mov dl, 1 0055E992 A1 88C54900 mov eax, dword ptr [49C588] 0055E997 E8 8008F4FF call 0049F21C 0055E99C A3 84B69A00 mov dword ptr [9AB684], eax 0055E9A1 33D2 xor edx, edx 0055E9A3 B0 01 mov al, 1 0055E9A5 E8 0E0AF4FF call 0049F3B8 0055E9AA 33C0 xor eax, eax 0055E9AC 5A pop edx 0055E9AD 59 pop ecx 0055E9AE 59 pop ecx 0055E9AF 64:8910 mov dword ptr fs:[eax], edx 0055E9B2 68 BFE95500 push 0055E9BF 0055E9B7 C3 retn ; RET 用作跳转到 0055E9BF 0055E9B8 - E9 6360EAFF jmp 00404A20 0055E9BD ^ EB F8 jmp short 0055E9B7 0055E9BF 5D pop ebp 0055E9C0 C3 retn 0055E9C1 0000 add byte ptr [eax], al 0055E9C3 00FF add bh, bh 0055E9C5 FFFF ??? ; 未知命令 0055E9C7 FF07 inc dword ptr [edi] 0055E9C9 0000 add byte ptr [eax], al 0055E9CB 006465 66 add byte ptr [ebp+66], ah 0055E9CF 61 popad 0055E9D0 75 6C jnz short 0055EA3E 0055E9D2 74 00 je short 0055E9D4 0055E9D4 832D 88B69A00 0>sub dword ptr [9AB688], 1 0055E9DB 73 0F jnb short 0055E9EC 0055E9DD BA F8225600 mov edx, 005622F8 0055E9E2 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055E9E7 E8 108FF3FF call 004978FC 0055E9EC C3 retn 0055E9ED 8D40 00 lea eax, dword ptr [eax] 0055E9F0 832D 8CB69A00 0>sub dword ptr [9AB68C], 1 0055E9F7 73 0F jnb short 0055EA08 0055E9F9 BA 10235600 mov edx, 00562310 0055E9FE A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EA03 E8 F48EF3FF call 004978FC 0055EA08 C3 retn 0055EA09 8D40 00 lea eax, dword ptr [eax] 0055EA0C 832D 90B69A00 0>sub dword ptr [9AB690], 1 0055EA13 73 0A jnb short 0055EA1F 0055EA15 B8 D01F4A00 mov eax, 004A1FD0 0055EA1A E8 4965EAFF call 00404F68 0055EA1F C3 retn 0055EA20 832D 94B69A00 0>sub dword ptr [9AB694], 1 0055EA27 73 0A jnb short 0055EA33 0055EA29 E8 1636F4FF call 004A2044 0055EA2E E8 4936F4FF call 004A207C 0055EA33 C3 retn 0055EA34 832D 98BB9A00 0>sub dword ptr [9ABB98], 1 0055EA3B C3 retn 0055EA3C 832D 9CBB9A00 0>sub dword ptr [9ABB9C], 1 0055EA43 73 0F jnb short 0055EA54 0055EA45 B8 24334A00 mov eax, 004A3324 0055EA4A E8 CD64EAFF call 00404F1C 0055EA4F E8 EC46F4FF call 004A3140 0055EA54 C3 retn 0055EA55 8D40 00 lea eax, dword ptr [eax] 0055EA58 832D ACBB9A00 0>sub dword ptr [9ABBAC], 1 0055EA5F C3 retn 0055EA60 832D B0BB9A00 0>sub dword ptr [9ABBB0], 1 0055EA67 73 11 jnb short 0055EA7A 0055EA69 B2 01 mov dl, 1 0055EA6B A1 90E14100 mov eax, dword ptr [41E190] 0055EA70 E8 6F27ECFF call 004211E4 0055EA75 A3 B4BB9A00 mov dword ptr [9ABBB4], eax 0055EA7A C3 retn 0055EA7B 90 nop 0055EA7C 832D B8BB9A00 0>sub dword ptr [9ABBB8], 1 0055EA83 73 14 jnb short 0055EA99 0055EA85 BA 9C2C5600 mov edx, 00562C9C 0055EA8A A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EA8F E8 688EF3FF call 004978FC 0055EA94 E8 0FE1F4FF call 004ACBA8 0055EA99 C3 retn 0055EA9A 8BC0 mov eax, eax 0055EA9C 832D C0BB9A00 0>sub dword ptr [9ABBC0], 1 0055EAA3 73 0F jnb short 0055EAB4 0055EAA5 BA B42C5600 mov edx, 00562CB4 0055EAAA A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EAAF E8 488EF3FF call 004978FC 0055EAB4 C3 retn 0055EAB5 8D40 00 lea eax, dword ptr [eax] 0055EAB8 832D C4BB9A00 0>sub dword ptr [9ABBC4], 1 0055EABF 73 14 jnb short 0055EAD5 0055EAC1 BA D82C5600 mov edx, 00562CD8 0055EAC6 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EACB E8 2C8EF3FF call 004978FC 0055EAD0 E8 7F1FF5FF call 004B0A54 0055EAD5 C3 retn 0055EAD6 8BC0 mov eax, eax 0055EAD8 55 push ebp 0055EAD9 8BEC mov ebp, esp 0055EADB 6A 00 push 0 0055EADD 6A 00 push 0 0055EADF 33C0 xor eax, eax 0055EAE1 55 push ebp 0055EAE2 68 6CEB5500 push 0055EB6C 0055EAE7 64:FF30 push dword ptr fs:[eax] 0055EAEA 64:8920 mov dword ptr fs:[eax], esp 0055EAED 832D C8BF9A00 0>sub dword ptr [9ABFC8], 1 0055EAF4 73 5B jnb short 0055EB51 0055EAF6 BA 402D5600 mov edx, 00562D40 0055EAFB A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EB00 E8 F78DF3FF call 004978FC 0055EB05 8B15 1C714500 mov edx, dword ptr [45711C] ; unRecove.00457168 0055EB0B A1 700C4B00 mov eax, dword ptr [4B0C70] 0055EB10 E8 1317ECFF call 00420228 0055EB15 A1 700C4B00 mov eax, dword ptr [4B0C70] 0055EB1A E8 CD15ECFF call 004200EC 0055EB1F A1 700C4B00 mov eax, dword ptr [4B0C70] 0055EB24 50 push eax 0055EB25 8D55 FC lea edx, dword ptr [ebp-4] 0055EB28 A1 546F9A00 mov eax, dword ptr [9A6F54] 0055EB2D E8 8A8DEAFF call 004078BC 0055EB32 8B45 FC mov eax, dword ptr [ebp-4] 0055EB35 50 push eax 0055EB36 8D55 F8 lea edx, dword ptr [ebp-8] 0055EB39 A1 C8679A00 mov eax, dword ptr [9A67C8] 0055EB3E E8 798DEAFF call 004078BC 0055EB43 8B55 F8 mov edx, dword ptr [ebp-8] 0055EB46 A1 60EE4200 mov eax, dword ptr [42EE60] 0055EB4B 59 pop ecx 0055EB4C E8 574EEDFF call 004339A8 0055EB51 33C0 xor eax, eax 0055EB53 5A pop edx 0055EB54 59 pop ecx 0055EB55 59 pop ecx 0055EB56 64:8910 mov dword ptr fs:[eax], edx 0055EB59 68 73EB5500 push 0055EB73 0055EB5E 8D45 F8 lea eax, dword ptr [ebp-8] 0055EB61 BA 02000000 mov edx, 2 0055EB66 E8 7166EAFF call 004051DC 0055EB6B C3 retn 0055EB6C - E9 AF5EEAFF jmp 00404A20 0055EB71 ^ EB EB jmp short 0055EB5E 0055EB73 59 pop ecx 0055EB74 59 pop ecx 0055EB75 5D pop ebp 0055EB76 C3 retn 0055EB77 90 nop 0055EB78 832D D0BF9A00 0>sub dword ptr [9ABFD0], 1 0055EB7F 73 14 jnb short 0055EB95 0055EB81 BA 5C2D5600 mov edx, 00562D5C 0055EB86 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EB8B E8 6C8DF3FF call 004978FC 0055EB90 E8 6B83F5FF call 004B6F00 0055EB95 C3 retn 0055EB96 8BC0 mov eax, eax 0055EB98 832D D4BF9A00 0>sub dword ptr [9ABFD4], 1 0055EB9F 73 14 jnb short 0055EBB5 0055EBA1 BA B02D5600 mov edx, 00562DB0 0055EBA6 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EBAB E8 4C8DF3FF call 004978FC 0055EBB0 E8 378BF5FF call 004B76EC 0055EBB5 C3 retn 0055EBB6 8BC0 mov eax, eax 0055EBB8 832D DCBF9A00 0>sub dword ptr [9ABFDC], 1 0055EBBF 73 0F jnb short 0055EBD0 0055EBC1 BA C82D5600 mov edx, 00562DC8 0055EBC6 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EBCB E8 2C8DF3FF call 004978FC 0055EBD0 C3 retn 0055EBD1 8D40 00 lea eax, dword ptr [eax] 0055EBD4 832D E0BF9A00 0>sub dword ptr [9ABFE0], 1 0055EBDB 73 0F jnb short 0055EBEC 0055EBDD BA E82D5600 mov edx, 00562DE8 0055EBE2 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EBE7 E8 108DF3FF call 004978FC 0055EBEC C3 retn 0055EBED 8D40 00 lea eax, dword ptr [eax] 0055EBF0 832D E4BF9A00 0>sub dword ptr [9ABFE4], 1 0055EBF7 73 0F jnb short 0055EC08 0055EBF9 BA 002E5600 mov edx, 00562E00 0055EBFE A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EC03 E8 F48CF3FF call 004978FC 0055EC08 C3 retn 0055EC09 8D40 00 lea eax, dword ptr [eax] 0055EC0C 832D E8BF9A00 0>sub dword ptr [9ABFE8], 1 0055EC13 73 0F jnb short 0055EC24 0055EC15 BA 182E5600 mov edx, 00562E18 0055EC1A A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EC1F E8 D88CF3FF call 004978FC 0055EC24 C3 retn 0055EC25 8D40 00 lea eax, dword ptr [eax] 0055EC28 832D ECBF9A00 0>sub dword ptr [9ABFEC], 1 0055EC2F 73 0F jnb short 0055EC40 0055EC31 BA 302E5600 mov edx, 00562E30 0055EC36 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EC3B E8 BC8CF3FF call 004978FC 0055EC40 C3 retn 0055EC41 8D40 00 lea eax, dword ptr [eax] 0055EC44 832D F0BF9A00 0>sub dword ptr [9ABFF0], 1 0055EC4B 73 19 jnb short 0055EC66 0055EC4D BA 482E5600 mov edx, 00562E48 0055EC52 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EC57 E8 A08CF3FF call 004978FC 0055EC5C B8 70EC5500 mov eax, 0055EC70 ; ASCII "jvcl" 0055EC61 E8 D2EEF3FF call 0049DB38 0055EC66 C3 retn 0055EC67 00FF add bh, bh 0055EC69 FFFF ??? ; 未知命令 0055EC6B FF0400 inc dword ptr [eax+eax] 0055EC6E 0000 add byte ptr [eax], al 0055EC70 6A 76 push 76 0055EC72 636C00 00 arpl word ptr [eax+eax], bp 0055EC76 0000 add byte ptr [eax], al 0055EC78 832D F4BF9A00 0>sub dword ptr [9ABFF4], 1 0055EC7F 73 0F jnb short 0055EC90 0055EC81 BA 602E5600 mov edx, 00562E60 0055EC86 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EC8B E8 6C8CF3FF call 004978FC 0055EC90 C3 retn 0055EC91 8D40 00 lea eax, dword ptr [eax] 0055EC94 832D F8BF9A00 0>sub dword ptr [9ABFF8], 1 0055EC9B 73 19 jnb short 0055ECB6 0055EC9D B8 0CED4B00 mov eax, 004BED0C 0055ECA2 E8 7562EAFF call 00404F1C 0055ECA7 BA 7C2E5600 mov edx, 00562E7C 0055ECAC A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055ECB1 E8 468CF3FF call 004978FC 0055ECB6 C3 retn 0055ECB7 90 nop 0055ECB8 832D FCBF9A00 0>sub dword ptr [9ABFFC], 1 0055ECBF C3 retn 0055ECC0 55 push ebp 0055ECC1 8BEC mov ebp, esp 0055ECC3 83C4 E0 add esp, -20 0055ECC6 832D 00C09A00 0>sub dword ptr [9AC000], 1 0055ECCD 73 34 jnb short 0055ED03 0055ECCF 8D55 E0 lea edx, dword ptr [ebp-20] 0055ECD2 A1 40F14B00 mov eax, dword ptr [4BF140] 0055ECD7 E8 A402F6FF call 004BEF80 0055ECDC 8D45 E0 lea eax, dword ptr [ebp-20] 0055ECDF BA 08ED5500 mov edx, 0055ED08 0055ECE4 B1 20 mov cl, 20 0055ECE6 E8 1550EAFF call 00403D00 0055ECEB 75 0C jnz short 0055ECF9 0055ECED C705 702F5600 9>mov dword ptr [562F70], 004BF198 0055ECF7 EB 0A jmp short 0055ED03 0055ECF9 C705 702F5600 A>mov dword ptr [562F70], 004BF1A0 0055ED03 8BE5 mov esp, ebp 0055ED05 5D pop ebp 0055ED06 C3 retn 0055ED07 0000 add byte ptr [eax], al 0055ED09 0000 add byte ptr [eax], al 0055ED0B 0000 add byte ptr [eax], al 0055ED0D 0000 add byte ptr [eax], al 0055ED0F 0000 add byte ptr [eax], al 0055ED11 0000 add byte ptr [eax], al 0055ED13 0000 add byte ptr [eax], al 0055ED15 0000 add byte ptr [eax], al 0055ED17 0000 add byte ptr [eax], al 0055ED19 0000 add byte ptr [eax], al 0055ED1B 0000 add byte ptr [eax], al 0055ED1D 0000 add byte ptr [eax], al 0055ED1F 0000 add byte ptr [eax], al 0055ED21 0000 add byte ptr [eax], al 0055ED23 0000 add byte ptr [eax], al 0055ED25 0000 add byte ptr [eax], al 0055ED27 0083 2D08C09A add byte ptr [ebx+9AC0082D], al 0055ED2D 0001 add byte ptr [ecx], al 0055ED2F 73 05 jnb short 0055ED36 0055ED31 E8 360BF6FF call 004BF86C 0055ED36 C3 retn 0055ED37 90 nop 0055ED38 832D 10C09A00 0>sub dword ptr [9AC010], 1 0055ED3F 73 0A jnb short 0055ED4B 0055ED41 B8 C01F4C00 mov eax, 004C1FC0 0055ED46 E8 D161EAFF call 00404F1C 0055ED4B C3 retn 0055ED4C 832D 14C09A00 0>sub dword ptr [9AC014], 1 0055ED53 73 0F jnb short 0055ED64 0055ED55 BA B42F5600 mov edx, 00562FB4 0055ED5A A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055ED5F E8 988BF3FF call 004978FC 0055ED64 C3 retn 0055ED65 8D40 00 lea eax, dword ptr [eax] 0055ED68 832D 18C09A00 0>sub dword ptr [9AC018], 1 0055ED6F 73 0F jnb short 0055ED80 0055ED71 BA CC2F5600 mov edx, 00562FCC 0055ED76 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055ED7B E8 7C8BF3FF call 004978FC 0055ED80 C3 retn 0055ED81 8D40 00 lea eax, dword ptr [eax] 0055ED84 832D 1CC09A00 0>sub dword ptr [9AC01C], 1 0055ED8B 73 0F jnb short 0055ED9C 0055ED8D BA E42F5600 mov edx, 00562FE4 0055ED92 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055ED97 E8 608BF3FF call 004978FC 0055ED9C C3 retn 0055ED9D 8D40 00 lea eax, dword ptr [eax] 0055EDA0 832D 20C09A00 0>sub dword ptr [9AC020], 1 0055EDA7 73 0F jnb short 0055EDB8 0055EDA9 BA 04305600 mov edx, 00563004 0055EDAE A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EDB3 E8 448BF3FF call 004978FC 0055EDB8 C3 retn 0055EDB9 8D40 00 lea eax, dword ptr [eax] 0055EDBC 832D 24C09A00 0>sub dword ptr [9AC024], 1 0055EDC3 73 0F jnb short 0055EDD4 0055EDC5 BA 1C305600 mov edx, 0056301C 0055EDCA A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EDCF E8 288BF3FF call 004978FC 0055EDD4 C3 retn 0055EDD5 8D40 00 lea eax, dword ptr [eax] 0055EDD8 832D 30C09A00 0>sub dword ptr [9AC030], 1 0055EDDF 73 0F jnb short 0055EDF0 0055EDE1 BA 38305600 mov edx, 00563038 0055EDE6 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EDEB E8 0C8BF3FF call 004978FC 0055EDF0 C3 retn 0055EDF1 8D40 00 lea eax, dword ptr [eax] 0055EDF4 832D 34C09A00 0>sub dword ptr [9AC034], 1 0055EDFB 73 0F jnb short 0055EE0C 0055EDFD BA 50305600 mov edx, 00563050 ; ASCII "tLL" 0055EE02 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EE07 E8 F08AF3FF call 004978FC 0055EE0C C3 retn 0055EE0D 8D40 00 lea eax, dword ptr [eax] 0055EE10 832D 38C09A00 0>sub dword ptr [9AC038], 1 0055EE17 73 0F jnb short 0055EE28 0055EE19 BA 68305600 mov edx, 00563068 ; ASCII "DML" 0055EE1E A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EE23 E8 D48AF3FF call 004978FC 0055EE28 C3 retn 0055EE29 8D40 00 lea eax, dword ptr [eax] 0055EE2C 832D 3CC09A00 0>sub dword ptr [9AC03C], 1 0055EE33 73 0F jnb short 0055EE44 0055EE35 BA 80305600 mov edx, 00563080 0055EE3A A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EE3F E8 B88AF3FF call 004978FC 0055EE44 C3 retn 0055EE45 8D40 00 lea eax, dword ptr [eax] 0055EE48 832D 40C09A00 0>sub dword ptr [9AC040], 1 0055EE4F 73 0F jnb short 0055EE60 0055EE51 BA 98305600 mov edx, 00563098 0055EE56 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EE5B E8 9C8AF3FF call 004978FC 0055EE60 C3 retn 0055EE61 8D40 00 lea eax, dword ptr [eax] 0055EE64 832D 44C09A00 0>sub dword ptr [9AC044], 1 0055EE6B 73 0F jnb short 0055EE7C 0055EE6D BA B0305600 mov edx, 005630B0 0055EE72 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EE77 E8 808AF3FF call 004978FC 0055EE7C C3 retn 0055EE7D 8D40 00 lea eax, dword ptr [eax] 0055EE80 832D 48C09A00 0>sub dword ptr [9AC048], 1 0055EE87 73 0F jnb short 0055EE98 0055EE89 BA C8305600 mov edx, 005630C8 0055EE8E A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EE93 E8 648AF3FF call 004978FC 0055EE98 C3 retn 0055EE99 8D40 00 lea eax, dword ptr [eax] 0055EE9C 832D 4CC09A00 0>sub dword ptr [9AC04C], 1 0055EEA3 73 0F jnb short 0055EEB4 0055EEA5 BA E8305600 mov edx, 005630E8 0055EEAA A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EEAF E8 488AF3FF call 004978FC 0055EEB4 C3 retn 0055EEB5 8D40 00 lea eax, dword ptr [eax] 0055EEB8 832D 50C09A00 0>sub dword ptr [9AC050], 1 0055EEBF 73 0F jnb short 0055EED0 0055EEC1 BA 44315600 mov edx, 00563144 0055EEC6 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EECB E8 2C8AF3FF call 004978FC 0055EED0 C3 retn 0055EED1 8D40 00 lea eax, dword ptr [eax] 0055EED4 832D 54C09A00 0>sub dword ptr [9AC054], 1 0055EEDB C3 retn 0055EEDC 832D 58C09A00 0>sub dword ptr [9AC058], 1 0055EEE3 C3 retn 0055EEE4 55 push ebp 0055EEE5 8BEC mov ebp, esp 0055EEE7 33C0 xor eax, eax 0055EEE9 55 push ebp 0055EEEA 68 16EF5500 push 0055EF16 0055EEEF 64:FF30 push dword ptr fs:[eax] 0055EEF2 64:8920 mov dword ptr fs:[eax], esp 0055EEF5 832D 60C09A00 0>sub dword ptr [9AC060], 1 0055EEFC 73 0A jnb short 0055EF08 0055EEFE E8 0D96F7FF call 004D8510 0055EF03 A2 64C09A00 mov byte ptr [9AC064], al 0055EF08 33C0 xor eax, eax 0055EF0A 5A pop edx 0055EF0B 59 pop ecx 0055EF0C 59 pop ecx 0055EF0D 64:8910 mov dword ptr fs:[eax], edx 0055EF10 68 1DEF5500 push 0055EF1D 0055EF15 C3 retn ; RET 用作跳转到 0055EF1D 0055EF16 - E9 055BEAFF jmp 00404A20 0055EF1B ^ EB F8 jmp short 0055EF15 0055EF1D 5D pop ebp 0055EF1E C3 retn 0055EF1F 90 nop 0055EF20 832D 68C09A00 0>sub dword ptr [9AC068], 1 0055EF27 C3 retn 0055EF28 832D 6CC09A00 0>sub dword ptr [9AC06C], 1 0055EF2F C3 retn 0055EF30 832D 70C09A00 0>sub dword ptr [9AC070], 1 0055EF37 C3 retn 0055EF38 832D 74C09A00 0>sub dword ptr [9AC074], 1 0055EF3F 73 0F jnb short 0055EF50 0055EF41 BA A4559A00 mov edx, 009A55A4 0055EF46 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EF4B E8 AC89F3FF call 004978FC 0055EF50 C3 retn 0055EF51 8D40 00 lea eax, dword ptr [eax] 0055EF54 832D 78C09A00 0>sub dword ptr [9AC078], 1 0055EF5B 73 0F jnb short 0055EF6C 0055EF5D BA BC559A00 mov edx, 009A55BC 0055EF62 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EF67 E8 9089F3FF call 004978FC 0055EF6C C3 retn 0055EF6D 8D40 00 lea eax, dword ptr [eax] 0055EF70 832D 7CC09A00 0>sub dword ptr [9AC07C], 1 0055EF77 73 0F jnb short 0055EF88 0055EF79 BA D4559A00 mov edx, 009A55D4 0055EF7E A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EF83 E8 7489F3FF call 004978FC 0055EF88 C3 retn 0055EF89 8D40 00 lea eax, dword ptr [eax] 0055EF8C 832D 80C09A00 0>sub dword ptr [9AC080], 1 0055EF93 73 0F jnb short 0055EFA4 0055EF95 BA EC559A00 mov edx, 009A55EC 0055EF9A A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EF9F E8 5889F3FF call 004978FC 0055EFA4 C3 retn 0055EFA5 8D40 00 lea eax, dword ptr [eax] 0055EFA8 832D 84C09A00 0>sub dword ptr [9AC084], 1 0055EFAF 73 0F jnb short 0055EFC0 0055EFB1 BA 04569A00 mov edx, 009A5604 ; ASCII "t㎝" 0055EFB6 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EFBB E8 3C89F3FF call 004978FC 0055EFC0 C3 retn 0055EFC1 8D40 00 lea eax, dword ptr [eax] 0055EFC4 832D 88C09A00 0>sub dword ptr [9AC088], 1 0055EFCB 73 0F jnb short 0055EFDC 0055EFCD BA 1C569A00 mov edx, 009A561C 0055EFD2 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EFD7 E8 2089F3FF call 004978FC 0055EFDC C3 retn 0055EFDD 8D40 00 lea eax, dword ptr [eax] 0055EFE0 832D 8CC09A00 0>sub dword ptr [9AC08C], 1 0055EFE7 73 0F jnb short 0055EFF8 0055EFE9 BA 34569A00 mov edx, 009A5634 0055EFEE A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055EFF3 E8 0489F3FF call 004978FC 0055EFF8 C3 retn 0055EFF9 8D40 00 lea eax, dword ptr [eax] 0055EFFC 832D 90C09A00 0>sub dword ptr [9AC090], 1 0055F003 73 0F jnb short 0055F014 0055F005 BA 4C569A00 mov edx, 009A564C 0055F00A A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F00F E8 E888F3FF call 004978FC 0055F014 C3 retn 0055F015 8D40 00 lea eax, dword ptr [eax] 0055F018 832D 94C09A00 0>sub dword ptr [9AC094], 1 0055F01F 73 0F jnb short 0055F030 0055F021 BA 84569A00 mov edx, 009A5684 0055F026 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F02B E8 CC88F3FF call 004978FC 0055F030 C3 retn 0055F031 8D40 00 lea eax, dword ptr [eax] 0055F034 832D 98C09A00 0>sub dword ptr [9AC098], 1 0055F03B 73 0F jnb short 0055F04C 0055F03D BA 9C569A00 mov edx, 009A569C 0055F042 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F047 E8 B088F3FF call 004978FC 0055F04C C3 retn 0055F04D 8D40 00 lea eax, dword ptr [eax] 0055F050 832D 9CC09A00 0>sub dword ptr [9AC09C], 1 0055F057 73 0F jnb short 0055F068 0055F059 BA B4569A00 mov edx, 009A56B4 0055F05E A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F063 E8 9488F3FF call 004978FC 0055F068 C3 retn 0055F069 8D40 00 lea eax, dword ptr [eax] 0055F06C 832D A0C09A00 0>sub dword ptr [9AC0A0], 1 0055F073 73 0F jnb short 0055F084 0055F075 BA 54579A00 mov edx, 009A5754 0055F07A A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F07F E8 7888F3FF call 004978FC 0055F084 C3 retn 0055F085 8D40 00 lea eax, dword ptr [eax] 0055F088 832D A4C09A00 0>sub dword ptr [9AC0A4], 1 0055F08F 73 0F jnb short 0055F0A0 0055F091 BA 6C579A00 mov edx, 009A576C 0055F096 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F09B E8 5C88F3FF call 004978FC 0055F0A0 C3 retn 0055F0A1 8D40 00 lea eax, dword ptr [eax] 0055F0A4 832D A8C09A00 0>sub dword ptr [9AC0A8], 1 0055F0AB 73 0F jnb short 0055F0BC 0055F0AD BA 84579A00 mov edx, 009A5784 0055F0B2 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F0B7 E8 4088F3FF call 004978FC 0055F0BC C3 retn 0055F0BD 8D40 00 lea eax, dword ptr [eax] 0055F0C0 832D ACC09A00 0>sub dword ptr [9AC0AC], 1 0055F0C7 73 0F jnb short 0055F0D8 0055F0C9 BA A0579A00 mov edx, 009A57A0 0055F0CE A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F0D3 E8 2488F3FF call 004978FC 0055F0D8 C3 retn 0055F0D9 8D40 00 lea eax, dword ptr [eax] 0055F0DC 832D B0C09A00 0>sub dword ptr [9AC0B0], 1 0055F0E3 73 0F jnb short 0055F0F4 0055F0E5 BA B8579A00 mov edx, 009A57B8 0055F0EA A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F0EF E8 0888F3FF call 004978FC 0055F0F4 C3 retn 0055F0F5 8D40 00 lea eax, dword ptr [eax] 0055F0F8 832D B4C09A00 0>sub dword ptr [9AC0B4], 1 0055F0FF 73 0F jnb short 0055F110 0055F101 BA DC579A00 mov edx, 009A57DC 0055F106 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F10B E8 EC87F3FF call 004978FC 0055F110 C3 retn 0055F111 8D40 00 lea eax, dword ptr [eax] 0055F114 832D B8C09A00 0>sub dword ptr [9AC0B8], 1 0055F11B 73 11 jnb short 0055F12E 0055F11D B2 01 mov dl, 1 0055F11F A1 A0364F00 mov eax, dword ptr [4F36A0] 0055F124 E8 5BB9EBFF call 0041AA84 0055F129 A3 AC599A00 mov dword ptr [9A59AC], eax 0055F12E C3 retn 0055F12F 90 nop 0055F130 832D BCC09A00 0>sub dword ptr [9AC0BC], 1 0055F137 73 11 jnb short 0055F14A 0055F139 B2 01 mov dl, 1 0055F13B A1 988A4F00 mov eax, dword ptr [4F8A98] 0055F140 E8 3FB9EBFF call 0041AA84 0055F145 A3 D0599A00 mov dword ptr [9A59D0], eax 0055F14A C3 retn 0055F14B 90 nop 0055F14C 55 push ebp 0055F14D 8BEC mov ebp, esp 0055F14F 33C0 xor eax, eax 0055F151 55 push ebp 0055F152 68 ADF15500 push 0055F1AD 0055F157 64:FF30 push dword ptr fs:[eax] 0055F15A 64:8920 mov dword ptr fs:[eax], esp 0055F15D 832D CCC09A00 0>sub dword ptr [9AC0CC], 1 0055F164 73 39 jnb short 0055F19F 0055F166 B2 01 mov dl, 1 0055F168 A1 C8005100 mov eax, dword ptr [5100C8] 0055F16D E8 A250EAFF call 00404214 0055F172 8BD0 mov edx, eax 0055F174 85D2 test edx, edx 0055F176 74 03 je short 0055F17B 0055F178 83EA F8 sub edx, -8 0055F17B B8 C4C09A00 mov eax, 009AC0C4 0055F180 B9 B8F15500 mov ecx, 0055F1B8 0055F185 E8 7A82EAFF call 00407404 0055F18A B8 C8C09A00 mov eax, 009AC0C8 0055F18F 8B15 C4C09A00 mov edx, dword ptr [9AC0C4] 0055F195 B9 C8F15500 mov ecx, 0055F1C8 0055F19A E8 6582EAFF call 00407404 0055F19F 33C0 xor eax, eax 0055F1A1 5A pop edx 0055F1A2 59 pop ecx 0055F1A3 59 pop ecx 0055F1A4 64:8910 mov dword ptr fs:[eax], edx 0055F1A7 68 B4F15500 push 0055F1B4 0055F1AC C3 retn 0055F1AD - E9 6E58EAFF jmp 00404A20 0055F1B2 ^ EB F8 jmp short 0055F1AC 0055F1B4 5D pop ebp 0055F1B5 C3 retn 0055F1B6 0000 add byte ptr [eax], al 0055F1B8 08C5 or ch, al 0055F1BA A1 29DC6ACD mov eax, dword ptr [CD6ADC29] 0055F1BF 44 inc esp 0055F1C0 88DE mov dh, bl 0055F1C2 4F dec edi 0055F1C3 51 push ecx 0055F1C4 B2 5D mov dl, 5D 0055F1C6 59 pop ecx 0055F1C7 95 xchg eax, ebp 0055F1C8 ^ 76 DF jbe short 0055F1A9 0055F1CA A0 FA6AECAA mov al, byte ptr [AAEC6AFA] 0055F1CF 48 dec eax 0055F1D0 97 xchg eax, edi 0055F1D1 54 push esp 0055F1D2 2D 36DF815C sub eax, 5C81DF36 0055F1D7 0D 558BEC33 or eax, 33EC8B55 0055F1DC C055 68 21 rcl byte ptr [ebp+68], 21 0055F1E0 F2: prefix repne: 0055F1E1 55 push ebp 0055F1E2 0064FF 30 add byte ptr [edi+edi*8+30], ah 0055F1E6 64:8920 mov dword ptr fs:[eax], esp 0055F1E9 832D D0C09A00 0>sub dword ptr [9AC0D0], 1 0055F1F0 73 21 jnb short 0055F213 0055F1F2 B8 50195200 mov eax, 00521950 0055F1F7 E8 6C5DEAFF call 00404F68 0055F1FC B8 D4C09A00 mov eax, 009AC0D4 0055F201 E8 BA81EAFF call 004073C0 0055F206 50 push eax 0055F207 6A 01 push 1 0055F209 E8 7299EAFF call <jmp.&ole32.CoGetMalloc> 0055F20E E8 BDA0F3FF call 004992D0 0055F213 33C0 xor eax, eax 0055F215 5A pop edx 0055F216 59 pop ecx 0055F217 59 pop ecx 0055F218 64:8910 mov dword ptr fs:[eax], edx 0055F21B 68 28F25500 push 0055F228 0055F220 C3 retn 0055F221 - E9 FA57EAFF jmp 00404A20 0055F226 ^ EB F8 jmp short 0055F220 0055F228 5D pop ebp 0055F229 C3 retn 0055F22A 8BC0 mov eax, eax 0055F22C 832D D8C09A00 0>sub dword ptr [9AC0D8], 1 0055F233 73 0F jnb short 0055F244 0055F235 BA 805F9A00 mov edx, 009A5F80 0055F23A A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F23F E8 B886F3FF call 004978FC 0055F244 C3 retn 0055F245 8D40 00 lea eax, dword ptr [eax] 0055F248 832D DCC09A00 0>sub dword ptr [9AC0DC], 1 0055F24F 73 0F jnb short 0055F260 0055F251 BA B05F9A00 mov edx, 009A5FB0 0055F256 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F25B E8 9C86F3FF call 004978FC 0055F260 C3 retn 0055F261 8D40 00 lea eax, dword ptr [eax] 0055F264 832D E0C09A00 0>sub dword ptr [9AC0E0], 1 0055F26B 73 0F jnb short 0055F27C 0055F26D BA C85F9A00 mov edx, 009A5FC8 0055F272 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F277 E8 8086F3FF call 004978FC 0055F27C C3 retn 0055F27D 8D40 00 lea eax, dword ptr [eax] 0055F280 832D E4C09A00 0>sub dword ptr [9AC0E4], 1 0055F287 73 14 jnb short 0055F29D 0055F289 BA E05F9A00 mov edx, 009A5FE0 0055F28E A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F293 E8 6486F3FF call 004978FC 0055F298 E8 9334FDFF call 00532730 0055F29D C3 retn 0055F29E 8BC0 mov eax, eax 0055F2A0 832D E8C09A00 0>sub dword ptr [9AC0E8], 1 0055F2A7 73 0F jnb short 0055F2B8 0055F2A9 BA F85F9A00 mov edx, 009A5FF8 0055F2AE A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F2B3 E8 4486F3FF call 004978FC 0055F2B8 C3 retn 0055F2B9 8D40 00 lea eax, dword ptr [eax] 0055F2BC 832D ECC09A00 0>sub dword ptr [9AC0EC], 1 0055F2C3 73 0F jnb short 0055F2D4 0055F2C5 BA 10609A00 mov edx, 009A6010 0055F2CA A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F2CF E8 2886F3FF call 004978FC 0055F2D4 C3 retn 0055F2D5 8D40 00 lea eax, dword ptr [eax] 0055F2D8 832D F0C09A00 0>sub dword ptr [9AC0F0], 1 0055F2DF 73 0F jnb short 0055F2F0 0055F2E1 BA 70609A00 mov edx, 009A6070 ; ASCII "XvS" 0055F2E6 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F2EB E8 0C86F3FF call 004978FC 0055F2F0 C3 retn 0055F2F1 8D40 00 lea eax, dword ptr [eax] 0055F2F4 832D F4C09A00 0>sub dword ptr [9AC0F4], 1 0055F2FB 73 0F jnb short 0055F30C 0055F2FD BA 88609A00 mov edx, 009A6088 0055F302 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F307 E8 F085F3FF call 004978FC 0055F30C C3 retn 0055F30D 8D40 00 lea eax, dword ptr [eax] 0055F310 832D 08C19A00 0>sub dword ptr [9AC108], 1 0055F317 73 0F jnb short 0055F328 0055F319 BA B0609A00 mov edx, 009A60B0 0055F31E A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F323 E8 D485F3FF call 004978FC 0055F328 C3 retn 0055F329 8D40 00 lea eax, dword ptr [eax] 0055F32C 832D 0CC19A00 0>sub dword ptr [9AC10C], 1 0055F333 73 0F jnb short 0055F344 0055F335 BA C8609A00 mov edx, 009A60C8 0055F33A A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F33F E8 B885F3FF call 004978FC 0055F344 C3 retn 0055F345 8D40 00 lea eax, dword ptr [eax] 0055F348 832D 10C19A00 0>sub dword ptr [9AC110], 1 0055F34F 73 0F jnb short 0055F360 0055F351 BA F0609A00 mov edx, 009A60F0 0055F356 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F35B E8 9C85F3FF call 004978FC 0055F360 C3 retn 0055F361 8D40 00 lea eax, dword ptr [eax] 0055F364 832D 14C19A00 0>sub dword ptr [9AC114], 1 0055F36B 73 0F jnb short 0055F37C 0055F36D BA F8639A00 mov edx, 009A63F8 0055F372 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F377 E8 8085F3FF call 004978FC 0055F37C C3 retn 0055F37D 8D40 00 lea eax, dword ptr [eax] 0055F380 832D 18C19A00 0>sub dword ptr [9AC118], 1 0055F387 73 0F jnb short 0055F398 0055F389 BA EC649A00 mov edx, 009A64EC 0055F38E A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F393 E8 6485F3FF call 004978FC 0055F398 C3 retn 0055F399 8D40 00 lea eax, dword ptr [eax] 0055F39C 832D 1CC19A00 0>sub dword ptr [9AC11C], 1 0055F3A3 73 0F jnb short 0055F3B4 0055F3A5 BA 04659A00 mov edx, 009A6504 0055F3AA A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F3AF E8 4885F3FF call 004978FC 0055F3B4 C3 retn 0055F3B5 8D40 00 lea eax, dword ptr [eax] 0055F3B8 832D 20C19A00 0>sub dword ptr [9AC120], 1 0055F3BF 73 0F jnb short 0055F3D0 0055F3C1 BA 1C659A00 mov edx, 009A651C 0055F3C6 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F3CB E8 2C85F3FF call 004978FC 0055F3D0 C3 retn 0055F3D1 8D40 00 lea eax, dword ptr [eax] 0055F3D4 832D 24C19A00 0>sub dword ptr [9AC124], 1 0055F3DB 73 0F jnb short 0055F3EC 0055F3DD BA 34659A00 mov edx, 009A6534 0055F3E2 A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F3E7 E8 1085F3FF call 004978FC 0055F3EC C3 retn 0055F3ED 8D40 00 lea eax, dword ptr [eax] 0055F3F0 832D 28C19A00 0>sub dword ptr [9AC128], 1 0055F3F7 73 0F jnb short 0055F408 0055F3F9 BA 4C659A00 mov edx, 009A654C 0055F3FE A1 F8A79A00 mov eax, dword ptr [9AA7F8] 0055F403 E8 F484F3FF call 004978FC 0055F408 C3 retn 0055F409 8D40 00 lea eax, dword ptr [eax] 0055F40C 832D 64C19A00 0>sub dword ptr [9AC164], 1 0055F413 C3 retn 0055F414 832D 80C19A00 0>sub dword ptr [9AC180], 1 0055F41B 73 0A jnb short 0055F427 0055F41D B8 FCC85500 mov eax, 0055C8FC 0055F422 E8 415BEAFF call 00404F68 0055F427 C3 retn 0055F428 > 55 push ebp 0055F429 8BEC mov ebp, esp 0055F42B 83C4 F0 add esp, -10 0055F42E B8 F8CB5500 mov eax, 0055CBF8 0055F433 E8 0886EAFF call 00407A40 0055F438 A1 2C6D9A00 mov eax, dword ptr [9A6D2C] 0055F43D 8B00 mov eax, dword ptr [eax] 0055F43F E8 FCA1F1FF call 00479640 0055F444 A1 2C6D9A00 mov eax, dword ptr [9A6D2C] 0055F449 8B00 mov eax, dword ptr [eax] 0055F44B BA 88F45500 mov edx, 0055F488 ; ASCII "Recovery Toolbox for MS SQL Server" 0055F450 E8 6B9CF1FF call 004790C0 0055F455 8B0D 0C689A00 mov ecx, dword ptr [9A680C] ; unRecove.009AC13C 0055F45B A1 2C6D9A00 mov eax, dword ptr [9A6D2C] 0055F460 8B00 mov eax, dword ptr [eax] 0055F462 8B15 E4205500 mov edx, dword ptr [5520E4] ; unRecove.00552130 0055F468 E8 EBA1F1FF call 00479658 0055F46D A1 2C6D9A00 mov eax, dword ptr [9A6D2C] 0055F472 8B00 mov eax, dword ptr [eax] 0055F474 E8 5FA2F1FF call 004796D8 0055F479 E8 265CEAFF call 004050A4 0055F47E 0000 add byte ptr [eax], al 0055F480 FFFF ??? ; 未知命令 0055F482 FFFF ??? ; 未知命令 0055F484 2200 and al, byte ptr [eax] 0055F486 0000 add byte ptr [eax], al 0055F488 52 push edx 0055F489 65:636F 76 arpl word ptr gs:[edi+76], bp 0055F48D 65:72 79 jb short 0055F509 0055F490 20546F 6F and byte ptr [edi+ebp*2+6F], dl 0055F494 6C ins byte ptr es:[edi], dx 0055F495 626F 78 bound ebp, qword ptr [edi+78] 0055F498 2066 6F and byte ptr [esi+6F], ah 0055F49B 72 20 jb short 0055F4BD 0055F49D 4D dec ebp 0055F49E 53 push ebx 0055F49F 2053 51 and byte ptr [ebx+51], dl 0055F4A2 4C dec esp 0055F4A3 2053 65 and byte ptr [ebx+65], dl 0055F4A6 72 76 jb short 0055F51E 0055F4A8 65:72 00 jb short 0055F4AB |
|
[高分求解]软件脱壳后,用DEDE找到的断点在OD无法找到呢!
procedure TfMain.btnSaveClick(Sender : TObject); begin (* 00559BFC 55 push ebp 00559BFD 8BEC mov ebp, esp 00559BFF B92B000000 mov ecx, $0000002B 00559C04 6A00 push $00 00559C06 6A00 push $00 00559C08 49 dec ecx 00559C09 75F9 jnz 00559C04 00559C0B 53 push ebx 00559C0C 56 push esi 00559C0D 57 push edi 00559C0E 8955F8 mov [ebp-$08], edx 00559C11 8945FC mov [ebp-$04], eax 00559C14 33C0 xor eax, eax 00559C16 55 push ebp 00559C17 686AA05500 push $0055A06A ***** TRY | 00559C1C 64FF30 push dword ptr fs:[eax] 00559C1F 648920 mov fs:[eax], esp 00559C22 C645F701 mov byte ptr [ebp-$09], $01 00559C26 33D2 xor edx, edx 00559C28 55 push ebp 00559C29 68799F5500 push $00559F79 ***** TRY | 00559C2E 64FF32 push dword ptr fs:[edx] 00559C31 648922 mov fs:[edx], esp 00559C34 8B45FC mov eax, [ebp-$04] * Reference to : TfMain._PROC_00554E9C() | 00559C37 E860B2FFFF call 00554E9C 00559C3C 84C0 test al, al 00559C3E 0F842B030000 jz 00559F6F | 00559C44 E8DF64FFFF call 00550128 00559C49 E91C030000 jmp 00559F6A 00559C4E CE into 00559C4F 7846 js 00559C97 00559C51 7A03 jp 00559C56 00559C53 9A2A0EE7CB call $CBE70E2A 00559C58 CA ret 00559C59 27 daa 00559C5A 264D dec ebp 00559C5C 854FDB test [edi-$25], ecx 00559C5F B8643780BD mov eax, $BD803764 00559C64 BDC472BBCE mov ebp, $CEBB72C4 00559C69 CA ret 00559C6A 127256 adc dh, byte ptr [edx+$56] 00559C6D D9D0 fnop 00559C6F BF1E47FF48 mov edi, $48FF471E 00559C74 AD lodsd 00559C75 53 push ebx 00559C76 44 inc esp 00559C77 27 daa 00559C78 EBB2 jmp 00559C2C 00559C7A 9D pop 00559C7B 66C11B31 rcr word ptr [ebx], $31 00559C7F 69CDAF01B833 imul ecx, ebp, $33B801AF 00559C85 0A19 or bl, byte ptr [ecx] 00559C87 C7EF83455B90 mov edi, $905B4583 00559C8D 8FE9 pop ecx 00559C8F 7B92 jnp 00559C23 00559C91 A06551EEAD mov al, byte ptr [$ADEE5165] 00559C96 1946AC sbb [esi-$54], eax 00559C99 99 cdq 00559C9A 1DC1D2CC16 sbb eax, $16CCD2C1 00559C9F 96 xchg eax, esi 00559CA0 308C949BCC8DD1 xor [esp+edx*4+$D18DCC9B], cl 00559CA7 19A304790EBC sbb [ebx+$BC0E7904], esp 00559CAD AF scasd 00559CAE DF8539804A93 fild word ptr [ebp+$934A8039] 00559CB4 6515C4E6FC94 adc eax, $94FCE6C4 00559CBA 43 inc ebx 00559CBB F72B imul dword ptr [ebx] 00559CBD B5BF mov ch, $BF 00559CBF 1E push ds 00559CC0 66FD std 00559CC2 BA718A3B94 mov edx, $943B8A71 00559CC7 91 xchg eax, ecx 00559CC8 B02B mov al, $2B 00559CCA A877 test al, $77 00559CCC D7 xlat 00559CCD 5C pop esp 00559CCE 1E push ds 00559CCF 16 push ss 00559CD0 AD lodsd 00559CD1 C221AB ret $AB21 00559CD4 7C3E jl 00559D14 00559CD6 93 xchg eax, ebx 00559CD7 FB sti 00559CD8 8F60A2 pop dword ptr [eax-$5E] 00559CDB 99 cdq 00559CDC 96 xchg eax, esi 00559CDD 49 dec ecx 00559CDE 835AA0C4 sbb dword ptr [edx-$60], -$3C 00559CE2 2EE10E loope +$0E 00559CE5 99 cdq 00559CE6 F66BBB imul byte ptr [ebx-$45], al 00559CE9 FA cli 00559CEA 4E dec esi 00559CEB D6 DB $D6 // 00559CEC 51 push ecx 00559CED 2C24 sub al, $24 00559CEF 3C78 cmp al, $78 00559CF1 7210 jb 00559D03 00559CF3 338B3261553E xor ecx, [ebx+$3E556132] 00559CF9 FE81A461B9A9 inc byte ptr [ecx+$A9B961A4] 00559CFF 2DB38558F1 sub eax, $F15885B3 00559D04 72CD jb 00559CD3 00559D06 6B450383 imul eax, [ebp+$03], $83 00559D0A 63A369446B83 arpl [ebx+$836B4469], sp 00559D10 0E push cs 00559D11 B92210FB98 mov ecx, $98FB1022 00559D16 4A dec edx 00559D17 2650 push eax 00559D19 C1D279 rcl edx, $79 00559D1C D4 aam 00559D1D 11F0 adc eax, esi 00559D1F 084E79 or [esi+$79], cl 00559D22 8F38 pop dword ptr [eax] 00559D24 F3 rep 00559D25 92 xchg eax, edx 00559D26 795C jns 00559D84 00559D28 B775 mov bh, $75 00559D2A D4 aam 00559D2B D916 fst dword ptr [esi] 00559D2D CA ret 00559D2E 7E31 jle 00559D61 00559D30 45 inc ebp 00559D31 2CDC sub al, $DC 00559D33 FEBA DB $FE, $BA // 00559D35 37 aaa 00559D36 7AE0 jp 00559D18 00559D38 31CA xor edx, ecx 00559D3A B6FA mov dh, $FA 00559D3C DD16 fst qword ptr [esi] 00559D3E 74DD jz 00559D1D 00559D40 6D insd 00559D41 C574BBA4 lds esi, [ebx+edi*4-$5C] 00559D45 219BDF98D36B and [ebx+$6BD398DF], ebx 00559D4B E521 in eax, $21 00559D4D B52D mov ch, $2D 00559D4F 17 pop ss 00559D50 70E7 jo 00559D39 00559D52 0CFF or al, $FF 00559D54 45 inc ebp 00559D55 73DA jnb 00559D31 00559D57 8262AABC and dword ptr [edx-$56], $BC 00559D5B CB ret 00559D5C C1A511184EB20F shl dword ptr [ebp+$B24E1811], $0F 00559D63 5F pop edi 00559D64 52 push edx 00559D65 D5 aad 00559D66 EB74 jmp 00559DDC 00559D68 1121 adc [ecx], esp 00559D6A AE scasb 00559D6B F0 lock 00559D6C 7473 jz 00559DE1 00559D6E 814845F9041C6F or dword ptr [eax+$45], $6F1C04F9 00559D75 875F05 xchg [edi+$05], ebx 00559D78 91 xchg eax, ecx 00559D79 09DD or ebp, ebx 00559D7B C2B529 ret $29B5 00559D7E 2DFA09CCF0 sub eax, $F0CC09FA 00559D83 B6E7 mov dh, $E7 00559D85 1BCA sbb ecx, edx 00559D87 C03197 DB $C0, $31, $97 // byte ptr [ecx], $97 00559D8A D6 DB $D6 // 00559D8B 8B4770 mov eax, [edi+$70] 00559D8E 0DAB3201C5 or eax, $C50132AB 00559D93 4A dec edx 00559D94 64831533A36A434A adc dword ptr fs:[$436AA333], +$4A 00559D9C 03FC add edi, esp 00559D9E 68BAD99B76 push $769BD9BA 00559DA3 8349879F or dword ptr [ecx-$79], -$61 00559DA7 6384A6DFD13B37 arpl [esi+$373BD1DF], ax 00559DAE 37 aaa 00559DAF 43 inc ebx 00559DB0 A20B5249D4 mov byte ptr [$D449520B], al 00559DB5 98 cwde 00559DB6 E173 loope +$73 00559DB8 7AF9 jp 00559DB3 00559DBA AE scasb 00559DBB 3BA71F27D9CF cmp esp, [edi+$CFD9271F] 00559DC1 B8473BE378 mov eax, $78E33B47 00559DC6 265C pop esp 00559DC8 AD lodsd 00559DC9 E9899D7823 jmp 23CE3B57 00559DCE 9B wait 00559DCF 29A58E178908 sub dword ptr [ebp+$889178E], esp 00559DD5 EBD3 jmp 00559DAA 00559DD7 D9B2CA13975C fstenv ???? ptr [edx+$5C9713CA] 00559DDD F60C3D0B855AF7 DB $F6, $0C, $3D, $0B, $85, $5A, $F7 // byte ptr [$F75A850B+edi] 00559DE4 96 xchg eax, esi 00559DE5 7F04 jnle 00559DEB 00559DE7 BF93E12568 mov edi, $6825E193 00559DEC AB stosd 00559DED A884 test al, $84 00559DEF 8DC8 lea ecx, eax 00559DF1 72C9 jb 00559DBC 00559DF3 6E outsb 00559DF4 3BB9A1CFA946 cmp edi, [ecx+$46A9CFA1] 00559DFA 8CF4 mov sp, 00559DFC 7F11 jnle 00559E0F 00559DFE E850924B6F call 6FA13053 00559E03 5C pop esp 00559E04 37 aaa 00559E05 F2 repne 00559E06 7CBC jl 00559DC4 00559E08 A1B6D9237B mov eax, dword ptr [$7B23D9B6] 00559E0D B079 mov al, $79 00559E0F 9B wait 00559E10 0B5E7A or ebx, [esi+$7A] 00559E13 265D pop ebp 00559E15 29905205E58D sub dword ptr [eax+$8DE50552], edx 00559E1B 348A xor al, $8A 00559E1D 77A5 jnbe 00559DC4 00559E1F 06 push es 00559E20 69D0301C5239 imul edx, eax, $39521C30 00559E26 4D dec ebp 00559E27 7BA5 jnp 00559DCE 00559E29 094223 or [edx+$23], eax 00559E2C ED in eax, dx 00559E2D 3922 cmp [edx], esp 00559E2F 96 xchg eax, esi 00559E30 1F pop ds 00559E31 388AE503F8C4 cmp [edx+$C4F803E5], cl 00559E37 D33B sar dword ptr [ebx], cl 00559E39 58 pop eax 00559E3A 60 pusha 00559E3B 8781E6BFD515 xchg [ecx+$15D5BFE6], eax 00559E41 2EAD lodsd 00559E43 42 inc edx 00559E44 2B7220 sub esi, dword ptr [edx+$20] 00559E47 BC222EAC83 mov esp, $83AC2E22 00559E4C 68AFF0DFF6 push $F6DFF0AF 00559E51 1024D1 adc [ecx+edx*8], ah 00559E54 F2 repne 00559E55 DECB fmulp st(3), st(0) 00559E57 84DB test bl, bl 00559E59 3B957C4606BA cmp edx, [ebp+$BA06467C] 00559E5F 7CE7 jl 00559E48 00559E61 8CC6 mov si, es 00559E63 2EBEA2EE20B7 mov esi, $B720EEA2 00559E69 2117 and [edi], edx 00559E6B BD87F08D70 mov ebp, $708DF087 00559E70 E8CB34763B call 3BCBD340 00559E75 047A add al, +$7A 00559E77 A3722BF156 mov dword ptr [$56F12B72], eax 00559E7C 1A21 sbb ah, byte ptr [ecx] 00559E7E 749D jz 00559E1D 00559E80 14C3 adc al, $C3 00559E82 80D2F7 adc dl, $F7 00559E85 1F pop ds 00559E86 F5 cmc 00559E87 51 push ecx 00559E88 3C77 cmp al, $77 00559E8A EB58 jmp 00559EE4 00559E8C 866B12 xchg [ebx+$12], ch 00559E8F C2A070 ret $70A0 00559E92 47 inc edi 00559E93 F5 cmc 00559E94 E534 in eax, $34 00559E96 002498 add [eax+ebx*4], ah 00559E99 75CB jnz 00559E66 00559E9B 8D476F lea eax, [edi+$6F] 00559E9E 5F pop edi 00559E9F 4E dec esi 00559EA0 3F aas 00559EA1 AB stosd 00559EA2 BC81CA94F9 mov esp, $F994CA81 00559EA7 C72390E3A105 mov dword ptr [ebx], $05A1E390 00559EAD 0F75955CF77761 pcmpeqw MM2, [ebp+$6177F75C] 00559EB4 6F outsd 00559EB5 B68A mov dh, $8A 00559EB7 A7 cmpsd 00559EB8 F67FD2 idiv byte ptr [edi-$2E] 00559EBB C8E4 enter , $E4 00559EBD E4A8 in al, $A8 00559EBF FB sti 00559EC0 BD13CE2BE2 mov ebp, $E22BCE13 00559EC5 8A02 mov al, byte ptr [edx] 00559EC7 35B51CD796 xor eax, $96D71CB5 00559ECC CB ret 00559ECD 10B1DF41CE7E adc [ecx+$7ECE41DF], dh 00559ED3 BD6CFD30F2 mov ebp, $F230FD6C 00559ED8 C54AD9 lds ecx, [edx-$27] 00559EDB 7D56 jnl 00559F33 00559EDD 76DE jbe 00559EBD 00559EDF 39CA cmp edx, ecx 00559EE1 6751 push ecx 00559EE3 E4DA in al, $DA 00559EE5 CA ret 00559EE6 EB8C jmp 00559E74 00559EE8 663BBF4ADFA799 cmp di, word ptr [edi+$99A7DF4A] 00559EEF 49 dec ecx 00559EF0 4E dec esi 00559EF1 726A jb 00559F5D 00559EF3 0392171EB6D7 add edx, [edx+$D7B61E17] 00559EF9 B768 mov bh, $68 00559EFB BF0346AE87 mov edi, $87AE4603 00559F00 1CBB sbb al, $BB 00559F02 096E7F or [esi+$7F], ebp 00559F05 B070 mov al, $70 00559F07 5D pop ebp 00559F08 769C jbe 00559EA6 00559F0A 2AAAC7D3B30B sub ch, byte ptr [edx+$BB3D3C7] 00559F10 D9838B04765B fld dword ptr [ebx+$5B76048B] 00559F16 80D459 adc ah, $59 00559F19 0907 or [edi], eax 00559F1B 54 push esp 00559F1C 1F pop ds 00559F1D CF iret 00559F1E 7571 jnz 00559F91 00559F20 69399FE5C7EE imul edi, [ecx], $EEC7E59F 00559F26 A8EE test al, $EE 00559F28 AB stosd 00559F29 FE06 inc byte ptr [esi] 00559F2B C7EAF0912E7F mov edx, $7F2E91F0 00559F31 F0 lock 00559F32 E393 jcxz -$6D 00559F34 1CE9 sbb al, $E9 00559F36 9E sahf 00559F37 A97178A997 test eax, $97A97871 00559F3C 8588B1691BA6 test [eax+$A61B69B1], ecx 00559F42 E4D0 in al, $D0 00559F44 45 inc ebp 00559F45 51 push ecx 00559F46 4A dec edx 00559F47 46 inc esi 00559F48 8FE7 pop edi 00559F4A A5 movsd 00559F4B 8D31 lea esi, [ecx] 00559F4D 685ECF21D7 push $D721CF5E 00559F52 677D91 jnl 00559EE6 00559F55 EA6BB38597 jmp $9785B36B 00559F5A 8E8B217ED329 mov cs, word ptr [ebx+$29D37E21] 00559F60 B191 mov cl, $91 00559F62 399AF5F91352 cmp [edx+$5213F9F5], ebx 00559F68 C4E5 les esp, bp * Reference to : TMDFReader._PROC_00550150() | 00559F6A E8E161FFFF call 00550150 00559F6F 33C0 xor eax, eax 00559F71 5A pop edx 00559F72 59 pop ecx 00559F73 59 pop ecx 00559F74 648910 mov fs:[eax], edx 00559F77 EB69 jmp 00559FE2 | 00559F79 E91AA9EAFF jmp 00404898 00559F7E 0100 add [eax], eax 00559F80 0000 add [eax], al 00559F82 808F40008A9F55 or byte ptr [edi+$9F8A0040], $55 00559F89 0089C3688CA2 add [ecx+$A28C68C3], cl 00559F8F 55 push ebp 00559F90 008D95B0FEFF add [ebp+$FFFEB095], cl 00559F96 FF8B03E886A1 dec dword ptr [ebx+$A186E803] 00559F9C EAFF8D95B0 jmp $B0958DFF 00559FA1 FEFF DB $FE, $FF // 00559FA3 FF8D85A8FEFF dec dword ptr [ebp+$FFFEA885] 00559FA9 FFE8 jmp ax 00559FAB 7DB4 jnl 00559F61 00559FAD EAFFFFB5A8 jmp $A8B5FFFF 00559FB2 FEFF DB $FE, $FF // 00559FB4 FF6824 jmp [eax+$24] 00559FB7 A25500FF73 mov byte ptr [$73FF0055], al 00559FBC 048D add al, -$73 00559FBE 85ACFEFFFFBA04 test [esi+edi*8+$4BAFFFF], ebp 00559FC5 0000 add [eax], al 00559FC7 00E8 add al, ch 00559FC9 7FB5 jnle 00559F80 00559FCB EAFF8B95AC jmp $AC958BFF 00559FD0 FEFF DB $FE, $FF // 00559FD2 FFB8 DB $FF, $B8 // 00559FD4 A6 cmpsb 00559FD5 3B01 cmp eax, [ecx] 00559FD7 00E8 add al, ch 00559FD9 47 inc edi 00559FDA 1E push ds 00559FDB 0000 add [eax], al | 00559FDD E85EACEAFF call 00404C40 ****** END | 00559FE2 807DF700 cmp byte ptr [ebp-$09], $00 00559FE6 7415 jz 00559FFD 00559FE8 8B0D3CC19A00 mov ecx, [$009AC13C] * Possible String Reference to: 'You can't save a recovered data in | demo mode.' | 00559FEE BAA8A25500 mov edx, $0055A2A8 * Possible String Reference to: 'Attention. Demo version has limitat | ion...' | 00559FF3 B8E0A25500 mov eax, $0055A2E0 | 00559FF8 E8E32A0000 call 0055CAE0 00559FFD 33C0 xor eax, eax 00559FFF 5A pop edx 0055A000 59 pop ecx 0055A001 59 pop ecx 0055A002 648910 mov fs:[eax], edx ****** FINALLY | 0055A005 6871A05500 push $0055A071 0055A00A 8D85A8FEFFFF lea eax, [ebp+$FFFFFEA8] 0055A010 BA02000000 mov edx, $00000002 | 0055A015 E8C2B1EAFF call 004051DC 0055A01A 8D45B0 lea eax, [ebp-$50] 0055A01D BA02000000 mov edx, $00000002 | 0055A022 E8B5B1EAFF call 004051DC 0055A027 8D45B8 lea eax, [ebp-$48] | 0055A02A E889B1EAFF call 004051B8 0055A02F 8D45BC lea eax, [ebp-$44] | 0055A032 E8C5B9EAFF call 004059FC 0055A037 8D45C0 lea eax, [ebp-$40] | 0055A03A E879B1EAFF call 004051B8 0055A03F 8D45C8 lea eax, [ebp-$38] 0055A042 BA02000000 mov edx, $00000002 | 0055A047 E890B1EAFF call 004051DC 0055A04C 8D45D0 lea eax, [ebp-$30] | 0055A04F E864B1EAFF call 004051B8 0055A054 8D45D4 lea eax, [ebp-$2C] | 0055A057 E85CB1EAFF call 004051B8 0055A05C 8D45D8 lea eax, [ebp-$28] 0055A05F BA02000000 mov edx, $00000002 | 0055A064 E873B1EAFF call 004051DC 0055A069 C3 ret *) end; |
|
大家帮我看看这个软件的注册原理
Themida|WinLicense V1.9.2.0 -> Oreans Technologies * |
|
[求助]对有加密狗的软件怎样下手破解,比如说我一个正版软件也有一个它的加密狗,怎样操作?
找两台机器,一台用狗运行,一台无狗运行,用OD单步追,发现跳转不一样的地方,马上改JMP 直跳,跳到程序正常运行! |
|
[讨论]弹出两个对话框要怎么破解
抓按钮事件断点呗 |
|
[求助]请教软件注册码的实现
用网络版的加密狗实现吧! |
|
[求助]用什么软件可以查看软件是用什么语言开发的?
前提是没加过壳的软件! |
|
[求助]这是什么壳,怎么脱!高手指点~~
你匆匆的来,又匆匆的离去,18楼破解高人给点提示好吗? |
|
[求助]这是什么壳,怎么脱!高手指点~~
传说中的高人出现了......先恭敬一下,马上试一下! |
|
[求助]这是什么壳,怎么脱!高手指点~~
楼上,好象懂这个壳,给我一个解决思路好吗?? |
|
[求助]这是什么壳,怎么脱!高手指点~~
顶...... |
|
[求助]这个应该怎么破解
看注册界面怎么好象是aramdillo壳呢,在软件还能运行的情况下,找aramdillo的脱壳工具! Armadillo 1.xx - 2.xx -> Silicon Realms Toolworks 我没有注册码,没法运行! |
|
|
|
[求助]这是什么壳,怎么脱!高手指点~~
下面是我用过的几个关于脱这个壳的脚本,或许能给高手点帮助! |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值