00406D28 $ 55 PUSH EBP
00406D29 . 8BEC MOV EBP,ESP
00406D2B . 81C4 DCFEFFFF ADD ESP,-124
00406D31 . 53 PUSH EBX
00406D32 . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00406D35 . 68 05010000 PUSH 105 ; /BufSize = 105 (261.)
00406D3A . 8D85 DFFEFFFF LEA EAX,DWORD PTR SS:[EBP-121] ; |
00406D40 . 50 PUSH EAX ; |PathBuffer
00406D41 . 6A 00 PUSH 0 ; |hModule = NULL
00406D43 . E8 90A6FFFF CALL <JMP.&kernel32.GetModuleFileNameA> ; \GetModuleFileNameA
00406D48 . C645 EE 00 MOV BYTE PTR SS:[EBP-12],0
00406D4C . 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
00406D4F . 50 PUSH EAX ; /pHandle
00406D50 . 68 19000F00 PUSH 0F0019 ; |Access = KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|F0000
00406D55 . 6A 00 PUSH 0 ; |Reserved = 0
00406D57 . 68 6C6F4000 PUSH storage2.00406F6C ; |Subkey = "Software\Borland\Locales"
00406D5C . 68 01000080 PUSH 80000001 ; |hKey = HKEY_CURRENT_USER
00406D61 . E8 CAA6FFFF CALL <JMP.&advapi32.RegOpenKeyExA> ; \RegOpenKeyExA
00406D66 . 85C0 TEST EAX,EAX
00406D68 . 74 40 JE SHORT storage2.00406DAA
00406D6A . 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
这段代码是不是每次重启检查注册表的?还是写入注册表?
一个仓库软件,一个由delphi写的,无注册方式 导入数据有50条的限制,由什么思路去破?
问题很菜,本人更菜,只是感兴趣,破解不知从何学起
补充一段代码 是写入注册表的
00403F83 . 50 PUSH EAX ; /pHandle
00403F84 . 6A 01 PUSH 1 ; |Access = KEY_QUERY_VALUE
00403F86 . 6A 00 PUSH 0 ; |Reserved = 0
00403F88 . 68 08404000 PUSH storage2.00404008 ; |Subkey = "SOFTWARE\Borland\Delphi\RTL"
00403F8D . 68 02000080 PUSH 80000002 ; |hKey = HKEY_LOCAL_MACHINE
00403F92 . E8 99D4FFFF CALL <JMP.&advapi32.RegOpenKeyExA> ; \RegOpenKeyExA
00403F97 . 85C0 TEST EAX,EAX
00403F99 . 75 4D JNZ SHORT storage2.00403FE8
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课