能力值:
![]()
(RANK:215 )
|
-
-
2 楼
00492D38 > $ 55 push ebp
00492D39 . 8BEC mov ebp, esp
00492D3B . 83C4 F0 add esp, -10
00492D3E . B8 F8294900 mov eax, 004929F8
00492D43 . E8 8C3AF7FF call 004067D4 ; procedure _InitExe(InitTable: Pointer)
00492D48 . A1 10594900 mov eax, dword ptr [495910]
00492D4D . 8B00 mov eax, dword ptr [eax]
00492D4F . E8 4024FDFF call 00465194 ; [TApplication] procedure Initialize
00492D54 . A1 10594900 mov eax, dword ptr [495910]
00492D59 . 8B00 mov eax, dword ptr [eax]
00492D5B . 33D2 xor edx, edx
00492D5D . E8 1A20FDFF call 00464D7C ; [TApplication][Write property] procedure SetTitle(const Value: string)
00492D62 . 8B0D 345A4900 mov ecx, dword ptr [495A34] ; keygen.00496D14
00492D68 . A1 10594900 mov eax, dword ptr [495910]
00492D6D . 8B00 mov eax, dword ptr [eax]
00492D6F . 8B15 F41C4900 mov edx, dword ptr [491CF4] ; keygen.00491D40
00492D75 . E8 3224FDFF call 004651AC ; [TApplication] procedure CreateForm(InstanceClass: TComponentClass; var Reference)
00492D7A . A1 10594900 mov eax, dword ptr [495910]
00492D7F . 8B00 mov eax, dword ptr [eax]
00492D81 . E8 A624FDFF call 0046522C ; [TApplication] procedure Run
00492D86 . E8 D916F7FF call 00404464
00492D8B . 90 nop
仔细看了下,你说的插件没见过,求一下。
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
我也没见过啦.看别人发的破文里的代码...
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
不知道你说的是不是DeDeDark,他能反编译出D7的大部分资源,包括窗体,控件和各种事件,对很多库函数都能显示名字。贴一段反汇编的代码。
0044FBA0 55 push ebp
0044FBA1 8BEC mov ebp, esp
0044FBA3 81C4D4FEFFFF add esp, $FFFFFED4
0044FBA9 53 push ebx
0044FBAA 56 push esi
0044FBAB 33C9 xor ecx, ecx
0044FBAD 898DD4FEFFFF mov [ebp+$FFFFFED4], ecx
0044FBB3 8DB5D8FEFFFF lea esi, [ebp+$FFFFFED8]
0044FBB9 33D2 xor edx, edx
0044FBBB 55 push ebp
* Possible String Reference to: '閽;?腠^[嬪]?
|
0044FBBC 687DFC4400 push $0044FC7D
***** TRY
|
0044FBC1 64FF32 push dword ptr fs:[edx]
0044FBC4 648922 mov fs:[edx], esp
* Reference to control Timer3 : TTimer
|
0044FBC7 8B8004030000 mov eax, [eax+$0304]
0044FBCD 33D2 xor edx, edx
* Reference to: ExtCtrls.TTimer.SetEnabled(TTimer;Boolean);
| or: IBDatabase.TIBTimer.SetEnabled(TIBTimer;Boolean);
| or: Menus.TMenu.SetOwnerDraw(TMenu;Boolean);
|
0044FBCF E80453FDFF call 00424ED8
0044FBD4 33D2 xor edx, edx
0044FBD6 B802000000 mov eax, $00000002
* Reference to: TlHelp32.CreateToolhelp32Snapshot(DWORD;DWORD):Windows.THandle;
| or: TlHelp32.Heap32ListFirst(Windows.THandle;tagHEAPLIST32;tagHEAPLIST32):BOOL;
| or: TlHelp32.Heap32ListNext(Windows.THandle;tagHEAPLIST32;tagHEAPLIST32):BOOL;
| or: TlHelp32.Process32First(Windows.THandle;tagPROCESSENTRY32;tagPROCESSENTRY32):BOOL;
| or: TlHelp32.Process32Next(Windows.THandle;tagPROCESSENTRY32;tagPROCESSENTRY32):BOOL;
| or: TlHelp32.Process32FirstW(Windows.THandle;tagPROCESSENTRY32W;tagPROCESSENTRY32W):BOOL;
|
0044FBDB E80CF2FFFF call 0044EDEC
0044FBE0 8BD8 mov ebx, eax
0044FBE2 C70628010000 mov dword ptr [esi], $00000128
0044FBE8 8BD6 mov edx, esi
0044FBEA 8BC3 mov eax, ebx
* Reference to: TlHelp32.CreateToolhelp32Snapshot(DWORD;DWORD):Windows.THandle;
| or: TlHelp32.Heap32ListFirst(Windows.THandle;tagHEAPLIST32;tagHEAPLIST32):BOOL;
| or: TlHelp32.Heap32ListNext(Windows.THandle;tagHEAPLIST32;tagHEAPLIST32):BOOL;
| or: TlHelp32.Process32First(Windows.THandle;tagPROCESSENTRY32;tagPROCESSENTRY32):BOOL;
| or: TlHelp32.Process32Next(Windows.THandle;tagPROCESSENTRY32;tagPROCESSENTRY32):BOOL;
| or: TlHelp32.Process32FirstW(Windows.THandle;tagPROCESSENTRY32W;tagPROCESSENTRY32W):BOOL;
|
0044FBEC E81BF2FFFF call 0044EE0C
0044FBF1 83F801 cmp eax, +$01
0044FBF4 1BC0 sbb eax, eax
0044FBF6 40 inc eax
0044FBF7 EB4C jmp 0044FC45
0044FBF9 8D85D4FEFFFF lea eax, [ebp+$FFFFFED4]
0044FBFF 8D5624 lea edx, [esi+$24]
0044FC02 B904010000 mov ecx, $00000104
* Reference to: System.@LStrFromArray(String;String;PAnsiChar;Integer);
| or: System.@WStrFromArray(WideString;WideString;PAnsiChar;Integer);
|
0044FC07 E87444FBFF call 00404080
0044FC0C 8B85D4FEFFFF mov eax, [ebp+$FFFFFED4]
* Possible String Reference to: 'QQ.exe'
|
0044FC12 BA94FC4400 mov edx, $0044FC94
* Reference to: System.@LStrCmp;
|
0044FC17 E80046FBFF call 0040421C
0044FC1C 7518 jnz 0044FC36
0044FC1E 8B4608 mov eax, [esi+$08]
0044FC21 50 push eax
0044FC22 6A00 push $00
0044FC24 68FF0F1F00 push $001F0FFF
* Reference to: kernel32.OpenProcess()
|
0044FC29 E8F262FBFF call 00405F20
0044FC2E 6A01 push $01
0044FC30 50 push eax
* Reference to: kernel32.TerminateProcess()
|
0044FC31 E83A63FBFF call 00405F70
0044FC36 8BD6 mov edx, esi
0044FC38 8BC3 mov eax, ebx
* Reference to: TlHelp32.CreateToolhelp32Snapshot(DWORD;DWORD):Windows.THandle;
| or: TlHelp32.Heap32ListFirst(Windows.THandle;tagHEAPLIST32;tagHEAPLIST32):BOOL;
| or: TlHelp32.Heap32ListNext(Windows.THandle;tagHEAPLIST32;tagHEAPLIST32):BOOL;
| or: TlHelp32.Process32First(Windows.THandle;tagPROCESSENTRY32;tagPROCESSENTRY32):BOOL;
| or: TlHelp32.Process32Next(Windows.THandle;tagPROCESSENTRY32;tagPROCESSENTRY32):BOOL;
| or: TlHelp32.Process32FirstW(Windows.THandle;tagPROCESSENTRY32W;tagPROCESSENTRY32W):BOOL;
|
0044FC3A E8EDF1FFFF call 0044EE2C
0044FC3F 83F801 cmp eax, +$01
0044FC42 1BC0 sbb eax, eax
0044FC44 40 inc eax
0044FC45 84C0 test al, al
0044FC47 75B0 jnz 0044FBF9
0044FC49 6A00 push $00
0044FC4B A164264500 mov eax, dword ptr [$00452664]
0044FC50 50 push eax
* Possible String Reference to: 'U嬱j'
|
0044FC51 B8B4F04400 mov eax, $0044F0B4
0044FC56 50 push eax
0044FC57 6A0D push $0D
0044FC59 FF15282C4500 call dword ptr [$00452C28]
0044FC5F A3202C4500 mov dword ptr [$00452C20], eax
0044FC64 33C0 xor eax, eax
0044FC66 5A pop edx
0044FC67 59 pop ecx
0044FC68 59 pop ecx
0044FC69 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '^[嬪]?
|
0044FC6C 6884FC4400 push $0044FC84
0044FC71 8D85D4FEFFFF lea eax, [ebp+$FFFFFED4]
* Reference to: System.@LStrClr(void;void);
|
0044FC77 E89441FBFF call 00403E10
0044FC7C C3 ret
* Reference to: System.@HandleFinally;
|
0044FC7D E9923BFBFF jmp 00403814
0044FC82 EBED jmp 0044FC71
****** END
|
0044FC84 5E pop esi
0044FC85 5B pop ebx
0044FC86 8BE5 mov esp, ebp
0044FC88 5D pop ebp
0044FC89 C3 ret
|
能力值:
( LV9,RANK:200 )
|
-
-
5 楼
用dede生成map文件,od装载下就行了..
|
能力值:
( LV15,RANK:520 )
|
-
-
6 楼
IDA生成MAP,文件,OD装载一下就行啦
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
gooodddd
|
能力值:
( LV11,RANK:188 )
|
-
-
8 楼
delphi ida sig,搜索这个,老兄
|
|
|
|
