//注:这个是注册按钮对应的函数的逆向
.text:00438E8C sub_438E8C proc near
.text:00438E8C
.text:00438E8C var_154 = qword ptr -154h
.text:00438E8C var_148 = dword ptr -148h
.text:00438E8C Buffer = byte ptr -144h
.text:00438E8C var_131 = byte ptr -131h
.text:00438E8C dest = byte ptr -12Ch
.text:00438E8C s = dword ptr -114h
.text:00438E8C buffer = byte ptr -0FCh
.text:00438E8C var_E4 = dword ptr -0E4h
.text:00438E8C var_E0 = dword ptr -0E0h
.text:00438E8C var_DC = dword ptr -0DCh
.text:00438E8C var_D8 = dword ptr -0D8h
.text:00438E8C var_D4 = dword ptr -0D4h
.text:00438E8C var_D0 = dword ptr -0D0h
.text:00438E8C var_CC = dword ptr -0CCh
.text:00438E8C var_C8 = dword ptr -0C8h
.text:00438E8C var_C4 = dword ptr -0C4h
.text:00438E8C var_C0 = dword ptr -0C0h
.text:00438E8C var_B0 = word ptr -0B0h
.text:00438E8C var_A4 = dword ptr -0A4h
.text:00438E8C var_9C = dword ptr -9Ch
.text:00438E8C var_98 = dword ptr -98h
.text:00438E8C var_94 = dword ptr -94h
.text:00438E8C var_90 = dword ptr -90h
.text:00438E8C var_8C = dword ptr -8Ch
.text:00438E8C var_88 = dword ptr -88h
.text:00438E8C var_84 = dword ptr -84h
.text:00438E8C var_80 = dword ptr -80h
.text:00438E8C var_7C = dword ptr -7Ch
.text:00438E8C var_78 = dword ptr -78h
.text:00438E8C var_74 = dword ptr -74h
.text:00438E8C var_70 = dword ptr -70h
.text:00438E8C var_6C = dword ptr -6Ch
.text:00438E8C var_68 = dword ptr -68h
.text:00438E8C var_64 = dword ptr -64h
.text:00438E8C var_60 = dword ptr -60h
.text:00438E8C var_5C = dword ptr -5Ch
.text:00438E8C var_58 = dword ptr -58h
.text:00438E8C var_54 = dword ptr -54h
.text:00438E8C var_50 = dword ptr -50h
.text:00438E8C var_4C = dword ptr -4Ch
.text:00438E8C var_48 = dword ptr -48h
.text:00438E8C var_44 = dword ptr -44h
.text:00438E8C var_40 = dword ptr -40h
.text:00438E8C var_3C = dword ptr -3Ch
.text:00438E8C var_38 = dword ptr -38h
.text:00438E8C var_34 = dword ptr -34h
.text:00438E8C var_30 = dword ptr -30h
.text:00438E8C var_2C = dword ptr -2Ch
.text:00438E8C var_28 = dword ptr -28h
.text:00438E8C var_24 = dword ptr -24h
.text:00438E8C var_20 = dword ptr -20h
.text:00438E8C var_1C = dword ptr -1Ch
.text:00438E8C var_18 = dword ptr -18h
.text:00438E8C var_14 = dword ptr -14h
.text:00438E8C var_10 = dword ptr -10h
.text:00438E8C var_C = dword ptr -0Ch
.text:00438E8C var_8 = dword ptr -8
.text:00438E8C var_4 = dword ptr -4
.text:00438E8C
.text:00438E8C push ebp
.text:00438E8D mov ebp, esp
.text:00438E8F add esp, 0FFFFFEB8h
.text:00438E95 push ebx
.text:00438E96 mov [ebp+var_C8], edx
.text:00438E9C mov [ebp+var_C4], eax
.text:00438EA2 mov eax, offset stru_50DFFC
.text:00438EA7 call @__InitExceptBlockLDTC
.text:00438EAC mov [ebp+var_B0], 8
.text:00438EB5 lea eax, [ebp+var_4]
.text:00438EB8 call nop_38
.text:00438EBD mov edx, eax
.text:00438EBF inc [ebp+var_A4]
.text:00438EC5 mov ecx, [ebp+var_C4]
.text:00438ECB mov eax, [ecx+2E4h]
.text:00438ED1 call @TControl@GetText$qqrv ; TControl::GetText(void)
.text:00438ED6 lea edx, [ebp+var_4] //取假的注册码
.text:00438ED9 push dword ptr [edx]
.text:00438EDB lea eax, [ebp+var_8]
.text:00438EDE call nop_38
.text:00438EE3 mov edx, eax
.text:00438EE5 inc [ebp+var_A4]
.text:00438EEB mov ecx, [ebp+var_C4]
.text:00438EF1 mov eax, [ecx+2DCh]
.text:00438EF7 call @TControl@GetText$qqrv ; TControl::GetText(void)
.text:00438EFC lea edx, [ebp+var_8] //取注册名
.text:00438EFF push dword ptr [edx]
.text:00438F01 push [ebp+var_C4]
.text:00438F07 call sub_439CD0 //验证旧的注册码
.text:00438F0C add esp, 0Ch
.text:00438F0F cmp al, 1
.text:00438F11 setz cl
.text:00438F14 and ecx, 1
.text:00438F17 push ecx
.text:00438F18 dec [ebp+var_A4]
.text:00438F1E lea eax, [ebp+var_8]
.text:00438F21 mov edx, 2
.text:00438F26 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00438F2B dec [ebp+var_A4]
.text:00438F31 lea eax, [ebp+var_4]
.text:00438F34 mov edx, 2
.text:00438F39 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00438F3E pop ecx
.text:00438F3F test cl, cl
.text:00438F41 jz short loc_438F8B //旧注册码验证失败则跳
.text:00438F43 mov [ebp+var_B0], 14h
.text:00438F4C mov edx, offset aUFICVSIIVSIEVT ; "你输入的是老版本的注册码,请把注册时的定"...
.text:00438F51 lea eax, [ebp+var_C]
.text:00438F54 call ToStr_4E84C8
.text:00438F59 inc [ebp+var_A4]
.text:00438F5F mov eax, [eax]
.text:00438F61 call @Dialogs@ShowMessage$qqrx17System@AnsiString ; Dialogs::ShowMessage(System::AnsiString)
.text:00438F66 dec [ebp+var_A4]
.text:00438F6C lea eax, [ebp+var_C]
.text:00438F6F mov edx, 2
.text:00438F74 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00438F79 mov ecx, [ebp+var_C0]
.text:00438F7F mov large fs:0, ecx
.text:00438F86 jmp loc_439CB5
.text:00438F8B ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:00438F8B
.text:00438F8B loc_438F8B:
.text:00438F8B push 14h ; n
.text:00438F8D push 0 ; c
.text:00438F8F lea eax, [ebp+s]
.text:00438F95 push eax ; s
.text:00438F96 call _memset //s 20个字节清零
.text:00438F9B add esp, 0Ch
.text:00438F9E xor edx, edx
.text:00438FA0 mov [ebp+var_CC], edx //清零
.text:00438FA6 push 14h ; n
.text:00438FA8 push 0 ; c
.text:00438FAA lea ecx, [ebp+buffer]
.text:00438FB0 push ecx ; s
.text:00438FB1 call _memset //buffer 20个字节清零
.text:00438FB6 add esp, 0Ch
.text:00438FB9 push 14h ; n
.text:00438FBB push 0 ; c
.text:00438FBD lea eax, [ebp+dest]
.text:00438FC3 push eax ; s
.text:00438FC4 call _memset //dest 20个字节清零
.text:00438FC9 add esp, 0Ch
.text:00438FCC mov [ebp+var_B0], 20h
.text:00438FD5 lea eax, [ebp+var_10]
.text:00438FD8 call nop_38
.text:00438FDD mov edx, eax
.text:00438FDF inc [ebp+var_A4]
.text:00438FE5 mov ecx, [ebp+var_C4]
.text:00438FEB mov eax, [ecx+2DCh]
.text:00438FF1 call @TControl@GetText$qqrv ; TControl::GetText(void)
.text:00438FF6 lea eax, [ebp+var_10] //注册名
.text:00438FF9 call @System@AnsiString@c_str$xqqrv ; System::AnsiString::c_str(void)
.text:00438FFE push eax ; src
.text:00438FFF lea edx, [ebp+dest]
.text:00439005 push edx ; dest
.text:00439006 call _strcpy //拷贝到dest
.text:0043900B add esp, 8
.text:0043900E dec [ebp+var_A4]
.text:00439014 lea eax, [ebp+var_10]
.text:00439017 mov edx, 2
.text:0043901C call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439021 mov [ebp+var_B0], 2Ch
.text:0043902A lea eax, [ebp+var_14]
.text:0043902D call nop_38
.text:00439032 mov edx, eax
.text:00439034 inc [ebp+var_A4]
.text:0043903A mov ecx, [ebp+var_C4]
.text:00439040 mov eax, [ecx+2F0h]
.text:00439046 call @TControl@GetText$qqrv ; TControl::GetText(void)
.text:0043904B lea eax, [ebp+var_14] //机器码"78577547151034922222"
.text:0043904E call @System@AnsiString@c_str$xqqrv ; System::AnsiString::c_str(void)
.text:00439053 push eax ; src
.text:00439054 lea edx, [ebp+s]
.text:0043905A push edx ; dest
.text:0043905B call _strcpy //拷贝到s
.text:00439060 add esp, 8
.text:00439063 dec [ebp+var_A4]
.text:00439069 lea eax, [ebp+var_14]
.text:0043906C mov edx, 2
.text:00439071 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439076 xor ecx, ecx
.text:00439078 mov [ebp+var_D0], ecx //索引清零
.text:0043907E
.text:0043907E loc_43907E:
.text:0043907E mov eax, [ebp+var_D0]
.text:00439084 mov dl, [ebp+eax+dest] //取注册名一个字符
.text:0043908B mov ecx, [ebp+var_D0]
.text:00439091 xor dl, byte ptr [ebp+ecx+s] //取机器码一个字符 异或
.text:00439098 mov eax, [ebp+var_D0]
.text:0043909E mov [ebp+eax+buffer], dl //保存结果
.text:004390A5 mov edx, [ebp+var_D0]
.text:004390AB movsx ecx, [ebp+edx+buffer]
.text:004390B3 mov [ebp+var_148], ecx
.text:004390B9 fild [ebp+var_148]
.text:004390BF add esp, 0FFFFFFF8h ; x
.text:004390C2 fstp [esp+154h+var_154]
.text:004390C5 call _fabs //求绝对值
.text:004390CA add esp, 8
.text:004390CD fild [ebp+var_D0] //乘以 索引
.text:004390D3 fmulp st(1), st
.text:004390D5 fild [ebp+var_CC] //累加
.text:004390DB faddp st(1), st
.text:004390DD call @_ftol$qv ; _ftol(void)
.text:004390E2 mov [ebp+var_CC], eax //保存回去
.text:004390E8 inc [ebp+var_D0] //索引加1
.text:004390EE cmp [ebp+var_D0], 14h //索引小于20则继续循环
.text:004390F5 jl short loc_43907E
.text:004390F7 add [ebp+var_CC], 3039h //累加和 加上 12345
.text:00439101 push [ebp+var_CC]
.text:00439107 push offset aD_4 ; format //"%d"
.text:0043910C lea edx, [ebp+buffer]
.text:00439112 push edx ; buffer
.text:00439113 call _sprintf //转换成 字符串 到 buffer
.text:00439118 add esp, 0Ch
.text:0043911B mov [ebp+var_B0], 38h
.text:00439124 lea eax, [ebp+var_18]
.text:00439127 call nop_38
.text:0043912C mov edx, eax
.text:0043912E inc [ebp+var_A4]
.text:00439134 mov ecx, [ebp+var_C4]
.text:0043913A mov eax, [ecx+2E4h]
.text:00439140 call @TControl@GetText$qqrv ; TControl::GetText(void)
.text:00439145 lea eax, [ebp+var_18] //假注册码
.text:00439148 call @System@AnsiString@c_str$xqqrv ; System::AnsiString::c_str(void)
.text:0043914D push eax ; src
.text:0043914E lea edx, [ebp+Buffer]
.text:00439154 push edx ; dest
.text:00439155 call _strcpy //拷贝到Buffer(注意这个与上面不同!)
.text:0043915A add esp, 8
.text:0043915D dec [ebp+var_A4]
.text:00439163 lea eax, [ebp+var_18]
.text:00439166 mov edx, 2
.text:0043916B call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439170 xor ecx, ecx
.text:00439172 mov [ebp+var_D0], ecx //索引清零
.text:00439178
.text:00439178 loc_439178:
.text:00439178 mov eax, [ebp+var_D0]
.text:0043917E movsx edx, [ebp+eax+buffer] //取 buffer 一个字符
.text:00439186 mov ecx, [ebp+var_D0]
.text:0043918C movsx eax, [ebp+ecx+Buffer] //取 假注册码 一个字符 减去 20
.text:00439194 add eax, 0FFFFFFECh
.text:00439197 cmp edx, eax //比较
.text:00439199 jnz loc_43924E //不等则失败
.text:0043919F cmp [ebp+var_D0], 3
.text:004391A6 jnz loc_43923B //索引 等于 3 则跳
.text:004391AC mov edx, [ebp+var_CC] //取 用户名累加和
.text:004391B2 add edx, 4D44h //加上 19780
.text:004391B8 mov [ebp+var_148], edx
.text:004391BE fild [ebp+var_148]
.text:004391C4 fmul ds:dbl_439CBC //乘以 3.14
.text:004391CA fld ds:tbyte_439CC4 //乘以 1.59489633173843711e-1
.text:004391D0 fmulp st(1), st
.text:004391D2 call @_ftol$qv ; _ftol(void)
.text:004391D7 mov [ebp+var_CC], eax //转换成整数保存
.text:004391DD mov eax, [ebp+var_CC]
.text:004391E3 mov ecx, 186A0h //除以 100000
.text:004391E8 cdq
.text:004391E9 idiv ecx
.text:004391EB mov [ebp+var_CC], edx //保存余数
.text:004391F1 xor eax, eax
.text:004391F3 mov [ebp+var_D8], eax //累加和 清零
.text:004391F9 xor edx, edx
.text:004391FB mov [ebp+var_DC], edx //索引 清零
.text:00439201
.text:00439201 loc_439201:
.text:00439201 mov ecx, [ebp+var_DC]
.text:00439207 movsx eax, [ebp+ecx+Buffer] //取 假注册码 一个字符
.text:0043920F add [ebp+var_D8], eax //累加
.text:00439215 inc [ebp+var_DC]
.text:0043921B cmp [ebp+var_DC], 13h //小于 19 继续循环
.text:00439222 jl short loc_439201
.text:00439224 mov eax, [ebp+var_D8] //取累加和
.text:0043922A mov ecx, 0Ah
.text:0043922F cdq
.text:00439230 idiv ecx
.text:00439232 add edx, 30h //除以 10,余数加 30h
.text:00439235 mov [ebp+var_D8], edx //保存余数
.text:0043923B
.text:0043923B loc_43923B:
.text:0043923B inc [ebp+var_D0] //外索引加 1
.text:00439241 cmp [ebp+var_D0], 5
.text:00439248 jl loc_439178 //小于5 继续循环
.text:0043924E
.text:0043924E loc_43924E: ; CODE XREF: sub_438E8C+30Dj
.text:0043924E cmp [ebp+var_D0], 5
.text:00439255 jl loc_439C5E //外索引小于5则失败
.text:0043925B movsx eax, [ebp+var_131]
.text:00439262 cmp eax, [ebp+var_D8]
.text:00439268 jz short loc_43927A
.text:0043926A movsx edx, [ebp+var_131]
.text:00439271 cmp edx, 41h
.text:00439274 jl loc_439C5E //跳则失败
.text:0043927A
.text:0043927A loc_43927A:
.text:0043927A mov eax, [ebp+var_CC] //取上面的和 除以 10 取 余数
.text:00439280 mov ecx, 0Ah
.text:00439285 cdq
.text:00439286 idiv ecx
.text:00439288 mov eax, [ebp+var_D0]
.text:0043928E movsx ecx, [ebp+eax+Buffer]
.text:00439296 add ecx, 0FFFFFFBFh //-41h
.text:00439299 sub ecx, edx
.text:0043929B mov [ebp+var_D4], ecx
.text:004392A1 cmp [ebp+var_D4], 0
.text:004392A8 jz short loc_4392B7
.text:004392AA cmp [ebp+var_D4], 6
.text:004392B1 jnz loc_439C13
.text:004392B7
.text:004392B7 loc_4392B7: ///////////////////////////////////////////////
.text:004392B7 mov [ebp+var_B0], 44h
.text:004392C0 mov edx, offset aVSJgmZ ; "注册成功,谢谢您的支持"
.text:004392C5 lea eax, [ebp+var_1C]
.text:004392C8 call ToStr_4E84C8
.text:004392CD inc [ebp+var_A4]
.text:004392D3 mov eax, [eax]
.text:004392D5 call @Dialogs@ShowMessage$qqrx17System@AnsiString ; Dialogs::ShowMessage(System::AnsiString)
.text:004392DA dec [ebp+var_A4]
.text:004392E0 lea eax, [ebp+var_1C]
.text:004392E3 mov edx, 2
.text:004392E8 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:004392ED mov ecx, off_524288
.text:004392F3 mov eax, [ecx]
.text:004392F5 mov byte ptr [eax+0E14h], 1
.text:004392FC push 400h ; uSize
.text:00439301 lea edx, [ebp+Buffer]
.text:00439307 push edx ; lpBuffer
.text:00439308 call GetWindowsDirectoryA
.text:0043930D push offset aPmlxzj_dll_1 ; src
.text:00439312 lea ecx, [ebp+Buffer]
.text:00439318 push ecx ; dest
.text:00439319 call _strcat
.text:0043931E add esp, 8
.text:00439321 mov dl, 1
.text:00439323 mov eax, ds:off_4AB0B8
.text:00439328 call @TAngles@$bctr$qqrv ; TAngles::TAngles(void)
.text:0043932D mov [ebp+var_E0], eax
.text:00439333 mov [ebp+var_B0], 50h
.text:0043933C lea edx, [ebp+Buffer]
.text:00439342 lea eax, [ebp+var_20]
.text:00439345 call ToStr_4E84C8
.text:0043934A inc [ebp+var_A4]
.text:00439350 mov edx, [eax]
.text:00439352 mov eax, [ebp+var_E0]
.text:00439358 mov ecx, [eax]
.text:0043935A call dword ptr [ecx+58h]
.text:0043935D dec [ebp+var_A4]
.text:00439363 lea eax, [ebp+var_20]
.text:00439366 mov edx, 2
.text:0043936B call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439370 mov [ebp+var_B0], 5Ch
.text:00439379 mov edx, offset unk_50DD4D
.text:0043937E lea eax, [ebp+var_24]
.text:00439381 call ToStr_4E84C8
.text:00439386 inc [ebp+var_A4]
.text:0043938C mov ecx, [eax]
.text:0043938E xor edx, edx
.text:00439390 mov eax, [ebp+var_E0]
.text:00439396 mov ebx, [eax]
.text:00439398 call dword ptr [ebx+20h]
.text:0043939B dec [ebp+var_A4]
.text:004393A1 lea eax, [ebp+var_24]
.text:004393A4 mov edx, 2
.text:004393A9 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:004393AE mov [ebp+var_B0], 68h
.text:004393B7 lea eax, [ebp+var_28]
.text:004393BA call nop_38
.text:004393BF mov edx, eax
.text:004393C1 inc [ebp+var_A4]
.text:004393C7 mov ecx, [ebp+var_C4]
.text:004393CD mov eax, [ecx+2DCh]
.text:004393D3 call @TControl@GetText$qqrv ; TControl::GetText(void)
.text:004393D8 lea ecx, [ebp+var_28]
.text:004393DB mov ecx, [ecx]
.text:004393DD mov edx, 1
.text:004393E2 mov eax, [ebp+var_E0]
.text:004393E8 mov ebx, [eax]
.text:004393EA call dword ptr [ebx+20h]
.text:004393ED dec [ebp+var_A4]
.text:004393F3 lea eax, [ebp+var_28]
.text:004393F6 mov edx, 2
.text:004393FB call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439400 mov [ebp+var_B0], 74h
.text:00439409 lea eax, [ebp+var_2C]
.text:0043940C call nop_38
.text:00439411 mov edx, eax
.text:00439413 inc [ebp+var_A4]
.text:00439419 mov ecx, [ebp+var_C4]
.text:0043941F mov eax, [ecx+2E4h]
.text:00439425 call @TControl@GetText$qqrv ; TControl::GetText(void)
.text:0043942A lea ecx, [ebp+var_2C]
.text:0043942D mov ecx, [ecx]
.text:0043942F mov edx, 2
.text:00439434 mov eax, [ebp+var_E0]
.text:0043943A mov ebx, [eax]
.text:0043943C call dword ptr [ebx+20h]
.text:0043943F dec [ebp+var_A4]
.text:00439445 lea eax, [ebp+var_2C]
.text:00439448 mov edx, 2
.text:0043944D call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439452 mov ecx, off_524288
.text:00439458 mov eax, [ecx]
.text:0043945A cmp byte ptr [eax+6A4h], 1
.text:00439461 jnz loc_43951D
.text:00439467 mov eax, [ebp+var_E0]
.text:0043946D mov edx, [eax]
.text:0043946F call dword ptr [edx+14h]
.text:00439472 cmp eax, 3
.text:00439475 jle short loc_4394CE
.text:00439477 mov [ebp+var_B0], 80h
.text:00439480 lea eax, [ebp+var_30]
.text:00439483 call nop_38
.text:00439488 mov edx, eax
.text:0043948A inc [ebp+var_A4]
.text:00439490 mov ecx, [ebp+var_C4]
.text:00439496 mov eax, [ecx+2F0h]
.text:0043949C call @TControl@GetText$qqrv ; TControl::GetText(void)
.text:004394A1 lea ecx, [ebp+var_30]
.text:004394A4 mov ecx, [ecx]
.text:004394A6 mov edx, 3
.text:004394AB mov eax, [ebp+var_E0]
.text:004394B1 mov ebx, [eax]
.text:004394B3 call dword ptr [ebx+20h]
.text:004394B6 dec [ebp+var_A4]
.text:004394BC lea eax, [ebp+var_30]
.text:004394BF mov edx, 2
.text:004394C4 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:004394C9 jmp loc_43956E
.text:004394CE ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:004394CE
.text:004394CE loc_4394CE: ; CODE XREF: sub_438E8C+5E9j
.text:004394CE mov [ebp+var_B0], 8Ch
.text:004394D7 lea eax, [ebp+var_34]
.text:004394DA call nop_38
.text:004394DF mov edx, eax
.text:004394E1 inc [ebp+var_A4]
.text:004394E7 mov ecx, [ebp+var_C4]
.text:004394ED mov eax, [ecx+2F0h]
.text:004394F3 call @TControl@GetText$qqrv ; TControl::GetText(void)
.text:004394F8 lea edx, [ebp+var_34]
.text:004394FB mov edx, [edx]
.text:004394FD mov eax, [ebp+var_E0]
.text:00439503 mov ecx, [eax]
.text:00439505 call dword ptr [ecx+34h]
.text:00439508 dec [ebp+var_A4]
.text:0043950E lea eax, [ebp+var_34]
.text:00439511 mov edx, 2
.text:00439516 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:0043951B jmp short loc_43956E
.text:0043951D ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:0043951D
.text:0043951D loc_43951D: ; CODE XREF: sub_438E8C+5D5j
.text:0043951D mov eax, [ebp+var_E0]
.text:00439523 mov edx, [eax]
.text:00439525 call dword ptr [edx+14h]
.text:00439528 cmp eax, 3
.text:0043952B jle short loc_43956E
.text:0043952D mov [ebp+var_B0], 98h
.text:00439536 mov edx, offset unk_50DD4E
.text:0043953B lea eax, [ebp+var_38]
.text:0043953E call ToStr_4E84C8
.text:00439543 inc [ebp+var_A4]
.text:00439549 mov ecx, [eax]
.text:0043954B mov edx, 3
.text:00439550 mov eax, [ebp+var_E0]
.text:00439556 mov ebx, [eax]
.text:00439558 call dword ptr [ebx+20h]
.text:0043955B dec [ebp+var_A4]
.text:00439561 lea eax, [ebp+var_38]
.text:00439564 mov edx, 2
.text:00439569 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:0043956E
.text:0043956E loc_43956E: ; CODE XREF: sub_438E8C+63Dj
.text:0043956E ; sub_438E8C+68Fj ...
.text:0043956E mov [ebp+var_B0], 0A4h
.text:00439577 lea eax, [ebp+var_3C]
.text:0043957A call nop_38
.text:0043957F mov ecx, eax
.text:00439581 inc [ebp+var_A4]
.text:00439587 mov edx, 1
.text:0043958C mov eax, [ebp+var_E0]
.text:00439592 mov ebx, [eax]
.text:00439594 call dword ptr [ebx+0Ch]
.text:00439597 lea edx, [ebp+var_3C]
.text:0043959A mov eax, off_524288
.text:0043959F mov eax, [eax]
.text:004395A1 add eax, 0E08h
.text:004395A6 call @System@AnsiString@$basg$qqrrx17System@AnsiString ; System::AnsiString::operator=(System::AnsiString &)
.text:004395AB dec [ebp+var_A4]
.text:004395B1 lea eax, [ebp+var_3C]
.text:004395B4 mov edx, 2
.text:004395B9 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:004395BE mov [ebp+var_B0], 0B0h
.text:004395C7 lea eax, [ebp+var_40]
.text:004395CA call nop_38
.text:004395CF mov ecx, eax
.text:004395D1 inc [ebp+var_A4]
.text:004395D7 mov edx, 2
.text:004395DC mov eax, [ebp+var_E0]
.text:004395E2 mov ebx, [eax]
.text:004395E4 call dword ptr [ebx+0Ch]
.text:004395E7 lea edx, [ebp+var_40]
.text:004395EA mov eax, off_524288
.text:004395EF mov eax, [eax]
.text:004395F1 add eax, 0E10h
.text:004395F6 call @System@AnsiString@$basg$qqrrx17System@AnsiString ; System::AnsiString::operator=(System::AnsiString &)
.text:004395FB dec [ebp+var_A4]
.text:00439601 lea eax, [ebp+var_40]
.text:00439604 mov edx, 2
.text:00439609 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:0043960E mov [ebp+var_B0], 0BCh
.text:00439617 lea edx, [ebp+Buffer]
.text:0043961D lea eax, [ebp+var_44]
.text:00439620 call ToStr_4E84C8
.text:00439625 inc [ebp+var_A4]
.text:0043962B mov edx, [eax]
.text:0043962D mov eax, [ebp+var_E0]
.text:00439633 mov ecx, [eax]
.text:00439635 call dword ptr [ecx+64h]
.text:00439638 dec [ebp+var_A4]
.text:0043963E lea eax, [ebp+var_44]
.text:00439641 mov edx, 2
.text:00439646 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:0043964B mov ecx, [ebp+var_E0]
.text:00439651 mov [ebp+var_4C], ecx
.text:00439654 cmp [ebp+var_4C], 0
.text:00439658 jz short loc_439681
.text:0043965A mov eax, [ebp+var_4C]
.text:0043965D mov edx, [eax]
.text:0043965F mov [ebp+var_48], edx
.text:00439662 mov [ebp+var_B0], 0D4h
.text:0043966B mov edx, 3
.text:00439670 mov eax, [ebp+var_4C]
.text:00439673 mov ecx, [eax]
.text:00439675 call dword ptr [ecx-4]
.text:00439678 mov [ebp+var_B0], 0C8h
.text:00439681
.text:00439681 loc_439681: ; CODE XREF: sub_438E8C+7CCj
.text:00439681 mov eax, off_524288
.text:00439686 mov edx, [eax]
.text:00439688 mov eax, [edx+554h]
.text:0043968E mov dl, 1
.text:00439690 call @Menus@TMenuItem@SetEnabled$qqro ; Menus::TMenuItem::SetEnabled(bool)
.text:00439695 mov ecx, off_524288
.text:0043969B mov eax, [ecx]
.text:0043969D mov eax, [eax+574h]
.text:004396A3 mov dl, 1
.text:004396A5 mov ecx, [eax]
.text:004396A7 call dword ptr [ecx+5Ch]
.text:004396AA mov eax, off_524288
.text:004396AF mov edx, [eax]
.text:004396B1 mov eax, [edx+570h]
.text:004396B7 mov dl, 1
.text:004396B9 mov ecx, [eax]
.text:004396BB call dword ptr [ecx+5Ch]
.text:004396BE mov eax, off_524288
.text:004396C3 mov edx, [eax]
.text:004396C5 mov eax, [edx+5B8h]
.text:004396CB mov dl, 1
.text:004396CD mov ecx, [eax]
.text:004396CF call dword ptr [ecx+5Ch]
.text:004396D2 mov eax, off_524288
.text:004396D7 mov edx, [eax]
.text:004396D9 mov eax, [edx+5BCh]
.text:004396DF mov dl, 1
.text:004396E1 mov ecx, [eax]
.text:004396E3 call dword ptr [ecx+5Ch]
.text:004396E6 mov dl, 1
.text:004396E8 mov eax, ds:off_4AB0B8
.text:004396ED call @TAngles@$bctr$qqrv ; TAngles::TAngles(void)
.text:004396F2 mov [ebp+var_E4], eax
.text:004396F8 mov [ebp+var_B0], 0E0h
.text:00439701 lea eax, [ebp+var_54]
.text:00439704 call nop_38
.text:00439709 push eax
.text:0043970A inc [ebp+var_A4]
.text:00439710 mov edx, offset aSet_txt_9 ; "set.txt"
.text:00439715 lea eax, [ebp+var_50]
.text:00439718 call ToStr_4E84C8
.text:0043971D inc [ebp+var_A4]
.text:00439723 lea edx, [ebp+var_50]
.text:00439726 mov ecx, off_524288
.text:0043972C mov eax, [ecx]
.text:0043972E add eax, 1258h
.text:00439733 pop ecx
.text:00439734 call @System@AnsiString@$badd$xqqrrx17System@AnsiString ; System::AnsiString::operator+(System::AnsiString &)
.text:00439739 lea edx, [ebp+var_54]
.text:0043973C mov edx, [edx]
.text:0043973E mov eax, [ebp+var_E4]
.text:00439744 mov ecx, [eax]
.text:00439746 call dword ptr [ecx+58h]
.text:00439749 dec [ebp+var_A4]
.text:0043974F lea eax, [ebp+var_54]
.text:00439752 mov edx, 2
.text:00439757 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:0043975C dec [ebp+var_A4]
.text:00439762 lea eax, [ebp+var_50]
.text:00439765 mov edx, 2
.text:0043976A call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:0043976F mov [ebp+var_B0], 0ECh
.text:00439778 lea eax, [ebp+var_58]
.text:0043977B call nop_38
.text:00439780 mov ecx, eax
.text:00439782 inc [ebp+var_A4]
.text:00439788 mov edx, 7
.text:0043978D mov eax, [ebp+var_E4]
.text:00439793 mov ebx, [eax]
.text:00439795 call dword ptr [ebx+0Ch]
.text:00439798 lea eax, [ebp+var_58]
.text:0043979B call @System@AnsiString@ToInt$xqqrv ; System::AnsiString::ToInt(void)
.text:004397A0 mov edx, off_524288
.text:004397A6 mov ecx, [edx]
.text:004397A8 mov [ecx+0DC4h], eax
.text:004397AE dec [ebp+var_A4]
.text:004397B4 lea eax, [ebp+var_58]
.text:004397B7 mov edx, 2
.text:004397BC call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:004397C1 mov [ebp+var_B0], 0F8h
.text:004397CA lea eax, [ebp+var_5C]
.text:004397CD call nop_38
.text:004397D2 mov ecx, eax
.text:004397D4 inc [ebp+var_A4]
.text:004397DA mov edx, 8
.text:004397DF mov eax, [ebp+var_E4]
.text:004397E5 mov ebx, [eax]
.text:004397E7 call dword ptr [ebx+0Ch]
.text:004397EA lea eax, [ebp+var_5C]
.text:004397ED call @System@AnsiString@ToInt$xqqrv ; System::AnsiString::ToInt(void)
.text:004397F2 mov edx, off_524288
.text:004397F8 mov ecx, [edx]
.text:004397FA mov [ecx+0DC8h], eax
.text:00439800 dec [ebp+var_A4]
.text:00439806 lea eax, [ebp+var_5C]
.text:00439809 mov edx, 2
.text:0043980E call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439813 mov [ebp+var_B0], 104h
.text:0043981C lea eax, [ebp+var_60]
.text:0043981F call nop_38
.text:00439824 mov ecx, eax
.text:00439826 inc [ebp+var_A4]
.text:0043982C mov edx, 9
.text:00439831 mov eax, [ebp+var_E4]
.text:00439837 mov ebx, [eax]
.text:00439839 call dword ptr [ebx+0Ch]
.text:0043983C lea edx, [ebp+var_60]
.text:0043983F mov eax, off_524288
.text:00439844 mov eax, [eax]
.text:00439846 add eax, 0DCCh
.text:0043984B call @System@AnsiString@$basg$qqrrx17System@AnsiString ; System::AnsiString::operator=(System::AnsiString &)
.text:00439850 dec [ebp+var_A4]
.text:00439856 lea eax, [ebp+var_60]
.text:00439859 mov edx, 2
.text:0043985E call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439863 mov [ebp+var_B0], 110h
.text:0043986C lea eax, [ebp+var_64]
.text:0043986F call nop_38
.text:00439874 mov ecx, eax
.text:00439876 inc [ebp+var_A4]
.text:0043987C mov edx, 3Bh
.text:00439881 mov eax, [ebp+var_E4]
.text:00439887 mov ebx, [eax]
.text:00439889 call dword ptr [ebx+0Ch]
.text:0043988C lea eax, [ebp+var_64]
.text:0043988F call @System@AnsiString@ToInt$xqqrv ; System::AnsiString::ToInt(void)
.text:00439894 mov edx, off_524288
.text:0043989A mov ecx, [edx]
.text:0043989C mov [ecx+0DD0h], eax
.text:004398A2 dec [ebp+var_A4]
.text:004398A8 lea eax, [ebp+var_64]
.text:004398AB mov edx, 2
.text:004398B0 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:004398B5 mov [ebp+var_B0], 11Ch
.text:004398BE lea eax, [ebp+var_68]
.text:004398C1 call nop_38
.text:004398C6 mov ecx, eax
.text:004398C8 inc [ebp+var_A4]
.text:004398CE mov edx, 3Ch
.text:004398D3 mov eax, [ebp+var_E4]
.text:004398D9 mov ebx, [eax]
.text:004398DB call dword ptr [ebx+0Ch]
.text:004398DE lea eax, [ebp+var_68]
.text:004398E1 call @System@AnsiString@ToInt$xqqrv ; System::AnsiString::ToInt(void)
.text:004398E6 mov edx, off_524288
.text:004398EC mov ecx, [edx]
.text:004398EE mov [ecx+0DD4h], eax
.text:004398F4 dec [ebp+var_A4]
.text:004398FA lea eax, [ebp+var_68]
.text:004398FD mov edx, 2
.text:00439902 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439907 mov [ebp+var_B0], 128h
.text:00439910 lea eax, [ebp+var_6C]
.text:00439913 call nop_38
.text:00439918 mov ecx, eax
.text:0043991A inc [ebp+var_A4]
.text:00439920 mov edx, 3Dh
.text:00439925 mov eax, [ebp+var_E4]
.text:0043992B mov ebx, [eax]
.text:0043992D call dword ptr [ebx+0Ch]
.text:00439930 lea edx, [ebp+var_6C]
.text:00439933 mov eax, off_524288
.text:00439938 mov eax, [eax]
.text:0043993A add eax, 0DD8h
.text:0043993F call @System@AnsiString@$basg$qqrrx17System@AnsiString ; System::AnsiString::operator=(System::AnsiString &)
.text:00439944 dec [ebp+var_A4]
.text:0043994A lea eax, [ebp+var_6C]
.text:0043994D mov edx, 2
.text:00439952 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439957 lea eax, [ebp-0E5h]
.text:0043995D call @System@_Set$t19Classes@Classes__92$iuc$0$iuc$1_@$bctr$qqrv ; System::Set<Classes::Classes__92,(uchar)0,(uchar)1>::Set(void)
.text:00439962 mov edx, eax
.text:00439964 mov ecx, off_524288
.text:0043996A mov eax, [ecx]
.text:0043996C add eax, 0DDCh
.text:00439971 call sub_40B674
.text:00439976 mov [ebp+var_B0], 134h
.text:0043997F lea eax, [ebp+var_70]
.text:00439982 call nop_38
.text:00439987 mov ecx, eax
.text:00439989 inc [ebp+var_A4]
.text:0043998F mov edx, 3Eh
.text:00439994 mov eax, [ebp+var_E4]
.text:0043999A mov ebx, [eax]
.text:0043999C call dword ptr [ebx+0Ch]
.text:0043999F lea eax, [ebp+var_70]
.text:004399A2 push eax
.text:004399A3 lea eax, [ebp+var_74]
.text:004399A6 mov edx, 1
.text:004399AB call @System@WideString@$bctr$qqrul ; System::WideString::WideString(ulong)
.text:004399B0 inc [ebp+var_A4]
.text:004399B6 lea edx, [ebp+var_74]
.text:004399B9 pop eax
.text:004399BA call @System@AnsiString@$beql$xqqrrx17System@AnsiString ; System::AnsiString::operator==(System::AnsiString &)
.text:004399BF push eax
.text:004399C0 dec [ebp+var_A4]
.text:004399C6 lea eax, [ebp+var_74]
.text:004399C9 mov edx, 2
.text:004399CE call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:004399D3 dec [ebp+var_A4]
.text:004399D9 lea eax, [ebp+var_70]
.text:004399DC mov edx, 2
.text:004399E1 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:004399E6 pop ecx
.text:004399E7 test cl, cl
.text:004399E9 jz short loc_4399FE
.text:004399EB mov eax, off_524288
.text:004399F0 mov eax, [eax]
.text:004399F2 add eax, 0DDCh
.text:004399F7 xor edx, edx
.text:004399F9 call sub_40B6B0
.text:004399FE
.text:004399FE loc_4399FE: ; CODE XREF: sub_438E8C+B5Dj
.text:004399FE mov [ebp+var_B0], 140h
.text:00439A07 lea eax, [ebp+var_78]
.text:00439A0A call nop_38
.text:00439A0F mov ecx, eax
.text:00439A11 inc [ebp+var_A4]
.text:00439A17 mov edx, 3Fh
.text:00439A1C mov eax, [ebp+var_E4]
.text:00439A22 mov ebx, [eax]
.text:00439A24 call dword ptr [ebx+0Ch]
.text:00439A27 lea eax, [ebp+var_78]
.text:00439A2A push eax
.text:00439A2B lea eax, [ebp+var_7C]
.text:00439A2E mov edx, 1
.text:00439A33 call @System@WideString@$bctr$qqrul ; System::WideString::WideString(ulong)
.text:00439A38 inc [ebp+var_A4]
.text:00439A3E lea edx, [ebp+var_7C]
.text:00439A41 pop eax
.text:00439A42 call @System@AnsiString@$beql$xqqrrx17System@AnsiString ; System::AnsiString::operator==(System::AnsiString &)
.text:00439A47 push eax
.text:00439A48 dec [ebp+var_A4]
.text:00439A4E lea eax, [ebp+var_7C]
.text:00439A51 mov edx, 2
.text:00439A56 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439A5B dec [ebp+var_A4]
.text:00439A61 lea eax, [ebp+var_78]
.text:00439A64 mov edx, 2
.text:00439A69 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439A6E pop ecx
.text:00439A6F test cl, cl
.text:00439A71 jz short loc_439A86
.text:00439A73 mov eax, off_524288
.text:00439A78 mov eax, [eax]
.text:00439A7A add eax, 0DDCh
.text:00439A7F mov dl, 1
.text:00439A81 call sub_40B6B0
.text:00439A86
.text:00439A86 loc_439A86: ; CODE XREF: sub_438E8C+BE5j
.text:00439A86 mov [ebp+var_B0], 14Ch
.text:00439A8F lea eax, [ebp+var_80]
.text:00439A92 call nop_38
.text:00439A97 mov ecx, eax
.text:00439A99 inc [ebp+var_A4]
.text:00439A9F mov edx, 40h
.text:00439AA4 mov eax, [ebp+var_E4]
.text:00439AAA mov ebx, [eax]
.text:00439AAC call dword ptr [ebx+0Ch]
.text:00439AAF lea eax, [ebp+var_80]
.text:00439AB2 push eax
.text:00439AB3 lea eax, [ebp+var_84]
.text:00439AB9 mov edx, 1
.text:00439ABE call @System@WideString@$bctr$qqrul ; System::WideString::WideString(ulong)
.text:00439AC3 inc [ebp+var_A4]
.text:00439AC9 lea edx, [ebp+var_84]
.text:00439ACF pop eax
.text:00439AD0 call @System@AnsiString@$beql$xqqrrx17System@AnsiString ; System::AnsiString::operator==(System::AnsiString &)
.text:00439AD5 push eax
.text:00439AD6 dec [ebp+var_A4]
.text:00439ADC lea eax, [ebp+var_84]
.text:00439AE2 mov edx, 2
.text:00439AE7 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439AEC dec [ebp+var_A4]
.text:00439AF2 lea eax, [ebp+var_80]
.text:00439AF5 mov edx, 2
.text:00439AFA call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439AFF pop ecx
.text:00439B00 test cl, cl
.text:00439B02 jz short loc_439B17
.text:00439B04 mov eax, off_524288
.text:00439B09 mov eax, [eax]
.text:00439B0B add eax, 0DDCh
.text:00439B10 mov dl, 2
.text:00439B12 call sub_40B6B0
.text:00439B17
.text:00439B17 loc_439B17: ; CODE XREF: sub_438E8C+C76j
.text:00439B17 mov [ebp+var_B0], 158h
.text:00439B20 lea eax, [ebp+var_88]
.text:00439B26 call nop_38
.text:00439B2B mov ecx, eax
.text:00439B2D inc [ebp+var_A4]
.text:00439B33 mov edx, 41h
.text:00439B38 mov eax, [ebp+var_E4]
.text:00439B3E mov ebx, [eax]
.text:00439B40 call dword ptr [ebx+0Ch]
.text:00439B43 lea eax, [ebp+var_88]
.text:00439B49 push eax
.text:00439B4A lea eax, [ebp+var_8C]
.text:00439B50 mov edx, 1
.text:00439B55 call @System@WideString@$bctr$qqrul ; System::WideString::WideString(ulong)
.text:00439B5A inc [ebp+var_A4]
.text:00439B60 lea edx, [ebp+var_8C]
.text:00439B66 pop eax
.text:00439B67 call @System@AnsiString@$beql$xqqrrx17System@AnsiString ; System::AnsiString::operator==(System::AnsiString &)
.text:00439B6C push eax
.text:00439B6D dec [ebp+var_A4]
.text:00439B73 lea eax, [ebp+var_8C]
.text:00439B79 mov edx, 2
.text:00439B7E call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439B83 dec [ebp+var_A4]
.text:00439B89 lea eax, [ebp+var_88]
.text:00439B8F mov edx, 2
.text:00439B94 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439B99 pop ecx
.text:00439B9A test cl, cl
.text:00439B9C jz short loc_439BB1
.text:00439B9E mov eax, off_524288
.text:00439BA3 mov eax, [eax]
.text:00439BA5 add eax, 0DDCh
.text:00439BAA mov dl, 3
.text:00439BAC call sub_40B6B0
.text:00439BB1
.text:00439BB1 loc_439BB1: ; CODE XREF: sub_438E8C+D10j
.text:00439BB1 mov ecx, [ebp+var_E4]
.text:00439BB7 mov [ebp+var_94], ecx
.text:00439BBD cmp [ebp+var_94], 0
.text:00439BC4 jz short loc_439BF6
.text:00439BC6 mov eax, [ebp+var_94]
.text:00439BCC mov edx, [eax]
.text:00439BCE mov [ebp+var_90], edx
.text:00439BD4 mov [ebp+var_B0], 170h
.text:00439BDD mov edx, 3
.text:00439BE2 mov eax, [ebp+var_94]
.text:00439BE8 mov ecx, [eax]
.text:00439BEA call dword ptr [ecx-4]
.text:00439BED mov [ebp+var_B0], 164h
.text:00439BF6
.text:00439BF6 loc_439BF6: ; CODE XREF: sub_438E8C+D38j
.text:00439BF6 mov eax, [ebp+var_C4]
.text:00439BFC mov byte ptr [eax+2F4h], 1
.text:00439C03 mov eax, [ebp+var_C4]
.text:00439C09 call @Forms@TCustomForm@Close$qqrv ; Forms::TCustomForm::Close(void)
.text:00439C0E jmp loc_439CA9
.text:00439C13 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:00439C13
.text:00439C13 loc_439C13: ; CODE XREF: sub_438E8C+425j
.text:00439C13 mov [ebp+var_B0], 17Ch
.text:00439C1C mov edx, offset aVSZGmUFIVSIZC ; "注册失败,你输入的注册码不支持此新版本"
.text:00439C21 lea eax, [ebp+var_98]
.text:00439C27 call ToStr_4E84C8
.text:00439C2C inc [ebp+var_A4]
.text:00439C32 mov eax, [eax]
.text:00439C34 call @Dialogs@ShowMessage$qqrx17System@AnsiString ; Dialogs::ShowMessage(System::AnsiString)
.text:00439C39 dec [ebp+var_A4]
.text:00439C3F lea eax, [ebp+var_98]
.text:00439C45 mov edx, 2
.text:00439C4A call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439C4F mov ecx, [ebp+var_C0]
.text:00439C55 mov large fs:0, ecx
.text:00439C5C jmp short loc_439CB5
.text:00439C5E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:00439C5E
.text:00439C5E loc_439C5E: ; CODE XREF: sub_438E8C+3C9j
.text:00439C5E ; sub_438E8C+3E8j
.text:00439C5E mov [ebp+var_B0], 188h
.text:00439C67 mov edx, offset aVSZGmISUFI ; "注册失败,请检查你的输入是否有误"
.text:00439C6C lea eax, [ebp+var_9C]
.text:00439C72 call ToStr_4E84C8
.text:00439C77 inc [ebp+var_A4]
.text:00439C7D mov eax, [eax]
.text:00439C7F call @Dialogs@ShowMessage$qqrx17System@AnsiString ; Dialogs::ShowMessage(System::AnsiString)
.text:00439C84 dec [ebp+var_A4]
.text:00439C8A lea eax, [ebp+var_9C]
.text:00439C90 mov edx, 2
.text:00439C95 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439C9A mov ecx, [ebp+var_C0]
.text:00439CA0 mov large fs:0, ecx
.text:00439CA7 jmp short loc_439CB5
.text:00439CA9 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:00439CA9
.text:00439CA9 loc_439CA9: ; CODE XREF: sub_438E8C+D82j
.text:00439CA9 mov eax, [ebp+var_C0]
.text:00439CAF mov large fs:0, eax
.text:00439CB5
.text:00439CB5 loc_439CB5: ; CODE XREF: sub_438E8C+FAj
.text:00439CB5 ; sub_438E8C+DD0j ...
.text:00439CB5 pop ebx
.text:00439CB6 mov esp, ebp
.text:00439CB8 pop ebp
.text:00439CB9 retn
.text:00439CB9 sub_438E8C endp
//逆向如下:
char name[20];
char mcode[20];
char tmp[20];
char regcode[21];
int i;
int iSum;
int j,iSum2;
memset(regcode,0,21);
memset(name,0,20);
memset(mcode,0,20);
memset(tmp,0,20);
strcpy(name,"forever");
strcpy(mcode,"78577547151034922222");
for(i=0;i<20;i++)
{
iSum += abs(name[i] ^ mcode[i]) * i;
}
iSum += 12345;
sprintf(tmp,"%d",iSum); //22508 57ec
i=0;
do{
if(regcode[i]-20 != tmp[i])break;
if(i != 3)goto loop1;
iSum = (iSum + 19780) * 3.14 * 1.59489633173843711e-1;
iSum %= 100000;
for(j=0;j<19;j++)
{
iSum2 += regcode[i];
}
iSum2 = iSum2 % 10 + 0x30;
loop1:
i++;
}while(i < 5);
if(i < 5)goto failed;
if(iSum2 != regcode[19] && regcode[19] < 0x41)goto failed;
i = regcode[i] - 0x41 - iSum %10
if(i == 0 || i == 6)goto successful;
验证旧的算法的部分如下:
.text:00439CD0 sub_439CD0 proc near ; CODE XREF: sub_438E8C+7Bp
.text:00439CD0
.text:00439CD0 var_84C = qword ptr -84Ch
.text:00439CD0 var_844 = dword ptr -844h
.text:00439CD0 s = byte ptr -444h
.text:00439CD0 var_44 = dword ptr -44h
.text:00439CD0 var_40 = dword ptr -40h
.text:00439CD0 var_38 = dword ptr -38h
.text:00439CD0 var_31 = byte ptr -31h
.text:00439CD0 var_30 = dword ptr -30h
.text:00439CD0 var_2C = dword ptr -2Ch
.text:00439CD0 var_1C = word ptr -1Ch
.text:00439CD0 var_10 = dword ptr -10h
.text:00439CD0 var_8 = dword ptr -8
.text:00439CD0 var_4 = dword ptr -4
.text:00439CD0 arg_4 = dword ptr 0Ch
.text:00439CD0 arg_8 = dword ptr 10h
.text:00439CD0
.text:00439CD0 push ebp
.text:00439CD1 mov ebp, esp
.text:00439CD3 add esp, 0FFFFF7B4h
.text:00439CD9 push ebx
.text:00439CDA push esi
.text:00439CDB push edi
.text:00439CDC mov eax, offset stru_50E1F8
.text:00439CE1 call @__InitExceptBlockLDTC
.text:00439CE6 mov [ebp+var_10], 2
.text:00439CED lea edx, [ebp+arg_8]
.text:00439CF0 lea eax, [ebp+arg_8] ;假注册码
.text:00439CF3 call @System@AnsiString@$bctr$qqrrx17System@AnsiString ; System::AnsiString::AnsiString(System::AnsiString &)
.text:00439CF8 inc [ebp+var_10]
.text:00439CFB mov [ebp+var_1C], 8
.text:00439D01 lea edx, [ebp+arg_4]
.text:00439D04 lea eax, [ebp+arg_4] ;注册名
.text:00439D07 call @System@AnsiString@$bctr$qqrrx17System@AnsiString ; System::AnsiString::AnsiString(System::AnsiString &)
.text:00439D0C inc [ebp+var_10]
.text:00439D0F mov [ebp+var_1C], 14h
.text:00439D15 lea eax, [ebp+var_4]
.text:00439D18 call nop_38
.text:00439D1D inc [ebp+var_10]
.text:00439D20 mov [ebp+var_1C], 8
.text:00439D26 xor edx, edx
.text:00439D28 mov [ebp+var_30], edx ;清零
.text:00439D2B
.text:00439D2B loc_439D2B:
.text:00439D2B mov ecx, [ebp+var_30]
.text:00439D2E mov [ebp+ecx+s], 0 ;清零
.text:00439D36 mov eax, [ebp+var_30]
.text:00439D39 mov byte ptr [ebp+eax+var_844], 0 ;清零
.text:00439D41 inc [ebp+var_30]
.text:00439D44 cmp [ebp+var_30], 0Ah ;清零40个字节
.text:00439D48 jl short loc_439D2B
.text:00439D4A lea eax, [ebp+arg_4] ;注册名
.text:00439D4D call @System@AnsiString@c_str$xqqrv ; System::AnsiString::c_str(void)
.text:00439D52 push eax ; src
.text:00439D53 lea edx, [ebp+s]
.text:00439D59 push edx ; dest ;注册名拷贝到这里
.text:00439D5A call _strcpy
.text:00439D5F add esp, 8
.text:00439D62 lea ecx, [ebp+s]
.text:00439D68 push ecx ; s
.text:00439D69 call _strlen ;取注册名长度
.text:00439D6E pop ecx
.text:00439D6F mov [ebp+var_38], eax ;保存长度
.text:00439D72 mov [ebp+var_40], 0FFFFFF9Ch ;-100
.text:00439D79 xor eax, eax
.text:00439D7B mov [ebp+var_30], eax
.text:00439D7E mov edx, [ebp+var_30]
.text:00439D81 cmp edx, [ebp+var_38] ;注册名长度是否大于0?
.text:00439D84 jge short loc_439DA6 ;小于等于0则跳
.text:00439D86
.text:00439D86 loc_439D86:
.text:00439D86 mov ecx, [ebp+var_30]
.text:00439D89 mov al, [ebp+ecx+s] ;取用户名一个字符
.text:00439D90 mov [ebp+var_31], al
.text:00439D93 xor edx, edx
.text:00439D95 mov dl, [ebp+var_31]
.text:00439D98 add [ebp+var_40], edx ;累加到这里
.text:00439D9B inc [ebp+var_30]
.text:00439D9E mov ecx, [ebp+var_30]
.text:00439DA1 cmp ecx, [ebp+var_38]
.text:00439DA4 jl short loc_439D86
.text:00439DA6
.text:00439DA6 loc_439DA6:
.text:00439DA6 mov eax, [ebp+var_40] ;取累加和
.text:00439DA9 mov dword ptr [ebp+var_84C], eax
.text:00439DAF xor edx, edx
.text:00439DB1 mov dword ptr [ebp+var_84C+4], edx
.text:00439DB7 fild [ebp+var_84C]
.text:00439DBD fld ds:tbyte_439F88 ;6.4800414722654228972e-1
.text:00439DC3 fmulp st(1), st ;相乘
.text:00439DC5 fadd ds:flt_439F94 ;加 1.234e3
.text:00439DCB call @_ftol$qv ; _ftol(void) ;转换成整数
.text:00439DD0 mov [ebp+var_40], eax ;保存结果
.text:00439DD3 mov edx, [ebp+var_40]
.text:00439DD6 mov dword ptr [ebp+var_84C], edx
.text:00439DDC xor ecx, ecx
.text:00439DDE mov dword ptr [ebp+var_84C+4], ecx
.text:00439DE4 fild [ebp+var_84C]
.text:00439DEA fmul ds:dbl_439F98 ;乘以 3.1211415926e3
.text:00439DF0 call @_ftol$qv ; _ftol(void) ;转换成整数
.text:00439DF5 mov [ebp+var_40], eax ;保存结果
.text:00439DF8 lea eax, [ebp+arg_8]
.text:00439DFB call @System@AnsiString@c_str$xqqrv ; System::AnsiString::c_str(void)
.text:00439E00 push eax ; src
.text:00439E01 lea edx, [ebp+s]
.text:00439E07 push edx ; dest
.text:00439E08 call _strcpy
.text:00439E0D add esp, 8
.text:00439E10 lea ecx, [ebp+s] ;假注册码拷贝到这里
.text:00439E16 push ecx ; s
.text:00439E17 call _strlen ;取长度
.text:00439E1C pop ecx
.text:00439E1D mov [ebp+var_38], eax ;保存长度
.text:00439E20 xor eax, eax
.text:00439E22 mov [ebp+var_30], eax
.text:00439E25 mov edx, [ebp+var_30]
.text:00439E28 cmp edx, [ebp+var_38]
.text:00439E2B jge short loc_439E73 ;长度是否大于0?
.text:00439E2D
.text:00439E2D loc_439E2D:
.text:00439E2D mov eax, [ebp+var_30] ;取索引
.text:00439E30 mov ecx, 3
.text:00439E35 cdq
.text:00439E36 idiv ecx ;除以 3
.text:00439E38 mov edx, [ebp+var_30]
.text:00439E3B mov cl, [ebp+edx+s] ;取假注册码一个字符
.text:00439E42 add cl, 0ECh ;减去20
.text:00439E45 mov edx, [ebp+var_30]
.text:00439E48 and edx, 80000001h ;模2
.text:00439E4E jns short loc_439E55
.text:00439E50 dec edx
.text:00439E51 or edx, 0FFFFFFFEh
.text:00439E54 inc edx
.text:00439E55
.text:00439E55 loc_439E55:
.text:00439E55 add edx, edx ;索引乘以2
.text:00439E57 lea edx, [edx+edx*4] ;乘以5
.text:00439E5A sub cl, dl ;相减
.text:00439E5C add al, cl ;加上商
.text:00439E5E mov ecx, [ebp+var_30]
.text:00439E61 mov [ebp+ecx+s], al ;保存回去
.text:00439E68 inc [ebp+var_30] ;索引加1
.text:00439E6B mov eax, [ebp+var_30]
.text:00439E6E cmp eax, [ebp+var_38]
.text:00439E71 jl short loc_439E2D ;没完继续循环
.text:00439E73
.text:00439E73 loc_439E73:
.text:00439E73 lea eax, [ebp+s]
.text:00439E79 push eax ; src
.text:00439E7A lea edx, [ebp+var_844]
.text:00439E80 push edx ; dest
.text:00439E81 call _strcpy ;拷贝处理完的字符串
.text:00439E86 add esp, 8
.text:00439E89 mov [ebp+var_1C], 20h
.text:00439E8F lea edx, [ebp+var_844]
.text:00439E95 lea eax, [ebp+var_8] ;复制到这里
.text:00439E98 call ToStr_4E84C8
.text:00439E9D mov edx, eax
.text:00439E9F inc [ebp+var_10]
.text:00439EA2 lea eax, [ebp+var_4] ;复制到这里
.text:00439EA5 call @System@AnsiString@$basg$qqrrx17System@AnsiString ; System::AnsiString::operator=(System::AnsiString &)
.text:00439EAA dec [ebp+var_10]
.text:00439EAD lea eax, [ebp+var_8]
.text:00439EB0 mov edx, 2
.text:00439EB5 call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439EBA mov [ebp+var_1C], 2Ch
.text:00439EC0 lea eax, [ebp+var_4] ;转换成整数
.text:00439EC3 call @System@AnsiString@ToInt$xqqrv ; System::AnsiString::ToInt(void)
.text:00439EC8 mov ecx, 7Ch
.text:00439ECD cdq
.text:00439ECE idiv ecx ;除以 124
.text:00439ED0 add eax, [ebp+var_38] ;商加上长度
.text:00439ED3 add eax, 64h ;加上100
.text:00439ED6 mov [ebp+var_44], eax ;保存在这里
.text:00439ED9 mov [ebp+var_1C], 8
.text:00439EDF jmp short loc_439EF1
.text:00439EE1 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪
.text:00439EE1
.text:00439EE1 loc_439EE1:
.text:00439EE1 xor eax, eax
.text:00439EE3 mov [ebp-44h], eax
.text:00439EE6 mov word ptr [ebp-1Ch], 34h
.text:00439EEC call @_CatchCleanup$qv ; _CatchCleanup(void)
.text:00439EF1
.text:00439EF1 loc_439EF1:
.text:00439EF1 mov edx, [ebp+var_44]
.text:00439EF4 sub edx, [ebp+var_40] ;两个结果相减
.text:00439EF7 mov ecx, [ebp+var_38]
.text:00439EFA add ecx, 64h ;假注册码长度 加上 100
.text:00439EFD cmp edx, ecx ;关键比较
.text:00439EFF jz short loc_439F41 ;相等则返回 1
.text:00439F01 xor eax, eax
.text:00439F03 push eax
.text:00439F04 dec [ebp+var_10]
.text:00439F07 lea eax, [ebp+var_4]
.text:00439F0A mov edx, 2
.text:00439F0F call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439F14 dec [ebp+var_10]
.text:00439F17 lea eax, [ebp+arg_4]
.text:00439F1A mov edx, 2
.text:00439F1F call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439F24 dec [ebp+var_10]
.text:00439F27 lea eax, [ebp+arg_8]
.text:00439F2A mov edx, 2
.text:00439F2F call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439F34 pop eax
.text:00439F35 mov edx, [ebp+var_2C]
.text:00439F38 mov large fs:0, edx
.text:00439F3F jmp short loc_439F7F
.text:00439F41 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:00439F41
.text:00439F41 loc_439F41:
.text:00439F41 mov al, 1
.text:00439F43 push eax
.text:00439F44 dec [ebp+var_10]
.text:00439F47 lea eax, [ebp+var_4]
.text:00439F4A mov edx, 2
.text:00439F4F call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439F54 dec [ebp+var_10]
.text:00439F57 lea eax, [ebp+arg_4]
.text:00439F5A mov edx, 2
.text:00439F5F call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439F64 dec [ebp+var_10]
.text:00439F67 lea eax, [ebp+arg_8]
.text:00439F6A mov edx, 2
.text:00439F6F call @System@AnsiString@$bdtr$qqrv ; System::AnsiString::~AnsiString(void)
.text:00439F74 pop eax
.text:00439F75 mov edx, [ebp+var_2C]
.text:00439F78 mov large fs:0, edx
.text:00439F7F
.text:00439F7F loc_439F7F:
.text:00439F7F pop edi
.text:00439F80 pop esi
.text:00439F81 pop ebx
.text:00439F82 mov esp, ebp
.text:00439F84 pop ebp
.text:00439F85 retn
.text:00439F85 sub_439CD0 endp
//逆向如下:
BOOL fun1(char *szName, char *szCode)
{
char tmp[40];
int iLen;
int iSumName,iSumCode;
int i;
memset(tmp,0,40);
strcpy(tmp,szName);
iLen = strlen(tmp);
iSumName = -100;
if(iLen > 0)
{
for(i = 0; i < iLen; i ++)
{
iSumName += tmp[i];
}
}
iSumName = iSumName * 6.4800414722654228972e-1 + 1.234e3;
iSumName = iSumName * 3.1211415926e3;
strcpy(tmp,szCode);
iLen = strlen(tmp);
if(iLen > 0)
{
for(i = 0; i < iLen; i ++)
{
tmp[i] = tmp[i] - 20 - i % 2 * 10 + i / 3;
}
}
iSumCode = strtoint(tmp);
iSumCode = iSumCode / 124 + iLen + 100;
if((iSumCode - iSumName) == (iLen + 100))return TRUE;
else return FALSE;
}
总结:这个版本的软件不是所有的用户名都能生成注册码。
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!