-
-
[讨论]这个爆破手少放了一根雷管!
-
发表于: 2005-11-5 15:00
-
这个软件已经被人暴破过了,http://www16.fixdown.com/cn/b48906fa7bc63c22.asp?cn=key3
但是还有一个地方不知道是忘记了还是怎么了,除了30天的使用期外,还有一个关键的地方,开号20个的限制没有暴掉。所以我说他少放了一根雷管。呵呵!我想自己动手完善一下,可惜啊,他加了Armadillo 壳,本人水平有限,脱不掉啊。于是,拿原版的来看。aspack的壳子,脱壳机脱掉。delphi开发的。典型的重启验证注册模式。注册信息保存在\Software\Microsoft\Windows\CurrentVersion\KeyReg中的二进制DATA键中。dede上阵。找到注册的TAboutform控件,找到按钮speedbuton,双击他的过程事件,以下是他的反汇编代码
006B4EA8 55 push ebp
006B4EA9 8BEC mov ebp, esp
006B4EAB B90B000000 mov ecx, $0000000B
006B4EB0 6A00 push $00
006B4EB2 6A00 push $00
006B4EB4 49 dec ecx
006B4EB5 75F9 jnz 006B4EB0
006B4EB7 53 push ebx
006B4EB8 56 push esi
006B4EB9 57 push edi
006B4EBA 8955F8 mov [ebp-$08], edx
006B4EBD 8945FC mov [ebp-$04], eax
006B4EC0 33C0 xor eax, eax
006B4EC2 55 push ebp
* Possible String Reference to: '橼嬖?捱^[?]?
|
006B4EC3 68AD526B00 push $006B52AD
***** TRY
|
006B4EC8 64FF30 push dword ptr fs:[eax]
006B4ECB 648920 mov fs:[eax], esp
006B4ECE 8D55CC lea edx, [ebp-$34]
006B4ED1 8B45FC mov eax, [ebp-$04]
* Reference to control TAboutForm.EditQ3 : TMaskEdit 取注册名
|
006B4ED4 8B800C030000 mov eax, [eax+$030C]
* Reference to: mask.TCustomMaskEdit.GetText 取注册码(TCustomMaskEdit):AnsiString;
|
006B4EDA E8F50EDBFF call 00465DD4
006B4EDF 8B45CC mov eax, [ebp-$34]
006B4EE2 8D55F4 lea edx, [ebp-$0C]
* Reference to : TAboutForm.Proc_006B4DF4()
|
006B4EE5 E80AFFFFFF call 006B4DF4
006B4EEA 8D45F0 lea eax, [ebp-$10]
* Reference to: Unit_004D60C0.Proc_004EA2B4
|
006B4EED E8C253E3FF call 004EA2B4
006B4EF2 8D45EC lea eax, [ebp-$14]
006B4EF5 50 push eax
006B4EF6 B910000000 mov ecx, $00000010
006B4EFB BA01000000 mov edx, $00000001
006B4F00 8B45F4 mov eax, [ebp-$0C]
* Reference to: system.@LStrCopy;
|
006B4F03 E870F5D4FF call 00404478
006B4F08 8D45E8 lea eax, [ebp-$18]
006B4F0B 50 push eax
006B4F0C B910000000 mov ecx, $00000010
006B4F11 BA11000000 mov edx, $00000011
006B4F16 8B45F4 mov eax, [ebp-$0C]
* Reference to: system.@LStrCopy;
|
006B4F19 E85AF5D4FF call 00404478
006B4F1E 8D4DE4 lea ecx, [ebp-$1C]
006B4F21 8B55EC mov edx, [ebp-$14]
006B4F24 8B45E8 mov eax, [ebp-$18]
* Reference to: Unit_004C75DC.Proc_004C8350
|
006B4F27 E82434E1FF call 004C8350
006B4F2C 8D4DE0 lea ecx, [ebp-$20]
006B4F2F 8B55E4 mov edx, [ebp-$1C]
006B4F32 8B45EC mov eax, [ebp-$14]
* Reference to: Unit_004C75DC.Proc_004C8350
|
006B4F35 E81634E1FF call 004C8350
006B4F3A B201 mov dl, $01
* Reference to class TRegistry 估计是开始注册
|
006B4F3C A19C6A4C00 mov eax, dword ptr [$004C6A9C]
* Reference to: Unit_004C6A3C.Proc_004C6C08
|
006B4F41 E8C21CE1FF call 004C6C08
006B4F46 8BF8 mov edi, eax
006B4F48 BA02000080 mov edx, $80000002
006B4F4D 8BC7 mov eax, edi
* Reference to: Unit_004C6A3C.Proc_004C6CE4
|
006B4F4F E8901DE1FF call 004C6CE4
006B4F54 B101 mov cl, $01
* Possible String Reference to: '\Software\Microsoft\Windows\Current
| Version\KeyReg'
|取DATA二进制数据
006B4F56 BAC4526B00 mov edx, $006B52C4
006B4F5B 8BC7 mov eax, edi
* Reference to: Unit_004C6A3C.Proc_004C6E28
|
006B4F5D E8C61EE1FF call 004C6E28
006B4F62 84C0 test al, al
006B4F64 0F84F6020000 jz 006B5260
* Reference to: system.Randomize;
|
006B4F6A E8ADDBD4FF call 00402B1C
006B4F6F BBCB010000 mov ebx, $000001CB
* Reference to pointer to GlobalVar_00728AB0
|
006B4F74 8B35846B7200 mov esi, [$00726B84]
006B4F7A B8FF000000 mov eax, $000000FF
* Reference to: system.@RandInt;
|
006B4F7F E824DED4FF call 00402DA8
006B4F84 8806 mov [esi], al
006B4F86 46 inc esi
006B4F87 4B dec ebx
006B4F88 75F0 jnz 006B4F7A
006B4F8A BB65000000 mov ebx, $00000065
* Reference to pointer to GlobalVar_00728AB0
|
006B4F8F 8B35846B7200 mov esi, [$00726B84]
006B4F95 81C6E0010000 add esi, $000001E0
006B4F9B B8FF000000 mov eax, $000000FF
* Reference to: system.@RandInt;
|
006B4FA0 E803DED4FF call 00402DA8
006B4FA5 8806 mov [esi], al
006B4FA7 46 inc esi
006B4FA8 4B dec ebx
006B4FA9 75F0 jnz 006B4F9B
006B4FAB BB65000000 mov ebx, $00000065
* Reference to pointer to GlobalVar_00728AB0
|
006B4FB0 8B35846B7200 mov esi, [$00726B84]
006B4FB6 81C658020000 add esi, $00000258
006B4FBC B8FF000000 mov eax, $000000FF
* Reference to: system.@RandInt;
|
006B4FC1 E8E2DDD4FF call 00402DA8
006B4FC6 8806 mov [esi], al
006B4FC8 46 inc esi
006B4FC9 4B dec ebx
006B4FCA 75F0 jnz 006B4FBC
006B4FCC BB28010000 mov ebx, $00000128
* Reference to pointer to GlobalVar_00728AB0
|
006B4FD1 8B35846B7200 mov esi, [$00726B84]
006B4FD7 81C6D0020000 add esi, $000002D0
006B4FDD B8FF000000 mov eax, $000000FF
* Reference to: system.@RandInt;
|
006B4FE2 E8C1DDD4FF call 00402DA8
006B4FE7 8806 mov [esi], al
006B4FE9 46 inc esi
006B4FEA 4B dec ebx
006B4FEB 75F0 jnz 006B4FDD
006B4FED 68F8030000 push $000003F8
* Reference to pointer to GlobalVar_00728AB0
|
006B4FF2 8B0D846B7200 mov ecx, [$00726B84]
* Possible String Reference to: 'Data'
|
006B4FF8 BA00536B00 mov edx, $006B5300
006B4FFD 8BC7 mov eax, edi
* Reference to: Unit_004C6A3C.Proc_004C70E0
|
006B4FFF E8DC20E1FF call 004C70E0
006B5004 85C0 test eax, eax
006B5006 0F85AC000000 jnz 006B50B8
* Reference to pointer to GlobalVar_00728AB0
|
006B500C A1846B7200 mov eax, dword ptr [$00726B84]
* Reference to field GlobalVar_00728AB0.OFFS_01DC
|
006B5011 C780DC01000001000000 mov dword ptr [eax+$01DC], $00000001
* Reference to: Unit_00409198.Proc_0040BB18
|
006B501B E8F86AD5FF call 0040BB18
* Reference to pointer to GlobalVar_00728AB0
|
006B5020 A1846B7200 mov eax, dword ptr [$00726B84]
006B5025 DD9848020000 fstp qword ptr [eax+$0248]
006B502B 9B wait
* Reference to: Unit_00409198.Proc_0040BB18
|
006B502C E8E76AD5FF call 0040BB18
* Reference to pointer to GlobalVar_00728AB0
|
006B5031 A1846B7200 mov eax, dword ptr [$00726B84]
006B5036 DD9850020000 fstp qword ptr [eax+$0250]
006B503C 9B wait
* Reference to: Unit_00409198.Proc_0040BB18
|
006B503D E8D66AD5FF call 0040BB18
* Reference to pointer to GlobalVar_00728AB0
|
006B5042 A1846B7200 mov eax, dword ptr [$00726B84]
006B5047 DD98C8020000 fstp qword ptr [eax+$02C8]
006B504D 9B wait
* Reference to pointer to GlobalVar_00728AB0
|
006B504E A1846B7200 mov eax, dword ptr [$00726B84]
006B5053 33D2 xor edx, edx
* Reference to field GlobalVar_00728AB0.OFFS_01CC
|
006B5055 8990CC010000 mov [eax+$01CC], edx
* Reference to pointer to GlobalVar_00728AB0
|
006B505B A1846B7200 mov eax, dword ptr [$00726B84]
006B5060 33D2 xor edx, edx
* Reference to field GlobalVar_00728AB0.OFFS_01D0
|
006B5062 8990D0010000 mov [eax+$01D0], edx
* Reference to pointer to GlobalVar_00728AB0
|
006B5068 A1846B7200 mov eax, dword ptr [$00726B84]
006B506D 33D2 xor edx, edx
* Reference to field GlobalVar_00728AB0.OFFS_01D4
|
006B506F 8990D4010000 mov [eax+$01D4], edx
* Reference to pointer to GlobalVar_00728AB0
|
006B5075 A1846B7200 mov eax, dword ptr [$00726B84]
006B507A 33D2 xor edx, edx
* Reference to field GlobalVar_00728AB0.OFFS_01D8
|
006B507C 8990D8010000 mov [eax+$01D8], edx
* Reference to pointer to GlobalVar_00728AB0
|
006B5082 A1846B7200 mov eax, dword ptr [$00726B84]
006B5087 33D2 xor edx, edx
* Reference to field GlobalVar_00728AB0.OFFS_02C0
|
006B5089 8990C0020000 mov [eax+$02C0], edx
* Reference to pointer to GlobalVar_00728AB0
|
006B508F A1846B7200 mov eax, dword ptr [$00726B84]
006B5094 33D2 xor edx, edx
* Reference to field GlobalVar_00728AB0.OFFS_02C4
|
006B5096 8990C4020000 mov [eax+$02C4], edx
006B509C 68F8030000 push $000003F8
* Reference to pointer to GlobalVar_00728AB0
|
006B50A1 8B0D846B7200 mov ecx, [$00726B84]
* Possible String Reference to: 'Data'
|
006B50A7 BA00536B00 mov edx, $006B5300
006B50AC 8BC7 mov eax, edi
* Reference to: Unit_004C6A3C.Proc_004C70CC
|
006B50AE E81920E1FF call 004C70CC
006B50B3 E9A8010000 jmp 006B5260
006B50B8 8D45C4 lea eax, [ebp-$3C]
006B50BB 50 push eax
006B50BC B908000000 mov ecx, $00000008
006B50C1 BA01000000 mov edx, $00000001
006B50C6 8B45F4 mov eax, [ebp-$0C]
* Reference to: system.@LStrCopy;
|
006B50C9 E8AAF3D4FF call 00404478
006B50CE 8B4DC4 mov ecx, [ebp-$3C]
006B50D1 8D45C8 lea eax, [ebp-$38]
006B50D4 BA10536B00 mov edx, $006B5310
* Reference to: system.@LStrCat3;
|
006B50D9 E8DEF1D4FF call 004042BC
006B50DE 8B45C8 mov eax, [ebp-$38]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B50E1 E81654D5FF call 0040A4FC
* Reference to pointer to GlobalVar_00728AB0
|
006B50E6 8B15846B7200 mov edx, [$00726B84]
* Reference to field GlobalVar_00728AB0.OFFS_01CC
|
006B50EC 8982CC010000 mov [edx+$01CC], eax
006B50F2 8D45BC lea eax, [ebp-$44]
006B50F5 50 push eax
006B50F6 B908000000 mov ecx, $00000008
006B50FB BA09000000 mov edx, $00000009
006B5100 8B45F4 mov eax, [ebp-$0C]
* Reference to: system.@LStrCopy;
|
006B5103 E870F3D4FF call 00404478
006B5108 8B4DBC mov ecx, [ebp-$44]
006B510B 8D45C0 lea eax, [ebp-$40]
006B510E BA10536B00 mov edx, $006B5310
* Reference to: system.@LStrCat3;
|
006B5113 E8A4F1D4FF call 004042BC
006B5118 8B45C0 mov eax, [ebp-$40]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B511B E8DC53D5FF call 0040A4FC
* Reference to pointer to GlobalVar_00728AB0
|
006B5120 8B15846B7200 mov edx, [$00726B84]
* Reference to field GlobalVar_00728AB0.OFFS_01D0
|
006B5126 8982D0010000 mov [edx+$01D0], eax
006B512C 8D45B4 lea eax, [ebp-$4C]
006B512F 50 push eax
006B5130 B908000000 mov ecx, $00000008
006B5135 BA11000000 mov edx, $00000011
006B513A 8B45F4 mov eax, [ebp-$0C]
* Reference to: system.@LStrCopy;
|
006B513D E836F3D4FF call 00404478
006B5142 8B4DB4 mov ecx, [ebp-$4C]
006B5145 8D45B8 lea eax, [ebp-$48]
006B5148 BA10536B00 mov edx, $006B5310
* Reference to: system.@LStrCat3;
|
006B514D E86AF1D4FF call 004042BC
006B5152 8B45B8 mov eax, [ebp-$48]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B5155 E8A253D5FF call 0040A4FC
* Reference to pointer to GlobalVar_00728AB0
|
006B515A 8B15846B7200 mov edx, [$00726B84]
* Reference to field GlobalVar_00728AB0.OFFS_01D4
|
006B5160 8982D4010000 mov [edx+$01D4], eax
006B5166 8D45AC lea eax, [ebp-$54]
006B5169 50 push eax
006B516A B908000000 mov ecx, $00000008
006B516F BA19000000 mov edx, $00000019
006B5174 8B45F4 mov eax, [ebp-$0C]
* Reference to: system.@LStrCopy;
|
006B5177 E8FCF2D4FF call 00404478
006B517C 8B4DAC mov ecx, [ebp-$54]
006B517F 8D45B0 lea eax, [ebp-$50]
006B5182 BA10536B00 mov edx, $006B5310
* Reference to: system.@LStrCat3;
|
006B5187 E830F1D4FF call 004042BC
006B518C 8B45B0 mov eax, [ebp-$50]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B518F E86853D5FF call 0040A4FC
* Reference to pointer to GlobalVar_00728AB0
|
006B5194 8B15846B7200 mov edx, [$00726B84]
* Reference to field GlobalVar_00728AB0.OFFS_01D8
|
006B519A 8982D8010000 mov [edx+$01D8], eax
006B51A0 8D4DA8 lea ecx, [ebp-$58]
* Possible String Reference to: 'ZfhfkjCn' 注册码??
|
006B51A3 BA1C536B00 mov edx, $006B531C
006B51A8 8B45EC mov eax, [ebp-$14]
* Reference to: Unit_004C75DC.Proc_004C8350
|
006B51AB E8A031E1FF call 004C8350
006B51B0 8B45A8 mov eax, [ebp-$58]
006B51B3 8B55F0 mov edx, [ebp-$10]
* Reference to: system.@LStrCmp; 字符串比较
|
006B51B6 E8C5F1D4FF call 00404380 关键call?
006B51BB 0F8488000000 jz 006B5249 关键跳?
006B51C1 8B45E0 mov eax, [ebp-$20]
006B51C4 8B55F0 mov edx, [ebp-$10]
* Reference to: system.@LStrCmp;
|
006B51C7 E8B4F1D4FF call 00404380 关键call?
006B51CC 757B jnz 006B5249 关键跳?
006B51CE 8D45DC lea eax, [ebp-$24]
006B51D1 50 push eax
006B51D2 B904000000 mov ecx, $00000004
006B51D7 BA01000000 mov edx, $00000001
006B51DC 8B45E4 mov eax, [ebp-$1C]
* Reference to: system.@LStrCopy;
|
006B51DF E894F2D4FF call 00404478
006B51E4 8D45D8 lea eax, [ebp-$28]
006B51E7 50 push eax
006B51E8 B902000000 mov ecx, $00000002
006B51ED BA05000000 mov edx, $00000005
006B51F2 8B45E4 mov eax, [ebp-$1C]
* Reference to: system.@LStrCopy;
|
006B51F5 E87EF2D4FF call 00404478
006B51FA 8D45D4 lea eax, [ebp-$2C]
006B51FD 50 push eax
006B51FE B902000000 mov ecx, $00000002
006B5203 BA07000000 mov edx, $00000007
006B5208 8B45E4 mov eax, [ebp-$1C]
* Reference to: system.@LStrCopy;
|
006B520B E868F2D4FF call 00404478
006B5210 8B45DC mov eax, [ebp-$24]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B5213 E8E452D5FF call 0040A4FC
006B5218 8BD8 mov ebx, eax
006B521A 8B45D8 mov eax, [ebp-$28]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B521D E8DA52D5FF call 0040A4FC
006B5222 8BF0 mov esi, eax
006B5224 8B45D4 mov eax, [ebp-$2C]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B5227 E8D052D5FF call 0040A4FC
006B522C 668945D2 mov [ebp-$2E], ax
006B5230 668B4DD2 mov cx, word ptr [ebp-$2E]
006B5234 8BD6 mov edx, esi
006B5236 8BC3 mov eax, ebx
* Reference to: Unit_00409198.Proc_0040B80C
|
006B5238 E8CF65D5FF call 0040B80C
* Reference to pointer to GlobalVar_00728AB0
|
006B523D A1846B7200 mov eax, dword ptr [$00726B84]
006B5242 DD98C8020000 fstp qword ptr [eax+$02C8]
006B5248 9B wait
006B5249 68F8030000 push $000003F8
* Reference to pointer to GlobalVar_00728AB0
|
006B524E 8B0D846B7200 mov ecx, [$00726B84]
* Possible String Reference to: 'Data'
|
006B5254 BA00536B00 mov edx, $006B5300
006B5259 8BC7 mov eax, edi
* Reference to: Unit_004C6A3C.Proc_004C70CC
|
006B525B E86C1EE1FF call 004C70CC
006B5260 8BC7 mov eax, edi
* Reference to: Unit_004C6A3C.Proc_004C6CB4
|
006B5262 E84D1AE1FF call 004C6CB4
006B5267 8BC7 mov eax, edi
* Reference to: system.TObject.Free(TObject); 释放控件
|
006B5269 E83EDFD4FF call 004031AC
006B526E 8B45FC mov eax, [ebp-$04]
* Reference to: forms.TCustomForm.Close(TCustomForm); 关闭控件
|
006B5271 E89AF9D9FF call 00454C10
* Reference to TForm1 instance
|
006B5276 A1A0747200 mov eax, dword ptr [$007274A0]
006B527B 8B00 mov eax, [eax]
006B527D 8B55F8 mov edx, [ebp-$08]
* Reference to : TForm1.SpeedButton74Click()
|
006B5280 E8CF470500 call 00709A54
006B5285 33C0 xor eax, eax
006B5287 5A pop edx
006B5288 59 pop ecx
006B5289 59 pop ecx
006B528A 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '_^[?]?
|
006B528D 68B4526B00 push $006B52B4
006B5292 8D45A8 lea eax, [ebp-$58]
006B5295 BA0A000000 mov edx, $0000000A
* Reference to: system.@LStrArrayClr;
|
006B529A E875EDD4FF call 00404014
006B529F 8D45D4 lea eax, [ebp-$2C]
006B52A2 BA09000000 mov edx, $00000009
* Reference to: system.@LStrArrayClr;
|
006B52A7 E868EDD4FF call 00404014
006B52AC C3 ret
* Reference to: system.@HandleFinally;
|
006B52AD E95AE6D4FF jmp 0040390C
006B52B2 EBDE jmp 006B5292
****** END
|
006B52B4 5F pop edi
006B52B5 5E pop esi
006B52B6 5B pop ebx
006B52B7 8BE5 mov esp, ebp
006B52B9 5D pop ebp
006B52BA C3 ret
---------------------------------
因为我的机器很垃圾的原因,关键的的几个call一跟进就死机,晕了
,不仅时间限制没有解除,而且那个开号20个限制的msgbox还不晓得在哪里哟。希望这个破软的作者能上来指点一下,把漏掉的雷管补上!
但是还有一个地方不知道是忘记了还是怎么了,除了30天的使用期外,还有一个关键的地方,开号20个的限制没有暴掉。所以我说他少放了一根雷管。呵呵!我想自己动手完善一下,可惜啊,他加了Armadillo 壳,本人水平有限,脱不掉啊。于是,拿原版的来看。aspack的壳子,脱壳机脱掉。delphi开发的。典型的重启验证注册模式。注册信息保存在\Software\Microsoft\Windows\CurrentVersion\KeyReg中的二进制DATA键中。dede上阵。找到注册的TAboutform控件,找到按钮speedbuton,双击他的过程事件,以下是他的反汇编代码
006B4EA8 55 push ebp
006B4EA9 8BEC mov ebp, esp
006B4EAB B90B000000 mov ecx, $0000000B
006B4EB0 6A00 push $00
006B4EB2 6A00 push $00
006B4EB4 49 dec ecx
006B4EB5 75F9 jnz 006B4EB0
006B4EB7 53 push ebx
006B4EB8 56 push esi
006B4EB9 57 push edi
006B4EBA 8955F8 mov [ebp-$08], edx
006B4EBD 8945FC mov [ebp-$04], eax
006B4EC0 33C0 xor eax, eax
006B4EC2 55 push ebp
* Possible String Reference to: '橼嬖?捱^[?]?
|
006B4EC3 68AD526B00 push $006B52AD
***** TRY
|
006B4EC8 64FF30 push dword ptr fs:[eax]
006B4ECB 648920 mov fs:[eax], esp
006B4ECE 8D55CC lea edx, [ebp-$34]
006B4ED1 8B45FC mov eax, [ebp-$04]
* Reference to control TAboutForm.EditQ3 : TMaskEdit 取注册名
|
006B4ED4 8B800C030000 mov eax, [eax+$030C]
* Reference to: mask.TCustomMaskEdit.GetText 取注册码(TCustomMaskEdit):AnsiString;
|
006B4EDA E8F50EDBFF call 00465DD4
006B4EDF 8B45CC mov eax, [ebp-$34]
006B4EE2 8D55F4 lea edx, [ebp-$0C]
* Reference to : TAboutForm.Proc_006B4DF4()
|
006B4EE5 E80AFFFFFF call 006B4DF4
006B4EEA 8D45F0 lea eax, [ebp-$10]
* Reference to: Unit_004D60C0.Proc_004EA2B4
|
006B4EED E8C253E3FF call 004EA2B4
006B4EF2 8D45EC lea eax, [ebp-$14]
006B4EF5 50 push eax
006B4EF6 B910000000 mov ecx, $00000010
006B4EFB BA01000000 mov edx, $00000001
006B4F00 8B45F4 mov eax, [ebp-$0C]
* Reference to: system.@LStrCopy;
|
006B4F03 E870F5D4FF call 00404478
006B4F08 8D45E8 lea eax, [ebp-$18]
006B4F0B 50 push eax
006B4F0C B910000000 mov ecx, $00000010
006B4F11 BA11000000 mov edx, $00000011
006B4F16 8B45F4 mov eax, [ebp-$0C]
* Reference to: system.@LStrCopy;
|
006B4F19 E85AF5D4FF call 00404478
006B4F1E 8D4DE4 lea ecx, [ebp-$1C]
006B4F21 8B55EC mov edx, [ebp-$14]
006B4F24 8B45E8 mov eax, [ebp-$18]
* Reference to: Unit_004C75DC.Proc_004C8350
|
006B4F27 E82434E1FF call 004C8350
006B4F2C 8D4DE0 lea ecx, [ebp-$20]
006B4F2F 8B55E4 mov edx, [ebp-$1C]
006B4F32 8B45EC mov eax, [ebp-$14]
* Reference to: Unit_004C75DC.Proc_004C8350
|
006B4F35 E81634E1FF call 004C8350
006B4F3A B201 mov dl, $01
* Reference to class TRegistry 估计是开始注册
|
006B4F3C A19C6A4C00 mov eax, dword ptr [$004C6A9C]
* Reference to: Unit_004C6A3C.Proc_004C6C08
|
006B4F41 E8C21CE1FF call 004C6C08
006B4F46 8BF8 mov edi, eax
006B4F48 BA02000080 mov edx, $80000002
006B4F4D 8BC7 mov eax, edi
* Reference to: Unit_004C6A3C.Proc_004C6CE4
|
006B4F4F E8901DE1FF call 004C6CE4
006B4F54 B101 mov cl, $01
* Possible String Reference to: '\Software\Microsoft\Windows\Current
| Version\KeyReg'
|取DATA二进制数据
006B4F56 BAC4526B00 mov edx, $006B52C4
006B4F5B 8BC7 mov eax, edi
* Reference to: Unit_004C6A3C.Proc_004C6E28
|
006B4F5D E8C61EE1FF call 004C6E28
006B4F62 84C0 test al, al
006B4F64 0F84F6020000 jz 006B5260
* Reference to: system.Randomize;
|
006B4F6A E8ADDBD4FF call 00402B1C
006B4F6F BBCB010000 mov ebx, $000001CB
* Reference to pointer to GlobalVar_00728AB0
|
006B4F74 8B35846B7200 mov esi, [$00726B84]
006B4F7A B8FF000000 mov eax, $000000FF
* Reference to: system.@RandInt;
|
006B4F7F E824DED4FF call 00402DA8
006B4F84 8806 mov [esi], al
006B4F86 46 inc esi
006B4F87 4B dec ebx
006B4F88 75F0 jnz 006B4F7A
006B4F8A BB65000000 mov ebx, $00000065
* Reference to pointer to GlobalVar_00728AB0
|
006B4F8F 8B35846B7200 mov esi, [$00726B84]
006B4F95 81C6E0010000 add esi, $000001E0
006B4F9B B8FF000000 mov eax, $000000FF
* Reference to: system.@RandInt;
|
006B4FA0 E803DED4FF call 00402DA8
006B4FA5 8806 mov [esi], al
006B4FA7 46 inc esi
006B4FA8 4B dec ebx
006B4FA9 75F0 jnz 006B4F9B
006B4FAB BB65000000 mov ebx, $00000065
* Reference to pointer to GlobalVar_00728AB0
|
006B4FB0 8B35846B7200 mov esi, [$00726B84]
006B4FB6 81C658020000 add esi, $00000258
006B4FBC B8FF000000 mov eax, $000000FF
* Reference to: system.@RandInt;
|
006B4FC1 E8E2DDD4FF call 00402DA8
006B4FC6 8806 mov [esi], al
006B4FC8 46 inc esi
006B4FC9 4B dec ebx
006B4FCA 75F0 jnz 006B4FBC
006B4FCC BB28010000 mov ebx, $00000128
* Reference to pointer to GlobalVar_00728AB0
|
006B4FD1 8B35846B7200 mov esi, [$00726B84]
006B4FD7 81C6D0020000 add esi, $000002D0
006B4FDD B8FF000000 mov eax, $000000FF
* Reference to: system.@RandInt;
|
006B4FE2 E8C1DDD4FF call 00402DA8
006B4FE7 8806 mov [esi], al
006B4FE9 46 inc esi
006B4FEA 4B dec ebx
006B4FEB 75F0 jnz 006B4FDD
006B4FED 68F8030000 push $000003F8
* Reference to pointer to GlobalVar_00728AB0
|
006B4FF2 8B0D846B7200 mov ecx, [$00726B84]
* Possible String Reference to: 'Data'
|
006B4FF8 BA00536B00 mov edx, $006B5300
006B4FFD 8BC7 mov eax, edi
* Reference to: Unit_004C6A3C.Proc_004C70E0
|
006B4FFF E8DC20E1FF call 004C70E0
006B5004 85C0 test eax, eax
006B5006 0F85AC000000 jnz 006B50B8
* Reference to pointer to GlobalVar_00728AB0
|
006B500C A1846B7200 mov eax, dword ptr [$00726B84]
* Reference to field GlobalVar_00728AB0.OFFS_01DC
|
006B5011 C780DC01000001000000 mov dword ptr [eax+$01DC], $00000001
* Reference to: Unit_00409198.Proc_0040BB18
|
006B501B E8F86AD5FF call 0040BB18
* Reference to pointer to GlobalVar_00728AB0
|
006B5020 A1846B7200 mov eax, dword ptr [$00726B84]
006B5025 DD9848020000 fstp qword ptr [eax+$0248]
006B502B 9B wait
* Reference to: Unit_00409198.Proc_0040BB18
|
006B502C E8E76AD5FF call 0040BB18
* Reference to pointer to GlobalVar_00728AB0
|
006B5031 A1846B7200 mov eax, dword ptr [$00726B84]
006B5036 DD9850020000 fstp qword ptr [eax+$0250]
006B503C 9B wait
* Reference to: Unit_00409198.Proc_0040BB18
|
006B503D E8D66AD5FF call 0040BB18
* Reference to pointer to GlobalVar_00728AB0
|
006B5042 A1846B7200 mov eax, dword ptr [$00726B84]
006B5047 DD98C8020000 fstp qword ptr [eax+$02C8]
006B504D 9B wait
* Reference to pointer to GlobalVar_00728AB0
|
006B504E A1846B7200 mov eax, dword ptr [$00726B84]
006B5053 33D2 xor edx, edx
* Reference to field GlobalVar_00728AB0.OFFS_01CC
|
006B5055 8990CC010000 mov [eax+$01CC], edx
* Reference to pointer to GlobalVar_00728AB0
|
006B505B A1846B7200 mov eax, dword ptr [$00726B84]
006B5060 33D2 xor edx, edx
* Reference to field GlobalVar_00728AB0.OFFS_01D0
|
006B5062 8990D0010000 mov [eax+$01D0], edx
* Reference to pointer to GlobalVar_00728AB0
|
006B5068 A1846B7200 mov eax, dword ptr [$00726B84]
006B506D 33D2 xor edx, edx
* Reference to field GlobalVar_00728AB0.OFFS_01D4
|
006B506F 8990D4010000 mov [eax+$01D4], edx
* Reference to pointer to GlobalVar_00728AB0
|
006B5075 A1846B7200 mov eax, dword ptr [$00726B84]
006B507A 33D2 xor edx, edx
* Reference to field GlobalVar_00728AB0.OFFS_01D8
|
006B507C 8990D8010000 mov [eax+$01D8], edx
* Reference to pointer to GlobalVar_00728AB0
|
006B5082 A1846B7200 mov eax, dword ptr [$00726B84]
006B5087 33D2 xor edx, edx
* Reference to field GlobalVar_00728AB0.OFFS_02C0
|
006B5089 8990C0020000 mov [eax+$02C0], edx
* Reference to pointer to GlobalVar_00728AB0
|
006B508F A1846B7200 mov eax, dword ptr [$00726B84]
006B5094 33D2 xor edx, edx
* Reference to field GlobalVar_00728AB0.OFFS_02C4
|
006B5096 8990C4020000 mov [eax+$02C4], edx
006B509C 68F8030000 push $000003F8
* Reference to pointer to GlobalVar_00728AB0
|
006B50A1 8B0D846B7200 mov ecx, [$00726B84]
* Possible String Reference to: 'Data'
|
006B50A7 BA00536B00 mov edx, $006B5300
006B50AC 8BC7 mov eax, edi
* Reference to: Unit_004C6A3C.Proc_004C70CC
|
006B50AE E81920E1FF call 004C70CC
006B50B3 E9A8010000 jmp 006B5260
006B50B8 8D45C4 lea eax, [ebp-$3C]
006B50BB 50 push eax
006B50BC B908000000 mov ecx, $00000008
006B50C1 BA01000000 mov edx, $00000001
006B50C6 8B45F4 mov eax, [ebp-$0C]
* Reference to: system.@LStrCopy;
|
006B50C9 E8AAF3D4FF call 00404478
006B50CE 8B4DC4 mov ecx, [ebp-$3C]
006B50D1 8D45C8 lea eax, [ebp-$38]
006B50D4 BA10536B00 mov edx, $006B5310
* Reference to: system.@LStrCat3;
|
006B50D9 E8DEF1D4FF call 004042BC
006B50DE 8B45C8 mov eax, [ebp-$38]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B50E1 E81654D5FF call 0040A4FC
* Reference to pointer to GlobalVar_00728AB0
|
006B50E6 8B15846B7200 mov edx, [$00726B84]
* Reference to field GlobalVar_00728AB0.OFFS_01CC
|
006B50EC 8982CC010000 mov [edx+$01CC], eax
006B50F2 8D45BC lea eax, [ebp-$44]
006B50F5 50 push eax
006B50F6 B908000000 mov ecx, $00000008
006B50FB BA09000000 mov edx, $00000009
006B5100 8B45F4 mov eax, [ebp-$0C]
* Reference to: system.@LStrCopy;
|
006B5103 E870F3D4FF call 00404478
006B5108 8B4DBC mov ecx, [ebp-$44]
006B510B 8D45C0 lea eax, [ebp-$40]
006B510E BA10536B00 mov edx, $006B5310
* Reference to: system.@LStrCat3;
|
006B5113 E8A4F1D4FF call 004042BC
006B5118 8B45C0 mov eax, [ebp-$40]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B511B E8DC53D5FF call 0040A4FC
* Reference to pointer to GlobalVar_00728AB0
|
006B5120 8B15846B7200 mov edx, [$00726B84]
* Reference to field GlobalVar_00728AB0.OFFS_01D0
|
006B5126 8982D0010000 mov [edx+$01D0], eax
006B512C 8D45B4 lea eax, [ebp-$4C]
006B512F 50 push eax
006B5130 B908000000 mov ecx, $00000008
006B5135 BA11000000 mov edx, $00000011
006B513A 8B45F4 mov eax, [ebp-$0C]
* Reference to: system.@LStrCopy;
|
006B513D E836F3D4FF call 00404478
006B5142 8B4DB4 mov ecx, [ebp-$4C]
006B5145 8D45B8 lea eax, [ebp-$48]
006B5148 BA10536B00 mov edx, $006B5310
* Reference to: system.@LStrCat3;
|
006B514D E86AF1D4FF call 004042BC
006B5152 8B45B8 mov eax, [ebp-$48]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B5155 E8A253D5FF call 0040A4FC
* Reference to pointer to GlobalVar_00728AB0
|
006B515A 8B15846B7200 mov edx, [$00726B84]
* Reference to field GlobalVar_00728AB0.OFFS_01D4
|
006B5160 8982D4010000 mov [edx+$01D4], eax
006B5166 8D45AC lea eax, [ebp-$54]
006B5169 50 push eax
006B516A B908000000 mov ecx, $00000008
006B516F BA19000000 mov edx, $00000019
006B5174 8B45F4 mov eax, [ebp-$0C]
* Reference to: system.@LStrCopy;
|
006B5177 E8FCF2D4FF call 00404478
006B517C 8B4DAC mov ecx, [ebp-$54]
006B517F 8D45B0 lea eax, [ebp-$50]
006B5182 BA10536B00 mov edx, $006B5310
* Reference to: system.@LStrCat3;
|
006B5187 E830F1D4FF call 004042BC
006B518C 8B45B0 mov eax, [ebp-$50]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B518F E86853D5FF call 0040A4FC
* Reference to pointer to GlobalVar_00728AB0
|
006B5194 8B15846B7200 mov edx, [$00726B84]
* Reference to field GlobalVar_00728AB0.OFFS_01D8
|
006B519A 8982D8010000 mov [edx+$01D8], eax
006B51A0 8D4DA8 lea ecx, [ebp-$58]
* Possible String Reference to: 'ZfhfkjCn' 注册码??
|
006B51A3 BA1C536B00 mov edx, $006B531C
006B51A8 8B45EC mov eax, [ebp-$14]
* Reference to: Unit_004C75DC.Proc_004C8350
|
006B51AB E8A031E1FF call 004C8350
006B51B0 8B45A8 mov eax, [ebp-$58]
006B51B3 8B55F0 mov edx, [ebp-$10]
* Reference to: system.@LStrCmp; 字符串比较
|
006B51B6 E8C5F1D4FF call 00404380 关键call?
006B51BB 0F8488000000 jz 006B5249 关键跳?
006B51C1 8B45E0 mov eax, [ebp-$20]
006B51C4 8B55F0 mov edx, [ebp-$10]
* Reference to: system.@LStrCmp;
|
006B51C7 E8B4F1D4FF call 00404380 关键call?
006B51CC 757B jnz 006B5249 关键跳?
006B51CE 8D45DC lea eax, [ebp-$24]
006B51D1 50 push eax
006B51D2 B904000000 mov ecx, $00000004
006B51D7 BA01000000 mov edx, $00000001
006B51DC 8B45E4 mov eax, [ebp-$1C]
* Reference to: system.@LStrCopy;
|
006B51DF E894F2D4FF call 00404478
006B51E4 8D45D8 lea eax, [ebp-$28]
006B51E7 50 push eax
006B51E8 B902000000 mov ecx, $00000002
006B51ED BA05000000 mov edx, $00000005
006B51F2 8B45E4 mov eax, [ebp-$1C]
* Reference to: system.@LStrCopy;
|
006B51F5 E87EF2D4FF call 00404478
006B51FA 8D45D4 lea eax, [ebp-$2C]
006B51FD 50 push eax
006B51FE B902000000 mov ecx, $00000002
006B5203 BA07000000 mov edx, $00000007
006B5208 8B45E4 mov eax, [ebp-$1C]
* Reference to: system.@LStrCopy;
|
006B520B E868F2D4FF call 00404478
006B5210 8B45DC mov eax, [ebp-$24]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B5213 E8E452D5FF call 0040A4FC
006B5218 8BD8 mov ebx, eax
006B521A 8B45D8 mov eax, [ebp-$28]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B521D E8DA52D5FF call 0040A4FC
006B5222 8BF0 mov esi, eax
006B5224 8B45D4 mov eax, [ebp-$2C]
* Reference to: Unit_00409198.Proc_0040A4FC
|
006B5227 E8D052D5FF call 0040A4FC
006B522C 668945D2 mov [ebp-$2E], ax
006B5230 668B4DD2 mov cx, word ptr [ebp-$2E]
006B5234 8BD6 mov edx, esi
006B5236 8BC3 mov eax, ebx
* Reference to: Unit_00409198.Proc_0040B80C
|
006B5238 E8CF65D5FF call 0040B80C
* Reference to pointer to GlobalVar_00728AB0
|
006B523D A1846B7200 mov eax, dword ptr [$00726B84]
006B5242 DD98C8020000 fstp qword ptr [eax+$02C8]
006B5248 9B wait
006B5249 68F8030000 push $000003F8
* Reference to pointer to GlobalVar_00728AB0
|
006B524E 8B0D846B7200 mov ecx, [$00726B84]
* Possible String Reference to: 'Data'
|
006B5254 BA00536B00 mov edx, $006B5300
006B5259 8BC7 mov eax, edi
* Reference to: Unit_004C6A3C.Proc_004C70CC
|
006B525B E86C1EE1FF call 004C70CC
006B5260 8BC7 mov eax, edi
* Reference to: Unit_004C6A3C.Proc_004C6CB4
|
006B5262 E84D1AE1FF call 004C6CB4
006B5267 8BC7 mov eax, edi
* Reference to: system.TObject.Free(TObject); 释放控件
|
006B5269 E83EDFD4FF call 004031AC
006B526E 8B45FC mov eax, [ebp-$04]
* Reference to: forms.TCustomForm.Close(TCustomForm); 关闭控件
|
006B5271 E89AF9D9FF call 00454C10
* Reference to TForm1 instance
|
006B5276 A1A0747200 mov eax, dword ptr [$007274A0]
006B527B 8B00 mov eax, [eax]
006B527D 8B55F8 mov edx, [ebp-$08]
* Reference to : TForm1.SpeedButton74Click()
|
006B5280 E8CF470500 call 00709A54
006B5285 33C0 xor eax, eax
006B5287 5A pop edx
006B5288 59 pop ecx
006B5289 59 pop ecx
006B528A 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '_^[?]?
|
006B528D 68B4526B00 push $006B52B4
006B5292 8D45A8 lea eax, [ebp-$58]
006B5295 BA0A000000 mov edx, $0000000A
* Reference to: system.@LStrArrayClr;
|
006B529A E875EDD4FF call 00404014
006B529F 8D45D4 lea eax, [ebp-$2C]
006B52A2 BA09000000 mov edx, $00000009
* Reference to: system.@LStrArrayClr;
|
006B52A7 E868EDD4FF call 00404014
006B52AC C3 ret
* Reference to: system.@HandleFinally;
|
006B52AD E95AE6D4FF jmp 0040390C
006B52B2 EBDE jmp 006B5292
****** END
|
006B52B4 5F pop edi
006B52B5 5E pop esi
006B52B6 5B pop ebx
006B52B7 8BE5 mov esp, ebp
006B52B9 5D pop ebp
006B52BA C3 ret
---------------------------------
因为我的机器很垃圾的原因,关键的的几个call一跟进就死机,晕了
,不仅时间限制没有解除,而且那个开号20个限制的msgbox还不晓得在哪里哟。希望这个破软的作者能上来指点一下,把漏掉的雷管补上!
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
自己花5分钟做了一个补丁已经发布到DFCG,自己去下,不知道你说的雷管去掉没有。
|
|
|
|
|
|
 厉害厉害,佩服佩服!我先去下一下看看 |
|
|
 原来的作者就是少放了这根雷管啊!这个限制没有炸掉啊!我还请鸡蛋壳大哥再努把力!您的UPX壳子真是猛,我的咔吧硬是要把他干掉,哈哈。另外您能写个破文吗?再次感谢! |
|
|
这是我在dede里面跟踪到的那个20个限制的代码部分
00646748 55 push ebp 00646749 8BEC mov ebp, esp 0064674B B978000000 mov ecx, $00000078 00646750 6A00 push $00 00646752 6A00 push $00 00646754 49 dec ecx 00646755 75F9 jnz 00646750 00646757 51 push ecx 00646758 53 push ebx 00646759 56 push esi 0064675A 57 push edi 0064675B 8955FC mov [ebp-$04], edx 0064675E 8BF0 mov esi, eax 00646760 33C0 xor eax, eax 00646762 55 push ebp 00646763 68A7846400 push $006484A7 ***** TRY | 00646768 64FF30 push dword ptr fs:[eax] 0064676B 648920 mov fs:[eax], esp 0064676E 8D55B8 lea edx, [ebp-$48] * Reference to control TForm4.Edit1 : TEdit | 00646771 8B862C030000 mov eax, [esi+$032C] * Reference to: controls.TControl.GetText(TControl):TCaption; | 00646777 E8D41EDFFF call 00438650 0064677C 837DB800 cmp dword ptr [ebp-$48], +$00 00646780 0F84F31A0000 jz 00648279 00646786 8D55EC lea edx, [ebp-$14] * Reference to control TForm4.Edit1 : TEdit | 00646789 8B862C030000 mov eax, [esi+$032C] * Reference to: controls.TControl.GetText(TControl):TCaption; | 0064678F E8BC1EDFFF call 00438650 00646794 EB1C jmp 006467B2 00646796 8B55EC mov edx, [ebp-$14] 00646799 B8C0846400 mov eax, $006484C0 * Reference to: system.@LStrPos; | 0064679E E8B9DDDBFF call 0040455C 006467A3 8BD8 mov ebx, eax 006467A5 8D45EC lea eax, [ebp-$14] * Reference to: system.UniqueString(String;String); | 006467A8 E893DCDBFF call 00404440 006467AD C64418FF0A mov byte ptr [eax+ebx-$01], $0A 006467B2 8B55EC mov edx, [ebp-$14] 006467B5 B8C0846400 mov eax, $006484C0 * Reference to: system.@LStrPos; | 006467BA E89DDDDBFF call 0040455C 006467BF 85C0 test eax, eax 006467C1 7FD3 jnle 00646796 006467C3 EB1C jmp 006467E1 006467C5 8B55EC mov edx, [ebp-$14] 006467C8 B8CC846400 mov eax, $006484CC * Reference to: system.@LStrPos; | 006467CD E88ADDDBFF call 0040455C 006467D2 8BD8 mov ebx, eax 006467D4 8D45EC lea eax, [ebp-$14] * Reference to: system.UniqueString(String;String); | 006467D7 E864DCDBFF call 00404440 006467DC C64418FF0A mov byte ptr [eax+ebx-$01], $0A 006467E1 8B55EC mov edx, [ebp-$14] 006467E4 B8CC846400 mov eax, $006484CC * Reference to: system.@LStrPos; | 006467E9 E86EDDDBFF call 0040455C 006467EE 85C0 test eax, eax 006467F0 7FD3 jnle 006467C5 006467F2 EB1C jmp 00646810 006467F4 8B55EC mov edx, [ebp-$14] 006467F7 B8D8846400 mov eax, $006484D8 * Reference to: system.@LStrPos; | 006467FC E85BDDDBFF call 0040455C 00646801 8BD8 mov ebx, eax 00646803 8D45EC lea eax, [ebp-$14] * Reference to: system.UniqueString(String;String); | 00646806 E835DCDBFF call 00404440 0064680B C64418FF0A mov byte ptr [eax+ebx-$01], $0A 00646810 8B55EC mov edx, [ebp-$14] 00646813 B8D8846400 mov eax, $006484D8 * Reference to: system.@LStrPos; | 00646818 E83FDDDBFF call 0040455C 0064681D 85C0 test eax, eax 0064681F 7FD3 jnle 006467F4 00646821 EB1C jmp 0064683F 00646823 8B55EC mov edx, [ebp-$14] 00646826 B8E4846400 mov eax, $006484E4 * Reference to: system.@LStrPos; | 0064682B E82CDDDBFF call 0040455C 00646830 8BD8 mov ebx, eax 00646832 8D45EC lea eax, [ebp-$14] * Reference to: system.UniqueString(String;String); | 00646835 E806DCDBFF call 00404440 0064683A C64418FF0A mov byte ptr [eax+ebx-$01], $0A 0064683F 8B55EC mov edx, [ebp-$14] 00646842 B8E4846400 mov eax, $006484E4 * Reference to: system.@LStrPos; | 00646847 E810DDDBFF call 0040455C 0064684C 85C0 test eax, eax 0064684E 7FD3 jnle 00646823 00646850 B201 mov dl, $01 * Reference to class TStringList | 00646852 A168194100 mov eax, dword ptr [$00411968] * Reference to: system.TObject.Create(TObject;Boolean); | 00646857 E820C9DBFF call 0040317C 0064685C 8945E8 mov [ebp-$18], eax 0064685F 8B55EC mov edx, [ebp-$14] 00646862 8B45E8 mov eax, [ebp-$18] 00646865 8B08 mov ecx, [eax] * Reference to method TStringList.SetTextStr(string) | 00646867 FF512C call dword ptr [ecx+$2C] * Reference to: Unit_004D60C0.Proc_004EB020 | 0064686A E8B147EAFF call 004EB020 0064686F 40 inc eax 00646870 7417 jz 00646889 * Reference to pointer to GlobalVar_00728F98 | 00646872 A10C6E7200 mov eax, dword ptr [$00726E0C] * Reference to field GlobalVar_00728F98.OFFS_0044 | 00646877 8B4044 mov eax, [eax+$44] * Reference to pointer to GlobalVar_00728F98 | 0064687A 8B150C6E7200 mov edx, [$00726E0C] * Reference to field GlobalVar_00728F98.OFFS_004C | 00646880 3B424C cmp eax, [edx+$4C] 00646883 0F8E3D010000 jle 006469C6 * Reference to TDM1 instance | 00646889 A13C707200 mov eax, dword ptr [$0072703C] 0064688E 8B00 mov eax, [eax] * Reference to control TDM1.QPhXH : TQuery | 00646890 8B98E0190000 mov ebx, [eax+$19E0] 00646896 8BC3 mov eax, ebx * Reference to: db.TDataSet.Close(TDataSet); | 00646898 E8332AE3FF call 004792D0 * Possible String Reference to: 'WHERE (lb=' | 0064689D 68F0846400 push $006484F0 * Reference to pointer to GlobalVar_00728F98 | 006468A2 A10C6E7200 mov eax, dword ptr [$00726E0C] 006468A7 FF700C push dword ptr [eax+$0C] 006468AA 6804856400 push $00648504 006468AF 8D45B4 lea eax, [ebp-$4C] 006468B2 BA03000000 mov edx, $00000003 * Reference to: system.@LStrCatN; | 006468B7 E874DADBFF call 00404330 006468BC 8B4DB4 mov ecx, [ebp-$4C] * Reference to field TQuery.SQL : TStrings | 006468BF 8B8338020000 mov eax, [ebx+$0238] 006468C5 BA02000000 mov edx, $00000002 006468CA 8B38 mov edi, [eax] * Reference to method TStrings.Put(Integer,string) | 006468CC FF5720 call dword ptr [edi+$20] 006468CF 8BC3 mov eax, ebx * Reference to: db.TDataSet.Open(TDataSet); | 006468D1 E8EE29E3FF call 004792C4 006468D6 8B45E8 mov eax, [ebp-$18] 006468D9 8B10 mov edx, [eax] * Reference to method TStringList.GetCount() | 006468DB FF5214 call dword ptr [edx+$14] 006468DE 48 dec eax 006468DF 85C0 test eax, eax 006468E1 0F8CDF000000 jl 006469C6 006468E7 40 inc eax 006468E8 8945D0 mov [ebp-$30], eax 006468EB 33DB xor ebx, ebx * Reference to TDM1 instance | 006468ED A13C707200 mov eax, dword ptr [$0072703C] 006468F2 8B00 mov eax, [eax] * Reference to control TDM1.QPhXH : TQuery | 006468F4 8B80E0190000 mov eax, [eax+$19E0] 006468FA 8945CC mov [ebp-$34], eax * Reference to DM1 | 006468FD 8B45CC mov eax, [ebp-$34] * Reference to: db.TDataSet.First(TDataSet); | or: db.TDataSet.Last(TDataSet); | 00646900 E8434AE3FF call 0047B348 00646905 33C0 xor eax, eax 00646907 8945F4 mov [ebp-$0C], eax 0064690A E99D000000 jmp 006469AC 0064690F FF45F4 inc dword ptr [ebp-$0C] 00646912 8D4DB0 lea ecx, [ebp-$50] 00646915 8BD3 mov edx, ebx 00646917 8B45E8 mov eax, [ebp-$18] 0064691A 8B38 mov edi, [eax] * Reference to method TStringList.Get(Integer) | 0064691C FF570C call dword ptr [edi+$0C] 0064691F 8B45B0 mov eax, [ebp-$50] 00646922 50 push eax * Possible String Reference to: 'ph' | 00646923 BA10856400 mov edx, $00648510 * Reference to DM1 | 00646928 8B45CC mov eax, [ebp-$34] * Reference to: db.TDataSet.FieldByName(TDataSet;AnsiString):TField; | 0064692B E85C37E3FF call 0047A08C 00646930 8D55AC lea edx, [ebp-$54] 00646933 8B08 mov ecx, [eax] * Reference to method TQuery.PSGetUpdateException(Exception,EUpdateError) | 00646935 FF5158 call dword ptr [ecx+$58] 00646938 8B55AC mov edx, [ebp-$54] 0064693B 58 pop eax * Reference to: system.@LStrCmp; <-------------- 关键的比较 | 0064693C E83FDADBFF call 00404380 00646941 7561 jnz 006469A4 <---关键跳?? 00646943 837DF414 cmp dword ptr [ebp-$0C], +$14 00646947 7C5B jl 006469A4 <---关键跳?? 00646949 6A00 push $00 * Possible String Reference to: '提示:牌号[' | 0064694B 681C856400 push $0064851C 00646950 8D4DA4 lea ecx, [ebp-$5C] 00646953 8BD3 mov edx, ebx 00646955 8B45E8 mov eax, [ebp-$18] 00646958 8B18 mov ebx, [eax] * Reference to method TStringList.Get(Integer) <-----取号牌个数 | 0064695A FF530C call dword ptr [ebx+$0C] 0064695D FF75A4 push dword ptr [ebp-$5C] * Possible String Reference to: ']超出使用范围.' | 00646960 6830856400 push $00648530 00646965 6848856400 push $00648548 * Possible String Reference to: '说明:未注册版本牌号只能登记前20个牌 | 号。' | 0064696A 6854856400 push $00648554 0064696F 6848856400 push $00648548 * Possible String Reference to: ' 请注册后继续使用!' | 00646974 6884856400 push $00648584 00646979 8D45A8 lea eax, [ebp-$58] 0064697C BA07000000 mov edx, $00000007 ------------------------------ 跟进call 00404380 ------------------------------ 00404380 53 push ebx 00404381 56 push esi 00404382 57 push edi 00404383 89C6 mov esi, eax 00404385 89D7 mov edi, edx 00404387 39D0 cmp eax, edx 00404389 0F848F000000 jz 0040441E 0040438F 85F6 test esi, esi 00404391 7468 jz 004043FB 00404393 85FF test edi, edi 00404395 746B jz 00404402 00404397 8B46FC mov eax, [esi-$04] 0040439A 8B57FC mov edx, [edi-$04] 0040439D 29D0 sub eax, edx 0040439F 7702 jnbe 004043A3 004043A1 01C2 add edx, eax 004043A3 52 push edx 004043A4 C1EA02 shr edx, $02 004043A7 7426 jz 004043CF 004043A9 8B0E mov ecx, [esi] 004043AB 8B1F mov ebx, [edi] 004043AD 39D9 cmp ecx, ebx 004043AF 7558 jnz 00404409 004043B1 4A dec edx 004043B2 7415 jz 004043C9 004043B4 8B4E04 mov ecx, [esi+$04] 004043B7 8B5F04 mov ebx, [edi+$04] 004043BA 39D9 cmp ecx, ebx 004043BC 754B jnz 00404409 004043BE 83C608 add esi, +$08 004043C1 83C708 add edi, +$08 004043C4 4A dec edx 004043C5 75E2 jnz 004043A9 004043C7 EB06 jmp 004043CF 004043C9 83C604 add esi, +$04 004043CC 83C704 add edi, +$04 004043CF 5A pop edx 004043D0 83E203 and edx, +$03 004043D3 7422 jz 004043F7 004043D5 8B0E mov ecx, [esi] 004043D7 8B1F mov ebx, [edi] 004043D9 38D9 cmp cl, bl 004043DB 7541 jnz 0040441E 004043DD 4A dec edx 004043DE 7417 jz 004043F7 004043E0 38FD cmp ch, bh 004043E2 753A jnz 0040441E 004043E4 4A dec edx 004043E5 7410 jz 004043F7 004043E7 81E30000FF00 and ebx, $00FF0000 004043ED 81E10000FF00 and ecx, $00FF0000 004043F3 39D9 cmp ecx, ebx 004043F5 7527 jnz 0040441E 004043F7 01C0 add eax, eax 004043F9 EB23 jmp 0040441E 004043FB 8B57FC mov edx, [edi-$04] 004043FE 29D0 sub eax, edx 00404400 EB1C jmp 0040441E 00404402 8B46FC mov eax, [esi-$04] 00404405 29D0 sub eax, edx 00404407 EB15 jmp 0040441E 00404409 5A pop edx 0040440A 38D9 cmp cl, bl 0040440C 7510 jnz 0040441E 0040440E 38FD cmp ch, bh 00404410 750C jnz 0040441E 00404412 C1E910 shr ecx, $10 00404415 C1EB10 shr ebx, $10 00404418 38D9 cmp cl, bl 0040441A 7502 jnz 0040441E 0040441C 38FD cmp ch, bh 0040441E 5F pop edi 0040441F 5E pop esi 00404420 5B pop ebx 00404421 C3 ret --------------------------- 又跳来跳去的,我又迷糊了!
|
|
|
|
|
|
|
|
|
|
