[讨论]关于Armadillo带KEY保护的脱壳！-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

[讨论]关于Armadillo带KEY保护的脱壳！

发表于: 2006-8-29 11:14 4237

[讨论]关于Armadillo带KEY保护的脱壳！

冰到极点

2006-8-29 11:14

4237

硬件号：E832-F745
安装号：0002QH-YR7H4D-6YGP3R-T9TBDA-5RQ3JJ-HBZBZX-FNCB82-0CB1R6
我有一组正确的KEY，但是用he GetDlgItem下断，根本断不住，直接就运行了。不知道为什么，请指教。
01BC20A2 68 2CD4BC01    push 1BCD42C
01BC20A7 6A 02          push 2
01BC20A9 8D4D 84       lea    ecx, [ebp-7C]
01BC20AC E8 24FDFFFF    call 01BC1DD5
01BC20B1 8B45 E0       mov    eax, [ebp-20]
01BC20B4 3B45 94       cmp    eax, [ebp-6C]
01BC20B7 7C 03          jl    short 01BC20BC
01BC20B9 895D E0       mov    [ebp-20], ebx
01BC20BC F7C7 00100400 test edi, 41000
01BC20C2 74 04          je    short 01BC20C8
01BC20C4 C645 91 01    mov    byte ptr [ebp-6F], 1
01BC20C8 56             push esi
01BC20C9 FF15 1864BC01 call [1BC6418]                      ; USER32.MessageBeep
01BC20CF 53             push ebx
01BC20D0 8D45 84       lea    eax, [ebp-7C]
01BC20D3 50             push eax
01BC20D4 FF75 08       push dword ptr [ebp+8]
01BC20D7 E8 41F4FFFF    call 01BC151D
01BC20DC 83C4 0C       add    esp, 0C
01BC20DF 8BF8          mov    edi, eax
01BC20E1 897D E4       mov    [ebp-1C], edi
01BC20E4 8B75 E0       mov    esi, [ebp-20]
01BC20E7 69F6 04020000 imul esi, esi, 204
01BC20ED 53             push ebx
01BC20EE 8B45 98       mov    eax, [ebp-68]
01BC20F1 FF3406       push dword ptr [esi+eax]
01BC20F4 68 01040000    push 401
01BC20F9 57             push edi
01BC20FA E8 AD140000    call 01BC35AC
01BC20FF 8B45 98       mov    eax, [ebp-68]
01BC2102 FF3406       push dword ptr [esi+eax]
01BC2105 57             push edi
01BC2106 FF15 E864BC01 call [1BC64E8]                      ; USER32.GetDlgItem
01BC210C 50             push eax                            ; 找这个CALL开始的位置，如何找？
01BC210D FF15 5464BC01 call [1BC6454]                      ; USER32.SetFocus
01BC2113 6A 01          push 1
01BC2115 57             push edi
01BC2116 FF15 0465BC01 call [1BC6504]                      ; USER32.ShowWindow
01BC211C 8B75 0C       mov    esi, [ebp+C]

我不会找call的开始位置。哪位知道，帮帮我。非常感谢。我愿意提供教程。

[课程]Linux pwn 探索篇！

收藏・0

免费・0

支持

最新回复 (2)
冰到极点雪币： 156 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 74 粉丝 0 关注私信	冰到极点 2 楼作者是从 PUSH EBP MOV EBP,ESP SUB ESP,400 MOV EAX,DWORD PTR SS:[EBP+C] PUSH EBX PUSH ESI SUB EAX,110 PUSH EDI JE 00C245F2　　　　　　　　　　　　　　　　;作者从此处跟入找到机器码位置的 DEC EAX JE SHORT 00C24488 XOR EAX,EAX JMP 00C248EA MOV EAX,DWORD PTR SS:[EBP+10] MOVAX ECX,AX SHR EAX,10 --------------------------下面是我程序的 01BC1EF1 55 push ebp ; 硬件断点 01BC1EF2 8BEC mov ebp, esp 01BC1EF4 6A FF push -1 01BC1EF6 68 1869BC01 push 1BC6918 01BC1EFB 68 3050BC01 push 1BC5030 ; jmp 到 msvcrt._except_handler3 01BC1F00 64:A1 00000000 mov eax, fs:[0] 01BC1F06 50 push eax 01BC1F07 64:8925 0000000>mov fs:[0], esp 01BC1F0E 83EC 6C sub esp, 6C 01BC1F11 53 push ebx 01BC1F12 56 push esi 01BC1F13 57 push edi 01BC1F14 8965 E8 mov [ebp-18], esp 01BC1F17 33DB xor ebx, ebx 01BC1F19 895D FC mov [ebp-4], ebx 01BC1F1C 6A 24 push 24 01BC1F1E 53 push ebx 01BC1F1F 8D45 84 lea eax, [ebp-7C] 01BC1F22 50 push eax 01BC1F23 E8 78300000 call 01BC4FA0 ; jmp 到 msvcrt.memset 01BC1F28 83C4 0C add esp, 0C 01BC1F2B 8B45 0C mov eax, [ebp+C] 01BC1F2E 8945 84 mov [ebp-7C], eax 01BC1F31 8B45 14 mov eax, [ebp+14] 01BC1F34 3BC3 cmp eax, ebx 01BC1F36 75 05 jnz short 01BC1F3D 01BC1F38 B8 2CD0BC01 mov eax, 1BCD02C 01BC1F3D 8945 88 mov [ebp-78], eax 01BC1F40 8B45 10 mov eax, [ebp+10] 01BC1F43 8945 8C mov [ebp-74], eax 01BC1F46 C745 A4 CC21BC0>mov dword ptr [ebp-5C], 1BC21CC 01BC1F4D 885D A8 mov [ebp-58], bl 01BC1F50 885D CC mov [ebp-34], bl 01BC1F53 885D D4 mov [ebp-2C], bl 01BC1F56 885D DC mov [ebp-24], bl 01BC1F59 885D C8 mov [ebp-38], bl 01BC1F5C 895D E0 mov [ebp-20], ebx 01BC1F5F 8B7D 18 mov edi, [ebp+18] 01BC1F62 8BC7 mov eax, edi 01BC1F64 25 000F0000 and eax, 0F00 01BC1F69 3D 00010000 cmp eax, 100 01BC1F6E 74 20 je short 01BC1F90 01BC1F70 3D 00020000 cmp eax, 200 01BC1F75 74 10 je short 01BC1F87 01BC1F77 3D 00030000 cmp eax, 300 01BC1F7C 75 19 jnz short 01BC1F97 01BC1F7E C745 E0 0300000>mov dword ptr [ebp-20], 3 01BC1F85 EB 10 jmp short 01BC1F97 01BC1F87 C745 E0 0200000>mov dword ptr [ebp-20], 2 01BC1F8E EB 07 jmp short 01BC1F97 01BC1F90 C745 E0 0100000>mov dword ptr [ebp-20], 1 01BC1F97 895D D0 mov [ebp-30], ebx 01BC1F9A 8BF7 mov esi, edi 01BC1F9C 81E6 F0000000 and esi, 0F0 01BC1FA2 83FE 10 cmp esi, 10 01BC1FA5 74 2A je short 01BC1FD1 01BC1FA7 83FE 20 cmp esi, 20 01BC1FAA 74 1C je short 01BC1FC8 01BC1FAC 83FE 30 cmp esi, 30 01BC1FAF 74 0E je short 01BC1FBF 01BC1FB1 83FE 40 cmp esi, 40 01BC1FB4 75 22 jnz short 01BC1FD8 01BC1FB6 C745 D0 047F000>mov dword ptr [ebp-30], 7F04 01BC1FBD EB 19 jmp short 01BC1FD8 01BC1FBF C745 D0 037F000>mov dword ptr [ebp-30], 7F03 01BC1FC6 EB 10 jmp short 01BC1FD8 01BC1FC8 C745 D0 027F000>mov dword ptr [ebp-30], 7F02 01BC1FCF EB 07 jmp short 01BC1FD8 01BC1FD1 C745 D0 017F000>mov dword ptr [ebp-30], 7F01 01BC1FD8 395D D0 cmp [ebp-30], ebx 01BC1FDB 74 0D je short 01BC1FEA 01BC1FDD FF75 D0 push dword ptr [ebp-30] 01BC1FE0 53 push ebx 01BC1FE1 FF15 9C64BC01 call [1BC649C] ; USER32.LoadIconA 01BC1FE7 8945 A0 mov [ebp-60], eax 01BC1FEA 8BC7 mov eax, edi 01BC1FEC 83E0 0F and eax, 0F 01BC1FEF 48 dec eax 01BC1FF0 74 26 je short 01BC2018 01BC1FF2 48 dec eax 01BC1FF3 74 1D je short 01BC2012 01BC1FF5 48 dec eax 01BC1FF6 74 10 je short 01BC2008 01BC1FF8 48 dec eax 01BC1FF9 74 11 je short 01BC200C 01BC1FFB 48 dec eax 01BC1FFC 75 1E jnz short 01BC201C 01BC1FFE C645 C8 01 mov byte ptr [ebp-38], 1 01BC2002 C645 D4 01 mov byte ptr [ebp-2C], 1 01BC2006 EB 18 jmp short 01BC2020 01BC2008 C645 C8 01 mov byte ptr [ebp-38], 1 01BC200C C645 DC 01 mov byte ptr [ebp-24], 1 01BC2010 EB 0E jmp short 01BC2020 01BC2012 C645 CC 01 mov byte ptr [ebp-34], 1 01BC2016 EB 08 jmp short 01BC2020 01BC2018 C645 C8 01 mov byte ptr [ebp-38], 1 01BC201C C645 A8 01 mov byte ptr [ebp-58], 1 01BC2020 385D A8 cmp [ebp-58], bl 01BC2023 74 0F je short 01BC2034 01BC2025 68 2CD2BC01 push 1BCD22C ; UNICODE "OK" 01BC202A 6A 01 push 1 01BC202C 8D4D 84 lea ecx, [ebp-7C] 01BC202F E8 A1FDFFFF call 01BC1DD5 01BC2034 385D DC cmp [ebp-24], bl 01BC2037 74 1E je short 01BC2057 01BC2039 68 2CDCBC01 push 1BCDC2C ; UNICODE "&Yes" 我应该从哪里跟入呢，高手指点一下。 2006-8-29 11:25 0
冰到极点雪币： 156 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 74 粉丝 0 关注私信	冰到极点 3 楼 0116CA30 /$ 55 push ebp 0116CA31 \|. 8BEC mov ebp, esp 0116CA33 \|. 83EC 24 sub esp, 24 0116CA36 \|. 8B45 08 mov eax, [ebp+8] 0116CA39 \|. A3 A0B11A01 mov [11AB1A0], eax 0116CA3E \|. C705 50AE1A01>mov dword ptr [11AAE50], 1 0116CA48 \|. 8B4D 14 mov ecx, [ebp+14] 0116CA4B \|. 890D 54AE1A01 mov [11AAE54], ecx 0116CA51 \|. 8B55 10 mov edx, [ebp+10] 0116CA54 \|. 8915 58AE1A01 mov [11AAE58], edx 0116CA5A \|. 8B45 08 mov eax, [ebp+8] 0116CA5D \|. A3 5CAE1A01 mov [11AAE5C], eax 0116CA62 \|. 6A 02 push 2 ; /Arg2 = 00000002 0116CA64 \|. 8B0D A0B11A01 mov ecx, [11AB1A0] ; \| 0116CA6A \|. 51 push ecx ; \|Arg1 => 00000000 0116CA6B \|. E8 73840000 call 01174EE3 ; \Fit.01174EE3 0116CA70 \|. 83C4 08 add esp, 8 0116CA73 \|. C745 F0 00000>mov dword ptr [ebp-10], 0 0116CA7A \|. C745 F4 00000>mov dword ptr [ebp-C], 0 0116CA81 \|. 68 00200000 push 2000 ; /Arg1 = 00002000 0116CA86 \|. 8D4D F0 lea ecx, [ebp-10] ; \| 0116CA89 \|. E8 52E1FFFF call 0116ABE0 ; \Fit.0116ABE0 0116CA8E \|. 8B55 F0 mov edx, [ebp-10] 0116CA91 \|. 52 push edx ; /Arg2 0116CA92 \|. 8B45 10 mov eax, [ebp+10] ; \| 0116CA95 \|. 50 push eax ; \|Arg1 0116CA96 \|. E8 4D030000 call 0116CDE8 ; \Fit.0116CDE8 0116CA9B \|. 83C4 08 add esp, 8 0116CA9E \|. 8945 F8 mov [ebp-8], eax 0116CAA1 \|. 6A 06 push 6 0116CAA3 \|. 68 A0471A01 push 011A47A0 ; ASCII "SERVER" 0116CAA8 \|. 8B4D F0 mov ecx, [ebp-10] 0116CAAB \|. 51 push ecx 0116CAAC \|. E8 5F870100 call 01185210 0116CAB1 \|. 83C4 0C add esp, 0C 0116CAB4 \|. 85C0 test eax, eax 0116CAB6 \|. 0F85 DB000000 jnz 0116CB97 0116CABC \|. C605 A8B11A01>mov byte ptr [11AB1A8], 1 0116CAC3 \|. C705 80431A01>mov dword ptr [11A4380], 3C 0116CACD \|. 8B55 F0 mov edx, [ebp-10] 0116CAD0 \|. 52 push edx 0116CAD1 \|. E8 5A300100 call 0117FB30 0116CAD6 \|. 83C4 04 add esp, 4 0116CAD9 \|. 83F8 06 cmp eax, 6 0116CADC \|. 0F86 A2000000 jbe 0116CB84 0116CAE2 \|. 68 9C471A01 push 011A479C 0116CAE7 \|. 8B45 F0 mov eax, [ebp-10] 0116CAEA \|. 83C0 06 add eax, 6 0116CAED \|. 50 push eax 0116CAEE \|. E8 0D860100 call 01185100 0116CAF3 \|. 83C4 08 add esp, 8 0116CAF6 \|. 85C0 test eax, eax 0116CAF8 \|. 75 0C jnz short 0116CB06 0116CAFA \|. C705 80431A01>mov dword ptr [11A4380], -1 0116CB04 \|. EB 7E jmp short 0116CB84 0116CB06 \|> 68 94471A01 push 011A4794 ; ASCII "DOWN" 0116CB0B \|. 8B4D F0 mov ecx, [ebp-10] 0116CB0E \|. 83C1 06 add ecx, 6 0116CB11 \|. 51 push ecx 0116CB12 \|. E8 E9850100 call 01185100 0116CB17 \|. 83C4 08 add esp, 8 0116CB1A \|. 85C0 test eax, eax 0116CB1C \|. 75 0C jnz short 0116CB2A 0116CB1E \|. C705 80431A01>mov dword ptr [11A4380], -2 0116CB28 \|. EB 5A jmp short 0116CB84 0116CB2A \|> 8B55 F0 mov edx, [ebp-10] 0116CB2D \|. 83C2 06 add edx, 6 0116CB30 \|. 8955 EC mov [ebp-14], edx 0116CB33 \|> 8B45 EC /mov eax, [ebp-14] 0116CB36 \|. 0FBE08 \|movsx ecx, byte ptr [eax] 0116CB39 \|. 85C9 \|test ecx, ecx 0116CB3B \|. 74 20 \|je short 0116CB5D 0116CB3D \|. 8B55 EC \|mov edx, [ebp-14] 0116CB40 \|. 0FBE02 \|movsx eax, byte ptr [edx] 0116CB43 \|. 50 \|push eax 0116CB44 \|. E8 A5350100 \|call 011800EE 0116CB49 \|. 83C4 04 \|add esp, 4 0116CB4C \|. 85C0 \|test eax, eax 0116CB4E \|. 75 02 \|jnz short 0116CB52 0116CB50 \|. EB 0B \|jmp short 0116CB5D 0116CB52 \|> 8B4D EC \|mov ecx, [ebp-14] 0116CB55 \|. 83C1 01 \|add ecx, 1 0116CB58 \|. 894D EC \|mov [ebp-14], ecx 0116CB5B \|.^ EB D6 \jmp short 0116CB33 0116CB5D \|> 8B55 EC mov edx, [ebp-14] 0116CB60 \|. 0FBE02 movsx eax, byte ptr [edx] 0116CB63 \|. 85C0 test eax, eax 0116CB65 \|. 75 16 jnz short 0116CB7D 0116CB67 \|. 8B4D F0 mov ecx, [ebp-10] 0116CB6A \|. 83C1 06 add ecx, 6 0116CB6D \|. 51 push ecx 0116CB6E \|. E8 70350100 call 011800E3 0116CB73 \|. 83C4 04 add esp, 4 0116CB76 \|. A3 80431A01 mov [11A4380], eax 0116CB7B \|. EB 07 jmp short 0116CB84 0116CB7D \|> C605 A8B11A01>mov byte ptr [11AB1A8], 0 0116CB84 \|> 8B55 F0 mov edx, [ebp-10] 0116CB87 \|. 52 push edx ; /Arg2 0116CB88 \|. 8B45 F8 mov eax, [ebp-8] ; \| 0116CB8B \|. 50 push eax ; \|Arg1 0116CB8C \|. E8 57020000 call 0116CDE8 ; \Fit.0116CDE8 0116CB91 \|. 83C4 08 add esp, 8 0116CB94 \|. 8945 F8 mov [ebp-8], eax 0116CB97 \|> 68 88471A01 push 011A4788 ; ASCII "REGISTER" 0116CB9C \|. 8B4D F0 mov ecx, [ebp-10] 0116CB9F \|. 51 push ecx 0116CBA0 \|. E8 5B850100 call 01185100 0116CBA5 \|. 83C4 08 add esp, 8 0116CBA8 \|. 85C0 test eax, eax 0116CBAA \|. 75 20 jnz short 0116CBCC 0116CBAC \|. C705 A4B11A01>mov dword ptr [11AB1A4], 1 0116CBB6 \|. 8B55 F8 mov edx, [ebp-8] 0116CBB9 \|. 52 push edx 0116CBBA \|. 68 7CAE1A01 push 011AAE7C 0116CBBF \|. E8 BC2D0100 call 0117F980 0116CBC4 \|. 83C4 08 add esp, 8 0116CBC7 \|. E9 77010000 jmp 0116CD43 0116CBCC \|> 68 78471A01 push 011A4778 ; ASCII "QUIETREGISTER" 0116CBD1 \|. 8B45 F0 mov eax, [ebp-10] 0116CBD4 \|. 50 push eax 0116CBD5 \|. E8 26850100 call 01185100 0116CBDA \|. 83C4 08 add esp, 8 0116CBDD \|. 85C0 test eax, eax 0116CBDF \|. 75 20 jnz short 0116CC01 0116CBE1 \|. C705 A4B11A01>mov dword ptr [11AB1A4], 8 0116CBEB \|. 8B4D F8 mov ecx, [ebp-8] 0116CBEE \|. 51 push ecx 0116CBEF \|. 68 7CAE1A01 push 011AAE7C 0116CBF4 \|. E8 872D0100 call 0117F980 0116CBF9 \|. 83C4 08 add esp, 8 0116CBFC \|. E9 42010000 jmp 0116CD43 0116CC01 \|> 68 6C471A01 push 011A476C ; ASCII "TRANSFER" 0116CC06 \|. 8B55 F0 mov edx, [ebp-10] 0116CC09 \|. 52 push edx 0116CC0A \|. E8 F1840100 call 01185100 0116CC0F \|. 83C4 08 add esp, 8 0116CC12 \|. 85C0 test eax, eax 0116CC14 \|. 75 0F jnz short 0116CC25 0116CC16 \|. C705 A4B11A01>mov dword ptr [11AB1A4], 2 0116CC20 \|. E9 1E010000 jmp 0116CD43 0116CC25 \|> 68 60471A01 push 011A4760 ; ASCII "FIXCLOCK" 0116CC2A \|. 8B45 F0 mov eax, [ebp-10] 0116CC2D \|. 50 push eax 0116CC2E \|. E8 CD840100 call 01185100 0116CC33 \|. 83C4 08 add esp, 8 0116CC36 \|. 85C0 test eax, eax 0116CC38 \|. 75 0F jnz short 0116CC49 0116CC3A \|. C705 A4B11A01>mov dword ptr [11AB1A4], 3 0116CC44 \|. E9 FA000000 jmp 0116CD43 0116CC49 \|> 68 58471A01 push 011A4758 ; ASCII "INFO" 0116CC4E \|. 8B4D F0 mov ecx, [ebp-10] 0116CC51 \|. 51 push ecx 0116CC52 \|. E8 A9840100 call 01185100 0116CC57 \|. 83C4 08 add esp, 8 0116CC5A \|. 85C0 test eax, eax 0116CC5C \|. 75 0F jnz short 0116CC6D 0116CC5E \|. C705 A4B11A01>mov dword ptr [11AB1A4], 4 0116CC68 \|. E9 D6000000 jmp 0116CD43 0116CC6D \|> 68 4C471A01 push 011A474C ; ASCII "UNREGISTER" 0116CC72 \|. 8B55 F0 mov edx, [ebp-10] 0116CC75 \|. 52 push edx 0116CC76 \|. E8 85840100 call 01185100 0116CC7B \|. 83C4 08 add esp, 8 0116CC7E \|. 85C0 test eax, eax 0116CC80 \|. 75 0F jnz short 0116CC91 0116CC82 \|. C705 A4B11A01>mov dword ptr [11AB1A4], 5 0116CC8C \|. E9 B2000000 jmp 0116CD43 0116CC91 \|> 68 3C471A01 push 011A473C ; ASCII "QUIETUNREGISTER" 0116CC96 \|. 8B45 F0 mov eax, [ebp-10] 0116CC99 \|. 50 push eax 0116CC9A \|. E8 61840100 call 01185100 0116CC9F \|. 83C4 08 add esp, 8 0116CCA2 \|. 85C0 test eax, eax 0116CCA4 \|. 75 0F jnz short 0116CCB5 0116CCA6 \|. C705 A4B11A01>mov dword ptr [11AB1A4], 9 0116CCB0 \|. E9 8E000000 jmp 0116CD43 0116CCB5 \|> 68 2C471A01 push 011A472C ; ASCII "SHOWNETUSERS" 0116CCBA \|. 8B4D F0 mov ecx, [ebp-10] 0116CCBD \|. 51 push ecx 0116CCBE \|. E8 3D840100 call 01185100 0116CCC3 \|. 83C4 08 add esp, 8 0116CCC6 \|. 85C0 test eax, eax 0116CCC8 \|. 75 0C jnz short 0116CCD6 0116CCCA \|. C705 A4B11A01>mov dword ptr [11AB1A4], 6 0116CCD4 \|. EB 6D jmp short 0116CD43 0116CCD6 \|> 68 20471A01 push 011A4720 ; ASCII "HWCHANGELOG" 0116CCDB \|. 8B55 F0 mov edx, [ebp-10] 0116CCDE \|. 52 push edx 0116CCDF \|. E8 1C840100 call 01185100 0116CCE4 \|. 83C4 08 add esp, 8 0116CCE7 \|. 85C0 test eax, eax 0116CCE9 \|. 75 0C jnz short 0116CCF7 0116CCEB \|. C705 A4B11A01>mov dword ptr [11AB1A4], 7 0116CCF5 \|. EB 4C jmp short 0116CD43 0116CCF7 \|> 68 14471A01 push 011A4714 ; ASCII "QUIETEXIT" 0116CCFC \|. 8B45 F0 mov eax, [ebp-10] 0116CCFF \|. 50 push eax 0116CD00 \|. E8 FB830100 call 01185100 0116CD05 \|. 83C4 08 add esp, 8 0116CD08 \|. 85C0 test eax, eax 0116CD0A \|. 75 0C jnz short 0116CD18 0116CD0C \|. C705 A4B11A01>mov dword ptr [11AB1A4], 0A 0116CD16 \|. EB 2B jmp short 0116CD43 0116CD18 \|> 6A 09 push 9 0116CD1A \|. 68 08471A01 push 011A4708 ; ASCII "ARMDEBUG=" 0116CD1F \|. 8B4D F0 mov ecx, [ebp-10] 0116CD22 \|. 51 push ecx 0116CD23 \|. E8 E8840100 call 01185210 0116CD28 \|. 83C4 0C add esp, 0C 0116CD2B \|. 85C0 test eax, eax 0116CD2D \|. 75 14 jnz short 0116CD43 0116CD2F \|. 8B55 F0 mov edx, [ebp-10] 0116CD32 \|. 83C2 09 add edx, 9 0116CD35 \|. 52 push edx 0116CD36 \|. 68 7CAE1A01 push 011AAE7C 0116CD3B \|. E8 402C0100 call 0117F980 0116CD40 \|. 83C4 08 add esp, 8 0116CD43 \|> E8 DFF7FFFF call 0116C527 0116CD48 \|. 8945 FC mov [ebp-4], eax 0116CD4B \|. 837D FC 00 cmp dword ptr [ebp-4], 0 0116CD4F \|. 75 66 jnz short 0116CDB7 0116CD51 \|. 8B45 F0 mov eax, [ebp-10] 0116CD54 \|. 8945 E4 mov [ebp-1C], eax 0116CD57 \|. E8 15DFFFFF call 0116AC71 0116CD5C \|. 50 push eax 0116CD5D \|. 8B4D E4 mov ecx, [ebp-1C] 0116CD60 \|. 51 push ecx 0116CD61 \|. E8 1A2C0100 call 0117F980 0116CD66 \|. 83C4 08 add esp, 8 0116CD69 \|. E8 14DFFFFF call 0116AC82 0116CD6E \|. 50 push eax 0116CD6F \|. E8 BC2D0100 call 0117FB30 0116CD74 \|. 83C4 04 add esp, 4 0116CD77 \|. 85C0 test eax, eax 0116CD79 \|. 74 29 je short 0116CDA4 0116CD7B \|. 68 BC461A01 push 011A46BC 0116CD80 \|. 8B55 F0 mov edx, [ebp-10] 0116CD83 \|. 52 push edx 0116CD84 \|. E8 072C0100 call 0117F990 0116CD89 \|. 83C4 08 add esp, 8 0116CD8C \|. 8B45 F0 mov eax, [ebp-10] 0116CD8F \|. 8945 E0 mov [ebp-20], eax 0116CD92 \|. E8 EBDEFFFF call 0116AC82 0116CD97 \|. 50 push eax 0116CD98 \|. 8B4D E0 mov ecx, [ebp-20] 0116CD9B \|. 51 push ecx 0116CD9C \|. E8 EF2B0100 call 0117F990 0116CDA1 \|. 83C4 08 add esp, 8 0116CDA4 \|> 68 10000400 push 40010 ; /Style = MB_OK\|MB_ICONHAND\|MB_APPLMODAL\|40000 0116CDA9 \|. 6A 00 push 0 ; \|Title = NULL 0116CDAB \|. 8B55 F0 mov edx, [ebp-10] ; \| 0116CDAE \|. 52 push edx ; \|Text 0116CDAF \|. 6A 00 push 0 ; \|hOwner = NULL 0116CDB1 \|. FF15 28421A01 call [<&USER32.MessageBoxA>] ; \MessageBoxA 0116CDB7 \|> A1 A8B31A01 mov eax, [11AB3A8] 0116CDBC \|. 8945 E8 mov [ebp-18], eax 0116CDBF \|. 8B4D F0 mov ecx, [ebp-10] 0116CDC2 \|. 894D DC mov [ebp-24], ecx 0116CDC5 \|. 8B55 DC mov edx, [ebp-24] 0116CDC8 \|. 52 push edx 这段说明什么？？ 2006-8-29 11:46 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

冰到极点

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
冰到极点雪币： 156 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 74 粉丝 0 关注私信	冰到极点 2 楼作者是从 PUSH EBP MOV EBP,ESP SUB ESP,400 MOV EAX,DWORD PTR SS:[EBP+C] PUSH EBX PUSH ESI SUB EAX,110 PUSH EDI JE 00C245F2　　　　　　　　　　　　　　　　;作者从此处跟入找到机器码位置的 DEC EAX JE SHORT 00C24488 XOR EAX,EAX JMP 00C248EA MOV EAX,DWORD PTR SS:[EBP+10] MOVAX ECX,AX SHR EAX,10 --------------------------下面是我程序的 01BC1EF1 55 push ebp ; 硬件断点 01BC1EF2 8BEC mov ebp, esp 01BC1EF4 6A FF push -1 01BC1EF6 68 1869BC01 push 1BC6918 01BC1EFB 68 3050BC01 push 1BC5030 ; jmp 到 msvcrt._except_handler3 01BC1F00 64:A1 00000000 mov eax, fs:[0] 01BC1F06 50 push eax 01BC1F07 64:8925 0000000>mov fs:[0], esp 01BC1F0E 83EC 6C sub esp, 6C 01BC1F11 53 push ebx 01BC1F12 56 push esi 01BC1F13 57 push edi 01BC1F14 8965 E8 mov [ebp-18], esp 01BC1F17 33DB xor ebx, ebx 01BC1F19 895D FC mov [ebp-4], ebx 01BC1F1C 6A 24 push 24 01BC1F1E 53 push ebx 01BC1F1F 8D45 84 lea eax, [ebp-7C] 01BC1F22 50 push eax 01BC1F23 E8 78300000 call 01BC4FA0 ; jmp 到 msvcrt.memset 01BC1F28 83C4 0C add esp, 0C 01BC1F2B 8B45 0C mov eax, [ebp+C] 01BC1F2E 8945 84 mov [ebp-7C], eax 01BC1F31 8B45 14 mov eax, [ebp+14] 01BC1F34 3BC3 cmp eax, ebx 01BC1F36 75 05 jnz short 01BC1F3D 01BC1F38 B8 2CD0BC01 mov eax, 1BCD02C 01BC1F3D 8945 88 mov [ebp-78], eax 01BC1F40 8B45 10 mov eax, [ebp+10] 01BC1F43 8945 8C mov [ebp-74], eax 01BC1F46 C745 A4 CC21BC0>mov dword ptr [ebp-5C], 1BC21CC 01BC1F4D 885D A8 mov [ebp-58], bl 01BC1F50 885D CC mov [ebp-34], bl 01BC1F53 885D D4 mov [ebp-2C], bl 01BC1F56 885D DC mov [ebp-24], bl 01BC1F59 885D C8 mov [ebp-38], bl 01BC1F5C 895D E0 mov [ebp-20], ebx 01BC1F5F 8B7D 18 mov edi, [ebp+18] 01BC1F62 8BC7 mov eax, edi 01BC1F64 25 000F0000 and eax, 0F00 01BC1F69 3D 00010000 cmp eax, 100 01BC1F6E 74 20 je short 01BC1F90 01BC1F70 3D 00020000 cmp eax, 200 01BC1F75 74 10 je short 01BC1F87 01BC1F77 3D 00030000 cmp eax, 300 01BC1F7C 75 19 jnz short 01BC1F97 01BC1F7E C745 E0 0300000>mov dword ptr [ebp-20], 3 01BC1F85 EB 10 jmp short 01BC1F97 01BC1F87 C745 E0 0200000>mov dword ptr [ebp-20], 2 01BC1F8E EB 07 jmp short 01BC1F97 01BC1F90 C745 E0 0100000>mov dword ptr [ebp-20], 1 01BC1F97 895D D0 mov [ebp-30], ebx 01BC1F9A 8BF7 mov esi, edi 01BC1F9C 81E6 F0000000 and esi, 0F0 01BC1FA2 83FE 10 cmp esi, 10 01BC1FA5 74 2A je short 01BC1FD1 01BC1FA7 83FE 20 cmp esi, 20 01BC1FAA 74 1C je short 01BC1FC8 01BC1FAC 83FE 30 cmp esi, 30 01BC1FAF 74 0E je short 01BC1FBF 01BC1FB1 83FE 40 cmp esi, 40 01BC1FB4 75 22 jnz short 01BC1FD8 01BC1FB6 C745 D0 047F000>mov dword ptr [ebp-30], 7F04 01BC1FBD EB 19 jmp short 01BC1FD8 01BC1FBF C745 D0 037F000>mov dword ptr [ebp-30], 7F03 01BC1FC6 EB 10 jmp short 01BC1FD8 01BC1FC8 C745 D0 027F000>mov dword ptr [ebp-30], 7F02 01BC1FCF EB 07 jmp short 01BC1FD8 01BC1FD1 C745 D0 017F000>mov dword ptr [ebp-30], 7F01 01BC1FD8 395D D0 cmp [ebp-30], ebx 01BC1FDB 74 0D je short 01BC1FEA 01BC1FDD FF75 D0 push dword ptr [ebp-30] 01BC1FE0 53 push ebx 01BC1FE1 FF15 9C64BC01 call [1BC649C] ; USER32.LoadIconA 01BC1FE7 8945 A0 mov [ebp-60], eax 01BC1FEA 8BC7 mov eax, edi 01BC1FEC 83E0 0F and eax, 0F 01BC1FEF 48 dec eax 01BC1FF0 74 26 je short 01BC2018 01BC1FF2 48 dec eax 01BC1FF3 74 1D je short 01BC2012 01BC1FF5 48 dec eax 01BC1FF6 74 10 je short 01BC2008 01BC1FF8 48 dec eax 01BC1FF9 74 11 je short 01BC200C 01BC1FFB 48 dec eax 01BC1FFC 75 1E jnz short 01BC201C 01BC1FFE C645 C8 01 mov byte ptr [ebp-38], 1 01BC2002 C645 D4 01 mov byte ptr [ebp-2C], 1 01BC2006 EB 18 jmp short 01BC2020 01BC2008 C645 C8 01 mov byte ptr [ebp-38], 1 01BC200C C645 DC 01 mov byte ptr [ebp-24], 1 01BC2010 EB 0E jmp short 01BC2020 01BC2012 C645 CC 01 mov byte ptr [ebp-34], 1 01BC2016 EB 08 jmp short 01BC2020 01BC2018 C645 C8 01 mov byte ptr [ebp-38], 1 01BC201C C645 A8 01 mov byte ptr [ebp-58], 1 01BC2020 385D A8 cmp [ebp-58], bl 01BC2023 74 0F je short 01BC2034 01BC2025 68 2CD2BC01 push 1BCD22C ; UNICODE "OK" 01BC202A 6A 01 push 1 01BC202C 8D4D 84 lea ecx, [ebp-7C] 01BC202F E8 A1FDFFFF call 01BC1DD5 01BC2034 385D DC cmp [ebp-24], bl 01BC2037 74 1E je short 01BC2057 01BC2039 68 2CDCBC01 push 1BCDC2C ; UNICODE "&Yes" 我应该从哪里跟入呢，高手指点一下。 2006-8-29 11:25 0
冰到极点雪币： 156 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 74 粉丝 0 关注私信	冰到极点 3 楼 0116CA30 /$ 55 push ebp 0116CA31 \|. 8BEC mov ebp, esp 0116CA33 \|. 83EC 24 sub esp, 24 0116CA36 \|. 8B45 08 mov eax, [ebp+8] 0116CA39 \|. A3 A0B11A01 mov [11AB1A0], eax 0116CA3E \|. C705 50AE1A01>mov dword ptr [11AAE50], 1 0116CA48 \|. 8B4D 14 mov ecx, [ebp+14] 0116CA4B \|. 890D 54AE1A01 mov [11AAE54], ecx 0116CA51 \|. 8B55 10 mov edx, [ebp+10] 0116CA54 \|. 8915 58AE1A01 mov [11AAE58], edx 0116CA5A \|. 8B45 08 mov eax, [ebp+8] 0116CA5D \|. A3 5CAE1A01 mov [11AAE5C], eax 0116CA62 \|. 6A 02 push 2 ; /Arg2 = 00000002 0116CA64 \|. 8B0D A0B11A01 mov ecx, [11AB1A0] ; \| 0116CA6A \|. 51 push ecx ; \|Arg1 => 00000000 0116CA6B \|. E8 73840000 call 01174EE3 ; \Fit.01174EE3 0116CA70 \|. 83C4 08 add esp, 8 0116CA73 \|. C745 F0 00000>mov dword ptr [ebp-10], 0 0116CA7A \|. C745 F4 00000>mov dword ptr [ebp-C], 0 0116CA81 \|. 68 00200000 push 2000 ; /Arg1 = 00002000 0116CA86 \|. 8D4D F0 lea ecx, [ebp-10] ; \| 0116CA89 \|. E8 52E1FFFF call 0116ABE0 ; \Fit.0116ABE0 0116CA8E \|. 8B55 F0 mov edx, [ebp-10] 0116CA91 \|. 52 push edx ; /Arg2 0116CA92 \|. 8B45 10 mov eax, [ebp+10] ; \| 0116CA95 \|. 50 push eax ; \|Arg1 0116CA96 \|. E8 4D030000 call 0116CDE8 ; \Fit.0116CDE8 0116CA9B \|. 83C4 08 add esp, 8 0116CA9E \|. 8945 F8 mov [ebp-8], eax 0116CAA1 \|. 6A 06 push 6 0116CAA3 \|. 68 A0471A01 push 011A47A0 ; ASCII "SERVER" 0116CAA8 \|. 8B4D F0 mov ecx, [ebp-10] 0116CAAB \|. 51 push ecx 0116CAAC \|. E8 5F870100 call 01185210 0116CAB1 \|. 83C4 0C add esp, 0C 0116CAB4 \|. 85C0 test eax, eax 0116CAB6 \|. 0F85 DB000000 jnz 0116CB97 0116CABC \|. C605 A8B11A01>mov byte ptr [11AB1A8], 1 0116CAC3 \|. C705 80431A01>mov dword ptr [11A4380], 3C 0116CACD \|. 8B55 F0 mov edx, [ebp-10] 0116CAD0 \|. 52 push edx 0116CAD1 \|. E8 5A300100 call 0117FB30 0116CAD6 \|. 83C4 04 add esp, 4 0116CAD9 \|. 83F8 06 cmp eax, 6 0116CADC \|. 0F86 A2000000 jbe 0116CB84 0116CAE2 \|. 68 9C471A01 push 011A479C 0116CAE7 \|. 8B45 F0 mov eax, [ebp-10] 0116CAEA \|. 83C0 06 add eax, 6 0116CAED \|. 50 push eax 0116CAEE \|. E8 0D860100 call 01185100 0116CAF3 \|. 83C4 08 add esp, 8 0116CAF6 \|. 85C0 test eax, eax 0116CAF8 \|. 75 0C jnz short 0116CB06 0116CAFA \|. C705 80431A01>mov dword ptr [11A4380], -1 0116CB04 \|. EB 7E jmp short 0116CB84 0116CB06 \|> 68 94471A01 push 011A4794 ; ASCII "DOWN" 0116CB0B \|. 8B4D F0 mov ecx, [ebp-10] 0116CB0E \|. 83C1 06 add ecx, 6 0116CB11 \|. 51 push ecx 0116CB12 \|. E8 E9850100 call 01185100 0116CB17 \|. 83C4 08 add esp, 8 0116CB1A \|. 85C0 test eax, eax 0116CB1C \|. 75 0C jnz short 0116CB2A 0116CB1E \|. C705 80431A01>mov dword ptr [11A4380], -2 0116CB28 \|. EB 5A jmp short 0116CB84 0116CB2A \|> 8B55 F0 mov edx, [ebp-10] 0116CB2D \|. 83C2 06 add edx, 6 0116CB30 \|. 8955 EC mov [ebp-14], edx 0116CB33 \|> 8B45 EC /mov eax, [ebp-14] 0116CB36 \|. 0FBE08 \|movsx ecx, byte ptr [eax] 0116CB39 \|. 85C9 \|test ecx, ecx 0116CB3B \|. 74 20 \|je short 0116CB5D 0116CB3D \|. 8B55 EC \|mov edx, [ebp-14] 0116CB40 \|. 0FBE02 \|movsx eax, byte ptr [edx] 0116CB43 \|. 50 \|push eax 0116CB44 \|. E8 A5350100 \|call 011800EE 0116CB49 \|. 83C4 04 \|add esp, 4 0116CB4C \|. 85C0 \|test eax, eax 0116CB4E \|. 75 02 \|jnz short 0116CB52 0116CB50 \|. EB 0B \|jmp short 0116CB5D 0116CB52 \|> 8B4D EC \|mov ecx, [ebp-14] 0116CB55 \|. 83C1 01 \|add ecx, 1 0116CB58 \|. 894D EC \|mov [ebp-14], ecx 0116CB5B \|.^ EB D6 \jmp short 0116CB33 0116CB5D \|> 8B55 EC mov edx, [ebp-14] 0116CB60 \|. 0FBE02 movsx eax, byte ptr [edx] 0116CB63 \|. 85C0 test eax, eax 0116CB65 \|. 75 16 jnz short 0116CB7D 0116CB67 \|. 8B4D F0 mov ecx, [ebp-10] 0116CB6A \|. 83C1 06 add ecx, 6 0116CB6D \|. 51 push ecx 0116CB6E \|. E8 70350100 call 011800E3 0116CB73 \|. 83C4 04 add esp, 4 0116CB76 \|. A3 80431A01 mov [11A4380], eax 0116CB7B \|. EB 07 jmp short 0116CB84 0116CB7D \|> C605 A8B11A01>mov byte ptr [11AB1A8], 0 0116CB84 \|> 8B55 F0 mov edx, [ebp-10] 0116CB87 \|. 52 push edx ; /Arg2 0116CB88 \|. 8B45 F8 mov eax, [ebp-8] ; \| 0116CB8B \|. 50 push eax ; \|Arg1 0116CB8C \|. E8 57020000 call 0116CDE8 ; \Fit.0116CDE8 0116CB91 \|. 83C4 08 add esp, 8 0116CB94 \|. 8945 F8 mov [ebp-8], eax 0116CB97 \|> 68 88471A01 push 011A4788 ; ASCII "REGISTER" 0116CB9C \|. 8B4D F0 mov ecx, [ebp-10] 0116CB9F \|. 51 push ecx 0116CBA0 \|. E8 5B850100 call 01185100 0116CBA5 \|. 83C4 08 add esp, 8 0116CBA8 \|. 85C0 test eax, eax 0116CBAA \|. 75 20 jnz short 0116CBCC 0116CBAC \|. C705 A4B11A01>mov dword ptr [11AB1A4], 1 0116CBB6 \|. 8B55 F8 mov edx, [ebp-8] 0116CBB9 \|. 52 push edx 0116CBBA \|. 68 7CAE1A01 push 011AAE7C 0116CBBF \|. E8 BC2D0100 call 0117F980 0116CBC4 \|. 83C4 08 add esp, 8 0116CBC7 \|. E9 77010000 jmp 0116CD43 0116CBCC \|> 68 78471A01 push 011A4778 ; ASCII "QUIETREGISTER" 0116CBD1 \|. 8B45 F0 mov eax, [ebp-10] 0116CBD4 \|. 50 push eax 0116CBD5 \|. E8 26850100 call 01185100 0116CBDA \|. 83C4 08 add esp, 8 0116CBDD \|. 85C0 test eax, eax 0116CBDF \|. 75 20 jnz short 0116CC01 0116CBE1 \|. C705 A4B11A01>mov dword ptr [11AB1A4], 8 0116CBEB \|. 8B4D F8 mov ecx, [ebp-8] 0116CBEE \|. 51 push ecx 0116CBEF \|. 68 7CAE1A01 push 011AAE7C 0116CBF4 \|. E8 872D0100 call 0117F980 0116CBF9 \|. 83C4 08 add esp, 8 0116CBFC \|. E9 42010000 jmp 0116CD43 0116CC01 \|> 68 6C471A01 push 011A476C ; ASCII "TRANSFER" 0116CC06 \|. 8B55 F0 mov edx, [ebp-10] 0116CC09 \|. 52 push edx 0116CC0A \|. E8 F1840100 call 01185100 0116CC0F \|. 83C4 08 add esp, 8 0116CC12 \|. 85C0 test eax, eax 0116CC14 \|. 75 0F jnz short 0116CC25 0116CC16 \|. C705 A4B11A01>mov dword ptr [11AB1A4], 2 0116CC20 \|. E9 1E010000 jmp 0116CD43 0116CC25 \|> 68 60471A01 push 011A4760 ; ASCII "FIXCLOCK" 0116CC2A \|. 8B45 F0 mov eax, [ebp-10] 0116CC2D \|. 50 push eax 0116CC2E \|. E8 CD840100 call 01185100 0116CC33 \|. 83C4 08 add esp, 8 0116CC36 \|. 85C0 test eax, eax 0116CC38 \|. 75 0F jnz short 0116CC49 0116CC3A \|. C705 A4B11A01>mov dword ptr [11AB1A4], 3 0116CC44 \|. E9 FA000000 jmp 0116CD43 0116CC49 \|> 68 58471A01 push 011A4758 ; ASCII "INFO" 0116CC4E \|. 8B4D F0 mov ecx, [ebp-10] 0116CC51 \|. 51 push ecx 0116CC52 \|. E8 A9840100 call 01185100 0116CC57 \|. 83C4 08 add esp, 8 0116CC5A \|. 85C0 test eax, eax 0116CC5C \|. 75 0F jnz short 0116CC6D 0116CC5E \|. C705 A4B11A01>mov dword ptr [11AB1A4], 4 0116CC68 \|. E9 D6000000 jmp 0116CD43 0116CC6D \|> 68 4C471A01 push 011A474C ; ASCII "UNREGISTER" 0116CC72 \|. 8B55 F0 mov edx, [ebp-10] 0116CC75 \|. 52 push edx 0116CC76 \|. E8 85840100 call 01185100 0116CC7B \|. 83C4 08 add esp, 8 0116CC7E \|. 85C0 test eax, eax 0116CC80 \|. 75 0F jnz short 0116CC91 0116CC82 \|. C705 A4B11A01>mov dword ptr [11AB1A4], 5 0116CC8C \|. E9 B2000000 jmp 0116CD43 0116CC91 \|> 68 3C471A01 push 011A473C ; ASCII "QUIETUNREGISTER" 0116CC96 \|. 8B45 F0 mov eax, [ebp-10] 0116CC99 \|. 50 push eax 0116CC9A \|. E8 61840100 call 01185100 0116CC9F \|. 83C4 08 add esp, 8 0116CCA2 \|. 85C0 test eax, eax 0116CCA4 \|. 75 0F jnz short 0116CCB5 0116CCA6 \|. C705 A4B11A01>mov dword ptr [11AB1A4], 9 0116CCB0 \|. E9 8E000000 jmp 0116CD43 0116CCB5 \|> 68 2C471A01 push 011A472C ; ASCII "SHOWNETUSERS" 0116CCBA \|. 8B4D F0 mov ecx, [ebp-10] 0116CCBD \|. 51 push ecx 0116CCBE \|. E8 3D840100 call 01185100 0116CCC3 \|. 83C4 08 add esp, 8 0116CCC6 \|. 85C0 test eax, eax 0116CCC8 \|. 75 0C jnz short 0116CCD6 0116CCCA \|. C705 A4B11A01>mov dword ptr [11AB1A4], 6 0116CCD4 \|. EB 6D jmp short 0116CD43 0116CCD6 \|> 68 20471A01 push 011A4720 ; ASCII "HWCHANGELOG" 0116CCDB \|. 8B55 F0 mov edx, [ebp-10] 0116CCDE \|. 52 push edx 0116CCDF \|. E8 1C840100 call 01185100 0116CCE4 \|. 83C4 08 add esp, 8 0116CCE7 \|. 85C0 test eax, eax 0116CCE9 \|. 75 0C jnz short 0116CCF7 0116CCEB \|. C705 A4B11A01>mov dword ptr [11AB1A4], 7 0116CCF5 \|. EB 4C jmp short 0116CD43 0116CCF7 \|> 68 14471A01 push 011A4714 ; ASCII "QUIETEXIT" 0116CCFC \|. 8B45 F0 mov eax, [ebp-10] 0116CCFF \|. 50 push eax 0116CD00 \|. E8 FB830100 call 01185100 0116CD05 \|. 83C4 08 add esp, 8 0116CD08 \|. 85C0 test eax, eax 0116CD0A \|. 75 0C jnz short 0116CD18 0116CD0C \|. C705 A4B11A01>mov dword ptr [11AB1A4], 0A 0116CD16 \|. EB 2B jmp short 0116CD43 0116CD18 \|> 6A 09 push 9 0116CD1A \|. 68 08471A01 push 011A4708 ; ASCII "ARMDEBUG=" 0116CD1F \|. 8B4D F0 mov ecx, [ebp-10] 0116CD22 \|. 51 push ecx 0116CD23 \|. E8 E8840100 call 01185210 0116CD28 \|. 83C4 0C add esp, 0C 0116CD2B \|. 85C0 test eax, eax 0116CD2D \|. 75 14 jnz short 0116CD43 0116CD2F \|. 8B55 F0 mov edx, [ebp-10] 0116CD32 \|. 83C2 09 add edx, 9 0116CD35 \|. 52 push edx 0116CD36 \|. 68 7CAE1A01 push 011AAE7C 0116CD3B \|. E8 402C0100 call 0117F980 0116CD40 \|. 83C4 08 add esp, 8 0116CD43 \|> E8 DFF7FFFF call 0116C527 0116CD48 \|. 8945 FC mov [ebp-4], eax 0116CD4B \|. 837D FC 00 cmp dword ptr [ebp-4], 0 0116CD4F \|. 75 66 jnz short 0116CDB7 0116CD51 \|. 8B45 F0 mov eax, [ebp-10] 0116CD54 \|. 8945 E4 mov [ebp-1C], eax 0116CD57 \|. E8 15DFFFFF call 0116AC71 0116CD5C \|. 50 push eax 0116CD5D \|. 8B4D E4 mov ecx, [ebp-1C] 0116CD60 \|. 51 push ecx 0116CD61 \|. E8 1A2C0100 call 0117F980 0116CD66 \|. 83C4 08 add esp, 8 0116CD69 \|. E8 14DFFFFF call 0116AC82 0116CD6E \|. 50 push eax 0116CD6F \|. E8 BC2D0100 call 0117FB30 0116CD74 \|. 83C4 04 add esp, 4 0116CD77 \|. 85C0 test eax, eax 0116CD79 \|. 74 29 je short 0116CDA4 0116CD7B \|. 68 BC461A01 push 011A46BC 0116CD80 \|. 8B55 F0 mov edx, [ebp-10] 0116CD83 \|. 52 push edx 0116CD84 \|. E8 072C0100 call 0117F990 0116CD89 \|. 83C4 08 add esp, 8 0116CD8C \|. 8B45 F0 mov eax, [ebp-10] 0116CD8F \|. 8945 E0 mov [ebp-20], eax 0116CD92 \|. E8 EBDEFFFF call 0116AC82 0116CD97 \|. 50 push eax 0116CD98 \|. 8B4D E0 mov ecx, [ebp-20] 0116CD9B \|. 51 push ecx 0116CD9C \|. E8 EF2B0100 call 0117F990 0116CDA1 \|. 83C4 08 add esp, 8 0116CDA4 \|> 68 10000400 push 40010 ; /Style = MB_OK\|MB_ICONHAND\|MB_APPLMODAL\|40000 0116CDA9 \|. 6A 00 push 0 ; \|Title = NULL 0116CDAB \|. 8B55 F0 mov edx, [ebp-10] ; \| 0116CDAE \|. 52 push edx ; \|Text 0116CDAF \|. 6A 00 push 0 ; \|hOwner = NULL 0116CDB1 \|. FF15 28421A01 call [<&USER32.MessageBoxA>] ; \MessageBoxA 0116CDB7 \|> A1 A8B31A01 mov eax, [11AB3A8] 0116CDBC \|. 8945 E8 mov [ebp-18], eax 0116CDBF \|. 8B4D F0 mov ecx, [ebp-10] 0116CDC2 \|. 894D DC mov [ebp-24], ecx 0116CDC5 \|. 8B55 DC mov edx, [ebp-24] 0116CDC8 \|. 52 push edx 这段说明什么？？ 2006-8-29 11:46 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复