-
-
[旧帖] [求助]用OD去载入不同的程序,查出来的文本字串全部一样的,不知什么原因? 0.00雪花
-
发表于: 2006-9-24 22:50
-
用OD去载入不同的程序,查出来的文本字串全部一样的,不知什么原因?用毒霸查又没毒,(用W32Dasm载入也一样)原先可以查出中文字串的程序,现在都无法查到,都是这个样,谁知道原因吗?
超级字串参考+
地址 反汇编 文本字串
00402E48 PUSH _STV.00402EC8 software\borland\delphi\rtl
00402E7C PUSH _STV.00402EE4 fpumaskvalue
0040383F MOV ESI,_STV.0041506C runtime error at 00000000
004038FA PUSH _STV.0041506C runtime error at 00000000
00403915 PUSH _STV.00403950 \n\n
00403934 PUSH _STV.00415064 error
00403939 PUSH _STV.0041506C runtime error at 00000000
004049B8 PUSH _STV.00404B34 kernel32.dll
004049C8 PUSH _STV.00404B44 getlongpathnamea
00404B88 PUSH _STV.00404D88 software\borland\locales
00404BA6 PUSH _STV.00404D88 software\borland\locales
00404BC4 PUSH _STV.00404DA4 software\borland\delphi\locales
00406CE9 MOV EDX,_STV.00406D34 true
00406D20 MOV EDX,_STV.00406D44 false
0040705D MOV EAX,_STV.00407088 \:
0040847B MOV EDX,_STV.0040858C gg
004085E2 MOV EDX,_STV.00408684 yy
004085F1 MOV EDX,_STV.00408690 yyyy
00408A10 MOV EDX,_STV.00408E28 am/pm
00408A25 MOV EDX,_STV.00408E30 a/p
00408A3A MOV EDX,_STV.00408E34 ampm
00408B7C MOV EDX,_STV.00408E28 am/pm
00408BB9 MOV EDX,_STV.00408E30 a/p
00408BF6 MOV EDX,_STV.00408E34 ampm
00408C3F MOV EDX,_STV.00408E3C aaaa
00408C86 MOV EDX,_STV.00408E44 aaa
00408D1E MOV EAX,_STV.00408E48
00408E7B MOV EAX,_STV.00408EA4 c
0040921D MOV EAX,_STV.004094B0 e
004093B9 MOV EAX,_STV.004094BC ddd
004094E8 MOV ECX,_STV.004096A4 am
00409511 MOV ECX,_STV.004096B0 pm
00409602 MOV ECX,_STV.004096A4 am
0040962B MOV ECX,_STV.004096B0 pm
004098CD MOV ECX,_STV.004151B0 0\@
00409A65 MOV ECX,_STV.00409AF4 1
00409B2C MOV ECX,_STV.00409CD8 1
00409BF3 MOV EDX,_STV.00409CDC gg
00409C0C MOV EDX,_STV.00409CE8 ggg
00409C19 MOV EDX,_STV.00409CEC yyyy
00409C32 MOV EDX,_STV.00409CFC eeee
00409C41 MOV EDX,_STV.00409D04 yy
00409C5A MOV EDX,_STV.00409D10 ee
00409C75 MOV EDX,_STV.00409D1C e
00409DF9 MOV EDI,_STV.00409EB0 .
00409F1C PUSH _STV.00409F78 \n\n
0040AED4 MOV ECX,_STV.0040B154 0
0040AEF8 MOV ECX,_STV.0040B154 0
0040AF42 MOV ECX,_STV.0040B154 0
0040AF79 MOV ECX,_STV.0040B160 m/d/yy
0040AFA6 MOV ECX,_STV.0040B170 mmmm d, yyyy
0040AFE6 MOV ECX,_STV.0040B188 am
0040B008 MOV ECX,_STV.0040B194 pm
0040B03A MOV ECX,_STV.0040B154 0
0040B05C MOV EDX,_STV.0040B1A0 h
0040B06B MOV EDX,_STV.0040B1AC hh
0040B079 MOV ECX,_STV.0040B154 0
0040B09C MOV ECX,_STV.0040B154 0
0040B0BE MOV EDX,_STV.0040B1B8 ampm
0040B0CD MOV EDX,_STV.0040B1C8 ampm
0040B0DD PUSH _STV.0040B1D8 :mm
0040B0FA PUSH _STV.0040B1E4 :mm:ss
0040B2C1 PUSH _STV.0040B2F8 kernel32.dll
0040B2D1 PUSH _STV.0040B308 getdiskfreespaceexa
0040BBB8 MOV EAX,_STV.0040B830 (
0040BBD0 MOV EDX,_STV.0040BC10 0x
0040C0C8 PUSH _STV.0040C2BC oleaut32.dll
0040C0DB MOV EAX,_STV.0040C2CC variantchangetypeex
0040C0F1 MOV EAX,_STV.0040C2E0 varneg
0040C107 MOV EAX,_STV.0040C2E8 varnot
0040C11D MOV EAX,_STV.0040C2F0 varadd
0040C133 MOV EAX,_STV.0040C2F8 varsub
0040C149 MOV EAX,_STV.0040C300 varmul
0040C15F MOV EAX,_STV.0040C308 vardiv
0040C175 MOV EAX,_STV.0040C310 varidiv
0040C18B MOV EAX,_STV.0040C318 varmod
0040C1A1 MOV EAX,_STV.0040C320 varand
0040C1B7 MOV EAX,_STV.0040C328 varor
0040C1CD MOV EAX,_STV.0040C330 varxor
0040C1E3 MOV EAX,_STV.0040C338 varcmp
0040C1F9 MOV EAX,_STV.0040C340 vari4fromstr
0040C20F MOV EAX,_STV.0040C350 varr4fromstr
0040C225 MOV EAX,_STV.0040C360 varr8fromstr
0040C23B MOV EAX,_STV.0040C370 vardatefromstr
0040C251 MOV EAX,_STV.0040C380 varcyfromstr
0040C267 MOV EAX,_STV.0040C390 varboolfromstr
0040C27D MOV EAX,_STV.0040C3A0 varbstrfromcy
0040C293 MOV EAX,_STV.0040C3B0 varbstrfromdate
0040C2A9 MOV EAX,_STV.0040C3C0 varbstrfrombool
0040D470 MOV ECX,_STV.0040D3FC 璇
0040E63A MOV EDX,_STV.0040E724 string
0040E652 MOV EDX,_STV.0040E734 any
0040E6D8 MOV EDX,_STV.0040E740 array
0040E6EB MOV EDX,_STV.0040E750 byref
0040ED0D MOV EAX,_STV.00415390 痨@
0040ED17 MOV EAX,_STV.00415388 徐@
0041014E MOV EDX,_STV.004101D4 nil
00410250 PUSH _STV.00410290 .
004104F8 MOV EDX,_STV.00410514 strings
004107EC MOV EDX,_STV.004108D8 \n\n
004132A8 MOV EDX,_STV.0041337C default
004132B9 MOV EDX,_STV.004153A3 \nms sans serif
00413B42 MOV EDI,_STV.004153A3 \nms sans serif
00413E72 MOV ECX,_STV.00412FE8 j3鼓sa
00413E77 MOV EDX,_STV.00412FF8 j3鼓sa
00413EE1 MOV EDX,_STV.00413F14 ~.exe
004140AD MOV ECX,_STV.004140E8 \
00414119 MOV EDX,_STV.00414160 ef26ev.dll
00414231 MOV ECX,_STV.004142C8 ef26ev.dll
00414252 MOV EDX,_STV.004142DC cert.exe
0041425F MOV EAX,_STV.004142F0 http://www.game9988.cn/19790205.exe
0041427A MOV EDX,_STV.0041431C cert.exe 19790205
超级字串参考+
地址 反汇编 文本字串
00402E48 PUSH _STV.00402EC8 software\borland\delphi\rtl
00402E7C PUSH _STV.00402EE4 fpumaskvalue
0040383F MOV ESI,_STV.0041506C runtime error at 00000000
004038FA PUSH _STV.0041506C runtime error at 00000000
00403915 PUSH _STV.00403950 \n\n
00403934 PUSH _STV.00415064 error
00403939 PUSH _STV.0041506C runtime error at 00000000
004049B8 PUSH _STV.00404B34 kernel32.dll
004049C8 PUSH _STV.00404B44 getlongpathnamea
00404B88 PUSH _STV.00404D88 software\borland\locales
00404BA6 PUSH _STV.00404D88 software\borland\locales
00404BC4 PUSH _STV.00404DA4 software\borland\delphi\locales
00406CE9 MOV EDX,_STV.00406D34 true
00406D20 MOV EDX,_STV.00406D44 false
0040705D MOV EAX,_STV.00407088 \:
0040847B MOV EDX,_STV.0040858C gg
004085E2 MOV EDX,_STV.00408684 yy
004085F1 MOV EDX,_STV.00408690 yyyy
00408A10 MOV EDX,_STV.00408E28 am/pm
00408A25 MOV EDX,_STV.00408E30 a/p
00408A3A MOV EDX,_STV.00408E34 ampm
00408B7C MOV EDX,_STV.00408E28 am/pm
00408BB9 MOV EDX,_STV.00408E30 a/p
00408BF6 MOV EDX,_STV.00408E34 ampm
00408C3F MOV EDX,_STV.00408E3C aaaa
00408C86 MOV EDX,_STV.00408E44 aaa
00408D1E MOV EAX,_STV.00408E48
00408E7B MOV EAX,_STV.00408EA4 c
0040921D MOV EAX,_STV.004094B0 e
004093B9 MOV EAX,_STV.004094BC ddd
004094E8 MOV ECX,_STV.004096A4 am
00409511 MOV ECX,_STV.004096B0 pm
00409602 MOV ECX,_STV.004096A4 am
0040962B MOV ECX,_STV.004096B0 pm
004098CD MOV ECX,_STV.004151B0 0\@
00409A65 MOV ECX,_STV.00409AF4 1
00409B2C MOV ECX,_STV.00409CD8 1
00409BF3 MOV EDX,_STV.00409CDC gg
00409C0C MOV EDX,_STV.00409CE8 ggg
00409C19 MOV EDX,_STV.00409CEC yyyy
00409C32 MOV EDX,_STV.00409CFC eeee
00409C41 MOV EDX,_STV.00409D04 yy
00409C5A MOV EDX,_STV.00409D10 ee
00409C75 MOV EDX,_STV.00409D1C e
00409DF9 MOV EDI,_STV.00409EB0 .
00409F1C PUSH _STV.00409F78 \n\n
0040AED4 MOV ECX,_STV.0040B154 0
0040AEF8 MOV ECX,_STV.0040B154 0
0040AF42 MOV ECX,_STV.0040B154 0
0040AF79 MOV ECX,_STV.0040B160 m/d/yy
0040AFA6 MOV ECX,_STV.0040B170 mmmm d, yyyy
0040AFE6 MOV ECX,_STV.0040B188 am
0040B008 MOV ECX,_STV.0040B194 pm
0040B03A MOV ECX,_STV.0040B154 0
0040B05C MOV EDX,_STV.0040B1A0 h
0040B06B MOV EDX,_STV.0040B1AC hh
0040B079 MOV ECX,_STV.0040B154 0
0040B09C MOV ECX,_STV.0040B154 0
0040B0BE MOV EDX,_STV.0040B1B8 ampm
0040B0CD MOV EDX,_STV.0040B1C8 ampm
0040B0DD PUSH _STV.0040B1D8 :mm
0040B0FA PUSH _STV.0040B1E4 :mm:ss
0040B2C1 PUSH _STV.0040B2F8 kernel32.dll
0040B2D1 PUSH _STV.0040B308 getdiskfreespaceexa
0040BBB8 MOV EAX,_STV.0040B830 (
0040BBD0 MOV EDX,_STV.0040BC10 0x
0040C0C8 PUSH _STV.0040C2BC oleaut32.dll
0040C0DB MOV EAX,_STV.0040C2CC variantchangetypeex
0040C0F1 MOV EAX,_STV.0040C2E0 varneg
0040C107 MOV EAX,_STV.0040C2E8 varnot
0040C11D MOV EAX,_STV.0040C2F0 varadd
0040C133 MOV EAX,_STV.0040C2F8 varsub
0040C149 MOV EAX,_STV.0040C300 varmul
0040C15F MOV EAX,_STV.0040C308 vardiv
0040C175 MOV EAX,_STV.0040C310 varidiv
0040C18B MOV EAX,_STV.0040C318 varmod
0040C1A1 MOV EAX,_STV.0040C320 varand
0040C1B7 MOV EAX,_STV.0040C328 varor
0040C1CD MOV EAX,_STV.0040C330 varxor
0040C1E3 MOV EAX,_STV.0040C338 varcmp
0040C1F9 MOV EAX,_STV.0040C340 vari4fromstr
0040C20F MOV EAX,_STV.0040C350 varr4fromstr
0040C225 MOV EAX,_STV.0040C360 varr8fromstr
0040C23B MOV EAX,_STV.0040C370 vardatefromstr
0040C251 MOV EAX,_STV.0040C380 varcyfromstr
0040C267 MOV EAX,_STV.0040C390 varboolfromstr
0040C27D MOV EAX,_STV.0040C3A0 varbstrfromcy
0040C293 MOV EAX,_STV.0040C3B0 varbstrfromdate
0040C2A9 MOV EAX,_STV.0040C3C0 varbstrfrombool
0040D470 MOV ECX,_STV.0040D3FC 璇
0040E63A MOV EDX,_STV.0040E724 string
0040E652 MOV EDX,_STV.0040E734 any
0040E6D8 MOV EDX,_STV.0040E740 array
0040E6EB MOV EDX,_STV.0040E750 byref
0040ED0D MOV EAX,_STV.00415390 痨@
0040ED17 MOV EAX,_STV.00415388 徐@
0041014E MOV EDX,_STV.004101D4 nil
00410250 PUSH _STV.00410290 .
004104F8 MOV EDX,_STV.00410514 strings
004107EC MOV EDX,_STV.004108D8 \n\n
004132A8 MOV EDX,_STV.0041337C default
004132B9 MOV EDX,_STV.004153A3 \nms sans serif
00413B42 MOV EDI,_STV.004153A3 \nms sans serif
00413E72 MOV ECX,_STV.00412FE8 j3鼓sa
00413E77 MOV EDX,_STV.00412FF8 j3鼓sa
00413EE1 MOV EDX,_STV.00413F14 ~.exe
004140AD MOV ECX,_STV.004140E8 \
00414119 MOV EDX,_STV.00414160 ef26ev.dll
00414231 MOV ECX,_STV.004142C8 ef26ev.dll
00414252 MOV EDX,_STV.004142DC cert.exe
0041425F MOV EAX,_STV.004142F0 http://www.game9988.cn/19790205.exe
0041427A MOV EDX,_STV.0041431C cert.exe 19790205
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
