[求助]有自效验的程序一定有壳吗？代码请看正文-软件逆向-看雪-安全社区|安全招聘|kanxue.com

[求助]有自效验的程序一定有壳吗？代码请看正文

发表于: 2006-11-15 22:06 4041

[求助]有自效验的程序一定有壳吗？代码请看正文

zxhdlb

2006-11-15 22:06

4041

一程序，用PE看无壳  但是我将关键跳转改动以后可以注册，但是重启动程序后不报错，还是出现注册窗口，随便输入字符注册成功，（没有成功提示）郁闷，代码如下：0078DFA8 6A00                   push 00000000
:0078DFAA 6A00                   push 00000000
:0078DFAC 49                   dec ecx
:0078DFAD 75F9                   jne 0078DFA8
:0078DFAF 51                   push ecx
:0078DFB0 53                   push ebx
:0078DFB1 56                   push esi
:0078DFB2 8BF0                   mov esi, eax
:0078DFB4 33C0                   xor eax, eax
:0078DFB6 55                   push ebp
:0078DFB7 6833E37800             push 0078E333
:0078DFBC 64FF30                push dword ptr fs:[eax]
:0078DFBF 648920                mov dword ptr fs:[eax], esp
:0078DFC2 8D55FC                lea edx, dword ptr [ebp-04]
:0078DFC5 8B860C030000          mov eax, dword ptr [esi+0000030C]
:0078DFCB E8940DCFFF             call 0047ED64
:0078DFD0 837DFC00             cmp dword ptr [ebp-04], 00000000
:0078DFD4 752B                   jne 0078E001
:0078DFD6 6A40                   push 00000040
:0078DFD8 B940E37800             mov ecx, 0078E340

* Possible StringData Ref from Code Obj ->"【序列号】不能为空，请输入！"
                              |
:0078DFDD BA4CE37800             mov edx, 0078E34C
:0078DFE2 A1D8E47900             mov eax, dword ptr [0079E4D8]
:0078DFE7 8B00                   mov eax, dword ptr [eax]
:0078DFE9 E8FA1FD1FF             call 0049FFE8
:0078DFEE 8B860C030000          mov eax, dword ptr [esi+0000030C]
:0078DFF4 8B10                   mov edx, dword ptr [eax]
:0078DFF6 FF92C4000000          call dword ptr [edx+000000C4]
:0078DFFC E907030000             jmp 0078E308

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0078DFD4(C)
|
:0078E001 8D55F8                lea edx, dword ptr [ebp-08]
:0078E004 8B8614030000          mov eax, dword ptr [esi+00000314]
:0078E00A E8550DCFFF             call 0047ED64
:0078E00F 837DF800             cmp dword ptr [ebp-08], 00000000
:0078E013 752B                   jne 0078E040
:0078E015 6A40                   push 00000040
:0078E017 B940E37800             mov ecx, 0078E340

* Possible StringData Ref from Code Obj ->"【注册码】不能为空，请输入！"
                              |
:0078E01C BA6CE37800             mov edx, 0078E36C
:0078E021 A1D8E47900             mov eax, dword ptr [0079E4D8]
:0078E026 8B00                   mov eax, dword ptr [eax]
:0078E028 E8BB1FD1FF             call 0049FFE8
:0078E02D 8B8614030000          mov eax, dword ptr [esi+00000314]
:0078E033 8B10                   mov edx, dword ptr [eax]
:0078E035 FF92C4000000          call dword ptr [edx+000000C4]
:0078E03B E9C8020000             jmp 0078E308

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0078E013(C)
|
:0078E040 8D55F4                lea edx, dword ptr [ebp-0C]
:0078E043 8B860C030000          mov eax, dword ptr [esi+0000030C]
:0078E049 E8160DCFFF             call 0047ED64
:0078E04E 8B45F4                mov eax, dword ptr [ebp-0C]
:0078E051 50                   push eax
:0078E052 8D55F0                lea edx, dword ptr [ebp-10]
:0078E055 8B8618030000          mov eax, dword ptr [esi+00000318]
:0078E05B E8040DCFFF             call 0047ED64
:0078E060 8B55F0                mov edx, dword ptr [ebp-10]
:0078E063 58                   pop eax
:0078E064 E8F76EC7FF             call 00404F60
:0078E069 742B                   je 0078E096
:0078E06B 6A40                   push 00000040
:0078E06D B940E37800             mov ecx, 0078E340

* Possible StringData Ref from Code Obj ->"【序列号】不正确，请正确输入！"
                              |
:0078E072 BA8CE37800             mov edx, 0078E38C
:0078E077 A1D8E47900             mov eax, dword ptr [0079E4D8]
:0078E07C 8B00                   mov eax, dword ptr [eax]
:0078E07E E8651FD1FF             call 0049FFE8
:0078E083 8B860C030000          mov eax, dword ptr [esi+0000030C]
:0078E089 8B10                   mov edx, dword ptr [eax]
:0078E08B FF92C4000000          call dword ptr [edx+000000C4]
:0078E091 E972020000             jmp 0078E308

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0078E069(C)
|
:0078E096 8D55EC                lea edx, dword ptr [ebp-14]
:0078E099 8B8614030000          mov eax, dword ptr [esi+00000314]
:0078E09F E8C00CCFFF             call 0047ED64
:0078E0A4 8B45EC                mov eax, dword ptr [ebp-14]
:0078E0A7 50                   push eax
:0078E0A8 8D55E8                lea edx, dword ptr [ebp-18]
:0078E0AB 8B861C030000          mov eax, dword ptr [esi+0000031C]
:0078E0B1 E8AE0CCFFF             call 0047ED64
:0078E0B6 8B55E8                mov edx, dword ptr [ebp-18]
:0078E0B9 58                   pop eax
:0078E0BA E8A16EC7FF             call 00404F60
:0078E0BF 752B                   jne 0078E0EC  （原程序为742B)我认为是关键跳转
:0078E0C1 6A40                   push 00000040
:0078E0C3 B940E37800             mov ecx, 0078E340

* Possible StringData Ref from Code Obj ->"【注册码】不正确，请正确输入！"
                              |
:0078E0C8 BAACE37800             mov edx, 0078E3AC
:0078E0CD A1D8E47900             mov eax, dword ptr [0079E4D8]
:0078E0D2 8B00                   mov eax, dword ptr [eax]
:0078E0D4 E80F1FD1FF             call 0049FFE8
:0078E0D9 8B8614030000          mov eax, dword ptr [esi+00000314]
:0078E0DF 8B10                   mov edx, dword ptr [eax]
:0078E0E1 FF92C4000000          call dword ptr [edx+000000C4]
:0078E0E7 E91C020000             jmp 0078E308

[招生]科锐逆向工程师培训(2025年3月11日实地，远程教学同时开班, 第52期)！

收藏・0

免费

支持

最新回复 (3)
邪秀才雪币： 250 活跃值： (11) 能力值： ( LV6，RANK：90 ) 在线值：发帖 10 回帖 311 粉丝 0 关注私信	邪秀才 2 2 楼 :0078E063 58 pop eax :0078E064 E8F76EC7FF call 00404F60 :0078E069 742B je 0078E096 这里也要注意了,呵呵具体人跟程序才知道 :0078E06B 6A40 push 00000040 :0078E06D B940E37800 mov ecx, 0078E340 * Possible StringData Ref from Code Obj ->"【序列号】不正确，请正确输入！" \| :0078E072 BA8CE37800 mov edx, 0078E38C :0078E077 A1D8E47900 mov eax, dword ptr [0079E4D8] :0078E07C 8B00 mov eax, dword ptr [eax] :0078E07E E8651FD1FF call 0049FFE8 :0078E083 8B860C030000 mov eax, dword ptr [esi+0000030C] :0078E089 8B10 mov edx, dword ptr [eax] :0078E08B FF92C4000000 call dword ptr [edx+000000C4] :0078E091 E972020000 jmp 0078E308 楼主不是用OD吧,可以用OD动态跟一下,应该可以爆破的 2006-11-15 22:37 0
zxhdlb 雪币： 204 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 20 回帖 39 粉丝 0 关注私信	zxhdlb 3 楼谢谢二楼大哥，那个序列号不用输入的，刚才忘记说了，系统自动给出。我是静态反汇编的，您在帮忙看下这个： * Referenced by a (U)nconditional or (C)onditional Jump at Address: \|:0078E069(C) \| :0078E096 8D55EC lea edx, dword ptr [ebp-14] :0078E099 8B8614030000 mov eax, dword ptr [esi+00000314] :0078E09F E8C00CCFFF call 0047ED64 :0078E0A4 8B45EC mov eax, dword ptr [ebp-14] :0078E0A7 50 push eax :0078E0A8 8D55E8 lea edx, dword ptr [ebp-18] :0078E0AB 8B861C030000 mov eax, dword ptr [esi+0000031C] :0078E0B1 E8AE0CCFFF call 0047ED64 :0078E0B6 8B55E8 mov edx, dword ptr [ebp-18] :0078E0B9 58 pop eax :0078E0BA E8A16EC7FF call 00404F60 :0078E0BF 752B jne 0078E0EC :0078E0C1 6A40 push 00000040 :0078E0C3 B940E37800 mov ecx, 0078E340 * Possible StringData Ref from Code Obj ->"【注册码】不正确，请正确输入！" \| :0078E0C8 BAACE37800 mov edx, 0078E3AC :0078E0CD A1D8E47900 mov eax, dword ptr [0079E4D8] :0078E0D2 8B00 mov eax, dword ptr [eax] :0078E0D4 E80F1FD1FF call 0049FFE8 :0078E0D9 8B8614030000 mov eax, dword ptr [esi+00000314] :0078E0DF 8B10 mov edx, dword ptr [eax] :0078E0E1 FF92C4000000 call dword ptr [edx+000000C4] :0078E0E7 E91C020000 jmp 0078E308 * Referenced by a (U)nconditional or (C)onditional Jump at Address: \|:0078E0BF(C) \| :0078E0EC A1C4DC7900 mov eax, dword ptr [0079DCC4] :0078E0F1 8B00 mov eax, dword ptr [eax] :0078E0F3 8B9818010000 mov ebx, dword ptr [eax+00000118] :0078E0F9 33D2 xor edx, edx :0078E0FB 8BC3 mov eax, ebx :0078E0FD 8B08 mov ecx, dword ptr [eax] :0078E0FF FF9178010000 call dword ptr [ecx+00000178] :0078E105 B201 mov dl, 01 :0078E107 8BC3 mov eax, ebx :0078E109 8B08 mov ecx, dword ptr [eax] :0078E10B FF9178010000 call dword ptr [ecx+00000178] :0078E111 8BC3 mov eax, ebx :0078E113 E8D81BD4FF call 004CFCF0 :0078E118 8D55E4 lea edx, dword ptr [ebp-1C] :0078E11B 8B860C030000 mov eax, dword ptr [esi+0000030C] :0078E121 E83E0CCFFF call 0047ED64 :0078E126 8B45E4 mov eax, dword ptr [ebp-1C] :0078E129 50 push eax * Possible StringData Ref from Code Obj ->"Address" \| :0078E12A BAD4E37800 mov edx, 0078E3D4 :0078E12F 8BC3 mov eax, ebx :0078E131 E8B602D4FF call 004CE3EC :0078E136 5A pop edx :0078E137 8B08 mov ecx, dword ptr [eax] :0078E139 FF91B0000000 call dword ptr [ecx+000000B0] :0078E13F 68E4E37800 push 0078E3E4 :0078E144 8D55DC lea edx, dword ptr [ebp-24] :0078E147 8B8614030000 mov eax, dword ptr [esi+00000314] :0078E14D E8120CCFFF call 0047ED64 :0078E152 FF75DC push [ebp-24] :0078E155 68E4E37800 push 0078E3E4 :0078E15A 8D45E0 lea eax, dword ptr [ebp-20] :0078E15D BA03000000 mov edx, 00000003 :0078E162 E86D6DC7FF call 00404ED4 :0078E167 8B45E0 mov eax, dword ptr [ebp-20] :0078E16A 50 push eax * Possible StringData Ref from Code Obj ->"Notes" \| :0078E16B BAF0E37800 mov edx, 0078E3F0 :0078E170 8BC3 mov eax, ebx :0078E172 E87502D4FF call 004CE3EC :0078E177 5A pop edx :0078E178 8B08 mov ecx, dword ptr [eax] :0078E17A FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"LastName" \| :0078E180 BA00E47800 mov edx, 0078E400 :0078E185 8BC3 mov eax, ebx :0078E187 E86002D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"fsoft" \| :0078E18C BA14E47800 mov edx, 0078E414 :0078E191 8B08 mov ecx, dword ptr [eax] :0078E193 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"FirstName" \| :0078E199 BA24E47800 mov edx, 0078E424 :0078E19E 8BC3 mov eax, ebx :0078E1A0 E84702D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"Roberts" \| :0078E1A5 BA38E47800 mov edx, 0078E438 :0078E1AA 8B08 mov ecx, dword ptr [eax] :0078E1AC FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"Title" \| :0078E1B2 BA48E47800 mov edx, 0078E448 :0078E1B7 8BC3 mov eax, ebx :0078E1B9 E82E02D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"SalesManager" \| :0078E1BE BA58E47800 mov edx, 0078E458 :0078E1C3 8B08 mov ecx, dword ptr [eax] :0078E1C5 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"TitleOfCourtesy" \| :0078E1CB BA70E47800 mov edx, 0078E470 :0078E1D0 8BC3 mov eax, ebx :0078E1D2 E81502D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"Mr." \| :0078E1D7 BA88E47800 mov edx, 0078E488 :0078E1DC 8B08 mov ecx, dword ptr [eax] :0078E1DE FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"BirthDate" \| :0078E1E4 BA94E47800 mov edx, 0078E494 :0078E1E9 8BC3 mov eax, ebx :0078E1EB E8FC01D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"1958-11-9" \| :0078E1F0 BAA8E47800 mov edx, 0078E4A8 :0078E1F5 8B08 mov ecx, dword ptr [eax] :0078E1F7 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"HireDate" \| :0078E1FD BABCE47800 mov edx, 0078E4BC :0078E202 8BC3 mov eax, ebx :0078E204 E8E301D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"1984-8-7" \| :0078E209 BAD0E47800 mov edx, 0078E4D0 :0078E20E 8B08 mov ecx, dword ptr [eax] :0078E210 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"ReportsTo" \| :0078E216 BAE4E47800 mov edx, 0078E4E4 :0078E21B 8BC3 mov eax, ebx :0078E21D E8CA01D4FF call 004CE3EC :0078E222 BAF8E47800 mov edx, 0078E4F8 :0078E227 8B08 mov ecx, dword ptr [eax] :0078E229 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"City" \| :0078E22F BA04E57800 mov edx, 0078E504 :0078E234 8BC3 mov eax, ebx :0078E236 E8B101D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"Redmond" \| :0078E23B BA14E57800 mov edx, 0078E514 :0078E240 8B08 mov ecx, dword ptr [eax] :0078E242 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"Region" \| :0078E248 BA24E57800 mov edx, 0078E524 :0078E24D 8BC3 mov eax, ebx :0078E24F E89801D4FF call 004CE3EC :0078E254 BA34E57800 mov edx, 0078E534 :0078E259 8B08 mov ecx, dword ptr [eax] :0078E25B FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"PostalCode" \| :0078E261 BA40E57800 mov edx, 0078E540 :0078E266 8BC3 mov eax, ebx :0078E268 E87F01D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"98105" \| :0078E26D BA54E57800 mov edx, 0078E554 :0078E272 8B08 mov ecx, dword ptr [eax] :0078E274 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"Country" \| :0078E27A BA64E57800 mov edx, 0078E564 :0078E27F 8BC3 mov eax, ebx :0078E281 E86601D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"USA" \| :0078E286 BA74E57800 mov edx, 0078E574 :0078E28B 8B08 mov ecx, dword ptr [eax] :0078E28D FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"HomePhone" \| :0078E293 BA80E57800 mov edx, 0078E580 :0078E298 8BC3 mov eax, ebx :0078E29A E84D01D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"(71) 555-5598" \| :0078E29F BA94E57800 mov edx, 0078E594 :0078E2A4 8B08 mov ecx, dword ptr [eax] :0078E2A6 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"Extension" \| :0078E2AC BAACE57800 mov edx, 0078E5AC :0078E2B1 8BC3 mov eax, ebx :0078E2B3 E83401D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"478" \| :0078E2B8 BAC0E57800 mov edx, 0078E5C0 :0078E2BD 8B08 mov ecx, dword ptr [eax] :0078E2BF FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"ReportsTo" \| :0078E2C5 BAE4E47800 mov edx, 0078E4E4 :0078E2CA 8BC3 mov eax, ebx :0078E2CC E81B01D4FF call 004CE3EC :0078E2D1 BACCE57800 mov edx, 0078E5CC :0078E2D6 8B08 mov ecx, dword ptr [eax] :0078E2D8 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"PhotoPath" \| :0078E2DE BAD8E57800 mov edx, 0078E5D8 :0078E2E3 8BC3 mov eax, ebx :0078E2E5 E80201D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"http://accweb/emmployees/dscses2.bmp" \| :0078E2EA BAECE57800 mov edx, 0078E5EC :0078E2EF 8B08 mov ecx, dword ptr [eax] :0078E2F1 FF91B0000000 call dword ptr [ecx+000000B0] :0078E2F7 8BC3 mov eax, ebx :0078E2F9 8B10 mov edx, dword ptr [eax] :0078E2FB FF924C020000 call dword ptr [edx+0000024C] :0078E301 8BC6 mov eax, esi :0078E303 E880E1D0FF call 0049C488 2006-11-15 22:58 0
zxhdlb 雪币： 204 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 20 回帖 39 粉丝 0 关注私信	zxhdlb 4 楼自己顶下，用OD跟了下，但是跟不出什么东西，总感觉在绕圈子，希望高手指点下 2006-11-16 22:48 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

zxhdlb

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (3)
邪秀才雪币： 250 活跃值： (11) 能力值： ( LV6，RANK：90 ) 在线值：发帖 10 回帖 311 粉丝 0 关注私信	邪秀才 2 2 楼 :0078E063 58 pop eax :0078E064 E8F76EC7FF call 00404F60 :0078E069 742B je 0078E096 这里也要注意了,呵呵具体人跟程序才知道 :0078E06B 6A40 push 00000040 :0078E06D B940E37800 mov ecx, 0078E340 * Possible StringData Ref from Code Obj ->"【序列号】不正确，请正确输入！" \| :0078E072 BA8CE37800 mov edx, 0078E38C :0078E077 A1D8E47900 mov eax, dword ptr [0079E4D8] :0078E07C 8B00 mov eax, dword ptr [eax] :0078E07E E8651FD1FF call 0049FFE8 :0078E083 8B860C030000 mov eax, dword ptr [esi+0000030C] :0078E089 8B10 mov edx, dword ptr [eax] :0078E08B FF92C4000000 call dword ptr [edx+000000C4] :0078E091 E972020000 jmp 0078E308 楼主不是用OD吧,可以用OD动态跟一下,应该可以爆破的 2006-11-15 22:37 0
zxhdlb 雪币： 204 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 20 回帖 39 粉丝 0 关注私信	zxhdlb 3 楼谢谢二楼大哥，那个序列号不用输入的，刚才忘记说了，系统自动给出。我是静态反汇编的，您在帮忙看下这个： * Referenced by a (U)nconditional or (C)onditional Jump at Address: \|:0078E069(C) \| :0078E096 8D55EC lea edx, dword ptr [ebp-14] :0078E099 8B8614030000 mov eax, dword ptr [esi+00000314] :0078E09F E8C00CCFFF call 0047ED64 :0078E0A4 8B45EC mov eax, dword ptr [ebp-14] :0078E0A7 50 push eax :0078E0A8 8D55E8 lea edx, dword ptr [ebp-18] :0078E0AB 8B861C030000 mov eax, dword ptr [esi+0000031C] :0078E0B1 E8AE0CCFFF call 0047ED64 :0078E0B6 8B55E8 mov edx, dword ptr [ebp-18] :0078E0B9 58 pop eax :0078E0BA E8A16EC7FF call 00404F60 :0078E0BF 752B jne 0078E0EC :0078E0C1 6A40 push 00000040 :0078E0C3 B940E37800 mov ecx, 0078E340 * Possible StringData Ref from Code Obj ->"【注册码】不正确，请正确输入！" \| :0078E0C8 BAACE37800 mov edx, 0078E3AC :0078E0CD A1D8E47900 mov eax, dword ptr [0079E4D8] :0078E0D2 8B00 mov eax, dword ptr [eax] :0078E0D4 E80F1FD1FF call 0049FFE8 :0078E0D9 8B8614030000 mov eax, dword ptr [esi+00000314] :0078E0DF 8B10 mov edx, dword ptr [eax] :0078E0E1 FF92C4000000 call dword ptr [edx+000000C4] :0078E0E7 E91C020000 jmp 0078E308 * Referenced by a (U)nconditional or (C)onditional Jump at Address: \|:0078E0BF(C) \| :0078E0EC A1C4DC7900 mov eax, dword ptr [0079DCC4] :0078E0F1 8B00 mov eax, dword ptr [eax] :0078E0F3 8B9818010000 mov ebx, dword ptr [eax+00000118] :0078E0F9 33D2 xor edx, edx :0078E0FB 8BC3 mov eax, ebx :0078E0FD 8B08 mov ecx, dword ptr [eax] :0078E0FF FF9178010000 call dword ptr [ecx+00000178] :0078E105 B201 mov dl, 01 :0078E107 8BC3 mov eax, ebx :0078E109 8B08 mov ecx, dword ptr [eax] :0078E10B FF9178010000 call dword ptr [ecx+00000178] :0078E111 8BC3 mov eax, ebx :0078E113 E8D81BD4FF call 004CFCF0 :0078E118 8D55E4 lea edx, dword ptr [ebp-1C] :0078E11B 8B860C030000 mov eax, dword ptr [esi+0000030C] :0078E121 E83E0CCFFF call 0047ED64 :0078E126 8B45E4 mov eax, dword ptr [ebp-1C] :0078E129 50 push eax * Possible StringData Ref from Code Obj ->"Address" \| :0078E12A BAD4E37800 mov edx, 0078E3D4 :0078E12F 8BC3 mov eax, ebx :0078E131 E8B602D4FF call 004CE3EC :0078E136 5A pop edx :0078E137 8B08 mov ecx, dword ptr [eax] :0078E139 FF91B0000000 call dword ptr [ecx+000000B0] :0078E13F 68E4E37800 push 0078E3E4 :0078E144 8D55DC lea edx, dword ptr [ebp-24] :0078E147 8B8614030000 mov eax, dword ptr [esi+00000314] :0078E14D E8120CCFFF call 0047ED64 :0078E152 FF75DC push [ebp-24] :0078E155 68E4E37800 push 0078E3E4 :0078E15A 8D45E0 lea eax, dword ptr [ebp-20] :0078E15D BA03000000 mov edx, 00000003 :0078E162 E86D6DC7FF call 00404ED4 :0078E167 8B45E0 mov eax, dword ptr [ebp-20] :0078E16A 50 push eax * Possible StringData Ref from Code Obj ->"Notes" \| :0078E16B BAF0E37800 mov edx, 0078E3F0 :0078E170 8BC3 mov eax, ebx :0078E172 E87502D4FF call 004CE3EC :0078E177 5A pop edx :0078E178 8B08 mov ecx, dword ptr [eax] :0078E17A FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"LastName" \| :0078E180 BA00E47800 mov edx, 0078E400 :0078E185 8BC3 mov eax, ebx :0078E187 E86002D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"fsoft" \| :0078E18C BA14E47800 mov edx, 0078E414 :0078E191 8B08 mov ecx, dword ptr [eax] :0078E193 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"FirstName" \| :0078E199 BA24E47800 mov edx, 0078E424 :0078E19E 8BC3 mov eax, ebx :0078E1A0 E84702D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"Roberts" \| :0078E1A5 BA38E47800 mov edx, 0078E438 :0078E1AA 8B08 mov ecx, dword ptr [eax] :0078E1AC FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"Title" \| :0078E1B2 BA48E47800 mov edx, 0078E448 :0078E1B7 8BC3 mov eax, ebx :0078E1B9 E82E02D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"SalesManager" \| :0078E1BE BA58E47800 mov edx, 0078E458 :0078E1C3 8B08 mov ecx, dword ptr [eax] :0078E1C5 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"TitleOfCourtesy" \| :0078E1CB BA70E47800 mov edx, 0078E470 :0078E1D0 8BC3 mov eax, ebx :0078E1D2 E81502D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"Mr." \| :0078E1D7 BA88E47800 mov edx, 0078E488 :0078E1DC 8B08 mov ecx, dword ptr [eax] :0078E1DE FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"BirthDate" \| :0078E1E4 BA94E47800 mov edx, 0078E494 :0078E1E9 8BC3 mov eax, ebx :0078E1EB E8FC01D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"1958-11-9" \| :0078E1F0 BAA8E47800 mov edx, 0078E4A8 :0078E1F5 8B08 mov ecx, dword ptr [eax] :0078E1F7 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"HireDate" \| :0078E1FD BABCE47800 mov edx, 0078E4BC :0078E202 8BC3 mov eax, ebx :0078E204 E8E301D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"1984-8-7" \| :0078E209 BAD0E47800 mov edx, 0078E4D0 :0078E20E 8B08 mov ecx, dword ptr [eax] :0078E210 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"ReportsTo" \| :0078E216 BAE4E47800 mov edx, 0078E4E4 :0078E21B 8BC3 mov eax, ebx :0078E21D E8CA01D4FF call 004CE3EC :0078E222 BAF8E47800 mov edx, 0078E4F8 :0078E227 8B08 mov ecx, dword ptr [eax] :0078E229 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"City" \| :0078E22F BA04E57800 mov edx, 0078E504 :0078E234 8BC3 mov eax, ebx :0078E236 E8B101D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"Redmond" \| :0078E23B BA14E57800 mov edx, 0078E514 :0078E240 8B08 mov ecx, dword ptr [eax] :0078E242 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"Region" \| :0078E248 BA24E57800 mov edx, 0078E524 :0078E24D 8BC3 mov eax, ebx :0078E24F E89801D4FF call 004CE3EC :0078E254 BA34E57800 mov edx, 0078E534 :0078E259 8B08 mov ecx, dword ptr [eax] :0078E25B FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"PostalCode" \| :0078E261 BA40E57800 mov edx, 0078E540 :0078E266 8BC3 mov eax, ebx :0078E268 E87F01D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"98105" \| :0078E26D BA54E57800 mov edx, 0078E554 :0078E272 8B08 mov ecx, dword ptr [eax] :0078E274 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"Country" \| :0078E27A BA64E57800 mov edx, 0078E564 :0078E27F 8BC3 mov eax, ebx :0078E281 E86601D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"USA" \| :0078E286 BA74E57800 mov edx, 0078E574 :0078E28B 8B08 mov ecx, dword ptr [eax] :0078E28D FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"HomePhone" \| :0078E293 BA80E57800 mov edx, 0078E580 :0078E298 8BC3 mov eax, ebx :0078E29A E84D01D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"(71) 555-5598" \| :0078E29F BA94E57800 mov edx, 0078E594 :0078E2A4 8B08 mov ecx, dword ptr [eax] :0078E2A6 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"Extension" \| :0078E2AC BAACE57800 mov edx, 0078E5AC :0078E2B1 8BC3 mov eax, ebx :0078E2B3 E83401D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"478" \| :0078E2B8 BAC0E57800 mov edx, 0078E5C0 :0078E2BD 8B08 mov ecx, dword ptr [eax] :0078E2BF FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"ReportsTo" \| :0078E2C5 BAE4E47800 mov edx, 0078E4E4 :0078E2CA 8BC3 mov eax, ebx :0078E2CC E81B01D4FF call 004CE3EC :0078E2D1 BACCE57800 mov edx, 0078E5CC :0078E2D6 8B08 mov ecx, dword ptr [eax] :0078E2D8 FF91B0000000 call dword ptr [ecx+000000B0] * Possible StringData Ref from Code Obj ->"PhotoPath" \| :0078E2DE BAD8E57800 mov edx, 0078E5D8 :0078E2E3 8BC3 mov eax, ebx :0078E2E5 E80201D4FF call 004CE3EC * Possible StringData Ref from Code Obj ->"http://accweb/emmployees/dscses2.bmp" \| :0078E2EA BAECE57800 mov edx, 0078E5EC :0078E2EF 8B08 mov ecx, dword ptr [eax] :0078E2F1 FF91B0000000 call dword ptr [ecx+000000B0] :0078E2F7 8BC3 mov eax, ebx :0078E2F9 8B10 mov edx, dword ptr [eax] :0078E2FB FF924C020000 call dword ptr [edx+0000024C] :0078E301 8BC6 mov eax, esi :0078E303 E880E1D0FF call 0049C488 2006-11-15 22:58 0
zxhdlb 雪币： 204 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 20 回帖 39 粉丝 0 关注私信	zxhdlb 4 楼自己顶下，用OD跟了下，但是跟不出什么东西，总感觉在绕圈子，希望高手指点下 2006-11-16 22:48 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

[求助]有自效验的程序一定有壳吗？代码请看正文

账号登录 验证码登录

账号登录

验证码登录