005B5AF4 55 push ebp
005B5AF5 8BEC mov ebp, esp
005B5AF7 51 push ecx
005B5AF8 B93F000000 mov ecx, $0000003F
005B5AFD 6A00 push $00
005B5AFF 6A00 push $00
005B5B01 49 dec ecx
005B5B02 75F9 jnz 005B5AFD
005B5B04 51 push ecx
005B5B05 874DFC xchg [ebp-$04], ecx
005B5B08 53 push ebx
005B5B09 56 push esi
005B5B0A 57 push edi
005B5B0B 8BF0 mov esi, eax
005B5B0D 33C0 xor eax, eax
005B5B0F 55 push ebp
005B5B10 68265E5B00 push $005B5E26
***** TRY
|
005B5B15 64FF30 push dword ptr fs:[eax]
005B5B18 648920 mov fs:[eax], esp
005B5B1B 33C0 xor eax, eax
005B5B1D 8945FC mov [ebp-$04], eax
005B5B20 8D9524FEFFFF lea edx, [ebp+$FFFFFE24]
005B5B26 33C0 xor eax, eax
* Reference to: System.ParamStr(Integer):String;
|
005B5B28 E81BD1E4FF call 00402C48
005B5B2D 8B8524FEFFFF mov eax, [ebp+$FFFFFE24]
005B5B33 8D9528FEFFFF lea edx, [ebp+$FFFFFE28]
* Reference to: SysUtils.ExtractFilePath(AnsiString):AnsiString;
|
005B5B39 E8DA42E5FF call 00409E18
005B5B3E 8D8528FEFFFF lea eax, [ebp+$FFFFFE28]
* Possible String Reference to: 'reg.txt'
|
005B5B44 BA405E5B00 mov edx, $005B5E40
* Reference to: System.@LStrCat;
|
005B5B49 E8E6F3E4FF call 00404F34
005B5B4E 8B9528FEFFFF mov edx, [ebp+$FFFFFE28]
005B5B54 8D852CFEFFFF lea eax, [ebp+$FFFFFE2C]
* Reference to: System.@Assign(TTextRec;TTextRec;String):Integer;
|
005B5B5A E8F5D4E4FF call 00403054
005B5B5F 8D852CFEFFFF lea eax, [ebp+$FFFFFE2C]
* Reference to: System.@ResetText(TTextRec;TTextRec):Integer;
|
005B5B65 E86ED2E4FF call 00402DD8
|
005B5B6A E8F9CDE4FF call 00402968
005B5B6F E9BD010000 jmp 005B5D31
005B5B74 8D55F8 lea edx, [ebp-$08]
005B5B77 8D852CFEFFFF lea eax, [ebp+$FFFFFE2C]
* Reference to: System.@ReadLString(TTextRec;TTextRec;String;String);
|
005B5B7D E8D2D9E4FF call 00403554
005B5B82 8D852CFEFFFF lea eax, [ebp+$FFFFFE2C]
* Reference to: System.@ReadLn(TTextRec;TTextRec);
|
005B5B88 E833DAE4FF call 004035C0
|
005B5B8D E8D6CDE4FF call 00402968
005B5B92 8D951CFEFFFF lea edx, [ebp+$FFFFFE1C]
* Reference to control Edit363 : TEdit
|
005B5B98 8B8654160000 mov eax, [esi+$1654]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
005B5B9E E8BDDBE9FF call 00453760
005B5BA3 8B851CFEFFFF mov eax, [ebp+$FFFFFE1C]
005B5BA9 8D9520FEFFFF lea edx, [ebp+$FFFFFE20]
* Reference to: SysUtils.Trim(AnsiString):AnsiString;overload;
|
005B5BAF E89C36E5FF call 00409250
005B5BB4 8B8520FEFFFF mov eax, [ebp+$FFFFFE20]
005B5BBA 8B55F8 mov edx, [ebp-$08]
* Reference to: System.@LStrPos;
|
005B5BBD E8AEF6E4FF call 00405270
005B5BC2 85C0 test eax, eax
005B5BC4 0F8E67010000 jle 005B5D31
005B5BCA 8B55F8 mov edx, [ebp-$08]
* Possible String Reference to: '(====)'
|
005B5BCD B8505E5B00 mov eax, $005B5E50
* Reference to: System.@LStrPos;
|
005B5BD2 E899F6E4FF call 00405270
005B5BD7 8BF8 mov edi, eax
005B5BD9 C745FC01000000 mov dword ptr [ebp-$04], $00000001
005B5BE0 8D9514FEFFFF lea edx, [ebp+$FFFFFE14]
* Reference to control Edit363 : TEdit
|
005B5BE6 8B8654160000 mov eax, [esi+$1654]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
005B5BEC E86FDBE9FF call 00453760
005B5BF1 8B9514FEFFFF mov edx, [ebp+$FFFFFE14]
005B5BF7 8D8D18FEFFFF lea ecx, [ebp+$FFFFFE18]
005B5BFD 8BC6 mov eax, esi
* Reference to : TForm1.encrypt()
|
005B5BFF E8545DF1FF call 004CB958
005B5C04 8B9518FEFFFF mov edx, [ebp+$FFFFFE18]
* Reference to control Edit853 : TEdit
|
005B5C0A 8B8600240000 mov eax, [esi+$2400]
* Reference to: Controls.TControl.SetText(TControl;TCaption);
|
005B5C10 E87BDBE9FF call 00453790
005B5C15 B201 mov dl, $01
005B5C17 A158614300 mov eax, dword ptr [$00436158]
* Reference to: Registry.TRegistry.Create(TRegistry;boolean);overload;
|
005B5C1C E83706E8FF call 00436258
005B5C21 8BD8 mov ebx, eax
005B5C23 BA02000080 mov edx, $80000002
005B5C28 8BC3 mov eax, ebx
* Reference to: Registry.TRegistry.SetRootKey(TRegistry;HKEY);
|
005B5C2A E8C906E8FF call 004362F8
005B5C2F B101 mov cl, $01
* Possible String Reference to: 'Software\shenzhou'
|
005B5C31 BA605E5B00 mov edx, $005B5E60
005B5C36 8BC3 mov eax, ebx
* Reference to: Registry.TRegistry.OpenKey(TRegistry;AnsiString;Boolean):Boolean;
|
005B5C38 E81F07E8FF call 0043635C
005B5C3D 84C0 test al, al
005B5C3F 0F8485000000 jz 005B5CCA
005B5C45 8D9510FEFFFF lea edx, [ebp+$FFFFFE10]
* Reference to control Edit853 : TEdit
|
005B5C4B 8B8600240000 mov eax, [esi+$2400]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
005B5C51 E80ADBE9FF call 00453760
005B5C56 8B8D10FEFFFF mov ecx, [ebp+$FFFFFE10]
* Possible String Reference to: 'RegisterCode'
|
005B5C5C BA7C5E5B00 mov edx, $005B5E7C
005B5C61 8BC3 mov eax, ebx
* Reference to: Registry.TRegistry.WriteString(TRegistry;AnsiString;AnsiString);
|
005B5C63 E8C009E8FF call 00436628
005B5C68 B9945E5B00 mov ecx, $005B5E94
* Possible String Reference to: 'times'
|
005B5C6D BAA05E5B00 mov edx, $005B5EA0
005B5C72 8BC3 mov eax, ebx
* Reference to: Registry.TRegistry.WriteString(TRegistry;AnsiString;AnsiString);
|
005B5C74 E8AF09E8FF call 00436628
005B5C79 8D850CFEFFFF lea eax, [ebp+$FFFFFE0C]
005B5C7F 50 push eax
005B5C80 8BCF mov ecx, edi
005B5C82 49 dec ecx
005B5C83 BA01000000 mov edx, $00000001
005B5C88 8B45F8 mov eax, [ebp-$08]
* Reference to: System.@LStrCopy;
|
005B5C8B E8FCF4E4FF call 0040518C
005B5C90 8B8D0CFEFFFF mov ecx, [ebp+$FFFFFE0C]
* Possible String Reference to: 'RegisterTime'
|
005B5C96 BAB05E5B00 mov edx, $005B5EB0
005B5C9B 8BC3 mov eax, ebx
* Reference to: Registry.TRegistry.WriteString(TRegistry;AnsiString;AnsiString);
|
005B5C9D E88609E8FF call 00436628
005B5CA2 8D8508FEFFFF lea eax, [ebp+$FFFFFE08]
005B5CA8 50 push eax
005B5CA9 8BCF mov ecx, edi
005B5CAB 49 dec ecx
005B5CAC BA01000000 mov edx, $00000001
005B5CB1 8B45F8 mov eax, [ebp-$08]
* Reference to: System.@LStrCopy;
|
005B5CB4 E8D3F4E4FF call 0040518C
005B5CB9 8B9508FEFFFF mov edx, [ebp+$FFFFFE08]
* Reference to control Label435 : TLabel
|
005B5CBF 8B86A0250000 mov eax, [esi+$25A0]
* Reference to: Controls.TControl.SetText(TControl;TCaption);
|
005B5CC5 E8C6DAE9FF call 00453790
005B5CCA 8BC3 mov eax, ebx
* Reference to: System.TObject.Free(TObject);
|
005B5CCC E8C7E1E4FF call 00403E98
005B5CD1 B201 mov dl, $01
005B5CD3 A158614300 mov eax, dword ptr [$00436158]
* Reference to: Registry.TRegistry.Create(TRegistry;boolean);overload;
|
005B5CD8 E87B05E8FF call 00436258
005B5CDD 8BD8 mov ebx, eax
005B5CDF BA02000080 mov edx, $80000002
005B5CE4 8BC3 mov eax, ebx
* Reference to: Registry.TRegistry.SetRootKey(TRegistry;HKEY);
|
005B5CE6 E80D06E8FF call 004362F8
005B5CEB B101 mov cl, $01
* Possible String Reference to: 'Software\Microsoft\Internet Explorer'
|
005B5CED BAC85E5B00 mov edx, $005B5EC8
005B5CF2 8BC3 mov eax, ebx
* Reference to: Registry.TRegistry.OpenKey(TRegistry;AnsiString;Boolean):Boolean;
|
005B5CF4 E86306E8FF call 0043635C
005B5CF9 84C0 test al, al
005B5CFB 7411 jz 005B5D0E
* Possible String Reference to: 'RUHSJHSGHF'
|
005B5CFD B9F85E5B00 mov ecx, $005B5EF8
* Possible String Reference to: 'YCode'
|
005B5D02 BA0C5F5B00 mov edx, $005B5F0C
005B5D07 8BC3 mov eax, ebx
* Reference to: Registry.TRegistry.WriteString(TRegistry;AnsiString;AnsiString);
|
005B5D09 E81A09E8FF call 00436628
005B5D0E 8BC3 mov eax, ebx
* Reference to: System.TObject.Free(TObject);
|
005B5D10 E883E1E4FF call 00403E98
005B5D15 33D2 xor edx, edx
* Reference to control BitBtn73 : TBitBtn
|
005B5D17 8B8658160000 mov eax, [esi+$1658]
005B5D1D 8B08 mov ecx, [eax]
005B5D1F FF5164 call dword ptr [ecx+$64]
005B5D22 33D2 xor edx, edx
* Reference to control GroupBox97 : TGroupBox
|
005B5D24 8B8608240000 mov eax, [esi+$2408]
* Reference to: Controls.TControl.SetVisible(TControl;Boolean);
|
005B5D2A E851D9E9FF call 00453680
005B5D2F EB18 jmp 005B5D49
005B5D31 8D852CFEFFFF lea eax, [ebp+$FFFFFE2C]
* Reference to: System.@EofText(TTextRec;TTextRec):Boolean;
|
005B5D37 E838D6E4FF call 00403374
|
005B5D3C E827CCE4FF call 00402968
005B5D41 84C0 test al, al
005B5D43 0F842BFEFFFF jz 005B5B74
005B5D49 8D852CFEFFFF lea eax, [ebp+$FFFFFE2C]
* Reference to: System.@Close(TTextRec;TTextRec):Integer;
|
005B5D4F E87CD4E4FF call 004031D0
|
005B5D54 E80FCCE4FF call 00402968
005B5D59 8D9500FEFFFF lea edx, [ebp+$FFFFFE00]
005B5D5F 33C0 xor eax, eax
* Reference to: System.ParamStr(Integer):String;
|
005B5D61 E8E2CEE4FF call 00402C48
005B5D66 8B8500FEFFFF mov eax, [ebp+$FFFFFE00]
005B5D6C 8D9504FEFFFF lea edx, [ebp+$FFFFFE04]
* Reference to: SysUtils.ExtractFilePath(AnsiString):AnsiString;
|
005B5D72 E8A140E5FF call 00409E18
005B5D77 8D8504FEFFFF lea eax, [ebp+$FFFFFE04]
* Possible String Reference to: 'reg.txt'
|
005B5D7D BA405E5B00 mov edx, $005B5E40
* Reference to: System.@LStrCat;
|
005B5D82 E8ADF1E4FF call 00404F34
005B5D87 8B8504FEFFFF mov eax, [ebp+$FFFFFE04]
* Reference to: Grids.TInplaceEdit.Visible(TInplaceEdit):Boolean;
| or: SysUtils.DeleteFile(AnsiString):Boolean;
| or: SysUtils.SetCurrentDir(AnsiString):Boolean;
| or: SysUtils.RemoveDir(AnsiString):Boolean;
|
005B5D8D E8EE3FE5FF call 00409D80
005B5D92 837DFC00 cmp dword ptr [ebp-$04], +$00
005B5D96 751A jnz 005B5DB2
005B5D98 6A40 push $40
* Possible String Reference to: '错误提示'
|
005B5D9A B9145F5B00 mov ecx, $005B5F14
* Possible String Reference to: '服务器没有您的注册资料,请联系作者'
|
005B5D9F BA205F5B00 mov edx, $005B5F20
005B5DA4 A164E65B00 mov eax, dword ptr [$005BE664]
005B5DA9 8B00 mov eax, [eax]
* Reference to: Forms.TApplication.MessageBox(TApplication;PChar;PChar;Longint):Integer;
|
005B5DAB E834DAEBFF call 004737E4
005B5DB0 EB18 jmp 005B5DCA
005B5DB2 6A40 push $40
* Possible String Reference to: '恭喜您'
|
005B5DB4 B9445F5B00 mov ecx, $005B5F44
* Possible String Reference to: '注册成功,重新启动软件即可正常使用'
|
005B5DB9 BA4C5F5B00 mov edx, $005B5F4C
005B5DBE A164E65B00 mov eax, dword ptr [$005BE664]
005B5DC3 8B00 mov eax, [eax]
* Reference to: Forms.TApplication.MessageBox(TApplication;PChar;PChar;Longint):Integer;
|
005B5DC5 E81ADAEBFF call 004737E4
005B5DCA 33C0 xor eax, eax
005B5DCC 5A pop edx
005B5DCD 59 pop ecx
005B5DCE 59 pop ecx
005B5DCF 648910 mov fs:[eax], edx
****** FINALLY
|
005B5DD2 682D5E5B00 push $005B5E2D
005B5DD7 8D8500FEFFFF lea eax, [ebp+$FFFFFE00]
005B5DDD BA04000000 mov edx, $00000004
* Reference to: System.@LStrArrayClr(void;void;Integer);
|
005B5DE2 E8A9EEE4FF call 00404C90
005B5DE7 8D8510FEFFFF lea eax, [ebp+$FFFFFE10]
005B5DED BA02000000 mov edx, $00000002
* Reference to: System.@LStrArrayClr(void;void;Integer);
|
005B5DF2 E899EEE4FF call 00404C90
005B5DF7 8D8518FEFFFF lea eax, [ebp+$FFFFFE18]
* Reference to: System.@LStrClr(void;void);
|
005B5DFD E86AEEE4FF call 00404C6C
005B5E02 8D851CFEFFFF lea eax, [ebp+$FFFFFE1C]
* Reference to: System.@LStrClr(void;void);
|
005B5E08 E85FEEE4FF call 00404C6C
005B5E0D 8D8520FEFFFF lea eax, [ebp+$FFFFFE20]
005B5E13 BA03000000 mov edx, $00000003
* Reference to: System.@LStrArrayClr(void;void;Integer);
|
005B5E18 E873EEE4FF call 00404C90
005B5E1D 8D45F8 lea eax, [ebp-$08]
* Reference to: System.@LStrClr(void;void);
|
005B5E20 E847EEE4FF call 00404C6C
005B5E25 C3 ret
* Reference to: System.@HandleFinally;
|
005B5E26 E9C1E7E4FF jmp 004045EC
005B5E2B EBAA jmp 005B5DD7
****** END
|
005B5E2D 5F pop edi
005B5E2E 5E pop esi
005B5E2F 5B pop ebx
005B5E30 8BE5 mov esp, ebp
005B5E32 5D pop ebp
005B5E33 C20400 ret $0004
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
