用PE看是Delphi写的,没加壳。
DADA载入。查看窗体,找到注册
----------------------------------------
object btn_Reg: TButton
Left = 210
Top = 14
Width = 61
Height = 25
Caption = '注册'
Enabled = False
TabOrder = 2
OnClick = btn_RegClick -------- 注册键触发??
end
object GroupBox1: TGroupBox
Left = 8
--------------------------------------------
过程里找到 btn_regclick 跟进:
00467CD0 55 push ebp
00467CD1 8BEC mov ebp, esp
00467CD3 33C9 xor ecx, ecx
00467CD5 51 push ecx
00467CD6 51 push ecx
00467CD7 51 push ecx
00467CD8 51 push ecx
00467CD9 51 push ecx
00467CDA 51 push ecx
00467CDB 51 push ecx
00467CDC 51 push ecx
00467CDD 53 push ebx
00467CDE 8BD8 mov ebx, eax
00467CE0 33C0 xor eax, eax
00467CE2 55 push ebp
* Possible String Reference to: '?幅?捋?]?
|
00467CE3 68267E4600 push $00467E26
***** TRY
|
00467CE8 64FF30 push dword ptr fs:[eax]
00467CEB 648920 mov fs:[eax], esp
00467CEE 8D55F8 lea edx, [ebp-$08]
* Reference to control edt_RegNo2 : TMaskEdit -----第二组注册码
|
00467CF1 8B83E8020000 mov eax, [ebx+$02E8]
* Reference to: mask.TCustomMaskEdit.GetText(TCustomMaskEdit):AnsiString;
|
00467CF7 E8D4DFFFFF call 00465CD0
00467CFC 8B45F8 mov eax, [ebp-$08]
00467CFF 50 push eax
00467D00 8D55F4 lea edx, [ebp-$0C]
* Reference to control edt_RegNO1 : TMaskEdit -----第一组注册码
|
00467D03 8B83E4020000 mov eax, [ebx+$02E4]
* Reference to: mask.TCustomMaskEdit.GetText(TCustomMaskEdit):AnsiString;
|
00467D09 E8C2DFFFFF call 00465CD0
00467D0E 8B55F4 mov edx, [ebp-$0C]
00467D11 8D45FC lea eax, [ebp-$04]
00467D14 59 pop ecx
* Reference to: system.@LStrCat3;
|
00467D15 E8EEC0F9FF call 00403E08
00467D1A A0347E4600 mov al, byte ptr [$00467E34]
00467D1F 50 push eax
00467D20 8D45EC lea eax, [ebp-$14]
00467D23 50 push eax
00467D24 33C9 xor ecx, ecx
00467D26 BA407E4600 mov edx, $00467E40
00467D2B 8B45FC mov eax, [ebp-$04]
* Reference to: sysutils.StringReplace(AnsiString;AnsiString;AnsiString;TReplaceFlags):AnsiString;
|
00467D2E E8C53CFAFF call 0040B9F8
00467D33 8B45EC mov eax, [ebp-$14]
00467D36 8D55F0 lea edx, [ebp-$10]
* Reference to: sysutils.Trim(AnsiString):AnsiString;
|
00467D39 E88E05FAFF call 004082CC
00467D3E 8B55F0 mov edx, [ebp-$10]
00467D41 8D45FC lea eax, [ebp-$04]
* Reference to: system.@LStrLAsg;
|
00467D44 E88BBEF9FF call 00403BD4
00467D49 837DFC00 cmp dword ptr [ebp-$04], +$00
00467D4D 0F84AB000000 jz 00467DFE
00467D53 FFB3F4020000 push dword ptr [ebx+$02F4]
00467D59 FFB3F0020000 push dword ptr [ebx+$02F0]
00467D5F 8D55E8 lea edx, [ebp-$18]
* Reference to control cb_ProductList : TComboBox
|
00467D62 8B83D8020000 mov eax, [ebx+$02D8]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
00467D68 E8BF41FCFF call 0042BF2C
00467D6D 8B45E8 mov eax, [ebp-$18]
00467D70 50 push eax
00467D71 A1D0BD4600 mov eax, dword ptr [$0046BDD0]
00467D76 8B00 mov eax, [eax]
* Reference to: outline.TOutlineNode.GetList(TOutlineNode):TList;
|
00467D78 E8FBE9FEFF call 00456778
00467D7D 5A pop edx
|
00467D7E E851FDFEFF call 00457AD4
00467D83 8B55FC mov edx, [ebp-$04]
|
00467D86 E801F4FEFF call 0045718C
00467D8B 8D55E4 lea edx, [ebp-$1C]
* Reference to control cb_ProductList : TComboBox
|
00467D8E 8B83D8020000 mov eax, [ebx+$02D8]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
00467D94 E89341FCFF call 0042BF2C
00467D99 8B45E4 mov eax, [ebp-$1C]
00467D9C 50 push eax
00467D9D A1D0BD4600 mov eax, dword ptr [$0046BDD0]
00467DA2 8B00 mov eax, [eax]
* Reference to: outline.TOutlineNode.GetList(TOutlineNode):TList;
|
00467DA4 E8CFE9FEFF call 00456778
00467DA9 5A pop edx
|
00467DAA E825FDFEFF call 00457AD4
00467DAF 33D2 xor edx, edx
00467DB1 89500C mov [eax+$0C], edx
00467DB4 8D55E0 lea edx, [ebp-$20]
* Reference to control cb_ProductList : TComboBox
|
00467DB7 8B83D8020000 mov eax, [ebx+$02D8]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
00467DBD E86A41FCFF call 0042BF2C
00467DC2 8B45E0 mov eax, [ebp-$20]
00467DC5 50 push eax
00467DC6 A1D0BD4600 mov eax, dword ptr [$0046BDD0]
00467DCB 8B00 mov eax, [eax]
* Reference to: outline.TOutlineNode.GetList(TOutlineNode):TList;
|
00467DCD E8A6E9FEFF call 00456778
00467DD2 5A pop edx
|
00467DD3 E8FCFCFEFF call 00457AD4
00467DD8 8B93F0020000 mov edx, [ebx+$02F0]
00467DDE 895010 mov [eax+$10], edx
00467DE1 8B93F4020000 mov edx, [ebx+$02F4]
00467DE7 895014 mov [eax+$14], edx
00467DEA 33D2 xor edx, edx
* Reference to control btn_Reg : TButton
|
00467DEC 8B83D0020000 mov eax, [ebx+$02D0]
00467DF2 8B08 mov ecx, [eax]
00467DF4 FF515C call dword ptr [ecx+$5C]
00467DF7 8BC3 mov eax, ebx
* Reference to: forms.TCustomForm.Close(TCustomForm);
|
00467DF9 E876EDFDFF call 00446B74
00467DFE 33C0 xor eax, eax
00467E00 5A pop edx
00467E01 59 pop ecx
00467E02 59 pop ecx
00467E03 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '[?]?
|
00467E06 682D7E4600 push $00467E2D
00467E0B 8D45E0 lea eax, [ebp-$20]
00467E0E BA03000000 mov edx, $00000003
* Reference to: system.@LStrArrayClr;
|
00467E13 E848BDF9FF call 00403B60
00467E18 8D45EC lea eax, [ebp-$14]
00467E1B BA05000000 mov edx, $00000005
* Reference to: system.@LStrArrayClr;
|
00467E20 E83BBDF9FF call 00403B60
00467E25 C3 ret
* Reference to: system.@HandleFinally;
|
00467E26 E925B7F9FF jmp 00403550
00467E2B EBDE jmp 00467E0B
****** END
|
00467E2D 5B pop ebx
00467E2E 8BE5 mov esp, ebp
00467E30 5D pop ebp
00467E31 C3 ret
--------------------------------------------------
Delphi写的,第一次接触Delphi的东西。高手给这段加加注释吧!
看不出他们的关键CALL。。语法好象不大一样。
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
OD OD OD OD OD OD OD
