[求助]aspack&脱壳&去花指令&seh跟踪-经典问答-看雪-安全社区|安全招聘|kanxue.com

最新回复 (9)
nantz 雪币： 238 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 136 粉丝 0 关注私信	nantz 2 楼好好学习别人的精华贴，会有收获的。 2007-3-14 20:14 0
笨笨雄雪币： 846 活跃值： (221) 能力值： (RANK：570 ) 在线值：发帖 212 回帖 3620 粉丝 23 关注私信	笨笨雄 14 3 楼静态分析了什么。。。动态跟踪了什么。。？ 2007-3-14 20:26 0
xifeng 雪币： 206 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 53 粉丝 0 关注私信	xifeng 4 楼在注册窗口中随意输入注册名称和注册码，点注册按钮，弹出消息窗口，提示“注册码失败！请核对注册名称和注册码。”于是，搜索字符串参考，尽管颇费一番周折，但结果倒是找到字符串，而且还发现了“注册码成功！”心中不禁暗喜，以为这下肯定有办法了。不料问题远非如此简单。 0061B4BD . B9 10B76100 MOV ECX,dbimp.0061B710 0061B4C2 . BA 1CB76100 MOV EDX,dbimp.0061B71C 0061B4C7 . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0] 0061B4CC . 8B00 MOV EAX,DWORD PTR DS:[EAX] 0061B4CE . E8 6544E9FF CALL dbimp.004AF938 //此处提示注册码成功，上面还有多处注册码成功的提示！ 0061B4D3 . 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8] 0061B4D9 . 33D2 XOR EDX,EDX 0061B4DB . 8B08 MOV ECX,DWORD PTR DS:[EAX] 0061B4DD . FF51 64 CALL DWORD PTR DS:[ECX+64] 0061B4E0 . A1 E0966B00 MOV EAX,DWORD PTR DS:[6B96E0] 0061B4E5 . C640 28 01 MOV BYTE PTR DS:[EAX+28],1 0061B4E9 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B4EC . E8 0388DEFF CALL dbimp.00403CF4 0061B4F1 . 33C0 XOR EAX,EAX 0061B4F3 . 5A POP EDX 0061B4F4 . 59 POP ECX 0061B4F5 . 59 POP ECX 0061B4F6 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B4F9 . 33C0 XOR EAX,EAX 0061B4FB . 5A POP EDX 0061B4FC . 59 POP ECX 0061B4FD . 59 POP ECX 0061B4FE . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B501 . 33C0 XOR EAX,EAX 0061B503 . 5A POP EDX 0061B504 . 59 POP ECX 0061B505 . 59 POP ECX 0061B506 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B509 . EB 60 JMP SHORT dbimp.0061B56B 0061B50B . 33C0 XOR EAX,EAX 0061B50D . 5A POP EDX 0061B50E . 59 POP ECX 0061B50F . 59 POP ECX 0061B510 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B513 .^E9 BC8CDEFF JMP dbimp.004041D4 0061B518 . E8 E390DEFF CALL dbimp.00404600 0061B51D > 33C0 XOR EAX,EAX 0061B51F . 5A POP EDX 0061B520 . 59 POP ECX 0061B521 . 59 POP ECX 0061B522 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B525 . EB 0A JMP SHORT dbimp.0061B531 0061B527 .^E9 A88CDEFF JMP dbimp.004041D4 0061B52C . E8 CF90DEFF CALL dbimp.00404600 0061B531 > 33C0 XOR EAX,EAX 0061B533 . 5A POP EDX 0061B534 . 59 POP ECX 0061B535 . 59 POP ECX 0061B536 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B539 . EB 0A JMP SHORT dbimp.0061B545 0061B53B .^E9 948CDEFF JMP dbimp.004041D4 //用尽了所有办法，最上也只能有这里断下（包括利用消息参考），按注册按钮先是进入系统领空间，从系统领空出来就径直来到这里。 //修改此jmp语句，强行往上跳，使程序运行经过上面几处“注册码成功”的提示和绕过此处的“注册码失败”，同样无济于事！ 0061B540 . E8 BB90DEFF CALL dbimp.00404600 0061B545 > 837D FC 00 CMP DWORD PTR SS:[EBP-4],0 0061B549 . 74 08 JE SHORT dbimp.0061B553 0061B54B . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B54E . E8 A187DEFF CALL dbimp.00403CF4 0061B553 > 6A 00 PUSH 0 0061B555 . B9 10B76100 MOV ECX,dbimp.0061B710 0061B55A . BA 5CB76100 MOV EDX,dbimp.0061B75C 0061B55F . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0] 0061B564 . 8B00 MOV EAX,DWORD PTR DS:[EAX] 0061B566 . E8 CD43E9FF CALL dbimp.004AF938 //此处弹出注册码失败提示 0061B56B > 33C0 XOR EAX,EAX 0061B56D . 5A POP EDX 0061B56E . 59 POP ECX 0061B56F . 59 POP ECX 0061B570 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 2007-3-14 20:35 0
苦茶雪币： 200 活跃值： (12) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 33 粉丝 0 关注私信	苦茶 5 楼基本都是在SEH里处理,而且,光贴这个也不好分析吧. 2007-3-14 20:56 0
xifeng 雪币： 206 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 53 粉丝 0 关注私信	xifeng 6 楼咱会努力的，谢谢大伙的帮助和鼓励。。。 2007-3-14 21:48 0
笨笨雄雪币： 846 活跃值： (221) 能力值： (RANK：570 ) 在线值：发帖 212 回帖 3620 粉丝 23 关注私信	笨笨雄 14 7 楼看到这么多字符提示，就知道这个程序对字符参考作了特别对待，你还使用字符参考，那不是自己找麻烦嘛 2007-3-14 22:26 0
xifeng 雪币： 206 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 53 粉丝 0 关注私信	xifeng 8 楼下载地址： ftp://www.inmis.com/soft/offDocms.exe 弄得出来，也许就不属菜鸟级了^-^ 注册部分能追到的代码 0061B01C . 55 PUSH EBP 0061B01D . 8BEC MOV EBP,ESP 0061B01F . B9 13000000 MOV ECX,13 0061B024 > 6A 00 PUSH 0 0061B026 . 6A 00 PUSH 0 0061B028 . 49 DEC ECX 0061B029 .^75 F9 JNZ SHORT dbimp.0061B024 0061B02B . 51 PUSH ECX 0061B02C . 53 PUSH EBX 0061B02D . 56 PUSH ESI 0061B02E . 57 PUSH EDI 0061B02F . 8BD8 MOV EBX,EAX 0061B031 . 33C0 XOR EAX,EAX 0061B033 . 55 PUSH EBP 0061B034 . 68 8BB66100 PUSH dbimp.0061B68B 0061B039 . 64:FF30 PUSH DWORD PTR FS:[EAX] 0061B03C . 64:8920 MOV DWORD PTR FS:[EAX],ESP 0061B03F . B2 01 MOV DL,1 0061B041 . A1 54DF4400 MOV EAX,DWORD PTR DS:[44DF54] 0061B046 . E8 0930E3FF CALL dbimp.0044E054 0061B04B . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX 0061B04E . 33C0 XOR EAX,EAX 0061B050 . 55 PUSH EBP 0061B051 . 68 3BB56100 PUSH dbimp.0061B53B 0061B056 . 64:FF30 PUSH DWORD PTR FS:[EAX] 0061B059 . 64:8920 MOV DWORD PTR FS:[EAX],ESP 0061B05C . 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14] 0061B05F . 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308] 0061B065 . E8 062FE7FF CALL dbimp.0048DF70 0061B06A . 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] 0061B06D . 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10] 0061B070 . E8 57E9DEFF CALL dbimp.004099CC 0061B075 . 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] 0061B078 . 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C] 0061B07B . BA A4B66100 MOV EDX,dbimp.0061B6A4 ; ASCII "HDDBIP" 0061B080 . E8 FF4E0600 CALL dbimp.0067FF84 0061B085 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] 0061B088 . 50 PUSH EAX 0061B089 . 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C] 0061B08C . 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304] 0061B092 . E8 D92EE7FF CALL dbimp.0048DF70 0061B097 . 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C] 0061B09A . 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18] 0061B09D . E8 2AE9DEFF CALL dbimp.004099CC 0061B0A2 . 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] 0061B0A5 . 58 POP EAX 0061B0A6 . E8 599FDEFF CALL dbimp.00405004 0061B0AB . 0F85 8A010000 JNZ dbimp.0061B23B 0061B0B1 . 33C0 XOR EAX,EAX 0061B0B3 . 55 PUSH EBP 0061B0B4 . 68 2CB26100 PUSH dbimp.0061B22C 0061B0B9 . 64:FF30 PUSH DWORD PTR FS:[EAX] 0061B0BC . 64:8920 MOV DWORD PTR FS:[EAX],ESP 0061B0BF . BA 02000080 MOV EDX,80000002 0061B0C4 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B0C7 . E8 2830E3FF CALL dbimp.0044E0F4 0061B0CC . B1 01 MOV CL,1 0061B0CE . BA B4B66100 MOV EDX,dbimp.0061B6B4 ; ASCII "SoftWare\Dbimp\Dbimp1.0" 0061B0D3 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B0D6 . E8 7D30E3FF CALL dbimp.0044E158 0061B0DB . 84C0 TEST AL,AL 0061B0DD . 74 5F JE SHORT dbimp.0061B13E 0061B0DF . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24] 0061B0E2 . 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304] 0061B0E8 . E8 832EE7FF CALL dbimp.0048DF70 0061B0ED . 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] 0061B0F0 . 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20] 0061B0F3 . E8 D4E8DEFF CALL dbimp.004099CC 0061B0F8 . 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] 0061B0FB . BA D4B66100 MOV EDX,dbimp.0061B6D4 ; ASCII "RegName" 0061B100 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B103 . E8 EC31E3FF CALL dbimp.0044E2F4 0061B108 . 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C] 0061B10B . 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308] 0061B111 . E8 5A2EE7FF CALL dbimp.0048DF70 0061B116 . 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C] 0061B119 . 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28] 0061B11C . E8 ABE8DEFF CALL dbimp.004099CC 0061B121 . 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28] 0061B124 . BA E4B66100 MOV EDX,dbimp.0061B6E4 ; ASCII "RegID" 0061B129 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B12C . E8 C331E3FF CALL dbimp.0044E2F4 0061B131 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B134 . E8 8B2FE3FF CALL dbimp.0044E0C4 0061B139 . E9 9B000000 JMP dbimp.0061B1D9 0061B13E > 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34] 0061B141 . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0] 0061B146 . 8B00 MOV EAX,DWORD PTR DS:[EAX] 0061B148 . E8 6B4CE9FF CALL dbimp.004AFDB8 0061B14D . 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34] 0061B150 . 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30] 0061B153 . E8 90F4DEFF CALL dbimp.0040A5E8 0061B158 . 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30] 0061B15B . BA F4B66100 MOV EDX,dbimp.0061B6F4 ; ASCII "Info.ini" 0061B160 . E8 5B9DDEFF CALL dbimp.00404EC0 0061B165 . 8B4D D0 MOV ECX,DWORD PTR SS:[EBP-30] 0061B168 . B2 01 MOV DL,1 0061B16A . A1 08D04400 MOV EAX,DWORD PTR DS:[44D008] 0061B16F . E8 441FE3FF CALL dbimp.0044D0B8 0061B174 . 8BF0 MOV ESI,EAX 0061B176 . 8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C] 0061B179 . 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304] 0061B17F . E8 EC2DE7FF CALL dbimp.0048DF70 0061B184 . 8B45 C4 MOV EAX,DWORD PTR SS:[EBP-3C] 0061B187 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38] 0061B18A . E8 3DE8DEFF CALL dbimp.004099CC 0061B18F . 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38] 0061B192 . 50 PUSH EAX 0061B193 . B9 D4B66100 MOV ECX,dbimp.0061B6D4 ; ASCII "RegName" 0061B198 . BA 08B76100 MOV EDX,dbimp.0061B708 ; ASCII "RegInfo" 0061B19D . 8BC6 MOV EAX,ESI 0061B19F . 8B38 MOV EDI,DWORD PTR DS:[EAX] 0061B1A1 . FF57 04 CALL DWORD PTR DS:[EDI+4] 0061B1A4 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44] 0061B1A7 . 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308] 0061B1AD . E8 BE2DE7FF CALL dbimp.0048DF70 0061B1B2 . 8B45 BC MOV EAX,DWORD PTR SS:[EBP-44] 0061B1B5 . 8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40] 0061B1B8 . E8 0FE8DEFF CALL dbimp.004099CC 0061B1BD . 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40] 0061B1C0 . 50 PUSH EAX 0061B1C1 . B9 E4B66100 MOV ECX,dbimp.0061B6E4 ; ASCII "RegID" 0061B1C6 . BA 08B76100 MOV EDX,dbimp.0061B708 ; ASCII "RegInfo" 0061B1CB . 8BC6 MOV EAX,ESI 0061B1CD . 8B38 MOV EDI,DWORD PTR DS:[EAX] 0061B1CF . FF57 04 CALL DWORD PTR DS:[EDI+4] 0061B1D2 . 8BC6 MOV EAX,ESI 0061B1D4 . E8 1B8BDEFF CALL dbimp.00403CF4 0061B1D9 > 6A 00 PUSH 0 0061B1DB . B9 10B76100 MOV ECX,dbimp.0061B710 0061B1E0 . BA 1CB76100 MOV EDX,dbimp.0061B71C 0061B1E5 . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0] 0061B1EA . 8B00 MOV EAX,DWORD PTR DS:[EAX] 0061B1EC . E8 4747E9FF CALL dbimp.004AF938 0061B1F1 . 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8] 0061B1F7 . 33D2 XOR EDX,EDX 0061B1F9 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 0061B1FB . FF51 64 CALL DWORD PTR DS:[ECX+64] 0061B1FE . A1 E0966B00 MOV EAX,DWORD PTR DS:[6B96E0] 0061B203 . C640 28 01 MOV BYTE PTR DS:[EAX+28],1 0061B207 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B20A . E8 E58ADEFF CALL dbimp.00403CF4 0061B20F . 33C0 XOR EAX,EAX 0061B211 . 5A POP EDX 0061B212 . 59 POP ECX 0061B213 . 59 POP ECX 0061B214 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B217 . 33C0 XOR EAX,EAX 0061B219 . 5A POP EDX 0061B21A . 59 POP ECX 0061B21B . 59 POP ECX 0061B21C . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B21F . E9 47030000 JMP dbimp.0061B56B 0061B224 . 33C0 XOR EAX,EAX 0061B226 . 5A POP EDX 0061B227 . 59 POP ECX 0061B228 . 59 POP ECX 0061B229 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B22C .^E9 A38FDEFF JMP dbimp.004041D4 0061B231 . E8 CA93DEFF CALL dbimp.00404600 0061B236 . E9 F6020000 JMP dbimp.0061B531 0061B23B > A1 E0966B00 MOV EAX,DWORD PTR DS:[6B96E0] 0061B240 . 8338 00 CMP DWORD PTR DS:[EAX],0 0061B243 . 0F84 E8020000 JE dbimp.0061B531 0061B249 . 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8] 0061B24C . A1 E0966B00 MOV EAX,DWORD PTR DS:[6B96E0] 0061B251 . 8B00 MOV EAX,DWORD PTR DS:[EAX] 0061B253 . E8 C4F3DEFF CALL dbimp.0040A61C 0061B258 . 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8] 0061B25B . 50 PUSH EAX 0061B25C . 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] 0061B25F . B8 34B76100 MOV EAX,dbimp.0061B734 0061B264 . E8 939FDEFF CALL dbimp.004051FC 0061B269 . 8BC8 MOV ECX,EAX 0061B26B . 49 DEC ECX 0061B26C . BA 01000000 MOV EDX,1 0061B271 . 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 0061B274 . E8 9F9EDEFF CALL dbimp.00405118 0061B279 . 33C0 XOR EAX,EAX 0061B27B . 55 PUSH EBP 0061B27C . 68 27B56100 PUSH dbimp.0061B527 0061B281 . 64:FF30 PUSH DWORD PTR FS:[EAX] 0061B284 . 64:8920 MOV DWORD PTR FS:[EAX],ESP 0061B287 . 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50] 0061B28A . 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308] 0061B290 . E8 DB2CE7FF CALL dbimp.0048DF70 0061B295 . 8B45 B0 MOV EAX,DWORD PTR SS:[EBP-50] 0061B298 . 8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C] 0061B29B . E8 2CE7DEFF CALL dbimp.004099CC 0061B2A0 . 8B45 B4 MOV EAX,DWORD PTR SS:[EBP-4C] 0061B2A3 . 8D4D B8 LEA ECX,DWORD PTR SS:[EBP-48] 0061B2A6 . 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] 0061B2A9 . E8 D64C0600 CALL dbimp.0067FF84 0061B2AE . 8B45 B8 MOV EAX,DWORD PTR SS:[EBP-48] 0061B2B1 . 50 PUSH EAX 0061B2B2 . 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-58] 0061B2B5 . 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304] 0061B2BB . E8 B02CE7FF CALL dbimp.0048DF70 0061B2C0 . 8B45 A8 MOV EAX,DWORD PTR SS:[EBP-58] 0061B2C3 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54] 0061B2C6 . E8 01E7DEFF CALL dbimp.004099CC 0061B2CB . 8B55 AC MOV EDX,DWORD PTR SS:[EBP-54] 0061B2CE . 58 POP EAX 0061B2CF . E8 309DDEFF CALL dbimp.00405004 0061B2D4 . 74 63 JE SHORT dbimp.0061B339 0061B2D6 . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64] 0061B2D9 . 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308] 0061B2DF . E8 8C2CE7FF CALL dbimp.0048DF70 0061B2E4 . 8B45 9C MOV EAX,DWORD PTR SS:[EBP-64] 0061B2E7 . 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60] 0061B2EA . E8 DDE6DEFF CALL dbimp.004099CC 0061B2EF . 8B45 A0 MOV EAX,DWORD PTR SS:[EBP-60] 0061B2F2 . 8D4D A4 LEA ECX,DWORD PTR SS:[EBP-5C] 0061B2F5 . 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] 0061B2F8 . E8 874C0600 CALL dbimp.0067FF84 0061B2FD . 8B45 A4 MOV EAX,DWORD PTR SS:[EBP-5C] 0061B300 . 50 PUSH EAX 0061B301 . 8D55 90 LEA EDX,DWORD PTR SS:[EBP-70] 0061B304 . 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304] 0061B30A . E8 612CE7FF CALL dbimp.0048DF70 0061B30F . 8B4D 90 MOV ECX,DWORD PTR SS:[EBP-70] 0061B312 . 8D45 94 LEA EAX,DWORD PTR SS:[EBP-6C] 0061B315 . BA 40B76100 MOV EDX,dbimp.0061B740 0061B31A . E8 E59BDEFF CALL dbimp.00404F04 0061B31F . 8B45 94 MOV EAX,DWORD PTR SS:[EBP-6C] 0061B322 . 8D55 98 LEA EDX,DWORD PTR SS:[EBP-68] 0061B325 . E8 A2E6DEFF CALL dbimp.004099CC 0061B32A . 8B55 98 MOV EDX,DWORD PTR SS:[EBP-68] 0061B32D . 58 POP EAX 0061B32E . E8 D19CDEFF CALL dbimp.00405004 0061B333 . 0F85 E4010000 JNZ dbimp.0061B51D 0061B339 > 837D FC 00 CMP DWORD PTR SS:[EBP-4],0 0061B33D . 74 0A JE SHORT dbimp.0061B349 0061B33F . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B342 . E8 7D2DE3FF CALL dbimp.0044E0C4 0061B347 . EB 0F JMP SHORT dbimp.0061B358 0061B349 > B2 01 MOV DL,1 0061B34B . A1 54DF4400 MOV EAX,DWORD PTR DS:[44DF54] 0061B350 . E8 FF2CE3FF CALL dbimp.0044E054 0061B355 . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX 0061B358 > 33C0 XOR EAX,EAX 0061B35A . 55 PUSH EBP 0061B35B . 68 13B56100 PUSH dbimp.0061B513 0061B360 . 64:FF30 PUSH DWORD PTR FS:[EAX] 0061B363 . 64:8920 MOV DWORD PTR FS:[EAX],ESP 0061B366 . BA 02000080 MOV EDX,80000002 0061B36B . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B36E . E8 812DE3FF CALL dbimp.0044E0F4 0061B373 . 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74] 0061B376 . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] 0061B379 . BA 4CB76100 MOV EDX,dbimp.0061B74C ; ASCII "SoftWare\Dbimp\" 0061B37E . E8 819BDEFF CALL dbimp.00404F04 0061B383 . 8B55 8C MOV EDX,DWORD PTR SS:[EBP-74] 0061B386 . B1 01 MOV CL,1 0061B388 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B38B . E8 C82DE3FF CALL dbimp.0044E158 0061B390 . 84C0 TEST AL,AL 0061B392 . 74 65 JE SHORT dbimp.0061B3F9 0061B394 . 8D55 84 LEA EDX,DWORD PTR SS:[EBP-7C] 0061B397 . 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304] 0061B39D . E8 CE2BE7FF CALL dbimp.0048DF70 0061B3A2 . 8B45 84 MOV EAX,DWORD PTR SS:[EBP-7C] 0061B3A5 . 8D55 88 LEA EDX,DWORD PTR SS:[EBP-78] 0061B3A8 . E8 1FE6DEFF CALL dbimp.004099CC 0061B3AD . 8B4D 88 MOV ECX,DWORD PTR SS:[EBP-78] 0061B3B0 . BA D4B66100 MOV EDX,dbimp.0061B6D4 ; ASCII "RegName" 0061B3B5 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B3B8 . E8 372FE3FF CALL dbimp.0044E2F4 0061B3BD . 8D95 7CFFFFFF LEA EDX,DWORD PTR SS:[EBP-84] 0061B3C3 . 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308] 0061B3C9 . E8 A22BE7FF CALL dbimp.0048DF70 0061B3CE . 8B85 7CFFFFFF MOV EAX,DWORD PTR SS:[EBP-84] 0061B3D4 . 8D55 80 LEA EDX,DWORD PTR SS:[EBP-80] 0061B3D7 . E8 F0E5DEFF CALL dbimp.004099CC 0061B3DC . 8B4D 80 MOV ECX,DWORD PTR SS:[EBP-80] 0061B3DF . BA E4B66100 MOV EDX,dbimp.0061B6E4 ; ASCII "RegID" 0061B3E4 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B3E7 . E8 082FE3FF CALL dbimp.0044E2F4 0061B3EC . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B3EF . E8 D02CE3FF CALL dbimp.0044E0C4 0061B3F4 . E9 C2000000 JMP dbimp.0061B4BB 0061B3F9 > 8D95 74FFFFFF LEA EDX,DWORD PTR SS:[EBP-8C] 0061B3FF . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0] 0061B404 . 8B00 MOV EAX,DWORD PTR DS:[EAX] 0061B406 . E8 AD49E9FF CALL dbimp.004AFDB8 0061B40B . 8B85 74FFFFFF MOV EAX,DWORD PTR SS:[EBP-8C] 0061B411 . 8D95 78FFFFFF LEA EDX,DWORD PTR SS:[EBP-88] 0061B417 . E8 CCF1DEFF CALL dbimp.0040A5E8 0061B41C . 8D85 78FFFFFF LEA EAX,DWORD PTR SS:[EBP-88] 0061B422 . BA F4B66100 MOV EDX,dbimp.0061B6F4 ; ASCII "Info.ini" 0061B427 . E8 949ADEFF CALL dbimp.00404EC0 0061B42C . 8B8D 78FFFFFF MOV ECX,DWORD PTR SS:[EBP-88] 0061B432 . B2 01 MOV DL,1 0061B434 . A1 08D04400 MOV EAX,DWORD PTR DS:[44D008] 0061B439 . E8 7A1CE3FF CALL dbimp.0044D0B8 0061B43E . 8BF0 MOV ESI,EAX 0061B440 . 8D95 6CFFFFFF LEA EDX,DWORD PTR SS:[EBP-94] 0061B446 . 8B83 04030000 MOV EAX,DWORD PTR DS:[EBX+304] 0061B44C . E8 1F2BE7FF CALL dbimp.0048DF70 0061B451 . 8B85 6CFFFFFF MOV EAX,DWORD PTR SS:[EBP-94] 0061B457 . 8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90] 0061B45D . E8 6AE5DEFF CALL dbimp.004099CC 0061B462 . 8B85 70FFFFFF MOV EAX,DWORD PTR SS:[EBP-90] 0061B468 . 50 PUSH EAX 0061B469 . B9 D4B66100 MOV ECX,dbimp.0061B6D4 ; ASCII "RegName" 0061B46E . BA 08B76100 MOV EDX,dbimp.0061B708 ; ASCII "RegInfo" 0061B473 . 8BC6 MOV EAX,ESI 0061B475 . 8B38 MOV EDI,DWORD PTR DS:[EAX] 0061B477 . FF57 04 CALL DWORD PTR DS:[EDI+4] 0061B47A . 8D95 64FFFFFF LEA EDX,DWORD PTR SS:[EBP-9C] 0061B480 . 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308] 0061B486 . E8 E52AE7FF CALL dbimp.0048DF70 0061B48B . 8B85 64FFFFFF MOV EAX,DWORD PTR SS:[EBP-9C] 0061B491 . 8D95 68FFFFFF LEA EDX,DWORD PTR SS:[EBP-98] 0061B497 . E8 30E5DEFF CALL dbimp.004099CC 0061B49C . 8B85 68FFFFFF MOV EAX,DWORD PTR SS:[EBP-98] 0061B4A2 . 50 PUSH EAX 0061B4A3 . B9 E4B66100 MOV ECX,dbimp.0061B6E4 ; ASCII "RegID" 0061B4A8 . BA 08B76100 MOV EDX,dbimp.0061B708 ; ASCII "RegInfo" 0061B4AD . 8BC6 MOV EAX,ESI 0061B4AF . 8B38 MOV EDI,DWORD PTR DS:[EAX] 0061B4B1 . FF57 04 CALL DWORD PTR DS:[EDI+4] 0061B4B4 . 8BC6 MOV EAX,ESI 0061B4B6 . E8 3988DEFF CALL dbimp.00403CF4 0061B4BB > 6A 00 PUSH 0 0061B4BD . B9 10B76100 MOV ECX,dbimp.0061B710 0061B4C2 . BA 1CB76100 MOV EDX,dbimp.0061B71C 0061B4C7 . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0] 0061B4CC . 8B00 MOV EAX,DWORD PTR DS:[EAX] 0061B4CE . E8 6544E9FF CALL dbimp.004AF938 0061B4D3 . 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8] 0061B4D9 . 33D2 XOR EDX,EDX 0061B4DB . 8B08 MOV ECX,DWORD PTR DS:[EAX] 0061B4DD . FF51 64 CALL DWORD PTR DS:[ECX+64] 0061B4E0 . A1 E0966B00 MOV EAX,DWORD PTR DS:[6B96E0] 0061B4E5 . C640 28 01 MOV BYTE PTR DS:[EAX+28],1 0061B4E9 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B4EC . E8 0388DEFF CALL dbimp.00403CF4 0061B4F1 . 33C0 XOR EAX,EAX 0061B4F3 . 5A POP EDX 0061B4F4 . 59 POP ECX 0061B4F5 . 59 POP ECX 0061B4F6 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B4F9 . 33C0 XOR EAX,EAX 0061B4FB . 5A POP EDX 0061B4FC . 59 POP ECX 0061B4FD . 59 POP ECX 0061B4FE . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B501 . 33C0 XOR EAX,EAX 0061B503 . 5A POP EDX 0061B504 . 59 POP ECX 0061B505 . 59 POP ECX 0061B506 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B509 . EB 60 JMP SHORT dbimp.0061B56B 0061B50B . 33C0 XOR EAX,EAX 0061B50D . 5A POP EDX 0061B50E . 59 POP ECX 0061B50F . 59 POP ECX 0061B510 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B513 .^E9 BC8CDEFF JMP dbimp.004041D4 0061B518 . E8 E390DEFF CALL dbimp.00404600 0061B51D > 33C0 XOR EAX,EAX 0061B51F . 5A POP EDX 0061B520 . 59 POP ECX 0061B521 . 59 POP ECX 0061B522 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B525 . EB 0A JMP SHORT dbimp.0061B531 0061B527 .^E9 A88CDEFF JMP dbimp.004041D4 0061B52C . E8 CF90DEFF CALL dbimp.00404600 0061B531 > 33C0 XOR EAX,EAX 0061B533 . 5A POP EDX 0061B534 . 59 POP ECX 0061B535 . 59 POP ECX 0061B536 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B539 . EB 0A JMP SHORT dbimp.0061B545 0061B53B .^E9 948CDEFF JMP dbimp.004041D4 0061B540 . E8 BB90DEFF CALL dbimp.00404600 0061B545 > 837D FC 00 CMP DWORD PTR SS:[EBP-4],0 0061B549 . 74 08 JE SHORT dbimp.0061B553 0061B54B . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0061B54E . E8 A187DEFF CALL dbimp.00403CF4 0061B553 > 6A 00 PUSH 0 0061B555 . B9 10B76100 MOV ECX,dbimp.0061B710 0061B55A . BA 5CB76100 MOV EDX,dbimp.0061B75C 0061B55F . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0] 0061B564 . 8B00 MOV EAX,DWORD PTR DS:[EAX] 0061B566 . E8 CD43E9FF CALL dbimp.004AF938 0061B56B > 33C0 XOR EAX,EAX 0061B56D . 5A POP EDX 0061B56E . 59 POP ECX 0061B56F . 59 POP ECX 0061B570 . 64:8910 MOV DWORD PTR FS:[EAX],EDX 0061B573 . 68 95B66100 PUSH dbimp.0061B695 0061B578 > 8D85 64FFFFFF LEA EAX,DWORD PTR SS:[EBP-9C] 0061B57E . E8 6596DEFF CALL dbimp.00404BE8 0061B583 . 8D85 68FFFFFF LEA EAX,DWORD PTR SS:[EBP-98] 0061B589 . E8 5A96DEFF CALL dbimp.00404BE8 0061B58E . 8D85 6CFFFFFF LEA EAX,DWORD PTR SS:[EBP-94] 0061B594 . E8 4F96DEFF CALL dbimp.00404BE8 0061B599 . 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90] 0061B59F . BA 03000000 MOV EDX,3 0061B5A4 . E8 6396DEFF CALL dbimp.00404C0C 0061B5A9 . 8D85 7CFFFFFF LEA EAX,DWORD PTR SS:[EBP-84] 0061B5AF . E8 3496DEFF CALL dbimp.00404BE8 0061B5B4 . 8D45 80 LEA EAX,DWORD PTR SS:[EBP-80] 0061B5B7 . E8 2C96DEFF CALL dbimp.00404BE8 0061B5BC . 8D45 84 LEA EAX,DWORD PTR SS:[EBP-7C] 0061B5BF . E8 2496DEFF CALL dbimp.00404BE8 0061B5C4 . 8D45 88 LEA EAX,DWORD PTR SS:[EBP-78] 0061B5C7 . BA 02000000 MOV EDX,2 0061B5CC . E8 3B96DEFF CALL dbimp.00404C0C 0061B5D1 . 8D45 90 LEA EAX,DWORD PTR SS:[EBP-70] 0061B5D4 . E8 0F96DEFF CALL dbimp.00404BE8 0061B5D9 . 8D45 94 LEA EAX,DWORD PTR SS:[EBP-6C] 0061B5DC . BA 02000000 MOV EDX,2 0061B5E1 . E8 2696DEFF CALL dbimp.00404C0C 0061B5E6 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64] 0061B5E9 . E8 FA95DEFF CALL dbimp.00404BE8 0061B5EE . 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60] 0061B5F1 . BA 02000000 MOV EDX,2 0061B5F6 . E8 1196DEFF CALL dbimp.00404C0C 0061B5FB . 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58] 0061B5FE . E8 E595DEFF CALL dbimp.00404BE8 0061B603 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54] 0061B606 . E8 DD95DEFF CALL dbimp.00404BE8 0061B60B . 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50] 0061B60E . E8 D595DEFF CALL dbimp.00404BE8 0061B613 . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C] 0061B616 . BA 02000000 MOV EDX,2 0061B61B . E8 EC95DEFF CALL dbimp.00404C0C 0061B620 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44] 0061B623 . E8 C095DEFF CALL dbimp.00404BE8 0061B628 . 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40] 0061B62B . E8 B895DEFF CALL dbimp.00404BE8 0061B630 . 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C] 0061B633 . E8 B095DEFF CALL dbimp.00404BE8 0061B638 . 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38] 0061B63B . BA 03000000 MOV EDX,3 0061B640 . E8 C795DEFF CALL dbimp.00404C0C 0061B645 . 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C] 0061B648 . E8 9B95DEFF CALL dbimp.00404BE8 0061B64D . 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28] 0061B650 . E8 9395DEFF CALL dbimp.00404BE8 0061B655 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24] 0061B658 . E8 8B95DEFF CALL dbimp.00404BE8 0061B65D . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20] 0061B660 . E8 8395DEFF CALL dbimp.00404BE8 0061B665 . 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C] 0061B668 . E8 7B95DEFF CALL dbimp.00404BE8 0061B66D . 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18] 0061B670 . E8 7395DEFF CALL dbimp.00404BE8 0061B675 . 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14] 0061B678 . E8 6B95DEFF CALL dbimp.00404BE8 0061B67D . 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10] 0061B680 . BA 03000000 MOV EDX,3 0061B685 . E8 8295DEFF CALL dbimp.00404C0C 0061B68A . C3 RETN 0061B68B .^E9 F88DDEFF JMP dbimp.00404488 0061B690 .^E9 E3FEFFFF JMP dbimp.0061B578 0061B695 . 5F POP EDI 0061B696 . 5E POP ESI 0061B697 . 5B POP EBX 0061B698 . 8BE5 MOV ESP,EBP 0061B69A . 5D POP EBP 0061B69B . C3 RETN 2007-3-19 13:42 0
xifeng 雪币： 206 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 53 粉丝 0 关注私信	xifeng 9 楼经跟踪分析后判断：试用版软件，注册功能不全，限制的功能是本身就未提供的功能。如果有谁跟踪的结果不这样，请跟贴。谢谢！ 2007-3-22 19:28 0
fatboyspy 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 25 粉丝 0 关注私信	fatboyspy 10 楼有没有Aspack的脱壳教程?或者谁有的发个给我 go245@21cn.com 2007-3-25 16:13 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

nantz

雪币： 238

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

1

回帖

136

粉丝

0

关注

私信

nantz: 2 楼

好好学习别人的精华贴，会有收获的。

2007-3-14 20:14

0

笨笨雄

雪币： 846

活跃值： (221)

能力值： (RANK：570 )

在线值：

发帖

212

回帖

3620

粉丝

23

关注

私信

笨笨雄 14: 3 楼

静态分析了什么。。。动态跟踪了什么。。？

2007-3-14 20:26

0

xifeng

雪币： 206

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

6

回帖

53

粉丝

0

关注

私信

xifeng: 4 楼

在注册窗口中随意输入注册名称和注册码，点注册按钮，弹出消息窗口，提示“注册码失败！请核对注册名称和注册码。”于是，搜索字符串参考，尽管颇费一番周折，但结果倒是找到字符串，而且还发现了“注册码成功！”心中不禁暗喜，以为这下肯定有办法了。不料问题远非如此简单。

0061B4BD . B9 10B76100 MOV ECX,dbimp.0061B710
0061B4C2 . BA 1CB76100 MOV EDX,dbimp.0061B71C
0061B4C7 . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0]
0061B4CC . 8B00          MOV EAX,DWORD PTR DS:[EAX]
0061B4CE . E8 6544E9FF CALL dbimp.004AF938       //此处提示注册码成功，上面还有多处注册码成功的提示！

0061B4D3 . 8B83 F8020000  MOV EAX,DWORD PTR DS:[EBX+2F8]
0061B4D9 . 33D2          XOR EDX,EDX
0061B4DB . 8B08          MOV ECX,DWORD PTR DS:[EAX]
0061B4DD . FF51 64       CALL DWORD PTR DS:[ECX+64]
0061B4E0 . A1 E0966B00 MOV EAX,DWORD PTR DS:[6B96E0]
0061B4E5 . C640 28 01    MOV BYTE PTR DS:[EAX+28],1
0061B4E9 . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B4EC . E8 0388DEFF CALL dbimp.00403CF4
0061B4F1 . 33C0          XOR EAX,EAX
0061B4F3 . 5A          POP EDX
0061B4F4 . 59          POP ECX
0061B4F5 . 59          POP ECX
0061B4F6 . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B4F9 . 33C0          XOR EAX,EAX
0061B4FB . 5A          POP EDX
0061B4FC . 59          POP ECX
0061B4FD . 59          POP ECX
0061B4FE . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B501 . 33C0          XOR EAX,EAX
0061B503 . 5A          POP EDX
0061B504 . 59          POP ECX
0061B505 . 59          POP ECX
0061B506 . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B509 . EB 60       JMP SHORT dbimp.0061B56B
0061B50B . 33C0          XOR EAX,EAX
0061B50D . 5A          POP EDX
0061B50E . 59          POP ECX
0061B50F . 59          POP ECX
0061B510 . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B513 .^E9 BC8CDEFF JMP dbimp.004041D4
0061B518 . E8 E390DEFF CALL dbimp.00404600
0061B51D > 33C0          XOR EAX,EAX
0061B51F . 5A          POP EDX
0061B520 . 59          POP ECX
0061B521 . 59          POP ECX
0061B522 . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B525 . EB 0A       JMP SHORT dbimp.0061B531
0061B527 .^E9 A88CDEFF JMP dbimp.004041D4
0061B52C . E8 CF90DEFF CALL dbimp.00404600
0061B531 > 33C0          XOR EAX,EAX
0061B533 . 5A          POP EDX
0061B534 . 59          POP ECX
0061B535 . 59          POP ECX
0061B536 . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B539 . EB 0A       JMP SHORT dbimp.0061B545

0061B53B .^E9 948CDEFF JMP dbimp.004041D4       //用尽了所有办法，最上也只能有这里断下（包括利用消息参考），按注册按钮先是进入系统领空间，从系统领空出来就径直来到这里。
//修改此jmp语句，强行往上跳，使程序运行经过上面几处“注册码成功”的提示和绕过此处的“注册码失败”，同样无济于事！
0061B540 . E8 BB90DEFF CALL dbimp.00404600
0061B545 > 837D FC 00    CMP DWORD PTR SS:[EBP-4],0
0061B549 . 74 08       JE SHORT dbimp.0061B553
0061B54B . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B54E . E8 A187DEFF CALL dbimp.00403CF4
0061B553 > 6A 00       PUSH 0
0061B555 . B9 10B76100 MOV ECX,dbimp.0061B710
0061B55A . BA 5CB76100 MOV EDX,dbimp.0061B75C
0061B55F . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0]
0061B564 . 8B00          MOV EAX,DWORD PTR DS:[EAX]
0061B566 . E8 CD43E9FF CALL dbimp.004AF938       //此处弹出注册码失败提示
0061B56B > 33C0          XOR EAX,EAX
0061B56D . 5A          POP EDX
0061B56E . 59          POP ECX
0061B56F . 59          POP ECX
0061B570 . 64:8910       MOV DWORD PTR FS:[EAX],EDX

2007-3-14 20:35

0

苦茶

雪币： 200

活跃值： (12)

能力值：

( LV2，RANK：10 )

在线值：

发帖

1

回帖

33

粉丝

0

关注

私信

苦茶: 5 楼

基本都是在SEH里处理,而且,光贴这个也不好分析吧.

2007-3-14 20:56

0

xifeng

雪币： 206

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

6

回帖

53

粉丝

0

关注

私信

xifeng: 6 楼

咱会努力的，谢谢大伙的帮助和鼓励。。。

2007-3-14 21:48

0

笨笨雄

雪币： 846

活跃值： (221)

能力值： (RANK：570 )

在线值：

发帖

212

回帖

3620

粉丝

23

关注

私信

笨笨雄 14: 7 楼

看到这么多字符提示，就知道这个程序对字符参考作了特别对待，你还使用字符参考，那不是自己找麻烦嘛

2007-3-14 22:26

0

xifeng

雪币： 206

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

6

回帖

53

粉丝

0

关注

私信

xifeng: 8 楼

下载地址：
ftp://www.inmis.com/soft/offDocms.exe
弄得出来，也许就不属菜鸟级了^-^

注册部分能追到的代码
0061B01C . 55          PUSH EBP
0061B01D . 8BEC          MOV EBP,ESP
0061B01F . B9 13000000 MOV ECX,13
0061B024 > 6A 00       PUSH 0
0061B026 . 6A 00       PUSH 0
0061B028 . 49          DEC ECX
0061B029 .^75 F9       JNZ SHORT dbimp.0061B024
0061B02B . 51          PUSH ECX
0061B02C . 53          PUSH EBX
0061B02D . 56          PUSH ESI
0061B02E . 57          PUSH EDI
0061B02F . 8BD8          MOV EBX,EAX
0061B031 . 33C0          XOR EAX,EAX
0061B033 . 55          PUSH EBP
0061B034 . 68 8BB66100 PUSH dbimp.0061B68B
0061B039 . 64:FF30       PUSH DWORD PTR FS:[EAX]
0061B03C . 64:8920       MOV DWORD PTR FS:[EAX],ESP
0061B03F . B2 01       MOV DL,1
0061B041 . A1 54DF4400 MOV EAX,DWORD PTR DS:[44DF54]
0061B046 . E8 0930E3FF CALL dbimp.0044E054
0061B04B . 8945 FC       MOV DWORD PTR SS:[EBP-4],EAX
0061B04E . 33C0          XOR EAX,EAX
0061B050 . 55          PUSH EBP
0061B051 . 68 3BB56100 PUSH dbimp.0061B53B
0061B056 . 64:FF30       PUSH DWORD PTR FS:[EAX]
0061B059 . 64:8920       MOV DWORD PTR FS:[EAX],ESP
0061B05C . 8D55 EC       LEA EDX,DWORD PTR SS:[EBP-14]
0061B05F . 8B83 08030000  MOV EAX,DWORD PTR DS:[EBX+308]
0061B065 . E8 062FE7FF CALL dbimp.0048DF70
0061B06A . 8B45 EC       MOV EAX,DWORD PTR SS:[EBP-14]
0061B06D . 8D55 F0       LEA EDX,DWORD PTR SS:[EBP-10]
0061B070 . E8 57E9DEFF CALL dbimp.004099CC
0061B075 . 8B45 F0       MOV EAX,DWORD PTR SS:[EBP-10]
0061B078 . 8D4D F4       LEA ECX,DWORD PTR SS:[EBP-C]
0061B07B . BA A4B66100 MOV EDX,dbimp.0061B6A4                ;  ASCII "HDDBIP"
0061B080 . E8 FF4E0600 CALL dbimp.0067FF84
0061B085 . 8B45 F4       MOV EAX,DWORD PTR SS:[EBP-C]
0061B088 . 50          PUSH EAX
0061B089 . 8D55 E4       LEA EDX,DWORD PTR SS:[EBP-1C]
0061B08C . 8B83 04030000  MOV EAX,DWORD PTR DS:[EBX+304]
0061B092 . E8 D92EE7FF CALL dbimp.0048DF70
0061B097 . 8B45 E4       MOV EAX,DWORD PTR SS:[EBP-1C]
0061B09A . 8D55 E8       LEA EDX,DWORD PTR SS:[EBP-18]
0061B09D . E8 2AE9DEFF CALL dbimp.004099CC
0061B0A2 . 8B55 E8       MOV EDX,DWORD PTR SS:[EBP-18]
0061B0A5 . 58          POP EAX
0061B0A6 . E8 599FDEFF CALL dbimp.00405004
0061B0AB . 0F85 8A010000  JNZ dbimp.0061B23B
0061B0B1 . 33C0          XOR EAX,EAX
0061B0B3 . 55          PUSH EBP
0061B0B4 . 68 2CB26100 PUSH dbimp.0061B22C
0061B0B9 . 64:FF30       PUSH DWORD PTR FS:[EAX]
0061B0BC . 64:8920       MOV DWORD PTR FS:[EAX],ESP
0061B0BF . BA 02000080 MOV EDX,80000002
0061B0C4 . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B0C7 . E8 2830E3FF CALL dbimp.0044E0F4
0061B0CC . B1 01       MOV CL,1
0061B0CE . BA B4B66100 MOV EDX,dbimp.0061B6B4                ;  ASCII "SoftWare\Dbimp\Dbimp1.0"
0061B0D3 . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B0D6 . E8 7D30E3FF CALL dbimp.0044E158
0061B0DB . 84C0          TEST AL,AL
0061B0DD . 74 5F       JE SHORT dbimp.0061B13E
0061B0DF . 8D55 DC       LEA EDX,DWORD PTR SS:[EBP-24]
0061B0E2 . 8B83 04030000  MOV EAX,DWORD PTR DS:[EBX+304]
0061B0E8 . E8 832EE7FF CALL dbimp.0048DF70
0061B0ED . 8B45 DC       MOV EAX,DWORD PTR SS:[EBP-24]
0061B0F0 . 8D55 E0       LEA EDX,DWORD PTR SS:[EBP-20]
0061B0F3 . E8 D4E8DEFF CALL dbimp.004099CC
0061B0F8 . 8B4D E0       MOV ECX,DWORD PTR SS:[EBP-20]
0061B0FB . BA D4B66100 MOV EDX,dbimp.0061B6D4                ;  ASCII "RegName"
0061B100 . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B103 . E8 EC31E3FF CALL dbimp.0044E2F4
0061B108 . 8D55 D4       LEA EDX,DWORD PTR SS:[EBP-2C]
0061B10B . 8B83 08030000  MOV EAX,DWORD PTR DS:[EBX+308]
0061B111 . E8 5A2EE7FF CALL dbimp.0048DF70
0061B116 . 8B45 D4       MOV EAX,DWORD PTR SS:[EBP-2C]
0061B119 . 8D55 D8       LEA EDX,DWORD PTR SS:[EBP-28]
0061B11C . E8 ABE8DEFF CALL dbimp.004099CC
0061B121 . 8B4D D8       MOV ECX,DWORD PTR SS:[EBP-28]
0061B124 . BA E4B66100 MOV EDX,dbimp.0061B6E4                ;  ASCII "RegID"
0061B129 . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B12C . E8 C331E3FF CALL dbimp.0044E2F4
0061B131 . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B134 . E8 8B2FE3FF CALL dbimp.0044E0C4
0061B139 . E9 9B000000 JMP dbimp.0061B1D9
0061B13E > 8D55 CC       LEA EDX,DWORD PTR SS:[EBP-34]
0061B141 . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0]
0061B146 . 8B00          MOV EAX,DWORD PTR DS:[EAX]
0061B148 . E8 6B4CE9FF CALL dbimp.004AFDB8
0061B14D . 8B45 CC       MOV EAX,DWORD PTR SS:[EBP-34]
0061B150 . 8D55 D0       LEA EDX,DWORD PTR SS:[EBP-30]
0061B153 . E8 90F4DEFF CALL dbimp.0040A5E8
0061B158 . 8D45 D0       LEA EAX,DWORD PTR SS:[EBP-30]
0061B15B . BA F4B66100 MOV EDX,dbimp.0061B6F4                ;  ASCII "Info.ini"
0061B160 . E8 5B9DDEFF CALL dbimp.00404EC0
0061B165 . 8B4D D0       MOV ECX,DWORD PTR SS:[EBP-30]
0061B168 . B2 01       MOV DL,1
0061B16A . A1 08D04400 MOV EAX,DWORD PTR DS:[44D008]
0061B16F . E8 441FE3FF CALL dbimp.0044D0B8
0061B174 . 8BF0          MOV ESI,EAX
0061B176 . 8D55 C4       LEA EDX,DWORD PTR SS:[EBP-3C]
0061B179 . 8B83 04030000  MOV EAX,DWORD PTR DS:[EBX+304]
0061B17F . E8 EC2DE7FF CALL dbimp.0048DF70
0061B184 . 8B45 C4       MOV EAX,DWORD PTR SS:[EBP-3C]
0061B187 . 8D55 C8       LEA EDX,DWORD PTR SS:[EBP-38]
0061B18A . E8 3DE8DEFF CALL dbimp.004099CC
0061B18F . 8B45 C8       MOV EAX,DWORD PTR SS:[EBP-38]
0061B192 . 50          PUSH EAX
0061B193 . B9 D4B66100 MOV ECX,dbimp.0061B6D4                ;  ASCII "RegName"
0061B198 . BA 08B76100 MOV EDX,dbimp.0061B708                ;  ASCII "RegInfo"
0061B19D . 8BC6          MOV EAX,ESI
0061B19F . 8B38          MOV EDI,DWORD PTR DS:[EAX]
0061B1A1 . FF57 04       CALL DWORD PTR DS:[EDI+4]
0061B1A4 . 8D55 BC       LEA EDX,DWORD PTR SS:[EBP-44]
0061B1A7 . 8B83 08030000  MOV EAX,DWORD PTR DS:[EBX+308]
0061B1AD . E8 BE2DE7FF CALL dbimp.0048DF70
0061B1B2 . 8B45 BC       MOV EAX,DWORD PTR SS:[EBP-44]
0061B1B5 . 8D55 C0       LEA EDX,DWORD PTR SS:[EBP-40]
0061B1B8 . E8 0FE8DEFF CALL dbimp.004099CC
0061B1BD . 8B45 C0       MOV EAX,DWORD PTR SS:[EBP-40]
0061B1C0 . 50          PUSH EAX
0061B1C1 . B9 E4B66100 MOV ECX,dbimp.0061B6E4                ;  ASCII "RegID"
0061B1C6 . BA 08B76100 MOV EDX,dbimp.0061B708                ;  ASCII "RegInfo"
0061B1CB . 8BC6          MOV EAX,ESI
0061B1CD . 8B38          MOV EDI,DWORD PTR DS:[EAX]
0061B1CF . FF57 04       CALL DWORD PTR DS:[EDI+4]
0061B1D2 . 8BC6          MOV EAX,ESI
0061B1D4 . E8 1B8BDEFF CALL dbimp.00403CF4
0061B1D9 > 6A 00       PUSH 0
0061B1DB . B9 10B76100 MOV ECX,dbimp.0061B710
0061B1E0 . BA 1CB76100 MOV EDX,dbimp.0061B71C
0061B1E5 . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0]
0061B1EA . 8B00          MOV EAX,DWORD PTR DS:[EAX]
0061B1EC . E8 4747E9FF CALL dbimp.004AF938
0061B1F1 . 8B83 F8020000  MOV EAX,DWORD PTR DS:[EBX+2F8]
0061B1F7 . 33D2          XOR EDX,EDX
0061B1F9 . 8B08          MOV ECX,DWORD PTR DS:[EAX]
0061B1FB . FF51 64       CALL DWORD PTR DS:[ECX+64]
0061B1FE . A1 E0966B00 MOV EAX,DWORD PTR DS:[6B96E0]
0061B203 . C640 28 01    MOV BYTE PTR DS:[EAX+28],1
0061B207 . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B20A . E8 E58ADEFF CALL dbimp.00403CF4
0061B20F . 33C0          XOR EAX,EAX
0061B211 . 5A          POP EDX
0061B212 . 59          POP ECX
0061B213 . 59          POP ECX
0061B214 . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B217 . 33C0          XOR EAX,EAX
0061B219 . 5A          POP EDX
0061B21A . 59          POP ECX
0061B21B . 59          POP ECX
0061B21C . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B21F . E9 47030000 JMP dbimp.0061B56B
0061B224 . 33C0          XOR EAX,EAX
0061B226 . 5A          POP EDX
0061B227 . 59          POP ECX
0061B228 . 59          POP ECX
0061B229 . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B22C .^E9 A38FDEFF JMP dbimp.004041D4
0061B231 . E8 CA93DEFF CALL dbimp.00404600
0061B236 . E9 F6020000 JMP dbimp.0061B531
0061B23B > A1 E0966B00 MOV EAX,DWORD PTR DS:[6B96E0]
0061B240 . 8338 00       CMP DWORD PTR DS:[EAX],0
0061B243 . 0F84 E8020000  JE dbimp.0061B531
0061B249 . 8D55 F8       LEA EDX,DWORD PTR SS:[EBP-8]
0061B24C . A1 E0966B00 MOV EAX,DWORD PTR DS:[6B96E0]
0061B251 . 8B00          MOV EAX,DWORD PTR DS:[EAX]
0061B253 . E8 C4F3DEFF CALL dbimp.0040A61C
0061B258 . 8D45 F8       LEA EAX,DWORD PTR SS:[EBP-8]
0061B25B . 50          PUSH EAX
0061B25C . 8B55 F8       MOV EDX,DWORD PTR SS:[EBP-8]
0061B25F . B8 34B76100 MOV EAX,dbimp.0061B734
0061B264 . E8 939FDEFF CALL dbimp.004051FC
0061B269 . 8BC8          MOV ECX,EAX
0061B26B . 49          DEC ECX
0061B26C . BA 01000000 MOV EDX,1
0061B271 . 8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]
0061B274 . E8 9F9EDEFF CALL dbimp.00405118
0061B279 . 33C0          XOR EAX,EAX
0061B27B . 55          PUSH EBP
0061B27C . 68 27B56100 PUSH dbimp.0061B527
0061B281 . 64:FF30       PUSH DWORD PTR FS:[EAX]
0061B284 . 64:8920       MOV DWORD PTR FS:[EAX],ESP
0061B287 . 8D55 B0       LEA EDX,DWORD PTR SS:[EBP-50]
0061B28A . 8B83 08030000  MOV EAX,DWORD PTR DS:[EBX+308]
0061B290 . E8 DB2CE7FF CALL dbimp.0048DF70
0061B295 . 8B45 B0       MOV EAX,DWORD PTR SS:[EBP-50]
0061B298 . 8D55 B4       LEA EDX,DWORD PTR SS:[EBP-4C]
0061B29B . E8 2CE7DEFF CALL dbimp.004099CC
0061B2A0 . 8B45 B4       MOV EAX,DWORD PTR SS:[EBP-4C]
0061B2A3 . 8D4D B8       LEA ECX,DWORD PTR SS:[EBP-48]
0061B2A6 . 8B55 F8       MOV EDX,DWORD PTR SS:[EBP-8]
0061B2A9 . E8 D64C0600 CALL dbimp.0067FF84
0061B2AE . 8B45 B8       MOV EAX,DWORD PTR SS:[EBP-48]
0061B2B1 . 50          PUSH EAX
0061B2B2 . 8D55 A8       LEA EDX,DWORD PTR SS:[EBP-58]
0061B2B5 . 8B83 04030000  MOV EAX,DWORD PTR DS:[EBX+304]
0061B2BB . E8 B02CE7FF CALL dbimp.0048DF70
0061B2C0 . 8B45 A8       MOV EAX,DWORD PTR SS:[EBP-58]
0061B2C3 . 8D55 AC       LEA EDX,DWORD PTR SS:[EBP-54]
0061B2C6 . E8 01E7DEFF CALL dbimp.004099CC
0061B2CB . 8B55 AC       MOV EDX,DWORD PTR SS:[EBP-54]
0061B2CE . 58          POP EAX
0061B2CF . E8 309DDEFF CALL dbimp.00405004
0061B2D4 . 74 63       JE SHORT dbimp.0061B339
0061B2D6 . 8D55 9C       LEA EDX,DWORD PTR SS:[EBP-64]
0061B2D9 . 8B83 08030000  MOV EAX,DWORD PTR DS:[EBX+308]
0061B2DF . E8 8C2CE7FF CALL dbimp.0048DF70
0061B2E4 . 8B45 9C       MOV EAX,DWORD PTR SS:[EBP-64]
0061B2E7 . 8D55 A0       LEA EDX,DWORD PTR SS:[EBP-60]
0061B2EA . E8 DDE6DEFF CALL dbimp.004099CC
0061B2EF . 8B45 A0       MOV EAX,DWORD PTR SS:[EBP-60]
0061B2F2 . 8D4D A4       LEA ECX,DWORD PTR SS:[EBP-5C]
0061B2F5 . 8B55 F8       MOV EDX,DWORD PTR SS:[EBP-8]
0061B2F8 . E8 874C0600 CALL dbimp.0067FF84
0061B2FD . 8B45 A4       MOV EAX,DWORD PTR SS:[EBP-5C]
0061B300 . 50          PUSH EAX
0061B301 . 8D55 90       LEA EDX,DWORD PTR SS:[EBP-70]
0061B304 . 8B83 04030000  MOV EAX,DWORD PTR DS:[EBX+304]
0061B30A . E8 612CE7FF CALL dbimp.0048DF70
0061B30F . 8B4D 90       MOV ECX,DWORD PTR SS:[EBP-70]
0061B312 . 8D45 94       LEA EAX,DWORD PTR SS:[EBP-6C]
0061B315 . BA 40B76100 MOV EDX,dbimp.0061B740
0061B31A . E8 E59BDEFF CALL dbimp.00404F04
0061B31F . 8B45 94       MOV EAX,DWORD PTR SS:[EBP-6C]
0061B322 . 8D55 98       LEA EDX,DWORD PTR SS:[EBP-68]
0061B325 . E8 A2E6DEFF CALL dbimp.004099CC
0061B32A . 8B55 98       MOV EDX,DWORD PTR SS:[EBP-68]
0061B32D . 58          POP EAX
0061B32E . E8 D19CDEFF CALL dbimp.00405004
0061B333 . 0F85 E4010000  JNZ dbimp.0061B51D
0061B339 > 837D FC 00    CMP DWORD PTR SS:[EBP-4],0
0061B33D . 74 0A       JE SHORT dbimp.0061B349
0061B33F . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B342 . E8 7D2DE3FF CALL dbimp.0044E0C4
0061B347 . EB 0F       JMP SHORT dbimp.0061B358
0061B349 > B2 01       MOV DL,1
0061B34B . A1 54DF4400 MOV EAX,DWORD PTR DS:[44DF54]
0061B350 . E8 FF2CE3FF CALL dbimp.0044E054
0061B355 . 8945 FC       MOV DWORD PTR SS:[EBP-4],EAX
0061B358 > 33C0          XOR EAX,EAX
0061B35A . 55          PUSH EBP
0061B35B . 68 13B56100 PUSH dbimp.0061B513
0061B360 . 64:FF30       PUSH DWORD PTR FS:[EAX]
0061B363 . 64:8920       MOV DWORD PTR FS:[EAX],ESP
0061B366 . BA 02000080 MOV EDX,80000002
0061B36B . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B36E . E8 812DE3FF CALL dbimp.0044E0F4
0061B373 . 8D45 8C       LEA EAX,DWORD PTR SS:[EBP-74]
0061B376 . 8B4D F8       MOV ECX,DWORD PTR SS:[EBP-8]
0061B379 . BA 4CB76100 MOV EDX,dbimp.0061B74C                ;  ASCII "SoftWare\Dbimp\"
0061B37E . E8 819BDEFF CALL dbimp.00404F04
0061B383 . 8B55 8C       MOV EDX,DWORD PTR SS:[EBP-74]
0061B386 . B1 01       MOV CL,1
0061B388 . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B38B . E8 C82DE3FF CALL dbimp.0044E158
0061B390 . 84C0          TEST AL,AL
0061B392 . 74 65       JE SHORT dbimp.0061B3F9
0061B394 . 8D55 84       LEA EDX,DWORD PTR SS:[EBP-7C]
0061B397 . 8B83 04030000  MOV EAX,DWORD PTR DS:[EBX+304]
0061B39D . E8 CE2BE7FF CALL dbimp.0048DF70
0061B3A2 . 8B45 84       MOV EAX,DWORD PTR SS:[EBP-7C]
0061B3A5 . 8D55 88       LEA EDX,DWORD PTR SS:[EBP-78]
0061B3A8 . E8 1FE6DEFF CALL dbimp.004099CC
0061B3AD . 8B4D 88       MOV ECX,DWORD PTR SS:[EBP-78]
0061B3B0 . BA D4B66100 MOV EDX,dbimp.0061B6D4                ;  ASCII "RegName"
0061B3B5 . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B3B8 . E8 372FE3FF CALL dbimp.0044E2F4
0061B3BD . 8D95 7CFFFFFF  LEA EDX,DWORD PTR SS:[EBP-84]
0061B3C3 . 8B83 08030000  MOV EAX,DWORD PTR DS:[EBX+308]
0061B3C9 . E8 A22BE7FF CALL dbimp.0048DF70
0061B3CE . 8B85 7CFFFFFF  MOV EAX,DWORD PTR SS:[EBP-84]
0061B3D4 . 8D55 80       LEA EDX,DWORD PTR SS:[EBP-80]
0061B3D7 . E8 F0E5DEFF CALL dbimp.004099CC
0061B3DC . 8B4D 80       MOV ECX,DWORD PTR SS:[EBP-80]
0061B3DF . BA E4B66100 MOV EDX,dbimp.0061B6E4                ;  ASCII "RegID"
0061B3E4 . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B3E7 . E8 082FE3FF CALL dbimp.0044E2F4
0061B3EC . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B3EF . E8 D02CE3FF CALL dbimp.0044E0C4
0061B3F4 . E9 C2000000 JMP dbimp.0061B4BB
0061B3F9 > 8D95 74FFFFFF  LEA EDX,DWORD PTR SS:[EBP-8C]
0061B3FF . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0]
0061B404 . 8B00          MOV EAX,DWORD PTR DS:[EAX]
0061B406 . E8 AD49E9FF CALL dbimp.004AFDB8
0061B40B . 8B85 74FFFFFF  MOV EAX,DWORD PTR SS:[EBP-8C]
0061B411 . 8D95 78FFFFFF  LEA EDX,DWORD PTR SS:[EBP-88]
0061B417 . E8 CCF1DEFF CALL dbimp.0040A5E8
0061B41C . 8D85 78FFFFFF  LEA EAX,DWORD PTR SS:[EBP-88]
0061B422 . BA F4B66100 MOV EDX,dbimp.0061B6F4                ;  ASCII "Info.ini"
0061B427 . E8 949ADEFF CALL dbimp.00404EC0
0061B42C . 8B8D 78FFFFFF  MOV ECX,DWORD PTR SS:[EBP-88]
0061B432 . B2 01       MOV DL,1
0061B434 . A1 08D04400 MOV EAX,DWORD PTR DS:[44D008]
0061B439 . E8 7A1CE3FF CALL dbimp.0044D0B8
0061B43E . 8BF0          MOV ESI,EAX
0061B440 . 8D95 6CFFFFFF  LEA EDX,DWORD PTR SS:[EBP-94]
0061B446 . 8B83 04030000  MOV EAX,DWORD PTR DS:[EBX+304]
0061B44C . E8 1F2BE7FF CALL dbimp.0048DF70
0061B451 . 8B85 6CFFFFFF  MOV EAX,DWORD PTR SS:[EBP-94]
0061B457 . 8D95 70FFFFFF  LEA EDX,DWORD PTR SS:[EBP-90]
0061B45D . E8 6AE5DEFF CALL dbimp.004099CC
0061B462 . 8B85 70FFFFFF  MOV EAX,DWORD PTR SS:[EBP-90]
0061B468 . 50          PUSH EAX
0061B469 . B9 D4B66100 MOV ECX,dbimp.0061B6D4                ;  ASCII "RegName"
0061B46E . BA 08B76100 MOV EDX,dbimp.0061B708                ;  ASCII "RegInfo"
0061B473 . 8BC6          MOV EAX,ESI
0061B475 . 8B38          MOV EDI,DWORD PTR DS:[EAX]
0061B477 . FF57 04       CALL DWORD PTR DS:[EDI+4]
0061B47A . 8D95 64FFFFFF  LEA EDX,DWORD PTR SS:[EBP-9C]
0061B480 . 8B83 08030000  MOV EAX,DWORD PTR DS:[EBX+308]
0061B486 . E8 E52AE7FF CALL dbimp.0048DF70
0061B48B . 8B85 64FFFFFF  MOV EAX,DWORD PTR SS:[EBP-9C]
0061B491 . 8D95 68FFFFFF  LEA EDX,DWORD PTR SS:[EBP-98]
0061B497 . E8 30E5DEFF CALL dbimp.004099CC
0061B49C . 8B85 68FFFFFF  MOV EAX,DWORD PTR SS:[EBP-98]
0061B4A2 . 50          PUSH EAX
0061B4A3 . B9 E4B66100 MOV ECX,dbimp.0061B6E4                ;  ASCII "RegID"
0061B4A8 . BA 08B76100 MOV EDX,dbimp.0061B708                ;  ASCII "RegInfo"
0061B4AD . 8BC6          MOV EAX,ESI
0061B4AF . 8B38          MOV EDI,DWORD PTR DS:[EAX]
0061B4B1 . FF57 04       CALL DWORD PTR DS:[EDI+4]
0061B4B4 . 8BC6          MOV EAX,ESI
0061B4B6 . E8 3988DEFF CALL dbimp.00403CF4
0061B4BB > 6A 00       PUSH 0
0061B4BD . B9 10B76100 MOV ECX,dbimp.0061B710
0061B4C2 . BA 1CB76100 MOV EDX,dbimp.0061B71C
0061B4C7 . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0]
0061B4CC . 8B00          MOV EAX,DWORD PTR DS:[EAX]
0061B4CE . E8 6544E9FF CALL dbimp.004AF938
0061B4D3 . 8B83 F8020000  MOV EAX,DWORD PTR DS:[EBX+2F8]
0061B4D9 . 33D2          XOR EDX,EDX
0061B4DB . 8B08          MOV ECX,DWORD PTR DS:[EAX]
0061B4DD . FF51 64       CALL DWORD PTR DS:[ECX+64]
0061B4E0 . A1 E0966B00 MOV EAX,DWORD PTR DS:[6B96E0]
0061B4E5 . C640 28 01    MOV BYTE PTR DS:[EAX+28],1
0061B4E9 . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B4EC . E8 0388DEFF CALL dbimp.00403CF4
0061B4F1 . 33C0          XOR EAX,EAX
0061B4F3 . 5A          POP EDX
0061B4F4 . 59          POP ECX
0061B4F5 . 59          POP ECX
0061B4F6 . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B4F9 . 33C0          XOR EAX,EAX
0061B4FB . 5A          POP EDX
0061B4FC . 59          POP ECX
0061B4FD . 59          POP ECX
0061B4FE . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B501 . 33C0          XOR EAX,EAX
0061B503 . 5A          POP EDX
0061B504 . 59          POP ECX
0061B505 . 59          POP ECX
0061B506 . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B509 . EB 60       JMP SHORT dbimp.0061B56B
0061B50B . 33C0          XOR EAX,EAX
0061B50D . 5A          POP EDX
0061B50E . 59          POP ECX
0061B50F . 59          POP ECX
0061B510 . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B513 .^E9 BC8CDEFF JMP dbimp.004041D4
0061B518 . E8 E390DEFF CALL dbimp.00404600
0061B51D > 33C0          XOR EAX,EAX
0061B51F . 5A          POP EDX
0061B520 . 59          POP ECX
0061B521 . 59          POP ECX
0061B522 . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B525 . EB 0A       JMP SHORT dbimp.0061B531
0061B527 .^E9 A88CDEFF JMP dbimp.004041D4
0061B52C . E8 CF90DEFF CALL dbimp.00404600
0061B531 > 33C0          XOR EAX,EAX
0061B533 . 5A          POP EDX
0061B534 . 59          POP ECX
0061B535 . 59          POP ECX
0061B536 . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B539 . EB 0A       JMP SHORT dbimp.0061B545
0061B53B .^E9 948CDEFF JMP dbimp.004041D4
0061B540 . E8 BB90DEFF CALL dbimp.00404600
0061B545 > 837D FC 00    CMP DWORD PTR SS:[EBP-4],0
0061B549 . 74 08       JE SHORT dbimp.0061B553
0061B54B . 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0061B54E . E8 A187DEFF CALL dbimp.00403CF4
0061B553 > 6A 00       PUSH 0
0061B555 . B9 10B76100 MOV ECX,dbimp.0061B710
0061B55A . BA 5CB76100 MOV EDX,dbimp.0061B75C
0061B55F . A1 B09B6B00 MOV EAX,DWORD PTR DS:[6B9BB0]
0061B564 . 8B00          MOV EAX,DWORD PTR DS:[EAX]
0061B566 . E8 CD43E9FF CALL dbimp.004AF938
0061B56B > 33C0          XOR EAX,EAX
0061B56D . 5A          POP EDX
0061B56E . 59          POP ECX
0061B56F . 59          POP ECX
0061B570 . 64:8910       MOV DWORD PTR FS:[EAX],EDX
0061B573 . 68 95B66100 PUSH dbimp.0061B695
0061B578 > 8D85 64FFFFFF  LEA EAX,DWORD PTR SS:[EBP-9C]
0061B57E . E8 6596DEFF CALL dbimp.00404BE8
0061B583 . 8D85 68FFFFFF  LEA EAX,DWORD PTR SS:[EBP-98]
0061B589 . E8 5A96DEFF CALL dbimp.00404BE8
0061B58E . 8D85 6CFFFFFF  LEA EAX,DWORD PTR SS:[EBP-94]
0061B594 . E8 4F96DEFF CALL dbimp.00404BE8
0061B599 . 8D85 70FFFFFF  LEA EAX,DWORD PTR SS:[EBP-90]
0061B59F . BA 03000000 MOV EDX,3
0061B5A4 . E8 6396DEFF CALL dbimp.00404C0C
0061B5A9 . 8D85 7CFFFFFF  LEA EAX,DWORD PTR SS:[EBP-84]
0061B5AF . E8 3496DEFF CALL dbimp.00404BE8
0061B5B4 . 8D45 80       LEA EAX,DWORD PTR SS:[EBP-80]
0061B5B7 . E8 2C96DEFF CALL dbimp.00404BE8
0061B5BC . 8D45 84       LEA EAX,DWORD PTR SS:[EBP-7C]
0061B5BF . E8 2496DEFF CALL dbimp.00404BE8
0061B5C4 . 8D45 88       LEA EAX,DWORD PTR SS:[EBP-78]
0061B5C7 . BA 02000000 MOV EDX,2
0061B5CC . E8 3B96DEFF CALL dbimp.00404C0C
0061B5D1 . 8D45 90       LEA EAX,DWORD PTR SS:[EBP-70]
0061B5D4 . E8 0F96DEFF CALL dbimp.00404BE8
0061B5D9 . 8D45 94       LEA EAX,DWORD PTR SS:[EBP-6C]
0061B5DC . BA 02000000 MOV EDX,2
0061B5E1 . E8 2696DEFF CALL dbimp.00404C0C
0061B5E6 . 8D45 9C       LEA EAX,DWORD PTR SS:[EBP-64]
0061B5E9 . E8 FA95DEFF CALL dbimp.00404BE8
0061B5EE . 8D45 A0       LEA EAX,DWORD PTR SS:[EBP-60]
0061B5F1 . BA 02000000 MOV EDX,2
0061B5F6 . E8 1196DEFF CALL dbimp.00404C0C
0061B5FB . 8D45 A8       LEA EAX,DWORD PTR SS:[EBP-58]
0061B5FE . E8 E595DEFF CALL dbimp.00404BE8
0061B603 . 8D45 AC       LEA EAX,DWORD PTR SS:[EBP-54]
0061B606 . E8 DD95DEFF CALL dbimp.00404BE8
0061B60B . 8D45 B0       LEA EAX,DWORD PTR SS:[EBP-50]
0061B60E . E8 D595DEFF CALL dbimp.00404BE8
0061B613 . 8D45 B4       LEA EAX,DWORD PTR SS:[EBP-4C]
0061B616 . BA 02000000 MOV EDX,2
0061B61B . E8 EC95DEFF CALL dbimp.00404C0C
0061B620 . 8D45 BC       LEA EAX,DWORD PTR SS:[EBP-44]
0061B623 . E8 C095DEFF CALL dbimp.00404BE8
0061B628 . 8D45 C0       LEA EAX,DWORD PTR SS:[EBP-40]
0061B62B . E8 B895DEFF CALL dbimp.00404BE8
0061B630 . 8D45 C4       LEA EAX,DWORD PTR SS:[EBP-3C]
0061B633 . E8 B095DEFF CALL dbimp.00404BE8
0061B638 . 8D45 C8       LEA EAX,DWORD PTR SS:[EBP-38]
0061B63B . BA 03000000 MOV EDX,3
0061B640 . E8 C795DEFF CALL dbimp.00404C0C
0061B645 . 8D45 D4       LEA EAX,DWORD PTR SS:[EBP-2C]
0061B648 . E8 9B95DEFF CALL dbimp.00404BE8
0061B64D . 8D45 D8       LEA EAX,DWORD PTR SS:[EBP-28]
0061B650 . E8 9395DEFF CALL dbimp.00404BE8
0061B655 . 8D45 DC       LEA EAX,DWORD PTR SS:[EBP-24]
0061B658 . E8 8B95DEFF CALL dbimp.00404BE8
0061B65D . 8D45 E0       LEA EAX,DWORD PTR SS:[EBP-20]
0061B660 . E8 8395DEFF CALL dbimp.00404BE8
0061B665 . 8D45 E4       LEA EAX,DWORD PTR SS:[EBP-1C]
0061B668 . E8 7B95DEFF CALL dbimp.00404BE8
0061B66D . 8D45 E8       LEA EAX,DWORD PTR SS:[EBP-18]
0061B670 . E8 7395DEFF CALL dbimp.00404BE8
0061B675 . 8D45 EC       LEA EAX,DWORD PTR SS:[EBP-14]
0061B678 . E8 6B95DEFF CALL dbimp.00404BE8
0061B67D . 8D45 F0       LEA EAX,DWORD PTR SS:[EBP-10]
0061B680 . BA 03000000 MOV EDX,3
0061B685 . E8 8295DEFF CALL dbimp.00404C0C
0061B68A . C3          RETN
0061B68B .^E9 F88DDEFF JMP dbimp.00404488
0061B690 .^E9 E3FEFFFF JMP dbimp.0061B578
0061B695 . 5F          POP EDI
0061B696 . 5E          POP ESI
0061B697 . 5B          POP EBX
0061B698 . 8BE5          MOV ESP,EBP
0061B69A . 5D          POP EBP
0061B69B . C3          RETN

2007-3-19 13:42

0