[求助]小弟是一新手,请问看到这些代码以后,小弟应该做什么呢?请大家帮帮忙-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]小弟是一新手,请问看到这些代码以后,小弟应该做什么呢?请大家帮帮忙 0.00雪花

发表于: 2007-7-8 17:48 4541

[旧帖] [求助]小弟是一新手,请问看到这些代码以后,小弟应该做什么呢?请大家帮帮忙 0.00雪花

guaiziyang 活跃值

2007-7-8 17:48

4541

问题一:请问从这些代码中能看到密码吗?
问题二:看不到密码的情况下,小弟下一步应该做什么呢?
还望那位大哥赐教不胜感激。

object ParnerDlg: TParnerDlg
  Left = 241
  Top = 182
  BorderStyle = bsDialog
  Caption = '使用查核窗'
  ClientHeight = 269
  ClientWidth = 470
  Color = 12895487
  Font.Charset = CHINESEBIG5_CHARSET
  Font.Color = clWindowText
  Font.Height = -15
  Font.Name = '新細明體'
  Font.Style = []
  OldCreateOrder = False
  Position = poScreenCenter
  OnCreate = FormCreate
  OnShow = FormShow
  PixelsPerInch = 96
  TextHeight = 15
  object PG: TPageControl
Left = 24
Top = 8
Width = 421
Height = 241
ActivePage = TabSheet5
TabIndex = 4
TabOrder = 0
object TabSheet1: TTabSheet
   Caption = 'TabSheet1'
   object Label1: TLabel
      Left = 92
      Top = 72
      Width = 75
      Height = 15
      Caption = '請輸入密碼'
   end
   object PassWd: TEdit
      Left = 180
      Top = 68
      Width = 121
      Height = 23
      ImeName = '中文 (繁體) - 注音'
      MaxLength = 14
      PasswordChar = '*'
      TabOrder = 0
   end
   object BitBtn7: TBitBtn
      Left = 116
      Top = 152
      Width = 75
      Height = 25
      Caption = '確定'
      TabOrder = 1
      OnClick = BitBtn7Click
   end
   object BitBtn8: TBitBtn
      Left = 212
      Top = 152
      Width = 75
      Height = 25
      TabOrder = 2
      Kind = bkClose
   end
end
object TabSheet2: TTabSheet
   Caption = 'TabSheet2'
   ImageIndex = 1
   object Label2: TLabel
      Left = 92
      Top = 48
      Width = 210
      Height = 21
      Caption = '截至目前為止您已出表'
      Font.Charset = CHINESEBIG5_CHARSET
      Font.Color = clWindowText
      Font.Height = -21
      Font.Name = '新細明體'
      Font.Style = []
      ParentFont = False
   end
   object Label3: TLabel
      Left = 168
      Top = 92
      Width = 55
      Height = 21
      Alignment = taRightJustify
      Caption = 'Label3'
      Font.Charset = CHINESEBIG5_CHARSET
      Font.Color = clBlue
      Font.Height = -21
      Font.Name = '新細明體'
      Font.Style = []
      ParentFont = False
   end
   object Label4: TLabel
      Left = 236
      Top = 96
      Width = 15
      Height = 15
      Caption = '件'
   end
   object Label9: TLabel
      Left = 92
      Top = 132
      Width = 75
      Height = 15
      Caption = '上期清除於'
   end
   object Label10: TLabel
      Left = 172
      Top = 130
      Width = 51
      Height = 16
      Caption = 'Label10'
      Font.Charset = CHINESEBIG5_CHARSET
      Font.Color = clMaroon
      Font.Height = -16
      Font.Name = '新細明體'
      Font.Style = []
      ParentFont = False
   end
   object BitBtn1: TBitBtn
      Left = 52
      Top = 164
      Width = 75
      Height = 25
      Caption = '清除歸零'
      TabOrder = 0
      OnClick = BitBtn1Click
   end
   object BitBtn2: TBitBtn
      Left = 164
      Top = 164
      Width = 75
      Height = 25
      Caption = '更改密碼'
      TabOrder = 1
      OnClick = BitBtn2Click
   end
   object BitBtn3: TBitBtn
      Left = 284
      Top = 164
      Width = 75
      Height = 25
      TabOrder = 2
      Kind = bkClose
   end
end
object TabSheet3: TTabSheet
   Caption = 'TabSheet3'
   ImageIndex = 2
   object Label5: TLabel
      Left = 80
      Top = 72
      Width = 75
      Height = 15
      Caption = '輸入新密碼'
   end
   object Label6: TLabel
      Left = 80
      Top = 100
      Width = 75
      Height = 15
      Caption = '再一次確認'
   end
   object Label14: TLabel
      Left = 64
      Top = 28
      Width = 100
      Height = 16
      Caption = '更改密碼作業:'
      Font.Charset = CHINESEBIG5_CHARSET
      Font.Color = clWindowText
      Font.Height = -16
      Font.Name = '新細明體'
      Font.Style = [fsUnderline]
      ParentFont = False
   end
   object NewPwED: TEdit
      Left = 172
      Top = 68
      Width = 121
      Height = 23
      ImeName = '中文 (繁體) - 注音'
      MaxLength = 14
      PasswordChar = '*'
      TabOrder = 0
      Text = 'NewPwED'
   end
   object AgainED: TEdit
      Left = 172
      Top = 96
      Width = 121
      Height = 23
      ImeName = '中文 (繁體) - 注音'
      MaxLength = 14
      PasswordChar = '*'
      TabOrder = 1
      Text = 'AgainED'
   end
   object BitBtn4: TBitBtn
      Left = 172
      Top = 168
      Width = 75
      Height = 25
      Caption = '確定'
      TabOrder = 2
      OnClick = BitBtn4Click
   end
   object BitBtn5: TBitBtn
      Left = 284
      Top = 168
      Width = 75
      Height = 25
      TabOrder = 3
      Kind = bkCancel
   end
end
object TabSheet4: TTabSheet
   Caption = 'TabSheet4'
   ImageIndex = 3
   object Label7: TLabel
      Left = 0
      Top = 52
      Width = 413
      Height = 15
      Alignment = taCenter
      AutoSize = False
      Caption = '已完成密碼更改,請下次登入時'
   end
   object Label8: TLabel
      Left = 0
      Top = 92
      Width = 409
      Height = 19
      Alignment = taCenter
      AutoSize = False
      Caption = '採用新密碼!!'
      Font.Charset = CHINESEBIG5_CHARSET
      Font.Color = clWindowText
      Font.Height = -19
      Font.Name = '新細明體'
      Font.Style = []
      ParentFont = False
   end
   object BitBtn6: TBitBtn
      Left = 168
      Top = 152
      Width = 75
      Height = 25
      Caption = '回上頁'
      TabOrder = 0
      OnClick = BitBtn6Click
   end
   object BitBtn9: TBitBtn
      Left = 268
      Top = 152
      Width = 75
      Height = 25
      TabOrder = 1
      Kind = bkClose
   end
end
object TabSheet5: TTabSheet
   Caption = 'TabSheet5'
   ImageIndex = 4
   object Label11: TLabel
      Left = 116
      Top = 36
      Width = 180
      Height = 15
      Alignment = taCenter
      Caption = '你將進入多元智慧演算系統'
   end
   object Label12: TLabel
      Left = 88
      Top = 68
      Width = 237
      Height = 15
      Alignment = taCenter
      AutoSize = False
      Caption = '如不是本系統操作人員請按離開鍵'
   end
   object Label13: TLabel
      Left = 116
      Top = 108
      Width = 30
      Height = 15
      Caption = '密碼'
   end
   object BitBtn10: TBitBtn
      Left = 104
      Top = 144
      Width = 75
      Height = 25
      Caption = '確定'
      TabOrder = 0
      OnClick = BitBtn10Click
   end
   object BitBtn11: TBitBtn
      Left = 216
      Top = 144
      Width = 75
      Height = 25
      TabOrder = 1
      Kind = bkCancel
   end
   object UUPS: TEdit
      Left = 156
      Top = 100
      Width = 121
      Height = 23
      ImeName = '中文 (繁體) - 注音'
      PasswordChar = '*'
      TabOrder = 2
   end
end
  end
end

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法

收藏・0

免费・0

支持

最新回复 (10)
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 2 楼我只能看明的一点点不知道对不对,请大家指点. 这里面是不是有说到,叫我输入密码,密码是用*号显示的,但密码输完以后,又是如何判断,密码是对还是错的呢?如果是错的那又会出现什么事件呢?我实是看不明白,请大家帮忙. 2007-7-8 17:54 0
yzengr 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 162 粉丝 0 关注私信	yzengr 3 楼看不到，这些是资源嘛。程序是用DELPHI写的 2007-7-8 17:56 0
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 4 楼小弟在线等各位大哥给的帮助 2007-7-8 18:01 0
明日雄鹰雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 72 粉丝 0 关注私信	明日雄鹰 5 楼这个我也看不懂你用OD打开看看 2007-7-8 18:05 0
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 6 楼那我想破解这个软件,接下来我应该怎么做呢?还请大哥指教 2007-7-8 18:57 0
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 7 楼 00401000 . /04104000 dd analyze.00401004 00401004 \03 db 03 00401005 . 07 db 07 00401006 . 42 6F 6F 6C 6>ascii "Boolean" 0040100D 01 db 01 0040100E 00 db 00 0040100F 00 db 00 00401010 00 db 00 00401011 00 db 00 00401012 01 db 01 00401013 00 db 00 00401014 00 db 00 00401015 00 db 00 00401016 . 00104000 dd analyze.00401000 0040101A . 05 db 05 0040101B . 46 61 6C 73 6>ascii "False" 00401020 . 04 db 04 00401021 . 54 72 75 65 ascii "True" 00401025 8D40 00 lea eax, dword ptr [eax] 00401028 . 2C104000 dd analyze.0040102C 0040102C 02 db 02 0040102D . 04 db 04 0040102E . 43 68 61 72 ascii "Char" 00401032 01 db 01 00401033 00 db 00 00401034 00 db 00 00401035 00 db 00 00401036 00 db 00 00401037 FF db FF 00401038 00 db 00 00401039 00 db 00 0040103A 00 db 00 0040103B 90 db 90 0040103C . 40104000 dd analyze.00401040 00401040 01 db 01 00401041 . 08 db 08 00401042 . 53 6D 61 6C 6>ascii "Smallint" 0040104A 02 db 02 0040104B 00 db 00 0040104C 80 db 80 0040104D FF db FF 0040104E FF db FF 0040104F FF db FF 00401050 7F db 7F 00401051 00 db 00 00401052 00 db 00 00401053 90 db 90 00401054 . 58104000 dd analyze.00401058 00401058 01 db 01 00401059 . 07 db 07 0040105A . 49 6E 74 65 6>ascii "Integer" 00401061 04 db 04 00401062 00 db 00 00401063 00 db 00 00401064 00 db 00 00401065 80 db 80 00401066 FF db FF 00401067 FF db FF 00401068 FF db FF 00401069 7F db 7F 0040106A 8BC0 mov eax, eax 0040106C . 70104000 dd analyze.00401070 00401070 01 db 01 00401071 . 04 db 04 00401072 . 42 79 74 65 ascii "Byte" 00401076 01 db 01 00401077 00 db 00 00401078 00 db 00 00401079 00 db 00 0040107A 00 db 00 0040107B FF db FF 0040107C 00 db 00 0040107D 00 db 00 0040107E 00 db 00 0040107F 90 db 90 00401080 . 84104000 dd analyze.00401084 00401084 01 db 01 00401085 . 04 db 04 00401086 . 57 6F 72 64 ascii "Word" 0040108A 03 db 03 0040108B 00 db 00 0040108C 00 db 00 0040108D 00 db 00 0040108E 00 db 00 0040108F FF db FF 00401090 FF db FF 00401091 00 db 00 00401092 00 db 00 00401093 90 db 90 00401094 . 98104000 dd analyze.00401098 00401098 04 db 04 00401099 . 08 db 08 0040109A . 45 78 74 65 6>ascii "Extended" 004010A2 02 db 02 004010A3 90 db 90 004010A4 . A8104000 dd analyze.004010A8 004010A8 01 db 01 004010A9 . 08 db 08 004010AA . 43 61 72 64 6>ascii "Cardinal" 004010B2 05 db 05 004010B3 00 db 00 004010B4 00 db 00 004010B5 00 db 00 004010B6 00 db 00 004010B7 FF db FF 004010B8 FF db FF 004010B9 FF db FF 004010BA FF db FF 004010BB 90 db 90 004010BC . C0104000 dd analyze.004010C0 004010C0 10 db 10 004010C1 . 05 db 05 004010C2 . 49 6E 74 36 3>ascii "Int64" 004010C7 00 db 00 004010C8 00 db 00 004010C9 00 db 00 004010CA 00 db 00 004010CB 00 db 00 004010CC 00 db 00 004010CD 00 db 00 004010CE 80 db 80 004010CF FF db FF 004010D0 FF db FF 004010D1 FF db FF 004010D2 FF db FF 004010D3 FF db FF 004010D4 FF db FF 004010D5 FF db FF 004010D6 7F db 7F 004010D7 90 db 90 004010D8 . DC104000 dd analyze.004010DC 004010DC 04 db 04 004010DD . 06 db 06 004010DE . 44 6F 75 62 6>ascii "Double" 004010E4 01 db 01 004010E5 8D40 00 lea eax, dword ptr [eax] 004010E8 . EC104000 dd analyze.004010EC 004010EC 04 db 04 004010ED . 08 db 08 004010EE . 43 75 72 72 6>ascii "Currency" 004010F6 04 db 04 004010F7 90 db 90 004010F8 . FC104000 dd analyze.004010FC 004010FC 0A db 0A 004010FD . 06 db 06 004010FE . 53 74 72 69 6>ascii "String" 00401104 . 08114000 dd analyze.00401108 00401108 0B db 0B 00401109 . 0A db 0A 0040110A . 57 69 64 65 5>ascii "WideString" 00401114 . 18114000 dd analyze.00401118 00401118 0C db 0C 00401119 . 07 db 07 0040111A . 56 61 72 69 6>ascii "Variant" 00401121 8D40 00 lea eax, dword ptr [eax] 00401124 . 28114000 dd analyze.00401128 00401128 0C db 0C 00401129 . 0A db 0A 0040112A . 4F 6C 65 56 6>ascii "OleVariant" 00401134 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401138 00 db 00 00401139 00 db 00 0040113A 00 db 00 0040113B 00 db 00 0040113C 00 db 00 0040113D 00 db 00 0040113E 00 db 00 0040113F 00 db 00 00401140 00 db 00 00401141 00 db 00 00401142 00 db 00 00401143 00 db 00 00401144 00 db 00 00401145 00 db 00 00401146 00 db 00 00401147 00 db 00 00401148 00 db 00 00401149 00 db 00 0040114A 00 db 00 0040114B 00 db 00 0040114C 00 db 00 0040114D 00 db 00 0040114E 00 db 00 0040114F 00 db 00 00401150 00 db 00 00401151 00 db 00 00401152 00 db 00 00401153 00 db 00 00401154 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401158 04 db 04 00401159 00 db 00 0040115A 00 db 00 0040115B 00 db 00 0040115C 00 db 00 0040115D 00 db 00 0040115E 00 db 00 0040115F 00 db 00 00401160 . 483B4000 dd analyze.00403B48 ; 入口地址 00401164 . 543B4000 dd analyze.00403B54 ; 入口地址 00401168 . 583B4000 dd analyze.00403B58 ; 入口地址 0040116C . 5C3B4000 dd analyze.00403B5C 00401170 . 503B4000 dd analyze.00403B50 ; 入口地址 00401174 . 98384000 dd analyze.00403898 ; 入口地址 00401178 . B4384000 dd analyze.004038B4 ; 入口地址 0040117C . F0384000 dd analyze.004038F0 ; 入口地址 00401000 . /04104000 dd analyze.00401004 00401004 \03 db 03 00401005 . 07 db 07 00401006 . 42 6F 6F 6C 6>ascii "Boolean" 0040100D 01 db 01 0040100E 00 db 00 0040100F 00 db 00 00401010 00 db 00 00401011 00 db 00 00401012 01 db 01 00401013 00 db 00 00401014 00 db 00 00401015 00 db 00 00401016 . 00104000 dd analyze.00401000 0040101A . 05 db 05 0040101B . 46 61 6C 73 6>ascii "False" 00401020 . 04 db 04 00401021 . 54 72 75 65 ascii "True" 00401025 8D40 00 lea eax, dword ptr [eax] 00401028 . 2C104000 dd analyze.0040102C 0040102C 02 db 02 0040102D . 04 db 04 0040102E . 43 68 61 72 ascii "Char" 00401032 01 db 01 00401033 00 db 00 00401034 00 db 00 00401035 00 db 00 00401036 00 db 00 00401037 FF db FF 00401038 00 db 00 00401039 00 db 00 0040103A 00 db 00 0040103B 90 db 90 0040103C . 40104000 dd analyze.00401040 00401040 01 db 01 00401041 . 08 db 08 00401042 . 53 6D 61 6C 6>ascii "Smallint" 0040104A 02 db 02 0040104B 00 db 00 0040104C 80 db 80 0040104D FF db FF 0040104E FF db FF 0040104F FF db FF 00401050 7F db 7F 00401051 00 db 00 00401052 00 db 00 00401053 90 db 90 00401054 . 58104000 dd analyze.00401058 00401058 01 db 01 00401059 . 07 db 07 0040105A . 49 6E 74 65 6>ascii "Integer" 00401061 04 db 04 00401062 00 db 00 00401063 00 db 00 00401064 00 db 00 00401065 80 db 80 00401066 FF db FF 00401067 FF db FF 00401068 FF db FF 00401069 7F db 7F 0040106A 8BC0 mov eax, eax 0040106C . 70104000 dd analyze.00401070 00401070 01 db 01 00401071 . 04 db 04 00401072 . 42 79 74 65 ascii "Byte" 00401076 01 db 01 00401077 00 db 00 00401078 00 db 00 00401079 00 db 00 0040107A 00 db 00 0040107B FF db FF 0040107C 00 db 00 0040107D 00 db 00 0040107E 00 db 00 0040107F 90 db 90 00401080 . 84104000 dd analyze.00401084 00401084 01 db 01 00401085 . 04 db 04 00401086 . 57 6F 72 64 ascii "Word" 0040108A 03 db 03 0040108B 00 db 00 0040108C 00 db 00 0040108D 00 db 00 0040108E 00 db 00 0040108F FF db FF 00401090 FF db FF 00401091 00 db 00 00401092 00 db 00 00401093 90 db 90 00401094 . 98104000 dd analyze.00401098 00401098 04 db 04 00401099 . 08 db 08 0040109A . 45 78 74 65 6>ascii "Extended" 004010A2 02 db 02 004010A3 90 db 90 004010A4 . A8104000 dd analyze.004010A8 004010A8 01 db 01 004010A9 . 08 db 08 004010AA . 43 61 72 64 6>ascii "Cardinal" 004010B2 05 db 05 004010B3 00 db 00 004010B4 00 db 00 004010B5 00 db 00 004010B6 00 db 00 004010B7 FF db FF 004010B8 FF db FF 004010B9 FF db FF 004010BA FF db FF 004010BB 90 db 90 004010BC . C0104000 dd analyze.004010C0 004010C0 10 db 10 004010C1 . 05 db 05 004010C2 . 49 6E 74 36 3>ascii "Int64" 004010C7 00 db 00 004010C8 00 db 00 004010C9 00 db 00 004010CA 00 db 00 004010CB 00 db 00 004010CC 00 db 00 004010CD 00 db 00 004010CE 80 db 80 004010CF FF db FF 004010D0 FF db FF 004010D1 FF db FF 004010D2 FF db FF 004010D3 FF db FF 004010D4 FF db FF 004010D5 FF db FF 004010D6 7F db 7F 004010D7 90 db 90 004010D8 . DC104000 dd analyze.004010DC 004010DC 04 db 04 004010DD . 06 db 06 004010DE . 44 6F 75 62 6>ascii "Double" 004010E4 01 db 01 004010E5 8D40 00 lea eax, dword ptr [eax] 004010E8 . EC104000 dd analyze.004010EC 004010EC 04 db 04 004010ED . 08 db 08 004010EE . 43 75 72 72 6>ascii "Currency" 004010F6 04 db 04 004010F7 90 db 90 004010F8 . FC104000 dd analyze.004010FC 004010FC 0A db 0A 004010FD . 06 db 06 004010FE . 53 74 72 69 6>ascii "String" 00401104 . 08114000 dd analyze.00401108 00401108 0B db 0B 00401109 . 0A db 0A 0040110A . 57 69 64 65 5>ascii "WideString" 00401114 . 18114000 dd analyze.00401118 00401118 0C db 0C 00401119 . 07 db 07 0040111A . 56 61 72 69 6>ascii "Variant" 00401121 8D40 00 lea eax, dword ptr [eax] 00401124 . 28114000 dd analyze.00401128 00401128 0C db 0C 00401129 . 0A db 0A 0040112A . 4F 6C 65 56 6>ascii "OleVariant" 00401134 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401138 00 db 00 00401139 00 db 00 0040113A 00 db 00 0040113B 00 db 00 0040113C 00 db 00 0040113D 00 db 00 0040113E 00 db 00 0040113F 00 db 00 00401140 00 db 00 00401141 00 db 00 00401142 00 db 00 00401143 00 db 00 00401144 00 db 00 00401145 00 db 00 00401146 00 db 00 00401147 00 db 00 00401148 00 db 00 00401149 00 db 00 0040114A 00 db 00 0040114B 00 db 00 0040114C 00 db 00 0040114D 00 db 00 0040114E 00 db 00 0040114F 00 db 00 00401150 00 db 00 00401151 00 db 00 00401152 00 db 00 00401153 00 db 00 00401154 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401158 04 db 04 00401159 00 db 00 0040115A 00 db 00 0040115B 00 db 00 0040115C 00 db 00 0040115D 00 db 00 0040115E 00 db 00 0040115F 00 db 00 00401160 . 483B4000 dd analyze.00403B48 ; 入口地址 00401164 . 543B4000 dd analyze.00403B54 ; 入口地址 00401168 . 583B4000 dd analyze.00403B58 ; 入口地址 0040116C . 5C3B4000 dd analyze.00403B5C 00401170 . 503B4000 dd analyze.00403B50 ; 入口地址 00401174 . 98384000 dd analyze.00403898 ; 入口地址 00401178 . B4384000 dd analyze.004038B4 ; 入口地址 0040117C . F0384000 dd analyze.004038F0 ; 入口地址 00401000 . /04104000 dd analyze.00401004 00401004 \03 db 03 00401005 . 07 db 07 00401006 . 42 6F 6F 6C 6>ascii "Boolean" 0040100D 01 db 01 0040100E 00 db 00 0040100F 00 db 00 00401010 00 db 00 00401011 00 db 00 00401012 01 db 01 00401013 00 db 00 00401014 00 db 00 00401015 00 db 00 00401016 . 00104000 dd analyze.00401000 0040101A . 05 db 05 0040101B . 46 61 6C 73 6>ascii "False" 00401020 . 04 db 04 00401021 . 54 72 75 65 ascii "True" 00401025 8D40 00 lea eax, dword ptr [eax] 00401028 . 2C104000 dd analyze.0040102C 0040102C 02 db 02 0040102D . 04 db 04 0040102E . 43 68 61 72 ascii "Char" 00401032 01 db 01 00401033 00 db 00 00401034 00 db 00 00401035 00 db 00 00401036 00 db 00 00401037 FF db FF 00401038 00 db 00 00401039 00 db 00 0040103A 00 db 00 0040103B 90 db 90 0040103C . 40104000 dd analyze.00401040 00401040 01 db 01 00401041 . 08 db 08 00401042 . 53 6D 61 6C 6>ascii "Smallint" 0040104A 02 db 02 0040104B 00 db 00 0040104C 80 db 80 0040104D FF db FF 0040104E FF db FF 0040104F FF db FF 00401050 7F db 7F 00401051 00 db 00 00401052 00 db 00 00401053 90 db 90 00401054 . 58104000 dd analyze.00401058 00401058 01 db 01 00401059 . 07 db 07 0040105A . 49 6E 74 65 6>ascii "Integer" 00401061 04 db 04 00401062 00 db 00 00401063 00 db 00 00401064 00 db 00 00401065 80 db 80 00401066 FF db FF 00401067 FF db FF 00401068 FF db FF 00401069 7F db 7F 0040106A 8BC0 mov eax, eax 0040106C . 70104000 dd analyze.00401070 00401070 01 db 01 00401071 . 04 db 04 00401072 . 42 79 74 65 ascii "Byte" 00401076 01 db 01 00401077 00 db 00 00401078 00 db 00 00401079 00 db 00 0040107A 00 db 00 0040107B FF db FF 0040107C 00 db 00 0040107D 00 db 00 0040107E 00 db 00 0040107F 90 db 90 00401080 . 84104000 dd analyze.00401084 00401084 01 db 01 00401085 . 04 db 04 00401086 . 57 6F 72 64 ascii "Word" 0040108A 03 db 03 0040108B 00 db 00 0040108C 00 db 00 0040108D 00 db 00 0040108E 00 db 00 0040108F FF db FF 00401090 FF db FF 00401091 00 db 00 00401092 00 db 00 00401093 90 db 90 00401094 . 98104000 dd analyze.00401098 00401098 04 db 04 00401099 . 08 db 08 0040109A . 45 78 74 65 6>ascii "Extended" 004010A2 02 db 02 004010A3 90 db 90 004010A4 . A8104000 dd analyze.004010A8 004010A8 01 db 01 004010A9 . 08 db 08 004010AA . 43 61 72 64 6>ascii "Cardinal" 004010B2 05 db 05 004010B3 00 db 00 004010B4 00 db 00 004010B5 00 db 00 004010B6 00 db 00 004010B7 FF db FF 004010B8 FF db FF 004010B9 FF db FF 004010BA FF db FF 004010BB 90 db 90 004010BC . C0104000 dd analyze.004010C0 004010C0 10 db 10 004010C1 . 05 db 05 004010C2 . 49 6E 74 36 3>ascii "Int64" 004010C7 00 db 00 004010C8 00 db 00 004010C9 00 db 00 004010CA 00 db 00 004010CB 00 db 00 004010CC 00 db 00 004010CD 00 db 00 004010CE 80 db 80 004010CF FF db FF 004010D0 FF db FF 004010D1 FF db FF 004010D2 FF db FF 004010D3 FF db FF 004010D4 FF db FF 004010D5 FF db FF 004010D6 7F db 7F 004010D7 90 db 90 004010D8 . DC104000 dd analyze.004010DC 004010DC 04 db 04 004010DD . 06 db 06 004010DE . 44 6F 75 62 6>ascii "Double" 004010E4 01 db 01 004010E5 8D40 00 lea eax, dword ptr [eax] 004010E8 . EC104000 dd analyze.004010EC 004010EC 04 db 04 004010ED . 08 db 08 004010EE . 43 75 72 72 6>ascii "Currency" 004010F6 04 db 04 004010F7 90 db 90 004010F8 . FC104000 dd analyze.004010FC 004010FC 0A db 0A 004010FD . 06 db 06 004010FE . 53 74 72 69 6>ascii "String" 00401104 . 08114000 dd analyze.00401108 00401108 0B db 0B 00401109 . 0A db 0A 0040110A . 57 69 64 65 5>ascii "WideString" 00401114 . 18114000 dd analyze.00401118 00401118 0C db 0C 00401119 . 07 db 07 0040111A . 56 61 72 69 6>ascii "Variant" 00401121 8D40 00 lea eax, dword ptr [eax] 00401124 . 28114000 dd analyze.00401128 00401128 0C db 0C 00401129 . 0A db 0A 0040112A . 4F 6C 65 56 6>ascii "OleVariant" 00401134 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401138 00 db 00 00401139 00 db 00 0040113A 00 db 00 0040113B 00 db 00 0040113C 00 db 00 0040113D 00 db 00 0040113E 00 db 00 0040113F 00 db 00 00401140 00 db 00 00401141 00 db 00 00401142 00 db 00 00401143 00 db 00 00401144 00 db 00 00401145 00 db 00 00401146 00 db 00 00401147 00 db 00 00401148 00 db 00 00401149 00 db 00 0040114A 00 db 00 0040114B 00 db 00 0040114C 00 db 00 0040114D 00 db 00 0040114E 00 db 00 0040114F 00 db 00 00401150 00 db 00 00401151 00 db 00 00401152 00 db 00 00401153 00 db 00 00401154 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401158 04 db 04 00401159 00 db 00 0040115A 00 db 00 0040115B 00 db 00 0040115C 00 db 00 0040115D 00 db 00 0040115E 00 db 00 0040115F 00 db 00 00401160 . 483B4000 dd analyze.00403B48 ; 入口地址 00401164 . 543B4000 dd analyze.00403B54 ; 入口地址 00401168 . 583B4000 dd analyze.00403B58 ; 入口地址 0040116C . 5C3B4000 dd analyze.00403B5C 00401170 . 503B4000 dd analyze.00403B50 ; 入口地址 00401174 . 98384000 dd analyze.00403898 ; 入口地址 00401178 . B4384000 dd analyze.004038B4 ; 入口地址 0040117C . F0384000 dd analyze.004038F0 ; 入口地址 2007-7-8 20:04 0
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 8 楼 00401180 . 07 db 07 00401181 . 54 4F 62 6A 6>ascii "TObject" 00401188 . 8C114000 dd analyze.0040118C 0040118C 07 db 07 0040118D . 07 db 07 0040118E . 54 4F 62 6A 6>ascii "TObject" 00401195 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401199 00 db 00 0040119A 00 db 00 0040119B 00 db 00 0040119C 00 db 00 0040119D 00 db 00 0040119E 00 db 00 0040119F . 06 db 06 004011A0 . 53 79 73 74 6>ascii "System" 004011A6 00 db 00 004011A7 00 db 00 004011A8 . AC114000 dd analyze.004011AC 004011AC 0F db 0F 004011AD . 0A db 0A 004011AE . 49 49 6E 74 6>ascii "IInterface" 004011B8 00 db 00 004011B9 00 db 00 004011BA 00 db 00 004011BB 00 db 00 004011BC 01 db 01 004011BD 00 db 00 004011BE 00 db 00 004011BF 00 db 00 004011C0 00 db 00 004011C1 00 db 00 004011C2 00 db 00 004011C3 00 db 00 004011C4 00 db 00 004011C5 C0 db C0 004011C6 00 db 00 004011C7 00 db 00 004011C8 00 db 00 004011C9 00 db 00 004011CA 00 db 00 004011CB 00 db 00 004011CC 46 db 46 ; CHAR 'F' 004011CD . 06 db 06 004011CE . 53 79 73 74 6>ascii "System" 004011D4 03 db 03 004011D5 00 db 00 004011D6 FF db FF 004011D7 FF db FF 004011D8 . DC114000 dd analyze.004011DC 004011DC 0F db 0F 004011DD . 09 db 09 004011DE . 49 44 69 73 7>ascii "IDispatch" 004011E7 . A8114000 dd analyze.004011A8 004011EB 01 db 01 004011EC 00 db 00 004011ED 04 db 04 004011EE 02 db 02 004011EF 00 db 00 004011F0 00 db 00 004011F1 00 db 00 004011F2 00 db 00 004011F3 00 db 00 004011F4 C0 db C0 004011F5 00 db 00 004011F6 00 db 00 004011F7 00 db 00 004011F8 00 db 00 004011F9 00 db 00 004011FA 00 db 00 004011FB 46 db 46 ; CHAR 'F' 004011FC . 06 db 06 004011FD . 53 79 73 74 6>ascii "System" 00401203 04 db 04 00401204 00 db 00 00401205 FF db FF 00401206 FF db FF 00401207 90 nop 00401208 CC int3 00401209 . 834424 04 F8 add dword ptr [esp+4], -8 0040120E . E9 E5530000 jmp 004065F8 00401213 . 834424 04 F8 add dword ptr [esp+4], -8 00401218 . E9 03540000 jmp 00406620 0040121D . 834424 04 F8 add dword ptr [esp+4], -8 00401222 . E9 0D540000 jmp 00406634 00401227 CC db CC 00401228 . 09124000 dd analyze.00401209 0040122C . 13124000 dd analyze.00401213 00401230 . 1D124000 dd analyze.0040121D 00401234 01 db 01 00401235 00 db 00 00401236 00 db 00 00401237 00 db 00 00401238 00 db 00 00401239 00 db 00 0040123A 00 db 00 0040123B 00 db 00 0040123C 00 db 00 0040123D 00 db 00 0040123E 00 db 00 0040123F 00 db 00 00401240 C0 db C0 00401241 00 db 00 00401242 00 db 00 00401243 00 db 00 00401244 00 db 00 00401245 00 db 00 00401246 00 db 00 00401247 46 db 46 ; CHAR 'F' 00401248 . 28124000 dd analyze.00401228 0040124C 08 db 08 0040124D 00 db 00 0040124E 00 db 00 0040124F 00 db 00 00401250 00 db 00 00401251 00 db 00 00401252 00 db 00 00401253 00 db 00 00401254 . A0124000 dd analyze.004012A0 ; ASCII 11,"TInterfacedObject" 00401258 . 34124000 dd analyze.00401234 0040125C 00 db 00 0040125D 00 db 00 0040125E 00 db 00 0040125F 00 db 00 00401260 00 db 00 00401261 00 db 00 00401262 00 db 00 00401263 00 db 00 00401264 00 db 00 00401265 00 db 00 00401266 00 db 00 00401267 00 db 00 00401268 00 db 00 00401269 00 db 00 0040126A 00 db 00 0040126B 00 db 00 0040126C 00 db 00 0040126D 00 db 00 0040126E 00 db 00 0040126F 00 db 00 00401270 00 db 00 00401271 00 db 00 00401272 00 db 00 00401273 00 db 00 00401274 . A0124000 dd analyze.004012A0 ; ASCII 11,"TInterfacedObject" 00401278 0C db 0C 00401279 00 db 00 0040127A 00 db 00 0040127B 00 db 00 0040127C . 34114000 dd analyze.00401134 00401280 . 483B4000 dd analyze.00403B48 ; 入口地址 00401284 . CC654000 dd analyze.004065CC 00401288 . D8654000 dd analyze.004065D8 0040128C . 5C3B4000 dd analyze.00403B5C 00401290 . 503B4000 dd analyze.00403B50 ; 入口地址 00401294 . E8654000 dd analyze.004065E8 00401298 . B4384000 dd analyze.004038B4 ; 入口地址 0040129C . F0384000 dd analyze.004038F0 ; 入口地址 004012A0 . 11 db 11 004012A1 . 54 49 6E 74 6>ascii "TInterfacedObjec" 004012B1 . 74 ascii "t" 004012B2 8BC0 mov eax, eax 004012B4 . B8124000 dd analyze.004012B8 004012B8 11 db 11 004012B9 . 0B db 0B 004012BA . 54 42 6F 75 6>ascii "TBoundArray" 004012C5 04 db 04 004012C6 00 db 00 004012C7 00 db 00 004012C8 00 db 00 004012C9 00 db 00 004012CA 00 db 00 004012CB 00 db 00 004012CC 00 db 00 004012CD 03 db 03 004012CE 00 db 00 004012CF 00 db 00 004012D0 00 db 00 004012D1 . 54104000 dd analyze.00401054 004012D5 . 06 db 06 004012D6 . 53 79 73 74 6>ascii "System" 004012DC . E0124000 dd analyze.004012E0 004012E0 04 db 04 004012E1 . 09 db 09 004012E2 . 54 44 61 74 6>ascii "TDateTime" 004012EB 01 db 01 004012EC $- FF25 1C425100 jmp dword ptr [<&kernel32.CloseHandl>; kernel32.CloseHandle 004012F2 8BC0 mov eax, eax 004012F4 $- FF25 18425100 jmp dword ptr [<&kernel32.CreateFile>; kernel32.CreateFileA 004012FA 8BC0 mov eax, eax 004012FC $- FF25 14425100 jmp dword ptr [<&kernel32.GetFileTyp>; kernel32.GetFileType 00401302 8BC0 mov eax, eax 00401304 $- FF25 10425100 jmp dword ptr [<&kernel32.GetFileSiz>; kernel32.GetFileSize 0040130A 8BC0 mov eax, eax 0040130C $- FF25 0C425100 jmp dword ptr [<&kernel32.GetStdHand>; kernel32.GetStdHandle 00401312 8BC0 mov eax, eax 00401314 .- FF25 08425100 jmp dword ptr [<&kernel32.RaiseExcep>; kernel32.RaiseException 0040131A 8BC0 mov eax, eax 0040131C $- FF25 04425100 jmp dword ptr [<&kernel32.ReadFile>] ; kernel32.ReadFile 00401322 8BC0 mov eax, eax 00401324 .- FF25 00425100 jmp dword ptr [<&kernel32.RtlUnwind>>; ntdll.RtlUnwind 0040132A 8BC0 mov eax, eax 0040132C $- FF25 FC415100 jmp dword ptr [<&kernel32.SetEndOfFi>; kernel32.SetEndOfFile 00401332 8BC0 mov eax, eax 00401334 $- FF25 F8415100 jmp dword ptr [<&kernel32.SetFilePoi>; kernel32.SetFilePointer 0040133A 8BC0 mov eax, eax 0040133C $- FF25 F4415100 jmp dword ptr [<&kernel32.UnhandledE>; kernel32.UnhandledExceptionFilter 00401342 8BC0 mov eax, eax 00401344 $- FF25 F0415100 jmp dword ptr [<&kernel32.WriteFile>>; kernel32.WriteFile 0040134A 8BC0 mov eax, eax 0040134C $- FF25 30425100 jmp dword ptr [<&user32.CharNextA>] ; user32.CharNextA 00401352 8BC0 mov eax, eax 00401354 .- FF25 EC415100 jmp dword ptr [<&kernel32.ExitProces>; kernel32.ExitProcess 0040135A 8BC0 mov eax, eax 0040135C $- FF25 2C425100 jmp dword ptr [<&user32.MessageBoxA>>; user32.MessageBoxA 00401362 8BC0 mov eax, eax 00401364 $- FF25 E8415100 jmp dword ptr [<&kernel32.FindClose>>; kernel32.FindClose 0040136A 8BC0 mov eax, eax 0040136C $- FF25 E4415100 jmp dword ptr [<&kernel32.FindFirstF>; kernel32.FindFirstFileA 00401372 8BC0 mov eax, eax 00401374 $- FF25 E0415100 jmp dword ptr [<&kernel32.FreeLibrar>; kernel32.FreeLibrary 0040137A 8BC0 mov eax, eax 0040137C $- FF25 DC415100 jmp dword ptr [<&kernel32.GetCommand>; kernel32.GetCommandLineA 00401382 8BC0 mov eax, eax 00401384 $- FF25 D8415100 jmp dword ptr [<&kernel32.GetLastErr>; ntdll.RtlGetLastWin32Error 0040138A 8BC0 mov eax, eax 0040138C $- FF25 D4415100 jmp dword ptr [<&kernel32.GetLocaleI>; kernel32.GetLocaleInfoA 00401392 8BC0 mov eax, eax 00401394 $- FF25 D0415100 jmp dword ptr [<&kernel32.GetModuleF>; kernel32.GetModuleFileNameA 0040139A 8BC0 mov eax, eax 0040139C $- FF25 CC415100 jmp dword ptr [<&kernel32.GetModuleH>; kernel32.GetModuleHandleA 004013A2 8BC0 mov eax, eax 004013A4 $- FF25 C8415100 jmp dword ptr [<&kernel32.GetProcAdd>; kernel32.GetProcAddress 004013AA 8BC0 mov eax, eax 004013AC $- FF25 C4415100 jmp dword ptr [<&kernel32.GetStartup>; kernel32.GetStartupInfoA 004013B2 8BC0 mov eax, eax 004013B4 $- FF25 C0415100 jmp dword ptr [<&kernel32.GetThreadL>; kernel32.GetThreadLocale 004013BA 8BC0 mov eax, eax 004013BC $- FF25 BC415100 jmp dword ptr [<&kernel32.LoadLibrar>; kernel32.LoadLibraryExA 004013C2 8BC0 mov eax, eax 004013C4 $- FF25 28425100 jmp dword ptr [<&user32.LoadStringA>>; user32.LoadStringA 004013CA 8BC0 mov eax, eax 004013CC $- FF25 B8415100 jmp dword ptr [<&kernel32.lstrcpynA>>; kernel32.lstrcpynA 004013D2 8BC0 mov eax, eax 004013D4 $- FF25 B4415100 jmp dword ptr [<&kernel32.lstrlenA>] ; kernel32.lstrlenA 004013DA 8BC0 mov eax, eax 004013DC $- FF25 B0415100 jmp dword ptr [<&kernel32.MultiByteT>; kernel32.MultiByteToWideChar 004013E2 8BC0 mov eax, eax 004013E4 $- FF25 40425100 jmp dword ptr [<&advapi32.RegCloseKe>; advapi32.RegCloseKey 004013EA 8BC0 mov eax, eax 004013EC $- FF25 3C425100 jmp dword ptr [<&advapi32.RegOpenKey>; advapi32.RegOpenKeyExA 004013F2 8BC0 mov eax, eax 004013F4 $- FF25 38425100 jmp dword ptr [<&advapi32.RegQueryVa>; advapi32.RegQueryValueExA 004013FA 8BC0 mov eax, eax 004013FC $- FF25 AC415100 jmp dword ptr [<&kernel32.WideCharTo>; kernel32.WideCharToMultiByte 00401402 8BC0 mov eax, eax 00401404 $- FF25 A8415100 jmp dword ptr [<&kernel32.VirtualQue>; kernel32.VirtualQuery 0040140A 8BC0 mov eax, eax 0040140C $- FF25 50425100 jmp dword ptr [<&oleaut32.SysAllocSt>; oleaut32.SysAllocStringLen 00401412 8BC0 mov eax, eax 00401414 $- FF25 4C425100 jmp dword ptr [<&oleaut32.SysReAlloc>; oleaut32.SysReAllocStringLen 0040141A 8BC0 mov eax, eax 0040141C $- FF25 48425100 jmp dword ptr [<&oleaut32.SysFreeStr>; oleaut32.SysFreeString 00401422 8BC0 mov eax, eax 00401424 $- FF25 A4415100 jmp dword ptr [<&kernel32.Interlocke>; kernel32.InterlockedIncrement 0040142A 8BC0 mov eax, eax 0040142C $- FF25 A0415100 jmp dword ptr [<&kernel32.Interlocke>; kernel32.InterlockedDecrement 00401432 8BC0 mov eax, eax 00401434 $- FF25 9C415100 jmp dword ptr [<&kernel32.GetCurrent>; kernel32.GetCurrentThreadId 0040143A 8BC0 mov eax, eax 0040143C /$ 53 push ebx 0040143D \|. 83C4 BC add esp, -44 00401440 \|. BB 0A000000 mov ebx, 0A 00401445 \|. 54 push esp ; /pStartupinfo 00401446 \|. E8 61FFFFFF call <jmp.&kernel32.GetStartupInfoA> ; \GetStartupInfoA 0040144B \|. F64424 2C 01 test byte ptr [esp+2C], 1 00401450 \|. 74 05 je short 00401457 00401452 \|. 0FB75C24 30 movzx ebx, word ptr [esp+30] 00401457 \|> 8BC3 mov eax, ebx 00401459 \|. 83C4 44 add esp, 44 0040145C \|. 5B pop ebx 0040145D \. C3 retn 0040145E 8BC0 mov eax, eax 00401460 $- FF25 98415100 jmp dword ptr [<&kernel32.LocalAlloc>; kernel32.LocalAlloc 00401466 8BC0 mov eax, eax 00401468 $- FF25 94415100 jmp dword ptr [<&kernel32.LocalFree>>; kernel32.LocalFree 0040146E 8BC0 mov eax, eax 00401470 $- FF25 90415100 jmp dword ptr [<&kernel32.VirtualAll>; kernel32.VirtualAlloc 00401476 8BC0 mov eax, eax 00401478 $- FF25 8C415100 jmp dword ptr [<&kernel32.VirtualFre>; kernel32.VirtualFree 0040147E 8BC0 mov eax, eax 00401480 $- FF25 88415100 jmp dword ptr [<&kernel32.Initialize>; kernel32.InitializeCriticalSection 00401486 8BC0 mov eax, eax 00401488 $- FF25 84415100 jmp dword ptr [<&kernel32.EnterCriti>; ntdll.RtlEnterCriticalSection 0040148E 8BC0 mov eax, eax 00401490 $- FF25 80415100 jmp dword ptr [<&kernel32.LeaveCriti>; ntdll.RtlLeaveCriticalSection 00401496 8BC0 mov eax, eax 00401498 $- FF25 7C415100 jmp dword ptr [<&kernel32.DeleteCrit>; ntdll.RtlDeleteCriticalSection 0040149E 8BC0 mov eax, eax 004014A0 /$ 53 push ebx 004014A1 \|. 56 push esi 004014A2 \|. BE E4355100 mov esi, 005135E4 004014A7 \|. 833E 00 cmp dword ptr [esi], 0 004014AA \|. 75 3A jnz short 004014E6 004014AC \|. 68 44060000 push 644 ; /Size = 644 (1604.) 004014B1 \|. 6A 00 push 0 ; \|Flags = LMEM_FIXED 004014B3 \|. E8 A8FFFFFF call <jmp.&kernel32.LocalAlloc> ; \LocalAlloc 004014B8 \|. 8BC8 mov ecx, eax 004014BA \|. 85C9 test ecx, ecx 004014BC \|. 75 05 jnz short 004014C3 004014BE \|. 33C0 xor eax, eax 004014C0 \|. 5E pop esi 004014C1 \|. 5B pop ebx 004014C2 \|. C3 retn 004014C3 \|> A1 E0355100 mov eax, dword ptr [5135E0] 004014C8 \|. 8901 mov dword ptr [ecx], eax 004014CA \|. 890D E0355100 mov dword ptr [5135E0], ecx 004014D0 \|. 33D2 xor edx, edx 004014D2 \|> 8BC2 /mov eax, edx 004014D4 \|. 03C0 \|add eax, eax 004014D6 \|. 8D44C1 04 \|lea eax, dword ptr [ecx+eax*8+4] 004014DA \|. 8B1E \|mov ebx, dword ptr [esi] 004014DC \|. 8918 \|mov dword ptr [eax], ebx 004014DE \|. 8906 \|mov dword ptr [esi], eax 004014E0 \|. 42 \|inc edx 004014E1 \|. 83FA 64 \|cmp edx, 64 004014E4 \|.^ 75 EC \jnz short 004014D2 004014E6 \|> 8B06 mov eax, dword ptr [esi] 004014E8 \|. 8B10 mov edx, dword ptr [eax] 004014EA \|. 8916 mov dword ptr [esi], edx 004014EC \|. 5E pop esi 004014ED \|. 5B pop ebx 004014EE \. C3 retn 004014EF 90 nop 004014F0 /$ 8900 mov dword ptr [eax], eax 004014F2 \|. 8940 04 mov dword ptr [eax+4], eax 004014F5 \. C3 retn 004014F6 8BC0 mov eax, eax 004014F8 /$ 53 push ebx 004014F9 \|. 56 push esi 004014FA \|. 8BF2 mov esi, edx 004014FC \|. 8BD8 mov ebx, eax 004014FE \|. E8 9DFFFFFF call 004014A0 00401503 \|. 85C0 test eax, eax 00401505 \|. 75 05 jnz short 0040150C 00401507 \|. 33C0 xor eax, eax 00401509 \|. 5E pop esi 0040150A \|. 5B pop ebx 0040150B \|. C3 retn 0040150C \|> 8B16 mov edx, dword ptr [esi] 0040150E \|. 8950 08 mov dword ptr [eax+8], edx 00401511 \|. 8B56 04 mov edx, dword ptr [esi+4] 00401514 \|. 8950 0C mov dword ptr [eax+C], edx 00401517 \|. 8B13 mov edx, dword ptr [ebx] 00401519 \|. 8910 mov dword ptr [eax], edx 0040151B \|. 8958 04 mov dword ptr [eax+4], ebx 0040151E \|. 8942 04 mov dword ptr [edx+4], eax 00401521 \|. 8903 mov dword ptr [ebx], eax 00401523 \|. B0 01 mov al, 1 00401525 \|. 5E pop esi 00401526 \|. 5B pop ebx 00401527 \. C3 retn 00401528 /$ 8B50 04 mov edx, dword ptr [eax+4] 0040152B \|. 8B08 mov ecx, dword ptr [eax] 0040152D \|. 890A mov dword ptr [edx], ecx 0040152F \|. 8951 04 mov dword ptr [ecx+4], edx 00401532 \|. 8B15 E4355100 mov edx, dword ptr [5135E4] 00401538 \|. 8910 mov dword ptr [eax], edx 0040153A \|. A3 E4355100 mov dword ptr [5135E4], eax 0040153F \. C3 retn 00401540 /$ 53 push ebx 00401541 \|. 56 push esi 00401542 \|. 57 push edi 00401543 \|. 55 push ebp 00401544 \|. 51 push ecx 00401545 \|. 8BF1 mov esi, ecx 00401547 \|. 891424 mov dword ptr [esp], edx 0040154A \|. 8BE8 mov ebp, eax 0040154C \|. 8B5D 00 mov ebx, dword ptr [ebp] 0040154F \|. 8B0424 mov eax, dword ptr [esp] 00401552 \|. 8B10 mov edx, dword ptr [eax] 00401554 \|. 8916 mov dword ptr [esi], edx 00401556 \|. 8B50 04 mov edx, dword ptr [eax+4] 00401559 \|. 8956 04 mov dword ptr [esi+4], edx 0040155C \|> 8B3B /mov edi, dword ptr [ebx] 0040155E \|. 8B06 \|mov eax, dword ptr [esi] 00401560 \|. 8B53 08 \|mov edx, dword ptr [ebx+8] 00401563 \|. 0353 0C \|add edx, dword ptr [ebx+C] 00401566 \|. 3BC2 \|cmp eax, edx 00401568 \|. 75 14 \|jnz short 0040157E 0040156A \|. 8BC3 \|mov eax, ebx 0040156C \|. E8 B7FFFFFF \|call 00401528 00401571 \|. 8B43 08 \|mov eax, dword ptr [ebx+8] 00401574 \|. 8906 \|mov dword ptr [esi], eax 00401576 \|. 8B43 0C \|mov eax, dword ptr [ebx+C] 00401579 \|. 0146 04 \|add dword ptr [esi+4], eax 0040157C \|. EB 15 \|jmp short 00401593 0040157E \|> 0346 04 \|add eax, dword ptr [esi+4] 00401581 \|. 3B43 08 \|cmp eax, dword ptr [ebx+8] 00401584 \|. 75 0D \|jnz short 00401593 00401586 \|. 8BC3 \|mov eax, ebx 00401588 \|. E8 9BFFFFFF \|call 00401528 0040158D \|. 8B43 0C \|mov eax, dword ptr [ebx+C] 00401590 \|. 0146 04 \|add dword ptr [esi+4], eax 00401593 \|> 8BDF \|mov ebx, edi 00401595 \|. 3BEB \|cmp ebp, ebx 00401597 \|.^ 75 C3 \jnz short 0040155C 00401599 \|. 8BD6 mov edx, esi 0040159B \|. 8BC5 mov eax, ebp 0040159D \|. E8 56FFFFFF call 004014F8 004015A2 \|. 84C0 test al, al 004015A4 \|. 75 04 jnz short 004015AA 004015A6 \|. 33C0 xor eax, eax 004015A8 \|. 8906 mov dword ptr [esi], eax 004015AA \|> 5A pop edx 004015AB \|. 5D pop ebp 004015AC \|. 5F pop edi 004015AD \|. 5E pop esi 004015AE \|. 5B pop ebx 004015AF \. C3 retn 004015B0 /$ 53 push ebx 004015B1 \|. 56 push esi 004015B2 \|. 57 push edi 004015B3 \|. 55 push ebp 004015B4 \|. 83C4 F8 add esp, -8 004015B7 \|. 8BD8 mov ebx, eax 004015B9 \|. 8BFB mov edi, ebx 004015BB \|> 8B32 /mov esi, dword ptr [edx] 004015BD \|. 8B43 08 \|mov eax, dword ptr [ebx+8] 004015C0 \|. 3BF0 \|cmp esi, eax 004015C2 \|. 72 70 \|jb short 00401634 004015C4 \|. 8BCE \|mov ecx, esi 004015C6 \|. 034A 04 \|add ecx, dword ptr [edx+4] 004015C9 \|. 8BE8 \|mov ebp, eax 004015CB \|. 036B 0C \|add ebp, dword ptr [ebx+C] 004015CE \|. 3BCD \|cmp ecx, ebp 004015D0 \|. 77 62 \|ja short 00401634 004015D2 \|. 3BF0 \|cmp esi, eax 004015D4 \|. 75 1B \|jnz short 004015F1 004015D6 \|. 8B42 04 \|mov eax, dword ptr [edx+4] 004015D9 \|. 0143 08 \|add dword ptr [ebx+8], eax 004015DC \|. 8B42 04 \|mov eax, dword ptr [edx+4] 004015DF \|. 2943 0C \|sub dword ptr [ebx+C], eax 004015E2 \|. 837B 0C 00 \|cmp dword ptr [ebx+C], 0 004015E6 \|. 75 48 \|jnz short 00401630 004015E8 \|. 8BC3 \|mov eax, ebx 004015EA \|. E8 39FFFFFF \|call 00401528 004015EF \|. EB 3F \|jmp short 00401630 004015F1 \|> 8BCE \|mov ecx, esi 004015F3 \|. 8B7A 04 \|mov edi, dword ptr [edx+4] 004015F6 \|. 03CF \|add ecx, edi 004015F8 \|. 8BE8 \|mov ebp, eax 004015FA \|. 036B 0C \|add ebp, dword ptr [ebx+C] 004015FD \|. 3BCD \|cmp ecx, ebp 004015FF \|. 75 05 \|jnz short 00401606 00401601 \|. 297B 0C \|sub dword ptr [ebx+C], edi 00401604 \|. EB 2A \|jmp short 00401630 00401606 \|> 8B0A \|mov ecx, dword ptr [edx] 00401608 \|. 034A 04 \|add ecx, dword ptr [edx+4] 0040160B \|. 890C24 \|mov dword ptr [esp], ecx 0040160E \|. 8B7B 08 \|mov edi, dword ptr [ebx+8] 00401611 \|. 037B 0C \|add edi, dword ptr [ebx+C] 00401614 \|. 2BF9 \|sub edi, ecx 00401616 \|. 897C24 04 \|mov dword ptr [esp+4], edi 0040161A \|. 2BF0 \|sub esi, eax 0040161C \|. 8973 0C \|mov dword ptr [ebx+C], esi 0040161F \|. 8BD4 \|mov edx, esp 00401621 \|. 8BC3 \|mov eax, ebx 00401623 \|. E8 D0FEFFFF \|call 004014F8 00401628 \|. 84C0 \|test al, al 0040162A \|. 75 04 \|jnz short 00401630 0040162C \|. 33C0 \|xor eax, eax 0040162E \|. EB 0C \|jmp short 0040163C 00401630 \|> B0 01 \|mov al, 1 00401632 \|. EB 08 \|jmp short 0040163C 00401634 \|> 8B1B \|mov ebx, dword ptr [ebx] 00401636 \|. 3BFB \|cmp edi, ebx 00401638 \|.^ 75 81 \jnz short 004015BB 0040163A \|. 33C0 xor eax, eax 0040163C \|> 59 pop ecx 0040163D \|. 5A pop edx 0040163E \|. 5D pop ebp 0040163F \|. 5F pop edi 00401640 \|. 5E pop esi 00401641 \|. 5B pop ebx 00401642 \. C3 retn 00401643 90 nop 00401644 /$ 53 push ebx 00401645 \|. 56 push esi 00401646 \|. 57 push edi 00401647 \|. 8BDA mov ebx, edx 00401649 \|. 8BF0 mov esi, eax 0040164B \|. 81FE 00001000 cmp esi, 100000 00401651 \|. 7D 07 jge short 0040165A 00401653 \|. BE 00001000 mov esi, 100000 00401658 \|. EB 0C jmp short 00401666 0040165A \|> 81C6 FFFF0000 add esi, 0FFFF 00401660 \|. 81E6 0000FFFF and esi, FFFF0000 00401666 \|> 8973 04 mov dword ptr [ebx+4], esi 00401669 \|. 6A 01 push 1 ; /Protect = PAGE_NOACCESS 0040166B \|. 68 00200000 push 2000 ; \|AllocationType = MEM_RESERVE 00401670 \|. 56 push esi ; \|Size 00401671 \|. 6A 00 push 0 ; \|Address = NULL 00401673 \|. E8 F8FDFFFF call <jmp.&kernel32.VirtualAlloc> ; \VirtualAlloc 00401678 \|. 8BF8 mov edi, eax 0040167A \|. 893B mov dword ptr [ebx], edi 0040167C \|. 85FF test edi, edi 0040167E \|. 74 23 je short 004016A3 00401680 \|. 8BD3 mov edx, ebx 00401682 \|. B8 E8355100 mov eax, 005135E8 00401687 \|. E8 6CFEFFFF call 004014F8 0040168C \|. 84C0 test al, al 0040168E \|. 75 13 jnz short 004016A3 00401690 \|. 68 00800000 push 8000 ; /FreeType = MEM_RELEASE 00401695 \|. 6A 00 push 0 ; \|Size = 0 00401697 \|. 8B03 mov eax, dword ptr [ebx] ; \| 00401699 \|. 50 push eax ; \|Address 0040169A \|. E8 D9FDFFFF call <jmp.&kernel32.VirtualFree> ; \VirtualFree 0040169F \|. 33C0 xor eax, eax 004016A1 \|. 8903 mov dword ptr [ebx], eax 004016A3 \|> 5F pop edi 004016A4 \|. 5E pop esi 004016A5 \|. 5B pop ebx 004016A6 \. C3 retn 004016A7 90 nop 004016A8 /$ 53 push ebx 004016A9 \|. 56 push esi 004016AA \|. 57 push edi 004016AB \|. 55 push ebp 004016AC \|. 8BD9 mov ebx, ecx 004016AE \|. 8BF2 mov esi, edx 004016B0 \|. 8BE8 mov ebp, eax 004016B2 \|. C743 04 00001>mov dword ptr [ebx+4], 100000 004016B9 \|. 6A 04 push 4 ; /Protect = PAGE_READWRITE 004016BB \|. 68 00200000 push 2000 ; \|AllocationType = MEM_RESERVE 004016C0 \|. 68 00001000 push 100000 ; \|Size = 100000 (1048576.) 004016C5 \|. 55 push ebp ; \|Address 004016C6 \|. E8 A5FDFFFF call <jmp.&kernel32.VirtualAlloc> ; \VirtualAlloc 004016CB \|. 8BF8 mov edi, eax 004016CD \|. 893B mov dword ptr [ebx], edi 004016CF \|. 85FF test edi, edi 004016D1 \|. 75 1F jnz short 004016F2 004016D3 \|. 81C6 FFFF0000 add esi, 0FFFF 004016D9 \|. 81E6 0000FFFF and esi, FFFF0000 004016DF \|. 8973 04 mov dword ptr [ebx+4], esi 004016E2 \|. 6A 04 push 4 ; /Protect = PAGE_READWRITE 004016E4 \|. 68 00200000 push 2000 ; \|AllocationType = MEM_RESERVE 004016E9 \|. 56 push esi ; \|Size 004016EA \|. 55 push ebp ; \|Address 004016EB \|. E8 80FDFFFF call <jmp.&kernel32.VirtualAlloc> ; \VirtualAlloc 004016F0 \|. 8903 mov dword ptr [ebx], eax 004016F2 \|> 833B 00 cmp dword ptr [ebx], 0 004016F5 \|. 74 23 je short 0040171A 004016F7 \|. 8BD3 mov edx, ebx 004016F9 \|. B8 E8355100 mov eax, 005135E8 004016FE \|. E8 F5FDFFFF call 004014F8 00401703 \|. 84C0 test al, al 00401705 \|. 75 13 jnz short 0040171A 00401707 \|. 68 00800000 push 8000 ; /FreeType = MEM_RELEASE 0040170C \|. 6A 00 push 0 ; \|Size = 0 0040170E \|. 8B03 mov eax, dword ptr [ebx] ; \| 00401710 \|. 50 push eax ; \|Address 00401711 \|. E8 62FDFFFF call <jmp.&kernel32.VirtualFree> ; \VirtualFree 00401716 \|. 33C0 xor eax, eax 00401718 \|. 8903 mov dword ptr [ebx], eax 0040171A \|> 5D pop ebp 0040171B \|. 5F pop edi 0040171C \|. 5E pop esi 0040171D \|. 5B pop ebx 0040171E \. C3 retn 0040171F 90 nop 00401720 /$ 53 push ebx 00401721 \|. 56 push esi 00401722 \|. 57 push edi 00401723 \|. 55 push ebp 00401724 \|. 83C4 EC add esp, -14 00401727 \|. 894C24 04 mov dword ptr [esp+4], ecx 0040172B \|. 891424 mov dword ptr [esp], edx 0040172E \|. C74424 08 FFF>mov dword ptr [esp+8], -1 00401736 \|. 33D2 xor edx, edx 00401738 \|. 895424 0C mov dword ptr [esp+C], edx 0040173C \|. 8BE8 mov ebp, eax 0040173E \|. 8B0424 mov eax, dword ptr [esp] 00401741 \|. 03C5 add eax, ebp 00401743 \|. 894424 10 mov dword ptr [esp+10], eax 00401747 \|. 8B1D E8355100 mov ebx, dword ptr [5135E8] 0040174D \|. EB 51 jmp short 004017A0 0040174F \|> 8B3B /mov edi, dword ptr [ebx] 00401751 \|. 8B73 08 \|mov esi, dword ptr [ebx+8] 00401754 \|. 3BEE \|cmp ebp, esi 00401756 \|. 77 46 \|ja short 0040179E 00401758 \|. 8BC6 \|mov eax, esi 0040175A \|. 0343 0C \|add eax, dword ptr [ebx+C] 0040175D \|. 3B4424 10 \|cmp eax, dword ptr [esp+10] 00401761 \|. 77 3B \|ja short 0040179E 00401763 \|. 3B7424 08 \|cmp esi, dword ptr [esp+8] 00401767 \|. 73 04 \|jnb short 0040176D 00401769 \|. 897424 08 \|mov dword ptr [esp+8], esi 0040176D \|> 8BC6 \|mov eax, esi 0040176F \|. 0343 0C \|add eax, dword ptr [ebx+C] 00401772 \|. 3B4424 0C \|cmp eax, dword ptr [esp+C] 00401776 \|. 76 04 \|jbe short 0040177C 00401778 \|. 894424 0C \|mov dword ptr [esp+C], eax 2007-7-8 20:06 0
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 9 楼那位大哥能帮忙看看啊 2007-7-8 20:07 0
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 10 楼上面那些是OD里的代码,不全,但自己一点都看不明白,有没有那位大哥,能跟我说说下一步我应该做什么?或是有我下一步相关的教程,多谢各位大哥提供一下. 2007-7-8 21:43 0
shiansa 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 25 粉丝 0 关注私信	shiansa 11 楼看来汇编的知识还是很有用处的啊 2007-7-9 13:29 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

guaiziyang

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (10)
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 2 楼我只能看明的一点点不知道对不对,请大家指点. 这里面是不是有说到,叫我输入密码,密码是用*号显示的,但密码输完以后,又是如何判断,密码是对还是错的呢?如果是错的那又会出现什么事件呢?我实是看不明白,请大家帮忙. 2007-7-8 17:54 0
yzengr 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 162 粉丝 0 关注私信	yzengr 3 楼看不到，这些是资源嘛。程序是用DELPHI写的 2007-7-8 17:56 0
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 4 楼小弟在线等各位大哥给的帮助 2007-7-8 18:01 0
明日雄鹰雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 72 粉丝 0 关注私信	明日雄鹰 5 楼这个我也看不懂你用OD打开看看 2007-7-8 18:05 0
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 6 楼那我想破解这个软件,接下来我应该怎么做呢?还请大哥指教 2007-7-8 18:57 0
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 7 楼 00401000 . /04104000 dd analyze.00401004 00401004 \03 db 03 00401005 . 07 db 07 00401006 . 42 6F 6F 6C 6>ascii "Boolean" 0040100D 01 db 01 0040100E 00 db 00 0040100F 00 db 00 00401010 00 db 00 00401011 00 db 00 00401012 01 db 01 00401013 00 db 00 00401014 00 db 00 00401015 00 db 00 00401016 . 00104000 dd analyze.00401000 0040101A . 05 db 05 0040101B . 46 61 6C 73 6>ascii "False" 00401020 . 04 db 04 00401021 . 54 72 75 65 ascii "True" 00401025 8D40 00 lea eax, dword ptr [eax] 00401028 . 2C104000 dd analyze.0040102C 0040102C 02 db 02 0040102D . 04 db 04 0040102E . 43 68 61 72 ascii "Char" 00401032 01 db 01 00401033 00 db 00 00401034 00 db 00 00401035 00 db 00 00401036 00 db 00 00401037 FF db FF 00401038 00 db 00 00401039 00 db 00 0040103A 00 db 00 0040103B 90 db 90 0040103C . 40104000 dd analyze.00401040 00401040 01 db 01 00401041 . 08 db 08 00401042 . 53 6D 61 6C 6>ascii "Smallint" 0040104A 02 db 02 0040104B 00 db 00 0040104C 80 db 80 0040104D FF db FF 0040104E FF db FF 0040104F FF db FF 00401050 7F db 7F 00401051 00 db 00 00401052 00 db 00 00401053 90 db 90 00401054 . 58104000 dd analyze.00401058 00401058 01 db 01 00401059 . 07 db 07 0040105A . 49 6E 74 65 6>ascii "Integer" 00401061 04 db 04 00401062 00 db 00 00401063 00 db 00 00401064 00 db 00 00401065 80 db 80 00401066 FF db FF 00401067 FF db FF 00401068 FF db FF 00401069 7F db 7F 0040106A 8BC0 mov eax, eax 0040106C . 70104000 dd analyze.00401070 00401070 01 db 01 00401071 . 04 db 04 00401072 . 42 79 74 65 ascii "Byte" 00401076 01 db 01 00401077 00 db 00 00401078 00 db 00 00401079 00 db 00 0040107A 00 db 00 0040107B FF db FF 0040107C 00 db 00 0040107D 00 db 00 0040107E 00 db 00 0040107F 90 db 90 00401080 . 84104000 dd analyze.00401084 00401084 01 db 01 00401085 . 04 db 04 00401086 . 57 6F 72 64 ascii "Word" 0040108A 03 db 03 0040108B 00 db 00 0040108C 00 db 00 0040108D 00 db 00 0040108E 00 db 00 0040108F FF db FF 00401090 FF db FF 00401091 00 db 00 00401092 00 db 00 00401093 90 db 90 00401094 . 98104000 dd analyze.00401098 00401098 04 db 04 00401099 . 08 db 08 0040109A . 45 78 74 65 6>ascii "Extended" 004010A2 02 db 02 004010A3 90 db 90 004010A4 . A8104000 dd analyze.004010A8 004010A8 01 db 01 004010A9 . 08 db 08 004010AA . 43 61 72 64 6>ascii "Cardinal" 004010B2 05 db 05 004010B3 00 db 00 004010B4 00 db 00 004010B5 00 db 00 004010B6 00 db 00 004010B7 FF db FF 004010B8 FF db FF 004010B9 FF db FF 004010BA FF db FF 004010BB 90 db 90 004010BC . C0104000 dd analyze.004010C0 004010C0 10 db 10 004010C1 . 05 db 05 004010C2 . 49 6E 74 36 3>ascii "Int64" 004010C7 00 db 00 004010C8 00 db 00 004010C9 00 db 00 004010CA 00 db 00 004010CB 00 db 00 004010CC 00 db 00 004010CD 00 db 00 004010CE 80 db 80 004010CF FF db FF 004010D0 FF db FF 004010D1 FF db FF 004010D2 FF db FF 004010D3 FF db FF 004010D4 FF db FF 004010D5 FF db FF 004010D6 7F db 7F 004010D7 90 db 90 004010D8 . DC104000 dd analyze.004010DC 004010DC 04 db 04 004010DD . 06 db 06 004010DE . 44 6F 75 62 6>ascii "Double" 004010E4 01 db 01 004010E5 8D40 00 lea eax, dword ptr [eax] 004010E8 . EC104000 dd analyze.004010EC 004010EC 04 db 04 004010ED . 08 db 08 004010EE . 43 75 72 72 6>ascii "Currency" 004010F6 04 db 04 004010F7 90 db 90 004010F8 . FC104000 dd analyze.004010FC 004010FC 0A db 0A 004010FD . 06 db 06 004010FE . 53 74 72 69 6>ascii "String" 00401104 . 08114000 dd analyze.00401108 00401108 0B db 0B 00401109 . 0A db 0A 0040110A . 57 69 64 65 5>ascii "WideString" 00401114 . 18114000 dd analyze.00401118 00401118 0C db 0C 00401119 . 07 db 07 0040111A . 56 61 72 69 6>ascii "Variant" 00401121 8D40 00 lea eax, dword ptr [eax] 00401124 . 28114000 dd analyze.00401128 00401128 0C db 0C 00401129 . 0A db 0A 0040112A . 4F 6C 65 56 6>ascii "OleVariant" 00401134 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401138 00 db 00 00401139 00 db 00 0040113A 00 db 00 0040113B 00 db 00 0040113C 00 db 00 0040113D 00 db 00 0040113E 00 db 00 0040113F 00 db 00 00401140 00 db 00 00401141 00 db 00 00401142 00 db 00 00401143 00 db 00 00401144 00 db 00 00401145 00 db 00 00401146 00 db 00 00401147 00 db 00 00401148 00 db 00 00401149 00 db 00 0040114A 00 db 00 0040114B 00 db 00 0040114C 00 db 00 0040114D 00 db 00 0040114E 00 db 00 0040114F 00 db 00 00401150 00 db 00 00401151 00 db 00 00401152 00 db 00 00401153 00 db 00 00401154 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401158 04 db 04 00401159 00 db 00 0040115A 00 db 00 0040115B 00 db 00 0040115C 00 db 00 0040115D 00 db 00 0040115E 00 db 00 0040115F 00 db 00 00401160 . 483B4000 dd analyze.00403B48 ; 入口地址 00401164 . 543B4000 dd analyze.00403B54 ; 入口地址 00401168 . 583B4000 dd analyze.00403B58 ; 入口地址 0040116C . 5C3B4000 dd analyze.00403B5C 00401170 . 503B4000 dd analyze.00403B50 ; 入口地址 00401174 . 98384000 dd analyze.00403898 ; 入口地址 00401178 . B4384000 dd analyze.004038B4 ; 入口地址 0040117C . F0384000 dd analyze.004038F0 ; 入口地址 00401000 . /04104000 dd analyze.00401004 00401004 \03 db 03 00401005 . 07 db 07 00401006 . 42 6F 6F 6C 6>ascii "Boolean" 0040100D 01 db 01 0040100E 00 db 00 0040100F 00 db 00 00401010 00 db 00 00401011 00 db 00 00401012 01 db 01 00401013 00 db 00 00401014 00 db 00 00401015 00 db 00 00401016 . 00104000 dd analyze.00401000 0040101A . 05 db 05 0040101B . 46 61 6C 73 6>ascii "False" 00401020 . 04 db 04 00401021 . 54 72 75 65 ascii "True" 00401025 8D40 00 lea eax, dword ptr [eax] 00401028 . 2C104000 dd analyze.0040102C 0040102C 02 db 02 0040102D . 04 db 04 0040102E . 43 68 61 72 ascii "Char" 00401032 01 db 01 00401033 00 db 00 00401034 00 db 00 00401035 00 db 00 00401036 00 db 00 00401037 FF db FF 00401038 00 db 00 00401039 00 db 00 0040103A 00 db 00 0040103B 90 db 90 0040103C . 40104000 dd analyze.00401040 00401040 01 db 01 00401041 . 08 db 08 00401042 . 53 6D 61 6C 6>ascii "Smallint" 0040104A 02 db 02 0040104B 00 db 00 0040104C 80 db 80 0040104D FF db FF 0040104E FF db FF 0040104F FF db FF 00401050 7F db 7F 00401051 00 db 00 00401052 00 db 00 00401053 90 db 90 00401054 . 58104000 dd analyze.00401058 00401058 01 db 01 00401059 . 07 db 07 0040105A . 49 6E 74 65 6>ascii "Integer" 00401061 04 db 04 00401062 00 db 00 00401063 00 db 00 00401064 00 db 00 00401065 80 db 80 00401066 FF db FF 00401067 FF db FF 00401068 FF db FF 00401069 7F db 7F 0040106A 8BC0 mov eax, eax 0040106C . 70104000 dd analyze.00401070 00401070 01 db 01 00401071 . 04 db 04 00401072 . 42 79 74 65 ascii "Byte" 00401076 01 db 01 00401077 00 db 00 00401078 00 db 00 00401079 00 db 00 0040107A 00 db 00 0040107B FF db FF 0040107C 00 db 00 0040107D 00 db 00 0040107E 00 db 00 0040107F 90 db 90 00401080 . 84104000 dd analyze.00401084 00401084 01 db 01 00401085 . 04 db 04 00401086 . 57 6F 72 64 ascii "Word" 0040108A 03 db 03 0040108B 00 db 00 0040108C 00 db 00 0040108D 00 db 00 0040108E 00 db 00 0040108F FF db FF 00401090 FF db FF 00401091 00 db 00 00401092 00 db 00 00401093 90 db 90 00401094 . 98104000 dd analyze.00401098 00401098 04 db 04 00401099 . 08 db 08 0040109A . 45 78 74 65 6>ascii "Extended" 004010A2 02 db 02 004010A3 90 db 90 004010A4 . A8104000 dd analyze.004010A8 004010A8 01 db 01 004010A9 . 08 db 08 004010AA . 43 61 72 64 6>ascii "Cardinal" 004010B2 05 db 05 004010B3 00 db 00 004010B4 00 db 00 004010B5 00 db 00 004010B6 00 db 00 004010B7 FF db FF 004010B8 FF db FF 004010B9 FF db FF 004010BA FF db FF 004010BB 90 db 90 004010BC . C0104000 dd analyze.004010C0 004010C0 10 db 10 004010C1 . 05 db 05 004010C2 . 49 6E 74 36 3>ascii "Int64" 004010C7 00 db 00 004010C8 00 db 00 004010C9 00 db 00 004010CA 00 db 00 004010CB 00 db 00 004010CC 00 db 00 004010CD 00 db 00 004010CE 80 db 80 004010CF FF db FF 004010D0 FF db FF 004010D1 FF db FF 004010D2 FF db FF 004010D3 FF db FF 004010D4 FF db FF 004010D5 FF db FF 004010D6 7F db 7F 004010D7 90 db 90 004010D8 . DC104000 dd analyze.004010DC 004010DC 04 db 04 004010DD . 06 db 06 004010DE . 44 6F 75 62 6>ascii "Double" 004010E4 01 db 01 004010E5 8D40 00 lea eax, dword ptr [eax] 004010E8 . EC104000 dd analyze.004010EC 004010EC 04 db 04 004010ED . 08 db 08 004010EE . 43 75 72 72 6>ascii "Currency" 004010F6 04 db 04 004010F7 90 db 90 004010F8 . FC104000 dd analyze.004010FC 004010FC 0A db 0A 004010FD . 06 db 06 004010FE . 53 74 72 69 6>ascii "String" 00401104 . 08114000 dd analyze.00401108 00401108 0B db 0B 00401109 . 0A db 0A 0040110A . 57 69 64 65 5>ascii "WideString" 00401114 . 18114000 dd analyze.00401118 00401118 0C db 0C 00401119 . 07 db 07 0040111A . 56 61 72 69 6>ascii "Variant" 00401121 8D40 00 lea eax, dword ptr [eax] 00401124 . 28114000 dd analyze.00401128 00401128 0C db 0C 00401129 . 0A db 0A 0040112A . 4F 6C 65 56 6>ascii "OleVariant" 00401134 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401138 00 db 00 00401139 00 db 00 0040113A 00 db 00 0040113B 00 db 00 0040113C 00 db 00 0040113D 00 db 00 0040113E 00 db 00 0040113F 00 db 00 00401140 00 db 00 00401141 00 db 00 00401142 00 db 00 00401143 00 db 00 00401144 00 db 00 00401145 00 db 00 00401146 00 db 00 00401147 00 db 00 00401148 00 db 00 00401149 00 db 00 0040114A 00 db 00 0040114B 00 db 00 0040114C 00 db 00 0040114D 00 db 00 0040114E 00 db 00 0040114F 00 db 00 00401150 00 db 00 00401151 00 db 00 00401152 00 db 00 00401153 00 db 00 00401154 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401158 04 db 04 00401159 00 db 00 0040115A 00 db 00 0040115B 00 db 00 0040115C 00 db 00 0040115D 00 db 00 0040115E 00 db 00 0040115F 00 db 00 00401160 . 483B4000 dd analyze.00403B48 ; 入口地址 00401164 . 543B4000 dd analyze.00403B54 ; 入口地址 00401168 . 583B4000 dd analyze.00403B58 ; 入口地址 0040116C . 5C3B4000 dd analyze.00403B5C 00401170 . 503B4000 dd analyze.00403B50 ; 入口地址 00401174 . 98384000 dd analyze.00403898 ; 入口地址 00401178 . B4384000 dd analyze.004038B4 ; 入口地址 0040117C . F0384000 dd analyze.004038F0 ; 入口地址 00401000 . /04104000 dd analyze.00401004 00401004 \03 db 03 00401005 . 07 db 07 00401006 . 42 6F 6F 6C 6>ascii "Boolean" 0040100D 01 db 01 0040100E 00 db 00 0040100F 00 db 00 00401010 00 db 00 00401011 00 db 00 00401012 01 db 01 00401013 00 db 00 00401014 00 db 00 00401015 00 db 00 00401016 . 00104000 dd analyze.00401000 0040101A . 05 db 05 0040101B . 46 61 6C 73 6>ascii "False" 00401020 . 04 db 04 00401021 . 54 72 75 65 ascii "True" 00401025 8D40 00 lea eax, dword ptr [eax] 00401028 . 2C104000 dd analyze.0040102C 0040102C 02 db 02 0040102D . 04 db 04 0040102E . 43 68 61 72 ascii "Char" 00401032 01 db 01 00401033 00 db 00 00401034 00 db 00 00401035 00 db 00 00401036 00 db 00 00401037 FF db FF 00401038 00 db 00 00401039 00 db 00 0040103A 00 db 00 0040103B 90 db 90 0040103C . 40104000 dd analyze.00401040 00401040 01 db 01 00401041 . 08 db 08 00401042 . 53 6D 61 6C 6>ascii "Smallint" 0040104A 02 db 02 0040104B 00 db 00 0040104C 80 db 80 0040104D FF db FF 0040104E FF db FF 0040104F FF db FF 00401050 7F db 7F 00401051 00 db 00 00401052 00 db 00 00401053 90 db 90 00401054 . 58104000 dd analyze.00401058 00401058 01 db 01 00401059 . 07 db 07 0040105A . 49 6E 74 65 6>ascii "Integer" 00401061 04 db 04 00401062 00 db 00 00401063 00 db 00 00401064 00 db 00 00401065 80 db 80 00401066 FF db FF 00401067 FF db FF 00401068 FF db FF 00401069 7F db 7F 0040106A 8BC0 mov eax, eax 0040106C . 70104000 dd analyze.00401070 00401070 01 db 01 00401071 . 04 db 04 00401072 . 42 79 74 65 ascii "Byte" 00401076 01 db 01 00401077 00 db 00 00401078 00 db 00 00401079 00 db 00 0040107A 00 db 00 0040107B FF db FF 0040107C 00 db 00 0040107D 00 db 00 0040107E 00 db 00 0040107F 90 db 90 00401080 . 84104000 dd analyze.00401084 00401084 01 db 01 00401085 . 04 db 04 00401086 . 57 6F 72 64 ascii "Word" 0040108A 03 db 03 0040108B 00 db 00 0040108C 00 db 00 0040108D 00 db 00 0040108E 00 db 00 0040108F FF db FF 00401090 FF db FF 00401091 00 db 00 00401092 00 db 00 00401093 90 db 90 00401094 . 98104000 dd analyze.00401098 00401098 04 db 04 00401099 . 08 db 08 0040109A . 45 78 74 65 6>ascii "Extended" 004010A2 02 db 02 004010A3 90 db 90 004010A4 . A8104000 dd analyze.004010A8 004010A8 01 db 01 004010A9 . 08 db 08 004010AA . 43 61 72 64 6>ascii "Cardinal" 004010B2 05 db 05 004010B3 00 db 00 004010B4 00 db 00 004010B5 00 db 00 004010B6 00 db 00 004010B7 FF db FF 004010B8 FF db FF 004010B9 FF db FF 004010BA FF db FF 004010BB 90 db 90 004010BC . C0104000 dd analyze.004010C0 004010C0 10 db 10 004010C1 . 05 db 05 004010C2 . 49 6E 74 36 3>ascii "Int64" 004010C7 00 db 00 004010C8 00 db 00 004010C9 00 db 00 004010CA 00 db 00 004010CB 00 db 00 004010CC 00 db 00 004010CD 00 db 00 004010CE 80 db 80 004010CF FF db FF 004010D0 FF db FF 004010D1 FF db FF 004010D2 FF db FF 004010D3 FF db FF 004010D4 FF db FF 004010D5 FF db FF 004010D6 7F db 7F 004010D7 90 db 90 004010D8 . DC104000 dd analyze.004010DC 004010DC 04 db 04 004010DD . 06 db 06 004010DE . 44 6F 75 62 6>ascii "Double" 004010E4 01 db 01 004010E5 8D40 00 lea eax, dword ptr [eax] 004010E8 . EC104000 dd analyze.004010EC 004010EC 04 db 04 004010ED . 08 db 08 004010EE . 43 75 72 72 6>ascii "Currency" 004010F6 04 db 04 004010F7 90 db 90 004010F8 . FC104000 dd analyze.004010FC 004010FC 0A db 0A 004010FD . 06 db 06 004010FE . 53 74 72 69 6>ascii "String" 00401104 . 08114000 dd analyze.00401108 00401108 0B db 0B 00401109 . 0A db 0A 0040110A . 57 69 64 65 5>ascii "WideString" 00401114 . 18114000 dd analyze.00401118 00401118 0C db 0C 00401119 . 07 db 07 0040111A . 56 61 72 69 6>ascii "Variant" 00401121 8D40 00 lea eax, dword ptr [eax] 00401124 . 28114000 dd analyze.00401128 00401128 0C db 0C 00401129 . 0A db 0A 0040112A . 4F 6C 65 56 6>ascii "OleVariant" 00401134 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401138 00 db 00 00401139 00 db 00 0040113A 00 db 00 0040113B 00 db 00 0040113C 00 db 00 0040113D 00 db 00 0040113E 00 db 00 0040113F 00 db 00 00401140 00 db 00 00401141 00 db 00 00401142 00 db 00 00401143 00 db 00 00401144 00 db 00 00401145 00 db 00 00401146 00 db 00 00401147 00 db 00 00401148 00 db 00 00401149 00 db 00 0040114A 00 db 00 0040114B 00 db 00 0040114C 00 db 00 0040114D 00 db 00 0040114E 00 db 00 0040114F 00 db 00 00401150 00 db 00 00401151 00 db 00 00401152 00 db 00 00401153 00 db 00 00401154 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401158 04 db 04 00401159 00 db 00 0040115A 00 db 00 0040115B 00 db 00 0040115C 00 db 00 0040115D 00 db 00 0040115E 00 db 00 0040115F 00 db 00 00401160 . 483B4000 dd analyze.00403B48 ; 入口地址 00401164 . 543B4000 dd analyze.00403B54 ; 入口地址 00401168 . 583B4000 dd analyze.00403B58 ; 入口地址 0040116C . 5C3B4000 dd analyze.00403B5C 00401170 . 503B4000 dd analyze.00403B50 ; 入口地址 00401174 . 98384000 dd analyze.00403898 ; 入口地址 00401178 . B4384000 dd analyze.004038B4 ; 入口地址 0040117C . F0384000 dd analyze.004038F0 ; 入口地址 2007-7-8 20:04 0
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 8 楼 00401180 . 07 db 07 00401181 . 54 4F 62 6A 6>ascii "TObject" 00401188 . 8C114000 dd analyze.0040118C 0040118C 07 db 07 0040118D . 07 db 07 0040118E . 54 4F 62 6A 6>ascii "TObject" 00401195 . 80114000 dd analyze.00401180 ; ASCII 07,"TObject" 00401199 00 db 00 0040119A 00 db 00 0040119B 00 db 00 0040119C 00 db 00 0040119D 00 db 00 0040119E 00 db 00 0040119F . 06 db 06 004011A0 . 53 79 73 74 6>ascii "System" 004011A6 00 db 00 004011A7 00 db 00 004011A8 . AC114000 dd analyze.004011AC 004011AC 0F db 0F 004011AD . 0A db 0A 004011AE . 49 49 6E 74 6>ascii "IInterface" 004011B8 00 db 00 004011B9 00 db 00 004011BA 00 db 00 004011BB 00 db 00 004011BC 01 db 01 004011BD 00 db 00 004011BE 00 db 00 004011BF 00 db 00 004011C0 00 db 00 004011C1 00 db 00 004011C2 00 db 00 004011C3 00 db 00 004011C4 00 db 00 004011C5 C0 db C0 004011C6 00 db 00 004011C7 00 db 00 004011C8 00 db 00 004011C9 00 db 00 004011CA 00 db 00 004011CB 00 db 00 004011CC 46 db 46 ; CHAR 'F' 004011CD . 06 db 06 004011CE . 53 79 73 74 6>ascii "System" 004011D4 03 db 03 004011D5 00 db 00 004011D6 FF db FF 004011D7 FF db FF 004011D8 . DC114000 dd analyze.004011DC 004011DC 0F db 0F 004011DD . 09 db 09 004011DE . 49 44 69 73 7>ascii "IDispatch" 004011E7 . A8114000 dd analyze.004011A8 004011EB 01 db 01 004011EC 00 db 00 004011ED 04 db 04 004011EE 02 db 02 004011EF 00 db 00 004011F0 00 db 00 004011F1 00 db 00 004011F2 00 db 00 004011F3 00 db 00 004011F4 C0 db C0 004011F5 00 db 00 004011F6 00 db 00 004011F7 00 db 00 004011F8 00 db 00 004011F9 00 db 00 004011FA 00 db 00 004011FB 46 db 46 ; CHAR 'F' 004011FC . 06 db 06 004011FD . 53 79 73 74 6>ascii "System" 00401203 04 db 04 00401204 00 db 00 00401205 FF db FF 00401206 FF db FF 00401207 90 nop 00401208 CC int3 00401209 . 834424 04 F8 add dword ptr [esp+4], -8 0040120E . E9 E5530000 jmp 004065F8 00401213 . 834424 04 F8 add dword ptr [esp+4], -8 00401218 . E9 03540000 jmp 00406620 0040121D . 834424 04 F8 add dword ptr [esp+4], -8 00401222 . E9 0D540000 jmp 00406634 00401227 CC db CC 00401228 . 09124000 dd analyze.00401209 0040122C . 13124000 dd analyze.00401213 00401230 . 1D124000 dd analyze.0040121D 00401234 01 db 01 00401235 00 db 00 00401236 00 db 00 00401237 00 db 00 00401238 00 db 00 00401239 00 db 00 0040123A 00 db 00 0040123B 00 db 00 0040123C 00 db 00 0040123D 00 db 00 0040123E 00 db 00 0040123F 00 db 00 00401240 C0 db C0 00401241 00 db 00 00401242 00 db 00 00401243 00 db 00 00401244 00 db 00 00401245 00 db 00 00401246 00 db 00 00401247 46 db 46 ; CHAR 'F' 00401248 . 28124000 dd analyze.00401228 0040124C 08 db 08 0040124D 00 db 00 0040124E 00 db 00 0040124F 00 db 00 00401250 00 db 00 00401251 00 db 00 00401252 00 db 00 00401253 00 db 00 00401254 . A0124000 dd analyze.004012A0 ; ASCII 11,"TInterfacedObject" 00401258 . 34124000 dd analyze.00401234 0040125C 00 db 00 0040125D 00 db 00 0040125E 00 db 00 0040125F 00 db 00 00401260 00 db 00 00401261 00 db 00 00401262 00 db 00 00401263 00 db 00 00401264 00 db 00 00401265 00 db 00 00401266 00 db 00 00401267 00 db 00 00401268 00 db 00 00401269 00 db 00 0040126A 00 db 00 0040126B 00 db 00 0040126C 00 db 00 0040126D 00 db 00 0040126E 00 db 00 0040126F 00 db 00 00401270 00 db 00 00401271 00 db 00 00401272 00 db 00 00401273 00 db 00 00401274 . A0124000 dd analyze.004012A0 ; ASCII 11,"TInterfacedObject" 00401278 0C db 0C 00401279 00 db 00 0040127A 00 db 00 0040127B 00 db 00 0040127C . 34114000 dd analyze.00401134 00401280 . 483B4000 dd analyze.00403B48 ; 入口地址 00401284 . CC654000 dd analyze.004065CC 00401288 . D8654000 dd analyze.004065D8 0040128C . 5C3B4000 dd analyze.00403B5C 00401290 . 503B4000 dd analyze.00403B50 ; 入口地址 00401294 . E8654000 dd analyze.004065E8 00401298 . B4384000 dd analyze.004038B4 ; 入口地址 0040129C . F0384000 dd analyze.004038F0 ; 入口地址 004012A0 . 11 db 11 004012A1 . 54 49 6E 74 6>ascii "TInterfacedObjec" 004012B1 . 74 ascii "t" 004012B2 8BC0 mov eax, eax 004012B4 . B8124000 dd analyze.004012B8 004012B8 11 db 11 004012B9 . 0B db 0B 004012BA . 54 42 6F 75 6>ascii "TBoundArray" 004012C5 04 db 04 004012C6 00 db 00 004012C7 00 db 00 004012C8 00 db 00 004012C9 00 db 00 004012CA 00 db 00 004012CB 00 db 00 004012CC 00 db 00 004012CD 03 db 03 004012CE 00 db 00 004012CF 00 db 00 004012D0 00 db 00 004012D1 . 54104000 dd analyze.00401054 004012D5 . 06 db 06 004012D6 . 53 79 73 74 6>ascii "System" 004012DC . E0124000 dd analyze.004012E0 004012E0 04 db 04 004012E1 . 09 db 09 004012E2 . 54 44 61 74 6>ascii "TDateTime" 004012EB 01 db 01 004012EC $- FF25 1C425100 jmp dword ptr [<&kernel32.CloseHandl>; kernel32.CloseHandle 004012F2 8BC0 mov eax, eax 004012F4 $- FF25 18425100 jmp dword ptr [<&kernel32.CreateFile>; kernel32.CreateFileA 004012FA 8BC0 mov eax, eax 004012FC $- FF25 14425100 jmp dword ptr [<&kernel32.GetFileTyp>; kernel32.GetFileType 00401302 8BC0 mov eax, eax 00401304 $- FF25 10425100 jmp dword ptr [<&kernel32.GetFileSiz>; kernel32.GetFileSize 0040130A 8BC0 mov eax, eax 0040130C $- FF25 0C425100 jmp dword ptr [<&kernel32.GetStdHand>; kernel32.GetStdHandle 00401312 8BC0 mov eax, eax 00401314 .- FF25 08425100 jmp dword ptr [<&kernel32.RaiseExcep>; kernel32.RaiseException 0040131A 8BC0 mov eax, eax 0040131C $- FF25 04425100 jmp dword ptr [<&kernel32.ReadFile>] ; kernel32.ReadFile 00401322 8BC0 mov eax, eax 00401324 .- FF25 00425100 jmp dword ptr [<&kernel32.RtlUnwind>>; ntdll.RtlUnwind 0040132A 8BC0 mov eax, eax 0040132C $- FF25 FC415100 jmp dword ptr [<&kernel32.SetEndOfFi>; kernel32.SetEndOfFile 00401332 8BC0 mov eax, eax 00401334 $- FF25 F8415100 jmp dword ptr [<&kernel32.SetFilePoi>; kernel32.SetFilePointer 0040133A 8BC0 mov eax, eax 0040133C $- FF25 F4415100 jmp dword ptr [<&kernel32.UnhandledE>; kernel32.UnhandledExceptionFilter 00401342 8BC0 mov eax, eax 00401344 $- FF25 F0415100 jmp dword ptr [<&kernel32.WriteFile>>; kernel32.WriteFile 0040134A 8BC0 mov eax, eax 0040134C $- FF25 30425100 jmp dword ptr [<&user32.CharNextA>] ; user32.CharNextA 00401352 8BC0 mov eax, eax 00401354 .- FF25 EC415100 jmp dword ptr [<&kernel32.ExitProces>; kernel32.ExitProcess 0040135A 8BC0 mov eax, eax 0040135C $- FF25 2C425100 jmp dword ptr [<&user32.MessageBoxA>>; user32.MessageBoxA 00401362 8BC0 mov eax, eax 00401364 $- FF25 E8415100 jmp dword ptr [<&kernel32.FindClose>>; kernel32.FindClose 0040136A 8BC0 mov eax, eax 0040136C $- FF25 E4415100 jmp dword ptr [<&kernel32.FindFirstF>; kernel32.FindFirstFileA 00401372 8BC0 mov eax, eax 00401374 $- FF25 E0415100 jmp dword ptr [<&kernel32.FreeLibrar>; kernel32.FreeLibrary 0040137A 8BC0 mov eax, eax 0040137C $- FF25 DC415100 jmp dword ptr [<&kernel32.GetCommand>; kernel32.GetCommandLineA 00401382 8BC0 mov eax, eax 00401384 $- FF25 D8415100 jmp dword ptr [<&kernel32.GetLastErr>; ntdll.RtlGetLastWin32Error 0040138A 8BC0 mov eax, eax 0040138C $- FF25 D4415100 jmp dword ptr [<&kernel32.GetLocaleI>; kernel32.GetLocaleInfoA 00401392 8BC0 mov eax, eax 00401394 $- FF25 D0415100 jmp dword ptr [<&kernel32.GetModuleF>; kernel32.GetModuleFileNameA 0040139A 8BC0 mov eax, eax 0040139C $- FF25 CC415100 jmp dword ptr [<&kernel32.GetModuleH>; kernel32.GetModuleHandleA 004013A2 8BC0 mov eax, eax 004013A4 $- FF25 C8415100 jmp dword ptr [<&kernel32.GetProcAdd>; kernel32.GetProcAddress 004013AA 8BC0 mov eax, eax 004013AC $- FF25 C4415100 jmp dword ptr [<&kernel32.GetStartup>; kernel32.GetStartupInfoA 004013B2 8BC0 mov eax, eax 004013B4 $- FF25 C0415100 jmp dword ptr [<&kernel32.GetThreadL>; kernel32.GetThreadLocale 004013BA 8BC0 mov eax, eax 004013BC $- FF25 BC415100 jmp dword ptr [<&kernel32.LoadLibrar>; kernel32.LoadLibraryExA 004013C2 8BC0 mov eax, eax 004013C4 $- FF25 28425100 jmp dword ptr [<&user32.LoadStringA>>; user32.LoadStringA 004013CA 8BC0 mov eax, eax 004013CC $- FF25 B8415100 jmp dword ptr [<&kernel32.lstrcpynA>>; kernel32.lstrcpynA 004013D2 8BC0 mov eax, eax 004013D4 $- FF25 B4415100 jmp dword ptr [<&kernel32.lstrlenA>] ; kernel32.lstrlenA 004013DA 8BC0 mov eax, eax 004013DC $- FF25 B0415100 jmp dword ptr [<&kernel32.MultiByteT>; kernel32.MultiByteToWideChar 004013E2 8BC0 mov eax, eax 004013E4 $- FF25 40425100 jmp dword ptr [<&advapi32.RegCloseKe>; advapi32.RegCloseKey 004013EA 8BC0 mov eax, eax 004013EC $- FF25 3C425100 jmp dword ptr [<&advapi32.RegOpenKey>; advapi32.RegOpenKeyExA 004013F2 8BC0 mov eax, eax 004013F4 $- FF25 38425100 jmp dword ptr [<&advapi32.RegQueryVa>; advapi32.RegQueryValueExA 004013FA 8BC0 mov eax, eax 004013FC $- FF25 AC415100 jmp dword ptr [<&kernel32.WideCharTo>; kernel32.WideCharToMultiByte 00401402 8BC0 mov eax, eax 00401404 $- FF25 A8415100 jmp dword ptr [<&kernel32.VirtualQue>; kernel32.VirtualQuery 0040140A 8BC0 mov eax, eax 0040140C $- FF25 50425100 jmp dword ptr [<&oleaut32.SysAllocSt>; oleaut32.SysAllocStringLen 00401412 8BC0 mov eax, eax 00401414 $- FF25 4C425100 jmp dword ptr [<&oleaut32.SysReAlloc>; oleaut32.SysReAllocStringLen 0040141A 8BC0 mov eax, eax 0040141C $- FF25 48425100 jmp dword ptr [<&oleaut32.SysFreeStr>; oleaut32.SysFreeString 00401422 8BC0 mov eax, eax 00401424 $- FF25 A4415100 jmp dword ptr [<&kernel32.Interlocke>; kernel32.InterlockedIncrement 0040142A 8BC0 mov eax, eax 0040142C $- FF25 A0415100 jmp dword ptr [<&kernel32.Interlocke>; kernel32.InterlockedDecrement 00401432 8BC0 mov eax, eax 00401434 $- FF25 9C415100 jmp dword ptr [<&kernel32.GetCurrent>; kernel32.GetCurrentThreadId 0040143A 8BC0 mov eax, eax 0040143C /$ 53 push ebx 0040143D \|. 83C4 BC add esp, -44 00401440 \|. BB 0A000000 mov ebx, 0A 00401445 \|. 54 push esp ; /pStartupinfo 00401446 \|. E8 61FFFFFF call <jmp.&kernel32.GetStartupInfoA> ; \GetStartupInfoA 0040144B \|. F64424 2C 01 test byte ptr [esp+2C], 1 00401450 \|. 74 05 je short 00401457 00401452 \|. 0FB75C24 30 movzx ebx, word ptr [esp+30] 00401457 \|> 8BC3 mov eax, ebx 00401459 \|. 83C4 44 add esp, 44 0040145C \|. 5B pop ebx 0040145D \. C3 retn 0040145E 8BC0 mov eax, eax 00401460 $- FF25 98415100 jmp dword ptr [<&kernel32.LocalAlloc>; kernel32.LocalAlloc 00401466 8BC0 mov eax, eax 00401468 $- FF25 94415100 jmp dword ptr [<&kernel32.LocalFree>>; kernel32.LocalFree 0040146E 8BC0 mov eax, eax 00401470 $- FF25 90415100 jmp dword ptr [<&kernel32.VirtualAll>; kernel32.VirtualAlloc 00401476 8BC0 mov eax, eax 00401478 $- FF25 8C415100 jmp dword ptr [<&kernel32.VirtualFre>; kernel32.VirtualFree 0040147E 8BC0 mov eax, eax 00401480 $- FF25 88415100 jmp dword ptr [<&kernel32.Initialize>; kernel32.InitializeCriticalSection 00401486 8BC0 mov eax, eax 00401488 $- FF25 84415100 jmp dword ptr [<&kernel32.EnterCriti>; ntdll.RtlEnterCriticalSection 0040148E 8BC0 mov eax, eax 00401490 $- FF25 80415100 jmp dword ptr [<&kernel32.LeaveCriti>; ntdll.RtlLeaveCriticalSection 00401496 8BC0 mov eax, eax 00401498 $- FF25 7C415100 jmp dword ptr [<&kernel32.DeleteCrit>; ntdll.RtlDeleteCriticalSection 0040149E 8BC0 mov eax, eax 004014A0 /$ 53 push ebx 004014A1 \|. 56 push esi 004014A2 \|. BE E4355100 mov esi, 005135E4 004014A7 \|. 833E 00 cmp dword ptr [esi], 0 004014AA \|. 75 3A jnz short 004014E6 004014AC \|. 68 44060000 push 644 ; /Size = 644 (1604.) 004014B1 \|. 6A 00 push 0 ; \|Flags = LMEM_FIXED 004014B3 \|. E8 A8FFFFFF call <jmp.&kernel32.LocalAlloc> ; \LocalAlloc 004014B8 \|. 8BC8 mov ecx, eax 004014BA \|. 85C9 test ecx, ecx 004014BC \|. 75 05 jnz short 004014C3 004014BE \|. 33C0 xor eax, eax 004014C0 \|. 5E pop esi 004014C1 \|. 5B pop ebx 004014C2 \|. C3 retn 004014C3 \|> A1 E0355100 mov eax, dword ptr [5135E0] 004014C8 \|. 8901 mov dword ptr [ecx], eax 004014CA \|. 890D E0355100 mov dword ptr [5135E0], ecx 004014D0 \|. 33D2 xor edx, edx 004014D2 \|> 8BC2 /mov eax, edx 004014D4 \|. 03C0 \|add eax, eax 004014D6 \|. 8D44C1 04 \|lea eax, dword ptr [ecx+eax*8+4] 004014DA \|. 8B1E \|mov ebx, dword ptr [esi] 004014DC \|. 8918 \|mov dword ptr [eax], ebx 004014DE \|. 8906 \|mov dword ptr [esi], eax 004014E0 \|. 42 \|inc edx 004014E1 \|. 83FA 64 \|cmp edx, 64 004014E4 \|.^ 75 EC \jnz short 004014D2 004014E6 \|> 8B06 mov eax, dword ptr [esi] 004014E8 \|. 8B10 mov edx, dword ptr [eax] 004014EA \|. 8916 mov dword ptr [esi], edx 004014EC \|. 5E pop esi 004014ED \|. 5B pop ebx 004014EE \. C3 retn 004014EF 90 nop 004014F0 /$ 8900 mov dword ptr [eax], eax 004014F2 \|. 8940 04 mov dword ptr [eax+4], eax 004014F5 \. C3 retn 004014F6 8BC0 mov eax, eax 004014F8 /$ 53 push ebx 004014F9 \|. 56 push esi 004014FA \|. 8BF2 mov esi, edx 004014FC \|. 8BD8 mov ebx, eax 004014FE \|. E8 9DFFFFFF call 004014A0 00401503 \|. 85C0 test eax, eax 00401505 \|. 75 05 jnz short 0040150C 00401507 \|. 33C0 xor eax, eax 00401509 \|. 5E pop esi 0040150A \|. 5B pop ebx 0040150B \|. C3 retn 0040150C \|> 8B16 mov edx, dword ptr [esi] 0040150E \|. 8950 08 mov dword ptr [eax+8], edx 00401511 \|. 8B56 04 mov edx, dword ptr [esi+4] 00401514 \|. 8950 0C mov dword ptr [eax+C], edx 00401517 \|. 8B13 mov edx, dword ptr [ebx] 00401519 \|. 8910 mov dword ptr [eax], edx 0040151B \|. 8958 04 mov dword ptr [eax+4], ebx 0040151E \|. 8942 04 mov dword ptr [edx+4], eax 00401521 \|. 8903 mov dword ptr [ebx], eax 00401523 \|. B0 01 mov al, 1 00401525 \|. 5E pop esi 00401526 \|. 5B pop ebx 00401527 \. C3 retn 00401528 /$ 8B50 04 mov edx, dword ptr [eax+4] 0040152B \|. 8B08 mov ecx, dword ptr [eax] 0040152D \|. 890A mov dword ptr [edx], ecx 0040152F \|. 8951 04 mov dword ptr [ecx+4], edx 00401532 \|. 8B15 E4355100 mov edx, dword ptr [5135E4] 00401538 \|. 8910 mov dword ptr [eax], edx 0040153A \|. A3 E4355100 mov dword ptr [5135E4], eax 0040153F \. C3 retn 00401540 /$ 53 push ebx 00401541 \|. 56 push esi 00401542 \|. 57 push edi 00401543 \|. 55 push ebp 00401544 \|. 51 push ecx 00401545 \|. 8BF1 mov esi, ecx 00401547 \|. 891424 mov dword ptr [esp], edx 0040154A \|. 8BE8 mov ebp, eax 0040154C \|. 8B5D 00 mov ebx, dword ptr [ebp] 0040154F \|. 8B0424 mov eax, dword ptr [esp] 00401552 \|. 8B10 mov edx, dword ptr [eax] 00401554 \|. 8916 mov dword ptr [esi], edx 00401556 \|. 8B50 04 mov edx, dword ptr [eax+4] 00401559 \|. 8956 04 mov dword ptr [esi+4], edx 0040155C \|> 8B3B /mov edi, dword ptr [ebx] 0040155E \|. 8B06 \|mov eax, dword ptr [esi] 00401560 \|. 8B53 08 \|mov edx, dword ptr [ebx+8] 00401563 \|. 0353 0C \|add edx, dword ptr [ebx+C] 00401566 \|. 3BC2 \|cmp eax, edx 00401568 \|. 75 14 \|jnz short 0040157E 0040156A \|. 8BC3 \|mov eax, ebx 0040156C \|. E8 B7FFFFFF \|call 00401528 00401571 \|. 8B43 08 \|mov eax, dword ptr [ebx+8] 00401574 \|. 8906 \|mov dword ptr [esi], eax 00401576 \|. 8B43 0C \|mov eax, dword ptr [ebx+C] 00401579 \|. 0146 04 \|add dword ptr [esi+4], eax 0040157C \|. EB 15 \|jmp short 00401593 0040157E \|> 0346 04 \|add eax, dword ptr [esi+4] 00401581 \|. 3B43 08 \|cmp eax, dword ptr [ebx+8] 00401584 \|. 75 0D \|jnz short 00401593 00401586 \|. 8BC3 \|mov eax, ebx 00401588 \|. E8 9BFFFFFF \|call 00401528 0040158D \|. 8B43 0C \|mov eax, dword ptr [ebx+C] 00401590 \|. 0146 04 \|add dword ptr [esi+4], eax 00401593 \|> 8BDF \|mov ebx, edi 00401595 \|. 3BEB \|cmp ebp, ebx 00401597 \|.^ 75 C3 \jnz short 0040155C 00401599 \|. 8BD6 mov edx, esi 0040159B \|. 8BC5 mov eax, ebp 0040159D \|. E8 56FFFFFF call 004014F8 004015A2 \|. 84C0 test al, al 004015A4 \|. 75 04 jnz short 004015AA 004015A6 \|. 33C0 xor eax, eax 004015A8 \|. 8906 mov dword ptr [esi], eax 004015AA \|> 5A pop edx 004015AB \|. 5D pop ebp 004015AC \|. 5F pop edi 004015AD \|. 5E pop esi 004015AE \|. 5B pop ebx 004015AF \. C3 retn 004015B0 /$ 53 push ebx 004015B1 \|. 56 push esi 004015B2 \|. 57 push edi 004015B3 \|. 55 push ebp 004015B4 \|. 83C4 F8 add esp, -8 004015B7 \|. 8BD8 mov ebx, eax 004015B9 \|. 8BFB mov edi, ebx 004015BB \|> 8B32 /mov esi, dword ptr [edx] 004015BD \|. 8B43 08 \|mov eax, dword ptr [ebx+8] 004015C0 \|. 3BF0 \|cmp esi, eax 004015C2 \|. 72 70 \|jb short 00401634 004015C4 \|. 8BCE \|mov ecx, esi 004015C6 \|. 034A 04 \|add ecx, dword ptr [edx+4] 004015C9 \|. 8BE8 \|mov ebp, eax 004015CB \|. 036B 0C \|add ebp, dword ptr [ebx+C] 004015CE \|. 3BCD \|cmp ecx, ebp 004015D0 \|. 77 62 \|ja short 00401634 004015D2 \|. 3BF0 \|cmp esi, eax 004015D4 \|. 75 1B \|jnz short 004015F1 004015D6 \|. 8B42 04 \|mov eax, dword ptr [edx+4] 004015D9 \|. 0143 08 \|add dword ptr [ebx+8], eax 004015DC \|. 8B42 04 \|mov eax, dword ptr [edx+4] 004015DF \|. 2943 0C \|sub dword ptr [ebx+C], eax 004015E2 \|. 837B 0C 00 \|cmp dword ptr [ebx+C], 0 004015E6 \|. 75 48 \|jnz short 00401630 004015E8 \|. 8BC3 \|mov eax, ebx 004015EA \|. E8 39FFFFFF \|call 00401528 004015EF \|. EB 3F \|jmp short 00401630 004015F1 \|> 8BCE \|mov ecx, esi 004015F3 \|. 8B7A 04 \|mov edi, dword ptr [edx+4] 004015F6 \|. 03CF \|add ecx, edi 004015F8 \|. 8BE8 \|mov ebp, eax 004015FA \|. 036B 0C \|add ebp, dword ptr [ebx+C] 004015FD \|. 3BCD \|cmp ecx, ebp 004015FF \|. 75 05 \|jnz short 00401606 00401601 \|. 297B 0C \|sub dword ptr [ebx+C], edi 00401604 \|. EB 2A \|jmp short 00401630 00401606 \|> 8B0A \|mov ecx, dword ptr [edx] 00401608 \|. 034A 04 \|add ecx, dword ptr [edx+4] 0040160B \|. 890C24 \|mov dword ptr [esp], ecx 0040160E \|. 8B7B 08 \|mov edi, dword ptr [ebx+8] 00401611 \|. 037B 0C \|add edi, dword ptr [ebx+C] 00401614 \|. 2BF9 \|sub edi, ecx 00401616 \|. 897C24 04 \|mov dword ptr [esp+4], edi 0040161A \|. 2BF0 \|sub esi, eax 0040161C \|. 8973 0C \|mov dword ptr [ebx+C], esi 0040161F \|. 8BD4 \|mov edx, esp 00401621 \|. 8BC3 \|mov eax, ebx 00401623 \|. E8 D0FEFFFF \|call 004014F8 00401628 \|. 84C0 \|test al, al 0040162A \|. 75 04 \|jnz short 00401630 0040162C \|. 33C0 \|xor eax, eax 0040162E \|. EB 0C \|jmp short 0040163C 00401630 \|> B0 01 \|mov al, 1 00401632 \|. EB 08 \|jmp short 0040163C 00401634 \|> 8B1B \|mov ebx, dword ptr [ebx] 00401636 \|. 3BFB \|cmp edi, ebx 00401638 \|.^ 75 81 \jnz short 004015BB 0040163A \|. 33C0 xor eax, eax 0040163C \|> 59 pop ecx 0040163D \|. 5A pop edx 0040163E \|. 5D pop ebp 0040163F \|. 5F pop edi 00401640 \|. 5E pop esi 00401641 \|. 5B pop ebx 00401642 \. C3 retn 00401643 90 nop 00401644 /$ 53 push ebx 00401645 \|. 56 push esi 00401646 \|. 57 push edi 00401647 \|. 8BDA mov ebx, edx 00401649 \|. 8BF0 mov esi, eax 0040164B \|. 81FE 00001000 cmp esi, 100000 00401651 \|. 7D 07 jge short 0040165A 00401653 \|. BE 00001000 mov esi, 100000 00401658 \|. EB 0C jmp short 00401666 0040165A \|> 81C6 FFFF0000 add esi, 0FFFF 00401660 \|. 81E6 0000FFFF and esi, FFFF0000 00401666 \|> 8973 04 mov dword ptr [ebx+4], esi 00401669 \|. 6A 01 push 1 ; /Protect = PAGE_NOACCESS 0040166B \|. 68 00200000 push 2000 ; \|AllocationType = MEM_RESERVE 00401670 \|. 56 push esi ; \|Size 00401671 \|. 6A 00 push 0 ; \|Address = NULL 00401673 \|. E8 F8FDFFFF call <jmp.&kernel32.VirtualAlloc> ; \VirtualAlloc 00401678 \|. 8BF8 mov edi, eax 0040167A \|. 893B mov dword ptr [ebx], edi 0040167C \|. 85FF test edi, edi 0040167E \|. 74 23 je short 004016A3 00401680 \|. 8BD3 mov edx, ebx 00401682 \|. B8 E8355100 mov eax, 005135E8 00401687 \|. E8 6CFEFFFF call 004014F8 0040168C \|. 84C0 test al, al 0040168E \|. 75 13 jnz short 004016A3 00401690 \|. 68 00800000 push 8000 ; /FreeType = MEM_RELEASE 00401695 \|. 6A 00 push 0 ; \|Size = 0 00401697 \|. 8B03 mov eax, dword ptr [ebx] ; \| 00401699 \|. 50 push eax ; \|Address 0040169A \|. E8 D9FDFFFF call <jmp.&kernel32.VirtualFree> ; \VirtualFree 0040169F \|. 33C0 xor eax, eax 004016A1 \|. 8903 mov dword ptr [ebx], eax 004016A3 \|> 5F pop edi 004016A4 \|. 5E pop esi 004016A5 \|. 5B pop ebx 004016A6 \. C3 retn 004016A7 90 nop 004016A8 /$ 53 push ebx 004016A9 \|. 56 push esi 004016AA \|. 57 push edi 004016AB \|. 55 push ebp 004016AC \|. 8BD9 mov ebx, ecx 004016AE \|. 8BF2 mov esi, edx 004016B0 \|. 8BE8 mov ebp, eax 004016B2 \|. C743 04 00001>mov dword ptr [ebx+4], 100000 004016B9 \|. 6A 04 push 4 ; /Protect = PAGE_READWRITE 004016BB \|. 68 00200000 push 2000 ; \|AllocationType = MEM_RESERVE 004016C0 \|. 68 00001000 push 100000 ; \|Size = 100000 (1048576.) 004016C5 \|. 55 push ebp ; \|Address 004016C6 \|. E8 A5FDFFFF call <jmp.&kernel32.VirtualAlloc> ; \VirtualAlloc 004016CB \|. 8BF8 mov edi, eax 004016CD \|. 893B mov dword ptr [ebx], edi 004016CF \|. 85FF test edi, edi 004016D1 \|. 75 1F jnz short 004016F2 004016D3 \|. 81C6 FFFF0000 add esi, 0FFFF 004016D9 \|. 81E6 0000FFFF and esi, FFFF0000 004016DF \|. 8973 04 mov dword ptr [ebx+4], esi 004016E2 \|. 6A 04 push 4 ; /Protect = PAGE_READWRITE 004016E4 \|. 68 00200000 push 2000 ; \|AllocationType = MEM_RESERVE 004016E9 \|. 56 push esi ; \|Size 004016EA \|. 55 push ebp ; \|Address 004016EB \|. E8 80FDFFFF call <jmp.&kernel32.VirtualAlloc> ; \VirtualAlloc 004016F0 \|. 8903 mov dword ptr [ebx], eax 004016F2 \|> 833B 00 cmp dword ptr [ebx], 0 004016F5 \|. 74 23 je short 0040171A 004016F7 \|. 8BD3 mov edx, ebx 004016F9 \|. B8 E8355100 mov eax, 005135E8 004016FE \|. E8 F5FDFFFF call 004014F8 00401703 \|. 84C0 test al, al 00401705 \|. 75 13 jnz short 0040171A 00401707 \|. 68 00800000 push 8000 ; /FreeType = MEM_RELEASE 0040170C \|. 6A 00 push 0 ; \|Size = 0 0040170E \|. 8B03 mov eax, dword ptr [ebx] ; \| 00401710 \|. 50 push eax ; \|Address 00401711 \|. E8 62FDFFFF call <jmp.&kernel32.VirtualFree> ; \VirtualFree 00401716 \|. 33C0 xor eax, eax 00401718 \|. 8903 mov dword ptr [ebx], eax 0040171A \|> 5D pop ebp 0040171B \|. 5F pop edi 0040171C \|. 5E pop esi 0040171D \|. 5B pop ebx 0040171E \. C3 retn 0040171F 90 nop 00401720 /$ 53 push ebx 00401721 \|. 56 push esi 00401722 \|. 57 push edi 00401723 \|. 55 push ebp 00401724 \|. 83C4 EC add esp, -14 00401727 \|. 894C24 04 mov dword ptr [esp+4], ecx 0040172B \|. 891424 mov dword ptr [esp], edx 0040172E \|. C74424 08 FFF>mov dword ptr [esp+8], -1 00401736 \|. 33D2 xor edx, edx 00401738 \|. 895424 0C mov dword ptr [esp+C], edx 0040173C \|. 8BE8 mov ebp, eax 0040173E \|. 8B0424 mov eax, dword ptr [esp] 00401741 \|. 03C5 add eax, ebp 00401743 \|. 894424 10 mov dword ptr [esp+10], eax 00401747 \|. 8B1D E8355100 mov ebx, dword ptr [5135E8] 0040174D \|. EB 51 jmp short 004017A0 0040174F \|> 8B3B /mov edi, dword ptr [ebx] 00401751 \|. 8B73 08 \|mov esi, dword ptr [ebx+8] 00401754 \|. 3BEE \|cmp ebp, esi 00401756 \|. 77 46 \|ja short 0040179E 00401758 \|. 8BC6 \|mov eax, esi 0040175A \|. 0343 0C \|add eax, dword ptr [ebx+C] 0040175D \|. 3B4424 10 \|cmp eax, dword ptr [esp+10] 00401761 \|. 77 3B \|ja short 0040179E 00401763 \|. 3B7424 08 \|cmp esi, dword ptr [esp+8] 00401767 \|. 73 04 \|jnb short 0040176D 00401769 \|. 897424 08 \|mov dword ptr [esp+8], esi 0040176D \|> 8BC6 \|mov eax, esi 0040176F \|. 0343 0C \|add eax, dword ptr [ebx+C] 00401772 \|. 3B4424 0C \|cmp eax, dword ptr [esp+C] 00401776 \|. 76 04 \|jbe short 0040177C 00401778 \|. 894424 0C \|mov dword ptr [esp+C], eax 2007-7-8 20:06 0
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 9 楼那位大哥能帮忙看看啊 2007-7-8 20:07 0
guaiziyang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 13 粉丝 0 关注私信	guaiziyang 10 楼上面那些是OD里的代码,不全,但自己一点都看不明白,有没有那位大哥,能跟我说说下一步我应该做什么?或是有我下一步相关的教程,多谢各位大哥提供一下. 2007-7-8 21:43 0
shiansa 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 25 粉丝 0 关注私信	shiansa 11 楼看来汇编的知识还是很有用处的啊 2007-7-9 13:29 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复