此软件已经脱壳,但不知道如何入手爆破该软件,如有有高手指点一二,爆破成功,本人定当酬谢。各位帮忙研究一下。如看不清楚,我发完整给您。有思路请加我QQ:35358520,谢谢,定当酬谢!
0454BB00 . 4D 61 69 6E ascii "Main"
0454BB04 00 db 00
0454BB05 00 db 00
0454BB06 8BC0 mov eax, eax
0454BB08 /$ 55 push ebp
0454BB09 |. 8BEC mov ebp, esp
0454BB0B |. 83C4 D4 add esp, -2C
0454BB0E |. 53 push ebx
0454BB0F |. 56 push esi
0454BB10 |. 33D2 xor edx, edx
0454BB12 |. 8955 D4 mov dword ptr [ebp-2C], edx
0454BB15 |. 8BF0 mov esi, eax
0454BB17 |. BB A80D5504 mov ebx, 04550DA8
0454BB1C |. 33C0 xor eax, eax
0454BB1E |. 55 push ebp
0454BB1F |. 68 07BD5404 push 0454BD07
0454BB24 |. 64:FF30 push dword ptr fs:[eax]
0454BB27 |. 64:8920 mov dword ptr fs:[eax], esp
0454BB2A |. B8 640D5504 mov eax, 04550D64
0454BB2F |. 33C9 xor ecx, ecx
0454BB31 |. BA 44000000 mov edx, 44
0454BB36 |. E8 6972F7FF call 044C2DA4
0454BB3B |. 8BC3 mov eax, ebx
0454BB3D |. 33C9 xor ecx, ecx
0454BB3F |. BA 10000000 mov edx, 10
0454BB44 |. E8 5B72F7FF call 044C2DA4
0454BB49 |. C705 640D5504>mov dword ptr [4550D64], 44
0454BB53 |. 53 push ebx
0454BB54 |. 68 640D5504 push 04550D64
0454BB59 |. 8D55 D4 lea edx, dword ptr [ebp-2C]
0454BB5C |. A1 600D5504 mov eax, dword ptr [4550D60]
0454BB61 |. E8 32D0F7FF call 044C8B98
0454BB66 |. 8B45 D4 mov eax, dword ptr [ebp-2C]
0454BB69 |. E8 8A8AF7FF call 044C45F8
0454BB6E |. 50 push eax
0454BB6F |. 6A 00 push 0
0454BB71 |. 6A 04 push 4
0454BB73 |. 6A 00 push 0
0454BB75 |. 6A 00 push 0
0454BB77 |. 6A 00 push 0
0454BB79 |. A1 600D5504 mov eax, dword ptr [4550D60]
0454BB7E |. E8 758AF7FF call 044C45F8
0454BB83 |. 50 push eax ; |CommandLine
0454BB84 |. 6A 00 push 0 ; |ModuleFileName = NULL
0454BB86 |. E8 85A9F7FF call <jmp.&kernel32.#99> ; \CreateProcessA
0454BB8B |. 85C0 test eax, eax
0454BB8D |. 75 20 jnz short 0454BBAF
0454BB8F |. 33DB xor ebx, ebx
0454BB91 |. 6A 40 push 40
0454BB93 |. 68 18BD5404 push 0454BD18 ; ASCII "wq"
0454BB98 |. 68 1CBD5404 push 0454BD1C
0454BB9D |. 8BC6 mov eax, esi
0454BB9F |. E8 C428FCFF call 0450E468
0454BBA4 |. 50 push eax ; |hOwner
0454BBA5 |. E8 F6B1F7FF call <jmp.&user32.#477> ; \MessageBoxA
0454BBAA |. E9 42010000 jmp 0454BCF1
0454BBAF |> 8B43 08 mov eax, dword ptr [ebx+8]
0454BBB2 |. 50 push eax ; /ProcessId
0454BBB3 |. 6A 00 push 0 ; |Inheritable = FALSE
0454BBB5 |. 68 FF0F1F00 push 1F0FFF ; |Access = PROCESS_ALL_ACCESS
0454BBBA |. E8 19ABF7FF call <jmp.&kernel32.#629> ; \OpenProcess
0454BBBF |. 8D45 EC lea eax, dword ptr [ebp-14]
0454BBC2 |. 50 push eax ; /pOldProtect
0454BBC3 |. 6A 04 push 4 ; |NewProtect = PAGE_READWRITE
0454BBC5 |. 6A 10 push 10 ; |Size = 10 (16.)
0454BBC7 |. 68 810D5900 push 590D81 ; |Address = 00590D81
0454BBCC |. 8B03 mov eax, dword ptr [ebx] ; |
0454BBCE |. 50 push eax ; |hProcess
0454BBCF |. E8 6CABF7FF call <jmp.&kernel32.#882> ; \VirtualProtectEx
0454BBD4 |. 8D45 FC lea eax, dword ptr [ebp-4]
0454BBD7 |. 50 push eax ; /pBytesWritten
0454BBD8 |. 6A 01 push 1 ; |BytesToWrite = 1
0454BBDA |. 68 00EE5404 push 0454EE00 ; |Buffer = 001.0454EE00
0454BBDF |. 68 91904300 push 439091 ; |Address = 439091
0454BBE4 |. 8B03 mov eax, dword ptr [ebx] ; |
0454BBE6 |. 50 push eax ; |hProcess
0454BBE7 |. E8 74ABF7FF call <jmp.&kernel32.#917> ; \WriteProcessMemory
0454BBEC |. 8D45 FC lea eax, dword ptr [ebp-4]
0454BBEF |. 50 push eax ; /pBytesWritten
0454BBF0 |. 6A 06 push 6 ; |BytesToWrite = 6
0454BBF2 |. 68 04EE5404 push 0454EE04 ; |Buffer = 001.0454EE04
0454BBF7 |. A1 24EE5404 mov eax, dword ptr [454EE24] ; |
0454BBFC |. 50 push eax ; |Address => 58FB40
0454BBFD |. 8B03 mov eax, dword ptr [ebx] ; |
0454BBFF |. 50 push eax ; |hProcess
0454BC00 |. E8 5BABF7FF call <jmp.&kernel32.#917> ; \WriteProcessMemory
0454BC05 |. 8D45 FC lea eax, dword ptr [ebp-4]
0454BC08 |. 50 push eax ; /pBytesWritten
0454BC09 |. 6A 0B push 0B ; |BytesToWrite = B (11.)
0454BC0B |. 68 0CEE5404 push 0454EE0C ; |Buffer = 001.0454EE0C
0454BC10 |. A1 28EE5404 mov eax, dword ptr [454EE28] ; |
0454BC15 |. 50 push eax ; |Address => 58DA52
0454BC16 |. 8B03 mov eax, dword ptr [ebx] ; |
0454BC18 |. 50 push eax ; |hProcess
0454BC19 |. E8 42ABF7FF call <jmp.&kernel32.#917> ; \WriteProcessMemory
0454BC1E |. 8D45 FC lea eax, dword ptr [ebp-4]
0454BC21 |. 50 push eax ; /pBytesWritten
0454BC22 |. 6A 0A push 0A ; |BytesToWrite = A (10.)
0454BC24 |. 68 18EE5404 push 0454EE18 ; |Buffer = 001.0454EE18
0454BC29 |. A1 2CEE5404 mov eax, dword ptr [454EE2C] ; |
0454BC2E |. 50 push eax ; |Address => 590891
0454BC2F |. 8B03 mov eax, dword ptr [ebx] ; |
0454BC31 |. 50 push eax ; |hProcess
0454BC32 |. E8 29ABF7FF call <jmp.&kernel32.#917> ; \WriteProcessMemory
0454BC37 |. 6A 1C push 1C ; /BufSize = 1C (28.)
0454BC39 |. 8D45 D8 lea eax, dword ptr [ebp-28] ; |
0454BC3C |. 50 push eax ; |Buffer
0454BC3D |. A1 38EE5404 mov eax, dword ptr [454EE38] ; |
0454BC42 |. 50 push eax ; |Address => 0043904E
0454BC43 |. E8 00ABF7FF call <jmp.&kernel32.#883> ; \VirtualQuery
0454BC48 |. 8D45 EC lea eax, dword ptr [ebp-14]
0454BC4B |. 50 push eax ; /pOldProtect
0454BC4C |. 6A 04 push 4 ; |NewProtect = PAGE_READWRITE
0454BC4E |. 8B45 E4 mov eax, dword ptr [ebp-1C] ; |
0454BC51 |. 50 push eax ; |Size
0454BC52 |. 8B45 D8 mov eax, dword ptr [ebp-28] ; |
0454BC55 |. 50 push eax ; |Address
0454BC56 |. E8 DDAAF7FF call <jmp.&kernel32.#881> ; \VirtualProtect
0454BC5B |. 8D45 F4 lea eax, dword ptr [ebp-C]
0454BC5E |. 50 push eax ; /pBytesWritten
0454BC5F |. 6A 06 push 6 ; |BytesToWrite = 6
0454BC61 |. 68 30EE5404 push 0454EE30 ; |Buffer = 001.0454EE30
0454BC66 |. A1 38EE5404 mov eax, dword ptr [454EE38] ; |
0454BC6B |. 50 push eax ; |Address => 43904E
0454BC6C |. 8B03 mov eax, dword ptr [ebx] ; |
0454BC6E |. 50 push eax ; |hProcess
0454BC6F |. E8 ECAAF7FF call <jmp.&kernel32.#917> ; \WriteProcessMemory
0454BC74 |. 8D45 F8 lea eax, dword ptr [ebp-8]
0454BC77 |. 50 push eax ; /pOldProtect
0454BC78 |. 8B45 EC mov eax, dword ptr [ebp-14] ; |
0454BC7B |. 50 push eax ; |NewProtect
0454BC7C |. 8B45 E4 mov eax, dword ptr [ebp-1C] ; |
0454BC7F |. 50 push eax ; |Size
0454BC80 |. 8B45 D8 mov eax, dword ptr [ebp-28] ; |
0454BC83 |. 50 push eax ; |Address
0454BC84 |. E8 AFAAF7FF call <jmp.&kernel32.#881> ; \VirtualProtect
0454BC89 |. 8D45 FC lea eax, dword ptr [ebp-4]
0454BC8C |. 50 push eax ; /pBytesWritten
0454BC8D |. 6A 01 push 1 ; |BytesToWrite = 1
0454BC8F |. 68 00EE5404 push 0454EE00 ; |Buffer = 001.0454EE00
0454BC94 |. A1 3CEE5404 mov eax, dword ptr [454EE3C] ; |
0454BC99 |. 50 push eax ; |Address => 43C4DB
0454BC9A |. 8B03 mov eax, dword ptr [ebx] ; |
0454BC9C |. 50 push eax ; |hProcess
0454BC9D |. E8 BEAAF7FF call <jmp.&kernel32.#917> ; \WriteProcessMemory
0454BCA2 |. 8D45 FC lea eax, dword ptr [ebp-4]
0454BCA5 |. 50 push eax ; /pBytesWritten
0454BCA6 |. 6A 01 push 1 ; |BytesToWrite = 1
0454BCA8 |. 68 00EE5404 push 0454EE00 ; |Buffer = 001.0454EE00
0454BCAD |. A1 40EE5404 mov eax, dword ptr [454EE40] ; |
0454BCB2 |. 50 push eax ; |Address => 43B49D
0454BCB3 |. 8B03 mov eax, dword ptr [ebx] ; |
0454BCB5 |. 50 push eax ; |hProcess
0454BCB6 |. E8 A5AAF7FF call <jmp.&kernel32.#917> ; \WriteProcessMemory
0454BCBB |. 8B86 54030000 mov eax, dword ptr [esi+354]
0454BCC1 |. 8B10 mov edx, dword ptr [eax]
0454BCC3 |. FF92 C8000000 call dword ptr [edx+C8]
0454BCC9 |. 84C0 test al, al
0454BCCB |. 74 19 je short 0454BCE6
0454BCCD |. 8D45 FC lea eax, dword ptr [ebp-4]
0454BCD0 |. 50 push eax ; /pBytesWritten
0454BCD1 |. 6A 06 push 6 ; |BytesToWrite = 6
0454BCD3 |. 68 44EE5404 push 0454EE44 ; |Buffer = 001.0454EE44
0454BCD8 |. A1 4CEE5404 mov eax, dword ptr [454EE4C] ; |
0454BCDD |. 50 push eax ; |Address => 41ECC2
0454BCDE |. 8B03 mov eax, dword ptr [ebx] ; |
0454BCE0 |. 50 push eax ; |hProcess
0454BCE1 |. E8 7AAAF7FF call <jmp.&kernel32.#917> ; \WriteProcessMemory
0454BCE6 |> 8B43 04 mov eax, dword ptr [ebx+4]
0454BCE9 |. 50 push eax ; /hThread
0454BCEA |. E8 01AAF7FF call <jmp.&kernel32.#704> ; \ResumeThread
0454BCEF |. B3 01 mov bl, 1
0454BCF1 |> 33C0 xor eax, eax
0454BCF3 |. 5A pop edx
0454BCF4 |. 59 pop ecx
0454BCF5 |> 59 pop ecx
0454BCF6 |. 64:8910 mov dword ptr fs:[eax], edx
0454BCF9 |. 68 0EBD5404 push 0454BD0E
0454BCFE |> 8D45 D4 lea eax, dword ptr [ebp-2C]
0454BD01 |. E8 3284F7FF call 044C4138
0454BD06 \. C3 retn
0454BD07 .^ E9 307EF7FF jmp 044C3B3C
0454BD0C .^ EB F0 jmp short 0454BCFE
0454BD0E . 8BC3 mov eax, ebx
0454BD10 . 5E pop esi
0454BD11 . 5B pop ebx
0454BD12 . 8BE5 mov esp, ebp
0454BD14 . 5D pop ebp
0454BD15 . C3 retn
0454BD16 00 db 00
0454BD17 00 db 00
0454BD18 . 77 71 00 ascii "wq",0
0454BD1B 00 db 00
0454BD1C B2 db B2
0454BD1D BB db BB
0454BD1E C4 db C4
0454BD1F DC db DC
0454BD20 C6 db C6
0454BD21 F4 db F4
0454BD22 B6 db B6
0454BD23 AF db AF
0454BD24 D3 db D3
0454BD25 CE db CE
0454BD26 CF db CF
0454BD27 B7 db B7
0454BD28 A3 db A3
0454BD29 AC db AC
0454BD2A C7 db C7
0454BD2B .^ EB C8 jmp short 0454BCF5
0454BD2D B7 db B7
0454BD2E C8 db C8
0454BD2F CF db CF
0454BD30 D3 db D3
0454BD31 CE db CE
0454BD32 CF db CF
0454BD33 B7 db B7
0454BD34 CE db CE
0454BD35 C4 db C4
0454BD36 BC db BC
0454BD37 FE db FE
0454BD38 . CA C7B7 retf 0B7C7
0454BD3B F1 db F1
0454BD3C D5 db D5
0454BD3D FD db FD
0454BD3E C8 db C8
0454BD3F B7 db B7
0454BD40 00 db 00
0454BD41 00 db 00
0454BD42 00 db 00
0454BD43 00 db 00
0454BD44 . 53 push ebx
0454BD45 . 8BD8 mov ebx, eax
0454BD47 . 68 A4BD5404 push 0454BDA4 ; /FileName = "wm.dll"
0454BD4C . E8 5FA9F7FF call <jmp.&kernel32.#578> ; \LoadLibraryA
0454BD51 . A3 540D5504 mov dword ptr [4550D54], eax
0454BD56 . 68 ACBD5404 push 0454BDAC ; /ProcNameOrOrdinal = "set_mayi_hook"
0454BD5B . A1 540D5504 mov eax, dword ptr [4550D54] ; |
0454BD60 . 50 push eax ; |hModule => NULL
0454BD61 . E8 8AA8F7FF call <jmp.&kernel32.#408> ; \GetProcAddress
0454BD66 . A3 580D5504 mov dword ptr [4550D58], eax
0454BD6B . 68 BCBD5404 push 0454BDBC ; /ProcNameOrOrdinal = "end_mayi_hook"
0454BD70 . A1 540D5504 mov eax, dword ptr [4550D54] ; |
0454BD75 . 50 push eax ; |hModule => NULL
0454BD76 . E8 75A8F7FF call <jmp.&kernel32.#408> ; \GetProcAddress
0454BD7B . A3 5C0D5504 mov dword ptr [4550D5C], eax
0454BD80 . BA D0BD5404 mov edx, 0454BDD0 ; UNICODE "http://zhuxianmeimei.kmip.net/changelog.htm"
0454BD85 . 8B83 18030000 mov eax, dword ptr [ebx+318]
0454BD8B . E8 FC4AFEFF call 0453088C
0454BD90 . BA 30BE5404 mov edx, 0454BE30 ; ASCII "0.1"
0454BD95 . 8B83 24030000 mov eax, dword ptr [ebx+324]
0454BD9B . E8 14F4FFFF call 0454B1B4
0454BDA0 . 5B pop ebx
0454BDA1 . C3 retn
0454BDA2 00 db 00
0454BDA3 00 db 00
0454BDA4 . 77 6D 2E 64 6>ascii "wm.dll",0
0454BDAB 00 db 00
0454BDAC . 73 65 74 5F 6>ascii "set_mayi_hook",0
0454BDBA 00 db 00
0454BDBB 00 db 00
0454BDBC . 65 6E 64 5F 6>ascii "end_mayi_hook",0
0454BDCA 00 db 00
0454BDCB 00 db 00
0454BDCC 56 db 56 ; CHAR 'V'
0454BDCD 00 db 00
0454BDCE 00 db 00
0454BDCF 00 db 00
0454BDD0 . 6800 7400 740>unicode "http://z"
0454BDE0 . 6800 7500 780>unicode "huxianme"
0454BDF0 . 6900 6D00 650>unicode "imei.kmi"
0454BE00 . 7000 2E00 6E0>unicode "p.net/ch"
0454BE10 . 6100 6E00 670>unicode "angelog."
0454BE20 . 6800 7400 6D0>unicode "htm",0
0454BE28 . FFFFFFFF dd FFFFFFFF
0454BE2C . 03000000 dd 00000003
0454BE30 . 30 2E 31 00 ascii "0.1",0
0454BE34 . 53 push ebx
0454BE35 . 8BD8 mov ebx, eax
0454BE37 . 8BC3 mov eax, ebx
0454BE39 . E8 CAFCFFFF call 0454BB08
0454BE3E . 84C0 test al, al
0454BE40 . 74 0D je short 0454BE4F
0454BE42 . B2 01 mov dl, 1
0454BE44 . 8B83 F8020000 mov eax, dword ptr [ebx+2F8]
0454BE4A . E8 957BFAFF call 044F39E4
0454BE4F > 5B pop ebx
0454BE50 . C3 retn
0454BE51 8D40 00 lea eax, dword ptr [eax]
0454BE54 /. 55 push ebp
0454BE55 |. 8BEC mov ebp, esp
0454BE57 |. 33C9 xor ecx, ecx
0454BE59 |. 51 push ecx
0454BE5A |. 51 push ecx
0454BE5B |. 51 push ecx
0454BE5C |. 51 push ecx
0454BE5D |. 53 push ebx
0454BE5E |. 8BD8 mov ebx, eax
0454BE60 |. 33C0 xor eax, eax
0454BE62 |. 55 push ebp
0454BE63 |. 68 80BF5404 push 0454BF80
0454BE68 |. 64:FF30 push dword ptr fs:[eax]
0454BE6B |. 64:8920 mov dword ptr fs:[eax], esp
0454BE6E |. 8B83 FC020000 mov eax, dword ptr [ebx+2FC]
0454BE74 |. 8B10 mov edx, dword ptr [eax]
0454BE76 |. FF52 3C call dword ptr [edx+3C]
0454BE79 |. 8D55 F8 lea edx, dword ptr [ebp-8]
0454BE7C |. 8B83 FC020000 mov eax, dword ptr [ebx+2FC]
0454BE82 |. E8 914AFAFF call 044F0918
0454BE87 |. 8B55 F8 mov edx, dword ptr [ebp-8]
0454BE8A |. B8 600D5504 mov eax, 04550D60
0454BE8F |. E8 F882F7FF call 044C418C
0454BE94 |. 8D55 F4 lea edx, dword ptr [ebp-C]
0454BE97 |. 8B83 FC020000 mov eax, dword ptr [ebx+2FC]
0454BE9D |. E8 764AFAFF call 044F0918
0454BEA2 |. 8B55 F4 mov edx, dword ptr [ebp-C]
0454BEA5 |. 8B83 20030000 mov eax, dword ptr [ebx+320]
0454BEAB |. E8 C8BDFBFF call 04507C78
0454BEB0 |. B2 01 mov dl, 1
0454BEB2 |. A1 B0474F04 mov eax, dword ptr [44F47B0]
0454BEB7 |. E8 F489FAFF call 044F48B0
0454BEBC |. 8945 FC mov dword ptr [ebp-4], eax
0454BEBF |. BA 01000080 mov edx, 80000001
0454BEC4 |. 8B45 FC mov eax, dword ptr [ebp-4]
0454BEC7 |. E8 848AFAFF call 044F4950
0454BECC |. 33C0 xor eax, eax
0454BECE |. 55 push ebp
0454BECF |. 68 56BF5404 push 0454BF56
0454BED4 |. 64:FF30 push dword ptr fs:[eax]
0454BED7 |. 64:8920 mov dword ptr fs:[eax], esp
0454BEDA |. 33C9 xor ecx, ecx
0454BEDC |. BA 94BF5404 mov edx, 0454BF94 ; ASCII "\SOFTWARE\"
0454BEE1 |. 8B45 FC mov eax, dword ptr [ebp-4]
0454BEE4 |. E8 A78BFAFF call 044F4A90
0454BEE9 |. 84C0 test al, al
0454BEEB |. BA A8BF5404 mov edx, 0454BFA8 ; ASCII "wm"
0454BEF0 |. 8B45 FC mov eax, dword ptr [ebp-4]
0454BEF3 |. E8 4C8FFAFF call 044F4E44
0454BEF8 |. 84C0 test al, al
0454BEFA |. 75 0D jnz short 0454BF09
0454BEFC |. BA A8BF5404 mov edx, 0454BFA8 ; ASCII "wm"
0454BF01 |. 8B45 FC mov eax, dword ptr [ebp-4]
0454BF04 |. E8 AB8AFAFF call 044F49B4
0454BF09 |> 33C9 xor ecx, ecx
0454BF0B |. BA B4BF5404 mov edx, 0454BFB4 ; ASCII "\SOFTWARE\wm"
0454BF10 |. 8B45 FC mov eax, dword ptr [ebp-4]
0454BF13 |. E8 788BFAFF call 044F4A90
0454BF18 |. 84C0 test al, al
0454BF1A |. 8D55 F0 lea edx, dword ptr [ebp-10]
0454BF1D |. 8B83 20030000 mov eax, dword ptr [ebx+320]
0454BF23 |. E8 20BDFBFF call 04507C48
0454BF28 |. 8B4D F0 mov ecx, dword ptr [ebp-10]
0454BF2B |. BA CCBF5404 mov edx, 0454BFCC ; ASCII "GameFileName"
0454BF30 |. 8B45 FC mov eax, dword ptr [ebp-4]
0454BF33 |. E8 F48CFAFF call 044F4C2C
0454BF38 |. 8B45 FC mov eax, dword ptr [ebp-4]
0454BF3B |. E8 E089FAFF call 044F4920
0454BF40 |. 33C0 xor eax, eax
0454BF42 |. 5A pop edx
0454BF43 |. 59 pop ecx
0454BF44 |. 59 pop ecx
0454BF45 |. 64:8910 mov dword ptr fs:[eax], edx
0454BF48 |. 68 5DBF5404 push 0454BF5D
0454BF4D |> 8B45 FC mov eax, dword ptr [ebp-4]
0454BF50 |. E8 9374F7FF call 044C33E8
0454BF55 \. C3 retn
0454BF56 .^ E9 E17BF7FF jmp 044C3B3C
0454BF5B .^ EB F0 jmp short 0454BF4D
0454BF5D . 33C0 xor eax, eax
0454BF5F . 5A pop edx
0454BF60 . 59 pop ecx
0454BF61 . 59 pop ecx
0454BF62 . 64:8910 mov dword ptr fs:[eax], edx
0454BF65 . 68 87BF5404 push 0454BF87
0454BF6A > 8D45 F0 lea eax, dword ptr [ebp-10]
0454BF6D . E8 C681F7FF call 044C4138
0454BF72 . 8D45 F4 lea eax, dword ptr [ebp-C]
0454BF75 . BA 02000000 mov edx, 2
0454BF7A . E8 DD81F7FF call 044C415C
0454BF7F . C3 retn
0454BF80 .^ E9 B77BF7FF jmp 044C3B3C
0454BF85 .^ EB E3 jmp short 0454BF6A
0454BF87 . 5B pop ebx
0454BF88 . 8BE5 mov esp, ebp
0454BF8A . 5D pop ebp
0454BF8B . C3 retn
0454BF8C . FFFFFFFF dd FFFFFFFF
0454BF90 . 0A000000 dd 0000000A
0454BF94 . 5C 53 4F 46 5>ascii "\SOFTWARE\",0
0454BF9F 00 db 00
0454BFA0 . FFFFFFFF dd FFFFFFFF
0454BFA4 . 02000000 dd 00000002
0454BFA8 . 77 6D 00 ascii "wm",0
0454BFAB 00 db 00
0454BFAC . FFFFFFFF dd FFFFFFFF
0454BFB0 . 0C000000 dd 0000000C
0454BFB4 . 5C 53 4F 46 5>ascii "\SOFTWARE\wm",0
0454BFC1 00 db 00
0454BFC2 00 db 00
0454BFC3 00 db 00
0454BFC4 . FFFFFFFF dd FFFFFFFF
0454BFC8 . 0C000000 dd 0000000C
0454BFCC . 47 61 6D 65 4>ascii "GameFileName",0
0454BFD9 00 db 00
0454BFDA 00 db 00
0454BFDB 00 db 00
0454BFDC . 53 push ebx
0454BFDD . 8BD8 mov ebx, eax
0454BFDF . BA 04C05404 mov edx, 0454C004 ; UNICODE "http://zhuxianmeimei.kmip.net"
0454BFE4 . 8B83 1C030000 mov eax, dword ptr [ebx+31C]
0454BFEA . E8 9D48FEFF call 0453088C
0454BFEF . B2 01 mov dl, 1
0454BFF1 . 8B83 0C030000 mov eax, dword ptr [ebx+30C]
0454BFF7 . E8 6CBBFBFF call 04507B68
0454BFFC . 5B pop ebx
0454BFFD . C3 retn
0454BFFE 00 db 00
0454BFFF 00 db 00
0454C000 3A db 3A ; CHAR ':'
0454C001 00 db 00
0454C002 00 db 00
0454C003 00 db 00
0454C004 . 6800 7400 740>unicode "http://z"
0454C014 . 6800 7500 780>unicode "huxianme"
0454C024 . 6900 6D00 650>unicode "imei.kmi"
0454C034 . 7000 2E00 6E0>unicode "p.net",0
0454C040 . 33D2 xor edx, edx
0454C042 . 8B80 0C030000 mov eax, dword ptr [eax+30C]
0454C048 . E8 1BBBFBFF call 04507B68
0454C04D . C3 retn
0454C04E 8BC0 mov eax, eax
0454C050 . 68 6CC05404 push 0454C06C ; /Title = "Element Client"
0454C055 . 6A 00 push 0 ; |Class = 0
0454C057 . E8 F4AAF7FF call <jmp.&user32.#228> ; \FindWindowA
0454C05C . 85C0 test eax, eax
0454C05E 74 0B je short 0454C06B
0454C060 . FF15 580D5504 call dword ptr [4550D58]
0454C066 . A2 500D5504 mov byte ptr [4550D50], al
0454C06B > C3 retn
0454C06C . 45 6C 65 6D 6>ascii "Element Client",0
0454C07B 00 db 00
0454C07C . FF15 5C0D5504 call dword ptr [4550D5C]
0454C082 . A1 540D5504 mov eax, dword ptr [4550D54]
0454C087 . 50 push eax ; /hLibModule => NULL
0454C088 . E8 E3A4F7FF call <jmp.&kernel32.#241> ; \FreeLibrary
0454C08D . C3 retn
0454C08E 8BC0 mov eax, eax
0454C090 /. 55 push ebp
0454C091 |. 8BEC mov ebp, esp
0454C093 |. 51 push ecx
0454C094 |. B9 05000000 mov ecx, 5
0454C099 |> 6A 00 /push 0
0454C09B |. 6A 00 |push 0
0454C09D |. 49 |dec ecx
0454C09E |.^ 75 F9 \jnz short 0454C099
0454C0A0 |. 51 push ecx
0454C0A1 |. 874D FC xchg dword ptr [ebp-4], ecx
0454C0A4 |. 53 push ebx
0454C0A5 |. 8BD8 mov ebx, eax
0454C0A7 |. 33C0 xor eax, eax
0454C0A9 |. 55 push ebp
0454C0AA |. 68 26C15404 push 0454C126
0454C0AF |. 64:FF30 push dword ptr fs:[eax]
0454C0B2 |. 64:8920 mov dword ptr fs:[eax], esp
0454C0B5 |. 68 3CC15404 push 0454C13C ; ASCII "No"
0454C0BA |. 68 40C15404 push 0454C140
0454C0BF |. 68 4CC15404 push 0454C14C
0454C0C4 |. 68 54C15404 push 0454C154
0454C0C9 |. 8D55 D0 lea edx, dword ptr [ebp-30]
0454C0CC |. 8B83 18030000 mov eax, dword ptr [ebx+318]
0454C0D2 |. E8 3111FEFF call 0452D208
0454C0D7 |. 8D45 D0 lea eax, dword ptr [ebp-30]
0454C0DA |. 50 push eax
0454C0DB |. 8D45 E0 lea eax, dword ptr [ebp-20]
0454C0DE |. 50 push eax
0454C0DF |. E8 AC35F8FF call 044CF690
0454C0E4 |. 83C4 0C add esp, 0C
0454C0E7 |. 8D45 E0 lea eax, dword ptr [ebp-20]
0454C0EA |. 50 push eax
0454C0EB |. 8D45 F0 lea eax, dword ptr [ebp-10]
0454C0EE |. 50 push eax
0454C0EF |. E8 9C35F8FF call 044CF690
0454C0F4 |. 83C4 0C add esp, 0C
0454C0F7 |. 8D45 F0 lea eax, dword ptr [ebp-10]
0454C0FA |. 50 push eax
0454C0FB |. 6A 00 push 0
0454C0FD |. E8 8E35F8FF call 044CF690
0454C102 |. 83C4 10 add esp, 10
0454C105 |. 33C0 xor eax, eax
0454C107 |. 5A pop edx
0454C108 |. 59 pop ecx
0454C109 |. 59 pop ecx
0454C10A |. 64:8910 mov dword ptr fs:[eax], edx
0454C10D |. 68 2DC15404 push 0454C12D
0454C112 |> 8D45 D0 lea eax, dword ptr [ebp-30]
0454C115 |. 8B15 10114C04 mov edx, dword ptr [44C1110] ; 001.044C1114
0454C11B |. B9 03000000 mov ecx, 3
0454C120 |. E8 C78AF7FF call 044C4BEC
0454C125 \. C3 retn
0454C126 .^ E9 117AF7FF jmp 044C3B3C
0454C12B .^ EB E5 jmp short 0454C112
0454C12D . 5B pop ebx
0454C12E . 8BE5 mov esp, ebp
0454C130 . 5D pop ebp
0454C131 . C2 0400 retn 4
0454C134 . FFFFFFFF dd FFFFFFFF
0454C138 . 02000000 dd 00000002
0454C13C . 4E 6F 00 ascii "No",0
0454C13F 00 db 00
0454C140 04 db 04
0454C141 01 db 01
0454C142 00 db 00
0454C143 . 48 53 63 72 6>ascii "HScroll",0
0454C14B 00 db 00
0454C14C 01 db 01
0454C14D 00 db 00
0454C14E 00 db 00
0454C14F . 42 6F 64 79 0>ascii "Body",0
0454C154 01 db 01
0454C155 00 db 00
0454C156 00 db 00
0454C157 . 44 6F 63 75 6>ascii "Document",0
0454C160 /. 55 push ebp
0454C161 |. 8BEC mov ebp, esp
0454C163 |. 51 push ecx
0454C164 |. B9 05000000 mov ecx, 5
0454C169 |> 6A 00 /push 0
0454C16B |. 6A 00 |push 0
0454C16D |. 49 |dec ecx
0454C16E |.^ 75 F9 \jnz short 0454C169
0454C170 |. 51 push ecx
0454C171 |. 874D FC xchg dword ptr [ebp-4], ecx
0454C174 |. 53 push ebx
0454C175 |. 8BD8 mov ebx, eax
0454C177 |. 33C0 xor eax, eax
0454C179 |. 55 push ebp
0454C17A |. 68 F6C15404 push 0454C1F6
0454C17F |. 64:FF30 push dword ptr fs:[eax]
0454C182 |. 64:8920 mov dword ptr fs:[eax], esp
0454C185 |. 68 0CC25404 push 0454C20C ; ASCII "No"
0454C18A |. 68 10C25404 push 0454C210
0454C18F |. 68 1CC25404 push 0454C21C
0454C194 |. 68 24C25404 push 0454C224
0454C199 |. 8D55 D0 lea edx, dword ptr [ebp-30]
0454C19C |. 8B83 1C030000 mov eax, dword ptr [ebx+31C]
0454C1A2 |. E8 6110FEFF call 0452D208
0454C1A7 |. 8D45 D0 lea eax, dword ptr [ebp-30]
0454C1AA |. 50 push eax
0454C1AB |. 8D45 E0 lea eax, dword ptr [ebp-20]
0454C1AE |. 50 push eax
0454C1AF |. E8 DC34F8FF call 044CF690
0454C1B4 |. 83C4 0C add esp, 0C
0454C1B7 |. 8D45 E0 lea eax, dword ptr [ebp-20]
0454C1BA |. 50 push eax
0454C1BB |. 8D45 F0 lea eax, dword ptr [ebp-10]
0454C1BE |. 50 push eax
0454C1BF |. E8 CC34F8FF call 044CF690
0454C1C4 |. 83C4 0C add esp, 0C
0454C1C7 |. 8D45 F0 lea eax, dword ptr [ebp-10]
0454C1CA |. 50 push eax
0454C1CB |. 6A 00 push 0
0454C1CD |. E8 BE34F8FF call 044CF690
0454C1D2 |. 83C4 10 add esp, 10
0454C1D5 |. 33C0 xor eax, eax
0454C1D7 |. 5A pop edx
0454C1D8 |. 59 pop ecx
0454C1D9 |. 59 pop ecx
0454C1DA |. 64:8910 mov dword ptr fs:[eax], edx
0454C1DD |. 68 FDC15404 push 0454C1FD
0454C1E2 |> 8D45 D0 lea eax, dword ptr [ebp-30]
0454C1E5 |. 8B15 10114C04 mov edx, dword ptr [44C1110] ; 001.044C1114
0454C1EB |. B9 03000000 mov ecx, 3
0454C1F0 |. E8 F789F7FF call 044C4BEC
0454C1F5 \. C3 retn
0454C1F6 .^ E9 4179F7FF jmp 044C3B3C
0454C1FB .^ EB E5 jmp short 0454C1E2
0454C1FD . 5B pop ebx
0454C1FE . 8BE5 mov esp, ebp
0454C200 . 5D pop ebp
0454C201 . C2 0400 retn 4
0454C204 . FFFFFFFF dd FFFFFFFF
0454C208 . 02000000 dd 00000002
0454C20C . 4E 6F 00 ascii "No",0
0454C20F 00 db 00
0454C210 04 db 04
0454C211 01 db 01
0454C212 00 db 00
0454C213 . 48 53 63 72 6>ascii "HScroll",0
0454C21B 00 db 00
0454C21C 01 db 01
0454C21D 00 db 00
0454C21E 00 db 00
0454C21F . 42 6F 64 79 0>ascii "Body",0
0454C224 01 db 01
0454C225 00 db 00
0454C226 . 00446F 63 add byte ptr [edi+ebp*2+63], al
0454C22A . 75 6D jnz short 0454C299
0454C22C . 65:6E outs dx, byte ptr es:[edi]
0454C22E . 74 00 je short 0454C230
0454C230 > 55 push ebp
0454C231 . 8BEC mov ebp, esp
0454C233 . 83C4 F0 add esp, -10
0454C236 . 33C9 xor ecx, ecx
0454C238 . 894D F0 mov dword ptr [ebp-10], ecx
0454C23B . 894D F4 mov dword ptr [ebp-C], ecx
0454C23E . 8945 FC mov dword ptr [ebp-4], eax
0454C241 . 33C0 xor eax, eax
0454C243 . 55 push ebp
0454C244 . 68 55C35404 push 0454C355
0454C249 . 64:FF30 push dword ptr fs:[eax]
0454C24C . 64:8920 mov dword ptr fs:[eax], esp
0454C24F . 8D55 F0 lea edx, dword ptr [ebp-10]
0454C252 . 33C0 xor eax, eax
0454C254 . E8 8368F7FF call 044C2ADC
0454C259 . 8B45 F0 mov eax, dword ptr [ebp-10]
0454C25C . 8D55 F4 lea edx, dword ptr [ebp-C]
0454C25F . E8 34C9F7FF call 044C8B98
0454C264 . B2 01 mov dl, 1
0454C266 . A1 B0474F04 mov eax, dword ptr [44F47B0]
0454C26B . E8 4086FAFF call 044F48B0
0454C270 . 8945 F8 mov dword ptr [ebp-8], eax
0454C273 . BA 01000080 mov edx, 80000001
0454C278 . 8B45 F8 mov eax, dword ptr [ebp-8]
0454C27B . E8 D086FAFF call 044F4950
0454C280 . 33C0 xor eax, eax
0454C282 . 55 push ebp
0454C283 . 68 0FC35404 push 0454C30F
0454C288 . 64:FF30 push dword ptr fs:[eax]
0454C28B . 64:8920 mov dword ptr fs:[eax], esp
0454C28E . 33C9 xor ecx, ecx
0454C290 . BA 68C35404 mov edx, 0454C368 ; ASCII "\SOFTWARE\"
0454C295 . 8B45 F8 mov eax, dword ptr [ebp-8]
0454C298 E8 db E8
0454C299 . F3: prefix rep:
0454C29A . 87FA xchg edx, edi
0454C29C . FF84C0 BA7CC3>inc dword ptr [eax+eax*8+54C37CBA]
0454C2A3 . 04 8B add al, 8B
0454C2A5 . 45 inc ebp
0454C2A6 . F8 clc
0454C2A7 . E8 988BFAFF call 044F4E44
0454C2AC . 84C0 test al, al
0454C2AE 75 0D jnz short 0454C2BD
0454C2B0 . BA 7CC35404 mov edx, 0454C37C ; ASCII "wm"
0454C2B5 . 8B45 F8 mov eax, dword ptr [ebp-8]
0454C2B8 . E8 F786FAFF call 044F49B4
0454C2BD > 33C9 xor ecx, ecx
0454C2BF . BA 88C35404 mov edx, 0454C388 ; ASCII "\SOFTWARE\wm"
0454C2C4 . 8B45 F8 mov eax, dword ptr [ebp-8]
0454C2C7 . E8 C487FAFF call 044F4A90
0454C2CC . 84C0 test al, al
0454C2CE . 8B4D F4 mov ecx, dword ptr [ebp-C]
0454C2D1 . BA A0C35404 mov edx, 0454C3A0 ; ASCII "ApprDIR"
0454C2D6 . 8B45 F8 mov eax, dword ptr [ebp-8]
0454C2D9 . E8 4E89FAFF call 044F4C2C
0454C2DE . 8B0D B80D5504 mov ecx, dword ptr [4550DB8]
0454C2E4 . BA B0C35404 mov edx, 0454C3B0 ; ASCII "GameFileName"
0454C2E9 . 8B45 F8 mov eax, dword ptr [ebp-8]
0454C2EC . E8 3B89FAFF call 044F4C2C
0454C2F1 . 8B45 F8 mov eax, dword ptr [ebp-8]
0454C2F4 . E8 2786FAFF call 044F4920
0454C2F9 . 33C0 xor eax, eax
0454C2FB . 5A pop edx
0454C2FC . 59 pop ecx
0454C2FD . 59 pop ecx
0454C2FE . 64:8910 mov dword ptr fs:[eax], edx
0454C301 . 68 16C35404 push 0454C316
0454C306 > 8B45 F8 mov eax, dword ptr [ebp-8]
0454C309 . E8 DA70F7FF call 044C33E8
0454C30E . C3 retn
0454C30F .^ E9 2878F7FF jmp 044C3B3C
0454C314 .^ EB F0 jmp short 0454C306
0454C316 . 8B45 FC mov eax, dword ptr [ebp-4]
0454C319 . 8B80 20030000 mov eax, dword ptr [eax+320]
0454C31F . 8B15 B80D5504 mov edx, dword ptr [4550DB8]
0454C325 . E8 4EB9FBFF call 04507C78
0454C32A . B8 600D5504 mov eax, 04550D60
0454C32F . 8B15 B80D5504 mov edx, dword ptr [4550DB8]
0454C335 . E8 527EF7FF call 044C418C
0454C33A . 33C0 xor eax, eax
0454C33C . 5A pop edx
0454C33D . 59 pop ecx
0454C33E . 59 pop ecx
0454C33F . 64:8910 mov dword ptr fs:[eax], edx
0454C342 . 68 5CC35404 push 0454C35C
0454C347 > 8D45 F0 lea eax, dword ptr [ebp-10]
0454C34A . BA 02000000 mov edx, 2
0454C34F . E8 087EF7FF call 044C415C
0454C354 . C3 retn
0454C355 .^ E9 E277F7FF jmp 044C3B3C
0454C35A .^ EB EB jmp short 0454C347
0454C35C . 8BE5 mov esp, ebp
0454C35E . 5D pop ebp
0454C35F . C3 retn
0454C360 . FFFFFFFF dd FFFFFFFF
0454C364 . 0A000000 dd 0000000A
0454C368 . 5C 53 4F 46 5>ascii "\SOFTWARE\",0
0454C373 00 db 00
0454C374 . FFFFFFFF dd FFFFFFFF
0454C378 . 02000000 dd 00000002
0454C37C . 77 6D 00 ascii "wm",0
0454C37F 00 db 00
0454C380 . FFFFFFFF dd FFFFFFFF
0454C384 . 0C000000 dd 0000000C
0454C388 . 5C 53 4F 46 5>ascii "\SOFTWARE\wm",0
0454C395 00 db 00
0454C396 00 db 00
0454C397 00 db 00
0454C398 . FFFFFFFF dd FFFFFFFF
0454C39C . 07000000 dd 00000007
0454C3A0 . 41 70 70 72 4>ascii "ApprDIR",0
0454C3A8 . FFFFFFFF dd FFFFFFFF
0454C3AC . 0C000000 dd 0000000C
0454C3B0 . 47 61 6D 65 4>ascii "GameFileName",0
0454C3BD 00 db 00
0454C3BE 00 db 00
0454C3BF 00 db 00
0454C3C0 /. 55 push ebp
0454C3C1 |. 8BEC mov ebp, esp
0454C3C3 |. 83C4 F8 add esp, -8
0454C3C6 |. 33C9 xor ecx, ecx
0454C3C8 |. 894D F8 mov dword ptr [ebp-8], ecx
0454C3CB |. 33C0 xor eax, eax
0454C3CD |. 55 push ebp
0454C3CE |. 68 8CC45404 push 0454C48C
0454C3D3 |. 64:FF30 push dword ptr fs:[eax]
0454C3D6 |. 64:8920 mov dword ptr fs:[eax], esp
0454C3D9 |. B2 01 mov dl, 1
0454C3DB |. A1 B0474F04 mov eax, dword ptr [44F47B0]
0454C3E0 |. E8 CB84FAFF call 044F48B0
0454C3E5 |. 8945 FC mov dword ptr [ebp-4], eax
0454C3E8 |. BA 01000080 mov edx, 80000001
0454C3ED |. 8B45 FC mov eax, dword ptr [ebp-4]
0454C3F0 |. E8 5B85FAFF call 044F4950
0454C3F5 |. 33C0 xor eax, eax
0454C3F7 |. 55 push ebp
0454C3F8 |. 68 6FC45404 push 0454C46F
0454C3FD |. 64:FF30 push dword ptr fs:[eax]
0454C400 |. 64:8920 mov dword ptr fs:[eax], esp
0454C403 |. 33C9 xor ecx, ecx
0454C405 |. BA A0C45404 mov edx, 0454C4A0 ; ASCII "\SOFTWARE\"
0454C40A |. 8B45 FC mov eax, dword ptr [ebp-4]
0454C40D |. E8 7E86FAFF call 044F4A90
0454C412 |. 84C0 test al, al
0454C414 |. BA B4C45404 mov edx, 0454C4B4 ; ASCII "wm"
0454C419 |. 8B45 FC mov eax, dword ptr [ebp-4]
0454C41C |. E8 238AFAFF call 044F4E44
0454C421 |. 84C0 test al, al
0454C423 |. 33C9 xor ecx, ecx
0454C425 |. BA C0C45404 mov edx, 0454C4C0 ; ASCII "\SOFTWARE\wm"
0454C42A |. 8B45 FC mov eax, dword ptr [ebp-4]
0454C42D |. E8 5E86FAFF call 044F4A90
0454C432 |. 84C0 test al, al
0454C434 |. 8D4D F8 lea ecx, dword ptr [ebp-8]
0454C437 |. BA D8C45404 mov edx, 0454C4D8 ; ASCII "GameFileName"
0454C43C |. 8B45 FC mov eax, dword ptr [ebp-4]
0454C43F |. E8 1488FAFF call 044F4C58
0454C444 |. 8B55 F8 mov edx, dword ptr [ebp-8]
0454C447 |. B8 B80D5504 mov eax, 04550DB8
0454C44C |. E8 3B7DF7FF call 044C418C
0454C451 |. 8B45 FC mov eax, dword ptr [ebp-4]
0454C454 |. E8 C784FAFF call 044F4920
0454C459 |. 33C0 xor eax, eax
0454C45B |. 5A pop edx
0454C45C |. 59 pop ecx
0454C45D |. 59 pop ecx
0454C45E |. 64:8910 mov dword ptr fs:[eax], edx
0454C461 |. 68 76C45404 push 0454C476
0454C466 |> 8B45 FC mov eax, dword ptr [ebp-4]
0454C469 |. E8 7A6FF7FF call 044C33E8
0454C46E \. C3 retn
0454C46F .^ E9 C876F7FF jmp 044C3B3C
0454C474 .^ EB F0 jmp short 0454C466
0454C476 . 33C0 xor eax, eax
0454C478 . 5A pop edx
0454C479 . 59 pop ecx
0454C47A . 59 pop ecx
0454C47B . 64:8910 mov dword ptr fs:[eax], edx
0454C47E . 68 93C45404 push 0454C493
0454C483 > 8D45 F8 lea eax, dword ptr [ebp-8]
0454C486 . E8 AD7CF7FF call 044C4138
0454C48B . C3 retn
0454C48C .^ E9 AB76F7FF jmp 044C3B3C
0454C491 .^ EB F0 jmp short 0454C483
0454C493 . 59 pop ecx
0454C494 . 59 pop ecx
0454C495 . 5D pop ebp
0454C496 . C3 retn
0454C497 00 db 00
0454C498 . FFFFFFFF dd FFFFFFFF
0454C49C . 0A000000 dd 0000000A
0454C4A0 . 5C 53 4F 46 5>ascii "\SOFTWARE\",0
0454C4AB 00 db 00
0454C4AC . FFFFFFFF dd FFFFFFFF
0454C4B0 . 02000000 dd 00000002
0454C4B4 . 77 6D 00 ascii "wm",0
0454C4B7 00 db 00
0454C4B8 . FFFFFFFF dd FFFFFFFF
0454C4BC . 0C000000 dd 0000000C
0454C4C0 . 5C 53 4F 46 5>ascii "\SOFTWARE\wm",0
0454C4CD 00 db 00
0454C4CE 00 db 00
0454C4CF 00 db 00
0454C4D0 . FFFFFFFF dd FFFFFFFF
0454C4D4 . 0C000000 dd 0000000C
0454C4D8 . 47 61 6D 65 4>ascii "GameFileName",0
0454C4E5 00 db 00
0454C4E6 00 db 00
0454C4E7 00 db 00
0454C4E8 . 8B80 24030000 mov eax, dword ptr [eax+324]
0454C4EE . E8 2DF1FFFF call 0454B620
0454C4F3 . C3 retn
0454C4F4 . A1 4C0D5504 mov eax, dword ptr [4550D4C]
0454C4F9 . E8 427EFDFF call 04524340
0454C4FE . C3 retn
0454C4FF 90 nop
0454C500 /. 55 push ebp
0454C501 |. 8BEC mov ebp, esp
0454C503 |. 81C4 FCFEFFFF add esp, -104
0454C509 |. 53 push ebx
0454C50A |. 33C9 xor ecx, ecx
0454C50C |. 898D FCFEFFFF mov dword ptr [ebp-104], ecx
0454C512 |. 8BD8 mov ebx, eax
0454C514 |. 33C0 xor eax, eax
0454C516 |. 55 push ebp
0454C517 |. 68 A0C55404 push 0454C5A0
0454C51C |. 64:FF30 push dword ptr fs:[eax]
0454C51F |. 64:8920 mov dword ptr fs:[eax], esp
0454C522 |. 6A 00 push 0
0454C524 |. 8BC3 mov eax, ebx
0454C526 |. E8 3D1FFCFF call 0450E468
0454C52B |. 50 push eax ; |hWnd
0454C52C |. E8 77A7F7FF call <jmp.&user32.#363> ; \GetWindow
0454C531 |. 8BD8 mov ebx, eax
0454C533 |. 85DB test ebx, ebx
0454C535 |. 74 50 je short 0454C587
0454C537 |> 68 FF000000 /push 0FF ; /Count = FF (255.)
0454C53C |. 8D85 01FFFFFF |lea eax, dword ptr [ebp-FF] ; |
0454C542 |. 50 |push eax ; |Buffer
0454C543 |. 53 |push ebx ; |hWnd
0454C544 |. E8 87A7F7FF |call <jmp.&user32.#376> ; \GetWindowTextA
0454C549 |. 8D85 FCFEFFFF |lea eax, dword ptr [ebp-104]
0454C54F |. 8D95 01FFFFFF |lea edx, dword ptr [ebp-FF]
0454C555 |. B9 FF000000 |mov ecx, 0FF
0454C55A |. E8 497EF7FF |call 044C43A8
0454C55F |. 8B85 FCFEFFFF |mov eax, dword ptr [ebp-104]
0454C565 |. BA B4C55404 |mov edx, 0454C5B4 ; ASCII "Element Client"
0454C56A |. E8 D57FF7FF |call 044C4544
0454C56F |. 75 08 |jnz short 0454C579
0454C571 |. 6A 00 |push 0 ; /ShowState = SW_HIDE
0454C573 |. 53 |push ebx ; |hWnd
0454C574 |. E8 87A9F7FF |call <jmp.&user32.#659> ; \ShowWindow
0454C579 |> 6A 02 |push 2 ; /Relation = GW_HWNDNEXT
0454C57B |. 53 |push ebx ; |hWnd
0454C57C |. E8 27A7F7FF |call <jmp.&user32.#363> ; \GetWindow
0454C581 |. 8BD8 |mov ebx, eax
0454C583 |. 85DB |test ebx, ebx
0454C585 |.^ 75 B0 \jnz short 0454C537
0454C587 |> 33C0 xor eax, eax
0454C589 |. 5A pop edx
0454C58A |. 59 pop ecx
0454C58B |. 59 pop ecx
0454C58C |. 64:8910 mov dword ptr fs:[eax], edx
0454C58F |. 68 A7C55404 push 0454C5A7
0454C594 |> 8D85 FCFEFFFF lea eax, dword ptr [ebp-104]
0454C59A |. E8 997BF7FF call 044C4138
0454C59F \. C3 retn
0454C5A0 .^ E9 9775F7FF jmp 044C3B3C
0454C5A5 .^ EB ED jmp short 0454C594
0454C5A7 . 5B pop ebx
0454C5A8 . 8BE5 mov esp, ebp
0454C5AA . 5D pop ebp
0454C5AB . C3 retn
0454C5AC . FFFFFFFF dd FFFFFFFF
0454C5B0 . 0E000000 dd 0000000E
0454C5B4 . 45 6C 65 6D 6>ascii "Element Client",0
0454C5C3 00 db 00
0454C5C4 /. 55 push ebp
0454C5C5 |. 8BEC mov ebp, esp
0454C5C7 |. 81C4 FCFEFFFF add esp, -104
0454C5CD |. 53 push ebx
0454C5CE |. 33C9 xor ecx, ecx
0454C5D0 |. 898D FCFEFFFF mov dword ptr [ebp-104], ecx
0454C5D6 |. 8BD8 mov ebx, eax
0454C5D8 |. 33C0 xor eax, eax
0454C5DA |. 55 push ebp
0454C5DB |. 68 64C65404 push 0454C664
0454C5E0 |. 64:FF30 push dword ptr fs:[eax]
0454C5E3 |. 64:8920 mov dword ptr fs:[eax], esp
0454C5E6 |. 6A 00 push 0
0454C5E8 |. 8BC3 mov eax, ebx
0454C5EA |. E8 791EFCFF call 0450E468
0454C5EF |. 50 push eax ; |hWnd
0454C5F0 |. E8 B3A6F7FF call <jmp.&user32.#363> ; \GetWindow
0454C5F5 |. 8BD8 mov ebx, eax
0454C5F7 |. 85DB test ebx, ebx
0454C5F9 |. 74 50 je short 0454C64B
0454C5FB |> 68 FF000000 /push 0FF ; /Count = FF (255.)
0454C600 |. 8D85 01FFFFFF |lea eax, dword ptr [ebp-FF] ; |
0454C606 |. 50 |push eax ; |Buffer
0454C607 |. 53 |push ebx ; |hWnd
0454C608 |. E8 C3A6F7FF |call <jmp.&user32.#376> ; \GetWindowTextA
0454C60D |. 8D85 FCFEFFFF |lea eax, dword ptr [ebp-104]
0454C613 |. 8D95 01FFFFFF |lea edx, dword ptr [ebp-FF]
0454C619 |. B9 FF000000 |mov ecx, 0FF
0454C61E |. E8 857DF7FF |call 044C43A8
0454C623 |. 8B85 FCFEFFFF |mov eax, dword ptr [ebp-104]
0454C629 |. BA 78C65404 |mov edx, 0454C678 ; ASCII "Element Client"
0454C62E |. E8 117FF7FF |call 044C4544
0454C633 |. 75 08 |jnz short 0454C63D
0454C635 |. 6A 05 |push 5 ; /ShowState = SW_SHOW
0454C637 |. 53 |push ebx ; |hWnd
0454C638 |. E8 C3A8F7FF |call <jmp.&user32.#659> ; \ShowWindow
0454C63D |> 6A 02 |push 2 ; /Relation = GW_HWNDNEXT
0454C63F |. 53 |push ebx ; |hWnd
0454C640 |. E8 63A6F7FF |call <jmp.&user32.#363> ; \GetWindow
0454C645 |. 8BD8 |mov ebx, eax
0454C647 |. 85DB |test ebx, ebx
0454C649 |.^ 75 B0 \jnz short 0454C5FB
0454C64B |> 33C0 xor eax, eax
0454C64D |. 5A pop edx
0454C64E |. 59 pop ecx
0454C64F |. 59 pop ecx
0454C650 |. 64:8910 mov dword ptr fs:[eax], edx
0454C653 |. 68 6BC65404 push 0454C66B
0454C658 |> 8D85 FCFEFFFF lea eax, dword ptr [ebp-104]
0454C65E |. E8 D57AF7FF call 044C4138
0454C663 \. C3 retn
0454C664 .^ E9 D374F7FF jmp 044C3B3C
0454C669 .^ EB ED jmp short 0454C658
0454C66B . 5B pop ebx
0454C66C . 8BE5 mov esp, ebp
0454C66E . 5D pop ebp
0454C66F . C3 retn
0454C670 . FFFFFFFF dd FFFFFFFF
0454C674 . 0E000000 dd 0000000E
0454C678 . 45 6C 65 6D 6>ascii "Element Client",0
0454C687 00 db 00
0454C688 . 55 push ebp
0454C689 . 8BEC mov ebp, esp
0454C68B . 33C0 xor eax, eax
0454C68D . 55 push ebp
0454C68E . 68 CDC65404 push 0454C6CD
0454C693 . 64:FF30 push dword ptr fs:[eax]
0454C696 . 64:8920 mov dword ptr fs:[eax], esp
0454C699 . FF05 C00D5504 inc dword ptr [4550DC0]
0454C69F . 75 1E jnz short 0454C6BF
0454C6A1 . B8 BC0D5504 mov eax, 04550DBC
0454C6A6 . E8 8D7AF7FF call 044C4138
0454C6AB . B8 B80D5504 mov eax, 04550DB8
0454C6B0 . E8 837AF7FF call 044C4138
0454C6B5 . B8 600D5504 mov eax, 04550D60
0454C6BA . E8 797AF7FF call 044C4138
0454C6BF > 33C0 xor eax, eax
0454C6C1 . 5A pop edx
0454C6C2 . 59 pop ecx
0454C6C3 . 59 pop ecx
0454C6C4 . 64:8910 mov dword ptr fs:[eax], edx
0454C6C7 . 68 D4C65404 push 0454C6D4
0454C6CC > C3 retn ; RET 用作跳转到 0454C6D4
0454C6CD .^ E9 6A74F7FF jmp 044C3B3C
0454C6D2 .^ EB F8 jmp short 0454C6CC
0454C6D4 > 5D pop ebp
0454C6D5 . C3 retn
0454C6D6 8BC0 mov eax, eax
0454C6D8 . 832D C00D5504>sub dword ptr [4550DC0], 1
0454C6DF . C3 retn
0454C6E0 . 55 push ebp
0454C6E1 . 8BEC mov ebp, esp
0454C6E3 . 33C0 xor eax, eax
0454C6E5 . 55 push ebp
0454C6E6 . 68 FFC65404 push 0454C6FF
0454C6EB . 64:FF30 push dword ptr fs:[eax]
0454C6EE . 64:8920 mov dword ptr fs:[eax], esp
0454C6F1 . 33C0 xor eax, eax
0454C6F3 . 5A pop edx
0454C6F4 . 59 pop ecx
0454C6F5 . 59 pop ecx
0454C6F6 . 64:8910 mov dword ptr fs:[eax], edx
0454C6F9 . 68 06C75404 push 0454C706
0454C6FE > C3 retn ; RET 用作跳转到 0454C706
0454C6FF .^ E9 3874F7FF jmp 044C3B3C
0454C704 .^ EB F8 jmp short 0454C6FE
0454C706 > 5D pop ebp
0454C707 . C3 retn
0454C708 6A db 6A ; CHAR 'j'
0454C709 00 db 00
0454C70A 00 db 00
0454C70B 00 db 00
0454C70C 10C75404 dd 001.0454C710
0454C710 74634C04 dd 001.044C6374
0454C714 44634C04 dd 001.044C6344
0454C718 68614C04 dd 001.044C6168
0454C71C 14614C04 dd 001.044C6114
0454C720 EC634C04 dd 001.044C63EC
0454C724 BC634C04 dd 001.044C63BC
0454C728 FC714C04 dd 001.044C71FC
0454C72C CC714C04 dd 001.044C71CC
0454C730 34724C04 dd 001.044C7234
0454C734 04724C04 dd 001.044C7204
0454C738 C07E4D04 dd 001.044D7EC0
0454C73C 907E4D04 dd 001.044D7E90
0454C740 84754C04 dd 001.044C7584
0454C744 54754C04 dd 001.044C7554
0454C748 4CDE4C04 dd 001.044CDE4C
0454C74C CCDC4C04 dd 001.044CDCCC
0454C750 E0E64C04 dd 001.044CE6E0
0454C754 B0E64C04 dd 001.044CE6B0
0454C758 24604D04 dd 001.044D6024
0454C75C AC5F4D04 dd 001.044D5FAC
0454C760 20624D04 dd 001.044D6220
0454C764 F0614D04 dd 001.044D61F0
0454C768 887B4D04 dd 001.044D7B88
0454C76C 387B4D04 dd 001.044D7B38
0454C770 FC1F4E04 dd 001.044E1FFC
0454C774 4C1F4E04 dd 001.044E1F4C
0454C778 64BB4E04 dd 001.044EBB64
0454C77C 34BB4E04 dd 001.044EBB34
0454C780 C8C04E04 dd 001.044EC0C8
0454C784 98C04E04 dd 001.044EC098
0454C788 18DA4E04 dd 001.044EDA18
0454C78C D8D94E04 dd 001.044ED9D8
0454C790 E0C94E04 dd 001.044EC9E0
0454C794 B0C94E04 dd 001.044EC9B0
0454C798 60C24E04 dd 001.044EC260
0454C79C 30C24E04 dd 001.044EC230
0454C7A0 60234E04 dd 001.044E2360
0454C7A4 30234E04 dd 001.044E2330
0454C7A8 28BA4E04 dd 001.044EBA28
0454C7AC 54B94E04 dd 001.044EB954
0454C7B0 38625104 dd 001.04516238
0454C7B4 08625104 dd 001.04516208
0454C7B8 20CA4E04 dd 001.044ECA20
0454C7BC F0C94E04 dd 001.044EC9F0
0454C7C0 9CC85104 dd 001.0451C89C
0454C7C4 2CC85104 dd 001.0451C82C
0454C7C8 58DF4E04 dd 001.044EDF58
0454C7CC 28DF4E04 dd 001.044EDF28
0454C7D0 00E94E04 dd 001.044EE900
0454C7D4 ACE84E04 dd 001.044EE8AC
0454C7D8 08F54E04 dd 001.044EF508
0454C7DC D8F44E04 dd 001.044EF4D8
0454C7E0 D0F44E04 dd 001.044EF4D0
0454C7E4 A0F44E04 dd 001.044EF4A0
0454C7E8 98F44E04 dd 001.044EF498
0454C7EC 68F44E04 dd 001.044EF468
0454C7F0 60F44E04 dd 001.044EF460
0454C7F4 30F44E04 dd 001.044EF430
0454C7F8 74F54E04 dd 001.044EF574
0454C7FC 44F54E04 dd 001.044EF544
0454C800 0C504F04 dd 001.044F500C
0454C804 DC4F4F04 dd 001.044F4FDC
0454C808 64175004 dd 001.04501764
0454C80C 34175004 dd 001.04501734
0454C810 50DA4E04 dd 001.044EDA50
0454C814 20DA4E04 dd 001.044EDA20
0454C818 94DA4E04 dd 001.044EDA94
0454C81C 58DA4E04 dd 001.044EDA58
0454C820 B4F54E04 dd 001.044EF5B4
0454C824 84F54E04 dd 001.044EF584
0454C828 ECF54E04 dd 001.044EF5EC
0454C82C BCF54E04 dd 001.044EF5BC
0454C830 D8184F04 dd 001.044F18D8
0454C834 7C184F04 dd 001.044F187C
0454C838 28444F04 dd 001.044F4428
0454C83C E0434F04 dd 001.044F43E0
0454C840 20F44E04 dd 001.044EF420
0454C844 F0F34E04 dd 001.044EF3F0
0454C848 4CE94E04 dd 001.044EE94C
0454C84C 1CE94E04 dd 001.044EE91C
0454C850 48474F04 dd 001.044F4748
0454C854 00474F04 dd 001.044F4700
0454C858 104F4F04 dd 001.044F4F10
0454C85C C84E4F04 dd 001.044F4EC8
0454C860 88464F04 dd 001.044F4688
0454C864 50464F04 dd 001.044F4650
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
