能力值:
( LV3,RANK:20 )
|
-
-
2 楼
搞了半天原来是e语言...用了ece反汇编,,实在不知道下一步该干什么了,我是菜鸟,请高手指点一下,
;============== E-Code Explorer 反汇编分析报告 ==============
;当前分析文件:P:\soft\复件 分析家.exe
;================= Func_00001 BEGIN =================
::00409D8F:: 55 PUSH EBP
::00409D90:: 8BEC MOV EBP,ESP
::00409D92:: 68 01000100 PUSH 10001
::00409D97:: 68 00000106 PUSH 6010000 ;窗口1(窗口)
::00409D9C:: 68 01000152 PUSH 52010001 ;窗体单元1(父窗体)
::00409DA1:: 68 01000000 PUSH 1
::00409DA6:: BB 60030000 MOV EBX,360 ;销毁(系统核心支持库)
::00409DAB:: E8 B6020000 CALL 0040A066 ;调用核心支持库命令(调用3号服务)
::00409DB0:: 83C4 10 ADD ESP,10
::00409DB3:: 8BE5 MOV ESP,EBP
::00409DB5:: 5D POP EBP
::00409DB6:: C3 RETN
;================= Func_00001 END ===================
;================= Func_00002 BEGIN =================
::00409DB7:: 55 PUSH EBP
::00409DB8:: 8BEC MOV EBP,ESP
::00409DBA:: 68 02000080 PUSH 80000002 ;逻辑型(基本数据类型)
::00409DBF:: 6A 00 PUSH 0
::00409DC1:: 68 01000000 PUSH 1
::00409DC6:: 6A 00 PUSH 0
::00409DC8:: 6A 00 PUSH 0
::00409DCA:: 6A 00 PUSH 0
::00409DCC:: 68 01000100 PUSH 10001
::00409DD1:: 68 07000106 PUSH 6010007 ;窗口2(窗口)
::00409DD6:: 68 08000152 PUSH 52010008 ;窗体单元2(父窗体)
::00409DDB:: 68 03000000 PUSH 3
::00409DE0:: BB 20030000 MOV EBX,320 ;载入(系统核心支持库)
::00409DE5:: E8 7C020000 CALL 0040A066 ;调用核心支持库命令(调用3号服务)
::00409DEA:: 83C4 28 ADD ESP,28
::00409DED:: 8BE5 MOV ESP,EBP
::00409DEF:: 5D POP EBP
::00409DF0:: C3 RETN
;================= Func_00002 END ===================
;================= Func_00003 BEGIN =================
::00409DF1:: 55 PUSH EBP
::00409DF2:: 8BEC MOV EBP,ESP
::00409DF4:: 8BE5 MOV ESP,EBP
::00409DF6:: 5D POP EBP
::00409DF7:: C3 RETN
;================= Func_00003 END ===================
;================= Func_00004 BEGIN =================
::00409DF8:: 55 PUSH EBP
::00409DF9:: 8BEC MOV EBP,ESP
::00409DFB:: 81EC 04000000 SUB ESP,4
::00409E01:: 68 1F000100 PUSH 1001F
::00409E06:: 68 13000116 PUSH 16010013 ;通用对话框1(通用对话框)
::00409E0B:: 68 01000152 PUSH 52010001 ;窗体单元1(父窗体)
::00409E10:: 68 01000000 PUSH 1
::00409E15:: BB A4030000 MOV EBX,3A4 ;打开(系统核心支持库)
::00409E1A:: E8 47020000 CALL 0040A066 ;调用核心支持库命令(调用3号服务)
::00409E1F:: 83C4 10 ADD ESP,10
::00409E22:: 6A FF PUSH -1
::00409E24:: 6A 0A PUSH A ;文件名(“通用对话框1”的属性)
::00409E26:: 68 13000116 PUSH 16010013 ;通用对话框1(通用对话框)
::00409E2B:: 68 01000152 PUSH 52010001 ;窗体单元1(父窗体)
::00409E30:: E8 43020000 CALL 0040A078 ;取窗体对象属性(调用4号服务)
::00409E35:: 83C4 10 ADD ESP,10
::00409E38:: 8945 FC MOV [EBP-4],EAX
::00409E3B:: 6A 00 PUSH 0
::00409E3D:: FF75 FC PUSH DWORD PTR [EBP-4]
::00409E40:: 6A FF PUSH -1
::00409E42:: 6A 08 PUSH 8 ;内容(“编辑框1”的属性)
::00409E44:: 68 02000116 PUSH 16010002 ;编辑框1(编辑框)
::00409E49:: 68 01000152 PUSH 52010001 ;窗体单元1(父窗体)
::00409E4E:: E8 19020000 CALL 0040A06C ;修改窗体对象属性(调用5号服务)
::00409E53:: 83C4 18 ADD ESP,18
::00409E56:: 8B5D FC MOV EBX,[EBP-4]
::00409E59:: 85DB TEST EBX,EBX
::00409E5B:: 74 09 JE SHORT 00409E66
::00409E5D:: 53 PUSH EBX
::00409E5E:: E8 0F020000 CALL 0040A072 ;销毁从堆上分配到的内存(调用8号服务)
::00409E63:: 83C4 04 ADD ESP,4
::00409E66:: 8BE5 MOV ESP,EBP
::00409E68:: 5D POP EBP
::00409E69:: C3 RETN
;================= Func_00004 END ===================
;================= Func_00005 BEGIN =================
::00409E6A:: 8B5424 04 MOV EDX,[ESP+4]
::00409E6E:: 8B4C24 08 MOV ECX,[ESP+8]
::00409E72:: 85D2 TEST EDX,EDX
::00409E74:: 75 0D JNZ SHORT 00409E83
::00409E76:: 33C0 XOR EAX,EAX
::00409E78:: 85C9 TEST ECX,ECX
::00409E7A:: 74 06 JE SHORT 00409E82
::00409E7C:: 8039 00 CMP BYTE PTR [ECX],0
::00409E7F:: 74 01 JE SHORT 00409E82
::00409E81:: 48 DEC EAX
::00409E82:: C3 RETN
;================= Func_00005 END ===================
;================= Func_00006 BEGIN =================
::00409E83:: 85C9 TEST ECX,ECX
::00409E85:: 75 09 JNZ SHORT 00409E90
::00409E87:: 33C0 XOR EAX,EAX
::00409E89:: 803A 00 CMP BYTE PTR [EDX],0
::00409E8C:: 74 01 JE SHORT 00409E8F
::00409E8E:: 40 INC EAX
::00409E8F:: C3 RETN
;================= Func_00006 END ===================
;================= Func_00007 BEGIN =================
::00409E90:: F7C2 03000000 TEST EDX,3
::00409E96:: 75 37 JNZ SHORT 00409ECF
::00409E98:: 8B02 MOV EAX,[EDX]
::00409E9A:: 3A01 CMP AL,[ECX]
::00409E9C:: 75 2B JNZ SHORT 00409EC9
::00409E9E:: 0AC0 OR AL,AL
::00409EA0:: 74 24 JE SHORT 00409EC6
::00409EA2:: 3A61 01 CMP AH,[ECX+1]
::00409EA5:: 75 22 JNZ SHORT 00409EC9
::00409EA7:: 0AE4 OR AH,AH
::00409EA9:: 74 1B JE SHORT 00409EC6
::00409EAB:: C1E8 10 SHR EAX,10
::00409EAE:: 3A41 02 CMP AL,[ECX+2]
::00409EB1:: 75 16 JNZ SHORT 00409EC9
::00409EB3:: 0AC0 OR AL,AL
::00409EB5:: 74 0F JE SHORT 00409EC6
::00409EB7:: 3A61 03 CMP AH,[ECX+3]
::00409EBA:: 75 0D JNZ SHORT 00409EC9
::00409EBC:: 83C1 04 ADD ECX,4
::00409EBF:: 83C2 04 ADD EDX,4
::00409EC2:: 0AE4 OR AH,AH
::00409EC4:: 75 D2 JNZ SHORT 00409E98
::00409EC6:: 33C0 XOR EAX,EAX
::00409EC8:: C3 RETN
;================= Func_00007 END ===================
;================= Func_00008 BEGIN =================
::00409EC9:: 1BC0 SBB EAX,EAX
::00409ECB:: D1E0 SHL EAX,1
::00409ECD:: 40 INC EAX
::00409ECE:: C3 RETN
;================= Func_00008 END ===================
;================= Func_00009 BEGIN =================
::00409ECF:: F7C2 01000000 TEST EDX,1
::00409ED5:: 74 14 JE SHORT 00409EEB
::00409ED7:: 8A02 MOV AL,[EDX]
::00409ED9:: 42 INC EDX
::00409EDA:: 3A01 CMP AL,[ECX]
::00409EDC:: 75 EB JNZ SHORT 00409EC9
::00409EDE:: 41 INC ECX
::00409EDF:: 0AC0 OR AL,AL
::00409EE1:: 74 E3 JE SHORT 00409EC6
::00409EE3:: F7C2 02000000 TEST EDX,2
::00409EE9:: 74 AD JE SHORT 00409E98
::00409EEB:: 66:8B02 MOV AX,[EDX]
::00409EEE:: 83C2 02 ADD EDX,2
::00409EF1:: 3A01 CMP AL,[ECX]
::00409EF3:: 75 D4 JNZ SHORT 00409EC9
::00409EF5:: 0AC0 OR AL,AL
::00409EF7:: 74 CD JE SHORT 00409EC6
::00409EF9:: 3A61 01 CMP AH,[ECX+1]
::00409EFC:: 75 CB JNZ SHORT 00409EC9
::00409EFE:: 0AE4 OR AH,AH
::00409F00:: 74 C4 JE SHORT 00409EC6
::00409F02:: 83C1 02 ADD ECX,2
::00409F05:: EB 91 JMP SHORT 00409E98
::00409F07:: 55 PUSH EBP
::00409F08:: 8BEC MOV EBP,ESP
::00409F0A:: 81EC 08000000 SUB ESP,8
::00409F10:: 6A FF PUSH -1
::00409F12:: 6A 08 PUSH 8 ;内容(“编辑框1”的属性)
::00409F14:: 68 0B000116 PUSH 1601000B ;编辑框1(编辑框)
::00409F19:: 68 08000152 PUSH 52010008 ;窗体单元2(父窗体)
::00409F1E:: E8 55010000 CALL 0040A078 ;取窗体对象属性(调用4号服务)
::00409F23:: 83C4 10 ADD ESP,10
::00409F26:: 8945 FC MOV [EBP-4],EAX
::00409F29:: 68 CB904000 PUSH 4090CB ;CC0DCBB6CA3FE95A079049F4A319E1407AEB8C7B96DFFEF74FD9D15222ACE2B13F7C58EC525AF3A47E3414A9096FCA1743919C4BCD8CB92DC860ACDAD2B819059CB83969F96BD2BA194114(常量)
::00409F2E:: FF75 FC PUSH DWORD PTR [EBP-4]
::00409F31:: E8 34 CALL 00409E6A
::00409F36:: 83C4 08 ADD ESP,8
::00409F39:: 83F8 00 CMP EAX,0
::00409F3C:: B8 00000000 MOV EAX,0
::00409F41:: 0F94C0 SETE AL
::00409F44:: 8945 F8 MOV [EBP-8],EAX
::00409F47:: 8B5D FC MOV EBX,[EBP-4]
::00409F4A:: 85DB TEST EBX,EBX
::00409F4C:: 74 09 JE SHORT 00409F57
::00409F4E:: 53 PUSH EBX
::00409F4F:: E8 1E010000 CALL 0040A072 ;销毁从堆上分配到的内存(调用8号服务)
::00409F54:: 83C4 04 ADD ESP,4
::00409F57:: 837D F8 00 CMP DWORD PTR [EBP-8],0
::00409F5B:: 0F84 35000000 JE 00409F96
::00409F61:: 6A 00 PUSH 0
::00409F63:: 6A 00 PUSH 0
::00409F65:: 6A 00 PUSH 0
::00409F67:: 68 01030080 PUSH 80000301 ;整数型(基本数据类型)
::00409F6C:: 6A 00 PUSH 0
::00409F6E:: 68 00000000 PUSH 0
::00409F73:: 68 04000080 PUSH 80000004 ;文本型(基本数据类型)
::00409F78:: 6A 00 PUSH 0
::00409F7A:: 68 87914000 PUSH 409187 ;注册成功!(常量)
::00409F7F:: 68 03000000 PUSH 3
::00409F84:: BB 00030000 MOV EBX,300 ;信息框(系统核心支持库)
::00409F89:: E8 D8000000 CALL 0040A066 ;调用核心支持库命令(调用3号服务)
::00409F8E:: 83C4 28 ADD ESP,28
::00409F91:: E9 30000000 JMP 00409FC6
::00409F96:: 6A 00 PUSH 0
::00409F98:: 6A 00 PUSH 0
::00409F9A:: 6A 00 PUSH 0
::00409F9C:: 68 01030080 PUSH 80000301 ;整数型(基本数据类型)
::00409FA1:: 6A 00 PUSH 0
::00409FA3:: 68 00000000 PUSH 0
::00409FA8:: 68 04000080 PUSH 80000004 ;文本型(基本数据类型)
::00409FAD:: 6A 00 PUSH 0
::00409FAF:: 68 92914000 PUSH 409192 ;注册失败!(常量)
::00409FB4:: 68 03000000 PUSH 3
::00409FB9:: BB 00030000 MOV EBX,300 ;信息框(系统核心支持库)
::00409FBE:: E8 A3000000 CALL 0040A066 ;调用核心支持库命令(调用3号服务)
::00409FC3:: 83C4 28 ADD ESP,28
::00409FC6:: 8BE5 MOV ESP,EBP
::00409FC8:: 5D POP EBP
::00409FC9:: C3 RETN
;================= Func_00009 END ===================
;================= Func_00010 BEGIN =================
::00409FCA:: 55 PUSH EBP
::00409FCB:: 8BEC MOV EBP,ESP
::00409FCD:: 6A 00 PUSH 0
::00409FCF:: 68 9D914000 PUSH 40919D ;公式名称:未注册版本不能读取公式!(常量)
::00409FD4:: 6A FF PUSH -1
::00409FD6:: 6A 08 PUSH 8 ;内容(“编辑框2”的属性)
::00409FD8:: 68 03000116 PUSH 16010003 ;编辑框2(编辑框)
::00409FDD:: 68 01000152 PUSH 52010001 ;窗体单元1(父窗体)
::00409FE2:: E8 85000000 CALL 0040A06C ;修改窗体对象属性(调用5号服务)
::00409FE7:: 83C4 18 ADD ESP,18
::00409FEA:: 8BE5 MOV ESP,EBP
::00409FEC:: 5D POP EBP
::00409FED:: C3 RETN
;================= Func_00010 END ===================
;================= Func_00011 BEGIN =================
::00409FEE:: 55 PUSH EBP
::00409FEF:: 8BEC MOV EBP,ESP
::00409FF1:: 68 01000100 PUSH 10001
::00409FF6:: 68 07000106 PUSH 6010007 ;窗口2(窗口)
::00409FFB:: 68 08000152 PUSH 52010008 ;窗体单元2(父窗体)
::0040A000:: 68 01000000 PUSH 1
::0040A005:: BB 60030000 MOV EBX,360 ;销毁(系统核心支持库)
::0040A00A:: E8 57000000 CALL 0040A066 ;调用核心支持库命令(调用3号服务)
::0040A00F:: 83C4 10 ADD ESP,10
::0040A012:: 8BE5 MOV ESP,EBP
::0040A014:: 5D POP EBP
::0040A015:: C3 RETN
;================= Func_00011 END ===================
;================= Func_00012 BEGIN =================
::0040A016:: C3 RETN
;================= Func_00012 END ===================
;================= Func_00013 BEGIN =================
::0040A017:: C3 RETN
;================= Func_00013 END ===================
;================= Func_00014 BEGIN =================
::0040A018:: FC CLD
::0040A019:: DBE3 FINIT
::0040A01B:: E8 F6 CALL 0040A016
::0040A020:: 68 17A04000 PUSH 40A017
::0040A025:: B8 03000000 MOV EAX,3
::0040A02A:: E8 31000000 CALL 0040A060 ;调用12号服务
::0040A02F:: 83C4 04 ADD ESP,4
::0040A032:: 68 01000152 PUSH 52010001 ;窗体单元1(父窗体)
::0040A037:: E8 1E000000 CALL 0040A05A ;创建窗口(调用11号服务)
::0040A03C:: 83C4 04 ADD ESP,4
::0040A03F:: 6A 00 PUSH 0
::0040A041:: E8 0E000000 CALL 0040A054 ;进入窗口消息循环(调用10号服务)
::0040A046:: E8 03000000 CALL 0040A04E ;结束当前程序进程(调用9号服务)
::0040A04B:: 83C4 04 ADD ESP,4
::0040A04E:: FF25 139D4000 JMP [409D13]
::0040A054:: FF25 179D4000 JMP [409D17]
::0040A05A:: FF25 1B9D4000 JMP [409D1B]
::0040A060:: FF25 1F9D4000 JMP [409D1F]
::0040A066:: FF25 FB9C4000 JMP [409CFB]
::0040A06C:: FF25 039D4000 JMP [409D03]
::0040A072:: FF25 0F9D4000 JMP [409D0F]
::0040A078:: FF25 FF9C4000 JMP [409CFF]
::0040A07E:: 3800 CMP [EAX],AL
::0040A080:: 0000 ADD [EAX],AL
::0040A082:: B6 10 MOV DH,10
::0040A084:: 0000 ADD [EAX],AL
::0040A086:: 1300 ADC EAX,[EAX]
::0040A088:: 0000 ADD [EAX],AL
::0040A08A:: 40 INC EAX
::0040A08B:: 76 61 JBE SHORT 0040A0EE
::0040A08D:: 72 00 JB SHORT 0040A08F
::0040A08F:: 0000 ADD [EAX],AL
::0040A091:: 0000 ADD [EAX],AL
::0040A093:: 0000 ADD [EAX],AL
::0040A095:: 0000 ADD [EAX],AL
::0040A097:: 0000 ADD [EAX],AL
::0040A099:: 0000 ADD [EAX],AL
::0040A09B:: 0000 ADD [EAX],AL
::0040A09D:: 0000 ADD [EAX],AL
::0040A09F:: 0000 ADD [EAX],AL
::0040A0A1:: 0000 ADD [EAX],AL
::0040A0A3:: 0000 ADD [EAX],AL
::0040A0A5:: 0000 ADD [EAX],AL
::0040A0A7:: 0000 ADD [EAX],AL
::0040A0A9:: 00FF ADD BH,BH
;================= Func_00014 END ===================
请教00409FCF:: 68 9D914000 PUSH 40919D 是从哪里来的,怎么办?用od还是ece..如何做?请指点得详细一些,谢谢
|
