-
-
[原创]迷迷糊糊中就破了
-
2007-12-14 17:04
-
【文章标题】: 迷迷糊糊中就破了
【文章作者】: Leesan
【作者邮箱】: Leesan8866@yahoo.com.cn
【作者QQ号】: 195637816
【下载地址】: 自己搜索下载
【保护方式】: 加壳 重启验证
【编写语言】: Borland Delphi 6.0 - 7.0
【操作平台】: xp2
【软件介绍】: 视频格式 修复软件
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
我是菜鸟,里面诸多不明,望大侠们指教......
先运行一下软件,30天试用,重启验证的
peid查壳为 UltraProtect 1.x -> RISCO Software Inc.
轻松的脱掉
脱掉后,试用期变成还剩1天,??? 管它那....
OD载入,找找字符串,收获甚多
/key.dat (key文件)
\software\fixvideo\videofixer\(注册表)
谢谢注册,请重新启动程序!
试用期已过,如果想继续使用请注册。
等等...
那注册后的东东肯定保留在key.dat和 注册表 里面喽
随便注册一下,没有发现有key.dat文件和 注册表的改变??
在命令栏下以上两个的断点
注册后,直接跑到 “谢谢注册,请重新启动程序!”
并没有断下 换个思路
谢谢注册,请重新启动程序!地址F2下断 总能断下来吧
输入
Leesan
asdf
注册一下
004DC29A . E8 8566F2FF call videofix.00402924
004DC29F . 8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC]
004DC2A5 . E8 FE6DF2FF call videofix.004030A8
004DC2AA . E8 7566F2FF call videofix.00402924
004DC2AF > B2 01 mov dl,1
004DC2B1 . A1 E0D14600 mov eax,dword ptr ds:[46D1E0]
004DC2B6 . E8 2510F9FF call videofix.0046D2E0
004DC2BB . 8BD8 mov ebx,eax
004DC2BD . BA 01000080 mov edx,80000001
004DC2C2 . 8BC3 mov eax,ebx
004DC2C4 . E8 B710F9FF call videofix.0046D380
004DC2C9 . B1 01 mov cl,1
004DC2CB . BA 18CE4D00 mov edx,videofix.004DCE18
004DC2D0 . 8BC3 mov eax,ebx
004DC2D2 . E8 0D11F9FF call videofix.0046D3E4
004DC2D7 . 84C0 test al,al
004DC2D9 . 74 16 je short videofix.004DC2F1
004DC2DB . 8B4D FC mov ecx,dword ptr ss:[ebp-4]
004DC2DE . BA 40CE4D00 mov edx,videofix.004DCE40 ; username
004DC2E3 . 8BC3 mov eax,ebx
004DC2E5 . E8 C613F9FF call videofix.0046D6B0
004DC2EA . 8BC3 mov eax,ebx
004DC2EC . E8 5F10F9FF call videofix.0046D350
004DC2F1 > 8D95 48FEFFFF lea edx,dword ptr ss:[ebp-1B8]
004DC2F7 . 8B87 04030000 mov eax,dword ptr ds:[edi+304]
004DC2FD . E8 E2A1F6FF call videofix.004464E4
004DC302 . 83BD 48FEFFFF 00 cmp dword ptr ss:[ebp-1B8],0
004DC309 74 46 je short videofix.004DC351
004DC30B . 8D95 44FEFFFF lea edx,dword ptr ss:[ebp-1BC]
004DC311 . 8B87 00030000 mov eax,dword ptr ds:[edi+300]
004DC317 . E8 C8A1F6FF call videofix.004464E4
004DC31C . 83BD 44FEFFFF 00 cmp dword ptr ss:[ebp-1BC],0
004DC323 . 74 2C je short videofix.004DC351
004DC325 . A1 B8144F00 mov eax,dword ptr ds:[4F14B8]
004DC32A . 8B00 mov eax,dword ptr ds:[eax]
004DC32C . 8B80 90030000 mov eax,dword ptr ds:[eax+390]
004DC332 . 83C0 68 add eax,68
004DC335 . BA 54CE4D00 mov edx,videofix.004DCE54 ; 谢谢注册,请重新启动程序!
004DC33A . E8 0D88F2FF call videofix.00404B4C
004DC33F . A1 B8144F00 mov eax,dword ptr ds:[4F14B8]
004DC344 . 8B00 mov eax,dword ptr ds:[eax]
004DC346 . 8B80 90030000 mov eax,dword ptr ds:[eax+390]
004DC34C . 8B10 mov edx,dword ptr ds:[eax]
004DC34E . FF52 30 call dword ptr ds:[edx+30]
004DC351 > E9 39000000 jmp videofix.004DC38F
我们往上翻翻
004DC2F1 > 8D95 48FEFFFF lea edx,dword ptr ss:[ebp-1B8] ;Jumps from 004DB5DF, 004DB5EC, 004DB5F9, 004DB606, 004DB613, 004DB658, 004DB69D, 004DB6E2, 004DB727, 004DB76C, 004DC2D9
不去计算,跳到这里做什么??
我们找到第一个
004DB5DF . 0F85 0C0D0000 jnz videofix.004DC2F1 ;第一个
F2下断
重载
004DB5C5 . 50 push eax
004DB5C6 . 8D4D EC lea ecx,dword ptr ss:[ebp-14]
004DB5C9 . 8D55 E4 lea edx,dword ptr ss:[ebp-1C]
004DB5CC . 8B45 F4 mov eax,dword ptr ss:[ebp-C]
004DB5CF . E8 C0F5FFFF call videofix.004DAB94 ; (初始化 cpu 选择状态)
004DB5D4 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB5D7 . E8 D497F2FF call videofix.00404DB0
004DB5DC 83F8 1D cmp eax,1D
004DB5DF . 0F85 0C0D0000 jnz videofix.004DC2F1 ;第一个
004DB5E5 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB5E8 . 8078 05 2B cmp byte ptr ds:[eax+5],2B
004DB5EC 0F85 FF0C0000 jnz videofix.004DC2F1 ;2
004DB5F2 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB5F5 . 8078 0B 2B cmp byte ptr ds:[eax+B],2B
004DB5F9 0F85 F20C0000 jnz videofix.004DC2F1 ;3
004DB5FF . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB602 . 8078 11 2B cmp byte ptr ds:[eax+11],2B
004DB606 0F85 E50C0000 jnz videofix.004DC2F1 ;4
004DB60C . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB60F . 8078 17 2B cmp byte ptr ds:[eax+17],2B
004DB613 0F85 D80C0000 jnz videofix.004DC2F1 ;5
004DB619 . 33F6 xor esi,esi
004DB61B . BB 01000000 mov ebx,1
004DB620 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB623 . 8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB627 . E8 C8FBFFFF call videofix.004DB1F4
004DB62C . 84C0 test al,al
004DB62E . 74 12 je short videofix.004DB642
004DB630 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB633 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB638 . 03F0 add esi,eax
004DB63A . 83EE 41 sub esi,41
004DB63D . 83C6 0A add esi,0A
004DB640 . EB 0D jmp short videofix.004DB64F
004DB642 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB645 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB64A . 03F0 add esi,eax
004DB64C . 83EE 30 sub esi,30
004DB64F > 43 inc ebx
004DB650 . 83FB 06 cmp ebx,6
004DB653 .^ 75 CB jnz short videofix.004DB620
004DB655 . 83FE 23 cmp esi,23
004DB658 0F85 930C0000 jnz videofix.004DC2F1 ;6
004DB65E . 33F6 xor esi,esi
004DB660 . BB 07000000 mov ebx,7
004DB665 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB668 . 8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB66C . E8 83FBFFFF call videofix.004DB1F4
004DB671 . 84C0 test al,al
004DB673 . 74 12 je short videofix.004DB687
004DB675 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB678 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB67D . 03F0 add esi,eax
004DB67F . 83EE 41 sub esi,41
004DB682 . 83C6 0A add esi,0A
004DB685 . EB 0D jmp short videofix.004DB694
004DB687 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB68A . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB68F . 03F0 add esi,eax
004DB691 . 83EE 30 sub esi,30
004DB694 > 43 inc ebx
004DB695 . 83FB 0C cmp ebx,0C
004DB698 .^ 75 CB jnz short videofix.004DB665
004DB69A . 83FE 24 cmp esi,24
004DB69D 0F85 4E0C0000 jnz videofix.004DC2F1 ;7
004DB6A3 . 33F6 xor esi,esi
004DB6A5 . BB 0D000000 mov ebx,0D
004DB6AA > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6AD . 8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB6B1 . E8 3EFBFFFF call videofix.004DB1F4
004DB6B6 . 84C0 test al,al
004DB6B8 . 74 12 je short videofix.004DB6CC
004DB6BA . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6BD . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB6C2 . 03F0 add esi,eax
004DB6C4 . 83EE 41 sub esi,41
004DB6C7 . 83C6 0A add esi,0A
004DB6CA . EB 0D jmp short videofix.004DB6D9
004DB6CC > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6CF . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB6D4 . 03F0 add esi,eax
004DB6D6 . 83EE 30 sub esi,30
004DB6D9 > 43 inc ebx
004DB6DA . 83FB 12 cmp ebx,12
004DB6DD .^ 75 CB jnz short videofix.004DB6AA
004DB6DF . 83FE 25 cmp esi,25
004DB6E2 0F85 090C0000 jnz videofix.004DC2F1 ;8
004DB6E8 . 33F6 xor esi,esi
004DB6EA . BB 13000000 mov ebx,13
004DB6EF > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6F2 . 8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB6F6 . E8 F9FAFFFF call videofix.004DB1F4
004DB6FB . 84C0 test al,al
004DB6FD . 74 12 je short videofix.004DB711
004DB6FF . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB702 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB707 . 03F0 add esi,eax
004DB709 . 83EE 41 sub esi,41
004DB70C . 83C6 0A add esi,0A
004DB70F . EB 0D jmp short videofix.004DB71E
004DB711 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB714 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB719 . 03F0 add esi,eax
004DB71B . 83EE 30 sub esi,30
004DB71E > 43 inc ebx
004DB71F . 83FB 18 cmp ebx,18
004DB722 .^ 75 CB jnz short videofix.004DB6EF
004DB724 . 83FE 26 cmp esi,26
004DB727 0F85 C40B0000 jnz videofix.004DC2F1 ;9
004DB72D . 33F6 xor esi,esi
004DB72F . BB 19000000 mov ebx,19
004DB734 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB737 . 8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB73B . E8 B4FAFFFF call videofix.004DB1F4
004DB740 . 84C0 test al,al
004DB742 . 74 12 je short videofix.004DB756
004DB744 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB747 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB74C . 03F0 add esi,eax
004DB74E . 83EE 41 sub esi,41
004DB751 . 83C6 0A add esi,0A
004DB754 . EB 0D jmp short videofix.004DB763
004DB756 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB759 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB75E . 03F0 add esi,eax
004DB760 . 83EE 30 sub esi,30
004DB763 > 43 inc ebx
004DB764 . 83FB 1E cmp ebx,1E
004DB767 .^ 75 CB jnz short videofix.004DB734
004DB769 . 83FE 27 cmp esi,27
004DB76C 0F85 7F0B0000 jnz videofix.004DC2F1 ;10
004DB772 . 8D95 4CFEFFFF lea edx,dword ptr ss:[ebp-1B4]
004DB778 . 33C0 xor eax,eax
004DB77A . E8 D173F2FF call videofix.00402B50
004DB77F . 8B85 4CFEFFFF mov eax,dword ptr ss:[ebp-1B4]
004DB785 . 8D95 50FEFFFF lea edx,dword ptr ss:[ebp-1B0]
004DB78B . E8 DCE3F2FF call videofix.00409B6C
004DB790 . 8B95 50FEFFFF mov edx,dword ptr ss:[ebp-1B0]
004DB796 . 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004DB799 . B9 5CC44D00 mov ecx,videofix.004DC45C ; \key.dat
004DB79E . E8 5996F2FF call videofix.00404DFC
004DB7A3 . 8B55 F4 mov edx,dword ptr ss:[ebp-C]
004DB7A6 . 8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC]
004DB7AC . E8 5377F2FF call videofix.00402F04
004DB7B1 . BA 01000000 mov edx,1
004DB7B6 . 8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC]
004DB7BC . E8 DB7CF2FF call videofix.0040349C
004DB7C1 . E8 DE71F2FF call videofix.004029A4
004DB7C6 . 85C0 test eax,eax
004DB7C8 . 0F85 E10A0000 jnz videofix.004DC2AF
004DB7CE . FF75 A0 push dword ptr ss:[ebp-60]
全部改 jnz videofix.004DC2F 为je 004DC2F
看第5个后
有个比较
004DB613 0F85 D80C0000 jnz videofix.004DC2F1 ;5
004DB619 . 33F6 xor esi,esi
004DB61B . BB 01000000 mov ebx,1
004DB620 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB623 . 8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB627 . E8 C8FBFFFF call videofix.004DB1F4
004DB62C . 84C0 test al,al
004DB62E . 74 12 je short videofix.004DB642
004DB630 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB633 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB638 . 03F0 add esi,eax
004DB63A . 83EE 41 sub esi,41
004DB63D . 83C6 0A add esi,0A
004DB640 . EB 0D jmp short videofix.004DB64F
004DB642 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB645 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB64A . 03F0 add esi,eax
004DB64C . 83EE 30 sub esi,30
004DB64F > 43 inc ebx
004DB650 . 83FB 06 cmp ebx,6
004DB653 .^ 75 CB jnz short videofix.004DB620
004DB655 . 83FE 23 cmp esi,23
004DB658 0F85 930C0000 jnz videofix.004DC2F1 ;6
继续改
又有个比较
004DB658 /0F85 930C0000 jnz videofix.004DC2F1 ; 6
004DB65E . |33F6 xor esi,esi
004DB660 . |BB 07000000 mov ebx,7
004DB665 > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB668 . |8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB66C . |E8 83FBFFFF call videofix.004DB1F4
004DB671 . |84C0 test al,al
004DB673 . |74 12 je short videofix.004DB687
004DB675 . |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB678 . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB67D . |03F0 add esi,eax
004DB67F . |83EE 41 sub esi,41
004DB682 . |83C6 0A add esi,0A
004DB685 . |EB 0D jmp short videofix.004DB694
004DB687 > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB68A . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB68F . |03F0 add esi,eax
004DB691 . |83EE 30 sub esi,30
004DB694 > |43 inc ebx
004DB695 . |83FB 0C cmp ebx,0C
004DB698 .^|75 CB jnz short videofix.004DB665
004DB69A . |83FE 24 cmp esi,24
004DB69D |0F85 4E0C0000 jnz videofix.004DC2F1 ; 7
又是一段
004DB69D /0F85 4E0C0000 jnz videofix.004DC2F1 ; 7
004DB6A3 . |33F6 xor esi,esi
004DB6A5 . |BB 0D000000 mov ebx,0D
004DB6AA > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6AD . |8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB6B1 . |E8 3EFBFFFF call videofix.004DB1F4
004DB6B6 . |84C0 test al,al
004DB6B8 . |74 12 je short videofix.004DB6CC
004DB6BA . |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6BD . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB6C2 . |03F0 add esi,eax
004DB6C4 . |83EE 41 sub esi,41
004DB6C7 . |83C6 0A add esi,0A
004DB6CA . |EB 0D jmp short videofix.004DB6D9
004DB6CC > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6CF . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB6D4 . |03F0 add esi,eax
004DB6D6 . |83EE 30 sub esi,30
004DB6D9 > |43 inc ebx
004DB6DA . |83FB 12 cmp ebx,12
004DB6DD .^|75 CB jnz short videofix.004DB6AA
004DB6DF . |83FE 25 cmp esi,25
004DB6E2 |0F85 090C0000 jnz videofix.004DC2F1 ; 8
再来一次
004DB6E2 /0F85 090C0000 jnz videofix.004DC2F1 ; 8
004DB6E8 . |33F6 xor esi,esi
004DB6EA . |BB 13000000 mov ebx,13
004DB6EF > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6F2 . |8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB6F6 . |E8 F9FAFFFF call videofix.004DB1F4
004DB6FB . |84C0 test al,al
004DB6FD . |74 12 je short videofix.004DB711
004DB6FF . |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB702 . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB707 . |03F0 add esi,eax
004DB709 . |83EE 41 sub esi,41
004DB70C . |83C6 0A add esi,0A
004DB70F . |EB 0D jmp short videofix.004DB71E
004DB711 > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB714 . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB719 . |03F0 add esi,eax
004DB71B . |83EE 30 sub esi,30
004DB71E > |43 inc ebx
004DB71F . |83FB 18 cmp ebx,18
004DB722 .^|75 CB jnz short videofix.004DB6EF
004DB724 . |83FE 26 cmp esi,26
004DB727 |0F85 C40B0000 jnz videofix.004DC2F1 ; 9
还有
004DB727 /0F85 C40B0000 jnz videofix.004DC2F1 ; 9
004DB72D . |33F6 xor esi,esi
004DB72F . |BB 19000000 mov ebx,19
004DB734 > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB737 . |8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB73B . |E8 B4FAFFFF call videofix.004DB1F4
004DB740 . |84C0 test al,al
004DB742 . |74 12 je short videofix.004DB756
004DB744 . |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB747 . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB74C . |03F0 add esi,eax
004DB74E . |83EE 41 sub esi,41
004DB751 . |83C6 0A add esi,0A
004DB754 . |EB 0D jmp short videofix.004DB763
004DB756 > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB759 . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB75E . |03F0 add esi,eax
004DB760 . |83EE 30 sub esi,30
004DB763 > |43 inc ebx
004DB764 . |83FB 1E cmp ebx,1E
004DB767 .^|75 CB jnz short videofix.004DB734
004DB769 . |83FE 27 cmp esi,27
004DB76C |0F85 7F0B0000 jnz videofix.004DC2F1 ; 10
下面应该就是上演创建key.dat了
004DB76C /0F85 7F0B0000 jnz videofix.004DC2F1 ; 10
004DB772 . |8D95 4CFEFFFF lea edx,dword ptr ss:[ebp-1B4]
004DB778 . |33C0 xor eax,eax
004DB77A . |E8 D173F2FF call videofix.00402B50
004DB77F . |8B85 4CFEFFFF mov eax,dword ptr ss:[ebp-1B4]
004DB785 . |8D95 50FEFFFF lea edx,dword ptr ss:[ebp-1B0]
004DB78B . |E8 DCE3F2FF call videofix.00409B6C
004DB790 . |8B95 50FEFFFF mov edx,dword ptr ss:[ebp-1B0]
004DB796 . |8D45 F4 lea eax,dword ptr ss:[ebp-C]
004DB799 . |B9 5CC44D00 mov ecx,videofix.004DC45C ; \key.dat
004DB79E . |E8 5996F2FF call videofix.00404DFC
004DB7A3 . |8B55 F4 mov edx,dword ptr ss:[ebp-C]
004DB7A6 . |8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC]
004DB7AC . |E8 5377F2FF call videofix.00402F04
004DB7B1 . |BA 01000000 mov edx,1
004DB7B6 . |8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC]
004DB7BC . |E8 DB7CF2FF call videofix.0040349C
004DB7C1 . |E8 DE71F2FF call videofix.004029A4
004DB7C6 . |85C0 test eax,eax ;我们的key.dat就在上面就诞生了,不过还是个空文件
004DB7C8 . |0F85 E10A0000 jnz videofix.004DC2AF ;关键,这里就是往里写代码了吧
004DB7CE . |FF75 A0 push dword ptr ss:[ebp-60]
004DB7D1 . |68 70C44D00 push videofix.004DC470 ; t
004DB7D6 . |68 7CC44D00 push videofix.004DC47C ; e
004DB7DB . |68 88C44D00 push videofix.004DC488 ; s
004DB7E0 . |68 70C44D00 push videofix.004DC470 ; t
004DB7E5 . |68 44C44D00 push videofix.004DC444 ; 1
004DB7EA . |68 50C44D00 push videofix.004DC450 ; 2
004DB7EF . |68 94C44D00 push videofix.004DC494
004DB7F4 . |68 94C44D00 push videofix.004DC494
004DB7F9 . |68 94C44D00 push videofix.004DC494
004DB7FE . |68 94C44D00 push videofix.004DC494
004DB803 . |68 94C44D00 push videofix.004DC494
004DB808 . |68 94C44D00 push videofix.004DC494
004DB80D . |68 94C44D00 push videofix.004DC494
004DB812 . |68 94C44D00 push videofix.004DC494
004DB817 . |68 94C44D00 push videofix.004DC494
004DB81C . |68 94C44D00 push videofix.004DC494
004DB821 . |68 94C44D00 push videofix.004DC494
004DB826 . |68 94C44D00 push videofix.004DC494
004DB82B . |68 94C44D00 push videofix.004DC494
004DB830 . |68 94C44D00 push videofix.004DC494
004DB835 . |68 94C44D00 push videofix.004DC494
004DB83A . |68 94C44D00 push videofix.004DC494
004DB83F . |68 94C44D00 push videofix.004DC494
004DB844 . |68 94C44D00 push videofix.004DC494
004DB849 . |68 94C44D00 push videofix.004DC494
004DB84E . |68 94C44D00 push videofix.004DC494
004DB853 . |68 94C44D00 push videofix.004DC494
004DB858 . |68 94C44D00 push videofix.004DC494
004DB85D . |68 94C44D00 push videofix.004DC494
004DB862 . |68 94C44D00 push videofix.004DC494
004DB867 . |68 94C44D00 push videofix.004DC494
004DB86C . |68 94C44D00 push videofix.004DC494
004DB871 . |68 A0C44D00 push videofix.004DC4A0
004DB876 . |68 A0C44D00 push videofix.004DC4A0
004DB87B . |68 A0C44D00 push videofix.004DC4A0
004DB880 . |68 A0C44D00 push videofix.004DC4A0
004DB885 . |68 A0C44D00 push videofix.004DC4A0
004DB88A . |68 A0C44D00 push videofix.004DC4A0
004DB88F . |68 A0C44D00 push videofix.004DC4A0
004DB894 . |68 A0C44D00 push videofix.004DC4A0
004DB899 . |68 A0C44D00 push videofix.004DC4A0
004DB89E . |68 A0C44D00 push videofix.004DC4A0
004DB8A3 . |68 A0C44D00 push videofix.004DC4A0
004DB8A8 . |68 A0C44D00 push videofix.004DC4A0
004DB8AD . |68 A0C44D00 push videofix.004DC4A0
004DB8B2 . |68 A0C44D00 push videofix.004DC4A0
004DB8B7 . |68 A0C44D00 push videofix.004DC4A0
004DB8BC . |68 A0C44D00 push videofix.004DC4A0
004DB8C1 . |68 A0C44D00 push videofix.004DC4A0
004DB8C6 . |68 A0C44D00 push videofix.004DC4A0
004DB8CB . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DB8CE . |BA 33000000 mov edx,33
004DB8D3 . |E8 9895F2FF call videofix.00404E70
004DB8D8 . |FF75 A0 push dword ptr ss:[ebp-60]
004DB8DB . |68 A0C44D00 push videofix.004DC4A0
004DB8E0 . |68 A0C44D00 push videofix.004DC4A0
004DB8E5 . |68 A0C44D00 push videofix.004DC4A0
004DB8EA . |68 A0C44D00 push videofix.004DC4A0
004DB8EF . |68 A0C44D00 push videofix.004DC4A0
004DB8F4 . |68 A0C44D00 push videofix.004DC4A0
004DB8F9 . |68 A0C44D00 push videofix.004DC4A0
004DB8FE . |68 A0C44D00 push videofix.004DC4A0
004DB903 . |68 A0C44D00 push videofix.004DC4A0
004DB908 . |68 A0C44D00 push videofix.004DC4A0
004DB90D . |68 A0C44D00 push videofix.004DC4A0
004DB912 . |68 A0C44D00 push videofix.004DC4A0
004DB917 . |68 A0C44D00 push videofix.004DC4A0
004DB91C . |68 A0C44D00 push videofix.004DC4A0
004DB921 . |68 ACC44D00 push videofix.004DC4AC ; w
004DB926 . |68 B8C44D00 push videofix.004DC4B8 ; 6
004DB92B . |68 C4C44D00 push videofix.004DC4C4
004DB930 . |68 D0C44D00 push videofix.004DC4D0
004DB935 . |68 DCC44D00 push videofix.004DC4DC
004DB93A . |68 E8C44D00 push videofix.004DC4E8
004DB93F . |68 F4C44D00 push videofix.004DC4F4 ; 8
004DB944 . |68 00C54D00 push videofix.004DC500 ; =
004DB949 . |68 0CC54D00 push videofix.004DC50C
004DB94E . |68 18C54D00 push videofix.004DC518
004DB953 . |68 24C54D00 push videofix.004DC524
004DB958 . |68 30C54D00 push videofix.004DC530 ; m
004DB95D . |68 3CC54D00 push videofix.004DC53C ; e
004DB962 . |68 48C54D00 push videofix.004DC548
004DB967 . |68 54C54D00 push videofix.004DC554 ; k
004DB96C . |68 60C54D00 push videofix.004DC560
004DB971 . |68 6CC54D00 push videofix.004DC56C
004DB976 . |68 78C54D00 push videofix.004DC578
004DB97B . |68 84C54D00 push videofix.004DC584
004DB980 . |68 90C54D00 push videofix.004DC590
004DB985 . |68 9CC54D00 push videofix.004DC59C
004DB98A . |68 A8C54D00 push videofix.004DC5A8 ; q
004DB98F . |68 B4C54D00 push videofix.004DC5B4
004DB994 . |68 C0C54D00 push videofix.004DC5C0
004DB999 . |68 CCC54D00 push videofix.004DC5CC ; `
004DB99E . |68 D8C54D00 push videofix.004DC5D8 ; r
004DB9A3 . |68 E4C54D00 push videofix.004DC5E4 ; f
004DB9A8 . |68 F0C54D00 push videofix.004DC5F0
004DB9AD . |68 FCC54D00 push videofix.004DC5FC
004DB9B2 . |68 08C64D00 push videofix.004DC608
004DB9B7 . |68 14C64D00 push videofix.004DC614
004DB9BC . |68 20C64D00 push videofix.004DC620
004DB9C1 . |68 2CC64D00 push videofix.004DC62C ; n
004DB9C6 . |68 38C64D00 push videofix.004DC638 ; }
004DB9CB . |68 44C64D00 push videofix.004DC644 ; .
004DB9D0 . |68 50C64D00 push videofix.004DC650 ; 7
004DB9D5 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DB9D8 . |BA 33000000 mov edx,33
004DB9DD . |E8 8E94F2FF call videofix.00404E70
004DB9E2 . |FF75 A0 push dword ptr ss:[ebp-60]
004DB9E5 . |68 5CC64D00 push videofix.004DC65C
004DB9EA . |68 88C44D00 push videofix.004DC488 ; s
004DB9EF . |68 68C64D00 push videofix.004DC668 ; \
004DB9F4 . |68 74C64D00 push videofix.004DC674
004DB9F9 . |68 80C64D00 push videofix.004DC680
004DB9FE . |68 8CC64D00 push videofix.004DC68C
004DBA03 . |68 98C64D00 push videofix.004DC698 ; g
004DBA08 . |68 A4C64D00 push videofix.004DC6A4
004DBA0D . |68 B0C64D00 push videofix.004DC6B0
004DBA12 . |68 BCC64D00 push videofix.004DC6BC
004DBA17 . |68 C8C64D00 push videofix.004DC6C8
004DBA1C . |68 A4C64D00 push videofix.004DC6A4
004DBA21 . |68 D4C64D00 push videofix.004DC6D4 ; j
004DBA26 . |68 E0C64D00 push videofix.004DC6E0 ; $
004DBA2B . |68 ECC64D00 push videofix.004DC6EC
004DBA30 . |68 B0C64D00 push videofix.004DC6B0
004DBA35 . |68 F8C64D00 push videofix.004DC6F8 ; i
004DBA3A . |68 04C74D00 push videofix.004DC704
004DBA3F . |68 10C74D00 push videofix.004DC710
004DBA44 . |68 1CC74D00 push videofix.004DC71C
004DBA49 . |68 28C74D00 push videofix.004DC728 ; _
004DBA4E . |68 ACC44D00 push videofix.004DC4AC ; w
004DBA53 . |68 34C74D00 push videofix.004DC734 ; m
004DBA58 . |68 40C74D00 push videofix.004DC740 ; u
004DBA5D . |68 4CC74D00 push videofix.004DC74C
004DBA62 . |68 4CC74D00 push videofix.004DC74C
004DBA67 . |68 5CC64D00 push videofix.004DC65C
004DBA6C . |68 58C74D00 push videofix.004DC758
004DBA71 . |68 64C74D00 push videofix.004DC764
004DBA76 . |68 70C74D00 push videofix.004DC770
004DBA7B . |68 7CC74D00 push videofix.004DC77C ; 3
004DBA80 . |68 88C74D00 push videofix.004DC788
004DBA85 . |68 94C74D00 push videofix.004DC794 ; x
004DBA8A . |68 A0C74D00 push videofix.004DC7A0 ; k
004DBA8F . |68 18C54D00 push videofix.004DC518
004DBA94 . |68 DCC44D00 push videofix.004DC4DC
004DBA99 . |68 10C74D00 push videofix.004DC710
004DBA9E . |68 F4C44D00 push videofix.004DC4F4 ; 8
004DBAA3 . |68 ACC74D00 push videofix.004DC7AC ; i
004DBAA8 . |68 B8C74D00 push videofix.004DC7B8 ; o
004DBAAD . |68 70C44D00 push videofix.004DC470 ; t
004DBAB2 . |68 C4C74D00 push videofix.004DC7C4 ; *
004DBAB7 . |68 D0C74D00 push videofix.004DC7D0
004DBABC . |68 DCC74D00 push videofix.004DC7DC
004DBAC1 . |68 E8C74D00 push videofix.004DC7E8 ; z
004DBAC6 . |68 F4C74D00 push videofix.004DC7F4 ; h
004DBACB . |68 34C74D00 push videofix.004DC734 ; m
004DBAD0 . |68 00C84D00 push videofix.004DC800
004DBAD5 . |68 0CC84D00 push videofix.004DC80C ; /
004DBADA . |68 18C84D00 push videofix.004DC818
004DBADF . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DBAE2 . |BA 33000000 mov edx,33
004DBAE7 . |E8 8493F2FF call videofix.00404E70
004DBAEC . |FF75 A0 push dword ptr ss:[ebp-60]
004DBAEF . |68 D0C74D00 push videofix.004DC7D0
004DBAF4 . |68 24C84D00 push videofix.004DC824 ; ~
004DBAF9 . |68 30C84D00 push videofix.004DC830 ; -
004DBAFE . |68 3CC84D00 push videofix.004DC83C ; l
004DBB03 . |68 48C84D00 push videofix.004DC848 ; v
004DBB08 . |68 B0C64D00 push videofix.004DC6B0
004DBB0D . |68 54C84D00 push videofix.004DC854
004DBB12 . |68 60C84D00 push videofix.004DC860 ; ^
004DBB17 . |68 6CC84D00 push videofix.004DC86C
004DBB1C . |68 ACC74D00 push videofix.004DC7AC ; i
004DBB21 . |68 E8C74D00 push videofix.004DC7E8 ; z
004DBB26 . |68 78C84D00 push videofix.004DC878 ; f
004DBB2B . |68 84C84D00 push videofix.004DC884
004DBB30 . |68 90C84D00 push videofix.004DC890
004DBB35 . |68 48C84D00 push videofix.004DC848 ; v
004DBB3A . |68 9CC84D00 push videofix.004DC89C
004DBB3F . |68 A8C84D00 push videofix.004DC8A8
004DBB44 . |68 58C74D00 push videofix.004DC758
004DBB49 . |68 B4C84D00 push videofix.004DC8B4
004DBB4E . |68 C0C84D00 push videofix.004DC8C0
004DBB53 . |68 CCC84D00 push videofix.004DC8CC
004DBB58 . |68 B8C74D00 push videofix.004DC7B8 ; o
004DBB5D . |68 D8C84D00 push videofix.004DC8D8
004DBB62 . |68 E4C84D00 push videofix.004DC8E4 ; y
004DBB67 . |68 F0C84D00 push videofix.004DC8F0
004DBB6C . |68 FCC84D00 push videofix.004DC8FC
004DBB71 . |68 D4C64D00 push videofix.004DC6D4 ; j
004DBB76 . |68 08C94D00 push videofix.004DC908 ; <
004DBB7B . |68 88C74D00 push videofix.004DC788
004DBB80 . |68 14C94D00 push videofix.004DC914
004DBB85 . |68 F4C44D00 push videofix.004DC4F4 ; 8
004DBB8A . |68 FCC84D00 push videofix.004DC8FC
004DBB8F . |68 38C64D00 push videofix.004DC638 ; }
004DBB94 . |68 20C94D00 push videofix.004DC920 ; y
004DBB99 . |68 2CC94D00 push videofix.004DC92C
004DBB9E . |68 18C54D00 push videofix.004DC518
004DBBA3 . |68 A0C44D00 push videofix.004DC4A0
004DBBA8 . |68 F0C54D00 push videofix.004DC5F0
004DBBAD . |68 38C94D00 push videofix.004DC938
004DBBB2 . |68 44C94D00 push videofix.004DC944
004DBBB7 . |68 50C94D00 push videofix.004DC950 ; s
004DBBBC . |68 5CC94D00 push videofix.004DC95C
004DBBC1 . |68 A0C44D00 push videofix.004DC4A0
004DBBC6 . |68 A0C44D00 push videofix.004DC4A0
004DBBCB . |68 A0C44D00 push videofix.004DC4A0
004DBBD0 . |68 A0C44D00 push videofix.004DC4A0
004DBBD5 . |68 A0C44D00 push videofix.004DC4A0
004DBBDA . |68 A0C44D00 push videofix.004DC4A0
004DBBDF . |68 A0C44D00 push videofix.004DC4A0
004DBBE4 . |68 A0C44D00 push videofix.004DC4A0
004DBBE9 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DBBEC . |BA 33000000 mov edx,33
004DBBF1 . |E8 7A92F2FF call videofix.00404E70
004DBBF6 . |FF75 A0 push dword ptr ss:[ebp-60]
004DBBF9 . |68 A0C44D00 push videofix.004DC4A0
004DBBFE . |68 A0C44D00 push videofix.004DC4A0
004DBC03 . |68 A0C44D00 push videofix.004DC4A0
004DBC08 . |68 A0C44D00 push videofix.004DC4A0
004DBC0D . |68 A0C44D00 push videofix.004DC4A0
004DBC12 . |68 A0C44D00 push videofix.004DC4A0
004DBC17 . |68 A0C44D00 push videofix.004DC4A0
004DBC1C . |68 A0C44D00 push videofix.004DC4A0
004DBC21 . |68 68C94D00 push videofix.004DC968 ; \n
004DBC26 . |68 98C64D00 push videofix.004DC698 ; g
004DBC2B . |68 A0C44D00 push videofix.004DC4A0
004DBC30 . |68 A0C44D00 push videofix.004DC4A0
004DBC35 . |68 A0C44D00 push videofix.004DC4A0
004DBC3A . |68 A0C44D00 push videofix.004DC4A0
004DBC3F . |68 A0C44D00 push videofix.004DC4A0
004DBC44 . |68 A0C44D00 push videofix.004DC4A0
004DBC49 . |68 A0C44D00 push videofix.004DC4A0
004DBC4E . |68 A0C44D00 push videofix.004DC4A0
004DBC53 . |68 A0C44D00 push videofix.004DC4A0
004DBC58 . |68 A0C44D00 push videofix.004DC4A0
004DBC5D . |68 A0C44D00 push videofix.004DC4A0
004DBC62 . |68 A0C44D00 push videofix.004DC4A0
004DBC67 . |68 A0C44D00 push videofix.004DC4A0
004DBC6C . |68 A0C44D00 push videofix.004DC4A0
004DBC71 . |68 0CC84D00 push videofix.004DC80C ; /
004DBC76 . |68 50C94D00 push videofix.004DC950 ; s
004DBC7B . |68 74C94D00 push videofix.004DC974
004DBC80 . |68 80C94D00 push videofix.004DC980
004DBC85 . |68 8CC94D00 push videofix.004DC98C
004DBC8A . |68 04C74D00 push videofix.004DC704
004DBC8F . |68 54C84D00 push videofix.004DC854
004DBC94 . |68 98C94D00 push videofix.004DC998
004DBC99 . |68 A4C94D00 push videofix.004DC9A4 ; 0
004DBC9E . |68 B0C94D00 push videofix.004DC9B0
004DBCA3 . |68 BCC94D00 push videofix.004DC9BC
004DBCA8 . |68 C8C94D00 push videofix.004DC9C8 ; %
004DBCAD . |68 74C64D00 push videofix.004DC674
004DBCB2 . |68 D4C94D00 push videofix.004DC9D4 ; v
004DBCB7 . |68 94C74D00 push videofix.004DC794 ; x
004DBCBC . |68 E0C94D00 push videofix.004DC9E0 ; t
004DBCC1 . |68 ECC94D00 push videofix.004DC9EC ; q
004DBCC6 . |68 F8C94D00 push videofix.004DC9F8
004DBCCB . |68 04CA4D00 push videofix.004DCA04 ; "
004DBCD0 . |68 B8C44D00 push videofix.004DC4B8 ; 6
004DBCD5 . |68 10CA4D00 push videofix.004DCA10
004DBCDA . |68 1CCA4D00 push videofix.004DCA1C
004DBCDF . |68 00C84D00 push videofix.004DC800
004DBCE4 . |68 24C84D00 push videofix.004DC824 ; ~
004DBCE9 . |68 ACC44D00 push videofix.004DC4AC ; w
004DBCEE . |68 28CA4D00 push videofix.004DCA28
004DBCF3 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DBCF6 . |BA 33000000 mov edx,33
004DBCFB . |E8 7091F2FF call videofix.00404E70
004DBD00 . |FF75 A0 push dword ptr ss:[ebp-60]
004DBD03 . |68 98C94D00 push videofix.004DC998
004DBD08 . |68 84C54D00 push videofix.004DC584
004DBD0D . |68 34CA4D00 push videofix.004DCA34
004DBD12 . |68 70C44D00 push videofix.004DC470 ; t
004DBD17 . |68 40CA4D00 push videofix.004DCA40
004DBD1C . |68 4CCA4D00 push videofix.004DCA4C
004DBD21 . |68 58CA4D00 push videofix.004DCA58
004DBD26 . |68 D4C94D00 push videofix.004DC9D4 ; v
004DBD2B . |68 80C94D00 push videofix.004DC980
004DBD30 . |68 64CA4D00 push videofix.004DCA64
004DBD35 . |68 70CA4D00 push videofix.004DCA70 ; a
004DBD3A . |68 40C74D00 push videofix.004DC740 ; u
004DBD3F . |68 7CCA4D00 push videofix.004DCA7C
004DBD44 . |68 10CA4D00 push videofix.004DCA10
004DBD49 . |68 88CA4D00 push videofix.004DCA88
004DBD4E . |68 F4C44D00 push videofix.004DC4F4 ; 8
004DBD53 . |68 04CA4D00 push videofix.004DCA04 ; "
004DBD58 . |68 94CA4D00 push videofix.004DCA94
004DBD5D . |68 A0CA4D00 push videofix.004DCAA0
004DBD62 . |68 7CC44D00 push videofix.004DC47C ; e
004DBD67 . |68 6CC54D00 push videofix.004DC56C
004DBD6C . |68 18C54D00 push videofix.004DC518
004DBD71 . |68 ACCA4D00 push videofix.004DCAAC ; c
004DBD76 . |68 B8CA4D00 push videofix.004DCAB8
004DBD7B . |68 C0C54D00 push videofix.004DC5C0
004DBD80 . |68 C4CA4D00 push videofix.004DCAC4 ; !
004DBD85 . |68 D0CA4D00 push videofix.004DCAD0
004DBD8A . |68 D8C84D00 push videofix.004DC8D8
004DBD8F . |68 ACC74D00 push videofix.004DC7AC ; i
004DBD94 . |68 D8C54D00 push videofix.004DC5D8 ; r
004DBD99 . |68 DCCA4D00 push videofix.004DCADC
004DBD9E . |68 E8CA4D00 push videofix.004DCAE8
004DBDA3 . |68 E4C84D00 push videofix.004DC8E4 ; y
004DBDA8 . |68 F4CA4D00 push videofix.004DCAF4
004DBDAD . |68 00CB4D00 push videofix.004DCB00 ; b
004DBDB2 . |68 48C54D00 push videofix.004DC548
004DBDB7 . |68 80C94D00 push videofix.004DC980
004DBDBC . |68 0CCB4D00 push videofix.004DCB0C
004DBDC1 . |68 D8C84D00 push videofix.004DC8D8
004DBDC6 . |68 94CA4D00 push videofix.004DCA94
004DBDCB . |68 38C94D00 push videofix.004DC938
004DBDD0 . |68 18CB4D00 push videofix.004DCB18 ; '
004DBDD5 . |68 18C84D00 push videofix.004DC818
004DBDDA . |68 24CB4D00 push videofix.004DCB24 ; j
004DBDDF . |68 30CB4D00 push videofix.004DCB30 ; d
004DBDE4 . |68 00C84D00 push videofix.004DC800
004DBDE9 . |68 00C84D00 push videofix.004DC800
004DBDEE . |68 A4C64D00 push videofix.004DC6A4
004DBDF3 . |68 3CCB4D00 push videofix.004DCB3C
004DBDF8 . |68 9CC84D00 push videofix.004DC89C
004DBDFD . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DBE00 . |BA 33000000 mov edx,33
004DBE05 . |E8 6690F2FF call videofix.00404E70
004DBE0A . |FF75 A0 push dword ptr ss:[ebp-60]
004DBE0D . |68 48CB4D00 push videofix.004DCB48
004DBE12 . |68 48C84D00 push videofix.004DC848 ; v
004DBE17 . |68 54CB4D00 push videofix.004DCB54 ; \t
004DBE1C . |68 CCC54D00 push videofix.004DC5CC ; `
004DBE21 . |68 60CB4D00 push videofix.004DCB60
004DBE26 . |68 3CC84D00 push videofix.004DC83C ; l
004DBE2B . |68 6CCB4D00 push videofix.004DCB6C ; |
004DBE30 . |68 28C74D00 push videofix.004DC728 ; _
004DBE35 . |68 D0C44D00 push videofix.004DC4D0
004DBE3A . |68 78CB4D00 push videofix.004DCB78
004DBE3F . |68 84CB4D00 push videofix.004DCB84
004DBE44 . |68 90CB4D00 push videofix.004DCB90
004DBE49 . |68 44C64D00 push videofix.004DC644 ; .
004DBE4E . |68 A0C74D00 push videofix.004DC7A0 ; k
004DBE53 . |68 60C54D00 push videofix.004DC560
004DBE58 . |68 B8C44D00 push videofix.004DC4B8 ; 6
004DBE5D . |68 44C64D00 push videofix.004DC644 ; .
004DBE62 . |68 CCC54D00 push videofix.004DC5CC ; `
004DBE67 . |68 F0C84D00 push videofix.004DC8F0
004DBE6C . |68 E8CA4D00 push videofix.004DCAE8
004DBE71 . |68 9CCB4D00 push videofix.004DCB9C ; &
004DBE76 . |68 A8CB4D00 push videofix.004DCBA8
004DBE7B . |68 B4CB4D00 push videofix.004DCBB4
004DBE80 . |68 C0CB4D00 push videofix.004DCBC0
004DBE85 . |68 CCCB4D00 push videofix.004DCBCC
004DBE8A . |68 58CA4D00 push videofix.004DCA58
004DBE8F . |68 D8CB4D00 push videofix.004DCBD8 ; :
004DBE94 . |68 E4CB4D00 push videofix.004DCBE4
004DBE99 . |68 28CA4D00 push videofix.004DCA28
004DBE9E . |68 34C74D00 push videofix.004DC734 ; m
004DBEA3 . |68 ACCA4D00 push videofix.004DCAAC ; c
004DBEA8 . |68 F0CB4D00 push videofix.004DCBF0
004DBEAD . |68 FCCB4D00 push videofix.004DCBFC
004DBEB2 . |68 A4C94D00 push videofix.004DC9A4 ; 0
004DBEB7 . |68 08CC4D00 push videofix.004DCC08
004DBEBC . |68 D4C94D00 push videofix.004DC9D4 ; v
004DBEC1 . |68 30C84D00 push videofix.004DC830 ; -
004DBEC6 . |68 14CC4D00 push videofix.004DCC14 ; n
004DBECB . |68 BCC94D00 push videofix.004DC9BC
004DBED0 . |68 20CC4D00 push videofix.004DCC20 ; (
004DBED5 . |68 88CA4D00 push videofix.004DCA88
004DBEDA . |68 A8CB4D00 push videofix.004DCBA8
004DBEDF . |68 2CCC4D00 push videofix.004DCC2C
004DBEE4 . |68 C4C44D00 push videofix.004DC4C4
004DBEE9 . |68 38CC4D00 push videofix.004DCC38 ; 4
004DBEEE . |68 44CC4D00 push videofix.004DCC44 ; h
004DBEF3 . |68 50CC4D00 push videofix.004DCC50
004DBEF8 . |68 1CC74D00 push videofix.004DC71C
004DBEFD . |68 60CB4D00 push videofix.004DCB60
004DBF02 . |68 5CCC4D00 push videofix.004DCC5C
004DBF07 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DBF0A . |BA 33000000 mov edx,33
004DBF0F . |E8 5C8FF2FF call videofix.00404E70
004DBF14 . |FF75 A0 push dword ptr ss:[ebp-60]
004DBF17 . |68 30C84D00 push videofix.004DC830 ; -
004DBF1C . |68 ACC74D00 push videofix.004DC7AC ; i
004DBF21 . |68 A0C44D00 push videofix.004DC4A0
004DBF26 . |68 A0C44D00 push videofix.004DC4A0
004DBF2B . |68 A0C44D00 push videofix.004DC4A0
004DBF30 . |68 A0C44D00 push videofix.004DC4A0
004DBF35 . |68 A0C44D00 push videofix.004DC4A0
004DBF3A . |68 A0C44D00 push videofix.004DC4A0
004DBF3F . |68 A0C44D00 push videofix.004DC4A0
004DBF44 . |68 A0C44D00 push videofix.004DC4A0
004DBF49 . |68 A0C44D00 push videofix.004DC4A0
004DBF4E . |68 A0C44D00 push videofix.004DC4A0
004DBF53 . |68 A0C44D00 push videofix.004DC4A0
004DBF58 . |68 A0C44D00 push videofix.004DC4A0
004DBF5D . |68 A0C44D00 push videofix.004DC4A0
004DBF62 . |68 A0C44D00 push videofix.004DC4A0
004DBF67 . |68 A0C44D00 push videofix.004DC4A0
004DBF6C . |68 A0C44D00 push videofix.004DC4A0
004DBF71 . |68 70C44D00 push videofix.004DC470 ; t
004DBF76 . |68 04CA4D00 push videofix.004DCA04 ; "
004DBF7B . |68 A0CA4D00 push videofix.004DCAA0
004DBF80 . |68 F0C84D00 push videofix.004DC8F0
004DBF85 . |68 A0C74D00 push videofix.004DC7A0 ; k
004DBF8A . |68 68CC4D00 push videofix.004DCC68
004DBF8F . |68 24C54D00 push videofix.004DC524
004DBF94 . |68 94C74D00 push videofix.004DC794 ; x
004DBF99 . |68 14CC4D00 push videofix.004DCC14 ; n
004DBF9E . |68 74CC4D00 push videofix.004DCC74 ; ?
004DBFA3 . |68 E8CA4D00 push videofix.004DCAE8
004DBFA8 . |68 F4C44D00 push videofix.004DC4F4 ; 8
004DBFAD . |68 80CC4D00 push videofix.004DCC80 ; p
004DBFB2 . |68 8CCC4D00 push videofix.004DCC8C ; c
004DBFB7 . |68 08C94D00 push videofix.004DC908 ; <
004DBFBC . |68 08C94D00 push videofix.004DC908 ; <
004DBFC1 . |68 98CC4D00 push videofix.004DCC98
004DBFC6 . |68 B4C54D00 push videofix.004DC5B4
004DBFCB . |68 50C64D00 push videofix.004DC650 ; 7
004DBFD0 . |68 A4CC4D00 push videofix.004DCCA4
004DBFD5 . |68 80CC4D00 push videofix.004DCC80 ; p
004DBFDA . |68 48C84D00 push videofix.004DC848 ; v
004DBFDF . |68 B0CC4D00 push videofix.004DCCB0
004DBFE4 . |68 10CA4D00 push videofix.004DCA10
004DBFE9 . |68 BCC94D00 push videofix.004DC9BC
004DBFEE . |68 BCCC4D00 push videofix.004DCCBC
004DBFF3 . |68 C8CC4D00 push videofix.004DCCC8
004DBFF8 . |68 D8C84D00 push videofix.004DC8D8
004DBFFD . |68 D4CC4D00 push videofix.004DCCD4
004DC002 . |68 04CA4D00 push videofix.004DCA04 ; "
004DC007 . |68 E0CC4D00 push videofix.004DCCE0 ; b
004DC00C . |68 F0CB4D00 push videofix.004DCBF0
004DC011 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DC014 . |BA 33000000 mov edx,33
004DC019 . |E8 528EF2FF call videofix.00404E70
004DC01E . |FF75 A0 push dword ptr ss:[ebp-60]
004DC021 . |68 74C94D00 push videofix.004DC974
004DC026 . |68 68CC4D00 push videofix.004DCC68
004DC02B . |68 40CA4D00 push videofix.004DCA40
004DC030 . |68 4CC74D00 push videofix.004DC74C
004DC035 . |68 A8CB4D00 push videofix.004DCBA8
004DC03A . |68 7CC44D00 push videofix.004DC47C ; e
004DC03F . |68 F4C44D00 push videofix.004DC4F4 ; 8
004DC044 . |68 D0C74D00 push videofix.004DC7D0
004DC049 . |68 ECCC4D00 push videofix.004DCCEC
004DC04E . |68 DCC74D00 push videofix.004DC7DC
004DC053 . |68 B0CC4D00 push videofix.004DCCB0
004DC058 . |68 F8CC4D00 push videofix.004DCCF8 ; g
004DC05D . |68 04CD4D00 push videofix.004DCD04
004DC062 . |68 DCC74D00 push videofix.004DC7DC
004DC067 . |68 54C84D00 push videofix.004DC854
004DC06C . |68 CCC84D00 push videofix.004DC8CC
004DC071 . |68 08C94D00 push videofix.004DC908 ; <
004DC076 . |68 10CD4D00 push videofix.004DCD10 ; {
004DC07B . |68 7CC44D00 push videofix.004DC47C ; e
004DC080 . |68 24C84D00 push videofix.004DC824 ; ~
004DC085 . |68 8CCC4D00 push videofix.004DCC8C ; c
004DC08A . |68 C8CC4D00 push videofix.004DCCC8
004DC08F . |68 40C74D00 push videofix.004DC740 ; u
004DC094 . |68 C8C64D00 push videofix.004DC6C8
004DC099 . |68 54C84D00 push videofix.004DC854
004DC09E . |68 2CCC4D00 push videofix.004DCC2C
004DC0A3 . |68 04CD4D00 push videofix.004DCD04
004DC0A8 . |68 4CCA4D00 push videofix.004DCA4C
004DC0AD . |68 1CCD4D00 push videofix.004DCD1C
004DC0B2 . |68 28CD4D00 push videofix.004DCD28 ; ]
004DC0B7 . |68 34CD4D00 push videofix.004DCD34
004DC0BC . |68 B4CB4D00 push videofix.004DCBB4
004DC0C1 . |68 ECCC4D00 push videofix.004DCCEC
004DC0C6 . |68 20CC4D00 push videofix.004DCC20 ; (
004DC0CB . |68 40CD4D00 push videofix.004DCD40
004DC0D0 . |68 4CCD4D00 push videofix.004DCD4C
004DC0D5 . |68 40CD4D00 push videofix.004DCD40
004DC0DA . |68 D8CB4D00 push videofix.004DCBD8 ; :
004DC0DF . |68 14C94D00 push videofix.004DC914
004DC0E4 . |68 28CA4D00 push videofix.004DCA28
004DC0E9 . |68 58CD4D00 push videofix.004DCD58 ; r
004DC0EE . |68 64CD4D00 push videofix.004DCD64
004DC0F3 . |68 70CD4D00 push videofix.004DCD70
004DC0F8 . |68 E8C44D00 push videofix.004DC4E8
004DC0FD . |68 18C84D00 push videofix.004DC818
004DC102 . |68 D8C84D00 push videofix.004DC8D8
004DC107 . |68 B8C74D00 push videofix.004DC7B8 ; o
004DC10C . |68 60CB4D00 push videofix.004DCB60
004DC111 . |68 54C84D00 push videofix.004DC854
004DC116 . |68 FCC84D00 push videofix.004DC8FC
004DC11B . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DC11E . |BA 33000000 mov edx,33
004DC123 . |E8 488DF2FF call videofix.00404E70
004DC128 . |FF75 A0 push dword ptr ss:[ebp-60]
004DC12B . |68 7CCD4D00 push videofix.004DCD7C
004DC130 . |68 ACCA4D00 push videofix.004DCAAC ; c
004DC135 . |68 4CCD4D00 push videofix.004DCD4C
004DC13A . |68 88CD4D00 push videofix.004DCD88 ; 5
004DC13F . |68 ECC94D00 push videofix.004DC9EC ; q
004DC144 . |68 94CD4D00 push videofix.004DCD94 ; z
004DC149 . |68 00C54D00 push videofix.004DC500 ; =
004DC14E . |68 A4CC4D00 push videofix.004DCCA4
004DC153 . |68 88CA4D00 push videofix.004DCA88
004DC158 . |68 04CD4D00 push videofix.004DCD04
004DC15D . |68 ACC44D00 push videofix.004DC4AC ; w
004DC162 . |68 F4C74D00 push videofix.004DC7F4 ; h
004DC167 . |68 A0CD4D00 push videofix.004DCDA0 ; w
004DC16C . |68 ACCD4D00 push videofix.004DCDAC
004DC171 . |68 E0CC4D00 push videofix.004DCCE0 ; b
004DC176 . |68 B8CD4D00 push videofix.004DCDB8
004DC17B . |68 C4CD4D00 push videofix.004DCDC4
004DC180 . |68 04CD4D00 push videofix.004DCD04
004DC185 . |68 C4CA4D00 push videofix.004DCAC4 ; !
004DC18A . |68 D0CD4D00 push videofix.004DCDD0
004DC18F . |68 B8CD4D00 push videofix.004DCDB8
004DC194 . |68 30C84D00 push videofix.004DC830 ; -
004DC199 . |68 ACCD4D00 push videofix.004DCDAC
004DC19E . |68 DCCD4D00 push videofix.004DCDDC
004DC1A3 . |68 70C74D00 push videofix.004DC770
004DC1A8 . |68 E8CD4D00 push videofix.004DCDE8
004DC1AD . |68 D8CB4D00 push videofix.004DCBD8 ; :
004DC1B2 . |68 50C44D00 push videofix.004DC450 ; 2
004DC1B7 . |68 B4CB4D00 push videofix.004DCBB4
004DC1BC . |68 50C64D00 push videofix.004DC650 ; 7
004DC1C1 . |68 C4C74D00 push videofix.004DC7C4 ; *
004DC1C6 . |68 1CCA4D00 push videofix.004DCA1C
004DC1CB . |68 7CC74D00 push videofix.004DC77C ; 3
004DC1D0 . |68 F4CD4D00 push videofix.004DCDF4 ; ;
004DC1D5 . |68 14C94D00 push videofix.004DC914
004DC1DA . |68 E4C84D00 push videofix.004DC8E4 ; y
004DC1DF . |68 00CE4D00 push videofix.004DCE00
004DC1E4 . |68 F4C74D00 push videofix.004DC7F4 ; h
004DC1E9 . |68 0CCE4D00 push videofix.004DCE0C
004DC1EE . |68 C4CD4D00 push videofix.004DCDC4
004DC1F3 . |68 7CCD4D00 push videofix.004DCD7C
004DC1F8 . |68 5CC64D00 push videofix.004DC65C
004DC1FD . |68 F8C94D00 push videofix.004DC9F8
004DC202 . |68 38C94D00 push videofix.004DC938
004DC207 . |68 F8CC4D00 push videofix.004DCCF8 ; g
004DC20C . |68 38CC4D00 push videofix.004DCC38 ; 4
004DC211 . |68 A0C44D00 push videofix.004DC4A0
004DC216 . |68 A0C44D00 push videofix.004DC4A0
004DC21B . |68 A0C44D00 push videofix.004DC4A0
004DC220 . |68 A0C44D00 push videofix.004DC4A0
004DC225 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DC228 . |BA 33000000 mov edx,33
004DC22D . |E8 3E8CF2FF call videofix.00404E70
004DC232 . |FF75 A0 push dword ptr ss:[ebp-60]
004DC235 . |68 A0C44D00 push videofix.004DC4A0
004DC23A . |68 A0C44D00 push videofix.004DC4A0
004DC23F . |68 A0C44D00 push videofix.004DC4A0
004DC244 . |68 A0C44D00 push videofix.004DC4A0
004DC249 . |68 A0C44D00 push videofix.004DC4A0
004DC24E . |68 A0C44D00 push videofix.004DC4A0
004DC253 . |68 A0C44D00 push videofix.004DC4A0
004DC258 . |68 A0C44D00 push videofix.004DC4A0
004DC25D . |68 A0C44D00 push videofix.004DC4A0
004DC262 . |68 A0C44D00 push videofix.004DC4A0
004DC267 . |68 A0C44D00 push videofix.004DC4A0
004DC26C . |68 A0C44D00 push videofix.004DC4A0
004DC271 . |8D45 A0 lea eax,dword ptr ss:[ebp-60] ;上面有很多CALL
004DC274 . |BA 0D000000 mov edx,0D
004DC279 . |E8 F28BF2FF call videofix.00404E70
004DC27E . |6A 00 push 0
004DC280 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DC283 . |E8 788DF2FF call videofix.00405000
004DC288 . |8BD0 mov edx,eax ; |
004DC28A . |B9 00020000 mov ecx,200 ; |
004DC28F . |8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC] ; |
004DC295 . |E8 EE6DF2FF call videofix.00403088 ; \videofix.00403088
004DC29A . |E8 8566F2FF call videofix.00402924
004DC29F . |8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC]
004DC2A5 . |E8 FE6DF2FF call videofix.004030A8
004DC2AA . |E8 7566F2FF call videofix.00402924
004DC2AF > |B2 01 mov dl,1
004DC2B1 . |A1 E0D14600 mov eax,dword ptr ds:[46D1E0]
004DC2B6 . |E8 2510F9FF call videofix.0046D2E0
004DC2BB . |8BD8 mov ebx,eax
004DC2BD . |BA 01000080 mov edx,80000001
004DC2C2 . |8BC3 mov eax,ebx
004DC2C4 . |E8 B710F9FF call videofix.0046D380 ;刚才的空key.dat 已经写进代码了
004DC2C9 . |B1 01 mov cl,1
004DC2CB . |BA 18CE4D00 mov edx,videofix.004DCE18 ; \software\fixvideo\videofixer\
004DC2D0 . |8BC3 mov eax,ebx
004DC2D2 . |E8 0D11F9FF call videofix.0046D3E4
004DC2D7 . |84C0 test al,al
004DC2D9 . |74 16 je short videofix.004DC2F1
到这里开始注册名、注册码
004DC2D9 . /74 16 je short videofix.004DC2F1
004DC2DB . |8B4D FC mov ecx,dword ptr ss:[ebp-4]
004DC2DE . |BA 40CE4D00 mov edx,videofix.004DCE40 ; username
004DC2E3 . |8BC3 mov eax,ebx
004DC2E5 . |E8 C613F9FF call videofix.0046D6B0 ;"UserName"="Leesan"应该写入注册表
004DC2EA . |8BC3 mov eax,ebx
004DC2EC . |E8 5F10F9FF call videofix.0046D350
004DC2F1 > \8D95 48FEFFFF lea edx,dword ptr ss:[ebp-1B8]
004DC2F7 . 8B87 04030000 mov eax,dword ptr ds:[edi+304]
004DC2FD . E8 E2A1F6FF call videofix.004464E4
004DC302 . 83BD 48FEFFFF 00 cmp dword ptr ss:[ebp-1B8],0
004DC309 74 46 je short videofix.004DC351
004DC30B . 8D95 44FEFFFF lea edx,dword ptr ss:[ebp-1BC]
004DC311 . 8B87 00030000 mov eax,dword ptr ds:[edi+300]
004DC317 . E8 C8A1F6FF call videofix.004464E4 ;假码
004DC31C . 83BD 44FEFFFF 00 cmp dword ptr ss:[ebp-1BC],0
004DC323 . 74 2C je short videofix.004DC351
004DC325 . A1 B8144F00 mov eax,dword ptr ds:[4F14B8]
004DC32A . 8B00 mov eax,dword ptr ds:[eax]
004DC32C . 8B80 90030000 mov eax,dword ptr ds:[eax+390]
004DC332 . 83C0 68 add eax,68
004DC335 . BA 54CE4D00 mov edx,videofix.004DCE54 ; 谢谢注册,请重新启动程序!
004DC33A . E8 0D88F2FF call videofix.00404B4C
004DC33F . A1 B8144F00 mov eax,dword ptr ds:[4F14B8]
004DC344 . 8B00 mov eax,dword ptr ds:[eax]
004DC346 . 8B80 90030000 mov eax,dword ptr ds:[eax+390]
004DC34C . 8B10 mov edx,dword ptr ds:[eax]
004DC34E . FF52 30 call dword ptr ds:[edx+30]
004DC351 > E9 39000000 jmp videofix.004DC38F
004DC356 00 db 00
以上诸多call并未全部贴出
此时注册表
[HKEY_CURRENT_USER\Software\FixVideo\VideoFixer]
"UserName"="Leesan"
看堆栈
0012F2C8 004DC3E5 SE 句柄
0012F2CC 0012F498
0012F2D0 0012F654
0012F2D4 0044CAF0 videofix.0044CAF0
0012F2D8 01101EA4
0012F2DC 010FC94C ASCII "asdf"
0012F2E0 011040A0 ASCII "Leesan"
0012F2E4 01109B5C
到这里结束了
运行脱壳前的程序,显示已经注册了 呵呵
附上key.dat 及抓图
key.rar
--------------------------------------------------------------------------------
【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
2007年12月14日 16:45:08
【文章作者】: Leesan
【作者邮箱】: Leesan8866@yahoo.com.cn
【作者QQ号】: 195637816
【下载地址】: 自己搜索下载
【保护方式】: 加壳 重启验证
【编写语言】: Borland Delphi 6.0 - 7.0
【操作平台】: xp2
【软件介绍】: 视频格式 修复软件
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
我是菜鸟,里面诸多不明,望大侠们指教......
先运行一下软件,30天试用,重启验证的
peid查壳为 UltraProtect 1.x -> RISCO Software Inc.
轻松的脱掉
脱掉后,试用期变成还剩1天,??? 管它那....
OD载入,找找字符串,收获甚多
/key.dat (key文件)
\software\fixvideo\videofixer\(注册表)
谢谢注册,请重新启动程序!
试用期已过,如果想继续使用请注册。
等等...
那注册后的东东肯定保留在key.dat和 注册表 里面喽
随便注册一下,没有发现有key.dat文件和 注册表的改变??
在命令栏下以上两个的断点
注册后,直接跑到 “谢谢注册,请重新启动程序!”
并没有断下 换个思路
谢谢注册,请重新启动程序!地址F2下断 总能断下来吧
输入
Leesan
asdf
注册一下
004DC29A . E8 8566F2FF call videofix.00402924
004DC29F . 8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC]
004DC2A5 . E8 FE6DF2FF call videofix.004030A8
004DC2AA . E8 7566F2FF call videofix.00402924
004DC2AF > B2 01 mov dl,1
004DC2B1 . A1 E0D14600 mov eax,dword ptr ds:[46D1E0]
004DC2B6 . E8 2510F9FF call videofix.0046D2E0
004DC2BB . 8BD8 mov ebx,eax
004DC2BD . BA 01000080 mov edx,80000001
004DC2C2 . 8BC3 mov eax,ebx
004DC2C4 . E8 B710F9FF call videofix.0046D380
004DC2C9 . B1 01 mov cl,1
004DC2CB . BA 18CE4D00 mov edx,videofix.004DCE18
004DC2D0 . 8BC3 mov eax,ebx
004DC2D2 . E8 0D11F9FF call videofix.0046D3E4
004DC2D7 . 84C0 test al,al
004DC2D9 . 74 16 je short videofix.004DC2F1
004DC2DB . 8B4D FC mov ecx,dword ptr ss:[ebp-4]
004DC2DE . BA 40CE4D00 mov edx,videofix.004DCE40 ; username
004DC2E3 . 8BC3 mov eax,ebx
004DC2E5 . E8 C613F9FF call videofix.0046D6B0
004DC2EA . 8BC3 mov eax,ebx
004DC2EC . E8 5F10F9FF call videofix.0046D350
004DC2F1 > 8D95 48FEFFFF lea edx,dword ptr ss:[ebp-1B8]
004DC2F7 . 8B87 04030000 mov eax,dword ptr ds:[edi+304]
004DC2FD . E8 E2A1F6FF call videofix.004464E4
004DC302 . 83BD 48FEFFFF 00 cmp dword ptr ss:[ebp-1B8],0
004DC309 74 46 je short videofix.004DC351
004DC30B . 8D95 44FEFFFF lea edx,dword ptr ss:[ebp-1BC]
004DC311 . 8B87 00030000 mov eax,dword ptr ds:[edi+300]
004DC317 . E8 C8A1F6FF call videofix.004464E4
004DC31C . 83BD 44FEFFFF 00 cmp dword ptr ss:[ebp-1BC],0
004DC323 . 74 2C je short videofix.004DC351
004DC325 . A1 B8144F00 mov eax,dword ptr ds:[4F14B8]
004DC32A . 8B00 mov eax,dword ptr ds:[eax]
004DC32C . 8B80 90030000 mov eax,dword ptr ds:[eax+390]
004DC332 . 83C0 68 add eax,68
004DC335 . BA 54CE4D00 mov edx,videofix.004DCE54 ; 谢谢注册,请重新启动程序!
004DC33A . E8 0D88F2FF call videofix.00404B4C
004DC33F . A1 B8144F00 mov eax,dword ptr ds:[4F14B8]
004DC344 . 8B00 mov eax,dword ptr ds:[eax]
004DC346 . 8B80 90030000 mov eax,dword ptr ds:[eax+390]
004DC34C . 8B10 mov edx,dword ptr ds:[eax]
004DC34E . FF52 30 call dword ptr ds:[edx+30]
004DC351 > E9 39000000 jmp videofix.004DC38F
我们往上翻翻
004DC2F1 > 8D95 48FEFFFF lea edx,dword ptr ss:[ebp-1B8] ;Jumps from 004DB5DF, 004DB5EC, 004DB5F9, 004DB606, 004DB613, 004DB658, 004DB69D, 004DB6E2, 004DB727, 004DB76C, 004DC2D9
不去计算,跳到这里做什么??
我们找到第一个
004DB5DF . 0F85 0C0D0000 jnz videofix.004DC2F1 ;第一个
F2下断
重载
004DB5C5 . 50 push eax
004DB5C6 . 8D4D EC lea ecx,dword ptr ss:[ebp-14]
004DB5C9 . 8D55 E4 lea edx,dword ptr ss:[ebp-1C]
004DB5CC . 8B45 F4 mov eax,dword ptr ss:[ebp-C]
004DB5CF . E8 C0F5FFFF call videofix.004DAB94 ; (初始化 cpu 选择状态)
004DB5D4 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB5D7 . E8 D497F2FF call videofix.00404DB0
004DB5DC 83F8 1D cmp eax,1D
004DB5DF . 0F85 0C0D0000 jnz videofix.004DC2F1 ;第一个
004DB5E5 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB5E8 . 8078 05 2B cmp byte ptr ds:[eax+5],2B
004DB5EC 0F85 FF0C0000 jnz videofix.004DC2F1 ;2
004DB5F2 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB5F5 . 8078 0B 2B cmp byte ptr ds:[eax+B],2B
004DB5F9 0F85 F20C0000 jnz videofix.004DC2F1 ;3
004DB5FF . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB602 . 8078 11 2B cmp byte ptr ds:[eax+11],2B
004DB606 0F85 E50C0000 jnz videofix.004DC2F1 ;4
004DB60C . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB60F . 8078 17 2B cmp byte ptr ds:[eax+17],2B
004DB613 0F85 D80C0000 jnz videofix.004DC2F1 ;5
004DB619 . 33F6 xor esi,esi
004DB61B . BB 01000000 mov ebx,1
004DB620 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB623 . 8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB627 . E8 C8FBFFFF call videofix.004DB1F4
004DB62C . 84C0 test al,al
004DB62E . 74 12 je short videofix.004DB642
004DB630 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB633 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB638 . 03F0 add esi,eax
004DB63A . 83EE 41 sub esi,41
004DB63D . 83C6 0A add esi,0A
004DB640 . EB 0D jmp short videofix.004DB64F
004DB642 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB645 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB64A . 03F0 add esi,eax
004DB64C . 83EE 30 sub esi,30
004DB64F > 43 inc ebx
004DB650 . 83FB 06 cmp ebx,6
004DB653 .^ 75 CB jnz short videofix.004DB620
004DB655 . 83FE 23 cmp esi,23
004DB658 0F85 930C0000 jnz videofix.004DC2F1 ;6
004DB65E . 33F6 xor esi,esi
004DB660 . BB 07000000 mov ebx,7
004DB665 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB668 . 8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB66C . E8 83FBFFFF call videofix.004DB1F4
004DB671 . 84C0 test al,al
004DB673 . 74 12 je short videofix.004DB687
004DB675 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB678 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB67D . 03F0 add esi,eax
004DB67F . 83EE 41 sub esi,41
004DB682 . 83C6 0A add esi,0A
004DB685 . EB 0D jmp short videofix.004DB694
004DB687 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB68A . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB68F . 03F0 add esi,eax
004DB691 . 83EE 30 sub esi,30
004DB694 > 43 inc ebx
004DB695 . 83FB 0C cmp ebx,0C
004DB698 .^ 75 CB jnz short videofix.004DB665
004DB69A . 83FE 24 cmp esi,24
004DB69D 0F85 4E0C0000 jnz videofix.004DC2F1 ;7
004DB6A3 . 33F6 xor esi,esi
004DB6A5 . BB 0D000000 mov ebx,0D
004DB6AA > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6AD . 8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB6B1 . E8 3EFBFFFF call videofix.004DB1F4
004DB6B6 . 84C0 test al,al
004DB6B8 . 74 12 je short videofix.004DB6CC
004DB6BA . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6BD . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB6C2 . 03F0 add esi,eax
004DB6C4 . 83EE 41 sub esi,41
004DB6C7 . 83C6 0A add esi,0A
004DB6CA . EB 0D jmp short videofix.004DB6D9
004DB6CC > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6CF . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB6D4 . 03F0 add esi,eax
004DB6D6 . 83EE 30 sub esi,30
004DB6D9 > 43 inc ebx
004DB6DA . 83FB 12 cmp ebx,12
004DB6DD .^ 75 CB jnz short videofix.004DB6AA
004DB6DF . 83FE 25 cmp esi,25
004DB6E2 0F85 090C0000 jnz videofix.004DC2F1 ;8
004DB6E8 . 33F6 xor esi,esi
004DB6EA . BB 13000000 mov ebx,13
004DB6EF > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6F2 . 8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB6F6 . E8 F9FAFFFF call videofix.004DB1F4
004DB6FB . 84C0 test al,al
004DB6FD . 74 12 je short videofix.004DB711
004DB6FF . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB702 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB707 . 03F0 add esi,eax
004DB709 . 83EE 41 sub esi,41
004DB70C . 83C6 0A add esi,0A
004DB70F . EB 0D jmp short videofix.004DB71E
004DB711 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB714 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB719 . 03F0 add esi,eax
004DB71B . 83EE 30 sub esi,30
004DB71E > 43 inc ebx
004DB71F . 83FB 18 cmp ebx,18
004DB722 .^ 75 CB jnz short videofix.004DB6EF
004DB724 . 83FE 26 cmp esi,26
004DB727 0F85 C40B0000 jnz videofix.004DC2F1 ;9
004DB72D . 33F6 xor esi,esi
004DB72F . BB 19000000 mov ebx,19
004DB734 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB737 . 8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB73B . E8 B4FAFFFF call videofix.004DB1F4
004DB740 . 84C0 test al,al
004DB742 . 74 12 je short videofix.004DB756
004DB744 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB747 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB74C . 03F0 add esi,eax
004DB74E . 83EE 41 sub esi,41
004DB751 . 83C6 0A add esi,0A
004DB754 . EB 0D jmp short videofix.004DB763
004DB756 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB759 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB75E . 03F0 add esi,eax
004DB760 . 83EE 30 sub esi,30
004DB763 > 43 inc ebx
004DB764 . 83FB 1E cmp ebx,1E
004DB767 .^ 75 CB jnz short videofix.004DB734
004DB769 . 83FE 27 cmp esi,27
004DB76C 0F85 7F0B0000 jnz videofix.004DC2F1 ;10
004DB772 . 8D95 4CFEFFFF lea edx,dword ptr ss:[ebp-1B4]
004DB778 . 33C0 xor eax,eax
004DB77A . E8 D173F2FF call videofix.00402B50
004DB77F . 8B85 4CFEFFFF mov eax,dword ptr ss:[ebp-1B4]
004DB785 . 8D95 50FEFFFF lea edx,dword ptr ss:[ebp-1B0]
004DB78B . E8 DCE3F2FF call videofix.00409B6C
004DB790 . 8B95 50FEFFFF mov edx,dword ptr ss:[ebp-1B0]
004DB796 . 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004DB799 . B9 5CC44D00 mov ecx,videofix.004DC45C ; \key.dat
004DB79E . E8 5996F2FF call videofix.00404DFC
004DB7A3 . 8B55 F4 mov edx,dword ptr ss:[ebp-C]
004DB7A6 . 8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC]
004DB7AC . E8 5377F2FF call videofix.00402F04
004DB7B1 . BA 01000000 mov edx,1
004DB7B6 . 8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC]
004DB7BC . E8 DB7CF2FF call videofix.0040349C
004DB7C1 . E8 DE71F2FF call videofix.004029A4
004DB7C6 . 85C0 test eax,eax
004DB7C8 . 0F85 E10A0000 jnz videofix.004DC2AF
004DB7CE . FF75 A0 push dword ptr ss:[ebp-60]
全部改 jnz videofix.004DC2F 为je 004DC2F
看第5个后
有个比较
004DB613 0F85 D80C0000 jnz videofix.004DC2F1 ;5
004DB619 . 33F6 xor esi,esi
004DB61B . BB 01000000 mov ebx,1
004DB620 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB623 . 8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB627 . E8 C8FBFFFF call videofix.004DB1F4
004DB62C . 84C0 test al,al
004DB62E . 74 12 je short videofix.004DB642
004DB630 . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB633 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB638 . 03F0 add esi,eax
004DB63A . 83EE 41 sub esi,41
004DB63D . 83C6 0A add esi,0A
004DB640 . EB 0D jmp short videofix.004DB64F
004DB642 > 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB645 . 0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB64A . 03F0 add esi,eax
004DB64C . 83EE 30 sub esi,30
004DB64F > 43 inc ebx
004DB650 . 83FB 06 cmp ebx,6
004DB653 .^ 75 CB jnz short videofix.004DB620
004DB655 . 83FE 23 cmp esi,23
004DB658 0F85 930C0000 jnz videofix.004DC2F1 ;6
继续改
又有个比较
004DB658 /0F85 930C0000 jnz videofix.004DC2F1 ; 6
004DB65E . |33F6 xor esi,esi
004DB660 . |BB 07000000 mov ebx,7
004DB665 > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB668 . |8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB66C . |E8 83FBFFFF call videofix.004DB1F4
004DB671 . |84C0 test al,al
004DB673 . |74 12 je short videofix.004DB687
004DB675 . |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB678 . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB67D . |03F0 add esi,eax
004DB67F . |83EE 41 sub esi,41
004DB682 . |83C6 0A add esi,0A
004DB685 . |EB 0D jmp short videofix.004DB694
004DB687 > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB68A . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB68F . |03F0 add esi,eax
004DB691 . |83EE 30 sub esi,30
004DB694 > |43 inc ebx
004DB695 . |83FB 0C cmp ebx,0C
004DB698 .^|75 CB jnz short videofix.004DB665
004DB69A . |83FE 24 cmp esi,24
004DB69D |0F85 4E0C0000 jnz videofix.004DC2F1 ; 7
又是一段
004DB69D /0F85 4E0C0000 jnz videofix.004DC2F1 ; 7
004DB6A3 . |33F6 xor esi,esi
004DB6A5 . |BB 0D000000 mov ebx,0D
004DB6AA > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6AD . |8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB6B1 . |E8 3EFBFFFF call videofix.004DB1F4
004DB6B6 . |84C0 test al,al
004DB6B8 . |74 12 je short videofix.004DB6CC
004DB6BA . |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6BD . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB6C2 . |03F0 add esi,eax
004DB6C4 . |83EE 41 sub esi,41
004DB6C7 . |83C6 0A add esi,0A
004DB6CA . |EB 0D jmp short videofix.004DB6D9
004DB6CC > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6CF . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB6D4 . |03F0 add esi,eax
004DB6D6 . |83EE 30 sub esi,30
004DB6D9 > |43 inc ebx
004DB6DA . |83FB 12 cmp ebx,12
004DB6DD .^|75 CB jnz short videofix.004DB6AA
004DB6DF . |83FE 25 cmp esi,25
004DB6E2 |0F85 090C0000 jnz videofix.004DC2F1 ; 8
再来一次
004DB6E2 /0F85 090C0000 jnz videofix.004DC2F1 ; 8
004DB6E8 . |33F6 xor esi,esi
004DB6EA . |BB 13000000 mov ebx,13
004DB6EF > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB6F2 . |8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB6F6 . |E8 F9FAFFFF call videofix.004DB1F4
004DB6FB . |84C0 test al,al
004DB6FD . |74 12 je short videofix.004DB711
004DB6FF . |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB702 . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB707 . |03F0 add esi,eax
004DB709 . |83EE 41 sub esi,41
004DB70C . |83C6 0A add esi,0A
004DB70F . |EB 0D jmp short videofix.004DB71E
004DB711 > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB714 . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB719 . |03F0 add esi,eax
004DB71B . |83EE 30 sub esi,30
004DB71E > |43 inc ebx
004DB71F . |83FB 18 cmp ebx,18
004DB722 .^|75 CB jnz short videofix.004DB6EF
004DB724 . |83FE 26 cmp esi,26
004DB727 |0F85 C40B0000 jnz videofix.004DC2F1 ; 9
还有
004DB727 /0F85 C40B0000 jnz videofix.004DC2F1 ; 9
004DB72D . |33F6 xor esi,esi
004DB72F . |BB 19000000 mov ebx,19
004DB734 > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB737 . |8A4418 FF mov al,byte ptr ds:[eax+ebx-1]
004DB73B . |E8 B4FAFFFF call videofix.004DB1F4
004DB740 . |84C0 test al,al
004DB742 . |74 12 je short videofix.004DB756
004DB744 . |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB747 . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB74C . |03F0 add esi,eax
004DB74E . |83EE 41 sub esi,41
004DB751 . |83C6 0A add esi,0A
004DB754 . |EB 0D jmp short videofix.004DB763
004DB756 > |8B45 F8 mov eax,dword ptr ss:[ebp-8]
004DB759 . |0FB64418 FF movzx eax,byte ptr ds:[eax+ebx-1]
004DB75E . |03F0 add esi,eax
004DB760 . |83EE 30 sub esi,30
004DB763 > |43 inc ebx
004DB764 . |83FB 1E cmp ebx,1E
004DB767 .^|75 CB jnz short videofix.004DB734
004DB769 . |83FE 27 cmp esi,27
004DB76C |0F85 7F0B0000 jnz videofix.004DC2F1 ; 10
下面应该就是上演创建key.dat了
004DB76C /0F85 7F0B0000 jnz videofix.004DC2F1 ; 10
004DB772 . |8D95 4CFEFFFF lea edx,dword ptr ss:[ebp-1B4]
004DB778 . |33C0 xor eax,eax
004DB77A . |E8 D173F2FF call videofix.00402B50
004DB77F . |8B85 4CFEFFFF mov eax,dword ptr ss:[ebp-1B4]
004DB785 . |8D95 50FEFFFF lea edx,dword ptr ss:[ebp-1B0]
004DB78B . |E8 DCE3F2FF call videofix.00409B6C
004DB790 . |8B95 50FEFFFF mov edx,dword ptr ss:[ebp-1B0]
004DB796 . |8D45 F4 lea eax,dword ptr ss:[ebp-C]
004DB799 . |B9 5CC44D00 mov ecx,videofix.004DC45C ; \key.dat
004DB79E . |E8 5996F2FF call videofix.00404DFC
004DB7A3 . |8B55 F4 mov edx,dword ptr ss:[ebp-C]
004DB7A6 . |8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC]
004DB7AC . |E8 5377F2FF call videofix.00402F04
004DB7B1 . |BA 01000000 mov edx,1
004DB7B6 . |8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC]
004DB7BC . |E8 DB7CF2FF call videofix.0040349C
004DB7C1 . |E8 DE71F2FF call videofix.004029A4
004DB7C6 . |85C0 test eax,eax ;我们的key.dat就在上面就诞生了,不过还是个空文件
004DB7C8 . |0F85 E10A0000 jnz videofix.004DC2AF ;关键,这里就是往里写代码了吧
004DB7CE . |FF75 A0 push dword ptr ss:[ebp-60]
004DB7D1 . |68 70C44D00 push videofix.004DC470 ; t
004DB7D6 . |68 7CC44D00 push videofix.004DC47C ; e
004DB7DB . |68 88C44D00 push videofix.004DC488 ; s
004DB7E0 . |68 70C44D00 push videofix.004DC470 ; t
004DB7E5 . |68 44C44D00 push videofix.004DC444 ; 1
004DB7EA . |68 50C44D00 push videofix.004DC450 ; 2
004DB7EF . |68 94C44D00 push videofix.004DC494
004DB7F4 . |68 94C44D00 push videofix.004DC494
004DB7F9 . |68 94C44D00 push videofix.004DC494
004DB7FE . |68 94C44D00 push videofix.004DC494
004DB803 . |68 94C44D00 push videofix.004DC494
004DB808 . |68 94C44D00 push videofix.004DC494
004DB80D . |68 94C44D00 push videofix.004DC494
004DB812 . |68 94C44D00 push videofix.004DC494
004DB817 . |68 94C44D00 push videofix.004DC494
004DB81C . |68 94C44D00 push videofix.004DC494
004DB821 . |68 94C44D00 push videofix.004DC494
004DB826 . |68 94C44D00 push videofix.004DC494
004DB82B . |68 94C44D00 push videofix.004DC494
004DB830 . |68 94C44D00 push videofix.004DC494
004DB835 . |68 94C44D00 push videofix.004DC494
004DB83A . |68 94C44D00 push videofix.004DC494
004DB83F . |68 94C44D00 push videofix.004DC494
004DB844 . |68 94C44D00 push videofix.004DC494
004DB849 . |68 94C44D00 push videofix.004DC494
004DB84E . |68 94C44D00 push videofix.004DC494
004DB853 . |68 94C44D00 push videofix.004DC494
004DB858 . |68 94C44D00 push videofix.004DC494
004DB85D . |68 94C44D00 push videofix.004DC494
004DB862 . |68 94C44D00 push videofix.004DC494
004DB867 . |68 94C44D00 push videofix.004DC494
004DB86C . |68 94C44D00 push videofix.004DC494
004DB871 . |68 A0C44D00 push videofix.004DC4A0
004DB876 . |68 A0C44D00 push videofix.004DC4A0
004DB87B . |68 A0C44D00 push videofix.004DC4A0
004DB880 . |68 A0C44D00 push videofix.004DC4A0
004DB885 . |68 A0C44D00 push videofix.004DC4A0
004DB88A . |68 A0C44D00 push videofix.004DC4A0
004DB88F . |68 A0C44D00 push videofix.004DC4A0
004DB894 . |68 A0C44D00 push videofix.004DC4A0
004DB899 . |68 A0C44D00 push videofix.004DC4A0
004DB89E . |68 A0C44D00 push videofix.004DC4A0
004DB8A3 . |68 A0C44D00 push videofix.004DC4A0
004DB8A8 . |68 A0C44D00 push videofix.004DC4A0
004DB8AD . |68 A0C44D00 push videofix.004DC4A0
004DB8B2 . |68 A0C44D00 push videofix.004DC4A0
004DB8B7 . |68 A0C44D00 push videofix.004DC4A0
004DB8BC . |68 A0C44D00 push videofix.004DC4A0
004DB8C1 . |68 A0C44D00 push videofix.004DC4A0
004DB8C6 . |68 A0C44D00 push videofix.004DC4A0
004DB8CB . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DB8CE . |BA 33000000 mov edx,33
004DB8D3 . |E8 9895F2FF call videofix.00404E70
004DB8D8 . |FF75 A0 push dword ptr ss:[ebp-60]
004DB8DB . |68 A0C44D00 push videofix.004DC4A0
004DB8E0 . |68 A0C44D00 push videofix.004DC4A0
004DB8E5 . |68 A0C44D00 push videofix.004DC4A0
004DB8EA . |68 A0C44D00 push videofix.004DC4A0
004DB8EF . |68 A0C44D00 push videofix.004DC4A0
004DB8F4 . |68 A0C44D00 push videofix.004DC4A0
004DB8F9 . |68 A0C44D00 push videofix.004DC4A0
004DB8FE . |68 A0C44D00 push videofix.004DC4A0
004DB903 . |68 A0C44D00 push videofix.004DC4A0
004DB908 . |68 A0C44D00 push videofix.004DC4A0
004DB90D . |68 A0C44D00 push videofix.004DC4A0
004DB912 . |68 A0C44D00 push videofix.004DC4A0
004DB917 . |68 A0C44D00 push videofix.004DC4A0
004DB91C . |68 A0C44D00 push videofix.004DC4A0
004DB921 . |68 ACC44D00 push videofix.004DC4AC ; w
004DB926 . |68 B8C44D00 push videofix.004DC4B8 ; 6
004DB92B . |68 C4C44D00 push videofix.004DC4C4
004DB930 . |68 D0C44D00 push videofix.004DC4D0
004DB935 . |68 DCC44D00 push videofix.004DC4DC
004DB93A . |68 E8C44D00 push videofix.004DC4E8
004DB93F . |68 F4C44D00 push videofix.004DC4F4 ; 8
004DB944 . |68 00C54D00 push videofix.004DC500 ; =
004DB949 . |68 0CC54D00 push videofix.004DC50C
004DB94E . |68 18C54D00 push videofix.004DC518
004DB953 . |68 24C54D00 push videofix.004DC524
004DB958 . |68 30C54D00 push videofix.004DC530 ; m
004DB95D . |68 3CC54D00 push videofix.004DC53C ; e
004DB962 . |68 48C54D00 push videofix.004DC548
004DB967 . |68 54C54D00 push videofix.004DC554 ; k
004DB96C . |68 60C54D00 push videofix.004DC560
004DB971 . |68 6CC54D00 push videofix.004DC56C
004DB976 . |68 78C54D00 push videofix.004DC578
004DB97B . |68 84C54D00 push videofix.004DC584
004DB980 . |68 90C54D00 push videofix.004DC590
004DB985 . |68 9CC54D00 push videofix.004DC59C
004DB98A . |68 A8C54D00 push videofix.004DC5A8 ; q
004DB98F . |68 B4C54D00 push videofix.004DC5B4
004DB994 . |68 C0C54D00 push videofix.004DC5C0
004DB999 . |68 CCC54D00 push videofix.004DC5CC ; `
004DB99E . |68 D8C54D00 push videofix.004DC5D8 ; r
004DB9A3 . |68 E4C54D00 push videofix.004DC5E4 ; f
004DB9A8 . |68 F0C54D00 push videofix.004DC5F0
004DB9AD . |68 FCC54D00 push videofix.004DC5FC
004DB9B2 . |68 08C64D00 push videofix.004DC608
004DB9B7 . |68 14C64D00 push videofix.004DC614
004DB9BC . |68 20C64D00 push videofix.004DC620
004DB9C1 . |68 2CC64D00 push videofix.004DC62C ; n
004DB9C6 . |68 38C64D00 push videofix.004DC638 ; }
004DB9CB . |68 44C64D00 push videofix.004DC644 ; .
004DB9D0 . |68 50C64D00 push videofix.004DC650 ; 7
004DB9D5 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DB9D8 . |BA 33000000 mov edx,33
004DB9DD . |E8 8E94F2FF call videofix.00404E70
004DB9E2 . |FF75 A0 push dword ptr ss:[ebp-60]
004DB9E5 . |68 5CC64D00 push videofix.004DC65C
004DB9EA . |68 88C44D00 push videofix.004DC488 ; s
004DB9EF . |68 68C64D00 push videofix.004DC668 ; \
004DB9F4 . |68 74C64D00 push videofix.004DC674
004DB9F9 . |68 80C64D00 push videofix.004DC680
004DB9FE . |68 8CC64D00 push videofix.004DC68C
004DBA03 . |68 98C64D00 push videofix.004DC698 ; g
004DBA08 . |68 A4C64D00 push videofix.004DC6A4
004DBA0D . |68 B0C64D00 push videofix.004DC6B0
004DBA12 . |68 BCC64D00 push videofix.004DC6BC
004DBA17 . |68 C8C64D00 push videofix.004DC6C8
004DBA1C . |68 A4C64D00 push videofix.004DC6A4
004DBA21 . |68 D4C64D00 push videofix.004DC6D4 ; j
004DBA26 . |68 E0C64D00 push videofix.004DC6E0 ; $
004DBA2B . |68 ECC64D00 push videofix.004DC6EC
004DBA30 . |68 B0C64D00 push videofix.004DC6B0
004DBA35 . |68 F8C64D00 push videofix.004DC6F8 ; i
004DBA3A . |68 04C74D00 push videofix.004DC704
004DBA3F . |68 10C74D00 push videofix.004DC710
004DBA44 . |68 1CC74D00 push videofix.004DC71C
004DBA49 . |68 28C74D00 push videofix.004DC728 ; _
004DBA4E . |68 ACC44D00 push videofix.004DC4AC ; w
004DBA53 . |68 34C74D00 push videofix.004DC734 ; m
004DBA58 . |68 40C74D00 push videofix.004DC740 ; u
004DBA5D . |68 4CC74D00 push videofix.004DC74C
004DBA62 . |68 4CC74D00 push videofix.004DC74C
004DBA67 . |68 5CC64D00 push videofix.004DC65C
004DBA6C . |68 58C74D00 push videofix.004DC758
004DBA71 . |68 64C74D00 push videofix.004DC764
004DBA76 . |68 70C74D00 push videofix.004DC770
004DBA7B . |68 7CC74D00 push videofix.004DC77C ; 3
004DBA80 . |68 88C74D00 push videofix.004DC788
004DBA85 . |68 94C74D00 push videofix.004DC794 ; x
004DBA8A . |68 A0C74D00 push videofix.004DC7A0 ; k
004DBA8F . |68 18C54D00 push videofix.004DC518
004DBA94 . |68 DCC44D00 push videofix.004DC4DC
004DBA99 . |68 10C74D00 push videofix.004DC710
004DBA9E . |68 F4C44D00 push videofix.004DC4F4 ; 8
004DBAA3 . |68 ACC74D00 push videofix.004DC7AC ; i
004DBAA8 . |68 B8C74D00 push videofix.004DC7B8 ; o
004DBAAD . |68 70C44D00 push videofix.004DC470 ; t
004DBAB2 . |68 C4C74D00 push videofix.004DC7C4 ; *
004DBAB7 . |68 D0C74D00 push videofix.004DC7D0
004DBABC . |68 DCC74D00 push videofix.004DC7DC
004DBAC1 . |68 E8C74D00 push videofix.004DC7E8 ; z
004DBAC6 . |68 F4C74D00 push videofix.004DC7F4 ; h
004DBACB . |68 34C74D00 push videofix.004DC734 ; m
004DBAD0 . |68 00C84D00 push videofix.004DC800
004DBAD5 . |68 0CC84D00 push videofix.004DC80C ; /
004DBADA . |68 18C84D00 push videofix.004DC818
004DBADF . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DBAE2 . |BA 33000000 mov edx,33
004DBAE7 . |E8 8493F2FF call videofix.00404E70
004DBAEC . |FF75 A0 push dword ptr ss:[ebp-60]
004DBAEF . |68 D0C74D00 push videofix.004DC7D0
004DBAF4 . |68 24C84D00 push videofix.004DC824 ; ~
004DBAF9 . |68 30C84D00 push videofix.004DC830 ; -
004DBAFE . |68 3CC84D00 push videofix.004DC83C ; l
004DBB03 . |68 48C84D00 push videofix.004DC848 ; v
004DBB08 . |68 B0C64D00 push videofix.004DC6B0
004DBB0D . |68 54C84D00 push videofix.004DC854
004DBB12 . |68 60C84D00 push videofix.004DC860 ; ^
004DBB17 . |68 6CC84D00 push videofix.004DC86C
004DBB1C . |68 ACC74D00 push videofix.004DC7AC ; i
004DBB21 . |68 E8C74D00 push videofix.004DC7E8 ; z
004DBB26 . |68 78C84D00 push videofix.004DC878 ; f
004DBB2B . |68 84C84D00 push videofix.004DC884
004DBB30 . |68 90C84D00 push videofix.004DC890
004DBB35 . |68 48C84D00 push videofix.004DC848 ; v
004DBB3A . |68 9CC84D00 push videofix.004DC89C
004DBB3F . |68 A8C84D00 push videofix.004DC8A8
004DBB44 . |68 58C74D00 push videofix.004DC758
004DBB49 . |68 B4C84D00 push videofix.004DC8B4
004DBB4E . |68 C0C84D00 push videofix.004DC8C0
004DBB53 . |68 CCC84D00 push videofix.004DC8CC
004DBB58 . |68 B8C74D00 push videofix.004DC7B8 ; o
004DBB5D . |68 D8C84D00 push videofix.004DC8D8
004DBB62 . |68 E4C84D00 push videofix.004DC8E4 ; y
004DBB67 . |68 F0C84D00 push videofix.004DC8F0
004DBB6C . |68 FCC84D00 push videofix.004DC8FC
004DBB71 . |68 D4C64D00 push videofix.004DC6D4 ; j
004DBB76 . |68 08C94D00 push videofix.004DC908 ; <
004DBB7B . |68 88C74D00 push videofix.004DC788
004DBB80 . |68 14C94D00 push videofix.004DC914
004DBB85 . |68 F4C44D00 push videofix.004DC4F4 ; 8
004DBB8A . |68 FCC84D00 push videofix.004DC8FC
004DBB8F . |68 38C64D00 push videofix.004DC638 ; }
004DBB94 . |68 20C94D00 push videofix.004DC920 ; y
004DBB99 . |68 2CC94D00 push videofix.004DC92C
004DBB9E . |68 18C54D00 push videofix.004DC518
004DBBA3 . |68 A0C44D00 push videofix.004DC4A0
004DBBA8 . |68 F0C54D00 push videofix.004DC5F0
004DBBAD . |68 38C94D00 push videofix.004DC938
004DBBB2 . |68 44C94D00 push videofix.004DC944
004DBBB7 . |68 50C94D00 push videofix.004DC950 ; s
004DBBBC . |68 5CC94D00 push videofix.004DC95C
004DBBC1 . |68 A0C44D00 push videofix.004DC4A0
004DBBC6 . |68 A0C44D00 push videofix.004DC4A0
004DBBCB . |68 A0C44D00 push videofix.004DC4A0
004DBBD0 . |68 A0C44D00 push videofix.004DC4A0
004DBBD5 . |68 A0C44D00 push videofix.004DC4A0
004DBBDA . |68 A0C44D00 push videofix.004DC4A0
004DBBDF . |68 A0C44D00 push videofix.004DC4A0
004DBBE4 . |68 A0C44D00 push videofix.004DC4A0
004DBBE9 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DBBEC . |BA 33000000 mov edx,33
004DBBF1 . |E8 7A92F2FF call videofix.00404E70
004DBBF6 . |FF75 A0 push dword ptr ss:[ebp-60]
004DBBF9 . |68 A0C44D00 push videofix.004DC4A0
004DBBFE . |68 A0C44D00 push videofix.004DC4A0
004DBC03 . |68 A0C44D00 push videofix.004DC4A0
004DBC08 . |68 A0C44D00 push videofix.004DC4A0
004DBC0D . |68 A0C44D00 push videofix.004DC4A0
004DBC12 . |68 A0C44D00 push videofix.004DC4A0
004DBC17 . |68 A0C44D00 push videofix.004DC4A0
004DBC1C . |68 A0C44D00 push videofix.004DC4A0
004DBC21 . |68 68C94D00 push videofix.004DC968 ; \n
004DBC26 . |68 98C64D00 push videofix.004DC698 ; g
004DBC2B . |68 A0C44D00 push videofix.004DC4A0
004DBC30 . |68 A0C44D00 push videofix.004DC4A0
004DBC35 . |68 A0C44D00 push videofix.004DC4A0
004DBC3A . |68 A0C44D00 push videofix.004DC4A0
004DBC3F . |68 A0C44D00 push videofix.004DC4A0
004DBC44 . |68 A0C44D00 push videofix.004DC4A0
004DBC49 . |68 A0C44D00 push videofix.004DC4A0
004DBC4E . |68 A0C44D00 push videofix.004DC4A0
004DBC53 . |68 A0C44D00 push videofix.004DC4A0
004DBC58 . |68 A0C44D00 push videofix.004DC4A0
004DBC5D . |68 A0C44D00 push videofix.004DC4A0
004DBC62 . |68 A0C44D00 push videofix.004DC4A0
004DBC67 . |68 A0C44D00 push videofix.004DC4A0
004DBC6C . |68 A0C44D00 push videofix.004DC4A0
004DBC71 . |68 0CC84D00 push videofix.004DC80C ; /
004DBC76 . |68 50C94D00 push videofix.004DC950 ; s
004DBC7B . |68 74C94D00 push videofix.004DC974
004DBC80 . |68 80C94D00 push videofix.004DC980
004DBC85 . |68 8CC94D00 push videofix.004DC98C
004DBC8A . |68 04C74D00 push videofix.004DC704
004DBC8F . |68 54C84D00 push videofix.004DC854
004DBC94 . |68 98C94D00 push videofix.004DC998
004DBC99 . |68 A4C94D00 push videofix.004DC9A4 ; 0
004DBC9E . |68 B0C94D00 push videofix.004DC9B0
004DBCA3 . |68 BCC94D00 push videofix.004DC9BC
004DBCA8 . |68 C8C94D00 push videofix.004DC9C8 ; %
004DBCAD . |68 74C64D00 push videofix.004DC674
004DBCB2 . |68 D4C94D00 push videofix.004DC9D4 ; v
004DBCB7 . |68 94C74D00 push videofix.004DC794 ; x
004DBCBC . |68 E0C94D00 push videofix.004DC9E0 ; t
004DBCC1 . |68 ECC94D00 push videofix.004DC9EC ; q
004DBCC6 . |68 F8C94D00 push videofix.004DC9F8
004DBCCB . |68 04CA4D00 push videofix.004DCA04 ; "
004DBCD0 . |68 B8C44D00 push videofix.004DC4B8 ; 6
004DBCD5 . |68 10CA4D00 push videofix.004DCA10
004DBCDA . |68 1CCA4D00 push videofix.004DCA1C
004DBCDF . |68 00C84D00 push videofix.004DC800
004DBCE4 . |68 24C84D00 push videofix.004DC824 ; ~
004DBCE9 . |68 ACC44D00 push videofix.004DC4AC ; w
004DBCEE . |68 28CA4D00 push videofix.004DCA28
004DBCF3 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DBCF6 . |BA 33000000 mov edx,33
004DBCFB . |E8 7091F2FF call videofix.00404E70
004DBD00 . |FF75 A0 push dword ptr ss:[ebp-60]
004DBD03 . |68 98C94D00 push videofix.004DC998
004DBD08 . |68 84C54D00 push videofix.004DC584
004DBD0D . |68 34CA4D00 push videofix.004DCA34
004DBD12 . |68 70C44D00 push videofix.004DC470 ; t
004DBD17 . |68 40CA4D00 push videofix.004DCA40
004DBD1C . |68 4CCA4D00 push videofix.004DCA4C
004DBD21 . |68 58CA4D00 push videofix.004DCA58
004DBD26 . |68 D4C94D00 push videofix.004DC9D4 ; v
004DBD2B . |68 80C94D00 push videofix.004DC980
004DBD30 . |68 64CA4D00 push videofix.004DCA64
004DBD35 . |68 70CA4D00 push videofix.004DCA70 ; a
004DBD3A . |68 40C74D00 push videofix.004DC740 ; u
004DBD3F . |68 7CCA4D00 push videofix.004DCA7C
004DBD44 . |68 10CA4D00 push videofix.004DCA10
004DBD49 . |68 88CA4D00 push videofix.004DCA88
004DBD4E . |68 F4C44D00 push videofix.004DC4F4 ; 8
004DBD53 . |68 04CA4D00 push videofix.004DCA04 ; "
004DBD58 . |68 94CA4D00 push videofix.004DCA94
004DBD5D . |68 A0CA4D00 push videofix.004DCAA0
004DBD62 . |68 7CC44D00 push videofix.004DC47C ; e
004DBD67 . |68 6CC54D00 push videofix.004DC56C
004DBD6C . |68 18C54D00 push videofix.004DC518
004DBD71 . |68 ACCA4D00 push videofix.004DCAAC ; c
004DBD76 . |68 B8CA4D00 push videofix.004DCAB8
004DBD7B . |68 C0C54D00 push videofix.004DC5C0
004DBD80 . |68 C4CA4D00 push videofix.004DCAC4 ; !
004DBD85 . |68 D0CA4D00 push videofix.004DCAD0
004DBD8A . |68 D8C84D00 push videofix.004DC8D8
004DBD8F . |68 ACC74D00 push videofix.004DC7AC ; i
004DBD94 . |68 D8C54D00 push videofix.004DC5D8 ; r
004DBD99 . |68 DCCA4D00 push videofix.004DCADC
004DBD9E . |68 E8CA4D00 push videofix.004DCAE8
004DBDA3 . |68 E4C84D00 push videofix.004DC8E4 ; y
004DBDA8 . |68 F4CA4D00 push videofix.004DCAF4
004DBDAD . |68 00CB4D00 push videofix.004DCB00 ; b
004DBDB2 . |68 48C54D00 push videofix.004DC548
004DBDB7 . |68 80C94D00 push videofix.004DC980
004DBDBC . |68 0CCB4D00 push videofix.004DCB0C
004DBDC1 . |68 D8C84D00 push videofix.004DC8D8
004DBDC6 . |68 94CA4D00 push videofix.004DCA94
004DBDCB . |68 38C94D00 push videofix.004DC938
004DBDD0 . |68 18CB4D00 push videofix.004DCB18 ; '
004DBDD5 . |68 18C84D00 push videofix.004DC818
004DBDDA . |68 24CB4D00 push videofix.004DCB24 ; j
004DBDDF . |68 30CB4D00 push videofix.004DCB30 ; d
004DBDE4 . |68 00C84D00 push videofix.004DC800
004DBDE9 . |68 00C84D00 push videofix.004DC800
004DBDEE . |68 A4C64D00 push videofix.004DC6A4
004DBDF3 . |68 3CCB4D00 push videofix.004DCB3C
004DBDF8 . |68 9CC84D00 push videofix.004DC89C
004DBDFD . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DBE00 . |BA 33000000 mov edx,33
004DBE05 . |E8 6690F2FF call videofix.00404E70
004DBE0A . |FF75 A0 push dword ptr ss:[ebp-60]
004DBE0D . |68 48CB4D00 push videofix.004DCB48
004DBE12 . |68 48C84D00 push videofix.004DC848 ; v
004DBE17 . |68 54CB4D00 push videofix.004DCB54 ; \t
004DBE1C . |68 CCC54D00 push videofix.004DC5CC ; `
004DBE21 . |68 60CB4D00 push videofix.004DCB60
004DBE26 . |68 3CC84D00 push videofix.004DC83C ; l
004DBE2B . |68 6CCB4D00 push videofix.004DCB6C ; |
004DBE30 . |68 28C74D00 push videofix.004DC728 ; _
004DBE35 . |68 D0C44D00 push videofix.004DC4D0
004DBE3A . |68 78CB4D00 push videofix.004DCB78
004DBE3F . |68 84CB4D00 push videofix.004DCB84
004DBE44 . |68 90CB4D00 push videofix.004DCB90
004DBE49 . |68 44C64D00 push videofix.004DC644 ; .
004DBE4E . |68 A0C74D00 push videofix.004DC7A0 ; k
004DBE53 . |68 60C54D00 push videofix.004DC560
004DBE58 . |68 B8C44D00 push videofix.004DC4B8 ; 6
004DBE5D . |68 44C64D00 push videofix.004DC644 ; .
004DBE62 . |68 CCC54D00 push videofix.004DC5CC ; `
004DBE67 . |68 F0C84D00 push videofix.004DC8F0
004DBE6C . |68 E8CA4D00 push videofix.004DCAE8
004DBE71 . |68 9CCB4D00 push videofix.004DCB9C ; &
004DBE76 . |68 A8CB4D00 push videofix.004DCBA8
004DBE7B . |68 B4CB4D00 push videofix.004DCBB4
004DBE80 . |68 C0CB4D00 push videofix.004DCBC0
004DBE85 . |68 CCCB4D00 push videofix.004DCBCC
004DBE8A . |68 58CA4D00 push videofix.004DCA58
004DBE8F . |68 D8CB4D00 push videofix.004DCBD8 ; :
004DBE94 . |68 E4CB4D00 push videofix.004DCBE4
004DBE99 . |68 28CA4D00 push videofix.004DCA28
004DBE9E . |68 34C74D00 push videofix.004DC734 ; m
004DBEA3 . |68 ACCA4D00 push videofix.004DCAAC ; c
004DBEA8 . |68 F0CB4D00 push videofix.004DCBF0
004DBEAD . |68 FCCB4D00 push videofix.004DCBFC
004DBEB2 . |68 A4C94D00 push videofix.004DC9A4 ; 0
004DBEB7 . |68 08CC4D00 push videofix.004DCC08
004DBEBC . |68 D4C94D00 push videofix.004DC9D4 ; v
004DBEC1 . |68 30C84D00 push videofix.004DC830 ; -
004DBEC6 . |68 14CC4D00 push videofix.004DCC14 ; n
004DBECB . |68 BCC94D00 push videofix.004DC9BC
004DBED0 . |68 20CC4D00 push videofix.004DCC20 ; (
004DBED5 . |68 88CA4D00 push videofix.004DCA88
004DBEDA . |68 A8CB4D00 push videofix.004DCBA8
004DBEDF . |68 2CCC4D00 push videofix.004DCC2C
004DBEE4 . |68 C4C44D00 push videofix.004DC4C4
004DBEE9 . |68 38CC4D00 push videofix.004DCC38 ; 4
004DBEEE . |68 44CC4D00 push videofix.004DCC44 ; h
004DBEF3 . |68 50CC4D00 push videofix.004DCC50
004DBEF8 . |68 1CC74D00 push videofix.004DC71C
004DBEFD . |68 60CB4D00 push videofix.004DCB60
004DBF02 . |68 5CCC4D00 push videofix.004DCC5C
004DBF07 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DBF0A . |BA 33000000 mov edx,33
004DBF0F . |E8 5C8FF2FF call videofix.00404E70
004DBF14 . |FF75 A0 push dword ptr ss:[ebp-60]
004DBF17 . |68 30C84D00 push videofix.004DC830 ; -
004DBF1C . |68 ACC74D00 push videofix.004DC7AC ; i
004DBF21 . |68 A0C44D00 push videofix.004DC4A0
004DBF26 . |68 A0C44D00 push videofix.004DC4A0
004DBF2B . |68 A0C44D00 push videofix.004DC4A0
004DBF30 . |68 A0C44D00 push videofix.004DC4A0
004DBF35 . |68 A0C44D00 push videofix.004DC4A0
004DBF3A . |68 A0C44D00 push videofix.004DC4A0
004DBF3F . |68 A0C44D00 push videofix.004DC4A0
004DBF44 . |68 A0C44D00 push videofix.004DC4A0
004DBF49 . |68 A0C44D00 push videofix.004DC4A0
004DBF4E . |68 A0C44D00 push videofix.004DC4A0
004DBF53 . |68 A0C44D00 push videofix.004DC4A0
004DBF58 . |68 A0C44D00 push videofix.004DC4A0
004DBF5D . |68 A0C44D00 push videofix.004DC4A0
004DBF62 . |68 A0C44D00 push videofix.004DC4A0
004DBF67 . |68 A0C44D00 push videofix.004DC4A0
004DBF6C . |68 A0C44D00 push videofix.004DC4A0
004DBF71 . |68 70C44D00 push videofix.004DC470 ; t
004DBF76 . |68 04CA4D00 push videofix.004DCA04 ; "
004DBF7B . |68 A0CA4D00 push videofix.004DCAA0
004DBF80 . |68 F0C84D00 push videofix.004DC8F0
004DBF85 . |68 A0C74D00 push videofix.004DC7A0 ; k
004DBF8A . |68 68CC4D00 push videofix.004DCC68
004DBF8F . |68 24C54D00 push videofix.004DC524
004DBF94 . |68 94C74D00 push videofix.004DC794 ; x
004DBF99 . |68 14CC4D00 push videofix.004DCC14 ; n
004DBF9E . |68 74CC4D00 push videofix.004DCC74 ; ?
004DBFA3 . |68 E8CA4D00 push videofix.004DCAE8
004DBFA8 . |68 F4C44D00 push videofix.004DC4F4 ; 8
004DBFAD . |68 80CC4D00 push videofix.004DCC80 ; p
004DBFB2 . |68 8CCC4D00 push videofix.004DCC8C ; c
004DBFB7 . |68 08C94D00 push videofix.004DC908 ; <
004DBFBC . |68 08C94D00 push videofix.004DC908 ; <
004DBFC1 . |68 98CC4D00 push videofix.004DCC98
004DBFC6 . |68 B4C54D00 push videofix.004DC5B4
004DBFCB . |68 50C64D00 push videofix.004DC650 ; 7
004DBFD0 . |68 A4CC4D00 push videofix.004DCCA4
004DBFD5 . |68 80CC4D00 push videofix.004DCC80 ; p
004DBFDA . |68 48C84D00 push videofix.004DC848 ; v
004DBFDF . |68 B0CC4D00 push videofix.004DCCB0
004DBFE4 . |68 10CA4D00 push videofix.004DCA10
004DBFE9 . |68 BCC94D00 push videofix.004DC9BC
004DBFEE . |68 BCCC4D00 push videofix.004DCCBC
004DBFF3 . |68 C8CC4D00 push videofix.004DCCC8
004DBFF8 . |68 D8C84D00 push videofix.004DC8D8
004DBFFD . |68 D4CC4D00 push videofix.004DCCD4
004DC002 . |68 04CA4D00 push videofix.004DCA04 ; "
004DC007 . |68 E0CC4D00 push videofix.004DCCE0 ; b
004DC00C . |68 F0CB4D00 push videofix.004DCBF0
004DC011 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DC014 . |BA 33000000 mov edx,33
004DC019 . |E8 528EF2FF call videofix.00404E70
004DC01E . |FF75 A0 push dword ptr ss:[ebp-60]
004DC021 . |68 74C94D00 push videofix.004DC974
004DC026 . |68 68CC4D00 push videofix.004DCC68
004DC02B . |68 40CA4D00 push videofix.004DCA40
004DC030 . |68 4CC74D00 push videofix.004DC74C
004DC035 . |68 A8CB4D00 push videofix.004DCBA8
004DC03A . |68 7CC44D00 push videofix.004DC47C ; e
004DC03F . |68 F4C44D00 push videofix.004DC4F4 ; 8
004DC044 . |68 D0C74D00 push videofix.004DC7D0
004DC049 . |68 ECCC4D00 push videofix.004DCCEC
004DC04E . |68 DCC74D00 push videofix.004DC7DC
004DC053 . |68 B0CC4D00 push videofix.004DCCB0
004DC058 . |68 F8CC4D00 push videofix.004DCCF8 ; g
004DC05D . |68 04CD4D00 push videofix.004DCD04
004DC062 . |68 DCC74D00 push videofix.004DC7DC
004DC067 . |68 54C84D00 push videofix.004DC854
004DC06C . |68 CCC84D00 push videofix.004DC8CC
004DC071 . |68 08C94D00 push videofix.004DC908 ; <
004DC076 . |68 10CD4D00 push videofix.004DCD10 ; {
004DC07B . |68 7CC44D00 push videofix.004DC47C ; e
004DC080 . |68 24C84D00 push videofix.004DC824 ; ~
004DC085 . |68 8CCC4D00 push videofix.004DCC8C ; c
004DC08A . |68 C8CC4D00 push videofix.004DCCC8
004DC08F . |68 40C74D00 push videofix.004DC740 ; u
004DC094 . |68 C8C64D00 push videofix.004DC6C8
004DC099 . |68 54C84D00 push videofix.004DC854
004DC09E . |68 2CCC4D00 push videofix.004DCC2C
004DC0A3 . |68 04CD4D00 push videofix.004DCD04
004DC0A8 . |68 4CCA4D00 push videofix.004DCA4C
004DC0AD . |68 1CCD4D00 push videofix.004DCD1C
004DC0B2 . |68 28CD4D00 push videofix.004DCD28 ; ]
004DC0B7 . |68 34CD4D00 push videofix.004DCD34
004DC0BC . |68 B4CB4D00 push videofix.004DCBB4
004DC0C1 . |68 ECCC4D00 push videofix.004DCCEC
004DC0C6 . |68 20CC4D00 push videofix.004DCC20 ; (
004DC0CB . |68 40CD4D00 push videofix.004DCD40
004DC0D0 . |68 4CCD4D00 push videofix.004DCD4C
004DC0D5 . |68 40CD4D00 push videofix.004DCD40
004DC0DA . |68 D8CB4D00 push videofix.004DCBD8 ; :
004DC0DF . |68 14C94D00 push videofix.004DC914
004DC0E4 . |68 28CA4D00 push videofix.004DCA28
004DC0E9 . |68 58CD4D00 push videofix.004DCD58 ; r
004DC0EE . |68 64CD4D00 push videofix.004DCD64
004DC0F3 . |68 70CD4D00 push videofix.004DCD70
004DC0F8 . |68 E8C44D00 push videofix.004DC4E8
004DC0FD . |68 18C84D00 push videofix.004DC818
004DC102 . |68 D8C84D00 push videofix.004DC8D8
004DC107 . |68 B8C74D00 push videofix.004DC7B8 ; o
004DC10C . |68 60CB4D00 push videofix.004DCB60
004DC111 . |68 54C84D00 push videofix.004DC854
004DC116 . |68 FCC84D00 push videofix.004DC8FC
004DC11B . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DC11E . |BA 33000000 mov edx,33
004DC123 . |E8 488DF2FF call videofix.00404E70
004DC128 . |FF75 A0 push dword ptr ss:[ebp-60]
004DC12B . |68 7CCD4D00 push videofix.004DCD7C
004DC130 . |68 ACCA4D00 push videofix.004DCAAC ; c
004DC135 . |68 4CCD4D00 push videofix.004DCD4C
004DC13A . |68 88CD4D00 push videofix.004DCD88 ; 5
004DC13F . |68 ECC94D00 push videofix.004DC9EC ; q
004DC144 . |68 94CD4D00 push videofix.004DCD94 ; z
004DC149 . |68 00C54D00 push videofix.004DC500 ; =
004DC14E . |68 A4CC4D00 push videofix.004DCCA4
004DC153 . |68 88CA4D00 push videofix.004DCA88
004DC158 . |68 04CD4D00 push videofix.004DCD04
004DC15D . |68 ACC44D00 push videofix.004DC4AC ; w
004DC162 . |68 F4C74D00 push videofix.004DC7F4 ; h
004DC167 . |68 A0CD4D00 push videofix.004DCDA0 ; w
004DC16C . |68 ACCD4D00 push videofix.004DCDAC
004DC171 . |68 E0CC4D00 push videofix.004DCCE0 ; b
004DC176 . |68 B8CD4D00 push videofix.004DCDB8
004DC17B . |68 C4CD4D00 push videofix.004DCDC4
004DC180 . |68 04CD4D00 push videofix.004DCD04
004DC185 . |68 C4CA4D00 push videofix.004DCAC4 ; !
004DC18A . |68 D0CD4D00 push videofix.004DCDD0
004DC18F . |68 B8CD4D00 push videofix.004DCDB8
004DC194 . |68 30C84D00 push videofix.004DC830 ; -
004DC199 . |68 ACCD4D00 push videofix.004DCDAC
004DC19E . |68 DCCD4D00 push videofix.004DCDDC
004DC1A3 . |68 70C74D00 push videofix.004DC770
004DC1A8 . |68 E8CD4D00 push videofix.004DCDE8
004DC1AD . |68 D8CB4D00 push videofix.004DCBD8 ; :
004DC1B2 . |68 50C44D00 push videofix.004DC450 ; 2
004DC1B7 . |68 B4CB4D00 push videofix.004DCBB4
004DC1BC . |68 50C64D00 push videofix.004DC650 ; 7
004DC1C1 . |68 C4C74D00 push videofix.004DC7C4 ; *
004DC1C6 . |68 1CCA4D00 push videofix.004DCA1C
004DC1CB . |68 7CC74D00 push videofix.004DC77C ; 3
004DC1D0 . |68 F4CD4D00 push videofix.004DCDF4 ; ;
004DC1D5 . |68 14C94D00 push videofix.004DC914
004DC1DA . |68 E4C84D00 push videofix.004DC8E4 ; y
004DC1DF . |68 00CE4D00 push videofix.004DCE00
004DC1E4 . |68 F4C74D00 push videofix.004DC7F4 ; h
004DC1E9 . |68 0CCE4D00 push videofix.004DCE0C
004DC1EE . |68 C4CD4D00 push videofix.004DCDC4
004DC1F3 . |68 7CCD4D00 push videofix.004DCD7C
004DC1F8 . |68 5CC64D00 push videofix.004DC65C
004DC1FD . |68 F8C94D00 push videofix.004DC9F8
004DC202 . |68 38C94D00 push videofix.004DC938
004DC207 . |68 F8CC4D00 push videofix.004DCCF8 ; g
004DC20C . |68 38CC4D00 push videofix.004DCC38 ; 4
004DC211 . |68 A0C44D00 push videofix.004DC4A0
004DC216 . |68 A0C44D00 push videofix.004DC4A0
004DC21B . |68 A0C44D00 push videofix.004DC4A0
004DC220 . |68 A0C44D00 push videofix.004DC4A0
004DC225 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DC228 . |BA 33000000 mov edx,33
004DC22D . |E8 3E8CF2FF call videofix.00404E70
004DC232 . |FF75 A0 push dword ptr ss:[ebp-60]
004DC235 . |68 A0C44D00 push videofix.004DC4A0
004DC23A . |68 A0C44D00 push videofix.004DC4A0
004DC23F . |68 A0C44D00 push videofix.004DC4A0
004DC244 . |68 A0C44D00 push videofix.004DC4A0
004DC249 . |68 A0C44D00 push videofix.004DC4A0
004DC24E . |68 A0C44D00 push videofix.004DC4A0
004DC253 . |68 A0C44D00 push videofix.004DC4A0
004DC258 . |68 A0C44D00 push videofix.004DC4A0
004DC25D . |68 A0C44D00 push videofix.004DC4A0
004DC262 . |68 A0C44D00 push videofix.004DC4A0
004DC267 . |68 A0C44D00 push videofix.004DC4A0
004DC26C . |68 A0C44D00 push videofix.004DC4A0
004DC271 . |8D45 A0 lea eax,dword ptr ss:[ebp-60] ;上面有很多CALL
004DC274 . |BA 0D000000 mov edx,0D
004DC279 . |E8 F28BF2FF call videofix.00404E70
004DC27E . |6A 00 push 0
004DC280 . |8D45 A0 lea eax,dword ptr ss:[ebp-60]
004DC283 . |E8 788DF2FF call videofix.00405000
004DC288 . |8BD0 mov edx,eax ; |
004DC28A . |B9 00020000 mov ecx,200 ; |
004DC28F . |8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC] ; |
004DC295 . |E8 EE6DF2FF call videofix.00403088 ; \videofix.00403088
004DC29A . |E8 8566F2FF call videofix.00402924
004DC29F . |8D85 54FEFFFF lea eax,dword ptr ss:[ebp-1AC]
004DC2A5 . |E8 FE6DF2FF call videofix.004030A8
004DC2AA . |E8 7566F2FF call videofix.00402924
004DC2AF > |B2 01 mov dl,1
004DC2B1 . |A1 E0D14600 mov eax,dword ptr ds:[46D1E0]
004DC2B6 . |E8 2510F9FF call videofix.0046D2E0
004DC2BB . |8BD8 mov ebx,eax
004DC2BD . |BA 01000080 mov edx,80000001
004DC2C2 . |8BC3 mov eax,ebx
004DC2C4 . |E8 B710F9FF call videofix.0046D380 ;刚才的空key.dat 已经写进代码了
004DC2C9 . |B1 01 mov cl,1
004DC2CB . |BA 18CE4D00 mov edx,videofix.004DCE18 ; \software\fixvideo\videofixer\
004DC2D0 . |8BC3 mov eax,ebx
004DC2D2 . |E8 0D11F9FF call videofix.0046D3E4
004DC2D7 . |84C0 test al,al
004DC2D9 . |74 16 je short videofix.004DC2F1
到这里开始注册名、注册码
004DC2D9 . /74 16 je short videofix.004DC2F1
004DC2DB . |8B4D FC mov ecx,dword ptr ss:[ebp-4]
004DC2DE . |BA 40CE4D00 mov edx,videofix.004DCE40 ; username
004DC2E3 . |8BC3 mov eax,ebx
004DC2E5 . |E8 C613F9FF call videofix.0046D6B0 ;"UserName"="Leesan"应该写入注册表
004DC2EA . |8BC3 mov eax,ebx
004DC2EC . |E8 5F10F9FF call videofix.0046D350
004DC2F1 > \8D95 48FEFFFF lea edx,dword ptr ss:[ebp-1B8]
004DC2F7 . 8B87 04030000 mov eax,dword ptr ds:[edi+304]
004DC2FD . E8 E2A1F6FF call videofix.004464E4
004DC302 . 83BD 48FEFFFF 00 cmp dword ptr ss:[ebp-1B8],0
004DC309 74 46 je short videofix.004DC351
004DC30B . 8D95 44FEFFFF lea edx,dword ptr ss:[ebp-1BC]
004DC311 . 8B87 00030000 mov eax,dword ptr ds:[edi+300]
004DC317 . E8 C8A1F6FF call videofix.004464E4 ;假码
004DC31C . 83BD 44FEFFFF 00 cmp dword ptr ss:[ebp-1BC],0
004DC323 . 74 2C je short videofix.004DC351
004DC325 . A1 B8144F00 mov eax,dword ptr ds:[4F14B8]
004DC32A . 8B00 mov eax,dword ptr ds:[eax]
004DC32C . 8B80 90030000 mov eax,dword ptr ds:[eax+390]
004DC332 . 83C0 68 add eax,68
004DC335 . BA 54CE4D00 mov edx,videofix.004DCE54 ; 谢谢注册,请重新启动程序!
004DC33A . E8 0D88F2FF call videofix.00404B4C
004DC33F . A1 B8144F00 mov eax,dword ptr ds:[4F14B8]
004DC344 . 8B00 mov eax,dword ptr ds:[eax]
004DC346 . 8B80 90030000 mov eax,dword ptr ds:[eax+390]
004DC34C . 8B10 mov edx,dword ptr ds:[eax]
004DC34E . FF52 30 call dword ptr ds:[edx+30]
004DC351 > E9 39000000 jmp videofix.004DC38F
004DC356 00 db 00
以上诸多call并未全部贴出
此时注册表
[HKEY_CURRENT_USER\Software\FixVideo\VideoFixer]
"UserName"="Leesan"
看堆栈
0012F2C8 004DC3E5 SE 句柄
0012F2CC 0012F498
0012F2D0 0012F654
0012F2D4 0044CAF0 videofix.0044CAF0
0012F2D8 01101EA4
0012F2DC 010FC94C ASCII "asdf"
0012F2E0 011040A0 ASCII "Leesan"
0012F2E4 01109B5C
到这里结束了
运行脱壳前的程序,显示已经注册了 呵呵
附上key.dat 及抓图
key.rar
--------------------------------------------------------------------------------
【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
2007年12月14日 16:45:08
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
