-
-
[旧帖] [求助]请教老师:刚学破解,软件已脱壳,用W32Dasm找不到第一个跳传的地址 0.00雪花
-
发表于: 2008-4-21 17:43
-
截取了一整段代码,中间没有省略,刚学破解,一头雾水啊!请各位老师帮忙看看!
问题:
1、我分析的这段代码对吗?还是找错了位置?
2、如何判定第一个跳传?也就是输入错误的注册码就跳到错误的地址
3、找到关键跳后,怎样修改?是不是见到5就改成4、见到4就改成5?
我刚刚学习解密,没有任何汇编基础,提的问题也许很不靠谱,各位老师千万别见怪啊!先谢了~~~
以下是代码:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F054(U)
|
:0041F05B 8D45E4 lea eax, dword ptr [ebp-1C]
:0041F05E E8AD032300 call 0064F410
:0041F063 FF45B0 inc [ebp-50]
:0041F066 8B10 mov edx, dword ptr [eax]
:0041F068 8B4580 mov eax, dword ptr [ebp-80]
:0041F06B 8B00 mov eax, dword ptr [eax]
:0041F06D 8B08 mov ecx, dword ptr [eax]
:0041F06F FF5138 call [ecx+38]
:0041F072 FF4DB0 dec [ebp-50]
:0041F075 8D45E4 lea eax, dword ptr [ebp-1C]
:0041F078 BA02000000 mov edx, 00000002
:0041F07D E8EA052300 call 0064F66C
:0041F082 8B4D88 mov ecx, dword ptr [ebp-78]
:0041F085 80B94C02000000 cmp byte ptr [ecx+0000024C], 00
:0041F08C 7508 jne 0041F096 **************************请问这是第一个跳转吗?
:0041F08E 8B4588 mov eax, dword ptr [ebp-78]
:0041F091 E862D01400 call 0056C0F8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F08C(C)
|
:0041F096 8B4588 mov eax, dword ptr [ebp-78]
:0041F099 E8726B1700 call 00595C10
:0041F09E 8B4588 mov eax, dword ptr [ebp-78]
:0041F0A1 8B10 mov edx, dword ptr [eax]
:0041F0A3 FF924C010000 call dword ptr [edx+0000014C]
:0041F0A9 83F802 cmp eax, 00000002
:0041F0AC 0F8CE0000000 jl 0041F192
:0041F0B2 66C745A48000 mov [ebp-5C], 0080
* Possible StringData Ref from Data Obj ->"Syspara"
|
:0041F0B8 BA59F46600 mov edx, 0066F459
:0041F0BD 8D45E0 lea eax, dword ptr [ebp-20]
:0041F0C0 E84B032300 call 0064F410
:0041F0C5 FF45B0 inc [ebp-50]
:0041F0C8 8B10 mov edx, dword ptr [eax]
:0041F0CA 8B4588 mov eax, dword ptr [ebp-78]
:0041F0CD E8F27D1700 call 00596EC4
:0041F0D2 89857CFFFFFF mov dword ptr [ebp+FFFFFF7C], eax
:0041F0D8 33C9 xor ecx, ecx
:0041F0DA 894DDC mov dword ptr [ebp-24], ecx
:0041F0DD 8D55DC lea edx, dword ptr [ebp-24]
:0041F0E0 FF45B0 inc [ebp-50]
:0041F0E3 8B857CFFFFFF mov eax, dword ptr [ebp+FFFFFF7C]
:0041F0E9 8B08 mov ecx, dword ptr [eax]
:0041F0EB FF5160 call [ecx+60]
:0041F0EE 8D55DC lea edx, dword ptr [ebp-24]
:0041F0F1 8B4590 mov eax, dword ptr [ebp-70]
:0041F0F4 0524030000 add eax, 00000324
:0041F0F9 E89E052300 call 0064F69C
:0041F0FE FF4DB0 dec [ebp-50]
:0041F101 8D45DC lea eax, dword ptr [ebp-24]
:0041F104 BA02000000 mov edx, 00000002
:0041F109 E85E052300 call 0064F66C
:0041F10E FF4DB0 dec [ebp-50]
:0041F111 8D45E0 lea eax, dword ptr [ebp-20]
:0041F114 BA02000000 mov edx, 00000002
:0041F119 E84E052300 call 0064F66C
:0041F11E 8B4588 mov eax, dword ptr [ebp-78]
:0041F121 E846941700 call 0059856C
:0041F126 66C745A48C00 mov [ebp-5C], 008C
* Possible StringData Ref from Data Obj ->"Syspara"
|
:0041F12C BA61F46600 mov edx, 0066F461
:0041F131 8D45D8 lea eax, dword ptr [ebp-28]
:0041F134 E8D7022300 call 0064F410
:0041F139 FF45B0 inc [ebp-50]
:0041F13C 8B10 mov edx, dword ptr [eax]
:0041F13E 8B4588 mov eax, dword ptr [ebp-78]
:0041F141 E87E7D1700 call 00596EC4
:0041F146 898578FFFFFF mov dword ptr [ebp+FFFFFF78], eax
:0041F14C 33D2 xor edx, edx
:0041F14E 8955D4 mov dword ptr [ebp-2C], edx
:0041F151 8D55D4 lea edx, dword ptr [ebp-2C]
:0041F154 FF45B0 inc [ebp-50]
:0041F157 8B8578FFFFFF mov eax, dword ptr [ebp+FFFFFF78]
:0041F15D 8B08 mov ecx, dword ptr [eax]
:0041F15F FF5160 call [ecx+60]
:0041F162 8D55D4 lea edx, dword ptr [ebp-2C]
:0041F165 8B4590 mov eax, dword ptr [ebp-70]
:0041F168 0520030000 add eax, 00000320
:0041F16D E82A052300 call 0064F69C
:0041F172 FF4DB0 dec [ebp-50]
:0041F175 8D45D4 lea eax, dword ptr [ebp-2C]
:0041F178 BA02000000 mov edx, 00000002
:0041F17D E8EA042300 call 0064F66C
:0041F182 FF4DB0 dec [ebp-50]
:0041F185 8D45D8 lea eax, dword ptr [ebp-28]
:0041F188 BA02000000 mov edx, 00000002
:0041F18D E8DA042300 call 0064F66C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F0AC(C)
|
:0041F192 8B4588 mov eax, dword ptr [ebp-78]
:0041F195 E8826A1700 call 00595C1C
:0041F19A 66C745A42C00 mov [ebp-5C], 002C
:0041F1A0 EB0B jmp 0041F1AD
:0041F1A2 66C745A44000 mov [ebp-5C], 0040
:0041F1A8 E8A5D22200 call 0064C452
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F1A0(U)
|
:0041F1AD 8B5588 mov edx, dword ptr [ebp-78]
:0041F1B0 8955CC mov dword ptr [ebp-34], edx
:0041F1B3 837DCC00 cmp dword ptr [ebp-34], 00000000
:0041F1B7 7421 je 0041F1DA
:0041F1B9 8B4DCC mov ecx, dword ptr [ebp-34]
:0041F1BC 8B01 mov eax, dword ptr [ecx]
:0041F1BE 8945D0 mov dword ptr [ebp-30], eax
:0041F1C1 66C745A4A400 mov [ebp-5C], 00A4
:0041F1C7 BA03000000 mov edx, 00000003
:0041F1CC 8B45CC mov eax, dword ptr [ebp-34]
:0041F1CF 8B08 mov ecx, dword ptr [eax]
:0041F1D1 FF51FC call [ecx-04]
:0041F1D4 66C745A49800 mov [ebp-5C], 0098
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F1B7(C)
|
:0041F1DA 66C745A4B000 mov [ebp-5C], 00B0
:0041F1E0 33D2 xor edx, edx
:0041F1E2 8955C8 mov dword ptr [ebp-38], edx
:0041F1E5 8D55C8 lea edx, dword ptr [ebp-38]
:0041F1E8 FF45B0 inc [ebp-50]
:0041F1EB 8B4590 mov eax, dword ptr [ebp-70]
:0041F1EE 8B801C030000 mov eax, dword ptr [eax+0000031C]
:0041F1F4 E84F140000 call 00420648
:0041F1F9 8D55C8 lea edx, dword ptr [ebp-38]
:0041F1FC 8B12 mov edx, dword ptr [edx]
:0041F1FE 8B4590 mov eax, dword ptr [ebp-70]
:0041F201 8B8000030000 mov eax, dword ptr [eax+00000300]
:0041F207 E820591F00 call 00614B2C
:0041F20C FF4DB0 dec [ebp-50]
:0041F20F 8D45C8 lea eax, dword ptr [ebp-38]
:0041F212 BA02000000 mov edx, 00000002
:0041F217 E850042300 call 0064F66C
:0041F21C 66C745A4BC00 mov [ebp-5C], 00BC
:0041F222 8B4D90 mov ecx, dword ptr [ebp-70]
:0041F225 81C124030000 add ecx, 00000324
:0041F22B 898D74FFFFFF mov dword ptr [ebp+FFFFFF74], ecx
:0041F231 8B8574FFFFFF mov eax, dword ptr [ebp+FFFFFF74]
:0041F237 833800 cmp dword ptr [eax], 00000000
:0041F23A 740A je 0041F246
:0041F23C 8B9574FFFFFF mov edx, dword ptr [ebp+FFFFFF74]
:0041F242 8B12 mov edx, dword ptr [edx]
:0041F244 EB05 jmp 0041F24B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F23A(C)
|
:0041F246 BA69F46600 mov edx, 0066F469
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F244(U)
|
:0041F24B 8D45C4 lea eax, dword ptr [ebp-3C]
:0041F24E E8BD012300 call 0064F410
:0041F253 FF45B0 inc [ebp-50]
:0041F256 8B10 mov edx, dword ptr [eax]
:0041F258 8B4590 mov eax, dword ptr [ebp-70]
:0041F25B 8B8004030000 mov eax, dword ptr [eax+00000304]
:0041F261 E8C6581F00 call 00614B2C
:0041F266 FF4DB0 dec [ebp-50]
:0041F269 8D45C4 lea eax, dword ptr [ebp-3C]
:0041F26C BA02000000 mov edx, 00000002
:0041F271 E8F6032300 call 0064F66C
:0041F276 66C745A4C800 mov [ebp-5C], 00C8
:0041F27C 8B4D90 mov ecx, dword ptr [ebp-70]
:0041F27F 81C120030000 add ecx, 00000320
:0041F285 898D70FFFFFF mov dword ptr [ebp+FFFFFF70], ecx
:0041F28B 8B8570FFFFFF mov eax, dword ptr [ebp+FFFFFF70]
:0041F291 833800 cmp dword ptr [eax], 00000000
:0041F294 740A je 0041F2A0
:0041F296 8B9570FFFFFF mov edx, dword ptr [ebp+FFFFFF70]
:0041F29C 8B12 mov edx, dword ptr [edx]
:0041F29E EB05 jmp 0041F2A5
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F294(C)
|
:0041F2A0 BA6AF46600 mov edx, 0066F46A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F29E(U)
|
:0041F2A5 8D45C0 lea eax, dword ptr [ebp-40]
:0041F2A8 E863012300 call 0064F410
:0041F2AD FF45B0 inc [ebp-50]
:0041F2B0 8B10 mov edx, dword ptr [eax]
:0041F2B2 8B4590 mov eax, dword ptr [ebp-70]
:0041F2B5 8B8010030000 mov eax, dword ptr [eax+00000310]
:0041F2BB E86C581F00 call 00614B2C
:0041F2C0 FF4DB0 dec [ebp-50]
:0041F2C3 8D45C0 lea eax, dword ptr [ebp-40]
:0041F2C6 BA02000000 mov edx, 00000002
:0041F2CB E89C032300 call 0064F66C
:0041F2D0 66C745A4D400 mov [ebp-5C], 00D4
:0041F2D6 33C9 xor ecx, ecx
:0041F2D8 894DBC mov dword ptr [ebp-44], ecx
:0041F2DB 8D55BC lea edx, dword ptr [ebp-44]
:0041F2DE FF45B0 inc [ebp-50]
:0041F2E1 8B4590 mov eax, dword ptr [ebp-70]
:0041F2E4 8B801C030000 mov eax, dword ptr [eax+0000031C]
:0041F2EA E84D120000 call 0042053C
:0041F2EF 8D45BC lea eax, dword ptr [ebp-44]
:0041F2F2 8B5590 mov edx, dword ptr [ebp-70]
:0041F2F5 81C220030000 add edx, 00000320
:0041F2FB E850042300 call 0064F750
:0041F300 50 push eax
:0041F301 FF4DB0 dec [ebp-50]
:0041F304 8D45BC lea eax, dword ptr [ebp-44]
:0041F307 BA02000000 mov edx, 00000002
:0041F30C E85B032300 call 0064F66C
:0041F311 59 pop ecx
:0041F312 84C9 test cl, cl
:0041F314 7456 je 0041F36C
:0041F316 8B4590 mov eax, dword ptr [ebp-70]
:0041F319 8B8010030000 mov eax, dword ptr [eax+00000310]
:0041F31F 33D2 xor edx, edx
:0041F321 8B08 mov ecx, dword ptr [eax]
:0041F323 FF5164 call [ecx+64]
:0041F326 8B4590 mov eax, dword ptr [ebp-70]
:0041F329 8B8008030000 mov eax, dword ptr [eax+00000308]
:0041F32F 33D2 xor edx, edx
:0041F331 8B08 mov ecx, dword ptr [eax]
:0041F333 FF5164 call [ecx+64]
:0041F336 66C745A4E000 mov [ebp-5C], 00E0
* Possible StringData Ref from Data Obj ->"已注册" **************************已经注册成功的提示
|
:0041F33C BA6BF46600 mov edx, 0066F46B
:0041F341 8D45B8 lea eax, dword ptr [ebp-48]
:0041F344 E8C7002300 call 0064F410
:0041F349 FF45B0 inc [ebp-50]
:0041F34C 8B10 mov edx, dword ptr [eax]
:0041F34E 8B4590 mov eax, dword ptr [ebp-70]
:0041F351 8B8008030000 mov eax, dword ptr [eax+00000308]
:0041F357 E8D0571F00 call 00614B2C
:0041F35C FF4DB0 dec [ebp-50]
:0041F35F 8D45B8 lea eax, dword ptr [ebp-48]
:0041F362 BA02000000 mov edx, 00000002
:0041F367 E800032300 call 0064F66C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F314(C)
|
:0041F36C FF4DB0 dec [ebp-50]
:0041F36F 8D45FC lea eax, dword ptr [ebp-04]
:0041F372 BA02000000 mov edx, 00000002
:0041F377 E8F0022300 call 0064F66C
:0041F37C 8B4D94 mov ecx, dword ptr [ebp-6C]
:0041F37F 64890D00000000 mov dword ptr fs:[00000000], ecx
:0041F386 5F pop edi
:0041F387 5E pop esi
:0041F388 5B pop ebx
:0041F389 8BE5 mov esp, ebp
:0041F38B 5D pop ebp
:0041F38C C3 ret
:0041F38D 90 nop
:0041F38E 90 nop
:0041F38F 90 nop
:0041F390 55 push ebp
:0041F391 8BEC mov ebp, esp
:0041F393 81C43CFFFFFF add esp, FFFFFF3C
:0041F399 53 push ebx
:0041F39A 56 push esi
:0041F39B 57 push edi
:0041F39C 899558FFFFFF mov dword ptr [ebp+FFFFFF58], edx
:0041F3A2 89855CFFFFFF mov dword ptr [ebp+FFFFFF5C], eax
:0041F3A8 B8B4F96600 mov eax, 0066F9B4
:0041F3AD E826532200 call 006446D8
:0041F3B2 66C78570FFFFFF0800 mov word ptr [ebp+FFFFFF70], 0008
:0041F3BB 33D2 xor edx, edx
:0041F3BD 8955FC mov dword ptr [ebp-04], edx
:0041F3C0 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F3C6 66C78570FFFFFF1400 mov word ptr [ebp+FFFFFF70], 0014
:0041F3CF 66C78570FFFFFF2000 mov word ptr [ebp+FFFFFF70], 0020
:0041F3D8 33C9 xor ecx, ecx
:0041F3DA 894DF8 mov dword ptr [ebp-08], ecx
:0041F3DD FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F3E3 66C78570FFFFFF1400 mov word ptr [ebp+FFFFFF70], 0014
:0041F3EC 66C78570FFFFFF2C00 mov word ptr [ebp+FFFFFF70], 002C
:0041F3F5 33C0 xor eax, eax
:0041F3F7 8945F4 mov dword ptr [ebp-0C], eax
:0041F3FA FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F400 66C78570FFFFFF1400 mov word ptr [ebp+FFFFFF70], 0014
:0041F409 66C78570FFFFFF3800 mov word ptr [ebp+FFFFFF70], 0038
:0041F412 33D2 xor edx, edx
:0041F414 8955F0 mov dword ptr [ebp-10], edx
:0041F417 8D55F0 lea edx, dword ptr [ebp-10]
:0041F41A FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F420 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041F426 8B801C030000 mov eax, dword ptr [eax+0000031C]
:0041F42C E817120000 call 00420648
:0041F431 8D55F0 lea edx, dword ptr [ebp-10]
:0041F434 FF32 push dword ptr [edx]
:0041F436 33C9 xor ecx, ecx
:0041F438 894DEC mov dword ptr [ebp-14], ecx
:0041F43B 8D45EC lea eax, dword ptr [ebp-14]
:0041F43E 50 push eax
:0041F43F FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F445 E83A080000 call 0041FC84
:0041F44A 83C408 add esp, 00000008
:0041F44D 8D55EC lea edx, dword ptr [ebp-14]
:0041F450 FF32 push dword ptr [edx]
:0041F452 33C9 xor ecx, ecx
:0041F454 894DE8 mov dword ptr [ebp-18], ecx
:0041F457 8D45E8 lea eax, dword ptr [ebp-18]
:0041F45A 50 push eax
:0041F45B FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F461 E8AE120000 call 00420714
:0041F466 83C408 add esp, 00000008
:0041F469 8D55E8 lea edx, dword ptr [ebp-18]
:0041F46C 8D45F8 lea eax, dword ptr [ebp-08]
:0041F46F E828022300 call 0064F69C
:0041F474 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F47A 8D45E8 lea eax, dword ptr [ebp-18]
:0041F47D BA02000000 mov edx, 00000002
:0041F482 E8E5012300 call 0064F66C
:0041F487 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F48D 8D45EC lea eax, dword ptr [ebp-14]
:0041F490 BA02000000 mov edx, 00000002
:0041F495 E8D2012300 call 0064F66C
:0041F49A FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F4A0 8D45F0 lea eax, dword ptr [ebp-10]
:0041F4A3 BA02000000 mov edx, 00000002
:0041F4A8 E8BF012300 call 0064F66C
:0041F4AD 66C78570FFFFFF4400 mov word ptr [ebp+FFFFFF70], 0044
:0041F4B6 33C9 xor ecx, ecx
:0041F4B8 894DE4 mov dword ptr [ebp-1C], ecx
:0041F4BB 8D55E4 lea edx, dword ptr [ebp-1C]
:0041F4BE FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F4C4 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041F4CA 8B8010030000 mov eax, dword ptr [eax+00000310]
:0041F4D0 E827561F00 call 00614AFC
:0041F4D5 8D55E4 lea edx, dword ptr [ebp-1C]
:0041F4D8 8D45F4 lea eax, dword ptr [ebp-0C]
:0041F4DB E8BC012300 call 0064F69C
:0041F4E0 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F4E6 8D45E4 lea eax, dword ptr [ebp-1C]
:0041F4E9 BA02000000 mov edx, 00000002
:0041F4EE E879012300 call 0064F66C
:0041F4F3 66C78570FFFFFF5000 mov word ptr [ebp+FFFFFF70], 0050
:0041F4FC 33C9 xor ecx, ecx
:0041F4FE 894DE0 mov dword ptr [ebp-20], ecx
:0041F501 8D55E0 lea edx, dword ptr [ebp-20]
:0041F504 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F50A 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041F510 8B801C030000 mov eax, dword ptr [eax+0000031C]
:0041F516 E82D110000 call 00420648
:0041F51B 8D55E0 lea edx, dword ptr [ebp-20]
:0041F51E FF32 push dword ptr [edx]
:0041F520 33C9 xor ecx, ecx
:0041F522 894DDC mov dword ptr [ebp-24], ecx
:0041F525 8D45DC lea eax, dword ptr [ebp-24]
:0041F528 50 push eax
:0041F529 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F52F E850070000 call 0041FC84
:0041F534 83C408 add esp, 00000008
:0041F537 8D55DC lea edx, dword ptr [ebp-24]
:0041F53A FF32 push dword ptr [edx]
:0041F53C 33C9 xor ecx, ecx
:0041F53E 894DD8 mov dword ptr [ebp-28], ecx
:0041F541 8D45D8 lea eax, dword ptr [ebp-28]
:0041F544 50 push eax
:0041F545 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F54B E8C4110000 call 00420714
:0041F550 83C408 add esp, 00000008
:0041F553 8D55D8 lea edx, dword ptr [ebp-28]
:0041F556 52 push edx
:0041F557 33C9 xor ecx, ecx
:0041F559 894DD4 mov dword ptr [ebp-2C], ecx
:0041F55C 8D55D4 lea edx, dword ptr [ebp-2C]
:0041F55F FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F565 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041F56B 8B8010030000 mov eax, dword ptr [eax+00000310]
:0041F571 E886551F00 call 00614AFC
:0041F576 8D55D4 lea edx, dword ptr [ebp-2C]
:0041F579 58 pop eax
:0041F57A E8E9012300 call 0064F768
:0041F57F 50 push eax
:0041F580 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F586 8D45D4 lea eax, dword ptr [ebp-2C]
:0041F589 BA02000000 mov edx, 00000002
:0041F58E E8D9002300 call 0064F66C
:0041F593 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F599 8D45D8 lea eax, dword ptr [ebp-28]
:0041F59C BA02000000 mov edx, 00000002
:0041F5A1 E8C6002300 call 0064F66C
:0041F5A6 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F5AC 8D45DC lea eax, dword ptr [ebp-24]
:0041F5AF BA02000000 mov edx, 00000002
:0041F5B4 E8B3002300 call 0064F66C
:0041F5B9 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F5BF 8D45E0 lea eax, dword ptr [ebp-20]
:0041F5C2 BA02000000 mov edx, 00000002
:0041F5C7 E8A0002300 call 0064F66C
:0041F5CC 59 pop ecx
:0041F5CD 84C9 test cl, cl
:0041F5CF 744B je 0041F61C
:0041F5D1 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F5D7 8D45F4 lea eax, dword ptr [ebp-0C]
:0041F5DA BA02000000 mov edx, 00000002
:0041F5DF E888002300 call 0064F66C
:0041F5E4 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F5EA 8D45F8 lea eax, dword ptr [ebp-08]
:0041F5ED BA02000000 mov edx, 00000002
:0041F5F2 E875002300 call 0064F66C
:0041F5F7 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F5FD 8D45FC lea eax, dword ptr [ebp-04]
:0041F600 BA02000000 mov edx, 00000002
:0041F605 E862002300 call 0064F66C
:0041F60A 8B8D60FFFFFF mov ecx, dword ptr [ebp+FFFFFF60]
:0041F610 64890D00000000 mov dword ptr fs:[00000000], ecx
:0041F617 E9A1050000 jmp 0041FBBD
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F5CF(C)
|
:0041F61C 66C78570FFFFFF5C00 mov word ptr [ebp+FFFFFF70], 005C
:0041F625 33C9 xor ecx, ecx
:0041F627 B201 mov dl, 01
* Possible StringData Ref from Data Obj ->"榅Z"
|
:0041F629 A184E45500 mov eax, dword ptr [0055E484]
:0041F62E E8B1C91400 call 0056BFE4
:0041F633 898554FFFFFF mov dword ptr [ebp+FFFFFF54], eax
:0041F639 66C78570FFFFFF6800 mov word ptr [ebp+FFFFFF70], 0068
* Possible StringData Ref from Data Obj ->"panda"
|
:0041F642 BA72F46600 mov edx, 0066F472
:0041F647 8D45D0 lea eax, dword ptr [ebp-30]
:0041F64A E8C1FD2200 call 0064F410
:0041F64F FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F655 8B10 mov edx, dword ptr [eax]
:0041F657 8B8554FFFFFF mov eax, dword ptr [ebp+FFFFFF54]
:0041F65D E87E871400 call 00567DE0
:0041F662 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F668 8D45D0 lea eax, dword ptr [ebp-30]
:0041F66B BA02000000 mov edx, 00000002
:0041F670 E8F7FF2200 call 0064F66C
:0041F675 66C78570FFFFFF7400 mov word ptr [ebp+FFFFFF70], 0074
:0041F67E 66C78570FFFFFF8000 mov word ptr [ebp+FFFFFF70], 0080
* Possible StringData Ref from Data Obj ->"chenyuanhui"
|
:0041F687 BA78F46600 mov edx, 0066F478
:0041F68C 8D45CC lea eax, dword ptr [ebp-34]
:0041F68F E87CFD2200 call 0064F410
:0041F694 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F69A FF30 push dword ptr [eax]
:0041F69C 8B8554FFFFFF mov eax, dword ptr [ebp+FFFFFF54]
:0041F6A2 E8E9861400 call 00567D90
:0041F6A7 5A pop edx
:0041F6A8 E8530C1400 call 00560300
:0041F6AD FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F6B3 8D45CC lea eax, dword ptr [ebp-34]
:0041F6B6 BA02000000 mov edx, 00000002
:0041F6BB E8ACFF2200 call 0064F66C
:0041F6C0 66C78570FFFFFF5C00 mov word ptr [ebp+FFFFFF70], 005C
:0041F6C9 EB0E jmp 0041F6D9
:0041F6CB 66C78570FFFFFF7C00 mov word ptr [ebp+FFFFFF70], 007C
:0041F6D4 E879CD2200 call 0064C452
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F6C9(U)
|
:0041F6D9 8B8D54FFFFFF mov ecx, dword ptr [ebp+FFFFFF54]
:0041F6DF 81C148020000 add ecx, 00000248
:0041F6E5 898D50FFFFFF mov dword ptr [ebp+FFFFFF50], ecx
:0041F6EB 8B8550FFFFFF mov eax, dword ptr [ebp+FFFFFF50]
:0041F6F1 8B00 mov eax, dword ptr [eax]
:0041F6F3 8B10 mov edx, dword ptr [eax]
:0041F6F5 FF5244 call [edx+44]
:0041F6F8 66C78570FFFFFF8C00 mov word ptr [ebp+FFFFFF70], 008C
:0041F701 33C9 xor ecx, ecx
:0041F703 894DC8 mov dword ptr [ebp-38], ecx
:0041F706 8D55C8 lea edx, dword ptr [ebp-38]
:0041F709 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F70F 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041F715 8B8004030000 mov eax, dword ptr [eax+00000304]
:0041F71B E8DC531F00 call 00614AFC
:0041F720 8D55C8 lea edx, dword ptr [ebp-38]
:0041F723 33C9 xor ecx, ecx
:0041F725 894DC4 mov dword ptr [ebp-3C], ecx
:0041F728 8D4DC4 lea ecx, dword ptr [ebp-3C]
:0041F72B FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
* Possible StringData Ref from Data Obj ->"update Syspara set Syspara='"
|
:0041F731 B884F46600 mov eax, 0066F484
:0041F736 E879042300 call 0064FBB4
:0041F73B 8D55C4 lea edx, dword ptr [ebp-3C]
:0041F73E 52 push edx
* Possible StringData Ref from Data Obj ->"' where Parano=1"
|
:0041F73F BAA2F46600 mov edx, 0066F4A2
:0041F744 8D45C0 lea eax, dword ptr [ebp-40]
:0041F747 E8C4FC2200 call 0064F410
:0041F74C FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F752 8D55C0 lea edx, dword ptr [ebp-40]
:0041F755 33C0 xor eax, eax
:0041F757 8945BC mov dword ptr [ebp-44], eax
:0041F75A 8D4DBC lea ecx, dword ptr [ebp-44]
:0041F75D FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F763 58 pop eax
:0041F764 E85BFF2200 call 0064F6C4
:0041F769 8D55BC lea edx, dword ptr [ebp-44]
:0041F76C 8D45FC lea eax, dword ptr [ebp-04]
:0041F76F E828FF2200 call 0064F69C
:0041F774 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F77A 8D45BC lea eax, dword ptr [ebp-44]
:0041F77D BA02000000 mov edx, 00000002
:0041F782 E8E5FE2200 call 0064F66C
:0041F787 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F78D 8D45C0 lea eax, dword ptr [ebp-40]
:0041F790 BA02000000 mov edx, 00000002
:0041F795 E8D2FE2200 call 0064F66C
:0041F79A FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F7A0 8D45C4 lea eax, dword ptr [ebp-3C]
:0041F7A3 BA02000000 mov edx, 00000002
:0041F7A8 E8BFFE2200 call 0064F66C
:0041F7AD FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F7B3 8D45C8 lea eax, dword ptr [ebp-38]
:0041F7B6 BA02000000 mov edx, 00000002
:0041F7BB E8ACFE2200 call 0064F66C
:0041F7C0 8B8D54FFFFFF mov ecx, dword ptr [ebp+FFFFFF54]
:0041F7C6 81C148020000 add ecx, 00000248
:0041F7CC 898D4CFFFFFF mov dword ptr [ebp+FFFFFF4C], ecx
:0041F7D2 66C78570FFFFFF9800 mov word ptr [ebp+FFFFFF70], 0098
:0041F7DB 837DFC00 cmp dword ptr [ebp-04], 00000000
:0041F7DF 7405 je 0041F7E6
:0041F7E1 8B55FC mov edx, dword ptr [ebp-04]
:0041F7E4 EB05 jmp 0041F7EB
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F7DF(C)
|
:0041F7E6 BAB3F46600 mov edx, 0066F4B3
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F7E4(U)
|
:0041F7EB 8D45B8 lea eax, dword ptr [ebp-48]
:0041F7EE E81DFC2200 call 0064F410
:0041F7F3 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F7F9 8B10 mov edx, dword ptr [eax]
:0041F7FB 8B854CFFFFFF mov eax, dword ptr [ebp+FFFFFF4C]
:0041F801 8B00 mov eax, dword ptr [eax]
:0041F803 8B08 mov ecx, dword ptr [eax]
:0041F805 FF5138 call [ecx+38]
:0041F808 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F80E 8D45B8 lea eax, dword ptr [ebp-48]
:0041F811 BA02000000 mov edx, 00000002
:0041F816 E851FE2200 call 0064F66C
:0041F81B 8B8554FFFFFF mov eax, dword ptr [ebp+FFFFFF54]
:0041F821 E85ED01400 call 0056C884
:0041F826 8B9554FFFFFF mov edx, dword ptr [ebp+FFFFFF54]
:0041F82C 81C248020000 add edx, 00000248
:0041F832 899548FFFFFF mov dword ptr [ebp+FFFFFF48], edx
:0041F838 8B8D48FFFFFF mov ecx, dword ptr [ebp+FFFFFF48]
:0041F83E 8B01 mov eax, dword ptr [ecx]
:0041F840 8B10 mov edx, dword ptr [eax]
:0041F842 FF5244 call [edx+44]
:0041F845 66C78570FFFFFFA400 mov word ptr [ebp+FFFFFF70], 00A4
:0041F84E 33C9 xor ecx, ecx
:0041F850 894DB4 mov dword ptr [ebp-4C], ecx
:0041F853 8D55B4 lea edx, dword ptr [ebp-4C]
:0041F856 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F85C 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041F862 8B8010030000 mov eax, dword ptr [eax+00000310]
:0041F868 E88F521F00 call 00614AFC
:0041F86D 8D55B4 lea edx, dword ptr [ebp-4C]
:0041F870 33C9 xor ecx, ecx
:0041F872 894DB0 mov dword ptr [ebp-50], ecx
:0041F875 8D4DB0 lea ecx, dword ptr [ebp-50]
:0041F878 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
* Possible StringData Ref from Data Obj ->"update Syspara set Syspara='"
|
:0041F87E B8B4F46600 mov eax, 0066F4B4
:0041F883 E82C032300 call 0064FBB4
:0041F888 8D55B0 lea edx, dword ptr [ebp-50]
:0041F88B 52 push edx
* Possible StringData Ref from Data Obj ->"' where Parano=2"
|
:0041F88C BAD2F46600 mov edx, 0066F4D2
:0041F891 8D45AC lea eax, dword ptr [ebp-54]
:0041F894 E877FB2200 call 0064F410
:0041F899 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F89F 8D55AC lea edx, dword ptr [ebp-54]
:0041F8A2 33C0 xor eax, eax
:0041F8A4 8945A8 mov dword ptr [ebp-58], eax
:0041F8A7 8D4DA8 lea ecx, dword ptr [ebp-58]
:0041F8AA FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F8B0 58 pop eax
:0041F8B1 E80EFE2200 call 0064F6C4
:0041F8B6 8D55A8 lea edx, dword ptr [ebp-58]
:0041F8B9 8D45FC lea eax, dword ptr [ebp-04]
:0041F8BC E8DBFD2200 call 0064F69C
:0041F8C1 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F8C7 8D45A8 lea eax, dword ptr [ebp-58]
:0041F8CA BA02000000 mov edx, 00000002
:0041F8CF E898FD2200 call 0064F66C
:0041F8D4 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F8DA 8D45AC lea eax, dword ptr [ebp-54]
:0041F8DD BA02000000 mov edx, 00000002
:0041F8E2 E885FD2200 call 0064F66C
:0041F8E7 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F8ED 8D45B0 lea eax, dword ptr [ebp-50]
:0041F8F0 BA02000000 mov edx, 00000002
:0041F8F5 E872FD2200 call 0064F66C
:0041F8FA FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F900 8D45B4 lea eax, dword ptr [ebp-4C]
:0041F903 BA02000000 mov edx, 00000002
:0041F908 E85FFD2200 call 0064F66C
:0041F90D 8B8D54FFFFFF mov ecx, dword ptr [ebp+FFFFFF54]
:0041F913 81C148020000 add ecx, 00000248
:0041F919 898D44FFFFFF mov dword ptr [ebp+FFFFFF44], ecx
:0041F91F 66C78570FFFFFFB000 mov word ptr [ebp+FFFFFF70], 00B0
:0041F928 837DFC00 cmp dword ptr [ebp-04], 00000000
:0041F92C 7405 je 0041F933
:0041F92E 8B55FC mov edx, dword ptr [ebp-04]
:0041F931 EB05 jmp 0041F938
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F92C(C)
|
:0041F933 BAE3F46600 mov edx, 0066F4E3
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F931(U)
|
:0041F938 8D45A4 lea eax, dword ptr [ebp-5C]
:0041F93B E8D0FA2200 call 0064F410
:0041F940 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F946 8B10 mov edx, dword ptr [eax]
:0041F948 8B8544FFFFFF mov eax, dword ptr [ebp+FFFFFF44]
:0041F94E 8B00 mov eax, dword ptr [eax]
:0041F950 8B08 mov ecx, dword ptr [eax]
:0041F952 FF5138 call [ecx+38]
:0041F955 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F95B 8D45A4 lea eax, dword ptr [ebp-5C]
:0041F95E BA02000000 mov edx, 00000002
:0041F963 E804FD2200 call 0064F66C
:0041F968 8B8554FFFFFF mov eax, dword ptr [ebp+FFFFFF54]
:0041F96E E811CF1400 call 0056C884
:0041F973 8B9554FFFFFF mov edx, dword ptr [ebp+FFFFFF54]
:0041F979 81C248020000 add edx, 00000248
:0041F97F 899540FFFFFF mov dword ptr [ebp+FFFFFF40], edx
:0041F985 8B8D40FFFFFF mov ecx, dword ptr [ebp+FFFFFF40]
:0041F98B 8B01 mov eax, dword ptr [ecx]
:0041F98D 8B10 mov edx, dword ptr [eax]
:0041F98F FF5244 call [edx+44]
:0041F992 66C78570FFFFFFBC00 mov word ptr [ebp+FFFFFF70], 00BC
:0041F99B 83C4F8 add esp, FFFFFFF8
:0041F99E E8CD8D1900 call 005B8770
:0041F9A3 DD1C24 fstp qword ptr [esp]
:0041F9A6 33C9 xor ecx, ecx
:0041F9A8 894DA0 mov dword ptr [ebp-60], ecx
:0041F9AB 8D45A0 lea eax, dword ptr [ebp-60]
:0041F9AE FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F9B4 E84F9A1900 call 005B9408
:0041F9B9 8D55A0 lea edx, dword ptr [ebp-60]
:0041F9BC 33C9 xor ecx, ecx
:0041F9BE 894D9C mov dword ptr [ebp-64], ecx
:0041F9C1 8D4D9C lea ecx, dword ptr [ebp-64]
:0041F9C4 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
* Possible StringData Ref from Data Obj ->"update Syspara set Syspara='"
|
:0041F9CA B8E4F46600 mov eax, 0066F4E4
:0041F9CF E8E0012300 call 0064FBB4
:0041F9D4 8D559C lea edx, dword ptr [ebp-64]
:0041F9D7 52 push edx
* Possible StringData Ref from Data Obj ->"' where Parano=3"
|
:0041F9D8 BA02F56600 mov edx, 0066F502
:0041F9DD 8D4598 lea eax, dword ptr [ebp-68]
:0041F9E0 E82BFA2200 call 0064F410
:0041F9E5 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F9EB 8D5598 lea edx, dword ptr [ebp-68]
:0041F9EE 33C0 xor eax, eax
:0041F9F0 894594 mov dword ptr [ebp-6C], eax
:0041F9F3 8D4D94 lea ecx, dword ptr [ebp-6C]
:0041F9F6 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F9FC 58 pop eax
:0041F9FD E8C2FC2200 call 0064F6C4
:0041FA02 8D5594 lea edx, dword ptr [ebp-6C]
:0041FA05 8D45FC lea eax, dword ptr [ebp-04]
:0041FA08 E88FFC2200 call 0064F69C
:0041FA0D FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FA13 8D4594 lea eax, dword ptr [ebp-6C]
:0041FA16 BA02000000 mov edx, 00000002
:0041FA1B E84CFC2200 call 0064F66C
:0041FA20 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FA26 8D4598 lea eax, dword ptr [ebp-68]
:0041FA29 BA02000000 mov edx, 00000002
:0041FA2E E839FC2200 call 0064F66C
:0041FA33 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FA39 8D459C lea eax, dword ptr [ebp-64]
:0041FA3C BA02000000 mov edx, 00000002
:0041FA41 E826FC2200 call 0064F66C
:0041FA46 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FA4C 8D45A0 lea eax, dword ptr [ebp-60]
:0041FA4F BA02000000 mov edx, 00000002
:0041FA54 E813FC2200 call 0064F66C
:0041FA59 8B8D54FFFFFF mov ecx, dword ptr [ebp+FFFFFF54]
:0041FA5F 81C148020000 add ecx, 00000248
:0041FA65 898D3CFFFFFF mov dword ptr [ebp+FFFFFF3C], ecx
:0041FA6B 66C78570FFFFFFC800 mov word ptr [ebp+FFFFFF70], 00C8
:0041FA74 837DFC00 cmp dword ptr [ebp-04], 00000000
:0041FA78 7405 je 0041FA7F
:0041FA7A 8B55FC mov edx, dword ptr [ebp-04]
:0041FA7D EB05 jmp 0041FA84
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041FA78(C)
|
:0041FA7F BA13F56600 mov edx, 0066F513
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041FA7D(U)
|
:0041FA84 8D4590 lea eax, dword ptr [ebp-70]
:0041FA87 E884F92200 call 0064F410
:0041FA8C FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041FA92 8B10 mov edx, dword ptr [eax]
:0041FA94 8B853CFFFFFF mov eax, dword ptr [ebp+FFFFFF3C]
:0041FA9A 8B00 mov eax, dword ptr [eax]
:0041FA9C 8B08 mov ecx, dword ptr [eax]
:0041FA9E FF5138 call [ecx+38]
:0041FAA1 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FAA7 8D4590 lea eax, dword ptr [ebp-70]
:0041FAAA BA02000000 mov edx, 00000002
:0041FAAF E8B8FB2200 call 0064F66C
:0041FAB4 8B8554FFFFFF mov eax, dword ptr [ebp+FFFFFF54]
:0041FABA E8C5CD1400 call 0056C884
:0041FABF 8B8554FFFFFF mov eax, dword ptr [ebp+FFFFFF54]
:0041FAC5 E852611700 call 00595C1C
:0041FACA 66C78570FFFFFF1400 mov word ptr [ebp+FFFFFF70], 0014
:0041FAD3 EB0E jmp 0041FAE3
:0041FAD5 66C78570FFFFFF6400 mov word ptr [ebp+FFFFFF70], 0064
:0041FADE E86FC92200 call 0064C452
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041FAD3(U)
|
:0041FAE3 8B9554FFFFFF mov edx, dword ptr [ebp+FFFFFF54]
:0041FAE9 895588 mov dword ptr [ebp-78], edx
:0041FAEC 837D8800 cmp dword ptr [ebp-78], 00000000
:0041FAF0 7427 je 0041FB19
:0041FAF2 8B4D88 mov ecx, dword ptr [ebp-78]
:0041FAF5 8B01 mov eax, dword ptr [ecx]
:0041FAF7 89458C mov dword ptr [ebp-74], eax
:0041FAFA 66C78570FFFFFFE000 mov word ptr [ebp+FFFFFF70], 00E0
:0041FB03 BA03000000 mov edx, 00000003
:0041FB08 8B4588 mov eax, dword ptr [ebp-78]
:0041FB0B 8B08 mov ecx, dword ptr [eax]
:0041FB0D FF51FC call [ecx-04]
:0041FB10 66C78570FFFFFFD400 mov word ptr [ebp+FFFFFF70], 00D4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041FAF0(C)
|
:0041FB19 6A00 push 00000000
:0041FB1B 66C78570FFFFFFEC00 mov word ptr [ebp+FFFFFF70], 00EC
:0041FB24 33D2 xor edx, edx
:0041FB26 895584 mov dword ptr [ebp-7C], edx
:0041FB29 8D5584 lea edx, dword ptr [ebp-7C]
:0041FB2C FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041FB32 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041FB38 8B8004030000 mov eax, dword ptr [eax+00000304]
:0041FB3E E8B94F1F00 call 00614AFC
:0041FB43 837D8400 cmp dword ptr [ebp-7C], 00000000
:0041FB47 7405 je 0041FB4E **************************请问这是第一个跳转吗?
:0041FB49 8B5584 mov edx, dword ptr [ebp-7C]
:0041FB4C EB05 jmp 0041FB53
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041FB47(C)
|
:0041FB4E BA1FF56600 mov edx, 0066F51F
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041FB4C(U)
|
* Possible StringData Ref from Data Obj ->"注册成功 !" **************************注册成功的提示
|
:0041FB53 B914F56600 mov ecx, 0066F514
:0041FB58 A1E09C6900 mov eax, dword ptr [00699CE0]
:0041FB5D 8B00 mov eax, dword ptr [eax]
:0041FB5F E8D4F72200 call 0064F338
:0041FB64 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FB6A 8D4584 lea eax, dword ptr [ebp-7C]
:0041FB6D BA02000000 mov edx, 00000002
:0041FB72 E8F5FA2200 call 0064F66C
:0041FB77 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FB7D 8D45F4 lea eax, dword ptr [ebp-0C]
:0041FB80 BA02000000 mov edx, 00000002
:0041FB85 E8E2FA2200 call 0064F66C
:0041FB8A FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FB90 8D45F8 lea eax, dword ptr [ebp-08]
:0041FB93 BA02000000 mov edx, 00000002
:0041FB98 E8CFFA2200 call 0064F66C
:0041FB9D FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FBA3 8D45FC lea eax, dword ptr [ebp-04]
:0041FBA6 BA02000000 mov edx, 00000002
:0041FBAB E8BCFA2200 call 0064F66C
:0041FBB0 8B8D60FFFFFF mov ecx, dword ptr [ebp+FFFFFF60]
:0041FBB6 64890D00000000 mov dword ptr fs:[00000000], ecx
问题:
1、我分析的这段代码对吗?还是找错了位置?
2、如何判定第一个跳传?也就是输入错误的注册码就跳到错误的地址
3、找到关键跳后,怎样修改?是不是见到5就改成4、见到4就改成5?
我刚刚学习解密,没有任何汇编基础,提的问题也许很不靠谱,各位老师千万别见怪啊!先谢了~~~
以下是代码:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F054(U)
|
:0041F05B 8D45E4 lea eax, dword ptr [ebp-1C]
:0041F05E E8AD032300 call 0064F410
:0041F063 FF45B0 inc [ebp-50]
:0041F066 8B10 mov edx, dword ptr [eax]
:0041F068 8B4580 mov eax, dword ptr [ebp-80]
:0041F06B 8B00 mov eax, dword ptr [eax]
:0041F06D 8B08 mov ecx, dword ptr [eax]
:0041F06F FF5138 call [ecx+38]
:0041F072 FF4DB0 dec [ebp-50]
:0041F075 8D45E4 lea eax, dword ptr [ebp-1C]
:0041F078 BA02000000 mov edx, 00000002
:0041F07D E8EA052300 call 0064F66C
:0041F082 8B4D88 mov ecx, dword ptr [ebp-78]
:0041F085 80B94C02000000 cmp byte ptr [ecx+0000024C], 00
:0041F08C 7508 jne 0041F096 **************************请问这是第一个跳转吗?
:0041F08E 8B4588 mov eax, dword ptr [ebp-78]
:0041F091 E862D01400 call 0056C0F8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F08C(C)
|
:0041F096 8B4588 mov eax, dword ptr [ebp-78]
:0041F099 E8726B1700 call 00595C10
:0041F09E 8B4588 mov eax, dword ptr [ebp-78]
:0041F0A1 8B10 mov edx, dword ptr [eax]
:0041F0A3 FF924C010000 call dword ptr [edx+0000014C]
:0041F0A9 83F802 cmp eax, 00000002
:0041F0AC 0F8CE0000000 jl 0041F192
:0041F0B2 66C745A48000 mov [ebp-5C], 0080
* Possible StringData Ref from Data Obj ->"Syspara"
|
:0041F0B8 BA59F46600 mov edx, 0066F459
:0041F0BD 8D45E0 lea eax, dword ptr [ebp-20]
:0041F0C0 E84B032300 call 0064F410
:0041F0C5 FF45B0 inc [ebp-50]
:0041F0C8 8B10 mov edx, dword ptr [eax]
:0041F0CA 8B4588 mov eax, dword ptr [ebp-78]
:0041F0CD E8F27D1700 call 00596EC4
:0041F0D2 89857CFFFFFF mov dword ptr [ebp+FFFFFF7C], eax
:0041F0D8 33C9 xor ecx, ecx
:0041F0DA 894DDC mov dword ptr [ebp-24], ecx
:0041F0DD 8D55DC lea edx, dword ptr [ebp-24]
:0041F0E0 FF45B0 inc [ebp-50]
:0041F0E3 8B857CFFFFFF mov eax, dword ptr [ebp+FFFFFF7C]
:0041F0E9 8B08 mov ecx, dword ptr [eax]
:0041F0EB FF5160 call [ecx+60]
:0041F0EE 8D55DC lea edx, dword ptr [ebp-24]
:0041F0F1 8B4590 mov eax, dword ptr [ebp-70]
:0041F0F4 0524030000 add eax, 00000324
:0041F0F9 E89E052300 call 0064F69C
:0041F0FE FF4DB0 dec [ebp-50]
:0041F101 8D45DC lea eax, dword ptr [ebp-24]
:0041F104 BA02000000 mov edx, 00000002
:0041F109 E85E052300 call 0064F66C
:0041F10E FF4DB0 dec [ebp-50]
:0041F111 8D45E0 lea eax, dword ptr [ebp-20]
:0041F114 BA02000000 mov edx, 00000002
:0041F119 E84E052300 call 0064F66C
:0041F11E 8B4588 mov eax, dword ptr [ebp-78]
:0041F121 E846941700 call 0059856C
:0041F126 66C745A48C00 mov [ebp-5C], 008C
* Possible StringData Ref from Data Obj ->"Syspara"
|
:0041F12C BA61F46600 mov edx, 0066F461
:0041F131 8D45D8 lea eax, dword ptr [ebp-28]
:0041F134 E8D7022300 call 0064F410
:0041F139 FF45B0 inc [ebp-50]
:0041F13C 8B10 mov edx, dword ptr [eax]
:0041F13E 8B4588 mov eax, dword ptr [ebp-78]
:0041F141 E87E7D1700 call 00596EC4
:0041F146 898578FFFFFF mov dword ptr [ebp+FFFFFF78], eax
:0041F14C 33D2 xor edx, edx
:0041F14E 8955D4 mov dword ptr [ebp-2C], edx
:0041F151 8D55D4 lea edx, dword ptr [ebp-2C]
:0041F154 FF45B0 inc [ebp-50]
:0041F157 8B8578FFFFFF mov eax, dword ptr [ebp+FFFFFF78]
:0041F15D 8B08 mov ecx, dword ptr [eax]
:0041F15F FF5160 call [ecx+60]
:0041F162 8D55D4 lea edx, dword ptr [ebp-2C]
:0041F165 8B4590 mov eax, dword ptr [ebp-70]
:0041F168 0520030000 add eax, 00000320
:0041F16D E82A052300 call 0064F69C
:0041F172 FF4DB0 dec [ebp-50]
:0041F175 8D45D4 lea eax, dword ptr [ebp-2C]
:0041F178 BA02000000 mov edx, 00000002
:0041F17D E8EA042300 call 0064F66C
:0041F182 FF4DB0 dec [ebp-50]
:0041F185 8D45D8 lea eax, dword ptr [ebp-28]
:0041F188 BA02000000 mov edx, 00000002
:0041F18D E8DA042300 call 0064F66C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F0AC(C)
|
:0041F192 8B4588 mov eax, dword ptr [ebp-78]
:0041F195 E8826A1700 call 00595C1C
:0041F19A 66C745A42C00 mov [ebp-5C], 002C
:0041F1A0 EB0B jmp 0041F1AD
:0041F1A2 66C745A44000 mov [ebp-5C], 0040
:0041F1A8 E8A5D22200 call 0064C452
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F1A0(U)
|
:0041F1AD 8B5588 mov edx, dword ptr [ebp-78]
:0041F1B0 8955CC mov dword ptr [ebp-34], edx
:0041F1B3 837DCC00 cmp dword ptr [ebp-34], 00000000
:0041F1B7 7421 je 0041F1DA
:0041F1B9 8B4DCC mov ecx, dword ptr [ebp-34]
:0041F1BC 8B01 mov eax, dword ptr [ecx]
:0041F1BE 8945D0 mov dword ptr [ebp-30], eax
:0041F1C1 66C745A4A400 mov [ebp-5C], 00A4
:0041F1C7 BA03000000 mov edx, 00000003
:0041F1CC 8B45CC mov eax, dword ptr [ebp-34]
:0041F1CF 8B08 mov ecx, dword ptr [eax]
:0041F1D1 FF51FC call [ecx-04]
:0041F1D4 66C745A49800 mov [ebp-5C], 0098
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F1B7(C)
|
:0041F1DA 66C745A4B000 mov [ebp-5C], 00B0
:0041F1E0 33D2 xor edx, edx
:0041F1E2 8955C8 mov dword ptr [ebp-38], edx
:0041F1E5 8D55C8 lea edx, dword ptr [ebp-38]
:0041F1E8 FF45B0 inc [ebp-50]
:0041F1EB 8B4590 mov eax, dword ptr [ebp-70]
:0041F1EE 8B801C030000 mov eax, dword ptr [eax+0000031C]
:0041F1F4 E84F140000 call 00420648
:0041F1F9 8D55C8 lea edx, dword ptr [ebp-38]
:0041F1FC 8B12 mov edx, dword ptr [edx]
:0041F1FE 8B4590 mov eax, dword ptr [ebp-70]
:0041F201 8B8000030000 mov eax, dword ptr [eax+00000300]
:0041F207 E820591F00 call 00614B2C
:0041F20C FF4DB0 dec [ebp-50]
:0041F20F 8D45C8 lea eax, dword ptr [ebp-38]
:0041F212 BA02000000 mov edx, 00000002
:0041F217 E850042300 call 0064F66C
:0041F21C 66C745A4BC00 mov [ebp-5C], 00BC
:0041F222 8B4D90 mov ecx, dword ptr [ebp-70]
:0041F225 81C124030000 add ecx, 00000324
:0041F22B 898D74FFFFFF mov dword ptr [ebp+FFFFFF74], ecx
:0041F231 8B8574FFFFFF mov eax, dword ptr [ebp+FFFFFF74]
:0041F237 833800 cmp dword ptr [eax], 00000000
:0041F23A 740A je 0041F246
:0041F23C 8B9574FFFFFF mov edx, dword ptr [ebp+FFFFFF74]
:0041F242 8B12 mov edx, dword ptr [edx]
:0041F244 EB05 jmp 0041F24B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F23A(C)
|
:0041F246 BA69F46600 mov edx, 0066F469
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F244(U)
|
:0041F24B 8D45C4 lea eax, dword ptr [ebp-3C]
:0041F24E E8BD012300 call 0064F410
:0041F253 FF45B0 inc [ebp-50]
:0041F256 8B10 mov edx, dword ptr [eax]
:0041F258 8B4590 mov eax, dword ptr [ebp-70]
:0041F25B 8B8004030000 mov eax, dword ptr [eax+00000304]
:0041F261 E8C6581F00 call 00614B2C
:0041F266 FF4DB0 dec [ebp-50]
:0041F269 8D45C4 lea eax, dword ptr [ebp-3C]
:0041F26C BA02000000 mov edx, 00000002
:0041F271 E8F6032300 call 0064F66C
:0041F276 66C745A4C800 mov [ebp-5C], 00C8
:0041F27C 8B4D90 mov ecx, dword ptr [ebp-70]
:0041F27F 81C120030000 add ecx, 00000320
:0041F285 898D70FFFFFF mov dword ptr [ebp+FFFFFF70], ecx
:0041F28B 8B8570FFFFFF mov eax, dword ptr [ebp+FFFFFF70]
:0041F291 833800 cmp dword ptr [eax], 00000000
:0041F294 740A je 0041F2A0
:0041F296 8B9570FFFFFF mov edx, dword ptr [ebp+FFFFFF70]
:0041F29C 8B12 mov edx, dword ptr [edx]
:0041F29E EB05 jmp 0041F2A5
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F294(C)
|
:0041F2A0 BA6AF46600 mov edx, 0066F46A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F29E(U)
|
:0041F2A5 8D45C0 lea eax, dword ptr [ebp-40]
:0041F2A8 E863012300 call 0064F410
:0041F2AD FF45B0 inc [ebp-50]
:0041F2B0 8B10 mov edx, dword ptr [eax]
:0041F2B2 8B4590 mov eax, dword ptr [ebp-70]
:0041F2B5 8B8010030000 mov eax, dword ptr [eax+00000310]
:0041F2BB E86C581F00 call 00614B2C
:0041F2C0 FF4DB0 dec [ebp-50]
:0041F2C3 8D45C0 lea eax, dword ptr [ebp-40]
:0041F2C6 BA02000000 mov edx, 00000002
:0041F2CB E89C032300 call 0064F66C
:0041F2D0 66C745A4D400 mov [ebp-5C], 00D4
:0041F2D6 33C9 xor ecx, ecx
:0041F2D8 894DBC mov dword ptr [ebp-44], ecx
:0041F2DB 8D55BC lea edx, dword ptr [ebp-44]
:0041F2DE FF45B0 inc [ebp-50]
:0041F2E1 8B4590 mov eax, dword ptr [ebp-70]
:0041F2E4 8B801C030000 mov eax, dword ptr [eax+0000031C]
:0041F2EA E84D120000 call 0042053C
:0041F2EF 8D45BC lea eax, dword ptr [ebp-44]
:0041F2F2 8B5590 mov edx, dword ptr [ebp-70]
:0041F2F5 81C220030000 add edx, 00000320
:0041F2FB E850042300 call 0064F750
:0041F300 50 push eax
:0041F301 FF4DB0 dec [ebp-50]
:0041F304 8D45BC lea eax, dword ptr [ebp-44]
:0041F307 BA02000000 mov edx, 00000002
:0041F30C E85B032300 call 0064F66C
:0041F311 59 pop ecx
:0041F312 84C9 test cl, cl
:0041F314 7456 je 0041F36C
:0041F316 8B4590 mov eax, dword ptr [ebp-70]
:0041F319 8B8010030000 mov eax, dword ptr [eax+00000310]
:0041F31F 33D2 xor edx, edx
:0041F321 8B08 mov ecx, dword ptr [eax]
:0041F323 FF5164 call [ecx+64]
:0041F326 8B4590 mov eax, dword ptr [ebp-70]
:0041F329 8B8008030000 mov eax, dword ptr [eax+00000308]
:0041F32F 33D2 xor edx, edx
:0041F331 8B08 mov ecx, dword ptr [eax]
:0041F333 FF5164 call [ecx+64]
:0041F336 66C745A4E000 mov [ebp-5C], 00E0
* Possible StringData Ref from Data Obj ->"已注册" **************************已经注册成功的提示
|
:0041F33C BA6BF46600 mov edx, 0066F46B
:0041F341 8D45B8 lea eax, dword ptr [ebp-48]
:0041F344 E8C7002300 call 0064F410
:0041F349 FF45B0 inc [ebp-50]
:0041F34C 8B10 mov edx, dword ptr [eax]
:0041F34E 8B4590 mov eax, dword ptr [ebp-70]
:0041F351 8B8008030000 mov eax, dword ptr [eax+00000308]
:0041F357 E8D0571F00 call 00614B2C
:0041F35C FF4DB0 dec [ebp-50]
:0041F35F 8D45B8 lea eax, dword ptr [ebp-48]
:0041F362 BA02000000 mov edx, 00000002
:0041F367 E800032300 call 0064F66C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F314(C)
|
:0041F36C FF4DB0 dec [ebp-50]
:0041F36F 8D45FC lea eax, dword ptr [ebp-04]
:0041F372 BA02000000 mov edx, 00000002
:0041F377 E8F0022300 call 0064F66C
:0041F37C 8B4D94 mov ecx, dword ptr [ebp-6C]
:0041F37F 64890D00000000 mov dword ptr fs:[00000000], ecx
:0041F386 5F pop edi
:0041F387 5E pop esi
:0041F388 5B pop ebx
:0041F389 8BE5 mov esp, ebp
:0041F38B 5D pop ebp
:0041F38C C3 ret
:0041F38D 90 nop
:0041F38E 90 nop
:0041F38F 90 nop
:0041F390 55 push ebp
:0041F391 8BEC mov ebp, esp
:0041F393 81C43CFFFFFF add esp, FFFFFF3C
:0041F399 53 push ebx
:0041F39A 56 push esi
:0041F39B 57 push edi
:0041F39C 899558FFFFFF mov dword ptr [ebp+FFFFFF58], edx
:0041F3A2 89855CFFFFFF mov dword ptr [ebp+FFFFFF5C], eax
:0041F3A8 B8B4F96600 mov eax, 0066F9B4
:0041F3AD E826532200 call 006446D8
:0041F3B2 66C78570FFFFFF0800 mov word ptr [ebp+FFFFFF70], 0008
:0041F3BB 33D2 xor edx, edx
:0041F3BD 8955FC mov dword ptr [ebp-04], edx
:0041F3C0 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F3C6 66C78570FFFFFF1400 mov word ptr [ebp+FFFFFF70], 0014
:0041F3CF 66C78570FFFFFF2000 mov word ptr [ebp+FFFFFF70], 0020
:0041F3D8 33C9 xor ecx, ecx
:0041F3DA 894DF8 mov dword ptr [ebp-08], ecx
:0041F3DD FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F3E3 66C78570FFFFFF1400 mov word ptr [ebp+FFFFFF70], 0014
:0041F3EC 66C78570FFFFFF2C00 mov word ptr [ebp+FFFFFF70], 002C
:0041F3F5 33C0 xor eax, eax
:0041F3F7 8945F4 mov dword ptr [ebp-0C], eax
:0041F3FA FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F400 66C78570FFFFFF1400 mov word ptr [ebp+FFFFFF70], 0014
:0041F409 66C78570FFFFFF3800 mov word ptr [ebp+FFFFFF70], 0038
:0041F412 33D2 xor edx, edx
:0041F414 8955F0 mov dword ptr [ebp-10], edx
:0041F417 8D55F0 lea edx, dword ptr [ebp-10]
:0041F41A FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F420 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041F426 8B801C030000 mov eax, dword ptr [eax+0000031C]
:0041F42C E817120000 call 00420648
:0041F431 8D55F0 lea edx, dword ptr [ebp-10]
:0041F434 FF32 push dword ptr [edx]
:0041F436 33C9 xor ecx, ecx
:0041F438 894DEC mov dword ptr [ebp-14], ecx
:0041F43B 8D45EC lea eax, dword ptr [ebp-14]
:0041F43E 50 push eax
:0041F43F FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F445 E83A080000 call 0041FC84
:0041F44A 83C408 add esp, 00000008
:0041F44D 8D55EC lea edx, dword ptr [ebp-14]
:0041F450 FF32 push dword ptr [edx]
:0041F452 33C9 xor ecx, ecx
:0041F454 894DE8 mov dword ptr [ebp-18], ecx
:0041F457 8D45E8 lea eax, dword ptr [ebp-18]
:0041F45A 50 push eax
:0041F45B FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F461 E8AE120000 call 00420714
:0041F466 83C408 add esp, 00000008
:0041F469 8D55E8 lea edx, dword ptr [ebp-18]
:0041F46C 8D45F8 lea eax, dword ptr [ebp-08]
:0041F46F E828022300 call 0064F69C
:0041F474 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F47A 8D45E8 lea eax, dword ptr [ebp-18]
:0041F47D BA02000000 mov edx, 00000002
:0041F482 E8E5012300 call 0064F66C
:0041F487 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F48D 8D45EC lea eax, dword ptr [ebp-14]
:0041F490 BA02000000 mov edx, 00000002
:0041F495 E8D2012300 call 0064F66C
:0041F49A FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F4A0 8D45F0 lea eax, dword ptr [ebp-10]
:0041F4A3 BA02000000 mov edx, 00000002
:0041F4A8 E8BF012300 call 0064F66C
:0041F4AD 66C78570FFFFFF4400 mov word ptr [ebp+FFFFFF70], 0044
:0041F4B6 33C9 xor ecx, ecx
:0041F4B8 894DE4 mov dword ptr [ebp-1C], ecx
:0041F4BB 8D55E4 lea edx, dword ptr [ebp-1C]
:0041F4BE FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F4C4 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041F4CA 8B8010030000 mov eax, dword ptr [eax+00000310]
:0041F4D0 E827561F00 call 00614AFC
:0041F4D5 8D55E4 lea edx, dword ptr [ebp-1C]
:0041F4D8 8D45F4 lea eax, dword ptr [ebp-0C]
:0041F4DB E8BC012300 call 0064F69C
:0041F4E0 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F4E6 8D45E4 lea eax, dword ptr [ebp-1C]
:0041F4E9 BA02000000 mov edx, 00000002
:0041F4EE E879012300 call 0064F66C
:0041F4F3 66C78570FFFFFF5000 mov word ptr [ebp+FFFFFF70], 0050
:0041F4FC 33C9 xor ecx, ecx
:0041F4FE 894DE0 mov dword ptr [ebp-20], ecx
:0041F501 8D55E0 lea edx, dword ptr [ebp-20]
:0041F504 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F50A 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041F510 8B801C030000 mov eax, dword ptr [eax+0000031C]
:0041F516 E82D110000 call 00420648
:0041F51B 8D55E0 lea edx, dword ptr [ebp-20]
:0041F51E FF32 push dword ptr [edx]
:0041F520 33C9 xor ecx, ecx
:0041F522 894DDC mov dword ptr [ebp-24], ecx
:0041F525 8D45DC lea eax, dword ptr [ebp-24]
:0041F528 50 push eax
:0041F529 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F52F E850070000 call 0041FC84
:0041F534 83C408 add esp, 00000008
:0041F537 8D55DC lea edx, dword ptr [ebp-24]
:0041F53A FF32 push dword ptr [edx]
:0041F53C 33C9 xor ecx, ecx
:0041F53E 894DD8 mov dword ptr [ebp-28], ecx
:0041F541 8D45D8 lea eax, dword ptr [ebp-28]
:0041F544 50 push eax
:0041F545 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F54B E8C4110000 call 00420714
:0041F550 83C408 add esp, 00000008
:0041F553 8D55D8 lea edx, dword ptr [ebp-28]
:0041F556 52 push edx
:0041F557 33C9 xor ecx, ecx
:0041F559 894DD4 mov dword ptr [ebp-2C], ecx
:0041F55C 8D55D4 lea edx, dword ptr [ebp-2C]
:0041F55F FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F565 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041F56B 8B8010030000 mov eax, dword ptr [eax+00000310]
:0041F571 E886551F00 call 00614AFC
:0041F576 8D55D4 lea edx, dword ptr [ebp-2C]
:0041F579 58 pop eax
:0041F57A E8E9012300 call 0064F768
:0041F57F 50 push eax
:0041F580 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F586 8D45D4 lea eax, dword ptr [ebp-2C]
:0041F589 BA02000000 mov edx, 00000002
:0041F58E E8D9002300 call 0064F66C
:0041F593 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F599 8D45D8 lea eax, dword ptr [ebp-28]
:0041F59C BA02000000 mov edx, 00000002
:0041F5A1 E8C6002300 call 0064F66C
:0041F5A6 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F5AC 8D45DC lea eax, dword ptr [ebp-24]
:0041F5AF BA02000000 mov edx, 00000002
:0041F5B4 E8B3002300 call 0064F66C
:0041F5B9 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F5BF 8D45E0 lea eax, dword ptr [ebp-20]
:0041F5C2 BA02000000 mov edx, 00000002
:0041F5C7 E8A0002300 call 0064F66C
:0041F5CC 59 pop ecx
:0041F5CD 84C9 test cl, cl
:0041F5CF 744B je 0041F61C
:0041F5D1 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F5D7 8D45F4 lea eax, dword ptr [ebp-0C]
:0041F5DA BA02000000 mov edx, 00000002
:0041F5DF E888002300 call 0064F66C
:0041F5E4 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F5EA 8D45F8 lea eax, dword ptr [ebp-08]
:0041F5ED BA02000000 mov edx, 00000002
:0041F5F2 E875002300 call 0064F66C
:0041F5F7 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F5FD 8D45FC lea eax, dword ptr [ebp-04]
:0041F600 BA02000000 mov edx, 00000002
:0041F605 E862002300 call 0064F66C
:0041F60A 8B8D60FFFFFF mov ecx, dword ptr [ebp+FFFFFF60]
:0041F610 64890D00000000 mov dword ptr fs:[00000000], ecx
:0041F617 E9A1050000 jmp 0041FBBD
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F5CF(C)
|
:0041F61C 66C78570FFFFFF5C00 mov word ptr [ebp+FFFFFF70], 005C
:0041F625 33C9 xor ecx, ecx
:0041F627 B201 mov dl, 01
* Possible StringData Ref from Data Obj ->"榅Z"
|
:0041F629 A184E45500 mov eax, dword ptr [0055E484]
:0041F62E E8B1C91400 call 0056BFE4
:0041F633 898554FFFFFF mov dword ptr [ebp+FFFFFF54], eax
:0041F639 66C78570FFFFFF6800 mov word ptr [ebp+FFFFFF70], 0068
* Possible StringData Ref from Data Obj ->"panda"
|
:0041F642 BA72F46600 mov edx, 0066F472
:0041F647 8D45D0 lea eax, dword ptr [ebp-30]
:0041F64A E8C1FD2200 call 0064F410
:0041F64F FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F655 8B10 mov edx, dword ptr [eax]
:0041F657 8B8554FFFFFF mov eax, dword ptr [ebp+FFFFFF54]
:0041F65D E87E871400 call 00567DE0
:0041F662 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F668 8D45D0 lea eax, dword ptr [ebp-30]
:0041F66B BA02000000 mov edx, 00000002
:0041F670 E8F7FF2200 call 0064F66C
:0041F675 66C78570FFFFFF7400 mov word ptr [ebp+FFFFFF70], 0074
:0041F67E 66C78570FFFFFF8000 mov word ptr [ebp+FFFFFF70], 0080
* Possible StringData Ref from Data Obj ->"chenyuanhui"
|
:0041F687 BA78F46600 mov edx, 0066F478
:0041F68C 8D45CC lea eax, dword ptr [ebp-34]
:0041F68F E87CFD2200 call 0064F410
:0041F694 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F69A FF30 push dword ptr [eax]
:0041F69C 8B8554FFFFFF mov eax, dword ptr [ebp+FFFFFF54]
:0041F6A2 E8E9861400 call 00567D90
:0041F6A7 5A pop edx
:0041F6A8 E8530C1400 call 00560300
:0041F6AD FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F6B3 8D45CC lea eax, dword ptr [ebp-34]
:0041F6B6 BA02000000 mov edx, 00000002
:0041F6BB E8ACFF2200 call 0064F66C
:0041F6C0 66C78570FFFFFF5C00 mov word ptr [ebp+FFFFFF70], 005C
:0041F6C9 EB0E jmp 0041F6D9
:0041F6CB 66C78570FFFFFF7C00 mov word ptr [ebp+FFFFFF70], 007C
:0041F6D4 E879CD2200 call 0064C452
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F6C9(U)
|
:0041F6D9 8B8D54FFFFFF mov ecx, dword ptr [ebp+FFFFFF54]
:0041F6DF 81C148020000 add ecx, 00000248
:0041F6E5 898D50FFFFFF mov dword ptr [ebp+FFFFFF50], ecx
:0041F6EB 8B8550FFFFFF mov eax, dword ptr [ebp+FFFFFF50]
:0041F6F1 8B00 mov eax, dword ptr [eax]
:0041F6F3 8B10 mov edx, dword ptr [eax]
:0041F6F5 FF5244 call [edx+44]
:0041F6F8 66C78570FFFFFF8C00 mov word ptr [ebp+FFFFFF70], 008C
:0041F701 33C9 xor ecx, ecx
:0041F703 894DC8 mov dword ptr [ebp-38], ecx
:0041F706 8D55C8 lea edx, dword ptr [ebp-38]
:0041F709 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F70F 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041F715 8B8004030000 mov eax, dword ptr [eax+00000304]
:0041F71B E8DC531F00 call 00614AFC
:0041F720 8D55C8 lea edx, dword ptr [ebp-38]
:0041F723 33C9 xor ecx, ecx
:0041F725 894DC4 mov dword ptr [ebp-3C], ecx
:0041F728 8D4DC4 lea ecx, dword ptr [ebp-3C]
:0041F72B FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
* Possible StringData Ref from Data Obj ->"update Syspara set Syspara='"
|
:0041F731 B884F46600 mov eax, 0066F484
:0041F736 E879042300 call 0064FBB4
:0041F73B 8D55C4 lea edx, dword ptr [ebp-3C]
:0041F73E 52 push edx
* Possible StringData Ref from Data Obj ->"' where Parano=1"
|
:0041F73F BAA2F46600 mov edx, 0066F4A2
:0041F744 8D45C0 lea eax, dword ptr [ebp-40]
:0041F747 E8C4FC2200 call 0064F410
:0041F74C FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F752 8D55C0 lea edx, dword ptr [ebp-40]
:0041F755 33C0 xor eax, eax
:0041F757 8945BC mov dword ptr [ebp-44], eax
:0041F75A 8D4DBC lea ecx, dword ptr [ebp-44]
:0041F75D FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F763 58 pop eax
:0041F764 E85BFF2200 call 0064F6C4
:0041F769 8D55BC lea edx, dword ptr [ebp-44]
:0041F76C 8D45FC lea eax, dword ptr [ebp-04]
:0041F76F E828FF2200 call 0064F69C
:0041F774 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F77A 8D45BC lea eax, dword ptr [ebp-44]
:0041F77D BA02000000 mov edx, 00000002
:0041F782 E8E5FE2200 call 0064F66C
:0041F787 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F78D 8D45C0 lea eax, dword ptr [ebp-40]
:0041F790 BA02000000 mov edx, 00000002
:0041F795 E8D2FE2200 call 0064F66C
:0041F79A FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F7A0 8D45C4 lea eax, dword ptr [ebp-3C]
:0041F7A3 BA02000000 mov edx, 00000002
:0041F7A8 E8BFFE2200 call 0064F66C
:0041F7AD FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F7B3 8D45C8 lea eax, dword ptr [ebp-38]
:0041F7B6 BA02000000 mov edx, 00000002
:0041F7BB E8ACFE2200 call 0064F66C
:0041F7C0 8B8D54FFFFFF mov ecx, dword ptr [ebp+FFFFFF54]
:0041F7C6 81C148020000 add ecx, 00000248
:0041F7CC 898D4CFFFFFF mov dword ptr [ebp+FFFFFF4C], ecx
:0041F7D2 66C78570FFFFFF9800 mov word ptr [ebp+FFFFFF70], 0098
:0041F7DB 837DFC00 cmp dword ptr [ebp-04], 00000000
:0041F7DF 7405 je 0041F7E6
:0041F7E1 8B55FC mov edx, dword ptr [ebp-04]
:0041F7E4 EB05 jmp 0041F7EB
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F7DF(C)
|
:0041F7E6 BAB3F46600 mov edx, 0066F4B3
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F7E4(U)
|
:0041F7EB 8D45B8 lea eax, dword ptr [ebp-48]
:0041F7EE E81DFC2200 call 0064F410
:0041F7F3 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F7F9 8B10 mov edx, dword ptr [eax]
:0041F7FB 8B854CFFFFFF mov eax, dword ptr [ebp+FFFFFF4C]
:0041F801 8B00 mov eax, dword ptr [eax]
:0041F803 8B08 mov ecx, dword ptr [eax]
:0041F805 FF5138 call [ecx+38]
:0041F808 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F80E 8D45B8 lea eax, dword ptr [ebp-48]
:0041F811 BA02000000 mov edx, 00000002
:0041F816 E851FE2200 call 0064F66C
:0041F81B 8B8554FFFFFF mov eax, dword ptr [ebp+FFFFFF54]
:0041F821 E85ED01400 call 0056C884
:0041F826 8B9554FFFFFF mov edx, dword ptr [ebp+FFFFFF54]
:0041F82C 81C248020000 add edx, 00000248
:0041F832 899548FFFFFF mov dword ptr [ebp+FFFFFF48], edx
:0041F838 8B8D48FFFFFF mov ecx, dword ptr [ebp+FFFFFF48]
:0041F83E 8B01 mov eax, dword ptr [ecx]
:0041F840 8B10 mov edx, dword ptr [eax]
:0041F842 FF5244 call [edx+44]
:0041F845 66C78570FFFFFFA400 mov word ptr [ebp+FFFFFF70], 00A4
:0041F84E 33C9 xor ecx, ecx
:0041F850 894DB4 mov dword ptr [ebp-4C], ecx
:0041F853 8D55B4 lea edx, dword ptr [ebp-4C]
:0041F856 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F85C 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041F862 8B8010030000 mov eax, dword ptr [eax+00000310]
:0041F868 E88F521F00 call 00614AFC
:0041F86D 8D55B4 lea edx, dword ptr [ebp-4C]
:0041F870 33C9 xor ecx, ecx
:0041F872 894DB0 mov dword ptr [ebp-50], ecx
:0041F875 8D4DB0 lea ecx, dword ptr [ebp-50]
:0041F878 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
* Possible StringData Ref from Data Obj ->"update Syspara set Syspara='"
|
:0041F87E B8B4F46600 mov eax, 0066F4B4
:0041F883 E82C032300 call 0064FBB4
:0041F888 8D55B0 lea edx, dword ptr [ebp-50]
:0041F88B 52 push edx
* Possible StringData Ref from Data Obj ->"' where Parano=2"
|
:0041F88C BAD2F46600 mov edx, 0066F4D2
:0041F891 8D45AC lea eax, dword ptr [ebp-54]
:0041F894 E877FB2200 call 0064F410
:0041F899 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F89F 8D55AC lea edx, dword ptr [ebp-54]
:0041F8A2 33C0 xor eax, eax
:0041F8A4 8945A8 mov dword ptr [ebp-58], eax
:0041F8A7 8D4DA8 lea ecx, dword ptr [ebp-58]
:0041F8AA FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F8B0 58 pop eax
:0041F8B1 E80EFE2200 call 0064F6C4
:0041F8B6 8D55A8 lea edx, dword ptr [ebp-58]
:0041F8B9 8D45FC lea eax, dword ptr [ebp-04]
:0041F8BC E8DBFD2200 call 0064F69C
:0041F8C1 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F8C7 8D45A8 lea eax, dword ptr [ebp-58]
:0041F8CA BA02000000 mov edx, 00000002
:0041F8CF E898FD2200 call 0064F66C
:0041F8D4 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F8DA 8D45AC lea eax, dword ptr [ebp-54]
:0041F8DD BA02000000 mov edx, 00000002
:0041F8E2 E885FD2200 call 0064F66C
:0041F8E7 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F8ED 8D45B0 lea eax, dword ptr [ebp-50]
:0041F8F0 BA02000000 mov edx, 00000002
:0041F8F5 E872FD2200 call 0064F66C
:0041F8FA FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F900 8D45B4 lea eax, dword ptr [ebp-4C]
:0041F903 BA02000000 mov edx, 00000002
:0041F908 E85FFD2200 call 0064F66C
:0041F90D 8B8D54FFFFFF mov ecx, dword ptr [ebp+FFFFFF54]
:0041F913 81C148020000 add ecx, 00000248
:0041F919 898D44FFFFFF mov dword ptr [ebp+FFFFFF44], ecx
:0041F91F 66C78570FFFFFFB000 mov word ptr [ebp+FFFFFF70], 00B0
:0041F928 837DFC00 cmp dword ptr [ebp-04], 00000000
:0041F92C 7405 je 0041F933
:0041F92E 8B55FC mov edx, dword ptr [ebp-04]
:0041F931 EB05 jmp 0041F938
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F92C(C)
|
:0041F933 BAE3F46600 mov edx, 0066F4E3
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041F931(U)
|
:0041F938 8D45A4 lea eax, dword ptr [ebp-5C]
:0041F93B E8D0FA2200 call 0064F410
:0041F940 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F946 8B10 mov edx, dword ptr [eax]
:0041F948 8B8544FFFFFF mov eax, dword ptr [ebp+FFFFFF44]
:0041F94E 8B00 mov eax, dword ptr [eax]
:0041F950 8B08 mov ecx, dword ptr [eax]
:0041F952 FF5138 call [ecx+38]
:0041F955 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041F95B 8D45A4 lea eax, dword ptr [ebp-5C]
:0041F95E BA02000000 mov edx, 00000002
:0041F963 E804FD2200 call 0064F66C
:0041F968 8B8554FFFFFF mov eax, dword ptr [ebp+FFFFFF54]
:0041F96E E811CF1400 call 0056C884
:0041F973 8B9554FFFFFF mov edx, dword ptr [ebp+FFFFFF54]
:0041F979 81C248020000 add edx, 00000248
:0041F97F 899540FFFFFF mov dword ptr [ebp+FFFFFF40], edx
:0041F985 8B8D40FFFFFF mov ecx, dword ptr [ebp+FFFFFF40]
:0041F98B 8B01 mov eax, dword ptr [ecx]
:0041F98D 8B10 mov edx, dword ptr [eax]
:0041F98F FF5244 call [edx+44]
:0041F992 66C78570FFFFFFBC00 mov word ptr [ebp+FFFFFF70], 00BC
:0041F99B 83C4F8 add esp, FFFFFFF8
:0041F99E E8CD8D1900 call 005B8770
:0041F9A3 DD1C24 fstp qword ptr [esp]
:0041F9A6 33C9 xor ecx, ecx
:0041F9A8 894DA0 mov dword ptr [ebp-60], ecx
:0041F9AB 8D45A0 lea eax, dword ptr [ebp-60]
:0041F9AE FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F9B4 E84F9A1900 call 005B9408
:0041F9B9 8D55A0 lea edx, dword ptr [ebp-60]
:0041F9BC 33C9 xor ecx, ecx
:0041F9BE 894D9C mov dword ptr [ebp-64], ecx
:0041F9C1 8D4D9C lea ecx, dword ptr [ebp-64]
:0041F9C4 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
* Possible StringData Ref from Data Obj ->"update Syspara set Syspara='"
|
:0041F9CA B8E4F46600 mov eax, 0066F4E4
:0041F9CF E8E0012300 call 0064FBB4
:0041F9D4 8D559C lea edx, dword ptr [ebp-64]
:0041F9D7 52 push edx
* Possible StringData Ref from Data Obj ->"' where Parano=3"
|
:0041F9D8 BA02F56600 mov edx, 0066F502
:0041F9DD 8D4598 lea eax, dword ptr [ebp-68]
:0041F9E0 E82BFA2200 call 0064F410
:0041F9E5 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F9EB 8D5598 lea edx, dword ptr [ebp-68]
:0041F9EE 33C0 xor eax, eax
:0041F9F0 894594 mov dword ptr [ebp-6C], eax
:0041F9F3 8D4D94 lea ecx, dword ptr [ebp-6C]
:0041F9F6 FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041F9FC 58 pop eax
:0041F9FD E8C2FC2200 call 0064F6C4
:0041FA02 8D5594 lea edx, dword ptr [ebp-6C]
:0041FA05 8D45FC lea eax, dword ptr [ebp-04]
:0041FA08 E88FFC2200 call 0064F69C
:0041FA0D FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FA13 8D4594 lea eax, dword ptr [ebp-6C]
:0041FA16 BA02000000 mov edx, 00000002
:0041FA1B E84CFC2200 call 0064F66C
:0041FA20 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FA26 8D4598 lea eax, dword ptr [ebp-68]
:0041FA29 BA02000000 mov edx, 00000002
:0041FA2E E839FC2200 call 0064F66C
:0041FA33 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FA39 8D459C lea eax, dword ptr [ebp-64]
:0041FA3C BA02000000 mov edx, 00000002
:0041FA41 E826FC2200 call 0064F66C
:0041FA46 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FA4C 8D45A0 lea eax, dword ptr [ebp-60]
:0041FA4F BA02000000 mov edx, 00000002
:0041FA54 E813FC2200 call 0064F66C
:0041FA59 8B8D54FFFFFF mov ecx, dword ptr [ebp+FFFFFF54]
:0041FA5F 81C148020000 add ecx, 00000248
:0041FA65 898D3CFFFFFF mov dword ptr [ebp+FFFFFF3C], ecx
:0041FA6B 66C78570FFFFFFC800 mov word ptr [ebp+FFFFFF70], 00C8
:0041FA74 837DFC00 cmp dword ptr [ebp-04], 00000000
:0041FA78 7405 je 0041FA7F
:0041FA7A 8B55FC mov edx, dword ptr [ebp-04]
:0041FA7D EB05 jmp 0041FA84
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041FA78(C)
|
:0041FA7F BA13F56600 mov edx, 0066F513
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041FA7D(U)
|
:0041FA84 8D4590 lea eax, dword ptr [ebp-70]
:0041FA87 E884F92200 call 0064F410
:0041FA8C FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041FA92 8B10 mov edx, dword ptr [eax]
:0041FA94 8B853CFFFFFF mov eax, dword ptr [ebp+FFFFFF3C]
:0041FA9A 8B00 mov eax, dword ptr [eax]
:0041FA9C 8B08 mov ecx, dword ptr [eax]
:0041FA9E FF5138 call [ecx+38]
:0041FAA1 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FAA7 8D4590 lea eax, dword ptr [ebp-70]
:0041FAAA BA02000000 mov edx, 00000002
:0041FAAF E8B8FB2200 call 0064F66C
:0041FAB4 8B8554FFFFFF mov eax, dword ptr [ebp+FFFFFF54]
:0041FABA E8C5CD1400 call 0056C884
:0041FABF 8B8554FFFFFF mov eax, dword ptr [ebp+FFFFFF54]
:0041FAC5 E852611700 call 00595C1C
:0041FACA 66C78570FFFFFF1400 mov word ptr [ebp+FFFFFF70], 0014
:0041FAD3 EB0E jmp 0041FAE3
:0041FAD5 66C78570FFFFFF6400 mov word ptr [ebp+FFFFFF70], 0064
:0041FADE E86FC92200 call 0064C452
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041FAD3(U)
|
:0041FAE3 8B9554FFFFFF mov edx, dword ptr [ebp+FFFFFF54]
:0041FAE9 895588 mov dword ptr [ebp-78], edx
:0041FAEC 837D8800 cmp dword ptr [ebp-78], 00000000
:0041FAF0 7427 je 0041FB19
:0041FAF2 8B4D88 mov ecx, dword ptr [ebp-78]
:0041FAF5 8B01 mov eax, dword ptr [ecx]
:0041FAF7 89458C mov dword ptr [ebp-74], eax
:0041FAFA 66C78570FFFFFFE000 mov word ptr [ebp+FFFFFF70], 00E0
:0041FB03 BA03000000 mov edx, 00000003
:0041FB08 8B4588 mov eax, dword ptr [ebp-78]
:0041FB0B 8B08 mov ecx, dword ptr [eax]
:0041FB0D FF51FC call [ecx-04]
:0041FB10 66C78570FFFFFFD400 mov word ptr [ebp+FFFFFF70], 00D4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041FAF0(C)
|
:0041FB19 6A00 push 00000000
:0041FB1B 66C78570FFFFFFEC00 mov word ptr [ebp+FFFFFF70], 00EC
:0041FB24 33D2 xor edx, edx
:0041FB26 895584 mov dword ptr [ebp-7C], edx
:0041FB29 8D5584 lea edx, dword ptr [ebp-7C]
:0041FB2C FF857CFFFFFF inc dword ptr [ebp+FFFFFF7C]
:0041FB32 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0041FB38 8B8004030000 mov eax, dword ptr [eax+00000304]
:0041FB3E E8B94F1F00 call 00614AFC
:0041FB43 837D8400 cmp dword ptr [ebp-7C], 00000000
:0041FB47 7405 je 0041FB4E **************************请问这是第一个跳转吗?
:0041FB49 8B5584 mov edx, dword ptr [ebp-7C]
:0041FB4C EB05 jmp 0041FB53
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041FB47(C)
|
:0041FB4E BA1FF56600 mov edx, 0066F51F
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041FB4C(U)
|
* Possible StringData Ref from Data Obj ->"注册成功 !" **************************注册成功的提示
|
:0041FB53 B914F56600 mov ecx, 0066F514
:0041FB58 A1E09C6900 mov eax, dword ptr [00699CE0]
:0041FB5D 8B00 mov eax, dword ptr [eax]
:0041FB5F E8D4F72200 call 0064F338
:0041FB64 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FB6A 8D4584 lea eax, dword ptr [ebp-7C]
:0041FB6D BA02000000 mov edx, 00000002
:0041FB72 E8F5FA2200 call 0064F66C
:0041FB77 FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FB7D 8D45F4 lea eax, dword ptr [ebp-0C]
:0041FB80 BA02000000 mov edx, 00000002
:0041FB85 E8E2FA2200 call 0064F66C
:0041FB8A FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FB90 8D45F8 lea eax, dword ptr [ebp-08]
:0041FB93 BA02000000 mov edx, 00000002
:0041FB98 E8CFFA2200 call 0064F66C
:0041FB9D FF8D7CFFFFFF dec dword ptr [ebp+FFFFFF7C]
:0041FBA3 8D45FC lea eax, dword ptr [ebp-04]
:0041FBA6 BA02000000 mov edx, 00000002
:0041FBAB E8BCFA2200 call 0064F66C
:0041FBB0 8B8D60FFFFFF mov ecx, dword ptr [ebp+FFFFFF60]
:0041FBB6 64890D00000000 mov dword ptr fs:[00000000], ecx
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
[QUOTE=wopasi;443967]:0041F314 7456 je 0041F36C 这里有猫腻
:0041F316 8B4590 mov eax, dword ptr [ebp-70] :0041F319 8B8010030000 ...[/QUOTE] 首先感谢老师的回复!! 是不是说这里可能是关键跳?是不是改为“7556”? 再次感谢!!! 
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
