此程序是用Delphi 7编写的。原程序加了aspack2.12壳,用aspackdie脱后,然后可以找到字符串。我的问题是找不到关键比较处,DeDe还不太会用,看了一些教程,也没看明白。我用查找je(jmp,jne...) 4E59C8也找不到什么。我想知道程序是怎样转到004E59C8处的?该如何找关键处?DeDe找到的那些信息有用吗?下一步该怎样做?我找了几天还是没有头结绪。请各位老大指教!麻烦你们了。谢了。
以下是用w32dasm找到字符串处
----------------------------------
:004E59B8 2E BYTE 02eh
:004E59B9 65 BYTE 065h
:004E59BA 7865 js 004E5A21
:004E59BC 00000000 BYTE 4 DUP(0)
:004E59C0 6F outsd
:004E59C1 7065 jo 004E5A28
:004E59C3 6E outsb
:004E59C4 00000000 BYTE 4 DUP(0)
* Possible StringData Ref from Code Obj ->"注册码错误"
|
:004E59C8 B8DC594E00 mov eax, 004E59DC
:004E59CD E8129CF4FF call 0042F5E4
:004E59D2 C3 ret
以下是用OllyDbg1.10找到的
-------------------------------------
004E595D 00 db 00
004E595E 00 db 00
004E595F 00 db 00
004E5960 . 20 68 74 74 70 3A 2F >ascii "
http://www.168r"
004E5970 . 65 67 2E 63 6F 6D 2F >ascii "eg.com/product_v"
004E5980 . 69 65 77 2E 61 73 70 >ascii "iew.asp?sysid=76"
004E5990 . 39 33 2D 39 41 30 38 >ascii "93-9A08-6988-F9E"
004E59A0 . 36 2D 36 41 38 33 23 >ascii "6-6A83#regform ",0
004E59B0 . 69 65 78 70 6C 6F 72 >ascii "iexplore.exe",0
004E59BD 00 db 00
004E59BE 00 db 00
004E59BF 00 db 00
004E59C0 . 6F 70 65 6E 00 ascii "open",0
004E59C5 00 db 00
004E59C6 00 db 00
004E59C7 00 db 00
004E59C8 B8 DC594E00 mov eax,unpacked.004E59DC <===注册码错误
004E59CD . E8 129CF4FF call unpacked.0042F5E4
004E59D2 . C3 retn
以下是用DeDe找到的
----------------------------------------
* Possible String Reference to: '注册码错误'
004E59C8 B8DC594E00 mov eax, $004E59DC
* Reference to: Dialogs.ShowMessage(AnsiString);
004E59CD E8129CF4FF call 0042F5E4
004E59D2 C3 ret
它在类TForm2中。事件是TeThemeButton1Click。还有另外的3个事件TeThemeButton2Click,3,4和FormCreate,_PROC_004E5A38,_PROC_004E5A68,_PROC_004E5A70
以下是“请输入注册码:”
object TeThemeLabel2: TTeThemeLabel
Left = 8
Top = 48
Width = 98
Height = 14
Performance = kspNoBuffer
Transparent = True
Caption = #35831#36755#20837#27880#20876#30721#65306
Color = clBtnFace
ParentColor = False
end
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
