能力值:
( LV2,RANK:10 )
|
-
-
13 楼
DEDE载入
点燃按钮 BUTTON1.CLICK
***** TRY
|
00478EC4 64FF30 push dword ptr fs:[eax]
00478EC7 648920 mov fs:[eax], esp
00478ECA B201 mov dl, $01
* Reference to control Timer1 : TTimer
|
00478ECC 8B8330030000 mov eax, [ebx+$0330]
* Reference to: ExtCtrls.TTimer.SetEnabled(TTimer;Boolean);
| or: IBDatabase.TIBTimer.SetEnabled(TIBTimer;Boolean);
| or: Menus.TMenu.SetOwnerDraw(TMenu;Boolean);
|
00478ED2 E85D37FBFF call 0042C634
* Reference to control CheckBox1 : TRadioButton
|
00478ED7 8B834C030000 mov eax, [ebx+$034C]
00478EDD 8B10 mov edx, [eax]
00478EDF FF92C8000000 call dword ptr [edx+$00C8]
00478EE5 84C0 test al, al
00478EE7 740A jz 00478EF3
00478EE9 C70558CC470096010000 mov dword ptr [$0047CC58], $00000196
* Reference to control RadioButton1 : TRadioButton
|
00478EF3 8B8344030000 mov eax, [ebx+$0344]
00478EF9 8B10 mov edx, [eax]
00478EFB FF92C8000000 call dword ptr [edx+$00C8]
00478F01 84C0 test al, al
00478F03 740A jz 00478F0F
00478F05 C70558CC47000A000000 mov dword ptr [$0047CC58], $0000000A
* Reference to control RadioButton2 : TRadioButton
|
00478F0F 8B8348030000 mov eax, [ebx+$0348]
00478F15 8B10 mov edx, [eax]
00478F17 FF92C8000000 call dword ptr [edx+$00C8]
00478F1D 84C0 test al, al
00478F1F 740A jz 00478F2B
00478F21 C70558CC470096000000 mov dword ptr [$0047CC58], $00000096
* Reference to control RadioButton3 : TRadioButton
|
00478F2B 8B8350030000 mov eax, [ebx+$0350]
00478F31 8B10 mov edx, [eax]
00478F33 FF92C8000000 call dword ptr [edx+$00C8]
00478F39 84C0 test al, al
00478F3B 740A jz 00478F47
00478F3D C70558CC47002C010000 mov dword ptr [$0047CC58], $0000012C
00478F47 8D55FC lea edx, [ebp-$04]
* Reference to control Edit1 : TEdit
|
00478F4A 8B8340030000 mov eax, [ebx+$0340]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00478F50 E82330FCFF call 0043BF78
00478F55 8B45FC mov eax, [ebp-$04]
* Reference to: SysUtils.StrToInt(AnsiString):Integer;
|
00478F58 E873F2F8FF call 004081D0
00478F5D 8BD0 mov edx, eax
* Reference to control Timer1 : TTimer
|
00478F5F 8B8330030000 mov eax, [ebx+$0330]
* Reference to: ExtCtrls.TTimer.SetInterval(TTimer;Cardinal);
| or: IBDatabase.TIBTimer.SetInterval(TIBTimer;Cardinal);
|
00478F65 E8DA36FBFF call 0042C644
* Possible String Reference to: '点燃了...'
|
00478F6A BAD08F4700 mov edx, $00478FD0
* Reference to control Label2 : TLabel
|
00478F6F 8B835C030000 mov eax, [ebx+$035C]
* Reference to: Controls.TControl.SetText(TControl;TCaption);
|
00478F75 E82E30FCFF call 0043BFA8
* Reference to control Label2 : TLabel
|
00478F7A 8B835C030000 mov eax, [ebx+$035C]
00478F80 8B4068 mov eax, [eax+$68]
00478F83 BA0000FF00 mov edx, $00FF0000
* Reference to: Graphics.TFont.SetColor(TFont;TColor);
|
00478F88 E8AB70FAFF call 00420038
* Reference to control TrackBar1 : TTrackBar
|
00478F8D 8B832C030000 mov eax, [ebx+$032C]
00478F93 8B8028020000 mov eax, [eax+$0228]
00478F99 8BD0 mov edx, eax
00478F9B C1E006 shl eax, $06
00478F9E 03C2 add eax, edx
00478FA0 A35CCC4700 mov dword ptr [$0047CC5C], eax
00478FA5 33C0 xor eax, eax
00478FA7 5A pop edx
00478FA8 59 pop ecx
00478FA9 59 pop ecx
00478FAA 648910 mov fs:[eax], edx
****** FINALLY
关键就是
00478EC4 64FF30 push dword ptr fs:[eax]
00478EC7 648920 mov fs:[eax], esp
00478ECA B201 mov dl, $01
* Reference to control Timer1 : TTimer
|
00478ECC 8B8330030000 mov eax, [ebx+$0330]
* Reference to: ExtCtrls.TTimer.SetEnabled(TTimer;Boolean);
| or: IBDatabase.TIBTimer.SetEnabled(TIBTimer;Boolean);
| or: Menus.TMenu.SetOwnerDraw(TMenu;Boolean);
|
00478ED2 E85D37FBFF call 0042C634
* Reference to control CheckBox1 : TRadioButton
|
00478ED7 8B834C030000 mov eax, [ebx+$034C]
00478EDD 8B10 mov edx, [eax]
00478EDF FF92C8000000 call dword ptr [edx+$00C8]
00478EE5 84C0 test al, al
00478EE7 740A jz 00478EF3
00478EE9 C70558CC470096010000 mov dword ptr [$0047CC58], $00000196
* Reference to control RadioButton1 : TRadioButton
|
00478EF3 8B8344030000 mov eax, [ebx+$0344]
00478EF9 8B10 mov edx, [eax]
00478EFB FF92C8000000 call dword ptr [edx+$00C8]
00478F01 84C0 test al, al
00478F03 740A jz 00478F0F
00478F05 C70558CC47000A000000 mov dword ptr [$0047CC58], $0000000A
* Reference to control RadioButton2 : TRadioButton
|
00478F0F 8B8348030000 mov eax, [ebx+$0348]
00478F15 8B10 mov edx, [eax]
00478F17 FF92C8000000 call dword ptr [edx+$00C8]
00478F1D 84C0 test al, al
00478F1F 740A jz 00478F2B
00478F21 C70558CC470096000000 mov dword ptr [$0047CC58], $00000096
* Reference to control RadioButton3 : TRadioButton
|
00478F2B 8B8350030000 mov eax, [ebx+$0350]
00478F31 8B10 mov edx, [eax]
00478F33 FF92C8000000 call dword ptr [edx+$00C8]
00478F39 84C0 test al, al
00478F3B 740A jz 00478F47
00478F3D C70558CC47002C010000 mov dword ptr [$0047CC58], $0000012C
00478F47 8D55FC lea edx, [ebp-$04]
* Reference to control Edit1 : TEdit
|
00478F4A 8B8340030000 mov eax, [ebx+$0340]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00478F50 E82330FCFF call 0043BF78
00478F55 8B45FC mov eax, [ebp-$04]
* Reference to: SysUtils.StrToInt(AnsiString):Integer;
|
00478F58 E873F2F8FF call 004081D0
00478F5D 8BD0 mov edx, eax
* Reference to control Timer1 : TTimer
|
00478F5F 8B8330030000 mov eax, [ebx+$0330]
* Reference to: ExtCtrls.TTimer.SetInterval(TTimer;Cardinal);
| or: IBDatabase.TIBTimer.SetInterval(TIBTimer;Cardinal);
|
00478F65 E8DA36FBFF call 0042C644
那么
看看TIMER控件的内容
00478FE4 53 push ebx
00478FE5 8BD8 mov ebx, eax
00478FE7 A158CC4700 mov eax, dword ptr [$0047CC58]
00478FEC 50 push eax
00478FED B888130000 mov eax, $00001388
|
00478FF2 E8ED9BF8FF call 00402BE4
00478FF7 03055CCC4700 add eax, [$0047CC5C]
00478FFD 50 push eax
|
00478FFE E879D1F8FF call 0040617C
* Reference to control Label2 : TLabel
|
00479003 8B835C030000 mov eax, [ebx+$035C]
00479009 8A5057 mov dl, byte ptr [eax+$57]
0047900C 80F201 xor dl, $01
* Reference to: Controls.TControl.SetVisible(TControl;Boolean);
|
0047900F E8842EFCFF call 0043BE98
00479014 5B pop ebx
00479015 C3 ret
00478FF2 E8ED9BF8FF call 00402BE4
00478FFE E879D1F8FF call 0040617C
二选一
好,用OD载入
bp 00402BE4
bp 0040617C
F9运行
第一个
00402BE4 /$ 53 push ebx
00402BE5 |. 31DB xor ebx, ebx
00402BE7 |. 6993 08A04700>imul edx, dword ptr ds:[ebx+47A008], >
00402BF1 |. 42 inc edx
00402BF2 |. 8993 08A04700 mov dword ptr ds:[ebx+47A008], edx
00402BF8 |. F7E2 mul edx
00402BFA |. 89D0 mov eax, edx
00402BFC |. 5B pop ebx ; 1_.00478FF7
00402BFD \. C3 retn
不像是要找的
第二个
0040617C $- FF25 40D34700 jmp near dword ptr ds:[<&kernel32.#2>; kernel32.Beep
就是BEEP()嘛!!!
第一个的
00402BFD \. C3 retn
到了
00478FF7 . 0305 5CCC4700 add eax, dword ptr ds:[47CC5C] ; |
00478FFD . 50 push eax ; |Frequency = 4399 (17305.)
00478FFE . E8 79D1F8FF call <jmp.&kernel32.#29> ; \Beep
调整些参数再BEEP
就这么简单了。
|