能力值:
( LV9,RANK:170 )
|
-
-
5 楼
OD载入
0054D000 u> 55 push ebp ///停在这里
0054D001 8BEC mov ebp,esp
0054D003 6A FF push -1
0054D005 68 2A2C0A00 push 0A2C2A
0054D00A 68 38900D00 push 0D9038
0054D00F 64:A1 00000000 mov eax,dword ptr fs:[0]
0054D015 50 push eax
0054D016 64:8925 00000000 mov dword ptr fs:[0],esp
0054D01D 58 pop eax
0054D01E 64:A3 00000000 mov dword ptr fs:[0],eax
0054D024 58 pop eax
0054D025 58 pop eax
0054D026 58 pop eax
0054D027 58 pop eax
0054D028 8BE8 mov ebp,eax
0054D02A B8 B0905400 mov eax,unEbookE.005490B0
0054D02F FFE0 jmp eax ///eax=005490B0
005490B0 60 pushad
005490B1 BE 00704D00 mov esi,unEbookE.004D7000
005490B6 8DBE 00A0F2FF lea edi,dword ptr ds:[esi+FFF2A00>
005490BC C787 0C770D00 FFA51>mov dword ptr ds:[edi+D770C],9019>
005490C6 57 push edi
005490C7 83CD FF or ebp,FFFFFFFF
005490CA EB 0E jmp short unEbookE.005490DA
005490CC 90 nop
005490CD 90 nop
005490CE 90 nop
005490CF 90 nop
005490D0 8A06 mov al,byte ptr ds:[esi]
005490D2 46 inc esi
005490D3 8807 mov byte ptr ds:[edi],al
005490D5 47 inc edi
005490D6 01DB add ebx,ebx
005490D8 75 07 jnz short unEbookE.005490E1
005490DA 8B1E mov ebx,dword ptr ds:[esi]
005490DC 83EE FC sub esi,-4
005490DF 11DB adc ebx,ebx
005490E1 ^ 72 ED jb short unEbookE.005490D0
005490E3 B8 01000000 mov eax,1
005490E8 01DB add ebx,ebx
005490EA 75 07 jnz short unEbookE.005490F3
005490EC 8B1E mov ebx,dword ptr ds:[esi]
005490EE 83EE FC sub esi,-4
005490F1 11DB adc ebx,ebx
005490F3 11C0 adc eax,eax
005490F5 01DB add ebx,ebx
005490F7 73 0B jnb short unEbookE.00549104
005490F9 75 19 jnz short unEbookE.00549114
005490FB 8B1E mov ebx,dword ptr ds:[esi]
005490FD 83EE FC sub esi,-4
00549100 11DB adc ebx,ebx
00549102 72 10 jb short unEbookE.00549114
00549104 48 dec eax
00549105 01DB add ebx,ebx
00549107 75 07 jnz short unEbookE.00549110
00549109 8B1E mov ebx,dword ptr ds:[esi]
0054910B 83EE FC sub esi,-4
0054910E 11DB adc ebx,ebx
00549110 11C0 adc eax,eax
00549112 ^ EB D4 jmp short unEbookE.005490E8
00549114 31C9 xor ecx,ecx
00549116 83E8 03 sub eax,3
00549119 72 11 jb short unEbookE.0054912C
0054911B C1E0 08 shl eax,8
0054911E 8A06 mov al,byte ptr ds:[esi]
00549120 46 inc esi
00549121 83F0 FF xor eax,FFFFFFFF
00549124 74 78 je short unEbookE.0054919E
00549126 D1F8 sar eax,1
00549128 89C5 mov ebp,eax
0054912A EB 0B jmp short unEbookE.00549137
0054912C 01DB add ebx,ebx
0054912E 75 07 jnz short unEbookE.00549137
00549130 8B1E mov ebx,dword ptr ds:[esi]
00549132 83EE FC sub esi,-4
00549135 11DB adc ebx,ebx
00549137 11C9 adc ecx,ecx
00549139 01DB add ebx,ebx
0054913B 75 07 jnz short unEbookE.00549144
0054913D 8B1E mov ebx,dword ptr ds:[esi]
0054913F 83EE FC sub esi,-4
00549142 11DB adc ebx,ebx
00549144 11C9 adc ecx,ecx
00549146 75 20 jnz short unEbookE.00549168
00549148 41 inc ecx
00549149 01DB add ebx,ebx
0054914B 75 07 jnz short unEbookE.00549154
0054914D 8B1E mov ebx,dword ptr ds:[esi]
0054914F 83EE FC sub esi,-4
00549152 11DB adc ebx,ebx
00549154 11C9 adc ecx,ecx
00549156 01DB add ebx,ebx
00549158 ^ 73 EF jnb short unEbookE.00549149
0054915A 75 09 jnz short unEbookE.00549165
0054915C 8B1E mov ebx,dword ptr ds:[esi]
0054915E 83EE FC sub esi,-4
00549161 11DB adc ebx,ebx
00549163 ^ 73 E4 jnb short unEbookE.00549149
00549165 83C1 02 add ecx,2
00549168 81FD 00FBFFFF cmp ebp,-500
0054916E 83D1 01 adc ecx,1
00549171 8D142F lea edx,dword ptr ds:[edi+ebp]
00549174 83FD FC cmp ebp,-4
00549177 76 0F jbe short unEbookE.00549188
00549179 8A02 mov al,byte ptr ds:[edx]
0054917B 42 inc edx
0054917C 8807 mov byte ptr ds:[edi],al
0054917E 47 inc edi
0054917F 49 dec ecx
00549180 ^ 75 F7 jnz short unEbookE.00549179
00549182 ^ E9 4FFFFFFF jmp unEbookE.005490D6
00549187 90 nop
00549188 8B02 mov eax,dword ptr ds:[edx]
0054918A 83C2 04 add edx,4
0054918D 8907 mov dword ptr ds:[edi],eax
0054918F 83C7 04 add edi,4
00549192 83E9 04 sub ecx,4
00549195 ^ 77 F1 ja short unEbookE.00549188
00549197 01CF add edi,ecx
00549199 ^ E9 38FFFFFF jmp unEbookE.005490D6
0054919E 5E pop esi
0054919F 89F7 mov edi,esi
005491A1 B9 97690000 mov ecx,6997
005491A6 8A07 mov al,byte ptr ds:[edi]
005491A8 47 inc edi
005491A9 2C E8 sub al,0E8
005491AB 3C 01 cmp al,1
005491AD ^ 77 F7 ja short unEbookE.005491A6
005491AF 803F 1D cmp byte ptr ds:[edi],1D
005491B2 ^ 75 F2 jnz short unEbookE.005491A6
005491B4 8B07 mov eax,dword ptr ds:[edi]
005491B6 8A5F 04 mov bl,byte ptr ds:[edi+4]
005491B9 66:C1E8 08 shr ax,8
005491BD C1C0 10 rol eax,10
005491C0 86C4 xchg ah,al
005491C2 29F8 sub eax,edi
005491C4 80EB E8 sub bl,0E8
005491C7 01F0 add eax,esi
005491C9 8907 mov dword ptr ds:[edi],eax
005491CB 83C7 05 add edi,5
005491CE 89D8 mov eax,ebx
005491D0 ^ E2 D9 loopd short unEbookE.005491AB
005491D2 8DBE 00501400 lea edi,dword ptr ds:[esi+145000]
005491D8 8B07 mov eax,dword ptr ds:[edi]
005491DA 09C0 or eax,eax
005491DC 74 3C je short unEbookE.0054921A
005491DE 8B5F 04 mov ebx,dword ptr ds:[edi+4]
005491E1 8D8430 48B71400 lea eax,dword ptr ds:[eax+esi+14B>
005491E8 01F3 add ebx,esi
005491EA 50 push eax
005491EB 83C7 08 add edi,8
005491EE FF96 38B81400 call dword ptr ds:[esi+14B838]
005491F4 95 xchg eax,ebp
005491F5 8A07 mov al,byte ptr ds:[edi]
005491F7 47 inc edi
005491F8 08C0 or al,al
005491FA ^ 74 DC je short unEbookE.005491D8
005491FC 89F9 mov ecx,edi
005491FE 57 push edi
005491FF 48 dec eax
00549200 F2:AE repne scas byte ptr es:[edi]
00549202 55 push ebp
00549203 FF96 3CB81400 call dword ptr ds:[esi+14B83C]
00549209 09C0 or eax,eax
0054920B 74 07 je short unEbookE.00549214
0054920D 8903 mov dword ptr ds:[ebx],eax
0054920F 83C3 04 add ebx,4
00549212 ^ EB E1 jmp short unEbookE.005491F5
00549214 FF96 40B81400 call dword ptr ds:[esi+14B840]
0054921A 61 popad
0054921B - E9 DCA7F8FF jmp unEbookE.004D39FC ///跳向入口点
004D39FC 55 push ebp// /// OEP,DUMP
004D39FD 8BEC mov ebp,esp
004D39FF 83C4 F0 add esp,-10
004D3A02 B8 74364D00 mov eax,unEbookE.004D3674
004D3A07 E8 2831F3FF call unEbookE.00406B34
004D3A0C A1 84714D00 mov eax,dword ptr ds:[4D7184]
004D3A11 8B00 mov eax,dword ptr ds:[eax]
004D3A13 E8 6C6AF9FF call unEbookE.0046A484
004D3A18 33C9 xor ecx,ecx
004D3A1A B2 01 mov dl,1
004D3A1C A1 08AE4C00 mov eax,dword ptr ds:[4CAE08]
004D3A21 E8 7675FFFF call unEbookE.004CAF9C
004D3A26 8B15 14704D00 mov edx,dword ptr ds:[4D7014] ; unEbookE.004D90F0
004D3A2C 8902 mov dword ptr ds:[edx],eax
004D3A2E A1 14704D00 mov eax,dword ptr ds:[4D7014]
004D3A33 8B00 mov eax,dword ptr ds:[eax]
004D3A35 E8 DE35F9FF call unEbookE.00467018
004D3A3A A1 14704D00 mov eax,dword ptr ds:[4D7014]
运行ImportREC,OEP改为D39FC,修复程序,正常运行,但有自校验。
|