天目电子公司找展讯手机密码的分析
发表于:
2008-12-23 11:47
7221
很久以前分析的一个东东,是修手机人员用的一个小软件,我不修手机了,所以贴出来吧.相信这个电子公司是不会介意我贴出来的了,那么老的东东,况且我不在这个公司上班,嘿嘿.不知道论坛里有没有修手机的,或许会用的上.
大概流程是这样的,通过仪器把手机的字库给读出来,然后可以用天目的软件找出手机里的密码.
下面是主要的代码:
004D49C3 E8E44AF4FF call 004194AC //@Classes@TStream@SetPosition$qqrxj //获取文件开始位置 004D49C8 8D55CC lea edx, [ebp-$34] //[EBP-34]的有效地址 004D49CB B901000000 mov ecx, $00000001 //一个字节 004D49D0 8BC3 mov eax, ebx 004D49D2 8B30 mov esi, [eax] 004D49D4 FF5608 call dword ptr [esi+$08] //read() //读文件的一个字节内容到[EBP-34] 004D49D7 807DCC30 cmp byte ptr [ebp-$34], $30 004D49DB 7206 jb 004D49E3 004D49DD 807DCC39 cmp byte ptr [ebp-$34], $39 004D49E1 760C jbe 004D49EF 004D49E3 807DCC23 cmp byte ptr [ebp-$34], $23 004D49E7 7406 jz 004D49EF 004D49E9 807DCC2A cmp byte ptr [ebp-$34], $2A 004D49ED 751E jnz 004D4A0D //比较[EBP-34]是不是数字,#,* 004D49EF 8D45B8 lea eax, [ebp-$48] 004D49F2 8A55CC mov dl, byte ptr [ebp-$34] * Reference to: System.@LStrFromChar(String;String;Char); | or: System.@LStrFromWChar(String;String;WideChar); | or: System.@WStrFromChar(WideString;WideString;Char); | or: System.@WStrFromWChar(WideString;WideString;WideChar); | 004D49F5 E84AFDF2FF call 00404744 //把[EBP-34]转换成字符 004D49FA 8B55B8 mov edx, [ebp-$48] 004D49FD 8D45E8 lea eax, [ebp-$18] * Reference to: System.@LStrCat; | 004D4A00 E81FFEF2FF call 00404824 //连接起来 004D4A05 FF45F0 inc dword ptr [ebp-$10] //计数器++ 004D4A08 E97B030000 jmp 004D4D88 004D4A0D 8BC3 mov eax, ebx * Reference to: Classes.TStream.GetPosition(TStream):Int64; | 004D4A0F E8784AF4FF call 0041948C //取得当前位置 004D4A14 8BF0 mov esi, eax 004D4A16 8D4607 lea eax, [esi+$07] //位置+7 004D4A19 33D2 xor edx, edx 004D4A1B 52 push edx 004D4A1C 50 push eax 004D4A1D 8B45F0 mov eax, [ebp-$10] 004D4A20 99 cdq 004D4A21 290424 sub dword ptr [esp], eax 004D4A24 19542404 sbb [esp+$04], edx 004D4A28 58 pop eax 004D4A29 5A pop edx 004D4A2A 52 push edx 004D4A2B 50 push eax 004D4A2C 8BC3 mov eax, ebx | 004D4A2E E8794AF4FF call 004194AC //@Classes@TStream@SetPosition$qqrxj //设置当前位置, 004D4A33 8D55C1 lea edx, [ebp-$3F] 004D4A36 B901000000 mov ecx, $00000001 004D4A3B 8BC3 mov eax, ebx 004D4A3D 8B38 mov edi, [eax] 004D4A3F FF5708 call dword ptr [edi+$08] //匹配了就读当前位置+7的一个字节到[ebp-$3F] 004D4A42 8BC6 mov eax, esi 004D4A44 33D2 xor edx, edx 004D4A46 52 push edx 004D4A47 50 push eax 004D4A48 8BC3 mov eax, ebx | 004D4A4A E85D4AF4FF call 004194AC 004D4A4F 837DF003 cmp dword ptr [ebp-$10], +$03 004D4A53 0F8E0A030000 jle 004D4D63 004D4A59 837DF009 cmp dword ptr [ebp-$10], +$09 004D4A5D 0F8D00030000 jnl 004D4D63 //比较[EBP-10]是不是在[4--8]之间 004D4A63 C645EF00 mov byte ptr [ebp-$11], $00 004D4A67 8D45E4 lea eax, [ebp-$1C] 004D4A6A 8B55E8 mov edx, [ebp-$18] * Reference to: System.@LStrLAsg(void;void;void;void); | 004D4A6D E88AFBF2FF call 004045FC 004D4A72 A104CC4D00 mov eax, dword ptr [$004DCC04] 004D4A77 8B00 mov eax, [eax] * Reference to control AllDigit : TCheckBox | 004D4A79 8B80F0030000 mov eax, [eax+$03F0] 004D4A7F 8B10 mov edx, [eax] 004D4A81 FF92C4000000 call dword ptr [edx+$00C4] 004D4A87 84C0 test al, al 004D4A89 7456 jz 004D4AE1 004D4A8B 807DC103 cmp byte ptr [ebp-$3F], $03 004D4A8F 762F jbe 004D4AC0 //[EBP-3F]介于4--[EBP-10]之间就继续 004D4A91 33C0 xor eax, eax 004D4A93 8A45C1 mov al, byte ptr [ebp-$3F] 004D4A96 3B45F0 cmp eax, [ebp-$10] 004D4A99 7F25 jnle 004D4AC0 004D4A9B 8D4DB4 lea ecx, [ebp-$4C] 004D4A9E 33D2 xor edx, edx 004D4AA0 8A55C1 mov dl, byte ptr [ebp-$3F] 004D4AA3 8B45E8 mov eax, [ebp-$18] * Reference to: StrUtils.LeftStr(AnsiString;Integer):AnsiString; | 004D4AA6 E861CBF6FF call 0044160C 004D4AAB 8B55B4 mov edx, [ebp-$4C] 004D4AAE 8D45E4 lea eax, [ebp-$1C] 004D4AB1 B91C4F4D00 mov ecx, $004D4F1C //'U' * Reference to: System.@LStrCat3; | 004D4AB6 E8ADFDF2FF call 00404868 //[EBP-3F]>[ebp-10]就与U连接起来 004D4ABB E98B000000 jmp 004D4B4B 004D4AC0 8A45C1 mov al, byte ptr [ebp-$3F] 004D4AC3 3C03 cmp al, $03 004D4AC5 0F8680000000 jbe 004D4B4B //比较[EBP-3F]是不是在4--8之间 004D4ACB 3C09 cmp al, $09 004D4ACD 737C jnb 004D4B4B 004D4ACF 8D45E4 lea eax, [ebp-$1C] 004D4AD2 B9284F4D00 mov ecx, $004D4F28 //'S' 004D4AD7 8B55E8 mov edx, [ebp-$18] * Reference to: System.@LStrCat3; | 004D4ADA E889FDF2FF call 00404868 //[EBP-3F]>[ebp-10]就与S连接起来 004D4ADF EB6A jmp 004D4B4B 004D4AE1 807DBC00 cmp byte ptr [ebp-$44], $00 004D4AE5 753F jnz 004D4B26 004D4AE7 8A45BD mov al, byte ptr [ebp-$43] 004D4AEA 24FE and al, $FE 004D4AEC 3C0A cmp al, $0A 004D4AEE 7536 jnz 004D4B26 004D4AF0 F645BEFE test byte ptr [ebp-$42], $FE 004D4AF4 7530 jnz 004D4B26 004D4AF6 33C0 xor eax, eax 004D4AF8 8A45C1 mov al, byte ptr [ebp-$3F] 004D4AFB 3B45F0 cmp eax, [ebp-$10] 004D4AFE 7F26 jnle 004D4B26 004D4B00 807DC103 cmp byte ptr [ebp-$3F], $03 004D4B04 7620 jbe 004D4B26 004D4B06 8D4DB0 lea ecx, [ebp-$50] 004D4B09 33D2 xor edx, edx 004D4B0B 8A55C1 mov dl, byte ptr [ebp-$3F] 004D4B0E 8B45E8 mov eax, [ebp-$18] * Reference to: StrUtils.LeftStr(AnsiString;Integer):AnsiString; | 004D4B11 E8F6CAF6FF call 0044160C leftstr()取左边[EBP-3F]位 004D4B16 8B55B0 mov edx, [ebp-$50] 004D4B19 8D45E4 lea eax, [ebp-$1C] 004D4B1C B91C4F4D00 mov ecx, $004D4F1C * Reference to: System.@LStrCat3; | 004D4B21 E842FDF2FF call 00404868 004D4B26 807DBD00 cmp byte ptr [ebp-$43], $00 004D4B2A 751F jnz 004D4B4B 004D4B2C 8A45BE mov al, byte ptr [ebp-$42] 004D4B2F 24FE and al, $FE 004D4B31 3C2A cmp al, $2A 004D4B33 7516 jnz 004D4B4B 004D4B35 807DC108 cmp byte ptr [ebp-$3F], $08 004D4B39 7510 jnz 004D4B4B 004D4B3B 8D45E4 lea eax, [ebp-$1C] 004D4B3E B9284F4D00 mov ecx, $004D4F28 's' 004D4B43 8B55E8 mov edx, [ebp-$18] * Reference to: System.@LStrCat3; | 004D4B46 E81DFDF2FF call 00404868 004D4B4B 8B45FC mov eax, [ebp-$04] 004D4B4E 8B10 mov edx, [eax] 004D4B50 FF5214 call dword ptr [edx+$14] 004D4B53 85C0 test eax, eax 004D4B55 7E3E jle 004D4B95 004D4B57 8B45FC mov eax, [ebp-$04] 004D4B5A 8B10 mov edx, [eax] 004D4B5C FF5214 call dword ptr [edx+$14] 004D4B5F 8BF0 mov esi, eax 004D4B61 4E dec esi 004D4B62 85F6 test esi, esi 004D4B64 722F jb 004D4B95 004D4B66 46 inc esi 004D4B67 C745F800000000 mov dword ptr [ebp-$08], $00000000 004D4B6E 8D4DAC lea ecx, [ebp-$54] 004D4B71 8B55F8 mov edx, [ebp-$08] 004D4B74 8B45FC mov eax, [ebp-$04] 004D4B77 8B38 mov edi, [eax] 004D4B79 FF570C call dword ptr [edi+$0C] 004D4B7C 8B55AC mov edx, [ebp-$54] 004D4B7F 8B45E4 mov eax, [ebp-$1C] * Reference to: System.@LStrCmp; | 004D4B82 E8D9FDF2FF call 00404960 004D4B87 7506 jnz 004D4B8F 004D4B89 C645EF01 mov byte ptr [ebp-$11], $01 004D4B8D EB06 jmp 004D4B95 004D4B8F FF45F8 inc dword ptr [ebp-$08] 004D4B92 4E dec esi 004D4B93 75D9 jnz 004D4B6E 004D4B95 807DEF00 cmp byte ptr [ebp-$11], $00 004D4B99 0F85DC010000 jnz 004D4D7B 004D4B9F A104CC4D00 mov eax, dword ptr [$004DCC04] 004D4BA4 8B00 mov eax, [eax] * Reference to control AllDigit : TCheckBox | 004D4BA6 8B80F0030000 mov eax, [eax+$03F0] 004D4BAC 8B10 mov edx, [eax] 004D4BAE FF92C4000000 call dword ptr [edx+$00C4] 004D4BB4 84C0 test al, al 004D4BB6 0F84C6000000 jz 004D4C82 004D4BBC 807DC103 cmp byte ptr [ebp-$3F], $03 004D4BC0 7669 jbe 004D4C2B 004D4BC2 33C0 xor eax, eax 004D4BC4 8A45C1 mov al, byte ptr [ebp-$3F] 004D4BC7 3B45F0 cmp eax, [ebp-$10] 004D4BCA 7F5F jnle 004D4C2B 004D4BCC 8D4DA8 lea ecx, [ebp-$58] 004D4BCF 33D2 xor edx, edx 004D4BD1 8A55C1 mov dl, byte ptr [ebp-$3F] 004D4BD4 8B45E8 mov eax, [ebp-$18] * Reference to: StrUtils.LeftStr(AnsiString;Integer):AnsiString; | 004D4BD7 E830CAF6FF call 0044160C //取左边[EBP-3F]位 004D4BDC 8B55A8 mov edx, [ebp-$58] 004D4BDF 8D45E8 lea eax, [ebp-$18] * Reference to: System.@LStrLAsg(void;void;void;void); | 004D4BE2 E815FAF2FF call 004045FC 004D4BE7 6A00 push $00 004D4BE9 8D45A4 lea eax, [ebp-$5C] 004D4BEC 8B4DE0 mov ecx, [ebp-$20] 004D4BEF 8B55E8 mov edx, [ebp-$18] * Reference to: System.@LStrCat3; | 004D4BF2 E871FCF2FF call 00404868 004D4BF7 8B4DA4 mov ecx, [ebp-$5C] 004D4BFA A104CC4D00 mov eax, dword ptr [$004DCC04] 004D4BFF 8B00 mov eax, [eax] 004D4C01 BA0000FF00 mov edx, $00FF0000 | 004D4C06 E8E9230000 call 004D6FF4 004D4C0B 8D45A0 lea eax, [ebp-$60] 004D4C0E B91C4F4D00 mov ecx, $004D4F1C 004D4C13 8B55E8 mov edx, [ebp-$18] * Reference to: System.@LStrCat3; | 004D4C16 E84DFCF2FF call 00404868 004D4C1B 8B55A0 mov edx, [ebp-$60] 004D4C1E 8B45FC mov eax, [ebp-$04] 004D4C21 8B08 mov ecx, [eax] 004D4C23 FF5138 call dword ptr [ecx+$38] 004D4C26 E92A010000 jmp 004D4D55 004D4C2B 8A45C1 mov al, byte ptr [ebp-$3F] 004D4C2E 3C03 cmp al, $03 004D4C30 0F861F010000 jbe 004D4D55 004D4C36 3C09 cmp al, $09 004D4C38 0F8317010000 jnb 004D4D55 004D4C3E 6A00 push $00 004D4C40 8D459C lea eax, [ebp-$64] 004D4C43 8B4DDC mov ecx, [ebp-$24] 004D4C46 8B55E8 mov edx, [ebp-$18] * Reference to: System.@LStrCat3; | 004D4C49 E81AFCF2FF call 00404868 004D4C4E 8B4D9C mov ecx, [ebp-$64] 004D4C51 A104CC4D00 mov eax, dword ptr [$004DCC04] 004D4C56 8B00 mov eax, [eax] 004D4C58 BA0000FF00 mov edx, $00FF0000 | 004D4C5D E892230000 call 004D6FF4 004D4C62 8D4598 lea eax, [ebp-$68] 004D4C65 B9284F4D00 mov ecx, $004D4F28 //'S' 004D4C6A 8B55E8 mov edx, [ebp-$18] * Reference to: System.@LStrCat3; | 004D4C6D E8F6FBF2FF call 00404868 004D4C72 8B5598 mov edx, [ebp-$68] 004D4C75 8B45FC mov eax, [ebp-$04] 004D4C78 8B08 mov ecx, [eax] 004D4C7A FF5138 call dword ptr [ecx+$38] //是S的就显示防盗码 004D4C7D E9D3000000 jmp 004D4D55 004D4C82 807DBC00 cmp byte ptr [ebp-$44], $00 004D4C86 7579 jnz 004D4D01 004D4C88 8A45BD mov al, byte ptr [ebp-$43] 004D4C8B 24FE and al, $FE 004D4C8D 3C0A cmp al, $0A 004D4C8F 7570 jnz 004D4D01 004D4C91 F645BEFE test byte ptr [ebp-$42], $FE 004D4C95 756A jnz 004D4D01 004D4C97 33C0 xor eax, eax 004D4C99 8A45C1 mov al, byte ptr [ebp-$3F] 004D4C9C 3B45F0 cmp eax, [ebp-$10] 004D4C9F 7F60 jnle 004D4D01 004D4CA1 807DC103 cmp byte ptr [ebp-$3F], $03 004D4CA5 765A jbe 004D4D01 004D4CA7 8D4D94 lea ecx, [ebp-$6C] 004D4CAA 33D2 xor edx, edx 004D4CAC 8A55C1 mov dl, byte ptr [ebp-$3F] 004D4CAF 8B45E8 mov eax, [ebp-$18] * Reference to: StrUtils.LeftStr(AnsiString;Integer):AnsiString; | 004D4CB2 E855C9F6FF call 0044160C 004D4CB7 8B5594 mov edx, [ebp-$6C] 004D4CBA 8D45E8 lea eax, [ebp-$18] * Reference to: System.@LStrLAsg(void;void;void;void); | 004D4CBD E83AF9F2FF call 004045FC 004D4CC2 6A00 push $00 004D4CC4 8D4590 lea eax, [ebp-$70] 004D4CC7 8B4DE0 mov ecx, [ebp-$20] 004D4CCA 8B55E8 mov edx, [ebp-$18] * Reference to: System.@LStrCat3; | 004D4CCD E896FBF2FF call 00404868 004D4CD2 8B4D90 mov ecx, [ebp-$70] 004D4CD5 A104CC4D00 mov eax, dword ptr [$004DCC04] 004D4CDA 8B00 mov eax, [eax] 004D4CDC BA0000FF00 mov edx, $00FF0000 | 004D4CE1 E80E230000 call 004D6FF4 004D4CE6 8D458C lea eax, [ebp-$74] 004D4CE9 B91C4F4D00 mov ecx, $004D4F1C //'U' 004D4CEE 8B55E8 mov edx, [ebp-$18] * Reference to: System.@LStrCat3; | 004D4CF1 E872FBF2FF call 00404868 004D4CF6 8B558C mov edx, [ebp-$74] 004D4CF9 8B45FC mov eax, [ebp-$04] 004D4CFC 8B08 mov ecx, [eax] 004D4CFE FF5138 call dword ptr [ecx+$38] 004D4D01 807DBD00 cmp byte ptr [ebp-$43], $00 004D4D05 754E jnz 004D4D55 004D4D07 8A45BE mov al, byte ptr [ebp-$42] 004D4D0A 24FE and al, $FE 004D4D0C 3C2A cmp al, $2A 004D4D0E 7545 jnz 004D4D55 004D4D10 807DC108 cmp byte ptr [ebp-$3F], $08 004D4D14 753F jnz 004D4D55 004D4D16 6A00 push $00 004D4D18 8D4588 lea eax, [ebp-$78] 004D4D1B 8B4DDC mov ecx, [ebp-$24] 004D4D1E 8B55E8 mov edx, [ebp-$18] * Reference to: System.@LStrCat3; | 004D4D21 E842FBF2FF call 00404868 004D4D26 8B4D88 mov ecx, [ebp-$78] 004D4D29 A104CC4D00 mov eax, dword ptr [$004DCC04] 004D4D2E 8B00 mov eax, [eax] 004D4D30 BA0000FF00 mov edx, $00FF0000 | 004D4D35 E8BA220000 call 004D6FF4 004D4D3A 8D4584 lea eax, [ebp-$7C] 004D4D3D B9284F4D00 mov ecx, $004D4F28 004D4D42 8B55E8 mov edx, [ebp-$18] //是U的就显示防盗码 * Reference to: System.@LStrCat3; | 004D4D45 E81EFBF2FF call 00404868 004D4D4A 8B5584 mov edx, [ebp-$7C] 004D4D4D 8B45FC mov eax, [ebp-$04] 004D4D50 8B08 mov ecx, [eax] 004D4D52 FF5138 call dword ptr [ecx+$38] 004D4D55 A180CB4D00 mov eax, dword ptr [$004DCB80] 004D4D5A 8B00 mov eax, [eax] * Reference to: Forms.TApplication.ProcessMessages(TApplication); | 004D4D5C E80B3BF9FF call 0046886C //加上这句程序就稳定很多 004D4D61 EB18 jmp 004D4D7B 004D4D63 837DF400 cmp dword ptr [ebp-$0C], +$00 004D4D67 7506 jnz 004D4D6F 004D4D69 8A45BD mov al, byte ptr [ebp-$43] 004D4D6C 8845BC mov [ebp-$44], al 004D4D6F 8A45BE mov al, byte ptr [ebp-$42] 004D4D72 8845BD mov [ebp-$43], al 004D4D75 8A45CC mov al, byte ptr [ebp-$34] 004D4D78 8845BE mov [ebp-$42], al 004D4D7B 33C0 xor eax, eax 004D4D7D 8945F0 mov [ebp-$10], eax 004D4D80 8D45E8 lea eax, [ebp-$18] * Reference to: System.@LStrClr(void;void); | 004D4D83 E8DCF7F2FF call 00404564 004D4D88 8BC3 mov eax, ebx * Reference to: Classes.TStream.GetPosition(TStream):Int64; | 004D4D8A E8FD46F4FF call 0041948C 004D4D8F 8BF0 mov esi, eax //取得当前位置-->esi 004D4D91 8BC3 mov eax, ebx * Reference to: Classes.TStream.GetSize(TStream):Int64; | 004D4D93 E82847F4FF call 004194C0 004D4D98 52 push edx 004D4D99 50 push eax //取得文件大小 004D4D9A 8BC6 mov eax, esi // EAX=ESI 004D4D9C 33D2 xor edx, edx 004D4D9E 3B542404 cmp edx, [esp+$04] //和文件大小比较 004D4DA2 750D jnz 004D4DB1 004D4DA4 3B0424 cmp eax, [esp] 004D4DA7 5A pop edx 004D4DA8 58 pop eax 004D4DA9 0F8219FCFFFF jb 004D49C8 004D4DAF EB08 jmp 004D4DB9 004D4DB1 5A pop edx 004D4DB2 58 pop eax 004D4DB3 0F8C0FFCFFFF jl 004D49C8 //小于继续循环 004D4DB9 A130C94D00 mov eax, dword ptr [$004DC930] 004D4DBE 803800 cmp byte ptr [eax], $00 004D4DC1 7440 jz 004D4E03 004D4DC3 8B45FC mov eax, [ebp-$04] 004D4DC6 8B10 mov edx, [eax] 004D4DC8 FF5214 call dword ptr [edx+$14] 004D4DCB 85C0 test eax, eax 004D4DCD 7E1A jle 004D4DE9 004D4DCF 6A00 push $00 004D4DD1 A104CC4D00 mov eax, dword ptr [$004DCC04] 004D4DD6 8B00 mov eax, [eax] * Possible String Reference to: '分析完毕.' | 004D4DD8 B9344F4D00 mov ecx, $004D4F34 004D4DDD BA0000FF00 mov edx, $00FF0000 | 004D4DE2 E80D220000 call 004D6FF4 004D4DE7 EB58 jmp 004D4E41 004D4DE9 6A00 push $00 004D4DEB A104CC4D00 mov eax, dword ptr [$004DCC04] 004D4DF0 8B00 mov eax, [eax] * Possible String Reference to: '没有找到,请联系天目.' | 004D4DF2 B9484F4D00 mov ecx, $004D4F48 004D4DF7 BA0000FF00 mov edx, $00FF0000 | 004D4DFC E8F3210000 call 004D6FF4总结一下:
查找字库里由数字,#,*组成的~!,长度4--8为之间。长度记为i
从这个匹配的数据开始位置+7(从零开始计数),读去一个字节内容,这个内容要在4--8之间,记做buf
buf>i与s连接,否则与U连接
与U连接的是开机码
与S连接的是防盗码
由此可以看出密码在手机里的存储方式了.
下面是我写的程序
unit Unit1; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls, StrUtils; type TForm1 = class(TForm) Button1: TButton; Button2: TButton; Edit1: TEdit; Memo1: TMemo; OpenDialog1: TOpenDialog; procedure Button1Click(Sender: TObject); procedure Button2Click(Sender: TObject); private { Private declarations } public { Public declarations } end; var Form1: TForm1; mem: TmemoryStream; implementation {$R *.dfm} procedure TForm1.Button1Click(Sender: TObject); begin if opendialog1.Execute then edit1.Text := opendialog1.FileName; memo1.Clear ; end; procedure TForm1.Button2Click(Sender: TObject); var nsize: cardinal; buf: byte; num: byte; read: string; pos1,pos2: cardinal; begin memo1.Clear ; try mem := Tmemorystream.Create; mem.LoadFromFile(edit1.Text); nsize := mem.Size; repeat pos1 := mem.Position; pos2 := mem.Position; mem.ReadBuffer(buf, 1); if ((buf>=$30) and (buf <= $39)) or (buf = $23) or (buf =$2a)) then //if ((chr(buf) >= '0') and (chr(buf) <= '9')) or ((chr(buf) = '#') or (chr(buf) = '*')) then begin appendstr(read, chr(buf)); num := length(read); end else begin if (num <= 8) and (num >= 4) then begin pos1 := pos1 + 8 - num; mem.Position := pos1; mem.read(buf, 1); if (ord(buf) >= 04) and (ord(buf) <= 8) then if ord(buf) > num then begin if (pos(read,memo1.Lines.Text)=0) then memo1.Lines.Add(leftstr(read, ord(buf)) + '防盗码'); end else begin if (pos(read,memo1.Lines.Text)=0) then memo1.Lines.Add(leftstr(read, ord(buf)) + '开机码'); end; end; read := ''; num := 0; pos2:=pos2+1; mem.Position:=pos2; application.ProcessMessages; end; until pos1 >=nsize-1; finally memo1.Lines.Add('分析完毕'); mem.Free; end; end; end.
以下是截图:
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
上传的附件: