004BA8CB 04 8D ADD AL,8D
004BA8CD 55 PUSH EBP
004BA8CE E4 33 IN AL,33 ; I/O 命令
004BA8D0 C0E8 4E SHR AL,4E ; 位移常数超出 1..31 的范围
004BA8D3 82F4 FF XOR AH,FFFFFFFF
004BA8D6 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
004BA8D9 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
004BA8DC E8 2FEAF4FF CALL RunGame.00409310
004BA8E1 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004BA8E4 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
004BA8E7 E8 9CE0F4FF CALL RunGame.00408988
004BA8EC 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
004BA8EF BA 74AA4B00 MOV EDX,RunGame.004BAA74 ; ASCII "RUNGAME.EXE"
004BA8F4 E8 B7A1F4FF CALL RunGame.00404AB0
004BA8F9 0F85 94000000 JNZ RunGame.004BA993
004BA8FF 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
004BA902 A1 94CC4B00 MOV EAX,DWORD PTR DS:[4BCC94]
004BA907 8B00 MOV EAX,DWORD PTR DS:[EAX]
004BA909 E8 321DFCFF CALL RunGame.0047C640
004BA90E 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
004BA911 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
004BA914 E8 C3E9F4FF CALL RunGame.004092DC
004BA919 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
004BA91C BA 88AA4B00 MOV EDX,RunGame.004BAA88 ; ASCII "AUTOUP.exe"
004BA921 E8 46A0F4FF CALL RunGame.0040496C
004BA926 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
004BA929 E8 E2E8F4FF CALL RunGame.00409210
004BA92E 84C0 TEST AL,AL
004BA930 74 2F JE SHORT RunGame.004BA961
004BA932 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
004BA935 A1 94CC4B00 MOV EAX,DWORD PTR DS:[4BCC94]
004BA93A 8B00 MOV EAX,DWORD PTR DS:[EAX]
004BA93C E8 FF1CFCFF CALL RunGame.0047C640
004BA941 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
004BA944 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
004BA947 E8 90E9F4FF CALL RunGame.004092DC
004BA94C 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
004BA94F BA 88AA4B00 MOV EDX,RunGame.004BAA88 ; ASCII "AUTOUP.exe"
004BA954 E8 13A0F4FF CALL RunGame.0040496C
004BA959 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004BA95C E8 E3E8F4FF CALL RunGame.00409244
004BA961 68 94AA4B00 PUSH RunGame.004BAA94 ; ASCII "TZtT"
004BA966 6A FF PUSH -1
004BA968 6A 00 PUSH 0
004BA96A E8 A1C1F4FF CALL RunGame.00406B10
004BA96F E8 B4C2F4FF CALL RunGame.00406C28
004BA974 3D B7000000 CMP EAX,0B7
004BA979 75 18 JNZ SHORT RunGame.004BA993
004BA97B 6A 10 PUSH 10
004BA97D 68 9CAA4B00 PUSH RunGame.004BAA9C
004BA982 68 A4AA4B00 PUSH RunGame.004BAAA4
004BA987 6A 00 PUSH 0
004BA989 E8 12CBF4FF CALL RunGame.004074A0
004BA98E E8 7D9BF4FF CALL RunGame.00404510
004BA993 B8 ACDF4B00 MOV EAX,RunGame.004BDFAC
004BA998 BA D4AA4B00 MOV EDX,RunGame.004BAAD4 ; ASCII "DE"
004BA99D E8 569DF4FF CALL RunGame.004046F8
004BA9A2 B8 ACDF4B00 MOV EAX,RunGame.004BDFAC
004BA9A7 8B15 ACDF4B00 MOV EDX,DWORD PTR DS:[4BDFAC]
004BA9AD E8 BA9FF4FF CALL RunGame.0040496C
004BA9B2 E8 19C2F4FF CALL RunGame.00406BD0
004BA9B7 8BD0 MOV EDX,EAX
004BA9B9 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
004BA9BC E8 DB9EF4FF CALL RunGame.0040489C
004BA9C1 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34]
004BA9C4 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
004BA9C7 E8 BCDFF4FF CALL RunGame.00408988
004BA9CC 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30]
004BA9CF A1 ACDF4B00 MOV EAX,DWORD PTR DS:[4BDFAC]
004BA9D4 E8 CFA2F4FF CALL RunGame.00404CA8
004BA9D9 85C0 TEST EAX,EAX
004BA9DB 7E 0D JLE SHORT RunGame.004BA9EA
004BA9DD 6A 00 PUSH 0
004BA9DF E8 FCC1F4FF CALL RunGame.00406BE0
---------------------------------------------------哪里是DELPHI 的 OEP呢需要怎么改
004BA9E4 50 PUSH EAX
004BA9E5 E8 AEC3F4FF CALL RunGame.00406D98
004BA9EA A1 94CC4B00 MOV EAX,DWORD PTR DS:[4BCC94]
004BA9EF 8B00 MOV EAX,DWORD PTR DS:[EAX]
004BA9F1 E8 A215FCFF CALL RunGame.0047BF98
004BA9F6 A1 94CC4B00 MOV EAX,DWORD PTR DS:[4BCC94]
004BA9FB 8B00 MOV EAX,DWORD PTR DS:[EAX]
004BA9FD BA E0AA4B00 MOV EDX,RunGame.004BAAE0
004BAA02 E8 8911FCFF CALL RunGame.0047BB90
004BAA07 8B0D 24CB4B00 MOV ECX,DWORD PTR DS:[4BCB24] ; RunGame.004BDF1C
004BAA0D A1 94CC4B00 MOV EAX,DWORD PTR DS:[4BCC94]
004BAA12 8B00 MOV EAX,DWORD PTR DS:[EAX]
004BAA14 8B15 A0654B00 MOV EDX,DWORD PTR DS:[4B65A0] ; RunGame.004B65EC
004BAA1A E8 9115FCFF CALL RunGame.0047BFB0
004BAA1F 8B0D A8CC4B00 MOV ECX,DWORD PTR DS:[4BCCA8] ; RunGame.004BDF10
004BAA25 A1 94CC4B00 MOV EAX,DWORD PTR DS:[4BCC94]
004BAA2A 8B00 MOV EAX,DWORD PTR DS:[EAX]
004BAA2C 8B15 CC504B00 MOV EDX,DWORD PTR DS:[4B50CC] ; RunGame.004B5118
004BAA32 E8 7915FCFF CALL RunGame.0047BFB0
004BAA37 A1 94CC4B00 MOV EAX,DWORD PTR DS:[4BCC94]
004BAA3C 8B00 MOV EAX,DWORD PTR DS:[EAX]
004BAA3E E8 ED15FCFF CALL RunGame.0047C030
004BAA43 33C0 XOR EAX,EAX
004BAA45 5A POP EDX
004BAA46 59 POP ECX
004BAA47 59 POP ECX
004BAA48 64:8910 MOV DWORD PTR FS:[EAX],EDX
004BAA4B 68 65AA4B00 PUSH RunGame.004BAA65
004BAA50 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
004BAA53 BA 09000000 MOV EDX,9
004BAA58 E8 6B9CF4FF CALL RunGame.004046C8
004BAA5D C3 RETN
[课程]Android-CTF解题方法汇总!