[求助]新手求助(加急)-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]新手求助(加急) 0.00雪花

发表于: 2009-5-25 20:44 3557

[旧帖] [求助]新手求助(加急) 0.00雪花

留名过客

2009-5-25 20:44

3557

最近看了《加密与解密》这本书，自己想动手找出一个软件的注册码，可是按书上的所有方法，都找不出来。我把我的方法讲一下，求各位高手不吝赐教，不胜感激！！！！！！！！
【加壳方式】 Borland Delphi 6.0 - 7.0（无壳）

先用DarkDe4.exe进行反编译。找到程序中注册窗口中计算注册码的入口点。
***************************************************************
004CD454 55                   push ebp
004CD455 8BEC                mov    ebp, esp
004CD457 33C9                xor    ecx, ecx
004CD459 51                   push ecx
004CD45A 51                   push ecx
004CD45B 51                   push ecx
004CD45C 51                   push ecx
004CD45D 51                   push ecx
004CD45E 51                   push ecx
004CD45F 53                   push ebx
004CD460 8BD8                mov    ebx, eax
004CD462 33C0                xor    eax, eax
004CD464 55                   push ebp

* Possible String Reference to: '殛g?朕[嬪]脥@'
|
004CD465 6851D54C00          push $004CD551

***** TRY
|
004CD46A 64FF30                push dword ptr fs:[eax]
004CD46D 648920                mov    fs:[eax], esp
004CD470 8D55FC                lea    edx, [ebp-$04]

* Reference to control edtauthorizationCode : TEdit
|
004CD473 8B83F4020000          mov    eax, [ebx+$02F4]

* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
004CD479 E8D2ACF7FF          call 00448150
004CD47E 8B45FC                mov    eax, [ebp-$04]

|
004CD481 E87ADFFCFF          call 0049B400
004CD486 84C0                test al, al

004CD488 0F8480000000          jz    004CD50E；***********************

004CD48E 8D55F8                lea    edx, [ebp-$08]

* Reference to control edtauthorizationCode : TEdit
|
004CD491 8B83F4020000          mov    eax, [ebx+$02F4]

* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
004CD497 E8B4ACF7FF          call 00448150
004CD49C 8B45F8                mov    eax, [ebp-$08]
004CD49F 50                   push eax
004CD4A0 8D55F4                lea    edx, [ebp-$0C]

* Reference to control edtName : TEdit
|
004CD4A3 8B8304030000          mov    eax, [ebx+$0304]

* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
004CD4A9 E8A2ACF7FF          call 00448150
004CD4AE 8B55F4                mov    edx, [ebp-$0C]
004CD4B1 A13C024E00          mov    eax, dword ptr [$004E023C]
004CD4B6 8B00                mov    eax, [eax]
004CD4B8 59                   pop    ecx

* Reference to : TfrmMain._PROC_004D46D8()
|
004CD4B9 E81A720000          call 004D46D8
004CD4BE 84C0                test al, al
004CD4C0 7427                jz    004CD4E9
004CD4C2 C7834C02000001000000 mov    dword ptr [ebx+$024C], $00000001
004CD4CC 66B8F100             mov    ax, $00F1

|
004CD4D0 E86FF5FCFF          call 0049CA44
004CD4D5 8BD0                mov    edx, eax
004CD4D7 8D45F0                lea    eax, [ebp-$10]

* Reference to: System.@LStrFromPChar(String;String;PAnsiChar);
|          or: System.@WStrFromPChar(WideString;WideString;PAnsiChar);
|
004CD4DA E82970F3FF          call 00404508
004CD4DF 8B45F0                mov    eax, [ebp-$10]

|
004CD4E2 E8318AFCFF          call 00495F18
004CD4E7 EB40                jmp    004CD529
004CD4E9 66B8F300             mov    ax, $00F3

|
004CD4ED E852F5FCFF          call 0049CA44
004CD4F2 8BD0                mov    edx, eax
004CD4F4 8D45EC                lea    eax, [ebp-$14]

* Reference to: System.@LStrFromPChar(String;String;PAnsiChar);
|          or: System.@WStrFromPChar(WideString;WideString;PAnsiChar);
|
004CD4F7 E80C70F3FF          call 00404508
004CD4FC 8B45EC                mov    eax, [ebp-$14]

|
004CD4FF E8BC89FCFF          call 00495EC0
004CD504 33C0                xor    eax, eax
004CD506 89834C020000          mov    [ebx+$024C], eax
004CD50C EB1B                jmp    004CD529
004CD50E 66B8F200             mov    ax, $00F2

|
004CD512 E82DF5FCFF          call 0049CA44
004CD517 8BD0                mov    edx, eax
004CD519 8D45E8                lea    eax, [ebp-$18]

* Reference to: System.@LStrFromPChar(String;String;PAnsiChar);
|          or: System.@WStrFromPChar(WideString;WideString;PAnsiChar);
|
004CD51C E8E76FF3FF          call 00404508
004CD521 8B45E8                mov    eax, [ebp-$18]

|
004CD524 E8EF89FCFF          call 00495F18
004CD529 33C0                xor    eax, eax
004CD52B 5A                   pop    edx
004CD52C 59                   pop    ecx
004CD52D 59                   pop    ecx
004CD52E 648910                mov    fs:[eax], edx

****** FINALLY
|

* Possible String Reference to: '[嬪]脥@'
|
004CD531 6858D54C00          push $004CD558
004CD536 8D45E8                lea    eax, [ebp-$18]
004CD539 BA03000000          mov    edx, $00000003

* Reference to: System.@LStrArrayClr(void;void;Integer);
|
004CD53E E8F96DF3FF          call 0040433C
004CD543 8D45F4                lea    eax, [ebp-$0C]
004CD546 BA03000000          mov    edx, $00000003

* Reference to: System.@LStrArrayClr(void;void;Integer);
|
004CD54B E8EC6DF3FF          call 0040433C
004CD550 C3                   ret

* Reference to: System.@HandleFinally;
|
004CD551 E9EA67F3FF          jmp    00403D40
004CD556 EBDE                jmp    004CD536

****** END
|
004CD558 5B                   pop    ebx
004CD559 8BE5                mov    esp, ebp
004CD55B 5D                   pop    ebp
004CD55C C3                   ret
***************************************************************
我认为
004CD481 E87ADFFCFF          call 0049B400
004CD486 84C0                test al, al

004CD488 0F8480000000          jz    004CD50E；***********************

004CD48E 8D55F8                lea    edx, [ebp-$08]
这四行是入口，通过判断al，判断注册码是否正确。

我首先是把
004CD488 0F8480000000          jz    004CD50E；***********************
改为
004CD488 0F8480000000          jnz    004CD50E；***********************
结果显示注册成功。但是程序重新启动后注册窗口又出现。

在
004CD481 E87ADFFCFF          call 0049B400
中按F7步入，在堆栈窗口中没看到正确的注册码，只看到我输入的用户名和注册码。

我又从另一本书中看到一个办法，就是先运行注册程序，让后打开WinHex_12.75_SR-6_HA，搜索输入的用户名和注册码，但是还是没有正确的注册码。

我是新手，问的问题有点弱智，请各位高手不吝赐教！！！！

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！

收藏・0

免费・0

支持

最新回复 (4)
jackozoo 雪币： 1450 活跃值： (35) 能力值： (RANK：680 ) 在线值：发帖 50 回帖 775 粉丝 3 关注私信	jackozoo 14 2 楼都现在这个年代了, 不会让你看到明码的~~ 除非一些古董软件 . 你的分析有误. 这里才是关键: 004CD4AE 8B55F4 mov edx, [ebp-$0C] ; 用户名 004CD4B1 A13C024E00 mov eax, dword ptr [$004E023C] ; Delphi中窗口句柄指针 004CD4B6 8B00 mov eax, [eax] ; Delphi中窗口句柄 004CD4B8 59 pop ecx ; 你输入的注册码 * Reference to : TfrmMain._PROC_004D46D8() \| 004CD4B9 E81A720000 call 004D46D8 ; 算法在这里. F(Name, Reg) 004CD4BE 84C0 test al, al 004CD4C0 7427 jz 004CD4E9 ; 这里改为jnz即可. Delphi传参: eax, edx, ecx ... 2009-5-27 08:39 0
留名过客雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 8 粉丝 0 关注私信	留名过客 3 楼谢谢jackozoo。我试过，如果按你说的该，它会提示现在无法注册。如果输入错误注册码，它提示注册码错误。如果按我上面的方法该，他会提示注册成功。不过重启程序后，注册窗口有出现。 2009-5-28 21:33 0
loway 雪币： 227 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 63 粉丝 0 关注私信	loway 4 楼这个应该是重启验证也就是说软件把注册信息放到了一个地方储存每次重启都会拿出来比较理论上是只要找到比较的地方再实行爆破就可以了 2009-5-28 23:42 0
留名过客雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 8 粉丝 0 关注私信	留名过客 5 楼谢谢loway的回答。今天看了看，我想注册码计算过程应该在下面这段代码中，但是看不怎么懂啊。请高手指教！ 0049B400 55 push ebp 0049B401 8BEC mov ebp, esp 0049B403 33C9 xor ecx, ecx 0049B405 51 push ecx 0049B406 51 push ecx 0049B407 51 push ecx 0049B408 51 push ecx 0049B409 51 push ecx 0049B40A 53 push ebx 0049B40B 56 push esi 0049B40C 57 push edi 0049B40D 8945FC mov [ebp-$04], eax 0049B410 8B45FC mov eax, [ebp-$04] * Reference to: System.@LStrAddRef(void;void):Pointer; \| 0049B413 E8A093F6FF call 004047B8 0049B418 33C0 xor eax, eax 0049B41A 55 push ebp * Possible String Reference to: '閱圅腚嬅_^[嬪]? \| 0049B41B 68B5B54900 push $0049B5B5 *** TRY \| 0049B420 64FF30 push dword ptr fs:[eax] 0049B423 648920 mov fs:[eax], esp 0049B426 33DB xor ebx, ebx 0049B428 33C0 xor eax, eax 0049B42A 55 push ebp 0049B42B 688EB54900 push $0049B58E *** TRY \| 0049B430 64FF30 push dword ptr fs:[eax] 0049B433 648920 mov fs:[eax], esp 0049B436 8B45FC mov eax, [ebp-$04] * Reference to: System.@LStrLen(String):Integer; \| or: System.@DynArrayLength; \| or: System.DynArraySize(Pointer):Integer; \| or: Variants.DynArraySize(Pointer):Integer; \| 0049B439 E89291F6FF call 004045D0 0049B43E 83F816 cmp eax, +$16 0049B441 740D jz 0049B450 0049B443 33C0 xor eax, eax 0049B445 5A pop edx 0049B446 59 pop ecx 0049B447 59 pop ecx 0049B448 648910 mov fs:[eax], edx 0049B44B E94A010000 jmp 0049B59A 0049B450 8D45F0 lea eax, [ebp-$10] * Reference to: System.@LStrClr(void;void); \| 0049B453 E8C08EF6FF call 00404318 0049B458 8D45F0 lea eax, [ebp-$10] 0049B45B BAD0B54900 mov edx, $0049B5D0 * Reference to: System.@LStrCat; \| 0049B460 E87391F6FF call 004045D8 0049B465 8D45F0 lea eax, [ebp-$10] 0049B468 BADCB54900 mov edx, $0049B5DC * Reference to: System.@LStrCat; \| 0049B46D E86691F6FF call 004045D8 0049B472 8D45F0 lea eax, [ebp-$10] 0049B475 BAE8B54900 mov edx, $0049B5E8 * Reference to: System.@LStrCat; \| 0049B47A E85991F6FF call 004045D8 0049B47F 8D45F0 lea eax, [ebp-$10] 0049B482 BAF4B54900 mov edx, $0049B5F4 * Reference to: System.@LStrCat; \| 0049B487 E84C91F6FF call 004045D8 0049B48C 8B45F0 mov eax, [ebp-$10] * Reference to: System.@LStrToPChar(String):PAnsiChar; \| 0049B48F E83493F6FF call 004047C8 0049B494 50 push eax 0049B495 8B45FC mov eax, [ebp-$04] * Reference to: System.@LStrToPChar(String):PAnsiChar; \| 0049B498 E82B93F6FF call 004047C8 0049B49D 8BF0 mov esi, eax 0049B49F 8BC6 mov eax, esi 0049B4A1 5A pop edx * Reference to: SysUtils.StrPos(PChar;PChar):PChar; \| 0049B4A2 E88DDFF6FF call 00409434 0049B4A7 8BF8 mov edi, eax 0049B4A9 3BFE cmp edi, esi 0049B4AB 740D jz 0049B4BA 0049B4AD 33C0 xor eax, eax 0049B4AF 5A pop edx 0049B4B0 59 pop ecx 0049B4B1 59 pop ecx 0049B4B2 648910 mov fs:[eax], edx 0049B4B5 E9E0000000 jmp 0049B59A 0049B4BA B804000000 mov eax, $00000004 0049B4BF 8B55FC mov edx, [ebp-$04] 0049B4C2 48 dec eax 0049B4C3 85D2 test edx, edx 0049B4C5 7405 jz 0049B4CC 0049B4C7 3B42FC cmp eax, [edx-$04] 0049B4CA 7205 jb 0049B4D1 * Reference to: System.@BoundErr; \| 0049B4CC E81380F6FF call 004034E4 0049B4D1 40 inc eax 0049B4D2 807C02FF2D cmp byte ptr [edx+eax-$01], $2D 0049B4D7 753E jnz 0049B517 0049B4D9 B80B000000 mov eax, $0000000B 0049B4DE 8B55FC mov edx, [ebp-$04] 0049B4E1 48 dec eax 0049B4E2 85D2 test edx, edx 0049B4E4 7405 jz 0049B4EB 0049B4E6 3B42FC cmp eax, [edx-$04] 0049B4E9 7205 jb 0049B4F0 * Reference to: System.@BoundErr; \| 0049B4EB E8F47FF6FF call 004034E4 0049B4F0 40 inc eax 0049B4F1 807C02FF2D cmp byte ptr [edx+eax-$01], $2D 0049B4F6 751F jnz 0049B517 0049B4F8 B810000000 mov eax, $00000010 0049B4FD 8B55FC mov edx, [ebp-$04] 0049B500 48 dec eax 0049B501 85D2 test edx, edx 0049B503 7405 jz 0049B50A 0049B505 3B42FC cmp eax, [edx-$04] 0049B508 7205 jb 0049B50F * Reference to: System.@BoundErr; \| 0049B50A E8D57FF6FF call 004034E4 0049B50F 40 inc eax 0049B510 807C02FF2D cmp byte ptr [edx+eax-$01], $2D 0049B515 740A jz 0049B521 0049B517 33C0 xor eax, eax 0049B519 5A pop edx 0049B51A 59 pop ecx 0049B51B 59 pop ecx 0049B51C 648910 mov fs:[eax], edx 0049B51F EB79 jmp 0049B59A 0049B521 8D45F8 lea eax, [ebp-$08] 0049B524 50 push eax 0049B525 B906000000 mov ecx, $00000006 0049B52A BA05000000 mov edx, $00000005 0049B52F 8B45FC mov eax, [ebp-$04] * Reference to: System.@LStrCopy; \| 0049B532 E8F192F6FF call 00404828 0049B537 8D45F4 lea eax, [ebp-$0C] 0049B53A 50 push eax 0049B53B B904000000 mov ecx, $00000004 0049B540 BA0C000000 mov edx, $0000000C 0049B545 8B45FC mov eax, [ebp-$04] * Reference to: System.@LStrCopy; \| 0049B548 E8DB92F6FF call 00404828 0049B54D 8D45EC lea eax, [ebp-$14] 0049B550 50 push eax 0049B551 B906000000 mov ecx, $00000006 0049B556 BA11000000 mov edx, $00000011 0049B55B 8B45FC mov eax, [ebp-$04] * Reference to: System.@LStrCopy; \| 0049B55E E8C592F6FF call 00404828 0049B563 8D4DF0 lea ecx, [ebp-$10] 0049B566 8B55F4 mov edx, [ebp-$0C] 0049B569 8B45F8 mov eax, [ebp-$08] \| 0049B56C E86FFAFFFF call 0049AFE0 0049B571 8B45EC mov eax, [ebp-$14] 0049B574 8B55F0 mov edx, [ebp-$10] * Reference to: System.@LStrCmp; \| 0049B577 E89891F6FF call 00404714 0049B57C 7504 jnz 0049B582 0049B57E B301 mov bl, $01 0049B580 EB02 jmp 0049B584 0049B582 33DB xor ebx, ebx 0049B584 33C0 xor eax, eax 0049B586 5A pop edx 0049B587 59 pop ecx 0049B588 59 pop ecx 0049B589 648910 mov fs:[eax], edx 0049B58C EB0C jmp 0049B59A * Reference to: System.@HandleAnyException; \| 0049B58E E9F984F6FF jmp 00403A8C 0049B593 33DB xor ebx, ebx * Reference to: System.@DoneExcept; \| 0049B595 E85A88F6FF call 00403DF4 **** END \| 0049B59A 33C0 xor eax, eax 0049B59C 5A pop edx 0049B59D 59 pop ecx 0049B59E 59 pop ecx 0049B59F 648910 mov fs:[eax], edx **** FINALLY \| * Possible String Reference to: '嬅_^[嬪]? \| 0049B5A2 68BCB54900 push $0049B5BC 0049B5A7 8D45EC lea eax, [ebp-$14] 0049B5AA BA05000000 mov edx, $00000005 * Reference to: System.@LStrArrayClr(void;void;Integer); \| 0049B5AF E8888DF6FF call 0040433C 0049B5B4 C3 ret * Reference to: System.@HandleFinally; \| 0049B5B5 E98687F6FF jmp 00403D40 0049B5BA EBEB jmp 0049B5A7 ****** END \| 0049B5BC 8BC3 mov eax, ebx 0049B5BE 5F pop edi 0049B5BF 5E pop esi 0049B5C0 5B pop ebx 0049B5C1 8BE5 mov esp, ebp 0049B5C3 5D pop ebp 0049B5C4 C3 ret 2009-5-29 12:50 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

留名过客

发帖

回帖

RANK

关注

私信

他的文章

[求助]求助 2659
[求助]新手求助(加急) 3558

关于我们

联系我们

企业服务

看雪公众号

最新回复 (4)
jackozoo 雪币： 1450 活跃值： (35) 能力值： (RANK：680 ) 在线值：发帖 50 回帖 775 粉丝 3 关注私信	jackozoo 14 2 楼都现在这个年代了, 不会让你看到明码的~~ 除非一些古董软件 . 你的分析有误. 这里才是关键: 004CD4AE 8B55F4 mov edx, [ebp-$0C] ; 用户名 004CD4B1 A13C024E00 mov eax, dword ptr [$004E023C] ; Delphi中窗口句柄指针 004CD4B6 8B00 mov eax, [eax] ; Delphi中窗口句柄 004CD4B8 59 pop ecx ; 你输入的注册码 * Reference to : TfrmMain._PROC_004D46D8() \| 004CD4B9 E81A720000 call 004D46D8 ; 算法在这里. F(Name, Reg) 004CD4BE 84C0 test al, al 004CD4C0 7427 jz 004CD4E9 ; 这里改为jnz即可. Delphi传参: eax, edx, ecx ... 2009-5-27 08:39 0
留名过客雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 8 粉丝 0 关注私信	留名过客 3 楼谢谢jackozoo。我试过，如果按你说的该，它会提示现在无法注册。如果输入错误注册码，它提示注册码错误。如果按我上面的方法该，他会提示注册成功。不过重启程序后，注册窗口有出现。 2009-5-28 21:33 0
loway 雪币： 227 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 63 粉丝 0 关注私信	loway 4 楼这个应该是重启验证也就是说软件把注册信息放到了一个地方储存每次重启都会拿出来比较理论上是只要找到比较的地方再实行爆破就可以了 2009-5-28 23:42 0
留名过客雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 8 粉丝 0 关注私信	留名过客 5 楼谢谢loway的回答。今天看了看，我想注册码计算过程应该在下面这段代码中，但是看不怎么懂啊。请高手指教！ 0049B400 55 push ebp 0049B401 8BEC mov ebp, esp 0049B403 33C9 xor ecx, ecx 0049B405 51 push ecx 0049B406 51 push ecx 0049B407 51 push ecx 0049B408 51 push ecx 0049B409 51 push ecx 0049B40A 53 push ebx 0049B40B 56 push esi 0049B40C 57 push edi 0049B40D 8945FC mov [ebp-$04], eax 0049B410 8B45FC mov eax, [ebp-$04] * Reference to: System.@LStrAddRef(void;void):Pointer; \| 0049B413 E8A093F6FF call 004047B8 0049B418 33C0 xor eax, eax 0049B41A 55 push ebp * Possible String Reference to: '閱圅腚嬅_^[嬪]? \| 0049B41B 68B5B54900 push $0049B5B5 *** TRY \| 0049B420 64FF30 push dword ptr fs:[eax] 0049B423 648920 mov fs:[eax], esp 0049B426 33DB xor ebx, ebx 0049B428 33C0 xor eax, eax 0049B42A 55 push ebp 0049B42B 688EB54900 push $0049B58E *** TRY \| 0049B430 64FF30 push dword ptr fs:[eax] 0049B433 648920 mov fs:[eax], esp 0049B436 8B45FC mov eax, [ebp-$04] * Reference to: System.@LStrLen(String):Integer; \| or: System.@DynArrayLength; \| or: System.DynArraySize(Pointer):Integer; \| or: Variants.DynArraySize(Pointer):Integer; \| 0049B439 E89291F6FF call 004045D0 0049B43E 83F816 cmp eax, +$16 0049B441 740D jz 0049B450 0049B443 33C0 xor eax, eax 0049B445 5A pop edx 0049B446 59 pop ecx 0049B447 59 pop ecx 0049B448 648910 mov fs:[eax], edx 0049B44B E94A010000 jmp 0049B59A 0049B450 8D45F0 lea eax, [ebp-$10] * Reference to: System.@LStrClr(void;void); \| 0049B453 E8C08EF6FF call 00404318 0049B458 8D45F0 lea eax, [ebp-$10] 0049B45B BAD0B54900 mov edx, $0049B5D0 * Reference to: System.@LStrCat; \| 0049B460 E87391F6FF call 004045D8 0049B465 8D45F0 lea eax, [ebp-$10] 0049B468 BADCB54900 mov edx, $0049B5DC * Reference to: System.@LStrCat; \| 0049B46D E86691F6FF call 004045D8 0049B472 8D45F0 lea eax, [ebp-$10] 0049B475 BAE8B54900 mov edx, $0049B5E8 * Reference to: System.@LStrCat; \| 0049B47A E85991F6FF call 004045D8 0049B47F 8D45F0 lea eax, [ebp-$10] 0049B482 BAF4B54900 mov edx, $0049B5F4 * Reference to: System.@LStrCat; \| 0049B487 E84C91F6FF call 004045D8 0049B48C 8B45F0 mov eax, [ebp-$10] * Reference to: System.@LStrToPChar(String):PAnsiChar; \| 0049B48F E83493F6FF call 004047C8 0049B494 50 push eax 0049B495 8B45FC mov eax, [ebp-$04] * Reference to: System.@LStrToPChar(String):PAnsiChar; \| 0049B498 E82B93F6FF call 004047C8 0049B49D 8BF0 mov esi, eax 0049B49F 8BC6 mov eax, esi 0049B4A1 5A pop edx * Reference to: SysUtils.StrPos(PChar;PChar):PChar; \| 0049B4A2 E88DDFF6FF call 00409434 0049B4A7 8BF8 mov edi, eax 0049B4A9 3BFE cmp edi, esi 0049B4AB 740D jz 0049B4BA 0049B4AD 33C0 xor eax, eax 0049B4AF 5A pop edx 0049B4B0 59 pop ecx 0049B4B1 59 pop ecx 0049B4B2 648910 mov fs:[eax], edx 0049B4B5 E9E0000000 jmp 0049B59A 0049B4BA B804000000 mov eax, $00000004 0049B4BF 8B55FC mov edx, [ebp-$04] 0049B4C2 48 dec eax 0049B4C3 85D2 test edx, edx 0049B4C5 7405 jz 0049B4CC 0049B4C7 3B42FC cmp eax, [edx-$04] 0049B4CA 7205 jb 0049B4D1 * Reference to: System.@BoundErr; \| 0049B4CC E81380F6FF call 004034E4 0049B4D1 40 inc eax 0049B4D2 807C02FF2D cmp byte ptr [edx+eax-$01], $2D 0049B4D7 753E jnz 0049B517 0049B4D9 B80B000000 mov eax, $0000000B 0049B4DE 8B55FC mov edx, [ebp-$04] 0049B4E1 48 dec eax 0049B4E2 85D2 test edx, edx 0049B4E4 7405 jz 0049B4EB 0049B4E6 3B42FC cmp eax, [edx-$04] 0049B4E9 7205 jb 0049B4F0 * Reference to: System.@BoundErr; \| 0049B4EB E8F47FF6FF call 004034E4 0049B4F0 40 inc eax 0049B4F1 807C02FF2D cmp byte ptr [edx+eax-$01], $2D 0049B4F6 751F jnz 0049B517 0049B4F8 B810000000 mov eax, $00000010 0049B4FD 8B55FC mov edx, [ebp-$04] 0049B500 48 dec eax 0049B501 85D2 test edx, edx 0049B503 7405 jz 0049B50A 0049B505 3B42FC cmp eax, [edx-$04] 0049B508 7205 jb 0049B50F * Reference to: System.@BoundErr; \| 0049B50A E8D57FF6FF call 004034E4 0049B50F 40 inc eax 0049B510 807C02FF2D cmp byte ptr [edx+eax-$01], $2D 0049B515 740A jz 0049B521 0049B517 33C0 xor eax, eax 0049B519 5A pop edx 0049B51A 59 pop ecx 0049B51B 59 pop ecx 0049B51C 648910 mov fs:[eax], edx 0049B51F EB79 jmp 0049B59A 0049B521 8D45F8 lea eax, [ebp-$08] 0049B524 50 push eax 0049B525 B906000000 mov ecx, $00000006 0049B52A BA05000000 mov edx, $00000005 0049B52F 8B45FC mov eax, [ebp-$04] * Reference to: System.@LStrCopy; \| 0049B532 E8F192F6FF call 00404828 0049B537 8D45F4 lea eax, [ebp-$0C] 0049B53A 50 push eax 0049B53B B904000000 mov ecx, $00000004 0049B540 BA0C000000 mov edx, $0000000C 0049B545 8B45FC mov eax, [ebp-$04] * Reference to: System.@LStrCopy; \| 0049B548 E8DB92F6FF call 00404828 0049B54D 8D45EC lea eax, [ebp-$14] 0049B550 50 push eax 0049B551 B906000000 mov ecx, $00000006 0049B556 BA11000000 mov edx, $00000011 0049B55B 8B45FC mov eax, [ebp-$04] * Reference to: System.@LStrCopy; \| 0049B55E E8C592F6FF call 00404828 0049B563 8D4DF0 lea ecx, [ebp-$10] 0049B566 8B55F4 mov edx, [ebp-$0C] 0049B569 8B45F8 mov eax, [ebp-$08] \| 0049B56C E86FFAFFFF call 0049AFE0 0049B571 8B45EC mov eax, [ebp-$14] 0049B574 8B55F0 mov edx, [ebp-$10] * Reference to: System.@LStrCmp; \| 0049B577 E89891F6FF call 00404714 0049B57C 7504 jnz 0049B582 0049B57E B301 mov bl, $01 0049B580 EB02 jmp 0049B584 0049B582 33DB xor ebx, ebx 0049B584 33C0 xor eax, eax 0049B586 5A pop edx 0049B587 59 pop ecx 0049B588 59 pop ecx 0049B589 648910 mov fs:[eax], edx 0049B58C EB0C jmp 0049B59A * Reference to: System.@HandleAnyException; \| 0049B58E E9F984F6FF jmp 00403A8C 0049B593 33DB xor ebx, ebx * Reference to: System.@DoneExcept; \| 0049B595 E85A88F6FF call 00403DF4 **** END \| 0049B59A 33C0 xor eax, eax 0049B59C 5A pop edx 0049B59D 59 pop ecx 0049B59E 59 pop ecx 0049B59F 648910 mov fs:[eax], edx **** FINALLY \| * Possible String Reference to: '嬅_^[嬪]? \| 0049B5A2 68BCB54900 push $0049B5BC 0049B5A7 8D45EC lea eax, [ebp-$14] 0049B5AA BA05000000 mov edx, $00000005 * Reference to: System.@LStrArrayClr(void;void;Integer); \| 0049B5AF E8888DF6FF call 0040433C 0049B5B4 C3 ret * Reference to: System.@HandleFinally; \| 0049B5B5 E98687F6FF jmp 00403D40 0049B5BA EBEB jmp 0049B5A7 ****** END \| 0049B5BC 8BC3 mov eax, ebx 0049B5BE 5F pop edi 0049B5BF 5E pop esi 0049B5C0 5B pop ebx 0049B5C1 8BE5 mov esp, ebp 0049B5C3 5D pop ebp 0049B5C4 C3 ret 2009-5-29 12:50 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复