00526648 /. 55 push ebp
00526649 |. 8BEC mov ebp,esp
0052664B |. 6A 00 push 0
0052664D |. 53 push ebx
0052664E |. 8BD8 mov ebx,eax
00526650 |. 33C0 xor eax,eax
00526652 |. 55 push ebp
00526653 |. 68 8A665200 push 11_.0052668A
00526658 |. 64:FF30 push dword ptr fs:[eax]
0052665B |. 64:8920 mov dword ptr fs:[eax],esp
0052665E |. 8D45 FC lea eax,[local.1]
00526661 |. E8 DEFEFFFF call 11_.00526544
00526666 |. 8B55 FC mov edx,[local.1]
00526669 |. 8B83 1C030000 mov eax,dword ptr ds:[ebx+31C]
0052666F |. E8 F08FF4FF call 11_.0046F664
00526674 |. 33C0 xor eax,eax
00526676 |. 5A pop edx
00526677 |. 59 pop ecx
00526678 |. 59 pop ecx
00526679 |. 64:8910 mov dword ptr fs:[eax],edx
0052667C |. 68 91665200 push 11_.00526691
00526681 |> 8D45 FC lea eax,[local.1]
00526684 |. E8 F7E4EDFF call 11_.00404B80
00526689 \. C3 retn
0052668A .^ E9 D9DEEDFF jmp 11_.00404568
0052668F .^ EB F0 jmp short 11_.00526681
00526691 . 5B pop ebx
00526692 . 59 pop ecx
00526693 . 5D pop ebp
00526694 . C3 retn
00526695 8D40 00 lea eax,dword ptr ds:[eax]
00526698 . A1 B4FF5400 mov eax,dword ptr ds:[54FFB4]
0052669D . E8 1A5FF6FF call 11_.0048C5BC
005266A2 . C3 retn
005266A3 90 nop
005266A4 . 53 push ebx
005266A5 . 8BD8 mov ebx,eax
005266A7 . 6A 05 push 5
005266A9 . 6A 00 push 0
005266AB . 6A 00 push 0
005266AD . 68 C8665200 push 11_.005266C8 ; http://www.softreg.com.cn/shareware_view.asp?id=/A0A4C88A-54C4-425B-8037-32F30C3430F1/#regform
005266B2 . 68 28675200 push 11_.00526728 ; open
005266B7 . 8BC3 mov eax,ebx
005266B9 . E8 B6F8F4FF call 11_.00475F74
005266BE . 50 push eax ; |hWnd
005266BF . E8 B4BEF0FF call <jmp.&shell32.ShellExecuteA> ; \ShellExecuteA
005266C4 . 5B pop ebx
005266C5 . C3 retn
005266C6 00 db 00
005266C7 00 db 00
005266C8 . 68 74 74 70 3>ascii "http://www.softr"
005266D8 . 65 67 2E 63 6>ascii "eg.com.cn/sharew"
005266E8 . 61 72 65 5F 7>ascii "are_view.asp?id="
005266F8 . 2F 41 30 41 3>ascii "/A0A4C88A-54C4-4"
00526708 . 32 35 42 2D 3>ascii "25B-8037-32F30C3"
00526718 . 34 33 30 46 3>ascii "430F1/#regform",0
00526727 00 db 00
00526728 . 6F 70 65 6E 0>ascii "open",0
0052672D 00 db 00
0052672E 00 db 00
0052672F 00 db 00
00526730 . 53 push ebx
00526731 . 8BD8 mov ebx,eax
00526733 . 6A 05 push 5
00526735 . 6A 00 push 0
00526737 . 6A 00 push 0
00526739 . 68 54675200 push 11_.00526754 ; http://www.softreg.com.cn/shareware_view.asp?id=/54E3B140-5C39-4D1A-909C-9B818284D3E0/#regform
0052673E . 68 B4675200 push 11_.005267B4 ; open
00526743 . 8BC3 mov eax,ebx
00526745 . E8 2AF8F4FF call 11_.00475F74
0052674A . 50 push eax ; |hWnd
0052674B . E8 28BEF0FF call <jmp.&shell32.ShellExecuteA> ; \ShellExecuteA
00526750 . 5B pop ebx
00526751 . C3 retn
00526752 00 db 00
00526753 00 db 00
00526754 . 68 74 74 70 3>ascii "http://www.softr"
00526764 . 65 67 2E 63 6>ascii "eg.com.cn/sharew"
00526774 . 61 72 65 5F 7>ascii "are_view.asp?id="
00526784 . 2F 35 34 45 3>ascii "/54E3B140-5C39-4"
00526794 . 44 31 41 2D 3>ascii "D1A-909C-9B81828"
005267A4 . 34 44 33 45 3>ascii "4D3E0/#regform",0
005267B3 00 db 00
005267B4 . 6F 70 65 6E 0>ascii "open",0
005267B9 00 db 00
005267BA 00 db 00
005267BB 00 db 00
005267BC . B8 D0675200 mov eax,11_.005267D0 ; 注册码错误
找不到注册错误的判断模块在那,请问下是那个模块,怎么看出这个模块是判断注册码的呢?谢谢
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课