-
-
[旧帖] [求助]恳求高手指点迷津!帮我分析分析 0.00雪花
-
发表于: 2008-3-17 15:21 3048
-
//下面一段是用DEDE反编译出来的DELPHI代码,我想找到该程序的破解方法
//恳求高手指点迷津,非常感谢!!!
//程序代码的核心部分我已经用红色表示出来
//请高手帮我判断关键跳转在哪里?该怎么改?本人标示关键跳转,高手帮忙看看,本人菜鸟!请指教
unit FdialSN;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics,
Controls, Forms, Dialogs, StdCtrls, ExtCtrls
type
TDialSN=class(TForm)
OKBtn: TButton;
CancelBtn: TButton;
Bevel1: TBevel;
EWej: TEdit;
Ewyj: TEdit;
Label1: TLabel;
procedure CancelBtnClick(Sender : TObject);
procedure OKBtnClick(Sender : TObject);
procedure _PROC_00486E6B(Sender : TObject);
procedure _PROC_00486E81(Sender : TObject);
procedure _PROC_00486F04(Sender : TObject);
procedure _PROC_004870A5(Sender : TObject);
procedure _PROC_0048728B(Sender : TObject);
procedure _PROC_00487331(Sender : TObject);
procedure _PROC_0048743D(Sender : TObject);
procedure _PROC_004874D0(Sender : TObject);
procedure _PROC_0048750C(Sender : TObject);
procedure _PROC_00487706(Sender : TObject);
procedure _PROC_00487761(Sender : TObject);
procedure _PROC_0048799D(Sender : TObject);
procedure _PROC_00487BDD(Sender : TObject);
procedure _PROC_00487C0C(Sender : TObject);
procedure _PROC_00487CC0(Sender : TObject);
private
{ Private declarations }
public
{ Public declarations }
end ;
var
DialSN: TDialSN;
{This file is generated by DaRk Ver 3.50.04 Copyright (c) 1999-2002 DaFixer}
implementation
{$R *.DFM}
procedure TDialSN.CancelBtnClick(Sender : TObject);
//这个窗体上对应的取消按钮,在此不需要考虑
begin
(*
00486C94 53 push ebx
00486C95 8BD8 mov ebx, eax
00486C97 33D2 xor edx, edx
* Reference to control Ewyj : TEdit
|
00486C99 8B8370030000 mov eax, [ebx+$0370]
|
00486C9F E830B4FCFF call 004520D4
00486CA4 8D8378030000 lea eax, [ebx+$0378]
00486CAA 33C9 xor ecx, ecx
00486CAC BA05000000 mov edx, $00000005
|
00486CB1 E8EACFF7FF call 00403CA0
00486CB6 5B pop ebx
00486CB7 C3 ret
*)
end;
procedure TDialSN.OKBtnClick(Sender : TObject);//核心,点击确认按钮的动作,请高手分析该段代码
//请高手帮我判断关键调转在哪里?该怎么改?
begin
(*
00486CB8 55 push ebp
00486CB9 8BEC mov ebp, esp
00486CBB 83C4DC add esp, -$24
00486CBE 53 push ebx
00486CBF 56 push esi
00486CC0 57 push edi
00486CC1 33C9 xor ecx, ecx
00486CC3 894DDC mov [ebp-$24], ecx
00486CC6 894DE0 mov [ebp-$20], ecx
00486CC9 894DE4 mov [ebp-$1C], ecx
00486CCC 894DF4 mov [ebp-$0C], ecx
00486CCF 8945FC mov [ebp-$04], eax
00486CD2 33C0 xor eax, eax
00486CD4 55 push ebp
* Possible String Reference to: '楱骥脎_^[嬪]?
|
00486CD5 686B6E4800 push $00486E6B
***** TRY
|
00486CDA 64FF30 push dword ptr fs:[eax]
00486CDD 648920 mov fs:[eax], esp
00486CE0 8B45FC mov eax, [ebp-$04]
00486CE3 0578030000 add eax, +$00000378
00486CE8 33C9 xor ecx, ecx
00486CEA BA05000000 mov edx, $00000005
|
00486CEF E8ACCFF7FF call 00403CA0
00486CF4 33D2 xor edx, edx
00486CF6 55 push ebp
00486CF7 68066E4800 push $00486E06
***** TRY
|
00486CFC 64FF32 push dword ptr fs:[edx]
00486CFF 648922 mov fs:[edx], esp
00486D02 8D55F4 lea edx, [ebp-$0C]
00486D05 8B45FC mov eax, [ebp-$04]
* Reference to control Ewyj : TEdit
|
00486D08 8B8070030000 mov eax, [eax+$0370]
|
00486D0E E891B3FCFF call 004520A4
00486D13 8B45F4 mov eax, [ebp-$0C]
00486D16 8945F0 mov [ebp-$10], eax
00486D19 8B45F0 mov eax, [ebp-$10]
00486D1C 85C0 test eax, eax
00486D1E 7405 jz 00486D25 //本人认为这里是关键跳转,但是将74该EB和90后,还是不行
00486D20 83E804 sub eax, +$04
00486D23 8B00 mov eax, [eax]
00486D25 83F80A cmp eax, +$0A
00486D28 0F85BE000000 jnz 00486DEC //是否是关键跳转
00486D2E 66BB0100 mov bx, $0001
00486D32 BA7C6E4800 mov edx, $00486E7C
00486D37 8D45EC lea eax, [ebp-$14]
|
00486D3A E8FDCCF7FF call 00403A3C
00486D3F 8D55E4 lea edx, [ebp-$1C]
00486D42 8B45FC mov eax, [ebp-$04]
* Reference to control Ewyj : TEdit
|
00486D45 8B8070030000 mov eax, [eax+$0370]
|
00486D4B E854B3FCFF call 004520A4
00486D50 8B45E4 mov eax, [ebp-$1C]
00486D53 0FB7D3 movzx edx, bx
00486D56 03D2 add edx, edx
00486D58 0FB65410FE movzx edx, byte ptr [eax+edx-$02]
00486D5D 8D45E8 lea eax, [ebp-$18]
00486D60 885001 mov [eax+$01], dl
00486D63 C60001 mov byte ptr [eax], $01
00486D66 8D55E8 lea edx, [ebp-$18]
00486D69 8D45EC lea eax, [ebp-$14]
00486D6C B102 mov cl, $02
|
00486D6E E899CCF7FF call 00403A0C
00486D73 8D55EC lea edx, [ebp-$14]
00486D76 8D45F0 lea eax, [ebp-$10]
|
00486D79 E8BECCF7FF call 00403A3C
00486D7E 8D55E0 lea edx, [ebp-$20]
00486D81 8B45FC mov eax, [ebp-$04]
* Reference to control Ewyj : TEdit
|
00486D84 8B8070030000 mov eax, [eax+$0370]
|
00486D8A E815B3FCFF call 004520A4
00486D8F 8B45E0 mov eax, [ebp-$20]
00486D92 0FB7D3 movzx edx, bx
00486D95 03D2 add edx, edx
00486D97 0FB65410FF movzx edx, byte ptr [eax+edx-$01]
00486D9C 8D45E8 lea eax, [ebp-$18]
00486D9F 885001 mov [eax+$01], dl
00486DA2 C60001 mov byte ptr [eax], $01
00486DA5 8D55E8 lea edx, [ebp-$18]
00486DA8 8D45F0 lea eax, [ebp-$10]
00486DAB B103 mov cl, $03
|
00486DAD E85ACCF7FF call 00403A0C
00486DB2 8D55F0 lea edx, [ebp-$10]
00486DB5 8D45F8 lea eax, [ebp-$08]
00486DB8 B103 mov cl, $03
|
00486DBA E889CCF7FF call 00403A48
00486DBF 8D45DC lea eax, [ebp-$24]
00486DC2 8D55F8 lea edx, [ebp-$08]
|
00486DC5 E8FEF0F7FF call 00405EC8
00486DCA 8B45DC mov eax, [ebp-$24]
|
00486DCD E8AA3AF8FF call 0040A87C
00486DD2 0FB7D3 movzx edx, bx
00486DD5 8B4DFC mov ecx, [ebp-$04]
00486DD8 88841177030000 mov [ecx+edx+$0377], al
00486DDF 43 inc ebx
00486DE0 6683FB06 cmp bx, +$06
00486DE4 0F8548FFFFFF jnz 00486D32
00486DEA EB10 jmp 00486DFC
00486DEC 8B45FC mov eax, [ebp-$04]
* Reference to control Ewyj : TEdit
|
00486DEF 8B8070030000 mov eax, [eax+$0370]
00486DF5 33D2 xor edx, edx
|
00486DF7 E8D8B2FCFF call 004520D4
00486DFC 33C0 xor eax, eax
00486DFE 5A pop edx
00486DFF 59 pop ecx
00486E00 59 pop ecx
00486E01 648910 mov fs:[eax], edx
00486E04 EB3A jmp 00486E40
|
00486E06 E985E5F7FF jmp 00405390
00486E0B 0100 add [eax], eax
00486E0D 0000 add [eax], al
00486E0F 20944000176E48 and [eax+eax*2+$486E1700], dl
00486E16 008B45FC0578 add [ebx+$7805FC45], cl
00486E1C 0300 add eax, [eax]
00486E1E 0033 add [ebx], dh
00486E20 C9 leave
00486E21 BA05000000 mov edx, $00000005
|
00486E26 E875CEF7FF call 00403CA0
00486E2B 8B45FC mov eax, [ebp-$04]
* Reference to control Ewyj : TEdit
|
00486E2E 8B8070030000 mov eax, [eax+$0370]
00486E34 33D2 xor edx, edx
|
00486E36 E899B2FCFF call 004520D4
|
00486E3B E834E8F7FF call 00405674
****** END
|
00486E40 33C0 xor eax, eax
00486E42 5A pop edx
00486E43 59 pop ecx
00486E44 59 pop ecx
00486E45 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '_^[嬪]?
|
00486E48 68726E4800 push $00486E72
00486E4D 8D45DC lea eax, [ebp-$24]
|
00486E50 E80FEEF7FF call 00405C64
00486E55 8D45E0 lea eax, [ebp-$20]
00486E58 BA02000000 mov edx, $00000002
|
00486E5D E826EEF7FF call 00405C88
00486E62 8D45F4 lea eax, [ebp-$0C]
|
00486E65 E8FAEDF7FF call 00405C64
00486E6A C3 ret
|
00486E6B E9A8E6F7FF jmp 00405518
00486E70 EBDB jmp 00486E4D
****** END
|
00486E72 5F pop edi
00486E73 5E pop esi
00486E74 5B pop ebx
00486E75 8BE5 mov esp, ebp
00486E77 5D pop ebp
00486E78 C3 ret
*)
end;
procedure TDialSN._PROC_00486E6B(Sender : TObject);
begin
(*
|
00486E6B E9A8E6F7FF jmp 00405518
|
00486E70 EBDB jmp 00486E4D
00486E72 5F pop edi
00486E73 5E pop esi
00486E74 5B pop ebx
00486E75 8BE5 mov esp, ebp
00486E77 5D pop ebp
00486E78 C3 ret
*)
end;
procedure TDialSN._PROC_00486E81(Sender : TObject);
begin
(*
00486E81 8BEC mov ebp, esp
00486E83 81C4F8FEFFFF add esp, $FFFFFEF8
00486E89 33C0 xor eax, eax
00486E8B 8985F8FEFFFF mov [ebp+$FFFFFEF8], eax
00486E91 33C0 xor eax, eax
00486E93 55 push ebp
00486E94 68F76E4800 push $00486EF7
***** TRY
|
00486E99 64FF30 push dword ptr fs:[eax]
00486E9C 648920 mov fs:[eax], esp
00486E9F 8D85F8FEFFFF lea eax, [ebp+$FFFFFEF8]
00486EA5 BA90D14F00 mov edx, $004FD190
|
00486EAA E819F0F7FF call 00405EC8
00486EAF 8B95F8FEFFFF mov edx, [ebp+$FFFFFEF8]
00486EB5 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
|
00486EBB E89444F8FF call 0040B354
00486EC0 8D45FC lea eax, [ebp-$04]
00486EC3 50 push eax
00486EC4 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
00486ECA 50 push eax
00486ECB 6802000080 push $80000002
* Reference to: advapi32.RegCreateKeyA()
|
00486ED0 E8BF13F8FF call 00408294
00486ED5 8B45FC mov eax, [ebp-$04]
00486ED8 50 push eax
* Reference to: advapi32.RegCloseKey()
|
00486ED9 E8AE13F8FF call 0040828C
00486EDE 33C0 xor eax, eax
00486EE0 5A pop edx
00486EE1 59 pop ecx
00486EE2 59 pop ecx
00486EE3 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '嬪]脣繳嬱伳帼S3缐呰?墔濑墔帼
| 墔墔酤墔瘙墔3繳h塸H'
|
00486EE6 68FE6E4800 push $00486EFE
00486EEB 8D85F8FEFFFF lea eax, [ebp+$FFFFFEF8]
|
00486EF1 E86EEDF7FF call 00405C64
00486EF6 C3 ret
|
00486EF7 E91CE6F7FF jmp 00405518
00486EFC EBED jmp 00486EEB
****** END
|
00486EFE 8BE5 mov esp, ebp
00486F00 5D pop ebp
00486F01 C3 ret
*)
end;
procedure TDialSN._PROC_00486F04(Sender : TObject);
begin
(*
00486F04 55 push ebp
00486F05 8BEC mov ebp, esp
00486F07 81C4E0FEFFFF add esp, $FFFFFEE0
00486F0D 53 push ebx
00486F0E 33C0 xor eax, eax
00486F10 8985E8FEFFFF mov [ebp+$FFFFFEE8], eax
00486F16 8985E4FEFFFF mov [ebp+$FFFFFEE4], eax
00486F1C 8985E0FEFFFF mov [ebp+$FFFFFEE0], eax
00486F22 8985F8FEFFFF mov [ebp+$FFFFFEF8], eax
00486F28 8985F4FEFFFF mov [ebp+$FFFFFEF4], eax
00486F2E 8985F0FEFFFF mov [ebp+$FFFFFEF0], eax
00486F34 8985FCFEFFFF mov [ebp+$FFFFFEFC], eax
00486F3A 33C0 xor eax, eax
00486F3C 55 push ebp
* Possible String Reference to: '閵澉胴[嬪]?
|
00486F3D 6889704800 push $00487089
***** TRY
|
00486F42 64FF30 push dword ptr fs:[eax]
00486F45 648920 mov fs:[eax], esp
00486F48 0FB61590D14F00 movzx edx, byte ptr [$004FD190]
00486F4F 83EA03 sub edx, +$03
00486F52 B890D14F00 mov eax, $004FD190
00486F57 B904000000 mov ecx, $00000004
|
00486F5C E8DFBFF7FF call 00402F40
00486F61 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
00486F67 BA90D14F00 mov edx, $004FD190
|
00486F6C E857EFF7FF call 00405EC8
00486F71 8B95FCFEFFFF mov edx, [ebp+$FFFFFEFC]
00486F77 8D8500FFFFFF lea eax, [ebp+$FFFFFF00]
|
00486F7D E8D243F8FF call 0040B354
00486F82 8D8500FFFFFF lea eax, [ebp+$FFFFFF00]
00486F88 50 push eax
00486F89 6802000080 push $80000002
* Reference to: advapi32.RegDeleteKeyA()
|
00486F8E E80913F8FF call 0040829C
00486F93 8D85F4FEFFFF lea eax, [ebp+$FFFFFEF4]
00486F99 BA90CF4F00 mov edx, $004FCF90
|
00486F9E E825EFF7FF call 00405EC8
00486FA3 FFB5F4FEFFFF push dword ptr [ebp+$FFFFFEF4]
00486FA9 68A0704800 push $004870A0
00486FAE 8D85F0FEFFFF lea eax, [ebp+$FFFFFEF0]
00486FB4 BA90CD4F00 mov edx, $004FCD90
|
00486FB9 E80AEFF7FF call 00405EC8
00486FBE FFB5F0FEFFFF push dword ptr [ebp+$FFFFFEF0]
00486FC4 8D85F8FEFFFF lea eax, [ebp+$FFFFFEF8]
00486FCA BA03000000 mov edx, $00000003
|
00486FCF E814F0F7FF call 00405FE8
00486FD4 8B9DF8FEFFFF mov ebx, [ebp+$FFFFFEF8]
00486FDA 899DECFEFFFF mov [ebp+$FFFFFEEC], ebx
00486FE0 8B85ECFEFFFF mov eax, [ebp+$FFFFFEEC]
|
00486FE6 E83DF1F7FF call 00406128
00486FEB 50 push eax
* Reference to: kernel32.DeleteFileA()
|
00486FEC E83B13F8FF call 0040832C
00486FF1 83F801 cmp eax, +$01
00486FF4 1BC0 sbb eax, eax
00486FF6 40 inc eax
00486FF7 8D85E4FEFFFF lea eax, [ebp+$FFFFFEE4]
00486FFD BA90D04F00 mov edx, $004FD090
|
00487002 E8C1EEF7FF call 00405EC8
00487007 FFB5E4FEFFFF push dword ptr [ebp+$FFFFFEE4]
0048700D 68A0704800 push $004870A0
00487012 8D85E0FEFFFF lea eax, [ebp+$FFFFFEE0]
00487018 BA90CE4F00 mov edx, $004FCE90
|
0048701D E8A6EEF7FF call 00405EC8
00487022 FFB5E0FEFFFF push dword ptr [ebp+$FFFFFEE0]
00487028 8D85E8FEFFFF lea eax, [ebp+$FFFFFEE8]
0048702E BA03000000 mov edx, $00000003
|
00487033 E8B0EFF7FF call 00405FE8
00487038 8B9DE8FEFFFF mov ebx, [ebp+$FFFFFEE8]
0048703E 899DECFEFFFF mov [ebp+$FFFFFEEC], ebx
00487044 8B85ECFEFFFF mov eax, [ebp+$FFFFFEEC]
|
0048704A E8D9F0F7FF call 00406128
0048704F 50 push eax
* Reference to: kernel32.DeleteFileA()
|
00487050 E8D712F8FF call 0040832C
00487055 83F801 cmp eax, +$01
00487058 1BC0 sbb eax, eax
0048705A 40 inc eax
0048705B 33C0 xor eax, eax
0048705D 5A pop edx
0048705E 59 pop ecx
0048705F 59 pop ecx
00487060 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '[嬪]?
|
00487063 6890704800 push $00487090
00487068 8D85E0FEFFFF lea eax, [ebp+$FFFFFEE0]
0048706E BA03000000 mov edx, $00000003
|
00487073 E810ECF7FF call 00405C88
00487078 8D85F0FEFFFF lea eax, [ebp+$FFFFFEF0]
0048707E BA04000000 mov edx, $00000004
|
00487083 E800ECF7FF call 00405C88
00487088 C3 ret
|
00487089 E98AE4F7FF jmp 00405518
0048708E EBD8 jmp 00487068
****** END
|
00487090 5B pop ebx
00487091 8BE5 mov esp, ebp
00487093 5D pop ebp
00487094 C3 ret
*)
end;
procedure TDialSN._PROC_004870A5(Sender : TObject);
begin
(*
004870A5 8BEC mov ebp, esp
004870A7 81C49CF6FFFF add esp, $FFFFF69C
004870AD 53 push ebx
004870AE 33C0 xor eax, eax
004870B0 8985A4F6FFFF mov [ebp+$FFFFF6A4], eax
004870B6 8985A0F6FFFF mov [ebp+$FFFFF6A0], eax
004870BC 89859CF6FFFF mov [ebp+$FFFFF69C], eax
004870C2 8985B0F6FFFF mov [ebp+$FFFFF6B0], eax
004870C8 8985ACF6FFFF mov [ebp+$FFFFF6AC], eax
004870CE 8985A8F6FFFF mov [ebp+$FFFFF6A8], eax
004870D4 33C0 xor eax, eax
004870D6 55 push ebp
004870D7 685E724800 push $0048725E
***** TRY
|
004870DC 64FF30 push dword ptr fs:[eax]
004870DF 648920 mov fs:[eax], esp
004870E2 33DB xor ebx, ebx
004870E4 8D85ACF6FFFF lea eax, [ebp+$FFFFF6AC]
004870EA BA90CF4F00 mov edx, $004FCF90
|
004870EF E8D4EDF7FF call 00405EC8
004870F4 FFB5ACF6FFFF push dword ptr [ebp+$FFFFF6AC]
004870FA 6874724800 push $00487274
004870FF 8D85A8F6FFFF lea eax, [ebp+$FFFFF6A8]
00487105 BA90CD4F00 mov edx, $004FCD90
|
0048710A E8B9EDF7FF call 00405EC8
0048710F FFB5A8F6FFFF push dword ptr [ebp+$FFFFF6A8]
00487115 8D85B0F6FFFF lea eax, [ebp+$FFFFF6B0]
0048711B BA03000000 mov edx, $00000003
|
00487120 E8C3EEF7FF call 00405FE8
00487125 8B95B0F6FFFF mov edx, [ebp+$FFFFF6B0]
0048712B 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487131 E8D6C6F7FF call 0040380C
00487136 BA01000000 mov edx, $00000001
0048713B 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487141 E812CFF7FF call 00404058
00487146 6A00 push $00
00487148 8D95B4F6FFFF lea edx, [ebp+$FFFFF6B4]
0048714E B900080000 mov ecx, $00000800
00487153 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487159 E816C8F7FF call 00403974
0048715E 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487164 E84BC8F7FF call 004039B4
00487169 80BD18F7FFFF0A cmp byte ptr [ebp+$FFFFF718], $0A
00487170 0F85CA000000 jnz 00487240
00487176 80BD19F7FFFF14 cmp byte ptr [ebp+$FFFFF719], $14
0048717D 0F85BD000000 jnz 00487240
00487183 80BD1AF7FFFF1E cmp byte ptr [ebp+$FFFFF71A], $1E
0048718A 0F85B0000000 jnz 00487240
00487190 80BD1BF7FFFF28 cmp byte ptr [ebp+$FFFFF71B], $28
00487197 0F85A3000000 jnz 00487240
0048719D B301 mov bl, $01
0048719F C68518F7FFFF06 mov byte ptr [ebp+$FFFFF718], $06
004871A6 C68519F7FFFF10 mov byte ptr [ebp+$FFFFF719], $10
004871AD C6851AF7FFFF1E mov byte ptr [ebp+$FFFFF71A], $1E
004871B4 C6851BF7FFFF43 mov byte ptr [ebp+$FFFFF71B], $43
004871BB 8D85A0F6FFFF lea eax, [ebp+$FFFFF6A0]
004871C1 BA90CF4F00 mov edx, $004FCF90
|
004871C6 E8FDECF7FF call 00405EC8
004871CB FFB5A0F6FFFF push dword ptr [ebp+$FFFFF6A0]
004871D1 6874724800 push $00487274
004871D6 8D859CF6FFFF lea eax, [ebp+$FFFFF69C]
004871DC BA90CD4F00 mov edx, $004FCD90
|
004871E1 E8E2ECF7FF call 00405EC8
004871E6 FFB59CF6FFFF push dword ptr [ebp+$FFFFF69C]
004871EC 8D85A4F6FFFF lea eax, [ebp+$FFFFF6A4]
004871F2 BA03000000 mov edx, $00000003
|
004871F7 E8ECEDF7FF call 00405FE8
004871FC 8B95A4F6FFFF mov edx, [ebp+$FFFFF6A4]
00487202 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487208 E8FFC5F7FF call 0040380C
0048720D BA01000000 mov edx, $00000001
00487212 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487218 E83BCEF7FF call 00404058
0048721D 6A00 push $00
0048721F 8D95B4F6FFFF lea edx, [ebp+$FFFFF6B4]
00487225 B900080000 mov ecx, $00000800
0048722A 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487230 E85FC7F7FF call 00403994
00487235 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
0048723B E874C7F7FF call 004039B4
00487240 33C0 xor eax, eax
00487242 5A pop edx
00487243 59 pop ecx
00487244 59 pop ecx
00487245 648910 mov fs:[eax], edx
****** FINALLY
|
00487248 6865724800 push $00487265
0048724D 8D859CF6FFFF lea eax, [ebp+$FFFFF69C]
00487253 BA06000000 mov edx, $00000006
|
00487258 E82BEAF7FF call 00405C88
0048725D C3 ret
|
0048725E E9B5E2F7FF jmp 00405518
00487263 EBE8 jmp 0048724D
****** END
|
00487265 8BC3 mov eax, ebx
00487267 5B pop ebx
00487268 8BE5 mov esp, ebp
0048726A 5D pop ebp
0048726B C3 ret
*)
end;
procedure TDialSN._PROC_0048728B(Sender : TObject);
begin
(*
0048728B EB64 jmp 004872F1
0048728D 8819 mov [ecx], bl
0048728F 41 inc ecx
00487290 42 inc edx
00487291 66FFC8 dec ax
00487294 75F1 jnz 00487287
00487296 C6059BCD4F006C mov byte ptr [$004FCD9B], $6C
0048729D C60590CD4F000B mov byte ptr [$004FCD90], $0B
004872A4 66B80800 mov ax, $0008
* Possible String Reference to: '炎槙檼刃'
|
004872A8 BA09734800 mov edx, $00487309
004872AD B991CE4F00 mov ecx, $004FCE91
004872B2 0FB61A movzx ebx, byte ptr [edx]
004872B5 83EB64 sub ebx, +$64
004872B8 8819 mov [ecx], bl
004872BA 41 inc ecx
004872BB 42 inc edx
004872BC 66FFC8 dec ax
004872BF 75F1 jnz 004872B2
004872C1 C60599CE4F006C mov byte ptr [$004FCE99], $6C
004872C8 C60590CE4F0009 mov byte ptr [$004FCE90], $09
004872CF 66B81A00 mov ax, $001A
* Possible String Reference to: '子守叟稚姥颓钟子守辣阀罉挋'
|
004872D3 BA15734800 mov edx, $00487315
004872D8 B991D14F00 mov ecx, $004FD191
004872DD 0FB61A movzx ebx, byte ptr [edx]
004872E0 83EB64 sub ebx, +$64
004872E3 8819 mov [ecx], bl
004872E5 41 inc ecx
004872E6 42 inc edx
004872E7 66FFC8 dec ax
004872EA 75F1 jnz 004872DD
004872EC 0FB60514734800 movzx eax, byte ptr [$00487314]
004872F3 A290D14F00 mov byte ptr [$004FD190], al
004872F8 5B pop ebx
004872F9 C3 ret
*)
end;
procedure TDialSN._PROC_00487331(Sender : TObject);
begin
(*
00487331 8BEC mov ebp, esp
00487333 33C9 xor ecx, ecx
00487335 51 push ecx
00487336 51 push ecx
00487337 51 push ecx
00487338 51 push ecx
00487339 51 push ecx
0048733A 51 push ecx
0048733B 53 push ebx
0048733C 33C0 xor eax, eax
0048733E 55 push ebp
* Possible String Reference to: '轵圜腚嬅[嬪]?
|
0048733F 6821744800 push $00487421
***** TRY
|
00487344 64FF30 push dword ptr fs:[eax]
00487347 648920 mov fs:[eax], esp
0048734A 33DB xor ebx, ebx
0048734C 6804010000 push $00000104
00487351 6891D04F00 push $004FD091
* Reference to: kernel32.GetSystemDirectoryA()
|
00487356 E8D910F8FF call 00408434
0048735B B891D04F00 mov eax, $004FD091
|
00487360 E81B3FF8FF call 0040B280
00487365 A290D04F00 mov byte ptr [$004FD090], al
0048736A 6804010000 push $00000104
0048736F 6891CF4F00 push $004FCF91
* Reference to: kernel32.GetWindowsDirectoryA()
|
00487374 E8EB10F8FF call 00408464
00487379 B891CF4F00 mov eax, $004FCF91
|
0048737E E8FD3EF8FF call 0040B280
00487383 A290CF4F00 mov byte ptr [$004FCF90], al
00487388 8D45F8 lea eax, [ebp-$08]
0048738B BA90CF4F00 mov edx, $004FCF90
|
00487390 E833EBF7FF call 00405EC8
00487395 FF75F8 push dword ptr [ebp-$08]
00487398 6838744800 push $00487438
0048739D 8D45F4 lea eax, [ebp-$0C]
004873A0 BA90CD4F00 mov edx, $004FCD90
|
004873A5 E81EEBF7FF call 00405EC8
004873AA FF75F4 push dword ptr [ebp-$0C]
004873AD 8D45FC lea eax, [ebp-$04]
004873B0 BA03000000 mov edx, $00000003
|
004873B5 E82EECF7FF call 00405FE8
004873BA 8B45FC mov eax, [ebp-$04]
|
004873BD E82A38F8FF call 0040ABEC
004873C2 84C0 test al, al
004873C4 7440 jz 00487406
004873C6 8D45EC lea eax, [ebp-$14]
004873C9 BA90D04F00 mov edx, $004FD090
|
004873CE E8F5EAF7FF call 00405EC8
004873D3 FF75EC push dword ptr [ebp-$14]
004873D6 6838744800 push $00487438
004873DB 8D45E8 lea eax, [ebp-$18]
004873DE BA90CE4F00 mov edx, $004FCE90
|
004873E3 E8E0EAF7FF call 00405EC8
004873E8 FF75E8 push dword ptr [ebp-$18]
004873EB 8D45F0 lea eax, [ebp-$10]
004873EE BA03000000 mov edx, $00000003
|
004873F3 E8F0EBF7FF call 00405FE8
004873F8 8B45F0 mov eax, [ebp-$10]
|
004873FB E8EC37F8FF call 0040ABEC
00487400 84C0 test al, al
00487402 7402 jz 00487406
00487404 B301 mov bl, $01
00487406 33C0 xor eax, eax
00487408 5A pop edx
00487409 59 pop ecx
0048740A 59 pop ecx
0048740B 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '嬅[嬪]?
|
0048740E 6828744800 push $00487428
00487413 8D45E8 lea eax, [ebp-$18]
00487416 BA06000000 mov edx, $00000006
|
0048741B E868E8F7FF call 00405C88
00487420 C3 ret
|
00487421 E9F2E0F7FF jmp 00405518
00487426 EBEB jmp 00487413
****** END
|
00487428 8BC3 mov eax, ebx
0048742A 5B pop ebx
0048742B 8BE5 mov esp, ebp
0048742D 5D pop ebp
0048742E C3 ret
*)
end;
procedure TDialSN._PROC_0048743D(Sender : TObject);
begin
(*
0048743D 8BEC mov ebp, esp
0048743F 81C4F8FEFFFF add esp, $FFFFFEF8
00487445 53 push ebx
00487446 56 push esi
00487447 33C0 xor eax, eax
00487449 8985F8FEFFFF mov [ebp+$FFFFFEF8], eax
0048744F 33C0 xor eax, eax
00487451 55 push ebp
00487452 68BF744800 push $004874BF
***** TRY
|
00487457 64FF30 push dword ptr fs:[eax]
0048745A 648920 mov fs:[eax], esp
0048745D 33DB xor ebx, ebx
0048745F 8D85F8FEFFFF lea eax, [ebp+$FFFFFEF8]
00487465 BA90D14F00 mov edx, $004FD190
|
0048746A E859EAF7FF call 00405EC8
0048746F 8B95F8FEFFFF mov edx, [ebp+$FFFFFEF8]
00487475 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
|
0048747B E8D43EF8FF call 0040B354
00487480 8D45FC lea eax, [ebp-$04]
00487483 50 push eax
00487484 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
0048748A 50 push eax
0048748B 6802000080 push $80000002
* Reference to: advapi32.RegOpenKeyA()
|
00487490 E8170EF8FF call 004082AC
00487495 8BF0 mov esi, eax
00487497 8B45FC mov eax, [ebp-$04]
0048749A 50 push eax
* Reference to: advapi32.RegCloseKey()
|
0048749B E8EC0DF8FF call 0040828C
004874A0 85F6 test esi, esi
004874A2 7502 jnz 004874A6
004874A4 B301 mov bl, $01
004874A6 33C0 xor eax, eax
004874A8 5A pop edx
004874A9 59 pop ecx
004874AA 59 pop ecx
004874AB 648910 mov fs:[eax], edx
****** FINALLY
|
004874AE 68C6744800 push $004874C6
004874B3 8D85F8FEFFFF lea eax, [ebp+$FFFFFEF8]
|
004874B9 E8A6E7F7FF call 00405C64
004874BE C3 ret
|
004874BF E954E0F7FF jmp 00405518
004874C4 EBED jmp 004874B3
****** END
|
004874C6 8BC3 mov eax, ebx
004874C8 5E pop esi
004874C9 5B pop ebx
004874CA 8BE5 mov esp, ebp
004874CC 5D pop ebp
004874CD C3 ret
*)
end;
procedure TDialSN._PROC_004874D0(Sender : TObject);
begin
(*
004874D0 53 push ebx
004874D1 33DB xor ebx, ebx
|
004874D3 E8A0FDFFFF call 00487278
|
004874D8 E853FEFFFF call 00487330
004874DD 84C0 test al, al
004874DF 7507 jnz 004874E8
* Reference to : TDialSN._PROC_00486F04()
|
004874E1 E81EFAFFFF call 00486F04
004874E6 EB20 jmp 00487508
|
004874E8 E8B7FBFFFF call 004870A4
004874ED 84C0 test al, al
004874EF 7405 jz 004874F6
|
004874F1 E88AF9FFFF call 00486E80
|
004874F6 E841FFFFFF call 0048743C
004874FB 84C0 test al, al
004874FD 7507 jnz 00487506
* Reference to : TDialSN._PROC_00486F04()
|
004874FF E800FAFFFF call 00486F04
00487504 EB02 jmp 00487508
00487506 B301 mov bl, $01
00487508 8BC3 mov eax, ebx
0048750A 5B pop ebx
0048750B C3 ret
*)
end;
procedure TDialSN._PROC_0048750C(Sender : TObject);
begin
(*
0048750C 55 push ebp
0048750D 8BEC mov ebp, esp
0048750F 33C9 xor ecx, ecx
00487511 51 push ecx
00487512 51 push ecx
00487513 51 push ecx
00487514 51 push ecx
00487515 53 push ebx
00487516 56 push esi
00487517 57 push edi
00487518 33C0 xor eax, eax
0048751A 55 push ebp
0048751B 6806774800 push $00487706
***** TRY
|
00487520 64FF30 push dword ptr fs:[eax]
00487523 648920 mov fs:[eax], esp
00487526 33C0 xor eax, eax
00487528 55 push ebp
00487529 68C0764800 push $004876C0
***** TRY
|
0048752E 64FF30 push dword ptr fs:[eax]
00487531 648920 mov fs:[eax], esp
00487534 C645FF00 mov byte ptr [ebp-$01], $00
00487538 A1F0804F00 mov eax, dword ptr [$004F80F0]
0048753D 833800 cmp dword ptr [eax], +$00
00487540 7516 jnz 00487558
00487542 33C9 xor ecx, ecx
00487544 B201 mov dl, $01
00487546 A18C6A4800 mov eax, dword ptr [$00486A8C]
* Reference to : TApplication._PROC_00467008()
|
0048754B E8B8FAFDFF call 00467008
00487550 8B15F0804F00 mov edx, [$004F80F0]
00487556 8902 mov [edx], eax
00487558 A1F0804F00 mov eax, dword ptr [$004F80F0]
0048755D 8B00 mov eax, [eax]
* Reference to control Ewyj : TEdit
|
0048755F 8B8070030000 mov eax, [eax+$0370]
00487565 33D2 xor edx, edx
|
00487567 E868ABFCFF call 004520D4
0048756C A1F0804F00 mov eax, dword ptr [$004F80F0]
00487571 8B00 mov eax, [eax]
* Reference to control EWej : TEdit
|
00487573 8B806C030000 mov eax, [eax+$036C]
00487579 33D2 xor edx, edx
|
0048757B E854ABFCFF call 004520D4
00487580 66BB0500 mov bx, $0005
00487584 BE90D24F00 mov esi, $004FD290
00487589 B8FF000000 mov eax, $000000FF
|
0048758E E849BEF7FF call 004033DC
00487593 8806 mov [esi], al
00487595 46 inc esi
00487596 66FFCB dec bx
00487599 75EE jnz 00487589
0048759B 66BB0500 mov bx, $0005
0048759F BE90D24F00 mov esi, $004FD290
004875A4 8D55F8 lea edx, [ebp-$08]
004875A7 A1F0804F00 mov eax, dword ptr [$004F80F0]
004875AC 8B00 mov eax, [eax]
* Reference to control EWej : TEdit
|
004875AE 8BB86C030000 mov edi, [eax+$036C]
004875B4 8BC7 mov eax, edi
|
004875B6 E8E9AAFCFF call 004520A4
004875BB 8D45F8 lea eax, [ebp-$08]
004875BE 50 push eax
004875BF 8D4DF4 lea ecx, [ebp-$0C]
004875C2 0FB606 movzx eax, byte ptr [esi]
004875C5 BA02000000 mov edx, $00000002
|
004875CA E88532F8FF call 0040A854
004875CF 8B55F4 mov edx, [ebp-$0C]
004875D2 58 pop eax
|
004875D3 E858E9F7FF call 00405F30
004875D8 8B55F8 mov edx, [ebp-$08]
004875DB A1F0804F00 mov eax, dword ptr [$004F80F0]
004875E0 8BC7 mov eax, edi
|
004875E2 E8EDAAFCFF call 004520D4
004875E7 46 inc esi
004875E8 66FFCB dec bx
004875EB 75B7 jnz 004875A4
004875ED A1F0804F00 mov eax, dword ptr [$004F80F0]
004875F2 8B00 mov eax, [eax]
004875F4 8B10 mov edx, [eax]
004875F6 FF92FC000000 call dword ptr [edx+$00FC]
004875FC 8D55F0 lea edx, [ebp-$10]
004875FF A1F0804F00 mov eax, dword ptr [$004F80F0]
00487604 8B00 mov eax, [eax]
* Reference to control Ewyj : TEdit
|
00487606 8B8070030000 mov eax, [eax+$0370]
|
0048760C E893AAFCFF call 004520A4
00487611 837DF000 cmp dword ptr [ebp-$10], +$00
00487615 0F848B000000 jz 004876A6
|
0048761B E840010000 call 00487760
00487620 A1F0804F00 mov eax, dword ptr [$004F80F0]
00487625 8B00 mov eax, [eax]
00487627 0FB68078030000 movzx eax, byte ptr [eax+$0378]
0048762E 3A0584CD4F00 cmp al, byte ptr [$004FCD84]
00487634 7570 jnz 004876A6
00487636 A1F0804F00 mov eax, dword ptr [$004F80F0]
0048763B 8B00 mov eax, [eax]
0048763D 0FB68079030000 movzx eax, byte ptr [eax+$0379]
00487644 3A0585CD4F00 cmp al, byte ptr [$004FCD85]
0048764A 755A jnz 004876A6
0048764C A1F0804F00 mov eax, dword ptr [$004F80F0]
00487651 8B00 mov eax, [eax]
00487653 0FB6807A030000 movzx eax, byte ptr [eax+$037A]
0048765A 3A0586CD4F00 cmp al, byte ptr [$004FCD86]
00487660 7544 jnz 004876A6
00487662 A1F0804F00 mov eax, dword ptr [$004F80F0]
00487667 8B00 mov eax, [eax]
00487669 0FB6807B030000 movzx eax, byte ptr [eax+$037B]
00487670 3A0587CD4F00 cmp al, byte ptr [$004FCD87]
00487676 752E jnz 004876A6
00487678 A1F0804F00 mov eax, dword ptr [$004F80F0]
0048767D 8B00 mov eax, [eax]
0048767F 0FB6807C030000 movzx eax, byte ptr [eax+$037C]
00487686 3A0588CD4F00 cmp al, byte ptr [$004FCD88]
0048768C 7518 jnz 004876A6
0048768E C645FF01 mov byte ptr [ebp-$01], $01
|
00487692 E805030000 call 0048799C
|
00487697 E8E4F7FFFF call 00486E80
* Possible String Reference to: 'OK!'
|
0048769C B81C774800 mov eax, $0048771C
* Reference to : TMessageForm._PROC_00443670()
|
004876A1 E8CABFFBFF call 00443670
004876A6 807DFF00 cmp byte ptr [ebp-$01], $00
004876AA 750A jnz 004876B6
* Possible String Reference to: 'Error 序列号错误!'
|
004876AC B828774800 mov eax, $00487728
* Reference to : TMessageForm._PROC_00443670()
|
004876B1 E8BABFFBFF call 00443670
004876B6 33C0 xor eax, eax
004876B8 5A pop edx
004876B9 59 pop ecx
004876BA 59 pop ecx
004876BB 648910 mov fs:[eax], edx
004876BE EB20 jmp 004876E0
|
004876C0 E9CBDCF7FF jmp 00405390
004876C5 0100 add [eax], eax
004876C7 0000 add [eax], al
004876C9 20944000D17648 and [eax+eax*2+$4876D100], dl
004876D0 00B844774800 add [eax+$487744], bh
* Reference to : TMessageForm._PROC_00443670()
|
004876D6 E895BFFBFF call 00443670
|
004876DB E894DFF7FF call 00405674
****** END
|
004876E0 33C0 xor eax, eax
004876E2 5A pop edx
004876E3 59 pop ecx
004876E4 59 pop ecx
004876E5 648910 mov fs:[eax], edx
****** FINALLY
|
004876E8 680D774800 push $0048770D
004876ED 8D45F0 lea eax, [ebp-$10]
|
004876F0 E86FE5F7FF call 00405C64
004876F5 8D45F4 lea eax, [ebp-$0C]
|
004876F8 E867E5F7FF call 00405C64
004876FD 8D45F8 lea eax, [ebp-$08]
|
00487700 E85FE5F7FF call 00405C64
00487705 C3 ret
|
00487706 E90DDEF7FF jmp 00405518
0048770B EBE0 jmp 004876ED
****** END
|
0048770D 5F pop edi
0048770E 5E pop esi
0048770F 5B pop ebx
00487710 8BE5 mov esp, ebp
00487712 5D pop ebp
00487713 C3 ret
*)
end;
procedure TDialSN._PROC_00487706(Sender : TObject);
begin
(*
|
00487706 E90DDEF7FF jmp 00405518
|
0048770B EBE0 jmp 004876ED
0048770D 5F pop edi
0048770E 5E pop esi
0048770F 5B pop ebx
00487710 8BE5 mov esp, ebp
00487712 5D pop ebp
00487713 C3 ret
*)
end;
procedure TDialSN._PROC_00487761(Sender : TObject);
begin
(*
00487761 C4B80FB60590 les edi, [eax+$9005B60F]
00487767 D24F00 ror byte ptr [edi+$00], cl
0048776A 89442444 mov [esp+$44], eax
0048776E DB442444 fild dword ptr [esp+$44]
00487772 D80D84794800 fmul dword ptr [$00487984]
00487778 DB7C2408 fstp tbyte ptr [esp+$08]
0048777C 9B wait
0048777D DB6C2408 fld tbyte ptr [esp+$08]
00487781 DB2D88794800 fld tbyte ptr [$00487988]
00487787 DEC9 fmulp st(1), st(0)
00487789 DB7C2418 fstp tbyte ptr [esp+$18]
0048778D 9B wait
0048778E 0FB7442420 movzx eax, word ptr [esp+$20]
00487793 50 push eax
00487794 FF742420 push dword ptr [esp+$20]
00487798 FF742420 push dword ptr [esp+$20]
|
0048779C E8F7BCF7FF call 00403498
004877A1 DD1C24 fstp qword ptr [esp]
004877A4 9B wait
004877A5 DD0424 fld qword ptr [esp]
004877A8 D80D94794800 fmul dword ptr [$00487994]
004877AE 83C4F4 add esp, -$0C
004877B1 DB3C24 fstp tbyte ptr [esp]
004877B4 9B wait
|
004877B5 E88EBCF7FF call 00403448
004877BA DD1C24 fstp qword ptr [esp]
004877BD 9B wait
004877BE DD0424 fld qword ptr [esp]
004877C1 D80D94794800 fmul dword ptr [$00487994]
004877C7 83C4F4 add esp, -$0C
004877CA DB3C24 fstp tbyte ptr [esp]
004877CD 9B wait
|
004877CE E849BCF7FF call 0040341C
|
004877D3 E814BDF7FF call 004034EC
004877D8 A284CD4F00 mov byte ptr [$004FCD84], al
004877DD 0FB60591D24F00 movzx eax, byte ptr [$004FD291]
004877E4 89442444 mov [esp+$44], eax
004877E8 DB442444 fild dword ptr [esp+$44]
004877EC D80D84794800 fmul dword ptr [$00487984]
004877F2 D80584794800 fadd dword ptr [$00487984]
004877F8 83C4F4 add esp, -$0C
004877FB DB3C24 fstp tbyte ptr [esp]
004877FE 9B wait
|
004877FF E8B4BCF7FF call 004034B8
00487804 DD1C24 fstp qword ptr [esp]
00487807 9B wait
00487808 DD0424 fld qword ptr [esp]
0048780B D80D94794800 fmul dword ptr [$00487994]
00487811 83C4F4 add esp, -$0C
00487814 DB3C24 fstp tbyte ptr [esp]
00487817 9B wait
|
00487818 E82BBCF7FF call 00403448
0048781D DD1C24 fstp qword ptr [esp]
00487820 9B wait
00487821 DD0424 fld qword ptr [esp]
00487824 D80D94794800 fmul dword ptr [$00487994]
0048782A 83C4F4 add esp, -$0C
0048782D DB3C24 fstp tbyte ptr [esp]
00487830 9B wait
|
00487831 E8E6BBF7FF call 0040341C
|
00487836 E8B1BCF7FF call 004034EC
0048783B A285CD4F00 mov byte ptr [$004FCD85], al
00487840 0FB60592D24F00 movzx eax, byte ptr [$004FD292]
00487847 89442444 mov [esp+$44], eax
0048784B DB442444 fild dword ptr [esp+$44]
0048784F D80D84794800 fmul dword ptr [$00487984]
00487855 D83598794800 fdiv dword ptr [$00487998]
0048785B DB7C2428 fstp tbyte ptr [esp+$28]
0048785F 9B wait
00487860 DB6C2428 fld tbyte ptr [esp+$28]
00487864 DB2D88794800 fld tbyte ptr [$00487988]
0048786A DEC9 fmulp st(1), st(0)
0048786C DB7C2438 fstp tbyte ptr [esp+$38]
00487870 9B wait
00487871 0FB7442440 movzx eax, word ptr [esp+$40]
00487876 50 push eax
00487877 FF742440 push dword ptr [esp+$40]
0048787B FF742440 push dword ptr [esp+$40]
|
0048787F E8D07EF9FF call 0041F754
00487884 DD1C24 fstp qword ptr [esp]
00487887 9B wait
00487888 DD0424 fld qword ptr [esp]
0048788B D80D94794800 fmul dword ptr [$00487994]
00487891 83C4F4 add esp, -$0C
00487894 DB3C24 fstp tbyte ptr [esp]
00487897 9B wait
|
00487898 E8ABBBF7FF call 00403448
0048789D DD1C24 fstp qword ptr [esp]
004878A0 9B wait
004878A1 DD0424 fld qword ptr [esp]
004878A4 D80D94794800 fmul dword ptr [$00487994]
004878AA 83C4F4 add esp, -$0C
004878AD DB3C24 fstp tbyte ptr [esp]
004878B0 9B wait
|
004878B1 E866BBF7FF call 0040341C
|
004878B6 E831BCF7FF call 004034EC
004878BB A286CD4F00 mov byte ptr [$004FCD86], al
004878C0 0FB60593D24F00 movzx eax, byte ptr [$004FD293]
004878C7 89442444 mov [esp+$44], eax
004878CB DB442444 fild dword ptr [esp+$44]
004878CF D80D84794800 fmul dword ptr [$00487984]
004878D5 83C4F4 add esp, -$0C
004878D8 DB3C24 fstp tbyte ptr [esp]
004878DB 9B wait
|
004878DC E8937EF9FF call 0041F774
004878E1 DD1C24 fstp qword ptr [esp]
004878E4 9B wait
004878E5 DD0424 fld qword ptr [esp]
004878E8 D80D94794800 fmul dword ptr [$00487994]
004878EE 83C4F4 add esp, -$0C
004878F1 DB3C24 fstp tbyte ptr [esp]
004878F4 9B wait
|
004878F5 E84EBBF7FF call 00403448
004878FA DD1C24 fstp qword ptr [esp]
004878FD 9B wait
004878FE DD0424 fld qword ptr [esp]
00487901 D80D94794800 fmul dword ptr [$00487994]
00487907 83C4F4 add esp, -$0C
0048790A DB3C24 fstp tbyte ptr [esp]
0048790D 9B wait
|
0048790E E809BBF7FF call 0040341C
|
00487913 E8D4BBF7FF call 004034EC
00487918 A287CD4F00 mov byte ptr [$004FCD87], al
0048791D 0FB60594D24F00 movzx eax, byte ptr [$004FD294]
00487924 89442444 mov [esp+$44], eax
00487928 DB442444 fild dword ptr [esp+$44]
0048792C D80D84794800 fmul dword ptr [$00487984]
00487932 D80584794800 fadd dword ptr [$00487984]
00487938 83C4F4 add esp, -$0C
0048793B DB3C24 fstp tbyte ptr [esp]
0048793E 9B wait
|
0048793F E8207EF9FF call 0041F764
00487944 DD1C24 fstp qword ptr [esp]
00487947 9B wait
00487948 DD0424 fld qword ptr [esp]
0048794B D80D94794800 fmul dword ptr [$00487994]
00487951 83C4F4 add esp, -$0C
00487954 DB3C24 fstp tbyte ptr [esp]
00487957 9B wait
|
00487958 E8EBBAF7FF call 00403448
0048795D DD1C24 fstp qword ptr [esp]
00487960 9B wait
00487961 DD0424 fld qword ptr [esp]
00487964 D80D94794800 fmul dword ptr [$00487994]
0048796A 83C4F4 add esp, -$0C
0048796D DB3C24 fstp tbyte ptr [esp]
00487970 9B wait
|
00487971 E8A6BAF7FF call 0040341C
|
00487976 E871BBF7FF call 004034EC
0048797B A288CD4F00 mov byte ptr [$004FCD88], al
00487980 83C448 add esp, +$48
00487983 C3 ret
*)
end;
procedure TDialSN._PROC_0048799D(Sender : TObject);
begin
(*
0048799D 8BEC mov ebp, esp
0048799F 81C49CFAFFFF add esp, $FFFFFA9C
004879A5 53 push ebx
004879A6 56 push esi
004879A7 57 push edi
004879A8 33C0 xor eax, eax
004879AA 8985A4FAFFFF mov [ebp+$FFFFFAA4], eax
004879B0 8985A0FAFFFF mov [ebp+$FFFFFAA0], eax
004879B6 89859CFAFFFF mov [ebp+$FFFFFA9C], eax
004879BC 8985B0FAFFFF mov [ebp+$FFFFFAB0], eax
004879C2 8985ACFAFFFF mov [ebp+$FFFFFAAC], eax
004879C8 8985A8FAFFFF mov [ebp+$FFFFFAA8], eax
004879CE 33C0 xor eax, eax
004879D0 55 push ebp
* Possible String Reference to: '镽禀腓_^[嬪]?
|
004879D1 68C17B4800 push $00487BC1
***** TRY
|
004879D6 64FF30 push dword ptr fs:[eax]
004879D9 648920 mov fs:[eax], esp
004879DC 6804010000 push $00000104
004879E1 6891D04F00 push $004FD091
* Reference to: kernel32.GetSystemDirectoryA()
|
004879E6 E8490AF8FF call 00408434
004879EB B891D04F00 mov eax, $004FD091
|
004879F0 E88B38F8FF call 0040B280
004879F5 A290D04F00 mov byte ptr [$004FD090], al
004879FA 6804010000 push $00000104
004879FF 6891CF4F00 push $004FCF91
* Reference to: kernel32.GetWindowsDirectoryA()
|
00487A04 E85B0AF8FF call 00408464
00487A09 B891CF4F00 mov eax, $004FCF91
|
00487A0E E86D38F8FF call 0040B280
00487A13 A290CF4F00 mov byte ptr [$004FCF90], al
|
00487A18 E85BF8FFFF call 00487278
00487A1D 8D85ACFAFFFF lea eax, [ebp+$FFFFFAAC]
00487A23 BA90CF4F00 mov edx, $004FCF90
|
00487A28 E89BE4F7FF call 00405EC8
00487A2D FFB5ACFAFFFF push dword ptr [ebp+$FFFFFAAC]
00487A33 68D87B4800 push $00487BD8
00487A38 8D85A8FAFFFF lea eax, [ebp+$FFFFFAA8]
00487A3E BA90CD4F00 mov edx, $004FCD90
|
00487A43 E880E4F7FF call 00405EC8
00487A48 FFB5A8FAFFFF push dword ptr [ebp+$FFFFFAA8]
00487A4E 8D85B0FAFFFF lea eax, [ebp+$FFFFFAB0]
00487A54 BA03000000 mov edx, $00000003
|
00487A59 E88AE5F7FF call 00405FE8
00487A5E 8B95B0FAFFFF mov edx, [ebp+$FFFFFAB0]
00487A64 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487A6A E89DBDF7FF call 0040380C
00487A6F BA01000000 mov edx, $00000001
00487A74 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487A7A E8F5C5F7FF call 00404074
00487A7F 66BF0200 mov di, $0002
00487A83 66BB0004 mov bx, $0400
00487A87 8DB5B4FAFFFF lea esi, [ebp+$FFFFFAB4]
00487A8D B8FF000000 mov eax, $000000FF
|
00487A92 E845B9F7FF call 004033DC
00487A97 8806 mov [esi], al
00487A99 46 inc esi
00487A9A 66FFCB dec bx
00487A9D 75EE jnz 00487A8D
00487A9F C68518FBFFFF0A mov byte ptr [ebp+$FFFFFB18], $0A
00487AA6 C68519FBFFFF14 mov byte ptr [ebp+$FFFFFB19], $14
00487AAD C6851AFBFFFF1E mov byte ptr [ebp+$FFFFFB1A], $1E
00487AB4 C6851BFBFFFF28 mov byte ptr [ebp+$FFFFFB1B], $28
00487ABB 6A00 push $00
00487ABD 8D95B4FAFFFF lea edx, [ebp+$FFFFFAB4]
00487AC3 B900040000 mov ecx, $00000400
00487AC8 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487ACE E8C1BEF7FF call 00403994
|
00487AD3 E8E8B5F7FF call 004030C0
00487AD8 85C0 test eax, eax
00487ADA 0F85C3000000 jnz 00487BA3
00487AE0 66FFCF dec di
00487AE3 759E jnz 00487A83
00487AE5 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487AEB E8C4BEF7FF call 004039B4
00487AF0 8D85A0FAFFFF lea eax, [ebp+$FFFFFAA0]
00487AF6 BA90D04F00 mov edx, $004FD090
|
00487AFB E8C8E3F7FF call 00405EC8
00487B00 FFB5A0FAFFFF push dword ptr [ebp+$FFFFFAA0]
00487B06 68D87B4800 push $00487BD8
00487B0B 8D859CFAFFFF lea eax, [ebp+$FFFFFA9C]
00487B11 BA90CE4F00 mov edx, $004FCE90
|
00487B16 E8ADE3F7FF call 00405EC8
00487B1B FFB59CFAFFFF push dword ptr [ebp+$FFFFFA9C]
00487B21 8D85A4FAFFFF lea eax, [ebp+$FFFFFAA4]
00487B27 BA03000000 mov edx, $00000003
|
00487B2C E8B7E4F7FF call 00405FE8
00487B31 8B95A4FAFFFF mov edx, [ebp+$FFFFFAA4]
00487B37 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487B3D E8CABCF7FF call 0040380C
00487B42 BA01000000 mov edx, $00000001
00487B47 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487B4D E822C5F7FF call 00404074
00487B52 66BF0400 mov di, $0004
00487B56 66BB0004 mov bx, $0400
00487B5A 8DB5B4FAFFFF lea esi, [ebp+$FFFFFAB4]
00487B60 B8FF000000 mov eax, $000000FF
|
00487B65 E872B8F7FF call 004033DC
00487B6A 8806 mov [esi], al
00487B6C 46 inc esi
00487B6D 66FFCB dec bx
00487B70 75EE jnz 00487B60
00487B72 6A00 push $00
00487B74 8D95B4FAFFFF lea edx, [ebp+$FFFFFAB4]
00487B7A B900040000 mov ecx, $00000400
00487B7F 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487B85 E80ABEF7FF call 00403994
|
00487B8A E831B5F7FF call 004030C0
00487B8F 85C0 test eax, eax
00487B91 7510 jnz 00487BA3
00487B93 66FFCF dec di
00487B96 75BE jnz 00487B56
00487B98 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487B9E E811BEF7FF call 004039B4
00487BA3 33C0 xor eax, eax
00487BA5 5A pop edx
00487BA6 59 pop ecx
00487BA7 59 pop ecx
00487BA8 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '_^[嬪]?
|
00487BAB 68C87B4800 push $00487BC8
00487BB0 8D859CFAFFFF lea eax, [ebp+$FFFFFA9C]
00487BB6 BA06000000 mov edx, $00000006
|
00487BBB E8C8E0F7FF call 00405C88
00487BC0 C3 ret
|
00487BC1 E952D9F7FF jmp 00405518
00487BC6 EBE8 jmp 00487BB0
****** END
|
00487BC8 5F pop edi
00487BC9 5E pop esi
00487BCA 5B pop ebx
00487BCB 8BE5 mov esp, ebp
00487BCD 5D pop ebp
00487BCE C3 ret
*)
end;
procedure TDialSN._PROC_00487BDD(Sender : TObject);
begin
(*
00487BDD 8BEC mov ebp, esp
00487BDF 33C0 xor eax, eax
00487BE1 55 push ebp
00487BE2 68017C4800 push $00487C01
***** TRY
|
00487BE7 64FF30 push dword ptr fs:[eax]
00487BEA 648920 mov fs:[eax], esp
00487BED FF058CCD4F00 inc dword ptr [$004FCD8C]
00487BF3 33C0 xor eax, eax
00487BF5 5A pop edx
00487BF6 59 pop ecx
00487BF7 59 pop ecx
00487BF8 648910 mov fs:[eax], edx
****** FINALLY
|
00487BFB 68087C4800 push $00487C08
00487C00 C3 ret
|
00487C01 E912D9F7FF jmp 00405518
00487C06 EBF8 jmp 00487C00
****** END
|
00487C08 5D pop ebp
00487C09 C3 ret
*)
end;
procedure TDialSN._PROC_00487C0C(Sender : TObject);
begin
(*
00487C0C 55 push ebp
00487C0D 8BEC mov ebp, esp
00487C0F 83C4E8 add esp, -$18
00487C12 53 push ebx
00487C13 56 push esi
00487C14 57 push edi
00487C15 33C9 xor ecx, ecx
00487C17 894DF0 mov [ebp-$10], ecx
00487C1A 894DE8 mov [ebp-$18], ecx
00487C1D 894DEC mov [ebp-$14], ecx
00487C20 8BF0 mov esi, eax
00487C22 8D7DF8 lea edi, [ebp-$08]
00487C25 0FB60E movzx ecx, byte ptr [esi]
00487C28 80F907 cmp cl, $07
00487C2B 7202 jb 00487C2F
00487C2D B107 mov cl, $07
00487C2F 880F mov [edi], cl
00487C31 46 inc esi
00487C32 47 inc edi
00487C33 F3 rep
00487C34 A4 movsb
00487C35 8955F4 mov [ebp-$0C], edx
00487C38 33C0 xor eax, eax
00487C3A 55 push ebp
00487C3B 68B07C4800 push $00487CB0
***** TRY
|
00487C40 64FF30 push dword ptr fs:[eax]
00487C43 648920 mov fs:[eax], esp
00487C46 33DB xor ebx, ebx
00487C48 66BE1800 mov si, $0018
00487C4C BFF07A4F00 mov edi, $004F7AF0
00487C51 8D45EC lea eax, [ebp-$14]
00487C54 8D55F8 lea edx, [ebp-$08]
|
00487C57 E86CE2F7FF call 00405EC8
00487C5C 8B45EC mov eax, [ebp-$14]
00487C5F 8D55F0 lea edx, [ebp-$10]
|
00487C62 E86524F8FF call 0040A0CC
00487C67 8B45F0 mov eax, [ebp-$10]
00487C6A 50 push eax
00487C6B 8D45E8 lea eax, [ebp-$18]
00487C6E 8BD7 mov edx, edi
|
00487C70 E853E2F7FF call 00405EC8
00487C75 8B55E8 mov edx, [ebp-$18]
00487C78 58 pop eax
|
00487C79 E8F6E3F7FF call 00406074
00487C7E 750D jnz 00487C8D
00487C80 8B45F4 mov eax, [ebp-$0C]
00487C83 0FB65708 movzx edx, byte ptr [edi+$08]
00487C87 8810 mov [eax], dl
00487C89 B301 mov bl, $01
00487C8B EB08 jmp 00487C95
00487C8D 83C709 add edi, +$09
00487C90 66FFCE dec si
00487C93 75BC jnz 00487C51
00487C95 33C0 xor eax, eax
00487C97 5A pop edx
00487C98 59 pop ecx
00487C99 59 pop ecx
00487C9A 648910 mov fs:[eax], edx
****** FINALLY
|
00487C9D 68B77C4800 push $00487CB7
00487CA2 8D45E8 lea eax, [ebp-$18]
00487CA5 BA03000000 mov edx, $00000003
|
00487CAA E8D9DFF7FF call 00405C88
00487CAF C3 ret
|
00487CB0 E963D8F7FF jmp 00405518
00487CB5 EBEB jmp 00487CA2
****** END
|
00487CB7 8BC3 mov eax, ebx
00487CB9 5F pop edi
00487CBA 5E pop esi
00487CBB 5B pop ebx
00487CBC 8BE5 mov esp, ebp
00487CBE 5D pop ebp
00487CBF C3 ret
*)
end;
procedure TDialSN._PROC_00487CC0(Sender : TObject);
begin
(*
00487CC0 0C7D or al, $7D
00487CC2 48 dec eax
00487CC3 0000 add [eax], al
*)
end;
end.
//恳求高手指点迷津,非常感谢!!!
//程序代码的核心部分我已经用红色表示出来
//请高手帮我判断关键跳转在哪里?该怎么改?本人标示关键跳转,高手帮忙看看,本人菜鸟!请指教
unit FdialSN;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics,
Controls, Forms, Dialogs, StdCtrls, ExtCtrls
type
TDialSN=class(TForm)
OKBtn: TButton;
CancelBtn: TButton;
Bevel1: TBevel;
EWej: TEdit;
Ewyj: TEdit;
Label1: TLabel;
procedure CancelBtnClick(Sender : TObject);
procedure OKBtnClick(Sender : TObject);
procedure _PROC_00486E6B(Sender : TObject);
procedure _PROC_00486E81(Sender : TObject);
procedure _PROC_00486F04(Sender : TObject);
procedure _PROC_004870A5(Sender : TObject);
procedure _PROC_0048728B(Sender : TObject);
procedure _PROC_00487331(Sender : TObject);
procedure _PROC_0048743D(Sender : TObject);
procedure _PROC_004874D0(Sender : TObject);
procedure _PROC_0048750C(Sender : TObject);
procedure _PROC_00487706(Sender : TObject);
procedure _PROC_00487761(Sender : TObject);
procedure _PROC_0048799D(Sender : TObject);
procedure _PROC_00487BDD(Sender : TObject);
procedure _PROC_00487C0C(Sender : TObject);
procedure _PROC_00487CC0(Sender : TObject);
private
{ Private declarations }
public
{ Public declarations }
end ;
var
DialSN: TDialSN;
{This file is generated by DaRk Ver 3.50.04 Copyright (c) 1999-2002 DaFixer}
implementation
{$R *.DFM}
procedure TDialSN.CancelBtnClick(Sender : TObject);
//这个窗体上对应的取消按钮,在此不需要考虑
begin
(*
00486C94 53 push ebx
00486C95 8BD8 mov ebx, eax
00486C97 33D2 xor edx, edx
* Reference to control Ewyj : TEdit
|
00486C99 8B8370030000 mov eax, [ebx+$0370]
|
00486C9F E830B4FCFF call 004520D4
00486CA4 8D8378030000 lea eax, [ebx+$0378]
00486CAA 33C9 xor ecx, ecx
00486CAC BA05000000 mov edx, $00000005
|
00486CB1 E8EACFF7FF call 00403CA0
00486CB6 5B pop ebx
00486CB7 C3 ret
*)
end;
procedure TDialSN.OKBtnClick(Sender : TObject);//核心,点击确认按钮的动作,请高手分析该段代码
//请高手帮我判断关键调转在哪里?该怎么改?
begin
(*
00486CB8 55 push ebp
00486CB9 8BEC mov ebp, esp
00486CBB 83C4DC add esp, -$24
00486CBE 53 push ebx
00486CBF 56 push esi
00486CC0 57 push edi
00486CC1 33C9 xor ecx, ecx
00486CC3 894DDC mov [ebp-$24], ecx
00486CC6 894DE0 mov [ebp-$20], ecx
00486CC9 894DE4 mov [ebp-$1C], ecx
00486CCC 894DF4 mov [ebp-$0C], ecx
00486CCF 8945FC mov [ebp-$04], eax
00486CD2 33C0 xor eax, eax
00486CD4 55 push ebp
* Possible String Reference to: '楱骥脎_^[嬪]?
|
00486CD5 686B6E4800 push $00486E6B
***** TRY
|
00486CDA 64FF30 push dword ptr fs:[eax]
00486CDD 648920 mov fs:[eax], esp
00486CE0 8B45FC mov eax, [ebp-$04]
00486CE3 0578030000 add eax, +$00000378
00486CE8 33C9 xor ecx, ecx
00486CEA BA05000000 mov edx, $00000005
|
00486CEF E8ACCFF7FF call 00403CA0
00486CF4 33D2 xor edx, edx
00486CF6 55 push ebp
00486CF7 68066E4800 push $00486E06
***** TRY
|
00486CFC 64FF32 push dword ptr fs:[edx]
00486CFF 648922 mov fs:[edx], esp
00486D02 8D55F4 lea edx, [ebp-$0C]
00486D05 8B45FC mov eax, [ebp-$04]
* Reference to control Ewyj : TEdit
|
00486D08 8B8070030000 mov eax, [eax+$0370]
|
00486D0E E891B3FCFF call 004520A4
00486D13 8B45F4 mov eax, [ebp-$0C]
00486D16 8945F0 mov [ebp-$10], eax
00486D19 8B45F0 mov eax, [ebp-$10]
00486D1C 85C0 test eax, eax
00486D1E 7405 jz 00486D25 //本人认为这里是关键跳转,但是将74该EB和90后,还是不行
00486D20 83E804 sub eax, +$04
00486D23 8B00 mov eax, [eax]
00486D25 83F80A cmp eax, +$0A
00486D28 0F85BE000000 jnz 00486DEC //是否是关键跳转
00486D2E 66BB0100 mov bx, $0001
00486D32 BA7C6E4800 mov edx, $00486E7C
00486D37 8D45EC lea eax, [ebp-$14]
|
00486D3A E8FDCCF7FF call 00403A3C
00486D3F 8D55E4 lea edx, [ebp-$1C]
00486D42 8B45FC mov eax, [ebp-$04]
* Reference to control Ewyj : TEdit
|
00486D45 8B8070030000 mov eax, [eax+$0370]
|
00486D4B E854B3FCFF call 004520A4
00486D50 8B45E4 mov eax, [ebp-$1C]
00486D53 0FB7D3 movzx edx, bx
00486D56 03D2 add edx, edx
00486D58 0FB65410FE movzx edx, byte ptr [eax+edx-$02]
00486D5D 8D45E8 lea eax, [ebp-$18]
00486D60 885001 mov [eax+$01], dl
00486D63 C60001 mov byte ptr [eax], $01
00486D66 8D55E8 lea edx, [ebp-$18]
00486D69 8D45EC lea eax, [ebp-$14]
00486D6C B102 mov cl, $02
|
00486D6E E899CCF7FF call 00403A0C
00486D73 8D55EC lea edx, [ebp-$14]
00486D76 8D45F0 lea eax, [ebp-$10]
|
00486D79 E8BECCF7FF call 00403A3C
00486D7E 8D55E0 lea edx, [ebp-$20]
00486D81 8B45FC mov eax, [ebp-$04]
* Reference to control Ewyj : TEdit
|
00486D84 8B8070030000 mov eax, [eax+$0370]
|
00486D8A E815B3FCFF call 004520A4
00486D8F 8B45E0 mov eax, [ebp-$20]
00486D92 0FB7D3 movzx edx, bx
00486D95 03D2 add edx, edx
00486D97 0FB65410FF movzx edx, byte ptr [eax+edx-$01]
00486D9C 8D45E8 lea eax, [ebp-$18]
00486D9F 885001 mov [eax+$01], dl
00486DA2 C60001 mov byte ptr [eax], $01
00486DA5 8D55E8 lea edx, [ebp-$18]
00486DA8 8D45F0 lea eax, [ebp-$10]
00486DAB B103 mov cl, $03
|
00486DAD E85ACCF7FF call 00403A0C
00486DB2 8D55F0 lea edx, [ebp-$10]
00486DB5 8D45F8 lea eax, [ebp-$08]
00486DB8 B103 mov cl, $03
|
00486DBA E889CCF7FF call 00403A48
00486DBF 8D45DC lea eax, [ebp-$24]
00486DC2 8D55F8 lea edx, [ebp-$08]
|
00486DC5 E8FEF0F7FF call 00405EC8
00486DCA 8B45DC mov eax, [ebp-$24]
|
00486DCD E8AA3AF8FF call 0040A87C
00486DD2 0FB7D3 movzx edx, bx
00486DD5 8B4DFC mov ecx, [ebp-$04]
00486DD8 88841177030000 mov [ecx+edx+$0377], al
00486DDF 43 inc ebx
00486DE0 6683FB06 cmp bx, +$06
00486DE4 0F8548FFFFFF jnz 00486D32
00486DEA EB10 jmp 00486DFC
00486DEC 8B45FC mov eax, [ebp-$04]
* Reference to control Ewyj : TEdit
|
00486DEF 8B8070030000 mov eax, [eax+$0370]
00486DF5 33D2 xor edx, edx
|
00486DF7 E8D8B2FCFF call 004520D4
00486DFC 33C0 xor eax, eax
00486DFE 5A pop edx
00486DFF 59 pop ecx
00486E00 59 pop ecx
00486E01 648910 mov fs:[eax], edx
00486E04 EB3A jmp 00486E40
|
00486E06 E985E5F7FF jmp 00405390
00486E0B 0100 add [eax], eax
00486E0D 0000 add [eax], al
00486E0F 20944000176E48 and [eax+eax*2+$486E1700], dl
00486E16 008B45FC0578 add [ebx+$7805FC45], cl
00486E1C 0300 add eax, [eax]
00486E1E 0033 add [ebx], dh
00486E20 C9 leave
00486E21 BA05000000 mov edx, $00000005
|
00486E26 E875CEF7FF call 00403CA0
00486E2B 8B45FC mov eax, [ebp-$04]
* Reference to control Ewyj : TEdit
|
00486E2E 8B8070030000 mov eax, [eax+$0370]
00486E34 33D2 xor edx, edx
|
00486E36 E899B2FCFF call 004520D4
|
00486E3B E834E8F7FF call 00405674
****** END
|
00486E40 33C0 xor eax, eax
00486E42 5A pop edx
00486E43 59 pop ecx
00486E44 59 pop ecx
00486E45 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '_^[嬪]?
|
00486E48 68726E4800 push $00486E72
00486E4D 8D45DC lea eax, [ebp-$24]
|
00486E50 E80FEEF7FF call 00405C64
00486E55 8D45E0 lea eax, [ebp-$20]
00486E58 BA02000000 mov edx, $00000002
|
00486E5D E826EEF7FF call 00405C88
00486E62 8D45F4 lea eax, [ebp-$0C]
|
00486E65 E8FAEDF7FF call 00405C64
00486E6A C3 ret
|
00486E6B E9A8E6F7FF jmp 00405518
00486E70 EBDB jmp 00486E4D
****** END
|
00486E72 5F pop edi
00486E73 5E pop esi
00486E74 5B pop ebx
00486E75 8BE5 mov esp, ebp
00486E77 5D pop ebp
00486E78 C3 ret
*)
end;
procedure TDialSN._PROC_00486E6B(Sender : TObject);
begin
(*
|
00486E6B E9A8E6F7FF jmp 00405518
|
00486E70 EBDB jmp 00486E4D
00486E72 5F pop edi
00486E73 5E pop esi
00486E74 5B pop ebx
00486E75 8BE5 mov esp, ebp
00486E77 5D pop ebp
00486E78 C3 ret
*)
end;
procedure TDialSN._PROC_00486E81(Sender : TObject);
begin
(*
00486E81 8BEC mov ebp, esp
00486E83 81C4F8FEFFFF add esp, $FFFFFEF8
00486E89 33C0 xor eax, eax
00486E8B 8985F8FEFFFF mov [ebp+$FFFFFEF8], eax
00486E91 33C0 xor eax, eax
00486E93 55 push ebp
00486E94 68F76E4800 push $00486EF7
***** TRY
|
00486E99 64FF30 push dword ptr fs:[eax]
00486E9C 648920 mov fs:[eax], esp
00486E9F 8D85F8FEFFFF lea eax, [ebp+$FFFFFEF8]
00486EA5 BA90D14F00 mov edx, $004FD190
|
00486EAA E819F0F7FF call 00405EC8
00486EAF 8B95F8FEFFFF mov edx, [ebp+$FFFFFEF8]
00486EB5 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
|
00486EBB E89444F8FF call 0040B354
00486EC0 8D45FC lea eax, [ebp-$04]
00486EC3 50 push eax
00486EC4 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
00486ECA 50 push eax
00486ECB 6802000080 push $80000002
* Reference to: advapi32.RegCreateKeyA()
|
00486ED0 E8BF13F8FF call 00408294
00486ED5 8B45FC mov eax, [ebp-$04]
00486ED8 50 push eax
* Reference to: advapi32.RegCloseKey()
|
00486ED9 E8AE13F8FF call 0040828C
00486EDE 33C0 xor eax, eax
00486EE0 5A pop edx
00486EE1 59 pop ecx
00486EE2 59 pop ecx
00486EE3 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '嬪]脣繳嬱伳帼S3缐呰?墔濑墔帼
| 墔墔酤墔瘙墔3繳h塸H'
|
00486EE6 68FE6E4800 push $00486EFE
00486EEB 8D85F8FEFFFF lea eax, [ebp+$FFFFFEF8]
|
00486EF1 E86EEDF7FF call 00405C64
00486EF6 C3 ret
|
00486EF7 E91CE6F7FF jmp 00405518
00486EFC EBED jmp 00486EEB
****** END
|
00486EFE 8BE5 mov esp, ebp
00486F00 5D pop ebp
00486F01 C3 ret
*)
end;
procedure TDialSN._PROC_00486F04(Sender : TObject);
begin
(*
00486F04 55 push ebp
00486F05 8BEC mov ebp, esp
00486F07 81C4E0FEFFFF add esp, $FFFFFEE0
00486F0D 53 push ebx
00486F0E 33C0 xor eax, eax
00486F10 8985E8FEFFFF mov [ebp+$FFFFFEE8], eax
00486F16 8985E4FEFFFF mov [ebp+$FFFFFEE4], eax
00486F1C 8985E0FEFFFF mov [ebp+$FFFFFEE0], eax
00486F22 8985F8FEFFFF mov [ebp+$FFFFFEF8], eax
00486F28 8985F4FEFFFF mov [ebp+$FFFFFEF4], eax
00486F2E 8985F0FEFFFF mov [ebp+$FFFFFEF0], eax
00486F34 8985FCFEFFFF mov [ebp+$FFFFFEFC], eax
00486F3A 33C0 xor eax, eax
00486F3C 55 push ebp
* Possible String Reference to: '閵澉胴[嬪]?
|
00486F3D 6889704800 push $00487089
***** TRY
|
00486F42 64FF30 push dword ptr fs:[eax]
00486F45 648920 mov fs:[eax], esp
00486F48 0FB61590D14F00 movzx edx, byte ptr [$004FD190]
00486F4F 83EA03 sub edx, +$03
00486F52 B890D14F00 mov eax, $004FD190
00486F57 B904000000 mov ecx, $00000004
|
00486F5C E8DFBFF7FF call 00402F40
00486F61 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
00486F67 BA90D14F00 mov edx, $004FD190
|
00486F6C E857EFF7FF call 00405EC8
00486F71 8B95FCFEFFFF mov edx, [ebp+$FFFFFEFC]
00486F77 8D8500FFFFFF lea eax, [ebp+$FFFFFF00]
|
00486F7D E8D243F8FF call 0040B354
00486F82 8D8500FFFFFF lea eax, [ebp+$FFFFFF00]
00486F88 50 push eax
00486F89 6802000080 push $80000002
* Reference to: advapi32.RegDeleteKeyA()
|
00486F8E E80913F8FF call 0040829C
00486F93 8D85F4FEFFFF lea eax, [ebp+$FFFFFEF4]
00486F99 BA90CF4F00 mov edx, $004FCF90
|
00486F9E E825EFF7FF call 00405EC8
00486FA3 FFB5F4FEFFFF push dword ptr [ebp+$FFFFFEF4]
00486FA9 68A0704800 push $004870A0
00486FAE 8D85F0FEFFFF lea eax, [ebp+$FFFFFEF0]
00486FB4 BA90CD4F00 mov edx, $004FCD90
|
00486FB9 E80AEFF7FF call 00405EC8
00486FBE FFB5F0FEFFFF push dword ptr [ebp+$FFFFFEF0]
00486FC4 8D85F8FEFFFF lea eax, [ebp+$FFFFFEF8]
00486FCA BA03000000 mov edx, $00000003
|
00486FCF E814F0F7FF call 00405FE8
00486FD4 8B9DF8FEFFFF mov ebx, [ebp+$FFFFFEF8]
00486FDA 899DECFEFFFF mov [ebp+$FFFFFEEC], ebx
00486FE0 8B85ECFEFFFF mov eax, [ebp+$FFFFFEEC]
|
00486FE6 E83DF1F7FF call 00406128
00486FEB 50 push eax
* Reference to: kernel32.DeleteFileA()
|
00486FEC E83B13F8FF call 0040832C
00486FF1 83F801 cmp eax, +$01
00486FF4 1BC0 sbb eax, eax
00486FF6 40 inc eax
00486FF7 8D85E4FEFFFF lea eax, [ebp+$FFFFFEE4]
00486FFD BA90D04F00 mov edx, $004FD090
|
00487002 E8C1EEF7FF call 00405EC8
00487007 FFB5E4FEFFFF push dword ptr [ebp+$FFFFFEE4]
0048700D 68A0704800 push $004870A0
00487012 8D85E0FEFFFF lea eax, [ebp+$FFFFFEE0]
00487018 BA90CE4F00 mov edx, $004FCE90
|
0048701D E8A6EEF7FF call 00405EC8
00487022 FFB5E0FEFFFF push dword ptr [ebp+$FFFFFEE0]
00487028 8D85E8FEFFFF lea eax, [ebp+$FFFFFEE8]
0048702E BA03000000 mov edx, $00000003
|
00487033 E8B0EFF7FF call 00405FE8
00487038 8B9DE8FEFFFF mov ebx, [ebp+$FFFFFEE8]
0048703E 899DECFEFFFF mov [ebp+$FFFFFEEC], ebx
00487044 8B85ECFEFFFF mov eax, [ebp+$FFFFFEEC]
|
0048704A E8D9F0F7FF call 00406128
0048704F 50 push eax
* Reference to: kernel32.DeleteFileA()
|
00487050 E8D712F8FF call 0040832C
00487055 83F801 cmp eax, +$01
00487058 1BC0 sbb eax, eax
0048705A 40 inc eax
0048705B 33C0 xor eax, eax
0048705D 5A pop edx
0048705E 59 pop ecx
0048705F 59 pop ecx
00487060 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '[嬪]?
|
00487063 6890704800 push $00487090
00487068 8D85E0FEFFFF lea eax, [ebp+$FFFFFEE0]
0048706E BA03000000 mov edx, $00000003
|
00487073 E810ECF7FF call 00405C88
00487078 8D85F0FEFFFF lea eax, [ebp+$FFFFFEF0]
0048707E BA04000000 mov edx, $00000004
|
00487083 E800ECF7FF call 00405C88
00487088 C3 ret
|
00487089 E98AE4F7FF jmp 00405518
0048708E EBD8 jmp 00487068
****** END
|
00487090 5B pop ebx
00487091 8BE5 mov esp, ebp
00487093 5D pop ebp
00487094 C3 ret
*)
end;
procedure TDialSN._PROC_004870A5(Sender : TObject);
begin
(*
004870A5 8BEC mov ebp, esp
004870A7 81C49CF6FFFF add esp, $FFFFF69C
004870AD 53 push ebx
004870AE 33C0 xor eax, eax
004870B0 8985A4F6FFFF mov [ebp+$FFFFF6A4], eax
004870B6 8985A0F6FFFF mov [ebp+$FFFFF6A0], eax
004870BC 89859CF6FFFF mov [ebp+$FFFFF69C], eax
004870C2 8985B0F6FFFF mov [ebp+$FFFFF6B0], eax
004870C8 8985ACF6FFFF mov [ebp+$FFFFF6AC], eax
004870CE 8985A8F6FFFF mov [ebp+$FFFFF6A8], eax
004870D4 33C0 xor eax, eax
004870D6 55 push ebp
004870D7 685E724800 push $0048725E
***** TRY
|
004870DC 64FF30 push dword ptr fs:[eax]
004870DF 648920 mov fs:[eax], esp
004870E2 33DB xor ebx, ebx
004870E4 8D85ACF6FFFF lea eax, [ebp+$FFFFF6AC]
004870EA BA90CF4F00 mov edx, $004FCF90
|
004870EF E8D4EDF7FF call 00405EC8
004870F4 FFB5ACF6FFFF push dword ptr [ebp+$FFFFF6AC]
004870FA 6874724800 push $00487274
004870FF 8D85A8F6FFFF lea eax, [ebp+$FFFFF6A8]
00487105 BA90CD4F00 mov edx, $004FCD90
|
0048710A E8B9EDF7FF call 00405EC8
0048710F FFB5A8F6FFFF push dword ptr [ebp+$FFFFF6A8]
00487115 8D85B0F6FFFF lea eax, [ebp+$FFFFF6B0]
0048711B BA03000000 mov edx, $00000003
|
00487120 E8C3EEF7FF call 00405FE8
00487125 8B95B0F6FFFF mov edx, [ebp+$FFFFF6B0]
0048712B 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487131 E8D6C6F7FF call 0040380C
00487136 BA01000000 mov edx, $00000001
0048713B 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487141 E812CFF7FF call 00404058
00487146 6A00 push $00
00487148 8D95B4F6FFFF lea edx, [ebp+$FFFFF6B4]
0048714E B900080000 mov ecx, $00000800
00487153 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487159 E816C8F7FF call 00403974
0048715E 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487164 E84BC8F7FF call 004039B4
00487169 80BD18F7FFFF0A cmp byte ptr [ebp+$FFFFF718], $0A
00487170 0F85CA000000 jnz 00487240
00487176 80BD19F7FFFF14 cmp byte ptr [ebp+$FFFFF719], $14
0048717D 0F85BD000000 jnz 00487240
00487183 80BD1AF7FFFF1E cmp byte ptr [ebp+$FFFFF71A], $1E
0048718A 0F85B0000000 jnz 00487240
00487190 80BD1BF7FFFF28 cmp byte ptr [ebp+$FFFFF71B], $28
00487197 0F85A3000000 jnz 00487240
0048719D B301 mov bl, $01
0048719F C68518F7FFFF06 mov byte ptr [ebp+$FFFFF718], $06
004871A6 C68519F7FFFF10 mov byte ptr [ebp+$FFFFF719], $10
004871AD C6851AF7FFFF1E mov byte ptr [ebp+$FFFFF71A], $1E
004871B4 C6851BF7FFFF43 mov byte ptr [ebp+$FFFFF71B], $43
004871BB 8D85A0F6FFFF lea eax, [ebp+$FFFFF6A0]
004871C1 BA90CF4F00 mov edx, $004FCF90
|
004871C6 E8FDECF7FF call 00405EC8
004871CB FFB5A0F6FFFF push dword ptr [ebp+$FFFFF6A0]
004871D1 6874724800 push $00487274
004871D6 8D859CF6FFFF lea eax, [ebp+$FFFFF69C]
004871DC BA90CD4F00 mov edx, $004FCD90
|
004871E1 E8E2ECF7FF call 00405EC8
004871E6 FFB59CF6FFFF push dword ptr [ebp+$FFFFF69C]
004871EC 8D85A4F6FFFF lea eax, [ebp+$FFFFF6A4]
004871F2 BA03000000 mov edx, $00000003
|
004871F7 E8ECEDF7FF call 00405FE8
004871FC 8B95A4F6FFFF mov edx, [ebp+$FFFFF6A4]
00487202 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487208 E8FFC5F7FF call 0040380C
0048720D BA01000000 mov edx, $00000001
00487212 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487218 E83BCEF7FF call 00404058
0048721D 6A00 push $00
0048721F 8D95B4F6FFFF lea edx, [ebp+$FFFFF6B4]
00487225 B900080000 mov ecx, $00000800
0048722A 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487230 E85FC7F7FF call 00403994
00487235 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
0048723B E874C7F7FF call 004039B4
00487240 33C0 xor eax, eax
00487242 5A pop edx
00487243 59 pop ecx
00487244 59 pop ecx
00487245 648910 mov fs:[eax], edx
****** FINALLY
|
00487248 6865724800 push $00487265
0048724D 8D859CF6FFFF lea eax, [ebp+$FFFFF69C]
00487253 BA06000000 mov edx, $00000006
|
00487258 E82BEAF7FF call 00405C88
0048725D C3 ret
|
0048725E E9B5E2F7FF jmp 00405518
00487263 EBE8 jmp 0048724D
****** END
|
00487265 8BC3 mov eax, ebx
00487267 5B pop ebx
00487268 8BE5 mov esp, ebp
0048726A 5D pop ebp
0048726B C3 ret
*)
end;
procedure TDialSN._PROC_0048728B(Sender : TObject);
begin
(*
0048728B EB64 jmp 004872F1
0048728D 8819 mov [ecx], bl
0048728F 41 inc ecx
00487290 42 inc edx
00487291 66FFC8 dec ax
00487294 75F1 jnz 00487287
00487296 C6059BCD4F006C mov byte ptr [$004FCD9B], $6C
0048729D C60590CD4F000B mov byte ptr [$004FCD90], $0B
004872A4 66B80800 mov ax, $0008
* Possible String Reference to: '炎槙檼刃'
|
004872A8 BA09734800 mov edx, $00487309
004872AD B991CE4F00 mov ecx, $004FCE91
004872B2 0FB61A movzx ebx, byte ptr [edx]
004872B5 83EB64 sub ebx, +$64
004872B8 8819 mov [ecx], bl
004872BA 41 inc ecx
004872BB 42 inc edx
004872BC 66FFC8 dec ax
004872BF 75F1 jnz 004872B2
004872C1 C60599CE4F006C mov byte ptr [$004FCE99], $6C
004872C8 C60590CE4F0009 mov byte ptr [$004FCE90], $09
004872CF 66B81A00 mov ax, $001A
* Possible String Reference to: '子守叟稚姥颓钟子守辣阀罉挋'
|
004872D3 BA15734800 mov edx, $00487315
004872D8 B991D14F00 mov ecx, $004FD191
004872DD 0FB61A movzx ebx, byte ptr [edx]
004872E0 83EB64 sub ebx, +$64
004872E3 8819 mov [ecx], bl
004872E5 41 inc ecx
004872E6 42 inc edx
004872E7 66FFC8 dec ax
004872EA 75F1 jnz 004872DD
004872EC 0FB60514734800 movzx eax, byte ptr [$00487314]
004872F3 A290D14F00 mov byte ptr [$004FD190], al
004872F8 5B pop ebx
004872F9 C3 ret
*)
end;
procedure TDialSN._PROC_00487331(Sender : TObject);
begin
(*
00487331 8BEC mov ebp, esp
00487333 33C9 xor ecx, ecx
00487335 51 push ecx
00487336 51 push ecx
00487337 51 push ecx
00487338 51 push ecx
00487339 51 push ecx
0048733A 51 push ecx
0048733B 53 push ebx
0048733C 33C0 xor eax, eax
0048733E 55 push ebp
* Possible String Reference to: '轵圜腚嬅[嬪]?
|
0048733F 6821744800 push $00487421
***** TRY
|
00487344 64FF30 push dword ptr fs:[eax]
00487347 648920 mov fs:[eax], esp
0048734A 33DB xor ebx, ebx
0048734C 6804010000 push $00000104
00487351 6891D04F00 push $004FD091
* Reference to: kernel32.GetSystemDirectoryA()
|
00487356 E8D910F8FF call 00408434
0048735B B891D04F00 mov eax, $004FD091
|
00487360 E81B3FF8FF call 0040B280
00487365 A290D04F00 mov byte ptr [$004FD090], al
0048736A 6804010000 push $00000104
0048736F 6891CF4F00 push $004FCF91
* Reference to: kernel32.GetWindowsDirectoryA()
|
00487374 E8EB10F8FF call 00408464
00487379 B891CF4F00 mov eax, $004FCF91
|
0048737E E8FD3EF8FF call 0040B280
00487383 A290CF4F00 mov byte ptr [$004FCF90], al
00487388 8D45F8 lea eax, [ebp-$08]
0048738B BA90CF4F00 mov edx, $004FCF90
|
00487390 E833EBF7FF call 00405EC8
00487395 FF75F8 push dword ptr [ebp-$08]
00487398 6838744800 push $00487438
0048739D 8D45F4 lea eax, [ebp-$0C]
004873A0 BA90CD4F00 mov edx, $004FCD90
|
004873A5 E81EEBF7FF call 00405EC8
004873AA FF75F4 push dword ptr [ebp-$0C]
004873AD 8D45FC lea eax, [ebp-$04]
004873B0 BA03000000 mov edx, $00000003
|
004873B5 E82EECF7FF call 00405FE8
004873BA 8B45FC mov eax, [ebp-$04]
|
004873BD E82A38F8FF call 0040ABEC
004873C2 84C0 test al, al
004873C4 7440 jz 00487406
004873C6 8D45EC lea eax, [ebp-$14]
004873C9 BA90D04F00 mov edx, $004FD090
|
004873CE E8F5EAF7FF call 00405EC8
004873D3 FF75EC push dword ptr [ebp-$14]
004873D6 6838744800 push $00487438
004873DB 8D45E8 lea eax, [ebp-$18]
004873DE BA90CE4F00 mov edx, $004FCE90
|
004873E3 E8E0EAF7FF call 00405EC8
004873E8 FF75E8 push dword ptr [ebp-$18]
004873EB 8D45F0 lea eax, [ebp-$10]
004873EE BA03000000 mov edx, $00000003
|
004873F3 E8F0EBF7FF call 00405FE8
004873F8 8B45F0 mov eax, [ebp-$10]
|
004873FB E8EC37F8FF call 0040ABEC
00487400 84C0 test al, al
00487402 7402 jz 00487406
00487404 B301 mov bl, $01
00487406 33C0 xor eax, eax
00487408 5A pop edx
00487409 59 pop ecx
0048740A 59 pop ecx
0048740B 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '嬅[嬪]?
|
0048740E 6828744800 push $00487428
00487413 8D45E8 lea eax, [ebp-$18]
00487416 BA06000000 mov edx, $00000006
|
0048741B E868E8F7FF call 00405C88
00487420 C3 ret
|
00487421 E9F2E0F7FF jmp 00405518
00487426 EBEB jmp 00487413
****** END
|
00487428 8BC3 mov eax, ebx
0048742A 5B pop ebx
0048742B 8BE5 mov esp, ebp
0048742D 5D pop ebp
0048742E C3 ret
*)
end;
procedure TDialSN._PROC_0048743D(Sender : TObject);
begin
(*
0048743D 8BEC mov ebp, esp
0048743F 81C4F8FEFFFF add esp, $FFFFFEF8
00487445 53 push ebx
00487446 56 push esi
00487447 33C0 xor eax, eax
00487449 8985F8FEFFFF mov [ebp+$FFFFFEF8], eax
0048744F 33C0 xor eax, eax
00487451 55 push ebp
00487452 68BF744800 push $004874BF
***** TRY
|
00487457 64FF30 push dword ptr fs:[eax]
0048745A 648920 mov fs:[eax], esp
0048745D 33DB xor ebx, ebx
0048745F 8D85F8FEFFFF lea eax, [ebp+$FFFFFEF8]
00487465 BA90D14F00 mov edx, $004FD190
|
0048746A E859EAF7FF call 00405EC8
0048746F 8B95F8FEFFFF mov edx, [ebp+$FFFFFEF8]
00487475 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
|
0048747B E8D43EF8FF call 0040B354
00487480 8D45FC lea eax, [ebp-$04]
00487483 50 push eax
00487484 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
0048748A 50 push eax
0048748B 6802000080 push $80000002
* Reference to: advapi32.RegOpenKeyA()
|
00487490 E8170EF8FF call 004082AC
00487495 8BF0 mov esi, eax
00487497 8B45FC mov eax, [ebp-$04]
0048749A 50 push eax
* Reference to: advapi32.RegCloseKey()
|
0048749B E8EC0DF8FF call 0040828C
004874A0 85F6 test esi, esi
004874A2 7502 jnz 004874A6
004874A4 B301 mov bl, $01
004874A6 33C0 xor eax, eax
004874A8 5A pop edx
004874A9 59 pop ecx
004874AA 59 pop ecx
004874AB 648910 mov fs:[eax], edx
****** FINALLY
|
004874AE 68C6744800 push $004874C6
004874B3 8D85F8FEFFFF lea eax, [ebp+$FFFFFEF8]
|
004874B9 E8A6E7F7FF call 00405C64
004874BE C3 ret
|
004874BF E954E0F7FF jmp 00405518
004874C4 EBED jmp 004874B3
****** END
|
004874C6 8BC3 mov eax, ebx
004874C8 5E pop esi
004874C9 5B pop ebx
004874CA 8BE5 mov esp, ebp
004874CC 5D pop ebp
004874CD C3 ret
*)
end;
procedure TDialSN._PROC_004874D0(Sender : TObject);
begin
(*
004874D0 53 push ebx
004874D1 33DB xor ebx, ebx
|
004874D3 E8A0FDFFFF call 00487278
|
004874D8 E853FEFFFF call 00487330
004874DD 84C0 test al, al
004874DF 7507 jnz 004874E8
* Reference to : TDialSN._PROC_00486F04()
|
004874E1 E81EFAFFFF call 00486F04
004874E6 EB20 jmp 00487508
|
004874E8 E8B7FBFFFF call 004870A4
004874ED 84C0 test al, al
004874EF 7405 jz 004874F6
|
004874F1 E88AF9FFFF call 00486E80
|
004874F6 E841FFFFFF call 0048743C
004874FB 84C0 test al, al
004874FD 7507 jnz 00487506
* Reference to : TDialSN._PROC_00486F04()
|
004874FF E800FAFFFF call 00486F04
00487504 EB02 jmp 00487508
00487506 B301 mov bl, $01
00487508 8BC3 mov eax, ebx
0048750A 5B pop ebx
0048750B C3 ret
*)
end;
procedure TDialSN._PROC_0048750C(Sender : TObject);
begin
(*
0048750C 55 push ebp
0048750D 8BEC mov ebp, esp
0048750F 33C9 xor ecx, ecx
00487511 51 push ecx
00487512 51 push ecx
00487513 51 push ecx
00487514 51 push ecx
00487515 53 push ebx
00487516 56 push esi
00487517 57 push edi
00487518 33C0 xor eax, eax
0048751A 55 push ebp
0048751B 6806774800 push $00487706
***** TRY
|
00487520 64FF30 push dword ptr fs:[eax]
00487523 648920 mov fs:[eax], esp
00487526 33C0 xor eax, eax
00487528 55 push ebp
00487529 68C0764800 push $004876C0
***** TRY
|
0048752E 64FF30 push dword ptr fs:[eax]
00487531 648920 mov fs:[eax], esp
00487534 C645FF00 mov byte ptr [ebp-$01], $00
00487538 A1F0804F00 mov eax, dword ptr [$004F80F0]
0048753D 833800 cmp dword ptr [eax], +$00
00487540 7516 jnz 00487558
00487542 33C9 xor ecx, ecx
00487544 B201 mov dl, $01
00487546 A18C6A4800 mov eax, dword ptr [$00486A8C]
* Reference to : TApplication._PROC_00467008()
|
0048754B E8B8FAFDFF call 00467008
00487550 8B15F0804F00 mov edx, [$004F80F0]
00487556 8902 mov [edx], eax
00487558 A1F0804F00 mov eax, dword ptr [$004F80F0]
0048755D 8B00 mov eax, [eax]
* Reference to control Ewyj : TEdit
|
0048755F 8B8070030000 mov eax, [eax+$0370]
00487565 33D2 xor edx, edx
|
00487567 E868ABFCFF call 004520D4
0048756C A1F0804F00 mov eax, dword ptr [$004F80F0]
00487571 8B00 mov eax, [eax]
* Reference to control EWej : TEdit
|
00487573 8B806C030000 mov eax, [eax+$036C]
00487579 33D2 xor edx, edx
|
0048757B E854ABFCFF call 004520D4
00487580 66BB0500 mov bx, $0005
00487584 BE90D24F00 mov esi, $004FD290
00487589 B8FF000000 mov eax, $000000FF
|
0048758E E849BEF7FF call 004033DC
00487593 8806 mov [esi], al
00487595 46 inc esi
00487596 66FFCB dec bx
00487599 75EE jnz 00487589
0048759B 66BB0500 mov bx, $0005
0048759F BE90D24F00 mov esi, $004FD290
004875A4 8D55F8 lea edx, [ebp-$08]
004875A7 A1F0804F00 mov eax, dword ptr [$004F80F0]
004875AC 8B00 mov eax, [eax]
* Reference to control EWej : TEdit
|
004875AE 8BB86C030000 mov edi, [eax+$036C]
004875B4 8BC7 mov eax, edi
|
004875B6 E8E9AAFCFF call 004520A4
004875BB 8D45F8 lea eax, [ebp-$08]
004875BE 50 push eax
004875BF 8D4DF4 lea ecx, [ebp-$0C]
004875C2 0FB606 movzx eax, byte ptr [esi]
004875C5 BA02000000 mov edx, $00000002
|
004875CA E88532F8FF call 0040A854
004875CF 8B55F4 mov edx, [ebp-$0C]
004875D2 58 pop eax
|
004875D3 E858E9F7FF call 00405F30
004875D8 8B55F8 mov edx, [ebp-$08]
004875DB A1F0804F00 mov eax, dword ptr [$004F80F0]
004875E0 8BC7 mov eax, edi
|
004875E2 E8EDAAFCFF call 004520D4
004875E7 46 inc esi
004875E8 66FFCB dec bx
004875EB 75B7 jnz 004875A4
004875ED A1F0804F00 mov eax, dword ptr [$004F80F0]
004875F2 8B00 mov eax, [eax]
004875F4 8B10 mov edx, [eax]
004875F6 FF92FC000000 call dword ptr [edx+$00FC]
004875FC 8D55F0 lea edx, [ebp-$10]
004875FF A1F0804F00 mov eax, dword ptr [$004F80F0]
00487604 8B00 mov eax, [eax]
* Reference to control Ewyj : TEdit
|
00487606 8B8070030000 mov eax, [eax+$0370]
|
0048760C E893AAFCFF call 004520A4
00487611 837DF000 cmp dword ptr [ebp-$10], +$00
00487615 0F848B000000 jz 004876A6
|
0048761B E840010000 call 00487760
00487620 A1F0804F00 mov eax, dword ptr [$004F80F0]
00487625 8B00 mov eax, [eax]
00487627 0FB68078030000 movzx eax, byte ptr [eax+$0378]
0048762E 3A0584CD4F00 cmp al, byte ptr [$004FCD84]
00487634 7570 jnz 004876A6
00487636 A1F0804F00 mov eax, dword ptr [$004F80F0]
0048763B 8B00 mov eax, [eax]
0048763D 0FB68079030000 movzx eax, byte ptr [eax+$0379]
00487644 3A0585CD4F00 cmp al, byte ptr [$004FCD85]
0048764A 755A jnz 004876A6
0048764C A1F0804F00 mov eax, dword ptr [$004F80F0]
00487651 8B00 mov eax, [eax]
00487653 0FB6807A030000 movzx eax, byte ptr [eax+$037A]
0048765A 3A0586CD4F00 cmp al, byte ptr [$004FCD86]
00487660 7544 jnz 004876A6
00487662 A1F0804F00 mov eax, dword ptr [$004F80F0]
00487667 8B00 mov eax, [eax]
00487669 0FB6807B030000 movzx eax, byte ptr [eax+$037B]
00487670 3A0587CD4F00 cmp al, byte ptr [$004FCD87]
00487676 752E jnz 004876A6
00487678 A1F0804F00 mov eax, dword ptr [$004F80F0]
0048767D 8B00 mov eax, [eax]
0048767F 0FB6807C030000 movzx eax, byte ptr [eax+$037C]
00487686 3A0588CD4F00 cmp al, byte ptr [$004FCD88]
0048768C 7518 jnz 004876A6
0048768E C645FF01 mov byte ptr [ebp-$01], $01
|
00487692 E805030000 call 0048799C
|
00487697 E8E4F7FFFF call 00486E80
* Possible String Reference to: 'OK!'
|
0048769C B81C774800 mov eax, $0048771C
* Reference to : TMessageForm._PROC_00443670()
|
004876A1 E8CABFFBFF call 00443670
004876A6 807DFF00 cmp byte ptr [ebp-$01], $00
004876AA 750A jnz 004876B6
* Possible String Reference to: 'Error 序列号错误!'
|
004876AC B828774800 mov eax, $00487728
* Reference to : TMessageForm._PROC_00443670()
|
004876B1 E8BABFFBFF call 00443670
004876B6 33C0 xor eax, eax
004876B8 5A pop edx
004876B9 59 pop ecx
004876BA 59 pop ecx
004876BB 648910 mov fs:[eax], edx
004876BE EB20 jmp 004876E0
|
004876C0 E9CBDCF7FF jmp 00405390
004876C5 0100 add [eax], eax
004876C7 0000 add [eax], al
004876C9 20944000D17648 and [eax+eax*2+$4876D100], dl
004876D0 00B844774800 add [eax+$487744], bh
* Reference to : TMessageForm._PROC_00443670()
|
004876D6 E895BFFBFF call 00443670
|
004876DB E894DFF7FF call 00405674
****** END
|
004876E0 33C0 xor eax, eax
004876E2 5A pop edx
004876E3 59 pop ecx
004876E4 59 pop ecx
004876E5 648910 mov fs:[eax], edx
****** FINALLY
|
004876E8 680D774800 push $0048770D
004876ED 8D45F0 lea eax, [ebp-$10]
|
004876F0 E86FE5F7FF call 00405C64
004876F5 8D45F4 lea eax, [ebp-$0C]
|
004876F8 E867E5F7FF call 00405C64
004876FD 8D45F8 lea eax, [ebp-$08]
|
00487700 E85FE5F7FF call 00405C64
00487705 C3 ret
|
00487706 E90DDEF7FF jmp 00405518
0048770B EBE0 jmp 004876ED
****** END
|
0048770D 5F pop edi
0048770E 5E pop esi
0048770F 5B pop ebx
00487710 8BE5 mov esp, ebp
00487712 5D pop ebp
00487713 C3 ret
*)
end;
procedure TDialSN._PROC_00487706(Sender : TObject);
begin
(*
|
00487706 E90DDEF7FF jmp 00405518
|
0048770B EBE0 jmp 004876ED
0048770D 5F pop edi
0048770E 5E pop esi
0048770F 5B pop ebx
00487710 8BE5 mov esp, ebp
00487712 5D pop ebp
00487713 C3 ret
*)
end;
procedure TDialSN._PROC_00487761(Sender : TObject);
begin
(*
00487761 C4B80FB60590 les edi, [eax+$9005B60F]
00487767 D24F00 ror byte ptr [edi+$00], cl
0048776A 89442444 mov [esp+$44], eax
0048776E DB442444 fild dword ptr [esp+$44]
00487772 D80D84794800 fmul dword ptr [$00487984]
00487778 DB7C2408 fstp tbyte ptr [esp+$08]
0048777C 9B wait
0048777D DB6C2408 fld tbyte ptr [esp+$08]
00487781 DB2D88794800 fld tbyte ptr [$00487988]
00487787 DEC9 fmulp st(1), st(0)
00487789 DB7C2418 fstp tbyte ptr [esp+$18]
0048778D 9B wait
0048778E 0FB7442420 movzx eax, word ptr [esp+$20]
00487793 50 push eax
00487794 FF742420 push dword ptr [esp+$20]
00487798 FF742420 push dword ptr [esp+$20]
|
0048779C E8F7BCF7FF call 00403498
004877A1 DD1C24 fstp qword ptr [esp]
004877A4 9B wait
004877A5 DD0424 fld qword ptr [esp]
004877A8 D80D94794800 fmul dword ptr [$00487994]
004877AE 83C4F4 add esp, -$0C
004877B1 DB3C24 fstp tbyte ptr [esp]
004877B4 9B wait
|
004877B5 E88EBCF7FF call 00403448
004877BA DD1C24 fstp qword ptr [esp]
004877BD 9B wait
004877BE DD0424 fld qword ptr [esp]
004877C1 D80D94794800 fmul dword ptr [$00487994]
004877C7 83C4F4 add esp, -$0C
004877CA DB3C24 fstp tbyte ptr [esp]
004877CD 9B wait
|
004877CE E849BCF7FF call 0040341C
|
004877D3 E814BDF7FF call 004034EC
004877D8 A284CD4F00 mov byte ptr [$004FCD84], al
004877DD 0FB60591D24F00 movzx eax, byte ptr [$004FD291]
004877E4 89442444 mov [esp+$44], eax
004877E8 DB442444 fild dword ptr [esp+$44]
004877EC D80D84794800 fmul dword ptr [$00487984]
004877F2 D80584794800 fadd dword ptr [$00487984]
004877F8 83C4F4 add esp, -$0C
004877FB DB3C24 fstp tbyte ptr [esp]
004877FE 9B wait
|
004877FF E8B4BCF7FF call 004034B8
00487804 DD1C24 fstp qword ptr [esp]
00487807 9B wait
00487808 DD0424 fld qword ptr [esp]
0048780B D80D94794800 fmul dword ptr [$00487994]
00487811 83C4F4 add esp, -$0C
00487814 DB3C24 fstp tbyte ptr [esp]
00487817 9B wait
|
00487818 E82BBCF7FF call 00403448
0048781D DD1C24 fstp qword ptr [esp]
00487820 9B wait
00487821 DD0424 fld qword ptr [esp]
00487824 D80D94794800 fmul dword ptr [$00487994]
0048782A 83C4F4 add esp, -$0C
0048782D DB3C24 fstp tbyte ptr [esp]
00487830 9B wait
|
00487831 E8E6BBF7FF call 0040341C
|
00487836 E8B1BCF7FF call 004034EC
0048783B A285CD4F00 mov byte ptr [$004FCD85], al
00487840 0FB60592D24F00 movzx eax, byte ptr [$004FD292]
00487847 89442444 mov [esp+$44], eax
0048784B DB442444 fild dword ptr [esp+$44]
0048784F D80D84794800 fmul dword ptr [$00487984]
00487855 D83598794800 fdiv dword ptr [$00487998]
0048785B DB7C2428 fstp tbyte ptr [esp+$28]
0048785F 9B wait
00487860 DB6C2428 fld tbyte ptr [esp+$28]
00487864 DB2D88794800 fld tbyte ptr [$00487988]
0048786A DEC9 fmulp st(1), st(0)
0048786C DB7C2438 fstp tbyte ptr [esp+$38]
00487870 9B wait
00487871 0FB7442440 movzx eax, word ptr [esp+$40]
00487876 50 push eax
00487877 FF742440 push dword ptr [esp+$40]
0048787B FF742440 push dword ptr [esp+$40]
|
0048787F E8D07EF9FF call 0041F754
00487884 DD1C24 fstp qword ptr [esp]
00487887 9B wait
00487888 DD0424 fld qword ptr [esp]
0048788B D80D94794800 fmul dword ptr [$00487994]
00487891 83C4F4 add esp, -$0C
00487894 DB3C24 fstp tbyte ptr [esp]
00487897 9B wait
|
00487898 E8ABBBF7FF call 00403448
0048789D DD1C24 fstp qword ptr [esp]
004878A0 9B wait
004878A1 DD0424 fld qword ptr [esp]
004878A4 D80D94794800 fmul dword ptr [$00487994]
004878AA 83C4F4 add esp, -$0C
004878AD DB3C24 fstp tbyte ptr [esp]
004878B0 9B wait
|
004878B1 E866BBF7FF call 0040341C
|
004878B6 E831BCF7FF call 004034EC
004878BB A286CD4F00 mov byte ptr [$004FCD86], al
004878C0 0FB60593D24F00 movzx eax, byte ptr [$004FD293]
004878C7 89442444 mov [esp+$44], eax
004878CB DB442444 fild dword ptr [esp+$44]
004878CF D80D84794800 fmul dword ptr [$00487984]
004878D5 83C4F4 add esp, -$0C
004878D8 DB3C24 fstp tbyte ptr [esp]
004878DB 9B wait
|
004878DC E8937EF9FF call 0041F774
004878E1 DD1C24 fstp qword ptr [esp]
004878E4 9B wait
004878E5 DD0424 fld qword ptr [esp]
004878E8 D80D94794800 fmul dword ptr [$00487994]
004878EE 83C4F4 add esp, -$0C
004878F1 DB3C24 fstp tbyte ptr [esp]
004878F4 9B wait
|
004878F5 E84EBBF7FF call 00403448
004878FA DD1C24 fstp qword ptr [esp]
004878FD 9B wait
004878FE DD0424 fld qword ptr [esp]
00487901 D80D94794800 fmul dword ptr [$00487994]
00487907 83C4F4 add esp, -$0C
0048790A DB3C24 fstp tbyte ptr [esp]
0048790D 9B wait
|
0048790E E809BBF7FF call 0040341C
|
00487913 E8D4BBF7FF call 004034EC
00487918 A287CD4F00 mov byte ptr [$004FCD87], al
0048791D 0FB60594D24F00 movzx eax, byte ptr [$004FD294]
00487924 89442444 mov [esp+$44], eax
00487928 DB442444 fild dword ptr [esp+$44]
0048792C D80D84794800 fmul dword ptr [$00487984]
00487932 D80584794800 fadd dword ptr [$00487984]
00487938 83C4F4 add esp, -$0C
0048793B DB3C24 fstp tbyte ptr [esp]
0048793E 9B wait
|
0048793F E8207EF9FF call 0041F764
00487944 DD1C24 fstp qword ptr [esp]
00487947 9B wait
00487948 DD0424 fld qword ptr [esp]
0048794B D80D94794800 fmul dword ptr [$00487994]
00487951 83C4F4 add esp, -$0C
00487954 DB3C24 fstp tbyte ptr [esp]
00487957 9B wait
|
00487958 E8EBBAF7FF call 00403448
0048795D DD1C24 fstp qword ptr [esp]
00487960 9B wait
00487961 DD0424 fld qword ptr [esp]
00487964 D80D94794800 fmul dword ptr [$00487994]
0048796A 83C4F4 add esp, -$0C
0048796D DB3C24 fstp tbyte ptr [esp]
00487970 9B wait
|
00487971 E8A6BAF7FF call 0040341C
|
00487976 E871BBF7FF call 004034EC
0048797B A288CD4F00 mov byte ptr [$004FCD88], al
00487980 83C448 add esp, +$48
00487983 C3 ret
*)
end;
procedure TDialSN._PROC_0048799D(Sender : TObject);
begin
(*
0048799D 8BEC mov ebp, esp
0048799F 81C49CFAFFFF add esp, $FFFFFA9C
004879A5 53 push ebx
004879A6 56 push esi
004879A7 57 push edi
004879A8 33C0 xor eax, eax
004879AA 8985A4FAFFFF mov [ebp+$FFFFFAA4], eax
004879B0 8985A0FAFFFF mov [ebp+$FFFFFAA0], eax
004879B6 89859CFAFFFF mov [ebp+$FFFFFA9C], eax
004879BC 8985B0FAFFFF mov [ebp+$FFFFFAB0], eax
004879C2 8985ACFAFFFF mov [ebp+$FFFFFAAC], eax
004879C8 8985A8FAFFFF mov [ebp+$FFFFFAA8], eax
004879CE 33C0 xor eax, eax
004879D0 55 push ebp
* Possible String Reference to: '镽禀腓_^[嬪]?
|
004879D1 68C17B4800 push $00487BC1
***** TRY
|
004879D6 64FF30 push dword ptr fs:[eax]
004879D9 648920 mov fs:[eax], esp
004879DC 6804010000 push $00000104
004879E1 6891D04F00 push $004FD091
* Reference to: kernel32.GetSystemDirectoryA()
|
004879E6 E8490AF8FF call 00408434
004879EB B891D04F00 mov eax, $004FD091
|
004879F0 E88B38F8FF call 0040B280
004879F5 A290D04F00 mov byte ptr [$004FD090], al
004879FA 6804010000 push $00000104
004879FF 6891CF4F00 push $004FCF91
* Reference to: kernel32.GetWindowsDirectoryA()
|
00487A04 E85B0AF8FF call 00408464
00487A09 B891CF4F00 mov eax, $004FCF91
|
00487A0E E86D38F8FF call 0040B280
00487A13 A290CF4F00 mov byte ptr [$004FCF90], al
|
00487A18 E85BF8FFFF call 00487278
00487A1D 8D85ACFAFFFF lea eax, [ebp+$FFFFFAAC]
00487A23 BA90CF4F00 mov edx, $004FCF90
|
00487A28 E89BE4F7FF call 00405EC8
00487A2D FFB5ACFAFFFF push dword ptr [ebp+$FFFFFAAC]
00487A33 68D87B4800 push $00487BD8
00487A38 8D85A8FAFFFF lea eax, [ebp+$FFFFFAA8]
00487A3E BA90CD4F00 mov edx, $004FCD90
|
00487A43 E880E4F7FF call 00405EC8
00487A48 FFB5A8FAFFFF push dword ptr [ebp+$FFFFFAA8]
00487A4E 8D85B0FAFFFF lea eax, [ebp+$FFFFFAB0]
00487A54 BA03000000 mov edx, $00000003
|
00487A59 E88AE5F7FF call 00405FE8
00487A5E 8B95B0FAFFFF mov edx, [ebp+$FFFFFAB0]
00487A64 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487A6A E89DBDF7FF call 0040380C
00487A6F BA01000000 mov edx, $00000001
00487A74 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487A7A E8F5C5F7FF call 00404074
00487A7F 66BF0200 mov di, $0002
00487A83 66BB0004 mov bx, $0400
00487A87 8DB5B4FAFFFF lea esi, [ebp+$FFFFFAB4]
00487A8D B8FF000000 mov eax, $000000FF
|
00487A92 E845B9F7FF call 004033DC
00487A97 8806 mov [esi], al
00487A99 46 inc esi
00487A9A 66FFCB dec bx
00487A9D 75EE jnz 00487A8D
00487A9F C68518FBFFFF0A mov byte ptr [ebp+$FFFFFB18], $0A
00487AA6 C68519FBFFFF14 mov byte ptr [ebp+$FFFFFB19], $14
00487AAD C6851AFBFFFF1E mov byte ptr [ebp+$FFFFFB1A], $1E
00487AB4 C6851BFBFFFF28 mov byte ptr [ebp+$FFFFFB1B], $28
00487ABB 6A00 push $00
00487ABD 8D95B4FAFFFF lea edx, [ebp+$FFFFFAB4]
00487AC3 B900040000 mov ecx, $00000400
00487AC8 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487ACE E8C1BEF7FF call 00403994
|
00487AD3 E8E8B5F7FF call 004030C0
00487AD8 85C0 test eax, eax
00487ADA 0F85C3000000 jnz 00487BA3
00487AE0 66FFCF dec di
00487AE3 759E jnz 00487A83
00487AE5 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487AEB E8C4BEF7FF call 004039B4
00487AF0 8D85A0FAFFFF lea eax, [ebp+$FFFFFAA0]
00487AF6 BA90D04F00 mov edx, $004FD090
|
00487AFB E8C8E3F7FF call 00405EC8
00487B00 FFB5A0FAFFFF push dword ptr [ebp+$FFFFFAA0]
00487B06 68D87B4800 push $00487BD8
00487B0B 8D859CFAFFFF lea eax, [ebp+$FFFFFA9C]
00487B11 BA90CE4F00 mov edx, $004FCE90
|
00487B16 E8ADE3F7FF call 00405EC8
00487B1B FFB59CFAFFFF push dword ptr [ebp+$FFFFFA9C]
00487B21 8D85A4FAFFFF lea eax, [ebp+$FFFFFAA4]
00487B27 BA03000000 mov edx, $00000003
|
00487B2C E8B7E4F7FF call 00405FE8
00487B31 8B95A4FAFFFF mov edx, [ebp+$FFFFFAA4]
00487B37 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487B3D E8CABCF7FF call 0040380C
00487B42 BA01000000 mov edx, $00000001
00487B47 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487B4D E822C5F7FF call 00404074
00487B52 66BF0400 mov di, $0004
00487B56 66BB0004 mov bx, $0400
00487B5A 8DB5B4FAFFFF lea esi, [ebp+$FFFFFAB4]
00487B60 B8FF000000 mov eax, $000000FF
|
00487B65 E872B8F7FF call 004033DC
00487B6A 8806 mov [esi], al
00487B6C 46 inc esi
00487B6D 66FFCB dec bx
00487B70 75EE jnz 00487B60
00487B72 6A00 push $00
00487B74 8D95B4FAFFFF lea edx, [ebp+$FFFFFAB4]
00487B7A B900040000 mov ecx, $00000400
00487B7F 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487B85 E80ABEF7FF call 00403994
|
00487B8A E831B5F7FF call 004030C0
00487B8F 85C0 test eax, eax
00487B91 7510 jnz 00487BA3
00487B93 66FFCF dec di
00487B96 75BE jnz 00487B56
00487B98 8D85B4FEFFFF lea eax, [ebp+$FFFFFEB4]
|
00487B9E E811BEF7FF call 004039B4
00487BA3 33C0 xor eax, eax
00487BA5 5A pop edx
00487BA6 59 pop ecx
00487BA7 59 pop ecx
00487BA8 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '_^[嬪]?
|
00487BAB 68C87B4800 push $00487BC8
00487BB0 8D859CFAFFFF lea eax, [ebp+$FFFFFA9C]
00487BB6 BA06000000 mov edx, $00000006
|
00487BBB E8C8E0F7FF call 00405C88
00487BC0 C3 ret
|
00487BC1 E952D9F7FF jmp 00405518
00487BC6 EBE8 jmp 00487BB0
****** END
|
00487BC8 5F pop edi
00487BC9 5E pop esi
00487BCA 5B pop ebx
00487BCB 8BE5 mov esp, ebp
00487BCD 5D pop ebp
00487BCE C3 ret
*)
end;
procedure TDialSN._PROC_00487BDD(Sender : TObject);
begin
(*
00487BDD 8BEC mov ebp, esp
00487BDF 33C0 xor eax, eax
00487BE1 55 push ebp
00487BE2 68017C4800 push $00487C01
***** TRY
|
00487BE7 64FF30 push dword ptr fs:[eax]
00487BEA 648920 mov fs:[eax], esp
00487BED FF058CCD4F00 inc dword ptr [$004FCD8C]
00487BF3 33C0 xor eax, eax
00487BF5 5A pop edx
00487BF6 59 pop ecx
00487BF7 59 pop ecx
00487BF8 648910 mov fs:[eax], edx
****** FINALLY
|
00487BFB 68087C4800 push $00487C08
00487C00 C3 ret
|
00487C01 E912D9F7FF jmp 00405518
00487C06 EBF8 jmp 00487C00
****** END
|
00487C08 5D pop ebp
00487C09 C3 ret
*)
end;
procedure TDialSN._PROC_00487C0C(Sender : TObject);
begin
(*
00487C0C 55 push ebp
00487C0D 8BEC mov ebp, esp
00487C0F 83C4E8 add esp, -$18
00487C12 53 push ebx
00487C13 56 push esi
00487C14 57 push edi
00487C15 33C9 xor ecx, ecx
00487C17 894DF0 mov [ebp-$10], ecx
00487C1A 894DE8 mov [ebp-$18], ecx
00487C1D 894DEC mov [ebp-$14], ecx
00487C20 8BF0 mov esi, eax
00487C22 8D7DF8 lea edi, [ebp-$08]
00487C25 0FB60E movzx ecx, byte ptr [esi]
00487C28 80F907 cmp cl, $07
00487C2B 7202 jb 00487C2F
00487C2D B107 mov cl, $07
00487C2F 880F mov [edi], cl
00487C31 46 inc esi
00487C32 47 inc edi
00487C33 F3 rep
00487C34 A4 movsb
00487C35 8955F4 mov [ebp-$0C], edx
00487C38 33C0 xor eax, eax
00487C3A 55 push ebp
00487C3B 68B07C4800 push $00487CB0
***** TRY
|
00487C40 64FF30 push dword ptr fs:[eax]
00487C43 648920 mov fs:[eax], esp
00487C46 33DB xor ebx, ebx
00487C48 66BE1800 mov si, $0018
00487C4C BFF07A4F00 mov edi, $004F7AF0
00487C51 8D45EC lea eax, [ebp-$14]
00487C54 8D55F8 lea edx, [ebp-$08]
|
00487C57 E86CE2F7FF call 00405EC8
00487C5C 8B45EC mov eax, [ebp-$14]
00487C5F 8D55F0 lea edx, [ebp-$10]
|
00487C62 E86524F8FF call 0040A0CC
00487C67 8B45F0 mov eax, [ebp-$10]
00487C6A 50 push eax
00487C6B 8D45E8 lea eax, [ebp-$18]
00487C6E 8BD7 mov edx, edi
|
00487C70 E853E2F7FF call 00405EC8
00487C75 8B55E8 mov edx, [ebp-$18]
00487C78 58 pop eax
|
00487C79 E8F6E3F7FF call 00406074
00487C7E 750D jnz 00487C8D
00487C80 8B45F4 mov eax, [ebp-$0C]
00487C83 0FB65708 movzx edx, byte ptr [edi+$08]
00487C87 8810 mov [eax], dl
00487C89 B301 mov bl, $01
00487C8B EB08 jmp 00487C95
00487C8D 83C709 add edi, +$09
00487C90 66FFCE dec si
00487C93 75BC jnz 00487C51
00487C95 33C0 xor eax, eax
00487C97 5A pop edx
00487C98 59 pop ecx
00487C99 59 pop ecx
00487C9A 648910 mov fs:[eax], edx
****** FINALLY
|
00487C9D 68B77C4800 push $00487CB7
00487CA2 8D45E8 lea eax, [ebp-$18]
00487CA5 BA03000000 mov edx, $00000003
|
00487CAA E8D9DFF7FF call 00405C88
00487CAF C3 ret
|
00487CB0 E963D8F7FF jmp 00405518
00487CB5 EBEB jmp 00487CA2
****** END
|
00487CB7 8BC3 mov eax, ebx
00487CB9 5F pop edi
00487CBA 5E pop esi
00487CBB 5B pop ebx
00487CBC 8BE5 mov esp, ebp
00487CBE 5D pop ebp
00487CBF C3 ret
*)
end;
procedure TDialSN._PROC_00487CC0(Sender : TObject);
begin
(*
00487CC0 0C7D or al, $7D
00487CC2 48 dec eax
00487CC3 0000 add [eax], al
*)
end;
end.
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
|
|
|---|---|
|
|
你要在过程中找到按钮事件,可以和petool配合使用。
|
|
|
我已经找到了按钮时间即为:TDialSN.OKBtnClick,请问兄台说的petool是什么???
|
|
|
高手呢?怎么没有人给我帮忙呀!大虾呢?
|
|
|
他的文章
- 求个破吧论坛官方邀请码 3728
- [求助]坚石诚信ET99加密狗 软复制 硬复制 指点迷津 46651
- [求助]坚石诚信ET99加密狗软复制 DLL劫持技术 7022
- 求坚石诚信ET99加密狗软复制技术 6915
- [讨论]坚石诚信ET99加密狗软复制采用DLL劫持技术 5401
赞赏
雪币:
留言: