-
-
[旧帖] [求助]DELPHI的程序如何下断 0.00雪花
-
发表于: 2009-5-22 10:58 1020
-
无注册成功和不成功的提示,用户代码随机生成,每次开关都不一样,注册码如果输入错了也没提示,就是把输入框中的内容清掉,输入正确无提示直接就跳登陆窗口,用DEDE反汇编以后找到了这个验证的地方,主要就集中在
00541170 8A01 mov al, byte ptr [ecx]
00541172 2C08 sub al, $08
00541174 7419 jz 0054118F
00541176 2C05 sub al, $05
00541178 7415 jz 0054118F
0054117A 04DD add al, -$23
0054117C 2C0A sub al, $0A
0054117E 720F jb 0054118F
00541180 04F9 add al, -$07
00541182 2C06 sub al, $06
00541184 7209 jb 0054118F
00541186 04E6 add al, -$1A
00541188 2C06 sub al, $06
0054118A 7203 jb 0054118F
0054118C C6010F mov byte ptr [ecx], $0F
0054118F C3 ret
这个是一个采集输入字符的事件,这里下断,在程序启动你刚输入1位注册码的时候程序就暂停了,单步跟踪找不到任何的注册信息……有点失望
这个是确认事件后的DEDE反汇编的东西
00540E2C 55 push ebp
00540E2D 8BEC mov ebp, esp
00540E2F B90E000000 mov ecx, $0000000E
00540E34 6A00 push $00
00540E36 6A00 push $00
00540E38 49 dec ecx
00540E39 75F9 jnz 00540E34
00540E3B 51 push ecx
00540E3C 53 push ebx
00540E3D 56 push esi
00540E3E 57 push edi
00540E3F 8BD8 mov ebx, eax
00540E41 33C0 xor eax, eax
00540E43 55 push ebp
00540E44 6862115400 push $00541162
***** TRY
|
00540E49 64FF30 push dword ptr fs:[eax]
00540E4C 648920 mov fs:[eax], esp
00540E4F 8D55FC lea edx, [ebp-$04]
* Reference to control Edit5 : TEdit
|
00540E52 8B8310030000 mov eax, [ebx+$0310]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540E58 E863F9F3FF call 004807C0
00540E5D 8B45FC mov eax, [ebp-$04]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
00540E60 E8373DECFF call 00404B9C
00540E65 83F804 cmp eax, +$04
00540E68 0F85C4020000 jnz 00541132
00540E6E 8D55F8 lea edx, [ebp-$08]
* Reference to control Edit6 : TEdit
|
00540E71 8B8314030000 mov eax, [ebx+$0314]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540E77 E844F9F3FF call 004807C0
00540E7C 8B45F8 mov eax, [ebp-$08]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
00540E7F E8183DECFF call 00404B9C
00540E84 83F804 cmp eax, +$04
00540E87 0F85A5020000 jnz 00541132
00540E8D 8D55F4 lea edx, [ebp-$0C]
* Reference to control Edit7 : TEdit
|
00540E90 8B8318030000 mov eax, [ebx+$0318]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540E96 E825F9F3FF call 004807C0
00540E9B 8B45F4 mov eax, [ebp-$0C]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
00540E9E E8F93CECFF call 00404B9C
00540EA3 83F804 cmp eax, +$04
00540EA6 0F8586020000 jnz 00541132
00540EAC 8D55F0 lea edx, [ebp-$10]
* Reference to control Edit8 : TEdit
|
00540EAF 8B831C030000 mov eax, [ebx+$031C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540EB5 E806F9F3FF call 004807C0
00540EBA 8B45F0 mov eax, [ebp-$10]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
00540EBD E8DA3CECFF call 00404B9C
00540EC2 83F804 cmp eax, +$04
00540EC5 0F8567020000 jnz 00541132
00540ECB 8D45EC lea eax, [ebp-$14]
00540ECE 50 push eax
00540ECF 8D55E8 lea edx, [ebp-$18]
* Reference to control Edit8 : TEdit
|
00540ED2 8B831C030000 mov eax, [ebx+$031C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540ED8 E8E3F8F3FF call 004807C0
00540EDD 8B45E8 mov eax, [ebp-$18]
00540EE0 B902000000 mov ecx, $00000002
00540EE5 BA01000000 mov edx, $00000001
* Reference to: System.@LStrCopy;
|
00540EEA E80D3FECFF call 00404DFC
00540EEF 8B55EC mov edx, [ebp-$14]
00540EF2 8BC3 mov eax, ebx
* Reference to : TRegisterForm._PROC_00541190()
|
00540EF4 E897020000 call 00541190
00540EF9 F6D0 not al
00540EFB 25FF000000 and eax, $000000FF
00540F00 8BF8 mov edi, eax
00540F02 C1E708 shl edi, $08
00540F05 8D45E4 lea eax, [ebp-$1C]
00540F08 50 push eax
00540F09 8D55E0 lea edx, [ebp-$20]
* Reference to control Edit8 : TEdit
|
00540F0C 8B831C030000 mov eax, [ebx+$031C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540F12 E8A9F8F3FF call 004807C0
00540F17 8B45E0 mov eax, [ebp-$20]
00540F1A B902000000 mov ecx, $00000002
00540F1F BA03000000 mov edx, $00000003
* Reference to: System.@LStrCopy;
|
00540F24 E8D33EECFF call 00404DFC
00540F29 8B55E4 mov edx, [ebp-$1C]
00540F2C 8BC3 mov eax, ebx
* Reference to : TRegisterForm._PROC_00541190()
|
00540F2E E85D020000 call 00541190
00540F33 F6D0 not al
00540F35 25FF000000 and eax, $000000FF
00540F3A 03F8 add edi, eax
00540F3C 33F6 xor esi, esi
00540F3E 56 push esi
00540F3F 57 push edi
00540F40 8D55D4 lea edx, [ebp-$2C]
* Reference to control Edit1 : TEdit
|
00540F43 8B8300030000 mov eax, [ebx+$0300]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540F49 E872F8F3FF call 004807C0
00540F4E FF75D4 push dword ptr [ebp-$2C]
00540F51 8D55D0 lea edx, [ebp-$30]
* Reference to control Edit2 : TEdit
|
00540F54 8B8304030000 mov eax, [ebx+$0304]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540F5A E861F8F3FF call 004807C0
00540F5F FF75D0 push dword ptr [ebp-$30]
00540F62 8D55CC lea edx, [ebp-$34]
* Reference to control Edit3 : TEdit
|
00540F65 8B8308030000 mov eax, [ebx+$0308]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540F6B E850F8F3FF call 004807C0
00540F70 FF75CC push dword ptr [ebp-$34]
00540F73 8D55C8 lea edx, [ebp-$38]
* Reference to control Edit4 : TEdit
|
00540F76 8B830C030000 mov eax, [ebx+$030C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540F7C E83FF8F3FF call 004807C0
00540F81 FF75C8 push dword ptr [ebp-$38]
00540F84 8D45D8 lea eax, [ebp-$28]
00540F87 BA04000000 mov edx, $00000004
* Reference to: System.@LStrCatN;
|
00540F8C E8CB3CECFF call 00404C5C
00540F91 8B45D8 mov eax, [ebp-$28]
* Reference to: System.@LStrToPChar(String):PAnsiChar;
|
00540F94 E8033EECFF call 00404D9C
00540F99 50 push eax
* Reference to: JSRegist.jsEnCodeRegKeys()
|
00540F9A E8A9D5FCFF call 0050E548
00540F9F 8BD0 mov edx, eax
00540FA1 8D45DC lea eax, [ebp-$24]
* Reference to: System.@LStrFromPChar(String;String;PAnsiChar);
| or: System.@WStrFromPChar(WideString;WideString;PAnsiChar);
|
00540FA4 E82B3BECFF call 00404AD4
00540FA9 8B45DC mov eax, [ebp-$24]
00540FAC 50 push eax
00540FAD 8D55C0 lea edx, [ebp-$40]
* Reference to control Edit5 : TEdit
|
00540FB0 8B8310030000 mov eax, [ebx+$0310]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540FB6 E805F8F3FF call 004807C0
00540FBB FF75C0 push dword ptr [ebp-$40]
00540FBE 8D55BC lea edx, [ebp-$44]
* Reference to control Edit6 : TEdit
|
00540FC1 8B8314030000 mov eax, [ebx+$0314]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540FC7 E8F4F7F3FF call 004807C0
00540FCC FF75BC push dword ptr [ebp-$44]
00540FCF 8D55B8 lea edx, [ebp-$48]
* Reference to control Edit7 : TEdit
|
00540FD2 8B8318030000 mov eax, [ebx+$0318]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540FD8 E8E3F7F3FF call 004807C0
00540FDD FF75B8 push dword ptr [ebp-$48]
00540FE0 8D55B4 lea edx, [ebp-$4C]
* Reference to control Edit8 : TEdit
|
00540FE3 8B831C030000 mov eax, [ebx+$031C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540FE9 E8D2F7F3FF call 004807C0
00540FEE FF75B4 push dword ptr [ebp-$4C]
00540FF1 8D45C4 lea eax, [ebp-$3C]
00540FF4 BA04000000 mov edx, $00000004
* Reference to: System.@LStrCatN;
|
00540FF9 E85E3CECFF call 00404C5C
00540FFE 8B55C4 mov edx, [ebp-$3C]
00541001 58 pop eax
* Reference to: System.@LStrCmp;
|
00541002 E8E13CECFF call 00404CE8
00541007 0F85CB000000 jnz 005410D8
0054100D 8D55AC lea edx, [ebp-$54]
* Reference to control Edit5 : TEdit
|
00541010 8B8310030000 mov eax, [ebx+$0310]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541016 E8A5F7F3FF call 004807C0
0054101B FF75AC push dword ptr [ebp-$54]
0054101E 8D55A8 lea edx, [ebp-$58]
* Reference to control Edit6 : TEdit
|
00541021 8B8314030000 mov eax, [ebx+$0314]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541027 E894F7F3FF call 004807C0
0054102C FF75A8 push dword ptr [ebp-$58]
0054102F 8D55A4 lea edx, [ebp-$5C]
* Reference to control Edit7 : TEdit
|
00541032 8B8318030000 mov eax, [ebx+$0318]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541038 E883F7F3FF call 004807C0
0054103D FF75A4 push dword ptr [ebp-$5C]
00541040 8D55A0 lea edx, [ebp-$60]
* Reference to control Edit8 : TEdit
|
00541043 8B831C030000 mov eax, [ebx+$031C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541049 E872F7F3FF call 004807C0
0054104E FF75A0 push dword ptr [ebp-$60]
00541051 8D45B0 lea eax, [ebp-$50]
00541054 BA04000000 mov edx, $00000004
* Reference to: System.@LStrCatN;
|
00541059 E8FE3BECFF call 00404C5C
0054105E 8B45B0 mov eax, [ebp-$50]
* Reference to: System.@LStrToPChar(String):PAnsiChar;
|
00541061 E8363DECFF call 00404D9C
00541066 50 push eax
00541067 8D5598 lea edx, [ebp-$68]
* Reference to control Edit1 : TEdit
|
0054106A 8B8300030000 mov eax, [ebx+$0300]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541070 E84BF7F3FF call 004807C0
00541075 FF7598 push dword ptr [ebp-$68]
00541078 8D5594 lea edx, [ebp-$6C]
* Reference to control Edit2 : TEdit
|
0054107B 8B8304030000 mov eax, [ebx+$0304]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541081 E83AF7F3FF call 004807C0
00541086 FF7594 push dword ptr [ebp-$6C]
00541089 8D5590 lea edx, [ebp-$70]
* Reference to control Edit3 : TEdit
|
0054108C 8B8308030000 mov eax, [ebx+$0308]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541092 E829F7F3FF call 004807C0
00541097 FF7590 push dword ptr [ebp-$70]
0054109A 8D558C lea edx, [ebp-$74]
* Reference to control Edit4 : TEdit
|
0054109D 8B830C030000 mov eax, [ebx+$030C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
005410A3 E818F7F3FF call 004807C0
005410A8 FF758C push dword ptr [ebp-$74]
005410AB 8D459C lea eax, [ebp-$64]
005410AE BA04000000 mov edx, $00000004
* Reference to: System.@LStrCatN;
|
005410B3 E8A43BECFF call 00404C5C
005410B8 8B459C mov eax, [ebp-$64]
* Reference to: System.@LStrToPChar(String):PAnsiChar;
|
005410BB E8DC3CECFF call 00404D9C
005410C0 50 push eax
005410C1 57 push edi
* Reference to: JSRegist.jsWriteRegKeys()
|
005410C2 E879D4FCFF call 0050E540
005410C7 A100505500 mov eax, dword ptr [$00555000]
005410CC C7804C02000001000000 mov dword ptr [eax+$024C], $00000001
005410D6 EB0A jmp 005410E2
005410D8 46 inc esi
005410D9 83FE02 cmp esi, +$02
005410DC 0F855CFEFFFF jnz 00540F3E
005410E2 A100505500 mov eax, dword ptr [$00555000]
005410E7 83B84C02000001 cmp dword ptr [eax+$024C], +$01
005410EE 7442 jz 00541132
005410F0 33D2 xor edx, edx
* Reference to control Edit5 : TEdit
|
005410F2 8B8310030000 mov eax, [ebx+$0310]
* Reference to: Controls.TControl.SetText(TControl;TCaption);
|
005410F8 E8F3F6F3FF call 004807F0
005410FD 33D2 xor edx, edx
* Reference to control Edit6 : TEdit
|
005410FF 8B8314030000 mov eax, [ebx+$0314]
* Reference to: Controls.TControl.SetText(TControl;TCaption);
|
00541105 E8E6F6F3FF call 004807F0
0054110A 33D2 xor edx, edx
* Reference to control Edit7 : TEdit
|
0054110C 8B8318030000 mov eax, [ebx+$0318]
* Reference to: Controls.TControl.SetText(TControl;TCaption);
|
00541112 E8D9F6F3FF call 004807F0
00541117 33D2 xor edx, edx
* Reference to control Edit8 : TEdit
|
00541119 8B831C030000 mov eax, [ebx+$031C]
* Reference to: Controls.TControl.SetText(TControl;TCaption);
|
0054111F E8CCF6F3FF call 004807F0
* Reference to control Edit5 : TEdit
|
00541124 8B8310030000 mov eax, [ebx+$0310]
0054112A 8B10 mov edx, [eax]
0054112C FF92C4000000 call dword ptr [edx+$00C4]
00541132 33C0 xor eax, eax
00541134 5A pop edx
00541135 59 pop ecx
00541136 59 pop ecx
00541137 648910 mov fs:[eax], edx
****** FINALLY
|
0054113A 6869115400 push $00541169
0054113F 8D458C lea eax, [ebp-$74]
00541142 BA14000000 mov edx, $00000014
* Reference to: System.@LStrArrayClr(void;void;Integer);
|
00541147 E8B437ECFF call 00404900
0054114C 8D45DC lea eax, [ebp-$24]
* Reference to: System.@LStrClr(void;void);
|
0054114F E88837ECFF call 004048DC
00541154 8D45E0 lea eax, [ebp-$20]
00541157 BA08000000 mov edx, $00000008
* Reference to: System.@LStrArrayClr(void;void;Integer);
|
0054115C E89F37ECFF call 00404900
00541161 C3 ret
* Reference to: System.@HandleFinally;
|
00541162 E91530ECFF jmp 0040417C
00541167 EBD6 jmp 0054113F
****** END
|
00541169 5F pop edi
0054116A 5E pop esi
0054116B 5B pop ebx
0054116C 8BE5 mov esp, ebp
0054116E 5D pop ebp
0054116F C3 ret
我现在不想爆破想好好的分析下算法,希望同学帮我分析下从哪里入手比较好!
00541170 8A01 mov al, byte ptr [ecx]
00541172 2C08 sub al, $08
00541174 7419 jz 0054118F
00541176 2C05 sub al, $05
00541178 7415 jz 0054118F
0054117A 04DD add al, -$23
0054117C 2C0A sub al, $0A
0054117E 720F jb 0054118F
00541180 04F9 add al, -$07
00541182 2C06 sub al, $06
00541184 7209 jb 0054118F
00541186 04E6 add al, -$1A
00541188 2C06 sub al, $06
0054118A 7203 jb 0054118F
0054118C C6010F mov byte ptr [ecx], $0F
0054118F C3 ret
这个是一个采集输入字符的事件,这里下断,在程序启动你刚输入1位注册码的时候程序就暂停了,单步跟踪找不到任何的注册信息……有点失望
这个是确认事件后的DEDE反汇编的东西
00540E2C 55 push ebp
00540E2D 8BEC mov ebp, esp
00540E2F B90E000000 mov ecx, $0000000E
00540E34 6A00 push $00
00540E36 6A00 push $00
00540E38 49 dec ecx
00540E39 75F9 jnz 00540E34
00540E3B 51 push ecx
00540E3C 53 push ebx
00540E3D 56 push esi
00540E3E 57 push edi
00540E3F 8BD8 mov ebx, eax
00540E41 33C0 xor eax, eax
00540E43 55 push ebp
00540E44 6862115400 push $00541162
***** TRY
|
00540E49 64FF30 push dword ptr fs:[eax]
00540E4C 648920 mov fs:[eax], esp
00540E4F 8D55FC lea edx, [ebp-$04]
* Reference to control Edit5 : TEdit
|
00540E52 8B8310030000 mov eax, [ebx+$0310]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540E58 E863F9F3FF call 004807C0
00540E5D 8B45FC mov eax, [ebp-$04]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
00540E60 E8373DECFF call 00404B9C
00540E65 83F804 cmp eax, +$04
00540E68 0F85C4020000 jnz 00541132
00540E6E 8D55F8 lea edx, [ebp-$08]
* Reference to control Edit6 : TEdit
|
00540E71 8B8314030000 mov eax, [ebx+$0314]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540E77 E844F9F3FF call 004807C0
00540E7C 8B45F8 mov eax, [ebp-$08]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
00540E7F E8183DECFF call 00404B9C
00540E84 83F804 cmp eax, +$04
00540E87 0F85A5020000 jnz 00541132
00540E8D 8D55F4 lea edx, [ebp-$0C]
* Reference to control Edit7 : TEdit
|
00540E90 8B8318030000 mov eax, [ebx+$0318]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540E96 E825F9F3FF call 004807C0
00540E9B 8B45F4 mov eax, [ebp-$0C]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
00540E9E E8F93CECFF call 00404B9C
00540EA3 83F804 cmp eax, +$04
00540EA6 0F8586020000 jnz 00541132
00540EAC 8D55F0 lea edx, [ebp-$10]
* Reference to control Edit8 : TEdit
|
00540EAF 8B831C030000 mov eax, [ebx+$031C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540EB5 E806F9F3FF call 004807C0
00540EBA 8B45F0 mov eax, [ebp-$10]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
00540EBD E8DA3CECFF call 00404B9C
00540EC2 83F804 cmp eax, +$04
00540EC5 0F8567020000 jnz 00541132
00540ECB 8D45EC lea eax, [ebp-$14]
00540ECE 50 push eax
00540ECF 8D55E8 lea edx, [ebp-$18]
* Reference to control Edit8 : TEdit
|
00540ED2 8B831C030000 mov eax, [ebx+$031C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540ED8 E8E3F8F3FF call 004807C0
00540EDD 8B45E8 mov eax, [ebp-$18]
00540EE0 B902000000 mov ecx, $00000002
00540EE5 BA01000000 mov edx, $00000001
* Reference to: System.@LStrCopy;
|
00540EEA E80D3FECFF call 00404DFC
00540EEF 8B55EC mov edx, [ebp-$14]
00540EF2 8BC3 mov eax, ebx
* Reference to : TRegisterForm._PROC_00541190()
|
00540EF4 E897020000 call 00541190
00540EF9 F6D0 not al
00540EFB 25FF000000 and eax, $000000FF
00540F00 8BF8 mov edi, eax
00540F02 C1E708 shl edi, $08
00540F05 8D45E4 lea eax, [ebp-$1C]
00540F08 50 push eax
00540F09 8D55E0 lea edx, [ebp-$20]
* Reference to control Edit8 : TEdit
|
00540F0C 8B831C030000 mov eax, [ebx+$031C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540F12 E8A9F8F3FF call 004807C0
00540F17 8B45E0 mov eax, [ebp-$20]
00540F1A B902000000 mov ecx, $00000002
00540F1F BA03000000 mov edx, $00000003
* Reference to: System.@LStrCopy;
|
00540F24 E8D33EECFF call 00404DFC
00540F29 8B55E4 mov edx, [ebp-$1C]
00540F2C 8BC3 mov eax, ebx
* Reference to : TRegisterForm._PROC_00541190()
|
00540F2E E85D020000 call 00541190
00540F33 F6D0 not al
00540F35 25FF000000 and eax, $000000FF
00540F3A 03F8 add edi, eax
00540F3C 33F6 xor esi, esi
00540F3E 56 push esi
00540F3F 57 push edi
00540F40 8D55D4 lea edx, [ebp-$2C]
* Reference to control Edit1 : TEdit
|
00540F43 8B8300030000 mov eax, [ebx+$0300]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540F49 E872F8F3FF call 004807C0
00540F4E FF75D4 push dword ptr [ebp-$2C]
00540F51 8D55D0 lea edx, [ebp-$30]
* Reference to control Edit2 : TEdit
|
00540F54 8B8304030000 mov eax, [ebx+$0304]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540F5A E861F8F3FF call 004807C0
00540F5F FF75D0 push dword ptr [ebp-$30]
00540F62 8D55CC lea edx, [ebp-$34]
* Reference to control Edit3 : TEdit
|
00540F65 8B8308030000 mov eax, [ebx+$0308]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540F6B E850F8F3FF call 004807C0
00540F70 FF75CC push dword ptr [ebp-$34]
00540F73 8D55C8 lea edx, [ebp-$38]
* Reference to control Edit4 : TEdit
|
00540F76 8B830C030000 mov eax, [ebx+$030C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540F7C E83FF8F3FF call 004807C0
00540F81 FF75C8 push dword ptr [ebp-$38]
00540F84 8D45D8 lea eax, [ebp-$28]
00540F87 BA04000000 mov edx, $00000004
* Reference to: System.@LStrCatN;
|
00540F8C E8CB3CECFF call 00404C5C
00540F91 8B45D8 mov eax, [ebp-$28]
* Reference to: System.@LStrToPChar(String):PAnsiChar;
|
00540F94 E8033EECFF call 00404D9C
00540F99 50 push eax
* Reference to: JSRegist.jsEnCodeRegKeys()
|
00540F9A E8A9D5FCFF call 0050E548
00540F9F 8BD0 mov edx, eax
00540FA1 8D45DC lea eax, [ebp-$24]
* Reference to: System.@LStrFromPChar(String;String;PAnsiChar);
| or: System.@WStrFromPChar(WideString;WideString;PAnsiChar);
|
00540FA4 E82B3BECFF call 00404AD4
00540FA9 8B45DC mov eax, [ebp-$24]
00540FAC 50 push eax
00540FAD 8D55C0 lea edx, [ebp-$40]
* Reference to control Edit5 : TEdit
|
00540FB0 8B8310030000 mov eax, [ebx+$0310]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540FB6 E805F8F3FF call 004807C0
00540FBB FF75C0 push dword ptr [ebp-$40]
00540FBE 8D55BC lea edx, [ebp-$44]
* Reference to control Edit6 : TEdit
|
00540FC1 8B8314030000 mov eax, [ebx+$0314]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540FC7 E8F4F7F3FF call 004807C0
00540FCC FF75BC push dword ptr [ebp-$44]
00540FCF 8D55B8 lea edx, [ebp-$48]
* Reference to control Edit7 : TEdit
|
00540FD2 8B8318030000 mov eax, [ebx+$0318]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540FD8 E8E3F7F3FF call 004807C0
00540FDD FF75B8 push dword ptr [ebp-$48]
00540FE0 8D55B4 lea edx, [ebp-$4C]
* Reference to control Edit8 : TEdit
|
00540FE3 8B831C030000 mov eax, [ebx+$031C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00540FE9 E8D2F7F3FF call 004807C0
00540FEE FF75B4 push dword ptr [ebp-$4C]
00540FF1 8D45C4 lea eax, [ebp-$3C]
00540FF4 BA04000000 mov edx, $00000004
* Reference to: System.@LStrCatN;
|
00540FF9 E85E3CECFF call 00404C5C
00540FFE 8B55C4 mov edx, [ebp-$3C]
00541001 58 pop eax
* Reference to: System.@LStrCmp;
|
00541002 E8E13CECFF call 00404CE8
00541007 0F85CB000000 jnz 005410D8
0054100D 8D55AC lea edx, [ebp-$54]
* Reference to control Edit5 : TEdit
|
00541010 8B8310030000 mov eax, [ebx+$0310]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541016 E8A5F7F3FF call 004807C0
0054101B FF75AC push dword ptr [ebp-$54]
0054101E 8D55A8 lea edx, [ebp-$58]
* Reference to control Edit6 : TEdit
|
00541021 8B8314030000 mov eax, [ebx+$0314]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541027 E894F7F3FF call 004807C0
0054102C FF75A8 push dword ptr [ebp-$58]
0054102F 8D55A4 lea edx, [ebp-$5C]
* Reference to control Edit7 : TEdit
|
00541032 8B8318030000 mov eax, [ebx+$0318]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541038 E883F7F3FF call 004807C0
0054103D FF75A4 push dword ptr [ebp-$5C]
00541040 8D55A0 lea edx, [ebp-$60]
* Reference to control Edit8 : TEdit
|
00541043 8B831C030000 mov eax, [ebx+$031C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541049 E872F7F3FF call 004807C0
0054104E FF75A0 push dword ptr [ebp-$60]
00541051 8D45B0 lea eax, [ebp-$50]
00541054 BA04000000 mov edx, $00000004
* Reference to: System.@LStrCatN;
|
00541059 E8FE3BECFF call 00404C5C
0054105E 8B45B0 mov eax, [ebp-$50]
* Reference to: System.@LStrToPChar(String):PAnsiChar;
|
00541061 E8363DECFF call 00404D9C
00541066 50 push eax
00541067 8D5598 lea edx, [ebp-$68]
* Reference to control Edit1 : TEdit
|
0054106A 8B8300030000 mov eax, [ebx+$0300]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541070 E84BF7F3FF call 004807C0
00541075 FF7598 push dword ptr [ebp-$68]
00541078 8D5594 lea edx, [ebp-$6C]
* Reference to control Edit2 : TEdit
|
0054107B 8B8304030000 mov eax, [ebx+$0304]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541081 E83AF7F3FF call 004807C0
00541086 FF7594 push dword ptr [ebp-$6C]
00541089 8D5590 lea edx, [ebp-$70]
* Reference to control Edit3 : TEdit
|
0054108C 8B8308030000 mov eax, [ebx+$0308]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00541092 E829F7F3FF call 004807C0
00541097 FF7590 push dword ptr [ebp-$70]
0054109A 8D558C lea edx, [ebp-$74]
* Reference to control Edit4 : TEdit
|
0054109D 8B830C030000 mov eax, [ebx+$030C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
005410A3 E818F7F3FF call 004807C0
005410A8 FF758C push dword ptr [ebp-$74]
005410AB 8D459C lea eax, [ebp-$64]
005410AE BA04000000 mov edx, $00000004
* Reference to: System.@LStrCatN;
|
005410B3 E8A43BECFF call 00404C5C
005410B8 8B459C mov eax, [ebp-$64]
* Reference to: System.@LStrToPChar(String):PAnsiChar;
|
005410BB E8DC3CECFF call 00404D9C
005410C0 50 push eax
005410C1 57 push edi
* Reference to: JSRegist.jsWriteRegKeys()
|
005410C2 E879D4FCFF call 0050E540
005410C7 A100505500 mov eax, dword ptr [$00555000]
005410CC C7804C02000001000000 mov dword ptr [eax+$024C], $00000001
005410D6 EB0A jmp 005410E2
005410D8 46 inc esi
005410D9 83FE02 cmp esi, +$02
005410DC 0F855CFEFFFF jnz 00540F3E
005410E2 A100505500 mov eax, dword ptr [$00555000]
005410E7 83B84C02000001 cmp dword ptr [eax+$024C], +$01
005410EE 7442 jz 00541132
005410F0 33D2 xor edx, edx
* Reference to control Edit5 : TEdit
|
005410F2 8B8310030000 mov eax, [ebx+$0310]
* Reference to: Controls.TControl.SetText(TControl;TCaption);
|
005410F8 E8F3F6F3FF call 004807F0
005410FD 33D2 xor edx, edx
* Reference to control Edit6 : TEdit
|
005410FF 8B8314030000 mov eax, [ebx+$0314]
* Reference to: Controls.TControl.SetText(TControl;TCaption);
|
00541105 E8E6F6F3FF call 004807F0
0054110A 33D2 xor edx, edx
* Reference to control Edit7 : TEdit
|
0054110C 8B8318030000 mov eax, [ebx+$0318]
* Reference to: Controls.TControl.SetText(TControl;TCaption);
|
00541112 E8D9F6F3FF call 004807F0
00541117 33D2 xor edx, edx
* Reference to control Edit8 : TEdit
|
00541119 8B831C030000 mov eax, [ebx+$031C]
* Reference to: Controls.TControl.SetText(TControl;TCaption);
|
0054111F E8CCF6F3FF call 004807F0
* Reference to control Edit5 : TEdit
|
00541124 8B8310030000 mov eax, [ebx+$0310]
0054112A 8B10 mov edx, [eax]
0054112C FF92C4000000 call dword ptr [edx+$00C4]
00541132 33C0 xor eax, eax
00541134 5A pop edx
00541135 59 pop ecx
00541136 59 pop ecx
00541137 648910 mov fs:[eax], edx
****** FINALLY
|
0054113A 6869115400 push $00541169
0054113F 8D458C lea eax, [ebp-$74]
00541142 BA14000000 mov edx, $00000014
* Reference to: System.@LStrArrayClr(void;void;Integer);
|
00541147 E8B437ECFF call 00404900
0054114C 8D45DC lea eax, [ebp-$24]
* Reference to: System.@LStrClr(void;void);
|
0054114F E88837ECFF call 004048DC
00541154 8D45E0 lea eax, [ebp-$20]
00541157 BA08000000 mov edx, $00000008
* Reference to: System.@LStrArrayClr(void;void;Integer);
|
0054115C E89F37ECFF call 00404900
00541161 C3 ret
* Reference to: System.@HandleFinally;
|
00541162 E91530ECFF jmp 0040417C
00541167 EBD6 jmp 0054113F
****** END
|
00541169 5F pop edi
0054116A 5E pop esi
0054116B 5B pop ebx
0054116C 8BE5 mov esp, ebp
0054116E 5D pop ebp
0054116F C3 ret
我现在不想爆破想好好的分析下算法,希望同学帮我分析下从哪里入手比较好!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
|
|
|---|---|
|
|
赞赏
雪币:
留言: