- A+
【文章标题】: IPAdr.exe破解
【软件名称】: IPAdr.exe
【加壳方式】: 无
【编写语言】: delphi
【使用工具】: OD
【作者声明】: 失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
00405E7F |. 8BE5 mov esp, ebp
00405E81 |. 5D pop ebp
00405E82 \. C3 retn
00405E83 90 nop
00405E84 /. 55 push ebp
00405E85 |. 8BEC mov ebp, esp
00405E87 |. 83C4 94 add esp, -6C
00405E8A |. 53 push ebx
00405E8B |. 56 push esi
00405E8C |. 57 push edi
00405E8D |. 8955 B8 mov dword ptr [ebp-48], edx
00405E90 |. 8945 BC mov dword ptr [ebp-44], eax
00405E93 |. B8 F8A84800 mov eax, 0048A8F8
00405E98 |. E8 D74F0700 call 0047AE74
00405E9D |. B2 01 mov dl, 1
00405E9F |. A1 085C4100 mov eax, dword ptr [415C08]
00405EA4 |. E8 5FFE0000 call 00415D08
00405EA9 |. 8945 A4 mov dword ptr [ebp-5C], eax
00405EAC |. 66:C745 D0 08>mov word ptr [ebp-30], 8
00405EB2 |. 8D45 FC lea eax, dword ptr [ebp-4]
00405EB5 |. E8 72DAFFFF call 0040392C
00405EBA |. FF45 DC inc dword ptr [ebp-24]
00405EBD |. 66:C745 D0 14>mov word ptr [ebp-30], 14
00405EC3 |. 66:C745 D0 20>mov word ptr [ebp-30], 20
00405EC9 |. 8D45 F8 lea eax, dword ptr [ebp-8]
00405ECC |. E8 5BDAFFFF call 0040392C
00405ED1 |. 8BD0 mov edx, eax
00405ED3 |. FF45 DC inc dword ptr [ebp-24]
00405ED6 |. 8B4D BC mov ecx, dword ptr [ebp-44]
00405ED9 |. 8B81 00030000 mov eax, dword ptr [ecx+300]
00405EDF |. E8 643E0500 call 00459D48
00405EE4 |. 8D45 F8 lea eax, dword ptr [ebp-8]
00405EE7 |. E8 70DAFFFF call 0040395C
00405EEC |. 50 push eax ; 压入假码
00405EED |. 8D55 94 lea edx, dword ptr [ebp-6C]
00405EF0 |. 52 push edx
00405EF1 |. E8 BE4C0700 call 0047ABB4
00405EF6 |. 83C4 08 add esp, 8
00405EF9 |. FF4D DC dec dword ptr [ebp-24]
00405EFC |. 8D45 F8 lea eax, dword ptr [ebp-8]
00405EFF |. BA 02000000 mov edx, 2
00405F04 |. E8 0F1D0800 call 00487C18
00405F09 |. C645 A3 00 mov byte ptr [ebp-5D], 0
00405F0D |. 8D4D 94 lea ecx, dword ptr [ebp-6C]
00405F10 |. 51 push ecx
00405F11 |. E8 CE4C0700 call 0047ABE4
00405F16 |. 59 pop ecx
00405F17 |. 8945 A8 mov dword ptr [ebp-58], eax
00405F1A |. 837D A8 0A cmp dword ptr [ebp-58], 0A ; 对比注册码位数,10位
00405F1E |. 74 48 je short 00405F68
00405F20 |. 6A 30 push 30
00405F22 |. B9 56A74800 mov ecx, 0048A756 ; 系统提示
00405F27 |. BA 2FA74800 mov edx, 0048A72F ; 注册失败:注册码号码不对,请核对后输入!
00405F2C |. A1 08F94800 mov eax, dword ptr [48F908]
00405F31 |. 8B00 mov eax, dword ptr [eax]
00405F33 |. E8 001C0800 call 00487B38
00405F38 |. 8B55 BC mov edx, dword ptr [ebp-44]
00405F3B |. 8B82 00030000 mov eax, dword ptr [edx+300]
00405F41 |. 8B10 mov edx, dword ptr [eax]
00405F43 |. FF92 C0000000 call dword ptr [edx+C0]
00405F49 |. FF4D DC dec dword ptr [ebp-24]
00405F4C |. 8D45 FC lea eax, dword ptr [ebp-4]
00405F4F |. BA 02000000 mov edx, 2
00405F54 |. E8 BF1C0800 call 00487C18
00405F59 |. 8B4D C0 mov ecx, dword ptr [ebp-40]
00405F5C |. 64:890D 00000>mov dword ptr fs:[0], ecx
00405F63 |. E9 83010000 jmp 004060EB
00405F68 |> 33C0 xor eax, eax
00405F6A |. 8945 B4 mov dword ptr [ebp-4C], eax
00405F6D |. 33D2 xor edx, edx
00405F6F |. 8955 AC mov dword ptr [ebp-54], edx
00405F72 |> 8B4D AC /mov ecx, dword ptr [ebp-54] ; 算法开始
00405F75 |. 0FBE440D 94 |movsx eax, byte ptr [ebp+ecx-6C]
00405F7A |. 0345 B4 |add eax, dword ptr [ebp-4C]
00405F7D |. 83C0 CB |add eax, -35
00405F80 |. 8945 B4 |mov dword ptr [ebp-4C], eax
00405F83 |. FF45 AC |inc dword ptr [ebp-54]
00405F86 |. 837D AC 0A |cmp dword ptr [ebp-54], 0A
00405F8A |.^ 7C E6 \jl short 00405F72
00405F8C |. 837D B4 4A cmp dword ptr [ebp-4C], 4A ; 算法结束
00405F90 |. 74 48 je short 00405FDA
00405F92 |. 6A 30 push 30
00405F94 |. B9 86A74800 mov ecx, 0048A786 ; 系统提示
00405F99 |. BA 5FA74800 mov edx, 0048A75F ; 注册失败:注册码号码不对,请核对后输入!
00405F9E |. A1 08F94800 mov eax, dword ptr [48F908]
00405FA3 |. 8B00 mov eax, dword ptr [eax]
00405FA5 |. E8 8E1B0800 call 00487B38
00405FAA |. 8B55 BC mov edx, dword ptr [ebp-44]
00405FAD |. 8B82 00030000 mov eax, dword ptr [edx+300]
00405FB3 |. 8B10 mov edx, dword ptr [eax]
00405FB5 |. FF92 C0000000 call dword ptr [edx+C0]
00405FBB |. FF4D DC dec dword ptr [ebp-24]
00405FBE |. 8D45 FC lea eax, dword ptr [ebp-4]
00405FC1 |. BA 02000000 mov edx, 2
00405FC6 |. E8 4D1C0800 call 00487C18
00405FCB |. 8B4D C0 mov ecx, dword ptr [ebp-40]
00405FCE |. 64:890D 00000>mov dword ptr fs:[0], ecx
00405FD5 |. E9 11010000 jmp 004060EB
00405FDA |> 66:C745 D0 2C>mov word ptr [ebp-30], 2C
00405FE0 |. BA 01000080 mov edx, 80000001
00405FE5 |. 8B45 A4 mov eax, dword ptr [ebp-5C]
00405FE8 |. E8 631B0800 call 00487B50
00405FED |. 66:C745 D0 38>mov word ptr [ebp-30], 38
00405FF3 |. BA 8FA74800 mov edx, 0048A78F ; \software\wujian\ipadr
00405FF8 |. 8D45 F4 lea eax, dword ptr [ebp-C]
00405FFB |. E8 581B0800 call 00487B58
00406000 |. FF45 DC inc dword ptr [ebp-24]
00406003 |. 8B10 mov edx, dword ptr [eax]
00406005 |. B1 01 mov cl, 1
00406007 |. 8B45 A4 mov eax, dword ptr [ebp-5C]
0040600A |. E8 FDFD0000 call 00415E0C
0040600F |. 50 push eax
00406010 |. FF4D DC dec dword ptr [ebp-24]
00406013 |. 8D45 F4 lea eax, dword ptr [ebp-C]
00406016 |. BA 02000000 mov edx, 2
0040601B |. E8 F81B0800 call 00487C18
00406020 |. 59 pop ecx
00406021 |. 84C9 test cl, cl
00406023 |. 74 59 je short 0040607E
00406025 |. 8D55 94 lea edx, dword ptr [ebp-6C]
00406028 |. 8D45 EC lea eax, dword ptr [ebp-14]
0040602B |. E8 281B0800 call 00487B58
00406030 |. FF45 DC inc dword ptr [ebp-24]
00406033 |. FF30 push dword ptr [eax]
00406035 |. 66:C745 D0 44>mov word ptr [ebp-30], 44
0040603B |. BA A6A74800 mov edx, 0048A7A6 ; regkey
00406040 |. 8D45 F0 lea eax, dword ptr [ebp-10]
00406043 |. E8 101B0800 call 00487B58
00406048 |. FF45 DC inc dword ptr [ebp-24]
0040604B |. 8B10 mov edx, dword ptr [eax]
0040604D |. 8B45 A4 mov eax, dword ptr [ebp-5C]
00406050 |. 59 pop ecx
00406051 |. E8 52FF0000 call 00415FA8
00406056 |. FF4D DC dec dword ptr [ebp-24]
00406059 |. 8D45 EC lea eax, dword ptr [ebp-14]
0040605C |. BA 02000000 mov edx, 2
00406061 |. E8 B21B0800 call 00487C18
00406066 |. FF4D DC dec dword ptr [ebp-24]
00406069 |. 8D45 F0 lea eax, dword ptr [ebp-10]
0040606C |. BA 02000000 mov edx, 2
00406071 |. E8 A21B0800 call 00487C18
00406076 |. 8B45 A4 mov eax, dword ptr [ebp-5C]
00406079 |. E8 FAFC0000 call 00415D78
0040607E |> 66:C745 D0 14>mov word ptr [ebp-30], 14
00406084 |. 8B55 A4 mov edx, dword ptr [ebp-5C]
00406087 |. 8955 E4 mov dword ptr [ebp-1C], edx
0040608A |. 837D E4 00 cmp dword ptr [ebp-1C], 0
0040608E |. 74 21 je short 004060B1
00406090 |. 8B4D E4 mov ecx, dword ptr [ebp-1C]
00406093 |. 8B01 mov eax, dword ptr [ecx]
00406095 |. 8945 E8 mov dword ptr [ebp-18], eax
00406098 |. 66:C745 D0 5C>mov word ptr [ebp-30], 5C
0040609E |. BA 03000000 mov edx, 3
004060A3 |. 8B45 E4 mov eax, dword ptr [ebp-1C]
004060A6 |. 8B08 mov ecx, dword ptr [eax]
004060A8 |. FF51 FC call dword ptr [ecx-4]
004060AB |. 66:C745 D0 50>mov word ptr [ebp-30], 50
004060B1 |> 66:837D D2 00 cmp word ptr [ebp-2E], 0
004060B6 |. 74 01 je short 004060B9
004060B8 |. C3 retn
004060B9 |> 6A 40 push 40
004060BB |. B9 DBA74800 mov ecx, 0048A7DB ; 系统提示
004060C0 |. BA ADA74800 mov edx, 0048A7AD ; 恭喜你,注册成功,重新启动本软件即可完成注册!
004060C5 |. A1 08F94800 mov eax, dword ptr [48F908]
004060CA |. 8B00 mov eax, dword ptr [eax]
004060CC |. E8 671A0800 call 00487B38
004060D1 |. FF4D DC dec dword ptr [ebp-24]
004060D4 |. 8D45 FC lea eax, dword ptr [ebp-4]
004060D7 |. BA 02000000 mov edx, 2
004060DC |. E8 371B0800 call 00487C18
004060E1 |. 8B4D C0 mov ecx, dword ptr [ebp-40]
004060E4 |. 64:890D 00000>mov dword ptr fs:[0], ecx
004060EB |> 8B7D 88 mov edi, dword ptr [ebp-78]
004060EE |. 8B75 8C mov esi, dword ptr [ebp-74]
004060F1 |. 8B5D 90 mov ebx, dword ptr [ebp-70]
004060F4 |. 8BE5 mov esp, ebp
004060F6 |. 5D pop ebp
004060F7 \. C3 retn
004060F8 08 db 08
004060F9 00 db 00
004060FA 00 db 00
004060FB 00 db 00
004060FC 00 db 00
004060FD 04 db 04
004060FE 10 db 10
004060FF 00 db 00
00406100 . 44614000 dd IPAdr.00406144
00406104 02 db 02
00406105 00 db 00
00406106 00 db 00
00406107 00 db 00
00406108 . 54 52 65 67 6>ascii "TRegistry *[2]",0
00406117 90 nop
00406118 /. 55 push ebp
00406119 |. 8BEC mov ebp, esp
0040611B |. 83C4 F8 add esp, -8
0040611E |. 8955 F8 mov dword ptr [ebp-8], edx
00406121 |. 8945 FC mov dword ptr [ebp-4], eax
00406124 |. 8B45 FC mov eax, dword ptr [ebp-4]
00406127 |. 8B80 20030000 mov eax, dword ptr [eax+320]
0040612D |. E8 82EA0200 call 00434BB4
00406132 |. 8B55 FC mov edx, dword ptr [ebp-4]
00406135 |. 8B82 20030000 mov eax, dword ptr [edx+320]
0040613B |. E8 58EA0200 call 00434B98
00406140 |. 59 pop ecx
00406141 |. 59 pop ecx
00406142 |. 5D pop ebp
00406143 \. C3 retn
00406144 04 db 04
00406145 00 db 00
00406146 00 db 00
00406147 00 db 00
00406148 90 nop
00406149 00 db 00
0040614A 0C db 0C
0040614B 00 db 00
0040614C . 1C624000 dd IPAdr.0040621C
00406150 . 54 52 65 67 6>ascii "TRegistry *",0
0040615C 28 db 28 ; CHAR '('
0040615D 03 db 03
0040615E 00 db 00
0040615F 00 db 00
00406160 03 db 03
00406161 00 db 00
00406162 30 db 30 ; CHAR '0'
00406163 00 db 00
00406164 00 db 00
00406165 00 db 00
00406166 00 db 00
00406167 00 db 00
00406168 B7 db B7
00406169 00 db 00
0040616A 00 db 00
0040616B 00 db 00
0040616C 38 db 38 ; CHAR '8'
0040616D 00 db 00
0040616E 48 db 48 ; CHAR 'H'
0040616F 00 db 00
00406170 00 db 00
00406171 00 db 00
00406172 00 db 00
00406173 00 db 00
00406174 00 db 00
00406175 00 db 00
00406176 00 db 00
00406177 00 db 00
00406178 00 db 00
00406179 00 db 00
0040617A 00 db 00
0040617B 00 db 00
0040617C 11 db 11
0040617D 00 db 00
0040617E 00 db 00
0040617F 00 db 00
00406180 11 db 11
00406181 00 db 00
00406182 00 db 00
00406183 00 db 00
00406184 . D0614000 dd IPAdr.004061D0
00406188 03 db 03
00406189 00 db 00
0040618A 4C db 4C ; CHAR 'L'
0040618B 00 db 00
0040618C . 54 46 72 6D 5>ascii "TFrmReg",0
00406194 . D4564000 dd IPAdr.004056D4
00406198 00 db 00
00406199 00 db 00
0040619A 00 db 00
0040619B 00 db 00
0040619C 03 db 03
0040619D 00 db 00
0040619E 00 db 00
0040619F 00 db 00
004061A0 00 db 00
004061A1 00 db 00
004061A2 00 db 00
004061A3 00 db 00
004061A4 00 db 00
004061A5 00 db 00
004061A6 00 db 00
004061A7 00 db 00
004061A8 00 db 00
004061A9 00 db 00
004061AA 00 db 00
004061AB 00 db 00
004061AC . B0614000 dd IPAdr.004061B0
004061B0 07 db 07
004061B1 . 07 db 07
004061B2 . 54 46 72 6D 5>ascii "TFrmReg"
004061B9 . ACA94800 dd IPAdr.0048A9AC
004061BD . 4C624400 dd IPAdr.0044624C
004061C1 5C db 5C ; CHAR '\'
004061C2 00 db 00
004061C3 . 07 db 07
004061C4 . 55 46 72 6D 5>ascii "UFrmReg"
004061CB 00 db 00
004061CC 00 db 00
004061CD 90 nop
004061CE 90 nop
004061CF 90 nop
004061D0 /. 55 push ebp
004061D1 |. 8BEC mov ebp, esp
004061D3 |. 83C4 D4 add esp, -2C
004061D6 |. E8 2A1D0800 call 00487F05
004061DB |. 8855 D7 mov byte ptr [ebp-29], dl
004061DE |. 8945 D8 mov dword ptr [ebp-28], eax
004061E1 |. B8 ECAB4800 mov eax, 0048ABEC
004061E6 |. E8 894C0700 call 0047AE74
004061EB |. 807D D7 00 cmp byte ptr [ebp-29], 0
004061EF |. 7C 0E jl short 004061FF
004061F1 |. 836D F8 10 sub dword ptr [ebp-8], 10
004061F5 |. 33D2 xor edx, edx
004061F7 |. 8B45 D8 mov eax, dword ptr [ebp-28]
004061FA |. E8 4DF6FFFF call 0040584C
004061FF |> 8B55 DC mov edx, dword ptr [ebp-24]
00406202 |. 64:8915 00000>mov dword ptr fs:[0], edx
00406209 |. 807D D7 00 cmp byte ptr [ebp-29], 0
0040620D |. 7E 08 jle short 00406217
0040620F |. 8B45 D8 mov eax, dword ptr [ebp-28]
00406212 |. E8 E11C0800 call 00487EF8
00406217 |> 8BE5 mov esp, ebp
00406219 |. 5D pop ebp
0040621A \. C3 retn
0040621B 90 nop
0040621C 1C db 1C
0040621D 00 db 00
0040621E 00 db 00
0040621F 00 db 00
00406220 03 db 03
00406221 00 db 00
00406222 30 db 30 ; CHAR '0'
00406223 00 db 00
00406224 00 db 00
00406225 00 db 00
00406226 00 db 00
00406227 00 db 00
00406228 B7 db B7
00406229 00 db 00
0040622A 00 db 00
0040622B 00 db 00
0040622C 44 db 44 ; CHAR 'D'
0040622D 00 db 00
0040622E 54 db 54 ; CHAR 'T'
0040622F 00 db 00
00406230 00 db 00
00406231 00 db 00
00406232 00 db 00
00406233 00 db 00
00406234 00 db 00
00406235 00 db 00
00406236 00 db 00
00406237 00 db 00
00406238 00 db 00
00406239 00 db 00
0040623A 00 db 00
0040623B 00 db 00
0040623C 03 db 03
0040623D 00 db 00
0040623E 00 db 00
0040623F 00 db 00
00406240 03 db 03
00406241 00 db 00
00406242 00 db 00
00406243 00 db 00
00406244 . 4C5D4100 dd IPAdr.00415D4C
00406248 03 db 03
00406249 00 db 00
0040624A 58 db 58 ; CHAR 'X'
0040624B 00 db 00
0040624C . 52 65 67 69 7>ascii "Registry::TRegis"
0040625C . 74 72 79 00 ascii "try",0
00406260 . 54194000 dd IPAdr.00401954
00406264 00 db 00
00406265 00 db 00
00406266 00 db 00
00406267 00 db 00
00406268 03 db 03
00406269 00 db 00
0040626A 00 db 00
0040626B 00 db 00
0040626C 00 db 00
0040626D 00 db 00
0040626E 00 db 00
0040626F 00 db 00
00406270 00 db 00
00406271 00 db 00
00406272 00 db 00
00406273 00 db 00
00406274 . 54184000 dd IPAdr.00401854
00406278 10 db 10
00406279 00 db 00
0040627A 00 db 00
0040627B 00 db 00
0040627C 00 db 00
0040627D 00 db 00
0040627E 00 db 00
0040627F 00 db 00
00406280 >/$ 55 push ebp
00406281 |. 8BEC mov ebp, esp
00406283 |. 832D DCFA4800>sub dword ptr [48FADC], 1
0040628A |. 72 02 jb short 0040628E
0040628C |. 5D pop ebp
0040628D |. C3 retn
0040628E |> 5D pop ebp
0040628F \. C3 retn
00406290 >/$ 55 push ebp
00406291 |. 8BEC mov ebp, esp
00406293 |. 8305 DCFA4800>add dword ptr [48FADC], 1
0040629A |. 72 02 jb short 0040629E
0040629C |. 5D pop ebp
0040629D |. C3 retn
0040629E |> 5D pop ebp
0040629F \. C3 retn
004062A0 >/$ 55 push ebp
004062A1 |. 8BEC mov ebp, esp
004062A3 |. 83C4 88 add esp, -78
004062A6 |. B8 04AD4800 mov eax, 0048AD04
004062AB |. E8 C44B0700 call 0047AE74
004062B0 |. B2 01 mov dl, 1
004062B2 |. A1 085C4100 mov eax, dword ptr [415C08]
004062B7 |. E8 4CFA0000 call 00415D08
004062BC |. 8945 B4 mov dword ptr [ebp-4C], eax
004062BF |. 33D2 xor edx, edx
004062C1 |. 8955 A8 mov dword ptr [ebp-58], edx
004062C4 |. E8 0F310100 call 004193D8
004062C9 |. DD5D A0 fstp qword ptr [ebp-60]
004062CC |. 66:C745 C8 08>mov word ptr [ebp-38], 8
004062D2 |. 8D45 FC lea eax, dword ptr [ebp-4]
004062D5 |. E8 52D6FFFF call 0040392C
004062DA |. FF45 D4 inc dword ptr [ebp-2C]
004062DD |. 66:C745 C8 14>mov word ptr [ebp-38], 14
004062E3 |. BA 01000080 mov edx, 80000001
004062E8 |. 8B45 B4 mov eax, dword ptr [ebp-4C]
004062EB |. E8 60180800 call 00487B50
004062F0 |. 66:C745 C8 20>mov word ptr [ebp-38], 20
004062F6 |. BA F4AB4800 mov edx, 0048ABF4 ; \software\wujian\ipadr\install
004062FB |. 8D45 F8 lea eax, dword ptr [ebp-8]
004062FE |. E8 55180800 call 00487B58
00406303 |. FF45 D4 inc dword ptr [ebp-2C]
00406306 |. 8B10 mov edx, dword ptr [eax]
00406308 |. 8B45 B4 mov eax, dword ptr [ebp-4C]
0040630B |. E8 D8FE0000 call 004161E8
00406310 |. 33D2 xor edx, edx
00406312 |. 8AD0 mov dl, al
00406314 |. 83FA 01 cmp edx, 1
00406317 |. 1BC9 sbb ecx, ecx
00406319 |. F7D9 neg ecx
0040631B |. 51 push ecx
0040631C |. FF4D D4 dec dword ptr [ebp-2C]
0040631F |. 8D45 F8 lea eax, dword ptr [ebp-8]
00406322 |. BA 02000000 mov edx, 2
00406327 |. E8 EC180800 call 00487C18
0040632C |. 59 pop ecx
0040632D |. 84C9 test cl, cl
0040632F |. 74 7D je short 004063AE
00406331 |. 66:C745 C8 2C>mov word ptr [ebp-38], 2C
00406337 |. BA 13AC4800 mov edx, 0048AC13 ; \software\wujian\ipadr\install
0040633C |. 8D45 F4 lea eax, dword ptr [ebp-C]
0040633F |. E8 14180800 call 00487B58
00406344 |. FF45 D4 inc dword ptr [ebp-2C]
00406347 |. 8B10 mov edx, dword ptr [eax]
00406349 |. B1 01 mov cl, 1
0040634B |. 8B45 B4 mov eax, dword ptr [ebp-4C]
0040634E |. E8 B9FA0000 call 00415E0C
00406353 |. FF4D D4 dec dword ptr [ebp-2C]
00406356 |. 8D45 F4 lea eax, dword ptr [ebp-C]
00406359 |. BA 02000000 mov edx, 2
0040635E |. E8 B5180800 call 00487C18
00406363 |. FF75 A4 push dword ptr [ebp-5C]
00406366 |. FF75 A0 push dword ptr [ebp-60]
00406369 |. 66:C745 C8 38>mov word ptr [ebp-38], 38
0040636F |. BA 32AC4800 mov edx, 0048AC32 ; install
00406374 |. 8D45 F0 lea eax, dword ptr [ebp-10]
00406377 |. E8 DC170800 call 00487B58
0040637C |. FF45 D4 inc dword ptr [ebp-2C]
0040637F |. 8B10 mov edx, dword ptr [eax]
00406381 |. 8B45 B4 mov eax, dword ptr [ebp-4C]
00406384 |. E8 D7FC0000 call 00416060
00406389 |. FF4D D4 dec dword ptr [ebp-2C]
0040638C |. 8D45 F0 lea eax, dword ptr [ebp-10]
0040638F |. BA 02000000 mov edx, 2
00406394 |. E8 7F180800 call 00487C18
00406399 |. 8B45 B4 mov eax, dword ptr [ebp-4C]
0040639C |. E8 D7F90000 call 00415D78
004063A1 |. BA 01000080 mov edx, 80000001
004063A6 |. 8B45 B4 mov eax, dword ptr [ebp-4C]
004063A9 |. E8 A2170800 call 00487B50
004063AE |> 66:C745 C8 44>mov word ptr [ebp-38], 44
004063B4 |. BA 3AAC4800 mov edx, 0048AC3A ; \software\wujian\ipadr
004063B9 |. 8D45 EC lea eax, dword ptr [ebp-14]
004063BC |. E8 97170800 call 00487B58
004063C1 |. FF45 D4 inc dword ptr [ebp-2C]
004063C4 |. 8B10 mov edx, dword ptr [eax]
004063C6 |. B1 01 mov cl, 1
004063C8 |. 8B45 B4 mov eax, dword ptr [ebp-4C]
004063CB |. E8 3CFA0000 call 00415E0C
004063D0 |. FF4D D4 dec dword ptr [ebp-2C]
004063D3 |. 8D45 EC lea eax, dword ptr [ebp-14]
004063D6 |. BA 02000000 mov edx, 2
004063DB |. E8 38180800 call 00487C18
004063E0 |. 66:C745 C8 50>mov word ptr [ebp-38], 50
004063E6 |. 8D45 E4 lea eax, dword ptr [ebp-1C]
004063E9 |. E8 3ED5FFFF call 0040392C
004063EE |. 50 push eax
004063EF |. FF45 D4 inc dword ptr [ebp-2C]
004063F2 |. BA 51AC4800 mov edx, 0048AC51 ; regkey
004063F7 |. 8D45 E8 lea eax, dword ptr [ebp-18]
004063FA |. E8 59170800 call 00487B58
004063FF |. FF45 D4 inc dword ptr [ebp-2C]
00406402 |. 8B10 mov edx, dword ptr [eax]
00406404 |. 8B45 B4 mov eax, dword ptr [ebp-4C]
00406407 |. 59 pop ecx
00406408 |. E8 C7FB0000 call 00415FD4
0040640D |. 8D45 E4 lea eax, dword ptr [ebp-1C]
00406410 |. E8 47D5FFFF call 0040395C
00406415 |. 50 push eax
00406416 |. 8D55 88 lea edx, dword ptr [ebp-78]
00406419 |. 52 push edx
0040641A |. E8 95470700 call 0047ABB4
0040641F |. 83C4 08 add esp, 8
00406422 |. FF4D D4 dec dword ptr [ebp-2C]
00406425 |. 8D45 E4 lea eax, dword ptr [ebp-1C]
00406428 |. BA 02000000 mov edx, 2
0040642D |. E8 E6170800 call 00487C18
00406432 |. FF4D D4 dec dword ptr [ebp-2C]
00406435 |. 8D45 E8 lea eax, dword ptr [ebp-18]
00406438 |. BA 02000000 mov edx, 2
0040643D |. E8 D6170800 call 00487C18
00406442 |. 8B45 B4 mov eax, dword ptr [ebp-4C]
00406445 |. E8 2EF90000 call 00415D78
0040644A |. 8D55 88 lea edx, dword ptr [ebp-78]
0040644D |. 52 push edx
0040644E |. E8 91470700 call 0047ABE4
00406453 |. 59 pop ecx
00406454 |. 8945 B0 mov dword ptr [ebp-50], eax
00406457 |. 837D B0 0A cmp dword ptr [ebp-50], 0A
0040645B |. 74 23 je short 00406480
0040645D |. 33C0 xor eax, eax
0040645F |. 50 push eax
00406460 |. FF4D D4 dec dword ptr [ebp-2C]
00406463 |. 8D45 FC lea eax, dword ptr [ebp-4]
00406466 |. BA 02000000 mov edx, 2
0040646B |. E8 A8170800 call 00487C18
00406470 |. 58 pop eax
00406471 |. 8B55 B8 mov edx, dword ptr [ebp-48]
00406474 |. 64:8915 00000>mov dword ptr fs:[0], edx
0040647B |. E9 90000000 jmp 00406510
00406480 |> 33C9 xor ecx, ecx
00406482 |. 894D AC mov dword ptr [ebp-54], ecx
00406485 |> 8B45 AC /mov eax, dword ptr [ebp-54]
00406488 |. 0FBE5405 88 |movsx edx, byte ptr [ebp+eax-78]
0040648D |. 0355 A8 |add edx, dword ptr [ebp-58]
00406490 |. 83C2 CB |add edx, -35
00406493 |. 8955 A8 |mov dword ptr [ebp-58], edx
00406496 |. FF45 AC |inc dword ptr [ebp-54]
00406499 |. 837D AC 0A |cmp dword ptr [ebp-54], 0A
0040649D |.^ 7C E6 \jl short 00406485
0040649F |. 837D A8 4A cmp dword ptr [ebp-58], 4A
004064A3 |. 74 20 je short 004064C5
004064A5 |. 33C0 xor eax, eax
004064A7 |. 50 push eax
004064A8 |. FF4D D4 dec dword ptr [ebp-2C]
004064AB |. 8D45 FC lea eax, dword ptr [ebp-4]
004064AE |. BA 02000000 mov edx, 2
004064B3 |. E8 60170800 call 00487C18
004064B8 |. 58 pop eax
004064B9 |. 8B55 B8 mov edx, dword ptr [ebp-48]
004064BC |. 64:8915 00000>mov dword ptr fs:[0], edx
004064C3 |. EB 4B jmp short 00406510
004064C5 |> 8B4D B4 mov ecx, dword ptr [ebp-4C]
004064C8 |. 894D DC mov dword ptr [ebp-24], ecx
004064CB |. 837D DC 00 cmp dword ptr [ebp-24], 0
004064CF |. 74 21 je short 004064F2
004064D1 |. 8B45 DC mov eax, dword ptr [ebp-24]
004064D4 |. 8B10 mov edx, dword ptr [eax]
004064D6 |. 8955 E0 mov dword ptr [ebp-20], edx
004064D9 |. 66:C745 C8 68>mov word ptr [ebp-38], 68
004064DF |. BA 03000000 mov edx, 3
004064E4 |. 8B45 DC mov eax, dword ptr [ebp-24]
004064E7 |. 8B08 mov ecx, dword ptr [eax]
004064E9 |. FF51 FC call dword ptr [ecx-4]
004064EC |. 66:C745 C8 5C>mov word ptr [ebp-38], 5C
004064F2 |> B0 01 mov al, 1
004064F4 |. 50 push eax
004064F5 |. FF4D D4 dec dword ptr [ebp-2C]
004064F8 |. 8D45 FC lea eax, dword ptr [ebp-4]
004064FB |. BA 02000000 mov edx, 2
00406500 |. E8 13170800 call 00487C18
00406505 |. 58 pop eax
00406506 |. 8B55 B8 mov edx, dword ptr [ebp-48]
00406509 |. 64:8915 00000>mov dword ptr fs:[0], edx
00406510 |> 8BE5 mov esp, ebp
00406512 |. 5D pop ebp
00406513 \. C3 retn
00406514 >/$ 55 push ebp
00406515 |. 8BEC mov ebp, esp
00406517 |. 83C4 C0 add esp, -40
0040651A |. B8 F4AD4800 mov eax, 0048ADF4
0040651F |. E8 50490700 call 0047AE74
00406524 |. 66:C745 D4 08>mov word ptr [ebp-2C], 8
0040652A |. 8D45 FC lea eax, dword ptr [ebp-4]
0040652D |. E8 FAD3FFFF call 0040392C
00406532 |. FF45 E0 inc dword ptr [ebp-20]
00406535 |. 66:C745 D4 14>mov word ptr [ebp-2C], 14
0040653B |. B2 01 mov dl, 1
0040653D |. A1 085C4100 mov eax, dword ptr [415C08]
00406542 |. E8 C1F70000 call 00415D08
00406547 |. 8945 C0 mov dword ptr [ebp-40], eax
0040654A |. BA 01000080 mov edx, 80000001
0040654F |. 8B45 C0 mov eax, dword ptr [ebp-40]
00406552 |. E8 F9150800 call 00487B50
00406557 |. 66:C745 D4 20>mov word ptr [ebp-2C], 20
0040655D |. BA 58AC4800 mov edx, 0048AC58 ; \software\wujian\ipadr
00406562 |. 8D45 F8 lea eax, dword ptr [ebp-8]
00406565 |. E8 EE150800 call 00487B58
0040656A |. FF45 E0 inc dword ptr [ebp-20]
0040656D |. 8B10 mov edx, dword ptr [eax]
0040656F |. B1 01 mov cl, 1
00406571 |. 8B45 C0 mov eax, dword ptr [ebp-40]
00406574 |. E8 93F80000 call 00415E0C
00406579 |. FF4D E0 dec dword ptr [ebp-20]
0040657C |. 8D45 F8 lea eax, dword ptr [ebp-8]
0040657F |. BA 02000000 mov edx, 2
00406584 |. E8 8F160800 call 00487C18
00406589 |. 66:C745 D4 2C>mov word ptr [ebp-2C], 2C
0040658F |. 8D45 F0 lea eax, dword ptr [ebp-10]
00406592 |. E8 95D3FFFF call 0040392C
00406597 |. 50 push eax
00406598 |. FF45 E0 inc dword ptr [ebp-20]
0040659B |. BA 6FAC4800 mov edx, 0048AC6F ; regkey
004065A0 |. 8D45 F4 lea eax, dword ptr [ebp-C]
004065A3 |. E8 B0150800 call 00487B58
004065A8 |. FF45 E0 inc dword ptr [ebp-20]
004065AB |. 8B10 mov edx, dword ptr [eax]
004065AD |. 8B45 C0 mov eax, dword ptr [ebp-40]
004065B0 |. 59 pop ecx
004065B1 |. E8 1EFA0000 call 00415FD4
004065B6 |. 8D55 F0 lea edx, dword ptr [ebp-10]
004065B9 |. 8D45 FC lea eax, dword ptr [ebp-4]
004065BC |. E8 87160800 call 00487C48
004065C1 |. FF4D E0 dec dword ptr [ebp-20]
004065C4 |. 8D45 F0 lea eax, dword ptr [ebp-10]
004065C7 |. BA 02000000 mov edx, 2
004065CC |. E8 47160800 call 00487C18
004065D1 |. FF4D E0 dec dword ptr [ebp-20]
004065D4 |. 8D45 F4 lea eax, dword ptr [ebp-C]
004065D7 |. BA 02000000 mov edx, 2
004065DC |. E8 37160800 call 00487C18
004065E1 |. 8B45 C0 mov eax, dword ptr [ebp-40]
004065E4 |. E8 8FF70000 call 00415D78
004065E9 |. 8B55 C0 mov edx, dword ptr [ebp-40]
004065EC |. 8955 E8 mov dword ptr [ebp-18], edx
004065EF |. 837D E8 00 cmp dword ptr [ebp-18], 0
004065F3 |. 74 21 je short 00406616
004065F5 |. 8B4D E8 mov ecx, dword ptr [ebp-18]
004065F8 |. 8B01 mov eax, dword ptr [ecx]
004065FA |. 8945 EC mov dword ptr [ebp-14], eax
004065FD |. 66:C745 D4 44>mov word ptr [ebp-2C], 44
00406603 |. BA 03000000 mov edx, 3
00406608 |. 8B45 E8 mov eax, dword ptr [ebp-18]
0040660B |. 8B08 mov ecx, dword ptr [eax]
0040660D |. FF51 FC call dword ptr [ecx-4]
00406610 |. 66:C745 D4 38>mov word ptr [ebp-2C], 38
00406616 |> 66:C745 D4 50>mov word ptr [ebp-2C], 50
0040661C |. 8D55 FC lea edx, dword ptr [ebp-4]
0040661F |. 8B45 08 mov eax, dword ptr [ebp+8]
00406622 |. E8 21160800 call 00487C48
00406627 |. 8B45 08 mov eax, dword ptr [ebp+8]
0040662A |. 66:C745 D4 5C>mov word ptr [ebp-2C], 5C
00406630 |. 50 push eax
00406631 |. FF4D E0 dec dword ptr [ebp-20]
00406634 |. 8D45 FC lea eax, dword ptr [ebp-4]
00406637 |. BA 02000000 mov edx, 2
0040663C |. E8 D7150800 call 00487C18
00406641 |. 58 pop eax
00406642 |. 66:C745 D4 50>mov word ptr [ebp-2C], 50
00406648 |. FF45 E0 inc dword ptr [ebp-20]
0040664B |. 8B55 C4 mov edx, dword ptr [ebp-3C]
0040664E |. 64:8915 00000>mov dword ptr fs:[0], edx
00406655 |. 8BE5 mov esp, ebp
00406657 |. 5D pop ebp
00406658 \. C3 retn
00406659 90 nop
0040665A 90 nop
0040665B 90 nop
--------------------------------------------------------------------------------
【版权声明】: 谢谢!
2016年05月31日 0:56:10
- 我的微信
- 这是我的微信扫一扫
- 我的微信公众号
- 我的微信公众号扫一扫