x32dbg命令行挑战QT怪 8.03
本帖最后由 冥界3大法王 于 2020-7-24 15:53 编辑昨神游论坛,夜间发现一怪,https://www.52pojie.cn/thread-1219202-1-1.html
因为是QT的,折腾不明白,所以得来分析下。
由于那个楼主没有提供安装包,于是我就用必应搜索了一个来:http://download.edrawsoft.com/mindmaster_full5370.exe
注册码嘛,直接借一个来:MM6B-JEN9-CJ63-XVZB-VG6B
Alt+W, F5
Enter
enter
右击分析下
来到此处代码超陌生~~
memmapdump 01330312
果如所料,数据段
继续放宝儿
findasm "cmp eax,29"//注册码 29位的嘛
全断
无果~~
弹框了。
F12,Alt+K
mindmaster.sub_D78790+DE
Enter ,follow
We are in here.
尽管我们努力过,尝试过,仍然不能在 内存中发现我们的注册码,即使ALT+M,Ctrl+B 搜索到,你也不能随时跟到我们输入的注册码,QT程序真乃怪胎。
00D7886E | 8D4D| lea ecx,dword ptr ss: |
00D78871 | 46 | inc esi |
00D78872 | FF15| call dword ptr ds:[<&?length@?$QList@VQItemSelectionRange |
Ctrl+A, Ctrl- ,F2, Ctrl+R, all breakponit .
00DF84A0 | E8 EB | call <mindmaster.sub_D78790> |断到此处, bc
00DF84A5 | 83C4| add esp,38 |
00DF84A8 | 8D4D| lea ecx,dword ptr ss: |
00DF84AB | E9 89 | jmp mindmaster.DF8C39 |
00DF84B0 | 68 04 | push mindmaster.FFAD04 | FFAD04:"ER104"
00DF84B5 | 8D4D| lea ecx,dword ptr ss: |
00DF84B8 | FFD6| call esi |
00DF84BA | 84C0| test al,al |
00DF84BC | 74 4B | je mindmaster.DF8509 |
00DF84BE | 6A FF | push FFFFFFFF |
00DF84C0 | 6A 00 | push 0 |
00DF84C2 | 8D45| lea eax,dword ptr ss: |
00DF84C5 | 68 10 | push mindmaster.FFAD10 | FFAD10:"The license code is not valid for this version!<br /><br />Please check your order email for more details."
好吧,来到了好地方,有下球,下面开始分析代码:
00DF8270 | 55 | push ebp |
00DF8271 | 8BEC| mov ebp,esp |
00DF8273 | 6A FF | push FFFFFFFF |
00DF8275 | 68 F4 | push <mindmaster.sub_FAB4F4> |
00DF827A | 64:A1 | mov eax,dword ptr fs: | :"x◤"==&"X⿵"
00DF8280 | 50 | push eax |
00DF8281 | 83EC| sub esp,70 |
00DF8284 | 53 | push ebx |
00DF8285 | 56 | push esi |
00DF8286 | 57 | push edi |
00DF8287 | A1 00 | mov eax,dword ptr ds: |
00DF828C | 33C5| xor eax,ebp |
00DF828E | 50 | push eax |
00DF828F | 8D45| lea eax,dword ptr ss: | :"X⿵"
00DF8292 | 64:A3 | mov dword ptr fs:,eax | :"x◤"==&"X⿵"
00DF8298 | 8BD9| mov ebx,ecx |
00DF829A | 895D| mov dword ptr ss:,ebx |
00DF829D | 6A 00 | push 0 |
00DF829F | 8D4D| lea ecx,dword ptr ss: | :L"{"
00DF82A2 | C683| mov byte ptr ds:,0 |
00DF82A9 | FF15| call dword ptr ds:[<&??0QCursor@@QAE@W4CursorShape@Qt@@@Z |
00DF82AF | 8D45| lea eax,dword ptr ss: | :L"{"
00DF82B2 | C745| mov dword ptr ss:,0 |
00DF82B9 | 50 | push eax |
00DF82BA | 8BCB| mov ecx,ebx |
00DF82BC | FF15| call dword ptr ds:[<&?setCursor@QWidget@@QAEXABVQCursor@@ |
00DF82C2 | 8D4D| lea ecx,dword ptr ss: | :L"{"
00DF82C5 | C745| mov dword ptr ss:,FFFFFFFF |
00DF82CC | FF15| call dword ptr ds:[<&??1QCursor@@QAE@XZ>] |
00DF82D2 | 8B8B| mov ecx,dword ptr ds: | :&"V曾"
00DF82D8 | FF15| call dword ptr ds:[<&?stop@QTimer@@QAEXXZ>] |
00DF82DE | 8B8B| mov ecx,dword ptr ds: |
00DF82E4 | 85C9| test ecx,ecx |
00DF82E6 | 0F84| je mindmaster.DF8FF5 |
00DF82EC | FF15| call dword ptr ds:[<&?deleteLater@QObject@@QAEXXZ>] |
00DF82F2 | 8D4D| lea ecx,dword ptr ss: |
00DF82F5 | FF15| call dword ptr ds:[<&??0QString@@QAE@XZ>] |
00DF82FB | 68 D8 | push mindmaster.FFA3D8 | FFA3D8:"win"
00DF8300 | 8D4D| lea ecx,dword ptr ss: |
00DF8303 | C745| mov dword ptr ss:,1 |
00DF830A | FF15| call dword ptr ds:[<&??4QString@@QAEAAV0@PBD@Z>] |
00DF8310 | 8D83| lea eax,dword ptr ds: |
00DF8316 | 50 | push eax |
00DF8317 | 8D4D| lea ecx,dword ptr ss: |
00DF831A | FF15| call dword ptr ds:[<&??0QByteArray@@QAE@ABV0@@Z>] |
00DF8320 | 8B8B| mov ecx,dword ptr ds: |
00DF8326 | 8B35| mov esi,dword ptr ds:[<&?error@QNetworkReply@@QBE?AW4Netw |
00DF832C | C645| mov byte ptr ss:,2 |
00DF8330 | FFD6| call esi |
00DF8332 | 85C0| test eax,eax |
00DF8334 | 0F85| jne mindmaster.DF8CCB |
00DF833A | 8B8B| mov ecx,dword ptr ds: |
00DF8340 | 8D45| lea eax,dword ptr ss: |
00DF8343 | 50 | push eax |
00DF8344 | FF15| call dword ptr ds:[<&?readAll@QIODevice@@QAE?AVQByteArray |
00DF834A | 8B8B| mov ecx,dword ptr ds: |
00DF8350 | 8D45| lea eax,dword ptr ss: |
00DF8353 | 6A 00 | push 0 |
00DF8355 | 50 | push eax |
00DF8356 | C645| mov byte ptr ss:,3 |
00DF835A | FF15| call dword ptr ds:[<&?attribute@QNetworkReply@@QBE?AVQVar |
00DF8360 | 6A 00 | push 0 |
00DF8362 | 8BC8| mov ecx,eax |
00DF8364 | C645| mov byte ptr ss:,4 |
00DF8368 | FF15| call dword ptr ds:[<&?toInt@QVariant@@QBEHPA_N@Z>] |
00DF836E | 8D4D| lea ecx,dword ptr ss: |
00DF8371 | C645| mov byte ptr ss:,3 |
00DF8375 | 8BF0| mov esi,eax |
00DF8377 | FF15| call dword ptr ds:[<&??1QVariant@@QAE@XZ>] |
00DF837D | 81FE| cmp esi,12D |
00DF8383 | 0F84| je mindmaster.DF8C56 |
00DF8389 | 81FE| cmp esi,12E |
00DF838F | 0F84| je mindmaster.DF8C56 |
00DF8395 | 8B35| mov esi,dword ptr ds:[<&?startsWith@QByteArray@@QBE_NPBD@ |
00DF839B | 8D4D| lea ecx,dword ptr ss: |
00DF839E | 68 98 | push mindmaster.FFAB98 | FFAB98:"ER"
00DF83A3 | FFD6| call esi |
00DF83A5 | 84C0| test al,al |
00DF83A7 | 0F84| je mindmaster.DF87FC======>>>>>>>>>>>修改这里成功!
00DF83AD | 68 9C | push mindmaster.FFAB9C | FFAB9C:"ER107"
00DF83B2 | 8D4D| lea ecx,dword ptr ss: |
00DF83B5 | FFD6| call esi |
00DF83B7 | 84C0| test al,al |
00DF83B9 | 74 47 | je mindmaster.DF8402 |
00DF83BB | 6A FF | push FFFFFFFF |
00DF83BD | 6A 00 | push 0 |
00DF83BF | 8D45| lea eax,dword ptr ss: |
00DF83C2 | 68 A8 | push mindmaster.FFABA8 | FFABA8:"Your license has expired.<br/>Visit <a style='color: blue;' href = \"https://www.edrawsoft.com/renewmindmaster.php\"> https://www.edrawsoft.com/renewmindmaster.php</a>."
00DF83C7 | 50 | push eax |
00DF83C8 | E8 43 | call <mindmaster.sub_DF9210> |
00DF83CD | 8BF0| mov esi,eax |
00DF83CF | 6A FF | push FFFFFFFF |
00DF83D1 | 6A 00 | push 0 |
00DF83D3 | 8D45| lea eax,dword ptr ss: |
00DF83D6 | C645| mov byte ptr ss:,8 |
00DF83DA | 68 9C | push mindmaster.FF7C9C | FF7C9C:"Activation"
00DF83DF | 50 | push eax |
00DF83E0 | E8 2B | call <mindmaster.sub_DF9210> | 这下面是激活过期
00DF83E5 | 6A 00 | push 0 |
00DF83E7 | 6A 00 | push 0 |
00DF83E9 | 6A 00 | push 0 |
00DF83EB | 56 | push esi |
00DF83EC | 50 | push eax |
00DF83ED | 53 | push ebx |
00DF83EE | C645| mov byte ptr ss:,9 | 9:'\t'
00DF83F2 | E8 99 | call <mindmaster.sub_D78790> |
00DF83F7 | 83C4| add esp,38 |
00DF83FA | 8D4D| lea ecx,dword ptr ss: |
00DF83FD | E9 37 | jmp mindmaster.DF8C39 |
00DF8402 | 68 50 | push mindmaster.FFAC50 | FFAC50:"ER106"
00DF8407 | 8D4D| lea ecx,dword ptr ss: |
00DF840A | FFD6| call esi |
00DF840C | 84C0| test al,al |
00DF840E | 74 47 | je mindmaster.DF8457 |
00DF8410 | 6A FF | push FFFFFFFF |
00DF8412 | 6A 00 | push 0 |
00DF8414 | 8D45| lea eax,dword ptr ss: |
00DF8417 | 68 A8 | push mindmaster.FFABA8 | FFABA8:"Your license has expired.<br/>Visit <a style='color: blue;' href = \"https://www.edrawsoft.com/renewmindmaster.php\"> https://www.edrawsoft.com/renewmindmaster.php</a>."
00DF841C | 50 | push eax |
00DF841D | E8 EE | call <mindmaster.sub_DF9210> |
00DF8422 | 8BF0| mov esi,eax |
00DF8424 | 6A FF | push FFFFFFFF |
00DF8426 | 6A 00 | push 0 |
00DF8428 | 8D45| lea eax,dword ptr ss: |
00DF842B | C645| mov byte ptr ss:,A | A:'\n'
00DF842F | 68 9C | push mindmaster.FF7C9C | FF7C9C:"Activation"
00DF8434 | 50 | push eax |
00DF8435 | E8 D6 | call <mindmaster.sub_DF9210> |
00DF843A | 6A 00 | push 0 |
00DF843C | 6A 00 | push 0 |
00DF843E | 6A 00 | push 0 |
00DF8440 | 56 | push esi |
00DF8441 | 50 | push eax |
00DF8442 | 53 | push ebx |
00DF8443 | C645| mov byte ptr ss:,B | B:'\v'
00DF8447 | E8 44 | call <mindmaster.sub_D78790> |
00DF844C | 83C4| add esp,38 |
00DF844F | 8D4D| lea ecx,dword ptr ss: |
00DF8452 | E9 E2 | jmp mindmaster.DF8C39 |
00DF8457 | 68 58 | push mindmaster.FFAC58 | FFAC58:"ER105"
00DF845C | 8D4D| lea ecx,dword ptr ss: |
00DF845F | FFD6| call esi |
00DF8461 | 84C0| test al,al |
00DF8463 | 74 4B | je mindmaster.DF84B0 |
00DF8465 | 6A FF | push FFFFFFFF |
00DF8467 | 6A 00 | push 0 |
00DF8469 | 8D45| lea eax,dword ptr ss: |
00DF846C | 68 60 | push mindmaster.FFAC60 | FFAC60:"The license code cannot be used on more computers. If your license is still within the maintenace period, you can try the Deactivation from old computer firstly."
00DF8471 | 50 | push eax |
00DF8472 | E8 99 | call <mindmaster.sub_DF9210> |
00DF8477 | 6A FF | push FFFFFFFF |
00DF8479 | 6A 00 | push 0 |
00DF847B | 8D45| lea eax,dword ptr ss: |
00DF847E | C645| mov byte ptr ss:,C | C:'\f'
00DF8482 | 68 9C | push mindmaster.FF7C9C | FF7C9C:"Activation"
00DF8487 | 50 | push eax |
00DF8488 | E8 83 | call <mindmaster.sub_DF9210> |
00DF848D | 6A 00 | push 0 |
00DF848F | 6A 00 | push 0 |
00DF8491 | 68 00 | push 400 |
00DF8496 | 8D4D| lea ecx,dword ptr ss: |
00DF8499 | C645| mov byte ptr ss:,D | D:'\r'
00DF849D | 51 | push ecx |
00DF849E | 50 | push eax |
00DF849F | 53 | push ebx |
00DF84A0 | E8 EB | call <mindmaster.sub_D78790> | 全断来到此处Z1
00DF84A5 | 83C4| add esp,38 |
00DF84A8 | 8D4D| lea ecx,dword ptr ss: |
00DF84AB | E9 89 | jmp mindmaster.DF8C39 |
00DF84B0 | 68 04 | push mindmaster.FFAD04 | FFAD04:"ER104"
00DF84B5 | 8D4D| lea ecx,dword ptr ss: |
00DF84B8 | FFD6| call esi |
00DF84BA | 84C0| test al,al |
00DF84BC | 74 4B | je mindmaster.DF8509 |
00DF84BE | 6A FF | push FFFFFFFF |
00DF84C0 | 6A 00 | push 0 |
00DF84C2 | 8D45| lea eax,dword ptr ss: |
00DF84C5 | 68 10 | push mindmaster.FFAD10 | FFAD10:"The license code is not valid for this version!<br /><br />Please check your order email for more details."
00DF84CA | 50 | push eax |
00DF84CB | E8 40 | call <mindmaster.sub_DF9210> |
00DF84D0 | 6A FF | push FFFFFFFF |
00DF84D2 | 6A 00 | push 0 |
00DF84D4 | 8D45| lea eax,dword ptr ss: |
00DF84D7 | C645| mov byte ptr ss:,E |
00DF84DB | 68 9C | push mindmaster.FF7C9C | FF7C9C:"Activation"
00DF84E0 | 50 | push eax |
00DF84E1 | E8 2A | call <mindmaster.sub_DF9210> |
00DF84E6 | 6A 00 | push 0 |
00DF84E8 | 6A 00 | push 0 |
00DF84EA | 68 00 | push 400 |
00DF84EF | 8D4D| lea ecx,dword ptr ss: |
00DF84F2 | C645| mov byte ptr ss:,F |
00DF84F6 | 51 | push ecx |
00DF84F7 | 50 | push eax |
00DF84F8 | 53 | push ebx |
00DF84F9 | E8 92 | call <mindmaster.sub_D78790> |
00DF84FE | 83C4| add esp,38 |
00DF8501 | 8D4D| lea ecx,dword ptr ss: |
00DF8504 | E9 30 | jmp mindmaster.DF8C39 |
00DF8509 | 68 7C | push mindmaster.FFAD7C | FFAD7C:"ER101"
00DF850E | 8D4D| lea ecx,dword ptr ss: |
00DF8511 | FFD6| call esi |
00DF8513 | 84C0| test al,al |
00DF8515 | 75 20 | jne mindmaster.DF8537 |
00DF8517 | 68 84 | push mindmaster.FFAD84 | FFAD84:"ER102"
00DF851C | 8D4D| lea ecx,dword ptr ss: |
00DF851F | FFD6| call esi |
00DF8521 | 84C0| test al,al |
00DF8523 | 75 12 | jne mindmaster.DF8537 |
00DF8525 | 68 8C | push mindmaster.FFAD8C | FFAD8C:"ER103"
00DF852A | 8D4D| lea ecx,dword ptr ss: |
00DF852D | FFD6| call esi |
00DF852F | 84C0| test al,al |
00DF8531 | 0F84| je mindmaster.DF8C48 |
00DF8537 | 8B35| mov esi,dword ptr ds:[<&?show@QWidget@@QAEXXZ>] |
00DF853D | C605| mov byte ptr ds:,1 |
00DF8544 | 8B4B| mov ecx,dword ptr ds: |
00DF8547 | FFD6| call esi |
00DF8549 | 8B4B| mov ecx,dword ptr ds: |
00DF854C | FFD6| call esi |
00DF854E | 8B8B| mov ecx,dword ptr ds: | :&"z硒"
00DF8554 | FFD6| call esi |
00DF8556 | 6A FF | push FFFFFFFF |
00DF8558 | 6A 00 | push 0 |
00DF855A | 8D45| lea eax,dword ptr ss: | :L"\r"
00DF855D | 68 94 | push mindmaster.FFAD94 | FFAD94:"Activation failed!<br /><br />"
00DF8562 | 50 | push eax |
00DF8563 | E8 A8 | call <mindmaster.sub_DF9210> |
00DF8568 | 6A FF | push FFFFFFFF |
00DF856A | 6A 00 | push 0 |
00DF856C | 8D45| lea eax,dword ptr ss: |
00DF856F | C645| mov byte ptr ss:,10 |
00DF8573 | 68 B4 | push mindmaster.FFADB4 | FFADB4:"The server is busy now, please try again later.<br /><br />"
00DF8578 | 50 | push eax |
00DF8579 | E8 92 | call <mindmaster.sub_DF9210> |
00DF857E | 83C4| add esp,20 |
00DF8581 | 8B1D| mov ebx,dword ptr ds:[<&?append@QString@@QAEAAV1@ABV1@@Z> |
00DF8587 | 8D4D| lea ecx,dword ptr ss: | :L"\r"
00DF858A | 50 | push eax |
00DF858B | C645| mov byte ptr ss:,11 |
00DF858F | FFD3| call ebx |
00DF8591 | 8D4D| lea ecx,dword ptr ss: |
00DF8594 | C645| mov byte ptr ss:,10 |
00DF8598 | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF859E | 6A FF | push FFFFFFFF |
00DF85A0 | 6A 00 | push 0 |
00DF85A2 | 8D45| lea eax,dword ptr ss: |
00DF85A5 | 68 F0 | push mindmaster.FFADF0 | FFADF0:"You can also visit the following url on a machine that is connected to the internet. Get the Activation Code and click the 'Activate Manually' button.<br /><br />"
00DF85AA | 50 | push eax |
00DF85AB | E8 60 | call <mindmaster.sub_DF9210> |
00DF85B0 | 83C4| add esp,10 |
00DF85B3 | 50 | push eax |
00DF85B4 | 8D4D| lea ecx,dword ptr ss: | :L"\r"
00DF85B7 | C645| mov byte ptr ss:,12 |
00DF85BB | FFD3| call ebx |
00DF85BD | 8D4D| lea ecx,dword ptr ss: |
00DF85C0 | C645| mov byte ptr ss:,10 |
00DF85C4 | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF85CA | 8D45| lea eax,dword ptr ss: |
00DF85CD | 50 | push eax |
00DF85CE | FF15| call dword ptr ds:[<&?langBrev@EDVersion@@SA?AVQString@@X |
00DF85D4 | 8BD8| mov ebx,eax |
00DF85D6 | 8B35| mov esi,dword ptr ds:[<&?fromAscii_helper@QString@@CAPAU? |
00DF85DC | 6A 05 | push 5 |
00DF85DE | 68 40 | push mindmaster.FE5240 | FE5240:"8.0.3"
00DF85E3 | C645| mov byte ptr ss:,13 |
00DF85E7 | FFD6| call esi |
00DF85E9 | 8945| mov dword ptr ss:,eax | :L"{"
00DF85EC | 8D45| lea eax,dword ptr ss: |
00DF85EF | C645| mov byte ptr ss:,14 |
00DF85F3 | 50 | push eax |
00DF85F4 | FF15| call dword ptr ds:[<&?activateName@EDVersion@@SA?AVQStrin |
00DF85FA | 8BF8| mov edi,eax |
00DF85FC | 6A 44 | push 44 |
00DF85FE | 68 98 | push mindmaster.FFAE98 | FFAE98:"https://www.edrawsoft.com/acassist.php?p=%1&m=%2&r=%3&v=%4&o=%5&a=%6"
00DF8603 | C645| mov byte ptr ss:,15 |
00DF8607 | FFD6| call esi |
00DF8609 | 8945| mov dword ptr ss:,eax |
00DF860C | 83C4| add esp,14 |
00DF860F | C645| mov byte ptr ss:,20 | 20:' '
00DF8613 | 8BCC| mov ecx,esp |
00DF8615 | C645| mov byte ptr ss:,16 |
00DF8619 | FF75| push dword ptr ss: |
00DF861C | FF15| call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF8622 | 6A 00 | push 0 |
00DF8624 | 57 | push edi |
00DF8625 | 8D45| lea eax,dword ptr ss: | :"X⿵"
00DF8628 | 50 | push eax |
00DF8629 | 8B3D| mov edi,dword ptr ds:[<&?arg@QString@@QBE?AV1@ABV1@HVQCha |
00DF862F | 8D4D| lea ecx,dword ptr ss: |
00DF8632 | FFD7| call edi |
00DF8634 | 8BF0| mov esi,eax |
00DF8636 | 51 | push ecx |
00DF8637 | 8BCC| mov ecx,esp |
00DF8639 | C645| mov byte ptr ss:,20 | 20:' '
00DF863D | FF75| push dword ptr ss: |
00DF8640 | C645| mov byte ptr ss:,17 |
00DF8644 | FF15| call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF864A | 6A 00 | push 0 |
00DF864C | 8D45| lea eax,dword ptr ss: |
00DF864F | 8BCE| mov ecx,esi |
00DF8651 | 50 | push eax |
00DF8652 | 8D45| lea eax,dword ptr ss: |
00DF8655 | 50 | push eax |
00DF8656 | FFD7| call edi |
00DF8658 | 8BF0| mov esi,eax |
00DF865A | 51 | push ecx |
00DF865B | 8BCC| mov ecx,esp |
00DF865D | C645| mov byte ptr ss:,20 | 20:' '
00DF8661 | FF75| push dword ptr ss: |
00DF8664 | C645| mov byte ptr ss:,18 |
00DF8668 | FF15| call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF866E | 8B45| mov eax,dword ptr ss: |
00DF8671 | 8BCE| mov ecx,esi |
00DF8673 | 6A 00 | push 0 |
00DF8675 | 05 9C | add eax,9C |
00DF867A | 50 | push eax |
00DF867B | 8D45| lea eax,dword ptr ss: |
00DF867E | 50 | push eax |
00DF867F | FFD7| call edi |
00DF8681 | 8BF0| mov esi,eax |
00DF8683 | 51 | push ecx |
00DF8684 | 8BCC| mov ecx,esp |
00DF8686 | C645| mov byte ptr ss:,20 | 20:' '
00DF868A | FF75| push dword ptr ss: |
00DF868D | C645| mov byte ptr ss:,19 |
00DF8691 | FF15| call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF8697 | 6A 00 | push 0 |
00DF8699 | 8D45| lea eax,dword ptr ss: | :L"{"
00DF869C | 8BCE| mov ecx,esi |
00DF869E | 50 | push eax |
00DF869F | 8D45| lea eax,dword ptr ss: |
00DF86A2 | 50 | push eax |
00DF86A3 | FFD7| call edi |
00DF86A5 | 8BF0| mov esi,eax |
00DF86A7 | 51 | push ecx |
00DF86A8 | 8BCC| mov ecx,esp |
00DF86AA | C645| mov byte ptr ss:,20 | 20:' '
00DF86AE | FF75| push dword ptr ss: |
00DF86B1 | C645| mov byte ptr ss:,1A |
00DF86B5 | FF15| call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF86BB | 6A 00 | push 0 |
00DF86BD | 8D45| lea eax,dword ptr ss: |
00DF86C0 | 8BCE| mov ecx,esi |
00DF86C2 | 50 | push eax |
00DF86C3 | 8D45| lea eax,dword ptr ss: | :&"z坐"
00DF86C6 | 50 | push eax |
00DF86C7 | FFD7| call edi |
00DF86C9 | 8BF0| mov esi,eax |
00DF86CB | 51 | push ecx |
00DF86CC | 8BCC| mov ecx,esp |
00DF86CE | C645| mov byte ptr ss:,20 | 20:' '
00DF86D2 | FF75| push dword ptr ss: |
00DF86D5 | C645| mov byte ptr ss:,1B |
00DF86D9 | FF15| call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF86DF | 6A 00 | push 0 |
00DF86E1 | 53 | push ebx |
00DF86E2 | 8D45| lea eax,dword ptr ss: |
00DF86E5 | 8BCE| mov ecx,esi |
00DF86E7 | 50 | push eax |
00DF86E8 | FFD7| call edi |
00DF86EA | 8D4D| lea ecx,dword ptr ss: | :&"z坐"
00DF86ED | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF86F3 | 8D4D| lea ecx,dword ptr ss: |
00DF86F6 | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF86FC | 8D4D| lea ecx,dword ptr ss: |
00DF86FF | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8705 | 8D4D| lea ecx,dword ptr ss: |
00DF8708 | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF870E | 8D4D| lea ecx,dword ptr ss: | :"X⿵"
00DF8711 | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8717 | 8D4D| lea ecx,dword ptr ss: |
00DF871A | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8720 | 8D4D| lea ecx,dword ptr ss: |
00DF8723 | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8729 | 8D4D| lea ecx,dword ptr ss: | :L"{"
00DF872C | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8732 | 8D4D| lea ecx,dword ptr ss: |
00DF8735 | C645| mov byte ptr ss:,25 | 25:'%'
00DF8739 | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF873F | 6A FF | push FFFFFFFF |
00DF8741 | 6A 00 | push 0 |
00DF8743 | 8D45| lea eax,dword ptr ss: |
00DF8746 | 68 E0 | push mindmaster.FFAEE0 | FFAEE0:"<a href=\"%1\">Get activation code.</a>"
00DF874B | 50 | push eax |
00DF874C | E8 BF | call <mindmaster.sub_DF9210> |
00DF8751 | 8BF0| mov esi,eax |
00DF8753 | 83C4| add esp,C |
00DF8756 | C645| mov byte ptr ss:,20 | 20:' '
00DF875A | 8BCC| mov ecx,esp |
00DF875C | C645| mov byte ptr ss:,26 | 26:'&'
00DF8760 | FF75| push dword ptr ss: |
00DF8763 | FF15| call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF8769 | 6A 00 | push 0 |
00DF876B | 8D45| lea eax,dword ptr ss: |
00DF876E | 8BCE| mov ecx,esi |
00DF8770 | 50 | push eax |
00DF8771 | 8D45| lea eax,dword ptr ss: |
00DF8774 | 50 | push eax |
00DF8775 | FFD7| call edi |
00DF8777 | 50 | push eax |
00DF8778 | 8D4D| lea ecx,dword ptr ss: |
00DF877B | FF15| call dword ptr ds:[<&??4QDateTime@@QAEAAV0@$$QAV0@@Z>] |
00DF8781 | 8D4D| lea ecx,dword ptr ss: |
00DF8784 | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF878A | 8D4D| lea ecx,dword ptr ss: |
00DF878D | C645| mov byte ptr ss:,25 | 25:'%'
00DF8791 | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8797 | 8D45| lea eax,dword ptr ss: |
00DF879A | 50 | push eax |
00DF879B | 8D4D| lea ecx,dword ptr ss: | :L"\r"
00DF879E | FF15| call dword ptr ds:[<&?append@QString@@QAEAAV1@ABV1@@Z>] |
00DF87A4 | 6A FF | push FFFFFFFF |
00DF87A6 | 6A 00 | push 0 |
00DF87A8 | 8D45| lea eax,dword ptr ss: |
00DF87AB | 68 9C | push mindmaster.FF7C9C | FF7C9C:"Activation"
00DF87B0 | 50 | push eax |
00DF87B1 | E8 5A | call <mindmaster.sub_DF9210> |
00DF87B6 | 6A 00 | push 0 |
00DF87B8 | 6A 00 | push 0 |
00DF87BA | 68 00 | push 400 |
00DF87BF | 8D4D| lea ecx,dword ptr ss: | :L"\r"
00DF87C2 | C645| mov byte ptr ss:,27 | 27:'''
00DF87C6 | 51 | push ecx |
00DF87C7 | 50 | push eax |
00DF87C8 | FF75| push dword ptr ss: |
00DF87CB | E8 C0 | call <mindmaster.sub_D78790> |
00DF87D0 | 83C4| add esp,28 |
00DF87D3 | 8D4D| lea ecx,dword ptr ss: |
00DF87D6 | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF87DC | 8D4D| lea ecx,dword ptr ss: |
00DF87DF | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF87E5 | 8D4D| lea ecx,dword ptr ss: | :L"\r"
00DF87E8 | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF87EE | 8D4D| lea ecx,dword ptr ss: |
00DF87F1 | FF15| call dword ptr ds:[<&??1QBitArray@@QAE@XZ>] |
00DF87F7 | E9 E7 | jmp mindmaster.DF8FE3 |
00DF87FC | 8D4D| lea ecx,dword ptr ss: |
00DF87FF | 33FF| xor edi,edi |
00DF8801 | FF15| call dword ptr ds:[<&??0QString@@QAE@XZ>] |
00DF8807 | 8D4D| lea ecx,dword ptr ss: | :L"{"
00DF880A | FF15| call dword ptr ds:[<&??0QString@@QAE@XZ>] |
00DF8810 | 6A 3B | push 3B |
00DF8812 | 8D45| lea eax,dword ptr ss: | :L"\r"
00DF8815 | C645| mov byte ptr ss:,29 | 29:')'
00DF8819 | 50 | push eax |
00DF881A | 8D4D| lea ecx,dword ptr ss: |
00DF881D | FF15| call dword ptr ds:[<&?split@QByteArray@@QBE?AV?$QList@VQB |
00DF8823 | 8D4D| lea ecx,dword ptr ss: | :L"\r"
00DF8826 | C645| mov byte ptr ss:,2A | 2A:'*'
00DF882A | FF15| call dword ptr ds:[<&?length@?$QList@VQItemSelectionRange |
00DF8830 | 83F8| cmp eax,5 |
00DF8833 | 7E 6A | jle mindmaster.DF889F |
00DF8835 | 6A 01 | push 1 |
00DF8837 | 8D4D| lea ecx,dword ptr ss: | :L"\r"
00DF883A | E8 91 | call <mindmaster.sub_DF5DD0> |
00DF883F | 50 | push eax |
00DF8840 | 8D4D| lea ecx,dword ptr ss: |
00DF8843 | FF15| call dword ptr ds:[<&??4QString@@QAEAAV0@ABVQByteArray@@@ |
00DF8849 | 6A 0A | push A |
00DF884B | 57 | push edi |
00DF884C | 6A 03 | push 3 |
00DF884E | 8D4D| lea ecx,dword ptr ss: | :L"\r"
00DF8851 | E8 7A | call <mindmaster.sub_DF5DD0> |
00DF8856 | 8BC8| mov ecx,eax |
00DF8858 | FF15| call dword ptr ds:[<&?toInt@QByteArray@@QBEHPA_NH@Z>] |
00DF885E | 50 | push eax |
00DF885F | 8D8B| lea ecx,dword ptr ds: |
00DF8865 | FF15| call dword ptr ds:[<&??4QString@@QAEAAV0@D@Z>] |
00DF886B | 6A 0A | push A |
00DF886D | 57 | push edi |
00DF886E | 6A 04 | push 4 |
00DF8870 | 8D4D| lea ecx,dword ptr ss: | :L"\r"
00DF8873 | E8 58 | call <mindmaster.sub_DF5DD0> |
00DF8878 | 8B35| mov esi,dword ptr ds:[<&?toULong@QByteArray@@QBEKPA_NH@Z> |
00DF887E | 8BC8| mov ecx,eax |
00DF8880 | FFD6| call esi |
00DF8882 | 6A 0A | push A |
00DF8884 | 57 | push edi |
00DF8885 | 6A 05 | push 5 |
00DF8887 | 8D4D| lea ecx,dword ptr ss: | :L"\r"
00DF888A | 8983| mov dword ptr ds:,eax |
00DF8890 | E8 3B | call <mindmaster.sub_DF5DD0> |
00DF8895 | 8BC8| mov ecx,eax |
00DF8897 | FFD6| call esi |
00DF8899 | 8983| mov dword ptr ds:,eax |
00DF889F | 8D4D| lea ecx,dword ptr ss: | :L"\r"
00DF88A2 | FF15| call dword ptr ds:[<&?length@?$QList@VQItemSelectionRange |
00DF88A8 | 83F8| cmp eax,6 |
00DF88AB | 7E 14 | jle mindmaster.DF88C1 |
00DF88AD | 6A 06 | push 6 |
00DF88AF | 8D4D| lea ecx,dword ptr ss: | :L"\r"
00DF88B2 | E8 19 | call <mindmaster.sub_DF5DD0> |
00DF88B7 | 50 | push eax |
00DF88B8 | 8D4D| lea ecx,dword ptr ss: | :L"{"
00DF88BB | FF15| call dword ptr ds:[<&??4QString@@QAEAAV0@ABVQByteArray@@@ |
00DF88C1 | 8B93| mov edx,dword ptr ds: |
00DF88C7 | 83FA| cmp edx,1 |
00DF88CA | 74 0F | je mindmaster.DF88DB |
00DF88CC | 83BB| cmp dword ptr ds:,0 |
00DF88D3 | B8 01 | mov eax,1 |
00DF88D8 | 0F44F | cmove edi,eax |
00DF88DB | 83BB| cmp dword ptr ds:,0 |
00DF88E2 | A1 84 | mov eax,dword ptr ds:[<&?currentDate@QDate@@SA?AV1@XZ>] |
00DF88E7 | 8B35| mov esi,dword ptr ds:[<&?daysTo@QDate@@QBE_JABV1@@Z>] |
00DF88ED | 75 58 | jne mindmaster.DF8947 |
00DF88EF | 8D4D| lea ecx,dword ptr ss: |
00DF88F2 | 51 | push ecx |
00DF88F3 | 83FA| cmp edx,3 |
00DF88F6 | 75 09 | jne mindmaster.DF8901 |
00DF88F8 | FFD0| call eax |
00DF88FA | 83C4| add esp,4 |
00DF88FD | 6A 03 | push 3 |
00DF88FF | EB 07 | jmp mindmaster.DF8908 |
00DF8901 | FFD0| call eax |
00DF8903 | 83C4| add esp,4 |
00DF8906 | 6A 01 | push 1 |
00DF8908 | 8D45| lea eax,dword ptr ss: |
00DF890B | 50 | push eax |
00DF890C | 8D4D| lea ecx,dword ptr ss: |
00DF890F | FF15| call dword ptr ds:[<&?addYears@QDate@@QBE?AV1@H@Z>] |
00DF8915 | 8B08| mov ecx,dword ptr ds: |
00DF8917 | 894D| mov dword ptr ss:,ecx |
00DF891A | 8D4D| lea ecx,dword ptr ss: |
00DF891D | 8B40| mov eax,dword ptr ds: |
00DF8920 | 8945| mov dword ptr ss:,eax |
00DF8923 | 8D45| lea eax,dword ptr ss: |
00DF8926 | 50 | push eax |
00DF8927 | A1 98 | mov eax,dword ptr ds:[<&??0QDate@@QAE@HHH@Z>] |
00DF892C | 6A 01 | push 1 |
00DF892E | 6A 01 | push 1 |
00DF8930 | 68 B2 | push 7B2 |
00DF8935 | FFD0| call eax |
00DF8937 | 8BC8| mov ecx,eax |
00DF8939 | FFD6| call esi |
00DF893B | 69C0| imul eax,eax,15180 |
00DF8941 | 8983| mov dword ptr ds:,eax |
00DF8947 | 8D83| lea eax,dword ptr ds: |
00DF894D | 50 | push eax |
00DF894E | 8D45| lea eax,dword ptr ss: |
00DF8951 | 50 | push eax |
00DF8952 | FF15| call dword ptr ds:[<&?configPath@EDFilePathManager@@SA?AV |
00DF8958 | 83C4| add esp,8 |
00DF895B | 8D45| lea eax,dword ptr ss: |
00DF895E | C645| mov byte ptr ss:,2B | 2B:'+'
00DF8962 | 50 | push eax |
00DF8963 | 8D4D| lea ecx,dword ptr ss: |
00DF8966 | FF15| call dword ptr ds:[<&??0QFile@@QAE@ABVQString@@@Z>] |
00DF896C | 6A 0A | push A |
00DF896E | 8D4D| lea ecx,dword ptr ss: |
00DF8971 | C645| mov byte ptr ss:,2C | 2C:','
00DF8975 | FF15| call dword ptr ds:[<&?open@QFile@@UAE_NV?$QFlags@W4OpenMo |
00DF897B | 8B35| mov esi,dword ptr ds:[<&??6@YAAAVQDataStream@@AAV0@ABVQSt |
00DF8981 | 84C0| test al,al |
00DF8983 | 0F84| je mindmaster.DF8A10 |
00DF8989 | 8D45| lea eax,dword ptr ss: |
00DF898C | 50 | push eax |
00DF898D | 8D4D| lea ecx,dword ptr ss: |
00DF8990 | FF15| call dword ptr ds:[<&??0QDataStream@@QAE@PAVQIODevice@@@Z |
00DF8996 | 8D83| lea eax,dword ptr ds: |
00DF899C | C645| mov byte ptr ss:,2D | 2D:'-'
00DF89A0 | 50 | push eax |
00DF89A1 | 8D45| lea eax,dword ptr ss: |
00DF89A4 | 50 | push eax |
00DF89A5 | FFD6| call esi |
00DF89A7 | 8D83| lea eax,dword ptr ds: |
00DF89AD | 50 | push eax |
00DF89AE | 8D45| lea eax,dword ptr ss: |
00DF89B1 | 50 | push eax |
00DF89B2 | FFD6| call esi |
00DF89B4 | 8D45| lea eax,dword ptr ss: |
00DF89B7 | 50 | push eax |
00DF89B8 | 8D45| lea eax,dword ptr ss: |
00DF89BB | 50 | push eax |
00DF89BC | FFD6| call esi |
00DF89BE | 8D83| lea eax,dword ptr ds: |
00DF89C4 | 50 | push eax |
00DF89C5 | 8D45| lea eax,dword ptr ss: |
00DF89C8 | 50 | push eax |
00DF89C9 | FFD6| call esi |
00DF89CB | 83C4| add esp,20 |
00DF89CE | 8D4D| lea ecx,dword ptr ss: |
00DF89D1 | FFB3| push dword ptr ds: |
00DF89D7 | FF15| call dword ptr ds:[<&??6QDataStream@@QAEAAV0@H@Z>] |
00DF89DD | FFB3| push dword ptr ds: |
00DF89E3 | 8D4D| lea ecx,dword ptr ss: |
00DF89E6 | FF15| call dword ptr ds:[<&??6QDataStream@@QAEAAV0@H@Z>] |
00DF89EC | 57 | push edi |
00DF89ED | 8D4D| lea ecx,dword ptr ss: |
00DF89F0 | FF15| call dword ptr ds:[<&??6QDataStream@@QAEAAV0@H@Z>] |
00DF89F6 | 8D45| lea eax,dword ptr ss: | :L"{"
00DF89F9 | 50 | push eax |
00DF89FA | 8D45| lea eax,dword ptr ss: |
00DF89FD | 50 | push eax |
00DF89FE | FFD6| call esi |
00DF8A00 | 83C4| add esp,8 |
00DF8A03 | C645| mov byte ptr ss:,2C | 2C:','
00DF8A07 | 8D4D| lea ecx,dword ptr ss: |
00DF8A0A | FF15| call dword ptr ds:[<&??1QDataStream@@QAE@XZ>] |
00DF8A10 | 8D4D| lea ecx,dword ptr ss: |
00DF8A13 | FF15| call dword ptr ds:[<&?close@QFileDevice@@UAEXXZ>] |
00DF8A19 | 8D45| lea eax,dword ptr ss: |
00DF8A1C | 50 | push eax |
00DF8A1D | FF15| call dword ptr ds:[<&?appConfigDir@EDFilePathManager@@SA? |
00DF8A23 | 8D8B| lea ecx,dword ptr ds: |
00DF8A29 | C645| mov byte ptr ss:,2E | 2E:'.'
00DF8A2D | 51 | push ecx |
00DF8A2E | 50 | push eax |
00DF8A2F | 8D45| lea eax,dword ptr ss: |
00DF8A32 | 50 | push eax |
00DF8A33 | E8 F8 | call <mindmaster.sub_D42930> |
00DF8A38 | 83C4| add esp,10 |
00DF8A3B | 8D4D| lea ecx,dword ptr ss: |
00DF8A3E | 50 | push eax |
00DF8A3F | FF15| call dword ptr ds:[<&??4QString@@QAEAAV0@ABV0@@Z>] |
00DF8A45 | 8D4D| lea ecx,dword ptr ss: |
00DF8A48 | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8A4E | 8D4D| lea ecx,dword ptr ss: |
00DF8A51 | C645| mov byte ptr ss:,2C | 2C:','
00DF8A55 | FF15| call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8A5B | 8D45| lea eax,dword ptr ss: |
00DF8A5E | 50 | push eax |
00DF8A5F | 8D4D| lea ecx,dword ptr ss: |
00DF8A62 | FF15| call dword ptr ds:[<&??0QFile@@QAE@ABVQString@@@Z>] |
00DF8A68 | 6A 0A | push A |
00DF8A6A | 8D4D| lea ecx,dword ptr ss: |
00DF8A6D | C645| mov byte ptr ss:,2F | 2F:'/'
00DF8A71 | FF15| call dword ptr ds:[<&?open@QFile@@UAE_NV?$QFlags@W4OpenMo |
00DF8A77 | 84C0| test al,al |
00DF8A79 | 0F84| je mindmaster.DF8B06 |
00DF8A7F | 8D45| lea eax,dword ptr ss: |
00DF8A82 | 50 | push eax |
00DF8A83 | 8D4D| lea ecx,dword ptr ss: |
00DF8A86 | FF15| call dword ptr ds:[<&??0QDataStream@@QAE@PAVQIODevice@@@Z |
00DF8A8C | 8D83| lea eax,dword ptr ds: |
00DF8A92 | C645| mov byte ptr ss:,30 | 30:'0'
00DF8A96 | 50 | push eax |
00DF8A97 | 8D45| lea eax,dword ptr ss: |
00DF8A9A | 50 | push eax |
00DF8A9B | FFD6| call esi |
00DF8A9D | 8D83| lea eax,dword ptr ds: |
00DF8AA3 | 50 | push eax |
00DF8AA4 | 8D45| lea eax,dword ptr ss: |
00DF8AA7 | 50 | push eax |
00DF8AA8 | FFD6| call esi |
00DF8AAA | 8D45| lea eax,dword ptr ss: |
00DF8AAD | 50 | push eax |
00DF8AAE | 8D45| lea eax,dword ptr ss: |
00DF8AB1 | 50 | push eax |
00DF8AB2 | FFD6| call esi |
00DF8AB4 | 8D83| lea eax,dword ptr ds: |
00DF8ABA | 50 | push eax |
00DF8ABB | 8D45| lea eax,dword ptr ss: |
00DF8ABE | 50 | push eax |
00DF8ABF | FFD6| call esi |
00DF8AC1 | 83C4| add esp,20 |
00DF8AC4 | 8D4D| lea ecx,dword ptr ss: |
00DF8AC7 | FFB3| push dword ptr ds: |
00DF8ACD | FF15| call dword ptr ds:[<&??6QDataStream@@QAEAAV0@H@Z>] |
00DF8AD3 | FFB3| push dword ptr ds: |
00DF8AD9 | 8D4D| lea ecx,dword ptr ss: |
00DF8ADC | FF15| call dword ptr ds:[<&??6QDataStream@@QAEAAV0@H@Z>] |
00DF8AE2 | 57 | push edi |
00DF8AE3 | 8D4D| lea ecx,dword ptr ss: |
00DF8AE6 | FF15| call dword ptr ds:[<&??6QDataStream@@QAEAAV0@H@Z>] |
00DF8AEC | 8D45| lea eax,dword ptr ss: | :L"{"
00DF8AEF | 50 | push eax |
00DF8AF0 | 8D45| lea eax,dword ptr ss: |
00DF8AF3 | 50 | push eax |
00DF8AF4 | FFD6| call esi |
00DF8AF6 | 83C4| add esp,8 |
00DF8AF9 | C645| mov byte ptr ss:,2F | 2F:'/'
00DF8AFD | 8D4D| lea ecx,dword ptr ss: |
00DF8B00 | FF15| call dword ptr ds:[<&??1QDataStream@@QAE@XZ>] |
00DF8B06 | 8D4D| lea ecx,dword ptr ss: |
00DF8B09 | FF15| call dword ptr ds:[<&?close@QFileDevice@@UAEXXZ>] |
00DF8B0F | 8D45| lea eax,dword ptr ss: |
00DF8B12 | 50 | push eax |
00DF8B13 | FF15| call dword ptr ds:[<&?currentDate@QDate@@SA?AV1@XZ>] |
00DF8B19 | 8B73| mov esi,dword ptr ds: |
00DF8B1C | 83C4| add esp,4 |
00DF8B1F | 85F6| test esi,esi |
00DF8B21 | 74 2A | je mindmaster.DF8B4D |
00DF8B23 | 8BB6| mov esi,dword ptr ds: |
00DF8B29 | 8D45| lea eax,dword ptr ss: |
00DF8B2C | 50 | push eax |
00DF8B2D | 6A 01 | push 1 |
00DF8B2F | 6A 01 | push 1 |
00DF8B31 | 68 B2 | push 7B2 |
00DF8B36 | 8D4D| lea ecx,dword ptr ss: |
00DF8B39 | FF15| call dword ptr ds:[<&??0QDate@@QAE@HHH@Z>] |
00DF8B3F | 8BC8| mov ecx,eax |
00DF8B41 | FF15| call dword ptr ds:[<&?daysTo@QDate@@QBE_JABV1@@Z>] |
00DF8B47 | 8986| mov dword ptr ds:,eax |
00DF8B4D | 8D45| lea eax,dword ptr ss: |
00DF8B50 | 50 | push eax |
00DF8B51 | FF15| call dword ptr ds:[<&?productName@EDVersion@@SA?AVQString |
00DF8B57 | 8BF8| mov edi,eax |
00DF8B59 | 6A FF | push FFFFFFFF |
00DF8B5B | 6A 00 | push 0 |
00DF8B5D | 8D45| lea eax,dword ptr ss: |
00DF8B60 | C645| mov byte ptr ss:,31 | 31:'1'
00DF8B64 | 68 28 | push mindmaster.FFAB28 | FFAB28:"Activate Successfully!<br />Please restart %1 for the activation to take effect."
这样就简单的强制注册成功了,提示重启。
上个导演说过 ,生成的注册文件在C:\Sandbox\Administrator\DefaultBox\user\current\AppData\Local\Edraw\MindMaster\GlobalColors.cfg
其实里边也没啥,注册名 注册码 在线激活码
你是不是还有一个疑问?GlobalColors.cfg 这个 到底藏于哪个文件中呢?
TC搜索下,竟然在 "C:\Sandbox\Administrator\DefaultBox\drive\C\Program Files (x86)\EdrawSoft\MindMaster\upgrade\MindUpgrade.exe"
破解嘛,破者改也,解者消困惑也 ~~随时保持怀疑和疑问 ~~ 不要被表象所蒙蔽 ~~
此处修改无非外表好看,内在不美,驴粪蛋,外面光。。。
接下来试图从 GlobalColors.cfg 入手,却发现实在是不摸门。
百度到几个api 函数
getExistingDirectory
IODevice
QFile
非常遗憾的发现却断不下来,未果。
接下来,我们按那个楼主所说
bp SetWindowTextW
shift+F4, {s:ebx}=="iteStartDocument@QXmlStreamWriter@@QAEXXZ"
但在QT程序里却不能如我们所希望的那样,直接断下来。
经过多次,我们来到这里。
00C5A3B0 | 55 | push ebp |
00C5A3B1 | 8BEC| mov ebp,esp |
00C5A3B3 | 6A FF | push FFFFFFFF |
00C5A3B5 | 68 9F | push <p3.sub_D90F9F> |
00C5A3BA | 64:A1 | mov eax,dword ptr fs: | :&"L停"
00C5A3C0 | 50 | push eax |
00C5A3C1 | 83EC| sub esp,1C |
00C5A3C4 | 53 | push ebx | ebx:"teStartDocument@QXmlStreamWriter@@QAEXXZ"
00C5A3C5 | 56 | push esi |
00C5A3C6 | 57 | push edi |
00C5A3C7 | A1 00 | mov eax,dword ptr ds: |
00C5A3CC | 33C5| xor eax,ebp |
00C5A3CE | 50 | push eax |
00C5A3CF | 8D45| lea eax,dword ptr ss: |
00C5A3D2 | 64:A3 | mov dword ptr fs:,eax | :&"L停"
00C5A3D8 | 8BF1| mov esi,ecx |
00C5A3DA | 8975| mov dword ptr ss:,esi |
00C5A3DD | A1 54 | mov eax,dword ptr ds: |
00C5A3E2 | 83F8| cmp eax,14 |
00C5A3E5 | 7C 04 | jl p3.C5A3EB |
00C5A3E7 | B7 01 | mov bh,1 |
00C5A3E9 | EB 07 | jmp p3.C5A3F2 |
00C5A3EB | 8A7D| mov bh,byte ptr ss: |
00C5A3EE | 84FF| test bh,bh |
00C5A3F0 | 74 02 | je p3.C5A3F4 |
00C5A3F2 | 33C0| xor eax,eax |
00C5A3F4 | 40 | inc eax |
00C5A3F5 | A3 54 | mov dword ptr ds:,eax |
00C5A3FA | FF15| call dword ptr ds:[<&?ribbonBar@RibbonM |
00C5A400 | 8BC8| mov ecx,eax |
00C5A402 | FF15| call dword ptr ds:[<&?buyButton@RibbonB |
00C5A408 | 80BE| cmp byte ptr ds:,0 |
00C5A40F | 8BF8| mov edi,eax |
00C5A411 | 897D| mov dword ptr ss:,edi |
00C5A414 | 74 32 | je p3.C5A448 | ===>最终破解这里成功!
00C5A416 | 85FF| test edi,edi |
00C5A418 | 74 09 | je p3.C5A423 |
00C5A41A | 8B17| mov edx,dword ptr ds: |
00C5A41C | 8BCF| mov ecx,edi |
00C5A41E | 6A 00 | push 0 |
00C5A420 | FF52| call dword ptr ds: |
00C5A423 | 8D86| lea eax,dword ptr ds: |
00C5A429 | 8BCE| mov ecx,esi |
00C5A42B | 50 | push eax |
00C5A42C | FF15| call dword ptr ds:[<&?setWindowTitle@QW |
00C5A432 | B0 01 | mov al,1 |
00C5A434 | 8B4D| mov ecx,dword ptr ss: |
00C5A437 | 64:89 | mov dword ptr fs:,ecx | :&"L停"
00C5A43E | 59 | pop ecx |
00C5A43F | 5F | pop edi |
00C5A440 | 5E | pop esi |
00C5A441 | 5B | pop ebx | ebx:"teStartDocument@QXmlStreamWriter@@QAEXXZ"
00C5A442 | 8BE5| mov esp,ebp |
00C5A444 | 5D | pop ebp |
00C5A445 | C2 04 | ret 4 |
00C5A448 | 8B86| mov eax,dword ptr ds: |
00C5A44E | 8A98| mov bl,byte ptr ds: |
00C5A454 | 84DB| test bl,bl |
00C5A456 | 74 10 | je p3.C5A468 |
00C5A458 | A1 88 | mov eax,dword ptr ds:[<&?s_subscribeNum | 00DB3A88:&"2!"
00C5A45D | C700| mov dword ptr ds:,2695 |
00C5A463 | E9 48 | jmp p3.C5A6B0 |
00C5A468 | 8A9E| mov bl,byte ptr ds: |
00C5A46E | 84DB| test bl,bl |
00C5A470 | 0F85| jne p3.C5A6B0 |
00C5A476 | 84FF| test bh,bh |
00C5A478 | 0F84| je p3.C5A6B0 |
00C5A47E | 8D45| lea eax,dword ptr ss: |
00C5A481 | 50 | push eax |
00C5A482 | FF15| call dword ptr ds:[<&?divideSegment@EDP |
00C5A488 | 8D45| lea eax,dword ptr ss: |
00C5A48B | C745| mov dword ptr ss:,0 |
00C5A492 | 50 | push eax |
00C5A493 | 8D45| lea eax,dword ptr ss: |
00C5A496 | 68 D8 | push p3.DDB1D8 | DDB1D8:"isProEdition() mcr="
00C5A49B | 50 | push eax |
00C5A49C | E8 8F | call <p3.sub_B12A30> |
00C5A4A1 | 8B3D| mov edi,dword ptr ds:[<&?log@RuningLog@ |
00C5A4A7 | 50 | push eax |
00C5A4A8 | C645| mov byte ptr ss:,1 |
00C5A4AC | FFD7| call edi |
00C5A4AE | 83C4| add esp,14 |
00C5A4B1 | 8D4D| lea ecx,dword ptr ss: |
00C5A4B4 | FF15| call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A4BA | 8D4D| lea ecx,dword ptr ss: |
00C5A4BD | FF15| call dword ptr ds:[<&??0QString@@QAE@XZ |
00C5A4C3 | 8B86| mov eax,dword ptr ds: |
00C5A4C9 | 8D8E| lea ecx,dword ptr ds: |
00C5A4CF | C645| mov byte ptr ss:,2 |
00C5A4D3 | 8378| cmp dword ptr ds:,0 |
00C5A4D7 | 74 3C | je p3.C5A515 |
00C5A4D9 | 8D45| lea eax,dword ptr ss: |
00C5A4DC | 50 | push eax |
00C5A4DD | FF15| call dword ptr ds:[<&?toUtf8@QString@@Q |
00C5A4E3 | 50 | push eax |
00C5A4E4 | 8D45| lea eax,dword ptr ss: |
00C5A4E7 | C645| mov byte ptr ss:,3 |
00C5A4EB | 50 | push eax |
00C5A4EC | FF15| call dword ptr ds:[<&?flipColor@EDPaint |
00C5A4F2 | 83C4| add esp,8 |
00C5A4F5 | 8D4D| lea ecx,dword ptr ss: |
00C5A4F8 | 50 | push eax |
00C5A4F9 | FF15| call dword ptr ds:[<&??4QDateTime@@QAEA |
00C5A4FF | 8D4D| lea ecx,dword ptr ss: |
00C5A502 | FF15| call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A508 | 8D4D| lea ecx,dword ptr ss: |
00C5A50B | C645| mov byte ptr ss:,2 |
00C5A50F | FF15| call dword ptr ds:[<&??1QBitArray@@QAE@ |
00C5A515 | 8B45| mov eax,dword ptr ss: |
00C5A518 | 8378| cmp dword ptr ds:,8 |
00C5A51C | 7C 09 | jl p3.C5A527 |
00C5A51E | 8B45| mov eax,dword ptr ss: |
00C5A521 | 8378| cmp dword ptr ds:,8 |
00C5A525 | 7D 02 | jge p3.C5A529 |
00C5A527 | 32DB| xor bl,bl |
00C5A529 | 8D45| lea eax,dword ptr ss: |
00C5A52C | 50 | push eax |
00C5A52D | 8D45| lea eax,dword ptr ss: |
00C5A530 | 68 EC | push p3.DDB1EC | DDB1EC:"isProEdition() mdt ="
00C5A535 | 50 | push eax |
00C5A536 | E8 F5 | call <p3.sub_B12A30> |
00C5A53B | 50 | push eax |
00C5A53C | C645| mov byte ptr ss:,4 |
00C5A540 | FFD7| call edi |
00C5A542 | 83C4| add esp,10 |
00C5A545 | 8D4D| lea ecx,dword ptr ss: |
00C5A548 | FF15| call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A54E | 8B0D| mov ecx,dword ptr ds:[<&?shared_null@QL |
00C5A554 | 33FF| xor edi,edi |
00C5A556 | 894D| mov dword ptr ss:,ecx |
00C5A559 | 8B45| mov eax,dword ptr ss: |
00C5A55C | 8B15| mov edx,dword ptr ds:[<&?mid@QString@@Q |
00C5A562 | C645| mov byte ptr ss:,5 |
00C5A566 | 8378| cmp dword ptr ds:,4 |
00C5A56A | 7C 46 | jl p3.C5A5B2 |
00C5A56C | 0F1F4 | nop dword ptr ds:,eax |
00C5A570 | 6A 04 | push 4 |
00C5A572 | 57 | push edi |
00C5A573 | 8D45| lea eax,dword ptr ss: |
00C5A576 | 50 | push eax |
00C5A577 | 8D4D| lea ecx,dword ptr ss: |
00C5A57A | FFD2| call edx |
00C5A57C | 50 | push eax |
00C5A57D | 8D4D| lea ecx,dword ptr ss: |
00C5A580 | C645| mov byte ptr ss:,6 |
00C5A584 | E8 E7 | call <p3.sub_B17170> |
00C5A589 | 8D4D| lea ecx,dword ptr ss: |
00C5A58C | C645| mov byte ptr ss:,5 |
00C5A590 | FF15| call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A596 | 8B45| mov eax,dword ptr ss: |
00C5A599 | 83C7| add edi,4 |
00C5A59C | 8B15| mov edx,dword ptr ds:[<&?mid@QString@@Q |
00C5A5A2 | 8B48| mov ecx,dword ptr ds: |
00C5A5A5 | 8D47| lea eax,dword ptr ds: |
00C5A5A8 | 3BC8| cmp ecx,eax |
00C5A5AA | 7D C4 | jge p3.C5A570 |
00C5A5AC | 8B0D| mov ecx,dword ptr ds:[<&?shared_null@QL |
00C5A5B2 | 894D| mov dword ptr ss:,ecx |
00C5A5B5 | 8B45| mov eax,dword ptr ss: |
00C5A5B8 | 33FF| xor edi,edi |
00C5A5BA | C645| mov byte ptr ss:,7 |
00C5A5BE | 8378| cmp dword ptr ds:,4 |
00C5A5C2 | 7C 3C | jl p3.C5A600 |
00C5A5C4 | 6A 04 | push 4 |
00C5A5C6 | 57 | push edi |
00C5A5C7 | 8D45| lea eax,dword ptr ss: |
00C5A5CA | 50 | push eax |
00C5A5CB | 8D4D| lea ecx,dword ptr ss: |
00C5A5CE | FFD2| call edx |
00C5A5D0 | 50 | push eax |
00C5A5D1 | 8D4D| lea ecx,dword ptr ss: |
00C5A5D4 | C645| mov byte ptr ss:,8 |
00C5A5D8 | E8 93 | call <p3.sub_B17170> |
00C5A5DD | 8D4D| lea ecx,dword ptr ss: |
00C5A5E0 | C645| mov byte ptr ss:,7 |
00C5A5E4 | FF15| call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A5EA | 8B45| mov eax,dword ptr ss: |
00C5A5ED | 83C7| add edi,4 |
00C5A5F0 | 8B15| mov edx,dword ptr ds:[<&?mid@QString@@Q |
00C5A5F6 | 8B48| mov ecx,dword ptr ds: |
00C5A5F9 | 8D47| lea eax,dword ptr ds: |
00C5A5FC | 3BC8| cmp ecx,eax |
00C5A5FE | 7D C4 | jge p3.C5A5C4 |
00C5A600 | 8D4D| lea ecx,dword ptr ss: |
00C5A603 | 33FF| xor edi,edi |
00C5A605 | FF15| call dword ptr ds:[<&?length@?$QList@VQ |
00C5A60B | 85C0| test eax,eax |
00C5A60D | 7E 75 | jle p3.C5A684 |
00C5A60F | 90 | nop |
00C5A610 | 8D4D| lea ecx,dword ptr ss: |
00C5A613 | 33F6| xor esi,esi |
00C5A615 | FF15| call dword ptr ds:[<&?length@?$QList@VQ |
00C5A61B | 85C0| test eax,eax |
00C5A61D | 7E 54 | jle p3.C5A673 |
00C5A61F | 90 | nop |
00C5A620 | 56 | push esi |
00C5A621 | 8D4D| lea ecx,dword ptr ss: |
00C5A624 | E8 27 | call <p3.sub_B1DC50> |
00C5A629 | 50 | push eax |
00C5A62A | 57 | push edi |
00C5A62B | 8D4D| lea ecx,dword ptr ss: |
00C5A62E | E8 1D | call <p3.sub_B1DC50> |
00C5A633 | 50 | push eax |
00C5A634 | FF15| call dword ptr ds:[<&??8@YA_NABVQString |
00C5A63A | 83C4| add esp,8 |
00C5A63D | 84C0| test al,al |
00C5A63F | 74 24 | je p3.C5A665 |
00C5A641 | A1 8C | mov eax,dword ptr ds:[<&?s_lisenceNum@E |
00C5A646 | B3 01 | mov bl,1 |
00C5A648 | C605| mov byte ptr ds:,0 |
00C5A64F | C700| mov dword ptr ds:,1637 |
00C5A655 | A1 34 | mov eax,dword ptr ds:[<&?s_bkFolders@ED |
00C5A65A | 8B40| mov eax,dword ptr ds: |
00C5A65D | 8B40| mov eax,dword ptr ds: |
00C5A660 | A3 14 | mov dword ptr ds:,eax | 0150C014:L" "
00C5A665 | 8D4D| lea ecx,dword ptr ss: |
00C5A668 | 46 | inc esi |
00C5A669 | FF15| call dword ptr ds:[<&?length@?$QList@VQ |
00C5A66F | 3BF0| cmp esi,eax |
00C5A671 | 7C AD | jl p3.C5A620 |
00C5A673 | 8D4D| lea ecx,dword ptr ss: |
00C5A676 | 47 | inc edi |
00C5A677 | FF15| call dword ptr ds:[<&?length@?$QList@VQ |
00C5A67D | 3BF8| cmp edi,eax |
00C5A67F | 7C 8F | jl p3.C5A610 |
00C5A681 | 8B75| mov esi,dword ptr ss: |
00C5A684 | 8D4D| lea ecx,dword ptr ss: |
00C5A687 | E8 B4 | call <p3.sub_B16F40> |
00C5A68C | 8D4D| lea ecx,dword ptr ss: |
00C5A68F | E8 AC | call <p3.sub_B16F40> |
00C5A694 | 8D4D| lea ecx,dword ptr ss: |
00C5A697 | FF15| call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A69D | 8D4D| lea ecx,dword ptr ss: |
00C5A6A0 | C745| mov dword ptr ss:,FFFFFFFF |
00C5A6A7 | FF15| call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A6AD | 8B7D| mov edi,dword ptr ss: |
00C5A6B0 | 85FF| test edi,edi |
00C5A6B2 | 74 44 | je p3.C5A6F8 |
00C5A6B4 | 8B86| mov eax,dword ptr ds: |
00C5A6BA | 8B40| mov eax,dword ptr ds: |
00C5A6BD | 8B40| mov eax,dword ptr ds: |
00C5A6C0 | C1E8| shr eax,F |
00C5A6C3 | A8 01 | test al,1 |
00C5A6C5 | 75 1D | jne p3.C5A6E4 |
00C5A6C7 | 8BCE| mov ecx,esi |
00C5A6C9 | E8 A2 | call <p3.sub_C59470> |
00C5A6CE | 84C0| test al,al |
00C5A6D0 | 75 12 | jne p3.C5A6E4 |
00C5A6D2 | 8B17| mov edx,dword ptr ds: |
00C5A6D4 | 84DB| test bl,bl |
00C5A6D6 | 8BCF| mov ecx,edi |
00C5A6D8 | 0F94C | sete al |
00C5A6DB | 0FB6C | movzx eax,al |
00C5A6DE | 50 | push eax |
00C5A6DF | FF52| call dword ptr ds: |
00C5A6E2 | EB 14 | jmp p3.C5A6F8 |
00C5A6E4 | 8BCE| mov ecx,esi |
00C5A6E6 | E8 85 | call <p3.sub_C59470> |
00C5A6EB | 84C0| test al,al |
00C5A6ED | 74 09 | je p3.C5A6F8 |
00C5A6EF | 8B07| mov eax,dword ptr ds: |
00C5A6F1 | 8BCF| mov ecx,edi |
00C5A6F3 | 6A 00 | push 0 |
00C5A6F5 | FF50| call dword ptr ds: |
00C5A6F8 | 889E| mov byte ptr ds:,bl |
00C5A6FE | 84DB| test bl,bl |
00C5A700 | 74 09 | je p3.C5A70B |
00C5A702 | 8D86| lea eax,dword ptr ds: |
00C5A708 | 50 | push eax |
00C5A709 | EB 07 | jmp p3.C5A712 |
00C5A70B | 8D8E| lea ecx,dword ptr ds: |
00C5A711 | 51 | push ecx |
00C5A712 | 8BCE| mov ecx,esi |
00C5A714 | FF15| call dword ptr ds:[<&?setWindowTitle@QW |
00C5A71A | 8AC3| mov al,bl |
00C5A71C | 8B4D| mov ecx,dword ptr ss: |
00C5A71F | 64:89 | mov dword ptr fs:,ecx | :&"L停"
00C5A726 | 59 | pop ecx |
00C5A727 | 5F | pop edi |
00C5A728 | 5E | pop esi |
00C5A729 | 5B | pop ebx | ebx:"teStartDocument@QXmlStreamWriter@@QAEXXZ"
00C5A72A | 8BE5| mov esp,ebp |
00C5A72C | 5D | pop ebp |
00C5A72D | C2 04 | ret 4 |
最终来到上面修改爆破成功。
有个ER105无法搞掉,就先这样吧。由于希捷硬盘坏了,没心情编下去了,一些细节就不说了。
我的OD里无法附加调试,不知为什么。 {:1_901:}你写的文章,我为什么总是看不懂,不知道你在说什么。。。 @揰掵佲
11分钟了,坚挺。 一句nb走天下 真恶心。 冥界3大法王 发表于 2020-7-24 16:11
@揰掵佲
11分钟了,坚挺。
过了10几分钟后,再点新建----选个pro模板,就会提示购买了 hustkuro 发表于 2020-7-24 21:55
过了10几分钟后,再点新建----选个pro模板,就会提示购买了
@hustkuro
休眠模式关机,今天再回来测试了下,没情况。 你们说的没错,果然有暗桩。
我是英文8.03
@揰掵佲
你说的地方我没有找到,从上次的地方向下
001F820E E8 9D call <p4.sub_26A3B0> 貌似这里是暗桩,F7 ,al=0崩溃
001F8213 84C0test al,al
001F8215 74 4C je p4.1F8263 ===》把这两句NOP掉
001F8217 807Dcmp byte ptr ss:,0
001F821B 74 46 je p4.1F8263 ===》第1次NOP这里就又进去了!
001F821D 51 push ecx
001F821E 8BF4mov esi,esp
001F8220 6A 12 push 12
001F8222 68 D0 push p4.3DF2D0 3DF2D0:"yt_piracy_Template"
001F8227 FF15call dword ptr ds:[<&?fromAscii_helper@QString@@CAPAU?$QType
001F822D 83C4add esp,8
001F8230 8906mov dword ptr ds:,eax :sub_351ABC+C4
又试了下,主界面使用PRO模版没问题了,一直按着TAB就会触发{:301_1008:} 69808C55 | 0F85| jne edobjectmodule.69808DBB |
69808C5B | 8B46| mov eax,dword ptr ds: |
69808C5E | 85C0| test eax,eax |
69808C60 | 0F84| je edobjectmodule.69808DBB |
69808C66 | 6A 04 | push 4 |
69808C68 | 50 | push eax |
69808C69 | 8BCE| mov ecx,esi | esi:&"垒|"
69808C6B | E8 20 | call <edobjectmodule.?isLimitNodeCount@EDView@@QAE_NPAVEDPage@@ |
69808C70 | 84C0| test al,al |
69808C72 | 0F85| jne edobjectmodule.69808DBB |
页:
[1]