好友
阅读权限40
听众
最后登录1970-1-1
|
本帖最后由 冥界3大法王 于 2020-7-24 15:53 编辑
昨神游论坛,夜间发现一怪,https://www.52pojie.cn/thread-1219202-1-1.html
因为是QT的,折腾不明白,所以得来分析下。
由于那个楼主没有提供安装包,于是我就用必应搜索了一个来:http://download.edrawsoft.com/mindmaster_full5370.exe
注册码嘛,直接借一个来:MM6B-JEN9-CJ63-XVZB-VG6B
Alt+W, F5
Enter
enter
右击分析下
来到此处代码超陌生~~
memmapdump 01330312
果如所料,数据段
继续放宝儿
findasm "cmp eax,29" //注册码 29位的嘛
全断
无果~~
弹框了。
F12,Alt+K
mindmaster.sub_D78790+DE
Enter ,follow
We are in here.
尽管我们努力过,尝试过,仍然不能在 内存中发现我们的注册码,即使ALT+M,Ctrl+B 搜索到,你也不能随时跟到我们输入的注册码,QT程序真乃怪胎。
[Asm] 纯文本查看 复制代码 00D7886E | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00D78871 | 46 | inc esi |
00D78872 | FF15 | call dword ptr ds:[<&?length@?$QList@VQItemSelectionRange |
Ctrl+A, Ctrl- ,F2, Ctrl+R, all breakponit .
00DF84A0 | E8 EB | call <mindmaster.sub_D78790> | 断到此处, bc
00DF84A5 | 83C4 | add esp,38 |
00DF84A8 | 8D4D | lea ecx,dword ptr ss:[ebp-30] |
00DF84AB | E9 89 | jmp mindmaster.DF8C39 |
00DF84B0 | 68 04 | push mindmaster.FFAD04 | FFAD04:"ER104"
00DF84B5 | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00DF84B8 | FFD6 | call esi |
00DF84BA | 84C0 | test al,al |
00DF84BC | 74 4B | je mindmaster.DF8509 |
00DF84BE | 6A FF | push FFFFFFFF |
00DF84C0 | 6A 00 | push 0 |
00DF84C2 | 8D45 | lea eax,dword ptr ss:[ebp-24] |
00DF84C5 | 68 10 | push mindmaster.FFAD10 | FFAD10:"The license code is not valid for this version!<br /><br />Please check your order email for more details."
好吧,来到了好地方,有下球,下面开始分析代码:
[Asm] 纯文本查看 复制代码 00DF8270 | 55 | push ebp |
00DF8271 | 8BEC | mov ebp,esp |
00DF8273 | 6A FF | push FFFFFFFF |
00DF8275 | 68 F4 | push <mindmaster.sub_FAB4F4> |
00DF827A | 64:A1 | mov eax,dword ptr fs:[0] | [00000000]:"x◤"==&"X⿵"
00DF8280 | 50 | push eax |
00DF8281 | 83EC | sub esp,70 |
00DF8284 | 53 | push ebx |
00DF8285 | 56 | push esi |
00DF8286 | 57 | push edi |
00DF8287 | A1 00 | mov eax,dword ptr ds:[173CF00] |
00DF828C | 33C5 | xor eax,ebp |
00DF828E | 50 | push eax |
00DF828F | 8D45 | lea eax,dword ptr ss:[ebp-C] | [ebp-C]:"X⿵"
00DF8292 | 64:A3 | mov dword ptr fs:[0],eax | [00000000]:"x◤"==&"X⿵"
00DF8298 | 8BD9 | mov ebx,ecx |
00DF829A | 895D | mov dword ptr ss:[ebp-18],ebx |
00DF829D | 6A 00 | push 0 |
00DF829F | 8D4D | lea ecx,dword ptr ss:[ebp-20] | [ebp-20]:L"{"
00DF82A2 | C683 | mov byte ptr ds:[ebx+B0],0 |
00DF82A9 | FF15 | call dword ptr ds:[<&??0QCursor@@QAE@W4CursorShape@Qt@@@Z |
00DF82AF | 8D45 | lea eax,dword ptr ss:[ebp-20] | [ebp-20]:L"{"
00DF82B2 | C745 | mov dword ptr ss:[ebp-4],0 |
00DF82B9 | 50 | push eax |
00DF82BA | 8BCB | mov ecx,ebx |
00DF82BC | FF15 | call dword ptr ds:[<&?setCursor@QWidget@@QAEXABVQCursor@@ |
00DF82C2 | 8D4D | lea ecx,dword ptr ss:[ebp-20] | [ebp-20]:L"{"
00DF82C5 | C745 | mov dword ptr ss:[ebp-4],FFFFFFFF |
00DF82CC | FF15 | call dword ptr ds:[<&??1QCursor@@QAE@XZ>] |
00DF82D2 | 8B8B | mov ecx,dword ptr ds:[ebx+AC] | [ebx+AC]:&"V曾"
00DF82D8 | FF15 | call dword ptr ds:[<&?stop@QTimer@@QAEXXZ>] |
00DF82DE | 8B8B | mov ecx,dword ptr ds:[ebx+8C] |
00DF82E4 | 85C9 | test ecx,ecx |
00DF82E6 | 0F84 | je mindmaster.DF8FF5 |
00DF82EC | FF15 | call dword ptr ds:[<&?deleteLater@QObject@@QAEXXZ>] |
00DF82F2 | 8D4D | lea ecx,dword ptr ss:[ebp-28] |
00DF82F5 | FF15 | call dword ptr ds:[<&??0QString@@QAE@XZ>] |
00DF82FB | 68 D8 | push mindmaster.FFA3D8 | FFA3D8:"win"
00DF8300 | 8D4D | lea ecx,dword ptr ss:[ebp-28] |
00DF8303 | C745 | mov dword ptr ss:[ebp-4],1 |
00DF830A | FF15 | call dword ptr ds:[<&??4QString@@QAEAAV0@PBD@Z>] |
00DF8310 | 8D83 | lea eax,dword ptr ds:[ebx+98] |
00DF8316 | 50 | push eax |
00DF8317 | 8D4D | lea ecx,dword ptr ss:[ebp-2C] |
00DF831A | FF15 | call dword ptr ds:[<&??0QByteArray@@QAE@ABV0@@Z>] |
00DF8320 | 8B8B | mov ecx,dword ptr ds:[ebx+8C] |
00DF8326 | 8B35 | mov esi,dword ptr ds:[<&?error@QNetworkReply@@QBE?AW4Netw |
00DF832C | C645 | mov byte ptr ss:[ebp-4],2 |
00DF8330 | FFD6 | call esi |
00DF8332 | 85C0 | test eax,eax |
00DF8334 | 0F85 | jne mindmaster.DF8CCB |
00DF833A | 8B8B | mov ecx,dword ptr ds:[ebx+8C] |
00DF8340 | 8D45 | lea eax,dword ptr ss:[ebp-10] |
00DF8343 | 50 | push eax |
00DF8344 | FF15 | call dword ptr ds:[<&?readAll@QIODevice@@QAE?AVQByteArray |
00DF834A | 8B8B | mov ecx,dword ptr ds:[ebx+8C] |
00DF8350 | 8D45 | lea eax,dword ptr ss:[ebp-74] |
00DF8353 | 6A 00 | push 0 |
00DF8355 | 50 | push eax |
00DF8356 | C645 | mov byte ptr ss:[ebp-4],3 |
00DF835A | FF15 | call dword ptr ds:[<&?attribute@QNetworkReply@@QBE?AVQVar |
00DF8360 | 6A 00 | push 0 |
00DF8362 | 8BC8 | mov ecx,eax |
00DF8364 | C645 | mov byte ptr ss:[ebp-4],4 |
00DF8368 | FF15 | call dword ptr ds:[<&?toInt@QVariant@@QBEHPA_N@Z>] |
00DF836E | 8D4D | lea ecx,dword ptr ss:[ebp-74] |
00DF8371 | C645 | mov byte ptr ss:[ebp-4],3 |
00DF8375 | 8BF0 | mov esi,eax |
00DF8377 | FF15 | call dword ptr ds:[<&??1QVariant@@QAE@XZ>] |
00DF837D | 81FE | cmp esi,12D |
00DF8383 | 0F84 | je mindmaster.DF8C56 |
00DF8389 | 81FE | cmp esi,12E |
00DF838F | 0F84 | je mindmaster.DF8C56 |
00DF8395 | 8B35 | mov esi,dword ptr ds:[<&?startsWith@QByteArray@@QBE_NPBD@ |
00DF839B | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00DF839E | 68 98 | push mindmaster.FFAB98 | FFAB98:"ER"
00DF83A3 | FFD6 | call esi |
00DF83A5 | 84C0 | test al,al |
00DF83A7 | 0F84 | je mindmaster.DF87FC======>>>>>>>>>>>修改这里成功!
00DF83AD | 68 9C | push mindmaster.FFAB9C | FFAB9C:"ER107"
00DF83B2 | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00DF83B5 | FFD6 | call esi |
00DF83B7 | 84C0 | test al,al |
00DF83B9 | 74 47 | je mindmaster.DF8402 |
00DF83BB | 6A FF | push FFFFFFFF |
00DF83BD | 6A 00 | push 0 |
00DF83BF | 8D45 | lea eax,dword ptr ss:[ebp-24] |
00DF83C2 | 68 A8 | push mindmaster.FFABA8 | FFABA8:"Your license has expired.<br/>Visit <a style='color: blue;' href = \"https://www.edrawsoft.com/renewmindmaster.php\"> [url=https://www.edrawsoft.com/renewmindmaster.php</a]https://www.edrawsoft.com/renewmindmaster.php</a>.[/url]"
00DF83C7 | 50 | push eax |
00DF83C8 | E8 43 | call <mindmaster.sub_DF9210> |
00DF83CD | 8BF0 | mov esi,eax |
00DF83CF | 6A FF | push FFFFFFFF |
00DF83D1 | 6A 00 | push 0 |
00DF83D3 | 8D45 | lea eax,dword ptr ss:[ebp-30] |
00DF83D6 | C645 | mov byte ptr ss:[ebp-4],8 |
00DF83DA | 68 9C | push mindmaster.FF7C9C | FF7C9C:"Activation"
00DF83DF | 50 | push eax |
00DF83E0 | E8 2B | call <mindmaster.sub_DF9210> | 这下面是激活过期
00DF83E5 | 6A 00 | push 0 |
00DF83E7 | 6A 00 | push 0 |
00DF83E9 | 6A 00 | push 0 |
00DF83EB | 56 | push esi |
00DF83EC | 50 | push eax |
00DF83ED | 53 | push ebx |
00DF83EE | C645 | mov byte ptr ss:[ebp-4],9 | 9:'\t'
00DF83F2 | E8 99 | call <mindmaster.sub_D78790> |
00DF83F7 | 83C4 | add esp,38 |
00DF83FA | 8D4D | lea ecx,dword ptr ss:[ebp-30] |
00DF83FD | E9 37 | jmp mindmaster.DF8C39 |
00DF8402 | 68 50 | push mindmaster.FFAC50 | FFAC50:"ER106"
00DF8407 | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00DF840A | FFD6 | call esi |
00DF840C | 84C0 | test al,al |
00DF840E | 74 47 | je mindmaster.DF8457 |
00DF8410 | 6A FF | push FFFFFFFF |
00DF8412 | 6A 00 | push 0 |
00DF8414 | 8D45 | lea eax,dword ptr ss:[ebp-24] |
00DF8417 | 68 A8 | push mindmaster.FFABA8 | FFABA8:"Your license has expired.<br/>Visit <a style='color: blue;' href = \"https://www.edrawsoft.com/renewmindmaster.php\"> [url=https://www.edrawsoft.com/renewmindmaster.php</a]https://www.edrawsoft.com/renewmindmaster.php</a>.[/url]"
00DF841C | 50 | push eax |
00DF841D | E8 EE | call <mindmaster.sub_DF9210> |
00DF8422 | 8BF0 | mov esi,eax |
00DF8424 | 6A FF | push FFFFFFFF |
00DF8426 | 6A 00 | push 0 |
00DF8428 | 8D45 | lea eax,dword ptr ss:[ebp-30] |
00DF842B | C645 | mov byte ptr ss:[ebp-4],A | A:'\n'
00DF842F | 68 9C | push mindmaster.FF7C9C | FF7C9C:"Activation"
00DF8434 | 50 | push eax |
00DF8435 | E8 D6 | call <mindmaster.sub_DF9210> |
00DF843A | 6A 00 | push 0 |
00DF843C | 6A 00 | push 0 |
00DF843E | 6A 00 | push 0 |
00DF8440 | 56 | push esi |
00DF8441 | 50 | push eax |
00DF8442 | 53 | push ebx |
00DF8443 | C645 | mov byte ptr ss:[ebp-4],B | B:'\v'
00DF8447 | E8 44 | call <mindmaster.sub_D78790> |
00DF844C | 83C4 | add esp,38 |
00DF844F | 8D4D | lea ecx,dword ptr ss:[ebp-30] |
00DF8452 | E9 E2 | jmp mindmaster.DF8C39 |
00DF8457 | 68 58 | push mindmaster.FFAC58 | FFAC58:"ER105"
00DF845C | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00DF845F | FFD6 | call esi |
00DF8461 | 84C0 | test al,al |
00DF8463 | 74 4B | je mindmaster.DF84B0 |
00DF8465 | 6A FF | push FFFFFFFF |
00DF8467 | 6A 00 | push 0 |
00DF8469 | 8D45 | lea eax,dword ptr ss:[ebp-24] |
00DF846C | 68 60 | push mindmaster.FFAC60 | FFAC60:"The license code cannot be used on more computers. If your license is still within the maintenace period, you can try the Deactivation from old computer firstly."
00DF8471 | 50 | push eax |
00DF8472 | E8 99 | call <mindmaster.sub_DF9210> |
00DF8477 | 6A FF | push FFFFFFFF |
00DF8479 | 6A 00 | push 0 |
00DF847B | 8D45 | lea eax,dword ptr ss:[ebp-30] |
00DF847E | C645 | mov byte ptr ss:[ebp-4],C | C:'\f'
00DF8482 | 68 9C | push mindmaster.FF7C9C | FF7C9C:"Activation"
00DF8487 | 50 | push eax |
00DF8488 | E8 83 | call <mindmaster.sub_DF9210> |
00DF848D | 6A 00 | push 0 |
00DF848F | 6A 00 | push 0 |
00DF8491 | 68 00 | push 400 |
00DF8496 | 8D4D | lea ecx,dword ptr ss:[ebp-24] |
00DF8499 | C645 | mov byte ptr ss:[ebp-4],D | D:'\r'
00DF849D | 51 | push ecx |
00DF849E | 50 | push eax |
00DF849F | 53 | push ebx |
00DF84A0 | E8 EB | call <mindmaster.sub_D78790> | 全断来到此处Z1
00DF84A5 | 83C4 | add esp,38 |
00DF84A8 | 8D4D | lea ecx,dword ptr ss:[ebp-30] |
00DF84AB | E9 89 | jmp mindmaster.DF8C39 |
00DF84B0 | 68 04 | push mindmaster.FFAD04 | FFAD04:"ER104"
00DF84B5 | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00DF84B8 | FFD6 | call esi |
00DF84BA | 84C0 | test al,al |
00DF84BC | 74 4B | je mindmaster.DF8509 |
00DF84BE | 6A FF | push FFFFFFFF |
00DF84C0 | 6A 00 | push 0 |
00DF84C2 | 8D45 | lea eax,dword ptr ss:[ebp-24] |
00DF84C5 | 68 10 | push mindmaster.FFAD10 | FFAD10:"The license code is not valid for this version!<br /><br />Please check your order email for more details."
00DF84CA | 50 | push eax |
00DF84CB | E8 40 | call <mindmaster.sub_DF9210> |
00DF84D0 | 6A FF | push FFFFFFFF |
00DF84D2 | 6A 00 | push 0 |
00DF84D4 | 8D45 | lea eax,dword ptr ss:[ebp-30] |
00DF84D7 | C645 | mov byte ptr ss:[ebp-4],E |
00DF84DB | 68 9C | push mindmaster.FF7C9C | FF7C9C:"Activation"
00DF84E0 | 50 | push eax |
00DF84E1 | E8 2A | call <mindmaster.sub_DF9210> |
00DF84E6 | 6A 00 | push 0 |
00DF84E8 | 6A 00 | push 0 |
00DF84EA | 68 00 | push 400 |
00DF84EF | 8D4D | lea ecx,dword ptr ss:[ebp-24] |
00DF84F2 | C645 | mov byte ptr ss:[ebp-4],F |
00DF84F6 | 51 | push ecx |
00DF84F7 | 50 | push eax |
00DF84F8 | 53 | push ebx |
00DF84F9 | E8 92 | call <mindmaster.sub_D78790> |
00DF84FE | 83C4 | add esp,38 |
00DF8501 | 8D4D | lea ecx,dword ptr ss:[ebp-30] |
00DF8504 | E9 30 | jmp mindmaster.DF8C39 |
00DF8509 | 68 7C | push mindmaster.FFAD7C | FFAD7C:"ER101"
00DF850E | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00DF8511 | FFD6 | call esi |
00DF8513 | 84C0 | test al,al |
00DF8515 | 75 20 | jne mindmaster.DF8537 |
00DF8517 | 68 84 | push mindmaster.FFAD84 | FFAD84:"ER102"
00DF851C | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00DF851F | FFD6 | call esi |
00DF8521 | 84C0 | test al,al |
00DF8523 | 75 12 | jne mindmaster.DF8537 |
00DF8525 | 68 8C | push mindmaster.FFAD8C | FFAD8C:"ER103"
00DF852A | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00DF852D | FFD6 | call esi |
00DF852F | 84C0 | test al,al |
00DF8531 | 0F84 | je mindmaster.DF8C48 |
00DF8537 | 8B35 | mov esi,dword ptr ds:[<&?show@QWidget@@QAEXXZ>] |
00DF853D | C605 | mov byte ptr ds:[173FB60],1 |
00DF8544 | 8B4B | mov ecx,dword ptr ds:[ebx+68] |
00DF8547 | FFD6 | call esi |
00DF8549 | 8B4B | mov ecx,dword ptr ds:[ebx+74] |
00DF854C | FFD6 | call esi |
00DF854E | 8B8B | mov ecx,dword ptr ds:[ebx+80] | [ebx+80]:&"z硒"
00DF8554 | FFD6 | call esi |
00DF8556 | 6A FF | push FFFFFFFF |
00DF8558 | 6A 00 | push 0 |
00DF855A | 8D45 | lea eax,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF855D | 68 94 | push mindmaster.FFAD94 | FFAD94:"Activation failed!<br /><br />"
00DF8562 | 50 | push eax |
00DF8563 | E8 A8 | call <mindmaster.sub_DF9210> |
00DF8568 | 6A FF | push FFFFFFFF |
00DF856A | 6A 00 | push 0 |
00DF856C | 8D45 | lea eax,dword ptr ss:[ebp-30] |
00DF856F | C645 | mov byte ptr ss:[ebp-4],10 |
00DF8573 | 68 B4 | push mindmaster.FFADB4 | FFADB4:"The server is busy now, please try again later.<br /><br />"
00DF8578 | 50 | push eax |
00DF8579 | E8 92 | call <mindmaster.sub_DF9210> |
00DF857E | 83C4 | add esp,20 |
00DF8581 | 8B1D | mov ebx,dword ptr ds:[<&?append@QString@@QAEAAV1@ABV1@@Z> |
00DF8587 | 8D4D | lea ecx,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF858A | 50 | push eax |
00DF858B | C645 | mov byte ptr ss:[ebp-4],11 |
00DF858F | FFD3 | call ebx |
00DF8591 | 8D4D | lea ecx,dword ptr ss:[ebp-30] |
00DF8594 | C645 | mov byte ptr ss:[ebp-4],10 |
00DF8598 | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF859E | 6A FF | push FFFFFFFF |
00DF85A0 | 6A 00 | push 0 |
00DF85A2 | 8D45 | lea eax,dword ptr ss:[ebp-30] |
00DF85A5 | 68 F0 | push mindmaster.FFADF0 | FFADF0:"You can also visit the following url on a machine that is connected to the internet. Get the Activation Code and click the 'Activate Manually' button.<br /><br />"
00DF85AA | 50 | push eax |
00DF85AB | E8 60 | call <mindmaster.sub_DF9210> |
00DF85B0 | 83C4 | add esp,10 |
00DF85B3 | 50 | push eax |
00DF85B4 | 8D4D | lea ecx,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF85B7 | C645 | mov byte ptr ss:[ebp-4],12 |
00DF85BB | FFD3 | call ebx |
00DF85BD | 8D4D | lea ecx,dword ptr ss:[ebp-30] |
00DF85C0 | C645 | mov byte ptr ss:[ebp-4],10 |
00DF85C4 | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF85CA | 8D45 | lea eax,dword ptr ss:[ebp-58] |
00DF85CD | 50 | push eax |
00DF85CE | FF15 | call dword ptr ds:[<&?langBrev@EDVersion@@SA?AVQString@@X |
00DF85D4 | 8BD8 | mov ebx,eax |
00DF85D6 | 8B35 | mov esi,dword ptr ds:[<&?fromAscii_helper@QString@@CAPAU? |
00DF85DC | 6A 05 | push 5 |
00DF85DE | 68 40 | push mindmaster.FE5240 | FE5240:"8.0.3"
00DF85E3 | C645 | mov byte ptr ss:[ebp-4],13 |
00DF85E7 | FFD6 | call esi |
00DF85E9 | 8945 | mov dword ptr ss:[ebp-20],eax | [ebp-20]:L"{"
00DF85EC | 8D45 | lea eax,dword ptr ss:[ebp-50] |
00DF85EF | C645 | mov byte ptr ss:[ebp-4],14 |
00DF85F3 | 50 | push eax |
00DF85F4 | FF15 | call dword ptr ds:[<&?activateName@EDVersion@@SA?AVQStrin |
00DF85FA | 8BF8 | mov edi,eax |
00DF85FC | 6A 44 | push 44 |
00DF85FE | 68 98 | push mindmaster.FFAE98 | FFAE98:"https://www.edrawsoft.com/acassist.php?p=%1&m=%2&r=%3&v=%4&o=%5&a=%6"
00DF8603 | C645 | mov byte ptr ss:[ebp-4],15 |
00DF8607 | FFD6 | call esi |
00DF8609 | 8945 | mov dword ptr ss:[ebp-24],eax |
00DF860C | 83C4 | add esp,14 |
00DF860F | C645 | mov byte ptr ss:[ebp-30],20 | 20:' '
00DF8613 | 8BCC | mov ecx,esp |
00DF8615 | C645 | mov byte ptr ss:[ebp-4],16 |
00DF8619 | FF75 | push dword ptr ss:[ebp-30] |
00DF861C | FF15 | call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF8622 | 6A 00 | push 0 |
00DF8624 | 57 | push edi |
00DF8625 | 8D45 | lea eax,dword ptr ss:[ebp-48] | [ebp-48]:"X⿵"
00DF8628 | 50 | push eax |
00DF8629 | 8B3D | mov edi,dword ptr ds:[<&?arg@QString@@QBE?AV1@ABV1@HVQCha |
00DF862F | 8D4D | lea ecx,dword ptr ss:[ebp-24] |
00DF8632 | FFD7 | call edi |
00DF8634 | 8BF0 | mov esi,eax |
00DF8636 | 51 | push ecx |
00DF8637 | 8BCC | mov ecx,esp |
00DF8639 | C645 | mov byte ptr ss:[ebp-30],20 | 20:' '
00DF863D | FF75 | push dword ptr ss:[ebp-30] |
00DF8640 | C645 | mov byte ptr ss:[ebp-4],17 |
00DF8644 | FF15 | call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF864A | 6A 00 | push 0 |
00DF864C | 8D45 | lea eax,dword ptr ss:[ebp-2C] |
00DF864F | 8BCE | mov ecx,esi |
00DF8651 | 50 | push eax |
00DF8652 | 8D45 | lea eax,dword ptr ss:[ebp-40] |
00DF8655 | 50 | push eax |
00DF8656 | FFD7 | call edi |
00DF8658 | 8BF0 | mov esi,eax |
00DF865A | 51 | push ecx |
00DF865B | 8BCC | mov ecx,esp |
00DF865D | C645 | mov byte ptr ss:[ebp-30],20 | 20:' '
00DF8661 | FF75 | push dword ptr ss:[ebp-30] |
00DF8664 | C645 | mov byte ptr ss:[ebp-4],18 |
00DF8668 | FF15 | call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF866E | 8B45 | mov eax,dword ptr ss:[ebp-18] |
00DF8671 | 8BCE | mov ecx,esi |
00DF8673 | 6A 00 | push 0 |
00DF8675 | 05 9C | add eax,9C |
00DF867A | 50 | push eax |
00DF867B | 8D45 | lea eax,dword ptr ss:[ebp-3C] |
00DF867E | 50 | push eax |
00DF867F | FFD7 | call edi |
00DF8681 | 8BF0 | mov esi,eax |
00DF8683 | 51 | push ecx |
00DF8684 | 8BCC | mov ecx,esp |
00DF8686 | C645 | mov byte ptr ss:[ebp-30],20 | 20:' '
00DF868A | FF75 | push dword ptr ss:[ebp-30] |
00DF868D | C645 | mov byte ptr ss:[ebp-4],19 |
00DF8691 | FF15 | call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF8697 | 6A 00 | push 0 |
00DF8699 | 8D45 | lea eax,dword ptr ss:[ebp-20] | [ebp-20]:L"{"
00DF869C | 8BCE | mov ecx,esi |
00DF869E | 50 | push eax |
00DF869F | 8D45 | lea eax,dword ptr ss:[ebp-38] |
00DF86A2 | 50 | push eax |
00DF86A3 | FFD7 | call edi |
00DF86A5 | 8BF0 | mov esi,eax |
00DF86A7 | 51 | push ecx |
00DF86A8 | 8BCC | mov ecx,esp |
00DF86AA | C645 | mov byte ptr ss:[ebp-30],20 | 20:' '
00DF86AE | FF75 | push dword ptr ss:[ebp-30] |
00DF86B1 | C645 | mov byte ptr ss:[ebp-4],1A |
00DF86B5 | FF15 | call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF86BB | 6A 00 | push 0 |
00DF86BD | 8D45 | lea eax,dword ptr ss:[ebp-28] |
00DF86C0 | 8BCE | mov ecx,esi |
00DF86C2 | 50 | push eax |
00DF86C3 | 8D45 | lea eax,dword ptr ss:[ebp-34] | [ebp-34]:&"z坐"
00DF86C6 | 50 | push eax |
00DF86C7 | FFD7 | call edi |
00DF86C9 | 8BF0 | mov esi,eax |
00DF86CB | 51 | push ecx |
00DF86CC | 8BCC | mov ecx,esp |
00DF86CE | C645 | mov byte ptr ss:[ebp-30],20 | 20:' '
00DF86D2 | FF75 | push dword ptr ss:[ebp-30] |
00DF86D5 | C645 | mov byte ptr ss:[ebp-4],1B |
00DF86D9 | FF15 | call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF86DF | 6A 00 | push 0 |
00DF86E1 | 53 | push ebx |
00DF86E2 | 8D45 | lea eax,dword ptr ss:[ebp-1C] |
00DF86E5 | 8BCE | mov ecx,esi |
00DF86E7 | 50 | push eax |
00DF86E8 | FFD7 | call edi |
00DF86EA | 8D4D | lea ecx,dword ptr ss:[ebp-34] | [ebp-34]:&"z坐"
00DF86ED | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF86F3 | 8D4D | lea ecx,dword ptr ss:[ebp-38] |
00DF86F6 | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF86FC | 8D4D | lea ecx,dword ptr ss:[ebp-3C] |
00DF86FF | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8705 | 8D4D | lea ecx,dword ptr ss:[ebp-40] |
00DF8708 | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF870E | 8D4D | lea ecx,dword ptr ss:[ebp-48] | [ebp-48]:"X⿵"
00DF8711 | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8717 | 8D4D | lea ecx,dword ptr ss:[ebp-24] |
00DF871A | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8720 | 8D4D | lea ecx,dword ptr ss:[ebp-50] |
00DF8723 | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8729 | 8D4D | lea ecx,dword ptr ss:[ebp-20] | [ebp-20]:L"{"
00DF872C | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8732 | 8D4D | lea ecx,dword ptr ss:[ebp-58] |
00DF8735 | C645 | mov byte ptr ss:[ebp-4],25 | 25:'%'
00DF8739 | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF873F | 6A FF | push FFFFFFFF |
00DF8741 | 6A 00 | push 0 |
00DF8743 | 8D45 | lea eax,dword ptr ss:[ebp-60] |
00DF8746 | 68 E0 | push mindmaster.FFAEE0 | FFAEE0:"<a href=\"%1\">Get activation code.</a>"
00DF874B | 50 | push eax |
00DF874C | E8 BF | call <mindmaster.sub_DF9210> |
00DF8751 | 8BF0 | mov esi,eax |
00DF8753 | 83C4 | add esp,C |
00DF8756 | C645 | mov byte ptr ss:[ebp-30],20 | 20:' '
00DF875A | 8BCC | mov ecx,esp |
00DF875C | C645 | mov byte ptr ss:[ebp-4],26 | 26:'&'
00DF8760 | FF75 | push dword ptr ss:[ebp-30] |
00DF8763 | FF15 | call dword ptr ds:[<&??0QChar@@QAE@UQLatin1Char@@@Z>] |
00DF8769 | 6A 00 | push 0 |
00DF876B | 8D45 | lea eax,dword ptr ss:[ebp-1C] |
00DF876E | 8BCE | mov ecx,esi |
00DF8770 | 50 | push eax |
00DF8771 | 8D45 | lea eax,dword ptr ss:[ebp-5C] |
00DF8774 | 50 | push eax |
00DF8775 | FFD7 | call edi |
00DF8777 | 50 | push eax |
00DF8778 | 8D4D | lea ecx,dword ptr ss:[ebp-1C] |
00DF877B | FF15 | call dword ptr ds:[<&??4QDateTime@@QAEAAV0@$$QAV0@@Z>] |
00DF8781 | 8D4D | lea ecx,dword ptr ss:[ebp-5C] |
00DF8784 | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF878A | 8D4D | lea ecx,dword ptr ss:[ebp-60] |
00DF878D | C645 | mov byte ptr ss:[ebp-4],25 | 25:'%'
00DF8791 | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8797 | 8D45 | lea eax,dword ptr ss:[ebp-1C] |
00DF879A | 50 | push eax |
00DF879B | 8D4D | lea ecx,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF879E | FF15 | call dword ptr ds:[<&?append@QString@@QAEAAV1@ABV1@@Z>] |
00DF87A4 | 6A FF | push FFFFFFFF |
00DF87A6 | 6A 00 | push 0 |
00DF87A8 | 8D45 | lea eax,dword ptr ss:[ebp-60] |
00DF87AB | 68 9C | push mindmaster.FF7C9C | FF7C9C:"Activation"
00DF87B0 | 50 | push eax |
00DF87B1 | E8 5A | call <mindmaster.sub_DF9210> |
00DF87B6 | 6A 00 | push 0 |
00DF87B8 | 6A 00 | push 0 |
00DF87BA | 68 00 | push 400 |
00DF87BF | 8D4D | lea ecx,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF87C2 | C645 | mov byte ptr ss:[ebp-4],27 | 27:'''
00DF87C6 | 51 | push ecx |
00DF87C7 | 50 | push eax |
00DF87C8 | FF75 | push dword ptr ss:[ebp-18] |
00DF87CB | E8 C0 | call <mindmaster.sub_D78790> |
00DF87D0 | 83C4 | add esp,28 |
00DF87D3 | 8D4D | lea ecx,dword ptr ss:[ebp-60] |
00DF87D6 | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF87DC | 8D4D | lea ecx,dword ptr ss:[ebp-1C] |
00DF87DF | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF87E5 | 8D4D | lea ecx,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF87E8 | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF87EE | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00DF87F1 | FF15 | call dword ptr ds:[<&??1QBitArray@@QAE@XZ>] |
00DF87F7 | E9 E7 | jmp mindmaster.DF8FE3 |
00DF87FC | 8D4D | lea ecx,dword ptr ss:[ebp-24] |
00DF87FF | 33FF | xor edi,edi |
00DF8801 | FF15 | call dword ptr ds:[<&??0QString@@QAE@XZ>] |
00DF8807 | 8D4D | lea ecx,dword ptr ss:[ebp-20] | [ebp-20]:L"{"
00DF880A | FF15 | call dword ptr ds:[<&??0QString@@QAE@XZ>] |
00DF8810 | 6A 3B | push 3B |
00DF8812 | 8D45 | lea eax,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF8815 | C645 | mov byte ptr ss:[ebp-4],29 | 29:')'
00DF8819 | 50 | push eax |
00DF881A | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00DF881D | FF15 | call dword ptr ds:[<&?split@QByteArray@@QBE?AV?$QList@VQB |
00DF8823 | 8D4D | lea ecx,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF8826 | C645 | mov byte ptr ss:[ebp-4],2A | 2A:'*'
00DF882A | FF15 | call dword ptr ds:[<&?length@?$QList@VQItemSelectionRange |
00DF8830 | 83F8 | cmp eax,5 |
00DF8833 | 7E 6A | jle mindmaster.DF889F |
00DF8835 | 6A 01 | push 1 |
00DF8837 | 8D4D | lea ecx,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF883A | E8 91 | call <mindmaster.sub_DF5DD0> |
00DF883F | 50 | push eax |
00DF8840 | 8D4D | lea ecx,dword ptr ss:[ebp-24] |
00DF8843 | FF15 | call dword ptr ds:[<&??4QString@@QAEAAV0@ABVQByteArray@@@ |
00DF8849 | 6A 0A | push A |
00DF884B | 57 | push edi |
00DF884C | 6A 03 | push 3 |
00DF884E | 8D4D | lea ecx,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF8851 | E8 7A | call <mindmaster.sub_DF5DD0> |
00DF8856 | 8BC8 | mov ecx,eax |
00DF8858 | FF15 | call dword ptr ds:[<&?toInt@QByteArray@@QBEHPA_NH@Z>] |
00DF885E | 50 | push eax |
00DF885F | 8D8B | lea ecx,dword ptr ds:[ebx+A8] |
00DF8865 | FF15 | call dword ptr ds:[<&??4QString@@QAEAAV0@D@Z>] |
00DF886B | 6A 0A | push A |
00DF886D | 57 | push edi |
00DF886E | 6A 04 | push 4 |
00DF8870 | 8D4D | lea ecx,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF8873 | E8 58 | call <mindmaster.sub_DF5DD0> |
00DF8878 | 8B35 | mov esi,dword ptr ds:[<&?toULong@QByteArray@@QBEKPA_NH@Z> |
00DF887E | 8BC8 | mov ecx,eax |
00DF8880 | FFD6 | call esi |
00DF8882 | 6A 0A | push A |
00DF8884 | 57 | push edi |
00DF8885 | 6A 05 | push 5 |
00DF8887 | 8D4D | lea ecx,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF888A | 8983 | mov dword ptr ds:[ebx+94],eax |
00DF8890 | E8 3B | call <mindmaster.sub_DF5DD0> |
00DF8895 | 8BC8 | mov ecx,eax |
00DF8897 | FFD6 | call esi |
00DF8899 | 8983 | mov dword ptr ds:[ebx+90],eax |
00DF889F | 8D4D | lea ecx,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF88A2 | FF15 | call dword ptr ds:[<&?length@?$QList@VQItemSelectionRange |
00DF88A8 | 83F8 | cmp eax,6 |
00DF88AB | 7E 14 | jle mindmaster.DF88C1 |
00DF88AD | 6A 06 | push 6 |
00DF88AF | 8D4D | lea ecx,dword ptr ss:[ebp-14] | [ebp-14]:L"\r"
00DF88B2 | E8 19 | call <mindmaster.sub_DF5DD0> |
00DF88B7 | 50 | push eax |
00DF88B8 | 8D4D | lea ecx,dword ptr ss:[ebp-20] | [ebp-20]:L"{"
00DF88BB | FF15 | call dword ptr ds:[<&??4QString@@QAEAAV0@ABVQByteArray@@@ |
00DF88C1 | 8B93 | mov edx,dword ptr ds:[ebx+90] |
00DF88C7 | 83FA | cmp edx,1 |
00DF88CA | 74 0F | je mindmaster.DF88DB |
00DF88CC | 83BB | cmp dword ptr ds:[ebx+94],0 |
00DF88D3 | B8 01 | mov eax,1 |
00DF88D8 | 0F44F | cmove edi,eax |
00DF88DB | 83BB | cmp dword ptr ds:[ebx+94],0 |
00DF88E2 | A1 84 | mov eax,dword ptr ds:[<&?currentDate@QDate@@SA?AV1@XZ>] |
00DF88E7 | 8B35 | mov esi,dword ptr ds:[<&?daysTo@QDate@@QBE_JABV1@@Z>] |
00DF88ED | 75 58 | jne mindmaster.DF8947 |
00DF88EF | 8D4D | lea ecx,dword ptr ss:[ebp-6C] |
00DF88F2 | 51 | push ecx |
00DF88F3 | 83FA | cmp edx,3 |
00DF88F6 | 75 09 | jne mindmaster.DF8901 |
00DF88F8 | FFD0 | call eax |
00DF88FA | 83C4 | add esp,4 |
00DF88FD | 6A 03 | push 3 |
00DF88FF | EB 07 | jmp mindmaster.DF8908 |
00DF8901 | FFD0 | call eax |
00DF8903 | 83C4 | add esp,4 |
00DF8906 | 6A 01 | push 1 |
00DF8908 | 8D45 | lea eax,dword ptr ss:[ebp-64] |
00DF890B | 50 | push eax |
00DF890C | 8D4D | lea ecx,dword ptr ss:[ebp-6C] |
00DF890F | FF15 | call dword ptr ds:[<&?addYears@QDate@@QBE?AV1@H@Z>] |
00DF8915 | 8B08 | mov ecx,dword ptr ds:[eax] |
00DF8917 | 894D | mov dword ptr ss:[ebp-6C],ecx |
00DF891A | 8D4D | lea ecx,dword ptr ss:[ebp-64] |
00DF891D | 8B40 | mov eax,dword ptr ds:[eax+4] |
00DF8920 | 8945 | mov dword ptr ss:[ebp-68],eax |
00DF8923 | 8D45 | lea eax,dword ptr ss:[ebp-6C] |
00DF8926 | 50 | push eax |
00DF8927 | A1 98 | mov eax,dword ptr ds:[<&??0QDate@@QAE@HHH@Z>] |
00DF892C | 6A 01 | push 1 |
00DF892E | 6A 01 | push 1 |
00DF8930 | 68 B2 | push 7B2 |
00DF8935 | FFD0 | call eax |
00DF8937 | 8BC8 | mov ecx,eax |
00DF8939 | FFD6 | call esi |
00DF893B | 69C0 | imul eax,eax,15180 |
00DF8941 | 8983 | mov dword ptr ds:[ebx+94],eax |
00DF8947 | 8D83 | lea eax,dword ptr ds:[ebx+A0] |
00DF894D | 50 | push eax |
00DF894E | 8D45 | lea eax,dword ptr ss:[ebp-1C] |
00DF8951 | 50 | push eax |
00DF8952 | FF15 | call dword ptr ds:[<&?configPath@EDFilePathManager@@SA?AV |
00DF8958 | 83C4 | add esp,8 |
00DF895B | 8D45 | lea eax,dword ptr ss:[ebp-1C] |
00DF895E | C645 | mov byte ptr ss:[ebp-4],2B | 2B:'+'
00DF8962 | 50 | push eax |
00DF8963 | 8D4D | lea ecx,dword ptr ss:[ebp-4C] |
00DF8966 | FF15 | call dword ptr ds:[<&??0QFile@@QAE@ABVQString@@@Z>] |
00DF896C | 6A 0A | push A |
00DF896E | 8D4D | lea ecx,dword ptr ss:[ebp-4C] |
00DF8971 | C645 | mov byte ptr ss:[ebp-4],2C | 2C:','
00DF8975 | FF15 | call dword ptr ds:[<&?open@QFile@@UAE_NV?$QFlags@W4OpenMo |
00DF897B | 8B35 | mov esi,dword ptr ds:[<&??6@YAAAVQDataStream@@AAV0@ABVQSt |
00DF8981 | 84C0 | test al,al |
00DF8983 | 0F84 | je mindmaster.DF8A10 |
00DF8989 | 8D45 | lea eax,dword ptr ss:[ebp-4C] |
00DF898C | 50 | push eax |
00DF898D | 8D4D | lea ecx,dword ptr ss:[ebp-7C] |
00DF8990 | FF15 | call dword ptr ds:[<&??0QDataStream@@QAE@PAVQIODevice@@@Z |
00DF8996 | 8D83 | lea eax,dword ptr ds:[ebx+A4] |
00DF899C | C645 | mov byte ptr ss:[ebp-4],2D | 2D:'-'
00DF89A0 | 50 | push eax |
00DF89A1 | 8D45 | lea eax,dword ptr ss:[ebp-7C] |
00DF89A4 | 50 | push eax |
00DF89A5 | FFD6 | call esi |
00DF89A7 | 8D83 | lea eax,dword ptr ds:[ebx+A8] |
00DF89AD | 50 | push eax |
00DF89AE | 8D45 | lea eax,dword ptr ss:[ebp-7C] |
00DF89B1 | 50 | push eax |
00DF89B2 | FFD6 | call esi |
00DF89B4 | 8D45 | lea eax,dword ptr ss:[ebp-24] |
00DF89B7 | 50 | push eax |
00DF89B8 | 8D45 | lea eax,dword ptr ss:[ebp-7C] |
00DF89BB | 50 | push eax |
00DF89BC | FFD6 | call esi |
00DF89BE | 8D83 | lea eax,dword ptr ds:[ebx+9C] |
00DF89C4 | 50 | push eax |
00DF89C5 | 8D45 | lea eax,dword ptr ss:[ebp-7C] |
00DF89C8 | 50 | push eax |
00DF89C9 | FFD6 | call esi |
00DF89CB | 83C4 | add esp,20 |
00DF89CE | 8D4D | lea ecx,dword ptr ss:[ebp-7C] |
00DF89D1 | FFB3 | push dword ptr ds:[ebx+90] |
00DF89D7 | FF15 | call dword ptr ds:[<&??6QDataStream@@QAEAAV0@H@Z>] |
00DF89DD | FFB3 | push dword ptr ds:[ebx+94] |
00DF89E3 | 8D4D | lea ecx,dword ptr ss:[ebp-7C] |
00DF89E6 | FF15 | call dword ptr ds:[<&??6QDataStream@@QAEAAV0@H@Z>] |
00DF89EC | 57 | push edi |
00DF89ED | 8D4D | lea ecx,dword ptr ss:[ebp-7C] |
00DF89F0 | FF15 | call dword ptr ds:[<&??6QDataStream@@QAEAAV0@H@Z>] |
00DF89F6 | 8D45 | lea eax,dword ptr ss:[ebp-20] | [ebp-20]:L"{"
00DF89F9 | 50 | push eax |
00DF89FA | 8D45 | lea eax,dword ptr ss:[ebp-7C] |
00DF89FD | 50 | push eax |
00DF89FE | FFD6 | call esi |
00DF8A00 | 83C4 | add esp,8 |
00DF8A03 | C645 | mov byte ptr ss:[ebp-4],2C | 2C:','
00DF8A07 | 8D4D | lea ecx,dword ptr ss:[ebp-7C] |
00DF8A0A | FF15 | call dword ptr ds:[<&??1QDataStream@@QAE@XZ>] |
00DF8A10 | 8D4D | lea ecx,dword ptr ss:[ebp-4C] |
00DF8A13 | FF15 | call dword ptr ds:[<&?close@QFileDevice@@UAEXXZ>] |
00DF8A19 | 8D45 | lea eax,dword ptr ss:[ebp-5C] |
00DF8A1C | 50 | push eax |
00DF8A1D | FF15 | call dword ptr ds:[<&?appConfigDir@EDFilePathManager@@SA? |
00DF8A23 | 8D8B | lea ecx,dword ptr ds:[ebx+A0] |
00DF8A29 | C645 | mov byte ptr ss:[ebp-4],2E | 2E:'.'
00DF8A2D | 51 | push ecx |
00DF8A2E | 50 | push eax |
00DF8A2F | 8D45 | lea eax,dword ptr ss:[ebp-60] |
00DF8A32 | 50 | push eax |
00DF8A33 | E8 F8 | call <mindmaster.sub_D42930> |
00DF8A38 | 83C4 | add esp,10 |
00DF8A3B | 8D4D | lea ecx,dword ptr ss:[ebp-1C] |
00DF8A3E | 50 | push eax |
00DF8A3F | FF15 | call dword ptr ds:[<&??4QString@@QAEAAV0@ABV0@@Z>] |
00DF8A45 | 8D4D | lea ecx,dword ptr ss:[ebp-60] |
00DF8A48 | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8A4E | 8D4D | lea ecx,dword ptr ss:[ebp-5C] |
00DF8A51 | C645 | mov byte ptr ss:[ebp-4],2C | 2C:','
00DF8A55 | FF15 | call dword ptr ds:[<&??1QXmlStreamStringRef@@QAE@XZ>] |
00DF8A5B | 8D45 | lea eax,dword ptr ss:[ebp-1C] |
00DF8A5E | 50 | push eax |
00DF8A5F | 8D4D | lea ecx,dword ptr ss:[ebp-54] |
00DF8A62 | FF15 | call dword ptr ds:[<&??0QFile@@QAE@ABVQString@@@Z>] |
00DF8A68 | 6A 0A | push A |
00DF8A6A | 8D4D | lea ecx,dword ptr ss:[ebp-54] |
00DF8A6D | C645 | mov byte ptr ss:[ebp-4],2F | 2F:'/'
00DF8A71 | FF15 | call dword ptr ds:[<&?open@QFile@@UAE_NV?$QFlags@W4OpenMo |
00DF8A77 | 84C0 | test al,al |
00DF8A79 | 0F84 | je mindmaster.DF8B06 |
00DF8A7F | 8D45 | lea eax,dword ptr ss:[ebp-54] |
00DF8A82 | 50 | push eax |
00DF8A83 | 8D4D | lea ecx,dword ptr ss:[ebp-7C] |
00DF8A86 | FF15 | call dword ptr ds:[<&??0QDataStream@@QAE@PAVQIODevice@@@Z |
00DF8A8C | 8D83 | lea eax,dword ptr ds:[ebx+A4] |
00DF8A92 | C645 | mov byte ptr ss:[ebp-4],30 | 30:'0'
00DF8A96 | 50 | push eax |
00DF8A97 | 8D45 | lea eax,dword ptr ss:[ebp-7C] |
00DF8A9A | 50 | push eax |
00DF8A9B | FFD6 | call esi |
00DF8A9D | 8D83 | lea eax,dword ptr ds:[ebx+A8] |
00DF8AA3 | 50 | push eax |
00DF8AA4 | 8D45 | lea eax,dword ptr ss:[ebp-7C] |
00DF8AA7 | 50 | push eax |
00DF8AA8 | FFD6 | call esi |
00DF8AAA | 8D45 | lea eax,dword ptr ss:[ebp-24] |
00DF8AAD | 50 | push eax |
00DF8AAE | 8D45 | lea eax,dword ptr ss:[ebp-7C] |
00DF8AB1 | 50 | push eax |
00DF8AB2 | FFD6 | call esi |
00DF8AB4 | 8D83 | lea eax,dword ptr ds:[ebx+9C] |
00DF8ABA | 50 | push eax |
00DF8ABB | 8D45 | lea eax,dword ptr ss:[ebp-7C] |
00DF8ABE | 50 | push eax |
00DF8ABF | FFD6 | call esi |
00DF8AC1 | 83C4 | add esp,20 |
00DF8AC4 | 8D4D | lea ecx,dword ptr ss:[ebp-7C] |
00DF8AC7 | FFB3 | push dword ptr ds:[ebx+90] |
00DF8ACD | FF15 | call dword ptr ds:[<&??6QDataStream@@QAEAAV0@H@Z>] |
00DF8AD3 | FFB3 | push dword ptr ds:[ebx+94] |
00DF8AD9 | 8D4D | lea ecx,dword ptr ss:[ebp-7C] |
00DF8ADC | FF15 | call dword ptr ds:[<&??6QDataStream@@QAEAAV0@H@Z>] |
00DF8AE2 | 57 | push edi |
00DF8AE3 | 8D4D | lea ecx,dword ptr ss:[ebp-7C] |
00DF8AE6 | FF15 | call dword ptr ds:[<&??6QDataStream@@QAEAAV0@H@Z>] |
00DF8AEC | 8D45 | lea eax,dword ptr ss:[ebp-20] | [ebp-20]:L"{"
00DF8AEF | 50 | push eax |
00DF8AF0 | 8D45 | lea eax,dword ptr ss:[ebp-7C] |
00DF8AF3 | 50 | push eax |
00DF8AF4 | FFD6 | call esi |
00DF8AF6 | 83C4 | add esp,8 |
00DF8AF9 | C645 | mov byte ptr ss:[ebp-4],2F | 2F:'/'
00DF8AFD | 8D4D | lea ecx,dword ptr ss:[ebp-7C] |
00DF8B00 | FF15 | call dword ptr ds:[<&??1QDataStream@@QAE@XZ>] |
00DF8B06 | 8D4D | lea ecx,dword ptr ss:[ebp-54] |
00DF8B09 | FF15 | call dword ptr ds:[<&?close@QFileDevice@@UAEXXZ>] |
00DF8B0F | 8D45 | lea eax,dword ptr ss:[ebp-44] |
00DF8B12 | 50 | push eax |
00DF8B13 | FF15 | call dword ptr ds:[<&?currentDate@QDate@@SA?AV1@XZ>] |
00DF8B19 | 8B73 | mov esi,dword ptr ds:[ebx+60] |
00DF8B1C | 83C4 | add esp,4 |
00DF8B1F | 85F6 | test esi,esi |
00DF8B21 | 74 2A | je mindmaster.DF8B4D |
00DF8B23 | 8BB6 | mov esi,dword ptr ds:[esi+530] |
00DF8B29 | 8D45 | lea eax,dword ptr ss:[ebp-44] |
00DF8B2C | 50 | push eax |
00DF8B2D | 6A 01 | push 1 |
00DF8B2F | 6A 01 | push 1 |
00DF8B31 | 68 B2 | push 7B2 |
00DF8B36 | 8D4D | lea ecx,dword ptr ss:[ebp-6C] |
00DF8B39 | FF15 | call dword ptr ds:[<&??0QDate@@QAE@HHH@Z>] |
00DF8B3F | 8BC8 | mov ecx,eax |
00DF8B41 | FF15 | call dword ptr ds:[<&?daysTo@QDate@@QBE_JABV1@@Z>] |
00DF8B47 | 8986 | mov dword ptr ds:[esi+A8],eax |
00DF8B4D | 8D45 | lea eax,dword ptr ss:[ebp-58] |
00DF8B50 | 50 | push eax |
00DF8B51 | FF15 | call dword ptr ds:[<&?productName@EDVersion@@SA?AVQString |
00DF8B57 | 8BF8 | mov edi,eax |
00DF8B59 | 6A FF | push FFFFFFFF |
00DF8B5B | 6A 00 | push 0 |
00DF8B5D | 8D45 | lea eax,dword ptr ss:[ebp-5C] |
00DF8B60 | C645 | mov byte ptr ss:[ebp-4],31 | 31:'1'
00DF8B64 | 68 28 | push mindmaster.FFAB28 | FFAB28:"Activate Successfully!<br />Please restart %1 for the activation to take effect."
这样就简单的强制注册成功了,提示重启。
上个导演说过 ,生成的注册文件在 C:\Sandbox\Administrator\DefaultBox\user\current\AppData\Local\Edraw\MindMaster\GlobalColors.cfg
其实里边也没啥,注册名 注册码 在线激活码
你是不是还有一个疑问? GlobalColors.cfg 这个 到底藏于哪个文件中呢?
TC搜索下,竟然在 "C:\Sandbox\Administrator\DefaultBox\drive\C\Program Files (x86)\EdrawSoft\MindMaster\upgrade\MindUpgrade.exe"
破解嘛,破者改也,解者消困惑也 ~~随时保持怀疑和疑问 ~~ 不要被表象所蒙蔽 ~~
此处修改无非外表好看,内在不美,驴粪蛋,外面光。。。
接下来试图从 GlobalColors.cfg 入手,却发现实在是不摸门。
百度到几个api 函数
getExistingDirectory
IODevice
QFile
非常遗憾的发现却断不下来,未果。
接下来,我们按那个楼主所说
bp SetWindowTextW
shift+F4, {s:ebx}=="iteStartDocument@QXmlStreamWriter@@QAEXXZ"
但在QT程序里却不能如我们所希望的那样,直接断下来。
经过多次,我们来到这里。
[Asm] 纯文本查看 复制代码 00C5A3B0 | 55 | push ebp |
00C5A3B1 | 8BEC | mov ebp,esp |
00C5A3B3 | 6A FF | push FFFFFFFF |
00C5A3B5 | 68 9F | push <p3.sub_D90F9F> |
00C5A3BA | 64:A1 | mov eax,dword ptr fs:[0] | [00000000]:&"L停"
00C5A3C0 | 50 | push eax |
00C5A3C1 | 83EC | sub esp,1C |
00C5A3C4 | 53 | push ebx | ebx:"teStartDocument@QXmlStreamWriter@@QAEXXZ"
00C5A3C5 | 56 | push esi |
00C5A3C6 | 57 | push edi |
00C5A3C7 | A1 00 | mov eax,dword ptr ds:[150CF00] |
00C5A3CC | 33C5 | xor eax,ebp |
00C5A3CE | 50 | push eax |
00C5A3CF | 8D45 | lea eax,dword ptr ss:[ebp-C] |
00C5A3D2 | 64:A3 | mov dword ptr fs:[0],eax | [00000000]:&"L停"
00C5A3D8 | 8BF1 | mov esi,ecx |
00C5A3DA | 8975 | mov dword ptr ss:[ebp-24],esi |
00C5A3DD | A1 54 | mov eax,dword ptr ds:[150FC54] |
00C5A3E2 | 83F8 | cmp eax,14 |
00C5A3E5 | 7C 04 | jl p3.C5A3EB |
00C5A3E7 | B7 01 | mov bh,1 |
00C5A3E9 | EB 07 | jmp p3.C5A3F2 |
00C5A3EB | 8A7D | mov bh,byte ptr ss:[ebp+8] |
00C5A3EE | 84FF | test bh,bh |
00C5A3F0 | 74 02 | je p3.C5A3F4 |
00C5A3F2 | 33C0 | xor eax,eax |
00C5A3F4 | 40 | inc eax |
00C5A3F5 | A3 54 | mov dword ptr ds:[150FC54],eax |
00C5A3FA | FF15 | call dword ptr ds:[<&?ribbonBar@RibbonM |
00C5A400 | 8BC8 | mov ecx,eax |
00C5A402 | FF15 | call dword ptr ds:[<&?buyButton@RibbonB |
00C5A408 | 80BE | cmp byte ptr ds:[esi+490],0 |
00C5A40F | 8BF8 | mov edi,eax |
00C5A411 | 897D | mov dword ptr ss:[ebp-28],edi |
00C5A414 | 74 32 | je p3.C5A448 | ===>最终破解这里成功!
00C5A416 | 85FF | test edi,edi |
00C5A418 | 74 09 | je p3.C5A423 |
00C5A41A | 8B17 | mov edx,dword ptr ds:[edi] |
00C5A41C | 8BCF | mov ecx,edi |
00C5A41E | 6A 00 | push 0 |
00C5A420 | FF52 | call dword ptr ds:[edx+2C] |
00C5A423 | 8D86 | lea eax,dword ptr ds:[esi+F0] |
00C5A429 | 8BCE | mov ecx,esi |
00C5A42B | 50 | push eax |
00C5A42C | FF15 | call dword ptr ds:[<&?setWindowTitle@QW |
00C5A432 | B0 01 | mov al,1 |
00C5A434 | 8B4D | mov ecx,dword ptr ss:[ebp-C] |
00C5A437 | 64:89 | mov dword ptr fs:[0],ecx | [00000000]:&"L停"
00C5A43E | 59 | pop ecx |
00C5A43F | 5F | pop edi |
00C5A440 | 5E | pop esi |
00C5A441 | 5B | pop ebx | ebx:"teStartDocument@QXmlStreamWriter@@QAEXXZ"
00C5A442 | 8BE5 | mov esp,ebp |
00C5A444 | 5D | pop ebp |
00C5A445 | C2 04 | ret 4 |
00C5A448 | 8B86 | mov eax,dword ptr ds:[esi+530] |
00C5A44E | 8A98 | mov bl,byte ptr ds:[eax+B4] |
00C5A454 | 84DB | test bl,bl |
00C5A456 | 74 10 | je p3.C5A468 |
00C5A458 | A1 88 | mov eax,dword ptr ds:[<&?s_subscribeNum | 00DB3A88:&"2!"
00C5A45D | C700 | mov dword ptr ds:[eax],2695 |
00C5A463 | E9 48 | jmp p3.C5A6B0 |
00C5A468 | 8A9E | mov bl,byte ptr ds:[esi+250] |
00C5A46E | 84DB | test bl,bl |
00C5A470 | 0F85 | jne p3.C5A6B0 |
00C5A476 | 84FF | test bh,bh |
00C5A478 | 0F84 | je p3.C5A6B0 |
00C5A47E | 8D45 | lea eax,dword ptr ss:[ebp-10] |
00C5A481 | 50 | push eax |
00C5A482 | FF15 | call dword ptr ds:[<&?divideSegment@EDP |
00C5A488 | 8D45 | lea eax,dword ptr ss:[ebp-10] |
00C5A48B | C745 | mov dword ptr ss:[ebp-4],0 |
00C5A492 | 50 | push eax |
00C5A493 | 8D45 | lea eax,dword ptr ss:[ebp-1C] |
00C5A496 | 68 D8 | push p3.DDB1D8 | DDB1D8:"isProEdition() mcr="
00C5A49B | 50 | push eax |
00C5A49C | E8 8F | call <p3.sub_B12A30> |
00C5A4A1 | 8B3D | mov edi,dword ptr ds:[<&?log@RuningLog@ |
00C5A4A7 | 50 | push eax |
00C5A4A8 | C645 | mov byte ptr ss:[ebp-4],1 |
00C5A4AC | FFD7 | call edi |
00C5A4AE | 83C4 | add esp,14 |
00C5A4B1 | 8D4D | lea ecx,dword ptr ss:[ebp-1C] |
00C5A4B4 | FF15 | call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A4BA | 8D4D | lea ecx,dword ptr ss:[ebp+8] |
00C5A4BD | FF15 | call dword ptr ds:[<&??0QString@@QAE@XZ |
00C5A4C3 | 8B86 | mov eax,dword ptr ds:[esi+55C] |
00C5A4C9 | 8D8E | lea ecx,dword ptr ds:[esi+55C] |
00C5A4CF | C645 | mov byte ptr ss:[ebp-4],2 |
00C5A4D3 | 8378 | cmp dword ptr ds:[eax+4],0 |
00C5A4D7 | 74 3C | je p3.C5A515 |
00C5A4D9 | 8D45 | lea eax,dword ptr ss:[ebp-20] |
00C5A4DC | 50 | push eax |
00C5A4DD | FF15 | call dword ptr ds:[<&?toUtf8@QString@@Q |
00C5A4E3 | 50 | push eax |
00C5A4E4 | 8D45 | lea eax,dword ptr ss:[ebp-1C] |
00C5A4E7 | C645 | mov byte ptr ss:[ebp-4],3 |
00C5A4EB | 50 | push eax |
00C5A4EC | FF15 | call dword ptr ds:[<&?flipColor@EDPaint |
00C5A4F2 | 83C4 | add esp,8 |
00C5A4F5 | 8D4D | lea ecx,dword ptr ss:[ebp+8] |
00C5A4F8 | 50 | push eax |
00C5A4F9 | FF15 | call dword ptr ds:[<&??4QDateTime@@QAEA |
00C5A4FF | 8D4D | lea ecx,dword ptr ss:[ebp-1C] |
00C5A502 | FF15 | call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A508 | 8D4D | lea ecx,dword ptr ss:[ebp-20] |
00C5A50B | C645 | mov byte ptr ss:[ebp-4],2 |
00C5A50F | FF15 | call dword ptr ds:[<&??1QBitArray@@QAE@ |
00C5A515 | 8B45 | mov eax,dword ptr ss:[ebp-10] |
00C5A518 | 8378 | cmp dword ptr ds:[eax+4],8 |
00C5A51C | 7C 09 | jl p3.C5A527 |
00C5A51E | 8B45 | mov eax,dword ptr ss:[ebp+8] |
00C5A521 | 8378 | cmp dword ptr ds:[eax+4],8 |
00C5A525 | 7D 02 | jge p3.C5A529 |
00C5A527 | 32DB | xor bl,bl |
00C5A529 | 8D45 | lea eax,dword ptr ss:[ebp+8] |
00C5A52C | 50 | push eax |
00C5A52D | 8D45 | lea eax,dword ptr ss:[ebp-20] |
00C5A530 | 68 EC | push p3.DDB1EC | DDB1EC:"isProEdition() mdt ="
00C5A535 | 50 | push eax |
00C5A536 | E8 F5 | call <p3.sub_B12A30> |
00C5A53B | 50 | push eax |
00C5A53C | C645 | mov byte ptr ss:[ebp-4],4 |
00C5A540 | FFD7 | call edi |
00C5A542 | 83C4 | add esp,10 |
00C5A545 | 8D4D | lea ecx,dword ptr ss:[ebp-20] |
00C5A548 | FF15 | call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A54E | 8B0D | mov ecx,dword ptr ds:[<&?shared_null@QL |
00C5A554 | 33FF | xor edi,edi |
00C5A556 | 894D | mov dword ptr ss:[ebp-18],ecx |
00C5A559 | 8B45 | mov eax,dword ptr ss:[ebp+8] |
00C5A55C | 8B15 | mov edx,dword ptr ds:[<&?mid@QString@@Q |
00C5A562 | C645 | mov byte ptr ss:[ebp-4],5 |
00C5A566 | 8378 | cmp dword ptr ds:[eax+4],4 |
00C5A56A | 7C 46 | jl p3.C5A5B2 |
00C5A56C | 0F1F4 | nop dword ptr ds:[eax],eax |
00C5A570 | 6A 04 | push 4 |
00C5A572 | 57 | push edi |
00C5A573 | 8D45 | lea eax,dword ptr ss:[ebp-20] |
00C5A576 | 50 | push eax |
00C5A577 | 8D4D | lea ecx,dword ptr ss:[ebp+8] |
00C5A57A | FFD2 | call edx |
00C5A57C | 50 | push eax |
00C5A57D | 8D4D | lea ecx,dword ptr ss:[ebp-18] |
00C5A580 | C645 | mov byte ptr ss:[ebp-4],6 |
00C5A584 | E8 E7 | call <p3.sub_B17170> |
00C5A589 | 8D4D | lea ecx,dword ptr ss:[ebp-20] |
00C5A58C | C645 | mov byte ptr ss:[ebp-4],5 |
00C5A590 | FF15 | call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A596 | 8B45 | mov eax,dword ptr ss:[ebp+8] |
00C5A599 | 83C7 | add edi,4 |
00C5A59C | 8B15 | mov edx,dword ptr ds:[<&?mid@QString@@Q |
00C5A5A2 | 8B48 | mov ecx,dword ptr ds:[eax+4] |
00C5A5A5 | 8D47 | lea eax,dword ptr ds:[edi+4] |
00C5A5A8 | 3BC8 | cmp ecx,eax |
00C5A5AA | 7D C4 | jge p3.C5A570 |
00C5A5AC | 8B0D | mov ecx,dword ptr ds:[<&?shared_null@QL |
00C5A5B2 | 894D | mov dword ptr ss:[ebp-14],ecx |
00C5A5B5 | 8B45 | mov eax,dword ptr ss:[ebp-10] |
00C5A5B8 | 33FF | xor edi,edi |
00C5A5BA | C645 | mov byte ptr ss:[ebp-4],7 |
00C5A5BE | 8378 | cmp dword ptr ds:[eax+4],4 |
00C5A5C2 | 7C 3C | jl p3.C5A600 |
00C5A5C4 | 6A 04 | push 4 |
00C5A5C6 | 57 | push edi |
00C5A5C7 | 8D45 | lea eax,dword ptr ss:[ebp-20] |
00C5A5CA | 50 | push eax |
00C5A5CB | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00C5A5CE | FFD2 | call edx |
00C5A5D0 | 50 | push eax |
00C5A5D1 | 8D4D | lea ecx,dword ptr ss:[ebp-14] |
00C5A5D4 | C645 | mov byte ptr ss:[ebp-4],8 |
00C5A5D8 | E8 93 | call <p3.sub_B17170> |
00C5A5DD | 8D4D | lea ecx,dword ptr ss:[ebp-20] |
00C5A5E0 | C645 | mov byte ptr ss:[ebp-4],7 |
00C5A5E4 | FF15 | call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A5EA | 8B45 | mov eax,dword ptr ss:[ebp-10] |
00C5A5ED | 83C7 | add edi,4 |
00C5A5F0 | 8B15 | mov edx,dword ptr ds:[<&?mid@QString@@Q |
00C5A5F6 | 8B48 | mov ecx,dword ptr ds:[eax+4] |
00C5A5F9 | 8D47 | lea eax,dword ptr ds:[edi+4] |
00C5A5FC | 3BC8 | cmp ecx,eax |
00C5A5FE | 7D C4 | jge p3.C5A5C4 |
00C5A600 | 8D4D | lea ecx,dword ptr ss:[ebp-18] |
00C5A603 | 33FF | xor edi,edi |
00C5A605 | FF15 | call dword ptr ds:[<&?length@?$QList@VQ |
00C5A60B | 85C0 | test eax,eax |
00C5A60D | 7E 75 | jle p3.C5A684 |
00C5A60F | 90 | nop |
00C5A610 | 8D4D | lea ecx,dword ptr ss:[ebp-14] |
00C5A613 | 33F6 | xor esi,esi |
00C5A615 | FF15 | call dword ptr ds:[<&?length@?$QList@VQ |
00C5A61B | 85C0 | test eax,eax |
00C5A61D | 7E 54 | jle p3.C5A673 |
00C5A61F | 90 | nop |
00C5A620 | 56 | push esi |
00C5A621 | 8D4D | lea ecx,dword ptr ss:[ebp-14] |
00C5A624 | E8 27 | call <p3.sub_B1DC50> |
00C5A629 | 50 | push eax |
00C5A62A | 57 | push edi |
00C5A62B | 8D4D | lea ecx,dword ptr ss:[ebp-18] |
00C5A62E | E8 1D | call <p3.sub_B1DC50> |
00C5A633 | 50 | push eax |
00C5A634 | FF15 | call dword ptr ds:[<&??8@YA_NABVQString |
00C5A63A | 83C4 | add esp,8 |
00C5A63D | 84C0 | test al,al |
00C5A63F | 74 24 | je p3.C5A665 |
00C5A641 | A1 8C | mov eax,dword ptr ds:[<&?s_lisenceNum@E |
00C5A646 | B3 01 | mov bl,1 |
00C5A648 | C605 | mov byte ptr ds:[150C05C],0 |
00C5A64F | C700 | mov dword ptr ds:[eax],1637 |
00C5A655 | A1 34 | mov eax,dword ptr ds:[<&?s_bkFolders@ED |
00C5A65A | 8B40 | mov eax,dword ptr ds:[eax+4] |
00C5A65D | 8B40 | mov eax,dword ptr ds:[eax+4] |
00C5A660 | A3 14 | mov dword ptr ds:[150C014],eax | 0150C014:L" "
00C5A665 | 8D4D | lea ecx,dword ptr ss:[ebp-14] |
00C5A668 | 46 | inc esi |
00C5A669 | FF15 | call dword ptr ds:[<&?length@?$QList@VQ |
00C5A66F | 3BF0 | cmp esi,eax |
00C5A671 | 7C AD | jl p3.C5A620 |
00C5A673 | 8D4D | lea ecx,dword ptr ss:[ebp-18] |
00C5A676 | 47 | inc edi |
00C5A677 | FF15 | call dword ptr ds:[<&?length@?$QList@VQ |
00C5A67D | 3BF8 | cmp edi,eax |
00C5A67F | 7C 8F | jl p3.C5A610 |
00C5A681 | 8B75 | mov esi,dword ptr ss:[ebp-24] |
00C5A684 | 8D4D | lea ecx,dword ptr ss:[ebp-14] |
00C5A687 | E8 B4 | call <p3.sub_B16F40> |
00C5A68C | 8D4D | lea ecx,dword ptr ss:[ebp-18] |
00C5A68F | E8 AC | call <p3.sub_B16F40> |
00C5A694 | 8D4D | lea ecx,dword ptr ss:[ebp+8] |
00C5A697 | FF15 | call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A69D | 8D4D | lea ecx,dword ptr ss:[ebp-10] |
00C5A6A0 | C745 | mov dword ptr ss:[ebp-4],FFFFFFFF |
00C5A6A7 | FF15 | call dword ptr ds:[<&??1QXmlStreamStrin |
00C5A6AD | 8B7D | mov edi,dword ptr ss:[ebp-28] |
00C5A6B0 | 85FF | test edi,edi |
00C5A6B2 | 74 44 | je p3.C5A6F8 |
00C5A6B4 | 8B86 | mov eax,dword ptr ds:[esi+264] |
00C5A6BA | 8B40 | mov eax,dword ptr ds:[eax+14] |
00C5A6BD | 8B40 | mov eax,dword ptr ds:[eax+4] |
00C5A6C0 | C1E8 | shr eax,F |
00C5A6C3 | A8 01 | test al,1 |
00C5A6C5 | 75 1D | jne p3.C5A6E4 |
00C5A6C7 | 8BCE | mov ecx,esi |
00C5A6C9 | E8 A2 | call <p3.sub_C59470> |
00C5A6CE | 84C0 | test al,al |
00C5A6D0 | 75 12 | jne p3.C5A6E4 |
00C5A6D2 | 8B17 | mov edx,dword ptr ds:[edi] |
00C5A6D4 | 84DB | test bl,bl |
00C5A6D6 | 8BCF | mov ecx,edi |
00C5A6D8 | 0F94C | sete al |
00C5A6DB | 0FB6C | movzx eax,al |
00C5A6DE | 50 | push eax |
00C5A6DF | FF52 | call dword ptr ds:[edx+2C] |
00C5A6E2 | EB 14 | jmp p3.C5A6F8 |
00C5A6E4 | 8BCE | mov ecx,esi |
00C5A6E6 | E8 85 | call <p3.sub_C59470> |
00C5A6EB | 84C0 | test al,al |
00C5A6ED | 74 09 | je p3.C5A6F8 |
00C5A6EF | 8B07 | mov eax,dword ptr ds:[edi] |
00C5A6F1 | 8BCF | mov ecx,edi |
00C5A6F3 | 6A 00 | push 0 |
00C5A6F5 | FF50 | call dword ptr ds:[eax+2C] |
00C5A6F8 | 889E | mov byte ptr ds:[esi+490],bl |
00C5A6FE | 84DB | test bl,bl |
00C5A700 | 74 09 | je p3.C5A70B |
00C5A702 | 8D86 | lea eax,dword ptr ds:[esi+F0] |
00C5A708 | 50 | push eax |
00C5A709 | EB 07 | jmp p3.C5A712 |
00C5A70B | 8D8E | lea ecx,dword ptr ds:[esi+EC] |
00C5A711 | 51 | push ecx |
00C5A712 | 8BCE | mov ecx,esi |
00C5A714 | FF15 | call dword ptr ds:[<&?setWindowTitle@QW |
00C5A71A | 8AC3 | mov al,bl |
00C5A71C | 8B4D | mov ecx,dword ptr ss:[ebp-C] |
00C5A71F | 64:89 | mov dword ptr fs:[0],ecx | [00000000]:&"L停"
00C5A726 | 59 | pop ecx |
00C5A727 | 5F | pop edi |
00C5A728 | 5E | pop esi |
00C5A729 | 5B | pop ebx | ebx:"teStartDocument@QXmlStreamWriter@@QAEXXZ"
00C5A72A | 8BE5 | mov esp,ebp |
00C5A72C | 5D | pop ebp |
00C5A72D | C2 04 | ret 4 |
最终来到上面修改爆破成功。
有个ER105无法搞掉,就先这样吧。由于希捷硬盘坏了,没心情编下去了,一些细节就不说了。
我的OD里无法附加调试,不知为什么。 |
免费评分
-
查看全部评分
|
[复制链接]
发表于 2020-7-24 15:53
发表于 2020-7-29 17:16
|
发表于 2020-7-24 16:11
你写的文章,我为什么总是看不懂,不知道你在说什么。。。
