吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 1194|回复: 0
收起左侧

[讨论] 我给你们解读一下IDA的伪代码看理解的对与不对?

[复制链接]
冥界3大法王 发表于 2023-8-27 17:32


[C++] 纯文本查看 复制代码
// bad sp value at call has been detected, the output may be wrong!
// positive sp value has been detected, the output may be wrong!
int __usercall sub_4E83B0@<eax>(int a1@<eax>, int a2@<edx>, int a3@<edi>, int a4@<esi>, int a5)
{
  char v5; // bl
  int v6; // edx
  Getitactionsbase *v7; // ecx
  struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList; // [esp-10h] [ebp-24h] BYREF
  void *v10; // [esp-Ch] [ebp-20h]
  int *v11; // [esp-8h] [ebp-1Ch]
  unsigned int v12; // [esp-4h] [ebp-18h]
  int v13; // [esp+0h] [ebp-14h] BYREF
  Getitactionsbase *v14; // [esp+4h] [ebp-10h] BYREF
  bool v15[4]; // [esp+8h] [ebp-Ch] BYREF
  int v16; // [esp+Ch] [ebp-8h]
  int v17; // [esp+10h] [ebp-4h] BYREF
  int savedregs; // [esp+14h] [ebp+0h] BYREF

  v13 = 0;
  v12 = 0;
  v17 = a1;
  ((void (__fastcall *)(int, int, _DWORD, int, int))System::__linkproc__ IntfAddRef)(a1, a2, 0, a4, a3);
  v11 = &savedregs;
  v10 = &loc_4E84E6;
  ExceptionList = NtCurrentTeb()->NtTib.ExceptionList;
  __writefsdword(0, (unsigned int)&ExceptionList);
  v5 = 0;
  if ( (unsigned __int8)((int (__fastcall *)(_DWORD, int, int, int *, void *, struct _EXCEPTION_REGISTRATION_RECORD *))Getitinstallmanager::TGetItInstallManager::ExecuteActions)(
                          *(_DWORD *)(a5 - 4),
                          v17,
                          1,
                          &savedregs,
                          &loc_4E84E6,
                          ExceptionList) )
  {
    v11 = &savedregs;
    v10 = &loc_4E8472;
    ExceptionList = NtCurrentTeb()->NtTib.ExceptionList;
    __writefsdword(0, (unsigned int)&ExceptionList);
    (*(void (__fastcall **)(int, Getitactionsbase **))(*(_DWORD *)v17 + 80))(v17, &v14);
    LOBYTE(v6) = 1;
    Getitactionsbase::ExpandTemporalVariables(v14, v6, 1, (bool)v15);
    (*(void (__fastcall **)(int, _DWORD))(*(_DWORD *)v17 + 232))(v17, *(_DWORD *)v15);
    if ( (unsigned __int8)sub_4E81D4(a5) )
    {
      if ( !v16 )
      {
        Getitinstallmanager::TGetItInstallManager::CreateGetItService(
          *(Getitinstallmanager::TGetItInstallManager **)(a5 - 4),
          1);
        if ( (*(unsigned __int8 (__fastcall **)(int, int))(*(_DWORD *)v13 + 52))(v13, v17) )
          v5 = 1;
      }
    }
    __writefsdword(0, (unsigned int)ExceptionList);
    if ( v5 )
      ((int (__fastcall *)(_DWORD, int, int))Getitinstallmanager::TGetItInstallManager::ExecuteActions)(
        *(_DWORD *)(a5 - 4),
        v17,
        2);
  }
  v7 = v14;
  __writefsdword(0, v12);
  v14 = (Getitactionsbase *)&loc_4E84ED;
  ((void (__fastcall *)(int *, unsigned int, Getitactionsbase *))System::__linkproc__ IntfClear)(&v13, v12, v7);
  ((void (__fastcall *)(Getitactionsbase **, int))System::__linkproc__ UStrArrayClr)(&v14, 2);
  return ((int (__fastcall *)(int *))System::__linkproc__ IntfClear)(&v17);
}

意思就是说前面给了一个正确的授权状态后,就开启一个安装的线程去自动的安装控件;否则挂掉这个线程,并提示注册码无效。

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-23 06:59

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表