好友
阅读权限40
听众
最后登录1970-1-1
|
lkou
发表于 2010-12-2 14:52
本帖最后由 lkou 于 2010-12-4 21:17 编辑
按进销存V4.23 (企业版)为例
0071D4C0 > $ 55 PUSH EBP ; (Initial CPU selection) 程序载入OD后的入口
0071D4C1 . 8BEC MOV EBP,ESP
0071D4C3 . 83C4 F0 ADD ESP,-10
0071D4C6 . 53 PUSH EBX
0071D4C7 . B8 58C97100 MOV EAX,123.0071C958
0071D4CC . E8 239DCEFF CALL 123.004071F4
0071D4D1 . 8B1D EC357200 MOV EBX,DWORD PTR DS:[7235EC] ; 123.007267E4
0071D4D7 . A1 C8347200 MOV EAX,DWORD PTR DS:[7234C8]
0071D4DC . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D4DE . E8 2D2FD5FF CALL 123.00470410
0071D4E3 . 33C9 XOR ECX,ECX
0071D4E5 . B2 01 MOV DL,1
0071D4E7 . A1 600A5E00 MOV EAX,DWORD PTR DS:[5E0A60]
0071D4EC . E8 5FB7D4FF CALL 123.00468C50
0071D4F1 . 8903 MOV DWORD PTR DS:[EBX],EAX
0071D4F3 . 8B03 MOV EAX,DWORD PTR DS:[EBX]
0071D4F5 . E8 92F9D4FF CALL 123.0046CE8C
0071D4FA . 8B03 MOV EAX,DWORD PTR DS:[EBX]
0071D4FC . 8B10 MOV EDX,DWORD PTR DS:[EAX]
0071D4FE . FF92 88000000 CALL DWORD PTR DS:[EDX+88]
0071D504 . A1 C8347200 MOV EAX,DWORD PTR DS:[7234C8]
0071D509 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D50B . BA D8D67100 MOV EDX,123.0071D6D8 ; 佳宜进销存管理软件
0071D510 . E8 072BD5FF CALL 123.0047001C
0071D515 . 8B0D C8377200 MOV ECX,DWORD PTR DS:[7237C8] ; 123.00726800
0071D51B . A1 C8347200 MOV EAX,DWORD PTR DS:[7234C8]
0071D520 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D522 . 8B15 9C285E00 MOV EDX,DWORD PTR DS:[5E289C] ; 123.005E28E8
0071D528 . E8 FB2ED5FF CALL 123.00470428
0071D52D . A1 C8377200 MOV EAX,DWORD PTR DS:[7237C8]
0071D532 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D534 . 80B8 A0000000>CMP BYTE PTR DS:[EAX+A0],0
0071D53B . 0F84 7A010000 JE 123.0071D6BB
0071D541 . 8B03 MOV EAX,DWORD PTR DS:[EBX]
0071D543 . 8B80 F4020000 MOV EAX,DWORD PTR DS:[EAX+2F4]
0071D549 . BA F4D67100 MOV EDX,123.0071D6F4 ; 连接成功,正在登录 .....
0071D54E . E8 7514D3FF CALL 123.0044E9C8
0071D553 . 8B03 MOV EAX,DWORD PTR DS:[EBX]
0071D555 . 8B80 F4020000 MOV EAX,DWORD PTR DS:[EAX+2F4]
0071D55B . E8 AC19D3FF CALL 123.0044EF0C
0071D560 . 8B0D 7C327200 MOV ECX,DWORD PTR DS:[72327C] ; 123.00726CC4
0071D566 . A1 C8347200 MOV EAX,DWORD PTR DS:[7234C8]
0071D56B . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D56D . 8B15 64867100 MOV EDX,DWORD PTR DS:[718664] ; 123.007186B0
0071D573 . E8 B02ED5FF CALL 123.00470428
0071D578 . 8B03 MOV EAX,DWORD PTR DS:[EBX]
0071D57A . 8B80 F4020000 MOV EAX,DWORD PTR DS:[EAX+2F4]
0071D580 . BA 18D77100 MOV EDX,123.0071D718 ; 连接成功,正在登录 ...
0071D585 . E8 3E14D3FF CALL 123.0044E9C8
0071D58A . 8B03 MOV EAX,DWORD PTR DS:[EBX]
0071D58C . 8B80 F4020000 MOV EAX,DWORD PTR DS:[EAX+2F4]
0071D592 . E8 7519D3FF CALL 123.0044EF0C
0071D597 . B8 14000000 MOV EAX,14
0071D59C . E8 7F63D5FF CALL 123.00473920
0071D5A1 . 8B03 MOV EAX,DWORD PTR DS:[EBX]
0071D5A3 . 8B80 F4020000 MOV EAX,DWORD PTR DS:[EAX+2F4]
0071D5A9 . BA F4D67100 MOV EDX,123.0071D6F4 ; 连接成功,正在登录 .....
0071D5AE . E8 1514D3FF CALL 123.0044E9C8
0071D5B3 . 8B03 MOV EAX,DWORD PTR DS:[EBX]
0071D5B5 . 8B80 F4020000 MOV EAX,DWORD PTR DS:[EAX+2F4]
0071D5BB . E8 4C19D3FF CALL 123.0044EF0C
0071D5C0 . 8BC3 MOV EAX,EBX
0071D5C2 . E8 F961D5FF CALL 123.004737C0
0071D5C7 . 8B0D 74357200 MOV ECX,DWORD PTR DS:[723574] ; 123.00726CCC
0071D5CD . A1 C8347200 MOV EAX,DWORD PTR DS:[7234C8]
0071D5D2 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D5D4 . 8B15 9CC47100 MOV EDX,DWORD PTR DS:[71C49C] ; 123.0071C4E8
0071D5DA . E8 492ED5FF CALL 123.00470428
0071D5DF . A1 9C337200 MOV EAX,DWORD PTR DS:[72339C]
0071D5E4 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D5E6 . E8 55C0ECFF CALL 123.005E9640
0071D5EB . 8B15 74377200 MOV EDX,DWORD PTR DS:[723774] ; 123.0072637C
0071D5F1 . 8902 MOV DWORD PTR DS:[EDX],EAX
0071D5F3 . A1 74377200 MOV EAX,DWORD PTR DS:[723774]
0071D5F8 . 8338 00 CMP DWORD PTR DS:[EAX],0
0071D5FB /0F8C 94000000 JL 123.0071D695 这个跳转用来区别是否已经注册,我们要改为跳到0071D6D1
0071D601 . A1 74357200 MOV EAX,DWORD PTR DS:[723574]
0071D606 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D608 . E8 27F1FFFF CALL 123.0071C734
0071D60D . 83E8 01 SUB EAX,1 ; Switch (cases 0..2)
0071D610 . 72 05 JB SHORT 123.0071D617
0071D612 . 48 DEC EAX
0071D613 . 74 10 JE SHORT 123.0071D625
0071D615 . EB 72 JMP SHORT 123.0071D689
0071D617 > A1 C8347200 MOV EAX,DWORD PTR DS:[7234C8] ; Case 0 of switch 0071D60D
0071D61C . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D61E . E8 712FD5FF CALL 123.00470594
0071D623 . EB 7A JMP SHORT 123.0071D69F
0071D625 > A1 74357200 MOV EAX,DWORD PTR DS:[723574] ; Case 2 of switch 0071D60D
0071D62A . E8 9161D5FF CALL 123.004737C0
0071D62F . 33C9 XOR ECX,ECX
0071D631 . B2 01 MOV DL,1
0071D633 . A1 708F5E00 MOV EAX,DWORD PTR DS:[5E8F70]
0071D638 . E8 13B6D4FF CALL 123.00468C50
0071D63D . 8B15 9C337200 MOV EDX,DWORD PTR DS:[72339C] ; 123.00726818
0071D643 . 8902 MOV DWORD PTR DS:[EDX],EAX
0071D645 . A1 9C337200 MOV EAX,DWORD PTR DS:[72339C]
0071D64A . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D64C . B2 06 MOV DL,6
0071D64E . E8 49D3D4FF CALL 123.0046A99C
0071D653 . A1 9C337200 MOV EAX,DWORD PTR DS:[72339C]
0071D658 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D65A . 8B10 MOV EDX,DWORD PTR DS:[EAX]
0071D65C . FF92 E8000000 CALL DWORD PTR DS:[EDX+E8]
0071D662 . 48 DEC EAX
0071D663 . 74 18 JE SHORT 123.0071D67D
0071D665 . A1 74377200 MOV EAX,DWORD PTR DS:[723774]
0071D66A . 8338 00 CMP DWORD PTR DS:[EAX],0
0071D66D . 7F 0E JG SHORT 123.0071D67D
0071D66F . 6A 01 PUSH 1
0071D671 . 68 30D77100 PUSH 123.0071D730 ; 软件已过期,如需继续使用,请联系供应商...
0071D676 . E8 59A0EBFF CALL <JMP.&PunUnitLib.ShowMess>
0071D67B . EB 4A JMP SHORT 123.0071D6C7
0071D67D > A1 9C337200 MOV EAX,DWORD PTR DS:[72339C]
0071D682 . E8 3961D5FF CALL 123.004737C0
0071D687 . EB 16 JMP SHORT 123.0071D69F
0071D689 > A1 74357200 MOV EAX,DWORD PTR DS:[723574] ; Default case of switch 0071D60D
0071D68E . E8 2D61D5FF CALL 123.004737C0
0071D693 . EB 0A JMP SHORT 123.0071D69F
0071D695 > A1 74357200 MOV EAX,DWORD PTR DS:[723574]
0071D69A . E8 2161D5FF CALL 123.004737C0
0071D69F > A1 0C2E7200 MOV EAX,DWORD PTR DS:[722E0C]
0071D6A4 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D6A6 . 33D2 XOR EDX,EDX
0071D6A8 . E8 031FEDFF CALL 123.005EF5B0
0071D6AD . A1 C8347200 MOV EAX,DWORD PTR DS:[7234C8]
0071D6B2 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D6B4 . E8 EF2DD5FF CALL 123.004704A8
0071D6B9 . EB 0C JMP SHORT 123.0071D6C7
0071D6BB > A1 C8347200 MOV EAX,DWORD PTR DS:[7234C8]
0071D6C0 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0071D6C2 . E8 CD2ED5FF CALL 123.00470594
0071D6C7 > 5B POP EBX
0071D6C8 . E8 CF72CEFF CALL 123.0040499C
0071D6CD . 0000 ADD BYTE PTR DS:[EAX],AL
0071D6CF . 00FF ADD BH,BH 程序到这里结束
0071D6D1 A1 B4337200 MOV EAX,DWORD PTR DS:[7233B4] 从这里开始就是自己建立的了
0071D6D6 C600 01 MOV BYTE PTR DS:[EAX],1
0071D6DB ^ EB B8 JMP SHORT 123.0071D695 重新跳到他应该跳到0071D5FB应该去的位置
最后大家自己测试吧,内存注册机做的很简单的,我就不说了。 |
免费评分
-
查看全部评分
|
发表于 2010-12-2 15:19
