<div align=center><fieldset style=width=80%><font color=red size=3>由于你的人气旺,<br>你的支持者们送你28个阳光币! 网络验证破解]验证转本地化 [转]
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
【详细过程】
由于该程序为VC++没有加壳,运行中调用很多系统函数
OllyICE载入分析,由于程序关键字符处理的比较好,字符插件就不起作用了。
我们还是利用常用的办法“API函数断点”来调试它吧。
命令下断:bpx closesocket
F9运行,输入用户名后点击“登陆”断下:
00418E79 . 6A 10 push 10 ; 网络验证开始
00418E7B . 8D85 60FEFFFF lea eax, dword ptr [ebp-1A0] ; 计算目标ID长度
00418E81 . 50 push eax
00418E82 . 6A 60 push 60
00418E84 . 8D8D 74FFFFFF lea ecx, dword ptr [ebp-8C]
00418E8A . 51 push ecx
00418E8B . 8D95 74FFFFFF lea edx, dword ptr [ebp-8C]
00418E91 . 52 push edx
00418E92 . E8 B9320100 call 0042C150 ; 判断软件是否已经处于通信状态
00418E97 . 83C4 18 add esp, 18
00418E9A . 833D 9C826500 00 cmp dword ptr [65829C], 0
00418EA1 . 74 16 je short 00418EB9 ; 还未通信则跳(不管)
00418EA3 . A1 9C826500 mov eax, dword ptr [65829C]
00418EA8 . 50 push eax ; /Socket => 384
00418EA9 . FF15 E4A54600 call dword ptr [<&ws2_32.closesocket>] ; \closesocket
00418EAF . C705 9C826500 00000000 mov dword ptr [65829C], 0
00418EB9 > 833D 9C826500 00 cmp dword ptr [65829C], 0
00418EC0 . 75 11 jnz short 00418ED3 ; 还未通信则准备获取验证服务器地址
00418EC2 . 6A 00 push 0 ; /Protocol = IPPROTO_IP
00418EC4 . 6A 01 push 1 ; |Type = SOCK_STREAM
00418EC6 . 6A 02 push 2 ; |Family = AF_INET
00418EC8 . FF15 E0A54600 call dword ptr [<&ws2_32.socket>] ; \socket
00418ECE . A3 9C826500 mov dword ptr [65829C], eax
00418ED3 > 66:C785 18FAFFFF 0200 mov word ptr [ebp-5E8], 2
00418EDC . 68 AC836500 push 006583AC ; /ASCII "203.174.87.234"
00418EE1 . FF15 DCA54600 call dword ptr [<&ws2_32.inet_addr>] ; \inet_addr
00418EE7 . 8985 1CFAFFFF mov dword ptr [ebp-5E4], eax
00418EED . 66:8B0D 38105D00 mov cx, word ptr [5D1038]
00418EF4 . 51 push ecx ; /NetShort
00418EF5 . FF15 E8A54600 call dword ptr [<&ws2_32.htons>] ; \ntohs
00418EFB . 66:8985 1AFAFFFF mov word ptr [ebp-5E6], ax
00418F02 . 6A 10 push 10 ; /AddrLen = 10 (16.)
00418F04 . 8D95 18FAFFFF lea edx, dword ptr [ebp-5E8] ; |
00418F0A . 52 push edx ; |pSockAddr
00418F0B . A1 9C826500 mov eax, dword ptr [65829C] ; |
00418F10 . 50 push eax ; |Socket => 384
00418F11 . FF15 D0A54600 call dword ptr [<&ws2_32.connect>] ; \connect
00418F17 . 8985 58FEFFFF mov dword ptr [ebp-1A8], eax ; 获取服务器数据
00418F1D . 83BD 58FEFFFF FF cmp dword ptr [ebp-1A8], -1 ; 返回值是否大于等于FFFFFFFF
; 是则挂(通信不正常)
00418F24 75 14 jnz short 00418F3A ; ★所以这里必须跳!改为JMP★
00418F26 . C705 3C105D00 0D000000 mov dword ptr [5D103C], 0D
00418F30 . E8 EB180100 call 0042A820
00418F35 . E9 5C0A0000 jmp 00419996
00418F3A > 6A 00 push 0 ; /Flags = 0
00418F3C . 6A 60 push 60 ; |DataSize = 60 (96.)
00418F3E . 8D8D 74FFFFFF lea ecx, dword ptr [ebp-8C] ; |
00418F44 . 51 push ecx ; |Data
00418F45 . 8B15 9C826500 mov edx, dword ptr [65829C] ; |
00418F4B . 52 push edx ; |Socket => 384
00418F4C . FF15 D8A54600 call dword ptr [<&ws2_32.send>] ; \send
00418F52 . 8985 58FEFFFF mov dword ptr [ebp-1A8], eax ; 再次获取服务器数据
00418F58 . 83BD 58FEFFFF 60 cmp dword ptr [ebp-1A8], 60 ; 返回值是否小于等于96
; 是则挂(数据包不正确)
00418F5F 74 05 je short 00418F66 ; ★所以这里必须跳!改为JMP★
00418F61 . E9 300A0000 jmp 00419996
00418F66 > 6A 00 push 0 ; /Flags = 0
00418F68 . 6A 60 push 60 ; |BufSize = 60 (96.)
00418F6A . 8D85 74FFFFFF lea eax, dword ptr [ebp-8C] ; |
00418F70 . 50 push eax ; |Buffer
00418F71 . 8B0D 9C826500 mov ecx, dword ptr [65829C] ; |
00418F77 . 51 push ecx ; |Socket => 384
00418F78 . FF15 D4A54600 call dword ptr [<&ws2_32.recv>] ; \recv
00418F7E . 8985 58FEFFFF mov dword ptr [ebp-1A8], eax ; 再次获取服务器数据
00418F84 . 83BD 58FEFFFF 00 cmp dword ptr [ebp-1A8], 0 ; 返回值是否大于等于0
; 是则挂(数据包不正确)
00418F8B 75 05 jnz short 00418F92 ; ★则里可改可不改,保险起见改为JMP★
00418F8D . E9 040A0000 jmp 00419996
00418F92 > 8B15 9C826500 mov edx, dword ptr [65829C] ; 服务器通信结束
00418F98 . 52 push edx ; /Socket => 384
00418F99 . FF15 E4A54600 call dword ptr [<&ws2_32.closesocket>] ; \closesocket
00418F9F . 6A 01 push 1
00418FA1 . 6A 10 push 10
00418FA3 . 8D85 48FEFFFF lea eax, dword ptr [ebp-1B8]
00418FA9 . 50 push eax
00418FAA . 6A 60 push 60
00418FAC . 8D8D 74FFFFFF lea ecx, dword ptr [ebp-8C]
00418FB2 . 51 push ecx
00418FB3 . 8D95 74FFFFFF lea edx, dword ptr [ebp-8C]
00418FB9 . 52 push edx
00418FBA . E8 91310100 call 0042C150 ; 判断服务器是否有数据返回
00418FBF . 83C4 18 add esp, 18
00418FC2 . 75 04 jnz short 00418FC8 ; 有数据返回则跳!(必须跳)
00418FC4 . 74 02 je short 00418FC8
00418FC6 9A db 9A
00418FC7 E8 db E8
00418FC8 > 83BD 74FFFFFF 09 cmp dword ptr [ebp-8C], 9 ; 检测程序版本是否有更新
00418FCF . 0F85 A7000000 jnz 0041907C ; 大于等于则跳
; (为了不让它自动更新,改为JMP)
00418FD5 . 6A 00 push 0
00418FD7 . 68 502E4800 push 00482E50
00418FDC . 68 082E4800 push 00482E08
00418FE1 . 8B8D 98F9FFFF mov ecx, dword ptr [ebp-668]
00418FE7 . E8 CCF40300 call 004584B8
00418FEC . B9 11000000 mov ecx, 11
00418FF1 . 33C0 xor eax, eax
00418FF3 . 8DBD C0F9FFFF lea edi, dword ptr [ebp-640]
00418FF9 . F3:AB rep stos dword ptr es:[edi]
00418FFB . C785 C0F9FFFF 44000000 mov dword ptr [ebp-640], 44
00419005 . 33C0 xor eax, eax
00419007 . 8985 04FAFFFF mov dword ptr [ebp-5FC], eax
0041900D . 8985 08FAFFFF mov dword ptr [ebp-5F8], eax
00419013 . 8985 0CFAFFFF mov dword ptr [ebp-5F4], eax
00419019 . 8985 10FAFFFF mov dword ptr [ebp-5F0], eax
0041901F . 8D8D 04FAFFFF lea ecx, dword ptr [ebp-5FC]
00419025 . 51 push ecx ; /pProcessInfo
00419026 . 8D95 C0F9FFFF lea edx, dword ptr [ebp-640] ; |
0041902C . 52 push edx ; |pStartupInfo
0041902D . 6A 00 push 0 ; |CurrentDir = NULL
0041902F . 6A 00 push 0 ; |pEnvironment = NULL
00419031 . 6A 00 push 0 ; |CreationFlags = 0
00419033 . 6A 00 push 0 ; |InheritHandles = FALSE
00419035 . 6A 00 push 0 ; |pThreadSecurity = NULL
00419037 . 6A 00 push 0 ; |pProcessSecurity = NULL
00419039 . 68 E42D4800 push 00482DE4 ; |CommandLine = "explorer
http://www.jtlover.net/"
0041903E . 6A 00 push 0 ; |ModuleFileName = NULL
00419040 . FF15 34A24600 call dword ptr [<&kernel32.CreateProces>; \CreateProcessA
00419046 . 85C0 test eax, eax
00419048 . 75 07 jnz short 00419051
0041904A . 6A 00 push 0
0041904C . E8 87C30100 call 004353D8
00419051 > 8B85 04FAFFFF mov eax, dword ptr [ebp-5FC]
00419057 . 50 push eax ; /hObject
00419058 . FF15 44A24600 call dword ptr [<&kernel32.CloseHandle>>; \CloseHandle
0041905E . 8B8D 08FAFFFF mov ecx, dword ptr [ebp-5F8]
00419064 . 51 push ecx ; /hObject
00419065 . FF15 44A24600 call dword ptr [<&kernel32.CloseHandle>>; \CloseHandle
0041906B . 8B95 74FFFFFF mov edx, dword ptr [ebp-8C]
00419071 . 8915 3C105D00 mov dword ptr [5D103C], edx
00419077 . E9 1A090000 jmp 00419996
0041907C > 75 04 jnz short 00419082
0041907E . 74 02 je short 00419082
00419080 9A db 9A
00419081 E8 db E8
00419082 > 83BD 74FFFFFF 00 cmp dword ptr [ebp-8C], 0 ; 检测验证数据最后结果是否小于等于0
; 是则正确!
00419089 . 74 15 je short 004190A0 ; ★所以这里必须跳!改为JMP★
0041908B . 8B85 74FFFFFF mov eax, dword ptr [ebp-8C]
00419091 . A3 3C105D00 mov dword ptr [5D103C], eax
00419096 . E8 85170100 call 0042A820
0041909B . E9 F6080000 jmp 00419996
004190A0 > 8B4D CC mov ecx, dword ptr [ebp-34] ; 从这里就开始控制程序窗口、配置文件了
004190A3 . 890D C0836500 mov dword ptr [6583C0], ecx
004190A9 . C705 3C105D00 58000000 mov dword ptr [5D103C], 58
004190B3 . 68 F4030000 push 3F4
004190B8 . 8B8D 98F9FFFF mov ecx, dword ptr [ebp-668]
004190BE . E8 25050400 call 004595E8
004190C3 . 8985 5CFEFFFF mov dword ptr [ebp-1A4], eax
004190C9 . 6A 00 push 0
004190CB . 8B8D 5CFEFFFF mov ecx, dword ptr [ebp-1A4]
004190D1 . E8 3E080400 call 00459914
004190D6 . 51 push ecx
004190D7 . 8BCC mov ecx, esp
004190D9 . 89A5 ACF9FFFF mov dword ptr [ebp-654], esp
004190DF . 68 DC2D4800 push 00482DDC ; ASCII "TIP2"
004190E4 . E8 8BD50300 call 00456674
004190E9 . 8985 94F9FFFF mov dword ptr [ebp-66C], eax
004190EF . 8B95 94F9FFFF mov edx, dword ptr [ebp-66C]
004190F5 . 8995 90F9FFFF mov dword ptr [ebp-670], edx
004190FB . C745 FC 00000000 mov dword ptr [ebp-4], 0
00419102 . 51 push ecx
00419103 . 8BCC mov ecx, esp
00419105 . 89A5 A8F9FFFF mov dword ptr [ebp-658], esp
0041910B . 68 D42D4800 push 00482DD4 ; ASCII "Dialog1"
00419110 . E8 5FD50300 call 00456674
00419115 . 8985 8CF9FFFF mov dword ptr [ebp-674], eax ; |
0041911B . 8D85 A4F9FFFF lea eax, dword ptr [ebp-65C] ; |
00419121 . 50 push eax ; |Arg1
00419122 . B9 04156500 mov ecx, 00651504 ; |
00419127 . C745 FC FFFFFFFF mov dword ptr [ebp-4], -1 ; |
0041912E . E8 DD610000 call 0041F310 ; \jtbl.0041F310
00419133 . 8985 88F9FFFF mov dword ptr [ebp-678], eax
00419139 . 8B8D 88F9FFFF mov ecx, dword ptr [ebp-678]
0041913F . 898D A0F9FFFF mov dword ptr [ebp-660], ecx
00419145 . C745 FC 01000000 mov dword ptr [ebp-4], 1
0041914C . 8B95 A0F9FFFF mov edx, dword ptr [ebp-660]
00419152 . 8B02 mov eax, dword ptr [edx]
00419154 . 8985 9CF9FFFF mov dword ptr [ebp-664], eax
0041915A . 8B8D 9CF9FFFF mov ecx, dword ptr [ebp-664]
00419160 . 51 push ecx
00419161 . 68 B5040000 push 4B5
00419166 . B9 C87A6500 mov ecx, 00657AC8
0041916B . E8 69050400 call 004596D9
00419170 . C745 FC FFFFFFFF mov dword ptr [ebp-4], -1
00419177 . 8D8D A4F9FFFF lea ecx, dword ptr [ebp-65C]
0041917D . E8 84D40300 call 00456606
00419182 . 68 0000FF00 push 0FF0000
00419187 . B9 E8806500 mov ecx, 006580E8
0041918C . E8 FF4F0000 call 0041E190
00419191 . C645 D8 00 mov byte ptr [ebp-28], 0
00419195 . C645 D9 00 mov byte ptr [ebp-27], 0
00419199 . 33D2 xor edx, edx
0041919B . 8955 DA mov dword ptr [ebp-26], edx
0041919E . 8955 DE mov dword ptr [ebp-22], edx
004191A1 . 8955 E2 mov dword ptr [ebp-1E], edx
004191A4 . 8955 E6 mov dword ptr [ebp-1A], edx
004191A7 . 8955 EA mov dword ptr [ebp-16], edx
004191AA . 66:8955 EE mov word ptr [ebp-12], dx
004191AE . 8855 F0 mov byte ptr [ebp-10], dl
004191B1 . 6A 18 push 18 ; /Arg3 = 00000018
004191B3 . 8D45 D8 lea eax, dword ptr [ebp-28] ; |
004191B6 . 50 push eax ; |Arg2
004191B7 . 68 05040000 push 405 ; |Arg1 = 00000405
004191BC . 8B8D 98F9FFFF mov ecx, dword ptr [ebp-668] ; |
004191C2 . E8 AB040400 call 00459672 ; \jtbl.00459672
004191C7 . 68 382D4800 push 00482D38 ; /FileName = ".\Setting\config.ini"
004191CC . 8D4D D8 lea ecx, dword ptr [ebp-28] ; |
004191CF . 51 push ecx ; |String
004191D0 . 68 182D4800 push 00482D18 ; |Key = "Account"
004191D5 . 68 282D4800 push 00482D28 ; |Section = "Config"
004191DA . FF15 48A24600 call dword ptr [<&kernel32.WritePrivate>; \WritePrivateProfileStringA
004191E0 . C685 70FEFFFF 00 mov byte ptr [ebp-190], 0
004191E7 . C685 71FEFFFF 00 mov byte ptr [ebp-18F], 0
004191EE . B9 40000000 mov ecx, 40
004191F3 . 33C0 xor eax, eax
004191F5 . 8DBD 72FEFFFF lea edi, dword ptr [ebp-18E]
004191FB . F3:AB rep stos dword ptr es:[edi]
004191FD . 66:AB stos word ptr es:[edi]
004191FF . C745 D4 00000000 mov dword ptr [ebp-2C], 0
00419206 . 68 04010000 push 104 ; /BufSize = 104 (260.)
0041920B . 8D95 70FEFFFF lea edx, dword ptr [ebp-190] ; |
00419211 . 52 push edx ; |PathBuffer
00419212 . 6A 00 push 0 ; |hModule = NULL
00419214 . FF15 ECA14600 call dword ptr [<&kernel32.GetModuleFil>; \GetModuleFileNameA
0041921A . 8DBD 70FEFFFF lea edi, dword ptr [ebp-190]
00419220 . 83C9 FF or ecx, FFFFFFFF
00419223 . 33C0 xor eax, eax
00419225 . F2:AE repne scas byte ptr es:[edi]
00419227 . F7D1 not ecx
00419229 . 83C1 FE add ecx, -2
0041922C . 894D D4 mov dword ptr [ebp-2C], ecx
0041922F > 8B45 D4 mov eax, dword ptr [ebp-2C]
00419232 . 0FBE8C05 70FEFFFF movsx ecx, byte ptr [ebp+eax-190]
0041923A . 83F9 5C cmp ecx, 5C
0041923D . 74 16 je short 00419255
0041923F . 8B55 D4 mov edx, dword ptr [ebp-2C]
00419242 . C68415 70FEFFFF 00 mov byte ptr [ebp+edx-190], 0
0041924A . 8B45 D4 mov eax, dword ptr [ebp-2C]
0041924D . 83E8 01 sub eax, 1
00419250 . 8945 D4 mov dword ptr [ebp-2C], eax
00419253 .^ EB DA jmp short 0041922F
00419255 > 8D7D D8 lea edi, dword ptr [ebp-28] ; 获取用户名(准备计算试用时间验证)
00419258 . 8B15 787D5F00 mov edx, dword ptr [5F7D78] ; kudrtgov.10213000
0041925E . 83C9 FF or ecx, FFFFFFFF
00419261 . 33C0 xor eax, eax
00419263 . F2:AE repne scas byte ptr es:[edi]
00419265 . F7D1 not ecx
00419267 . 2BF9 sub edi, ecx
00419269 . 8BF7 mov esi, edi
0041926B . 8BC1 mov eax, ecx
0041926D . 8BFA mov edi, edx
0041926F . C1E9 02 shr ecx, 2
00419272 . F3:A5 rep movs dword ptr es:[edi], dword ptr>
00419274 . 8BC8 mov ecx, eax
00419276 . 83E1 03 and ecx, 3
00419279 . F3:A4 rep movs byte ptr es:[edi], byte ptr [>
0041927B . 8DBD 70FEFFFF lea edi, dword ptr [ebp-190]
00419281 . 8B0D 787D5F00 mov ecx, dword ptr [5F7D78] ; kudrtgov.10213000
00419287 . 83C1 1E add ecx, 1E
0041928A . 8BD1 mov edx, ecx
0041928C . 83C9 FF or ecx, FFFFFFFF
0041928F . 33C0 xor eax, eax
00419291 . F2:AE repne scas byte ptr es:[edi]
00419293 . F7D1 not ecx
00419295 . 2BF9 sub edi, ecx
00419297 . 8BF7 mov esi, edi
00419299 . 8BC1 mov eax, ecx
0041929B . 8BFA mov edi, edx
0041929D . C1E9 02 shr ecx, 2
004192A0 . F3:A5 rep movs dword ptr es:[edi], dword ptr>
004192A2 . 8BC8 mov ecx, eax
004192A4 . 83E1 03 and ecx, 3
004192A7 . F3:A4 rep movs byte ptr es:[edi], byte ptr [>
004192A9 . C685 38FBFFFF 00 mov byte ptr [ebp-4C8], 0
004192B0 . C685 39FBFFFF 00 mov byte ptr [ebp-4C7], 0
004192B7 . B9 40000000 mov ecx, 40
004192BC . 33C0 xor eax, eax
004192BE . 8DBD 3AFBFFFF lea edi, dword ptr [ebp-4C6]
004192C4 . F3:AB rep stos dword ptr es:[edi]
004192C6 . 66:AB stos word ptr es:[edi]
004192C8 . C685 3CFCFFFF 00 mov byte ptr [ebp-3C4], 0
004192CF . C685 3DFCFFFF 00 mov byte ptr [ebp-3C3], 0
004192D6 . B9 40000000 mov ecx, 40
004192DB . 33C0 xor eax, eax
004192DD . 8DBD 3EFCFFFF lea edi, dword ptr [ebp-3C2]
004192E3 . F3:AB rep stos dword ptr es:[edi]
004192E5 . 66:AB stos word ptr es:[edi]
004192E7 . C685 44FDFFFF 00 mov byte ptr [ebp-2BC], 0
004192EE . C685 45FDFFFF 00 mov byte ptr [ebp-2BB], 0
004192F5 . B9 40000000 mov ecx, 40
004192FA . 33C0 xor eax, eax
004192FC . 8DBD 46FDFFFF lea edi, dword ptr [ebp-2BA]
00419302 . F3:AB rep stos dword ptr es:[edi]
00419304 . 66:AB stos word ptr es:[edi]
00419306 . BF CC2D4800 mov edi, 00482DCC ; ASCII "\Users\"
0041930B . 8D95 70FEFFFF lea edx, dword ptr [ebp-190]
00419311 . 83C9 FF or ecx, FFFFFFFF
00419314 . 33C0 xor eax, eax
00419316 . F2:AE repne scas byte ptr es:[edi]
00419318 . F7D1 not ecx
0041931A . 2BF9 sub edi, ecx
0041931C . 8BF7 mov esi, edi
0041931E . 8BD9 mov ebx, ecx
00419320 . 8BFA mov edi, edx
00419322 . 83C9 FF or ecx, FFFFFFFF
00419325 . 33C0 xor eax, eax
00419327 . F2:AE repne scas byte ptr es:[edi]
00419329 . 83C7 FF add edi, -1
0041932C . 8BCB mov ecx, ebx
0041932E . C1E9 02 shr ecx, 2
00419331 . F3:A5 rep movs dword ptr es:[edi], dword ptr>
00419333 . 8BCB mov ecx, ebx
00419335 . 83E1 03 and ecx, 3
00419338 . F3:A4 rep movs byte ptr es:[edi], byte ptr [>
0041933A . 8DBD 70FEFFFF lea edi, dword ptr [ebp-190]
00419340 . 8D95 38FBFFFF lea edx, dword ptr [ebp-4C8]
00419346 . 83C9 FF or ecx, FFFFFFFF
00419349 . 33C0 xor eax, eax
0041934B . F2:AE repne scas byte ptr es:[edi]
0041934D . F7D1 not ecx
0041934F . 2BF9 sub edi, ecx
00419351 . 8BF7 mov esi, edi
00419353 . 8BC1 mov eax, ecx
00419355 . 8BFA mov edi, edx
00419357 . C1E9 02 shr ecx, 2
0041935A . F3:A5 rep movs dword ptr es:[edi], dword ptr>
0041935C . 8BC8 mov ecx, eax
0041935E . 83E1 03 and ecx, 3
00419361 . F3:A4 rep movs byte ptr es:[edi], byte ptr [>
00419363 . 8B3D 787D5F00 mov edi, dword ptr [5F7D78] ; kudrtgov.10213000
00419369 . 8D95 38FBFFFF lea edx, dword ptr [ebp-4C8]
0041936F . 83C9 FF or ecx, FFFFFFFF
00419372 . 33C0 xor eax, eax
00419374 . F2:AE repne scas byte ptr es:[edi]
00419376 . F7D1 not ecx
00419378 . 2BF9 sub edi, ecx
0041937A . 8BF7 mov esi, edi
0041937C . 8BD9 mov ebx, ecx
0041937E . 8BFA mov edi, edx
00419380 . 83C9 FF or ecx, FFFFFFFF
00419383 . 33C0 xor eax, eax
00419385 . F2:AE repne scas byte ptr es:[edi]
00419387 . 83C7 FF add edi, -1
0041938A . 8BCB mov ecx, ebx
0041938C . C1E9 02 shr ecx, 2
0041938F . F3:A5 rep movs dword ptr es:[edi], dword ptr>
00419391 . 8BCB mov ecx, ebx
00419393 . 83E1 03 and ecx, 3
00419396 . F3:A4 rep movs byte ptr es:[edi], byte ptr [>
00419398 . BF BC2D4800 mov edi, 00482DBC ; ASCII "\NewConfig.ini"
0041939D . 8D95 38FBFFFF lea edx, dword ptr [ebp-4C8]
004193A3 . 83C9 FF or ecx, FFFFFFFF
004193A6 . 33C0 xor eax, eax
004193A8 . F2:AE repne scas byte ptr es:[edi]
004193AA . F7D1 not ecx
004193AC . 2BF9 sub edi, ecx
004193AE . 8BF7 mov esi, edi
004193B0 . 8BD9 mov ebx, ecx
004193B2 . 8BFA mov edi, edx
004193B4 . 83C9 FF or ecx, FFFFFFFF
004193B7 . 33C0 xor eax, eax
004193B9 . F2:AE repne scas byte ptr es:[edi]
004193BB . 83C7 FF add edi, -1
004193BE . 8BCB mov ecx, ebx
004193C0 . C1E9 02 shr ecx, 2
004193C3 . F3:A5 rep movs dword ptr es:[edi], dword ptr>
004193C5 . 8BCB mov ecx, ebx
004193C7 . 83E1 03 and ecx, 3
004193CA . F3:A4 rep movs byte ptr es:[edi], byte ptr [>
004193CC . 8DBD 70FEFFFF lea edi, dword ptr [ebp-190]
004193D2 . 8D95 3CFCFFFF lea edx, dword ptr [ebp-3C4]
004193D8 . 83C9 FF or ecx, FFFFFFFF
004193DB . 33C0 xor eax, eax
004193DD . F2:AE repne scas byte ptr es:[edi]
004193DF . F7D1 not ecx
004193E1 . 2BF9 sub edi, ecx
004193E3 . 8BF7 mov esi, edi
004193E5 . 8BC1 mov eax, ecx
004193E7 . 8BFA mov edi, edx
004193E9 . C1E9 02 shr ecx, 2
004193EC . F3:A5 rep movs dword ptr es:[edi], dword ptr>
004193EE . 8BC8 mov ecx, eax
004193F0 . 83E1 03 and ecx, 3
004193F3 . F3:A4 rep movs byte ptr es:[edi], byte ptr [>
004193F5 . 8B3D 787D5F00 mov edi, dword ptr [5F7D78] ; kudrtgov.10213000
004193FB . 8D95 3CFCFFFF lea edx, dword ptr [ebp-3C4]
00419401 . 83C9 FF or ecx, FFFFFFFF
00419404 . 33C0 xor eax, eax
00419406 . F2:AE repne scas byte ptr es:[edi]
00419408 . F7D1 not ecx
0041940A . 2BF9 sub edi, ecx
0041940C . 8BF7 mov esi, edi
0041940E . 8BD9 mov ebx, ecx
00419410 . 8BFA mov edi, edx
00419412 . 83C9 FF or ecx, FFFFFFFF
00419415 . 33C0 xor eax, eax
00419417 . F2:AE repne scas byte ptr es:[edi]
00419419 . 83C7 FF add edi, -1
0041941C . 8BCB mov ecx, ebx
0041941E . C1E9 02 shr ecx, 2
00419421 . F3:A5 rep movs dword ptr es:[edi], dword ptr>
00419423 . 8BCB mov ecx, ebx
00419425 . 83E1 03 and ecx, 3
00419428 . F3:A4 rep movs byte ptr es:[edi], byte ptr [>
0041942A . BF AC2D4800 mov edi, 00482DAC ; ASCII "\ListFile.ini"
0041942F . 8D95 3CFCFFFF lea edx, dword ptr [ebp-3C4]
00419435 . 83C9 FF or ecx, FFFFFFFF
00419438 . 33C0 xor eax, eax
0041943A . F2:AE repne scas byte ptr es:[edi]
0041943C . F7D1 not ecx
0041943E . 2BF9 sub edi, ecx
00419440 . 8BF7 mov esi, edi
00419442 . 8BD9 mov ebx, ecx
00419444 . 8BFA mov edi, edx
00419446 . 83C9 FF or ecx, FFFFFFFF
00419449 . 33C0 xor eax, eax
0041944B . F2:AE repne scas byte ptr es:[edi]
0041944D . 83C7 FF add edi, -1
00419450 . 8BCB mov ecx, ebx
00419452 . C1E9 02 shr ecx, 2
00419455 . F3:A5 rep movs dword ptr es:[edi], dword ptr>
00419457 . 8BCB mov ecx, ebx
00419459 . 83E1 03 and ecx, 3
0041945C . F3:A4 rep movs byte ptr es:[edi], byte ptr [>
0041945E . 8DBD 70FEFFFF lea edi, dword ptr [ebp-190]
00419464 . 8D95 44FDFFFF lea edx, dword ptr [ebp-2BC]
0041946A . 83C9 FF or ecx, FFFFFFFF
0041946D . 33C0 xor eax, eax
0041946F . F2:AE repne scas byte ptr es:[edi]
00419471 . F7D1 not ecx
00419473 . 2BF9 sub edi, ecx
00419475 . 8BF7 mov esi, edi
00419477 . 8BC1 mov eax, ecx
00419479 . 8BFA mov edi, edx
0041947B . C1E9 02 shr ecx, 2
0041947E . F3:A5 rep movs dword ptr es:[edi], dword ptr>
00419480 . 8BC8 mov ecx, eax
00419482 . 83E1 03 and ecx, 3
00419485 . F3:A4 rep movs byte ptr es:[edi], byte ptr [>
00419487 . 8B3D 787D5F00 mov edi, dword ptr [5F7D78] ; kudrtgov.10213000
0041948D . 8D95 44FDFFFF lea edx, dword ptr [ebp-2BC]
00419493 . 83C9 FF or ecx, FFFFFFFF
00419496 . 33C0 xor eax, eax
00419498 . F2:AE repne scas byte ptr es:[edi]
0041949A . F7D1 not ecx
0041949C . 2BF9 sub edi, ecx
0041949E . 8BF7 mov esi, edi
004194A0 . 8BD9 mov ebx, ecx
004194A2 . 8BFA mov edi, edx
004194A4 . 83C9 FF or ecx, FFFFFFFF
004194A7 . 33C0 xor eax, eax
004194A9 . F2:AE repne scas byte ptr es:[edi]
004194AB . 83C7 FF add edi, -1
004194AE . 8BCB mov ecx, ebx
004194B0 . C1E9 02 shr ecx, 2
004194B3 . F3:A5 rep movs dword ptr es:[edi], dword ptr>
004194B5 . 8BCB mov ecx, ebx
004194B7 . 83E1 03 and ecx, 3
004194BA . F3:A4 rep movs byte ptr es:[edi], byte ptr [>
004194BC . BF 9C2D4800 mov edi, 00482D9C ; ASCII "\GuoLvFile.ini"
004194C1 . 8D95 44FDFFFF lea edx, dword ptr [ebp-2BC]
004194C7 . 83C9 FF or ecx, FFFFFFFF
004194CA . 33C0 xor eax, eax
004194CC . F2:AE repne scas byte ptr es:[edi]
004194CE . F7D1 not ecx
004194D0 . 2BF9 sub edi, ecx
004194D2 . 8BF7 mov esi, edi
004194D4 . 8BD9 mov ebx, ecx
004194D6 . 8BFA mov edi, edx
004194D8 . 83C9 FF or ecx, FFFFFFFF
004194DB . 33C0 xor eax, eax
004194DD . F2:AE repne scas byte ptr es:[edi]
004194DF . 83C7 FF add edi, -1
004194E2 . 8BCB mov ecx, ebx
004194E4 . C1E9 02 shr ecx, 2
004194E7 . F3:A5 rep movs dword ptr es:[edi], dword ptr>
004194E9 . 8BCB mov ecx, ebx
004194EB . 83E1 03 and ecx, 3
004194EE . F3:A4 rep movs byte ptr es:[edi], byte ptr [>
004194F0 . 68 982D4800 push 00482D98
004194F5 . 8D85 38FBFFFF lea eax, dword ptr [ebp-4C8]
004194FB . 50 push eax
004194FC . E8 97BE0100 call 00435398 ; 配置文件A是否已经存在
00419501 . 83C4 08 add esp, 8
00419504 . 8985 14FAFFFF mov dword ptr [ebp-5EC], eax
0041950A . 83BD 14FAFFFF 00 cmp dword ptr [ebp-5EC], 0
00419511 . 75 5A jnz short 0041956D ; 如果文件已经存在则跳
00419513 . 8B3D 787D5F00 mov edi, dword ptr [5F7D78] ; kudrtgov.10213000
00419519 . 8D95 70FEFFFF lea edx, dword ptr [ebp-190]
0041951F . 83C9 FF or ecx, FFFFFFFF
00419522 . 33C0 xor eax, eax
00419524 . F2:AE repne scas byte ptr es:[edi]
00419526 . F7D1 not ecx
00419528 . 2BF9 sub edi, ecx
0041952A . 8BF7 mov esi, edi
0041952C . 8BD9 mov ebx, ecx
0041952E . 8BFA mov edi, edx
00419530 . 83C9 FF or ecx, FFFFFFFF
00419533 . 33C0 xor eax, eax
00419535 . F2:AE repne scas byte ptr es:[edi]
00419537 . 83C7 FF add edi, -1
0041953A . 8BCB mov ecx, ebx
0041953C . C1E9 02 shr ecx, 2
0041953F . F3:A5 rep movs dword ptr es:[edi], dword ptr>
00419541 . 8BCB mov ecx, ebx
00419543 . 83E1 03 and ecx, 3
00419546 . F3:A4 rep movs byte ptr es:[edi], byte ptr [>
00419548 . 6A 00 push 0 ; /pSecurity = NULL
0041954A . 8D85 70FEFFFF lea eax, dword ptr [ebp-190] ; |
00419550 . 50 push eax ; |Path
00419551 . FF15 F0A14600 call dword ptr [<&kernel32.CreateDirect>; \CreateDirectoryA
00419557 . 6A 01 push 1 ; /FailIfExists = TRUE
00419559 . 8D8D 38FBFFFF lea ecx, dword ptr [ebp-4C8] ; |使用默认的配置文件A
0041955F . 51 push ecx ; |NewFileName
00419560 . 68 842D4800 push 00482D84 ; |ExistingFileName =
; "Setting\Default.ini"
00419565 . FF15 F4A14600 call dword ptr [<&kernel32.CopyFileA>] ; \CopyFileA
0041956B . EB 0F jmp short 0041957C
0041956D > 8B95 14FAFFFF mov edx, dword ptr [ebp-5EC]
00419573 . 52 push edx
00419574 . E8 71BD0100 call 004352EA
00419579 . 83C4 04 add esp, 4
0041957C > 68 982D4800 push 00482D98
00419581 . 8D85 3CFCFFFF lea eax, dword ptr [ebp-3C4]
00419587 . 50 push eax
00419588 . E8 0BBE0100 call 00435398 ; 配置文件B是否已经存在
0041958D . 83C4 08 add esp, 8
00419590 . 8985 14FAFFFF mov dword ptr [ebp-5EC], eax
00419596 . 83BD 14FAFFFF 00 cmp dword ptr [ebp-5EC], 0 |
发表于 2007-6-6 11:18:11
发表于 2007-6-13 09:33:55
