好友
阅读权限40
听众
最后登录1970-1-1
|
Squn
发表于 2008-6-25 14:13
CODE:00401000 public start
CODE:00401000 start proc near
CODE:00401000 push 0 ; lpModuleName
CODE:00401002 call GetModuleHandleA
CODE:00401007 mov ds:hInstance, eax
CODE:0040100C mov ds:dword_402197, 4003h
CODE:00401016 mov ds:dword_40219B, offset word_4011A6
CODE:00401020 mov ds:dword_40219F, 0
CODE:0040102A mov ds:dword_4021A3, 0
CODE:00401034 mov eax, ds:hInstance
CODE:00401039 mov ds:dword_4021A7, eax
CODE:0040103E push 4 ; lpIconName
CODE:00401040 push eax ; hInstance
CODE:00401041 call LoadIconA
CODE:00401046 mov ds:dword_4021AB, eax
CODE:0040104B push 7F00h ; lpCursorName
CODE:00401050 push 0 ; hInstance
CODE:00401052 call LoadCursorA
CODE:00401057 mov ds:dword_4021AF, eax
CODE:0040105C push 0 ; hTemplateFile
CODE:0040105E push offset unk_40216F ; dwFlagsAndAttributes
CODE:00401063 push 3 ; dwCreationDisposition
CODE:00401065 push 0 ; lpSecurityAttributes
CODE:00401067 push 3 ; dwShareMode
CODE:00401069 push 0C0000000h ; dwDesiredAccess
CODE:0040106E push offset FileName ; "Keyfile.dat"
CODE:00401073 call CreateFileA
CODE:00401078 cmp eax, 0FFFFFFFFh
CODE:0040107B jnz short loc_40109A
CODE:0040107D push 0 ; uType
CODE:0040107F push offset Caption ; " Key File ReverseMe"
CODE:00401084 push offset Text ; "Evaluation period out of date. Purchase"...
CODE:00401089 push 0 ; hWnd
CODE:0040108B call MessageBoxA
CODE:00401090 call ExitProcess
CODE:00401095 ; ---------------------------------------------------------------------------
CODE:00401095 jmp nullsub_1
CODE:0040109A ; ---------------------------------------------------------------------------
CODE:0040109A
CODE:0040109A loc_40109A: ; CODE XREF: start+7B�j
CODE:0040109A push 0 ; lpOverlapped
CODE:0040109C push offset NumberOfBytesRead ; lpNumberOfBytesRead
CODE:004010A1 push 46h ; nNumberOfBytesToRead
CODE:004010A3 push offset byte_40211A ; lpBuffer
CODE:004010A8 push eax ; hFile
CODE:004010A9 call ReadFile
CODE:004010AE test eax, eax
CODE:004010B0 jnz short loc_4010B4
CODE:004010B2 jmp short loc_4010F7
CODE:004010B4 ; ---------------------------------------------------------------------------
CODE:004010B4
CODE:004010B4 loc_4010B4: ; CODE XREF: start+B0�j
CODE:004010B4 xor ebx, ebx
CODE:004010B6 xor esi, esi
CODE:004010B8 cmp ds:NumberOfBytesRead, 10h
CODE:004010BF jl short loc_4010F7
CODE:004010C1
CODE:004010C1 loc_4010C1: ; CODE XREF: start+D1�j
CODE:004010C1 mov al, ds:byte_40211A[ebx]
CODE:004010C7 cmp al, 0
CODE:004010C9 jz short loc_4010D3
CODE:004010CB cmp al, 47h
CODE:004010CD jnz short loc_4010D0
CODE:004010CF inc esi
CODE:004010D0
CODE:004010D0 loc_4010D0: ; CODE XREF: start+CD�j
CODE:004010D0 inc ebx
CODE:004010D1 jmp short loc_4010C1
CODE:004010D3 ; ---------------------------------------------------------------------------
CODE:004010D3
CODE:004010D3 loc_4010D3: ; CODE XREF: start+C9�j
CODE:004010D3 cmp esi, 8
CODE:004010D6 jl short loc_4010F7
CODE:004010D8 jmp loc_401205
CODE:004010D8 ; ---------------------------------------------------------------------------
CODE:004010DD align 2
CODE:004010DE dd 0
CODE:004010E2 align 4
CODE:004010E4 dd 4 dup(0)
CODE:004010F4 db 0, 0EBh, 0
CODE:004010F7 ; ---------------------------------------------------------------------------
CODE:004010F7
CODE:004010F7 loc_4010F7: ; CODE XREF: start+B2�j
CODE:004010F7 ; start+BF�j ...
CODE:004010F7 push 0 ; uType
CODE:004010F9 push offset Caption ; " Key File ReverseMe"
CODE:004010FE push offset aKeyfileIsNotVa ; "Keyfile is not valid. Sorry."
CODE:00401103 push 0 ; hWnd
CODE:00401105 call MessageBoxA
CODE:0040110A call ExitProcess
CODE:0040110F ; ---------------------------------------------------------------------------
CODE:0040110F jmp nullsub_1
CODE:0040110F ; ---------------------------------------------------------------------------
CODE:00401114 dd 0
CODE:00401118 db 0
CODE:00401119 dd 0
CODE:0040111D align 10h
CODE:00401120 dd 3 dup(0)
CODE:0040112C dd 0
CODE:00401130 db 2 dup(0)
CODE:00401132 dd 0
CODE:00401136 align 4
CODE:00401138 dd 0
CODE:0040113C db 2 dup(0)
CODE:0040113E dd 0
CODE:00401142 align 4
CODE:00401144 dd 5 dup(0)
CODE:00401158 db 2 dup(0)
CODE:0040115A dd 0
CODE:0040115E align 10h
CODE:00401160 dd 0
CODE:00401164 dd 0
CODE:00401168 dd 3 dup(0)
CODE:00401174 db 2 dup(0)
CODE:00401176 dd 0
CODE:0040117A align 4
CODE:0040117C dd 2 dup(0)
CODE:00401184 db 2 dup(0)
CODE:00401186 dd 0
CODE:0040118A align 4
CODE:0040118C dd 0
CODE:00401190 dd 0
CODE:00401194 dd 2 dup(0)
CODE:0040119C db 0
CODE:0040119D dd 0
CODE:004011A1 align 4
CODE:004011A4 db 2 dup(0)
CODE:004011A6 word_4011A6 dw 0 ; DATA XREF: start+16�o
CODE:004011A8 dd 13h dup(0)
CODE:004011F4 db 0
CODE:004011F5 dd 0
CODE:004011F9 align 4
CODE:004011FC dd 2 dup(0)
CODE:00401204 db 0
CODE:00401205 ; ---------------------------------------------------------------------------
CODE:00401205
CODE:00401205 loc_401205: ; CODE XREF: start+D8�j
CODE:00401205 push 0 ; uType
CODE:00401207 push offset Caption ; " Key File ReverseMe"
CODE:0040120C push offset aYouReallyDidIt ; "You really did it! Congratz !!!"
CODE:00401211 push 0 ; hWnd
CODE:00401213 call MessageBoxA
CODE:00401218 call ExitProcess
CODE:00401218 start endp ; sp-analysis failed
CODE:00401218
CODE:0040121D ; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND] |
|
发帖前要善用【论坛搜索】功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。 |
|
|
|
|
|
|
