菜鸟求助,谁看的懂这几个37EXE加壳文件

清清风风

E:\游戏\SANGO7\dbghelp.dll        ::        Microsoft Visual C++ 5.0
E:\游戏\SANGO7\SANGO7.BIN        ::        UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
E:\游戏\SANGO7\SG7.dll        ::        Microsoft Visual C++ v7.1 DLL
E:\游戏\SANGO7\SG7.exe        ::        UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
E:\游戏\SANGO7\unins000.exe        ::        Borland Delphi 2.0 [Overlay]

我什么都看不懂是用peit扫出来的,后面好象是些壳
据说好象用什么PE去掉他们
谁来看看啊~!


这是脱壳后EXE的文件,我先放上来等汇编的高手来修改!
下载地址:http://www.namipan.com/d/30f953b ... 270e2d206b3a9587600

[ 本帖最后由 清清风风 于 2008-5-28 13:31 编辑 ]

清清风风

我找了个解壳软件upxsheel
大概把壳解掉了SG7.exe文件变成7.63M了?
后面不知道怎么改了

kane.hu

坐等现成的！哪怕是消息也好！！
支持一下

清清风风

我好象成功进EXE文件了,不过里面都是些该死的代码看不懂啊
真苦闷~!

清清风风

先放上段代码大家研究研究
反汇编文件: E:\游戏\SANGO7\SG7.exe
Code Offset = 00000400, Code Size = 00064A00
Data Offset = 00073000, Data Size = 00002A00

Number of Objects = 0004 (dec), Imagebase = 00400000h

   Object01: .text    RVA: 00001000 Offset: 00000400 Size: 00064A00 Flags: 60000020
   Object02: .rdata   RVA: 00066000 Offset: 00064E00 Size: 0000E200 Flags: 40000040
   Object03: .data    RVA: 00075000 Offset: 00073000 Size: 00002A00 Flags: C0000040
   Object04: .rsrc    RVA: 0008E000 Offset: 00075A00 Size: 00002A00 Flags: 40000040


+++++++++++++++++++  菜单信息 +++++++++++++++++++++++++

Number of Menus =    1 (decimal)


MenuID_00A6

      Context1 {Popup}
           ,俓-[P]  [ID=00A7h]
            {Popup}
                     [ID=00A8h]

+++++++++++++++++ 对话框信息 ++++++++++++++++++++++++++

Number of Dialogs =    1 (decimal)

Name: DialogID_03E8, # of Controls=000, Caption:"", ClassName:""

+++++++++++++++++++ 输入函数 ++++++++++++++++++++++++++++
Number of Imported Modules =   13 (decimal)

   Import Module 001: KERNEL32.DLL
   Import Module 002: ADVAPI32.dll
   Import Module 003: COMCTL32.dll
   Import Module 004: comdlg32.dll
   Import Module 005: GDI32.dll
   Import Module 006: MPR.dll
   Import Module 007: ole32.dll
   Import Module 008: OLEAUT32.dll
   Import Module 009: SHELL32.dll
   Import Module 010: USER32.dll
   Import Module 011: VERSION.dll
   Import Module 012: WINMM.dll
   Import Module 013: WSOCK32.dll

+++++++++++++++++++ 输入函数表 ++++++++++++++++++++++++++

   Import Module 001: KERNEL32.DLL

Addr:0007231E hint(0000) Name: CopyFileW
Addr:0007232A hint(0000) Name: GetLastError
Addr:00072338 hint(0000) Name: CreateDirectoryW
Addr:0007234A hint(0000) Name: RemoveDirectoryW
Addr:0007235C hint(0000) Name: TerminateProcess
Addr:0007236E hint(0000) Name: WaitForSingleObject
Addr:00072384 hint(0000) Name: SetSystemPowerState
Addr:0007239A hint(0000) Name: SetFileTime
Addr:000723A8 hint(0000) Name: FindResourceW
Addr:000723B8 hint(0000) Name: GetFileAttributesW
Addr:000723CC hint(0000) Name: LoadResource
Addr:000723DA hint(0000) Name: FindFirstFileW
Addr:000723EA hint(0000) Name: LockResource
Addr:000723F8 hint(0000) Name: FindClose
Addr:00072404 hint(0000) Name: SizeofResource
Addr:00072414 hint(0000) Name: EnumResourceNamesW
Addr:00072428 hint(0000) Name: DeleteFileW
Addr:00072436 hint(0000) Name: FindNextFileW
Addr:00072446 hint(0000) Name: lstrcmpiW
Addr:00072452 hint(0000) Name: MoveFileW
Addr:0007245E hint(0000) Name: OutputDebugStringW
Addr:00072472 hint(0000) Name: GetLocalTime
Addr:00072480 hint(0000) Name: MultiByteToWideChar
Addr:00072496 hint(0000) Name: WideCharToMultiByte
Addr:000724AC hint(0000) Name: GetModuleHandleA
Addr:000724BE hint(0000) Name: CompareStringW
Addr:000724CE hint(0000) Name: InterlockedIncrement
Addr:000724E4 hint(0000) Name: InterlockedDecrement
Addr:000724FA hint(0000) Name: GetTempPathW
Addr:00072508 hint(0000) Name: GetTempFileNameW
Addr:0007251A hint(0000) Name: FormatMessageW
Addr:0007252A hint(0000) Name: GetExitCodeProcess
Addr:0007253E hint(0000) Name: DeviceIoControl
Addr:00072550 hint(0000) Name: GetPrivateProfileStringW
Addr:0007256A hint(0000) Name: WritePrivateProfileStringW
Addr:00072586 hint(0000) Name: GetPrivateProfileSectionW
Addr:000725A2 hint(0000) Name: WritePrivateProfileSectionW
Addr:000725C0 hint(0000) Name: SetFileAttributesW
Addr:000725D4 hint(0000) Name: GetPrivateProfileSectionNamesW
Addr:000725F4 hint(0000) Name: GetShortPathNameW
Addr:00072608 hint(0000) Name: FileTimeToLocalFileTime
Addr:00072622 hint(0000) Name: FileTimeToSystemTime
Addr:00072638 hint(0000) Name: SystemTimeToFileTime
Addr:0007264E hint(0000) Name: LocalFileTimeToFileTime
Addr:00072668 hint(0000) Name: GetDriveTypeW
Addr:00072678 hint(0000) Name: SetErrorMode
Addr:00072686 hint(0000) Name: GetDiskFreeSpaceW
Addr:0007269A hint(0000) Name: GetVolumeInformationW
Addr:000726B2 hint(0000) Name: SetVolumeLabelW
Addr:000726C4 hint(0000) Name: CreateFileW
Addr:000726D2 hint(0000) Name: GlobalLock
Addr:000726DE hint(0000) Name: GlobalUnlock
Addr:000726EC hint(0000) Name: GlobalAlloc
Addr:000726FA hint(0000) Name: SetProcessWorkingSetSize
Addr:00072714 hint(0000) Name: GlobalMemoryStatus
Addr:00072728 hint(0000) Name: Beep
Addr:0007272E hint(0000) Name: GetFileSize
Addr:0007273C hint(0000) Name: GetEnvironmentVariableW
Addr:00072756 hint(0000) Name: SetEnvironmentVariableW
Addr:00072770 hint(0000) Name: GetCurrentProcessId
Addr:00072786 hint(0000) Name: GetComputerNameW
Addr:00072798 hint(0000) Name: GetWindowsDirectoryW
Addr:000727AE hint(0000) Name: GetSystemDirectoryW
Addr:000727C4 hint(0000) Name: GetProcessIoCounters
Addr:000727DA hint(0000) Name: CreatePipe
Addr:000727E6 hint(0000) Name: DuplicateHandle
Addr:000727F8 hint(0000) Name: GetStdHandle
Addr:00072806 hint(0000) Name: CreateProcessW
Addr:00072816 hint(0000) Name: SetPriorityClass
Addr:00072828 hint(0000) Name: LoadLibraryW
Addr:00072836 hint(0000) Name: WriteFile
Addr:00072842 hint(0000) Name: GetFileType
Addr:00072850 hint(0000) Name: PeekNamedPipe
Addr:00072860 hint(0000) Name: SetLastError
Addr:0007286E hint(0000) Name: LoadLibraryExW
Addr:0007287E hint(0000) Name: GlobalFindAtomW
Addr:00072890 hint(0000) Name: ResumeThread
Addr:0007289E hint(0000) Name: GetSystemTimeAsFileTime
Addr:000728B8 hint(0000) Name: CreateThread
Addr:000728C6 hint(0000) Name: ExitThread
Addr:000728D2 hint(0000) Name: HeapFree
Addr:000728DC hint(0000) Name: HeapAlloc
Addr:000728E8 hint(0000) Name: ExitProcess
Addr:000728F6 hint(0000) Name: GetACP
Addr:000728FE hint(0000) Name: GetOEMCP
Addr:00072908 hint(0000) Name: IsValidCodePage
Addr:0007291A hint(0000) Name: TlsGetValue
Addr:00072928 hint(0000) Name: TlsAlloc
Addr:00072932 hint(0000) Name: TlsSetValue
Addr:00072940 hint(0000) Name: TlsFree
Addr:0007294A hint(0000) Name: UnhandledExceptionFilter
Addr:00072964 hint(0000) Name: SetUnhandledExceptionFilter
Addr:00072982 hint(0000) Name: RaiseException
Addr:00072992 hint(0000) Name: GetModuleFileNameA
Addr:000729A6 hint(0000) Name: DeleteCriticalSection
Addr:000729BE hint(0000) Name: InitializeCriticalSection
Addr:000729DA hint(0000) Name: HeapSize
Addr:000729E4 hint(0000) Name: VirtualFree
Addr:000729F2 hint(0000) Name: VirtualAlloc
Addr:00072A00 hint(0000) Name: HeapReAlloc
Addr:00072A0E hint(0000) Name: HeapDestroy
Addr:00072A1C hint(0000) Name: HeapCreate
Addr:00072A28 hint(0000) Name: SetFilePointer
Addr:00072A38 hint(0000) Name: ReadFile
Addr:00072A42 hint(0000) Name: ReadProcessMemory
Addr:00072A56 hint(0000) Name: WriteProcessMemory
Addr:00072A6A hint(0000) Name: MapViewOfFile
Addr:00072A7A hint(0000) Name: CreateFileMappingW
Addr:00072A8E hint(0000) Name: OpenProcess
Addr:00072A9C hint(0000) Name: UnmapViewOfFile
Addr:00072AAE hint(0000) Name: CloseHandle
Addr:00072ABC hint(0000) Name: QueryPerformanceFrequency
Addr:00072AD8 hint(0000) Name: QueryPerformanceCounter
Addr:00072AF2 hint(0000) Name: GetModuleHandleW
Addr:00072B04 hint(0000) Name: GetSystemInfo
Addr:00072B14 hint(0000) Name: GetCurrentProcess
Addr:00072B28 hint(0000) Name: GetVersionExW
Addr:00072B38 hint(0000) Name: GetCurrentThreadId
Addr:00072B4C hint(0000) Name: Sleep
Addr:00072B54 hint(0000) Name: GetProcAddress
Addr:00072B64 hint(0000) Name: LoadLibraryA
Addr:00072B72 hint(0000) Name: RtlUnwind
Addr:00072B7E hint(0000) Name: GetConsoleCP
Addr:00072B8C hint(0000) Name: GetConsoleMode
Addr:00072B9C hint(0000) Name: FreeLibrary
Addr:00072BAA hint(0000) Name: GetModuleFileNameW
Addr:00072BBE hint(0000) Name: GetFullPathNameW
Addr:00072BD0 hint(0000) Name: SetCurrentDirectoryW
Addr:00072BE6 hint(0000) Name: GetCurrentDirectoryW
Addr:00072BFC hint(0000) Name: EnterCriticalSection
Addr:00072C12 hint(0000) Name: LeaveCriticalSection
Addr:00072C28 hint(0000) Name: GetVersionExA
Addr:00072C38 hint(0000) Name: GetProcessHeap
Addr:00072C48 hint(0000) Name: GetStartupInfoW
Addr:00072C5A hint(0000) Name: SetHandleCount
Addr:00072C6A hint(0000) Name: GetStartupInfoA
Addr:00072C7C hint(0000) Name: SetStdHandle
Addr:00072C8A hint(0000) Name: GetCPInfo
Addr:00072C96 hint(0000) Name: FlushFileBuffers
Addr:00072CA8 hint(0000) Name: LCMapStringA
Addr:00072CB6 hint(0000) Name: LCMapStringW
Addr:00072CC4 hint(0000) Name: GetTimeZoneInformation
Addr:00072CDC hint(0000) Name: FreeEnvironmentStringsA
Addr:00072CF6 hint(0000) Name: GetEnvironmentStrings
Addr:00072D0E hint(0000) Name: FreeEnvironmentStringsW
Addr:00072D28 hint(0000) Name: GetEnvironmentStringsW
Addr:00072D40 hint(0000) Name: GetCommandLineA
Addr:00072D52 hint(0000) Name: GetCommandLineW
Addr:00072D64 hint(0000) Name: GetTickCount
Addr:00072D72 hint(0000) Name: GetStringTypeA
Addr:00072D82 hint(0000) Name: GetStringTypeW
Addr:00072D92 hint(0000) Name: GetLocaleInfoA
Addr:00072DA2 hint(0000) Name: WriteConsoleA
Addr:00072DB2 hint(0000) Name: GetConsoleOutputCP
Addr:00072DC6 hint(0000) Name: WriteConsoleW
Addr:00072DD6 hint(0000) Name: CreateFileA
Addr:00072DE4 hint(0000) Name: SetEndOfFile
Addr:00072DF2 hint(0000) Name: CompareStringA
Addr:00072E02 hint(0000) Name: GlobalFree
Addr:00072E0E hint(0000) Name: SetEnvironmentVariableA

   Import Module 002: ADVAPI32.dll

Addr:00072E28 hint(0000) Name: RegEnumValueW
Addr:00072E38 hint(0000) Name: RegDeleteValueW
Addr:00072E4A hint(0000) Name: RegDeleteKeyW
Addr:00072E5A hint(0000) Name: RegSetValueExW
Addr:00072E6A hint(0000) Name: RegCreateKeyExW
Addr:00072E7C hint(0000) Name: GetUserNameW
Addr:00072E8A hint(0000) Name: RegConnectRegistryW
Addr:00072EA0 hint(0000) Name: RegEnumKeyExW
Addr:00072EB0 hint(0000) Name: AdjustTokenPrivileges
Addr:00072EC8 hint(0000) Name: LookupPrivilegeValueW
Addr:00072EE0 hint(0000) Name: OpenProcessToken
Addr:00072EF2 hint(0000) Name: CloseServiceHandle
Addr:00072F06 hint(0000) Name: UnlockServiceDatabase
Addr:00072F1E hint(0000) Name: LockServiceDatabase
Addr:00072F34 hint(0000) Name: OpenSCManagerW
Addr:00072F44 hint(0000) Name: RegCloseKey
Addr:00072F52 hint(0000) Name: RegQueryValueExW
Addr:00072F64 hint(0000) Name: RegOpenKeyExW

   Import Module 003: COMCTL32.dll

Addr:00072F74 hint(0000) Name: ImageList_BeginDrag
Addr:00072F8A hint(0000) Name: ImageList_SetDragCursorImage
Addr:00072FA8 hint(0000) Name: ImageList_EndDrag
Addr:00072FBC hint(0000) Name: ImageList_DragLeave
Addr:00072FD2 hint(0000) Name: ImageList_DragMove
Addr:00072FE6 hint(0000) Name: ImageList_DragEnter
Addr:00072FFC hint(0000) Name: ImageList_Destroy
Addr:00073010 hint(0000) Name: ImageList_ReplaceIcon
Addr:00073028 hint(0000) Name: ImageList_Create
Addr:0007303A hint(0000) Name: InitCommonControlsEx
Addr:00073050 hint(0000) Name: ImageList_Remove

   Import Module 004: comdlg32.dll

Addr:00073062 hint(0000) Name: GetSaveFileNameW
Addr:00073074 hint(0000) Name: GetOpenFileNameW

   Import Module 005: GDI32.dll

Addr:00073086 hint(0000) Name: ExtCreatePen
Addr:00073094 hint(0000) Name: StrokeAndFillPath
Addr:000730A8 hint(0000) Name: StrokePath
Addr:000730B4 hint(0000) Name: EndPath
Addr:000730BE hint(0000) Name: SetPixel
Addr:000730C8 hint(0000) Name: CloseFigure
Addr:000730D6 hint(0000) Name: SetBkColor
Addr:000730E2 hint(0000) Name: CreatePen
Addr:000730EE hint(0000) Name: CreateSolidBrush
Addr:00073100 hint(0000) Name: SetTextColor
Addr:0007310E hint(0000) Name: GetObjectW
Addr:0007311A hint(0000) Name: PolyBezierTo
Addr:00073128 hint(0000) Name: SetViewportOrgEx
Addr:0007313A hint(0000) Name: Rectangle
Addr:00073146 hint(0000) Name: BeginPath
Addr:00073152 hint(0000) Name: PolyDraw
Addr:0007315C hint(0000) Name: Ellipse
Addr:00073166 hint(0000) Name: MoveToEx
Addr:00073170 hint(0000) Name: AngleArc
Addr:0007317A hint(0000) Name: LineTo
Addr:00073182 hint(0000) Name: SetBkMode
Addr:0007318E hint(0000) Name: RoundRect
Addr:0007319A hint(0000) Name: CreateCompatibleBitmap
Addr:000731B2 hint(0000) Name: GetPixel
Addr:000731BC hint(0000) Name: DeleteDC
Addr:000731C6 hint(0000) Name: GetDIBits
Addr:000731D2 hint(0000) Name: BitBlt
Addr:000731DA hint(0000) Name: SelectObject
Addr:000731E8 hint(0000) Name: CreateDIBSection
Addr:000731FA hint(0000) Name: CreateCompatibleDC
Addr:0007320E hint(0000) Name: CreateFontW
Addr:0007321C hint(0000) Name: GetDeviceCaps
Addr:0007322C hint(0000) Name: GetTextFaceW
Addr:0007323A hint(0000) Name: GetStockObject
Addr:0007324A hint(0000) Name: CreateDCW
Addr:00073256 hint(0000) Name: GetTextExtentPoint32W
Addr:0007326E hint(0000) Name: DeleteObject

   Import Module 006: MPR.dll

Addr:0007327C hint(0000) Name: WNetUseConnectionW
Addr:00073290 hint(0000) Name: WNetGetConnectionW
Addr:000732A4 hint(0000) Name: WNetAddConnection2W
Addr:000732BA hint(0000) Name: WNetCancelConnection2W

   Import Module 007: ole32.dll

Addr:000732D2 hint(0000) Name: OleSetMenuDescriptor
Addr:000732E8 hint(0000) Name: MkParseDisplayName
Addr:000732FC hint(0000) Name: OleSetContainedObject
Addr:00073314 hint(0000) Name: CoCreateInstance
Addr:00073326 hint(0000) Name: CoInitialize
Addr:00073334 hint(0000) Name: CoUninitialize
Addr:00073344 hint(0000) Name: CreateStreamOnHGlobal
Addr:0007335C hint(0000) Name: CoInitializeSecurity
Addr:00073372 hint(0000) Name: CoCreateInstanceEx
Addr:00073386 hint(0000) Name: CoSetProxyBlanket
Addr:0007339A hint(0000) Name: StringFromCLSID
Addr:000733AC hint(0000) Name: OleUninitialize
Addr:000733BE hint(0000) Name: CoTaskMemAlloc
Addr:000733CE hint(0000) Name: CoTaskMemFree
Addr:000733DE hint(0000) Name: IIDFromString
Addr:000733EE hint(0000) Name: StringFromIID
Addr:000733FE hint(0000) Name: CLSIDFromString
Addr:00073410 hint(0000) Name: OleInitialize
Addr:00073420 hint(0000) Name: CreateBindCtx
Addr:00073430 hint(0000) Name: CLSIDFromProgID

   Import Module 008: OLEAUT32.dll

Addr:800000A2 hint(00A2) Name: CLSIDFromProgID
Addr:80000026 hint(0026) Name: CLSIDFromProgID
Addr:80000027 hint(0027) Name: CLSIDFromProgID
Addr:80000025 hint(0025) Name: CLSIDFromProgID
Addr:80000029 hint(0029) Name: CLSIDFromProgID
Addr:80000002 hint(0002) Name: CLSIDFromProgID
Addr:800001A2 hint(01A2) Name: CLSIDFromProgID
Addr:80000018 hint(0018) Name: CLSIDFromProgID
Addr:80000017 hint(0017) Name: CLSIDFromProgID
Addr:800000D8 hint(00D8) Name: CLSIDFromProgID
Addr:800000B9 hint(00B9) Name: CLSIDFromProgID
Addr:80000008 hint(0008) Name: CLSIDFromProgID
Addr:80000009 hint(0009) Name: CLSIDFromProgID
Addr:8000000A hint(000A) Name: CLSIDFromProgID
Addr:80000023 hint(0023) Name: CLSIDFromProgID

   Import Module 009: SHELL32.dll

Addr:00073442 hint(0000) Name: DragQueryPoint
Addr:00073452 hint(0000) Name: ShellExecuteExW
Addr:00073464 hint(0000) Name: DragQueryFileW
Addr:00073474 hint(0000) Name: SHBrowseForFolderW
Addr:00073488 hint(0000) Name: SHGetPathFromIDListW
Addr:0007349E hint(0000) Name: SHGetDesktopFolder
Addr:000734B2 hint(0000) Name: SHGetMalloc
Addr:000734C0 hint(0000) Name: SHFileOperationW
Addr:000734D2 hint(0000) Name: ExtractIconExW
Addr:000734E2 hint(0000) Name: Shell_NotifyIconW
Addr:000734F6 hint(0000) Name: ShellExecuteW
Addr:00073506 hint(0000) Name: DragFinish

   Import Module 010: USER32.dll

kane.hu

这些MS都是媒体平台的联接！！！！
在往后面的看看！

清清风风

太长了只能放一小段上来,先看看吧
+++++++++++++++++++++++++ 汇编代码列表+++++++++++++++++++
//************************ 代码开始 .text ***************
Program Entry Point = 0045372D (E:\游戏\SANGO7\SG7.exe File Offset:000B852D)


:00401000 B9E8A74800              mov ecx, 0048A7E8
:00401005 E8ADD20000              call 0040E2B7
:0040100A 33C0                    xor eax, eax
:0040100C A3F8854700              mov dword ptr [004785F8], eax
:00401011 A3F4854700              mov dword ptr [004785F4], eax
:00401016 A3E0854700              mov dword ptr [004785E0], eax
:0040101B A3DC854700              mov dword ptr [004785DC], eax
:00401020 A3D8854700              mov dword ptr [004785D8], eax
:00401025 A3F0854700              mov dword ptr [004785F0], eax
:0040102A A3EC854700              mov dword ptr [004785EC], eax
:0040102F A3E8854700              mov dword ptr [004785E8], eax
:00401034 A3E4854700              mov dword ptr [004785E4], eax
:00401039 A2BE854700              mov byte ptr [004785BE], al
:0040103E A2FEA94800              mov byte ptr [0048A9FE], al
:00401043 A2E4A74800              mov byte ptr [0048A7E4], al
:00401048 A2C0854700              mov byte ptr [004785C0], al
:0040104D A2BD854700              mov byte ptr [004785BD], al
:00401052 A2BC854700              mov byte ptr [004785BC], al
:00401057 A2BB854700              mov byte ptr [004785BB], al
:0040105C A2BA854700              mov byte ptr [004785BA], al
:00401061 A2B9854700              mov byte ptr [004785B9], al
:00401066 A2B8854700              mov byte ptr [004785B8], al
:0040106B A3D4A74800              mov dword ptr [0048A7D4], eax
:00401070 C705E0A7480003000000    mov dword ptr [0048A7E0], 00000003
:0040107A C605BF85470001          mov byte ptr [004785BF], 01
:00401081 B8D0A74800              mov eax, 0048A7D0
:00401086 C3                      ret



* Referenced by a CALL at Address:
|:004019FA   
|
:00401087 55                      push ebp
:00401088 8BEC                    mov ebp, esp
:0040108A 81EC28040000            sub esp, 00000428
:00401090 57                      push edi
:00401091 8D85E4FDFFFF            lea eax, dword ptr [ebp+FFFFFDE4]
:00401097 50                      push eax
:00401098 BF04010000              mov edi, 00000104
:0040109D 57                      push edi
:0040109E C645FE00                mov [ebp-02], 00
:004010A2 C645FF00                mov [ebp-01], 00

* Reference To: KERNEL32.GetCurrentDirectoryW, Ord:0000h
                                  |
:004010A6 FF1514634600            Call dword ptr [00466314]
:004010AC FF7508                  push [ebp+08]
:004010AF E845030000              call 004013F9
:004010B4 E8D5D10000              call 0040E28E
:004010B9 85C0                    test eax, eax
:004010BB 7419                    je 004010D6
:004010BD 6A10                    push 00000010
:004010BF 6886AD4600              push 0046AD86
:004010C4 6888AD4600              push 0046AD88
:004010C9 6A00                    push 00000000

* Reference To: USER32.MessageBoxA, Ord:0000h
                                  |
:004010CB FF1550664600            Call dword ptr [00466650]
:004010D1 E9DA010000              jmp 004012B0

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004010BB(C)
|
:004010D6 833DE0A7480000          cmp dword ptr [0048A7E0], 00000000
:004010DD 53                      push ebx
:004010DE 56                      push esi
:004010DF BBF4A74800              mov ebx, 0048A7F4
:004010E4 7520                    jne 00401106
:004010E6 6AFF                    push FFFFFFFF
:004010E8 FF35E8A74800            push dword ptr [0048A7E8]
:004010EE BE98C84800              mov esi, 0048C898
:004010F3 6A01                    push 00000001
:004010F5 E8CE530000              call 004064C8
:004010FA A0BC854700              mov al, byte ptr [004785BC]
:004010FF A29AC84800              mov byte ptr [0048C89A], al
:00401104 EB4E                    jmp 00401154

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004010E4(C)
|
:00401106 8D45FE                  lea eax, dword ptr [ebp-02]
:00401109 50                      push eax
:0040110A 68E0A74800              push 0048A7E0
:0040110F 8BF3                    mov esi, ebx
:00401111 B898C84800              mov eax, 0048C898
:00401116 E8075A0000              call 00406B22
:0040111B 84C0                    test al, al
:0040111D 750F                    jne 0040112E
:0040111F C705D485470001000000    mov dword ptr [004785D4], 00000001
:00401129 E973010000              jmp 004012A1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040111D(C)
|
:0040112E A098C84800              mov al, byte ptr [0048C898]
:00401133 A2E4A74800              mov byte ptr [0048A7E4], al
:00401138 A099C84800              mov al, byte ptr [0048C899]
:0040113D 68DCA74800              push 0048A7DC
:00401142 8845FF                  mov byte ptr [ebp-01], al
:00401145 8D85D8FBFFFF            lea eax, dword ptr [ebp+FFFFFBD8]
:0040114B 50                      push eax
:0040114C 57                      push edi
:0040114D 53                      push ebx

* Reference To: KERNEL32.GetFullPathNameW, Ord:0000h
                                  |
:0040114E FF150C634600            Call dword ptr [0046630C]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401104(U)
|
:00401154 FF35E0A74800            push dword ptr [0048A7E0]
:0040115A 53                      push ebx
:0040115B E86B810100              call 004192CB
:00401160 85C0                    test eax, eax
:00401162 7426                    je 0040118A
:00401164 BF98C84800              mov edi, 0048C898
:00401169 E826550000              call 00406694
:0040116E 8D85E4FDFFFF            lea eax, dword ptr [ebp+FFFFFDE4]
:00401174 50                      push eax

* Reference To: KERNEL32.SetCurrentDirectoryW, Ord:0000h
                                  |
:00401175 FF1510634600            Call dword ptr [00466310]
:0040117B C705D485470001000000    mov dword ptr [004785D4], 00000001
:00401185 E924010000              jmp 004012AE

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401162(C)
|
:0040118A 807DFF01                cmp byte ptr [ebp-01], 01
:0040118E 0F85A8000000            jne 0040123C
:00401194 803DB5A7480001          cmp byte ptr [0048A7B5], 01
:0040119B 0F859B000000            jne 0040123C
:004011A1 E8D2C70000              call 0040D978
:004011A6 84C0                    test al, al
:004011A8 0F858E000000            jne 0040123C
:004011AE 57                      push edi
:004011AF 8D85D8FBFFFF            lea eax, dword ptr [ebp+FFFFFBD8]
:004011B5 50                      push eax
:004011B6 6A00                    push 00000000

* Reference To: KERNEL32.GetModuleFileNameW, Ord:0000h
                                  |
:004011B8 FF1508634600            Call dword ptr [00466308]
:004011BE 807DFE00                cmp byte ptr [ebp-02], 00
:004011C2 7451                    je 00401215
:004011C4 BFF0AD4600              mov edi, 0046ADF0
:004011C9 57                      push edi
:004011CA 8D75F0                  lea esi, dword ptr [ebp-10]
:004011CD E811D10000              call 0040E2E3
:004011D2 53                      push ebx
:004011D3 8BC6                    mov eax, esi
:004011D5 E804D30000              call 0040E4DE
:004011DA 57                      push edi
:004011DB 8BC6                    mov eax, esi
:004011DD E8FCD20000              call 0040E4DE
:004011E2 6A01                    push 00000001
:004011E4 8D85E4FDFFFF            lea eax, dword ptr [ebp+FFFFFDE4]
:004011EA 50                      push eax
:004011EB FF75F0                  push [ebp-10]
:004011EE 8D85D8FBFFFF            lea eax, dword ptr [ebp+FFFFFBD8]
:004011F4 50                      push eax
:004011F5 68F4AD4600              push 0046ADF4

* Reference To: USER32.GetForegroundWindow, Ord:0000h
                                  |
:004011FA FF15F4654600            Call dword ptr [004665F4]
:00401200 50                      push eax

* Reference To: SHELL32.ShellExecuteW, Ord:0000h
                                  |
:00401201 FF1514644600            Call dword ptr [00466414]
:00401207 FF75F0                  push [ebp-10]
:0040120A E837D10400              call 0044E346
:0040120F 59                      pop ecx
:00401210 E982000000              jmp 00401297

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004011C2(C)
|
:00401215 6A01                    push 00000001
:00401217 8D85E4FDFFFF            lea eax, dword ptr [ebp+FFFFFDE4]
:0040121D 50                      push eax
:0040121E FF7508                  push [ebp+08]
:00401221 8D85D8FBFFFF            lea eax, dword ptr [ebp+FFFFFBD8]
:00401227 50                      push eax
:00401228 68F4AD4600              push 0046ADF4

* Reference To: USER32.GetForegroundWindow, Ord:0000h
                                  |
:0040122D FF15F4654600            Call dword ptr [004665F4]
:00401233 50                      push eax

* Reference To: SHELL32.ShellExecuteW, Ord:0000h
                                  |
:00401234 FF1514644600            Call dword ptr [00466414]
:0040123A EB5B                    jmp 00401297

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040118E(C), :0040119B(C), :004011A8(C)
|
:0040123C E874000000              call 004012B5
:00401241 E842010000              call 00401388
:00401246 803DE4A7480000          cmp byte ptr [0048A7E4], 00
:0040124D 750A                    jne 00401259
:0040124F BF40B24800              mov edi, 0048B240
:00401254 E8D68C0000              call 00409F2F

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040124D(C)
|
:00401259 6A01                    push 00000001
:0040125B B800AA4800              mov eax, 0048AA00
:00401260 E8C8810100              call 0041942D
:00401265 803DE4A7480000          cmp byte ptr [0048A7E4], 00
:0040126C 7529                    jne 00401297
:0040126E BF64C04800              mov edi, 0048C064

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401295(C)
|
:00401273 8B37                    mov esi, dword ptr [edi]
:00401275 85F6                    test esi, esi
:00401277 7413                    je 0040128C
:00401279 FF7608                  push [esi+08]
:0040127C E8C5D00400              call 0044E346
:00401281 56                      push esi
:00401282 E8BFD00400              call 0044E346
:00401287 832700                  and dword ptr [edi], 00000000
:0040128A 59                      pop ecx
:0040128B 59                      pop ecx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401277(C)
|
:0040128C 83C704                  add edi, 00000004
:0040128F 81FF80C84800            cmp edi, 0048C880
:00401295 7CDC                    jl 00401273

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401210(U), :0040123A(U), :0040126C(C)
|
:00401297 BF98C84800              mov edi, 0048C898
:0040129C E8F3530000              call 00406694

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401129(U)
|
:004012A1 8D85E4FDFFFF            lea eax, dword ptr [ebp+FFFFFDE4]
:004012A7 50                      push eax

* Reference To: KERNEL32.SetCurrentDirectoryW, Ord:0000h
                                  |
:004012A8 FF1510634600            Call dword ptr [00466310]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401185(U)
|
:004012AE 5E                      pop esi
:004012AF 5B                      pop ebx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004010D1(U)
|
:004012B0 5F                      pop edi
:004012B1 C9                      leave
:004012B2 C20400                  ret 0004



* Referenced by a CALL at Address:
|:0040123C   
|
:004012B5 55                      push ebp
:004012B6 8BEC                    mov ebp, esp
:004012B8 83EC34                  sub esp, 00000034
:004012BB 53                      push ebx
:004012BC 56                      push esi
:004012BD 57                      push edi
:004012BE 6A0F                    push 0000000F

* Reference To: USER32.GetSysColorBrush, Ord:0000h
                                  |
:004012C0 FF15F0654600            Call dword ptr [004665F0]
:004012C6 68007F0000              push 00007F00
:004012CB 33DB                    xor ebx, ebx
:004012CD 53                      push ebx
:004012CE 8BF8                    mov edi, eax

* Reference To: USER32.LoadCursorW, Ord:0000h
                                  |
:004012D0 FF15EC654600            Call dword ptr [004665EC]

* Reference To: USER32.LoadIconW, Ord:0000h
                                  |
:004012D6 8B35E8654600            mov esi, dword ptr [004665E8]

* Possible Reference to String Resource ID=00161: ""If" ?舺        "
                                  |
:004012DC 68A1000000              push 000000A1
:004012E1 FF3500864700            push dword ptr [00478600]
:004012E7 8945FC                  mov dword ptr [ebp-04], eax
:004012EA FFD6                    call esi

* Possible Reference to String Resource ID=00164: "
龏"
                                  |
:004012EC 68A4000000              push 000000A4
:004012F1 FF3500864700            push dword ptr [00478600]
:004012F7 A3D0A74800              mov dword ptr [0048A7D0], eax
:004012FC FFD6                    call esi
:004012FE 381DB1A74800            cmp byte ptr [0048A7B1], bl
:00401304 A3D8A74800              mov dword ptr [0048A7D8], eax
:00401309 750D                    jne 00401318
:0040130B 381DBFA74800            cmp byte ptr [0048A7BF], bl
:00401311 7505                    jne 00401318
:00401313 6A04                    push 00000004
:00401315 58                      pop eax
:00401316 EB03                    jmp 0040131B

长风吹云

加油，很有前图的说！！

starcat2

VC5.0~
Delphi2.0~~

光看汇编还是有点眼晕~~~~

清清风风

谁懂汇编或者提供个教程给我都行
我现在有时间可以研究下
现在对着一堆代码无从下手...

[ 本帖最后由 清清风风 于 2008-5-27 19:51 编辑 ]

starcat2

我懂点~~~但是要教你是不可能的~~~~

不了解计算机的机理和你说再多也白搭~

清清风风

那你有时间么把这个EXE的程序代码看下好么?
可以的话帮我们修改下万分感谢!!

gaoqi143

很好，完全的看不懂的说~~~~~~~

坐着等成果~~~~~~~~~~~·

starcat2

我只是知道点汇编,要我看程序我还需要修炼2年~

清清风风

晕倒那偶们只有坐着等成果拉..

margay

。。。没看到大家都等着清风你啦？！继续吧。。。
作为小白我非常认真的路过...

长风吹云

清清风风 起码你吧 代码弄出来了，

至于读懂，这的确是个技术含量太高的问题！！

汇编是所有语言中最难的，因为他接近硬件！！

只能在精神上支持你了，

建议你吧代码打包，放出来，也许有高手会看看的说！！

清清风风

我把exe的文件放上来吧~!代码我发现每换个汇编软件都不一样~!

长风吹云

啊不会是去壳不彻底吧！！

starcat2

原帖由 长风吹云 于 2008-5-28 13:07 发表
清清风风 起码你吧 代码弄出来了，

至于读懂，这的确是个技术含量太高的问题！！

汇编是所有语言中最难的，因为他接近硬件！！

只能在精神上支持你了，

建议你吧代码打包，放出来，也许有高手会看看的说！！ ...

小子~汇编是最难的?
外行了你吧!
最难的是二进制机器码!!!

看汇编我还能看懂点,二进制机器码我完全摸不着头绪