我认为最狗屎的软件《木马克星3.13》
作者:华仔
这个软件很臭屁!!!!!!!!!!!!!!
加密还很一般!!!!!!!!!!!!!!!
如果破解不完全将导致格式化所有物理驱动器。但无“主板cmos被擦写”
等等象作者说的那样。
又因该软件是利用机器代码(不同的机器只有唯一的一个)来计算注册码
(其实获取正确的注册码也很容易,只是考虑到作者今后如果一旦使用其
它验证方法,后果不可想向)因此使用暴力破解方法。我已去除其格式化
驱动器代码,经本人多次试用无任何不良效果,请放心使用。
以下是引用原软件作者百分之百的狗屎介绍:
'iparmor '
'作者:罗建斌'
'保留所有版权!'
''
'本软件鼓励在互连网中免费传播'
'但如果以光盘或者软盘为媒体'
'必须得到作者同意。'
''
'破解本软件而引起的:'
'硬盘低级格式化,'
'主板cmos被擦写'
'经济损失'
'以及法律责任'
'均由破解者负责。'
''
' 木马克星一共采用64处加 密暗记,'
'就算你破解了注册页面,'
'在软件内部仍然藏有加密标示'
'(包括:注 册表加密,文件日期加密,'
'文件公司加密,cmos加密等,'
'一共12种加密措施 ),'
'我有理由相信任何破解者,'
'都不可能完全破解所有加密标示('
'因为他们 发现不了)'
'如果被木马克星发现是破解版本,'
'将会丧失查杀功能,'
'并且在 system目录下生成200'
'个内容为保护正版软件,'
'打击非法破解活动的随机dll 文件。'
'由此因发的用户资源耗尽,'
'由用户负责!'
'所有注册用户终身免费享受 升级,'
'所有木马克星均可以注册! '
''
'关于作者:'
'美男子中的佼佼者,'
'对计算机最有天赋的人之一'
''
'技术支持:'
'iparmor@luosoft.com'
现贴上该代码:
这是判断是否为正式注册码的代码如果不正确,将执行format操作:
:004962B8 55
push ebp
:004962B9 8BEC
mov ebp, esp
:004962BB 33C9
xor ecx, ecx
:004962BD 51
push ecx
:004962BE 51
push ecx
:004962BF 51
push ecx
:004962C0 51
push ecx
:004962C1 51
push ecx
:004962C2 51
push ecx
:004962C3 51
push ecx
:004962C4 53
push ebx
:004962C5 8BD8
mov ebx, eax
:004962C7 33C0
xor eax, eax
:004962C9 55
push ebp
:004962CA 684D654900 push
0049654D
:004962CF 64FF30
push dword ptr fs:[eax]
:004962D2 648920
mov dword ptr fs:[eax], esp
:004962D5 8D55FC
lea edx, dword ptr [ebp-04]
:004962D8 8B83DC020000 mov eax, dword
ptr [ebx+000002DC]
:004962DE E8F96EF9FF call
0042D1DC
:004962E3 8B45FC
mov eax, dword ptr [ebp-04]
:004962E6 50
push eax
:004962E7 8D55F8
lea edx, dword ptr [ebp-08]
:004962EA 8B83D0020000 mov eax, dword
ptr [ebx+000002D0]
:004962F0 8B8024020000 mov eax, dword
ptr [eax+00000224]
:004962F6 2DD1080000 sub eax,
000008D1
:004962FB E80829F7FF call
00408C08
:00496300 8B55F8
mov edx, dword ptr [ebp-08]
:00496303 58
pop eax
:00496304 E893DEF6FF call
0040419C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00496290(C)
|
:00496309 757E
jne 00496389============》在这里必须跳过
* Possible StringData Ref from Code Obj ->"注册成功!"
|
:0049630B B864654900 mov eax,
00496564
:00496310 E8B397FBFF call
0044FAC8
:00496315 E8CAFEFFFF call
004961E4
:0049631A A180EE4B00 mov eax,
dword ptr [004BEE80]
:0049631F 8B80D4020000 mov eax, dword
ptr [eax+000002D4]
* Possible StringData Ref from Code Obj ->"已经注册!"
|
:00496325 BA78654900 mov edx,
00496578
:0049632A E8DD6EF9FF call
0042D20C
:0049632F 33D2
xor edx, edx
:00496331 8B83E4020000 mov eax, dword
ptr [ebx+000002E4]
:00496337 E8B86DF9FF call
0042D0F4
:0049633C 33D2
xor edx, edx
:0049633E 8B83DC020000 mov eax, dword
ptr [ebx+000002DC]
:00496344 E8AB6DF9FF call
0042D0F4
:00496349 33D2
xor edx, edx
:0049634B 8B83D8020000 mov eax, dword
ptr [ebx+000002D8]
:00496351 E89E6DF9FF call
0042D0F4
* Possible StringData Ref from Code Obj ->"已注册"
|
:00496356 BA8C654900 mov edx,
0049658C
:0049635B 8B83E0020000 mov eax, dword
ptr [ebx+000002E0]
:00496361 E8A66EF9FF call
0042D20C
:00496366 A14CDF4B00 mov eax,
dword ptr [004BDF4C]
:0049636B 8B00
mov eax, dword ptr [eax]
:0049636D 8B805C030000 mov eax, dword
ptr [eax+0000035C]
* Possible StringData Ref from Code Obj ->" "
|
:00496373 BA9C654900 mov edx,
0049659C
:00496378 E88F6EF9FF call
0042D20C
:0049637D B263
mov dl, 63
:0049637F A188EE4B00 mov eax,
dword ptr [004BEE88]
:00496384 E83327FFFF call
00488ABC============》在这里调用格式化代码
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00496309(C)
|
:00496389 8D55F4
lea edx, dword ptr [ebp-0C]
:0049638C 8B83DC020000 mov eax, dword
ptr [ebx+000002DC]
:00496392 E8456EF9FF call
0042D1DC
:00496397 8B45F4
mov eax, dword ptr [ebp-0C]
:0049639A 50
push eax
:0049639B 8D55F0
lea edx, dword ptr [ebp-10]
:0049639E 8B83D0020000 mov eax, dword
ptr [ebx+000002D0]
:004963A4 8B8024020000 mov eax, dword
ptr [eax+00000224]
:004963AA 2DE9040000 sub eax,
000004E9
:004963AF E85428F7FF call
00408C08
:004963B4 8B55F0
mov edx, dword ptr [ebp-10]
:004963B7 58
pop eax
:004963B8 E8DFDDF6FF call
0040419C
:004963BD 757E
jne 0049643D============》在这里必须跳过
* Possible StringData Ref from Code Obj ->"注册成功!"
|
:004963BF B864654900 mov eax,
00496564
:004963C4 E8FF96FBFF call
0044FAC8
:004963C9 E816FEFFFF call
004961E4
:004963CE A180EE4B00 mov eax,
dword ptr [004BEE80]
:004963D3 8B80D4020000 mov eax, dword
ptr [eax+000002D4]
* Possible StringData Ref from Code Obj ->"已经注册!"
|
:004963D9 BA78654900 mov edx,
00496578
:004963DE E8296EF9FF call
0042D20C
:004963E3 33D2
xor edx, edx
:004963E5 8B83E4020000 mov eax, dword
ptr [ebx+000002E4]
:004963EB E8046DF9FF call
0042D0F4
:004963F0 33D2
xor edx, edx
:004963F2 8B83DC020000 mov eax, dword
ptr [ebx+000002DC]
:004963F8 E8F76CF9FF call
0042D0F4
:004963FD 33D2
xor edx, edx
:004963FF 8B83D8020000 mov eax, dword
ptr [ebx+000002D8]
:00496405 E8EA6CF9FF call
0042D0F4
* Possible StringData Ref from Code Obj ->"已注册"
|
:0049640A BA8C654900 mov edx,
0049658C
:0049640F 8B83E0020000 mov eax, dword
ptr [ebx+000002E0]
:00496415 E8F26DF9FF call
0042D20C
:0049641A A14CDF4B00 mov eax,
dword ptr [004BDF4C]
:0049641F 8B00
mov eax, dword ptr [eax]
:00496421 8B805C030000 mov eax, dword
ptr [eax+0000035C]
* Possible StringData Ref from Code Obj ->" "
|
:00496427 BA9C654900 mov edx,
0049659C
:0049642C E8DB6DF9FF call
0042D20C
:00496431 B263
mov dl, 63
:00496433 A188EE4B00 mov eax,
dword ptr [004BEE88]
:00496438 E87F26FFFF call
00488ABC============》在这里调用格式化代码
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004963BD(C)
|
:0049643D 8D55EC
lea edx, dword ptr [ebp-14]
:00496440 8B83DC020000 mov eax, dword
ptr [ebx+000002DC]
:00496446 E8916DF9FF call
0042D1DC
:0049644B 8B45EC
mov eax, dword ptr [ebp-14]
:0049644E 50
push eax
:0049644F 8D55E8
lea edx, dword ptr [ebp-18]
:00496452 8B83D0020000 mov eax, dword
ptr [ebx+000002D0]
:00496458 8B8024020000 mov eax, dword
ptr [eax+00000224]
:0049645E 056D010000 add eax,
0000016D
:00496463 E8A027F7FF call
00408C08
:00496468 8B55E8
mov edx, dword ptr [ebp-18]
:0049646B 58
pop eax
:0049646C E82BDDF6FF call
0040419C
:00496471 7574
jne 004964E7
* Possible StringData Ref from Code Obj ->"注册成功!"
|
:00496473 B864654900 mov eax,
00496564
:00496478 E84B96FBFF call
0044FAC8
:0049647D E862FDFFFF call
004961E4
:00496482 A180EE4B00 mov eax,
dword ptr [004BEE80]
:00496487 8B80D4020000 mov eax, dword
ptr [eax+000002D4]
* Possible StringData Ref from Code Obj ->"已经注册!"
|
:0049648D BA78654900 mov edx,
00496578
:00496492 E8756DF9FF call
0042D20C
:00496497 33D2
xor edx, edx
:00496499 8B83E4020000 mov eax, dword
ptr [ebx+000002E4]
:0049649F E8506CF9FF call
0042D0F4
:004964A4 33D2
xor edx, edx
:004964A6 8B83DC020000 mov eax, dword
ptr [ebx+000002DC]
:004964AC E8436CF9FF call
0042D0F4
:004964B1 33D2
xor edx, edx
:004964B3 8B83D8020000 mov eax, dword
ptr [ebx+000002D8]
:004964B9 E8366CF9FF call
0042D0F4
* Possible StringData Ref from Code Obj ->"已注册"
|
:004964BE BA8C654900 mov edx,
0049658C
:004964C3 8B83E0020000 mov eax, dword
ptr [ebx+000002E0]
:004964C9 E83E6DF9FF call
0042D20C
:004964CE A14CDF4B00 mov eax,
dword ptr [004BDF4C]
:004964D3 8B00
mov eax, dword ptr [eax]
:004964D5 8B805C030000 mov eax, dword
ptr [eax+0000035C]
* Possible StringData Ref from Code Obj ->" "
|
:004964DB BA9C654900 mov edx,
0049659C
:004964E0 E8276DF9FF call
0042D20C
:004964E5 EB20
jmp 00496507
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00496471(C)
|
:004964E7 8D55E4
lea edx, dword ptr [ebp-1C]
:004964EA 8B83DC020000 mov eax, dword
ptr [ebx+000002DC]
:004964F0 E8E76CF9FF call
0042D1DC
:004964F5 837DE400
cmp dword ptr [ebp-1C], 00000000
:004964F9 740C
je 00496507
:004964FB A14CDF4B00 mov eax,
dword ptr [004BDF4C]
:00496500 8B00
mov eax, dword ptr [eax]
:00496502 E8951EFBFF call
0044839C
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004964E5(U), :004964F9(C)
|
:00496507 33C0
xor eax, eax
:00496509 5A
pop edx
:0049650A 59
pop ecx
:0049650B 59
pop ecx
:0049650C 648910
mov dword ptr fs:[eax], edx
:0049650F 6854654900 push
00496554
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00496552(U)
|
:00496514 8D45E4
lea eax, dword ptr [ebp-1C]
:00496517 E8F0D8F6FF call
00403E0C
:0049651C 8D45E8
lea eax, dword ptr [ebp-18]
:0049651F E8E8D8F6FF call
00403E0C
:00496524 8D45EC
lea eax, dword ptr [ebp-14]
:00496527 E8E0D8F6FF call
00403E0C
:0049652C 8D45F0
lea eax, dword ptr [ebp-10]
:0049652F E8D8D8F6FF call
00403E0C
:00496534 8D45F4
lea eax, dword ptr [ebp-0C]
:00496537 E8D0D8F6FF call
00403E0C
:0049653C 8D45F8
lea eax, dword ptr [ebp-08]
:0049653F E8C8D8F6FF call
00403E0C
:00496544 8D45FC
lea eax, dword ptr [ebp-04]
:00496547 E8C0D8F6FF call
00403E0C
:0049654C C3
ret
这是判断是否为已注册的代码:
:00495DD5 53
push ebx
:00495DD6 56
push esi
:00495DD7 33C9
xor ecx, ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00495D72(C)
|
:00495DD9 898DE0FEFFFF mov dword
ptr [ebp+FFFFFEE0], ecx
:00495DDF 898DE4FEFFFF mov dword
ptr [ebp+FFFFFEE4], ecx
:00495DE5 898DE8FEFFFF mov dword
ptr [ebp+FFFFFEE8], ecx
:00495DEB 898DECFEFFFF mov dword
ptr [ebp+FFFFFEEC], ecx
:00495DF1 898DF0FEFFFF mov dword
ptr [ebp+FFFFFEF0], ecx
:00495DF7 894DF4
mov dword ptr [ebp-0C], ecx
:00495DFA 894DFC
mov dword ptr [ebp-04], ecx
:00495DFD 894DF8
mov dword ptr [ebp-08], ecx
:00495E00 8BD8
mov ebx, eax
:00495E02 33C0
xor eax, eax
:00495E04 55
push ebp
:00495E05 688B604900 push
0049608B
:00495E0A 64FF30
push dword ptr fs:[eax]
:00495E0D 648920
mov dword ptr fs:[eax], esp
:00495E10 C60584EE4B0000 mov byte ptr [004BEE84],
00
:00495E17 8B83EC020000 mov eax, dword
ptr [ebx+000002EC]
:00495E1D 8B4844
mov ecx, dword ptr [eax+44]
:00495E20 8D45F4
lea eax, dword ptr [ebp-0C]
* Possible StringData Ref from Code Obj ->"序列号:"
|
:00495E23 BAA0604900 mov edx,
004960A0
:00495E28 E8ABE2F6FF call
004040D8
:00495E2D 8B55F4
mov edx, dword ptr [ebp-0C]
:00495E30 8B83E0020000 mov eax, dword
ptr [ebx+000002E0]
:00495E36 E8D173F9FF call
0042D20C
:00495E3B 8D8DF0FEFFFF lea ecx, dword
ptr [ebp+FFFFFEF0]
:00495E41 A180EE4B00 mov eax,
dword ptr [004BEE80]
:00495E46 8B80EC020000 mov eax, dword
ptr [eax+000002EC]
:00495E4C 8B5044
mov edx, dword ptr [eax+44]
:00495E4F A180EE4B00 mov eax,
dword ptr [004BEE80]
:00495E54 8B80F0020000 mov eax, dword
ptr [eax+000002F0]
:00495E5A E8712BFFFF call
004889D0
:00495E5F 8B95F0FEFFFF mov edx, dword
ptr [ebp+FFFFFEF0]
:00495E65 8D85F4FEFFFF lea eax, dword
ptr [ebp+FFFFFEF4]
:00495E6B B9FF000000 mov ecx,
000000FF
:00495E70 E8F3E1F6FF call
00404068
:00495E75 8D95F4FEFFFF lea edx, dword
ptr [ebp+FFFFFEF4]
:00495E7B A180EE4B00 mov eax,
dword ptr [004BEE80]
:00495E80 8B80D0020000 mov eax, dword
ptr [eax+000002D0]
:00495E86 E8B918FFFF call
00487744
:00495E8B B201
mov dl, 01
:00495E8D A1B00C4500 mov eax,
dword ptr [00450CB0]
:00495E92 E885AFFBFF call
00450E1C
:00495E97 8BF0
mov esi, eax
:00495E99 BA03000080 mov edx,
80000003
:00495E9E 8BC6
mov eax, esi
:00495EA0 E853B0FBFF call
00450EF8
:00495EA5 B101
mov cl, 01
* Possible StringData Ref from Code Obj ->".DEFAULT\Software\AngelSoft\iparmor"
|
:00495EA7 BAB0604900 mov edx,
004960B0
:00495EAC 8BC6
mov eax, esi
:00495EAE E889B1FBFF call
0045103C
:00495EB3 8D4DFC
lea ecx, dword ptr [ebp-04]
* Possible StringData Ref from Code Obj ->"pass"
|
:00495EB6 BADC604900 mov
edx, 004960DC
:00495EBB 8BC6
mov eax, esi
:00495EBD E892B4FBFF call
00451354
:00495EC2 8D95ECFEFFFF lea edx,
dword ptr [ebp+FFFFFEEC]
:00495EC8 8B83D0020000 mov eax,
dword ptr [ebx+000002D0]
:00495ECE 8B8024020000 mov eax,
dword ptr [eax+00000224]
:00495ED4 056D010000 add
eax, 0000016D
:00495ED9 E82A2DF7FF call
00408C08
:00495EDE 8B95ECFEFFFF mov edx,
dword ptr [ebp+FFFFFEEC]
:00495EE4 8B45FC
mov eax, dword ptr [ebp-04]
:00495EE7 E8B0E2F6FF call
0040419C
:00495EEC 757F
jne 00495F6D============》在这里不能跳
:00495EEE C60584EE4B0001 mov byte ptr
[004BEE84], 01
:00495EF5 33D2
xor edx, edx
:00495EF7 8B83E4020000 mov eax,
dword ptr [ebx+000002E4]
:00495EFD E8F271F9FF call
0042D0F4
:00495F02 33D2
xor edx, edx
:00495F04 8B83DC020000 mov eax,
dword ptr [ebx+000002DC]
:00495F0A E8E571F9FF call
0042D0F4
:00495F0F 33D2
xor edx, edx
:00495F11 8B83D8020000 mov eax,
dword ptr [ebx+000002D8]
:00495F17 E8D871F9FF call
0042D0F4
* Possible StringData Ref from Code Obj ->"已经注册"
|
:00495F1C BAEC604900 mov
edx, 004960EC
:00495F21 8B83E0020000 mov eax,
dword ptr [ebx+000002E0]
:00495F27 E8E072F9FF call
0042D20C
:00495F2C 8D95E8FEFFFF lea edx,
dword ptr [ebp+FFFFFEE8]
:00495F32 8B83D0020000 mov eax,
dword ptr [ebx+000002D0]
:00495F38 8B8024020000 mov eax,
dword ptr [eax+00000224]
:00495F3E 056D010000 add
eax, 0000016D
:00495F43 E8C02CF7FF call
00408C08
:00495F48 8B95E8FEFFFF mov edx,
dword ptr [ebp+FFFFFEE8]
:00495F4E 8B45FC
mov eax, dword ptr [ebp-04]
:00495F51 E846E2F6FF call
0040419C
:00495F56 0F8404010000 je 00496060
:00495F5C B263
mov dl, 63
:00495F5E A188EE4B00 mov
eax, dword ptr [004BEE88]
:00495F63 E8542BFFFF call
00488ABC
:00495F68 E9F3000000 jmp
00496060
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00495EEC(C)
|
:00495F6D 803D84EE4B0001 cmp byte ptr
[004BEE84], 01
:00495F74 750C
jne 00495F82
:00495F76 B263
mov dl, 63
:00495F78 A188EE4B00 mov
eax, dword ptr [004BEE88]
:00495F7D E83A2BFFFF call
00488ABC
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00495F74(C)
|
:00495F82 8D4DF8
lea ecx, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"deta"
|
:00495F85 BA00614900 mov
edx, 00496100
:00495F8A 8BC6
mov eax, esi
:00495F8C E8C3B3FBFF call
00451354
:00495F91 837DF800
cmp dword ptr [ebp-08], 00000000
:00495F95 7521
jne 00495FB8
:00495F97 8D45F8
lea eax, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"100"
|
:00495F9A BA10614900 mov
edx, 00496110
:00495F9F E800DFF6FF call
00403EA4
* Possible StringData Ref from Code Obj ->"非常感谢你使用iparmor,iparmor保证为你构造安全?
->"耐缁肪?"
|
:00495FA4 B81C614900 mov
eax, 0049611C
:00495FA9 E81A9BFBFF call
0044FAC8
* Possible StringData Ref from Code Obj ->"由于非法破解本软件而造成的任何后果,由破解者负"
->"责"
|
:00495FAE B860614900 mov
eax, 00496160
:00495FB3 E8109BFBFF call
0044FAC8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00495F95(C)
|
:00495FB8 8B45F8
mov eax, dword ptr [ebp-08]
:00495FBB E8282DF7FF call
00408CE8
:00495FC0 85C0
test eax, eax
:00495FC2 7E6F
jle 00496033
:00495FC4 8B45F8
mov eax, dword ptr [ebp-08]
:00495FC7 E81C2DF7FF call
00408CE8
:00495FCC 83F865
cmp eax, 00000065
:00495FCF 7D62
jge 00496033
:00495FD1 8B45F8
mov eax, dword ptr [ebp-08]
:00495FD4 E80F2DF7FF call
00408CE8
:00495FD9 48
dec eax
:00495FDA 8D95E4FEFFFF lea edx,
dword ptr [ebp+FFFFFEE4]
:00495FE0 E8232CF7FF call
00408C08
:00495FE5 8B8DE4FEFFFF mov ecx,
dword ptr [ebp+FFFFFEE4]
* Possible StringData Ref from Code Obj ->"deta"
|
:00495FEB BA00614900 mov
edx, 00496100
:00495FF0 8BC6
mov eax, esi
:00495FF2 E831B3FBFF call
00451328
:00495FF7 C60584EE4B0001 mov byte ptr
[004BEE84], 01
* Possible StringData Ref from Code Obj ->"你还可以使用 "
|
:00495FFE 689C614900 push
0049619C
:00496003 FF75F8
push [ebp-08]
* Possible StringData Ref from Code Obj ->" 次."
|
:00496006 68B4614900 push
004961B4
:0049600B 8D85E0FEFFFF lea eax,
dword ptr [ebp+FFFFFEE0]
:00496011 BA03000000 mov
edx, 00000003
:00496016 E831E1F6FF call
0040414C
:0049601B 8B95E0FEFFFF mov edx,
dword ptr [ebp+FFFFFEE0]
:00496021 A180EE4B00 mov
eax, dword ptr [004BEE80]
:00496026 8B80D4020000 mov eax,
dword ptr [eax+000002D4]
:0049602C E8DB71F9FF call
0042D20C
:00496031 EB26
jmp 00496059
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00495FC2(C), :00495FCF(C)
|
* Possible StringData Ref from Code Obj ->"对不起,免费时间已到,请注册。"
|
:00496033 B8C4614900 mov
eax, 004961C4
:00496038 E88B9AFBFF call
0044FAC8
:0049603D C60584EE4B0000 mov byte ptr
[004BEE84], 00
:00496044 803D84EE4B0001 cmp byte ptr
[004BEE84], 01
:0049604B 750C
jne 00496059
:0049604D B263
mov dl, 63
:0049604F A188EE4B00 mov
eax, dword ptr [004BEE88]
:00496054 E8632AFFFF call
00488ABC
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00496031(U), :0049604B(C)
|
:00496059 8BC6
mov eax, esi
:0049605B E844D0F6FF call
004030A4
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00495F56(C), :00495F68(U)
|
:00496060 33C0
xor eax, eax
:00496062 5A
pop edx
:00496063 59
pop ecx
:00496064 59
pop ecx
:00496065 648910
mov dword ptr fs:[eax], edx
:00496068 6892604900 push
00496092
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00496090(U)
|
:0049606D 8D85E0FEFFFF lea eax,
dword ptr [ebp+FFFFFEE0]
:00496073 BA05000000 mov
edx, 00000005
:00496078 E8B3DDF6FF call
00403E30
:0049607D 8D45F4
lea eax, dword ptr [ebp-0C]
:00496080 BA03000000 mov
edx, 00000003
:00496085 E8A6DDF6FF call
00403E30
:0049608A C3
ret
下面是格式化驱动器代码:
* Referenced by a CALL at Address:
|:00488BB7
|
* Reference To: shell32.SHFormatDrive, Ord:0000h
|
:00488AB4 FF25D8094C00 Jmp dword
ptr [004C09D8]
:00488ABA 8BC0
mov eax, eax
* Referenced by a CALL at Addresses:
|:00495F63 , :00495F7D , :00496054 , :00496384 ,
:00496438
|
:00488ABC 55
push ebp=======》这里我强行让它返回C3
:00488ABD 8BEC
mov ebp, esp
:00488ABF 6A00
push 00000000
:00488AC1 6A00
push 00000000
:00488AC3 6A00
push 00000000
:00488AC5 53
push ebx
:00488AC6 8855FF
mov byte ptr [ebp-01], dl
:00488AC9 33D2
xor edx, edx
:00488ACB 55
push ebp
:00488ACC 68D78B4800 push
00488BD7
:00488AD1 64FF32
push dword ptr fs:[edx]
:00488AD4 648922
mov dword ptr fs:[edx], esp
:00488AD7 8A55FF
mov dl, byte ptr [ebp-01]
:00488ADA E8BD010000 call
00488C9C
:00488ADF 8BD8
mov ebx, eax
:00488AE1 80FB02
cmp bl, 02
:00488AE4 0F84B1000000 je 00488B9B
:00488AEA 80FB03
cmp bl, 03
:00488AED 0F84A8000000 je 00488B9B
:00488AF3 8D45F8
lea eax, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"Cannot format a "
|
:00488AF6 BAEC8B4800 mov
edx, 00488BEC
:00488AFB E8A4B3F7FF call
00403EA4
:00488B00 33C0
xor eax, eax
:00488B02 8AC3
mov al, bl
:00488B04 83F806
cmp eax, 00000006
:00488B07 776C
ja 00488B75
:00488B09 FF2485108B4800 jmp dword ptr
[4*eax+00488B10]
:00488B10 2C8B4800
DWORD 00488B2C
:00488B14 3B8B4800
DWORD 00488B3B
:00488B18 758B4800
DWORD 00488B75
:00488B1C 758B4800
DWORD 00488B75
:00488B20 4A8B4800
DWORD 00488B4A
:00488B24 598B4800
DWORD 00488B59
:00488B28 688B4800
DWORD 00488B68
:00488B2C 8D45F8
lea eax, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"Cannot determine drive type"
|
:00488B2F BA088C4800 mov
edx, 00488C08
:00488B34 E86BB3F7FF call
00403EA4
:00488B39 EB3A
jmp 00488B75
:00488B3B 8D45F8
lea eax, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"Specified drive does not exist"
|
:00488B3E BA2C8C4800 mov
edx, 00488C2C
:00488B43 E85CB3F7FF call
00403EA4
:00488B48 EB2B
jmp 00488B75
:00488B4A 8D45F8
lea eax, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"Network Drive"
|
:00488B4D BA548C4800 mov
edx, 00488C54
:00488B52 E83DB5F7FF call
00404094
:00488B57 EB1C
jmp 00488B75
:00488B59 8D45F8
lea eax, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"CD-ROM Drive"
|
:00488B5C BA6C8C4800 mov
edx, 00488C6C
:00488B61 E82EB5F7FF call
00404094
:00488B66 EB0D
jmp 00488B75
:00488B68 8D45F8
lea eax, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"RAM Drive"
|
:00488B6B BA848C4800 mov
edx, 00488C84
:00488B70 E81FB5F7FF call
00404094
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00488B07(C), :00488B39(U), :00488B48(U), :00488B57(U), :00488B66(U)
|
:00488B75 8D45F4
lea eax, dword ptr [ebp-0C]
:00488B78 B9988C4800 mov
ecx, 00488C98
:00488B7D 8B55F8
mov edx, dword ptr [ebp-08]
:00488B80 E853B5F7FF call
004040D8
:00488B85 8B4DF4
mov ecx, dword ptr [ebp-0C]
:00488B88 B201
mov dl, 01
:00488B8A A12C7C4000 mov
eax, dword ptr [00407C2C]
:00488B8F E8EC32F8FF call
0040BE80
:00488B94 E8A3ACF7FF call
0040383C
:00488B99 EB21
jmp 00488BBC
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00488AE4(C), :00488AED(C)
|
:00488B9B 33C0
xor eax, eax
:00488B9D 8A45FF
mov al, byte ptr [ebp-01]
:00488BA0 6683E841
sub ax, 0041
:00488BA4 6A00
push 00000000
* Possible Reference to String Resource ID=65535: "Invalid numeric input"
|
:00488BA6 68FFFF0000 push
0000FFFF
:00488BAB 50
push eax
:00488BAC A114DE4B00 mov
eax, dword ptr [004BDE14]
:00488BB1 8B00
mov eax, dword ptr [eax]
:00488BB3 8B4024
mov eax, dword ptr [eax+24]
:00488BB6 50
push eax
* Reference To: shell32.SHFormatDrive, Ord:0000h
|
:00488BB7 E8F8FEFFFF Call
00488AB4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00488B99(U)
|
:00488BBC 33C0
xor eax, eax
:00488BBE 5A
pop edx
:00488BBF 59
pop ecx
:00488BC0 59
pop ecx
:00488BC1 648910
mov dword ptr fs:[eax], edx
:00488BC4 68DE8B4800 push
00488BDE
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00488BDC(U)
|
:00488BC9 8D45F4
lea eax, dword ptr [ebp-0C]
:00488BCC BA02000000 mov
edx, 00000002
:00488BD1 E85AB2F7FF call
00403E30
:00488BD6 C3
ret