- 积分
- 90
- 实力分
- 点
- 金钱数
- 两
- 技术分
- 分
- 贡献分
- 分
|
发表于 2006-9-22 18:40:17
|
显示全部楼层
估计这个是用到了creatprocess和exitprocess函数了。需要ida来看看它们的用法
我试着改了下,中间有些call还没改成5508,主体部分应该没什么问题
org 0E447E0h
movb rl4, rl1
cmpb rl4, #6
jmpr cc_Z, loc_530008
rets
loc_530008:
movb rl4, #0
calls loc_main
mov r12, #35E8h
mov r13, #0Eh
mov r14, #85h
mov r15, #0
jmps 0C1h, 0AA30h ;psendmessage
add r0, r0
loc_menu1?:
rets
loc_processhandle1:
sub r0, #1Eh
mov r12, #pof(menu?)
mov r13, #pag(menu?)
mov r14, r0
and r14, #3FFFh
mov r15, DPP1
calls 0D6h, 340h ;creatdialog??
add r0, #1Eh
rets
loc_1:
mov [-r0], r9
mov [-r0], r8
mov [-r0], r7
mov [-r0], r6
mov r8, #100h
mov r9, #35h
mov r12, #327Ah
mov r13, #37h
extp r13, #2
mov r1, [r12+]
mov r2, [r12]
mov r14, r1
mov r15, r2
add r14, #4
extp r15, #2
mov r13, [r14+#2]
mov r12, [r14]
extp r13, #2
mov r3, [r12+#4]
mov r10, [r12+#6]
mov r12, r3
mov r13, r10
sub r12, r8
subc r13, r9
jmpr cc_Z, loc_5300FA
loc_530082:
extp r15, #2
mov r13, [r14+#2]
mov r12, [r14]
mov r6, r12
mov r7, r13
add r6, #4
extp r7, #2
mov r5, [r6+#2]
mov r4, [r6]
extp r5, #2
mov [r4+#2], r2
mov [r4], r1
extp r7, #2
mov r5, [r6+#2]
mov r4, [r6]
extp r15, #2
mov [r14+#2], r5
mov [r14], r4
mov r4, #100h
mov r5, #35h
mov [-r0], r3
extp r5, #2
mov r11, [r4+]
mov r3, [r4]
extp r13, #2
mov [r12+#2], r3
mov [r12], r11
extp r3, #2
mov [r11+#4], r12
mov [r11+#6], r13
mov r3, [r0+]
mov r4, #100h
mov r5, #35h
extp r5, #2
mov [r4+#2], r13
mov [r4], r12
extp r7, #2
mov [r6+#2], r9
mov [r6], r8
extp r15, #2
mov r13, [r14+#2]
mov r12, [r14]
sub r12, r3
subc r13, r10
jmpr cc_NZ, loc_530082
loc_5300FA:
mov r6, [r0+]
mov r7, [r0+]
mov r8, [r0+]
mov r9, [r0+]
rets
loc_processhandle?:
calls loc_processhandle1
jmps loc_processhandle2
loc_processhandle2:
mov [-r0], r9
mov [-r0], r8
mov [-r0], r6
sub r0, #0C8h
mov r8, #100h
mov r9, #35h
mov r6, #0
mov r12, #0
mov r13, #0
mov r14, #65h
mov r15, #50h
calls 0D6h, 0A20Ah ;??
loc_530130:
mov r12, r8
mov [-r0], r12
mov r13, r9
mov [-r0], r13
mov r12, #4
add r12, r0
and r12, #3FFFh
mov r13, DPP1
mov r14, #20Ch
mov r15, #3CCh
calls 0A4h, 884Eh ;??
add r0, #4
mov r12, r8
mov r13, r9
extp r13, #2
mov r8, [r12+]
mov r9, [r12]
mov r12, #7
mov [-r0], r12
mov r13, #2
add r13, r0
and r13, #3FFFh
mov r14, DPP1
mov [-r0], r14
mov [-r0], r13
mov r12, #0
mov r13, r6
mov r14, #65h
mov r15, #0Ah
calls 0D6h, 0A358h ;???
add r0, #6
add r6, #0Ah
mov r12, r9
or r12, r8
jmpr cc_NZ, loc_530130
add r0, #0C8h
mov r6, [r0+]
mov r8, [r0+]
mov r9, [r0+]
rets
loc_process:
mov [-r0], r12
mov [-r0], r13
calls loc_1
mov r13, [r0+]
mov r12, [r0+]
mov r14, r12
extp r13, #1
mov r12, [r14+#0Ch]
calls 0EEh, 13D0h ;???
mov r4, #1
rets
loc_exit?:
rets
loc_main1:
sub r0, #2Ch
mov r12, #0
mov [-r0], r12
mov r12, #pof(process)
mov r13, #pag(process)
mov r14, #2
add r14, r0
and r14, #3FFFh
mov r15, DPP1
calls 0EEh, 1112h ;???
add r0, #2Eh
rets
loc_main:
jmps loc_main1
;数据部分
;menu?:
db loc_menu1?,loc_menu1?,loc_menu1?,loc_menu1?
;data:
db 20h,31h,0D6h,00h,10h,00h,0C4h,00h,0F5h,0FFh
;process:
db loc_main1
;processhandle?:
db loc_processhandle?
;exitprocess:
db loc_exit?
;2C000100 不知道什么数据,没修改
;F601CC03 rets,但是不知道那里用的
;25303258 不知道什么数据
;3A2530345800 不知道什么数据
end
[ 本帖最后由 JunFeng 于 2006-9-22 19:06 编辑 ] |
|
IP卡
狗仔卡
发表于 2006-9-22 16:17:29
显身卡
楼主