-
回文即可參加抽獎! 視博通 Superturn SAK220 (W) 白色版
[分享] 07/4/16 電腦消磁聖手 V6.3 綠色版
- 主題發起人 iknosayya
- 開始日期
這軟體會自動 設定為開機啟動須注意
以下為轉貼文章
「電腦消磁聖手」的消磁「秘術」
前言:
平安夜的晚上,在網上隨處溜躂,偶爾看到一款名叫《電腦消磁聖手》的軟件,是某公司開發的(具體是什麼公司大家自己去看吧,我就不說出來了,免得麻煩)。據軟件中的說明「本系統一直在國外市場上銷售,效果很好,最近把系統翻譯成中文版,免費提供給國內的朋友使用。」,至於軟件的作用,又有如下的說明:「本系統非常適合在電腦前長時間工作的人,能夠高效的清除電腦產生的電磁波,對工作者的身體起到了保健的工作。本系統根據電腦產生的電磁波,自動產生融磁波,中和電腦產生的磁波。由於電腦在不停的釋放電磁波,建議您每隔一個小時進行一次消磁工作。」聽起來十分誘人,於是就down了下來把玩一番。最新版本好像是6。3版(升級了好多次了吧)。
試用:
下載下來的是一個壓縮包,解開後只有一個可執行文件。運行一下,首先彈出了瀏覽器窗口,連向了一個網站(可能是軟件公司的網站吧),隨手關掉。軟件的主界面倒是很簡捷,最主要的就是「開始消磁」按鈕。點擊一下,出現了一個進度條在不斷的前進,同時還有提示文本出現,就是這些「系統正在做消磁前的準備...」、「系統正在收集電腦的電磁波...」、「系統正在釋放融磁電波...」、「系統正在釋放融磁電波...」、「系統正在做最後的消磁工作...」。經過這樣一番神秘的儀式之後,彈出一個對話框提示「融磁成功,已經成功中和電腦周圍磁場?」剎那之間,我對作者的佩服如同滔滔江水連綿不絕,這可是項巨牛x的技術,只靠軟件就可以進行消磁了,而且還是電腦周圍的電磁波,不知道作者是否申請了專利。懷著最作者的無比崇敬和那份極度的神秘感,我飛快的的把軟件給肢解了:)
分析:
檢測一下,是用Delphi寫的,沒有加殼。用DeDe載入後,反編譯「開始消磁」按鈕點擊事件對應的代碼,複製如下:
0047FF28 53 push ebx
0047FF29 8BD8 mov ebx, eax
0047FF2B 33D2 xor edx, edx
* Reference to control TFrmRamMain.Panel2 : TPanel
|
0047FF2D 8B83FC020000 mov eax, [ebx+$02FC]
* Reference to: controls.TControl.SetVisible(TControl;Boolean);
|
0047FF33 E80CA6FAFF call 0042A544
0047FF38 B201 mov dl, $01
* Reference to control TFrmRamMain.Panel1 : TPanel
|
0047FF3A 8B83F0020000 mov eax, [ebx+$02F0]
* Reference to: controls.TControl.SetVisible(TControl;Boolean);
|
0047FF40 E8FFA5FAFF call 0042A544
* Possible String Reference to: '系統正在做消磁前的準備...' ;提示文本,準備好了
|
0047FF45 BA7C014800 mov edx, $0048017C
* Reference to control TFrmRamMain.Label3 : TLabel
|
0047FF4A 8B83F4020000 mov eax, [ebx+$02F4]
* Reference to: controls.TControl.SetText(TControl;TCaption);
|
0047FF50 E807A7FAFF call 0042A65C
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar ;進度條開始動了
|
0047FF55 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FF5B E80489FDFF call 00458864
0047FF60 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay() ;核心代碼?~~~~~!!!!!!牛x,這樣就可以「中和電腦周圍磁場」,佩服佩服~~~~~~
|
0047FF62 E8D1020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar ;進度條繼續在動
|
0047FF67 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FF6D E8F288FDFF call 00458864
0047FF72 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay() ;休息一下,不知道從何方招來的神聖正在提我們消磁:)
|
0047FF74 E8BF020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar ;繼續動
|
0047FF79 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FF7F E8E088FDFF call 00458864
0047FF84 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0047FF86 E8AD020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0047FF8B 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FF91 E8CE88FDFF call 00458864
0047FF96 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0047FF98 E89B020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0047FF9D 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FFA3 E8BC88FDFF call 00458864
* Possible String Reference to: '系統正在收集電腦的電磁波...'
|
0047FFA8 BAA0014800 mov edx, $004801A0
* Reference to control TFrmRamMain.Label3 : TLabel
|
0047FFAD 8B83F4020000 mov eax, [ebx+$02F4]
* Reference to: controls.TControl.SetText(TControl;TCaption);
|
0047FFB3 E8A4A6FAFF call 0042A65C
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0047FFB8 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FFBE E8A188FDFF call 00458864
0047FFC3 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay() ;根據提示,這句應該是收集電磁波的代碼。
|
0047FFC5 E86E020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0047FFCA 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FFD0 E88F88FDFF call 00458864
0047FFD5 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0047FFD7 E85C020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0047FFDC 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FFE2 E87D88FDFF call 00458864
0047FFE7 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0047FFE9 E84A020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0047FFEE 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FFF4 E86B88FDFF call 00458864
0047FFF9 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0047FFFB E838020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480000 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480006 E85988FDFF call 00458864
* Possible String Reference to: '系統正在釋放融磁電波...'
|
0048000B BAC4014800 mov edx, $004801C4
* Reference to control TFrmRamMain.Label3 : TLabel
|
00480010 8B83F4020000 mov eax, [ebx+$02F4]
* Reference to: controls.TControl.SetText(TControl;TCaption);
|
00480016 E841A6FAFF call 0042A65C
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0048001B 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480021 E83E88FDFF call 00458864
00480026 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay() ;消磁的核心代碼,這項技術大家可要記牢了,不可亂用,說不定作者申請專利了呢:)
|
00480028 E80B020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0048002D 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480033 E82C88FDFF call 00458864
00480038 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0048003A E8F9010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0048003F 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480045 E81A88FDFF call 00458864
0048004A 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0048004C E8E7010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480051 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480057 E80888FDFF call 00458864
0048005C 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0048005E E8D5010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480063 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480069 E8F687FDFF call 00458864
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0048006E 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480074 E8EB87FDFF call 00458864
00480079 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0048007B E8B8010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480080 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480086 E8D987FDFF call 00458864
0048008B 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0048008D E8A6010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480092 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480098 E8C787FDFF call 00458864
0048009D 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0048009F E894010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
004800A4 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
004800AA E8B587FDFF call 00458864
004800AF 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
004800B1 E882010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
004800B6 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
004800BC E8A387FDFF call 00458864
* Possible String Reference to: '系統正在做最後的消磁工作...'
|
004800C1 BAE4014800 mov edx, $004801E4
* Reference to control TFrmRamMain.Label3 : TLabel
|
004800C6 8B83F4020000 mov eax, [ebx+$02F4]
* Reference to: controls.TControl.SetText(TControl;TCaption);
|
004800CC E88BA5FAFF call 0042A65C
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
004800D1 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
004800D7 E88887FDFF call 00458864
004800DC 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay() ;我就不說什麼了吧:)
|
004800DE E855010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
004800E3 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
004800E9 E87687FDFF call 00458864
004800EE 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
004800F0 E843010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
004800F5 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
004800FB E86487FDFF call 00458864
00480100 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
00480102 E831010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480107 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0048010D E85287FDFF call 00458864
00480112 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
00480114 E81F010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480119 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0048011F E84087FDFF call 00458864
00480124 B8E8030000 mov eax, $000003E8
* Reference to: system.@RandInt;
|
00480129 E86629F8FF call 00402A94
0048012E 85C0 test eax, eax
00480130 6A40 push $40
* Possible String Reference to: '電腦消磁聖手'
|
00480132 B900024800 mov ecx, $00480200
* Possible String Reference to: '融磁成功,已經成功中和電腦周圍磁場?
| ?
|
00480137 BA10024800 mov edx, $00480210
* Reference to TApplication instance
|
0048013C A148284800 mov eax, dword ptr [$00482848]
00480141 8B00 mov eax, [eax]
* Reference to: forms.TApplication.MessageBox(TApplication;PChar;PChar;Longint):Integer;
|
00480143 E89895FCFF call 004496E0 ;大功告成,消磁成功!!!
00480148 33D2 xor edx, edx
* Reference to control TFrmRamMain.Panel1 : TPanel
|
0048014A 8B83F0020000 mov eax, [ebx+$02F0]
* Reference to: controls.TControl.SetVisible(TControl;Boolean);
|
00480150 E8EFA3FAFF call 0042A544
00480155 B201 mov dl, $01
* Reference to control TFrmRamMain.Panel2 : TPanel
|
00480157 8B83FC020000 mov eax, [ebx+$02FC]
* Reference to: controls.TControl.SetVisible(TControl;Boolean);
|
0048015D E8E2A3FAFF call 0042A544
* Reference to TFrmAbout instance
|
00480162 A148264800 mov eax, dword ptr [$00482648]
00480167 8B00 mov eax, [eax]
00480169 8B10 mov edx, [eax]
* Reference to method TFrmAbout.ShowModal()
|
0048016B FF92D8000000 call dword ptr [edx+$00D8] ;關於窗口露一小臉,是介紹公司的。如此精深的技術,倘不見一下那只下蛋的雞,豈不是太可惜了麼:)
00480171 5B pop ebx
00480172 C3 ret
上面就是「消磁聖手」的核心代碼。逆向了這麼重要的代碼心裡甚是不安。軟件的開發公司千萬不要告我啊!不過已經看了,再多看一點也無妨吧。誰知這一看不要緊,又發現了軟件作者的體貼之處,請看下面的代碼,是窗體創建事件對應的代碼:
004802F8 55 push ebp
004802F9 8BEC mov ebp, esp
004802FB 33C9 xor ecx, ecx
004802FD 51 push ecx
004802FE 51 push ecx
004802FF 51 push ecx
00480300 51 push ecx
00480301 51 push ecx
00480302 51 push ecx
00480303 51 push ecx
00480304 33C0 xor eax, eax
00480306 55 push ebp
* Possible String Reference to: '檫0?脬?]?
|
00480307 6808044800 push $00480408
***** TRY
|
0048030C 64FF30 push dword ptr fs:[eax]
0048030F 648920 mov fs:[eax], esp
00480312 8D55F0 lea edx, [ebp-$10]
* Reference to TApplication instance
|
00480315 A148284800 mov eax, dword ptr [$00482848]
0048031A 8B00 mov eax, [eax]
* Reference to: forms.TApplication.GetExeName(TApplication):AnsiString;
|
0048031C E82F97FCFF call 00449A50 ;Who am I?
00480321 8B45F0 mov eax, [ebp-$10]
00480324 8D55F4 lea edx, [ebp-$0C]
* Reference to: Unit_00406FD0.Proc_00408110
|
00480327 E8E47DF8FF call 00408110
0048032C 8B45F4 mov eax, [ebp-$0C]
0048032F 50 push eax
00480330 8D55E8 lea edx, [ebp-$18]
* Reference to TApplication instance
|
00480333 A148284800 mov eax, dword ptr [$00482848]
00480338 8B00 mov eax, [eax]
* Reference to: forms.TApplication.GetExeName(TApplication):AnsiString;
|
0048033A E81197FCFF call 00449A50
0048033F 8B45E8 mov eax, [ebp-$18]
00480342 8D55EC lea edx, [ebp-$14]
* Reference to: Unit_00406FD0.Proc_004080DC
|
00480345 E8927DF8FF call 004080DC
0048034A 8B55EC mov edx, [ebp-$14]
0048034D 8D45FC lea eax, [ebp-$04]
00480350 59 pop ecx
* Reference to: system.@LStrCat3;
|
00480351 E8CA39F8FF call 00403D20
00480356 B201 mov dl, $01
* Reference to class TRegistry
|
00480358 A174F14700 mov eax, dword ptr [$0047F174]
* Reference to: Unit_0047F114.Proc_0047F274
|
0048035D E812EFFFFF call 0047F274
00480362 8945F8 mov [ebp-$08], eax
00480365 33C0 xor eax, eax
00480367 55 push ebp
00480368 68DE034800 push $004803DE
***** TRY
|
0048036D 64FF30 push dword ptr fs:[eax]
00480370 648920 mov fs:[eax], esp
00480373 BA02000080 mov edx, $80000002
00480378 8B45F8 mov eax, [ebp-$08]
* Reference to: Unit_0047F114.Proc_0047F314
|
0048037B E894EFFFFF call 0047F314
00480380 B101 mov cl, $01
* Possible String Reference to: '\SOFTWARE\Microsoft\Windows\Current ;這個地方好熟悉,為什麼我的毒霸不報警呢:)
| Version\Run\'
|
00480382 BA1C044800 mov edx, $0048041C
00480387 8B45F8 mov eax, [ebp-$08]
* Reference to: Unit_0047F114.Proc_0047F378
|
0048038A E8E9EFFFFF call 0047F378
0048038F 84C0 test al, al
00480391 7435 jz 004803C8
00480393 8D4DE4 lea ecx, [ebp-$1C]
* Possible String Reference to: 'JrRClean'
|
00480396 BA54044800 mov edx, $00480454
0048039B 8B45F8 mov eax, [ebp-$08]
* Reference to: Unit_0047F114.Proc_0047F540
|
0048039E E89DF1FFFF call 0047F540
004803A3 8B45E4 mov eax, [ebp-$1C]
004803A6 8B55FC mov edx, [ebp-$04]
* Reference to: system.@LStrCmp;
|
004803A9 E8363AF8FF call 00403DE4
004803AE 7410 jz 004803C0
004803B0 8B4DFC mov ecx, [ebp-$04]
* Possible String Reference to: 'JrRClean'
|
004803B3 BA54044800 mov edx, $00480454
004803B8 8B45F8 mov eax, [ebp-$08]
* Reference to: Unit_0047F114.Proc_0047F514
|
004803BB E854F1FFFF call 0047F514
004803C0 8B45F8 mov eax, [ebp-$08]
* Reference to: Unit_0047F114.Proc_0047F2E4
|
004803C3 E81CEFFFFF call 0047F2E4
004803C8 33C0 xor eax, eax
004803CA 5A pop edx
004803CB 59 pop ecx
004803CC 59 pop ecx
004803CD 648910 mov fs:[eax], edx
****** FINALLY
|
004803D0 68E5034800 push $004803E5
004803D5 8B45F8 mov eax, [ebp-$08]
* Reference to: system.TObject.Free(TObject);
|
004803D8 E8EF29F8FF call 00402DCC
004803DD C3 ret
* Reference to: system.@HandleFinally;
|
004803DE E90931F8FF jmp 004034EC
004803E3 EBF0 jmp 004803D5
****** END
|
004803E5 33C0 xor eax, eax
004803E7 5A pop edx
004803E8 59 pop ecx
004803E9 59 pop ecx
004803EA 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '?]?
|
004803ED 680F044800 push $0048040F
004803F2 8D45E4 lea eax, [ebp-$1C]
004803F5 BA05000000 mov edx, $00000005
* Reference to: system.@LStrArrayClr;
|
004803FA E87936F8FF call 00403A78
004803FF 8D45FC lea eax, [ebp-$04]
* Reference to: system.@LStrClr(String;String);
|
00480402 E84D36F8FF call 00403A54
00480407 C3 ret
* Reference to: system.@HandleFinally;
|
00480408 E9DF30F8FF jmp 004034EC
0048040D EBE3 jmp 004803F2
****** END
|
0048040F 8BE5 mov esp, ebp
00480411 5D pop ebp
00480412 C3 ret
上面的代碼我就不用多解釋了吧?要知道電磁波輻射在開機的時候是最強的,所以「體貼」的作者就把「消磁聖手」加入了啟動項中,這樣每次啟動的時候就能夠自動消磁了,真是「人性化」阿~~~~~~當然,每次啟動的除了「消磁聖手」,還有宣傳的網站:)
只是苦了我又要清理啟動項了。為什麼98的註冊表編輯器不能保存上一次打開的位置阿。
以下為轉貼文章
「電腦消磁聖手」的消磁「秘術」
前言:
平安夜的晚上,在網上隨處溜躂,偶爾看到一款名叫《電腦消磁聖手》的軟件,是某公司開發的(具體是什麼公司大家自己去看吧,我就不說出來了,免得麻煩)。據軟件中的說明「本系統一直在國外市場上銷售,效果很好,最近把系統翻譯成中文版,免費提供給國內的朋友使用。」,至於軟件的作用,又有如下的說明:「本系統非常適合在電腦前長時間工作的人,能夠高效的清除電腦產生的電磁波,對工作者的身體起到了保健的工作。本系統根據電腦產生的電磁波,自動產生融磁波,中和電腦產生的磁波。由於電腦在不停的釋放電磁波,建議您每隔一個小時進行一次消磁工作。」聽起來十分誘人,於是就down了下來把玩一番。最新版本好像是6。3版(升級了好多次了吧)。
試用:
下載下來的是一個壓縮包,解開後只有一個可執行文件。運行一下,首先彈出了瀏覽器窗口,連向了一個網站(可能是軟件公司的網站吧),隨手關掉。軟件的主界面倒是很簡捷,最主要的就是「開始消磁」按鈕。點擊一下,出現了一個進度條在不斷的前進,同時還有提示文本出現,就是這些「系統正在做消磁前的準備...」、「系統正在收集電腦的電磁波...」、「系統正在釋放融磁電波...」、「系統正在釋放融磁電波...」、「系統正在做最後的消磁工作...」。經過這樣一番神秘的儀式之後,彈出一個對話框提示「融磁成功,已經成功中和電腦周圍磁場?」剎那之間,我對作者的佩服如同滔滔江水連綿不絕,這可是項巨牛x的技術,只靠軟件就可以進行消磁了,而且還是電腦周圍的電磁波,不知道作者是否申請了專利。懷著最作者的無比崇敬和那份極度的神秘感,我飛快的的把軟件給肢解了:)
分析:
檢測一下,是用Delphi寫的,沒有加殼。用DeDe載入後,反編譯「開始消磁」按鈕點擊事件對應的代碼,複製如下:
0047FF28 53 push ebx
0047FF29 8BD8 mov ebx, eax
0047FF2B 33D2 xor edx, edx
* Reference to control TFrmRamMain.Panel2 : TPanel
|
0047FF2D 8B83FC020000 mov eax, [ebx+$02FC]
* Reference to: controls.TControl.SetVisible(TControl;Boolean);
|
0047FF33 E80CA6FAFF call 0042A544
0047FF38 B201 mov dl, $01
* Reference to control TFrmRamMain.Panel1 : TPanel
|
0047FF3A 8B83F0020000 mov eax, [ebx+$02F0]
* Reference to: controls.TControl.SetVisible(TControl;Boolean);
|
0047FF40 E8FFA5FAFF call 0042A544
* Possible String Reference to: '系統正在做消磁前的準備...' ;提示文本,準備好了
|
0047FF45 BA7C014800 mov edx, $0048017C
* Reference to control TFrmRamMain.Label3 : TLabel
|
0047FF4A 8B83F4020000 mov eax, [ebx+$02F4]
* Reference to: controls.TControl.SetText(TControl;TCaption);
|
0047FF50 E807A7FAFF call 0042A65C
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar ;進度條開始動了
|
0047FF55 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FF5B E80489FDFF call 00458864
0047FF60 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay() ;核心代碼?~~~~~!!!!!!牛x,這樣就可以「中和電腦周圍磁場」,佩服佩服~~~~~~
|
0047FF62 E8D1020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar ;進度條繼續在動
|
0047FF67 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FF6D E8F288FDFF call 00458864
0047FF72 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay() ;休息一下,不知道從何方招來的神聖正在提我們消磁:)
|
0047FF74 E8BF020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar ;繼續動
|
0047FF79 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FF7F E8E088FDFF call 00458864
0047FF84 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0047FF86 E8AD020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0047FF8B 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FF91 E8CE88FDFF call 00458864
0047FF96 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0047FF98 E89B020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0047FF9D 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FFA3 E8BC88FDFF call 00458864
* Possible String Reference to: '系統正在收集電腦的電磁波...'
|
0047FFA8 BAA0014800 mov edx, $004801A0
* Reference to control TFrmRamMain.Label3 : TLabel
|
0047FFAD 8B83F4020000 mov eax, [ebx+$02F4]
* Reference to: controls.TControl.SetText(TControl;TCaption);
|
0047FFB3 E8A4A6FAFF call 0042A65C
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0047FFB8 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FFBE E8A188FDFF call 00458864
0047FFC3 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay() ;根據提示,這句應該是收集電磁波的代碼。
|
0047FFC5 E86E020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0047FFCA 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FFD0 E88F88FDFF call 00458864
0047FFD5 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0047FFD7 E85C020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0047FFDC 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FFE2 E87D88FDFF call 00458864
0047FFE7 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0047FFE9 E84A020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0047FFEE 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0047FFF4 E86B88FDFF call 00458864
0047FFF9 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0047FFFB E838020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480000 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480006 E85988FDFF call 00458864
* Possible String Reference to: '系統正在釋放融磁電波...'
|
0048000B BAC4014800 mov edx, $004801C4
* Reference to control TFrmRamMain.Label3 : TLabel
|
00480010 8B83F4020000 mov eax, [ebx+$02F4]
* Reference to: controls.TControl.SetText(TControl;TCaption);
|
00480016 E841A6FAFF call 0042A65C
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0048001B 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480021 E83E88FDFF call 00458864
00480026 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay() ;消磁的核心代碼,這項技術大家可要記牢了,不可亂用,說不定作者申請專利了呢:)
|
00480028 E80B020000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0048002D 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480033 E82C88FDFF call 00458864
00480038 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0048003A E8F9010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0048003F 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480045 E81A88FDFF call 00458864
0048004A 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0048004C E8E7010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480051 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480057 E80888FDFF call 00458864
0048005C 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0048005E E8D5010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480063 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480069 E8F687FDFF call 00458864
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
0048006E 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480074 E8EB87FDFF call 00458864
00480079 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0048007B E8B8010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480080 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480086 E8D987FDFF call 00458864
0048008B 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0048008D E8A6010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480092 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
00480098 E8C787FDFF call 00458864
0048009D 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
0048009F E894010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
004800A4 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
004800AA E8B587FDFF call 00458864
004800AF 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
004800B1 E882010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
004800B6 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
004800BC E8A387FDFF call 00458864
* Possible String Reference to: '系統正在做最後的消磁工作...'
|
004800C1 BAE4014800 mov edx, $004801E4
* Reference to control TFrmRamMain.Label3 : TLabel
|
004800C6 8B83F4020000 mov eax, [ebx+$02F4]
* Reference to: controls.TControl.SetText(TControl;TCaption);
|
004800CC E88BA5FAFF call 0042A65C
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
004800D1 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
004800D7 E88887FDFF call 00458864
004800DC 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay() ;我就不說什麼了吧:)
|
004800DE E855010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
004800E3 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
004800E9 E87687FDFF call 00458864
004800EE 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
004800F0 E843010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
004800F5 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
004800FB E86487FDFF call 00458864
00480100 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
00480102 E831010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480107 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0048010D E85287FDFF call 00458864
00480112 8BC3 mov eax, ebx
* Reference to : TFrmRamMain.Delay()
|
00480114 E81F010000 call 00480238
* Reference to control TFrmRamMain.ProgressBar1 : TProgressBar
|
00480119 8B83F8020000 mov eax, [ebx+$02F8]
* Reference to: comctrls.TProgressBar.StepIt(TProgressBar);
|
0048011F E84087FDFF call 00458864
00480124 B8E8030000 mov eax, $000003E8
* Reference to: system.@RandInt;
|
00480129 E86629F8FF call 00402A94
0048012E 85C0 test eax, eax
00480130 6A40 push $40
* Possible String Reference to: '電腦消磁聖手'
|
00480132 B900024800 mov ecx, $00480200
* Possible String Reference to: '融磁成功,已經成功中和電腦周圍磁場?
| ?
|
00480137 BA10024800 mov edx, $00480210
* Reference to TApplication instance
|
0048013C A148284800 mov eax, dword ptr [$00482848]
00480141 8B00 mov eax, [eax]
* Reference to: forms.TApplication.MessageBox(TApplication;PChar;PChar;Longint):Integer;
|
00480143 E89895FCFF call 004496E0 ;大功告成,消磁成功!!!
00480148 33D2 xor edx, edx
* Reference to control TFrmRamMain.Panel1 : TPanel
|
0048014A 8B83F0020000 mov eax, [ebx+$02F0]
* Reference to: controls.TControl.SetVisible(TControl;Boolean);
|
00480150 E8EFA3FAFF call 0042A544
00480155 B201 mov dl, $01
* Reference to control TFrmRamMain.Panel2 : TPanel
|
00480157 8B83FC020000 mov eax, [ebx+$02FC]
* Reference to: controls.TControl.SetVisible(TControl;Boolean);
|
0048015D E8E2A3FAFF call 0042A544
* Reference to TFrmAbout instance
|
00480162 A148264800 mov eax, dword ptr [$00482648]
00480167 8B00 mov eax, [eax]
00480169 8B10 mov edx, [eax]
* Reference to method TFrmAbout.ShowModal()
|
0048016B FF92D8000000 call dword ptr [edx+$00D8] ;關於窗口露一小臉,是介紹公司的。如此精深的技術,倘不見一下那只下蛋的雞,豈不是太可惜了麼:)
00480171 5B pop ebx
00480172 C3 ret
上面就是「消磁聖手」的核心代碼。逆向了這麼重要的代碼心裡甚是不安。軟件的開發公司千萬不要告我啊!不過已經看了,再多看一點也無妨吧。誰知這一看不要緊,又發現了軟件作者的體貼之處,請看下面的代碼,是窗體創建事件對應的代碼:
004802F8 55 push ebp
004802F9 8BEC mov ebp, esp
004802FB 33C9 xor ecx, ecx
004802FD 51 push ecx
004802FE 51 push ecx
004802FF 51 push ecx
00480300 51 push ecx
00480301 51 push ecx
00480302 51 push ecx
00480303 51 push ecx
00480304 33C0 xor eax, eax
00480306 55 push ebp
* Possible String Reference to: '檫0?脬?]?
|
00480307 6808044800 push $00480408
***** TRY
|
0048030C 64FF30 push dword ptr fs:[eax]
0048030F 648920 mov fs:[eax], esp
00480312 8D55F0 lea edx, [ebp-$10]
* Reference to TApplication instance
|
00480315 A148284800 mov eax, dword ptr [$00482848]
0048031A 8B00 mov eax, [eax]
* Reference to: forms.TApplication.GetExeName(TApplication):AnsiString;
|
0048031C E82F97FCFF call 00449A50 ;Who am I?
00480321 8B45F0 mov eax, [ebp-$10]
00480324 8D55F4 lea edx, [ebp-$0C]
* Reference to: Unit_00406FD0.Proc_00408110
|
00480327 E8E47DF8FF call 00408110
0048032C 8B45F4 mov eax, [ebp-$0C]
0048032F 50 push eax
00480330 8D55E8 lea edx, [ebp-$18]
* Reference to TApplication instance
|
00480333 A148284800 mov eax, dword ptr [$00482848]
00480338 8B00 mov eax, [eax]
* Reference to: forms.TApplication.GetExeName(TApplication):AnsiString;
|
0048033A E81197FCFF call 00449A50
0048033F 8B45E8 mov eax, [ebp-$18]
00480342 8D55EC lea edx, [ebp-$14]
* Reference to: Unit_00406FD0.Proc_004080DC
|
00480345 E8927DF8FF call 004080DC
0048034A 8B55EC mov edx, [ebp-$14]
0048034D 8D45FC lea eax, [ebp-$04]
00480350 59 pop ecx
* Reference to: system.@LStrCat3;
|
00480351 E8CA39F8FF call 00403D20
00480356 B201 mov dl, $01
* Reference to class TRegistry
|
00480358 A174F14700 mov eax, dword ptr [$0047F174]
* Reference to: Unit_0047F114.Proc_0047F274
|
0048035D E812EFFFFF call 0047F274
00480362 8945F8 mov [ebp-$08], eax
00480365 33C0 xor eax, eax
00480367 55 push ebp
00480368 68DE034800 push $004803DE
***** TRY
|
0048036D 64FF30 push dword ptr fs:[eax]
00480370 648920 mov fs:[eax], esp
00480373 BA02000080 mov edx, $80000002
00480378 8B45F8 mov eax, [ebp-$08]
* Reference to: Unit_0047F114.Proc_0047F314
|
0048037B E894EFFFFF call 0047F314
00480380 B101 mov cl, $01
* Possible String Reference to: '\SOFTWARE\Microsoft\Windows\Current ;這個地方好熟悉,為什麼我的毒霸不報警呢:)
| Version\Run\'
|
00480382 BA1C044800 mov edx, $0048041C
00480387 8B45F8 mov eax, [ebp-$08]
* Reference to: Unit_0047F114.Proc_0047F378
|
0048038A E8E9EFFFFF call 0047F378
0048038F 84C0 test al, al
00480391 7435 jz 004803C8
00480393 8D4DE4 lea ecx, [ebp-$1C]
* Possible String Reference to: 'JrRClean'
|
00480396 BA54044800 mov edx, $00480454
0048039B 8B45F8 mov eax, [ebp-$08]
* Reference to: Unit_0047F114.Proc_0047F540
|
0048039E E89DF1FFFF call 0047F540
004803A3 8B45E4 mov eax, [ebp-$1C]
004803A6 8B55FC mov edx, [ebp-$04]
* Reference to: system.@LStrCmp;
|
004803A9 E8363AF8FF call 00403DE4
004803AE 7410 jz 004803C0
004803B0 8B4DFC mov ecx, [ebp-$04]
* Possible String Reference to: 'JrRClean'
|
004803B3 BA54044800 mov edx, $00480454
004803B8 8B45F8 mov eax, [ebp-$08]
* Reference to: Unit_0047F114.Proc_0047F514
|
004803BB E854F1FFFF call 0047F514
004803C0 8B45F8 mov eax, [ebp-$08]
* Reference to: Unit_0047F114.Proc_0047F2E4
|
004803C3 E81CEFFFFF call 0047F2E4
004803C8 33C0 xor eax, eax
004803CA 5A pop edx
004803CB 59 pop ecx
004803CC 59 pop ecx
004803CD 648910 mov fs:[eax], edx
****** FINALLY
|
004803D0 68E5034800 push $004803E5
004803D5 8B45F8 mov eax, [ebp-$08]
* Reference to: system.TObject.Free(TObject);
|
004803D8 E8EF29F8FF call 00402DCC
004803DD C3 ret
* Reference to: system.@HandleFinally;
|
004803DE E90931F8FF jmp 004034EC
004803E3 EBF0 jmp 004803D5
****** END
|
004803E5 33C0 xor eax, eax
004803E7 5A pop edx
004803E8 59 pop ecx
004803E9 59 pop ecx
004803EA 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '?]?
|
004803ED 680F044800 push $0048040F
004803F2 8D45E4 lea eax, [ebp-$1C]
004803F5 BA05000000 mov edx, $00000005
* Reference to: system.@LStrArrayClr;
|
004803FA E87936F8FF call 00403A78
004803FF 8D45FC lea eax, [ebp-$04]
* Reference to: system.@LStrClr(String;String);
|
00480402 E84D36F8FF call 00403A54
00480407 C3 ret
* Reference to: system.@HandleFinally;
|
00480408 E9DF30F8FF jmp 004034EC
0048040D EBE3 jmp 004803F2
****** END
|
0048040F 8BE5 mov esp, ebp
00480411 5D pop ebp
00480412 C3 ret
上面的代碼我就不用多解釋了吧?要知道電磁波輻射在開機的時候是最強的,所以「體貼」的作者就把「消磁聖手」加入了啟動項中,這樣每次啟動的時候就能夠自動消磁了,真是「人性化」阿~~~~~~當然,每次啟動的除了「消磁聖手」,還有宣傳的網站:)
只是苦了我又要清理啟動項了。為什麼98的註冊表編輯器不能保存上一次打開的位置阿。
