1. Cycle, more, and is also commonly used in encryption / verification
MOV EAX, DWORD PTR SS: [EBP-4]
Call xxxxxxxx // This is usually taken from the length
Test Eax, EAX
@@ loop:
JBE xxxxxxxx // length is 0, do not loop
Mov edx, 1 // From the first beginning: Delphi program
MOV ECX, DWORD PTR SS: [EBP-4]
Movzx ECX, BYTE PTR DS: [ECX EDX-1] // Take a character
...
... // Other operations, each person is different
...
INC EDX / / Remove one
Dec EAX
JNZ @@ loop // Next round
2. Take invalid address?
In the process, sentences with LEA ECX, DWORD PTR DS: [ECX ECX * 2] are often seen.
I want, how can I, do you have any wrong?
No, the original LEA will not access the address, but directly take it, huh, huh, in fact, this is just use
To do the operation: ECX = ECX * 3;
3. Set breakpoints for the Delphi program Timer
Method: Find CMP ESI, 113 setting breakpoints in the module
When Delphi is handling Timer, the TimeProc of SetTimer is 0 because Delphi does not pass the callback function, but through the message.
Constructor TTIMER.CREATE (Aowner: Tcomponent);
Begin
Inherited Create (Aowner);
Fenabled: = True;
FINTERVAL: = 1000;
Fwindowhandl
