IE Accelerator v2.01

:0048AA64 BAA8AD4800              mov edx, 0048ADA8
:0048AA69 E8D29AF7FF              call 00404540
:0048AA6E 8D55BC                  lea edx, dword ptr [ebp-44]
:0048AA71 8B45FC                  mov eax, dword ptr [ebp-04]
:0048AA74 8B8004030000            mov eax, dword ptr [eax+00000304]
:0048AA7A E8D568FBFF              call 00441354
:0048AA7F 8B55BC                  mov edx, dword ptr [ebp-44]
:0048AA82 8B45EC                  mov eax, dword ptr [ebp-14]
:0048AA85 E812A0F7FF              call 00404A9C                                ------------------------------关键call
:0048AA8A 85C0                    test eax, eax
:0048AA8C 0F849A010000            je 0048AC2C
:0048AA92 8B45FC                  mov eax, dword ptr [ebp-04]
:0048AA95 8B8004030000            mov eax, dword ptr [eax+00000304]
:0048AA9B 33D2                    xor edx, edx
:0048AA9D E8E268FBFF              call 00441384
:0048AAA2 8D45EC                  lea eax, dword ptr [ebp-14]
:0048AAA5 E8FE99F7FF              call 004044A8
:0048AAAA 6A00                    push 00000000

* Possible StringData Ref from Code Obj ->"注册成功!"

跟进call来到：

:00404A9C 85C0                    test eax, eax
:00404A9E 7440                    je 00404AE0                 -------------------假
:00404AA0 85D2                    test edx, edx
:00404AA2 7431                    je 00404AD5                 ------------------真
:00404AA4 53                      push ebx
:00404AA5 56                      push esi
:00404AA6 57                      push edi

注册机
中断地址：48AA85    中断次数：1    第一字节：E8     指令长度：5
中断地址：404AA2    中断次数：1    第一字节：74     指令长度：2