调试易

var
  cEAX: Cardinal;  // mov     eax, [ebp+var_10]
  cEAX := var_10; // ebp + var_10  代表函数的 var_10 / 4 - 1个参数。
  // shl     eax, 2
  cEAX := cEAX shl 2;
  lea     eax, [eax+eax*2]
  // 取 [eax+eax*2] 对应变量的地址
  
  就这么点 不太好说 唉 ASM也没到家 :-(.
  
  

to beyondtkl(大龙驹<*BEYOND U*>) : thanks for your help!CODE:004156BB       lea     eax, [eax+eax*2]
最关键就是这句了， 我试了半天都是值的传递。狂晕

最关键就是这句了， 我试了半天都是值的传递。狂晕--------------------------地址也是一个DWORD/cardinal值呀。。只不过对它的处理方式不一样而已 
比如
nTest: Integer;LEA EAX, nTest; // 那么 eax就是nTest的地址了
MOV EBX, [EAX]; // 应该是这样吧or
MOV EAX, nTest;
MOV EBX, EAX;

理论上是这样
只是我反汇编别人的一个dll，也是用delphi写的。
想写的跟它一样而已

CODE:004155A4 sub_0_4155A4    proc near               ; CODE XREF: sub_0_415858+118p
CODE:004155A4                                         ; sub_0_415CB8+3Cp
CODE:004155A4 
CODE:004155A4 var_224         = dword ptr -224h
CODE:004155A4 var_220         = dword ptr -220h
CODE:004155A4 var_21C         = dword ptr -21Ch
CODE:004155A4 var_218         = byte ptr -218h
CODE:004155A4 var_118         = byte ptr -118h
CODE:004155A4 var_18          = byte ptr -18h
CODE:004155A4 var_14          = dword ptr -14h
CODE:004155A4 var_10          = dword ptr -10h
CODE:004155A4 var_C           = dword ptr -0Ch
CODE:004155A4 var_8           = dword ptr -8
CODE:004155A4 var_4           = dword ptr -4
CODE:004155A4 
CODE:004155A4                 push    ebp
CODE:004155A5                 mov     ebp, esp
CODE:004155A7                 add     esp, 0FFFFFDDCh
CODE:004155AD                 push    ebx
CODE:004155AE                 push    esi
CODE:004155AF                 push    edi
CODE:004155B0                 xor     edx, edx
CODE:004155B2                 mov     [ebp+var_21C], edx
CODE:004155B8                 mov     [ebp+var_220], edx
CODE:004155BE                 mov     [ebp+var_224], edx
CODE:004155C4                 mov     [ebp+var_4], eax
CODE:004155C7                 xor     eax, eax
CODE:004155C9                 push    ebp
CODE:004155CA                 push    offset loc_0_41581F
CODE:004155CF                 push    dword ptr fs:[eax]
CODE:004155D2                 mov     fs:[eax], esp
CODE:004155D5                 xor     edx, edx
CODE:004155D7                 push    ebp
CODE:004155D8                 push    offset loc_0_4157F7
CODE:004155DD                 push    dword ptr fs:[edx]
CODE:004155E0                 mov     fs:[edx], esp
CODE:004155E3                 lea     edx, [ebp+var_18]
CODE:004155E6                 mov     eax, [ebp+var_4]
CODE:004155E9                 call    sub_0_415558
CODE:004155EE                 test    al, al
CODE:004155F0                 jz      loc_0_4157ED
CODE:004155F6                 mov     eax, [ebp+var_4]
CODE:004155F9                 sub     eax, 0Ah
CODE:004155FC                 mov     edx, [eax]
CODE:004155FE                 mov     [ebp+var_8], edx
CODE:00415601                 add     eax, ds:dword_0_418DB8
CODE:00415607                 mov     eax, [eax]
CODE:00415609                 mov     [ebp+var_C], eax
CODE:0041560C                 cmp     [ebp+var_8], 0
CODE:00415610                 jle     loc_0_4157ED
CODE:00415616                 cmp     [ebp+var_C], 0
CODE:0041561A                 jle     loc_0_4157ED
CODE:00415620                 mov     esi, [ebp+var_8]
CODE:00415623                 dec     esi
CODE:00415624                 test    esi, esi
CODE:00415626                 jb      short loc_0_41568E
CODE:00415628                 inc     esi
CODE:00415629                 mov     [ebp+var_10], 0
CODE:00415630                 lea     edi, [ebp+var_118]
CODE:00415636 
CODE:00415636 loc_0_415636:                           ; CODE XREF: sub_0_4155A4+E8j
CODE:00415636                 mov     ebx, [ebp+var_4]
CODE:00415639                 sub     ebx, 6
CODE:0041563C                 mov     eax, [ebp+var_10]
CODE:0041563F                 shl     eax, 2
CODE:00415642                 lea     eax, [eax+eax*2]
CODE:00415645                 add     ebx, eax
CODE:00415647                 mov     eax, [ebx]
CODE:00415649                 xor     eax, 0B104FA87h
CODE:0041564E                 mov     [ebp+var_14], eax
CODE:00415651                 lea     edx, [ebp+var_18]
CODE:00415654                 lea     eax, [ebx+4]
CODE:00415657                 mov     eax, [eax]
CODE:00415659                 call    sub_0_415558
CODE:0041565E                 test    al, al
CODE:00415660                 jnz     short loc_0_41566F
CODE:00415662                 xor     eax, eax
CODE:00415664                 pop     edx
CODE:00415665                 pop     ecx
CODE:00415666                 pop     ecx
CODE:00415667                 mov     fs:[eax], edx
CODE:0041566A                 jmp     loc_0_415801
CODE:0041566F ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
CODE:0041566F 
CODE:0041566F loc_0_41566F:                           ; CODE XREF: sub_0_4155A4+BCj
CODE:0041566F                 lea     eax, [ebx+4]
CODE:00415672                 mov     eax, [eax]
CODE:00415674                 mov     edx, [ebp+var_14]
CODE:00415677                 shl     edx, 2
CODE:0041567A                 add     eax, edx
CODE:0041567C                 mov     eax, [eax]
CODE:0041567E                 add     ebx, 8
CODE:00415681                 xor     eax, [ebx]
CODE:00415683                 mov     ebx, eax
CODE:00415685                 mov     [edi], bl
CODE:00415687                 inc     [ebp+var_10]
CODE:0041568A                 inc     edi
CODE:0041568B                 dec     esi
CODE:0041568C                 jnz     short loc_0_415636
CODE:0041568E 

也顶一下 有点长 也不是特别懂 有空给你看看 ^_^你用sm反汇编的 感觉这些代码有点怪。。我一般用win32dasm...

ebx=(var_10)*12很简单lea经常被用来计算值

to beyondtkl(大龙驹<*BEYOND U*>)他用的是IDA很好用的

to firstrose(kots) :
   谢谢。不过后面还有点问题，需要帮忙