|
[原创]UltraISO破解手记
恩,其实还是想看看算号的 |
|
|
|
[下载]vax patch 1810
挺好,一直用它 |
|
[原创]给windows XP记事本添加“自动保存”功能
为什么要模拟按菜单,直接call保存代码不更好? |
|
[讨论]recvfrom的问题
sizeof(buf)=sizeof(char*)=4 |
|
|
|
CRACKME破解分析(简单的逆推练习)
该crackme一开始还有个验证keyfile的操作, 比较隐蔽,只有验证成功才有提示 00401000 >/$ 6A 00 push 0 ; /hTemplateFile = NULL 00401002 |. 68 80000000 push 80 ; |Attributes = NORMAL 00401007 |. 6A 03 push 3 ; |Mode = OPEN_EXISTING 00401009 |. 6A 00 push 0 ; |pSecurity = NULL 0040100B |. 6A 00 push 0 ; |ShareMode = 0 0040100D |. 68 00000080 push 80000000 ; |Access = GENERIC_READ 00401012 |. 68 6B234000 push 0040236B ; |FileName = "ACG.key" 00401017 |. E8 84040000 call <jmp.&KERNEL32.CreateFileA> ; \CreateFileA 0040101C |. 83F8 FF cmp eax, -1 ; 由上可知keyfile名叫"ACG.key" 0040101F |. 0F84 59010000 je 0040117E 00401025 |. A3 73234000 mov [402373], eax 0040102A |. 6A 00 push 0 ; /pFileSizeHigh = NULL 0040102C |. FF35 73234000 push dword ptr [402373] ; |hFile = NULL 00401032 |. E8 51040000 call <jmp.&KERNEL32.GetFileSize> ; \GetFileSize 00401037 |. 83F8 0C cmp eax, 0C ; keyfile文件长0C个字节 0040103A |. 0F85 3E010000 jnz 0040117E 00401040 |. 6A 0C push 0C ; /MemSize = C (12.) 00401042 |. 6A 00 push 0 ; |Flags = GMEM_FIXED 00401044 |. E8 39040000 call <jmp.&KERNEL32.GlobalAlloc> ; \GlobalAlloc 00401049 |. A3 7B234000 mov [40237B], eax 0040104E |. 6A 00 push 0 ; /pOverlapped = NULL 00401050 |. 68 77234000 push 00402377 ; |pBytesRead = crcme1.00402377 00401055 |. 6A 0C push 0C ; |BytesToRead = C (12.) 00401057 |. FF35 7B234000 push dword ptr [40237B] ; |Buffer = NULL 0040105D |. FF35 73234000 push dword ptr [402373] ; |hFile = NULL 00401063 |. E8 14040000 call <jmp.&KERNEL32.ReadFile> ; \ReadFile 00401068 |. 8B3D 7B234000 mov edi, [40237B] edi指向从ACG.key文件读取的字符串指针的首地址 0040106E |. 33DB xor ebx, ebx 00401070 |. 8A1F mov bl, [edi] 取该字符串的字符,bl当前指向的是第一个字符 00401072 |. 80F3 1B xor bl, 1B 00401075 |. C1C3 02 rol ebx, 2 00401078 |. 81F3 68010000 xor ebx, 168 0040107E |. 85DB test ebx, ebx 00401080 |. 0F85 F8000000 jnz 0040117E ; 跳就验证keyfile失败 00401080 |. 0F85 F8000000 jnz 0040117E ; 跳就验证keyfile失败 jnz就失败,可见 0040107E |. 85DB test ebx, ebx 的值必须为0,所以 00401078 |. 81F3 68010000 xor ebx, 168 就可以推导出此时ebx值为168,只有168 xor 168 = 0,继续向上逆推 00401075 |. C1C3 02 rol ebx, 2 ebx << 2 = 168H,所以ebx = 168H >> 2 =168H /4 = 5A,请不要忘记这里的数字都是16进制的 00401072 |. 80F3 1B xor bl, 1B bl xor 1B = 5A => bl = 5A xor 1B => bl = 41H,41H对应的ASCII码是字母'A',所以keyfile的第一个字符为'A',同理可以推导出其它字符,最后得到keyfile的内容为"ACG The Best",哈王婆卖瓜呐,保存为ACG.key,重新运行程序,哈,看到提示了吧“Key File OK teraz tylko Name/Serial!” |
|
[原创]我用汇编写的虚拟桌面,大家看还将就吧?
呵呵用了一下,感觉跟vckbase里的一篇什么道高一尺魔高一丈的程序思路是相当一致的 |
|
[原创]mfc spy,把mfc程序的内部函数揪出来
?主好?的,?一? |
|
|
|
w32Dasm无极版v3.0 汉化修改最新版(05.01.22)
_?谗岵恢С滞弦纺兀 |
|
请问菜单工具图标是怎么实现的?
呃?通咿暂?表???的,是一肺com的??,具篦?的砧法我也不清楚,反正是在暂?表的class_root下的某?地方放入?似CLSID一?的?西??的,具篦?是上?程??vckbase或csdn看看吧 |
|
GODUP - Godfather+ Olly Debugger Universal Plug-in
能不能?一下呃?版本是多少的?1.0的麽,不是早就有1.2的了麽,我很早就用1.2了 |
|
VC编译问题请教
要小就选RELEASE模式,不要考虑别人没有库,网络那么发达,没有就网上拖,再说了微软自己的东西,没有库,笑话,除非是.net以上的版本 |
|
晕,OllyDbg.1.10.CHS有问题了吗
是不是??的程序阿 |
|
|
|
一般网络游戏在连接成功后进入游戏,原来启动文件打开的窗口那去了?
00402860 . 51 56 57 6A 0>ASCII "QVWj",0 00402865 . 68 82000000 PUSH 82 ; |Attributes = HIDDEN|NORMAL 0040286A . 6A 02 PUSH 2 ; |Mode = CREATE_ALWAYS 0040286C . 6A 00 PUSH 0 ; |pSecurity = NULL 0040286E . 6A 00 PUSH 0 ; |ShareMode = 0 00402870 . 68 00000040 PUSH 40000000 ; |Access = GENERIC_WRITE 00402875 . 8BF9 MOV EDI,ECX ; | 00402877 . 68 E4E14200 PUSH GTH.0042E1E4 ; |FileName = "./data/core.pack" 0040287C . FF15 B8704200 CALL DWORD PTR DS:[<&KERNEL32.CreateFile>; \CreateFileA 00402882 . 8BF0 MOV ESI,EAX 00402884 . 8D4424 08 LEA EAX,DWORD PTR SS:[ESP+8] 00402888 . 6A 00 PUSH 0 ; /pOverlapped = NULL 0040288A . 50 PUSH EAX ; |pBytesWritten 0040288B . 6A 07 PUSH 7 ; |nBytesToWrite = 7 0040288D . 68 DCE14200 PUSH GTH.0042E1DC ; |Buffer = GTH.0042E1DC 00402892 . 56 PUSH ESI ; |hFile 00402893 . FF15 F0704200 CALL DWORD PTR DS:[<&KERNEL32.WriteFile>>; \WriteFile 00402899 . 56 PUSH ESI ; /hObject 0040289A . FF15 58724200 CALL DWORD PTR DS:[<&KERNEL32.CloseHandl>; \CloseHandle 004028A0 . 6A 01 PUSH 1 ; /IsShown = 1 004028A2 . 6A 00 PUSH 0 ; |DefDir = NULL 004028A4 . 6A 00 PUSH 0 ; |Parameters = NULL 004028A6 . 68 D0E14200 PUSH GTH.0042E1D0 ; |FileName = "client.exe" 004028AB . 6A 00 PUSH 0 ; |Operation = NULL 004028AD . 6A 00 PUSH 0 ; |hWnd = NULL 004028AF . FF15 80724200 CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA 004028B5 . 8B4F 1C MOV ECX,DWORD PTR DS:[EDI+1C] 004028B8 . 6A 00 PUSH 0 ; /lParam = 0 004028BA . 6A 00 PUSH 0 ; |wParam = 0 004028BC . 6A 10 PUSH 10 ; |Message = WM_CLOSE 004028BE . 51 PUSH ECX ; |hWnd 004028BF . FF15 3C744200 CALL DWORD PTR DS:[<&USER32.SendMessageA>; \SendMessageA 004028C5 . 5F POP EDI 004028C6 . 5E POP ESI 004028C7 . 59 POP ECX 004028C8 . C3 RETN 例如呃段例子 |
|
Ncrackme 2 : 已经被 RCE board 的国外大侠成功破解
斤??接?玩玩啊 |
|
给大家发一个逆向练习
我也比蒉?,大概看了一下,办?地址401a90 401e50 102190 102610呃??地址比蒉可疑,他?都整用了401370呃?函?,401370??就是??的了,不咿我??函???好,一??解不檫 |
|
给大家发一个逆向练习
004029E0 $ 8B4424 08 MOV EAX,DWORD PTR SS:[ESP+8] 004029E4 . 25 FFFF0000 AND EAX,0FFFF 004029E9 . 2D 419C0000 SUB EAX,9C41 ; Switch (cases 9C41..9C43) 004029EE .^ 74 A8 JE SHORT NE365s.00402998 ; ??Bitmap菜?? 004029F0 . 48 DEC EAX 004029F1 . 74 1D JE SHORT NE365s.00402A10 ; ??退出菜?? 004029F3 . 48 DEC EAX 004029F4 . 75 27 JNZ SHORT NE365s.00402A1D ; 未知消息,不?理 004029F6 . 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4] ; Case 9C43 of switch 004029E9 004029FA . 6A 40 PUSH 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL 004029FC . 68 BC724000 PUSH NE365s.004072BC ; |Title = "NE365" 00402A01 . 68 3C724000 PUSH NE365s.0040723C ; |Text = "NE365 Official ReverseMe v0.1 If you reverse it successfully, Please mail me:Meteo694@hotmail.com CopyRight (C) 2004 NE365" 00402A06 . 50 PUSH EAX ; |hOwner 00402A07 . FF15 1C614000 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA 00402A0D . C2 0800 RETN 8 00402A10 > 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4] ; Case 9C42 of switch 004029E9 00402A14 . 6A 00 PUSH 0 ; /Result = 0 00402A16 . 51 PUSH ECX ; |hWnd 00402A17 . FF15 E4604000 CALL DWORD PTR DS:[<&USER32.EndDialog>] ; \EndDialog 00402A1D > C2 0800 RETN 8 ; Default case of switch 004029E9 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值