Ta的论坛

[请勿新开主题！甲壳相关主题合并帖]
DUMP出来的的确没有功能,因为作者用另外一个EXE来当Loader申请好内存空间后,把DLL植入,在由DLL申请内存来完成作者那所谓的模拟,主功能全部在无壳的程序里，加壳报错是因为没有可用的内存空间导致,如果要修复难度也不大就是工作量大,编程功底好的直接写个lorder套用下就可以解开这个所谓的CUP模拟啦
或者就是找个地址把jmp dword ptr ds:[0x400020]这个地址给作者解决掉,然后把作者的解码数据直接PATCH下即可,然后等解码完毕,跳回0040252D .  81C4 2C020000 add esp,0x22C这句即可完成作者所谓的功能,003E44B1 C745 F0 2000400>mov dword ptr ss:[ebp-0x10],0x400020上面那句跳向解码的地址也是由DLL里指定了的

还有作者所谓的模拟
00411298  |.  E8 6323FFFF call FUCK.00403600,这个壳里判断,是属于那一种的跳转

0040362E  |.  C74424 3C 607>mov dword ptr ss:[esp+0x3C],FUCK.00447C6>;  jo
00403636  |.  C74424 40 047>mov dword ptr ss:[esp+0x40],FUCK.00447D0>;  jno
0040363E  |.  C74424 44 5C7>mov dword ptr ss:[esp+0x44],FUCK.00447C5>;  jb
00403646  |.  C74424 48 007>mov dword ptr ss:[esp+0x48],FUCK.00447D0>;  jnb
0040364E  |.  C74424 4C 587>mov dword ptr ss:[esp+0x4C],FUCK.00447C5>;  jz
00403656  |.  C74424 50 FC7>mov dword ptr ss:[esp+0x50],FUCK.00447CF>;  jnz
0040365E  |.  C74424 54 F87>mov dword ptr ss:[esp+0x54],FUCK.00447CF>;  jbe
00403666  |.  C74424 58 547>mov dword ptr ss:[esp+0x58],FUCK.00447C5>;  ja
0040366E  |.  C74424 5C 507>mov dword ptr ss:[esp+0x5C],FUCK.00447C5>;  js
00403676  |.  C74424 60 F47>mov dword ptr ss:[esp+0x60],FUCK.00447CF>;  jns
0040367E  |.  C74424 64 F07>mov dword ptr ss:[esp+0x64],FUCK.00447CF>;  jpe
00403686  |.  C74424 68 EC7>mov dword ptr ss:[esp+0x68],FUCK.00447CE>;  jpo
0040368E  |.  C74424 6C 487>mov dword ptr ss:[esp+0x6C],FUCK.00447C4>;  jl
00403696  |.  C74424 70 E87>mov dword ptr ss:[esp+0x70],FUCK.00447CE>;  jge
0040369E  |.  C74424 74 E47>mov dword ptr ss:[esp+0x74],FUCK.00447CE>;  jle
004036A6  |.  C74424 78 447>mov dword ptr ss:[esp+0x78],FUCK.00447C4>;  jg

还有很多由于代码比较多懒得复制那么多,就是在这些指令上判断好后进行作者所谓的模拟
但是我个人比较肤浅,技术也比较菜,没有看出来是在模拟什么,只看到是把指令像抽取一样的放进内存某个指定位置,然后逐一以赋值的形式去解码

引用某牛的一句话

像我这种菜B,怎么能懂楼主楼主如此高深智慧写出来的东西

范范love

雪币： 317

活跃值： (93)

能力值：

( LV9，RANK：140 )

在线值：

发帖

23

回帖

1008

粉丝

4

关注

私信

范范love 3 2010-5-22 18:53: 0

[原创]《甲壳2》模拟CPU主程序脱壳
DUMP出来的的确没有功能,因为作者用另外一个EXE来当Loader申请好内存空间后,把DLL植入,在由DLL申请内存来完成作者那所谓的模拟,主功能全部在无壳的程序里，加壳报错是因为没有可用的内存空间导致,如果要修复难度也不大就是工作量大,编程功底好的直接写个lorder套用下就可以解开这个所谓的CUP模拟啦
或者就是找个地址把jmp dword ptr ds:[0x400020]这个地址给作者解决掉,然后把作者的解码数据直接PATCH下即可,然后等解码完毕,跳回0040252D .  81C4 2C020000 add esp,0x22C这句即可完成作者所谓的功能,003E44B1 C745 F0 2000400>mov dword ptr ss:[ebp-0x10],0x400020上面那句跳向解码的地址也是由DLL里指定了的

还有作者所谓的模拟
00411298  |.  E8 6323FFFF call FUCK.00403600,这个壳里判断,是属于那一种的跳转

0040362E  |.  C74424 3C 607>mov dword ptr ss:[esp+0x3C],FUCK.00447C6>;  jo
00403636  |.  C74424 40 047>mov dword ptr ss:[esp+0x40],FUCK.00447D0>;  jno
0040363E  |.  C74424 44 5C7>mov dword ptr ss:[esp+0x44],FUCK.00447C5>;  jb
00403646  |.  C74424 48 007>mov dword ptr ss:[esp+0x48],FUCK.00447D0>;  jnb
0040364E  |.  C74424 4C 587>mov dword ptr ss:[esp+0x4C],FUCK.00447C5>;  jz
00403656  |.  C74424 50 FC7>mov dword ptr ss:[esp+0x50],FUCK.00447CF>;  jnz
0040365E  |.  C74424 54 F87>mov dword ptr ss:[esp+0x54],FUCK.00447CF>;  jbe
00403666  |.  C74424 58 547>mov dword ptr ss:[esp+0x58],FUCK.00447C5>;  ja
0040366E  |.  C74424 5C 507>mov dword ptr ss:[esp+0x5C],FUCK.00447C5>;  js
00403676  |.  C74424 60 F47>mov dword ptr ss:[esp+0x60],FUCK.00447CF>;  jns
0040367E  |.  C74424 64 F07>mov dword ptr ss:[esp+0x64],FUCK.00447CF>;  jpe
00403686  |.  C74424 68 EC7>mov dword ptr ss:[esp+0x68],FUCK.00447CE>;  jpo
0040368E  |.  C74424 6C 487>mov dword ptr ss:[esp+0x6C],FUCK.00447C4>;  jl
00403696  |.  C74424 70 E87>mov dword ptr ss:[esp+0x70],FUCK.00447CE>;  jge
0040369E  |.  C74424 74 E47>mov dword ptr ss:[esp+0x74],FUCK.00447CE>;  jle
004036A6  |.  C74424 78 447>mov dword ptr ss:[esp+0x78],FUCK.00447C4>;  jg

还有很多由于代码比较多懒得复制那么多,就是在这些指令上判断好后进行作者所谓的模拟
但是我个人比较肤浅,技术也比较菜,没有看出来是在模拟什么,只看到是把指令像抽取一样的放进内存某个指定位置,然后逐一以赋值的形式去解码

范范love

雪币： 317

活跃值： (93)

能力值：

( LV9，RANK：140 )

在线值：

发帖

23

回帖

1008

粉丝

4

关注

私信

范范love 3 2010-5-20 08:44: 0

[原创]这次来玩壳
003E0F1A 55             push ebp
003E0F1B 8BEC          mov ebp,esp
003E0F1D 83C4 D0       add esp,-0x30
003E0F20 53             push ebx
003E0F21 56             push esi
003E0F22 57             push edi
003E0F23 60             pushad
003E0F24 9C             pushfd
003E0F25 8945 FC       mov dword ptr ss:[ebp-0x4],eax
003E0F28 895D F8       mov dword ptr ss:[ebp-0x8],ebx
003E0F2B 894D F4       mov dword ptr ss:[ebp-0xC],ecx
003E0F2E 8955 F0       mov dword ptr ss:[ebp-0x10],edx
003E0F31 8975 EC       mov dword ptr ss:[ebp-0x14],esi
003E0F34 897D E8       mov dword ptr ss:[ebp-0x18],edi
003E0F37 8F45 E4       pop dword ptr ss:[ebp-0x1C]
003E0F3A FF75 E4       push dword ptr ss:[ebp-0x1C]
003E0F3D 9D             popfd
003E0F3E 61             popad
003E0F3F 8B45 10       mov eax,dword ptr ss:[ebp+0x10]
003E0F42 8945 DC       mov dword ptr ss:[ebp-0x24],eax
003E0F45 8B45 0C       mov eax,dword ptr ss:[ebp+0xC]
003E0F48 8945 D8       mov dword ptr ss:[ebp-0x28],eax
003E0F4B 8B7D 18       mov edi,dword ptr ss:[ebp+0x18]
003E0F4E 037D 14       add edi,dword ptr ss:[ebp+0x14]
003E0F51 8B5D 08       mov ebx,dword ptr ss:[ebp+0x8]
003E0F54 33C0          xor eax,eax
003E0F56 8945 D4       mov dword ptr ss:[ebp-0x2C],eax
003E0F59 33C0          xor eax,eax
003E0F5B 8945 D0       mov dword ptr ss:[ebp-0x30],eax
003E0F5E 8BF3          mov esi,ebx
003E0F60 8A06          mov al,byte ptr ds:[esi]
003E0F62 2C FE          sub al,0xFE
003E0F64 0F85 7C030000 jnz 003E12E6
003E0F6A 53             push ebx
003E0F6B E8 92FFFFFF    call 003E0F02
003E0F70 8A46 01       mov al,byte ptr ds:[esi+0x1]
003E0F73 2C 11          sub al,0x11
003E0F75 0F85 97030000 jnz 003E1312
003E0F7B 8A46 02       mov al,byte ptr ds:[esi+0x2]
003E0F7E 2C 12          sub al,0x12
003E0F80 74 1D          je short 003E0F9F
003E0F82 FEC8          dec al
003E0F84 0F84 AD000000 je 003E1037
003E0F8A FEC8          dec al
003E0F8C 0F84 4A020000 je 003E11DC
003E0F92 FEC8          dec al
003E0F94 0F84 88020000 je 003E1222
003E0F9A E9 73030000    jmp 003E1312
003E0F9F 8A46 03       mov al,byte ptr ds:[esi+0x3]
003E0FA2 2C 14          sub al,0x14
003E0FA4 74 0D          je short 003E0FB3
003E0FA6 2C 0F          sub al,0xF
003E0FA8 74 2D          je short 003E0FD7
003E0FAA FEC8          dec al
003E0FAC 74 59          je short 003E1007
003E0FAE E9 5F030000    jmp 003E1312
003E0FB3 836D DC 04    sub dword ptr ss:[ebp-0x24],0x4
003E0FB7 8B45 DC       mov eax,dword ptr ss:[ebp-0x24]
003E0FBA 50             push eax
003E0FBB 8B45 D8       mov eax,dword ptr ss:[ebp-0x28]
003E0FBE 50             push eax
003E0FBF E8 2AFFFFFF    call 003E0EEE
003E0FC4 C745 D4 0400000>mov dword ptr ss:[ebp-0x2C],0x4
003E0FCB C745 D0 0100000>mov dword ptr ss:[ebp-0x30],0x1
003E0FD2 E9 3B030000    jmp 003E1312
003E0FD7 8D43 04       lea eax,dword ptr ds:[ebx+0x4]
003E0FDA 50             push eax
003E0FDB E8 22FFFFFF    call 003E0F02
003E0FE0 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E0FE3 836D DC 04    sub dword ptr ss:[ebp-0x24],0x4
003E0FE7 8B45 DC       mov eax,dword ptr ss:[ebp-0x24]
003E0FEA 50             push eax
003E0FEB 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E0FEE 50             push eax
003E0FEF E8 FAFEFFFF    call 003E0EEE
003E0FF4 C745 D4 0800000>mov dword ptr ss:[ebp-0x2C],0x8
003E0FFB C745 D0 0200000>mov dword ptr ss:[ebp-0x30],0x2
003E1002 E9 0B030000    jmp 003E1312
003E1007 8D43 04       lea eax,dword ptr ds:[ebx+0x4]
003E100A 50             push eax
003E100B E8 F2FEFFFF    call 003E0F02
003E1010 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E1013 836D DC 04    sub dword ptr ss:[ebp-0x24],0x4
003E1017 8B45 DC       mov eax,dword ptr ss:[ebp-0x24]
003E101A 50             push eax
003E101B 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E101E 50             push eax
003E101F E8 CAFEFFFF    call 003E0EEE
003E1024 C745 D4 0800000>mov dword ptr ss:[ebp-0x2C],0x8
003E102B C745 D0 0500000>mov dword ptr ss:[ebp-0x30],0x5
003E1032 E9 DB020000    jmp 003E1312
003E1037 807E 03 15    cmp byte ptr ds:[esi+0x3],0x15
003E103B 75 14          jnz short 003E1051
003E103D 8B45 DC       mov eax,dword ptr ss:[ebp-0x24]
003E1040 8945 D8       mov dword ptr ss:[ebp-0x28],eax
003E1043 C745 D4 0400000>mov dword ptr ss:[ebp-0x2C],0x4
003E104A C745 D0 0200000>mov dword ptr ss:[ebp-0x30],0x2
003E1051 807E 03 17    cmp byte ptr ds:[esi+0x3],0x17
003E1055 75 20          jnz short 003E1077
003E1057 8D43 04       lea eax,dword ptr ds:[ebx+0x4]
003E105A 50             push eax
003E105B E8 A2FEFFFF    call 003E0F02
003E1060 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E1063 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E1066 8945 FC       mov dword ptr ss:[ebp-0x4],eax
003E1069 C745 D4 0800000>mov dword ptr ss:[ebp-0x2C],0x8
003E1070 C745 D0 0500000>mov dword ptr ss:[ebp-0x30],0x5
003E1077 807E 03 19    cmp byte ptr ds:[esi+0x3],0x19
003E107B 75 2A          jnz short 003E10A7
003E107D 8D43 04       lea eax,dword ptr ds:[ebx+0x4]
003E1080 50             push eax
003E1081 E8 7CFEFFFF    call 003E0F02
003E1086 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E1089 50             push eax
003E108A 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]    ; XF再来一.00454024
003E108D 8B00          mov eax,dword ptr ds:[eax]
003E108F 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E1092 58             pop eax
003E1093 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E1096 8945 FC       mov dword ptr ss:[ebp-0x4],eax
003E1099 C745 D4 0800000>mov dword ptr ss:[ebp-0x2C],0x8
003E10A0 C745 D0 0500000>mov dword ptr ss:[ebp-0x30],0x5
003E10A7 807E 03 2C    cmp byte ptr ds:[esi+0x3],0x2C
003E10AB 75 2A          jnz short 003E10D7
003E10AD 8D43 04       lea eax,dword ptr ds:[ebx+0x4]
003E10B0 50             push eax
003E10B1 E8 4CFEFFFF    call 003E0F02
003E10B6 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E10B9 50             push eax
003E10BA 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E10BD 8B00          mov eax,dword ptr ds:[eax]
003E10BF 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E10C2 58             pop eax
003E10C3 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E10C6 8945 F8       mov dword ptr ss:[ebp-0x8],eax
003E10C9 C745 D4 0800000>mov dword ptr ss:[ebp-0x2C],0x8
003E10D0 C745 D0 0600000>mov dword ptr ss:[ebp-0x30],0x6
003E10D7 807E 03 2D    cmp byte ptr ds:[esi+0x3],0x2D
003E10DB 75 2A          jnz short 003E1107
003E10DD 8D43 04       lea eax,dword ptr ds:[ebx+0x4]
003E10E0 50             push eax
003E10E1 E8 1CFEFFFF    call 003E0F02
003E10E6 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E10E9 50             push eax
003E10EA 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E10ED 8B00          mov eax,dword ptr ds:[eax]
003E10EF 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E10F2 58             pop eax
003E10F3 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E10F6 8945 F4       mov dword ptr ss:[ebp-0xC],eax
003E10F9 C745 D4 0800000>mov dword ptr ss:[ebp-0x2C],0x8
003E1100 C745 D0 0600000>mov dword ptr ss:[ebp-0x30],0x6
003E1107 807E 03 2E    cmp byte ptr ds:[esi+0x3],0x2E
003E110B 75 2A          jnz short 003E1137
003E110D 8D43 04       lea eax,dword ptr ds:[ebx+0x4]
003E1110 50             push eax
003E1111 E8 ECFDFFFF    call 003E0F02
003E1116 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E1119 50             push eax
003E111A 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E111D 8B00          mov eax,dword ptr ds:[eax]
003E111F 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E1122 58             pop eax
003E1123 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E1126 8945 F0       mov dword ptr ss:[ebp-0x10],eax
003E1129 C745 D4 0800000>mov dword ptr ss:[ebp-0x2C],0x8
003E1130 C745 D0 0600000>mov dword ptr ss:[ebp-0x30],0x6
003E1137 807E 03 1A    cmp byte ptr ds:[esi+0x3],0x1A
003E113B 75 24          jnz short 003E1161
003E113D 8B45 FC       mov eax,dword ptr ss:[ebp-0x4]
003E1140 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E1143 50             push eax
003E1144 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E1147 8B00          mov eax,dword ptr ds:[eax]
003E1149 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E114C 58             pop eax
003E114D 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E1150 8945 FC       mov dword ptr ss:[ebp-0x4],eax
003E1153 C745 D4 0400000>mov dword ptr ss:[ebp-0x2C],0x4
003E115A C745 D0 0200000>mov dword ptr ss:[ebp-0x30],0x2
003E1161 807E 03 25    cmp byte ptr ds:[esi+0x3],0x25
003E1165 75 20          jnz short 003E1187
003E1167 8D43 04       lea eax,dword ptr ds:[ebx+0x4]
003E116A 50             push eax
003E116B E8 92FDFFFF    call 003E0F02
003E1170 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E1173 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E1176 8945 F8       mov dword ptr ss:[ebp-0x8],eax
003E1179 C745 D4 0800000>mov dword ptr ss:[ebp-0x2C],0x8
003E1180 C745 D0 0500000>mov dword ptr ss:[ebp-0x30],0x5
003E1187 807E 03 26    cmp byte ptr ds:[esi+0x3],0x26
003E118B 75 20          jnz short 003E11AD
003E118D 8D43 04       lea eax,dword ptr ds:[ebx+0x4]
003E1190 50             push eax
003E1191 E8 6CFDFFFF    call 003E0F02
003E1196 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E1199 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E119C 8945 F4       mov dword ptr ss:[ebp-0xC],eax
003E119F C745 D4 0800000>mov dword ptr ss:[ebp-0x2C],0x8
003E11A6 C745 D0 0500000>mov dword ptr ss:[ebp-0x30],0x5
003E11AD 807E 03 27    cmp byte ptr ds:[esi+0x3],0x27
003E11B1 0F85 5B010000 jnz 003E1312
003E11B7 8D43 04       lea eax,dword ptr ds:[ebx+0x4]
003E11BA 50             push eax
003E11BB E8 42FDFFFF    call 003E0F02
003E11C0 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E11C3 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E11C6 8945 F0       mov dword ptr ss:[ebp-0x10],eax
003E11C9 C745 D4 0800000>mov dword ptr ss:[ebp-0x2C],0x8
003E11D0 C745 D0 0500000>mov dword ptr ss:[ebp-0x30],0x5
003E11D7 E9 36010000    jmp 003E1312
003E11DC 8A46 03       mov al,byte ptr ds:[esi+0x3]
003E11DF 2C 16          sub al,0x16
003E11E1 0F85 2B010000 jnz 003E1312
003E11E7 8D43 04       lea eax,dword ptr ds:[ebx+0x4]
003E11EA 50             push eax
003E11EB E8 12FDFFFF    call 003E0F02
003E11F0 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E11F3 817D E0 8000000>cmp dword ptr ss:[ebp-0x20],0x80
003E11FA 76 0D          jbe short 003E1209
003E11FC B8 00010000    mov eax,0x100
003E1201 2B45 E0       sub eax,dword ptr ss:[ebp-0x20]
003E1204 2945 DC       sub dword ptr ss:[ebp-0x24],eax
003E1207 EB 06          jmp short 003E120F
003E1209 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E120C 0145 DC       add dword ptr ss:[ebp-0x24],eax
003E120F C745 D4 0800000>mov dword ptr ss:[ebp-0x2C],0x8
003E1216 C745 D0 0300000>mov dword ptr ss:[ebp-0x30],0x3
003E121D E9 F0000000    jmp 003E1312
003E1222 8A46 03       mov al,byte ptr ds:[esi+0x3]
003E1225 2C 18          sub al,0x18
003E1227 0F85 E5000000 jnz 003E1312
003E122D 8D43 04       lea eax,dword ptr ds:[ebx+0x4]
003E1230 50             push eax
003E1231 E8 CCFCFFFF    call 003E0F02
003E1236 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E1239 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E123C 03C7          add eax,edi
003E123E 83C0 05       add eax,0x5
003E1241 8945 E0       mov dword ptr ss:[ebp-0x20],eax
003E1244 836D DC 04    sub dword ptr ss:[ebp-0x24],0x4
003E1248 8B45 DC       mov eax,dword ptr ss:[ebp-0x24]
003E124B 50             push eax
003E124C 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E124F 50             push eax
003E1250 E8 99FCFFFF    call 003E0EEE
003E1255 836D DC 04    sub dword ptr ss:[ebp-0x24],0x4
003E1259 8B45 DC       mov eax,dword ptr ss:[ebp-0x24]
003E125C 50             push eax
003E125D 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
003E1260 50             push eax
003E1261 E8 88FCFFFF    call 003E0EEE
003E1266 60             pushad
003E1267 9C             pushfd
003E1268 55             push ebp
003E1269 E8 34FCFFFF    call 003E0EA2
003E126E 54             push esp
003E126F E8 EEFBFFFF    call 003E0E62
003E1274 FF75 DC       push dword ptr ss:[ebp-0x24]
003E1277 EB 1F          jmp short 003E1298
003E1279 8B45 DC       mov eax,dword ptr ss:[ebp-0x24]
003E127C 83C0 04       add eax,0x4
003E127F 8F00          pop dword ptr ds:[eax]
003E1281 8B45 FC       mov eax,dword ptr ss:[ebp-0x4]
003E1284 8B5D F8       mov ebx,dword ptr ss:[ebp-0x8]
003E1287 8B4D F4       mov ecx,dword ptr ss:[ebp-0xC]
003E128A 8B55 F0       mov edx,dword ptr ss:[ebp-0x10]
003E128D 8B75 EC       mov esi,dword ptr ss:[ebp-0x14]
003E1290 8B7D E8       mov edi,dword ptr ss:[ebp-0x18]
003E1293 8B6D D8       mov ebp,dword ptr ss:[ebp-0x28]
003E1296 5C             pop esp
003E1297 C3             retn
003E1298 E8 DCFFFFFF    call 003E1279
003E129D 8945 FC       mov dword ptr ss:[ebp-0x4],eax
003E12A0 895D F8       mov dword ptr ss:[ebp-0x8],ebx
003E12A3 894D F4       mov dword ptr ss:[ebp-0xC],ecx
003E12A6 8955 F0       mov dword ptr ss:[ebp-0x10],edx
003E12A9 8975 EC       mov dword ptr ss:[ebp-0x14],esi
003E12AC 897D E8       mov dword ptr ss:[ebp-0x18],edi
003E12AF 896D D8       mov dword ptr ss:[ebp-0x28],ebp
003E12B2 54             push esp
003E12B3 E8 CAFBFFFF    call 003E0E82
003E12B8 6A 00          push 0x0
003E12BA E8 E3FBFFFF    call 003E0EA2
003E12BF 89C5          mov ebp,eax
003E12C1 6A 00          push 0x0
003E12C3 E8 9AFBFFFF    call 003E0E62
003E12C8 89C4          mov esp,eax
003E12CA 6A 00          push 0x0
003E12CC E8 B1FBFFFF    call 003E0E82
003E12D1 8945 DC       mov dword ptr ss:[ebp-0x24],eax
003E12D4 9D             popfd
003E12D5 61             popad
003E12D6 C745 D4 0800000>mov dword ptr ss:[ebp-0x2C],0x8
003E12DD C745 D0 0500000>mov dword ptr ss:[ebp-0x30],0x5
003E12E4 EB 2C          jmp short 003E1312
003E12E6 836D DC 04    sub dword ptr ss:[ebp-0x24],0x4
003E12EA 8B45 DC       mov eax,dword ptr ss:[ebp-0x24]
003E12ED 50             push eax
003E12EE 57             push edi
003E12EF E8 FAFBFFFF    call 003E0EEE
003E12F4 8B45 FC       mov eax,dword ptr ss:[ebp-0x4]
003E12F7 8B5D F8       mov ebx,dword ptr ss:[ebp-0x8]
003E12FA 8B4D F4       mov ecx,dword ptr ss:[ebp-0xC]
003E12FD 8B55 F0       mov edx,dword ptr ss:[ebp-0x10]
003E1300 8B75 EC       mov esi,dword ptr ss:[ebp-0x14]
003E1303 8B7D E8       mov edi,dword ptr ss:[ebp-0x18]
003E1306 FF75 E4       push dword ptr ss:[ebp-0x1C]
003E1309 9D             popfd
003E130A FF75 DC       push dword ptr ss:[ebp-0x24]
003E130D 8B6D D8       mov ebp,dword ptr ss:[ebp-0x28]
003E1310 5C             pop esp
003E1311 C3             retn
003E1312 035D D4       add ebx,dword ptr ss:[ebp-0x2C]
003E1315 037D D0       add edi,dword ptr ss:[ebp-0x30]
003E1318  ^ E9 37FCFFFF    jmp 003E0F54

解码就在这段代码,找个DELPHI的程序完全可以对照着还原

范范love

雪币： 317

活跃值： (93)

能力值：

( LV9，RANK：140 )

在线值：

发帖

23

回帖

1008

粉丝

4

关注

私信

范范love 3 2010-5-20 03:42: 0

[请勿新开主题！甲壳相关主题合并帖]
S哥来啦,我马上去开个新帖给你坐沙发

范范love

雪币： 317

活跃值： (93)

能力值：

( LV9，RANK：140 )

在线值：

发帖

23

回帖

1008

粉丝

4

关注

私信

范范love 3 2010-5-20 03:14: 0

[请勿新开主题！甲壳相关主题合并帖]
W哥你那个太卡啦,我送你一个原程序吧

范范love

雪币： 317

活跃值： (93)

能力值：

( LV9，RANK：140 )

在线值：

发帖

23

回帖

1008

粉丝

4

关注

私信

范范love 3 2010-5-19 15:45: 0

请教各位大哥，如何修改VB程序到如下效果
列子我已经给出了啊,不会要我给你在画把刀说说怎么杀吧
我已经告诉你在那个位置可以进行PATCH啦,你自行PATCH下压入的数据即可
在一个你说汉化这个软件,恕我不解,汉化软件改快捷键我还想得通,可是把那个启动的单选框也改了,就想不明白啦地址就是我给你的那里,你自己把他PATCH下即可修改快捷键,至于你想改选择框的话,就自己跟跟吧,原理是一样的

范范love

雪币： 317

活跃值： (93)

能力值：

( LV9，RANK：140 )

在线值：

发帖

23

回帖

1008

粉丝

4

关注

私信

范范love 3 2010-5-18 19:05: 0

请教各位大哥，如何修改VB程序到如下效果
00415896  |.  0FBF02       movsx eax,word ptr ds:[edx] //这里开始压入热键的值16进制73即F4
00415899  |.  50          push eax          //这里开始把热键压入
0041589A  |.  E8 65DDFEFF call ayssssMa.00403604    //这里开始注册热键

以此类推
75=F6
74=F5
73=F4
72=F3
71=F2

这个用来修改你的热键

至于修改选择框是一个原理的,自己调试下就可以啦

范范love

账号登录 验证码登录

账号登录

验证码登录