|
[求助]我应该如何找到这个地址
首先搜索下参考字符窜 |
|
|
|
[求助]破解遇到问题,希望来人帮帮。
现在一般软件没注册都不给全功能的程序 |
|
[求助]求大侠们用OD跑一下,然后告诉我是什么东西。
没人看看吗? |
|
[求助]求大侠们用OD跑一下,然后告诉我是什么东西。
OD根本跟不过去,大家试试,能告诉我是怎么回事吗? |
|
Debugger detected - please close it down and restart!”
NsPacK V3.7 -> LiuXingPing 的壳 但是用OD无法运行,用脱壳机也没用。 |
|
如何找破解软件人数限制的突破点
未注册时主窗口标题是最多能10人在线。 0000791D E8 638D0000 call 00010685 00007922 8BE8 mov ebp, eax 00007924 8D4424 3C lea eax, dword ptr [esp+3C] 00007928 50 push eax 00007929 C64424 44 00 mov byte ptr [esp+44], 0 0000792E E8 528D0000 call 00010685 00007933 8D4C24 3C lea ecx, dword ptr [esp+3C] 00007937 51 push ecx 00007938 8BD8 mov ebx, eax 0000793A C64424 44 00 mov byte ptr [esp+44], 0 0000793F E8 418D0000 call 00010685 00007944 56 push esi 00007945 55 push ebp 00007946 894424 30 mov dword ptr [esp+30], eax 0000794A E8 81270000 call 0000A0D0 0000794F 56 push esi 00007950 53 push ebx 00007951 8BE8 mov ebp, eax 00007953 E8 78270000 call 0000A0D0 00007958 8B5424 38 mov edx, dword ptr [esp+38] 0000795C 56 push esi 0000795D 52 push edx 0000795E 8BD8 mov ebx, eax 00007960 E8 6B270000 call 0000A0D0 00007965 83C4 28 add esp, 28 00007968 3BEF cmp ebp, edi 0000796A 74 76 jne short 000079E2 0000796C 3B5C24 1C cmp ebx, dword ptr [esp+1C] 00007970 74 70 jne short 000079E2 00007972 3B4424 20 cmp eax, dword ptr [esp+20] 00007976 74 6A jne short 000079E2 00007978 E8 78CE0100 call 000247F5 0000797D 8B4C24 14 mov ecx, dword ptr [esp+14] 00007981 8B15 B801D100 mov edx, dword ptr [D101B8] 00007987 8B40 04 mov eax, dword ptr [eax+4] 0000798A 81C1 C0000000 add ecx, 0C0 00007990 8B09 mov ecx, dword ptr [ecx] 00007992 51 push ecx 00007993 8B0D B401D100 mov ecx, dword ptr [D101B4] 00007999 52 push edx 0000799A 51 push ecx 0000799B 8BC8 mov ecx, eax 0000799D E8 61C30100 call 00023D03 弹出注册成功窗口 000079A2 8B4C24 14 mov ecx, dword ptr [esp+14] 000079A6 6A 00 push 0 改完前面跳转到注册成功后,回到主窗口还是10个人,现在就是要知道如何修改控制人数。表里没有计数的,估计还是在内存中。现在拦截确定成功子窗口后回到主窗口的过程,然后找到计算人数的代码。 |
|
如何找破解软件人数限制的突破点
软件没加壳,破解完提示注册成功,但是实际上还是限制只能有10人访问。有几个switch结构我弄不明白。现在就想破解这个10的个数,应该是监视连接到服务器的人个数,达到十就禁止继续连接,给点意见,高手帮提醒一下。不要说的太高深的呀,我很菜的。 00421556 |. 83C0 CB add eax, -35 ; Switch (cases 35..40) 00421559 |. 83F8 0B cmp eax, 0B 0042155C |. 56 push esi 0042155D |. 0F87 AE000000 ja 00421611 00421563 |. FF2485 191642>jmp dword ptr [eax*4+421619] 0042156A |> 8B4D 08 mov ecx, dword ptr [ebp+8] ; Case 35 ('5') of switch 00421556 0042156D |. FF55 14 call dword ptr [ebp+14] 00421570 |. E9 98000000 jmp 0042160D 00421575 |> 8B4D 08 mov ecx, dword ptr [ebp+8] ; Case 36 ('6') of switch 00421556 00421578 |. FF55 14 call dword ptr [ebp+14] 0042157B |. E9 8B000000 jmp 0042160B 00421580 |> FF75 0C push dword ptr [ebp+C] ; Case 37 ('7') of switch 00421556 00421583 |. EB 75 jmp short 004215FA 00421585 |> FF75 0C push dword ptr [ebp+C] ; Case 38 ('8') of switch 00421556 00421588 |. EB 7B jmp short 00421605 0042158A |> 8B45 18 mov eax, dword ptr [ebp+18] ; Case 39 ('9') of switch 00421556 0042158D |. FF30 push dword ptr [eax] 0042158F |. 8B4D 08 mov ecx, dword ptr [ebp+8] 00421592 |. FF70 04 push dword ptr [eax+4] 00421595 |. FF55 14 call dword ptr [ebp+14] 00421598 |. EB 73 jmp short 0042160D 0042159A |> 8B45 18 mov eax, dword ptr [ebp+18] ; Case 3A (':') of switch 00421556 0042159D |. FF30 push dword ptr [eax] 0042159F |. 8B4D 08 mov ecx, dword ptr [ebp+8] 004215A2 |. FF70 04 push dword ptr [eax+4] 004215A5 |. FF55 14 call dword ptr [ebp+14] 004215A8 |. EB 61 jmp short 0042160B 004215AA |> 8B45 18 mov eax, dword ptr [ebp+18] ; Case 3B (';') of switch 00421556 004215AD |. FF30 push dword ptr [eax] 004215AF |. 8B4D 08 mov ecx, dword ptr [ebp+8] 004215B2 |. FF70 04 push dword ptr [eax+4] 004215B5 |. FF75 0C push dword ptr [ebp+C] 004215B8 |. FF55 14 call dword ptr [ebp+14] 004215BB |. EB 50 jmp short 0042160D 004215BD |> 8B45 18 mov eax, dword ptr [ebp+18] ; Case 3C ('<') of switch 00421556 004215C0 |. FF30 push dword ptr [eax] 004215C2 |. 8B4D 08 mov ecx, dword ptr [ebp+8] 004215C5 |. FF70 04 push dword ptr [eax+4] 004215C8 |. FF75 0C push dword ptr [ebp+C] 004215CB |. FF55 14 call dword ptr [ebp+14] 004215CE |. EB 3B jmp short 0042160B 004215D0 |> 8B75 18 mov esi, dword ptr [ebp+18] ; Case 3D ('=') of switch 00421556 004215D3 |. 8B4D 08 mov ecx, dword ptr [ebp+8] 004215D6 |. 56 push esi 004215D7 |. FF55 14 call dword ptr [ebp+14] 004215DA |. EB 0D jmp short 004215E9 004215DC |> FF75 0C push dword ptr [ebp+C] ; Case 3E ('>') of switch 00421556 004215DF |. 8B75 18 mov esi, dword ptr [ebp+18] 004215E2 |. 8B4D 08 mov ecx, dword ptr [ebp+8] 004215E5 |. 56 push esi 004215E6 |. FF55 14 call dword ptr [ebp+14] 004215E9 |> 33C0 xor eax, eax 004215EB |. 3946 1C cmp dword ptr [esi+1C], eax 004215EE |. 0F94C0 sete al 004215F1 |. 8366 1C 00 and dword ptr [esi+1C], 0 004215F5 |. EB 14 jmp short 0042160B 004215F7 |> FF75 18 push dword ptr [ebp+18] ; Case 3F ('?') of switch 00421556 004215FA |> 8B4D 08 mov ecx, dword ptr [ebp+8] 004215FD |. FF55 14 call dword ptr [ebp+14] 00421600 |. EB 0B jmp short 0042160D 00421602 |> FF75 18 push dword ptr [ebp+18] ; Case 40 ('@') of switch 00421556 00421605 |> 8B4D 08 mov ecx, dword ptr [ebp+8] 00421608 |. FF55 14 call dword ptr [ebp+14] 0042160B |> 8BF8 mov edi, eax 0042160D |> 8BC7 mov eax, edi 0042160F |. EB 02 jmp short 00421613 00421611 |> 33C0 xor eax, eax ; Default case of switch 00421556 00421613 |> 5E pop esi 00421614 |> 5F pop edi 00421615 |. 5D pop ebp 00421616 \. C2 1C00 retn 1C 00421619 . 6A154200 dd zlsrv2.0042156A ; 分支表 被用于 00421563 0042161D . 75154200 dd zlsrv2.00421575 00421621 . 80154200 dd zlsrv2.00421580 00421625 . 85154200 dd zlsrv2.00421585 00421629 . 8A154200 dd zlsrv2.0042158A 0042162D . 9A154200 dd zlsrv2.0042159A 00421631 . AA154200 dd zlsrv2.004215AA 00421635 . BD154200 dd zlsrv2.004215BD 00421639 . D0154200 dd zlsrv2.004215D0 0042163D . DC154200 dd zlsrv2.004215DC 00421641 . F7154200 dd zlsrv2.004215F7 00421645 . 02164200 dd zlsrv2.00421602 00421649 /$ 55 push ebp 0042164A |. 8BEC mov ebp, esp 0042164C |. 8B45 0C mov eax, dword ptr [ebp+C] 0042164F |. 83F8 FE cmp eax, -2 ; Switch (cases FFFFFFFD..FFFFFFFF) 00421652 |. 57 push edi 00421653 |. 8BF9 mov edi, ecx 00421655 |. 75 21 jnz short 00421678 00421657 |. E8 99310000 call 004247F5 ; Case FFFFFFFE of switch 0042164F 0042165C |. FF75 14 push dword ptr [ebp+14] 0042165F |. 8B80 38100000 mov eax, dword ptr [eax+1038] 00421665 |. FF75 10 push dword ptr [ebp+10] 00421668 |. 8B10 mov edx, dword ptr [eax] 0042166A |. FF75 08 push dword ptr [ebp+8] 0042166D |. 8BC8 mov ecx, eax 0042166F |. 57 push edi 00421670 |. FF52 04 call dword ptr [edx+4] 00421673 |. E9 BE000000 jmp 00421736 00421678 |> 83F8 FD cmp eax, -3 0042167B |. 53 push ebx 0042167C |. 56 push esi 0042167D |. 75 78 jnz short 004216F7 0042167F |. 8B5D 10 mov ebx, dword ptr [ebp+10] ; Case FFFFFFFD of switch 0042164F 00421682 |. 8B43 30 mov eax, dword ptr [ebx+30] 00421685 |. 8365 0C 00 and dword ptr [ebp+C], 0 00421689 |. 8945 10 mov dword ptr [ebp+10], eax 0042168C |. 8B07 mov eax, dword ptr [edi] 0042168E |. 8BCF mov ecx, edi 00421690 |. FF50 2C call dword ptr [eax+2C] 00421693 |. 8BF8 mov edi, eax 00421695 |. EB 57 jmp short 004216EE 00421697 |> 837D 0C 00 /cmp dword ptr [ebp+C], 0 0042169B |. 75 55 |jnz short 004216F2 0042169D |. 8B77 04 |mov esi, dword ptr [edi+4] 004216A0 |. EB 43 |jmp short 004216E5 004216A2 |> 837E 08 00 |/cmp dword ptr [esi+8], 0 004216A6 |. 74 44 ||je short 004216EC 004216A8 |. 837D 0C 00 ||cmp dword ptr [ebp+C], 0 004216AC |. 75 3E ||jnz short 004216EC 004216AE |. 3945 08 ||cmp dword ptr [ebp+8], eax 004216B1 |. 75 2F ||jnz short 004216E2 004216B3 |. 837D 10 00 ||cmp dword ptr [ebp+10], 0 004216B7 |. 75 07 ||jnz short 004216C0 004216B9 |. 833E 00 ||cmp dword ptr [esi], 0 004216BC |. 74 17 ||je short 004216D5 004216BE |. EB 22 ||jmp short 004216E2 004216C0 |> 8B06 ||mov eax, dword ptr [esi] 004216C2 |. 85C0 ||test eax, eax 004216C4 |. 74 1C ||je short 004216E2 004216C6 |. 50 ||push eax 004216C7 |. FF75 10 ||push dword ptr [ebp+10] 004216CA |. E8 31DCFEFF ||call 0040F300 004216CF |. 85C0 ||test eax, eax 004216D1 |. 59 ||pop ecx 004216D2 |. 59 ||pop ecx 004216D3 |. 74 0D ||je short 004216E2 004216D5 |> 8B46 08 ||mov eax, dword ptr [esi+8] 004216D8 |. 8943 04 ||mov dword ptr [ebx+4], eax 004216DB |. C745 0C 01000>||mov dword ptr [ebp+C], 1 004216E2 |> 83C6 0C ||add esi, 0C 004216E5 |> 8B46 04 | mov eax, dword ptr [esi+4] 004216E8 |. 85C0 ||test eax, eax 004216EA |.^ 75 B6 |\jnz short 004216A2 004216EC |> 8B3F |mov edi, dword ptr [edi] 004216EE |> 85FF test edi, edi 004216F0 |.^ 75 A5 \jnz short 00421697 004216F2 |> 8B45 0C mov eax, dword ptr [ebp+C] 004216F5 |. EB 3D jmp short 00421734 004216F7 |> 83F8 FF cmp eax, -1 004216FA |. 74 0D je short 00421709 004216FC |. 8BD8 mov ebx, eax ; Default case of switch 0042164F 004216FE |. C1EB 10 shr ebx, 10 00421701 |. 0FB7C0 movzx eax, ax 00421704 |. 8945 0C mov dword ptr [ebp+C], eax 00421707 |. 75 05 jnz short 0042170E 00421709 |> BB 11010000 mov ebx, 111 ; Case FFFFFFFF of switch 0042164F 0042170E |> 8B07 mov eax, dword ptr [edi] 00421710 |. 8BCF mov ecx, edi 00421712 |. FF50 28 call dword ptr [eax+28] 00421715 |. 8BF0 mov esi, eax 00421717 |. EB 15 jmp short 0042172E 00421719 |> FF75 08 /push dword ptr [ebp+8] ; /Arg4 0042171C |. FF75 0C |push dword ptr [ebp+C] ; |Arg3 0042171F |. 53 |push ebx ; |Arg2 00421720 |. FF76 04 |push dword ptr [esi+4] ; |Arg1 00421723 |. E8 6CC9FFFF |call 0041E094 ; \zlsrv2.0041E094 00421728 |. 85C0 |test eax, eax 0042172A |. 75 0F |jnz short 0042173B 0042172C |. 8B36 |mov esi, dword ptr [esi] 0042172E |> 85F6 test esi, esi 00421730 |.^ 75 E7 \jnz short 00421719 00421732 |. 33C0 xor eax, eax 00421734 |> 5E pop esi 00421735 |. 5B pop ebx 00421736 |> 5F pop edi 00421737 |. 5D pop ebp 00421738 |. C2 1000 retn 10 0042173B |> FF75 14 push dword ptr [ebp+14] ; /Arg7 0042173E |. FF70 10 push dword ptr [eax+10] ; |Arg6 00421741 |. FF75 10 push dword ptr [ebp+10] ; |Arg5 00421744 |. FF70 14 push dword ptr [eax+14] ; |Arg4 00421747 |. FF75 0C push dword ptr [ebp+C] ; |Arg3 0042174A |. FF75 08 push dword ptr [ebp+8] ; |Arg2 0042174D |. 57 push edi ; |Arg1 0042174E |. E8 E0FDFFFF call 00421533 ; \zlsrv2.00421533 00421753 \.^ EB DF jmp short 00421734 以上这段代码是干什么的? |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值