|
GetDriveTypeA的疑问
版主没来呀,顶一下 |
|
GetDriveTypeA的疑问
这个游戏需要光盘,但其实就是检查一下光盘卷标为XXX即能通过,我用WINISO制作了一个空的卷标为XXX的ISO文件,加载上,这个程序都可通过...现在要做得是如何跳过光盘检查... IDA是什么? |
|
GetDriveTypeA的疑问
破解一个exe文件的cd-check,运行exe后,用bp GetDriveTypeA设断,然后查看>断点,找到后双击回到Kernel32模块的断点中,然后按F4,堆栈里会出现: 0012FB98 00408A9D /CALL 到 GetDriveTypeA 0012FB9C 0012FBF8 \RootPathName = "a:\" 点上面行,回车,会回到用户模块中,以下是代码: 00408A97 ? FF15 BCB14A00 call dword ptr[<&GetDriveTypeA>] 00408A9C ? 83F8 05 cmp eax, 5 00408A9D 75 6F jnz short 0048B11 00408AA2 . 6A 00 push 0 00408AA4 . 6A 00 push 0 00408AA6 . 6A 00 push 0 00408AA8 . 6A 00 push 0 00408AAA . 6A 00 push 0 00408AAC ? 8D55 AC lea edx, dword ptr [ebp-54] 00408AAF 6A db 6A 00408AB0 50 db 50 00408AB1 8D db 8D 00408AB2 45 db 45 00408AB3 FC db FC 00408AB4 52 db 52 00408AB5 50 db 50 00408AB6 FF15 C0B14A00 call dword ptr [<&KERNEL32.GetVolumeI> 00408ABC . 85C0 test eax, eax 00408ABE . 74 51 je short 00408B11 00408AC0 . B9 06000000 mov ecx, 6 00408AC5 . 8D7D AC lea edi, dword ptr [ebp-54] 00408AC8 BE db BE 00408AC9 50 db 50 00408ACA FA db FA 00408ACB 4A db 4A 00408ACC 00 db 00 00408ACD 33 db 33 00408ACE D2 db D2 00408ACF F3 db F3 00408AD0 A6 db A6 00408AD1 75 db 75 00408AD2 3E db 3E 00408AD3 0F db 0F 00408AD4 BE db BE 00408AD5 45 db 45 00408AD6 B2 db B2 00408AD7 83 db 83 00408AD8 E8 db E8 00408AD9 31 db 31 00408ADA A3 db A3 00408ADB 9C db 9C 00408ADC 6D db 6D 00408ADD 4B db 4B 00408ADE 00 db 00 00408ADF 78 db 78 00408AE0 26 db 26 00408AE1 83 db 83 00408AE2 F8 db F8 00408AE3 02 db 02 00408AE4 7D db 7D 00408AE5 21 db 21 00408AE6 66 db 66 00408AE7 0F db 0F 00408AE8 BE db BE 00408AE9 45 inc ebp 00408AEA FC db FC 00408AEB 66 db 66 00408AEC A3 db A3 00408AED A0 db A0 00408AEE 6D db 6D 00408AEF 4B db 4B 00408AF0 00 db 00 00408AF1 66 db 66 00408AF2 C7 db C7 00408AF3 05 db 05 00408AF4 A2 db A2 00408AF5 6D db 6D 00408AF6 4B dec ebx 00408AF7 00 db 00 00408AF8 3A db 3A 00408AF9 00 db 00 00408AFA 66 db 66 00408AFB 89 db 89 00408AFC 15 db 15 00408AFD A4 db A4 00408AFE 6D db 6D 00408AFF 4B db 4B 00408B00 00 db 00 00408B01 5F db 5F 00408B02 5E db 5E 00408B03 8B db 8B 00408B04 E5 db E5 00408B05 5D pop ebp 00408B06 C3 db C3 00408B07 C7 db C7 00408B08 . 05 9C6D4B00 add eax, 004B6D9C 00408B0D > FFFF ??? 00408B0F . FFFF ??? 00408B11 . 5F pop edi 00408B12 ? 5E pop esi 00408B13 ? 8BE5 mov esp, ebp 00408B15 ? 5D pop ebp 00408B16 . C3 retn 00408B17 ? 90 nop 00408B18 ? 90 nop 00408B19 ? 90 nop 00408B1A ? 90 nop 00408B1B ? 90 nop 00408B1C . 90 nop 00408B1D . 90 nop 00408B1E ? 90 nop 00408B1F . 90 nop 00408B20 ? 833D 9C6D4B00>cmp dword ptr [4B6D9C], -1 00408B27 74 db 74 00408B28 3C db 3C 00408B29 E8 db E8 00408B2A 32 db 32 00408B2B B0 db B0 00408B2C 02 db 02 00408B2D 00 db 00 00408B2E 3C db 3C 00408B2F FF db FF 00408B30 74 db 74 00408B31 2D db 2D 00408B32 84 db 84 00408B33 C0 db C0 00408B34 74 db 74 00408B35 14 db 14 00408B36 8B db 8B 00408B37 0D db 0D 00408B38 9C db 9C 00408B39 6D db 6D 00408B3A 4B db 4B 00408B3B 00 db 00 00408B3C 0F db 0F 00408B3D BE db BE 00408B3E D0 db D0 00408B3F 41 db 41 00408B40 3B db 3B 00408B41 D1 db D1 00408B42 75 db 75 00408B43 21 db 21 00408B44 B8 db B8 00408B45 01 db 01 00408B46 00 db 00 00408B47 00 db 00 00408B48 00 db 00 00408B49 C3 db C3 00408B4A 8B db 8B 00408B4B 0D db 0D 00408B4C 9C db 9C 00408B4D 6D db 6D 00408B4E 4B db 4B 00408B4F 00 db 00 00408B50 33 db 33 00408B51 C0 db C0 00408B52 3B db 3B 00408B53 C1 db C1 00408B54 74 db 74 00408B55 09 db 09 00408B56 40 db 40 00408B57 83 db 83 00408B58 F8 db F8 00408B59 02 db 02 00408B5A 7C db 7C 00408B5B F6 db F6 00408B5C 33 db 33 00408B5D C0 db C0 00408B5E C3 db C3 00408B5F B8 db B8 00408B60 01 db 01 00408B61 00 db 00 00408B62 00 db 00 00408B63 00 db 00 00408B64 C3 db C3 00408B65 33 db 33 00408B66 C0 db C0 00408B67 C3 db C3 00408B68 90 db 90 00408B69 90 db 90 00408B6A 90 db 90 00408B6B 90 db 90 00408B6C 90 db 90 00408B6D 90 db 90 00408B6E 90 db 90 00408B6F 90 db 90 00408B70 E8 db E8 00408B71 2B db 2B 00408B72 00 db 00 00408B73 00 db 00 00408B74 00 db 00 00408B75 83 db 83 00408B76 3D db 3D 00408B77 9C db 9C 00408B78 6D db 6D 00408B79 4B db 4B 00408B7A 00 db 00 00408B7B FF db FF 00408B7C 74 db 74 00408B7D 19 db 19 00408B7E A1 db A1 00408B7F 60 db 60 00408B80 B1 db B1 00408B81 4D db 4D 00408B82 00 db 00 00408B83 85 db 85 00408B84 C0 db C0 00408B85 74 db 74 00408B86 10 db 10 00408B87 6A db 6A 00408B88 00 db 00 00408B89 6A db 6A 00408B8A . 0168 11 add dword ptr [eax+11], ebp 00408B8D . 0100 add dword ptr [eax], eax 00408B8F ? 0050 FF add byte ptr [eax-1], dl 00408B92 ? 15 84B24A00 adc eax, <&USER32.PostMessageA> 00408B97 ? C3 retn 后面还很多,请牛人看一下...下一步怎么做? |
|
GetDriveTypeA的疑问
最初由 cyto 发布 这次对吗?这次我是用运行exe后,用bp GetDriveTypeA设断,然后查看>断点,找到后双击会回到Kernel32模块的断点中,然后按F4,堆栈里会出现: 0012FB98 00408A9D /CALL 到 GetDriveTypeA 0012FB9C 0012FBF8 \RootPathName = "a:\" 点上面行,回车,这下才会回到用户模块中,以下是代码: 00408A97 ? FF15 BCB14A00 call dword ptr[<&GetDriveTypeA>] 00408A9C ? 83F8 05 cmp eax, 5 00408A9D 75 6F jnz short 0048B11 00408AA2 . 6A 00 push 0 00408AA4 . 6A 00 push 0 00408AA6 . 6A 00 push 0 00408AA8 . 6A 00 push 0 00408AAA . 6A 00 push 0 00408AAC ? 8D55 AC lea edx, dword ptr [ebp-54] 00408AAF 6A db 6A 00408AB0 50 db 50 00408AB1 8D db 8D 00408AB2 45 db 45 00408AB3 FC db FC 00408AB4 52 db 52 00408AB5 50 db 50 00408AB6 FF15 C0B14A00 call dword ptr [<&KERNEL32.GetVolumeI> 00408ABC . 85C0 test eax, eax 00408ABE . 74 51 je short 00408B11 00408AC0 . B9 06000000 mov ecx, 6 00408AC5 . 8D7D AC lea edi, dword ptr [ebp-54] 00408AC8 BE db BE 00408AC9 50 db 50 00408ACA FA db FA 00408ACB 4A db 4A 00408ACC 00 db 00 00408ACD 33 db 33 00408ACE D2 db D2 00408ACF F3 db F3 00408AD0 A6 db A6 00408AD1 75 db 75 00408AD2 3E db 3E 00408AD3 0F db 0F 00408AD4 BE db BE 00408AD5 45 db 45 00408AD6 B2 db B2 00408AD7 83 db 83 00408AD8 E8 db E8 00408AD9 31 db 31 00408ADA A3 db A3 00408ADB 9C db 9C 00408ADC 6D db 6D 00408ADD 4B db 4B 00408ADE 00 db 00 00408ADF 78 db 78 00408AE0 26 db 26 00408AE1 83 db 83 00408AE2 F8 db F8 00408AE3 02 db 02 00408AE4 7D db 7D 00408AE5 21 db 21 00408AE6 66 db 66 00408AE7 0F db 0F 00408AE8 BE db BE 00408AE9 45 inc ebp 00408AEA FC db FC 00408AEB 66 db 66 00408AEC A3 db A3 00408AED A0 db A0 00408AEE 6D db 6D 00408AEF 4B db 4B 00408AF0 00 db 00 00408AF1 66 db 66 00408AF2 C7 db C7 00408AF3 05 db 05 00408AF4 A2 db A2 00408AF5 6D db 6D 00408AF6 4B dec ebx 00408AF7 00 db 00 00408AF8 3A db 3A 00408AF9 00 db 00 00408AFA 66 db 66 00408AFB 89 db 89 00408AFC 15 db 15 00408AFD A4 db A4 00408AFE 6D db 6D 00408AFF 4B db 4B 00408B00 00 db 00 00408B01 5F db 5F 00408B02 5E db 5E 00408B03 8B db 8B 00408B04 E5 db E5 00408B05 5D pop ebp 00408B06 C3 db C3 00408B07 C7 db C7 00408B08 . 05 9C6D4B00 add eax, 004B6D9C 00408B0D > FFFF ??? 00408B0F . FFFF ??? 00408B11 . 5F pop edi 00408B12 ? 5E pop esi 00408B13 ? 8BE5 mov esp, ebp 00408B15 ? 5D pop ebp 00408B16 . C3 retn 00408B17 ? 90 nop 00408B18 ? 90 nop 00408B19 ? 90 nop 00408B1A ? 90 nop 00408B1B ? 90 nop 00408B1C . 90 nop 00408B1D . 90 nop 00408B1E ? 90 nop 00408B1F . 90 nop 00408B20 ? 833D 9C6D4B00>cmp dword ptr [4B6D9C], -1 00408B27 74 db 74 00408B28 3C db 3C 00408B29 E8 db E8 00408B2A 32 db 32 00408B2B B0 db B0 00408B2C 02 db 02 00408B2D 00 db 00 00408B2E 3C db 3C 00408B2F FF db FF 00408B30 74 db 74 00408B31 2D db 2D 00408B32 84 db 84 00408B33 C0 db C0 00408B34 74 db 74 00408B35 14 db 14 00408B36 8B db 8B 00408B37 0D db 0D 00408B38 9C db 9C 00408B39 6D db 6D 00408B3A 4B db 4B 00408B3B 00 db 00 00408B3C 0F db 0F 00408B3D BE db BE 00408B3E D0 db D0 00408B3F 41 db 41 00408B40 3B db 3B 00408B41 D1 db D1 00408B42 75 db 75 00408B43 21 db 21 00408B44 B8 db B8 00408B45 01 db 01 00408B46 00 db 00 00408B47 00 db 00 00408B48 00 db 00 00408B49 C3 db C3 00408B4A 8B db 8B 00408B4B 0D db 0D 00408B4C 9C db 9C 00408B4D 6D db 6D 00408B4E 4B db 4B 00408B4F 00 db 00 00408B50 33 db 33 00408B51 C0 db C0 00408B52 3B db 3B 00408B53 C1 db C1 00408B54 74 db 74 00408B55 09 db 09 00408B56 40 db 40 00408B57 83 db 83 00408B58 F8 db F8 00408B59 02 db 02 00408B5A 7C db 7C 00408B5B F6 db F6 00408B5C 33 db 33 00408B5D C0 db C0 00408B5E C3 db C3 00408B5F B8 db B8 00408B60 01 db 01 00408B61 00 db 00 00408B62 00 db 00 00408B63 00 db 00 00408B64 C3 db C3 00408B65 33 db 33 00408B66 C0 db C0 00408B67 C3 db C3 00408B68 90 db 90 00408B69 90 db 90 00408B6A 90 db 90 00408B6B 90 db 90 00408B6C 90 db 90 00408B6D 90 db 90 00408B6E 90 db 90 00408B6F 90 db 90 00408B70 E8 db E8 00408B71 2B db 2B 00408B72 00 db 00 00408B73 00 db 00 00408B74 00 db 00 00408B75 83 db 83 00408B76 3D db 3D 00408B77 9C db 9C 00408B78 6D db 6D 00408B79 4B db 4B 00408B7A 00 db 00 00408B7B FF db FF 00408B7C 74 db 74 00408B7D 19 db 19 00408B7E A1 db A1 00408B7F 60 db 60 00408B80 B1 db B1 00408B81 4D db 4D 00408B82 00 db 00 00408B83 85 db 85 00408B84 C0 db C0 00408B85 74 db 74 00408B86 10 db 10 00408B87 6A db 6A 00408B88 00 db 00 00408B89 6A db 6A 00408B8A . 0168 11 add dword ptr [eax+11], ebp 00408B8D . 0100 add dword ptr [eax], eax 00408B8F ? 0050 FF add byte ptr [eax-1], dl 00408B92 ? 15 84B24A00 adc eax, <&USER32.PostMessageA> 00408B97 ? C3 retn 后面还有,不知有用吗? |
|
|
|
GetDriveTypeA的疑问
这次对不对? 7C8214E3 > 8BFF mov edi, edi 7C8214E5 . 55 push ebp 7C8214E6 . 8BEC mov ebp, esp 7C8214E8 . 837D 08 00 cmp dword ptr [ebp+8], 0 7C8214EC 74 1D je short 7C82150B 7C8214EE FF75 08 push dword ptr [ebp+8] 7C8214F1 E8 7ECBFEFF call 7C80E074 7C8214F6 85C0 test eax, eax 7C8214F8 0F84 83020200 je 7C841781 7C8214FE 8B40 04 mov eax, dword ptr [eax+4] 7C821501 50 push eax 7C821502 E8 C99DFEFF call GetDriveTypeW 7C821507 5D pop ebp 7C821508 C2 0400 retn 4 7C82150B > 33C0 xor eax, eax 7C82150D .^ EB F2 jmp short 7C821501 7C82150F > 3B45 14 cmp eax, dword ptr [ebp+14] 7C821512 . 7C 45 jl short 7C821559 7C821514 . E9 84000000 jmp 7C82159D 7C821519 > FF45 0C inc dword ptr [ebp+C] 7C82151C . EB 7F jmp short 7C82159D |
|
GetDriveTypeA的疑问
不是先在命令行里输:bq GetDriveTypeA,然后再打开EXE吗? |
|
|
|
GetDriveTypeA的疑问
程序是断下来了,但不知复制哪里?是从断点到末尾,那太长了... 004935D0 > $ 55 push ebp 004935D1 . 8BEC mov ebp, esp 004935D3 . 6A FF push -1 004935D5 . 68 A8B64A00 push 004AB6A8 004935DA . 68 88924900 push 00499288 ; SE 处理程序安装 004935DF . 64:A1 0000000>mov eax, dword ptr fs:[0] 004935E5 . 50 push eax 004935E6 . 64:8925 00000>mov dword ptr fs:[0], esp 004935ED . 83C4 A8 add esp, -58 004935F0 . 53 push ebx 004935F1 . 56 push esi 004935F2 . 57 push edi 004935F3 . 8965 E8 mov dword ptr [ebp-18], esp 004935F6 . FF15 00B14A00 call dword ptr [<&KERNEL32.GetVersion>; kernel32.GetVersion 004935FC . 33D2 xor edx, edx 004935FE . 8AD4 mov dl, ah 00493600 . 8915 80545500 mov dword ptr [555480], edx 00493606 . 8BC8 mov ecx, eax 00493608 . 81E1 FF000000 and ecx, 0FF 0049360E . 890D 7C545500 mov dword ptr [55547C], ecx 00493614 . C1E1 08 shl ecx, 8 00493617 . 03CA add ecx, edx 00493619 . 890D 78545500 mov dword ptr [555478], ecx 0049361F . C1E8 10 shr eax, 10 00493622 . A3 74545500 mov dword ptr [555474], eax 00493627 . E8 64430000 call 00497990 0049362C . 85C0 test eax, eax 0049362E . 75 0A jnz short 0049363A 后面还很多... |
|
GetDriveTypeA的疑问
没人回答,我顶 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值