|
查看WDL文件(DynaDoc Reader)密码
DynaDoc Reader是华康阅读器,读取一些WDL为扩展名的文件。就像PDF。 |
|
查看WDL文件(DynaDoc Reader)密码
只是这样没有增加程序大小,像我笔记本的硬盘容量可是很宝贵的。:) |
|
ACCESS密码查看器 2.2 小试牛刀
是个“距离”值。对于[ebp-$1C],就是FF-1C+1=E4。 |
|
如何调试 WinHex 11.7 SR-5 ?
个人认为,调试这个软件可以学到很多。 |
|
ACCESS密码查看器 2.2 小试牛刀
为何要“把E4改为E0”,很容易,向上看看就知道了。:) |
|
od怎么破解foxmail的密码?
Foxmail密码加密太简单的,似乎看看密文都能看出所以然来。 个人认为Foxmail这个邮件工具还是很好的,真希望能在加密方面做的好一点。支持国产软件,怎么破就不说了。 好像看雪论坛精华篇中有相关文章的。 |
|
|
|
ACCESS密码查看器 2.2 小试牛刀
有空分析了一下软件为何只显示三位密码,原来很简单。错误难免,肯请提出,认为可以的话,请“顶”一下给我一些鼓力。 00494A98 55 push ebp 00494A99 8BEC mov ebp, esp 00494A9B B908000000 mov ecx, $00000008 00494AA0 6A00 push $00 00494AA2 6A00 push $00 00494AA4 49 dec ecx 00494AA5 75F9 jnz 00494AA0 00494AA7 53 push ebx 00494AA8 56 push esi 00494AA9 57 push edi 00494AAA 8BFA mov edi, edx 00494AAC 8BD8 mov ebx, eax 00494AAE 33C0 xor eax, eax 00494AB0 55 push ebp * Possible String Reference to: '榍祧??^[?]? | 00494AB1 68C04D4900 push $00494DC0 ***** TRY | 00494AB6 64FF30 push dword ptr fs:[eax] 00494AB9 648920 mov fs:[eax], esp * Reference to control TForm1.OpenDialog1 : TOpenDialog | 00494ABC 8B83F8020000 mov eax, [ebx+$02F8] 00494AC2 8B10 mov edx, [eax] * Reference to method TOpenDialog.Execute() | 00494AC4 FF523C call dword ptr [edx+$3C] 00494AC7 3C01 cmp al, $01 00494AC9 0F851F010000 jnz 00494BEE 00494ACF 8D55F8 lea edx, [ebp-$08] * Reference to control TForm1.OpenDialog1 : TOpenDialog | 00494AD2 8B83F8020000 mov eax, [ebx+$02F8] * Reference to: Dialogs.TOpenDialog.GetFileName(TOpenDialog):TFileName; | 00494AD8 E8DBACF9FF call 0042F7B8 00494ADD 8B55F8 mov edx, [ebp-$08] * Reference to control TForm1.Edit1 : TEdit | 00494AE0 8B8324030000 mov eax, [ebx+$0324] * Reference to: Controls.TControl.SetText(TControl;TCaption); | 00494AE6 E8D5ABFAFF call 0043F6C0 00494AEB 8D55EC lea edx, [ebp-$14] * Reference to control TForm1.Edit1 : TEdit | 00494AEE 8B8324030000 mov eax, [ebx+$0324] * Reference to: Controls.TControl.GetText(TControl):TCaption; | 00494AF4 E897ABFAFF call 0043F690 00494AF9 8B45EC mov eax, [ebp-$14] 00494AFC 8D55F0 lea edx, [ebp-$10] * Reference to: SysUtils.ExtractFileExt(AnsiString):AnsiString; | 00494AFF E8D042F7FF call 00408DD4 00494B04 8B45F0 mov eax, [ebp-$10] 00494B07 8D55F4 lea edx, [ebp-$0C] * Reference to: SysUtils.UpperCase(AnsiString):AnsiString; | 00494B0A E85139F7FF call 00408460 00494B0F 8B45F4 mov eax, [ebp-$0C] * Possible String Reference to: '.MDB' | 00494B12 BAD84D4900 mov edx, $00494DD8 * Reference to: System.@LStrCmp; | 00494B17 E8E8F9F6FF call 00404504 00494B1C 743E jz 00494B5C 00494B1E 6A30 push $30 * Possible String Reference to: '提示' | 00494B20 68E04D4900 push $00494DE0 * Possible String Reference to: '这个程序只处理ACCESS数据库文件请确? | 夏愦蚩?奈募?' | 00494B25 68E84D4900 push $00494DE8 00494B2A 8BC3 mov eax, ebx * Reference to: QForms.TCustomForm.GetClientHandle(TCustomForm):QWorkspaceH; | 00494B2C E87314FBFF call 00445FA4 00494B31 50 push eax * Reference to: user32.MessageBoxA() | 00494B32 E82524F7FF call 00406F5C * Possible String Reference to: '欢迎使用' | 00494B37 BA244E4900 mov edx, $00494E24 * Reference to control TForm1.Edit1 : TEdit | 00494B3C 8B8324030000 mov eax, [ebx+$0324] * Reference to: Controls.TControl.SetText(TControl;TCaption); | 00494B42 E879ABFAFF call 0043F6C0 * Possible String Reference to: '########' | 00494B47 BA384E4900 mov edx, $00494E38 * Reference to control TForm1.Edit2 : TEdit | 00494B4C 8B8328030000 mov eax, [ebx+$0328] * Reference to: Controls.TControl.SetText(TControl;TCaption); | 00494B52 E869ABFAFF call 0043F6C0 00494B57 E9FD010000 jmp 00494D59 * Possible String Reference to: '########' | 00494B5C BA384E4900 mov edx, $00494E38 * Reference to control TForm1.Edit2 : TEdit | 00494B61 8B8328030000 mov eax, [ebx+$0328] * Reference to: Controls.TControl.SetText(TControl;TCaption); | 00494B67 E854ABFAFF call 0043F6C0 00494B6C 6A00 push $00 00494B6E 8D55E8 lea edx, [ebp-$18] * Reference to control TForm1.Edit1 : TEdit | 00494B71 8B8324030000 mov eax, [ebx+$0324] * Reference to: Controls.TControl.GetText(TControl):TCaption; | 00494B77 E814ABFAFF call 0043F690 00494B7C 8B4DE8 mov ecx, [ebp-$18] 00494B7F B201 mov dl, $01 * Reference to class TFileStream | 00494B81 A104AD4100 mov eax, dword ptr [$0041AD04] * Reference to: Classes.TFileStream.Create(TFileStream;boolean;AnsiString;Word);overload; | 00494B86 E8C1A7F8FF call 0041F34C 00494B8B 8BF0 mov esi, eax 00494B8D 6A00 push $00 00494B8F 6A14 push $14 00494B91 8BC6 mov eax, esi | 00494B93 E820A3F8FF call 0041EEB8 00494B98 8D55FF lea edx, [ebp-$01] 00494B9B B901000000 mov ecx, $00000001 00494BA0 8BC6 mov eax, esi * Reference to: Classes.TStream.ReadBuffer(TStream;void;void;Longint); | 00494BA2 E81DA5F8FF call 0041F0C4 00494BA7 807DFF01 cmp byte ptr [ebp-$01], $01 00494BAB 751A jnz 00494BC7 * Reference to field TForm1.OFFS_0360 | 00494BAD C78360030000D0070000 mov dword ptr [ebx+$0360], $000007D0 * Possible String Reference to: 'ACCESS2000' | 00494BB7 BA4C4E4900 mov edx, $00494E4C * Reference to control TForm1.Label3 : TLabel | 00494BBC 8B835C030000 mov eax, [ebx+$035C] * Reference to: Controls.TControl.SetText(TControl;TCaption); | 00494BC2 E8F9AAFAFF call 0043F6C0 00494BC7 807DFF00 cmp byte ptr [ebp-$01], $00 00494BCB 751A jnz 00494BE7 * Reference to field TForm1.OFFS_0360 | 00494BCD C7836003000061000000 mov dword ptr [ebx+$0360], $00000061 * Possible String Reference to: 'ACCESS97' | 00494BD7 BA604E4900 mov edx, $00494E60 * Reference to control TForm1.Label3 : TLabel | 00494BDC 8B835C030000 mov eax, [ebx+$035C] * Reference to: Controls.TControl.SetText(TControl;TCaption); | 00494BE2 E8D9AAFAFF call 0043F6C0 00494BE7 8BC6 mov eax, esi * Reference to: System.TObject.Free(TObject); | 00494BE9 E8E2E6F6FF call 004032D0 * Reference to Form1 | 00494BEE A1409C4900 mov eax, dword ptr [$00499C40] * Reference to: Controls.TControl.Refresh(TControl); | or: QControls.TGraphicControl.PaintRequest(TGraphicControl); | or: WebAdapt.TBaseAdapterAction.HasExecuteAccess(TBaseAdapterAction):System.Boolean; | 00494BF3 E8D4AFFAFF call 0043FBCC * Reference to field TForm1.OFFS_0360 | 00494BF8 83BB6003000061 cmp dword ptr [ebx+$0360], +$61 00494BFF 0F85A3000000 jnz 00494CA8 * Reference to field TForm1.OFFS_0374 : Byte | 00494C05 80BB7403000000 cmp byte ptr [ebx+$0374], $00 00494C0C 744E jz 00494C5C 00494C0E 8D45E4 lea eax, [ebp-$1C] 00494C11 50 push eax 00494C12 8D55DC lea edx, [ebp-$24] * Reference to control TForm1.Edit1 : TEdit | 00494C15 8B8324030000 mov eax, [ebx+$0324] * Reference to: Controls.TControl.GetText(TControl):TCaption; | 00494C1B E870AAFAFF call 0043F690 00494C20 8B55DC mov edx, [ebp-$24] { 数据库文件 } 00494C23 8D4DE0 lea ecx, [ebp-$20] 00494C26 8BC3 mov eax, ebx | 00494C28 E8570A0000 call 00495684 00494C2D 8B45E0 mov eax, [ebp-$20] { 数据库密码 } 00494C30 B904000000 mov ecx, $00000004 { 这里限制了显示的密码长度 } 00494C35 BA01000000 mov edx, $00000001 * Reference to: System.@LStrCopy; | 00494C3A E8D9F9F6FF call 00404618 00494C3F 8D45E4 lea eax, [ebp-$1C] * Possible String Reference to: '***[请用正式版]' | 00494C42 BA744E4900 mov edx, $00494E74 * Reference to: System.@LStrCat; | 00494C47 E874F7F6FF call 004043C0 00494C4C 8B55E4 mov edx, [ebp-$1C] { 在这里更改,完整的密码存在[ebp-$20],把E4改为E0 } * Reference to control TForm1.Edit2 : TEdit | 00494C4F 8B8328030000 mov eax, [ebx+$0328] * Reference to: Controls.TControl.SetText(TControl;TCaption); | 00494C55 E866AAFAFF call 0043F6C0 00494C5A EB4C jmp 00494CA8 00494C5C 8D45D8 lea eax, [ebp-$28] 00494C5F 50 push eax 00494C60 8D55D0 lea edx, [ebp-$30] * Reference to control TForm1.Edit1 : TEdit | 00494C63 8B8324030000 mov eax, [ebx+$0324] * Reference to: Controls.TControl.GetText(TControl):TCaption; | 00494C69 E822AAFAFF call 0043F690 00494C6E 8B55D0 mov edx, [ebp-$30] { 数据库文件 } 00494C71 8D4DD4 lea ecx, [ebp-$2C] 00494C74 8BC3 mov eax, ebx | 00494C76 E8090A0000 call 00495684 00494C7B 8B45D4 mov eax, [ebp-$2C] { 数据库密码 } 00494C7E B904000000 mov ecx, $00000004 { 这里限制了显示的密码长度 } 00494C83 BA01000000 mov edx, $00000001 * Reference to: System.@LStrCopy; | 00494C88 E88BF9F6FF call 00404618 00494C8D 8D45D8 lea eax, [ebp-$28] * Possible String Reference to: '######' | 00494C90 BA8C4E4900 mov edx, $00494E8C * Reference to: System.@LStrCat; | 00494C95 E826F7F6FF call 004043C0 00494C9A 8B55D8 mov edx, [ebp-$28] { 在这里更改,完整的密码存在[ebp-$2C],把D8改为D4 } * Reference to control TForm1.Edit2 : TEdit | 00494C9D 8B8328030000 mov eax, [ebx+$0328] * Reference to: Controls.TControl.SetText(TControl;TCaption); | 00494CA3 E818AAFAFF call 0043F6C0 * Reference to field TForm1.OFFS_0360 | 00494CA8 81BB60030000D0070000 cmp dword ptr [ebx+$0360], $000007D0 00494CB2 0F85A1000000 jnz 00494D59 * Reference to field TForm1.OFFS_0364 | 00494CB8 C7836403000040060000 mov dword ptr [ebx+$0364], $00000640 * Reference to field TForm1.OFFS_0368 | 00494CC2 C78368030000FFFFFFFF mov dword ptr [ebx+$0368], $FFFFFFFF 00494CCC 33C0 xor eax, eax * Reference to field TForm1.OFFS_036C | 00494CCE 89836C030000 mov [ebx+$036C], eax * Reference to field TForm1.OFFS_0374 : Byte | 00494CD4 80BB7403000001 cmp byte ptr [ebx+$0374], $01 00494CDB 753F jnz 00494D1C 00494CDD 8D45CC lea eax, [ebp-$34] 00494CE0 50 push eax 00494CE1 8D4DC8 lea ecx, [ebp-$38] 00494CE4 8BD7 mov edx, edi 00494CE6 8BC3 mov eax, ebx | 00494CE8 E843020000 call 00494F30 00494CED 8B45C8 mov eax, [ebp-$38] { 数据库密码 } 00494CF0 B904000000 mov ecx, $00000004 { 这里限制了显示的密码长度 } 00494CF5 BA01000000 mov edx, $00000001 * Reference to: System.@LStrCopy; | 00494CFA E819F9F6FF call 00404618 00494CFF 8D45CC lea eax, [ebp-$34] * Possible String Reference to: '***[请用正式版]' | 00494D02 BA744E4900 mov edx, $00494E74 * Reference to: System.@LStrCat; | 00494D07 E8B4F6F6FF call 004043C0 00494D0C 8B55CC mov edx, [ebp-$34] { 在这里更改,完整的密码存在[ebp-$38],把CC改为C8 } * Reference to control TForm1.Edit2 : TEdit | 00494D0F 8B8328030000 mov eax, [ebx+$0328] * Reference to: Controls.TControl.SetText(TControl;TCaption); | 00494D15 E8A6A9FAFF call 0043F6C0 00494D1A EB3D jmp 00494D59 00494D1C 8D45C4 lea eax, [ebp-$3C] 00494D1F 50 push eax 00494D20 8D4DC0 lea ecx, [ebp-$40] 00494D23 8BD7 mov edx, edi 00494D25 8BC3 mov eax, ebx | 00494D27 E804020000 call 00494F30 00494D2C 8B45C0 mov eax, [ebp-$40] 00494D2F B904000000 mov ecx, $00000004 00494D34 BA01000000 mov edx, $00000001 * Reference to: System.@LStrCopy; | 00494D39 E8DAF8F6FF call 00404618 00494D3E 8D45C4 lea eax, [ebp-$3C] * Possible String Reference to: '######' | 00494D41 BA8C4E4900 mov edx, $00494E8C * Reference to: System.@LStrCat; | 00494D46 E875F6F6FF call 004043C0 00494D4B 8B55C4 mov edx, [ebp-$3C] * Reference to control TForm1.Edit2 : TEdit | 00494D4E 8B8328030000 mov eax, [ebx+$0328] * Reference to: Controls.TControl.SetText(TControl;TCaption); | 00494D54 E867A9FAFF call 0043F6C0 00494D59 33C0 xor eax, eax 00494D5B 5A pop edx 00494D5C 59 pop ecx 00494D5D 59 pop ecx 00494D5E 648910 mov fs:[eax], edx ****** FINALLY | * Possible String Reference to: '_^[?]? | 00494D61 68C74D4900 push $00494DC7 00494D66 8D45C0 lea eax, [ebp-$40] 00494D69 BA04000000 mov edx, $00000004 * Reference to: System.@LStrArrayClr(void;void;Integer); | 00494D6E E899F3F6FF call 0040410C 00494D73 8D45D0 lea eax, [ebp-$30] * Reference to: System.@LStrClr(void;void); | 00494D76 E86DF3F6FF call 004040E8 00494D7B 8D45D4 lea eax, [ebp-$2C] 00494D7E BA02000000 mov edx, $00000002 * Reference to: System.@LStrArrayClr(void;void;Integer); | 00494D83 E884F3F6FF call 0040410C 00494D88 8D45DC lea eax, [ebp-$24] * Reference to: System.@LStrClr(void;void); | 00494D8B E858F3F6FF call 004040E8 00494D90 8D45E0 lea eax, [ebp-$20] 00494D93 BA02000000 mov edx, $00000002 * Reference to: System.@LStrArrayClr(void;void;Integer); | 00494D98 E86FF3F6FF call 0040410C 00494D9D 8D45E8 lea eax, [ebp-$18] 00494DA0 BA02000000 mov edx, $00000002 * Reference to: System.@LStrArrayClr(void;void;Integer); | 00494DA5 E862F3F6FF call 0040410C 00494DAA 8D45F0 lea eax, [ebp-$10] 00494DAD BA02000000 mov edx, $00000002 * Reference to: System.@LStrArrayClr(void;void;Integer); | 00494DB2 E855F3F6FF call 0040410C 00494DB7 8D45F8 lea eax, [ebp-$08] * Reference to: System.@LStrClr(void;void); | 00494DBA E829F3F6FF call 004040E8 00494DBF C3 ret * Reference to: System.@HandleFinally; | 00494DC0 E947ECF6FF jmp 00403A0C 00494DC5 EB9F jmp 00494D66 ****** END | 00494DC7 5F pop edi 00494DC8 5E pop esi 00494DC9 5B pop ebx 00494DCA 8BE5 mov esp, ebp 00494DCC 5D pop ebp 00494DCD C3 ret 总结: 只需更改三处,好像都不需要进行注册了。 9404C 8B55E4 -> 8B55E0 9409A 8B55D8 -> 8B55D4 9410C 8B55CC -> 8B55C8 |
|
如何调试 WinHex 11.7 SR-5 ?
我之前局部分析过个“CALL 00407CE4”,在程序一开始运行时就多次调用,用来解密一些字符串。分析时遇到一些乘法汇编命令,如: IMUL CX,DX //CX会取CX与DX乘积的最后四位 对于这种情况,得到CX的结果会是唯一的吗?如何求其逆运算呢? 举个例子吧: 已知:CX=F6C7, DX=4E35 由“IMUL CX,DX”求得:CX=B933 那么,已知CX=B933, DX=4E35,能求出原来的CX吗? 就是说对那个“CALL 00407CE4”求逆算的话,与此应该相关吧? 这个“CALL 00407CE4”内会涉及一个子子CALL,正算容易,反算好像不容易: 00407A6C /$ 53 PUSH EBX 00407A6D |. 56 PUSH ESI 00407A6E |. 51 PUSH ECX 00407A6F |. 66:8B58 02 MOV BX,WORD PTR DS:[EAX+2] 00407A73 |. 66:8B50 04 MOV DX,WORD PTR DS:[EAX+4] 00407A77 |. 66:03DA ADD BX,DX 00407A7A |. 0FB7D2 MOVZX EDX,DX 00407A7D |. 66:8B5450 06 MOV DX,WORD PTR DS:[EAX+EDX*2+6] 00407A82 |. 66:BE 5A01 MOV SI,15A 00407A86 |. 66:C70424 354>MOV WORD PTR SS:[ESP],4E35 00407A8C |. 8BCA MOV ECX,EDX 00407A8E |. 66:8B10 MOV DX,WORD PTR DS:[EAX] 00407A91 |. 66:8908 MOV WORD PTR DS:[EAX],CX 00407A94 |. 8BCA MOV ECX,EDX 00407A96 |. 8BD3 MOV EDX,EBX 00407A98 |. 8BD9 MOV EBX,ECX 00407A9A |. 66:0FAF1424 IMUL DX,WORD PTR SS:[ESP] 00407A9F |. 8BCA MOV ECX,EDX 00407AA1 |. 8BD6 MOV EDX,ESI 00407AA3 |. 8BF1 MOV ESI,ECX 00407AA5 |. 66:8B08 MOV CX,WORD PTR DS:[EAX] 00407AA8 |. 66:0FAFCA IMUL CX,DX 00407AAC |. 8BD1 MOV EDX,ECX 00407AAE |. 66:03F2 ADD SI,DX 00407AB1 |. 8BCA MOV ECX,EDX 00407AB3 |. 66:8B10 MOV DX,WORD PTR DS:[EAX] 00407AB6 |. 66:8908 MOV WORD PTR DS:[EAX],CX 00407AB9 |. 66:0FAF1424 IMUL DX,WORD PTR SS:[ESP] 00407ABE |. 66:03DE ADD BX,SI 00407AC1 |. 42 INC EDX 00407AC2 |. 66:8958 02 MOV WORD PTR DS:[EAX+2],BX 00407AC6 |. 0FB748 04 MOVZX ECX,WORD PTR DS:[EAX+4] 00407ACA |. 66:895448 06 MOV WORD PTR DS:[EAX+ECX*2+6],DX 00407ACF |. 66:FF40 04 INC WORD PTR DS:[EAX+4] 00407AD3 |. 8BC3 MOV EAX,EBX 00407AD5 |. 66:33C2 XOR AX,DX 00407AD8 |. 5A POP EDX 00407AD9 |. 5E POP ESI 00407ADA |. 5B POP EBX 00407ADB \. C3 RETN |
|
ACCESS密码查看器 2.2 小试牛刀
这个软件好像只能显示三位密码,是不是可以修改程序让它显示完整的数据库密码?等其他问题解决了,会试试。如果有人办到了,请发表出来让我这种菜鸟学习一下。 |
|
爆破 Advanced RAR Password Recovery 1.50
哦,没有认真测试一下,我想应该不会如此简单,我发表出来就是希望能够有人找出真正的注册码,并可以发表出来让大家一起学习。 |
|
如何调试 VCDRomX 4.1
我在跟踪时遇到这个文件的,当时也认为是KEYFILE,不是很确信。因为我目前关心的一点是如果局部破解的话该如何入手,也就是说在调试如何使程序在删除目录或文件时能正确转至正确的代码。 |
|
如何调试 WinHex 11.7 SR-5 ?
由顶文的注册信息,计算得到的SubCryptKey是这个吗? 17 2D 7D 9E 2D 34 7C D6 B4 F6 94 E4 71 E1 C4 DA 函数decrypt( )就是“CALL 00407CE4”,ESP处存放的是上面的SubCryptKey,EDX处就是Key2,是这样对吧? 也就是说现在要把“CALL 00407CE4”绝对搞懂写出其逆函数? 00416CF6 |. 6A 00 PUSH 0 ; /Arg1 = 00000000 00416CF8 |. 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4] ; |17 2D 7D 9E 2D 34 7C D6 B4 F6 94 E4 71 E1 C4 DA 00416CFC |. 8B15 F8784000 MOV EDX,DWORD PTR DS:[4078F8] ; |WinHex.00407904 53 56 83 C4 E8 88 54 24 04 89 04 24 B1 10 B8 FC 00416D02 |. 33C0 XOR EAX,EAX ; | 00416D04 |. E8 EF0EFFFF CALL WinHex.00407BF8 ; \WinHex.00407BF8 00416D09 |. 8BD8 MOV EBX,EAX 00416D0B |. 6A 00 PUSH 0 ; /Arg1 = 00000000 00416D0D |. BA 0C1C4C00 MOV EDX,WinHex.004C1C0C ; |Key2 00416D12 |. 8BC3 MOV EAX,EBX ; | 00416D14 |. B9 10000000 MOV ECX,10 ; | 00416D19 |. E8 C60FFFFF CALL WinHex.00407CE4 ; \WinHex.00407CE4 加解密字符串 谢版主花精力为我解答。 附废话一句:要去上班了,只能到回来后睡醒再分析了,恐怖的是要上二十个小时班(夜班 + 白班)。 |
|
如何调试 VCDRomX 4.1
顶,坚持到懂为止…… |
|
如何调试 WinHex 11.7 SR-5 ?
好像还是比较难的,程序中几处字符串用“call 00407CE4”来解码,是不是也用这个CALL来加密呢?因为 00416D0B |. 6A 00 PUSH 0 ; /Arg1 = 00000000 00416D0D |. BA 0C1C4C00 MOV EDX,WinHex.004C1C0C ; |Key2 00416D12 |. 8BC3 MOV EAX,EBX ; | 00416D14 |. B9 10000000 MOV ECX,10 ; | 00416D19 |. E8 C60FFFFF CALL WinHex.00407CE4 ; \WinHex.00407CE4 这几句代码用这个CALL来处理Key2,是这样吗? 对于那个call(00416DB4 E80BFEFFFF call 00416BC4),即使根据user/addr1/addr2/key1和key2计算出16-byte的decryption key,再用这个decryption key去解密0x6C0个字节成功的话,那么那个CALL所在的代码段应该跳转出去,可为何不存在跳转出去的代码?这样的话还是要执执行后面的代码:显示“Please check the path and your access rights”吧? |
|
如何调试 WinHex 11.7 SR-5 ?
多谢,马上动功看看…… |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值