|
如何调试 WinHex 11.7 SR-5 ?
刚打开破解时的笔记,发现该段代码已经分析过了: * Referenced by a CALL at Addresses: |:00416F95 , :004197B1 , :0041B94D , :0041C818 , :0041FA38 |:0043B3FA , :00443B69 , :0044AFEF , :00450445 , :00456AF4 |:0046480E | :00416D40 53 push ebx :00416D41 56 push esi :00416D42 81C404F9FFFF add esp, FFFFF904 :00416D48 33DB xor ebx, ebx :00416D4A 803D081C4C0000 cmp byte ptr [004C1C08], 00 //判断是否执行过 :00416D51 7407 je 00416D5A :00416D53 B301 mov bl, 01 :00416D55 E9F1010000 jmp 00416F4B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00416D51(C) | :00416D5A A1DC054C00 mov eax, dword ptr [004C05DC] //获取由Key1计算出的版本号 :00416D5F 6681383A04 cmp word ptr [eax], 043A //判断版本号,应大于此值 :00416D64 730F jnb 00416D75 :00416D66 A1DC054C00 mov eax, dword ptr [004C05DC] :00416D6B 66833864 cmp word ptr [eax], 0064 :00416D6F 0F85A4010000 jne 00416F19 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00416D64(C) | * Possible Ref to Menu: MenuID_0001, Item: " " | :00416D75 6A1C push 0000001C :00416D77 8D442410 lea eax, dword ptr [esp+10] :00416D7B 50 push eax :00416D7C 6800004000 push 00400000 * Reference To: kernel32.VirtualQuery, Ord:0000h | :00416D81 E86AF2FEFF Call 00405FF0 :00416D86 54 push esp * Possible Ref to Menu: MenuID_0001, Item: "Position markieren Strg+I" | :00416D87 6A40 push 00000040 :00416D89 8B442420 mov eax, dword ptr [esp+20] :00416D8D 50 push eax :00416D8E 8B442418 mov eax, dword ptr [esp+18] :00416D92 50 push eax * Reference To: kernel32.VirtualProtect, Ord:0000h | :00416D93 E848F2FEFF Call 00405FE0 :00416D98 85C0 test eax, eax :00416D9A 0F8479010000 je 00416F19 :00416DA0 8D442439 lea eax, dword ptr [esp+39] :00416DA4 B9C0060000 mov ecx, 000006C0 :00416DA9 8B157CE44B00 mov edx, dword ptr [004BE47C] :00416DAF E828F9FEFF call 004066DC :00416DB4 E80BFEFFFF call 00416BC4 :00416DB9 BA0C1C4C00 mov edx, 004C1C0C :00416DBE 8D442428 lea eax, dword ptr [esp+28] * Possible Ref to Menu: MenuID_0001, Item: "Sicherung wiederherstellen..." | :00416DC2 B910000000 mov ecx, 00000010 :00416DC7 E810F9FEFF call 004066DC :00416DCC 6A00 push 00000000 :00416DCE 8D4C242C lea ecx, dword ptr [esp+2C] :00416DD2 8B15F8784000 mov edx, dword ptr [004078F8] :00416DD8 33C0 xor eax, eax :00416DDA E8190EFFFF call 00407BF8 :00416DDF 8BF0 mov esi, eax :00416DE1 6A00 push 00000000 :00416DE3 8D54243D lea edx, dword ptr [esp+3D] :00416DE7 B9C0060000 mov ecx, 000006C0 :00416DEC 8BC6 mov eax, esi :00416DEE E8F10EFFFF call 00407CE4 * Possible Ref to Menu: MenuID_0001, Item: "Hex-Werte Strg+Umsch+C" | :00416DF3 BA2C000000 mov edx, 0000002C :00416DF8 8BC6 mov eax, esi :00416DFA E825B7FEFF call 00402524 :00416DFF 8D442428 lea eax, dword ptr [esp+28] * Possible Ref to Menu: MenuID_0001, Item: "Sicherung wiederherstellen..." | :00416E03 BA10000000 mov edx, 00000010 :00416E08 E8D7F8FEFF call 004066E4 :00416E0D B80C1C4C00 mov eax, 004C1C0C * Possible Ref to Menu: MenuID_0001, Item: "Sicherung wiederherstellen..." | :00416E12 BA10000000 mov edx, 00000010 :00416E17 E8C8F8FEFF call 004066E4 :00416E1C 8D442408 lea eax, dword ptr [esp+08] :00416E20 50 push eax :00416E21 68C0060000 push 000006C0 :00416E26 8D442441 lea eax, dword ptr [esp+41] :00416E2A 50 push eax :00416E2B A17CE44B00 mov eax, dword ptr [004BE47C] :00416E30 50 push eax * Reference To: kernel32.GetCurrentProcess, Ord:0000h | :00416E31 E892EFFEFF Call 00405DC8 :00416E36 50 push eax * Reference To: kernel32.WriteProcessMemory, Ord:0000h | :00416E37 E8DCF1FEFF Call 00406018 :00416E3C 85C0 test eax, eax :00416E3E 0F84D5000000 je 00416F19 :00416E44 817C2408C0060000 cmp dword ptr [esp+08], 000006C0 :00416E4C 0F85C7000000 jne 00416F19 * Possible Ref to Menu: MenuID_0001, Item: "einf?en... Strg+V" | :00416E52 6A20 push 00000020 :00416E54 A1E8094C00 mov eax, dword ptr [004C09E8] :00416E59 50 push eax :00416E5A 8D442441 lea eax, dword ptr [esp+41] :00416E5E 50 push eax * Reference To: kernel32.lstrcpynA, Ord:0000h | :00416E5F E80CF2FEFF Call 00406070 :00416E64 8D442428 lea eax, dword ptr [esp+28] * Possible Ref to Menu: MenuID_0001, Item: "Sicherung wiederherstellen..." | :00416E68 BA10000000 mov edx, 00000010 :00416E6D E872F8FEFF call 004066E4 * Possible StringData Ref from Data Obj ->"Offset" | :00416E72 8B151C054C00 mov edx, dword ptr [004C051C] :00416E78 8D442428 lea eax, dword ptr [esp+28] :00416E7C E8A31C0A00 call 004B8B24 :00416E81 6A00 push 00000000 :00416E83 8D4C242C lea ecx, dword ptr [esp+2C] :00416E87 8B15F8784000 mov edx, dword ptr [004078F8] :00416E8D 33C0 xor eax, eax :00416E8F E8640DFFFF call 00407BF8 :00416E94 8BF0 mov esi, eax :00416E96 6A00 push 00000000 :00416E98 8D54243D lea edx, dword ptr [esp+3D] * Possible Ref to Menu: MenuID_0001, Item: "einf?en... Strg+V" | :00416E9C B920000000 mov ecx, 00000020 :00416EA1 8BC6 mov eax, esi :00416EA3 E83C0EFFFF call 00407CE4 * Possible Ref to Menu: MenuID_0001, Item: "Hex-Werte Strg+Umsch+C" | :00416EA8 BA2C000000 mov edx, 0000002C :00416EAD 8BC6 mov eax, esi :00416EAF E870B6FEFF call 00402524 :00416EB4 8D442428 lea eax, dword ptr [esp+28] * Possible Ref to Menu: MenuID_0001, Item: "Sicherung wiederherstellen..." | :00416EB8 BA10000000 mov edx, 00000010 :00416EBD E822F8FEFF call 004066E4 :00416EC2 8D442439 lea eax, dword ptr [esp+39] :00416EC6 BAC0060000 mov edx, 000006C0 :00416ECB E814F8FEFF call 004066E4 :00416ED0 8D442404 lea eax, dword ptr [esp+04] :00416ED4 50 push eax :00416ED5 8B442404 mov eax, dword ptr [esp+04] :00416ED9 50 push eax :00416EDA 8B442420 mov eax, dword ptr [esp+20] :00416EDE 50 push eax :00416EDF 8B442418 mov eax, dword ptr [esp+18] :00416EE3 50 push eax * Reference To: kernel32.VirtualProtect, Ord:0000h | :00416EE4 E8F7F0FEFF Call 00405FE0 :00416EE9 8B442418 mov eax, dword ptr [esp+18] :00416EED 50 push eax :00416EEE 8B442410 mov eax, dword ptr [esp+10] :00416EF2 50 push eax * Reference To: kernel32.GetCurrentProcess, Ord:0000h | :00416EF3 E8D0EEFEFF Call 00405DC8 :00416EF8 50 push eax * Reference To: kernel32.FlushInstructionCache, Ord:0000h | :00416EF9 E8AAEEFEFF Call 00405DA8 :00416EFE A17CE44B00 mov eax, dword ptr [004BE47C] :00416F03 05C0060000 add eax, 000006C0 :00416F08 48 dec eax :00416F09 803800 cmp byte ptr [eax], 00 :00416F0C 750B jne 00416F19 :00416F0E C605081C4C0001 mov byte ptr [004C1C08], 01 //记录已执行过 :00416F15 B301 mov bl, 01 :00416F17 EB32 jmp 00416F4B * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: // 无效“user.txt” |:00416D6F(C), :00416D9A(C), :00416E3E(C), :00416E4C(C), :00416F0C(C) | * Possible StringData Ref from Data Obj ->"f4?dYy.?@" | :00416F19 A110074C00 mov eax, dword ptr [004C0710] //"user.txt" :00416F1E E8B1B60900 call 004B25D4 :00416F23 A1A00A4C00 mov eax, dword ptr [004C0AA0] //AppPath & "user.txt" :00416F28 E86BB30900 call 004B2298 //判断“user.txt”是否存在 :00416F2D 84C0 test al, al :00416F2F 7407 je 00416F38 //不存在则跳 :00416F31 E8EE5D0900 call 004ACD24 //显示无效user.txt,不执行操作 :00416F36 EB13 jmp 00416F4B * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00416F2F(C) | :00416F38 66B8D500 mov ax, 00D5 :00416F3C E8EF3F0900 call 004AAF30 //调用资源字符串:Please check the path and your access rights. * Possible Reference to Menu: MenuID_0001 | :00416F41 BA01000000 mov edx, 00000001 :00416F46 E8C5AC0900 call 004B1C10 //显示消息(Please...) * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00416D55(U), :00416F17(U), :00416F36(U) | :00416F4B 8BC3 mov eax, ebx :00416F4D 81C4FC060000 add esp, 000006FC :00416F53 5E pop esi :00416F54 5B pop ebx :00416F55 C3 ret 不知版主所指示的是这段代码吗?我在这里并不能找到全部的算法信息。还请说明。 |
|
如何调试 WinHex 11.7 SR-5 ?
还没有装IDA,W32DASM可以吗?我会试试,先言谢了。 |
|
如何调试 WinHex 11.7 SR-5 ?
还是得顶,直到解决问题。 |
|
如何调试 VCDRomX 4.1
对于上楼提到的“不能删除文件和目录”这项功能,在软件中存在代码,当软件执行到下列代码中断时: 00463E53 |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; Case C of switch 00463DFD 00463E56 |. FF55 14 CALL DWORD PTR SS:[EBP+14] 00463E59 |. EB 7F JMP SHORT VcdromX.00463EDA 我将地址转向00427B30,可以顺利实现删除文件和目录的功能。故我想该版本应该没有去除部分功能代码。 说明中的确提到过Keyfile,不过跟踪程序启动时打开的文件不太像Keyfile。 |
|
如何调试 WinHex 11.7 SR-5 ?
是不是没人会花点精力解决这种实际问题呢? |
|
如何调试 VCDRomX 4.1
帮自己顶。 |
|
如何调试 VCDRomX 4.1
没人顶,都沉下去了,快淹死了。请高手帮忙,告诉我如何找到关键的地方,程序的加密思路怎样的? |
|
如何调试 WinHex 11.7 SR-5 ?
给自己顶一下。有高手帮帮忙吗? |
|
请教还原卡的原理(请看内容,因为这不是破解请求)
如果归你管的话,打个电话给电脑公司,他们会帮你开机箱的。 |
|
SoftICE 中断疑问
Win98下调试的确很好,还可以用万能断点。可是总要前进的…… |
|
用vc写外壳
对,有实例吗? |
|
请教还原卡的原理(请看内容,因为这不是破解请求)
我当年管理学校院里的机房时用过还原卡,我想一般情况你也应该知道吧,还原卡没有必要设置超级口令的,因为会提供一个程序清除还原卡密码的。 你既然没有权利开机箱的话,就由管理员来处理。 |
|
我的softice怎么断点都不起作用啊?请大哥们帮忙。
我的也有过这种问题,有时重启一下就好了。或者换换其它调试器用用。 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值