|
『分享』HASP/Hardlock Emulator 2006工具
我读出了dmp文件(735字节),不过用dmp2reg_eds_1.5.rar转不了,提示unknown size 我的也是,dmp文件737字节,提示unknow size 还有没有其它工具呀?先谢谢了 |
|
|
|
[原创]另一种思路试玩Aramdillo标准壳!带脱壳动画!
问 0012C280 00C15351 /CALL 到 LoadLibraryA 来自 00C1534B 0012C284 0012C3BC \FileName = "MSVBVM60.DLL" //动态库 0012C288 00000002 此时取消断点,Alt+F9返回! 到底返回的时机是什么时候?这里介绍是出现msvbvm60.dll动态库时。那程序如果没有该动态库呢,何时返回? 谢谢 |
|
ImTOO DVD Ripper 2.0.52.630_分析
这就是传说中的MD5呀,学习ing |
|
My Notes Keeper 1.1.5注册码分析
;以下代码完成((41*10+42)*10+43)*10+44功能,完全照搬软件中的代码 pop ebx lea eax,hInput1 xor ecx,ecx dec ebx test ebx,ebx jl abc5 inc ebx abc3: SHL ECX,4 XOR EDX,EDX MOV DL,[EAX] ADD ECX,EDX MOV EDX,ECX AND EDX,0F0000000h TEST EDX,EDX JE abc4 MOV ESI,EDX SHR ESI,18h XOR ECX,ESI abc4: NOT EDX AND ECX,EDX INC EAX DEC EBX JNZ abc3 abc5: ;以上代码完成((41*10+42)*10+43)*10+44功能 push ebp mov eax,ecx MOV DWORD PTR SS:[ESP+10h],EAX MOV DWORD PTR SS:[ESP+14h],4 MOV DWORD PTR SS:[ESP+0Ch],0D9F6h lea esi,stringone lea ebp,stringtwo abc6: MOV EDX,DWORD PTR SS:[ESP+0Ch] mov al,[esi] and eax,0FFh xor ecx,ecx add ecx,eax LEA ECX,DWORD PTR DS:[ECX*4] add ecx,ebp mov ecx,[ecx] inc esi mov al,[esi] and eax,0FFh xor edi,edi add edi,eax LEA EDI,DWORD PTR DS:[EDI*4] add edi,ebp mov eax,[edi] inc esi mov bl,[esi] and ebx,0FFh LEA EBX,DWORD PTR DS:[EBX*4] add ebx,ebp mov ebx,[ebx] ;上面代码完成查表功能,并将查到的结果放到相应的ecx,eax,ebx中 ADD EDX,EBX ADD EBX,EDX MOV EDI,EDX SHR EDI,7 XOR EDX,EDI ADD ECX,EDX ADD EDX,ECX MOV EDI,ECX SHL EDI,0Dh XOR ECX,EDI ADD EAX,ECX ADD ECX,EAX MOV EDI,EAX SHR EDI,11h XOR EAX,EDI ADD EBX,EAX ADD EAX,EBX MOV EDI,EBX SHL EDI,9 XOR EBX,EDI ADD EDX,EBX ADD EBX,EDX MOV EDI,EDX SHR EDI,3 XOR EDX,EDI ADD ECX,EDX MOV EDX,ECX SHL EDX,7 XOR ECX,EDX ADD EAX,ECX MOV EDX,EBX SHR EDX,0Fh XOR EAX,EDX ADD EBX,EAX MOV EAX,EBX SHL EAX,0Bh XOR EBX,EAX MOV EAX,DWORD PTR SS:[ESP+10h] xor eax,ebx MOV EDX,DWORD PTR SS:[ESP+0Ch] MOV DWORD PTR SS:[ESP+10h],EDX MOV DWORD PTR SS:[ESP+0Ch],EAX inc esi DEC DWORD PTR SS:[ESP+14h] JNZ abc6 MOV EDX,DWORD PTR SS:[ESP+10h] lea eax,strsntemp MOV DWORD PTR DS:[EAX],EDX MOV EDX,DWORD PTR SS:[ESP+0Ch] MOV DWORD PTR DS:[EAX+4],EDX lea eax,strsntemp invoke lstrlen,eax mov ecx,eax lea eax,strsntemp lea edi,strsn abc7: mov bl,[eax+ecx-1] and ebx,0Fh .if bl>9 add bl,37h .else add bl,30h .endif mov [edi+ecx*2-1],bl mov bl,[eax+ecx-1] and ebx,0F0h shr ebx,4 .if bl>9 add bl,37h .else add bl,30h .endif mov [edi+ecx*2-2],bl dec ecx test ecx,ecx jnz abc7 pop ebp |
|
My Notes Keeper 1.1.5注册码分析
stringone db 3,2,0,1,0,2,2,1,3,0,3,1,0 stringtwo db 26h,76h,14h,55h,07h,0F1h,0Bh,8Dh,40h,2Ah,49h,0F9h,4Ah,51h,74h,28h,0 lea eax,hInput1 ;以下代码完成删除大于7F的ASCII字符,新字符仍然存放于hInput1中 lea ebx, namelength mov ebx,[ebx] abc1: mov ecx,[eax+ebx-1] cmp cl,7Fh jbe abc2 push ebx push eax ;将前后两个字符串合并 xor ecx,ecx mov [eax+ebx-1],cl add ebx,eax invoke lstrcat,eax,ebx invoke lstrlen,eax lea edx,namelength mov [edx],eax pop eax pop ebx abc2: dec ebx test ebx,ebx jnz abc1 ;以上代码完成删除大于7F的ASCII字符 lea ebx,namelength mov ebx,[ebx] push ebx invoke CharUpperBuff,eax,ebx;字符串转化成大写 |
|
你认为论坛人气下降与邀请制有关吗?
最初由 riijj 发布 支持 我就是如此。 经常用Google,百度搜,发现哪个论坛了。靠,不注册还看不了贴子。除非万不得以,不然肯定bye了。 论坛氛围好,又能找到感兴趣的东西,自然会呆在这里常来逛逛 |
|
|
|
[求助]这段代码什么意思?如何在C语言里实现?
最初由 huoshan 发布 第一句原文不是这样的! 我跟踪一软件,中间过程,ecx值为5e280,故第一句的机器码应该不是这样的,抱歉! 这是原文 0040B7A0 . 8B4C24 04 mov ecx, dword ptr ss:[esp+4] ; 余数为1时,进入这里比对注册码 ecx=5E280(我这里是先进入它) 0040B7A4 . B8 C94216B2 mov eax, B21642C9 0040B7A9 . F7E9 imul ecx ; 这么大的数相乘,我不懂,请大虾赐教,谢谢 0040B7AB . 8BC2 mov eax, edx ; EAX=3D680, EDX=FFFE3580 0040B7AD . 03C1 add eax, ecx ; EAX=41800 0040B7AF . C1F8 04 sar eax, 4 ; EAX/10 0040B7B2 . 8BC8 mov ecx, eax 0040B7B4 . C1E9 1F shr ecx, 1F ; 查书本,到底sar,shr哪个是哪个循环移位。嘿,水货一个,我 0040B7B7 . 03C1 add eax, ecx ; EAX=4180+0=4180 0040B7B9 . B9 0A000000 mov ecx, 0A 0040B7BE . 99 cdq 0040B7BF . F7F9 idiv ecx ; eax=68C, EDX=8 0040B7C1 . 8A4C24 08 mov cl, byte ptr ss:[esp+8] ; cl=30 (注册码第一位) 0040B7C5 . 33C0 xor eax, eax 0040B7C7 . 80C2 30 add dl, 30 ; dl=38 0040B7CA . 3AD1 cmp dl, cl ; 第一位注册码则为8 0040B7CC . 0F94C0 sete al 0040B7CF . C3 retn |
|
[求助]这段代码什么意思?如何在C语言里实现?
自己顶一下 |
|
[求助]这段代码什么意思?如何在C语言里实现?
最初由 exe 发布 结果不对吧! 最初由 hxt 发布 好像也不对(如果eax是正数就对了) 我在OD中的跟踪结果 0040B7A0 . 8B4C24 04 mov ecx, 5E280 //ecx=0005E280 0040B7A4 . B8 C94216B2 mov eax, B21642C9 //eax=B21642c9 0040B7A9 . F7E9 imul ecx //eax=0003D680 edx=FFFE3580 0040B7AB . 8BC2 mov eax, edx //edx=FFFE3580 0040B7AD . 03C1 add eax, ecx //eax=FFFE3580+0005E280=41800 最终结果好像是eax与ecx作为无符号数相乘时的高32位 我现在就是没搞明白做imul运算时,eax为负值,eax,edx的值是如何得到的及如何转换成相对应的C语言描述 依然很感谢两位的热心帮助 |
|
Ollydump 3.00100 released
问一下。这个问题解决了吗?好决定我是否还要保留修改后的老版本 Parasyte Member Posted: 16 Apr 2005 06:10:31 Quote Hello! I recently used OllyDump 2.21b to unpack a program, and noticed the Import Rebuild feature contains a bug: When OllyDump calculates the new file size, it will not add the size of the import ordinals in the IID. In some cases (such as mine) the bug will cause the dumped executable to report errors such as "Cannot find <strange filename>.dll" That's because the IID is cut short! I guess the bug is rare enough that it was just never caught during development. To fix the bug, insert the following into line 1261 of RebuildImport.c: dwNewSectSize += sizeof(WORD); Here's what the patched code should look like: if(strlen(pApi->ApiName) != 0) { dwNewSectSize += sizeof(WORD); dwNewSectSize += (strlen(pApi->ApiName) + 1); } If you want to quickly patch OllyDump.dll without recompiling the source, you can make a few changes in a hex editor. Go to address 0x00005034, and REPLACE the data with the following: 90 90 90 90 90 90 05 03 00 00 00 Don't forget to backup your copy of OllyDump.dll before trying this. There it is! Sorry if this has been mentioned before. But I figured I would point it out, in any case. Ricardo Narvaja Member Posted: 16 Apr 2005 12:53:54 Quote i always say new ollydmps have a problem but i don´t know waht the problem is, thanks. Ricardo Ricardo Narvaja Member Posted: 16 Apr 2005 14:49:46 Quote i have the version 2.21.108 the fix is for this version? Ricardo Narvaja Parasyte Member Posted: 17 Apr 2005 03:32:29 Quote Yes, that appears to be correct. I downloaded it (OllyDump) from the "Stuph" link at the top of this page. Ricardo Narvaja Member Posted: 17 Apr 2005 05:47:49 Quote thanks Ricardo Narvaja 英文水平太臭,只好全部COPY过来了 |
|
|
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值