【文章标题】: 【原创】某国外软件独立分析过程
【文章作者】: 大色秘密
【作者邮箱】: dasemimi@163.com
【软件名称】: 某AVI Splitter
【软件大小】: 462 KB
【下载地址】: 自己搜索下载
【加壳方式】: 无
【编写语言】: Microsoft Visual C++ 7.0
【使用工具】: OD
【操作平台】: winxp
【软件介绍】: AVI Splitter is an easy-to-use tool for splittin
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
00405730 . 83EC 0C SUB ESP,0C ; 段开头下载断点
00405733 . 55 PUSH EBP ;
00405734 . 56 PUSH ESI
00405735 . 57 PUSH EDI
00405736 . BF 01000000 MOV EDI,1
0040573B . 57 PUSH EDI
0040573C . 8BF1 MOV ESI,ECX
0040573E . E8 B6A70100 CALL AVISplit.0041FEF9
00405743 . 8B46 70 MOV EAX,DWORD PTR DS:[ESI+70] ; 加载假的注册码
00405746 . 8B68 F4 MOV EBP,DWORD PTR DS:[EAX-C] ; 加载用户名
00405749 . 83FD 02 CMP EBP,2 ; 判断用户名是否大于两位
0040574C . 7D 15 JGE SHORT AVISplit.00405763 ; 如果大于则实现跳转
0040574E . 6A 00 PUSH 0
00405750 . 6A 00 PUSH 0
00405752 . 68 6CD24200 PUSH AVISplit.0042D26C ; please input correct user name!
00405757 . E8 AB050200 CALL AVISplit.00425D07
0040575C . 5F POP EDI
0040575D . 5E POP ESI
0040575E . 5D POP EBP
0040575F . 83C4 0C ADD ESP,0C
00405762 . C3 RETN
00405763 > 8B4E 74 MOV ECX,DWORD PTR DS:[ESI+74]
00405766 . 8379 F4 08 CMP DWORD PTR DS:[ECX-C],8
上面跳转没有实现是,及用户名小于两位则执行下面的关键代码
00425BCA /> /55 PUSH EBP
00425BCB |. |8DAC24 64FFFF>LEA EBP,DWORD PTR SS:[ESP-9C]
00425BD2 |. |81EC 1C010000 SUB ESP,11C
00425BD8 |. |A1 98914300 MOV EAX,DWORD PTR DS:[439198]
00425BDD |. |53 PUSH EBX
00425BDE |. |56 PUSH ESI
00425BDF |. |33C5 XOR EAX,EBP
00425BE1 |. |57 PUSH EDI
00425BE2 |. |8985 98000000 MOV DWORD PTR SS:[EBP+98],EAX
00425BE8 |. |8B85 A4000000 MOV EAX,DWORD PTR SS:[EBP+A4]
00425BEE |. |8BF9 MOV EDI,ECX
00425BF0 |. |33F6 XOR ESI,ESI
00425BF2 |. |56 PUSH ESI
00425BF3 |. |897D 88 MOV DWORD PTR SS:[EBP-78],EDI
00425BF6 |. |8945 80 MOV DWORD PTR SS:[EBP-80],EAX
00425BF9 |. |E8 01FFFFFF CALL AVISplit.00425AFF
00425BFE |. |8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
00425C01 |. |50 PUSH EAX
00425C02 |. |56 PUSH ESI
00425C03 |. |E8 24FFFFFF CALL AVISplit.00425B2C
00425C08 |. |8BD8 MOV EBX,EAX
00425C0A |. |3B5D 90 CMP EBX,DWORD PTR SS:[EBP-70]
00425C0D |. |895D 84 MOV DWORD PTR SS:[EBP-7C],EBX
00425C10 |. |74 09 JE SHORT AVISplit.00425C1B
00425C12 |. |6A 01 PUSH 1 ; /Enable = TRUE
00425C14 |. |53 PUSH EBX ; |hWnd
00425C15 |. |FF15 78C54200 CALL DWORD PTR DS:[<&USER32.EnableWindow>; \EnableWindow
00425C1B |> |85DB TEST EBX,EBX
00425C1D |. |74 18 JE SHORT AVISplit.00425C37
00425C1F |. |6A 00 PUSH 0 ; /lParam = 0
00425C21 |. |6A 00 PUSH 0 ; |wParam = 0
00425C23 |. |68 76030000 PUSH 376 ; |Message = MSG(376)
00425C28 |. |53 PUSH EBX ; |hWnd
00425C29 |. |FF15 6CC54200 CALL DWORD PTR DS:[<&USER32.SendMessageA>; \SendMessageA
00425C2F |. |85C0 TEST EAX,EAX
00425C31 |. |74 04 JE SHORT AVISplit.00425C37
00425C33 |. |8BF0 MOV ESI,EAX
00425C35 |. |EB 07 JMP SHORT AVISplit.00425C3E
00425C37 |> |85FF TEST EDI,EDI
00425C39 |. |74 03 JE SHORT AVISplit.00425C3E
00425C3B |. |8D77 74 LEA ESI,DWORD PTR DS:[EDI+74]
00425C3E |> |8365 8C 00 AND DWORD PTR SS:[EBP-74],0
00425C42 |. |85F6 TEST ESI,ESI
00425C44 |. |74 16 JE SHORT AVISplit.00425C5C
00425C46 |. |8B06 MOV EAX,DWORD PTR DS:[ESI]
00425C48 |. |8945 8C MOV DWORD PTR SS:[EBP-74],EAX
00425C4B |. |8B85 AC000000 MOV EAX,DWORD PTR SS:[EBP+AC]
00425C51 |. |85C0 TEST EAX,EAX
00425C53 |. |74 07 JE SHORT AVISplit.00425C5C
00425C55 |. |05 00000300 ADD EAX,30000
00425C5A |. |8906 MOV DWORD PTR DS:[ESI],EAX
00425C5C |> |F685 A8000000>TEST BYTE PTR SS:[EBP+A8],0F0
00425C63 |. |75 1F JNZ SHORT AVISplit.00425C84
00425C65 |. |8B85 A8000000 MOV EAX,DWORD PTR SS:[EBP+A8]
00425C6B |. |83E0 0F AND EAX,0F
00425C6E |. |83F8 01 CMP EAX,1
00425C71 |. |76 0A JBE SHORT AVISplit.00425C7D
00425C73 |. |83F8 02 CMP EAX,2
00425C76 |. |76 0C JBE SHORT AVISplit.00425C84
00425C78 |. |83F8 04 CMP EAX,4
00425C7B |. |77 07 JA SHORT AVISplit.00425C84
00425C7D |> |838D A8000000>OR DWORD PTR SS:[EBP+A8],30
00425C84 |> |85FF TEST EDI,EDI
00425C86 |. |C645 94 00 MOV BYTE PTR SS:[EBP-6C],0
00425C8A |. |74 05 JE SHORT AVISplit.00425C91
00425C8C |. |8B5F 4C MOV EBX,DWORD PTR DS:[EDI+4C]
00425C8F |. |EB 22 JMP SHORT AVISplit.00425CB3
00425C91 |> |8D5D 94 LEA EBX,DWORD PTR SS:[EBP-6C]
00425C94 |. |BF 04010000 MOV EDI,104
00425C99 |. |57 PUSH EDI ; /BufSize => 104 (260.)
00425C9A |. |8BC3 MOV EAX,EBX ; |
00425C9C |. |50 PUSH EAX ; |PathBuffer
00425C9D |. |6A 00 PUSH 0 ; |hModule = NULL
00425C9F |. |FF15 98C24200 CALL DWORD PTR DS:[<&KERNEL32.GetModuleF>; \GetModuleFileNameA
00425CA5 |. |3BC7 CMP EAX,EDI
00425CA7 |. |8B7D 88 MOV EDI,DWORD PTR SS:[EBP-78]
00425CAA |. |75 07 JNZ SHORT AVISplit.00425CB3
00425CAC |. |C685 97000000>MOV BYTE PTR SS:[EBP+97],0
00425CB3 |> |FFB5 A8000000 PUSH DWORD PTR SS:[EBP+A8] ; /Style
00425CB9 |. |53 PUSH EBX ; |Title
00425CBA |. |FF75 80 PUSH DWORD PTR SS:[EBP-80] ; |Text
00425CBD |. |FF75 84 PUSH DWORD PTR SS:[EBP-7C] ; |hOwner
00425CC0 |. |FF15 5CC54200 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA ///送出消息框,请你输入正确的用户名
好了,如果用户名大于二的话,还有密码是否大于八位
都大于的话,那么就来到正题
00405781 > \8B46 70 MOV EAX,DWORD PTR DS:[ESI+70] ; 用户名送入eax
00405784 . 8B48 F4 MOV ECX,DWORD PTR DS:[EAX-C] ; 把假注册码送入ecx
00405787 . 85C9 TEST ECX,ECX ; ecx和假注册码的长度比较 这里ecx的值为6
00405789 . 7D 0A JGE SHORT AVISplit.00405795
0040578B . 68 57000780 PUSH 80070057
00405790 . E8 8BC1FFFF CALL AVISplit.00401920
00405795 > 8A10 MOV DL,BYTE PTR DS:[EAX] ; 用户名第一个字符d送入dl
00405797 . 8B46 70 MOV EAX,DWORD PTR DS:[ESI+70]
0040579A . 3978 F4 CMP DWORD PTR DS:[EAX-C],EDI
0040579D . 7D 0A JGE SHORT AVISplit.004057A9
0040579F . 68 57000780 PUSH 80070057
004057A4 . E8 77C1FFFF CALL AVISplit.00401920
004057A9 > 8A40 01 MOV AL,BYTE PTR DS:[EAX+1] ; 用户名第二个字符a送入al
004057AC . 884424 0E MOV BYTE PTR SS:[ESP+E],AL
004057B0 . 8B46 70 MOV EAX,DWORD PTR DS:[ESI+70] ; 用户名送入eax
004057B3 . 8B48 F4 MOV ECX,DWORD PTR DS:[EAX-C]
004057B6 . 85C9 TEST ECX,ECX
004057B8 . 7D 0A JGE SHORT AVISplit.004057C4
004057BA . 68 57000780 PUSH 80070057
004057BF . E8 5CC1FFFF CALL AVISplit.00401920
004057C4 > 8B4E 70 MOV ECX,DWORD PTR DS:[ESI+70]
004057C7 . 53 PUSH EBX
004057C8 . 8A18 MOV BL,BYTE PTR DS:[EAX]
004057CA . 3979 F4 CMP DWORD PTR DS:[ECX-C],EDI
004057CD . 7D 0A JGE SHORT AVISplit.004057D9
004057CF . 68 57000780 PUSH 80070057
004057D4 . E8 47C1FFFF CALL AVISplit.00401920
004057D9 > 0FB6C2 MOVZX EAX,DL ; 把d送入eax然后高位都用零填充
004057DC . 83C8 53 OR EAX,53 ; 64和53or=77
004057DF . 99 CDQ
004057E0 . BF 0A000000 MOV EDI,0A ; 看第一个经验总结
004057E5 . F7FF IDIV EDI
004057E7 . 0FB64424 12 MOVZX EAX,BYTE PTR SS:[ESP+12] ; 把a送入eax
004057EC . 83C8 41 OR EAX,41 ; 61和41或
004057EF . 885424 16 MOV BYTE PTR SS:[ESP+16],DL
004057F3 . 99 CDQ
004057F4 . F7FF IDIV EDI
004057F6 . 0FB6C3 MOVZX EAX,BL ; 把d送入eax
004057F9 . 83C8 56 OR EAX,56 ; 64和56或
004057FC . 885424 12 MOV BYTE PTR SS:[ESP+12],DL ; dl 是07
00405800 . 99 CDQ
00405801 . F7FF IDIV EDI ; 再次变为零
00405803 . 0FB641 01 MOVZX EAX,BYTE PTR DS:[ECX+1] ; 把a送入eax
00405807 . 83C8 49 OR EAX,49 ; a和49或
0040580A . 8BCF MOV ECX,EDI
0040580C . 885424 17 MOV BYTE PTR SS:[ESP+17],DL
00405810 . 99 CDQ
00405811 . F7F9 IDIV ECX
00405813 . 33C0 XOR EAX,EAX ; eax清零
00405815 . 33C9 XOR ECX,ECX ; ecx清零
00405817 . 85ED TEST EBP,EBP
00405819 . 885424 18 MOV BYTE PTR SS:[ESP+18],DL
0040581D . 7E 20 JLE SHORT AVISplit.0040583F
0040581F . 90 NOP
00405820 > 85C9 TEST ECX,ECX
00405822 . 0F8C D2000000 JL AVISplit.004058FA
00405828 . 8B7E 70 MOV EDI,DWORD PTR DS:[ESI+70] ; 把用户名送入edi
0040582B . 3B4F F4 CMP ECX,DWORD PTR DS:[EDI-C]
0040582E . 0F8F C6000000 JG AVISplit.004058FA
00405834 . 0FB6140F MOVZX EDX,BYTE PTR DS:[EDI+ECX] ; 把d送入edx,第二次把a送进去
00405838 . 03C2 ADD EAX,EDX
0040583A . 41 INC ECX ; ecx自加1
0040583B . 3BCD CMP ECX,EBP ; ecx和ebp相比EBP为6,而ecx为1,当密码长度为6的时候跳转
0040583D .^ 7C E1 JL SHORT AVISplit.00405820
0040583F > 8B4E 74 MOV ECX,DWORD PTR DS:[ESI+74] ; 把密码送入ecx
00405842 . 8B51 F4 MOV EDX,DWORD PTR DS:[ECX-C]
00405845 . 85D2 TEST EDX,EDX
00405847 . 7D 0A JGE SHORT AVISplit.00405853
00405849 . 68 57000780 PUSH 80070057
0040584E . E8 CDC0FFFF CALL AVISplit.00401920
00405853 > 8A11 MOV DL,BYTE PTR DS:[ECX] ; 1送入dl
00405855 . 8B4E 74 MOV ECX,DWORD PTR DS:[ESI+74]
00405858 . 8379 F4 01 CMP DWORD PTR DS:[ECX-C],1
0040585C . 885424 19 MOV BYTE PTR SS:[ESP+19],DL ; 把1送入栈
00405860 . 7D 0A JGE SHORT AVISplit.0040586C
00405862 . 68 57000780 PUSH 80070057
00405867 . E8 B4C0FFFF CALL AVISplit.00401920
0040586C > 8A49 01 MOV CL,BYTE PTR DS:[ECX+1] ; 把2送入cl
0040586F . 8B7E 74 MOV EDI,DWORD PTR DS:[ESI+74] ; 把密码再次送入edi
00405872 . 884C24 13 MOV BYTE PTR SS:[ESP+13],CL
00405876 . 837F F4 02 CMP DWORD PTR DS:[EDI-C],2
0040587A . 7D 0A JGE SHORT AVISplit.00405886
0040587C . 68 57000780 PUSH 80070057
00405881 . E8 9AC0FFFF CALL AVISplit.00401920
00405886 > 8A4F 02 MOV CL,BYTE PTR DS:[EDI+2] ; 把3送入cl
00405889 . 8B7E 74 MOV EDI,DWORD PTR DS:[ESI+74] ; 把密码送入edi
0040588C . 884C24 14 MOV BYTE PTR SS:[ESP+14],CL
00405890 . 837F F4 03 CMP DWORD PTR DS:[EDI-C],3
00405894 . 7D 0A JGE SHORT AVISplit.004058A0
00405896 . 68 57000780 PUSH 80070057
0040589B . E8 80C0FFFF CALL AVISplit.00401920
004058A0 > 8A4F 03 MOV CL,BYTE PTR DS:[EDI+3] ; 把4送入cl
004058A3 . 8B7E 74 MOV EDI,DWORD PTR DS:[ESI+74] ; 把密码123456789送入edi
004058A6 . 884C24 15 MOV BYTE PTR SS:[ESP+15],CL
004058AA . 837F F4 04 CMP DWORD PTR DS:[EDI-C],4
004058AE . 7D 0A JGE SHORT AVISplit.004058BA
004058B0 . 68 57000780 PUSH 80070057
004058B5 . E8 66C0FFFF CALL AVISplit.00401920
004058BA > 8A4F 04 MOV CL,BYTE PTR DS:[EDI+4]
004058BD . 8B7E 74 MOV EDI,DWORD PTR DS:[ESI+74] ; 把假密码送入edi
004058C0 . 837F F4 05 CMP DWORD PTR DS:[EDI-C],5
004058C4 . 7D 0A JGE SHORT AVISplit.004058D0
004058C6 . 68 57000780 PUSH 80070057
004058CB . E8 50C0FFFF CALL AVISplit.00401920
004058D0 > 8A5F 05 MOV BL,BYTE PTR DS:[EDI+5]
004058D3 . 8B7E 74 MOV EDI,DWORD PTR DS:[ESI+74] ; 把假密码送入edi
004058D6 . 885C24 1A MOV BYTE PTR SS:[ESP+1A],BL
004058DA . 837F F4 06 CMP DWORD PTR DS:[EDI-C],6
004058DE . 7D 0A JGE SHORT AVISplit.004058EA
004058E0 . 68 57000780 PUSH 80070057
004058E5 . E8 36C0FFFF CALL AVISplit.00401920
004058EA > 8A5F 06 MOV BL,BYTE PTR DS:[EDI+6] ; 把7送入bl
004058ED . 8B7E 74 MOV EDI,DWORD PTR DS:[ESI+74] ; 把假注册码送入edi
004058F0 . 885C24 1B MOV BYTE PTR SS:[ESP+1B],BL
004058F4 . 837F F4 07 CMP DWORD PTR DS:[EDI-C],7
004058F8 . 7D 0A JGE SHORT AVISplit.00405904
004058FA > 68 57000780 PUSH 80070057
004058FF . E8 1CC0FFFF CALL AVISplit.00401920
00405904 > 8A5F 07 MOV BL,BYTE PTR DS:[EDI+7] ; 把8送入bl
00405907 . 0FB67C24 16 MOVZX EDI,BYTE PTR SS:[ESP+16]
0040590C . 0FB6D2 MOVZX EDX,DL
0040590F . 83EA 30 SUB EDX,30
00405912 . 3BFA CMP EDI,EDX
00405914 . 75 48 JNZ SHORT AVISplit.0040595E
00405916 . 0FB65424 13 MOVZX EDX,BYTE PTR SS:[ESP+13]
0040591B . 0FB67C24 12 MOVZX EDI,BYTE PTR SS:[ESP+12]
00405920 . 83EA 30 SUB EDX,30
00405923 . 3BFA CMP EDI,EDX
00405925 . 75 37 JNZ SHORT AVISplit.0040595E
00405927 . 0FB65424 14 MOVZX EDX,BYTE PTR SS:[ESP+14]
0040592C . 0FB67C24 17 MOVZX EDI,BYTE PTR SS:[ESP+17]
00405931 . 83EA 30 SUB EDX,30
00405934 . 3BFA CMP EDI,EDX
00405936 . 75 26 JNZ SHORT AVISplit.0040595E
00405938 . 0FB65424 15 MOVZX EDX,BYTE PTR SS:[ESP+15]
0040593D . 0FB67C24 18 MOVZX EDI,BYTE PTR SS:[ESP+18]
00405942 . 83EA 30 SUB EDX,30
00405945 . 3BFA CMP EDI,EDX
00405947 . 75 15 JNZ SHORT AVISplit.0040595E
00405949 . 99 CDQ
0040594A . BF 0A000000 MOV EDI,0A
0040594F . F7FF IDIV EDI
00405951 . 0FB6C2 MOVZX EAX,DL
00405954 . 0FB6D1 MOVZX EDX,CL
00405957 . 83EA 30 SUB EDX,30
0040595A . 3BC2 CMP EAX,EDX
0040595C . 74 3A JE SHORT AVISplit.00405998
0040595E > 807C24 19 39 CMP BYTE PTR SS:[ESP+19],39
00405963 0F85 85000000 JNZ AVISplit.004059EE ; 关键跳,跳到注册失败哪里
00405969 807C24 13 33 CMP BYTE PTR SS:[ESP+13],33
0040596E 75 7E JNZ SHORT AVISplit.004059EE ; 再次关键跳,跳到失败哪里
00405970 8A5424 14 MOV DL,BYTE PTR SS:[ESP+14]
00405974 B0 38 MOV AL,38
00405976 3AD0 CMP DL,AL
00405978 75 74 JNZ SHORT AVISplit.004059EE ; 第一个跳 nop掉
0040597A 384424 15 CMP BYTE PTR SS:[ESP+15],AL
0040597E 75 6E JNZ SHORT AVISplit.004059EE 第二个跳 nop掉
00405980 80F9 33 CMP CL,33
00405983 75 69 JNZ SHORT AVISplit.004059EE 第三个跳 nop掉
00405985 807C24 1A 31 CMP BYTE PTR SS:[ESP+1A],31
0040598A 75 62 JNZ SHORT AVISplit.004059EE 第四个跳 nop掉
0040598C 807C24 1B 34 CMP BYTE PTR SS:[ESP+1B],34
00405991 75 5B JNZ SHORT AVISplit.004059EE 第五个
00405993 80FB 36 CMP BL,36
00405996 75 56 JNZ SHORT AVISplit.004059EE 第六个
00405998 > 6A 00 PUSH 0
0040599A . 6A 00 PUSH 0
0040599C . 68 28D24200 PUSH AVISplit.0042D228 ; registration has succeeded!
004059A1 . E8 61030200 CALL AVISplit.00425D07
004059A6 . 8B7E 70 MOV EDI,DWORD PTR DS:[ESI+70]
004059A9 . E8 502B0200 CALL AVISplit.004284FE
004059AE . 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
004059B1 . 57 PUSH EDI ; /Arg3
004059B2 . 68 00D14200 PUSH AVISplit.0042D100 ; |username
004059B7 . 68 B0CC4200 PUSH AVISplit.0042CCB0 ; |option
004059BC . 8BC8 MOV ECX,EAX ; |
004059BE . E8 84040200 CALL AVISplit.00425E47 ; \AVISplit.00425E47
004059C3 . 8B7E 74 MOV EDI,DWORD PTR DS:[ESI+74]
004059C6 . E8 332B0200 CALL AVISplit.004284FE
004059CB . 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
004059CE . 57 PUSH EDI ; /Arg3
004059CF . 68 ECD04200 PUSH AVISplit.0042D0EC ; |registration_code
004059D4 . 68 B0CC4200 PUSH AVISplit.0042CCB0 ; |option
004059D9 . 8BC8 MOV ECX,EAX ; |
004059DB . E8 67040200 CALL AVISplit.00425E47 ; \AVISplit.00425E47
004059E0 . 5B POP EBX
004059E1 . 5F POP EDI
004059E2 . 8BCE MOV ECX,ESI
004059E4 . 5E POP ESI
004059E5 . 5D POP EBP
004059E6 . 83C4 0C ADD ESP,0C
004059E9 . E9 038F0100 JMP AVISplit.0041E8F1
004059EE > 6A 00 PUSH 0 ; 这里就预示着注册失败
004059F0 . 6A 00 PUSH 0
004059F2 . 68 10D24200 PUSH AVISplit.0042D210 ; registration failed!
004059F7 . E8 0B030200 CALL AVISplit.00425D07
修改后的位
00405963 90 NOP ; 关键跳,跳到注册失败哪里
00405964 90 NOP
00405965 90 NOP
00405966 90 NOP
00405967 90 NOP
00405968 90 NOP
00405969 . 807C24 13 33 CMP BYTE PTR SS:[ESP+13],33
0040596E 90 NOP ; 再次关键跳,跳到失败哪里
0040596F 90 NOP
00405970 . 8A5424 14 MOV DL,BYTE PTR SS:[ESP+14]
00405974 . B0 38 MOV AL,38
00405976 . 3AD0 CMP DL,AL
00405978 90 NOP ; 还是弄了一次
00405979 90 NOP
0040597A . 384424 15 CMP BYTE PTR SS:[ESP+15],AL
0040597E 90 NOP
0040597F 90 NOP
00405980 . 80F9 33 CMP CL,33
00405983 90 NOP
00405984 90 NOP
00405985 . 807C24 1A 31 CMP BYTE PTR SS:[ESP+1A],31
0040598A 90 NOP
0040598B 90 NOP
0040598C . 807C24 1B 34 CMP BYTE PTR SS:[ESP+1B],34
00405991 90 NOP
00405992 90 NOP
00405993 . 80FB 36 CMP BL,36
00405996 90 NOP
00405997 90 NOP
然后保存,,,大功高成
--------------------------------------------------------------------------------
【经验总结】
CDQ 是一个让很多初学者感到困惑的指令. 它大多出现在除法运算之前. 它实际的作用只是把EDX的所有位都设成EAX最高位
的值. 也就是说,当EAX <80000000, EDX 00000000; 当EAX >= 80000000, EDX 则为FFFFFFFF).
前两天遇到了一个强壳,问了好多人,提问也没有提问到,所以,有些灰心,但是今天找到了一个无壳的软件,自己就用自
己学习过的方法,最后爆破了!在论坛还是能学到好多东西!再次感谢论坛!支持! 我会加倍努力!
--------------------------------------------------------------------------------
【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
