-
-
[分享]破解开目CAD(菜鸟破狗,高手莫入)
-
发表于: 2005-1-28 16:39
-
引言:单位有一个正版开目CAD软件,版本较低,用软件狗保护,同事想用但只有一只狗,不太方便.正好本人闲着没事拿来练手,此文没什么技术含量,高手莫入.
一、破解目标:开目CAD 3.6
二、破解工具:OllyDbg V1.10
三、破解人:DarkBull@email.com.cn
四、破解过程:
1.该软件采用了加密狗保护形式,查看说明使用了HASP和SENSE3两种狗,用OLLYDBG载入,查找字符串参考,发现有“\\.\SENSE3Dev”,在调用处下断点,拦截后代码如下:
0070DA2E |> \6A 00 PUSH 0 ; /hTemplateFile = NULL; Case 2 of switch 0070DA07
0070DA30 |. 6A 00 PUSH 0 ; |Attributes = 0
0070DA32 |. 6A 03 PUSH 3 ; |Mode = OPEN_EXISTING
0070DA34 |. 6A 00 PUSH 0 ; |pSecurity = NULL
0070DA36 |. 6A 01 PUSH 1 ; |ShareMode = FILE_SHARE_READ
0070DA38 |. 68 00000>PUSH 80000000 ; |Access = GENERIC_READ
0070DA3D |. 68 60407>PUSH Km.00744060 ; |FileName = "\\.\SENSE3Dev"
0070DA42 |. FF15 60E>CALL NEAR DWORD PTR DS:[<&KERNEL32.Cr>; \CreateFileA
0070DA48 |. 83F8 FF CMP EAX,-1 ; 返回设备句柄
0070DA4B 75 18 JNZ SHORT Km.0070DA65 ; 成功则跳
0070DA4D 8B8424 9>MOV EAX,DWORD PTR SS:[ESP+98]
0070DA54 |. 66:C740 >MOV WORD PTR DS:[EAX+5A],8
0070DA5A |. 66:B8 01>MOV AX,1
0070DA5E |. 81C4 940>ADD ESP,94
0070DA64 |. C3 RETN
2.执行到返回,继续单步跟踪,见如下代码:
0070686F /$ 55 PUSH EBP
00706870 |. 8BEC MOV EBP,ESP
00706872 |. C705 E04>MOV DWORD PTR DS:[804FE0],1
0070687C |. 68 38508>PUSH Km.00805038 ; /Arg9 = 00805038
00706881 |. 68 34508>PUSH Km.00805034 ; |Arg8 = 00805034
00706886 |. 68 30508>PUSH Km.00805030 ; |Arg7 = 00805030
0070688B |. 68 2C508>PUSH Km.0080502C ; |Arg6 = 0080502C
00706890 |. A1 1C337>MOV EAX,DWORD PTR DS:[74331C] ; |
00706895 |. 50 PUSH EAX ; |Arg5 => 00003760
00706896 |. 8B0D 183>MOV ECX,DWORD PTR DS:[743318] ; |
0070689C |. 51 PUSH ECX ; |Arg4 => 00003F8F
0070689D |. 8B15 505>MOV EDX,DWORD PTR DS:[805050] ; |
007068A3 |. 52 PUSH EDX ; |Arg3 => 00000000
007068A4 |. A1 40508>MOV EAX,DWORD PTR DS:[805040] ; |
007068A9 |. 50 PUSH EAX ; |Arg2 => 00000000
007068AA |. 8B0D E04>MOV ECX,DWORD PTR DS:[804FE0] ; |
007068B0 |. 51 PUSH ECX ; |Arg1 => 00000028
007068B1 |. E8 2B4F0>CALL Km.0070B7E1 ; \Km.0070B7E1
007068B6 |. 83C4 24 ADD ESP,24
007068B9 |. 833D 345>CMP DWORD PTR DS:[805034],-64 ; 计算结果1
007068C0 74 16 JE SHORT Km.007068D8 ; 破解点1(不能跳)
007068C2 |. 833D 345>CMP DWORD PTR DS:[805034],-65
007068C9 |. 74 0D JE SHORT Km.007068D8
007068CB |. 833D 345>CMP DWORD PTR DS:[805034],-66
007068D2 |. 0F85 A60>JNZ Km.0070697E
007068D8 |> 833D 345>CMP DWORD PTR DS:[805034],-64
007068DF |. 75 13 JNZ SHORT Km.007068F4
007068E1 |. 68 743D7>PUSH Km.00743D74 ; /format = "HASP Device Driver not installed."
007068E6 |. 68 E44F8>PUSH Km.00804FE4 ; |s = Km.00804FE4
007068EB |. FF15 BCE>CALL NEAR DWORD PTR DS:[<&MSVCRT.spri>; \sprintf
007068F1 |. 83C4 08 ADD ESP,8
007068F4 |> 833D 345>CMP DWORD PTR DS:[805034],-65
007068FB |. 75 13 JNZ SHORT Km.00706910
007068FD |. 68 983D7>PUSH Km.00743D98 ; /format = "Can't read from HASP Device Driver."
00706902 |. 68 E44F8>PUSH Km.00804FE4 ; |s = Km.00804FE4
00706907 |. FF15 BCE>CALL NEAR DWORD PTR DS:[<&MSVCRT.spri>; \sprintf
0070690D |. 83C4 08 ADD ESP,8
00706910 |> 833D 345>CMP DWORD PTR DS:[805034],-66
00706917 |. 75 13 JNZ SHORT Km.0070692C
00706919 |. 68 BC3D7>PUSH Km.00743DBC ; /format = "Can't close HASP Device Driver."
0070691E |. 68 E44F8>PUSH Km.00804FE4 ; |s = Km.00804FE4
00706923 |. FF15 BCE>CALL NEAR DWORD PTR DS:[<&MSVCRT.spri>; \sprintf
00706929 |. 83C4 08 ADD ESP,8
0070692C |> C705 385>MOV DWORD PTR DS:[805038],0
00706936 |. 8B15 385>MOV EDX,DWORD PTR DS:[805038]
0070693C |. 8915 345>MOV DWORD PTR DS:[805034],EDX
00706942 |. A1 34508>MOV EAX,DWORD PTR DS:[805034]
00706947 |. A3 30508>MOV DWORD PTR DS:[805030],EAX
0070694C |. 8B0D 305>MOV ECX,DWORD PTR DS:[805030]
00706952 |. 890D 2C5>MOV DWORD PTR DS:[80502C],ECX
00706958 |. C705 044>MOV DWORD PTR DS:[804804],0C
00706962 |. C705 3C5>MOV DWORD PTR DS:[80503C],0
0070696C |. C705 084>MOV DWORD PTR DS:[804808],0
00706976 |. 83C8 FF OR EAX,FFFFFFFF
00706979 |. E9 F8010>JMP Km.00706B76
0070697E |> 833D 2C5>CMP DWORD PTR DS:[80502C],0
00706985 75 5B JNZ SHORT Km.007069E2 ; 破解点2(应该跳)
00706987 |. 68 DC3D7>PUSH Km.00743DDC ; /format = "HASP not found !"
0070698C |. 68 E44F8>PUSH Km.00804FE4 ; |s = Km.00804FE4
00706991 |. FF15 BCE>CALL NEAR DWORD PTR DS:[<&MSVCRT.spri>; \sprintf
00706997 |. 83C4 08 ADD ESP,8
0070699A |. C705 385>MOV DWORD PTR DS:[805038],0
007069A4 |. 8B15 385>MOV EDX,DWORD PTR DS:[805038]
007069AA |. 8915 345>MOV DWORD PTR DS:[805034],EDX
007069B0 |. A1 34508>MOV EAX,DWORD PTR DS:[805034]
007069B5 |. A3 30508>MOV DWORD PTR DS:[805030],EAX
007069BA |. 8B0D 305>MOV ECX,DWORD PTR DS:[805030]
007069C0 |. 890D 2C5>MOV DWORD PTR DS:[80502C],ECX
007069C6 |. C705 3C5>MOV DWORD PTR DS:[80503C],0
007069D0 |. C705 084>MOV DWORD PTR DS:[804808],0
007069DA |. 83C8 FF OR EAX,FFFFFFFF
007069DD |. E9 94010>JMP Km.00706B76
007069E2 |> C705 E04>MOV DWORD PTR DS:[804FE0],5
007069EC |. 68 38508>PUSH Km.00805038 ; /Arg9 = 00805038
007069F1 |. 68 34508>PUSH Km.00805034 ; |Arg8 = 00805034
007069F6 |. 68 30508>PUSH Km.00805030 ; |Arg7 = 00805030
007069FB |. 68 2C508>PUSH Km.0080502C ; |Arg6 = 0080502C
00706A00 |. 8B15 1C3>MOV EDX,DWORD PTR DS:[74331C] ; |
00706A06 |. 52 PUSH EDX ; |Arg5 => 00003760
00706A07 |. A1 18337>MOV EAX,DWORD PTR DS:[743318] ; |
00706A0C |. 50 PUSH EAX ; |Arg4 => 00003F8F
00706A0D |. 8B0D 505>MOV ECX,DWORD PTR DS:[805050] ; |
00706A13 |. 51 PUSH ECX ; |Arg3 => 00000000
00706A14 |. 8B15 405>MOV EDX,DWORD PTR DS:[805040] ; |
00706A1A |. 52 PUSH EDX ; |Arg2 => 00000000
00706A1B |. A1 E04F8>MOV EAX,DWORD PTR DS:[804FE0] ; |
00706A20 |. 50 PUSH EAX ; |Arg1 => 00000028
00706A21 |. E8 BB4D0>CALL Km.0070B7E1 ; \Km.0070B7E1
00706A26 |. 83C4 24 ADD ESP,24
00706A29 |. 8B0D 305>MOV ECX,DWORD PTR DS:[805030] ; 计算结果2
00706A2F |. 8B148D F>MOV EDX,DWORD PTR DS:[ECX*4+7432F4]
00706A36 |. 52 PUSH EDX ; |format
00706A37 |. 68 E44F8>PUSH Km.00804FE4 ; |s = Km.00804FE4
00706A3C |. FF15 BCE>CALL NEAR DWORD PTR DS:[<&MSVCRT.spri>; \sprintf
00706A42 |. 83C4 08 ADD ESP,8
00706A45 |. 833D 345>CMP DWORD PTR DS:[805034],0
00706A4C |. 0F85 BE0>JNZ Km.00706B10
........ ***************************************************; 省略部分代码
00706B10 |> 833D 345>CMP DWORD PTR DS:[805034],0
00706B17 |. 75 58 JNZ SHORT Km.00706B71
00706B19 |. 68 F03D7>PUSH Km.00743DF0 ; /format = "Incorrect Password"
00706B1E |. 68 E44F8>PUSH Km.00804FE4 ; |s = Km.00804FE4
00706B23 |. FF15 BCE>CALL NEAR DWORD PTR DS:[<&MSVCRT.spri>; \sprintf
00706B29 |. 83C4 08 ADD ESP,8
00706B2C |. C705 385>MOV DWORD PTR DS:[805038],0
00706B36 |. A1 38508>MOV EAX,DWORD PTR DS:[805038]
00706B3B |. A3 34508>MOV DWORD PTR DS:[805034],EAX
00706B40 |. 8B0D 345>MOV ECX,DWORD PTR DS:[805034]
00706B46 |. 890D 305>MOV DWORD PTR DS:[805030],ECX
00706B4C |. 8B15 305>MOV EDX,DWORD PTR DS:[805030]
00706B52 |. 8915 2C5>MOV DWORD PTR DS:[80502C],EDX
00706B58 |. C705 3C5>MOV DWORD PTR DS:[80503C],0
00706B62 |. C705 084>MOV DWORD PTR DS:[804808],0
00706B6C |. 83C8 FF OR EAX,FFFFFFFF
00706B6F |. EB 05 JMP SHORT Km.00706B76
00706B71 |> B8 79000>MOV EAX,79
00706B76 |> 5D POP EBP
00706B77 \. C3 RETN
3.返回后代码如下:
007053C1 |. A2 00468>MOV BYTE PTR DS:[804600],AL
007053C6 |. 0FBE15 0>MOVSX EDX,BYTE PTR DS:[804600]
007053CD |. 83FA 79 CMP EDX,79
007053D0 75 16 JNZ SHORT Km.007053E8
007053D2 |. E8 BD040>CALL Km.00705894 ; 进一步验证
007053D7 |. 8945 F0 MOV [LOCAL.4],EAX
007053DA |. 837D F0 >CMP [LOCAL.4],-1
007053DE 75 08 JNZ SHORT Km.007053E8 ; 破解点3
007053E0 |. 83C8 FF OR EAX,FFFFFFFF
007053E3 |. E9 B8020>JMP Km.007056A0
4.将上述三个点改为相反指令即可。
一、破解目标:开目CAD 3.6
二、破解工具:OllyDbg V1.10
三、破解人:DarkBull@email.com.cn
四、破解过程:
1.该软件采用了加密狗保护形式,查看说明使用了HASP和SENSE3两种狗,用OLLYDBG载入,查找字符串参考,发现有“\\.\SENSE3Dev”,在调用处下断点,拦截后代码如下:
0070DA2E |> \6A 00 PUSH 0 ; /hTemplateFile = NULL; Case 2 of switch 0070DA07
0070DA30 |. 6A 00 PUSH 0 ; |Attributes = 0
0070DA32 |. 6A 03 PUSH 3 ; |Mode = OPEN_EXISTING
0070DA34 |. 6A 00 PUSH 0 ; |pSecurity = NULL
0070DA36 |. 6A 01 PUSH 1 ; |ShareMode = FILE_SHARE_READ
0070DA38 |. 68 00000>PUSH 80000000 ; |Access = GENERIC_READ
0070DA3D |. 68 60407>PUSH Km.00744060 ; |FileName = "\\.\SENSE3Dev"
0070DA42 |. FF15 60E>CALL NEAR DWORD PTR DS:[<&KERNEL32.Cr>; \CreateFileA
0070DA48 |. 83F8 FF CMP EAX,-1 ; 返回设备句柄
0070DA4B 75 18 JNZ SHORT Km.0070DA65 ; 成功则跳
0070DA4D 8B8424 9>MOV EAX,DWORD PTR SS:[ESP+98]
0070DA54 |. 66:C740 >MOV WORD PTR DS:[EAX+5A],8
0070DA5A |. 66:B8 01>MOV AX,1
0070DA5E |. 81C4 940>ADD ESP,94
0070DA64 |. C3 RETN
2.执行到返回,继续单步跟踪,见如下代码:
0070686F /$ 55 PUSH EBP
00706870 |. 8BEC MOV EBP,ESP
00706872 |. C705 E04>MOV DWORD PTR DS:[804FE0],1
0070687C |. 68 38508>PUSH Km.00805038 ; /Arg9 = 00805038
00706881 |. 68 34508>PUSH Km.00805034 ; |Arg8 = 00805034
00706886 |. 68 30508>PUSH Km.00805030 ; |Arg7 = 00805030
0070688B |. 68 2C508>PUSH Km.0080502C ; |Arg6 = 0080502C
00706890 |. A1 1C337>MOV EAX,DWORD PTR DS:[74331C] ; |
00706895 |. 50 PUSH EAX ; |Arg5 => 00003760
00706896 |. 8B0D 183>MOV ECX,DWORD PTR DS:[743318] ; |
0070689C |. 51 PUSH ECX ; |Arg4 => 00003F8F
0070689D |. 8B15 505>MOV EDX,DWORD PTR DS:[805050] ; |
007068A3 |. 52 PUSH EDX ; |Arg3 => 00000000
007068A4 |. A1 40508>MOV EAX,DWORD PTR DS:[805040] ; |
007068A9 |. 50 PUSH EAX ; |Arg2 => 00000000
007068AA |. 8B0D E04>MOV ECX,DWORD PTR DS:[804FE0] ; |
007068B0 |. 51 PUSH ECX ; |Arg1 => 00000028
007068B1 |. E8 2B4F0>CALL Km.0070B7E1 ; \Km.0070B7E1
007068B6 |. 83C4 24 ADD ESP,24
007068B9 |. 833D 345>CMP DWORD PTR DS:[805034],-64 ; 计算结果1
007068C0 74 16 JE SHORT Km.007068D8 ; 破解点1(不能跳)
007068C2 |. 833D 345>CMP DWORD PTR DS:[805034],-65
007068C9 |. 74 0D JE SHORT Km.007068D8
007068CB |. 833D 345>CMP DWORD PTR DS:[805034],-66
007068D2 |. 0F85 A60>JNZ Km.0070697E
007068D8 |> 833D 345>CMP DWORD PTR DS:[805034],-64
007068DF |. 75 13 JNZ SHORT Km.007068F4
007068E1 |. 68 743D7>PUSH Km.00743D74 ; /format = "HASP Device Driver not installed."
007068E6 |. 68 E44F8>PUSH Km.00804FE4 ; |s = Km.00804FE4
007068EB |. FF15 BCE>CALL NEAR DWORD PTR DS:[<&MSVCRT.spri>; \sprintf
007068F1 |. 83C4 08 ADD ESP,8
007068F4 |> 833D 345>CMP DWORD PTR DS:[805034],-65
007068FB |. 75 13 JNZ SHORT Km.00706910
007068FD |. 68 983D7>PUSH Km.00743D98 ; /format = "Can't read from HASP Device Driver."
00706902 |. 68 E44F8>PUSH Km.00804FE4 ; |s = Km.00804FE4
00706907 |. FF15 BCE>CALL NEAR DWORD PTR DS:[<&MSVCRT.spri>; \sprintf
0070690D |. 83C4 08 ADD ESP,8
00706910 |> 833D 345>CMP DWORD PTR DS:[805034],-66
00706917 |. 75 13 JNZ SHORT Km.0070692C
00706919 |. 68 BC3D7>PUSH Km.00743DBC ; /format = "Can't close HASP Device Driver."
0070691E |. 68 E44F8>PUSH Km.00804FE4 ; |s = Km.00804FE4
00706923 |. FF15 BCE>CALL NEAR DWORD PTR DS:[<&MSVCRT.spri>; \sprintf
00706929 |. 83C4 08 ADD ESP,8
0070692C |> C705 385>MOV DWORD PTR DS:[805038],0
00706936 |. 8B15 385>MOV EDX,DWORD PTR DS:[805038]
0070693C |. 8915 345>MOV DWORD PTR DS:[805034],EDX
00706942 |. A1 34508>MOV EAX,DWORD PTR DS:[805034]
00706947 |. A3 30508>MOV DWORD PTR DS:[805030],EAX
0070694C |. 8B0D 305>MOV ECX,DWORD PTR DS:[805030]
00706952 |. 890D 2C5>MOV DWORD PTR DS:[80502C],ECX
00706958 |. C705 044>MOV DWORD PTR DS:[804804],0C
00706962 |. C705 3C5>MOV DWORD PTR DS:[80503C],0
0070696C |. C705 084>MOV DWORD PTR DS:[804808],0
00706976 |. 83C8 FF OR EAX,FFFFFFFF
00706979 |. E9 F8010>JMP Km.00706B76
0070697E |> 833D 2C5>CMP DWORD PTR DS:[80502C],0
00706985 75 5B JNZ SHORT Km.007069E2 ; 破解点2(应该跳)
00706987 |. 68 DC3D7>PUSH Km.00743DDC ; /format = "HASP not found !"
0070698C |. 68 E44F8>PUSH Km.00804FE4 ; |s = Km.00804FE4
00706991 |. FF15 BCE>CALL NEAR DWORD PTR DS:[<&MSVCRT.spri>; \sprintf
00706997 |. 83C4 08 ADD ESP,8
0070699A |. C705 385>MOV DWORD PTR DS:[805038],0
007069A4 |. 8B15 385>MOV EDX,DWORD PTR DS:[805038]
007069AA |. 8915 345>MOV DWORD PTR DS:[805034],EDX
007069B0 |. A1 34508>MOV EAX,DWORD PTR DS:[805034]
007069B5 |. A3 30508>MOV DWORD PTR DS:[805030],EAX
007069BA |. 8B0D 305>MOV ECX,DWORD PTR DS:[805030]
007069C0 |. 890D 2C5>MOV DWORD PTR DS:[80502C],ECX
007069C6 |. C705 3C5>MOV DWORD PTR DS:[80503C],0
007069D0 |. C705 084>MOV DWORD PTR DS:[804808],0
007069DA |. 83C8 FF OR EAX,FFFFFFFF
007069DD |. E9 94010>JMP Km.00706B76
007069E2 |> C705 E04>MOV DWORD PTR DS:[804FE0],5
007069EC |. 68 38508>PUSH Km.00805038 ; /Arg9 = 00805038
007069F1 |. 68 34508>PUSH Km.00805034 ; |Arg8 = 00805034
007069F6 |. 68 30508>PUSH Km.00805030 ; |Arg7 = 00805030
007069FB |. 68 2C508>PUSH Km.0080502C ; |Arg6 = 0080502C
00706A00 |. 8B15 1C3>MOV EDX,DWORD PTR DS:[74331C] ; |
00706A06 |. 52 PUSH EDX ; |Arg5 => 00003760
00706A07 |. A1 18337>MOV EAX,DWORD PTR DS:[743318] ; |
00706A0C |. 50 PUSH EAX ; |Arg4 => 00003F8F
00706A0D |. 8B0D 505>MOV ECX,DWORD PTR DS:[805050] ; |
00706A13 |. 51 PUSH ECX ; |Arg3 => 00000000
00706A14 |. 8B15 405>MOV EDX,DWORD PTR DS:[805040] ; |
00706A1A |. 52 PUSH EDX ; |Arg2 => 00000000
00706A1B |. A1 E04F8>MOV EAX,DWORD PTR DS:[804FE0] ; |
00706A20 |. 50 PUSH EAX ; |Arg1 => 00000028
00706A21 |. E8 BB4D0>CALL Km.0070B7E1 ; \Km.0070B7E1
00706A26 |. 83C4 24 ADD ESP,24
00706A29 |. 8B0D 305>MOV ECX,DWORD PTR DS:[805030] ; 计算结果2
00706A2F |. 8B148D F>MOV EDX,DWORD PTR DS:[ECX*4+7432F4]
00706A36 |. 52 PUSH EDX ; |format
00706A37 |. 68 E44F8>PUSH Km.00804FE4 ; |s = Km.00804FE4
00706A3C |. FF15 BCE>CALL NEAR DWORD PTR DS:[<&MSVCRT.spri>; \sprintf
00706A42 |. 83C4 08 ADD ESP,8
00706A45 |. 833D 345>CMP DWORD PTR DS:[805034],0
00706A4C |. 0F85 BE0>JNZ Km.00706B10
........ ***************************************************; 省略部分代码
00706B10 |> 833D 345>CMP DWORD PTR DS:[805034],0
00706B17 |. 75 58 JNZ SHORT Km.00706B71
00706B19 |. 68 F03D7>PUSH Km.00743DF0 ; /format = "Incorrect Password"
00706B1E |. 68 E44F8>PUSH Km.00804FE4 ; |s = Km.00804FE4
00706B23 |. FF15 BCE>CALL NEAR DWORD PTR DS:[<&MSVCRT.spri>; \sprintf
00706B29 |. 83C4 08 ADD ESP,8
00706B2C |. C705 385>MOV DWORD PTR DS:[805038],0
00706B36 |. A1 38508>MOV EAX,DWORD PTR DS:[805038]
00706B3B |. A3 34508>MOV DWORD PTR DS:[805034],EAX
00706B40 |. 8B0D 345>MOV ECX,DWORD PTR DS:[805034]
00706B46 |. 890D 305>MOV DWORD PTR DS:[805030],ECX
00706B4C |. 8B15 305>MOV EDX,DWORD PTR DS:[805030]
00706B52 |. 8915 2C5>MOV DWORD PTR DS:[80502C],EDX
00706B58 |. C705 3C5>MOV DWORD PTR DS:[80503C],0
00706B62 |. C705 084>MOV DWORD PTR DS:[804808],0
00706B6C |. 83C8 FF OR EAX,FFFFFFFF
00706B6F |. EB 05 JMP SHORT Km.00706B76
00706B71 |> B8 79000>MOV EAX,79
00706B76 |> 5D POP EBP
00706B77 \. C3 RETN
3.返回后代码如下:
007053C1 |. A2 00468>MOV BYTE PTR DS:[804600],AL
007053C6 |. 0FBE15 0>MOVSX EDX,BYTE PTR DS:[804600]
007053CD |. 83FA 79 CMP EDX,79
007053D0 75 16 JNZ SHORT Km.007053E8
007053D2 |. E8 BD040>CALL Km.00705894 ; 进一步验证
007053D7 |. 8945 F0 MOV [LOCAL.4],EAX
007053DA |. 837D F0 >CMP [LOCAL.4],-1
007053DE 75 08 JNZ SHORT Km.007053E8 ; 破解点3
007053E0 |. 83C8 FF OR EAX,FFFFFFFF
007053E3 |. E9 B8020>JMP Km.007056A0
4.将上述三个点改为相反指令即可。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
