一个网络游戏,更新前能用trw2000拦截到账号数据
更新前加密段代码:
:00432EF0 83EC10 sub esp, 00000010
:00432EF3 53 push ebx
:00432EF4 56 push esi
:00432EF5 57 push edi
:00432EF6 8B7C2420 mov edi, dword ptr [esp+20]
:00432EFA 8BF1 mov esi, ecx
:00432EFC 8BCF mov ecx, edi
:00432EFE E84DF6FFFF call 00432550
:00432F03 8B07 mov eax, dword ptr [edi]
:00432F05 8B4E5C mov ecx, dword ptr [esi+5C]
:00432F08 33D2 xor edx, edx
:00432F0A 668B11 mov dx, word ptr [ecx]
:00432F0D 8B18 mov ebx, dword ptr [eax]
:00432F0F 8B4804 mov ecx, dword ptr [eax+04]
:00432F12 33D3 xor edx, ebx
:00432F14 F7D3 not ebx
:00432F16 03CB add ecx, ebx
:00432F18 0FAF4808 imul ecx, dword ptr [eax+08]
.....
更新后加密段代码:
:0042E390 6AFF push FFFFFFFF
:0042E392 68ADBC5F00 push 005FBCAD
:0042E397 64A100000000 mov eax, dword ptr fs:[00000000]
:0042E39D 50 push eax
:0042E39E 64892500000000 mov dword ptr fs:[00000000], esp
:0042E3A5 83EC10 sub esp, 00000010
:0042E3A8 53 push ebx
:0042E3A9 56 push esi
:0042E3AA 57 push edi
:0042E3AB 8B7C243C mov edi, dword ptr [esp+3C]
:0042E3AF 8BF1 mov esi, ecx
:0042E3B1 57 push edi
:0042E3B2 89742410 mov dword ptr [esp+10], esi
:0042E3B6 E8756CFFFF call 00425030
:0042E3BB 33DB xor ebx, ebx
:0042E3BD 895E44 mov dword ptr [esi+44], ebx
。。。。
更新前用trw2000可以下断:bpx 00432F08
能在ecx里看到非加密的账号数据
现在请问的是下列代码的是不是FIB(或FTB)限制及如何看到非加密的账号密码数据:
:0042E390 6AFF push FFFFFFFF
:0042E392 68ADBC5F00 push 005FBCAD
:0042E397 64A100000000 mov eax, dword ptr fs:[00000000]
:0042E39D 50 push eax
:0042E39E 64892500000000 mov dword ptr fs:[00000000], esp
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
