宏狗破解求解-软件逆向-看雪-安全社区|安全招聘|kanxue.com

宏狗破解求解

发表于: 2010-4-15 07:26 5949

宏狗破解求解

夏鸥恶声

2010-4-15 07:26

5949

下bp CreateFileA断点得到，请问如何爆破分析
7C812AFB 5E             pop esi                               ; (Initial CPU selection)
7C812AFC C9             leave
7C812AFD C2 1000       retn 10
7C812B00 85FF          test edi,edi
7C812B02  ^ 0F8E 3693FFFF jle KERNEL32.7C80BE3E
7C812B08 8B55 FC       mov edx,dword ptr ss:[ebp-4]
7C812B0B 8955 0C       mov dword ptr ss:[ebp+C],edx
7C812B0E 0FB716       movzx edx,word ptr ds:[esi]
7C812B11 8B7D F8       mov edi,dword ptr ss:[ebp-8]
7C812B14 8A143A       mov dl,byte ptr ds:[edx+edi]
7C812B17 8811          mov byte ptr ds:[ecx],dl
7C812B19 8B78 0C       mov edi,dword ptr ds:[eax+C]
7C812B1C 0FB6D2       movzx edx,dl
7C812B1F 66:8B1457    mov dx,word ptr ds:[edi+edx*2]
7C812B23 66:3B16       cmp dx,word ptr ds:[esi]
7C812B26 0F85 0B8C0300 jnz KERNEL32.7C84B737
7C812B2C 8B50 08       mov edx,dword ptr ds:[eax+8]
7C812B2F 66:8B5A 04    mov bx,word ptr ds:[edx+4]
7C812B33 3819          cmp byte ptr ds:[ecx],bl
7C812B35 0F84 098C0300 je KERNEL32.7C84B744
7C812B3B 46             inc esi
7C812B3C 46             inc esi
7C812B3D 41             inc ecx
7C812B3E FF4D 0C       dec dword ptr ss:[ebp+C]
7C812B41  ^ 75 CB          jnz short KERNEL32.7C812B0E
7C812B43  ^ E9 F692FFFF    jmp KERNEL32.7C80BE3E
7C812B48 8B4D 10       mov ecx,dword ptr ss:[ebp+10]
7C812B4B E8 2478FFFF    call KERNEL32.7C80A374
7C812B50 8B55 0C       mov edx,dword ptr ss:[ebp+C]
7C812B53 8BD8          mov ebx,eax
7C812B55 43             inc ebx
7C812B56  ^ E9 11A3FFFF    jmp KERNEL32.7C80CE6C
7C812B5B 8BD9          mov ebx,ecx
7C812B5D 895D 08       mov dword ptr ss:[ebp+8],ebx
7C812B60  ^ E9 06A2FFFF    jmp KERNEL32.7C80CD6B
7C812B65 8B35 9C57887C mov esi,dword ptr ds:[7C88579C]
7C812B6B  ^ E9 01A2FFFF    jmp KERNEL32.7C80CD71
7C812B70 8365 C0 00    and dword ptr ss:[ebp-40],0
7C812B74  ^ E9 78FFFFFF    jmp KERNEL32.7C812AF1
7C812B79 90             nop
7C812B7A 90             nop
7C812B7B 90             nop
7C812B7C 90             nop
7C812B7D 90             nop
7C812B7E >  8BFF          mov edi,edi
7C812B80 55             push ebp
7C812B81 8BEC          mov ebp,esp
7C812B83 81EC 30010000 sub esp,130
7C812B89 A1 CC56887C    mov eax,dword ptr ds:[7C8856CC]
7C812B8E 56             push esi
7C812B8F 8B75 08       mov esi,dword ptr ss:[ebp+8]
7C812B92 8945 FC       mov dword ptr ss:[ebp-4],eax
7C812B95 8B06          mov eax,dword ptr ds:[esi]
7C812B97 57             push edi
7C812B98 BF 9C000000    mov edi,9C
7C812B9D 3BC7          cmp eax,edi
7C812B9F 74 0B          je short KERNEL32.7C812BAC
7C812BA1 3D 94000000    cmp eax,94
7C812BA6 0F85 B3E20200 jnz KERNEL32.7C840E5F
7C812BAC 8D85 E0FEFFFF lea eax,dword ptr ss:[ebp-120]
7C812BB2 50             push eax
7C812BB3 C785 E0FEFFFF 1>mov dword ptr ss:[ebp-120],11C
7C812BBD E8 4383FFFF    call KERNEL32.GetVersionExW
7C812BC2 85C0          test eax,eax
7C812BC4 0F84 D6060000 je KERNEL32.7C8132A0
7C812BCA 393E          cmp dword ptr ds:[esi],edi
7C812BCC 8B85 E4FEFFFF mov eax,dword ptr ss:[ebp-11C]
7C812BD2 8946 04       mov dword ptr ds:[esi+4],eax
7C812BD5 8B85 E8FEFFFF mov eax,dword ptr ss:[ebp-118]
7C812BDB 8946 08       mov dword ptr ds:[esi+8],eax
7C812BDE 8B85 ECFEFFFF mov eax,dword ptr ss:[ebp-114]
7C812BE4 8946 0C       mov dword ptr ds:[esi+C],eax
7C812BE7 8B85 F0FEFFFF mov eax,dword ptr ss:[ebp-110]
7C812BED 8946 10       mov dword ptr ds:[esi+10],eax
7C812BF0 0F84 74060000 je KERNEL32.7C81326A
7C812BF6 66:83A5 D8FEFFF>and word ptr ss:[ebp-128],0
7C812BFE 8D85 F4FEFFFF lea eax,dword ptr ss:[ebp-10C]
7C812C04 50             push eax
7C812C05 8D85 D0FEFFFF lea eax,dword ptr ss:[ebp-130]
7C812C0B 83C6 14       add esi,14
7C812C0E 50             push eax
7C812C0F 89B5 DCFEFFFF mov dword ptr ss:[ebp-124],esi
7C812C15 66:C785 DAFEFFF>mov word ptr ss:[ebp-126],80
7C812C1E FF15 4010807C call dword ptr ds:[<&ntdll.RtlInitUnicod>; ntdll.RtlInitUnicodeString
7C812C24 6A 00          push 0
7C812C26 8D85 D0FEFFFF lea eax,dword ptr ss:[ebp-130]
7C812C2C 50             push eax
7C812C2D 8D85 D8FEFFFF lea eax,dword ptr ss:[ebp-128]
7C812C33 50             push eax
7C812C34 FF15 7C10807C call dword ptr ds:[<&ntdll.RtlUnicodeStr>; ntdll.RtlUnicodeStringToAnsiString
7C812C3A 33C9          xor ecx,ecx
7C812C3C 85C0          test eax,eax
7C812C3E 0F9DC1       setge cl
7C812C41 8BC1          mov eax,ecx
7C812C43 8B4D FC       mov ecx,dword ptr ss:[ebp-4]
7C812C46 5F             pop edi
7C812C47 5E             pop esi
7C812C48 E8 5D6BFFFF    call KERNEL32.7C8097AA
7C812C4D C9             leave
7C812C4E C2 0400       retn 4
7C812C51 90             nop
7C812C52 90             nop
7C812C53 90             nop
7C812C54 90             nop
7C812C55 90             nop
7C812C56 >  8BFF          mov edi,edi
7C812C58 55             push ebp
7C812C59 8BEC          mov ebp,esp
7C812C5B 8B45 08       mov eax,dword ptr ss:[ebp+8]
7C812C5E 8B0D 3C50887C mov ecx,dword ptr ds:[7C88503C]
7C812C64 8B89 2C010000 mov ecx,dword ptr ds:[ecx+12C]
7C812C6A 8B55 10       mov edx,dword ptr ss:[ebp+10]
7C812C6D 25 05000400    and eax,40005
7C812C72 56             push esi
7C812C73 0D 00100000    or eax,1000
7C812C78 33F6          xor esi,esi
7C812C7A 3BD1          cmp edx,ecx
7C812C7C 73 36          jnb short KERNEL32.7C812CB4
7C812C7E 85D2          test edx,edx
7C812C80 75 2E          jnz short KERNEL32.7C812CB0
7C812C82 C1E1 04       shl ecx,4
7C812C85 8BF1          mov esi,ecx
7C812C87 83C8 02       or eax,2
7C812C8A 85F6          test esi,esi
7C812C8C 74 26          je short KERNEL32.7C812CB4
7C812C8E 6A 00          push 0
7C812C90 6A 00          push 0
7C812C92 FF75 0C       push dword ptr ss:[ebp+C]
7C812C95 52             push edx
7C812C96 6A 00          push 0
7C812C98 50             push eax
7C812C99 FF15 1813807C call dword ptr ds:[<&ntdll.RtlCreateHeap>; ntdll.RtlCreateHeap

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！

#调试逆向

收藏・0

免费・0

支持