环境:win98
工具:od1.10c(diy),dede fix 3.5,winhex,fs,peid 0.98
目的:乐趣所在,如果我无意间伤了谁,请原谅!
开工:
用fs脱upx变形壳。peid 向我报告:Borland C++ 1999.
用dede开刀,在main过程中有sbRegClick ,位置 403138
找到肿瘤了,大夫(od)上场。
在403138下断:
00403138 55 [color=#0000D0]PUSH[/color] [color=#FF0000]EBP[/color]
00403139 8BEC [color=#0000D0]MOV[/color] [color=#FF0000]EBP[/color],[color=#FF0000]ESP[/color]
0040313B 81C4 B8F7FFFF [color=#0000D0]ADD[/color] [color=#FF0000]ESP[/color],-848
00403141 53 [color=#0000D0]PUSH[/color] [color=#FF0000]EBX[/color]
00403142 56 [color=#0000D0]PUSH[/color] [color=#FF0000]ESI[/color]
00403143 57 [color=#0000D0]PUSH[/color] [color=#FF0000]EDI[/color]
00403144 8BF0 [color=#0000D0]MOV[/color] [color=#FF0000]ESI[/color],[color=#FF0000]EAX[/color]
00403146 BF B0C44B00 [color=#0000D0]MOV[/color] [color=#FF0000]EDI[/color],ASPEEDER.004BC4B0
0040314B B8 08D14B00 [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],ASPEEDER.004BD108
00403150 E8 477A0900 [color=#0000D0]CALL[/color] ASPEEDER.0049AB9C
00403155 66:C745 DC 0800 [color=#0000D0]MOV[/color] [color=#b000b0]WORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-24],8
0040315B 33D2 [color=#0000D0]XOR[/color] [color=#FF0000]EDX[/color],[color=#FF0000]EDX[/color]
0040315D 8B0D 707D4C00 [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4C7D70]
00403163 8955 FC [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-4],[color=#FF0000]EDX[/color]
00403166 8D87 C1010000 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+1C1]
0040316C FF45 E8 [color=#0000D0]INC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
0040316F 8D55 FC [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-4]
00403172 66:C745 DC 1400 [color=#0000D0]MOV[/color] [color=#b000b0]WORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-24],14
00403178 51 [color=#0000D0]PUSH[/color] [color=#FF0000]ECX[/color]
00403179 50 [color=#0000D0]PUSH[/color] [color=#FF0000]EAX[/color]
0040317A 52 [color=#0000D0]PUSH[/color] [color=#FF0000]EDX[/color]
0040317B E8 F04A0A00 [color=#0000D0]CALL[/color] ASPEEDER.004A7C70
00403180 8B0D 90784C00 [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4C7890] [color=#008000]; ASPEEDER._RegBox[/color]
00403186 83C4 0C [color=#0000D0]ADD[/color] [color=#FF0000]ESP[/color],0C
00403189 8B55 FC [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-4]
0040318C 8B01 [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]ECX[/color]]
0040318E 8B80 FC020000 [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EAX[/color]+2FC]
00403194 E8 536D0700 [color=#0000D0]CALL[/color] ASPEEDER.00479EEC
00403199 8B0D 90784C00 [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4C7890] [color=#008000]; ASPEEDER._RegBox[/color]
0040319F 8B01 [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]ECX[/color]]
004031A1 8B10 [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EAX[/color]]
004031A3 FF92 E8000000 [color=#0000D0]CALL[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDX[/color]+E8] [color=#008000]这里显示注册窗体[/color]
004031A9 83F8 02 [color=#0000D0]CMP[/color] [color=#FF0000]EAX[/color],2 [color=#008000]在这里下断,输入注册码:asdfasdfasdf,在这里断下,F8往下[/color]
004031AC 75 1F [color=#0000D0]JNZ[/color] SHORT ASPEEDER.004031CD
004031AE FF4D E8 [color=#0000D0]DEC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
004031B1 8D45 FC [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-4]
004031B4 BA 02000000 [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],2
004031B9 E8 06490A00 [color=#0000D0]CALL[/color] ASPEEDER.004A7AC4
004031BE 8B4D CC [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-34]
004031C1 64:890D 00000000 [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]FS[/color]:[0],[color=#FF0000]ECX[/color]
004031C8 E9 10020000 [color=#0000D0]JMP[/color] ASPEEDER.004033DD
004031CD 6A 40 [color=#0000D0]PUSH[/color] 40
004031CF 33C0 [color=#0000D0]XOR[/color] [color=#FF0000]EAX[/color],[color=#FF0000]EAX[/color]
004031D1 66:C745 DC 2000 [color=#0000D0]MOV[/color] [color=#b000b0]WORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-24],20
004031D7 8945 F8 [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-8],[color=#FF0000]EAX[/color]
004031DA 8B0D 90784C00 [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4C7890] [color=#008000]; ASPEEDER._RegBox[/color]
004031E0 FF45 E8 [color=#0000D0]INC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
004031E3 8D55 F8 [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-8]
004031E6 8B01 [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]ECX[/color]]
004031E8 8B80 08030000 [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EAX[/color]+308]
004031EE E8 C96C0700 [color=#0000D0]CALL[/color] ASPEEDER.00479EBC
004031F3 837D F8 00 [color=#0000D0]CMP[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-8],0
004031F7 74 05 [color=#0000D0]JE[/color] SHORT ASPEEDER.004031FE
004031F9 8B55 F8 [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-8]
004031FC EB 06 [color=#0000D0]JMP[/color] SHORT ASPEEDER.00403204
004031FE 8D97 C6010000 [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+1C6]
00403204 52 [color=#0000D0]PUSH[/color] [color=#FF0000]EDX[/color]
00403205 68 747D4C00 [color=#0000D0]PUSH[/color] ASPEEDER.004C7D74
0040320A E8 91780900 [color=#0000D0]CALL[/color] ASPEEDER.0049AAA0
0040320F 83C4 0C [color=#0000D0]ADD[/color] [color=#FF0000]ESP[/color],0C
00403212 FF4D E8 [color=#0000D0]DEC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
00403215 8D45 F8 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-8]
00403218 BA 02000000 [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],2
0040321D E8 A2480A00 [color=#0000D0]CALL[/color] ASPEEDER.004A7AC4
00403222 33C0 [color=#0000D0]XOR[/color] [color=#FF0000]EAX[/color],[color=#FF0000]EAX[/color]
00403224 8945 C8 [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-38],[color=#FF0000]EAX[/color]
00403227 33C9 [color=#0000D0]XOR[/color] [color=#FF0000]ECX[/color],[color=#FF0000]ECX[/color]
00403229 894D C4 [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-3C],[color=#FF0000]ECX[/color]
0040322C 33C0 [color=#0000D0]XOR[/color] [color=#FF0000]EAX[/color],[color=#FF0000]EAX[/color]
0040322E 8945 C0 [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-40],[color=#FF0000]EAX[/color]
00403231 33D2 [color=#0000D0]XOR[/color] [color=#FF0000]EDX[/color],[color=#FF0000]EDX[/color]
00403233 8955 BC [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-44],[color=#FF0000]EDX[/color]
00403236 33C9 [color=#0000D0]XOR[/color] [color=#FF0000]ECX[/color],[color=#FF0000]ECX[/color]
00403238 894D B8 [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48],[color=#FF0000]ECX[/color]
0040323B 8D55 C4 [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-3C]
0040323E 8D87 C7010000 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+1C7]
00403244 E8 3B5A0000 [color=#0000D0]CALL[/color] ASPEEDER.00408C84
00403249 8D55 C8 [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-38]
0040324C 8D87 D0010000 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+1D0]
00403252 E8 2D5A0000 [color=#0000D0]CALL[/color] ASPEEDER.00408C84
00403257 8B0D 707D4C00 [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4C7D70] [color=#008000]; 机器码->ecx[/color]
0040325D 51 [color=#0000D0]PUSH[/color] [color=#FF0000]ECX[/color]
0040325E 8D87 21020000 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+221]
00403264 50 [color=#0000D0]PUSH[/color] [color=#FF0000]EAX[/color]
00403265 8D95 B8F7FFFF [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-848]
0040326B 52 [color=#0000D0]PUSH[/color] [color=#FF0000]EDX[/color]
0040326C E8 57A00900 [color=#0000D0]CALL[/color] ASPEEDER.0049D2C8
00403271 83C4 0C [color=#0000D0]ADD[/color] [color=#FF0000]ESP[/color],0C
00403274 8D55 B8 [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48]
00403277 8D85 B8F7FFFF [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-848]
0040327D E8 E65B0000 [color=#0000D0]CALL[/color] ASPEEDER.00408E68
00403282 8D4D C0 [color=#0000D0]LEA[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-40]
00403285 51 [color=#0000D0]PUSH[/color] [color=#FF0000]ECX[/color]
00403286 8B4D C8 [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-38]
00403289 8B55 C4 [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-3C]
0040328C 8B45 B8 [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48]
0040328F E8 6C510000 [color=#0000D0]CALL[/color] ASPEEDER.00408400
00403294 8D85 B8F7FFFF [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-848]
0040329A 8B55 C0 [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-40]
0040329D E8 6E5C0000 [color=#0000D0]CALL[/color] ASPEEDER.00408F10
004032A2 8D8F 26020000 [color=#0000D0]LEA[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+226]
004032A8 51 [color=#0000D0]PUSH[/color] [color=#FF0000]ECX[/color]
004032A9 8D85 B8F7FFFF [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-848]
004032AF 50 [color=#0000D0]PUSH[/color] [color=#FF0000]EAX[/color]
004032B0 E8 C7750900 [color=#0000D0]CALL[/color] ASPEEDER.0049A87C
004032B5 83C4 08 [color=#0000D0]ADD[/color] [color=#FF0000]ESP[/color],8
004032B8 8D55 C0 [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-40]
004032BB 8D85 B8F7FFFF [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-848]
004032C1 E8 A25B0000 [color=#0000D0]CALL[/color] ASPEEDER.00408E68
004032C6 8D55 C8 [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-38]
004032C9 8D87 2F020000 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+22F]
004032CF E8 B0590000 [color=#0000D0]CALL[/color] ASPEEDER.00408C84
004032D4 8D55 B8 [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48]
004032D7 B8 747D4C00 [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],ASPEEDER.004C7D74
004032DC E8 875B0000 [color=#0000D0]CALL[/color] ASPEEDER.00408E68
004032E1 8D55 BC [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-44]
004032E4 52 [color=#0000D0]PUSH[/color] [color=#FF0000]EDX[/color]
004032E5 8B4D C8 [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-38]
004032E8 8B55 C4 [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-3C]
004032EB 8B45 B8 [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48]
004032EE E8 0D510000 [color=#0000D0]CALL[/color] ASPEEDER.00408400
004032F3 8D85 B8F7FFFF [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-848]
004032F9 8B55 BC [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-44]
004032FC E8 0F5C0000 [color=#0000D0]CALL[/color] ASPEEDER.00408F10
00403301 8B55 BC [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-44]
00403304 8B45 BC [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-40] [color=#008000]根据本人的爆破经验,凡是call有两个参数,且后跟判断句,基本上都是比较。[/color]
[color=#008000]那就老方法:让他的比较失去意义,引用两个相同的参数,将ebp-40改为ebp-44[/color]
00403307 E8 843B0000 [color=#0000D0]CALL[/color] ASPEEDER.00406E90 [color=#008000]由于这是个比较的call,程序启动是也可能用它比较,搜索指令:call 406e90[/color]
[color=#008000]将搜到的都下断,重启程序[/color]
0040330C 85C0 [color=#0000D0]TEST[/color] [color=#FF0000]EAX[/color],[color=#FF0000]EAX[/color]
0040330E 8D45 C8 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-38]
00403311 0F94C3 [color=#0000D0]SETE[/color] [color=#FF0000]BL[/color]
00403314 83E3 01 [color=#0000D0]AND[/color] [color=#FF0000]EBX[/color],1
00403317 E8 44390000 [color=#0000D0]CALL[/color] ASPEEDER.00406C60
0040331C 8D45 C4 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-3C]
0040331F E8 3C390000 [color=#0000D0]CALL[/color] ASPEEDER.00406C60
00403324 8D45 C0 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-40]
00403327 E8 34390000 [color=#0000D0]CALL[/color] ASPEEDER.00406C60
0040332C 8D45 BC [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-44]
0040332F E8 2C390000 [color=#0000D0]CALL[/color] ASPEEDER.00406C60
00403334 8D45 B8 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48]
00403337 E8 24390000 [color=#0000D0]CALL[/color] ASPEEDER.00406C60
0040333C 84DB [color=#0000D0]TEST[/color] [color=#FF0000]BL[/color],[color=#FF0000]BL[/color]
0040333E 74 1C [color=#0000D0]JE[/color] SHORT ASPEEDER.0040335C
00403340 33D2 [color=#0000D0]XOR[/color] [color=#FF0000]EDX[/color],[color=#FF0000]EDX[/color]
00403342 8B86 10030000 [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]ESI[/color]+310]
00403348 E8 8F6A0700 [color=#0000D0]CALL[/color] ASPEEDER.00479DDC
0040334D 33D2 [color=#0000D0]XOR[/color] [color=#FF0000]EDX[/color],[color=#FF0000]EDX[/color]
0040334F 8915 5CC24B00 [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4BC25C],[color=#FF0000]EDX[/color]
00403355 E8 DEF0FFFF [color=#0000D0]CALL[/color] ASPEEDER.00402438
0040335A EB 67 [color=#0000D0]JMP[/color] SHORT ASPEEDER.004033C3
0040335C 803D 4D7D4C00 00 [color=#0000D0]CMP[/color] [color=#b000b0]BYTE[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4C7D4D],0
00403363 74 30 [color=#0000D0]JE[/color] SHORT ASPEEDER.00403395
00403365 66:C745 DC 2C00 [color=#0000D0]MOV[/color] [color=#b000b0]WORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-24],2C
0040336B 8D97 90020000 [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+290]
00403371 8D45 F4 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-C]
00403374 E8 A7450A00 [color=#0000D0]CALL[/color] ASPEEDER.004A7920
00403379 FF45 E8 [color=#0000D0]INC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
0040337C 8B00 [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EAX[/color]]
0040337E E8 C1110700 [color=#0000D0]CALL[/color] ASPEEDER.00474544
00403383 FF4D E8 [color=#0000D0]DEC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
00403386 8D45 F4 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-C]
00403389 BA 02000000 [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],2
0040338E E8 31470A00 [color=#0000D0]CALL[/color] ASPEEDER.004A7AC4
00403393 EB 2E [color=#0000D0]JMP[/color] SHORT ASPEEDER.004033C3
00403395 66:C745 DC 3800 [color=#0000D0]MOV[/color] [color=#b000b0]WORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-24],38
0040339B 8D97 A4020000 [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+2A4]
004033A1 8D45 F0 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-10]
004033A4 E8 77450A00 [color=#0000D0]CALL[/color] ASPEEDER.004A7920
004033A9 FF45 E8 [color=#0000D0]INC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
004033AC 8B00 [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EAX[/color]]
004033AE E8 91110700 [color=#0000D0]CALL[/color] ASPEEDER.00474544
004033B3 FF4D E8 [color=#0000D0]DEC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
004033B6 8D45 F0 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-10]
004033B9 BA 02000000 [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],2
004033BE E8 01470A00 [color=#0000D0]CALL[/color] ASPEEDER.004A7AC4
004033C3 FF4D E8 [color=#0000D0]DEC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
004033C6 8D45 FC [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-4]
004033C9 BA 02000000 [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],2
004033CE E8 F1460A00 [color=#0000D0]CALL[/color] ASPEEDER.004A7AC4
004033D3 8B4D CC [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-34]
004033D6 64:890D 00000000 [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]FS[/color]:[0],[color=#FF0000]ECX[/color]
004033DD 5F [color=#0000D0]POP[/color] [color=#FF0000]EDI[/color]
004033DE 5E [color=#0000D0]POP[/color] [color=#FF0000]ESI[/color]
004033DF 5B [color=#0000D0]POP[/color] [color=#FF0000]EBX[/color]
004033E0 8BE5 [color=#0000D0]MOV[/color] [color=#FF0000]ESP[/color],[color=#FF0000]EBP[/color]
004033E2 5D [color=#0000D0]POP[/color] [color=#FF0000]EBP[/color]
004033E3 C3 [color=#0000D0]RETN[/color]
在这里断下:
00402F50 8B55 9C [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-64]
00402F53 8B45 9C [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-60]
00402F56 E8 353F0000 [color=#0000D0]CALL[/color] ASPEEDER.00406E90 [color=#008000]这里,修改方法同上[/color]
00402F5B 85C0 [color=#0000D0]TEST[/color] [color=#FF0000]EAX[/color],[color=#FF0000]EAX[/color]
00402F5D 8D45 A8 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-58]
00402F60 0F94C3 [color=#0000D0]SETE[/color] [color=#FF0000]BL[/color]
00402F63 83E3 01 [color=#0000D0]AND[/color] [color=#FF0000]EBX[/color],1
00402F66 E8 F53C0000 [color=#0000D0]CALL[/color] ASPEEDER.00406C60
00402F6B 8D45 A4 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-5C]
00402F6E E8 ED3C0000 [color=#0000D0]CALL[/color] ASPEEDER.00406C60
还有这里:
0040350A 8B55 B8 [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48]
0040350D 8B45 B8 [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-44]
00403510 E8 7B390000 [color=#0000D0]CALL[/color] ASPEEDER.00406E90 [color=#008000]同上[/color]
00403515 85C0 [color=#0000D0]TEST[/color] [color=#FF0000]EAX[/color],[color=#FF0000]EAX[/color]
00403517 8D45 C4 [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-3C]
0040351A 0F94C3 [color=#0000D0]SETE[/color] [color=#FF0000]BL[/color]
0040351D 83E3 01 [color=#0000D0]AND[/color] [color=#FF0000]EBX[/color],1
00403520 E8 3B370000 [color=#0000D0]CALL[/color] ASPEEDER.00406C60
完活了,这种爆破可以用于大多数程序。通过让比较call失去作用。
这个软件可以代替加速齿轮。一举两得。
收工。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课