首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 软件逆向
    3. 发新帖
A speeder 爆破
发表于: 2004-5-22 09:54 5987

A speeder 爆破

无名和尚 活跃值
1
2004-5-22 09:54
5987
环境:win98
工具:od1.10c(diy),dede fix 3.5,winhex,fs,peid 0.98
目的:乐趣所在,如果我无意间伤了谁,请原谅!
开工:
用fs脱upx变形壳。peid 向我报告:Borland C++ 1999.
用dede开刀,在main过程中有sbRegClick ,位置 403138
找到肿瘤了,大夫(od)上场。
在403138下断:

00403138   55               [color=#0000D0]PUSH[/color] [color=#FF0000]EBP[/color]
00403139   8BEC             [color=#0000D0]MOV[/color] [color=#FF0000]EBP[/color],[color=#FF0000]ESP[/color]
0040313B   81C4 B8F7FFFF    [color=#0000D0]ADD[/color] [color=#FF0000]ESP[/color],-848
00403141   53               [color=#0000D0]PUSH[/color] [color=#FF0000]EBX[/color]
00403142   56               [color=#0000D0]PUSH[/color] [color=#FF0000]ESI[/color]
00403143   57               [color=#0000D0]PUSH[/color] [color=#FF0000]EDI[/color]
00403144   8BF0             [color=#0000D0]MOV[/color] [color=#FF0000]ESI[/color],[color=#FF0000]EAX[/color]
00403146   BF B0C44B00      [color=#0000D0]MOV[/color] [color=#FF0000]EDI[/color],ASPEEDER.004BC4B0
0040314B   B8 08D14B00      [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],ASPEEDER.004BD108
00403150   E8 477A0900      [color=#0000D0]CALL[/color] ASPEEDER.0049AB9C
00403155   66:C745 DC 0800  [color=#0000D0]MOV[/color] [color=#b000b0]WORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-24],8
0040315B   33D2             [color=#0000D0]XOR[/color] [color=#FF0000]EDX[/color],[color=#FF0000]EDX[/color]
0040315D   8B0D 707D4C00    [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4C7D70]
00403163   8955 FC          [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-4],[color=#FF0000]EDX[/color]
00403166   8D87 C1010000    [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+1C1]
0040316C   FF45 E8          [color=#0000D0]INC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
0040316F   8D55 FC          [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-4]
00403172   66:C745 DC 1400  [color=#0000D0]MOV[/color] [color=#b000b0]WORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-24],14
00403178   51               [color=#0000D0]PUSH[/color] [color=#FF0000]ECX[/color]
00403179   50               [color=#0000D0]PUSH[/color] [color=#FF0000]EAX[/color]
0040317A   52               [color=#0000D0]PUSH[/color] [color=#FF0000]EDX[/color]
0040317B   E8 F04A0A00      [color=#0000D0]CALL[/color] ASPEEDER.004A7C70
00403180   8B0D 90784C00    [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4C7890]            [color=#008000]; ASPEEDER._RegBox[/color]
00403186   83C4 0C          [color=#0000D0]ADD[/color] [color=#FF0000]ESP[/color],0C
00403189   8B55 FC          [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-4]
0040318C   8B01             [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]ECX[/color]]
0040318E   8B80 FC020000    [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EAX[/color]+2FC]
00403194   E8 536D0700      [color=#0000D0]CALL[/color] ASPEEDER.00479EEC
00403199   8B0D 90784C00    [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4C7890]            [color=#008000]; ASPEEDER._RegBox[/color]
0040319F   8B01             [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]ECX[/color]]
004031A1   8B10             [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EAX[/color]]
004031A3   FF92 E8000000    [color=#0000D0]CALL[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDX[/color]+E8]  [color=#008000]这里显示注册窗体[/color]
004031A9   83F8 02          [color=#0000D0]CMP[/color] [color=#FF0000]EAX[/color],2  [color=#008000]在这里下断,输入注册码:asdfasdfasdf,在这里断下,F8往下[/color]
004031AC   75 1F            [color=#0000D0]JNZ[/color] SHORT ASPEEDER.004031CD
004031AE   FF4D E8          [color=#0000D0]DEC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
004031B1   8D45 FC          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-4]
004031B4   BA 02000000      [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],2
004031B9   E8 06490A00      [color=#0000D0]CALL[/color] ASPEEDER.004A7AC4
004031BE   8B4D CC          [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-34]
004031C1   64:890D 00000000 [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]FS[/color]:[0],[color=#FF0000]ECX[/color]
004031C8   E9 10020000      [color=#0000D0]JMP[/color] ASPEEDER.004033DD
004031CD   6A 40            [color=#0000D0]PUSH[/color] 40
004031CF   33C0             [color=#0000D0]XOR[/color] [color=#FF0000]EAX[/color],[color=#FF0000]EAX[/color]
004031D1   66:C745 DC 2000  [color=#0000D0]MOV[/color] [color=#b000b0]WORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-24],20
004031D7   8945 F8          [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-8],[color=#FF0000]EAX[/color]
004031DA   8B0D 90784C00    [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4C7890]            [color=#008000]; ASPEEDER._RegBox[/color]
004031E0   FF45 E8          [color=#0000D0]INC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
004031E3   8D55 F8          [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-8]
004031E6   8B01             [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]ECX[/color]]
004031E8   8B80 08030000    [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EAX[/color]+308]
004031EE   E8 C96C0700      [color=#0000D0]CALL[/color] ASPEEDER.00479EBC
004031F3   837D F8 00       [color=#0000D0]CMP[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-8],0
004031F7   74 05            [color=#0000D0]JE[/color] SHORT ASPEEDER.004031FE
004031F9   8B55 F8          [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-8]
004031FC   EB 06            [color=#0000D0]JMP[/color] SHORT ASPEEDER.00403204
004031FE   8D97 C6010000    [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+1C6]
00403204   52               [color=#0000D0]PUSH[/color] [color=#FF0000]EDX[/color]
00403205   68 747D4C00      [color=#0000D0]PUSH[/color] ASPEEDER.004C7D74
0040320A   E8 91780900      [color=#0000D0]CALL[/color] ASPEEDER.0049AAA0
0040320F   83C4 0C          [color=#0000D0]ADD[/color] [color=#FF0000]ESP[/color],0C
00403212   FF4D E8          [color=#0000D0]DEC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
00403215   8D45 F8          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-8]
00403218   BA 02000000      [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],2
0040321D   E8 A2480A00      [color=#0000D0]CALL[/color] ASPEEDER.004A7AC4
00403222   33C0             [color=#0000D0]XOR[/color] [color=#FF0000]EAX[/color],[color=#FF0000]EAX[/color]
00403224   8945 C8          [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-38],[color=#FF0000]EAX[/color]
00403227   33C9             [color=#0000D0]XOR[/color] [color=#FF0000]ECX[/color],[color=#FF0000]ECX[/color]
00403229   894D C4          [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-3C],[color=#FF0000]ECX[/color]
0040322C   33C0             [color=#0000D0]XOR[/color] [color=#FF0000]EAX[/color],[color=#FF0000]EAX[/color]
0040322E   8945 C0          [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-40],[color=#FF0000]EAX[/color]
00403231   33D2             [color=#0000D0]XOR[/color] [color=#FF0000]EDX[/color],[color=#FF0000]EDX[/color]
00403233   8955 BC          [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-44],[color=#FF0000]EDX[/color]
00403236   33C9             [color=#0000D0]XOR[/color] [color=#FF0000]ECX[/color],[color=#FF0000]ECX[/color]
00403238   894D B8          [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48],[color=#FF0000]ECX[/color]
0040323B   8D55 C4          [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-3C]
0040323E   8D87 C7010000    [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+1C7]
00403244   E8 3B5A0000      [color=#0000D0]CALL[/color] ASPEEDER.00408C84
00403249   8D55 C8          [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-38]
0040324C   8D87 D0010000    [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+1D0]
00403252   E8 2D5A0000      [color=#0000D0]CALL[/color] ASPEEDER.00408C84
00403257   8B0D 707D4C00    [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4C7D70]            [color=#008000]; 机器码->ecx[/color]
0040325D   51               [color=#0000D0]PUSH[/color] [color=#FF0000]ECX[/color]
0040325E   8D87 21020000    [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+221]
00403264   50               [color=#0000D0]PUSH[/color] [color=#FF0000]EAX[/color]
00403265   8D95 B8F7FFFF    [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-848]
0040326B   52               [color=#0000D0]PUSH[/color] [color=#FF0000]EDX[/color]
0040326C   E8 57A00900      [color=#0000D0]CALL[/color] ASPEEDER.0049D2C8
00403271   83C4 0C          [color=#0000D0]ADD[/color] [color=#FF0000]ESP[/color],0C
00403274   8D55 B8          [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48]
00403277   8D85 B8F7FFFF    [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-848]
0040327D   E8 E65B0000      [color=#0000D0]CALL[/color] ASPEEDER.00408E68
00403282   8D4D C0          [color=#0000D0]LEA[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-40]
00403285   51               [color=#0000D0]PUSH[/color] [color=#FF0000]ECX[/color]
00403286   8B4D C8          [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-38]
00403289   8B55 C4          [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-3C]
0040328C   8B45 B8          [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48]
0040328F   E8 6C510000      [color=#0000D0]CALL[/color] ASPEEDER.00408400
00403294   8D85 B8F7FFFF    [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-848]
0040329A   8B55 C0          [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-40]
0040329D   E8 6E5C0000      [color=#0000D0]CALL[/color] ASPEEDER.00408F10
004032A2   8D8F 26020000    [color=#0000D0]LEA[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+226]
004032A8   51               [color=#0000D0]PUSH[/color] [color=#FF0000]ECX[/color]
004032A9   8D85 B8F7FFFF    [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-848]
004032AF   50               [color=#0000D0]PUSH[/color] [color=#FF0000]EAX[/color]
004032B0   E8 C7750900      [color=#0000D0]CALL[/color] ASPEEDER.0049A87C
004032B5   83C4 08          [color=#0000D0]ADD[/color] [color=#FF0000]ESP[/color],8
004032B8   8D55 C0          [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-40]
004032BB   8D85 B8F7FFFF    [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-848]
004032C1   E8 A25B0000      [color=#0000D0]CALL[/color] ASPEEDER.00408E68
004032C6   8D55 C8          [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-38]
004032C9   8D87 2F020000    [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+22F]
004032CF   E8 B0590000      [color=#0000D0]CALL[/color] ASPEEDER.00408C84
004032D4   8D55 B8          [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48]
004032D7   B8 747D4C00      [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],ASPEEDER.004C7D74
004032DC   E8 875B0000      [color=#0000D0]CALL[/color] ASPEEDER.00408E68
004032E1   8D55 BC          [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-44]
004032E4   52               [color=#0000D0]PUSH[/color] [color=#FF0000]EDX[/color]
004032E5   8B4D C8          [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-38]
004032E8   8B55 C4          [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-3C]
004032EB   8B45 B8          [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48]
004032EE   E8 0D510000      [color=#0000D0]CALL[/color] ASPEEDER.00408400
004032F3   8D85 B8F7FFFF    [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-848]
004032F9   8B55 BC          [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-44]
004032FC   E8 0F5C0000      [color=#0000D0]CALL[/color] ASPEEDER.00408F10
00403301   8B55 BC          [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-44]
00403304   8B45 BC          [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-40]  [color=#008000]根据本人的爆破经验,凡是call有两个参数,且后跟判断句,基本上都是比较。[/color]
[color=#008000]那就老方法:让他的比较失去意义,引用两个相同的参数,将ebp-40改为ebp-44[/color]
00403307   E8 843B0000      [color=#0000D0]CALL[/color] ASPEEDER.00406E90   [color=#008000]由于这是个比较的call,程序启动是也可能用它比较,搜索指令:call 406e90[/color]
[color=#008000]将搜到的都下断,重启程序[/color]
0040330C   85C0             [color=#0000D0]TEST[/color] [color=#FF0000]EAX[/color],[color=#FF0000]EAX[/color]
0040330E   8D45 C8          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-38]
00403311   0F94C3           [color=#0000D0]SETE[/color] [color=#FF0000]BL[/color]
00403314   83E3 01          [color=#0000D0]AND[/color] [color=#FF0000]EBX[/color],1
00403317   E8 44390000      [color=#0000D0]CALL[/color] ASPEEDER.00406C60
0040331C   8D45 C4          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-3C]
0040331F   E8 3C390000      [color=#0000D0]CALL[/color] ASPEEDER.00406C60
00403324   8D45 C0          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-40]
00403327   E8 34390000      [color=#0000D0]CALL[/color] ASPEEDER.00406C60
0040332C   8D45 BC          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-44]
0040332F   E8 2C390000      [color=#0000D0]CALL[/color] ASPEEDER.00406C60
00403334   8D45 B8          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48]
00403337   E8 24390000      [color=#0000D0]CALL[/color] ASPEEDER.00406C60
0040333C   84DB             [color=#0000D0]TEST[/color] [color=#FF0000]BL[/color],[color=#FF0000]BL[/color]
0040333E   74 1C            [color=#0000D0]JE[/color] SHORT ASPEEDER.0040335C
00403340   33D2             [color=#0000D0]XOR[/color] [color=#FF0000]EDX[/color],[color=#FF0000]EDX[/color]
00403342   8B86 10030000    [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]ESI[/color]+310]
00403348   E8 8F6A0700      [color=#0000D0]CALL[/color] ASPEEDER.00479DDC
0040334D   33D2             [color=#0000D0]XOR[/color] [color=#FF0000]EDX[/color],[color=#FF0000]EDX[/color]
0040334F   8915 5CC24B00    [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4BC25C],[color=#FF0000]EDX[/color]
00403355   E8 DEF0FFFF      [color=#0000D0]CALL[/color] ASPEEDER.00402438
0040335A   EB 67            [color=#0000D0]JMP[/color] SHORT ASPEEDER.004033C3
0040335C   803D 4D7D4C00 00 [color=#0000D0]CMP[/color] [color=#b000b0]BYTE[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[4C7D4D],0
00403363   74 30            [color=#0000D0]JE[/color] SHORT ASPEEDER.00403395
00403365   66:C745 DC 2C00  [color=#0000D0]MOV[/color] [color=#b000b0]WORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-24],2C
0040336B   8D97 90020000    [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+290]
00403371   8D45 F4          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-C]
00403374   E8 A7450A00      [color=#0000D0]CALL[/color] ASPEEDER.004A7920
00403379   FF45 E8          [color=#0000D0]INC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
0040337C   8B00             [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EAX[/color]]
0040337E   E8 C1110700      [color=#0000D0]CALL[/color] ASPEEDER.00474544
00403383   FF4D E8          [color=#0000D0]DEC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
00403386   8D45 F4          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-C]
00403389   BA 02000000      [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],2
0040338E   E8 31470A00      [color=#0000D0]CALL[/color] ASPEEDER.004A7AC4
00403393   EB 2E            [color=#0000D0]JMP[/color] SHORT ASPEEDER.004033C3
00403395   66:C745 DC 3800  [color=#0000D0]MOV[/color] [color=#b000b0]WORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-24],38
0040339B   8D97 A4020000    [color=#0000D0]LEA[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EDI[/color]+2A4]
004033A1   8D45 F0          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-10]
004033A4   E8 77450A00      [color=#0000D0]CALL[/color] ASPEEDER.004A7920
004033A9   FF45 E8          [color=#0000D0]INC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
004033AC   8B00             [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]DS[/color]:[[color=#FF0000]EAX[/color]]
004033AE   E8 91110700      [color=#0000D0]CALL[/color] ASPEEDER.00474544
004033B3   FF4D E8          [color=#0000D0]DEC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
004033B6   8D45 F0          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-10]
004033B9   BA 02000000      [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],2
004033BE   E8 01470A00      [color=#0000D0]CALL[/color] ASPEEDER.004A7AC4
004033C3   FF4D E8          [color=#0000D0]DEC[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-18]
004033C6   8D45 FC          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-4]
004033C9   BA 02000000      [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],2
004033CE   E8 F1460A00      [color=#0000D0]CALL[/color] ASPEEDER.004A7AC4
004033D3   8B4D CC          [color=#0000D0]MOV[/color] [color=#FF0000]ECX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-34]
004033D6   64:890D 00000000 [color=#0000D0]MOV[/color] [color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]FS[/color]:[0],[color=#FF0000]ECX[/color]
004033DD   5F               [color=#0000D0]POP[/color] [color=#FF0000]EDI[/color]
004033DE   5E               [color=#0000D0]POP[/color] [color=#FF0000]ESI[/color]
004033DF   5B               [color=#0000D0]POP[/color] [color=#FF0000]EBX[/color]
004033E0   8BE5             [color=#0000D0]MOV[/color] [color=#FF0000]ESP[/color],[color=#FF0000]EBP[/color]
004033E2   5D               [color=#0000D0]POP[/color] [color=#FF0000]EBP[/color]
004033E3   C3               [color=#0000D0]RETN[/color]


在这里断下:
00402F50   8B55 9C          [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-64]
00402F53   8B45 9C          [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-60]
00402F56   E8 353F0000      [color=#0000D0]CALL[/color] ASPEEDER.00406E90   [color=#008000]这里,修改方法同上[/color]
00402F5B   85C0             [color=#0000D0]TEST[/color] [color=#FF0000]EAX[/color],[color=#FF0000]EAX[/color]
00402F5D   8D45 A8          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-58]
00402F60   0F94C3           [color=#0000D0]SETE[/color] [color=#FF0000]BL[/color]
00402F63   83E3 01          [color=#0000D0]AND[/color] [color=#FF0000]EBX[/color],1
00402F66   E8 F53C0000      [color=#0000D0]CALL[/color] ASPEEDER.00406C60
00402F6B   8D45 A4          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-5C]
00402F6E   E8 ED3C0000      [color=#0000D0]CALL[/color] ASPEEDER.00406C60


还有这里:
0040350A   8B55 B8          [color=#0000D0]MOV[/color] [color=#FF0000]EDX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-48]
0040350D   8B45 B8          [color=#0000D0]MOV[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-44]
00403510   E8 7B390000      [color=#0000D0]CALL[/color] ASPEEDER.00406E90 [color=#008000]同上[/color]
00403515   85C0             [color=#0000D0]TEST[/color] [color=#FF0000]EAX[/color],[color=#FF0000]EAX[/color]
00403517   8D45 C4          [color=#0000D0]LEA[/color] [color=#FF0000]EAX[/color],[color=#b000b0]DWORD[/color] [color=#b000b0]PTR[/color] [color=#FF0000]SS[/color]:[[color=#FF0000]EBP[/color]-3C]
0040351A   0F94C3           [color=#0000D0]SETE[/color] [color=#FF0000]BL[/color]
0040351D   83E3 01          [color=#0000D0]AND[/color] [color=#FF0000]EBX[/color],1
00403520   E8 3B370000      [color=#0000D0]CALL[/color] ASPEEDER.00406C60


完活了,这种爆破可以用于大多数程序。通过让比较call失去作用。
这个软件可以代替加速齿轮。一举两得。

收工。


[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 6
支持
分享
最新回复 (6)
kongfoo
雪    币: 371
活跃值: (790)
能力值: ( LV12,RANK:570 )
在线值:
发帖
回帖
粉丝
私信
2
COOL:D
2004-5-22 11:22
0
XF[BCG]
雪    币: 237
活跃值: (160)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
3
爆破改一个地方就行了:

406F68 C3  ->33
406F69 90  ->C0
406F6A 90  ->C3

共3个字节,呵呵
2004-5-22 17:09
0
EyZ/29A
雪    币: 234
活跃值: (160)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
私信
4
爆破有意思吗?:)
2004-5-22 22:44
0
无名和尚
雪    币: 272
活跃值: (340)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
5
我没耐心:D :D
2004-5-23 08:53
0
dlk0222
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
6
TNT最近比较流行哦
2005-1-16 22:47
0
东南破佛
雪    币: 387
活跃值: (216)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
7
和尚……嘿嘿我是佛:D :D
2005-1-18 08:22
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//