本人菜鸟,第一次学破解,望高手给点思路,这个软件先要注册一个用户,然后在通过充值卡号和密码来对这用户进行注册。我把提示卡号密码出错的上面第一个跳转的JNZ,和注册成功上面的第一个JNZ都改了,可还是老样子是为什么呀?
底下的是代码:
00403610 . 52 PUSH EDX
00403611 . 8D4424 65 LEA EAX,DWORD PTR SS:[ESP+65]
00403615 . 50 PUSH EAX
00403616 . B9 B4824000 MOV ECX,004082B4
0040361B . E8 200C0000 CALL 00404240
00403620 . 0FB64424 62 MOVZX EAX,BYTE PTR SS:[ESP+62]
00403625 . 83E8 00 SUB EAX,0 ; 分支 (案例 0..1)
00403628 . 74 37 JE SHORT 00403661
0040362A . 48 DEC EAX
0040362B . 0F85 E4020000 JNZ 00403915
00403631 . 56 PUSH ESI ; /Socket; 案例 1 --> 分支 00403625
00403632 . FF15 1C544000 CALL DWORD PTR DS:[<&WS2_32.#3>] ; \closesocket
00403638 . 8B53 20 MOV EDX,DWORD PTR DS:[EBX+20]
0040363B . 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
0040363D . 68 DC5B4000 PUSH 00405BDC ; |Title = "提示"
00403642 . 68 585F4000 PUSH 00405F58 ; |Text = "此账号已存在"
00403647 . 52 PUSH EDX ; |hOwner
00403648 . FF15 D0534000 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
0040364E . 8B8C24 3C0100>MOV ECX,DWORD PTR SS:[ESP+13C]
00403655 . E8 84100000 CALL 004046DE
0040365A . 5F POP EDI
0040365B . 5E POP ESI
0040365C . 5B POP EBX
0040365D . 8BE5 MOV ESP,EBP
0040365F . 5D POP EBP
00403660 . C3 RETN
00403661 > 56 PUSH ESI ; /Socket; 案例 0 --> 分支 00403625
00403662 . FF15 1C544000 CALL DWORD PTR DS:[<&WS2_32.#3>] ; \closesocket
00403668 . 8B43 20 MOV EAX,DWORD PTR DS:[EBX+20]
0040366B . 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
0040366D . 68 DC5B4000 PUSH 00405BDC ; |Title = "提示"
00403672 . 68 4C5F4000 PUSH 00405F4C ; |Text = "注册成功"
00403677 . 50 PUSH EAX ; |hOwner
00403678 . FF15 D0534000 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
0040367E . 8B4B 20 MOV ECX,DWORD PTR DS:[EBX+20]
00403681 . 8B35 D8534000 MOV ESI,DWORD PTR DS:[<&USER32.CheckDlgB>; user32.CheckDlgButton
00403687 . 6A 00 PUSH 0 ; /Check = 0
00403689 . 68 E9030000 PUSH 3E9 ; |ButtonID = 3E9 (1001.)
0040368E . 51 PUSH ECX ; |hWnd
0040368F . FFD6 CALL ESI ; \CheckDlgButton
00403691 . 8B53 20 MOV EDX,DWORD PTR DS:[EBX+20]
00403694 . 6A 01 PUSH 1 ; /Check = 1
00403696 . 68 EB030000 PUSH 3EB ; |ButtonID = 3EB (1003.)
0040369B . 52 PUSH EDX ; |hWnd
0040369C . FFD6 CALL ESI ; \CheckDlgButton
0040369E . 8BCB MOV ECX,EBX
004036A0 . E8 8BF4FFFF CALL 00402B30
004036A5 . 8B8C24 3C0100>MOV ECX,DWORD PTR SS:[ESP+13C]
004036AC . E8 2D100000 CALL 004046DE
004036B1 . 5F POP EDI
004036B2 . 5E POP ESI
004036B3 . 5B POP EBX
004036B4 . 8BE5 MOV ESP,EBP
004036B6 . 5D POP EBP
004036B7 . C3 RETN
004036B8 . 0FB6C1 MOVZX EAX,CL
004036BB . 50 PUSH EAX
004036BC . 8D4C24 65 LEA ECX,DWORD PTR SS:[ESP+65]
004036C0 . 51 PUSH ECX
004036C1 . B9 B4824000 MOV ECX,004082B4
004036C6 . E8 750B0000 CALL 00404240
004036CB . 0FB64C24 62 MOVZX ECX,BYTE PTR SS:[ESP+62]
004036D0 . 83F9 05 CMP ECX,5
004036D3 . 884424 60 MOV BYTE PTR SS:[ESP+60],AL
004036D7 . 0F87 CF020000 JA 004039AC
004036DD . FF248D D83940>JMP DWORD PTR DS:[ECX*4+4039D8]
004036E4 . 8B4C24 67 MOV ECX,DWORD PTR SS:[ESP+67]
004036E8 . 8B5424 63 MOV EDX,DWORD PTR SS:[ESP+63]
004036EC . 890D B8814000 MOV DWORD PTR DS:[4081B8],ECX
004036F2 . 0FB6C8 MOVZX ECX,AL
004036F5 . 83E9 0B SUB ECX,0B
004036F8 . 8915 B4814000 MOV DWORD PTR DS:[4081B4],EDX
004036FE . 8BD1 MOV EDX,ECX
00403700 . C1E9 02 SHR ECX,2
00403703 . 8D7424 6B LEA ESI,DWORD PTR SS:[ESP+6B]
00403707 . BF C0814000 MOV EDI,004081C0
0040370C . F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
0040370E . 8BCA MOV ECX,EDX
00403710 . 83E1 03 AND ECX,3
00403713 . F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
00403715 . 33C0 XOR EAX,EAX
00403717 . EB 07 JMP SHORT 00403720
00403719 . 8DA424 000000>LEA ESP,DWORD PTR SS:[ESP]
00403720 > 8A4C04 4C MOV CL,BYTE PTR SS:[ESP+EAX+4C]
00403724 . 8888 A0814000 MOV BYTE PTR DS:[EAX+4081A0],CL
0040372A . 40 INC EAX
0040372B . 84C9 TEST CL,CL
0040372D .^ 75 F1 JNZ SHORT 00403720
0040372F . 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18]
00403733 . 50 PUSH EAX ; /Socket
00403734 . FF15 1C544000 CALL DWORD PTR DS:[<&WS2_32.#3>] ; \closesocket
0040373A . 6A 01 PUSH 1
0040373C . 8BCB MOV ECX,EBX
0040373E . E8 A10E0000 CALL <JMP.&MFC71.#2168>
00403743 . 8B8C24 3C0100>MOV ECX,DWORD PTR SS:[ESP+13C]
0040374A . E8 8F0F0000 CALL 004046DE
0040374F . 5F POP EDI
00403750 . 5E POP ESI
00403751 . 5B POP EBX
00403752 . 8BE5 MOV ESP,EBP
00403754 . 5D POP EBP
00403755 . C3 RETN
00403756 . 56 PUSH ESI ; /Socket
00403757 . FF15 1C544000 CALL DWORD PTR DS:[<&WS2_32.#3>] ; \closesocket
0040375D . 8B4B 20 MOV ECX,DWORD PTR DS:[EBX+20]
00403760 . 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
00403762 . 68 DC5B4000 PUSH 00405BDC ; |Title = "提示"
00403767 . 68 3C5F4000 PUSH 00405F3C ; |Text = "账号或密码错误"
0040376C . 51 PUSH ECX ; |hOwner
0040376D . FF15 D0534000 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
00403773 . 8B8C24 3C0100>MOV ECX,DWORD PTR SS:[ESP+13C]
0040377A . E8 5F0F0000 CALL 004046DE
[课程]Android-CTF解题方法汇总!
