-
-
[旧帖] [求助]OllyDBG入门系列中字串参考的例子问题 0.00雪花
-
发表于: 2011-6-27 17:07
-
小弟初次接触破解这类学问,买了加密与解密,也刚开始看。不怎么熟悉,所以想请教一下,OllyDBG 入门系列中字串参考中所用到的查找参考文本字串,在反汇编窗口中的代码:
00440F72 |> \6A 00 push 0
00440F74 |. B9 80104400 mov ecx, 00441080 ; beggar off!
00440F79 |. BA 8C104400 mov edx, 0044108C ; wrong serial,try again!
00440F7E |. A1 442C4400 mov eax, dword ptr [442C44]
00440F83 |. 8B00 mov eax, dword ptr [eax]
00440F85 |. E8 DEC0FFFF call 0043D068
00440F8A |. EB 18 jmp short 00440FA4
00440F8C |> 6A 00 push 0
00440F8E |. B9 80104400 mov ecx, 00441080 ; beggar off!
00440F93 |. BA 8C104400 mov edx, 0044108C ; wrong serial,try again!
通过跳转的地址,得到:
00440F2C |. 8B45 FC mov eax, dword ptr [ebp-4]
00440F2F |. BA 14104400 mov edx, 00441014 ; registered user
00440F34 E8 F32BFCFF call 00403B2C
00440F39 75 51 jnz short 00440F8C
00440F3B |. 8D55 FC lea edx, dword ptr [ebp-4]
00440F3E |. 8B83 C8020000 mov eax, dword ptr [ebx+2C8]
00440F44 |. E8 D7FEFDFF call 00420E20
00440F49 |. 8B45 FC mov eax, dword ptr [ebp-4]
00440F4C |. BA 2C104400 mov edx, 0044102C ; gfx-754-ier-954
00440F51 E8 D62BFCFF call 00403B2C
00440F56 75 1A jnz short 00440F72
如果不跳转则:
00440F58 6A 00 push 0
00440F5A |. B9 3C104400 mov ecx, 0044103C ; crackme cracked successfully
00440F5F |. BA 5C104400 mov edx, 0044105C ; congrats! you cracked this crackme!
00440F64 |. A1 442C4400 mov eax, dword ptr [442C44]
00440F69 |. 8B00 mov eax, dword ptr [eax]
00440F6B |. E8 F8C0FFFF call 0043D068
00440F70 |. EB 32 jmp short 00440FA4
现在问题是为什么不能直接将两个关键跳转nop掉,试了一下不行,显示:
Access violation at address 00440ECB in module 'CrackMe3.exe'.Read of address 0000000F
能否哪位大侠指点一二哈
已解决:原因比较低级
,因为在copy to executable时没有选中nop的这段代码,然后再save file
00440F72 |> \6A 00 push 0
00440F74 |. B9 80104400 mov ecx, 00441080 ; beggar off!
00440F79 |. BA 8C104400 mov edx, 0044108C ; wrong serial,try again!
00440F7E |. A1 442C4400 mov eax, dword ptr [442C44]
00440F83 |. 8B00 mov eax, dword ptr [eax]
00440F85 |. E8 DEC0FFFF call 0043D068
00440F8A |. EB 18 jmp short 00440FA4
00440F8C |> 6A 00 push 0
00440F8E |. B9 80104400 mov ecx, 00441080 ; beggar off!
00440F93 |. BA 8C104400 mov edx, 0044108C ; wrong serial,try again!
通过跳转的地址,得到:
00440F2C |. 8B45 FC mov eax, dword ptr [ebp-4]
00440F2F |. BA 14104400 mov edx, 00441014 ; registered user
00440F34 E8 F32BFCFF call 00403B2C
00440F39 75 51 jnz short 00440F8C
00440F3B |. 8D55 FC lea edx, dword ptr [ebp-4]
00440F3E |. 8B83 C8020000 mov eax, dword ptr [ebx+2C8]
00440F44 |. E8 D7FEFDFF call 00420E20
00440F49 |. 8B45 FC mov eax, dword ptr [ebp-4]
00440F4C |. BA 2C104400 mov edx, 0044102C ; gfx-754-ier-954
00440F51 E8 D62BFCFF call 00403B2C
00440F56 75 1A jnz short 00440F72
如果不跳转则:
00440F58 6A 00 push 0
00440F5A |. B9 3C104400 mov ecx, 0044103C ; crackme cracked successfully
00440F5F |. BA 5C104400 mov edx, 0044105C ; congrats! you cracked this crackme!
00440F64 |. A1 442C4400 mov eax, dword ptr [442C44]
00440F69 |. 8B00 mov eax, dword ptr [eax]
00440F6B |. E8 F8C0FFFF call 0043D068
00440F70 |. EB 32 jmp short 00440FA4
现在问题是为什么不能直接将两个关键跳转nop掉,试了一下不行,显示:
Access violation at address 00440ECB in module 'CrackMe3.exe'.Read of address 0000000F
能否哪位大侠指点一二哈
已解决:原因比较低级
,因为在copy to executable时没有选中nop的这段代码,然后再save file
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
