-
-
[旧帖] [求助]如何才能正确的跳过校验? 0.00雪花
-
发表于: 2012-1-18 22:44
-
小弟新手刚来,请老师们帮看下在哪跳过校验,愣是没找到,实在没办才到这请老师们帮下忙。前两天在看雪论坛的坛友们的帮助下成功暴破了一个软件
,现在这个
地址:http://115.com/file/be8hdbyj#gocn102.rar
00621214 >/$ 55 push ebp
00621215 |. 8BEC mov ebp, esp
00621217 |. B9 11000000 mov ecx, 11
0062121C |> 6A 00 /push 0
0062121E |. 6A 00 |push 0
00621220 |. 49 |dec ecx
00621221 |.^ 75 F9 \jnz short 0062121C
00621223 |. 51 push ecx
00621224 |. 53 push ebx
00621225 |. B8 740B6200 mov eax, 00620B74
0062122A |. E8 BD5DDEFF call 00406FEC
0062122F |. 33C0 xor eax, eax
00621231 |. 55 push ebp
00621232 |. 68 86156200 push 00621586
00621237 |. 64:FF30 push dword ptr fs:[eax]
0062123A |. 64:8920 mov dword ptr fs:[eax], esp
0062123D |. E8 E6F8FFFF call 00620B28
00621242 |. A1 20876200 mov eax, dword ptr [628720]
00621247 |. 8B00 mov eax, dword ptr [eax]
00621249 |. 50 push eax
0062124A |. 68 04304A00 push 004A3004
0062124F |. E8 D062F1FF call 00537524
00621254 |. A1 308A6200 mov eax, dword ptr [628A30]
00621259 |. C600 00 mov byte ptr [eax], 0
0062125C |. E8 CBF5FFFF call 0062082C
00621261 |. 8D55 E8 lea edx, dword ptr [ebp-18]
00621264 |. A1 20876200 mov eax, dword ptr [628720]
00621269 |. 8B00 mov eax, dword ptr [eax]
0062126B |. E8 3C24E8FF call 004A36AC
00621270 |. 8B45 E8 mov eax, dword ptr [ebp-18]
00621273 |. 8D55 EC lea edx, dword ptr [ebp-14]
00621276 |. E8 1D91DEFF call 0040A398
0062127B |. 8B45 EC mov eax, dword ptr [ebp-14]
0062127E |. E8 9992DEFF call 0040A51C
00621283 |. E8 D071FFFF call 00618458
00621288 |. 8D45 E4 lea eax, dword ptr [ebp-1C]
0062128B |. E8 A0E5F0FF call 0052F830
00621290 |. 8B45 E4 mov eax, dword ptr [ebp-1C]
00621293 |. E8 F88EDEFF call 0040A190
00621298 |. 84C0 test al, al
0062129A |. 75 10 jnz short 006212AC
0062129C |. 8D45 E0 lea eax, dword ptr [ebp-20]
0062129F |. E8 8CE5F0FF call 0052F830
006212A4 |. 8B45 E0 mov eax, dword ptr [ebp-20]
006212A7 |. E8 8892DEFF call 0040A534
006212AC |> 8D45 DC lea eax, dword ptr [ebp-24]
006212AF |. E8 0CE6F0FF call 0052F8C0
006212B4 |. 8B45 DC mov eax, dword ptr [ebp-24]
006212B7 |. E8 D48EDEFF call 0040A190
006212BC |. 84C0 test al, al
006212BE |. 75 10 jnz short 006212D0
006212C0 |. 8D45 D8 lea eax, dword ptr [ebp-28]
006212C3 |. E8 F8E5F0FF call 0052F8C0
006212C8 |. 8B45 D8 mov eax, dword ptr [ebp-28]
006212CB |. E8 6492DEFF call 0040A534
006212D0 |> A1 F8816200 mov eax, dword ptr [6281F8]
006212D5 |. C600 00 mov byte ptr [eax], 0
006212D8 |. C605 08956300>mov byte ptr [639508], 1
006212DF |. 8D55 C8 lea edx, dword ptr [ebp-38]
006212E2 |. B8 9C156200 mov eax, 0062159C ; showtrayicon
006212E7 |. E8 E06CFFFF call 00617FCC
006212EC |. 8D45 C8 lea eax, dword ptr [ebp-38]
006212EF |. 50 push eax
006212F0 |. 8D55 B8 lea edx, dword ptr [ebp-48]
006212F3 |. B8 B4156200 mov eax, 006215B4 ; minimizetotray
006212F8 |. E8 CF6CFFFF call 00617FCC
006212FD |. 8D55 B8 lea edx, dword ptr [ebp-48]
00621300 |. 58 pop eax
00621301 |. E8 228FDFFF call 0041A228
00621306 |. 8D45 C8 lea eax, dword ptr [ebp-38]
00621309 |. 50 push eax
0062130A |. 8D45 A8 lea eax, dword ptr [ebp-58]
0062130D |. 8B15 F8816200 mov edx, dword ptr [6281F8] ; GOffice_.006394EC
00621313 |. 8A12 mov dl, byte ptr [edx]
00621315 |. E8 8E4EDFFF call 004161A8
0062131A |. 8D55 A8 lea edx, dword ptr [ebp-58]
0062131D |. 58 pop eax
0062131E |. E8 058FDFFF call 0041A228
00621323 |. 8D45 C8 lea eax, dword ptr [ebp-38]
00621326 |. E8 BD28DFFF call 00413BE8
0062132B |. 8B15 F8816200 mov edx, dword ptr [6281F8] ; GOffice_.006394EC
00621331 |. 8802 mov byte ptr [edx], al
00621333 |. 8D45 98 lea eax, dword ptr [ebp-68]
00621336 |. 8A15 08956300 mov dl, byte ptr [639508]
0062133C |. E8 674EDFFF call 004161A8
00621341 |. 8D45 98 lea eax, dword ptr [ebp-68]
00621344 |. 50 push eax
00621345 |. 8D55 88 lea edx, dword ptr [ebp-78]
00621348 |. B8 CC156200 mov eax, 006215CC ; showflash
0062134D |. E8 7A6CFFFF call 00617FCC
00621352 |. 8D55 88 lea edx, dword ptr [ebp-78]
00621355 |. 58 pop eax
00621356 |. E8 CD8EDFFF call 0041A228
0062135B |. 8D45 98 lea eax, dword ptr [ebp-68]
0062135E |. E8 8528DFFF call 00413BE8
00621363 |. A2 08956300 mov byte ptr [639508], al
00621368 |. BA 00956300 mov edx, 00639500
0062136D |. A1 DC826200 mov eax, dword ptr [6282DC]
00621372 |. E8 BD59DEFF call 00406D34
00621377 |. 8D95 78FFFFFF lea edx, dword ptr [ebp-88]
0062137D |. B8 E0156200 mov eax, 006215E0 ; runonce
00621382 |. E8 456CFFFF call 00617FCC
00621387 |. 8D85 78FFFFFF lea eax, dword ptr [ebp-88]
0062138D |. E8 5628DFFF call 00413BE8
00621392 |. 84C0 test al, al
00621394 |. 0F84 88000000 je 00621422 ; (initial cpu selection)
0062139A |. 8D95 74FFFFFF lea edx, dword ptr [ebp-8C]
006213A0 |. A1 DC826200 mov eax, dword ptr [6282DC]
006213A5 |. E8 8A59DEFF call 00406D34
006213AA |. 8B85 74FFFFFF mov eax, dword ptr [ebp-8C]
006213B0 |. E8 5B3ADEFF call 00404E10
006213B5 |. 50 push eax ; /Title
006213B6 |. 68 E8156200 push 006215E8 ; |tapplication
006213BB |. E8 5C68DEFF call <jmp.&user32.FindWindowA> ; \FindWindowA
006213C0 |. 8BD8 mov ebx, eax
006213C2 |. A1 00956300 mov eax, dword ptr [639500]
006213C7 |. E8 443ADEFF call 00404E10
006213CC |. 50 push eax ; /AtomName
006213CD |. E8 DA61DEFF call <jmp.&kernel32.GlobalFindAtomA> ; \GlobalFindAtomA
006213D2 |. 66:85C0 test ax, ax
006213D5 77 04 ja short 006213DB
006213D7 |. 85DB test ebx, ebx
006213D9 |. 74 47 je short 00621422
006213DB |> 85DB test ebx, ebx
006213DD |. 74 3E je short 0062141D
006213DF |. 6A 09 push 9 ; /ShowState = SW_RESTORE
006213E1 |. 53 push ebx ; |hWnd
006213E2 |. E8 656CDEFF call <jmp.&user32.ShowWindow> ; \ShowWindow
006213E7 |. 53 push ebx ; /hWnd
006213E8 |. E8 AF6BDEFF call <jmp.&user32.SetFocus> ; \SetFocus
006213ED |. 53 push ebx ; /hWnd
006213EE |. E8 B16BDEFF call <jmp.&user32.SetForegroundWindow>; \SetForegroundWindow
006213F3 |. 833D 04956300>cmp dword ptr [639504], 0
006213FA |. 74 21 je short 0062141D
006213FC |. A1 04956300 mov eax, dword ptr [639504]
00621401 |. E8 0A3ADEFF call 00404E10
00621406 |. 50 push eax ; /AtomName
00621407 |. E8 8861DEFF call <jmp.&kernel32.GlobalAddAtomA> ; \GlobalAddAtomA
0062140C |. 0FB7C0 movzx eax, ax
0062140F |. 50 push eax ; /lParam
00621410 |. 6A 00 push 0 ; |wParam = 0
00621412 |. 68 05040000 push 405 ; |Message = WM_USER+5
00621417 |. 53 push ebx ; |hWnd
00621418 |. E8 D76ADEFF call <jmp.&user32.PostMessageA> ; \PostMessageA
0062141D |> E8 BA33DEFF call 004047DC
00621422 |> A1 00956300 mov eax, dword ptr [639500]
00621427 |. E8 E439DEFF call 00404E10
0062142C |. 50 push eax ; /AtomName
0062142D |. E8 6261DEFF call <jmp.&kernel32.GlobalAddAtomA> ; \GlobalAddAtomA
00621432 |. 33C0 xor eax, eax
00621434 |. 55 push ebp
00621435 |. 68 37156200 push 00621537
0062143A |. 64:FF30 push dword ptr fs:[eax]
0062143D |. 64:8920 mov dword ptr fs:[eax], esp
00621440 |. 803D 08956300>cmp byte ptr [639508], 0
00621447 |. 74 58 je short 006214A1
00621449 |. 8B0D 20876200 mov ecx, dword ptr [628720] ; GOffice_.00629C20
0062144F |. 8B09 mov ecx, dword ptr [ecx]
00621451 |. B2 01 mov dl, 1
00621453 |. A1 68046200 mov eax, dword ptr [620468]
00621458 |. E8 1BA2E7FF call 0049B678
0062145D |. 8B15 44866200 mov edx, dword ptr [628644] ; GOffice_.006394F8
00621463 |. 8902 mov dword ptr [edx], eax
00621465 |. A1 44866200 mov eax, dword ptr [628644]
0062146A |. 8B00 mov eax, dword ptr [eax]
0062146C |. E8 5FE5E7FF call 0049F9D0
00621471 |. A1 44866200 mov eax, dword ptr [628644]
00621476 |. 8B00 mov eax, dword ptr [eax]
00621478 |. 8B10 mov edx, dword ptr [eax]
0062147A |. FF92 88000000 call dword ptr [edx+88]
00621480 |. EB 0C jmp short 0062148E
00621482 |> A1 20876200 /mov eax, dword ptr [628720]
00621487 |. 8B00 |mov eax, dword ptr [eax]
00621489 |. E8 621AE8FF |call 004A2EF0
0062148E |> A1 44866200 mov eax, dword ptr [628644]
00621493 |. 8B00 |mov eax, dword ptr [eax]
00621495 |. 8B80 00030000 |mov eax, dword ptr [eax+300]
0062149B |. 8078 40 00 |cmp byte ptr [eax+40], 0
0062149F |.^ 75 E1 \jnz short 00621482
006214A1 |> 8B0D DC806200 mov ecx, dword ptr [6280DC] ; GOffice_.006394E8
006214A7 |. A1 20876200 mov eax, dword ptr [628720]
006214AC |. 8B00 mov eax, dword ptr [eax]
006214AE |. 8B15 20876100 mov edx, dword ptr [618720] ; GOffice_.0061876C
006214B4 |. E8 631BE8FF call 004A301C
006214B9 |. A1 DC806200 mov eax, dword ptr [6280DC]
006214BE |. 8B00 mov eax, dword ptr [eax]
006214C0 |. 50 push eax
006214C1 |. 68 64C36100 push 0061C364
006214C6 |. E8 5165F1FF call 00537A1C
006214CB |. A1 F8816200 mov eax, dword ptr [6281F8]
006214D0 |. 8038 00 cmp byte ptr [eax], 0
006214D3 |. 74 1D je short 006214F2
006214D5 |. A1 20876200 mov eax, dword ptr [628720]
006214DA |. 8B00 mov eax, dword ptr [eax]
006214DC |. C640 5B 00 mov byte ptr [eax+5B], 0
006214E0 |. A1 20876200 mov eax, dword ptr [628720]
006214E5 |. 8B00 mov eax, dword ptr [eax]
006214E7 |. 50 push eax
006214E8 |. 68 C4294A00 push 004A29C4 ; 入口地址
,现在这个地址:http://115.com/file/be8hdbyj#gocn102.rar
00621214 >/$ 55 push ebp
00621215 |. 8BEC mov ebp, esp
00621217 |. B9 11000000 mov ecx, 11
0062121C |> 6A 00 /push 0
0062121E |. 6A 00 |push 0
00621220 |. 49 |dec ecx
00621221 |.^ 75 F9 \jnz short 0062121C
00621223 |. 51 push ecx
00621224 |. 53 push ebx
00621225 |. B8 740B6200 mov eax, 00620B74
0062122A |. E8 BD5DDEFF call 00406FEC
0062122F |. 33C0 xor eax, eax
00621231 |. 55 push ebp
00621232 |. 68 86156200 push 00621586
00621237 |. 64:FF30 push dword ptr fs:[eax]
0062123A |. 64:8920 mov dword ptr fs:[eax], esp
0062123D |. E8 E6F8FFFF call 00620B28
00621242 |. A1 20876200 mov eax, dword ptr [628720]
00621247 |. 8B00 mov eax, dword ptr [eax]
00621249 |. 50 push eax
0062124A |. 68 04304A00 push 004A3004
0062124F |. E8 D062F1FF call 00537524
00621254 |. A1 308A6200 mov eax, dword ptr [628A30]
00621259 |. C600 00 mov byte ptr [eax], 0
0062125C |. E8 CBF5FFFF call 0062082C
00621261 |. 8D55 E8 lea edx, dword ptr [ebp-18]
00621264 |. A1 20876200 mov eax, dword ptr [628720]
00621269 |. 8B00 mov eax, dword ptr [eax]
0062126B |. E8 3C24E8FF call 004A36AC
00621270 |. 8B45 E8 mov eax, dword ptr [ebp-18]
00621273 |. 8D55 EC lea edx, dword ptr [ebp-14]
00621276 |. E8 1D91DEFF call 0040A398
0062127B |. 8B45 EC mov eax, dword ptr [ebp-14]
0062127E |. E8 9992DEFF call 0040A51C
00621283 |. E8 D071FFFF call 00618458
00621288 |. 8D45 E4 lea eax, dword ptr [ebp-1C]
0062128B |. E8 A0E5F0FF call 0052F830
00621290 |. 8B45 E4 mov eax, dword ptr [ebp-1C]
00621293 |. E8 F88EDEFF call 0040A190
00621298 |. 84C0 test al, al
0062129A |. 75 10 jnz short 006212AC
0062129C |. 8D45 E0 lea eax, dword ptr [ebp-20]
0062129F |. E8 8CE5F0FF call 0052F830
006212A4 |. 8B45 E0 mov eax, dword ptr [ebp-20]
006212A7 |. E8 8892DEFF call 0040A534
006212AC |> 8D45 DC lea eax, dword ptr [ebp-24]
006212AF |. E8 0CE6F0FF call 0052F8C0
006212B4 |. 8B45 DC mov eax, dword ptr [ebp-24]
006212B7 |. E8 D48EDEFF call 0040A190
006212BC |. 84C0 test al, al
006212BE |. 75 10 jnz short 006212D0
006212C0 |. 8D45 D8 lea eax, dword ptr [ebp-28]
006212C3 |. E8 F8E5F0FF call 0052F8C0
006212C8 |. 8B45 D8 mov eax, dword ptr [ebp-28]
006212CB |. E8 6492DEFF call 0040A534
006212D0 |> A1 F8816200 mov eax, dword ptr [6281F8]
006212D5 |. C600 00 mov byte ptr [eax], 0
006212D8 |. C605 08956300>mov byte ptr [639508], 1
006212DF |. 8D55 C8 lea edx, dword ptr [ebp-38]
006212E2 |. B8 9C156200 mov eax, 0062159C ; showtrayicon
006212E7 |. E8 E06CFFFF call 00617FCC
006212EC |. 8D45 C8 lea eax, dword ptr [ebp-38]
006212EF |. 50 push eax
006212F0 |. 8D55 B8 lea edx, dword ptr [ebp-48]
006212F3 |. B8 B4156200 mov eax, 006215B4 ; minimizetotray
006212F8 |. E8 CF6CFFFF call 00617FCC
006212FD |. 8D55 B8 lea edx, dword ptr [ebp-48]
00621300 |. 58 pop eax
00621301 |. E8 228FDFFF call 0041A228
00621306 |. 8D45 C8 lea eax, dword ptr [ebp-38]
00621309 |. 50 push eax
0062130A |. 8D45 A8 lea eax, dword ptr [ebp-58]
0062130D |. 8B15 F8816200 mov edx, dword ptr [6281F8] ; GOffice_.006394EC
00621313 |. 8A12 mov dl, byte ptr [edx]
00621315 |. E8 8E4EDFFF call 004161A8
0062131A |. 8D55 A8 lea edx, dword ptr [ebp-58]
0062131D |. 58 pop eax
0062131E |. E8 058FDFFF call 0041A228
00621323 |. 8D45 C8 lea eax, dword ptr [ebp-38]
00621326 |. E8 BD28DFFF call 00413BE8
0062132B |. 8B15 F8816200 mov edx, dword ptr [6281F8] ; GOffice_.006394EC
00621331 |. 8802 mov byte ptr [edx], al
00621333 |. 8D45 98 lea eax, dword ptr [ebp-68]
00621336 |. 8A15 08956300 mov dl, byte ptr [639508]
0062133C |. E8 674EDFFF call 004161A8
00621341 |. 8D45 98 lea eax, dword ptr [ebp-68]
00621344 |. 50 push eax
00621345 |. 8D55 88 lea edx, dword ptr [ebp-78]
00621348 |. B8 CC156200 mov eax, 006215CC ; showflash
0062134D |. E8 7A6CFFFF call 00617FCC
00621352 |. 8D55 88 lea edx, dword ptr [ebp-78]
00621355 |. 58 pop eax
00621356 |. E8 CD8EDFFF call 0041A228
0062135B |. 8D45 98 lea eax, dword ptr [ebp-68]
0062135E |. E8 8528DFFF call 00413BE8
00621363 |. A2 08956300 mov byte ptr [639508], al
00621368 |. BA 00956300 mov edx, 00639500
0062136D |. A1 DC826200 mov eax, dword ptr [6282DC]
00621372 |. E8 BD59DEFF call 00406D34
00621377 |. 8D95 78FFFFFF lea edx, dword ptr [ebp-88]
0062137D |. B8 E0156200 mov eax, 006215E0 ; runonce
00621382 |. E8 456CFFFF call 00617FCC
00621387 |. 8D85 78FFFFFF lea eax, dword ptr [ebp-88]
0062138D |. E8 5628DFFF call 00413BE8
00621392 |. 84C0 test al, al
00621394 |. 0F84 88000000 je 00621422 ; (initial cpu selection)
0062139A |. 8D95 74FFFFFF lea edx, dword ptr [ebp-8C]
006213A0 |. A1 DC826200 mov eax, dword ptr [6282DC]
006213A5 |. E8 8A59DEFF call 00406D34
006213AA |. 8B85 74FFFFFF mov eax, dword ptr [ebp-8C]
006213B0 |. E8 5B3ADEFF call 00404E10
006213B5 |. 50 push eax ; /Title
006213B6 |. 68 E8156200 push 006215E8 ; |tapplication
006213BB |. E8 5C68DEFF call <jmp.&user32.FindWindowA> ; \FindWindowA
006213C0 |. 8BD8 mov ebx, eax
006213C2 |. A1 00956300 mov eax, dword ptr [639500]
006213C7 |. E8 443ADEFF call 00404E10
006213CC |. 50 push eax ; /AtomName
006213CD |. E8 DA61DEFF call <jmp.&kernel32.GlobalFindAtomA> ; \GlobalFindAtomA
006213D2 |. 66:85C0 test ax, ax
006213D5 77 04 ja short 006213DB
006213D7 |. 85DB test ebx, ebx
006213D9 |. 74 47 je short 00621422
006213DB |> 85DB test ebx, ebx
006213DD |. 74 3E je short 0062141D
006213DF |. 6A 09 push 9 ; /ShowState = SW_RESTORE
006213E1 |. 53 push ebx ; |hWnd
006213E2 |. E8 656CDEFF call <jmp.&user32.ShowWindow> ; \ShowWindow
006213E7 |. 53 push ebx ; /hWnd
006213E8 |. E8 AF6BDEFF call <jmp.&user32.SetFocus> ; \SetFocus
006213ED |. 53 push ebx ; /hWnd
006213EE |. E8 B16BDEFF call <jmp.&user32.SetForegroundWindow>; \SetForegroundWindow
006213F3 |. 833D 04956300>cmp dword ptr [639504], 0
006213FA |. 74 21 je short 0062141D
006213FC |. A1 04956300 mov eax, dword ptr [639504]
00621401 |. E8 0A3ADEFF call 00404E10
00621406 |. 50 push eax ; /AtomName
00621407 |. E8 8861DEFF call <jmp.&kernel32.GlobalAddAtomA> ; \GlobalAddAtomA
0062140C |. 0FB7C0 movzx eax, ax
0062140F |. 50 push eax ; /lParam
00621410 |. 6A 00 push 0 ; |wParam = 0
00621412 |. 68 05040000 push 405 ; |Message = WM_USER+5
00621417 |. 53 push ebx ; |hWnd
00621418 |. E8 D76ADEFF call <jmp.&user32.PostMessageA> ; \PostMessageA
0062141D |> E8 BA33DEFF call 004047DC
00621422 |> A1 00956300 mov eax, dword ptr [639500]
00621427 |. E8 E439DEFF call 00404E10
0062142C |. 50 push eax ; /AtomName
0062142D |. E8 6261DEFF call <jmp.&kernel32.GlobalAddAtomA> ; \GlobalAddAtomA
00621432 |. 33C0 xor eax, eax
00621434 |. 55 push ebp
00621435 |. 68 37156200 push 00621537
0062143A |. 64:FF30 push dword ptr fs:[eax]
0062143D |. 64:8920 mov dword ptr fs:[eax], esp
00621440 |. 803D 08956300>cmp byte ptr [639508], 0
00621447 |. 74 58 je short 006214A1
00621449 |. 8B0D 20876200 mov ecx, dword ptr [628720] ; GOffice_.00629C20
0062144F |. 8B09 mov ecx, dword ptr [ecx]
00621451 |. B2 01 mov dl, 1
00621453 |. A1 68046200 mov eax, dword ptr [620468]
00621458 |. E8 1BA2E7FF call 0049B678
0062145D |. 8B15 44866200 mov edx, dword ptr [628644] ; GOffice_.006394F8
00621463 |. 8902 mov dword ptr [edx], eax
00621465 |. A1 44866200 mov eax, dword ptr [628644]
0062146A |. 8B00 mov eax, dword ptr [eax]
0062146C |. E8 5FE5E7FF call 0049F9D0
00621471 |. A1 44866200 mov eax, dword ptr [628644]
00621476 |. 8B00 mov eax, dword ptr [eax]
00621478 |. 8B10 mov edx, dword ptr [eax]
0062147A |. FF92 88000000 call dword ptr [edx+88]
00621480 |. EB 0C jmp short 0062148E
00621482 |> A1 20876200 /mov eax, dword ptr [628720]
00621487 |. 8B00 |mov eax, dword ptr [eax]
00621489 |. E8 621AE8FF |call 004A2EF0
0062148E |> A1 44866200 mov eax, dword ptr [628644]
00621493 |. 8B00 |mov eax, dword ptr [eax]
00621495 |. 8B80 00030000 |mov eax, dword ptr [eax+300]
0062149B |. 8078 40 00 |cmp byte ptr [eax+40], 0
0062149F |.^ 75 E1 \jnz short 00621482
006214A1 |> 8B0D DC806200 mov ecx, dword ptr [6280DC] ; GOffice_.006394E8
006214A7 |. A1 20876200 mov eax, dword ptr [628720]
006214AC |. 8B00 mov eax, dword ptr [eax]
006214AE |. 8B15 20876100 mov edx, dword ptr [618720] ; GOffice_.0061876C
006214B4 |. E8 631BE8FF call 004A301C
006214B9 |. A1 DC806200 mov eax, dword ptr [6280DC]
006214BE |. 8B00 mov eax, dword ptr [eax]
006214C0 |. 50 push eax
006214C1 |. 68 64C36100 push 0061C364
006214C6 |. E8 5165F1FF call 00537A1C
006214CB |. A1 F8816200 mov eax, dword ptr [6281F8]
006214D0 |. 8038 00 cmp byte ptr [eax], 0
006214D3 |. 74 1D je short 006214F2
006214D5 |. A1 20876200 mov eax, dword ptr [628720]
006214DA |. 8B00 mov eax, dword ptr [eax]
006214DC |. C640 5B 00 mov byte ptr [eax+5B], 0
006214E0 |. A1 20876200 mov eax, dword ptr [628720]
006214E5 |. 8B00 mov eax, dword ptr [eax]
006214E7 |. 50 push eax
006214E8 |. 68 C4294A00 push 004A29C4 ; 入口地址
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
