无结束-软件逆向-看雪-安全社区|安全招聘|kanxue.com

最新回复 (5)
kavan 雪币： 157 活跃值： (35) 能力值： ( LV3，RANK：20 ) 在线值：发帖 16 回帖 83 粉丝 0 关注私信	kavan 2 楼这是什么程序 2012-7-14 12:27 0
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 3 楼下bp MessageBoxA 断 0040CBC0 /. 55 push ebp 0040CBC1 \|. 8BEC mov ebp, esp 0040CBC3 \|. 6A FF push -1 0040CBC5 \|. 68 702C4800 push 00482C70 ; SE 处理程序安装 0040CBCA \|. 64:A1 0000000>mov eax, dword ptr fs:[0] 0040CBD0 \|. 50 push eax 0040CBD1 \|. 64:8925 00000>mov dword ptr fs:[0], esp 0040CBD8 \|. 83EC 1C sub esp, 1C 0040CBDB \|. 8B45 08 mov eax, dword ptr [ebp+8] 0040CBDE \|. 53 push ebx 0040CBDF \|. 56 push esi 0040CBE0 \|. 57 push edi 0040CBE1 \|. 8B7D 10 mov edi, dword ptr [ebp+10] 0040CBE4 \|. 8965 F0 mov dword ptr [ebp-10], esp 0040CBE7 \|. 8B37 mov esi, dword ptr [edi] 0040CBE9 \|. C700 00000000 mov dword ptr [eax], 0 0040CBEF \|. 803E 00 cmp byte ptr [esi], 0 0040CBF2 0F84 83000000 je 0040CC7B 0040CBF8 \|. 8D4D E8 lea ecx, dword ptr [ebp-18] 0040CBFB \|. E8 059B0600 call 00476705 0040CC00 \|. C745 FC 00000>mov dword ptr [ebp-4], 0 0040CC07 \|. 8D4D D8 lea ecx, dword ptr [ebp-28] 0040CC0A \|. C645 FC 01 mov byte ptr [ebp-4], 1 0040CC0E \|. E8 4E9B0600 call 00476761 0040CC13 \|. 6A 00 push 0 0040CC15 \|. 68 11100000 push 1011 0040CC1A \|. 56 push esi 0040CC1B \|. 8D4D D8 lea ecx, dword ptr [ebp-28] 0040CC1E \|. C645 FC 02 mov byte ptr [ebp-4], 2 0040CC22 \|. E8 4C9C0600 call 00476873 0040CC27 \|. 83F8 01 cmp eax, 1 0040CC2A 75 37 jnz short 0040CC63 0040CC2C \|. 8B5D 0C mov ebx, dword ptr [ebp+C] 0040CC2F \|. 8BF0 mov esi, eax 0040CC31 \|> 3BF3 /cmp esi, ebx 0040CC33 7D 1D jge short 0040CC52 0040CC35 \|. 8D0C76 \|lea ecx, dword ptr [esi+esi2] 0040CC38 \|. 8B048F \|mov eax, dword ptr [edi+ecx4] 0040CC3B \|. 8B48 04 \|mov ecx, dword ptr [eax+4] 0040CC3E \|. 83C0 08 \|add eax, 8 0040CC41 \|. 85C9 \|test ecx, ecx 0040CC43 7E 0A jle short 0040CC4F 0040CC45 \|. 51 \|push ecx 0040CC46 \|. 50 \|push eax 0040CC47 \|. 8D4D D8 \|lea ecx, dword ptr [ebp-28] 0040CC4A E8 7B9D0600 call 004769CA 0040CC4F \|> 46 \|inc esi 0040CC50 \|.^ EB DF \jmp short 0040CC31 0040CC52 \|> 8D4D D8 lea ecx, dword ptr [ebp-28] 0040CC55 \|. E8 349E0600 call 00476A8E 0040CC5A \|. 8B55 08 mov edx, dword ptr [ebp+8] 0040CC5D \|. C702 01000000 mov dword ptr [edx], 1 0040CC63 \|> 8D4D D8 lea ecx, dword ptr [ebp-28] 0040CC66 \|. C645 FC 01 mov byte ptr [ebp-4], 1 0040CC6A \|. E8 479B0600 call 004767B6 0040CC6F \|. C745 FC FFFFF>mov dword ptr [ebp-4], -1 0040CC76 \|. E8 C89A0600 call 00476743 0040CC7B \|> 8B4D F4 mov ecx, dword ptr [ebp-C] 0040CC7E \|. 5F pop edi 0040CC7F \|. 5E pop esi 0040CC80 \|. 64:890D 00000>mov dword ptr fs:[0], ecx 0040CC87 \|. 5B pop ebx 0040CC88 \|. 8BE5 mov esp, ebp 0040CC8A \|. 5D pop ebp 0040CC8B \. C3 retn 0040CC8C . 8B45 10 mov eax, dword ptr [ebp+10] 0040CC8F . 8945 EC mov dword ptr [ebp-14], eax 0040CC92 . B8 6FCC4000 mov eax, 0040CC6F 0040CC97 . C3 retn 0040CC98 90 nop 0040CC99 90 nop 0040CC9A 90 nop 0040CC9B 90 nop 0040CC9C 90 nop 0040CC9D 90 nop 0040CC9E 90 nop 0040CC9F 90 nop 0040CCA0 > E9 9E9A0600 jmp 00476743 0040CCA5 90 nop 0040CCA6 90 nop 0040CCA7 90 nop 0040CCA8 90 nop 0040CCA9 90 nop 0040CCAA 90 nop 0040CCAB 90 nop 0040CCAC 90 nop 0040CCAD 90 nop 0040CCAE 90 nop 0040CCAF 90 nop 0040CCB0 /$ 8B4424 04 mov eax, dword ptr [esp+4] 0040CCB4 \|. 50 push eax 0040CCB5 \|. E8 AD910600 call 00475E67 0040CCBA \|. 59 pop ecx 0040CCBB \. C2 0400 retn 4 0040CCBE 90 nop 0040CCBF 90 nop 0040CCC0 . 83EC 64 sub esp, 64 0040CCC3 . 56 push esi 0040CCC4 . 8B7424 74 mov esi, dword ptr [esp+74] 0040CCC8 . 57 push edi 0040CCC9 . 8B7E 08 mov edi, dword ptr [esi+8] 0040CCCC . 57 push edi 0040CCCD . E8 1E150100 call 0041E1F0 0040CCD2 . 83C4 04 add esp, 4 0040CCD5 . 85C0 test eax, eax 0040CCD7 74 10 je short 0040CCE9 0040CCD9 . 8D4424 08 lea eax, dword ptr [esp+8] 0040CCDD . 50 push eax 0040CCDE . 56 push esi 0040CCDF . E8 FCFCFFFF call 0040C9E0 0040CCE4 . 83C4 08 add esp, 8 0040CCE7 . EB 42 jmp short 0040CD2B 0040CCE9 > 81FF 04000080 cmp edi, 80000004 ; Switch (cases 80000002..80000004) 0040CCEF . 75 04 jnz short 0040CCF5 0040CCF1 . 8B0E mov ecx, dword ptr [esi] ; Case 80000004 (SINGLE STEP) of switch 0040CCE9 0040CCF3 . EB 3A jmp short 0040CD2F 0040CCF5 > 81FF 02000080 cmp edi, 80000002 0040CCFB . 75 12 jnz short 0040CD0F 0040CCFD . 8B16 mov edx, dword ptr [esi] ; Case 80000002 (DATATYPE MISALIGNMENT) of switch 0040CCE9 0040CCFF . 8D4C24 08 lea ecx, dword ptr [esp+8] 0040CD03 . 51 push ecx 0040CD04 . 52 push edx 0040CD05 . E8 76EF0100 call 0042BC80 0040CD0A . 83C4 08 add esp, 8 0040CD0D . EB 1C jmp short 0040CD2B 0040CD0F > 81FF 03000080 cmp edi, 80000003 0040CD15 . 75 1C jnz short 0040CD33 0040CD17 . 8B4E 04 mov ecx, dword ptr [esi+4] ; Case 80000003 (BREAKPOINT) of switch 0040CCE9 0040CD1A . 8B16 mov edx, dword ptr [esi] 0040CD1C . 8D4424 08 lea eax, dword ptr [esp+8] 0040CD20 . 50 push eax 0040CD21 . 51 push ecx 0040CD22 . 52 push edx 0040CD23 . E8 98E80100 call 0042B5C0 0040CD28 . 83C4 0C add esp, 0C 0040CD2B > 8D4C24 08 lea ecx, dword ptr [esp+8] 0040CD2F > 85C9 test ecx, ecx 0040CD31 75 09 jnz short 0040CD3C 0040CD33 > C64424 08 00 mov byte ptr [esp+8], 0 ; Default case of switch 0040CCE9 0040CD38 . 8D4C24 08 lea ecx, dword ptr [esp+8] 0040CD3C > 8B46 20 mov eax, dword ptr [esi+20] 0040CD3F . BA 90429E00 mov edx, 009E4290 0040CD44 . 85C0 test eax, eax 0040CD46 74 03 je short 0040CD4B 0040CD48 . 8B56 18 mov edx, dword ptr [esi+18] 0040CD4B > 8B46 0C mov eax, dword ptr [esi+C] 0040CD4E . 8BF0 mov esi, eax 0040CD50 . F7D6 not esi 0040CD52 . 81E6 00100000 and esi, 1000 0040CD58 . 8D0470 lea eax, dword ptr [eax+esi*2] 0040CD5B . 50 push eax ; /Style 0040CD5C . 52 push edx ; \|Title 0040CD5D . 51 push ecx ; \|Text 0040CD5E . 6A 00 push 0 ; \|hOwner = NULL 0040CD60 . FF15 5C854800 call dword ptr [<&USER32.MessageBoxA>>; \MessageBoxA 0040CD66 . 5F pop edi 0040CD67 . 83F8 03 cmp eax, 3 ; Switch (cases 2..7) 0040CD6A . 5E pop esi 0040CD6B 75 0F jnz short 0040CD7C 0040CD6D . 8B4C24 68 mov ecx, dword ptr [esp+68] ; Case 3 of switch 0040CD67 0040CD71 . B8 02000000 mov eax, 2 0040CD76 . 8901 mov dword ptr [ecx], eax 0040CD78 . 83C4 64 add esp, 64 0040CD7B . C3 retn 0040CD7C > 83F8 02 cmp eax, 2 0040CD7F . 75 0F jnz short 0040CD90 0040CD81 . 8B5424 68 mov edx, dword ptr [esp+68] ; Case 2 of switch 0040CD67 0040CD85 . B8 01000000 mov eax, 1 0040CD8A . 8902 mov dword ptr [edx], eax 0040CD8C . 83C4 64 add esp, 64 0040CD8F . C3 retn 0040CD90 > 83F8 05 cmp eax, 5 0040CD93 . 75 0F jnz short 0040CDA4 0040CD95 . 8B4C24 68 mov ecx, dword ptr [esp+68] ; Case 5 of switch 0040CD67 0040CD99 . B8 04000000 mov eax, 4 0040CD9E . 8901 mov dword ptr [ecx], eax 0040CDA0 . 83C4 64 add esp, 64 0040CDA3 . C3 retn 0040CDA4 > 83F8 07 cmp eax, 7 0040CDA7 . 75 0F jnz short 0040CDB8 0040CDA9 . 8B5424 68 mov edx, dword ptr [esp+68] ; Case 7 of switch 0040CD67 0040CDAD . B8 06000000 mov eax, 6 0040CDB2 . 8902 mov dword ptr [edx], eax 0040CDB4 . 83C4 64 add esp, 64 0040CDB7 . C3 retn 2012-7-14 13:12 0
kavan 雪币： 157 活跃值： (35) 能力值： ( LV3，RANK：20 ) 在线值：发帖 16 回帖 83 粉丝 0 关注私信	kavan 4 楼找出判断网络连接的地方直接跳过吧 2012-7-14 13:58 0
bbsphixy 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 8 回帖 65 粉丝 0 关注私信	bbsphixy 5 楼功力不够 2012-7-14 14:07 0
zhingma 雪币： 5 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 21 回帖 203 粉丝 0 关注私信	zhingma 6 楼网络游戏吧，你数据超载造成的。 2012-7-15 09:02 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

kavan

雪币： 157

活跃值： (35)

能力值：

( LV3，RANK：20 )

在线值：

发帖

16

回帖

83

粉丝

0

关注

私信

kavan: 2 楼

这是什么程序

2012-7-14 12:27

0

bbsphixy

雪币： 55

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

8

回帖

65

粉丝

0

关注

私信

bbsphixy: 3 楼

下bp MessageBoxA 断

0040CBC0  /.  55          push ebp
0040CBC1  |.  8BEC       mov    ebp, esp
0040CBC3  |.  6A FF       push -1
0040CBC5  |.  68 702C4800 push 00482C70                      ;  SE 处理程序安装
0040CBCA  |.  64:A1 0000000>mov    eax, dword ptr fs:[0]
0040CBD0  |.  50          push eax
0040CBD1  |.  64:8925 00000>mov    dword ptr fs:[0], esp
0040CBD8  |.  83EC 1C    sub    esp, 1C
0040CBDB  |.  8B45 08    mov    eax, dword ptr [ebp+8]
0040CBDE  |.  53          push ebx
0040CBDF  |.  56          push esi
0040CBE0  |.  57          push edi
0040CBE1  |.  8B7D 10    mov    edi, dword ptr [ebp+10]
0040CBE4  |.  8965 F0    mov    dword ptr [ebp-10], esp
0040CBE7  |.  8B37       mov    esi, dword ptr [edi]
0040CBE9  |.  C700 00000000 mov    dword ptr [eax], 0
0040CBEF  |.  803E 00    cmp    byte ptr [esi], 0
0040CBF2    0F84 83000000 je    0040CC7B
0040CBF8  |.  8D4D E8    lea    ecx, dword ptr [ebp-18]
0040CBFB  |.  E8 059B0600 call 00476705
0040CC00  |.  C745 FC 00000>mov    dword ptr [ebp-4], 0
0040CC07  |.  8D4D D8    lea    ecx, dword ptr [ebp-28]
0040CC0A  |.  C645 FC 01 mov    byte ptr [ebp-4], 1
0040CC0E  |.  E8 4E9B0600 call 00476761
0040CC13  |.  6A 00       push 0
0040CC15  |.  68 11100000 push 1011
0040CC1A  |.  56          push esi
0040CC1B  |.  8D4D D8    lea    ecx, dword ptr [ebp-28]
0040CC1E  |.  C645 FC 02 mov    byte ptr [ebp-4], 2
0040CC22  |.  E8 4C9C0600 call 00476873
0040CC27  |.  83F8 01    cmp    eax, 1
0040CC2A    75 37       jnz    short 0040CC63
0040CC2C  |.  8B5D 0C    mov    ebx, dword ptr [ebp+C]
0040CC2F  |.  8BF0       mov    esi, eax
0040CC31  |>  3BF3       /cmp    esi, ebx
0040CC33    7D 1D       jge    short 0040CC52
0040CC35  |.  8D0C76       |lea    ecx, dword ptr [esi+esi*2]
0040CC38  |.  8B048F       |mov    eax, dword ptr [edi+ecx*4]
0040CC3B  |.  8B48 04    |mov    ecx, dword ptr [eax+4]
0040CC3E  |.  83C0 08    |add    eax, 8
0040CC41  |.  85C9       |test ecx, ecx
0040CC43    7E 0A       jle    short 0040CC4F
0040CC45  |.  51          |push ecx
0040CC46  |.  50          |push eax
0040CC47  |.  8D4D D8    |lea    ecx, dword ptr [ebp-28]
0040CC4A    E8 7B9D0600 call 004769CA
0040CC4F  |>  46          |inc    esi
0040CC50  |.^ EB DF       \jmp    short 0040CC31
0040CC52  |>  8D4D D8    lea    ecx, dword ptr [ebp-28]
0040CC55  |.  E8 349E0600 call 00476A8E
0040CC5A  |.  8B55 08    mov    edx, dword ptr [ebp+8]
0040CC5D  |.  C702 01000000 mov    dword ptr [edx], 1
0040CC63  |>  8D4D D8    lea    ecx, dword ptr [ebp-28]
0040CC66  |.  C645 FC 01 mov    byte ptr [ebp-4], 1
0040CC6A  |.  E8 479B0600 call 004767B6
0040CC6F  |.  C745 FC FFFFF>mov    dword ptr [ebp-4], -1
0040CC76  |.  E8 C89A0600 call 00476743
0040CC7B  |>  8B4D F4    mov    ecx, dword ptr [ebp-C]
0040CC7E  |.  5F          pop    edi
0040CC7F  |.  5E          pop    esi
0040CC80  |.  64:890D 00000>mov    dword ptr fs:[0], ecx
0040CC87  |.  5B          pop    ebx
0040CC88  |.  8BE5       mov    esp, ebp
0040CC8A  |.  5D          pop    ebp
0040CC8B  \.  C3          retn
0040CC8C .  8B45 10    mov    eax, dword ptr [ebp+10]
0040CC8F .  8945 EC    mov    dword ptr [ebp-14], eax
0040CC92 .  B8 6FCC4000 mov    eax, 0040CC6F
0040CC97 .  C3          retn
0040CC98    90          nop
0040CC99    90          nop
0040CC9A    90          nop
0040CC9B    90          nop
0040CC9C    90          nop
0040CC9D    90          nop
0040CC9E    90          nop
0040CC9F    90          nop
0040CCA0 >  E9 9E9A0600 jmp    00476743
0040CCA5    90          nop
0040CCA6    90          nop
0040CCA7    90          nop
0040CCA8    90          nop
0040CCA9    90          nop
0040CCAA    90          nop
0040CCAB    90          nop
0040CCAC    90          nop
0040CCAD    90          nop
0040CCAE    90          nop
0040CCAF    90          nop
0040CCB0  /$  8B4424 04    mov    eax, dword ptr [esp+4]
0040CCB4  |.  50          push eax
0040CCB5  |.  E8 AD910600 call 00475E67
0040CCBA  |.  59          pop    ecx
0040CCBB  \.  C2 0400    retn 4
0040CCBE    90          nop
0040CCBF    90          nop
0040CCC0 .  83EC 64    sub    esp, 64
0040CCC3 .  56          push esi
0040CCC4 .  8B7424 74    mov    esi, dword ptr [esp+74]
0040CCC8 .  57          push edi
0040CCC9 .  8B7E 08    mov    edi, dword ptr [esi+8]
0040CCCC .  57          push edi
0040CCCD .  E8 1E150100 call 0041E1F0
0040CCD2 .  83C4 04    add    esp, 4
0040CCD5 .  85C0       test eax, eax
0040CCD7    74 10       je    short 0040CCE9
0040CCD9 .  8D4424 08    lea    eax, dword ptr [esp+8]
0040CCDD .  50          push eax
0040CCDE .  56          push esi
0040CCDF .  E8 FCFCFFFF call 0040C9E0
0040CCE4 .  83C4 08    add    esp, 8
0040CCE7 .  EB 42       jmp    short 0040CD2B
0040CCE9 >  81FF 04000080 cmp    edi, 80000004                   ;  Switch (cases 80000002..80000004)
0040CCEF .  75 04       jnz    short 0040CCF5
0040CCF1 .  8B0E       mov    ecx, dword ptr [esi]          ;  Case 80000004 (SINGLE STEP) of switch 0040CCE9
0040CCF3 .  EB 3A       jmp    short 0040CD2F
0040CCF5 >  81FF 02000080 cmp    edi, 80000002
0040CCFB .  75 12       jnz    short 0040CD0F
0040CCFD .  8B16       mov    edx, dword ptr [esi]          ;  Case 80000002 (DATATYPE MISALIGNMENT) of switch 0040CCE9
0040CCFF .  8D4C24 08    lea    ecx, dword ptr [esp+8]
0040CD03 .  51          push ecx
0040CD04 .  52          push edx
0040CD05 .  E8 76EF0100 call 0042BC80
0040CD0A .  83C4 08    add    esp, 8
0040CD0D .  EB 1C       jmp    short 0040CD2B
0040CD0F >  81FF 03000080 cmp    edi, 80000003
0040CD15 .  75 1C       jnz    short 0040CD33
0040CD17 .  8B4E 04    mov    ecx, dword ptr [esi+4]          ;  Case 80000003 (BREAKPOINT) of switch 0040CCE9
0040CD1A .  8B16       mov    edx, dword ptr [esi]
0040CD1C .  8D4424 08    lea    eax, dword ptr [esp+8]
0040CD20 .  50          push eax
0040CD21 .  51          push ecx
0040CD22 .  52          push edx
0040CD23 .  E8 98E80100 call 0042B5C0
0040CD28 .  83C4 0C    add    esp, 0C
0040CD2B >  8D4C24 08    lea    ecx, dword ptr [esp+8]
0040CD2F >  85C9       test ecx, ecx
0040CD31    75 09       jnz    short 0040CD3C
0040CD33 >  C64424 08 00  mov    byte ptr [esp+8], 0             ;  Default case of switch 0040CCE9
0040CD38 .  8D4C24 08    lea    ecx, dword ptr [esp+8]
0040CD3C >  8B46 20    mov    eax, dword ptr [esi+20]
0040CD3F .  BA 90429E00 mov    edx, 009E4290
0040CD44 .  85C0       test eax, eax
0040CD46    74 03       je    short 0040CD4B
0040CD48 .  8B56 18    mov    edx, dword ptr [esi+18]
0040CD4B >  8B46 0C    mov    eax, dword ptr [esi+C]
0040CD4E .  8BF0       mov    esi, eax
0040CD50 .  F7D6       not    esi
0040CD52 .  81E6 00100000 and    esi, 1000
0040CD58 .  8D0470       lea    eax, dword ptr [eax+esi*2]
0040CD5B .  50          push eax                            ; /Style
0040CD5C .  52          push edx                            ; |Title
0040CD5D .  51          push ecx                            ; |Text
0040CD5E .  6A 00       push 0                               ; |hOwner = NULL
0040CD60 .  FF15 5C854800 call dword ptr [<&USER32.MessageBoxA>>; \MessageBoxA
0040CD66 .  5F          pop    edi
0040CD67 .  83F8 03    cmp    eax, 3                         ;  Switch (cases 2..7)
0040CD6A .  5E          pop    esi
0040CD6B    75 0F       jnz    short 0040CD7C
0040CD6D .  8B4C24 68    mov    ecx, dword ptr [esp+68]       ;  Case 3 of switch 0040CD67
0040CD71 .  B8 02000000 mov    eax, 2
0040CD76 .  8901       mov    dword ptr [ecx], eax
0040CD78 .  83C4 64    add    esp, 64
0040CD7B .  C3          retn
0040CD7C >  83F8 02    cmp    eax, 2
0040CD7F .  75 0F       jnz    short 0040CD90
0040CD81 .  8B5424 68    mov    edx, dword ptr [esp+68]       ;  Case 2 of switch 0040CD67
0040CD85 .  B8 01000000 mov    eax, 1
0040CD8A .  8902       mov    dword ptr [edx], eax
0040CD8C .  83C4 64    add    esp, 64
0040CD8F .  C3          retn
0040CD90 >  83F8 05    cmp    eax, 5
0040CD93 .  75 0F       jnz    short 0040CDA4
0040CD95 .  8B4C24 68    mov    ecx, dword ptr [esp+68]       ;  Case 5 of switch 0040CD67
0040CD99 .  B8 04000000 mov    eax, 4
0040CD9E .  8901       mov    dword ptr [ecx], eax
0040CDA0 .  83C4 64    add    esp, 64
0040CDA3 .  C3          retn
0040CDA4 >  83F8 07    cmp    eax, 7
0040CDA7 .  75 0F       jnz    short 0040CDB8
0040CDA9 .  8B5424 68    mov    edx, dword ptr [esp+68]       ;  Case 7 of switch 0040CD67
0040CDAD .  B8 06000000 mov    eax, 6
0040CDB2 .  8902       mov    dword ptr [edx], eax
0040CDB4 .  83C4 64    add    esp, 64
0040CDB7 .  C3          retn

2012-7-14 13:12

0