3713F6E0 .^\E9 CB3DFFFF JMP hw.371334B0
3713F6E5 90 NOP
3713F6E6 90 NOP
3713F6E7 90 NOP
3713F6E8 90 NOP
3713F6E9 90 NOP
3713F6EA 90 NOP
3713F6EB 90 NOP
3713F6EC 90 NOP
3713F6ED 90 NOP
3713F6EE 90 NOP
3713F6EF 90 NOP
3713F6F0 . 56 PUSH ESI
3713F6F1 . E8 DAEA0000 CALL hw.3714E1D0
3713F6F6 . 8BF0 MOV ESI,EAX
3713F6F8 . E8 73EA0200 CALL hw.3716E170
3713F6FD . 85F6 TEST ESI,ESI
3713F6FF . 0F84 2D010000 JE hw.3713F832
3713F705 . 57 PUSH EDI
3713F706 . 8BFE MOV EDI,ESI
3713F708 . 83C9 FF OR ECX,FFFFFFFF
3713F70B . 33C0 XOR EAX,EAX
3713F70D . F2:AE REPNE SCAS BYTE PTR ES:[EDI]
3713F70F . F7D1 NOT ECX
3713F711 . 49 DEC ECX
3713F712 . 5F POP EDI
3713F713 . 0F84 19010000 JE hw.3713F832
3713F719 . 6A 15 PUSH 15
3713F71B . 68 44464E37 PUSH hw.374E4644 ; invalid valve cd key\n
3713F720 . 56 PUSH ESI
3713F721 . E8 AAF82C00 CALL hw.3740EFD0
3713F726 . 83C4 0C ADD ESP,0C
3713F729 . 85C0 TEST EAX,EAX
3713F72B . 75 1B JNZ SHORT hw.3713F748
3713F72D . 6A 01 PUSH 1
3713F72F . 6A 01 PUSH 1
3713F731 . E8 FAD6FCFF CALL hw.3710CE30
3713F736 . 83C4 08 ADD ESP,8
3713F739 . 68 2C464E37 PUSH hw.374E462C ; server disconnected\n
3713F73E . E8 6D870300 CALL hw.37177EB0
3713F743 . 83C4 04 ADD ESP,4
3713F746 . 5E POP ESI
3713F747 . C3 RETN
3713F748 > 68 1C464E37 PUSH hw.374E461C ; cso session end
3713F74D . 56 PUSH ESI
3713F74E . E8 3DD60000 CALL hw.3714CD90
3713F753 . 83C4 08 ADD ESP,8
3713F756 . 85C0 TEST EAX,EAX
3713F758 . 0F84 E3000000 JE hw.3713F841
3713F75E . 68 10464E37 PUSH hw.374E4610 ; timed out
3713F763 . 56 PUSH ESI
3713F764 . E8 27D60000 CALL hw.3714CD90
3713F769 . 83C4 08 ADD ESP,8
3713F76C . 85C0 TEST EAX,EAX
3713F76E . 75 1C JNZ SHORT hw.3713F78C
3713F770 . 68 10464E37 PUSH hw.374E4610 ; timed out
3713F775 . E8 26D7FCFF CALL hw.3710CEA0
3713F77A . 83C4 04 ADD ESP,4
3713F77D . 68 2C464E37 PUSH hw.374E462C ; server disconnected\n
3713F782 . E8 29870300 CALL hw.37177EB0
3713F787 . 83C4 04 ADD ESP,4
3713F78A . 5E POP ESI
3713F78B . C3 RETN
3713F78C > 68 E8454E37 PUSH hw.374E45E8 ; bad command character in client command
3713F791 . 56 PUSH ESI
3713F792 . E8 F9D50000 CALL hw.3714CD90
3713F797 . 83C4 08 ADD ESP,8
3713F79A . 85C0 TEST EAX,EAX
3713F79C . 75 1C JNZ SHORT hw.3713F7BA
3713F79E . 68 E8454E37 PUSH hw.374E45E8 ; bad command character in client command
3713F7A3 . E8 F8D6FCFF CALL hw.3710CEA0
3713F7A8 . 83C4 04 ADD ESP,4
3713F7AB . 68 2C464E37 PUSH hw.374E462C ; server disconnected\n
3713F7B0 . E8 FB860300 CALL hw.37177EB0
3713F7B5 . 83C4 04 ADD ESP,4
3713F7B8 . 5E POP ESI
3713F7B9 . C3 RETN
3713F7BA > 68 D4454E37 PUSH hw.374E45D4 ; cmd_maxbackup hit
3713F7BF . 56 PUSH ESI
3713F7C0 . E8 CBD50000 CALL hw.3714CD90
3713F7C5 . 83C4 08 ADD ESP,8
3713F7C8 . 85C0 TEST EAX,EAX
3713F7CA . 75 1C JNZ SHORT hw.3713F7E8
3713F7CC . 68 D4454E37 PUSH hw.374E45D4 ; cmd_maxbackup hit
3713F7D1 . E8 CAD6FCFF CALL hw.3710CEA0
3713F7D6 . 83C4 04 ADD ESP,4
3713F7D9 . 68 2C464E37 PUSH hw.374E462C ; server disconnected\n
3713F7DE . E8 CD860300 CALL hw.37177EB0
3713F7E3 . 83C4 04 ADD ESP,4
3713F7E6 . 5E POP ESI
3713F7E7 . C3 RETN
3713F7E8 > 68 C0454E37 PUSH hw.374E45C0 ; restore timed out
3713F7ED . 56 PUSH ESI
3713F7EE . E8 9DD50000 CALL hw.3714CD90
3713F7F3 . 83C4 08 ADD ESP,8
3713F7F6 . 85C0 TEST EAX,EAX
3713F7F8 . 75 1C JNZ SHORT hw.3713F816
3713F7FA . 68 C0454E37 PUSH hw.374E45C0 ; restore timed out
3713F7FF . E8 9CD6FCFF CALL hw.3710CEA0
3713F804 . 83C4 04 ADD ESP,4
3713F807 . 68 2C464E37 PUSH hw.374E462C ; server disconnected\n
3713F80C . E8 9F860300 CALL hw.37177EB0
3713F811 . 83C4 04 ADD ESP,4
3713F814 . 5E POP ESI
3713F815 . C3 RETN
3713F816 > 68 143C4E37 PUSH hw.374E3C14 ; disconnected
3713F81B . E8 80D6FCFF CALL hw.3710CEA0
3713F820 . 83C4 04 ADD ESP,4
3713F823 . 68 2C464E37 PUSH hw.374E462C ; server disconnected\n
3713F828 . E8 83860300 CALL hw.37177EB0
3713F82D . 83C4 04 ADD ESP,4
3713F830 . 5E POP ESI
3713F831 . C3 RETN
3713F832 > 68 A0454E37 PUSH hw.374E45A0 ; #gameui_disconnectedfromserver
3713F837 . 6A 01 PUSH 1
3713F839 . E8 C2D90000 CALL hw.3714D200
3713F83E . 83C4 08 ADD ESP,8
3713F841 > 68 2C464E37 PUSH hw.374E462C ; server disconnected\n
3713F846 . E8 65860300 CALL hw.37177EB0
3713F84B . 83C4 04 ADD ESP,4
3713F84E . 5E POP ESI
3713F84F . C3 RETN
3713F850 . E8 7BE80000 CALL hw.3714E0D0
3713F855 . 3D 2F000056 CMP EAX,5600002F
3713F85A . 74 13 JE SHORT hw.3713F86F
3713F85C . 68 2F000056 PUSH 5600002F
3713F861 . 50 PUSH EAX
3713F862 . 68 5C464E37 PUSH hw.374E465C ; cl_parse_version: server is protocol %i instead of %i\n
3713F867 . E8 04870300 CALL hw.37177F70
3713F86C . 83C4 0C ADD ESP,0C
3713F86F > C3 RETN
3713F870 . 83EC 20 SUB ESP,20
3713F873 . 56 PUSH ESI
3713F874 . E8 57E90000 CALL hw.3714E1D0
3713F879 . 8BF0 MOV ESI,EAX
3713F87B . E8 70E70000 CALL hw.3714DFF0
3713F880 . A3 E0F33938 MOV DWORD PTR DS:[3839F3E0],EAX
3713F885 . 50 PUSH EAX
3713F886 . 68 40EC4D37 PUSH hw.374DEC40 ; %d
3713F88B . 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+C]
3713F88F . 6A 20 PUSH 20
3713F891 . 50 PUSH EAX
3713F892 . E8 AAD62C00 CALL hw.3740CF41
3713F897 . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
3713F89B . 51 PUSH ECX
3713F89C . 68 F0835837 PUSH hw.375883F0
3713F8A1 . E8 9A250100 CALL hw.37151E40
3713F8A6 . 56 PUSH ESI
3713F8A7 . E8 04FB0000 CALL hw.3714F3B0
3713F8AC . 83C4 1C ADD ESP,1C
3713F8AF . 5E POP ESI
3713F8B0 . 83C4 20 ADD ESP,20
3713F8B3 . C3 RETN
这段代码 我搞了N天也没研究成功~ 简单介绍下,~ 这是一个非法弹窗~
3713F7F8 . 75 1C JNZ SHORT hw.3713F816
3713F7FA . 68 C0454E37 PUSH hw.374E45C0 ; restore timed out
3713F7FF . E8 9CD6FCFF CALL hw.3710CEA0
3713F804 . 83C4 04 ADD ESP,4
3713F807 . 68 2C464E37 PUSH hw.374E462C ; server disconnected\n
3713F80C . E8 9F860300 CALL hw.37177EB0
3713F811 . 83C4 04 ADD ESP,4
3713F814 . 5E POP ESI
3713F815 . C3 RETN
3713F816 > 68 143C4E37 PUSH hw.374E3C14 ; disconnected
重点这里 我如果把 JNZ SHORT hw.3713F816 改JMP 他就会跳出 disconnected 非法
如果我要NOP 它就会跳 restore timed 非法,后面这些都是非法窗~
之后我尝试把它跳到别处,可是程序会掉线,~ 我到最初代码那里 想看看哪里CALL 的这段地址 可是也没有CALL这段地址~ 本人是个菜鸟 只能来大牛论坛 求助下~ 如何不让他蹦出非法窗~ 后面的英文都是非法窗 帮忙解决下~
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
