我想请教一个关于跳过FTP更新的问题!-软件逆向-看雪-安全社区|安全招聘|kanxue.com

我想请教一个关于跳过FTP更新的问题!

发表于: 2005-11-22 11:01 3803

我想请教一个关于跳过FTP更新的问题!

fnp902003

2005-11-22 11:01

3803

最近我玩一个游戏名字叫<江湖online>的,不过.他的FTP的确不怎么好,我的网络又不是很好每次都登陆都要自动连接半天,所以我打算跳过他的FTP.不过我遇到了这些问题.正文如下:
由于我的目的是跳过FTP,所以我只下了一个MessageBoxA的断点.然后按F9运行
就出现了很多断点,不过我需要的只是有关于FTP的断点,所以我就得到了如下的代码:
00401B50 > \68 601B4000 push Launcher.00401B60
00401B55 .  E8 2E400000 call Launcher.00405B88
00401B5A .  59       pop ecx
00401B5B .  C3       retn
00401B5C    90       nop
00401B5D    90       nop
00401B5E    90       nop
00401B5F    90       nop
00401B60 .  B9 D8574100 mov ecx,Launcher.004157D8
00401B65 .  E9 26000000 jmp Launcher.00401B90
00401B6A    90       nop
00401B6B    90       nop
00401B6C    90       nop
00401B6D    90       nop
00401B6E    90       nop
00401B6F    90       nop
00401B70 >  8BC1       mov eax,ecx
00401B72 .  33C9       xor ecx,ecx
00401B74 .  8908       mov dword ptr ds:[eax],ecx
00401B76 .  8948 04    mov dword ptr ds:[eax+4],ecx
00401B79 .  8948 08    mov dword ptr ds:[eax+8],ecx
00401B7C .  8948 58    mov dword ptr ds:[eax+58],ecx
00401B7F .  8948 60    mov dword ptr ds:[eax+60],ecx
00401B82 .  8948 70    mov dword ptr ds:[eax+70],ecx
00401B85 .  C3       retn
00401B86    90       nop
00401B87    90       nop
00401B88    90       nop
00401B89    90       nop
00401B8A    90       nop
00401B8B    90       nop
00401B8C    90       nop
00401B8D    90       nop
00401B8E    90       nop
00401B8F    90       nop
00401B90 >  E9 6B000000 jmp Launcher.00401C00
00401B95    90       nop
00401B96    90       nop
00401B97    90       nop
00401B98    90       nop
00401B99    90       nop
00401B9A    90       nop
00401B9B    90       nop
00401B9C    90       nop
00401B9D    90       nop
00401B9E    90       nop
00401B9F    90       nop
00401BA0 /$  56       push esi
00401BA1 |.  57       push edi
00401BA2 |.  8BF1       mov esi,ecx
00401BA4 |.  6A 09    push 9
00401BA6 |.  68 83010000 push 183
00401BAB |.  B9 07000000 mov ecx,7
00401BB0 |.  8D7E 14    lea edi,dword ptr ds:[esi+14]
00401BB3 |.  33C0       xor eax,eax
00401BB5 |.  68 55010000 push 155
00401BBA |.  C746 0C 000>mov dword ptr ds:[esi+C],0
00401BC1 |.  C746 10 000>mov dword ptr ds:[esi+10],0
00401BC8 |.  68 A2000000 push 0A2
00401BCD |.  F3:AB    rep stos dword ptr es:[edi]
00401BCF |.  68 55010000 push 155
00401BD4 |.  6A 10    push 10
00401BD6 |.  6A 0F    push 0F
00401BD8 |.  8D4E 30    lea ecx,dword ptr ds:[esi+30]
00401BDB |.  E8 B0FDFFFF call Launcher.00401990
00401BE0 |.  68 10270000 push 2710                         ; /MemSize = 2710 (10000.)
00401BE5 |.  6A 00    push 0                            ; |Flags = GMEM_FIXED
00401BE7 |.  FF15 6C0041>call dword ptr ds:[<&KERNEL32.Glob>; \GlobalAlloc
00401BED |.  33C9       xor ecx,ecx
00401BEF |.  8946 70    mov dword ptr ds:[esi+70],eax
00401BF2 |.  85C0       test eax,eax
00401BF4 |.  0F95C1    setne cl
00401BF7 |.  5F       pop edi
00401BF8 |.  8BC1       mov eax,ecx
00401BFA |.  5E       pop esi
00401BFB \.  C3       retn
00401BFC    90       nop
00401BFD    90       nop
00401BFE    90       nop
00401BFF    90       nop
00401C00 /$  53       push ebx
00401C01 |.  8B1D 700041>mov ebx,dword ptr ds:[<&KERNEL32.G>;  kernel32.GlobalFree
00401C07 |.  56       push esi
00401C08 |.  8BF1       mov esi,ecx
00401C0A |.  57       push edi
00401C0B |.  33FF       xor edi,edi
00401C0D |.  8B46 70    mov eax,dword ptr ds:[esi+70]
00401C10 |.  3BC7       cmp eax,edi
00401C12 |.  74 06    je short Launcher.00401C1A
00401C14 |.  50       push eax                         ; /hMem
00401C15 |.  FFD3       call ebx                         ; \GlobalFree
00401C17 |.  897E 70    mov dword ptr ds:[esi+70],edi
00401C1A |>  8B46 60    mov eax,dword ptr ds:[esi+60]
00401C1D |.  3BC7       cmp eax,edi
00401C1F |.  74 06    je short Launcher.00401C27
00401C21 |.  50       push eax
00401C22 |.  FFD3       call ebx
00401C24 |.  897E 60    mov dword ptr ds:[esi+60],edi
00401C27 |>  8B46 58    mov eax,dword ptr ds:[esi+58]
00401C2A |.  3BC7       cmp eax,edi
00401C2C |.  74 06    je short Launcher.00401C34
00401C2E |.  50       push eax
00401C2F |.  FFD3       call ebx
00401C31 |.  897E 58    mov dword ptr ds:[esi+58],edi
00401C34 |>  8B46 08    mov eax,dword ptr ds:[esi+8]
00401C37 |.  8B1D 540241>mov ebx,dword ptr ds:[<&WININET.In>;  WININET.InternetCloseHandle
00401C3D |.  3BC7       cmp eax,edi
00401C3F |.  74 06    je short Launcher.00401C47
00401C41 |.  50       push eax
00401C42 |.  FFD3       call ebx                         ;  <&WININET.InternetCloseHandle>
00401C44 |.  897E 08    mov dword ptr ds:[esi+8],edi
00401C47 |>  8B46 04    mov eax,dword ptr ds:[esi+4]
00401C4A |.  3BC7       cmp eax,edi
00401C4C |.  74 06    je short Launcher.00401C54
00401C4E |.  50       push eax
00401C4F |.  FFD3       call ebx
00401C51 |.  897E 04    mov dword ptr ds:[esi+4],edi
00401C54 |>  8B06       mov eax,dword ptr ds:[esi]
00401C56 |.  3BC7       cmp eax,edi
00401C58 |.  74 05    je short Launcher.00401C5F
00401C5A |.  50       push eax
00401C5B |.  FFD3       call ebx
00401C5D |.  893E       mov dword ptr ds:[esi],edi
00401C5F |>  5F       pop edi
00401C60 |.  5E       pop esi
00401C61 |.  5B       pop ebx
00401C62 \.  C3       retn
00401C63    90       nop
00401C64    90       nop
00401C65    90       nop
00401C66    90       nop
00401C67    90       nop
00401C68    90       nop
00401C69    90       nop
00401C6A    90       nop
00401C6B    90       nop
00401C6C    90       nop
00401C6D    90       nop
00401C6E    90       nop
00401C6F    90       nop
00401C70 /$  51       push ecx
00401C71 |.  56       push esi
00401C72 |.  8BF1       mov esi,ecx
00401C74 |.  8B46 0C    mov eax,dword ptr ds:[esi+C]
00401C77 |.  83E8 00    sub eax,0                         ;  Switch (cases 0..1)
00401C7A |.  0F84 F60000>je Launcher.00401D76
00401C80 |.  48       dec eax
00401C81 |.  0F85 690100>jnz Launcher.00401DF0
00401C87 |.  8B46 10    mov eax,dword ptr ds:[esi+10]    ;  Case 1 of switch 00401C77
00401C8A |.  83F8 06    cmp eax,6                         ;  Switch (cases 0..6)
00401C8D |.  0F87 5D0100>ja Launcher.00401DF0
00401C93 |.  FF2485 F41D>jmp dword ptr ds:[eax*4+401DF4]
00401C9A |>  8BCE       mov ecx,esi                      ;  Case 1 of switch 00401C8A
00401C9C |.  E8 EF100000 call Launcher.00402D90
00401CA1 |.  85C0       test eax,eax
00401CA3 |.  75 6C    jnz short Launcher.00401D11
00401CA5 |.  50       push eax
00401CA6 |.  68 38214100 push Launcher.00412138          ;  ASCII "Launcher[JiangHu]"
00401CAB |.  68 0C234100 push Launcher.0041230C          ;  ASCII "[Error::ConnectPatchServer()]"
00401CB0 |.  E9 AC000000 jmp Launcher.00401D61
00401CB5 |>  8BCE       mov ecx,esi                      ;  Case 2 of switch 00401C8A
00401CB7 |.  E8 D4110000 call Launcher.00402E90
00401CBC |.  85C0       test eax,eax
00401CBE |.  75 51    jnz short Launcher.00401D11
00401CC0 |.  50       push eax
00401CC1 |.  68 38214100 push Launcher.00412138          ;  ASCII "Launcher[JiangHu]"
00401CC6 |.  68 F0224100 push Launcher.004122F0          ;  ASCII "[Error::GetPatchDataSize()]"
00401CCB |.  E9 91000000 jmp Launcher.00401D61
00401CD0 |>  8BCE       mov ecx,esi                      ;  Case 3 of switch 00401C8A
00401CD2 |.  E8 D9120000 call Launcher.00402FB0
00401CD7 |.  85C0       test eax,eax
00401CD9 |.  75 36    jnz short Launcher.00401D11
00401CDB |.  50       push eax
00401CDC |.  68 38214100 push Launcher.00412138          ;  ASCII "Launcher[JiangHu]"
00401CE1 |.  68 D4224100 push Launcher.004122D4          ;  ASCII "[Error::OpenPatchData()]"
00401CE6 |.  EB 79    jmp short Launcher.00401D61
00401CE8 |>  8D4424 04 lea eax,dword ptr ss:[esp+4]    ;  Case 4 of switch 00401C8A
00401CEC |.  8BCE       mov ecx,esi
00401CEE |.  50       push eax                         ; /Arg1
00401CEF |.  E8 5C140000 call Launcher.00403150          ; \Launcher.00403150
00401CF4 |.  85C0       test eax,eax
00401CF6 |.  75 0D    jnz short Launcher.00401D05
00401CF8 |.  50       push eax
00401CF9 |.  68 38214100 push Launcher.00412138          ;  ASCII "Launcher[JiangHu]"
00401CFE |.  68 B8224100 push Launcher.004122B8          ;  ASCII "[Error::ReadPatchData()]"
00401D03 |.  EB 5C    jmp short Launcher.00401D61
00401D05 |>  8B4424 04 mov eax,dword ptr ss:[esp+4]
00401D09 |.  85C0       test eax,eax
00401D0B |.  0F84 DF0000>je Launcher.00401DF0
00401D11 |>  8B46 10    mov eax,dword ptr ds:[esi+10]
00401D14 |.  40       inc eax
00401D15 |.  8946 10    mov dword ptr ds:[esi+10],eax
00401D18 |.  5E       pop esi
00401D19 |.  59       pop ecx
00401D1A |.  C3       retn
00401D1B |>  8BCE       mov ecx,esi                      ;  Case 5 of switch 00401C8A
00401D1D |.  E8 0E160000 call Launcher.00403330
00401D22 |.  85C0       test eax,eax
00401D24 |.  75 0D    jnz short Launcher.00401D33
00401D26 |.  50       push eax
00401D27 |.  68 38214100 push Launcher.00412138          ;  ASCII "Launcher[JiangHu]"
00401D2C |.  68 9C224100 push Launcher.0041229C          ;  ASCII "[Error::ApplyPatchData()]"
00401D31 |.  EB 2E    jmp short Launcher.00401D61
00401D33 |>  8B4E 4C    mov ecx,dword ptr ds:[esi+4C]
00401D36 |.  8B46 50    mov eax,dword ptr ds:[esi+50]
00401D39 |.  3BC8       cmp ecx,eax
00401D3B |.^ 7D D4    jge short Launcher.00401D11
00401D3D |.  C746 10 030>mov dword ptr ds:[esi+10],3
00401D44 |.  5E       pop esi
00401D45 |.  59       pop ecx
00401D46 |.  C3       retn
00401D47 |>  8BCE       mov ecx,esi                      ;  Case 6 of switch 00401C8A
00401D49 |.  E8 F21B0000 call Launcher.00403940
00401D4E |.  85C0       test eax,eax
00401D50 |.  0F85 8C0000>jnz Launcher.00401DE2
00401D56 |.  50       push eax
00401D57 |.  68 38214100 push Launcher.00412138          ;  ASCII "Launcher[JiangHu]"
00401D5C |.  68 80224100 push Launcher.00412280          ;  ASCII "[Error::ClosePatchData()]"
00401D61 |>  6A 00    push 0                            ; |hOwner = NULL
00401D63 |.  FF15 380241>call dword ptr ds:[<&USER32.Messag>; \MessageBoxA
00401D69 |.  C705 A85541>mov dword ptr ds:[4155A8],1
00401D73 |.  5E       pop esi
00401D74 |.  59       pop ecx
00401D75 |.  C3       retn
00401D76 |>  8B46 10    mov eax,dword ptr ds:[esi+10]    ;  Case 0 of switch 00401C77
00401D79 |.  83F8 03    cmp eax,3                         ;  Switch (cases 0..3)
00401D7C |.  77 72    ja short Launcher.00401DF0
00401D7E |.  FF2485 101E>jmp dword ptr ds:[eax*4+401E10]
00401D85 |>  C746 10 010>mov dword ptr ds:[esi+10],1       ;  Case 0 of switch 00401D79
00401D8C |.  5E       pop esi
00401D8D |.  59       pop ecx
00401D8E |.  C3       retn
00401D8F |>  8BCE       mov ecx,esi                      ;  Case 1 of switch 00401D79
00401D91 |.  E8 FA070000 call Launcher.00402590
00401D96 |.  85C0       test eax,eax
00401D98 |.^ 0F85 73FFFF>jnz Launcher.00401D11
00401D9E |.  50       push eax
00401D9F |.  68 38214100 push Launcher.00412138          ;  ASCII "Launcher[JiangHu]"
00401DA4 |.  68 64224100 push Launcher.00412264          ;  ASCII "[Error::GetClientVersion()]"
00401DA9 |.^ EB B6    jmp short Launcher.00401D61
00401DAB |>  8BCE       mov ecx,esi                      ;  Case 2 of switch 00401D79
00401DAD |.  E8 7E080000 call Launcher.00402630
00401DB2 |.  85C0       test eax,eax
00401DB4 |.^ 0F85 57FFFF>jnz Launcher.00401D11
00401DBA |.  50       push eax
00401DBB |.  68 38214100 push Launcher.00412138          ;  ASCII "Launcher[JiangHu]"
00401DC0 |.  68 44224100 push Launcher.00412244          ;  ASCII "[Error::GetPatchServerInfo()]"
00401DC5 |.^ EB 9A    jmp short Launcher.00401D61
00401DC7 |>  8B56 4C    mov edx,dword ptr ds:[esi+4C]    ;  Case 3 of switch 00401D79
00401DCA |.  8B46 50    mov eax,dword ptr ds:[esi+50]
00401DCD |.  3BD0       cmp edx,eax
00401DCF |.  7D 11    jge short Launcher.00401DE2
00401DD1 |.  C746 0C 010>mov dword ptr ds:[esi+C],1
00401DD8 |.  C746 10 000>mov dword ptr ds:[esi+10],0
00401DDF |.  5E       pop esi
00401DE0 |.  59       pop ecx
00401DE1 |.  C3       retn
00401DE2 |>  C746 0C 020>mov dword ptr ds:[esi+C],2
00401DE9 |.  C746 10 000>mov dword ptr ds:[esi+10],0
00401DF0 |>  5E       pop esi                         ;  Default case of switch 00401D79
00401DF1 |.  59       pop ecx
00401DF2 \.  C3       retn
00401DF3    90       nop
00401DF4 .  851D4000 dd Launcher.00401D85             ;  Switch table used at 00401C93
00401DF8 .  9A1C4000 dd Launcher.00401C9A
00401DFC .  B51C4000 dd Launcher.00401CB5
00401E00 .  D01C4000 dd Launcher.00401CD0
00401E04 .  E81C4000 dd Launcher.00401CE8
00401E08 .  1B1D4000 dd Launcher.00401D1B
00401E0C .  471D4000 dd Launcher.00401D47
00401E10 .  851D4000 dd Launcher.00401D85             ;  Switch table used at 00401D7E
00401E14 .  8F1D4000 dd Launcher.00401D8F
00401E18 .  AB1D4000 dd Launcher.00401DAB
00401E1C .  C71D4000 dd Launcher.00401DC7
00401E20 /$  83EC 20    sub esp,20
00401E23 |.  53       push ebx
00401E24 |.  55       push ebp
00401E25 |.  56       push esi
00401E26 |.  8D4424 14 lea eax,dword ptr ss:[esp+14]
00401E2A |.  57       push edi
00401E2B |.  8BF9       mov edi,ecx
00401E2D |.  50       push eax                         ; /pPoint
00401E2E |.  FF15 1C0241>call dword ptr ds:[<&USER32.GetCur>; \GetCursorPos
00401E34 |.  8B15 A45541>mov edx,dword ptr ds:[4155A4]
00401E3A |.  8D4C24 20 lea ecx,dword ptr ss:[esp+20]
00401E3E |.  51       push ecx                         ; /pRect
00401E3F |.  52       push edx                         ; |hWnd => 00290252 ('Launcher[JiangHu]',class='Launcher[JiangHu]')
00401E40 |.  FF15 140241>call dword ptr ds:[<&USER32.GetWin>; \GetWindowRect

我尝试过修改,但是我并不太确认我是成功了的,因为我在修改之后出现了新的错误对话框.经过我的检查,原来是程序开头的错误.
如下所示:
00401000 /$  83EC 4C    sub esp,4C
00401003 |.  55       push ebp
00401004 |.  56       push esi
00401005 |.  33ED       xor ebp,ebp
00401007 |.  57       push edi
00401008 |.  55       push ebp                         ; /Title => NULL
00401009 |.  68 38214100 push Launcher.00412138          ; |Class = "Launcher[JiangHu]"
0040100E |.  FF15 F40141>call dword ptr ds:[<&USER32.FindWi>; \FindWindowA
00401014 |.  85C0       test eax,eax
00401016 |.  74 1D    je short Launcher.00401035
00401018 |.  55       push ebp                         ; /Style => MB_OK|MB_APPLMODAL
00401019 |.  68 38214100 push Launcher.00412138          ; |Title = "Launcher[JiangHu]"
0040101E |.  68 20214100 push Launcher.00412120          ; |Text = "[Error::FindWindow()]"  程序所出现的错误对话框
00401023 |.  55       push ebp                         ; |hOwner => NULL
00401024 |.  FF15 380241>call dword ptr ds:[<&USER32.Messag>; \MessageBoxA

我想请教一下,一个程序的FTP究竟如何能比较完美的跳过?

原程序下载地址:
点此下载
希望大家能帮忙!

[课程]Android-CTF解题方法汇总！

收藏・0

免费・0

支持

最新回复 (2)
南蛮妈妈雪币： 233 活跃值： (130) 能力值： ( LV8，RANK：130 ) 在线值：发帖 6 回帖 472 粉丝 0 关注私信	南蛮妈妈 3 2 楼从更新程序看主游戏程序的起动参数直接起主游戏程序 2005-11-22 11:32 0
fnp902003 雪币： 206 活跃值： (15) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 146 粉丝 0 关注私信	fnp902003 3 楼有是有一个参数,不过也启动不了,必须通过这个程序引导. 那个参数也不知道是什么意思, 参数如下: cypunk 感谢你的回答,我再去试试! 2005-11-22 13:50 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

fnp902003

发帖

146

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
南蛮妈妈雪币： 233 活跃值： (130) 能力值： ( LV8，RANK：130 ) 在线值：发帖 6 回帖 472 粉丝 0 关注私信	南蛮妈妈 3 2 楼从更新程序看主游戏程序的起动参数直接起主游戏程序 2005-11-22 11:32 0
fnp902003 雪币： 206 活跃值： (15) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 146 粉丝 0 关注私信	fnp902003 3 楼有是有一个参数,不过也启动不了,必须通过这个程序引导. 那个参数也不知道是什么意思, 参数如下: cypunk 感谢你的回答,我再去试试! 2005-11-22 13:50 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复