最近在看一个FLEXLM加密的软件,发现几个问题。
1 在下列代码的最后一句下断点,试图找到几个seed,但是发现一个不同,
. dx:100F3C80
.textidx:100F3C80 55 push ebp
.textidx:100F3C81 8B EC mov ebp, esp
.textidx:100F3C83 83 EC 24 sub esp, 24h
.textidx:100F3C86 C6 45 F0 00 mov [ebp+var_10], 0
.textidx:100F3C8A 33 C0 xor eax, eax
.textidx:100F3C8C 66 89 45 F1 mov [ebp+var_F], ax
.textidx:100F3C90 88 45 F3 mov [ebp+var_D], al
.textidx:100F3C93 C7 45 FC B8 30 73 6F mov [ebp+var_4], 6F7330B8h
.textidx:100F3C9A C7 45 F4 00 00 00 00 mov [ebp+var_C], 0
.textidx:100F3CA1 C7 45 DC 00 00 00 00 mov [ebp+var_24], 0
.textidx:100F3CA8 C7 45 F8 03 00 00 00 mov [ebp+var_8], 3
.textidx:100F3CAF 68 00 10 00 00 push 1000h
.textidx:100F3CB4 8B 4D 08 mov ecx, [ebp+arg_0]
.textidx:100F3CB7 51 push ecx
.textidx:100F3CB8 E8 33 15 01 00 call sub_101051F0
.textidx:100F3CBD 83 C4 08 add esp, 8
.textidx:100F3CC0 85 C0 test eax, eax
.textidx:100F3CC2 74 54 jz short loc_100F3D18
.textidx:100F3CC4 8B 55 08 mov edx, [ebp+arg_0]
.textidx:100F3CC7 8B 82 A8 01 00 00 mov eax, [edx+1A8h]
.textidx:100F3CCD 8B 88 18 1D 00 00 mov ecx, [eax+1D18h]
.textidx:100F3CD3 83 B9 24 05 00 00 00 cmp dword ptr [ecx+524h], 0
.textidx:100F3CDA 74 3C jz short loc_100F3D18
.textidx:100F3CDC 8B 55 10 mov edx, [ebp+arg_8]
.textidx:100F3CDF 52 push edx
.textidx:100F3CE0 8B 45 0C mov eax, [ebp+arg_4]
.textidx:100F3CE3 50 push eax
.textidx:100F3CE4 8B 4D 08 mov ecx, [ebp+arg_0]
.textidx:100F3CE7 8B 91 A8 01 00 00 mov edx, [ecx+1A8h]
.textidx:100F3CED 8B 82 18 1D 00 00 mov eax, [edx+1D18h]
.textidx:100F3CF3 05 28 05 00 00 add eax, 528h
.textidx:100F3CF8 50 push eax
.textidx:100F3CF9 8B 4D 08 mov ecx, [ebp+arg_0]
.textidx:100F3CFC 8B 91 A8 01 00 00 mov edx, [ecx+1A8h]
.textidx:100F3D02 8B 82 18 1D 00 00 mov eax, [edx+1D18h]
.textidx:100F3D08 8B 88 24 05 00 00 mov ecx, [eax+524h]
.textidx:100F3D0E FF D1 call ecx
论坛上所有的第一行都是00000066,
但是我查到的是00000000
有什么问题么?
输入d [esp] 【长型——ASCII 转存】
******2*****
00398260 00000066 f...
00398264 00F400E6 ??
00398268 B9DEDAA8 ㄚ薰 job+08
0039826C EB6E4C33 3Ln job+0c
00398270 BEF9AA16 job+10
2. 如果手头没有SDK,如何找到FEATURE name?