http://pan.baidu.com/wap/link?uk=2852213429&shareid=326020&third=0
用上面的东西 打的补丁,其他补丁工具运行皆报错。
唯一可行,但却出现上面的情况,何解???
006F6D02 807E 28 00 cmp byte ptr ds:[esi+0x28],0x0 ; 改这里 01 或下一行JMP
006F6D06 74 3C je Xnotebook.006F6D44
006F6D08 83BE 18010000 0>cmp dword ptr ds:[esi+0x118],0x0
006F6D0F 75 33 jnz Xnotebook.006F6D44
006F6D11 8B0D D0F77200 mov ecx,dword ptr ds:[0x72F7D0] ; notebook.00735AB0
006F6D17 A1 84F97200 mov eax,dword ptr ds:[0x72F984]
006F6D1C 8B00 mov eax,dword ptr ds:[eax]
006F6D1E 8B15 1C616E00 mov edx,dword ptr ds:[0x6E611C] ; notebook.006E6168
006F6D24 E8 5707DEFF call notebook.004D7480
006F6D29 A1 D0F77200 mov eax,dword ptr ds:[0x72F7D0]
006F6D2E 8B00 mov eax,dword ptr ds:[eax]
006F6D30 8B10 mov edx,dword ptr ds:[eax]
006F6D32 FF92 EC000000 call dword ptr ds:[edx+0xEC] ; 又发现一个出来的地方,目标考前
006F6D38 A1 D0F77200 mov eax,dword ptr ds:[0x72F7D0]
006F6D3D 8B00 mov eax,dword ptr ds:[eax]
006F6D3F E8 58D0DDFF call notebook.004D3D9C
006F6D44 80BE 43010000 0>cmp byte ptr ds:[esi+0x143],0x0
006FF29E 807E 28 00 cmp byte ptr ds:[esi+0x28],0x0 同样是这里 01 或下一行JMP
006FF2A2 74 3C je Xnotebook.006FF2E0
006FF2A4 83BE 18010000 0>cmp dword ptr ds:[esi+0x118],0x0
006FF2AB 75 33 jnz Xnotebook.006FF2E0
006FF2AD 8B0D D0F77200 mov ecx,dword ptr ds:[0x72F7D0] ; notebook.00735AB0
006FF2B3 A1 84F97200 mov eax,dword ptr ds:[0x72F984]
006FF2B8 8B00 mov eax,dword ptr ds:[eax]
006FF2BA 8B15 1C616E00 mov edx,dword ptr ds:[0x6E611C] ; notebook.006E6168
006FF2C0 E8 BB81DDFF call notebook.004D7480
006FF2C5 A1 D0F77200 mov eax,dword ptr ds:[0x72F7D0]
006FF2CA 8B00 mov eax,dword ptr ds:[eax]
006FF2CC 8B10 mov edx,dword ptr ds:[eax]
006FF2CE FF92 EC000000 call dword ptr ds:[edx+0xEC] ; 这里出来那个试用要你点击的玩意
[课程]Android-CTF解题方法汇总!