-
-
[旧帖] 一个小程序 0.00雪花
-
发表于: 2015-12-11 09:21
-
程序加密方法:
得到机器码,然后用相应的lic计算。
这个是核对的模块
核对lic的用OB加载
貌似是会提取CPU的序号
call了1223088
以下就是1223088,貌似是计算机器码
01223088 /$ 8BFF mov edi, edi ; 此处是call的地方
0122308A |. 55 push ebp
0122308B |. 8BEC mov ebp, esp
0122308D |. 83EC 10 sub esp, 10
01223090 |. A1 04602201 mov eax, dword ptr [1226004]
01223095 |. 8365 F8 00 and dword ptr [ebp-8], 0
01223099 |. 8365 FC 00 and dword ptr [ebp-4], 0
0122309D |. 53 push ebx
0122309E |. 57 push edi
0122309F |. BF 4EE640BB mov edi, BB40E64E
012230A4 |. BB 0000FFFF mov ebx, FFFF0000
012230A9 |. 3BC7 cmp eax, edi
012230AB |. 74 0D je short 012230BA
012230AD |. 85C3 test ebx, eax
012230AF |. 74 09 je short 012230BA
012230B1 |. F7D0 not eax
012230B3 |. A3 08602201 mov dword ptr [1226008], eax
012230B8 |. EB 60 jmp short 0122311A
012230BA |> 56 push esi
012230BB |. 8D45 F8 lea eax, dword ptr [ebp-8]
012230BE |. 50 push eax ; /pFileTime
012230BF |. FF15 0C402201 call dword ptr [<&KERNEL32.GetSystemT>; \GetSystemTimeAsFileTime
012230C5 |. 8B75 FC mov esi, dword ptr [ebp-4]
012230C8 |. 3375 F8 xor esi, dword ptr [ebp-8]
012230CB |. FF15 08402201 call dword ptr [<&KERNEL32.GetCurrent>; [GetCurrentProcessId
012230D1 |. 33F0 xor esi, eax
012230D3 |. FF15 1C402201 call dword ptr [<&KERNEL32.GetCurrent>; [GetCurrentThreadId
012230D9 |. 33F0 xor esi, eax
012230DB |. FF15 20402201 call dword ptr [<&KERNEL32.GetTickCou>; [GetTickCount
012230E1 |. 33F0 xor esi, eax
012230E3 |. 8D45 F0 lea eax, dword ptr [ebp-10]
012230E6 |. 50 push eax ; /pPerformanceCount
012230E7 |. FF15 24402201 call dword ptr [<&KERNEL32.QueryPerfo>; \QueryPerformanceCounter
012230ED |. 8B45 F4 mov eax, dword ptr [ebp-C]
012230F0 |. 3345 F0 xor eax, dword ptr [ebp-10]
012230F3 |. 33F0 xor esi, eax
012230F5 |. 3BF7 cmp esi, edi
012230F7 |. 75 07 jnz short 01223100
012230F9 |. BE 4FE640BB mov esi, BB40E64F
012230FE |. EB 0B jmp short 0122310B
01223100 |> 85F3 test ebx, esi
01223102 |. 75 07 jnz short 0122310B
01223104 |. 8BC6 mov eax, esi
01223106 |. C1E0 10 shl eax, 10
01223109 |. 0BF0 or esi, eax
0122310B |> 8935 04602201 mov dword ptr [1226004], esi
01223111 |. F7D6 not esi
01223113 |. 8935 08602201 mov dword ptr [1226008], esi
01223119 |. 5E pop esi
0122311A |> 5F pop edi
0122311B |. 5B pop ebx
0122311C |. C9 leave
0122311D \. C3 retn
再看jump的那段
01222A5F > /6A 10 push 10
01222A61 . |68 60442201 push 01224460
01222A66 . |E8 6D030000 call 01222DD8
01222A6B . |33DB xor ebx, ebx
01222A6D . |895D FC mov dword ptr [ebp-4], ebx
01222A70 . |64:A1 1800000>mov eax, dword ptr fs:[18]
01222A76 . |8B70 04 mov esi, dword ptr [eax+4]
01222A79 . |895D E4 mov dword ptr [ebp-1C], ebx
01222A7C . |BF AC632201 mov edi, 012263AC
01222A81 > |53 push ebx
01222A82 . |56 push esi
01222A83 . |57 push edi
01222A84 . |FF15 18402201 call dword ptr [<&KERNEL32.Interlocke>; kernel32.InterlockedCompareExchange
01222A8A . |3BC3 cmp eax, ebx
01222A8C . |74 19 je short 01222AA7
01222A8E . |3BC6 cmp eax, esi
01222A90 . |75 08 jnz short 01222A9A
01222A92 . |33F6 xor esi, esi
01222A94 . |46 inc esi
01222A95 . |8975 E4 mov dword ptr [ebp-1C], esi
01222A98 . |EB 10 jmp short 01222AAA
01222A9A > |68 E8030000 push 3E8 ; /Timeout = 1000. ms
01222A9F . |FF15 14402201 call dword ptr [<&KERNEL32.Sleep>] ; \Sleep
01222AA5 .^|EB DA jmp short 01222A81
01222AA7 > |33F6 xor esi, esi
01222AA9 . |46 inc esi
01222AAA > |A1 A8632201 mov eax, dword ptr [12263A8]
01222AAF . |3BC6 cmp eax, esi
01222AB1 . |75 0A jnz short 01222ABD
01222AB3 . |6A 1F push 1F
01222AB5 . |E8 EC030000 call <jmp.&MSVCR90._amsg_exit>
01222ABA . |59 pop ecx
01222ABB . |EB 3B jmp short 01222AF8
01222ABD > |A1 A8632201 mov eax, dword ptr [12263A8]
01222AC2 . |85C0 test eax, eax
01222AC4 . |75 2C jnz short 01222AF2
01222AC6 . |8935 A8632201 mov dword ptr [12263A8], esi
01222ACC . |68 C8412201 push 012241C8
01222AD1 . |68 BC412201 push 012241BC
01222AD6 . |E8 79050000 call <jmp.&MSVCR90._initterm_e>
01222ADB . |59 pop ecx
01222ADC . |59 pop ecx
01222ADD . |85C0 test eax, eax
01222ADF . |74 17 je short 01222AF8
01222AE1 . |C745 FC FEFFF>mov dword ptr [ebp-4], -2
01222AE8 . |B8 FF000000 mov eax, 0FF
01222AED . |E9 DD000000 jmp 01222BCF
01222AF2 > |8935 4C602201 mov dword ptr [122604C], esi
01222AF8 > |A1 A8632201 mov eax, dword ptr [12263A8]
01222AFD . |3BC6 cmp eax, esi
01222AFF . |75 1B jnz short 01222B1C
01222B01 . |68 B8412201 push 012241B8
01222B06 . |68 94412201 push 01224194
01222B0B . |E8 3E050000 call <jmp.&MSVCR90._initterm>
01222B10 . |59 pop ecx
01222B11 . |59 pop ecx
01222B12 . |C705 A8632201>mov dword ptr [12263A8], 2
01222B1C > |395D E4 cmp dword ptr [ebp-1C], ebx
01222B1F . |75 08 jnz short 01222B29
01222B21 . |53 push ebx ; /NewValue
01222B22 . |57 push edi ; |pTarget
01222B23 . |FF15 10402201 call dword ptr [<&KERNEL32.Interlocke>; \InterlockedExchange
01222B29 > |391D B0632201 cmp dword ptr [12263B0], ebx
01222B2F . |74 19 je short 01222B4A
01222B31 . |68 B0632201 push 012263B0
01222B36 . |E8 55040000 call 01222F90
01222B3B . |59 pop ecx
01222B3C . |85C0 test eax, eax
01222B3E . |74 0A je short 01222B4A
01222B40 . |53 push ebx
01222B41 . |6A 02 push 2
01222B43 . |53 push ebx
01222B44 . |FF15 B0632201 call dword ptr [12263B0]
01222B4A > |A1 34602201 mov eax, dword ptr [1226034]
01222B4F . |8B0D 40402201 mov ecx, dword ptr [<&MSVCR90.__init>; MSVCR90.__initenv
01222B55 . |8901 mov dword ptr [ecx], eax
01222B57 . |FF35 34602201 push dword ptr [1226034]
01222B5D . |FF35 38602201 push dword ptr [1226038]
01222B63 . |FF35 30602201 push dword ptr [1226030]
01222B69 . |E8 92E4FFFF call 01221000
01222B6E . |83C4 0C add esp, 0C
01222B71 . |A3 48602201 mov dword ptr [1226048], eax
01222B76 . |391D 3C602201 cmp dword ptr [122603C], ebx
01222B7C . |75 37 jnz short 01222BB5
01222B7E . |50 push eax ; /status
01222B7F . |FF15 44402201 call dword ptr [<&MSVCR90.exit>] ; \exit
01222B85 . |8B45 EC mov eax, dword ptr [ebp-14]
01222B88 . |8B08 mov ecx, dword ptr [eax]
01222B8A . |8B09 mov ecx, dword ptr [ecx]
01222B8C . |894D E0 mov dword ptr [ebp-20], ecx
01222B8F . |50 push eax
01222B90 . |51 push ecx
01222B91 . |E8 62030000 call <jmp.&MSVCR90._XcptFilter>
01222B96 . |59 pop ecx
01222B97 . |59 pop ecx
01222B98 . |C3 retn
01222B99 . |8B65 E8 mov esp, dword ptr [ebp-18]
01222B9C . |8B45 E0 mov eax, dword ptr [ebp-20]
01222B9F . |A3 48602201 mov dword ptr [1226048], eax
01222BA4 . |33DB xor ebx, ebx
01222BA6 . |391D 3C602201 cmp dword ptr [122603C], ebx
01222BAC . |75 07 jnz short 01222BB5
01222BAE . |50 push eax ; /status
01222BAF . |FF15 4C402201 call dword ptr [<&MSVCR90._exit>] ; \_exit
01222BB5 > |391D 4C602201 cmp dword ptr [122604C], ebx
01222BBB . |75 06 jnz short 01222BC3
01222BBD . |FF15 50402201 call dword ptr [<&MSVCR90._cexit>] ; MSVCR90._cexit
01222BC3 > |C745 FC FEFFF>mov dword ptr [ebp-4], -2
01222BCA . |A1 48602201 mov eax, dword ptr [1226048]
01222BCF > |E8 49020000 call 01222E1D
01222BD4 . |C3 retn
01222BD5 . |B8 4D5A0000 mov eax, 5A4D
01222BDA . |66:3905 00002>cmp word ptr [1220000], ax
01222BE1 . |74 04 je short 01222BE7
01222BE3 > |33C0 xor eax, eax
01222BE5 . |EB 4D jmp short 01222C34
01222BE7 > |A1 3C002201 mov eax, dword ptr [122003C]
01222BEC . |8D80 00002201 lea eax, dword ptr [eax+1220000]
01222BF2 . |8138 50450000 cmp dword ptr [eax], 4550
01222BF8 .^|75 E9 jnz short 01222BE3
01222BFA . |0FB748 18 movzx ecx, word ptr [eax+18]
01222BFE . |81F9 0B010000 cmp ecx, 10B
01222C04 . |74 1B je short 01222C21
01222C06 . |81F9 0B020000 cmp ecx, 20B
01222C0C .^|75 D5 jnz short 01222BE3
01222C0E . |83B8 84000000>cmp dword ptr [eax+84], 0E
01222C15 .^|76 CC jbe short 01222BE3
01222C17 . |33C9 xor ecx, ecx
01222C19 . |3988 F8000000 cmp dword ptr [eax+F8], ecx
01222C1F . |EB 0E jmp short 01222C2F
01222C21 > |8378 74 0E cmp dword ptr [eax+74], 0E
01222C25 .^|76 BC jbe short 01222BE3
01222C27 . |33C9 xor ecx, ecx
01222C29 . |3988 E8000000 cmp dword ptr [eax+E8], ecx
01222C2F > |0F95C1 setne cl
01222C32 . |8BC1 mov eax, ecx
01222C34 > |6A 01 push 1
01222C36 . |A3 3C602201 mov dword ptr [122603C], eax
01222C3B . |FF15 90402201 call dword ptr [<&MSVCR90.__set_app_t>; MSVCR90.__set_app_type
01222C41 . |6A FF push -1
01222C43 . |FF15 68402201 call dword ptr [<&MSVCR90._encode_poi>; MSVCR90._encode_pointer
01222C49 . |59 pop ecx
01222C4A . |59 pop ecx
01222C4B . |A3 B4632201 mov dword ptr [12263B4], eax
01222C50 . |A3 B8632201 mov dword ptr [12263B8], eax
01222C55 . |FF15 8C402201 call dword ptr [<&MSVCR90.__p__fmode>>; MSVCR90.__p__fmode
01222C5B . |8B0D 84632201 mov ecx, dword ptr [1226384]
01222C61 . |8908 mov dword ptr [eax], ecx
01222C63 . |FF15 88402201 call dword ptr [<&MSVCR90.__p__commod>; MSVCR90.__p__commode
01222C69 . |8B0D 80632201 mov ecx, dword ptr [1226380]
01222C6F . |8908 mov dword ptr [eax], ecx
01222C71 . |A1 84402201 mov eax, dword ptr [<&MSVCR90._adjus>
01222C76 . |8B00 mov eax, dword ptr [eax]
01222C78 . |A3 A4632201 mov dword ptr [12263A4], eax
01222C7D . |E8 2A020000 call 01222EAC
01222C82 . |E8 FE030000 call 01223085
01222C87 . |833D 18602201>cmp dword ptr [1226018], 0
01222C8E . |75 0C jnz short 01222C9C
01222C90 . |68 85302201 push 01223085 ; Entry address
01222C95 . |FF15 80402201 call dword ptr [<&MSVCR90.__setuserma>; MSVCR90.__setusermatherr
01222C9B . |59 pop ecx
01222C9C > |E8 B9030000 call 0122305A
01222CA1 . |833D 14602201>cmp dword ptr [1226014], -1
01222CA8 . |75 09 jnz short 01222CB3
01222CAA . |6A FF push -1
01222CAC . |FF15 7C402201 call dword ptr [<&MSVCR90._configthre>; MSVCR90._configthreadlocale
01222CB2 . |59 pop ecx
01222CB3 > |33C0 xor eax, eax
01222CB5 . |C3 retn
01222CB6 > $ |E8 CD030000 call 01223088 ; (initial cpu selection)
01222CBB .^\E9 9FFDFFFF jmp 01222A5F
小白不太懂,如果不算码的话是不是直接把01222CB5 . |C3 retn这个return的返回值成成功就可以了?
坛里有没类似的craft me程序对应的教程推荐下,谢谢。
CheckLicense.zip
得到机器码,然后用相应的lic计算。
这个是核对的模块
核对lic的用OB加载
貌似是会提取CPU的序号
call了1223088
以下就是1223088,貌似是计算机器码
01223088 /$ 8BFF mov edi, edi ; 此处是call的地方
0122308A |. 55 push ebp
0122308B |. 8BEC mov ebp, esp
0122308D |. 83EC 10 sub esp, 10
01223090 |. A1 04602201 mov eax, dword ptr [1226004]
01223095 |. 8365 F8 00 and dword ptr [ebp-8], 0
01223099 |. 8365 FC 00 and dword ptr [ebp-4], 0
0122309D |. 53 push ebx
0122309E |. 57 push edi
0122309F |. BF 4EE640BB mov edi, BB40E64E
012230A4 |. BB 0000FFFF mov ebx, FFFF0000
012230A9 |. 3BC7 cmp eax, edi
012230AB |. 74 0D je short 012230BA
012230AD |. 85C3 test ebx, eax
012230AF |. 74 09 je short 012230BA
012230B1 |. F7D0 not eax
012230B3 |. A3 08602201 mov dword ptr [1226008], eax
012230B8 |. EB 60 jmp short 0122311A
012230BA |> 56 push esi
012230BB |. 8D45 F8 lea eax, dword ptr [ebp-8]
012230BE |. 50 push eax ; /pFileTime
012230BF |. FF15 0C402201 call dword ptr [<&KERNEL32.GetSystemT>; \GetSystemTimeAsFileTime
012230C5 |. 8B75 FC mov esi, dword ptr [ebp-4]
012230C8 |. 3375 F8 xor esi, dword ptr [ebp-8]
012230CB |. FF15 08402201 call dword ptr [<&KERNEL32.GetCurrent>; [GetCurrentProcessId
012230D1 |. 33F0 xor esi, eax
012230D3 |. FF15 1C402201 call dword ptr [<&KERNEL32.GetCurrent>; [GetCurrentThreadId
012230D9 |. 33F0 xor esi, eax
012230DB |. FF15 20402201 call dword ptr [<&KERNEL32.GetTickCou>; [GetTickCount
012230E1 |. 33F0 xor esi, eax
012230E3 |. 8D45 F0 lea eax, dword ptr [ebp-10]
012230E6 |. 50 push eax ; /pPerformanceCount
012230E7 |. FF15 24402201 call dword ptr [<&KERNEL32.QueryPerfo>; \QueryPerformanceCounter
012230ED |. 8B45 F4 mov eax, dword ptr [ebp-C]
012230F0 |. 3345 F0 xor eax, dword ptr [ebp-10]
012230F3 |. 33F0 xor esi, eax
012230F5 |. 3BF7 cmp esi, edi
012230F7 |. 75 07 jnz short 01223100
012230F9 |. BE 4FE640BB mov esi, BB40E64F
012230FE |. EB 0B jmp short 0122310B
01223100 |> 85F3 test ebx, esi
01223102 |. 75 07 jnz short 0122310B
01223104 |. 8BC6 mov eax, esi
01223106 |. C1E0 10 shl eax, 10
01223109 |. 0BF0 or esi, eax
0122310B |> 8935 04602201 mov dword ptr [1226004], esi
01223111 |. F7D6 not esi
01223113 |. 8935 08602201 mov dword ptr [1226008], esi
01223119 |. 5E pop esi
0122311A |> 5F pop edi
0122311B |. 5B pop ebx
0122311C |. C9 leave
0122311D \. C3 retn
再看jump的那段
01222A5F > /6A 10 push 10
01222A61 . |68 60442201 push 01224460
01222A66 . |E8 6D030000 call 01222DD8
01222A6B . |33DB xor ebx, ebx
01222A6D . |895D FC mov dword ptr [ebp-4], ebx
01222A70 . |64:A1 1800000>mov eax, dword ptr fs:[18]
01222A76 . |8B70 04 mov esi, dword ptr [eax+4]
01222A79 . |895D E4 mov dword ptr [ebp-1C], ebx
01222A7C . |BF AC632201 mov edi, 012263AC
01222A81 > |53 push ebx
01222A82 . |56 push esi
01222A83 . |57 push edi
01222A84 . |FF15 18402201 call dword ptr [<&KERNEL32.Interlocke>; kernel32.InterlockedCompareExchange
01222A8A . |3BC3 cmp eax, ebx
01222A8C . |74 19 je short 01222AA7
01222A8E . |3BC6 cmp eax, esi
01222A90 . |75 08 jnz short 01222A9A
01222A92 . |33F6 xor esi, esi
01222A94 . |46 inc esi
01222A95 . |8975 E4 mov dword ptr [ebp-1C], esi
01222A98 . |EB 10 jmp short 01222AAA
01222A9A > |68 E8030000 push 3E8 ; /Timeout = 1000. ms
01222A9F . |FF15 14402201 call dword ptr [<&KERNEL32.Sleep>] ; \Sleep
01222AA5 .^|EB DA jmp short 01222A81
01222AA7 > |33F6 xor esi, esi
01222AA9 . |46 inc esi
01222AAA > |A1 A8632201 mov eax, dword ptr [12263A8]
01222AAF . |3BC6 cmp eax, esi
01222AB1 . |75 0A jnz short 01222ABD
01222AB3 . |6A 1F push 1F
01222AB5 . |E8 EC030000 call <jmp.&MSVCR90._amsg_exit>
01222ABA . |59 pop ecx
01222ABB . |EB 3B jmp short 01222AF8
01222ABD > |A1 A8632201 mov eax, dword ptr [12263A8]
01222AC2 . |85C0 test eax, eax
01222AC4 . |75 2C jnz short 01222AF2
01222AC6 . |8935 A8632201 mov dword ptr [12263A8], esi
01222ACC . |68 C8412201 push 012241C8
01222AD1 . |68 BC412201 push 012241BC
01222AD6 . |E8 79050000 call <jmp.&MSVCR90._initterm_e>
01222ADB . |59 pop ecx
01222ADC . |59 pop ecx
01222ADD . |85C0 test eax, eax
01222ADF . |74 17 je short 01222AF8
01222AE1 . |C745 FC FEFFF>mov dword ptr [ebp-4], -2
01222AE8 . |B8 FF000000 mov eax, 0FF
01222AED . |E9 DD000000 jmp 01222BCF
01222AF2 > |8935 4C602201 mov dword ptr [122604C], esi
01222AF8 > |A1 A8632201 mov eax, dword ptr [12263A8]
01222AFD . |3BC6 cmp eax, esi
01222AFF . |75 1B jnz short 01222B1C
01222B01 . |68 B8412201 push 012241B8
01222B06 . |68 94412201 push 01224194
01222B0B . |E8 3E050000 call <jmp.&MSVCR90._initterm>
01222B10 . |59 pop ecx
01222B11 . |59 pop ecx
01222B12 . |C705 A8632201>mov dword ptr [12263A8], 2
01222B1C > |395D E4 cmp dword ptr [ebp-1C], ebx
01222B1F . |75 08 jnz short 01222B29
01222B21 . |53 push ebx ; /NewValue
01222B22 . |57 push edi ; |pTarget
01222B23 . |FF15 10402201 call dword ptr [<&KERNEL32.Interlocke>; \InterlockedExchange
01222B29 > |391D B0632201 cmp dword ptr [12263B0], ebx
01222B2F . |74 19 je short 01222B4A
01222B31 . |68 B0632201 push 012263B0
01222B36 . |E8 55040000 call 01222F90
01222B3B . |59 pop ecx
01222B3C . |85C0 test eax, eax
01222B3E . |74 0A je short 01222B4A
01222B40 . |53 push ebx
01222B41 . |6A 02 push 2
01222B43 . |53 push ebx
01222B44 . |FF15 B0632201 call dword ptr [12263B0]
01222B4A > |A1 34602201 mov eax, dword ptr [1226034]
01222B4F . |8B0D 40402201 mov ecx, dword ptr [<&MSVCR90.__init>; MSVCR90.__initenv
01222B55 . |8901 mov dword ptr [ecx], eax
01222B57 . |FF35 34602201 push dword ptr [1226034]
01222B5D . |FF35 38602201 push dword ptr [1226038]
01222B63 . |FF35 30602201 push dword ptr [1226030]
01222B69 . |E8 92E4FFFF call 01221000
01222B6E . |83C4 0C add esp, 0C
01222B71 . |A3 48602201 mov dword ptr [1226048], eax
01222B76 . |391D 3C602201 cmp dword ptr [122603C], ebx
01222B7C . |75 37 jnz short 01222BB5
01222B7E . |50 push eax ; /status
01222B7F . |FF15 44402201 call dword ptr [<&MSVCR90.exit>] ; \exit
01222B85 . |8B45 EC mov eax, dword ptr [ebp-14]
01222B88 . |8B08 mov ecx, dword ptr [eax]
01222B8A . |8B09 mov ecx, dword ptr [ecx]
01222B8C . |894D E0 mov dword ptr [ebp-20], ecx
01222B8F . |50 push eax
01222B90 . |51 push ecx
01222B91 . |E8 62030000 call <jmp.&MSVCR90._XcptFilter>
01222B96 . |59 pop ecx
01222B97 . |59 pop ecx
01222B98 . |C3 retn
01222B99 . |8B65 E8 mov esp, dword ptr [ebp-18]
01222B9C . |8B45 E0 mov eax, dword ptr [ebp-20]
01222B9F . |A3 48602201 mov dword ptr [1226048], eax
01222BA4 . |33DB xor ebx, ebx
01222BA6 . |391D 3C602201 cmp dword ptr [122603C], ebx
01222BAC . |75 07 jnz short 01222BB5
01222BAE . |50 push eax ; /status
01222BAF . |FF15 4C402201 call dword ptr [<&MSVCR90._exit>] ; \_exit
01222BB5 > |391D 4C602201 cmp dword ptr [122604C], ebx
01222BBB . |75 06 jnz short 01222BC3
01222BBD . |FF15 50402201 call dword ptr [<&MSVCR90._cexit>] ; MSVCR90._cexit
01222BC3 > |C745 FC FEFFF>mov dword ptr [ebp-4], -2
01222BCA . |A1 48602201 mov eax, dword ptr [1226048]
01222BCF > |E8 49020000 call 01222E1D
01222BD4 . |C3 retn
01222BD5 . |B8 4D5A0000 mov eax, 5A4D
01222BDA . |66:3905 00002>cmp word ptr [1220000], ax
01222BE1 . |74 04 je short 01222BE7
01222BE3 > |33C0 xor eax, eax
01222BE5 . |EB 4D jmp short 01222C34
01222BE7 > |A1 3C002201 mov eax, dword ptr [122003C]
01222BEC . |8D80 00002201 lea eax, dword ptr [eax+1220000]
01222BF2 . |8138 50450000 cmp dword ptr [eax], 4550
01222BF8 .^|75 E9 jnz short 01222BE3
01222BFA . |0FB748 18 movzx ecx, word ptr [eax+18]
01222BFE . |81F9 0B010000 cmp ecx, 10B
01222C04 . |74 1B je short 01222C21
01222C06 . |81F9 0B020000 cmp ecx, 20B
01222C0C .^|75 D5 jnz short 01222BE3
01222C0E . |83B8 84000000>cmp dword ptr [eax+84], 0E
01222C15 .^|76 CC jbe short 01222BE3
01222C17 . |33C9 xor ecx, ecx
01222C19 . |3988 F8000000 cmp dword ptr [eax+F8], ecx
01222C1F . |EB 0E jmp short 01222C2F
01222C21 > |8378 74 0E cmp dword ptr [eax+74], 0E
01222C25 .^|76 BC jbe short 01222BE3
01222C27 . |33C9 xor ecx, ecx
01222C29 . |3988 E8000000 cmp dword ptr [eax+E8], ecx
01222C2F > |0F95C1 setne cl
01222C32 . |8BC1 mov eax, ecx
01222C34 > |6A 01 push 1
01222C36 . |A3 3C602201 mov dword ptr [122603C], eax
01222C3B . |FF15 90402201 call dword ptr [<&MSVCR90.__set_app_t>; MSVCR90.__set_app_type
01222C41 . |6A FF push -1
01222C43 . |FF15 68402201 call dword ptr [<&MSVCR90._encode_poi>; MSVCR90._encode_pointer
01222C49 . |59 pop ecx
01222C4A . |59 pop ecx
01222C4B . |A3 B4632201 mov dword ptr [12263B4], eax
01222C50 . |A3 B8632201 mov dword ptr [12263B8], eax
01222C55 . |FF15 8C402201 call dword ptr [<&MSVCR90.__p__fmode>>; MSVCR90.__p__fmode
01222C5B . |8B0D 84632201 mov ecx, dword ptr [1226384]
01222C61 . |8908 mov dword ptr [eax], ecx
01222C63 . |FF15 88402201 call dword ptr [<&MSVCR90.__p__commod>; MSVCR90.__p__commode
01222C69 . |8B0D 80632201 mov ecx, dword ptr [1226380]
01222C6F . |8908 mov dword ptr [eax], ecx
01222C71 . |A1 84402201 mov eax, dword ptr [<&MSVCR90._adjus>
01222C76 . |8B00 mov eax, dword ptr [eax]
01222C78 . |A3 A4632201 mov dword ptr [12263A4], eax
01222C7D . |E8 2A020000 call 01222EAC
01222C82 . |E8 FE030000 call 01223085
01222C87 . |833D 18602201>cmp dword ptr [1226018], 0
01222C8E . |75 0C jnz short 01222C9C
01222C90 . |68 85302201 push 01223085 ; Entry address
01222C95 . |FF15 80402201 call dword ptr [<&MSVCR90.__setuserma>; MSVCR90.__setusermatherr
01222C9B . |59 pop ecx
01222C9C > |E8 B9030000 call 0122305A
01222CA1 . |833D 14602201>cmp dword ptr [1226014], -1
01222CA8 . |75 09 jnz short 01222CB3
01222CAA . |6A FF push -1
01222CAC . |FF15 7C402201 call dword ptr [<&MSVCR90._configthre>; MSVCR90._configthreadlocale
01222CB2 . |59 pop ecx
01222CB3 > |33C0 xor eax, eax
01222CB5 . |C3 retn
01222CB6 > $ |E8 CD030000 call 01223088 ; (initial cpu selection)
01222CBB .^\E9 9FFDFFFF jmp 01222A5F
小白不太懂,如果不算码的话是不是直接把01222CB5 . |C3 retn这个return的返回值成成功就可以了?
坛里有没类似的craft me程序对应的教程推荐下,谢谢。
CheckLicense.zip
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
