网上下载一个幸运抽奖软件,检测没有壳,需要注册,没有注册的话,4分钟就自己杀掉程序,
00417D6C /0F84 5C000000 je 照片抽奖.00417DCE
00417D72 |6A 00 push 0
00417D74 |6A 00 push 0
00417D76 |6A 00 push 0
00417D78 |68 01030080 push 80000301
00417D7D |6A 00 push 0
00417D7F |68 00000000 push 0
00417D84 |68 04000080 push 80000004
00417D89 |6A 00 push 0
00417D8B |68 DBC35200 push 照片抽奖.0052C3DB ; 注册成功
00417D90 |68 03000000 push 3
00417D95 |BB 901F4200 mov ebx,照片抽奖.00421F90
00417D9A |E8 AD710000 call 照片抽奖.0041EF4C
00417D9F |83C4 28 add esp,28
00417DA2 |6A 00 push 0
00417DA4 |6A 00 push 0
00417DA6 |6A 00 push 0
00417DA8 |68 01000100 push 10001
00417DAD |68 C4010106 push 60101C4
00417DB2 |68 C5010152 push 520101C5
00417DB7 |68 02000000 push 2
00417DBC |BB 40224200 mov ebx,照片抽奖.00422240
00417DC1 |E8 86710000 call 照片抽奖.0041EF4C
00417DC6 |83C4 1C add esp,1C
00417DC9 |E9 30000000 jmp 照片抽奖.00417DFE
00417DCE \6A 00 push 0
00417DD0 6A 00 push 0
00417DD2 6A 00 push 0
00417DD4 68 01030080 push 80000301
00417DD9 6A 00 push 0
00417DDB 68 00000000 push 0
00417DE0 68 04000080 push 80000004
00417DE5 6A 00 push 0
00417DE7 68 E4C35200 push 照片抽奖.0052C3E4 ; 注册码不正确,请联系作者
找到的
00417D5B /0F85 04000000 jnz 照片抽奖.00417D65
00417D61 |33C0 xor eax,eax
00417D63 |EB 05 jmp short 照片抽奖.00417D6A
00417D65 \B8 01000000 mov eax,1
00417D6A 85C0 test eax,eax
00417D6C 0F84 5C000000 je 照片抽奖.00417DCE
00417D72 6A 00 push 0
00417D74 6A 00 push 0
00417D76 6A 00 push 0
00417D78 68 01030080 push 80000301
00417D7D 6A 00 push 0
00417D7F 68 00000000 push 0
00417D84 68 04000080 push 80000004
00417D89 6A 00 push 0
00417D8B 68 DBC35200 push 照片抽奖.0052C3DB ; 注册成功
把Jnz改为Je 显示软件注册成功,但是还是运行4分钟自己杀掉软件,是不是jmp 和 je里面还有程序,求助
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
