00401D94 - FF25 F8304000 jmp dword ptr [<&MFC42.#4441_CWnd::O>; MFC42.#4441_CWnd::OnCommand   这个函数会拦截编辑框控件接收的消息，第一次断住后修改为RETN，然后再改回来，否则无法继续下去哦[知道这个原理，就可以动态调试了]

004017F0 /. 55 push ebp 004017F1 |. 8BEC mov ebp, esp 004017F3 |. 83EC 48 sub esp, 48 004017F6 |. 53 push ebx 004017F7 |. 56 push esi 004017F8 |. 57 push edi 004017F9 |. 894D FC mov dword ptr [ebp-4], ecx 004017FC |. 8B45 FC mov eax, dword ptr [ebp-4] 004017FF |. 83C0 64 add eax, 64 00401802 |. 50 push eax 00401803 |. 68 EA030000 push 3EA 00401808 |. 8B4D FC mov ecx, dword ptr [ebp-4] 0040180B |. E8 14060000 call 00401810 |. 8BC8 mov ecx, eax 00401812 |. E8 07060000 call 00401817 |. 8B4D FC mov ecx, dword ptr [ebp-4] 0040181A |. 83C1 64 add ecx, 64 0040181D |. E8 AE000000 call 004018D0 00401822 |. 50 push eax 00401823 |. 8B4D FC mov ecx, dword ptr [ebp-4] 00401826 |. 83C1 64 add ecx, 64 00401829 |. E8 EA050000 call 0040182E |. 8945 F8 mov dword ptr [ebp-8], eax 00401831 |. 8B4D F8 mov ecx, dword ptr [ebp-8] 00401834 |. 51 push ecx ; /s 00401835 |. E8 5C060000 call ; \取试炼码长度 0040183A |. 83C4 04 add esp, 4 0040183D |. 85C0 test eax, eax 0040183F |. 75 13 jnz short 00401854 ; 检测试炼码是否为空 00401841 |. 6A 00 push 0 00401843 |. 6A 00 push 0 00401845 |. 68 98354000 push 00403598 ; 请输入pass! 0040184A |. 8B4D FC mov ecx, dword ptr [ebp-4] 0040184D |. E8 C0050000 call 00401852 |. EB 21 jmp short 00401875 00401854 |> 68 80354000 push 00403580 ; /WelcomeToKanXueCtf2017 00401859 |. 8B55 F8 mov edx, dword ptr [ebp-8] ; |试炼码出现 0040185C |. 52 push edx ; |s1 0040185D |. E8 2E060000 call ; \比较试炼码和真码是否相同 00401862 |. 83C4 08 add esp, 8 00401865 |. 85C0 test eax, eax 00401867 |. 75 07 jnz short 00401870 00401869 |. E8 02FFFFFF call 00401770 ; 恭喜 0040186E |. EB 05 jmp short 00401875 00401870 |> E8 3BFFFFFF call 004017B0 ; 错误提示 00401875 |> 5F pop edi 00401876 |. 5E pop esi 00401877 |. 5B pop ebx 00401878 |. 8BE5 mov esp, ebp 0040187A |. 5D pop ebp 0040187B \. C3 retn

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课