一网游外挂的网络验证,想采用暴力破解,请看下面的代码,我的问题也都标在里面,我分析的对不对请大家赐教.
004307EE |> 85F6 TEST ESI,ESI <---- 这里比较密码
004307F0 |. C645 90 00 MOV BYTE PTR SS:[EBP-70],0
004307F4 |. 74 05 JE SHORT Unpacked.004307FB <---- 在这里爆破将74改成75,可是这里变成了JNZ,想把JNZ改成JZ试试但改不了
004307F6 |. 8B5E 4C MOV EBX,DWORD PTR DS:[ESI+4C]
004307F9 |. EB 22 JMP SHORT Unpacked.0043081D
004307FB |> 8D5D 90 LEA EBX,DWORD PTR SS:[EBP-70]
004307FE |. BE 04010000 MOV ESI,104
00430803 |. 56 PUSH ESI ; /BufSize => 104 (260.)
00430804 |. 8BC3 MOV EAX,EBX ; |
00430806 |. 50 PUSH EAX ; |PathBuffer
00430807 |. 6A 00 PUSH 0 ; |hModule = NULL
00430809 |. FF15 E8914300 CALL DWORD PTR DS:[<&KERNEL32.GetModuleF>; \GetModuleFileNameA
0043080F |. 3BC6 CMP EAX,ESI
00430811 |. 8B75 84 MOV ESI,DWORD PTR SS:[EBP-7C]
00430814 |. 75 07 JNZ SHORT Unpacked.0043081D <---- 这里再爆将75改成74,这里却变成了JE (这两处为什么会这样呢?)
00430816 |. C685 93000000 >MOV BYTE PTR SS:[EBP+93],0
0043081D |> FFB5 A4000000 PUSH DWORD PTR SS:[EBP+A4] ; /Style
00430823 |. 53 PUSH EBX ; |Title
00430824 |. FFB5 A0000000 PUSH DWORD PTR SS:[EBP+A0] ; |Text
0043082A |. FF75 80 PUSH DWORD PTR SS:[EBP-80] ; |hOwner
0043082D |. FF15 74954300 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA <---- 到这里就出错误提示,即使前面爆破成功的话,这里还会不会出现错误提示呢?
00430833 |. 85FF TEST EDI,EDI
00430835 |. 8BD8 MOV EBX,EAX
00430837 |. 74 05 JE SHORT Unpacked.0043083E
00430839 |. 8B45 88 MOV EAX,DWORD PTR SS:[EBP-78]
0043083C |. 8907 MOV DWORD PTR DS:[EDI],EAX
0043083E |> 837D 8C 00 CMP DWORD PTR SS:[EBP-74],0
00430842 |. 74 0B JE SHORT Unpacked.0043084F
00430844 |. 6A 01 PUSH 1 ; /Enable = TRUE
00430846 |. FF75 8C PUSH DWORD PTR SS:[EBP-74] ; |hWnd
00430849 |. FF15 60954300 CALL DWORD PTR DS:[<&USER32.EnableWindow>; \EnableWindow
0043084F |> 6A 01 PUSH 1
00430851 |. 8BCE MOV ECX,ESI
00430853 |. E8 1CFEFFFF CALL Unpacked.00430674 <---- 如果能来到这里是不是基本上就完成了呢?
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
