首页
社区
课程
招聘
[原创]QT程序的破解之道仅供学习
发表于: 2021-2-26 10:33 10427

[原创]QT程序的破解之道仅供学习

2021-2-26 10:33
10427

接下来,我们用“相面法”来破解吧@-@


注册码是26位的,那就是mov eax, 26

在x32dbg中搜索下(Ctrl+Shift+F)

找到3个,全F2

然后我们F8单步走

由于是QT妖孽程序,所以,你在大部分时间里看不到几次我们键入的字符

012294C0 | 55    | push ebp                                               |
012294C1 | 8BEC  | mov ebp,esp                                            |
012294C3 | 6A FF | push FFFFFFFF                                          |
012294C5 | 68 80 | push guitarpro7.1770880                                |
012294CA | 64:A1 | mov eax,dword ptr fs:[0]                               | 00000000:"8鼻"
012294D0 | 50    | push eax                                               |
012294D1 | 51    | push ecx                                               |
012294D2 | 53    | push ebx                                               |
012294D3 | 56    | push esi                                               |
012294D4 | 57    | push edi                                               |
012294D5 | A1 34 | mov eax,dword ptr ds:[2998434]                         |
012294DA | 33C5  | xor eax,ebp                                            |
012294DC | 50    | push eax                                               |
012294DD | 8D45  | lea eax,dword ptr ss:[ebp-C]                           |
012294E0 | 64:A3 | mov dword ptr fs:[0],eax                               | 00000000:"8鼻"
012294E6 | 8B45  | mov eax,dword ptr ss:[ebp+8]                           |
012294E9 | 83E8  | sub eax,0                                              |
012294EC | 0F84  | je guitarpro7.122961B                                  |
012294F2 | 83E8  | sub eax,1                                              |
012294F5 | 0F85  | jne guitarpro7.122962D                                 |
012294FB | 8B5D  | mov ebx,dword ptr ss:[ebp+C]                           |
012294FE | 8B35  | mov esi,dword ptr ds:[<&?text@QLineEdit@@QBE?AVQString |
01229504 | 8B43  | mov eax,dword ptr ds:[ebx+8]                           |
01229507 | C740  | mov dword ptr ds:[eax+5C],7                            |
0122950E | 8B43  | mov eax,dword ptr ds:[ebx+8]                           |
01229511 | 8B78  | mov edi,dword ptr ds:[eax+10]                          |
01229514 | 8D45  | lea eax,dword ptr ss:[ebp-10]                          |
01229517 | 50    | push eax                                               |
01229518 | 8BCF  | mov ecx,edi                                            |
0122951A | FFD6  | call esi                                               |
0122951C | 8B43  | mov eax,dword ptr ds:[ebx+8]                           |
0122951F | 8D55  | lea edx,dword ptr ss:[ebp-10]                          |
01229522 | 52    | push edx                                               |
01229523 | C745  | mov dword ptr ss:[ebp-4],0                             |
0122952A | 8B48  | mov ecx,dword ptr ds:[eax+54]                          |
0122952D | 8B01  | mov eax,dword ptr ds:[ecx]                             |
0122952F | FF50  | call dword ptr ds:[eax+3C]                             |
01229532 | 8B53  | mov edx,dword ptr ds:[ebx+8]                           |
01229535 | 8BCF  | mov ecx,edi                                            |
01229537 | 8942  | mov dword ptr ds:[edx+5C],eax                          |
0122953A | 8D45  | lea eax,dword ptr ss:[ebp+8]                           |
0122953D | 50    | push eax                                               |
0122953E | FFD6  | call esi                                               |
01229540 | 8D4D  | lea ecx,dword ptr ss:[ebp+8]                           |
01229543 | 8B00  | mov eax,dword ptr ds:[eax]                             |
01229545 | 8B70  | mov esi,dword ptr ds:[eax+4]                           |
01229548 | FF15  | call dword ptr ds:[<&??1QString@@QAE@XZ>]              |
0122954E | 83FE  | cmp esi,1A                                             | 测试注册码是否是26位?
01229551 | 74 3A | je guitarpro7.122958D                                  |
01229553 | 8D4D  | lea ecx,dword ptr ss:[ebp+8]                           |
01229556 | FF15  | call dword ptr ds:[<&??0QBitArray@@QAE@XZ>]            |
0122955C | 8B4B  | mov ecx,dword ptr ds:[ebx+8]                           |
0122955F | 6A 00 | push 0                                                 |
01229561 | 50    | push eax                                               |
01229562 | C645  | mov byte ptr ss:[ebp-4],1                              |
01229566 | 8B49  | mov ecx,dword ptr ds:[ecx+64]                          |
01229569 | E8 F2 | call <guitarpro7.sub_1560A60>                          |
0122956E | 8D4D  | lea ecx,dword ptr ss:[ebp+8]                           |
01229571 | C645  | mov byte ptr ss:[ebp-4],0                              |
01229575 | FF15  | call dword ptr ds:[<&??1QString@@QAE@XZ>]              |
0122957B | 8B43  | mov eax,dword ptr ds:[ebx+8]                           |
0122957E | 6A 00 | push 0                                                 |
01229580 | FF70  | push dword ptr ds:[eax+10]                             |
01229583 | E8 A8 | call <guitarpro7.sub_158BB30>                          |
01229588 | 83C4  | add esp,8                                              |
0122958B | EB 54 | jmp guitarpro7.12295E1                                 | 同理,不能让跳
0122958D | 8B43  | mov eax,dword ptr ds:[ebx+8]                           |
01229590 | 8B48  | mov ecx,dword ptr ds:[eax+54]                          |
01229593 | FF70  | push dword ptr ds:[eax+5C]                             |
01229596 | 8D45  | lea eax,dword ptr ss:[ebp+8]                           |
01229599 | 50    | push eax                                               |
0122959A | 8B11  | mov edx,dword ptr ds:[ecx]                             |
0122959C | FF52  | call dword ptr ds:[edx+48]                             | 调用无效的授权提示字符!
0122959F | 8B4B  | mov ecx,dword ptr ds:[ebx+8]                           |
012295A2 | 8D45  | lea eax,dword ptr ss:[ebp+8]                           |
012295A5 | 33DB  | xor ebx,ebx                                            |
012295A7 | C645  | mov byte ptr ss:[ebp-4],2                              |
012295AB | 3959  | cmp dword ptr ds:[ecx+5C],ebx                          |
012295AE | 8B49  | mov ecx,dword ptr ds:[ecx+64]                          |
012295B1 | 0F95C | setne bl                                               |
012295B4 | 8D1C5 | lea ebx,dword ptr ds:[ebx*2+2]                         |
012295BB | 53    | push ebx                                               |
012295BC | 50    | push eax                                               |
012295BD | E8 9E | call <guitarpro7.sub_1560A60>                          |
012295C2 | 53    | push ebx                                               |
012295C3 | 8B5D  | mov ebx,dword ptr ss:[ebp+C]                           |
012295C6 | 8B43  | mov eax,dword ptr ds:[ebx+8]                           |
012295C9 | FF70  | push dword ptr ds:[eax+10]                             |
012295CC | E8 5F | call <guitarpro7.sub_158BB30>                          |
012295D1 | 83C4  | add esp,8                                              |
012295D4 | C645  | mov byte ptr ss:[ebp-4],0                              |
012295D8 | 8D4D  | lea ecx,dword ptr ss:[ebp+8]                           |
012295DB | FF15  | call dword ptr ds:[<&??1QString@@QAE@XZ>]              |
012295E1 | 8B4B  | mov ecx,dword ptr ds:[ebx+8]                           |
012295E4 | 8379  | cmp dword ptr ds:[ecx+5C],0                            |
012295E8 | 75 0A | jne guitarpro7.12295F4                                 |
012295EA | 8079  | cmp byte ptr ds:[ecx+60],0                             |
012295EE | 74 04 | je guitarpro7.12295F4                                  |
012295F0 | B0 01 | mov al,1                                               |
012295F2 | EB 02 | jmp guitarpro7.12295F6                                 |
012295F4 | 32C0  | xor al,al                                              |
012295F6 | 8B49  | mov ecx,dword ptr ds:[ecx+50]                          |
012295F9 | 50    | push eax                                               |
012295FA | FF15  | call dword ptr ds:[<&?setEnabled@QWidget@@QAEX_N@Z>]   |
01229600 | 8D4D  | lea ecx,dword ptr ss:[ebp-10]                          |
01229603 | FF15  | call dword ptr ds:[<&??1QString@@QAE@XZ>]              |
01229609 | 8B4D  | mov ecx,dword ptr ss:[ebp-C]                           |
0122960C | 64:89 | mov dword ptr fs:[0],ecx                               | 00000000:"8鼻"
01229613 | 59    | pop ecx                                                |
01229614 | 5F    | pop edi                                                |
01229615 | 5E    | pop esi                                                |
01229616 | 5B    | pop ebx                                                |
01229617 | 8BE5  | mov esp,ebp                                            |
01229619 | 5D    | pop ebp                                                |
0122961A | C3    | ret                                                    |
0122961B | 8B45  | mov eax,dword ptr ss:[ebp+C]                           |
0122961E | 85C0  | test eax,eax                                           |
01229620 | 74 0B | je guitarpro7.122962D                                  |
01229622 | 6A 0C | push C                                                 |
01229624 | 50    | push eax                                               |
01229625 | E8 30 | call <guitarpro7.sub_16B1A5A>                          |
0122962A | 83C4  | add esp,8                                              |
0122962D | 8B4D  | mov ecx,dword ptr ss:[ebp-C]                           |
01229630 | 64:89 | mov dword ptr fs:[0],ecx                               | 00000000:"8鼻"
01229637 | 59    | pop ecx                                                |
01229638 | 5F    | pop edi                                                |
01229639 | 5E    | pop esi                                                |
0122963A | 5B    | pop ebx                                                |
0122963B | 8BE5  | mov esp,ebp                                            |
0122963D | 5D    | pop ebp                                                |
0122963E | C3    | ret                                                    |

 

012295E8 | 75 0A | jne guitarpro7.12295F4                                 | NOP这里
012295EA | 8079  | cmp byte ptr ds:[ecx+60],0                             |
012295EE | 74 04 | je guitarpro7.12295F4                                  |
012295F0 | B0 01 | mov al,1                                               |
012295F2 | EB 02 | jmp guitarpro7.12295F6                                 |
012295F4 | 32C0  | xor al,al                                              |
012295F6 | 8B49  | mov ecx,dword ptr ds:[ecx+50]                          |
012295F9 | 50    | push eax                                               |
012295FA | FF15  | call dword ptr ds:[<&?setEnabled@QWidget@@QAEX_N@Z>]   |
01229600 | 8D4D  | lea ecx,dword ptr ss:[ebp-10]                          |
01229603 | FF15  | call dword ptr ds:[<&??1QString@@QAE@XZ>]              |

然后我们就知道一个奥秘,调用了 

setEnabled@QWidget

那就不是Alt+E,主模,setEnabled@QWidget啊

然后F2

双击过去 62BB8B50 | 8B51  | mov edx,dword ptr ds:[ecx+4]    就是在qt5widgets领空。。。

  

012296FC、01229702 皆NOP掉!

这样无论上面输入注册码时,还是左边点复选框时皆为 【激活】状态

此时保险起见,先Ctrl+P==> patch1强激活按钮不为灰.exe

===================================================================

接下来,再来解决时间问题,接茬用【相面法】多少天?30天

Ctrl+Shift+F, mov eax, 1e(在x32dbg/x64dbg中你不能搜索1E,要写成10进制的30)

so

下个断试下就知道了:

00E60770 | B8 1E000000          mov eax,1E  ====》我们把1E改成 2710 (即10进制的1万天,相当于28年)
00E60775 | C3                ret

 上面我们解决了两个问题,1是灰色按钮问题,2是无限试用问题。。。

上面写得不详细,发现有些问题上面的时间改的是分子,分母则是走字的天数

顺势跟下去。。。

来到

很有意思吧,就来到了 

00EF65C2 | 0F4DC6                  | cmovge eax,esi     

这个代码很有意思吧?

反转下对比的条件,交换两个寄存器

同理可证

然后我们点击关于时

依然反转下两个寄存器

===============================================================

接下来,我们再来解决网络校验问题。。。。

用process hacker查看下进程就能得到该软件的域名了

用WinHEX的充零大法。。。

Ctrl+L==》 00吧,注意两种编码都别放过就好,具体就不截图了

==============================================================

另外还有个问题,重启后注册码被干掉,导致我们还得再着注册。。。看看哪里发生的?

另外就在注册码注册成功的提示不远处,有个地方清空了al

最终在wgz001表哥的帮助下找到了那个位置。。。最终版完美爆破,同时我们在爆破QT程序的过程中得到了很多启迪。

比如QT程序调用注册表API不被api monitor  和 process monitor 监控到

但是以下断点仍然有效果

[5]注册表

5.RegOpenKeyA(打开注册表项)

5.RegOpenKeyExA(重启验证常用)

5.RegCreateKeyExA

5.RegQueryValueExA

5.RegCreateKeyA(创建新项)

5.RegCloseKey(关闭注册表)

5.RegQueryValueA(取值)

5.RegEnumKeyExA(枚举子项)

5.RegSetValueA(设置默认值)

5.RegSetValueW()

5.RegSetValueExA(设置指定项的值)

5.RegSetValueExW

删除注册表键值 不使用RegDeleteKeyA、RegDeleteKeyW

解决办法很简单;使用条件断点,和条件记录断点。为此我写了个条件断点生成器

==============================================================                        

接下来,我们再来看看QT程序的某些通用特性:

一般都有QM文件作为语言文件,然后不断的点击,就会发现这个QM翻译软件中,右面的字符串列表的前面,必然是那个QM的一个大类【比如这里是License】

反正就那个意思吧,具体你自己实践下就明白了。。。

分别 用自带的字符搜索和插件搜索下,你就会发现有得看,没得吃。

0110B2EA | 68 54 | push 试用10000天_加跳过启动注册窗.2190E54          | 2190E54:"Your software has been successfully activated."

字符串容易找到,但确缺少中间的东西来联系到。。。哪里发现的。。。。跟注册码也不会完全看到注册码的全部分,而是其中的1两位而已

调用点 的字符串要么早了,要么老了,因此我们还要回到 调用取EditText 控件  和  注册码 26位的 那块 就跟,发现发现了什么?

00E694C0 | 55                     | push ebp                                           |
00E694C1 | 8BEC                   | mov ebp,esp                                        |
00E694C3 | 6A FF                  | push FFFFFFFF                                      |
00E694C5 | 68 80083B01            | push <强制按钮为实1.sub_13B0880>                         |
00E694CA | 64:A1 00000000         | mov eax,dword ptr fs:[0]                           | eax:sub_E694C0
00E694D0 | 50                     | push eax                                           | eax:sub_E694C0
00E694D1 | 51                     | push ecx                                           |
00E694D2 | 53                     | push ebx                                           |
00E694D3 | 56                     | push esi                                           |
00E694D4 | 57                     | push edi                                           |
00E694D5 | A1 34845D02            | mov eax,dword ptr ds:[25D8434]                     | eax:sub_E694C0, 025D8434:L"皸肅"
00E694DA | 33C5                   | xor eax,ebp                                        | eax:sub_E694C0
00E694DC | 50                     | push eax                                           | eax:sub_E694C0
00E694DD | 8D45 F4                | lea eax,dword ptr ss:[ebp-C]                       | eax:sub_E694C0
00E694E0 | 64:A3 00000000         | mov dword ptr fs:[0],eax                           | eax:sub_E694C0
00E694E6 | 8B45 08                | mov eax,dword ptr ss:[ebp+8]                       | eax:sub_E694C0
00E694E9 | 83E8 00                | sub eax,0                                          | eax:sub_E694C0
00E694EC | 0F84 29010000          | je 强制按钮为实1.E6961B                                  |
00E694F2 | 83E8 01                | sub eax,1                                          | eax:sub_E694C0
00E694F5 | 0F85 32010000          | jne 强制按钮为实1.E6962D                                 |
00E694FB | 8B5D 0C                | mov ebx,dword ptr ss:[ebp+C]                       |
00E694FE | 8B35 18E04401          | mov esi,dword ptr ds:[<&?text@QLineEdit@@QBE?AVQSt |
00E69504 | 8B43 08                | mov eax,dword ptr ds:[ebx+8]                       | eax:sub_E694C0
00E69507 | C740 5C 07000000       | mov dword ptr ds:[eax+5C],7                        | eax+5C:sub_E694C0+5C
00E6950E | 8B43 08                | mov eax,dword ptr ds:[ebx+8]                       | eax:sub_E694C0
00E69511 | 8B78 10                | mov edi,dword ptr ds:[eax+10]                      | eax+10:sub_E694C0+10
00E69514 | 8D45 F0                | lea eax,dword ptr ss:[ebp-10]                      | eax:sub_E694C0
00E69517 | 50                     | push eax                                           | eax:sub_E694C0
00E69518 | 8BCF                   | mov ecx,edi                                        |
00E6951A | FFD6                   | call esi                                           |
00E6951C | 8B43 08                | mov eax,dword ptr ds:[ebx+8]                       | eax:sub_E694C0
00E6951F | 8D55 F0                | lea edx,dword ptr ss:[ebp-10]                      |
00E69522 | 52                     | push edx                                           |
00E69523 | C745 FC 00000000       | mov dword ptr ss:[ebp-4],0                         |
00E6952A | 8B48 54                | mov ecx,dword ptr ds:[eax+54]                      | eax+54:sub_E694C0+54
00E6952D | 8B01                   | mov eax,dword ptr ds:[ecx]                         | eax:sub_E694C0
00E6952F | FF50 3C                | call dword ptr ds:[eax+3C]                         | eax+3C:sub_E694C0+3C
00E69532 | 8B53 08                | mov edx,dword ptr ds:[ebx+8]                       |
00E69535 | 8BCF                   | mov ecx,edi                                        |
00E69537 | 8942 5C                | mov dword ptr ds:[edx+5C],eax                      | eax:sub_E694C0
00E6953A | 8D45 08                | lea eax,dword ptr ss:[ebp+8]                       | eax:sub_E694C0
00E6953D | 50                     | push eax                                           | eax:sub_E694C0
00E6953E | FFD6                   | call esi                                           |
00E69540 | 8D4D 08                | lea ecx,dword ptr ss:[ebp+8]                       |
00E69543 | 8B00                   | mov eax,dword ptr ds:[eax]                         | eax:sub_E694C0
00E69545 | 8B70 04                | mov esi,dword ptr ds:[eax+4]                       | eax+4:sub_E694C0+4
00E69548 | FF15 80C44401          | call dword ptr ds:[<&??1QString@@QAE@XZ>]          |
00E6954E | 83FE 1A                | cmp esi,1A                                         |
00E69551 | 90                     | nop                                                |
00E69552 | 90                     | nop                                                |
00E69553 | 8D4D 08                | lea ecx,dword ptr ss:[ebp+8]                       |
00E69556 | FF15 E4C34401          | call dword ptr ds:[<&??0QBitArray@@QAE@XZ>]        |
00E6955C | 8B4B 08                | mov ecx,dword ptr ds:[ebx+8]                       |
00E6955F | 6A 00                  | push 0                                             |
00E69561 | 50                     | push eax                                           | eax:sub_E694C0
00E69562 | C645 FC 01             | mov byte ptr ss:[ebp-4],1                          |
00E69566 | 8B49 64                | mov ecx,dword ptr ds:[ecx+64]                      |
00E69569 | E8 F2743300            | call <强制按钮为实1.sub_11A0A60>                         |
00E6956E | 8D4D 08                | lea ecx,dword ptr ss:[ebp+8]                       |
00E69571 | C645 FC 00             | mov byte ptr ss:[ebp-4],0                          |
00E69575 | FF15 80C44401          | call dword ptr ds:[<&??1QString@@QAE@XZ>]          |
00E6957B | 8B43 08                | mov eax,dword ptr ds:[ebx+8]                       | eax:sub_E694C0
00E6957E | 6A 00                  | push 0                                             |
00E69580 | FF70 10                | push dword ptr ds:[eax+10]                         | eax+10:sub_E694C0+10
00E69583 | E8 A8253600            | call <强制按钮为实1.sub_11CBB30>                         |
00E69588 | 83C4 08                | add esp,8                                          |
00E6958B | EB 54                  | jmp 强制按钮为实1.E695E1                                 |
00E6958D | 8B43 08                | mov eax,dword ptr ds:[ebx+8]                       | eax:sub_E694C0
00E69590 | 8B48 54                | mov ecx,dword ptr ds:[eax+54]                      | eax+54:sub_E694C0+54
00E69593 | FF70 5C                | push dword ptr ds:[eax+5C]                         | eax+5C:sub_E694C0+5C
00E69596 | 8D45 08                | lea eax,dword ptr ss:[ebp+8]                       | eax:sub_E694C0
00E69599 | 50                     | push eax                                           | eax:sub_E694C0
00E6959A | 8B11                   | mov edx,dword ptr ds:[ecx]                         |
00E6959C | FF52 48                | call dword ptr ds:[edx+48]                         |
00E6959F | 8B4B 08                | mov ecx,dword ptr ds:[ebx+8]                       |
00E695A2 | 8D45 08                | lea eax,dword ptr ss:[ebp+8]                       | eax:sub_E694C0
00E695A5 | 33DB                   | xor ebx,ebx                                        |
00E695A7 | C645 FC 02             | mov byte ptr ss:[ebp-4],2                          |
00E695AB | 3959 5C                | cmp dword ptr ds:[ecx+5C],ebx                      |
00E695AE | 8B49 64                | mov ecx,dword ptr ds:[ecx+64]                      |
00E695B1 | 0F95C3                 | setne bl                                           |
00E695B4 | 8D1C5D 02000000        | lea ebx,dword ptr ds:[ebx*2+2]                     |
00E695BB | 53                     | push ebx                                           |
00E695BC | 50                     | push eax                                           | eax:sub_E694C0
00E695BD | E8 9E743300            | call <强制按钮为实1.sub_11A0A60>                         |
00E695C2 | 53                     | push ebx                                           |
00E695C3 | 8B5D 0C                | mov ebx,dword ptr ss:[ebp+C]                       |
00E695C6 | 8B43 08                | mov eax,dword ptr ds:[ebx+8]                       | eax:sub_E694C0
00E695C9 | FF70 10                | push dword ptr ds:[eax+10]                         | eax+10:sub_E694C0+10
00E695CC | E8 5F253600            | call <强制按钮为实1.sub_11CBB30>                         |
00E695D1 | 83C4 08                | add esp,8                                          |
00E695D4 | C645 FC 00             | mov byte ptr ss:[ebp-4],0                          |
00E695D8 | 8D4D 08                | lea ecx,dword ptr ss:[ebp+8]                       |
00E695DB | FF15 80C44401          | call dword ptr ds:[<&??1QString@@QAE@XZ>]          |
00E695E1 | 8B4B 08                | mov ecx,dword ptr ds:[ebx+8]                       |
00E695E4 | 8379 5C 00             | cmp dword ptr ds:[ecx+5C],0                        |
00E695E8 | 90                     | nop                                                |
00E695E9 | 90                     | nop                                                |
00E695EA | 8079 60 00             | cmp byte ptr ds:[ecx+60],0                         |
00E695EE | 90                     | nop                                                |
00E695EF | 90                     | nop                                                |
00E695F0 | B0 01                  | mov al,1                                           |
00E695F2 | EB 02                  | jmp 强制按钮为实1.E695F6                                 |
00E695F4 | 32C0                   | xor al,al                                          |
00E695F6 | 8B49 50                | mov ecx,dword ptr ds:[ecx+50]                      |
00E695F9 | 50                     | push eax                                           | eax:sub_E694C0
00E695FA | FF15 C8E34401          | call dword ptr ds:[<&?setEnabled@QWidget@@QAEX_N@Z |
00E69600 | 8D4D F0                | lea ecx,dword ptr ss:[ebp-10]                      |
00E69603 | FF15 80C44401          | call dword ptr ds:[<&??1QString@@QAE@XZ>]          |
00E69609 | 8B4D F4                | mov ecx,dword ptr ss:[ebp-C]                       |
00E6960C | 64:890D 00000000       | mov dword ptr fs:[0],ecx                           |
00E69613 | 59                     | pop ecx                                            |
00E69614 | 5F                     | pop edi                                            |
00E69615 | 5E                     | pop esi                                            |
00E69616 | 5B                     | pop ebx                                            |
00E69617 | 8BE5                   | mov esp,ebp                                        |
00E69619 | 5D                     | pop ebp                                            |
00E6961A | C3                     | ret                                                |
00E6961B | 8B45 0C                | mov eax,dword ptr ss:[ebp+C]                       | eax:sub_E694C0
00E6961E | 85C0                   | test eax,eax                                       | eax:sub_E694C0
00E69620 | 74 0B                  | je 强制按钮为实1.E6962D                                  |
00E69622 | 6A 0C                  | push C                                             |
00E69624 | 50                     | push eax                                           | eax:sub_E694C0
00E69625 | E8 30844800            | call <强制按钮为实1.sub_12F1A5A>                         |
00E6962A | 83C4 08                | add esp,8                                          |
00E6962D | 8B4D F4                | mov ecx,dword ptr ss:[ebp-C]                       |
00E69630 | 64:890D 00000000       | mov dword ptr fs:[0],ecx                           |
00E69637 | 59                     | pop ecx                                            |
00E69638 | 5F                     | pop edi                                            |
00E69639 | 5E                     | pop esi                                            |
00E6963A | 5B                     | pop ebx                                            |
00E6963B | 8BE5                   | mov esp,ebp                                        |
00E6963D | 5D                     | pop ebp                                            |
00E6963E | C3                     | ret                                                |


改完之后,再存个档

                 

                      

00EACD40 | 55   | push ebp                                                                  |
00EACD41 | 8BEC | mov ebp,esp                                                               |
00EACD43 | 6A F | push FFFFFFFF                                                             |
00EACD45 | 68 5 | push <强制按钮为实1.sub_13B8757>                                                |
00EACD4A | 64:A | mov eax,dword ptr fs:[0]                                                  |
00EACD50 | 50   | push eax                                                                  |
00EACD51 | 83EC | sub esp,8                                                                 |
00EACD54 | 56   | push esi                                                                  |
00EACD55 | A1 3 | mov eax,dword ptr ds:[25D8434]                                            | 025D8434:L"皸肅"
00EACD5A | 33C5 | xor eax,ebp                                                               |
00EACD5C | 50   | push eax                                                                  |
00EACD5D | 8D45 | lea eax,dword ptr ss:[ebp-C]                                              |
00EACD60 | 64:A | mov dword ptr fs:[0],eax                                                  |
00EACD66 | 8BF1 | mov esi,ecx                                                               |
00EACD68 | 8B46 | mov eax,dword ptr ds:[esi+4]                                              |
00EACD6B | 80B8 | cmp byte ptr ds:[eax+C4],0                                                |
00EACD72 | 74 4 | je 强制按钮为实1.EACDB7                                                         | 通往Demo字样的地方 就不会跳转了
00EACD74 | 8D88 | lea ecx,dword ptr ds:[eax+C8]                                             |
00EACD7A | 8B01 | mov eax,dword ptr ds:[ecx]                                                |
00EACD7C | 8378 | cmp dword ptr ds:[eax+4],0                                                |
00EACD80 | 74 3 | je 强制按钮为实1.EACDB7                                                         | 通往Demo字样的地方
00EACD82 | 6A 0 | push 8                                                                    |
00EACD84 | 6A 0 | push 0                                                                    |
00EACD86 | 8D45 | lea eax,dword ptr ss:[ebp-10]                                             |
00EACD89 | 50   | push eax                                                                  |
00EACD8A | FF15 | call dword ptr ds:[<&?mid@QString@@QBE?AV1@HH@Z>]                         |
00EACD90 | 6A 0 | push 1                                                                    |
00EACD92 | 68 5 | push 强制按钮为实1.1EF655C                                                      | 1EF655C:"-********-********"
00EACD97 | 8BC8 | mov ecx,eax                                                               |
00EACD99 | C745 | mov dword ptr ss:[ebp-4],0                                                |
00EACDA0 | FF15 | call dword ptr ds:[<&??YQString@@QAEAAV0@PBD@Z>]                          |
00EACDA6 | 8B4E | mov ecx,dword ptr ds:[esi+4]                                              |
00EACDA9 | 50   | push eax                                                                  |
00EACDAA | 83C1 | add ecx,50                                                                |
00EACDAD | E8 5 | call <强制按钮为实1.sub_1188A10>                                                |
00EACDB2 | 8D4D | lea ecx,dword ptr ss:[ebp-10]                                             |
00EACDB5 | EB 3 | jmp 强制按钮为实1.EACDEA                                                        |
00EACDB7 | 6A F | push FFFFFFFF                                                             |
00EACDB9 | 6A 0 | push 0                                                                    |
00EACDBB | 68 7 | push 强制按钮为实1.1EF6570                                                      | 1EF6570:"Demo"
00EACDC0 | 8D45 | lea eax,dword ptr ss:[ebp-14]                                             |
00EACDC3 | 68 1 | push 强制按钮为实1.1ED7510                                                      | 1ED7510:"AboutDialog"
00EACDC8 | 50   | push eax                                                                  |
00EACDC9 | FF15 | call dword ptr ds:[<&?translate@QCoreApplication@@SA?AVQString@@PBD00H@Z> |



QT启动的阶段:

Initialization 1/4

Initialization 2/4

Initialization 3/4

Initialization 4/4

00315136 | 68 203CCE00      | push 强制按钮为实1_强制注册成功(强跳).CE3C20          | CE3C20:"Initialization Done"

00A94EF8 | FF15 | call dword ptr ds:[<&?isDebugEnabled@QLoggingCategory@@QBE_N |
00A94EFE | 84C0 | test al,al                                                   |
00A94F00 | 74 4 | je 强制按钮为实1.A94F43                                            |
00A94F02 | E8 D | call <强制按钮为实1.sub_A9A8E0>                                    |
00A94F07 | 8D4D | lea ecx,dword ptr ss:[ebp-64]                                |
00A94F0A | 51   | push ecx                                                     |
00A94F0B | 8D4D | lea ecx,dword ptr ss:[ebp-24]                                |
00A94F0E | FF70 | push dword ptr ds:[eax+4]                                    |
00A94F11 | 6A 0 | push 0                                                       |
00A94F13 | 6A 0 | push 0                                                       |
00A94F15 | 6A 0 | push 0                                                       |
00A94F17 | FF15 | call dword ptr ds:[<&??0QMessageLogger@@QAE@PBDH00@Z>]       |
00A94F1D | 8BC8 | mov ecx,eax                                                  |
00A94F1F | FFD3 | call ebx                                                     |
00A94F21 | 68 B | push 强制按钮为实1.1463BB8                                         | 1463BB8:"Creating Main Window"
00A94F26 | 8BC8 | mov ecx,eax                                                  |
00A94F28 | C645 | mov byte ptr ss:[ebp-4],11                                   |
00A94F2C | FF15 | call dword ptr ds:[<&??6QDebug@@QAEAAV0@PBD@Z>]              |
00A94F32 | 8B35 | mov esi,dword ptr ds:[<&??1QDebug@@QAE@XZ>]                  |
00A94F38 | 8D4D | lea ecx,dword ptr ss:[ebp-64]                                |
00A94F3B | C645 | mov byte ptr ss:[ebp-4],D                                    | D:'\r'
00A94F3F | FFD6 | call esi                                                     |
00A94F41 | EB 0 | jmp 强制按钮为实1.A94F49                                           |
00A94F43 | 8B35 | mov esi,dword ptr ds:[<&??1QDebug@@QAE@XZ>]                  |
00A94F49 | 6A 0 | push 0                                                       |
00A94F4B | 6A 0 | push 1                                                       |
00A94F4D | E8 6 | call <强制按钮为实1.sub_CE57C0>                                    | 上上上层 注册成功1
00A94F52 | 8B8D | mov ecx,dword ptr ss:[ebp-84]                                |
00A94F58 | 83C4 | add esp,8                                                    |
00A94F5B | 8B01 | mov eax,dword ptr ds:[ecx]                                   |
00A94F5D | 8B80 | mov eax,dword ptr ds:[eax+80]                                |
00A94F63 | FFD0 | call eax                                                     |
00A94F65 | 84C0 | test al,al                                                   |
00A94F67 | 75 0 | jne 强制按钮为实1.A94F74                                           |
00A94F69 | 8B8D | mov ecx,dword ptr ss:[ebp-84]                                |
00A94F6F | 8B01 | mov eax,dword ptr ds:[ecx]                                   |
00A94F71 | FF50 | call dword ptr ds:[eax+78]                                   |
00A94F74 | E8 6 | call <强制按钮为实1.sub_A9A8E0>                                    |
00A94F79 | 8BC8 | mov ecx,eax                                                  |
00A94F7B | FF15 | call dword ptr ds:[<&?isDebugEnabled@QLoggingCategory@@QBE_N |
00A94F81 | 84C0 | test al,al                                                   |
00A94F83 | 74 3 | je 强制按钮为实1.A94FBE                                            |
00A94F85 | E8 5 | call <强制按钮为实1.sub_A9A8E0>                                    |
00A94F8A | 8D4D | lea ecx,dword ptr ss:[ebp-64]                                |
00A94F8D | 51   | push ecx                                                     |
00A94F8E | 8D4D | lea ecx,dword ptr ss:[ebp-24]                                |
00A94F91 | FF70 | push dword ptr ds:[eax+4]                                    |
00A94F94 | 6A 0 | push 0                                                       |
00A94F96 | 6A 0 | push 0                                                       |
00A94F98 | 6A 0 | push 0                                                       |
00A94F9A | FF15 | call dword ptr ds:[<&??0QMessageLogger@@QAE@PBDH00@Z>]       |
00A94FA0 | 8BC8 | mov ecx,eax                                                  |
00A94FA2 | FFD3 | call ebx                                                     |
00A94FA4 | 68 D | push 强制按钮为实1.1463BD0                                         | 1463BD0:"Initialization 1/4"
00A94FA9 | 8BC8 | mov ecx,eax                                                  |
00A94FAB | C645 | mov byte ptr ss:[ebp-4],12                                   |
00A94FAF | FF15 | call dword ptr ds:[<&??6QDebug@@QAEAAV0@PBD@Z>]              |
00A94FB5 | 8D4D | lea ecx,dword ptr ss:[ebp-64]                                |
00A94FB8 | C645 | mov byte ptr ss:[ebp-4],D                                    | D:'\r'
00A94FBC | FFD6 | call esi                                                     |
00A94FBE | 8D8D | lea ecx,dword ptr ss:[ebp-A4]                                |
00A94FC4 | FF15 | call dword ptr ds:[<&?waitForFinished@QFutureInterfaceBase@@ |
00A94FCA | E8 1 | call <强制按钮为实1.sub_A9A8E0>                                    |
00A94FCF | 8BC8 | mov ecx,eax                                                  |
00A94FD1 | FF15 | call dword ptr ds:[<&?isDebugEnabled@QLoggingCategory@@QBE_N |
00A94FD7 | 84C0 | test al,al                                                   |
00A94FD9 | 74 3 | je 强制按钮为实1.A95010                                            |
00A94FDB | E8 0 | call <强制按钮为实1.sub_A9A8E0>                                    |
00A94FE0 | 8D4D | lea ecx,dword ptr ss:[ebp-64]                                |
00A94FE3 | 51   | push ecx                                                     |
00A94FE4 | 8D4D | lea ecx,dword ptr ss:[ebp-24]                                |
00A94FE7 | FF70 | push dword ptr ds:[eax+4]                                    |
00A94FEA | 6A 0 | push 0                                                       |
00A94FEC | 6A 0 | push 0                                                       |
00A94FEE | 6A 0 | push 0                                                       |
00A94FF0 | FF15 | call dword ptr ds:[<&??0QMessageLogger@@QAE@PBDH00@Z>]       |
00A94FF6 | 8BC8 | mov ecx,eax                                                  |
00A94FF8 | FFD3 | call ebx                                                     |
00A94FFA | 68 E | push 强制按钮为实1.1463BE4                                         | 1463BE4:"Initialization 2/4"
00A94FFF | 8BC8 | mov ecx,eax                                                  |
00A95001 | C645 | mov byte ptr ss:[ebp-4],13                                   |
00A95005 | FF15 | call dword ptr ds:[<&??6QDebug@@QAEAAV0@PBD@Z>]              |
00A9500B | 8D4D | lea ecx,dword ptr ss:[ebp-64]                                |
00A9500E | FFD6 | call esi                                                     |
00A95010 | 8D4D | lea ecx,dword ptr ss:[ebp-70]                                |
00A95013 | FF15 | call dword ptr ds:[<&??0QBitArray@@QAE@XZ>]                  |
00A95019 | 8B8D | mov ecx,dword ptr ss:[ebp-84]                                |
00A9501F | 8D55 | lea edx,dword ptr ss:[ebp-70]                                |
00A95022 | 52   | push edx                                                     |
00A95023 | C645 | mov byte ptr ss:[ebp-4],14                                   |
00A95027 | 8B01 | mov eax,dword ptr ds:[ecx]                                   |
00A95029 | 8B40 | mov eax,dword ptr ds:[eax+6C]                                |
00A9502C | FFD0 | call eax                                                     |
00A9502E | 8845 | mov byte ptr ss:[ebp-79],al                                  |
00A95031 | E8 A | call <强制按钮为实1.sub_A9A8E0>                                    |
00A95036 | 8BC8 | mov ecx,eax                                                  |
00A95038 | FF15 | call dword ptr ds:[<&?isDebugEnabled@QLoggingCategory@@QBE_N |
00A9503E | 84C0 | test al,al                                                   |
00A95040 | 74 3 | je 强制按钮为实1.A9507B                                            |
00A95042 | E8 9 | call <强制按钮为实1.sub_A9A8E0>                                    |
00A95047 | 8D4D | lea ecx,dword ptr ss:[ebp-64]                                |
00A9504A | 51   | push ecx                                                     |
00A9504B | 8D4D | lea ecx,dword ptr ss:[ebp-24]                                |
00A9504E | FF70 | push dword ptr ds:[eax+4]                                    |
00A95051 | 6A 0 | push 0                                                       |
00A95053 | 6A 0 | push 0                                                       |
00A95055 | 6A 0 | push 0                                                       |
00A95057 | FF15 | call dword ptr ds:[<&??0QMessageLogger@@QAE@PBDH00@Z>]       |
00A9505D | 8BC8 | mov ecx,eax                                                  |
00A9505F | FFD3 | call ebx                                                     |
00A95061 | 68 F | push 强制按钮为实1.1463BF8                                         | 1463BF8:"Initialization 3/4"
00A95066 | 8BC8 | mov ecx,eax                                                  |
00A95068 | C645 | mov byte ptr ss:[ebp-4],15                                   |
00A9506C | FF15 | call dword ptr ds:[<&??6QDebug@@QAEAAV0@PBD@Z>]              |
00A95072 | 8D4D | lea ecx,dword ptr ss:[ebp-64]                                |
00A95075 | C645 | mov byte ptr ss:[ebp-4],14                                   |
00A95079 | FFD6 | call esi                                                     |
00A9507B | 8BB5 | mov esi,dword ptr ss:[ebp-84]                                |
00A95081 | 8D45 | lea eax,dword ptr ss:[ebp-70]                                |
00A95084 | 51   | push ecx                                                     |
00A95085 | 8BCC | mov ecx,esp                                                  |
00A95087 | 50   | push eax                                                     |
00A95088 | FF15 | call dword ptr ds:[<&??0QByteArray@@QAE@ABV0@@Z>]            |
00A9508E | 8B06 | mov eax,dword ptr ds:[esi]                                   |
00A95090 | 8BCE | mov ecx,esi                                                  |
00A95092 | FF50 | call dword ptr ds:[eax+50]                                   |
00A95095 | E8 4 | call <强制按钮为实1.sub_A9A8E0>                                    |
00A9509A | 8BC8 | mov ecx,eax                                                  |
00A9509C | FF15 | call dword ptr ds:[<&?isDebugEnabled@QLoggingCategory@@QBE_N |
00A950A2 | 84C0 | test al,al                                                   |
00A950A4 | 74 3 | je 强制按钮为实1.A950E3                                            |
00A950A6 | E8 3 | call <强制按钮为实1.sub_A9A8E0>                                    |
00A950AB | 8D4D | lea ecx,dword ptr ss:[ebp-64]                                |
00A950AE | 51   | push ecx                                                     |
00A950AF | 8D4D | lea ecx,dword ptr ss:[ebp-24]                                |
00A950B2 | FF70 | push dword ptr ds:[eax+4]                                    |
00A950B5 | 6A 0 | push 0                                                       |
00A950B7 | 6A 0 | push 0                                                       |
00A950B9 | 6A 0 | push 0                                                       |
00A950BB | FF15 | call dword ptr ds:[<&??0QMessageLogger@@QAE@PBDH00@Z>]       |
00A950C1 | 8BC8 | mov ecx,eax                                                  |
00A950C3 | FFD3 | call ebx                                                     |
00A950C5 | 68 0 | push 强制按钮为实1.1463C0C                                         | 1463C0C:"Initialization 4/4"
00A950CA | 8BC8 | mov ecx,eax                                                  |
00A950CC | C645 | mov byte ptr ss:[ebp-4],16                                   |
00A950D0 | FF15 | call dword ptr ds:[<&??6QDebug@@QAEAAV0@PBD@Z>]              |
00A950D6 | 8D4D | lea ecx,dword ptr ss:[ebp-64]                                |
00A950D9 | C645 | mov byte ptr ss:[ebp-4],14                                   |
00A950DD | FF15 | call dword ptr ds:[<&??1QDebug@@QAE@XZ>]                     |
00A950E3 | 807D | cmp byte ptr ss:[ebp-79],0                                   |
00A950E7 | 74 1 | je 强制按钮为实1.A95106                                            |
00A950E9 | 8BB5 | mov esi,dword ptr ss:[ebp-84]                                |
00A950EF | 8D45 | lea eax,dword ptr ss:[ebp-70]                                |
00A950F2 | 51   | push ecx                                                     |
00A950F3 | 8BCC | mov ecx,esp                                                  |
00A950F5 | 50   | push eax                                                     |
00A950F6 | FF15 | call dword ptr ds:[<&??0QByteArray@@QAE@ABV0@@Z>]            |
00A950FC | 8B06 | mov eax,dword ptr ds:[esi]                                   |
00A950FE | 8BCE | mov ecx,esi                                                  |
00A95100 | FF90 | call dword ptr ds:[eax+B4]                                   |
00A95106 | E8 D | call <强制按钮为实1.sub_A9A8E0>                                    |
00A9510B | 8BC8 | mov ecx,eax                                                  |
00A9510D | FF15 | call dword ptr ds:[<&?isDebugEnabled@QLoggingCategory@@QBE_N |
00A95113 | 84C0 | test al,al                                                   |
00A95115 | 74 3 | je 强制按钮为实1.A95150                                            |
00A95117 | E8 C | call <强制按钮为实1.sub_A9A8E0>                                    |
00A9511C | 8D4D | lea ecx,dword ptr ss:[ebp-64]                                |
00A9511F | 51   | push ecx                                                     |
00A95120 | 8D4D | lea ecx,dword ptr ss:[ebp-24]                                |
00A95123 | FF70 | push dword ptr ds:[eax+4]                                    |
00A95126 | 6A 0 | push 0                                                       |
00A95128 | 6A 0 | push 0                                                       |
00A9512A | 6A 0 | push 0                                                       |
00A9512C | FF15 | call dword ptr ds:[<&??0QMessageLogger@@QAE@PBDH00@Z>]       |
00A95132 | 8BC8 | mov ecx,eax                                                  |
00A95134 | FFD3 | call ebx                                                     |
00A95136 | 68 2 | push 强制按钮为实1.1463C20                                         | 1463C20:"Initialization Done"
00E67930 | 55   | push ebp                                                     |
00E67931 | 8BEC | mov ebp,esp                                                  |
00E67933 | 6A F | push FFFFFFFF                                                |
00E67935 | 68 B | push 强制按钮为实1.13B03B9                                         |
00E6793A | 64:A | mov eax,dword ptr fs:[0]                                     |
00E67940 | 50   | push eax                                                     |
00E67941 | 83EC | sub esp,10                                                   |
00E67944 | 56   | push esi                                                     |
00E67945 | 57   | push edi                                                     |
00E67946 | A1 3 | mov eax,dword ptr ds:[25D8434]                               | 025D8434:L"皸肅"
00E6794B | 33C5 | xor eax,ebp                                                  |
00E6794D | 50   | push eax                                                     |
00E6794E | 8D45 | lea eax,dword ptr ss:[ebp-C]                                 |
00E67951 | 64:A | mov dword ptr fs:[0],eax                                     |
00E67957 | 8BF9 | mov edi,ecx                                                  |
00E67959 | 837D | cmp dword ptr ss:[ebp+8],0                                   |
00E6795D | 8D45 | lea eax,dword ptr ss:[ebp-18]                                |
00E67960 | 6A F | push FFFFFFFF                                                |
00E67962 | 6A 0 | push 0                                                       |
00E67964 | 7E 6 | jle 强制按钮为实1.E679D0                                           |
00E67966 | 68 2 | push 强制按钮为实1.1EF0724                                         | 1EF0724:"<b>%1</b> day(s) left"
00E6796B | 68 4 | push 强制按钮为实1.1EF064C                                         | 1EF064C:"DemoWidget"
00E67970 | 50   | push eax                                                     |
00E67971 | FF15 | call dword ptr ds:[<&?translate@QCoreApplication@@SA?AVQStri |
00E67977 | 8BF0 | mov esi,eax                                                  |
00E67979 | 83C4 | add esp,10                                                   |
00E6797C | C645 | mov byte ptr ss:[ebp-10],20                                  | 20:' '
00E67980 | 8BCC | mov ecx,esp                                                  |
00E67982 | C745 | mov dword ptr ss:[ebp-4],0                                   |
00E67989 | FF75 | push dword ptr ss:[ebp-10]                                   |
00E6798C | FF15 | call dword ptr ds:[<&??0QChar@@QAE@D@Z>]                     |
00E67992 | 6A 0 | push A                                                       |
00E67994 | 6A 0 | push 0                                                       |
00E67996 | FF75 | push dword ptr ss:[ebp+8]                                    |
00E67999 | 8D45 | lea eax,dword ptr ss:[ebp-14]                                |
00E6799C | 8BCE | mov ecx,esi                                                  |
00E6799E | 50   | push eax                                                     |
00E6799F | FF15 | call dword ptr ds:[<&?arg@QString@@QBE?AV1@HHHVQChar@@@Z>]   |
00E679A5 | 8B4F | mov ecx,dword ptr ds:[edi+1C]                                |
00E679A8 | 50   | push eax                                                     |
00E679A9 | C645 | mov byte ptr ss:[ebp-4],1                                    |
00E679AD | FF15 | call dword ptr ds:[<&?setText@QLabel@@QAEXABVQString@@@Z>]   |
00E679B3 | 8D4D | lea ecx,dword ptr ss:[ebp-14]                                |
00E679B6 | FF15 | call dword ptr ds:[<&??1QString@@QAE@XZ>]                    |
00E679BC | 8D4D | lea ecx,dword ptr ss:[ebp-18]                                |
00E679BF | C745 | mov dword ptr ss:[ebp-4],FFFFFFFF                            |
00E679C6 | FF15 | call dword ptr ds:[<&??1QString@@QAE@XZ>]                    |
00E679CC | 6A 0 | push 0                                                       |
00E679CE | EB 6 | jmp 强制按钮为实1.E67A3F                                           |
00E679D0 | 68 3 | push 强制按钮为实1.1EF073C                                         | 1EF073C:"Trial expired"
00E679D5 | 68 4 | push 强制按钮为实1.1EF064C                                         | 1EF064C:"DemoWidget"
00E679DA | 50   | push eax                                                     |
00E679DB | FF15 | call dword ptr ds:[<&?translate@QCoreApplication@@SA?AVQStri |
00E679E1 | 83C4 | add esp,14                                                   |
00E679E4 | 8B4F | mov ecx,dword ptr ds:[edi+1C]                                |
00E679E7 | 50   | push eax                                                     |
00E679E8 | C745 | mov dword ptr ss:[ebp-4],2                                   |
00E679EF | FF15 | call dword ptr ds:[<&?setText@QLabel@@QAEXABVQString@@@Z>]   |
00E679F5 | 8D4D | lea ecx,dword ptr ss:[ebp-18]                                |
00E679F8 | C745 | mov dword ptr ss:[ebp-4],FFFFFFFF                            |
00E679FF | FF15 | call dword ptr ds:[<&??1QString@@QAE@XZ>]                    |
00E67A05 | 6A 0 | push F                                                       |
00E67A07 | 68 4 | push 强制按钮为实1.1EF074C                                         | 1EF074C:"am_trialExpired"

最初最早我的改法是强跳注册窗口,那么做是没有啥实际意义的。

1点心得。。。


[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

最后于 2021-3-12 09:52 被ninebell编辑 ,原因: 完美结局
收藏
免费 3
支持
分享
最新回复 (4)
雪    币: 35632
活跃值: (7155)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
2
?text@QLineEdit 可以作为Alt+E断点参考。
2021-2-26 11:14
0
雪    币: 4359
活跃值: (4338)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
爆破最好直接到最后一层验证标志处去修改.  以免漏掉.
2021-2-26 11:27
0
雪    币: 9057
活跃值: (1615)
能力值: ( LV2,RANK:15 )
在线值:
发帖
回帖
粉丝
4
Mxixihaha 爆破最好直接到最后一层验证标志处去修改. 以免漏掉.
mov 0x1e哪儿有点混…
2021-2-26 14:44
0
雪    币: 35632
活跃值: (7155)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
5
严启真 mov 0x1e哪儿有点混…
Ollydbg中直接搜索命令就是这样
x32dbg/x64dbg搜索时则转为10进制,显示时则如OD那样,记住区分。
不知作者是人性化的体现,还是。。。
2021-2-27 08:20
0
游客
登录 | 注册 方可回帖
返回
//