我这有一个程序,读取正常用户数据时,可以正常操作,读取软件限制的用户数据时,就停止读取了。
这样我应该从哪入手尼?用OllyICE来具体要怎么操作。
从今后就开始在这安家落户了,大家多给点建议。
努力学习ing....
0040946E |. 837D F8 00 |cmp dword ptr [ebp-8], 0
00409472 |. 75 12 |jnz short 00409486
00409474 |. 68 7C844700 |push 0047847C ; playerdbloading failed.\n
00409479 |. E8 62F70200 |call 00438BE0
0040947E |. 83C4 04 |add esp, 4
00409481 |. E9 99000000 |jmp 0040951F
00409486 |> 837D FC 00 |cmp dword ptr [ebp-4], 0
0040948A |. 0F84 8A000000 |je 0040951A
00409490 |. 8B45 08 |mov eax, [ebp+8]
00409493 |. 6BC0 18 |imul eax, eax, 18
00409496 |. 8B4D E4 |mov ecx, [ebp-1C]
00409499 |. 8B91 9C000000 |mov edx, [ecx+9C]
0040949F |. C74402 04 010>|mov dword ptr [edx+eax+4], 1
004094A7 |. C645 EF 43 |mov byte ptr [ebp-11], 43
004094AB |. C745 E8 01000>|mov dword ptr [ebp-18], 1
004094B2 |. 8BF4 |mov esi, esp
004094B4 |. 8D45 E8 |lea eax, [ebp-18]
004094B7 |. 50 |push eax
004094B8 |. 8D4D EF |lea ecx, [ebp-11]
004094BB |. 51 |push ecx
004094BC |. 8D55 08 |lea edx, [ebp+8]
004094BF |. 52 |push edx
004094C0 |. 8B45 E4 |mov eax, [ebp-1C]
004094C3 |. 8B88 84000000 |mov ecx, [eax+84]
004094C9 |. 8B55 E4 |mov edx, [ebp-1C]
004094CC |. 8B82 84000000 |mov eax, [edx+84]
004094D2 |. 8B09 |mov ecx, [ecx]
004094D4 |. 50 |push eax
004094D5 |. FF51 28 |call [ecx+28]
004094D8 |. 3BF4 |cmp esi, esp
004094DA |. E8 C1F00200 |call 004385A0
004094DF |. 85C0 |test eax, eax
004094E1 |. 7D 1A |jge short 004094FD
004094E3 |. 8B55 08 |mov edx, [ebp+8]
004094E6 |. 52 |push edx
004094E7 |. 68 98844700 |push 00478498 ; |packing failed. %d, %d, %d\n
004094EC |. E8 EFF60200 |call 00438BE0
004094F1 |. 83C4 08 |add esp, 8
004094F4 |. C745 F8 00000>|mov dword ptr [ebp-8], 0
004094FB |. EB 22 |jmp short 0040951F
004094FD |> 8BF4 |mov esi, esp
004094FF |. 8B45 08 |mov eax, [ebp+8]
00409502 |. 50 |push eax
00409503 |. 68 B4844700 |push 004784B4 ; [trace]syncend:%d
00409508 |. FF15 68144800 |call [<&Engine.g_DebugLog>] ; Engine.g_DebugLog
0040950E |. 83C4 08 |add esp, 8
00409511 |. 3BF4 |cmp esi, esp
00409513 |. E8 88F00200 |call 004385A0
00409518 |. EB 05 |jmp short 0040951F
0040951A |>^ E9 FEFEFFFF \jmp 0040941D
0040951F |> 8BF4 mov esi, esp
00409521 |. 8D4D 08 lea ecx, [ebp+8]
00409524 |. 51 push ecx
00409525 |. 8B55 E4 mov edx, [ebp-1C]
00409528 |. 8B82 84000000 mov eax, [edx+84]
0040952E |. 8B4D E4 mov ecx, [ebp-1C]
00409531 |. 8B91 84000000 mov edx, [ecx+84]
00409537 |. 8B00 mov eax, [eax]
00409539 |. 52 push edx
0040953A |. FF50 2C call [eax+2C]
0040953D |. 3BF4 cmp esi, esp
0040953F |. E8 5CF00200 call 004385A0
00409544 |. 85C0 test eax, eax
帮忙看下,主要原因是这段问题吗?万分感谢!
[课程]Linux pwn 探索篇!