-
-
[分享] calleng 的汇编日记,Hidden Camera Manager算法(考古系列)(天草算法第五课)
-
发表于: 2024-8-15 02:07 1527
-
1,年代久远, 看着当年的课程满满回忆。课程虽然差,总觉得我就不该看了最新的课程,10 年了,大势所趋, 变化也快。
2, 看着 2003 年的 S-demo 录制的动画 其实也是一种享受。
特别路边的 D 版 hacker 杂志, 附赠的光盘,里面的破解动画。 --特喜欢,为了快乐,和没有曾经跨过去的坎, 追求,我喜欢的。不会太差。
--- 小目标, 录个 crack 的动画。
3, 一上来,这个, 08 年的 共享软件, 真的难倒我了, 看了不下 30 个小时, 虽然只有 1 小时的, 劣质动画, 但是 算法选题真的非常有水准。
;我们不用关心杂乱的运算 , 他最终赋值是这样的.
; 首先清零 ,然后初始化, 不用关心这些, 杂乱的计算, 和赋值 , 他最终的赋值 ,是这样的,
; 34 , 是用来和 邮箱这个字符串, 进行 异或运算 的,
; 54, 是用来和这个, 用户名这个字符串, 异或运算, 进行运算的.
; 异或运算以后, 接下来, 计算 ESI 的值. 如果大于 3 , 小于 等于 > 3. 那么 他就把 ESI 赋值 为 19. 否则的话, 他就会保存为 原值.
; 更具 上面两个 异或运算 已经得到的数组. 对这个 ebp + eax + 54, 和 ebp + eax + 34 再次进行异或运算. 诸位异或运算. , 并且将结果保存到, EAX + 4 这里面. 保存到上面了,
; 相当于 原来的 EAX + 4.
; 新的 eax 加 4, 大小是 20. hex. 对他的 第一 , 第 11, 再次 进行 异或运算. , 以后, 除以 ESI .
; 把值 加上 41, 保存到 , 计算的 数组里面 , 这个 注册码 里面.
; 0012FB30 2F 71 6C 12 C4 4F 7B 88 /ql...{.
; 45 46 46 43 41 44 42 46 EFFCADBF
;0012FB40 46 47 41 45 45 42 45 47 FGAEEBEG
; 诸位 进行 异或运算. 除以 ESI , + 41 . ;---> 这就构成一个 16 位 的 序列号.
; 这节课,内容 比较多, 运算 非常复杂, 大部分都是 异或运算, 但这些 异或运算 需要对数组 进行 识别, 对于 数组的 识别是一个 难点.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 | ;重新来到, 刚才的代码, 直接按下 界面上的 C , cpu , 界面. ;DRX ---(OD调试器),可以找到 用户 做的所有comment. 所有你在汇编代码后面所做的 注释.可以实现. ; 课题画外 音, 老师用过, 的 IDA pro 分析过这个 HC.exe 00425398 . 304C05 54 XOR BYTE PTR SS:[EBP+EAX+54],CL 0012FBB0 0F 5F 8A 95 5A 56 22 5D 0F 6B 40 9A 23 A4 61 AB _姇ZV"]k@?? 0012FBC0 ED 94 E7 8B DB 8B 19 D8 C4 0A EB 95 9D D6 73 B3 頂鐙蹕啬.霑澲s? 0012FBD0 87 97 B1 AE E4 FB 12 00 C2 1D 44 00 4C 57 48 00 嚄碑潲.?D.LWH. 0012FBE0 8C 02 CA 00 14 FC 12 00 D1 1F 44 00 8C 02 CA 00 ???.?D.?? 0012FBF0 96 00 00 00 00 00 00 00 50 50 42 00 00 00 00 00 ?......PPB..... 0012FC00 39 00 00 00 00 00 00 00 00 00 00 00 48 00 CA 00 9...........H.? 0012FC10 00 00 00 00 00 00 00 00 AB 14 43 00 96 00 00 00 ........?C.?.. 0012FC20 00 00 00 00 00 00 00 00 00 00 00 00 96 00 00 00 ............?.. 0012FC30 48 00 CA 00 88 FC 12 00 00 00 00 00 C6 FE 43 00 H.?堻.....掐C. 0012FC40 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ?.............. /ql ...{.EFFCADBFFGAEEBEG!B..Z5+= .text:00425050 55 push ebp .text:00425051 8D 6C 24 88 lea ebp, [esp-78h] ; Load Effective Address .text:00425055 83 EC 78 sub esp, 78h ; Integer Subtraction .text:00425058 6A FF push 0FFFFFFFFh .text:0042505A 68 73 DC 47 00 push offset SEH_425050 .text:0042505F 64 A1 00 00 00 00 mov eax, large fs:0 .text:00425065 50 push eax .text:00425066 81 EC AC 00 00 00 sub esp, 0ACh ; Integer Subtraction .text:0042506C A1 A0 1D 4A 00 mov eax, dword_4A1DA0 .text:00425071 33 C5 xor eax, ebp ; Logical Exclusive OR .text:00425073 89 45 74 mov [ebp+78h+var_4], eax .text:00425076 53 push ebx .text:00425077 56 push esi .text:00425078 57 push edi .text:00425079 50 push eax .text:0042507A 8D 45 F4 lea eax, [ebp+78h+var_84] ; Load Effective Address .text:0042507D 64 A3 00 00 00 00 mov large fs:0, eax .text:00425083 89 65 F0 mov [ebp+78h+var_88], esp .text:00425086 8B F1 mov esi, ecx .text:00425088 6A 00 push 0 ; int .text:0042508A 8D 8E 84 30 01 00 lea ecx, [esi+13084h] ; this .text:00425090 89 75 00 mov [ebp+78h+var_78], esi .text:00425093 ; try { .text:00425093 C7 45 FC 00 00 00 00 mov [ebp+78h+var_7C], 0 .text:0042509A C7 86 50 3D 01 00 01 00 00 00 mov dword ptr [esi+13D50h], 1 .text:004250A4 E8 EF 5B 01 00 call ?ShowWindow@CWnd@@QAEHH@Z ; Call Procedure .text:004250A9 8B CE mov ecx, esi .text:004250AB E8 D0 77 FE FF call sub_40C880 ; Call Procedure .text:004250B0 6A 00 push 0 .text:004250B2 8D 8D 48 FF FF FF lea ecx, [ebp+78h+var_130] ; Load Effective Address .text:004250B8 E8 D3 F9 00 00 call sub_434A90 ; Call Procedure .text:004250BD 8D 8D 48 FF FF FF lea ecx, [ebp+78h+var_130] ; this .text:004250BD ; } // starts at 425093 .text:004250C3 ; try { .text:004250C3 C6 45 FC 01 mov byte ptr [ebp+78h+var_7C], 1 .text:004250C7 E8 19 4F 01 00 call ?DoModal@CDialog@@UAEHXZ ; 弹出注册框,并延时,并不马上比较 .text:004250CC 83 F8 01 cmp eax, 1 ; Compare Two Operands .text:004250CF 0F 85 DF 06 00 00 jnz loc_4257B4 ; 跳转到这里 .text:004250D5 8B FE mov edi, esi .text:004250D7 8D 87 48 30 01 00 lea eax, [edi+13048h] ; Load Effective Address .text:004250DD 50 push eax .text:004250DE 8D 8F 44 30 01 00 lea ecx, [edi+13044h] ; Load Effective Address .text:004250E4 51 push ecx .text:004250E5 8D 97 40 30 01 00 lea edx, [edi+13040h] ; Load Effective Address .text:004250EB 52 push edx .text:004250EC 8D 87 3C 30 01 00 lea eax, [edi+1303Ch] ; Load Effective Address .text:004250F2 50 push eax .text:004250F3 8D 8D 48 FF FF FF lea ecx, [ebp+78h+var_130] ; Load Effective Address .text:004250F9 E8 E2 F6 00 00 call sub_4347E0 ; Call Procedure .text:004250FE 68 1C 28 48 00 push offset Str ; Str .text:00425103 8D 4D E4 lea ecx, [ebp+78h+Str2] ; Load Effective Address .text:00425106 E8 55 D4 FD FF call sub_402560 ; Call Procedure .text:00425106 ; } // starts at 4250C3 .text:0042510B ; try { .text:0042510B C6 45 FC 02 mov byte ptr [ebp+78h+var_7C], 2 .text:0042510F C7 45 EC 00 00 00 00 mov [ebp+78h+var_8C], 0 ; ------------------ 清零-------------------------> 大小是20 ; ------------------ 清零-------------------------> 大小是20 ; ------------------ .text:00425116 33 C0 xor eax, eax ; ------------------ 清零-------------------------> 大小是20 .text:00425118 .text:00425118 loc_425118: ; CODE XREF: sub_425050+DD↓j .text:00425118 83 F8 20 cmp eax, 20h ; 比较 eax 寄存器的值与 0x20hex ( 32十进制 ) 进行比较,循环会继续进行直到 eax 的值达到或超过 0x20。 .text:00425118 ; .text:00425118 ; for ( i = 0; i < 32; ++i ) .text:00425118 ; { .text:00425118 ; v72[i] = 0; .text:00425118 ; v71[i] = 0; .text:00425118 ; *((_BYTE *)&v70[1] + i) = 0; .text:00425118 ; } .text:00425118 ; .text:00425118 ; ------》 .text:0042511B 7D 12 jge short loc_42512F ; 如果 eax 的值大于或等于 0x20,跳转到 loc_42512F 结束循环。 .text:0042511D C6 44 05 54 00 mov byte ptr [ebp+eax+84], 0 ; 对一个数组进行初始化【 0 写入内存地址 [ebp + eax + 78h + var_24]。这个操作将一个变量清零,内存地址由基址寄存器 ebp 和偏移量 eax + 78h + var_24 计算得出。】 .text:00425122 C6 44 05 34 00 mov byte ptr [ebp+eax+52], 0 ; 每次循环以后 他 加一,【将 0 写入内存地址 [ebp + eax + 78h + var_44],对另一个变量进行清零。】 .text:00425127 C6 44 05 04 00 mov byte ptr [ebp+eax+4], 0 ; 每次循环以后 他 加一 【: 将 0 写入内存地址 [ebp + eax + 78h + var_74],对第三个变量进行清零。】 .text:0042512C 40 inc eax ; 将 eax 寄存器的值加一。 .text:0042512D EB E9 jmp short loc_425118 ; 跳转回到 loc_425118 处,继续循环。 012FB10 02 00 00 00 8C 02 A9 01 00 00 00 00 00 00 00 00 ................ 012FB20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 012FB30 00 00 00 00 00 00 00 00 // 24 --> 72 , 48* 6* 8 80 FB 12 00 00 00 00 00 ................ 012FB40 64 FC 12 00 A1 00 00 00 00 00 00 00 00 00 00 00 d............... 012FB50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 012FB60 00 00 00 00 00 00 00 00 // 72 00 00 00 00 00 00 00 00 ................ 012FB70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 012FB80 00 00 00 00 00 00 00 00 // 104 ----> 最后的部分清零 42 50 D2 37 9C FB 12 00 ........BP...... 012FB90 C2 1D 44 00 4C 57 48 00 8C 02 A9 01 CC FB 12 00 ..D.LWH......... 012FBA0 D1 1F 44 00 8C 02 A9 01 96 00 00 00 00 00 00 00 ..D............. ; -----------------------; ------------------ 清零-------------------------> 大小是10 ----- -------以后的操作可能只会对这60个byte 进行操作.----------------------------------- .text:0042512F ; --------------------------------------------------------------------------- .text:0042512F .text:0042512F loc_42512F: ; CODE XREF: sub_425050+CB↑j .text:0042512F 33 C0 xor eax, eax ; ,执行了一次循环来初始化一个数组的部分 .text:00425131 .text:00425131 loc_425131: ; CODE XREF: sub_425050+EC↓j .text:00425131 83 F8 10 cmp eax, 10h ; .text:00425131 ; for ( j = 0; j < 16; ++j ) .text:00425131 ; *((_BYTE *)&v70[9] + j) = 0; .text:00425131 ; .text:00425131 ; 比较 eax 寄存器的值与 0x10 (16),也就是说,循环会继续进行直到 eax 的值达到或超过 0x10。 .text:00425134 7D 08 jge short loc_42513E ; 如果 eax 的值大于或等于 0x10,跳转到 loc_42513E 结束循环。 .text:00425136 C6 44 05 24 00 mov byte ptr [ebp+eax+36], 0 ; 将 0 写入内存地址 [ebp + eax + 78h + var_54],对一个变量进行清零。 .text:0042513B 40 inc eax ; 将 eax 寄存器的值加一。 .text:0042513C EB F3 jmp short loc_425131 ; 跳转回到 loc_425131 处,继续循环。 ; ------------------- ; --------------------------------- 初始化----------------------------------------------------- .text:0042513E .text:0042513E loc_42513E: ; CODE XREF: sub_425050+E4↑j .text:0042513E 8B B7 3C 30 01 00 mov esi, [edi+1303Ch] ; 初始化 .text:00425144 B0 0F mov al, 15 ; //------ > 用户名 crack , ESI .text:00425146 88 45 54 mov [ebp+84], al .text:00425149 88 45 5C mov [ebp+92], al .text:0042514C B0 8B mov al, 8Bh .text:0042514E B1 3B mov cl, 3Bh ; ';' .text:00425150 88 45 3E mov [ebp+78h+var_3A], al .text:00425153 88 45 67 mov [ebp+78h+var_11], al .text:00425156 88 45 69 mov [ebp+78h+var_F], al .text:00425159 81 C7 3C 30 01 00 add edi, 1303Ch ; Add .text:0042515F B0 EB mov al, 0EBh .text:00425161 B2 B2 mov dl, 0B2h .text:00425163 88 4D 38 mov [ebp+78h+var_40], cl .text:00425166 88 4D 46 mov [ebp+78h+var_32], cl .text:00425169 88 45 4C mov [ebp+78h+var_2C], al .text:0042516C 88 45 6E mov [ebp+78h+var_A], al .text:0042516F 88 4D 53 mov [ebp+78h+var_25], cl .text:00425172 8B 4E F0 mov ecx, [esi-10h] .text:00425175 83 EE 10 sub esi, 10h ; Integer Subtraction .text:00425178 B0 87 mov al, 87h .text:0042517A 88 55 42 mov [ebp+78h+var_36], dl .text:0042517D 88 55 44 mov [ebp+78h+var_34], dl .text:00425180 8B 11 mov edx, [ecx] .text:00425182 B3 94 mov bl, 94h .text:00425184 88 45 4E mov [ebp+78h+var_2A], al .text:00425187 88 45 4F mov [ebp+78h+var_29], al .text:0042518A 8B 42 10 mov eax, [edx+10h] .text:0042518D C6 45 34 13 mov [ebp+78h+var_44], 13h .text:00425191 C6 45 55 5F mov [ebp+78h+var_23], 5Fh ; '_' .text:00425195 C6 45 35 77 mov [ebp+78h+var_43], 77h ; 'w' .text:00425199 C6 45 56 8A mov [ebp+78h+var_22], 8Ah .text:0042519D C6 45 36 82 mov [ebp+78h+var_42], 82h .text:004251A1 C6 45 57 95 mov [ebp+78h+var_21], 95h .text:004251A5 C6 45 37 75 mov [ebp+78h+var_41], 75h ; 'u' .text:004251A9 C6 45 58 5A mov [ebp+78h+var_20], 5Ah ; 'Z' .text:004251AD C6 45 59 56 mov [ebp+78h+var_1F], 56h ; 'V' .text:004251B1 C6 45 39 59 mov [ebp+78h+var_3F], 59h ; 'Y' .text:004251B5 C6 45 5A 22 mov [ebp+78h+var_1E], 22h ; '"' .text:004251B9 C6 45 3A 47 mov [ebp+78h+var_3E], 47h ; 'G' .text:004251BD C6 45 5B 5D mov [ebp+78h+var_1D], 5Dh ; ']' .text:004251C1 C6 45 3B 58 mov [ebp+78h+var_3D], 58h ; 'X' .text:004251C5 C6 45 3C 9E mov [ebp+78h+var_3C], 9Eh .text:004251C9 C6 45 5D 6B mov [ebp+78h+var_1B], 6Bh ; 'k' .text:004251CD C6 45 3D 27 mov [ebp+78h+var_3B], 27h ; '' ' .text:004251D1 C6 45 5E 40 mov [ebp+78h+var_1A], 40h ; '@' .text:004251D5 C6 45 5F 9A mov [ebp+78h+var_19], 9Ah .text:004251D9 88 5D 3F mov [ebp+78h+var_39], bl .text:004251DC C6 45 60 23 mov [ebp+78h+var_18], 23h ; '#' .text:004251E0 C6 45 40 BF mov [ebp+78h+var_38], 0BFh .text:004251E4 C6 45 61 A4 mov [ebp+78h+var_17], 0A4h .text:004251E8 C6 45 41 11 mov [ebp+78h+var_37], 11h .text:004251EC C6 45 62 61 mov [ebp+78h+var_16], 61h ; 'a' .text:004251F0 C6 45 63 AB mov [ebp+78h+var_15], 0ABh .text:004251F4 C6 45 43 7F mov [ebp+78h+var_35], 7Fh .text:004251F8 C6 45 64 ED mov [ebp+78h+var_14], 0EDh .text:004251FC 88 5D 65 mov [ebp+78h+var_13], bl .text:004251FF C6 45 45 B7 mov [ebp+78h+var_33], 0B7h .text:00425203 C6 45 66 E7 mov [ebp+78h+var_12], 0E7h .text:00425207 C6 45 47 B9 mov [ebp+78h+var_31], 0B9h .text:0042520B C6 45 68 DB mov [ebp+78h+var_10], 0DBh .text:0042520F C6 45 48 8F mov [ebp+78h+var_30], 8Fh .text:00425213 C6 45 49 C5 mov [ebp+78h+var_2F], 0C5h .text:00425217 C6 45 6A 19 mov [ebp+78h+var_E], 25 .text:0042521B C6 45 4A 70 mov [ebp+78h+var_2E], 70h ; 'p' .text:0042521F C6 45 6B D8 mov [ebp+78h+var_D], 0D8h .text:00425223 C6 45 4B 3A mov [ebp+78h+var_2D], 3Ah ; ':' .text:00425227 C6 45 6C C4 mov [ebp+78h+var_C], 0C4h .text:0042522B C6 45 6D 0A mov [ebp+78h+var_B], 0Ah .text:0042522F C6 45 4D 7B mov [ebp+78h+var_2B], 7Bh ; '{' .text:00425233 C6 45 6F 95 mov [ebp+78h+var_9], 95h .text:00425237 C6 45 70 9D mov [ebp+78h+var_8], 9Dh .text:0042523B C6 45 50 59 mov [ebp+78h+var_28], 59h ; 'Y' .text:0042523F C6 45 71 D6 mov [ebp+78h+var_7], 0D6h .text:00425243 C6 45 51 99 mov [ebp+78h+var_27], 99h .text:00425247 C6 45 72 73 mov [ebp+78h+var_6], 73h ; 's' .text:0042524B C6 45 52 08 mov [ebp+78h+var_26], 8 .text:0042524F C6 45 73 B3 mov [ebp+78h+var_5], 0B3h .text:00425253 FF D0 call eax ; Indirect Call Near Procedure .text:00425255 83 7E 0C 00 cmp dword ptr [esi+0Ch], 0 ; Compare Two Operands .text:00425259 8D 4E 0C lea ecx, [esi+0Ch] ; Load Effective Address .text:0042525C 7C 11 jl short loc_42526F ; Jump if Less (SF!=OF) .text:0042525E 3B 06 cmp eax, [esi] ; Compare Two Operands .text:00425260 75 0D jnz short loc_42526F ; 在这里跳转 .text:00425262 8B DE mov ebx, esi .text:00425264 BA 01 00 00 00 mov edx, 1 .text:00425269 F0 0F C1 11 lock xadd [ecx], edx ; t<-dest; dest<-src+dest; src<-t .text:0042526D EB 35 jmp short loc_4252A4 ; // 在这里跳, 3个 位置的 分别的 32bit 的空间,赋值了。 012FB10 02 00 00 00 8C 02 A9 01 00 00 00 00 00 00 00 00 ................ 012FB20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 012FB30 00 00 00 00 00 00 00 00 // 24 --> 72 , 48* 6* 8 80 FB 12 00 00 00 00 00 ................ 012FB40 64 FC 12 00 A1 00 00 00 00 00 00 00 00 00 00 00 d............... 012FB50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 012FB60 00 00 00 00 00 00 00 00 // 72 00 00 00 00 00 00 00 00 ................ 012FB70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 012FB80 00 00 00 00 00 00 00 00 // 104 ----> 最后的部分清零 42 50 D2 37 9C FB 12 00 ........BP...... 012FB90 C2 1D 44 00 4C 57 48 00 8C 02 A9 01 CC FB 12 00 ..D.LWH......... 012FBA0 D1 1F 44 00 8C 02 A9 01 96 00 00 00 00 00 00 00 ..D............. ;--------- > 这是我的做的 [eax+04]0012FB10 02 00 00 00 8C 02 A9 01 00 00 00 00 00 00 00 00 ................ [eax+14]0012FB20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [eax+24]0012FB30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [eax+34]0012FB40 00 00 00 00 00 00 00 00 13 77 82 75 3B 59 47 58 .........w.u;YGX ;---------------- 初始化最后的结果是这两行 [eax+44]0012FB50 9E 27 8B 94 BF 11 B2 7F B2 B7 3B B9 8F C5 70 3A .'........;....: [eax+54]0012FB60 EB 7B 87 87 59 99 08 3B 0F 5F 8A 95 5A 56 22 5D ....Y..;._..ZV"] ;---------------- 初始化最后的结果是这两行 [eax+64]0012FB70 0F 6B 40 9A 23 A4 61 AB ED 94 E7 8B DB 8B 19 D8 .k@. #.a.....ۋ .. [eax+74]0012FB80 C4 0A EB 95 9D D6 73 B3 42 50 D2 37 9C FB 12 00 ..땝 ...BP...... [eax+84]0012FB90 C2 1D 44 00 4C 57 48 00 8C 02 A9 01 CC FB 12 00 ..D.LWH......... [eax+94]0012FBA0 D1 1F 44 00 8C 02 A9 01 96 00 00 00 00 00 00 00 ..D............. [eax+104]0012FBB0 50 50 42 00 00 00 00 00 39 00 00 00 00 00 00 00 PPB.....9....... ; ---------------------> 这里是 天草做的. .text:0042526F ; --------------------------------------------------------------------------- .text:0042526F .text:0042526F loc_42526F: ; CODE XREF: sub_425050+20C↑j .text:0042526F ; sub_425050+210↑j .text:0042526F 8B 4E 04 mov ecx, [esi+4] .text:00425272 8B 10 mov edx, [eax] .text:00425274 8B 12 mov edx, [edx] .text:00425276 6A 01 push 1 .text:00425278 51 push ecx .text:00425279 8B C8 mov ecx, eax .text:0042527B FF D2 call edx ; Indirect Call Near Procedure .text:0042527D 8B D8 mov ebx, eax .text:0042527F 85 DB test ebx, ebx ; Logical Compare .text:00425281 75 05 jnz short loc_425288 ; Jump if Not Zero (ZF=0) .text:00425283 E8 A8 BF FD FF call sub_401230 ; Call Procedure .text:00425288 ; --------------------------------------------------------------------------- .text:00425288 .text:00425288 loc_425288: ; CODE XREF: sub_425050+231↑j .text:00425288 8B 46 04 mov eax, [esi+4] .text:0042528B 89 43 04 mov [ebx+4], eax .text:0042528E 8B 46 04 mov eax, [esi+4] .text:00425291 40 inc eax ; Increment by 1 .text:00425292 50 push eax ; SourceSize .text:00425293 83 C6 10 add esi, 10h ; Add .text:00425296 56 push esi ; Source .text:00425297 50 push eax ; DestinationSize .text:00425298 8D 4B 10 lea ecx, [ebx+10h] ; Load Effective Address .text:0042529B 51 push ecx ; Destination .text:0042529C E8 67 F9 03 00 call _memcpy_s ; Call Procedure .text:004252A1 83 C4 10 add esp, 10h ; Add .text:004252A4 .text:004252A4 loc_4252A4: ; CODE XREF: sub_425050+21D↑j .text:004252A4 83 C3 10 add ebx, 10h ; Add .text:004252A7 89 5D DC mov [ebp+78h+Source], ebx .text:004252AA 8B 45 00 mov eax, [ebp+78h+var_78] .text:004252AD 8B B0 40 30 01 00 mov esi, [eax+13040h] ; ------------》 calleng@gmail.com .text:004252B3 8B 4E F0 mov ecx, [esi-10h] .text:004252B6 8B 11 mov edx, [ecx] .text:004252B8 05 40 30 01 00 add eax, 13040h ; Add .text:004252BD 83 EE 10 sub esi, 10h ; Integer Subtraction .text:004252C0 89 45 E8 mov [ebp+78h+var_90], eax .text:004252C3 8B 42 10 mov eax, [edx+10h] .text:004252C3 ; } // starts at 42510B .text:004252C6 ; try { .text:004252C6 C6 45 FC 03 mov byte ptr [ebp+78h+var_7C], 3 .text:004252CA FF D0 call eax ; Indirect Call Near Procedure .text:004252CC 83 7E 0C 00 cmp dword ptr [esi+0Ch], 0 ; Compare Two Operands .text:004252D0 8D 4E 0C lea ecx, [esi+0Ch] ; Load Effective Address .text:004252D3 7C 11 jl short loc_4252E6 ; Jump if Less (SF!=OF) .text:004252D5 3B 06 cmp eax, [esi] ; Compare Two Operands .text:004252D7 75 0D jnz short loc_4252E6 ; Jump if Not Zero (ZF=0) .text:004252D9 8B DE mov ebx, esi .text:004252DB BA 01 00 00 00 mov edx, 1 .text:004252E0 F0 0F C1 11 lock xadd [ecx], edx ; t<-dest; dest<-src+dest; src<-t .text:004252E4 EB 35 jmp short loc_42531B ; // ---------------------------》 这里发生跳转 .text:004252E6 ; --------------------------------------------------------------------------- .text:004252E6 .text:004252E6 loc_4252E6: ; CODE XREF: sub_425050+283↑j .text:004252E6 ; sub_425050+287↑j .text:004252E6 8B 4E 04 mov ecx, [esi+4] .text:004252E9 8B 10 mov edx, [eax] .text:004252EB 8B 12 mov edx, [edx] .text:004252ED 6A 01 push 1 .text:004252EF 51 push ecx .text:004252F0 8B C8 mov ecx, eax .text:004252F2 FF D2 call edx ; Indirect Call Near Procedure .text:004252F4 8B D8 mov ebx, eax .text:004252F6 85 DB test ebx, ebx ; Logical Compare .text:004252F8 75 05 jnz short loc_4252FF ; Jump if Not Zero (ZF=0) .text:004252FA E8 31 BF FD FF call sub_401230 ; Call Procedure ; ------------------------------ ---字符串连接 -------------------------------------------------------------- .text:004252FF .text:004252FF loc_4252FF: ; CODE XREF: sub_425050+2A8↑j .text:004252FF 8B 46 04 mov eax, [esi+4] .text:00425302 89 43 04 mov [ebx+4], eax .text:00425305 8B 46 04 mov eax, [esi+4] .text:00425308 40 inc eax ; Increment by 1 .text:00425309 50 push eax ; SourceSize .text:0042530A 83 C6 10 add esi, 10h ; Add .text:0042530D 56 push esi ; Source .text:0042530E 50 push eax ; DestinationSize .text:0042530F 8D 4B 10 lea ecx, [ebx+10h] ; Load Effective Address .text:00425312 51 push ecx ; Destination .text:00425313 E8 F0 F8 03 00 call _memcpy_s ; Call Procedure .text:00425318 83 C4 10 add esp, 10h ; 字符串连接 .text:0042531B .text:0042531B loc_42531B: ; CODE XREF: sub_425050+294↑j .text:0042531B 83 C3 10 add ebx, 10h ; Add .text:0042531E 89 5D E0 mov [ebp+78h+var_98], ebx .text:00425321 8B 75 00 mov esi, [ebp+78h+var_78] .text:00425324 8B 86 48 30 01 00 mov eax, [esi+13048h] ; 出现在 EAX 中----------------》数量--》 ASCII “256” .text:0042532A 8B 48 F4 mov ecx, [eax-0Ch] ; --》 hex 内存窗口跟随 .text:0042532D 81 C6 48 30 01 00 add esi, 13048h ; Add .text:00425333 51 push ecx ; DestinationSize .text:00425334 50 push eax ; Str .text:00425335 8B CF mov ecx, edi .text:00425335 ; } // starts at 4252C6 .text:00425337 ; try { .text:00425337 C6 45 FC 04 mov byte ptr [ebp+78h+var_7C], 4 .text:0042533B E8 80 C7 FD FF call sub_401AC0 ; Call Procedure .text:00425340 8B 5D E8 mov ebx, [ebp+78h+var_90] ; // EAX 直接用户名 + 数量 crack256 .text:00425343 53 push ebx .text:00425344 8D 55 E8 lea edx, [ebp+78h+var_90] ; Load Effective Address .text:00425347 56 push esi .text:00425348 52 push edx .text:00425349 E8 82 C9 FD FF call sub_401CD0 ; // 直接数量 + 邮箱 256calleng@gmail.com .text:0042534E 83 C4 0C add esp, 0Ch ; Add .text:00425351 50 push eax .text:00425352 8B CB mov ecx, ebx .text:00425352 ; } // starts at 425337 .text:00425354 ; try { .text:00425354 C6 45 FC 05 mov byte ptr [ebp+78h+var_7C], 5 .text:00425358 E8 93 C8 FD FF call sub_401BF0 ; Call Procedure .text:0042535D 8B 45 E8 mov eax, [ebp+78h+var_90] .text:00425360 83 C0 F0 add eax, 0FFFFFFF0h ; Add .text:00425360 ; } // starts at 425354 .text:00425363 ; try { .text:00425363 C6 45 FC 04 mov byte ptr [ebp+78h+var_7C], 4 .text:00425367 8D 48 0C lea ecx, [eax+0Ch] ; Load Effective Address .text:0042536A 83 CA FF or edx, 0FFFFFFFFh ; Logical Inclusive OR .text:0042536D F0 0F C1 11 lock xadd [ecx], edx ; t<-dest; dest<-src+dest; src<-t .text:00425371 4A dec edx ; Decrement by 1 .text:00425372 85 D2 test edx, edx ; Logical Compare .text:00425374 7F 0A jg short loc_425380 ; Jump if Greater (ZF=0 & SF=OF) .text:00425376 8B 08 mov ecx, [eax] .text:00425378 8B 11 mov edx, [ecx] .text:0042537A 50 push eax .text:0042537B 8B 42 04 mov eax, [edx+4] .text:0042537E FF D0 call eax ; Indirect Call Near Procedure .text:00425380 .text:00425380 loc_425380: ; CODE XREF: sub_425050+324↑j .text:00425380 8B 75 EC mov esi, [ebp+78h+var_8C] .text:00425383 33 C0 xor eax, eax ; Logical Exclusive OR ;--------------------------------<用户名的异或运算>------------------------------------------------------------------------ 这是一个循环体,进行计算! .text:00425385 .text:00425385 loc_425385: ; CODE XREF: sub_425050+35A↓j .text:00425385 8B 0F mov ecx, [edi] ; crack256 .text:00425387 3B 41 F4 cmp eax, [ecx-0Ch] ; Compare Two Operands .text:0042538A 7D 2A jge short loc_4253B6 ; // ----------》 下断 ,F2 .text:0042538C 85 C0 test eax, eax ; Logical Compare .text:0042538E 7C 1C jl short loc_4253AC ; // ----------》 下断 ,F2 .text:00425390 3B 41 F4 cmp eax, [ecx-0Ch] ; Compare Two Operands .text:00425393 7F 17 jg short loc_4253AC ; // ----------》 下断 ,F2 .text:00425395 8A 0C 01 mov cl, [ecx+eax] ; ----》 取 ASCII “Crack256” 的 第 i 个字符 .text:00425398 30 4C 05 54 xor [ebp+eax+84], cl ; -----》 发生异或运算 --------------------> 将两个 ASCII 码 发生异或运算! array( eax+84 ) .text:0042539C 8B 0F mov ecx, [edi] .text:0042539E 3B 41 F4 cmp eax, [ecx-0Ch] ; ecx--0ch 是长度 .text:004253A1 7F 09 jg short loc_4253AC ; // ----------》 下断 ,F2 .text:004253A3 0F B6 14 01 movzx edx, byte ptr [ecx+eax] ; Move with Zero-Extend .text:004253A7 03 F2 add esi, edx ; Add .text:004253A9 40 inc eax ; Increment by 1 .text:004253AA EB D9 jmp short loc_425385 ; ---------》 循环的次数,就是字符串的长度 .text:004253AC ; ----------------<邮箱的异或运算>-------------------------------------------------------------------------------------------------- .text:004253AC .text:004253AC loc_4253AC: ; CODE XREF: sub_425050+33E↑j .text:004253AC ; sub_425050+343↑j ... .text:004253AC 68 57 00 07 80 push 80070057h ; // ----------》 下断 ,F2 .text:004253B1 E8 FA BC FD FF call sub_4010B0 ; // ------------------》 这里程序可能会跑飞 .text:004253B6 ; --------------------------------------------------------------------------- .text:004253B6 .text:004253B6 loc_4253B6: ; CODE XREF: sub_425050+33A↑j .text:004253B6 8B 5D 00 mov ebx, [ebp+78h+var_78] ; // ----------》 下断 ,F2 .text:004253B9 33 C0 xor eax, eax ; Logical Exclusive OR .text:004253BB EB 03 jmp short loc_4253C0 ; 256calleng@gmail。com .text:004253BB ; --------------------------------------------------------------------------- .text:004253BD 8D 49 00 align 10h .text:004253C0 .text:004253C0 loc_4253C0: ; CODE XREF: sub_425050+36B↑j .text:004253C0 ; sub_425050+39D↓j .text:004253C0 8B 8B 40 30 01 00 mov ecx, [ebx+13040h] ; 256calleng@gmail。com .text:004253C6 3B 41 F4 cmp eax, [ecx-0Ch] ; Compare Two Operands .text:004253C9 7D 24 jge short loc_4253EF ; Jump if Greater or Equal (SF=OF) .text:004253CB 85 C0 test eax, eax ; Logical Compare .text:004253CD 7C DD jl short loc_4253AC ; // ----------》 下断 ,F2 .text:004253CF 3B 41 F4 cmp eax, [ecx-0Ch] ; 0ch, 0c后面h代表是16进制------> 12【十进制】 .text:004253D2 7F D8 jg short loc_4253AC ; // ----------》 下断 ,F2 .text:004253D4 8A 0C 01 mov cl, [ecx+eax] ; ---------》 逐个取字符 .text:004253D7 30 4C 05 34 xor [ebp+eax+52], cl ; Logical Exclusive OR .text:004253DB 8B 8B 40 30 01 00 mov ecx, [ebx+13040h] ; calleng@gmail.com .text:004253E1 3B 41 F4 cmp eax, [ecx-12] ; Compare Two Operands .text:004253E4 7F C6 jg short loc_4253AC ; // ----------》 下断 ,F2 .text:004253E6 0F B6 14 01 movzx edx, byte ptr [ecx+eax] ; Move with Zero-Extend .text:004253EA 03 F2 add esi, edx ; Add .text:004253EC 40 inc eax ; Increment by 1 .text:004253ED EB D1 jmp short loc_4253C0 ; 256calleng@gmail。com .text:004253EF ; --------------------------------------------------------------------------- .text:004253EF .text:004253EF loc_4253EF: ; CODE XREF: sub_425050+379↑j .text:004253EF B8 1F 85 EB 51 mov eax, 51EB851Fh .text:004253F4 F7 E6 mul esi ; Unsigned Multiplication of AL or AX .text:004253F6 C1 EA 03 shr edx, 3 ; Shift Logical Right .text:004253F9 6B D2 E7 imul edx, -19h ; Signed Multiply .text:004253FC 03 F2 add esi, edx ; Add .text:004253FE 83 FE 03 cmp esi, 3 ; Compare Two Operands .text:00425401 73 05 jnb short loc_425408 ; Jump if Not Below (CF=0) .text:00425403 BE 19 00 00 00 mov esi, 19h .text:00425408 .text:00425408 loc_425408: ; CODE XREF: sub_425050+3B1↑j .text:00425408 33 C0 xor eax, eax ; Logical Exclusive OR .text:0042540A 8D 9B 00 00 00 00 lea ebx, [ebx+0] ; Load Effective Address .text:00425410 .text:00425410 loc_425410: ; CODE XREF: sub_425050+3D2↓j .text:00425410 83 F8 20 cmp eax, 20h ; ' ' ; ;--------------》 这里的结构体,还是要把这里的数据 全部填充完毕 .text:00425413 7D 0F jge short loc_425424 ; Jump if Greater or Equal (SF=OF) .text:00425415 8A 4C 05 34 mov cl, [ebp+eax+52] .text:00425419 32 4C 05 54 xor cl, [ebp+eax+84] ; Logical Exclusive OR .text:0042541D 40 inc eax ; 这是注释 .text:0042541E 88 4C 05 03 mov [ebp+eax+3], cl .text:00425422 EB EC jmp short loc_425410 ; ;--------------》 这里的结构体,还是要把这里的数据 全部填充完毕 0012FB10 04 00 00 00 8C 02 A9 01 4D 6F 5F E0 6B 51 3C 56 ........Mo_...<V 0012FB20 FF 2B 8B 69 F1 D4 BA B8 71 40 B3 5F 54 4E 69 E2 .+.i....q@._TNi. ; 最后的 XOR 的值 0012FB30 2F 71 6C 12 C4 4F 7B 88 00 00 00 00 00 00 00 00 /ql ...{......... .text:00425424 ; --------------------------------------------------------------------------- .text:00425424 .text:00425424 loc_425424: ; CODE XREF: sub_425050+3C3↑j .text:00425424 33 C9 xor ecx, ecx ; Logical Exclusive OR .text:00425426 .text:00425426 loc_425426: ; CODE XREF: sub_425050+3F3↓j .text:00425426 83 F9 10 cmp ecx, 16 ; Compare Two Operands .text:00425429 7D 1A jge short loc_425445 ; Jump if Greater or Equal (SF=OF) .text:0042542B 0F B6 54 0D 04 movzx edx, byte ptr [ebp+ecx+4] ; Move with Zero-Extend .text:00425430 0F B6 44 0D 14 movzx eax, byte ptr [ebp+ecx+20] ; ebp+ecx+20 ------》 只有等到循环完成后, 才是,真实的位置--》注册码 --》 开始的位置 .text:00425435 33 C2 xor eax, edx ; Logical Exclusive OR .text:00425437 33 D2 xor edx, edx ; Logical Exclusive OR .text:00425439 F7 F6 div esi ; Unsigned Divide .text:0042543B 80 C2 41 add dl, 41h ; 'A' ; Add .text:0042543E 88 54 0D 24 mov [ebp+ecx+36], dl ; [ebp+ecx+36] ------》 只有等到循环完成后, 才是,真实的位置--》注册码 --》 结束的位置 .text:00425442 41 inc ecx ; Increment by 1 .text:00425443 EB E1 jmp short loc_425426 ; Jump 0012FB30 2F 71 6C 12 C4 4F 7B 88 /ql ...{. 45 46 46 43 41 44 42 46 EFFCADBF 0012FB40 46 47 41 45 45 42 45 47 FGAEEBEG 21 42 B4 16 5A 35 2B 3D !B..Z5+= .text:00425445 ; --------------------------------------------------------------------------- 已经跟踪到 和正确的 序列号!! .text:00425445 .text:00425445 loc_425445: ; CODE XREF: sub_425050+3D9↑j .text:00425445 33 F6 xor esi, esi ; Logical Exclusive OR .text:00425447 .text:00425447 loc_425447: ; CODE XREF: sub_425050+443↓j .text:00425447 83 FE 10 cmp esi, 10h ; -----——》 结构体 大小是 10 .text:0042544A 7D 49 jge short loc_425495 ; 比较正码,和假 码的位置 .text:0042544A ; EFFCADBFFGAEEBEG .text:0042544C 0F B6 44 35 24 movzx eax, byte ptr [ebp+esi+36] ; Move with Zero-Extend .text:00425451 6A 01 push 1 ; Size .text:00425453 50 push eax ; char .text:00425454 8D 4D EC lea ecx, [ebp-20] ; Load Effective Address .text:00425457 E8 B4 67 FE FF call sub_40BC10 ; Call Procedure .text:0042545C 8B 00 mov eax, [eax] .text:0042545E 8B 48 F4 mov ecx, [eax-12] .text:00425461 51 push ecx ; DestinationSize .text:00425462 50 push eax ; Str .text:00425463 8D 4D E4 lea ecx, [ebp-28] ; Load Effective Address .text:00425463 ; } // starts at 425363 .text:00425466 ; try { .text:00425466 C6 45 FC 06 mov byte ptr [ebp-4], 6 .text:0042546A E8 51 C6 FD FF call sub_401AC0 ; Call Procedure .text:0042546F 8B 45 EC mov eax, [ebp-20] .text:00425472 83 C0 F0 add eax, 0FFFFFFF0h ; Add .text:00425472 ; } // starts at 425466 .text:00425475 ; try { .text:00425475 C6 45 FC 04 mov byte ptr [ebp-4], 4 .text:00425479 8D 48 0C lea ecx, [eax+12] ; Load Effective Address .text:0042547C 83 CA FF or edx, 0FFFFFFFFh ; Logical Inclusive OR .text:0042547F F0 0F C1 11 lock xadd [ecx], edx ; t<-dest; dest<-src+dest; src<-t .text:00425483 4A dec edx ; Decrement by 1 .text:00425484 85 D2 test edx, edx ; Logical Compare .text:00425486 7F 0A jg short loc_425492 ; Jump if Greater (ZF=0 & SF=OF) .text:00425488 8B 08 mov ecx, [eax] .text:0042548A 8B 11 mov edx, [ecx] .text:0042548C 50 push eax .text:0042548D 8B 42 04 mov eax, [edx+4] .text:00425490 FF D0 call eax ; Indirect Call Near Procedure .text:00425492 .text:00425492 loc_425492: ; CODE XREF: sub_425050+436↑j .text:00425492 46 inc esi ; Increment by 1 .text:00425493 EB B2 jmp short loc_425447 ; -----——》 结构体 大小是 10 .text:00425495 ; --------------------------------------------------------------------------- .text:00425495 .text:00425495 loc_425495: ; CODE XREF: sub_425050+3FA↑j .text:00425495 8B 4D E4 mov ecx, [ebp-28] ; 比较正码,和假 码的位置 .text:00425495 ; EFFCADBFFGAEEBEG .text:00425498 33 C0 xor eax, eax ; Logical Exclusive OR .text:0042549A 85 C9 test ecx, ecx ; Logical Compare .text:0042549C 0F 95 C0 setnz al ; Set Byte if Not Zero (ZF=0) .text:0042549F 85 C0 test eax, eax ; Logical Compare .text:004254A1 75 0A jnz short loc_4254AD ; -------》 发生跳转 .text:004254A3 68 05 40 00 80 push 80004005h .text:004254A8 E8 03 BC FD FF call sub_4010B0 ; Call Procedure .text:004254AD ; --------------------------------------------------------------------------- .text:004254AD .text:004254AD loc_4254AD: ; CODE XREF: sub_425050+451↑j .text:004254AD 8B 83 44 30 01 00 mov eax, [ebx+13044h] ; 比较真假注册码 --》 来自 EAX 的 fake 注册码 0987654321abcdef .text:004254B3 51 push ecx ; Str2 .text:004254B4 50 push eax ; Str1 .text:004254B5 E8 37 F7 03 00 call __mbscmp ; --------------》 strcmp 字符串比较函数 .text:004254BA 83 C4 08 add esp, 8 ; Add .text:004254BD 85 C0 test eax, eax ; Logical Compare .text:004254BF 0F 94 C0 setz al ; Set Byte if Zero (ZF=1) .text:004254C2 84 C0 test al, al ; Logical Compare .text:004254C4 0F 84 66 02 00 00 jz loc_425730 ; ----关键跳转----》 如果 值 = 0, ZF 指针等于 1 ,就跳 .text:004254CA 8B 83 48 30 01 00 mov eax, [ebx+13048h] .text:004254D0 50 push eax ; String .text:004254D1 E8 A2 07 04 00 call _atoi ; Call Procedure .text:004254D6 83 C4 04 add esp, 4 ; Add .text:004254D9 8B F0 mov esi, eax .text:004254DB C7 83 30 30 01 00 01 00 00 00 mov dword ptr [ebx+13030h], 1 .text:004254E5 .text:004254E5 loc_4254E5: ; CODE XREF: sub_425050+4AD↓j .text:004254E5 8B 83 C0 00 00 00 mov eax, [ebx+0C0h] .text:004254EB 3B C6 cmp eax, esi ; Compare Two Operands .text:004254ED 7E 10 jle short loc_4254FF ; Jump if Less or Equal (ZF=1 | SF!=OF) .text:004254EF 48 dec eax ; Decrement by 1 .text:004254F0 8B CB mov ecx, ebx .text:004254F2 89 83 34 30 01 00 mov [ebx+13034h], eax .text:004254F8 E8 C3 C5 FF FF call sub_421AC0 ; Call Procedure .text:004254FD EB E6 jmp short loc_4254E5 ; Jump .text:004254FF ; --------------------------------------------------------------------------- .text:004254FF .text:004254FF loc_4254FF: ; CODE XREF: sub_425050+49D↑j .text:004254FF 8D 8B 48 30 01 00 lea ecx, [ebx+13048h] ; Load Effective Address .text:00425505 51 push ecx ; int .text:00425506 8D 55 E8 lea edx, [ebp+78h+var_90] ; Load Effective Address .text:00425509 68 E8 50 48 00 push offset aOleansoftHidde ; 激活成功 .text:0042550E 52 push edx ; int .text:0042550F C7 83 30 30 01 00 00 00 00 00 mov dword ptr [ebx+13030h], 0 .text:00425519 E8 42 C9 FD FF call sub_401E60 ; Call Procedure .text:0042551E 83 C4 0C add esp, 0Ch ; Add .text:00425521 68 D4 50 48 00 push offset aEmployeesPcs ; " employees PCs" .text:00425526 50 push eax ; int .text:00425527 8D 45 EC lea eax, [ebp+78h+var_8C] ; Load Effective Address .text:0042552A 50 push eax ; int .text:0042552A ; } // starts at 425475 .text:0042552B ; try { .text:0042552B C6 45 FC 07 mov byte ptr [ebp+78h+var_7C], 7 .text:0042552F E8 5C C8 FD FF call sub_401D90 ; Call Procedure .text:00425534 83 C4 0C add esp, 0Ch ; Add .text:00425537 8B 30 mov esi, [eax] .text:00425537 ; } // starts at 42552B .text:00425539 ; try { .text:00425539 C6 45 FC 08 mov byte ptr [ebp+78h+var_7C], 8 .text:0042553D E8 E6 6A 01 00 call ?AfxGetModuleState@@YGPAVAFX_MODULE_STATE@@XZ ; Call Procedure .text:00425542 8B 40 04 mov eax, [eax+4] .text:00425545 8B 48 20 mov ecx, [eax+20h] ; this .text:00425548 56 push esi ; char * .text:00425549 E8 A8 56 01 00 call ?SetWindowTextA@CWnd@@QAEXPBD@Z ; Call Procedure .text:0042554E 8B 45 EC mov eax, [ebp+78h+var_8C] .text:00425551 83 C0 F0 add eax, 0FFFFFFF0h ; Add .text:00425551 ; } // starts at 425539 .text:00425554 ; try { .text:00425554 C6 45 FC 07 mov byte ptr [ebp+78h+var_7C], 7 .text:00425558 8D 48 0C lea ecx, [eax+0Ch] ; Load Effective Address .text:0042555B 83 CA FF or edx, 0FFFFFFFFh ; Logical Inclusive OR .text:0042555E F0 0F C1 11 lock xadd [ecx], edx ; t<-dest; dest<-src+dest; src<-t .text:00425562 4A dec edx ; Decrement by 1 .text:00425563 85 D2 test edx, edx ; Logical Compare .text:00425565 7F 0A jg short loc_425571 ; Jump if Greater (ZF=0 & SF=OF) .text:00425567 8B 08 mov ecx, [eax] .text:00425569 8B 11 mov edx, [ecx] .text:0042556B 50 push eax .text:0042556C 8B 42 04 mov eax, [edx+4] .text:0042556F FF D0 call eax ; Indirect Call Near Procedure .text:00425571 .text:00425571 loc_425571: ; CODE XREF: sub_425050+515↑j .text:00425571 8B 45 E8 mov eax, [ebp+78h+var_90] .text:00425574 83 C0 F0 add eax, 0FFFFFFF0h ; Add .text:00425574 ; } // starts at 425554 .text:00425577 ; try { .text:00425577 C6 45 FC 04 mov byte ptr [ebp+78h+var_7C], 4 .text:0042557B 8D 48 0C lea ecx, [eax+0Ch] ; Load Effective Address .text:0042557E 83 CA FF or edx, 0FFFFFFFFh ; Logical Inclusive OR .text:00425581 F0 0F C1 11 lock xadd [ecx], edx ; t<-dest; dest<-src+dest; src<-t .text:00425585 4A dec edx ; Decrement by 1 .text:00425586 85 D2 test edx, edx ; Logical Compare .text:00425588 7F 0A jg short loc_425594 ; Jump if Greater (ZF=0 & SF=OF) .text:0042558A 8B 08 mov ecx, [eax] .text:0042558C 8B 11 mov edx, [ecx] .text:0042558E 50 push eax .text:0042558F 8B 42 04 mov eax, [edx+4] .text:00425592 FF D0 call eax ; Indirect Call Near Procedure .text:00425594 .text:00425594 loc_425594: ; CODE XREF: sub_425050+538↑j .text:00425594 6A 00 push 0 ; unsigned int .text:00425596 6A 00 push 0 ; uType .text:00425598 68 9C 50 48 00 push offset aFullVersionAct ; "Full version activation has been succes" ... .text:0042559D E8 AD D7 01 00 call ?AfxMessageBox@@YGHPBDII@Z ; Call Procedure .text:004255A2 6A 00 push 0 ; int .text:004255A4 8D 8B 6C 37 01 00 lea ecx, [ebx+1376Ch] ; this .text:004255AA E8 E9 56 01 00 call ?ShowWindow@CWnd@@QAEHH@Z ; Call Procedure .text:004255AF 8B 55 DC mov edx, [ebp+78h+Source] .text:004255B2 8B BB 3C 30 01 00 mov edi, [ebx+1303Ch] .text:004255B8 8D 83 3C 30 01 00 lea eax, [ebx+1303Ch] ; Load Effective Address .text:004255BE 8D 72 F0 lea esi, [edx-10h] ; Load Effective Address .text:004255C1 83 EF 10 sub edi, 10h ; Integer Subtraction .text:004255C4 3B F7 cmp esi, edi ; Compare Two Operands .text:004255C6 0F 84 A1 00 00 00 jz loc_42566D ; Jump if Zero (ZF=1) .text:004255CC 83 7F 0C 00 cmp dword ptr [edi+0Ch], 0 ; Compare Two Operands .text:004255D0 0F 8C 8B 00 00 00 jl loc_425661 ; Jump if Less (SF!=OF) .text:004255D6 8B 0E mov ecx, [esi] .text:004255D8 3B 0F cmp ecx, [edi] ; Compare Two Operands .text:004255DA 0F 85 81 00 00 00 jnz loc_425661 ; Jump if Not Zero (ZF=0) .text:004255E0 8B 11 mov edx, [ecx] .text:004255E2 8B 42 10 mov eax, [edx+10h] .text:004255E5 FF D0 call eax ; Indirect Call Near Procedure .text:004255E7 83 7E 0C 00 cmp dword ptr [esi+0Ch], 0 ; Compare Two Operands .text:004255EB 8D 4E 0C lea ecx, [esi+0Ch] ; Load Effective Address .text:004255EE 7C 11 jl short loc_425601 ; Jump if Less (SF!=OF) .text:004255F0 3B 06 cmp eax, [esi] ; Compare Two Operands .text:004255F2 75 0D jnz short loc_425601 ; Jump if Not Zero (ZF=0) .text:004255F4 8B DE mov ebx, esi .text:004255F6 BA 01 00 00 00 mov edx, 1 .text:004255FB F0 0F C1 11 lock xadd [ecx], edx ; t<-dest; dest<-src+dest; src<-t .text:004255FF EB 35 jmp short loc_425636 ; Jump .text:00425601 ; --------------------------------------------------------------------------- .text:00425601 .text:00425601 loc_425601: ; CODE XREF: sub_425050+59E↑j .text:00425601 ; sub_425050+5A2↑j .text:00425601 8B 4E 04 mov ecx, [esi+4] .text:00425604 8B 10 mov edx, [eax] .text:00425606 8B 12 mov edx, [edx] .text:00425608 6A 01 push 1 .text:0042560A 51 push ecx .text:0042560B 8B C8 mov ecx, eax .text:0042560D FF D2 call edx ; Indirect Call Near Procedure .text:0042560F 8B D8 mov ebx, eax .text:00425611 85 DB test ebx, ebx ; Logical Compare .text:00425613 75 05 jnz short loc_42561A ; Jump if Not Zero (ZF=0) .text:00425615 E8 16 BC FD FF call sub_401230 ; Call Procedure .text:0042561A ; --------------------------------------------------------------------------- .text:0042561A .text:0042561A loc_42561A: ; CODE XREF: sub_425050+5C3↑j .text:0042561A 8B 46 04 mov eax, [esi+4] .text:0042561D 89 43 04 mov [ebx+4], eax .text:00425620 8B 46 04 mov eax, [esi+4] .text:00425623 40 inc eax ; Increment by 1 .text:00425624 50 push eax ; SourceSize .text:00425625 83 C6 10 add esi, 10h ; Add .text:00425628 56 push esi ; Source .text:00425629 50 push eax ; DestinationSize .text:0042562A 8D 4B 10 lea ecx, [ebx+10h] ; Load Effective Address .text:0042562D 51 push ecx ; Destination .text:0042562E E8 D5 F5 03 00 call _memcpy_s ; Call Procedure .text:00425633 83 C4 10 add esp, 10h ; Add .text:00425636 .text:00425636 loc_425636: ; CODE XREF: sub_425050+5AF↑j .text:00425636 8D 47 0C lea eax, [edi+0Ch] ; Load Effective Address .text:00425639 83 CA FF or edx, 0FFFFFFFFh ; Logical Inclusive OR .text:0042563C F0 0F C1 10 lock xadd [eax], edx ; t<-dest; dest<-src+dest; src<-t .text:00425640 4A dec edx ; Decrement by 1 .text:00425641 85 D2 test edx, edx ; Logical Compare .text:00425643 7F 0A jg short loc_42564F ; Jump if Greater (ZF=0 & SF=OF) .text:00425645 8B 0F mov ecx, [edi] .text:00425647 8B 01 mov eax, [ecx] .text:00425649 8B 50 04 mov edx, [eax+4] .text:0042564C 57 push edi .text:0042564D FF D2 call edx ; Indirect Call Near Procedure .text:0042564F .text:0042564F loc_42564F: ; CODE XREF: sub_425050+5F3↑j .text:0042564F 8B 45 00 mov eax, [ebp+78h+var_78] .text:00425652 83 C3 10 add ebx, 10h ; Add .text:00425655 05 3C 30 01 00 add eax, 1303Ch ; Add .text:0042565A 89 18 mov [eax], ebx .text:0042565C 8B 5D 00 mov ebx, [ebp+78h+var_78] .text:0042565F EB 0C jmp short loc_42566D ; Jump .text:00425661 ; --------------------------------------------------------------------------- .text:00425661 .text:00425661 loc_425661: ; CODE XREF: sub_425050+580↑j .text:00425661 ; sub_425050+58A↑j .text:00425661 8B 4A F4 mov ecx, [edx-0Ch] .text:00425664 51 push ecx ; SourceSize .text:00425665 52 push edx ; Source .text:00425666 8B C8 mov ecx, eax .text:00425668 E8 C3 C1 FD FF call sub_401830 ; Call Procedure .text:0042566D .text:0042566D loc_42566D: ; CODE XREF: sub_425050+576↑j .text:0042566D ; sub_425050+60F↑j .text:0042566D 8B 75 E0 mov esi, [ebp+78h+var_98] .text:00425670 8B BB 40 30 01 00 mov edi, [ebx+13040h] .text:00425676 8D 83 40 30 01 00 lea eax, [ebx+13040h] ; Load Effective Address .text:0042567C 83 C6 F0 add esi, 0FFFFFFF0h ; Add .text:0042567F 83 EF 10 sub edi, 10h ; Integer Subtraction .text:00425682 3B F7 cmp esi, edi ; Compare Two Operands .text:00425684 0F 84 B8 00 00 00 jz loc_425742 ; Jump if Zero (ZF=1) .text:0042568A 83 7F 0C 00 cmp dword ptr [edi+0Ch], 0 ; Compare Two Operands .text:0042568E 0F 8C 8B 00 00 00 jl loc_42571F ; Jump if Less (SF!=OF) .text:00425694 8B 0E mov ecx, [esi] .text:00425696 3B 0F cmp ecx, [edi] ; Compare Two Operands .text:00425698 0F 85 81 00 00 00 jnz loc_42571F ; Jump if Not Zero (ZF=0) .text:0042569E 8B 01 mov eax, [ecx] .text:004256A0 8B 50 10 mov edx, [eax+10h] .text:004256A3 FF D2 call edx ; Indirect Call Near Procedure .text:004256A5 83 7E 0C 00 cmp dword ptr [esi+0Ch], 0 ; Compare Two Operands .text:004256A9 8D 4E 0C lea ecx, [esi+0Ch] ; Load Effective Address .text:004256AC 7C 11 jl short loc_4256BF ; Jump if Less (SF!=OF) .text:004256AE 3B 06 cmp eax, [esi] ; Compare Two Operands .text:004256B0 75 0D jnz short loc_4256BF ; Jump if Not Zero (ZF=0) .text:004256B2 8B DE mov ebx, esi .text:004256B4 B8 01 00 00 00 mov eax, 1 .text:004256B9 F0 0F C1 01 lock xadd [ecx], eax ; t<-dest; dest<-src+dest; src<-t .text:004256BD EB 35 jmp short loc_4256F4 ; Jump .text:004256BF ; --------------------------------------------------------------------------- .text:004256BF .text:004256BF loc_4256BF: ; CODE XREF: sub_425050+65C↑j .text:004256BF ; sub_425050+660↑j .text:004256BF 8B 4E 04 mov ecx, [esi+4] .text:004256C2 8B 10 mov edx, [eax] .text:004256C4 8B 12 mov edx, [edx] .text:004256C6 6A 01 push 1 .text:004256C8 51 push ecx .text:004256C9 8B C8 mov ecx, eax .text:004256CB FF D2 call edx ; Indirect Call Near Procedure .text:004256CD 8B D8 mov ebx, eax .text:004256CF 85 DB test ebx, ebx ; Logical Compare .text:004256D1 75 05 jnz short loc_4256D8 ; Jump if Not Zero (ZF=0) .text:004256D3 E8 58 BB FD FF call sub_401230 ; Call Procedure .text:004256D8 ; --------------------------------------------------------------------------- .text:004256D8 .text:004256D8 loc_4256D8: ; CODE XREF: sub_425050+681↑j .text:004256D8 8B 46 04 mov eax, [esi+4] .text:004256DB 89 43 04 mov [ebx+4], eax .text:004256DE 8B 46 04 mov eax, [esi+4] .text:004256E1 40 inc eax ; Increment by 1 .text:004256E2 50 push eax ; SourceSize .text:004256E3 83 C6 10 add esi, 10h ; Add .text:004256E6 56 push esi ; Source .text:004256E7 50 push eax ; DestinationSize .text:004256E8 8D 4B 10 lea ecx, [ebx+10h] ; Load Effective Address .text:004256EB 51 push ecx ; Destination .text:004256EC E8 17 F5 03 00 call _memcpy_s ; Call Procedure .text:004256F1 83 C4 10 add esp, 10h ; Add .text:004256F4 .text:004256F4 loc_4256F4: ; CODE XREF: sub_425050+66D↑j .text:004256F4 8D 47 0C lea eax, [edi+0Ch] ; Load Effective Address .text:004256F7 83 CA FF or edx, 0FFFFFFFFh ; Logical Inclusive OR .text:004256FA F0 0F C1 10 lock xadd [eax], edx ; t<-dest; dest<-src+dest; src<-t .text:004256FE 4A dec edx ; Decrement by 1 .text:004256FF 85 D2 test edx, edx ; Logical Compare .text:00425701 7F 0A jg short loc_42570D ; Jump if Greater (ZF=0 & SF=OF) .text:00425703 8B 0F mov ecx, [edi] .text:00425705 8B 01 mov eax, [ecx] .text:00425707 8B 50 04 mov edx, [eax+4] .text:0042570A 57 push edi .text:0042570B FF D2 call edx ; Indirect Call Near Procedure .text:0042570D .text:0042570D loc_42570D: ; CODE XREF: sub_425050+6B1↑j .text:0042570D 8B 45 00 mov eax, [ebp+78h+var_78] .text:00425710 83 C3 10 add ebx, 10h ; Add .text:00425713 05 40 30 01 00 add eax, 13040h ; Add .text:00425718 89 18 mov [eax], ebx .text:0042571A 8B 5D 00 mov ebx, [ebp+78h+var_78] .text:0042571D EB 23 jmp short loc_425742 ; Jump .text:0042571F ; --------------------------------------------------------------------------- .text:0042571F .text:0042571F loc_42571F: ; CODE XREF: sub_425050+63E↑j .text:0042571F ; sub_425050+648↑j .text:0042571F 8B 55 E0 mov edx, [ebp+78h+var_98] .text:00425722 8B 4A F4 mov ecx, [edx-0Ch] .text:00425725 51 push ecx ; SourceSize .text:00425726 52 push edx ; Source .text:00425727 8B C8 mov ecx, eax .text:00425729 E8 02 C1 FD FF call sub_401830 ; Call Procedure .text:0042572E EB 12 jmp short loc_425742 ; Jump .text:00425730 ; --------------------------------------------------------------------------- .text:00425730 .text:00425730 loc_425730: ; CODE XREF: sub_425050+474↑j .text:00425730 6A 00 push 0 ; unsigned int .text:00425732 6A 00 push 0 ; uType .text:00425734 68 80 50 48 00 push offset aWrongKeyPlease ; "Wrong key! Please try again" .text:00425739 E8 11 D6 01 00 call ?AfxMessageBox@@YGHPBDII@Z ; Call Procedure .text:0042573E 33 C0 xor eax, eax ; Logical Exclusive OR .text:00425740 74 09 jz short loc_42574B ; Jump if Zero (ZF=1) .text:00425742 .text:00425742 loc_425742: ; CODE XREF: sub_425050+634↑j .text:00425742 ; sub_425050+6CD↑j ... .text:00425742 D9 05 44 4B 48 00 fld ds:flt_484B44 ; Load Real .text:00425748 D9 5B 58 fstp dword ptr [ebx+58h] ; Store Real and Pop .text:0042574B .text:0042574B loc_42574B: ; CODE XREF: sub_425050+6F0↑j .text:0042574B 8B 45 E0 mov eax, [ebp+78h+var_98] .text:0042574E 83 C0 F0 add eax, 0FFFFFFF0h ; Add .text:0042574E ; } // starts at 425577 .text:00425751 ; try { .text:00425751 C6 45 FC 03 mov byte ptr [ebp+78h+var_7C], 3 .text:00425755 8D 48 0C lea ecx, [eax+0Ch] ; Load Effective Address .text:00425758 83 CA FF or edx, 0FFFFFFFFh ; Logical Inclusive OR .text:0042575B F0 0F C1 11 lock xadd [ecx], edx ; t<-dest; dest<-src+dest; src<-t .text:0042575F 4A dec edx ; Decrement by 1 .text:00425760 85 D2 test edx, edx ; Logical Compare .text:00425762 7F 0A jg short loc_42576E ; Jump if Greater (ZF=0 & SF=OF) .text:00425764 8B 08 mov ecx, [eax] .text:00425766 8B 11 mov edx, [ecx] .text:00425768 50 push eax .text:00425769 8B 42 04 mov eax, [edx+4] .text:0042576C FF D0 call eax ; Indirect Call Near Procedure .text:0042576E .text:0042576E loc_42576E: ; CODE XREF: sub_425050+712↑j .text:0042576E 8B 45 DC mov eax, [ebp+78h+Source] .text:00425771 83 C0 F0 add eax, 0FFFFFFF0h ; Add .text:00425771 ; } // starts at 425751 .text:00425774 ; try { .text:00425774 C6 45 FC 02 mov byte ptr [ebp+78h+var_7C], 2 .text:00425778 8D 48 0C lea ecx, [eax+0Ch] ; Load Effective Address .text:0042577B 83 CA FF or edx, 0FFFFFFFFh ; Logical Inclusive OR .text:0042577E F0 0F C1 11 lock xadd [ecx], edx ; t<-dest; dest<-src+dest; src<-t .text:00425782 4A dec edx ; Decrement by 1 .text:00425783 85 D2 test edx, edx ; Logical Compare .text:00425785 7F 0A jg short loc_425791 ; Jump if Greater (ZF=0 & SF=OF) .text:00425787 8B 08 mov ecx, [eax] .text:00425789 8B 11 mov edx, [ecx] .text:0042578B 50 push eax .text:0042578C 8B 42 04 mov eax, [edx+4] .text:0042578F FF D0 call eax ; Indirect Call Near Procedure .text:00425791 .text:00425791 loc_425791: ; CODE XREF: sub_425050+735↑j .text:00425791 8B 45 E4 mov eax, [ebp+78h+Str2] .text:00425794 83 C0 F0 add eax, 0FFFFFFF0h ; Add .text:00425794 ; } // starts at 425774 .text:00425797 ; try { .text:00425797 C6 45 FC 01 mov byte ptr [ebp+78h+var_7C], 1 .text:0042579B 8D 48 0C lea ecx, [eax+0Ch] ; Load Effective Address .text:0042579E 83 CA FF or edx, 0FFFFFFFFh ; Logical Inclusive OR .text:004257A1 F0 0F C1 11 lock xadd [ecx], edx ; t<-dest; dest<-src+dest; src<-t .text:004257A5 4A dec edx ; Decrement by 1 .text:004257A6 85 D2 test edx, edx ; Logical Compare .text:004257A8 7F 0A jg short loc_4257B4 ; 跳转到这里 .text:004257AA 8B 08 mov ecx, [eax] .text:004257AC 8B 11 mov edx, [ecx] .text:004257AE 50 push eax .text:004257AF 8B 42 04 mov eax, [edx+4] .text:004257B2 FF D0 call eax ; Indirect Call Near Procedure .text:004257B4 .text:004257B4 loc_4257B4: ; CODE XREF: sub_425050+7F↑j .text:004257B4 ; sub_425050+758↑j .text:004257B4 8B 4D 00 mov ecx, [ebp+78h+var_78] ; 跳转到这里 .text:004257B7 C7 81 50 3D 01 00 00 00 00 00 mov dword ptr [ecx+13D50h], 0 .text:004257C1 8D 8D 48 FF FF FF lea ecx, [ebp+78h+var_130] ; Load Effective Address .text:004257C1 ; } // starts at 425797 .text:004257C7 ; try { .text:004257C7 C6 45 FC 00 mov byte ptr [ebp+78h+var_7C], 0 .text:004257CB E8 D0 EC 00 00 call loc_4344A0 ; Call Procedure .text:004257D0 .text:004257D0 loc_4257D0: ; CODE XREF: sub_425050+7B1↓j .text:004257D0 ; DATA XREF: sub_425050+7AC↓o .text:004257D0 8B 4D F4 mov ecx, [ebp+78h+var_84] .text:004257D3 64 89 0D 00 00 00 00 mov large fs:0, ecx .text:004257DA 59 pop ecx .text:004257DB 5F pop edi .text:004257DC 5E pop esi .text:004257DD 5B pop ebx .text:004257DE 8B 4D 74 mov ecx, [ebp+78h+var_4] .text:004257E1 33 CD xor ecx, ebp ; Logical Exclusive OR .text:004257E3 E8 84 FC 03 00 call sub_46546C ; Call Procedure .text:004257E8 83 C5 78 add ebp, 78h ; 'x' ; Add .text:004257EB 8B E5 mov esp, ebp .text:004257ED 5D pop ebp .text:004257EE C3 retn ; Return Near from Procedure |
赞赏
- [原创动画] 写壳学习之__读取A_PE图标写入到B_PE文件,思路分析 7752
- [原创动画] 破解 ida9.0 的 安卓服务端报错 和 反调试, 课件包含可用服务端,可能存在bug【动画垃圾,求勿喷】 4326
- [分享] ida pro 7.6 在win7 x64 综合解决 ipyida | py3.9.10 | 路径 | idapyswitch 2011
- [原创] macOS 13.3 intel, install keypatch For IDA Pro 9.0 2691
- [分享] calleng 的汇编日记,Hidden Camera Manager算法(考古系列)(天草算法第五课) 1528