-
-
[旧帖] 关于OD问题 0.00雪花
-
发表于: 2006-10-25 14:58
-
我在OD里将程序断在下面,但就是找不到关键跳转,能指导一下吗?本人不胜感激。0041D59E |. FF15 10334200 CALL DWORD PTR DS: 断在这里
[<&USER32.GetWindowTex>; \GetWindowTextA
0041D5A4 |. 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+10] 0041D5A7 |. 6A FF PUSH -1
0041D5A9 |. E8 7BA9FFFF CALL CrackMe2.00417F29
0041D5AE |. EB 0B JMP SHORT CrackMe2.0041D5BB
0041D5B0 |> 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
0041D5B3 |. FF30 PUSH DWORD PTR DS:[EAX] ; /Arg2
0041D5B5 |. 56 PUSH ESI ; |Arg1
0041D5B6 |. E8 4DF7FFFF CALL CrackMe2.0041CD08 ; \CrackMe2.0041CD08
0041D5BB |> 5F POP EDI
0041D5BC |. 5E POP ESI
0041D5BD |. 5D POP EBP
0041D5BE \. C2 0C00 RETN 0C
0041D5C1 /$ 51 PUSH ECX
0041D5C2 |. 53 PUSH EBX
0041D5C3 |. 55 PUSH EBP
0041D5C4 |. 56 PUSH ESI
0041D5C5 |. 57 PUSH EDI
0041D5C6 |. 894C24 10 MOV DWORD PTR SS:[ESP+10],ECX
0041D5CA |. FF15 E8324200 CALL DWORD PTR DS:[<&USER32.GetCapture>] ; [GetCapture
0041D5D0 |. 8B35 D8334200 MOV ESI,DWORD PTR DS:[<&USER32.SendMessa>; USER32.SendMessageA
0041D5D6 |. 8BF8 MOV EDI,EAX
0041D5D8 |. 33ED XOR EBP,EBP
0041D5DA |. BB 65030000 MOV EBX,365
0041D5DF |. 3BFD CMP EDI,EBP
0041D5E1 |. 74 16 JE SHORT CrackMe2.0041D5F9
0041D5E3 |> 55 /PUSH EBP
0041D5E4 |. 55 |PUSH EBP
0041D5E5 |. 53 |PUSH EBX
0041D5E6 |. 57 |PUSH EDI
0041D5E7 |. FFD6 |CALL ESI
0041D5E9 |. 85C0 |TEST EAX,EAX
0041D5EB |. 75 70 |JNZ SHORT CrackMe2.0041D65D
0041D5ED |. 57 |PUSH EDI
0041D5EE |. E8 79C3FFFF |CALL CrackMe2.0041996C
0041D5F3 |. 8BF8 |MOV EDI,EAX
0041D5F5 |. 3BFD |CMP EDI,EBP
0041D5F7 |.^75 EA \JNZ SHORT CrackMe2.0041D5E3
0041D5F9 |> FF15 A4334200 CALL DWORD PTR DS:[<&USER32.GetFocus>] ; [GetFocus
0041D5FF |> 8BF8 /MOV EDI,EAX
0041D601 |. 3BFD |CMP EDI,EBP
0041D603 |. 74 12 |JE SHORT CrackMe2.0041D617
0041D605 |. 55 |PUSH EBP
0041D606 |. 55 |PUSH EBP
0041D607 |. 53 |PUSH EBX
0041D608 |. 57 |PUSH EDI
0041D609 |. FFD6 |CALL ESI
0041D60B |. 85C0 |TEST EAX,EAX
0041D60D |. 75 4E |JNZ SHORT CrackMe2.0041D65D
0041D60F |. 57 |PUSH EDI
0041D610 |. E8 57C3FFFF |CALL CrackMe2.0041996C
0041D615 |.^EB E8 \JMP SHORT CrackMe2.0041D5FF
0041D617 |> 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10]
0041D61B |. E8 91C3FFFF CALL CrackMe2.004199B1
0041D620 |. 3BC5 CMP EAX,EBP
0041D622 |. 75 04 JNZ SHORT CrackMe2.0041D628
0041D624 |. 33C0 XOR EAX,EAX
0041D626 |. EB 03 JMP SHORT CrackMe2.0041D62B
0041D628 |> 8B40 1C MOV EAX,DWORD PTR DS:[EAX+1C]
0041D62B |> 50 PUSH EAX ; /hOwner
0041D62C |. FF15 FC334200 CALL DWORD PTR DS:[<&USER32.GetLastActiv>; \GetLastActivePopup
[<&USER32.GetWindowTex>; \GetWindowTextA
0041D5A4 |. 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+10] 0041D5A7 |. 6A FF PUSH -1
0041D5A9 |. E8 7BA9FFFF CALL CrackMe2.00417F29
0041D5AE |. EB 0B JMP SHORT CrackMe2.0041D5BB
0041D5B0 |> 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
0041D5B3 |. FF30 PUSH DWORD PTR DS:[EAX] ; /Arg2
0041D5B5 |. 56 PUSH ESI ; |Arg1
0041D5B6 |. E8 4DF7FFFF CALL CrackMe2.0041CD08 ; \CrackMe2.0041CD08
0041D5BB |> 5F POP EDI
0041D5BC |. 5E POP ESI
0041D5BD |. 5D POP EBP
0041D5BE \. C2 0C00 RETN 0C
0041D5C1 /$ 51 PUSH ECX
0041D5C2 |. 53 PUSH EBX
0041D5C3 |. 55 PUSH EBP
0041D5C4 |. 56 PUSH ESI
0041D5C5 |. 57 PUSH EDI
0041D5C6 |. 894C24 10 MOV DWORD PTR SS:[ESP+10],ECX
0041D5CA |. FF15 E8324200 CALL DWORD PTR DS:[<&USER32.GetCapture>] ; [GetCapture
0041D5D0 |. 8B35 D8334200 MOV ESI,DWORD PTR DS:[<&USER32.SendMessa>; USER32.SendMessageA
0041D5D6 |. 8BF8 MOV EDI,EAX
0041D5D8 |. 33ED XOR EBP,EBP
0041D5DA |. BB 65030000 MOV EBX,365
0041D5DF |. 3BFD CMP EDI,EBP
0041D5E1 |. 74 16 JE SHORT CrackMe2.0041D5F9
0041D5E3 |> 55 /PUSH EBP
0041D5E4 |. 55 |PUSH EBP
0041D5E5 |. 53 |PUSH EBX
0041D5E6 |. 57 |PUSH EDI
0041D5E7 |. FFD6 |CALL ESI
0041D5E9 |. 85C0 |TEST EAX,EAX
0041D5EB |. 75 70 |JNZ SHORT CrackMe2.0041D65D
0041D5ED |. 57 |PUSH EDI
0041D5EE |. E8 79C3FFFF |CALL CrackMe2.0041996C
0041D5F3 |. 8BF8 |MOV EDI,EAX
0041D5F5 |. 3BFD |CMP EDI,EBP
0041D5F7 |.^75 EA \JNZ SHORT CrackMe2.0041D5E3
0041D5F9 |> FF15 A4334200 CALL DWORD PTR DS:[<&USER32.GetFocus>] ; [GetFocus
0041D5FF |> 8BF8 /MOV EDI,EAX
0041D601 |. 3BFD |CMP EDI,EBP
0041D603 |. 74 12 |JE SHORT CrackMe2.0041D617
0041D605 |. 55 |PUSH EBP
0041D606 |. 55 |PUSH EBP
0041D607 |. 53 |PUSH EBX
0041D608 |. 57 |PUSH EDI
0041D609 |. FFD6 |CALL ESI
0041D60B |. 85C0 |TEST EAX,EAX
0041D60D |. 75 4E |JNZ SHORT CrackMe2.0041D65D
0041D60F |. 57 |PUSH EDI
0041D610 |. E8 57C3FFFF |CALL CrackMe2.0041996C
0041D615 |.^EB E8 \JMP SHORT CrackMe2.0041D5FF
0041D617 |> 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10]
0041D61B |. E8 91C3FFFF CALL CrackMe2.004199B1
0041D620 |. 3BC5 CMP EAX,EBP
0041D622 |. 75 04 JNZ SHORT CrackMe2.0041D628
0041D624 |. 33C0 XOR EAX,EAX
0041D626 |. EB 03 JMP SHORT CrackMe2.0041D62B
0041D628 |> 8B40 1C MOV EAX,DWORD PTR DS:[EAX+1C]
0041D62B |> 50 PUSH EAX ; /hOwner
0041D62C |. FF15 FC334200 CALL DWORD PTR DS:[<&USER32.GetLastActiv>; \GetLastActivePopup
