[求助]从加密光盘抽取文件汇编问题求助-软件逆向-看雪-安全社区|安全招聘|kanxue.com

最新回复 (4)
topland 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 16 粉丝 0 关注私信	topland 2 楼看的人多,回复的人没有。想问大家，因加壳或可执行文件被填充了大量垃圾数据，导致程序的入口点超出代码范围，以致可以找到调试地址，但无法找到修改地址这种情况如何解决？ 2006-12-21 15:39 0
wangshq397 雪币： 277 活跃值： (312) 能力值： ( LV9，RANK：330 ) 在线值：发帖 59 回帖 650 粉丝 0 关注私信	wangshq397 8 3 楼 http://blog.csdn.net/gc801/archive/2005/12/27/562938.aspx 2006-12-21 19:05 0
topland 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 16 粉丝 0 关注私信	topland 4 楼破解过程中得到gc801帮助。但他对此也是无能为力。 2006-12-23 17:32 0
topland 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 16 粉丝 0 关注私信	topland 5 楼 00CD4394 8B85 AD394400 MOV EAX,DWORD PTR SS:[EBP+4439AD] /EAX=00441AFC 00CD439A 50 PUSH EAX ; CDFACE.00441AFC 00CD439B 0385 FC494400 ADD EAX,DWORD PTR SS:[EBP+4449FC] /EAX=00841AFC 00CD43A1 59 POP ECX 00CD43A2 0BC9 OR ECX,ECX 00CD43A4 8985 E63C4400 MOV DWORD PTR SS:[EBP+443CE6],EAX 00CD43AA 61 POPAD 00CD43AB 75 08 JNZ SHORT CDFACE.00CD43B5 00CD43AD B8 01000000 MOV EAX,1 00CD43B2 C2 0C00 RETN 0C 00CD43B5 68 00000000 PUSH 0 /执行到00CD43AA时此条语句改为：PUSH CDFACE.00841AFC 00CD43BA C3 RETN 这时进入到一个地址，可以编辑调试，但无法保存。请问大家有什么办法？＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝附此段完整代码： 00CD4007 E8 24040000 CALL CDFACE.00CD4430 00CD400C EB 00 JMP SHORT CDFACE.00CD400E 00CD400E BB 30394400 MOV EBX,CDFACE.00443930 00CD4013 03DD ADD EBX,EBP 00CD4015 2B9D D03F4400 SUB EBX,DWORD PTR SS:[EBP+443FD0] 00CD401B 83BD FC494400 0>CMP DWORD PTR SS:[EBP+4449FC],0 00CD4022 899D FC494400 MOV DWORD PTR SS:[EBP+4449FC],EBX 00CD4028 0F85 66030000 JNZ CDFACE.00CD4394 00CD402E C785 33394400 0>MOV DWORD PTR SS:[EBP+443933],0 00CD4038 8D85 044A4400 LEA EAX,DWORD PTR SS:[EBP+444A04] 00CD403E 50 PUSH EAX 00CD403F FF95 004B4400 CALL NEAR DWORD PTR SS:[EBP+444B00] 00CD4045 8985 004A4400 MOV DWORD PTR SS:[EBP+444A00],EAX 00CD404B 8BF8 MOV EDI,EAX 00CD404D 8D9D 114A4400 LEA EBX,DWORD PTR SS:[EBP+444A11] 00CD4053 53 PUSH EBX 00CD4054 50 PUSH EAX 00CD4055 FF95 FC4A4400 CALL NEAR DWORD PTR SS:[EBP+444AFC] 00CD405B 8985 FC3F4400 MOV DWORD PTR SS:[EBP+443FFC],EAX 00CD4061 8D9D 1E4A4400 LEA EBX,DWORD PTR SS:[EBP+444A1E] 00CD4067 53 PUSH EBX 00CD4068 57 PUSH EDI 00CD4069 FF95 FC4A4400 CALL NEAR DWORD PTR SS:[EBP+444AFC] 00CD406F 8985 00404400 MOV DWORD PTR SS:[EBP+444000],EAX 00CD4075 8D85 B5394400 LEA EAX,DWORD PTR SS:[EBP+4439B5] 00CD407B FFE0 JMP NEAR EAX 00CD407D FC CLD 00CD407E 1A4400 00 SBB AL,BYTE PTR DS:[EAX+EAX] 00CD4082 E0 4A LOOPDNE SHORT CDFACE.00CD40CE 00CD4084 008B 9DD83F44 ADD BYTE PTR DS:[EBX+443FD89D],CL 00CD408A 000B ADD BYTE PTR DS:[EBX],CL 00CD408C DB ??? ; 未知命令 00CD408D 74 0A JE SHORT CDFACE.00CD4099 00CD408F 8B03 MOV EAX,DWORD PTR DS:[EBX] 00CD4091 8785 DC3F4400 XCHG DWORD PTR SS:[EBP+443FDC],EAX 00CD4097 8903 MOV DWORD PTR DS:[EBX],EAX 00CD4099 8DB5 19404400 LEA ESI,DWORD PTR SS:[EBP+444019] 00CD409F 833E 00 CMP DWORD PTR DS:[ESI],0 00CD40A2 0F84 1F010000 JE CDFACE.00CD41C7 00CD40A8 8DB5 19404400 LEA ESI,DWORD PTR SS:[EBP+444019] 00CD40AE 6A 04 PUSH 4 00CD40B0 68 00100000 PUSH 1000 00CD40B5 68 00180000 PUSH 1800 00CD40BA 6A 00 PUSH 0 00CD40BC FF95 FC3F4400 CALL NEAR DWORD PTR SS:[EBP+443FFC] 00CD40C2 8985 F83F4400 MOV DWORD PTR SS:[EBP+443FF8],EAX 00CD40C8 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4] 00CD40CB 05 0E010000 ADD EAX,10E 00CD40D0 6A 04 PUSH 4 00CD40D2 68 00100000 PUSH 1000 00CD40D7 50 PUSH EAX 00CD40D8 6A 00 PUSH 0 00CD40DA FF95 FC3F4400 CALL NEAR DWORD PTR SS:[EBP+443FFC] 00CD40E0 8985 F43F4400 MOV DWORD PTR SS:[EBP+443FF4],EAX 00CD40E6 56 PUSH ESI 00CD40E7 8B1E MOV EBX,DWORD PTR DS:[ESI] 00CD40E9 039D FC494400 ADD EBX,DWORD PTR SS:[EBP+4449FC] 00CD40EF FFB5 F83F4400 PUSH DWORD PTR SS:[EBP+443FF8] 00CD40F5 FF76 04 PUSH DWORD PTR DS:[ESI+4] 00CD40F8 50 PUSH EAX 00CD40F9 53 PUSH EBX 00CD40FA E8 DA060000 CALL CDFACE.00CD47D9 00CD40FF 80BD 10404400 0>CMP BYTE PTR SS:[EBP+444010],0 00CD4106 75 5E JNZ SHORT CDFACE.00CD4166 00CD4108 FE85 10404400 INC BYTE PTR SS:[EBP+444010] 00CD410E 8B3E MOV EDI,DWORD PTR DS:[ESI] 00CD4110 03BD FC494400 ADD EDI,DWORD PTR SS:[EBP+4449FC] 00CD4116 FF37 PUSH DWORD PTR DS:[EDI] 00CD4118 C607 C3 MOV BYTE PTR DS:[EDI],0C3 00CD411B FFD7 CALL NEAR EDI 00CD411D 8F07 POP DWORD PTR DS:[EDI] 00CD411F 50 PUSH EAX 00CD4120 51 PUSH ECX 00CD4121 56 PUSH ESI 00CD4122 53 PUSH EBX 00CD4123 8BC8 MOV ECX,EAX 00CD4125 83E9 06 SUB ECX,6 00CD4128 8BB5 F43F4400 MOV ESI,DWORD PTR SS:[EBP+443FF4] 00CD412E 33DB XOR EBX,EBX 00CD4130 0BC9 OR ECX,ECX 00CD4132 74 2E JE SHORT CDFACE.00CD4162 00CD4134 78 2C JS SHORT CDFACE.00CD4162 00CD4136 AC LODS BYTE PTR DS:[ESI] 00CD4137 3C E8 CMP AL,0E8 00CD4139 74 0A JE SHORT CDFACE.00CD4145 00CD413B EB 00 JMP SHORT CDFACE.00CD413D 00CD413D 3C E9 CMP AL,0E9 00CD413F 74 04 JE SHORT CDFACE.00CD4145 00CD4141 43 INC EBX 00CD4142 49 DEC ECX 00CD4143 ^ EB EB JMP SHORT CDFACE.00CD4130 00CD4145 8B06 MOV EAX,DWORD PTR DS:[ESI] 00CD4147 EB 0A JMP SHORT CDFACE.00CD4153 00CD4149 803E 0D CMP BYTE PTR DS:[ESI],0D 00CD414C ^ 75 F3 JNZ SHORT CDFACE.00CD4141 00CD414E 24 00 AND AL,0 00CD4150 C1C0 18 ROL EAX,18 00CD4153 2BC3 SUB EAX,EBX 00CD4155 8906 MOV DWORD PTR DS:[ESI],EAX 00CD4157 83C3 05 ADD EBX,5 00CD415A 83C6 04 ADD ESI,4 00CD415D 83E9 05 SUB ECX,5 00CD4160 ^ EB CE JMP SHORT CDFACE.00CD4130 00CD4162 5B POP EBX 00CD4163 5E POP ESI 00CD4164 59 POP ECX 00CD4165 58 POP EAX 00CD4166 8BC8 MOV ECX,EAX 00CD4168 8B3E MOV EDI,DWORD PTR DS:[ESI] 00CD416A 03BD FC494400 ADD EDI,DWORD PTR SS:[EBP+4449FC] 00CD4170 8BB5 F43F4400 MOV ESI,DWORD PTR SS:[EBP+443FF4] 00CD4176 C1F9 02 SAR ECX,2 00CD4179 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> 00CD417B 8BC8 MOV ECX,EAX 00CD417D 83E1 03 AND ECX,3 00CD4180 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[> 00CD4182 5E POP ESI 00CD4183 68 00800000 PUSH 8000 00CD4188 6A 00 PUSH 0 00CD418A FFB5 F43F4400 PUSH DWORD PTR SS:[EBP+443FF4] 00CD4190 FF95 00404400 CALL NEAR DWORD PTR SS:[EBP+444000] 00CD4196 83C6 08 ADD ESI,8 00CD4199 833E 00 CMP DWORD PTR DS:[ESI],0 00CD419C ^ 0F85 26FFFFFF JNZ CDFACE.00CD40C8 00CD41A2 68 00800000 PUSH 8000 00CD41A7 6A 00 PUSH 0 00CD41A9 FFB5 F83F4400 PUSH DWORD PTR SS:[EBP+443FF8] 00CD41AF FF95 00404400 CALL NEAR DWORD PTR SS:[EBP+444000] 00CD41B5 8B9D D83F4400 MOV EBX,DWORD PTR SS:[EBP+443FD8] 00CD41BB 0BDB OR EBX,EBX 00CD41BD 74 08 JE SHORT CDFACE.00CD41C7 00CD41BF 8B03 MOV EAX,DWORD PTR DS:[EBX] 00CD41C1 8785 DC3F4400 XCHG DWORD PTR SS:[EBP+443FDC],EAX 00CD41C7 8B95 FC494400 MOV EDX,DWORD PTR SS:[EBP+4449FC] 00CD41CD 8B85 D43F4400 MOV EAX,DWORD PTR SS:[EBP+443FD4] 00CD41D3 2BD0 SUB EDX,EAX 00CD41D5 74 79 JE SHORT CDFACE.00CD4250 00CD41D7 8BC2 MOV EAX,EDX 00CD41D9 C1E8 10 SHR EAX,10 00CD41DC 33DB XOR EBX,EBX 00CD41DE 8BB5 E03F4400 MOV ESI,DWORD PTR SS:[EBP+443FE0] 00CD41E4 03B5 FC494400 ADD ESI,DWORD PTR SS:[EBP+4449FC] 00CD41EA 833E 00 CMP DWORD PTR DS:[ESI],0 00CD41ED 74 61 JE SHORT CDFACE.00CD4250 00CD41EF 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+4] 00CD41F2 83E9 08 SUB ECX,8 00CD41F5 D1E9 SHR ECX,1 00CD41F7 8B3E MOV EDI,DWORD PTR DS:[ESI] 00CD41F9 03BD FC494400 ADD EDI,DWORD PTR SS:[EBP+4449FC] 00CD41FF 83C6 08 ADD ESI,8 00CD4202 66:8B1E MOV BX,WORD PTR DS:[ESI] 00CD4205 C1EB 0C SHR EBX,0C 00CD4208 83FB 01 CMP EBX,1 00CD420B 74 0C JE SHORT CDFACE.00CD4219 00CD420D 83FB 02 CMP EBX,2 00CD4210 74 16 JE SHORT CDFACE.00CD4228 00CD4212 83FB 03 CMP EBX,3 00CD4215 74 20 JE SHORT CDFACE.00CD4237 00CD4217 EB 2C JMP SHORT CDFACE.00CD4245 00CD4219 66:8B1E MOV BX,WORD PTR DS:[ESI] 00CD421C 81E3 FF0F0000 AND EBX,0FFF 00CD4222 66:01041F ADD WORD PTR DS:[EDI+EBX],AX 00CD4226 EB 1D JMP SHORT CDFACE.00CD4245 00CD4228 66:8B1E MOV BX,WORD PTR DS:[ESI] 00CD422B 81E3 FF0F0000 AND EBX,0FFF 00CD4231 66:01141F ADD WORD PTR DS:[EDI+EBX],DX 00CD4235 EB 0E JMP SHORT CDFACE.00CD4245 00CD4237 66:8B1E MOV BX,WORD PTR DS:[ESI] 00CD423A 81E3 FF0F0000 AND EBX,0FFF 00CD4240 01141F ADD DWORD PTR DS:[EDI+EBX],EDX 00CD4243 EB 00 JMP SHORT CDFACE.00CD4245 00CD4245 66:830E FF OR WORD PTR DS:[ESI],0FFFF 00CD4249 83C6 02 ADD ESI,2 00CD424C ^ E2 B4 LOOPD SHORT CDFACE.00CD4202 00CD424E ^ EB 9A JMP SHORT CDFACE.00CD41EA 00CD4250 8B95 FC494400 MOV EDX,DWORD PTR SS:[EBP+4449FC] 00CD4256 8BB5 E83F4400 MOV ESI,DWORD PTR SS:[EBP+443FE8] 00CD425C 0BF6 OR ESI,ESI 00CD425E 74 11 JE SHORT CDFACE.00CD4271 00CD4260 03F2 ADD ESI,EDX 00CD4262 AD LODS DWORD PTR DS:[ESI] 00CD4263 0BC0 OR EAX,EAX 00CD4265 74 0A JE SHORT CDFACE.00CD4271 00CD4267 03C2 ADD EAX,EDX 00CD4269 8BF8 MOV EDI,EAX 00CD426B 66:AD LODS WORD PTR DS:[ESI] 00CD426D 66:AB STOS WORD PTR ES:[EDI] 00CD426F ^ EB F1 JMP SHORT CDFACE.00CD4262 00CD4271 8BB5 B1394400 MOV ESI,DWORD PTR SS:[EBP+4439B1] 00CD4277 8B95 FC494400 MOV EDX,DWORD PTR SS:[EBP+4449FC] 00CD427D 03F2 ADD ESI,EDX 00CD427F 8B46 0C MOV EAX,DWORD PTR DS:[ESI+C] 00CD4282 85C0 TEST EAX,EAX 00CD4284 0F84 0A010000 JE CDFACE.00CD4394 00CD428A 03C2 ADD EAX,EDX 00CD428C 8BD8 MOV EBX,EAX 00CD428E 50 PUSH EAX 00CD428F FF95 004B4400 CALL NEAR DWORD PTR SS:[EBP+444B00] 00CD4295 85C0 TEST EAX,EAX 00CD4297 75 07 JNZ SHORT CDFACE.00CD42A0 00CD4299 53 PUSH EBX 00CD429A FF95 044B4400 CALL NEAR DWORD PTR SS:[EBP+444B04] 00CD42A0 8985 EC3F4400 MOV DWORD PTR SS:[EBP+443FEC],EAX 00CD42A6 C785 F03F4400 0>MOV DWORD PTR SS:[EBP+443FF0],0 00CD42B0 8B95 FC494400 MOV EDX,DWORD PTR SS:[EBP+4449FC] 00CD42B6 8B06 MOV EAX,DWORD PTR DS:[ESI] 00CD42B8 85C0 TEST EAX,EAX 00CD42BA 75 03 JNZ SHORT CDFACE.00CD42BF 00CD42BC 8B46 10 MOV EAX,DWORD PTR DS:[ESI+10] 00CD42BF 03C2 ADD EAX,EDX 00CD42C1 0385 F03F4400 ADD EAX,DWORD PTR SS:[EBP+443FF0] 00CD42C7 8B18 MOV EBX,DWORD PTR DS:[EAX] 00CD42C9 8B7E 10 MOV EDI,DWORD PTR DS:[ESI+10] 00CD42CC 03FA ADD EDI,EDX 00CD42CE 03BD F03F4400 ADD EDI,DWORD PTR SS:[EBP+443FF0] 00CD42D4 85DB TEST EBX,EBX 00CD42D6 0F84 A2000000 JE CDFACE.00CD437E 00CD42DC F7C3 00000080 TEST EBX,80000000 00CD42E2 75 04 JNZ SHORT CDFACE.00CD42E8 00CD42E4 03DA ADD EBX,EDX 00CD42E6 43 INC EBX 00CD42E7 43 INC EBX 00CD42E8 53 PUSH EBX 00CD42E9 81E3 FFFFFF7F AND EBX,7FFFFFFF 00CD42EF 53 PUSH EBX 00CD42F0 FFB5 EC3F4400 PUSH DWORD PTR SS:[EBP+443FEC] 00CD42F6 FF95 FC4A4400 CALL NEAR DWORD PTR SS:[EBP+444AFC] 00CD42FC 85C0 TEST EAX,EAX 00CD42FE 5B POP EBX 00CD42FF 75 6F JNZ SHORT CDFACE.00CD4370 00CD4301 F7C3 00000080 TEST EBX,80000000 00CD4307 75 19 JNZ SHORT CDFACE.00CD4322 00CD4309 57 PUSH EDI 00CD430A 8B46 0C MOV EAX,DWORD PTR DS:[ESI+C] 00CD430D 0385 FC494400 ADD EAX,DWORD PTR SS:[EBP+4449FC] 00CD4313 50 PUSH EAX 00CD4314 53 PUSH EBX 00CD4315 8D85 684A4400 LEA EAX,DWORD PTR SS:[EBP+444A68] 00CD431B 50 PUSH EAX 00CD431C 57 PUSH EDI 00CD431D E9 99000000 JMP CDFACE.00CD43BB 00CD4322 81E3 FFFFFF7F AND EBX,7FFFFFFF 00CD4328 8B85 004A4400 MOV EAX,DWORD PTR SS:[EBP+444A00] 00CD432E 3985 EC3F4400 CMP DWORD PTR SS:[EBP+443FEC],EAX 00CD4334 75 24 JNZ SHORT CDFACE.00CD435A 00CD4336 57 PUSH EDI 00CD4337 8BD3 MOV EDX,EBX 00CD4339 4A DEC EDX 00CD433A C1E2 02 SHL EDX,2 00CD433D 8B9D EC3F4400 MOV EBX,DWORD PTR SS:[EBP+443FEC] 00CD4343 8B7B 3C MOV EDI,DWORD PTR DS:[EBX+3C] 00CD4346 8B7C3B 78 MOV EDI,DWORD PTR DS:[EBX+EDI+78] 00CD434A 035C3B 1C ADD EBX,DWORD PTR DS:[EBX+EDI+1C] 00CD434E 8B0413 MOV EAX,DWORD PTR DS:[EBX+EDX] 00CD4351 0385 EC3F4400 ADD EAX,DWORD PTR SS:[EBP+443FEC] 00CD4357 5F POP EDI 00CD4358 EB 16 JMP SHORT CDFACE.00CD4370 00CD435A 57 PUSH EDI 00CD435B 8B46 0C MOV EAX,DWORD PTR DS:[ESI+C] 00CD435E 0385 FC494400 ADD EAX,DWORD PTR SS:[EBP+4449FC] 00CD4364 50 PUSH EAX 00CD4365 53 PUSH EBX 00CD4366 8D85 B94A4400 LEA EAX,DWORD PTR SS:[EBP+444AB9] 00CD436C 50 PUSH EAX 00CD436D 57 PUSH EDI 00CD436E EB 4B JMP SHORT CDFACE.00CD43BB 00CD4370 8907 MOV DWORD PTR DS:[EDI],EAX 00CD4372 8385 F03F4400 0>ADD DWORD PTR SS:[EBP+443FF0],4 00CD4379 ^ E9 32FFFFFF JMP CDFACE.00CD42B0 00CD437E 8906 MOV DWORD PTR DS:[ESI],EAX 00CD4380 8946 0C MOV DWORD PTR DS:[ESI+C],EAX 00CD4383 8946 10 MOV DWORD PTR DS:[ESI+10],EAX 00CD4386 83C6 14 ADD ESI,14 00CD4389 8B95 FC494400 MOV EDX,DWORD PTR SS:[EBP+4449FC] 00CD438F ^ E9 EBFEFFFF JMP CDFACE.00CD427F 00CD4394 8B85 AD394400 MOV EAX,DWORD PTR SS:[EBP+4439AD] 00CD439A 50 PUSH EAX 00CD439B 0385 FC494400 ADD EAX,DWORD PTR SS:[EBP+4449FC] 00CD43A1 59 POP ECX 00CD43A2 0BC9 OR ECX,ECX 00CD43A4 8985 E63C4400 MOV DWORD PTR SS:[EBP+443CE6],EAX 00CD43AA 61 POPAD 00CD43AB 75 08 JNZ SHORT CDFACE.00CD43B5 00CD43AD B8 01000000 MOV EAX,1 00CD43B2 C2 0C00 RETN 0C 00CD43B5 68 00000000 PUSH 0 00CD43BA C3 RETN 2006-12-24 19:39 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (4)
topland 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 16 粉丝 0 关注私信	topland 2 楼看的人多,回复的人没有。想问大家，因加壳或可执行文件被填充了大量垃圾数据，导致程序的入口点超出代码范围，以致可以找到调试地址，但无法找到修改地址这种情况如何解决？ 2006-12-21 15:39 0
wangshq397 雪币： 277 活跃值： (312) 能力值： ( LV9，RANK：330 ) 在线值：发帖 59 回帖 650 粉丝 0 关注私信	wangshq397 8 3 楼 http://blog.csdn.net/gc801/archive/2005/12/27/562938.aspx 2006-12-21 19:05 0
topland 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 16 粉丝 0 关注私信	topland 4 楼破解过程中得到gc801帮助。但他对此也是无能为力。 2006-12-23 17:32 0
topland 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 16 粉丝 0 关注私信	topland 5 楼 00CD4394 8B85 AD394400 MOV EAX,DWORD PTR SS:[EBP+4439AD] /EAX=00441AFC 00CD439A 50 PUSH EAX ; CDFACE.00441AFC 00CD439B 0385 FC494400 ADD EAX,DWORD PTR SS:[EBP+4449FC] /EAX=00841AFC 00CD43A1 59 POP ECX 00CD43A2 0BC9 OR ECX,ECX 00CD43A4 8985 E63C4400 MOV DWORD PTR SS:[EBP+443CE6],EAX 00CD43AA 61 POPAD 00CD43AB 75 08 JNZ SHORT CDFACE.00CD43B5 00CD43AD B8 01000000 MOV EAX,1 00CD43B2 C2 0C00 RETN 0C 00CD43B5 68 00000000 PUSH 0 /执行到00CD43AA时此条语句改为：PUSH CDFACE.00841AFC 00CD43BA C3 RETN 这时进入到一个地址，可以编辑调试，但无法保存。请问大家有什么办法？＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝附此段完整代码： 00CD4007 E8 24040000 CALL CDFACE.00CD4430 00CD400C EB 00 JMP SHORT CDFACE.00CD400E 00CD400E BB 30394400 MOV EBX,CDFACE.00443930 00CD4013 03DD ADD EBX,EBP 00CD4015 2B9D D03F4400 SUB EBX,DWORD PTR SS:[EBP+443FD0] 00CD401B 83BD FC494400 0>CMP DWORD PTR SS:[EBP+4449FC],0 00CD4022 899D FC494400 MOV DWORD PTR SS:[EBP+4449FC],EBX 00CD4028 0F85 66030000 JNZ CDFACE.00CD4394 00CD402E C785 33394400 0>MOV DWORD PTR SS:[EBP+443933],0 00CD4038 8D85 044A4400 LEA EAX,DWORD PTR SS:[EBP+444A04] 00CD403E 50 PUSH EAX 00CD403F FF95 004B4400 CALL NEAR DWORD PTR SS:[EBP+444B00] 00CD4045 8985 004A4400 MOV DWORD PTR SS:[EBP+444A00],EAX 00CD404B 8BF8 MOV EDI,EAX 00CD404D 8D9D 114A4400 LEA EBX,DWORD PTR SS:[EBP+444A11] 00CD4053 53 PUSH EBX 00CD4054 50 PUSH EAX 00CD4055 FF95 FC4A4400 CALL NEAR DWORD PTR SS:[EBP+444AFC] 00CD405B 8985 FC3F4400 MOV DWORD PTR SS:[EBP+443FFC],EAX 00CD4061 8D9D 1E4A4400 LEA EBX,DWORD PTR SS:[EBP+444A1E] 00CD4067 53 PUSH EBX 00CD4068 57 PUSH EDI 00CD4069 FF95 FC4A4400 CALL NEAR DWORD PTR SS:[EBP+444AFC] 00CD406F 8985 00404400 MOV DWORD PTR SS:[EBP+444000],EAX 00CD4075 8D85 B5394400 LEA EAX,DWORD PTR SS:[EBP+4439B5] 00CD407B FFE0 JMP NEAR EAX 00CD407D FC CLD 00CD407E 1A4400 00 SBB AL,BYTE PTR DS:[EAX+EAX] 00CD4082 E0 4A LOOPDNE SHORT CDFACE.00CD40CE 00CD4084 008B 9DD83F44 ADD BYTE PTR DS:[EBX+443FD89D],CL 00CD408A 000B ADD BYTE PTR DS:[EBX],CL 00CD408C DB ??? ; 未知命令 00CD408D 74 0A JE SHORT CDFACE.00CD4099 00CD408F 8B03 MOV EAX,DWORD PTR DS:[EBX] 00CD4091 8785 DC3F4400 XCHG DWORD PTR SS:[EBP+443FDC],EAX 00CD4097 8903 MOV DWORD PTR DS:[EBX],EAX 00CD4099 8DB5 19404400 LEA ESI,DWORD PTR SS:[EBP+444019] 00CD409F 833E 00 CMP DWORD PTR DS:[ESI],0 00CD40A2 0F84 1F010000 JE CDFACE.00CD41C7 00CD40A8 8DB5 19404400 LEA ESI,DWORD PTR SS:[EBP+444019] 00CD40AE 6A 04 PUSH 4 00CD40B0 68 00100000 PUSH 1000 00CD40B5 68 00180000 PUSH 1800 00CD40BA 6A 00 PUSH 0 00CD40BC FF95 FC3F4400 CALL NEAR DWORD PTR SS:[EBP+443FFC] 00CD40C2 8985 F83F4400 MOV DWORD PTR SS:[EBP+443FF8],EAX 00CD40C8 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4] 00CD40CB 05 0E010000 ADD EAX,10E 00CD40D0 6A 04 PUSH 4 00CD40D2 68 00100000 PUSH 1000 00CD40D7 50 PUSH EAX 00CD40D8 6A 00 PUSH 0 00CD40DA FF95 FC3F4400 CALL NEAR DWORD PTR SS:[EBP+443FFC] 00CD40E0 8985 F43F4400 MOV DWORD PTR SS:[EBP+443FF4],EAX 00CD40E6 56 PUSH ESI 00CD40E7 8B1E MOV EBX,DWORD PTR DS:[ESI] 00CD40E9 039D FC494400 ADD EBX,DWORD PTR SS:[EBP+4449FC] 00CD40EF FFB5 F83F4400 PUSH DWORD PTR SS:[EBP+443FF8] 00CD40F5 FF76 04 PUSH DWORD PTR DS:[ESI+4] 00CD40F8 50 PUSH EAX 00CD40F9 53 PUSH EBX 00CD40FA E8 DA060000 CALL CDFACE.00CD47D9 00CD40FF 80BD 10404400 0>CMP BYTE PTR SS:[EBP+444010],0 00CD4106 75 5E JNZ SHORT CDFACE.00CD4166 00CD4108 FE85 10404400 INC BYTE PTR SS:[EBP+444010] 00CD410E 8B3E MOV EDI,DWORD PTR DS:[ESI] 00CD4110 03BD FC494400 ADD EDI,DWORD PTR SS:[EBP+4449FC] 00CD4116 FF37 PUSH DWORD PTR DS:[EDI] 00CD4118 C607 C3 MOV BYTE PTR DS:[EDI],0C3 00CD411B FFD7 CALL NEAR EDI 00CD411D 8F07 POP DWORD PTR DS:[EDI] 00CD411F 50 PUSH EAX 00CD4120 51 PUSH ECX 00CD4121 56 PUSH ESI 00CD4122 53 PUSH EBX 00CD4123 8BC8 MOV ECX,EAX 00CD4125 83E9 06 SUB ECX,6 00CD4128 8BB5 F43F4400 MOV ESI,DWORD PTR SS:[EBP+443FF4] 00CD412E 33DB XOR EBX,EBX 00CD4130 0BC9 OR ECX,ECX 00CD4132 74 2E JE SHORT CDFACE.00CD4162 00CD4134 78 2C JS SHORT CDFACE.00CD4162 00CD4136 AC LODS BYTE PTR DS:[ESI] 00CD4137 3C E8 CMP AL,0E8 00CD4139 74 0A JE SHORT CDFACE.00CD4145 00CD413B EB 00 JMP SHORT CDFACE.00CD413D 00CD413D 3C E9 CMP AL,0E9 00CD413F 74 04 JE SHORT CDFACE.00CD4145 00CD4141 43 INC EBX 00CD4142 49 DEC ECX 00CD4143 ^ EB EB JMP SHORT CDFACE.00CD4130 00CD4145 8B06 MOV EAX,DWORD PTR DS:[ESI] 00CD4147 EB 0A JMP SHORT CDFACE.00CD4153 00CD4149 803E 0D CMP BYTE PTR DS:[ESI],0D 00CD414C ^ 75 F3 JNZ SHORT CDFACE.00CD4141 00CD414E 24 00 AND AL,0 00CD4150 C1C0 18 ROL EAX,18 00CD4153 2BC3 SUB EAX,EBX 00CD4155 8906 MOV DWORD PTR DS:[ESI],EAX 00CD4157 83C3 05 ADD EBX,5 00CD415A 83C6 04 ADD ESI,4 00CD415D 83E9 05 SUB ECX,5 00CD4160 ^ EB CE JMP SHORT CDFACE.00CD4130 00CD4162 5B POP EBX 00CD4163 5E POP ESI 00CD4164 59 POP ECX 00CD4165 58 POP EAX 00CD4166 8BC8 MOV ECX,EAX 00CD4168 8B3E MOV EDI,DWORD PTR DS:[ESI] 00CD416A 03BD FC494400 ADD EDI,DWORD PTR SS:[EBP+4449FC] 00CD4170 8BB5 F43F4400 MOV ESI,DWORD PTR SS:[EBP+443FF4] 00CD4176 C1F9 02 SAR ECX,2 00CD4179 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> 00CD417B 8BC8 MOV ECX,EAX 00CD417D 83E1 03 AND ECX,3 00CD4180 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[> 00CD4182 5E POP ESI 00CD4183 68 00800000 PUSH 8000 00CD4188 6A 00 PUSH 0 00CD418A FFB5 F43F4400 PUSH DWORD PTR SS:[EBP+443FF4] 00CD4190 FF95 00404400 CALL NEAR DWORD PTR SS:[EBP+444000] 00CD4196 83C6 08 ADD ESI,8 00CD4199 833E 00 CMP DWORD PTR DS:[ESI],0 00CD419C ^ 0F85 26FFFFFF JNZ CDFACE.00CD40C8 00CD41A2 68 00800000 PUSH 8000 00CD41A7 6A 00 PUSH 0 00CD41A9 FFB5 F83F4400 PUSH DWORD PTR SS:[EBP+443FF8] 00CD41AF FF95 00404400 CALL NEAR DWORD PTR SS:[EBP+444000] 00CD41B5 8B9D D83F4400 MOV EBX,DWORD PTR SS:[EBP+443FD8] 00CD41BB 0BDB OR EBX,EBX 00CD41BD 74 08 JE SHORT CDFACE.00CD41C7 00CD41BF 8B03 MOV EAX,DWORD PTR DS:[EBX] 00CD41C1 8785 DC3F4400 XCHG DWORD PTR SS:[EBP+443FDC],EAX 00CD41C7 8B95 FC494400 MOV EDX,DWORD PTR SS:[EBP+4449FC] 00CD41CD 8B85 D43F4400 MOV EAX,DWORD PTR SS:[EBP+443FD4] 00CD41D3 2BD0 SUB EDX,EAX 00CD41D5 74 79 JE SHORT CDFACE.00CD4250 00CD41D7 8BC2 MOV EAX,EDX 00CD41D9 C1E8 10 SHR EAX,10 00CD41DC 33DB XOR EBX,EBX 00CD41DE 8BB5 E03F4400 MOV ESI,DWORD PTR SS:[EBP+443FE0] 00CD41E4 03B5 FC494400 ADD ESI,DWORD PTR SS:[EBP+4449FC] 00CD41EA 833E 00 CMP DWORD PTR DS:[ESI],0 00CD41ED 74 61 JE SHORT CDFACE.00CD4250 00CD41EF 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+4] 00CD41F2 83E9 08 SUB ECX,8 00CD41F5 D1E9 SHR ECX,1 00CD41F7 8B3E MOV EDI,DWORD PTR DS:[ESI] 00CD41F9 03BD FC494400 ADD EDI,DWORD PTR SS:[EBP+4449FC] 00CD41FF 83C6 08 ADD ESI,8 00CD4202 66:8B1E MOV BX,WORD PTR DS:[ESI] 00CD4205 C1EB 0C SHR EBX,0C 00CD4208 83FB 01 CMP EBX,1 00CD420B 74 0C JE SHORT CDFACE.00CD4219 00CD420D 83FB 02 CMP EBX,2 00CD4210 74 16 JE SHORT CDFACE.00CD4228 00CD4212 83FB 03 CMP EBX,3 00CD4215 74 20 JE SHORT CDFACE.00CD4237 00CD4217 EB 2C JMP SHORT CDFACE.00CD4245 00CD4219 66:8B1E MOV BX,WORD PTR DS:[ESI] 00CD421C 81E3 FF0F0000 AND EBX,0FFF 00CD4222 66:01041F ADD WORD PTR DS:[EDI+EBX],AX 00CD4226 EB 1D JMP SHORT CDFACE.00CD4245 00CD4228 66:8B1E MOV BX,WORD PTR DS:[ESI] 00CD422B 81E3 FF0F0000 AND EBX,0FFF 00CD4231 66:01141F ADD WORD PTR DS:[EDI+EBX],DX 00CD4235 EB 0E JMP SHORT CDFACE.00CD4245 00CD4237 66:8B1E MOV BX,WORD PTR DS:[ESI] 00CD423A 81E3 FF0F0000 AND EBX,0FFF 00CD4240 01141F ADD DWORD PTR DS:[EDI+EBX],EDX 00CD4243 EB 00 JMP SHORT CDFACE.00CD4245 00CD4245 66:830E FF OR WORD PTR DS:[ESI],0FFFF 00CD4249 83C6 02 ADD ESI,2 00CD424C ^ E2 B4 LOOPD SHORT CDFACE.00CD4202 00CD424E ^ EB 9A JMP SHORT CDFACE.00CD41EA 00CD4250 8B95 FC494400 MOV EDX,DWORD PTR SS:[EBP+4449FC] 00CD4256 8BB5 E83F4400 MOV ESI,DWORD PTR SS:[EBP+443FE8] 00CD425C 0BF6 OR ESI,ESI 00CD425E 74 11 JE SHORT CDFACE.00CD4271 00CD4260 03F2 ADD ESI,EDX 00CD4262 AD LODS DWORD PTR DS:[ESI] 00CD4263 0BC0 OR EAX,EAX 00CD4265 74 0A JE SHORT CDFACE.00CD4271 00CD4267 03C2 ADD EAX,EDX 00CD4269 8BF8 MOV EDI,EAX 00CD426B 66:AD LODS WORD PTR DS:[ESI] 00CD426D 66:AB STOS WORD PTR ES:[EDI] 00CD426F ^ EB F1 JMP SHORT CDFACE.00CD4262 00CD4271 8BB5 B1394400 MOV ESI,DWORD PTR SS:[EBP+4439B1] 00CD4277 8B95 FC494400 MOV EDX,DWORD PTR SS:[EBP+4449FC] 00CD427D 03F2 ADD ESI,EDX 00CD427F 8B46 0C MOV EAX,DWORD PTR DS:[ESI+C] 00CD4282 85C0 TEST EAX,EAX 00CD4284 0F84 0A010000 JE CDFACE.00CD4394 00CD428A 03C2 ADD EAX,EDX 00CD428C 8BD8 MOV EBX,EAX 00CD428E 50 PUSH EAX 00CD428F FF95 004B4400 CALL NEAR DWORD PTR SS:[EBP+444B00] 00CD4295 85C0 TEST EAX,EAX 00CD4297 75 07 JNZ SHORT CDFACE.00CD42A0 00CD4299 53 PUSH EBX 00CD429A FF95 044B4400 CALL NEAR DWORD PTR SS:[EBP+444B04] 00CD42A0 8985 EC3F4400 MOV DWORD PTR SS:[EBP+443FEC],EAX 00CD42A6 C785 F03F4400 0>MOV DWORD PTR SS:[EBP+443FF0],0 00CD42B0 8B95 FC494400 MOV EDX,DWORD PTR SS:[EBP+4449FC] 00CD42B6 8B06 MOV EAX,DWORD PTR DS:[ESI] 00CD42B8 85C0 TEST EAX,EAX 00CD42BA 75 03 JNZ SHORT CDFACE.00CD42BF 00CD42BC 8B46 10 MOV EAX,DWORD PTR DS:[ESI+10] 00CD42BF 03C2 ADD EAX,EDX 00CD42C1 0385 F03F4400 ADD EAX,DWORD PTR SS:[EBP+443FF0] 00CD42C7 8B18 MOV EBX,DWORD PTR DS:[EAX] 00CD42C9 8B7E 10 MOV EDI,DWORD PTR DS:[ESI+10] 00CD42CC 03FA ADD EDI,EDX 00CD42CE 03BD F03F4400 ADD EDI,DWORD PTR SS:[EBP+443FF0] 00CD42D4 85DB TEST EBX,EBX 00CD42D6 0F84 A2000000 JE CDFACE.00CD437E 00CD42DC F7C3 00000080 TEST EBX,80000000 00CD42E2 75 04 JNZ SHORT CDFACE.00CD42E8 00CD42E4 03DA ADD EBX,EDX 00CD42E6 43 INC EBX 00CD42E7 43 INC EBX 00CD42E8 53 PUSH EBX 00CD42E9 81E3 FFFFFF7F AND EBX,7FFFFFFF 00CD42EF 53 PUSH EBX 00CD42F0 FFB5 EC3F4400 PUSH DWORD PTR SS:[EBP+443FEC] 00CD42F6 FF95 FC4A4400 CALL NEAR DWORD PTR SS:[EBP+444AFC] 00CD42FC 85C0 TEST EAX,EAX 00CD42FE 5B POP EBX 00CD42FF 75 6F JNZ SHORT CDFACE.00CD4370 00CD4301 F7C3 00000080 TEST EBX,80000000 00CD4307 75 19 JNZ SHORT CDFACE.00CD4322 00CD4309 57 PUSH EDI 00CD430A 8B46 0C MOV EAX,DWORD PTR DS:[ESI+C] 00CD430D 0385 FC494400 ADD EAX,DWORD PTR SS:[EBP+4449FC] 00CD4313 50 PUSH EAX 00CD4314 53 PUSH EBX 00CD4315 8D85 684A4400 LEA EAX,DWORD PTR SS:[EBP+444A68] 00CD431B 50 PUSH EAX 00CD431C 57 PUSH EDI 00CD431D E9 99000000 JMP CDFACE.00CD43BB 00CD4322 81E3 FFFFFF7F AND EBX,7FFFFFFF 00CD4328 8B85 004A4400 MOV EAX,DWORD PTR SS:[EBP+444A00] 00CD432E 3985 EC3F4400 CMP DWORD PTR SS:[EBP+443FEC],EAX 00CD4334 75 24 JNZ SHORT CDFACE.00CD435A 00CD4336 57 PUSH EDI 00CD4337 8BD3 MOV EDX,EBX 00CD4339 4A DEC EDX 00CD433A C1E2 02 SHL EDX,2 00CD433D 8B9D EC3F4400 MOV EBX,DWORD PTR SS:[EBP+443FEC] 00CD4343 8B7B 3C MOV EDI,DWORD PTR DS:[EBX+3C] 00CD4346 8B7C3B 78 MOV EDI,DWORD PTR DS:[EBX+EDI+78] 00CD434A 035C3B 1C ADD EBX,DWORD PTR DS:[EBX+EDI+1C] 00CD434E 8B0413 MOV EAX,DWORD PTR DS:[EBX+EDX] 00CD4351 0385 EC3F4400 ADD EAX,DWORD PTR SS:[EBP+443FEC] 00CD4357 5F POP EDI 00CD4358 EB 16 JMP SHORT CDFACE.00CD4370 00CD435A 57 PUSH EDI 00CD435B 8B46 0C MOV EAX,DWORD PTR DS:[ESI+C] 00CD435E 0385 FC494400 ADD EAX,DWORD PTR SS:[EBP+4449FC] 00CD4364 50 PUSH EAX 00CD4365 53 PUSH EBX 00CD4366 8D85 B94A4400 LEA EAX,DWORD PTR SS:[EBP+444AB9] 00CD436C 50 PUSH EAX 00CD436D 57 PUSH EDI 00CD436E EB 4B JMP SHORT CDFACE.00CD43BB 00CD4370 8907 MOV DWORD PTR DS:[EDI],EAX 00CD4372 8385 F03F4400 0>ADD DWORD PTR SS:[EBP+443FF0],4 00CD4379 ^ E9 32FFFFFF JMP CDFACE.00CD42B0 00CD437E 8906 MOV DWORD PTR DS:[ESI],EAX 00CD4380 8946 0C MOV DWORD PTR DS:[ESI+C],EAX 00CD4383 8946 10 MOV DWORD PTR DS:[ESI+10],EAX 00CD4386 83C6 14 ADD ESI,14 00CD4389 8B95 FC494400 MOV EDX,DWORD PTR SS:[EBP+4449FC] 00CD438F ^ E9 EBFEFFFF JMP CDFACE.00CD427F 00CD4394 8B85 AD394400 MOV EAX,DWORD PTR SS:[EBP+4439AD] 00CD439A 50 PUSH EAX 00CD439B 0385 FC494400 ADD EAX,DWORD PTR SS:[EBP+4449FC] 00CD43A1 59 POP ECX 00CD43A2 0BC9 OR ECX,ECX 00CD43A4 8985 E63C4400 MOV DWORD PTR SS:[EBP+443CE6],EAX 00CD43AA 61 POPAD 00CD43AB 75 08 JNZ SHORT CDFACE.00CD43B5 00CD43AD B8 01000000 MOV EAX,1 00CD43B2 C2 0C00 RETN 0C 00CD43B5 68 00000000 PUSH 0 00CD43BA C3 RETN 2006-12-24 19:39 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复