[求助]没找到的暗格-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]没找到的暗格 0.00雪花

发表于: 2007-6-25 16:09 3586

[旧帖] [求助]没找到的暗格 0.00雪花

laurece

2007-6-25 16:09

3586

破解外挂的太多了,我也凑一份,跟踪其实很简单,很快就找到了爆破的地方,没想到的是有个暗格,一直没找到,
0040214C .  8D4C24 10    LEA ECX,DWORD PTR SS:[ESP+10]
00402150 .  6A 04       PUSH 4
00402152 .  51          PUSH ECX
00402153 .  56          PUSH ESI
00402154 .  8BCD       MOV ECX,EBP
00402156 .  E8 95F6FFFF CALL xxxx.004017F0
0040215B .  83F8 04    CMP EAX,4
0040215E .^ 0F85 45FFFFFF JNZ xxxx.004020A9
00402164 .  8B4424 10    MOV EAX,DWORD PTR SS:[ESP+10]
00402168 .  85C0       TEST EAX,EAX
0040216A    75 1F       JNZ SHORT xxxx.0040218B                                  ;  第一处改为jmp
0040216C .  8BCE       MOV ECX,ESI
0040216E .  51          PUSH ECX                                                 ; /Socket
0040216F .  E8 0A510200 CALL <JMP.&WSOCK32.#3>                                  ; \closesocket
00402174 .  C785 EC030000>MOV DWORD PTR SS:[EBP+3EC],1
0040217E .  8D55 08    LEA EDX,DWORD PTR SS:[EBP+8]
00402181 .  BF 50614400 MOV EDI,xxxx.00446150                                     ;  对不起，您填写的数据有误，请核对后再试
00402186 .^ E9 30FFFFFF JMP xxxx.004020BB
0040218B >  8D8C24 440200>LEA ECX,DWORD PTR SS:[ESP+244]
00402192 .  50          PUSH EAX
00402193 .  51          PUSH ECX
00402194 .  56          PUSH ESI
00402195 .  8BCD       MOV ECX,EBP
00402197 .  E8 54F6FFFF CALL xxxx.004017F0
0040219C .  3B4424 10    CMP EAX,DWORD PTR SS:[ESP+10]
004021A0 .^ 0F85 03FFFFFF JNZ xxxx.004020A9                                        ;  (Initial CPU selection)
004021A6 .  56          PUSH ESI                                                 ; /Socket
004021A7 .  E8 D2500200 CALL <JMP.&WSOCK32.#3>                                  ; \closesocket
004021AC .  8D4C24 74    LEA ECX,DWORD PTR SS:[ESP+74]
004021B0 .  6A 20       PUSH 20                                                 ; /Arg2 = 00000020
004021B2 .  51          PUSH ECX                                                 ; |Arg1
004021B3 .  8D4C24 24    LEA ECX,DWORD PTR SS:[ESP+24]                            ; |
004021B7 .  C64424 7C E1  MOV BYTE PTR SS:[ESP+7C],0E1                            ; |
004021BC .  C68424 8C0000>MOV BYTE PTR SS:[ESP+8C],87                               ; |
004021C4 .  C64424 7F 15  MOV BYTE PTR SS:[ESP+7F],15                               ; |
004021C9 .  C68424 870000>MOV BYTE PTR SS:[ESP+87],42                               ; |
004021D1 .  889C24 8F0000>MOV BYTE PTR SS:[ESP+8F],BL                               ; |
004021D8 .  E8 43470000 CALL xxxx.00406920                                        ; \xxxx.00406920
004021DD .  B9 10000000 MOV ECX,10
004021E2 .  33C0       XOR EAX,EAX
004021E4 .  8B5424 10    MOV EDX,DWORD PTR SS:[ESP+10]
004021E8 .  8D7C24 74    LEA EDI,DWORD PTR SS:[ESP+74]
004021EC .  F3:AB       REP STOS DWORD PTR ES:[EDI]
004021EE .  8D8424 440200>LEA EAX,DWORD PTR SS:[ESP+244]
004021F5 .  52          PUSH EDX
004021F6 .  8D8C24 480200>LEA ECX,DWORD PTR SS:[ESP+248]
004021FD .  50          PUSH EAX
004021FE .  51          PUSH ECX
004021FF .  8D4C24 28    LEA ECX,DWORD PTR SS:[ESP+28]
00402203 .  E8 A8490000 CALL xxxx.00406BB0
00402208 .  8D5424 74    LEA EDX,DWORD PTR SS:[ESP+74]
0040220C .  6A 20       PUSH 20                                                 ; /Arg2 = 00000020
0040220E .  52          PUSH EDX                                                 ; |Arg1
0040220F .  8D4C24 24    LEA ECX,DWORD PTR SS:[ESP+24]                            ; |
00402213 .  E8 08470000 CALL xxxx.00406920                                        ; \xxxx.00406920
00402218 .  8D4424 54    LEA EAX,DWORD PTR SS:[ESP+54]
0040221C .  8D8C24 BC0000>LEA ECX,DWORD PTR SS:[ESP+BC]
00402223 .  50          PUSH EAX
00402224 .  8D9424 BC0000>LEA EDX,DWORD PTR SS:[ESP+BC]
0040222B .  51          PUSH ECX
0040222C .  8D8424 C80000>LEA EAX,DWORD PTR SS:[ESP+C8]
00402233 .  52          PUSH EDX
00402234 .  8D8C24 C00000>LEA ECX,DWORD PTR SS:[ESP+C0]
0040223B .  50          PUSH EAX
0040223C .  8B4424 20    MOV EAX,DWORD PTR SS:[ESP+20]
00402240 .  8D5424 68    LEA EDX,DWORD PTR SS:[ESP+68]
00402244 .  51          PUSH ECX
00402245 .  52          PUSH EDX
00402246 .  8D8C24 5C0200>LEA ECX,DWORD PTR SS:[ESP+25C]
0040224D .  50          PUSH EAX
0040224E .  51          PUSH ECX
0040224F .  8BCD       MOV ECX,EBP
00402251 .  E8 5AEFFFFF CALL xxxx.004011B0
00402256 .  3D 511C0000 CMP EAX,1C51
0040225B    0F85 FC000000 JNZ xxxx.0040235D
00402261 .  8B6C24 58    MOV EBP,DWORD PTR SS:[ESP+58]
00402265 .  8B7424 18    MOV ESI,DWORD PTR SS:[ESP+18]
00402269 .  8BC5       MOV EAX,EBP
0040226B >  8A10       MOV DL,BYTE PTR DS:[EAX]
0040226D .  8A1E       MOV BL,BYTE PTR DS:[ESI]
0040226F .  8ACA       MOV CL,DL
00402271 .  3AD3       CMP DL,BL
00402273 .  75 1E       JNZ SHORT xxxx.00402293
00402275 .  84C9       TEST CL,CL
00402277 .  74 16       JE SHORT xxxx.0040228F
00402279 .  8A50 01    MOV DL,BYTE PTR DS:[EAX+1]
0040227C .  8A5E 01    MOV BL,BYTE PTR DS:[ESI+1]
0040227F .  8ACA       MOV CL,DL
00402281 .  3AD3       CMP DL,BL
00402283 .  75 0E       JNZ SHORT xxxx.00402293
00402285 .  83C0 02    ADD EAX,2
00402288 .  83C6 02    ADD ESI,2
0040228B .  84C9       TEST CL,CL
0040228D .^ 75 DC       JNZ SHORT xxxx.0040226B
0040228F >  33C0       XOR EAX,EAX
00402291 .  EB 05       JMP SHORT xxxx.00402298
00402293 >  1BC0       SBB EAX,EAX
00402295 .  83D8 FF    SBB EAX,-1
00402298 >  85C0       TEST EAX,EAX
0040229A .  0F85 38030000 JNZ xxxx.004025D8
004022A0 .  8B7C24 54    MOV EDI,DWORD PTR SS:[ESP+54]
004022A4 .  83C9 FF    OR ECX,FFFFFFFF
004022A7 .  F2:AE       REPNE SCAS BYTE PTR ES:[EDI]
004022A9 .  8B9424 D40600>MOV EDX,DWORD PTR SS:[ESP+6D4]
004022B0 .  F7D1       NOT ECX
004022B2 .  2BF9       SUB EDI,ECX
004022B4 .  8D5A 08    LEA EBX,DWORD PTR DS:[EDX+8]
004022B7 .  8BC1       MOV EAX,ECX
004022B9 .  8BF7       MOV ESI,EDI
004022BB .  C1E9 02    SHR ECX,2
004022BE .  8BFB       MOV EDI,EBX
004022C0 .  F3:A5       REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
004022C2 .  8BC8       MOV ECX,EAX
004022C4 .  33C0       XOR EAX,EAX
004022C6 .  83E1 03    AND ECX,3
004022C9 .  F3:A4       REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
004022CB .  8B4A 04    MOV ECX,DWORD PTR DS:[EDX+4]
004022CE .  8BFD       MOV EDI,EBP
004022D0 .  8B99 EC330000 MOV EBX,DWORD PTR DS:[ECX+33EC]
004022D6 .  83C9 FF    OR ECX,FFFFFFFF
004022D9 .  81C3 24060000 ADD EBX,624
004022DF .  F2:AE       REPNE SCAS BYTE PTR ES:[EDI]
004022E1 .  F7D1       NOT ECX
004022E3 .  2BF9       SUB EDI,ECX
004022E5 .  8BC1       MOV EAX,ECX
004022E7 .  8BF7       MOV ESI,EDI
004022E9 .  8BFB       MOV EDI,EBX
004022EB .  C1E9 02    SHR ECX,2
004022EE .  F3:A5       REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
004022F0 .  8BC8       MOV ECX,EAX
004022F2 .  33C0       XOR EAX,EAX
004022F4 .  83E1 03    AND ECX,3
004022F7 .  F3:A4       REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
004022F9 .  8B4A 04    MOV ECX,DWORD PTR DS:[EDX+4]
004022FC .  8B7C24 58    MOV EDI,DWORD PTR SS:[ESP+58]
00402300 .  8B99 EC330000 MOV EBX,DWORD PTR DS:[ECX+33EC]
00402306 .  83C9 FF    OR ECX,FFFFFFFF
00402309 .  81C3 64060000 ADD EBX,664
0040230F .  F2:AE       REPNE SCAS BYTE PTR ES:[EDI]
00402311 .  F7D1       NOT ECX
00402313 .  2BF9       SUB EDI,ECX
00402315 .  8BC1       MOV EAX,ECX
00402317 .  8BF7       MOV ESI,EDI
00402319 .  8BFB       MOV EDI,EBX
0040231B .  C1E9 02    SHR ECX,2
0040231E .  F3:A5       REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
00402320 .  8BC8       MOV ECX,EAX
00402322 .  33C0       XOR EAX,EAX
00402324 .  83E1 03    AND ECX,3
00402327 .  F3:A4       REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
00402329 .  8B5A 04    MOV EBX,DWORD PTR DS:[EDX+4]
0040232C .  8B7C24 58    MOV EDI,DWORD PTR SS:[ESP+58]
00402330 .  83C9 FF    OR ECX,FFFFFFFF
00402333 .  81C3 4C230000 ADD EBX,234C
00402339 .  F2:AE       REPNE SCAS BYTE PTR ES:[EDI]
0040233B .  F7D1       NOT ECX
0040233D .  2BF9       SUB EDI,ECX
0040233F .  8BC1       MOV EAX,ECX
00402341 .  8BF7       MOV ESI,EDI
00402343 .  8BFB       MOV EDI,EBX
00402345 .  C1E9 02    SHR ECX,2
00402348 .  F3:A5       REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
0040234A .  8BC8       MOV ECX,EAX
0040234C .  83E1 03    AND ECX,3
0040234F .  F3:A4       REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
00402351 .  C782 F0030000>MOV DWORD PTR DS:[EDX+3F0],9
0040235B .  EB 72       JMP SHORT xxxx.004023CF
0040235D >  83F8 55    CMP EAX,55
00402360    75 30       JNZ SHORT xxxx.00402392                                  ;  不能跳
00402362 .  8B7C24 54    MOV EDI,DWORD PTR SS:[ESP+54]
00402366 .  83C9 FF    OR ECX,FFFFFFFF
00402369 .  33C0       XOR EAX,EAX
0040236B .  8D55 08    LEA EDX,DWORD PTR SS:[EBP+8]
0040236E .  F2:AE       REPNE SCAS BYTE PTR ES:[EDI]
00402370 .  F7D1       NOT ECX
00402372 .  2BF9       SUB EDI,ECX
00402374 .  8BC1       MOV EAX,ECX
00402376 .  8BF7       MOV ESI,EDI
00402378 .  8BFA       MOV EDI,EDX
0040237A .  C1E9 02    SHR ECX,2
0040237D .  F3:A5       REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
0040237F .  8BC8       MOV ECX,EAX
00402381 .  83E1 03    AND ECX,3
00402384 .  F3:A4       REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
00402386 .  C785 F0030000>MOV DWORD PTR SS:[EBP+3F0],7
00402390 .  EB 3D       JMP SHORT xxxx.004023CF
00402392 >  83F8 61    CMP EAX,61
00402395    75 30       JNZ SHORT xxxx.004023C7                                  ;  不能改,改则over
00402397 .  8B7C24 54    MOV EDI,DWORD PTR SS:[ESP+54]
0040239B .  83C9 FF    OR ECX,FFFFFFFF
0040239E .  33C0       XOR EAX,EAX
004023A0 .  8D55 08    LEA EDX,DWORD PTR SS:[EBP+8]
004023A3 .  F2:AE       REPNE SCAS BYTE PTR ES:[EDI]
004023A5 .  F7D1       NOT ECX
004023A7 .  2BF9       SUB EDI,ECX
004023A9 .  8BC1       MOV EAX,ECX
004023AB .  8BF7       MOV ESI,EDI
004023AD .  8BFA       MOV EDI,EDX
004023AF .  C1E9 02    SHR ECX,2
004023B2 .  F3:A5       REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
004023B4 .  8BC8       MOV ECX,EAX
004023B6 .  83E1 03    AND ECX,3
004023B9 .  F3:A4       REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
004023BB .  C785 F0030000>MOV DWORD PTR SS:[EBP+3F0],21
004023C5 .  EB 08       JMP SHORT xxxx.004023CF
004023C7 >  C74424 70 000>MOV DWORD PTR SS:[ESP+70],0
004023CF >  8B5C24 70    MOV EBX,DWORD PTR SS:[ESP+70]
004023D3 .  8B2D 0CA34300 MOV EBP,DWORD PTR DS:[<&KERNEL32.GetModuleFileNameA>]    ;  kernel32.GetModuleFileNameA
004023D9 .  8D8C24 440200>LEA ECX,DWORD PTR SS:[ESP+244]
004023E0 .  68 00040000 PUSH 400                                                 ; /BufSize = 400 (1024.)
004023E5 .  51          PUSH ECX                                                 ; |PathBuffer
004023E6 .  6A 00       PUSH 0                                                    ; |hModule = NULL
004023E8 .  C783 EC030000>MOV DWORD PTR DS:[EBX+3EC],0B                            ; |
004023F2 .  FFD5       CALL EBP                                                 ; \GetModuleFileNameA
004023F4 .  6A 00       PUSH 0
004023F6 .  8D9424 480100>LEA EDX,DWORD PTR SS:[ESP+148]
004023FD .  6A 00       PUSH 0
004023FF .  8D4424 64    LEA EAX,DWORD PTR SS:[ESP+64]
00402403 .  52          PUSH EDX
00402404 .  8D8C24 500200>LEA ECX,DWORD PTR SS:[ESP+250]
0040240B .  50          PUSH EAX
0040240C .  51          PUSH ECX
0040240D .  E8 3E900100 CALL xxxx.0041B450
00402412 .  83C4 14    ADD ESP,14
00402415 .  8D9424 440200>LEA EDX,DWORD PTR SS:[ESP+244]
0040241C .  68 00040000 PUSH 400
00402421 .  52          PUSH EDX
00402422 .  6A 00       PUSH 0
00402424 .  FFD5       CALL EBP
00402426 .  6A 00       PUSH 0
00402428 .  8D8424 480100>LEA EAX,DWORD PTR SS:[ESP+148]
0040242F .  6A 00       PUSH 0
00402431 .  8D4C24 64    LEA ECX,DWORD PTR SS:[ESP+64]
00402435 .  50          PUSH EAX
00402436 .  8D9424 500200>LEA EDX,DWORD PTR SS:[ESP+250]
0040243D .  51          PUSH ECX
0040243E .  52          PUSH EDX
0040243F .  E8 0C900100 CALL xxxx.0041B450
00402444 .  83C4 14    ADD ESP,14
00402447 .  8D8424 440200>LEA EAX,DWORD PTR SS:[ESP+244]
0040244E .  68 00040000 PUSH 400
00402453 .  50          PUSH EAX
00402454 .  6A 00       PUSH 0
00402456 .  FFD5       CALL EBP
00402458 .  6A 00       PUSH 0
0040245A .  8D8C24 480100>LEA ECX,DWORD PTR SS:[ESP+148]
00402461 .  6A 00       PUSH 0
00402463 .  8D5424 64    LEA EDX,DWORD PTR SS:[ESP+64]
00402467 .  51          PUSH ECX
00402468 .  8D8424 500200>LEA EAX,DWORD PTR SS:[ESP+250]
0040246F .  52          PUSH EDX
00402470 .  50          PUSH EAX
00402471 .  E8 DA8F0100 CALL xxxx.0041B450
00402476 .  83C4 14    ADD ESP,14
00402479 .  8D8C24 440200>LEA ECX,DWORD PTR SS:[ESP+244]
00402480 .  68 00040000 PUSH 400
00402485 .  51          PUSH ECX
00402486 .  6A 00       PUSH 0
00402488 .  FFD5       CALL EBP
0040248A .  6A 00       PUSH 0
0040248C .  8D9424 480100>LEA EDX,DWORD PTR SS:[ESP+148]
00402493 .  6A 00       PUSH 0
00402495 .  8D4424 64    LEA EAX,DWORD PTR SS:[ESP+64]
00402499 .  52          PUSH EDX
0040249A .  8D8C24 500200>LEA ECX,DWORD PTR SS:[ESP+250]
004024A1 .  50          PUSH EAX
004024A2 .  51          PUSH ECX
004024A3 .  E8 A88F0100 CALL xxxx.0041B450
004024A8 .  8B83 F0030000 MOV EAX,DWORD PTR DS:[EBX+3F0]
004024AE .  83C4 14    ADD ESP,14
004024B1 .  85C0       TEST EAX,EAX
004024B3 .  0F85 3A010000 JNZ xxxx.004025F3
004024B9 .  8D9424 440200>LEA EDX,DWORD PTR SS:[ESP+244]
004024C0 .  68 00040000 PUSH 400
004024C5 .  52          PUSH EDX
004024C6 .  6A 00       PUSH 0
004024C8 .  FFD5       CALL EBP
004024CA .  6A 00       PUSH 0
004024CC .  8D8424 480100>LEA EAX,DWORD PTR SS:[ESP+148]
004024D3 .  6A 00       PUSH 0
004024D5 .  8D4C24 64    LEA ECX,DWORD PTR SS:[ESP+64]
004024D9 .  50          PUSH EAX
004024DA .  8D9424 500200>LEA EDX,DWORD PTR SS:[ESP+250]
004024E1 .  51          PUSH ECX
004024E2 .  52          PUSH EDX
004024E3 .  E8 688F0100 CALL xxxx.0041B450
004024E8 .  83C4 14    ADD ESP,14
004024EB .  8D8424 440200>LEA EAX,DWORD PTR SS:[ESP+244]
004024F2 .  68 00040000 PUSH 400
004024F7 .  50          PUSH EAX
004024F8 .  6A 00       PUSH 0
004024FA .  FFD5       CALL EBP
004024FC .  6A 00       PUSH 0
004024FE .  8D8C24 480100>LEA ECX,DWORD PTR SS:[ESP+148]
00402505 .  6A 00       PUSH 0
00402507 .  8D5424 64    LEA EDX,DWORD PTR SS:[ESP+64]
0040250B .  51          PUSH ECX
0040250C .  8D8424 500200>LEA EAX,DWORD PTR SS:[ESP+250]
00402513 .  52          PUSH EDX
00402514 .  50          PUSH EAX
00402515 .  E8 368F0100 CALL xxxx.0041B450
0040251A .  BF 18614400 MOV EDI,xxxx.00446118                                     ;  对不起，您填写的卡号密码有误或者帐号过期，请核对后再试
0040251F .  83C9 FF    OR ECX,FFFFFFFF
00402522 .  33C0       XOR EAX,EAX
00402524 .  83C4 14    ADD ESP,14
00402527 .  F2:AE       REPNE SCAS BYTE PTR ES:[EDI]
00402529 .  F7D1       NOT ECX
0040252B .  2BF9       SUB EDI,ECX
0040252D .  8D53 08    LEA EDX,DWORD PTR DS:[EBX+8]
00402530 .  8BC1       MOV EAX,ECX
00402532 .  8BF7       MOV ESI,EDI
00402534 .  8BFA       MOV EDI,EDX
00402536 .  68 00040000 PUSH 400
0040253B .  C1E9 02    SHR ECX,2
0040253E .  F3:A5       REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
00402540 .  8BC8       MOV ECX,EAX
00402542 .  83E1 03    AND ECX,3
00402545 .  F3:A4       REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
00402547 .  8D8C24 480200>LEA ECX,DWORD PTR SS:[ESP+248]
0040254E .  51          PUSH ECX
0040254F .  6A 00       PUSH 0
00402551 .  FFD5       CALL EBP
00402553 .  6A 00       PUSH 0
00402555 .  8D9424 480100>LEA EDX,DWORD PTR SS:[ESP+148]
0040255C .  6A 00       PUSH 0
0040255E .  8D4424 64    LEA EAX,DWORD PTR SS:[ESP+64]
00402562 .  52          PUSH EDX
00402563 .  8D8C24 500200>LEA ECX,DWORD PTR SS:[ESP+250]
0040256A .  50          PUSH EAX
0040256B .  51          PUSH ECX
0040256C .  E8 DF8E0100 CALL xxxx.0041B450
00402571 .  83C4 14    ADD ESP,14
00402574 .  8D9424 440200>LEA EDX,DWORD PTR SS:[ESP+244]
0040257B .  68 00040000 PUSH 400
00402580 .  52          PUSH EDX
00402581 .  6A 00       PUSH 0
00402583 .  FFD5       CALL EBP
00402585 .  6A 00       PUSH 0
00402587 .  8D8424 480100>LEA EAX,DWORD PTR SS:[ESP+148]
0040258E .  6A 00       PUSH 0
00402590 .  8D4C24 64    LEA ECX,DWORD PTR SS:[ESP+64]
00402594 .  50          PUSH EAX
00402595 .  8D9424 500200>LEA EDX,DWORD PTR SS:[ESP+250]
0040259C .  51          PUSH ECX
0040259D .  52          PUSH EDX
0040259E .  E8 AD8E0100 CALL xxxx.0041B450
004025A3 .  83C4 14    ADD ESP,14
004025A6 .  8D8424 440200>LEA EAX,DWORD PTR SS:[ESP+244]
004025AD .  68 00040000 PUSH 400
004025B2 .  50          PUSH EAX
004025B3 .  6A 00       PUSH 0
004025B5 .  FFD5       CALL EBP
004025B7 .  6A 00       PUSH 0
004025B9 .  8D8C24 480100>LEA ECX,DWORD PTR SS:[ESP+148]
004025C0 .  6A 00       PUSH 0
004025C2 .  8D5424 64    LEA EDX,DWORD PTR SS:[ESP+64]
004025C6 .  51          PUSH ECX
004025C7 .  8D8424 500200>LEA EAX,DWORD PTR SS:[ESP+250]
004025CE .  52          PUSH EDX
004025CF .  50          PUSH EAX
004025D0 .  E8 7B8E0100 CALL xxxx.0041B450
004025D5 .  83C4 14    ADD ESP,14
004025D8 >  8D4C24 1C    LEA ECX,DWORD PTR SS:[ESP+1C]
004025DC .  C78424 CC0600>MOV DWORD PTR SS:[ESP+6CC],-1
004025E7 .  E8 143B0000 CALL xxxx.00406100
004025EC .  33C0       XOR EAX,EAX
004025EE .  E9 ED000000 JMP xxxx.004026E0
004025F3 >  8B83 08020000 MOV EAX,DWORD PTR DS:[EBX+208]
004025F9 .  83F8 02    CMP EAX,2
004025FC    0F85 F9000000 JNZ xxxx.004026FB                                        ;  不能跳
00402602 .  8D8C24 440200>LEA ECX,DWORD PTR SS:[ESP+244]
00402609 .  68 00040000 PUSH 400
0040260E .  51          PUSH ECX
0040260F .  6A 00       PUSH 0
00402611 .  FFD5       CALL EBP
00402613 .  6A 00       PUSH 0
00402615 .  8D9424 480100>LEA EDX,DWORD PTR SS:[ESP+148]
0040261C .  6A 00       PUSH 0
0040261E .  8D4424 64    LEA EAX,DWORD PTR SS:[ESP+64]
00402622 .  52          PUSH EDX
00402623 .  8D8C24 500200>LEA ECX,DWORD PTR SS:[ESP+250]
0040262A .  50          PUSH EAX
0040262B .  51          PUSH ECX
0040262C .  E8 1F8E0100 CALL xxxx.0041B450
00402631 .  83C4 14    ADD ESP,14
00402634 .  8D9424 440200>LEA EDX,DWORD PTR SS:[ESP+244]
0040263B .  68 00040000 PUSH 400
00402640 .  52          PUSH EDX
00402641 .  6A 00       PUSH 0
00402643 .  FFD5       CALL EBP
00402645 .  6A 00       PUSH 0
00402647 .  8D8424 480100>LEA EAX,DWORD PTR SS:[ESP+148]
0040264E .  6A 00       PUSH 0
00402650 .  8D4C24 64    LEA ECX,DWORD PTR SS:[ESP+64]
00402654 .  50          PUSH EAX
00402655 .  8D9424 500200>LEA EDX,DWORD PTR SS:[ESP+250]
0040265C .  51          PUSH ECX
0040265D .  52          PUSH EDX
0040265E .  E8 ED8D0100 CALL xxxx.0041B450
00402663 .  83C4 14    ADD ESP,14
00402666 .  8D8424 440200>LEA EAX,DWORD PTR SS:[ESP+244]
0040266D .  68 00040000 PUSH 400
00402672 .  50          PUSH EAX
00402673 .  6A 00       PUSH 0
00402675 .  FFD5       CALL EBP
00402677 .  6A 00       PUSH 0
00402679 .  8D8C24 480100>LEA ECX,DWORD PTR SS:[ESP+148]
00402680 .  6A 00       PUSH 0
00402682 .  8D5424 64    LEA EDX,DWORD PTR SS:[ESP+64]
00402686 .  51          PUSH ECX
00402687 .  8D8424 500200>LEA EAX,DWORD PTR SS:[ESP+250]
0040268E .  52          PUSH EDX
0040268F .  50          PUSH EAX
00402690 .  E8 BB8D0100 CALL xxxx.0041B450
00402695 .  83C4 14    ADD ESP,14
00402698 .  8D53 08    LEA EDX,DWORD PTR DS:[EBX+8]
0040269B .  BF F4604400 MOV EDI,xxxx.004460F4                                     ;  冲值成功, 祝您游戏愉快!
004026A0 >  83C9 FF    OR ECX,FFFFFFFF
004026A3 .  33C0       XOR EAX,EAX
004026A5 .  F2:AE       REPNE SCAS BYTE PTR ES:[EDI]
004026A7 .  F7D1       NOT ECX
004026A9 .  2BF9       SUB EDI,ECX
004026AB .  8BC1       MOV EAX,ECX
004026AD .  8BF7       MOV ESI,EDI                                              ;  (Initial CPU selection)
004026AF .  8BFA       MOV EDI,EDX
004026B1 .  C1E9 02    SHR ECX,2
004026B4 .  F3:A5       REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
004026B6 .  8BC8       MOV ECX,EAX
004026B8 .  83E1 03    AND ECX,3
004026BB .  F3:A4       REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
004026BD .  C783 F0030000>MOV DWORD PTR DS:[EBX+3F0],0
004026C7 >  8D4C24 1C    LEA ECX,DWORD PTR SS:[ESP+1C]
004026CB .  C78424 CC0600>MOV DWORD PTR SS:[ESP+6CC],-1
004026D6 .  E8 253A0000 CALL xxxx.00406100
004026DB .  B8 01000000 MOV EAX,1
004026E0 >  8B8C24 C40600>MOV ECX,DWORD PTR SS:[ESP+6C4]
004026E7 .  5F          POP EDI
004026E8 .  5E          POP ESI
004026E9 .  5D          POP EBP
004026EA .  5B          POP EBX
004026EB .  64:890D 00000>MOV DWORD PTR FS:[0],ECX
004026F2 .  81C4 C0060000 ADD ESP,6C0
004026F8 .  C2 0400    RETN 4

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)

收藏・0

免费・0

支持

最新回复 (5)
laurece 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 20 粉丝 0 关注私信	laurece 2 楼成功后的第一个call,这个挂是将运行按钮隐藏,我一直都没找到是那个值让它出现 004026D6 . E8 253A0000 CALL xxxx.00406100 进去的代码: 00406100 /$ 56 PUSH ESI ; bwblaaa.00446116 00406101 \|. 8BF1 MOV ESI,ECX 00406103 \|. 8B06 MOV EAX,DWORD PTR DS:[ESI] 00406105 \|. 50 PUSH EAX 00406106 \|. E8 96660200 CALL bwblaaa.0042C7A1 0040610B \|. 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+4] 0040610E \|. 51 PUSH ECX 0040610F \|. E8 8D660200 CALL bwblaaa.0042C7A1 00406114 \|. 83C4 08 ADD ESP,8 00406117 \|. 5E POP ESI 00406118 \. C3 RETN 2007-6-25 16:14 0
laurece 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 20 粉丝 0 关注私信	laurece 3 楼 E8 96660200 CALL bwblaaa.0042C7A1 处代码: 0042C7A1 /$ FF7424 04 PUSH DWORD PTR SS:[ESP+4] 0042C7A5 \|. E8 FDFAFEFF CALL bwblaaa.0041C2A7 0042C7AA \|. 59 POP ECX 0042C7AB \. C3 RETN E8 FDFAFEFF CALL bwblaaa.0041C2A7处代码: 0041C2A7 $ 55 PUSH EBP ; kernel32.GetModuleFileNameA 0041C2A8 . 8BEC MOV EBP,ESP 0041C2AA . 6A FF PUSH -1 0041C2AC . 68 C8E34300 PUSH bwblaaa.0043E3C8 0041C2B1 . 68 04154200 PUSH bwblaaa.00421504 ; SE 处理程序安装 0041C2B6 . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 0041C2BC . 50 PUSH EAX 0041C2BD . 64:8925 00000>MOV DWORD PTR FS:[0],ESP 0041C2C4 . 83EC 18 SUB ESP,18 0041C2C7 . 53 PUSH EBX 0041C2C8 . 56 PUSH ESI 0041C2C9 . 57 PUSH EDI 0041C2CA . 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8] 0041C2CD . 85F6 TEST ESI,ESI 0041C2CF . 0F84 AC000000 JE bwblaaa.0041C381 0041C2D5 . A1 24114500 MOV EAX,DWORD PTR DS:[451124] 0041C2DA . 83F8 03 CMP EAX,3 0041C2DD . 75 3B JNZ SHORT bwblaaa.0041C31A 0041C2DF . 6A 09 PUSH 9 ; /Arg1 = 00000009 0041C2E1 . E8 A0510000 CALL bwblaaa.00421486 ; \bwblaaa.00421486 0041C2E6 . 59 POP ECX 0041C2E7 . 8365 FC 00 AND DWORD PTR SS:[EBP-4],0 0041C2EB . 56 PUSH ESI 0041C2EC . E8 A03F0000 CALL bwblaaa.00420291 0041C2F1 . 59 POP ECX 0041C2F2 . 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX 0041C2F5 . 85C0 TEST EAX,EAX 0041C2F7 . 74 09 JE SHORT bwblaaa.0041C302 0041C2F9 . 56 PUSH ESI 0041C2FA . 50 PUSH EAX 0041C2FB . E8 BC3F0000 CALL bwblaaa.004202BC 0041C300 . 59 POP ECX 0041C301 . 59 POP ECX 0041C302 > 834D FC FF OR DWORD PTR SS:[EBP-4],FFFFFFFF 0041C306 . E8 06000000 CALL bwblaaa.0041C311 0041C30B . 837D E4 00 CMP DWORD PTR SS:[EBP-1C],0 0041C30F . EB 51 JMP SHORT bwblaaa.0041C362 0041C311 /$ 6A 09 PUSH 9 0041C313 \|. E8 CF510000 CALL bwblaaa.004214E7 0041C318 \|. 59 POP ECX 0041C319 \. C3 RETN 0041C31A > 83F8 02 CMP EAX,2 0041C31D . 75 53 JNZ SHORT bwblaaa.0041C372 0041C31F . 6A 09 PUSH 9 ; /Arg1 = 00000009 0041C321 . E8 60510000 CALL bwblaaa.00421486 ; \bwblaaa.00421486 0041C326 . 59 POP ECX 0041C327 . C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1 0041C32E . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20] 0041C331 . 50 PUSH EAX 0041C332 . 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28] 0041C335 . 50 PUSH EAX 0041C336 . 56 PUSH ESI 0041C337 . E8 B04C0000 CALL bwblaaa.00420FEC 0041C33C . 83C4 0C ADD ESP,0C 0041C33F . 8945 DC MOV DWORD PTR SS:[EBP-24],EAX 0041C342 . 85C0 TEST EAX,EAX 0041C344 . 74 0F JE SHORT bwblaaa.0041C355 0041C346 . 50 PUSH EAX 0041C347 . FF75 E0 PUSH DWORD PTR SS:[EBP-20] 0041C34A . FF75 D8 PUSH DWORD PTR SS:[EBP-28] 0041C34D . E8 F14C0000 CALL bwblaaa.00421043 0041C352 . 83C4 0C ADD ESP,0C 0041C355 > 834D FC FF OR DWORD PTR SS:[EBP-4],FFFFFFFF 0041C359 . E8 0B000000 CALL bwblaaa.0041C369 0041C35E . 837D DC 00 CMP DWORD PTR SS:[EBP-24],0 0041C362 > 75 1D JNZ SHORT bwblaaa.0041C381 0041C364 . FF75 08 PUSH DWORD PTR SS:[EBP+8] 0041C367 . EB 0A JMP SHORT bwblaaa.0041C373 0041C369 /$ 6A 09 PUSH 9 0041C36B \|. E8 77510000 CALL bwblaaa.004214E7 0041C370 \|. 59 POP ECX 0041C371 \. C3 RETN 初学,请高手帮助 2007-6-25 16:18 0
mrghost 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 53 粉丝 0 关注私信	mrghost 4 楼外挂一般有网络验证，如果想练手找点别的吧，现在的外挂作者都挺BT的！破解的时候你得先了解是什么样的注册机制！如有有网络验证那你还是别搞了，很累！ 2007-6-25 22:18 0
laurece 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 20 粉丝 0 关注私信	laurece 5 楼呵呵,谢谢mrghost的提醒,虽然我有点自不量力,不过我相信的是如果要做,就一定做到,如果怕累,那还学这crack做什么呢?不如天天去玩还好些. 2007-7-6 09:38 0
黑手K 雪币： 207 活跃值： (20) 能力值： ( LV4，RANK：50 ) 在线值：发帖 3 回帖 33 粉丝 0 关注私信	黑手K 1 6 楼同5楼. 怕麻烦的也就定型了 2007-7-6 14:12 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

laurece

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (5)
laurece 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 20 粉丝 0 关注私信	laurece 2 楼成功后的第一个call,这个挂是将运行按钮隐藏,我一直都没找到是那个值让它出现 004026D6 . E8 253A0000 CALL xxxx.00406100 进去的代码: 00406100 /$ 56 PUSH ESI ; bwblaaa.00446116 00406101 \|. 8BF1 MOV ESI,ECX 00406103 \|. 8B06 MOV EAX,DWORD PTR DS:[ESI] 00406105 \|. 50 PUSH EAX 00406106 \|. E8 96660200 CALL bwblaaa.0042C7A1 0040610B \|. 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+4] 0040610E \|. 51 PUSH ECX 0040610F \|. E8 8D660200 CALL bwblaaa.0042C7A1 00406114 \|. 83C4 08 ADD ESP,8 00406117 \|. 5E POP ESI 00406118 \. C3 RETN 2007-6-25 16:14 0
laurece 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 20 粉丝 0 关注私信	laurece 3 楼 E8 96660200 CALL bwblaaa.0042C7A1 处代码: 0042C7A1 /$ FF7424 04 PUSH DWORD PTR SS:[ESP+4] 0042C7A5 \|. E8 FDFAFEFF CALL bwblaaa.0041C2A7 0042C7AA \|. 59 POP ECX 0042C7AB \. C3 RETN E8 FDFAFEFF CALL bwblaaa.0041C2A7处代码: 0041C2A7 $ 55 PUSH EBP ; kernel32.GetModuleFileNameA 0041C2A8 . 8BEC MOV EBP,ESP 0041C2AA . 6A FF PUSH -1 0041C2AC . 68 C8E34300 PUSH bwblaaa.0043E3C8 0041C2B1 . 68 04154200 PUSH bwblaaa.00421504 ; SE 处理程序安装 0041C2B6 . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 0041C2BC . 50 PUSH EAX 0041C2BD . 64:8925 00000>MOV DWORD PTR FS:[0],ESP 0041C2C4 . 83EC 18 SUB ESP,18 0041C2C7 . 53 PUSH EBX 0041C2C8 . 56 PUSH ESI 0041C2C9 . 57 PUSH EDI 0041C2CA . 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8] 0041C2CD . 85F6 TEST ESI,ESI 0041C2CF . 0F84 AC000000 JE bwblaaa.0041C381 0041C2D5 . A1 24114500 MOV EAX,DWORD PTR DS:[451124] 0041C2DA . 83F8 03 CMP EAX,3 0041C2DD . 75 3B JNZ SHORT bwblaaa.0041C31A 0041C2DF . 6A 09 PUSH 9 ; /Arg1 = 00000009 0041C2E1 . E8 A0510000 CALL bwblaaa.00421486 ; \bwblaaa.00421486 0041C2E6 . 59 POP ECX 0041C2E7 . 8365 FC 00 AND DWORD PTR SS:[EBP-4],0 0041C2EB . 56 PUSH ESI 0041C2EC . E8 A03F0000 CALL bwblaaa.00420291 0041C2F1 . 59 POP ECX 0041C2F2 . 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX 0041C2F5 . 85C0 TEST EAX,EAX 0041C2F7 . 74 09 JE SHORT bwblaaa.0041C302 0041C2F9 . 56 PUSH ESI 0041C2FA . 50 PUSH EAX 0041C2FB . E8 BC3F0000 CALL bwblaaa.004202BC 0041C300 . 59 POP ECX 0041C301 . 59 POP ECX 0041C302 > 834D FC FF OR DWORD PTR SS:[EBP-4],FFFFFFFF 0041C306 . E8 06000000 CALL bwblaaa.0041C311 0041C30B . 837D E4 00 CMP DWORD PTR SS:[EBP-1C],0 0041C30F . EB 51 JMP SHORT bwblaaa.0041C362 0041C311 /$ 6A 09 PUSH 9 0041C313 \|. E8 CF510000 CALL bwblaaa.004214E7 0041C318 \|. 59 POP ECX 0041C319 \. C3 RETN 0041C31A > 83F8 02 CMP EAX,2 0041C31D . 75 53 JNZ SHORT bwblaaa.0041C372 0041C31F . 6A 09 PUSH 9 ; /Arg1 = 00000009 0041C321 . E8 60510000 CALL bwblaaa.00421486 ; \bwblaaa.00421486 0041C326 . 59 POP ECX 0041C327 . C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1 0041C32E . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20] 0041C331 . 50 PUSH EAX 0041C332 . 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28] 0041C335 . 50 PUSH EAX 0041C336 . 56 PUSH ESI 0041C337 . E8 B04C0000 CALL bwblaaa.00420FEC 0041C33C . 83C4 0C ADD ESP,0C 0041C33F . 8945 DC MOV DWORD PTR SS:[EBP-24],EAX 0041C342 . 85C0 TEST EAX,EAX 0041C344 . 74 0F JE SHORT bwblaaa.0041C355 0041C346 . 50 PUSH EAX 0041C347 . FF75 E0 PUSH DWORD PTR SS:[EBP-20] 0041C34A . FF75 D8 PUSH DWORD PTR SS:[EBP-28] 0041C34D . E8 F14C0000 CALL bwblaaa.00421043 0041C352 . 83C4 0C ADD ESP,0C 0041C355 > 834D FC FF OR DWORD PTR SS:[EBP-4],FFFFFFFF 0041C359 . E8 0B000000 CALL bwblaaa.0041C369 0041C35E . 837D DC 00 CMP DWORD PTR SS:[EBP-24],0 0041C362 > 75 1D JNZ SHORT bwblaaa.0041C381 0041C364 . FF75 08 PUSH DWORD PTR SS:[EBP+8] 0041C367 . EB 0A JMP SHORT bwblaaa.0041C373 0041C369 /$ 6A 09 PUSH 9 0041C36B \|. E8 77510000 CALL bwblaaa.004214E7 0041C370 \|. 59 POP ECX 0041C371 \. C3 RETN 初学,请高手帮助 2007-6-25 16:18 0
mrghost 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 53 粉丝 0 关注私信	mrghost 4 楼外挂一般有网络验证，如果想练手找点别的吧，现在的外挂作者都挺BT的！破解的时候你得先了解是什么样的注册机制！如有有网络验证那你还是别搞了，很累！ 2007-6-25 22:18 0
laurece 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 20 粉丝 0 关注私信	laurece 5 楼呵呵,谢谢mrghost的提醒,虽然我有点自不量力,不过我相信的是如果要做,就一定做到,如果怕累,那还学这crack做什么呢?不如天天去玩还好些. 2007-7-6 09:38 0
黑手K 雪币： 207 活跃值： (20) 能力值： ( LV4，RANK：50 ) 在线值：发帖 3 回帖 33 粉丝 0 关注私信	黑手K 1 6 楼同5楼. 怕麻烦的也就定型了 2007-7-6 14:12 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复