-
-
[旧帖] [求助]英雄外挂破解问题 0.00雪花
-
发表于: 2007-7-6 15:29
-
006B7BB4 /. 55 PUSH EBP //下断停这里
006B7BB5 |. 8BEC MOV EBP,ESP
006B7BB7 |. 6A 00 PUSH 0
006B7BB9 |. 6A 00 PUSH 0
006B7BBB |. 6A 00 PUSH 0
006B7BBD |. 53 PUSH EBX
006B7BBE |. 56 PUSH ESI
006B7BBF |. 57 PUSH EDI
006B7BC0 |. 8BD9 MOV EBX,ECX
006B7BC2 |. 33C0 XOR EAX,EAX
006B7BC4 |. 55 PUSH EBP
006B7BC5 |. 68 107F6B00 PUSH de_Launc.006B7F10
006B7BCA |. 64:FF30 PUSH DWORD PTR FS:[EAX]
006B7BCD |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
006B7BD0 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
006B7BD3 8BC3 MOV EAX,EBX
006B7BD5 E8 FA71DDFF CALL de_Launc.0048EDD4
006B7BDA 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
006B7BDD |. E8 BAD4D4FF CALL de_Launc.0040509C
006B7BE2 |. 8BD8 MOV EBX,EAX
006B7BE4 |. 85DB TEST EBX,EBX
006B7BE6 7E 24 JLE SHORT de_Launc.006B7C0C
006B7BE8 |. BE 01000000 MOV ESI,1
006B7BED |> 8D45 FC /LEA EAX,DWORD PTR SS:[EBP-4]
006B7BF0 |. E8 FFD6D4FF |CALL de_Launc.004052F4
006B7BF5 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
006B7BF8 |. 8A5432 FF |MOV DL,BYTE PTR DS:[EDX+ESI-1]
006B7BFC |. 8B0D BC9A6C00 |MOV ECX,DWORD PTR DS:[6C9ABC] ; de_Launc.006D7978
006B7C02 |. 3211 |XOR DL,BYTE PTR DS:[ECX]
006B7C04 |. 885430 FF |MOV BYTE PTR DS:[EAX+ESI-1],DL
006B7C08 |. 46 |INC ESI
006B7C09 |. 4B |DEC EBX
006B7C0A |.^ 75 E1 \JNZ SHORT de_Launc.006B7BED
006B7C0C |> 8B15 BC9A6C00 MOV EDX,DWORD PTR DS:[6C9ABC] ; de_Launc.006D7978
006B7C12 |. 8B52 0C MOV EDX,DWORD PTR DS:[EDX+C]
006B7C15 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
006B7C18 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
006B7C1B |. E8 C8D4D4FF CALL de_Launc.004050E8
006B7C20 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
006B7C23 |. E8 CCD6D4FF CALL de_Launc.004052F4
006B7C28 |. 8BD0 MOV EDX,EAX
006B7C2A |. 8D45 F6 LEA EAX,DWORD PTR SS:[EBP-A]
006B7C2D |. B9 02000000 MOV ECX,2
006B7C32 |. E8 010AD5FF CALL de_Launc.00408638
006B7C37 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
006B7C3A E8 5DD4D4FF CALL de_Launc.0040509C
006B7C3F 0FB755 F6 MOVZX EDX,WORD PTR SS:[EBP-A]
006B7C43 3BC2 CMP EAX,EDX //关键比较 64就成功 33就失败
006B7C45 0F8D 96020000 JGE de_Launc.006B7EE1
006B7C4B |. A1 BC9A6C00 MOV EAX,DWORD PTR DS:[6C9ABC]
006B7C50 |. 83C0 0C ADD EAX,0C
006B7C53 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
006B7C56 |. E8 C5D1D4FF CALL de_Launc.00404E20
006B7C5B |. E9 95020000 JMP de_Launc.006B7EF5
006B7C60 |> 33FF /XOR EDI,EDI
006B7C62 |. 8D45 F8 |LEA EAX,DWORD PTR SS:[EBP-8]
006B7C65 |. 50 |PUSH EAX
006B7C66 |. 0FB74D F6 |MOVZX ECX,WORD PTR SS:[EBP-A]
006B7C6A |. BA 01000000 |MOV EDX,1
006B7C6F |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
006B7C72 |. E8 85D6D4FF |CALL de_Launc.004052FC
006B7C77 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
006B7C7A |. E8 1DD4D4FF |CALL de_Launc.0040509C
006B7C7F |. 8BD8 |MOV EBX,EAX
006B7C81 |. 4B |DEC EBX
006B7C82 |. 85DB |TEST EBX,EBX
006B7C84 |. 7E 13 |JLE SHORT de_Launc.006B7C99
006B7C86 |. BE 01000000 |MOV ESI,1
006B7C8B |> 8B45 F8 |/MOV EAX,DWORD PTR SS:[EBP-8]
006B7C8E |. 0FB64430 FF ||MOVZX EAX,BYTE PTR DS:[EAX+ESI-1]
006B7C93 |. 33F8 ||XOR EDI,EAX
006B7C95 |. 46 ||INC ESI
006B7C96 |. 4B ||DEC EBX
006B7C97 |.^ 75 F2 |\JNZ SHORT de_Launc.006B7C8B
006B7C99 |> 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
006B7C9C |. E8 FBD3D4FF |CALL de_Launc.0040509C
006B7CA1 |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
006B7CA4 |. 0FB64402 FF |MOVZX EAX,BYTE PTR DS:[EDX+EAX-1]
006B7CA9 |. 3BF8 |CMP EDI,EAX
006B7CAB |. 74 11 |JE SHORT de_Launc.006B7CBE
006B7CAD |. A1 8C966C00 |MOV EAX,DWORD PTR DS:[6C968C]
006B7CB2 |. 8B00 |MOV EAX,DWORD PTR DS:[EAX]
006B7CB4 |. E8 1FAFDCFF |CALL de_Launc.00482BD8
006B7CB9 |. E9 37020000 |JMP de_Launc.006B7EF5
006B7CBE |> 66:C745 F4 00>|MOV WORD PTR SS:[EBP-C],0
006B7CC4 |. 8D45 F8 |LEA EAX,DWORD PTR SS:[EBP-8]
006B7CC7 |. E8 28D6D4FF |CALL de_Launc.004052F4
006B7CCC |. 8D50 02 |LEA EDX,DWORD PTR DS:[EAX+2]
006B7CCF |. 8D45 F4 |LEA EAX,DWORD PTR SS:[EBP-C]
006B7CD2 |. B9 02000000 |MOV ECX,2
006B7CD7 |. E8 5C09D5FF |CALL de_Launc.00408638
006B7CDC |. 0FB745 F4 |MOVZX EAX,WORD PTR SS:[EBP-C]
006B7CE0 3D C8000000 |CMP EAX,0C8 ; Switch (cases 64..192)
006B7CE5 7F 45 JG SHORT de_Launc.006B7D2C
006B7CE7 |. 0F84 37010000 |JE de_Launc.006B7E24
006B7CED |. 83C0 9C |ADD EAX,-64
006B7CF0 |. 83F8 0A |CMP EAX,0A
006B7CF3 |. 0F87 97010000 |JA de_Launc.006B7E90
006B7CF9 |. FF2485 007D6B>|JMP DWORD PTR DS:[EAX*4+6B7D00]
006B7D00 |. 9B7D6B00 |DD de_Launc.006B7D9B ; 分支表 已用于 006B7CF9
关键代码如下
经过分析
发现
006B7C43 3BC2 CMP EAX,EDX
如果 EAX EDX =64 就注册成功
如果等于33 就失败
请问如何把 EAX EDX 的数值变成 64?
不知道怎么弄了
给一组可用的注册号 希望给个详细的分析过程。。
kkktytt
123456
软件下载地址
http://58.61.33.166/cgi-bin/dl?056270717E099B93534F64E8ABFCB5FD12EF6E5ADE48AFAFA6BEFE9B71A9624226912FD959AA659DE57F0CBC552294AF5C6862DCE9D37257F01D243B4D4FD24F2E7C85A2675FA134F45FF73BFC3E7E5F04E2FEB50ACFE2014E3E9/桌面.rar
006B7BB5 |. 8BEC MOV EBP,ESP
006B7BB7 |. 6A 00 PUSH 0
006B7BB9 |. 6A 00 PUSH 0
006B7BBB |. 6A 00 PUSH 0
006B7BBD |. 53 PUSH EBX
006B7BBE |. 56 PUSH ESI
006B7BBF |. 57 PUSH EDI
006B7BC0 |. 8BD9 MOV EBX,ECX
006B7BC2 |. 33C0 XOR EAX,EAX
006B7BC4 |. 55 PUSH EBP
006B7BC5 |. 68 107F6B00 PUSH de_Launc.006B7F10
006B7BCA |. 64:FF30 PUSH DWORD PTR FS:[EAX]
006B7BCD |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
006B7BD0 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
006B7BD3 8BC3 MOV EAX,EBX
006B7BD5 E8 FA71DDFF CALL de_Launc.0048EDD4
006B7BDA 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
006B7BDD |. E8 BAD4D4FF CALL de_Launc.0040509C
006B7BE2 |. 8BD8 MOV EBX,EAX
006B7BE4 |. 85DB TEST EBX,EBX
006B7BE6 7E 24 JLE SHORT de_Launc.006B7C0C
006B7BE8 |. BE 01000000 MOV ESI,1
006B7BED |> 8D45 FC /LEA EAX,DWORD PTR SS:[EBP-4]
006B7BF0 |. E8 FFD6D4FF |CALL de_Launc.004052F4
006B7BF5 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
006B7BF8 |. 8A5432 FF |MOV DL,BYTE PTR DS:[EDX+ESI-1]
006B7BFC |. 8B0D BC9A6C00 |MOV ECX,DWORD PTR DS:[6C9ABC] ; de_Launc.006D7978
006B7C02 |. 3211 |XOR DL,BYTE PTR DS:[ECX]
006B7C04 |. 885430 FF |MOV BYTE PTR DS:[EAX+ESI-1],DL
006B7C08 |. 46 |INC ESI
006B7C09 |. 4B |DEC EBX
006B7C0A |.^ 75 E1 \JNZ SHORT de_Launc.006B7BED
006B7C0C |> 8B15 BC9A6C00 MOV EDX,DWORD PTR DS:[6C9ABC] ; de_Launc.006D7978
006B7C12 |. 8B52 0C MOV EDX,DWORD PTR DS:[EDX+C]
006B7C15 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
006B7C18 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
006B7C1B |. E8 C8D4D4FF CALL de_Launc.004050E8
006B7C20 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
006B7C23 |. E8 CCD6D4FF CALL de_Launc.004052F4
006B7C28 |. 8BD0 MOV EDX,EAX
006B7C2A |. 8D45 F6 LEA EAX,DWORD PTR SS:[EBP-A]
006B7C2D |. B9 02000000 MOV ECX,2
006B7C32 |. E8 010AD5FF CALL de_Launc.00408638
006B7C37 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
006B7C3A E8 5DD4D4FF CALL de_Launc.0040509C
006B7C3F 0FB755 F6 MOVZX EDX,WORD PTR SS:[EBP-A]
006B7C43 3BC2 CMP EAX,EDX //关键比较 64就成功 33就失败
006B7C45 0F8D 96020000 JGE de_Launc.006B7EE1
006B7C4B |. A1 BC9A6C00 MOV EAX,DWORD PTR DS:[6C9ABC]
006B7C50 |. 83C0 0C ADD EAX,0C
006B7C53 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
006B7C56 |. E8 C5D1D4FF CALL de_Launc.00404E20
006B7C5B |. E9 95020000 JMP de_Launc.006B7EF5
006B7C60 |> 33FF /XOR EDI,EDI
006B7C62 |. 8D45 F8 |LEA EAX,DWORD PTR SS:[EBP-8]
006B7C65 |. 50 |PUSH EAX
006B7C66 |. 0FB74D F6 |MOVZX ECX,WORD PTR SS:[EBP-A]
006B7C6A |. BA 01000000 |MOV EDX,1
006B7C6F |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
006B7C72 |. E8 85D6D4FF |CALL de_Launc.004052FC
006B7C77 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
006B7C7A |. E8 1DD4D4FF |CALL de_Launc.0040509C
006B7C7F |. 8BD8 |MOV EBX,EAX
006B7C81 |. 4B |DEC EBX
006B7C82 |. 85DB |TEST EBX,EBX
006B7C84 |. 7E 13 |JLE SHORT de_Launc.006B7C99
006B7C86 |. BE 01000000 |MOV ESI,1
006B7C8B |> 8B45 F8 |/MOV EAX,DWORD PTR SS:[EBP-8]
006B7C8E |. 0FB64430 FF ||MOVZX EAX,BYTE PTR DS:[EAX+ESI-1]
006B7C93 |. 33F8 ||XOR EDI,EAX
006B7C95 |. 46 ||INC ESI
006B7C96 |. 4B ||DEC EBX
006B7C97 |.^ 75 F2 |\JNZ SHORT de_Launc.006B7C8B
006B7C99 |> 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
006B7C9C |. E8 FBD3D4FF |CALL de_Launc.0040509C
006B7CA1 |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
006B7CA4 |. 0FB64402 FF |MOVZX EAX,BYTE PTR DS:[EDX+EAX-1]
006B7CA9 |. 3BF8 |CMP EDI,EAX
006B7CAB |. 74 11 |JE SHORT de_Launc.006B7CBE
006B7CAD |. A1 8C966C00 |MOV EAX,DWORD PTR DS:[6C968C]
006B7CB2 |. 8B00 |MOV EAX,DWORD PTR DS:[EAX]
006B7CB4 |. E8 1FAFDCFF |CALL de_Launc.00482BD8
006B7CB9 |. E9 37020000 |JMP de_Launc.006B7EF5
006B7CBE |> 66:C745 F4 00>|MOV WORD PTR SS:[EBP-C],0
006B7CC4 |. 8D45 F8 |LEA EAX,DWORD PTR SS:[EBP-8]
006B7CC7 |. E8 28D6D4FF |CALL de_Launc.004052F4
006B7CCC |. 8D50 02 |LEA EDX,DWORD PTR DS:[EAX+2]
006B7CCF |. 8D45 F4 |LEA EAX,DWORD PTR SS:[EBP-C]
006B7CD2 |. B9 02000000 |MOV ECX,2
006B7CD7 |. E8 5C09D5FF |CALL de_Launc.00408638
006B7CDC |. 0FB745 F4 |MOVZX EAX,WORD PTR SS:[EBP-C]
006B7CE0 3D C8000000 |CMP EAX,0C8 ; Switch (cases 64..192)
006B7CE5 7F 45 JG SHORT de_Launc.006B7D2C
006B7CE7 |. 0F84 37010000 |JE de_Launc.006B7E24
006B7CED |. 83C0 9C |ADD EAX,-64
006B7CF0 |. 83F8 0A |CMP EAX,0A
006B7CF3 |. 0F87 97010000 |JA de_Launc.006B7E90
006B7CF9 |. FF2485 007D6B>|JMP DWORD PTR DS:[EAX*4+6B7D00]
006B7D00 |. 9B7D6B00 |DD de_Launc.006B7D9B ; 分支表 已用于 006B7CF9
关键代码如下
经过分析
发现
006B7C43 3BC2 CMP EAX,EDX
如果 EAX EDX =64 就注册成功
如果等于33 就失败
请问如何把 EAX EDX 的数值变成 64?
不知道怎么弄了
给一组可用的注册号 希望给个详细的分析过程。。
kkktytt
123456
软件下载地址
http://58.61.33.166/cgi-bin/dl?056270717E099B93534F64E8ABFCB5FD12EF6E5ADE48AFAFA6BEFE9B71A9624226912FD959AA659DE57F0CBC552294AF5C6862DCE9D37257F01D243B4D4FD24F2E7C85A2675FA134F45FF73BFC3E7E5F04E2FEB50ACFE2014E3E9/桌面.rar
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
  试试看是不是你想要的?!http://ys-c.ys168.com/?Launcher_Crack.rar_67e4bshs5bt4bs5bsql7btrpm0cn4b5btolrm0chu14z97f14z |
