-
-
[旧帖] [求助]关于一个网络验证的破解!! 0.00雪花
-
发表于: 2008-3-14 15:21 4882
-
0052FA70 /. 55 push ebp ; (initial cpu selection)
0052FA71 |. 8BEC mov ebp, esp
0052FA73 |. B9 05000000 mov ecx, 5
0052FA78 |> 6A 00 /push 0
0052FA7A |. 6A 00 |push 0
0052FA7C |. 49 |dec ecx
0052FA7D |.^ 75 F9 \jnz short 0052FA78
0052FA7F |. 53 push ebx
0052FA80 |. 56 push esi
0052FA81 |. 57 push edi
0052FA82 |. 8BD8 mov ebx, eax
0052FA84 |. 33C0 xor eax, eax
0052FA86 |. 55 push ebp
0052FA87 |. 68 77FC5200 push 0052FC77
0052FA8C |. 64:FF30 push dword ptr fs:[eax]
0052FA8F |. 64:8920 mov dword ptr fs:[eax], esp
0052FA92 |. 803D F8175600>cmp byte ptr [5617F8], 0
0052FA99 |. 74 36 je short 0052FAD1
0052FA9B |. 6A 05 push 5
0052FA9D |. 6A 00 push 0
0052FA9F |. 6A 00 push 0
0052FAA1 |. 8D55 F8 lea edx, dword ptr [ebp-8]
0052FAA4 |. A1 F4CE5500 mov eax, dword ptr [55CEF4]
0052FAA9 |. 8B00 mov eax, dword ptr [eax]
0052FAAB |. E8 FC70F6FF call 00496BAC
0052FAB0 |. 8B45 F8 mov eax, dword ptr [ebp-8]
0052FAB3 |. E8 5853EDFF call 00404E10
0052FAB8 |. 50 push eax ; |FileName
0052FAB9 |. 68 88FC5200 push 0052FC88 ; |open
0052FABE |. 6A 00 push 0 ; |hWnd = NULL
0052FAC0 |. E8 9385F0FF call <jmp.&shell32.ShellExecuteA> ; \ShellExecuteA
0052FAC5 |. A1 F0CC5500 mov eax, dword ptr [55CCF0]
0052FACA |. 8B00 mov eax, dword ptr [eax]
0052FACC |. E8 8332F6FF call 00492D54
0052FAD1 |> 8D55 F0 lea edx, dword ptr [ebp-10]
0052FAD4 |. 8BB3 F8020000 mov esi, dword ptr [ebx+2F8]
0052FADA |. 8BC6 mov eax, esi
0052FADC |. E8 3B5FF4FF call 00475A1C
0052FAE1 |. 8B45 F0 mov eax, dword ptr [ebp-10]
0052FAE4 |. 8D55 F4 lea edx, dword ptr [ebp-C]
0052FAE7 |. E8 9898EDFF call 00409384
0052FAEC |. 8B55 F4 mov edx, dword ptr [ebp-C]
0052FAEF |. 8BC6 mov eax, esi
0052FAF1 |. E8 565FF4FF call 00475A4C
0052FAF6 |. 8D55 EC lea edx, dword ptr [ebp-14]
0052FAF9 |. 8B83 F8020000 mov eax, dword ptr [ebx+2F8]
0052FAFF |. E8 185FF4FF call 00475A1C
0052FB04 |. 8B45 EC mov eax, dword ptr [ebp-14]
0052FB07 |. E8 0451EDFF call 00404C10
0052FB0C |. 83F8 08 cmp eax, 8
0052FB0F 75 1B jnz short 0052FB2C
0052FB11 |. 8D55 E8 lea edx, dword ptr [ebp-18]
0052FB14 |. 8B83 28030000 mov eax, dword ptr [ebx+328]
0052FB1A |. E8 FD5EF4FF call 00475A1C
0052FB1F |. 8B45 E8 mov eax, dword ptr [ebp-18]
0052FB22 |. E8 E950EDFF call 00404C10
0052FB27 |. 83F8 08 cmp eax, 8 //用户名长度不能小于8
0052FB2A 74 0F je short 0052FB3B ; (initial cpu selection)
0052FB2C |> B8 98FC5200 mov eax, 0052FC98 ; 长度错误!\n请重新输入
0052FB31 |. E8 56BEF0FF call 0043B98C
0052FB36 |. E9 FA000000 jmp 0052FC35
0052FB3B |> BA B8FC5200 mov edx, 0052FCB8 ; 正在连接服务器,请稍候...
0052FB40 |. 8B83 18030000 mov eax, dword ptr [ebx+318]
0052FB46 |. E8 015FF4FF call 00475A4C
0052FB4B |. 8D55 E0 lea edx, dword ptr [ebp-20]
0052FB4E |. A1 F0CC5500 mov eax, dword ptr [55CCF0]
0052FB53 |. 8B00 mov eax, dword ptr [eax]
0052FB55 |. 8B80 14050000 mov eax, dword ptr [eax+514] ; (initial cpu selection)
0052FB5B |. E8 2498EDFF call 00409384
0052FB60 |. FF75 E0 push dword ptr [ebp-20]
0052FB63 |. 8D55 DC lea edx, dword ptr [ebp-24]
0052FB66 |. 8B83 F8020000 mov eax, dword ptr [ebx+2F8]
0052FB6C |. E8 AB5EF4FF call 00475A1C
0052FB71 |. FF75 DC push dword ptr [ebp-24] ; (initial cpu selection)
0052FB74 |. 8D55 D8 lea edx, dword ptr [ebp-28]
0052FB77 |. 8B83 28030000 mov eax, dword ptr [ebx+328]
0052FB7D |. E8 9A5EF4FF call 00475A1C
0052FB82 |. FF75 D8 push dword ptr [ebp-28]
0052FB85 |. 8D45 E4 lea eax, dword ptr [ebp-1C]
0052FB88 |. BA 03000000 mov edx, 3
0052FB8D |. E8 3E51EDFF call 00404CD0
0052FB92 |. 8B45 E4 mov eax, dword ptr [ebp-1C]
0052FB95 |. 8D55 FC lea edx, dword ptr [ebp-4]
0052FB98 |. E8 7795EDFF call 00409114
0052FB9D |. 8B45 FC mov eax, dword ptr [ebp-4]
0052FBA0 |. E8 6B50EDFF call 00404C10
0052FBA5 |. 8BF0 mov esi, eax
0052FBA7 |. 85F6 test esi, esi
0052FBA9 |. 7E 1A jle short 0052FBC5 //下面的循环应该计算密码验证的!!
0052FBAB |. BF 01000000 mov edi, 1
0052FBB0 |> 8D45 FC /lea eax, dword ptr [ebp-4]
0052FBB3 |. E8 B052EDFF |call 00404E68
0052FBB8 |. 8D4438 FF |lea eax, dword ptr [eax+edi-1]
0052FBBC |. E8 27FBFFFF |call 0052F6E8
0052FBC1 |. 47 |inc edi
0052FBC2 |. 4E |dec esi
0052FBC3 |.^ 75 EB \jnz short 0052FBB0 //往上跳!
0052FBC5 |> 8B55 FC mov edx, dword ptr [ebp-4]
0052FBC8 |. 8B83 0C030000 mov eax, dword ptr [ebx+30C]
0052FBCE |. E8 795EF4FF call 00475A4C
0052FBD3 |. B2 01 mov dl, 1
0052FBD5 |. 8B83 1C030000 mov eax, dword ptr [ebx+31C]
0052FBDB |. E8 5C5DF4FF call 0047593C
0052FBE0 |. B2 01 mov dl, 1
0052FBE2 |. 8B83 20030000 mov eax, dword ptr [ebx+320]
0052FBE8 |. E8 4F5DF4FF call 0047593C
0052FBED |. 6B05 FC175600>imul eax, dword ptr [5617FC], 0D
0052FBF4 |. A3 FC175600 mov dword ptr [5617FC], eax
0052FBF9 |. 813D FC175600>cmp dword ptr [5617FC], 0BB8
0052FC03 7D 0D jge short 0052FC12
0052FC05 |. 8B83 08030000 mov eax, dword ptr [ebx+308]
0052FC0B |. E8 04E2FFFF call 0052DE14
0052FC10 |. EB 0A jmp short 0052FC1C
0052FC12 |> C705 FC175600>mov dword ptr [5617FC], 0BB8
0052FC1C |> 813D FC175600>cmp dword ptr [5617FC], 7D0
0052FC26 7E 0D jle short 0052FC35
0052FC28 |. 33D2 xor edx, edx
0052FC2A |. 8B83 04030000 mov eax, dword ptr [ebx+304]
0052FC30 |. 8B08 mov ecx, dword ptr [eax]
0052FC32 |. FF51 64 call dword ptr [ecx+64]
0052FC35 |> 33C0 xor eax, eax
0052FC37 |. 5A pop edx
0052FC38 |. 59 pop ecx
0052FC39 |. 59 pop ecx
0052FC3A |. 64:8910 mov dword ptr fs:[eax], edx
0052FC3D |. 68 7EFC5200 push 0052FC7E
0052FC42 |> 8D45 D8 lea eax, dword ptr [ebp-28]
0052FC45 |. BA 02000000 mov edx, 2
0052FC4A |. E8 254DEDFF call 00404974
0052FC4F |. 8D45 E0 lea eax, dword ptr [ebp-20]
0052FC52 |. BA 02000000 mov edx, 2
0052FC57 |. E8 184DEDFF call 00404974
0052FC5C |. 8D45 E8 lea eax, dword ptr [ebp-18]
0052FC5F |. BA 03000000 mov edx, 3
0052FC64 |. E8 0B4DEDFF call 00404974
0052FC69 |. 8D45 F4 lea eax, dword ptr [ebp-C]
0052FC6C |. BA 03000000 mov edx, 3
0052FC71 |. E8 FE4CEDFF call 00404974
0052FC76 \. C3 retn
0052FC77 .^ E9 7445EDFF jmp 004041F0
0052FC7C .^ EB C4 jmp short 0052FC42
0052FC7E . 5F pop edi
0052FC7F . 5E pop esi
0052FC80 . 5B pop ebx
0052FC81 . 8BE5 mov esp, ebp
0052FC83 . 5D pop ebp
0052FC84 . C3 retn
0052FA71 |. 8BEC mov ebp, esp
0052FA73 |. B9 05000000 mov ecx, 5
0052FA78 |> 6A 00 /push 0
0052FA7A |. 6A 00 |push 0
0052FA7C |. 49 |dec ecx
0052FA7D |.^ 75 F9 \jnz short 0052FA78
0052FA7F |. 53 push ebx
0052FA80 |. 56 push esi
0052FA81 |. 57 push edi
0052FA82 |. 8BD8 mov ebx, eax
0052FA84 |. 33C0 xor eax, eax
0052FA86 |. 55 push ebp
0052FA87 |. 68 77FC5200 push 0052FC77
0052FA8C |. 64:FF30 push dword ptr fs:[eax]
0052FA8F |. 64:8920 mov dword ptr fs:[eax], esp
0052FA92 |. 803D F8175600>cmp byte ptr [5617F8], 0
0052FA99 |. 74 36 je short 0052FAD1
0052FA9B |. 6A 05 push 5
0052FA9D |. 6A 00 push 0
0052FA9F |. 6A 00 push 0
0052FAA1 |. 8D55 F8 lea edx, dword ptr [ebp-8]
0052FAA4 |. A1 F4CE5500 mov eax, dword ptr [55CEF4]
0052FAA9 |. 8B00 mov eax, dword ptr [eax]
0052FAAB |. E8 FC70F6FF call 00496BAC
0052FAB0 |. 8B45 F8 mov eax, dword ptr [ebp-8]
0052FAB3 |. E8 5853EDFF call 00404E10
0052FAB8 |. 50 push eax ; |FileName
0052FAB9 |. 68 88FC5200 push 0052FC88 ; |open
0052FABE |. 6A 00 push 0 ; |hWnd = NULL
0052FAC0 |. E8 9385F0FF call <jmp.&shell32.ShellExecuteA> ; \ShellExecuteA
0052FAC5 |. A1 F0CC5500 mov eax, dword ptr [55CCF0]
0052FACA |. 8B00 mov eax, dword ptr [eax]
0052FACC |. E8 8332F6FF call 00492D54
0052FAD1 |> 8D55 F0 lea edx, dword ptr [ebp-10]
0052FAD4 |. 8BB3 F8020000 mov esi, dword ptr [ebx+2F8]
0052FADA |. 8BC6 mov eax, esi
0052FADC |. E8 3B5FF4FF call 00475A1C
0052FAE1 |. 8B45 F0 mov eax, dword ptr [ebp-10]
0052FAE4 |. 8D55 F4 lea edx, dword ptr [ebp-C]
0052FAE7 |. E8 9898EDFF call 00409384
0052FAEC |. 8B55 F4 mov edx, dword ptr [ebp-C]
0052FAEF |. 8BC6 mov eax, esi
0052FAF1 |. E8 565FF4FF call 00475A4C
0052FAF6 |. 8D55 EC lea edx, dword ptr [ebp-14]
0052FAF9 |. 8B83 F8020000 mov eax, dword ptr [ebx+2F8]
0052FAFF |. E8 185FF4FF call 00475A1C
0052FB04 |. 8B45 EC mov eax, dword ptr [ebp-14]
0052FB07 |. E8 0451EDFF call 00404C10
0052FB0C |. 83F8 08 cmp eax, 8
0052FB0F 75 1B jnz short 0052FB2C
0052FB11 |. 8D55 E8 lea edx, dword ptr [ebp-18]
0052FB14 |. 8B83 28030000 mov eax, dword ptr [ebx+328]
0052FB1A |. E8 FD5EF4FF call 00475A1C
0052FB1F |. 8B45 E8 mov eax, dword ptr [ebp-18]
0052FB22 |. E8 E950EDFF call 00404C10
0052FB27 |. 83F8 08 cmp eax, 8 //用户名长度不能小于8
0052FB2A 74 0F je short 0052FB3B ; (initial cpu selection)
0052FB2C |> B8 98FC5200 mov eax, 0052FC98 ; 长度错误!\n请重新输入
0052FB31 |. E8 56BEF0FF call 0043B98C
0052FB36 |. E9 FA000000 jmp 0052FC35
0052FB3B |> BA B8FC5200 mov edx, 0052FCB8 ; 正在连接服务器,请稍候...
0052FB40 |. 8B83 18030000 mov eax, dword ptr [ebx+318]
0052FB46 |. E8 015FF4FF call 00475A4C
0052FB4B |. 8D55 E0 lea edx, dword ptr [ebp-20]
0052FB4E |. A1 F0CC5500 mov eax, dword ptr [55CCF0]
0052FB53 |. 8B00 mov eax, dword ptr [eax]
0052FB55 |. 8B80 14050000 mov eax, dword ptr [eax+514] ; (initial cpu selection)
0052FB5B |. E8 2498EDFF call 00409384
0052FB60 |. FF75 E0 push dword ptr [ebp-20]
0052FB63 |. 8D55 DC lea edx, dword ptr [ebp-24]
0052FB66 |. 8B83 F8020000 mov eax, dword ptr [ebx+2F8]
0052FB6C |. E8 AB5EF4FF call 00475A1C
0052FB71 |. FF75 DC push dword ptr [ebp-24] ; (initial cpu selection)
0052FB74 |. 8D55 D8 lea edx, dword ptr [ebp-28]
0052FB77 |. 8B83 28030000 mov eax, dword ptr [ebx+328]
0052FB7D |. E8 9A5EF4FF call 00475A1C
0052FB82 |. FF75 D8 push dword ptr [ebp-28]
0052FB85 |. 8D45 E4 lea eax, dword ptr [ebp-1C]
0052FB88 |. BA 03000000 mov edx, 3
0052FB8D |. E8 3E51EDFF call 00404CD0
0052FB92 |. 8B45 E4 mov eax, dword ptr [ebp-1C]
0052FB95 |. 8D55 FC lea edx, dword ptr [ebp-4]
0052FB98 |. E8 7795EDFF call 00409114
0052FB9D |. 8B45 FC mov eax, dword ptr [ebp-4]
0052FBA0 |. E8 6B50EDFF call 00404C10
0052FBA5 |. 8BF0 mov esi, eax
0052FBA7 |. 85F6 test esi, esi
0052FBA9 |. 7E 1A jle short 0052FBC5 //下面的循环应该计算密码验证的!!
0052FBAB |. BF 01000000 mov edi, 1
0052FBB0 |> 8D45 FC /lea eax, dword ptr [ebp-4]
0052FBB3 |. E8 B052EDFF |call 00404E68
0052FBB8 |. 8D4438 FF |lea eax, dword ptr [eax+edi-1]
0052FBBC |. E8 27FBFFFF |call 0052F6E8
0052FBC1 |. 47 |inc edi
0052FBC2 |. 4E |dec esi
0052FBC3 |.^ 75 EB \jnz short 0052FBB0 //往上跳!
0052FBC5 |> 8B55 FC mov edx, dword ptr [ebp-4]
0052FBC8 |. 8B83 0C030000 mov eax, dword ptr [ebx+30C]
0052FBCE |. E8 795EF4FF call 00475A4C
0052FBD3 |. B2 01 mov dl, 1
0052FBD5 |. 8B83 1C030000 mov eax, dword ptr [ebx+31C]
0052FBDB |. E8 5C5DF4FF call 0047593C
0052FBE0 |. B2 01 mov dl, 1
0052FBE2 |. 8B83 20030000 mov eax, dword ptr [ebx+320]
0052FBE8 |. E8 4F5DF4FF call 0047593C
0052FBED |. 6B05 FC175600>imul eax, dword ptr [5617FC], 0D
0052FBF4 |. A3 FC175600 mov dword ptr [5617FC], eax
0052FBF9 |. 813D FC175600>cmp dword ptr [5617FC], 0BB8
0052FC03 7D 0D jge short 0052FC12
0052FC05 |. 8B83 08030000 mov eax, dword ptr [ebx+308]
0052FC0B |. E8 04E2FFFF call 0052DE14
0052FC10 |. EB 0A jmp short 0052FC1C
0052FC12 |> C705 FC175600>mov dword ptr [5617FC], 0BB8
0052FC1C |> 813D FC175600>cmp dword ptr [5617FC], 7D0
0052FC26 7E 0D jle short 0052FC35
0052FC28 |. 33D2 xor edx, edx
0052FC2A |. 8B83 04030000 mov eax, dword ptr [ebx+304]
0052FC30 |. 8B08 mov ecx, dword ptr [eax]
0052FC32 |. FF51 64 call dword ptr [ecx+64]
0052FC35 |> 33C0 xor eax, eax
0052FC37 |. 5A pop edx
0052FC38 |. 59 pop ecx
0052FC39 |. 59 pop ecx
0052FC3A |. 64:8910 mov dword ptr fs:[eax], edx
0052FC3D |. 68 7EFC5200 push 0052FC7E
0052FC42 |> 8D45 D8 lea eax, dword ptr [ebp-28]
0052FC45 |. BA 02000000 mov edx, 2
0052FC4A |. E8 254DEDFF call 00404974
0052FC4F |. 8D45 E0 lea eax, dword ptr [ebp-20]
0052FC52 |. BA 02000000 mov edx, 2
0052FC57 |. E8 184DEDFF call 00404974
0052FC5C |. 8D45 E8 lea eax, dword ptr [ebp-18]
0052FC5F |. BA 03000000 mov edx, 3
0052FC64 |. E8 0B4DEDFF call 00404974
0052FC69 |. 8D45 F4 lea eax, dword ptr [ebp-C]
0052FC6C |. BA 03000000 mov edx, 3
0052FC71 |. E8 FE4CEDFF call 00404974
0052FC76 \. C3 retn
0052FC77 .^ E9 7445EDFF jmp 004041F0
0052FC7C .^ EB C4 jmp short 0052FC42
0052FC7E . 5F pop edi
0052FC7F . 5E pop esi
0052FC80 . 5B pop ebx
0052FC81 . 8BE5 mov esp, ebp
0052FC83 . 5D pop ebp
0052FC84 . C3 retn
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
他的文章
- [求助]求教大神关于wifi握手包的问题 4917
- [求助]网络验证如何突破啊!! 4864
- [求助]关于一个网络验证的破解!! 4883
- [求助]关于一个PHP教程的破解! 望高手指点一下 4277
看原图
赞赏
雪币:
留言: