地址:http://bbs.pediy.com/upload/files/1084801702.zip
照着教程 下断点:
bp MessageBoxA
按下F9后, 跟到:
77D5058A U> 8BFF mov edi,edi
77D5058C 55 push ebp
77D5058D 8BEC mov ebp,esp
77D5058F 833D BC04D777 00 cmp dword ptr ds:[77D704BC],0
77D50596 74 24 je short USER32.77D505BC
77D50598 64:A1 18000000 mov eax,dword ptr fs:[18]
77D5059E 6A 00 push 0
77D505A0 FF70 24 push dword ptr ds:[eax+24]
77D505A3 68 240BD777 push USER32.77D70B24
77D505A8 FF15 C812D177 call dword ptr ds:[<&KERNEL32.Inter>; kernel32.InterlockedCompareExchange
77D505AE 85C0 test eax,eax
77D505B0 75 0A jnz short USER32.77D505BC
77D505B2 C705 200BD777 01000000 mov dword ptr ds:[77D70B20],1
77D505BC 6A 00 push 0
77D505BE FF75 14 push dword ptr ss:[ebp+14]
77D505C1 FF75 10 push dword ptr ss:[ebp+10]
77D505C4 FF75 0C push dword ptr ss:[ebp+C]
77D505C7 FF75 08 push dword ptr ss:[ebp+8]
77D505CA E8 2D000000 call USER32.MessageBoxExA
77D505CF 5D pop ebp
77D505D0 C2 1000 retn 10
发现都是以77D开头,并没有到77E
与教程中的:
77E16544 > 55 PUSH EBP <---停在这里
77E16545 8BEC MOV EBP,ESP
77E16547 51 PUSH ECX
77E16548 833D 1893E477 00 CMP DWORD PTR DS:[77E49318],0
77E1654F 0F85 EA220100 JNZ USER32.77E2883F
77E16555 6A 00 PUSH 0
77E16557 FF75 14 PUSH DWORD PTR SS:[EBP+14]
77E1655A FF75 10 PUSH DWORD PTR SS:[EBP+10]
77E1655D FF75 0C PUSH DWORD PTR SS:[EBP+C]
77E16560 FF75 08 PUSH DWORD PTR SS:[EBP+8]
77E16563 E8 04000000 CALL USER32.MessageBoxExA
77E16568 C9 LEAVE
77E16569 C2 1000 RETN 10
77E1656C > 55 PUSH EBP
差别比较大.我是做错了什么吗?错在哪里了啊?大家帮帮我啊~我是一只才学习Crack的小鸟鸟~先在这里谢谢大家了
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
