近日遇到一软件，有多处读狗的地方，经观察，提示加密狗出错的上面都有一个 CALL 00404ECC 紧接着一个跳转。跳后就死。我想：是不是改这个CALL 里面的某个东西，让它 CALL 结束时返回的结果与有狗时相反，就能躲开所有的加密狗检查。但是不知道如何改这个CALL。请高手指教。
下面是这个CALL的代码：

============================================
:00404ECC 53 push ebx
:00404ECD 56 push esi
:00404ECE 57 push edi
:00404ECF 89C6 mov esi, eax
:00404ED1 89D7 mov edi, edx
:00404ED3 39D0 cmp eax, edx
:00404ED5 0F848F000000 je 00404F6A
:00404EDB 85F6 test esi, esi
:00404EDD 7468 je 00404F47
:00404EDF 85FF test edi, edi
:00404EE1 746B je 00404F4E
:00404EE3 8B46FC mov eax, dword ptr [esi-04]
:00404EE6 8B57FC mov edx, dword ptr [edi-04]
:00404EE9 29D0 sub eax, edx
:00404EEB 7702 ja 00404EEF
:00404EED 01C2 add edx, eax

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404EEB(C)
|
:00404EEF 52 push edx
:00404EF0 C1EA02 shr edx, 02
:00404EF3 7426 je 00404F1B

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404F11(C)
|
:00404EF5 8B0E mov ecx, dword ptr [esi]
:00404EF7 8B1F mov ebx, dword ptr [edi]
:00404EF9 39D9 cmp ecx, ebx
:00404EFB 7558 jne 00404F55
:00404EFD 4A dec edx
:00404EFE 7415 je 00404F15
:00404F00 8B4E04 mov ecx, dword ptr [esi+04]
:00404F03 8B5F04 mov ebx, dword ptr [edi+04]
:00404F06 39D9 cmp ecx, ebx
:00404F08 754B jne 00404F55
:00404F0A 83C608 add esi, 00000008
:00404F0D 83C708 add edi, 00000008
:00404F10 4A dec edx
:00404F11 75E2 jne 00404EF5
:00404F13 EB06 jmp 00404F1B

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404EFE(C)
|
:00404F15 83C604 add esi, 00000004
:00404F18 83C704 add edi, 00000004

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00404EF3(C), :00404F13(U)
|
:00404F1B 5A pop edx
:00404F1C 83E203 and edx, 00000003
:00404F1F 7422 je 00404F43
:00404F21 8B0E mov ecx, dword ptr [esi]
:00404F23 8B1F mov ebx, dword ptr [edi]
:00404F25 38D9 cmp cl, bl
:00404F27 7541 jne 00404F6A
:00404F29 4A dec edx
:00404F2A 7417 je 00404F43
:00404F2C 38FD cmp ch, bh
:00404F2E 753A jne 00404F6A
:00404F30 4A dec edx
:00404F31 7410 je 00404F43
:00404F33 81E30000FF00 and ebx, 00FF0000
:00404F39 81E10000FF00 and ecx, 00FF0000
:00404F3F 39D9 cmp ecx, ebx
:00404F41 7527 jne 00404F6A

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00404F1F(C), :00404F2A(C), :00404F31(C)
|
:00404F43 01C0 add eax, eax
:00404F45 EB23 jmp 00404F6A

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404EDD(C)
|
:00404F47 8B57FC mov edx, dword ptr [edi-04]
:00404F4A 29D0 sub eax, edx
:00404F4C EB1C jmp 00404F6A

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404EE1(C)
|
:00404F4E 8B46FC mov eax, dword ptr [esi-04]
:00404F51 29D0 sub eax, edx
:00404F53 EB15 jmp 00404F6A

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00404EFB(C), :00404F08(C)
|
:00404F55 5A pop edx
:00404F56 38D9 cmp cl, bl
:00404F58 7510 jne 00404F6A
:00404F5A 38FD cmp ch, bh
:00404F5C 750C jne 00404F6A
:00404F5E C1E910 shr ecx, 10
:00404F61 C1EB10 shr ebx, 10
:00404F64 38D9 cmp cl, bl
:00404F66 7502 jne 00404F6A
:00404F68 38FD cmp ch, bh

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00404ED5(C), :00404F27(C), :00404F2E(C), :00404F41(C), :00404F45(U)
|:00404F4C(U), :00404F53(U), :00404F58(C), :00404F5C(C), :00404F66(C)
|
:00404F6A 5F pop edi
:00404F6B 5E pop esi
:00404F6C 5B pop ebx
:00404F6D C3 ret

:00404F6E 8BC0 mov eax, eax
============================================

[培训]《安卓高级研修班(网课)》月薪三万计划，掌 握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法