希望高手分析这个软件,写出具体分析思路,我不是为了自己使用,因为已经完美爆破了,但这不是我的目的
1.目的:兴趣和学习而已
2.对象AllMediaFixer.exe VERSION 1.0
3.对象描述:
4.程序无壳
5.什么都不输入,点注册,提示“Input error”,开wdasm找到如下信息
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0049D868(C), :0049D887(C), :0049D8A6(C), :0049D8C5(C), :0049D8E4(C)
|:0049D903(C), :0049D922(C), :0049D93A(C)
|
* Possible StringData Ref from Code Obj ->"Input error."
|
:0049DB4D B8CCDC4900 mov eax, 0049DCCC
:0049DB52 E84156F9FF call 00433198
有8个地方跳到这里,找到地址最小的一个0049D868,为什么找最小的一个呢?
因为程序是顺序执行的,所以输入有错呢,最先是这里跳过来的,仔细看0049D868代码
用DEDE分析按下regesiter结果,精彩!!!!!!!!!!!!!!
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049D85F E8C006FCFF call 0045DF24 //是否输入了用户名,没有? game over
0049D864 837DFC00 cmp dword ptr [ebp-$04], +$00
0049D868 0F84DF020000 jz 0049DB4D //就是这里了!!!!!
0049D86E 8D55F8 lea edx, [ebp-$08]
* Reference to control TRegForm.Edit2 : TEdit
|
0049D871 8B8300030000 mov eax, [ebx+$0300]
* Reference to: Controls.TControl.GetText(TControl):TCaption; //regcode0
|
0049D877 E8A806FCFF call 0045DF24
0049D87C 8B45F8 mov eax, [ebp-$08]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
0049D87F E8D074F6FF call 00404D54
0049D884 83F808 cmp eax, +$08 //length of regcode0 < 8, game over
0049D887 0F85C0020000 jnz 0049DB4D
0049D88D 8D55F4 lea edx, [ebp-$0C]
* Reference to control TRegForm.Edit3 : TEdit
|
0049D890 8B8324030000 mov eax, [ebx+$0324]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049D896 E88906FCFF call 0045DF24
0049D89B 8B45F4 mov eax, [ebp-$0C]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
0049D89E E8B174F6FF call 00404D54
0049D8A3 83F808 cmp eax, +$08 //length of regcode1 < 8, game over
0049D8A6 0F85A1020000 jnz 0049DB4D
0049D8AC 8D55F0 lea edx, [ebp-$10]
* Reference to control TRegForm.Edit4 : TEdit
|
0049D8AF 8B8340030000 mov eax, [ebx+$0340]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049D8B5 E86A06FCFF call 0045DF24
0049D8BA 8B45F0 mov eax, [ebp-$10]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
0049D8BD E89274F6FF call 00404D54
0049D8C2 83F808 cmp eax, +$08 //length of regcode2 < 8, game over
0049D8C5 0F8582020000 jnz 0049DB4D
0049D8CB 8D55EC lea edx, [ebp-$14]
* Reference to control TRegForm.Edit5 : TEdit
|
0049D8CE 8B8344030000 mov eax, [ebx+$0344]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049D8D4 E84B06FCFF call 0045DF24
0049D8D9 8B45EC mov eax, [ebp-$14]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
0049D8DC E87374F6FF call 00404D54
0049D8E1 83F808 cmp eax, +$08 //length of regcode3 < 8, game over
0049D8E4 0F8563020000 jnz 0049DB4D
0049D8EA 8D55E8 lea edx, [ebp-$18]
* Reference to control TRegForm.Edit6 : TEdit
|
0049D8ED 8B834C030000 mov eax, [ebx+$034C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049D8F3 E82C06FCFF call 0045DF24
0049D8F8 8B45E8 mov eax, [ebp-$18]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
0049D8FB E85474F6FF call 00404D54
0049D900 83F808 cmp eax, +$08 //length of regcode4 < 8, game over
0049D903 0F8544020000 jnz 0049DB4D
0049D909 8D55E4 lea edx, [ebp-$1C]
* Reference to control TRegForm.Edit7 : TEdit
|
0049D90C 8B8350030000 mov eax, [ebx+$0350]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049D912 E80D06FCFF call 0045DF24
0049D917 8B45E4 mov eax, [ebp-$1C]
* Reference to: System.@LStrLen(String):Integer;
| or: System.@DynArrayLength;
| or: System.DynArraySize(Pointer):Integer;
| or: Variants.DynArraySize(Pointer):Integer;
|
0049D91A E83574F6FF call 00404D54
0049D91F 83F808 cmp eax, +$08 //length of regcode5 < 8, game over
0049D922 0F8525020000 jnz 0049DB4D
0049D928 8D55E0 lea edx, [ebp-$20]
* Reference to control TRegForm.Edit8 : TEdit
|
0049D92B 8B8364030000 mov eax, [ebx+$0364]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049D931 E8EE05FCFF call 0045DF24
0049D936 837DE000 cmp dword ptr [ebp-$20], +$00 //no regcodeLast ? game over
0049D93A 0F840D020000 jz 0049DB4D
* Reference to control TRegForm.Edit3 : TEdit
|
0049D940 8B9324030000 mov edx, [ebx+$0324]
0049D946 8BC3 mov eax, ebx
|
0049D948 E82F100000 call 0049E97C
0049D94D 84C0 test al, al
0049D94F 0F8402020000 jz 0049DB57
* Reference to control TRegForm.Edit4 : TEdit
|
0049D955 8B9340030000 mov edx, [ebx+$0340]
0049D95B 8BC3 mov eax, ebx
|
0049D95D E81A100000 call 0049E97C
0049D962 84C0 test al, al
0049D964 0F84ED010000 jz 0049DB57
* Reference to control TRegForm.Edit5 : TEdit
|
0049D96A 8B9344030000 mov edx, [ebx+$0344]
0049D970 8BC3 mov eax, ebx
|
0049D972 E805100000 call 0049E97C
0049D977 84C0 test al, al
0049D979 0F84D8010000 jz 0049DB57
* Reference to control TRegForm.Edit6 : TEdit
|
0049D97F 8B934C030000 mov edx, [ebx+$034C]
0049D985 8BC3 mov eax, ebx
|
0049D987 E8F00F0000 call 0049E97C
0049D98C 84C0 test al, al
0049D98E 0F84C3010000 jz 0049DB57
* Reference to control TRegForm.Edit7 : TEdit
|
0049D994 8B9350030000 mov edx, [ebx+$0350]
0049D99A 8BC3 mov eax, ebx
|
0049D99C E8DB0F0000 call 0049E97C
0049D9A1 84C0 test al, al
0049D9A3 0F84AE010000 jz 0049DB57
* Reference to control TRegForm.Edit8 : TEdit
|
0049D9A9 8B9364030000 mov edx, [ebx+$0364]
0049D9AF 8BC3 mov eax, ebx
|
0049D9B1 E892100000 call 0049EA48
0049D9B6 84C0 test al, al
0049D9B8 0F8499010000 jz 0049DB57
* Reference to pointer to GlobalVar_004A8D14
|
0049D9BE 8B154C6D4A00 mov edx, [$004A6D4C]
0049D9C4 8B12 mov edx, [edx]
0049D9C6 8D45DC lea eax, [ebp-$24]
* Possible String Reference to: 'regcode.ini' //保存regName and regCode的文件名!!!!!!!!!!!
|
0049D9C9 B99CDB4900 mov ecx, $0049DB9C
* Reference to: System.@LStrCat3;
|
0049D9CE E8CD73F6FF call 00404DA0
0049D9D3 8B4DDC mov ecx, [ebp-$24]
0049D9D6 B201 mov dl, $01
* Reference to class TIniFile32
|
0049D9D8 A1984D4900 mov eax, dword ptr [$00494D98]
|
0049D9DD E82A74FFFF call 00494E0C
0049D9E2 8BF0 mov esi, eax
0049D9E4 8D55D8 lea edx, [ebp-$28]
* Reference to control TRegForm.Edit1 : TEdit
|
0049D9E7 8B83FC020000 mov eax, [ebx+$02FC]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049D9ED E83205FCFF call 0045DF24
0049D9F2 8B45D8 mov eax, [ebp-$28]
0049D9F5 50 push eax
* Possible String Reference to: 'regname'
|
0049D9F6 B9B0DB4900 mov ecx, $0049DBB0
* Possible String Reference to: 'regcode'
|
0049D9FB BAC0DB4900 mov edx, $0049DBC0
0049DA00 8BC6 mov eax, esi
|
0049DA02 E8F578FFFF call 004952FC
0049DA07 8D55D4 lea edx, [ebp-$2C]
* Reference to control TRegForm.Edit2 : TEdit
|
0049DA0A 8B8300030000 mov eax, [ebx+$0300]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049DA10 E80F05FCFF call 0045DF24
0049DA15 8B45D4 mov eax, [ebp-$2C]
0049DA18 50 push eax
* Possible String Reference to: 'regcode0'
|
0049DA19 B9D0DB4900 mov ecx, $0049DBD0
* Possible String Reference to: 'regcode'
|
0049DA1E BAC0DB4900 mov edx, $0049DBC0
0049DA23 8BC6 mov eax, esi
|
0049DA25 E8D278FFFF call 004952FC
0049DA2A 8D55D0 lea edx, [ebp-$30]
* Reference to control TRegForm.Edit3 : TEdit
|
0049DA2D 8B8324030000 mov eax, [ebx+$0324]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049DA33 E8EC04FCFF call 0045DF24
0049DA38 8B45D0 mov eax, [ebp-$30]
0049DA3B 50 push eax
* Possible String Reference to: 'regcode1'
|
0049DA3C B9E4DB4900 mov ecx, $0049DBE4
* Possible String Reference to: 'regcode'
|
0049DA41 BAC0DB4900 mov edx, $0049DBC0
0049DA46 8BC6 mov eax, esi
|
0049DA48 E8AF78FFFF call 004952FC
0049DA4D 8D55CC lea edx, [ebp-$34]
* Reference to control TRegForm.Edit4 : TEdit
|
0049DA50 8B8340030000 mov eax, [ebx+$0340]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049DA56 E8C904FCFF call 0045DF24
0049DA5B 8B45CC mov eax, [ebp-$34]
0049DA5E 50 push eax
* Possible String Reference to: 'regcode2'
|
0049DA5F B9F8DB4900 mov ecx, $0049DBF8
* Possible String Reference to: 'regcode'
|
0049DA64 BAC0DB4900 mov edx, $0049DBC0
0049DA69 8BC6 mov eax, esi
|
0049DA6B E88C78FFFF call 004952FC
0049DA70 8D55C8 lea edx, [ebp-$38]
* Reference to control TRegForm.Edit5 : TEdit
|
0049DA73 8B8344030000 mov eax, [ebx+$0344]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049DA79 E8A604FCFF call 0045DF24
0049DA7E 8B45C8 mov eax, [ebp-$38]
0049DA81 50 push eax
* Possible String Reference to: 'regcode3'
|
0049DA82 B90CDC4900 mov ecx, $0049DC0C
* Possible String Reference to: 'regcode'
|
0049DA87 BAC0DB4900 mov edx, $0049DBC0
0049DA8C 8BC6 mov eax, esi
|
0049DA8E E86978FFFF call 004952FC
0049DA93 8D55C4 lea edx, [ebp-$3C]
* Reference to control TRegForm.Edit6 : TEdit
|
0049DA96 8B834C030000 mov eax, [ebx+$034C]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049DA9C E88304FCFF call 0045DF24
0049DAA1 8B45C4 mov eax, [ebp-$3C]
0049DAA4 50 push eax
* Possible String Reference to: 'regcode4'
|
0049DAA5 B920DC4900 mov ecx, $0049DC20
* Possible String Reference to: 'regcode'
|
0049DAAA BAC0DB4900 mov edx, $0049DBC0
0049DAAF 8BC6 mov eax, esi
|
0049DAB1 E84678FFFF call 004952FC
0049DAB6 8D55C0 lea edx, [ebp-$40]
* Reference to control TRegForm.Edit7 : TEdit
|
0049DAB9 8B8350030000 mov eax, [ebx+$0350]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049DABF E86004FCFF call 0045DF24
0049DAC4 8B45C0 mov eax, [ebp-$40]
0049DAC7 50 push eax
* Possible String Reference to: 'regcode5'
|
0049DAC8 B934DC4900 mov ecx, $0049DC34
* Possible String Reference to: 'regcode'
|
0049DACD BAC0DB4900 mov edx, $0049DBC0
0049DAD2 8BC6 mov eax, esi
|
0049DAD4 E82378FFFF call 004952FC
0049DAD9 8D55BC lea edx, [ebp-$44]
* Reference to control TRegForm.Edit8 : TEdit
|
0049DADC 8B8364030000 mov eax, [ebx+$0364]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
0049DAE2 E83D04FCFF call 0045DF24
0049DAE7 8B45BC mov eax, [ebp-$44]
0049DAEA 50 push eax
* Possible String Reference to: 'regcode6'
|
0049DAEB B948DC4900 mov ecx, $0049DC48
* Possible String Reference to: 'regcode'
|
0049DAF0 BAC0DB4900 mov edx, $0049DBC0
0049DAF5 8BC6 mov eax, esi
|
0049DAF7 E80078FFFF call 004952FC ;以上一部分写入regName and regCode
* Possible String Reference to: 'Thank you, Please exit the software
| and restart software.'
|
0049DAFC B85CDC4900 mov eax, $0049DC5C
* Reference to: Dialogs.ShowMessage(AnsiString);
|
0049DB01 E89256F9FF call 00433198
* Reference to TApplication instance
|
0049DB06 A1D86E4A00 mov eax, dword ptr [$004A6ED8]
0049DB0B 8B00 mov eax, [eax]
* Reference to: Forms.TApplication.Terminate(TApplication);
|
0049DB0D E81A00FEFF call 0047DB2C
0049DB12 8D55B8 lea edx, [ebp-$48]
随便输入8符合要求的testcode,重启软件,发现没有注册成功,和开始一样,看来是重启验证,很明显要读文件,
下断ReadFile,没有断下,瞎追了一通,没有感觉,郁闷,后来仔细想,不是有文件名吗?
搜索regcode.ini,下断,轻松定位暴破关键点:
004A1785 |. B9 EC1B4A00 MOV ECX,AllMedia.004A1BEC ; ASCII "regcode.ini"
004A178A |. E8 1136F6FF CALL AllMedia.00404DA0
004A178F |. 8B8D 18FEFFFF MOV ECX,DWORD PTR SS:[EBP-1E8]
004A1795 |. B2 01 MOV DL,1
004A1797 |. A1 984D4900 MOV EAX,DWORD PTR DS:[494D98] ; 全局变量
004A179C |. E8 6B36FFFF CALL AllMedia.00494E0C
004A17A1 |. 8BF0 MOV ESI,EAX
004A17A3 |. 68 001C4A00 PUSH AllMedia.004A1C00 ; ASCII "None"
004A17A8 |. 8D85 14FEFFFF LEA EAX,DWORD PTR SS:[EBP-1EC]
004A17AE |. 50 PUSH EAX
004A17AF |. B9 101C4A00 MOV ECX,AllMedia.004A1C10 ; ASCII "regname"
004A17B4 |. BA 201C4A00 MOV EDX,AllMedia.004A1C20 ; ASCII "regcode"
004A17B9 |. 8BC6 MOV EAX,ESI
004A17BB |. E8 5839FFFF CALL AllMedia.00495118
004A17C0 |. 8B95 14FEFFFF MOV EDX,DWORD PTR SS:[EBP-1EC] ; edx==>用户名
004A17C6 |. B8 548D4A00 MOV EAX,AllMedia.004A8D54
004A17CB |. E8 1833F6FF CALL AllMedia.00404AE8
004A17D0 |. 68 301C4A00 PUSH AllMedia.004A1C30 ; ASCII "12345678"
004A17D5 |. 8D85 10FEFFFF LEA EAX,DWORD PTR SS:[EBP-1F0]
004A17DB |. 50 PUSH EAX
004A17DC |. B9 441C4A00 MOV ECX,AllMedia.004A1C44 ; ASCII "regcode0"
004A17E1 |. BA 201C4A00 MOV EDX,AllMedia.004A1C20 ; ASCII "regcode"
004A17E6 |. 8BC6 MOV EAX,ESI
004A17E8 |. E8 2B39FFFF CALL AllMedia.00495118
004A17ED |. 8B95 10FEFFFF MOV EDX,DWORD PTR SS:[EBP-1F0]
004A17F3 |. 8BC7 MOV EAX,EDI
004A17F5 |. E8 EE32F6FF CALL AllMedia.00404AE8
004A17FA |. 68 301C4A00 PUSH AllMedia.004A1C30 ; ASCII "12345678"
004A17FF |. 8D85 0CFEFFFF LEA EAX,DWORD PTR SS:[EBP-1F4]
004A1805 |. 50 PUSH EAX
004A1806 |. B9 581C4A00 MOV ECX,AllMedia.004A1C58 ; ASCII "regcode1"
004A180B |. BA 201C4A00 MOV EDX,AllMedia.004A1C20 ; ASCII "regcode"
004A1810 |. 8BC6 MOV EAX,ESI
004A1812 |. E8 0139FFFF CALL AllMedia.00495118
004A1817 |. 8B95 0CFEFFFF MOV EDX,DWORD PTR SS:[EBP-1F4]
004A181D |. 8D47 04 LEA EAX,DWORD PTR DS:[EDI+4]
004A1820 |. E8 C332F6FF CALL AllMedia.00404AE8
004A1825 |. 68 301C4A00 PUSH AllMedia.004A1C30 ; ASCII "12345678"
004A182A |. 8D85 08FEFFFF LEA EAX,DWORD PTR SS:[EBP-1F8]
004A1830 |. 50 PUSH EAX
004A1831 |. B9 6C1C4A00 MOV ECX,AllMedia.004A1C6C ; ASCII "regcode2"
004A1836 |. BA 201C4A00 MOV EDX,AllMedia.004A1C20 ; ASCII "regcode"
004A183B |. 8BC6 MOV EAX,ESI
004A183D |. E8 D638FFFF CALL AllMedia.00495118
004A1842 |. 8B95 08FEFFFF MOV EDX,DWORD PTR SS:[EBP-1F8]
004A1848 |. 8D47 08 LEA EAX,DWORD PTR DS:[EDI+8]
004A184B |. E8 9832F6FF CALL AllMedia.00404AE8
004A1850 |. 68 301C4A00 PUSH AllMedia.004A1C30 ; ASCII "12345678"
004A1855 |. 8D85 04FEFFFF LEA EAX,DWORD PTR SS:[EBP-1FC]
004A185B |. 50 PUSH EAX
004A185C |. B9 801C4A00 MOV ECX,AllMedia.004A1C80 ; ASCII "regcode3"
004A1861 |. BA 201C4A00 MOV EDX,AllMedia.004A1C20 ; ASCII "regcode"
004A1866 |. 8BC6 MOV EAX,ESI
004A1868 |. E8 AB38FFFF CALL AllMedia.00495118
004A186D |. 8B95 04FEFFFF MOV EDX,DWORD PTR SS:[EBP-1FC]
004A1873 |. 8D47 0C LEA EAX,DWORD PTR DS:[EDI+C]
004A1876 |. E8 6D32F6FF CALL AllMedia.00404AE8
004A187B |. 68 301C4A00 PUSH AllMedia.004A1C30 ; ASCII "12345678"
004A1880 |. 8D85 00FEFFFF LEA EAX,DWORD PTR SS:[EBP-200]
004A1886 |. 50 PUSH EAX
004A1887 |. B9 941C4A00 MOV ECX,AllMedia.004A1C94 ; ASCII "regcode4"
004A188C |. BA 201C4A00 MOV EDX,AllMedia.004A1C20 ; ASCII "regcode"
004A1891 |. 8BC6 MOV EAX,ESI
004A1893 |. E8 8038FFFF CALL AllMedia.00495118
004A1898 |. 8B95 00FEFFFF MOV EDX,DWORD PTR SS:[EBP-200]
004A189E |. 8D47 10 LEA EAX,DWORD PTR DS:[EDI+10]
004A18A1 |. E8 4232F6FF CALL AllMedia.00404AE8
004A18A6 |. 68 301C4A00 PUSH AllMedia.004A1C30 ; ASCII "12345678"
004A18AB |. 8D85 FCFDFFFF LEA EAX,DWORD PTR SS:[EBP-204]
004A18B1 |. 50 PUSH EAX
004A18B2 |. B9 A81C4A00 MOV ECX,AllMedia.004A1CA8 ; ASCII "regcode5"
004A18B7 |. BA 201C4A00 MOV EDX,AllMedia.004A1C20 ; ASCII "regcode"
004A18BC |. 8BC6 MOV EAX,ESI
004A18BE |. E8 5538FFFF CALL AllMedia.00495118
004A18C3 |. 8B95 FCFDFFFF MOV EDX,DWORD PTR SS:[EBP-204]
004A18C9 |. 8D47 14 LEA EAX,DWORD PTR DS:[EDI+14]
004A18CC |. E8 1732F6FF CALL AllMedia.00404AE8
004A18D1 |. 68 301C4A00 PUSH AllMedia.004A1C30 ; ASCII "12345678"
004A18D6 |. 8D85 F8FDFFFF LEA EAX,DWORD PTR SS:[EBP-208]
004A18DC |. 50 PUSH EAX
004A18DD |. B9 BC1C4A00 MOV ECX,AllMedia.004A1CBC ; ASCII "regcode6"
004A18E2 |. BA 201C4A00 MOV EDX,AllMedia.004A1C20 ; ASCII "regcode"
004A18E7 |. 8BC6 MOV EAX,ESI
004A18E9 |. E8 2A38FFFF CALL AllMedia.00495118
004A18EE |. 8B95 F8FDFFFF MOV EDX,DWORD PTR SS:[EBP-208]
004A18F4 |. 8D47 18 LEA EAX,DWORD PTR DS:[EDI+18]
004A18F7 |. E8 EC31F6FF CALL AllMedia.00404AE8
004A18FC |. 8B4F 18 MOV ECX,DWORD PTR DS:[EDI+18] ;
004A18FF |. 8B17 MOV EDX,DWORD PTR DS:[EDI] ;
004A1901 |. 8BC3 MOV EAX,EBX
004A1903 |. E8 F4FAFFFF CALL AllMedia.004A13FC
004A1908 |. 84C0 TEST AL,AL
004A190A |. 74 37 JE SHORT AllMedia.004A1943 ; 爆破点!!!!!!!
我怎么知道是不是关键呢?看上面ollydbg的提示,"regcode0-----"regcode6"都做完了,应该有作用吧
测试一下,ok,注册成功!!!!!
搞了几天,感觉没有学到什么东西啊,太菜了,呵呵
应该很适合菜鸟练习,我分2份传上来了
附件:crackObject.part1.rar
[培训]科锐软件逆向50期预科班报名即将截止,速来!!! 50期正式班报名火爆招生中!!!
