标志位爆破中的问题
004054B0 55 push ebp
004054B1 8BEC mov ebp,esp
004054B3 6A FF push -1
004054B5 68 27B64500 push sendtb5_.0045B627
004054BA 64:A1 000000>mov eax,dword ptr fs:[0]
004054C0 50 push eax
004054C1 81EC 3C06000>sub esp,63C
004054C7 A1 1CFB4700 mov eax,dword ptr ds:[47FB1C]
004054CC 33C5 xor eax,ebp
004054CE 8945 F0 mov dword ptr ss:[ebp-10],eax
004054D1 50 push eax
004054D2 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004054D5 64:A3 000000>mov dword ptr fs:[0],eax
004054DB 898D C8F9FFF>mov dword ptr ss:[ebp-638],ecx
004054E1 8B85 C8F9FFF>mov eax,dword ptr ss:[ebp-638]
004054E7 81B8 B404000>cmp dword ptr ds:[eax+4B4],0F4240 //标志位
004054F1 75 1C jnz short sendtb5_.0040550F
004054F3 6A 00 push 0
004054F5 68 44554600 push sendtb5_.00465544 ; 警告
004054FA 68 4C554600 push sendtb5_.0046554C ; 您没有注册,不能使用此功能。请点击注册按钮注册成为正版用户。
004054FF 8B8D C8F9FFF>mov ecx,dword ptr ss:[ebp-638]
00405505 E8 8E2F0200 call sendtb5_.00428498
0040550A E9 3F020000 jmp sendtb5_.0040574E
004038B0 55 push ebp
004038B1 8BEC mov ebp,esp
004038B3 6A FF push -1
004038B5 68 05B34500 push sendtb5_.0045B305
004038BA 64:A1 000000>mov eax,dword ptr fs:[0]
004038C0 50 push eax
004038C1 81EC F801000>sub esp,1F8
004038C7 A1 1CFB4700 mov eax,dword ptr ds:[47FB1C]
004038CC 33C5 xor eax,ebp
004038CE 8945 F0 mov dword ptr ss:[ebp-10],eax
004038D1 50 push eax
004038D2 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004038D5 64:A3 000000>mov dword ptr fs:[0],eax
004038DB 898D 00FEFFF>mov dword ptr ss:[ebp-200],ecx
004038E1 8B85 00FEFFF>mov eax,dword ptr ss:[ebp-200]
004038E7 81B8 B404000>cmp dword ptr ds:[eax+4B4],0F4240 ; //标志位
004038F1 74 1C je short sendtb5_.0040390F
004038F3 6A 00 push 0
004038F5 68 E0514600 push sendtb5_.004651E0 ; 警告
004038FA 68 E8514600 push sendtb5_.004651E8 ; 您没有注册,不能使用此功能。请点击注册按钮注册成为正版用户。
004038FF 8B8D 00FEFFF>mov ecx,dword ptr ss:[ebp-200]
00403905 E8 8E4B0200 call sendtb5_.00428498
0040390A E9 95000000 jmp sendtb5_.004039A4
0040390F 6A 01 push 1
00401F55 E8 E4470200 call sendtb5_.0042673E
00401F5A 6A FF push -1
00401F5C 6A 3C push 3C
00401F5E 6A 00 push 0
00401F60 68 944F4600 push sendtb5_.00464F94 ; 状态
00401F65 6A 02 push 2
00401F67 8B8D 64FEFFF>mov ecx,dword ptr ss:[ebp-19C]
00401F6D 81C1 AC00000>add ecx,0AC
00401F73 E8 C6470200 call sendtb5_.0042673E
00401F78 6A FF push -1
00401F7A 6A 3C push 3C
00401F7C 6A 00 push 0
00401F7E 68 9C4F4600 push sendtb5_.00464F9C ; 是否在线
00401F83 6A 03 push 3
00401F85 8B8D 64FEFFF>mov ecx,dword ptr ss:[ebp-19C]
00401F8B 81C1 AC00000>add ecx,0AC
00401F91 E8 A8470200 call sendtb5_.0042673E
00401F96 8B8D 64FEFFF>mov ecx,dword ptr ss:[ebp-19C]
00401F9C C781 C004000>mov dword ptr ds:[ecx+4C0],1
00401FA6 8B8D 64FEFFF>mov ecx,dword ptr ss:[ebp-19C]
00401FAC E8 BF300000 call sendtb5_.00405070
00401FB1 8B95 64FEFFF>mov edx,dword ptr ss:[ebp-19C]
00401FB7 8982 B404000>mov dword ptr ds:[edx+4B4],eax
00401FBD 8B85 64FEFFF>mov eax,dword ptr ss:[ebp-19C]
00401FC3 81B8 B404000>cmp dword ptr ds:[eax+4B4],0F4240 //标志位
00401FCD 0F84 8C00000>je sendtb5_.0040205F
00401FD3 8D8D 98FEFFF>lea ecx,dword ptr ss:[ebp-168]
00401FD9 E8 A2730000 call sendtb5_.00409380
00401FDE C645 FC 01 mov byte ptr ss:[ebp-4],1
00401FE2 8D8D 98FEFFF>lea ecx,dword ptr ss:[ebp-168]
00401FE8 51 push ecx
00401FE9 8B8D 64FEFFF>mov ecx,dword ptr ss:[ebp-19C]
00401FEF E8 8A860200 call sendtb5_.0042A67E
00401FF4 68 A84F4600 push sendtb5_.00464FA8 ; (未注册)
00401FF9 8D95 98FEFFF>lea edx,dword ptr ss:[ebp-168]
00401FFF 52 push edx
00402000 8D85 7CFEFFF>lea eax,dword ptr ss:[ebp-184]
00402006 50 push eax
00402007 E8 D45F0000 call sendtb5_.00407FE0
0040200C 83C4 0C add esp,0C
0040200F 8985 30FEFFF>mov dword ptr ss:[ebp-1D0],eax
00402015 8B8D 30FEFFF>mov ecx,dword ptr ss:[ebp-1D0]
0040201B 898D 2CFEFFF>mov dword ptr ss:[ebp-1D4],ecx
00402021 C645 FC 02 mov byte ptr ss:[ebp-4],2
00402025 8B8D 2CFEFFF>mov ecx,dword ptr ss:[ebp-1D4]
0040202B E8 102A0100 call sendtb5_.00414A40
00402030 50 push eax
00402031 8B8D 64FEFFF>mov ecx,dword ptr ss:[ebp-19C]
00402037 E8 4FA50200 call sendtb5_.0042C58B
0040203C C645 FC 01 mov byte ptr ss:[ebp-4],1
00402040 8D8D 7CFEFFF>lea ecx,dword ptr ss:[ebp-184]
00402046 E8 C5F3FFFF call sendtb5_.00401410
0040204B C645 FC 00 mov byte ptr ss:[ebp-4],0
0040204F 8D8D 98FEFFF>lea ecx,dword ptr ss:[ebp-168]
00402055 E8 B6F3FFFF call sendtb5_.00401410
0040205A E9 87000000 jmp sendtb5_.004020E6
0040205F 8D8D 94FEFFF>lea ecx,dword ptr ss:[ebp-16C]
00402065 E8 16730000 call sendtb5_.00409380
0040206A C645 FC 03 mov byte ptr ss:[ebp-4],3
0040206E 8D95 94FEFFF>lea edx,dword ptr ss:[ebp-16C]
00402074 52 push edx
00402075 8B8D 64FEFFF>mov ecx,dword ptr ss:[ebp-19C]
0040207B E8 FE850200 call sendtb5_.0042A67E
00402080 68 B44F4600 push sendtb5_.00464FB4 ; (已注册)
00402085 8D85 94FEFFF>lea eax,dword ptr ss:[ebp-16C]
0040208B 50 push eax
0040208C 8D8D 78FEFFF>lea ecx,dword ptr ss:[ebp-188]
00402092 51 push ecx
00402093 E8 485F0000 call sendtb5_.00407FE0
cmp dword ptr ds:[eax+4B4],0F4240 //这里就是标志位?如果我要爆破,从那里下手.高手指点一下.小弟先谢谢了!
附件下载地址:http://www.day2010.cn/down/mm/sendtb.rar
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!