77D507EA > 8BFF mov edi,edi ; (Initial CPU selection)
77D507EC 55 push ebp
77D507ED 8BEC mov ebp,esp
77D507EF 833D BC14D777 0>cmp dword ptr ds:[77D714BC],0
77D507F6 74 24 je short user32.77D5081C
77D507F8 64:A1 18000000 mov eax,dword ptr fs:[18]
77D507FE 6A 00 push 0
77D50800 FF70 24 push dword ptr ds:[eax+24]
77D50803 68 241BD777 push user32.77D71B24
77D50808 FF15 C412D177 call dword ptr ds:[<&KERNEL32.Interlocke>; kernel32.InterlockedCompareExchange
77D5080E 85C0 test eax,eax
77D50810 75 0A jnz short user32.77D5081C
77D50812 C705 201BD777 0>mov dword ptr ds:[77D71B20],1
77D5081C 6A 00 push 0
77D5081E FF75 14 push dword ptr ss:[ebp+14]
77D50821 FF75 10 push dword ptr ss:[ebp+10]
77D50824 FF75 0C push dword ptr ss:[ebp+C]
77D50827 FF75 08 push dword ptr ss:[ebp+8]
77D5082A E8 2D000000 call user32.MessageBoxExA
77D5082F 5D pop ebp
77D50830 C2 1000 retn 10
77D50833 90 nop
77D50834 90 nop
77D50835 90 nop
77D50836 90 nop
77D50837 90 nop
77D50838 > 8BFF mov edi,edi
77D5083A 55 push ebp
77D5083B 8BEC mov ebp,esp
77D5083D 6A FF push -1
77D5083F FF75 18 push dword ptr ss:[ebp+18]
77D50842 FF75 14 push dword ptr ss:[ebp+14]
77D50845 FF75 10 push dword ptr ss:[ebp+10]
77D50848 FF75 0C push dword ptr ss:[ebp+C]
77D5084B FF75 08 push dword ptr ss:[ebp+8]
77D5084E E8 305B0100 call user32.MessageBoxTimeoutW ; 发送过期的信息
77D50853 5D pop ebp
77D50854 C2 1400 retn 14
77D50857 90 nop
77D50858 90 nop
77D50859 90 nop
77D5085A 90 nop
77D5085B 90 nop
77D5085C > 8BFF mov edi,edi
77D5085E 55 push ebp
77D5085F 8BEC mov ebp,esp
77D50861 6A FF push -1
77D50863 FF75 18 push dword ptr ss:[ebp+18]
77D50866 FF75 14 push dword ptr ss:[ebp+14]
77D50869 FF75 10 push dword ptr ss:[ebp+10]
77D5086C FF75 0C push dword ptr ss:[ebp+C]
77D5086F FF75 08 push dword ptr ss:[ebp+8]
77D50872 E8 8F5B0100 call user32.MessageBoxTimeoutA ; 这里也是
77D50877 5D pop ebp
77D50878 C2 1400 retn 14
=========================================
0013FD5C 0047AB17 /CALL 到 MessageBoxA
0013FD60 0036021E |hOwner = 0036021E ('kpv4tBK3fTt',class='TApplication')
0013FD64 02C30008 |Text = " 试用时间结束!您可以再次启动继续试用, 或购买月卡无限使用! "
0013FD68 02C20008 |Title = "提示"
0013FD6C 00000040 \Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
==============================================
我在这里找不到可以改JMP的跳转。。。我是新手。。。接下来就不知道能怎么做了。。请哪位大大指点下?
[课程]Linux pwn 探索篇!