-
-
[旧帖] [求助]ASPack 2.12 -> Alexey Solodovnikov +自校验 0.00雪花
-
发表于: 2009-6-12 05:34 2734
-
在坛子里看了N多前辈高人写的脱文,还是搞不定这个东东。希望有视频教程!
顺便附上附件,请各位高人帮我看看,这个自校验到底怎么了
因为上传文件大于1M
只能发转发地址:点击下载
先谢各位了!
00828001 > 60 pushad F8
00828002 E8 03000000 call 0082800A 命令行输入 hr 0012ffa4 回车 F9
00828007 - E9 EB045D45 jmp 45DF84F7
0082800C 55 push ebp
0082800D C3 retn
0082800E E8 01000000 call 00828014
00828013 EB 5D jmp short 00828072
00828015 BB EDFFFFFF mov ebx, -13
0082801A 03DD add ebx, ebp
0082801C 81EB 00804200 sub ebx, 00428000
00828022 83BD 22040000 0>cmp dword ptr [ebp+422], 0
00828029 899D 22040000 mov dword ptr [ebp+422], ebx
0082802F 0F85 65030000 jnz 0082839A
00828035 8D85 2E040000 lea eax, dword ptr [ebp+42E]
-----------------------------------------------------------------------------------------------------------------------------
008283B0 /75 08 jnz short 008283BA 删除硬件断点 F7步入
008283B2 |B8 01000000 mov eax, 1
008283B7 |C2 0C00 retn 0C
008283BA \68 A3D67E00 push 007ED6A3
008283BF C3 retn F8
008283C0 8B85 26040000 mov eax, dword ptr [ebp+426]
008283C6 8D8D 3B040000 lea ecx, dword ptr [ebp+43B]
008283CC 51 push ecx
008283CD 50 push eax
------------------------------------------------------------------------------------------------------------
007ED6A3 68 db 68 ; CHAR 'h' 这里就不懂了,我接着F8
007ED6A4 00 db 00
007ED6A5 39 db 39 ; CHAR '9'
007ED6A6 28 db 28 ; CHAR '('
007ED6A7 6E db 6E ; CHAR 'n'
007ED6A8 E8 db E8
007ED6A9 F6 db F6
007ED6AA B4 db B4
007ED6AB 00 db 00
007ED6AC 00 db 00
007ED6AD 68 db 68 ; CHAR 'h'
007ED6AE 3C db 3C ; CHAR '<'
007ED6AF 31 db 31 ; CHAR '1'
007ED6B0 28 db 28 ; CHAR '('
007ED6B1 9E db 9E
007ED6B2 E8 db E8
-----------------------------------------------------------------------------------------------------------------------------
7C812AFB 5E pop esi ; Server.004BDB7C 到这里程序运行了,用LoadPE发现镜像大小是一样的,然后用ImportREC修复表,OEP输入2AFB,获取不到信息----一愁莫展
7C812AFC C9 leave
7C812AFD C2 1000 retn 10
7C812B00 85FF test edi, edi
7C812B02 ^ 0F8E 3693FFFF jle 7C80BE3E
7C812B08 8B55 FC mov edx, dword ptr [ebp-4]
7C812B0B 8955 0C mov dword ptr [ebp+C], edx
7C812B0E 0FB716 movzx edx, word ptr [esi]
-----------------------------------------------------
望高手前来指点!!!!!!!!!!!!!!!!!!! 本人邮箱:5937643@qq.com 望高手把破解的东东和脱文发给我,感激不尽!!!!!!!!!!!
顺便附上附件,请各位高人帮我看看,这个自校验到底怎么了
因为上传文件大于1M
只能发转发地址:点击下载
先谢各位了!
00828001 > 60 pushad F8
00828002 E8 03000000 call 0082800A 命令行输入 hr 0012ffa4 回车 F9
00828007 - E9 EB045D45 jmp 45DF84F7
0082800C 55 push ebp
0082800D C3 retn
0082800E E8 01000000 call 00828014
00828013 EB 5D jmp short 00828072
00828015 BB EDFFFFFF mov ebx, -13
0082801A 03DD add ebx, ebp
0082801C 81EB 00804200 sub ebx, 00428000
00828022 83BD 22040000 0>cmp dword ptr [ebp+422], 0
00828029 899D 22040000 mov dword ptr [ebp+422], ebx
0082802F 0F85 65030000 jnz 0082839A
00828035 8D85 2E040000 lea eax, dword ptr [ebp+42E]
-----------------------------------------------------------------------------------------------------------------------------
008283B0 /75 08 jnz short 008283BA 删除硬件断点 F7步入
008283B2 |B8 01000000 mov eax, 1
008283B7 |C2 0C00 retn 0C
008283BA \68 A3D67E00 push 007ED6A3
008283BF C3 retn F8
008283C0 8B85 26040000 mov eax, dword ptr [ebp+426]
008283C6 8D8D 3B040000 lea ecx, dword ptr [ebp+43B]
008283CC 51 push ecx
008283CD 50 push eax
------------------------------------------------------------------------------------------------------------
007ED6A3 68 db 68 ; CHAR 'h' 这里就不懂了,我接着F8
007ED6A4 00 db 00
007ED6A5 39 db 39 ; CHAR '9'
007ED6A6 28 db 28 ; CHAR '('
007ED6A7 6E db 6E ; CHAR 'n'
007ED6A8 E8 db E8
007ED6A9 F6 db F6
007ED6AA B4 db B4
007ED6AB 00 db 00
007ED6AC 00 db 00
007ED6AD 68 db 68 ; CHAR 'h'
007ED6AE 3C db 3C ; CHAR '<'
007ED6AF 31 db 31 ; CHAR '1'
007ED6B0 28 db 28 ; CHAR '('
007ED6B1 9E db 9E
007ED6B2 E8 db E8
-----------------------------------------------------------------------------------------------------------------------------
7C812AFB 5E pop esi ; Server.004BDB7C 到这里程序运行了,用LoadPE发现镜像大小是一样的,然后用ImportREC修复表,OEP输入2AFB,获取不到信息----一愁莫展
7C812AFC C9 leave
7C812AFD C2 1000 retn 10
7C812B00 85FF test edi, edi
7C812B02 ^ 0F8E 3693FFFF jle 7C80BE3E
7C812B08 8B55 FC mov edx, dword ptr [ebp-4]
7C812B0B 8955 0C mov dword ptr [ebp+C], edx
7C812B0E 0FB716 movzx edx, word ptr [esi]
-----------------------------------------------------
望高手前来指点!!!!!!!!!!!!!!!!!!! 本人邮箱:5937643@qq.com 望高手把破解的东东和脱文发给我,感激不尽!!!!!!!!!!!
赞赏
看原图
赞赏
雪币:
留言: