导入有加密狗的软件,bp CreateFileA返回:
02C722B2 85C0 TEST EAX,EAX
02C722B4 59 POP ECX
02C722B5 74 11 JE SHORT win32dll.02C722C8
02C722B7 3D 88660000 CMP EAX,6688
02C722BC 75 6D JNZ SHORT win32dll.02C7232B
02C722BE 6A 64 PUSH 64
02C722C0 FF15 2460C702 CALL DWORD PTR DS:[<&KERNEL32.Sleep>] ; kernel32.Sleep
02C722C6 ^ EB D5 JMP SHORT win32dll.02C7229D
02C722C8 3BFB CMP EDI,EBX
02C722CA 77 07 JA SHORT win32dll.02C722D3
02C722CC B8 1A4F0000 MOV EAX,4F1A
02C722D1 EB 58 JMP SHORT win32dll.02C7232B
02C722D3 837D FC FF CMP DWORD PTR SS:[EBP-4],-1
02C722D7 75 07 JNZ SHORT win32dll.02C722E0
02C722D9 B8 244E0000 MOV EAX,4E24
02C722DE EB 4B JMP SHORT win32dll.02C7232B
02C722E0 8B75 0C MOV ESI,DWORD PTR SS:[EBP+C]
02C722E3 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
02C722E6 6A 00 PUSH 0
02C722E8 50 PUSH EAX
02C722E9 6A 14 PUSH 14
02C722EB 56 PUSH ESI
02C722EC 6A 1C PUSH 1C
02C722EE FF75 08 PUSH DWORD PTR SS:[EBP+8]
02C722F1 68 B03100C6 PUSH C60031B0
02C722F6 FF75 FC PUSH DWORD PTR SS:[EBP-4]
02C722F9 FF15 0860C702 CALL DWORD PTR DS:[<&KERNEL32.DeviceIoControl>] ; kernel32.DeviceIoControl
02C722FF 85C0 TEST EAX,EAX
02C72301 74 04 JE SHORT win32dll.02C72307
02C72303 33F6 XOR ESI,ESI
02C72305 EB 09 JMP SHORT win32dll.02C72310
02C72307 B8 244E0000 MOV EAX,4E24
02C7230C 8906 MOV DWORD PTR DS:[ESI],EAX
02C7230E 8BF0 MOV ESI,EAX
02C72310 FF75 FC PUSH DWORD PTR SS:[EBP-4]
02C72313 FF15 1060C702 CALL DWORD PTR DS:[<&KERNEL32.CloseHandle>] ; kernel32.CloseHandle
02C72319 85C0 TEST EAX,EAX
02C7231B 75 04 JNZ SHORT win32dll.02C72321
02C7231D 834D FC FF OR DWORD PTR SS:[EBP-4],FFFFFFFF
02C72321 6A 64 PUSH 64
02C72323 FF15 2460C702 CALL DWORD PTR DS:[<&KERNEL32.Sleep>] ; kernel32.Sleep
02C72329 8BC6 MOV EAX,ESI
02C7232B 5F POP EDI
02C7232C 5E POP ESI
02C7232D 5B POP EBX
02C7232E C9 LEAVE
02C7232F C3 RETN
02C72330 55 PUSH EBP
02C72331 8BEC MOV EBP,ESP
02C72333 83EC 38 SUB ESP,38
02C72336 53 PUSH EBX
02C72337 56 PUSH ESI
02C72338 6A 1C PUSH 1C
02C7233A 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
02C7233D FF75 08 PUSH DWORD PTR SS:[EBP+8]
02C72340 33DB XOR EBX,EBX
02C72342 50 PUSH EAX
02C72343 E8 19FEFFFF CALL win32dll.02C72161
02C72348 83C4 0C ADD ESP,0C
02C7234B C645 C8 01 MOV BYTE PTR SS:[EBP-38],1
02C7234F C745 08 0100000>MOV DWORD PTR SS:[EBP+8],1
02C72356 8A45 08 MOV AL,BYTE PTR SS:[EBP+8]
02C72359 6A 00 PUSH 0
02C7235B 68 80000000 PUSH 80
02C72360 6A 03 PUSH 3
02C72362 6A 00 PUSH 0
02C72364 6A 07 PUSH 7
02C72366 04 30 ADD AL,30
02C72368 68 000000C0 PUSH C0000000
02C7236D 68 BC70C702 PUSH win32dll.02C770BC ; ASCII "\\.\LPTGA1"
02C72372 A2 C570C702 MOV BYTE PTR DS:[2C770C5],AL
02C72377 FF15 6C60C702 CALL DWORD PTR DS:[<&KERNEL32.CreateFileA>] ; kernel32.CreateFileA
02C7237D 8BF0 MOV ESI,EAX ; 返回到这里
02C7237F 83FE FF CMP ESI,-1
02C72382 74 37 JE SHORT win32dll.02C723BB
02C72384 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
02C72387 6A 00 PUSH 0
02C72389 50 PUSH EAX
02C7238A 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
02C7238D 6A 14 PUSH 14
02C7238F 50 PUSH EAX
02C72390 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
02C72393 6A 1C PUSH 1C
02C72395 50 PUSH EAX
02C72396 68 B03100C6 PUSH C60031B0
02C7239B 56 PUSH ESI
02C7239C FF15 0860C702 CALL DWORD PTR DS:[<&KERNEL32.DeviceIoControl>] ; kernel32.DeviceIoControl
02C723A2 85C0 TEST EAX,EAX
02C723A4 74 0C JE SHORT win32dll.02C723B2
02C723A6 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
02C723A9 8B5D E4 MOV EBX,DWORD PTR SS:[EBP-1C]
02C723AC 85DB TEST EBX,EBX
02C723AE 8930 MOV DWORD PTR DS:[EAX],ESI
请问那里是读狗的地方,该怎么改?学习破解很长时间了,也没学到什么东西,望高手不吝赐教
[课程]FART 脱壳王!加量不加价!FART作者讲授!