004AB38E CC int3
004AB38F CC int3 /这里是呼叫验证码输入窗口的模块
004AB390 /$ 6A FF push -1
004AB392 |. 68 D87F6300 push 00637FD8 ; SE 处理程序安装
004AB397 |. 64:A1 0000000>mov eax, dword ptr fs:[0]
004AB39D |. 50 push eax
004AB39E |. 64:8925 00000>mov dword ptr fs:[0], esp
004AB3A5 |. 51 push ecx
004AB3A6 |. 56 push esi
004AB3A7 |. 8BF1 mov esi, ecx
004AB3A9 |. 6A 08 push 8
004AB3AB |. 897424 08 mov dword ptr [esp+8], esi
004AB3AF |. E8 2C131100 call 005BC6E0
004AB3B4 |. 68 D8CE6500 push 0065CED8 ; ASCII "config/ui/login/verifyid.scp"
004AB3B9 |. 8BCE mov ecx, esi
004AB3BB |. C74424 14 000>mov dword ptr [esp+14], 0
004AB3C3 |. C706 E4CD6500 mov dword ptr [esi], 0065CDE4
004AB3C9 |. E8 52FF1000 call 005BB320
004AB3CE |. 8B4C24 08 mov ecx, dword ptr [esp+8]
004AB3D2 |. 8BC6 mov eax, esi
004AB3D4 |. 5E pop esi
004AB3D5 |. 64:890D 00000>mov dword ptr fs:[0], ecx
004AB3DC |. 83C4 10 add esp, 10
004AB3DF \. C3 retn
004AB3E0 $ C701 E4CD6500 mov dword ptr [ecx], 0065CDE4
004AB3E6 . E9 B50A1100 jmp 005BBEA0
004AB3EB CC int3
004AB3EC CC int3
004AB3ED CC int3
004AB3EE CC int3
004AB3EF CC int3
004AB3F0 . 56 push esi
004AB3F1 . 6A 01 push 1
004AB3F3 . 68 F8CE6500 push 0065CEF8 ; ASCII "login_verifyid_id"
004AB3F8 . 8BF1 mov esi, ecx
004AB3FA . E8 A1341100 call 005BE8A0
004AB3FF . 8986 08030000 mov dword ptr [esi+308], eax
004AB405 . 5E pop esi
004AB406 . C3 retn
004AB407 CC int3
004AB408 CC int3
004AB409 CC int3
004AB40A CC int3
004AB40B CC int3
004AB40C CC int3
004AB40D CC int3
004AB40E CC int3
004AB40F CC int3
004AB410 . 8B0D 106C6A00 mov ecx, dword ptr [6A6C10]
004AB416 . 6A 01 push 1
004AB418 . E8 73C80600 call 00517C90
004AB41D . B8 01000000 mov eax, 1
004AB422 . C2 0800 retn 8
004AB425 CC int3
004AB426 CC int3
004AB427 CC int3
004AB428 CC int3
004AB429 CC int3
004AB42A CC int3
004AB42B CC int3
004AB42C CC int3
004AB42D CC int3
004AB42E CC int3
004AB42F CC int3
004AB430 . 6A 00 push 0
004AB432 . 6A 00 push 0
004AB434 . 6A 01 push 1
004AB436 . 68 07100000 push 1007
004AB43B . E8 504E0100 call 004C0290
004AB440 . 83C4 10 add esp, 10
004AB443 . B8 01000000 mov eax, 1
004AB448 . C2 0800 retn 8
004AB44B CC int3
004AB44C CC int3
004AB44D CC int3
004AB44E CC int3
004AB44F CC int3
004AB450 . 83EC 24 sub esp, 24
004AB453 . A1 C8576A00 mov eax, dword ptr [6A57C8]
004AB458 . 894424 20 mov dword ptr [esp+20], eax
004AB45C . 33C0 xor eax, eax
004AB45E . 890424 mov dword ptr [esp], eax
004AB461 . 894424 04 mov dword ptr [esp+4], eax
004AB465 . 894424 08 mov dword ptr [esp+8], eax
004AB469 . 894424 0C mov dword ptr [esp+C], eax
004AB46D . 894424 10 mov dword ptr [esp+10], eax
004AB471 . 894424 14 mov dword ptr [esp+14], eax
004AB475 . 56 push esi
004AB476 . 894424 1C mov dword ptr [esp+1C], eax
004AB47A . 8BF1 mov esi, ecx
004AB47C . 8B8E 08030000 mov ecx, dword ptr [esi+308]
004AB482 . 894424 20 mov dword ptr [esp+20], eax
004AB486 . 8B11 mov edx, dword ptr [ecx]
004AB488 . 6A 0D push 0D
004AB48A . 8D4424 08 lea eax, dword ptr [esp+8]
004AB48E . 50 push eax
004AB48F . FF92 8C000000 call dword ptr [edx+8C]
004AB495 . 8A4424 04 mov al, byte ptr [esp+4]
004AB499 . 84C0 test al, al
004AB49B . 75 18 jnz short 004AB4B5
004AB49D . 6A 00 push 0
004AB49F . 6A 08 push 8
004AB4A1 . 6A 00 push 0
004AB4A3 . 56 push esi
004AB4A4 . 68 01020000 push 201
004AB4A9 . 68 3CCF6500 push 0065CF3C
004AB4AE . E8 CD37FBFF call 0045EC80
004AB4B3 . EB 73 jmp short 004AB528
004AB4B5 > 8D4424 04 lea eax, dword ptr [esp+4]
004AB4B9 . 8D50 01 lea edx, dword ptr [eax+1]
004AB4BC . 8D6424 00 lea esp, dword ptr [esp]
004AB4C0 > 8A08 mov cl, byte ptr [eax]
004AB4C2 . 40 inc eax
004AB4C3 . 84C9 test cl, cl
004AB4C5 .^ 75 F9 jnz short 004AB4C0
004AB4C7 . 2BC2 sub eax, edx
004AB4C9 . 8BD0 mov edx, eax
004AB4CB . 83FA 0C cmp edx, 0C
004AB4CE . 7E 18 jle short 004AB4E8
004AB4D0 . 6A 00 push 0
004AB4D2 . 6A 08 push 8
004AB4D4 . 6A 00 push 0
004AB4D6 . 56 push esi
004AB4D7 . 68 01020000 push 201
004AB4DC . 68 2CCF6500 push 0065CF2C
004AB4E1 . E8 9A37FBFF call 0045EC80
004AB4E6 . EB 40 jmp short 004AB528
004AB4E8 > 33C9 xor ecx, ecx
004AB4EA . 85D2 test edx, edx
004AB4EC . 7E 23 jle short 004AB511
004AB4EE . 8BFF mov edi, edi
004AB4F0 > 8A440C 04 mov al, byte ptr [esp+ecx+4]
004AB4F4 . 3C 30 cmp al, 30
004AB4F6 . 7C 04 jl short 004AB4FC
004AB4F8 . 3C 39 cmp al, 39
004AB4FA . 7E 10 jle short 004AB50C
004AB4FC > 3C 61 cmp al, 61
004AB4FE . 7C 04 jl short 004AB504
004AB500 . 3C 7A cmp al, 7A
004AB502 . 7E 08 jle short 004AB50C
004AB504 > 3C 41 cmp al, 41
004AB506 . 7C 38 jl short 004AB540
004AB508 . 3C 5A cmp al, 5A
004AB50A . 7F 34 jg short 004AB540
004AB50C > 41 inc ecx
004AB50D . 3BCA cmp ecx, edx
004AB50F .^ 7C DF jl short 004AB4F0
004AB511 > 6A 00 push 0
004AB513 . 6A 00 push 0
004AB515 . 6A 00 push 0
004AB517 . 42 inc edx
004AB518 . 52 push edx
004AB519 . 8D4C24 14 lea ecx, dword ptr [esp+14]
004AB51D . 51 push ecx
004AB51E . 68 07100000 push 1007
004AB523 . E8 E84D0100 call 004C0310
004AB528 > 8B4C24 3C mov ecx, dword ptr [esp+3C]
004AB52C . 83C4 18 add esp, 18
004AB52F . B8 01000000 mov eax, 1
004AB534 . 5E pop esi
004AB535 . E8 FF1C1700 call 0061D239
004AB53A . 83C4 24 add esp, 24
004AB53D . C2 0800 retn 8
004AB540 > 3BCA cmp ecx, edx
004AB542 .^ 7D CD jge short 004AB511
004AB544 . 6A 00 push 0
004AB546 . 6A 08 push 8
004AB548 . 6A 00 push 0
004AB54A . 56 push esi
004AB54B . 68 01020000 push 201
004AB550 . 68 0CCF6500 push 0065CF0C
004AB555 . E8 2637FBFF call 0045EC80
004AB55A .^ EB CC jmp short 004AB528
004AB55C CC int3
004AB55D CC int3
004AB55E CC int3
004AB55F CC int3
004AB560 /$ 56 push esi
004AB561 |. 8BF1 mov esi, ecx
004AB563 |. E8 48EA1000 call 005B9FB0
004AB568 |. 8B06 mov eax, dword ptr [esi]
004AB56A |. 6A 01 push 1
004AB56C |. 6A 01 push 1
004AB56E |. 8BCE mov ecx, esi
004AB570 |. FF50 1C call dword ptr [eax+1C]
004AB573 |. 8B8E 08030000 mov ecx, dword ptr [esi+308]
004AB579 |. 8B11 mov edx, dword ptr [ecx]
004AB57B |. 6A 01 push 1
004AB57D |. FF52 78 call dword ptr [edx+78]
004AB580 |. E8 7B70FFFF call 004A2600
004AB585 |. C780 4C030000>mov dword ptr [eax+34C], 0
004AB58F |. 5E pop esi
004AB590 \. C3 retn
004AB591 CC int3
004AB592 CC int3
004AB593 CC int3
004AB594 CC int3
004AB595 CC int3
004AB596 CC int3
004AB597 CC int3
004AB598 CC int3
004AB599 CC int3
004AB59A CC int3
004AB59B CC int3
004AB59C CC int3
004AB59D CC int3
004AB59E CC int3
004AB59F CC int3
004AB5A0 . 8B0D 106C6A00 mov ecx, dword ptr [6A6C10]
004AB5A6 . 6A 01 push 1
004AB5A8 . E8 E3C60600 call 00517C90
004AB5AD . C3 retn
004AB5AE CC int3
004AB5AF CC int3
004AB5B0 . 53 push ebx
004AB5B1 . 56 push esi
004AB5B2 . 57 push edi
004AB5B3 . 83EC 10 sub esp, 10
004AB5B6 . 8BFC mov edi, esp
004AB5B8 . B8 30B44A00 mov eax, 004AB430
004AB5BD . 8907 mov dword ptr [edi], eax
004AB5BF . 33C9 xor ecx, ecx
004AB5C1 . 894F 04 mov dword ptr [edi+4], ecx
004AB5C4 . 33D2 xor edx, edx
004AB5C6 . 33F6 xor esi, esi
004AB5C8 . 8957 08 mov dword ptr [edi+8], edx
004AB5CB . 8977 0C mov dword ptr [edi+C], esi
004AB5CE . 8B7424 20 mov esi, dword ptr [esp+20] /这里应该是输入后确认的模块
004AB5D2 . 68 EC3A6400 push 00643AEC ; ASCII "OnClose"
004AB5D7 . 8BCE mov ecx, esi
004AB5D9 . E8 62A31100 call 005C5940
004AB5DE . 83EC 10 sub esp, 10
004AB5E1 . 8BDC mov ebx, esp
004AB5E3 . B8 50B44A00 mov eax, 004AB450
004AB5E8 . 8903 mov dword ptr [ebx], eax
004AB5EA . 33C9 xor ecx, ecx
004AB5EC . 894B 04 mov dword ptr [ebx+4], ecx
004AB5EF . 33D2 xor edx, edx
004AB5F1 . 8953 08 mov dword ptr [ebx+8], edx
004AB5F4 . 33FF xor edi, edi
004AB5F6 . 68 BC776400 push 006477BC ; ASCII "OnOk"
004AB5FB . 8BCE mov ecx, esi
004AB5FD . 897B 0C mov dword ptr [ebx+C], edi
004AB600 . E8 3BA31100 call 005C5940
004AB605 . 83EC 10 sub esp, 10
004AB608 . 8BDC mov ebx, esp
004AB60A . B8 10B44A00 mov eax, 004AB410
004AB60F . 8903 mov dword ptr [ebx], eax
004AB611 . 33C9 xor ecx, ecx
004AB613 . 894B 04 mov dword ptr [ebx+4], ecx
004AB616 . 33D2 xor edx, edx
004AB618 . 8953 08 mov dword ptr [ebx+8], edx
004AB61B . 68 F4B66500 push 0065B6F4 ; ASCII "OnExit"
004AB620 . 8BCE mov ecx, esi
004AB622 . 897B 0C mov dword ptr [ebx+C], edi
004AB625 . E8 16A31100 call 005C5940
004AB62A . 5F pop edi
004AB62B . 5E pop esi
004AB62C . 5B pop ebx
004AB62D . C2 0400 retn 4
004AB630 . 56 push esi
004AB631 . 8BF1 mov esi, ecx
004AB633 . E8 A8FDFFFF call 004AB3E0
004AB638 . F64424 08 01 test byte ptr [esp+8], 1
004AB63D . 74 39 je short 004AB678
004AB63F . 85F6 test esi, esi
004AB641 . 74 35 je short 004AB678
004AB643 . 8B4E FC mov ecx, dword ptr [esi-4]
004AB646 . 81F9 00010000 cmp ecx, 100
004AB64C . 8D46 FC lea eax, dword ptr [esi-4]
004AB64F . 76 0F jbe short 004AB660
004AB651 . 50 push eax
004AB652 . E8 EA1D1700 call 0061D441
004AB657 . 83C4 04 add esp, 4
004AB65A . 8BC6 mov eax, esi
004AB65C . 5E pop esi
004AB65D . C2 0400 retn 4
004AB660 > 83C1 07 add ecx, 7
004AB663 . C1E9 03 shr ecx, 3
004AB666 . 8B148D 646B6A>mov edx, dword ptr [ecx*4+6A6B64]
004AB66D . 8D0C8D 646B6A>lea ecx, dword ptr [ecx*4+6A6B64]
004AB674 . 8910 mov dword ptr [eax], edx
004AB676 . 8901 mov dword ptr [ecx], eax
004AB678 > 8BC6 mov eax, esi
004AB67A . 5E pop esi
004AB67B . C2 0400 retn 4
004AB67E CC int3
004AB67F CC int3
004AB680 /$ 6A FF push -1
004AB682 |. 68 FB7F6300 push 00637FFB ; SE 处理程序安装
004AB687 |. 64:A1 0000000>mov eax, dword ptr fs:[0]
004AB68D |. 50 push eax
004AB68E |. 64:8925 00000>mov dword ptr fs:[0], esp
004AB695 |. 51 push ecx
004AB696 |. A1 748A6A00 mov eax, dword ptr [6A8A74]
004AB69B |. 85C0 test eax, eax
004AB69D |. 75 45 jnz short 004AB6E4
004AB69F |. 68 10030000 push 310
004AB6A4 |. E8 176EF5FF call 004024C0
004AB6A9 |. 8D48 04 lea ecx, dword ptr [eax+4]
004AB6AC |. 83C4 04 add esp, 4
004AB6AF |. C700 10030000 mov dword ptr [eax], 310
004AB6B5 |. 890C24 mov dword ptr [esp], ecx
004AB6B8 |. 85C9 test ecx, ecx
004AB6BA |. C74424 0C 000>mov dword ptr [esp+C], 0
004AB6C2 |. 74 19 je short 004AB6DD
004AB6C4 |. E8 C7FCFFFF call 004AB390
004AB6C9 |. A3 748A6A00 mov dword ptr [6A8A74], eax
004AB6CE |. 8B4C24 04 mov ecx, dword ptr [esp+4]
004AB6D2 |. 64:890D 00000>mov dword ptr fs:[0], ecx
004AB6D9 |. 83C4 10 add esp, 10
004AB6DC |. C3 retn
004AB6DD |> 33C0 xor eax, eax
004AB6DF |. A3 748A6A00 mov dword ptr [6A8A74], eax
004AB6E4 |> 8B4C24 04 mov ecx, dword ptr [esp+4]
004AB6E8 |. 64:890D 00000>mov dword ptr fs:[0], ecx
004AB6EF |. 83C4 10 add esp, 10
004AB6F2 \. C3 retn
004AB6F3 CC int3
004AB6F4 CC int3
004AB6F5 CC int3
004AB6F6 CC int3
004AB6F7 CC int3
004AB6F8 CC int3
004AB6F9 CC int3
004AB6FA CC int3
004AB6FB CC int3
004AB6FC CC int3
004AB6FD CC int3
004AB6FE CC int3
004AB6FF CC int3
004AB700 . 57 push edi
004AB701 . E8 FA6EFFFF call 004A2600
004AB706 . 8BF8 mov edi, eax
004AB708 . 85FF test edi, edi
004AB70A . 74 2C je short 004AB738
004AB70C . 56 push esi
004AB70D . E8 6EFFFFFF call 004AB680
004AB712 . 8BF0 mov esi, eax
004AB714 . 8B06 mov eax, dword ptr [esi]
004AB716 . 6A 01 push 1
004AB718 . 6A 00 push 0
004AB71A . 8BCE mov ecx, esi
004AB71C . FF50 1C call dword ptr [eax+1C]
004AB71F . 8B16 mov edx, dword ptr [esi]
004AB721 . 8BCE mov ecx, esi
004AB723 . FF52 38 call dword ptr [edx+38]
004AB726 . 6A 01 push 1
004AB728 . 8BCF mov ecx, edi
004AB72A . E8 F163FFFF call 004A1B20
004AB72F . 5E pop esi
004AB730 . 8BCF mov ecx, edi
004AB732 . 5F pop edi
004AB733 .^ E9 4863FFFF jmp 004A1A80
004AB738 > 5F pop edi
004AB739 . C3 retn
004AB73A CC int3
004AB73B CC int3
004AB73C CC int3
004AB73D CC int3
004AB73E CC int3
004AB73F CC int3
004AB740 /$ 8B4424 04 mov eax, dword ptr [esp+4] /验证模块(私以为)
004AB744 |. 83F8 01 cmp eax, 1 ; Switch (cases 1..4)
004AB747 |. 56 push esi
004AB748 |. 8BF1 mov esi, ecx
004AB74A |. 75 1D jnz short 004AB769
004AB74C |. 6A 00 push 0 ; Case 1 of switch 004AB744
004AB74E |. 6A 08 push 8
004AB750 |. 6A 00 push 0
004AB752 |. 56 push esi
004AB753 |. 68 01020000 push 201
004AB758 |. 68 90CF6500 push 0065CF90
004AB75D |. E8 1E35FBFF call 0045EC80
004AB762 |. 83C4 18 add esp, 18
004AB765 |. 5E pop esi
004AB766 |. C2 0400 retn 4
004AB769 |> 83F8 02 cmp eax, 2
004AB76C |. 75 33 jnz short 004AB7A1
004AB76E |. 57 push edi ; Case 2 of switch 004AB744
004AB76F |. E8 8C6EFFFF call 004A2600
004AB774 |. 8BF8 mov edi, eax
004AB776 |. 85FF test edi, edi
004AB778 |. 74 22 je short 004AB79C
004AB77A |. 8B06 mov eax, dword ptr [esi]
004AB77C |. 6A 01 push 1
004AB77E |. 6A 00 push 0
004AB780 |. 8BCE mov ecx, esi
004AB782 |. FF50 1C call dword ptr [eax+1C]
004AB785 |. 8B16 mov edx, dword ptr [esi]
004AB787 |. 8BCE mov ecx, esi
004AB789 |. FF52 38 call dword ptr [edx+38]
004AB78C |. 6A 01 push 1
004AB78E |. 8BCF mov ecx, edi
004AB790 |. E8 8B63FFFF call 004A1B20
004AB795 |. 8BCF mov ecx, edi
004AB797 |. E8 E462FFFF call 004A1A80
004AB79C |> 5F pop edi
004AB79D |. 5E pop esi
004AB79E |. C2 0400 retn 4
004AB7A1 |> 83F8 04 cmp eax, 4
004AB7A4 |. 6A 00 push 0
004AB7A6 |. 6A 08 push 8
004AB7A8 |. 68 01010000 push 101
004AB7AD |. 75 17 jnz short 004AB7C6
004AB7AF |. 50 push eax ; Case 4 of switch 004AB744
004AB7B0 |. 68 00B74A00 push 004AB700
004AB7B5 |. 68 7CCF6500 push 0065CF7C
004AB7BA |. E8 8135FBFF call 0045ED40
004AB7BF |. 83C4 18 add esp, 18
004AB7C2 |. 5E pop esi
004AB7C3 |. C2 0400 retn 4
004AB7C6 |> 50 push eax ; Default case of switch 004AB744
004AB7C7 |. 68 A0B54A00 push 004AB5A0
004AB7CC |. 68 50CF6500 push 0065CF50
004AB7D1 |. E8 6A35FBFF call 0045ED40
004AB7D6 |. 83C4 18 add esp, 18
004AB7D9 |. 5E pop esi
004AB7DA \. C2 0400 retn 4
004AB7DD CC int3
004AB7DE CC int3
004AB7DF CC int3
激活码无效处 改为JE
出现/你输入的激活码错误次数太多,将退出系统。这个错误。
我自己研究1年了,实话!
实在是没办法了,水平太菜,拜托大家给看看吧,谢谢。
前面发个OD调试求教的 也没人搭理
因为我现在只限于静态调试 想尝试下动态调试寻找新出路
http://bbs.pediy.com/showthread.php?t=92029
----------------------------------------------------------------
对您来说,也许太简单不过,不值得一提
但是您的意见与建议却对我意义重大,期待您的回复,谢谢
版主大人不用帮我移动了,新手论坛里已经发了,看都没人看的。
[课程]Linux pwn 探索篇!
