软件用Flexlm 8.2a保护的,我按照论坛上帖子的方法破解:
按帖子的方法,006B0884 |. 74 23 JE SHORT XXXX.006B08A9这里第一次会跳,再按F9后不跳了,但我始终会跳,EDX内容始终为0,不知道是什么原因,哪位高手帮忙看一下,谢谢!
006B085C /$ 55 PUSH EBP
006B085D |. 8BEC MOV EBP,ESP
006B085F |. 83EC 24 SUB ESP,24
006B0862 |. C745 F4 B8307>MOV DWORD PTR SS:[EBP-C],6F7330B8
006B0869 |. C745 F0 03000>MOV DWORD PTR SS:[EBP-10],3
006B0870 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
006B0873 |. 8B48 6C MOV ECX,DWORD PTR DS:[EAX+6C]
006B0876 |. 8B91 94030000 MOV EDX,DWORD PTR DS:[ECX+394]
006B087C |. 81E2 00800000 AND EDX,8000
006B0882 |. 85D2 TEST EDX,EDX
006B0884 |. 74 23 JE SHORT XXXX.006B08A9
006B0886 |. 833D A0BBA600>CMP DWORD PTR DS:[A6BBA0],0
006B088D |. 74 1A JE SHORT XXXX.006B08A9
006B088F |. 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
006B0892 |. 50 PUSH EAX
006B0893 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
006B0896 |. 51 PUSH ECX
006B0897 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
006B089A |. 52 PUSH EDX
006B089B |. FF15 A0BBA600 CALL DWORD PTR DS:[A6BBA0] ; XXXX.006C531C
006B08A1 |. 83C4 0C ADD ESP,0C
006B08A4 |. E9 13010000 JMP XXXX.006B09BC
006B08A9 |> 6A 04 PUSH 4 ; /Arg4 = 00000004
006B08AB |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24] ; |
006B08AE |. 50 PUSH EAX ; |Arg3
006B08AF |. 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+10] ; |
006B08B2 |. 83C1 0C ADD ECX,0C ; |
006B08B5 |. 51 PUSH ECX ; |Arg2
006B08B6 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C] ; |
006B08B9 |. 52 PUSH EDX ; |Arg1
006B08BA |. E8 14C30200 CALL XXXX.006DCBD3 ; \XXXX.006DCBD3
006B08BF |. 83C4 10 ADD ESP,10
006B08C2 |. C645 EF 00 MOV BYTE PTR SS:[EBP-11],0
006B08C6 |. 8A45 EF MOV AL,BYTE PTR SS:[EBP-11]
006B08C9 |. 8845 EE MOV BYTE PTR SS:[EBP-12],AL
006B08CC |. 8A4D EE MOV CL,BYTE PTR SS:[EBP-12]
006B08CF |. 884D ED MOV BYTE PTR SS:[EBP-13],CL
006B08D2 |. 8A55 ED MOV DL,BYTE PTR SS:[EBP-13]
006B08D5 |. 8855 EC MOV BYTE PTR SS:[EBP-14],DL
006B08D8 |> 8B45 0C /MOV EAX,DWORD PTR SS:[EBP+C]
006B08DB |. 0FBE08 |MOVSX ECX,BYTE PTR DS:[EAX]
[课程]Linux pwn 探索篇!