能力值:
( LV2,RANK:10 )
|
-
-
3 楼
发一段我脱壳后用OD打开复制的代码
00449812 55 push ebp
00449813 33DB xor ebx, ebx
00449815 56 push esi
00449816 8BF1 mov esi, ecx
00449818 8B56 04 mov edx, dword ptr [esi+4]
0044981B 57 push edi
0044981C 33C0 xor eax, eax
0044981E B9 13000000 mov ecx, 13
00449823 8D7C24 70 lea edi, dword ptr [esp+70]
00449827 895C24 54 mov dword ptr [esp+54], ebx
0044982B 895C24 64 mov dword ptr [esp+64], ebx
0044982F 895C24 68 mov dword ptr [esp+68], ebx
00449833 895C24 6C mov dword ptr [esp+6C], ebx
00449837 F3:AB rep stos dword ptr es:[edi]
00449839 8D8424 C0010000 lea eax, dword ptr [esp+1C0]
00449840 898424 8C000000 mov dword ptr [esp+8C], eax
00449847 A1 70224A00 mov eax, dword ptr [4A2270]
0044984C 8D8C24 C0000000 lea ecx, dword ptr [esp+C0]
00449853 889C24 C0010000 mov byte ptr [esp+1C0], bl
0044985A 889C24 C0000000 mov byte ptr [esp+C0], bl
00449861 C78424 BC000000>mov dword ptr [esp+BC], 1
0044986C C74424 70 4C000>mov dword ptr [esp+70], 4C
00449874 C78424 90000000>mov dword ptr [esp+90], 104
0044987F C78424 AC000000>mov dword ptr [esp+AC], 00460830 ; *.sec
0044988A 898C24 94000000 mov dword ptr [esp+94], ecx
00449891 C78424 98000000>mov dword ptr [esp+98], 100
0044989C C78424 A4000000>mov dword ptr [esp+A4], 880820
004498A7 C74424 7C 38084>mov dword ptr [esp+7C], 00460838 ; 脚本文件(*.sec)
004498AF 894424 78 mov dword ptr [esp+78], eax
004498B3 C78424 B4000000>mov dword ptr [esp+B4], 0040E780
004498BE 895424 74 mov dword ptr [esp+74], edx
004498C2 C74424 50 1CDF4>mov dword ptr [esp+50], 0045DF1C
004498CA 8B3D ECC34500 mov edi, dword ptr [<&user32.GetActi>; USER32.GetActiveWindow
004498D0 899C24 D4020000 mov dword ptr [esp+2D4], ebx
004498D7 C78424 A0000000>mov dword ptr [esp+A0], 004608CC ; 打开脚本文件
004498E2 FFD7 call edi
004498E4 50 push eax
004498E5 8D4C24 54 lea ecx, dword ptr [esp+54]
004498E9 E8 82F4FCFF call 00418D70
004498EE 83F8 01 cmp eax, 1
004498F1 0F85 BE020000 jnz 00449BB5
004498F7 68 B0084600 push 004608B0 ; 请输入用于打开脚本的密码
004498FC 8D4C24 2C lea ecx, dword ptr [esp+2C]
00449900 E8 0BDCFFFF call 00447510
00449905 C68424 D4020000>mov byte ptr [esp+2D4], 1
0044990D FFD7 call edi
0044990F 8D4C24 28 lea ecx, dword ptr [esp+28]
00449913 51 push ecx
00449914 8D5424 34 lea edx, dword ptr [esp+34]
00449918 52 push edx
00449919 68 10254900 push 00492510
0044991E 8BF8 mov edi, eax
00449920 E8 3B4CFCFF call 0040E560
00449925 A1 70224A00 mov eax, dword ptr [4A2270]
0044992A 53 push ebx
0044992B 68 80E74000 push 0040E780
00449930 57 push edi
00449931 6A 68 push 68
00449933 50 push eax
00449934 FF15 E8C34500 call dword ptr [<&user32.DialogBoxPar>; USER32.DialogBoxParamA
0044993A 83F8 01 cmp eax, 1
0044993D 0F85 62020000 jnz 00449BA5
00449943 8B4C24 4C mov ecx, dword ptr [esp+4C]
00449947 68 4CC54500 push 0045C54C
0044994C 51 push ecx
0044994D E8 F0380000 call 0044D242
00449952 83C4 08 add esp, 8
00449955 85C0 test eax, eax
00449957 0F84 48020000 je 00449BA5
0044995D 8D9424 C0010000 lea edx, dword ptr [esp+1C0]
00449964 52 push edx
00449965 8D4C24 14 lea ecx, dword ptr [esp+14]
00449969 E8 A2DCFBFF call 00407610
0044996E A1 B0224A00 mov eax, dword ptr [4A22B0]
00449973 B9 B0224A00 mov ecx, 004A22B0
00449978 C68424 D4020000>mov byte ptr [esp+2D4], 2
00449980 FF50 0C call dword ptr [eax+C]
00449983 8D78 10 lea edi, dword ptr [eax+10]
00449986 897C24 14 mov dword ptr [esp+14], edi
0044998A 895C24 18 mov dword ptr [esp+18], ebx
0044998E 895C24 1C mov dword ptr [esp+1C], ebx
00449992 895C24 20 mov dword ptr [esp+20], ebx
00449996 895C24 24 mov dword ptr [esp+24], ebx
0044999A 8B5424 4C mov edx, dword ptr [esp+4C]
0044999E 8B4424 10 mov eax, dword ptr [esp+10]
004499A2 8D4C24 18 lea ecx, dword ptr [esp+18]
004499A6 51 push ecx
004499A7 52 push edx
004499A8 50 push eax
004499A9 8BCE mov ecx, esi
004499AB C68424 E0020000>mov byte ptr [esp+2E0], 4
004499B3 E8 18FCFFFF call 004495D0
004499B8 3BC3 cmp eax, ebx
004499BA 75 7B jnz short 00449A37
004499BC 8B4E 04 mov ecx, dword ptr [esi+4]
004499BF 53 push ebx
004499C0 68 A4E14500 push 0045E1A4 ; 脚本错误
004499C5 68 98084600 push 00460898 ; 你打开的不是.sec脚本
004499CA 51 push ecx
004499CB FF15 80C34500 call dword ptr [<&user32.MessageBoxA>>; USER32.MessageBoxA
004499D1 8D4C24 18 lea ecx, dword ptr [esp+18]
004499D5 E8 06DCFBFF call 004075E0
004499DA 8D47 F0 lea eax, dword ptr [edi-10]
004499DD C68424 D4020000>mov byte ptr [esp+2D4], 2
004499E5 8D50 0C lea edx, dword ptr [eax+C]
004499E8 83C9 FF or ecx, FFFFFFFF
004499EB F0:0FC10A lock xadd dword ptr [edx], ecx
004499EF 49 dec ecx
004499F0 85C9 test ecx, ecx
004499F2 7F 08 jg short 004499FC
004499F4 8B08 mov ecx, dword ptr [eax]
004499F6 8B11 mov edx, dword ptr [ecx]
004499F8 50 push eax
004499F9 FF52 04 call dword ptr [edx+4]
004499FC 8B4424 10 mov eax, dword ptr [esp+10]
00449A00 83C0 F0 add eax, -10
00449A03 C68424 D4020000>mov byte ptr [esp+2D4], 1
00449A0B 8D48 0C lea ecx, dword ptr [eax+C]
00449A0E 83CA FF or edx, FFFFFFFF
00449A11 F0:0FC111 lock xadd dword ptr [ecx], edx
00449A15 4A dec edx
00449A16 85D2 test edx, edx
00449A18 7F 08 jg short 00449A22
00449A1A 8B08 mov ecx, dword ptr [eax]
00449A1C 8B11 mov edx, dword ptr [ecx]
00449A1E 50 push eax
00449A1F FF52 04 call dword ptr [edx+4]
00449A22 8D4C24 28 lea ecx, dword ptr [esp+28]
00449A26 889C24 D4020000 mov byte ptr [esp+2D4], bl
00449A2D E8 DEF2FCFF call 00418D10
00449A32 E9 8B010000 jmp 00449BC2
00449A37 83F8 03 cmp eax, 3
00449A3A 75 4E jnz short 00449A8A
00449A3C 8B46 04 mov eax, dword ptr [esi+4]
00449A3F 53 push ebx
00449A40 68 8C084600 push 0046088C ; 密码错误
00449A45 68 6C084600 push 0046086C ; 密码错误,你无权打开这个脚本
00449A4A 50 push eax
00449A4B FF15 80C34500 call dword ptr [<&user32.MessageBoxA>>; USER32.MessageBoxA
00449A51 8D4C24 18 lea ecx, dword ptr [esp+18]
00449A55 E8 86DBFBFF call 004075E0
00449A5A 8D4C24 14 lea ecx, dword ptr [esp+14]
00449A5E E8 0D92FBFF call 00402C70
00449A63 8D4C24 10 lea ecx, dword ptr [esp+10]
00449A67 E8 0492FBFF call 00402C70
00449A6C 8D4C24 28 lea ecx, dword ptr [esp+28]
00449A70 889C24 D4020000 mov byte ptr [esp+2D4], bl
00449A77 E8 94F2FCFF call 00418D10
00449A7C 8D4C24 50 lea ecx, dword ptr [esp+50]
00449A80 E8 7BE9FDFF call 00428400
00449A85 E9 4F010000 jmp 00449BD9
00449A8A 8D8C24 C0010000 lea ecx, dword ptr [esp+1C0]
00449A91 51 push ecx
00449A92 8D4C24 18 lea ecx, dword ptr [esp+18]
00449A96 E8 C594FBFF call 00402F60
00449A9B 8B5424 14 mov edx, dword ptr [esp+14]
00449A9F 8B46 04 mov eax, dword ptr [esi+4]
00449AA2 52 push edx
00449AA3 68 BD040000 push 4BD
00449AA8 50 push eax
00449AA9 FF15 7CC34500 call dword ptr [<&user32.SetDlgItemTe>; USER32.SetDlgItemTextA
00449AAF 8B8E 5C010000 mov ecx, dword ptr [esi+15C]
00449AB5 68 4CC54500 push 0045C54C
00449ABA 51 push ecx
00449ABB FF15 B8C34500 call dword ptr [<&user32.SetWindowTex>; USER32.SetWindowTextA
00449AC1 8B96 5C010000 mov edx, dword ptr [esi+15C]
00449AC7 8B2D 38C34500 mov ebp, dword ptr [<&user32.SendMes>; USER32.SendMessageA
00449ACD 53 push ebx
00449ACE 53 push ebx
00449ACF 68 B1000000 push 0B1
00449AD4 52 push edx
00449AD5 FFD5 call ebp
00449AD7 8B86 5C010000 mov eax, dword ptr [esi+15C]
00449ADD 53 push ebx
00449ADE 53 push ebx
00449ADF 68 B7000000 push 0B7
00449AE4 50 push eax
00449AE5 FFD5 call ebp
00449AE7 8B4424 1C mov eax, dword ptr [esp+1C]
00449AEB 33FF xor edi, edi
00449AED 3BC3 cmp eax, ebx
00449AEF 76 3F jbe short 00449B30
00449AF1 3BF8 cmp edi, eax
00449AF3 0F83 FA000000 jnb 00449BF3
00449AF9 8B4C24 18 mov ecx, dword ptr [esp+18]
00449AFD 8B14B9 mov edx, dword ptr [ecx+edi*4]
00449B00 52 push edx
00449B01 8D4424 14 lea eax, dword ptr [esp+14]
00449B05 68 64084600 push 00460864 ; %s\n\n
00449B0A 50 push eax
00449B0B E8 C099FCFF call 004134D0
00449B10 8B4C24 1C mov ecx, dword ptr [esp+1C]
00449B14 8B96 5C010000 mov edx, dword ptr [esi+15C]
00449B1A 83C4 0C add esp, 0C
我现在就是不会找密码错误是跳转的地方,还有也不会找正确打开脚本的地方,,
|