PPixPin 这个软件的高级功能不能 能不能搞出来?
PPixPin 当前版本: 1.9.11.8这是一个QT的程序,OCR部分唱主角。。。点击托盘设置,里边有个登录,微信扫下,出现右二的一个【试用】的按钮
让你试用1天
Ctrl+1截图,Ctrl+2 贴图,Shift+Q是识别成表格( 这个功能俺爆破出来了,才会显示二级菜单)爆破是出来了,但是生成的excel文件没有文件头是空的。
选择所有文本Ctrl+A
表格数据打开Excel文件 (后面这三行我自己爆破出来的)
另存为。。。。。。。。。。。
复制Excel文件。。。。。。。
上面的内容是我OCR出来的,方便吧。。。
然后在设置中。。。倒数左侧第 三行 ,【未购买的】过期后隐藏了全局鼠标(右侧有一堆选项此时也看不到了)
它有一个录像功能 【未购买的】给你隐藏一个键盘的小图标(下拉菜单中隐藏记录键盘和记录鼠标)
现在严重的怀疑后两个功能都是本地实现的。。。
它的验证逻辑大概是这样的:
启动时读取一下注册表的guid之类的
LoginData.bin====》好像是读取了 53个字节,我在Process Monitor堆栈里看到的。。(具体多少忘了,反正就那意思吧)
LocalStorage.data 这个文件经测试起次要作用
00007FF6D9009A90 | 48:895C24 18 | mov qword ptr ss:,rbx |
00007FF6D9009A95 | 55 | push rbp |
00007FF6D9009A96 | 56 | push rsi |
00007FF6D9009A97 | 57 | push rdi |
00007FF6D9009A98 | 48:8D6C24 B9 | lea rbp,qword ptr ss: |
00007FF6D9009A9D | 48:81EC B0000000 | sub rsp,B0 |
00007FF6D9009AA4 | 48:8BF9 | mov rdi,rcx |
00007FF6D9009AA7 | 48:8B41 10 | mov rax,qword ptr ds: |
00007FF6D9009AAB | 48:85C0 | test rax,rax |
00007FF6D9009AAE | 0F84 97010000 | je pixpin.7FF6D9009C4B |
00007FF6D9009AB4 | 48:8D50 18 | lea rdx,qword ptr ds: | rax+18:L"Server busy."
00007FF6D9009AB8 | 48:8B71 18 | mov rsi,qword ptr ds: |
00007FF6D9009ABC | 48:8B02 | mov rax,qword ptr ds: |
00007FF6D9009ABF | 8378 04 00 | cmp dword ptr ds:,0 |
00007FF6D9009AC3 | 74 21 | je pixpin.7FF6D9009AE6 =============> 关键跳!!!!
00007FF6D9009AC5 | 48:8B06 | mov rax,qword ptr ds: | :public: static class QStringList __cdecl QJsonWebToken::supportedAlgorithms(void)+7CFA8
00007FF6D9009AC8 | 48:8B98 E8010000 | mov rbx,qword ptr ds: | rax+1E8:"铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪
00007FF6D9009ACF | 48:8D4D 67 | lea rcx,qword ptr ss: |
00007FF6D9009AD3 | FF15 17AAC700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009AD9 | 48:8BD0 | mov rdx,rax |
00007FF6D9009ADC | 48:8BCE | mov rcx,rsi |
00007FF6D9009ADF | FFD3 | call rbx |
00007FF6D9009AE1 | E9 17010000 | jmp pixpin.7FF6D9009BFD |
00007FF6D9009AE6 | BA 04000000 | mov edx,4 |
00007FF6D9009AEB | 48:8D0D 8666C900 | lea rcx,qword ptr ds:| 00007FF6D9CA0178:"xlsx"
00007FF6D9009AF2 | FF15 48AAC700 | call qword ptr ds:[<private: static|
00007FF6D9009AF8 | 48:8945 6F | mov qword ptr ss:,rax | :_malloc_base+36
00007FF6D9009AFC | 4C:8D45 6F | lea r8,qword ptr ss: | :_malloc_base+36
00007FF6D9009B00 | 48:8D55 67 | lea rdx,qword ptr ss: |
00007FF6D9009B04 | 48:8BCE | mov rcx,rsi |
00007FF6D9009B07 | E8 C452FDFF | call <pixpin.sub_7FF6D8FDEDD0> |
00007FF6D9009B0C | 90 | nop |
00007FF6D9009B0D | 48:8D55 67 | lea rdx,qword ptr ss: |
00007FF6D9009B11 | 48:8D4D C7 | lea rcx,qword ptr ss: |
00007FF6D9009B15 | FF15 EDABC700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009B1B | 90 | nop |
00007FF6D9009B1C | BA 02000000 | mov edx,2 |
00007FF6D9009B21 | 48:8D4D C7 | lea rcx,qword ptr ss: |
00007FF6D9009B25 | FF15 35AEC700 | call qword ptr ds:[<public: virtual|
00007FF6D9009B2B | 84C0 | test al,al |
00007FF6D9009B2D | 75 56 | jne pixpin.7FF6D9009B85 |
00007FF6D9009B2F | 45:33C9 | xor r9d,r9d |
00007FF6D9009B32 | 45:33C0 | xor r8d,r8d |
00007FF6D9009B35 | 33D2 | xor edx,edx |
00007FF6D9009B37 | 48:8D4D D7 | lea rcx,qword ptr ss: |
00007FF6D9009B3B | FF15 9FB7C700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009B41 | 48:8D55 6F | lea rdx,qword ptr ss: | :_malloc_base+36
00007FF6D9009B45 | 48:8BC8 | mov rcx,rax |
00007FF6D9009B48 | FF15 8AB7C700 | call qword ptr ds:[<public: class QD |
00007FF6D9009B4E | 90 | nop |
00007FF6D9009B4F | 48:8D15 FA63C900 | lea rdx,qword ptr ds:| 00007FF6D9C9FF50:"Open file failed."
00007FF6D9009B56 | 48:8BC8 | mov rcx,rax |
00007FF6D9009B59 | FF15 09ABC700 | call qword ptr ds:[<public: class QD |
00007FF6D9009B5F | 90 | nop |
00007FF6D9009B60 | 48:8D4D 6F | lea rcx,qword ptr ss: | :_malloc_base+36
00007FF6D9009B64 | FF15 EEAAC700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009B6A | 90 | nop |
00007FF6D9009B6B | 48:8D4D C7 | lea rcx,qword ptr ss: |
00007FF6D9009B6F | FF15 9BABC700 | call qword ptr ds:[<public: virtual|
00007FF6D9009B75 | 90 | nop |
00007FF6D9009B76 | 48:8D4D 67 | lea rcx,qword ptr ss: |
00007FF6D9009B7A | FF15 78A9C700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009B80 | E9 C6000000 | jmp pixpin.7FF6D9009C4B |
00007FF6D9009B85 | 48:8B57 10 | mov rdx,qword ptr ds: |
00007FF6D9009B89 | 48:83C2 20 | add rdx,20 |
00007FF6D9009B8D | 48:8D4D C7 | lea rcx,qword ptr ss: |
00007FF6D9009B91 | FF15 91ADC700 | call qword ptr ds:[<public: __int64|
00007FF6D9009B97 | 48:8D4D C7 | lea rcx,qword ptr ss: |
00007FF6D9009B9B | FF15 87B1C700 | call qword ptr ds:[<public: virtual|
00007FF6D9009BA1 | 48:8B5F 18 | mov rbx,qword ptr ds: |
00007FF6D9009BA5 | 48:8D55 67 | lea rdx,qword ptr ss: |
00007FF6D9009BA9 | 48:8D4D 6F | lea rcx,qword ptr ss: | :_malloc_base+36
00007FF6D9009BAD | FF15 3DA9C700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009BB3 | 4C:8BC3 | mov r8,rbx |
00007FF6D9009BB6 | 48:8BD0 | mov rdx,rax |
00007FF6D9009BB9 | 48:8D4D F7 | lea rcx,qword ptr ss: |
00007FF6D9009BBD | E8 4E230000 | call <pixpin.sub_7FF6D900BF10> | b2
00007FF6D9009BC2 | 90 | nop |
00007FF6D9009BC3 | 48:8D4D F7 | lea rcx,qword ptr ss: |
00007FF6D9009BC7 | FF15 53FEC700 | call qword ptr ds:[<public: virtual|
00007FF6D9009BCD | 83F8 01 | cmp eax,1 |
00007FF6D9009BD0 | 75 0C | jne pixpin.7FF6D9009BDE |
00007FF6D9009BD2 | 8B55 37 | mov edx,dword ptr ss: |
00007FF6D9009BD5 | 48:8BCF | mov rcx,rdi |
00007FF6D9009BD8 | E8 03010000 | call <pixpin.sub_7FF6D9009CE0> |
00007FF6D9009BDD | 90 | nop |
00007FF6D9009BDE | 48:8D4D F7 | lea rcx,qword ptr ss: |
00007FF6D9009BE2 | E8 F9250000 | call <pixpin.sub_7FF6D900C1E0> |
00007FF6D9009BE7 | 90 | nop |
00007FF6D9009BE8 | 48:8D4D C7 | lea rcx,qword ptr ss: |
00007FF6D9009BEC | FF15 1EABC700 | call qword ptr ds:[<public: virtual|
00007FF6D9009BF2 | 90 | nop |
00007FF6D9009BF3 | 48:8D4D 67 | lea rcx,qword ptr ss: |
00007FF6D9009BF7 | FF15 FBA8C700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009BFD | 48:8B4F 10 | mov rcx,qword ptr ds: |
00007FF6D9009C01 | FF15 19ACC700 | call qword ptr ds:[<public: void __c |
00007FF6D9009C07 | 48:C747 10 00000000 | mov qword ptr ds:,0 |
00007FF6D9009C0F | 48:8B7F 18 | mov rdi,qword ptr ds: |
00007FF6D9009C13 | 48:8B07 | mov rax,qword ptr ds: | :public: static class QStringList __cdecl QJsonWebToken::supportedAlgorithms(void)+7DA70
00007FF6D9009C16 | 48:8B98 50020000 | mov rbx,qword ptr ds: | rax+250:"铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪
00007FF6D9009C1D | C74424 20 FFFFFFFF | mov dword ptr ss:,FFFFFFFF |
00007FF6D9009C25 | 45:33C9 | xor r9d,r9d |
00007FF6D9009C28 | 4C:8D05 5165C900 | lea r8,qword ptr ds: | 00007FF6D9CA0180:"Form recognition"
00007FF6D9009C2F | 48:8D55 67 | lea rdx,qword ptr ss: |
00007FF6D9009C33 | 48:8D0D 7692F301 | lea rcx,qword ptr ds:[<&public: stat |
00007FF6D9009C3A | FF15 40ABC700 | call qword ptr ds:[<public: class QS |
00007FF6D9009C40 | 4C:8D45 67 | lea r8,qword ptr ss: |
00007FF6D9009C44 | 33D2 | xor edx,edx |
00007FF6D9009C46 | 48:8BCF | mov rcx,rdi |
00007FF6D9009C49 | FFD3 | call rbx |
00007FF6D9009C4B | 48:8B9C24 E0000000 | mov rbx,qword ptr ss: |
00007FF6D9009C53 | 48:81C4 B0000000 | add rsp,B0 |
00007FF6D9009C5A | 5F | pop rdi |
00007FF6D9009C5B | 5E | pop rsi |
00007FF6D9009C5C | 5D | pop rbp |
00007FF6D9009C5D | C3 | ret |
FOA:00007FF6D9009A90 | 48:895C24 18 | mov qword ptr ss:,rbx |
00007FF6D9009A95 | 55 | push rbp |
00007FF6D9009A96 | 56 | push rsi |
00007FF6D9009A97 | 57 | push rdi |
00007FF6D9009A98 | 48:8D6C24 B9 | lea rbp,qword ptr ss: |
00007FF6D9009A9D | 48:81EC B0000000 | sub rsp,B0 |
00007FF6D9009AA4 | 48:8BF9 | mov rdi,rcx |
00007FF6D9009AA7 | 48:8B41 10 | mov rax,qword ptr ds: |
00007FF6D9009AAB | 48:85C0 | test rax,rax |
00007FF6D9009AAE | 0F84 97010000 | je pixpin.7FF6D9009C4B |
00007FF6D9009AB4 | 48:8D50 18 | lea rdx,qword ptr ds: | rax+18:L"Server busy."
00007FF6D9009AB8 | 48:8B71 18 | mov rsi,qword ptr ds: |
00007FF6D9009ABC | 48:8B02 | mov rax,qword ptr ds: |
00007FF6D9009ABF | 8378 04 00 | cmp dword ptr ds:,0 |
00007FF6D9009AC3 | 74 21 | je pixpin.7FF6D9009AE6 | 关键跳!!!!
00007FF6D9009AC5 | 48:8B06 | mov rax,qword ptr ds: | :public: static class QStringList __cdecl QJsonWebToken::supportedAlgorithms(void)+7CFA8
00007FF6D9009AC8 | 48:8B98 E8010000 | mov rbx,qword ptr ds: | rax+1E8:"铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪
00007FF6D9009ACF | 48:8D4D 67 | lea rcx,qword ptr ss: |
00007FF6D9009AD3 | FF15 17AAC700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009AD9 | 48:8BD0 | mov rdx,rax |
00007FF6D9009ADC | 48:8BCE | mov rcx,rsi |
00007FF6D9009ADF | FFD3 | call rbx |
00007FF6D9009AE1 | E9 17010000 | jmp pixpin.7FF6D9009BFD |
00007FF6D9009AE6 | BA 04000000 | mov edx,4 |
00007FF6D9009AEB | 48:8D0D 8666C900 | lea rcx,qword ptr ds:| 00007FF6D9CA0178:"xlsx"
00007FF6D9009AF2 | FF15 48AAC700 | call qword ptr ds:[<private: static|
00007FF6D9009AF8 | 48:8945 6F | mov qword ptr ss:,rax | :_malloc_base+36
00007FF6D9009AFC | 4C:8D45 6F | lea r8,qword ptr ss: | :_malloc_base+36
00007FF6D9009B00 | 48:8D55 67 | lea rdx,qword ptr ss: |
00007FF6D9009B04 | 48:8BCE | mov rcx,rsi |
00007FF6D9009B07 | E8 C452FDFF | call <pixpin.sub_7FF6D8FDEDD0> |
00007FF6D9009B0C | 90 | nop |
00007FF6D9009B0D | 48:8D55 67 | lea rdx,qword ptr ss: |
00007FF6D9009B11 | 48:8D4D C7 | lea rcx,qword ptr ss: |
00007FF6D9009B15 | FF15 EDABC700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009B1B | 90 | nop |
00007FF6D9009B1C | BA 02000000 | mov edx,2 |
00007FF6D9009B21 | 48:8D4D C7 | lea rcx,qword ptr ss: |
00007FF6D9009B25 | FF15 35AEC700 | call qword ptr ds:[<public: virtual|
00007FF6D9009B2B | 84C0 | test al,al |
00007FF6D9009B2D | 75 56 | jne pixpin.7FF6D9009B85 |
00007FF6D9009B2F | 45:33C9 | xor r9d,r9d |
00007FF6D9009B32 | 45:33C0 | xor r8d,r8d |
00007FF6D9009B35 | 33D2 | xor edx,edx |
00007FF6D9009B37 | 48:8D4D D7 | lea rcx,qword ptr ss: |
00007FF6D9009B3B | FF15 9FB7C700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009B41 | 48:8D55 6F | lea rdx,qword ptr ss: | :_malloc_base+36
00007FF6D9009B45 | 48:8BC8 | mov rcx,rax |
00007FF6D9009B48 | FF15 8AB7C700 | call qword ptr ds:[<public: class QD |
00007FF6D9009B4E | 90 | nop |
00007FF6D9009B4F | 48:8D15 FA63C900 | lea rdx,qword ptr ds:| 00007FF6D9C9FF50:"Open file failed."
00007FF6D9009B56 | 48:8BC8 | mov rcx,rax |
00007FF6D9009B59 | FF15 09ABC700 | call qword ptr ds:[<public: class QD |
00007FF6D9009B5F | 90 | nop |
00007FF6D9009B60 | 48:8D4D 6F | lea rcx,qword ptr ss: | :_malloc_base+36
00007FF6D9009B64 | FF15 EEAAC700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009B6A | 90 | nop |
00007FF6D9009B6B | 48:8D4D C7 | lea rcx,qword ptr ss: |
00007FF6D9009B6F | FF15 9BABC700 | call qword ptr ds:[<public: virtual|
00007FF6D9009B75 | 90 | nop |
00007FF6D9009B76 | 48:8D4D 67 | lea rcx,qword ptr ss: |
00007FF6D9009B7A | FF15 78A9C700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009B80 | E9 C6000000 | jmp pixpin.7FF6D9009C4B |
00007FF6D9009B85 | 48:8B57 10 | mov rdx,qword ptr ds: |
00007FF6D9009B89 | 48:83C2 20 | add rdx,20 |
00007FF6D9009B8D | 48:8D4D C7 | lea rcx,qword ptr ss: |
00007FF6D9009B91 | FF15 91ADC700 | call qword ptr ds:[<public: __int64|
00007FF6D9009B97 | 48:8D4D C7 | lea rcx,qword ptr ss: |
00007FF6D9009B9B | FF15 87B1C700 | call qword ptr ds:[<public: virtual|
00007FF6D9009BA1 | 48:8B5F 18 | mov rbx,qword ptr ds: |
00007FF6D9009BA5 | 48:8D55 67 | lea rdx,qword ptr ss: |
00007FF6D9009BA9 | 48:8D4D 6F | lea rcx,qword ptr ss: | :_malloc_base+36
00007FF6D9009BAD | FF15 3DA9C700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009BB3 | 4C:8BC3 | mov r8,rbx |
00007FF6D9009BB6 | 48:8BD0 | mov rdx,rax |
00007FF6D9009BB9 | 48:8D4D F7 | lea rcx,qword ptr ss: |
00007FF6D9009BBD | E8 4E230000 | call <pixpin.sub_7FF6D900BF10> | b2
00007FF6D9009BC2 | 90 | nop |
00007FF6D9009BC3 | 48:8D4D F7 | lea rcx,qword ptr ss: |
00007FF6D9009BC7 | FF15 53FEC700 | call qword ptr ds:[<public: virtual|
00007FF6D9009BCD | 83F8 01 | cmp eax,1 |
00007FF6D9009BD0 | 75 0C | jne pixpin.7FF6D9009BDE |
00007FF6D9009BD2 | 8B55 37 | mov edx,dword ptr ss: |
00007FF6D9009BD5 | 48:8BCF | mov rcx,rdi |
00007FF6D9009BD8 | E8 03010000 | call <pixpin.sub_7FF6D9009CE0> |
00007FF6D9009BDD | 90 | nop |
00007FF6D9009BDE | 48:8D4D F7 | lea rcx,qword ptr ss: |
00007FF6D9009BE2 | E8 F9250000 | call <pixpin.sub_7FF6D900C1E0> |
00007FF6D9009BE7 | 90 | nop |
00007FF6D9009BE8 | 48:8D4D C7 | lea rcx,qword ptr ss: |
00007FF6D9009BEC | FF15 1EABC700 | call qword ptr ds:[<public: virtual|
00007FF6D9009BF2 | 90 | nop |
00007FF6D9009BF3 | 48:8D4D 67 | lea rcx,qword ptr ss: |
00007FF6D9009BF7 | FF15 FBA8C700 | call qword ptr ds:[<public: __cdecl|
00007FF6D9009BFD | 48:8B4F 10 | mov rcx,qword ptr ds: |
00007FF6D9009C01 | FF15 19ACC700 | call qword ptr ds:[<public: void __c |
00007FF6D9009C07 | 48:C747 10 00000000 | mov qword ptr ds:,0 |
00007FF6D9009C0F | 48:8B7F 18 | mov rdi,qword ptr ds: |
00007FF6D9009C13 | 48:8B07 | mov rax,qword ptr ds: | :public: static class QStringList __cdecl QJsonWebToken::supportedAlgorithms(void)+7DA70
00007FF6D9009C16 | 48:8B98 50020000 | mov rbx,qword ptr ds: | rax+250:"铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪铪
00007FF6D9009C1D | C74424 20 FFFFFFFF | mov dword ptr ss:,FFFFFFFF |
00007FF6D9009C25 | 45:33C9 | xor r9d,r9d |
00007FF6D9009C28 | 4C:8D05 5165C900 | lea r8,qword ptr ds: | 00007FF6D9CA0180:"Form recognition"
00007FF6D9009C2F | 48:8D55 67 | lea rdx,qword ptr ss: |
00007FF6D9009C33 | 48:8D0D 7692F301 | lea rcx,qword ptr ds:[<&public: stat |
00007FF6D9009C3A | FF15 40ABC700 | call qword ptr ds:[<public: class QS |
00007FF6D9009C40 | 4C:8D45 67 | lea r8,qword ptr ss: |
00007FF6D9009C44 | 33D2 | xor edx,edx |
00007FF6D9009C46 | 48:8BCF | mov rcx,rdi |
00007FF6D9009C49 | FFD3 | call rbx |
00007FF6D9009C4B | 48:8B9C24 E0000000 | mov rbx,qword ptr ss: |
00007FF6D9009C53 | 48:81C4 B0000000 | add rsp,B0 |
00007FF6D9009C5A | 5F | pop rdi |
00007FF6D9009C5B | 5E | pop rsi |
00007FF6D9009C5C | 5D | pop rbp |
00007FF6D9009C5D | C3 | ret |
FOA:98EC3
破解二级表格菜单
00007FF6379D28A3 | E8 E869BE00 | call 表格数据二级菜单终于爆破出来了.7FF6385B9290 | 这里边没法改!
00007FF6379D28A8 | 84C0 | test al,al |
00007FF6379D28AA | 74 0F | je 表格数据二级菜单终于爆破出来了.7FF6379D28BB | ===>(1)必须NOP
FOA:91CAA(表格二级菜单的爆破。。。。。。。。。。。。。。。。)
00007FF6379D28AC | 48:8BD5 | mov rdx,rbp |
00007FF6379D28AF | 48:8B8E E8040000 | mov rcx,qword ptr ds: |
00007FF6379D28B6 | E8 256B0000 | call 表格数据二级菜单终于爆破出来了.7FF6379D93E0 | 这里是保存excel文件和显示菜单吧。
===========================
00007FF6379D2F03 | FF15 E751C800 | call qword ptr ds:[<public: void __cdecl QWidget::insertAction(class |
00007FF6379D2F09 | 48:83BF E0040000 00 | cmp qword ptr ds:,0 |
00007FF6379D2F11 | 0F85 A3020000 | jne 表格数据二级菜单终于爆破出来了.7FF6379D31BA | ===>这里JMP或反转掉 必须修改(2)
00007FF6379D2F17 | 48:83BF F0040000 00 | cmp qword ptr ds:,0 |
00007FF6379D2F1F | 0F84 8D020000 | je 表格数据二级菜单终于爆破出来了.7FF6379D31B2 |
00007FF6379D2F25 | 48:8B87 00050000 | mov rax,qword ptr ds: |
00007FF6379D2F2C | 8378 14 00 | cmp dword ptr ds:,0 |
00007FF6379D2F30 | 0F85 21010000 | jne 表格数据二级菜单终于爆破出来了.7FF6379D3057 |
=============================
00007FF6379D944E | 48:8D0D 5B9AF301 | lea rcx,qword ptr ds:[<&public: static struct QMetaObject const QObject::staticMetaObject>] |
00007FF6379D9455 | 84C0 | test al,al |
00007FF6379D9457 | 0F85 E1000000 | jne 表格数据二级菜单终于爆破出来了.7FF6379D953E | (3)JMP掉 也是必须修改的
00007FF6379D945D | 4C:8D05 1C6DC900 | lea r8,qword ptr ds: | 00007FF638670180:"Form recognition"
00007FF6379D9464 | FF15 16B3C700 | call qword ptr ds:[<public: class QString __cdecl QMetaObject::tr(char const *, char const *, int) cons |
00007FF6379D946A | 90 | nop |
00007FF6379D946B | 48:8D55 67 | lea rdx,qword ptr ss: |
00007FF6379D946F | 48:8BCE | mov rcx,rsi |
00007FF6379D9472 | FF15 A0FDC700 | call qword ptr ds:[<public: class QAction * __cdecl QMenu::addAction(class QString const &)>] ==========================================================================
============================================================================
=============================================================================
00007FF6C94CBD15 | 48:8D0D 7C45C900 | lea rcx,qword ptr ds: | 00007FF6CA160298:"/ocr/table"
FOA:9B115
00007FF6C94CBD1C | FF15 1E88C700 | call qword ptr ds:[<private: static str |
00007FF6C94CBD22 | 48:894424 28 | mov qword ptr ss:,rax | :public: static class QStringList __cdecl QJsonWebToken::supportedAlgorithms(void)+13208A0
00007FF6C94CBD27 | 4C:8BCB | mov r9,rbx |
00007FF6C94CBD2A | 4C:8D4424 28 | lea r8,qword ptr ss: | :public: static class QStringList __cdecl QJsonWebToken::supportedAlgorithms(void)+13208A0====>这个在Qt5Network.dll中
PixKeyMouse.dll2025/2/1 23:302025/2/16 8:45应用程序扩展31KB
PixMovie.dll 2025/2/1 23:302025/2/16 8:45应用程序扩展3,217 KB
这俩里边有与键盘鼠标相关的。。。
哪位老大继续分析吧。。。
转表格功能基于服务器接口实现的,本地破不出来的{:4_274:}
反正 这个 LoginData.bin读取到的返回状态必须为真。。你的vip配置就加载了。。。
对QT程序了解有限,搞了几天就成功了这些。 赞一个,这样的帖子应该多一些,菜鸟们可以跟着学点东西 能搞定表格少个表头非常值得我学习半天的 我在论坛感受喜悦 本帖最后由 doglove 于 2025-3-5 08:17 编辑
[*]我是看不懂,行业不同。 好帖子,52pojie有个帖子你搜索一下,也可以参考一下。期待你的作品。
论坛需要这种好帖子
软件刚开始时免费用的,后来渐渐的就开始做成收费的了。 doglove 发表于 2025-3-5 07:39
[*]我是看不懂,行业不同。 好帖子,52pojie有个帖子你搜索一下,也可以参考一下。期待你的作品。
在哪了,不会是我发的那个吧?