Teleport Ultra 1.58 自校检
0041CD78 6A 00 PUSH 00041FDCF EB 36 JMP SHORT ultra.0041FE07
0042EFD8 6A 00 PUSH 0
用OD跟了一下,去掉下载500个的限制,自校检没有去除成功,无法进行汉化 这个东西效验的东西很多,没有仔细分析。。。
随便乱弄了下,解决与否回复再说
就几个跳转
跟对话框断点,然后回跟到
发现几个地方原程序没跳,但是修改过名称的程序跳了
0040D6E4/$B8 8CA44600 mov eax, ultra1.0046A48C
0040D6E9|.E8 DE680200 call ultra1.00433FCC
0040D6EE|.83EC 10 sub esp, 10
0040D6F1|.53 push ebx
0040D6F2|.33DB xor ebx, ebx
0040D6F4|.53 push ebx
0040D6F5|.6A 20 push 20
0040D6F7|.53 push ebx
0040D6F8|.8D4D E4 lea ecx, dword ptr ss:
0040D6FB|.E8 C44AFFFF call ultra1.004021C4
0040D700|.FF35 68704900 push dword ptr ds:
0040D706|.8D4D E4 lea ecx, dword ptr ss:
0040D709|.895D FC mov dword ptr ss:, ebx
0040D70C|.E8 B4000000 call ultra1.0040D7C5
0040D711|.395D 08 cmp dword ptr ss:, ebx
0040D714|.74 2E je short ultra1.0040D744
0040D716|.FF75 08 push dword ptr ss:
0040D719|.FF35 68704900 push dword ptr ds:
0040D71F|.E8 4AF6FFFF call ultra1.0040CD6E
0040D724|.59 pop ecx
0040D725|.50 push eax
0040D726|.E8 D5FA0200 call ultra1.0043D200
0040D72B|.59 pop ecx
0040D72C|.85C0 test eax, eax
0040D72E|.59 pop ecx
0040D72F|.74 13 je short ultra1.0040D744 修改后没跳,直接修改为JMP
0040D731|.53 push ebx
0040D732|.53 push ebx
0040D733|.68 1C794800 push ultra1.0048791C ;ASCII "This program's name has been changed; please rename the program to its original name."
0040D738|.E8 7D5C0400 call ultra1.004533BA
0040D73D|.6A 02 push 2
0040D73F|.E8 73810200 call ultra1.004358B7
0040D744|>A1 B0784800 mov eax, dword ptr ds:
0040D749|.8B4D E4 mov ecx, dword ptr ss:
0040D74C|.56 push esi
0040D74D|.57 push edi
0040D74E|.8B78 04 mov edi, dword ptr ds:
0040D751|.8B45 E8 mov eax, dword ptr ss:
0040D754|.2BC1 sub eax, ecx
0040D756|.3BF8 cmp edi, eax
0040D758|.73 26 jnb short ultra1.0040D780
0040D75A|.2BC7 sub eax, edi
0040D75C|.6A FF push -1
0040D75E|.83E8 08 sub eax, 8
0040D761|.50 push eax
0040D762|.8D440F 08 lea eax, dword ptr ds:
0040D766|.50 push eax
0040D767|.E8 E260FFFF call ultra1.0040384E
0040D76C|.6A FF push -1
0040D76E|.57 push edi
0040D76F|.FF75 E4 push dword ptr ss:
0040D772|.8BF0 mov esi, eax
0040D774|.E8 D560FFFF call ultra1.0040384E
0040D779|.83C4 18 add esp, 18
0040D77C|.03F0 add esi, eax
0040D77E|.EB 02 jmp short ultra1.0040D782
0040D780|>33F6 xor esi, esi
0040D782|>A1 B0784800 mov eax, dword ptr ds:
0040D787|.8935 443C4900 mov dword ptr ds:, esi
0040D78D|.5F pop edi
0040D78E|.3B30 cmp esi, dword ptr ds:
0040D790|.5E pop esi
0040D791|.74 13 je short ultra1.0040D7A6 修改后没跳,直接JMP
0040D793|.53 push ebx
0040D794|.53 push ebx
0040D795|.68 C4784800 push ultra1.004878C4 ;ASCII "This program has been altered, possibly by a virus; program execution will stop now."
0040D79A|.E8 1B5C0400 call ultra1.004533BA
0040D79F|.6A 03 push 3
0040D7A1|.E8 11810200 call ultra1.004358B7
0040D7A6|>834D FC FF or dword ptr ss:, FFFFFFFF
0040D7AA|.395D E4 cmp dword ptr ss:, ebx
0040D7AD|.74 09 je short ultra1.0040D7B8这里没修改的文件没跳,不管他为了安全直接二进制代码给改为74 00 这样跳也只会跳到 0040D7AF
0040D7AF|.FF75 E4 push dword ptr ss:
0040D7B2|.E8 E5E60300 call ultra1.0044BE9C
0040D7B7|.59 pop ecx
0040D7B8|>8B4D F4 mov ecx, dword ptr ss:
0040D7BB|.5B pop ebx
0040D7BC|.64:890D 00000000 mov dword ptr fs:, ecx
0040D7C3|.C9 leave
0040D7C4\.C3 retn
我也是新手,没办法,不知道应该怎么写随便写了下自己看看吧,希望对你有帮助!!!!!!
[ 本帖最后由 neptunesoft 于 2009-2-4 23:17 编辑 ] 发现现在的新手很厉害呀,这样的都能做到
页:
[1]