有一个CRACK ME 不知怎样落手
有一个CRACK ME 不知怎样落手 我找到了它的按钮事件0042C6FC/$55 push ebp ;(initial cpu selection)
0042C6FD|.8BEC mov ebp, esp
0042C6FF|.8B45 20 mov eax, dword ptr
0042C702|.53 push ebx
0042C703|.56 push esi
0042C704|.6A 01 push 1
0042C706|.85C0 test eax, eax
0042C708|.5B pop ebx
0042C709|.74 10 je short 0042C71B ;实现了
0042C70B|.8B4D 08 mov ecx, dword ptr
0042C70E|.8908 mov dword ptr , ecx
0042C710|.8B4D 14 mov ecx, dword ptr
0042C713|.8948 04 mov dword ptr , ecx
0042C716|.E9 E0000000 jmp 0042C7FB
0042C71B|>8B45 1C mov eax, dword ptr 没来急看完~楼主在00401E9A处下个断~call里面的乱七八糟的~返回为1则不弹网页~2则弹~ 怎么感覺像是盜取QQ和TM賬號的東西?
00402408 8B35 08A04300mov esi,dword ptr ds:[<&ADVAPI32.RegCreateKeyEx>; ADVAPI32.RegCreateKeyExA
0040240E 51 push ecx
0040240F 52 push edx
00402410 6A 00 push 0
00402412 68 1F000200 push 2001F
00402417 6A 00 push 0
00402419 6A 00 push 0
0040241B 6A 00 push 0
0040241D 68 88724400 push 注册1.00447288 ; Software\Tencent\QQTM\
00402422 68 02000080 push 80000002
00402427 FFD6 call esi
00402429 8DBC24 A800000>lea edi,dword ptr ss:
00402430 83C9 FF or ecx,FFFFFFFF
00402433 33C0 xor eax,eax
00402435 8B1D 0CA04300mov ebx,dword ptr ds:[<&ADVAPI32.RegSetValueExA>; ADVAPI32.RegSetValueExA
0040243B F2:AE repne scas byte ptr es:
0040243D F7D1 not ecx
0040243F 49 dec ecx
00402440 8D8424 A800000>lea eax,dword ptr ss:
00402447 51 push ecx
00402448 8B4C24 14 mov ecx,dword ptr ss:
0040244C 50 push eax
0040244D 6A 01 push 1
0040244F 6A 00 push 0
00402451 68 80724400 push 注册1.00447280 ; QQpsw-》是代表QQ密碼嗎
00402456 51 push ecx
00402457 FFD3 call ebx
00402459 8B5424 10 mov edx,dword ptr ss:
0040245D 8B2D 00A04300mov ebp,dword ptr ds:[<&ADVAPI32.RegCloseKey>]; ADVAPI32.RegCloseKey
沒事創建注冊表幹嘛?設置鍵值又幹嘛?
[ 本帖最后由 冷血书生 于 2009-3-17 23:34 编辑 ] 004027B0 .6A 00 push 0 ;(initial cpu selection)
004027B2 .68 C0724400 push 注册.004472C0 ;注册
004027B7 .68 AC724400 push 注册.004472AC ;对不起,验证码有误
004027BC .E8 91CB0200 call 注册.0042F352
004027C1 .C3 retn
忽悠~!
回复 5# Luckly 的帖子
这里是没用的么? 感觉有点假 /:L
页:
[1]