看银牌会员做算法机真的很棒..给新手做个分析吧
https://www.chinapyg.com/viewthread.php?tid=55611&extra=page%3D1软件自己大家下载吧,下面是分析代码:
00556E4D .E8 3656F8FF call PicAlbum.004DC488 ;关键
call
00556E52 .8B95 3CFEFF>mov edx,dword ptr ss:
00556E58 A1 CC1D5700 mov eax,dword ptr ds:
00556E5D .E8 26E2EAFF call PicAlbum.00405088
00556E62 .A1 CC1D5700 mov eax,dword ptr ds:
00556E67 .8B00 mov eax,dword ptr ds:
00556E69 .BA F4825500 mov edx,PicAlbum.005582F4 ;ASCII
"OK"
00556E6E .E8 BDE5EAFF call PicAlbum.00405430
00556E73 0F84 410100>je PicAlbum.00556FBA
004DC4EF /74 1F je short PicAlbum.004DC510 ;这里要
跳
004DC694 |.83F8 13 cmp eax,13
004DC697 0F85 F50000>jnz PicAlbum.004DC792 ;这里不
可以跳
004DC756 |.8B45 F0 mov eax,dword ptr ss: ;出注册
码
004DC759 |.8B55 F4 mov edx,dword ptr ss: ;eax出
注册码
Stack ss:=013E890C, (ASCII "HSJO-6EKG-SQU8-0IQO")
eax=00000001
00562A56 /EB 2B jmp short crack.00562A83 ;这里跳
00562A58 |. |B8 04000000 mov eax,4
00562A5D |. |E8 C6C7F7FF call crack.004DF228
00562A62 |. |6A 07 push 7
00562A64 |. |68 2C2D5600 push crack.00562D2C
00562A69 |. |68 2C2D5600 push crack.00562D2C
00562A6E |. |8B86 284201>mov eax,dword ptr ds:
00562A74 |. |E8 6B2AEAFF call crack.004054E4
00562A79 |. |50 push eax ; |FileName
00562A7A |. |6A 00 push 0 ; |Operation = NULL
00562A7C |. |6A 00 push 0 ; |hWnd = NULL
00562A7E |. |E8 A9EBEDFF call <jmp.&shell32.ShellExecuteA>; \跳出网页
00562A83 |> \33C0 xor eax,eax
00562A85 |.5A pop edx
00562A86 |.59 pop ecx
00562A87 |.59 pop ecx
00562A88 |.64:8910 mov dword ptr fs:,edx
00562A8B |.68 B52A5600 push crack.00562AB5
00557F9B /EB 40 jmp short crack33.00557FDD ;这里跳才会不出网页
00557F9D . |A1 AC1D5700 mov eax,dword ptr ds:
00557FA2 . |8338 02 cmp dword ptr ds:,2
00557FA5 . |74 1C je short crack33.00557FC3
00557FA7 . |6A 07 push 7 ; /IsShown = 7
00557FA9 . |68 84875500 push crack33.00558784 ; |DefDir = ""
00557FAE . |68 84875500 push crack33.00558784 ; |Parameters = ""
00557FB3 . |68 88875500 push crack33.00558788 ; |FileName = "http://www.hfjsj.com/PicAlbum"
00557FB8 . |6A 00 push 0 ; |Operation = NULL
00557FBA . |6A 00 push 0 ; |hWnd = NULL
00557FBC . |E8 6B96EEFF call <jmp.&shell32.ShellExecuteA>; \ShellExecuteA
00557FC1 . |EB 1A jmp short crack33.00557FDD
00557FC3 > |6A 07 push 7 ; /IsShown = 7
00557FC5 . |68 84875500 push crack33.00558784 ; |DefDir = ""
00557FCA . |68 84875500 push crack33.00558784 ; |Parameters = ""
00557FCF . |68 A8875500 push crack33.005587A8 ; |FileName = "http://www.hfjsj.com/PicAlbum/en"
00557FD4 . |6A 00 push 0 ; |Operation = NULL
00557FD6 . |6A 00 push 0 ; |hWnd = NULL
00557FD8 . |E8 4F96EEFF call <jmp.&shell32.ShellExecuteA>; \ShellExecuteA
00557FDD > \33C0 xor eax,eax
00557FDF .5A pop edx
00557FE0 .59 pop ecx
00557FE1 .59 pop ecx
作者不厚道加了弹窗网页 学的 不错
值得 学习 不错不错。。。。。 多谢楼主了。
页:
[1]