高手看看这个软件 。重启验证的
http://www.namipan.com/d/netgovessetup.exe/ecc6bc5385ca71129fe456331d0ab7981552e2a2c5fd1500我上传到 纳米 上了。 能否附上你的分析?? http://u.115.com/file/f05a9d4629?新手太菜了.版主 你看看 你还是帖出你的分析让大家好帮你哈 在00532473断下.
00532438/.55 PUSH EBP
00532439|.8BEC MOV EBP,ESP
0053243B|.B9 0A000000 MOV ECX,0A
00532440|>6A 00 /PUSH 0
00532442|.6A 00 |PUSH 0
00532444|.49 |DEC ECX
00532445|.^ 75 F9 \JNZ SHORT dumped_.00532440
00532447|.53 PUSH EBX
00532448|.56 PUSH ESI
00532449|.57 PUSH EDI
0053244A|.8BD8 MOV EBX,EAX
0053244C|.33C0 XOR EAX,EAX
0053244E|.55 PUSH EBP
0053244F|.68 22265300 PUSH dumped_.00532622
00532454|.64:FF30 PUSH DWORD PTR FS:
00532457|.64:8920 MOV DWORD PTR FS:,ESP
0053245A|.8D45 F4 LEA EAX,DWORD PTR SS:
0053245D|.E8 C6D0FFFF CALL dumped_.0052F528 ;取机器码
00532462|.8B55 F4 MOV EDX,DWORD PTR SS:
00532465|.A1 CC4B5300 MOV EAX,DWORD PTR DS:
0053246A|.E8 5D24EDFF CALL dumped_.004048CC ;判断机器码是否为空
0053246F|.8D45 F0 LEA EAX,DWORD PTR SS:
00532472|.50 PUSH EAX
00532473|.B9 38265300 MOV ECX,dumped_.00532638 ;Sn
00532478|.BA 44265300 MOV EDX,dumped_.00532644 ;SOFTWARE\Mac
0053247D|.B8 02000080 MOV EAX,80000002
00532482|.E8 A916FCFF CALL dumped_.004F3B30
00532487|.8B55 F0 MOV EDX,DWORD PTR SS: ;取假注册码
0053248A|.A1 B04A5300 MOV EAX,DWORD PTR DS:
0053248F|.E8 3824EDFF CALL dumped_.004048CC ;判断假注册码是否为空
00532494|.A1 A04C5300 MOV EAX,DWORD PTR DS:
00532499|.BA 5C265300 MOV EDX,dumped_.0053265C ;
100FE73E903C923AD19284DD74D505262D12B42568B0808D6AFE5FF35EFE5A126AE161FE1FE7325C506DF724E83A999F9E86DF51
DE63E179D58CA58A9BD172E1641274E86EE5195F0A
0053249E|.E8 2924EDFF CALL dumped_.004048CC ;判断字符串是否为空
005324A3|.A1 E44D5300 MOV EAX,DWORD PTR DS:
005324A8|.C600 01 MOV BYTE PTR DS:,1
005324AB|.33C0 XOR EAX,EAX
005324AD|.55 PUSH EBP
005324AE|.68 D2255300 PUSH dumped_.005325D2
005324B3|.64:FF30 PUSH DWORD PTR FS:
005324B6|.64:8920 MOV DWORD PTR FS:,ESP
005324B9|.8D45 EC LEA EAX,DWORD PTR SS:
005324BC|.50 PUSH EAX
005324BD|.8B15 CC4B5300 MOV EDX,DWORD PTR DS: ;dumped_.00535F40
005324C3|.8B12 MOV EDX,DWORD PTR DS: ;机器码
005324C5|.A1 B04A5300 MOV EAX,DWORD PTR DS:
005324CA|.8B00 MOV EAX,DWORD PTR DS: ;注册码
005324CC|.33C9 XOR ECX,ECX
005324CE|.E8 F113FCFF CALL dumped_.004F38C4 ; F7到 .........
005324D3|.8B55 EC MOV EDX,DWORD PTR SS:
005324D6|.A1 80495300 MOV EAX,DWORD PTR DS:
005324DB|.E8 EC23EDFF CALL dumped_.004048CC
005324E0|.8D45 E8 LEA EAX,DWORD PTR SS:
005324E3|.50 PUSH EAX
005324E4|.8B15 80495300 MOV EDX,DWORD PTR DS: ;dumped_.00535F48
005324EA|.8B12 MOV EDX,DWORD PTR DS:
005324EC|.A1 A04C5300 MOV EAX,DWORD PTR DS:
005324F1|.8B00 MOV EAX,DWORD PTR DS:
005324F3|.33C9 XOR ECX,ECX
005324F5|.E8 CA13FCFF CALL dumped_.004F38C4
005324FA|.8B55 E8 MOV EDX,DWORD PTR SS:
005324FD|.A1 144D5300 MOV EAX,DWORD PTR DS:
00532502|.E8 C523EDFF CALL dumped_.004048CC
00532507|.33C0 XOR EAX,EAX
00532509|.55 PUSH EBP
0053250A|.68 C1255300 PUSH dumped_.005325C1
0053250F|.64:FF30 PUSH DWORD PTR FS:
00532512|.64:8920 MOV DWORD PTR FS:,ESP
00532515|.8B15 144D5300 MOV EDX,DWORD PTR DS: ;dumped_.00535F50
0053251B|.8B12 MOV EDX,DWORD PTR DS:
0053251D|.8B83 30040000 MOV EAX,DWORD PTR DS:
00532523|.E8 E00EFFFF CALL dumped_.00523408
00532528|.8945 FC MOV DWORD PTR SS:,EAX
0053252B|.8B45 FC MOV EAX,DWORD PTR SS:
0053252E|.E8 5DAAFCFF CALL dumped_.004FCF90
00532533|.8B45 FC MOV EAX,DWORD PTR SS:
00532536|.50 PUSH EAX
00532537|.8B45 FC MOV EAX,DWORD PTR SS:
0053253A|.8B48 4C MOV ECX,DWORD PTR DS:
0053253D|.B2 01 MOV DL,1
0053253F|.A1 CCBB4F00 MOV EAX,DWORD PTR DS:
00532544|.E8 1707FDFF CALL dumped_.00502C60
00532549|.8945 F8 MOV DWORD PTR SS:,EAX
0053254C|.8D45 D4 LEA EAX,DWORD PTR SS:
0053254F|.50 PUSH EAX
00532550|.8D4D D0 LEA ECX,DWORD PTR SS:
00532553|.BA F8265300 MOV EDX,dumped_.005326F8 ;ZhongZ
00532558|.8B45 F8 MOV EAX,DWORD PTR SS:
0053255B|.E8 740BFDFF CALL dumped_.005030D4
00532560|.8B45 D0 MOV EAX,DWORD PTR SS:
00532563|.50 PUSH EAX
00532564|.8B83 0C040000 MOV EAX,DWORD PTR DS:
0053256A|.E8 49DEFAFF CALL dumped_.004E03B8
0053256F|.8BD0 MOV EDX,EAX
00532571|.8D45 B0 LEA EAX,DWORD PTR SS:
00532574|.B1 FC MOV CL,0FC
00532576|.E8 3134EDFF CALL dumped_.004059AC
0053257B|.8D75 B0 LEA ESI,DWORD PTR SS:
0053257E|.8D7D C0 LEA EDI,DWORD PTR SS:
00532581|.A5 MOVS DWORD PTR ES:,DWORD PTR DS:[ES>
00532582|.A5 MOVS DWORD PTR ES:,DWORD PTR DS:[ES>
00532583|.A5 MOVS DWORD PTR ES:,DWORD PTR DS:[ES>
00532584|.A5 MOVS DWORD PTR ES:,DWORD PTR DS:[ES>
00532585|.8D55 C0 LEA EDX,DWORD PTR SS:
00532588|.33C9 XOR ECX,ECX
0053258A|.58 POP EAX
0053258B|.8B18 MOV EBX,DWORD PTR DS:
0053258D|.FF53 10 CALL DWORD PTR DS:
00532590|.8B45 D4 MOV EAX,DWORD PTR SS:
00532593|.8D55 D8 LEA EDX,DWORD PTR SS:
00532596|.8B08 MOV ECX,DWORD PTR DS:
00532598|.FF51 38 CALL DWORD PTR DS:
0053259B|.8B45 FC MOV EAX,DWORD PTR SS:
0053259E|.E8 A5ABFCFF CALL dumped_.004FD148
005325A3|.33C0 XOR EAX,EAX
005325A5|.5A POP EDX
005325A6|.59 POP ECX
005325A7|.59 POP ECX
005325A8|.64:8910 MOV DWORD PTR FS:,EDX
005325AB|.68 C8255300 PUSH dumped_.005325C8
005325B0|>8B45 F8 MOV EAX,DWORD PTR SS:
005325B3|.E8 F013EDFF CALL dumped_.004039A8
005325B8|.8B45 FC MOV EAX,DWORD PTR SS:
005325BB|.E8 E813EDFF CALL dumped_.004039A8
005325C0\.C3 RETN
.........
F7 到这里
这段代码走了很多次.越走越晕.
100FE73E903C923AD19284DD74D505262D12B42568B0808D6AFE5FF35EFE5A126AE161FE1FE7325C506DF724E83A999F9E86DF51
DE63E179D58CA58A9BD172E1641274E86EE5195F0A
分析 到这个字符串的时候就更晕了,
004F38C4/$55 PUSH EBP
004F38C5|.8BEC MOV EBP,ESP
004F38C7|.83C4 C4 ADD ESP,-3C
004F38CA|.53 PUSH EBX
004F38CB|.56 PUSH ESI
004F38CC|.57 PUSH EDI
004F38CD|.33DB XOR EBX,EBX
004F38CF|.895D C4 MOV DWORD PTR SS:,EBX
004F38D2|.895D CC MOV DWORD PTR SS:,EBX
004F38D5|.895D C8 MOV DWORD PTR SS:,EBX
004F38D8|.895D D4 MOV DWORD PTR SS:,EBX
004F38DB|.895D D0 MOV DWORD PTR SS:,EBX
004F38DE|.895D D8 MOV DWORD PTR SS:,EBX
004F38E1|.895D F0 MOV DWORD PTR SS:,EBX
004F38E4|.8BD9 MOV EBX,ECX
004F38E6|.8955 F8 MOV DWORD PTR SS:,EDX
004F38E9|.8945 FC MOV DWORD PTR SS:,EAX
004F38EC|.8B45 FC MOV EAX,DWORD PTR SS:
004F38EF|.E8 2414F1FF CALL dumped_.00404D18
004F38F4|.8B45 F8 MOV EAX,DWORD PTR SS:
004F38F7|.E8 1C14F1FF CALL dumped_.00404D18
004F38FC|.33C0 XOR EAX,EAX
004F38FE|.55 PUSH EBP
004F38FF|.68 F13A4F00 PUSH dumped_.004F3AF1
004F3904|.64:FF30 PUSH DWORD PTR FS:
004F3907|.64:8920 MOV DWORD PTR FS:,ESP
004F390A|.8D45 F0 LEA EAX,DWORD PTR SS:
004F390D|.E8 660FF1FF CALL dumped_.00404878
004F3912|.8B45 FC MOV EAX,DWORD PTR SS:
004F3915|.E8 1612F1FF CALL dumped_.00404B30 ;判断注册码是否为空
004F391A|.85C0 TEST EAX,EAX
004F391C|.0F84 9F010000 JE dumped_.004F3AC1
004F3922|.8B45 F8 MOV EAX,DWORD PTR SS:
004F3925|.E8 0612F1FF CALL dumped_.00404B30
004F392A|.8945 F4 MOV DWORD PTR SS:,EAX
004F392D|.837D F4 00 CMP DWORD PTR SS:,0 ;比较机器码是否为空
004F3931|.75 0D JNZ SHORT dumped_.004F3940
004F3933|.8D45 F8 LEA EAX,DWORD PTR SS:
004F3936|.BA 0C3B4F00 MOV EDX,dumped_.004F3B0C ;Tom Lee
004F393B|.E8 D00FF1FF CALL dumped_.00404910
004F3940|>33F6 XOR ESI,ESI
004F3942|.BF 00010000 MOV EDI,100
004F3947|.84DB TEST BL,BL
004F3949|.0F84 A4000000 JE dumped_.004F39F3
004F394F|.E8 58F2F0FF CALL dumped_.00402BAC
004F3954|.8BC7 MOV EAX,EDI
004F3956|.E8 41F8F0FF CALL dumped_.0040319C
004F395B|.8BF8 MOV EDI,EAX
004F395D|.8D45 F0 LEA EAX,DWORD PTR SS:
004F3960|.50 PUSH EAX
004F3961|.897D DC MOV DWORD PTR SS:,EDI
004F3964|.C645 E0 00 MOV BYTE PTR SS:,0
004F3968|.8D55 DC LEA EDX,DWORD PTR SS:
004F396B|.33C9 XOR ECX,ECX
004F396D|.B8 1C3B4F00 MOV EAX,dumped_.004F3B1C ;%1.2x
004F3972|.E8 3D6BF1FF CALL dumped_.0040A4B4
004F3977|.8B45 FC MOV EAX,DWORD PTR SS:
004F397A|.E8 B111F1FF CALL dumped_.00404B30
004F397F|.85C0 TEST EAX,EAX
004F3981|.0F8E 2F010000 JLE dumped_.004F3AB6
004F3987|.8945 E4 MOV DWORD PTR SS:,EAX
004F398A|.C745 EC 01000>MOV DWORD PTR SS:,1
004F3991|>8B45 FC /MOV EAX,DWORD PTR SS:
004F3994|.8B55 EC |MOV EDX,DWORD PTR SS:
004F3997|.0FB64410 FF |MOVZX EAX,BYTE PTR DS:
004F399C|.03C7 |ADD EAX,EDI
004F399E|.B9 FF000000 |MOV ECX,0FF
004F39A3|.99 |CDQ
004F39A4|.F7F9 |IDIV ECX
004F39A6|.8BDA |MOV EBX,EDX
004F39A8|.3B75 F4 |CMP ESI,DWORD PTR SS:
004F39AB|.7D 03 |JGE SHORT dumped_.004F39B0
004F39AD|.46 |INC ESI
004F39AE|.EB 05 |JMP SHORT dumped_.004F39B5
004F39B0|>BE 01000000 |MOV ESI,1
004F39B5|>8B45 F8 |MOV EAX,DWORD PTR SS:
004F39B8|.0FB64430 FF |MOVZX EAX,BYTE PTR DS:
004F39BD|.33D8 |XOR EBX,EAX
004F39BF|.8D45 D8 |LEA EAX,DWORD PTR SS:
004F39C2|.50 |PUSH EAX
004F39C3|.895D DC |MOV DWORD PTR SS:,EBX
004F39C6|.C645 E0 00 |MOV BYTE PTR SS:,0
004F39CA|.8D55 DC |LEA EDX,DWORD PTR SS:
004F39CD|.33C9 |XOR ECX,ECX
004F39CF|.B8 1C3B4F00 |MOV EAX,dumped_.004F3B1C ;%1.2x
004F39D4|.E8 DB6AF1FF |CALL dumped_.0040A4B4
004F39D9|.8B55 D8 |MOV EDX,DWORD PTR SS:
004F39DC|.8D45 F0 |LEA EAX,DWORD PTR SS:
004F39DF|.E8 5411F1FF |CALL dumped_.00404B38
004F39E4|.8BFB |MOV EDI,EBX
004F39E6|.FF45 EC |INC DWORD PTR SS:
004F39E9|.FF4D E4 |DEC DWORD PTR SS:
004F39EC|.^ 75 A3 \JNZ SHORT dumped_.004F3991
004F39EE|.E9 C3000000 JMP dumped_.004F3AB6
004F39F3|>8D45 D0 LEA EAX,DWORD PTR SS:
004F39F6|.50 PUSH EAX
004F39F7|.B9 02000000 MOV ECX,2
004F39FC|.BA 01000000 MOV EDX,1
004F3A01|.8B45 FC MOV EAX,DWORD PTR SS:
004F3A04|.E8 7F13F1FF CALL dumped_.00404D88 ;
004F3A09|.8B4D D0 MOV ECX,DWORD PTR SS:
004F3A0C|.8D45 D4 LEA EAX,DWORD PTR SS:
004F3A0F|.BA 2C3B4F00 MOV EDX,dumped_.004F3B2C ;$
004F3A14|.E8 6311F1FF CALL dumped_.00404B7C ;加$
004F3A19|.8B45 D4 MOV EAX,DWORD PTR SS:
004F3A1C|.E8 AF5EF1FF CALL dumped_.004098D0
004F3A21|.8BF8 MOV EDI,EAX
004F3A23|.C745 EC 03000>MOV DWORD PTR SS:,3
004F3A2A|>8D45 C8 /LEA EAX,DWORD PTR SS:
004F3A2D|.50 |PUSH EAX ; 循环每次取2位.
004F3A2E|.B9 02000000 |MOV ECX,2
004F3A33|.8B55 EC |MOV EDX,DWORD PTR SS:
004F3A36|.8B45 FC |MOV EAX,DWORD PTR SS:
004F3A39|.E8 4A13F1FF |CALL dumped_.00404D88
004F3A3E|.8B4D C8 |MOV ECX,DWORD PTR SS:
004F3A41|.8D45 CC |LEA EAX,DWORD PTR SS:
004F3A44|.BA 2C3B4F00 |MOV EDX,dumped_.004F3B2C ;$
004F3A49|.E8 2E11F1FF |CALL dumped_.00404B7C
004F3A4E|.8B45 CC |MOV EAX,DWORD PTR SS:
004F3A51|.E8 7A5EF1FF |CALL dumped_.004098D0
004F3A56|.8BD8 |MOV EBX,EAX
004F3A58|.3B75 F4 |CMP ESI,DWORD PTR SS:
004F3A5B|.7D 03 |JGE SHORT dumped_.004F3A60
004F3A5D|.46 |INC ESI
004F3A5E|.EB 05 |JMP SHORT dumped_.004F3A65
004F3A60|>BE 01000000 |MOV ESI,1
004F3A65|>8B45 F8 |MOV EAX,DWORD PTR SS:
004F3A68|.0FB64430 FF |MOVZX EAX,BYTE PTR DS:
004F3A6D|.33C3 |XOR EAX,EBX
004F3A6F|.8945 E8 |MOV DWORD PTR SS:,EAX
004F3A72|.3B7D E8 |CMP EDI,DWORD PTR SS:
004F3A75|.7C 0F |JL SHORT dumped_.004F3A86
004F3A77|.8B45 E8 |MOV EAX,DWORD PTR SS:
004F3A7A|.05 FF000000 |ADD EAX,0FF
004F3A7F|.2BC7 |SUB EAX,EDI
004F3A81|.8945 E8 |MOV DWORD PTR SS:,EAX
004F3A84|.EB 03 |JMP SHORT dumped_.004F3A89
004F3A86|>297D E8 |SUB DWORD PTR SS:,EDI
004F3A89|>8D45 C4 |LEA EAX,DWORD PTR SS:
004F3A8C|.8B55 E8 |MOV EDX,DWORD PTR SS:
004F3A8F|.E8 C40FF1FF |CALL dumped_.00404A58
004F3A94|.8B55 C4 |MOV EDX,DWORD PTR SS:
004F3A97|.8D45 F0 |LEA EAX,DWORD PTR SS:
004F3A9A|.E8 9910F1FF |CALL dumped_.00404B38
004F3A9F|.8BFB |MOV EDI,EBX
004F3AA1|.8345 EC 02 |ADD DWORD PTR SS:,2
004F3AA5|.8B45 FC |MOV EAX,DWORD PTR SS:
004F3AA8|.E8 8310F1FF |CALL dumped_.00404B30
004F3AAD|.3B45 EC |CMP EAX,DWORD PTR SS:
004F3AB0|.^ 0F8F 74FFFFFF \JG dumped_.004F3A2A
004F3AB6|>8B45 08 MOV EAX,DWORD PTR SS:
004F3AB9|.8B55 F0 MOV EDX,DWORD PTR SS:
004F3ABC|.E8 0B0EF1FF CALL dumped_.004048CC
004F3AC1|>33C0 XOR EAX,EAX
004F3AC3|.5A POP EDX
004F3AC4|.59 POP ECX
004F3AC5|.59 POP ECX
004F3AC6|.64:8910 MOV DWORD PTR FS:,EDX
004F3AC9|.68 F83A4F00 PUSH dumped_.004F3AF8
004F3ACE|>8D45 C4 LEA EAX,DWORD PTR SS:
004F3AD1|.BA 06000000 MOV EDX,6
004F3AD6|.E8 C10DF1FF CALL dumped_.0040489C
004F3ADB|.8D45 F0 LEA EAX,DWORD PTR SS:
004F3ADE|.E8 950DF1FF CALL dumped_.00404878
004F3AE3|.8D45 F8 LEA EAX,DWORD PTR SS:
004F3AE6|.BA 02000000 MOV EDX,2
004F3AEB|.E8 AC0DF1FF CALL dumped_.0040489C
004F3AF0\.C3 RETN
004F3AF1 .^ E9 4606F1FF JMP dumped_.0040413C
004F3AF6 .^ EB D6 JMP SHORT dumped_.004F3ACE
004F3AF8 .5F POP EDI
004F3AF9 .5E POP ESI
004F3AFA .5B POP EBX
004F3AFB .8BE5 MOV ESP,EBP
004F3AFD .5D POP EBP
004F3AFE .C2 0400 RETN 4
0052FC04/.55 PUSH EBP
0052FC05|.8BEC MOV EBP,ESP
0052FC07|.6A 00 PUSH 0
0052FC09|.6A 00 PUSH 0
0052FC0B|.6A 00 PUSH 0
0052FC0D|.53 PUSH EBX
0052FC0E|.8BD8 MOV EBX,EAX
0052FC10|.33C0 XOR EAX,EAX
0052FC12|.55 PUSH EBP
0052FC13|.68 B5FC5200 PUSH dumped_.0052FCB5
0052FC18|.64:FF30 PUSH DWORD PTR FS:
0052FC1B|.64:8920 MOV DWORD PTR FS:,ESP
0052FC1E|.8D45 FC LEA EAX,DWORD PTR SS:
0052FC21|.E8 02F9FFFF CALL dumped_.0052F528
0052FC26|.8B55 FC MOV EDX,DWORD PTR SS:
0052FC29|.8B83 FC020000 MOV EAX,DWORD PTR DS:
0052FC2F|.E8 E09AF1FF CALL dumped_.00449714
0052FC34|.A1 E44D5300 MOV EAX,DWORD PTR DS:
0052FC39|.8038 00 CMP BYTE PTR DS:,0
0052FC3C|.74 4F JE SHORT dumped_.0052FC8D ////改jne 爆破....但是还是爆破不成
功.
0052FC3E|.B2 01 MOV DL,1
0052FC40|.8B83 1C030000 MOV EAX,DWORD PTR DS:
0052FC46|.E8 B999F1FF CALL dumped_.00449604
0052FC4B|.68 CCFC5200 PUSH dumped_.0052FCCC ;已注册给:
0052FC50|.8D45 F4 LEA EAX,DWORD PTR SS:
0052FC53|.50 PUSH EAX
0052FC54|.B9 E4FC5200 MOV ECX,dumped_.0052FCE4 ;Name
0052FC59|.BA F4FC5200 MOV EDX,dumped_.0052FCF4 ;SOFTWARE\Mac
0052FC5E|.B8 02000080 MOV EAX,80000002
0052FC63|.E8 C83EFCFF CALL dumped_.004F3B30
0052FC68|.FF75 F4 PUSH DWORD PTR SS:
0052FC6B|.68 0CFD5200 PUSH dumped_.0052FD0C ; 谢谢支持!
0052FC70|.8D45 F8 LEA EAX,DWORD PTR SS:
0052FC73|.BA 03000000 MOV EDX,3
0052FC78|.E8 734FEDFF CALL dumped_.00404BF0
0052FC7D|.8B55 F8 MOV EDX,DWORD PTR SS:
0052FC80|.8B83 1C030000 MOV EAX,DWORD PTR DS:
0052FC86|.E8 899AF1FF CALL dumped_.00449714
0052FC8B|.EB 0D JMP SHORT dumped_.0052FC9A
0052FC8D|>33D2 XOR EDX,EDX
0052FC8F|.8B83 1C030000 MOV EAX,DWORD PTR DS:
0052FC95|.E8 6A99F1FF CALL dumped_.00449604
0052FC9A|>33C0 XOR EAX,EAX
0052FC9C|.5A POP EDX
0052FC9D|.59 POP ECX
0052FC9E|.59 POP ECX
0052FC9F|.64:8910 MOV DWORD PTR FS:,EDX
0052FCA2|.68 BCFC5200 PUSH dumped_.0052FCBC
0052FCA7|>8D45 F4 LEA EAX,DWORD PTR SS:
0052FCAA|.BA 03000000 MOV EDX,3
0052FCAF|.E8 E84BEDFF CALL dumped_.0040489C
0052FCB4\.C3 RETN
0052FCB5 .^ E9 8244EDFF JMP dumped_.0040413C
0052FCBA .^ EB EB JMP SHORT dumped_.0052FCA7
0052FCBC .5B POP EBX
0052FCBD .8BE5 MOV ESP,EBP
0052FCBF .5D POP EBP
0052FCC0 .C3 RETN
大家帮我看看。 本帖最后由 月之精灵 于 2011-1-24 11:25 编辑
0052FC39|.8038 00 CMP BYTE PTR DS:,0
0052FC3C|.74 4F JE SHORT dumped_.0052FC8D
估计这个的值是关键,看下在哪里被赋值了,你改改转不行可能是别的地方还要调用这个值。 0052FC3C|.74 4F JE SHORT dumped_.0052FC8D ////改jne 爆破....但是还是爆破不成功.这个地方我标记出来了。改了之后提示爆破成功。但是还有校验。爆破不成功。 哦,爆破了还不行?还有其它方式验证?
页:
[1]