- UID
- 48276
注册时间2008-3-5
阅读权限10
最后登录1970-1-1
周游历练
TA的每日心情 | 开心
2024-2-23 20:03 |
|---|
签到天数: 3 天 [LV.2]偶尔看看I
|
初次接触网络验证的软件,想牛刀初试一番,遇到不少问题:
很幸运的,这个挂没壳,od直接载入,有关这个软件,如是新账号,可以使用一天24小时,如果上了保持24小时不下线也可以一直用下去。我曾想过在软件运行时填新账号,在游戏里再改成真实的账号,可是不行,所以唯一的方法是在一开始就让软件承认账号的有效性。
od载入,根据提示框,可以来到以这个断首为开始的代码段:
10004410 /$ 55 push ebp ; 断首
10004411 |. 8BEC mov ebp, esp
10004413 |. 81C4 20FBFFFF add esp, -4E0
10004419 |. 53 push ebx
1000441A |. 56 push esi
1000441B |. 57 push edi
1000441C |. 8955 D0 mov dword ptr [ebp-30], edx
1000441F |. 8BD8 mov ebx, eax
10004421 |. B8 881D1010 mov eax, 10101D88
10004426 |. E8 B5C50D00 call 100E09E0
1000442B |. 8B75 D0 mov esi, dword ptr [ebp-30]
1000442E |. 6A 30 push 30
10004430 |. 6A 00 push 0
10004432 |. 8D45 90 lea eax, dword ptr [ebp-70]
10004435 |. 50 push eax
10004436 |. E8 99C10D00 call 100E05D4
1000443B |. 66:C745 90 99>mov word ptr [ebp-70], 9999
10004441 |. 66:C745 92 04>mov word ptr [ebp-6E], 4
10004447 |. 83C4 0C add esp, 0C
1000444A |. 8D55 98 lea edx, dword ptr [ebp-68]
1000444D |. C745 94 28000>mov dword ptr [ebp-6C], 28
10004454 |. 6A 14 push 14
10004456 |. 56 push esi
10004457 |. 52 push edx
10004458 |. E8 ABD8FFFF call 10001D08
1000445D |. 83C4 0C add esp, 0C
10004460 |. 8D4D AC lea ecx, dword ptr [ebp-54]
10004463 |. 6A 14 push 14
10004465 |. 68 2F151010 push 1010152F ; 1111
1000446A |. 51 push ecx
1000446B |. E8 98D8FFFF call 10001D08
10004470 |. 83C4 0C add esp, 0C
10004473 |. 8D85 50FFFFFF lea eax, dword ptr [ebp-B0]
10004479 |. 50 push eax
1000447A |. E8 C5DAFFFF call 10001F44
1000447F |. 59 pop ecx
10004480 |. 8D95 50FFFFFF lea edx, dword ptr [ebp-B0]
10004486 |. 66:C745 E4 0C>mov word ptr [ebp-1C], 0C
1000448C |. 8D45 FC lea eax, dword ptr [ebp-4]
1000448F |. E8 4CB20E00 call 100EF6E0
10004494 |. FF45 F0 inc dword ptr [ebp-10]
10004497 |. 8B10 mov edx, dword ptr [eax]
10004499 |. 8B83 68030000 mov eax, dword ptr [ebx+368]
1000449F |. E8 2C9C0C00 call 100CE0D0
100044A4 |. FF4D F0 dec dword ptr [ebp-10]
100044A7 |. 8D45 FC lea eax, dword ptr [ebp-4]
100044AA |. BA 02000000 mov edx, 2
100044AF |. E8 FCB30E00 call 100EF8B0
100044B4 |. 66:C745 E4 18>mov word ptr [ebp-1C], 18
100044BA |. E8 7DD8FFFF call 10001D3C
100044BF |. 8BD0 mov edx, eax
100044C1 |. 8D45 F8 lea eax, dword ptr [ebp-8]
100044C4 |. E8 1BB30E00 call 100EF7E4
100044C9 |. FF45 F0 inc dword ptr [ebp-10]
100044CC |. 8B10 mov edx, dword ptr [eax]
100044CE |. 8B83 68030000 mov eax, dword ptr [ebx+368]
100044D4 |. E8 639C0C00 call 100CE13C
100044D9 |. FF4D F0 dec dword ptr [ebp-10]
100044DC |. 8D45 F8 lea eax, dword ptr [ebp-8]
100044DF |. BA 02000000 mov edx, 2
100044E4 |. E8 C7B30E00 call 100EF8B0
100044E9 |. 8B75 D0 mov esi, dword ptr [ebp-30]
100044EC |. 33C0 xor eax, eax
100044EE |. 56 push esi
100044EF |. 8BFE mov edi, esi
100044F1 |. 83C9 FF or ecx, FFFFFFFF
100044F4 |. BE D43F1110 mov esi, 10113FD4 ; betty
100044F9 |. F2:AE repne scas byte ptr es:[edi]
100044FB |. F7D1 not ecx
100044FD |. 2BF9 sub edi, ecx
100044FF |. 8BD1 mov edx, ecx
10004501 |. 87F7 xchg edi, esi
10004503 |. C1E9 02 shr ecx, 2
10004506 |. 8BC7 mov eax, edi
10004508 |. F3:A5 rep movs dword ptr es:[edi], dword p>
1000450A |. 8BCA mov ecx, edx
1000450C |. 83E1 03 and ecx, 3
1000450F |. F3:A4 rep movs byte ptr es:[edi], byte ptr>
10004511 |. 8B83 68030000 mov eax, dword ptr [ebx+368]
10004517 |. 5E pop esi
10004518 |. 8078 30 00 cmp byte ptr [eax+30], 0
1000451C |. 74 05 je short 10004523 ; 跳了
1000451E |. 8B10 mov edx, dword ptr [eax]
10004520 |. FF52 40 call dword ptr [edx+40]
10004523 |> 8B83 68030000 mov eax, dword ptr [ebx+368]
10004529 |. 8B10 mov edx, dword ptr [eax]
1000452B |. FF52 3C call dword ptr [edx+3C]
1000452E |. 6A 30 push 30
10004530 |. 8D4D 90 lea ecx, dword ptr [ebp-70]
10004533 |. 51 push ecx
10004534 |. E8 A3D9FFFF call 10001EDC
10004539 |. 83C4 08 add esp, 8
1000453C |. 8D55 90 lea edx, dword ptr [ebp-70]
1000453F |. B9 30000000 mov ecx, 30
10004544 |. 6A 00 push 0
10004546 |. 8B83 68030000 mov eax, dword ptr [ebx+368]
1000454C |. E8 0B980C00 call 100CDD5C
10004551 |. 85C0 test eax, eax
10004553 |. 7F 34 jg short 10004589 ; 跳
10004555 |. 6A 00 push 0
10004557 |. A1 D03F1110 mov eax, dword ptr [10113FD0]
1000455C |. 68 34151010 push 10101534 ; 提示
10004561 |. 50 push eax
10004562 |. 8BC3 mov eax, ebx
10004564 |. E8 DF6C0800 call 1008B248
10004569 |. 50 push eax ; |hOwner
1000456A |. E8 53A90F00 call <jmp.&USER32.MessageBoxA> ; \网络连接失败
1000456F |. 8B83 68030000 mov eax, dword ptr [ebx+368]
10004575 |. 8B10 mov edx, dword ptr [eax]
10004577 |. FF52 40 call dword ptr [edx+40]
1000457A |. 8B4D D4 mov ecx, dword ptr [ebp-2C]
1000457D |. 64:890D 00000>mov dword ptr fs:[0], ecx
10004584 |. E9 DD030000 jmp 10004966
10004589 |> 33F6 xor esi, esi
1000458B |. B8 18491110 mov eax, 10114918
10004590 |. BA D43F1110 mov edx, 10113FD4 ; betty
10004595 |> 8A0A /mov cl, byte ptr [edx]
10004597 |. 80F1 CC |xor cl, 0CC
1000459A |. 8808 |mov byte ptr [eax], cl
1000459C |. 46 |inc esi
1000459D |. 40 |inc eax
1000459E |. 42 |inc edx
1000459F |. 83FE 40 |cmp esi, 40
100045A2 |.^ 7C F1 \jl short 10004595 ; 也跳
100045A4 |. 8DBD 50FBFFFF lea edi, dword ptr [ebp-4B0] ; 循环1
100045AA |. BE 280D1010 mov esi, 10100D28
100045AF |. B9 00010000 mov ecx, 100
100045B4 |. 8D95 50FBFFFF lea edx, dword ptr [ebp-4B0]
100045BA |. F3:A5 rep movs dword ptr es:[edi], dword p>
100045BC |. 6A 00 push 0
100045BE |. B9 00040000 mov ecx, 400
100045C3 |. 8B83 68030000 mov eax, dword ptr [ebx+368]
100045C9 |. E8 46970C00 call 100CDD14
100045CE |. 85C0 test eax, eax
100045D0 |. 7F 34 jg short 10004606 ; 网络好就跳过
100045D2 |. 6A 00 push 0
100045D4 |. A1 D03F1110 mov eax, dword ptr [10113FD0]
100045D9 |. 68 39151010 push 10101539 ; 提示
100045DE |. 50 push eax
100045DF |. 8BC3 mov eax, ebx
100045E1 |. E8 626C0800 call 1008B248
100045E6 |. 50 push eax ; |hOwner
100045E7 |. E8 D6A80F00 call <jmp.&USER32.MessageBoxA> ; \网络连接失败
100045EC |. 8B83 68030000 mov eax, dword ptr [ebx+368]
100045F2 |. 8B10 mov edx, dword ptr [eax]
100045F4 |. FF52 40 call dword ptr [edx+40]
100045F7 |. 8B4D D4 mov ecx, dword ptr [ebp-2C]
100045FA |. 64:890D 00000>mov dword ptr fs:[0], ecx
10004601 |. E9 60030000 jmp 10004966 ; 上面跳就步过这里
10004606 |> 50 push eax ; 确实要跳到这里
10004607 |. 8D85 50FBFFFF lea eax, dword ptr [ebp-4B0]
1000460D |. 50 push eax
1000460E |. E8 C9D8FFFF call 10001EDC
10004613 |. 83C4 08 add esp, 8
10004616 |. 8B83 68030000 mov eax, dword ptr [ebx+368]
1000461C |. 8B10 mov edx, dword ptr [eax]
1000461E |. FF52 40 call dword ptr [edx+40]
10004621 |. 6A 08 push 8
10004623 |. 68 3E151010 push 1010153E ; 登陆成功
10004628 |. 8D8D 50FBFFFF lea ecx, dword ptr [ebp-4B0]
1000462E |. 51 push ecx
1000462F |. E8 D8C10D00 call 100E080C ; 这里可能要该
10004634 |. 83C4 0C add esp, 0C ; (initial cpu selection)
10004637 |. 85C0 test eax, eax
10004639 |. 0F85 91020000 jnz 100048D0 ; 不能跳
1000463F |. 68 47151010 push 10101547 ; pyw
10004644 |. 8D85 50FBFFFF lea eax, dword ptr [ebp-4B0]
1000464A |. 50 push eax
1000464B |. E8 B5C10D00 call 100E0805
10004650 |. 83C4 08 add esp, 8
10004653 |. 85C0 test eax, eax
10004655 |. 74 59 je short 100046B0 ; 这里要跳
10004657 |. 8D55 CC lea edx, dword ptr [ebp-34]
1000465A |. 52 push edx ; /phToken
1000465B |. 6A 28 push 28 ; |DesiredAccess = TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES
1000465D |. E8 74A00F00 call <jmp.&KERNEL32.GetCurrentProcess>; |[GetCurrentProcess
10004662 |. 50 push eax ; |hProcess
10004663 |. E8 AE9F0F00 call <jmp.&ADVAPI32.OpenProcessToken> ; \OpenProcessToken
10004668 |. 8D8D 44FBFFFF lea ecx, dword ptr [ebp-4BC]
1000466E |. 51 push ecx ; /pLocalId
1000466F |. 68 4B151010 push 1010154B ; |seshutdownprivilege
10004674 |. 6A 00 push 0 ; |SystemName = NULL
10004676 |. E8 959F0F00 call <jmp.&ADVAPI32.LookupPrivilegeVa>; \LookupPrivilegeValueA
1000467B |. C785 40FBFFFF>mov dword ptr [ebp-4C0], 1
10004685 |. C785 4CFBFFFF>mov dword ptr [ebp-4B4], 2
1000468F |. 6A 00 push 0 ; /pRetLen = NULL
10004691 |. 6A 00 push 0 ; |pPrevState = NULL
10004693 |. 6A 00 push 0 ; |PrevStateSize = 0
10004695 |. 8D85 40FBFFFF lea eax, dword ptr [ebp-4C0] ; |
1000469B |. 50 push eax ; |pNewState
1000469C |. 6A 00 push 0 ; |DisableAllPrivileges = FALSE
1000469E |. 8B55 CC mov edx, dword ptr [ebp-34] ; |
100046A1 |. 52 push edx ; |hToken
100046A2 |. E8 2D9F0F00 call <jmp.&ADVAPI32.AdjustTokenPrivil>; \AdjustTokenPrivileges
100046A7 |. 6A 00 push 0 ; /Reserved = 0
100046A9 |. 6A 05 push 5 ; |Options = EWX_SHUTDOWN|EWX_FORCE
100046AB |. E8 38A60F00 call <jmp.&USER32.ExitWindowsEx> ; \ExitWindowsEx
100046B0 |> 68 94481110 push 10114894 ; 应该跳到这里
100046B5 |. 8D8D 50FFFFFF lea ecx, dword ptr [ebp-B0]
100046BB |. 51 push ecx
100046BC |. 68 66151010 push 10101566 ; 121212
100046C1 |. E8 46C00D00 call 100E070C
100046C6 |. 59 pop ecx
100046C7 |. 50 push eax
100046C8 |. 68 5F151010 push 1010155F ; 121212
100046CD |. 8B45 D0 mov eax, dword ptr [ebp-30]
100046D0 |. 50 push eax
100046D1 |. E8 36C00D00 call 100E070C
100046D6 |. 59 pop ecx
100046D7 |. 50 push eax
100046D8 |. 8B55 D0 mov edx, dword ptr [ebp-30]
100046DB |. 52 push edx
100046DC |. E8 B70E0000 call 10005598 ; 这里可能也要改
100046E1 |. 83C4 18 add esp, 18
100046E4 |. 84C0 test al, al
100046E6 |. 75 28 jnz short 10004710 ; 没跳,要跳
100046E8 |. 6A 00 push 0
100046EA |. 68 9A151010 push 1010159A ; 提示
100046EF |. 68 6D151010 push 1010156D ; 登陆失败,请重新尝试或确定使用的是否最新版本
100046F4 |. 8BC3 mov eax, ebx
100046F6 |. E8 4D6B0800 call 1008B248
100046FB |. 50 push eax ; |hOwner
100046FC |. E8 C1A70F00 call <jmp.&USER32.MessageBoxA> ; \登陆失败,请确定是新版吗
10004701 |. 8B55 D4 mov edx, dword ptr [ebp-2C]
10004704 |. 64:8915 00000>mov dword ptr fs:[0], edx
1000470B |. E9 56020000 jmp 10004966
10004710 |> 8D8B C4030000 lea ecx, dword ptr [ebx+3C4]
10004716 |. 51 push ecx
10004717 |. E8 0C0D0000 call 10005428
1000471C |. 59 pop ecx
1000471D |. 8BF0 mov esi, eax
1000471F |. 68 80000000 push 80
10004724 |. 68 94481110 push 10114894
10004729 |. 56 push esi
1000472A |. E8 11BE0D00 call 100E0540
1000472F |. 8B7D D0 mov edi, dword ptr [ebp-30]
10004732 |. 8D86 80000000 lea eax, dword ptr [esi+80]
10004738 |. 83C4 0C add esp, 0C
1000473B |. 8945 C8 mov dword ptr [ebp-38], eax
1000473E |. 8B55 C8 mov edx, dword ptr [ebp-38]
10004741 |. 33C0 xor eax, eax
10004743 |. 56 push esi
10004744 |. 57 push edi
10004745 |. 83C9 FF or ecx, FFFFFFFF
10004748 |. 8BF2 mov esi, edx
1000474A |. F2:AE repne scas byte ptr es:[edi]
1000474C |. F7D1 not ecx
1000474E |. 2BF9 sub edi, ecx
10004750 |. 8BD1 mov edx, ecx
10004752 |. 87F7 xchg edi, esi
10004754 |. C1E9 02 shr ecx, 2
10004757 |. 8BC7 mov eax, edi
10004759 |. F3:A5 rep movs dword ptr es:[edi], dword p>
1000475B |. 8BCA mov ecx, edx
1000475D |. 83E1 03 and ecx, 3
10004760 |. F3:A4 rep movs byte ptr es:[edi], byte ptr>
10004762 |. 5F pop edi
10004763 |. 5E pop esi
10004764 |. 8D86 80000000 lea eax, dword ptr [esi+80]
1000476A |. 33D2 xor edx, edx
1000476C |. 8BC8 mov ecx, eax
1000476E |. 8BC1 mov eax, ecx
10004770 |> 8030 57 /xor byte ptr [eax], 57
10004773 |. 42 |inc edx
10004774 |. 40 |inc eax
10004775 |. 81FA 80000000 |cmp edx, 80
1000477B |.^ 7C F3 \jl short 10004770 ; 要想上跳
1000477D |. 6A 04 push 4
1000477F |. 68 58491110 push 10114958
10004784 |. 8D86 00010000 lea eax, dword ptr [esi+100]
1000478A |. 50 push eax
1000478B |. E8 B0BD0D00 call 100E0540
10004790 |. 83C4 0C add esp, 0C
10004793 |. 33D2 xor edx, edx
10004795 |. 8955 C4 mov dword ptr [ebp-3C], edx
10004798 |. 803D 18021010>cmp byte ptr [10100218], 0
1000479F |. 75 08 jnz short 100047A9 ; 没跳
100047A1 |. E8 369F0F00 call <jmp.&KERNEL32.GetCurrentProcess>; [GetCurrentProcessId
100047A6 |. 8945 C4 mov dword ptr [ebp-3C], eax
100047A9 |> 56 push esi
100047AA |. BE 28111010 mov esi, 10101128
100047AF |. 8DBD 30FBFFFF lea edi, dword ptr [ebp-4D0]
100047B5 |. B9 04000000 mov ecx, 4
100047BA |. F3:A5 rep movs dword ptr es:[edi], dword p>
100047BC |. 5E pop esi
100047BD |. C685 30FBFFFF>mov byte ptr [ebp-4D0], 6D
100047C4 |. C685 31FBFFFF>mov byte ptr [ebp-4CF], 6B
100047CB |. C685 32FBFFFF>mov byte ptr [ebp-4CE], 68
100047D2 |. C685 33FBFFFF>mov byte ptr [ebp-4CD], 29
100047D9 |. C685 34FBFFFF>mov byte ptr [ebp-4CC], 28
100047E0 |. C685 35FBFFFF>mov byte ptr [ebp-4CB], 36
100047E7 |. C685 36FBFFFF>mov byte ptr [ebp-4CA], 7C
100047EE |. C685 37FBFFFF>mov byte ptr [ebp-4C9], 74
100047F5 |. C685 38FBFFFF>mov byte ptr [ebp-4C8], 74
100047FC |. 33D2 xor edx, edx
100047FE |. 8D85 30FBFFFF lea eax, dword ptr [ebp-4D0]
10004804 |> 8030 18 /xor byte ptr [eax], 18
10004807 |. 42 |inc edx
10004808 |. 40 |inc eax
10004809 |. 83FA 09 |cmp edx, 9
1000480C |.^ 7C F6 \jl short 10004804 ; 又是个要的循环
1000480E |. 68 9F151010 push 1010159F ; rb
10004813 |. 8D8D 30FBFFFF lea ecx, dword ptr [ebp-4D0]
10004819 |. 51 push ecx
1000481A |. E8 11DE0D00 call 100E2630
1000481F |. 83C4 08 add esp, 8
10004822 |. 85C0 test eax, eax
10004824 |. 74 09 je short 1000482F ; 跳了
10004826 |. 50 push eax
10004827 |. E8 78DA0D00 call 100E22A4
1000482C |. 59 pop ecx
1000482D |. EB 15 jmp short 10004844 ; 上面跳这里步过
1000482F |> 6A 04 push 4
10004831 |. 8D45 C4 lea eax, dword ptr [ebp-3C]
10004834 |. 50 push eax
10004835 |. 81C6 04010000 add esi, 104
1000483B |. 56 push esi
1000483C |. E8 FFBC0D00 call 100E0540
10004841 |. 83C4 0C add esp, 0C
10004844 |> C605 19021010>mov byte ptr [10100219], 1
1000484B |. B2 01 mov dl, 1
1000484D |. 8B83 8C030000 mov eax, dword ptr [ebx+38C]
10004853 |. 8B08 mov ecx, dword ptr [eax]
10004855 |. FF51 68 call dword ptr [ecx+68]
10004858 |. B2 01 mov dl, 1
1000485A |. 8B83 98030000 mov eax, dword ptr [ebx+398]
10004860 |. 8B08 mov ecx, dword ptr [eax]
10004862 |. FF51 68 call dword ptr [ecx+68]
10004865 |. B2 01 mov dl, 1
10004867 |. 8B83 C0030000 mov eax, dword ptr [ebx+3C0]
1000486D |. 8B08 mov ecx, dword ptr [eax]
1000486F |. FF51 68 call dword ptr [ecx+68]
10004872 |. 33D2 xor edx, edx
10004874 |. 8B83 B0030000 mov eax, dword ptr [ebx+3B0]
1000487A |. 8B08 mov ecx, dword ptr [eax]
1000487C |. FF51 68 call dword ptr [ecx+68]
1000487F |. 33D2 xor edx, edx
10004881 |. 8B83 AC030000 mov eax, dword ptr [ebx+3AC]
10004887 |. 8B08 mov ecx, dword ptr [eax]
10004889 |. FF51 68 call dword ptr [ecx+68]
1000488C |. 803D 1A021010>cmp byte ptr [1010021A], 0
10004893 |. 75 3B jnz short 100048D0 ; 确实该没跳
10004895 |. E8 661C0000 call 10006500
1000489A |. 84C0 test al, al
1000489C |. 75 21 jnz short 100048BF ; 该跳
1000489E |. 6A 00 push 0
100048A0 |. 68 C7151010 push 101015C7 ; 提示
100048A5 |. 68 A2151010 push 101015A2 ; 文件错误或丢失,请检查或重新安装软件
100048AA |. 8BC3 mov eax, ebx
100048AC |. E8 97690800 call 1008B248
100048B1 |. 50 push eax ; |hOwner
100048B2 |. E8 0BA60F00 call <jmp.&USER32.MessageBoxA> ; \文件丢失或错误
100048B7 |. 6A 00 push 0
100048B9 |. E8 6A570E00 call 100EA028
100048BE |. 59 pop ecx
100048BF |> A1 D0F41110 mov eax, dword ptr [1011F4D0]
100048C4 |. E8 8F060200 call 10024F58
100048C9 |. C605 1A021010>mov byte ptr [1010021A], 1
100048D0 |> 68 CC151010 push 101015CC ; pyw,跳到这里,以上以下无未知对话
100048D5 |. 8D95 50FBFFFF lea edx, dword ptr [ebp-4B0]
100048DB |. 52 push edx
100048DC |. E8 24BF0D00 call 100E0805
100048E1 |. 83C4 08 add esp, 8
100048E4 |. 85C0 test eax, eax
100048E6 |. 74 59 je short 10004941 ; 跳
100048E8 |. 8D4D C0 lea ecx, dword ptr [ebp-40]
100048EB |. 51 push ecx ; /phToken
100048EC |. 6A 28 push 28 ; |DesiredAccess = TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES
100048EE |. E8 E39D0F00 call <jmp.&KERNEL32.GetCurrentProcess>; |[GetCurrentProcess
100048F3 |. 50 push eax ; |hProcess
100048F4 |. E8 1D9D0F00 call <jmp.&ADVAPI32.OpenProcessToken> ; \OpenProcessToken
100048F9 |. 8D85 24FBFFFF lea eax, dword ptr [ebp-4DC]
100048FF |. 50 push eax ; /pLocalId
10004900 |. 68 D0151010 push 101015D0 ; |seshutdownprivilege
10004905 |. 6A 00 push 0 ; |SystemName = NULL
10004907 |. E8 049D0F00 call <jmp.&ADVAPI32.LookupPrivilegeVa>; \LookupPrivilegeValueA
1000490C |. C785 20FBFFFF>mov dword ptr [ebp-4E0], 1
10004916 |. C785 2CFBFFFF>mov dword ptr [ebp-4D4], 2
10004920 |. 6A 00 push 0 ; /pRetLen = NULL
10004922 |. 6A 00 push 0 ; |pPrevState = NULL
10004924 |. 6A 00 push 0 ; |PrevStateSize = 0
10004926 |. 8D95 20FBFFFF lea edx, dword ptr [ebp-4E0] ; |
1000492C |. 52 push edx ; |pNewState
1000492D |. 6A 00 push 0 ; |DisableAllPrivileges = FALSE
1000492F |. 8B4D C0 mov ecx, dword ptr [ebp-40] ; |
10004932 |. 51 push ecx ; |hToken
10004933 |. E8 9C9C0F00 call <jmp.&ADVAPI32.AdjustTokenPrivil>; \AdjustTokenPrivileges
10004938 |. 6A 00 push 0 ; /Reserved = 0
1000493A |. 6A 05 push 5 ; |Options = EWX_SHUTDOWN|EWX_FORCE
1000493C |. E8 A7A30F00 call <jmp.&USER32.ExitWindowsEx> ; \ExitWindowsEx
10004941 |> 6A 00 push 0 ; 跳到这里
10004943 |. 8D85 50FBFFFF lea eax, dword ptr [ebp-4B0]
10004949 |. 68 E4151010 push 101015E4 ; 提示
1000494E |. 50 push eax
1000494F |. 8BC3 mov eax, ebx
10004951 |. E8 F2680800 call 1008B248
10004956 |. 50 push eax ; |hOwner
10004957 |. E8 66A50F00 call <jmp.&USER32.MessageBoxA> ; \不管对错,最后都调用此对话框
1000495C |. 8B55 D4 mov edx, dword ptr [ebp-2C]
1000495F |. 64:8915 00000>mov dword ptr fs:[0], edx
10004966 |> 5F pop edi
10004967 |. 5E pop esi
10004968 |. 5B pop ebx
10004969 |. 8BE5 mov esp, ebp
1000496B |. 5D pop ebp
1000496C \. C3 retn
以上的注释栏是我根据真实的注册账号所标示出来的,然后我用了个假号,把所有的跳转改成和真账号一样的,可还是不行,试问,这是什么原因,难道这类软件一定要用封包拦截的方法吗?
[ 本帖最后由 dbsx 于 2009-2-28 18:23 编辑 ] |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?加入我们
x
|
IP卡
发表于 2009-2-27 21:15:32
提升卡
置顶卡
变色卡
千斤顶
显身卡