- UID
- 75645
注册时间2014-5-13
阅读权限20
最后登录1970-1-1
以武会友
 
该用户从未签到
|
本帖最后由 空道 于 2014-10-16 12:08 编辑
可将Android 系统整个文件系统镜像出来(类似于 WinHex磁盘拷贝操作) 通过此工具浏览,支持删除文件恢复
顺便Patch了下, 下面是 破解笔记
00409967 /74 59 je short 004099C2 ; 除去提示框
00418ABC 8178 18 00000>cmp dword ptr [eax+18], 40000 ; 这里比较文件大小
00418AC3 0F87 D9000000 ja 00418BA2 ; 如果文件大于0x4000就跳转,这里不能跳 ,可以直接NOP掉
00415F6C |. 3D 00000400 cmp eax, 40000 ; 又一处比较, 这里也不能跳
00415F71 0F87 8F000000 ja 00416006 ; 将这个跳转NOP掉
00415F77 |> 0BC1 or eax, ecx
00416441 |. 817E 18 00000400 cmp dword ptr ds:[esi+18], 40000
00416448 EB 48 jmp short rdrext23.00416492
004164CE |. 817E 18 00000400 cmp dword ptr ds:[esi+18], 40000
004164D5 90 nop
004164D6 90 nop
004164D7 90 nop
004164D8 90 nop
004164D9 90 nop
004164DA 90 nop
004164DB |> 8B45 08 mov eax, dword ptr ss:[ebp+8]
004163DD |. 83E8 02 sub eax, 2
004163E0 |. 74 52 je short rdrext23.00416434 ; y
00404F9E B8 01000000 mov eax, 1
00404FA3 A3 80726B00 mov dword ptr ds:[6B7280], eax ;关键变量让软件显示已注册
00404FA8 |. 885D FC mov byte ptr ss:[ebp-4], bl
///这里是原始代码
004F73EC |. 81FE 00000C00 cmp esi, 0C0000 ; 这里是关键点了, 我们将这里的代码进行Path掉
004F73F2 |. 76 0F jbe short 004F7403
004F73F4 |> BE 00000C00 mov esi, 0C0000
004F73F9 |. C785 ECFFF3FF>mov dword ptr [ebp+FFF3FFEC], 0
004F7403 |> 8B07 mov eax, dword ptr [edi]
004F7405 |. 8B50 08 mov edx, dword ptr [eax+8]
004F7408 |. 6A 00 push 0
004F740A |. 6A 00 push 0
004F740C |. 8BCF mov ecx, edi
004F740E |. FFD2 call edx
004F7410 |. 8B07 mov eax, dword ptr [edi]
004F7412 |. 8B50 0C mov edx, dword ptr [eax+C]
004F7415 |. 56 push esi ; 数据长度
004F7416 |. 8D8D F0FFF3FF lea ecx, dword ptr [ebp+FFF3FFF0]
004F741C |. 51 push ecx ; 数据
004F741D |. 8BCF mov ecx, edi
004F741F |. FFD2 call edx ; read
004F7421 |. 33C9 xor ecx, ecx
004F7423 |. 3BC6 cmp eax, esi
004F7425 |.^ 0F85 44FFFFFF jnz 004F736F
004F742B |. 3B8D ECFFF3FF cmp ecx, dword ptr [ebp+FFF3FFEC]
004F7431 |.^ 0F85 38FFFFFF jnz 004F736F
004F7437 |. 8B03 mov eax, dword ptr [ebx]
004F7439 |. 8B50 14 mov edx, dword ptr [eax+14]
004F743C |. 51 push ecx
004F743D |. 51 push ecx
004F743E |. 8BCB mov ecx, ebx
004F7440 |. FFD2 call edx
004F7442 |. 8B03 mov eax, dword ptr [ebx]
004F7444 |. 8B50 10 mov edx, dword ptr [eax+10]
004F7447 |. 56 push esi
004F7448 |. 8D8D F0FFF3FF lea ecx, dword ptr [ebp+FFF3FFF0]
004F744E |. 51 push ecx
004F744F |. 8BCB mov ecx, ebx
004F7451 |. FFD2 call edx ; WriteFIle
004F7453 |. 0FB6C0 movzx eax, al
004F7456 |. F7D8 neg eax
004F7458 |. 1BC0 sbb eax, eax
004F745A |. 83E0 FC and eax, FFFFFFFC
004F745D |. 83C0 04 add eax, 4
004F7460 |. EB 05 jmp short 004F7467
004F7462 |> B8 01000000 mov eax, 1
004F7467 |> 8B4D F4 mov ecx, dword ptr [ebp-C]
004F746A |. 64:890D 00000>mov dword ptr fs:[0], ecx
004F7471 |. 59 pop ecx
004F7472 |. 5F pop edi
004F7473 |. 5E pop esi
004F7474 |. 8B4D F0 mov ecx, dword ptr [ebp-10]
004F7477 |. 33CD xor ecx, ebp
004F7479 |. E8 CC97FAFF call 004A0C4A
004F747E |. 8BE5 mov esp, ebp
004F7480 |. 5D pop ebp
004F7481 \. C3 retn
//Patch代码
004F73EC |. 6A 04 push 4
004F73EE |. 68 00300000 push 3000
004F73F3 |. 50 push eax
004F73F4 |> 6A 00 push 0 ; |Address = NULL
004F73F6 |. FF15 E8205300 call dword ptr [<&KERNEL32.VirtualAll>; \VirtualAlloc
004F73FC |. 50 push eax
004F73FD |. 8B07 mov eax, dword ptr [edi]
004F73FF |. 8B50 08 mov edx, dword ptr [eax+8]
004F7402 |. 6A 00 push 0
004F7404 |. 6A 00 push 0
004F7406 |. 8BCF mov ecx, edi
004F7408 |. FFD2 call edx
004F740A |. 8B07 mov eax, dword ptr [edi]
004F740C |. 8B50 0C mov edx, dword ptr [eax+C]
004F740F |. 59 pop ecx
004F7410 |. 51 push ecx
004F7411 |. 56 push esi
004F7412 |. 51 push ecx
004F7413 |. 8BCF mov ecx, edi
004F7415 |. FFD2 call edx
004F7417 |. 33C9 xor ecx, ecx
004F7419 |. 3BC6 cmp eax, esi
004F741B |.^ 0F85 4EFFFFFF jnz 004F736F
004F7421 |. 3B8D ECFFF3FF cmp ecx, dword ptr [ebp+FFF3FFEC]
004F7427 |.^ 0F85 42FFFFFF jnz 004F736F
004F742D |. 8B03 mov eax, dword ptr [ebx]
004F742F |. 8B50 14 mov edx, dword ptr [eax+14]
004F7432 |. 51 push ecx
004F7433 |. 51 push ecx
004F7434 |. 8BCB mov ecx, ebx
004F7436 |. FFD2 call edx
004F7438 |. 8B03 mov eax, dword ptr [ebx]
004F743A |. 8B50 10 mov edx, dword ptr [eax+10]
004F743D |. 59 pop ecx
004F743E |. 51 push ecx
004F743F |. 56 push esi
004F7440 |. 51 push ecx
004F7441 |. 8BCB mov ecx, ebx
004F7443 |. FFD2 call edx
004F7445 |. 0FB6C0 movzx eax, al
004F7448 |. F7D8 neg eax
004F744A |. 1BC0 sbb eax, eax
004F744C |. 59 pop ecx
004F744D |. 68 00800000 push 8000 ; /FreeType = MEM_RELEASE
004F7452 |. 6A 00 push 0 ; |Size = 0
004F7454 |. 51 push ecx ; |Address
004F7455 |. FF15 E4205300 call dword ptr [<&KERNEL32.VirtualFre>; \VirtualFree
004F745B |. 33C0 xor eax, eax
004F745D |. 90 nop
004F745E |. 90 nop
004F745F |. 90 nop
004F7460 |. EB 05 jmp short 004F7467
004F7462 |> B8 01000000 mov eax, 1
004F7467 |> 8B4D F4 mov ecx, dword ptr [ebp-C]
004F746A |. 64:890D 00000>mov dword ptr fs:[0], ecx
004F7471 |. 59 pop ecx
004F7472 |. 5F pop edi
004F7473 |. 5E pop esi
004F7474 |. 8B4D F0 mov ecx, dword ptr [ebp-10]
004F7477 |. 33CD xor ecx, ebp
004F7479 |. E8 CC97FAFF call 004A0C4A
004F747E |. 8BE5 mov esp, ebp
004F7480 |. 5D pop ebp
004F7481 \. C3 retn
下载地址:
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?加入我们
x
评分
-
查看全部评分
|
IP卡
发表于 2014-8-14 23:00:32
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2014-8-14 23:47:36
发表于 2014-8-15 09:31:01
感谢楼主的分享
发表于 2015-1-7 22:18:00