一个程序的网络验证
本帖最后由 xujidejia 于 2020-7-1 14:55 编辑尝试破解一个64位的CAD的arx程序,是网络验证程序,我修改前面的跳转到了提示用户登录成功的位置,成功运行后,但是程序并没有被加载,大神支支招,看从哪里可以入手?
,0000000031046170 | 40:57 | push rdi |
0000000031046172 | 48:83EC 30 | sub rsp,30 |
0000000031046176 | BA 01000000 | mov edx,1 |
000000003104617B | 48:8BF9 | mov rdi,rcx |
000000003104617E | E8 67B0F7FF | call eicad4_sys2010_x64.30FC11EA |
0000000031046183 | 83F8 01 | cmp eax,1 |
0000000031046186 | 0F85 9D020000 | jne eicad4_sys2010_x64.31046429 |
000000003104618C | 83BF 88070000 00 | cmp dword ptr ds:,0 |
0000000031046193 | 48:895C24 40 | mov qword ptr ss:,rbx |
0000000031046198 | 75 28 | jne eicad4_sys2010_x64.310461C2 |
000000003104619A | 48:8D15 BF860200 | lea rdx,qword ptr ds: |
00000000310461A1 | 48:8D0D D07B0600 | lea rcx,qword ptr ds: | 00000000310ADD78:&L"12345678912"
00000000310461A8 | FF15 D2C70700 | call qword ptr ds:[<&Ordinal#783>] |
00000000310461AE | 48:8D15 AB860200 | lea rdx,qword ptr ds: |
00000000310461B5 | 48:8D0D C47B0600 | lea rcx,qword ptr ds: | 00000000310ADD80:&L"123456789"
00000000310461BC | FF15 BEC70700 | call qword ptr ds:[<&Ordinal#783>] |
00000000310461C2 | 48:8D15 97860200 | lea rdx,qword ptr ds: |
00000000310461C9 | 48:8D8F 58070000 | lea rcx,qword ptr ds: |
00000000310461D0 | FF15 72C30700 | call qword ptr ds:[<&Ordinal#1512>] |
00000000310461D6 | 85C0 | test eax,eax |
00000000310461D8 | 0F84 46020000 | je eicad4_sys2010_x64.31046424 |
00000000310461DE | 48:8D8F 58070000 | lea rcx,qword ptr ds: |
00000000310461E5 | 48:897424 48 | mov qword ptr ss:,rsi |
00000000310461EA | FF15 48C30700 | call qword ptr ds:[<&Ordinal#889>] |
00000000310461F0 | 48:8BC8 | mov rcx,rax |
00000000310461F3 | FF15 B7980700 | call qword ptr ds:[<&?SetRootUrl@DnnClo |
00000000310461F9 | 48:8D15 F8C20300 | lea rdx,qword ptr ds: | 00000000310824F8:L"SOFTWARE\\中心\\CloudSettings"
0000000031046200 | 48:8D0D 497B0600 | lea rcx,qword ptr ds:[<&??_7edvCloudInf |
0000000031046207 | E8 16BC0000 | call <JMP.&?WriteCloudInfoToReg@edvClou |
000000003104620C | 83BF 68070000 01 | cmp dword ptr ds:,1 |
0000000031046213 | 0F85 C8000000 | jne eicad4_sys2010_x64.310462E1 |
0000000031046219 | 48:8D15 40860200 | lea rdx,qword ptr ds: |
0000000031046220 | 48:8D8F 60070000 | lea rcx,qword ptr ds: |
0000000031046227 | FF15 1BC30700 | call qword ptr ds:[<&Ordinal#1512>] |
000000003104622D | 85C0 | test eax,eax |
000000003104622F | 0F84 AC000000 | je eicad4_sys2010_x64.310462E1 |
0000000031046235 | 8B97 98070000 | mov edx,dword ptr ds: |
000000003104623B | 48:8BCF | mov rcx,rdi |
000000003104623E | E8 A2BEF7FF | call eicad4_sys2010_x64.30FC20E5 |
0000000031046243 | 48:8D8F 60070000 | lea rcx,qword ptr ds: |
000000003104624A | 8BD8 | mov ebx,eax |
000000003104624C | FF15 E6C20700 | call qword ptr ds:[<&Ordinal#889>] |
0000000031046252 | 0FB797 6C070000 | movzx edx,word ptr ds: |
0000000031046259 | 4C:8D0D 00860200 | lea r9,qword ptr ds: |
0000000031046260 | 4C:8D05 F9850200 | lea r8,qword ptr ds: |
0000000031046267 | 48:8BC8 | mov rcx,rax |
000000003104626A | 895C24 20 | mov dword ptr ss:,ebx |
000000003104626E | FF15 4C980700 | call qword ptr ds:[<&?SetProxy@DnnCloud |
0000000031046274 | 83F8 01 | cmp eax,1 |
0000000031046277 | 0F84 98000000 | je eicad4_sys2010_x64.31046315 |
000000003104627D | 48:8D15 54C50300 | lea rdx,qword ptr ds: | 00000000310827D8:L"设置代{过}{滤}理服务器失败!\n\n"
0000000031046284 | 48:8D0D BD7A0600 | lea rcx,qword ptr ds: |
000000003104628B | FF15 EFC60700 | call qword ptr ds:[<&Ordinal#783>] |
0000000031046291 | FF15 69980700 | call qword ptr ds:[<&?GetErrorString@Dn |
0000000031046297 | 48:8D15 76980200 | lea rdx,qword ptr ds: | 000000003106FB14:L"%s"
000000003104629E | 48:8D0D A37A0600 | lea rcx,qword ptr ds: |
00000000310462A5 | 4C:8BC0 | mov r8,rax |
00000000310462A8 | FF15 5ABF0700 | call qword ptr ds:[<&Ordinal#1287>] |
00000000310462AE | 48:8D0D 8B7A0600 | lea rcx,qword ptr ds: | 00000000310ADD40:&L"云设置"
00000000310462B5 | FF15 7DC20700 | call qword ptr ds:[<&Ordinal#889>] |
00000000310462BB | 48:8D0D 867A0600 | lea rcx,qword ptr ds: |
00000000310462C2 | 48:8BD8 | mov rbx,rax |
00000000310462C5 | FF15 6DC20700 | call qword ptr ds:[<&Ordinal#889>] |
00000000310462CB | 41:B9 40000000 | mov r9d,40 | 40:'@'
00000000310462D1 | 4C:8BC3 | mov r8,rbx |
00000000310462D4 | 48:8BCF | mov rcx,rdi |
00000000310462D7 | 48:8BD0 | mov rdx,rax |
00000000310462DA | E8 3BC00000 | call <JMP.&Ordinal#4211> |
00000000310462DF | EB 34 | jmp eicad4_sys2010_x64.31046315 |
00000000310462E1 | 8B97 98070000 | mov edx,dword ptr ds: |
00000000310462E7 | 48:8BCF | mov rcx,rdi |
00000000310462EA | E8 F6BDF7FF | call eicad4_sys2010_x64.30FC20E5 |
00000000310462EF | 0FB797 6C070000 | movzx edx,word ptr ds: |
00000000310462F6 | 4C:8D0D 63850200 | lea r9,qword ptr ds: |
00000000310462FD | 4C:8D05 5C850200 | lea r8,qword ptr ds: |
0000000031046304 | 48:8D0D 55850200 | lea rcx,qword ptr ds: |
000000003104630B | 894424 20 | mov dword ptr ss:,eax |
000000003104630F | FF15 AB970700 | call qword ptr ds:[<&?SetProxy@DnnCloud |
0000000031046315 | 48:8BCF | mov rcx,rdi |
0000000031046318 | E8 C1C20000 | call <JMP.&Ordinal#1335> |
000000003104631D | FF15 D5970700 | call qword ptr ds:[<&?Initialize@DnnClo |
0000000031046323 | 48:8B7424 48 | mov rsi,qword ptr ss: |
0000000031046328 | 83F8 01 | cmp eax,1 |
000000003104632B | 74 11 | je eicad4_sys2010_x64.3104633E |
000000003104632D | 48:8BCF | mov rcx,rdi |
0000000031046330 | E8 A3C20000 | call <JMP.&Ordinal#2230> |
0000000031046335 | 48:8D15 84C40300 | lea rdx,qword ptr ds: | 00000000310827C0:L"初始化失败!\n\n"
000000003104633C | EB 44 | jmp eicad4_sys2010_x64.31046382 |
000000003104633E | 48:8D8F 80070000 | lea rcx,qword ptr ds: |
0000000031046345 | FF15 EDC10700 | call qword ptr ds:[<&Ordinal#889>] |
000000003104634B | 48:8D8F 78070000 | lea rcx,qword ptr ds: |
0000000031046352 | 48:8BD8 | mov rbx,rax |
0000000031046355 | FF15 DDC10700 | call qword ptr ds:[<&Ordinal#889>] |
000000003104635B | 4C:8D05 FE840200 | lea r8,qword ptr ds: |
0000000031046362 | 48:8BC8 | mov rcx,rax |
0000000031046365 | 48:8BD3 | mov rdx,rbx |
0000000031046368 | FF15 82970700 | call qword ptr ds:[<&?Login@DnnCloud@@Y |
000000003104636E | 83F8 01 | cmp eax,1 |
0000000031046371 | EB 74 | jmp eicad4_sys2010_x64.310463E7 |
0000000031046373 | 48:8BCF | mov rcx,rdi |
0000000031046376 | E8 5DC20000 | call <JMP.&Ordinal#2230> |
000000003104637B | 48:8D15 26C40300 | lea rdx,qword ptr ds: | 00000000310827A8:L"用户登录失败!\n\n"
0000000031046382 | 48:8D0D BF790600 | lea rcx,qword ptr ds: |
0000000031046389 | FF15 F1C50700 | call qword ptr ds:[<&Ordinal#783>] |
000000003104638F | FF15 6B970700 | call qword ptr ds:[<&?GetErrorString@Dn |
0000000031046395 | 48:8D15 78970200 | lea rdx,qword ptr ds: | 000000003106FB14:L"%s"
000000003104639C | 48:8D0D A5790600 | lea rcx,qword ptr ds: |
00000000310463A3 | 4C:8BC0 | mov r8,rax |
00000000310463A6 | FF15 5CBE0700 | call qword ptr ds:[<&Ordinal#1287>] |
00000000310463AC | 48:8D0D 8D790600 | lea rcx,qword ptr ds: | 00000000310ADD40:&L"云设置"
00000000310463B3 | FF15 7FC10700 | call qword ptr ds:[<&Ordinal#889>] |
00000000310463B9 | 48:8D0D 88790600 | lea rcx,qword ptr ds: |
00000000310463C0 | 48:8BD8 | mov rbx,rax |
00000000310463C3 | FF15 6FC10700 | call qword ptr ds:[<&Ordinal#889>] |
00000000310463C9 | 41:B9 40000000 | mov r9d,40 | 40:'@'
00000000310463CF | 4C:8BC3 | mov r8,rbx |
00000000310463D2 | 48:8BCF | mov rcx,rdi |
00000000310463D5 | 48:8BD0 | mov rdx,rax |
00000000310463D8 | 48:8B5C24 40 | mov rbx,qword ptr ss: |
00000000310463DD | 48:83C4 30 | add rsp,30 |
00000000310463E1 | 5F | pop rdi |
00000000310463E2 | E9 33BF0000 | jmp <JMP.&Ordinal#4211> |
00000000310463E7 | FF15 FB960700 | call qword ptr ds:[<&?GetUserCode@DnnCl |
00000000310463ED | 48:8D0D BC6B0600 | lea rcx,qword ptr ds: |
00000000310463F4 | 0FB7D0 | movzx edx,ax |
00000000310463F7 | 66:8905 026C0600 | mov word ptr ds:,ax |
00000000310463FE | E8 25BA0000 | call <JMP.&?WriteSoftwareType@edvApplic |
0000000031046403 | 48:8BCF | mov rcx,rdi |
0000000031046406 | E8 CDC10000 | call <JMP.&Ordinal#2230> |
000000003104640B | 48:8D0D 7EC30300 | lea rcx,qword ptr ds: | 0000000031082790:L"\n用户登录成功."
0000000031046412 | E8 DBD20000 | call <JMP.&acutPrintf> |
0000000031046417 | 4C:8B1F | mov r11,qword ptr ds: |
000000003104641A | 48:8BCF | mov rcx,rdi |
000000003104641D | 41:FF93 C0020000 | call qword ptr ds: |
0000000031046424 | 48:8B5C24 40 | mov rbx,qword ptr ss: |
0000000031046429 | 48:83C4 30 | add rsp,30 |
000000003104642D | 5F | pop rdi |
000000003104642E | C3 | ret |
下面这个是用正确密码登录成功后的代码
0000000031046170 | 40:57 | push rdi |
0000000031046172 | 48:83EC 30 | sub rsp,30 |
0000000031046176 | BA 01000000 | mov edx,1 |
000000003104617B | 48:8BF9 | mov rdi,rcx | rcx:L"\n用户登录成功."
000000003104617E | E8 67B0F7FF | call eicad4_sys2010_x64.30FC11EA |
0000000031046183 | 83F8 01 | cmp eax,1 |
0000000031046186 | 0F85 9D020000 | jne eicad4_sys2010_x64.31046429 |
000000003104618C | 83BF 88070000 00 | cmp dword ptr ds:,0 |
0000000031046193 | 48:895C24 40 | mov qword ptr ss:,rbx |
0000000031046198 | 75 28 | jne eicad4_sys2010_x64.310461C2 |
000000003104619A | 48:8D15 BF860200 | lea rdx,qword ptr ds: |
00000000310461A1 | 48:8D0D D07B0600 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功.", 00000000310ADD78:&L"12345678912"�成功."
00000000310461A8 | FF15 D2C70700 | call qword ptr ds:[<&Ordinal#783>] |
00000000310461AE | 48:8D15 AB860200 | lea rdx,qword ptr ds: |
00000000310461B5 | 48:8D0D C47B0600 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功.", 00000000310ADD80:&L"123456789"录成功."
00000000310461BC | FF15 BEC70700 | call qword ptr ds:[<&Ordinal#783>] |
00000000310461C2 | 48:8D15 97860200 | lea rdx,qword ptr ds: |
00000000310461C9 | 48:8D8F 58070000 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功.", :L"http://47.103.84.153/dnncloud101"
00000000310461D0 | FF15 72C30700 | call qword ptr ds:[<&Ordinal#1512>] |
00000000310461D6 | 85C0 | test eax,eax |
00000000310461D8 | 0F84 46020000 | je eicad4_sys2010_x64.31046424 |
00000000310461DE | 48:8D8F 58070000 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功.", :L"http://47.103.84.153/dnncloud101"
00000000310461E5 | 48:897424 48 | mov qword ptr ss:,rsi |
00000000310461EA | FF15 48C30700 | call qword ptr ds:[<&Ordinal#889>] |
00000000310461F0 | 48:8BC8 | mov rcx,rax | rcx:L"\n用户登录成功."
00000000310461F3 | FF15 B7980700 | call qword ptr ds:[<&?SetRootUrl@DnnClo |
00000000310461F9 | 48:8D15 F8C20300 | lea rdx,qword ptr ds: | 00000000310824F8:L"SOFTWARE\\技术\\CloudSettings"
0000000031046200 | 48:8D0D 497B0600 | lea rcx,qword ptr ds:[<&??_7edvCloudInf | rcx:L"\n用户登录成功."
0000000031046207 | E8 16BC0000 | call <JMP.&?WriteCloudInfoToReg@edvClou |
000000003104620C | 83BF 68070000 01 | cmp dword ptr ds:,1 |
0000000031046213 | 0F85 C8000000 | jne eicad4_sys2010_x64.310462E1 |
0000000031046219 | 48:8D15 40860200 | lea rdx,qword ptr ds: |
0000000031046220 | 48:8D8F 60070000 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功."
0000000031046227 | FF15 1BC30700 | call qword ptr ds:[<&Ordinal#1512>] |
000000003104622D | 85C0 | test eax,eax |
000000003104622F | 0F84 AC000000 | je eicad4_sys2010_x64.310462E1 |
0000000031046235 | 8B97 98070000 | mov edx,dword ptr ds: |
000000003104623B | 48:8BCF | mov rcx,rdi | rcx:L"\n用户登录成功."
000000003104623E | E8 A2BEF7FF | call eicad4_sys2010_x64.30FC20E5 |
0000000031046243 | 48:8D8F 60070000 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功."
000000003104624A | 8BD8 | mov ebx,eax | ebx:L"123456789"
000000003104624C | FF15 E6C20700 | call qword ptr ds:[<&Ordinal#889>] |
0000000031046252 | 0FB797 6C070000 | movzx edx,word ptr ds: |
0000000031046259 | 4C:8D0D 00860200 | lea r9,qword ptr ds: |
0000000031046260 | 4C:8D05 F9850200 | lea r8,qword ptr ds: |
0000000031046267 | 48:8BC8 | mov rcx,rax | rcx:L"\n用户登录成功."
000000003104626A | 895C24 20 | mov dword ptr ss:,ebx |
000000003104626E | FF15 4C980700 | call qword ptr ds:[<&?SetProxy@DnnCloud |
0000000031046274 | 83F8 01 | cmp eax,1 |
0000000031046277 | 0F84 98000000 | je eicad4_sys2010_x64.31046315 |
000000003104627D | 48:8D15 54C50300 | lea rdx,qword ptr ds: | 00000000310827D8:L"设置代{过}{滤}理服务器失败!\n\n"
0000000031046284 | 48:8D0D BD7A0600 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功."
000000003104628B | FF15 EFC60700 | call qword ptr ds:[<&Ordinal#783>] |
0000000031046291 | FF15 69980700 | call qword ptr ds:[<&?GetErrorString@Dn |
0000000031046297 | 48:8D15 76980200 | lea rdx,qword ptr ds: | 000000003106FB14:L"%s"
000000003104629E | 48:8D0D A37A0600 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功."
00000000310462A5 | 4C:8BC0 | mov r8,rax |
00000000310462A8 | FF15 5ABF0700 | call qword ptr ds:[<&Ordinal#1287>] |
00000000310462AE | 48:8D0D 8B7A0600 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功.", 00000000310ADD40:&L"云设置"�成功."
00000000310462B5 | FF15 7DC20700 | call qword ptr ds:[<&Ordinal#889>] |
00000000310462BB | 48:8D0D 867A0600 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功."
00000000310462C2 | 48:8BD8 | mov rbx,rax | rbx:L"123456789"
00000000310462C5 | FF15 6DC20700 | call qword ptr ds:[<&Ordinal#889>] |
00000000310462CB | 41:B9 40000000 | mov r9d,40 | 40:'@'
00000000310462D1 | 4C:8BC3 | mov r8,rbx | rbx:L"123456789"
00000000310462D4 | 48:8BCF | mov rcx,rdi | rcx:L"\n用户登录成功."
00000000310462D7 | 48:8BD0 | mov rdx,rax |
00000000310462DA | E8 3BC00000 | call <JMP.&Ordinal#4211> |
00000000310462DF | EB 34 | jmp eicad4_sys2010_x64.31046315 |
00000000310462E1 | 8B97 98070000 | mov edx,dword ptr ds: |
00000000310462E7 | 48:8BCF | mov rcx,rdi | rcx:L"\n用户登录成功."
00000000310462EA | E8 F6BDF7FF | call eicad4_sys2010_x64.30FC20E5 |
00000000310462EF | 0FB797 6C070000 | movzx edx,word ptr ds: |
00000000310462F6 | 4C:8D0D 63850200 | lea r9,qword ptr ds: |
00000000310462FD | 4C:8D05 5C850200 | lea r8,qword ptr ds: |
0000000031046304 | 48:8D0D 55850200 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功."
000000003104630B | 894424 20 | mov dword ptr ss:,eax |
000000003104630F | FF15 AB970700 | call qword ptr ds:[<&?SetProxy@DnnCloud |
0000000031046315 | 48:8BCF | mov rcx,rdi | rcx:L"\n用户登录成功."
0000000031046318 | E8 C1C20000 | call <JMP.&Ordinal#1335> |
000000003104631D | FF15 D5970700 | call qword ptr ds:[<&?Initialize@DnnClo |
0000000031046323 | 48:8B7424 48 | mov rsi,qword ptr ss: |
0000000031046328 | 83F8 01 | cmp eax,1 |
000000003104632B | 74 11 | je eicad4_sys2010_x64.3104633E |
000000003104632D | 48:8BCF | mov rcx,rdi | rcx:L"\n用户登录成功."
0000000031046330 | E8 A3C20000 | call <JMP.&Ordinal#2230> |
0000000031046335 | 48:8D15 84C40300 | lea rdx,qword ptr ds: | 00000000310827C0:L"初始化失败!\n\n"
000000003104633C | EB 44 | jmp eicad4_sys2010_x64.31046382 |
000000003104633E | 48:8D8F 80070000 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功.", :L"123456789"�录成功."
0000000031046345 | FF15 EDC10700 | call qword ptr ds:[<&Ordinal#889>] |
000000003104634B | 48:8D8F 78070000 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功.", :L"12345678912"��成功."
0000000031046352 | 48:8BD8 | mov rbx,rax | rbx:L"123456789"
0000000031046355 | FF15 DDC10700 | call qword ptr ds:[<&Ordinal#889>] |
000000003104635B | 4C:8D05 FE840200 | lea r8,qword ptr ds: |
0000000031046362 | 48:8BC8 | mov rcx,rax | rcx:L"\n用户登录成功."
0000000031046365 | 48:8BD3 | mov rdx,rbx | rbx:L"123456789"
0000000031046368 | FF15 82970700 | call qword ptr ds:[<&?Login@DnnCloud@@Y |
000000003104636E | 83F8 01 | cmp eax,1 |
0000000031046371 | EB 74 | jmp eicad4_sys2010_x64.310463E7 |
0000000031046373 | 48:8BCF | mov rcx,rdi | rcx:L"\n用户登录成功."
0000000031046376 | E8 5DC20000 | call <JMP.&Ordinal#2230> |
000000003104637B | 48:8D15 26C40300 | lea rdx,qword ptr ds: | 00000000310827A8:L"用户登录失败!\n\n"
0000000031046382 | 48:8D0D BF790600 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功."
0000000031046389 | FF15 F1C50700 | call qword ptr ds:[<&Ordinal#783>] |
000000003104638F | FF15 6B970700 | call qword ptr ds:[<&?GetErrorString@Dn |
0000000031046395 | 48:8D15 78970200 | lea rdx,qword ptr ds: | 000000003106FB14:L"%s"
000000003104639C | 48:8D0D A5790600 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功."
00000000310463A3 | 4C:8BC0 | mov r8,rax |
00000000310463A6 | FF15 5CBE0700 | call qword ptr ds:[<&Ordinal#1287>] |
00000000310463AC | 48:8D0D 8D790600 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功.", 00000000310ADD40:&L"云设置"�成功."
00000000310463B3 | FF15 7FC10700 | call qword ptr ds:[<&Ordinal#889>] |
00000000310463B9 | 48:8D0D 88790600 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功."
00000000310463C0 | 48:8BD8 | mov rbx,rax | rbx:L"123456789"
00000000310463C3 | FF15 6FC10700 | call qword ptr ds:[<&Ordinal#889>] |
00000000310463C9 | 41:B9 40000000 | mov r9d,40 | 40:'@'
00000000310463CF | 4C:8BC3 | mov r8,rbx | rbx:L"123456789"
00000000310463D2 | 48:8BCF | mov rcx,rdi | rcx:L"\n用户登录成功."
00000000310463D5 | 48:8BD0 | mov rdx,rax |
00000000310463D8 | 48:8B5C24 40 | mov rbx,qword ptr ss: |
00000000310463DD | 48:83C4 30 | add rsp,30 |
00000000310463E1 | 5F | pop rdi |
00000000310463E2 | E9 33BF0000 | jmp <JMP.&Ordinal#4211> |
00000000310463E7 | FF15 FB960700 | call qword ptr ds:[<&?GetUserCode@DnnCl |
00000000310463ED | 48:8D0D BC6B0600 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功."
00000000310463F4 | 0FB7D0 | movzx edx,ax |
00000000310463F7 | 66:8905 026C0600 | mov word ptr ds:,ax |
00000000310463FE | E8 25BA0000 | call <JMP.&?WriteSoftwareType@edvApplic |
0000000031046403 | 48:8BCF | mov rcx,rdi | rcx:L"\n用户登录成功."
0000000031046406 | E8 CDC10000 | call <JMP.&Ordinal#2230> |
000000003104640B | 48:8D0D 7EC30300 | lea rcx,qword ptr ds: | rcx:L"\n用户登录成功.", 0000000031082790:L"\n用户登录成功."
0000000031046412 | E8 DBD20000 | call <JMP.&acutPrintf> |
0000000031046417 | 4C:8B1F | mov r11,qword ptr ds: |
000000003104641A | 48:8BCF | mov rcx,rdi | rcx:L"\n用户登录成功."
000000003104641D | 41:FF93 C0020000 | call qword ptr ds: |
0000000031046424 | 48:8B5C24 40 | mov rbx,qword ptr ss: |
0000000031046429 | 48:83C4 30 | add rsp,30 |
000000003104642D | 5F | pop rdi |
000000003104642E | C3 | ret | 764043470 发表于 2020-7-1 15:10
查查是不是把加载的也跳过了
我感觉是,但是我又一步一步试,没头绪{:1_937:} 一步一步试,可能关键部位也跳了 如果成果麻烦分享一下方法,我也需要使用,哈哈哈哈
页:
[1]