吾爱破解2012CM大赛破文-zeif - 吾爱破解 - 52pojie.cn

AloneWolf 发表于 2012-5-4 14:25

吾爱破解2012CM大赛破文--zeif

今天看了下这个CrackMe,有点时间,简单的写一下破文.
此CrackMe有线程断点检测,而注册验证采用消息的方式,且消息ID采用RegisterWindowMessage函数获得,增加了一点隐蔽性
不过感觉算法有点怪怪的,且不知道是BUG,还是传说中的迷魂汤,用户名没有用到...

00401490 >/$60          pushad       //DLL入口函数,对EXE文件入口断点检测,返回为1就OK了
00401491|.9C          pushfd
00401492|.E8 00000000 call 00401497                      ;00401497
00401497|$58          pop eax
00401498|.05 E9110000 add eax, 11E9
0040149D|.33C9       xor ecx, ecx
0040149F|.90          nop
004014A0|.90          nop
004014A1|.90          nop
004014A2|.8BD8       mov ebx, eax
004014A4|.2D EB100000 sub eax, 10EB
004014A9|.8BD0       mov edx, eax
004014AB|.90          nop
004014AC|.90          nop
004014AD|>33C0       /xor eax, eax
004014AF|.8A0411    |mov al,
004014B2|.8A2419    |mov ah,
004014B5|.3AC4       |cmp al, ah
004014B7|.75 0E       |jnz short 004014C7                ;004014C7
004014B9|.41          |inc ecx
004014BA|.83F9 10    |cmp ecx, 10
004014BD|.^ 75 EE       \jnz short 004014AD                ;004014AD
004014BF|.9D          popfd
004014C0|.61          popad
004014C1|.33C0       xor eax, eax
004014C3|.40          inc eax
004014C4|.C2 0C00    retn 0C
004014C7|>90          nop
004014C8|.90          nop
004014C9|.90          nop
004014CA|.90          nop
004014CB\>- EB FE       jmp short 004014CB                ;004014CB

00401230    55          push ebp    //断点检测函数;直接改RETN
00401231|.8BEC       mov ebp, esp
00401233|.83EC 1C    sub esp, 1C
00401236|.53          push ebx
00401237|.56          push esi
00401238|.57          push edi
00401239|.FF15 1C904000 call                      ; [GetCurrentProcess
0040123F|.8945 FC    mov , eax
00401242|.6A 20       push 20                            ; /HeapSize = 20 (32.)
00401244|.6A 08       push 8                            ; |Flags = HEAP_ZERO_MEMORY
00401246|.FF15 88904000 call                      ; |[GetProcessHeap
0040124C|.50          push eax                            ; |hHeap
0040124D|.FF15 8C904000 call                      ; \HeapAlloc
00401253|.8945 F0    mov , eax
00401256|.C745 F4 00000>mov dword ptr , 0
0040125D|.C745 F8 00000>mov dword ptr , 0
00401264|>837D F8 11 /cmp dword ptr , 11
00401268|.0F8D C8000000 |jge 00401336                      ;00401336
0040126E|.8B45 F8    |mov eax,
00401271|.8B0D E0CD4000 |mov ecx,
00401277|.8B1481    |mov edx,
0040127A|.8955 E4    |mov , edx
0040127D|.C745 E8 00000>|mov dword ptr , 0
00401284|.8D45 E8    |lea eax,
00401287|.50          |push eax                         ; /pOldProtect
00401288|.6A 40       |push 40                            ; |NewProtect = PAGE_EXECUTE_READWRITE
0040128A|.6A 20       |push 20                            ; |Size = 20 (32.)
0040128C|.8B4D E4    |mov ecx,                ; |
0040128F|.83E9 0A    |sub ecx, 0A                      ; |
00401292|.51          |push ecx                         ; |Address
00401293|.FF15 90904000 |call                      ; \VirtualProtect
00401299|.8D55 E8    |lea edx,
0040129C|.52          |push edx                         ; /pBytesRead
0040129D|.6A 10       |push 10                            ; |BytesToRead = 10 (16.)
0040129F|.8B45 F0    |mov eax,                ; |
004012A2|.50          |push eax                         ; |Buffer
004012A3|.8B4D E4    |mov ecx,                ; |
004012A6|.83E9 0A    |sub ecx, 0A                      ; |
004012A9|.51          |push ecx                         ; |pBaseAddress
004012AA|.8B55 FC    |mov edx,                ; |
004012AD|.52          |push edx                         ; |hProcess
004012AE|.FF15 18904000 |call                      ; \ReadProcessMemory
004012B4|.FF15 14904000 |call                      ; [GetLastError
004012BA|.8945 EC    |mov , eax
004012BD|.837D EC 00 |cmp dword ptr , 0
004012C1|.75 0B       |jnz short 004012CE                ;004012CE
004012C3|.8B45 F0    |mov eax,
004012C6|.0FB648 01 |movzx ecx, byte ptr
004012CA|.85C9       |test ecx, ecx
004012CC|.75 19       |jnz short 004012E7                ;004012E7
004012CE|>8B55 F8    |mov edx,
004012D1|.A1 E0CD4000 |mov eax,
004012D6|.8B0C90    |mov ecx,
004012D9|.894D E4    |mov , ecx
004012DC|.8B55 E4    |mov edx,
004012DF|.83C2 01    |add edx, 1
004012E2|.8955 E4    |mov , edx
004012E5|.EB 0F       |jmp short 004012F6                ;004012F6
004012E7|>8B45 F0    |mov eax,
004012EA|.8945 E4    |mov , eax
004012ED|.8B4D E4    |mov ecx,
004012F0|.83C1 0B    |add ecx, 0B
004012F3|.894D E4    |mov , ecx
004012F6|>60          |pushad
004012F7|.9C          |pushfd
004012F8|.33C0       |xor eax, eax
004012FA|.33C9       |xor ecx, ecx
004012FC|.8B45 E4    |mov eax,
004012FF|>83EC 04    |/sub esp, 4
00401302|.890424    ||mov , eax
00401305|.3E:8A00    ||mov al,
00401308|.2C 66       ||sub al, 66
0040130A|.3C 66       ||cmp al, 66
0040130C|.75 10       ||jnz short 0040131E             ;0040131E
0040130E|.8BC4       ||mov eax, esp
00401310|.83C0 04    ||add eax, 4
00401313|.3E:8B00    ||mov eax,
00401316|.50          ||push eax
00401317|.B8 E0114000 ||mov eax, 4011E0
0040131C|.FFE0       ||jmp eax
0040131E|>58          ||pop eax
0040131F|.41          ||inc ecx
00401320|.48          ||dec eax
00401321|.83F9 0B    ||cmp ecx, 0B
00401324|.^ 75 D9       |\jnz short 004012FF             ;004012FF
00401326|.9D          |popfd
00401327|.61          |popad
00401328|.8B55 F8    |mov edx,
0040132B|.83C2 01    |add edx, 1
0040132E|.8955 F8    |mov , edx
00401331|.^ E9 2EFFFFFF \jmp 00401264                      ;00401264
00401336|>8B45 F0    mov eax,
00401339|.50          push eax                            ; /pMemory
0040133A|.6A 01       push 1                            ; |Flags = HEAP_NO_SERIALIZE
0040133C|.FF15 88904000 call                      ; |[GetProcessHeap
00401342|.50          push eax                            ; |hHeap
00401343|.FF15 48904000 call                      ; \HeapFree
00401349|.32C0       xor al, al
0040134B|.5F          pop edi
0040134C|.5E          pop esi
0040134D|.5B          pop ebx
0040134E|.8BE5       mov esp, ebp
00401350|.5D          pop ebp
00401351\.C3          retn

00402040|> \3D 11010000 cmp eax, 111    //按下注册按钮,开始取输入数据
00402045|.^ 0F85 9FFEFFFF jnz 00401EEA                      ;00401EEA
0040204B|.81FF E9030000 cmp edi, 3E9                      ;Case 111 (WM_COMMAND) of switch 00401E55
00402051|.0F85 B2000000 jnz 00402109                      ;00402109
00402057|.8B15 F0CD4000 mov edx,
0040205D|.68 00040000 push 400
00402062|.6A 00       push 0
00402064|.52          push edx
00402065|.E8 06040000 call 00402470                      //清Buffer
0040206A|.8B35 64914000 mov esi,                ;USER32.GetDlgItem
00402070|.68 EA030000 push 3EA
00402075|.6A 02       push 2
00402077|.56          push esi
00402078|.E8 13F7FFFF call 00401790                      //取用户名控件(帽似有BUG?少个主窗口句柄??取不到控件???
0040207D|.8B0D F0CD4000 mov ecx,
00402083|.8B3D 68914000 mov edi,                ;USER32.GetWindowTextA
00402089|.68 00040000 push 400
0040208E|.51          push ecx
0040208F|.50          push eax
00402090|.6A 03       push 3
00402092|.57          push edi
00402093|.E8 F8F6FFFF call 00401790                      //取用户名文本
00402098|.8B15 F4CD4000 mov edx,
0040209E|.68 00040000 push 400
004020A3|.6A 00       push 0
004020A5|.52          push edx
004020A6|.E8 C5030000 call 00402470                      //清Buffer
004020AB|.8B5D 08    mov ebx,
004020AE|.68 EC030000 push 3EC
004020B3|.53          push ebx
004020B4|.6A 02       push 2
004020B6|.56          push esi
004020B7|.E8 D4F6FFFF call 00401790                      //取注册码控件
004020BC|.8B0D F4CD4000 mov ecx,
004020C2|.83C4 48    add esp, 48
004020C5|.68 00040000 push 400
004020CA|.51          push ecx
004020CB|.50          push eax
004020CC|.6A 03       push 3
004020CE|.57          push edi
004020CF|.E8 BCF6FFFF call 00401790                      //取注册码文本
004020D4|.8B15 F0CD4000 mov edx,                ; |
004020DA|.A1 F4CD4000 mov eax,                ; |
004020DF|.0FB70D 00C040>movzx ecx, word ptr       ; |
004020E6|.52          push edx                            ; |Arg6 => 005D0978
004020E7|.8B15 6C914000 mov edx,                ; |USER32.PostMessageA
004020ED|.50          push eax                            ; |Arg5 => 005D0D80
004020EE|.51          push ecx                            ; |Arg4
004020EF|.53          push ebx                            ; |Arg3
004020F0|.6A 04       push 4                            ; |Arg2 = 00000004
004020F2|.52          push edx                            ; |Arg1 => 76BF3BAA
004020F3|.E8 88F9FFFF call 00401A80                      //发送已输入消息
004020F8|.83C4 2C    add esp, 2C
004020FB|.5F          pop edi
004020FC|.5E          pop esi
004020FD|.B8 01000000 mov eax, 1
00402102|.5B          pop ebx
00402103|.8BE5       mov esp, ebp
00402105|.5D          pop ebp
00402106|.C2 1000    retn 10

00401EEA|>0FB70D 00C040>movzx ecx, word ptr //收到已输入消息,开始计算
00401EF1|. |3BC1       cmp eax, ecx
00401EF3|. |0F85 85020000 jnz 0040217E                      ;0040217E
00401EF9|. |68 00080000 push 800
00401EFE|. |8D95 9CF7FFFF lea edx,
00401F04|. |6A 00       push 0
00401F06|. |52          push edx
00401F07|. |E8 64050000 call 00402470                      //清Buffer
00401F0C|. |A1 F0CD4000 mov eax,
00401F11|. |8B1D 28904000 mov ebx,                ;kernel32.lstrcatA
00401F17|. |83C4 0C    add esp, 0C
00401F1A|. |50          push eax                            ; /StringToAdd => ""
00401F1B|. |8D8D 9CF7FFFF lea ecx,                ; |
00401F21|. |51          push ecx                            ; |ConcatString
00401F22|. |FFD3       call ebx                            ; \lstrcatA
00401F24|. |8B15 F4CD4000 mov edx,
00401F2A|. |52          push edx                            ; /StringToAdd => "JustDoYouBest"
00401F2B|. |8D85 9CF7FFFF lea eax,                ; |
00401F31|. |50          push eax                            ; |ConcatString
00401F32|. |FFD3       call ebx                            ; \lstrcatA
00401F34|. |8D8D 9CF7FFFF lea ecx, //Buffer = 用户名 + 注册码
00401F3A|. |51          push ecx                            ; /Arg1
00401F3B|. |E8 20F4FFFF call 00401360                      //调用计算函数,传入用户名 + 注册码
00401F40|. |83C4 04    add esp, 4
00401F43|. |3D 2C131512 cmp eax, 1215132C //结果为0x1215132C则成功
00401F48|. |0F85 C6010000 jnz 00402114                      ;00402114
00401F4E|. |8B15 40924000 mov edx,
00401F54|. |A1 44924000 mov eax,
00401F59|. |8A0D 48924000 mov cl,
00401F5F|. |2B7D 14    sub edi,
00401F62|. |8955 F4    mov , edx
00401F65|. |8945 F8    mov , eax
00401F68|. |0FBED2    movsx edx, dl
00401F6B|. |8D45 F4    lea eax,
00401F6E|. |50          push eax
00401F6F|. |884D FC    mov , cl
00401F72|. |8B0D 58914000 mov ecx,                ;USER32.RegisterWindowMessageA
00401F78|. |33FA       xor edi, edx
00401F7A|. |6A 01       push 1
00401F7C|. |81F7 66660000 xor edi, 6666
00401F82|. |51          push ecx
00401F83|. |897D F4    mov , edi
00401F86|. |E8 05F8FFFF call 00401790                      //注册成功消息ID
00401F8B|. |03C7       add eax, edi
00401F8D|. |6A 00       push 0
00401F8F|. |66:A3 04C0400>mov , ax
00401F95|. |57          push edi
00401F96|. |E9 C0010000 jmp 0040215B                      ;0040215B
0040215B|> \0FB7D0    movzx edx, ax                      ; |
0040215E|.A1 6C914000 mov eax,                ; |
00402163|.52          push edx                            ; |Arg4
00402164|.56          push esi                            ; |Arg3
00402165|.6A 04       push 4                            ; |Arg2 = 00000004
00402167|.50          push eax                            ; |Arg1 => 76BF3BAA
00402168|.E8 13F9FFFF call 00401A80                      //发送注册成功消息
0040216D|.83C4 24    add esp, 24
00402170|.5F          pop edi
00402171|.5E          pop esi
00402172|.B8 01000000 mov eax, 1
00402177|.5B          pop ebx
00402178|.8BE5       mov esp, ebp
0040217A|.5D          pop ebp
0040217B|.C2 1000    retn 10

0040217E|> \0FB70D 04C040>movzx ecx, word ptr //收到注册成功消息
00402185|.3BC1       cmp eax, ecx
00402187|.75 5E       jnz short 004021E7                ;004021E7
00402189|.6A 10       push 10                            ; /HeapSize = 10 (16.)
0040218B|.6A 08       push 8                            ; |Flags = HEAP_ZERO_MEMORY
0040218D|.BE D9E8A2CC mov esi, CCA2E8D9                ; |
00402192|.BF ACE7A688 mov edi, 88A6E7AC                ; |
00402197|.33DB       xor ebx, ebx                      ; |
00402199|.FF15 88904000 call                      ; |[GetProcessHeap
0040219F|.50          push eax                            ; |hHeap
004021A0|.FF15 8C904000 call                      ; \HeapAlloc
004021A6|.8B55 EC    mov edx,
004021A9|.53          push ebx
004021AA|.8930       mov , esi
004021AC|.68 1E924000 push 40921E
004021B1|.8978 04    mov , edi
004021B4|.50          push eax
004021B5|.8958 08    mov , ebx
004021B8|.53          push ebx
004021B9|.8950 0C    mov , edx
004021BC|.E8 FFF3FFFF call 004015C0                      //成功字串解码
004021C1|.53          push ebx                            ; |Arg8
004021C2|.53          push ebx                            ; |Arg7
004021C3|.50          push eax                            ; |Arg6
004021C4|.A1 2C904000 mov eax,                ; |
004021C9|.68 90104000 push 401090                         ; |Arg5 = 00401090
004021CE|.53          push ebx                            ; |Arg4
004021CF|.53          push ebx                            ; |Arg3
004021D0|.6A 06       push 6                            ; |Arg2 = 00000006
004021D2|.50          push eax                            ; |Arg1 => 74F434A5
004021D3|.E8 B8F5FFFF call 00401790                      //显示字串
004021D8|.83C4 30    add esp, 30
004021DB|.5F          pop edi
004021DC|.5E          pop esi
004021DD|.8D43 01    lea eax,
004021E0|.5B          pop ebx
004021E1|.8BE5       mov esp, ebp
004021E3|.5D          pop ebp
004021E4|.C2 1000    retn 10
004015C0/$55          push ebp    //解码串函数
004015C1|.8BEC       mov ebp, esp
004015C3|.81EC 00080000 sub esp, 800
004015C9|.53          push ebx
004015CA|.56          push esi
004015CB|.57          push edi
004015CC|.8B3D 88904000 mov edi,                ;kernel32.GetProcessHeap
004015D2|.6A 08       push 8                            ; /HeapSize = 8
004015D4|.6A 08       push 8                            ; |Flags = HEAP_ZERO_MEMORY
004015D6|.FFD7       call edi                            ; |[GetProcessHeap
004015D8|.8B1D 8C904000 mov ebx,                ; |ntdll.RtlAllocateHeap
004015DE|.50          push eax                            ; |hHeap
004015DF|.FFD3       call ebx                            ; \HeapAlloc
004015E1|.6A 10       push 10                            ; /HeapSize = 10 (16.)
004015E3|.8BF0       mov esi, eax                      ; |
004015E5|.6A 08       push 8                            ; |Flags = HEAP_ZERO_MEMORY
004015E7|.C706 04000000 mov dword ptr , 4             ; |
004015ED|.FFD7       call edi                            ; |[GetProcessHeap
004015EF|.50          push eax                            ; |hHeap
004015F0|.FFD3       call ebx                            ; \HeapAlloc
004015F2|.8B4D 08    mov ecx,
004015F5|.8B7D 0C    mov edi,
004015F8|.8946 04    mov , eax
004015FB|.8908       mov , ecx
004015FD|.8B56 04    mov edx,
00401600|.8B4D 10    mov ecx,
00401603|.897A 04    mov , edi
00401606|.8B46 04    mov eax,
00401609|.8948 08    mov , ecx
0040160C|.8B56 04    mov edx,
0040160F|.8B45 14    mov eax,
00401612|.68 00080000 push 800
00401617|.8D8D 00F8FFFF lea ecx,
0040161D|.6A 00       push 0
0040161F|.51          push ecx
00401620|.8942 0C    mov , eax
00401623|.E8 480E0000 call 00402470                      //清Buffer
00401628|.8B15 F4CD4000 mov edx,
0040162E|.8B1D 28904000 mov ebx,                ;kernel32.lstrcatA
00401634|.83C4 0C    add esp, 0C
00401637|.52          push edx                            ; /StringToAdd => "JustDoYouBest"
00401638|.8D85 00F8FFFF lea eax,                ; |
0040163E|.50          push eax                            ; |ConcatString
0040163F|.FFD3       call ebx                            ; \lstrcatA
00401641|.8B0D F0CD4000 mov ecx,
00401647|.51          push ecx                            ; /StringToAdd => ""
00401648|.8D95 00F8FFFF lea edx,                ; |
0040164E|.52          push edx                            ; |ConcatString
0040164F|.FFD3       call ebx                            ; \lstrcatA
00401651|.8D85 00F8FFFF lea eax, //Buffer = 注册码 + 用户名
00401657|.50          push eax                            ; /Arg1
00401658|.E8 03FDFFFF call 00401360                      //调用计算函数
0040165D|.83C4 04    add esp, 4
00401660|.3D 2C131512 cmp eax, 1215132C //计算正确否
00401665|.75 07       jnz short 0040166E                ;0040166E
00401667|.B8 1F2E1F2E mov eax, 2E1F2E1F //正确则装载解密的KEY
0040166C|.EB 0F       jmp short 0040167D                ;0040167D
0040166E|>8D8D 00F8FFFF lea ecx,
00401674|.51          push ecx                            ; /Arg1
00401675|.E8 E6FCFFFF call 00401360                      ; \CrackMe.00401360
0040167A|.83C4 04    add esp, 4
0040167D|>33D2       xor edx, edx
0040167F|.3917       cmp , edx
00401681|.74 0E       je    short 00401691                ;00401691
00401683|.8BCF       mov ecx, edi
00401685|>3101       /xor , eax    //XOR 解密
00401687|.42          |inc edx
00401688|.833C97 00 |cmp dword ptr , 0
0040168C|.8D0C97    |lea ecx,
0040168F|.^ 75 F4       \jnz short 00401685                ;00401685
00401691|>5F          pop edi
00401692|.8BC6       mov eax, esi
00401694|.5E          pop esi
00401695|.5B          pop ebx
00401696|.8BE5       mov esp, ebp
00401698|.5D          pop ebp
00401699\.C3          retn

00401360/$55          push ebp    //计算函数
00401361|.8BEC       mov ebp, esp
00401363|.57          push edi
00401364|.8B7D 08    mov edi,
00401367|.8BC7       mov eax, edi
00401369|.8D50 01    lea edx,
0040136C|.8D6424 00 lea esp,
00401370|>8A08       /mov cl,
00401372|.40          |inc eax
00401373|.84C9       |test cl, cl
00401375|.^ 75 F9       \jnz short 00401370                //取串长度
00401377|.2BC2       sub eax, edx
00401379|.83F8 04    cmp eax, 4
0040137C|.73 05       jnb short 00401383                //要大于等于4
0040137E|.33C0       xor eax, eax
00401380|.5F          pop edi
00401381|.5D          pop ebp
00401382|.C3          retn
00401383|>807F 04 00 cmp byte ptr , 0 //从第四个开始
00401387|.8D4F 04    lea ecx,
0040138A|.BA 66666666 mov edx, 66666666 //初值
0040138F|.74 0E       je    short 0040139F                ;0040139F
00401391|.56          push esi
00401392|.8B37       mov esi,    //取前四个
00401394|.8BC1       mov eax, ecx
00401396|>40          /inc eax
00401397|.33D6       |xor edx, esi
00401399|.8038 00    |cmp byte ptr , 0 //多一个字符就多XOR一次,也就是说串长为单数结果就是0x66666666 XOR 前四个字符,双就是0x66666666
0040139C|.^ 75 F8       \jnz short 00401396                ;00401396
0040139E|.5E          pop esi
0040139F|>8915 E4CD4000 mov , edx //保存结果
004013A5|.8A11       mov dl,
004013A7|.84D2       test dl, dl
004013A9|.74 0B       je    short 004013B6                ;004013B6
004013AB|.8BC1       mov eax, ecx
004013AD|.8D49 00    lea ecx,
004013B0|>40          /inc eax
004013B1|.8038 00    |cmp byte ptr , 0
004013B4|.^ 75 FA       \jnz short 004013B0                ;004013B0
004013B6|>B8 66666666 mov eax, 66666666
004013BB|.84D2       test dl, dl
004013BD|.74 0A       je    short 004013C9                ;004013C9
004013BF|.8B17       mov edx,
004013C1|>41          /inc ecx
004013C2|.33C2       |xor eax, edx
004013C4|.8039 00    |cmp byte ptr , 0 //同前面一样
004013C7|.^ 75 F8       \jnz short 004013C1                ;004013C1
004013C9|>5F          pop edi
004013CA|.5D          pop ebp
004013CB\.C3          retn

由以上分析不难看出,由于没有取到用户名,所以注册成功否与用户名无关
注册码需满足:前四个字母 XOR 0x66666666 == 0x1215132C 且长度为单数就可注册成功
而 0x66666666 XOR 0x1215132C = 0x7473754A 即 Just 开头的长度为单的串都可以作为注册码

不过对于那个DLL偶有点迷惑,DLL文件入口已超出了ImageSize也还可以正常加载?
还请高人指点一下...

小明无敌 发表于 2012-5-4 14:30

谁能给我解释一下这是啥。
看不懂啊

Dangzki 发表于 2012-5-4 16:24

补充一点，这个样本创建了一个线程，使用了GetThreadContext和SetThreadContext，将CONTEXT.Dr0 ~ Dr7 几个调试寄存器进行清零，反调试。

.text:004019F0             push ebp
.text:004019F1             mov ebp, esp
.text:004019F3             sub esp, 2CCh
.text:004019F9             push esi
.text:004019FA             call ds:GetCurrentThread
.text:00401A00             mov ecx, ds:GetThreadContext
.text:00401A06             mov esi, eax
.text:00401A08             lea eax,
.text:00401A0E             push eax
.text:00401A0F             push esi
.text:00401A10             push 2
.text:00401A12             push ecx
.text:00401A13             call Call_API_    ; GetThreadContext
.text:00401A18             add esp, 10h
.text:00401A1B             test eax, eax
.text:00401A1D             jnz short loc_401A26
.text:00401A1F             mov al, 1
.text:00401A21             pop esi
.text:00401A22             mov esp, ebp
.text:00401A24             pop ebp
.text:00401A25             retn
.text:00401A26 ; ---------------------------------------------------------------------------
.text:00401A26
.text:00401A26 loc_401A26:                         ; CODE XREF: Clean_Debug_Reg+2Dj
.text:00401A26             xor eax, eax
.text:00401A28             lea edx,
.text:00401A2E             push edx
.text:00401A2F             push esi
.text:00401A30             mov , eax
.text:00401A36             mov , eax
.text:00401A3C             mov , eax
.text:00401A42             mov , eax
.text:00401A48             mov , eax
.text:00401A4E             mov , eax
.text:00401A54             mov , eax
.text:00401A5A             mov , eax
.text:00401A60             mov eax, ds:SetThreadContext
.text:00401A65             push 2
.text:00401A67             push eax
.text:00401A68             call Call_API_    ; SetThreadContext
.text:00401A6D             add esp, 10h
.text:00401A70             xor al, al
.text:00401A72             pop esi
.text:00401A73             mov esp, ebp
.text:00401A75             pop ebp
.text:00401A76             retn
.text:00401A76 Clean_Debug_Reg endp

zeif 发表于 2012-5-4 20:33

膜拜大牛

291196966 发表于 2012-5-4 20:41

膜拜大师

Dangzki 发表于 2012-5-4 21:38

zeif 发表于 2012-5-4 20:33 static/image/common/back.gif
膜拜大牛

膜拜CM作者

热火朝天 发表于 2012-5-4 22:09

请问能不能给出CM的下载地址？想跟着大牛学习一下

AloneWolf 发表于 2012-5-7 17:58

热火朝天发表于 2012-5-4 22:09 static/image/common/back.gif
请问能不能给出CM的下载地址？想跟着大牛学习一下

http://down.52pojie.cn/2012CM/

Hoe 发表于 2012-7-16 14:50

大牛。

页: [1]

吾爱破解 - 52pojie.cn's Archiver

吾爱破解2012CM大赛破文--zeif