申请ID：pro21ms4 【申请通过】

发表于 2012-8-20 09:38

1、申请 I D：pro21ms4
2、个人邮箱：pro21ms4@qq.com
3、自我简要介绍：好安静, 爱读书, 擅长汇编, c, c++
4、申请时间：2012年8月20日
5、备注:吾爱的技术氛围好像很不错, 希望能加入交流学习.请管理通过.

有2年没搞编程了, 作品就发这一周的东西.
一个QQ游戏的过保护和连连看外挂.和天龙的人物基址分析.

用CE找到血如下, 然后OD跟入.
血值=    631C5264
---------------------------------------------
0048FA4F - 8B 46 04- mov eax,
0048FA52 - 8B 4D 08- mov ecx,
0048FA55 - 89 88 1C240000- mov ,ecx <<<<<<<<<<<<<<
0048FA5B - 8B 0D 881B8700- mov ecx,
0048FA61 - 8B 11- mov edx,
------------------------------------------------
血值=
   =
   = [ + 0000241C]
0048FA4F|> \8B46 04    mov eax,dword ptr ds:          ;eax =    <<<<<<
0048FA52|.8B4D 08    mov ecx,dword ptr ss:
0048FA55|.8988 1C240000 mov dword ptr ds:,ecx       ;血= eax+241c    1 <<<<<<<<<<<<
--------------------------------------------------
血值=
   =
   = [ + 0000241C]
   =[ + 0000241C]
本地调用来自 005EBCDC
0048F9F0/$55          push ebp
0048F9F1|.8BEC       mov ebp,esp
0048F9F3|.56          push esi
0048F9F4|.8BF1       mov esi,ecx                            ;这里?
--------------------------------------------------------
血值=
   =
   = [ + 0000241C]
   =[ + 0000241C]
   =[ + 0000241C]
005EBCDA|.8BCF       mov ecx,edi                            ;edi
005EBCDC|.E8 0F3DEAFF call Game.0048F9F0                   ;掉血
--------------------------------------------------------------------
血值=
   =
   = [ + 0000241C]
   =[ + 0000241C]
   =[ + 0000241C]
   =[ [ +4] + 0000241C]
005EBC9D|.8BBB DC010000 mov edi,dword ptr ds:       ;edi = ebx+1dc 3
005EBCA3|.74 2B       je short Game.005EBCD0                ;从这里跳到下面
=============================
血值=
   =
   = [ + 0000241C]
   =[ + 0000241C]
   =[ + 0000241C]
   =[ [ +4] + 0000241C]
   =[ [ +4] + 0000241C]
005EBC8B|.8BD8       mov ebx,eax                            ;ebx = eax
eax=6DB7EC30, (ASCII "X2v")
ebx=7FF63428
===================================
================================
eax 一个地图一个值.
005EBC87|.50          push eax                               ;EAX=657a
005EBC88|.FF52 44    call dword ptr ds:
005EBC8B|.8BD8       mov ebx,eax                            ;eax=7319EC30, (ASCII "X2v")
005EBC87|.50          push eax                               ;eax=00004AA8
005EBC88|.FF52 44    call dword ptr ds:
005EBC8B|.8BD8       mov ebx,eax                            ;eax=71CFFA58, (ASCII "X2v")
005EBC87|.50          push eax                               ;eax=0000658B
005EBC88|.FF52 44    call dword ptr ds:
005EBC8B|.8BD8       mov ebx,eax                            ; eax=71CFFA58, (ASCII "X2v")
005EBC87|.50          push eax                               ;eax=00004AAE
005EBC88|.FF52 44    call dword ptr ds:
005EBC8B|.8BD8       mov ebx,eax                            ; eax=71CFF5A0, (ASCII "X2v")
================================
血值=
   =
   = [ + 0000241C]
   =[ + 0000241C]
   =[ + 0000241C]
   =[ [ +4] + 0000241C]
   =[ [ +4] + 0000241C]
   =[ [ [ +1dc]+4] + 0000241C]
00419F5A|> \8B40 10    mov eax,dword ptr ds:          ;eax = 4
00419F5D|.8BE5       mov esp,ebp
00419F5F|.5D          pop ebp
00419F60\.C2 0400    retn 4
--------------------------------------------
血值=
   =
   = [ + 0000241C]
   =[ + 0000241C]
   =[ + 0000241C]
   =[ [ +4] + 0000241C]
   =[ [ +4] + 0000241C]
   =[ [ [ +1dc]+4] + 0000241C]
   [ [ [ [ +10] +1dc]+4] + 0000241C]
00419F4A|.8B45 FC    mov eax,dword ptr ss:          ;eax =
00419F4D|.3BC1       cmp eax,ecx
00419F4F|.5E          pop esi
00419F50|.75 08       jnz short Game.00419F5A                ;跳
================================
血值=
   =
   = [ + 0000241C]
   =[ + 0000241C]
   =[ + 0000241C]
   =[ [ +4] + 0000241C]
   =[ [ +4] + 0000241C]
   =[ [ [ +1dc]+4] + 0000241C]
   [ [ [ [ +10] +1dc]+4] + 0000241C]
[ [ [ [ +10] +1dc]+4] + 0000241C]
00419F30/.55          push ebp
00419F31|.8BEC       mov ebp,esp                            ;ebp = esp
00419F33|.51          push ecx
==================================
===========================================
从TOP向下.
0070A554 .50          push eax                               ;top
0070A555 .51          push ecx
0070A556 .E8 0517EEFF call Game.005EBC60__________________
0070A55B .83C4 08    add esp,8                      |
0070A55E .C2 0400    retn 4                                        |
   |
   |
005EBC60/$55          push ebp                               ;一个超级大的call
005EBC61|.8BEC       mov ebp,esp
005EBC63|.83EC 08    sub esp,8
005EBC66|.A1 1C0E8700 mov eax,dword ptr ds:
005EBC6B|.3B05 380E8700 cmp eax,dword ptr ds:
005EBC71|.53          push ebx
005EBC72|.56          push esi
005EBC73|.0F85 A40B0000 jnz Game.005EC81D
005EBC79|.8B75 08    mov esi,dword ptr ss:
005EBC7C|.8B0D C04B8600 mov ecx,dword ptr ds:
005EBC82|.8B46 10    mov eax,dword ptr ds:
005EBC85|.8B11       mov edx,dword ptr ds:
005EBC87|.50          push eax                               ;EAX 一张地图一个值
005EBC88|.FF52 44    call dword ptr ds:
005EBC8B|.8BD8       mov ebx,eax                            ;ebx = eax
005EBC8D|.85DB       test ebx,ebx
005EBC8F|.895D F8    mov dword ptr ss:,ebx
005EBC92|.0F84 850B0000 je Game.005EC81D                      ;不跳
005EBC98|.F646 14 01 test byte ptr ds:,1
005EBC9C|.57          push edi
005EBC9D|.8BBB DC010000 mov edi,dword ptr ds:       ;edi = ebx+1dc 6EBACC40
005EBCA3|.74 2B       je short Game.005EBCD0                ;从这里跳到下面
005EBCA5|.8B46 28    mov eax,dword ptr ds:
005EBCA8|.50          push eax
005EBCA9|.8BCF       mov ecx,edi
005EBCAB|.E8 001BEAFF call Game.0048D7B0
005EBCB0|.8B0D C04B8600 mov ecx,dword ptr ds:
005EBCB6|.3B59 70    cmp ebx,dword ptr ds:
005EBCB9|.75 15       jnz short Game.005EBCD0
005EBCBB|.8B47 04    mov eax,dword ptr ds:
005EBCBE|.8B0D 780E8700 mov ecx,dword ptr ds:
005EBCC4|.8B40 64    mov eax,dword ptr ds:
005EBCC7|.8B11       mov edx,dword ptr ds:
005EBCC9|.50          push eax
005EBCCA|.FF92 BC000000 call dword ptr ds:
005EBCD0|>F646 14 02 test byte ptr ds:,2
005EBCD4|.74 0B       je short Game.005EBCE1                ;不跳
005EBCD6|.8B4E 30    mov ecx,dword ptr ds:
005EBCD9|.51          push ecx
005EBCDA|.8BCF       mov ecx,edi                            ;变血
005EBCDC|.E8 0F3DEAFF call Game.0048F9F0
005EBCE1|>F646 14 04 test byte ptr ds:,4
005EBCE5|.74 0B       je short Game.005EBCF2                ;跳
005EBCE7|.8B56 34    mov edx,dword ptr ds:
005EBCEA|.52          push edx
005EBCEB|.8BCF       mov ecx,edi                            ;变血
005EBCED|.E8 0E3EEAFF call Game.0048FB00
005EBCF2|>F646 14 08 test byte ptr ds:,8
005EBCF6|.74 0B       je short Game.005EBD03
005EBCF8|.8B46 2C    mov eax,dword ptr ds:
005EBCFB|.50          push eax
005EBCFC|.8BCF       mov ecx,edi                            ;变血

Hmily 发表于 2012-8-26 17:58

ID:pro21ms4
邮箱：pro21ms4@qq.com

申请通过,欢迎光临吾爱破解论坛,期待吾爱破解有你更加精彩,ID和密码自己通过邮件密码找回功能修改,请即时登陆并修改密码!
登陆后请在一周内在此帖报道，否则将删除ID信息

pro21ms4 发表于 2012-8-26 19:34

谢谢管理.
好好学习了.

页: [1]

吾爱破解 - 52pojie.cn's Archiver

申请ID：pro21ms4 【申请通过】