好友
阅读权限10
听众
最后登录1970-1-1
|
请问我有一个旧网游已经脱壳了,想用OD逆向解密网游客户端资料,
程序是delphi写的,主程序运行后,会调用文件(可是已经加密,不懂如何打开)如MRG和DAT档案
以下是朋友弄的,但到最后看不明白:
00405338 $ 85D2 test edx,edx ; ntdll.KiFastSystemCallRet
0040533A . 74 61 je short 1.0040539D
0040533C . 85C9 test ecx,ecx
0040533E .^ 0F84 34FDFFFF je 1.00405078
00405344 . 3B10 cmp edx,dword ptr ds:[eax]
00405346 . 74 5C je short 1.004053A4
00405348 . 3B08 cmp ecx,dword ptr ds:[eax]
0040534A . 74 0E je short 1.0040535A
0040534C . 50 push eax
0040534D . 51 push ecx
0040534E . E8 25FDFFFF call 1.00405078
00405353 . 5A pop edx ; kernel32.7C817067
00405354 . 58 pop eax ; kernel32.7C817067
00405355 .^ E9 9AFFFFFF jmp 1.004052F4
0040535A > 53 push ebx
0040535B . 56 push esi
0040535C . 57 push edi ; ntdll.7C930208
0040535D . 89D3 mov ebx,edx ; ntdll.KiFastSystemCallRet
0040535F . 89CE mov esi,ecx
00405361 . 50 push eax
00405362 . 8B43 FC mov eax,dword ptr ds:[ebx-0x4]
00405365 . 0346 FC add eax,dword ptr ds:[esi-0x4]
00405368 . E8 7BFDFFFF call 1.004050E8
0040536D . 89C7 mov edi,eax
0040536F . 89C2 mov edx,eax
00405371 . 89D8 mov eax,ebx
00405373 . 8B4B FC mov ecx,dword ptr ds:[ebx-0x4]
00405376 . E8 E1D6FFFF call 1.00402A5C
0040537B . 89FA mov edx,edi ; ntdll.7C930208
0040537D . 89F0 mov eax,esi
0040537F . 8B4E FC mov ecx,dword ptr ds:[esi-0x4]
00405382 . 0353 FC add edx,dword ptr ds:[ebx-0x4]
00405385 . E8 D2D6FFFF call 1.00402A5C
0040538A . 58 pop eax ; kernel32.7C817067
0040538B . 89FA mov edx,edi ; ntdll.7C930208
0040538D . 85FF test edi,edi ; ntdll.7C930208
0040538F . 74 03 je short 1.00405394
00405391 . FF4F F8 dec dword ptr ds:[edi-0x8]
00405394 > E8 DFFCFFFF call 1.00405078
00405399 . 5F pop edi ; kernel32.7C817067
0040539A . 5E pop esi ; kernel32.7C817067
0040539B . 5B pop ebx ; kernel32.7C817067
0040539C . C3 retn
我想要加密的方法跟解密的方法,求高手帮忙 |
|
发帖前要善用【论坛搜索】功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。 |
|
|
|
|
|
|
发表于 2019-8-4 01:52
|
发表于 2019-8-5 13:18
