官方bilibiliWindows破解入门Android逆向入门
【网络诊断修复工具】切换到窄版

吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

吾爱破解 - 52pojie.cn»网站 【 软件安全 】 『脱壳破解区』 『脱壳破解讨论求助区』 AL=2注册版,何时改?最佳时机与定位技法讨论学习探讨交 ...
返回列表 发新帖
查看: 1137|回复: 0
收起左侧

[求助] AL=2注册版,何时改?最佳时机与定位技法讨论学习探讨交流大会

[复制链接]
冥界3大法王
冥界3大法王 发表于 2021-12-21 14:07
来,各位道友,请作答吧。;要是你的话,哪行(里)去修改?为什么? 科学依据是什么?
可有更高效的方法 或 技巧 ?
[Asm] 纯文本查看 复制代码
00007FF6B4984370      | 48:895C24 18             | mov qword ptr ss:[rsp+18],rbx         |
00007FF6B4984375      | 55                       | push rbp                              |
00007FF6B4984376      | 56                       | push rsi                              |
00007FF6B4984377      | 57                       | push rdi                              |
00007FF6B4984378      | 48:8DAC24 40F0FFFF       | lea rbp,qword ptr ss:[rsp-FC0]        |
00007FF6B4984380      | B8 C0100000              | mov eax,10C0                          |
00007FF6B4984385      | E8 F6851100              | call <filelocatorpro.sub_7FF6B4A9C980 |
00007FF6B498438A      | 48:2BE0                  | sub rsp,rax                           | rax:EntryPoint
00007FF6B498438D      | 48:8B05 8C9C3800         | mov rax,qword ptr ds:[7FF6B4D0E020]   | rax:EntryPoint
00007FF6B4984394      | 48:33C4                  | xor rax,rsp                           | rax:EntryPoint
00007FF6B4984397      | 48:8985 B00F0000         | mov qword ptr ss:[rbp+FB0],rax        | rax:EntryPoint
00007FF6B498439E      | 48:8BDA                  | mov rbx,rdx                           | rdx:EntryPoint
00007FF6B49843A1      | 48:8BF9                  | mov rdi,rcx                           |
00007FF6B49843A4      | 0F57C0                   | xorps xmm0,xmm0                       |
00007FF6B49843A7      | F3:0F7F4424 20           | movdqu xmmword ptr ss:[rsp+20],xmm0   |
00007FF6B49843AD      | 33F6                     | xor esi,esi                           |
00007FF6B49843AF      | 48:897424 30             | mov qword ptr ss:[rsp+30],rsi         | [rsp+30]:RtlUserThreadStart+21
00007FF6B49843B4      | 48:8D5424 20             | lea rdx,qword ptr ss:[rsp+20]         | rdx:EntryPoint
00007FF6B49843B9      | E8 92010000              | call <filelocatorpro.sub_7FF6B4984550 |
00007FF6B49843BE      | 85C0                     | test eax,eax                          |
00007FF6B49843C0      | 0F88 2C010000            | js7FF6B49844F2        |
00007FF6B49843C6      | 48:897424 50             | mov qword ptr ss:[rsp+50],rsi         |
00007FF6B49843CB      | 48:897424 58             | mov qword ptr ss:[rsp+58],rsi         |
00007FF6B49843D0      | 48:897424 50             | mov qword ptr ss:[rsp+50],rsi         |
00007FF6B49843D5      | 48:C74424 58 07000000    | mov qword ptr ss:[rsp+58],7           |
00007FF6B49843DE      | 66:897424 40             | mov word ptr ss:[rsp+40],si           |
00007FF6B49843E3      | 44:8D46 13               | lea r8d,qword ptr ds:[rsi+13]         |
00007FF6B49843E7      | 48:8D15 9A362500         | lea rdx,qword ptr ds:[7FF6B4BD7A88]   | rdx:EntryPoint, 00007FF6B4BD7A88:L"InstallationOptions"
00007FF6B49843EE      | 48:8D4C24 40             | lea rcx,qword ptr ss:[rsp+40]         |
00007FF6B49843F3      | E8 C8FDFEFF              | call7FF6B49741C0      |
00007FF6B49843F8      | 90                       | nop                                   |
00007FF6B49843F9      | 48:8B4F 58               | mov rcx,qword ptr ds:[rdi+58]         |
00007FF6B49843FD      | 48:8B01                  | mov rax,qword ptr ds:[rcx]            | rax:EntryPoint
00007FF6B4984400      | 48:8D57 08               | lea rdx,qword ptr ds:[rdi+8]          | rdx:EntryPoint
00007FF6B4984404      | 45:33C9                  | xor r9d,r9d                           |
00007FF6B4984407      | 4C:8D4424 40             | lea r8,qword ptr ss:[rsp+40]          |
00007FF6B498440C      | FF90 F0000000            | call qword ptr ds:[rax+F0]            | rax+F0:sub_7FF6B4A95EB4+64
00007FF6B4984412      | 48:894424 38             | mov qword ptr ss:[rsp+38],rax         | rax:EntryPoint
00007FF6B4984417      | 48:8B5424 58             | mov rdx,qword ptr ss:[rsp+58]         | rdx:EntryPoint
00007FF6B498441C      | 48:83FA 08               | cmp rdx,8                             | rdx:EntryPoint
00007FF6B4984420      | 72 12                    | jb7FF6B4984434        |
00007FF6B4984422      | 48:8D1455 02000000       | lea rdx,qword ptr ds:[rdx*2+2]        | rdx:EntryPoint
00007FF6B498442A      | 48:8B4C24 40             | mov rcx,qword ptr ss:[rsp+40]         |
00007FF6B498442F      | E8 0C00FFFF              | call7FF6B4974440      |
00007FF6B4984434      | 48:897424 50             | mov qword ptr ss:[rsp+50],rsi         |
00007FF6B4984439      | 48:C74424 58 07000000    | mov qword ptr ss:[rsp+58],7           |
00007FF6B4984442      | 66:897424 40             | mov word ptr ss:[rsp+40],si           |
00007FF6B4984447      | 48:837C24 38 00          | cmp qword ptr ss:[rsp+38],0           |
00007FF6B498444D      | 0F84 9F000000            | je7FF6B49844F2        |
00007FF6B4984453      | 48:8D3D 06352500         | lea rdi,qword ptr ds:[<&sub_7FF6B498D |
00007FF6B498445A      | 48:897C24 40             | mov qword ptr ss:[rsp+40],rdi         |
00007FF6B498445F      | 8B4424 28                | mov eax,dword ptr ss:[rsp+28]         |
00007FF6B4984463      | 48:8B5424 20             | mov rdx,qword ptr ss:[rsp+20]         | rdx:EntryPoint
00007FF6B4984468      | 2BC2                     | sub eax,edx                           |
00007FF6B498446A      | 0F57C0                   | xorps xmm0,xmm0                       |
00007FF6B498446D      | 0F114424 48              | movups xmmword ptr ss:[rsp+48],xmm0   |
00007FF6B4984472      | C64424 58 01             | mov byte ptr ss:[rsp+58],1            |
00007FF6B4984477      | B9 10000000              | mov ecx,10                            |
00007FF6B498447C      | 3BC1                     | cmp eax,ecx                           |
00007FF6B498447E      | 0F4FC1                   | cmovg eax,ecx                         |
00007FF6B4984481      | 4C:63C0                  | movsxd r8,eax                         |
00007FF6B4984484      | 48:8D4C24 48             | lea rcx,qword ptr ss:[rsp+48]         |
00007FF6B4984489      | E8 1D861100              | call <JMP.&memmove>                   |
00007FF6B498448E      | C64424 58 00             | mov byte ptr ss:[rsp+58],0            |
00007FF6B4984493      | 48:8D4C24 60             | lea rcx,qword ptr ss:[rsp+60]         |
00007FF6B4984498      | E8 73890200              | call <filelocatorpro.sub_7FF6B49ACE10 |
00007FF6B498449D      | 90                       | nop                                   |
00007FF6B498449E      | 48:8D5424 40             | lea rdx,qword ptr ss:[rsp+40]         | rdx:EntryPoint
00007FF6B49844A3      | 48:8D4C24 60             | lea rcx,qword ptr ss:[rsp+60]         |
00007FF6B49844A8      | E8 537D0200              | call <filelocatorpro.sub_7FF6B49AC200 |
00007FF6B49844AD      | 48:8D5424 38             | lea rdx,qword ptr ss:[rsp+38]         | rdx:EntryPoint
00007FF6B49844B2      | 48:8D4C24 60             | lea rcx,qword ptr ss:[rsp+60]         |
00007FF6B49844B7      | E8 548B0200              | call <filelocatorpro.sub_7FF6B49AD010 |
00007FF6B49844BC      | 48:8B4424 38             | mov rax,qword ptr ss:[rsp+38]         | rax:EntryPoint
00007FF6B49844C1      | 48:A9 0000FFFF           | test rax,FFFFFFFFFFFF0000             | rax:EntryPoint
00007FF6B49844C7      | 75 19                    | jne7FF6B49844E2       |
00007FF6B49844C9      | 25 FF030000              | and eax,3FF                              | 
00007FF6B49844CE      | 8903                     | mov dword ptr ds:[rbx],eax            |
00007FF6B49844D0      | 48:8D4C24 60             | lea rcx,qword ptr ss:[rsp+60]         |
00007FF6B49844D5      | E8 56890200              | call <filelocatorpro.sub_7FF6B49ACE30 | 与注册码有关
00007FF6B49844DA      | 90                       | nop                                   |
00007FF6B49844DB      | 48:897C24 40             | mov qword ptr ss:[rsp+40],rdi         |
00007FF6B49844E0      | EB 16                    | jmp7FF6B49844F8       |
00007FF6B49844E2      | 48:8D4C24 60             | lea rcx,qword ptr ss:[rsp+60]         |
00007FF6B49844E7      | E8 44890200              | call <filelocatorpro.sub_7FF6B49ACE30 | 与注册码有关
00007FF6B49844EC      | 90                       | nop                                   |
00007FF6B49844ED      | 48:897C24 40             | mov qword ptr ss:[rsp+40],rdi         |
00007FF6B49844F2      | C703 00020000            | mov dword ptr ds:[rbx],200            |
00007FF6B49844F8      | 48:8B4C24 20             | mov rcx,qword ptr ss:[rsp+20]         |
00007FF6B49844FD      | 48:85C9                  | test rcx,rcx                          |
00007FF6B4984500      | 74 1B                    | je7FF6B498451D        |
00007FF6B4984502      | 48:8B5424 30             | mov rdx,qword ptr ss:[rsp+30]         | rdx:EntryPoint, [rsp+30]:RtlUserThreadStart+21
00007FF6B4984507      | 48:2BD1                  | sub rdx,rcx                           | rdx:EntryPoint
00007FF6B498450A      | E8 31FFFEFF              | call7FF6B4974440      |
00007FF6B498450F      | 0F57C0                   | xorps xmm0,xmm0                       |
00007FF6B4984512      | 48:897424 30             | mov qword ptr ss:[rsp+30],rsi         | [rsp+30]:RtlUserThreadStart+21
00007FF6B4984517      | F3:0F7F4424 20           | movdqu xmmword ptr ss:[rsp+20],xmm0   |
00007FF6B498451D      | 48:8BC3                  | mov rax,rbx                           | rax:EntryPoint
00007FF6B4984520      | 48:8B8D B00F0000         | mov rcx,qword ptr ss:[rbp+FB0]        |
00007FF6B4984527      | 48:33CC                  | xor rcx,rsp                           |
00007FF6B498452A      | E8 21191100              | call7FF6B4A95E50      |
00007FF6B498452F      | 48:8B9C24 F0100000       | mov rbx,qword ptr ss:[rsp+10F0]       |
00007FF6B4984537      | 48:81C4 C0100000         | add rsp,10C0                          |
00007FF6B498453E      | 5F                       | pop rdi                               |
00007FF6B498453F      | 5E                       | pop rsi                               |
00007FF6B4984540      | 5D                       | pop rbp                               |
00007FF6B4984541      | C3                       | ret                                   |

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则


免责声明:
吾爱破解所发布的一切破解补丁、注册机和注册信息及软件的解密分析文章仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。本站信息来自网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除上述内容。如果您喜欢该程序,请支持正版软件,购买注册,得到更好的正版服务。如有侵权请邮件与我们联系处理。

Mail To:Service@52pojie.cn

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-11-24 22:58

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表