好友
阅读权限10
听众
最后登录1970-1-1
|
入口~
004AF37F E> 9C pushfd
004AF380 60 pushad
004AF381 E8 00000000 call EasyImag.004AF386
用ESP定律!
00401000 B8 00C04A00 mov eax,EasyImag.004AC000 到这里~ 脱壳就搞定北斗~
00401005 FFD0 call eax F7进入
00401007 90 nop
00401008 48 dec eax
00401009 4F dec edi
0040100A 4F dec edi
0040100B 4B dec ebx
0040100C 90 nop
0040100D - E9 B8934800 jmp 0088A3CA
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
↓004AC000 /E9 25010000 jmp EasyImag.004AC12A 到这里
004AC005 |57 push edi
004AC006 |65:6E outs dx,byte ptr es:[edi]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
004AC12A 58 pop eax 跳到这里!
004AC130 48 dec eax
004AC131 2D 30114000 sub eax,EasyImag.00401130
004AC136 8DA8 05104000 lea ebp,dword ptr ds:[eax+401005>
004AC13C 8D85 E1000000 lea eax,dword ptr ss:[ebp+E1]
004AC142 50 push eax
004AC143 8B85 0D010000 mov eax,dword ptr ss:[ebp+10D]
004AC149 FF10 call dword ptr ds:[eax]
004AC14B 8985 B8000000 mov dword ptr ss:[ebp+B8],eax
004AC151 8D85 BC000000 lea eax,dword ptr ss:[ebp+BC]
004AC157 50 push eax
004AC158 FFB5 B8000000 push dword ptr ss:[ebp+B8]
004AC15E E8 5C020000 call EasyImag.004AC3BF
004AC163 8945 2C mov dword ptr ss:[ebp+2C],eax
004AC166 8D85 C9000000 lea eax,dword ptr ss:[ebp+C9]
004AC16C 50 push eax
004AC16D FFB5 B8000000 push dword ptr ss:[ebp+B8]
004AC173 E8 47020000 call EasyImag.004AC3BF
004AC178 8945 30 mov dword ptr ss:[ebp+30],eax
004AC17B 8D85 D8000000 lea eax,dword ptr ss:[ebp+D8]
004AC181 50 push eax
004AC182 FFB5 B8000000 push dword ptr ss:[ebp+B8]
004AC188 E8 32020000 call EasyImag.004AC3BF
004AC18D 8945 34 mov dword ptr ss:[ebp+34],eax
004AC190 6A 1C push 1C
004AC192 8D45 59 lea eax,dword ptr ss:[ebp+59]
004AC195 50 push eax
004AC196 FF75 1C push dword ptr ss:[ebp+1C]
004AC199 FF55 2C call dword ptr ss:[ebp+2C]
004AC19C 54 push esp
004AC19D 6A 04 push 4
004AC19F 6A 08 push 8
004AC1A1 FF75 1C push dword ptr ss:[ebp+1C]
004AC1A4 FF55 30 call dword ptr ss:[ebp+30]
004AC1A7 83BD 11010000 >cmp dword ptr ss:[ebp+111],0
↓004AC1AE 74 2F je short EasyImag.004AC1DF 跳~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
004AC1DF 56 push esi 到这里
004AC1E0 8BF5 mov esi,ebp
004AC1E2 8B56 20 mov edx,dword ptr ds:[esi+20]
004AC1E5 8956 75 mov dword ptr ds:[esi+75],edx
004AC1E8 0BD2 or edx,edx
↓004AC1EA 74 1D je short EasyImag.004AC209 跳~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
004AC209 8B56 24 mov edx,dword ptr ds:[esi+24] 到这里
004AC20C 8956 75 mov dword ptr ds:[esi+75],edx
004AC20F 0BD2 or edx,edx
004AC211 74 1D je short EasyImag.004AC230 这里可能是前辈说的Magic Jump,改jmp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
004AC230 8B56 28 mov edx,dword ptr ds:[esi+28] 到这里~
004AC233 8956 75 mov dword ptr ds:[esi+75],edx
004AC236 0BD2 or edx,edx
↓004AC238 74 1D je short EasyImag.004AC257 跳~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
004AC284 58 pop eax 到这里
004AC285 FF76 1C push dword ptr ds:[esi+1C]
004AC288 E8 B9010000 call EasyImag.004AC446
004AC28D 48 dec eax
004AC28E 2D 8D124000 sub eax,EasyImag.0040128D
004AC293 8D90 05104000 lea edx,dword ptr ds:[eax+401005>
004AC299 56 push esi
004AC29A 57 push edi
004AC29B 51 push ecx
004AC29C 8B7A 1C mov edi,dword ptr ds:[edx+1C]
004AC29F 8D72 79 lea esi,dword ptr ds:[edx+79]
004AC2A2 B9 08000000 mov ecx,8
004AC2A7 F3:A4 rep movs byte ptr es:[edi],byte >
004AC2A9 59 pop ecx
004AC2AA 5F pop edi
004AC2AB 5E pop esi
004AC2AC C3 retn 跳到OEP~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
00401000 /EB 10 jmp short EasyImag.00401012 OEP~
00401002 |66:623A bound di,dword ptr ds:[edx]
00401005 |43 inc ebx
00401006 |2B2B sub ebp,dword ptr ds:[ebx]
00401008 |48 dec eax
00401009 |4F dec edi
0040100A |4F dec edi
0040100B |4B dec ebx
0040100C |90 nop
0040100D -|E9 B8934800 jmp 0088A3CA
破解很简单的
爆破后随便输入注册
就出现真正注册码奇怪~
http://bbs.52pojie.cn/viewthread ... &extra=page%3D1
给大家做教程了~
一定要来T帖~
[ 本帖最后由 iy0507 于 2009-2-26 14:38 编辑 ] |
-
-
图片批量修改.zip
232.89 KB, 下载次数: 31, 下载积分: 吾爱币 -1 CB
偶们是菜鸟~高手不要T
|
发帖前要善用【论坛搜索】功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。 |
|
|
|
|
|
|
发表于 2009-1-6 23:24
发表于 2009-1-6 23:57
|
发表于 2009-1-9 12:31
