Cracked by [LCG]
补充几点:
1.可以查按钮事件,但是不容易。因为按钮事件被VM得没人样了。
2.查字符串破解会很快。
F9,完全加载以后。Goto 00401000
查字符串
Ultra String Reference, item 2
Address=00402C18
Disassembly=push 005757C3
Text String=&userlog&
跟进
00402BA7 /0F84 16010000 je 00402CC3
00402BAD |6A FF push -0x1
00402BAF |6A 08 push 0x8
00402BB1 |68 08000116 push 0x16010008
00402BB6 |68 01000152 push 0x52010001
00402BBB |E8 52840100 call 0041B012
00402BC0 |83C4 10 add esp, 0x10
00402BC3 |8945 FC mov dword ptr [ebp-0x4], eax
00402BC6 |6A FF push -0x1
00402BC8 |6A 08 push 0x8
00402BCA |68 07000116 push 0x16010007
00402BCF |68 01000152 push 0x52010001
00402BD4 |E8 39840100 call 0041B012
00402BD9 |83C4 10 add esp, 0x10
00402BDC |8945 F8 mov dword ptr [ebp-0x8], eax
00402BDF |F9 stc
00402BE0 |72 01 jb short 00402BE3
00402BE2 ^|71 F9 jno short 00402BDD
00402BE4 |72 01 jb short 00402BE7
00402BE6 |86EB xchg bl, ch
00402BE8 |01B9 FF357047 add dword ptr [ecx+0x477035FF], edi
00402BEE |76 00 jbe short 00402BF0
00402BF0 |F9 stc
00402BF1 |72 01 jb short 00402BF4
00402BF3 |B9 68C15757 mov ecx, 0x5757C168
00402BF8 |00EB add bl, ch
00402BFA |01B4FF 75F8EB01 add dword ptr [edi+edi*8+0x1EBF875],>
00402C01 |8B68 C1 mov ebp, dword ptr [eax-0x3F]
00402C04 |57 push edi
00402C05 |57 push edi
00402C06 |00E8 add al, ch
00402C08 |0000 add byte ptr [eax], al
00402C0A |0000 add byte ptr [eax], al
00402C0C |830424 06 add dword ptr [esp], 0x6
00402C10 |C3 retn
00402C11 |B8 FF75FCEB mov eax, 0xEBFC75FF
00402C16 |010F add dword ptr [edi], ecx
00402C18 |68 C3575700 push 005757C3 ; &userlog&
00402C1D |B9 06000000 mov ecx, 0x6
也可以找到 |