本帖最后由 TC大番瓜 于 2018-3-30 15:40 编辑
评分不要钱!!评分不要钱!!评分不要钱!!
--------------------------------------------------------------
VB:
816C24
--------------------------------------------------------------
Delphi:
740E8BD38B83????????FF93????????
--------------------------------------------------------------
MFC:
sub eax,0a
--------------------------------------------------------------
VC++:
sub eax,0a
--------------------------------------------------------------
易语言:
FF 55 FC 5F 5E或(e-debug)
--------------------------------------------------------------
万能断点:
F3A58BC883E103F3A4E8
--------------------------------------------------------------
飘零云:
55 8B EC 81 EC 84 00 00 00 C7 45 FC 00 00 00 00 C7 45 F8 00 00 00 00 C7 45 F4 00 00 00 00 C7 45
F0 00 00 00 00 C7 45 EC 00 00 00 00 C7 45 E8 00 00 00 00
--------------------------------------------------------------
蓝屏防御特征码:
55 8B EC 81 EC 14 00 00 00 68 0C 00 00 00
--------------------------------------------------------------
蓝屏保护特征码:
55 8B EC BB 06 00 00 00
--------------------------------------------------------------
蓝屏特征码(断首retn)
飘零金盾1.5
55 8B EC BB 06 00 00 00
飘零金盾2.0
55 8B EC EB 10 56 4D 50 72 6F 74 65 63 74 20 62 65 67 69 6E 00 BB 06 00 00 00
飘零一般无VM通用
0F 84 ?? ?? ?? ?? E8 ?? ?? ?? ?? EB ??
飘零3.0
55 8B EC EB 10 56 4D 50 72 6F 74 65 63 74 20 62 65 67 69 6E 00 BB 06 00 00 00
--------------------------------------------------------------
飘零商业版3.5(爆破特征码,先搜到期时间,retn,再搜特征码 mov eax,1 retn)
无VM
55 8B EC 81 EC 18 00 00 00 C7 45 FC 00 00 00 00 C7 45 F8 00 00 00 00 C7 45 F4 00 00 00 00
-------------------------------------------------------------
有VM
B8 01 00 00 00 55 8B EC 83 EC 18 C7 45 FC 00 00 00 00 C7 45 F8 00 00 00 00 C7 45 F4 00 00 00 00
-------------------------------------------------------------
雷音(NOP)
75D2
-------------------------------------------------------------
飘零2.8(断首修改 mov eax,1 retn)
push ebp
mov ebp,esp
sub esp,0x38
mov dword ptr ss:[ebp-0x4],0x0
mov dword ptr ss:[ebp-0x8],0x0
mov dword ptr ss:[ebp-0xC],0x0
mov dword ptr ss:[ebp-0x10],0x0
------------------------------------------------------------
可可V8(断首修改 mov eax,0 retn)
ks_CheckKeyE: 55 8B EC 81 EC CC 00 00 00 C7 45 FC 00 00 00 00 68 0C 00 00 00
取签名数据: 55 8B EC 81 EC 10 00 00 00 68 08 00 00 00
可可V9(断首修改 mov eax,64 retn)
ks_CheckKeyE: 55 8B EC 81 EC 10 00 00 00 68 08 00 00 00
取签名数据: 75 FB FF E6 55 8B EC 88 00 00 00
退出验证: 55 8B EC 8B 45 08 50
---------------------------------------------------------
558BEC81ECCC000000C745FC00000000680C000000 第一段登入验证
558BEC81EC100000006808000000 第二段登入验证
558BEC8B450850
--------------------------------------------------------
LOLLastHit(搜索INVALID VIP ACCOUNT OR PASSWORD,来到断首,修改JMPXXXXXX(004A6902)搜索LOGIN TO YOUR VIP ACCOUNT TO ACTIVATE THE TOOL,下断,运行修改为JMP)
4\n9999/11/11 11:11:11\n0 转换为16进制
004A6902 C681 B8000000 3>mov byte ptr ds:[ecx+0xB8],0x34
004A6909 C681 B9000000 0>mov byte ptr ds:[ecx+0xB9],0xA
004A6910 C681 BA000000 3>mov byte ptr ds:[ecx+0xBA],0x39
004A6917 C681 BB000000 3>mov byte ptr ds:[ecx+0xBB],0x39
004A691E C681 BC000000 3>mov byte ptr ds:[ecx+0xBC],0x39
004A6925 C681 BD000000 3>mov byte ptr ds:[ecx+0xBD],0x39
004A692C C681 BE000000 2>mov byte ptr ds:[ecx+0xBE],0x2F
004A6933 C681 BF000000 3>mov byte ptr ds:[ecx+0xBF],0x31
004A693A C681 C0000000 3>mov byte ptr ds:[ecx+0xC0],0x31
004A6941 C681 C1000000 2>mov byte ptr ds:[ecx+0xC1],0x27
004A6948 C681 C2000000 3>mov byte ptr ds:[ecx+0xC2],0x31
004A694F C681 C3000000 3>mov byte ptr ds:[ecx+0xC3],0x31
004A6956 C681 C4000000 2>mov byte ptr ds:[ecx+0xC4],0x20
004A695D C681 C5000000 3>mov byte ptr ds:[ecx+0xC5],0x31
004A6964 C681 C6000000 3>mov byte ptr ds:[ecx+0xC6],0x31
004A696B C681 C7000000 3>mov byte ptr ds:[ecx+0xC7],0x3A
004A6972 C681 C8000000 3>mov byte ptr ds:[ecx+0xC8],0x31
004A6979 C681 C9000000 3>mov byte ptr ds:[ecx+0xC9],0x31
004A6980 C681 CA000000 3>mov byte ptr ds:[ecx+0xCA],0x3A
004A6987 C681 CB000000 3>mov byte ptr ds:[ecx+0xCB],0x31
004A698E C681 CC000000 3>mov byte ptr ds:[ecx+0xCC],0x31
004A6995 C681 CD000000 3>mov byte ptr ds:[ecx+0xCD],0x3A
004A699C C681 CE000000 3>mov byte ptr ds:[ecx+0xCE],0x30
004A69A3 55 push ebp
004A69A4 8BEC mov ebp,esp
004A69A6 6A FF push -0x1
004A69A8 ^ E9 D8C9F5FF jmp LOLLastH.00403385
004A69AD 90 nop
-----------------------------------------------------
飘零时间漏洞
送时间 = 飘零_查询 (“admin”, “pass”, “use='” + 编辑框_注册QQ.内容 + “'”)
------------------------------------------------------
飘零改密漏洞
判断 (飘零是否存在 (“admin”, “use='” + 编辑框_改密账号.内容 + “'”) = 假)
-------------------------------------------------------
PUSH大法(直接查找,CTRL+L,在FF55FC5F5E处下断,跟随,retn)
68 ?? ?? ?? 52
------------------------------------------------------
DNF界神特征(84改85,退出验证)
0F847B0000008D45F850
0F84FE000000DB45FC
-------------------------------------------------------
金盾秒杀(每处都下断,mov eax,1 retn)
mov eax,dword ptr ss:[esp+0xC]
mov ecx,dword ptr ss:[esp+0x8]
mov edx,dword ptr ss:[esp+0x4]
push 0x0
push eax
push ecx
push edx
------------------------------------------------------
秒金盾
code:
83 C4 04 58 8B E5 5D C3 55 8B EC 81 EC 18 00 00 00 C7 45 FC 00 00 00 00
pop:
52 69 67 68 74 2C B5 C7 C2 BD B3 C9 B9 A6 2C B5 BD C6 DA CA B1 BC E4 CE AA 3A 32 30 31 33 2F 31
31 2F 31 39 20 31 37 3A 35 38 3A 32 34
------------------------------------------------------
80网络验证 1.1死码
83C404588BE55DC20800558BEC
------------------------------------------------------
连接密码等密钥:8BE55DC3558BEC81EC34000000C745FC00000000C745F800000000C745F400000000
私密一系列:83C404588BE55DC20400558BEC81EC0C000000C745FC000000008B5D08FF33
静态数据:83C404588BE55DC3558BEC81EC
爆破点:
code:8BE55DC3558BEC81EC14000000
pop:52696768742CB5C7C2BDB3C9B9A62CB5BDC6DACAB1BCE4CEAA3A323032302F30322F30322031373A35383A3234
飘零二次效验:5B5F5EC3558BEC81EC0C000000
通杀所有金盾:ADABADABC745F400000000C745F800000000C745F000000000
------------------------------------------------------
常用汇编指令:
cmp a,b // 比较a与b
mov a,b // 把b值送给a值,使a=b
ret // 返回主程序
nop // 无作用
call // 调用子程序,子程序以ret结尾
je或jz // 相等则跳(机器码是74或84)
jne或jnz // 不相等则跳(机器码是75或85)
jmp // 无条件跳(机器码是EB)
jb // 若小于则跳
ja // 若大于则跳
jg // 若大于则跳
jge // 若大于等于则跳
jl // 若小于则跳
pop xxx // xxx出栈
push xxx // xxx压栈
评分不要钱!!评分不要钱!!评分不要钱!! |