-
Chat Record Viewer5.3 算法和分析
用OD载入,下bp MessageBoxA,注册失败后断下,向上看到这里: 0046EEF0 /. 55 push ebp0046EEF1 |. 8BEC mov ebp, esp0046EEF3 |. 83C4 F4 add esp, -0C0046EEF6 |. 33C9 xor ecx, ecx0046EEF8 |. 894D F4 mov dword ptr [ebp-C], ecx0046EEFB |. 8955 F8 mov dword ptr [ebp-8], edx0046EEF...
-
Aurora Media Workshop 3.4.2注册全过程
od载入查找字符串‘invalid username or registration code’来到0045BDA0 . 6A FF push -1 ; (initial cpu selection)0045BDA2 . 68 18204700 push 00472018 ; SE 处理程序安装0045BDA7 . 64:A1 0000000>mov eax, fs:[0]0045BDAD . 50 push eax0045BDAE . 64:8925 00000>mov fs:[0...
-
Ap PDF Split-Merge注册分析
1。使用F12暂停法找到关键算法 0040CCB4 /. 55 push ebp0040CCB5 |. 8BEC mov ebp, esp0040CCB7 |. 83C4 B8 add esp, -480040CCBA |. 53 push ebx0040CCBB |. 56 push esi0040CCBC |. 57 push edi0040CCBD |. 8BD8 mov ebx, eax0040CCBF |. BE C7AD5700 mov esi, 0057ADC70040CCC4 |...
-
A Reversing Of iSkySoft
堆栈返回下断,或者字符串搜索,或下对话框断点 ;====================================================================|>>第一层>005573C0 /. 55 push ebp ; //开始005573C1 |. 8BEC mov ebp, esp005573C3 |. 33C9 xor ecx, ecx005573C5 |. 51 push ecx005573C6 |. 51 push ecx005573C7...
-
4U WMA MP3 Converter 6.0.2算法分析
0049488C /$ 55 PUSH EBP0049488D |. 8BEC MOV EBP,ESP0049488F |. 6A 00 PUSH 000494891 |. 6A 00 PUSH 000494893 |. 6A 00 PUSH 000494895 |. 6A 00 PUSH 000494897 |. 6A 00 PUSH 000494899 |. 53 PUSH EBX0049489A |. 56 PUSH ESI0049489B |. 894D F8 MOV DWORD PTR...
-
E8票据打印管理软件V5.25版 脱壳过程
首先,安装后查壳 ASPack 2.12 -> Alexey Solodovnikov 哈哈,这个壳其实相当简单的 载入 00AF0001 > 60 pushad00AF0002 E8 03000000 call ...
-
某单机游戏cd-key分析
用DEDE找到窗口仅有的那个按钮,OD断在下面了:00426C38 /. 55 push ebp //断在这00426C39 |. 8BEC mov ebp, esp00426C3B |. 33C9 xor ecx, ecx00426C3D |. 51 push ecx00426C3E |. 51 push ecx00426C3F |. 51 push ecx00426C40 |. 51 push ecx00426C41 |. 51 push ecx00426C42 |. 51 push ecx...
-
某光盘数据、多媒体恢复工具算法分析
无壳,常规的断点一路追到这里,即验证过程 0041A980 /. 55 push ebp0041A981 |. 8BEC mov ebp, esp0041A983 |. 83EC 20 sub esp, 200041A986 |. 894D E0 mov dword ptr [ebp-20], ecx0041A989 |. 6A 01 push 10041A98B |. 8B4D E0 mov ecx, dword ptr [ebp-20]0041A98E |. E8 F3D30100 call...
-
素描软件的注册算法简单分析
确定了注册判断的子程序为从004B56E2地址开始的这个子Call,故在地址:004B56E2处,F2键下断后,运行程序,打开注册窗口,输入注册名:aCaFeeL,输入注册码:12345678,点击OK按钮,被中断下来: >0047FEA8 . 55 push ebp ; 开始分析0047FEA9 . 8BEC mov ebp, esp0047FEAB . B9 10000000 mov ecx, 100047FEB0 > 6A 00 push 00047FEB2 . 6A 00 p...
-
黑石算法分析
软件明码比较,压缩壳,我们带壳调试,使用a_p大哥修改的野猪OD. ////////////00517000 > 53 PUSH EBX ; OD载入后来到这里00517001 55 PUSH EBP00517002 89C5 MOV EBP,EAX00517004 33DB XOR EBX,EBX00517006 EB 60 JMP SHORT Wrenju.00517068 ; F8单步一次////////////00517068 E8 00000000 CALL Wrenju.005...
