有声有色 3.10
richie.coolbel.com
工具:Trw2000
有加壳。
脱壳入口点在0048e410
bpx createwindowex
pmodule
................
015F:0048A4C8 E8C399FEFF CALL 00473E90
015F:0048A4CD 8BC6 MOV
EAX,ESI
015F:0048A4CF E8FCA8FEFF CALL 00474DD0
015F:0048A4D4 8B8318050000 MOV EAX,[EBX+0518]
1E为十进制的31
015F:0048A4DA 83B8380100001E CMP DWORD [EAX+0138],BYTE
+1E //比较使用的次数。
015F:0048A4E1 0F8498000000 JZ NEAR 0048A57F
<-改JNZ 0
015F:0048A4E7 8B831C050000 MOV EAX,[EBX+051C]
015F:0048A4CD 8BC6 MOV
EAX,ESI
015F:0048A4CF E8FCA8FEFF CALL 00474DD0
015F:0048A4D4 8B8318050000 MOV EAX,[EBX+0518]
015F:0048A4DA 83B8380100001E CMP DWORD [EAX+0138],BYTE
+1E
015F:0048A4E1 0F8498000000 JZ NEAR 0048A57F
<-改JNZ 1
015F:0048A4E7 8B831C050000 MOV EAX,[EBX+051C]
015F:0048A4ED 8B10 MOV
EDX,[EAX]
015F:0048A4EF FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A4F5 3C01 CMP
AL,01
015F:0048A4F7 0F8482000000 JZ NEAR 0048A57F
<-改JNZ 2
015F:0048A4FD 8B8324050000 MOV EAX,[EBX+0524]
015F:0048A503 8B10 MOV
EDX,[EAX]
015F:0048A505 FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A50B 3C01 CMP
AL,01
015F:0048A50D 7470 JZ
0048A57F <-改JNZ 3
015F:0048A50F 8B8328050000 MOV EAX,[EBX+0528]
015F:0048A515 8B10 MOV
EDX,[EAX]
015F:0048A517 FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A51D 3C01 CMP
AL,01
015F:0048A51F 745E JZ
0048A57F <-改JNZ 4
015F:0048A521 8B832C050000 MOV EAX,[EBX+052C]
015F:0048A527 8B10 MOV
EDX,[EAX]
015F:0048A529 FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A52F 3C01 CMP
AL,01
015F:0048A531 744C JZ
0048A57F <-改JNZ 5
015F:0048A533 8B8330050000 MOV EAX,[EBX+0530]
015F:0048A539 8B10 MOV
EDX,[EAX]
015F:0048A53B FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A541 3C01 CMP
AL,01
015F:0048A543 743A JZ
0048A57F <-改JNZ 6
015F:0048A545 8B8330050000 MOV EAX,[EBX+0530]
015F:0048A54B 8B10 MOV
EDX,[EAX]
015F:0048A54D FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A553 3C01 CMP
AL,01
015F:0048A555 7428 JZ
0048A57F <-改JNZ 7
015F:0048A557 8B8334050000 MOV EAX,[EBX+0534]
015F:0048A55D 8B10 MOV
EDX,[EAX]
015F:0048A55F FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A565 3C01 CMP
AL,01
015F:0048A567 7416 JZ
0048A57F <-改JNZ 8
015F:0048A569 8B833C050000 MOV EAX,[EBX+053C]
015F:0048A56F 8B10 MOV
EDX,[EAX]
015F:0048A571 FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A577 3C01 CMP
AL,01
015F:0048A579 0F85E2010000 JNZ NEAR 0048A761
<-改JZ 9
015F:0048A57F B201 MOV
DL,01
015F:0048A581 8B831C050000 MOV EAX,[EBX+051C]
015F:0048A587 8B08 MOV
ECX,[EAX]
015F:0048A589 FF91B8000000 CALL NEAR [ECX+B8]
015F:0048A58F B201 MOV
DL,01
015F:0048A591 8B8324050000 MOV EAX,[EBX+0524]
015F:0048A597 8B08 MOV
ECX,[EAX]
015F:0048A599 FF91B8000000 CALL NEAR [ECX+B8]
015F:0048A59F B201 MOV
DL,01
015F:0048A5A1 8B8328050000 MOV EAX,[EBX+0528]
015F:0048A5A7 8B08 MOV
ECX,[EAX]
015F:0048A5A9 FF91B8000000 CALL NEAR [ECX+B8]
015F:0048A5AF B201 MOV
DL,01
015F:0048A5B1 8B832C050000 MOV EAX,[EBX+052C]
015F:0048A5B7 8B08 MOV
ECX,[EAX]
015F:0048A5B9 FF91B8000000 CALL NEAR [ECX+B8]
015F:0048A5BF B201 MOV
DL,01
015F:0048A5C1 8B8330050000 MOV EAX,[EBX+0530]
015F:0048A5C7 8B08 MOV
ECX,[EAX]
015F:0048A5C9 FF91B8000000 CALL NEAR [ECX+B8]
015F:0048A5CF B201 MOV
DL,01
015F:0048A5D1 8B8334050000 MOV EAX,[EBX+0534]
015F:0048A5D7 8B08 MOV
ECX,[EAX]
015F:0048A5D9 FF91B8000000 CALL NEAR [ECX+B8]
015F:0048A5DF B201 MOV
DL,01
015F:0048A5E1 8B833C050000 MOV EAX,[EBX+053C]
015F:0048A5E7 8B08 MOV
ECX,[EAX]
015F:0048A5E9 FF91B8000000 CALL NEAR [ECX+B8]
015F:0048A5EF 8BB354060000 MOV ESI,[EBX+0654]
015F:0048A5F5 8BC6 MOV
EAX,ESI
015F:0048A5F7 E8C8A5FEFF CALL 00474BC4
015F:0048A5FC 8B832C050000 MOV EAX,[EBX+052C]
015F:0048A602 8B10 MOV
EDX,[EAX]
015F:0048A604 FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A60A 50 PUSH
EAX
015F:0048A60B B940AA4800 MOV ECX,0048AA40
015F:0048A610 BA58AA4800 MOV EDX,0048AA58
015F:0048A615 8BC6 MOV
EAX,ESI
015F:0048A617 E828AAFEFF CALL 00475044
015F:0048A61C 8BC6 MOV
EAX,ESI
015F:0048A61E E8ADA7FEFF CALL 00474DD0
015F:0048A623 8BB350060000 MOV ESI,[EBX+0650]
015F:0048A629 8BC6 MOV
EAX,ESI
015F:0048A62B E894A5FEFF CALL 00474BC4
015F:0048A630 8B8334050000 MOV EAX,[EBX+0534]
015F:0048A636 8B10 MOV
EDX,[EAX]
015F:0048A638 FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A63E 50 PUSH
EAX
015F:0048A63F B9BCAA4800 MOV ECX,0048AABC
015F:0048A644 BACCAA4800 MOV EDX,0048AACC
015F:0048A649 8BC6 MOV
EAX,ESI
015F:0048A64B E8F4A9FEFF CALL 00475044
015F:0048A650 8BC6 MOV
EAX,ESI
015F:0048A652 E879A7FEFF CALL 00474DD0
015F:0048A657 8BB34C060000 MOV ESI,[EBX+064C]
015F:0048A65D 8BC6 MOV
EAX,ESI
015F:0048A65F E860A5FEFF CALL 00474BC4
015F:0048A664 8D4640 LEA
EAX,[ESI+40]
015F:0048A667 BAE4A84800 MOV EDX,0048A8E4
015F:0048A66C E80B94F7FF CALL 00403A7C
015F:0048A671 8B831C050000 MOV EAX,[EBX+051C]
015F:0048A677 8B10 MOV
EDX,[EAX]
015F:0048A679 FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A67F 50 PUSH
EAX
015F:0048A680 B910A94800 MOV ECX,0048A910
015F:0048A685 BA20A94800 MOV EDX,0048A920
015F:0048A68A 8BC6 MOV
EAX,ESI
015F:0048A68C E8B3A9FEFF CALL 00475044
015F:0048A691 8D4640 LEA
EAX,[ESI+40]
015F:0048A694 BA30A94800 MOV EDX,0048A930
015F:0048A699 E8DE93F7FF CALL 00403A7C
015F:0048A69E 8B8324050000 MOV EAX,[EBX+0524]
015F:0048A6A4 8B10 MOV
EDX,[EAX]
015F:0048A6A6 FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A6AC 50 PUSH
EAX
015F:0048A6AD B954A94800 MOV ECX,0048A954
015F:0048A6B2 BA6CA94800 MOV EDX,0048A96C
015F:0048A6B7 8BC6 MOV
EAX,ESI
015F:0048A6B9 E886A9FEFF CALL 00475044
015F:0048A6BE 8D4640 LEA
EAX,[ESI+40]
015F:0048A6C1 BA84A94800 MOV EDX,0048A984
015F:0048A6C6 E8B193F7FF CALL 00403A7C
015F:0048A6CB 8B8328050000 MOV EAX,[EBX+0528]
015F:0048A6D1 8B10 MOV
EDX,[EAX]
015F:0048A6D3 FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A6D9 50 PUSH
EAX
015F:0048A6DA B9ACA94800 MOV ECX,0048A9AC
015F:0048A6DF BAC0A94800 MOV EDX,0048A9C0
015F:0048A6E4 8BC6 MOV
EAX,ESI
015F:0048A6E6 E859A9FEFF CALL 00475044
015F:0048A6EB 8D4640 LEA
EAX,[ESI+40]
015F:0048A6EE BAD0A94800 MOV EDX,0048A9D0
015F:0048A6F3 E88493F7FF CALL 00403A7C
015F:0048A6F8 8B8330050000 MOV EAX,[EBX+0530]
015F:0048A6FE 8B10 MOV
EDX,[EAX]
015F:0048A700 FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A706 50 PUSH
EAX
015F:0048A707 B9F8A94800 MOV ECX,0048A9F8
015F:0048A70C BA10AA4800 MOV EDX,0048AA10
015F:0048A711 8BC6 MOV
EAX,ESI
015F:0048A713 E82CA9FEFF CALL 00475044
015F:0048A718 8BC6 MOV
EAX,ESI
015F:0048A71A E8B1A6FEFF CALL 00474DD0
015F:0048A71F 8BB338050000 MOV ESI,[EBX+0538]
015F:0048A725 8BC6 MOV
EAX,ESI
015F:0048A727 E898A4FEFF CALL 00474BC4
015F:0048A72C 8B833C050000 MOV EAX,[EBX+053C]
015F:0048A732 8B10 MOV
EDX,[EAX]
015F:0048A734 FF92B4000000 CALL NEAR [EDX+B4]
015F:0048A73A 50 PUSH
EAX
015F:0048A73B B9B0A84800 MOV ECX,0048A8B0
015F:0048A740 BAC0A84800 MOV EDX,0048A8C0
015F:0048A745 8BC6 MOV
EAX,ESI
015F:0048A747 E8F8A8FEFF CALL 00475044
015F:0048A74C 8BC6 MOV
EAX,ESI
015F:0048A74E E87DA6FEFF CALL 00474DD0
015F:0048A753 8B8320050000 MOV EAX,[EBX+0520]
015F:0048A759 E8D29BFEFF CALL 00474330
//要求注册对话框
015F:0048A75E 5E POP
ESI
015F:0048A75F 5B POP
EBX
015F:0048A760 C3 RET
0、0F 84 98 00 00 00 8B 83 1C 05 00 00 //注意:此处使用30次才能修改使用。
85
1、0F 84 98 00 00 00
0F 85
2、0F 84 82 00 00 00
0F 85
3、74 70 8B 83 28 05 00 00
75
4、74 5E 8B 83 2C 05 00 00
75
5、74 4C 8B 83 30 05 00 00
75
6、74 3A 8B 83 30 05 00 00
75
7、74 28 8B 83 34 05 00 00
75
8、74 16 8B 83 3C 05 00
75
9、0F 85 E2 01 00 00
0F 84
- 标 题:iis兄,请进《有声有色 3.10》的破解方法。 (9千字)
- 作 者:xiA Qin
- 时 间:2000-8-17 13:32:37
- 链 接:http://bbs.pediy.com