使用笔记

使用笔记

关注
发信
关注(28)粉丝(399)

OllyDbg 使用笔记 (十二)

OllyDbg 使用笔记 (十二)

參考

书:《加密与解密》

视频:小甲鱼 解密系列 视频

演示样例程序下载地址:http://pan.baidu.com/s/1eQiV6aI

00417457   .  8BCE          mov     ecx, esi

00417459   .  C64424 30 01  mov     byte ptr [esp+30], 1

0041745E   .  E8 2D020000   call    00417690

00417463   .  84C0          test    al, al

00417465   .  75 7C         jnz     short 004174E3

00417467   .  51            push    ecx

00417468   .  8D5424 14     lea     edx, dword ptr [esp+14]

0041746C   .  8BCC          mov     ecx, esp

0041746E   .  896424 20     mov     dword ptr [esp+20], esp

00417472   .  52            push    edx

00417473   .  E8 9D6A0400   call    0045DF15

00417478   .  51            push    ecx

00417479   .  8D4424 1C     lea     eax, dword ptr [esp+1C]

0041747D   .  8BCC          mov     ecx, esp

0041747F   .  896424 20     mov     dword ptr [esp+20], esp

00417483   .  50            push    eax

00417484   .  C64424 34 03  mov     byte ptr [esp+34], 3

00417489   .  E8 876A0400   call    0045DF15

0041748E   .  8BCE          mov     ecx, esi

00417490   .  C64424 30 01  mov     byte ptr [esp+30], 1

00417495   .  E8 F6010000   call    00417690

0041749A   .  84C0          test    al, al

0041749C   .  75 45         jnz     short 004174E3

0041749E   .  6A 00         push    0

004174A0   .  68 04544800   push    00485404                           ;  ASCII "XoftSpy"

004174A5   .  68 C4684800   push    004868C4                           ;  ASCII "Invalid code."

004174AA   .  8BCE          mov     ecx, esi

004174AC   .  E8 664F0400   call    0045C417

004174B1   .  68 48FA4800   push    0048FA48

004174B6   .  8BCD          mov     ecx, ebp

004174B8   .  E8 206E0400   call    0045E2DD

004174BD   .  68 48FA4800   push    0048FA48

004174C2   .  8BCF          mov     ecx, edi

004174C4   .  E8 146E0400   call    0045E2DD

004174C9   .  68 48FA4800   push    0048FA48

004174CE   .  8BCB          mov     ecx, ebx

004174D0   .  E8 086E0400   call    0045E2DD

004174D5   .  6A 00         push    0

004174D7   .  8BCE          mov     ecx, esi

004174D9   .  E8 03590400   call    0045CDE1

004174DE   .  E9 9D000000   jmp     00417580

004174E3   >  57            push    edi

004174E4   .  55            push    ebp

004174E5   .  E8 769D0100   call    00431260

004174EA   .  83C4 08       add     esp, 8

004174ED   .  8BCE          mov     ecx, esi

004174EF   .  6A 00         push    0

004174F1   .  68 04544800   push    00485404                           ;  ASCII "XoftSpy"

004174F6   .  68 98684800   push    00486898                           ;  ASCII "Congratulations! successfully registered"

004174FB   .  E8 174F0400   call    0045C417


0040147D   .  50            push    eax

0040147E   .  51            push    ecx

0040147F   .  C64424 3C 03  mov     byte ptr [esp+3C], 3

00401484   .  E8 17FF0200   call    004313A0

00401489   .  8B8E C0000000 mov     ecx, dword ptr [esi+C0]

0040148F   .  83C4 08       add     esp, 8

00401492   .  E8 093C0300   call    004350A0

00401497   .  84C0          test    al, al

00401499   .  74 12         je      short 004014AD

0040149B   .  68 C4514800   push    004851C4                           ;  ASCII "This license of XoftSpy has been registered"

004014A0   .  8D4C24 08     lea     ecx, dword ptr [esp+8]

004014A4   .  E8 34CE0500   call    0045E2DD

004014A9   .  6A 00         push    0

004014AB   .  EB 10         jmp     short 004014BD

004014AD   >  68 94514800   push    00485194                           ;  ASCII "This XoftSpy license has not been registered"

004014B2   .  8D4C24 08     lea     ecx, dword ptr [esp+8]
05-15 05:25
Powered by LMLPHP ©2024 使用笔记 0.053700