我把check-disk的主要程序上载了只有817 KB!
0167:004E4090 DB ??
0167:004E4091 DB ??
0167:004E4092 DB ??
0167:004E4093 DB ??
0167:004E4094 DB ??
0167:004E4095 DB ??
0167:004E4096 DB ??
0167:004E4097 DB ??
0167:004E4098 DB ??
0167:004E4099 DB ??
0167:004E409A DB ??
0167:004E409B DB ??
0167:004E409C DB ??
0167:004E409D DB ??
0167:004E409E DB ??
0167:004E409F DB ??
0167:004E40A0 DB ??
0167:004E40A1 DB ??<-(用trw2000装载方式)
0167:004E40A2 DB ??
0167:004E40A3 DB ??
------------------CEW!_LOCK98_+9A----------------
0167:004E40A1 CALL 004E40A6<-(用"PMODULE"而且一跳过它就开始测试磁盘,最后出现提示)
0167:004E40A6 POP EBP
0167:004E40A7 SUB EBP,004300A6
0167:004E40AD JMP SHORT 004E40B7
0167:004E40AF SALC
0167:004E40B0 FDIVR QWORD [EBX+2A2C60D4]
0167:004E40B6 RET
------------------CEW!_LOCK98_+A1----------------
0167:004E408A PUSH ECX
0167:004E408B SALC
0167:004E408C AND EAX,D2B7F302
0167:004E4091 MOV DL,51
0167:004E4093 TEST AL,72
0167:004E4095 CMP EAX,2AAC54F6
0167:004E409A NEG DWORD [ESI-40]
0167:004E409D ADD [ECX],BL
0167:004E409F ADC EAX,E855
0167:004E40A4 ADD [EAX],AL<-(把游标向上走就变成这样)
0167:004E40A6 POP EBP
0167:004E40A7 SUB EBP,004300A6
0167:004E40AD JMP SHORT 004E40B7
0167:004E40AF SALC
0167:004E40B0 FDIVR QWORD [EBX+2A2C60D4]
0167:004E40B6 RET
--------------------------------------------------
0167:004E40A1 DB ?? \开始是没有call,当用了"PMODULE"就变成了call?
0167:004E40A1 CALL 004E40A6 /发现开始时所有的汇编都没有流程最后就有了!
原来lock98才用动态形式来保护的!
小弟用过Wdst14多数仍然是狂读软驱?不知道哪位大客帮帮忙用trw2000或sice把
disk-check去掉!
http://go8.163.com/~peter007/hyt.rar
标 题:运行TRW2000,选TRnewTCB,运行CEW.EXE: (5千字)
发信人:xfshm
时 间:2001-3-22 18:59:53
详细信息:
运行TRW2000,选TRnewTCB,运行CEW.EXE:
0167:004E40A1 CALL 004E40A6:按F8可以进入单步跟踪。
按照下面的代码下bpx指令,F5返回,拦截成功,你可以继续分析。我也是刚学破解,而且没有时间。你可以继续分析。
015F:004E7C58 MOV AX,0401 ;校验
015F:004E7C5C MOV CX,4F01
015F:004E7C60 MOV DH,01
015F:004E7C62 MOV DL,[EBP+00433DE9]
015F:004E7C68 CALL 004E7925
015F:004E7C6D MOV AX,0201 ;读盘
015F:004E7C71 MOV CX,4F32 ;C:4F H:1 R:32
015F:004E7C75 MOV DH,01
015F:004E7C77 MOV DL,[EBP+00433DE9] ;磁盘号
015F:004E7C7D CALL 004E7925
015F:004E7C82 MOV DL,[EBP+00433DE9]
015F:004E7C88 CALL 004E78FD
015F:004E7C8D MOV DL,[EBP+00433DE9]
015F:004E7C93 CALL 004E78FD
015F:004E7C98 MOV EBX,[EBP+00433DD7]
015F:004E7C9E CMP EBX,[EBP+00433DBF]
015F:004E7CA4 JZ 004E7CB7
015F:004E7CA6 CMP BYTE [EBP+00433DE9],01
015F:004E7CAD JNC 004E7CCE
015F:004E7CAF INC BYTE [EBP+00433DE9]
015F:004E7CB5 JMP SHORT 004E7C3E
015F:004E7CB7 PUSH EAX
015F:004E7CB8 LEA EDI,[EBP+00433BD7]
015F:004E7CBE LEA ECX,[EBP+00433CCA]
015F:004E7CC4 SUB ECX,EDI
015F:004E7CC6 DEC ECX
015F:004E7CC7 CLD
015F:004E7CC8 XOR AL,AL
015F:004E7CCA REP STOSB
015F:004E7CCC POP EAX
015F:004E7C58 MOV AX,0401
015F:004E7C5C MOV CX,4F01
015F:004E7C60 MOV DH,01
015F:004E7C62 MOV DL,[EBP+00433DE9]
015F:004E7C68 CALL 004E7925
015F:004E7C6D MOV AX,0201 ;读盘
015F:004E7C71 MOV CX,4F32
015F:004E7C75 MOV DH,01
015F:004E7C77 MOV DL,[EBP+00433DE9]
015F:004E7C7D CALL 004E7925
015F:004E7C82 MOV DL,[EBP+00433DE9]
015F:004E7C88 CALL 004E78FD
015F:004E7C8D MOV DL,[EBP+00433DE9]
015F:004E7C93 CALL 004E78FD
015F:004E7C98 MOV EBX,[EBP+00433DD7]
015F:004E7C9E CMP EBX,[EBP+00433DBF]
015F:004E7CA4 JZ 004E7CB7
015F:004E7CA6 CMP BYTE [EBP+00433DE9],01
015F:004E7CAD JNC 004E7CCE
015F:004E7CAF INC BYTE [EBP+00433DE9]
015F:004E7CB5 JMP SHORT 004E7C3E
015F:004E7CB7 PUSH EAX
015F:004E7CB8 LEA EDI,[EBP+00433BD7]
015F:004E7CBE LEA ECX,[EBP+00433CCA]
015F:004E7CC4 SUB ECX,EDI
015F:004E7CC6 DEC ECX
015F:004E7CC7 CLD
015F:004E7CC8 XOR AL,AL
015F:004E7CCA REP STOSB
015F:004E7CCC POP EAX
015F:004E7967 MOV ESI,03 ;读盘三次
015F:004E796C PUSH ESI
015F:004E796D PUSH EAX
015F:004E796E PUSH EBX
015F:004E796F PUSH ECX
015F:004E7970 PUSH EDX
015F:004E7971 CALL 004E752A
015F:004E7976 MOV [EBP+00433E50],EAX
015F:004E797C MOV [EBP+00433E4C],ECX
015F:004E7982 MOV [EBP+00433E48],EDX
015F:004E7988 MOV EBX,[EBP+00433A01]
015F:004E798E MOV [EBP+00433E44],EBX
015F:004E7994 SHR EBX,10
015F:004E7997 MOV [EBP+00433E56],BX
015F:004E799E MOV BL,13
015F:004E79A0 CALL 004E7756
015F:004E79A5 POP EDX
015F:004E79A6 POP ECX
015F:004E79A7 POP EBX
015F:004E79A8 POP EAX
015F:004E79A9 POP ESI
015F:004E79AA CMP AH,02 ;AH=2,读盘
015F:004E79AD JNZ 004E79C2
015F:004E79AF MOV EBX,[EBP+00433A05]
015F:004E79B5 CMP WORD [EBX],BYTE +00
015F:004E79B9 JNZ 004E79C2
015F:004E79BB OR ESI,ESI
015F:004E79BD JZ 004E79C2
015F:004E79BF DEC ESI
015F:004E79C0 JMP SHORT 004E796C
015F:004E79C2 CMP CX,4F32 ;磁道4F 扇区32H
015F:004E79C7 JNZ 004E79F1
015F:004E79C9 MOV EBX,[EBP+00433A05]
015F:004E79CF MOV ECX,0200
015F:004E79D4 CALL 004E7B24
015F:004E79D9 MOV [EBP+00433DBF],EAX
015F:004E79DF MOV EAX,[EBX+9B]
015F:004E79E5 XOR EAX,[EBX+0162]
015F:004E79EB XOR [EBP+00433DBB],EAX
015F:004E79F1 MOV EAX,[EBP+004339FD]
015F:004E79F7 CALL 004E761C
015F:004E7967 MOV ESI,03
015F:004E796C PUSH ESI
015F:004E796D PUSH EAX
015F:004E796E PUSH EBX
015F:004E796F PUSH ECX
015F:004E7970 PUSH EDX
015F:004E7971 CALL 004E752A
015F:004E7976 MOV [EBP+00433E50],EAX
015F:004E797C MOV [EBP+00433E4C],ECX
015F:004E7982 MOV [EBP+00433E48],EDX
015F:004E7988 MOV EBX,[EBP+00433A01]
015F:004E798E MOV [EBP+00433E44],EBX
015F:004E7994 SHR EBX,10
015F:004E7997 MOV [EBP+00433E56],BX
015F:004E799E MOV BL,13
015F:004E79A0 CALL 004E7756
015F:004E79A5 POP EDX
015F:004E79A6 POP ECX
015F:004E79A7 POP EBX
015F:004E79A8 POP EAX
015F:004E79A9 POP ESI
015F:004E79AA CMP AH,02
015F:004E79AD JNZ 004E79C2
015F:004E79AF MOV EBX,[EBP+00433A05]
015F:004E79B5 CMP WORD [EBX],BYTE +00
015F:004E79B9 JNZ 004E79C2
015F:004E79BB OR ESI,ESI
015F:004E79BD JZ 004E79C2
015F:004E79BF DEC ESI
015F:004E79C0 JMP SHORT 004E796C
015F:004E79C2 CMP CX,4F32
015F:004E79C7 JNZ 004E79F1
015F:004E79C9 MOV EBX,[EBP+00433A05]
015F:004E79CF MOV ECX,0200
015F:004E79D4 CALL 004E7B24
015F:004E79D9 MOV [EBP+00433DBF],EAX
015F:004E79DF MOV EAX,[EBX+9B]
015F:004E79E5 XOR EAX,[EBX+0162]
015F:004E79EB XOR [EBP+00433DBB],EAX
015F:004E79F1 MOV EAX,[EBP+004339FD]
015F:004E79F7 CALL 004E761C
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
热门文章 去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据
人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>