crackcode代码分享笔记(三) (8千字)
-
来!继续crackcode的下一步代码分析:
:004010DC 6888974000 push 00409788 --》point to "First_Break_Address"
:004010E1 E8A8070000 call 0040188E --》把文本地址转换为HEX
:004010E6 A3A0984000 mov dword ptr [004098A0], eax --》奖转换后的结果保存
:004010EB C7042480974000 mov dword ptr [esp], 00409780 --》point to "First_Break_Address_Code_Lenth"
:004010F2 E897070000 call 0040188E
:004010F7 8B0DA0984000 mov ecx, dword ptr [004098A0]
:004010FD A350A64000 mov dword ptr [0040A650], eax
:00401102 03C1 add eax, ecx --》First_Break_Address+lenth
:00401104 C7042474974000 mov dword ptr [esp], 00409774
:0040110B A39C984000 mov dword ptr [0040989C], eax
:00401110 E879070000 call 0040188E
:00401115 A398984000 mov dword ptr [00409898], eax
:0040111A C7042470974000 mov dword ptr [esp], 00409770 --》"Second_Break_Address"
:00401121 E868070000 call 0040188E
:00401126 8B0D98984000 mov ecx, dword ptr [00409898] --》"Second_Break_Address_Code_Lenth"
:0040112C A354A64000 mov dword ptr [0040A654], eax
:00401131 BF40A64000 mov edi, 0040A640
:00401136 03C1 add eax, ecx --》Second_Break_Address+lenth
* Possible StringData Ref from Data Obj ->"0"
|
:00401138 C70424BC614000 mov dword ptr [esp], 004061BC
:0040113F 57 push edi --》"MODE"
:00401140 A394984000 mov dword ptr [00409894], eax
:00401145 E886080000 call 004019D0
:0040114A 59 pop ecx
:0040114B 85C0 test eax, eax
:0040114D 59 pop ecx
:0040114E 7506 jne 00401156
:00401150 210544A64000 and dword ptr [0040A644], eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040114E(C)
|
* Possible StringData Ref from Data Obj ->"1"
|
:00401156 68B8614000 push 004061B8
:0040115B 57 push edi
:0040115C E86F080000 call 004019D0
:00401161 59 pop ecx
:00401162 85C0 test eax, eax
:00401164 59 pop ecx
:00401165 750A jne 00401171
:00401167 C70544A6400001000000 mov dword ptr [0040A644], 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401165(C)
|
* Possible StringData Ref from Data Obj ->"2"
|
:00401171 68B4614000 push 004061B4
:00401176 57 push edi
:00401177 E854080000 call 004019D0
:0040117C 59 pop ecx
:0040117D 85C0 test eax, eax
:0040117F 59 pop ecx
:00401180 750A jne 0040118C
:00401182 C70544A6400002000000 mov dword ptr [0040A644], 00000002
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401180(C)
|
* Possible StringData Ref from Data Obj ->"3"
|
:0040118C 68B0614000 push 004061B0
:00401191 57 push edi
:00401192 E839080000 call 004019D0
:00401197 59 pop ecx
:00401198 85C0 test eax, eax
:0040119A 59 pop ecx
:0040119B 750A jne 004011A7
:0040119D C70544A6400003000000 mov dword ptr [0040A644], 00000003
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040119B(C)
|
====以上程序是对处理mode不同值,在[0040A644]地址中作标志===========
相当于
switch( mode )
{
case '0':
mode=0;
case '1':
mode=1;
case '2':
mode=2;
case '3':
mode=3;
}
* Possible StringData Ref from Data Obj ->"EAX"
|
:004011A7 68AC614000 push 004061AC
:004011AC 56 push esi --》"Save_Code_Address"
:004011AD E81E080000 call 004019D0
:004011B2 59 pop ecx
:004011B3 85C0 test eax, eax
:004011B5 59 pop ecx
:004011B6 7511 jne 004011C9
:004011B8 C605609740008B mov byte ptr [00409760], 8B
:004011BF C7054CA64000F0909090 mov dword ptr [0040A64C], 909090F0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004011B6(C)
|
* Possible StringData Ref from Data Obj ->"EBX"
|
:004011C9 68A8614000 push 004061A8
:004011CE 56 push esi
:004011CF E8FC070000 call 004019D0
:004011D4 59 pop ecx
:004011D5 85C0 test eax, eax
:004011D7 59 pop ecx
:004011D8 7511 jne 004011EB
:004011DA C605609740008B mov byte ptr [00409760], 8B
:004011E1 C7054CA64000F3909090 mov dword ptr [0040A64C], 909090F3
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004011D8(C)
|
* Possible StringData Ref from Data Obj ->"ECX"
|
:004011EB 68A4614000 push 004061A4
:004011F0 56 push esi
:004011F1 E8DA070000 call 004019D0
:004011F6 59 pop ecx
:004011F7 85C0 test eax, eax
:004011F9 59 pop ecx
:004011FA 7511 jne 0040120D
:004011FC C605609740008B mov byte ptr [00409760], 8B
:00401203 C7054CA64000F1909090 mov dword ptr [0040A64C], 909090F1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004011FA(C)
|
* Possible StringData Ref from Data Obj ->"EDX"
|
:0040120D 68A0614000 push 004061A0
:00401212 56 push esi
:00401213 E8B8070000 call 004019D0
:00401218 59 pop ecx
:00401219 85C0 test eax, eax
:0040121B 59 pop ecx
:0040121C 7511 jne 0040122F
:0040121E C605609740008B mov byte ptr [00409760], 8B
:00401225 C7054CA64000F2909090 mov dword ptr [0040A64C], 909090F2
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040121C(C)
|
* Possible StringData Ref from Data Obj ->"EDI"
|
:0040122F 689C614000 push 0040619C
:00401234 56 push esi
:00401235 E896070000 call 004019D0
:0040123A 59 pop ecx
:0040123B 85C0 test eax, eax
:0040123D 59 pop ecx
:0040123E 7511 jne 00401251
:00401240 C605609740008B mov byte ptr [00409760], 8B
:00401247 C7054CA64000F7909090 mov dword ptr [0040A64C], 909090F7
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040123E(C)
|
* Possible StringData Ref from Data Obj ->"ESI"
|
:00401251 6898614000 push 00406198
:00401256 56 push esi
:00401257 E874070000 call 004019D0
:0040125C 59 pop ecx
:0040125D 85C0 test eax, eax
:0040125F 59 pop ecx
:00401260 7511 jne 00401273
:00401262 C6056097400090 mov byte ptr [00409760], 90
:00401269 C7054CA6400090909090 mov dword ptr [0040A64C], 90909090
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401260(C)
|
* Possible StringData Ref from Data Obj ->"EBP"
|
:00401273 6894614000 push 00406194
:00401278 56 push esi
:00401279 E852070000 call 004019D0
:0040127E 59 pop ecx
:0040127F 85C0 test eax, eax
:00401281 59 pop ecx
:00401282 7511 jne 00401295
:00401284 C605609740008B mov byte ptr [00409760], 8B
:0040128B C7054CA64000F5909090 mov dword ptr [0040A64C], 909090F5
====以上程序是对处理Save_Code_Address不同值,做相应的处理======
相当于
switch( Save_Code_Address )
{
case 'EAX':
code1=8B;
code2=909090F0;
case 'EBX':
code1=8B;
code2=909090F0;
case 'EC':
code1=8B;
code2=909090F0;
case 'EDX':
code1=8B;
code2=909090F0;
case 'EDI':
code1=8B;
code2=909090F0;
case 'ESI':
code1=90;
code2=909090F0;
case 'EBP':
code1=8B;
code2=909090F0;
}
小结: 希望大家能帮我解答。为什么不同的寄存器会变成这样不同的数字?
它到底是代表什么??
今天就到这里,就到这里。。。。。。
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>