菜鸟刚看完Shark恒大神的逆向教程第一课,找了这个CM练练手。
昨天注册的账号,今天才看到= =
首先输入一个字符就弹出一个信息框。给MessageBoxA设断点,然后输入一个字符,之后回到 00409F93 处,找函数头,Retn。
00409F30 55 push ebp ; (Initial CPU selection)
00409F31 8BEC mov ebp, esp
00409F33 81EC 04000000 sub esp, 4
改为
00409F30 C3 retn ; (Initial CPU selection)
00409F31 8BEC mov ebp, esp
00409F33 81EC 04000000 sub esp, 4
00409F39 68 010100A0 push A0000101
按钮事件里没有判断,而且E-DEBUG看看程序还有时钟。= =
在时钟地址设断点。
之后
[Asm] 纯文本查看 复制代码
00409714 837D F4 00 cmp dword ptr [ebp-C], 0
00409718 90 nop
00409719 90 nop
0040971A 90 nop
0040971B 90 nop
0040971C 90 nop
0040971D 90 nop
0040971E 68 010100A0 push A0000101
00409767 83C4 04 add esp, 4
0040976A 90 nop
0040976B 90 nop
0040976C 90 nop
0040976D 90 nop
0040976E 90 nop
0040976F 68 010100A0 push A0000101
00409774 6A 00 push 0
004097E6 837D F0 00 cmp dword ptr [ebp-10], 0
004097EA 90 nop
004097EB 90 nop
004097EC 90 nop
004097ED 90 nop
004097EE 90 nop
004097EF 90 nop
004097F0 68 010100A0 push A0000101
00409839 83C4 04 add esp, 4
0040983C 90 nop
0040983D 90 nop
0040983E 90 nop
0040983F 90 nop
00409840 90 nop
00409841 68 010100A0 push A0000101
00409846 6A 00 push 0
00409848 68 CB904000 push 004090CB
004098B8 837D F0 00 cmp dword ptr [ebp-10], 0
004098BC 90 nop
004098BD 90 nop
004098BE 90 nop
004098BF 90 nop
004098C0 90 nop
004098C1 90 nop
004098C2 68 010100A0 push A0000101
0040990B 83C4 04 add esp, 4
0040990E 90 nop
0040990F 90 nop
00409910 90 nop
00409911 90 nop
00409912 90 nop
00409913 68 010100A0 push A0000101
00409918 6A 00 push 0
0040998A 837D F0 00 cmp dword ptr [ebp-10], 0
0040998E 90 nop
0040998F 90 nop
00409990 90 nop
00409991 90 nop
00409992 90 nop
00409993 90 nop
00409994 68 010100A0 push A0000101
004099DD 83C4 04 add esp, 4
004099E0 90 nop
004099E1 90 nop
004099E2 90 nop
004099E3 90 nop
004099E4 90 nop
00409A5C 837D F0 00 cmp dword ptr [ebp-10], 0
00409A60 90 nop
00409A61 90 nop
00409A62 90 nop
00409A63 90 nop
00409A64 90 nop
00409A65 90 nop
00409A66 68 010100A0 push A0000101
00409AAF 83C4 04 add esp, 4
00409AB2 90 nop
00409AB3 90 nop
00409AB4 90 nop
00409AB5 90 nop
00409AB6 90 nop
00409AB7 68 010100A0 push A0000101
00409ABC 6A 00 push 0
00409B2E 837D F0 00 cmp dword ptr [ebp-10], 0
00409B32 90 nop
00409B33 90 nop
00409B34 90 nop
00409B35 90 nop
00409B36 90 nop
00409B37 90 nop
00409B38 68 010100A0 push A0000101
00409B81 83C4 04 add esp, 4
00409B84 90 nop
00409B85 90 nop
00409B86 90 nop
00409B87 90 nop
00409B88 90 nop
00409B89 68 010100A0 push A0000101
00409B8E 6A 00 push 0
00409C00 837D F0 00 cmp dword ptr [ebp-10], 0
00409C04 90 nop
00409C05 90 nop
00409C06 90 nop
00409C07 90 nop
00409C08 90 nop
00409C09 90 nop
00409C0A 68 010100A0 push A0000101
00409C53 83C4 04 add esp, 4
00409C56 90 nop
00409C57 90 nop
00409C58 90 nop
00409C59 90 nop
00409C5A 90 nop
00409C5B 68 010100A0 push A0000101
00409CD2 837D F0 00 cmp dword ptr [ebp-10], 0
00409CD6 90 nop
00409CD7 90 nop
00409CD8 90 nop
00409CD9 90 nop
00409CDA 90 nop
00409CDB 90 nop
00409CDC 68 010100A0 push A0000101
00409D25 83C4 04 add esp, 4
00409D28 90 nop
00409D29 90 nop
00409D2A 90 nop
00409D2B 90 nop
00409D2C 90 nop
00409D2D 68 010100A0 push A0000101
00409D32 6A 00 push 0
|