本帖最后由 faker438 于 2018-1-18 15:47 编辑
我找登陆验证 55 8B EC 81 EC 1C 00 00 00 找不到 特征码然后找 sub esp,0x184 ,150, 15C ,14C ,144 都找不到
合法验证的特征码都找不到。
完全没有思路了。所有方法都试了个遍;
这个是我用E盾源码编译出来然后用OD找出来的特征码。这些特征码都找不到。
登录CALL
首部
55 8B EC 81 EC 1C 00 00 00
0040D79B $ 55 push ebp
0040D79C . 8BEC mov ebp,esp
0040D79E . 81EC 1C000000 sub esp,0x1C
0040D7A4 . /EB 10 jmp short 网络验证.0040D7B6
尾部
取错误文本
55 8B EC 81 EC ?? ?? 00 00 C7 45 FC 00 00 00 00 C7 45 F8 00 00 00 00 C7 45 F4 00 00 00 00 C7 45
F0 00 00 00 00 C7 45 EC 00 00 00 00 C7 45 E8 00 00 00 00
0040D96C $ 55 push ebp
0040D96D . 8BEC mov ebp,esp
0040D96F . 81EC 84010000 sub esp,0x184 150 15C 14C 144
0040D975 . C745 FC 00000>mov dword ptr ss:[ebp-0x4],0x0
0040D97C . C745 F8 00000>mov dword ptr ss:[ebp-0x8],0x0
0040D983 . C745 F4 00000>mov dword ptr ss:[ebp-0xC],0x0
0040D98A . C745 F0 00000>mov dword ptr ss:[ebp-0x10],0x0
0040D991 . C745 EC 00000>mov dword ptr ss:[ebp-0x14],0x0
0040D998 . C745 E8 00000>mov dword ptr ss:[ebp-0x18],0x0
改
mov eax,1
ret 18
合法CALL
(合法性检验 :sub esp,84)
55 8B EC 81 EC 20 00 00 00 C7 45 FC 00 00 00 00
首部
00415BC3 /$ 55 push ebp
00415BC4 |. 8BEC mov ebp,esp
00415BC6 |. 81EC 20000000 sub esp,0x20
00415BCC |. C745 FC 00000>mov [local.1],0x0
尾部
55 8B EC 81 EC 84 00 00 00 C7 45 FC 00 00 00 00 C7 45 F8 00 00 00 00 C7 45 F4 00 00 00 00 C7 45
F0 00 00 00 00
00412F50 $ 55 push ebp ; 合法验证
00412F51 . 8BEC mov ebp,esp
00412F53 . 81EC 84000000 sub esp,0x84 (合法性检验 :sub esp,84)
00412F59 . C745 FC 00000>mov dword ptr ss:[ebp-0x4],0x0
00412F60 . C745 F8 00000>mov dword ptr ss:[ebp-0x8],0x0
00412F67 . C745 F4 00000>mov dword ptr ss:[ebp-0xC],0x0
00412F6E . C745 F0 00000>mov dword ptr ss:[ebp-0x10],0x0
改
mov eax,0
mov ebp,esp
pop ebp
retn
判断暗桩到期时间
83 C4 04 83 7D ?? 01 0F 8D
004139AA |. 83C4 04 add esp,0x4
004139AD |> 837D F4 01 cmp [local.3],0x1
004139B1 |. 0F8D ED000000 jge 网络验证.00413AA4
改
jmp 网络验证.00413AA4
登录成功运算 js 运算
55 8B EC 81 EC ?? 00 00 00 C7 45 FC 00 00 00 00 C7 45 F8 00 00 00 00 C7 45 F4 00 00 00 00 C7 45
F0 00 00 00 00 C7 45 EC 00 00 00 00 C7 45 E8 00 00 00 00 C7 45 E4 00 00 00 00 C7 45 E0 00 00 00
00 C7 45 DC 00 00 00 00 C7 45 D8 00 00 00 00 C7 45 D4 00 00 00 00 C7 45 D0 00 00 00 00 C7 45 CC
00 00 00 00 C7 45 C8 00 00 00 00 C7 45 C4 00 00 00 00 C7 45 C0 00 00 00 00
00417897 55 push ebp
00417898 8BEC mov ebp,esp
0041789A 81EC A8000000 sub esp,0xA8
004178A0 . C745 FC 00000>mov dword ptr ss:[ebp-0x4],0x0
004178A7 . C745 F8 00000>mov dword ptr ss:[ebp-0x8],0x0
004178AE . C745 F4 00000>mov dword ptr ss:[ebp-0xC],0x0
004178B5 . C745 F0 00000>mov dword ptr ss:[ebp-0x10],0x0
004178BC . C745 EC 00000>mov dword ptr ss:[ebp-0x14],0x0
004178C3 . C745 E8 00000>mov dword ptr ss:[ebp-0x18],0x0
改
leave
这是软件的下载地址。。。。。各位大神求思路啊!!!!!
下载地址: https://pan.baidu.com/s/1i5Y7dHF
|