WEB开发网
开发学院网络安全黑客技术 FlashFXP v1.4.1 build 823 的脱壳与破解 阅读

FlashFXP v1.4.1 build 823 的脱壳与破解

 2007-01-12 20:13:16 来源:WEB开发网   
核心提示: "cmp byte [00533ec0],00"这样的地方好像有48处之多!!5)好,开始吧!运行flashfxp.exe,FlashFXP v1.4.1 build 823 的脱壳与破解(4),注册的nag窗口出来了!填入build 819的key退出后,用TRW载入

"cmp byte [00533ec0],00"这样的地方好像有48处之多!!

5)好,开始吧!

运行flashfxp.exe,注册的nag窗口出来了!填入build 819的key

退出后,用TRW载入,下断bpm 53A0A0 W,F5来到:

:0050C55F E82079EFFF call 00403E84
:0050C564 83F811 cmp eax, 00000011 <------------------此时 查eax=11
:0050C567 0F9405A0A05300 sete byte ptr [0053A0A0]<------------置1
:0050C56E 803DA0A0530000 cmp byte ptr [0053A0A0], 00<---------光标
:0050C575 0F849A020000 je 0050C815
:0050C57B A188C25300 mov eax, dword ptr [0053C288]
:0050C580 3DCE7F210B cmp eax, 0B217FCE
:0050C585 0F8F53010000 jg 0050C6DE
......

不用说,后面有暗桩了,往下追追看。。会来到:

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0050C58B(C), :0050C59C(C), :0050C5A9(C), :0050C5B6(C), :0050C5C1(C)
|:0050C5CC(C), :0050C5D7(C), :0050C5E7(C), :0050C5F2(C), :0050C604(C)
|:0050C60F(C), :0050C61A(C), :0050C62A(C), :0050C635(C), :0050C647(C)
|:0050C654(C), :0050C65F(C), :0050C66A(C), :0050C675(C), :0050C685(C)
|:0050C690(C), :0050C6A2(C), :0050C6AD(C), :0050C6B8(C), :0050C6C8(C)
|:0050C6D3(C), :0050C6E9(C), :0050C6F6(C), :0050C703(C), :0050C70E(C)
|:0050C719(C), :0050C724(C), :0050C734(C), :0050C73F(C), :0050C751(C)
|:0050C758(C), :0050C75F(C), :0050C76B(C), :0050C772(C), :0050C780(C)
|:0050C789(C), :0050C790(C), :0050C797(C), :0050C7A0(C), :0050C7A7(C)
|:0050C7B2(C), :0050C7B9(C), :0050C7C0(C), :0050C7C9(C)
|
:0050C7D2 C605A0A0530000 mov byte ptr [0053A0A0], 00<------置0后,当然是未注册了!####
:0050C7D9 33C0 xor eax, eax
:0050C7DB A334C05300 mov dword ptr [0053C034], eax
:0050C7E0 B828C05300 mov eax, 0053C028
:0050C7E5 8B15FCA55300 mov edx, dword ptr [0053A5FC]
....

这么jump到0050C7D2,这真是“热点”啊。还是改改吧,在0050C7D2 改为 jmp 0050C815后,往下走:

上一页  1 2 3 4 5 6 7  下一页

Tags:FlashFXP 脱壳

编辑录入:爽爽 [复制链接] [打 印]
赞助商链接