⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 lesson14031.htm

📁 为所有对破解感兴趣的朋友准备的礼物。希望大家能够喜欢。
💻 HTM
📖 第 1 页 / 共 4 页
字号:
🔍
1234 
            <br>
            <br>
            USER32.DialogBoxParamA at 004010AF <br>
            ================================================================= 
            <br>
            * Possible Reference to Dialog: DialogID_0002 &nbsp; &nbsp;&nbsp;&nbsp; 
            &nbsp;&nbsp;&lt;&lt;Nag ID <br>
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br>
            :00401098 6A02&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; push 00000002 <br>
            :0040109A FF7508&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; push [ebp+08] <br>
            <br>
            * Reference To: USER32.EndDialog, Ord:0000h <br>
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br>
            :0040109D E858040000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            Call 004014FA&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&lt;&lt;关闭Nag!! 
            <br>
            :004010A2 6A00&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; push 00000000&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&lt;&lt;主程序调用 
            <br>
            :004010A4 68DF104000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            push 004010DF&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; USER32.DialogBoxParamA的第一参数 
            <br>
            :004010A9 6A00&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; push 00000000&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 
            <br>
            <br>
            * Possible Reference to Dialog: DialogID_0001 &nbsp; &nbsp;&nbsp;&nbsp; 
            &nbsp;&nbsp;&lt;&lt;主程序的 ID <br>
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br>
            :004010AB 6A01&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; push 00000001 <br>
            :004010AD 6A00&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; push 00000000 <br>
            <br>
            * Reference To: USER32.DialogBoxParamA, Ord:0000h&nbsp; &nbsp;&nbsp;&lt;&lt;显示程序 
            <br>
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br>
            :004010AF E83A040000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            Call 004014EE <br>
            <br>
            * Possible Reference to Dialog: DialogID_0001 <br>
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br>
            :004010B4 B801000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            mov eax, 00000001 <br>
            :004010B9 EB20&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; jmp 004010DB <br>
            ================================================================= 
            <br>
            <br>
            USER32.DialogBoxParamA at 0040114C <br>
            ================================================================= 
            <br>
            :0040113B 55&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; &nbsp; push ebp <br>
            :0040113C 8BEC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; mov ebp, esp <br>
            :0040113E 6A00&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; push 00000000&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&lt;&lt; 
            Nag调用函数 <br>
            :00401140 687C104000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            push 0040107C&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; USER32.DialogBoxParamA第一参数 
            <br>
            :00401145 6A00&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; push 00000000&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 
            <br>
            <br>
            * Possible Reference to Dialog: DialogID_0002 &nbsp; &nbsp;&nbsp;&nbsp; 
            &nbsp;&nbsp;&lt;&lt;Nag ID <br>
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br>
            :00401147 6A02&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; push 00000002 <br>
            :00401149 FF7508&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; push [ebp+08] <br>
            <br>
            * Reference To: USER32.DialogBoxParamA, Ord:0000h&nbsp; &nbsp;&nbsp;&lt;&lt;显示Nag!! 
            <br>
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br>
            :0040114C E89D030000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            Call 004014EE <br>
            :00401151 33C0&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; xor eax, eax <br>
            :00401153 5D&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; &nbsp; &nbsp; pop ebp <br>
            :00401154 C21000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
            &nbsp; ret 0010 <br>
            ================================================================= 
            <br>
            <br>
            如果你将代码0040113E到0040114C中6行NOP掉,你将出错,程序运行将崩溃! <br>
            该如何打这个补丁? <br>
            OK,我们直接从0040113E跳转到004010A2,为什么是004010A2?? <br>
            因从00401098到0040109D这段代码是NAG的结束,我们停止程序的NAG进程,不需要End-Nag这段代码。 <br>
            现在我们需要发现用什么机器码补丁,程序跳到主程序时不经NAG的显示和End-Nag。 <br>
            你可用SOFTICE来做。当然你也可用W32Dasm来代替。 <br>
            1) 在 "Debug", 选择 "Load Process" <br>
            2) 点击 "Load" <br>
            3) 你将会看到三个窗口,不要害怕. 8P <br>
            4) 来到右边的窗口(那个显示"Code Address ...") <br>
            5) 点击"Goto Address" <br>
            6) 填上地址0040113E (你还记得我们将要从这跳走) <br>
            7) 你将看到来到那里,PUSH... <br>
            8) 点击 "Patch Code" <br>
            9) 在 "Enter New Instruction Below" 这行, 键入 "jmp 004010A2" (这没有引号). 
            (记住我们将要跳到这儿) <br>
            10) 点击 "回车键" .你将看到 jmp&nbsp; 004010A2... <br>
            11) 机器码是 E95FFFFFFF <br>
            12) 现在, 点击 "Clear Patch"回答"Yes"然后点击 "Close" <br>
            13) 回到右窗口点击"Terminate"因为我们己结束了。 <br>
            <br>
            返回主窗口,来到0040113E,在W32Dasm的最底部,你将看到: <br>
            Line:298 Pg 4 of 12 Code Data @:0040113E @Offset 0000073Eh in File:crackme2a.exe 
            <br>
            <br>
            你将看到其偏移地址: 0000073E <br>
            现在复制一份这crackme程序,用十六进制程序打开(不然你在W32Dasm下是不能修改文件的),来到地址0000073E,你将看到字节: 
            6A 00 68 7C 10(机器码) <br>
            ** 同 W32Dasm比较一下 (它们是一样的) <br>
            <br>
            改 E9 5F FF FF FF 并存盘 <br>
            crack结束。 <br>
            <br>
            小结:其实作者修改机器码不需这麻烦,可直接在hievw用汇编代码改。但大家可进一步了解W32DASM的动态调试功能。 
        </table>
  </div>
  <div id="KB5Parent" class="parent" align="left"> <a href="#" onClick="expandIt('KB5'); return false" class="p9"> 
    5、习题五 答案</a> </div>
  <div id="KB5Child" class="child" align="left"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
    <table width="100%" align="center" cellspacing="0">
      <tr bgcolor="#EFEFEF"> 
        <td height="28"> 
          <p class="p9">破解lesson1403-ex-05 <br>
            <br>
            用TRW LOAD 需破解的cm_id11.exe <br>
            按F10直到: <br>
            00447D90&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CALL&nbsp; 0043EA00 <br>
            跳出NAG <br>
            尝试把这句NOP掉,可是出错。 <br>
            那就按F8进入此CALL <br>
            0043EA00&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; PUSH&nbsp; EBP <br>
            。。。&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 。。。 <br>
            。。。&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 。。。 <br>
            按F10,直到: <br>
            0043EA31&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CALL&nbsp; [EDI+2C] <br>
            跳出NAG <br>
            尝试把这句NOP掉,可是出错。 <br>
            那就按F8进入此CALL <br>
            按F10,直到: <br>
            00437E8B&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CMP&nbsp; 
            BYTE PTR [EBP-05], 00 <br>
            00437E8F&nbsp; 740f&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; JE&nbsp; 00437EAO 
            <br>
            00437E91&nbsp; e876b1fcff&nbsp; &nbsp; CALL&nbsp; 0040300C&nbsp; ----跳出NAG 
            <br>
            尝试修改00437E8F 一句,出错。 <br>
            再尝试把00437E91的CALL NOP掉,即将机器码e876b1fcff改成9090909090,成功! <br>
            <br>
            ZXEM 2000.3.26 
        
    </table>
  </div>
  <div id="KB6Parent" class="parent" align="left"> <a href="#" onClick="expandIt('KB6'); return false"> 
    </a></div>
  <div align="left">
    <script language='JavaScript'>
    if (NS4) {
        firstEl = "KB1Parent";
        firstInd = getIndex(firstEl);
        arrange();
    }
</script>
  </div>
</center>
<table width="80%" border="1" cellspacing="0" cellpadding="0" align="center" bgcolor="#99CCFF" bordercolorlight="#99CCFF" bordercolordark="#99CCFF">
  <tr> 
    <td width="82%" class="p8" height="34">Copyright @看雪 2000 All rights reserved 
        <a href="mailto:toye@126.com">与我联系</a></td>
    <td width="10%" class="p9" height="34"><a href="index.htm" tppabs="http://toye.dihou.org/index.htm">返回<br>
      首页</a></td>
    <td width="8%" class="p8" height="34"><a href="molu.htm" tppabs="http://toye.dihou.org/molu.htm" class="p9">返回<br>
      目录</a></td>
  </tr>
</table>
<p> </p>
</body>
</html>
1234

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -