lesson504.htm

为所有对破解感兴趣的朋友准备的礼物。希望大家能够喜欢。

<html>
<head>
<title>看雪学苑</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css">
<!--
.p8 {  font-size: 8pt}
.p9 {  font-size: 9pt}
a:hover {  color: #00FF00}
a {  text-decoration: none}
.p12 {  font-size: 12pt; font-weight: bold; color: #FF3333}
-->
</style>
</head>

<body bgcolor="#FFFFFF" vlink="#000000">
<table width="80%" border="1" cellspacing="0" cellpadding="0" align="center" bgcolor="#99CCFF" bordercolorlight="#99CCFF" bordercolordark="#99CCFF">
  <tr> 
    <td width="72%" class="p9"><a href="javascript:if(confirm('http://toye.yeah.net/  \n\n这个文件不能通过 Teleport Pro 取回, 因为 它被访问于一个域或在它的起始地址边界外部的路径上.  \n\n你想从服务器打开它吗?'))window.location='http://toye.yeah.net/'" tppabs="http://toye.yeah.net/">看雪教学</a></td>
    <td width="10%" class="p9">&nbsp; </td>
    <td width="10%"><a href="index.htm" tppabs="http://toye.dihou.org/index.htm" class="p9">返回<br>
      首页 <br>
      </a></td>
    <td width="8%"><a href="molu.htm" tppabs="http://toye.dihou.org/molu.htm" class="p9">返回<br>
      目录 </a></td>
  </tr>
</table>
<table width="80%" cellspacing="0" cellpadding="0" align="center">
  <tr bgcolor="#FFFF33"> 
    <td> 
      <div align="center" class="p12">第五课 动态跟踪分析入门</div>
    </td>
  </tr>
</table>
<table width="80%" cellspacing="0" align="center">
  <tr class="p9"> 
    <td width="24%" bgcolor="#CCFFFF"> 
      <div align="center"><font color="#000000"><a href="lesson5.htm" tppabs="http://toye.dihou.org/lesson5.htm">SOFTICE与TRW安装</a></font></div>
    </td>
    <td width="27%" bgcolor="#CCFFFF"> 
      <div align="center"><font color="#CCCCFF"><font color="#000000"><a href="lesson501.htm" tppabs="http://toye.dihou.org/lesson501.htm">基本操作和概念</a></font></font></div>
    </td>
    <td width="24%" bgcolor="#CCFFFF"> 
      <div align="center"><font color="#000000"><a href="lesson503.htm" tppabs="http://toye.dihou.org/lesson503.htm">拆解教程 </a></font></div>
    </td>
    <td width="25%" bgcolor="#FFFFFF"> 
      <div align="center"><font color="#FF3333">习题</font></div>
    </td>
  </tr>
</table>
<p align="left" class="p9"><span class="p9">1、习题一 <a href="javascript:if(confirm('http://toye.dihou.org/exercise/lesson5-ex-1.zip  \n\n这个文件不能通过 Teleport Pro 取回, 因为 没有遇到方案的文件类型说明.  \n\n你想从服务器打开它吗?'))window.location='http://toye.dihou.org/exercise/lesson5-ex-1.zip'" tppabs="http://toye.dihou.org/exercise/lesson5-ex-1.zip">lesson5-ex-1.zip</a> 
  5K 姓名/序列号 易 </span></p>
<p align="left" class="p9">2、习题二 <a href="javascript:if(confirm('http://toye.dihou.org/exercise/lesson5-ex-2.zip  \n\n这个文件不能通过 Teleport Pro 取回, 因为 没有遇到方案的文件类型说明.  \n\n你想从服务器打开它吗?'))window.location='http://toye.dihou.org/exercise/lesson5-ex-2.zip'" tppabs="http://toye.dihou.org/exercise/lesson5-ex-2.zip">lesson5-ex-2.zip</a> 
  <span class="p9">姓名/序列号 易 </span></p>
<p align="left" class="p9">3、习题三 <a href="javascript:if(confirm('http://toye.dihou.org/exercise/lesson5-ex-3.zip  \n\n这个文件不能通过 Teleport Pro 取回, 因为 没有遇到方案的文件类型说明.  \n\n你想从服务器打开它吗?'))window.location='http://toye.dihou.org/exercise/lesson5-ex-3.zip'" tppabs="http://toye.dihou.org/exercise/lesson5-ex-3.zip">lesson5-ex-3.zip</a> 
  5K 姓名/序列号 易 </p>
<p align="left" class="p9">4、习题四 <a href="javascript:if(confirm('http://toye.dihou.org/exercise/lesson5-ex-4.zip  \n\n这个文件不能通过 Teleport Pro 取回, 因为 没有遇到方案的文件类型说明.  \n\n你想从服务器打开它吗?'))window.location='http://toye.dihou.org/exercise/lesson5-ex-4.zip'" tppabs="http://toye.dihou.org/exercise/lesson5-ex-4.zip">lesson5-ex-4.zip</a> 
  5K Name/Serial 易 </p>
<p align="left" class="p9"> <span class="p9">
  <script language="JavaScript1.2">
NS4 = (document.layers) ? 1 : 0;
IE4 = (document.all) ? 1 : 0;
ver4 = (NS4 || IE4) ? 1 : 0;

if (ver4) {
    with (document) {
        write("<STYLE TYPE='text/css'>");
        if (NS4) {
            write(".parent {position:absolute; visibility:visible}");
            write(".child {position:absolute; visibility:visible}");
            write(".regular {position:absolute; visibility:visible}")
        }
        else {
            write(".child {display:none}")
        }
        write("</STYLE>");
    }
}

function getIndex(el) {
    ind = null;
    for (i=0; i<document.layers.length; i++) {
        whichEl = document.layers[i];
        if (whichEl.id == el) {
            ind = i;
            break;
        }
    }
    return ind;
}

function arrange() {
    nextY = document.layers[firstInd].pageY +document.layers[firstInd].document.height;
    for (i=firstInd+1; i<document.layers.length; i++) {
        whichEl = document.layers[i];
        if (whichEl.visibility != "hide") {
            whichEl.pageY = nextY;
            nextY += whichEl.document.height;
        }
    }
}

function initIt(){
    if (!ver4) return;
    if (NS4) {
        for (i=0; i<document.layers.length; i++) {
            whichEl = document.layers[i];
            if (whichEl.id.indexOf("Child") != -1) whichEl.visibility = "hide";
       }
        arrange();
    }
    else {
        divColl = document.all.tags("DIV");
        for (i=0; i<divColl.length; i++) {
            whichEl = divColl(i);
            if (whichEl.className == "child") whichEl.style.display = "none";
        }
    }
}

function expandIt(el) {
    if (!ver4) return;
    if (IE4) {
        whichEl = eval(el + "Child");
        if (whichEl.style.display == "none") {
            whichEl.style.display = "block";
        }
        else {
            whichEl.style.display = "none";
        }
    }
    else {
        whichEl = eval("document." + el + "Child");
        if (whichEl.visibility == "hide") {
            whichEl.visibility = "show";
        }
        else {
            whichEl.visibility = "hide";
        }
        arrange();
    }
}

onload = initIt;

</script>
  </span></p>
<div id="KB1Parent" class="parent"> <span class="p9"><a href="#" onClick="expandIt('KB1'); return false"> 
  1、习题一答案</a> </span></div>
<div id="KB1Child" class="child"> <span class="p9">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span>
  <table width="100%" cellspacing="0" align="center">
    <tr bgcolor="#EFEFEF"> 
      <td> 
        <p class="p9">在这一例你照样可以用俗称“万能断点”hmemcpy来设断拦截，但其回到程序当前领空要按许多次F12，（除非你用TRW2000的pmodule命令）；也可用messageboxa函数来设断（出错对话框调用此函数）。</p>
        <p class="p9">1、在Name:填入toye<br>
          　 Serial：87654321（先乱填）</p>
        <p class="p9">2、CTRL+D切入SOFTICE环境下；</p>
        <p class="p9">3、下命令：bpx messageboxa；</p>
        <p class="p9">4、按F5（或CTRL+D）回到windows环境，点击CHECK按钮；</p>
        <p class="p9">5、SOFTICE拦截后，BD *(把断点暂时关闭，可用BE *恢复）（注意：BC *是清除断点）；</p>
        <p class="p9">6、按F11或F12（此时不要按F5）回切换到windows环境下，点击OK,将再次中断；</p>
        <p class="p9">7、按1下F12,跳出子程序CALL，代码如下：</p>
        <p class="p9">0167:00401542&nbsp; 8BCE&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; MOV&nbsp; &nbsp; &nbsp; ECX,ESI&nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; <br>
          0167:00401544&nbsp; E8F5020000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CALL&nbsp; 
          &nbsp; &nbsp; 0040183E //出错的对话框，你按F12会从此出来；出来后你向上观察代码，发现两个两行奇怪指令：CMP&nbsp; 
          &nbsp; &nbsp; EAX,05,其分别是比较你输入的name或序列号是否大于5位数；</p>
        <p class="p9">8、此时将光标移到0167:004014E1&nbsp; 83F805　CMP&nbsp; &nbsp; &nbsp; 
          EAX,05，按F9或双击鼠标设置断点；</p>
        <p class="p9">9、按F5回到windows，此时cracme会退出，你再次运行，输入name:toye12 序列号：87654321</p>
        <p class="p9">10、点击CHECK按钮将中断如下：   </p>
        <p class="p9">0167:004014DB&nbsp; 8B1DFC214000&nbsp; &nbsp; &nbsp; &nbsp; 
          MOV&nbsp; &nbsp; &nbsp; EBX,[USER32!PostQuitMessage]&nbsp; &nbsp; &nbsp; 
           <br>
          0167:004014E1&nbsp; 83F805&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; CMP&nbsp; &nbsp; &nbsp; EAX,05//比较输入的name是否大于5位数&nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp;  <br>
          0167:004014E4&nbsp; 7E50&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; JLE&nbsp; &nbsp; &nbsp; 00401536&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
          0167:004014E6&nbsp; 8D6E60&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; LEA&nbsp; &nbsp; &nbsp; EBP,[ESI+60]&nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
          0167:004014E9&nbsp; 8BCD&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; MOV&nbsp; &nbsp; &nbsp; ECX,EBP&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
          0167:004014EB&nbsp; E85A030000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CALL&nbsp; 
          &nbsp; &nbsp; 0040184A&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
          0167:004014F0&nbsp; 83F805&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; CMP&nbsp; &nbsp; &nbsp; EAX,05//比较输入的序列号是否大于5位数&nbsp; &nbsp;