Posted on 2009-09-20 23:53
S.l.e!ep.¢% 閱讀(362)
評論(0) 編輯 收藏 引用 所屬分類:
Crack
在所有的 GetWindowText 設(shè)置斷點
Ctrl + F2 重新開始
00401323? |.? E8 4C010000?? call??? <jmp.&USER32.GetWindowTextA>???? ; \GetWindowTextA
00401328? |.? E8 A5000000?? call??? 004013D2???????????????????????????????????????????? <--- 執(zhí)行完這個之后,結(jié)果就放到 esi,
0040132D? |.? 3BC6????????? cmp???? eax, esi???????????????????????????????????????????????????? <--- 然后跟 eax 進(jìn)行比較
0040132F? |.? 75 42???????? jnz???? short 00401373
00401331? |.? EB 2C???????? jmp???? short 0040135F
相關(guān)的匯編指令:
CMP
功能: 比較OP1與OP2的值
語法: CMP r/m,r/m/data
標(biāo)志位: C,P,A,Z,O
?
Z == 0 ,則認(rèn)為這兩個數(shù)相等
JNZ
JNZ 就是zf標(biāo)志不為1轉(zhuǎn)移
匯編語言標(biāo)志寄存器標(biāo)志位說明
|
標(biāo)志
|
名稱
|
值為1的標(biāo)志
|
值為0的標(biāo)志
|
說明
|
|
OF
|
Overflow Flag
|
OV(OVERFLOW)
|
NV(NOT OVERFLOW)
|
ALU是否溢出標(biāo)志
|
|
SF
|
Sign Flag
|
NG(NEGTIVE)
|
PL(PLUS)
|
是否結(jié)果為負(fù)標(biāo)志
(該標(biāo)志的值總是ALU運算后最高位的結(jié)果保持一致)
|
|
ZF
|
Zero Flag
|
ZR(ZERO)
|
NZ(NOT ZERO)
|
是否結(jié)果為0標(biāo)志
|
|
PF
|
Parity Flag
|
PE(PARITY EVEN)
|
PO(PARITY ODD)
|
ALU結(jié)果中1的個數(shù)的奇偶位
(確切地說是ALU的低八位中1的個數(shù))
|
|
CF
|
Carry Flag
|
CY(CARRIED)
|
NC(NOT CARRIED)
|
是否借位或進(jìn)位標(biāo)志
|
|
DF
|
Direction Flag
|
DN(DOWN)
|
UP(UP)
|
方向標(biāo)志,若值為1則數(shù)據(jù)串指令從高地址向低地址方向步進(jìn)
|
|
TF
|
Trap Flag
|
|
|
值為1的時候每執(zhí)行一次指令便產(chǎn)生一條內(nèi)中斷指令
|
|
IF
|
Interupt Flag
|
|
|
值為1的時候CPU可響應(yīng)可屏蔽中斷指令
|
|
AF
|
Auxiliary Carry Flag
|
|
|
加、減算術(shù)指令執(zhí)行后,最低4位D 3
~
D 0位有進(jìn)位或借位,AF=1;無進(jìn)位或借位,AF=0。該標(biāo)志用于系統(tǒng)進(jìn)行BCD碼的算術(shù)運算結(jié)果的調(diào)整
|
|
|
00401323? |.? E8 4C010000?? call??? <jmp.&USER32.GetWindowTextA>???? ; \GetWindowTextA
00401328? |.? E8 A5000000?? call??? 004013D2???????????????????????????????????????????? <--- 執(zhí)行完這個之后,結(jié)果就放到 esi,
0040132D? |.? 3BC6????????? cmp???? eax, esi???????????????????????????????????????????????????? <--- 然后跟 eax 進(jìn)行比較
0040132F? |.? 75 42???????? jnz???? short 00401373??????????????????????????????????????????? <--- 肯定有地方修改了A這個標(biāo)志位
00401331? |.? EB 2C???????? jmp???? short 0040135F
Ctrl + F2 再來一次,00401328? |.? E8 A5000000?? call??? 004013D2?????F7跟進(jìn)去
004013D2? /$? 56??????????? push??? esi?????????????????????????????????????????? <--- 因為這個 function 要修改到 esi ,所以先保存 esi 的值,最后一定會 pop esi
004013D3? |.? 33C0????????? xor???? eax, eax????????????????????????????????????????? 清 eax 的值
004013D5? |.? 8D35 C4334000 lea???? esi, dword ptr [4033C4]????????? LEA 裝入有效地址.? 例: LEA DX,string ;把偏移地址存到DX.
004013DB? |.? 33C9????????? xor???? ecx, ecx????????????????????????????????????????? 清 ecx
004013DD? |.? 33D2????????? xor???? edx, edx???????????????????????????????????????? 清 edx
004013DF? |.? 8A06????????? mov???? al, byte ptr [esi]????????????????????????????
004013E1? |.? 46??????????? inc???? esi
004013E2? |.? 3C 2D???????? cmp???? al, 2D
004013E4? |.? 75 08???????? jnz???? short 004013EE
004013E6? |.? BA FFFFFFFF?? mov???? edx, -1
004013EB? |.? 8A06????????? mov???? al, byte ptr [esi]
004013ED? |.? 46??????????? inc???? esi
004013EE? |>? EB 0B???????? jmp???? short 004013FB
004013F0? |>? 2C 30???????? /sub???? al, 30
?