Posted on 2009-09-20 23:53
S.l.e!ep.¢% 閱讀(358)
評論(0) 編輯 收藏 引用 所屬分類:
Crack
在所有的 GetWindowText 設置斷點
Ctrl + F2 重新開始
00401323? |.? E8 4C010000?? call??? <jmp.&USER32.GetWindowTextA>???? ; \GetWindowTextA
00401328? |.? E8 A5000000?? call??? 004013D2???????????????????????????????????????????? <--- 執行完這個之后,結果就放到 esi,
0040132D? |.? 3BC6????????? cmp???? eax, esi???????????????????????????????????????????????????? <--- 然后跟 eax 進行比較
0040132F? |.? 75 42???????? jnz???? short 00401373
00401331? |.? EB 2C???????? jmp???? short 0040135F
相關的匯編指令:
CMP
功能: 比較OP1與OP2的值
語法: CMP r/m,r/m/data
標志位: C,P,A,Z,O
?
Z == 0 ,則認為這兩個數相等
JNZ
JNZ 就是zf標志不為1轉移
匯編語言標志寄存器標志位說明
|
標志
|
名稱
|
值為1的標志
|
值為0的標志
|
說明
|
|
OF
|
Overflow Flag
|
OV(OVERFLOW)
|
NV(NOT OVERFLOW)
|
ALU是否溢出標志
|
|
SF
|
Sign Flag
|
NG(NEGTIVE)
|
PL(PLUS)
|
是否結果為負標志
(該標志的值總是ALU運算后最高位的結果保持一致)
|
|
ZF
|
Zero Flag
|
ZR(ZERO)
|
NZ(NOT ZERO)
|
是否結果為0標志
|
|
PF
|
Parity Flag
|
PE(PARITY EVEN)
|
PO(PARITY ODD)
|
ALU結果中1的個數的奇偶位
(確切地說是ALU的低八位中1的個數)
|
|
CF
|
Carry Flag
|
CY(CARRIED)
|
NC(NOT CARRIED)
|
是否借位或進位標志
|
|
DF
|
Direction Flag
|
DN(DOWN)
|
UP(UP)
|
方向標志���,若值為1則數據串指令從高地址向低地址方向步進
|
|
TF
|
Trap Flag
|
|
|
值為1的時候每執行一次指令便產生一條內中斷指令
|
|
IF
|
Interupt Flag
|
|
|
值為1的時候CPU可響應可屏蔽中斷指令
|
|
AF
|
Auxiliary Carry Flag
|
|
|
加、減算術指令執行后��,最低4位D 3
~
D 0位有進位或借位,AF=1��;無進位或借位���,AF=0�����。該標志用于系統進行BCD碼的算術運算結果的調整
|
|
|
00401323? |.? E8 4C010000?? call??? <jmp.&USER32.GetWindowTextA>???? ; \GetWindowTextA
00401328? |.? E8 A5000000?? call??? 004013D2???????????????????????????????????????????? <--- 執行完這個之后,結果就放到 esi,
0040132D? |.? 3BC6????????? cmp???? eax, esi???????????????????????????????????????????????????? <--- 然后跟 eax 進行比較
0040132F? |.? 75 42???????? jnz???? short 00401373??????????????????????????????????????????? <--- 肯定有地方修改了A這個標志位
00401331? |.? EB 2C???????? jmp???? short 0040135F
Ctrl + F2 再來一次,00401328? |.? E8 A5000000?? call??? 004013D2?????F7跟進去
004013D2? /$? 56??????????? push??? esi?????????????????????????????????????????? <--- 因為這個 function 要修改到 esi ���,所以先保存 esi 的值���,最后一定會 pop esi
004013D3? |.? 33C0????????? xor???? eax, eax????????????????????????????????????????? 清 eax 的值
004013D5? |.? 8D35 C4334000 lea???? esi, dword ptr [4033C4]????????? LEA 裝入有效地址.? 例: LEA DX,string ;把偏移地址存到DX.
004013DB? |.? 33C9????????? xor???? ecx, ecx????????????????????????????????????????? 清 ecx
004013DD? |.? 33D2????????? xor???? edx, edx???????????????????????????????????????? 清 edx
004013DF? |.? 8A06????????? mov???? al, byte ptr [esi]????????????????????????????
004013E1? |.? 46??????????? inc???? esi
004013E2? |.? 3C 2D???????? cmp???? al, 2D
004013E4? |.? 75 08???????? jnz???? short 004013EE
004013E6? |.? BA FFFFFFFF?? mov???? edx, -1
004013EB? |.? 8A06????????? mov???? al, byte ptr [esi]
004013ED? |.? 46??????????? inc???? esi
004013EE? |>? EB 0B???????? jmp???? short 004013FB
004013F0? |>? 2C 30???????? /sub???? al, 30
?