过QQ验证
水平实在太菜 刚刚告别0基础 距离菜鸟还有很长的路要走 爆了一个垃圾FZFZ 水平太凹 大牛飘过 菜鸟勿笑街头篮球的一款试用推广FZ 带几个鸡肋的免费功能 至于收费功能看广告上是相当的强大
https://www.52hb.com/data/attachment/forum/201410/16/002733uvluqn9iiinxahan.jpg
QQ验证??感觉应该是QQ群验证
无壳OD直接加载 搜索字符串竟然有通过验证 有戏 呵呵
0040364E|.53 push ebx
0040364F|.E8 C3FD0000 call 内部正版.00413417
00403654|.83C4 04 add esp,0x4
00403657|>8B45 F4 mov eax,
0040365A|.A3 D06E7D00 mov dword ptr ds:,eax
0040365F 833D C06E7D00>cmp dword ptr ds:,0x1
00403666 0F85 74000000 jnz 内部正版.004036E0
0040366C|.6A 00 push 0x0
0040366E|.6A 00 push 0x0
00403670|.6A 00 push 0x0
00403672|.68 01030080 push 0x80000301
00403677|.6A 00 push 0x0
00403679|.68 00000000 push 0x0
0040367E|.68 04000080 push 0x80000004
00403683|.6A 00 push 0x0
00403685|.68 1B984800 push 内部正版.0048981B ;通过验证,您可以使用VIP功能!
0040368A|.68 03000000 push 0x3
0040368F|.BB 504D4100 mov ebx,内部正版.00414D50
00403694|.E8 90FD0000 call 内部正版.00413429
00403699|.83C4 28 add esp,0x28
0040369C|.B8 39984800 mov eax,内部正版.00489839 ;19881012
004036A1|.8945 F8 mov ,eax
004036A4|.8D45 F8 lea eax,
004036A7|.50 push eax
004036A8|.6A 01 push 0x1
004036AA|.B8 42984800 mov eax,内部正版.00489842 ;8787
004036AF|.8945 F4 mov ,eax
004036B2|.8D45 F4 lea eax,
004036B5|.50 push eax
004036B6|.E8 26240000 call 内部正版.00405AE1
004036BB|.8B5D F4 mov ebx,
004036BE|.85DB test ebx,ebx
004036C0|.74 09 je short 内部正版.004036CB
004036C2|.53 push ebx
004036C3|.E8 4FFD0000 call 内部正版.00413417
004036C8|.83C4 04 add esp,0x4
004036CB|>8B5D F8 mov ebx,
004036CE|.85DB test ebx,ebx
004036D0|.74 09 je short 内部正版.004036DB
004036D2|.53 push ebx
004036D3|.E8 3FFD0000 call 内部正版.00413417
004036D8|.83C4 04 add esp,0x4
004036DB|>E9 63010000 jmp 内部正版.00403843
004036E0|>833D C06E7D00>cmp dword ptr ds:,0x2
004036E7|.0F85 35000000 jnz 内部正版.00403722
004036ED|.6A 00 push 0x0
004036EF|.6A 00 push 0x0
004036F1|.6A 00 push 0x0
004036F3|.68 01030080 push 0x80000301
004036F8|.6A 00 push 0x0
004036FA|.68 00000000 push 0x0
004036FF|.68 04000080 push 0x80000004
00403704|.6A 00 push 0x0
00403706|.68 47984800 push 内部正版.00489847 ;你不是我们的客户,您不可以使用VIP功能!
0040370B|.68 03000000 push 0x3
00403710|.BB 504D4100 mov ebx,内部正版.00414D50
00403715|.E8 0FFD0000 call 内部正版.00413429
0040371A|.83C4 28 add esp,0x28
0040371D|.E9 21010000 jmp 内部正版.00403843
00403722|>833D D06E7D00>cmp dword ptr ds:,0x3
00403729|.0F84 11000000 je 内部正版.00403740
0040372F|.833D C06E7D00>cmp dword ptr ds:,0x3
00403736|.0F84 04000000 je 内部正版.00403740
0040373C|.33C0 xor eax,eax
0040373E|.EB 05 jmp short 内部正版.00403745
00403740|>B8 01000000 mov eax,0x1
00403745|>85C0 test eax,eax
00403747|.0F84 35000000 je 内部正版.00403782
0040374D|.6A 00 push 0x0
0040374F|.6A 00 push 0x0
00403751|.6A 00 push 0x0
00403753|.68 01030080 push 0x80000301
00403758|.6A 00 push 0x0
0040375A|.68 00000000 push 0x0
0040375F|.68 04000080 push 0x80000004
00403764|.6A 00 push 0x0
00403766|.68 6F984800 push 内部正版.0048986F ;你没有登录QQ!
0040376B|.68 03000000 push 0x3
00403770|.BB 504D4100 mov ebx,内部正版.00414D50
00403775|.E8 AFFC0000 call 内部正版.00413429
0040377A|.83C4 28 add esp,0x28
0040377D|.E9 C1000000 jmp 内部正版.00403843
00403782|>833D D06E7D00>cmp dword ptr ds:,0x4
00403789|.0F85 35000000 jnz 内部正版.004037C4
0040378F|.6A 00 push 0x0
00403791|.6A 00 push 0x0
00403793|.6A 00 push 0x0
00403795|.68 01030080 push 0x80000301
0040379A|.6A 00 push 0x0
0040379C|.68 00000000 push 0x0
004037A1|.68 04000080 push 0x80000004
004037A6|.6A 00 push 0x0
004037A8|.68 7E984800 push 内部正版.0048987E ;未安装腾讯快捷登录控件!
004037AD|.68 03000000 push 0x3
004037B2|.BB 504D4100 mov ebx,内部正版.00414D50
004037B7|.E8 6DFC0000 call 内部正版.00413429
004037BC|.83C4 28 add esp,0x28
004037BF|.E9 7F000000 jmp 内部正版.00403843
004037C4|>833D D06E7D00>cmp dword ptr ds:,0x7
004037CB|.0F85 35000000 jnz 内部正版.00403806
004037D1|.6A 00 push 0x0
004037D3|.6A 00 push 0x0
004037D5|.6A 00 push 0x0
004037D7|.68 01030080 push 0x80000301
004037DC|.6A 00 push 0x0
004037DE|.68 00000000 push 0x0
004037E3|.68 04000080 push 0x80000004
004037E8|.6A 00 push 0x0
004037EA|.68 97984800 push 内部正版.00489897 ;无法计算ldw值!
004037EF|.68 03000000 push 0x3
004037F4|.BB 504D4100 mov ebx,内部正版.00414D50
004037F9|.E8 2BFC0000 call 内部正版.00413429
004037FE|.83C4 28 add esp,0x28
00403801|.E9 3D000000 jmp 内部正版.00403843
00403806|>833D D06E7D00>cmp dword ptr ds:,0x8
0040380D|.0F85 30000000 jnz 内部正版.00403843
00403813|.6A 00 push 0x0
00403815|.6A 00 push 0x0
00403817|.6A 00 push 0x0
00403819|.68 01030080 push 0x80000301
0040381E|.6A 00 push 0x0
00403820|.68 00000000 push 0x0
00403825|.68 04000080 push 0x80000004
0040382A|.6A 00 push 0x0
0040382C|.68 A7984800 push 内部正版.004898A7 ;检测到QQ处于离线状态!
00403831|.68 03000000 push 0x3
00403836|.BB 504D4100 mov ebx,内部正版.00414D50
0040383B|.E8 E9FB0000 call 内部正版.00413429
00403840|.83C4 28 add esp,0x28
00403843|>8B5D FC mov ebx,
00403846|.85DB test ebx,ebx
00403848|.74 09 je short 内部正版.00403853
0040384A|.53 push ebx
0040384B|.E8 C7FB0000 call 内部正版.00413417
00403850|.83C4 04 add esp,0x4
00403853|>8BE5 mov esp,ebp
00403855|.5D pop ebp
00403856\.C3 retn
00403857/$55 push ebp
00403858|.8BEC mov ebp,esp
0040385A|.81EC 04000000 sub esp,0x4
00403860|.837D 14 00 cmp ,0x0
00403864|.0F84 24000000 je 内部正版.0040388E
0040386A|.8965 FC mov ,esp
0040386D|.68 00000000 push 0x0
00403872|.B8 05000000 mov eax,0x5
00403877|.E8 A7FB0000 call 内部正版.00413423
0040387C|.3965 FC cmp ,esp
0040387F|.74 0D je short 内部正版.0040388E
00403881|.68 06000000 push 0x6
00403886|.E8 92FB0000 call 内部正版.0041341D
0040388B|.83C4 04 add esp,0x4
0040388E|>C705 C46E7D00>mov dword ptr ds:,0x0
00403898|.8B5D 08 mov ebx,
0040389B|.8B03 mov eax,dword ptr ds:
0040389D|.85C0 test eax,eax
0040389F|.74 15 je short 内部正版.004038B6
004038A1|.50 push eax
004038A2|.8BD8 mov ebx,eax
004038A4|.E8 AFDBFFFF call 内部正版.00401458
004038A9|.40 inc eax
004038AA|.50 push eax
004038AB|.E8 61FB0000 call 内部正版.00413411
004038B0|.59 pop ecx
004038B1|.5E pop esi
004038B2|.8BF8 mov edi,eax
004038B4|.F3:A4 rep movs byte ptr es:,byte ptr ds:[>
004038B6|>50 push eax
004038B7|.8B1D D46E7D00 mov ebx,dword ptr ds:
004038BD|.85DB test ebx,ebx
004038BF|.74 09 je short 内部正版.004038CA
004038C1|.53 push ebx
004038C2|.E8 50FB0000 call 内部正版.00413417
004038C7|.83C4 04 add esp,0x4
004038CA|>58 pop eax
004038CB|.A3 D46E7D00 mov dword ptr ds:,eax
004038D0|.837D 0C 00 cmp ,0x0
004038D4|.0F84 30000000 je 内部正版.0040390A
004038DA|.68 50000000 push 0x50
004038DF|.E8 AFE1FFFF call 内部正版.00401A93
004038E4|.85C0 test eax,eax
004038E6|.0F84 0F000000 je 内部正版.004038FB
004038EC|.E8 B0E6FFFF call 内部正版.00401FA1
004038F1|.E8 89000000 call 内部正版.0040397F
004038F6|.E9 0A000000 jmp 内部正版.00403905
004038FB|>C705 C46E7D00>mov dword ptr ds:,0x6
00403905|>E9 05000000 jmp 内部正版.0040390F
0040390A|>E8 70000000 call 内部正版.0040397F
0040390F|>A1 D86E7D00 mov eax,dword ptr ds:
00403914|.85C0 test eax,eax
00403916|.74 15 je short 内部正版.0040392D
00403918|.50 push eax
00403919|.8BD8 mov ebx,eax
0040391B|.E8 38DBFFFF call 内部正版.00401458
00403920|.40 inc eax
00403921|.50 push eax
00403922|.E8 EAFA0000 call 内部正版.00413411
00403927|.59 pop ecx
00403928|.5E pop esi
00403929|.8BF8 mov edi,eax
0040392B|.F3:A4 rep movs byte ptr es:,byte ptr ds:[>
0040392D|>50 push eax
0040392E|.8B5D 1C mov ebx,
00403931|.8B1B mov ebx,dword ptr ds:
00403933|.85DB test ebx,ebx
00403935|.74 09 je short 内部正版.00403940
00403937|.53 push ebx
00403938|.E8 DAFA0000 call 内部正版.00413417
0040393D|.83C4 04 add esp,0x4
00403940|>58 pop eax
00403941|.8B5D 1C mov ebx,
00403944|.8903 mov dword ptr ds:,eax
00403946|.837D 14 00 cmp ,0x0
0040394A|.0F84 1F000000 je 内部正版.0040396F
00403950|.8965 FC mov ,esp
00403953|.B8 06000000 mov eax,0x6
00403958|.E8 C6FA0000 call 内部正版.00413423
0040395D|.3965 FC cmp ,esp
00403960|.74 0D je short 内部正版.0040396F
00403962|.68 06000000 push 0x6
00403967|.E8 B1FA0000 call 内部正版.0041341D
0040396C|.83C4 04 add esp,0x4
0040396F|>A1 C46E7D00 mov eax,dword ptr ds:
00403974|.E9 00000000 jmp 内部正版.00403979
00403979|>8BE5 mov esp,ebp
0040397B|.5D pop ebp
0040397C\.C2 1C00 retn 0x1C
https://www.52hb.com/data/attachment/forum/201410/16/002734njww3hdwxsjajzh0.jpg
验证错误的跳转直接NOP 一路走向验证通过 这简直就是恒大的第一课爆破的原理嘛
然后去掉FZ的更新和弹出小广告
依然字符串找到段首retn 弹窗去除成功 但是在注入游戏进程后会出现错误水平问题没有能解决不懂汇编不能雄起啊不灰心 换条路走
004073BC|. /74 09 je short 内部正版.004073C7
004073BE|. |53 push ebx
004073BF|. |E8 53C00000 call 内部正版.00413417
004073C4|. |83C4 04 add esp,0x4
004073C7 \837D F4 00 cmp dword ptr ss:,0x0
004073CB 0F84 2E010000 je 内部正版.004074FF
004073D1 B8 309C4800 mov eax,内部正版.00489C30 ;7758522
004073D6|.8945 FC mov ,eax
004073D9|.8D45 FC lea eax,
004073DC|.50 push eax
004073DD|.E8 D11E0000 call 内部正版.004092B3
004073E2|.8B5D FC mov ebx,
004073E5|.85DB test ebx,ebx
004073E7|.74 09 je short 内部正版.004073F2
004073E9|.53 push ebx
004073EA|.E8 28C00000 call 内部正版.00413417
004073EF|.83C4 04 add esp,0x4
004073F2|>68 01030080 push 0x80000301
004073F7|.6A 00 push 0x0
004073F9|.68 0A000000 push 0xA
004073FE|.68 01000000 push 0x1
00407403|.B8 01000000 mov eax,0x1
00407408|.BB F0DB4500 mov ebx,内部正版.0045DBF0
0040740D|.E8 23C00000 call 内部正版.00413435
00407412|.83C4 10 add esp,0x10
00407415|.8945 FC mov ,eax
00407418|.68 389C4800 push 内部正版.00489C38 ;\2.ime
0040741D|.FF75 FC push
00407420|.B9 02000000 mov ecx,0x2
00407425|.E8 99A0FFFF call 内部正版.004014C3
0040742A|.83C4 08 add esp,0x8
0040742D|.8945 F8 mov ,eax
00407430|.8B5D FC mov ebx,
00407433|.85DB test ebx,ebx
00407435|.74 09 je short 内部正版.00407440
00407437|.53 push ebx
00407438|.E8 DABF0000 call 内部正版.00413417
0040743D|.83C4 04 add esp,0x4
00407440|>68 04000080 push 0x80000004
00407445|.6A 00 push 0x0
00407447|.8B45 F8 mov eax,
0040744A|.85C0 test eax,eax
0040744C|.75 05 jnz short 内部正版.00407453
0040744E|.B8 33924800 mov eax,内部正版.00489233
00407453|>50 push eax
00407454|.68 01000000 push 0x1
00407459|.BB 104C4100 mov ebx,内部正版.00414C10
0040745E|.E8 C6BF0000 call 内部正版.00413429
00407463|.83C4 10 add esp,0x10
00407466|.8B5D F8 mov ebx,
00407469|.85DB test ebx,ebx
0040746B|.74 09 je short 内部正版.00407476
0040746D|.53 push ebx
0040746E|.E8 A4BF0000 call 内部正版.00413417
00407473|.83C4 04 add esp,0x4
00407476|>68 01030080 push 0x80000301
0040747B|.6A 00 push 0x0
0040747D|.68 0A000000 push 0xA
00407482|.68 01000000 push 0x1
00407487|.B8 01000000 mov eax,0x1
0040748C|.BB F0DB4500 mov ebx,内部正版.0045DBF0
00407491|.E8 9FBF0000 call 内部正版.00413435
00407496|.83C4 10 add esp,0x10
00407499|.8945 FC mov ,eax
0040749C|.68 3F9C4800 push 内部正版.00489C3F ;\oppo.dll
004074A1|.FF75 FC push
004074A4|.B9 02000000 mov ecx,0x2
004074A9|.E8 15A0FFFF call 内部正版.004014C3
004074AE|.83C4 08 add esp,0x8
004074B1|.8945 F8 mov ,eax
004074B4|.8B5D FC mov ebx,
004074B7|.85DB test ebx,ebx
004074B9|.74 09 je short 内部正版.004074C4
004074BB|.53 push ebx
004074BC|.E8 56BF0000 call 内部正版.00413417
004074C1|.83C4 04 add esp,0x4
004074C4|>68 04000080 push 0x80000004
004074C9|.6A 00 push 0x0
004074CB|.8B45 F8 mov eax,
004074CE|.85C0 test eax,eax
004074D0|.75 05 jnz short 内部正版.004074D7
004074D2|.B8 33924800 mov eax,内部正版.00489233
004074D7|>50 push eax
004074D8|.68 01000000 push 0x1
004074DD|.BB 104C4100 mov ebx,内部正版.00414C10
004074E2|.E8 42BF0000 call 内部正版.00413429
004074E7|.83C4 10 add esp,0x10
004074EA|.8B5D F8 mov ebx,
004074ED|.85DB test ebx,ebx
004074EF|.74 09 je short 内部正版.004074FA
004074F1|.53 push ebx
004074F2|.E8 20BF0000 call 内部正版.00413417
004074F7|.83C4 04 add esp,0x4
004074FA|>E9 5B000000 jmp 内部正版.0040755A
004074FF|>6A 00 push 0x0
00407501|.6A 00 push 0x0
00407503|.6A 00 push 0x0
00407505|.68 01030080 push 0x80000301
0040750A|.6A 00 push 0x0
0040750C|.68 00000000 push 0x0
00407511|.68 04000080 push 0x80000004
00407516|.6A 00 push 0x0
00407518|.68 499C4800 push 内部正版.00489C49 ;此版本已经失效,请官网下载最新版本!
0040751D|.68 03000000 push 0x3
00407522|.BB 504D4100 mov ebx,内部正版.00414D50
00407527|.E8 FDBE0000 call 内部正版.00413429
0040752C|.83C4 28 add esp,0x28
0040752F B8 009C4800 mov eax,内部正版.00489C00 ;www.87fs.com
00407534|.8945 FC mov ,eax
00407537|.8D45 FC lea eax,
0040753A|.50 push eax
0040753B|.E8 F29AFFFF call 内部正版.00401032
00407540|.8B5D FC mov ebx,
00407543|.85DB test ebx,ebx
00407545|.74 09 je short 内部正版.00407550
00407547|.53 push ebx
00407548|.E8 CABE0000 call 内部正版.00413417
0040754D|.83C4 04 add esp,0x4
00407550|>6A 00 push 0x0
00407552|.E8 EABE0000 call 内部正版.00413441
00407557|.83C4 04 add esp,0x4
0040755A|>8BE5 mov esp,ebp
0040755C|.5D pop ebp
既然是JMP为什么跳不过来呢??(这话听着耳熟吗?)
JMP下面的代码又一个跳转进来顺着向上找到 NOP掉
https://www.52hb.com/data/attachment/forum/201410/16/002736hh5lps99tjo5hopt.jpg
更新就去掉了
然后是弹窗小广告
因为怕出错就不搞了 但是讨厌这牛皮癣就换成咱们的网址
https://www.52hb.com/data/attachment/forum/201410/16/002737i795v5bjnjclbonn.jpg
内存窗口Ctrl+G转到00489C00
https://www.52hb.com/data/attachment/forum/201410/16/002738vuekwnydhzkn8yyn.jpg
修改自己喜欢的网站 虽然还有弹窗 但是顺眼啊
最后保存修改
测试了一下发现这FZFZ不光垃圾 还是个骗子大多功能都是自慰的只有几个少数功能可以用
FZ作者已被抓
也有不少人购买都发现上当 觉着也就几十块就算了 于是修改了一下
https://www.52hb.com/data/attachment/forum/201410/16/002743adni5ynl5n5wpgin.jpg
好了 结束
感谢分享原创作品{:5_193:}
{:5_117:}作为新手,你的步骤已经写的很清晰了,感谢楼主的原创分享
恒大是不是随身带着笔记本半夜申请注册就是秒处理 这刚发贴就来加亮{:5_121:}
希望恒大多写一些新手教程 让我早日成为逆向菜鸟
牛逼哄哄{:5_116:}
呵呵,钓鱼做得好,花钱被骗少不了,好工整
{:5_185:}钓鱼做的好,生活骗不少。
假FZ一个哦。直接秒掉的{:5_188:}
弄过这个FZ,确实是骗人的
微笑的耗子 发表于 2014-10-16 21:08
弄过这个FZ,确实是骗人的
也玩过街头篮球??