一个无敌CM的爆破方法:
本帖最后由 Icc 于 2016-8-24 19:00 编辑地址:https://www.52hb.com/thread-26043-1-1.html
本菜鸟逆向的不是很好,大牛别打击我{:5_116:}
过信息框的办法:
MessageBoxA下断点,然后F9运行,随便输入一个字符,之后返回到00409F93
处,找函数头。
改为:
爆破:00409714 837D F4 00 cmp dword ptr , 0
00409718 90 nop
00409719 90 nop
0040971A 90 nop
0040971B 90 nop
0040971C 90 nop
0040971D 90 nop
0040971E 68 010100A0 push A0000101
00409767 83C4 04 add esp, 4
0040976A 90 nop
0040976B 90 nop
0040976C 90 nop
0040976D 90 nop
0040976E 90 nop
0040976F 68 010100A0 push A0000101
00409774 6A 00 push 0
004097E6 837D F0 00 cmp dword ptr , 0
004097EA 90 nop
004097EB 90 nop
004097EC 90 nop
004097ED 90 nop
004097EE 90 nop
004097EF 90 nop
004097F0 68 010100A0 push A0000101
00409839 83C4 04 add esp, 4
0040983C 90 nop
0040983D 90 nop
0040983E 90 nop
0040983F 90 nop
00409840 90 nop
00409841 68 010100A0 push A0000101
00409846 6A 00 push 0
00409848 68 CB904000 push 004090CB
004098B8 837D F0 00 cmp dword ptr , 0
004098BC 90 nop
004098BD 90 nop
004098BE 90 nop
004098BF 90 nop
004098C0 90 nop
004098C1 90 nop
004098C2 68 010100A0 push A0000101
0040990B 83C4 04 add esp, 4
0040990E 90 nop
0040990F 90 nop
00409910 90 nop
00409911 90 nop
00409912 90 nop
00409913 68 010100A0 push A0000101
00409918 6A 00 push 0
0040998A 837D F0 00 cmp dword ptr , 0
0040998E 90 nop
0040998F 90 nop
00409990 90 nop
00409991 90 nop
00409992 90 nop
00409993 90 nop
00409994 68 010100A0 push A0000101
004099DD 83C4 04 add esp, 4
004099E0 90 nop
004099E1 90 nop
004099E2 90 nop
004099E3 90 nop
004099E4 90 nop
00409A5C 837D F0 00 cmp dword ptr , 0
00409A60 90 nop
00409A61 90 nop
00409A62 90 nop
00409A63 90 nop
00409A64 90 nop
00409A65 90 nop
00409A66 68 010100A0 push A0000101
00409AAF 83C4 04 add esp, 4
00409AB2 90 nop
00409AB3 90 nop
00409AB4 90 nop
00409AB5 90 nop
00409AB6 90 nop
00409AB7 68 010100A0 push A0000101
00409ABC 6A 00 push 0
00409B2E 837D F0 00 cmp dword ptr , 0
00409B32 90 nop
00409B33 90 nop
00409B34 90 nop
00409B35 90 nop
00409B36 90 nop
00409B37 90 nop
00409B38 68 010100A0 push A0000101
00409B81 83C4 04 add esp, 4
00409B84 90 nop
00409B85 90 nop
00409B86 90 nop
00409B87 90 nop
00409B88 90 nop
00409B89 68 010100A0 push A0000101
00409B8E 6A 00 push 0
00409C00 837D F0 00 cmp dword ptr , 0
00409C04 90 nop
00409C05 90 nop
00409C06 90 nop
00409C07 90 nop
00409C08 90 nop
00409C09 90 nop
00409C0A 68 010100A0 push A0000101
00409C53 83C4 04 add esp, 4
00409C56 90 nop
00409C57 90 nop
00409C58 90 nop
00409C59 90 nop
00409C5A 90 nop
00409C5B 68 010100A0 push A0000101
00409CD2 837D F0 00 cmp dword ptr , 0
00409CD6 90 nop
00409CD7 90 nop
00409CD8 90 nop
00409CD9 90 nop
00409CDA 90 nop
00409CDB 90 nop
00409CDC 68 010100A0 push A0000101
00409D25 83C4 04 add esp, 4
00409D28 90 nop
00409D29 90 nop
00409D2A 90 nop
00409D2B 90 nop
00409D2C 90 nop
00409D2D 68 010100A0 push A0000101
00409D32 6A 00 push 0
好多nop... No.16 发表于 2016-8-24 19:49
好多nop...
{:5_116:}或者把sete全改成setne 应该也可以- - 好像我就改了一个都行了 xdr 发表于 2016-8-24 22:59
好像我就改了一个都行了
{:5_124:}你多输入点试试- - Icc 发表于 2016-8-25 08:30
你多输入点试试- -
我的CM新手都可以虐我了,感觉很脸肿{:5_184:} 好多NOP填充啊 我也来练习练习 00409714这个地址是怎么找到的 CrackLee 发表于 2016-9-26 15:47
00409714这个地址是怎么找到的
E-DEBUG找的