- UID
- 5593
注册时间2005-12-21
阅读权限10
最后登录1970-1-1
周游历练
TA的每日心情 | 开心
2019-12-17 14:52 |
|---|
签到天数: 2 天 [LV.1]初来乍到
|
楼主 |
发表于 2006-1-9 17:47:49
|
显示全部楼层
【破文标题】[PYG官方教学第三课作业题]
【破文作者】=随风=[PYG]
【作者邮箱】
【作者主页】
【破解工具】PEID,OD
【破解平台】XP SP2
【软件名称】
【软件大小】
【原版下载】
【保护方式】
【软件简介】
------------------------------------------------------------------------
OD载入,bp rtcMsgBox下断,F9运行
堆栈:
0012FA54 00402503 返回到 3课.00402503 来自 MSVBVM60.rtcMsgBox 右击鼠标,--"在反汇编窗口跟随"
0012FA58 0012FAF0
0012FA5C 00000040
0012FA60 0012FAE0
0012FA64 0012FAD0
代码来到这
00402450 55 push ebp ; 代码开始
00402451 8BEC mov ebp,esp
00402453 83EC 0C sub esp,0C
00402456 68 A6104000 push <jmp.&MSVBVM60.__vbaExceptH>
0040245B 64:A1 00000000 mov eax,dword ptr fs:[0]
00402461 50 push eax
00402462 64:8925 0000000>mov dword ptr fs:[0],esp
00402469 81EC 88000000 sub esp,88
0040246F 53 push ebx
00402470 56 push esi
00402471 57 push edi
00402472 8965 F4 mov dword ptr ss:[ebp-C],esp
00402475 C745 F8 8010400>mov dword ptr ss:[ebp-8],3课.0040>
0040247C 8B45 08 mov eax,dword ptr ss:[ebp+8]
0040247F 8BC8 mov ecx,eax
00402481 83E1 01 and ecx,1
00402484 894D FC mov dword ptr ss:[ebp-4],ecx
00402487 24 FE and al,0FE
00402489 50 push eax
0040248A 8945 08 mov dword ptr ss:[ebp+8],eax
0040248D 8B10 mov edx,dword ptr ds:[eax]
0040248F FF52 04 call dword ptr ds:[edx+4]
00402492 8B3D 68104000 mov edi,dword ptr ds:[<&MSVBVM60>; MSVBVM60.__vbaVarDup
00402498 B9 04000280 mov ecx,80020004
0040249D 33F6 xor esi,esi
0040249F 894D B4 mov dword ptr ss:[ebp-4C],ecx
004024A2 B8 0A000000 mov eax,0A
004024A7 894D C4 mov dword ptr ss:[ebp-3C],ecx
004024AA BB 08000000 mov ebx,8
004024AF 8975 BC mov dword ptr ss:[ebp-44],esi
004024B2 8975 AC mov dword ptr ss:[ebp-54],esi
004024B5 8975 8C mov dword ptr ss:[ebp-74],esi
004024B8 8D55 8C lea edx,dword ptr ss:[ebp-74]
004024BB 8D4D CC lea ecx,dword ptr ss:[ebp-34]
004024BE 8975 DC mov dword ptr ss:[ebp-24],esi
004024C1 8975 CC mov dword ptr ss:[ebp-34],esi
004024C4 8975 9C mov dword ptr ss:[ebp-64],esi
004024C7 8945 AC mov dword ptr ss:[ebp-54],eax
004024CA 8945 BC mov dword ptr ss:[ebp-44],eax
004024CD C745 94 9C1E400>mov dword ptr ss:[ebp-6C],3课.004>
004024D4 895D 8C mov dword ptr ss:[ebp-74],ebx
004024D7 FFD7 call edi
004024D9 8D55 9C lea edx,dword ptr ss:[ebp-64]
004024DC 8D4D DC lea ecx,dword ptr ss:[ebp-24]
004024DF C745 A4 7C1E400>mov dword ptr ss:[ebp-5C],3课.004>
004024E6 895D 9C mov dword ptr ss:[ebp-64],ebx
004024E9 FFD7 call edi
004024EB 8D45 AC lea eax,dword ptr ss:[ebp-54]
004024EE 8D4D BC lea ecx,dword ptr ss:[ebp-44]
004024F1 50 push eax
004024F2 8D55 CC lea edx,dword ptr ss:[ebp-34]
004024F5 51 push ecx
004024F6 52 push edx
004024F7 8D45 DC lea eax,dword ptr ss:[ebp-24]
004024FA 6A 40 push 40
004024FC 50 push eax
004024FD FF15 18104000 call dword ptr ds:[<&MSVBVM60.#5>; MSVBVM60.rtcMsgBox
00402503 8D4D AC lea ecx,dword ptr ss:[ebp-54] ; "在反汇编窗口跟随" 来到这里
00402506 8D55 BC lea edx,dword ptr ss:[ebp-44]
00402509 51 push ecx
0040250A 8D45 CC lea eax,dword ptr ss:[ebp-34]
0040250D 52 push edx
0040250E 8D4D DC lea ecx,dword ptr ss:[ebp-24]
00402511 50 push eax
00402512 51 push ecx
00402513 6A 04 push 4
00402515 FF15 08104000 call dword ptr ds:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeVarList
0040251B 83C4 14 add esp,14
0040251E 8975 FC mov dword ptr ss:[ebp-4],esi
00402521 68 45254000 push 3课.00402545
00402526 EB 1C jmp short 3课.00402544
00402528 8D55 AC lea edx,dword ptr ss:[ebp-54]
0040252B 8D45 BC lea eax,dword ptr ss:[ebp-44]
0040252E 52 push edx
0040252F 8D4D CC lea ecx,dword ptr ss:[ebp-34]
00402532 50 push eax
00402533 8D55 DC lea edx,dword ptr ss:[ebp-24]
00402536 51 push ecx
00402537 52 push edx
00402538 6A 04 push 4
0040253A FF15 08104000 call dword ptr ds:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeVarList
00402540 83C4 14 add esp,14
00402543 C3 retn
00402544 C3 retn
让他跳过这段代码:
00402450 55 push ebp 把这句修改成无条件跳:JMP 402544
继续运行
然后点击关闭按钮
OD又停了
堆栈:
0012F44C 00402623 返回到 3课.00402623 来自 MSVBVM60.rtcMsgBox 这里点右键--"在反汇编窗口跟随"
0012F450 0012F4E8
0012F454 00000040
0012F458 0012F4D8
0012F45C 0012F4C8
0012F460 0012F4B8
代码来到这:
00402570 55 push ebp ; 代码开始
00402571 8BEC mov ebp,esp
00402573 83EC 0C sub esp,0C
00402576 68 A6104000 push <jmp.&MSVBVM60.__vbaExceptH>
0040257B 64:A1 00000000 mov eax,dword ptr fs:[0]
00402581 50 push eax
00402582 64:8925 0000000>mov dword ptr fs:[0],esp
00402589 81EC 88000000 sub esp,88
0040258F 53 push ebx
00402590 56 push esi
00402591 57 push edi
00402592 8965 F4 mov dword ptr ss:[ebp-C],esp
00402595 C745 F8 9010400>mov dword ptr ss:[ebp-8],3课.0040>
0040259C 8B45 08 mov eax,dword ptr ss:[ebp+8]
0040259F 8BC8 mov ecx,eax
004025A1 83E1 01 and ecx,1
004025A4 894D FC mov dword ptr ss:[ebp-4],ecx
004025A7 24 FE and al,0FE
004025A9 50 push eax
004025AA 8945 08 mov dword ptr ss:[ebp+8],eax
004025AD 8B10 mov edx,dword ptr ds:[eax]
004025AF FF52 04 call dword ptr ds:[edx+4]
004025B2 8B3D 68104000 mov edi,dword ptr ds:[<&MSVBVM60>; MSVBVM60.__vbaVarDup
004025B8 B9 04000280 mov ecx,80020004
004025BD 33F6 xor esi,esi
004025BF 894D B4 mov dword ptr ss:[ebp-4C],ecx
004025C2 B8 0A000000 mov eax,0A
004025C7 894D C4 mov dword ptr ss:[ebp-3C],ecx
004025CA BB 08000000 mov ebx,8
004025CF 8975 BC mov dword ptr ss:[ebp-44],esi
004025D2 8975 AC mov dword ptr ss:[ebp-54],esi
004025D5 8975 8C mov dword ptr ss:[ebp-74],esi
004025D8 8D55 8C lea edx,dword ptr ss:[ebp-74]
004025DB 8D4D CC lea ecx,dword ptr ss:[ebp-34]
004025DE 8975 DC mov dword ptr ss:[ebp-24],esi
004025E1 8975 CC mov dword ptr ss:[ebp-34],esi
004025E4 8975 9C mov dword ptr ss:[ebp-64],esi
004025E7 8945 AC mov dword ptr ss:[ebp-54],eax
004025EA 8945 BC mov dword ptr ss:[ebp-44],eax
004025ED C745 94 9C1E400>mov dword ptr ss:[ebp-6C],3课.004>
004025F4 895D 8C mov dword ptr ss:[ebp-74],ebx
004025F7 FFD7 call edi
004025F9 8D55 9C lea edx,dword ptr ss:[ebp-64]
004025FC 8D4D DC lea ecx,dword ptr ss:[ebp-24]
004025FF C745 A4 B41E400>mov dword ptr ss:[ebp-5C],3课.004>
00402606 895D 9C mov dword ptr ss:[ebp-64],ebx
00402609 FFD7 call edi
0040260B 8D45 AC lea eax,dword ptr ss:[ebp-54]
0040260E 8D4D BC lea ecx,dword ptr ss:[ebp-44]
00402611 50 push eax
00402612 8D55 CC lea edx,dword ptr ss:[ebp-34]
00402615 51 push ecx
00402616 52 push edx
00402617 8D45 DC lea eax,dword ptr ss:[ebp-24]
0040261A 6A 40 push 40
0040261C 50 push eax
0040261D FF15 18104000 call dword ptr ds:[<&MSVBVM60.#5>; MSVBVM60.rtcMsgBox
00402623 8D4D AC lea ecx,dword ptr ss:[ebp-54] ; "在反汇编窗口跟随" 来到这里
00402626 8D55 BC lea edx,dword ptr ss:[ebp-44]
00402629 51 push ecx
0040262A 8D45 CC lea eax,dword ptr ss:[ebp-34]
0040262D 52 push edx
0040262E 8D4D DC lea ecx,dword ptr ss:[ebp-24]
00402631 50 push eax
00402632 51 push ecx
00402633 6A 04 push 4
00402635 FF15 08104000 call dword ptr ds:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeVarList
0040263B 83C4 14 add esp,14
0040263E 8975 FC mov dword ptr ss:[ebp-4],esi
00402641 68 65264000 push 3课.00402665
00402646 EB 1C jmp short 3课.00402664
00402648 8D55 AC lea edx,dword ptr ss:[ebp-54]
0040264B 8D45 BC lea eax,dword ptr ss:[ebp-44]
0040264E 52 push edx
0040264F 8D4D CC lea ecx,dword ptr ss:[ebp-34]
00402652 50 push eax
00402653 8D55 DC lea edx,dword ptr ss:[ebp-24]
00402656 51 push ecx
00402657 52 push edx
00402658 6A 04 push 4
0040265A FF15 08104000 call dword ptr ds:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeVarList
00402660 83C4 14 add esp,14
00402663 C3 retn
00402664 C3 retn 代码结束
跟上面的一样,无条件跳过这一段
00402570 55 push ebp 改成:JMP 402664
保存所有改动
关闭OD
再运行
两个NAG窗口没了!
------------------------------------------------------------------------
------------------------------------------------------------------------
【版权声明】欢迎转贴,但请注意出处!谢谢!
[ 本帖最后由 =随风= 于 2006-1-9 17:48 编辑 ] |
|
IP卡
发表于 2006-1-9 15:54:49
提升卡
置顶卡
变色卡
千斤顶
显身卡