设为首页收藏本站官方微博
开启辅助访问 切换到窄版

飘云阁

 找回密码
 加入我们

QQ登录

只需一步,快速开始

[x86]PYG官方Dll优雅破解补丁制作工具[x64]PYG官方DLL优雅破解补丁制作工具[x86]PYG官方Exe优雅破解补丁制作工具[x86/x64]Baymax Patch Tools飘云阁工具包(已更新第4季)
返回列表 发新帖
查看: 2591|回复: 1

[求助] 如何不进行判断,直接执行命令

[复制链接]
ylpx
  • TA的每日心情
    开心
    2019-3-28 19:22

    • 签到天数: 4 天

    [LV.2]偶尔看看I
    发表于 2007-6-11 08:52:45 | 显示全部楼层 |阅读模式
    如何不进行判断,直接执行命令

    美萍记录管理器,要注册.
    按删除命令后就弹出要注册的窗口。注册后,就可以直接删除。不弹出那个要注册的窗口。
    想知道怎么样不进行判断是否已注册,按删除命令后就直接执行删除命令.会的高手看看


    这个好像是执行删除后运行的一段程序,谁知道怎么样真接执行删除命令而不进行判断是否已注册


    0046E66C /$ 55 push ebp
    0046E66D |. 8BEC mov ebp,esp
    0046E66F |. 83C4 AC add esp,-54
    0046E672 |. 53 push ebx
    0046E673 |. 56 push esi
    0046E674 |. 33C9 xor ecx,ecx
    0046E676 |. 894D AC mov dword ptr ss:[ebp-54],ecx
    0046E679 |. 894D B4 mov dword ptr ss:[ebp-4C],ecx
    0046E67C |. 894D B0 mov dword ptr ss:[ebp-50],ecx
    0046E67F |. 894D B8 mov dword ptr ss:[ebp-48],ecx
    0046E682 |. 894D FC mov dword ptr ss:[ebp-4],ecx
    0046E685 |. 33C0 xor eax,eax
    0046E687 |. 55 push ebp
    0046E688 |. 68 D6E74600 push mp2.0046E7D6
    0046E68D |. 64:FF30 push dword ptr fs:[eax]
    0046E690 |. 64:8920 mov dword ptr fs:[eax],esp
    0046E693 |. A1 182D4700 mov eax,dword ptr ds:[472D18]
    0046E698 |. E8 A365F9FF call mp2.00404C40
    0046E69D |. 50 push eax ; /String2
    0046E69E |. 8D45 BE lea eax,dword ptr ss:[ebp-42] ; |
    0046E6A1 |. 50 push eax ; |String1
    0046E6A2 |. E8 FD82F9FF call <jmp.&kernel32.lstrcpyA> ; \lstrcpyA
    0046E6A7 |. A1 182D4700 mov eax,dword ptr ds:[472D18]
    0046E6AC |. E8 8F63F9FF call mp2.00404A40
    0046E6B1 |. 8BF0 mov esi,eax
    0046E6B3 |. 4E dec esi
    0046E6B4 |. 85F6 test esi,esi
    0046E6B6 |. 7C 24 jl short mp2.0046E6DC
    0046E6B8 |. 46 inc esi
    0046E6B9 |. 8D5D BE lea ebx,dword ptr ss:[ebp-42]
    0046E6BC |> 8D4D B8 /lea ecx,dword ptr ss:[ebp-48]
    0046E6BF |. 33C0 |xor eax,eax
    0046E6C1 |. 8A03 |mov al,byte ptr ds:[ebx]
    0046E6C3 |. BA 02000000 |mov edx,2
    0046E6C8 |. E8 13A2F9FF |call mp2.004088E0
    0046E6CD |. 8B55 B8 |mov edx,dword ptr ss:[ebp-48]
    0046E6D0 |. 8D45 FC |lea eax,dword ptr ss:[ebp-4]
    0046E6D3 |. E8 7063F9FF |call mp2.00404A48
    0046E6D8 |. 43 |inc ebx
    0046E6D9 |. 4E |dec esi
    0046E6DA |.^ 75 E0 \jnz short mp2.0046E6BC
    0046E6DC |> A1 BC134700 mov eax,dword ptr ds:[4713BC]
    0046E6E1 |. 8B00 mov eax,dword ptr ds:[eax]
    0046E6E3 |. 8B80 0C030000 mov eax,dword ptr ds:[eax+30C]
    0046E6E9 |. 8B55 FC mov edx,dword ptr ss:[ebp-4]
    0046E6EC |. E8 43EEFCFF call mp2.0043D534
    0046E6F1 |. A1 BC134700 mov eax,dword ptr ds:[4713BC]
    0046E6F6 |. 8B00 mov eax,dword ptr ds:[eax]
    0046E6F8 |. 8B80 14030000 mov eax,dword ptr ds:[eax+314]
    0046E6FE |. BA ECE74600 mov edx,mp2.0046E7EC
    0046E703 |. E8 2CEEFCFF call mp2.0043D534
    0046E708 |. 8D55 B0 lea edx,dword ptr ss:[ebp-50]
    0046E70B |. B8 BADBD020 mov eax,20D0DBBA
    0046E710 |. E8 B7A0F9FF call mp2.004087CC
    0046E715 |. 8B4D B0 mov ecx,dword ptr ss:[ebp-50]
    0046E718 |. 8D45 B4 lea eax,dword ptr ss:[ebp-4C]
    0046E71B |. BA 04E84600 mov edx,mp2.0046E804
    0046E720 |. E8 6763F9FF call mp2.00404A8C
    0046E725 |. 8B55 B4 mov edx,dword ptr ss:[ebp-4C]
    0046E728 |. A1 BC134700 mov eax,dword ptr ds:[4713BC]
    0046E72D |. 8B00 mov eax,dword ptr ds:[eax]
    0046E72F |. 8B80 18030000 mov eax,dword ptr ds:[eax+318]
    0046E735 |. E8 FAEDFCFF call mp2.0043D534
    0046E73A |. E8 BDBFF9FF call mp2.0040A6FC
    0046E73F |. DC1D F82D4700 fcomp qword ptr ds:[472DF8]
    0046E745 |. DFE0 fstsw ax
    0046E747 |. 9E sahf
    0046E748 73 5A jnb short mp2.0046E7A4
    0046E74A |. B8 1CE84600 mov eax,mp2.0046E81C ; ASCII "2005-12-1"
    0046E74F |. E8 88D5F9FF call mp2.0040BCDC
    0046E754 |. DC1D F82D4700 fcomp qword ptr ds:[472DF8]
    0046E75A |. DFE0 fstsw ax
    0046E75C |. 9E sahf
    0046E75D 73 45 jnb short mp2.0046E7A4
    0046E75F |. A1 BC134700 mov eax,dword ptr ds:[4713BC]
    0046E764 |. 8B00 mov eax,dword ptr ds:[eax]
    0046E766 |. 8B80 18030000 mov eax,dword ptr ds:[eax+318]
    0046E76C |. BA 30E84600 mov edx,mp2.0046E830
    0046E771 |. E8 BEEDFCFF call mp2.0043D534
    0046E776 |. FF35 FC2D4700 push dword ptr ds:[472DFC] ; /Arg2 = 00000000
    0046E77C |. FF35 F82D4700 push dword ptr ds:[472DF8] ; |Arg1 = 00000000
    0046E782 |. 8D55 AC lea edx,dword ptr ss:[ebp-54] ; |
    0046E785 |. B8 40E84600 mov eax,mp2.0046E840 ; |
    0046E78A |. E8 71CCF9FF call mp2.0040B400 ; \mp2.0040B400
    0046E78F |. 8B55 AC mov edx,dword ptr ss:[ebp-54]
    0046E792 |. A1 BC134700 mov eax,dword ptr ds:[4713BC]
    0046E797 |. 8B00 mov eax,dword ptr ds:[eax]
    0046E799 |. 8B80 14030000 mov eax,dword ptr ds:[eax+314]
    0046E79F |. E8 90EDFCFF call mp2.0043D534
    0046E7A4 |> A1 BC134700 mov eax,dword ptr ds:[4713BC]
    0046E7A9 |. 8B00 mov eax,dword ptr ds:[eax]
    0046E7AB |. 8B10 mov edx,dword ptr ds:[eax]
    0046E7AD |. FF92 EC000000 call dword ptr ds:[edx+EC]
    0046E7B3 |. 33C0 xor eax,eax
    0046E7B5 |. 5A pop edx
    0046E7B6 |. 59 pop ecx
    0046E7B7 |. 59 pop ecx
    0046E7B8 |. 64:8910 mov dword ptr fs:[eax],edx
    0046E7BB |. 68 DDE74600 push mp2.0046E7DD
    0046E7C0 |> 8D45 AC lea eax,dword ptr ss:[ebp-54]
    0046E7C3 |. BA 04000000 mov edx,4
    0046E7C8 |. E8 D75FF9FF call mp2.004047A4
    0046E7CD |. 8D45 FC lea eax,dword ptr ss:[ebp-4]
    0046E7D0 |. E8 AB5FF9FF call mp2.00404780
    0046E7D5 C3 retn


    发现一个可疑call
    0046D581 E802C2FEFF call 00459788
    Local Calls from 0044831F, 00458A60, 0045C2E8, 0046C9F1, 0046CAC5, 0046CAD1, 0046CD7B, 0046CECB, 0046D105, 0046D1AB, 0046D581
    call的内容如下
    00459788 /$ 53 push ebx
    00459789 |. 56 push esi
    0045978A |. 51 push ecx
    0045978B |. 8BD8 mov ebx,eax
    0045978D |. F683 F4020000 08 test byte ptr ds:[ebx+2F4],8
    00459794 |. 74 0F je short mp2.004597A5
    00459796 |. C783 4C020000 020>mov dword ptr ds:[ebx+24C],2
    004597A0 |. E9 80000000 jmp mp2.00459825
    004597A5 |> 8BC3 mov eax,ebx
    004597A7 |. 8B10 mov edx,dword ptr ds:[eax]
    004597A9 |. FF92 E4000000 call dword ptr ds:[edx+E4]
    004597AF |. 84C0 test al,al
    004597B1 |. 74 72 je short mp2.00459825
    004597B3 |. 80BB 2F020000 01 cmp byte ptr ds:[ebx+22F],1
    004597BA |. 75 15 jnz short mp2.004597D1
    004597BC |. F683 28020000 02 test byte ptr ds:[ebx+228],2
    004597C3 |. 74 06 je short mp2.004597CB
    004597C5 |. C60424 03 mov byte ptr ss:[esp],3
    004597C9 |. EB 0A jmp short mp2.004597D5
    004597CB |> C60424 00 mov byte ptr ss:[esp],0
    004597CF |. EB 04 jmp short mp2.004597D5
    004597D1 |> C60424 01 mov byte ptr ss:[esp],1
    004597D5 |> 8BD4 mov edx,esp
    004597D7 |. 8BC3 mov eax,ebx
    004597D9 |. 66:BE B0FF mov si,0FFB0
    004597DD |. E8 4AA4FAFF call mp2.00403C2C
    004597E2 |. 803C24 00 cmp byte ptr ss:[esp],0
    004597E6 |. 74 3D je short mp2.00459825
    004597E8 |. A1 E42B4700 mov eax,dword ptr ds:[472BE4]
    004597ED |. 3B58 44 cmp ebx,dword ptr ds:[eax+44]
    004597F0 |. 75 0C jnz short mp2.004597FE
    004597F2 |. A1 E42B4700 mov eax,dword ptr ds:[472BE4]
    004597F7 |. E8 10370000 call mp2.0045CF0C
    004597FC |. EB 27 jmp short mp2.00459825
    004597FE |> 803C24 01 cmp byte ptr ss:[esp],1
    00459802 |. 75 09 jnz short mp2.0045980D
    00459804 |. 8BC3 mov eax,ebx
    00459806 |. E8 1D010000 call mp2.00459928
    0045980B |. EB 18 jmp short mp2.00459825
    0045980D |> 803C24 03 cmp byte ptr ss:[esp],3
    00459811 |. 75 0B jnz short mp2.0045981E
    00459813 |. B2 01 mov dl,1
    00459815 |. 8BC3 mov eax,ebx
    00459817 |. E8 F8DCFFFF call mp2.00457514
    0045981C |. EB 07 jmp short mp2.00459825
    0045981E |> 8BC3 mov eax,ebx
    00459820 |. E8 9F010000 call mp2.004599C4
    00459825 |> 5A pop edx
    00459826 |. 5E pop esi
    00459827 |. 5B pop ebx
    00459828 \. C3 retn
    PYG19周年生日快乐!
    回复

    使用道具 举报

    bhcjl
  • TA的每日心情
    开心
    4 天前

    • 签到天数: 113 天

    [LV.6]常住居民II
    发表于 2007-6-12 09:52:46 | 显示全部楼层
    下载研究一下
    PYG19周年生日快乐!
    回复 支持 反对

    使用道具 举报

    返回列表 发新帖
    高级模式
    B Color Image Link Quote Code Smilies
    您需要登录后才可以回帖 登录 | 加入我们

    本版积分规则

    快速回复 返回顶部 返回列表