Cracker Handbook 1.0 part 212 pptx
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (356.44 KB, 5 trang )
Soft này code bằng Delphi7. Sig by TQN. Thanx anh vì một sig rất tốt cho app
written by Delphi.
Chỉnh giờ hệ thống cho soft expired, set back lại dĩ nhiên báo lỗi!
Load với IDA.
Qua tab Strings, gõ alt+T nhập vào dòng Days Left:
Double vào dòng Days Left ta tới IDA View-A:
Để con trỏ chuột tại DATA XREF: sub_48B868+3Eo bạn sẽ thấy đoạn text
này thuộc về đoạn code:
Double click vào dòng DATA XREF: sub_48B868+3Eo ta sẽ ở đây:
CODE:0048B868 ;
¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
CODE:0048B868
CODE:0048B868 ; Attributes: bp-based frame
CODE:0048B868
CODE:0048B868 sub_48B868 proc near ; DATA XREF:
CODE:0048B5E5o
CODE:0048B868
CODE:0048B868 var_C = dword ptr -0Ch
CODE:0048B868 var_8 = dword ptr -8
CODE:0048B868 var_4 = dword ptr -4
CODE:0048B868
CODE:0048B868 push ebp
CODE:0048B869 mov ebp, esp
CODE:0048B86B push 0
CODE:0048B86D push 0
CODE:0048B86F push 0
CODE:0048B871 push ebx
CODE:0048B872 push esi
CODE:0048B873 mov ebx, eax
CODE:0048B875 xor eax, eax
CODE:0048B877 push ebp
CODE:0048B878 push offset loc_48B928
CODE:0048B87D push dword ptr fs:[eax]
CODE:0048B880 mov fs:[eax], esp
CODE:0048B883 push offset _str_Advanced_Tracks_1.Text
CODE:0048B888 mov eax, 0Fh
CODE:0048B88D call sub_48AFD4
CODE:0048B892 push eax
CODE:0048B893 mov eax, 0Fh
CODE:0048B898 pop edx
CODE:0048B899 sub eax, edx
CODE:0048B89B lea edx, [ebp+var_8]
CODE:0048B89E call sub_474DFC
CODE:0048B8A3 push [ebp+var_8]
CODE:0048B8A6 push offset _str__Days_Left_.Text
CODE:0048B8AB lea eax, [ebp+var_4]
CODE:0048B8AE mov edx, 3
CODE:0048B8B3 call sub_404474
CODE:0048B8B8 mov edx, [ebp+var_4]
CODE:0048B8BB mov eax, ebx
CODE:0048B8BD call
@Controls@TControl@SetText$qqrx17System@AnsiString
CODE:0048B8C2 lea eax, [ebp+var_C]
CODE:0048B8C5 call sub_475338
CODE:0048B8CA lea eax, [ebp+var_C]
CODE:0048B8CD mov edx, offset _str_System32_mssqlc.Text
CODE:0048B8D2 call @System@@LStrCat$qqrv
CODE:0048B8D7 mov eax, [ebp+var_C]
CODE:0048B8DA call sub_48B7D0
CODE:0048B8DF cmp al, 1
CODE:0048B8E1 jnz short loc_48B8F2
CODE:0048B8E3 xor edx, edx
CODE:0048B8E5 mov eax, [ebx+314h]
CODE:0048B8EB mov ecx, [eax]
CODE:0048B8ED call dword ptr [ecx+64h]
CODE:0048B8F0 jmp short loc_48B90D
Ok, patch thành EB. Time trial removed.
Để dừng bộ đếm nút Try Now! Tiếp tục tìm kiếm chuỗi Try Now. Ta đến đây:
