能力值:
( LV2,RANK:10 )
|
-
-
2 楼
跟到ac1st16.dll,这里弹出对话框。
00023F57 885C04 0C mov byte ptr [esp+eax+C], bl
00023F5B 83C0 12 add eax, 12
00023F5E 50 push eax
00023F5F E8 BC460000 call <jmp.&MSVCR70.operator new[]>
00023F64 8B0D 3CC10200 mov ecx, dword ptr [2C13C] ; acad.00B6E388
00023F6A 51 push ecx
00023F6B 6A 15 push 15
00023F6D 8D5424 18 lea edx, dword ptr [esp+18]
00023F71 8BF8 mov edi, eax
00023F73 52 push edx
00023F74 57 push edi
00023F75 FF15 70910200 call dword ptr [<&MSVCR70.sprintf>] ; MSVCR70.sprintf
00023F7B 8B8424 50010000 mov eax, dword ptr [esp+150]
00023F82 83C4 14 add esp, 14
00023F85 50 push eax
00023F86 57 push edi
00023F87 56 push esi
00023F88 53 push ebx
00023F89 FF15 90910200 call dword ptr [<&USER32.MessageBoxA>>; USER32.MessageBoxA
00023F8F 56 push esi
00023F90 8BD8 mov ebx, eax
00023F92 E8 8F460000 call <jmp.&MSVCR70.operator delete[]>
00023F97 57 push edi
00023F98 E8 89460000 call <jmp.&MSVCR70.operator delete[]>
00023F9D 83C4 08 add esp, 8
00023FA0 5F pop edi
00023FA1 5E pop esi
00023FA2 8BC3 mov eax, ebx
祭出ida,强行更改这些
BOOL __stdcall DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
if ( !fdwReason )
{
OutputDebugStringA("acfirst.dll Terminating!\n");
sub_23C50();
operator delete__(Source);
Source = 0;
if ( byte_2C144 )
{
operator delete__(dword_2C140);
dword_2C140 = 0;
operator delete__((void *)uType);
uType = 0;
}
if ( dword_2D3F8 )
*(_DWORD *)dword_2D3F8 = dword_2D3F4;
LeaveCriticalSection(&CriticalSection);
DeleteCriticalSection(&CriticalSection);
return 1;
}
if ( fdwReason != 1 )
return 1;
OutputDebugStringA("acfirst.dll Initializing!\n");
sub_23EA0();
set_sbh_threshold(0x3F8u);
v6 = GetModuleHandleA(0);
sub_22420(v6, 1);
v5 = (int (*)(void))sub_22680("thisProduct");
v7 = GetModuleHandleA(0);
sub_22420(v7, 1);
v3 = (int (*)(void))sub_22680("thisProgram");
v4 = v3;
if ( v5 && v3 )
{
uType = v5();
dword_2C140 = (char *)v4();
}
else
{
byte_2C144 = 1;
for ( i = GetModuleFileNameA(0, Filename, 0x104u); i; --i )
{
if ( strchr("/\\:", *(&v26 + i)) )
break;
}
v11 = &Filename[i];
v10 = v11;
do
v12 = *v10++;
while ( v12 );
uType = (UINT)operator new__(v10 - (v11 + 1) + 1);
v14 = v11;
v13 = uType - (_DWORD)v11;
do
{
v15 = *v14;
v14[v13] = *v14;
++v14;
}
while ( v15 );
v16 = 0;
if ( *v11 )
{
do
{
if ( strchr(L".", v11[v16]) )
break;
v17 = (unsigned __int8)v11[v16++ + 1];
}
while ( (_BYTE)v17 );
}
dword_2C140 = (char *)operator new__(v16 + 1);
strncpy(dword_2C140, v11, v16);
v8 = dword_2C140;
dword_2C140[v16] = 0;
}
hInstance = hinstDLL;
if ( !(unsigned __int8)sub_21340(v8) )
{
v18 = GetCurrentProcess();
TerminateProcess(v18, 0);
}
if ( !(unsigned __int8)sub_21480() )
{
v19 = GetCurrentProcess();
TerminateProcess(v19, 0);
}
GetSystemInfo(&SystemInfo);
if ( !(_WORD)SystemInfo.dwOemId )
{
if ( SystemInfo.dwProcessorType == 386 )
{
if ( !(unsigned __int8)sub_21560() )
sub_23EF0(4u, v20, 0, 17);
v21 = GetCurrentProcess();
TerminateProcess(v21, 0);
}
}
if ( !byte_2C144 )
{
if ( !(unsigned __int8)sub_23FB0() )
{
v22 = GetCurrentProcess();
TerminateProcess(v22, 0);
}
if ( !byte_2C144 )
{
if ( !(unsigned __int8)sub_21810() )
{
v23 = GetCurrentProcess();
TerminateProcess(v23, 0);
}
}
}
DisableThreadLibraryCalls(hinstDLL);
InitializeCriticalSection(&CriticalSection);
return 1;
}
不知道为什么GetSystemInfo(&SystemInfo);
SystemInfo.dwOemId总是0,强行把这个跳转改了,虽然能到cad的oep,但直接运行会出现无法处理的异常。
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
不在此处,在它上一级,这里只是对话框
|
