在無鑰匙盤下,解瑞星防毒軟體【2001版】
一,用 TYP 測試 瑞星防毒軟體【2001版】是被哪種殼給加密了 ,
哇是UPX1.03 ,沒有現成工具,我才不脫呢.(我懶的要死)
二,執行TRW2000
三,執行 安裝檔案setup.exe
提示插入A號盤.
四,按TRW2000的熱鍵,( ctrl+n )
停在系統裡面了,不管它3,7,28.
TRW2000有個好用的命令pmodule就用它
五,返回到提示按取消,TRW2000給啟用了
怎麼會給啟用了(是命令pmodule)
看到我們興趣的地方了
017F:00406660 MOV EAX,[ECX+02D8]
017F:00406666 CMP EAX,BYTE +07
017F:00406669 JZ 00406670
017F:0040666B CMP EAX,BYTE +64
017F:0040666E JNZ 00406680
017F:00406670 XOR EAX,EAX
017F:00406672 PUSH EAX
017F:00406673 MOV EAX,[ESP+08]
017F:00406677 PUSH EAX
017F:00406678 CALL `SETUP!CheckKey` <-------檢查鑰匙盤
017F:0040667D RET 04
017F:00406680 CMP EAX,BYTE +14
017F:00406683 JNZ 00406698
017F:00406685 MOV EAX,02
017F:0040668A PUSH EAX
017F:0040668B MOV EAX,[ESP+08]
017F:0040668F PUSH EAX
017F:00406690 CALL `SETUP!CheckKey` <-------檢查鑰匙盤
017F:00406695 RET 04
<---------停在這裡
----------------------
017F:004064B0 CALL 00406660
<-------主call
017F:004064B5 TEST EAX,EAX
<-------test eax
017F:004064B7 JZ NEAR 004065EC <-------出錯跳轉...
017F:004064BD PUSH EBX
017F:004064BE LEA ECX,[ESP+08]
017F:004064C2 PUSH EDI
017F:004064C3 LEA EAX,[ESI+034C]
017F:004064C9 PUSH ECX
製造補丁我使用 R!SC's Process Patcher v1.5.1
(記憶體動態補丁製作軟體)