金庸群俠傳外掛程式的破解思路(網上驗證),小球[CCG]請進: (7千字)
金庸群俠外掛程式
by 6767 [BCG]
用dede和si配合容易搞定,具體跳轉該怎樣修改可能要在測試後才能確定,下面是我的改法:
資源段有下列資訊:
object TabSheet1: TTabSheet
Caption = '登入註冊'
OnShow = TabSheet1Show
<- 這個看看
。。。。。。
object WebBrowser1: TWebBrowser
Left = 0
Top = 0
Width = 307
Height = 284
TabStop = False
Align = alClient
TabOrder = 0
OnTitleChange = WebBrowser1TitleChange
<- 這個也看看
。。。。。
先是TabSheet1Show中的程式碼:
....
0045395B 64FF30
push dword ptr fs:[eax]
0045395E 648920
mov fs:[eax], esp
* Possible String Reference to: '金庸外掛I之《神行太保》, <-
改變標題,啟用WebBrowser1TitleChange呼叫
衿?..'
|
00453961 BA003A4500 mov
edx, $00453A00
* Possible reference to Form1
|
00453966 A1F0684500 mov
eax, dword ptr [$4568F0]
* Reference to: Controls.TControl.SetText(System.AnsiString) <-
|
0045396B E8A037FDFF call
00427110
00453970 8D45EC
lea eax, [ebp-$14]
00453973 33D2
xor edx, edx
.....
那麼我們來看WebBrowser1TitleChange都作了些什麼:
00453A6C 55
push ebp
00453A6D 8BEC
mov ebp, esp
00453A6F 83C4F4
add esp, -$0C
00453A72 53
push ebx
00453A73 56
push esi
00453A74 33DB
xor ebx, ebx
00453A76 895DF4
mov [ebp-$0C], ebx
00453A79 8BF1
mov esi, ecx
00453A7B 8BD8
mov ebx, eax
00453A7D 33C0
xor eax, eax
00453A7F 55
push ebp
* Possible String Reference to: 'R膃^[]?
|
00453A80 68793B4500 push
$00453B79
***** TRY
|
00453A85 64FF30
push dword ptr fs:[eax]
00453A88 648920
mov fs:[eax], esp
* Possible String Reference to: 'xxxxxxxx'
|
00453A8B BA903B4500 mov
edx, $00453B90 <- 覺得標題難受就把這裡改掉
* Possible reference to Form1
|
00453A90 A1F0684500 mov
eax, dword ptr [$4568F0]
* Reference to: Controls.TControl.SetText(System.AnsiString) <-
設視窗標題
|
00453A95 E87636FDFF call
00427110
00453A9A 8BC6
mov eax, esi <- 接受前一函式的返回值
00453A9C BAA03B4500 mov
edx, $00453BA0
* Reference to: System..WStrCmp()
|
00453AA1 E83A06FBFF call
004040E0 <- 比較了
00453AA6 7507
jnz 00453AAF <- 不跳就完蛋,改掉
<- 改成jmp
453b0b執行沒問題,不知能否正確接收到資料
00453AA8 8BC3
mov eax, ebx
* Reference to: Forms.TCustomForm.Close()
|
00453AAA E871C7FEFF call
00440220
00453AAF 8BC6
mov eax, esi
00453AB1 BAB83B4500 mov
edx, $00453BB8
* Reference to: System..WStrCmp()
|
00453AB6 E82506FBFF call
004040E0
00453ABB 7516
jnz 00453AD3 <- 未註冊在這裡會跳走
00453ABD 8D45F4
lea eax, [ebp-$0C]
00453AC0 8BD6
mov edx, esi
* Reference to: System..LStrFromWStr(System.AnsiString; System.WideString)
|
00453AC2 E88D00FBFF call
00403B54
00453AC7 8B45F4
mov eax, [ebp-$0C]
* Reference to: Sysutils.StrToFloat(System.AnsiString)
|
00453ACA E8054FFBFF call
004089D4
00453ACF DD5DF8
fstp qword ptr [ebp-$08]
00453AD2 9B
wait
00453AD3 DD45F8
fld qword ptr [ebp-$08]
00453AD6 83C4F4
add esp, -$0C
00453AD9 DB3C24
fstp tbyte ptr [esp]
00453ADC 9B
wait
00453ADD 8D45F4
lea eax, [ebp-$0C]
* Reference to: Sysutils.FloatToStr(Extended)
|
00453AE0 E8BF4EFBFF call
004089A4
00453AE5 8B45F4
mov eax, [ebp-$0C]
* Possible String Reference to: '9412.11'
|
00453AE8 BAD03B4500 mov
edx, $00453BD0
* Reference to: System..LStrCmp()
|
00453AED E8AA01FBFF call
00403C9C
00453AF2 756F
jnz 00453B63 <- 跳下去也沒戲了
00453AF4 8D45F4
lea eax, [ebp-$0C]
00453AF7 8BD6
mov edx, esi
* Reference to: System..LStrFromWStr(System.AnsiString; System.WideString)
|
00453AF9 E85600FBFF call
00403B54
00453AFE 8B45F4
mov eax, [ebp-$0C]
* Reference to: Sysutils.StrToFloat(System.AnsiString)
|
00453B01 E8CE4EFBFF call
004089D4
* Reference to: System..ROUND()
|
00453B06 E835EEFAFF call
00402940
* Reference to field TForm1.OFFS_031C
|
00453B0B 89831C030000 mov
[ebx+$031C], eax <- 正常程式從這裡或稍上處開始
00453B11 B201
mov dl, $01
* Reference to control TForm1.TabSheet2 : TTabSheet
<-
|
00453B13 8B83D4020000 mov
eax, [ebx+$02D4]
* Reference to: Controls.TControl.SetVisible(bool)
<- 顯示地圖內容,下略
|
00453B19 E8B234FDFF call
00426FD0
00453B1E B201
mov dl, $01
* Reference to control TForm1.TabSheet2 : TTabSheet
|
00453B20 8B83D4020000 mov
eax, [ebx+$02D4]
* Reference to: Comctrls.TTabSheet.SetTabVisible(bool)
|
00453B26 E84DBAFFFF call
0044F578
00453B2B B201
mov dl, $01
* Reference to control TForm1.TabSheet2 : TTabSheet
|
00453B2D 8B83D4020000 mov
eax, [ebx+$02D4]
00453B33 8B08
mov ecx, [eax]
00453B35 FF5160
call dword ptr [ecx+$60]
00453B38 33D2
xor edx, edx
* Reference to control TForm1.TabSheet1 : TTabSheet
|
00453B3A 8B83C8020000 mov
eax, [ebx+$02C8]
* Reference to: Controls.TControl.SetVisible(bool)
|
00453B40 E88B34FDFF call
00426FD0
00453B45 33D2
xor edx, edx
* Reference to control TForm1.TabSheet1 : TTabSheet
|
00453B47 8B83C8020000 mov
eax, [ebx+$02C8]
* Reference to: Comctrls.TTabSheet.SetTabVisible(bool)
|
00453B4D E826BAFFFF call
0044F578
* Reference to control TForm1.TabSheet2 : TTabSheet
|
00453B52 8B93D4020000 mov
edx, [ebx+$02D4]
* Reference to control TForm1.PageControl1 : TPageControl
|
00453B58 8B83C4020000 mov
eax, [ebx+$02C4]
* Reference to: Comctrls.TPageControl.SetActivePage(Comctrls.TTabSheet)
|
00453B5E E8D5C0FFFF call
0044FC38
00453B63 33C0
xor eax, eax
00453B65 5A
pop edx
00453B66 59
pop ecx
00453B67 59
pop ecx
00453B68 648910
mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '^[]?
|
00453B6B 68803B4500 push
$00453B80
00453B70 8D45F4
lea eax, [ebp-$0C]
* Reference to: System..LStrClr(System.AnsiString)
|
00453B73 E898FDFAFF call
00403910
00453B78 C3
ret
00453B79 E952F8FAFF jmp
004033D0
00453B7E EBF0
jmp 00453B70
****** END
|
00453B80 5E
pop esi
00453B81 5B
pop ebx
00453B82 8BE5
mov esp, ebp
00453B84 5D
pop ebp
00453B85 C3
ret
關鍵的跳轉處都列出來了,至於怎樣改需要測試。
那個記錄地址的文字檔案是需要的,否則這個東東沒用。
相關文章
- 原生js設計表單驗證外掛的思路分析2018-09-09JS
- PwlTool的功能限制的破解---DDXia[CCG] (8千字)2001-03-10
- 破解XFtpSvr =====> 請進 (5千字)2001-07-01FTPVR
- PowerDirector 1.00.06.9 破解. 恭喜小球! (9千字)2002-02-03
- JQuery外掛:圖片上傳本地預覽外掛,改進案例一則。2016-05-25jQuery
- 外掛 檔案上傳外掛 ajaxfileupload.js外掛2012-12-01JS
- 驗證碼打擊外掛2010-09-19
- 請看小弟KeyFile保護的破解 (7千字)2001-02-01
- 破解一個CCG的軟體,改半位元組! (6千字)2002-01-27
- 極驗驗證:傳統驗證碼破解演算法淺析2016-08-03演算法
- 使用PlupLoad js外掛進行檔案上傳案例2017-11-09JS
- octobercms 外掛學習 驗證碼2021-06-15
- validate表單驗證外掛2018-07-19
- [外掛擴充套件]圖片批量上傳外掛2.02019-05-11套件
- 【nodejs】multer外掛批量上傳2020-10-08NodeJS
- Jquery表單驗證外掛–Validform2015-02-05jQueryORM
- ASP.NET MVC結合jQuery外掛進行資料驗證2009-02-16ASP.NETMVCjQuery
- 內網滲透思路探索 之新思路的探索與驗證2020-08-19內網
- MySQL的可插入驗證和客戶端明文驗證外掛介紹2017-04-05MySql客戶端
- [外掛擴充套件]解決onethink多圖上傳的外掛分享!2019-05-11套件
- 初學者請進(一篇破解javagirl的心得) (2千字)2000-05-09Java
- plupload微信檔案上傳外掛2019-02-22
- bootstrap-fileinput上傳外掛試用2017-07-28boot
- jquery圖片上傳外掛HHuploadify2016-01-18jQuery
- jQuery上傳外掛Uploadify的使用方法2014-11-22jQuery
- Hardlock加密狗破解過程-----外殼型加密狗的破解方法 (7千字)2001-10-15加密
- 請問個位大俠上傳圖片的路徑如何設定???2004-04-15
- 爬蟲進階教程:極驗(GEETEST)驗證碼破解教程2018-12-24爬蟲
- iis兄,請進《有聲有色 3.10》的破解方法。 (9千字)2000-08-17
- 破解ClockWise 3.03 (7千字)2001-06-06
- Fine Print 2000的破解思路 (10千字)2000-09-26
- jQuery上傳外掛Uploadify使用詳解2013-06-28jQuery
- 幾款極好的 JavaScript 檔案上傳外掛2013-09-27JavaScript
- IIS7上配置FTP7使用IIS管理憑據方式進行驗證2017-11-26FTP
- 遊戲外掛詳細破解2015-11-15遊戲
- 淺談bootstrap表單驗證外掛BootstrapValidator2020-12-10boot
- Vue 前端圖形數字驗證碼外掛2024-10-27Vue前端
- [提問交流]請問OneThink的註冊驗證功能,是使用了Validform外掛嗎2019-05-11ORM