吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 859|回复: 8
上一主题 下一主题
收起左侧

[求助] QT程序断点设置问题,

[复制链接]
跳转到指定楼层
楼主
xujidejia 发表于 2024-5-30 00:10 回帖奖励
本帖最后由 xujidejia 于 2024-5-31 00:21 编辑

各位大神,今天调试一个程序,找到有用信息,但是跟踪不到跳转来的地址,请大神分析下,怎么可以把程序段在按钮按下触发的时候。下图是找到的有用信息。但是在

00007FFEE5FCF59C     | 7E 6F                    | jle acbasewidget141.7FFEE5FCF60D                                |

这里就跳转下去了,我继续跟ret。

然后来到了上一层,这里信息见下图,找不到有用信息。

在上图00007FFEE5FCD6FF     | E8 5751F9FF              | call <acbasewidget141.public: static int __cdecl WeMessageBox:: |处,弹出了错误对话框。向上回溯也没有地方能够跳过这个信息框,我进去这个里面看了,两个跳转都无法跳开这个错误提示框。这个CALL的代码如下:
[Patch] 纯文本查看 复制代码
00007FFEE5FCD1C0     | 4C:894C24 20             | mov qword ptr ss:[rsp+20],r9                                    |
00007FFEE5FCD1C5     | 44:894424 18             | mov dword ptr ss:[rsp+18],r8d                                   |
00007FFEE5FCD1CA     | 48:895424 10             | mov qword ptr ss:[rsp+10],rdx                                   |
00007FFEE5FCD1CF     | 48:894C24 08             | mov qword ptr ss:[rsp+8],rcx                                    | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD1D4     | 57                       | push rdi                                                        |
00007FFEE5FCD1D5     | 48:81EC 50010000         | sub rsp,150                                                     |
00007FFEE5FCD1DC     | 48:C78424 F8000000 FEFFF | mov qword ptr ss:[rsp+F8],FFFFFFFFFFFFFFFE                      |
00007FFEE5FCD1E8     | FF15 42411D00            | call qword ptr ds:[<class IAcUserModule * __cdecl GetOrCreateAc |
00007FFEE5FCD1EE     | 48:894424 50             | mov qword ptr ss:[rsp+50],rax                                   | [rsp+50]:"@"
00007FFEE5FCD1F3     | 48:837C24 50 00          | cmp qword ptr ss:[rsp+50],0                                     | [rsp+50]:"@"
00007FFEE5FCD1F9     | 0F84 5F010000            | je acbasewidget141.7FFEE5FCD35E                                 |
00007FFEE5FCD1FF     | 48:8D4424 40             | lea rax,qword ptr ss:[rsp+40]                                   |
00007FFEE5FCD204     | 48:8BF8                  | mov rdi,rax                                                     | rax:"@"
00007FFEE5FCD207     | 33C0                     | xor eax,eax                                                     |
00007FFEE5FCD209     | B9 01000000              | mov ecx,1                                                       |
00007FFEE5FCD20E     | F3:AA                    | rep stosb                                                       |
00007FFEE5FCD210     | 48:8D8424 00010000       | lea rax,qword ptr ss:[rsp+100]                                  | [rsp+100]:public: static struct QMetaObject const DLgPromptBox::staticMetaObject+4D210
00007FFEE5FCD218     | 48:894424 68             | mov qword ptr ss:[rsp+68],rax                                   | [rsp+68]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+603DB
00007FFEE5FCD21D     | 48:8D4424 41             | lea rax,qword ptr ss:[rsp+41]                                   |
00007FFEE5FCD222     | 48:8BF8                  | mov rdi,rax                                                     | rax:"@"
00007FFEE5FCD225     | 33C0                     | xor eax,eax                                                     |
00007FFEE5FCD227     | B9 01000000              | mov ecx,1                                                       |
00007FFEE5FCD22C     | F3:AA                    | rep stosb                                                       |
00007FFEE5FCD22E     | 48:8D9424 A0000000       | lea rdx,qword ptr ss:[rsp+A0]                                   |
00007FFEE5FCD236     | 48:8D4C24 40             | lea rcx,qword ptr ss:[rsp+40]                                   | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD23B     | E8 201E0000              | call acbasewidget141.7FFEE5FCF060                               |
00007FFEE5FCD240     | 48:894424 58             | mov qword ptr ss:[rsp+58],rax                                   | [rsp+58]:public: static struct QListData::Data const QListData::shared_null+10
00007FFEE5FCD245     | 48:8B4424 58             | mov rax,qword ptr ss:[rsp+58]                                   | [rsp+58]:public: static struct QListData::Data const QListData::shared_null+10
00007FFEE5FCD24A     | 48:894424 78             | mov qword ptr ss:[rsp+78],rax                                   |
00007FFEE5FCD24F     | 48:8B4424 50             | mov rax,qword ptr ss:[rsp+50]                                   | [rsp+50]:"@"
00007FFEE5FCD254     | 48:8B00                  | mov rax,qword ptr ds:[rax]                                      | rax:"@", [rax]:const IAcUserModuleObserver::`vftable'+30
00007FFEE5FCD257     | 48:8D9424 10010000       | lea rdx,qword ptr ss:[rsp+110]                                  |
00007FFEE5FCD25F     | 48:8B4C24 50             | mov rcx,qword ptr ss:[rsp+50]                                   | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170, [rsp+50]:"@"
00007FFEE5FCD264     | FF90 B0010000            | call qword ptr ds:[rax+1B0]                                     |
00007FFEE5FCD26A     | 48:894424 60             | mov qword ptr ss:[rsp+60],rax                                   | [rsp+60]:public: static struct QListData::Data const QListData::shared_null
00007FFEE5FCD26F     | 48:8B4424 60             | mov rax,qword ptr ss:[rsp+60]                                   | [rsp+60]:public: static struct QListData::Data const QListData::shared_null
00007FFEE5FCD274     | 48:898424 80000000       | mov qword ptr ss:[rsp+80],rax                                   |
00007FFEE5FCD27C     | 48:8B9424 78010000       | mov rdx,qword ptr ss:[rsp+178]                                  |
00007FFEE5FCD284     | 48:8B4C24 68             | mov rcx,qword ptr ss:[rsp+68]                                   | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170, [rsp+68]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+603DB
00007FFEE5FCD289     | E8 B252F9FF              | call acbasewidget141.7FFEE5F62540                               |
00007FFEE5FCD28E     | 48:898424 88000000       | mov qword ptr ss:[rsp+88],rax                                   | [rsp+88]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+61955
00007FFEE5FCD296     | 48:8D9424 98000000       | lea rdx,qword ptr ss:[rsp+98]                                   | [rsp+98]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+6149C
00007FFEE5FCD29E     | 48:8D4C24 41             | lea rcx,qword ptr ss:[rsp+41]                                   | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD2A3     | E8 F8240000              | call acbasewidget141.7FFEE5FCF7A0                               |
00007FFEE5FCD2A8     | 48:894424 70             | mov qword ptr ss:[rsp+70],rax                                   |
00007FFEE5FCD2AD     | 48:8B4424 70             | mov rax,qword ptr ss:[rsp+70]                                   |
00007FFEE5FCD2B2     | 48:898424 90000000       | mov qword ptr ss:[rsp+90],rax                                   |
00007FFEE5FCD2BA     | 48:8B4424 78             | mov rax,qword ptr ss:[rsp+78]                                   |
00007FFEE5FCD2BF     | 48:894424 30             | mov qword ptr ss:[rsp+30],rax                                   |
00007FFEE5FCD2C4     | 48:8B8424 80000000       | mov rax,qword ptr ss:[rsp+80]                                   |
00007FFEE5FCD2CC     | 48:894424 28             | mov qword ptr ss:[rsp+28],rax                                   |
00007FFEE5FCD2D1     | 48:8B8424 88000000       | mov rax,qword ptr ss:[rsp+88]                                   | [rsp+88]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+61955
00007FFEE5FCD2D9     | 48:894424 20             | mov qword ptr ss:[rsp+20],rax                                   |
00007FFEE5FCD2DE     | 44:8B8C24 70010000       | mov r9d,dword ptr ss:[rsp+170]                                  |
00007FFEE5FCD2E6     | 4C:8B8424 68010000       | mov r8,qword ptr ss:[rsp+168]                                   |
00007FFEE5FCD2EE     | 48:8B9424 90000000       | mov rdx,qword ptr ss:[rsp+90]                                   |
00007FFEE5FCD2F6     | 48:8B8C24 60010000       | mov rcx,qword ptr ss:[rsp+160]                                  | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD2FE     | E8 7B41F9FF              | call <acbasewidget141.public: static int __cdecl CMessageBox::i |
00007FFEE5FCD303     | 894424 44                | mov dword ptr ss:[rsp+44],eax                                   |
00007FFEE5FCD307     | 48:8D8C24 98000000       | lea rcx,qword ptr ss:[rsp+98]                                   | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170, [rsp+98]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+6149C
00007FFEE5FCD30F     | FF15 534E1D00            | call qword ptr ds:[<public: __cdecl QString::~QString(void)>]   |
00007FFEE5FCD315     | 90                       | nop                                                             |
00007FFEE5FCD316     | 48:8D8C24 10010000       | lea rcx,qword ptr ss:[rsp+110]                                  | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD31E     | FF15 DC561D00            | call qword ptr ds:[<public: virtual __cdecl QPixmap::~QPixmap(v |
00007FFEE5FCD324     | 90                       | nop                                                             |
00007FFEE5FCD325     | 48:8D8C24 A0000000       | lea rcx,qword ptr ss:[rsp+A0]                                   | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD32D     | FF15 354E1D00            | call qword ptr ds:[<public: __cdecl QString::~QString(void)>]   |
00007FFEE5FCD333     | 90                       | nop                                                             |
00007FFEE5FCD334     | 48:8B8C24 68010000       | mov rcx,qword ptr ss:[rsp+168]                                  | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD33C     | FF15 264E1D00            | call qword ptr ds:[<public: __cdecl QString::~QString(void)>]   |
00007FFEE5FCD342     | 90                       | nop                                                             |
00007FFEE5FCD343     | 48:8B8C24 78010000       | mov rcx,qword ptr ss:[rsp+178]                                  | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD34B     | E8 A565F9FF              | call acbasewidget141.7FFEE5F638F5                               |
00007FFEE5FCD350     | 8B4424 44                | mov eax,dword ptr ss:[rsp+44]                                   |
00007FFEE5FCD354     | E9 74010000              | jmp acbasewidget141.7FFEE5FCD4CD                                |
00007FFEE5FCD359     | E9 53010000              | jmp acbasewidget141.7FFEE5FCD4B1                                |
00007FFEE5FCD35E     | 48:8D8424 08010000       | lea rax,qword ptr ss:[rsp+108]                                  | [rsp+108]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+69F9D
00007FFEE5FCD366     | 48:898424 B8000000       | mov qword ptr ss:[rsp+B8],rax                                   |
00007FFEE5FCD36E     | 48:8D4424 42             | lea rax,qword ptr ss:[rsp+42]                                   |
00007FFEE5FCD373     | 48:8BF8                  | mov rdi,rax                                                     | rax:"@"
00007FFEE5FCD376     | 33C0                     | xor eax,eax                                                     |
00007FFEE5FCD378     | B9 01000000              | mov ecx,1                                                       |
00007FFEE5FCD37D     | F3:AA                    | rep stosb                                                       |
00007FFEE5FCD37F     | 48:8D8C24 F0000000       | lea rcx,qword ptr ss:[rsp+F0]                                   | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD387     | FF15 934B1D00            | call qword ptr ds:[<public: __cdecl QString::QString(void)>]    |
00007FFEE5FCD38D     | 48:898424 A8000000       | mov qword ptr ss:[rsp+A8],rax                                   |
00007FFEE5FCD395     | 48:8B8424 A8000000       | mov rax,qword ptr ss:[rsp+A8]                                   |
00007FFEE5FCD39D     | 48:898424 C8000000       | mov qword ptr ss:[rsp+C8],rax                                   | [rsp+C8]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+6199F
00007FFEE5FCD3A5     | 48:8D8C24 30010000       | lea rcx,qword ptr ss:[rsp+130]                                  | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD3AD     | FF15 AD551D00            | call qword ptr ds:[<public: __cdecl QPixmap::QPixmap(void)>]    |
00007FFEE5FCD3B3     | 48:898424 B0000000       | mov qword ptr ss:[rsp+B0],rax                                   |
00007FFEE5FCD3BB     | 48:8B8424 B0000000       | mov rax,qword ptr ss:[rsp+B0]                                   |
00007FFEE5FCD3C3     | 48:898424 D0000000       | mov qword ptr ss:[rsp+D0],rax                                   |
00007FFEE5FCD3CB     | 48:8B9424 78010000       | mov rdx,qword ptr ss:[rsp+178]                                  |
00007FFEE5FCD3D3     | 48:8B8C24 B8000000       | mov rcx,qword ptr ss:[rsp+B8]                                   | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD3DB     | E8 6051F9FF              | call acbasewidget141.7FFEE5F62540                               |
00007FFEE5FCD3E0     | 48:898424 D8000000       | mov qword ptr ss:[rsp+D8],rax                                   |
00007FFEE5FCD3E8     | 48:8D9424 E8000000       | lea rdx,qword ptr ss:[rsp+E8]                                   | [rsp+E8]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+69874
00007FFEE5FCD3F0     | 48:8D4C24 42             | lea rcx,qword ptr ss:[rsp+42]                                   | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD3F5     | E8 E6240000              | call acbasewidget141.7FFEE5FCF8E0                               |
00007FFEE5FCD3FA     | 48:898424 C0000000       | mov qword ptr ss:[rsp+C0],rax                                   |
00007FFEE5FCD402     | 48:8B8424 C0000000       | mov rax,qword ptr ss:[rsp+C0]                                   |
00007FFEE5FCD40A     | 48:898424 E0000000       | mov qword ptr ss:[rsp+E0],rax                                   |
00007FFEE5FCD412     | 48:8B8424 C8000000       | mov rax,qword ptr ss:[rsp+C8]                                   | [rsp+C8]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+6199F
00007FFEE5FCD41A     | 48:894424 30             | mov qword ptr ss:[rsp+30],rax                                   |
00007FFEE5FCD41F     | 48:8B8424 D0000000       | mov rax,qword ptr ss:[rsp+D0]                                   |
00007FFEE5FCD427     | 48:894424 28             | mov qword ptr ss:[rsp+28],rax                                   |
00007FFEE5FCD42C     | 48:8B8424 D8000000       | mov rax,qword ptr ss:[rsp+D8]                                   |
00007FFEE5FCD434     | 48:894424 20             | mov qword ptr ss:[rsp+20],rax                                   |
00007FFEE5FCD439     | 44:8B8C24 70010000       | mov r9d,dword ptr ss:[rsp+170]                                  |
00007FFEE5FCD441     | 4C:8B8424 68010000       | mov r8,qword ptr ss:[rsp+168]                                   |
00007FFEE5FCD449     | 48:8B9424 E0000000       | mov rdx,qword ptr ss:[rsp+E0]                                   |
00007FFEE5FCD451     | 48:8B8C24 60010000       | mov rcx,qword ptr ss:[rsp+160]                                  | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD459     | E8 2040F9FF              | call <acbasewidget141.public: static int __cdecl CMessageBox::i |
00007FFEE5FCD45E     | 894424 48                | mov dword ptr ss:[rsp+48],eax                                   |
00007FFEE5FCD462     | 48:8D8C24 E8000000       | lea rcx,qword ptr ss:[rsp+E8]                                   | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170, [rsp+E8]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+69874
00007FFEE5FCD46A     | FF15 F84C1D00            | call qword ptr ds:[<public: __cdecl QString::~QString(void)>]   |
00007FFEE5FCD470     | 90                       | nop                                                             |
00007FFEE5FCD471     | 48:8D8C24 30010000       | lea rcx,qword ptr ss:[rsp+130]                                  | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD479     | FF15 81551D00            | call qword ptr ds:[<public: virtual __cdecl QPixmap::~QPixmap(v |
00007FFEE5FCD47F     | 90                       | nop                                                             |
00007FFEE5FCD480     | 48:8D8C24 F0000000       | lea rcx,qword ptr ss:[rsp+F0]                                   | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD488     | FF15 DA4C1D00            | call qword ptr ds:[<public: __cdecl QString::~QString(void)>]   |
00007FFEE5FCD48E     | 90                       | nop                                                             |
00007FFEE5FCD48F     | 48:8B8C24 68010000       | mov rcx,qword ptr ss:[rsp+168]                                  | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD497     | FF15 CB4C1D00            | call qword ptr ds:[<public: __cdecl QString::~QString(void)>]   |
00007FFEE5FCD49D     | 90                       | nop                                                             |
00007FFEE5FCD49E     | 48:8B8C24 78010000       | mov rcx,qword ptr ss:[rsp+178]                                  | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD4A6     | E8 4A64F9FF              | call acbasewidget141.7FFEE5F638F5                               |
00007FFEE5FCD4AB     | 8B4424 48                | mov eax,dword ptr ss:[rsp+48]                                   |
00007FFEE5FCD4AF     | EB 1C                    | jmp acbasewidget141.7FFEE5FCD4CD                                |
00007FFEE5FCD4B1     | 48:8B8C24 68010000       | mov rcx,qword ptr ss:[rsp+168]                                  | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD4B9     | FF15 A94C1D00            | call qword ptr ds:[<public: __cdecl QString::~QString(void)>]   |
00007FFEE5FCD4BF     | 48:8B8C24 78010000       | mov rcx,qword ptr ss:[rsp+178]                                  | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD4C7     | E8 2964F9FF              | call acbasewidget141.7FFEE5F638F5                               |
00007FFEE5FCD4CC     | 90                       | nop                                                             |
00007FFEE5FCD4CD     | 48:81C4 50010000         | add rsp,150                                                     |
00007FFEE5FCD4D4     | 5F                       | pop rdi                                                         |
00007FFEE5FCD4D5     | C3                       | ret                                                             |

发现不了有用信息,我就继续ret出去看看,出去又回到了程序等待状态。帮忙分析下如何才能正确下段


经过我不断尝试,在点击确认后被我断下,但是接下来的代码是一窍不通,用注册用户和未注册用户我去跟踪流程,都没有找到有用信息,随时跟丢。请大神们帮帮分析分析》
[Asm] 纯文本查看 复制代码
00007FFFC5639E5A     | 56                       | push rsi                                                        |
00007FFFC5639E5B     | 9C                       | pushfq                                                          |
00007FFFC5639E5C     | 48:BE 85308123052D6F31   | mov rsi,316F2D0523813085                                        |
00007FFFC5639E66     | 55                       | push rbp                                                        |
00007FFFC5639E67     | 48:BD D93A0F6F94137E12   | mov rbp,127E13946F0F3AD9                                        | 确认按钮断点
00007FFFC5639E71     | 40:2AF5                  | sub sil,bpl                                                     |
00007FFFC5639E74     | E8 6004EBFF              | call acdownloadwidget141.7FFFC54EA2D9                           |
00007FFFC5639E79     | 37                       | ???                                                             |
00007FFFC5639E7A     | E8 50EFEAFF              | call acdownloadwidget141.7FFFC54E8DCF                           |
00007FFFC5639E7F     | 1D 41559C49              | sbb eax,499C5541                                                |
00007FFFC5639E84     | BD 2A21D05C              | mov ebp,5CD0212A                                                |
00007FFFC5639E89     | 011C49                   | add dword ptr ds:[rcx+rcx*2],ebx                                |
00007FFFC5639E8C     | 72 4E                    | jb acdownloadwidget141.7FFFC5639EDC                             |
00007FFFC5639E8E     | 8D2CED 19459066          | lea ebp,qword ptr ds:[rbp*8+66904519]                           |
00007FFFC5639E95     | 6641:BD C13C             | mov r13w,3CC1                                                   |
00007FFFC5639E9A     | 41:81ED 812AE66E         | sub r13d,libaprutil-1.6EE62A81                                  |
00007FFFC5639EA1     | E8 AFFAEAFF              | call acdownloadwidget141.7FFFC54E9955                           |
00007FFFC5639EA6     | 27                       | ???                                                             |
00007FFFC5639EA7     | E8 8F13EBFF              | call acdownloadwidget141.7FFFC54EB23B                           |
00007FFFC5639EAC     | A0 E8F7F0EAFF774153      | mov al,byte ptr ds:[534177FFEAF0F7E8]                           |
00007FFFC5639EB5     | 9C                       | pushfq                                                          |
00007FFFC5639EB6     | 49:BB BD663414A6264E2A   | mov r11,2A4E26A6143466BD                                        |
00007FFFC5639EC0     | 41:80CB 22               | or r11b,22                                                      |
00007FFFC5639EC4     | E8 2D0CEBFF              | call acdownloadwidget141.7FFFC54EAAF6                           |
00007FFFC5639EC9     | E1 68                    | loope acdownloadwidget141.7FFFC5639F33                          |
00007FFFC5639ECB     | B2 02                    | mov dl,2                                                        |
00007FFFC5639ECD     | 16                       | ???                                                             |
00007FFFC5639ECE     | 54                       | push rsp                                                        |
00007FFFC5639ECF     | 9C                       | pushfq                                                          |
00007FFFC5639ED0     | 807C24 08 70             | cmp byte ptr ss:[rsp+8],70                                      | 70:'p'
00007FFFC5639ED5     | 0F8D 13000000            | jge acdownloadwidget141.7FFFC5639EEE                            |
00007FFFC5639EDB     | 66:F75424 08             | not word ptr ss:[rsp+8]                                         |
00007FFFC5639EE0     | 48:C74424 08 8469BF7C    | mov qword ptr ss:[rsp+8],7CBF6984                               |
00007FFFC5639EE9     | FF7424 00                | push qword ptr ss:[rsp]                                         |
00007FFFC5639EED     | 9D                       | popfq                                                           |
00007FFFC5639EEE     | 48:8D6424 08             | lea rsp,qword ptr ss:[rsp+8]                                    |
00007FFFC5639EF3     | E8 F20CFFFF              | call acdownloadwidget141.7FFFC562ABEA                           |
00007FFFC5639EF8     | EF                       | out dx,eax                                                      |
00007FFFC5639EF9     | 41:54                    | push r12                                                        |
00007FFFC5639EFB     | 49:BC DA1F506A930F3060   | mov r12,60300F936A501FDA                                        |
00007FFFC5639F05     | E8 5010EBFF              | call acdownloadwidget141.7FFFC54EAF5A                           |
00007FFFC5639F0A     | 76 E8                    | jbe acdownloadwidget141.7FFFC5639EF4                            |
00007FFFC5639F0C     | 72 D7                    | jb acdownloadwidget141.7FFFC5639EE5                             |
00007FFFC5639F0E     | EA                       | ???                                                             |
00007FFFC5639F0F     | FFC0                     | inc eax                                                         |
00007FFFC5639F11     | 41:55                    | push r13                                                        |
00007FFFC5639F13     | E8 10E6EAFF              | call acdownloadwidget141.7FFFC54E8528                           |
00007FFFC5639F18     | 7F 57                    | jg acdownloadwidget141.7FFFC5639F71                             |
00007FFFC5639F1A     | 48:BF 1C66073FA2753841   | mov rdi,413875A23F07661C                                        |
00007FFFC5639F24     | 56                       | push rsi                                                        |
00007FFFC5639F25     | 41:54                    | push r12                                                        |
00007FFFC5639F27     | 49:BC B14C1C11800E8F4B   | mov r12,4B8F0E80111C4CB1                                        |
00007FFFC5639F31     | E8 2AD4EAFF              | call acdownloadwidget141.7FFFC54E7360                           |
00007FFFC5639F36     | 1141 54                  | adc dword ptr ds:[rcx+54],eax                                   |
00007FFFC5639F39     | 9C                       | pushfq                                                          |
00007FFFC5639F3A     | 49:BC AB710C6CBA711965   | mov r12,651971BA6C0C71AB                                        |
00007FFFC5639F44     | 41:81CC CF05144C         | or r12d,4C1405CF                                                |
00007FFFC5639F4B     | 0F8E E6FFFFFF            | jle acdownloadwidget141.7FFFC5639F37                            |
00007FFFC5639F51     | 45:0FBEE4                | movsx r12d,r12b                                                 |
00007FFFC5639F55     | 4C:8B6424 08             | mov r12,qword ptr ss:[rsp+8]                                    |
00007FFFC5639F5A     | 48:C74424 08 ACE49A78    | mov qword ptr ss:[rsp+8],789AE4AC                               |
00007FFFC5639F63     | FF7424 00                | push qword ptr ss:[rsp]                                         |
00007FFFC5639F67     | 9D                       | popfq                                                           |
00007FFFC5639F68     | 48:8D6424 08             | lea rsp,qword ptr ss:[rsp+8]                                    |
00007FFFC5639F6D     | E8 D1E8F1FF              | call acdownloadwidget141.7FFFC5558843                           |
00007FFFC5639F72     | 36:E8 1FFEEAFF           | call acdownloadwidget141.7FFFC54E9D97                           |


后续我看了下流程图,吓死我了,这是真么一个流程呢?

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

沙发
LXGZJ237 发表于 2024-5-30 01:05
能提供程序吗?
3#
 楼主| xujidejia 发表于 2024-5-30 08:12 |楼主
本帖最后由 xujidejia 于 2024-6-16 11:06 编辑

,谢谢大哥,我也正在看你发布的文章
4#
nayiye00 发表于 2024-5-30 09:54
5#
LXGZJ237 发表于 2024-6-1 19:20
xujidejia 发表于 2024-5-30 08:12
链接:https://pan.baidu.com/s/1RZd6dPihq9V8E4XdsXjirw
提取码:xl1l
--来自百度网盘超级会员V4的 ...

提取码错误
6#
 楼主| xujidejia 发表于 2024-6-3 16:53 |楼主

测试了,正确的,大写是:XL1L
7#
shuaier 发表于 2024-6-15 20:41
看了下好像是某地图下载器的,破解比较简单
8#
shuaier 发表于 2024-6-15 20:48
9#
 楼主| xujidejia 发表于 2024-6-16 10:28 |楼主

这个我已经搞定了,
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-12 09:55

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表