|
00401DB9 |. 85C0 |test eax,eax 00401DBB 7E 09 jle short dumped.00401DC6 ; 这里要跳转 00401DBD |. 8B55 D8 |mov edx,dword ptr ss:[ebp-28] 00401DC0 |. 4A |dec edx
关键点二: 00401DF3 |. A1 94B76800 |mov eax,dword ptr ds:[68B794] 00401DF8 |. 3BC8 |cmp ecx,eax 00401DFA 75 2E jnz short dumped.00401E2A ; 这里是一个关键CALL,不能跳
mov edx.dword ptr ds:[6400C0] mov dword ptr ds:[68B794],edx cmp ecx,eax jnz xxxx 不等于时转移. 所以我们要让这个两个里面的内容相等,这里是用来限制ISO软件的大小,
1. 00401DBB |. /7E 09 |jle short dumped.00401DC6 ; 这里要跳转,修改为JMP 00401DBD |. |8B55 D8 |mov edx,dword ptr ss:[ebp-28] 00401DC0 |. |4A |dec edx 00401DC1 |. |8955 DC |mov dword ptr ss:[ebp-24],edx 00401DC4 |. |EB 56 |jmp short dumped.00401E1C 00401DC6 |> 8B4D BC |mov ecx,dword ptr ss:[ebp-44] 00401DC9 |. 85C9 |test ecx,ecx 00401DCB |. 7D 09 |jge short dumped.00401DD6 00401DCD |. 8B45 D8 |mov eax,dword ptr ss:[ebp-28] 00401DD0 |. 40 |inc eax 00401DD1 |. 8945 C8 |mov dword ptr ss:[ebp-38],eax 00401DD4 |. EB 46 |jmp short dumped.00401E1C 00401DD6 |> FF0D 94B76800 |dec dword ptr ds:[68B794] 00401DDC |. FF0D 94B76800 |dec dword ptr ds:[68B794] 00401DE2 |. 8B55 D0 |mov edx,dword ptr ss:[ebp-30] 00401DE5 |. 83C2 46 |add edx,46 00401DE8 |. 8915 489F6400 |mov dword ptr ds:[649F48],edx 00401DEE |. 8B4D D0 |mov ecx,dword ptr ss:[ebp-30] 00401DF1 |. F7D1 |not ecx 00401DF3 |. A1 94B76800 |mov eax,dword ptr ds:[68B794] 00401DF8 |. 3BC8 |cmp ecx,eax 00401DFA 74 2E je short dumped.00401E2A ; 修改为JE 00401DFC |. 8B15 C0006400 |mov edx,dword ptr ds:[6400C0] 00401E02 |. 8915 94B76800 |mov dword ptr ds:[68B794],edx
2. 004453B7 . /7E 09 jle short dumped.004453C2 ; 修改为JMP 004453B9 . |8B55 D8 mov edx,dword ptr ss:[ebp-28] 004453BC . |4A dec edx 004453BD . |8955 DC mov dword ptr ss:[ebp-24],edx 004453C0 . |EB 56 jmp short dumped.00445418 004453C2 > 8B4D BC mov ecx,dword ptr ss:[ebp-44] 004453C5 . 85C9 test ecx,ecx 004453C7 . 7D 09 jge short dumped.004453D2 |
