MIR4传奇4 明文包分析+接任务CALL及参数分析
外挂技术及游戏安全研究
本教程视频1920*1080分辩率下观看最佳
VS2017+win10 64位 环境
郁金香老师: 150330575 //Q+Q
欢迎大家参加 郁金香灬技术 游戏安全与外挂的研究学习。
兴趣是我们最好的老师
成长需要过程与循序渐进
兴趣+坚持+时间+优秀的课教程会帮助你快速成功
需要准备工具 CrazyDbg调试器和配套的CE和xdbg
免责申明:
本课程仅供个人学习和研究软件内含的设计思想和原理,不得用于非法用途.
参考
16课和28课
学习目标:
041-分析接任务CALL和明文组包
00007FF66538CF3F | CC | int3 |
00007FF66538CF40 | 40:53 | push rbx |
00007FF66538CF42 | 48:83EC 20 | sub rsp, 20 |
00007FF66538CF46 | 48:897C24 38 | mov qword ptr ss:, rdi |
00007FF66538CF4B | 48:8BD9 | mov rbx, rcx |
00007FF66538CF4E | E8 7D3BFDFF | call mir4s.7FF665360AD0 |
00007FF66538CF53 | 0FB6C8 | movzx ecx, al |
00007FF66538CF56 | 83E9 01 | sub ecx, 1 |
00007FF66538CF59 | 74 0C | je mir4s.7FF66538CF67 |
00007FF66538CF5B | 83F9 01 | cmp ecx, 1 |
00007FF66538CF5E | 75 2D | jne mir4s.7FF66538CF8D |
00007FF66538CF60 | BF A4420F00 | mov edi, F42A4 |
00007FF66538CF65 | EB 05 | jmp mir4s.7FF66538CF6C |
00007FF66538CF67 | BF 40420F00 | mov edi, F4240 |
00007FF66538CF6C | 48:8BD3 | mov rdx, rbx |
00007FF66538CF6F | 48:8D4C24 30 | lea rcx, qword ptr ss: |
00007FF66538CF74 | E8 87E23701 | call mir4s.7FF66670B200 |
00007FF66538CF79 | E8 4244E0FF | call mir4s.7FF6651913C0 |
00007FF66538CF7E | 4C:8B4424 30 | mov r8, qword ptr ss: |
00007FF66538CF83 | 48:8BC8 | mov rcx, rax |
00007FF66538CF86 | 8BD7 | mov edx, edi |
00007FF66538CF88 | E8 A3B0E1FF | call mir4s.7FF6651A8030 |
00007FF66538CF8D | 83BB 30030000 00 | cmp dword ptr ds:, 0 |
00007FF66538CF94 | 48:8B7C24 38 | mov rdi, qword ptr ss: |
00007FF66538CF99 | 74 30 | je mir4s.7FF66538CFCB |
00007FF66538CF9B | 48:8B8B 28030000 | mov rcx, qword ptr ds: |
00007FF66538CFA2 | 48:85C9 | test rcx, rcx |
00007FF66538CFA5 | 74 24 | je mir4s.7FF66538CFCB |
00007FF66538CFA7 | 48:8B01 | mov rax, qword ptr ds: |
00007FF66538CFAA | FF50 28 | call qword ptr ds: |
00007FF66538CFAD | 84C0 | test al, al |
00007FF66538CFAF | 74 1A | je mir4s.7FF66538CFCB |
00007FF66538CFB1 | 83BB 30030000 00 | cmp dword ptr ds:, 0 |
00007FF66538CFB8 | 74 09 | je mir4s.7FF66538CFC3 |
00007FF66538CFBA | 48:8B8B 28030000 | mov rcx, qword ptr ds: | 48 8B8B 28030000EB 0233C9 48 8B01 FF50 50 如果没大更新 可用此特征码定位
00007FF66538CFC1 | EB 02 | jmp mir4s.7FF66538CFC5 |
00007FF66538CFC3 | 33C9 | xor ecx, ecx |
00007FF66538CFC5 | 48:8B01 | mov rax, qword ptr ds: |
核心部分分析 回复可见
**** Hidden Message *****
论坛网址 www.yjxsoft.com
郁金香老师:QQ-150330575
VIP群 153338418
QQ交流群 909233189569245158280115
页:
[1]