ad safe3.5.4.721汇编日志和笔记:

ad safe3.5.4.721汇编日志和笔记:

八月 11, 2015 Mind_Code汇编破解 暂无评论 2人访问 编辑当前文章

原创 : 奇幻软件坊  出品

ad safe3 汇编修改配图说明

直接修改为免提示，退出程序！
＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝
00119252 |. B9 F04B2000 mov ecx, 888.00204BF0 ; 退出ADSafe后，您的电脑将不能拦截广告，您确定要退出吗？
00119257 |. E8 54B1FEFF call 888.001043B0
0011925C |. 51 push ecx
0011925D |. 8BCC mov ecx, esp
0011925F |. C78424 E80300>mov dword ptr ss:[esp+0x3E8], 0xE
0011926A 896424 48 mov dword ptr ss:[esp+0x48], esp ; 这里改成 jmp 888.001492C7
0011926E 51 push ecx
0011926F |. B9 304C2000 mov ecx, 888.00204C30 ; ADSafe – 退出程序
00119274 |. E8 37B1FEFF call 888.001043B0
00119279 |. 6A 02 push 0x2
0011927B |. 8BCB mov ecx, ebx
0011927D |. C68424 EC0300>mov byte ptr ss:[esp+0x3EC], 0xF
00119285 |. FF15 F0A11F00 call dword ptr ds:[<&DuiLib.DuiLib::C>; DuiLib.DuiLib::CWindowWnd::GetHWND
0011928B |. 8BC8 mov ecx, eax
0011928D |. 89BC24 EC0300>mov dword ptr ss:[esp+0x3EC], edi
00119294 |. E8 D79DFEFF call 888.00103070
00119299 |. 83C4 0C add esp, 0xC
0011929C |. 83F8 01 cmp eax, 0x1
0011929F |. 0F85 0D020000 jnz 888.001194B2
001192A5 |. 8BFB mov edi, ebx
001192A7 |. E8 E40C0000 call 888.00119F90
001192AC |. 80BB F4070000>cmp byte ptr ds:[ebx+0x7F4], 0x0
001192B3 |. 74 0E je short 888.001192C3
001192B5 |. 833D B0992400>cmp dword ptr ds:[0x2499B0], 0x0
001192BC |. 75 05 jnz short 888.001192C3
001192BE |. E8 CD19FEFF call 888.000FAC90
001192C3 |> 6A 01 push 0x1
001192C5 |. 8BCB mov ecx, ebx
001192C7 |. FF15 1CA31F00 call dword ptr ds:[<&DuiLib.DuiLib::C>; DuiLib.DuiLib::CWindowWnd::Close
001192C7
1▲
+3
1492C7
=================＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝=====
推算出来的新版本的汇编地址是：
011DE4AC 896424 1C mov dword ptr ss:[esp+0x1C], esp ; 改这里 jmp 14DE509
011DE4B0 51 push ecx
011DE4B1 |. B9 10522D01 mov ecx, ADSafe.012D5210 ; ADSafe – 退出程序
011DE4B6 |. E8 B561FEFF call ADSafe.011C4670
011DE4BB |. 6A 02 push 0x2
011DE4BD |. 8BCB mov ecx, ebx
011DE4BF |. C68424 EC0300>mov byte ptr ss:[esp+0x3EC], 0xF
011DE4C7 |. FF15 E0A12C01 call dword ptr ds:[<&DuiLib.DuiLib::C>; DuiLib.DuiLib::CWindowWnd::GetHWND
011DE4CD |. 8BC8 mov ecx, eax
011DE4CF |. 89BC24 EC0300>mov dword ptr ss:[esp+0x3EC], edi
011DE4D6 E8 954AFEFF call ADSafe.011C2F70 ==========================exit program
011DE4DB |. 83C4 0C add esp, 0xC
011DE4DE |. 83F8 01 cmp eax, 0x1
011DE4E1 |. 0F85 AB020000 jnz ADSafe.011DE792
011DE4E7 |. 8BFB mov edi, ebx
011DE4E9 |. E8 720D0000 call ADSafe.011DF260
011DE4EE |. 80BB 04080000>cmp byte ptr ds:[ebx+0x804], 0x0
011DE4F5 |. 74 0E je short ADSafe.011DE505
011DE4F7 |. 833D 906B3401>cmp dword ptr ds:[0x1346B90], 0x0
011DE4FE |. 75 05 jnz short ADSafe.011DE505
011DE500 |. E8 EBC7FDFF call ADSafe.011BACF0
011DE505 |> 6A 01 push 0x1
011DE507 |. 8BCB mov ecx, ebx
011DE509 |. FF15 30A32C01 call dword ptr ds:[<&DuiLib.DuiLib::C>; 11DE509 第2个1前面加3 得14DE509
＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝
干掉启动时的那个大对话框！
00FBD36B FF15 E8A10A01 call dword ptr ds:[<&DuiLib.DuiLib::C>; DuiLib.DuiLib::CWindowWnd::ShowWindow 这个地方回车进入,正好是DuiLib.dll,retn就好了。
00FBD371 . E9 19050000 jmp 222.00FBD88F
00FBD376 > 803D D20E0F01>cmp byte ptr ds:[0x10F0ED2], 0x0
00FBD37D . 74 05 je short 222.00FBD384
00FBD37F . E8 4CD4FFFF call 222.00FBA7D0
00FBD384 > 68 A4500B01 push 222.010B50A4 ; /WM_ADSAFESHOWMAIN
00FBD389 . FF15 6CA80A01 call dword ptr ds:[<&KERNEL32.OutputD>; \OutputDebugStringA
00FBD38F . 68 FF000000 push 0xFF
00FBD394 . 8D4B 2C lea ecx, dword ptr ds:[ebx+0x2C]
00FBD397 . FF15 04A10A01 call dword ptr ds:[<&DuiLib.DuiLib::C>; DuiLib.DuiLib::CPaintManagerUI::SetTransparent
00FBD39D . 6A 01 push 0x1
00FBD39F . 6A 01 push 0x1
00FBD3A1 . 8BCB mov ecx, ebx
00FBD3A3 . FF15 E8A10A01 call dword ptr ds:[<&DuiLib.DuiLib::C>; DuiLib.DuiLib::CWindowWnd::ShowWindow

 

奇幻软件坊 标记: 日志汇编破解笔记