记录!
00401000 > E8 57000000 call CRACKME.0040105C // 修改call 0040105C
00401005 90 nop
00401006 90 nop
00401007 |. A3 CA204000 mov dword ptr ds:[0x4020CA],eax
0040100C |. 6A 00 push 0x0 ; /Title = NULL
0040100E |. 68 F4204000 push CRACKME.004020F4 ; |No need to disasm the code!
00401013 |. E8 A6040000 call <jmp.&USER32.FindWindowA> ; FindWindowA
00401018 |. 0BC0 or eax,eax
0040101A |. 74 01 je short CRACKME.0040101D
0040101C |. C3 retn
0040101D |> C705 64204000>mov dword ptr ds:[0x402064],0x4003
00401027 |. C705 68204000>mov dword ptr ds:[0x402068],CRACKME.WndP>; è
00401031 |. C705 6C204000>mov dword ptr ds:[0x40206C],0x0
0040103B |. C705 70204000>mov dword ptr ds:[0x402070],0x0
00401045 |. A1 CA204000 mov eax,dword ptr ds:[0x4020CA]
0040104A |. A3 74204000 mov dword ptr ds:[0x402074],eax
0040104F |. 6A 64 push 0x64 ; /RsrcName = 100.
00401051 |. 50 push eax ; |hInst = NULL
00401052 |. E8 D1030000 call <jmp.&USER32.LoadIconA> ; LoadIconA
00401057 |. A3 78204000 mov dword ptr ds:[0x402078],eax
0040105C 3E:C70424 9F1>mov dword ptr ds:[esp],CRACKME.0040109F //修改mov dword ptr ds:[esp],0x40109F
00401064 B8 01000000 mov eax,0x1 //mov eax,0x1
00401069 C3 retn //修改ret
结果:
F8:跑飞
F7:继续跟0040109F,位置丢