微软今早开启Windows 10 RedStone 3新版推送,版本号Build 16188,面向PC快速通道会员推送。这次的更新主要针对Egde浏览器功能方面的加强,下面带来Win10 Build 16188新版本更新内容详细介绍。
软件背景资料 运行平台: Win9X 文件名称: setup97.exe 程序类型: 备份工具 下载地点: http://www.centered.com 文件大小: 702KB 使用的工具 SoftIce V4.0--Win9X Debugger W32Dasm V8.93--Win9X Dissembler Hex WorkShop v2.54--Hex Editor RegSnap V2.51--Registry Analyzing Tool 难易程度 Easy(x) Medium( ) Hard( ) Pro( ) ----------=======声明========---------- 未经作者同意,不得修改、引用原文,一切权利保留。 本教程只供教学用,其他一切用途皆被禁止。 ----------=======软件介绍========---------- 软件的作者这样说: Second Copy 97 allows you to keep a second copy" of all your important files at a different location. Set it up once and forget about it. Second Copy 97 will copy your files at specified intervals in the background without manual intervention. Initially it will copy all specified files. In subsequent runs it will only copy new or changed files. ----------=======软件的保护机制========------- 典型的name/code注册形式,未注册时,每次启动都有nagscreen,告诉你还可以使用多少天 ,时间和注册信息均存在本软件同目录下的SC97.cfg文件中 SC97.cfg格式(sample): [General] Settings=8E21 〈==第一次运行的时间 Version=5.31 Build=96 RegName=dREAMtHEATER RegKey=466A-2E7B-37B2 这实际上就是一个INI文件,只有[General]一个小节,不要被他的文件扩展名所迷惑! 另外,我还需说明,code还分"Single User License"与"Site License"之分,后面我会详 讲。 ----------========正文========---------- Part1 Snippet out code 在注册窗口中,输入任意的name/code,我输入dREAMtHEATER/1234567890 在SoftIce中设断点bpx hmemcpy ,Ctrl-D,回到注册窗口,press Register" button,重新回 到SoftIce中,再次Ctrl-D,又立即回到SoftIce中,"bc *",取消所有断点,Press F12数次,程序停 在: :00461DAE E875A5FCFF call 0042C328 :00461DB3 8B45F8 mov eax, dword ptr [ebp-08] Version" | :00461E50 B9D01F4600 mov ecx, 00461FD0 * Possible StringData Ref from Code Obj ->"General" | :00461E55 BAB01F4600 mov edx, 00461FB0 :00461E5A 8B45FC mov eax, dword ptr [ebp-04] :00461E5D E88A1AFEFF call 004438EC :00461E62 6A00 push 00000000 * Possible StringData Ref from Code Obj ->"You are now registered with | :00461E64 68E01F4600 push 00461FE0 :00461E69 8D55EC lea edx, dword ptr [ebp-14] :00461E6C 8BC6 mov eax, esi :00461E6E E87155FAFF call 004073E4 :00461E73 FF75EC push [ebp-14] * Possible StringData Ref from Code Obj ->" user license." | :00461E76 6808204600 push 00462008 :00461E7B 6820204600 push 00462020 * Possible StringData Ref from Code Obj ->"Keep the registration key in a ->"safe place." | :00461E80 6830204600 push 00462030 :00461E85 6820204600 push 00462020 * Possible StringData Ref from Code Obj ->"You can also see this key on the ->"About box." | :00461E8A 6864204600 push 00462064 :00461E8F 8D45F0 lea eax, dword ptr [ebp-10] :00461E92 BA07000000 mov edx, 00000007 :00461E97 E8601EFAFF call 00403CFC :00461E9C 8B45F0 mov eax, dword ptr [ebp-10] :00461E9F 668B0D6C1F4600 mov cx, word ptr [00461F6C] :00461EA6 B202 mov dl, 02 :00461EA8 E833E5FDFF call 004403E0 :00461EAD A194CE4700 mov eax, dword ptr [0047CE94] :00461EB2 8B00 mov eax, dword ptr [eax] :00461EB4 33D2 xor edx, edx :00461EB6 E839F8FFFF call 004616F4 :00461EBB C7835001000001000000 mov dword ptr [ebx+00000150], 00000001 :00461EC5 33C0 xor eax, eax :00461EC7 5A pop edx :00461EC8 59 pop ecx :00461EC9 59 pop ecx :00461ECA 648910 mov dword ptr fs:[eax], edx :00461ECD 68351F4600 push 00461F35 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00461EE0(U) | :00461ED2 8B45FC mov eax, dword ptr [ebp-04] :00461ED5 E84E0FFAFF call 00402E28 :00461EDA C3 ret :00461EDB E90015FAFF jmp 004033E0 :00461EE0 EBF0 jmp 00461ED2 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00461DD2(C) | :00461EE2 8D55F8 lea edx, dword ptr [ebp-08] :00461EE5 8B83F0010000 mov eax, dword ptr [ebx+000001F0] :00461EEB E838A4FCFF call 0042C328 :00461EF0 8B55F8 mov edx, dword ptr [ebp-08] * Possible StringData Ref from Code Obj ->"HELPMEPLEASE" | :00461EF3 B898204600 mov eax, 00462098 :00461EF8 E82720FAFF call 00403F24 :00461EFD 85C0 test eax, eax :00461EFF 7E1F jle 00461F20 :00461F01 8B83F4010000 mov eax, dword ptr [ebx+000001F4] :00461F07 8B88E0000000 mov ecx, dword ptr [eax+000000E0] :00461F0D A1DCCF4700 mov eax, dword ptr [0047CFDC] :00461F12 8B00 mov eax, dword ptr [eax] :00461F14 BA01000000 mov edx, 00000001 :00461F19 E8524FFCFF call 00426E70 :00461F1E EB15 jmp 00461F35 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00461EFF(C) | :00461F20 6A00 push 00000000 :00461F22 668B0D6C1F4600 mov cx, word ptr [00461F6C] :00461F29 B201 mov dl, 01 * Possible StringData Ref from Code Obj ->"Invalid Registration Key" | :00461F2B B8B0204600 mov eax, 004620B0 :00461F30 E8ABE4FDFF call 004403E0 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00461DA0(U), :00461F1E(U) | :00461F35 33C0 xor eax, eax :00461F37 5A pop edx :00461F38 59 pop ecx :00461F39 59 pop ecx :00461F3A 648910 mov dword ptr fs:[eax], edx :00461F3D 68641F4600 push 00461F64 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00461F62(U) | :00461F42 8D45EC lea eax, dword ptr [ebp-14] :00461F45 BA02000000 mov edx, 00000002 :00461F4A E8951AFAFF call 004039E4 :00461F4F 8D45F4 lea eax, dword ptr [ebp-0C] :00461F52 BA02000000 mov edx, 00000002 :00461F57 E8881AFAFF call 004039E4 :00461F5C C3 ret 让我们trace into call 004611A0 * Referenced by a CALL at Addresses: |:00461BF5 , :00461DC9 , :00462BBF , :004635B8 | :004611A0 55 push ebp :004611A1 8BEC mov ebp, esp :004611A3 33C9 xor ecx, ecx :004611A5 51 push ecx :004611A6 51 push ecx :004611A7 51 push ecx :004611A8 51 push ecx :004611A9 53 push ebx :004611AA 56 push esi :004611AB 57 push edi :004611AC 8BDA mov ebx, edx :004611AE 8BF0 mov esi, eax :004611B0 33C0 xor eax, eax :004611B2 55 push ebp :004611B3 688C124600 push 0046128C :004611B8 64FF30 push dword ptr fs:[eax] :004611BB 648920 mov dword ptr fs:[eax], esp :004611BE 85F6 test esi, esi :004611C0 0F84A9000000 je 0046126F :004611C6 8BC3 mov eax, ebx :004611C8 E86F2AFAFF call 00403C3C
专题文集:破解文章 windows
引用标题:《And 16188开启推送》
来源地址:https://www.xjanfang.cn/news/tpart-22005.html
