OD调试“传奇客星”

7-Port USB 3.0 Hub - DesktopProduct ID: ST7300USB3BThe ST7300USB3B USB 3.0 Hub lets you add seven external USB 3.0 ports to a computer from a single USB 3.0 host connection.Offering data transfer rates up to 5 Gbps, the USB hub meets SuperSpeed USB 3.0 specifications and is backward compatible with USB 2.0 and 1.x devices.Designed for easy port access when connecting or disconnecting devices, the hub features one-sided port orientation, with current overload detection and protection across all seven ports.The hub supports Plug-and-Play and Hot-Swap technologies, letting you switch and operate your connected devices without having to power down the host computer.The USB hub is bus powered for use in environments where a power outlet may be unavailable, but is perfect for high-power USB devices when used with the included optional power adapter.Backed by a 2-year warranty and free lifetime technical support.Certifications, Reports and Compatibility Applications•Expand your system USB 3.0 capabilities with additional ports•Make USB ports more accessible by positioning the hub anywhere within cable reach•Extend the range of USB devices by having the hub act as a mid-point repeater•Separate tightly packed USB ports, to better accommodate larger USB plugs or prevent overcrowdingFeatures•Seven downstream USB 3.0 ports accessible from one side of the hub, with support for up to 5Gbps•Universal, multi-platform compatibility, with no additional drivers required•Plug-and-Play and Hot-Swap compatible•Backward compatible with USB 2.0 and 1.x devices•Current overload detection and protection on each USB port•USB bus powered, includes optional external power adapter for high-power USB devices•Includes USB 3.0 A to B cableWarranty 2 YearsHardware Bus Type USB 3.0Chipset ID VIA/VLI - VL813Fast-Charge Port(s)NoPorts7USB-C Device Port(s)NoUSB-C Host Connection NoPerformance Maximum Data Transfer Rate 5 GbpsMTBF43977.72 hoursType and Rate USB 3.0 - 5 Gbit/sConnector(s)Connector Type(s) 1 - USB Type-B (9 pin) USB 3.0 Female7 - USB Type-A (9 pin) USB 3.0 FemaleSoftware OS Compatibility OS Independent; No additional drivers or software requiredSpecial Notes / Requirements Note If connected to a USB 2.0 host port, performance may belimitedSystem and Cable Requirements Available USB 3.0 portIndicators LED Indicators7 - Hub Port Connection LEDs Power Center Tip Polarity PositiveInput Current 1.3 AInput Voltage100 - 240 ACOutput Current 3 AOutput Voltage12V DCPlug Type MPower Consumption (In Watts)36Power Source AC Adapter Included Environmental Humidity5-95% RHOperating Temperature-2°C to 52°C (29°F to 125°F)Storage Temperature-20°C to 56°C (-4°F to 132°F) PhysicalCharacteristicsColor BlackForm Factor DesktopMaterial PlasticProduct Height0.9 in [2.3 cm]Product Length 6.8 in [17.2 cm]Product Width 2.8 in [70 mm]Weight of Product 5.2 oz [148 g]PackagingPackage Height 2.5 in [63 mm]InformationPackage Length8.2 in [20.9 cm]Package Width 5.8 in [14.8 cm]Shipping (Package) Weight19.6 oz [556 g]What's in the Box Included in Package 1 - USB 3.0 Hub1 - 3.3 ft [1 m] USB 3.0 Cable1 - Universal Power Adapter (NA/JP, EU, UK, ANZ)1 - Instruction ManualProduct appearance and specifications are subject to change without notice.。

OD使用完全教程.txt如果不懂就说出来，如果懂了，就笑笑别说出来。

贪婪是最真实的贫穷，满足是最真实的财富。

幽默就是一个人想哭的时候还有笑的兴致。

OllyDbg调试工具使用完全教程一，什么是 OllyDbg？OllyDbg 是一种具有可视化界面的 32 位汇编-分析调试器。

它的特别之处在于可以在没有源代码时解决问题，并且可以处理其它编译器无法解决的难题。

Version 1.10 是最终的发布版本。

这个工程已经停止，我不再继续支持这个软件了。

但不用担心：全新打造的 OllyDbg 2.00 不久就会面世！运行环境： OllyDbg 可以以在任何采用奔腾处理器的 Windows 95、98、ME、NT 或是 XP（未经完全测试）操作系统中工作，但我们强烈建议您采用300-MHz以上的奔腾处理器以达到最佳效果。

还有，OllyDbg 是极占内存的，因此如果您需要使用诸如追踪调试［Trace］之类的扩展功能话，建议您最好使用128MB以上的内存。

支持的处理器： OllyDbg 支持所有 80x86、奔腾、MMX、3DNOW！、Athlon 扩展指令集、SSE 指令集以及相关的数据格式，但是不支持SSE2指令集。

配置：有多达百余个（天呀！）选项用来设置 OllyDbg 的外观和运行。

数据格式： OllyDbg 的数据窗口能够显示的所有数据格式：HEX、ASCII、UNICODE、 16/32位有/无符号/HEX整数、32/64/80位浮点数、地址、反汇编（MASM、IDEAL或是HLA）、PE文件头或线程数据块。

帮助：此文件中包含了关于理解和使用 OllyDbg 的必要的信息。

如果您还有 Windows API 帮助文件的话（由于版权的问题 win32.hlp 没有包括在内），您可以将它挂在 OllyDbg 中，这样就可以快速获得系统函数的相关帮助。

启动：您可以采用命令行的形式指定可执行文件、也可以从菜单中选择，或直接拖放到OllyDbg中，或者重新启动上一个被调试程序，或是挂接［Attach］一个正在运行的程序。

一、概论壳出于程序作者想对程序资源压缩、注册保护的目的，把壳分为压缩壳和加密壳两种顾名思义，压缩壳只是为了减小程序体积对资源进行压缩，加密壳是程序输入表等等进行加密保护。

当然加密壳的保护能力要强得多！二、常见脱壳方法预备知识1.PUSHAD （压栈）代表程序的入口点,2.POPAD （出栈）代表程序的出口点，与PUSHAD想对应，一般找到这个OEP就在附近3.OEP：程序的入口点，软件加壳就是隐藏了OEP（或者用了假的OEP/FOEP），只要我们找到程序真正的OEP，就可以立刻脱壳。

方法一：单步跟踪法1.用OD载入，点“不分析代码！”2.单步向下跟踪F8，实现向下的跳。

也就是说向上的跳不让其实现！（通过F4）3.遇到程序往回跳的（包括循环），我们在下一句代码处按F4（或者右健单击代码，选择断点——>运行到所选）4.绿色线条表示跳转没实现，不用理会，红色线条表示跳转已经实现！5.如果刚载入程序，在附近就有一个CALL的，我们就F7跟进去，不然程序很容易跑飞，这样很快就能到程序的OEP6.在跟踪的时候，如果运行到某个CALL程序就运行的，就在这个CALL中F7进入7.一般有很大的跳转（大跨段），比如jmp XXXXXX 或者JE XXXXXX 或者有RETN的一般很快就会到程序的OEP。

Btw:在有些壳无法向下跟踪的时候，我们可以在附近找到没有实现的大跳转，右键-->“跟随”,然后F2下断，Shift+F9运行停在“跟随”的位置，再取消断点，继续F8单步跟踪。

一般情况下可以轻松到达OEP！方法二：ESP定律法ESP定理脱壳（ESP在OD的寄存器中，我们只要在命令行下ESP的硬件访问断点，就会一下来到程序的OEP了！）1.开始就点F8，注意观察OD右上角的寄存器中ESP有没突现（变成红色）。

（这只是一般情况下，更确切的说我们选择的ESP值是关键句之后的第一个ESP值）2.在命令行下：dd XXXXXXXX(指在当前代码中的ESP地址，或者是hr XXXXXXXX)，按回车！3.选中下断的地址，断点--->硬件访--->WORD断点。

od使用教程
使用开发者工具（OD）可以帮助开发人员调试和测试应用程序。

下面是一些OD的常用功能和使用方法的教程：
1. 查看控制台输出信息：在OD中打开开发者工具控制台，可以查看应用程序输出的日志、错误和警告信息。

2. 调试JavaScript代码：在OD的“Sources”选项卡中，可以查看和编辑应用程序的JavaScript代码。

可以通过在代码中设置断点，并使用“Step Over”、“Step Into”和“Step Out”等按钮来逐行执行代码。

3. 检查和修改样式：在OD的“Elements”选项卡中，可以查看和修改应用程序的HTML和CSS样式。

可以在“Elements”面板中选择元素，并在“Styles”面板中编辑其样式。

4. 模拟设备和网络：在OD的“Device Mode”选项卡中，可以模拟不同的设备类型和网络条件，以确保应用程序在不同环境下的表现。

5. 监测网络请求：在OD的“Network”选项卡中，可以查看应用程序发送和接收的网络请求。

可以查看请求的详细信息，如请求头、请求参数和响应状态。

6. 性能分析：在OD的“Performance”选项卡中，可以进行应用程序的性能分析。

可以查看页面加载时间、资源占用和函数执行时间等。

这些是OD的一些常用功能和使用方法的简要介绍。

希望对你有帮助！。

Over the Air System Updates2019 Odyssey: Software Update Display Audio/Navigation Available December 22, 2021INTRODUCTIONThis software contains system upgrades and enhancements that remedy a variety of rarely found operational errors. INSTALLATION DETAILSNOTE:•For more information on how to do a software update, see System Updates in the online owner’s manual or https:///vehicles/information/2019/Odyssey/features/System-Updates/3/system-updates-pdf •Due to the variations in the technology as well as how it is used and operates in different vehicles, your vehicle may not have experienced any of the symptoms or issues described below or only one (or some) of them. You should still obtain this software update.•Software download will take about 30 minutes using Wi-Fi.•The vehicle can be used normally even while updates are in progress.•Depending on your vehicle trim, some of the updates may not be applicable to your vehicle.Go to System Updates on the HOME Screen in your vehicle to start the update.PREVIOUS OTA RELEASESSOFTWARE VERSION FDC 17.05.005/NAD 200.0.9A00Over the Air (OTA) software update for Touring and Elite trims equipped with a Telematics Control Unit (TCU). The software will support the transition from a 3G to a VoLTE cellular connection.NOTE:•It is important to accept and install the software update prior to February 2022. Failure to update by February 2022, will result in an interruption to your HondaLink Services that include SOS Ecall, Remote Commands, Automatic Crash Notifications, Vehicle Health Report, Amazon Alexa, etc. After February 2022, restoring HondaLink services, will require a [customer pay] TCU replacement performed by a service technician at an authorized dealer.•If you have any questions pertaining the update, refer to the FAQs at the end of this document.SOFTWARE VERSION B.1.4.4This software contains the following updates:Bug Fixes•Unfortunately, com.honda.auto.hars has stopped, appears after turning ignition ON.•System displays Process system isn’t responding, followed a by system reboot when connecting a broken or non-functioning USB device.•Random system reboot or app crash after pressing the Voice Recognition switch.•Android Auto route is cancelled after a short ignition cycle.•Unfortunately, com.honda.telephonyservice has stopped, appears after turning ignition ON when connected via Bluetooth to an iPhone device.•Software Management, application crash appears during a corrupted Over the Air update via WiFi or USB.•Unfortunately, Rear Entertainment has stopped, appear after switching between the Home screen and the rear entertainment system RES app.•SiriusXM returns to the first preset, after ignition ON and selecting next preset from steering wheel switch.•Android Auto music momentarily drops, when switching from the Android Auto app to a different source.•Over the Air update notification icon is shown when there are no updates available.Improvements•Implemented Over the Air updates via WiFi method only campaigns.•Increased System pre-install timeout, to mitigate Update Failed Code:57D during software pre-installation.•Automatically reconnect to Bluetooth device, after user turns off – on Bluetooth connection on device settings.•Removed Bluetooth friendly device name from system error logs, to media access control (MAC) address.•Automatically transfer from Handset to handsfree mode when call enters “DIALING” state.•Removed Bluetooth Hands Free Profile (HFP) dependency for allowing Android Auto to connect.•Text update from “Changes which doors unlock when you grab the driver's door handle.” to “Changes which doors unlock when you access the vehicle.” For US/UK English, Korean, French, Spanish, Arab.•Apply patch to fix security vulnerability for Android Auto. Mitigate the risk of an application being created, that would cause memory corruption to the System when a device is connected to the vehicle via Android Auto.•Improve phonebook import, if user selects Do not Allow for access to contacts and phone logs at initial Bluetooth pairingSOFTWARE VERSION B.1.3.4NOTE: For Navigation equipped trims, after updating to software version B.1.3.4, the Home Address, Saved, and Recent destinations will be erased.This software contains the following updates:Bug Fixes•MOTO g6 phone causes system to freeze when receiving an incoming call and the Touch Screen does not respond.•Rear Camera response time is slow after shifting into Reverse during system boot up.•Rear Camera does not display when shifting into Reverse.•System does not shut down when the ignition is turned OFF and is accompanied by a pop sound and a Radio Unavailable message.•System does not boot up and the display is stuck on the Honda logo.•Display screen image is frozen and the Touch Screen does not respond.•Call information is missing on meter and top bar of the display when using an iPhone with iOS13.•Rear Camera split screen view is displayed when setting is set to full screen view.•Clock flickers in the top right corner of the Rear Camera display screen over the parking sensor image. •Unfortunately, Sirius XM has stopped message shows during an in-vehicle network interruption.•Incorrect distance to Point of Interest (POI) is displayed when using the voice recognition search method when there is no GPS signal reception.•Boot up animation does not show during system start up.•Disclaimer screen appears before the Anti-theft screen after the battery is disconnected and reconnected.•Factory Data Reset does not reset Rear Camera settings.•Display and Rear Camera stay off during a quick ignition cycle.Improvements•Parking guidelines will show when in split screen mode.•Implemented LaneWatch camera system error message when a failure is detected.SOFTWARE VERSION NAVIGATION 2.06.02NOTE: This update applies only to trims with navigation.Bug Fixes•Unfortunately, Navigation has stopped message appears after performing a map update.•Unfortunately, Navigation has stopped message appears and route is cancelled before arriving at a destination froma myTrends route.•Navigation App black screen after a map update.•Arrive In field does not update properly when the destination is less than an hour away.•All waypoints are deleted when adding new waypoint if there are 7 or more stored in the route.•Go Home does not work when Home address is saved in the 51st space in the Search Places list.•Navigation app fails to launch after a Factory Data Reset.•Navigation route is canceled after adding the maximum thirty waypoints.•Navigation route does not resume after an ignition cycle.•Cannot calculate route message appears when setting up a route across state borders.•Unfortunately, Navigation has stopped message appears after pressing an empty search bar in the Select Search Area screen multiple times.•Traffic does not display on some zoom scales.Improvements•Increase font size for Location, Direction data fields.•Update to Banking / ATM icon.•Navigation App screen labels translated to selected system language.•Re-route banner timeout increased to 10 seconds for better viewing.•Notification message informing the driver that there may be a new map update available for the vehicle.•Added voice guidance when the road name changes, but the road continues to go straight.New Features•Navigation App provides results for a misspelled destination name.SOFTWARE VERSION F021•The rear entertainment system (RES) screen freezes or goes blank while using the RES, and the message Camera System Problem. Image cannot be displayed appears on the Display Audio screen when using CabinWatch® (if equipped).SOFTWARE VERSION B.1.0.26•Clock displays incorrect time and/or time zone by 1 hour.•Unable to skip forward or backwards in a SXM channel audio buffer when receiving a Sport Flash notification. •SXM audio buffer bar does not update to TuneMix mode status while a TuneMix is playing.•While listening to a live broadcast, the Cannot Skip Forward pop-up message does not show.•The live icon will now show during a SXM live broadcast.•In the event the channel icon cannot be displayed due to bad data from the tuner, the default SXM icon will show. •SXM Channel Not Available pop-up will not display while listening to FM.•SXM buffered content for existing preset channels are erased after adding a new preset.•Synchronize the removal of FM album art and metadata when tuner loses FM HD signal.•Incompatible device error message in USB audio.•SXM factory presets will no longer show when SXM is buffering existing presets information.•Ability to changing SXM preset (next/previous) with steering wheel switches with the ignition turned to ON. •Enhanced Siri operation while using CarPlay.•VR redesign to support region code expandability.•Enhanced Touch Screen sound with the ignition turned to ON to no longer make a popping noise.•Android Debug Interface (ADB) using a wireless network is disabled.•Bluetooth® Audio will resume after ending phone call.•Added additional functionality to inform the user of the speaker availability and give the option to turn the Rear Entertainment System (RES) off.•Improved translation text for the Spanish and French languages, so system buttons display correctly.•Improved SXM app from crashing during in-vehicle network instability.SOFTWARE VERSION B.1.0.21•Timing improvement to rear camera operation.•System is stuck on Honda logo and will not boot up.•Anti-theft screen displays randomly.•System disconnects phone after selecting Reply Message.•System will not load music through the USB flash drive on the first attempt.HondaLink®: Over the Air Software Update for Wireless Network UpgradeWhy do I need to apply the OTA update?By February 22, 2022, North American wireless network providers will be phasing out the 3G network the affected vehicle uses for HondaLink and WI-FI Hotspot services. An Over the Air Update (OTA) is required to update your vehicle’s embedded cellular unit, to enable it to connect to a new network that will allow you to continue to receive HondaLink and WI-FI Hotspot services.Which models are affected?2018-20 Odyssey Touring & EliteWhat features will be impacted if I don’t apply the OTA by February 22, 2022?HondaLink Remote: Remote Start and Stop, Security Alarm Alert, Amazon Alexa Skill, Remote Lock and Unlock, Find My Car, Geofence Alert, Speed Alert, Destination by Voice, Stolen Vehicle Locator, Driver Feedback.HondaLink Security: Emergency Call, Automatic Collision Notification, Enhanced Roadside Assistance, Personal Data Wipe.HondaLink Concierge: Personal concierge services to make hotel, restaurant or airline reservations.HondaLink Link: Dashboard, Vehicle Notifications, Vehicle Health Report, Send Destination.Other Features: Wi-Fi HotspotHow can I confirm the update is available for my vehicle?The System Updates icon will show an exclamation point (!)What are the consequences of not completing the OTA update?HondaLink services and Wi-Fi Hotspot will no longer work as of February 22, 2022. Additionally, future Over the Air Update fixes and enhancements to your audio and connectivity system cannot be downloaded via the cellular network. Only Wi-Fi and USB updates will be available.PLEASE NOTE: Unless the update is completed by February 22, 2022, Automatic Collision Notification will not function. If your airbag deploys or a significant collision is detected, your vehicle will be unable to contact an operator who could request that emergency services be dispatched.Can I update my vehicle after February 22, 2022 to receive HondaLink or WI-FI Hotspot services?No, you cannot perform the OTA update after February 22, 2022. Restoring HondaLink or WI-FI Hotspot services after February 22, 2022 can ONLY be addressed by a customer paying for a new embedded cellular device at an authorized dealer.What happens if I have a paid subscription and I do not perform the OTA update?If you do not update your vehicle via the OTA prior to February 22, 2022, your services will automatically be cancelled, and you will be issued a pro-rated refund for the unused portion of your subscription. You will lose access to services such as Automatic Collision Notification, Emergency Call, Stolen Vehicle Locator and Remote Features such as Remote Start and Stop and Amazon Alexa Skill. If you are not currently subscribed to HondaLink services, then the operation of your Honda vehicle will not be affected, but you would not be able to receive such services in the future.If you have a paid subscription for WI-FI Hotspot, please contact AT&T Customer Support.How do I perform the OTA update?Please follow these steps to complete the update.Your vehicle may automatically perform Steps 1-3 in the background. If so, then please begin with Step 4 and press “Install Now”.1.Go to the “HOME” screen on your vehicle display audio screen2.Select “System Updates”3.Select “via Wireless”4.When the downloa d is complete, select “Install Now”5.The Installing bar will count to 100%6.Wait unit you see “Installation of new software complete”How long does the OTA take to complete?The update takes approximately 17-20 minutes to complete. This is dependent on good cellular network connection.Will I lose any functions during the update?The update takes approximately 17-20 minutes to complete, and the cellular connection will be disabled and restored after the update has completed. In addition, during the update process the green LED between the LINK and ASSIST call out buttons, located by the dome light, will blink.How will I be able to confirm the update worked?Please follow these steps to confirm the update was successful.1.Select “HOME” screen on your vehicl e display audio screen2.Select “System Updates”3.Select “via Wireless Connection”4.Wait for the “System is Up-to-Date” message to displayCan the dealer perform the OTA update for me?Yes, you can schedule an appointment with your dealer to complete the OTA update.What happens if the OTA update doesn’t work if I opt to do it myself?You may experience Update Failed Code57D which may be caused by a poor cellular signal.Before installing the software, move the car to an open area where cellular signal may improve. If the installation of the software is successful, you will see “Installation of new software complete”.。

敏捷批量调度开拓者，开启批量调度工具化时代敏捷调度技术平台v7二次开发手册成都塔斯克信息技术有限公司产品网站：1前言 (4)1.1文档目的 (4)1.2读者对象 (4)2开发总述 (5)2.1开发环境 (5)2.2开发模式 (6)2.3编译链接 (7)2.4关于D EMO (8)3应用开发 (9)3.1事件开发模式应用开发 (9)3.1.1功能描述 (9)3.1.2处理流程 (9)3.1.3代码实现 (10)3.1.4编译运行 (16)3.2核心数据访问模式开发 (17)3.2.1功能描述 (17)3.2.2处理流程 (17)3.2.3代码实现 (18)3.2.4编译运行 (21)4开发函数包说明 (23)4.1平台连接与断开 (23)4.1.1概述 (23)4.1.2函数说明 (23)4.2事件类 (24)4.2.1概述 (24)4.2.2相关结构与定义说明 (24)4.2.3函数说明 (26)4.3核心数据-流程基本信息类 (28)4.3.1概述 (28)4.3.2相关结构与定义说明 (28)4.3.3函数说明 (30)4.4核心数据-流程私有变量类 (33)4.4.1概述 (33)4.4.2相关结构与定义说明 (33)4.4.3函数说明 (33)4.5核心数据-流程任务节点类 (36)4.5.1概述 (36)4.5.2相关结构与定义说明 (37)4.5.3函数说明 (38)4.6EBASE基础操作类 (41)4.6.1概述 (41)4.6.2字串处理类 (41)4.6.3时间处理类 (44)1前言1.1文档目的TASKCTL不仅是一个独立技术平台，同时也是一个开放的技术平台，它提供一整套完整的二次开发接口，用户可以在该接口基础上，开发一系列应用程序，以满足项目的一些特殊需求。

本文旨在通过对二次开发相关知识的详细介绍，指导用户进行调度应用二次开发。

1.2读者对象《TASKCTL7.0二次开发》主要适合以下读者对象：技术开发人员2开发总述应用开发主要针对一些特殊任务程序、比如翻牌任务、特色监控程序（短信监控）以及对核心控制等应用的开发。

OD快捷键使用大全。

非常详细（游戏逆向分析必看）无论当前的OllyDbg窗口是什么，这些快捷键均有效：Ctrl+F2 - 重启程序，即重新启动被调试程序。

如果当前没有调试的程序，OllyDbg会运行历史列表［historylist］中的第一个程序。

程序重启后，将会删除所有内存断点和硬件断点。

译者注：从实际使用效果看，硬件断点在程序重启后并没有移除。

Alt+F2 - 关闭，即关闭被调试程序。

如果程序仍在运行，会弹出一个提示信息，询问您是否要关闭程序。

F3 - 弹出“打开32位.EXE文件”对话框［Open 32-bit .EXE file］，您可以选择可执行文件，并可以输入运行参数。

Alt+F5 -让OllyDbg总在最前面。

如果被调试程序在某个断点处发生中断，而这时调试程序弹出一个总在最前面的窗口（一般为模式消息或模式对话框［modal messageor dialog］），它可能会遮住OllyDbg的一部分，但是我们又不能移动最小化这个窗口。

激活OllyDbg（比如按任务栏上的标签）并按Alt+F5，OllyDbg将设置成总在最前面，会反过来遮住刚才那个窗口。

如果您再按一下Alt+F5，OllyDbg会恢复到正常状态。

OllyDbg是否处于总在最前面状态，将会保存，在下一次调试时依然有效。

当前是否处于总在最前面状态，会显示在状态栏中。

F7 -单步步入到下一条命令，如果当前命令是一个函数［Call］，则会停在这个函数体的第一条命令上。

如果当前命令是是含有REP前缀，则只执行一次重复操作。

Shift+F7 -与F7相同，但是如果被调试程序发生异常而中止，调试器会首先尝试步入被调试程序指定的异常处理（请参考忽略Kernel32中的内存非法访问）。

Ctrl+F7 -自动步入，在所有的函数调用中一条一条地执行命令（就像您按住F7键不放一样，只是更快一些）。

当您执行其他一些单步命令，或者程序到达断点，或者发生异常时，自动步入过程都会停止。

传奇私服教程完整版第一章 (2)1.1准备工作 (2)1.2 讲解DBC2000的安装 (2)1.3 服务端的安装 (5)1.4 DB Command 2000 Pro设置 (7)1.5服务端程序启动 (8)第二章 (13)2.1 服务端各文件夹的作用 (13)2.2 !setup.txt详细翻译 (15)2.3 较重要文件讲解 (33)第三章 (39)3.1数据库总分析 (39)3.2装备属性分析 (40)3.3怪物属性分析 (48)3.4物品属性分析 (50)第四章 (73)4.1了解NPC语言 (73)4.2脚本命令 (74)4.3变量 (137)4.4简单传送脚本 (141)4.5装备合成脚本 (142)4.6物品换奖励脚本 (144)第五章 (146)5.1装备的添加 (146)5.2怪物的添加 (151)第一章服务端程序以及DB Commander 2000 PRO的安装1.1准备工作首先，我们需要的工具有：DB Commander 2000 PRO （DBC2000）传奇服务端DB Commander 2000 PRO （DBC2000）：一套功能强大完整的数据库处理工具，方便地的导入导出不同格式的数据库文件,支持Oracle,Sybase, MS SQL, Interbase, Informix, MS Access, MS Works等各种常用的数据库文件格式，使用它，可以让你通过使用SQL 语句对数据库直接进行操作1.2 讲解DBC2000的安装市面上的DBC2000下载后有两种，一种是压缩包形式（图1.2.1），一种是打包好的EXE文件(图1.2.2)(图1.2.1)(图1.2.2)以上两种都可以正常安装.我们就以打包好的EXE为例来安装.双击DB Commander 2000 PRO.EXE(图1.2.3)(图1.2.3)单击完成.进入版权申明Next ,接受协议.如果选择No.即不接受此协议,安装退出. Yes,填写名字和公司名字(图1.2.4).(图1.2.4).Next.进入下一步,选择安装目录(图1.2.5).(图1.2.5)Typical 典型安装(即默认安装).Compact 最小化安装,安装必须程序.Custom自定义安装文件,可选择是否安装必须程序以外还可以按自己的需求来选择.Browse选择安装目录.这里我们选择Typical 典型安装单击Next.选择程序文件夹Next.图 1.2.6看到的是最后确认安装画面,Next 进入程序写入环节(图1.2.6)安装完成.询问是否需要启动程序文件.(图 1.2.7)我们不打勾,下一节来讲解DBC2000的配置.Finish 安装完成.(图1.2.7)1.3 服务端的安装主流游戏引擎介绍:飞尔世界引擎HERO引擎IGE引擎Legend引擎飞尔世界引擎特色:九种新属性.物理防御.魔法防御.物理攻击.魔法攻击.道术攻击增强及进入失明混乱状态等.支持真彩增加人物等级.人物HP.MP值最高支持20亿.突破传统的65535增加摆摊功能.玩家自行选择以金币.元宝.声望.能量出售商品HERO引擎特色:多种装备新属性,扩展性高,程序稳定.IGE引擎特色:英雄合击紧跟盛大脚步Legend引擎特色:支持15级技能支持真彩支持窗口化.HPMP支持20亿以学习为目的.我们将以IGE引擎做为主要解析下载IGE游戏引擎/IGE090612.rar目前最新版为090612版已经下载好了服务端.(图1.3.1)(图1.3.1)解压缩到D盘MirServer目录下解压缩IGE游戏引擎包打开引擎包里的更新0612注意事项.txt 查看需要注意的地方(图1.3.1)(图1.3.1)双击开始更新程序.bat 批处理会直接把引擎相关程序复制到D盘MirServer 里.(图1.3.2).(图1.3.2)1.4 DB Command 2000 Pro设置1.2节已经讲解了DBC的安装.现在我们要配置DBC,让程序能够正确访问到数据库打开控制面板(图1.4.1)双击打开BDE Administrator(图1.4.1)在菜单栏上选择Object →New 弹出对话框.选择数据库驱动程序名字(图1.4.2)(图1.4.2)STANDARD 标准.在左边输入数据库名字HERODB.数据库名字可以随便取.但服务端设置上要相对应.选择数据库表的路径,之前我们将服务端解压缩到D盘MirServer里.则路径为D:\mirserver\Mud2\DB (图1.4.3)(图1.4.3)菜单栏上选择Object →Apply .是否保存编辑的HERODB数据库.选OK(图1.4.4)(图1.4.4)这样我们的数据库就建立好了.1.5服务端程序启动进入D:\mirserver 目录运行IGE引擎提供的游戏控制台GameCenter.exe (图1.5.1)(图1.5.1)单击“配置向导”选项卡(图1.5.2)(图1.5.2)游戏服务端所在目录:D:\MirServer\游戏数据库名称:HERODB 这就数据库名字就是我们在1.4节讲到的数据库名游戏服务器名称:鸣飞网络科技游戏服务器外网IP地址:127.0.0.1 内网的服务器需要被外网访问就需要端口映射我们先做单机测试以后的章节再讲外网架设的方法一直默认下一步到游戏引擎主服务器的时候右边可以选择新人物出生等级以及金币.(图 1.5.3)填好后继续下一步,单击保存,控制台会提示你是否生成新的游戏服务器配置文件,选择是(图1.5.3)服务端基本已配置成型,可以单机架设游戏了.单击启动游戏控制器,两分钟内控制台会把所有相关需要启动的程序都启动起来.默认的配置启动完毕后有9个应用程序分别是数据库服务器(DBServer) 帐号登陆服务器(Loginsrv) 日志记录服务器(LogDataServer) 服务器主程序(M2Server) 游戏网关(RunGate) 角色网关(SelGate) 登陆网关(LoginGate) 其中默认配置会启动3个游戏网关.配置登陆器进入游戏打开刚才解压缩引擎的目录,进入登陆器生成器文件夹运行MakeGameLogin.exe(图1.5.4)(图1.5.4)输入登陆器名称鸣飞网络科技游戏列表地址默认127.0.0.1单击生成登陆器输入保存文件名字鸣飞网络科技选择游戏列表配置选项卡(图1.5.5)(图1.5.5)单击增加按钮输入服务器名称“鸣飞网络科技”输入IP地址“127.0.0.1”调整服务器端口“7000”输入公告地址和网站主页“”(图1.5.6)(图1.5.6)保存配置后单机生成游戏列表文件,再程序关闭.进入登陆器生成器文件夹将QKServerList.txt(列表文件)复制到本机IIS网站目录下.我的是C:\www,由于篇幅的关系在此就不讲解IIS的安装与配置了.试用IE浏览器打开“http://127.0.0.1/QKServerList.txt”打开之后如果看到一串英文字母和数字就是能正常读取。

反调试技术 (2)发现OD的处理 (2)1. 窗口类名、窗口名 (3)2. 检测调试器进程 (4)3. 父进程是否是Explorer (5)4. RDTSC/ GetTickCount时间敏感程序段 (6)5. StartupInfo结构 (7)6. BeingDebugged (8)7. PEB.NtGlobalFlag , Heap.HeapFlags, Heap.ForceFlags (9)8. DebugPort: CheckRemoteDebuggerPresent()/NtQueryInformationProcess() (12)9. SetUnhandledExceptionFilter/ Debugger Interrupts (14)10. Trap Flag单步标志异常 (16)11. SeDebugPrivilege 进程权限 (16)12. DebugObject: NtQueryObject() (17)13. OllyDbg：Guard Pages (20)14. Software Breakpoint Detection (22)15. Hardware Breakpoints Detection (24)16. PatchingDetection CodeChecksumCalculation补丁检测，代码检验和 (25)17. block input封锁键盘、鼠标输入 (26)18. EnableWindow禁用窗口 (27)19. ThreadHideFromDebugger (28)20. Disabling Breakpoints禁用硬件断点 (29)21. OllyDbg:OutputDebugString() Format String Bug (30)22. TLS Callbacks (30)反反调试技术 (35)反调试技术VC版唐久涛看雪ID：tangjiutao本人空间：写意互联网，关注搜索引擎技术，涉猎搜索引擎优化、软件破解、PHP网站建设、Wordpress应用等声明：这篇文章是本人学习的总结，理论部分参考了《脱壳的艺术》、《加密与解密》以及本人从网络上收集的资料，在此向原作者致敬。

PV 210Solar PV tester and I-V curve tracerKey Featuresn Lightweight, handheld and fastn Affordable and efficient PV diagnostic tool n Easy and fast push button operation n All-in-one commissioning tests and I-V curve tracing, in accordance with international standards IEC 62446 and IEC 61829n Instantly view detailed I-V curves in the field using the Android PVMobile App n Instantly send data from the field back to the office using Android PVMobile App n Tests individual PV modules or stringsn Clear results display, even in direct sunlight n Wirelessly receives irradiance and temperature measurements from Survey 200Rn Full traceability of system performance nCompatible with SolarCert Elements v2 softwareElectrical/Analysis Test Functionsn I-V curve tracing, in accordance with IEC 61829n Earth/ground continuityn Insulation resistance (auto short circuit test and point-to-point)n Voltage measurementn Open circuit voltage up to 1000VDC n Maximum power point voltage up to 1000VDCn Short circuit current up to 15ADC n Maximum power point current up to 15ADC n Fill factorn Operating current (using supplied current clamp)n DC powerPV210 Usersn PV system installers n PV O&M techniciansn PV module manufacturersThe PV210 provides a highly efficient and effective test and diagnostic solution for PV systems, carrying out all commissioning tests required by IEC 62446 and performing fast and accurate measurement of I-V curves in accordance with IEC 61829.With direct connection to individual PV modules or strings using the supplied lead sets, tests can be conducted easily and within a matter of seconds at the press of a single button.A high contrast display is clearly visible in direct sunlight and shows open circuit voltage, short circuit current, maximum power point voltage, current and power, as well as the fill factor of the PV module or system under test, and insulation resistance (as part of an auto sequence or a discrete probe to probe measurement). If the measured curve deviates from the expected profile, the PV210 alerts the user to this,identifying the need for further analysis.Detailed and color I-V and power curves, can be viewed instantly once data is transferred tothe PVMobile Android App using wireless NFC connectivity. PVMobile displays measured I-V and power curves for visual analysis of the curve shape, enabling common problems such as shading, defective cells or poor electrical connections to be identified.The PV210 is available as part of the Solarlink test kit which includes the Survey 200R irradiance meter. As well as being a comprehensive survey tool, the Survey 200R wirelessly transmits irradiance and temperature data to the PV210 sothat it can be transferred to the PVMobile app alongside the rest of the test data. PVMobile can be used to convert measured data to STC for comparison with manufacturer’s published data.The PV210 has a large onboard memory, capable of storing up to 999 sets of complete I-V curve and electrical test data, while full test and measurement data can be downloaded to a PC via USB connection, providing full traceability of system performance. In addition, data can be exported from the PVMobile app and sent from the field to the office for further analysis if required.The PV210 is compatible with SolarCert Elements v2 software which can be used to compile comprehensive system records and produce professional reports. SolarCert Elements v2 enables more comprehensive data analysis and converts measured data to STC for comparison with manufacturer’s data.Download your FREE guide to PV testing at /pvguide♦With the PVMobile Android App you can:n View I-V and power curves in full color and high definition detailn Pinch and zoom to observe deviations from a normal curve, and to see Mpp region in more detailn Select points on the curve to read actual voltage and current n Transfer data back to the office from a remote location*n View I-V curves and measurement data clearly, even in direct sunlight n Avoid the need to take a laptop on-sitenTransfer measurement data to the PVMobile App instantly by touching your NFC-enabled Android device against the PV210u Lightweight, handheld and fastExtremely portable, lightweight and battery powered, the PV210 is easy to move around when testing several strings in a system. Commissioning tests, irradiance,temperature and I-V characteristics can all be recorded at the press of a button.**u Instantly view detailed I-V andpower curves in the field using the Android PVMobile AppSimply touch an NFC-enabled Android device running the PVMobile app to your PV210. Detailed I-V characteristic measurements are transferred, allowing the I-V and power curve to be viewed in full color detail. PVMobile also enables I-V curve correction for standard test conditions (STC 1000W/m2, 25°C) using irradiance and temperature data from the Survey 200R irradiance meter, to allow comparison with manufacturer’s curve data, included in the comprehensivePVMobile database.Find out more about the PVMobile Android app/PVMobileu All-in-one commissioning tests and I-V curve tracingEasily carry out all performance, safety and diagnostic checks on PV systems using the same fast and simple test instrument.u Easy and fast push button operationThe PV210 offers an extremely fast testing solution, carrying out all electrical tests in a matter of seconds, for straightforward and hassle free testing of even the largest of PV systems.u Cost effective and efficient PV diagnostic toolComprehensive measurement features with easy-to-use one button testing provides the ideal solution for periodic testing, performance analysis and faultdiagnosis.u Tests individual PV modules or stringsDirectly connect the PV210 to an individual module or a full string, and choose whether to carry out a full auto sequence test or an individual test, dependingon your requirements.measurements from Solar Survey 200RUsing Seaward Solarlink TM connectivity, the PV210 can wirelessly capture andrecord real-time irradiance, ambient temperature and PV module temperature measurements from the Survey 200R multifunction irradiance meter (available as part of the Solarlink TM Test Kit). This means that all measurements can be recorded simultaneously, as required by the IEC 62446 and IEC 61829standards.u Full traceability of system performanceThe PV210 has a large onboard memory which stores up to 999 sets of PV test and diagnostic data, ensuring large systems can be tested continuously,and enabling test data to be downloaded to a PC, in CSV format, for full traceability.u Clear results display, even in direct sunlightThe PV210 display screen is clearly visible even in direct sunlight, ensuring you are able to complete the testing process in the fastest time possible, and view measurements at a glance.u Compatible with SolarCert Elements v2 softwareWhen used with the optional SolarCert Elements v2 software program, test and measurement data can be stored alongside other system information toproduce comprehensive records. Measured data can be converted to STC for comparison with manufacturer’s data held in the comprehensive database. In addition, professional inspection and test reports can be prepared, including IEC 62446 measurements and IEC 61829 I-V curve plots.u PV210 Kit options Technical SpecificationsGround continuity / resistance measurementDisplay range0.00Ω to 199ΩMeasurement range0.01Ω to 199ΩAccuracy2% + 5 digitsResolution0.01Ω maximumOpen circuit test voltage4VDC, nominalTest leads zero Zero up to 10 Ω, by Zero button Number of measurements 5,000 1 second testsAudible / visible warning≥ 30VAC/DC at inputsUser protection Test inhibited if ≥ 30VAC/DC at inputsInsulation resistance (auto short circuit test)Display range0.1MΩ to 20MΩMeasurement range0.1MΩ to 20MΩAccuracy5% + 5 digitsResolution0.1MΩ maximumOpen circuit test voltage250, 500, 1000V(as per IEC 61557-2)Test current1mA nominal as per IEC 1557-2 Short circuit test current<2mANumber of measurements5,000 1 second testsAudible / visible warning≥ 30VAC/DC at inputsUser protection Test inhibited if ≥ 30VAC/DC at inputsInsulation resistance (point to point)Display range0.05MΩ to 300MΩMeasurement range0.05MΩ to 300MΩAccuracy5% + 5 digitsResolution 0.01MΩ maximumOpen circuit test voltage250, 500, 1000V(as per IEC 61557-2)Short circuit test current<1mANumber of measurements5,000 1 second testsAudible / visible warning≥ 30VAC/DC at inputsCircuitry protection Test inhibited if ≥ 30VAC/DC at inputs Voltage measurement (via 4mm probes)Display range30V – 440VAC/DC Measurement range30V – 440VAC/DC Resolution1VAccuracy±(5%+2d)Vo/c voltage measurement (via PV test leads) Display range0.0V – 1000VDC Measurement range 5.0V – 1000VDC Resolution0.1VAccuracy±(0.5%+2d) Enunciators DC voltage polarity corrector reversedIs/c current measurement (via PV test leads)Display range0.0A – 15.0ADC Measurement range0.5A – 15.0ADC Resolution0.1AAccuracy±(1%+2d)Operating current (via DC current clamp)Display range0.0A – 40.0A AC/DC Measurement range0.1A – 40.0A AC/DC Resolution0.1AAccuracy±(5% + 2 digits)DC powerDisplay range0.0W – 40.0kW Measurement range10W – 40.0kW Resolution10W maxAccuracy±(6% + 2 digits)I-V curveVoltage measurement range 5.0V – 1000VVoltage measurement accuracy±(0.5%+2d)Current measurement range0.5A – 15.0ACurrent measurement accuracy1%Power measurement range5W – 15kWPower measurement accuracy2%Case dimensions and weightWeight 2.3lb (unit)Dimensions10.4 x 4.2 x 2.3”Display Custom LCD with backlight Power source 6 x 1.5V AA cellsBattery life>1000 test sequencesAuto power down User programmableOnboard memory Up to 999 complete test datasets ConnectivityUSB download to PC (CSV format)Wireless ‘SolarlinkTM’ to Survey 200R (range c. 30m / 100ft) NFC transfer of data to PVMobile Android AppiOS devices not supported App compatibilityCompatible with Android version 4.2 Jelly Bean iOS devices not supportedSoftware compatibilityCompatible with SolarCert Elements v2 software (English language only)General SpecificationsOptional accessoriesSurvey 200R irradiance meter mounting bracket (396A979)Survey 200R suction mount PV module temperature sensor (396A980) Survey 200R irradiance meter with suction mount PV module temperature sensor (396A927) (also available as part of PV210 Solarlink test kit) MC4 to test probe test leads (red & black) (388A953)Sunclix test lead adaptors (396A960)MC3 test lead adaptors (396A958)Fused test leads – 1 pair of fused red and black test probes and alligator clips (44B075)SolarCert Elements test reporting & certification v2 software (393A910) Solar power clamp (396A961)SolarTag PV installation / DC warning labels (396A952 / 396A953) PV inspection report pad (396A954)PV array report pad (396A955)PV verification certificate pad (396A956)Pack of 3 PV test reports and certificate pads (396A957)Services2 year warranty (subject to terms and conditions, register your product at )Go to /service-center for more information about our services and calibration。

用OD调试DLL
步骤如下：
1.打开DLL，OD会提示是否要启动LOADDLL.EXE来加载DLL，选是，然后就停在了DLL的入口处，这里我随便找了一个DLL
2.此时如果F8或者F7的话进的是DLL的主函数，如果不想跟这些主函数的话可以直接F9，然后OD会再停下来，在最下方的消息栏会提示DLL初始化完成，LIKE THIS
3.点菜单栏的调试-》调用DLL输出，会出现如下的对话框
4.选择想调试的输出函数，比如本例中的SPYMFCHWND，记住前边的函数起始地址：10002830，在这个起始地址处下一个断点
5.点击调用按钮，程序就断在我们下断点的地方了，可以调试了！。

黑鹰基地破解提高班破解总结课一些常规断点拦截窗口：bp CreateWindow 创建窗口bp CreateWindowEx(A/W) 创建窗口bp ShowWindow 显示窗口bp UpdateWindow 更新窗口bp GetWindowText(A/W) 获取窗口文本拦截消息框：bp MessageBox(A/W) 创建消息框bp MessageBoxExA 创建消息框bp MessageBoxIndirect(A/W) 创建定制消息框拦截警告声：bp MessageBeep 发出系统警告声(如果没有声卡就直接驱动系统喇叭发声)拦截对话框：bp DialogBox 创建模态对话框bp DialogBoxParam(A/W) 创建模态对话框bp DialogBoxIndirect 创建模态对话框bp DialogBoxIndirectParam(A/W) 创建模态对话框bp CreateDialog 创建非模态对话框bp CreateDialogParam(A) 创建非模态对话框bp CreateDialogIndirect 创建非模态对话框bp CreateDialogIndirectParam(A/W) 创建非模态对话框bp GetDlgItemText(A) 获取对话框文本bp GetDlgItemInt 获取对话框整数值拦截剪贴板：bp GetClipboardData 获取剪贴板数据拦截注册表：bp RegOpenKey(A/W) 打开子健bp RegOpenKeyEx(A/W) 打开子健bp RegQueryValue(A/W) 查找子健bp RegQueryValueEx(A/W) 查找子健bp RegSetValue(A/W) 设置子健bp RegSetValueEx(A/W) 设置子健功能限制拦截断点：bp EnableMenuItem 禁止或允许菜单项bp EnableWindow 禁止或允许窗口拦截时间：bp GetLocalTime 获取本地时间bp GetSystemTime 获取系统时间bp GetFileTime 获取文件时间bp GetTickCount 获得自系统成功启动以来所经历的毫秒数bp GetCurrentTime 获取当前时间（16位）bp SetTimer 创建定时器bp TimerProc 定时器超时回调函数拦截文件：bp CreateFileA 创建或打开文件(32位)bp OpenFile 打开文件(32位)bp ReadFile 读文件(32位)bp WriteFile 写文件(32位)bp GetPrivateProfileStringA (ini文件)拦截驱动器：bp GetDriveTypeA 获取磁盘驱动器类型bp GetLogicalDrives 获取逻辑驱动器符号bp GetLogicalDriveStringsA 获取当前所有逻辑驱动器的根驱动器路径★★VB程序专用断点★★bp __vbaStrCmp 比较字符串是否相等bp __vbaStrComp 比较字符串是否相等bp __vbaVarTstNe 比较变量是否不相等bp __vbaVarTstEq 比较变量是否相等bp __vbaStrCopy 复制字符串bp __vbaStrMove 移动字符串bp MultiByteToWideChar ANSI字符串转换成Unicode字符串bp WideCharToMultiByte Unicode字符串转换成ANSI字符串各分类语言程序的破解思路C类Point-H法bp GetDlgItem/GetWindowText(A/W)/GetWindowTextLength(A/W) (断输入框)bp MessageBox(A/W)(断对话框)字符串法B、D类DEDE、PE Explorer作为强有力的辅助工具关键还是找按妞事件Point-H法bp GetDlgItem/GetWindowText(A/W)/GetWindowTextLength(A/W) (断输入框)bp MessageBoxA(断对话框)字符串法FormCreateV类VBExplorer、GetVBRes、SmatCheck作为强有力的辅助工具关键还是找按妞事件bp rtcMsgBox(断对话框)E类有E-Code Explorer作为辅助工具查找按钮事件ECode法需要注意的：1、时刻不要忘记经典组合2、对于有注册错误/正确提示、未注册一启动或者关闭就跳出个注册框或者提示框、未注册一启动或者关闭就打开网页链接、未注册就功能使用限制、未注册就日期限制、未注册标题上有未注册或者试用字样的等等程序，大家就要想到可以通过找到这一类判断，然后转存跟踪！3、要警惕使用自带DLL/DLL函数来判断是否注册的程序，如38课4、要警惕CrC型的比较追码5、要警惕两类IceLicense保护的破解6、要警惕使用壳的注册机制的软件的破解，比如：使用了Armadillo、ASProtect注册机制的软件重启验证时代在变，技术在发展，可以说，现在80%-90%的软件基本都是重启验证类型的1、注册表类型Bpx RegOpenKeyA(W)Bpx RegOpenKeyExA(W)2、INI文件类型(*.reg/*.ini)Bpx GetPrivateProfileStringA3、其他文件类型(*.dat/*.lic…)Bpx CreateFileA(W)Bpx ReadFile4、DLL文件操作类型没有什么有效的拦截函数。

传奇项目调试文档.txt我的优点是：我很帅；但是我的缺点是：我帅的不明显。

什么是幸福？幸福就是猫吃鱼，狗吃肉，奥特曼打小怪兽！令堂可是令尊表姐？我是胖人，不是粗人。

调试传奇服务器程序操作步骤：一：搭建环境1. 安装delphi62. 安装JSocket组件（说明：JSocket文件夹下包含有七个文件Jacky.cfg，Jacky.dof，Jacky.dpk，Jacky.res，JNetwork.pas，JSocket.pas，O.JSocket.pas。

）2.1将JSocket文件夹拷贝到delphi的lib文件夹下(作者实例: C:\Program Files\Borland\Delphi6\Lib)2.2 运行delphi->Component->Install Component…->弹出Install Component窗口->Into existing package->点击Unit file name所对应的Browse…按钮->找到并选择Jsocket.pas（文件作者实例: C:\Program Files\Borland\Delphi6\Lib\JSocket)->下面的操作都是点击确认或者保存二：编译传奇服务器程序依次打开并编译source文件下的各个工程，成功编译并生成可执行文件和其他相应文件。

这些文件位于Release文件夹下对应的文件夹中三：运行服务器端程序依次运行release文件下的七个可执行程序，M2Server.exe，LogDataServer.exe，DBServer.exe，LoginSrv.exe，RunGate.exe，SelGate.exe，LoginGate.exe。

七个可执行程序同时正常运行。

调试传奇客户端程序操作步骤：一：搭建环境1.安装delphix组件1.1将DelphiX_D6文件夹移动到delphi的lib文件夹下(作者实例: C:\Program Files\Borland\Delphi6\Lib)1.2 双击DelphiX_D6文件夹里的DelphiX_for6.dpk->弹出一个窗口，点击标题栏中的install按钮->下面的操作都是点击确认或者保存2. 安装TWMImages组件2.1 将WIL.pas，wmUtil.pas，MudUtil.pas，HUtil32.pas，EncryptUnit.pas，EDcode.pas，DWinCtl.pas文件拷贝到delphi的lib文件夹下2.2运行delphi->Component->Install Component…->弹出Install Component窗口->Into existing package->点击Unit file name所对应的Browse…按钮->找到并选择WIL.pas->下面的操作都是点击确认或者保存二：编译传奇服务器程序用delphi打开客户端的mir2.dpr工程文件，编译提示：Could not create output file '..\..\Build\Mir2\JSocket.dcu'(解决方法：运行delphi->Project->弹出Project Options窗口->Directories/Conditionals->点击Output directory所对应的…按钮,选择一个合适的文件夹(作者实例:D:\company\传奇源代码\Release\Mir2)->点击Unit output directory所对应的…按钮,选择一个合适的文件夹(作者实例:D:\company\传奇源代码\Build\Mir2)->点击OK按钮)再次编译，提示：file not found grobal2.dcu(解决方法：找到grobal2.dcu将其拷贝到客户端程序所在的文件夹下)类似的问题解决方法同上成功编译，客户端整个界面是黑的，鼠标是个蓝色的圆旋不停的转编译只生成一个可执行程序，位于Release\Mir2（解决方法：1：将CLMain.pas文件中第262行至657行的代码替换为CSocket.Address := '121.14.151.154' ;//服务器的ip地址CSocket.Port :=7000;//////////////////////////////////////////////////////////////////////////////// ////////*第262行至657行的代码:if g_sMainParam1 = '' then beginCSocket.Address:=g_sServerAddr;CSocket.Port:=g_nServerPort;end else beginif (g_sMainParam1 <> '') and (g_sMainParam2 = '') thenCSocket.Address := g_sMainParam1;if (g_sMainParam2 <> '') and (g_sMainParam3 = '') then beginCSocket.Address := g_sMainParam1;CSocket.Port := Str_ToInt (g_sMainParam2, 0);end;if (g_sMainParam3 <> '') then beginif CompareText (g_sMainParam1, '/KWG') = 0 then begin{CSocket.Address := kornetworldaddress; //'; CSocket.Port := 9000;BoOneClick := TRUE;OneClickMode := toKornetWorld;with KornetWorld do beginCPIPcode := MainParam2;SVCcode := MainParam3;LoginID := MainParam4;CheckSum := MainParam5; //'dkskxhdkslxlkdkdsaaaasa';end;}end else beginCSocket.Address := g_sMainParam2;CSocket.Port := Str_ToInt (g_sMainParam3, 0);BoOneClick := TRUE;end;end;end;*///////////////////////////////////////////////////////////////////////////////// /////////////////////////2:将编译文件输出路径指向热血传奇客户端可执行程序的文件夹）。

OD反调试大全调试技巧总结-原理和实现------------------------------------------------------------------------------------------------------- 2021.8.7 shellwolf 一、前言前段学习反调试和vc，写了antidebug-tester，经常会收到message希望交流或索要实现代码，我都没有回复。

其实代码已经在编程版提供了1个版本，另其多是vc内嵌asm写的，对cracker而言，只要反下就知道了。

我想代码其实意义不是很大，重要的是理解和运用。

做个简单的总结，说明下实现原理和实现方法。

也算回复了那些给我发Message的朋友。

部分代码和参考资料来源： 1、<> hawking2、<> Angeljyt3、4、<> 看雪学院5、<> Peter Ferrie我将反调试技巧按行为分为两大类，一类为检测，另一类为攻击，每类中按操作对象又分了五个小类：1、通用调试器包括所有调试器的通用检测方法2、特定调试器包括OD、IDA等调试器，也包括相关插件，也包括虚拟环境3、断点包括内存断点、普通断点、硬件断点检测 4、单步和跟踪主要针对单步跟踪调试 5、补丁包括文件补丁和内存补丁反调试函数前缀检测攻击通用调试器 FD_ AD_ 特定调试器 FS_ AS_ 断点 FB_ AB_单步和跟踪 FT_ AT_ 补丁 FP_ AP_声明：1、本文多数都是摘录和翻译，我只是重新组合并翻译，不会有人告侵权吧。

里面多是按自己的理解来说明，可能有理解错误，或有更好的实现方法，希望大家帮忙指出错误。

2、我并没有总结完全，上面的部分分类目前还只有很少的函数甚至空白，等待大家和我一起来完善和补充。

我坚信如果有扎实的基础知识，丰富的想像力，灵活的运用，就会创造出更多的属于自己的反调试。

OD自动寻路ECX值的分析教程本帖被laraft 执行加亮操作(2008-08-08)广海发了一个贴,有人问为什么会得出ECX=[[[基址]+28]+3c],还真是不太好回答.以前我很懒,所以都是拿来主意,从没有去分析为什么.今天跟了一下,才明白为什么.汇编原型：00502142 8B15 5CFC9600 MOV EDX,DWORD PTR DS:[96FC5C] ; Element C.0097373000502148 8B42 1C MOV EAX,DWORD PTR DS:[EDX+1C]0050214B 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8]0050214E 8BB9 88000000 MOV EDI,DWORD PTR DS:[ECX+88] ;//edi存放地图ID00502154 E8 F770F2FF CALL ElementC.0042925000502159 D940 44 FLD DWORD PTR DS:[EAX+44] //EAX+4 4浮点变整型入栈顶st(0)0050215C D940 40 FLD DWORD PTR DS:[EAX+40]0050215F D940 3C FLD DWORD PTR DS:[EAX+3C]00502162 83C0 0C ADD EAX,0C00502165 6A 00 PUSH 0 //压入0 00502167 D95C24 18 FSTP DWORD PTR SS:[ESP+18]0050216B 57 PUSH EDI ;edi存放地图ID的压入0050216C 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]00502170 D95C24 20 FSTP DWORD PTR SS:[ESP+20]00502174 68 50679700 PUSH ElementC.0097675000502179 51 PUSH ECX //压入当前坐标起始地址0050217A D95C24 2C FSTP DWORD PTR SS:[ESP+2C]0050217E B9 08FC9600 MOV ECX,ElementC.0096FC0800502183 E8 288FF2FF CALL ElementC.0042B0B000502188 8BCE MOV ECX,ESICALL ElementC.00429250第一个CALL00429540 8B49 1C mov ecx, dword ptr [ecx+1C]00429543 85C9 test ecx, ecx00429545 74 05 je short 0042954C00429547 E9 F40E1700 jmp 0059A4400042954C 33C0 xor eax, eax0059A440 8B41 08 mov eax, dword ptr [ecx+8]0059A443 8B40 28 mov eax, dword ptr [eax+28]郁闷了几个月！怎么找PUSH ecx中ecx的偏移？？有的人得出ECX=[[[基址]+28]+3c],我不明白怎么找出这个偏移? lea ecx, dword ptr [ESP+1C]怎么求ESP？用CE找过，搜索不出！望高手指点一下！谢谢！=============================================以下是我的解答我用的是口袋西游,跟武林是一样的.图示为当前的人物坐标口袋的原型自动寻路:00508A82 8B15 1C9F9800 mov edx, dword ptr [989F1C] ; elementc.0098 D9F000508A88 8B42 1C mov eax, dword ptr [edx+1C]00508A8B 8B48 08 mov ecx, dword ptr [eax+8]00508A8E 8BB9 88000000 mov edi, dword ptr [ecx+88] //edi存放地图ID 00508A94 E8 A70AF2FF call 0042954000508A99 D940 44 fld dword ptr [eax+44]00508A9C D940 40 fld dword ptr [eax+40]00508A9F D940 3C fld dword ptr [eax+3C] //将eax+44的值浮点变成整数,并且入栈,当前坐标00508AA2 83C0 0C add eax, 0C00508AA5 6A 00 push 000508AA7 D95C24 18 fstp dword ptr [esp+18]00508AAB 57 push edi 压入地图00508AAC 8D4C24 1C lea ecx, dword ptr [esp+1C]00508AB0 D95C24 20 fstp dword ptr [esp+20]00508AB4 68 700A9900 push 00990A7000508AB9 51 push ecx00508ABA D95C24 2C fstp dword ptr [esp+2C]00508ABE B9 C89E9800 mov ecx, 00989EC800508AC3 E8 9828F2FF call 0042B3601.首先,在00508A82 8B15 1C9F9800 mov edx, dword ptr [989F1C] ; elem entc.0098D9F0 处下断,然后开始跟踪,一直到00508A99 D940 44 fld dword ptr [eax+44] //EAX+44浮点变整型入栈顶st(0),按EAX的值查看内存2.根据EAX的值跳到内存呵呵.转换一下,你就会发现,原来.这就是当前人物坐标XYZ的值.也可以直接查看ST0的值fstp dword ptr [esp+18]fstp dword ptr [esp+20]fstp dword ptr [esp+2C]与fld dword ptr [eax+44]fld dword ptr [eax+40]fld dword ptr [eax+3C]对应3.继续跟,压入EDI,这里的值是1,也就是当前地图的值4.当走到0050216C 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]时,查看ES P的值5.根据ESP的值跳到内存6.将内存值转换一下,会发现那是当前人物坐标的值7.所以,我们说的ECX的值,为什么用ECX=[[[基址]+28]+3c]来表示,就是因此而来. 不知道我写的,是不是能看明白.。