怎样也暴破不了(菜鸟求助)
IE清理器 1.0Borland Delphi 4.0 - 5.0
随意输入注册码 显示 注册码错误,请与作者联系
用W32DASM反汇编,串式参考,发现有 注册成功,谢谢使用本软件,双击它,以发现只有一处调用,
:0045037A 7504 jne 00450380
:0045037C B301 mov bl, 01
:0045037E EB28 jmp 004503A8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045037A(C)
|
:00450380 8B55F8 mov edx, dword ptr
:00450383 8B45F4 mov eax, dword ptr
:00450386 8B08 mov ecx, dword ptr
:00450388 FF5158 call
:0045038B 8D95E0FEFFFF lea edx, dword ptr
:00450391 8B45F4 mov eax, dword ptr
:00450394 8B08 mov ecx, dword ptr
:00450396 FF511C call
:00450399 8B85E0FEFFFF mov eax, dword ptr
:0045039F 8A18 mov bl, byte ptr
:004503A1 33C0 xor eax, eax
:004503A3 8AC3 mov al, bl
:004503A5 40 inc eax
:004503A6 8BD8 mov ebx, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045037E(U)
|
:004503A8 8D85DCFEFFFF lea eax, dword ptr
:004503AE 8BD3 mov edx, ebx
:004503B0 E85F38FBFF call 00403C14
:004503B5 8B95DCFEFFFF mov edx, dword ptr
:004503BB 8B45F4 mov eax, dword ptr
:004503BE 8B08 mov ecx, dword ptr
:004503C0 FF512C call
:004503C3 8B55F8 mov edx, dword ptr
:004503C6 8B45F4 mov eax, dword ptr
:004503C9 8B08 mov ecx, dword ptr
:004503CB FF5164 call
:004503CE 33C0 xor eax, eax
:004503D0 5A pop edx
:004503D1 59 pop ecx
:004503D2 59 pop ecx
:004503D3 648910 mov dword ptr fs:, edx
:004503D6 68EB034500 push 004503EB
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004503E9(U)
|
:004503DB 8B45F4 mov eax, dword ptr
:004503DE E87D29FBFF call 00402D60
:004503E3 C3 ret
:004503E4 E99730FBFF jmp 00403480
:004503E9 EBF0 jmp 004503DB
:004503EB 8B45FC mov eax, dword ptr
:004503EE C6803103000001 mov byte ptr , 01
:004503F5 6A00 push 00000000
:004503F7 668B0DAC044500 mov cx, word ptr
:004503FE 33D2 xor edx, edx
* Possible StringData Ref from Code Obj ->"注册成功,谢谢使用本软件!"
|
:00450400 B8B8044500 mov eax, 004504B8
-------------------------------------------------------------------------------------------
可以看到实际修改地址是 0004F77A ,用ULTRADIT查找0x4F77A ,修改75为74。暴破不成功。
用同样的方法,查看“注册码错误”,修改后仍不成功,晕。
我错在哪??请高手多多指点,多谢了。 00450276 .55 PUSH EBP
00450277 .68 62044500 PUSH IE清理器.00450462
0045027C .64:FF30 PUSH DWORD PTR FS:
0045027F .64:8920 MOV DWORD PTR FS:,ESP
00450282 .8D95 ECFEFFFF LEA EDX,DWORD PTR SS:
00450288 .8B45 FC MOV EAX,DWORD PTR SS:
0045028B .8B80 E4020000 MOV EAX,DWORD PTR DS:
00450291 .E8 924AFDFF CALL IE清理器.00424D28
00450296 .8B85 ECFEFFFF MOV EAX,DWORD PTR SS: ;假码(ASCII "987654321")
0045029C .8D95 F0FEFFFF LEA EDX,DWORD PTR SS:
004502A2 .E8 D17AFBFF CALL IE清理器.00407D78
004502A7 .83BD F0FEFFFF>CMP DWORD PTR SS:,0 ;输入否
004502AE .75 1A JNZ SHORT IE清理器.004502CA ;空就“请输入”框
004502B0 .6A 00 PUSH 0 ; /Arg1 = 00000000
004502B2 .66:8B0D 70044>MOV CX,WORD PTR DS: ; |
004502B9 .33D2 XOR EDX,EDX ; |
004502BB .B8 7C044500 MOV EAX,IE清理器.0045047C ; |请输入注册码?
004502C0 .E8 A354FFFF CALL IE清理器.00445768 ; \IE清理器.00445768
004502C5 .E9 57010000 JMP IE清理器.00450421
004502CA >8D95 E8FEFFFF LEA EDX,DWORD PTR SS:
004502D0 .8B45 FC MOV EAX,DWORD PTR SS:
004502D3 .8B80 E4020000 MOV EAX,DWORD PTR DS:
004502D9 .E8 4A4AFDFF CALL IE清理器.00424D28
004502DE .8B95 E8FEFFFF MOV EDX,DWORD PTR SS: ;假码(ASCII "987654321")
004502E4 .8B45 FC MOV EAX,DWORD PTR SS:
004502E7 .8B80 2C030000 MOV EAX,DWORD PTR DS: ;真码"E54D8-E544E-82389-814FE-F024E")
004502ED .E8 0A3BFBFF CALL IE清理器.00403DFC ;内存注册机
004502F2 .0F85 14010000 JNZ IE清理器.0045040C ;爆破点
004502F8 .68 FF000000 PUSH 0FF ; /BufSize = FF (255.)
004502FD .8D85 F4FEFFFF LEA EAX,DWORD PTR SS: ; |
00450303 .50 PUSH EAX ; |Buffer
00450304 .E8 5B5FFBFF CALL <JMP.&kernel32.GetSystemDirectoryA> ; \GetSystemDirectoryA
00450309 .BE 00010000 MOV ESI,100
0045030E .8DBD F4FEFFFF LEA EDI,DWORD PTR SS:
00450314 >8A1F MOV BL,BYTE PTR DS:
00450316 .84DB TEST BL,BL
00450318 .74 1F JE SHORT IE清理器.00450339
0045031A .8D85 E4FEFFFF LEA EAX,DWORD PTR SS:
00450320 .8BD3 MOV EDX,EBX
00450322 .E8 ED38FBFF CALL IE清理器.00403C14
00450327 .8B95 E4FEFFFF MOV EDX,DWORD PTR SS:
0045032D .8D45 F8 LEA EAX,DWORD PTR SS:
00450330 .E8 BF39FBFF CALL IE清理器.00403CF4
00450335 .47 INC EDI
00450336 .4E DEC ESI
00450337 .^ 75 DB JNZ SHORT IE清理器.00450314
00450339 >FF75 F8 PUSH DWORD PTR SS:
0045033C .68 94044500 PUSH IE清理器.00450494 ;\
00450341 .68 A0044500 PUSH IE清理器.004504A0 ;winnet.dll
00450346 .8D45 F8 LEA EAX,DWORD PTR SS:
00450349 .BA 03000000 MOV EDX,3
0045034E .E8 593AFBFF CALL IE清理器.00403DAC
00450353 .33C0 XOR EAX,EAX
00450355 .55 PUSH EBP
00450356 .68 E4034500 PUSH IE清理器.004503E4
0045035B .64:FF30 PUSH DWORD PTR FS:
0045035E .64:8920 MOV DWORD PTR FS:,ESP
00450361 .B2 01 MOV DL,1
00450363 .A1 14C44000 MOV EAX,DWORD PTR DS:
00450368 .E8 C329FBFF CALL IE清理器.00402D30
0045036D .8945 F4 MOV DWORD PTR SS:,EAX
00450370 .8B45 F8 MOV EAX,DWORD PTR SS:
00450373 .E8 AC7CFBFF CALL IE清理器.00408024
00450378 .84C0 TEST AL,AL
0045037A .75 04 JNZ SHORT IE清理器.00450380
0045037C .B3 01 MOV BL,1
0045037E .EB 28 JMP SHORT IE清理器.004503A8
00450380 >8B55 F8 MOV EDX,DWORD PTR SS:
00450383 .8B45 F4 MOV EAX,DWORD PTR SS:
00450386 .8B08 MOV ECX,DWORD PTR DS:
00450388 .FF51 58 CALL DWORD PTR DS:
0045038B .8D95 E0FEFFFF LEA EDX,DWORD PTR SS:
00450391 .8B45 F4 MOV EAX,DWORD PTR SS:
00450394 .8B08 MOV ECX,DWORD PTR DS:
00450396 .FF51 1C CALL DWORD PTR DS:
00450399 .8B85 E0FEFFFF MOV EAX,DWORD PTR SS:
0045039F .8A18 MOV BL,BYTE PTR DS:
004503A1 .33C0 XOR EAX,EAX
004503A3 .8AC3 MOV AL,BL
004503A5 .40 INC EAX
004503A6 .8BD8 MOV EBX,EAX
004503A8 >8D85 DCFEFFFF LEA EAX,DWORD PTR SS:
004503AE .8BD3 MOV EDX,EBX
004503B0 .E8 5F38FBFF CALL IE清理器.00403C14
004503B5 .8B95 DCFEFFFF MOV EDX,DWORD PTR SS:
004503BB .8B45 F4 MOV EAX,DWORD PTR SS:
004503BE .8B08 MOV ECX,DWORD PTR DS:
004503C0 .FF51 2C CALL DWORD PTR DS:
004503C3 .8B55 F8 MOV EDX,DWORD PTR SS:
004503C6 .8B45 F4 MOV EAX,DWORD PTR SS:
004503C9 .8B08 MOV ECX,DWORD PTR DS:
004503CB .FF51 64 CALL DWORD PTR DS:
004503CE .33C0 XOR EAX,EAX
004503D0 .5A POP EDX
004503D1 .59 POP ECX
004503D2 .59 POP ECX
004503D3 .64:8910 MOV DWORD PTR FS:,EDX
004503D6 .68 EB034500 PUSH IE清理器.004503EB
004503DB >8B45 F4 MOV EAX,DWORD PTR SS:
004503DE .E8 7D29FBFF CALL IE清理器.00402D60
004503E3 .C3 RETN
004503E4 .^ E9 9730FBFF JMP IE清理器.00403480
004503E9 .^ EB F0 JMP SHORT IE清理器.004503DB
004503EB .8B45 FC MOV EAX,DWORD PTR SS:
004503EE .C680 31030000>MOV BYTE PTR DS:,1
004503F5 .6A 00 PUSH 0 ; /Arg1 = 00000000
004503F7 .66:8B0D AC044>MOV CX,WORD PTR DS: ; |
004503FE .33D2 XOR EDX,EDX ; |
00450400 .B8 B8044500 MOV EAX,IE清理器.004504B8 ; |注册成功,谢谢使用本软件!
00450405 .E8 5E53FFFF CALL IE清理器.00445768 ; \IE清理器.00445768
0045040A .EB 15 JMP SHORT IE清理器.00450421
0045040C >6A 00 PUSH 0 ; /Arg1 = 00000000
0045040E .66:8B0D AC044>MOV CX,WORD PTR DS: ; |
00450415 .33D2 XOR EDX,EDX ; |
00450417 .B8 DC044500 MOV EAX,IE清理器.004504DC ; |注册码错误,请与作者联系!
0045041C .E8 4753FFFF CALL IE清理器.00445768 ; \IE清理器.00445768
00450421 >33C0 XOR EAX,EAX
00450423 .5A POP EDX 多看教程:)和文章 都已经提示注册成功,再开还是要注册,软件本身就有问题 我 汗一下,要求加分..... 原帖由 棒棒糖 于 2006-11-28 20:40 发表
多看教程:)和文章
是的~!
讲的 极是!!!! 修改爆破点的这一句,好像还是不能够注册。
004502F2 .0F85 14010000 JNZ IE清理器.0045040C ;爆破点
但是输入注册码,是可以注册的。难到还有一些关键点需要爆破。
页:
[1]