中国法律案例大全 2004
中国法律案例大全 2004【加密方式】 用户名+注册码
【破解工具】 FlyOD V1.10、
【软件限制】 21天限制
【下载地址】 http://www.shareware.cn/
【破解平台】 Microsoft Windows XP SP2
vb编写。
下vbastrcmp断点
先停一次
00467569 .FF15 E4104000 call dword ptr ds:[<&MSVBVM60.__vb>;MSVBVM60.__vbaStrCmp
0046756F .85C0 test eax,eax
00467571 0F84 E1000000 je law.00467658
00467577 .8B4D E0 mov ecx,dword ptr ss:
0046757A .51 push ecx
0046757B .FF15 20104000 call dword ptr ds:[<&MSVBVM60.__vb>;MSVBVM60.__vbaLenBstr
00467581 .8BC8 mov ecx,eax
00467583 .FF15 F4104000 call dword ptr ds:[<&MSVBVM60.__vb>;MSVBVM60.__vbaI2I4
00467589 .8B3D 00124000 mov edi,dword ptr ds:[<&MSVBVM60._>;MSVBVM60.__vbaStrMove
按f9又停一次
00467569 .FF15 E4104000 call dword ptr ds:[<&MSVBVM60.__vb>;MSVBVM60.__vbaStrCmp
0046756F .85C0 test eax,eax
00467571 0F84 E1000000 je law.00467658
00467577 .8B4D E0 mov ecx,dword ptr ss:
0046757A .51 push ecx
0046757B .FF15 20104000 call dword ptr ds:[<&MSVBVM60.__vb>;MSVBVM60.__vbaLenBstr
00467581 .8BC8 mov ecx,eax
00467583 .FF15 F4104000 call dword ptr ds:[<&MSVBVM60.__vb>;MSVBVM60.__vbaI2I4
00467589 .8B3D 00124000 mov edi,dword ptr ds:[<&MSVBVM60._>;MSVBVM60.__vbaStrMove
0046758F .8B1D 24104000 mov ebx,dword ptr ds:[<&MSVBVM60._>;MSVBVM60.__vbaStrVarMove
00467595 .8945 80 mov dword ptr ss:,eax
然后一步一步的用f8往下走,过一个vb6.0的控件后,来到下面.
004648CD .66:3D FFFF cmp ax,0FFFF
004648D1 .0F94C1 sete cl
004648D4 .F7D9 neg ecx
004648D6 .66:8BF1 mov si,cx
004648D9 .8D4D DC lea ecx,dword ptr ss:
004648DC .FFD3 call ebx ;<&MSVBVM60.__vbaFreeVar>
004648DE .66:85F6 test si,si
004648E1 0F84 00010000 je law.004649E7------------------------改jne这是是否弹出提示界面的跳转
004648E7 .A1 C4984600 mov eax,dword ptr ds:
004648EC .85C0 test eax,eax
004648EE .75 14 jnz short law.00464904
004648F0 .8B3D 78114000 mov edi,dword ptr ds:[<&MSVBVM60._>;MSVBVM60.__vbaNew2
004648F6 .68 C4984600 push law.004698C4
004648FB .68 948A4000 push law.00408A94
00464900 .FFD7 call edi ;<&MSVBVM60.__vbaNew2>
00464902 .EB 06 jmp short law.0046490A
00464904 >8B3D 78114000 mov edi,dword ptr ds:[<&MSVBVM60._>;MSVBVM60.__vbaNew2
0046490A >A1 3C924600 mov eax,dword ptr ds:
0046490F .8B35 C4984600 mov esi,dword ptr ds:
00464915 .85C0 test eax,eax
00464917 .75 0C jnz short law.00464925
00464919 .68 3C924600 push law.0046923C
0046491E .68 68324000 push law.00403268
00464923 .FFD7 call edi
00464925 >8B15 3C924600 mov edx,dword ptr ds:
0046492B .8B1E mov ebx,dword ptr ds:
0046492D .8D45 EC lea eax,dword ptr ss:
00464930 .52 push edx
00464931 .50 push eax
00464932 .FF15 98104000 call dword ptr ds:[<&MSVBVM60.__vb>;MSVBVM60.__vbaObjSetAddref
00464938 .50 push eax
00464939 .56 push esi
0046493A .FF53 10 call dword ptr ds:
0046493D .85C0 test eax,eax
0046493F .DBE2 fclex
00464941 .7D 0F jge short law.00464952
00464943 .6A 10 push 10
00464945 .68 848A4000 push law.00408A84
0046494A .56 push esi
0046494B .50 push eax
0046494C .FF15 6C104000 call dword ptr ds:[<&MSVBVM60.__vb>;MSVBVM60.__vbaHresultCheckObj
00464952 >8D4D EC lea ecx,dword ptr ss:
00464955 .FF15 28124000 call dword ptr ds:[<&MSVBVM60.__vb>;MSVBVM60.__vbaFreeObj
0046495B .A1 28924600 mov eax,dword ptr ds:
00464960 .85C0 test eax,eax
00464962 .75 0C jnz short law.00464970
00464964 .68 28924600 push law.00469228
00464969 .68 80284000 push law.00402880
0046496E .FFD7 call edi
00464970 >83EC 10 sub esp,10
00464973 .B9 0A000000 mov ecx,0A
00464978 .8BDC mov ebx,esp
0046497A .894D 8C mov dword ptr ss:,ecx
0046497D .894D 9C mov dword ptr ss:,ecx
00464980 .B8 04000280 mov eax,80020004
00464985 .890B mov dword ptr ds:,ecx
00464987 .8B4D 90 mov ecx,dword ptr ss:
0046498A .8945 94 mov dword ptr ss:,eax
0046498D .8BD0 mov edx,eax
0046498F .894B 04 mov dword ptr ds:,ecx
00464992 .83EC 10 sub esp,10
00464995 .8B35 28924600 mov esi,dword ptr ds:
0046499B .8BCC mov ecx,esp
0046499D .8943 08 mov dword ptr ds:,eax
004649A0 .8B45 98 mov eax,dword ptr ss:
004649A3 .8955 A4 mov dword ptr ss:,edx
004649A6 .8B3E mov edi,dword ptr ds:
004649A8 .8943 0C mov dword ptr ds:,eax
004649AB .8B45 9C mov eax,dword ptr ss:
004649AE .8901 mov dword ptr ds:,eax
004649B0 .8B45 A0 mov eax,dword ptr ss:
004649B3 .56 push esi
004649B4 .8941 04 mov dword ptr ds:,eax
004649B7 .8951 08 mov dword ptr ds:,edx
004649BA .8B55 A8 mov edx,dword ptr ss:
004649BD .8951 0C mov dword ptr ds:,edx
004649C0 .FF97 B0020000 call dword ptr ds:
004649C6 .85C0 test eax,eax
004649C8 .DBE2 fclex
004649CA .0F8D 66010000 jge law.00464B36
004649D0 .68 B0020000 push 2B0
004649D5 .68 24A14000 push law.0040A124
004649DA .56 push esi
004649DB .50 push eax
004649DC .FF15 6C104000 call dword ptr ds:[<&MSVBVM60.__vb>;MSVBVM60.__vbaHresultCheckObj
004649E2 .E9 4F010000 jmp law.00464B36
004649E7 >8B85 60FFFFFF mov eax,dword ptr ss:--------下面是试用的范围
004649ED .6A 00 push 0
004649EF .68 02000360 push 60030002
004649F4 .8D4D DC lea ecx,dword ptr ss:
004649F7 .50 push eax
004649F8 .51 push ecx
004649F9 .FFD7 call edi
004649FB .83C4 10 add esp,10
004649FE .50 push eax
004649FF .FF15 60114000 call dword ptr ds:[<&MSVBVM60.__vb>;MSVBVM60.__vbaI2Var
00464A05 .33D2 xor edx,edx
00464A07 .66:3D 1500 cmp ax,15
00464A0B .0F9CC2 setl dl
00464A0E .F7DA neg edx
00464A10 .8D4D DC lea ecx,dword ptr ss:
00464A13 .66:8BF2 mov si,dx
00464A16 .FFD3 call ebx
00464A18 .66:85F6 test si,si
00464A1B 0F84 90000000 je law.00464AB1--------------------------试用期是否过期的跳转
00464A21 .A1 3C924600 mov eax,dword ptr ds:
00464A26 .85C0 test eax,eax
00464A28 75 10 jnz short law.00464A3A
00464A2A .68 3C924600 push law.0046923C
00464A2F .68 68324000 push law.00403268
00464A34 .FF15 78114000 call dword ptr ds:[<&MSVBVM60.__vb>;MSVBVM60.__vbaNew2
00464A3A >83EC 10 sub esp,10
00464A3D .B9 0A000000 mov ecx,0A
00464A42 .8BDC mov ebx,esp
00464A44 .894D 8C mov dword ptr ss:,ecx
00464A47 .894D 9C mov dword ptr ss:,ecx
00464A4A .B8 04000280 mov eax,80020004
00464A4F .890B mov dword ptr ds:,ecx
00464A51 .8B4D 90 mov ecx,dword ptr ss:
00464A54 .8945 94 mov dword ptr ss:,eax
00464A57 .8BD0 mov edx,eax
00464A59 .894B 04 mov dword ptr ds:,ecx
00464A5C .83EC 10 sub esp,10
00464A5F .8B35 3C924600 mov esi,dword ptr ds:
00464A65 .8BCC mov ecx,esp
00464A67 .8943 08 mov dword ptr ds:,eax
00464A6A .8B45 98 mov eax,dword ptr ss:
00464A6D .8955 A4 mov dword ptr ss:,edx
00464A70 .8B3E mov edi,dword ptr ds:
00464A72 .8943 0C mov dword ptr ds:,eax
00464A75 .8B45 9C mov eax,dword ptr ss:
00464A78 .8901 mov dword ptr ds:,eax
00464A7A .8B45 A0 mov eax,dword ptr ss:
00464A7D .56 push esi
00464A7E .8941 04 mov dword ptr ds:,eax
00464A81 .8951 08 mov dword ptr ds:,edx
00464A84 .8B55 A8 mov edx,dword ptr ss:
00464A87 .8951 0C mov dword ptr ds:,edx
00464A8A .FF97 B0020000 call dword ptr ds:
00464A90 .85C0 test eax,eax
00464A92 .DBE2 fclex
00464A94 .0F8D 9C000000 jge law.00464B36
00464A9A .68 B0020000 push 2B0
00464A9F .68 A4A74000 push law.0040A7A4
00464AA4 .56 push esi
00464AA5 .50 push eax
00464AA6 .FF15 6C104000 call dword ptr ds:[<&MSVBVM60.__vb>;MSVBVM60.__vbaHresultCheckObj
00464AAC .E9 85000000 jmp law.00464B36
如果跳到这里---------会出现过期提示
00464AB1 >8B35 CC114000 mov esi,dword ptr ds:[<&MSVBVM60._>;MSVBVM60.__vbaVarDup
00464AB7 .B9 0A000000 mov ecx,0A
00464ABC .894D AC mov dword ptr ss:,ecx
完全是靠运气碰出来的,因为提示注册的界面在主界面之前出现,可以断定是先判断再选择进入哪个界面.因此漫漫的在启动的过程里发掘就会找到判断点.
另外,关键跳是4659fd je465af5 因为前面没有任何伪吗的信息,只好爆破.从启动过程入手.
[ 本帖最后由 tigerisme 于 2006-8-27 08:44 编辑 ]
页:
[1]