飞雪桌面日历2.81.0.996破解补丁 + 送简单分析
软件介绍:不用安装,小巧而强大!及少内存占用集合了以下超多功能:万年历、世界时钟、定时运行、定时关机(关机仅需3秒!)、限时用机、休息提醒(可锁定系统)、备忘录、系统热键、世界时间、光驱控制、文件定期清理、网络校时、语音报时等,并支持自定义软件皮肤,能以5种界面同时存在,即:日历、挂历、时钟、液晶电子钟、迷你栏。
飞雪桌面日历2.81.0.996简单分析
//===========================================脱壳后的关机验证部分
00589F18 FF15 94124000 call near dword ptr ds: ; MSVBVM60.rtcFreeFile
00589F1E 8845 E0 mov byte ptr ss:,al
00589F21 8D4D BC lea ecx,dword ptr ss:
00589F24 FF15 20104000 call near dword ptr ds: ; MSVBVM60.__vbaFreeVar
00589F2A 66:0FB675 E0 movzx si,byte ptr ss:
00589F2F 8B4D 0C mov ecx,dword ptr ss:
00589F32 8B11 mov edx,dword ptr ds:
00589F34 52 push edx
00589F35 56 push esi
00589F36 6A FF push -1
00589F38 6A 20 push 20
00589F3A FF15 84124000 call near dword ptr ds: ; MSVBVM60.__vbaFileOpen
00589F40 56 push esi
00589F41 8D45 D8 lea eax,dword ptr ss:
00589F44 50 push eax
00589F45 68 14B54200 push FXCalend.0042B514
00589F4A FF15 48124000 call near dword ptr ds: ; MSVBVM60.__vbaGetOwner3
00589F50 56 push esi
00589F51 FF15 64114000 call near dword ptr ds: ; MSVBVM60.__vbaFileClose
00589F57 3BFB cmp edi,ebx
00589F59 7D 31 jge short FXCalend.00589F8C
00589F5B 8B45 D8 mov eax,dword ptr ss:
00589F5E 8B48 0C mov ecx,dword ptr ds:
00589F61 2B48 14 sub ecx,dword ptr ds:
00589F64 8D3439 lea esi,dword ptr ds:
00589F67 8BC7 mov eax,edi
00589F69 99 cdq
00589F6A B9 73000000 mov ecx,73
00589F6F F7F9 idiv ecx
00589F71 8BCA mov ecx,edx
00589F73 8B45 14 mov eax,dword ptr ss:
00589F76 99 cdq
00589F77 BB C9000000 mov ebx,0C9
00589F7C F7FB idiv ebx
00589F7E 33CA xor ecx,edx
00589F80 8A16 mov dl,byte ptr ds:
00589F82 33CA xor ecx,edx
00589F84 880E mov byte ptr ds:,cl
00589F86 47 inc edi
00589F87 8B5D CC mov ebx,dword ptr ss:
00589F8A^ EB CB jmp short FXCalend.00589F57
00589F8C C745 C4 04000280 mov dword ptr ss:,80020004
00589F93 C745 BC 0A000000 mov dword ptr ss:,0A
00589F9A 8D45 BC lea eax,dword ptr ss:
00589F9D 50 push eax
00589F9E FF15 94124000 call near dword ptr ds: ; MSVBVM60.rtcFreeFile
00589FA4 8AD8 mov bl,al
00589FA6 885D E0 mov byte ptr ss:,bl
00589FA9 8D4D BC lea ecx,dword ptr ss:
00589FAC FF15 20104000 call near dword ptr ds: ; MSVBVM60.__vbaFreeVar
00589FB2 8B45 D0 mov eax,dword ptr ss: ; 在这里修改eax为固定值行不通的 因为有个随机数
00589FB5 85C0 test eax,eax
00589FB7 75 12 jnz short FXCalend.00589FCB
00589FB9 8D4D D0 lea ecx,dword ptr ss:
00589FBC 51 push ecx
00589FBD 68 58874000 push FXCalend.00408758
00589FC2 FF15 90124000 call near dword ptr ds: ; MSVBVM60.__vbaNew2
00589FC8 8B45 D0 mov eax,dword ptr ss: ; 大小
00589FCB 8BF0 mov esi,eax
//========================================================验证计算结束
00589FCD C745 A8 00000000 mov dword ptr ss:,0
00589FD4 8B10 mov edx,dword ptr ds:
00589FD6 8D4D A4 lea ecx,dword ptr ss:
00589FD9 51 push ecx
00589FDA 8D4D A8 lea ecx,dword ptr ss:
00589FDD 51 push ecx
00589FDE 8B7D 10 mov edi,dword ptr ss:
00589FE1 57 push edi
00589FE2 50 push eax
00589FE3 FF52 24 call near dword ptr ds: ; 这个地方阴险哦 用程序大小来选择性跳转
//===============================================通过计算大小验证得到的不同的执行函数
注意 如果脱壳后此地方必须f7进去 否则关机.
//*=========================================================
暴破分析...人懒..一向是可以暴破就暴破.可以loader就loaderesp定律都懒得动手何况还有效验..- =!
//*=========================================================
0050BC8A 68 EC2B4200 push FXCalend.00422BEC ; 已注册 字符串入栈
0050BC8F FF15 7C104000 call near dword ptr ds: ; MSVBVM60.__vbaStrCat
0050BC95 8BD0 mov edx,eax
0050BC97 8D4D BC lea ecx,dword ptr ss:
0050BC9A FF15 3C134000 call near dword ptr ds: ; MSVBVM60.__vbaStrMove
0050BCA0 50 push eax
0050BCA1 8BC3 mov eax,ebx
0050BCA3 8B9D 2CFFFFFF mov ebx,dword ptr ss:
0050BCA9 53 push ebx
0050BCAA FF50 54 call near dword ptr ds:
0050BCAD DBE2 fclex
0050BCAF 85C0 test eax,eax
0050BCB1 7D 0B jge short FXCalend.0050BCBE
0050BCB3 6A 54 push 54
0050BCB5 68 C4F94100 push FXCalend.0041F9C4
0050BCBA 53 push ebx
0050BCBB 50 push eax
0050BCBC FFD6 call near esi
0050BCBE 8D4D BC lea ecx,dword ptr ss:
0050BCC1 51 push ecx
0050BCC2 8D55 C0 lea edx,dword ptr ss:
0050BCC5 52 push edx
0050BCC6 8D45 C4 lea eax,dword ptr ss:
0050BCC9 50 push eax
0050BCCA 8D4D C8 lea ecx,dword ptr ss:
0050BCCD 51 push ecx
0050BCCE 8D55 CC lea edx,dword ptr ss:
0050BCD1 52 push edx
0050BCD2 8D45 D0 lea eax,dword ptr ss:
0050BCD5 50 push eax
0050BCD6 8D4D D4 lea ecx,dword ptr ss:
0050BCD9 51 push ecx
0050BCDA 6A 07 push 7
0050BCDC FF15 BC124000 call near dword ptr ds: ; MSVBVM60.__vbaFreeStrList
0050BCE2 8D55 B4 lea edx,dword ptr ss:
0050BCE5 52 push edx
0050BCE6 8D45 B8 lea eax,dword ptr ss:
0050BCE9 50 push eax
0050BCEA 6A 02 push 2
0050BCEC FF15 50104000 call near dword ptr ds: ; MSVBVM60.__vbaFreeObjList
0050BCF2 8D4D 8C lea ecx,dword ptr ss:
0050BCF5 51 push ecx
0050BCF6 8D55 9C lea edx,dword ptr ss:
0050BCF9 52 push edx
0050BCFA 6A 02 push 2
0050BCFC FF15 40104000 call near dword ptr ds: ; MSVBVM60.__vbaFreeVarList
0050BD02 83C4 38 add esp,38
0050BD05 A0 9CC05900 mov al,byte ptr ds: ; ↓根据下面的分析 改mov al,1
0050BD0A 34 01 xor al,1 ; 判断al是否为1
0050BD0C 0F85 B2070000 jnz FXCalend.0050C4C4 ; 第一个部分 不是1则 未注册
0050BD12 6A 01 push 1
0050BD14 FF15 F8104000 call near dword ptr ds: ; MSVBVM60.__vbaOnError
0050BD1A 8B45 DC mov eax,dword ptr ss:
0050BD1D 85C0 test eax,eax
0050BD1F 75 12 jnz short FXCalend.0050BD33
0050BD21 8D4D DC lea ecx,dword ptr ss:
0050BD24 51 push ecx
0050BD25 68 F49C4000 push FXCalend.00409CF4
0050BD2A FF15 90124000 call near dword ptr ds: ; MSVBVM60.__vbaNew2
0050BD30 8B45 DC mov eax,dword ptr ss:
0050BD33 8BD8 mov ebx,eax
0050BD35 8B10 mov edx,dword ptr ds:
0050BD37 8D8D 68FFFFFF lea ecx,dword ptr ss:
0050BD3D 51 push ecx
0050BD3E 8D4D E0 lea ecx,dword ptr ss:
0050BD41 51 push ecx
0050BD42 6A FF push -1
0050BD44 50 push eax
0050BD45 FF52 34 call near dword ptr ds:
0050BD48 DBE2 fclex
0050BD4A 85C0 test eax,eax
0050BD4C 7D 0B jge short FXCalend.0050BD59
0050BD4E 6A 34 push 34
0050BD50 68 18BD4100 push FXCalend.0041BD18
0050BD55 53 push ebx
0050BD56 50 push eax
0050BD57 FFD6 call near esi
0050BD59 66:83BD 68FFFFFF 00 cmp word ptr ss:,0 ; 第二个判断注册点
0050BD61 0F84 0A050000 je FXCalend.0050C271 ; 改jmp即可 注册咯
http://count.crsky.com/view_down.asp?down_url=http://1.scdx1.crsky.com/200712/FXCalendar-v2.81.rar&downd_id=12&ID=28028&SOFTID=8570&down=yes
https://www.chinapyg.com/attachment.php?aid=21036强奸型注册软件详细信息
[ 本帖最后由 Luckly 于 2007-12-16 03:42 编辑 ] 呵呵,代表正版注册用户用GG打你PP!开个玩笑,破的精彩!/:017 /:017
不过偶尔还是弹出了注册提示框,楼主再看看,以前的破解教程里破了六七处才成功的!看雪有
[ 本帖最后由 backboy 于 2007-12-16 13:00 编辑 ] 这个好难啊,也有关机的动作。。。 要是象2.62样做个注册机就好了 现在的加密技术也不可小觑了/:L 下来学习学习看看 怎么放在飞雪桌面日历2.81.0.996文件夹里。运行 提示文件夹大小错误呀,注册不了哦? 向你学习,向你致敬!
页:
[1]