ico精灵 2.0简单分析
【破解工具】PEiD,OD【破解平台】Windows XP
【软件名称】ico精灵 2.0(2003-6-12版)
【软件大小】266KB
【原版下载】自己找一下
【保护方式】注册码
【软件简介】
主要功能是ico图标的提取和ico图标的批量转化成bmp文件和bmp文件批量转换成ico文件,新增了bmp文件批量转换成ico文件功能和修正了新 建文件夹的bug。她是“冰河软件”中的又一个漂亮成员!
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、运行程序,进行注册,输入错误的注册信息进行检测,有提示信息
"你输入的注册码不正确!"
**************************************************************
二、用PEiD对这个软件查壳,为Borland Delphi 4.0 - 5.0
**************************************************************
三、运行OD,打开ICO_dogV2.0,右键—超级字串参考—查找ASCII.
查找"你输入的注册码不正确!"004658E0/.55 PUSH EBP
004658E1|.8BEC MOV EBP,ESP
004658E3|.6A 00 PUSH 0
004658E5|.6A 00 PUSH 0
004658E7|.53 PUSH EBX
004658E8|.56 PUSH ESI
004658E9|.8BD8 MOV EBX,EAX
004658EB|.33C0 XOR EAX,EAX
004658ED|.55 PUSH EBP
004658EE|.68 035A4600 PUSH ICO_dogV.00465A03
004658F3|.64:FF30 PUSH DWORD PTR FS:
004658F6|.64:8920 MOV DWORD PTR FS:,ESP
004658F9|.8D55 FC LEA EDX,DWORD PTR SS:
004658FC|.8B83 DC020000 MOV EAX,DWORD PTR DS:
00465902|.E8 8D0AFCFF CALL ICO_dogV.00426394 ;//取用户名长度送入EAX
00465907|.8B45 FC MOV EAX,DWORD PTR SS: ;//将用户名送入EAX
0046590A|.BA 185A4600 MOV EDX,ICO_dogV.00465A18 ;mmxbicssbo
0046590F|.E8 18E4F9FF CALL ICO_dogV.00403D2C ;//比较用户名
00465914|.0F85 AA000000 JNZ ICO_dogV.004659C4 ;//若不相等则跳,跳则注册失败
0046591A|.8D55 F8 LEA EDX,DWORD PTR SS:
0046591D|.8B83 E4020000 MOV EAX,DWORD PTR DS:
00465923|.E8 6C0AFCFF CALL ICO_dogV.00426394 ;//取注册码长度送入EAX
00465928|.8B45 F8 MOV EAX,DWORD PTR SS: ;//将注册码送入EAX
0046592B|.BA 2C5A4600 MOV EDX,ICO_dogV.00465A2C ;20305
00465930|.E8 F7E3F9FF CALL ICO_dogV.00403D2C ;//比较注册码
00465935|.0F85 89000000 JNZ ICO_dogV.004659C4 ;//若不相等则跳,跳则注册失败
0046593B|.A1 04BE4600 MOV EAX,DWORD PTR DS:
00465940|.8B00 MOV EAX,DWORD PTR DS:
00465942|.8B80 80030000 MOV EAX,DWORD PTR DS:
00465948|.8B80 08020000 MOV EAX,DWORD PTR DS:
0046594E|.B9 3C5A4600 MOV ECX,ICO_dogV.00465A3C ;$#
00465953|.BA 3D000000 MOV EDX,3D
00465958|.8B30 MOV ESI,DWORD PTR DS:
0046595A|.FF56 20 CALL DWORD PTR DS:
0046595D|.A1 04BE4600 MOV EAX,DWORD PTR DS:
00465962|.8B00 MOV EAX,DWORD PTR DS:
00465964|.8B80 80030000 MOV EAX,DWORD PTR DS:
0046596A|.8B80 08020000 MOV EAX,DWORD PTR DS:
00465970|.BA 485A4600 MOV EDX,ICO_dogV.00465A48 ;c:\boots.ini
00465975|.8B08 MOV ECX,DWORD PTR DS: ;//注册文件
00465977|.FF51 64 CALL DWORD PTR DS:
0046597A|.A1 04BE4600 MOV EAX,DWORD PTR DS:
0046597F|.8B00 MOV EAX,DWORD PTR DS:
00465981|.8B80 EC020000 MOV EAX,DWORD PTR DS:
00465987|.B2 01 MOV DL,1
00465989|.8B08 MOV ECX,DWORD PTR DS:
0046598B|.FF51 5C CALL DWORD PTR DS:
0046598E|.A1 04BE4600 MOV EAX,DWORD PTR DS:
00465993|.8B00 MOV EAX,DWORD PTR DS:
00465995|.8B80 84030000 MOV EAX,DWORD PTR DS:
0046599B|.BA 605A4600 MOV EDX,ICO_dogV.00465A60 ;已注册ico精灵!
004659A0|.E8 1F0AFCFF CALL ICO_dogV.004263C4
004659A5|.B8 785A4600 MOV EAX,ICO_dogV.00465A78 ;你已经成功注册了ico精灵,谢谢支持!
004659AA|.E8 8940FEFF CALL ICO_dogV.00449A38
004659AF|.8BC3 MOV EAX,EBX
004659B1|.E8 CEB8FDFF CALL ICO_dogV.00441284
004659B6|.A1 04BE4600 MOV EAX,DWORD PTR DS:
004659BB|.8B00 MOV EAX,DWORD PTR DS:
004659BD|.E8 7ABAFDFF CALL ICO_dogV.0044143C
004659C2|.EB 24 JMP SHORT ICO_dogV.004659E8
004659C4|>B8 A45A4600 MOV EAX,ICO_dogV.00465AA4 ;你输入的注册码不正确!
004659C9|.E8 6A40FEFF CALL ICO_dogV.00449A38
004659CE|.33D2 XOR EDX,EDX
004659D0|.8B83 DC020000 MOV EAX,DWORD PTR DS:
004659D6|.E8 E909FCFF CALL ICO_dogV.004263C4
004659DB|.33D2 XOR EDX,EDX
004659DD|.8B83 E4020000 MOV EAX,DWORD PTR DS:
004659E3|.E8 DC09FCFF CALL ICO_dogV.004263C4
004659E8|>33C0 XOR EAX,EAX
004659EA|.5A POP EDX
004659EB|.59 POP ECX
004659EC|.59 POP ECX
004659ED|.64:8910 MOV DWORD PTR FS:,EDX
004659F0|.68 0A5A4600 PUSH ICO_dogV.00465A0A
004659F5|>8D45 F8 LEA EAX,DWORD PTR SS:
004659F8|.BA 02000000 MOV EDX,2
004659FD|.E8 BEDFF9FF CALL ICO_dogV.004039C0
00465A02\.C3 RETN
00465A03 .^ E9 2CDAF9FF JMP ICO_dogV.00403434
00465A08 .^ EB EB JMP SHORT ICO_dogV.004659F5
00465A0A .5E POP ESI
00465A0B .5B POP EBX
00465A0C .59 POP ECX
00465A0D .59 POP ECX
00465A0E .5D POP EBP
00465A0F .C3 RETN
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
启动验证
00469264/.55 PUSH EBP
00469265|.8BEC MOV EBP,ESP
00469267|.33C9 XOR ECX,ECX
00469269|.51 PUSH ECX
0046926A|.51 PUSH ECX
0046926B|.51 PUSH ECX
0046926C|.51 PUSH ECX
0046926D|.51 PUSH ECX
0046926E|.51 PUSH ECX
0046926F|.53 PUSH EBX
00469270|.56 PUSH ESI
00469271|.57 PUSH EDI
00469272|.8BD8 MOV EBX,EAX
00469274|.33C0 XOR EAX,EAX
00469276|.55 PUSH EBP
00469277|.68 75944600 PUSH ICO_dogV.00469475
0046927C|.64:FF30 PUSH DWORD PTR FS:
0046927F|.64:8920 MOV DWORD PTR FS:,ESP
00469282|.B8 8C944600 MOV EAX,ICO_dogV.0046948C ;c:\boots.ini
00469287|.E8 CCEDF9FF CALL ICO_dogV.00408058
0046928C|.84C0 TEST AL,AL
0046928E|.74 18 JE SHORT ICO_dogV.004692A8 ;//判断是否是第1次运行,改为JMP
00469290|.8B83 80030000 MOV EAX,DWORD PTR DS:
00469296|.8B80 08020000 MOV EAX,DWORD PTR DS:
0046929C|.BA 8C944600 MOV EDX,ICO_dogV.0046948C ;c:\boots.ini
004692A1|.8B08 MOV ECX,DWORD PTR DS:
004692A3|.FF51 58 CALL DWORD PTR DS:
004692A6|.EB 16 JMP SHORT ICO_dogV.004692BE
004692A8|>8B83 80030000 MOV EAX,DWORD PTR DS:
004692AE|.8B80 08020000 MOV EAX,DWORD PTR DS:
004692B4|.BA 8C944600 MOV EDX,ICO_dogV.0046948C ;c:\boots.ini
004692B9|.8B08 MOV ECX,DWORD PTR DS:
004692BB|.FF51 64 CALL DWORD PTR DS:
004692BE|>8D4D FC LEA ECX,DWORD PTR SS:
004692C1|.8B83 80030000 MOV EAX,DWORD PTR DS:
004692C7|.8B80 08020000 MOV EAX,DWORD PTR DS:
004692CD|.BA 3D000000 MOV EDX,3D
004692D2|.8B30 MOV ESI,DWORD PTR DS:
004692D4|.FF56 0C CALL DWORD PTR DS:
004692D7|.8B45 FC MOV EAX,DWORD PTR SS: ;(初始 cpu 选择)
004692DA|.BA A4944600 MOV EDX,ICO_dogV.004694A4 ;$#
004692DF|.E8 48AAF9FF CALL ICO_dogV.00403D2C
004692E4|.75 22 JNZ SHORT ICO_dogV.00469308 ;//判断是否已注册,改为JE或NOP
004692E6|.B2 01 MOV DL,1
004692E8|.8B83 EC020000 MOV EAX,DWORD PTR DS:
004692EE|.8B08 MOV ECX,DWORD PTR DS:
004692F0|.FF51 5C CALL DWORD PTR DS:
004692F3|.BA B0944600 MOV EDX,ICO_dogV.004694B0 ;已注册ico精灵!
004692F8|.8B83 84030000 MOV EAX,DWORD PTR DS:
004692FE|.E8 C1D0FBFF CALL ICO_dogV.004263C4
00469303|.E9 E9000000 JMP ICO_dogV.004693F1
00469308|>8D4D F8 LEA ECX,DWORD PTR SS:
0046930B|.8B83 80030000 MOV EAX,DWORD PTR DS:
00469311|.8B80 08020000 MOV EAX,DWORD PTR DS:
00469317|.BA 3D000000 MOV EDX,3D
0046931C|.8B30 MOV ESI,DWORD PTR DS:
0046931E|.FF56 0C CALL DWORD PTR DS:
00469321|.8B45 F8 MOV EAX,DWORD PTR SS:
00469324|.BA C8944600 MOV EDX,ICO_dogV.004694C8 ;0
00469329|.E8 FEA9F9FF CALL ICO_dogV.00403D2C
0046932E|.75 22 JNZ SHORT ICO_dogV.00469352 ;//判断试用次数是否到0,改为JMP
00469330|.33D2 XOR EDX,EDX
00469332|.8B83 EC020000 MOV EAX,DWORD PTR DS:
00469338|.8B08 MOV ECX,DWORD PTR DS:
0046933A|.FF51 5C CALL DWORD PTR DS:
0046933D|.BA D4944600 MOV EDX,ICO_dogV.004694D4 ;请注册ico精灵!
00469342|.8B83 84030000 MOV EAX,DWORD PTR DS:
00469348|.E8 77D0FBFF CALL ICO_dogV.004263C4
0046934D|.E9 9F000000 JMP ICO_dogV.004693F1
00469352|>B2 01 MOV DL,1
00469354|.8B83 EC020000 MOV EAX,DWORD PTR DS:
0046935A|.8B08 MOV ECX,DWORD PTR DS:
0046935C|.FF51 5C CALL DWORD PTR DS:
0046935F|.8D4D F0 LEA ECX,DWORD PTR SS:
00469362|.8B83 80030000 MOV EAX,DWORD PTR DS:
00469368|.8BB0 08020000 MOV ESI,DWORD PTR DS:
0046936E|.8BC6 MOV EAX,ESI
00469370|.BA 3D000000 MOV EDX,3D
00469375|.8B38 MOV EDI,DWORD PTR DS:
00469377|.FF57 0C CALL DWORD PTR DS:
0046937A|.8B45 F0 MOV EAX,DWORD PTR SS:
0046937D|.E8 4AEBF9FF CALL ICO_dogV.00407ECC
00469382|.48 DEC EAX
00469383|.8D55 F4 LEA EDX,DWORD PTR SS:
00469386|.E8 DDEAF9FF CALL ICO_dogV.00407E68
0046938B|.8B4D F4 MOV ECX,DWORD PTR SS:
0046938E|.8BC6 MOV EAX,ESI
00469390|.BA 3D000000 MOV EDX,3D
00469395|.8B30 MOV ESI,DWORD PTR DS:
00469397|.FF56 20 CALL DWORD PTR DS:
0046939A|.8B83 80030000 MOV EAX,DWORD PTR DS:
004693A0|.8B80 08020000 MOV EAX,DWORD PTR DS:
004693A6|.BA 8C944600 MOV EDX,ICO_dogV.0046948C ;c:\boots.ini
004693AB|.8B08 MOV ECX,DWORD PTR DS:
004693AD|.FF51 64 CALL DWORD PTR DS:
004693B0|.68 EC944600 PUSH ICO_dogV.004694EC ;还能试用
004693B5|.8D4D E8 LEA ECX,DWORD PTR SS:
004693B8|.8B83 80030000 MOV EAX,DWORD PTR DS:
004693BE|.8B80 08020000 MOV EAX,DWORD PTR DS:
004693C4|.BA 3D000000 MOV EDX,3D
004693C9|.8B30 MOV ESI,DWORD PTR DS:
004693CB|.FF56 0C CALL DWORD PTR DS:
004693CE|.FF75 E8 PUSH DWORD PTR SS:
004693D1|.68 00954600 PUSH ICO_dogV.00469500 ;次!
004693D6|.8D45 EC LEA EAX,DWORD PTR SS:
004693D9|.BA 03000000 MOV EDX,3
004693DE|.E8 F9A8F9FF CALL ICO_dogV.00403CDC
004693E3|.8B55 EC MOV EDX,DWORD PTR SS:
004693E6|.8B83 84030000 MOV EAX,DWORD PTR DS:
004693EC|.E8 D3CFFBFF CALL ICO_dogV.004263C4
004693F1|>C783 C4030000 010000>MOV DWORD PTR DS:,1
004693FB|.8B83 E0020000 MOV EAX,DWORD PTR DS:
00469401|.E8 5ED4FBFF CALL ICO_dogV.00426864
00469406|.8B83 00030000 MOV EAX,DWORD PTR DS:
0046940C|.E8 4BD4FBFF CALL ICO_dogV.0042685C
00469411|.8B83 04030000 MOV EAX,DWORD PTR DS:
00469417|.E8 40D4FBFF CALL ICO_dogV.0042685C
0046941C|.8B83 8C030000 MOV EAX,DWORD PTR DS:
00469422|.E8 35D4FBFF CALL ICO_dogV.0042685C
00469427|.33D2 XOR EDX,EDX
00469429|.8B83 3C030000 MOV EAX,DWORD PTR DS:
0046942F|.E8 78CEFBFF CALL ICO_dogV.004262AC
00469434|.68 80000000 PUSH 80 ; /NewValue = 80
00469439|.6A EC PUSH -14 ; |Index = GWL_EXSTYLE
0046943B|.A1 04BF4600 MOV EAX,DWORD PTR DS: ; |
00469440|.8B00 MOV EAX,DWORD PTR DS: ; |
00469442|.8B40 24 MOV EAX,DWORD PTR DS: ; |
00469445|.50 PUSH EAX ; |hWnd
00469446|.E8 01D5F9FF CALL <JMP.&user32.SetWindowLongA> ; \SetWindowLongA
0046944B|.6A 00 PUSH 0
0046944D|.8BC3 MOV EAX,EBX
0046944F|.E8 5030FCFF CALL ICO_dogV.0042C4A4
00469454|.50 PUSH EAX ; |hWnd
00469455|.E8 32D5F9FF CALL <JMP.&user32.ShowWindow> ; \ShowWindow
0046945A|.33C0 XOR EAX,EAX
0046945C|.5A POP EDX
0046945D|.59 POP ECX
0046945E|.59 POP ECX
0046945F|.64:8910 MOV DWORD PTR FS:,EDX
00469462|.68 7C944600 PUSH ICO_dogV.0046947C
00469467|>8D45 E8 LEA EAX,DWORD PTR SS:
0046946A|.BA 06000000 MOV EDX,6
0046946F|.E8 4CA5F9FF CALL ICO_dogV.004039C0
00469474\.C3 RETN
00469475 .^ E9 BA9FF9FF JMP ICO_dogV.00403434
0046947A .^ EB EB JMP SHORT ICO_dogV.00469467
0046947C .5F POP EDI
0046947D .5E POP ESI
0046947E .5B POP EBX
0046947F .8BE5 MOV ESP,EBP
00469481 .5D POP EBP
00469482 .C3 RETN**************************************************************
【破解总结】
--------------------------------------------------------------
【爆破地址】
004692E4|.75 22 JNZ SHORT ICO_dogV.00469308
将JNZ改为JE或NOP
--------------------------------------------------------------
【注册信息】
用户名:mmxbicssbo
注册码:20305
保存在c:\boots.ini
--------------------------------------------------------------
希望以后可以在猫老大和PYG 5.4Cracker学习小组的帮助下进一步提高自己。
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! 今天想提取个图标,拿它玩了一下/:017 很详细啊!/:good 学习中,谢谢!!! 越来越强大了哈,顶你个肺哟/:001 原帖由 月之精灵 于 2008-2-16 21:45 发表 https://www.chinapyg.com/images/common/back.gif
越来越强大了哈,顶你个肺哟/:001
呵呵~好贴~ 嗯,好详细。收下学一下,谢谢 收下学一下,谢谢/:good
页:
[1]