破解遇到的问题!从来没试过 不知道怎么解决!
软件名称:QQ朗读器http://shareware.skycn.com/soft/6288.htm
晚上无聊时下的会自己说话 挺有趣的
刚想破解它 他好象能检测ODOD一运行 程序就自己删除掉!
这样的软件我觉得学习一下蛮重要的请大虾帮忙告诉一下思路 和方法!
小弟在此谢了~! sf
我是菜鸟 多多指教
我也想知道怎样破解这个软件 OD隐藏一下试试看呢 00496F78 E8 CFE6F6FF call qqtalk.0040564C ; 关键call
00496F7D 0F85 8F000000 jnz qqtalk.00497012 ; 关键跳不能跳
00496F83 8D55 DC lea edx,dword ptr ss:
00496F86 8B45 FC mov eax,dword ptr ss:
00496F89 8B80 80030000 mov eax,dword ptr ds:
00496F8F E8 E0C1FBFF call qqtalk.00453174
00496F94 8B4D DC mov ecx,dword ptr ss:
00496F97 BA F0704900 mov edx,qqtalk.004970F0 ; ASCII "qqtalk"
00496F9C B8 00714900 mov eax,qqtalk.00497100 ; ASCII
"mengfeixiang" 呵 Luckly
那你是怎么找到这个地方的?要下什么断点?
应该他自校验吧? 隐藏OD
载入后运行有一个$$a$$.bat吧 好像是 不记得了
把此文件内容清空把那个bat文件的属性改成只读
就可以放心调试了
Bp MessageBoxA ...................后面你的自己弄....什么自效验之类你弄不好就直接Loader 原帖由 Luckly 于 2008-2-18 15:56 发表 https://www.chinapyg.com/images/common/back.gif
00496F78 E8 CFE6F6FF call qqtalk.0040564C ; 关键call
00496F7D 0F85 8F000000 jnz qqtalk.00497012 ; 关键跳不能跳
00496F83 8D55 DC ...
想的太简单了吗 迷惑?到底是怎么判度的? 00496EB4 55 PUSH EBP
00496EB5 8BEC MOV EBP,ESP
00496EB7 B9 04000000 MOV ECX,4
00496EBC 6A 00 PUSH 0
00496EBE 6A 00 PUSH 0
00496EC0 49 DEC ECX
00496EC1^75 F9 JNZ SHORT qqtalk.00496EBC
00496EC3 51 PUSH ECX
00496EC4 53 PUSH EBX
00496EC5 56 PUSH ESI
00496EC6 57 PUSH EDI
00496EC7 8945 FC MOV DWORD PTR SS:,EAX
00496ECA 33C0 XOR EAX,EAX
00496ECC 55 PUSH EBP
00496ECD 68 9D704900 PUSH qqtalk.0049709D
00496ED2 64:FF30 PUSH DWORD PTR FS:
00496ED5 64:8920 MOV DWORD PTR FS:,ESP
00496ED8 8D55 F4 LEA EDX,DWORD PTR SS:
00496EDB 8B45 FC MOV EAX,DWORD PTR SS:
00496EDE 8B98 7C030000 MOV EBX,DWORD PTR DS:
00496EE4 8BC3 MOV EAX,EBX
00496EE6 E8 89C2FBFF CALL qqtalk.00453174
00496EEB 8B45 F4 MOV EAX,DWORD PTR SS:
00496EEE 8D55 F8 LEA EDX,DWORD PTR SS:
00496EF1 E8 A229F7FF CALL qqtalk.00409898
00496EF6 8B55 F8 MOV EDX,DWORD PTR SS:
00496EF9 8BC3 MOV EAX,EBX
00496EFB E8 A4C2FBFF CALL qqtalk.004531A4
00496F00 8D55 EC LEA EDX,DWORD PTR SS:
00496F03 8B45 FC MOV EAX,DWORD PTR SS:
00496F06 8B98 80030000 MOV EBX,DWORD PTR DS:
00496F0C 8BC3 MOV EAX,EBX
00496F0E E8 61C2FBFF CALL qqtalk.00453174
00496F13 8B45 EC MOV EAX,DWORD PTR SS:
00496F16 8D55 F0 LEA EDX,DWORD PTR SS:
00496F19 E8 7A29F7FF CALL qqtalk.00409898
00496F1E 8B55 F0 MOV EDX,DWORD PTR SS:
00496F21 8BC3 MOV EAX,EBX
00496F23 E8 7CC2FBFF CALL qqtalk.004531A4
00496F28 33C0 XOR EAX,EAX
00496F2A 55 PUSH EBP
00496F2B 68 36704900 PUSH qqtalk.00497036
00496F30 64:FF30 PUSH DWORD PTR FS:
00496F33 64:8920 MOV DWORD PTR FS:,ESP
00496F36 6A 00 PUSH 0
00496F38 8D45 E8 LEA EAX,DWORD PTR SS:
00496F3B 50 PUSH EAX
00496F3C 8D55 E4 LEA EDX,DWORD PTR SS:
00496F3F 8B45 FC MOV EAX,DWORD PTR SS:
00496F42 8B80 80030000 MOV EAX,DWORD PTR DS:
00496F48 E8 27C2FBFF CALL qqtalk.00453174
00496F4D 8B45 E4 MOV EAX,DWORD PTR SS:
00496F50 B9 B4704900 MOV ECX,qqtalk.004970B4 ; EF1B
00496F55 BA C4704900 MOV EDX,qqtalk.004970C4 ; 95669E30254FD9FC24F642D880006E75
00496F5A E8 E102FFFF CALL qqtalk.00487240
00496F5F 8B45 E8 MOV EAX,DWORD PTR SS:
00496F62 50 PUSH EAX
00496F63 8D55 E0 LEA EDX,DWORD PTR SS:
00496F66 8B45 FC MOV EAX,DWORD PTR SS:
00496F69 8B80 7C030000 MOV EAX,DWORD PTR DS:
00496F6F E8 00C2FBFF CALL qqtalk.00453174
00496F74 8B55 E0 MOV EDX,DWORD PTR SS:
00496F77 58 POP EAX
00496F78 E8 CFE6F6FF CALL qqtalk.0040564C
00496F7D 0F85 8F000000 JNZ qqtalk.00497012
00496F83 8D55 DC LEA EDX,DWORD PTR SS:
00496F86 8B45 FC MOV EAX,DWORD PTR SS:
00496F89 8B80 80030000 MOV EAX,DWORD PTR DS:
00496F8F E8 E0C1FBFF CALL qqtalk.00453174
00496F94 8B4D DC MOV ECX,DWORD PTR SS:
00496F97 BA F0704900 MOV EDX,qqtalk.004970F0 ; qqtalk
00496F9C B8 00714900 MOV EAX,qqtalk.00497100 ; mengfeixiang
00496FA1 E8 9A0DFFFF CALL qqtalk.00487D40
00496FA6 A1 08504A00 MOV EAX,DWORD PTR DS:
00496FAB 8B00 MOV EAX,DWORD PTR DS:
00496FAD C680 AC040000 01 MOV BYTE PTR DS:,1
00496FB4 A1 08504A00 MOV EAX,DWORD PTR DS:
00496FB9 8B00 MOV EAX,DWORD PTR DS:
00496FBB 8B80 68040000 MOV EAX,DWORD PTR DS:
00496FC1 33D2 XOR EDX,EDX
00496FC3 E8 846CFAFF CALL qqtalk.0043DC4C
00496FC8 A1 08504A00 MOV EAX,DWORD PTR DS:
00496FCD 8B00 MOV EAX,DWORD PTR DS:
00496FCF BA 18714900 MOV EDX,qqtalk.00497118 ; QQ朗读器
00496FD4 E8 CBC1FBFF CALL qqtalk.004531A4
00496FD9 A1 08504A00 MOV EAX,DWORD PTR DS:
00496FDE 8B00 MOV EAX,DWORD PTR DS:
00496FE0 8B80 D4030000 MOV EAX,DWORD PTR DS:
00496FE6 8B10 MOV EDX,DWORD PTR DS:
00496FE8 FF92 F0000000 CALL DWORD PTR DS:
00496FEE 6A 00 PUSH 0
00496FF0 68 24714900 PUSH qqtalk.00497124 ; QQ朗读器
00496FF5 68 30714900 PUSH qqtalk.00497130 ; 注册成功!
00496FFA 8B45 FC MOV EAX,DWORD PTR SS:
00496FFD E8 3A41FCFF CALL qqtalk.0045B13C
00497002 50 PUSH EAX
00497003 E8 700FF7FF CALL <JMP.&user32.MessageBoxA>
00497008 8B45 FC MOV EAX,DWORD PTR SS:
0049700B E8 EC62FDFF CALL qqtalk.0046D2FC
00497010 EB 1A JMP SHORT qqtalk.0049702C
00497012 6A 30 PUSH 30
00497014 68 3C714900 PUSH qqtalk.0049713C ; 提示
00497019 68 44714900 PUSH qqtalk.00497144 ; 对不起,注册码错误!(请点击"立即购买"按钮购买注册码).
0049701E 8B45 FC MOV EAX,DWORD PTR SS:
00497021 E8 1641FCFF CALL qqtalk.0045B13C
00497026 50 PUSH EAX
00497027 E8 4C0FF7FF CALL <JMP.&user32.MessageBoxA>
0049702C 33C0 XOR EAX,EAX
0049702E 5A POP EDX
0049702F 59 POP ECX
00497030 59 POP ECX
00497031 64:8910 MOV DWORD PTR FS:,EDX
00497034 EB 24 JMP SHORT qqtalk.0049705A
00497036^E9 C9D7F6FF JMP qqtalk.00404804
0049703B 6A 30 PUSH 30
0049703D 68 3C714900 PUSH qqtalk.0049713C ; 提示
00497042 68 44714900 PUSH qqtalk.00497144 ; 对不起,注册码错误!(请点击"立即购买"按钮购买注册码).
00497047 8B45 FC MOV EAX,DWORD PTR SS:
0049704A E8 ED40FCFF CALL qqtalk.0045B13C
0049704F 50 PUSH EAX
00497050 E8 230FF7FF CALL <JMP.&user32.MessageBoxA>
00497055 E8 BADBF6FF CALL qqtalk.00404C14 原帖由 Luckly 于 2008-2-19 20:09 发表 https://www.chinapyg.com/images/common/back.gif
隐藏OD
载入后运行有一个$$a$$.bat吧 好像是 不记得了
把此文件内容清空把那个bat文件的属性改成只读
就可以放心调试了
Bp MessageBoxA ...................后面你的自己弄....什么自效验之类 ...
好厉害啊.这样都能观察得到..
页:
[1]
2