晚生愚钝,不懂如何追出注册码
象这个,我壳脱了,可怎么追注册码,我连流程都有点稀里糊涂先是找到0045824E|.B8 08834500 MOV EAX,djaj_.00458308 ;Well done Cracker, You did it!
然后双击,00458144/.55 PUSH EBP f2于此
,再运行,再取消断点,不知道到这里为止我有做错码接下来我就根据以前看动画的样子一步步往下走,怎么就找不到正确的ascall。。。。。
,而且我发现我如果走快了,想再回去查看,也没用了,它会直接跳过的。
请帮我解决3个问题,为什么第一步都要搜索注册码信息呢(正确、错误),因为我看短的地方都是push ebp啊,或者说应该断哪个ebp
2,断到正确ebp后接下来又为什么要运行到该处呢(因为我看到动画里运行后又马上取消断点了,所以就不清楚了)
3,请针对次附件看下注册码怎么找
4,如果跳过了还想查看怎么办 不是说所有的的软件都可以追出注册码的 可以追出的!本论坛的! ,,潜坛,应薪坛贪 00458144/.55 push ebp//这里F2下断! (输入用户名和假码点击注册会中断在这里)然后用F8单步
00458145|.8BEC mov ebp, esp
00458147|.33C9 xor ecx, ecx
00458149|.51 push ecx
0045814A|.51 push ecx
0045814B|.51 push ecx
0045814C|.51 push ecx
0045814D|.51 push ecx
0045814E|.51 push ecx
0045814F|.51 push ecx
00458150|.51 push ecx
00458151|.53 push ebx
00458152|.56 push esi
00458153|.57 push edi
00458154|.8945 FC mov dword ptr , eax
00458157|.33C0 xor eax, eax
00458159|.55 push ebp
0045815A|.68 90824500 push 00458290
0045815F|.64:FF30 push dword ptr fs:
00458162|.64:8920 mov dword ptr fs:, esp
00458165|.8D55 F8 lea edx, dword ptr
00458168|.8B45 FC mov eax, dword ptr
0045816B|.8B80 D8020000 mov eax, dword ptr
00458171|.E8 16BFFCFF call 0042408C
00458176|.8D55 EC lea edx, dword ptr
00458179|.8B45 FC mov eax, dword ptr
0045817C|.8B80 D8020000 mov eax, dword ptr
00458182|.E8 05BFFCFF call 0042408C
00458187|.837D EC 00 cmp dword ptr , 0
0045818B|.75 0A jnz short 00458197
0045818D|.B8 A8824500 mov eax, 004582A8 ;enter you name, pls.
00458192|.E8 4DC1FEFF call 004442E4
00458197|>8D55 E8 lea edx, dword ptr
0045819A|.8B45 FC mov eax, dword ptr
0045819D|.8B80 DC020000 mov eax, dword ptr
004581A3|.E8 E4BEFCFF call 0042408C
004581A8|.837D E8 00 cmp dword ptr , 0
004581AC|.75 0A jnz short 004581B8
004581AE|.B8 C8824500 mov eax, 004582C8 ;enter the serial, pls.
004581B3|.E8 2CC1FEFF call 004442E4
004581B8|>8B45 F8 mov eax, dword ptr
004581BB|.E8 BCB9FAFF call 00403B7C
004581C0|.8BF8 mov edi, eax
004581C2|.85FF test edi, edi
004581C4|.7E 50 jle short 00458216
004581C6|.BB 01000000 mov ebx, 1
004581CB|>8B45 F8 /mov eax, dword ptr
004581CE|.0FB67418 FF |movzx esi, byte ptr
004581D3|.8BC6 |mov eax, esi
004581D5|.B9 06000000 |mov ecx, 6
004581DA|.33D2 |xor edx, edx
004581DC|.F7F1 |div ecx
004581DE|.8B55 F8 |mov edx, dword ptr
004581E1|.8BD6 |mov edx, esi
004581E3|.C1EA 02 |shr edx, 2
004581E6|.F7EA |imul edx
004581E8|.50 |push eax
004581E9|.8B45 F8 |mov eax, dword ptr
004581EC|.8BC6 |mov eax, esi
004581EE|.B9 0A000000 |mov ecx, 0A
004581F3|.33D2 |xor edx, edx
004581F5|.F7F1 |div ecx
004581F7|.5A |pop edx
004581F8|.92 |xchg eax, edx
004581F9|.8BCA |mov ecx, edx
004581FB|.33D2 |xor edx, edx
004581FD|.F7F1 |div ecx
004581FF|.8D55 E4 |lea edx, dword ptr
00458202|.E8 FDF8FAFF |call 00407B04
00458207|.8B55 E4 |mov edx, dword ptr
0045820A|.8D45 F4 |lea eax, dword ptr
0045820D|.E8 72B9FAFF |call 00403B84
00458212|.43 |inc ebx
00458213|.4F |dec edi
00458214|.^ 75 B5 \jnz short 004581CB
00458216|>68 E8824500 push 004582E8 ;adcm4-
0045821B|.FF75 F4 push dword ptr
0045821E|.68 F8824500 push 004582F8 ;-yeah!
00458223|.8D45 F0 lea eax, dword ptr
00458226|.BA 03000000 mov edx, 3
0045822B|.E8 0CBAFAFF call 00403C3C
00458230|.8D55 E0 lea edx, dword ptr
00458233|.8B45 FC mov eax, dword ptr
00458236|.8B80 DC020000 mov eax, dword ptr
0045823C|.E8 4BBEFCFF call 0042408C
00458241|.8B55 E0 mov edx, dword ptr
00458244|.8B45 F0 mov eax, dword ptr
00458247|.E8 40BAFAFF call 00403C8C //一直F8到这里(寄存器窗口中:EAX 00D66E94 ASCII "ADCM4-455050442323-YEAH!" 就是注册码,你的注册码可能和这不同)
0045824C|.75 0A jnz short 00458258
0045824E|.B8 08834500 mov eax, 00458308 ;well done cracker, you did it!
00458253|.E8 8CC0FEFF call 004442E4
00458258|>33C0 xor eax, eax
0045825A|.5A pop edx 1:od载入
2:查找ASCII
3:找到“Well done Cracker, You did it!”双击看反汇编窗口,找到关键CALL下断
4:F9运行程序。输入假码。注册。OD断下后看寄存器窗口。假码和真码出现---OK 原帖由 puti67 于 2008-3-10 23:07 发表 https://www.chinapyg.com/images/common/back.gif
00458144/.55 push ebp//这里F2下断! (输入用户名和假码点击注册会中断在这里)然后用F8单步
00458145|.8BEC mov ebp, esp
00458147|.33C9 xor ecx, ecx
...
谢谢指导,学习一下!!
页:
[1]