重起验证
最近搞了个软件是要KEY才能注册成功的。搞完后发现本程序是重起验证的,发现是注册表验证的。
终于找到关键点,但跳过注册框,程序出错。
大家给点思路
最近搞了个软件是要KEY才能注册成功的。
搞完后发现本程序是重起验证的,发现是注册表验证的。
终于找到关键点,但跳过注册框,程序出错。
大家给点思路
0040113A .55 PUSH EBP
0040113B .8BEC MOV EBP,ESP
0040113D .81EC 98020000 SUB ESP,298
00401143 .53 PUSH EBX
00401144 .56 PUSH ESI
00401145 .57 PUSH EDI
00401146 .8D85 6CFEFFFF LEA EAX,DWORD PTR SS:
0040114C .68 04010000 PUSH 104 ; /BufSize = 104 (260.)
00401151 .50 PUSH EAX ; |PathBuffer
00401152 .FF75 08 PUSH DWORD PTR SS: ; |hModule
00401155 .33DB XOR EBX,EBX ; |
00401157 .895D FC MOV DWORD PTR SS:,EBX ; |
0040115A .895D F8 MOV DWORD PTR SS:,EBX ; |
0040115D .895D F0 MOV DWORD PTR SS:,EBX ; |
00401160 .FF15 24604000 CALL DWORD PTR DS:[<&kernel32.GetModuleF>; \GetModuleFileNameA
00401166 .53 PUSH EBX ; /hTemplateFile => NULL
00401167 .68 80000000 PUSH 80 ; |Attributes = NORMAL
0040116C .6A 03 PUSH 3 ; |Mode = OPEN_EXISTING
0040116E .53 PUSH EBX ; |pSecurity => NULL
0040116F .6A 01 PUSH 1 ; |ShareMode = FILE_SHARE_READ
00401171 .8D85 6CFEFFFF LEA EAX,DWORD PTR SS: ; |
00401177 .68 00000080 PUSH 80000000 ; |Access = GENERIC_READ
0040117C .50 PUSH EAX ; |FileName
0040117D .FF15 20604000 CALL DWORD PTR DS:[<&kernel32.CreateFile>; \CreateFileA
00401183 .8BF8 MOV EDI,EAX
00401185 .83FF FF CMP EDI,-1
00401188 .75 0C JNZ SHORT 破解版本.00401196
0040118A .C745 FC C0714>MOV DWORD PTR SS:,破解版本.004071>;ASCII "Can't open file!"
00401191 .E9 37030000 JMP 破解版本.004014CD
00401196 >8B35 1C604000 MOV ESI,DWORD PTR DS:[<&kernel32.SetFile>;kernel32.SetFilePointer
0040119C .6A 02 PUSH 2 ; /Origin = FILE_END
0040119E .53 PUSH EBX ; |pOffsetHi
0040119F .6A F8 PUSH -8 ; |OffsetLo = FFFFFFF8 (-8.)
004011A1 .57 PUSH EDI ; |hFile
004011A2 .FFD6 CALL ESI ; \SetFilePointer
004011A4 .3D E8030000 CMP EAX,3E8
004011A9 .8945 F4 MOV DWORD PTR SS:,EAX
004011AC .0F82 FD020000 JB 破解版本.004014AF
004011B2 .8D45 E4 LEA EAX,DWORD PTR SS:
004011B5 .53 PUSH EBX ; /pOverlapped
004011B6 .50 PUSH EAX ; |pBytesRead
004011B7 .8D45 DC LEA EAX,DWORD PTR SS: ; |
004011BA .6A 08 PUSH 8 ; |BytesToRead = 8
004011BC .50 PUSH EAX ; |Buffer
004011BD .57 PUSH EDI ; |hFile
004011BE .895D E4 MOV DWORD PTR SS:,EBX ; |
004011C1 .FF15 18604000 CALL DWORD PTR DS:[<&kernel32.ReadFile>] ; \ReadFile
004011C7 .85C0 TEST EAX,EAX
004011C9 .0F84 E9020000 JE 破解版本.004014B8
004011CF .837D E4 08 CMP DWORD PTR SS:,8
004011D3 .0F85 DF020000 JNZ 破解版本.004014B8
004011D9 .8B45 DC MOV EAX,DWORD PTR SS:
004011DC .817D E0 A5B79>CMP DWORD PTR SS:,829AB7A5
004011E3 .8945 08 MOV DWORD PTR SS:,EAX
004011E6 .0F85 C3020000 JNZ 破解版本.004014AF
004011EC .83F8 04 CMP EAX,4
004011EF .0F8C BA020000 JL 破解版本.004014AF
004011F5 .3B45 F4 CMP EAX,DWORD PTR SS:
004011F8 .0F8D B1020000 JGE 破解版本.004014AF
004011FE .50 PUSH EAX
004011FF .E8 32220000 CALL 破解版本.00403436
00401204 .3BC3 CMP EAX,EBX
00401206 .59 POP ECX
00401207 .8945 F8 MOV DWORD PTR SS:,EAX
0040120A .0F84 07010000 JE 破解版本.00401317
00401210 .6A 02 PUSH 2
00401212 .53 PUSH EBX
00401213 .6A F8 PUSH -8
00401215 .895D E8 MOV DWORD PTR SS:,EBX
00401218 .58 POP EAX
00401219 .2B45 08 SUB EAX,DWORD PTR SS:
0040121C .50 PUSH EAX
0040121D .57 PUSH EDI
0040121E .FFD6 CALL ESI
00401220 .83F8 FF CMP EAX,-1
00401223 .0F84 7D020000 JE 破解版本.004014A6
00401229 .8B75 F8 MOV ESI,DWORD PTR SS:
0040122C .8D45 E8 LEA EAX,DWORD PTR SS:
0040122F .53 PUSH EBX ; /pOverlapped
00401230 .50 PUSH EAX ; |pBytesRead
00401231 .FF75 08 PUSH DWORD PTR SS: ; |BytesToRead
00401234 .56 PUSH ESI ; |Buffer
00401235 .57 PUSH EDI ; |hFile
00401236 .FF15 18604000 CALL DWORD PTR DS:[<&kernel32.ReadFile>] ; \ReadFile
0040123C .85C0 TEST EAX,EAX
0040123E .0F84 62020000 JE 破解版本.004014A6
00401244 .8B45 08 MOV EAX,DWORD PTR SS:
00401247 .3945 E8 CMP DWORD PTR SS:,EAX
0040124A .0F85 56020000 JNZ 破解版本.004014A6
00401250 .813E A5B79A82 CMP DWORD PTR DS:,829AB7A5
00401256 .0F85 4A020000 JNZ 破解版本.004014A6
0040125C .8D85 6CFEFFFF LEA EAX,DWORD PTR SS:
00401262 .83C6 04 ADD ESI,4
00401265 .50 PUSH EAX ; /Buffer
00401266 .68 04010000 PUSH 104 ; |BufSize = 104 (260.)
0040126B .FF15 14604000 CALL DWORD PTR DS:[<&kernel32.GetTempPat>; \GetTempPathA
00401271 .85C0 TEST EAX,EAX
00401273 .75 0C JNZ SHORT 破解版本.00401281
00401275 .C745 FC 98714>MOV DWORD PTR SS:,破解版本.004071>;ASCII "Can't retrieve the temporary directory!"
0040127C .E9 3E020000 JMP 破解版本.004014BF
00401281 >8B06 MOV EAX,DWORD PTR DS:
00401283 .83C6 04 ADD ESI,4
00401286 .50 PUSH EAX ; /<%X>
00401287 .8D85 70FFFFFF LEA EAX,DWORD PTR SS: ; |
0040128D .68 90714000 PUSH 破解版本.00407190 ; |Format = "E_%X"
00401292 .50 PUSH EAX ; |s
00401293 .FF15 B0604000 CALL DWORD PTR DS:[<&user32.wsprintfA>]; \wsprintfA
00401299 .8D85 70FFFFFF LEA EAX,DWORD PTR SS:
0040129F .50 PUSH EAX
004012A0 .8D85 6CFEFFFF LEA EAX,DWORD PTR SS:
004012A6 .50 PUSH EAX
004012A7 .E8 24200000 CALL 破解版本.004032D0
004012AC .83C4 14 ADD ESP,14
004012AF .8D85 6CFEFFFF LEA EAX,DWORD PTR SS:
004012B5 .53 PUSH EBX ; /pSecurity
004012B6 .50 PUSH EAX ; |Path
004012B7 .FF15 10604000 CALL DWORD PTR DS:[<&kernel32.CreateDire>; \CreateDirectoryA
004012BD .8D85 6CFEFFFF LEA EAX,DWORD PTR SS:
004012C3 .68 8C714000 PUSH 破解版本.0040718C
004012C8 .50 PUSH EAX
004012C9 .E8 02200000 CALL 破解版本.004032D0
004012CE .FF36 PUSH DWORD PTR DS:
004012D0 .836D 08 0C SUB DWORD PTR SS:,0C
004012D4 .8D7E 04 LEA EDI,DWORD PTR DS:
004012D7 .FF75 08 PUSH DWORD PTR SS:
004012DA .57 PUSH EDI
004012DB .E8 39FEFFFF CALL 破解版本.00401119
004012E0 .836D 08 08 SUB DWORD PTR SS:,8
004012E4 .8B47 04 MOV EAX,DWORD PTR DS:
004012E7 .83C4 14 ADD ESP,14
004012EA .395D 08 CMP DWORD PTR SS:,EBX
004012ED .8945 EC MOV DWORD PTR SS:,EAX
004012F0 .0F8E A7010000 JLE 破解版本.0040149D
004012F6 .813F 0D0F3E03 CMP DWORD PTR DS:,33E0F0D
004012FC .0F85 9B010000 JNZ 破解版本.0040149D
00401302 .3BC3 CMP EAX,EBX
00401304 .0F8E 93010000 JLE 破解版本.0040149D
0040130A .50 PUSH EAX
0040130B .E8 26210000 CALL 破解版本.00403436
00401310 .8BF0 MOV ESI,EAX
00401312 .59 POP ECX
00401313 .3BF3 CMP ESI,EBX
00401315 .75 0C JNZ SHORT 破解版本.00401323
00401317 >C745 FC 74714>MOV DWORD PTR SS:,破解版本.004071>;ASCII "Insufficient memory!"
0040131E .E9 9C010000 JMP 破解版本.004014BF
00401323 >FF75 08 PUSH DWORD PTR SS:
00401326 .83C7 08 ADD EDI,8
00401329 .8D45 EC LEA EAX,DWORD PTR SS:
0040132C .57 PUSH EDI
0040132D .50 PUSH EAX
0040132E .56 PUSH ESI
0040132F .E8 E71E0000 CALL 破解版本.0040321B
00401334 .83C4 10 ADD ESP,10
00401337 .85C0 TEST EAX,EAX
00401339 .74 13 JE SHORT 破解版本.0040134E
0040133B .56 PUSH ESI
0040133C .E8 EA200000 CALL 破解版本.0040342B
00401341 .59 POP ECX
00401342 .C745 FC 58714>MOV DWORD PTR SS:,破解版本.004071>;ASCII "Failed to decompress data!"
00401349 .E9 71010000 JMP 破解版本.004014BF
0040134E >FF75 F8 PUSH DWORD PTR SS:
00401351 .E8 D5200000 CALL 破解版本.0040342B
00401356 .8B45 EC MOV EAX,DWORD PTR SS:
00401359 .59 POP ECX
0040135A .03C6 ADD EAX,ESI
0040135C .8975 F8 MOV DWORD PTR SS:,ESI
0040135F .3BF0 CMP ESI,EAX
00401361 .8945 F4 MOV DWORD PTR SS:,EAX
00401364 .885D A4 MOV BYTE PTR SS:,BL
00401367 .0F83 B4000000 JNB 破解版本.00401421 ;...
0040136D >8BFE MOV EDI,ESI
0040136F .56 PUSH ESI
00401370 .897D 08 MOV DWORD PTR SS:,EDI
00401373 .E8 38200000 CALL 破解版本.004033B0
00401378 .C70424 4C7140>MOV DWORD PTR SS:,破解版本.0040714C ;ASCII "krnln.fnr"
0040137F .57 PUSH EDI
00401380 .8D7406 01 LEA ESI,DWORD PTR DS:
00401384 .E8 47480000 CALL 破解版本.00405BD0
00401389 .59 POP ECX
0040138A .85C0 TEST EAX,EAX
0040138C .59 POP ECX
0040138D .74 11 JE SHORT 破解版本.004013A0
0040138F .68 40714000 PUSH 破解版本.00407140 ;ASCII "krnln.fne"
00401394 .57 PUSH EDI
00401395 .E8 36480000 CALL 破解版本.00405BD0
0040139A .59 POP ECX
0040139B .85C0 TEST EAX,EAX
0040139D .59 POP ECX
0040139E .75 0C JNZ SHORT 破解版本.004013AC
004013A0 >8D45 A4 LEA EAX,DWORD PTR SS:
004013A3 .57 PUSH EDI
004013A4 .50 PUSH EAX
004013A5 .E8 161F0000 CALL 破解版本.004032C0
004013AA .59 POP ECX
004013AB .59 POP ECX
004013AC >8B3E MOV EDI,DWORD PTR DS:
004013AE .8D85 6CFEFFFF LEA EAX,DWORD PTR SS:
004013B4 .50 PUSH EAX
004013B5 .8D85 68FDFFFF LEA EAX,DWORD PTR SS:
004013BB .50 PUSH EAX
004013BC .83C6 04 ADD ESI,4
004013BF .E8 FC1E0000 CALL 破解版本.004032C0
004013C4 .FF75 08 PUSH DWORD PTR SS:
004013C7 .8D85 68FDFFFF LEA EAX,DWORD PTR SS:
004013CD .50 PUSH EAX
004013CE .E8 FD1E0000 CALL 破解版本.004032D0
004013D3 .83C4 10 ADD ESP,10
004013D6 .8D85 68FDFFFF LEA EAX,DWORD PTR SS:
004013DC .53 PUSH EBX ; /hTemplateFile
004013DD .68 80000000 PUSH 80 ; |Attributes = NORMAL
004013E2 .6A 02 PUSH 2 ; |Mode = CREATE_ALWAYS
004013E4 .53 PUSH EBX ; |pSecurity
004013E5 .53 PUSH EBX ; |ShareMode
004013E6 .68 00000040 PUSH 40000000 ; |Access = GENERIC_WRITE
004013EB .50 PUSH EAX ; |FileName
004013EC .FF15 20604000 CALL DWORD PTR DS:[<&kernel32.CreateFile>; \CreateFileA
004013F2 .83F8 FF CMP EAX,-1
004013F5 .8945 08 MOV DWORD PTR SS:,EAX
004013F8 .74 17 JE SHORT 破解版本.00401411
004013FA .8D4D D8 LEA ECX,DWORD PTR SS:
004013FD .53 PUSH EBX ; /pOverlapped
004013FE .51 PUSH ECX ; |pBytesWritten
004013FF .57 PUSH EDI ; |nBytesToWrite
00401400 .56 PUSH ESI ; |Buffer
00401401 .50 PUSH EAX ; |hFile
00401402 .FF15 0C604000 CALL DWORD PTR DS:[<&kernel32.WriteFile>>; \WriteFile
00401408 .FF75 08 PUSH DWORD PTR SS: ; /hObject
0040140B .FF15 08604000 CALL DWORD PTR DS:[<&kernel32.CloseHandl>; \CloseHandle
00401411 >03F7 ADD ESI,EDI
00401413 .3B75 F4 CMP ESI,DWORD PTR SS:
00401416 ^ 0F82 51FFFFFF JB 破解版本.0040136D
0040141C .385D A4 CMP BYTE PTR SS:,BL
0040141F .75 0C JNZ SHORT 破解版本.0040142D
00401421 >C745 FC 20714>MOV DWORD PTR SS:,破解版本.004071>;ASCII "Not found the kernel library!"
00401428 .E9 92000000 JMP 破解版本.004014BF
0040142D >8D85 6CFEFFFF LEA EAX,DWORD PTR SS:
00401433 .50 PUSH EAX
00401434 .8D85 68FDFFFF LEA EAX,DWORD PTR SS:
0040143A .50 PUSH EAX
0040143B .E8 801E0000 CALL 破解版本.004032C0
00401440 .8D45 A4 LEA EAX,DWORD PTR SS:
00401443 .50 PUSH EAX
00401444 .8D85 68FDFFFF LEA EAX,DWORD PTR SS:
0040144A .50 PUSH EAX
0040144B .E8 801E0000 CALL 破解版本.004032D0
00401450 .83C4 10 ADD ESP,10
00401453 .8D85 68FDFFFF LEA EAX,DWORD PTR SS:
00401459 50 PUSH EAX ; /FileName
0040145A FF15 04604000 CALL DWORD PTR DS:[<&kernel32.LoadLibrar>; \LoadLibraryA CALL运行了一下
00401460 .3BC3 CMP EAX,EBX
00401462 .75 09 JNZ SHORT 破解版本.0040146D
00401464 .C745 FC 00714>MOV DWORD PTR SS:,破解版本.004071>;ASCII "Failed to load kernel library!"
0040146B .EB 52 JMP SHORT 破解版本.004014BF
0040146D >68 F4704000 PUSH 破解版本.004070F4 ; /ProcNameOrOrdinal = "GetNewSock"
00401472 .50 PUSH EAX ; |hModule
00401473 .FF15 00604000 CALL DWORD PTR DS:[<&kernel32.GetProcAdd>; \GetProcAddress
00401479 .3BC3 CMP EAX,EBX
0040147B .75 09 JNZ SHORT 破解版本.00401486
0040147D .C745 FC D4704>MOV DWORD PTR SS:,破解版本.004070>;ASCII "The kernel library is invalid!"
00401484 .EB 39 JMP SHORT 破解版本.004014BF
00401486 >68 E8030000 PUSH 3E8
0040148B .FFD0 CALL EAX
0040148D .3BC3 CMP EAX,EBX
0040148F .8945 F0 MOV DWORD PTR SS:,EAX
00401492 .75 2B JNZ SHORT 破解版本.004014BF
00401494 .C745 FC A8704>MOV DWORD PTR SS:,破解版本.004070>;ASCII "The inte**ce of kernel library is invalid!"
0040149B .EB 22 JMP SHORT 破解版本.004014BF
0040149D >C745 FC 8C704>MOV DWORD PTR SS:,破解版本.004070>;ASCII "Invalid data in the file!"
004014A4 .EB 19 JMP SHORT 破解版本.004014BF
004014A6 >C745 FC 5C704>MOV DWORD PTR SS:,破解版本.004070>;ASCII "Failed to read file or invalid data in file!"
004014AD .EB 10 JMP SHORT 破解版本.004014BF
004014AF >C745 FC 8C704>MOV DWORD PTR SS:,破解版本.004070>;ASCII "Invalid data in the file!"
004014B6 .EB 15 JMP SHORT 破解版本.004014CD
004014B8 >C745 FC 38704>MOV DWORD PTR SS:,破解版本.004070>;ASCII "Failed to read data from the file!"
004014BF >395D F8 CMP DWORD PTR SS:,EBX
004014C2 .74 09 JE SHORT 破解版本.004014CD
004014C4 .FF75 F8 PUSH DWORD PTR SS:
004014C7 E8 5F1F0000 CALL 破解版本.0040342B
004014CC .59 POP ECX
004014CD 395D FC CMP DWORD PTR SS:,EBX
004014D0 75 13 JNZ SHORT 破解版本.004014E5
004014D2 .8B45 F0 MOV EAX,DWORD PTR SS:
004014D5 .E8 00000000 CALL 破解版本.004014DA
004014DA $810424 267B00>ADD DWORD PTR SS:,7B26
004014E1 .FFD0 CALL EAX ;注册筐出现
004014E3 .EB 11 JMP SHORT 破解版本.004014F6
004014E5 >6A 10 PUSH 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
004014E7 .68 30704000 PUSH 破解版本.00407030 ; |Title = "Error"
004014EC .FF75 FC PUSH DWORD PTR SS: ; |Text
004014EF .53 PUSH EBX ; |hOwner
004014F0 FF15 AC604000 CALL DWORD PTR DS:[<&user32.MessageBoxA>>; \MessageBoxA 提示EROOR错误
004014F6 >5F POP EDI
004014F7 .5E POP ESI
004014F8 .33C0 XOR EAX,EAX
004014FA .5B POP EBX
004014FB .C9 LEAVE
004014FC .C2 1000 RETN 10 推出程序
这是地址大家帮看下:http://www.namipan.com/d/ac363ef63df483c95d95f94eaecfb0016c0a90062d413900(纳米盘)
[ 本帖最后由 a13639875277 于 2008-9-17 11:07 编辑 ] 跳转前的CALL跟下看,可能有多处调用、验证 学习之中。/:good /:good
楼上的大哥 你学到什么了??
楼主好象是想要大家给点思路吧~!这你也能学习 真强 大大们给点思路吧 破解步骤就是这样。要自己动手哦。 为了不让你偷懒~ 你得自己从头开搞~ 应该给个破文,我们也好学习 已经有方法了。跟着做就可以了啊 重起验证见了就怕啊 学习下了:loveliness: 破文地址 https://www.chinapyg.com/viewthread.php?tid=38794&extra=page%3D1
页:
[1]