XnView 1.95 Beta3_多国语言绿色特别版
【软件名称】: XnView 1.95 Beta3_多国语言绿色特别版【下载地址】: https://www.chinapyg.com/viewthread.php?tid=39635&extra=page%3D1
【加壳方式】: ASPack 2.12 -> Alexey Solodovnikov
【使用工具】: PEiD_chAbstersiver W32dsm OllyICE
【操作平台】: XP
【软件介绍】: 非常棒的图像查看程序。
--------------------------------------------------------------------------------
【详细过程】
来论坛很长时间了,也学到了不少东西,这是我的第一篇破文,主要目的是帮助象我一样的菜鸟们熟悉下工具的用法及步骤!大侠不要见笑!
1.用PEiD查壳---ASPack 2.12 -> Alexey Solodovnikov
2.用Abstersiver(下载地址:http://www.cngr.cn/dir/softdown.asp?softid=24256)---脱壳---Microsoft Visual C++ 6.0
3.先运行一次脱壳后的程序(还行,没出现错误。手动脱壳俺滴技术不行~O(∩_∩)O哈哈~)输入Name: pyg_xiaotaoCode: 987987987 点OK出现:Invalid registration(记住了)
4.W32dsm载入---查找文本Invalid registration 到
--------------------------------------------------------------------------------
:0056BBEF 68D0070000 push 000007D0 可以在此设断
:0056BBF4 56 push esi
:0056BBF5 FFD7 call edi
:0056BBF7 8D4C2410 lea ecx, dword ptr
:0056BBFB 6A20 push 00000020
:0056BBFD 51 push ecx
* Possible Reference to Dialog: DialogID_03E9, CONTROL_ID:07D1, ""
:0056BBFE 68D1070000 push 000007D1
:0056BC03 56 push esi
:0056BC04 FFD7 call edi
:0056BC06 8A442470 mov al, byte ptr
:0056BC0A 84C0 test al, al
:0056BC0C 0F843A010000 je 0056BD4C
:0056BC12 8A442410 mov al, byte ptr
:0056BC16 84C0 test al, al
:0056BC18 0F842E010000 je 0056BD4C
:0056BC1E 8D542408 lea edx, dword ptr
:0056BC22 8D442470 lea eax, dword ptr
:0056BC26 52 push edx
:0056BC27 50 push eax
:0056BC28 E8E381F9FF call 00503E10
:0056BC2D 8D4C2418 lea ecx, dword ptr
:0056BC31 51 push ecx
:0056BC32 E87CC40200 call 005980B3
:0056BC37 8B4C2414 mov ecx, dword ptr
:0056BC3B 83C40C add esp, 0000000C
:0056BC3E 3BC8 cmp ecx, eax
:0056BC40 745D je 0056BC9F
:0056BC42 A150F57300 mov eax, dword ptr
:0056BC47 8D542430 lea edx, dword ptr
:0056BC4B 6A40 push 00000040
:0056BC4D 52 push edx
* Possible Reference to String Resource ID=05011: "Invalid registration"
5.用OllyICE载入: 1.)F9---运行
2.)输入Name: pyg_xiaotaoCode: 987987987
3.)Ctrl+G 输入56BBFE
4.)F2设断
0056BBF5 .FFD7 call edi ; \GetDlgItemTextA
0056BBF7 .8D4C24 10 lea ecx, dword ptr
0056BBFB .6A 20 push 20 ; /Count = 20 (32.)
0056BBFD .51 push ecx ; |Buffer
0056BBFE .68 D1070000 push 7D1 ; | F2下断
0056BC03 .56 push esi ; |hWnd
0056BC04 .FFD7 call edi ; \GetDlgItemTextA
0056BC06 .8A4424 70 mov al, byte ptr
0056BC0A .84C0 test al, al
0056BC0C .0F84 3A010000 je 0056BD4C
0056BC12 .8A4424 10 mov al, byte ptr
0056BC16 .84C0 test al, al
0056BC18 .0F84 2E010000 je 0056BD4C
0056BC1E .8D5424 08 lea edx, dword ptr
0056BC22 .8D4424 70 lea eax, dword ptr
0056BC26 .52 push edx
0056BC27 .50 push eax
0056BC28 .E8 E381F9FF call 00503E10
0056BC2D .8D4C24 18 lea ecx, dword ptr
0056BC31 .51 push ecx
0056BC32 .E8 7CC40200 call 005980B3
0056BC37 .8B4C24 14 mov ecx, dword ptr
0056BC3B .83C4 0C add esp, 0C
0056BC3E .3BC8 cmp ecx, eax ; 真假码比较 十六进制
0056BC40 .74 5D je short 0056BC9F
0056BC42 .A1 50F57300 mov eax, dword ptr
0056BC47 .8D5424 30 lea edx, dword ptr
0056BC4B .6A 40 push 40 ; /Count = 40 (64.)
0056BC4D .52 push edx ; |Buffer
0056BC4E .68 93130000 push 1393 ; |RsrcID = STRING "Invalid registration"
0056BC53 .50 push eax ; |hInst => 00400000
0056BC54 .FF15 84176B00 call dword ptr [<&USER32.LoadSt>; \LoadStringA
0056BC5A .6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
0056BC5C .8D4C24 34 lea ecx, dword ptr ; |
给出一个码 Name: pyg_xiaotaoCode: 204969200
(算法不会~O(∩_∩)O哈哈~)大侠帮帮写下了,让我等菜鸟共同进步!
页:
[1]