各位高手看看这段代码该如何破掉
一个软件需要注册,加了一款壳 已经手脱了。。。破解还不会。还望高手指导啊!* Possible StringData Ref from Code Obj ->"test"
|
:00505622 BAA8565000 mov edx, 005056A8
:00505627 E800F5EFFF call 00404B2C
:0050562C 743C je 0050566A
:0050562E 8D55F0 lea edx, dword ptr
:00505631 8B8340030000 mov eax, dword ptr
:00505637 E8B42FF7FF call 004785F0
:0050563C 8B45F0 mov eax, dword ptr
:0050563F 8D55FC lea edx, dword ptr
:00505642 E8D134F0FF call 00408B18
:00505647 8B45FC mov eax, dword ptr
:0050564A E891F3EFFF call 004049E0
:0050564F 83F820 cmp eax, 00000020
:00505652 740C je 00505660
* Possible StringData Ref from Code Obj ->"注册码错误"
|
:00505654 B8B8565000 mov eax, 005056B8
:00505659 E8020EF3FF call 00436460
:0050565E EB0A jmp 0050566A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00505652(C)
|
* Possible StringData Ref from Code Obj ->"注册码错误"
|
:00505660 B8B8565000 mov eax, 005056B8
:00505665 E8F60DF3FF call 00436460
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0050562C(C), :0050565E(U)
|
:0050566A 33C0 xor eax, eax
:0050566C 5A pop edx
:0050566D 59 pop ecx
:0050566E 59 pop ecx
:0050566F 648910 mov dword ptr fs:, edx
:00505672 6899565000 push 00505699
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00505697(U)
|
:00505677 8D45F0 lea eax, dword ptr
:0050567A BA02000000 mov edx, 00000002
:0050567F E8C0F0EFFF call 00404744
:00505684 8D45F8 lea eax, dword ptr
:00505687 BA02000000 mov edx, 00000002
:0050568C E8B3F0EFFF call 00404744
:00505691 C3 ret
:00505692 E9E9E9EFFF jmp 00404080
:00505697 EBDE jmp 00505677
:00505699 5B pop ebx
:0050569A 8BE5 mov esp, ebp
:0050569C 5D pop ebp
:0050569D C3 ret
:0050569E 0000 BYTE 2 DUP(0)
:005056A0 FFFFFFFF BYTE4 DUP(0ffh)
:005056A4 0400 add al, 00
:005056A6 0000 add byte ptr , al
:005056A8 7465 je 0050570F
:005056AA 7374 jnb 00505720
:005056AC 00000000 BYTE4 DUP(0)
:005056B0 FFFFFFFF BYTE4 DUP(0ffh)
:005056B4 0A00 or al, byte ptr
:005056B6 0000 add byte ptr , al
:005056B8 D7 xlat
:005056B9 A2B2E1C2EB mov byte ptr , al
:005056BE B4ED mov ah, ED
:005056C0 CE into
:005056C1 F3 repz
:005056C2 0000 add byte ptr , al
:005056C4 55 push ebp
:005056C5 8BEC mov ebp, esp
:005056C7 81C42CFEFFFF add esp, FFFFFE2C
:005056CD 33C9 xor ecx, ecx
:005056CF 898D2CFEFFFF mov dword ptr , ecx
:005056D5 894DFC mov dword ptr , ecx
:005056D8 33C0 xor eax, eax
:005056DA 55 push ebp
:005056DB 6896575000 push 00505796
:005056E0 64FF30 push dword ptr fs:
:005056E3 648920 mov dword ptr fs:, esp
:005056E6 8D45FC lea eax, dword ptr
* Possible StringData Ref from Code Obj ->"c:\xxxx\xxxx.ini"
|
:005056E9 BAAC575000 mov edx, 005057AC
:005056EE E8C5F0EFFF call 004047B8
:005056F3 8B45FC mov eax, dword ptr
:005056F6 E8A13DF0FF call 0040949C
:005056FB 84C0 test al, al
:005056FD 750D jne 0050570C
:005056FF 8B45FC mov eax, dword ptr
:00505702 E8693CF0FF call 00409370
:00505707 E8203DF0FF call 0040942C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005056FD(C)
|
:0050570C 8B55FC mov edx, dword ptr
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005056A8(C)
|
:0050570F 8D8530FEFFFF lea eax, dword ptr
:00505715 E85AD7EFFF call 00402E74
:0050571A 8D8530FEFFFF lea eax, dword ptr
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005056AA(C)
|
:00505720 E8EBD4EFFF call 00402C10
:00505725 E8DAD1EFFF call 00402904
:0050572A 8D952CFEFFFF lea edx, dword ptr
:00505730 A128CF5000 mov eax, dword ptr
:00505735 8B8064030000 mov eax, dword ptr
:0050573B E8B02EF7FF call 004785F0
:00505740 8B952CFEFFFF mov edx, dword ptr
:00505746 8D8530FEFFFF lea eax, dword ptr
:0050574C E8ABF6EFFF call 00404DFC
:00505751 E8FEDBEFFF call 00403354
:00505756 E8A9D1EFFF call 00402904
:0050575B 8D8530FEFFFF lea eax, dword ptr
:00505761 E8D6D7EFFF call 00402F3C
:00505766 E899D1EFFF call 00402904
* Possible StringData Ref from Code Obj ->"保存成功!"
|
:0050576B B8D8575000 mov eax, 005057D8
:00505770 E8EB0CF3FF call 00436460
:00505775 33C0 xor eax, eax
:00505777 5A pop edx
:00505778 59 pop ecx
:00505779 59 pop ecx
:0050577A 648910 mov dword ptr fs:, edx
:0050577D 689D575000 push 0050579D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0050579B(U)
|
:00505782 8D852CFEFFFF lea eax, dword ptr
:00505788 E893EFEFFF call 00404720
:0050578D 8D45FC lea eax, dword ptr
:00505790 E88BEFEFFF call 00404720
:00505795 C3 ret
:00505796 E9E5E8EFFF jmp 00404080
:0050579B EBE5 jmp 00505782
:0050579D 8BE5 mov esp, ebp
:0050579F 5D pop ebp
:005057A0 C3 ret
:005057A1 000000 BYTE3 DUP(0)
:005057A4 FFFFFFFF BYTE4 DUP(0ffh)
:005057A8 2300 and eax, dword ptr
:005057AA 0000 add byte ptr , al
:005057AC 633A arpl dword ptr , edi
:005057AE 5C pop esp
:005057AF 636869 arpl dword ptr , ebp
:005057B2 6E outsb
:005057B3 61 popad
:005057B4 2D64726D5C sub eax, 5C6D7264
:005057B9 65 BYTE 065h
:005057BA 6E outsb
:005057BB 636F64 arpl dword ptr , ebp
:005057BE 65 BYTE 065h
:005057BF 65 BYTE 065h
:005057C0 7865 js 00505827
:005057C2 706C jo 00505830
:005057C4 61 popad
:005057C5 7974 jns 0050583B
:005057C7 697368692E696E imul esi, dword ptr , 6E692E69
:005057CE 6900FFFFFFFF imul eax, dword ptr , FFFFFFFF
:005057D4 0900 or dword ptr , eax
:005057D6 0000 add byte ptr , al
:005057D8 B1A3 mov cl, A3
:005057DA B4E6 mov ah, E6
:005057DC B3C9 mov bl, C9
:005057DE B9A6210000 mov ecx, 000021A6
:005057E3 00538B add byte ptr , dl
:005057E6 D88B83980300 fmul dword ptr
:005057EC 008B10FF92C8 add byte ptr , cl
:005057F2 000000 BYTE3 DUP(0)
0050562C 改成 EB3C 试试 原帖由 Luckly 于 2009-2-14 20:20 发表 https://www.chinapyg.com/images/common/back.gif
0050562C 改成 EB3C 试试
winhex 修改掉吗! 用od跟着走一遍,把跳转修改就行了 :0050562C 743C je 0050566A
这一句应该是关键点吧 楼主最好能把程序说一下~用OD动态看一下 此程序为 EXE格式视频专用加密器(最新版V4.0)
下载地址http://www.china-drm.com/doc/EXELXEncrypt.asp
高手们试试.
页:
[1]