破解成功助理5.1 代码分析
00862302 E8 A9AED1FF call aaa.0057D1B000862307 A1 441B8B00 mov eax,dword ptr ds:
0086230C E8 A72FBAFF call aaa.004052B8
00862311 83F8 03 cmp eax,3
00862314 7E 42 jle short aaa.00862358 NOP掉
00862316 A1 481B8B00 mov eax,dword ptr ds:
0086231B E8 982FBAFF call aaa.004052B8
00862320 83F8 10 cmp eax,10
00862323 75 33 jnz short aaa.00862358 NOP掉
00862325 8B45 E4 mov eax,dword ptr ss:
00862328 E8 8B2FBAFF call aaa.004052B8
0086232D 83F8 10 cmp eax,10
00862330 75 26 jnz short aaa.00862358 NOP掉
00862332 A1 481B8B00 mov eax,dword ptr ds:
00862337 8B55 E4 mov edx,dword ptr ss:
0086233A E8 C530BAFF call aaa.00405404
0086233F 75 17 jnz short aaa.00862358NOP掉
00862341 8D55 E8 lea edx,dword ptr ss:
00862344 8B45 FC mov eax,dword ptr ss:
00862347 E8 68510000 call aaa.008674B4
0086234C C605 5E1B8B00>mov byte ptr ds:,1
00862353 E9 DD000000 jmp aaa.00862435
仅这几个地方进行NOP掉就可以了,具体原因
在下也不明知,望有能力的人帮助分析,感谢.以上代码由m718195提供, 我已做了此项操作,时间BUG没有去掉, 00405404/$53 push ebx
00405405|.56 push esi
00405406|.57 push edi
00405407|.89C6 mov esi, eax
00405409|.89D7 mov edi, edx
0040540B|.39D0 cmp eax, edx
0040540D|.0F84 8F000000 je 004054A2
00405413|.85F6 test esi, esi
00405415|.74 68 je short 0040547F
00405417|.85FF test edi, edi
00405419|.74 6B je short 00405486
0040541B|.8B46 FC mov eax, dword ptr
0040541E|.8B57 FC mov edx, dword ptr
00405421|.29D0 sub eax, edx
00405423|.77 02 ja short 00405427
00405425|.01C2 add edx, eax
00405427|>52 push edx
00405428|.C1EA 02 shr edx, 2
0040542B|.74 26 je short 00405453
0040542D|>8B0E /mov ecx, dword ptr
0040542F|.8B1F |mov ebx, dword ptr
00405431|.39D9 |cmp ecx, ebx
00405433|.75 58 |jnz short 0040548D
00405435|.4A |dec edx
00405436|.74 15 |je short 0040544D
00405438|.8B4E 04 |mov ecx, dword ptr
0040543B|.8B5F 04 |mov ebx, dword ptr
0040543E|.39D9 |cmp ecx, ebx
00405440|.75 4B |jnz short 0040548D
00405442|.83C6 08 |add esi, 8
00405445|.83C7 08 |add edi, 8
00405448|.4A |dec edx
00405449|.^ 75 E2 \jnz short 0040542D
0040544B|.EB 06 jmp short 00405453
0040544D|>83C6 04 add esi, 4
00405450|.83C7 04 add edi, 4
00405453|>5A pop edx
00405454|.83E2 03 and edx, 3
00405457|.74 22 je short 0040547B
00405459|.8B0E mov ecx, dword ptr
0040545B|.8B1F mov ebx, dword ptr
0040545D|.38D9 cmp cl, bl
0040545F|.75 41 jnz short 004054A2
00405461|.4A dec edx
00405462|.74 17 je short 0040547B
00405464|.38FD cmp ch, bh
00405466|.75 3A jnz short 004054A2
00405468|.4A dec edx
00405469|.74 10 je short 0040547B
0040546B|.81E3 0000FF00 and ebx, 0FF0000
00405471|.81E1 0000FF00 and ecx, 0FF0000
00405477|.39D9 cmp ecx, ebx
00405479|.75 27 jnz short 004054A2
0040547B|>01C0 add eax, eax
0040547D|.EB 23 jmp short 004054A2
0040547F|>8B57 FC mov edx, dword ptr
00405482|.29D0 sub eax, edx
00405484|.EB 1C jmp short 004054A2
00405486|>8B46 FC mov eax, dword ptr
00405489|.29D0 sub eax, edx
0040548B|.EB 15 jmp short 004054A2
0040548D|>5A pop edx
0040548E|.38D9 cmp cl, bl
00405490|.75 10 jnz short 004054A2
00405492|.38FD cmp ch, bh
00405494|.75 0C jnz short 004054A2
00405496|.C1E9 10 shr ecx, 10
00405499|.C1EB 10 shr ebx, 10
0040549C|.38D9 cmp cl, bl
0040549E|.75 02 jnz short 004054A2
004054A0|.38FD cmp ch, bh
004054A2|>5F pop edi
004054A3|.5E pop esi
004054A4|.5B pop ebx
004054A5\.C3 retn
这段应该是判断注册码的! 00842AF8 .64:FF30 push dword ptr fs:
00842AFB .64:8920 mov dword ptr fs:, esp
00842AFE .8B45 F8 mov eax, dword ptr
00842B01 .E8 B227BCFF call 004052B8
00842B06 .83F8 03 cmp eax, 3 //判断,如果用户名或密码为空则跳
00842B09 .0F8E 85040000 jle 00842F94
00842B0F .8B45 F4 mov eax, dword ptr
00842B12 .E8 A127BCFF call 004052B8
00842B17 .83F8 10 cmp eax, 10//判断,如果密码不为16位则跳
00842B1A .0F85 74040000 jnz 00842F94
00842B20 .8D4D DC lea ecx, dword ptr
00842B23 .8B55 F4 mov edx, dword ptr
00842B26 .8B45 F8 mov eax, dword ptr
00842B29 .E8 82A6D3FF call 0057D1B0
00842B2E .8B55 DC mov edx, dword ptr
00842B31 .8B45 F4 mov eax, dword ptr 直接爆破了~~~但是对于注册码的生成还不是很了解!希望有高手能写一下!
attachimg]50403
[ 本帖最后由 zeknight 于 2010-5-13 13:16 编辑 ] 是不是会有时间提示暂时还无法得知~~正在试验! 写的 很好
学习下
页:
[1]