- UID
- 35916
注册时间2007-8-31
阅读权限10
最后登录1970-1-1
周游历练
TA的每日心情 | 难过
2015-10-16 15:33 |
|---|
签到天数: 1 天 [LV.1]初来乍到
|
【软件名称】: XnView 1.95 Beta3_多国语言绿色特别版
【下载地址】: https://www.chinapyg.com/viewthr ... &extra=page%3D1
【加壳方式】: ASPack 2.12 -> Alexey Solodovnikov
【使用工具】: PEiD_ch Abstersiver W32dsm OllyICE
【操作平台】: XP
【软件介绍】: 非常棒的图像查看程序。
--------------------------------------------------------------------------------
【详细过程】
来论坛很长时间了,也学到了不少东西,这是我的第一篇破文,主要目的是帮助象我一样的菜鸟们熟悉下工具的用法及步骤!大侠不要见笑!
1.用PEiD查壳---ASPack 2.12 -> Alexey Solodovnikov
2.用Abstersiver(下载地址:http://www.cngr.cn/dir/softdown.asp?softid=24256)---脱壳---Microsoft Visual C++ 6.0
3.先运行一次脱壳后的程序(还行,没出现错误。手动脱壳俺滴技术不行~O(∩_∩)O哈哈~)输入Name: pyg_xiaotao Code: 987987987 点OK出现:Invalid registration(记住了)
4.W32dsm载入---查找文本Invalid registration 到
--------------------------------------------------------------------------------
:0056BBEF 68D0070000 push 000007D0 可以在此设断
:0056BBF4 56 push esi
:0056BBF5 FFD7 call edi
:0056BBF7 8D4C2410 lea ecx, dword ptr [esp+10]
:0056BBFB 6A20 push 00000020
:0056BBFD 51 push ecx
* Possible Reference to Dialog: DialogID_03E9, CONTROL_ID:07D1, ""
:0056BBFE 68D1070000 push 000007D1
:0056BC03 56 push esi
:0056BC04 FFD7 call edi
:0056BC06 8A442470 mov al, byte ptr [esp+70]
:0056BC0A 84C0 test al, al
:0056BC0C 0F843A010000 je 0056BD4C
:0056BC12 8A442410 mov al, byte ptr [esp+10]
:0056BC16 84C0 test al, al
:0056BC18 0F842E010000 je 0056BD4C
:0056BC1E 8D542408 lea edx, dword ptr [esp+08]
:0056BC22 8D442470 lea eax, dword ptr [esp+70]
:0056BC26 52 push edx
:0056BC27 50 push eax
:0056BC28 E8E381F9FF call 00503E10
:0056BC2D 8D4C2418 lea ecx, dword ptr [esp+18]
:0056BC31 51 push ecx
:0056BC32 E87CC40200 call 005980B3
:0056BC37 8B4C2414 mov ecx, dword ptr [esp+14]
:0056BC3B 83C40C add esp, 0000000C
:0056BC3E 3BC8 cmp ecx, eax
:0056BC40 745D je 0056BC9F
:0056BC42 A150F57300 mov eax, dword ptr [0073F550]
:0056BC47 8D542430 lea edx, dword ptr [esp+30]
:0056BC4B 6A40 push 00000040
:0056BC4D 52 push edx
* Possible Reference to String Resource ID=05011: "Invalid registration"
5.用OllyICE载入: 1.) F9---运行
2.) 输入Name: pyg_xiaotao Code: 987987987
3.) Ctrl+G 输入56BBFE
4.) F2设断
0056BBF5 . FFD7 call edi ; \GetDlgItemTextA
0056BBF7 . 8D4C24 10 lea ecx, dword ptr [esp+10]
0056BBFB . 6A 20 push 20 ; /Count = 20 (32.)
0056BBFD . 51 push ecx ; |Buffer
0056BBFE . 68 D1070000 push 7D1 ; | F2下断
0056BC03 . 56 push esi ; |hWnd
0056BC04 . FFD7 call edi ; \GetDlgItemTextA
0056BC06 . 8A4424 70 mov al, byte ptr [esp+70]
0056BC0A . 84C0 test al, al
0056BC0C . 0F84 3A010000 je 0056BD4C
0056BC12 . 8A4424 10 mov al, byte ptr [esp+10]
0056BC16 . 84C0 test al, al
0056BC18 . 0F84 2E010000 je 0056BD4C
0056BC1E . 8D5424 08 lea edx, dword ptr [esp+8]
0056BC22 . 8D4424 70 lea eax, dword ptr [esp+70]
0056BC26 . 52 push edx
0056BC27 . 50 push eax
0056BC28 . E8 E381F9FF call 00503E10
0056BC2D . 8D4C24 18 lea ecx, dword ptr [esp+18]
0056BC31 . 51 push ecx
0056BC32 . E8 7CC40200 call 005980B3
0056BC37 . 8B4C24 14 mov ecx, dword ptr [esp+14]
0056BC3B . 83C4 0C add esp, 0C
0056BC3E . 3BC8 cmp ecx, eax ; 真假码比较 十六进制
0056BC40 . 74 5D je short 0056BC9F
0056BC42 . A1 50F57300 mov eax, dword ptr [73F550]
0056BC47 . 8D5424 30 lea edx, dword ptr [esp+30]
0056BC4B . 6A 40 push 40 ; /Count = 40 (64.)
0056BC4D . 52 push edx ; |Buffer
0056BC4E . 68 93130000 push 1393 ; |RsrcID = STRING "Invalid registration"
0056BC53 . 50 push eax ; |hInst => 00400000
0056BC54 . FF15 84176B00 call dword ptr [<&USER32.LoadSt>; \LoadStringA
0056BC5A . 6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
0056BC5C . 8D4C24 34 lea ecx, dword ptr [esp+34] ; |
给出一个码 Name: pyg_xiaotao Code: 204969200
(算法不会~O(∩_∩)O哈哈~)大侠帮帮写下了,让我等菜鸟共同进步! |
|
IP卡
发表于 2008-10-1 16:52:46
提升卡
置顶卡
变色卡
千斤顶
显身卡