TA的每日心情 | 慵懒
2018-6-6 15:51 |
|---|
签到天数: 2 天 [LV.1]初来乍到
|
很少发破解过程,今天发的也是一个大概的记录,因为软件得到注册码后,注册了不知道怎么把注册信息删掉,加上到深夜了,一时激动先把记得的发上来和大家一起学习,(知道怎么删除注册信息的麻烦告诉我一声)。以下只是大概的过程和思路,有不妥之处请高手指正。
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
载入OD运行软件
对软件下断点MessageBoxExW下断
输入用户名:glts和错误的注册码:987654321按“注册”后断下在堆栈栏得到以下信息
00127490 77D66137 /CALL 到 MessageBoxExW 来自 USER32.77D66132
00127494 00031154 |hOwner = 00031154 ('注册',class='#32770',parent=00EE06B2)
00127498 00461EAC |Text = "注册码不对!"
0012749C 00A42998 |Title = "MP4Expert"
001274A0 00000030 |Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL
001274A4 00000000 \LanguageID = 0 (LANG_NEUTRAL)
001274A8 /001274F4
001274AC |00421BA3 返回到 MP4Exper.00421BA3 来自 USER32.MessageBoxW
++++++++++++++++++++++++
直接CTRL+G转到00421BA3
++++++++++++++++++++++++
00421B6F 50 push eax
00421B70 E8 1E4A0000 call MP4Exper.00426593
00421B75 FFB0 80000000 push dword ptr ds:[eax+80]
00421B7B E8 46420000 call MP4Exper.00425DC6
00421B80 8945 DC mov dword ptr ss:[ebp-24],eax
00421B83 895D E4 mov dword ptr ss:[ebp-1C],ebx
00421B86 3BC3 cmp eax,ebx
00421B88 75 04 jnz short MP4Exper.00421B8E
00421B8A 33C0 xor eax,eax
00421B8C EB 27 jmp short MP4Exper.00421BB5
00421B8E 895D FC mov dword ptr ss:[ebp-4],ebx
00421B91 FF75 14 push dword ptr ss:[ebp+14]
00421B94 FF75 10 push dword ptr ss:[ebp+10]
00421B97 FF75 0C push dword ptr ss:[ebp+C]
00421B9A FF75 08 push dword ptr ss:[ebp+8]
00421B9D FF15 B0744500 call dword ptr ds:[<&USER32.Mes>; USER32.MessageBoxW
00421BA3 8945 E4 mov dword ptr ss:[ebp-1C],eax
然后删除之前的断点在00421B6F下断重新运行程序断下后看上面的两个CALL就是关键的CALL跟进去
跟到下面就跟出了真码~~
0041C192 8B4424 14 mov eax,dword ptr ss:[esp+14]
堆栈 ss:[00127774]=00A497F0, (UNICODE "B-70IVU-89-128-130-611923") [B-70IVU-89-128-130-611923]这就是真码
eax=00000001 |
评分
-
查看全部评分
|
IP卡
发表于 2006-12-8 02:13:12
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2007-9-26 08:55:28
发表于 2007-9-26 12:57:28
发表于 2007-9-27 19:35:32
