- UID
- 31971
注册时间2007-5-6
阅读权限10
最后登录1970-1-1
周游历练
该用户从未签到
|
【破文标题】破解-外挂制作学习环境2005
【破文作者】唐小刀
【作者邮箱】[email protected]
【作者主页】dtxd.vicp.net QQ:172751148
【破解工具】peid,od
【破解平台】win2003 server sp2
【软件名称】外挂制作学习环境2005
【软件大小】1.80 MB
【原版下载】http://www.watxwg.com
【保护方式】注册码+重启验证
用PEID查壳,UPX变形壳,比较简单,所以脱壳过程我就不说了。直接进入破解
脱完壳后用OD载入程序,停在这里,根据经验下断点在这,F9运行又会停在这里,下面就开始进行分析
0050FE4E 55 PUSH EBP
0050FE4F 68 2AFF5000 PUSH dumped_.0050FF2A
0050FE54 64:FF30 PUSH DWORD PTR FS:[EAX]
0050FE57 64:8920 MOV DWORD PTR FS:[EAX],ESP
0050FE5A 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
0050FE5D 8B83 0C030000 MOV EAX,DWORD PTR DS:[EBX+30C]
0050FE63 E8 1061F4FF CALL dumped_.00455F78
0050FE68 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ;堆栈 SS:[0012F410]=00F988B0, (ASCII "txd123456")
EAX=00000009
0050FE6B 50 PUSH EAX ;EAX=00F988B0, (ASCII "txd123456")
0050FE6C 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0050FE6F 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308] ;DS:[00F9327C]=00F44744
EAX=00F988B0, (ASCII "txd123456")
0050FE75 E8 FE60F4FF CALL dumped_.00455F78
0050FE7A 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
0050FE7D 8B83 18030000 MOV EAX,DWORD PTR DS:[EBX+318]
0050FE83 59 POP ECX ;堆栈 [0012F3F8]=00F988B0 (00F988B0), ASCII "txd123456"
ECX=77E2C4C8 (user32.77E2C4C8)
0050FE84 E8 D34BFFFF CALL dumped_.00504A5C ;关键call,跟进去. 算法call
0050FE89 84C0 TEST AL,AL
0050FE8B 75 2C JNZ SHORT dumped_.0050FEB9
0050FE8D 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0050FE90 BA 40FF5000 MOV EDX,dumped_.0050FF40 ; 输入注册码不正确,请检查!
0050FE95 E8 2245EFFF CALL dumped_.004043BC
0050FE9A 6A 40 PUSH 40
0050FE9C 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050FE9F E8 4049EFFF CALL dumped_.004047E4
0050FEA4 8BD0 MOV EDX,EAX
0050FEA6 B9 5CFF5000 MOV ECX,dumped_.0050FF5C ; 输入错误
0050FEAB A1 5C925100 MOV EAX,DWORD PTR DS:[51925C]
0050FEB0 8B00 MOV EAX,DWORD PTR DS:[EAX]
0050FEB2 E8 D55EF6FF CALL dumped_.00475D8C
0050FEB7 EB 4E JMP SHORT dumped_.0050FF07
0050FEB9 68 70FF5000 PUSH dumped_.0050FF70 ; 注册成功!\r注册信息为:\r注册码:
0050FEBE 8B83 18030000 MOV EAX,DWORD PTR DS:[EBX+318]
0050FEC4 FF70 58 PUSH DWORD PTR DS:[EAX+58]
0050FEC7 68 9CFF5000 PUSH dumped_.0050FF9C ; \r
0050FECC 68 A8FF5000 PUSH dumped_.0050FFA8 ; 感谢您对我们的支持!请重新启动程序。
0050FED1 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0050FED4 BA 04000000 MOV EDX,4
0050FED9 E8 C647EFFF CALL dumped_.004046A4
0050FEDE 6A 40 PUSH 40
0050FEE0 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050FEE3 E8 FC48EFFF CALL dumped_.004047E4
0050FEE8 8BD0 MOV EDX,EAX
0050FEEA B9 D4FF5000 MOV ECX,dumped_.0050FFD4 ; 注册成功
0050FEEF A1 5C925100 MOV EAX,DWORD PTR DS:[51925C]
0050FEF4 8B00 MOV EAX,DWORD PTR DS:[EAX]
0050FEF6 E8 915EF6FF CALL dumped_.00475D8C
0050FEFB A1 5C925100 MOV EAX,DWORD PTR DS:[51925C]
0050FF00 8B00 MOV EAX,DWORD PTR DS:[EAX]
0050FF02 E8 E15DF6FF CALL dumped_.00475CE8
0050FF07 33C0 XOR EAX,EAX
0050FF09 5A POP EDX
0050FF0A 59 POP ECX
0050FF0B 59 POP ECX
0050FF0C 64:8910 MOV DWORD PTR FS:[EAX],EDX
0050FF0F 68 31FF5000 PUSH dumped_.0050FF31
0050FF14 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
0050FF17 BA 02000000 MOV EDX,2
0050FF1C E8 2744EFFF CALL dumped_.00404348
0050FF21 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0050FF24 E8 FB43EFFF CALL dumped_.00404324
0050FF29 C3 RETN
0050FF2A ^ E9 193DEFFF JMP dumped_.00403C48
0050FF2F ^ EB E3 JMP SHORT dumped_.0050FF14
0050FF31 5B POP EBX
0050FF32 8BE5 MOV ESP,EBP
0050FF34 5D POP EBP
0050FF35 C3 RETN
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
F7跟进算法CALL
00504A5C 55 PUSH EBP
00504A5D 8BEC MOV EBP,ESP
00504A5F 83C4 F0 ADD ESP,-10
00504A62 53 PUSH EBX
00504A63 33DB XOR EBX,EBX
00504A65 895D F0 MOV DWORD PTR SS:[EBP-10],EBX
00504A68 895D F4 MOV DWORD PTR SS:[EBP-C],EBX
00504A6B 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
00504A6E 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
00504A71 8BD8 MOV EBX,EAX
00504A73 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00504A76 E8 59FDEFFF CALL dumped_.004047D4
00504A7B 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00504A7E E8 51FDEFFF CALL dumped_.004047D4
00504A83 33C0 XOR EAX,EAX
00504A85 55 PUSH EBP
00504A86 68 2B4B5000 PUSH dumped_.00504B2B
00504A8B 64:FF30 PUSH DWORD PTR FS:[EAX]
00504A8E 64:8920 MOV DWORD PTR FS:[EAX],ESP
00504A91 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00504A94 E8 4BFBEFFF CALL dumped_.004045E4
00504A99 3B43 4C CMP EAX,DWORD PTR DS:[EBX+4C]
00504A9C 7F 19 JG SHORT dumped_.00504AB7
00504A9E 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00504AA1 E8 3EFBEFFF CALL dumped_.004045E4
00504AA6 3B43 50 CMP EAX,DWORD PTR DS:[EBX+50]
00504AA9 7C 0C JL SHORT dumped_.00504AB7
00504AAB 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00504AAE E8 31FBEFFF CALL dumped_.004045E4
00504AB3 85C0 TEST EAX,EAX
00504AB5 75 04 JNZ SHORT dumped_.00504ABB
00504AB7 33DB XOR EBX,EBX
00504AB9 EB 55 JMP SHORT dumped_.00504B10
00504ABB 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
00504ABE 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00504AC1 E8 723EF0FF CALL dumped_.00408938
00504AC6 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
00504AC9 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
00504ACC E8 EBF8EFFF CALL dumped_.004043BC
00504AD1 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
00504AD4 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00504AD7 8BC3 MOV EAX,EBX
00504AD9 E8 56FBFFFF CALL dumped_.00504634
00504ADE 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ;堆栈 SS:[0012F3E4]=00FAEB58, (ASCII "00000D566353B")
EAX=0012F3C8 //看到了吧 ,真正的注册码出来了吧.
00504AE1 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
00504AE4 E8 C73EF0FF CALL dumped_.004089B0
00504AE9 85C0 TEST EAX,EAX
00504AEB 74 04 JE SHORT dumped_.00504AF1
00504AED 33DB XOR EBX,EBX
00504AEF EB 1F JMP SHORT dumped_.00504B10
00504AF1 8D43 48 LEA EAX,DWORD PTR DS:[EBX+48]
00504AF4 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00504AF7 E8 7CF8EFFF CALL dumped_.00404378
00504AFC 8D43 58 LEA EAX,DWORD PTR DS:[EBX+58]
00504AFF 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
00504B02 E8 71F8EFFF CALL dumped_.00404378
00504B07 8BC3 MOV EAX,EBX
00504B09 E8 3E020000 CALL dumped_.00504D4C
00504B0E B3 01 MOV BL,1
00504B10 33C0 XOR EAX,EAX
00504B12 5A POP EDX
00504B13 59 POP ECX
00504B14 59 POP ECX
00504B15 64:8910 MOV DWORD PTR FS:[EAX],EDX
00504B18 68 324B5000 PUSH dumped_.00504B32
00504B1D 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
00504B20 BA 04000000 MOV EDX,4
00504B25 E8 1EF8EFFF CALL dumped_.00404348
00504B2A C3 RETN
00504B2B ^ E9 18F1EFFF JMP dumped_.00403C48
00504B30 ^ EB EB JMP SHORT dumped_.00504B1D
00504B32 8BC3 MOV EAX,EBX
00504B34 5B POP EBX
00504B35 8BE5 MOV ESP,EBP
00504B37 5D POP EBP
00504B38 C3 RETN
不知道是不是软件本身就是个演示版的还是作者在拿大家寻开心,呵呵 完全破解了.里面却没什么有价值的东西,呵呵!谢谢大家
能够抽出您宝贵的时间看完我的文章,不胜感激! |
评分
-
查看全部评分
|