如何追delphi程序的注册码?

洞庭风 · 发表于 2008-4-17 23:11:13

菜鸟学破解,一个加ASPack 2.12 -> Alexey Solodovnikov壳的软件,脱壳后发现是Borland Delphi 6.0 - 7.0写的,有自校验,弄了两天,去掉了自校验,再用DEDE找到了注册验证关键CALL,但总是追不到真码,有可能有些程序根本就追不到真码吗?追delphi程序注册码下什么断?

下面附一些代码,运行程序点注册,断下来后,按ALT+F9 ,就到了如下代码段.请高手们指点:

0051D8E0 $  55          PUSH EBP
0051D8E1 .  8BEC       MOV EBP,ESP
0051D8E3 .  B9 07000000 MOV ECX,7
0051D8E8 >  6A 00       PUSH 0
0051D8EA .  6A 00       PUSH 0
0051D8EC .  49          DEC ECX
0051D8ED .^ 75 F9       JNZ SHORT unpack12.0051D8E8
0051D8EF .  53          PUSH EBX
0051D8F0 .  56          PUSH ESI
0051D8F1 .  57          PUSH EDI
0051D8F2 .  8BD8       MOV EBX,EAX
0051D8F4 .  33C0       XOR EAX,EAX
0051D8F6 .  55          PUSH EBP
0051D8F7 .  68 E2DA5100 PUSH unpack12.0051DAE2
0051D8FC .  64:FF30    PUSH DWORD PTR FS:[EAX]
0051D8FF .  64:8920    MOV DWORD PTR FS:[EAX],ESP
0051D902 .  C645 FF 00 MOV BYTE PTR SS:[EBP-1],0
0051D906 .  8D55 E4    LEA EDX,DWORD PTR SS:[EBP-1C]
0051D909 .  33C0       XOR EAX,EAX
0051D90B .  E8 2452EEFF CALL unpack12.00402B34
0051D910 .  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
0051D913 .  8D55 E8    LEA EDX,DWORD PTR SS:[EBP-18]
0051D916 .  E8 99C1EEFF CALL unpack12.00409AB4
0051D91B .  FF75 E8    PUSH DWORD PTR SS:[EBP-18]
0051D91E .  8D55 DC    LEA EDX,DWORD PTR SS:[EBP-24]
0051D921 .  33C0       XOR EAX,EAX
0051D923 .  E8 0C52EEFF CALL unpack12.00402B34
0051D928 .  8B45 DC    MOV EAX,DWORD PTR SS:[EBP-24]
0051D92B .  8D55 E0    LEA EDX,DWORD PTR SS:[EBP-20]
0051D92E .  E8 2DFEFFFF CALL unpack12.0051D760
0051D933 .  FF75 E0    PUSH DWORD PTR SS:[EBP-20]
0051D936 .  68 FCDA5100 PUSH unpack12.0051DAFC                ;  ASCII ".ini"
0051D93B .  8D45 F4    LEA EAX,DWORD PTR SS:[EBP-C]
0051D93E .  BA 03000000 MOV EDX,3                               这个"ini"实在弄不懂,到程序目录里也
0051D943 .  E8 A874EEFF CALL unpack12.00404DF0                   找不到,首先以为是用来装注册信息的
0051D948 .  80BB A6010000>CMP BYTE PTR DS:[EBX+1A6],0
0051D94F .  0F85 95000000 JNZ unpack12.0051D9EA
0051D955 .  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
0051D958 .  E8 D3BFEEFF CALL unpack12.00409930
0051D95D .  84C0       TEST AL,AL
0051D95F .  0F84 38010000 JE unpack12.0051DA9D
0051D965 .  B2 01       MOV DL,1
0051D967 .  A1 BCB94100 MOV EAX,DWORD PTR DS:[41B9BC]
0051D96C .  E8 6B62EEFF CALL unpack12.00403BDC
0051D971 .  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX
0051D974 .  8B55 F4    MOV EDX,DWORD PTR SS:[EBP-C]
0051D977 .  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0051D97A .  8B08       MOV ECX,DWORD PTR DS:[EAX]
0051D97C .  FF51 68    CALL DWORD PTR DS:[ECX+68]
0051D97F .  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0051D982 .  8B10       MOV EDX,DWORD PTR DS:[EAX]
0051D984 .  FF52 14    CALL DWORD PTR DS:[EDX+14]
0051D987 .  8BF0       MOV ESI,EAX
0051D989 .  4E          DEC ESI
0051D98A .  85F6       TEST ESI,ESI
0051D98C .  0F8C 0B010000 JL unpack12.0051DA9D
0051D992 .  46          INC ESI
0051D993 .  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0051D99A >  8D4D F0    LEA ECX,DWORD PTR SS:[EBP-10]
0051D99D .  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0051D9A0 .  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0051D9A3 .  8B38       MOV EDI,DWORD PTR DS:[EAX]
0051D9A5 .  FF57 0C    CALL DWORD PTR DS:[EDI+C]
0051D9A8 .  8D55 D8    LEA EDX,DWORD PTR SS:[EBP-28]
0051D9AB .  8B83 F4020000 MOV EAX,DWORD PTR DS:[EBX+2F4]
0051D9B1 .  E8 F6F3F2FF CALL unpack12.0044CDAC
0051D9B6 .  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]
0051D9B9 .  50          PUSH EAX
0051D9BA .  8D4D D4    LEA ECX,DWORD PTR SS:[EBP-2C]
0051D9BD .  8B83 10030000 MOV EAX,DWORD PTR DS:[EBX+310]
0051D9C3 .  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
0051D9C6 .  E8 91FAFFFF CALL unpack12.0051D45C
0051D9CB .  8B55 D4    MOV EDX,DWORD PTR SS:[EBP-2C]
0051D9CE .  58          POP EAX
0051D9CF .  E8 A074EEFF CALL unpack12.00404E74
0051D9D4 .  75 09       JNZ SHORT unpack12.0051D9DF
0051D9D6 .  C645 FF 01 MOV BYTE PTR SS:[EBP-1],1
0051D9DA .  E9 BE000000 JMP unpack12.0051DA9D
0051D9DF >  FF45 F8    INC DWORD PTR SS:[EBP-8]
0051D9E2 .  4E          DEC ESI
0051D9E3 .^ 75 B5       JNZ SHORT unpack12.0051D99A
0051D9E5 .  E9 B3000000 JMP unpack12.0051DA9D
0051D9EA >  8D55 D0    LEA EDX,DWORD PTR SS:[EBP-30]
0051D9ED .  8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
0051D9F3 .  E8 B4F3F2FF CALL unpack12.0044CDAC
0051D9F8 .  8B55 D0    MOV EDX,DWORD PTR SS:[EBP-30]
0051D9FB .  8D4D F0    LEA ECX,DWORD PTR SS:[EBP-10]
0051D9FE .  8B83 10030000 MOV EAX,DWORD PTR DS:[EBX+310]
0051DA04 .  E8 53FAFFFF CALL unpack12.0051D45C
0051DA09 .  8D55 CC    LEA EDX,DWORD PTR SS:[EBP-34]
0051DA0C .  8B83 F4020000 MOV EAX,DWORD PTR DS:[EBX+2F4]
0051DA12 .  E8 95F3F2FF CALL unpack12.0044CDAC
0051DA17 .  8B45 CC    MOV EAX,DWORD PTR SS:[EBP-34]
0051DA1A .  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
0051DA1D .  E8 5274EEFF CALL unpack12.00404E74
0051DA22 .  75 79       JNZ SHORT unpack12.0051DA9D
0051DA24 .  C645 FF 01 MOV BYTE PTR SS:[EBP-1],1
0051DA28 .  33C0       XOR EAX,EAX
0051DA2A .  55          PUSH EBP
0051DA2B .  68 96DA5100 PUSH unpack12.0051DA96
0051DA30 .  64:FF30    PUSH DWORD PTR FS:[EAX]
0051DA33 .  64:8920    MOV DWORD PTR FS:[EAX],ESP
0051DA36 .  B2 01       MOV DL,1
0051DA38 .  A1 BCB94100 MOV EAX,DWORD PTR DS:[41B9BC]
0051DA3D .  E8 9A61EEFF CALL unpack12.00403BDC
0051DA42 .  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX
0051DA45 .  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
0051DA48 .  E8 E3BEEEFF CALL unpack12.00409930
0051DA4D .  84C0       TEST AL,AL
0051DA4F .  74 0B       JE SHORT unpack12.0051DA5C
0051DA51 .  8B55 F4    MOV EDX,DWORD PTR SS:[EBP-C]
0051DA54 .  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0051DA57 .  8B08       MOV ECX,DWORD PTR DS:[EAX]
0051DA59 .  FF51 68    CALL DWORD PTR DS:[ECX+68]
0051DA5C >  8D55 C8    LEA EDX,DWORD PTR SS:[EBP-38]
0051DA5F .  8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
0051DA65 .  E8 42F3F2FF CALL unpack12.0044CDAC
0051DA6A .  8B55 C8    MOV EDX,DWORD PTR SS:[EBP-38]
0051DA6D .  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0051DA70 .  8B08       MOV ECX,DWORD PTR DS:[EAX]
0051DA72 .  FF51 38    CALL DWORD PTR DS:[ECX+38]
0051DA75 .  8B55 F4    MOV EDX,DWORD PTR SS:[EBP-C]
0051DA78 .  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0051DA7B .  8B08       MOV ECX,DWORD PTR DS:[EAX]
0051DA7D .  FF51 74    CALL DWORD PTR DS:[ECX+74]
0051DA80 .  33C0       XOR EAX,EAX
0051DA82 .  5A          POP EDX
0051DA83 .  59          POP ECX
0051DA84 .  59          POP ECX
0051DA85 .  64:8910    MOV DWORD PTR FS:[EAX],EDX
0051DA88 .  68 9DDA5100 PUSH unpack12.0051DA9D
0051DA8D >  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0051DA90 .  E8 7761EEFF CALL unpack12.00403C0C
0051DA95 .  C3          RETN
0051DA96 .^ E9 0569EEFF JMP unpack12.004043A0
0051DA9B .^ EB F0       JMP SHORT unpack12.0051DA8D
0051DA9D >  33C0       XOR EAX,EAX
0051DA9F .  5A          POP EDX
0051DAA0 .  59          POP ECX
0051DAA1 .  59          POP ECX
0051DAA2 .  64:8910    MOV DWORD PTR FS:[EAX],EDX
0051DAA5 .  68 E9DA5100 PUSH unpack12.0051DAE9
0051DAAA >  8D45 C8    LEA EAX,DWORD PTR SS:[EBP-38]
0051DAAD .  BA 03000000 MOV EDX,3
0051DAB2 .  E8 E56FEEFF CALL unpack12.00404A9C
0051DAB7 .  8D45 D4    LEA EAX,DWORD PTR SS:[EBP-2C]
0051DABA .  E8 B96FEEFF CALL unpack12.00404A78
0051DABF .  8D45 D8    LEA EAX,DWORD PTR SS:[EBP-28]
0051DAC2 .  E8 B16FEEFF CALL unpack12.00404A78
0051DAC7 .  8D45 DC    LEA EAX,DWORD PTR SS:[EBP-24]
0051DACA .  BA 04000000 MOV EDX,4
0051DACF .  E8 C86FEEFF CALL unpack12.00404A9C
0051DAD4 .  8D45 F0    LEA EAX,DWORD PTR SS:[EBP-10]
0051DAD7 .  BA 02000000 MOV EDX,2
0051DADC .  E8 BB6FEEFF CALL unpack12.00404A9C
0051DAE1 .  C3          RETN
0051DAE2 .^ E9 B968EEFF JMP unpack12.004043A0
0051DAE7 .^ EB C1       JMP SHORT unpack12.0051DAAA
0051DAE9 .  8A45 FF    MOV AL,BYTE PTR SS:[EBP-1]
0051DAEC .  5F          POP EDI
0051DAED .  5E          POP ESI
0051DAEE .  5B          POP EBX
0051DAEF .  8BE5       MOV ESP,EBP
0051DAF1 .  5D          POP EBP
0051DAF2 .  C3          RETN鸟

[ 本帖最后由洞庭风于 2008-4-17 23:17 编辑 ]

xuewuzhijing · 发表于 2008-4-17 23:47:19

发个地址大家一起看看啊！

Thaumaturge · 发表于 2008-4-19 21:19:00

填了才有ini吧.

孤漂江湖狼 · 发表于 2008-4-19 21:58:33

支持洞庭风老兄！！！

		自动登录	找回密码
密码			加入我们

[讨论中..] 如何追delphi程序的注册码?

相关帖子