TA的每日心情 | 无聊
2018-2-10 09:25 |
|---|
签到天数: 119 天 [LV.6]常住居民II
|
未加壳,OD载入下:bpx CreateFileW 断点,F9运行,当堆栈中出现
0012EA78 00F235F0 |FileName = "F:\常用工具\HippoEDITen\license.dat"
0012EA7C 80000000 |Access = GENERIC_READ
0012EA80 00000001 |ShareMode = FILE_SHARE_READ
0012EA84 00000000 |pSecurity = NULL
0012EA88 00000003 |Mode = OPEN_EXISTING
0012EA8C 08000080 |Attributes = NORMAL|SEQUENTIAL_SCAN
0012EA90 00000000 \hTemplateFile = NULL
00431FBF |. 6A 00 PUSH 0 ; /hTemplateFile = NULL
00431FC1 |. 68 80000008 PUSH 8000080 ; |Attributes = NORMAL|SEQUENTIAL_SCAN
00431FC6 |. 6A 03 PUSH 3 ; |Mode = OPEN_EXISTING
00431FC8 |. 6A 00 PUSH 0 ; |pSecurity = NULL
00431FCA |. 6A 01 PUSH 1 ; |ShareMode = FILE_SHARE_READ
00431FCC |. 68 00000080 PUSH 80000000 ; |Access = GENERIC_READ
00431FD1 |. 50 PUSH EAX ; |FileName
00431FD2 |. FF15 089B5000 CALL DWORD PTR DS:[<&KERNEL32.CreateFile>; \CreateFileW
00431FD8 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
00431FDC |. 8BF8 MOV EDI,EAX
00431FDE |. FF15 70A65000 CALL DWORD PTR DS:[<&MFC80U.#577>] ; mfc80u.#578
00431FE4 |. 32DB XOR BL,BL
00431FE6 |. 83FF FF CMP EDI,-1
00431FE9 |. 0F84 DF000000 JE HippoEdi.004320CE
00431FEF |. 6A 00 PUSH 0 ; /pOverlapped = NULL
00431FF1 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18] ; |
00431FF5 |. 51 PUSH ECX ; |pBytesRead
00431FF6 |. BE 00080000 MOV ESI,800 ; |
00431FFB |. 56 PUSH ESI ; |BytesToRead => 800 (2048.)
00431FFC |. 8D9424 B00000>LEA EDX,DWORD PTR SS:[ESP+B0] ; |
00432003 |. 52 PUSH EDX ; |Buffer
00432004 |. 57 PUSH EDI ; |hFile
00432005 |. 897424 28 MOV DWORD PTR SS:[ESP+28],ESI ; |
00432009 |. FF15 0C9B5000 CALL DWORD PTR DS:[<&KERNEL32.ReadFile>] ; \ReadFile
0043200F |. 85C0 TEST EAX,EAX
00432011 |. 0F84 AC000000 JE HippoEdi.004320C3
00432017 |. 397424 14 CMP DWORD PTR SS:[ESP+14],ESI
0043201B |. 0F85 A2000000 JNZ HippoEdi.004320C3
00432021 |. 8D4424 1C LEA EAX,DWORD PTR SS:[ESP+1C]
00432025 |. 50 PUSH EAX
00432026 |. B3 01 MOV BL,1
00432028 |. E8 13FEFFFF CALL HippoEdi.00431E40
0043202D |. 83C4 04 ADD ESP,4
00432030 |. C78424 B00800>MOV DWORD PTR SS:[ESP+8B0],0
0043203B |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
0043203D |. 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24]
00432041 |. 894C24 20 MOV DWORD PTR SS:[ESP+20],ECX
00432045 |. FF15 34F05500 CALL DWORD PTR DS:[55F034] ; HippoEdi.004CCE63
0043204B |. 50 PUSH EAX
0043204C |. 56 PUSH ESI
0043204D |. 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+28]
00432051 |. E8 8AF40000 CALL HippoEdi.004414E0
00432056 |. 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+20]
0043205A |. 8D9424 A40200>LEA EDX,DWORD PTR SS:[ESP+2A4]
00432061 |. 52 PUSH EDX ; /Arg1
00432062 |. BA 00060000 MOV EDX,600 ; |
00432067 |. E8 14F0FFFF CALL HippoEdi.00431080 ; \HippoEdi.00431080
0043206C |. 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24]
00432070 |. 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
00432074 |. 83C4 04 ADD ESP,4
00432077 |. 3BC1 CMP EAX,ECX
00432079 |. 74 0A JE SHORT HippoEdi.00432085
0043207B |. 50 PUSH EAX ; /block
0043207C |. FF15 E8A95000 CALL DWORD PTR DS:[<&MSVCR80.free>] ; \free
00432082 |. 83C4 04 ADD ESP,4
00432085 |> 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
00432089 |. C78424 B00800>MOV DWORD PTR SS:[ESP+8B0],-1
00432094 |. FF15 70A65000 CALL DWORD PTR DS:[<&MFC80U.#577>] ; mfc80u.#578
0043209A |. 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+10]
0043209E |. 8D9424 080400>LEA EDX,DWORD PTR SS:[ESP+408]
004320A5 |. 52 PUSH EDX ; /Arg2
004320A6 |. 56 PUSH ESI ; |Arg1
004320A7 |. E8 94F1FFFF CALL HippoEdi.00431240 ; \HippoEdi.00431240
004320AC |. 84C0 TEST AL,AL
004320AE |. 74 06 JE SHORT HippoEdi.004320B6
004320B0 |. 807E 74 00 CMP BYTE PTR DS:[ESI+74],0
004320B4 |. 75 0D JNZ SHORT HippoEdi.004320C3
004320B6 |> E8 D5FCFFFF CALL HippoEdi.00431D90
004320BB |. 84C0 TEST AL,AL
004320BD |. 74 04 JE SHORT HippoEdi.004320C3
004320BF |. C646 74 43 MOV BYTE PTR DS:[ESI+74],43
004320C3 |> 57 PUSH EDI ; /hObject
004320C4 |. FF15 049B5000 CALL DWORD PTR DS:[<&KERNEL32.CloseHandl>; \CloseHandle
004320CA |. 84DB TEST BL,BL
004320CC |. 75 2A JNZ SHORT HippoEdi.004320F8
004320CE |> E8 7F950900 CALL <JMP.&MFC80U.#1086>
004320D3 |. 85C0 TEST EAX,EAX
004320D5 |. 74 0D JE SHORT HippoEdi.004320E4
004320D7 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004320D9 |. 8BC8 MOV ECX,EAX
004320DB |. 8B42 7C MOV EAX,DWORD PTR DS:[EDX+7C]
004320DE |. FFD0 CALL EAX
004320E0 |. 85C0 TEST EAX,EAX
004320E2 |. 75 04 JNZ SHORT HippoEdi.004320E8
004320E4 |> 33C0 XOR EAX,EAX
004320E6 |. EB 03 JMP SHORT HippoEdi.004320EB
004320E8 |> 8B40 20 MOV EAX,DWORD PTR DS:[EAX+20]
004320EB |> 6A 00 PUSH 0 ; /lParam = 0
004320ED |. 6A 00 PUSH 0 ; |wParam = 0
004320EF |. 6A 10 PUSH 10 ; |Message = WM_CLOSE
004320F1 |. 50 PUSH EAX ; |hWnd
004320F2 |. FF15 0CAD5000 CALL DWORD PTR DS:[<&USER32.PostMessageW>; \PostMessageW
004320F8 |> 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10]
004320FC |. 33C0 XOR EAX,EAX
004320FE |. 3841 74 CMP BYTE PTR DS:[ECX+74],AL
00432101 |> 8B8C24 A80800>MOV ECX,DWORD PTR SS:[ESP+8A8]
00432108 |. 5F POP EDI
00432109 |. 5E POP ESI
0043210A 0F95C0 SETNE AL Al=1即可注册成功
0043210D |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
00432114 |. 5B POP EBX
00432115 |. 81C4 A8080000 ADD ESP,8A8
将
0043210A 0F95C0 SETNE AL Al=1即可注册成功
改成 mov al,1即可
复制到可执行程序,即可破解 |
评分
-
查看全部评分
|
IP卡
发表于 2009-12-27 11:23:22
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2010-1-4 16:19:00
发表于 2010-1-4 21:18:01
发表于 2010-1-5 12:54:11