- UID
- 16062
注册时间2006-6-19
阅读权限40
最后登录1970-1-1
独步武林
 
该用户从未签到
|
【文章标题】: 一个字节干掉DTMM4.1
【文章作者】: JJDG
【软件名称】: DTMM v4.1
【软件大小】: 1509kb
【下载地址】: 自己搜索下载;sjmzsf.ys168.com
【加壳方式】: N
【使用工具】: PEID OD
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
DTMM是一个简单易用的3维分子模型显示、编辑与构建程序,可以以各种模式显示3维分子,并能进行编辑。
在安装的时候会要求填入相应的信息(我乱填的!^_^),否则就无法继续,装完一运行,弹出对话框:your license file for dtmm is invalid! 然后程序自己就挂了!
PEID显示无壳!
打开OD载入,查找字符串,在“your license file for dtmm is invalid”上面双击来到下面:
004A930E |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
004A9311 |. B8 54F04B00 MOV EAX,DTMM.004BF054
004A9316 |. B9 88944A00 MOV ECX,DTMM.004A9488 ; license.fig<----看来从这里开始是对license进行校验!
004A931B |. E8 FCABF5FF CALL DTMM.00403F1C
004A9320 |. 68 58F04B00 PUSH DTMM.004BF058
004A9325 |. A1 54F04B00 MOV EAX,DWORD PTR DS:[4BF054]
004A932A |. E8 A1ABF5FF CALL DTMM.00403ED0
004A932F |. 50 PUSH EAX
004A9330 |. B8 54F04B00 MOV EAX,DTMM.004BF054
004A9335 |. E8 66ADF5FF CALL DTMM.004040A0
004A933A |. 50 PUSH EAX
004A933B |. E8 A8FCFFFF CALL <JMP.&pls_subs.PLS_READFIG>
004A9340 |. 68 58F04B00 PUSH DTMM.004BF058
004A9345 |. E8 A6FCFFFF CALL <JMP.&pls_subs.PLS_CHECKCODE>
004A934A 8325 58F04B00>CMP DWORD PTR DS:[4BF058],0 <----在这里改!就改一个字节!将CMP改为AND即可!
004A9351 0F85 DA000000 JNZ DTMM.004A9431 <----如果license有问题就跳!
004A9357 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A9359 |. E8 3672F8FF CALL DTMM.00430594
004A935E |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A9360 |. BA 9C944A00 MOV EDX,DTMM.004A949C ; desktop molecular modeller
004A9365 |. E8 426FF8FF CALL DTMM.004302AC
004A936A |. 8B0D 14BA4A00 MOV ECX,DWORD PTR DS:[4ABA14] ; DTMM.004BF040
004A9370 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A9372 |. 8B15 C8394A00 MOV EDX,DWORD PTR DS:[4A39C8] ; DTMM.004A3A08
004A9378 |. E8 2F72F8FF CALL DTMM.004305AC
004A937D |. 8B0D 64B84A00 MOV ECX,DWORD PTR DS:[4AB864] ; DTMM.004ADACC
004A9383 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A9385 |. 8B15 34734800 MOV EDX,DWORD PTR DS:[487334] ; DTMM.00487374
004A938B |. E8 1C72F8FF CALL DTMM.004305AC
004A9390 |. 8B0D E4BA4A00 MOV ECX,DWORD PTR DS:[4ABAE4] ; DTMM.004ADAE4
004A9396 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A9398 |. 8B15 38A24800 MOV EDX,DWORD PTR DS:[48A238] ; DTMM.0048A278
004A939E |. E8 0972F8FF CALL DTMM.004305AC
004A93A3 |. 8B0D B8BA4A00 MOV ECX,DWORD PTR DS:[4ABAB8] ; DTMM.004ADAEC
004A93A9 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A93AB |. 8B15 E4B04800 MOV EDX,DWORD PTR DS:[48B0E4] ; DTMM.0048B124
004A93B1 |. E8 F671F8FF CALL DTMM.004305AC
004A93B6 |. 8B0D 74BB4A00 MOV ECX,DWORD PTR DS:[4ABB74] ; DTMM.004ADB30
004A93BC |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A93BE |. 8B15 88F24900 MOV EDX,DWORD PTR DS:[49F288] ; DTMM.0049F2C8
004A93C4 |. E8 E371F8FF CALL DTMM.004305AC
004A93C9 |. 8B0D D4B94A00 MOV ECX,DWORD PTR DS:[4AB9D4] ; DTMM.004ADAF4
004A93CF |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A93D1 |. 8B15 D4B64800 MOV EDX,DWORD PTR DS:[48B6D4] ; DTMM.0048B714
004A93D7 |. E8 D071F8FF CALL DTMM.004305AC
004A93DC |. 8B0D 54B84A00 MOV ECX,DWORD PTR DS:[4AB854] ; DTMM.004ADB08
004A93E2 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A93E4 |. 8B15 78CC4800 MOV EDX,DWORD PTR DS:[48CC78] ; DTMM.0048CCB8
004A93EA |. E8 BD71F8FF CALL DTMM.004305AC
004A93EF |. 8B0D 18B94A00 MOV ECX,DWORD PTR DS:[4AB918] ; DTMM.004ADB10
004A93F5 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A93F7 |. 8B15 F8CD4800 MOV EDX,DWORD PTR DS:[48CDF8] ; DTMM.0048CE38
004A93FD |. E8 AA71F8FF CALL DTMM.004305AC
004A9402 |. 8B0D 24B94A00 MOV ECX,DWORD PTR DS:[4AB924] ; DTMM.004BF028
004A9408 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A940A |. 8B15 30364A00 MOV EDX,DWORD PTR DS:[4A3630] ; DTMM.004A3670
004A9410 |. E8 9771F8FF CALL DTMM.004305AC
004A9415 |. 8B0D 98B94A00 MOV ECX,DWORD PTR DS:[4AB998] ; DTMM.004ADADC
004A941B |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A941D |. 8B15 68A04800 MOV EDX,DWORD PTR DS:[48A068] ; DTMM.0048A0A8
004A9423 |. E8 8471F8FF CALL DTMM.004305AC
004A9428 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A942A |. E8 0972F8FF CALL DTMM.00430638
004A942F |. EB 2B JMP SHORT DTMM.004A945C
004A9431 |> 833D 58F04B00>CMP DWORD PTR DS:[4BF058],62 <------从004A9351跳过来的!
004A9438 |. 75 12 JNZ SHORT DTMM.004A944C <----看来这里是检查license的有效性!如果license有效就继续检测是否到期!否则就跳到显示无效信息处!
004A943A |. 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
004A943C |. 6A 00 PUSH 0 ; |Title = NULL
004A943E |. 68 B8944A00 PUSH DTMM.004A94B8 ; |your authorisation code has expired <----看来这里是检查license的有效性!
004A9443 |. 6A 00 PUSH 0 ; |hOwner = NULL
004A9445 |. E8 32D4F5FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004A944A |. EB 10 JMP SHORT DTMM.004A945C
004A944C |> 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL <----从004A9438跳过来!
004A944E |. 6A 00 PUSH 0 ; |Title = NULL
004A9450 |. 68 DC944A00 PUSH DTMM.004A94DC ; |your license file for dtmm is invalid <----双击后来到这里!
004A9455 |. 6A 00 PUSH 0 ; |hOwner = NULL
004A9457 |. E8 20D4F5FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
将004A934A 8325 58F04B00>CMP DWORD PTR DS:[4BF058],0 改为:004A934A 8325 58F04B00>AND DWORD PTR DS:[4BF058],0 即可!
这样一来,DS的值就置0了,怎么也不可能出现jnz的情况了!F9试试,哈哈直接就进去了!
OK!将修改保存一下吧!
2006年08月15日 21:44:24 |
评分
-
查看全部评分
|
IP卡
发表于 2006-8-15 22:36:36
提升卡
置顶卡
变色卡
千斤顶
显身卡
