- UID
- 16062
注册时间2006-6-19
阅读权限40
最后登录1970-1-1
独步武林
 
该用户从未签到
|
【文章标题】: 一个字节干掉DTMM4.1
【文章作者】: JJDG
【软件名称】: DTMM v4.1
【软件大小】: 1509kb
【下载地址】: 自己搜索下载;sjmzsf.ys168.com
【加壳方式】: N
【使用工具】: PEID OD
【作者声明】: 我就爆破凑合别要求算法!
--------------------------------------------------------------------------------
【详细过程】
DTMM是一个简单易用的3维分子模型显示、编辑与构建程序,可以以各种模式显示3维分子,并能进行编辑。
在安装的时候会要求填入相应的信息(我乱填的!^_^),否则就无法继续,装完一运行,弹出对话框:your license file for dtmm is invalid! 然后程序自己就挂了!
PEID显示无壳!
打开OD载入,查找字符串,在“your license file for dtmm is invalid”上面双击来到下面:
004A930E |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
004A9311 |. B8 54F04B00 MOV EAX,DTMM.004BF054
004A9316 |. B9 88944A00 MOV ECX,DTMM.004A9488 ; license.fig<----看来从这里开始是对license进行校验!
004A931B |. E8 FCABF5FF CALL DTMM.00403F1C
004A9320 |. 68 58F04B00 PUSH DTMM.004BF058
004A9325 |. A1 54F04B00 MOV EAX,DWORD PTR DS:[4BF054]
004A932A |. E8 A1ABF5FF CALL DTMM.00403ED0
004A932F |. 50 PUSH EAX
004A9330 |. B8 54F04B00 MOV EAX,DTMM.004BF054
004A9335 |. E8 66ADF5FF CALL DTMM.004040A0
004A933A |. 50 PUSH EAX
004A933B |. E8 A8FCFFFF CALL <JMP.&pls_subs.PLS_READFIG>
004A9340 |. 68 58F04B00 PUSH DTMM.004BF058
004A9345 |. E8 A6FCFFFF CALL <JMP.&pls_subs.PLS_CHECKCODE>
004A934A 8325 58F04B00>CMP DWORD PTR DS:[4BF058],0 <----在这里改!就改一个字节!将CMP改为AND即可!
004A9351 0F85 DA000000 JNZ DTMM.004A9431 <----如果license有问题就跳!
004A9357 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A9359 |. E8 3672F8FF CALL DTMM.00430594
004A935E |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A9360 |. BA 9C944A00 MOV EDX,DTMM.004A949C ; desktop molecular modeller
004A9365 |. E8 426FF8FF CALL DTMM.004302AC
004A936A |. 8B0D 14BA4A00 MOV ECX,DWORD PTR DS:[4ABA14] ; DTMM.004BF040
004A9370 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A9372 |. 8B15 C8394A00 MOV EDX,DWORD PTR DS:[4A39C8] ; DTMM.004A3A08
004A9378 |. E8 2F72F8FF CALL DTMM.004305AC
004A937D |. 8B0D 64B84A00 MOV ECX,DWORD PTR DS:[4AB864] ; DTMM.004ADACC
004A9383 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A9385 |. 8B15 34734800 MOV EDX,DWORD PTR DS:[487334] ; DTMM.00487374
004A938B |. E8 1C72F8FF CALL DTMM.004305AC
004A9390 |. 8B0D E4BA4A00 MOV ECX,DWORD PTR DS:[4ABAE4] ; DTMM.004ADAE4
004A9396 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A9398 |. 8B15 38A24800 MOV EDX,DWORD PTR DS:[48A238] ; DTMM.0048A278
004A939E |. E8 0972F8FF CALL DTMM.004305AC
004A93A3 |. 8B0D B8BA4A00 MOV ECX,DWORD PTR DS:[4ABAB8] ; DTMM.004ADAEC
004A93A9 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A93AB |. 8B15 E4B04800 MOV EDX,DWORD PTR DS:[48B0E4] ; DTMM.0048B124
004A93B1 |. E8 F671F8FF CALL DTMM.004305AC
004A93B6 |. 8B0D 74BB4A00 MOV ECX,DWORD PTR DS:[4ABB74] ; DTMM.004ADB30
004A93BC |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A93BE |. 8B15 88F24900 MOV EDX,DWORD PTR DS:[49F288] ; DTMM.0049F2C8
004A93C4 |. E8 E371F8FF CALL DTMM.004305AC
004A93C9 |. 8B0D D4B94A00 MOV ECX,DWORD PTR DS:[4AB9D4] ; DTMM.004ADAF4
004A93CF |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A93D1 |. 8B15 D4B64800 MOV EDX,DWORD PTR DS:[48B6D4] ; DTMM.0048B714
004A93D7 |. E8 D071F8FF CALL DTMM.004305AC
004A93DC |. 8B0D 54B84A00 MOV ECX,DWORD PTR DS:[4AB854] ; DTMM.004ADB08
004A93E2 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A93E4 |. 8B15 78CC4800 MOV EDX,DWORD PTR DS:[48CC78] ; DTMM.0048CCB8
004A93EA |. E8 BD71F8FF CALL DTMM.004305AC
004A93EF |. 8B0D 18B94A00 MOV ECX,DWORD PTR DS:[4AB918] ; DTMM.004ADB10
004A93F5 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A93F7 |. 8B15 F8CD4800 MOV EDX,DWORD PTR DS:[48CDF8] ; DTMM.0048CE38
004A93FD |. E8 AA71F8FF CALL DTMM.004305AC
004A9402 |. 8B0D 24B94A00 MOV ECX,DWORD PTR DS:[4AB924] ; DTMM.004BF028
004A9408 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A940A |. 8B15 30364A00 MOV EDX,DWORD PTR DS:[4A3630] ; DTMM.004A3670
004A9410 |. E8 9771F8FF CALL DTMM.004305AC
004A9415 |. 8B0D 98B94A00 MOV ECX,DWORD PTR DS:[4AB998] ; DTMM.004ADADC
004A941B |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A941D |. 8B15 68A04800 MOV EDX,DWORD PTR DS:[48A068] ; DTMM.0048A0A8
004A9423 |. E8 8471F8FF CALL DTMM.004305AC
004A9428 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004A942A |. E8 0972F8FF CALL DTMM.00430638
004A942F |. EB 2B JMP SHORT DTMM.004A945C
004A9431 |> 833D 58F04B00>CMP DWORD PTR DS:[4BF058],62 <------从004A9351跳过来的!
004A9438 |. 75 12 JNZ SHORT DTMM.004A944C <----看来这里是检查license的有效性!如果license有效就继续检测是否到期!否则就跳到显示无效信息处!
004A943A |. 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
004A943C |. 6A 00 PUSH 0 ; |Title = NULL
004A943E |. 68 B8944A00 PUSH DTMM.004A94B8 ; |your authorisation code has expired <----看来这里是检查license的有效性!
004A9443 |. 6A 00 PUSH 0 ; |hOwner = NULL
004A9445 |. E8 32D4F5FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004A944A |. EB 10 JMP SHORT DTMM.004A945C
004A944C |> 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL <----从004A9438跳过来!
004A944E |. 6A 00 PUSH 0 ; |Title = NULL
004A9450 |. 68 DC944A00 PUSH DTMM.004A94DC ; |your license file for dtmm is invalid <----双击后来到这里!
004A9455 |. 6A 00 PUSH 0 ; |hOwner = NULL
004A9457 |. E8 20D4F5FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
将004A934A 8325 58F04B00>CMP DWORD PTR DS:[4BF058],0 改为:004A934A 8325 58F04B00>AND DWORD PTR DS:[4BF058],0 即可!
这样一来,DS的值就置0了,怎么也不可能出现jnz的情况了!F9试试,哈哈直接就进去了!
OK!将修改保存一下吧!
今天上网的时候居然发现这个软件版本更新了,所以想看看它的保护是否也做了相应调整,于是down下来,
在安装的时候会要求填入相应的信息(我乱填的!^_^),否则就无法继续,装完一运行,弹出对话框:your license file for dtmm is invalid! 然后程序自己就挂了!
PEID显示无壳!
打开OD载入,查找字符串,在“your license file for dtmm is invalid”上面双击来到下面:
004EC75E 833D F8365000>CMP DWORD PTR DS:[5036F8],0 <----在这里改!就改一个字节!将CMP改为AND即可!
004EC765 |. 0F85 E2000000 JNZ DTMM.004EC84D
004EC76B |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004EC76D |. E8 0260FAFF CALL DTMM.00492774
004EC772 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004EC774 |. BA B8C84E00 MOV EDX,DTMM.004EC8B8 ; desktop molecular modeller
004EC779 |. E8 EE5BFAFF CALL DTMM.0049236C
004EC77E |. A1 90F44E00 MOV EAX,DWORD PTR DS:[4EF490]
004EC783 |. C600 00 MOV BYTE PTR DS:[EAX],0
004EC786 |. 8B0D 64F24E00 MOV ECX,DWORD PTR DS:[4EF264] ; DTMM.005036B0
004EC78C |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004EC78E |. 8B15 88714D00 MOV EDX,DWORD PTR DS:[4D7188] ; DTMM.004D71D4
004EC794 |. E8 F35FFAFF CALL DTMM.0049278C
004EC799 |. 8B0D 64EF4E00 MOV ECX,DWORD PTR DS:[4EEF64] ; DTMM.004F2144
004EC79F |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004EC7A1 |. 8B15 88FC4B00 MOV EDX,DWORD PTR DS:[4BFC88] ; DTMM.004BFCD4
004EC7A7 |. E8 E05FFAFF CALL DTMM.0049278C
004EC7AC |. 8B0D F0F34E00 MOV ECX,DWORD PTR DS:[4EF3F0] ; DTMM.004F215C
004EC7B2 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004EC7B4 |. 8B15 0C2D4C00 MOV EDX,DWORD PTR DS:[4C2D0C] ; DTMM.004C2D58
004EC7BA |. E8 CD5FFAFF CALL DTMM.0049278C
004EC7BF |. 8B0D A4F34E00 MOV ECX,DWORD PTR DS:[4EF3A4] ; DTMM.004F2164
004EC7C5 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004EC7C7 |. 8B15 503C4C00 MOV EDX,DWORD PTR DS:[4C3C50] ; DTMM.004C3C9C
004EC7CD |. E8 BA5FFAFF CALL DTMM.0049278C
004EC7D2 |. 8B0D 08F54E00 MOV ECX,DWORD PTR DS:[4EF508] ; DTMM.004F21A0
004EC7D8 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004EC7DA |. 8B15 34294D00 MOV EDX,DWORD PTR DS:[4D2934] ; DTMM.004D2980
004EC7E0 |. E8 A75FFAFF CALL DTMM.0049278C
004EC7E5 |. 8B0D F0F14E00 MOV ECX,DWORD PTR DS:[4EF1F0] ; DTMM.004F216C
004EC7EB |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004EC7ED |. 8B15 E8424C00 MOV EDX,DWORD PTR DS:[4C42E8] ; DTMM.004C4334
004EC7F3 |. E8 945FFAFF CALL DTMM.0049278C
004EC7F8 |. 8B0D 54EF4E00 MOV ECX,DWORD PTR DS:[4EEF54] ; DTMM.004F2180
004EC7FE |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004EC800 |. 8B15 E0604C00 MOV EDX,DWORD PTR DS:[4C60E0] ; DTMM.004C612C
004EC806 |. E8 815FFAFF CALL DTMM.0049278C
004EC80B |. 8B0D 9CF04E00 MOV ECX,DWORD PTR DS:[4EF09C] ; DTMM.004F2188
004EC811 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004EC813 |. 8B15 E0624C00 MOV EDX,DWORD PTR DS:[4C62E0] ; DTMM.004C632C
004EC819 |. E8 6E5FFAFF CALL DTMM.0049278C
004EC81E |. 8B0D B8F04E00 MOV ECX,DWORD PTR DS:[4EF0B8] ; DTMM.00503698
004EC824 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004EC826 |. 8B15 746D4D00 MOV EDX,DWORD PTR DS:[4D6D74] ; DTMM.004D6DC0
004EC82C |. E8 5B5FFAFF CALL DTMM.0049278C
004EC831 |. 8B0D 80F14E00 MOV ECX,DWORD PTR DS:[4EF180] ; DTMM.004F2154
004EC837 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004EC839 |. 8B15 BC2A4C00 MOV EDX,DWORD PTR DS:[4C2ABC] ; DTMM.004C2B08
004EC83F |. E8 485FFAFF CALL DTMM.0049278C
004EC844 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004EC846 |. E8 C15FFAFF CALL DTMM.0049280C
004EC84B |. EB 2B JMP SHORT DTMM.004EC878
004EC84D |> 833D F8365000>CMP DWORD PTR DS:[5036F8],62
004EC854 |. 75 12 JNZ SHORT DTMM.004EC868
004EC856 |. 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
004EC858 |. 6A 00 PUSH 0 ; |Title = NULL
004EC85A |. 68 D4C84E00 PUSH DTMM.004EC8D4 ; |your authorisation code has expired
004EC85F |. 6A 00 PUSH 0 ; |hOwner = NULL
004EC861 |. E8 F6B5F1FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004EC866 |. EB 10 JMP SHORT DTMM.004EC878
004EC868 |> 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
004EC86A |. 6A 00 PUSH 0 ; |Title = NULL
004EC86C |. 68 F8C84E00 PUSH DTMM.004EC8F8 ; |your license file for dtmm is invalid
004EC871 |. 6A 00 PUSH 0 ; |hOwner = NULL
004EC873 |. E8 E4B5F1FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
大致看了一下,没有什么好说的,和4.1版一样,还是就改一个字节干掉它!
将004EC75E 8325 F8365000>CMP DWORD PTR DS:[5036F8],0 改为
004EC75E 833D F8365000>AND DWORD PTR DS:[5036F8],0 即可!
F9试试,哈哈直接就进去了!
OK!将修改保存一下吧! |
|
IP卡
发表于 2006-8-28 10:47:33
提升卡
置顶卡
变色卡
千斤顶
显身卡