|
 | 作者: liow [afertc]
 论坛用户 |
登录 |
| 菜鸟现急需一软件,但此软件非注册版本限制功能。为此,急学一星期如何破解,现通过W32DSM查看源程序,知道关键CALL位置应该在下段文字中。请高手指点,如果暴力破解,请问应修改哪处,如果要显示注册码,又应该在何处查找哪段代码? 再次感谢大侠指导!!!!!! :004113E6 E88B250200 call 00433976 :004113EB 6874010000 push 00000174 :004113F0 51 push ecx :004113F1 8D466C lea eax, dword ptr [esi+6C] :004113F4 8BCC mov ecx, esp :004113F6 89642410 mov dword ptr [esp+10], esp :004113FA 50 push eax :004113FB E883F40100 call 00430883 :00411400 8D4C240C lea ecx, dword ptr [esp+0C] :00411404 51 push ecx :00411405 8BCE mov ecx, esi :00411407 E894020000 call 004116A0 :0041140C 8B4668 mov eax, dword ptr [esi+68] :0041140F 8B542404 mov edx, dword ptr [esp+04] :00411413 50 push eax :00411414 52 push edx :00411415 C744241C00000000 mov [esp+1C], 00000000 :0041141D E885E20000 call 0041F6A7 :00411422 83C408 add esp, 00000008 :00411425 85C0 test eax, eax :00411427 7523 jne 0041144C :00411429 8BCE mov ecx, esi :0041142B E860000000 call 00411490 :00411430 6A40 push 00000040 * Possible StringData Ref from Data Obj ->"提醒:" | :00411432 6850754600 push 00467550 * Possible StringData Ref from Data Obj ->"注册成功,欢迎使用!" | :00411437 6820844600 push 00468420 :0041143C 8BCE mov ecx, esi :0041143E E8BC180200 call 00432CFF :00411443 8BCE mov ecx, esi :00411445 E827410200 call 00435571 :0041144A EB20 jmp 0041146C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00411427(C) | :0041144C 6A40 push 00000040 * Possible StringData Ref from Data Obj ->"提醒:" | :0041144E 6850754600 push 00467550 * Possible StringData Ref from Data Obj ->"注册号码错误,请重新输入!" | :00411453 6804844600 push 00468404 :00411458 8BCE mov ecx, esi :0041145A E8A0180200 call 00432CFF :0041145F 837E5C03 cmp dword ptr [esi+5C], 00000003 :00411463 7C07 jl 0041146C :00411465 8BCE mov ecx, esi :00411467 E81E410200 call 0043558A * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0041144A(U), :00411463(C) | :0041146C 8D4C2404 lea ecx, dword ptr [esp+04] :00411470 C7442414FFFFFFFF mov [esp+14], FFFFFFFF :00411478 E891F60100 call 00430B0E :0041147D 8B4C240C mov ecx, dword ptr [esp+0C] :00411481 5E pop esi :00411482 64890D00000000 mov dword ptr fs:[00000000], ecx :00411489 83C414 add esp, 00000014 :0041148C C3 ret |
| 地主 发表时间: 05-01-25 13:29 |
 | 回复: playx [playx] 论坛用户 |
登录 |
|
:00411422 83C408 add esp, 00000008 :00411425 85C0 test eax, eax :00411427 7523 jne 0041144C ------------------ :00411429 8BCE mov ecx, esi :0041142B E860000000 call 00411490 :00411430 6A40 push 00000040 00411427 7523 jne 0041144C //此为关键跳转, 爆破改jne 为 je就行.用uedit打开,ctrl+f 搜索85c07523,找到后把75改成74试试.因提供的反汇编代码不多,所以不敢保证在其它地方没有再验证. 追注册码的话在用ollgdug 打开文件,在 004113F0 51 push ecx 处下断,然后运行,正常注册,程序被拦截后按F8/F7单步跟踪,时刻注意右下和右上两个窗口的状态,也许会发现真注册码的. 什么软件,发一份来我看看吧. playx@2yo.cn |
| B1层 发表时间: 05-01-25 15:12 |
 | 回复: qmdjzgqt [qmdjzgqt]  论坛用户 |
登录 |
|
为什么要“搜索85c07523”呢? 其他也这样吗?怎么知道的? 是不是 :00411425 “85C0” test eax, eax :00411427 “7523” jne 0041144C ------------------ 我上面加了引号的组合呢? |
| B2层 发表时间: 05-01-25 22:58 |
| 回复: qmdjzgqt [qmdjzgqt] 论坛用户 |
登录 |
|
按照以上思路,我爆破了一个服务器软件。 还真要谢谢: playx [playx] |
| B3层 发表时间: 05-01-26 00:56 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 编程破解
标题: 关于共享软件破解的问题,请高手指点。