• <button id="ywcoc"><input id="ywcoc"></input></button>
  • <object id="ywcoc"><blockquote id="ywcoc"></blockquote></object>
    <table id="ywcoc"></table>
  • 技術資料
    數字報紙制作軟件彩虹加密狗破解全過程
    時間:2016-10-24 09:10:53     點擊數:1695 次

    數字報紙制作軟件彩虹加密狗破解全過程如下:

    這是一個數字報紙制作軟件,用的是彩虹加密狗。PEID檢測為Microsoft Visual C++ 6.0,無殼。

    OD加載,中斷在程序入口:

    004D4740 >/$  55            push ebp                                 ;  (initial cpu selection)

    004D4741  |.  8BEC          mov ebp,esp

    004D4743  |.  6A FF         push -0x1

    004D4745  |.  68 D87F4E00   push 51Crack.004E7FD8

    004D474A  |.  68 1C494D00   push <jmp.&MSVCRT._except_handler3>      ;  SE 處理程序安裝

    004D474F  |.  64:A1 0000000>mov eax,dword ptr fs:[0]

    004D4755  |.  50            push eax

    004D4756  |.  64:8925 00000>mov dword ptr fs:[0],esp

    004D475D  |.  83EC 68       sub esp,0x68

    004D4760  |.  53            push ebx

    004D4761  |.  56            push esi

    下面開始查找打開加密狗、檢測加密狗、寫加密狗函數代碼:

    004326E1  |.  FF15 70BB4D00 call dword ptr ds:[<&MSVCRT.clock>]      ;  msvcrt.clock

    004326E7  |.  50            push eax                                 ; /seed

    004326E8  |.  FF15 74BB4D00 call dword ptr ds:[<&MSVCRT.srand>]      ; \srand

    004326EE  |.  83C4 04       add esp,0x4

    004326F1  |.  FF15 00BB4D00 call dword ptr ds:[<&MSVCRT.rand>]       ; [rand

    004326F7  |.  69C0 FFFF0000 imul eax,eax,0xFFFF

    004326FD  |.  8945 F8       mov [local.2],eax

    00432700  |.  8B45 F8       mov eax,[local.2]

    00432703  |.  50            push eax

    00432704  |.  E8 3D130A00   call <jmp.&check.Lock32_Function>  //檢測加密狗是否存在

    00432709  |.  8945 F4       mov [local.3],eax

    0043270C  |.  837D F4 04    cmp [local.3],0x4

    00432710  |.  75 16         jnz short 51Crack.00432728  //加密狗破解關鍵點一

    00432712  |.  6A 00         push 0x0

    00432714  |.  6A 00         push 0x0

     

    繼續查找:

    00432190  |. /7D 5D         |jge short 51Crack.004321EF

    00432192  |. |8D8D B8FAFFFF |lea ecx,[local.338]

    00432198  |. |51            |push ecx

    00432199  |. |8B95 F4A4FFFF |mov edx,[local.5827]

    0043219F  |. |52            |push edx

    004321A0  |. |E8 9B180A00   |call <jmp.&check.ReadLock>  //讀取加密狗函數

    004321A5  |. |8B8D F4A4FFFF |mov ecx,[local.5827]

    004321AB  |. |8B95 E8FEFFFF |mov edx,[local.70]

    004321B1  |. |89048A        |mov dword ptr ds:[edx+ecx*4],eax

    004321B4  |. |8B85 F4A4FFFF |mov eax,[local.5827]

    004321BA  |. |8B8D E8FEFFFF |mov ecx,[local.70]

    004321C0  |. |833C81 00     |cmp dword ptr ds:[ecx+eax*4],0x0

    004321C4  |. |75 27         |jnz short 51Crack.004321ED  //加密狗破解關鍵點二

    004321C6  |. |C785 ACA4FFFF>|mov [local.5845],-0x3

    004321D0  |. |C745 FC FFFFF>|mov [local.1],-0x1

    004321D7  |. |8D8D B4FAFFFF |lea ecx,[local.339]

    004321DD  |. |E8 A2190A00   |call <jmp.&MFC42.#CString::~CString_800>

    004321E2  |. |8B85 ACA4FFFF |mov eax,[local.5845]

    004321E8  |. |E9 38010000   |jmp 51Crack.00432325

    004321ED  |>^|EB 8B         \jmp short 51Crack.0043217A

    004321EF  |> \6A 12         push 0x12                                ; /n = 12 (18.)

    004321F1  |.  6A 00         push 0x0                                 ; |c = 00

    004321F3  |.  8D95 A0FAFFFF lea edx,[local.344]                      ; |

    004321F9  |.  52            push edx                                 ; |s

    004321FA  |.  E8 D5220A00   call <jmp.&MSVCRT.memset>                ; \memset

     

    打開加密狗函數:

    00391110 >  8B4424 04       mov eax,dword ptr ss:[esp+0x4]

    00391114    B9 40B33A00     mov ecx,cdll5.003AB340

    00391119    50              push eax

    0039111A    E8 51010000     call cdll5.00391270

    0039111F    C2 0400         retn 0x4

     

    讀取加密狗數據:

    00391130 >  51              push ecx

    00391131    8B4424 0C       mov eax,dword ptr ss:[esp+0xC]

    00391135    8B5424 08       mov edx,dword ptr ss:[esp+0x8]

    00391139    8D4C24 00       lea ecx,dword ptr ss:[esp]

    0039113D    50              push eax

    0039113E    51              push ecx

    0039113F    52              push edx

    00391140    B9 40B33A00     mov ecx,cdll5.003AB340

    00391145    C74424 0C 00000>mov dword ptr ss:[esp+0xC],0x0

    0039114D    E8 BE010000     call cdll5.00391310

    00391152    8B4424 00       mov eax,dword ptr ss:[esp]

    00391156    59              pop ecx

    00391157    C2 0800         retn 0x8

     

    寫加密狗函數:

    00391180 >  8B4424 10       mov eax,dword ptr ss:[esp+0x10]

    00391184    8B4C24 0C       mov ecx,dword ptr ss:[esp+0xC]

    00391188    56              push esi

    00391189    8B7424 08       mov esi,dword ptr ss:[esp+0x8]

    0039118D    50              push eax

    0039118E    8D5424 10       lea edx,dword ptr ss:[esp+0x10]

    00391192    51              push ecx

    00391193    52              push edx

    00391194    56              push esi

    00391195    B9 40B33A00     mov ecx,cdll5.003AB340

    0039119A    E8 91010000     call cdll5.00391330

    0039119F    8BCE            mov ecx,esi

    003911A1    5E              pop esi

    003911A2    83E9 00         sub ecx,0x0

    003911A5    74 0A           je short cdll5.003911B1

    003911A7    83E9 06         sub ecx,0x6

    003911AA    74 05           je short cdll5.003911B1

    003911AC    83E9 02         sub ecx,0x2

    003911AF    75 04           jnz short cdll5.003911B5

    003911B1    8B4424 08       mov eax,dword ptr ss:[esp+0x8]

    003911B5    C2 1000         retn 0x10

    繼續查找讀取加密狗的代碼,繼續修改代碼……通過相同的方法,經過多次修改,程序可以正常運行,加密狗破解完美成功!

    轉到頁頭】【返回
  • <button id="ywcoc"><input id="ywcoc"></input></button>
  • <object id="ywcoc"><blockquote id="ywcoc"></blockquote></object>
    <table id="ywcoc"></table>
  • 精品一区二区国产在线观看_高h猛烈失禁潮喷a片在线播放_青青国产成人久久111网站_日本免费a片一区二区三区四区