还差个注册表键值 用户名是什么?
本帖最后由 冥界3大法王 于 2019-7-31 10:36 编辑Windows Registry Editor Version 5.00
"CredentialK"="HGGH5588989898-JKJKHGHGH44545" 这是我胡编的,能读取到
"License Name"=?这是6.05的几何画板,这个地方没搞定注册给谁(这个不能。。。)
00655C04 ==>01
当跟到这里时发现
004F4F58|.68 889A6500 push GSP5.00659A88 ; /License
004F4F5D|.BF 19000200 mov edi, 20019 ; |
004F4F62|.E8 79FCFFFF call GSP5.004F4BE0 ; \GSP5.004F4BE0
堆栈则是:0019E56C 0019E5B4UNICODE "CredentialK"
所以注册表中马上创建该键值
004E70D4|.51 push ecx ; /Arg3 = 07DD03F7
004E70D5|.8D5424 10 lea edx, dword ptr ss: ; |
004E70D9|.52 push edx ; |Arg2 = 00000000
004E70DA|.8BCF mov ecx, edi ; |
004E70DC|.51 push ecx ; |Arg1 = 07DD03F7
004E70DD|.8BCE mov ecx, esi ; |
004E70DF|.8BD0 mov edx, eax ; |
004E70E1|.E8 2ADE0000 call GSP5.004F4F10 ; \GSP5.004F4F10
004E70E6|.8B7C24 0C mov edi, dword ptr ss: ;跟到这里时发现我自己胡搞的注册表键值(假的注册码)
00430D20/$81EC 0C020000 sub esp, 20C ;看何处调用
00430D26|.A1 9C496A00 mov eax, dword ptr ds:
00430D2B|.33C4 xor eax, esp
00430D2D|.898424 040200>mov dword ptr ss:, eax
00430D34|.8B0D 20A26B00 mov ecx, dword ptr ds:
00430D3A|.0FB6148D 005C>movzx edx, byte ptr ds: ;关键1
esp=0019F9E8
Local calls/jumps from 0040F3E0, 0040F476, 0040FC62, 00430E00, 00430E33, 00430E5B, 004E0F6F, 00516E93, 00517DA5
===========================================================================
0058959B|.E8 46BCFFFF call GSP5.005851E6
005895A0|.83C4 10 add esp,0x10 ;硬件 写入断到后,到达这
005895A3|.FF75 08 push ; /String
005895A6|.FF15 88526300 call dword ptr ds:[<&KERNEL32.lstrlenW>] ; \lstrlenW
005895AC|.8B4D F0 mov ecx,
005895AF|.83C1 F0 add ecx,-0x10
005895B2|.8BF0 mov esi,eax
005895B4|.E8 5732ECFF call GSP5.0044C810
005895B9|.8BC6 mov eax,esi
005895BB|>E8 A3D90600 call GSP5.005F6F63
005895C0\.C2 0800 retn 0x8
============================================================================
004FDE8D . /74 1C je short GSP5.004FDEAB
004FDE8F . |389E AC000000 cmp byte ptr ds:,bl
004FDE95 . |74 14 je short GSP5.004FDEAB
004FDE97 . |8B86 A0000000 mov eax,dword ptr ds:
004FDE9D . |8B8E B0000000 mov ecx,dword ptr ds:
004FDEA3 . |50 push eax
004FDEA4 . |FFD1 call ecx ;这句我们F7
004FDEA6 . |83C4 04 add esp,0x4
004FDEA9 . |8BD8 mov ebx,eax
004FDEAB > \85DB test ebx,ebx
004FDEAD .C686 B4000000>mov byte ptr ds:,0x0
004FDEB4 .74 0E je short GSP5.004FDEC4
004FDEB6 .8B16 mov edx,dword ptr ds:
004FDEB8 .8B82 74010000 mov eax,dword ptr ds:
004FDEBE .6A 00 push 0x0
004FDEC0 .8BCE mov ecx,esi
004FDEC2 .FFD0 call eax ;注册失败
============================================================================
F7跟入后,这里是
00430769 . /0F84 AF000000 je GSP5.0043081E==》跟出的假的 注册名
004307CC . /74 57 je short GSP5.00430825 ;===》修改这里!
00430808 .E8 C39A0C00 call GSP5.004FA2D0 弹框
0019D540 0019D570UNICODE "This license is registered for the current user. To register the license for all users of this compu"
00488BB9|. /74 24 je short GSP5.00488BDF 注册码原来在这!
不要破解补丁,那样是侮辱我们。 {:301_1006:}
感谢分享
页:
[1]