伊娃2.08 破解教程 很久前写的
本帖最后由 a8987216 于 2011-11-4 21:49 编辑这个是我刚接触破解时写的,今天找东西无意找出来的,想删掉呢,还是发上来吧,留个记录,也留给刚接触的朋友吧!
【文章标题】一个骗钱软件的分析【程序名称】伊娃2.08【加壳保护】否【文章作者】a8987216【所需工具】ODPEID【文章说明】无技术含量,给新手看的,老鸟直接飞过无视之方便新手,附上常用命令: JMP 无条件跳转JE 相等则跳JNZ 不相等则跳JGE 大于等于则跳JLE 小于等于则跳retn 返回1.首先PEID查壳,没有加壳。
2.OD载入,软件没加壳,直接查找ASCII字符串,找到与登陆有关的信息,以下是代码片段
00426E81 /73 21 jnb short 伊娃2_08.00426EA4 卡号不为空就跳,我们改为JMP00426E83 . |6A 30 push 0x30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL00426E85 . |68 18404600 push 伊娃2_08.00464018 ; |提示00426E8A . |68 20404600 push 伊娃2_08.00464020 ; |请输入卡号!!00426E8F . |8B85 E8F7FFFF mov eax,dword ptr ss: ; |00426E95 . |8B48 20 mov ecx,dword ptr ds: ; |00426E98 . |51 push ecx ; |hOwner00426E99 . |FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA00426E9F . |E9 9C030000 jmp 伊娃2_08.0042724000426EA4 > \8D95 F0F7FFFF lea edx,dword ptr ss:00426EAA .52 push edx ; /s00426EAB .E8 CCB30200 call <jmp.&MSVCRT.strlen> ; \strlen00426EB0 .83C4 04 add esp,0x400426EB3 .83F8 20 cmp eax,0x2000426EB6 74 23 je short 伊娃2_08.00426EDB
同上,改为JMP00426EB8 .6A 30 push 0x30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL00426EBA .8D85 F0F7FFFF lea eax,dword ptr ss: ; |00426EC0 .50 push eax ; |Title00426EC1 .68 30404600 push 伊娃2_08.00464030 ; |卡号长度不正确,应为32个字节!!00426EC6 .8B8D E8F7FFFF mov ecx,dword ptr ss: ; |00426ECC .8B51 20 mov edx,dword ptr ds: ; |00426ECF .52 push edx ; |hOwner00426ED0 .FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA00426ED6 .E9 65030000 jmp 伊娃2_08.0042724000426EDB >8D85 F0FBFFFF lea eax,dword ptr ss:00426EE1 .50 push eax ; /s00426EE2 .E8 95B30200 call <jmp.&MSVCRT.strlen> ; \strlen00426EE7 .83C4 04 add esp,0x400426EEA .83F8 01 cmp eax,0x100426EED 73 21 jnb short 伊娃2_08.00426F10同上,改为JMP00426EEF .6A 30 push 0x30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL00426EF1 .68 50404600 push 伊娃2_08.00464050 ; |提示00426EF6 .68 58404600 push 伊娃2_08.00464058 ; |请输入密码!!00426EFB .8B8D E8F7FFFF mov ecx,dword ptr ss: ; |00426F01 .8B51 20 mov edx,dword ptr ds: ; |00426F04 .52 push edx ; |hOwner00426F05 .FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA00426F0B .E9 30030000 jmp 伊娃2_08.0042724000426F10 >8D85 F0FBFFFF lea eax,dword ptr ss:00426F16 .50 push eax ; /s00426F17 .E8 60B30200 call <jmp.&MSVCRT.strlen> ; \strlen00426F1C .83C4 04 add esp,0x400426F1F .83F8 20 cmp eax,0x2000426F22 74 23 je short 伊娃2_08.00426F47同上,改为JMP00426F24 .6A 30 push 0x30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL00426F26 .8D8D F0FBFFFF lea ecx,dword ptr ss: ; |00426F2C .51 push ecx ; |Title00426F2D .68 68404600 push 伊娃2_08.00464068 ; |密码长度不正确,应为32个字节!!00426F32 .8B95 E8F7FFFF mov edx,dword ptr ss: ; |00426F38 .8B42 20 mov eax,dword ptr ds: ; |00426F3B .50 push eax ; |hOwner00426F3C .FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA00426F42 .E9 F9020000 jmp 伊娃2_08.0042724000426F47 >8D8D F0FBFFFF lea ecx,dword ptr ss:00426F4D .51 push ecx00426F4E .8D95 F0F7FFFF lea edx,dword ptr ss:00426F54 .52 push edx00426F55 .B9 A8591A02 mov ecx,伊娃2_08.021A59A800426F5A .E8 710B0000 call 伊娃2_08.00427AD000426F5F .85C0 test eax,eax00426F61 75 21 jnz short 伊娃2_08.00426F84 同上,改为JMP00426F63 .6A 40 push 0x40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL00426F65 .68 88404600 push 伊娃2_08.00464088 ; |提示00426F6A .68 90404600 push 伊娃2_08.00464090 ; |你输入的卡密无效!!00426F6F .8B85 E8F7FFFF mov eax,dword ptr ss: ; |00426F75 .8B48 20 mov ecx,dword ptr ds: ; |00426F78 .51 push ecx ; |hOwner00426F79 .FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA00426F7F .E9 BC020000 jmp 伊娃2_08.0042724000426F84 >C745 FC 00000>mov dword ptr ss:,0x000426F8B .8D95 F0FBFFFF lea edx,dword ptr ss:
到这里,我们已经解决登陆问题了,我们不用输入任何东西,直接点 “登陆点卡” 就行当然,我们也可以把 00426E81
处的代码直接改为
00426E81 /E9 FE000000 jmp 伊娃2_08.00426F84 这样就直接跳过验证了
来测试下,选择需要登陆点卡才能用的功能,结果又出现 “账户余额不足,请及时充值!” ,我们再解决这个问题我们来到 00446583 处,OK,继续修改
004464F2/$55 push ebp004464F3|.8BEC mov ebp,esp004464F5|.83EC 60 sub esp,0x60004464F8|.E8 E3180000 call 伊娃2_08.00447DE0004464FD|.85C0 test eax,eax004464FF|.75 40 jnz short 伊娃2_08.00446541 由于我们之前已经把登陆问题解决掉了,所以这个跳转肯定会实现00446501|.51 push ecx00446502|.8BCC mov ecx,esp00446504|.8965 DC mov ,esp00446507|.68 6C9B4600 push 伊娃2_08.00469B6C ;请登录点卡!!\r\n你只有在登录点卡后才可以使用此功能!!0044650C|.E8 69B90000 call <jmp.&MFC42.#537>00446511|.8945 BC mov ,eax00446514|.E8 A267FFFF call 伊娃2_08.0043CCBB00446519|.83C4 04 add esp,0x40044651C|.E8 DF180000 call 伊娃2_08.00447E0000446521|.6A 30 push 0x30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL00446523|.68 A09B4600 push 伊娃2_08.00469BA0 ; |请登录点卡!!00446528|.68 B09B4600 push 伊娃2_08.00469BB0 ; |请登录点卡!!\r\n你只有在登录点卡后才可以使用此功能!!0044652D|.A1 70D74102 mov eax,dword ptr ds: ; |00446532|.50 push eax ; |hOwner => 001E02B0 ('伊娃-点卡登录/用户信息',class='#32770')00446533|.FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA00446539|.8945 FC mov ,eax0044653C|.E9 2B020000 jmp 伊娃2_08.0044676C00446541|>833D 6C721A02>cmp dword ptr ds:,0xA00446548 7D 41 jge short 伊娃2_08.0044658B 这里余额若大于则跳,我们改为JMP0044654A|.51 push ecx0044654B|.8BCC mov ecx,esp0044654D|.8965 D8 mov ,esp00446550|.68 E49B4600 push 伊娃2_08.00469BE4 ;你的帐号保证金余额不足,请给你的帐号充值!!00446555|.E8 20B90000 call <jmp.&MFC42.#537>0044655A|.8945 B8 mov ,eax0044655D|.E8 5967FFFF call 伊娃2_08.0043CCBB00446562|.83C4 04 add esp,0x400446565|.E8 96180000 call 伊娃2_08.00447E000044656A|.6A 30 push 0x30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL0044656C|.68 109C4600 push 伊娃2_08.00469C10 ; |请给你的帐号充值!!00446571|.68 249C4600 push 伊娃2_08.00469C24 ; |你的帐号保证金余额不足,请给你的帐号充值!!00446576|.8B0D 70D74102 mov ecx,dword ptr ds: ; |0044657C|.51 push ecx ; |hOwner => 001E02B0 ('伊娃-点卡登录/用户信息',class='#32770')0044657D|.FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA00446583|.8945 F8 mov ,eax00446586|.E9 E1010000 jmp 伊娃2_08.0044676C0044658B|>813D 6C721A02>cmp dword ptr ds:,0x12C00446595 7D 41 jge short 伊娃2_08.004465D8 同上,我们改为JMP00446597|.51 push ecx00446598|.8BCC mov ecx,esp0044659A|.8965 D4 mov ,esp0044659D|.68 509C4600 push 伊娃2_08.00469C50 ;你的帐号保证金余额不足300,请给你的帐号充值!!004465A2|.E8 D3B80000 call <jmp.&MFC42.#537>004465A7|.8945 B4 mov ,eax004465AA|.E8 0C67FFFF call 伊娃2_08.0043CCBB004465AF|.83C4 04 add esp,0x4004465B2|.E8 49180000 call 伊娃2_08.00447E00004465B7|.6A 30 push 0x30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL004465B9|.68 809C4600 push 伊娃2_08.00469C80 ; |请给你的帐号充值!!004465BE|.68 949C4600 push 伊娃2_08.00469C94 ; |你的帐号保证金余额不足300,请给你的帐号充值!!004465C3|.8B15 70D74102 mov edx,dword ptr ds: ; |004465C9|.52 push edx ; |hOwner => 001E02B0 ('伊娃-点卡登录/用户信息',class='#32770')004465CA|.FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA004465D0|.8945 F4 mov ,eax004465D3|.E9 94010000 jmp 伊娃2_08.0044676C004465D8|>813D 6C721A02>cmp dword ptr ds:,0x1F4004465E2 7D 42 jge short 伊娃2_08.00446626 同上,我们改为JMP004465E4|.51 push ecx004465E5|.8BCC mov ecx,esp004465E7|.8965 D0 mov ,esp004465EA|.68 C49C4600 push 伊娃2_08.00469CC4 ;你的帐号保证金余额不足500,请给你的帐号充值!!004465EF|.E8 86B80000 call <jmp.&MFC42.#537>004465F4|.8945 B0 mov ,eax004465F7|.E8 BF66FFFF call 伊娃2_08.0043CCBB004465FC|.83C4 04 add esp,0x4004465FF|.E8 FC170000 call 伊娃2_08.00447E0000446604|.6A 30 push 0x30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL00446606|.68 F49C4600 push 伊娃2_08.00469CF4 ; |请给你的帐号充值!!0044660B|.68 089D4600 push 伊娃2_08.00469D08 ; |你的帐号保证金余额不足500,请给你的帐号充值!!00446610|.A1 70D74102 mov eax,dword ptr ds: ; |00446615|.50 push eax ; |hOwner => 001E02B0 ('伊娃-点卡登录/用户信息',class='#32770')00446616|.FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA0044661C|.8945 F0 mov ,eax0044661F|.33C0 xor eax,eax00446621|.E9 4B010000 jmp 伊娃2_08.0044677100446626|>813D 6C721A02>cmp dword ptr ds:,0x2BC00446630 7D 41 jge short 伊娃2_08.00446673 同上,我们改为JMP00446632|.51 push ecx00446633|.8BCC mov ecx,esp00446635|.8965 CC mov ,esp00446638|.68 389D4600 push 伊娃2_08.00469D38 ;你的帐号保证金余额不足700,请给你的帐号充值!!0044663D|.E8 38B80000 call <jmp.&MFC42.#537>00446642|.8945 AC mov ,eax00446645|.E8 7166FFFF call 伊娃2_08.0043CCBB0044664A|.83C4 04 add esp,0x40044664D|.E8 AE170000 call 伊娃2_08.00447E0000446652|.6A 30 push 0x30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL00446654|.68 689D4600 push 伊娃2_08.00469D68 ; |请给你的帐号充值!!00446659|.68 7C9D4600 push 伊娃2_08.00469D7C ; |你的帐号保证金余额不足700,请给你的帐号充值!!0044665E|.8B0D 70D74102 mov ecx,dword ptr ds: ; |00446664|.51 push ecx ; |hOwner => 001E02B0 ('伊娃-点卡登录/用户信息',class='#32770')00446665|.FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA0044666B|.8945 EC mov ,eax0044666E|.E9 F9000000 jmp 伊娃2_08.0044676C00446673|>813D 6C721A02>cmp dword ptr ds:,0x3840044667D 7D 41 jge short 伊娃2_08.004466C0 同上,我们改为JMP0044667F|.51 push ecx00446680|.8BCC mov ecx,esp00446682|.8965 C8 mov ,esp00446685|.68 AC9D4600 push 伊娃2_08.00469DAC ;你的帐号保证金余额不足900,请给你的帐号充值!!0044668A|.E8 EBB70000 call <jmp.&MFC42.#537>0044668F|.8945 A8 mov ,eax00446692|.E8 2466FFFF call 伊娃2_08.0043CCBB00446697|.83C4 04 add esp,0x40044669A|.E8 61170000 call 伊娃2_08.00447E000044669F|.6A 30 push 0x30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL004466A1|.68 DC9D4600 push 伊娃2_08.00469DDC ; |请给你的帐号充值!!004466A6|.68 F09D4600 push 伊娃2_08.00469DF0 ; |你的帐号保证金余额不足900,请给你的帐号充值!!004466AB|.8B15 70D74102 mov edx,dword ptr ds: ; |004466B1|.52 push edx ; |hOwner => 001E02B0 ('伊娃-点卡登录/用户信息',class='#32770')004466B2|.FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA004466B8|.8945 E8 mov ,eax004466BB|.E9 AC000000 jmp 伊娃2_08.0044676C004466C0|>813D 6C721A02>cmp dword ptr ds:,0x5DC004466CA 7D 3D jge short 伊娃2_08.00446709 同上,我们改为JMP004466CC|.51 push ecx004466CD|.8BCC mov ecx,esp004466CF|.8965 C4 mov ,esp004466D2|.68 209E4600 push 伊娃2_08.00469E20 ;你的帐号保证金余额不足1500,请给你的帐号充值!!004466D7|.E8 9EB70000 call <jmp.&MFC42.#537>004466DC|.8945 A4 mov ,eax004466DF|.E8 D765FFFF call 伊娃2_08.0043CCBB004466E4|.83C4 04 add esp,0x4004466E7|.E8 14170000 call 伊娃2_08.00447E00004466EC|.6A 30 push 0x30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL004466EE|.68 509E4600 push 伊娃2_08.00469E50 ; |请给你的帐号充值!!004466F3|.68 649E4600 push 伊娃2_08.00469E64 ; |你的帐号保证金余额不足1500,请给你的帐号充值!!004466F8|.A1 70D74102 mov eax,dword ptr ds: ; |004466FD|.50 push eax ; |hOwner => 001E02B0 ('伊娃-点卡登录/用户信息',class='#32770')004466FE|.FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA00446704|.8945 E4 mov ,eax00446707|.EB 63 jmp short 伊娃2_08.0044676C00446709|>813D 6C721A02>cmp dword ptr ds:,0x7D000446713 7D 3E jge short 伊娃2_08.00446753 同上,我们改为JMP00446715|.51 push ecx00446716|.8BCC mov ecx,esp00446718|.8965 C0 mov ,esp0044671B|.68 949E4600 push 伊娃2_08.00469E94 ;你的帐号保证金余额不足2000,请给你的帐号充值!!00446720|.E8 55B70000 call <jmp.&MFC42.#537>00446725|.8945 A0 mov ,eax00446728|.E8 8E65FFFF call 伊娃2_08.0043CCBB0044672D|.83C4 04 add esp,0x400446730|.E8 CB160000 call 伊娃2_08.00447E0000446735|.6A 30 push 0x30 ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL00446737|.68 C49E4600 push 伊娃2_08.00469EC4 ; |请给你的帐号充值!!0044673C|.68 D89E4600 push 伊娃2_08.00469ED8 ; |你的帐号保证金余额不足2000,请给你的帐号充值!!00446741|.8B0D 70D74102 mov ecx,dword ptr ds: ; |00446747|.51 push ecx ; |hOwner => 001E02B0 ('伊娃-点卡登录/用户信息',class='#32770')00446748|.FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA0044674E|.8945 E0 mov ,eax00446751|.EB 19 jmp short 伊娃2_08.0044676C00446753|>6A 40 push 0x40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL00446755|.68 089F4600 push 伊娃2_08.00469F08 ; |提示!!0044675A|.68 109F4600 push 伊娃2_08.00469F10 ; |此功能尚在研发中,请等待以后升级!!0044675F|.8B15 70D74102 mov edx,dword ptr ds: ; |00446765|.52 push edx ; |hOwner => 001E02B0 ('伊娃-点卡登录/用户信息',class='#32770')00446766|.FF15 90684500 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA0044676C|>B8 01000000 mov eax,0x100446771|>8BE5 mov esp,ebp00446773|.5D pop ebp00446774\.C3 retn
到这里大家应该看出来了吧,余额大于2000后就提示
“此功能尚在研发中,请等待以后升级!!”
到这里就返回了,根本就没有主程序,可以看出这是个骗钱的程序,当然,程序里的一些不需要登陆就能用的功能是可以用的,并没有那么神,都是网上的源码抄来的。
Made by.a8987216吾爱破解论坛:www.52pojie.cn
嗯 。。这个好像没看到教程之类的? 回复 沉默 的帖子
嗯,论坛的确没见过,只不过是个骗钱软件而已,没实际意义 暴汗....
强烈BS该作者 表示我是汇编菜鸟,来支持个! 回复 xspxsp123 的帖子
{:301_1005:}不信啊,仗剑天涯了都 回复 xspxsp123 的帖子
额,好吧,我信了{:301_977:} 临睡前再顶一下自己的帖子 学习楼主的详细教程。 学习楼主的详细教程。
页:
[1]
2