求教 api断后就不会了
新人求教,希望有大佬能提供思路网上随便找的东西
查壳,应该是vmp
https://attach.52pojie.cn//forum/202206/23/192902tkyeps6hkh8vy74v.png?l
拖入od如图
https://attach.52pojie.cn//forum/202206/23/193223u66csq5nz5zypc1h.png?l
因为有壳就先运行程序再ctrl+G 401000,结果如图
https://attach.52pojie.cn//forum/202206/23/193456ra5veefcay6c66uu.png?l
感觉不太行就下了个弹窗断点,运行断下如图
https://attach.52pojie.cn//forum/202206/23/193624t0vp1chzol1zg4f5.png?l
没啥特殊的跳转我就单步往下,中间有个call需要软件点击确定才能往下,出了这个call,如图
https://attach.52pojie.cn//forum/202206/23/194708sgwwfvrsxwfwgvic.png?l
说实话到这里感觉要成了,成功失败的字符串能搜索到了,上下找了一下却找不到关键跳,好多jmp
10003296 f30f7f85 b8feff>movdqu dqword ptr ss:,xmm01000329E E8 0DE9FFFF call 10001BB0
100032A3 f30f6f85 b8feff>movdqu xmm0,dqword ptr ss:
100032AB 66:0FC5C0 06 pextrw eax,mm0,0x6
100032B0 0FB7C0 movzx eax,ax
100032B3 50 push eax
100032B4 66:0FC5C0 05 pextrw eax,mm0,0x5
100032B9 0FB7C0 movzx eax,ax
100032BC 50 push eax
100032BD 66:0FC5C0 04 pextrw eax,mm0,0x4
100032C2 0FB7C0 movzx eax,ax
100032C5 50 push eax
100032C6 66:0FC5C0 03 pextrw eax,mm0,0x3
100032CB 0FB7C0 movzx eax,ax
100032CE 50 push eax
100032CF 66:0FC5C0 01 pextrw eax,mm0,0x1
100032D4 0FB7C0 movzx eax,ax
100032D7 50 push eax
100032D8 66:0F7EC0 movd eax,mm0
100032DC 0FB7C0 movzx eax,ax
100032DF 50 push eax
100032E0 8D85 D0FEFFFF lea eax,dword ptr ss:
100032E6 68 50DA0210 push 0x1002DA50 ; ASCII "登陆成功!\r\n过期时间:%04d年%02d月%02d日 %02d时%02d分%02d秒\r\n"
100032EB 50 push eax
100032EC E8 FF1B0000 call 10004EF0
100032F1 83C4 20 add esp,0x20
100032F4 8D4B 54 lea ecx,dword ptr ds:
100032F7 E8 54060000 call 10003950
100032FC 8BB5 D0FEFFFF mov esi,dword ptr ss:
10003302 85C0 test eax,eax
10003304 74 28 je short 1000332E
10003306 68 88130000 push 0x1388
1000330B 6A 00 push 0x0
1000330D 6A 40 push 0x40
1000330F 68 8CDA0210 push 0x1002DA8C
10003314 56 push esi
10003315 FF73 04 push dword ptr ds:
10003318 FF15 FC710210 call dword ptr ds: ; user32.MessageBoxTimeoutA
1000331E 6A 01 push 0x1
10003320 FF73 04 push dword ptr ds:
10003323 FF15 EC710210 call dword ptr ds: ; user32.EndDialog
10003329 E9 5B020000 jmp 10003589
1000332E 6A 40 push 0x40
10003330 68 08D90210 push 0x1002D908
10003335 56 push esi
10003336 FF73 04 push dword ptr ds:
10003339 FF15 C4710210 call dword ptr ds: ; user32.MessageBoxA
1000333F 6A 01 push 0x1
10003341 FF73 04 push dword ptr ds:
10003344 FF15 EC710210 call dword ptr ds: ; user32.EndDialog
1000334A E9 3A020000 jmp 10003589
1000334F 8B85 D4FEFFFF mov eax,dword ptr ss:
10003355 6A 10 push 0x10
10003357 68 08D90210 push 0x1002D908
1000335C 68 A0DA0210 push 0x1002DAA0 ; ASCII "卡密错误!"
10003361 FF70 04 push dword ptr ds:
10003364 E9 1A020000 jmp 10003583
10003369 8B85 D4FEFFFF mov eax,dword ptr ss:
1000336F 6A 10 push 0x10
10003371 68 08D90210 push 0x1002D908
10003376 68 ACDA0210 push 0x1002DAAC ; ASCII "卡密已到期!"
1000337B FF70 04 push dword ptr ds:
1000337E E9 00020000 jmp 10003583
10003383 8B85 D4FEFFFF mov eax,dword ptr ss:
10003389 6A 10 push 0x10
1000338B 68 08D90210 push 0x1002D908
10003390 68 B8DA0210 push 0x1002DAB8 ; ASCII "卡密被封停!"
10003395 FF70 04 push dword ptr ds:
10003398 E9 E6010000 jmp 10003583
1000339D 8B8D 64FFFFFF mov ecx,dword ptr ss:
100033A3 8B85 60FFFFFF mov eax,dword ptr ss:
100033A9 3BC8 cmp ecx,eax
100033AB 75 1A jnz short 100033C7
100033AD 8B85 D4FEFFFF mov eax,dword ptr ss:
100033B3 6A 40 push 0x40
100033B5 68 08D90210 push 0x1002D908
100033BA 68 C4DA0210 push 0x1002DAC4 ; ASCII "已在另一台设备绑定! \r\n已达最多换绑次数, 无法换绑!"
100033BF FF70 04 push dword ptr ds:
100033C2 E9 BC010000 jmp 10003583
100033C7 2BC1 sub eax,ecx
100033C9 50 push eax
100033CA FFB5 5CFFFFFF push dword ptr ss:
100033D0 8D85 D0FEFFFF lea eax,dword ptr ss:
100033D6 FFB5 58FFFFFF push dword ptr ss:
100033DC 68 F8DA0210 push 0x1002DAF8 ; ASCII "已在另一台设备绑定! 是否立即换绑到本机?\r\n本次换绑需扣除:%lld秒\r\n剩余换绑次数:%d次\r\n"
100033E1 50 push eax
100033E2 E8 091B0000 call 10004EF0
100033E7 8B9D D4FEFFFF mov ebx,dword ptr ss:
100033ED 83C4 14 add esp,0x14
100033F0 8BB5 D0FEFFFF mov esi,dword ptr ss:
100033F6 6A 44 push 0x44
100033F8 68 08D90210 push 0x1002D908
100033FD 56 push esi
100033FE FF73 04 push dword ptr ds:
10003401 FF15 C4710210 call dword ptr ds: ; user32.MessageBoxA
10003407 6A 00 push 0x0
10003409 83F8 06 cmp eax,0x6
1000340C 0F85 57010000 jnz 10003569
10003412 6A 00 push 0x0
10003414 68 F5000000 push 0xF5
10003419 FF73 48 push dword ptr ds:
1000341C FF15 CC710210 call dword ptr ds: ; user32.SendMessageA
10003422 E9 62010000 jmp 10003589
10003427 8B85 D4FEFFFF mov eax,dword ptr ss:
1000342D 6A 10 push 0x10
1000342F 68 08D90210 push 0x1002D908
10003434 68 4CDB0210 push 0x1002DB4C ; ASCII "代{过}{滤}理商被禁用! 该代{过}{滤}理下所有卡密无法登录!"
10003439 FF70 04 push dword ptr ds:
1000343C E9 42010000 jmp 10003583
10003441 8B85 D4FEFFFF mov eax,dword ptr ss:
10003447 6A 10 push 0x10
10003449 68 08D90210 push 0x1002D908
1000344E 68 74DB0210 push 0x1002DB74 ; ASCII "登陆数量已达到上限!"
10003453 FF70 04 push dword ptr ds:
10003456 FF15 C4710210 call dword ptr ds: ; user32.MessageBoxA
1000345C 57 push edi
1000345D 8D4D D0 lea ecx,dword ptr ss:
10003460 E8 0B050000 call 10003970
10003465 51 push ecx
10003466 FF15 F8710210 call dword ptr ds: ; user32.GetActiveWindow
1000346C 50 push eax
1000346D 8D4D 90 lea ecx,dword ptr ss:
10003470 E8 7B050000 call 100039F0
10003475 E9 0F010000 jmp 10003589
1000347A 8B85 D4FEFFFF mov eax,dword ptr ss:
10003480 6A 10 push 0x10
10003482 68 08D90210 push 0x1002D908
10003487 68 88DB0210 push 0x1002DB88 ; ASCII "试用功能未开启!"
1000348C FF70 04 push dword ptr ds:
1000348F E9 EF000000 jmp 10003583
10003494 8B85 D4FEFFFF mov eax,dword ptr ss:
1000349A 6A 10 push 0x10
1000349C 68 08D90210 push 0x1002D908
100034A1 68 98DB0210 push 0x1002DB98 ; ASCII "当前卡密与绑定的IP、机器码不符!"
100034A6 FF70 04 push dword ptr ds:
100034A9 E9 D5000000 jmp 10003583
100034AE 8B85 D4FEFFFF mov eax,dword ptr ss:
100034B4 6A 10 push 0x10
100034B6 68 08D90210 push 0x1002D908
100034BB 68 B8DB0210 push 0x1002DBB8 ; ASCII "当前卡密与绑定的机器码不符!"
100034C0 FF70 04 push dword ptr ds:
100034C3 E9 BB000000 jmp 10003583
100034C8 8B85 D4FEFFFF mov eax,dword ptr ss:
100034CE 6A 10 push 0x10
100034D0 68 08D90210 push 0x1002D908
100034D5 68 D4DB0210 push 0x1002DBD4 ; ASCII "禁止登陆!"
100034DA FF70 04 push dword ptr ds:
100034DD E9 A1000000 jmp 10003583
100034E2 6A 10 push 0x10
100034E4 68 08D90210 push 0x1002D908
100034E9 68 E0DB0210 push 0x1002DBE0 ; ASCII "网络连接被断开!"
100034EE EB 68 jmp short 10003558
100034F0 8B85 D4FEFFFF mov eax,dword ptr ss:
100034F6 6A 10 push 0x10
100034F8 68 08D90210 push 0x1002D908
100034FD 68 F0DB0210 push 0x1002DBF0 ; ASCII "数据接收出错!"
10003502 FF70 04 push dword ptr ds:
10003505 EB 7C jmp short 10003583
10003507 8B85 D4FEFFFF mov eax,dword ptr ss:
1000350D 6A 10 push 0x10
1000350F 68 08D90210 push 0x1002D908
10003514 68 00DC0210 push 0x1002DC00 ; ASCII "数据发送出错!"
10003519 FF70 04 push dword ptr ds:
1000351C EB 65 jmp short 10003583
1000351E 8B85 D4FEFFFF mov eax,dword ptr ss:
10003524 6A 10 push 0x10
10003526 68 08D90210 push 0x1002D908
1000352B 68 10DC0210 push 0x1002DC10 ; ASCII "服务器连接失败!"
10003530 FF70 04 push dword ptr ds:
10003533 EB 4E jmp short 10003583
10003535 50 push eax
10003536 8D85 D0FEFFFF lea eax,dword ptr ss:
1000353C 68 20DC0210 push 0x1002DC20 ; ASCII "未知错误! 错误码:%d"
10003541 50 push eax
10003542 E8 A9190000 call 10004EF0
10003547 8BB5 D0FEFFFF mov esi,dword ptr ss:
1000354D 83C4 0C add esp,0xC
10003550 6A 10 push 0x10
10003552 68 08D90210 push 0x1002D908
10003557 56 push esi
10003558 8B9D D4FEFFFF mov ebx,dword ptr ss:
1000355E FF73 04 push dword ptr ds:
10003561 FF15 C4710210 call dword ptr ds: ; user32.MessageBoxA
10003567 6A 00 push 0x0
10003569 FF73 04 push dword ptr ds:
1000356C FF15 EC710210 call dword ptr ds: ; user32.EndDialog
10003572 EB 15 jmp short 10003589
10003574 6A 10 push 0x10
10003576 68 F8D90210 push 0x1002D9F8 ; ASCII "错误"
1000357B 68 34DC0210 push 0x1002DC34 ; ASCII "卡密长度错误!"
10003580 FF73 04 push dword ptr ds:
10003583 FF15 C4710210 call dword ptr ds: ; user32.MessageBoxA
10003589 33DB xor ebx,ebx
1000358B C645 FC 01 mov byte ptr ss:,0x1
1000358F 837D E4 10 cmp dword ptr ss:,0x10
10003593 72 0B jb short 100035A0
10003595 FF75 D0 push dword ptr ss: ; comctl32.745AB400
10003598 E8 5E9F0000 call 1000D4FB
1000359D 83C4 04 add esp,0x4
不知道如何下手了,希望高手指点,最好说详细点,小白软件在这 https://wwu.lanzouh.com/itk1706ud8gj
密码:1111
超过30m上不了哈勃,建议虚拟机打开
另外软件调试过程中输入正确长度卡密会结束进程,第二次打开会断掉网络,应该有暗桩,机器码的
求教求教,求提供思路!!{:1_893:} 怎么没人{:1_909:} 本帖最后由 ABs123 于 2022-7-10 13:59 编辑
加了SP壳,而且看这个东西我觉得前面有个jl,jg ,ja和jmp在一起的那四个跳转全90之后就是登录成功,但是不知道为什么会退出,可能是内存保护。 ABs123 发表于 2022-7-10 13:58
加了SP壳,而且看这个东西我觉得前面有个jl,jg ,ja和jmp在一起的那四个跳转全90之后就是登录成功,但是不 ...
试了试确实,而且成功失败貌似走的是一条路,有道理{:1_893:}{:1_893:}
页:
[1]