大漠插件破解器逆向思路
本帖最后由 灵剑丹心 于 2023-2-2 13:16 编辑大漠7.1753版本被某人破解了,但是破解的功能写在了加了vmp的xdyl.dll里,vmp搞不定,如果知道这个dll用的什么api函数破解的,hook这个函数把参数输出看一下可能有所帮助,但就是不知道关键的api
我想知道怎么破的,希望能写出易语言破解源码,因为它这个dll有使用限制,被作者加了验证,有的说调用它破解大漠写的软件多久后会闪退
这个在线文本疑似就是控制软件能否使用的配置文件,不过已经访问不到了
这是dll公开的破解接口
原破解者提供的使用代码,注释里说破解后会随机生成一个名字的dll,用火绒监控看了下其实只是把大漠的dll重命名成一个随机名字而已,前后dll文件文件md5都一样的
现在就是不知道重命名之后做了什么操作,,但根据之前老版本的破解代码(网上找到的)也就是往dll模块地址+xxx的地方写入1字节就行了,而且此dll好像还注入了别的系统进程rundll32
看看大家有什么想法能够还原出破解代码,附件太大我上传到 123pan.com/s/mNiA-mxv43
找到了没加壳的xydl.dll,依然有混淆代码,但是发现了传参expconfig字符串,感觉是扫描本机漏洞来利用 本帖最后由 灵剑丹心 于 2023-2-2 18:32 编辑
00E221A4 | A3 00D7F300 | mov dword ptr ds:,eax |
00E221A9 | 833D 00D7F300 00 | cmp dword ptr ds:,0x0 |
00E221B0 | 0F8E 27000000 | jle xdyl.E221DD | 未执行转移
00E221B6 | DB05 00D7F300 | fild st(0),dword ptr ds: | 什么操作
00E221BC | DD5D F4 | fstp qword ptr ss:,st(0) |
00E221BF | DD45 F4 | fld st(0),qword ptr ss: |
00E221C2 | DC0D C230F000 | fmul st(0),qword ptr ds: |
00E221C8 | DD5D EC | fstp qword ptr ss:,st(0) |
00E221CB | DD45 EC | fld st(0),qword ptr ss: |
00E221CE | E8 43FAFFFF | call xdyl.E21C16 |
00E221D3 | A3 00D7F300 | mov dword ptr ds:,eax |
00E221D8 | E9 1C000000 | jmp xdyl.E221F9 |
00E221DD | C745 F8 00000000 | mov dword ptr ss:,0x0 |
00E221E4 | 6A 00 | push 0x0 |
00E221E6 | FF75 F8 | push dword ptr ss: |
00E221E9 | 68 02000000 | push 0x2 |
00E221EE | E8 FDFAFFFF | call <xdyl.sub_E21CF0> |
00E221F3 | 59 | pop ecx |
00E221F4 | E9 72FFFFFF | jmp xdyl.E2216B |
00E221F9 | 83C4 04 | add esp,0x4 |
00E221FC | 833D 00D7F300 00 | cmp dword ptr ds:,0x0 |
00E22203 | 0F85 3A000000 | jne xdyl.E22243 | 执行转移
00E22209 | 6A 01 | push 0x1 |
00E2220B | 68 64000000 | push 0x64 |
00E22210 | 68 32000000 | push 0x32 |
00E22215 | E8 D6FAFFFF | call <xdyl.sub_E21CF0> |
00E2221A | 68 010100A0 | push 0xA0000101 |
00E2221F | 6A 00 | push 0x0 |
00E22221 | 68 CA30F000 | push xdyl.F030CA |
00E22226 | 68 01000000 | push 0x1 |
00E2222B | BB 60D2E200 | mov ebx,<xdyl.sub_E2D260> |
00E22230 | E8 3F9B0000 | call <xdyl.sub_E2BD74> |
00E22235 | 83C4 10 | add esp,0x10 |
00E22238 | 8945 F8 | mov dword ptr ss:,eax |
00E2223B | 8B45 F8 | mov eax,dword ptr ss: |
00E2223E | E9 C80A0000 | jmp xdyl.E22D0B |
00E22243 | DB05 00D7F300 | fild st(0),dword ptr ds: | 什么操作
00E22249 | DD5D F4 | fstp qword ptr ss:,st(0) |
00E2224C | DD45 F4 | fld st(0),qword ptr ss: |
00E2224F | DC35 C230F000 | fdiv st(0),qword ptr ds: |
00E22255 | DD5D EC | fstp qword ptr ss:,st(0) |
00E22258 | DD45 EC | fld st(0),qword ptr ss: |
00E2225B | DC25 F030F000 | fsub st(0),qword ptr ds: |
00E22261 | D9E4 | ftst |
00E22263 | DFE0 | fnstsw ax |
00E22265 | F6C4 01 | test ah,0x1 |
00E22268 | 74 02 | je xdyl.E2226C |
00E2226A | D9E0 | fchs |
00E2226C | DC1D F830F000 | fcomp st(0),qword ptr ds: |
00E22272 | DFE0 | fnstsw ax |
00E22274 | F6C4 41 | test ah,0x41 |
00E22277 | 0F84 44000000 | je xdyl.E222C1 |
8C3C68====={163,8,217,139,0,137,29,12,217,139,0,137,13,16,217,139,0,137,21,20,217,139,0,137,61,24,217,139,0,137,53,28,217,139,0,137,45,32,217,139,0,137,37,36,217,139,0,96,184,231,144,0,16,255,208,97,141,76,36,48,81,233,203,255,124,7}
008C3C68 - A3 08D98B00 - mov ,eax { (0) }
008C3C6D - 89 1D 0CD98B00 - mov ,ebx { (0) }
008C3C73 - 89 0D 10D98B00 - mov ,ecx { (0) }
008C3C79 - 89 15 14D98B00 - mov ,edx { (0) }
008C3C7F - 89 3D 18D98B00 - mov ,edi { (0) }
008C3C85 - 89 35 1CD98B00 - mov ,esi { (0) }
008C3C8B - 89 2D 20D98B00 - mov ,ebp { (0) }
008C3C91 - 89 25 24D98B00 - mov ,esp { (0) }
008C3C97 - 60 - pushad
008C3C98 - B8 E7900010 - mov eax,xdyl.dll+90E7 { (86) }
008C3C9D - FF D0 - call eax
008C3C9F - 61 - popad
008C3CA0 - 8D 4C 24 30 - lea ecx,
008C3CA4 - 51 - push ecx
008C3CA5 - E9 CBFF7C07 - jmp fAAkm3439.dll+33C75
8093C70====={233,243,255,130,248}
fAAkm3439.dll+33C70 - E9 F3FF82F8 - jmp 008C3C68
83BEA02====={1,0,0,0}
83BEA06====={1,0,0,0}
83BEA0A====={1,0,0,0}
83BEA0E====={1,0,0,0}
83BEA12====={1,0,0,0}
83BEA16====={1,0,0,0}
83BEA1A====={1,0,0,0}
83BEA1E====={1,0,0,0}
83BEA22====={1,0,0,0}
83BEA26====={1,0,0,0}
83BEA2A====={1,0,0,0}
83BEA2E====={1,0,0,0}
83BEA32====={1,0,0,0}
83BEA36====={1,0,0,0}
83BEA3A====={1,0,0,0}
83BEA3E====={1,0,0,0}
83BEA42====={1,0,0,0}
83BEA46====={1,0,0,0}
83BEA4A====={1,0,0,0}
83BEA4E====={1,0,0,0}
83BEA52====={78,9,176,8}
83BEA56====={211,195,175,8}
83BEA5A====={5,154,175,8}
83BEA5E====={96,139,175,8}
83BEA62====={235,139,175,8}
83BEA66====={37,187,175,8}
83BEA6A====={212,206,175,8}
83BEA6E====={227,211,175,8}
83BEA72====={205,215,175,8}
83BEA76====={126,216,175,8}
83BEA7A====={14,160,175,8}
83BEA7E====={165,223,175,8}
83BEA82====={122,196,175,8}
83BEA86====={217,183,175,8}
83BEA8A====={20,146,175,8}
83BEA8E====={143,216,175,8}
83BEA92====={10,239,175,8}
83BEA96====={130,241,175,8}
83BEA9A====={82,205,175,8}
83BEA9E====={109,177,175,8}
83BEAA2====={230,250,175,8}
83BEAA6====={202,231,175,8}
83BEAAA====={33,5,176,8}
83BEAAE====={68,1,176,8}
83BEAB2====={208,207,175,8}
83BEAB6====={255,156,175,8}
83BEABA====={236,197,175,8}
83BEABE====={230,168,175,8}
83BEAC2====={36,249,175,8}
83BEAC6====={155,165,175,8}
fAAkm3439.dll+35EA02 - 01 00 - add ,eax
fAAkm3439.dll+35EA04 - 00 00 - add ,al
fAAkm3439.dll+35EA06 - 01 00 - add ,eax
fAAkm3439.dll+35EA08 - 00 00 - add ,al
fAAkm3439.dll+35EA0A - 01 00 - add ,eax
fAAkm3439.dll+35EA0C - 00 00 - add ,al
fAAkm3439.dll+35EA0E - 01 00 - add ,eax
fAAkm3439.dll+35EA10 - 00 00 - add ,al
fAAkm3439.dll+35EA12 - 01 00 - add ,eax
fAAkm3439.dll+35EA14 - 00 00 - add ,al
fAAkm3439.dll+35EA16 - 01 00 - add ,eax
fAAkm3439.dll+35EA18 - 00 00 - add ,al
fAAkm3439.dll+35EA1A - 01 00 - add ,eax
fAAkm3439.dll+35EA1C - 00 00 - add ,al
fAAkm3439.dll+35EA1E - 01 00 - add ,eax
fAAkm3439.dll+35EA20 - 00 00 - add ,al
fAAkm3439.dll+35EA22 - 01 00 - add ,eax
fAAkm3439.dll+35EA24 - 00 00 - add ,al
fAAkm3439.dll+35EA26 - 01 00 - add ,eax
fAAkm3439.dll+35EA28 - 00 00 - add ,al
fAAkm3439.dll+35EA2A - 01 00 - add ,eax
fAAkm3439.dll+35EA2C - 00 00 - add ,al
fAAkm3439.dll+35EA2E - 01 00 - add ,eax
fAAkm3439.dll+35EA30 - 00 00 - add ,al
fAAkm3439.dll+35EA32 - 01 00 - add ,eax
fAAkm3439.dll+35EA34 - 00 00 - add ,al
fAAkm3439.dll+35EA36 - 01 00 - add ,eax
fAAkm3439.dll+35EA38 - 00 00 - add ,al
fAAkm3439.dll+35EA3A - 01 00 - add ,eax
fAAkm3439.dll+35EA3C - 00 00 - add ,al
fAAkm3439.dll+35EA3E - 01 00 - add ,eax
fAAkm3439.dll+35EA40 - 00 00 - add ,al
fAAkm3439.dll+35EA42 - 01 00 - add ,eax
fAAkm3439.dll+35EA44 - 00 00 - add ,al
fAAkm3439.dll+35EA46 - 01 00 - add ,eax
fAAkm3439.dll+35EA48 - 00 00 - add ,al
fAAkm3439.dll+35EA4A - 01 00 - add ,eax
fAAkm3439.dll+35EA4C - 00 00 - add ,al
fAAkm3439.dll+35EA4E - 01 00 - add ,eax
fAAkm3439.dll+35EA50 - 00 00 - add ,al
fAAkm3439.dll+35EA52 - 4E - dec esi
fAAkm3439.dll+35EA53 - 09 B0 08D3C3AF - or ,esi
fAAkm3439.dll+35EA59 - 08 05 9AAF0860 - or ,al { 1611181978 }
fAAkm3439.dll+35EA5F - 8B AF 08EB8BAF - mov ebp,
fAAkm3439.dll+35EA65 - 08 25 BBAF08D4 - or ,ah { -737628229 }
fAAkm3439.dll+35EA6B - CE - into
fAAkm3439.dll+35EA6C - AF - scasd
fAAkm3439.dll+35EA6D - 08 E3 - or bl,ah
fAAkm3439.dll+35EA6F - D3 AF 08CDD7AF - shr ,cl
fAAkm3439.dll+35EA75 - 08 7E D8 - or ,bh
fAAkm3439.dll+35EA78 - AF - scasd
fAAkm3439.dll+35EA79 - 08 0E - or ,cl
fAAkm3439.dll+35EA7B - A0 AF08A5DF - mov al, { -542832465 }
fAAkm3439.dll+35EA80 - AF - scasd
fAAkm3439.dll+35EA81 - 08 7A C4 - or ,bh
fAAkm3439.dll+35EA84 - AF - scasd
fAAkm3439.dll+35EA85 - 08 D9 - or cl,bl
fAAkm3439.dll+35EA87 - B7 AF - mov bh,-51 { 175 }
fAAkm3439.dll+35EA89 - 08 14 92 - or ,dl
fAAkm3439.dll+35EA8C - AF - scasd
fAAkm3439.dll+35EA8D - 08 8F D8AF080A - or ,cl
fAAkm3439.dll+35EA93 - EF - out dx,eax
fAAkm3439.dll+35EA94 - AF - scasd
fAAkm3439.dll+35EA95 - 08 82 F1AF0852 - or ,al
fAAkm3439.dll+35EA9B - CD AF - int -51 { 175 }
fAAkm3439.dll+35EA9D - 08 6D B1 - or ,ch
fAAkm3439.dll+35EAA0 - AF - scasd
fAAkm3439.dll+35EAA1 - 08 E6 - or dh,ah
fAAkm3439.dll+35EAA3 - FA - cli
fAAkm3439.dll+35EAA4 - AF - scasd
fAAkm3439.dll+35EAA5 - 08 CA - or dl,cl
fAAkm3439.dll+35EAA7 - E7 AF - out -51,eax { 175 }
fAAkm3439.dll+35EAA9 - 08 21 - or ,ah
fAAkm3439.dll+35EAAB - 05 B0084401 - add eax,014408B0 { 21235888 }
fAAkm3439.dll+35EAB0 - B0 08 - mov al,08 { 8 }
fAAkm3439.dll+35EAB2 - D0 CF - ror bh,1
fAAkm3439.dll+35EAB4 - AF - scasd
fAAkm3439.dll+35EAB5 - 08 FF - or bh,bh
fAAkm3439.dll+35EAB7 - 9C - pushfd
fAAkm3439.dll+35EAB8 - AF - scasd
fAAkm3439.dll+35EAB9 - 08 EC - or ah,ch
fAAkm3439.dll+35EABB - C5AF08 - invd
fAAkm3439.dll+35EABE - E6 A8 - out -58,al { 168 }
fAAkm3439.dll+35EAC0 - AF - scasd
fAAkm3439.dll+35EAC1 - 08 24 F9 - or ,ah
fAAkm3439.dll+35EAC4 - AF - scasd
fAAkm3439.dll+35EAC5 - 08 9B A5AF0800 - or ,bl
买个正版的大漠也用不了几个钱啊?需要去使用破解? 新春快乐!也祝自己在新的一年里学到一些知识。 jy3318007 发表于 2023-1-22 04:19
买个正版的大漠也用不了几个钱啊?需要去使用破解?
正版有时候注册不了,必须要网络!做不了本地的脚本 用6.1544 没用,核心代码VMP了 哪个功能是绑定收费的功能 发我一份调用源码 我这边测试一下 影风 发表于 2023-1-25 22:50
哪个功能是绑定收费的功能 发我一份调用源码 我这边测试一下
传到网盘了,保护盾和绑定后台窗口都是收费的功能 king1027 发表于 2023-1-22 13:41
没用,核心代码VMP了
找到一个没加vmp的,是upx,能逆向出具体操作吗
页:
[1]
2