【D01E04】电子管 反破解教程之四【隐藏API入口,Anti OD的API断点】
本帖最后由 dianziguan 于 2013-7-21 15:48 编辑原帖子不知道怎么不见了,源代码如下:
.386
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\advapi32.inc
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \MASM32\LIB\oleaut32.lib
include \MASM32\include\oleaut32.inc
DlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD
.data
AppName db "注册程序,(C)电子管 2012.07.19",0
DlgName db "MyDialog",0
dllname1 db "user32.dll",0
dllname2 db "kernel32.dll",0
tDialogBoxParam db "DialogBoxParamA",0
tExitProcess db "ExitProcess",0
tEndDialog db "EndDialog",0
tGetDlgItemText db "GetDlgItemTextA",0
tGetModuleHandle db "GetModuleHandleA",0
tMessageBoxA db "MessageBoxA",0
tLoadLibrary db "LoadLibraryA",0
taGetProcAddress db "GetProcAddress",0
chck2 dd 363734a1h
.data?
hInstance HINSTANCE ?
err1 dd ?
ok1 dd ?
ok2 dd ?
mesbok_1 db 10 dup(?)
regbuffer1 db 512 dup(?)
aGetModuleHandle dd ?
aLoadLibrary dd ?
dllhnd1 dd ?
dllhnd2 dd ?
aDialogBoxParam dd ?
aGetDlgItemText dd ?
aEndDialog dd ?
aMessageBoxA dd ?
aExitProcess dd ?
aGetProcAddress dd ?
chck1 dd ?
.const
IDC_EDIT2 equ 3800
IDC_EDIT3 equ 3801
IDC_BUTTON equ 3001
IDC_EXIT equ 3002
.code
start:;LoadLibrary GetProcAddress
mov aGetModuleHandle,GetModuleHandle
push 0
pushoffset loc_1
mov eax,aGetModuleHandle
jmp eax
;invoke GetModuleHandle, NULL
loc_1:
mov hInstance,eax
mov aGetModuleHandle,GetModuleHandle
push offset dllname2
pushoffset loc_2
mov eax,aGetModuleHandle
jmp eax
;invoke GetModuleHandle, NULL
loc_2:
mov dllhnd2,eax
mov aGetProcAddress,GetProcAddress
push offset tLoadLibrary
push dllhnd2
push offset loc_4
mov eax,aGetProcAddress
jmp eax
;invokeGetProcAddress,dllhnd2,addr tLoadLibrary
loc_4: add eax,2
mov aLoadLibrary,eax
push offset taGetProcAddress
push dllhnd2
mov eax,aGetProcAddress
call eax
loc_6:
add eax,2
mov aGetProcAddress,eax
push offset dllname1
mov eax,aLoadLibrary
call eax
;invoke LoadLibrary,addr dllname1
mov dllhnd1,eax
push offset tDialogBoxParam
push dllhnd1
call aGetProcAddress
;invokeGetProcAddress,dllhnd1,addr tDialogBoxParam
add eax,2
mov aDialogBoxParam,eax
push offset tEndDialog
push dllhnd1
mov eax, aGetProcAddress
call eax
add eax,2
;invoke GetProcAddress,dllhnd1,addr tEndDialog
mov aEndDialog,eax
push offset tGetDlgItemText
push dllhnd1
mov eax,aGetProcAddress
call eax
;invoke GetProcAddress,dllhnd1,addr tGetDlgItemText
inc eax
add eax,1
mov aGetDlgItemText,eax
push offset tMessageBoxA
push dllhnd1
mov eax,aGetProcAddress
call eax
;invoke GetProcAddress,dllhnd1,addr tMessageBoxA
add eax,1
inc eax
mov aMessageBoxA,eax
push offset tExitProcess
push dllhnd2
mov eax, aGetProcAddress
call eax
;invoke GetProcAddress,dllhnd2,addr tExitProcess
add eax,2
mov aExitProcess,eax
push 0
push offset DlgProc
push 0
push offset DlgName
push hInstance
mov eax,aDialogBoxParam
push offset loc_3
jmp eax
;invoke DialogBoxParam, hInstance, ADDR DlgName,NULL,addr DlgProc,NULL
loc_3: ret;invoke ExitProcess,eax
DlgProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
.IF uMsg==WM_INITDIALOG
; invoke SetDlgItemText,hWnd,IDC_EDIT2,ADDR AppName
cld
mov esi,offset start
mov ecx,offset f_1
sub ecx,esi
mov edx,0
mov eax,0
lloc_1:lodsb
add edx,eax
loop lloc_1
add edx,36363636h
mov chck1,edx ;检查和
nop
nop
.ELSEIF uMsg== WM_CLOSE
push 0
pushhWnd
mov eax,aEndDialog
call eax
;invoke EndDialog, hWnd,NULL
.ELSEIF uMsg==WM_COMMAND
mov edx,wParam
mov eax,edx
shr edx,16
.if dx==BN_CLICKED
.IF ax==IDC_BUTTON
mov edi,chck1
mov eax ,offset ok_1
mov ok1,eax
mov eax ,offset ok_2
mov ok2,eax
mov eax,offset err_1
mov err1,eax
;invoke GetDlgItemText,hWnd,IDC_EDIT3,ADDR regbuffer1,512
push 512
push offset regbuffer1
push IDC_EDIT3
push hWnd
push offset lloc_3
mov eax,aGetDlgItemText
nop
jmp eax
lloc_3: push esi
mov esi,offset regbuffer1
cld
lodsd
sub eax,30303030h
push eax
pop edx
lodsd
sub eax,30303030h
add eax,edx
sub eax,09090909h
pushfd
pop eax
and eax,40h
shr eax,4
mov edx,offset err1
add eax,edx
mov eax,
jmp eax
err_1:
pop esi
;invoke MessageBoxA,NULL,ADDR mesberr_1,ADDR AppName,MB_OK
exit_1:
push 0
pushhWnd
mov eax,aEndDialog
call eax
;invoke EndDialog, hWnd,NULL
push 0
mov eax,aExitProcess
jmp eax
;invoke ExitProcess,eax
ok_1:
;pop esi
;jmp ok_2
mov eax,chck2
;cmp eax,edi
sub eax,edi
pushfd
pop eax
and eax,40h
shr eax,3
mov edx,offset err1
add eax,edx
mov eax,
jmp eax
ok_2:pop esi
mov edi,offset mesbok_1
mov eax,0e1b2a2d7h;'注册'
stosd
mov eax,0a6b9c9b3h;'成功'
stosd
;invoke MessageBox,NULL,ADDR mesbok_1,ADDR AppName,MB_OK
push MB_OK
push offset mesbok_1
push offset mesbok_1
push 0
mov eax,offset exit_1
push eax
mov eax, aMessageBoxA
jmp eax
jmp exit_1
.ELSEIF ax==IDC_EXIT
push 0
pushhWnd
mov eax,aEndDialog
call eax
;invoke EndDialog, hWnd,NULL
.ENDIF
.ENDIF
.ELSE
mov eax,FALSE
ret
.ENDIF
mov eax,TRUE
ret
DlgProc endp
f_1:
end start
虽然没看明白,但也支持下
cxihdx 发表于 2013-7-21 15:44 static/image/common/back.gif
虽然没看明白,但也支持下
谢谢支持,汇编是解密的基础,玩破解多了,汇编也就看懂了。
页:
[1]