新手破解一个VB的过程
本帖最后由 molinchz 于 2013-10-23 13:31 编辑这二天一直在搞分析 ,暴力和追码已完成,目前分析到算法,打算写注册机。本人以前只看不动,这是第一次动手破解。
这是前天发的帖子:有破解步骤 ,http://www.52pojie.cn/thread-218251-1-1.html
------补上追码步骤-------
1.载入程序2.点击OD的E按钮
3.找到Oleaut32.dll
4.双击Oleaut32.dll,转到主线程模块窗口,按ctrl+N,查找VarBstrCmp,双击VarBstrCmp,转到主线程模块窗口,按F2下断;
5.接着按F9运行,按到软件出现注册提示相关窗口,接着改为F8往下走,第二次停住输入假注册码,接着F8,注意寄存器EAX填入假注册码,下面观察左下角的堆栈窗口有没有出现UNICODE‘假注册码’和UNICODE '真注册码' 的比较 ,这时地址为7710A76C,走到地址7710A780,可以看到寄存器出现真假字符注册码的比较 。此注册就追到了。
---下面有些问题----
因为这个程序不用输入注册名,点确定就出现注册码窗口,我在这个确定这里下断,输入注册码后就跳到一个程序代码断,可能是关键算法,但怎么看都看不出是用户名和注册码的的计算,其中还调用msvbvm60.XXXXXX的东西,不知是什么。
我试过在VarBstrCmp处下断分析 ,但只要到输入注册码确定后,堆栈窗口,寄存器EAX就出现UNICODE真注册码 的比较 ,所以应该是之前就算出了真码。而注册名就是固定的。
相关代码如下 :
7346CF7C^\EB D5 jmp short msvbvm60.7346CF53
7346CF7E >55 push ebp ; 注意,可能是关键算法!!!
7346CF7F 8BEC mov ebp,esp ; ebp=12F534
7346CF81 83EC 4C sub esp,0x4C ; esp=esp+0x4C==12F4E8
7346CF84 8B4D 14 mov ecx,dword ptr ss:
7346CF87 53 push ebx
7346CF88 56 push esi
7346CF89 57 push edi
7346CF8A 66:8339 0A cmp word ptr ds:,0xA
7346CF8E B8 04000280 mov eax,0x80020004
7346CF93 0F85 FC000000 jnz msvbvm60.7346D095
7346CF99 3941 08 cmp dword ptr ds:,eax
7346CF9C 0F85 F3000000 jnz msvbvm60.7346D095
7346CFA2 834D FC FF or dword ptr ss:,-0x1
7346CFA6 33F6 xor esi,esi
7346CFA8 8B4D 18 mov ecx,dword ptr ss:
7346CFAB 66:8339 0A cmp word ptr ds:,0xA
7346CFAF 0F85 EA000000 jnz msvbvm60.7346D09F
7346CFB5 3941 08 cmp dword ptr ds:,eax
7346CFB8 0F85 E1000000 jnz msvbvm60.7346D09F
7346CFBE 834D F8 FF or dword ptr ss:,-0x1
7346CFC2 8B7D 10 mov edi,dword ptr ss:
7346CFC5 66:833F 0A cmp word ptr ds:,0xA
7346CFC9 0F85 D8000000 jnz msvbvm60.7346D0A7
7346CFCF 3947 08 cmp dword ptr ds:,eax
7346CFD2 0F85 CF000000 jnz msvbvm60.7346D0A7
7346CFD8 834D F4 FF or dword ptr ss:,-0x1
7346CFDC FF75 08 push dword ptr ss:
7346CFDF 8D45 D4 lea eax,dword ptr ss:
7346CFE2 8975 F0 mov dword ptr ss:,esi
7346CFE5 50 push eax
7346CFE6 E8 A5040000 call msvbvm60.7346D490
7346CFEB 8BD8 mov ebx,eax
7346CFED 8B45 DC mov eax,dword ptr ss:
7346CFF0 8945 E8 mov dword ptr ss:,eax
7346CFF3 8B45 0C mov eax,dword ptr ss:
7346CFF6 83E0 0F and eax,0xF
7346CFF9 895D E4 mov dword ptr ss:,ebx
7346CFFC 3C 05 cmp al,0x5
7346CFFE 7F 1C jg short msvbvm60.7346D01C
7346D000 8B45 0C mov eax,dword ptr ss:
7346D003 25 F0000000 and eax,0xF0
7346D008 83F8 40 cmp eax,0x40
7346D00B 7F 0F jg short msvbvm60.7346D01C
7346D00D 8B45 0C mov eax,dword ptr ss:
7346D010 25 000F0000 and eax,0xF00
7346D015 3D 00030000 cmp eax,0x300
7346D01A 7E 03 jle short msvbvm60.7346D01F
7346D01C 8975 0C mov dword ptr ss:,esi
7346D01F 66:3975 F4 cmp word ptr ss:,si
7346D023 8B35 F4193973 mov esi,dword ptr ds:[<&OLEAUT32.#6>] ; oleaut32.SysFreeString
7346D029 0F84 80000000 je msvbvm60.7346D0AF
7346D02F 8365 10 00 and dword ptr ss:,0x0
7346D033 8365 08 00 and dword ptr ss:,0x0
7346D037 33C0 xor eax,eax
7346D039 66:3945 FC cmp word ptr ss:,ax
7346D03D 0F84 A7000000 je msvbvm60.7346D0EA
7346D043 66:3945 F8 cmp word ptr ss:,ax
7346D047 0F84 97000000 je msvbvm60.7346D0E4
7346D04D 8945 EC mov dword ptr ss:,eax
7346D050 33FF xor edi,edi
7346D052 8B55 E8 mov edx,dword ptr ss:
7346D055 85D2 test edx,edx
7346D057 75 03 jnz short msvbvm60.7346D05C
7346D059 8D55 F0 lea edx,dword ptr ss:
7346D05C 8B4D 08 mov ecx,dword ptr ss:
7346D05F 85C9 test ecx,ecx
7346D061 75 09 jnz short msvbvm60.7346D06C
7346D063 66:394D F4 cmp word ptr ss:,cx
7346D067 75 03 jnz short msvbvm60.7346D06C
7346D069 8D4D F0 lea ecx,dword ptr ss:
7346D06C 6A 01 push 0x1
7346D06E 50 push eax
7346D06F 57 push edi
7346D070 FF75 0C push dword ptr ss:
7346D073 51 push ecx
7346D074 52 push edx
7346D075 E8 E968F8FF call msvbvm60.733F3963
7346D07A FF75 E4 push dword ptr ss:
7346D07D 8BF8 mov edi,eax
7346D07F FFD6 call esi
7346D081 FF75 10 push dword ptr ss:
7346D084 FFD6 call esi
7346D086 FF75 EC push dword ptr ss:
7346D089 FFD6 call esi
7346D08B 0FBFC7 movsx eax,di
7346D08E 5F pop edi
7346D08F 5E pop esi
7346D090 5B pop ebx
7346D091 C9 leave
7346D092 C2 1400 retn 0x14
7346D095 33F6 xor esi,esi
还有问下论坛设回帖奖励后会扣发贴人CB币吗?
好贴,顶一个 设置回帖奖励 是从你的CB里扣除作为奖金 我知道k 那楼主按的e是做什么的呢 还好这回不会移到 水漫金山』 了 我记得除了扣奖励的cb之外,还要上税 对,还需要上税的
页:
[1]