脱了直接爆- - E语言不斩月 加壳就没意义
Crack.rar 用了RLPACK怎么IAT和代码都没加密?krnln.fnr被你改了哦?
00409702 837D F0 00 cmp dword ptr ss:,0
00409706 0F84 35000000 je dumped_.00409741
0040970C 6A 00 push 0
0040970E 6A 00 push 0
00409710 6A 00 push 0
00409712 68 01030080 push 80000301
00409717 6A 00 push 0
00409719 68 00000000 push 0
0040971E 68 04000080 push 80000004
00409723 6A 00 push 0
00409725 68 2C914000 push dumped_.0040912C ; 你成功了~!
0040972A 68 03000000 push 3
0040972F BB 00030000 mov ebx,300
00409734 E8 190D0000 call dumped_.0040A452
00409739 83C4 28 add esp,28
0040973C E9 30000000 jmp dumped_.00409771
00409741 6A 00 push 0
00409743 6A 00 push 0
00409745 6A 00 push 0
00409747 68 01030080 push 80000301
0040974C 6A 00 push 0
0040974E 68 00000000 push 0
00409753 68 04000080 push 80000004
00409758 6A 00 push 0
0040975A 68 37914000 push dumped_.00409137 ; 你失败了~!
0040975F 68 03000000 push 3
00409764 BB 00030000 mov ebx,300
00409769 E8 E40C0000 call dumped_.0040A452
0040976E 83C4 28 add esp,28
00409771 8BE5 mov esp,ebp
00409773 5D pop ebp
这个要爆话和你简单..... 空格覆盖了下内存 这个蛮简单的,献丑了
第一个是爆破的
接下来注册码
这个CM感觉都没算法在里边,,就明显的明显字符比较,,不知道是不是这样。。。。
004095FA/.55 PUSH EBP
004095FB|.8BEC MOV EBP,ESP
004095FD|.81EC 18000000 SUB ESP,18
00409603|.C745 FC 00000>MOV DWORD PTR SS:,0
0040960A|.68 00000000 PUSH 0
0040960F|.BB C4060000 MOV EBX,6C4
00409614|.E8 390E0000 CALL Chord.0040A452
00409619|.83C4 04 ADD ESP,4
0040961C|.8945 F0 MOV DWORD PTR SS:,EAX
0040961F|.DB45 F0 FILD DWORD PTR SS:
00409622|.DD5D F0 FSTP QWORD PTR SS:
00409625|.DD45 F0 FLD QWORD PTR SS:
00409628|.DC0D 23914000 FMUL QWORD PTR DS:
0040962E|.DD5D E8 FSTP QWORD PTR SS:
00409631|.DD45 E8 FLD QWORD PTR SS:
00409634|.E8 FDFEFFFF CALL Chord.00409536
00409639|.8945 FC MOV DWORD PTR SS:,EAX
0040963C|.6A FF PUSH -1
0040963E|.6A 08 PUSH 8
00409640|.68 02000116 PUSH 16010002
00409645|.68 01000152 PUSH 52010001
0040964A|.E8 150E0000 CALL Chord.0040A464 ;取假码
0040964F|.83C4 10 ADD ESP,10
00409652|.8945 F8 MOV DWORD PTR SS:,EAX ;假码送到堆栈0012F488
00409655|.68 2B914000 PUSH Chord.0040912B
0040965A|.FF75 F8 PUSH DWORD PTR SS:
0040965D|.E8 FBFEFFFF CALL Chord.0040955D
00409662|.83C4 08 ADD ESP,8
00409665|.83F8 00 CMP EAX,0
00409668|.B8 00000000 MOV EAX,0
0040966D|.0F95C0 SETNE AL
00409670|.8945 F4 MOV DWORD PTR SS:,EAX
00409673|.8B5D F8 MOV EBX,DWORD PTR SS:
00409676|.85DB TEST EBX,EBX
00409678|.74 09 JE SHORT Chord.00409683
0040967A|.53 PUSH EBX ;假码入栈
0040967B|.E8 D80D0000 CALL Chord.0040A458
00409680|.83C4 04 ADD ESP,4
00409683|>837D F4 00 CMP DWORD PTR SS:,0
00409687|.0F84 B4000000 JE Chord.00409741 ;为零就失败
0040968D|.68 01030080 PUSH 80000301
00409692|.6A 00 PUSH 0
00409694|.FF75 FC PUSH DWORD PTR SS:
00409697|.68 01000000 PUSH 1
0040969C|.BB 68010000 MOV EBX,168
004096A1|.E8 AC0D0000 CALL Chord.0040A452 ;取真码
004096A6|.83C4 10 ADD ESP,10
004096A9|.8945 F8 MOV DWORD PTR SS:,EAX ;真码放到堆栈0012F488
004096AC|.6A FF PUSH -1
004096AE|.6A 08 PUSH 8
004096B0|.68 02000116 PUSH 16010002
004096B5|.68 01000152 PUSH 52010001
004096BA|.E8 A50D0000 CALL Chord.0040A464
004096BF|.83C4 10 ADD ESP,10
004096C2|.8945 F4 MOV DWORD PTR SS:,EAX
004096C5|.8B45 F4 MOV EAX,DWORD PTR SS:
004096C8|.50 PUSH EAX
004096C9|.FF75 F8 PUSH DWORD PTR SS:
004096CC|.E8 8CFEFFFF CALL Chord.0040955D
004096D1|.83C4 08 ADD ESP,8
004096D4|.83F8 00 CMP EAX,0
004096D7|.B8 00000000 MOV EAX,0
004096DC|.0F94C0 SETE AL
004096DF|.8945 F0 MOV DWORD PTR SS:,EAX
004096E2|.8B5D F8 MOV EBX,DWORD PTR SS:
004096E5|.85DB TEST EBX,EBX
004096E7|.74 09 JE SHORT Chord.004096F2
004096E9|.53 PUSH EBX
004096EA|.E8 690D0000 CALL Chord.0040A458
004096EF|.83C4 04 ADD ESP,4
004096F2|>8B5D F4 MOV EBX,DWORD PTR SS:
004096F5|.85DB TEST EBX,EBX
004096F7|.74 09 JE SHORT Chord.00409702
004096F9|.53 PUSH EBX
004096FA|.E8 590D0000 CALL Chord.0040A458
004096FF|.83C4 04 ADD ESP,4
00409702|>837D F0 00 CMP DWORD PTR SS:,0
00409706|.0F84 35000000 JE Chord.00409741 ;爆破点
0040970C|.6A 00 PUSH 0
0040970E|.6A 00 PUSH 0
00409710|.6A 00 PUSH 0
00409712|.68 01030080 PUSH 80000301
00409717|.6A 00 PUSH 0
00409719|.68 00000000 PUSH 0
0040971E|.68 04000080 PUSH 80000004
00409723|.6A 00 PUSH 0
00409725|.68 2C914000 PUSH Chord.0040912C
0040972A|.68 03000000 PUSH 3
0040972F|.BB 00030000 MOV EBX,300
00409734|.E8 190D0000 CALL Chord.0040A452
00409739|.83C4 28 ADD ESP,28
0040973C|.E9 30000000 JMP Chord.00409771
00409741|>6A 00 PUSH 0
00409743|.6A 00 PUSH 0
00409745|.6A 00 PUSH 0
00409747|.68 01030080 PUSH 80000301
0040974C|.6A 00 PUSH 0
0040974E|.68 00000000 PUSH 0
00409753|.68 04000080 PUSH 80000004
00409758|.6A 00 PUSH 0
0040975A|.68 37914000 PUSH Chord.00409137
0040975F|.68 03000000 PUSH 3
00409764|.BB 00030000 MOV EBX,300
00409769|.E8 E40C0000 CALL Chord.0040A452 ;失败框
0040976E|.83C4 28 ADD ESP,28
00409771|>8BE5 MOV ESP,EBP
00409773|.5D POP EBP
00409774\.C3 RETN 脱啥壳啊,麻烦,直接搞就成,不会抓图:loveliness: 本帖最后由 wgz001 于 2009-4-25 01:39 编辑
脱啥壳啊,麻烦,直接搞就成,不会抓图:loveliness:
yzhome 发表于 2009-4-24 11:06 http://www.52pojie.cn/images/common/back.gif
可以使用抓图软件截图或者QQ的截图功能 然后直接上传附件选择存储的图片就可以了 练习完.:victory: 手脱都是一分钟的事情... 先拿下来了 回去再看看
页:
[1]
2