wssb999 发表于 2014-6-13 09:14

新手CM 无壳无花 业界良心

CM就是要有一定难度 ,但是别太难 ,太难了搞得没信心,有一点难度搞定了可以提高兴趣,我这个写的很简单,但是有一个小小的障眼法,大家看看玩玩吧
CM下载地址:链接:http://pan.baidu.com/s/1dDf8bnj 密码:xtib

成功截图:


九零-鑫鑫 发表于 2014-6-13 16:45

本帖最后由 九零-鑫鑫 于 2014-6-13 17:00 编辑

00401610 . 6A FF push -0x1
00401612 . 68 90264300 push 00432690
00401617 . 64:A1 00000000 mov eax, dword ptr fs:
0040161D . 50 push eax
0040161E . 83EC 0C sub esp, 0xC
00401621 . 56 push esi
00401622 . 57 push edi
00401623 . A1 F0154400 mov eax, dword ptr
00401628 . 33C4 xor eax, esp
0040162A . 50 push eax
0040162B . 8D4424 18 lea eax, dword ptr
0040162F . 64:A3 00000000 mov dword ptr fs:, eax
00401635 . 8BF1 mov esi, ecx
00401637 . E8 20BD0000 call 0040D35C
0040163C . 33C9 xor ecx, ecx
0040163E . 85C0 test eax, eax
00401640 . 0F95C1 setne cl
00401643 . 85C9 test ecx, ecx
00401645 . 75 0A jnz short 00401651
00401647 . 68 05400080 push 0x80004005
0040164C . E8 6F090000 call 00401FC0
00401651 > 8B10 mov edx, dword ptr
00401653 . 8BC8 mov ecx, eax
00401655 . 8B42 0C mov eax, dword ptr
00401658 . FFD0 call eax
0040165A . 83C0 10 add eax, 0x10
0040165D . 894424 0C mov dword ptr , eax
00401661 . C74424 20 00000>mov dword ptr , 0x0
00401669 . E8 EEBC0000 call 0040D35C
0040166E . 33C9 xor ecx, ecx
00401670 . 85C0 test eax, eax
00401672 . 0F95C1 setne cl
00401675 . 85C9 test ecx, ecx
00401677 . 75 0A jnz short 00401683
00401679 . 68 05400080 push 0x80004005
0040167E . E8 3D090000 call 00401FC0
00401683 > 8B10 mov edx, dword ptr
00401685 . 8BC8 mov ecx, eax
00401687 . 8B42 0C mov eax, dword ptr
0040168A . FFD0 call eax
0040168C . 83C0 10 add eax, 0x10
0040168F . 894424 10 mov dword ptr , eax
00401693 . 8D4C24 0C lea ecx, dword ptr
00401697 . 51 push ecx
00401698 . 8D8E D0000000 lea ecx, dword ptr
0040169E . C64424 24 01 mov byte ptr , 0x1
004016A3 . E8 C6870000 call 00409E6E ; 取用户名并返回长度
004016A8 . 8D5424 10 lea edx, dword ptr
004016AC . 52 push edx
004016AD . 8D8E 78010000 lea ecx, dword ptr
004016B3 . E8 B6870000 call 00409E6E
004016B8 . 8B4424 0C mov eax, dword ptr
004016BC . 68 678F4300 push 00438F67
004016C1 . 50 push eax
004016C2 . C74424 1C 00000>mov dword ptr , 0x0
004016CA . E8 FCDB0100 call 0041F2CB ; 取序列号并返回长度
004016CF . 83C4 08 add esp, 0x8
004016D2 . 85C0 test eax, eax
004016D4 . 0F95C0 setne al
004016D7 . 84C0 test al, al
004016D9 74 7A je short 00401755 ; 如果都是空的就提示
004016DB . 8B4C24 10 mov ecx, dword ptr
004016DF . 68 678F4300 push 00438F67
004016E4 . 51 push ecx
004016E5 . E8 E1DB0100 call 0041F2CB
004016EA . 83C4 08 add esp, 0x8
004016ED . 85C0 test eax, eax
004016EF . 0F95C0 setne al
004016F2 . 84C0 test al, al
004016F4 74 5F je short 00401755 ; 如果都是空的就提示
004016F6 . 8B5424 0C mov edx, dword ptr
004016FA . 837A F4 14 cmp dword ptr , 0x14
004016FE 75 65 jnz short 00401765 ; 创建文件 reg.ini
00401700 . 6A 00 push 0x0 ; /hTemplateFile = NULL
00401702 . 68 80000000 push 0x80 ; |Attributes = NORMAL
00401707 . 6A 02 push 0x2 ; |Mode = CREATE_ALWAYS
00401709 . 6A 00 push 0x0 ; |pSecurity = NULL
0040170B . 6A 02 push 0x2 ; |ShareMode = FILE_SHARE_WRITE
0040170D . 68 00000040 push 0x40000000 ; |Access = GENERIC_WRITE
00401712 . 68 D08B4300 push 00438BD0 ; |c:\reg.ini
00401717 . FF15 9C324300 call dword ptr [<&KERNEL32.CreateFile>; \CreateFileA
0040171D . 8BF8 mov edi, eax
0040171F . 6A 00 push 0x0 ; /pOverlapped = NULL
00401721 . 8D4424 18 lea eax, dword ptr ; |
00401725 . 50 push eax ; |pBytesWritten
00401726 . 8B4424 14 mov eax, dword ptr ; |
0040172A . 8B48 F4 mov ecx, dword ptr ; |将注册码写入文件 009A6A20
0040172D . 51 push ecx ; |nBytesToWrite
0040172E . 50 push eax ; |Buffer
0040172F . 57 push edi ; |hFile
00401730 . FF15 98324300 call dword ptr [<&KERNEL32.WriteFile>>; \WriteFile
00401736 . 57 push edi ; /hObject
00401737 . FF15 94324300 call dword ptr [<&KERNEL32.CloseHandl>; \CloseHandle 关闭文件句柄
0040173D . 6A 00 push 0x0
0040173F . 6A 00 push 0x0
00401741 . 68 DC8B4300 push 00438BDC ; 验证通过,请重启软件!
00401746 . 8BCE mov ecx, esi
00401748 . E8 E3640000 call 00407C30
0040174D . 6A 00 push 0x0 ; /ExitCode = 0x0
0040174F . FF15 90324300 call dword ptr [<&KERNEL32.ExitProces>; \ExitProcess
00401755 > 6A 00 push 0x0
00401757 . 6A 00 push 0x0
00401759 . 68 F48B4300 push 00438BF4 ; 用户名和序列号不可为空!
0040175E . 8BCE mov ecx, esi
00401760 . E8 CB640000 call 00407C30
00401765 > C64424 20 00 mov byte ptr , 0x0
0040176A . 8B4424 10 mov eax, dword ptr
0040176E . 83C0 F0 add eax, -0x10
00401771 . 8D50 0C lea edx, dword ptr
00401774 . 83C9 FF or ecx, 0xFFFFFFFF
00401777 . F0:0FC10A lock xadd dword ptr , ecx
0040177B . 49 dec ecx
0040177C . 85C9 test ecx, ecx
0040177E . 7F 0A jg short 0040178A
00401780 . 8B08 mov ecx, dword ptr
00401782 . 8B11 mov edx, dword ptr
00401784 . 50 push eax
00401785 . 8B42 04 mov eax, dword ptr
00401788 . FFD0 call eax
0040178A > C74424 20 FFFFF>mov dword ptr , -0x1
00401792 . 8B4424 0C mov eax, dword ptr
00401796 . 83C0 F0 add eax, -0x10
00401799 . 8D48 0C lea ecx, dword ptr
0040179C . 83CA FF or edx, 0xFFFFFFFF
0040179F . F0:0FC111 lock xadd dword ptr , edx
004017A3 . 4A dec edx
004017A4 . 85D2 test edx, edx
004017A6 . 7F 0A jg short 004017B2
004017A8 . 8B08 mov ecx, dword ptr
004017AA . 8B11 mov edx, dword ptr
004017AC . 50 push eax
004017AD . 8B42 04 mov eax, dword ptr
004017B0 . FFD0 call eax
004017B2 > 8B4C24 18 mov ecx, dword ptr
004017B6 . 64:890D 0000000>mov dword ptr fs:, ecx
004017BD . 59 pop ecx
004017BE . 5F pop edi
004017BF . 5E pop esi
004017C0 . 83C4 18 add esp, 0x18
004017C3 . C3 retn


.... 下班了 明天上班在研究这个重启验证

wssb999 发表于 2014-6-13 09:15

自己顶一个

、Psycho 发表于 2014-6-13 09:26

{:1_932:}膜拜大神,我小菜还不会 嘿嘿

892644330 发表于 2014-6-13 09:34

灵光丶Fiycix 发表于 2014-6-13 10:34

已经玩烂。。

浪子修罗 发表于 2014-6-13 12:03

看看吧先。。。。

currwin 发表于 2014-6-13 14:21

师傅的cm,谁玩得起

wssb999 发表于 2014-6-13 15:51

qq516145704 发表于 2014-6-13 10:34
已经玩烂。。

求截图 师傅

currwin 发表于 2014-6-13 16:25

本帖最后由 currwin 于 2014-6-13 16:29 编辑

   感谢师傅对我的热切指导!!!!

页: [1] 2
查看完整版本: 新手CM 无壳无花 业界良心