破解练习
大家好 我是新手今天刚注册本论坛的用户
来报道一下 希望各位大侠能照顾下
顺便发个小程序给大家练习破解
下载地址 http://www.rayfile.com/files/b0f178b5-ea2c-11de-ba73-0014221b798a/ 原创cm估计有分加 本帖最后由 vienna 于 2009-12-16 19:02 编辑
把加了asprotect的cm放在program flies文件夹里。。要不是易语言有脱壳机我也不会搞的说。
00404EEE 55 push ebp
00404EEF 8BEC mov ebp,esp
00404EF1 81EC 08000000 sub esp,8
00404EF7 6A FF push -1
00404EF9 6A 08 push 8
00404EFB 68 78000116 push 16010078
00404F00 68 01000152 push 52010001
00404F05 E8 D9050000 call dump_.004054E3 ; 取了今天的日期
00404F0A 83C4 10 add esp,10
00404F0D 8945 FC mov dword ptr ss:,eax
00404F10 8B45 FC mov eax,dword ptr ss:
00404F13 50 push eax
00404F14 8B1D 90039F00 mov ebx,dword ptr ds:
00404F1A 85DB test ebx,ebx
00404F1C 74 09 je short dump_.00404F27
00404F1E 53 push ebx
00404F1F E8 B3050000 call dump_.004054D7
00404F24 83C4 04 add esp,4
00404F27 58 pop eax
00404F28 A3 90039F00 mov dword ptr ds:,eax
00404F2D 6A FF push -1
00404F2F 6A 08 push 8
00404F31 68 A0000116 push 160100A0
00404F36 68 01000152 push 52010001
00404F3B E8 A3050000 call dump_.004054E3 ; 好像是取开启时间
00404F40 83C4 10 add esp,10
00404F43 8945 FC mov dword ptr ss:,eax
00404F46 8B45 FC mov eax,dword ptr ss:
00404F49 50 push eax
00404F4A 8B1D 94039F00 mov ebx,dword ptr ds:
00404F50 85DB test ebx,ebx
00404F52 74 09 je short dump_.00404F5D
00404F54 53 push ebx
00404F55 E8 7D050000 call dump_.004054D7
00404F5A 83C4 04 add esp,4
00404F5D 58 pop eax
00404F5E A3 94039F00 mov dword ptr ds:,eax
00404F63 6A FF push -1
00404F65 6A 08 push 8
00404F67 68 12000116 push 16010012
00404F6C 68 0F000152 push 5201000F
00404F71 E8 6D050000 call dump_.004054E3 ; 取账号
00404F76 83C4 10 add esp,10
00404F79 8945 FC mov dword ptr ss:,eax
00404F7C 68 3B314000 push dump_.0040313B
00404F81 FF75 FC push dword ptr ss:
00404F84 E8 0CF7FFFF call dump_.00404695
00404F89 83C4 08 add esp,8
00404F8C 83F8 00 cmp eax,0
00404F8F B8 00000000 mov eax,0
00404F94 0F94C0 sete al
00404F97 8945 F8 mov dword ptr ss:,eax
00404F9A 8B5D FC mov ebx,dword ptr ss:
00404F9D 85DB test ebx,ebx
00404F9F 74 09 je short dump_.00404FAA
00404FA1 53 push ebx
00404FA2 E8 30050000 call dump_.004054D7
00404FA7 83C4 04 add esp,4
00404FAA 837D F8 00 cmp dword ptr ss:,0
00404FAE 0F84 35000000 je dump_.00404FE9 ; 用户名是否为空
00404FB4 6A 00 push 0
00404FB6 6A 00 push 0
00404FB8 6A 00 push 0
00404FBA 68 01030080 push 80000301
00404FBF 6A 00 push 0
00404FC1 68 10000000 push 10
00404FC6 68 04000080 push 80000004
00404FCB 6A 00 push 0
00404FCD 68 3C314000 push dump_.0040313C
00404FD2 68 03000000 push 3
00404FD7 BB 00030000 mov ebx,300
00404FDC E8 FC040000 call dump_.004054DD
00404FE1 83C4 28 add esp,28
00404FE4 E9 9B020000 jmp dump_.00405284
00404FE9 6A FF push -1
00404FEB 6A 08 push 8
00404FED 68 13000116 push 16010013
00404FF2 68 0F000152 push 5201000F
00404FF7 E8 E7040000 call dump_.004054E3 ; 取了密码
00404FFC 83C4 10 add esp,10
00404FFF 8945 FC mov dword ptr ss:,eax
00405002 68 3B314000 push dump_.0040313B
00405007 FF75 FC push dword ptr ss:
0040500A E8 86F6FFFF call dump_.00404695
0040500F 83C4 08 add esp,8
00405012 83F8 00 cmp eax,0
00405015 B8 00000000 mov eax,0
0040501A 0F94C0 sete al
0040501D 8945 F8 mov dword ptr ss:,eax
00405020 8B5D FC mov ebx,dword ptr ss:
00405023 85DB test ebx,ebx
00405025 74 09 je short dump_.00405030
00405027 53 push ebx
00405028 E8 AA040000 call dump_.004054D7
0040502D 83C4 04 add esp,4
00405030 837D F8 00 cmp dword ptr ss:,0
00405034 0F84 35000000 je dump_.0040506F
0040503A 6A 00 push 0
0040503C 6A 00 push 0
0040503E 6A 00 push 0
00405040 68 01030080 push 80000301
00405045 6A 00 push 0
00405047 68 10000000 push 10
0040504C 68 04000080 push 80000004
00405051 6A 00 push 0
00405053 68 47314000 push dump_.00403147
00405058 68 03000000 push 3
0040505D BB 00030000 mov ebx,300
00405062 E8 76040000 call dump_.004054DD
00405067 83C4 28 add esp,28
0040506A E9 15020000 jmp dump_.00405284
0040506F 6A FF push -1
00405071 6A 08 push 8
00405073 68 12000116 push 16010012
00405078 68 0F000152 push 5201000F
0040507D E8 61040000 call dump_.004054E3
00405082 83C4 10 add esp,10
00405085 8945 FC mov dword ptr ss:,eax
00405088 A1 90039F00 mov eax,dword ptr ds:
0040508D 50 push eax
0040508E FF75 FC push dword ptr ss:
00405091 E8 FFF5FFFF call dump_.00404695
00405096 83C4 08 add esp,8
00405099 83F8 00 cmp eax,0
0040509C B8 00000000 mov eax,0
004050A1 0F95C0 setne al
004050A4 8945 F8 mov dword ptr ss:,eax
004050A7 8B5D FC mov ebx,dword ptr ss:
004050AA 85DB test ebx,ebx
004050AC 74 09 je short dump_.004050B7
004050AE 53 push ebx
004050AF E8 23040000 call dump_.004054D7
004050B4 83C4 04 add esp,4
004050B7 837D F8 00 cmp dword ptr ss:,0
004050BB 0F84 35000000 je dump_.004050F6 ; 用户名是否正确,jmp了
004050C1 6A 00 push 0
004050C3 6A 00 push 0
004050C5 6A 00 push 0
004050C7 68 01030080 push 80000301
004050CC 6A 00 push 0
004050CE 68 10000000 push 10
004050D3 68 04000080 push 80000004
004050D8 6A 00 push 0
004050DA 68 52314000 push dump_.00403152
004050DF 68 03000000 push 3
004050E4 BB 00030000 mov ebx,300
004050E9 E8 EF030000 call dump_.004054DD
004050EE 83C4 28 add esp,28
004050F1 E9 8E010000 jmp dump_.00405284
004050F6 6A FF push -1
004050F8 6A 08 push 8
004050FA 68 13000116 push 16010013
004050FF 68 0F000152 push 5201000F
00405104 E8 DA030000 call dump_.004054E3
00405109 83C4 10 add esp,10
0040510C 8945 FC mov dword ptr ss:,eax
0040510F A1 94039F00 mov eax,dword ptr ds:
00405114 50 push eax
00405115 FF75 FC push dword ptr ss:
00405118 E8 78F5FFFF call dump_.00404695
0040511D 83C4 08 add esp,8
00405120 83F8 00 cmp eax,0
00405123 B8 00000000 mov eax,0
00405128 0F95C0 setne al
0040512B 8945 F8 mov dword ptr ss:,eax
0040512E 8B5D FC mov ebx,dword ptr ss:
00405131 85DB test ebx,ebx
00405133 74 09 je short dump_.0040513E
00405135 53 push ebx
00405136 E8 9C030000 call dump_.004054D7
0040513B 83C4 04 add esp,4
0040513E 837D F8 00 cmp dword ptr ss:,0
00405142 0F84 35000000 je dump_.0040517D ; 都是提示用户名错误,不知道检测什么的,直接也是jmp了
00405148 6A 00 push 0
0040514A 6A 00 push 0
0040514C 6A 00 push 0
0040514E 68 01030080 push 80000301
00405153 6A 00 push 0
00405155 68 10000000 push 10
0040515A 68 04000080 push 80000004
0040515F 6A 00 push 0
00405161 68 52314000 push dump_.00403152
00405166 68 03000000 push 3
0040516B BB 00030000 mov ebx,300
00405170 E8 68030000 call dump_.004054DD
00405175 83C4 28 add esp,28
00405178 E9 07010000 jmp dump_.00405284
0040517D 6A FF push -1
0040517F 6A 08 push 8
00405181 68 BF000116 push 160100BF
00405186 68 0F000152 push 5201000F
0040518B E8 53030000 call dump_.004054E3
00405190 83C4 10 add esp,10
00405193 8945 FC mov dword ptr ss:,eax
00405196 68 66314000 push dump_.00403166
0040519B FF75 FC push dword ptr ss:
0040519E E8 F2F4FFFF call dump_.00404695
004051A3 83C4 08 add esp,8
004051A6 83F8 00 cmp eax,0
004051A9 B8 00000000 mov eax,0
004051AE 0F94C0 sete al
004051B1 8945 F8 mov dword ptr ss:,eax
004051B4 8B5D FC mov ebx,dword ptr ss:
004051B7 85DB test ebx,ebx
004051B9 74 09 je short dump_.004051C4
004051BB 53 push ebx
004051BC E8 16030000 call dump_.004054D7
004051C1 83C4 04 add esp,4
004051C4 837D F8 00 cmp dword ptr ss:,0
004051C8 0F84 5C000000 je dump_.0040522A
004051CE 6A 00 push 0
004051D0 6A 00 push 0
004051D2 6A 00 push 0
004051D4 68 01030080 push 80000301
004051D9 6A 00 push 0
004051DB 68 10000000 push 10
004051E0 68 04000080 push 80000004
004051E5 6A 00 push 0
004051E7 68 68314000 push dump_.00403168
004051EC 68 03000000 push 3
004051F1 BB 00030000 mov ebx,300
004051F6 E8 E2020000 call dump_.004054DD
004051FB 83C4 28 add esp,28
004051FE 6A 00 push 0
00405200 6A 00 push 0
00405202 6A 00 push 0
00405204 68 01000100 push 10001
00405209 68 0E000106 push 601000E
0040520E 68 0F000152 push 5201000F
00405213 68 02000000 push 2
00405218 BB 60030000 mov ebx,360
0040521D E8 BB020000 call dump_.004054DD
00405222 83C4 1C add esp,1C
00405225 E9 5A000000 jmp dump_.00405284
0040522A 68 02000080 push 80000002
0040522F 6A 00 push 0
00405231 68 00000000 push 0
00405236 6A 00 push 0
00405238 6A 00 push 0
0040523A 6A 00 push 0
0040523C 68 01000100 push 10001
00405241 68 1B000106 push 601001B
00405246 68 1C000152 push 5201001C
0040524B 68 03000000 push 3
00405250 BB 20030000 mov ebx,320
00405255 E8 83020000 call dump_.004054DD
0040525A 83C4 28 add esp,28
0040525D 6A 00 push 0
0040525F 6A 00 push 0
00405261 6A 00 push 0
00405263 68 01000100 push 10001
00405268 68 0E000106 push 601000E
0040526D 68 0F000152 push 5201000F
00405272 68 02000000 push 2
00405277 BB 60030000 mov ebx,360
0040527C E8 5C020000 call dump_.004054DD
00405281 83C4 1C add esp,1C
00405284 8BE5 mov esp,ebp
00405286 5D pop ebp
00405287 C3 retn
本帖最后由 小黑冰 于 2009-12-16 19:51 编辑
挖```破解你这东西破解了我25分钟 呵呵`````
你这CM主要功能就是:
1.直接调用型CM运行了你这主程序 然后就会在C:\Program Files目录生成一个kill.exe的文件,然后运行调用生成的kill.exe还加了ASPROT 2.0 的壳```:'(weeqw
2.帐号取今天的日期:如:20091216
3.密码取今天的时间:如:193130
破解方法有几种:
修改系统时间
暴破
写个注册机
0040AEEEpush ebp
0040AEEFmov ebp,esp
0040AEF1sub esp,8
0040AEF7push -1
0040AEF9push 8
0040AEFBpush 16010078
0040AF00push 52010001
0040AF05call de_kill_.0040B4E3
0040AF0Aadd esp,10
0040AF0Dmov dword ptr ss:,eax
0040AF10mov eax,dword ptr ss: ; 20091216
0040AF13push eax
0040AF14mov ebx,dword ptr ds:
0040AF1Atest ebx,ebx
0040AF1Cje short de_kill_.0040AF27
0040AF1Epush ebx
0040AF1Fcall de_kill_.0040B4D7 ; eax=1
0040AF24add esp,4
0040AF27pop eax
0040AF28mov dword ptr ds:,eax
0040AF2Dpush -1
0040AF2Fpush 8
0040AF31push 160100A0
0040AF36push 52010001
0040AF3Bcall de_kill_.0040B4E3 ; 19166
0040AF40add esp,10
0040AF43mov dword ptr ss:,eax
0040AF46mov eax,dword ptr ss:
0040AF49push eax
0040AF4Amov ebx,dword ptr ds:
0040AF50test ebx,ebx
0040AF52je short de_kill_.0040AF5D
0040AF54push ebx
0040AF55call de_kill_.0040B4D7
0040AF5Aadd esp,4
0040AF5Dpop eax
0040AF5Emov dword ptr ds:,eax
0040AF63push -1
0040AF65push 8
0040AF67push 16010012
0040AF6Cpush 5201000F
0040AF71call de_kill_.0040B4E3 ; 获取我们输入的用户名
0040AF76add esp,10
0040AF79mov dword ptr ss:,eax
0040AF7Cpush de_kill_.0040913B
0040AF81push dword ptr ss:
0040AF84call de_kill_.0040A695 ; EAX=1
0040AF89add esp,8
0040AF8Ccmp eax,0
0040AF8Fmov eax,0
0040AF94sete al
0040AF97mov dword ptr ss:,eax
0040AF9Amov ebx,dword ptr ss:
0040AF9Dtest ebx,ebx
0040AF9Fje short de_kill_.0040AFAA
0040AFA1push ebx
0040AFA2call de_kill_.0040B4D7 ; EAX=1
0040AFA7add esp,4
0040AFAAcmp dword ptr ss:,0
0040AFAEje de_kill_.0040AFE9 ; 1
0040AFB4push 0
0040AFB6push 0
0040AFB8push 0
0040AFBApush 80000301
0040AFBFpush 0
0040AFC1push 10
0040AFC6push 80000004
0040AFCBpush 0
0040AFCDpush de_kill_.0040913C
0040AFD2push 3
0040AFD7mov ebx,300
0040AFDCcall de_kill_.0040B4DD
0040AFE1add esp,28
0040AFE4jmp de_kill_.0040B284
0040AFE9push -1
0040AFEBpush 8
0040AFEDpush 16010013
0040AFF2push 5201000F
0040AFF7call de_kill_.0040B4E3 ; 获取我们输入的密码
0040AFFCadd esp,10
0040AFFFmov dword ptr ss:,eax
0040B002push de_kill_.0040913B
0040B007push dword ptr ss:
0040B00Acall de_kill_.0040A695
0040B00Fadd esp,8
0040B012cmp eax,0
0040B015mov eax,0
0040B01Asete al
0040B01Dmov dword ptr ss:,eax
0040B020mov ebx,dword ptr ss:
0040B023test ebx,ebx
0040B025je short de_kill_.0040B030
0040B027push ebx
0040B028call de_kill_.0040B4D7
0040B02Dadd esp,4
0040B030cmp dword ptr ss:,0
0040B034je de_kill_.0040B06F
0040B03Apush 0
0040B03Cpush 0
0040B03Epush 0
0040B040push 80000301
0040B045push 0
0040B047push 10
0040B04Cpush 80000004
0040B051push 0
0040B053push de_kill_.00409147
0040B058push 3
0040B05Dmov ebx,300
0040B062call de_kill_.0040B4DD
0040B067add esp,28
0040B06Ajmp de_kill_.0040B284
0040B06Fpush -1
0040B071push 8
0040B073push 16010012
0040B078push 5201000F
0040B07Dcall de_kill_.0040B4E3 ; 取我们输入的用户名与程序取的系统日期比较
0040B082add esp,10
0040B085mov dword ptr ss:,eax
0040B088mov eax,dword ptr ds:
0040B08Dpush eax
0040B08Epush dword ptr ss:
0040B091call de_kill_.0040A695
0040B096add esp,8
0040B099cmp eax,0
0040B09Cmov eax,0
0040B0A1setne al
0040B0A4mov dword ptr ss:,eax
0040B0A7mov ebx,dword ptr ss:
0040B0AAtest ebx,ebx
0040B0ACje short de_kill_.0040B0B7
0040B0AEpush ebx
0040B0AFcall de_kill_.0040B4D7 ; 比较
0040B0B4add esp,4
0040B0B7cmp dword ptr ss:,0
0040B0BBje de_kill_.0040B0F6 ; 用户名输入正确就跳过错误窗口
0040B0C1push 0
0040B0C3push 0
0040B0C5push 0
0040B0C7push 80000301
0040B0CCpush 0
0040B0CEpush 10
0040B0D3push 80000004
0040B0D8push 0
0040B0DApush de_kill_.00409152
0040B0DFpush 3
0040B0E4mov ebx,300
0040B0E9call de_kill_.0040B4DD ; boax
0040B0EEadd esp,28
0040B0F1jmp de_kill_.0040B284
0040B0F6push -1
0040B0F8push 8
0040B0FApush 16010013
0040B0FFpush 5201000F
0040B104call de_kill_.0040B4E3 ; 获取我们输入的密码与程序取的时分秒比较
0040B109add esp,10
0040B10Cmov dword ptr ss:,eax
0040B10Fmov eax,dword ptr ds:
0040B114push eax
0040B115push dword ptr ss:
0040B118call de_kill_.0040A695
0040B11Dadd esp,8 ; 193130
0040B120cmp eax,0
0040B123mov eax,0
0040B128setne al
0040B12Bmov dword ptr ss:,eax
0040B12Emov ebx,dword ptr ss:
0040B131test ebx,ebx
0040B133je short de_kill_.0040B13E
0040B135push ebx
0040B136call de_kill_.0040B4D7
0040B13Badd esp,4
0040B13Ecmp dword ptr ss:,0
0040B142je de_kill_.0040B17D ; 输入正确的密码就跳过错误窗口
0040B148push 0
0040B14Apush 0
0040B14Cpush 0
0040B14Epush 80000301
0040B153push 0
0040B155push 10
0040B15Apush 80000004
0040B15Fpush 0
0040B161push de_kill_.00409152
0040B166push 3
0040B16Bmov ebx,300
0040B170call de_kill_.0040B4DD :curse::curse:
你们破解一个程序几分钟就好
哎。我破解一个程序花了我一个多月都搞不懂它要怎么破解。:'(weeqw 呵呵慢慢来 学习下,谢谢了 本帖最后由 小黑冰 于 2009-12-17 00:17 编辑
:curse::curse:
你们破解一个程序几分钟就好
哎。我破解一个程序花了我一个多月都搞不懂它要怎么破解。:'(weeqw
JEP 发表于 2009-12-16 20:06 http://www.52pojie.cn/images/common/back.gif
呵呵`````楼主编程厉害·``!!! 这个cm以前遇到过类似的程序。
好像是个什么外挂。
页:
[1]
2