XX百剂医药管理系统II TOP V8.1.5.26447破解图文
本帖最后由 潇未然 于 2019-6-6 22:36 编辑查找A5A5
二.跟踪到00AC6916处,段首有14处调用,看倒数第2处。00AC66DF 三.00AC66DF 处向上到段首,有5处调用,00AC66AF $53 push ebx <=== 这里有5处调用,在倒数第一00AC66B0 .BB 90030E01 mov ebx,UClient.010E039000AC66B5 .52 push edx00AC66B6 .51 push ecx00AC66B7 .B8 7C5CAC00 mov eax,UClient.00AC5C7C00AC66BC .8903 mov dword ptr ds:,eax00AC66BE .51 push ecx00AC66BF .31C9 xor ecx,ecx00AC66C1 .E3 01 jecxz short UClient.00AC66C400AC66C3 .98 cwde00AC66C4 >59 pop ecx00AC66C5 .C743 08 64000>mov dword ptr ds:,6400AC66CC .79 03 jns short UClient.00AC66D100AC66CE .78 01 js short UClient.00AC66D100AC66D0 76 db 76 ;CHAR 'v'00AC66D1 .B8 3961AC00 mov eax,UClient.00AC613900AC66D6 .8943 04 mov dword ptr ds:,eax00AC66D9 .FF73 08 push dword ptr ds:00AC66DC .50 push eax00AC66DD .FF33 push dword ptr ds:00AC66DF .E8 1C020000 call UClient.00AC6900
四、跳转到调用处,向下看,找特殊字符。
00AAD304 $55 push ebp 00AAD305 .8BEC mov ebp,esp00AAD307 .83C4 D0 add esp,-3000AAD30A .53 push ebx00AAD30B .56 push esi00AAD30C .57 push edi00AAD30D .33C0 xor eax,eax00AAD30F .8945 D0 mov dword ptr ss:,eax00AAD312 .8945 F8 mov dword ptr ss:,eax00AAD315 .8945 F4 mov dword ptr ss:,eax00AAD318 .BE C04F1001 mov esi,UClient.01104FC000AAD31D .33C0 xor eax,eax00AAD31F .55 push ebp00AAD320 .68 D2D4AA00 push UClient.00AAD4D200AAD325 .64:FF30 push dword ptr fs:00AAD328 .64:8920 mov dword ptr fs:,esp00AAD32B .C745 FC FFFFF>mov dword ptr ss:,-100AAD332 .33C0 xor eax,eax00AAD334 .A3 E44F1001 mov dword ptr ds:,eax00AAD339 .33C0 xor eax,eax00AAD33B .A3 F04F1001 mov dword ptr ds:,eax00AAD340 .E8 6A930100 call UClient.00AC66AF调用在这里00AAD345 .8906 mov dword ptr ds:,eax00AAD347 .33DB xor ebx,ebx00AAD349 >E8 E66095FF call UClient.0040343400AAD34E .B8 E8030000 mov eax,3E800AAD353 .E8 886795FF call UClient.00403AE000AAD358 .B9 03000000 mov ecx,300AAD35D .99 cdq00AAD35E .F7F9 idiv ecx00AAD360 .85D2 test edx,edx00AAD362 .75 09 jnz short UClient.00AAD36D00AAD364 .8BC3 mov eax,ebx00AAD366 .F7EB imul ebx00AAD368 .83C0 7A add eax,7A00AAD36B .8906 mov dword ptr ds:,eax00AAD36D >43 inc ebx00AAD36E .81FB E9030000 cmp ebx,3E900AAD374 .^ 75 D3 jnz short UClient.00AAD34900AAD376 .E8 FD910100 call UClient.00AC657800AAD37B .8906 mov dword ptr ds:,eax00AAD37D .33C0 xor eax,eax00AAD37F .55 push ebp00AAD380 .68 D1D3AA00 push UClient.00AAD3D100AAD385 .64:FF30 push dword ptr fs:00AAD388 .64:8920 mov dword ptr fs:,esp00AAD38B .B8 65000000 mov eax,6500AAD390 .2B06 sub eax,dword ptr ds:00AAD392 .50 push eax00AAD393 .8D45 F8 lea eax,dword ptr ss:00AAD396 .B9 01000000 mov ecx,100AAD39B .8B15 E0D2AA00 mov edx,dword ptr ds: ;UClient.00AAD2E400AAD3A1 .E8 1A9E95FF call UClient.004071C000AAD3A6 .83C4 04 add esp,400AAD3A9 .B8 65000000 mov eax,6500AAD3AE .2B06 sub eax,dword ptr ds:00AAD3B0 .50 push eax00AAD3B1 .8D45 F4 lea eax,dword ptr ss:00AAD3B4 .B9 01000000 mov ecx,100AAD3B9 .8B15 E0D2AA00 mov edx,dword ptr ds: ;UClient.00AAD2E400AAD3BF .E8 FC9D95FF call UClient.004071C000AAD3C4 .83C4 04 add esp,400AAD3C7 .33C0 xor eax,eax00AAD3C9 .5A pop edx00AAD3CA .59 pop ecx00AAD3CB .59 pop ecx00AAD3CC .64:8910 mov dword ptr fs:,edx00AAD3CF .EB 14 jmp short UClient.00AAD3E500AAD3D1 .^ E9 0A7A95FF jmp UClient.00404DE000AAD3D6 .E8 317E95FF call UClient.0040520C00AAD3DB .E9 C9000000 jmp UClient.00AAD4A900AAD3E0 .E8 277E95FF call UClient.0040520C00AAD3E5 >47 inc edi00AAD3E6 .0F84 BD000000 je UClient.00AAD4A900AAD3EC .33DB xor ebx,ebx00AAD3EE >8B45 F8 mov eax,dword ptr ss:00AAD3F1 .8B16 mov edx,dword ptr ds:00AAD3F3 .891498 mov dword ptr ds:,edx00AAD3F6 .43 inc ebx00AAD3F7 .83FB 65 cmp ebx,6500AAD3FA .^ 75 F2 jnz short UClient.00AAD3EE00AAD3FC .33DB xor ebx,ebx00AAD3FE >8B45 F8 mov eax,dword ptr ss:00AAD401 .8B0498 mov eax,dword ptr ds:00AAD404 .8B55 F4 mov edx,dword ptr ss:00AAD407 .89049A mov dword ptr ds:,eax00AAD40A .43 inc ebx00AAD40B .83FB 65 cmp ebx,6500AAD40E .^ 75 EE jnz short UClient.00AAD3FE00AAD410 .833E 00 cmp dword ptr ds:,000AAD413 .0F85 90000000 jnz UClient.00AAD4A900AAD419 .8B45 F4 mov eax,dword ptr ss:00AAD41C .83B8 90010000>cmp dword ptr ds:,000AAD423 .0F85 80000000 jnz UClient.00AAD4A900AAD429 .8D45 D6 lea eax,dword ptr ss:00AAD42C .A3 F84F1001 mov dword ptr ds:,eax<=====注意这个字符串,关键字符串
00AAD431 .C645 D5 08 mov byte ptr ss:,800AAD435 .C705 EC4F1001>mov dword ptr ds:,800AAD43F .33C0 xor eax,eax00AAD441 .A3 E84F1001 mov dword ptr ds:,eax<=====注意这个字符串,关键字符串
00AAD446 .33DB xor ebx,ebx00AAD448 >E8 E75F95FF call UClient.0040343400AAD44D .B8 E8030000 mov eax,3E800AAD452 .E8 896695FF call UClient.00403AE000AAD457 .B9 03000000 mov ecx,300AAD45C .99 cdq00AAD45D .F7F9 idiv ecx00AAD45F .85D2 test edx,edx00AAD461 .75 09 jnz short UClient.00AAD46C00AAD463 .8BC3 mov eax,ebx00AAD465 .F7EB imul ebx00AAD467 .83C0 7A add eax,7A00AAD46A .8906 mov dword ptr ds:,eax00AAD46C >43 inc ebx00AAD46D .81FB E9030000 cmp ebx,3E900AAD473 .^ 75 D3 jnz short UClient.00AAD44800AAD475 .E8 3F910100 call UClient.00AC65B900AAD47A .8906 mov dword ptr ds:,eax00AAD47C .8D45 D0 lea eax,dword ptr ss:00AAD47F .8D55 D5 lea edx,dword ptr ss:00AAD482 .E8 198695FF call UClient.00405AA000AAD487 .8B45 D0 mov eax,dword ptr ss:00AAD48A .8B15 A0330E01 mov edx,dword ptr ds: ;UClient.010EBAEC00AAD490 .8B12 mov edx,dword ptr ds:00AAD492 .E8 C5F695FF call UClient.0040CB5C00AAD497 .84C0 test al,al00AAD499 .74 07 je short UClient.00AAD4A200AAD49B .33C0 xor eax,eax00AAD49D .8945 FC mov dword ptr ss:,eax00AAD4A0 .EB 07 jmp short UClient.00AAD4A900AAD4A2 >C745 FC FEFFF>mov dword ptr ss:,-200AAD4A9 >33C0 xor eax,eax00AAD4AB .5A pop edx00AAD4AC .59 pop ecx00AAD4AD .59 pop ecx00AAD4AE .64:8910 mov dword ptr fs:,edx00AAD4B1 .68 D9D4AA00 push UClient.00AAD4D900AAD4B6 >8D45 D0 lea eax,dword ptr ss:00AAD4B9 .E8 7E8395FF call UClient.0040583C00AAD4BE .8D45 F4 lea eax,dword ptr ss:00AAD4C1 .8B15 E0D2AA00 mov edx,dword ptr ds: ;UClient.00AAD2E400AAD4C7 .B9 02000000 mov ecx,200AAD4CC .E8 F79195FF call UClient.004066C800AAD4D1 .C3 retn00AAD4D2 .^ E9 BD7B95FF jmp UClient.0040509400AAD4D7 .^ EB DD jmp short UClient.00AAD4B600AAD4D9 .8B45 FC mov eax,dword ptr ss:00AAD4DC .5F pop edi00AAD4DD .5E pop esi00AAD4DE .5B pop ebx00AAD4DF .8BE5 mov esp,ebp00AAD4E1 .5D pop ebp00AAD4E2 .C3 retn回到A5A5代码处写二进制软狗;
8A 44 24 04 3C 64 75 03 33 C0 C3 3C 01 75 03 33 C0 C3 A1 F8 4F 10 01 8B 0D E8 4F 10 01 80 F9 0075 17 C7 00 33 30 38 30 C7 40 04 30 30 31 30 C7 40 08 39 36 00 00 33 C0 C3 80 F9 28 75 09 C7 0001 00 00 00 33 C0 C3 80 F9 2C 75 09 C7 00 9C FF FF FF 33 C0 C3 80 F9 C2 75 09 66 C7 00 54 52 9033 C0 C3 80 F9 91 75 09 66 C7 00 D8 65 90 33 C0 C3 80 F9 93 75 09 66 C7 00 BF 05 90 33 C0 C3 80F9 97 75 17 C7 00 32 30 31 32 C7 40 04 2D 30 31 2D C7 40 08 31 35 00 00 33 C0 C3 80 F9 47 75 3AC7 00 C8 CA BA CD C7 40 04 BB DD C3 F1 C7 40 08 D2 A9 B7 BF C7 40 0C 00 00 00 00 C7 40 10 00 0000 00 C7 40 14 00 00 00 00 C7 40 18 00 00 00 00 C7 40 1C 00 00 00 00 33 C0 C3 80 F9 8D 75 09 66C7 00 32 32 90 33 C0 C3 80 F9 A1 75 17 C7 00 32 30 31 32 C7 40 04 2D 30 31 2D C7 40 08 31 36 0000 33 C0 C3 80 F9 B5 75 14 C7 00 31 34 32 31 C7 40 04 35 38 35 36 C7 40 08 36 39 37 32 33 C0 C333 C0
00AC49B2 8A4424 04 mov al,byte ptr ss:00AC49B6 3C 64 cmp al,6400AC49B8 75 03 jnz short UClient.00AC49BD00AC49BA 33C0 xor eax,eax00AC49BC C3 retn00AC49BD 3C 01 cmp al,100AC49BF 75 03 jnz short UClient.00AC49C400AC49C1 33C0 xor eax,eax00AC49C3 C3 retn00AC49C4 A1 F84F1001 mov eax,dword ptr ds:00AC49C9 8B0D E84F1001 mov ecx,dword ptr ds:00AC49CF 80F9 00 cmp cl,000AC49D2 75 17 jnz short UClient.00AC49EB00AC49D4 C700 33303830 mov dword ptr ds:,3038303300AC49DA C740 04 30303>mov dword ptr ds:,3031303000AC49E1 C740 08 39360>mov dword ptr ds:,363900AC49E8 33C0 xor eax,eax00AC49EA C3 retn00AC49EB 80F9 28 cmp cl,2800AC49EE 75 09 jnz short UClient.00AC49F900AC49F0 C700 01000000 mov dword ptr ds:,100AC49F6 33C0 xor eax,eax00AC49F8 C3 retn00AC49F9 80F9 2C cmp cl,2C00AC49FC 75 09 jnz short UClient.00AC4A0700AC49FE C700 9CFFFFFF mov dword ptr ds:,-6400AC4A04 33C0 xor eax,eax00AC4A06 C3 retn00AC4A07 80F9 C2 cmp cl,0C200AC4A0A 75 09 jnz short UClient.00AC4A1500AC4A0C 66:C700 5452mov word ptr ds:,525400AC4A11 90 nop00AC4A12 33C0 xor eax,eax00AC4A14 C3 retn00AC4A15 80F9 91 cmp cl,9100AC4A18 75 09 jnz short UClient.00AC4A2300AC4A1A 66:C700 D865mov word ptr ds:,65D800AC4A1F 90 nop00AC4A20 33C0 xor eax,eax00AC4A22 C3 retn00AC4A23 80F9 93 cmp cl,9300AC4A26 75 09 jnz short UClient.00AC4A3100AC4A28 66:C700 BF05mov word ptr ds:,5BF00AC4A2D 90 nop00AC4A2E 33C0 xor eax,eax00AC4A30 C3 retn00AC4A31 80F9 97 cmp cl,9700AC4A34 75 17 jnz short UClient.00AC4A4D00AC4A36 C700 32303132 mov dword ptr ds:,3231303200AC4A3C C740 04 2D303>mov dword ptr ds:,2D31302D00AC4A43 C740 08 31350>mov dword ptr ds:,353100AC4A4A 33C0 xor eax,eax00AC4A4C C3 retn00AC4A4D 80F9 47 cmp cl,4700AC4A50 75 3A jnz short UClient.00AC4A8C00AC4A52 C700 C8CABACD mov dword ptr ds:,CDBACAC800AC4A58 C740 04 BBDDC>mov dword ptr ds:,F1C3DDBB00AC4A5F C740 08 D2A9B>mov dword ptr ds:,BFB7A9D200AC4A66 C740 0C 00000>mov dword ptr ds:,0 ;Case 0 of switch 00AC4A5100AC4A6D C740 10 00000>mov dword ptr ds:,000AC4A74 C740 14 00000>mov dword ptr ds:,0 ;Case 10 of switch 00AC4A5100AC4A7B C740 18 00000>mov dword ptr ds:,000AC4A82 C740 1C 00000>mov dword ptr ds:,000AC4A89 33C0 xor eax,eax00AC4A8B C3 retn00AC4A8C 80F9 8D cmp cl,8D00AC4A8F 75 09 jnz short UClient.00AC4A9A00AC4A91 66:C700 3232mov word ptr ds:,323200AC4A96 90 nop00AC4A97 33C0 xor eax,eax00AC4A99 C3 retn00AC4A9A 80F9 A1 cmp cl,0A100AC4A9D 75 17 jnz short UClient.00AC4AB600AC4A9F C700 32303132 mov dword ptr ds:,3231303200AC4AA5 C740 04 2D303>mov dword ptr ds:,2D31302D00AC4AAC C740 08 31360>mov dword ptr ds:,363100AC4AB3 33C0 xor eax,eax00AC4AB5 C3 retn00AC4AB6 80F9 B5 cmp cl,0B500AC4AB9 75 14 jnz short UClient.00AC4ACF00AC4ABB C700 31343231 mov dword ptr ds:,3132343100AC4AC1 C740 04 35383>mov dword ptr ds:,3635383500AC4AC8 C740 08 36393>mov dword ptr ds:,3237393600AC4ACF 33C0 xor eax,eax00AC4AD1 C3 retn00AC4AD2 33C0 xor eax,eax
收费模块破解:(门诊管理、发货、远程审方)查找关键字“本功能需要单独付费购买注册后才可使用”,然后到段首。00AFAAD8 55 push ebp => mov al,100AFAAD9 8BEC mov ebp,esp => retn00AFAADB|.83C4 F0 add esp,-1000AFAADE|.53 push ebx00AFAADF|.56 push esi00AFAAE0|.57 push edi00AFAAE1|.8BF0 mov esi,eax00AFAAE3|.8D7D F0 lea edi,00AFAAE6|.A5 movs dword ptr es:,dword ptr ds:00AFAAE7|.A5 movs dword ptr es:,dword ptr ds:00AFAAE8|.A5 movs dword ptr es:,dword ptr ds:00AFAAE9|.A5 movs dword ptr es:,dword ptr ds:00AFAAEA|.8D45 F0 lea eax,00AFAAED|.E8 DA3392FF call UClient.0041DECC00AFAAF2|.33C0 xor eax,eax00AFAAF4|.55 push ebp00AFAAF5|.68 ADABAF00 push UClient.00AFABAD00AFAAFA|.64:FF30 push dword ptr fs:00AFAAFD|.64:8920 mov dword ptr fs:,esp00AFAB00|.33DB xor ebx,ebx00AFAB02|.33D2 xor edx,edx00AFAB04|.8D45 F0 lea eax,00AFAB07|.E8 18F0FFFF call UClient.00AF9B2400AFAB0C|.83F8 FF cmp eax,-100AFAB0F|.75 3E jnz short UClient.00AFAB4F00AFAB11|.6A 24 push 2400AFAB13|.6A 00 push 000AFAB15|.A1 603F0E01 mov eax,dword ptr ds:00AFAB1A|.8B00 mov eax,dword ptr ds:00AFAB1C|.B9 C8ABAF00 mov ecx,UClient.00AFABC8 ;提示00AFAB21|.BA D8ABAF00 mov edx,UClient.00AFABD8 ;本功能需要单独付费购买注册后才可使用,你是否需要注册证书?\n证书文件需要向经销商购买!00AFAB26 E8 C5D35800 call UClient.01087EF000AFAB2B|.83F8 06 cmp eax,600AFAB2E|.75 67 jnz short UClient.00AFAB9700AFAB30|.33D2 xor edx,edx00AFAB32|.8D45 F0 lea eax,00AFAB35|.E8 26EFFFFF call UClient.00AF9A6000AFAB3A|.84C0 test al,al00AFAB3C|.74 59 je short UClient.00AFAB9700AFAB3E|.33D2 xor edx,edx00AFAB40|.8D45 F0 lea eax,00AFAB43|.E8 DCEFFFFF call UClient.00AF9B2400AFAB48|.85C0 test eax,eax00AFAB4A|.0F94C3 sete bl00AFAB4D|.EB 48 jmp short UClient.00AFAB9700AFAB4F|>83F8 FE cmp eax,-200AFAB52|.75 3E jnz short UClient.00AFAB9200AFAB54|.6A 24 push 2400AFAB56|.6A 00 push 000AFAB58|.A1 603F0E01 mov eax,dword ptr ds:00AFAB5D|.8B00 mov eax,dword ptr ds:00AFAB5F|.B9 C8ABAF00 mov ecx,UClient.00AFABC8 ;提示00AFAB64|.BA 38ACAF00 mov edx,UClient.00AFAC38 ;读取证书文件错误,请检查证书文件是否正确,你是否需要重新注册证书?00AFAB69|.E8 82D35800 call UClient.01087EF000AFAB6E|.83F8 06 cmp eax,600AFAB71|.75 24 jnz short UClient.00AFAB9700AFAB73|.33D2 xor edx,edx00AFAB75|.8D45 F0 lea eax,00AFAB78|.E8 E3EEFFFF call UClient.00AF9A6000AFAB7D|.84C0 test al,al00AFAB7F|.74 16 je short UClient.00AFAB9700AFAB81|.33D2 xor edx,edx00AFAB83|.8D45 F0 lea eax,00AFAB86|.E8 99EFFFFF call UClient.00AF9B2400AFAB8B|.85C0 test eax,eax00AFAB8D|.0F94C3 sete bl00AFAB90|.EB 05 jmp short UClient.00AFAB9700AFAB92|>85C0 test eax,eax00AFAB94|.0F94C3 sete bl00AFAB97|>33C0 xor eax,eax00AFAB99|.5A pop edx00AFAB9A|.59 pop ecx00AFAB9B|.59 pop ecx00AFAB9C|.64:8910 mov dword ptr fs:,edx00AFAB9F|.68 B4ABAF00 push UClient.00AFABB400AFABA4|>8D45 F0 lea eax,00AFABA7|.E8 68C891FF call UClient.0041741400AFABAC\.C3 retn
Hmily 发表于 2015-9-8 18:30
这个A5A5是什么?建议从头说起,讲讲过程,不然看得一头雾水。
这人直接不讲了,有头没尾。不,是没头没尾,一头雾水。 求解决,论坛下载的安装程序,安装成功但是一直提示连接不到加密狗,不知道怎么解决?哪位大神知道? 然后呢!?? 没看懂你在说什么不知道哪里复制的吧 图文的说不太明白,老大应该做个视频 楼主我们没看懂 这个A5A5是什么?建议从头说起,讲讲过程,不然看得一头雾水。 没有下文了?这个有啥看的? 出个教程好了 只是授人与鱼,而没有授人与渔。。。 放个安装包吧,大家自己跟一下就不会烦你了。。。