好友
阅读权限10
听众
最后登录1970-1-1
|
【文章标题】: 批量缩略图片工具
【文章作者】: BY hackxm
【作者邮箱】: 46218365@vip.qq.com
【作者主页】: http://www.cxiami.cn
【作者QQ号】: 46218365
【软件名称】: 批量缩略图片工具
【下载地址】: http://shareware.skycn.com/soft/6120.htm
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【破解过程】
首先,查壳Borland Delphi 6.0 - 7.0
OD载入,查找字符串,找到注册错误(有两处,一处为验证,注册码是否是8位,如果不是就报错,),双击跟进,
运行程序输入8位假码,OD断下了
004A9763 |. 55 push ebp
004A9764 |. 68 0A994A00 push BatchPic.004A990A
004A9769 |. 64:FF30 push dword ptr fs:[eax]
004A976C |. 64:8920 mov dword ptr fs:[eax],esp
004A976F |. 8D55 FC lea edx,dword ptr ss:[ebp-4]
004A9772 |. 8B83 28030000 mov eax,dword ptr ds:[ebx+328]
004A9778 |. E8 0B8CFBFF call BatchPic.00462388
004A977D |. 8B45 FC mov eax,dword ptr ss:[ebp-4]
004A9780 |. E8 1BADF5FF call BatchPic.004044A0
004A9785 83F8 08 cmp eax,8 注册码是否8位
004A9788 74 3F je short BatchPic.004A97C9
004A978A |. 6A 10 push 10
004A978C |. 8D55 F8 lea edx,dword ptr ss:[ebp-8]
004A978F |. A1 C0604B00 mov eax,dword ptr ds:[4B60C0]
004A9794 |. 8B00 mov eax,dword ptr ds:[eax]
004A9796 |. E8 A985FDFF call BatchPic.00481D44
004A979B |. 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004A979E |. E8 FDAEF5FF call BatchPic.004046A0
004A97A3 |. 50 push eax
004A97A4 |. 68 18994A00 push BatchPic.004A9918 ; 注册码错误!
004A97A9 |. 8BC3 mov eax,ebx
004A97AB |. E8 F8F3FBFF call BatchPic.00468BA8
004A97B0 |. 50 push eax ; |hOwner
004A97B1 |. E8 1AD7F5FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004A97B6 |. 8B83 28030000 mov eax,dword ptr ds:[ebx+328]
004A97BC |. 8B10 mov edx,dword ptr ds:[eax]
004A97BE |. FF92 C4000000 call dword ptr ds:[edx+C4]
004A97C4 |. E9 F9000000 jmp BatchPic.004A98C2
004A97C9 |> 8D55 F4 lea edx,dword ptr ss:[ebp-C]
004A97CC |. 8B83 28030000 mov eax,dword ptr ds:[ebx+328]
004A97D2 |. E8 B18BFBFF call BatchPic.00462388
004A97D7 |. 8B45 F4 mov eax,dword ptr ss:[ebp-C]
004A97DA |. 50 push eax
004A97DB |. 8D45 F0 lea eax,dword ptr ss:[ebp-10]
004A97DE |. E8 291F0000 call BatchPic.004AB70C
004A97E3 |. 8B45 F0 mov eax,dword ptr ss:[ebp-10]
004A97E6 |. 5A pop edx
004A97E7 |. E8 A0190000 call BatchPic.004AB18C 关键CALLF7跟进
004A97EC |. 84C0 test al,al
004A97EE |. 0F84 94000000 je BatchPic.004A9888 关键跳
004A97F4 |. A1 F05D4B00 mov eax,dword ptr ds:[4B5DF0]
004A97F9 |. C600 01 mov byte ptr ds:[eax],1
004A97FC |. 8D55 EC lea edx,dword ptr ss:[ebp-14]
004A97FF |. 8B83 28030000 mov eax,dword ptr ds:[ebx+328]
004A9805 |. E8 7E8BFBFF call BatchPic.00462388
004A980A |. 8B55 EC mov edx,dword ptr ss:[ebp-14]
004A980D |. A1 185E4B00 mov eax,dword ptr ds:[4B5E18]
004A9812 |. E8 1DAAF5FF call BatchPic.00404234
004A9817 |. 8D55 E8 lea edx,dword ptr ss:[ebp-18]
004A981A |. 8B83 28030000 mov eax,dword ptr ds:[ebx+328]
004A9820 |. E8 638BFBFF call BatchPic.00462388
004A9825 |. 8B45 E8 mov eax,dword ptr ss:[ebp-18]
004A9828 |. 50 push eax
004A9829 |. A1 D0604B00 mov eax,dword ptr ds:[4B60D0]
004A982E |. 8B00 mov eax,dword ptr ds:[eax]
004A9830 |. B9 30994A00 mov ecx,BatchPic.004A9930 ; key
004A9835 |. BA 3C994A00 mov edx,BatchPic.004A993C ; regcode
004A983A |. 8B30 mov esi,dword ptr ds:[eax]
004A983C |. FF56 04 call dword ptr ds:[esi+4]
004A983F |. 6A 40 push 40
004A9841 |. 8D55 E4 lea edx,dword ptr ss:[ebp-1C]
004A9844 |. A1 C0604B00 mov eax,dword ptr ds:[4B60C0]
004A9849 |. 8B00 mov eax,dword ptr ds:[eax]
004A984B |. E8 F484FDFF call BatchPic.00481D44
004A9850 |. 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
004A9853 |. E8 48AEF5FF call BatchPic.004046A0
004A9858 |. 50 push eax
004A9859 |. 68 44994A00 push BatchPic.004A9944 ; 注册成功!
004A985E |. 8BC3 mov eax,ebx
004A9860 |. E8 43F3FBFF call BatchPic.00468BA8
004A9865 |. 50 push eax ; |hOwner
004A9866 |. E8 65D6F5FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004A986B |. A1 AC5F4B00 mov eax,dword ptr ds:[4B5FAC]
004A9870 |. 8B00 mov eax,dword ptr ds:[eax]
004A9872 |. 8B80 74030000 mov eax,dword ptr ds:[eax+374]
004A9878 |. 33D2 xor edx,edx
004A987A |. E8 298AFBFF call BatchPic.004622A8
004A987F |. 8BC3 mov eax,ebx
004A9881 |. E8 6A52FDFF call BatchPic.0047EAF0
004A9886 |. EB 3A jmp short BatchPic.004A98C2
004A9888 |> 6A 10 push 10
004A988A |. 8D55 E0 lea edx,dword ptr ss:[ebp-20]
004A988D |. A1 C0604B00 mov eax,dword ptr ds:[4B60C0]
004A9892 |. 8B00 mov eax,dword ptr ds:[eax]
004A9894 |. E8 AB84FDFF call BatchPic.00481D44
004A9899 |. 8B45 E0 mov eax,dword ptr ss:[ebp-20]
004A989C |. E8 FFADF5FF call BatchPic.004046A0
004A98A1 |. 50 push eax
004A98A2 |. 68 18994A00 push BatchPic.004A9918 ; 注册码错误!
004A98A7 |. 8BC3 mov eax,ebx
004A98A9 |. E8 FAF2FBFF call BatchPic.00468BA8
004A98AE |. 50 push eax ; |hOwner
004A98AF |. E8 1CD6F5FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004A98B4 |. 8B83 28030000 mov eax,dword ptr ds:[ebx+328]
004A98BA |. 8B10 mov edx,dword ptr ds:[eax]
004A98BC |. FF92 C4000000 call dword ptr ds:[edx+C4]
004A98C2 |> 33C0 xor eax,eax
004A98C4 |. 5A pop edx
004A98C5 |. 59 pop ecx
004A98C6 |. 59 pop ecx
004A98C7 |. 64:8910 mov dword ptr fs:[eax],edx
004A98CA |. 68 11994A00 push BatchPic.004A9911
004A98CF |> 8D45 E0 lea eax,dword ptr ss:[ebp-20]
004A98D2 |. BA 02000000 mov edx,2
004A98D7 |. E8 28A9F5FF call BatchPic.00404204
004A98DC |. 8D45 E8 lea eax,dword ptr ss:[ebp-18]
004A98DF |. BA 02000000 mov edx,2
004A98E4 |. E8 1BA9F5FF call BatchPic.00404204
004A98E9 |. 8D45 F0 lea eax,dword ptr ss:[ebp-10]
004A98EC |. E8 EFA8F5FF call BatchPic.004041E0
004A98F1 |. 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004A98F4 |. E8 E7A8F5FF call BatchPic.004041E0
004A98F9 |. 8D45 F8 lea eax,dword ptr ss:[ebp-8]
004A98FC |. E8 DFA8F5FF call BatchPic.004041E0
004A9901 |. 8D45 FC lea eax,dword ptr ss:[ebp-4]
004A9904 |. E8 D7A8F5FF call BatchPic.004041E0
004A9909 \. C3 retn
------------------------------------------------------------------------------------
关键CALL跟进如下:
004AB18C $ 55 push ebp
004AB18D . 8BEC mov ebp,esp
004AB18F . B9 05000000 mov ecx,5
004AB194 > 6A 00 push 0
004AB196 . 6A 00 push 0
004AB198 . 49 dec ecx
004AB199 .^ 75 F9 jnz short BatchPic.004AB194
004AB19B . 53 push ebx
004AB19C . 56 push esi
004AB19D . 57 push edi
004AB19E . 8955 F8 mov dword ptr ss:[ebp-8],edx
004AB1A1 . 8945 FC mov dword ptr ss:[ebp-4],eax
004AB1A4 . 8B45 FC mov eax,dword ptr ss:[ebp-4]
004AB1A7 . E8 E494F5FF call BatchPic.00404690
004AB1AC . 8B45 F8 mov eax,dword ptr ss:[ebp-8]
004AB1AF . E8 DC94F5FF call BatchPic.00404690
004AB1B4 . 33C0 xor eax,eax ; 清零EAX
-----------------中间省略N多代码------------------------------------------------------
004AB456 . E8 A98DF5FF call BatchPic.00404204
004AB45B . C3 retn
004AB45C .^ E9 FF86F5FF jmp BatchPic.00403B60
004AB461 .^ EB DE jmp short BatchPic.004AB441
004AB463 8BC3 mov eax,ebx 关键处,此时EBX是0,只要不让EAX为0,就为注册了
004AB465 . 5F pop edi
004AB466 . 5E pop esi
004AB467 . 5B pop ebx
004AB468 . 8BE5 mov esp,ebp
004AB46A . 5D pop ebp
004AB46B . C3 retn
---------------------------------------------------------------------------------
再改一处
0047B531 /74 10 je short BatchPic.0047B543 ; 已使用多少次CALL,改jmp
0047B533 . |8BD8 mov ebx,eax
0047B535 . |8BD0 mov edx,eax
0047B537 . |8B83 CC020000 mov eax,dword ptr ds:[ebx+2CC]
0047B53D . |FF93 C8020000 call dword ptr ds:[ebx+2C8]
0047B543 > \5B pop ebx
--------------------------------------------------------------------------------
【破解总结】
总的来说没看到真码,,,,
--------------------------------------------------------------------------------
【版权声明】: 转载请注明作者并保持文章的完整, 谢谢!
2008年10月21日 下午 11:04:06 |
|
发表于 2008-10-21 23:14
发表于 2008-10-22 18:04
