吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 7908|回复: 32
收起左侧

[原创] 大哈:简易爆破攻略:

[复制链接]
冥界3大法王 发表于 2021-1-3 10:56
本帖最后由 冥界3大法王 于 2021-2-14 11:03 编辑

image.png
软件介绍:文件搜索四大利器之一,快速搜索索引内容和预览结果,作为爆破之必备四大神器。30天全功能试用版本。
========================================================
先用RegWorkshop搜索下键值【已脱敏保密】,大约485个左右
全删除,毫无作用。
来到文件夹下,用星君眼快速洞察下有哪些可疑的?
果然发现regkey.xml
等什么?删除,又是30天。
X64dbg打开主程序
Ctrl+N,左面过滤搜索configlib.dll
右面搜索下trial
果然有4个函数与试用、加载KEY有关的
?LoadTrialRegKeyConfiguration@CONFIGLIB@@YAJPEAV?$shared_ptr@UIConfigDataMgr@INTERNAL_IFC@@@boost@@AEBV23@_N@Z
?LoadTrialRegKeyConfiguration_ReadOnly@CONFIGLIB@@YAJPEAV?$shared_ptr@UIConfigDataMgr@INTERNAL_IFC@@@boost@@_N@Z
?LoadRegKeyConfiguration@CONFIGLIB@@YAJPEAV?$shared_ptr@UIConfigDataMgr@INTERNAL_IFC@@@boost@@@Z
?LoadRegKeyConfigurationPath@CONFIGLIB@@YAJAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEAV?

再搜索下Write(写INI配置的),主要有下面3个
WriteFile
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
fwrite
========================================================
regkey.xml删除又是30天全功能试用!
=========================内容如下=========================

<?xml version="1.0"?>
-<cfg ver="2">
-<section name="【已脱敏保密】">
<InstallationOptions n="241a87fcba94f5dd"/>
<LiteApp t="3">pro</LiteApp>
</section>
</cfg>

========================================================
image.png (A)
========================================================
启动时该死的等待框的美化:(正在为第一次进行准备)

image.png (B)

=======================================================
帮助-关于  和  顶部  trial 字样的美化:(C)
image.png

上面已经简单的归纳和分析了重点,下面就来一个一个来解决吧。
这个程序是64位的,所以必须上x64dbg了。
论坛还不会的同学可以看一下楼主导演的视频:x32dbg/x64dbg命令快速入门系列视频教学
然后,我们还是先让程序跑起来吧,但你发现刚刚运行,就来了个异常。
那就Shift+F9伺候,然后我们使用 【F12加Alt-K】堆栈暂停大法。
列表有一堆,我也懒得看了。直接复制全表到自制的工具OllyDbg/x64dbg贴心伴侣中去过滤,F1全设断。
或者不怕辛苦一个个分析下吧。
通过分析,你能发现能有一个有意思的地方,第三个不远上面就有个英文异常的字样
(  call qword ptr ds:[<&RtlRaiseException>]  )
image.png
[Asm] 纯文本查看 复制代码
00007FF6 | FF15 F0FA2200              | call qword ptr ds:[<&SystemTimeToVariantTime>]     

|这句是不是很有意思?
[Asm] 纯文本查看 复制代码

00007FF68FE66013        | E8 2835F7FF                | call 原版.7FF68FDD9540                  |通过前后关系推测,如果这里al=1 会如何呢? F7进入后修改下
00007FF68FE66018        | 8B4424 5C                  | mov eax,dword ptr ss:[rsp+5C]                       |
00007FF68FE6601C        | 0FB6C8                     | movzx ecx,al                                        |
00007FF68FE6601F        | 80E1 01                    | and cl,1                                            |
00007FF68FE66022        | 75 10                      | jne 原版.7FF68FE66034                   |
00007FF68FE66024        | A8 02                      | test al,2                                           |
00007FF68FE66026        | 0F85 B1000000              | jne 原版.7FF68FE660DD                   |
00007FF68FE6602C        | A8 04                      | test al,4                                           |
00007FF68FE6602E        | 0F85 A9000000              | jne 原版.7FF68FE660DD                   |
00007FF68FE66034        | 40:84FF                    | test dil,dil                                        |
00007FF68FE66037        | 75 46                      | jne 原版.7FF68FE6607F                   |
00007FF68FE66039        | 48:8B0D 98393A00           | mov rcx,qword ptr ds:[7FF6902099D8]                 |
00007FF68FE66040        | 48:85C9                    | test rcx,rcx                                        |
00007FF68FE66043        | 74 0D                      | je 原版.7FF68FE66052                    |
00007FF68FE66045        | 48:8B01                    | mov rax,qword ptr ds:[rcx]                          |
00007FF68FE66048        | BA A7000000                | mov edx,A7                                          |
00007FF68FE6604D        | FF50 58                    | call qword ptr ds:[rax+58]                          |
00007FF68FE66050        | EB 07                      | jmp 原版.7FF68FE66059                   |
00007FF68FE66052        | 48:8D05 EFCA2400           | lea rax,qword ptr ds:[7FF6900B2B48]                 | 00007FF6900B2B48:L"<no language>"
00007FF68FE66059        | 33D2                       | xor edx,edx                                         |
00007FF68FE6605B        | 48:8BC8                    | mov rcx,rax                                         |
00007FF68FE6605E        | E8 DDEBF5FF                | call 原版.7FF68FDC4C40                  |
00007FF68FE66063        | 48:8D5424 60               | lea rdx,qword ptr ss:[rsp+60]                       |
00007FF68FE66068        | 48:8BCB                    | mov rcx,rbx                                         |
00007FF68FE6606B        | E8 D034F7FF                | call 原版.7FF68FDD9540                  |
00007FF68FE66070        | 8B5424 60                  | mov edx,dword ptr ss:[rsp+60]                       |
00007FF68FE66074        | 83E2 F8                    | and edx,FFFFFFF8                                    |
00007FF68FE66077        | 48:8BCB                    | mov rcx,rbx                                         |
00007FF68FE6607A        | E8 F1BAF7FF                | call 原版.7FF68FDE1B70                  |
00007FF68FE6607F        | 48:8D5424 64               | lea rdx,qword ptr ss:[rsp+64]                       |
00007FF68FE66084        | 48:8BCB                    | mov rcx,rbx                                         |
00007FF68FE66087        | E8 B434F7FF                | call 原版.7FF68FDD9540                  |
00007FF68FE6608C        | 8B4424 64                  | mov eax,dword ptr ss:[rsp+64]                       |
00007FF68FE66090        | 0FB6C8                     | movzx ecx,al                                        |
00007FF68FE66093        | 80E1 01                    | and cl,1                                            |
00007FF68FE66096        | 75 45                      | jne 原版.7FF68FE660DD                   |
00007FF68FE66098        | A8 02                      | test al,2                                           |
00007FF68FE6609A        | 75 41                      | jne 原版.7FF68FE660DD                   |
00007FF68FE6609C        | A8 04                      | test al,4                                           |
00007FF68FE6609E        | 75 3D                      | jne 原版.7FF68FE660DD                   |
00007FF68FE660A0        | 40:0FB6D7                  | movzx edx,dil                                       |
00007FF68FE660A4        | 83F2 01                    | xor edx,1                                           |
00007FF68FE660A7        | 8D1455 01000000            | lea edx,qword ptr ds:[rdx*2+1]                      |
00007FF68FE660AE        | 48:8BCB                    | mov rcx,rbx                                         |
00007FF68FE660B1        | E8 4AB2F7FF                | call 原版.7FF68FDE1300                  |
00007FF68FE660B6        | 41:B1 01                   | mov r9b,1                                           |
00007FF68FE660B9        | 4D:8BC4                    | mov r8,r12                                          |
00007FF68FE660BC        | 48:8BD3                    | mov rdx,rbx                                         |
00007FF68FE660BF        | 48:8D4D B0                 | lea rcx,qword ptr ss:[rbp-50]                       |
00007FF68FE660C3        | E8 78BCF7FF                | call 原版.7FF68FDE1D40                  |
00007FF68FE660C8        | 90                         | nop                                                 |
00007FF68FE660C9        | 48:8D4D B0                 | lea rcx,qword ptr ss:[rbp-50]                       |
00007FF68FE660CD        | FF15 B52C2300              | call qword ptr ds:[<&Ordinal#3951>]                 | 堆栈列表+CtrlF8定位到这里!
00007FF68FE660D3        | 90                         | nop                                                 |
00007FF68FE660D4        | 48:8D4D B0                 | lea rcx,qword ptr ss:[rbp-50]                       |
00007FF68FE660D8        | E8 63BEF7FF                | call 原版.7FF68FDE1F40                  |
00007FF68FE660DD        | 45:33E4                    | xor r12d,r12d                                       |
00007FF68FE660E0        | 4C:89A5 C8060000           | mov qword ptr ss:[rbp+6C8],r12                      |
00007FF68FE660E7        | 4C:89A5 D0060000           | mov qword ptr ss:[rbp+6D0],r12                      |
00007FF68FE660EE        | 4C:89A5 C8060000           | mov qword ptr ss:[rbp+6C8],r12                      |
00007FF68FE660F5        | 48:C785 D0060000 07000000  | mov qword ptr ss:[rbp+6D0],7                        |
00007FF68FE66100        | 6644:89A5 B8060000         | mov word ptr ss:[rbp+6B8],r12w                      |
00007FF68FE66108        | 45:8D4424 07               | lea r8d,qword ptr ds:[r12+7]                        |
00007FF68FE6610D        | 48:8D15 5CCD2700           | lea rdx,qword ptr ds:[7FF6900E2E70]                 | 00007FF6900E2E70:L"Version"
00007FF68FE66114        | 48:8D8D B8060000           | lea rcx,qword ptr ss:[rbp+6B8]                      |
00007FF68FE6611B        | E8 00E6F5FF                | call 原版.7FF68FDC4720                  |
00007FF68FE66120        | 90                         | nop                                                 |
00007FF68FE66121        | 4C:89A5 90060000           | mov qword ptr ss:[rbp+690],r12                      |
00007FF68FE66128        | 4C:89A5 98060000           | mov qword ptr ss:[rbp+698],r12                      |
00007FF68FE6612F        | 4C:89A5 90060000           | mov qword ptr ss:[rbp+690],r12                      |
00007FF68FE66136        | 48:C785 98060000 07000000  | mov qword ptr ss:[rbp+698],7                        |
00007FF68FE66141        | 6644:89A5 80060000         | mov word ptr ss:[rbp+680],r12w                      |
00007FF68FE66149        | 45:8D4424 07               | lea r8d,qword ptr ds:[r12+7]                        |
00007FF68FE6614E        | 48:8D15 83392600           | lea rdx,qword ptr ds:[7FF6900C9AD8]                 | 00007FF6900C9AD8:L"Options"
00007FF68FE66155        | 48:8D8D 80060000           | lea rcx,qword ptr ss:[rbp+680]                      |
00007FF68FE6615C        | E8 BFE5F5FF                | call 原版.7FF68FDC4720                  |
00007FF68FE66161        | 90                         | nop                                                 |
00007FF68FE66162        | 48:8B4D 88                 | mov rcx,qword ptr ss:[rbp-78]                       |
00007FF68FE66166        | 48:8B01                    | mov rax,qword ptr ds:[rcx]                          |
00007FF68FE66169        | 4C:8D85 B8060000           | lea r8,qword ptr ss:[rbp+6B8]                       |
00007FF68FE66170        | 48:8D95 80060000           | lea rdx,qword ptr ss:[rbp+680]                      |
00007FF68FE66177        | FF90 B0000000              | call qword ptr ds:[rax+B0]                          |
00007FF68FE6617D        | 0FB6F8                     | movzx edi,al                                        |
00007FF68FE66180        | 48:8B95 98060000           | mov rdx,qword ptr ss:[rbp+698]                      |
00007FF68FE66187        | 48:83FA 08                 | cmp rdx,8                                           |
00007FF68FE6618B        | 72 14                      | jb 原版.7FF68FE661A1                    |
00007FF68FE6618D        | 48:8D1455 02000000         | lea rdx,qword ptr ds:[rdx*2+2]                      |
00007FF68FE66195        | 48:8B8D 80060000           | mov rcx,qword ptr ss:[rbp+680]                      |
00007FF68FE6619C        | E8 FFE7F5FF                | call 原版.7FF68FDC49A0                  |
00007FF68FE661A1        | 4C:89A5 90060000           | mov qword ptr ss:[rbp+690],r12                      |
00007FF68FE661A8        | 48:C785 98060000 07000000  | mov qword ptr ss:[rbp+698],7                        |
00007FF68FE661B3        | 6644:89A5 80060000         | mov word ptr ss:[rbp+680],r12w                      |
00007FF68FE661BB        | 48:8B95 D0060000           | mov rdx,qword ptr ss:[rbp+6D0]                      |
00007FF68FE661C2        | 48:83FA 08                 | cmp rdx,8                                           |
00007FF68FE661C6        | 72 14                      | jb 原版.7FF68FE661DC                    |
00007FF68FE661C8        | 48:8D1455 02000000         | lea rdx,qword ptr ds:[rdx*2+2]                      |
00007FF68FE661D0        | 48:8B8D B8060000           | mov rcx,qword ptr ss:[rbp+6B8]                      |
00007FF68FE661D7        | E8 C4E7F5FF                | call 原版.7FF68FDC49A0                  |
00007FF68FE661DC        | 4C:89A5 C8060000           | mov qword ptr ss:[rbp+6C8],r12                      |
00007FF68FE661E3        | 48:C785 D0060000 07000000  | mov qword ptr ss:[rbp+6D0],7                        |
00007FF68FE661EE        | 6644:89A5 B8060000         | mov word ptr ss:[rbp+6B8],r12w                      |
00007FF68FE661F6        | 48:8D5424 68               | lea rdx,qword ptr ss:[rsp+68]                       |
00007FF68FE661FB        | 48:8BCB                    | mov rcx,rbx                                         |
00007FF68FE661FE        | E8 3D33F7FF                | call 原版.7FF68FDD9540                  |
00007FF68FE66203        | 8B4424 68                  | mov eax,dword ptr ss:[rsp+68]                       |
00007FF68FE66207        | 0FB6C8                     | movzx ecx,al                                        |
00007FF68FE6620A        | 80E1 01                    | and cl,1                                            |
00007FF68FE6620D        | 74 07                      | je 原版.7FF68FE66216                    |
00007FF68FE6620F        | B8 01000000                | mov eax,1                                           |
00007FF68FE66214        | EB 14                      | jmp 原版.7FF68FE6622A                   |
00007FF68FE66216        | A8 02                      | test al,2                                           |
00007FF68FE66218        | 74 07                      | je 原版.7FF68FE66221                    |
00007FF68FE6621A        | B8 02000000                | mov eax,2                                           |
00007FF68FE6621F        | EB 09                      | jmp 原版.7FF68FE6622A                   |
00007FF68FE66221        | 24 04                      | and al,4                                            |
00007FF68FE66223        | F6D8                       | neg al                                              |
00007FF68FE66225        | 1BC0                       | sbb eax,eax                                         |
00007FF68FE66227        | 83E0 03                    | and eax,3                                           |
00007FF68FE6622A        | 83F8 01                    | cmp eax,1                                           |
00007FF68FE6622D        | 0F94C0                     | sete al                                             |
00007FF68FE66230        | 41:8885 70030000           | mov byte ptr ds:[r13+370],al                        |
00007FF68FE66237        | 45:84FF                    | test r15b,r15b                                      |
00007FF68FE6623A        | 74 1C                      | je 原版.7FF68FE66258                    |
00007FF68FE6623C        | 40:84FF                    | test dil,dil                                        |
00007FF68FE6623F        | 74 17                      | je 原版.7FF68FE66258                    |
00007FF68FE66241        | 807C24 50 00               | cmp byte ptr ss:[rsp+50],0                          |
00007FF68FE66246        | 75 10                      | jne 原版.7FF68FE66258                   |
00007FF68FE66248        | 41:B0 01                   | mov r8b,1                                           |
00007FF68FE6624B        | BA 03000000                | mov edx,3                                           |
00007FF68FE66250        | 48:8BCB                    | mov rcx,rbx                                         |
00007FF68FE66253        | E8 98B8F7FF                | call 原版.7FF68FDE1AF0                  |
00007FF68FE66258        | 48:8B4B 58                 | mov rcx,qword ptr ds:[rbx+58]                       |
00007FF68FE6625C        | 48:8B01                    | mov rax,qword ptr ds:[rcx]                          |
00007FF68FE6625F        | FF50 30                    | call qword ptr ds:[rax+30]                          |
00007FF68FE66262        | B9 08000000                | mov ecx,8                                           |
00007FF68FE66267        | FF15 23242300              | call qword ptr ds:[<&Ordinal#1489>]                 |
00007FF68FE6626D        | 48:8BD8                    | mov rbx,rax                                         |
00007FF68FE66270        | 48:8945 80                 | mov qword ptr ss:[rbp-80],rax                       |
00007FF68FE66274        | 48:85C0                    | test rax,rax                                        |
00007FF68FE66277        | 74 16                      | je 原版.7FF68FE6628F                    |
00007FF68FE66279        | 48:8D05 10E92700           | lea rax,qword ptr ds:[<&JMP.&_purecall>]            |


竟然A与B全部跳过了
这里定位时,需要注意的是Shift+F9 跳过异常  与 Ctrl+F8 单步跳过的配合使用。马步兵的协同作战。
最笨的方法就是多试几次。我们Ctrl+P补丁,先存个档  【原版加跳过了注册框和启动等待提示.exe】


接下来,我们再把regkey.xml写入的call搞死,前面说过,可以利用ctrl+N,config xxx.dll ,搜索write这个搞起来需要耐心+细心。
image.png
最终来到上面不远的地方,显然这是在写入regkey.xml的过程中,在调试过程中,你会发现准备文件内存中的缓冲区,创建空文件,写入全文件等过程
最终NOP掉 00007FF87F0F33F3就好了。


最后,再来解决下顶部标题 【trial】字样
image.png
然后我们利用字符串来定位下,并下好断点
然后我们来到下面的地方:
[Asm] 纯文本查看 复制代码
00007FF796441500 <原版fil | 48:895C24 18              | mov qword ptr ss:[rsp+18],rbx                       |
00007FF796441505        | 48:897424 20              | mov qword ptr ss:[rsp+20],rsi                       |
00007FF79644150A        | 55                        | push rbp                                            |
00007FF79644150B        | 57                        | push rdi                                            |
00007FF79644150C        | 41:56                     | push r14                                            |
00007FF79644150E        | 48:8D6C24 90              | lea rbp,qword ptr ss:[rsp-70]                       | [rsp-70]:L"Crash handler was already installed for current thread."
00007FF796441513        | 48:81EC 70010000          | sub rsp,170                                         |
00007FF79644151A        | 48:8B05 FF0A4100          | mov rax,qword ptr ds:[7FF796852020]                 |
00007FF796441521        | 48:33C4                   | xor rax,rsp                                         |
00007FF796441524        | 48:8945 60                | mov qword ptr ss:[rbp+60],rax                       |
00007FF796441528        | 48:8BDA                   | mov rbx,rdx                                         |
00007FF79644152B        | 48:8BF9                   | mov rdi,rcx                                         |
00007FF79644152E        | 48:895424 30              | mov qword ptr ss:[rsp+30],rdx                       |
00007FF796441533        | 45:33F6                   | xor r14d,r14d                                       |
00007FF796441536        | 44:897424 20              | mov dword ptr ss:[rsp+20],r14d                      |
00007FF79644153B        | 4C:8975 50                | mov qword ptr ss:[rbp+50],r14                       |
00007FF79644153F        | 4C:8975 58                | mov qword ptr ss:[rbp+58],r14                       |
00007FF796441543        | 4C:8975 50                | mov qword ptr ss:[rbp+50],r14                       |
00007FF796441547        | 48:C745 58 07000000       | mov qword ptr ss:[rbp+58],7                         |
00007FF79644154F        | 6644:8975 40              | mov word ptr ss:[rbp+40],r14w                       |
00007FF796441554        | 48:8D5424 28              | lea rdx,qword ptr ss:[rsp+28]                       |
00007FF796441559        | E8 E27FFFFF               | call <原版加跳过了注册框和启动等待提示.sub_7FF7964395 |
00007FF79644155E        | 8B4424 28                 | mov eax,dword ptr ss:[rsp+28]                       |
00007FF796441562        | 0FB6C8                    | movzx ecx,al                                        |
00007FF796441565        | 41:8D76 04                | lea esi,qword ptr ds:[r14+4]                        |
00007FF796441569        | 80E1 01                   | and cl,1                                            |
00007FF79644156C        | 75 15                     | jne 原版加跳过了注册框和启动等待提示.7FF796441583     |
00007FF79644156E        | A8 02                     | test al,2                                           |
00007FF796441570        | 75 27                     | jne 原版加跳过了注册框和启动等待提示.7FF796441599     |
00007FF796441572        | 40:84C6                   | test sil,al                                         |
00007FF796441575        | 74 22                     | je 原版加跳过了注册框和启动等待提示.7FF796441599      |
00007FF796441577        | 44:8BC6                   | mov r8d,esi                                         |
00007FF79644157A        | 48:8D15 777C2E00          | lea rdx,qword ptr ds:[7FF7967291F8]                 | 00007FF7967291F8:L"LITE"
00007FF796441581        | EB 0D                     | jmp 原版加跳过了注册框和启动等待提示.7FF796441590     |
00007FF796441583        | 41:B8 05000000            | mov r8d,5                                           |
00007FF796441589        | 48:8D15 787C2E00          | lea rdx,qword ptr ds:[7FF796729208]                 | 00007FF796729208:L"TRIAL"

image.png
来到段首,发现上面的调用点!
下面的代码前后关系存在着微妙的关系

[Asm] 纯文本查看 复制代码
00007FF796441500 < | 48:895C24 18               | mov qword ptr ss:[rsp+18],rbx                    | 返1
00007FF796441505   | 48:897424 20               | mov qword ptr ss:[rsp+20],rsi                    |
00007FF79644150A   | 55                         | push rbp                                         |
00007FF79644150B   | 57                         | push rdi                                         |
00007FF79644150C   | 41:56                      | push r14                                         |
00007FF79644150E   | 48:8D6C24 90               | lea rbp,qword ptr ss:[rsp-70]                    | [rsp-70]:"儅@"
00007FF796441513   | 48:81EC 70010000           | sub rsp,170                                      |
00007FF79644151A   | 48:8B05 FF0A4100           | mov rax,qword ptr ds:[7FF796852020]              |
00007FF796441521   | 48:33C4                    | xor rax,rsp                                      |
00007FF796441524   | 48:8945 60                 | mov qword ptr ss:[rbp+60],rax                    |
00007FF796441528   | 48:8BDA                    | mov rbx,rdx                                      |
00007FF79644152B   | 48:8BF9                    | mov rdi,rcx                                      |
00007FF79644152E   | 48:895424 30               | mov qword ptr ss:[rsp+30],rdx                    |
00007FF796441533   | 45:33F6                    | xor r14d,r14d                                    |
00007FF796441536   | 44:897424 20               | mov dword ptr ss:[rsp+20],r14d                   |
00007FF79644153B   | 4C:8975 50                 | mov qword ptr ss:[rbp+50],r14                    |
00007FF79644153F   | 4C:8975 58                 | mov qword ptr ss:[rbp+58],r14                    |
00007FF796441543   | 4C:8975 50                 | mov qword ptr ss:[rbp+50],r14                    |
00007FF796441547   | 48:C745 58 07000000        | mov qword ptr ss:[rbp+58],7                      |
00007FF79644154F   | 6644:8975 40               | mov word ptr ss:[rbp+40],r14w                    |
00007FF796441554   | 48:8D5424 28               | lea rdx,qword ptr ss:[rsp+28]                    |
00007FF796441559   | E8 E27FFFFF                | call <原版.sub_7FF7964 | 这里al返回1会如何?
00007FF79644155E   | 8B4424 28                  | mov eax,dword ptr ss:[rsp+28]                    |
00007FF796441562   | 0FB6C8                     | movzx ecx,al                                     |
00007FF796441565   | 41:8D76 04                 | lea esi,qword ptr ds:[r14+4]                     |
00007FF796441569   | 80E1 01                    | and cl,1                                         |
00007FF79644156C   | 75 15                      | jne 原版.7FF796441583  | NOP
00007FF79644156E   | A8 02                      | test al,2                                        |
00007FF796441570   | 75 27                      | jne 原版.7FF796441599  | nop
00007FF796441572   | 40:84C6                    | test sil,al                                      |
00007FF796441575   | 74 22                      | je 原版.7FF796441599   | nop
00007FF796441577   | 44:8BC6                    | mov r8d,esi                                      |
00007FF79644157A   | 48:8D15 777C2E00           | lea rdx,qword ptr ds:[7FF7967291F8]              | 00007FF7967291F8:L"LITE"
00007FF796441581   | EB 0D                      | jmp 原版.7FF796441590  | 这里是试用字样
00007FF796441583   | 41:B8 05000000             | mov r8d,5                                        |
00007FF796441589   | 48:8D15 787C2E00           | lea rdx,qword ptr ds:[7FF796729208]              | 00007FF796729208:L"TRIAL"
00007FF796441590   | 48:8D4D 40                 | lea rcx,qword ptr ss:[rbp+40]                    |
00007FF796441594   | E8 8731FEFF                | call 原版.7FF796424720 |
00007FF796441599   | 48:8D5424 28               | lea rdx,qword ptr ss:[rsp+28]                    |
00007FF79644159E   | 48:8BCF                    | mov rcx,rdi                                      |
00007FF7964415A1   | E8 9A7FFFFF                | call <原版.sub_7FF7964 |
00007FF7964415A6   | 8B7C24 28                  | mov edi,dword ptr ss:[rsp+28]                    |
00007FF7964415AA   | 83E7 10                    | and edi,10                                       |
00007FF7964415AD   | 48:837D 50 00              | cmp qword ptr ss:[rbp+50],0                      |
00007FF7964415B2   | 90                         | nop                                              |====》NOP
00007FF7964415B3   | 90                         | nop                                              |====》NOP
00007FF7964415B4   | 85FF                       | test edi,edi                                     |
00007FF7964415B6   | 90                         | nop                                              |====》NOP
00007FF7964415B7   | 90                         | nop                                              |====》NOP
00007FF7964415B8   | 4C:8973 10                 | mov qword ptr ds:[rbx+10],r14                    |
00007FF7964415BC   | 48:C743 18 07000000        | mov qword ptr ds:[rbx+18],7                      |
00007FF7964415C4   | 6644:8933                  | mov word ptr ds:[rbx],r14w                       |
00007FF7964415C8   | 45:33C0                    | xor r8d,r8d                                      |
00007FF7964415CB   | 48:8D15 06152D00           | lea rdx,qword ptr ds:[7FF796712AD8]              |
00007FF7964415D2   | 48:8BCB                    | mov rcx,rbx                                      |
00007FF7964415D5   | E8 4631FEFF                | call 原版.7FF796424720 |
00007FF7964415DA   | C74424 20 01000000         | mov dword ptr ss:[rsp+20],1                      |
00007FF7964415E2   | E9 5E010000                | jmp 原版.7FF796441745  |
00007FF7964415E7   | 48:8D4C24 40               | lea rcx,qword ptr ss:[rsp+40]                    |
00007FF7964415EC   | E8 3FB1FEFF                | call <原版.sub_7FF7964 |
00007FF7964415F1   | 90                         | nop                                              |
00007FF7964415F2   | 48:8D15 1B7C2E00           | lea rdx,qword ptr ds:[7FF796729214]              | 00007FF796729214:L"["
00007FF7964415F9   | 48:8D4C24 50               | lea rcx,qword ptr ss:[rsp+50]                    |
00007FF7964415FE   | E8 4DC4FEFF                | call <原版.sub_7FF7964 |
00007FF796441603   | 48:8BC8                    | mov rcx,rax                                      |
00007FF796441606   | 48:8D55 40                 | lea rdx,qword ptr ss:[rbp+40]                    |
00007FF79644160A   | E8 F195FEFF                | call <原版.sub_7FF7964 |
00007FF79644160F   | 85FF                       | test edi,edi                                     |
00007FF796441611   | 74 3F                      | je 原版.7FF796441652   |
00007FF796441613   | 48:8B0D BE834200           | mov rcx,qword ptr ds:[7FF7968699D8]              |
00007FF79644161A   | 48:85C9                    | test rcx,rcx                                     |
00007FF79644161D   | 74 10                      | je 原版.7FF79644162F   |
00007FF79644161F   | 48:8B01                    | mov rax,qword ptr ds:[rcx]                       |
00007FF796441622   | BA 90030000                | mov edx,390                                      |
00007FF796441627   | FF50 58                    | call qword ptr ds:[rax+58]                       |
00007FF79644162A   | 48:8BF8                    | mov rdi,rax                                      |
00007FF79644162D   | EB 07                      | jmp 原版.7FF796441636  |
00007FF79644162F   | 48:8D3D 12152D00           | lea rdi,qword ptr ds:[7FF796712B48]              | 00007FF796712B48:L"<no language>"
00007FF796441636   | 48:8D15 DB7B2E00           | lea rdx,qword ptr ds:[7FF796729218]              | 00007FF796729218:L" * "
00007FF79644163D   | 48:8D4C24 50               | lea rcx,qword ptr ss:[rsp+50]                    |
00007FF796441642   | E8 09C4FEFF                | call <原版.sub_7FF7964 |
00007FF796441647   | 48:8BC8                    | mov rcx,rax                                      |
00007FF79644164A   | 48:8BD7                    | mov rdx,rdi                                      |
00007FF79644164D   | E8 FEC3FEFF                | call <原版.sub_7FF7964 |
00007FF796441652   | 48:8D15 C77B2E00           | lea rdx,qword ptr ds:[7FF796729220]              | 00007FF796729220:L"]"
00007FF796441659   | 48:8D4C24 50               | lea rcx,qword ptr ss:[rsp+50]                    |
00007FF79644165E   | E8 EDC3FEFF                | call <原版.sub_7FF7964 |
00007FF796441663   | 90                         | nop                                              |
00007FF796441664   | 4C:8973 10                 | mov qword ptr ds:[rbx+10],r14                    |
00007FF796441668   | 48:C743 18 07000000        | mov qword ptr ds:[rbx+18],7                      |
00007FF796441670   | 6644:8933                  | mov word ptr ds:[rbx],r14w                       |
00007FF796441674   | 897424 20                  | mov dword ptr ss:[rsp+20],esi                    |
00007FF796441678   | 48:8B4D C8                 | mov rcx,qword ptr ss:[rbp-38]                    |
00007FF79644167C   | F6C1 02                    | test cl,2                                        |
00007FF79644167F   | 75 22                      | jne 原版.7FF7964416A3  |
00007FF796441681   | 48:8B45 98                 | mov rax,qword ptr ss:[rbp-68]                    |
00007FF796441685   | 4C:8B00                    | mov r8,qword ptr ds:[rax]                        |
00007FF796441688   | 4D:85C0                    | test r8,r8                                       |
00007FF79644168B   | 74 16                      | je 原版.7FF7964416A3   |
00007FF79644168D   | 48:8B4424 78               | mov rax,qword ptr ss:[rsp+78]                    |
00007FF796441692   | 48:8B10                    | mov rdx,qword ptr ds:[rax]                       |
00007FF796441695   | 4C:3B45 C0                 | cmp r8,qword ptr ss:[rbp-40]                     |
00007FF796441699   | 4C:0F4245 C0               | cmovb r8,qword ptr ss:[rbp-40]                   |
00007FF79644169E   | 4C:2BC2                    | sub r8,rdx                                       |
00007FF7964416A1   | EB 29                      | jmp 原版.7FF7964416CC  |
00007FF7964416A3   | F6C1 04                    | test cl,4                                        |
00007FF7964416A6   | 75 2F                      | jne 原版.7FF7964416D7  |
00007FF7964416A8   | 48:8B45 90                 | mov rax,qword ptr ss:[rbp-70]                    |
00007FF7964416AC   | 48:8B08                    | mov rcx,qword ptr ds:[rax]                       |
00007FF7964416AF   | 48:85C9                    | test rcx,rcx                                     |
00007FF7964416B2   | 74 23                      | je 原版.7FF7964416D7   |
00007FF7964416B4   | 48:8B4424 70               | mov rax,qword ptr ss:[rsp+70]                    |
00007FF7964416B9   | 48:8B10                    | mov rdx,qword ptr ds:[rax]                       |
00007FF7964416BC   | 48:8B45 A8                 | mov rax,qword ptr ss:[rbp-58]                    |
00007FF7964416C0   | 4C:6300                    | movsxd r8,dword ptr ds:[rax]                     |
00007FF7964416C3   | 4D:03C0                    | add r8,r8                                        |
00007FF7964416C6   | 4C:2BC2                    | sub r8,rdx                                       |
00007FF7964416C9   | 4C:03C1                    | add r8,rcx                                       |
00007FF7964416CC   | 49:D1F8                    | sar r8,1                                         |
00007FF7964416CF   | 48:8BCB                    | mov rcx,rbx                                      |
00007FF7964416D2   | E8 4930FEFF                | call 原版.7FF796424720 |
00007FF7964416D7   | 83E6 FB                    | and esi,FFFFFFFB                                 |
00007FF7964416DA   | 897424 20                  | mov dword ptr ss:[rsp+20],esi                    |
00007FF7964416DE   | 83CE 02                    | or esi,2                                         |
00007FF7964416E1   | 897424 20                  | mov dword ptr ss:[rsp+20],esi                    |
00007FF7964416E5   | 83E6 FD                    | and esi,FFFFFFFD                                 |
00007FF7964416E8   | 897424 20                  | mov dword ptr ss:[rsp+20],esi                    |
00007FF7964416EC   | 83CE 01                    | or esi,1                                         |
00007FF7964416EF   | 897424 20                  | mov dword ptr ss:[rsp+20],esi                    |
00007FF7964416F3   | 48:8D45 D8                 | lea rax,qword ptr ss:[rbp-28]                    |
00007FF7964416F7   | 48:894424 28               | mov qword ptr ss:[rsp+28],rax                    |
00007FF7964416FC   | 48:8B4424 40               | mov rax,qword ptr ss:[rsp+40]                    |
00007FF796441701   | 48:6348 04                 | movsxd rcx,dword ptr ds:[rax+4]                  |
00007FF796441705   | 48:8D05 04342D00           | lea rax,qword ptr ds:[<&sub_7FF79642C82C>]       |
00007FF79644170C   | 48:89440C 40               | mov qword ptr ss:[rsp+rcx+40],rax                |
00007FF796441711   | 48:8B4424 40               | mov rax,qword ptr ss:[rsp+40]                    |
00007FF796441716   | 48:6348 04                 | movsxd rcx,dword ptr ds:[rax+4]                  |
00007FF79644171A   | 8D91 68FFFFFF              | lea edx,qword ptr ds:[rcx-98]                    |
00007FF796441720   | 89540C 3C                  | mov dword ptr ss:[rsp+rcx+3C],edx                |
00007FF796441724   | 48:8D4C24 58               | lea rcx,qword ptr ss:[rsp+58]                    |
00007FF796441729   | E8 72B7FEFF                | call <原版.sub_7FF7964 |
00007FF79644172E   | 90                         | nop                                              |
00007FF79644172F   | 48:8D4C24 60               | lea rcx,qword ptr ss:[rsp+60]                    |
00007FF796441734   | FF15 F6402B00              | call qword ptr ds:[<&??1?$basic_iostream@_WU?$ch |
00007FF79644173A   | 48:8D4D D8                 | lea rcx,qword ptr ss:[rbp-28]                    |
00007FF79644173E   | FF15 4C412B00              | call qword ptr ds:[<&??1?$basic_ios@_WU?$char_tr |
00007FF796441744   | 90                         | nop                                              |
00007FF796441745   | 48:8B55 58                 | mov rdx,qword ptr ss:[rbp+58]                    |
00007FF796441749   | 48:83FA 08                 | cmp rdx,8                                        |
00007FF79644174D   | 72 11                      | jb 原版.7FF796441760   |
00007FF79644174F   | 48:8D1455 02000000         | lea rdx,qword ptr ds:[rdx*2+2]                   |
00007FF796441757   | 48:8B4D 40                 | mov rcx,qword ptr ss:[rbp+40]                    |
00007FF79644175B   | E8 4032FEFF                | call 原版.7FF7964249A0 |
00007FF796441760   | 4C:8975 50                 | mov qword ptr ss:[rbp+50],r14                    |
00007FF796441764   | 48:C745 58 07000000        | mov qword ptr ss:[rbp+58],7                      |
00007FF79644176C   | 6644:8975 40               | mov word ptr ss:[rbp+40],r14w                    |
00007FF796441771   | 48:8BC3                    | mov rax,rbx                                      |
00007FF796441774   | 48:8B4D 60                 | mov rcx,qword ptr ss:[rbp+60]                    |
00007FF796441778   | 48:33CC                    | xor rcx,rsp                                      |
00007FF79644177B   | E8 D0021000                | call 原版.7FF796541A50 |
00007FF796441780   | 4C:8D9C24 70010000         | lea r11,qword ptr ss:[rsp+170]                   |
00007FF796441788   | 49:8B5B 30                 | mov rbx,qword ptr ds:[r11+30]                    |
00007FF79644178C   | 49:8B73 38                 | mov rsi,qword ptr ds:[r11+38]                    |
00007FF796441790   | 49:8BE3                    | mov rsp,r11                                      |
00007FF796441793   | 41:5E                      | pop r14                                          |
00007FF796441795   | 5F                         | pop rdi                                          |
00007FF796441796   | 5D                         | pop rbp                                          |
00007FF796441797   | C3                         | ret                                              |

最终修改好了,就这个样子吧。这马赛克打的,累死我了。

image.png
要想弄个山寨的注册版,就修改上面的文件吧。

忆往昔我的旧时光都到哪里去了?!

八哈春节版之让自动化穷举式爆破为你扫除疑云
七哈逆袭:由一条吊带外露引发的悲剧
六哈逆袭:论坛大屌做心脏移植手术
五哈QT灰按钮的爆破要点总结
四哈爆破之词典类程序爆破要点分享
三哈爆破之旅要点分享
二哈爆破要点分享:32位 and 64位
大哈:简易爆破攻略
x32dbg/x64dbg命令快速入门系列视频教学
Baymax Patch Tools(大白补丁)使用从入门到精通
盖世神器PowerPro使用教程

免费评分

参与人数 6吾爱币 +5 热心值 +5 收起 理由
007nbqaq + 1 + 1 我很赞同!
majia4075669072 + 1 我很赞同!
zangguicheng + 1 用心讨论,共获提升!
无闻无问 + 2 + 1 什么软件啊?
jy04468108 + 1 原版软件可以拿来联系一下么
WAlitudealiy + 1 + 1 用心讨论,共获提升!

查看全部评分

本帖被以下淘专辑推荐:

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

 楼主| 冥界3大法王 发表于 2021-1-4 19:51
无闻无问 发表于 2021-1-4 16:27
不知和everything,谁好用?目前在用everything

@无闻无问
鄙视你,xielu关键字
侧重不一样,一个是文件名,一个是对于内容的检索。
统称为四大文件检索神器
无闻无问 发表于 2021-1-4 21:11
冥界3大法王 发表于 2021-1-4 19:51
@无闻无问
鄙视你,xielu关键字
侧重不一样,一个是文件名,一个是对于内容的检索。

楼主无罪…不xielou,别人怎么踩你肩膀往上攀…
houbangcai 发表于 2021-1-3 11:05
不搭落俗笑忘书 发表于 2021-1-3 11:14
学习学习!
头像被屏蔽
偶尔平凡 发表于 2021-1-3 12:06
提示: 作者被禁止或删除 内容自动屏蔽
 楼主| 冥界3大法王 发表于 2021-1-3 12:10
本帖最后由 冥界3大法王 于 2021-1-3 12:19 编辑
这是犯罪行为
论坛不让伸手党活命
青春已不在丶 发表于 2021-1-3 12:12
学习学习  看看
virt123 发表于 2021-1-3 13:30
学习   有点难度   慢慢学吧
cheng5k 发表于 2021-1-3 22:32
学习  ,有点难度慢慢学吧d
jztom 发表于 2021-1-4 08:09
我就看看,
Li520pj 发表于 2021-1-4 08:23
学习 有点难度 谢谢
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-23 23:37

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表