吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 7483|回复: 16
上一主题 下一主题
收起左侧

[求助] 大漠插件破解器逆向思路

[复制链接]
跳转到指定楼层
楼主
灵剑丹心 发表于 2023-1-21 21:17 回帖奖励
本帖最后由 灵剑丹心 于 2023-2-2 13:16 编辑

大漠7.1753版本被某人破解了,但是破解的功能写在了加了vmp的xdyl.dll里 ,vmp搞不定,如果知道这个dll用的什么api函数破解的,hook这个函数把参数输出看一下可能有所帮助,但就是不知道关键的api

我想知道怎么破的,希望能写出易语言破解源码,因为它这个dll有使用限制,被作者加了验证,有的说调用它破解大漠写的软件多久后会闪退
这个在线文本疑似就是控制软件能否使用的配置文件,不过已经访问不到了


这是dll公开的破解接口

原破解者提供的使用代码,注释里说破解后会随机生成一个名字的dll,用火绒监控看了下其实只是把大漠的dll重命名成一个随机名字而已,前后dll文件文件md5都一样的



现在就是不知道重命名之后做了什么操作, ,但根据之前老版本的破解代码 (网上找到的)也就是往dll模块地址+xxx的地方写入1字节就行了,而且此dll好像还注入了别的系统进程rundll32

看看大家有什么想法能够还原出破解代码,附件太大我上传到 123pan.com/s/mNiA-mxv43


找到了没加壳的xydl.dll,依然有混淆代码,但是发现了 传参expconfig字符串,感觉是扫描本机漏洞来利用

免费评分

参与人数 3吾爱币 +2 热心值 +2 收起 理由
隔壁老赵 + 1 我很赞同!
lgc81034 + 1 谢谢@Thanks!
RainH + 1 + 1 用心讨论,共获提升!

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

推荐
 楼主| 灵剑丹心 发表于 2023-2-2 18:29 |楼主
本帖最后由 灵剑丹心 于 2023-2-2 18:32 编辑

[Asm] 纯文本查看 复制代码
00E221A4                       | A3 00D7F300                        | mov dword ptr ds:[0xF3D700],eax                |
00E221A9                       | 833D 00D7F300 00                   | cmp dword ptr ds:[0xF3D700],0x0                |
00E221B0                       | 0F8E 27000000                      | jle xdyl.E221DD                                | 未执行转移
00E221B6                       | DB05 00D7F300                      | fild st(0),dword ptr ds:[0xF3D700]             | 什么操作
00E221BC                       | DD5D F4                            | fstp qword ptr ss:[ebp-0xC],st(0)              |
00E221BF                       | DD45 F4                            | fld st(0),qword ptr ss:[ebp-0xC]               |
00E221C2                       | DC0D C230F000                      | fmul st(0),qword ptr ds:[0xF030C2]             |
00E221C8                       | DD5D EC                            | fstp qword ptr ss:[ebp-0x14],st(0)             |
00E221CB                       | DD45 EC                            | fld st(0),qword ptr ss:[ebp-0x14]              |
00E221CE                       | E8 43FAFFFF                        | call xdyl.E21C16                               |
00E221D3                       | A3 00D7F300                        | mov dword ptr ds:[0xF3D700],eax                |
00E221D8                       | E9 1C000000                        | jmp xdyl.E221F9                                |
00E221DD                       | C745 F8 00000000                   | mov dword ptr ss:[ebp-0x8],0x0                 |
00E221E4                       | 6A 00                              | push 0x0                                       |
00E221E6                       | FF75 F8                            | push dword ptr ss:[ebp-0x8]                    |
00E221E9                       | 68 02000000                        | push 0x2                                       |
00E221EE                       | E8 FDFAFFFF                        | call <xdyl.sub_E21CF0>                         |
00E221F3                       | 59                                 | pop ecx                                        |
00E221F4                       | E9 72FFFFFF                        | jmp xdyl.E2216B                                |
00E221F9                       | 83C4 04                            | add esp,0x4                                    |
00E221FC                       | 833D 00D7F300 00                   | cmp dword ptr ds:[0xF3D700],0x0                |
00E22203                       | 0F85 3A000000                      | jne xdyl.E22243                                | 执行转移
00E22209                       | 6A 01                              | push 0x1                                       |
00E2220B                       | 68 64000000                        | push 0x64                                      |
00E22210                       | 68 32000000                        | push 0x32                                      |
00E22215                       | E8 D6FAFFFF                        | call <xdyl.sub_E21CF0>                         |
00E2221A                       | 68 010100A0                        | push 0xA0000101                                |
00E2221F                       | 6A 00                              | push 0x0                                       |
00E22221                       | 68 CA30F000                        | push xdyl.F030CA                               |
00E22226                       | 68 01000000                        | push 0x1                                       |
00E2222B                       | BB 60D2E200                        | mov ebx,<xdyl.sub_E2D260>                      |
00E22230                       | E8 3F9B0000                        | call <xdyl.sub_E2BD74>                         |
00E22235                       | 83C4 10                            | add esp,0x10                                   |
00E22238                       | 8945 F8                            | mov dword ptr ss:[ebp-0x8],eax                 |
00E2223B                       | 8B45 F8                            | mov eax,dword ptr ss:[ebp-0x8]                 |
00E2223E                       | E9 C80A0000                        | jmp xdyl.E22D0B                                |
00E22243                       | DB05 00D7F300                      | fild st(0),dword ptr ds:[0xF3D700]             | 什么操作
00E22249                       | DD5D F4                            | fstp qword ptr ss:[ebp-0xC],st(0)              |
00E2224C                       | DD45 F4                            | fld st(0),qword ptr ss:[ebp-0xC]               |
00E2224F                       | DC35 C230F000                      | fdiv st(0),qword ptr ds:[0xF030C2]             |
00E22255                       | DD5D EC                            | fstp qword ptr ss:[ebp-0x14],st(0)             |
00E22258                       | DD45 EC                            | fld st(0),qword ptr ss:[ebp-0x14]              |
00E2225B                       | DC25 F030F000                      | fsub st(0),qword ptr ds:[0xF030F0]             |
00E22261                       | D9E4                               | ftst                                           |
00E22263                       | DFE0                               | fnstsw ax                                      |
00E22265                       | F6C4 01                            | test ah,0x1                                    |
00E22268                       | 74 02                              | je xdyl.E2226C                                 |
00E2226A                       | D9E0                               | fchs                                           |
00E2226C                       | DC1D F830F000                      | fcomp st(0),qword ptr ds:[0xF030F8]            |
00E22272                       | DFE0                               | fnstsw ax                                      |
00E22274                       | F6C4 41                            | test ah,0x41                                   |
00E22277                       | 0F84 44000000                      | je xdyl.E222C1                                 |


推荐
揰掵佲 发表于 2023-1-22 06:06
[Asm] 纯文本查看 复制代码
8C3C68====={163,8,217,139,0,137,29,12,217,139,0,137,13,16,217,139,0,137,21,20,217,139,0,137,61,24,217,139,0,137,53,28,217,139,0,137,45,32,217,139,0,137,37,36,217,139,0,96,184,231,144,0,16,255,208,97,141,76,36,48,81,233,203,255,124,7}

008C3C68 - A3 08D98B00           - mov [008BD908],eax { (0) }
008C3C6D - 89 1D 0CD98B00        - mov [008BD90C],ebx { (0) }
008C3C73 - 89 0D 10D98B00        - mov [008BD910],ecx { (0) }
008C3C79 - 89 15 14D98B00        - mov [008BD914],edx { (0) }
008C3C7F - 89 3D 18D98B00        - mov [008BD918],edi { (0) }
008C3C85 - 89 35 1CD98B00        - mov [008BD91C],esi { (0) }
008C3C8B - 89 2D 20D98B00        - mov [008BD920],ebp { (0) }
008C3C91 - 89 25 24D98B00        - mov [008BD924],esp { (0) }
008C3C97 - 60                    - pushad 
008C3C98 - B8 E7900010           - mov eax,xdyl.dll+90E7 { (86) }
008C3C9D - FF D0                 - call eax
008C3C9F - 61                    - popad 
008C3CA0 - 8D 4C 24 30           - lea ecx,[esp+30]
008C3CA4 - 51                    - push ecx
008C3CA5 - E9 CBFF7C07           - jmp fAAkm3439.dll+33C75


8093C70====={233,243,255,130,248}
fAAkm3439.dll+33C70 - E9 F3FF82F8           - jmp 008C3C68


83BEA02====={1,0,0,0}
83BEA06====={1,0,0,0}
83BEA0A====={1,0,0,0}
83BEA0E====={1,0,0,0}
83BEA12====={1,0,0,0}
83BEA16====={1,0,0,0}
83BEA1A====={1,0,0,0}
83BEA1E====={1,0,0,0}
83BEA22====={1,0,0,0}
83BEA26====={1,0,0,0}
83BEA2A====={1,0,0,0}
83BEA2E====={1,0,0,0}
83BEA32====={1,0,0,0}
83BEA36====={1,0,0,0}
83BEA3A====={1,0,0,0}
83BEA3E====={1,0,0,0}
83BEA42====={1,0,0,0}
83BEA46====={1,0,0,0}
83BEA4A====={1,0,0,0}
83BEA4E====={1,0,0,0}
83BEA52====={78,9,176,8}
83BEA56====={211,195,175,8}
83BEA5A====={5,154,175,8}
83BEA5E====={96,139,175,8}
83BEA62====={235,139,175,8}
83BEA66====={37,187,175,8}
83BEA6A====={212,206,175,8}
83BEA6E====={227,211,175,8}
83BEA72====={205,215,175,8}
83BEA76====={126,216,175,8}
83BEA7A====={14,160,175,8}
83BEA7E====={165,223,175,8}
83BEA82====={122,196,175,8}
83BEA86====={217,183,175,8}
83BEA8A====={20,146,175,8}
83BEA8E====={143,216,175,8}
83BEA92====={10,239,175,8}
83BEA96====={130,241,175,8}
83BEA9A====={82,205,175,8}
83BEA9E====={109,177,175,8}
83BEAA2====={230,250,175,8}
83BEAA6====={202,231,175,8}
83BEAAA====={33,5,176,8}
83BEAAE====={68,1,176,8}
83BEAB2====={208,207,175,8}
83BEAB6====={255,156,175,8}
83BEABA====={236,197,175,8}
83BEABE====={230,168,175,8}
83BEAC2====={36,249,175,8}
83BEAC6====={155,165,175,8}

fAAkm3439.dll+35EA02 - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA04 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA06 - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA08 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA0A - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA0C - 00 00                 - add [eax],al
fAAkm3439.dll+35EA0E - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA10 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA12 - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA14 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA16 - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA18 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA1A - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA1C - 00 00                 - add [eax],al
fAAkm3439.dll+35EA1E - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA20 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA22 - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA24 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA26 - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA28 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA2A - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA2C - 00 00                 - add [eax],al
fAAkm3439.dll+35EA2E - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA30 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA32 - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA34 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA36 - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA38 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA3A - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA3C - 00 00                 - add [eax],al
fAAkm3439.dll+35EA3E - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA40 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA42 - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA44 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA46 - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA48 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA4A - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA4C - 00 00                 - add [eax],al
fAAkm3439.dll+35EA4E - 01 00                 - add [eax],eax
fAAkm3439.dll+35EA50 - 00 00                 - add [eax],al
fAAkm3439.dll+35EA52 - 4E                    - dec esi
fAAkm3439.dll+35EA53 - 09 B0 08D3C3AF        - or [eax-503C2CF8],esi
fAAkm3439.dll+35EA59 - 08 05 9AAF0860        - or [6008AF9A],al { 1611181978 }
fAAkm3439.dll+35EA5F - 8B AF 08EB8BAF        - mov ebp,[edi-507414F8]
fAAkm3439.dll+35EA65 - 08 25 BBAF08D4        - or [D408AFBB],ah { -737628229 }
fAAkm3439.dll+35EA6B - CE                    - into 
fAAkm3439.dll+35EA6C - AF                    - scasd 
fAAkm3439.dll+35EA6D - 08 E3                 - or bl,ah
fAAkm3439.dll+35EA6F - D3 AF 08CDD7AF        - shr [edi-502832F8],cl
fAAkm3439.dll+35EA75 - 08 7E D8              - or [esi-28],bh
fAAkm3439.dll+35EA78 - AF                    - scasd 
fAAkm3439.dll+35EA79 - 08 0E                 - or [esi],cl
fAAkm3439.dll+35EA7B - A0 AF08A5DF           - mov al,[DFA508AF] { -542832465 }
fAAkm3439.dll+35EA80 - AF                    - scasd 
fAAkm3439.dll+35EA81 - 08 7A C4              - or [edx-3C],bh
fAAkm3439.dll+35EA84 - AF                    - scasd 
fAAkm3439.dll+35EA85 - 08 D9                 - or cl,bl
fAAkm3439.dll+35EA87 - B7 AF                 - mov bh,-51 { 175 }
fAAkm3439.dll+35EA89 - 08 14 92              - or [edx+edx*4],dl
fAAkm3439.dll+35EA8C - AF                    - scasd 
fAAkm3439.dll+35EA8D - 08 8F D8AF080A        - or [edi+0A08AFD8],cl
fAAkm3439.dll+35EA93 - EF                    - out dx,eax
fAAkm3439.dll+35EA94 - AF                    - scasd 
fAAkm3439.dll+35EA95 - 08 82 F1AF0852        - or [edx+5208AFF1],al
fAAkm3439.dll+35EA9B - CD AF                 - int -51 { 175 }
fAAkm3439.dll+35EA9D - 08 6D B1              - or [ebp-4F],ch
fAAkm3439.dll+35EAA0 - AF                    - scasd 
fAAkm3439.dll+35EAA1 - 08 E6                 - or dh,ah
fAAkm3439.dll+35EAA3 - FA                    - cli 
fAAkm3439.dll+35EAA4 - AF                    - scasd 
fAAkm3439.dll+35EAA5 - 08 CA                 - or dl,cl
fAAkm3439.dll+35EAA7 - E7 AF                 - out -51,eax { 175 }
fAAkm3439.dll+35EAA9 - 08 21                 - or [ecx],ah
fAAkm3439.dll+35EAAB - 05 B0084401           - add eax,014408B0 { 21235888 }
fAAkm3439.dll+35EAB0 - B0 08                 - mov al,08 { 8 }
fAAkm3439.dll+35EAB2 - D0 CF                 - ror bh,1
fAAkm3439.dll+35EAB4 - AF                    - scasd 
fAAkm3439.dll+35EAB5 - 08 FF                 - or bh,bh
fAAkm3439.dll+35EAB7 - 9C                    - pushfd 
fAAkm3439.dll+35EAB8 - AF                    - scasd 
fAAkm3439.dll+35EAB9 - 08 EC                 - or ah,ch
fAAkm3439.dll+35EABB - C5AF08                - invd 
fAAkm3439.dll+35EABE - E6 A8                 - out -58,al { 168 }
fAAkm3439.dll+35EAC0 - AF                    - scasd 
fAAkm3439.dll+35EAC1 - 08 24 F9              - or [ecx+edi*8],ah
fAAkm3439.dll+35EAC4 - AF                    - scasd 
fAAkm3439.dll+35EAC5 - 08 9B A5AF0800        - or [ebx+0008AFA5],bl
3#
jy3318007 发表于 2023-1-22 04:19
买个正版的大漠也用不了几个钱啊?需要去使用破解?
4#
WZL1188888 发表于 2023-1-22 10:02
新春快乐!也祝自己在新的一年里学到一些知识。
5#
myxyvip 发表于 2023-1-22 10:10
jy3318007 发表于 2023-1-22 04:19
买个正版的大漠也用不了几个钱啊?需要去使用破解?

正版有时候注册不了,必须要网络!做不了本地的脚本
6#
zg2600 发表于 2023-1-22 12:19
用6.1544
7#
king1027 发表于 2023-1-22 13:41
没用,核心代码VMP了
8#
影风 发表于 2023-1-25 22:50
哪个功能是绑定收费的功能 发我一份调用源码 我这边测试一下
9#
 楼主| 灵剑丹心 发表于 2023-1-26 16:54 |楼主
影风 发表于 2023-1-25 22:50
哪个功能是绑定收费的功能 发我一份调用源码 我这边测试一下

传到网盘了,保护盾和绑定后台窗口都是收费的功能
10#
 楼主| 灵剑丹心 发表于 2023-1-26 20:02 |楼主
king1027 发表于 2023-1-22 13:41
没用,核心代码VMP了

找到一个没加vmp的,是upx,能逆向出具体操作吗
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-23 09:24

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表