【D01E04】电子管反破解教程之四【隐藏API入口，Anti OD的API断点】

dianziguan · 发表于 2013-7-21 15:40

本帖最后由 dianziguan 于 2013-7-21 15:48 编辑

原帖子不知道怎么不见了，源代码如下：
.386
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\advapi32.inc
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \MASM32\LIB\oleaut32.lib
include \MASM32\include\oleaut32.inc

DlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD

.data
AppName db "注册程序，(C)电子管 2012.07.19",0
DlgName db "MyDialog",0
dllname1 db "user32.dll",0
dllname2 db "kernel32.dll",0
tDialogBoxParam db "DialogBoxParamA",0
tExitProcess db "ExitProcess",0
tEndDialog db "EndDialog",0
tGetDlgItemText db "GetDlgItemTextA",0
tGetModuleHandle db "GetModuleHandleA",0
tMessageBoxA db "MessageBoxA",0
tLoadLibrary db "LoadLibraryA",0
taGetProcAddress db "GetProcAddress",0
chck2 dd 363734a1h
.data?
hInstance HINSTANCE ?
err1 dd ?
ok1 dd ?
ok2 dd ?
mesbok_1 db 10 dup(?)
regbuffer1 db 512 dup(?)
aGetModuleHandle dd ?
aLoadLibrary dd ?
dllhnd1 dd ?
dllhnd2 dd ?
aDialogBoxParam dd ?
aGetDlgItemText dd ?
aEndDialog dd ?
aMessageBoxA dd ?
aExitProcess dd ?
aGetProcAddress dd ?
chck1 dd ?

.const
IDC_EDIT2       equ 3800
IDC_EDIT3       equ 3801
IDC_BUTTON    equ 3001
IDC_EXIT       equ 3002
.code
start:  ;LoadLibrary GetProcAddress
   mov aGetModuleHandle,GetModuleHandle
   push 0
   push  offset loc_1
   mov eax,aGetModuleHandle
   jmp eax
   ;invoke GetModuleHandle, NULL

loc_1:

mov hInstance,eax
   mov aGetModuleHandle,GetModuleHandle
   push offset dllname2
   push  offset loc_2
   mov eax,aGetModuleHandle
   jmp eax
   ;invoke GetModuleHandle, NULL

loc_2:

mov dllhnd2,eax
   mov aGetProcAddress,GetProcAddress

   push offset tLoadLibrary
   push dllhnd2
   push offset loc_4
   mov eax,aGetProcAddress
   jmp eax
      ;invoke  GetProcAddress,dllhnd2,addr tLoadLibrary
loc_4: add eax,2
   mov aLoadLibrary,eax

   push offset taGetProcAddress
   push dllhnd2
   mov eax,aGetProcAddress
   call eax

loc_6:
   add eax,2
   mov aGetProcAddress,eax


   push offset dllname1
   mov eax,aLoadLibrary
   call eax
   ;invoke LoadLibrary,addr dllname1
   mov dllhnd1,eax
   push offset tDialogBoxParam
   push dllhnd1
   call aGetProcAddress
   ;invoke  GetProcAddress,dllhnd1,addr tDialogBoxParam
   add eax,2
   mov aDialogBoxParam,eax
   push offset tEndDialog
   push dllhnd1
   mov eax, aGetProcAddress
   call eax
   add eax,2
   ;invoke GetProcAddress,dllhnd1,addr tEndDialog
   mov aEndDialog,eax
   push offset tGetDlgItemText
   push dllhnd1
   mov eax,aGetProcAddress
   call eax
   ;invoke GetProcAddress,dllhnd1,addr tGetDlgItemText
   inc eax
   add eax,1
   mov aGetDlgItemText,eax
   push offset tMessageBoxA
   push dllhnd1
   mov eax,aGetProcAddress
   call eax
   ;invoke GetProcAddress,dllhnd1,addr tMessageBoxA
   add eax,1
   inc eax
   mov aMessageBoxA,eax
   push offset tExitProcess
   push dllhnd2
   mov eax, aGetProcAddress
   call eax
   ;invoke GetProcAddress,dllhnd2,addr tExitProcess
   add eax,2
   mov aExitProcess,eax
   push 0
   push offset DlgProc
   push 0
   push offset DlgName
   push hInstance
   mov eax,aDialogBoxParam
   push offset loc_3
   jmp eax
;invoke DialogBoxParam, hInstance, ADDR DlgName,NULL,addr DlgProc,NULL
loc_3: ret;invoke ExitProcess,eax
DlgProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
.IF uMsg==WM_INITDIALOG
; invoke SetDlgItemText,hWnd,IDC_EDIT2,ADDR AppName
      cld
      mov esi,offset start
      mov ecx,offset f_1
      sub ecx,esi
      mov edx,0
      mov eax,0
  lloc_1:lodsb
   add edx,eax
   loop lloc_1
   add edx,36363636h
   mov chck1,edx ;检查和
   nop
   nop

.ELSEIF uMsg== WM_CLOSE
            push 0
            push  hWnd
            mov eax,aEndDialog
            call eax
  ;invoke EndDialog, hWnd,NULL
.ELSEIF uMsg==WM_COMMAND

  mov edx,wParam
            mov eax,edx
shr edx,16
.if dx==BN_CLICKED
.IF ax==IDC_BUTTON
                           mov edi,chck1
                           mov eax ,offset ok_1
                           mov ok1,eax
                           mov eax ,offset ok_2
                           mov ok2,eax
                           mov eax,offset err_1
                           mov err1,eax
                           ;invoke GetDlgItemText,hWnd,IDC_EDIT3,ADDR regbuffer1,512

                           push 512
                           push offset regbuffer1
                           push IDC_EDIT3
                           push hWnd
                           push offset lloc_3
                           mov eax,aGetDlgItemText
                           nop
                           jmp eax
               lloc_3:    push esi
                           mov esi,offset regbuffer1
                           cld
                           lodsd
                           sub eax,30303030h
                           push eax
                           pop edx
                           lodsd
                           sub eax,30303030h
                           add eax,edx
                           sub eax,09090909h
                           pushfd
                           pop eax
                           and eax,40h
                           shr eax,4
                           mov edx,offset err1
                           add eax,edx
                           mov eax, [eax]
                           jmp eax

                     err_1:

                     pop esi
                     ;invoke MessageBoxA,NULL,ADDR mesberr_1,ADDR AppName,MB_OK

                  exit_1:
                     push 0
                     push  hWnd
                     mov eax,aEndDialog
                     call eax
                  ;invoke EndDialog, hWnd,NULL
                     push 0


                     mov eax,aExitProcess
                     jmp eax

                     ;invoke ExitProcess,eax

                     ok_1:
                        ;pop esi
                        ;jmp ok_2
                        mov eax,chck2
                        ;cmp eax,edi
                        sub eax,edi
                           pushfd
                           pop eax
                           and eax,40h
                           shr eax,3
                           mov edx,offset err1
                           add eax,edx
                           mov eax, [eax]
                           jmp eax
                  ok_2:  pop esi
                           mov edi,offset mesbok_1
                           mov eax,0e1b2a2d7h;'注册'
                           stosd
                           mov eax,0a6b9c9b3h;'成功'
                           stosd
                        ;invoke MessageBox,NULL,ADDR mesbok_1,ADDR AppName,MB_OK
                        push MB_OK
                        push offset mesbok_1
                        push offset mesbok_1
                        push 0
                        mov eax,offset exit_1
                        push eax
                        mov eax, aMessageBoxA
                        jmp eax
                        jmp exit_1

                     .ELSEIF ax==IDC_EXIT
                     push 0
                     push  hWnd
                     mov eax,aEndDialog
                     call eax
   ;invoke EndDialog, hWnd,NULL
.ENDIF
.ENDIF

.ELSE
  mov eax,FALSE
  ret
.ENDIF
mov eax,TRUE
ret
DlgProc endp
f_1:
end start

cxihdx · 发表于 2013-7-21 15:44

虽然没看明白，但也支持下

dianziguan · 发表于 2013-7-21 15:49

cxihdx 发表于 2013-7-21 15:44
虽然没看明白，但也支持下

谢谢支持，汇编是解密的基础，玩破解多了，汇编也就看懂了。

帐号		自动登录	找回密码
密码			注册[Register]

[CrackMe] 【D01E04】电子管反破解教程之四【隐藏API入口，Anti OD的API断点】

本帖子中包含更多资源

[CrackMe] 【D01E04】电子管 反破解教程之四【隐藏API入口，Anti OD的API断点】

本帖子中包含更多资源

[CrackMe] 【D01E04】电子管反破解教程之四【隐藏API入口，Anti OD的API断点】