好友
阅读权限25
听众
最后登录1970-1-1
|
本帖最后由 bailei 于 2013-12-22 10:56 编辑
这个只是教程 第一次发这样的帖子 软件会打包 但是不是破解版
自己动手 丰衣足食 新手教程 大牛飘过~
软件下载地址: http://url.cn/Ne0BCV
查壳
把程序丢入OD--运行--跟随0040100--搜索字符串
[AppleScript] 纯文本查看 复制代码 004CDEC3 . 59 pop ecx ; 0012F4B8
004CDEC4 . 64:8910 mov dword ptr fs:[eax],edx
004CDEC7 . 68 EDDE4C00 push jdcks.004CDEED ; j@h爝L
004CDECC > 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
004CDECF . E8 FC59F3FF call jdcks.004038D0
004CDED4 . A1 A0294D00 mov eax,dword ptr ds:[0x4D29A0]
004CDED9 . 8B00 mov eax,dword ptr ds:[eax]
004CDEDB . BA 94DF4C00 mov edx,jdcks.004CDF94 ; FirstSession
004CDEE0 . E8 0FF9FCFF call jdcks.0049D7F4
004CDEE5 . C3 retn
004CDEE6 .^ E9 7961F3FF jmp jdcks.00404064
004CDEEB .^ EB DF jmp short jdcks.004CDECC
004CDEED . 6A 40 push 0x40
004CDEEF . 68 ECDF4C00 push jdcks.004CDFEC ; 提示
004CDEF4 . 68 F4DF4C00 push jdcks.004CDFF4 ; 注册成功,谢谢您使用本系统!
004CDEF9 . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
004CDEFC . E8 3799F7FF call jdcks.00447838
004CDF01 . 50 push eax ; |hOwner = 0053AF10
004CDF02 . E8 B596F3FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004CDF07 . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
004CDF0A . E8 FDFBF8FF call jdcks.0045DB0C
004CDF0F EB 1A jmp short jdcks.004CDF2B
004CDF11 6A 30 push 0x30
004CDF13 . 68 ECDF4C00 push jdcks.004CDFEC ; 提示
004CDF18 . 68 10E04C00 push jdcks.004CE010 ; 对不起,注册码不对
004CDF1D . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
004CDF20 . E8 1399F7FF call jdcks.00447838
004CDF25 . 50 push eax ; |hOwner = 0053AF10
004CDF26 . E8 9196F3FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004CDF2B > 33C0 xor eax,eax
004CDF2D . 5A pop edx ; 0012F4B8
004CDF2E . 59 pop ecx ; 0012F4B8
004CDF2F . 59 pop ecx ; 0012F4B8
找到这段代码的开头下断点
[AppleScript] 纯文本查看 复制代码 004CDD1D |. 5D pop ebp ; 0012F4B8
004CDD1E \. C2 0C00 retn 0xC
004CDD21 8D40 00 lea eax,dword ptr ds:[eax]
004CDD24 . 55 push ebp ; [b]代码开头 下断点 F2[/b]
004CDD25 . 8BEC mov ebp,esp
004CDD27 . B9 08000000 mov ecx,0x8
004CDD2C > 6A 00 push 0x0
004CDD2E . 6A 00 push 0x0
004CDD30 . 49 dec ecx
004CDD31 ^ 75 F9 jnz short jdcks.004CDD2C
004CDD33 . 51 push ecx
004CDD34 . 8945 FC mov dword ptr ss:[ebp-0x4],eax
004CDD37 . 33C0 xor eax,eax
004CDD39 . 55 push ebp
004CDD3A . 68 6EDF4C00 push jdcks.004CDF6E
004CDD3F . 64:FF30 push dword ptr fs:[eax]
在程序中注册一次 段下来
F8单步走
[AppleScript] 纯文本查看 复制代码
004CDD2C > /6A 00 push 0x0
004CDD2E . |6A 00 push 0x0
004CDD30 . |49 dec ecx
004CDD31 ^\75 F9 jnz short jdcks.004CDD2C
004CDD33 . 51 push ecx
这一段是循环 直接跳到下一步走(在 004CDD33 右键-此处为新EIP)
[AppleScript] 纯文本查看 复制代码 004CDD7D . 8B80 20030000 mov eax,dword ptr ds:[eax+0x320]
004CDD83 . E8 B06CF3FF call jdcks.00404A38
004CDD88 0F85 83010000 jnz jdcks.004CDF11 ; [b]关键跳[/b]
004CDD8E . 8D55 D4 lea edx,dword ptr ss:[ebp-0x2C]
004CDD91 . A1 1C2D4D00 mov eax,dword ptr ds:[0x4D2D1C] ; ,<M
004CDD96 . 8B00 mov eax,dword ptr ds:[eax]
004CDD98 . E8 BB39F9FF call jdcks.00461758
004CDD9D . 8B45 D4 mov eax,dword ptr ss:[ebp-0x2C]
004CDDA0 . 8D55 F8 lea edx,dword ptr ss:[ebp-0x8]
004CDDA3 . E8 60B3F3FF call jdcks.00409108
004CDDA8 . 8D45 D0 lea eax,dword ptr ss:[ebp-0x30]
004CDDAB . B9 84DF4C00 mov ecx,jdcks.004CDF84 ; Data\
004CDDB0 . 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
004CDDB3 . E8 886BF3FF call jdcks.00404940
004CDDB8 . 8B55 D0 mov edx,dword ptr ss:[ebp-0x30] ; ntdll.771156F7
004CDDBB . A1 A0294D00 mov eax,dword ptr ds:[0x4D29A0]
004CDDC0 . 8B00 mov eax,dword ptr ds:[eax]
004CDDC2 . E8 ED10FDFF call jdcks.0049EEB4
004CDDC7 . 8D45 CC lea eax,dword ptr ss:[ebp-0x34]
004CDDCA . B9 84DF4C00 mov ecx,jdcks.004CDF84 ; Data\
004CDDCF . 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
004CDDD2 . E8 696BF3FF call jdcks.00404940
004CDDD7 . 8B55 CC mov edx,dword ptr ss:[ebp-0x34]
004CDDDA . A1 A0294D00 mov eax,dword ptr ds:[0x4D29A0]
004CDDDF . 8B00 mov eax,dword ptr ds:[eax]
004CDDE1 . E8 5E11FDFF call jdcks.0049EF44
004CDDE6 . A1 A0294D00 mov eax,dword ptr ds:[0x4D29A0]
004CDDEB . 8B00 mov eax,dword ptr ds:[eax]
004CDDED . BA 94DF4C00 mov edx,jdcks.004CDF94 ; FirstSession
004CDDF2 . E8 FDF9FCFF call jdcks.0049D7F4
004CDDF7 . 68 ACDF4C00 push jdcks.004CDFAC ; Paradox
004CDDFC . 8D45 C8 lea eax,dword ptr ss:[ebp-0x38]
004CDDFF . B9 84DF4C00 mov ecx,jdcks.004CDF84 ; Data\
004CDE04 . 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
004CDE07 . E8 346BF3FF call jdcks.00404940
004CDE0C . 8B4D C8 mov ecx,dword ptr ss:[ebp-0x38]
004CDE0F . A1 A0294D00 mov eax,dword ptr ds:[0x4D29A0]
004CDE14 . 8B00 mov eax,dword ptr ds:[eax]
004CDE16 . BA 94DF4C00 mov edx,jdcks.004CDF94 ; FirstSession
004CDE1B . E8 8CF4FCFF call jdcks.0049D2AC
004CDE20 . 8B0D 1C2D4D00 mov ecx,dword ptr ds:[0x4D2D1C] ; ,<M
004CDE26 . 8B09 mov ecx,dword ptr ds:[ecx] ; jdcks.00448350
004CDE28 . B2 01 mov dl,0x1
004CDE2A . A1 1CB54900 mov eax,dword ptr ds:[0x49B51C]
004CDE2F . E8 2870FDFF call jdcks.004A4E5C
004CDE34 . 8945 F4 mov dword ptr ss:[ebp-0xC],eax
004CDE37 . 33C0 xor eax,eax
004CDE39 . 55 push ebp
004CDE3A . 68 E6DE4C00 push jdcks.004CDEE6
004CDE3F . 64:FF30 push dword ptr fs:[eax]
004CDE42 . 64:8920 mov dword ptr fs:[eax],esp
004CDE45 . BA 94DF4C00 mov edx,jdcks.004CDF94 ; FirstSession
004CDE4A . 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
004CDE4D . E8 4A68FDFF call jdcks.004A469C
004CDE52 . 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
004CDE55 . E8 0E08FCFF call jdcks.0048E668
004CDE5A . 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
004CDE5D . 8B80 48020000 mov eax,dword ptr ds:[eax+0x248]
004CDE63 . 8B10 mov edx,dword ptr ds:[eax]
004CDE65 . FF52 44 call dword ptr ds:[edx+0x44]
004CDE68 . 68 BCDF4C00 push jdcks.004CDFBC ; Update M_PublicName set RegCode='
004CDE6D . 8D55 BC lea edx,dword ptr ss:[ebp-0x44]
004CDE70 . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
004CDE73 . 8B80 14030000 mov eax,dword ptr ds:[eax+0x314]
004CDE79 . E8 EA32F7FF call jdcks.00441168
004CDE7E . 8B45 BC mov eax,dword ptr ss:[ebp-0x44] ; ntdll.771156EC
004CDE81 . 8D55 C0 lea edx,dword ptr ss:[ebp-0x40]
004CDE84 . E8 C3ADF3FF call jdcks.00408C4C
004CDE89 . FF75 C0 push dword ptr ss:[ebp-0x40]
004CDE8C . 68 E8DF4C00 push jdcks.004CDFE8 ; '
004CDE91 . 8D45 C4 lea eax,dword ptr ss:[ebp-0x3C]
004CDE94 . BA 03000000 mov edx,0x3
004CDE99 . E8 166BF3FF call jdcks.004049B4
004CDE9E . 8B55 C4 mov edx,dword ptr ss:[ebp-0x3C]
004CDEA1 . 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
004CDEA4 . 8B80 48020000 mov eax,dword ptr ds:[eax+0x248]
004CDEAA . 8B08 mov ecx,dword ptr ds:[eax]
004CDEAC . FF51 38 call dword ptr ds:[ecx+0x38] ; jdcks.004482CC
004CDEAF . 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
004CDEB2 . E8 4578FDFF call jdcks.004A56FC
004CDEB7 . 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
004CDEBA . E8 A907FCFF call jdcks.0048E668
004CDEBF . 33C0 xor eax,eax
004CDEC1 . 5A pop edx ; jdcks.0044272A
004CDEC2 . 59 pop ecx ; jdcks.0044272A
004CDEC3 . 59 pop ecx ; jdcks.0044272A
004CDEC4 . 64:8910 mov dword ptr fs:[eax],edx
004CDEC7 . 68 EDDE4C00 push jdcks.004CDEED ; j@h爝L
004CDECC > 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
004CDECF . E8 FC59F3FF call jdcks.004038D0
004CDED4 . A1 A0294D00 mov eax,dword ptr ds:[0x4D29A0]
004CDED9 . 8B00 mov eax,dword ptr ds:[eax]
004CDEDB . BA 94DF4C00 mov edx,jdcks.004CDF94 ; FirstSession
004CDEE0 . E8 0FF9FCFF call jdcks.0049D7F4
004CDEE5 . C3 retn
004CDEE6 .^ E9 7961F3FF jmp jdcks.00404064
004CDEEB .^ EB DF jmp short jdcks.004CDECC
004CDEED . 6A 40 push 0x40
004CDEEF . 68 ECDF4C00 push jdcks.004CDFEC ; 提示
004CDEF4 . 68 F4DF4C00 push jdcks.004CDFF4 ; 注册成功,谢谢您使用本系统!
004CDEF9 . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
004CDEFC . E8 3799F7FF call jdcks.00447838
004CDF01 . 50 push eax ; |hOwner = 000000F4 (class='tooltips_class32')
004CDF02 . E8 B596F3FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004CDF07 . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
004CDF0A . E8 FDFBF8FF call jdcks.0045DB0C
004CDF0F EB 1A jmp short jdcks.004CDF2B
004CDF11 6A 30 push 0x30
004CDF13 . 68 ECDF4C00 push jdcks.004CDFEC ; 提示
004CDF18 . 68 10E04C00 push jdcks.004CE010 ; 对不起,注册码不对
004CDF1D . 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
004CDF20 . E8 1399F7FF call jdcks.00447838
004CDF25 . 50 push eax ; |hOwner = 000000F4 (class='tooltips_class32')
004CDF26 . E8 9196F3FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004CDF2B > 33C0 xor eax,eax
按道理把关键跳nop是可以达到爆破效果!
[AppleScript] 纯文本查看 复制代码 0012F8EC |0130C950 ASCII " TMA55BZJ2ZEAPP"
0012F8F0 |0130C974 ASCII "000B2F19D3E0 TMA55BZJ2ZEAPP"
0012F8F4 |0130C9BC ASCII "1789909449" [b]这个是用户名[/b]
0012F8F8 |0130C9D4 ASCII "1744175328" [b]这个是注册码[/b]
0012F8FC |0130CC14 ASCII "7a0c75c75105ca26a2a0b70cdd714a21"
0012F900 |C7750C7A
|
|
[复制链接]
发表于 2013-12-22 10:48
|
发表于 2013-12-22 10:57
