好友
阅读权限10
听众
最后登录1970-1-1
|
y2008
发表于 2011-2-17 22:03
本帖最后由 y2008 于 2011-2-18 08:58 编辑
本帖最后由 y2008 于 2011-2-17 21:50 编辑
破解下载: http://www.kitchendraw.com/
软件大小: 48.5 MB
软件简介: 国外流行的厨房设计软件,搞厨房设计的10个有9个在使用! 源程序还没传到空间,这个软件代理商要4700元人民币,是代理自己加壳出售,黑的很!需要的直接留言米我!
【作者声明】:失误之处敬请诸位大侠赐教,不按这个步骤走需要处理附加数据,脱壳后很多错误提示。
【调试环境】:WinXP
【使用工具】:^0^-FlyOD.exe PEiD小生专用版 LordPE、ImportREC
【软件加壳】:SoftSentry 2.11 -> 20/20 Software
【软件限制】:时间,每次新建一个工程时间减少0.05,总时间 30.需充值。如图:
一,手动脱壳
查壳:
0040BE90 > 55 push ebp 》》》》》》程序入口
0040BE91 8BEC mov ebp,esp
0040BE93 83EC 64 sub esp,64
0040BE96 53 push ebx
0040BE97 56 push esi
0040BE98 57 push edi
0040BE99 E9 50000000 jmp KitchenD.0040BEEE
0040BE9E 0000 add byte ptr ds:[eax],al
0040BEA0 90 nop
单步到这里:
0040C052 > \E8 19060000 CALL KitchenD.0040C670
0040C057 > 833D 70114100>CMP DWORD PTR DS:[411170],0
0040C05E . 0F84 16000000 JE KitchenD.0040C07A
0040C064 . 8B4D B0 MOV ECX,DWORD PTR SS:[EBP-50]
0040C067 . E8 442C0000 CALL KitchenD.0040ECB0 //出现注册框,选择Cancel,不然飞了!
0040C06C . 8945 B0 MOV DWORD PTR SS:[EBP-50],EAX
0040C06F . 8B4D B0 MOV ECX,DWORD PTR SS:[EBP-50]
0040C072 . E8 F92C0000 CALL KitchenD.0040ED70
0040C077 . 8945 B0 MOV DWORD PTR SS:[EBP-50],EAX
0040C07A > 837D B0 01 CMP DWORD PTR SS:[EBP-50],1
如图:
单步走到这里:
0040C2D4 . /0F85 3E000000 JNZ KitchenD.0040C318 //这个跳NOP掉,不然飞了!
0040C2DA . |33C0 XOR EAX,EAX
0040C2DC . |66:A1 B811410>MOV AX,WORD PTR DS:[4111B8]
0040C2E2 . |85C0 TEST EAX,EAX
0040C2E4 . |0F84 2E000000 JE KitchenD.0040C318 //这个跳NOP掉,不然飞了!
0040C2EA . |8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0040C2ED . |50 PUSH EAX ; /hInst
0040C2EE . |68 A8114100 PUSH KitchenD.004111A8 ; |Class =
0040C2F3 . |FF15 18544100 CALL DWORD PTR DS:[<&USER32.UnregisterCl>; \UnregisterClassA
0040C2F9 . |33C0 XOR EAX,EAX
0040C2FB . |66:A1 BC11410>MOV AX,WORD PTR DS:[4111BC]
0040C301 . |85C0 TEST EAX,EAX
0040C303 . |0F84 0F000000 JE KitchenD.0040C318
0040C309 . |8B45 B4 MOV EAX,DWORD PTR SS:[EBP-4C]
0040C30C . |50 PUSH EAX
0040C30D . |8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0040C310 . |8B4D B8 MOV ECX,DWORD PTR SS:[EBP-48]
0040C313 . |E8 38000000 CALL KitchenD.0040C350 //这个CALL进去,不然不能到OEP!
0040C318 > \837D AC 00 CMP DWORD PTR SS:[EBP-54],0
上面的NOP掉的代码走过之后要撤消修改.
我们单步走到这里:
0040C350 /$ 56 PUSH ESI //进0040C313后的代码!
0040C351 |. 57 PUSH EDI
0040C352 |. 8BF2 MOV ESI,EDX
0040C354 |. 8B7C24 0C MOV EDI,DWORD PTR SS:[ESP+C]
0040C358 |. 8B51 02 MOV EDX,DWORD PTR DS:[ECX+2]
0040C35B |. 3351 06 XOR EDX,DWORD PTR DS:[ECX+6]
0040C35E |. 3351 0A XOR EDX,DWORD PTR DS:[ECX+A]
0040C361 |. 03FA ADD EDI,EDX
0040C363 |. 33D2 XOR EDX,EDX
0040C365 |> 8B41 06 /MOV EAX,DWORD PTR DS:[ECX+6]
0040C368 |. 42 |INC EDX
0040C369 |. 314497 FC |XOR DWORD PTR DS:[EDI+EDX*4-4],EAX
0040C36D |. 42 |INC EDX
0040C36E |. 8B41 0A |MOV EAX,DWORD PTR DS:[ECX+A]
0040C371 |. 314497 FC |XOR DWORD PTR DS:[EDI+EDX*4-4],EAX
0040C375 |. 83FA 14 |CMP EDX,14
0040C378 |.^ 7C EB \JL SHORT KitchenD.0040C365
0040C37A |. 8B0E MOV ECX,DWORD PTR DS:[ESI]//F4运行到所选!
0040C37C |. E8 5F320000 CALL KitchenD.0040F5E0
我们单步走到这里:
0040C387 |. 66:833D B8114>CMP WORD PTR DS:[4111B8],0
0040C38F |. 74 0C JE SHORT KitchenD.0040C39D //这个跳NOP掉,不然飞了!
0040C391 |. 66:833D C0114>CMP WORD PTR DS:[4111C0],0
0040C399 |. 74 02 JE SHORT KitchenD.0040C39D
0040C39B |. FFD7 CALL EDI //这个CALL进去,不然不能到OEP!
0040C39D |> 6A 00 PUSH 0 ; /Style =
0040C39F |. 68 38124100 PUSH KitchenD.00411238 ; |Title = "softSENTRY"
0040C3A4 |. 68 28124100 PUSH KitchenD.00411228 ; |Text = "Failed to
0040C3A9 |. 6A 00 PUSH 0 ; |hOwner = NULL
0040C3AB |. FF15 48544100 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
进去后的代码:
004018A0 55 DB 55 ; CHAR 'U'
004018A1 8B DB 8B
004018A2 EC DB EC
004018A3 6A DB 6A ; CHAR 'j'
004018A4 FF DB FF
004018A5 68 DB 68 ; CHAR 'h'
004018A6 D0 DB D0
004018A7 50 DB 50 ; CHAR 'P'
004018A8 40 DB 40 ; CHAR '@'
004018A9 00 DB 00
004018AA 68 DB 68 ; CHAR 'h'
004018AB D4 DB D4
004018AC 23 DB 23 ; CHAR '#'
004018AD 40 DB 40 ; CHAR '@'
004018AE 00 DB 00
004018AF 64 DB 64 ; CHAR 'd'
分析后的代码:
004018A0 /. 55 PUSH EBP //这里就是OEP。
004018A1 |. 8BEC MOV EBP,ESP
004018A3 |. 6A FF PUSH -1
004018A5 |. 68 D0504000 PUSH KitchenD.004050D0
004018AA |. 68 D4234000 PUSH KitchenD.004023D4 ; SE 处理程序安装
004018AF |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
004018B5 |. 50 PUSH EAX
004018B6 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
004018BD |. 83EC 58 SUB ESP,58
004018C0 |. 53 PUSH EBX
004018C1 |. 56 PUSH ESI
004018C2 |. 57 PUSH EDI
004018C3 |. 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP
004018C6 |. FF15 48504000 CALL DWORD PTR DS:[<&KERNEL32.GetVersion>; kernel32.GetVersion
004018CC |. 33D2 XOR EDX,EDX
004018CE |. 8AD4 MOV DL,AH
004018D0 |. 8915 D0674000 MOV DWORD PTR DS:[4067D0],EDX
004018D6 |. 8BC8 MOV ECX,EAX
004018D8 |. 81E1 FF000000 AND ECX,0FF
脱壳过程自己搞定。
PEID查壳:
脱壳后运行:
|
免费评分
-
查看全部评分
|