|
[求助]各位大大!能说说这是什么壳吗?
用单步跑的壳 |
|
[求助]关于无注册错误提示软件破解
脱壳后 OD载入 会有恭喜您注册成功的字符串 0047B730 |. 55 push ebp 0047B731 |. 68 EBB94700 push 0047B9EB 0047B736 |. 64:FF30 push dword ptr fs:[eax] 0047B739 |. 64:8920 mov dword ptr fs:[eax], esp 0047B73C |. 8D55 F4 lea edx, dword ptr [ebp-C] 0047B73F |. 8B83 F8020000 mov eax, dword ptr [ebx+2F8] 0047B745 |. E8 9A2BFCFF call 0043E2E4 0047B74A |. 837D F4 00 cmp dword ptr [ebp-C], 0 ; 机器码是否为空 0047B74E |. 0F84 4D020000 je 0047B9A1 ; 空则失败 0047B754 |. 8D55 F0 lea edx, dword ptr [ebp-10] 0047B757 |. 8B83 00030000 mov eax, dword ptr [ebx+300] 0047B75D |. E8 822BFCFF call 0043E2E4 0047B762 |. 837D F0 00 cmp dword ptr [ebp-10], 0 ; 注册码是否为空 0047B766 |. 0F84 35020000 je 0047B9A1 ; 空则失败 0047B76C |. 8D55 EC lea edx, dword ptr [ebp-14] 0047B76F |. 8B83 00030000 mov eax, dword ptr [ebx+300] 0047B775 |. E8 6A2BFCFF call 0043E2E4 0047B77A |. 8B45 EC mov eax, dword ptr [ebp-14] 0047B77D |. E8 B28EF8FF call 00404634 0047B782 |. 83F8 10 cmp eax, 10 ; 注册码是否为16位 0047B785 0F85 16020000 jnz 0047B9A1 ; 不是16位失败 0047B78B |. E8 9CFBFFFF call 0047B32C 0047B790 |. 8BD0 mov edx, eax ; eax的值传给edx 0047B792 |. 8D45 E0 lea eax, dword ptr [ebp-20] 0047B795 |. E8 D28DF8FF call 0040456C ; 取机器码 0047B79A |. 8B45 E0 mov eax, dword ptr [ebp-20] 0047B79D |. 8D55 E4 lea edx, dword ptr [ebp-1C] ; edx=0013F7E8 0047B7A0 |. E8 37C7F8FF call 00407EDC 0047B7A5 |. 8B45 E4 mov eax, dword ptr [ebp-1C] ; 机器码 0047B7A8 |. 8D55 E8 lea edx, dword ptr [ebp-18] ; edx=0013F7EC 0047B7AB |. E8 48C9F8FF call 004080F8 0047B7B0 |. 8B55 E8 mov edx, dword ptr [ebp-18] ; edx=机器码 0047B7B3 |. B8 A84D4800 mov eax, 00484DA8 ; eax=484da8 0047B7B8 |. E8 0B8CF8FF call 004043C8 0047B7BD |. 8D55 D8 lea edx, dword ptr [ebp-28] ; edx=0013F7DC 0047B7C0 |. 8B83 00030000 mov eax, dword ptr [ebx+300] ; eax=00DD71E4 0047B7C6 |. E8 192BFCFF call 0043E2E4 0047B7CB |. 8B45 D8 mov eax, dword ptr [ebp-28] ; eax=假码 0047B7CE |. 8D55 DC lea edx, dword ptr [ebp-24] ; edx=0013F7E0 0047B7D1 |. E8 06C7F8FF call 00407EDC 0047B7D6 |. 8B45 DC mov eax, dword ptr [ebp-24] ; eax=假码 0047B7D9 |. 8D55 FC lea edx, dword ptr [ebp-4] ; edx=0013F800 0047B7DC |. E8 17C9F8FF call 004080F8 0047B7E1 |. 8D45 D4 lea eax, dword ptr [ebp-2C] ; eax=13f800 0047B7E4 |. 50 push eax 0047B7E5 |. 8B15 98254800 mov edx, dword ptr [482598] ; 武林4_25.00484DB4 0047B7EB |. 66:8B12 mov dx, word ptr [edx] 0047B7EE |. B9 08000000 mov ecx, 8 ; ecx=8 0047B7F3 |. A1 A84D4800 mov eax, dword ptr [484DA8] ; eax=dd6618 0047B7F8 |. E8 27FAFFFF call 0047B224 0047B7FD |. 8B45 D4 mov eax, dword ptr [ebp-2C] ; eax=dd06e4 0047B800 |. 8D55 F8 lea edx, dword ptr [ebp-8] 0047B803 |. E8 D4C6F8FF call 00407EDC 0047B808 |. 8D55 D0 lea edx, dword ptr [ebp-30] 0047B80B |. 8B45 F8 mov eax, dword ptr [ebp-8] 0047B80E |. E8 A5F5FFFF call 0047ADB8 0047B813 |. 8B55 D0 mov edx, dword ptr [ebp-30] ; edx=b1c2dcc0a6d190469af02b452ddab562 0047B816 |. 8D45 F8 lea eax, dword ptr [ebp-8] 0047B819 |. E8 EE8BF8FF call 0040440C 0047B81E |. 8D55 CC lea edx, dword ptr [ebp-34] 0047B821 |. 8B45 F8 mov eax, dword ptr [ebp-8] 0047B824 |. E8 B3C6F8FF call 00407EDC 0047B829 |. 8B55 CC mov edx, dword ptr [ebp-34] ; edx的值转换成大写 0047B82C |. 8D45 F8 lea eax, dword ptr [ebp-8] 0047B82F |. E8 D88BF8FF call 0040440C 0047B834 |. 8D45 F8 lea eax, dword ptr [ebp-8] 0047B837 |. 50 push eax 0047B838 |. B9 10000000 mov ecx, 10 0047B83D |. BA 09000000 mov edx, 9 ; edx=9 0047B842 |. 8B45 F8 mov eax, dword ptr [ebp-8] 0047B845 |. E8 4A90F8FF call 00404894 ; eax=B1C2DCC0A6D190469AF02B452DDAB562 0047B84A |. 8B45 FC mov eax, dword ptr [ebp-4] ; 假码 0047B84D |. 8B55 F8 mov edx, dword ptr [ebp-8] ; 00DC7514的ASCII与比较B1C2DCC0A6D190469AF02B452DDAB562 0047B850 |. E8 2B8FF8FF call 00404780 ; 关键CALL ---跟进 0047B855 0F85 37010000 jnz 0047B992 ; (initial cpu selection) 0047B85B |. 8B45 FC mov eax, dword ptr [ebp-4] 0047B85E |. E8 D18FF8FF call 00404834 0047B863 |. 50 push eax 0047B864 |. B9 F8B94700 mov ecx, 0047B9F8 ; serial 0047B869 |. BA 00BA4700 mov edx, 0047BA00 ; software\yesgoto\ 0047B86E |. B8 01000080 mov eax, 80000001 ---------------------------------------------- 跟进关键CALL 00404780 /$ 53 push ebx 00404781 |. 56 push esi 00404782 |. 57 push edi 00404783 |. 89C6 mov esi, eax ; eax=esi 00404785 |. 89D7 mov edi, edx ; edx=edi 00404787 |. 39D0 cmp eax, edx ; edx与eax 00404789 |. 0F84 8F000000 je 0040481E ; 相等则跳 0040478F |. 85F6 test esi, esi 00404791 |. 74 68 je short 004047FB 00404793 |. 85FF test edi, edi 00404795 |. 74 6B je short 00404802 00404797 |. 8B46 FC mov eax, dword ptr [esi-4] ; eax=假码 0040479A |. 8B57 FC mov edx, dword ptr [edi-4] ; edx=注册码 0040479D |. 29D0 sub eax, edx ; 减法 0040479F |. 77 02 ja short 004047A3 ; 大于则跳 004047A1 |. 01C2 add edx, eax ; 补齐16位 004047A3 |> 52 push edx 004047A4 |. C1EA 02 shr edx, 2 ; 右移 004047A7 |. 74 26 je short 004047CF 004047A9 |> 8B0E /mov ecx, dword ptr [esi] 004047AB |. 8B1F |mov ebx, dword ptr [edi] 004047AD |. 39D9 |cmp ecx, ebx 004047AF |. 75 58 |jnz short 00404809 004047B1 |. 4A |dec edx 004047B2 |. 74 15 |je short 004047C9 004047B4 |. 8B4E 04 |mov ecx, dword ptr [esi+4] 好长好长,反正偶也不会,注册码[A6D190469AF02B45]都自己跑出来了。 注册成功会写入注册表 |
|
[求助]关于无注册错误提示软件破解
还在分析呢。。。。暴破了一下 |
|
[求助]关于无注册错误提示软件破解
我只会暴破! 文采不好,讲不清楚。我跑! |
|
给逆向初学者的一些建议
我连树都没看到。。。只看到雾。。咋办呢。。。 |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值