|
在这里发的贴可以过后放在别的论坛中吗?
明白乐 谢谢 |
|
脱壳中遇到的问题 Armadillo 3.78 向各位大哥请教
CheckCode 下一个 ArmAccess.dll ,脱壳后的程序就可以用乐 附件:armaccess.zip arm 果然是好东西 还是未注册, 不过关于 ArmAccess.dll 网上好多有意思的东西 |
|
|
|
hacnho,please come in!!!
oh ~~~~~~~~ mygod !!! i love you |
|
是Armadillo的早期版本吗?
恩 谢谢fly大哥的帮助 |
|
是Armadillo的早期版本吗?
最初由 fly 发布 啊!这样的呀,经fly大侠一说,我试了一下功能,果然可以用了,是不是说注册的模块已经没有了 是不是脱之前要把注册信息放进去呀,就像patch那样? 这样说来没戏了,我对这个一点都不懂 55555555555555555555555 |
|
是Armadillo的早期版本吗?
用DeDe看的 object FormRegistration: TFormRegistration Left = 362 Top = 257 BorderIcons = [biSystemMenu] BorderStyle = bsNone Caption = 'FormRegistration' ClientHeight = 296 ClientWidth = 434 Color = clWhite Font.Charset = DEFAULT_CHARSET Font.Color = clWindowText Font.Height = -11 Font.Name = 'Arial' Font.Style = [] FormStyle = fsStayOnTop KeyPreview = True OldCreateOrder = False Position = poDesktopCenter Scaled = False OnCreate = FormCreate PixelsPerInch = 96 TextHeight = 14 object Image1: TImage Left = 0 Top = 0 Width = 434 Height = 296 Align = alClient Picture.Data = { omit ...................... } OnMouseDown = Image1MouseDown OnMouseMove = Image1MouseMove OnMouseUp = Image1MouseUp end object LabelState: TLabel Left = 8 Top = 81 Width = 265 Height = 14 Caption = 'You have used the software for 0 days out of 30.' Font.Charset = DEFAULT_CHARSET Font.Color = clWindowText Font.Height = -11 Font.Name = 'Arial' Font.Style = [fsBold] ParentFont = False end object lblText: TLabel Left = 8 Top = 103 Width = 417 Height = 48 AutoSize = False Caption = 'To purchase the program please click "Purchase Online" or click ' + '"Continue" to access the trial version. Registered users please ' + 'provide your registration and license information below to activ' + 'ate the full version.' WordWrap = True end object lblName: TLabel Left = 16 Top = 162 Width = 30 Height = 14 Caption = 'Name:' end object lblLicense: TLabel Left = 16 Top = 194 Width = 41 Height = 14 Caption = 'License:' end object lblTitle: TLabel Left = 16 Top = 11 Width = 231 Height = 22 Caption = 'Register Spyware Doctor' Font.Charset = DEFAULT_CHARSET Font.Color = clWhite Font.Height = -19 Font.Name = 'Arial' Font.Style = [fsBold] ParentFont = False Transparent = True OnMouseDown = Image1MouseDown OnMouseMove = Image1MouseMove OnMouseUp = Image1MouseUp end object hlRegistrationHelp: THotLabel Left = 104 Top = 220 Width = 106 Height = 13 Cursor = crHandPoint Caption = 'Need help registering?' Font.Charset = DEFAULT_CHARSET Font.Color = clHighlight Font.Height = -11 Font.Name = 'MS Sans Serif' Font.Style = [fsUnderline] ParentFont = False OnClick = hlRegistrationHelpClick HotColor = clHighlight end object EditName: TEdit Left = 104 Top = 160 Width = 217 Height = 22 TabOrder = 0 OnChange = EditNameChange end object EditLicense: TEdit Left = 104 Top = 192 Width = 217 Height = 22 TabOrder = 1 OnChange = EditNameChange end object ButtonRegister: TButton Left = 16 Top = 249 Width = 105 Height = 25 Caption = 'Register' Enabled = False Font.Charset = DEFAULT_CHARSET Font.Color = clWindowText Font.Height = -11 Font.Name = 'Arial' Font.Style = [] ParentFont = False TabOrder = 2 OnClick = ButtonRegisterClick end object ButtonEvaluate: TButton Left = 312 Top = 249 Width = 105 Height = 25 Cancel = True Caption = 'Continue' ModalResult = 2 TabOrder = 3 end object bbPurchaseOnline: TBitBtn Left = 152 Top = 249 Width = 129 Height = 25 Caption = 'Purchase Online' Font.Charset = DEFAULT_CHARSET Font.Color = clBlack Font.Height = -11 Font.Name = 'Arial' Font.Style = [fsBold] ParentFont = False TabOrder = 4 OnClick = bbPurchaseOnlineClick end end 查看代码 =============== OnClick = ButtonRegisterClick ======================================== 0048FDFC 55 push ebp 0048FDFD 8BEC mov ebp, esp 0048FDFF B905000000 mov ecx, $00000005 0048FE04 6A00 push $00 0048FE06 6A00 push $00 0048FE08 49 dec ecx 0048FE09 75F9 jnz 0048FE04 0048FE0B 51 push ecx 0048FE0C 8955F8 mov [ebp-$08], edx 0048FE0F 8945FC mov [ebp-$04], eax 0048FE12 33C0 xor eax, eax 0048FE14 55 push ebp 0048FE15 688EFF4800 push $0048FF8E ***** TRY | 0048FE1A 64FF30 push dword ptr fs:[eax] 0048FE1D 648920 mov fs:[eax], esp 0048FE20 8D55F4 lea edx, [ebp-$0C] 0048FE23 8B45FC mov eax, [ebp-$04] * Possible Reference to Control 'EditLicense:TEdit' | 0048FE26 8B8010030000 mov eax, [eax+$0310] * Reference to: kernel32.@Controls@TControl@GetText$qqrv | 0048FE2C E8CF80F9FF call 00427F00 0048FE31 8B45F4 mov eax, [ebp-$0C] * Reference to: GDI32.@System@@LStrToPChar$qqrx17System@AnsiString | 0048FE34 E89F14F7FF call 004012D8 0048FE39 50 push eax 0048FE3A 8D55F0 lea edx, [ebp-$10] 0048FE3D 8B45FC mov eax, [ebp-$04] * Possible Reference to Control 'EditName:TEdit' | 0048FE40 8B800C030000 mov eax, [eax+$030C] * Reference to: kernel32.@Controls@TControl@GetText$qqrv | 0048FE46 E8B580F9FF call 00427F00 0048FE4B 8B45F0 mov eax, [ebp-$10] * Reference to: GDI32.@System@@LStrToPChar$qqrx17System@AnsiString | 0048FE4E E88514F7FF call 004012D8 0048FE53 50 push eax * Reference to: ntdll.RtlRestoreLastWin32Error | 0048FE54 E89FEBFFFF call 0048E9F8 0048FE59 84C0 test al, al 0048FE5B 743B jz 0048FE98 <===============TEST 0048FE5D 8D55EC lea edx, [ebp-$14] 0048FE60 8B45FC mov eax, [ebp-$04] * Possible Reference to Control 'EditLicense:TEdit' | 0048FE63 8B8010030000 mov eax, [eax+$0310] * Reference to: kernel32.@Controls@TControl@GetText$qqrv | 0048FE69 E89280F9FF call 00427F00 0048FE6E 8B45EC mov eax, [ebp-$14] * Reference to: GDI32.@System@@LStrToPChar$qqrx17System@AnsiString | 0048FE71 E86214F7FF call 004012D8 0048FE76 50 push eax 0048FE77 8D55E8 lea edx, [ebp-$18] 0048FE7A 8B45FC mov eax, [ebp-$04] * Possible Reference to Control 'EditName:TEdit' | 0048FE7D 8B800C030000 mov eax, [eax+$030C] * Reference to: kernel32.@Controls@TControl@GetText$qqrv | 0048FE83 E87880F9FF call 00427F00 0048FE88 8B45E8 mov eax, [ebp-$18] * Reference to: GDI32.@System@@LStrToPChar$qqrx17System@AnsiString | 0048FE8B E84814F7FF call 004012D8 0048FE90 50 push eax * Reference to: ntdll.RtlRestoreLastWin32Error | 0048FE91 E86AEBFFFF call 0048EA00 0048FE96 EB05 jmp 0048FE9D * Reference to: ntdll.RtlRestoreLastWin32Error | 0048FE98 E87BEBFFFF call 0048EA18 0048FE9D A16C2E5400 mov eax, dword ptr [$542E6C] 0048FEA2 8B00 mov eax, [eax] 0048FEA4 8B4024 mov eax, [eax+$24] 0048FEA7 50 push eax 0048FEA8 8B00 mov eax, [eax] 0048FEAA FF500C call dword ptr [eax+$0C] <== 只看到这个call 0048FEAD 84C0 test al, al <=================== TEST 0048FEAF 7552 jnz 0048FF03 <==== 改为 jmp 则提示注册成功 (只是提示信息哦) 0048FEB1 689CFF4800 push $0048FF9C 0048FEB6 689CFF4800 push $0048FF9C * Reference to: ntdll.RtlRestoreLastWin32Error | 0048FEBB E838EBFFFF call 0048E9F8 0048FEC0 8D4DE4 lea ecx, [ebp-$1C] 0048FEC3 A118335400 mov eax, dword ptr [$543318] 0048FEC8 8B00 mov eax, [eax] * Possible String Reference to: "Msg29" | 0048FECA BAA8FF4800 mov edx, $0048FFA8 0048FECF E82872FBFF call 004470FC 0048FED4 8B45E4 mov eax, [ebp-$1C] 0048FED7 BA30000400 mov edx, $00040030 0048FEDC E8FFC7F9FF call 0042C6E0 0048FEE1 33D2 xor edx, edx 0048FEE3 8B45FC mov eax, [ebp-$04] * Possible Reference to Control 'EditLicense:TEdit' | 0048FEE6 8B8010030000 mov eax, [eax+$0310] * Reference to: kernel32.@Controls@TControl@SetText$qqrx17System@AnsiString | 0048FEEC E81780F9FF call 00427F08 0048FEF1 33D2 xor edx, edx 0048FEF3 8B45FC mov eax, [ebp-$04] * Possible Reference to Control 'EditName:TEdit' | 0048FEF6 8B800C030000 mov eax, [eax+$030C] * Reference to: kernel32.@Controls@TControl@SetText$qqrx17System@AnsiString | 0048FEFC E80780F9FF call 00427F08 0048FF01 EB63 jmp 0048FF66 0048FF03 E858030900 call 00520260 0048FF08 A16C2E5400 mov eax, dword ptr [$542E6C] 0048FF0D 8B00 mov eax, [eax] 0048FF0F 8B400C mov eax, [eax+$0C] 0048FF12 E8790F0900 call 00520E90 0048FF17 8D45E0 lea eax, [ebp-$20] 0048FF1A 50 push eax 0048FF1B 8D4DDC lea ecx, [ebp-$24] 0048FF1E A118335400 mov eax, dword ptr [$543318] 0048FF23 8B00 mov eax, [eax] * Possible String Reference to: "Msg28" | 0048FF25 BAB8FF4800 mov edx, $0048FFB8 0048FF2A E8CD71FBFF call 004470FC 0048FF2F 8B45DC mov eax, [ebp-$24] 0048FF32 50 push eax 0048FF33 A178315400 mov eax, dword ptr [$543178] 0048FF38 8B00 mov eax, [eax] 0048FF3A 8945D4 mov [ebp-$2C], eax 0048FF3D C645D80B mov byte ptr [ebp-$28], $0B 0048FF41 8D55D4 lea edx, [ebp-$2C] 0048FF44 33C9 xor ecx, ecx 0048FF46 58 pop eax * Reference to: kernel32.@Sysutils@Format$qqrx17System@AnsiStringpx14System@TVarRecxi | 0048FF47 E85475F9FF call 004274A0 0048FF4C 8B45E0 mov eax, [ebp-$20] 0048FF4F BA40000400 mov edx, $00040040 0048FF54 E887C7F9FF call 0042C6E0 0048FF59 8B45FC mov eax, [ebp-$04] 0048FF5C C7804C02000001000000 mov dword ptr [eax+$024C], $00000001 0048FF66 33C0 xor eax, eax 0048FF68 5A pop edx 0048FF69 59 pop ecx 0048FF6A 59 pop ecx 0048FF6B 648910 mov fs:[eax], edx ****** FINALLY | * Possible String Reference to: "?]? | 0048FF6E 6895FF4800 push $0048FF95 0048FF73 8D45DC lea eax, [ebp-$24] 0048FF76 BA03000000 mov edx, $00000003 * Reference to: GDI32.@System@@LStrArrayClr$qqrpvi | 0048FF7B E8D812F7FF call 00401258 0048FF80 8D45E8 lea eax, [ebp-$18] 0048FF83 BA04000000 mov edx, $00000004 * Reference to: GDI32.@System@@LStrArrayClr$qqrpvi | 0048FF88 E8CB12F7FF call 00401258 0048FF8D C3 ret 0048FF8E E95D12F7FF jmp 004011F0 0048FF93 EBDE jmp 0048FF73 ****** END | 0048FF95 8BE5 mov esp, ebp 0048FF97 5D pop ebp 0048FF98 C3 ret 小结: ****** Reference to: ntdll.RtlRestoreLastWin32Error | 0048FE98 E87BEBFFFF call 0048EA18 0048FE9D A16C2E5400 mov eax, dword ptr [$542E6C] 0048FEA2 8B00 mov eax, [eax] 0048FEA4 8B4024 mov eax, [eax+$24] 0048FEA7 50 push eax 0048FEA8 8B00 mov eax, [eax] 0048FEAA FF500C call dword ptr [eax+$0C] <== 只看到这个call 0048FEAD 84C0 test al, al <=================== TEST 0048FEAF 7552 jnz 0048FF03 <==== 改为 jmp 则提示注册成功(只是有提示筐而已啦) 0048FEB1 689CFF4800 push $0048FF9C 0048FEB6 689CFF4800 push $0048FF9C 并且写注册表 [HKEY_LOCAL_MACHINE\SOFTWARE\PCTools\Live Update\Subscription] "sd"=hex:05,76,61,6c,69,64,b4,16,86,00,5c,0f,06,01,f6,1b,53,00,fe,1b,53,00,00,\ 00,00,00,00,00,00,00,00,00,00,00 问题是不知道程序 call dword ptr [eax+$0C] 进哪里了????? |
|
|
|
是Armadillo的早期版本吗?
最初由 fly 发布 最初由 hunter_boy 发布 我的确是这样脱的,也该了名字,可以使用 但我的问题是OD仍然不能调试程序呢,在OD下一运行OD就无响应了 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值