-
-
[原创]菜鸟找算法 还真给蒙出来了
-
发表于:
2010-9-8 20:46
7939
-
初学破解,前几天都是弄弄暴破追追注册码什么的,总看那些大牛的算法分析很是膜拜。。。
今天终于下定决心研究研究算法(去网上找了一个目标软件小点代码好看的^_^),哈哈还没想到自己不太懂汇编代码,还能蒙出算法。
说说咱菜鸟的方法,那肯定是先查找字符串了,发现有错误提示信息(注册码错误的提示框),嘿嘿有这个就好办了,超级字符串查找找到错误信息后双击错误信息来到汇编代码窗口,看HEX数据左边有一条粗黑线往上找到头就在那里 00475E3C 下断点,以下是一些要看的代码。90% 看不懂==!
目标程序下载地址:http://www.duote.com/soft/21382.html
-----------这里是断点的位置---------------------------
00475E3C /. 55 PUSH EBP
00475E3D |. 8BEC MOV EBP,ESP
00475E3F |. 83C4 F8 ADD ESP,-8
00475E42 |. 53 PUSH EBX
00475E43 |. 56 PUSH ESI
00475E44 |. 33C9 XOR ECX,ECX
00475E46 |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
00475E49 |. 8BD8 MOV EBX,EAX
00475E4B |. 33C0 XOR EAX,EAX
00475E4D |. 55 PUSH EBP
00475E4E |. 68 405F4700 PUSH QQTelesc.00475F40
00475E53 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
00475E56 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00475E59 |. A1 C8DC4E00 MOV EAX,DWORD PTR DS:[4EDCC8]
00475E5E |. 8B48 0C MOV ECX,DWORD PTR DS:[EAX+C]
00475E61 |. B2 01 MOV DL,1
00475E63 |. A1 08304700 MOV EAX,DWORD PTR DS:[473008]
00475E68 |. E8 4BD2FFFF CALL QQTelesc.004730B8
00475E6D |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX ; T0G
00475E70 |. 33C0 XOR EAX,EAX ; eax 0
00475E72 |. 55 PUSH EBP
00475E73 |. 68 235F4700 PUSH QQTelesc.00475F23
00475E78 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
00475E7B |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00475E7E |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
00475E81 |. 8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
00475E87 |. E8 3834FDFF CALL QQTelesc.004492C4
00475E8C |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 假注册码
00475E8F |. 50 PUSH EAX ; 假注册码 入栈
00475E90 |. B9 585F4700 MOV ECX,QQTelesc.00475F58 ; 注册码
00475E95 |. BA 685F4700 MOV EDX,QQTelesc.00475F68 ; 信息
00475E9A |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; SS:[EBP-4] T0G
00475E9D |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
00475E9F |. FF56 04 CALL DWORD PTR DS:[ESI+4]
00475EA2 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00475EA5 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
00475EA7 |. FF52 54 CALL DWORD PTR DS:[EDX+54]
00475EAA |. A1 C8DC4E00 MOV EAX,DWORD PTR DS:[4EDCC8]
00475EAF |. E8 74F8FFFF CALL QQTelesc.00475728 ; F7进去 找了半天 这是才是关键(菜鸟笨啊)
00475EB4 |. 84C0 TEST AL,AL
00475EB6 |. 74 1A JE SHORT QQTelesc.00475ED2
00475EB8 |. B9 785F4700 MOV ECX,QQTelesc.00475F78 ; 提示
00475EBD |. 33D2 XOR EDX,EDX
00475EBF |. B8 885F4700 MOV EAX,QQTelesc.00475F88 ; 注册成功!
00475EC4 |. E8 ABF0FFFF CALL QQTelesc.00474F74
00475EC9 |. 8BC3 MOV EAX,EBX
00475ECB |. E8 400EFFFF CALL QQTelesc.00466D10
00475ED0 |. EB 3B JMP SHORT QQTelesc.00475F0D
00475ED2 |> 6A 00 PUSH 0
00475ED4 |. B9 585F4700 MOV ECX,QQTelesc.00475F58 ; 注册码
00475ED9 |. BA 685F4700 MOV EDX,QQTelesc.00475F68 ; 信息
00475EDE |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00475EE1 |. 8B30 MOV ESI,DWORD PTR DS:[EAX]
00475EE3 |. FF56 04 CALL DWORD PTR DS:[ESI+4]
00475EE6 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00475EE9 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
00475EEB |. FF52 54 CALL DWORD PTR DS:[EDX+54]
00475EEE |. B9 785F4700 MOV ECX,QQTelesc.00475F78 ; 提示
00475EF3 |. 33D2 XOR EDX,EDX
00475EF5 |. B8 9C5F4700 MOV EAX,QQTelesc.00475F9C ; 注册失败,请填写正确的注册码!
00475EFA |. E8 75F0FFFF CALL QQTelesc.00474F74
00475EFF |. 8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
00475F05 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
00475F07 |. FF92 C0000000 CALL DWORD PTR DS:[EDX+C0]
00475F0D |> 33C0 XOR EAX,EAX
00475F0F |. 5A POP EDX
00475F10 |. 59 POP ECX
00475F11 |. 59 POP ECX
00475F12 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
00475F15 |. 68 2A5F4700 PUSH QQTelesc.00475F2A
00475F1A |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00475F1D |. E8 BAD8F8FF CALL QQTelesc.004037DC
00475F22 \. C3 RETN
00475728 /$ 55 PUSH EBP
00475729 |. 8BEC MOV EBP,ESP
0047572B |. 6A 00 PUSH 0
0047572D |. 6A 00 PUSH 0
0047572F |. 6A 00 PUSH 0
00475731 |. 53 PUSH EBX
00475732 |. 56 PUSH ESI
00475733 |. 57 PUSH EDI
00475734 |. 8BD8 MOV EBX,EAX
00475736 |. 33C0 XOR EAX,EAX
00475738 |. 55 PUSH EBP
00475739 |. 68 B7574700 PUSH QQTelesc.004757B7
0047573E |. 64:FF30 PUSH DWORD PTR FS:[EAX]
00475741 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00475744 |. 8B4B 0C MOV ECX,DWORD PTR DS:[EBX+C]
00475747 |. B2 01 MOV DL,1
00475749 |. A1 08304700 MOV EAX,DWORD PTR DS:[473008]
0047574E |. E8 65D9FFFF CALL QQTelesc.004730B8
00475753 |. 8BF0 MOV ESI,EAX
00475755 |. 6A 00 PUSH 0
00475757 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0047575A |. 50 PUSH EAX
0047575B |. B9 D0574700 MOV ECX,QQTelesc.004757D0 ; 注册码
00475760 |. BA E0574700 MOV EDX,QQTelesc.004757E0 ; 信息
00475765 |. 8BC6 MOV EAX,ESI
00475767 |. 8B38 MOV EDI,DWORD PTR DS:[EAX]
00475769 |. FF17 CALL DWORD PTR DS:[EDI]
0047576B |. 8BC6 MOV EAX,ESI
0047576D |. E8 6AE0F8FF CALL QQTelesc.004037DC
00475772 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
00475775 |. 8BC3 MOV EAX,EBX
00475777 |. E8 B4FEFFFF CALL QQTelesc.00475630
0047577C |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; QQWYJ9VMF4Z15 机器码
0047577F |. E8 E0F3FFFF CALL QQTelesc.00474B64
00475784 |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
00475787 |. E8 B436F9FF CALL QQTelesc.00408E40 ; F7进去 把机器码转换为注册码
0047578C |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; 219105 这里是上面call计算后的真实注册码
0047578F |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 假码
00475792 |. E8 CDF1F8FF CALL QQTelesc.00404964
00475797 |. 0F94C0 SETE AL
0047579A |. 8BD8 MOV EBX,EAX
0047579C |. 33C0 XOR EAX,EAX
0047579E |. 5A POP EDX
0047579F |. 59 POP ECX
004757A0 |. 59 POP ECX
004757A1 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004757A4 |. 68 BE574700 PUSH QQTelesc.004757BE
004757A9 |> 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004757AC |. BA 03000000 MOV EDX,3
004757B1 |. E8 D6EDF8FF CALL QQTelesc.0040458C
004757B6 \. C3 RETN
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
