日前碰到一个工程预算软件,感觉不错,是VFP程序,ROCKY狗,未加壳,反编译后发现是调用ROCKY DLL实现加密的
......
DECLARE INTEGER Rockey IN RYDLL32.dll INTEGER , INTEGER @ , LONG @ , LONG @ , INTEGER @ , ;
INTEGER @ , INTEGER @ , INTEGER @ , STRING @
......
分析代码,很容易找到判断狗狗的代码及跳转
CL_ERRTXT = '您的加密狗有问题!!! ......)'
NDOS = WROWS('imis')
IF NDOS < 30
GD_SIZE = 9
ENDIF
USE (CDK)
STORE 0 TO LP1 , LP2 , HANDLE
STORE '' TO BUFFER
RETCODE = ROCKEY(RY_FIND,@HANDLE,@LP1,@LP2,@P1,@P2,@P3,@P4,@BUFFER)
TEST_JM = IIF(RETCODE <> 0,.F.,.T.)
CP_JMG = ''
IF TEST_JM
RETCODE = ROCKEY(RY_OPEN,@HANDLE,@LP1,@LP2,@P1,@P2,@P3,@P4,@BUFFER)
TEST_JM = IIF(RETCODE <> 0,.F.,.T.)
IF TEST_JM
P1 = 0
P2 = 20
BUFFER = ' '
RETCODE = ROCKEY(RY_READ,@HANDLE,@LP1,@LP2,@P1,@P2,@P3,@P4,@BUFFER)
TEST_JM = IIF(RETCODE <> 0,.F.,.T.)
IF TEST_JM
CP_JMG = BUFFER
ENDIF
ENDIF
ENDIF
IF TEST_JM ★★★★是否有狗★★★★
DIMENSION A_TMP( 4 ) , B_TMP( 4 )
FOR II_M = 1 TO 4
RETCODE = ROCKEY(RY_RANDOM,@HANDLE,@LP1,@LP2,@P1,@P2,@P3,@P4,@BUFFER)
XX_M = ALLTRIM(STR(P1,5))
A_TMP( II_M ) = IIF(LEN(XX_M) > 3,VAL(LEFT(XX_M,3)),VAL(XX_M))
ENDFOR
LP1 = 0
LP2 = 7
P1 = A_TMP(1)
P2 = A_TMP(2)
P3 = A_TMP(3)
P4 = A_TMP(4)
RETCODE = ROCKEY(RY_CALCULATE2,@HANDLE,@LP1,@LP2,@P1,@P2,@P3,@P4,@BUFFER)
IF (RETCODE <> 0)
messagebox(&etsbl_m,48,'警告')
QUIT
ELSE
NO_M = 0
ON ERROR no_m=10
FOR II_M = 1 TO 4
II_C = STR(II_M,1)
if p&ii_c>32768
p&ii_c=p&ii_c-65536
ENDIF
ENDFOR
B_TMP( 1 ) = P1 - P3 + P4 - P2 - 63
B_TMP( 2 ) = P4 - P2 - 56
B_TMP( 3 ) = P3 + 7
B_TMP( 4 ) = P4 - P1
IF NO_M = 10
messagebox(&etsbl_m,48,'警告')
QUIT
ELSE
IF .NOT. (A_TMP(1) = B_TMP(1) AND A_TMP(2) = B_TMP(2) AND A_TMP(3) = B_TMP(3) AND ;
A_TMP(4) = B_TMP(4))
messagebox(&etsbl_m,48,'警告')
QUIT
ENDIF
ENDIF
......
如何直接在可执行程序中修改跳转代码?有无专业工具?求指点!!!!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课