能力值:
( LV2,RANK:10 )
3 楼
直接爆破 许可服务通过了,但主程序ECC后还是不接受修改的LIC,
这是××××.EXE 的 l_pubkey_verify 值 , 小弟看不懂,不知改那个值跳转。
00A357D6 E8915F0800 call 00ABB76C
:00A357DB 83C40C add esp, 0000000C
:00A357DE 8BE5 mov esp, ebp
:00A357E0 5D pop ebp
:00A357E1 C3 ret :00A357E2 55 push ebp
:00A357E3 8BEC mov ebp, esp
:00A357E5 81ECC0030000 sub esp, 000003C0
* Possible StringData Ref from Data Obj ->"Generating header files lmpubkey.h, "
->"lmprikey.h
"
|
:00A357EB 68602BE000 push 00E02B60
:00A357F0 E8BB90FAFF call 009DE8B0
:00A357F5 83C404 add esp, 00000004
:00A357F8 8B4518 mov eax, dword ptr [ebp+18]
:00A357FB 50 push eax
* Possible StringData Ref from Data Obj ->"%slmprikey.h"
|
:00A357FC 68902BE000 push 00E02B90
:00A35801 8D8D80FCFFFF lea ecx, dword ptr [ebp+FFFFFC80]
:00A35807 51 push ecx
:00A35808 FF156417C500 call dword ptr [00C51764]
:00A3580E 83C40C add esp, 0000000C
* Possible StringData Ref from Data Obj ->"ww"
|
:00A35811 68A02BE000 push 00E02BA0
:00A35816 8D9580FCFFFF lea edx, dword ptr [ebp+FFFFFC80]
:00A3581C 52 push edx
:00A3581D FF155817C500 call dword ptr [00C51758]
:00A35823 83C408 add esp, 00000008
:00A35826 898568FCFFFF mov dword ptr [ebp+FFFFFC68], eax
:00A3582C 83BD68FCFFFF00 cmp dword ptr [ebp+FFFFFC68], 00000000
:00A35833 7516 jne 00A3584B
* Possible StringData Ref from Data Obj ->"Can't open lmprikey.h for writing, "
->"exiting
"
|
:00A35835 68A42BE000 push 00E02BA4
:00A3583A FF159C16C500 call dword ptr [00C5169C]
:00A35840 83C404 add esp, 00000004
:00A35843 6A01 push 00000001
:00A35845 FF154015C500 call dword ptr [00C51540]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00A35833(C)
|
:00A3584B 837D1C00 cmp dword ptr [ebp+1C], 00000000
:00A3584F 7453 je 00A358A4
:00A35851 8B4518 mov eax, dword ptr [ebp+18]
:00A35854 50 push eax
* Possible StringData Ref from Data Obj ->"%slmpubkey.h"
|
:00A35855 68D02BE000 push 00E02BD0
:00A3585A 8D8D80FCFFFF lea ecx, dword ptr [ebp+FFFFFC80]
:00A35860 51 push ecx
:00A35861 FF156417C500 call dword ptr [00C51764]
:00A35867 83C40C add esp, 0000000C
* Possible StringData Ref from Data Obj ->"ww"
|
:00A3586A 68E02BE000 push 00E02BE0
:00A3586F 8D9580FCFFFF lea edx, dword ptr [ebp+FFFFFC80]
:00A35875 52 push edx
:00A35876 FF155817C500 call dword ptr [00C51758]
:00A3587C 83C408 add esp, 00000008
:00A3587F 898580FDFFFF mov dword ptr [ebp+FFFFFD80], eax
:00A35885 83BD80FDFFFF00 cmp dword ptr [ebp+FFFFFD80], 00000000
:00A3588C 7516 jne 00A358A4
* Possible StringData Ref from Data Obj ->"Can't open lmpubkey.h for writing, "
->"exiting
"
|
:00A3588E 68E42BE000 push 00E02BE4
:00A35893 FF159C16C500 call dword ptr [00C5169C]
:00A35899 83C404 add esp, 00000004
:00A3589C 6A01 push 00000001
:00A3589E FF154015C500 call dword ptr [00C51540]
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00A3584F(C), :00A3588C(C)
|
:00A358A4 837D0C02 cmp dword ptr [ebp+0C], 00000002
:00A358A8 0F8D98000000 jnl 00A35946
:00A358AE 837D1C00 cmp dword ptr [ebp+1C], 00000000
:00A358B2 743E je 00A358F2
* Possible StringData Ref from Data Obj ->"#define LM_KEY_CALLBACK 0
"
|
:00A358B4 68102CE000 push 00E02C10
:00A358B9 8B8580FDFFFF mov eax, dword ptr [ebp+FFFFFD80]
:00A358BF 50 push eax
:00A358C0 FF156017C500 call dword ptr [00C51760]
:00A358C6 83C408 add esp, 00000008
:00A358C9 6A28 push 00000028
:00A358CB 6A03 push 00000003
:00A358CD 8B4D18 mov ecx, dword ptr [ebp+18]
:00A358D0 51 push ecx
:00A358D1 6A03 push 00000003
:00A358D3 6A04 push 00000004
:00A358D5 8B5518 mov edx, dword ptr [ebp+18]
:00A358D8 52 push edx
:00A358D9 8B4518 mov eax, dword ptr [ebp+18]
:00A358DC 50 push eax
* Possible StringData Ref from Data Obj ->"
static int %sl_pubseedcnt "
->"= 0;
static int "
->"%slm_pubsize[%d][%d] = {{0}}; "
->"
static unsigned "
->"char %slm_pubkey[1][%d][%d] = "
->"{{{0}}};
"
|
:00A358DD 682C2CE000 push 00E02C2C
:00A358E2 8B8D80FDFFFF mov ecx, dword ptr [ebp+FFFFFD80]
:00A358E8 51 push ecx
:00A358E9 FF156017C500 call dword ptr [00C51760]
:00A358EF 83C424 add esp, 00000024
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00A358B2(C)
|
:00A358F2 6A28 push 00000028
:00A358F4 6A03 push 00000003
:00A358F6 8B5518 mov edx, dword ptr [ebp+18]
:00A358F9 52 push edx
:00A358FA 6A03 push 00000003
:00A358FC 6A04 push 00000004
:00A358FE 8B4518 mov eax, dword ptr [ebp+18]
:00A35901 50 push eax
:00A35902 8B4D18 mov ecx, dword ptr [ebp+18]
:00A35905 51 push ecx
* Possible StringData Ref from Data Obj ->"#include "lmclient.h"
lm_extern "
->"int *l_prikey_sign(void); "
->"
static int %sl_priseedcnt "
->"= 0;
static int %slm_prisize[%d][%"
->"d] = {{0}};
static "
->"unsigned char %slm_prikey[1][%d][%d] "
->"= {{{0}}};
"
|
:00A35906 68E02CE000 push 00E02CE0
:00A3590B 8B9568FCFFFF mov edx, dword ptr [ebp+FFFFFC68]
:00A35911 52 push edx
:00A35912 FF156017C500 call dword ptr [00C51760]
:00A35918 83C424 add esp, 00000024
:00A3591B 837D1C00 cmp dword ptr [ebp+1C], 00000000
:00A3591F 7410 je 00A35931
:00A35921 8B8580FDFFFF mov eax, dword ptr [ebp+FFFFFD80]
:00A35927 50 push eax
:00A35928 FF155417C500 call dword ptr [00C51754]
:00A3592E 83C404 add esp, 00000004
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00A3591F(C)
|
:00A35931 8B8D68FCFFFF mov ecx, dword ptr [ebp+FFFFFC68]
:00A35937 51 push ecx
:00A35938 FF155417C500 call dword ptr [00C51754]
:00A3593E 83C404 add esp, 00000004
:00A35941 E9F4060000 jmp 00A3603A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00A358A8(C)
|
:00A35946 C7857CFCFFFF00000000 mov dword ptr [ebp+FFFFFC7C], 00000000
:00A35950 EB0F jmp 00A35961
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00A35973(U)
|
:00A35952 8B957CFCFFFF mov edx, dword ptr [ebp+FFFFFC7C]
:00A35958 83C201 add edx, 00000001
:00A3595B 89957CFCFFFF mov dword ptr [ebp+FFFFFC7C], edx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00A35950(U)
|
:00A35961 8B857CFCFFFF mov eax, dword ptr [ebp+FFFFFC7C]
:00A35967 6BC00C imul eax, 0000000C
:00A3596A 8B4D08 mov ecx, dword ptr [ebp+08]
:00A3596D 833C0100 cmp dword ptr [ecx+eax], 00000000
:00A35971 7402 je 00A35975
:00A35973 EBDD jmp 00A35952
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00A35971(C)
|
:00A35975 837D1C00 cmp dword ptr [ebp+1C], 00000000
:00A35979 742F je 00A359AA
:00A3597B 6A28 push 00000028
:00A3597D 6A03 push 00000003
:00A3597F 8B957CFCFFFF mov edx, dword ptr [ebp+FFFFFC7C]
:00A35985 52 push edx
:00A35986 8B4518 mov eax, dword ptr [ebp+18]
:00A35989 50 push eax
:00A3598A 8B8D7CFCFFFF mov ecx, dword ptr [ebp+FFFFFC7C]
:00A35990 51 push ecx
:00A35991 8B5518 mov edx, dword ptr [ebp+18]
:00A35994 52 push edx
* Possible StringData Ref from Data Obj ->"
#include "lmclient.h" "
->"
#define LM_PUBLIC_KEY "
->"
#define LM_KEY_CALLBACK "
->"l_pubkey_verify
lm_extern "
->"int l_pubkey_verify(); "
->"
static int %sl_pubseedcnt "
->"= %d;
static unsigned "
->"char %slm_pubkey[%d][%d][%d] = "
->"{"
|
:00A35995 68C42DE000 push 00E02DC4
:00A3599A 8B8580FDFFFF mov eax, dword ptr [ebp+FFFFFD80]
:00A359A0 50 push eax
:00A359A1 FF156017C500 call dword ptr [00C51760]
:00A359A7 83C420 add esp, 00000020
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00A35979(C)
|
:00A359AA 6A28 push 00000028
:00A359AC 6A03 push 00000003
:00A359AE 8B8D7CFCFFFF mov ecx, dword ptr [ebp+FFFFFC7C]
:00A359B4 51 push ecx
:00A359B5 8B5518 mov edx, dword ptr [ebp+18]
:00A359B8 52 push edx
:00A359B9 8B857CFCFFFF mov eax, dword ptr [ebp+FFFFFC7C]
:00A359BF 50 push eax
:00A359C0 8B4D18 mov ecx, dword ptr [ebp+18]
:00A359C3 51 push ecx
* Possible StringData Ref from Data Obj ->"#include "lmclient.h"
lm_extern "
->"int *l_prikey_sign(void); "
->"
static int %sl_priseedcnt "
->"= %d;
static unsigned "
->"char %slm_prikey[%d][%d][%d] = "
->"{"
|
:00A359C4 68D42EE000 push 00E02ED4
:00A359C9 8B9568FCFFFF mov edx, dword ptr [ebp+FFFFFC68]
:00A359CF 52 push edx
:00A359D0 FF156017C500 call dword ptr [00C51760]
:00A359D6 83C420 add esp, 00000020
:00A359D9 687C020000 push 0000027C
:00A359DE 6A00 push 00000000
:00A359E0 8D8584FDFFFF lea eax, dword ptr [ebp+FFFFFD84]
:00A359E6 50 push eax
:00A359E7 E8505D0800 call 00ABB73C
:00A359EC 83C40C add esp, 0000000C
:00A359EF 687C020000 push 0000027C
:00A359F4 6A00 push 00000000
:00A359F6 8B4D10 mov ecx, dword ptr [ebp+10]
:00A359F9 51 push ecx
:00A359FA E83D5D0800 call 00ABB73C
:00A359FF 83C40C add esp, 0000000C
:00A35A02 C7856CFCFFFF00000000 mov dword ptr [ebp+FFFFFC6C], 00000000
:00A35A0C EB0F jmp 00A35A1D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00A35DAB(U)
|
:00A35A0E 8B956CFCFFFF mov edx, dword ptr [ebp+FFFFFC6C]
:00A35A14 83C201 add edx, 00000001
:00A35A17 89956CFCFFFF mov dword ptr [ebp+FFFFFC6C], edx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00A35A0C(U)
|
:00A35A1D 8B856CFCFFFF mov eax, dword ptr [ebp+FFFFFC6C]
:00A35A23 6BC00C imul eax, 0000000C
:00A35A26 8B4D08 mov ecx, dword ptr [ebp+08]
:00A35A29 833C0100 cmp dword ptr [ecx+eax], 00000000
:00A35A2D 0F847D030000 je 00A35DB0
:00A35A33 8B956CFCFFFF mov edx, dword ptr [ebp+FFFFFC6C]
:00A35A39 6BD20C imul edx, 0000000C
:00A35A3C 8B4508 mov eax, dword ptr [ebp+08]
:00A35A3F 03C2 add eax, edx
:00A35A41 898574FCFFFF mov dword ptr [ebp+FFFFFC74], eax
:00A35A47 837D1C00 cmp dword ptr [ebp+1C], 00000000
:00A35A4B 743B je 00A35A88
:00A35A4D 83BD6CFCFFFF00 cmp dword ptr [ebp+FFFFFC6C], 00000000
:00A35A54 740C je 00A35A62
* Possible StringData Ref from Data Obj ->",
"
|
:00A35A56 C78564FCFFFF742FE000 mov dword ptr [ebp+FFFFFC64], 00E02F74
:00A35A60 EB0A jmp 00A35A6C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00A35A54(C)
|
:00A35A62 C78564FCFFFFC08FE200 mov dword ptr [ebp+FFFFFC64], 00E28FC0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00A35A60(U)
|
:00A35A6C 8B8D64FCFFFF mov ecx, dword ptr [ebp+FFFFFC64]
:00A35A72 51 push ecx