我没学多久软件破解,今天找了个软件练手,发现ASProtect 2.1壳。利用ESP成功脱壳后,软件运行正常。
随后进行爆破,成功爆破后,运行软件进行注册,随便输入注册码,提示“注册成功”,点确定关闭“成功注册的提示窗口”,但是软件标题栏仍然显示“未注册”,帮助菜单里“关于软件信息”显示“注册给:”空"。重启软件后仍然显示“未注册”。谁有这方面类似的破解经验,分享一下!感激。
爆破位置代码:
00B8E0EF |. 55 push ebp
00B8E0F0 |. 68 88E3B800 push POB.00B8E388
00B8E0F5 |. 64:FF30 push dword ptr fs:[eax]
00B8E0F8 |. 64:8920 mov dword ptr fs:[eax],esp
00B8E0FB |. 8D45 F4 lea eax,[local.3]
00B8E0FE |. E8 397587FF call POB.0040563C
00B8E103 |. 8D45 F0 lea eax,[local.4]
00B8E106 |. 8B55 FC mov edx,[local.1]
00B8E109 |. E8 C67587FF call POB.004056D4
00B8E10E |. 33DB xor ebx,ebx
00B8E110 |. 8D45 EC lea eax,[local.5]
00B8E113 |. 50 push eax
00B8E114 |. 8D4D F0 lea ecx,[local.4]
00B8E117 |. 8D55 F4 lea edx,[local.3]
00B8E11A |. A1 DC09C000 mov eax,dword ptr ds:[C009DC]
00B8E11F |. 8B00 mov eax,dword ptr ds:[eax]
00B8E121 |. E8 521AFBFF call POB.00B3FB78
00B8E126 |. 84C0 test al,al
00B8E128 |. 0F84 95000000 je POB.00B8E1C3
00B8E12E |. A1 DC09C000 mov eax,dword ptr ds:[C009DC]
00B8E133 |. 8B00 mov eax,dword ptr ds:[eax]
00B8E135 |. C680 C40E0000>mov byte ptr ds:[eax+EC4],1
00B8E13C |. A1 DC09C000 mov eax,dword ptr ds:[C009DC]
00B8E141 |. 8B00 mov eax,dword ptr ds:[eax]
00B8E143 |. 05 C80E0000 add eax,0EC8
00B8E148 |. 8B55 F4 mov edx,[local.3]
00B8E14B |. E8 407587FF call POB.00405690
00B8E150 |. A1 DC09C000 mov eax,dword ptr ds:[C009DC]
00B8E155 |. 8B00 mov eax,dword ptr ds:[eax]
00B8E157 |. 05 CC0E0000 add eax,0ECC
00B8E15C |. 8B55 F0 mov edx,[local.4]
00B8E15F |. E8 2C7587FF call POB.00405690
00B8E164 |. 807D FB 00 cmp byte ptr ss:[ebp-5],0
00B8E168 |. 74 14 je short POB.00B8E17E
00B8E16A |. A1 DC09C000 mov eax,dword ptr ds:[C009DC]
00B8E16F |. 8B00 mov eax,dword ptr ds:[eax]
00B8E171 |. 8B4D FC mov ecx,[local.1]
00B8E174 |. 8B55 F4 mov edx,[local.3]
00B8E177 |. E8 1C1AFBFF call POB.00B3FB98
00B8E17C |. EB 12 jmp short POB.00B8E190
00B8E17E |> A1 DC09C000 mov eax,dword ptr ds:[C009DC]
00B8E183 |. 8B00 mov eax,dword ptr ds:[eax]
00B8E185 |. 8B4D F0 mov ecx,[local.4]
00B8E188 |. 8B55 F4 mov edx,[local.3]
00B8E18B |. E8 081AFBFF call POB.00B3FB98
00B8E190 |> 6A 40 push 40
00B8E192 |. 8D55 E8 lea edx,[local.6]
00B8E195 |. A1 DC09C000 mov eax,dword ptr ds:[C009DC]
00B8E19A |. 8B00 mov eax,dword ptr ds:[eax]
00B8E19C |. E8 9B0CFCFF call POB.00B4EE3C
00B8E1A1 |. 8B45 E8 mov eax,[local.6]
00B8E1A4 |. E8 7F7987FF call POB.00405B28
00B8E1A9 |. 8BC8 mov ecx,eax
00B8E1AB |. BA 98E3B800 mov edx,POB.00B8E398 ; ASCII "Thank you for registering!"
00B8E1B0 |. A1 C815C000 mov eax,dword ptr ds:[C015C8]
00B8E1B5 |. 8B00 mov eax,dword ptr ds:[eax]
00B8E1B7 |. E8 F82992FF call POB.004B0BB4
00B8E1BC |. B3 01 mov bl,1
00B8E1BE |. E9 A2010000 jmp POB.00B8E365
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课