[求助]关于一个无壳软件的crack-付费问答-看雪-安全社区|安全招聘|kanxue.com

最新回复 (11)
淡定华丽雪币： 30 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 25 粉丝 0 关注私信	淡定华丽 2 楼因为是用手机发的帖，所以没能附上下载地址和部分源码。如果需要待会附上 2012-5-5 10:22 0
淡定华丽雪币： 30 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 25 粉丝 0 关注私信	淡定华丽 3 楼没人么？？？？大虾过来帮我看看啊 2012-5-5 12:20 0
heiheiabcd 雪币： 446 活跃值： (186) 能力值： ( LV12，RANK：230 ) 在线值：发帖 21 回帖 129 粉丝 2 关注私信	heiheiabcd 4 4 楼程序通过网络验证，只需改动一个重要跳转就行了，我成功注册了，虽然是暴力破解的，吾也是新手，就想找找程序练练 2012-5-5 12:39 0
淡定华丽雪币： 30 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 25 粉丝 0 关注私信	淡定华丽 5 楼晕，看来是我功夫烂到家了，连关键跳转都找不着，你能说说具体在哪么？先谢谢了 2012-5-5 15:44 0
heiheiabcd 雪币： 446 活跃值： (186) 能力值： ( LV12，RANK：230 ) 在线值：发帖 21 回帖 129 粉丝 2 关注私信	heiheiabcd 4 6 楼我新手，只是碰巧了而已，我不会分析，只是说下我是怎么做的，下MessageBoxW断点，返回三次后来到下面 00425160 . 55 PUSH EBP 00425161 . 8BEC MOV EBP,ESP 00425163 . 83E4 F8 AND ESP,FFFFFFF8 00425166 . 6A FF PUSH -1 00425168 . 68 487E4800 PUSH locoytra.00487E48 0042516D . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 00425173 . 50 PUSH EAX 00425174 . 83EC 28 SUB ESP,28 00425177 . 55 PUSH EBP 00425178 . 56 PUSH ESI 00425179 . 57 PUSH EDI 0042517A . A1 70984A00 MOV EAX,DWORD PTR DS:[4A9870] 0042517F . 33C4 XOR EAX,ESP 00425181 . 50 PUSH EAX 00425182 . 8D4424 38 LEA EAX,DWORD PTR SS:[ESP+38] 00425186 . 64:A3 0000000>MOV DWORD PTR FS:[0],EAX 0042518C . 8BF1 MOV ESI,ECX 0042518E . 6A 01 PUSH 1 00425190 . E8 92060200 CALL locoytra.00445827 00425195 . 8B46 74 MOV EAX,DWORD PTR DS:[ESI+74] 00425198 . 50 PUSH EAX 00425199 . 8B46 78 MOV EAX,DWORD PTR DS:[ESI+78] 0042519C . 51 PUSH ECX 0042519D . 83E8 10 SUB EAX,10 004251A0 . 896424 1C MOV DWORD PTR SS:[ESP+1C],ESP 004251A4 . 8BFC MOV EDI,ESP 004251A6 . 50 PUSH EAX 004251A7 . E8 C4D2FDFF CALL locoytra.00402470 004251AC . 83C4 04 ADD ESP,4 004251AF . 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24] 004251B3 . 83C0 10 ADD EAX,10 004251B6 . 51 PUSH ECX 004251B7 . 8907 MOV DWORD PTR DS:[EDI],EAX 004251B9 . E8 82D1FFFF CALL locoytra.00422340 004251BE . C74424 40 000>MOV DWORD PTR SS:[ESP+40],0 004251C6 . E8 49D00100 CALL locoytra.00442214 004251CB . 33C9 XOR ECX,ECX 004251CD . 85C0 TEST EAX,EAX 004251CF . 0F95C1 SETNE CL 004251D2 . 85C9 TEST ECX,ECX 004251D4 . 75 0A JNZ SHORT locoytra.004251E0 004251D6 . 68 05400080 PUSH 80004005 004251DB . E8 E0D6FDFF CALL locoytra.004028C0 004251E0 > 8B10 MOV EDX,DWORD PTR DS:[EAX] 004251E2 . 8BC8 MOV ECX,EAX 004251E4 . 8B42 0C MOV EAX,DWORD PTR DS:[EDX+C] 004251E7 . FFD0 CALL EAX 004251E9 . 83C0 10 ADD EAX,10 004251EC . 894424 10 MOV DWORD PTR SS:[ESP+10],EAX 004251F0 . 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10] 004251F4 . 8DAE 10070000 LEA EBP,DWORD PTR DS:[ESI+710] 004251FA . 51 PUSH ECX ; /Arg1 004251FB . 8BCD MOV ECX,EBP ; \| 004251FD . C64424 44 01 MOV BYTE PTR SS:[ESP+44],1 ; \| 00425202 . E8 DE1F0200 CALL locoytra.004471E5 ; \locoytra.004471E5 00425207 . 817E 74 09040>CMP DWORD PTR DS:[ESI+74],409 0042520E . 0F85 A5000000 JNZ locoytra.004252B9 00425214 . 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+10] 00425218 . 52 PUSH EDX ; /Arg1 00425219 . 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20] ; \| 0042521D . E8 0EEDFFFF CALL locoytra.00423F30 ; \locoytra.00423F30 00425222 . 85C0 TEST EAX,EAX 00425224 . 74 47 JE SHORT locoytra.0042526D 00425226 . 6A 00 PUSH 0 ; /Arg3 = 00000000 00425228 . 6A 00 PUSH 0 ; \|Arg2 = 00000000 0042522A . 68 704C4900 PUSH locoytra.00494C70 ; \|Arg1 = 00494C70 0042522F . E8 CB530200 CALL locoytra.0044A5FF ; \locoytra.0044A5FF 00425234 . 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10] 00425238 . 51 PUSH ECX 00425239 . 83C0 F0 ADD EAX,-10 0042523C . 896424 18 MOV DWORD PTR SS:[ESP+18],ESP 00425240 . 8BFC MOV EDI,ESP 00425242 . 50 PUSH EAX 00425243 . E8 28D2FDFF CALL locoytra.00402470 00425248 . 83C0 10 ADD EAX,10 0042524B . 83C4 04 ADD ESP,4 0042524E . 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20] 00425252 . 8907 MOV DWORD PTR DS:[EDI],EAX 00425254 . E8 A7E4FFFF CALL locoytra.00423700 00425259 . 6A 01 PUSH 1 ; /ExitCode = 1 0042525B . FF15 CCA44800 CALL DWORD PTR DS:[<&USER32.PostQuitMess>; \PostQuitMessage 00425261 . 8BCE MOV ECX,ESI 00425263 . E8 7DD80100 CALL locoytra.00442AE5 00425268 . E9 29010000 JMP locoytra.00425396 0042526D > 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10] 00425271 . 51 PUSH ECX 00425272 . 83C0 F0 ADD EAX,-10 00425275 . 896424 18 MOV DWORD PTR SS:[ESP+18],ESP 00425279 . 8BF4 MOV ESI,ESP 0042527B . 50 PUSH EAX 0042527C . E8 EFD1FDFF CALL locoytra.00402470 00425281 . 83C0 10 ADD EAX,10 00425284 . 8906 MOV DWORD PTR DS:[ESI],EAX 00425286 . 83C4 04 ADD ESP,4 00425289 . 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+20] 0042528D . 50 PUSH EAX 0042528E . E8 ADD2FFFF CALL locoytra.00422540 00425293 . 6A 00 PUSH 0 ; /Arg3 = 00000000 00425295 . 6A 00 PUSH 0 ; \|Arg2 = 00000000 00425297 . 85C0 TEST EAX,EAX ; \| 00425299 . 74 0F JE SHORT locoytra.004252AA ; \| 0042529B . 68 F84C4900 PUSH locoytra.00494CF8 ; \|Arg1 = 00494CF8 004252A0 . E8 5A530200 CALL locoytra.0044A5FF ; \locoytra.0044A5FF 004252A5 . E9 EC000000 JMP locoytra.00425396 004252AA > 68 204D4900 PUSH locoytra.00494D20 ; \|Arg1 = 00494D20 004252AF . E8 4B530200 CALL locoytra.0044A5FF ; \locoytra.0044A5FF 004252B4 . E9 DD000000 JMP locoytra.00425396 004252B9 > 8B46 78 MOV EAX,DWORD PTR DS:[ESI+78] 004252BC . 85C0 TEST EAX,EAX 004252BE . 0F84 B8000000 JE locoytra.0042537C 004252C4 . 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10] 004252C8 . 8379 F4 00 CMP DWORD PTR DS:[ECX-C],0 004252CC . 0F8C AA000000 JL locoytra.0042537C 004252D2 . 50 PUSH EAX ; /Arg2 004252D3 . 51 PUSH ECX ; \|Arg1 004252D4 . E8 3CF80300 CALL locoytra.00464B15 ; \locoytra.00464B15 ;这里会将注册码和另一个字符串做比较 004252D9 . 83C4 08 ADD ESP,8 004252DC . 85C0 TEST EAX,EAX 004252DE . 0F84 98000000 JE locoytra.0042537C ;判断是否相等, 不想等的话就报注册码错误 004252E4 . 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10] 004252E8 . 2BC1 SUB EAX,ECX 004252EA . D1F8 SAR EAX,1 004252EC . 83F8 FF CMP EAX,-1 004252EF . 0F84 87000000 JE locoytra.0042537C 004252F5 . 51 PUSH ECX 004252F6 . 8D41 F0 LEA EAX,DWORD PTR DS:[ECX-10] 004252F9 . 896424 18 MOV DWORD PTR SS:[ESP+18],ESP 004252FD . 8BFC MOV EDI,ESP 004252FF . 50 PUSH EAX 00425300 . E8 6BD1FDFF CALL locoytra.00402470 00425305 . 83C0 10 ADD EAX,10 00425308 . 8907 MOV DWORD PTR DS:[EDI],EAX 0042530A . C64424 48 02 MOV BYTE PTR SS:[ESP+48],2 0042530F . 8BB6 88000000 MOV ESI,DWORD PTR DS:[ESI+88] 00425315 . 83EE 10 SUB ESI,10 00425318 . 896424 20 MOV DWORD PTR SS:[ESP+20],ESP 0042531C . 8BFC MOV EDI,ESP 0042531E . 56 PUSH ESI 0042531F . E8 4CD1FDFF CALL locoytra.00402470 00425324 . 83C0 10 ADD EAX,10 00425327 . 8907 MOV DWORD PTR DS:[EDI],EAX 00425329 . 83C4 04 ADD ESP,4 0042532C . 8D7C24 24 LEA EDI,DWORD PTR SS:[ESP+24] 00425330 . C64424 48 01 MOV BYTE PTR SS:[ESP+48],1 00425335 . E8 66DCFFFF CALL locoytra.00422FA0 ;关键函数，跟进 0042533A . 6A 00 PUSH 0 ; /Arg3 = 00000000 0042533C . 6A 00 PUSH 0 ; \|Arg2 = 00000000 0042533E . 83F8 01 CMP EAX,1 ; \| 00425341 . 75 2D JNZ SHORT locoytra.00425370 ; \| 00425343 . 68 484D4900 PUSH locoytra.00494D48 ; \|Arg1 = 00494D48 00425348 . E8 B2520200 CALL locoytra.0044A5FF ; \locoytra.0044A5FF 0042534D . 6A 12 PUSH 12 ; /ExitCode = 12 (18.) 0042534F . FF15 CCA44800 CALL DWORD PTR DS:[<&USER32.PostQuitMess>; \PostQuitMessage 00425355 . 51 PUSH ECX 00425356 . 8BCC MOV ECX,ESP 00425358 . 896424 1C MOV DWORD PTR SS:[ESP+1C],ESP 0042535C . 68 601D4900 PUSH locoytra.00491D60 00425361 . E8 4AD0FDFF CALL locoytra.004023B0 00425366 . E8 7543FFFF CALL locoytra.004196E0 0042536B . 83C4 04 ADD ESP,4 0042536E . EB 26 JMP SHORT locoytra.00425396 00425370 > 83F8 02 CMP EAX,2 00425373 . 75 0B JNZ SHORT locoytra.00425380 00425375 . 68 804D4900 PUSH locoytra.00494D80 0042537A . EB 09 JMP SHORT locoytra.00425385 0042537C > 6A 00 PUSH 0 0042537E . 6A 00 PUSH 0 00425380 > 68 AC4D4900 PUSH locoytra.00494DAC ; \|Arg1 = 00494DAC 00425385 > E8 75520200 CALL locoytra.0044A5FF ; \locoytra.0044A5FF 0042538A . 68 601D4900 PUSH locoytra.00491D60 ; /Arg1 = 00491D60 0042538F . 8BCD MOV ECX,EBP ; \| 00425391 . E8 DD3C0200 CALL locoytra.00449073 ; \locoytra.00449073 00425396 > C64424 40 00 MOV BYTE PTR SS:[ESP+40],0 0042539B . 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10] 跟进 00425335 的函数来到下面这里，这里进行网络验证，具体是怎样的，我不知道 00422FA0 $ 6A FF PUSH -1 00422FA2 . 68 4A664800 PUSH locoytra.0048664A 00422FA7 . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 00422FAD . 50 PUSH EAX 00422FAE . 81EC F8000000 SUB ESP,0F8 00422FB4 . A1 70984A00 MOV EAX,DWORD PTR DS:[4A9870] 00422FB9 . 33C4 XOR EAX,ESP 00422FBB . 898424 F40000>MOV DWORD PTR SS:[ESP+F4],EAX 00422FC2 . 53 PUSH EBX 00422FC3 . 55 PUSH EBP 00422FC4 . 56 PUSH ESI 00422FC5 . A1 70984A00 MOV EAX,DWORD PTR DS:[4A9870] 00422FCA . 33C4 XOR EAX,ESP 00422FCC . 50 PUSH EAX 00422FCD . 8D8424 080100>LEA EAX,DWORD PTR SS:[ESP+108] 00422FD4 . 64:A3 0000000>MOV DWORD PTR FS:[0],EAX 00422FDA . 8D8424 180100>LEA EAX,DWORD PTR SS:[ESP+118] 00422FE1 . 50 PUSH EAX 00422FE2 . 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24] 00422FE6 . 51 PUSH ECX 00422FE7 . C78424 180100>MOV DWORD PTR SS:[ESP+118],1 00422FF2 . E8 B96AFFFF CALL locoytra.00419AB0 00422FF7 . 8D5424 40 LEA EDX,DWORD PTR SS:[ESP+40] 00422FFB . 52 PUSH EDX 00422FFC . C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],2 00423004 . E8 07100000 CALL locoytra.00424010 00423009 . 83C4 0C ADD ESP,0C 0042300C . 8BF0 MOV ESI,EAX 0042300E . 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+20] 00423012 . 50 PUSH EAX 00423013 . 8D4C24 44 LEA ECX,DWORD PTR SS:[ESP+44] 00423017 . 68 143F4900 PUSH locoytra.00493F14 ; UNICODE "http://" 0042301C . 51 PUSH ECX 0042301D . C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],3 00423025 . E8 26ECFDFF CALL locoytra.00401C50 0042302A . 83C4 0C ADD ESP,0C 0042302D . 68 AC484900 PUSH locoytra.004948AC ; UNICODE "/regcode/regcheck.php?key1=" 00423032 . 50 PUSH EAX 00423033 . 8D5424 38 LEA EDX,DWORD PTR SS:[ESP+38] 00423037 . 52 PUSH EDX 00423038 . C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],4 00423040 . E8 0B08FEFF CALL locoytra.00403850 00423045 . 83C4 0C ADD ESP,0C 00423048 . 56 PUSH ESI 00423049 . 50 PUSH EAX 0042304A . 8D4424 30 LEA EAX,DWORD PTR SS:[ESP+30] 0042304E . 50 PUSH EAX 0042304F . C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],5 00423057 . E8 34EBFDFF CALL locoytra.00401B90 0042305C . 83C4 0C ADD ESP,0C 0042305F . 68 9C484900 PUSH locoytra.0049489C ; UNICODE "&key2=" 00423064 . 50 PUSH EAX 00423065 . 8D4C24 3C LEA ECX,DWORD PTR SS:[ESP+3C] 00423069 . 51 PUSH ECX 0042306A . C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],6 00423072 . E8 D907FEFF CALL locoytra.00403850 00423077 . 83C4 0C ADD ESP,0C 0042307A . 8D9424 1C0100>LEA EDX,DWORD PTR SS:[ESP+11C] 00423081 . 52 PUSH EDX 00423082 . 50 PUSH EAX 00423083 . 8D4424 34 LEA EAX,DWORD PTR SS:[ESP+34] 00423087 . 50 PUSH EAX 00423088 . C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],7 00423090 . E8 FBEAFDFF CALL locoytra.00401B90 00423095 . 83C4 0C ADD ESP,0C 00423098 . 68 8C484900 PUSH locoytra.0049488C ; UNICODE "&key3=" 0042309D . 50 PUSH EAX 0042309E . 8D4C24 44 LEA ECX,DWORD PTR SS:[ESP+44] 004230A2 . 51 PUSH ECX 004230A3 . C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],8 004230AB . E8 A007FEFF CALL locoytra.00403850 004230B0 . 83C4 0C ADD ESP,0C 004230B3 . 8D5F 04 LEA EBX,DWORD PTR DS:[EDI+4] 004230B6 . 53 PUSH EBX 004230B7 . 50 PUSH EAX 004230B8 . 8D5424 24 LEA EDX,DWORD PTR SS:[ESP+24] 004230BC . 52 PUSH EDX 004230BD . C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],9 004230C5 . E8 C6EAFDFF CALL locoytra.00401B90 004230CA . 83C4 0C ADD ESP,0C 004230CD . C68424 100100>MOV BYTE PTR SS:[ESP+110],0B 004230D5 . 8B4424 3C MOV EAX,DWORD PTR SS:[ESP+3C] 004230D9 . 83C0 F0 ADD EAX,-10 004230DC . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 004230DF . 83CD FF OR EBP,FFFFFFFF 004230E2 . 8BD5 MOV EDX,EBP 004230E4 . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 004230E8 . 4A DEC EDX 004230E9 . 85D2 TEST EDX,EDX 004230EB . 7F 0A JG SHORT locoytra.004230F7 004230ED . 8B08 MOV ECX,DWORD PTR DS:[EAX] 004230EF . 8B11 MOV EDX,DWORD PTR DS:[ECX] 004230F1 . 50 PUSH EAX 004230F2 . 8B42 04 MOV EAX,DWORD PTR DS:[EDX+4] 004230F5 . FFD0 CALL EAX 004230F7 > C68424 100100>MOV BYTE PTR SS:[ESP+110],0C 004230FF . 8B4424 2C MOV EAX,DWORD PTR SS:[ESP+2C] 00423103 . 83C0 F0 ADD EAX,-10 00423106 . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 00423109 . 8BD5 MOV EDX,EBP 0042310B . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 0042310F . 4A DEC EDX 00423110 . 85D2 TEST EDX,EDX 00423112 . 7F 0A JG SHORT locoytra.0042311E 00423114 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 00423116 . 8B11 MOV EDX,DWORD PTR DS:[ECX] 00423118 . 50 PUSH EAX 00423119 . 8B42 04 MOV EAX,DWORD PTR DS:[EDX+4] 0042311C . FFD0 CALL EAX 0042311E > C68424 100100>MOV BYTE PTR SS:[ESP+110],0D 00423126 . 8B4424 34 MOV EAX,DWORD PTR SS:[ESP+34] 0042312A . 83C0 F0 ADD EAX,-10 0042312D . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 00423130 . 8BD5 MOV EDX,EBP 00423132 . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 00423136 . 4A DEC EDX 00423137 . 85D2 TEST EDX,EDX 00423139 . 7F 0A JG SHORT locoytra.00423145 0042313B . 8B08 MOV ECX,DWORD PTR DS:[EAX] 0042313D . 8B11 MOV EDX,DWORD PTR DS:[ECX] 0042313F . 50 PUSH EAX 00423140 . 8B42 04 MOV EAX,DWORD PTR DS:[EDX+4] 00423143 . FFD0 CALL EAX 00423145 > C68424 100100>MOV BYTE PTR SS:[ESP+110],0E 0042314D . 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+28] 00423151 . 83C0 F0 ADD EAX,-10 00423154 . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 00423157 . 8BD5 MOV EDX,EBP 00423159 . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 0042315D . 4A DEC EDX 0042315E . 85D2 TEST EDX,EDX 00423160 . 7F 0A JG SHORT locoytra.0042316C 00423162 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 00423164 . 8B11 MOV EDX,DWORD PTR DS:[ECX] 00423166 . 50 PUSH EAX 00423167 . 8B42 04 MOV EAX,DWORD PTR DS:[EDX+4] 0042316A . FFD0 CALL EAX 0042316C > C68424 100100>MOV BYTE PTR SS:[ESP+110],0F 00423174 . 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+30] 00423178 . 83C0 F0 ADD EAX,-10 0042317B . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 0042317E . 8BD5 MOV EDX,EBP 00423180 . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 00423184 . 4A DEC EDX 00423185 . 85D2 TEST EDX,EDX 00423187 . 7F 0A JG SHORT locoytra.00423193 00423189 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 0042318B . 8B11 MOV EDX,DWORD PTR DS:[ECX] 0042318D . 50 PUSH EAX 0042318E . 8B42 04 MOV EAX,DWORD PTR DS:[EDX+4] 00423191 . FFD0 CALL EAX 00423193 > C68424 100100>MOV BYTE PTR SS:[ESP+110],10 0042319B . 8B4424 40 MOV EAX,DWORD PTR SS:[ESP+40] 0042319F . 83C0 F0 ADD EAX,-10 004231A2 . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 004231A5 . 8BD5 MOV EDX,EBP 004231A7 . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 004231AB . 4A DEC EDX 004231AC . 85D2 TEST EDX,EDX 004231AE . 7F 0A JG SHORT locoytra.004231BA 004231B0 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 004231B2 . 8B11 MOV EDX,DWORD PTR DS:[ECX] 004231B4 . 50 PUSH EAX 004231B5 . 8B42 04 MOV EAX,DWORD PTR DS:[EDX+4] 004231B8 . FFD0 CALL EAX 004231BA > C68424 100100>MOV BYTE PTR SS:[ESP+110],11 004231C2 . 8B4424 38 MOV EAX,DWORD PTR SS:[ESP+38] 004231C6 . 83C0 F0 ADD EAX,-10 004231C9 . 8D48 0C LEA ECX,DWORD PTR DS:[EAX+C] 004231CC . 8BD5 MOV EDX,EBP 004231CE . F0:0FC111 LOCK XADD DWORD PTR DS:[ECX],EDX ; 锁定前缀 004231D2 . 4A DEC EDX 004231D3 . 85D2 TEST EDX,EDX 004231D5 . 7F 0A JG SHORT locoytra.004231E1 004231D7 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 004231D9 . 8B11 MOV EDX,DWORD PTR DS:[ECX] 004231DB . 50 PUSH EAX 004231DC . 8B42 04 MOV EAX,DWORD PTR DS:[EDX+4] 004231DF . FFD0 CALL EAX 004231E1 > 8D4C24 44 LEA ECX,DWORD PTR SS:[ESP+44] 004231E5 . 51 PUSH ECX ; /Arg1 004231E6 . E8 75710000 CALL locoytra.0042A360 ; \locoytra.0042A360 004231EB . 6A 01 PUSH 1 004231ED . C68424 140100>MOV BYTE PTR SS:[ESP+114],12 004231F5 . 8B5424 20 MOV EDX,DWORD PTR SS:[ESP+20] 004231F9 . 6A 01 PUSH 1 004231FB . 52 PUSH EDX 004231FC . 8D4C24 50 LEA ECX,DWORD PTR SS:[ESP+50] 00423200 . E8 AB810000 CALL locoytra.0042B3B0 00423205 . 8D4424 24 LEA EAX,DWORD PTR SS:[ESP+24] 00423209 . 50 PUSH EAX 0042320A . 8D4C24 48 LEA ECX,DWORD PTR SS:[ESP+48] 0042320E . E8 ED760000 CALL locoytra.0042A900 00423213 . C68424 100100>MOV BYTE PTR SS:[ESP+110],13 0042321B . 8B7424 24 MOV ESI,DWORD PTR SS:[ESP+24] 0042321F . 56 PUSH ESI ; /Arg1 00423220 . E8 CF180400 CALL locoytra.00464AF4 ; \locoytra.00464AF4 00423225 . 83C4 04 ADD ESP,4 00423228 . 83F8 01 CMP EAX,1 0042322B . 0F85 F4020000 JNZ locoytra.00423525 ;将这里改成JZ就行了, 反正我就是这样做的，成功注册 00423231 . 8B47 14 MOV EAX,DWORD PTR DS:[EDI+14] 00423234 . 51 PUSH ECX 00423235 . 83E8 10 SUB EAX,10 00423238 . 896424 14 MOV DWORD PTR SS:[ESP+14],ESP 0042323C . 8BF4 MOV ESI,ESP 0042323E . 50 PUSH EAX 0042323F . E8 2CF2FDFF CALL locoytra.00402470 00423244 . 83C0 10 ADD EAX,10 00423247 . 8906 MOV DWORD PTR DS:[ESI],EAX 00423249 . 83C4 04 ADD ESP,4 0042324C . 8D7424 14 LEA ESI,DWORD PTR SS:[ESP+14] 00423250 . E8 EB0E0000 CALL locoytra.00424140 00423255 . C68424 100100>MOV BYTE PTR SS:[ESP+110],14 0042325D . 8B00 MOV EAX,DWORD PTR DS:[EAX] 0042325F . 50 PUSH EAX 00423260 . 8B8424 200100>MOV EAX,DWORD PTR SS:[ESP+120] 00423267 . 51 PUSH ECX 00423268 . 83C0 F0 ADD EAX,-10 0042326B . 896424 20 MOV DWORD PTR SS:[ESP+20],ESP 0042326F . 8BF4 MOV ESI,ESP 00423271 . 50 PUSH EAX 00423272 . E8 F9F1FDFF CALL locoytra.00402470 00423277 . 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20] 0042327B . 83C4 04 ADD ESP,4 0042327E . 83C0 10 ADD EAX,10 00423281 . 51 PUSH ECX 00423282 . 8906 MOV DWORD PTR DS:[ESI],EAX 00423284 . E8 17090000 CALL locoytra.00423BA0 00423289 . 8B00 MOV EAX,DWORD PTR DS:[EAX] 0042328B . 8B2D A0A24800 MOV EBP,DWORD PTR DS:[<&KERNEL32.WritePr>; kernel32.WritePrivateProfileStringW 00423291 . 83C4 08 ADD ESP,8 00423294 . 50 PUSH EAX ; \|String 00423295 . 68 78484900 PUSH locoytra.00494878 ; \|Key = "code" 0042329A . 68 64484900 PUSH locoytra.00494864 ; \|Section = "Version" 0042329F . FFD5 CALL EBP ; \WritePrivateProfileStringW 004232A1 . 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14] 004232A5 . 83C0 F0 ADD EAX,-10 2012-5-5 16:22 0
淡定华丽雪币： 30 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 25 粉丝 0 关注私信	淡定华丽 7 楼怎么感觉你的跟我的不一样，能把你注释过的发上来么，谢谢了 2012-5-5 16:50 0
heiheiabcd 雪币： 446 活跃值： (186) 能力值： ( LV12，RANK：230 ) 在线值：发帖 21 回帖 129 粉丝 2 关注私信	heiheiabcd 4 8 楼我的软件是从你给的下载地址下的，除非是你我使用的工具不同 2012-5-5 16:58 0
淡定华丽雪币： 30 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 25 粉丝 0 关注私信	淡定华丽 9 楼恩，谢谢，我再看看 2012-5-5 17:00 0
淡定华丽雪币： 30 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 25 粉丝 0 关注私信	淡定华丽 10 楼按照你的改法，已经过了注册，但保存重启之后又提示注册，看来这不仅仅要过注册这么简单 2012-5-5 20:48 0
qwwdezone 雪币： 34 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 1 粉丝 0 关注私信	qwwdezone 11 楼是重启验证类型的软件.下 bp GetPrivateProfileStringW 断点,跟一遍就OK了!!! 只需要改一个跳打断一次向上的跳转!!你马上就要XX成功了 2012-5-6 10:46 0
heiheiabcd 雪币： 446 活跃值： (186) 能力值： ( LV12，RANK：230 ) 在线值：发帖 21 回帖 129 粉丝 2 关注私信	heiheiabcd 4 12 楼不会的，我的重启软件后没提示注册，看你是不是按我下面这样的做的 0042322B . 0F85 F4020000 JNZ locoytra.00423525 ;首先将这里的JNZ改为JZ 004252D4 . E8 3CF80300 CALL locoytra.00464B15 ;在这里下断点，这里得到一个字符串，用这个字符串作为注册码 2012-5-6 18:23 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

淡定华丽

雪币： 30

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

25

粉丝

0

关注

私信

淡定华丽: 2 楼

因为是用手机发的帖，所以没能附上下载地址和部分源码。
如果需要待会附上

2012-5-5 10:22

0

淡定华丽

雪币： 30

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

25

粉丝

0

关注

私信

淡定华丽: 3 楼

没人么？？？？大虾过来帮我看看啊

2012-5-5 12:20

0

heiheiabcd

雪币： 446

活跃值： (186)

能力值：

( LV12，RANK：230 )

在线值：

发帖

21

回帖

129

粉丝

2

关注

私信

heiheiabcd 4: 4 楼

程序通过网络验证，只需改动一个重要跳转就行了，我成功注册了，虽然是暴力破解的，吾也是新手，就想找找程序练练

2012-5-5 12:39

0

淡定华丽

雪币： 30

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

25

粉丝

0

关注

私信

淡定华丽: 5 楼

晕，看来是我功夫烂到家了，连关键跳转都找不着，你能说说具体在哪么？先谢谢了

2012-5-5 15:44

0

heiheiabcd

雪币： 446

活跃值： (186)

能力值：

( LV12，RANK：230 )

在线值：

发帖

21

回帖

129

粉丝

2

关注

私信

heiheiabcd 4: 6 楼

我新手，只是碰巧了而已，我不会分析，只是说下我是怎么做的，下MessageBoxW断点，返回三次后来到下面


00425160   .  55            PUSH EBP
00425161   .  8BEC          MOV EBP,ESP
00425163   .  83E4 F8       AND ESP,FFFFFFF8
00425166   .  6A FF         PUSH -1
00425168   .  68 487E4800   PUSH locoytra.00487E48
0042516D   .  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00425173   .  50            PUSH EAX
00425174   .  83EC 28       SUB ESP,28
00425177   .  55            PUSH EBP
00425178   .  56            PUSH ESI
00425179   .  57            PUSH EDI
0042517A   .  A1 70984A00   MOV EAX,DWORD PTR DS:[4A9870]
0042517F   .  33C4          XOR EAX,ESP
00425181   .  50            PUSH EAX
00425182   .  8D4424 38     LEA EAX,DWORD PTR SS:[ESP+38]
00425186   .  64:A3 0000000>MOV DWORD PTR FS:[0],EAX
0042518C   .  8BF1          MOV ESI,ECX
0042518E   .  6A 01         PUSH 1
00425190   .  E8 92060200   CALL locoytra.00445827
00425195   .  8B46 74       MOV EAX,DWORD PTR DS:[ESI+74]
00425198   .  50            PUSH EAX
00425199   .  8B46 78       MOV EAX,DWORD PTR DS:[ESI+78]
0042519C   .  51            PUSH ECX
0042519D   .  83E8 10       SUB EAX,10
004251A0   .  896424 1C     MOV DWORD PTR SS:[ESP+1C],ESP
004251A4   .  8BFC          MOV EDI,ESP
004251A6   .  50            PUSH EAX
004251A7   .  E8 C4D2FDFF   CALL locoytra.00402470
004251AC   .  83C4 04       ADD ESP,4
004251AF   .  8D4C24 24     LEA ECX,DWORD PTR SS:[ESP+24]
004251B3   .  83C0 10       ADD EAX,10
004251B6   .  51            PUSH ECX
004251B7   .  8907          MOV DWORD PTR DS:[EDI],EAX
004251B9   .  E8 82D1FFFF   CALL locoytra.00422340
004251BE   .  C74424 40 000>MOV DWORD PTR SS:[ESP+40],0
004251C6   .  E8 49D00100   CALL locoytra.00442214
004251CB   .  33C9          XOR ECX,ECX
004251CD   .  85C0          TEST EAX,EAX
004251CF   .  0F95C1        SETNE CL
004251D2   .  85C9          TEST ECX,ECX
004251D4   .  75 0A         JNZ SHORT locoytra.004251E0
004251D6   .  68 05400080   PUSH 80004005
004251DB   .  E8 E0D6FDFF   CALL locoytra.004028C0
004251E0   >  8B10          MOV EDX,DWORD PTR DS:[EAX]
004251E2   .  8BC8          MOV ECX,EAX
004251E4   .  8B42 0C       MOV EAX,DWORD PTR DS:[EDX+C]
004251E7   .  FFD0          CALL EAX
004251E9   .  83C0 10       ADD EAX,10
004251EC   .  894424 10     MOV DWORD PTR SS:[ESP+10],EAX
004251F0   .  8D4C24 10     LEA ECX,DWORD PTR SS:[ESP+10]
004251F4   .  8DAE 10070000 LEA EBP,DWORD PTR DS:[ESI+710]
004251FA   .  51            PUSH ECX                                 ; /Arg1
004251FB   .  8BCD          MOV ECX,EBP                              ; |
004251FD   .  C64424 44 01  MOV BYTE PTR SS:[ESP+44],1               ; |
00425202   .  E8 DE1F0200   CALL locoytra.004471E5                   ; \locoytra.004471E5
00425207   .  817E 74 09040>CMP DWORD PTR DS:[ESI+74],409
0042520E   .  0F85 A5000000 JNZ locoytra.004252B9
00425214   .  8D5424 10     LEA EDX,DWORD PTR SS:[ESP+10]
00425218   .  52            PUSH EDX                                 ; /Arg1
00425219   .  8D4C24 20     LEA ECX,DWORD PTR SS:[ESP+20]            ; |
0042521D   .  E8 0EEDFFFF   CALL locoytra.00423F30                   ; \locoytra.00423F30
00425222   .  85C0          TEST EAX,EAX
00425224   .  74 47         JE SHORT locoytra.0042526D
00425226   .  6A 00         PUSH 0                                   ; /Arg3 = 00000000
00425228   .  6A 00         PUSH 0                                   ; |Arg2 = 00000000
0042522A   .  68 704C4900   PUSH locoytra.00494C70                   ; |Arg1 = 00494C70
0042522F   .  E8 CB530200   CALL locoytra.0044A5FF                   ; \locoytra.0044A5FF
00425234   .  8B4424 10     MOV EAX,DWORD PTR SS:[ESP+10]
00425238   .  51            PUSH ECX
00425239   .  83C0 F0       ADD EAX,-10
0042523C   .  896424 18     MOV DWORD PTR SS:[ESP+18],ESP
00425240   .  8BFC          MOV EDI,ESP
00425242   .  50            PUSH EAX
00425243   .  E8 28D2FDFF   CALL locoytra.00402470
00425248   .  83C0 10       ADD EAX,10
0042524B   .  83C4 04       ADD ESP,4
0042524E   .  8D4C24 20     LEA ECX,DWORD PTR SS:[ESP+20]
00425252   .  8907          MOV DWORD PTR DS:[EDI],EAX
00425254   .  E8 A7E4FFFF   CALL locoytra.00423700
00425259   .  6A 01         PUSH 1                                   ; /ExitCode = 1
0042525B   .  FF15 CCA44800 CALL DWORD PTR DS:[<&USER32.PostQuitMess>; \PostQuitMessage
00425261   .  8BCE          MOV ECX,ESI
00425263   .  E8 7DD80100   CALL locoytra.00442AE5
00425268   .  E9 29010000   JMP locoytra.00425396
0042526D   >  8B4424 10     MOV EAX,DWORD PTR SS:[ESP+10]
00425271   .  51            PUSH ECX
00425272   .  83C0 F0       ADD EAX,-10
00425275   .  896424 18     MOV DWORD PTR SS:[ESP+18],ESP
00425279   .  8BF4          MOV ESI,ESP
0042527B   .  50            PUSH EAX
0042527C   .  E8 EFD1FDFF   CALL locoytra.00402470
00425281   .  83C0 10       ADD EAX,10
00425284   .  8906          MOV DWORD PTR DS:[ESI],EAX
00425286   .  83C4 04       ADD ESP,4
00425289   .  8D4424 20     LEA EAX,DWORD PTR SS:[ESP+20]
0042528D   .  50            PUSH EAX
0042528E   .  E8 ADD2FFFF   CALL locoytra.00422540
00425293   .  6A 00         PUSH 0                                   ; /Arg3 = 00000000
00425295   .  6A 00         PUSH 0                                   ; |Arg2 = 00000000
00425297   .  85C0          TEST EAX,EAX                             ; |
00425299   .  74 0F         JE SHORT locoytra.004252AA               ; |
0042529B   .  68 F84C4900   PUSH locoytra.00494CF8                   ; |Arg1 = 00494CF8
004252A0   .  E8 5A530200   CALL locoytra.0044A5FF                   ; \locoytra.0044A5FF
004252A5   .  E9 EC000000   JMP locoytra.00425396
004252AA   >  68 204D4900   PUSH locoytra.00494D20                   ; |Arg1 = 00494D20
004252AF   .  E8 4B530200   CALL locoytra.0044A5FF                   ; \locoytra.0044A5FF
004252B4   .  E9 DD000000   JMP locoytra.00425396
004252B9   >  8B46 78       MOV EAX,DWORD PTR DS:[ESI+78]
004252BC   .  85C0          TEST EAX,EAX
004252BE   .  0F84 B8000000 JE locoytra.0042537C
004252C4   .  8B4C24 10     MOV ECX,DWORD PTR SS:[ESP+10]
004252C8   .  8379 F4 00    CMP DWORD PTR DS:[ECX-C],0
004252CC   .  0F8C AA000000 JL locoytra.0042537C
004252D2   .  50            PUSH EAX                                 ; /Arg2
004252D3   .  51            PUSH ECX                                 ; |Arg1
004252D4   .  E8 3CF80300   CALL locoytra.00464B15                   ; \locoytra.00464B15   ;这里会将注册码和另一个字符串做比较
004252D9   .  83C4 08       ADD ESP,8
004252DC   .  85C0          TEST EAX,EAX
004252DE   .  0F84 98000000 JE locoytra.0042537C                      ;判断是否相等, 不想等的话就报注册码错误
004252E4   .  8B4C24 10     MOV ECX,DWORD PTR SS:[ESP+10]
004252E8   .  2BC1          SUB EAX,ECX
004252EA   .  D1F8          SAR EAX,1
004252EC   .  83F8 FF       CMP EAX,-1
004252EF   .  0F84 87000000 JE locoytra.0042537C
004252F5   .  51            PUSH ECX
004252F6   .  8D41 F0       LEA EAX,DWORD PTR DS:[ECX-10]
004252F9   .  896424 18     MOV DWORD PTR SS:[ESP+18],ESP
004252FD   .  8BFC          MOV EDI,ESP
004252FF   .  50            PUSH EAX
00425300   .  E8 6BD1FDFF   CALL locoytra.00402470
00425305   .  83C0 10       ADD EAX,10
00425308   .  8907          MOV DWORD PTR DS:[EDI],EAX
0042530A   .  C64424 48 02  MOV BYTE PTR SS:[ESP+48],2
0042530F   .  8BB6 88000000 MOV ESI,DWORD PTR DS:[ESI+88]
00425315   .  83EE 10       SUB ESI,10
00425318   .  896424 20     MOV DWORD PTR SS:[ESP+20],ESP
0042531C   .  8BFC          MOV EDI,ESP
0042531E   .  56            PUSH ESI
0042531F   .  E8 4CD1FDFF   CALL locoytra.00402470
00425324   .  83C0 10       ADD EAX,10
00425327   .  8907          MOV DWORD PTR DS:[EDI],EAX
00425329   .  83C4 04       ADD ESP,4
0042532C   .  8D7C24 24     LEA EDI,DWORD PTR SS:[ESP+24]
00425330   .  C64424 48 01  MOV BYTE PTR SS:[ESP+48],1
00425335   .  E8 66DCFFFF   CALL locoytra.00422FA0                 ;关键函数，跟进
0042533A   .  6A 00         PUSH 0                                   ; /Arg3 = 00000000
0042533C   .  6A 00         PUSH 0                                   ; |Arg2 = 00000000
0042533E   .  83F8 01       CMP EAX,1                                ; |
00425341   .  75 2D         JNZ SHORT locoytra.00425370              ; |
00425343   .  68 484D4900   PUSH locoytra.00494D48                   ; |Arg1 = 00494D48
00425348   .  E8 B2520200   CALL locoytra.0044A5FF                   ; \locoytra.0044A5FF
0042534D   .  6A 12         PUSH 12                                  ; /ExitCode = 12 (18.)
0042534F   .  FF15 CCA44800 CALL DWORD PTR DS:[<&USER32.PostQuitMess>; \PostQuitMessage
00425355   .  51            PUSH ECX
00425356   .  8BCC          MOV ECX,ESP
00425358   .  896424 1C     MOV DWORD PTR SS:[ESP+1C],ESP
0042535C   .  68 601D4900   PUSH locoytra.00491D60
00425361   .  E8 4AD0FDFF   CALL locoytra.004023B0
00425366   .  E8 7543FFFF   CALL locoytra.004196E0
0042536B   .  83C4 04       ADD ESP,4
0042536E   .  EB 26         JMP SHORT locoytra.00425396
00425370   >  83F8 02       CMP EAX,2
00425373   .  75 0B         JNZ SHORT locoytra.00425380
00425375   .  68 804D4900   PUSH locoytra.00494D80
0042537A   .  EB 09         JMP SHORT locoytra.00425385
0042537C   >  6A 00         PUSH 0
0042537E   .  6A 00         PUSH 0
00425380   >  68 AC4D4900   PUSH locoytra.00494DAC                   ; |Arg1 = 00494DAC
00425385   >  E8 75520200   CALL locoytra.0044A5FF                   ; \locoytra.0044A5FF
0042538A   .  68 601D4900   PUSH locoytra.00491D60                   ; /Arg1 = 00491D60
0042538F   .  8BCD          MOV ECX,EBP                              ; |
00425391   .  E8 DD3C0200   CALL locoytra.00449073                   ; \locoytra.00449073
00425396   >  C64424 40 00  MOV BYTE PTR SS:[ESP+40],0
0042539B   .  8B4424 10     MOV EAX,DWORD PTR SS:[ESP+10]


跟进 00425335 的函数来到下面这里，这里进行网络验证，具体是怎样的，我不知道

00422FA0   $  6A FF         PUSH -1
00422FA2   .  68 4A664800   PUSH locoytra.0048664A
00422FA7   .  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00422FAD   .  50            PUSH EAX
00422FAE   .  81EC F8000000 SUB ESP,0F8
00422FB4   .  A1 70984A00   MOV EAX,DWORD PTR DS:[4A9870]
00422FB9   .  33C4          XOR EAX,ESP
00422FBB   .  898424 F40000>MOV DWORD PTR SS:[ESP+F4],EAX
00422FC2   .  53            PUSH EBX
00422FC3   .  55            PUSH EBP
00422FC4   .  56            PUSH ESI
00422FC5   .  A1 70984A00   MOV EAX,DWORD PTR DS:[4A9870]
00422FCA   .  33C4          XOR EAX,ESP
00422FCC   .  50            PUSH EAX
00422FCD   .  8D8424 080100>LEA EAX,DWORD PTR SS:[ESP+108]
00422FD4   .  64:A3 0000000>MOV DWORD PTR FS:[0],EAX
00422FDA   .  8D8424 180100>LEA EAX,DWORD PTR SS:[ESP+118]
00422FE1   .  50            PUSH EAX
00422FE2   .  8D4C24 24     LEA ECX,DWORD PTR SS:[ESP+24]
00422FE6   .  51            PUSH ECX
00422FE7   .  C78424 180100>MOV DWORD PTR SS:[ESP+118],1
00422FF2   .  E8 B96AFFFF   CALL locoytra.00419AB0
00422FF7   .  8D5424 40     LEA EDX,DWORD PTR SS:[ESP+40]
00422FFB   .  52            PUSH EDX
00422FFC   .  C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],2
00423004   .  E8 07100000   CALL locoytra.00424010
00423009   .  83C4 0C       ADD ESP,0C
0042300C   .  8BF0          MOV ESI,EAX
0042300E   .  8D4424 20     LEA EAX,DWORD PTR SS:[ESP+20]
00423012   .  50            PUSH EAX
00423013   .  8D4C24 44     LEA ECX,DWORD PTR SS:[ESP+44]
00423017   .  68 143F4900   PUSH locoytra.00493F14                   ;  UNICODE "http://"
0042301C   .  51            PUSH ECX
0042301D   .  C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],3
00423025   .  E8 26ECFDFF   CALL locoytra.00401C50
0042302A   .  83C4 0C       ADD ESP,0C
0042302D   .  68 AC484900   PUSH locoytra.004948AC                   ;  UNICODE "/regcode/regcheck.php?key1="
00423032   .  50            PUSH EAX
00423033   .  8D5424 38     LEA EDX,DWORD PTR SS:[ESP+38]
00423037   .  52            PUSH EDX
00423038   .  C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],4
00423040   .  E8 0B08FEFF   CALL locoytra.00403850
00423045   .  83C4 0C       ADD ESP,0C
00423048   .  56            PUSH ESI
00423049   .  50            PUSH EAX
0042304A   .  8D4424 30     LEA EAX,DWORD PTR SS:[ESP+30]
0042304E   .  50            PUSH EAX
0042304F   .  C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],5
00423057   .  E8 34EBFDFF   CALL locoytra.00401B90
0042305C   .  83C4 0C       ADD ESP,0C
0042305F   .  68 9C484900   PUSH locoytra.0049489C                   ;  UNICODE "&key2="
00423064   .  50            PUSH EAX
00423065   .  8D4C24 3C     LEA ECX,DWORD PTR SS:[ESP+3C]
00423069   .  51            PUSH ECX
0042306A   .  C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],6
00423072   .  E8 D907FEFF   CALL locoytra.00403850
00423077   .  83C4 0C       ADD ESP,0C
0042307A   .  8D9424 1C0100>LEA EDX,DWORD PTR SS:[ESP+11C]
00423081   .  52            PUSH EDX
00423082   .  50            PUSH EAX
00423083   .  8D4424 34     LEA EAX,DWORD PTR SS:[ESP+34]
00423087   .  50            PUSH EAX
00423088   .  C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],7
00423090   .  E8 FBEAFDFF   CALL locoytra.00401B90
00423095   .  83C4 0C       ADD ESP,0C
00423098   .  68 8C484900   PUSH locoytra.0049488C                   ;  UNICODE "&key3="
0042309D   .  50            PUSH EAX
0042309E   .  8D4C24 44     LEA ECX,DWORD PTR SS:[ESP+44]
004230A2   .  51            PUSH ECX
004230A3   .  C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],8
004230AB   .  E8 A007FEFF   CALL locoytra.00403850
004230B0   .  83C4 0C       ADD ESP,0C
004230B3   .  8D5F 04       LEA EBX,DWORD PTR DS:[EDI+4]
004230B6   .  53            PUSH EBX
004230B7   .  50            PUSH EAX
004230B8   .  8D5424 24     LEA EDX,DWORD PTR SS:[ESP+24]
004230BC   .  52            PUSH EDX
004230BD   .  C68424 1C0100>MOV BYTE PTR SS:[ESP+11C],9
004230C5   .  E8 C6EAFDFF   CALL locoytra.00401B90
004230CA   .  83C4 0C       ADD ESP,0C
004230CD   .  C68424 100100>MOV BYTE PTR SS:[ESP+110],0B
004230D5   .  8B4424 3C     MOV EAX,DWORD PTR SS:[ESP+3C]
004230D9   .  83C0 F0       ADD EAX,-10
004230DC   .  8D48 0C       LEA ECX,DWORD PTR DS:[EAX+C]
004230DF   .  83CD FF       OR EBP,FFFFFFFF
004230E2   .  8BD5          MOV EDX,EBP
004230E4   .  F0:0FC111     LOCK XADD DWORD PTR DS:[ECX],EDX         ;  锁定前缀
004230E8   .  4A            DEC EDX
004230E9   .  85D2          TEST EDX,EDX
004230EB   .  7F 0A         JG SHORT locoytra.004230F7
004230ED   .  8B08          MOV ECX,DWORD PTR DS:[EAX]
004230EF   .  8B11          MOV EDX,DWORD PTR DS:[ECX]
004230F1   .  50            PUSH EAX
004230F2   .  8B42 04       MOV EAX,DWORD PTR DS:[EDX+4]
004230F5   .  FFD0          CALL EAX
004230F7   >  C68424 100100>MOV BYTE PTR SS:[ESP+110],0C
004230FF   .  8B4424 2C     MOV EAX,DWORD PTR SS:[ESP+2C]
00423103   .  83C0 F0       ADD EAX,-10
00423106   .  8D48 0C       LEA ECX,DWORD PTR DS:[EAX+C]
00423109   .  8BD5          MOV EDX,EBP
0042310B   .  F0:0FC111     LOCK XADD DWORD PTR DS:[ECX],EDX         ;  锁定前缀
0042310F   .  4A            DEC EDX
00423110   .  85D2          TEST EDX,EDX
00423112   .  7F 0A         JG SHORT locoytra.0042311E
00423114   .  8B08          MOV ECX,DWORD PTR DS:[EAX]
00423116   .  8B11          MOV EDX,DWORD PTR DS:[ECX]
00423118   .  50            PUSH EAX
00423119   .  8B42 04       MOV EAX,DWORD PTR DS:[EDX+4]
0042311C   .  FFD0          CALL EAX
0042311E   >  C68424 100100>MOV BYTE PTR SS:[ESP+110],0D
00423126   .  8B4424 34     MOV EAX,DWORD PTR SS:[ESP+34]
0042312A   .  83C0 F0       ADD EAX,-10
0042312D   .  8D48 0C       LEA ECX,DWORD PTR DS:[EAX+C]
00423130   .  8BD5          MOV EDX,EBP
00423132   .  F0:0FC111     LOCK XADD DWORD PTR DS:[ECX],EDX         ;  锁定前缀
00423136   .  4A            DEC EDX
00423137   .  85D2          TEST EDX,EDX
00423139   .  7F 0A         JG SHORT locoytra.00423145
0042313B   .  8B08          MOV ECX,DWORD PTR DS:[EAX]
0042313D   .  8B11          MOV EDX,DWORD PTR DS:[ECX]
0042313F   .  50            PUSH EAX
00423140   .  8B42 04       MOV EAX,DWORD PTR DS:[EDX+4]
00423143   .  FFD0          CALL EAX
00423145   >  C68424 100100>MOV BYTE PTR SS:[ESP+110],0E
0042314D   .  8B4424 28     MOV EAX,DWORD PTR SS:[ESP+28]
00423151   .  83C0 F0       ADD EAX,-10
00423154   .  8D48 0C       LEA ECX,DWORD PTR DS:[EAX+C]
00423157   .  8BD5          MOV EDX,EBP
00423159   .  F0:0FC111     LOCK XADD DWORD PTR DS:[ECX],EDX         ;  锁定前缀
0042315D   .  4A            DEC EDX
0042315E   .  85D2          TEST EDX,EDX
00423160   .  7F 0A         JG SHORT locoytra.0042316C
00423162   .  8B08          MOV ECX,DWORD PTR DS:[EAX]
00423164   .  8B11          MOV EDX,DWORD PTR DS:[ECX]
00423166   .  50            PUSH EAX
00423167   .  8B42 04       MOV EAX,DWORD PTR DS:[EDX+4]
0042316A   .  FFD0          CALL EAX
0042316C   >  C68424 100100>MOV BYTE PTR SS:[ESP+110],0F
00423174   .  8B4424 30     MOV EAX,DWORD PTR SS:[ESP+30]
00423178   .  83C0 F0       ADD EAX,-10
0042317B   .  8D48 0C       LEA ECX,DWORD PTR DS:[EAX+C]
0042317E   .  8BD5          MOV EDX,EBP
00423180   .  F0:0FC111     LOCK XADD DWORD PTR DS:[ECX],EDX         ;  锁定前缀
00423184   .  4A            DEC EDX
00423185   .  85D2          TEST EDX,EDX
00423187   .  7F 0A         JG SHORT locoytra.00423193
00423189   .  8B08          MOV ECX,DWORD PTR DS:[EAX]
0042318B   .  8B11          MOV EDX,DWORD PTR DS:[ECX]
0042318D   .  50            PUSH EAX
0042318E   .  8B42 04       MOV EAX,DWORD PTR DS:[EDX+4]
00423191   .  FFD0          CALL EAX
00423193   >  C68424 100100>MOV BYTE PTR SS:[ESP+110],10
0042319B   .  8B4424 40     MOV EAX,DWORD PTR SS:[ESP+40]
0042319F   .  83C0 F0       ADD EAX,-10
004231A2   .  8D48 0C       LEA ECX,DWORD PTR DS:[EAX+C]
004231A5   .  8BD5          MOV EDX,EBP
004231A7   .  F0:0FC111     LOCK XADD DWORD PTR DS:[ECX],EDX         ;  锁定前缀
004231AB   .  4A            DEC EDX
004231AC   .  85D2          TEST EDX,EDX
004231AE   .  7F 0A         JG SHORT locoytra.004231BA
004231B0   .  8B08          MOV ECX,DWORD PTR DS:[EAX]
004231B2   .  8B11          MOV EDX,DWORD PTR DS:[ECX]
004231B4   .  50            PUSH EAX
004231B5   .  8B42 04       MOV EAX,DWORD PTR DS:[EDX+4]
004231B8   .  FFD0          CALL EAX
004231BA   >  C68424 100100>MOV BYTE PTR SS:[ESP+110],11
004231C2   .  8B4424 38     MOV EAX,DWORD PTR SS:[ESP+38]
004231C6   .  83C0 F0       ADD EAX,-10
004231C9   .  8D48 0C       LEA ECX,DWORD PTR DS:[EAX+C]
004231CC   .  8BD5          MOV EDX,EBP
004231CE   .  F0:0FC111     LOCK XADD DWORD PTR DS:[ECX],EDX         ;  锁定前缀
004231D2   .  4A            DEC EDX
004231D3   .  85D2          TEST EDX,EDX
004231D5   .  7F 0A         JG SHORT locoytra.004231E1
004231D7   .  8B08          MOV ECX,DWORD PTR DS:[EAX]
004231D9   .  8B11          MOV EDX,DWORD PTR DS:[ECX]
004231DB   .  50            PUSH EAX
004231DC   .  8B42 04       MOV EAX,DWORD PTR DS:[EDX+4]
004231DF   .  FFD0          CALL EAX
004231E1   >  8D4C24 44     LEA ECX,DWORD PTR SS:[ESP+44]
004231E5   .  51            PUSH ECX                                 ; /Arg1
004231E6   .  E8 75710000   CALL locoytra.0042A360                   ; \locoytra.0042A360
004231EB   .  6A 01         PUSH 1
004231ED   .  C68424 140100>MOV BYTE PTR SS:[ESP+114],12
004231F5   .  8B5424 20     MOV EDX,DWORD PTR SS:[ESP+20]
004231F9   .  6A 01         PUSH 1
004231FB   .  52            PUSH EDX
004231FC   .  8D4C24 50     LEA ECX,DWORD PTR SS:[ESP+50]
00423200   .  E8 AB810000   CALL locoytra.0042B3B0
00423205   .  8D4424 24     LEA EAX,DWORD PTR SS:[ESP+24]
00423209   .  50            PUSH EAX
0042320A   .  8D4C24 48     LEA ECX,DWORD PTR SS:[ESP+48]
0042320E   .  E8 ED760000   CALL locoytra.0042A900
00423213   .  C68424 100100>MOV BYTE PTR SS:[ESP+110],13
0042321B   .  8B7424 24     MOV ESI,DWORD PTR SS:[ESP+24]
0042321F   .  56            PUSH ESI                                 ; /Arg1
00423220   .  E8 CF180400   CALL locoytra.00464AF4                   ; \locoytra.00464AF4
00423225   .  83C4 04       ADD ESP,4
00423228   .  83F8 01       CMP EAX,1
0042322B   .  0F85 F4020000 JNZ locoytra.00423525                     ;将这里改成JZ就行了, 反正我就是这样做的，成功注册
00423231   .  8B47 14       MOV EAX,DWORD PTR DS:[EDI+14]
00423234   .  51            PUSH ECX
00423235   .  83E8 10       SUB EAX,10
00423238   .  896424 14     MOV DWORD PTR SS:[ESP+14],ESP
0042323C   .  8BF4          MOV ESI,ESP
0042323E   .  50            PUSH EAX
0042323F   .  E8 2CF2FDFF   CALL locoytra.00402470
00423244   .  83C0 10       ADD EAX,10
00423247   .  8906          MOV DWORD PTR DS:[ESI],EAX
00423249   .  83C4 04       ADD ESP,4
0042324C   .  8D7424 14     LEA ESI,DWORD PTR SS:[ESP+14]
00423250   .  E8 EB0E0000   CALL locoytra.00424140
00423255   .  C68424 100100>MOV BYTE PTR SS:[ESP+110],14
0042325D   .  8B00          MOV EAX,DWORD PTR DS:[EAX]
0042325F   .  50            PUSH EAX
00423260   .  8B8424 200100>MOV EAX,DWORD PTR SS:[ESP+120]
00423267   .  51            PUSH ECX
00423268   .  83C0 F0       ADD EAX,-10
0042326B   .  896424 20     MOV DWORD PTR SS:[ESP+20],ESP
0042326F   .  8BF4          MOV ESI,ESP
00423271   .  50            PUSH EAX
00423272   .  E8 F9F1FDFF   CALL locoytra.00402470
00423277   .  8D4C24 20     LEA ECX,DWORD PTR SS:[ESP+20]
0042327B   .  83C4 04       ADD ESP,4
0042327E   .  83C0 10       ADD EAX,10
00423281   .  51            PUSH ECX
00423282   .  8906          MOV DWORD PTR DS:[ESI],EAX
00423284   .  E8 17090000   CALL locoytra.00423BA0
00423289   .  8B00          MOV EAX,DWORD PTR DS:[EAX]
0042328B   .  8B2D A0A24800 MOV EBP,DWORD PTR DS:[<&KERNEL32.WritePr>;  kernel32.WritePrivateProfileStringW
00423291   .  83C4 08       ADD ESP,8
00423294   .  50            PUSH EAX                                 ; |String
00423295   .  68 78484900   PUSH locoytra.00494878                   ; |Key = "code"
0042329A   .  68 64484900   PUSH locoytra.00494864                   ; |Section = "Version"
0042329F   .  FFD5          CALL EBP                                 ; \WritePrivateProfileStringW
004232A1   .  8B4424 14     MOV EAX,DWORD PTR SS:[ESP+14]
004232A5   .  83C0 F0       ADD EAX,-10

2012-5-5 16:22

0

淡定华丽

雪币： 30

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

25

粉丝

0

关注

私信

淡定华丽: 7 楼

怎么感觉你的跟我的不一样，能把你注释过的发上来么，谢谢了

2012-5-5 16:50

0

heiheiabcd

雪币： 446

活跃值： (186)

能力值：

( LV12，RANK：230 )

在线值：

发帖

21

回帖

129

粉丝

2

关注

私信

heiheiabcd 4: 8 楼

我的软件是从你给的下载地址下的，除非是你我使用的工具不同

2012-5-5 16:58

0

淡定华丽

雪币： 30

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

25

粉丝

0

关注

私信

淡定华丽: 9 楼

恩，谢谢，我再看看

2012-5-5 17:00

0

淡定华丽

雪币： 30

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

25

粉丝

0

关注

私信

淡定华丽: 10 楼

按照你的改法，已经过了注册，但保存重启之后又提示注册，看来这不仅仅要过注册这么简单

2012-5-5 20:48

0

qwwdezone

雪币： 34

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

0

回帖

1

粉丝

0

关注

私信

qwwdezone: 11 楼

是重启验证类型的软件.下 bp GetPrivateProfileStringW 断点,跟一遍就OK了!!!
只需要改一个跳打断一次向上的跳转!!你马上就要XX成功了

2012-5-6 10:46

0

heiheiabcd

雪币： 446

活跃值： (186)

能力值：

( LV12，RANK：230 )

在线值：

发帖

21

回帖

129

粉丝

2

关注

私信

heiheiabcd 4: 12 楼

不会的，我的重启软件后没提示注册，看你是不是按我下面这样的做的

0042322B   .  0F85 F4020000 JNZ locoytra.00423525   ;首先将这里的JNZ改为JZ
004252D4   .  E8 3CF80300   CALL locoytra.00464B15    ;在这里下断点，这里得到一个字符串，用这个字符串作为注册码

2012-5-6 18:23

0

[旧帖] [求助]关于一个无壳软件的crack 0.00雪花