-
-
[旧帖] 有类似的教程还是搞不定啊 0.00雪花
-
发表于: 2012-12-20 10:10
-
软件是通过licence.cer文件来注册的。无壳.
网上找到了一篇文章 修改两个位置爆破
http://hi.baidu.com/alic0ol/item/c2601b9f047619d27b7f0185
跟这个软件有点类似,但是修改了之后程序会自动退出。
下载地址:http://www.abot.cn/pages/AbotICE.html
OD载入AbotICE.exe
搜索所有参考字串 查找"licence.cer"
发现有两个位置调用
004DA787 push AbotICE.00526028 licence.cer
004DA7D1 push AbotICE.00526034 licence.cer
004DA782 . 68 24605200 push AbotICE.00526024 ; rb
004DA787 . 68 28605200 push AbotICE.00526028 ; licence.cer
004DA78C . E8 F524FAFF call AbotICE.0047CC86 ; 判断licence.cer文件是否存在
004DA791 . 83C4 08 add esp,0x8
004DA794 . 8945 E8 mov dword ptr ss:[ebp-0x18],eax
004DA797 . E9 82000000 jmp AbotICE.004DA81E
004DA79C > 8B4D 0C mov ecx,dword ptr ss:[ebp+0xC]
004DA79F . 51 push ecx
004DA7A0 . E8 0B14FAFF call AbotICE.0047BBB0
004DA7A5 . 83C4 04 add esp,0x4
004DA7A8 . 05 00010000 add eax,0x100
004DA7AD . 50 push eax
004DA7AE . E8 481DF7FF call AbotICE.0044C4FB
004DA7B3 . 83C4 04 add esp,0x4
004DA7B6 . 8985 74F5FFFF mov dword ptr ss:[ebp-0xA8C],eax
004DA7BC . 8B95 74F5FFFF mov edx,dword ptr ss:[ebp-0xA8C]
004DA7C2 . 8995 90F5FFFF mov dword ptr ss:[ebp-0xA70],edx
004DA7C8 . 8B85 90F5FFFF mov eax,dword ptr ss:[ebp-0xA70]
004DA7CE . 8945 E4 mov dword ptr ss:[ebp-0x1C],eax
004DA7D1 . 68 34605200 push AbotICE.00526034 ; licence.cer
004DA7D6 . 8B4D 0C mov ecx,dword ptr ss:[ebp+0xC]
004DA7D9 . 51 push ecx
004DA7DA . 68 40605200 push AbotICE.00526040 ; %s%s
004DA7DF . 8B55 E4 mov edx,dword ptr ss:[ebp-0x1C]
004DA7E2 . 52 push edx
004DA7E3 . E8 2FFBF9FF call AbotICE.0047A317
004DA7E8 . 83C4 10 add esp,0x10
004DA7EB . 68 48605200 push AbotICE.00526048 ; rb
004DA7F0 . 8B45 E4 mov eax,dword ptr ss:[ebp-0x1C]
004DA7F3 . 50 push eax
004DA7F4 . E8 8D24FAFF call AbotICE.0047CC86
004DA7F9 . 83C4 08 add esp,0x8
004DA7FC . 8945 E8 mov dword ptr ss:[ebp-0x18],eax
004DA7FF . 8B4D E4 mov ecx,dword ptr ss:[ebp-0x1C]
004DA802 . 898D 8CF5FFFF mov dword ptr ss:[ebp-0xA74],ecx
004DA808 . 8B95 8CF5FFFF mov edx,dword ptr ss:[ebp-0xA74]
004DA80E . 52 push edx
004DA80F . E8 E21CF7FF call AbotICE.0044C4F6
004DA814 . 83C4 04 add esp,0x4
004DA817 . C745 E4 00000000 mov dword ptr ss:[ebp-0x1C],0x0 ;这里跟那个文章不太一样
004DA81E > 837D E8 00 cmp dword ptr ss:[ebp-0x18],0x0
004DA822 . 75 0C jnz short AbotICE.004DA830
004DA824 . C745 EC 01000000 mov dword ptr ss:[ebp-0x14],0x1
004DA82B . E9 CF030000 jmp AbotICE.004DABFF
004DA830 > 8B45 E8 mov eax,dword ptr ss:[ebp-0x18]
004DA833 . 50 push eax
004DA834 . 6A 01 push 0x1
004DA836 . 68 040A0000 push 0xA04
004DA83B . 8D8D B8F5FFFF lea ecx,dword ptr ss:[ebp-0xA48]
004DA841 . 51 push ecx
004DA842 . E8 AF26FAFF call AbotICE.0047CEF6 ; 读取licence.cer文件
004DA847 . 83C4 10 add esp,0x10
004DA84A . 8945 C4 mov dword ptr ss:[ebp-0x3C],eax
004DA84D . 8B55 E8 mov edx,dword ptr ss:[ebp-0x18]
004DA850 . 52 push edx
004DA851 . E8 0529FAFF call AbotICE.0047D15B
004DA856 . 83C4 04 add esp,0x4
004DA859 . C685 A8F5FFFF 24 mov byte ptr ss:[ebp-0xA58],0x24
004DA860 . C685 A9F5FFFF 09 mov byte ptr ss:[ebp-0xA57],0x9
004DA867 . C685 AAF5FFFF 40 mov byte ptr ss:[ebp-0xA56],0x40
004DA86E . C685 ABF5FFFF 05 mov byte ptr ss:[ebp-0xA55],0x5
004DA875 . C685 ACF5FFFF 01 mov byte ptr ss:[ebp-0xA54],0x1
004DA87C . C685 ADF5FFFF 23 mov byte ptr ss:[ebp-0xA53],0x23
004DA883 . C685 AEF5FFFF 08 mov byte ptr ss:[ebp-0xA52],0x8
004DA88A . C685 AFF5FFFF 09 mov byte ptr ss:[ebp-0xA51],0x9
004DA891 . C685 B0F5FFFF 01 mov byte ptr ss:[ebp-0xA50],0x1
004DA898 . C685 B1F5FFFF 07 mov byte ptr ss:[ebp-0xA4F],0x7
004DA89F . C685 B2F5FFFF 63 mov byte ptr ss:[ebp-0xA4E],0x63
004DA8A6 . C685 B3F5FFFF 75 mov byte ptr ss:[ebp-0xA4D],0x75
004DA8AD . C685 B4F5FFFF 00 mov byte ptr ss:[ebp-0xA4C],0x0
004DA8B4 . C685 B5F5FFFF 08 mov byte ptr ss:[ebp-0xA4B],0x8
004DA8BB . C685 B6F5FFFF 69 mov byte ptr ss:[ebp-0xA4A],0x69
004DA8C2 . 6A 01 push 0x1
004DA8C4 . 6A 0F push 0xF
004DA8C6 . 8D85 A8F5FFFF lea eax,dword ptr ss:[ebp-0xA58]
004DA8CC . 50 push eax
004DA8CD . 68 00020000 push 0x200
004DA8D2 . 8D8D BCFDFFFF lea ecx,dword ptr ss:[ebp-0x244]
004DA8D8 . 51 push ecx
004DA8D9 . 8D95 BCFDFFFF lea edx,dword ptr ss:[ebp-0x244]
004DA8DF . 52 push edx
004DA8E0 . E8 DB15FCFF call AbotICE.0049BEC0
功力不够,后面就没有头绪了
网上找到了一篇文章 修改两个位置爆破
http://hi.baidu.com/alic0ol/item/c2601b9f047619d27b7f0185
跟这个软件有点类似,但是修改了之后程序会自动退出。
下载地址:http://www.abot.cn/pages/AbotICE.html
OD载入AbotICE.exe
搜索所有参考字串 查找"licence.cer"
发现有两个位置调用
004DA787 push AbotICE.00526028 licence.cer
004DA7D1 push AbotICE.00526034 licence.cer
004DA782 . 68 24605200 push AbotICE.00526024 ; rb
004DA787 . 68 28605200 push AbotICE.00526028 ; licence.cer
004DA78C . E8 F524FAFF call AbotICE.0047CC86 ; 判断licence.cer文件是否存在
004DA791 . 83C4 08 add esp,0x8
004DA794 . 8945 E8 mov dword ptr ss:[ebp-0x18],eax
004DA797 . E9 82000000 jmp AbotICE.004DA81E
004DA79C > 8B4D 0C mov ecx,dword ptr ss:[ebp+0xC]
004DA79F . 51 push ecx
004DA7A0 . E8 0B14FAFF call AbotICE.0047BBB0
004DA7A5 . 83C4 04 add esp,0x4
004DA7A8 . 05 00010000 add eax,0x100
004DA7AD . 50 push eax
004DA7AE . E8 481DF7FF call AbotICE.0044C4FB
004DA7B3 . 83C4 04 add esp,0x4
004DA7B6 . 8985 74F5FFFF mov dword ptr ss:[ebp-0xA8C],eax
004DA7BC . 8B95 74F5FFFF mov edx,dword ptr ss:[ebp-0xA8C]
004DA7C2 . 8995 90F5FFFF mov dword ptr ss:[ebp-0xA70],edx
004DA7C8 . 8B85 90F5FFFF mov eax,dword ptr ss:[ebp-0xA70]
004DA7CE . 8945 E4 mov dword ptr ss:[ebp-0x1C],eax
004DA7D1 . 68 34605200 push AbotICE.00526034 ; licence.cer
004DA7D6 . 8B4D 0C mov ecx,dword ptr ss:[ebp+0xC]
004DA7D9 . 51 push ecx
004DA7DA . 68 40605200 push AbotICE.00526040 ; %s%s
004DA7DF . 8B55 E4 mov edx,dword ptr ss:[ebp-0x1C]
004DA7E2 . 52 push edx
004DA7E3 . E8 2FFBF9FF call AbotICE.0047A317
004DA7E8 . 83C4 10 add esp,0x10
004DA7EB . 68 48605200 push AbotICE.00526048 ; rb
004DA7F0 . 8B45 E4 mov eax,dword ptr ss:[ebp-0x1C]
004DA7F3 . 50 push eax
004DA7F4 . E8 8D24FAFF call AbotICE.0047CC86
004DA7F9 . 83C4 08 add esp,0x8
004DA7FC . 8945 E8 mov dword ptr ss:[ebp-0x18],eax
004DA7FF . 8B4D E4 mov ecx,dword ptr ss:[ebp-0x1C]
004DA802 . 898D 8CF5FFFF mov dword ptr ss:[ebp-0xA74],ecx
004DA808 . 8B95 8CF5FFFF mov edx,dword ptr ss:[ebp-0xA74]
004DA80E . 52 push edx
004DA80F . E8 E21CF7FF call AbotICE.0044C4F6
004DA814 . 83C4 04 add esp,0x4
004DA817 . C745 E4 00000000 mov dword ptr ss:[ebp-0x1C],0x0 ;这里跟那个文章不太一样
004DA81E > 837D E8 00 cmp dword ptr ss:[ebp-0x18],0x0
004DA822 . 75 0C jnz short AbotICE.004DA830
004DA824 . C745 EC 01000000 mov dword ptr ss:[ebp-0x14],0x1
004DA82B . E9 CF030000 jmp AbotICE.004DABFF
004DA830 > 8B45 E8 mov eax,dword ptr ss:[ebp-0x18]
004DA833 . 50 push eax
004DA834 . 6A 01 push 0x1
004DA836 . 68 040A0000 push 0xA04
004DA83B . 8D8D B8F5FFFF lea ecx,dword ptr ss:[ebp-0xA48]
004DA841 . 51 push ecx
004DA842 . E8 AF26FAFF call AbotICE.0047CEF6 ; 读取licence.cer文件
004DA847 . 83C4 10 add esp,0x10
004DA84A . 8945 C4 mov dword ptr ss:[ebp-0x3C],eax
004DA84D . 8B55 E8 mov edx,dword ptr ss:[ebp-0x18]
004DA850 . 52 push edx
004DA851 . E8 0529FAFF call AbotICE.0047D15B
004DA856 . 83C4 04 add esp,0x4
004DA859 . C685 A8F5FFFF 24 mov byte ptr ss:[ebp-0xA58],0x24
004DA860 . C685 A9F5FFFF 09 mov byte ptr ss:[ebp-0xA57],0x9
004DA867 . C685 AAF5FFFF 40 mov byte ptr ss:[ebp-0xA56],0x40
004DA86E . C685 ABF5FFFF 05 mov byte ptr ss:[ebp-0xA55],0x5
004DA875 . C685 ACF5FFFF 01 mov byte ptr ss:[ebp-0xA54],0x1
004DA87C . C685 ADF5FFFF 23 mov byte ptr ss:[ebp-0xA53],0x23
004DA883 . C685 AEF5FFFF 08 mov byte ptr ss:[ebp-0xA52],0x8
004DA88A . C685 AFF5FFFF 09 mov byte ptr ss:[ebp-0xA51],0x9
004DA891 . C685 B0F5FFFF 01 mov byte ptr ss:[ebp-0xA50],0x1
004DA898 . C685 B1F5FFFF 07 mov byte ptr ss:[ebp-0xA4F],0x7
004DA89F . C685 B2F5FFFF 63 mov byte ptr ss:[ebp-0xA4E],0x63
004DA8A6 . C685 B3F5FFFF 75 mov byte ptr ss:[ebp-0xA4D],0x75
004DA8AD . C685 B4F5FFFF 00 mov byte ptr ss:[ebp-0xA4C],0x0
004DA8B4 . C685 B5F5FFFF 08 mov byte ptr ss:[ebp-0xA4B],0x8
004DA8BB . C685 B6F5FFFF 69 mov byte ptr ss:[ebp-0xA4A],0x69
004DA8C2 . 6A 01 push 0x1
004DA8C4 . 6A 0F push 0xF
004DA8C6 . 8D85 A8F5FFFF lea eax,dword ptr ss:[ebp-0xA58]
004DA8CC . 50 push eax
004DA8CD . 68 00020000 push 0x200
004DA8D2 . 8D8D BCFDFFFF lea ecx,dword ptr ss:[ebp-0x244]
004DA8D8 . 51 push ecx
004DA8D9 . 8D95 BCFDFFFF lea edx,dword ptr ss:[ebp-0x244]
004DA8DF . 52 push edx
004DA8E0 . E8 DB15FCFF call AbotICE.0049BEC0
功力不够,后面就没有头绪了
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
呵呵,可能我表达的不够清楚, 我说的是有点类似,因为是两个不同的软件 只不过这两个软件都是同一个公司出的,因此他们的注册部分可能有些相似
我跟到验证lincer文件算法部分 有些不太懂,哪位大神能指点一下? 
|
