-
-
[求助]软件破解的经验
-
发表于:
2013-6-14 10:32
4055
-
初学加密解密,烦请达人指点。最近选了两个起名软件和一个网络验证的软件练手,对MessageBox下断或者用查看堆栈的方法找到注册的子程序段,如下
00403AF0 83EC 64 SUB ESP,64
00403AF3 56 PUSH ESI
00403AF4 8B7424 74 MOV ESI,DWORD PTR SS:[ESP+74]
00403AF8 57 PUSH EDI
00403AF9 8B7E 08 MOV EDI,DWORD PTR DS:[ESI+8]
00403AFC 57 PUSH EDI
00403AFD E8 6E2F0100 CALL unpack.00416A70
00403B02 83C4 04 ADD ESP,4
00403B05 85C0 TEST EAX,EAX
00403B07 74 10 JE SHORT unpack.00403B19
00403B09 8D4424 08 LEA EAX,DWORD PTR SS:[ESP+8]
00403B0D 50 PUSH EAX
00403B0E 56 PUSH ESI
00403B0F E8 1CFDFFFF CALL unpack.00403830
00403B14 83C4 08 ADD ESP,8
00403B17 EB 42 JMP SHORT unpack.00403B5B
00403B19 81FF 04000080 [COLOR="Red"]CMP EDI,80000004[/COLOR]
00403B1F 75 04 JNZ SHORT unpack.00403B25
00403B21 8B0E MOV ECX,DWORD PTR DS:[ESI]
00403B23 EB 3A JMP SHORT unpack.00403B5F
00403B25 81FF 02000080 [COLOR="Red"]CMP EDI,80000002[/COLOR]
00403B2B 75 12 JNZ SHORT unpack.00403B3F
...(下略)
查找调用该子程序段的代码可以回溯到如下代码
0042317D CC [COLOR="red"] INT3[/COLOR]
0042317E CC [COLOR="red"] INT3[/COLOR]
0042317F CC [COLOR="red"]INT3[/COLOR]
00423180 8D4424 08 LEA EAX,DWORD PTR SS:[ESP+8]
00423184 83EC 0C SUB ESP,0C
00423187 50 PUSH EAX
00423188 FF7424 14 PUSH DWORD PTR SS:[ESP+14]
0042318C 33C0 XOR EAX,EAX
0042318E 894424 08 MOV DWORD PTR SS:[ESP+8],EAX
00423192 894424 0C MOV DWORD PTR SS:[ESP+C],EAX
00423196 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
0042319A 8D5424 08 LEA EDX,DWORD PTR SS:[ESP+8]
0042319E 52 PUSH EDX
0042319F FFD3 [COLOR="red"]CALL EBX[/COLOR]
004231A1 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+C]
004231A5 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
004231A9 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
004231AD 83C4 18 ADD ESP,18
004231B0 C3 RETN
004231B1 CC [COLOR="red"]INT3[/COLOR]
004231B2 CC [COLOR="red"]INT3[/COLOR]
004231B3 CC [COLOR="red"] INT3[/COLOR]
以上红色标注的都是特征码
因为这三个程序都是类似的错误窗口弹出机制,可是我在该子程序段如何跟进都没收获,是我跟错了方向吗?请指点
[培训]传播安全知识、拓宽行业人脉——看雪讲师团队等你加入!
