目标文件:网络执法官2.76
下载地址:
http://www.netrobocop.com/Exe/UserDown/RobocopSetup.exe
此软件没有加壳,用Microsoft Visual C++ 6.0编写,程序启动时有NAG框,有时间限制,在注册框随意输入用户名和注册码后点“注册”无任何提示!用WASM32查找字符串有“你正在使用的是"%s" %d用户版。”和“您没有正确注册”等。
代码如下:
00411A3E 90 NOP
00411A3F 90 NOP
00411A40 . 81EC 00010000 SUB ESP,100
00411A46 . 53 PUSH EBX
00411A47 . 57 PUSH EDI
00411A48 . 8BD9 MOV EBX,ECX
00411A4A . E8 5DC40100 CALL <JMP.&MFC42.#4710_?OnInitDialog@CDialo>
00411A4F . B9 3F000000 MOV ECX,3F
00411A54 . 33C0 XOR EAX,EAX
00411A56 . 8D7C24 09 LEA EDI,DWORD PTR SS:[ESP+9]
00411A5A . C64424 08 00 MOV BYTE PTR SS:[ESP+8],0
00411A5F . F3:AB REP STOS DWORD PTR ES:[EDI]
00411A61 . 66:AB STOS WORD PTR ES:[EDI]
00411A63 . AA STOS BYTE PTR ES:[EDI]
00411A64 . A1 90464400 MOV EAX,DWORD PTR DS:[444690]
00411A69 . 83F8 0A CMP EAX,0A
00411A6C . 7C 3B JL SHORT Robocop.00411AA9
00411A6E . 8D48 E7 LEA ECX,DWORD PTR DS:[EAX-19]
00411A71 . 81F9 E7030000 CMP ECX,3E7
00411A77 . 7F 1B JG SHORT Robocop.00411A94
00411A79 . 50 PUSH EAX ; /<%d> => 800
(2048.)
00411A7A . 68 EC164400 PUSH Robocop.004416EC ; |<%s>="网络执
法官"
00411A7F . 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+10] ; |
00411A83 . 68 00294400 PUSH Robocop.00442900 ; |format = "您
正在使用的
是"%s" %d用
户版。"
00411A88 . 52 PUSH EDX ; |s
00411A89 . FF15 58464300 CALL DWORD PTR DS:[<&MSVCRT.sprintf>]; \sprintf
00411A8F . 83C4 10 ADD ESP,10
00411A92 . EB 3D JMP SHORT Robocop.00411AD1
00411A94 > 8D4424 08 LEA EAX,DWORD PTR SS:[ESP+8]
00411A98 . 68 E8284400 PUSH Robocop.004428E8 ; /format = "您
正在使用的是
企业版。"
00411A9D . 50 PUSH EAX ; |s
00411A9E . FF15 58464300 CALL DWORD PTR DS:[<&MSVCRT.sprintf>]; \sprintf
00411AA4 . 83C4 08 ADD ESP,8
00411AA7 . EB 28 JMP SHORT Robocop.00411AD1
00411AA9 > BF D4284400 MOV EDI,Robocop.004428D4------------>;此处为“您没有
正确注册”
00411AAE . 83C9 FF OR ECX,FFFFFFFF
00411AB1 . 33C0 XOR EAX,EAX
00411AB3 . 56 PUSH ESI
00411AB4 . F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00411AB6 . F7D1 NOT ECX
00411AB8 . 2BF9 SUB EDI,ECX
00411ABA . 8D5424 0C LEA EDX,DWORD PTR SS:[ESP+C]
00411ABE . 8BC1 MOV EAX,ECX
00411AC0 . 8BF7 MOV ESI,EDI
00411AC2 . 8BFA MOV EDI,EDX
00411AC4 . C1E9 02 SHR ECX,2
00411AC7 . F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[E>
00411AC9 . 8BC8 MOV ECX,EAX
00411ACB . 83E1 03 AND ECX,3
00411ACE . F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI>
00411AD0 . 5E POP ESI
00411AD1 > 8D4C24 08 LEA ECX,DWORD PTR SS:[ESP+8]
00411AD5 . 51 PUSH ECX
00411AD6 . 8D8B A4000000 LEA ECX,DWORD PTR DS:[EBX+A4]
00411ADC . E8 C5C30100 CALL <JMP.&MFC42.#6199_?SetWindowTextA@CWnd>
00411AE1 . 68 78164400 PUSH Robocop.00441678---------------------->;ASCII "
http://www.netrobocop.com"
00411AE6 . 8D4B 64 LEA ECX,DWORD PTR DS:[EBX+64]
00411AE9 . E8 B8C30100 CALL <JMP.&MFC42.#6199_?SetWindowTextA@CWnd>
00411AEE . 5F POP EDI
00411AEF . B8 01000000 MOV EAX,1
00411AF4 . 5B POP EBX
00411AF5 . 81C4 00010000 ADD ESP,100
00411AFB . C3 RETN
00411AFC 90 NOP
00411AFD 90 NOP
我试过在00411A40 . 81EC 00010000 SUB ESP,100处设断,但点注册后并没有在此断下来,仍然是那个注册框,没有任何的提示!
我也试过用getwindowtexta、GetDlgItemTextA等设断,但点注册都断不下来,我想对这种是不是只有对“注册”按钮的事件下断了,但又不知如何下断,请各位大侠帮帮忙,小弟先行谢过!!!
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
