-
-
请教一下这key文件也有三环套月的么?
-
发表于: 2015-7-7 11:20
-
我从华军下载了一个叫 网页课件打包加密器 2.0 的东东
006F5713 /E9 83000000 jmp HtmlPack.006F579B ; 这里强改,果然显示注册成功
006F5718 |90 nop
006F5719 |. |837D F4 FF cmp [local.3], -0x1
006F571D |. |75 0C jnz short HtmlPack.006F572B
006F571F |. |B8 88586F00 mov eax, HtmlPack.006F5888
006F5724 |. |E8 1BE8FFFF call HtmlPack.006F3F44
006F5729 |. |EB 64 jmp short HtmlPack.006F578F
006F572B |> |837D F4 FE cmp [local.3], -0x2
006F572F |75 0C jnz short HtmlPack.006F573D ; 这个一挑 就显示链接服务器失败
006F5731 |. |B8 B0586F00 mov eax, HtmlPack.006F58B0
006F5736 |. |E8 09E8FFFF call HtmlPack.006F3F44
006F573B |. |EB 52 jmp short HtmlPack.006F578F
006F573D |> |837D F4 01 cmp [local.3], 0x1
006F5741 |. |75 0C jnz short HtmlPack.006F574F
006F5743 |. |B8 24596F00 mov eax, HtmlPack.006F5924
006F5748 |. |E8 F7E7FFFF call HtmlPack.006F3F44
006F574D |. |EB 40 jmp short HtmlPack.006F578F
006F574F |> |837D F4 02 cmp [local.3], 0x2
006F5753 |. |75 0C jnz short HtmlPack.006F5761
006F5755 |. |B8 9C596F00 mov eax, HtmlPack.006F599C
006F575A |. |E8 E5E7FFFF call HtmlPack.006F3F44
006F575F |. |EB 2E jmp short HtmlPack.006F578F
006F5761 |> |837D F4 03 cmp [local.3], 0x3
006F5765 |. |75 0C jnz short HtmlPack.006F5773
006F5767 |. |B8 C4596F00 mov eax, HtmlPack.006F59C4
006F576C |. |E8 D3E7FFFF call HtmlPack.006F3F44
006F5771 |. |EB 1C jmp short HtmlPack.006F578F
006F5773 |> |837D F4 04 cmp [local.3], 0x4
006F5777 |. |75 0C jnz short HtmlPack.006F5785
006F5779 |. |B8 2C5A6F00 mov eax, HtmlPack.006F5A2C
006F577E |. |E8 C1E7FFFF call HtmlPack.006F3F44
006F5783 |. |EB 0A jmp short HtmlPack.006F578F
006F5785 |> |B8 5C5A6F00 mov eax, HtmlPack.006F5A5C ; UNICODE "error server respond data"
006F578A |. |E8 B5E7FFFF call HtmlPack.006F3F44
006F578F |> |A1 585D7100 mov eax, dword ptr ds:[0x715D58]
006F5794 |. |8B10 mov edx, dword ptr ds:[eax]
006F5796 |. |FF52 10 call dword ptr ds:[edx+0x10]
006F5799 |. |EB 1E jmp short HtmlPack.006F57B9
006F579B |> \B8 60586F00 mov eax, HtmlPack.006F5860
感觉好像有连网检测,我强改,结果出现了重启验证。。。
桌面上果然生成了 License.dat
54000000B1486777BB9682B17A1B3E0BD767C11EB6DA15A00F9CEC134516BDD54D808ACD5278084D625A3FE66C4179A57DA121BCECFF61B2E67694075B351E8640FFCBD093B56E67D975306B8C28AF597ED7636A7DAFDEE0FE8A231C6B385AAE33229EFF
内存搜索,下硬件断点,结果
0040450E . 83F9 08 cmp ecx, 0x8 启动时断到这里
004044F6 . /74 31 je short HtmlPack.00404529
004044F8 . |83F9 20 cmp ecx, 0x20 ; Switch (cases 0..20)
004044FB . |77 7C ja short HtmlPack.00404579
004044FD . |83E9 08 sub ecx, 0x8
00404500 . |7F 07 jg short HtmlPack.00404509
00404502 . |FF248D 4C4540>jmp dword ptr ds:[ecx*4+0x40454C]
00404509 > |DF2C01 fild qword ptr ds:[ecx+eax]
0040450C . |DF28 fild qword ptr ds:[eax]
0040450E . |83F9 08 cmp ecx, 0x8
来到了下面的地方
我又要强改,这次桌面上又生成了一个License文件
里边的内容
[SOFTWARE\htmlpack]
TTC=
006F5713 /E9 83000000 jmp HtmlPack.006F579B ; 这里强改,果然显示注册成功
006F5718 |90 nop
006F5719 |. |837D F4 FF cmp [local.3], -0x1
006F571D |. |75 0C jnz short HtmlPack.006F572B
006F571F |. |B8 88586F00 mov eax, HtmlPack.006F5888
006F5724 |. |E8 1BE8FFFF call HtmlPack.006F3F44
006F5729 |. |EB 64 jmp short HtmlPack.006F578F
006F572B |> |837D F4 FE cmp [local.3], -0x2
006F572F |75 0C jnz short HtmlPack.006F573D ; 这个一挑 就显示链接服务器失败
006F5731 |. |B8 B0586F00 mov eax, HtmlPack.006F58B0
006F5736 |. |E8 09E8FFFF call HtmlPack.006F3F44
006F573B |. |EB 52 jmp short HtmlPack.006F578F
006F573D |> |837D F4 01 cmp [local.3], 0x1
006F5741 |. |75 0C jnz short HtmlPack.006F574F
006F5743 |. |B8 24596F00 mov eax, HtmlPack.006F5924
006F5748 |. |E8 F7E7FFFF call HtmlPack.006F3F44
006F574D |. |EB 40 jmp short HtmlPack.006F578F
006F574F |> |837D F4 02 cmp [local.3], 0x2
006F5753 |. |75 0C jnz short HtmlPack.006F5761
006F5755 |. |B8 9C596F00 mov eax, HtmlPack.006F599C
006F575A |. |E8 E5E7FFFF call HtmlPack.006F3F44
006F575F |. |EB 2E jmp short HtmlPack.006F578F
006F5761 |> |837D F4 03 cmp [local.3], 0x3
006F5765 |. |75 0C jnz short HtmlPack.006F5773
006F5767 |. |B8 C4596F00 mov eax, HtmlPack.006F59C4
006F576C |. |E8 D3E7FFFF call HtmlPack.006F3F44
006F5771 |. |EB 1C jmp short HtmlPack.006F578F
006F5773 |> |837D F4 04 cmp [local.3], 0x4
006F5777 |. |75 0C jnz short HtmlPack.006F5785
006F5779 |. |B8 2C5A6F00 mov eax, HtmlPack.006F5A2C
006F577E |. |E8 C1E7FFFF call HtmlPack.006F3F44
006F5783 |. |EB 0A jmp short HtmlPack.006F578F
006F5785 |> |B8 5C5A6F00 mov eax, HtmlPack.006F5A5C ; UNICODE "error server respond data"
006F578A |. |E8 B5E7FFFF call HtmlPack.006F3F44
006F578F |> |A1 585D7100 mov eax, dword ptr ds:[0x715D58]
006F5794 |. |8B10 mov edx, dword ptr ds:[eax]
006F5796 |. |FF52 10 call dword ptr ds:[edx+0x10]
006F5799 |. |EB 1E jmp short HtmlPack.006F57B9
006F579B |> \B8 60586F00 mov eax, HtmlPack.006F5860
感觉好像有连网检测,我强改,结果出现了重启验证。。。
桌面上果然生成了 License.dat
54000000B1486777BB9682B17A1B3E0BD767C11EB6DA15A00F9CEC134516BDD54D808ACD5278084D625A3FE66C4179A57DA121BCECFF61B2E67694075B351E8640FFCBD093B56E67D975306B8C28AF597ED7636A7DAFDEE0FE8A231C6B385AAE33229EFF
内存搜索,下硬件断点,结果
0040450E . 83F9 08 cmp ecx, 0x8 启动时断到这里
004044F6 . /74 31 je short HtmlPack.00404529
004044F8 . |83F9 20 cmp ecx, 0x20 ; Switch (cases 0..20)
004044FB . |77 7C ja short HtmlPack.00404579
004044FD . |83E9 08 sub ecx, 0x8
00404500 . |7F 07 jg short HtmlPack.00404509
00404502 . |FF248D 4C4540>jmp dword ptr ds:[ecx*4+0x40454C]
00404509 > |DF2C01 fild qword ptr ds:[ecx+eax]
0040450C . |DF28 fild qword ptr ds:[eax]
0040450E . |83F9 08 cmp ecx, 0x8
来到了下面的地方
我又要强改,这次桌面上又生成了一个License文件
里边的内容
[SOFTWARE\htmlpack]
TTC=
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
