软件挺好用, 就是老弹广告, 好在作者提供了去广告码可以去除广告
16字节分为4个DWORD
第一个随意, 第二个是固定值 0x8A19B75F, 第三个DWORD是自己的ID值, 第四个DWORD是到期时长
生成算法如下:
随便输入任意字符串, 提示无效的广告码, 从提示入手
Spy一下, 确定软件应该是duilib开发的界面, 在软件目录下有res文件夹, 找到
res\ShiYeLine\value\string.xml 我们查找对应的提示文本, 看到
<String Id="IDS_REMOVE_ADVERTISEMENT_SUCCESS_FORMAT">开通成功,到期时间为:%s。</String>
<String Id="IDS_REMOVE_ADVERTISEMENT_CODE_EMPTY">请输入免广告码。</String>
<String Id="IDS_REMOVE_ADVERTISEMENT_CODE_INVALID">无效的免广告码。</String>
<String Id="IDS_REMOVE_ADVERTISEMENT_CODE_ADDED">免广告码已添加过。</String>
<String Id="IDS_REMOVE_ADVERTISEMENT_SUCCESS_FORMAT">开通成功,到期时间为:%s。</String>
<String Id="IDS_REMOVE_ADVERTISEMENT_CODE_EMPTY">请输入免广告码。</String>
<String Id="IDS_REMOVE_ADVERTISEMENT_CODE_INVALID">无效的免广告码。</String>
<String Id="IDS_REMOVE_ADVERTISEMENT_CODE_ADDED">免广告码已添加过。</String>
在IDA字符串列表中搜索 IDS_REMOVE_ADVERTISEMENT_CODE_INVALID
定位到函数 414570
if ( v62 )
{
v29 = 0;
i = 0;
ret = sub_5EE630(&v29, (basic_string *)&strNoAdvCode, (void **)&i);
if ( ret != 1 && v29 )
{
if ( ret == 2 )
{
string::string((basic_string *)&v50, L"IDS_REMOVE_ADVERTISEMENT_CODE_ADDED");// 免广告码已添加过。
LOBYTE(v64) = 7;
v8 = SkinUI::GetString((basic_string *)&v51, (basic_string *)&v50);
LOBYTE(v64) = 8;
string::substr((basic_string *)&v53, v8, 0, 0xFFFFFFFF);
string::dtor((basic_string *)&v51);
LOBYTE(v64) = 2;
string::dtor((basic_string *)&v50);
}
else
{
string::string((basic_string *)&v50, L"IDS_REMOVE_ADVERTISEMENT_SUCCESS_FORMAT");// 开通成功,到期时间为:%s。
LOBYTE(v64) = 9;
SkinUI::GetString((basic_string *)&v57, (basic_string *)&v50);
LOBYTE(v64) = 11;
string::dtor((basic_string *)&v50);
string::string((basic_string *)&v33, (void *)&WindowName);
LOBYTE(v64) = 12;
string::string((basic_string *)&v41, (void *)&WindowName);
LOBYTE(v64) = 13;
string::string((basic_string *)&v37, (void *)&WindowName);
LOBYTE(v64) = 14;
string::string((basic_string *)&v45, (void *)&WindowName);
LOBYTE(v64) = 15;
v9 = sub_4B0580((basic_string *)&v52, (unsigned int)i);
LOBYTE(v64) = 16;
if ( v9->_Myres < 8 )
v10 = (int)&v9->Buf.pBuf;
else
v10 = (int)v9->Buf.pBuf;
v11 = Format;
if ( v59 < 8 )
v11 = (wchar_t *)&Format;
v12 = SkinUI::StringFormat((basic_string *)&v51, v11, v10);
LOBYTE(v64) = 17;
SkinUI::MsgBox(v12, v32[144], &v45, 0, &v37, &v41, &v33, 0);
string::dtor((basic_string *)&v51);
string::dtor((basic_string *)&v52);
string::dtor((basic_string *)&v45);
string::dtor((basic_string *)&v37);
string::dtor((basic_string *)&v41);
string::dtor((basic_string *)&v33);
LOBYTE(v64) = 2;
string::dtor((basic_string *)&v57);
}
}
else
{
string::string((basic_string *)&v37, L"IDS_REMOVE_ADVERTISEMENT_CODE_INVALID");// 无效的免广告码。
LOBYTE(v64) = 5;
v13 = SkinUI::GetString((basic_string *)&v41, (basic_string *)&v37);
//......
}
if ( v62 )
{
v29 = 0;
i = 0;
ret = sub_5EE630(&v29, (basic_string *)&strNoAdvCode, (void **)&i);
if ( ret != 1 && v29 )
{
if ( ret == 2 )
{
string::string((basic_string *)&v50, L"IDS_REMOVE_ADVERTISEMENT_CODE_ADDED");// 免广告码已添加过。
LOBYTE(v64) = 7;
v8 = SkinUI::GetString((basic_string *)&v51, (basic_string *)&v50);
LOBYTE(v64) = 8;
string::substr((basic_string *)&v53, v8, 0, 0xFFFFFFFF);
string::dtor((basic_string *)&v51);
LOBYTE(v64) = 2;
string::dtor((basic_string *)&v50);
}
else
{
string::string((basic_string *)&v50, L"IDS_REMOVE_ADVERTISEMENT_SUCCESS_FORMAT");// 开通成功,到期时间为:%s。
LOBYTE(v64) = 9;
SkinUI::GetString((basic_string *)&v57, (basic_string *)&v50);
LOBYTE(v64) = 11;
string::dtor((basic_string *)&v50);
string::string((basic_string *)&v33, (void *)&WindowName);
LOBYTE(v64) = 12;
string::string((basic_string *)&v41, (void *)&WindowName);
LOBYTE(v64) = 13;
string::string((basic_string *)&v37, (void *)&WindowName);
LOBYTE(v64) = 14;
string::string((basic_string *)&v45, (void *)&WindowName);
LOBYTE(v64) = 15;
v9 = sub_4B0580((basic_string *)&v52, (unsigned int)i);
LOBYTE(v64) = 16;
if ( v9->_Myres < 8 )
v10 = (int)&v9->Buf.pBuf;
else
v10 = (int)v9->Buf.pBuf;
v11 = Format;
if ( v59 < 8 )
v11 = (wchar_t *)&Format;
v12 = SkinUI::StringFormat((basic_string *)&v51, v11, v10);
LOBYTE(v64) = 17;
SkinUI::MsgBox(v12, v32[144], &v45, 0, &v37, &v41, &v33, 0);
string::dtor((basic_string *)&v51);
string::dtor((basic_string *)&v52);
string::dtor((basic_string *)&v45);
string::dtor((basic_string *)&v37);
string::dtor((basic_string *)&v41);
string::dtor((basic_string *)&v33);
LOBYTE(v64) = 2;
string::dtor((basic_string *)&v57);
}
}
else
{
string::string((basic_string *)&v37, L"IDS_REMOVE_ADVERTISEMENT_CODE_INVALID");// 无效的免广告码。
LOBYTE(v64) = 5;
v13 = SkinUI::GetString((basic_string *)&v41, (basic_string *)&v37);
//......
}
很明显 5EE630 就是验证广告码的函数了, 下个断点调试一下, 可以确定第二个参数是我们输入的广告码, 进去看看是怎么验证的
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
最后于 2019-4-30 21:39
被SnowFox编辑
,原因: