这个 ServiceCore.dll 就相当于注册机了 自己调用一下这个DLL就能搞定.
比如 获取机器码
typedef BOOL (__cdecl* pfnGetMachineID)(wchar_t *buf);
m_hmodule = LoadLibrary(L"ServiceCore");
BOOL GetMachineID(wchar_t * buf)
{
pfnGetMachineID p = (pfnGetMachineID)GetProcAddress(m_hmodule, "?GetMachineID@CWHService@@SA_NQA_W@Z");
if (p)
{
return p(buf);
}
return FALSE;
}
wchar_t szBuf[255] = { 0 };
GetMachineID(szBuf);
printf("%ws\n", szBuf);
解密就是
//?InitializeKey@CWHDES@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
void CWHDES::InitializeKey(class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char> >)
//?DecryptAnyLength@CWHDES@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
void CWHDES::DecryptAnyLength(class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)
比较是否注册就是 解密的数据再 与 机器码比较.
0133255A |. 85C0 TEST EAX,EAX
0133255C |. 74 0B JE SHORT GameServ.01332569
0133255E |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
01332560 |. 8BCB MOV ECX,EBX
01332562 |. FF50 08 CALL DWORD PTR DS:[EAX+0x8]
01332565 |. 32DB XOR BL,BL
01332567 |. EB 02 JMP SHORT GameServ.0133256B
01332569 |> B3 01 MOV BL,0x1
bl = IsRegister 俗称关键跳转赋值. 但是不建议暴破,因为可能还有其他文件用到注册码检测.
直接拿ServiceCore.dll写注册机是最佳之选.
最后于 2021-1-29 13:30
被Mxixihaha编辑
,原因: