在破解ROCKNT加密狗出现问题,有一个程序运行要有狗才能运行,现在程序已经去掉一部分,能运行,也把根据狗的参数,改一个标志,能正常运行,但还有一个地方出现问题。
005306D8 55 push ebp
005306D9 8BEC mov ebp, esp
005306DB 83C4F8 add esp, -$08
005306DE 8955F8 mov [ebp-$08], edx
005306E1 8945FC mov [ebp-$04], eax
|
005306E4 E80B51FBFF call 004E57F4 (调用在后面)
005306E9 84C0 test al, al
005306EB 746C jz 00530759
005306ED A1509A5300 mov eax, dword ptr [$00539A50]
* Reference to: controls.TWinControl.GetHandle(TWinControl):Windows.HWND;
|
005306F2 E82501F2FF call 0045081C
005306F7 50 push eax
* Reference to: user32.LockWindowUpdate()
|
005306F8 E83773EDFF call 00407A34
005306FD 33C0 xor eax, eax
005306FF 55 push ebp
* Possible String Reference to: '轳9?腭YY]?@'
|
00530700 6852075300 push $00530752
***** TRY
|
00530705 64FF30 push dword ptr fs:[eax]
00530708 648920 mov fs:[eax], esp
0053070B 8B0D206C5300 mov ecx, [$00536C20]
00530711 A14C6C5300 mov eax, dword ptr [$00536C4C]
00530716 8B00 mov eax, [eax]
00530718 8B15B85D5100 mov edx, [$00515DB8]
* Reference to: forms.TApplication.CreateForm(TApplication;Classes.TComponentClass;void);
|
0053071E E8F5A1F3FF call 0046A918
00530723 A1206C5300 mov eax, dword ptr [$00536C20]
00530728 8B00 mov eax, [eax]
0053072A B202 mov dl, $02
* Reference to : TApplication._PROC_004650A4()
|
0053072C E87349F3FF call 004650A4
00530731 A1206C5300 mov eax, dword ptr [$00536C20]
00530736 8B00 mov eax, [eax]
* Reference to: forms.TCustomForm.Show(TCustomForm);
|
00530738 E83F6DF3FF call 0046747C
0053073D 33C0 xor eax, eax
0053073F 5A pop edx
00530740 59 pop ecx
00530741 59 pop ecx
00530742 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: 'YY]?@'
|
00530745 6859075300 push $00530759
0053074A 6A00 push $00
* Reference to: user32.LockWindowUpdate()
|
0053074C E8E372EDFF call 00407A34
00530751 C3 ret
00530752 E97139EDFF jmp 004040C8
00530757 EBF1 jmp 0053074A
****** END
|
00530759 59 pop ecx
0053075A 59 pop ecx
0053075B 5D pop ebp
0053075C C3 ret
----这是前面调用模块
004E57F4 55 push ebp
004E57F5 8BEC mov ebp, esp
004E57F7 83C4F0 add esp, -$10
004E57FA C645FF00 mov byte ptr [ebp-$01], $00
004E57FE C70564985300BC45F104 mov dword ptr [$00539864], $04F145BC
004E5808 8D45F8 lea eax, [ebp-$08]
004E580B E8ACFCFFFF call 004E54BC
004E5810 8945F4 mov [ebp-$0C], eax
004E5813 837DF400 cmp dword ptr [ebp-$0C], +$00
004E5817 0F84A3000000 jz 004E58C0
004E581D 837DF4FF cmp dword ptr [ebp-$0C], -$01
004E5821 751D jnz 004E5840
004E5823 6A40 push $40
* Possible String Reference to: '提示'
|
004E5825 B9CC584E00 mov ecx, $004E58CC
* Possible String Reference to: '请先插入加密锁!'
|
004E582A BAD4584E00 mov edx, $004E58D4
004E582F A14C6C5300 mov eax, dword ptr [$00536C4C]
004E5834 8B00 mov eax, [eax]
* Reference to : TApplication._PROC_0046AB28()
|
004E5836 E8ED52F8FF call 0046AB28
004E583B E984000000 jmp 004E58C4
004E5840 837DF4FE cmp dword ptr [ebp-$0C], -$02
004E5844 751A jnz 004E5860
004E5846 6A40 push $40
* Possible String Reference to: '提示'
|
004E5848 B9CC584E00 mov ecx, $004E58CC
* Possible String Reference to: '请先插入厂商指定的加密锁!'
|
004E584D BAE8584E00 mov edx, $004E58E8
004E5852 A14C6C5300 mov eax, dword ptr [$00536C4C]
004E5857 8B00 mov eax, [eax]
* Reference to : TApplication._PROC_0046AB28()
|
004E5859 E8CA52F8FF call 0046AB28
004E585E EB64 jmp 004E58C4
004E5860 837DF4FD cmp dword ptr [ebp-$0C], -$03
004E5864 751A jnz 004E5880
004E5866 6A40 push $40
* Possible String Reference to: '提示'
|
004E5868 B9CC584E00 mov ecx, $004E58CC
* Possible String Reference to: '读数据失败,请与厂商联系!'
|
004E586D BA04594E00 mov edx, $004E5904
004E5872 A14C6C5300 mov eax, dword ptr [$00536C4C]
004E5877 8B00 mov eax, [eax]
* Reference to : TApplication._PROC_0046AB28()
|
004E5879 E8AA52F8FF call 0046AB28
004E587E EB44 jmp 004E58C4
004E5880 837DF4FC cmp dword ptr [ebp-$0C], -$04
004E5884 751A jnz 004E58A0
004E5886 6A40 push $40
* Possible String Reference to: '提示'
|
004E5888 B9CC584E00 mov ecx, $004E58CC
* Possible String Reference to: '校验数据不合法,请与厂商联系!'
|
004E588D BA20594E00 mov edx, $004E5920
004E5892 A14C6C5300 mov eax, dword ptr [$00536C4C]
004E5897 8B00 mov eax, [eax]
* Reference to : TApplication._PROC_0046AB28()
|
004E5899 E88A52F8FF call 0046AB28
004E589E EB24 jmp 004E58C4
004E58A0 837DF4FB cmp dword ptr [ebp-$0C], -$05
004E58A4 751E jnz 004E58C4
004E58A6 6A40 push $40
* Possible String Reference to: '提示'
|
004E58A8 B9CC584E00 mov ecx, $004E58CC
* Possible String Reference to: '锁操作失败,请与厂商联系!'
|
004E58AD BA40594E00 mov edx, $004E5940
004E58B2 A14C6C5300 mov eax, dword ptr [$00536C4C]
004E58B7 8B00 mov eax, [eax]
* Reference to : TApplication._PROC_0046AB28()
|
004E58B9 E86A52F8FF call 0046AB28
004E58BE EB04 jmp 004E58C4
004E58C0 C645FF01 mov byte ptr [ebp-$01], $01
004E58C4 8A45FF mov al, byte ptr [ebp-$01]
004E58C7 8BE5 mov esp, ebp
004E58C9 5D pop ebp
004E58CA C3 ret
[课程]Android-CTF解题方法汇总!