征求此段代码破解思路！-经典问答-看雪-安全社区|安全招聘|kanxue.com

征求此段代码破解思路！

发表于: 2006-11-9 11:04 4271

征求此段代码破解思路！

lishigui

活跃值

2006-11-9 11:04

4271

0042686A  /$  55          PUSH EBP
0042686B  |.  8BEC       MOV EBP,ESP
0042686D  |.  6A FF       PUSH -1
0042686F  |.  68 90CE4300 PUSH WarCraft.0043CE90                               ;  感ld; SE 处理程序安装
00426874  |.  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0042687A  |.  50          PUSH EAX
0042687B  |.  64:8925 00000>MOV DWORD PTR FS:[0],ESP
00426882  |.  81EC 44010000 SUB ESP,144
00426888  |.  C745 E0 00000>MOV DWORD PTR SS:[EBP-20],0
0042688F  |.  8D4D E8    LEA ECX,DWORD PTR SS:[EBP-18]
00426892  |.  E8 7D1E0100 CALL <JMP.&MFC42.#540_??0CString@@QAE@XZ>
00426897  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0042689E  |.  68 14D14400 PUSH WarCraft.0044D114                               ;  system\controlset001\services\tcpip\parameters\interfaces
004268A3  |.  8D4D E4    LEA ECX,DWORD PTR SS:[EBP-1C]
004268A6  |.  E8 931E0100 CALL <JMP.&MFC42.#537_??0CString@@QAE@PBD@Z>
004268AB  |.  C645 FC 01 MOV BYTE PTR SS:[EBP-4],1
004268AF  |.  8D45 EC    LEA EAX,DWORD PTR SS:[EBP-14]
004268B2  |.  50          PUSH EAX
004268B3  |.  68 19000200 PUSH 20019
004268B8  |.  6A 00       PUSH 0
004268BA  |.  8D4D E4    LEA ECX,DWORD PTR SS:[EBP-1C]
004268BD  |.  E8 2EB1FDFF CALL WarCraft.004019F0
004268C2  |.  50          PUSH EAX                                           ; |Subkey
004268C3  |.  68 02000080 PUSH 80000002                                        ; |hKey = HKEY_LOCAL_MACHINE
004268C8  |.  FF15 04E04300 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKeyExA>]       ; \RegOpenKeyExA
004268CE  |.  8945 F0    MOV DWORD PTR SS:[EBP-10],EAX
004268D1  |.  837D F0 00 CMP DWORD PTR SS:[EBP-10],0
004268D5  |.  0F85 2F010000 JNZ WarCraft.00426A0A
004268DB  |.  C745 DC 04010>MOV DWORD PTR SS:[EBP-24],104
004268E2  |.  6A 00       PUSH 0                                              ; /pLastWrite = NULL
004268E4  |.  6A 00       PUSH 0                                              ; |pSecurity = NULL
004268E6  |.  6A 00       PUSH 0                                              ; |pMaxValueLength = NULL
004268E8  |.  6A 00       PUSH 0                                              ; |pMaxValueNameLength = NULL
004268EA  |.  6A 00       PUSH 0                                              ; |pnValues = NULL
004268EC  |.  6A 00       PUSH 0                                              ; |pMaxClassLength = NULL
004268EE  |.  6A 00       PUSH 0                                              ; |pMaxSubkeyLength = NULL
004268F0  |.  8D8D CCFEFFFF LEA ECX,DWORD PTR SS:[EBP-134]                      ; |
004268F6  |.  51          PUSH ECX                                           ; |pnSubkeys
004268F7  |.  6A 00       PUSH 0                                              ; |Reserved = NULL
004268F9  |.  6A 00       PUSH 0                                              ; |pClassCount = NULL
004268FB  |.  6A 00       PUSH 0                                              ; |Class = NULL
004268FD  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]                      ; |
00426900  |.  52          PUSH EDX                                           ; |hKey
00426901  |.  FF15 08E04300 CALL DWORD PTR DS:[<&ADVAPI32.RegQueryInfoKeyA>]    ; \RegQueryInfoKeyA
00426907  |.  C785 C8FEFFFF>MOV DWORD PTR SS:[EBP-138],0
00426911  |.  EB 0F       JMP SHORT WarCraft.00426922
00426913  |>  8B85 C8FEFFFF /MOV EAX,DWORD PTR SS:[EBP-138]
00426919  |.  83C0 01    |ADD EAX,1
0042691C  |.  8985 C8FEFFFF |MOV DWORD PTR SS:[EBP-138],EAX
00426922  |>  8B8D C8FEFFFF  MOV ECX,DWORD PTR SS:[EBP-138]
00426928  |.  3B8D CCFEFFFF |CMP ECX,DWORD PTR SS:[EBP-134]
0042692E  |.  0F8D D6000000 |JGE WarCraft.00426A0A
00426934  |.  C745 DC 04010>|MOV DWORD PTR SS:[EBP-24],104
0042693B  |.  8D55 D4    |LEA EDX,DWORD PTR SS:[EBP-2C]
0042693E  |.  52          |PUSH EDX                                           ; /pLastWrite
0042693F  |.  6A 00       |PUSH 0                                              ; |pClassCount = NULL
00426941  |.  6A 00       |PUSH 0                                              ; |Class = NULL
00426943  |.  6A 00       |PUSH 0                                              ; |Reserved = NULL
00426945  |.  8D45 DC    |LEA EAX,DWORD PTR SS:[EBP-24]                      ; |
00426948  |.  50          |PUSH EAX                                           ; |pBufCount
00426949  |.  8D8D D0FEFFFF |LEA ECX,DWORD PTR SS:[EBP-130]                      ; |
0042694F  |.  51          |PUSH ECX                                           ; |Buffer
00426950  |.  8B95 C8FEFFFF |MOV EDX,DWORD PTR SS:[EBP-138]                      ; |
00426956  |.  52          |PUSH EDX                                           ; |Index
00426957  |.  8B45 EC    |MOV EAX,DWORD PTR SS:[EBP-14]                      ; |
0042695A  |.  50          |PUSH EAX                                           ; |hKey
0042695B  |.  FF15 0CE04300 |CALL DWORD PTR DS:[<&ADVAPI32.RegEnumKeyExA>]       ; \RegEnumKeyExA
00426961  |.  8945 F0    |MOV DWORD PTR SS:[EBP-10],EAX
00426964  |.  8D8D C0FEFFFF |LEA ECX,DWORD PTR SS:[EBP-140]
0042696A  |.  E8 A51D0100 |CALL <JMP.&MFC42.#540_??0CString@@QAE@XZ>
0042696F  |.  C645 FC 02 |MOV BYTE PTR SS:[EBP-4],2
00426973  |.  8D8D D0FEFFFF |LEA ECX,DWORD PTR SS:[EBP-130]
00426979  |.  51          |PUSH ECX
0042697A  |.  8B55 E4    |MOV EDX,DWORD PTR SS:[EBP-1C]
0042697D  |.  52          |PUSH EDX
0042697E  |.  68 50D14400 |PUSH WarCraft.0044D150                            ;  %s\%s
00426983  |.  8D85 C0FEFFFF |LEA EAX,DWORD PTR SS:[EBP-140]
00426989  |.  50          |PUSH EAX
0042698A  |.  E8 C11D0100 |CALL <JMP.&MFC42.#2818_?Format@CString@@QAAXPBDZZ>
0042698F  |.  83C4 10    |ADD ESP,10
00426992  |.  8D8D D0FEFFFF |LEA ECX,DWORD PTR SS:[EBP-130]
00426998  |.  51          |PUSH ECX
00426999  |.  8D4D E8    |LEA ECX,DWORD PTR SS:[EBP-18]
0042699C  |.  E8 6D1D0100 |CALL <JMP.&MFC42.#860_??4CString@@QAEABV0@PBD@Z>
004269A1  |.  6A 10       |PUSH 10
004269A3  |.  51          |PUSH ECX
004269A4  |.  8BD4       |MOV EDX,ESP
004269A6  |.  89A5 BCFEFFFF |MOV DWORD PTR SS:[EBP-144],ESP
004269AC  |.  6A 08       |PUSH 8
004269AE  |.  6A 01       |PUSH 1
004269B0  |.  52          |PUSH EDX
004269B1  |.  8D4D E8    |LEA ECX,DWORD PTR SS:[EBP-18]
004269B4  |.  E8 A5210100 |CALL <JMP.&MFC42.#4278_?Mid@CString@@QBE?AV1@HH@Z>
004269B9  |.  8985 B4FEFFFF |MOV DWORD PTR SS:[EBP-14C],EAX                      ; |
004269BF  |.  E8 9F3EFFFF |CALL WarCraft.0041A863                            ; \WarCraft.0041A863
004269C4  |.  83C4 08    |ADD ESP,8
004269C7  |.  8985 B0FEFFFF |MOV DWORD PTR SS:[EBP-150],EAX
004269CD  |.  8B85 B0FEFFFF |MOV EAX,DWORD PTR SS:[EBP-150]
004269D3  |.  8985 C4FEFFFF |MOV DWORD PTR SS:[EBP-13C],EAX
004269D9  |.  837D E0 00 |CMP DWORD PTR SS:[EBP-20],0
004269DD  |.  74 0E       |JE SHORT WarCraft.004269ED
004269DF  |.  8B4D E0    |MOV ECX,DWORD PTR SS:[EBP-20]
004269E2  |.  338D C4FEFFFF |XOR ECX,DWORD PTR SS:[EBP-13C]
004269E8  |.  894D E0    |MOV DWORD PTR SS:[EBP-20],ECX
004269EB  |.  EB 09       |JMP SHORT WarCraft.004269F6
004269ED  |>  8B95 C4FEFFFF |MOV EDX,DWORD PTR SS:[EBP-13C]
004269F3  |.  8955 E0    |MOV DWORD PTR SS:[EBP-20],EDX
004269F6  |>  C645 FC 01 |MOV BYTE PTR SS:[EBP-4],1
004269FA  |.  8D8D C0FEFFFF |LEA ECX,DWORD PTR SS:[EBP-140]
00426A00  |.  E8 FD1C0100 |CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
00426A05  |.^ E9 09FFFFFF \JMP WarCraft.00426913
00426A0A  |>  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
00426A0D  |.  50          PUSH EAX                                           ; /hKey
00426A0E  |.  FF15 14E04300 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKey>]          ; \RegCloseKey
00426A14  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]
00426A17  |.  898D B8FEFFFF MOV DWORD PTR SS:[EBP-148],ECX
00426A1D  |.  C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
00426A21  |.  8D4D E4    LEA ECX,DWORD PTR SS:[EBP-1C]
00426A24  |.  E8 D91C0100 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
00426A29  |.  C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
00426A30  |.  8D4D E8    LEA ECX,DWORD PTR SS:[EBP-18]
00426A33  |.  E8 CA1C0100 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
00426A38  |.  8B85 B8FEFFFF MOV EAX,DWORD PTR SS:[EBP-148]
00426A3E  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
00426A41  |.  64:890D 00000>MOV DWORD PTR FS:[0],ECX
00426A48  |.  8BE5       MOV ESP,EBP
00426A4A  |.  5D          POP EBP
00426A4B  \.  C3          RETN

这个软件是通过机器码得到.ky文件进行注册的，上面一段应该是对。ky文件的验证段，如何破解那？提供点提示思路谢谢！！

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・1

免费・0

支持

分享

最新回复 (2)
kanxue 雪币： 47147 活跃值： (20450) 能力值： (RANK：350 ) 在线值：发帖 2375 回帖 17045 粉丝 541 关注私信	kanxue 8 2 楼这段是针对注册表的一些操作 2006-11-9 11:06 0
lishigui 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 6 粉丝 0 关注私信	lishigui 3 楼啊。。。难道这个东西是通过修改注册表来注册的。。。那样不是很简单。。。我搞搞看。。 2006-11-9 12:32 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

返回

lishigui

发帖

回帖

RANK

他的文章

看雪公众号

专注于PC、移动、智能设备安全研究及逆向工程的开发者社区

//