偶是破解菜虫(比菜鸟还菜。。。)
为了寻找破解Anti-Keylogger Elite3.3.3的方法偶然发现了看雪,并打算把破解作为我的爱好
废话少说,参考了一些文章之后,我决定利用W32dsm+UE来进行爆破
由于没检测到壳,就用W32dsm反汇编,注意到以下部分:
:0040D95B 8B1580324E00 mov edx, dword ptr [004E3280]
:0040D961 8B0A mov ecx, dword ptr [edx]
:0040D963 8B8100030000 mov eax, dword ptr [ecx+00000300]
:0040D969 85C0 test eax, eax
:0040D96B 746D je 0040D9DA
:0040D96D 6A03 push 00000003
:0040D96F 33D2 xor edx, edx
:0040D971 66C745E80800 mov [ebp-18], 0008
:0040D977 8955FC mov dword ptr [ebp-04], edx
:0040D97A A1FC344E00 mov eax, dword ptr [004E34FC]
:0040D97F FF45F4 inc [ebp-0C]
:0040D982 8D55FC lea edx, dword ptr [ebp-04]
:0040D985 8B00 mov eax, dword ptr [eax]
:0040D987 E864FB0600 call 0047D4F0
:0040D98C 8B55FC mov edx, dword ptr [ebp-04]
:0040D98F 85D2 test edx, edx
:0040D991 7405 je 0040D998
:0040D993 8B4DFC mov ecx, dword ptr [ebp-04]
:0040D996 EB05 jmp 0040D99D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040D991(C)
|
:0040D998 B9D1824D00 mov ecx, 004D82D1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040D996(U)
|
:0040D99D 51 push ecx
* Possible StringData Ref from Data Obj ->"Your copy is registered, are you "
->"sure to continue?"
|
:0040D99E 689E824D00 push 004D829E
:0040D9A3 8BC3 mov eax, ebx
:0040D9A5 E8620F0800 call 0048E90C
:0040D9AA 50 push eax
于是就很高兴用UE在0040D991处把7405改成9090。。。。结果失败了
哪位仁兄能指点一下么?感激不尽。
顺便问一下。。W32dsm中怎么直接复制代码??
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
