能力值:
( LV4,RANK:50 )
|
-
-
2 楼
well , message box intercepter by API Breakpoint plugin
:)
继续等待知道。。。
谢谢大侠们作的工具
|
能力值:
( LV4,RANK:50 )
|
-
-
3 楼
ok.
拦截了activation code输入框,看到了自己输入的试炼码 :)
但一输入activation code那个强制改成可用的activate按钮就变黑了。
我贴出下面的代码,高手帮帮哈
51E68C75-EA0F : correct hdid
123456789-eeeeeeee : testing acode
0058A59C /$ 55 push ebp ; Enter Code, application halts here on acode input, run the app the popup windows shows, and if acode is inputed, app halts
0058A59D |. 8BEC mov ebp, esp
0058A59F |. 83C4 F4 add esp, -0C
0058A5A2 |. 33C9 xor ecx, ecx
0058A5A4 |. 894D F4 mov dword ptr ss:[ebp-C], ecx ; ecx=00000000, stack ss:[0012f128-c](=0012f11c)=flashdig.0043f632
0058A5A7 |. 8955 F8 mov dword ptr ss:[ebp-8], edx ; edx=012feb6c, ss:[012f120]=012feb6c
0058A5AA |. 8945 FC mov dword ptr ss:[ebp-4], eax
0058A5AD |. 33C0 xor eax, eax
0058A5AF |. 55 push ebp ; 0012f128
0058A5B0 |. 68 FAA55800 push 0058A5FA ; //flashdig.0058a5b0
0058A5B5 |. 64:FF30 push dword ptr fs:[eax]
0058A5B8 |. 64:8920 mov dword ptr fs:[eax], esp
0058A5BB |. 8D55 F4 lea edx, dword ptr ss:[ebp-C] ; // stack addr=0012f11c, edx=012feb6c
0058A5BE |. 8B45 FC mov eax, dword ptr ss:[ebp-4] ; //eax=0
0058A5C1 |. 8B80 D8020000 mov eax, dword ptr ds:[eax+2D8] ; // ds:[012FC260]=012FEB6C, ds:[012FC260]=012FEB6C
0058A5C7 |. E8 7855EBFF call 0043FB44 ; // follow this call?
0058A5CC |. 8B45 F4 mov eax, dword ptr ss:[ebp-C] ; test activation code is stored here
Stack ss:[0012E890]=01424DD0,
(ASCII "123456789-eeeeeeee")
eax=00000012
0058A5CF |. E8 8CFEFFFF call 0058A460
0058A5D4 |. 8BD0 mov edx, eax
0058A5D6 |. 8B45 FC mov eax, dword ptr ss:[ebp-4]
0058A5D9 |. 8B80 A4020000 mov eax, dword ptr ds:[eax+2A4] ; Activation botton
0058A5DF |. 8B08 mov ecx, dword ptr ds:[eax]
0058A5E1 |. FF51 5C call dword ptr ds:[ecx+5C]
0058A5E4 |. 33C0 xor eax, eax
0058A5E6 |. 5A pop edx
0058A5E7 |. 59 pop ecx
0058A5E8 |. 59 pop ecx
0058A5E9 |. 64:8910 mov dword ptr fs:[eax], edx
0058A5EC |. 68 01A65800 push 0058A601
0058A5F1 |> 8D45 F4 lea eax, dword ptr ss:[ebp-C]
0058A5F4 |. E8 E3A2E7FF call 004048DC ; // halts here at acode input
0058A5F9 \. C3 retn
0058A5FA .^ E9 F19BE7FF jmp 004041F0 ; // application waits/calls for verificatiion at this bp
|