-
-
[求助]如何下断点?
-
发表于: 2007-4-14 22:41
-
我破解个程序,是国人的中文程序,输入注册码后,要重启才会验证注册码,而且没有“输入注册码错误”这类的提示,你随便输入一个注册码,重启后,出现的画面和没注册的一样,什么提示也没有。我用OD找到参考字符串没一个中文。所以一点下断点的线索都没有。请问各位高手,象这种程序,如何下断点啊,谢谢!!!
OD找到的参考字符串如下:
Ultra String Reference
Address Disassembly Text String
0040118A mov dword ptr [ebp-4], 004071C0 can't open file!
00401275 mov dword ptr [ebp-4], 00407198 can't retrieve the temporary directory!can't open file!
0040128D push 00407190 e_%x
004012C3 push 0040718C \
00401317 mov dword ptr [ebp-4], 00407174 insufficient memory!
00401342 mov dword ptr [ebp-4], 00407158 failed to decompress data!
00401378 mov dword ptr [esp], 0040714C krnln.fnr
0040138F push 00407140 krnln.fne
00401421 mov dword ptr [ebp-4], 00407120 not found the kernel library!
00401464 mov dword ptr [ebp-4], 00407100 failed to load kernel library!
0040146D push 004070F4 getnewsock
0040147D mov dword ptr [ebp-4], 004070D4 the kernel library is invalid!
00401494 mov dword ptr [ebp-4], 004070A8 the interface of kernel library is invalid!the kernel library is invalid!
0040149D mov dword ptr [ebp-4], 0040708C invalid data in the file!
004014A6 mov dword ptr [ebp-4], 0040705C failed to read file or invalid data in file!
004014AF mov dword ptr [ebp-4], 0040708C invalid data in the file!
004014B8 mov dword ptr [ebp-4], 00407038 failed to read data from the file!
004014E7 push 00407030 error
00401BF8 mov dword ptr [edi+18], 00407234 invalid block type
00401C10 mov dword ptr [edi+18], 00407214 invalid stored block lengths
00401C80 mov dword ptr [edi+18], 004071F0 too many length or distance symbolsinvalid stored block lengths
00401CAC mov dword ptr [edi+18], 004071D4 invalid bit length repeat
004022FA mov dword ptr [esi+18], 00407260 invalid literal/length code1.1.3
0040232F mov dword ptr [esi+18], 00407248 invalid distance code
00402669 mov dword ptr [esi+18], 00407248 invalid distance code
004026C6 mov dword ptr [esi+18], 00407260 invalid literal/length code1.1.3
00402905 mov dword ptr [esi+18], 004072D8 unknown compression method
00402928 mov dword ptr [esi+18], 004072C4 invalid window sizeunknown compression method
00402978 mov dword ptr [esi+18], 004072AC incorrect header check
00402ABC mov dword ptr [esi+18], 00407294 incorrect data check
00402B93 mov dword ptr [esi+18], 00407284 need dictionaryincorrect data check
00402C3D mov dword ptr [esi+18], 00408424 oversubscribed dynamic bit lengths treeincomplete literal/length tree
00402C55 mov dword ptr [esi+18], 00408400 incomplete dynamic bit lengths treeoversubscribed dynamic bit lengths treeincomplete literal/length tree
004030AA mov dword ptr [esi+18], 004084D0 oversubscribed distance tree
004030B8 mov dword ptr [esi+18], 004084B4 incomplete distance tree
004030C6 mov dword ptr [esi+18], 00408490 empty distance tree with lengths
004030D4 mov dword ptr [esi+18], 0040846C oversubscribed literal/length tree
004030E2 mov dword ptr [esi+18], 0040844C incomplete literal/length tree
0040324A push 0040727C 1.1.3
00403831 push ebp (initial cpu selection)
00404E32 push 004065D4 <program name unknown>
00404E74 push 004065D0 ...<program name unknown>
00404E88 push 004065B4 runtime error!\n\nprogram:
00404EA6 push 004065B0 \n\n
00404ECE push 00406588 microsoft visual c++ runtime library
00405674 push 0040661C user32.dll
0040568B push 00406610 messageboxauser32.dll
0040569C push 00406600 getactivewindowmessageboxauser32.dll
004056A4 push 004065EC getlastactivepopup
OD找到的参考字符串如下:
Ultra String Reference
Address Disassembly Text String
0040118A mov dword ptr [ebp-4], 004071C0 can't open file!
00401275 mov dword ptr [ebp-4], 00407198 can't retrieve the temporary directory!can't open file!
0040128D push 00407190 e_%x
004012C3 push 0040718C \
00401317 mov dword ptr [ebp-4], 00407174 insufficient memory!
00401342 mov dword ptr [ebp-4], 00407158 failed to decompress data!
00401378 mov dword ptr [esp], 0040714C krnln.fnr
0040138F push 00407140 krnln.fne
00401421 mov dword ptr [ebp-4], 00407120 not found the kernel library!
00401464 mov dword ptr [ebp-4], 00407100 failed to load kernel library!
0040146D push 004070F4 getnewsock
0040147D mov dword ptr [ebp-4], 004070D4 the kernel library is invalid!
00401494 mov dword ptr [ebp-4], 004070A8 the interface of kernel library is invalid!the kernel library is invalid!
0040149D mov dword ptr [ebp-4], 0040708C invalid data in the file!
004014A6 mov dword ptr [ebp-4], 0040705C failed to read file or invalid data in file!
004014AF mov dword ptr [ebp-4], 0040708C invalid data in the file!
004014B8 mov dword ptr [ebp-4], 00407038 failed to read data from the file!
004014E7 push 00407030 error
00401BF8 mov dword ptr [edi+18], 00407234 invalid block type
00401C10 mov dword ptr [edi+18], 00407214 invalid stored block lengths
00401C80 mov dword ptr [edi+18], 004071F0 too many length or distance symbolsinvalid stored block lengths
00401CAC mov dword ptr [edi+18], 004071D4 invalid bit length repeat
004022FA mov dword ptr [esi+18], 00407260 invalid literal/length code1.1.3
0040232F mov dword ptr [esi+18], 00407248 invalid distance code
00402669 mov dword ptr [esi+18], 00407248 invalid distance code
004026C6 mov dword ptr [esi+18], 00407260 invalid literal/length code1.1.3
00402905 mov dword ptr [esi+18], 004072D8 unknown compression method
00402928 mov dword ptr [esi+18], 004072C4 invalid window sizeunknown compression method
00402978 mov dword ptr [esi+18], 004072AC incorrect header check
00402ABC mov dword ptr [esi+18], 00407294 incorrect data check
00402B93 mov dword ptr [esi+18], 00407284 need dictionaryincorrect data check
00402C3D mov dword ptr [esi+18], 00408424 oversubscribed dynamic bit lengths treeincomplete literal/length tree
00402C55 mov dword ptr [esi+18], 00408400 incomplete dynamic bit lengths treeoversubscribed dynamic bit lengths treeincomplete literal/length tree
004030AA mov dword ptr [esi+18], 004084D0 oversubscribed distance tree
004030B8 mov dword ptr [esi+18], 004084B4 incomplete distance tree
004030C6 mov dword ptr [esi+18], 00408490 empty distance tree with lengths
004030D4 mov dword ptr [esi+18], 0040846C oversubscribed literal/length tree
004030E2 mov dword ptr [esi+18], 0040844C incomplete literal/length tree
0040324A push 0040727C 1.1.3
00403831 push ebp (initial cpu selection)
00404E32 push 004065D4 <program name unknown>
00404E74 push 004065D0 ...<program name unknown>
00404E88 push 004065B4 runtime error!\n\nprogram:
00404EA6 push 004065B0 \n\n
00404ECE push 00406588 microsoft visual c++ runtime library
00405674 push 0040661C user32.dll
0040568B push 00406610 messageboxauser32.dll
0040569C push 00406600 getactivewindowmessageboxauser32.dll
004056A4 push 004065EC getlastactivepopup
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
不是电子书,是个游戏存档程序,在网吧里用的,分服务端和客户端,如果没注册,客户端用不到几次,就链不上服务端了!!!
它的参考字符串没任何有用的信息,只能考虑在API上下断点。机器码和注册号都存在一个文件ini中,我想应该在读ini的那个API上下断点,但就是不清楚是哪一个!!!
|
|
|
|
|
|
|
|
|
|
