一个投资评价软件,看区段好象是新版的彩虹狗,加了狗壳,没有狗能破解吗?
参考了《论坛精华》,好象没有与新版彩虹狗相关的文章。
请高手指点,不胜感激!(用RAR分卷压缩了)
狗的驱动:rcusbwdm.sys 驱动安装DLL:RCMicroDogSetup.dll
部分代码:
程序入口
008513AE > $ 60 pushad
008513AF . 55 push ebp
008513B0 . 8BEC mov ebp, esp
008513B2 . 81EC 34040000 sub esp, 434
008513B8 . 53 push ebx
008513B9 . 56 push esi
008513BA . 57 push edi
008513BB . C685 B8FEFFFF 00 mov byte ptr ss:[ebp-148], 0
008513C2 . C685 B9FEFFFF 00 mov byte ptr ss:[ebp-147], 0
008513C9 . C685 BAFEFFFF 00 mov byte ptr ss:[ebp-146], 0
008513D0 . C685 BBFEFFFF 00 mov byte ptr ss:[ebp-145], 0
008513D7 . 8DBD BCFEFFFF lea edi, dword ptr ss:[ebp-144]
008513DD . 33C0 xor eax, eax
008513DF . B9 3F000000 mov ecx, 3F
008513E4 . F3:AB rep stos dword ptr es:[edi]
008513E6 . C685 E8FCFFFF 00 mov byte ptr ss:[ebp-318], 0
008513ED . C685 E9FCFFFF 00 mov byte ptr ss:[ebp-317], 0
008513F4 . C685 EAFCFFFF 00 mov byte ptr ss:[ebp-316], 0
008513FB . C685 EBFCFFFF 00 mov byte ptr ss:[ebp-315], 0
00851402 . 8DBD ECFCFFFF lea edi, dword ptr ss:[ebp-314]
00851408 . 33C0 xor eax, eax
0085140A . B9 3F000000 mov ecx, 3F
0085140F . F3:AB rep stos dword ptr es:[edi]
00851411 . C785 10FEFFFF A5A50000 mov dword ptr ss:[ebp-1F0], 0A5A5
0085141B . 66:C785 08FEFFFF 0A00 mov word ptr ss:[ebp-1F8], 0A
00851424 . E9 13090000 jmp 加密狗.00851D3C
00851429 > 90 nop
出错对话框
008525AE . 59 pop ecx
008525AF . EB 11 jmp short 加密狗.008525C2
008525B1 ?^ E9 D4EEFFFF jmp 加密狗.0085148A
008525B6 >^ E9 CFEEFFFF jmp 加密狗.0085148A
008525BB > EB 05 jmp short 加密狗.008525C2
008525BD >^ E9 C8EEFFFF jmp 加密狗.0085148A
008525C2 > 90 nop
008525C3 . 83BD 18FEFFFF 00 cmp dword ptr ss:[ebp-1E8], 0
008525CA . 74 38 je short 加密狗.00852604
008525CC . 8B85 90FEFFFF mov eax, dword ptr ss:[ebp-170]
008525D2 . 83B8 12060000 00 cmp dword ptr ds:[eax+612], 0
008525D9 . 74 22 je short 加密狗.008525FD
008525DB . 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
008525DD . 8B85 90FEFFFF mov eax, dword ptr ss:[ebp-170] ; |
008525E3 . 05 16060000 add eax, 616 ; |
008525E8 . 50 push eax ; |Title
008525E9 . 8B85 90FEFFFF mov eax, dword ptr ss:[ebp-170] ; |
008525EF . 05 54060000 add eax, 654 ; |
008525F4 . 50 push eax ; |Text
008525F5 . 6A 00 push 0 ; |hOwner = NULL
008525F7 . FF15 5C408500 call dword ptr ds:[<&USER32.MessageBoxA>] ; \MessageBoxA
008525FD > 6A 01 push 1 ; /Arg1 = 00000001
008525FF . E8 66DCFFFF call 加密狗.0085026A ; \加密狗.0085026A
00852604 > EB 00 jmp short 加密狗.00852606
00852606 > 5F pop edi
00852607 . 5E pop esi
00852608 . 5B pop ebx
00852609 . C9 leave
0085260A . 90 nop
0085260B . 90 nop
0085260C . 90 nop
0085260D . 90 nop
0085260E . 90 nop
0085260F . 90 nop
00852610 . 90 nop
00852611 . 90 nop
00852612 . 61 popad
00852613 >- FF25 08318500 jmp dword ptr ds:[853108] ; 加密狗.007A23AC
00852619 . C3 ret
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课