我手头有一个软件,是别人破解后重新加密的,最近坏了,重装后发现有三个锁,已经解决前面两个,但因为本人不太会看代码,所以找不到第三个针在哪里,还望高手帮忙,下面是用IDA得到的代码,如果针不在这段代码里还请下附件看看到底在哪里,该如何解决?
附件(因为只能传JPG,请目标另存为后改为名EXE.RAR):
http://www.ygblog.com/UploadFiles/2007-7/36348.2739675.jpg
主程序为SHOEMAGICEXE。EXE运行中应该调用了另外一个EXE文件:JDF—IP——R1——E。EXE
这里有几个加密的地方,一个是网卡型号(accton en1207d),一个是网卡地址,现在满足前两者之后仍然有一个命令不能使用"injection"错误提示为"err:1"。我估计这个错误是与某一个数据对比得出来了,调用了ipconfig.exe,请注意看"s_Err1",也有一次调试之后出现的是s_Err1_1。使用这个命令提示错误后并不关闭程序。只是命令不发挥作用。下面是JDF—IP——R1——E。EXE里面加密的一些地方,SHOEMAGICEXE。EXE里面也有相似语句。
.rdata:004432F0 s_Block db '#BLOCK',0 ; DATA XREF: sub_401000+1E39o
.rdata:004432F7 align 4
.rdata:004432F8 s_Err1_2 db 'ERR:1.2',0 ; DATA XREF: sub_401000+1426o
.rdata:00443300 s_Acc07d db 'ACC07D',0 ; DATA XREF: sub_401000+140Fo
.rdata:00443307 align 4
.rdata:00443308 s_AcctonEn1207d db 'Accton EN1207D',0 ; DATA XREF: sub_401000+13F9o
.rdata:00443317 align 4
.rdata:00443318 s_E100b1 db 'E100B1',0 ; DATA XREF: sub_401000+13D2o
.rdata:0044331F align 10h
.rdata:00443320 s_Err1_3 db 'ERR:1.3',0 ; DATA XREF: sub_401000+133Eo
.rdata:00443328 s_00-10-b5-86_4 db '00-10-B5-86-FC-A8',0 ; DATA XREF: sub_401000+1310o
.rdata:0044333A align 4
.rdata:0044333C s_00-10-b5-41-9 db '00-10-B5-41-9B-8B',0 ; DATA XREF: sub_401000+12FEo
.rdata:0044334E align 10h
.rdata:00443350 s_00-10-b5-86_3 db '00-10-B5-86-FC-CD',0 ; DATA XREF: sub_401000+12ECo
.rdata:00443362 align 4
.rdata:00443364 s_00-10-b5-3a_0 db '00-10-B5-3A-97-AE',0 ; DATA XREF: sub_401000+12D6o
.rdata:00443376 align 4
.rdata:00443378 s_00-10-b5-3a-9 db '00-10-B5-3A-97-B3',0 ; DATA XREF: sub_401000+12C0o
.rdata:0044338A align 4
.rdata:0044338C s_00-00-e8-66-c db '00-00-E8-66-C6-9D',0 ; DATA XREF: sub_401000+12AAo
.rdata:0044339E align 10h
.rdata:004433A0 s_00-00-e8-71-d db '00-00-E8-71-D9-58',0 ; DATA XREF: sub_401000+1294o
.rdata:004433B2 align 4
.rdata:004433B4 s_00-10-b5-86_2 db '00-10-B5-86-FC-C0',0 ; DATA XREF: sub_401000+127Eo
.rdata:004433C6 align 4
.rdata:004433C8 s_00-80-c8-65-0 db '00-80-C8-65-06-E6',0 ; DATA XREF: sub_401000+1268o
.rdata:004433C8 ; sub_401000+1375o
.rdata:004433DA align 4
.rdata:004433DC s_00-10-b5-86_1 db '00-10-B5-86-FC-B9',0 ; DATA XREF: sub_401000+1252o
.rdata:004433EE align 10h
.rdata:004433F0 s_00-10-b5-86_0 db '00-10-B5-86-FC-BE',0 ; DATA XREF: sub_401000+123Co
.rdata:00443402 align 4
.rdata:00443404 s_00-10-b5-86-f db '00-10-B5-86-FC-B4',0 ; DATA XREF: sub_401000+1226o
.rdata:00443416 align 4
.rdata:00443418 s_00-10-b5-ae_2 db '00-10-B5-AE-32-ED',0 ; DATA XREF: sub_401000+1210o
.rdata:0044342A align 4
.rdata:0044342C s_00-40-26-6d-4 db '00-40-26-6D-40-44',0 ; DATA XREF: sub_401000+11FAo
.rdata:0044343E align 10h
.rdata:00443440 s_00-10-b5-ae_1 db '00-10-B5-AE-33-09',0 ; DATA XREF: sub_401000+11E4o
.rdata:00443452 align 4
.rdata:00443454 s_00-10-b5-ae_0 db '00-10-B5-AE-32-E3',0 ; DATA XREF: sub_401000+11CEo
.rdata:00443466 align 4
.rdata:00443468 s_00-10-b5-ae-3 db '00-10-B5-AE-34-92',0 ; DATA XREF: sub_401000+11B8o
.rdata:0044347A align 4
.rdata:0044347C s_00-10-b5-52_0 db '00-10-B5-52-D1-46',0 ; DATA XREF: sub_401000+11A2o
.rdata:0044348E align 10h
.rdata:00443490 s_00-10-b5-af_7 db '00-10-B5-AF-5C-46',0 ; DATA XREF: sub_401000+118Co
.rdata:004434A2 align 4
.rdata:004434A4 s_00-10-b5-af_6 db '00-10-B5-AF-48-FD',0 ; DATA XREF: sub_401000+1176o
.rdata:004434B6 align 4
.rdata:004434B8 s_00-10-b5-af_5 db '00-10-B5-AF-49-04',0 ; DATA XREF: sub_401000+1160o
.rdata:004434CA align 4
.rdata:004434CC s_00-10-b5-af_4 db '00-10-B5-AF-49-05',0 ; DATA XREF: sub_401000+114Ao
.rdata:004434DE align 10h
.rdata:004434E0 s_00-10-b5-af_3 db '00-10-B5-AF-49-07',0 ; DATA XREF: sub_401000+1134o
.rdata:004434F2 align 4
.rdata:004434F4 s_00-10-b5-af_2 db '00-10-B5-AF-49-08',0 ; DATA XREF: sub_401000+111Eo
.rdata:00443506 align 4
.rdata:00443508 s_00-10-b5-af_1 db '00-10-B5-AF-49-11',0 ; DATA XREF: sub_401000+1108o
.rdata:0044351A align 4
.rdata:0044351C s_00-10-b5-af-4 db '00-10-B5-AF-49-0B',0 ; DATA XREF: sub_401000+10F2o
.rdata:0044352E align 10h
.rdata:00443530 s_00-10-b5-af_0 db '00-10-B5-AF-5C-40',0 ; DATA XREF: sub_401000+10DCo
.rdata:00443542 align 4
.rdata:00443544 s_00-10-b5-52-d db '00-10-B5-52-D1-32',0 ; DATA XREF: sub_401000+10C6o
.rdata:00443556 align 4
.rdata:00443558 s_00-10-b5-af-5 db '00-10-B5-AF-5C-5D',0 ; DATA XREF: sub_401000+10A2o
.rdata:0044356A align 4
.rdata:0044356C s_Err1_1 db 'ERR:1.1',0 ; DATA XREF: sub_401000+1013o
.rdata:00443574 s_WindowsNt db 'Windows NT',0 ; DATA XREF: sub_401000+FE3o
.rdata:0044357F align 10h
.rdata:00443580 s_NoLicenseForI db 'No License For Injection !',0
.rdata:00443580 ; DATA XREF: sub_401000+F8Bo
.rdata:0044359B align 4
.rdata:0044359C s_Err1 db 'ERR:1',0 ; DATA XREF: sub_401000+EF9o
.rdata:004435A2 align 4
.rdata:004435A4 s_System32Ipcon db '\system32\ipconfig.exe',0 ; DATA XREF: sub_401000+EC4o
.rdata:004435BB align 4
.rdata:004435BC s_Windir db 'windir',0 ; DATA XREF: sub_401000+E60o
.rdata:004435C3 align 4
.rdata:004435C4 s_Freestyle db 'FREESTYLE',0 ; DATA XREF: sub_401000+E00o
.rdata:004435CE align 10h
.rdata:004435D0 s_DoctorReiner db 'DOCTOR REINER',0 ; DATA XREF: sub_401000+D9Fo
.rdata:004435DE align 10h
.rdata:004435E0 s_EJoeTmp_log db 'e:/joe/tmp.log',0 ; DATA XREF: sub_401000+CE4o
.rdata:004435EF align 10h
.rdata:004435F0 dword_4435F0 dd 0C61C3C00h ; DATA XREF: sub_401000+9F9r
.rdata:004435F4 unk_4435F4 db 0 ; DATA XREF: sub_401000+9DEo
.rdata:004435F5 db 0
.rdata:004435F6 db 20h
.rdata:004435F7 db 41h ; A
.rdata:004435F8 unk_4435F8 db 29h ; ) ; DATA XREF: sub_401000+9B9o
.rdata:004435F9 db 5Ch ; \
.rdata:004435FA db 8Fh ; ?
.rdata:004435FB db 3Dh ; =
.rdata:004435FC flt_4435FC dd 2.9999999e-2 ; DATA XREF: sub_401000+92Ar
.rdata:00443600 unk_443600 db 1Ah ; DATA XREF: sub_401000+84Fo
.rdata:00443600 ; sub_401000+878o
.rdata:00443600 ; sub_401000+154Fo
.rdata:00443600 ; sub_401000+1582o
.rdata:00443600 ; sub_401000+19B8o
.rdata:00443600 ; sub_401000+19EBo ...
.rdata:00443601 db 3
.rdata:00443602 db 2
.rdata:00443603 db 0
.rdata:00443604 unk_443604 db 9 ; DATA XREF: sub_401000+81Fo
.rdata:00443604 ; sub_401000+1508o
.rdata:00443604 ; sub_401000+1971o
.rdata:00443604 ; sub_401000+292Ao
.rdata:00443604 ; sub_401000+29FBo
.rdata:00443604 ; sub_401000+34FEo ...
.rdata:00443605 db 3
.rdata:00443606 db 2
.rdata:00443607 db 0
.rdata:00443608 s_Vertex db 'vertex',0 ; DATA XREF: sub_401000+6C9o
.rdata:00443608 ; sub_401000+2738o
.rdata:0044360F align 10h
.rdata:00443610 s_Stl db 'STL',0 ; DATA XREF: sub_401000+586o
.rdata:00443610 ; sub_401000+2376o
.rdata:00443610 ; sub_401000+2687o
.rdata:00443610 ; sub_401000:loc_4043A2o
.rdata:00443614 dword_443614 dd 4C425049h ; DATA XREF: sub_401000+54Er
.rdata:00443618 byte_443618 db 4Bh ; DATA XREF: sub_401000+55Dr
.rdata:00443619 align 4
.rdata:0044361C unk_44361C db 1 ; DATA XREF: sub_401000+52Co
.rdata:0044361C ; sub_401000+721o
.rdata:0044361C ; sub_401000+9B0o
.rdata:0044361C ; sub_401000+E1Ao
.rdata:0044361C ; sub_401000+1621o
.rdata:0044361C ; sub_401000+1A8Ao ...
.rdata:0044361D db 0
.rdata:0044361E db 0
.rdata:0044361F db 0
.rdata:00443620 unk_443620 db 1Ah ; DATA XREF: sub_401000+3A4o
.rdata:00443620 ; sub_401000+8A1o
.rdata:00443620 ; sub_401000+15B5o
.rdata:00443620 ; sub_401000+1A1Eo
.rdata:00443620 ; sub_401000+367Eo
.rdata:00443620 ; sub_401000+3774o ...
.rdata:00443621 db 3
.rdata:00443622 db 1
.rdata:00443623 db 0
.rdata:00443624 unk_443624 db 38h ; 8 ; DATA XREF: sub_401000+326o
.rdata:00443624 ; sub_401000+630o
.rdata:00443624 ; sub_401000+7B2o
.rdata:00443624 ; sub_401000+D17o
.rdata:00443624 ; sub_401000+14BDo
.rdata:00443624 ; sub_401000+1926o ...
.rdata:00443625 db 4
.rdata:00443626 db 0Dh
.rdata:00443627 db 0
.rdata:00443628 db 38h ; 8
.rdata:00443629 db 4
.rdata:0044362A db 1Ah
.rdata:0044362B db 0
.rdata:0044362C db 9
.rdata:0044362D db 1
.rdata:0044362E db 6
.rdata:0044362F db 0
.rdata:00443630 db 1
.rdata:00443631 db 0
.rdata:00443632 db 0
.rdata:00443633 db 0
.rdata:00443634 off_443634 dd offset unk_444C4F ; DATA XREF: sub_401000+30Ao
.rdata:00443634 ; sub_401000+5ECo
.rdata:00443634 ; sub_401000+771o
.rdata:00443634 ; sub_401000+CEBo
.rdata:00443634 ; sub_401000+1466o
.rdata:00443634 ; sub_401000+18CFo ...
.rdata:00443638 s_Ipinfo_dat db 'IPINFO.DAT',0 ; DATA XREF: sub_401000+295o
.rdata:00443638 ; sub_401000+2D5o
.rdata:00443638 ; sub_401000+2E0o
.rdata:00443643 align 4
.rdata:00443644 s_ShoemagicInje db '******* ShoeMagic/InjectionPhylon V3.0 020311 *******',0
.rdata:00443644 ; DATA XREF: sub_401000+223o
.rdata:0044367A align 4
.rdata:0044367C s_ArgumentError db 'Argument Error !!!',0 ; DATA XREF: sub_401000+10Co
.rdata:0044367C ; sub_401000+18Do
.rdata:0044368F align 10h
.rdata:00443690 asc_443690: ; DATA XREF: sub_401000+D7o
.rdata:00443690 unicode 0, <:>,0
.rdata:00443694 unk_443694 db 1 ; DATA XREF: sub_401000+6Do
.rdata:00443695 db 0
.rdata:00443696 db 0
.rdata:00443697 db 0
.rdata:00443698 ; int dword_443698
.rdata:00443698 dword_443698 dd 10438h ; DATA XREF: sub_401000+41o
.rdata:00443698 ; sub_401000+118o
.rdata:00443698 ; sub_401000+199o
.rdata:00443698 ; sub_401000+1E1o
.rdata:00443698 ; sub_401000+214o
.rdata:00443698 ; sub_401000+24Do ...
.rdata:0044369C s_ProgramError db 'Program Error !!!',0 ; DATA XREF: sub_401000+35o
.rdata:004436AE align 10h
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课