[求助]请高手帮忙看下第三个针在哪里！-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]请高手帮忙看下第三个针在哪里！ 0.00雪花

发表于: 2007-7-5 10:20 4358

[旧帖] [求助]请高手帮忙看下第三个针在哪里！ 0.00雪花

eversuncyy 活跃值

2007-7-5 10:20

4358

我手头有一个软件，是别人破解后重新加密的，最近坏了，重装后发现有三个锁，已经解决前面两个，但因为本人不太会看代码，所以找不到第三个针在哪里，还望高手帮忙，下面是用IDA得到的代码，如果针不在这段代码里还请下附件看看到底在哪里，该如何解决？

附件（因为只能传JPG，请目标另存为后改为名EXE.RAR）：
http://www.ygblog.com/UploadFiles/2007-7/36348.2739675.jpg

主程序为ＳＨＯＥＭＡＧＩＣＥＸＥ。ＥＸＥ运行中应该调用了另外一个ＥＸＥ文件：ＪＤＦ—ＩＰ——Ｒ１——Ｅ。ＥＸＥ
这里有几个加密的地方，一个是网卡型号(accton en1207d)，一个是网卡地址，现在满足前两者之后仍然有一个命令不能使用"injection"错误提示为"err:1"。我估计这个错误是与某一个数据对比得出来了，调用了ipconfig.exe，请注意看"s_Err1"，也有一次调试之后出现的是s_Err1_1。使用这个命令提示错误后并不关闭程序。只是命令不发挥作用。下面是ＪＤＦ—ＩＰ——Ｒ１——Ｅ。ＥＸＥ里面加密的一些地方，ＳＨＯＥＭＡＧＩＣＥＸＥ。ＥＸＥ里面也有相似语句。
.rdata:004432F0 s_Block       db '#BLOCK',0          ; DATA XREF: sub_401000+1E39o
.rdata:004432F7                align 4
.rdata:004432F8 s_Err1_2       db 'ERR:1.2',0       ; DATA XREF: sub_401000+1426o
.rdata:00443300 s_Acc07d       db 'ACC07D',0          ; DATA XREF: sub_401000+140Fo
.rdata:00443307                align 4
.rdata:00443308 s_AcctonEn1207d db 'Accton EN1207D',0 ; DATA XREF: sub_401000+13F9o
.rdata:00443317                align 4
.rdata:00443318 s_E100b1       db 'E100B1',0          ; DATA XREF: sub_401000+13D2o
.rdata:0044331F                align 10h
.rdata:00443320 s_Err1_3       db 'ERR:1.3',0       ; DATA XREF: sub_401000+133Eo
.rdata:00443328 s_00-10-b5-86_4 db '00-10-B5-86-FC-A8',0 ; DATA XREF: sub_401000+1310o
.rdata:0044333A                align 4
.rdata:0044333C s_00-10-b5-41-9 db '00-10-B5-41-9B-8B',0 ; DATA XREF: sub_401000+12FEo
.rdata:0044334E                align 10h
.rdata:00443350 s_00-10-b5-86_3 db '00-10-B5-86-FC-CD',0 ; DATA XREF: sub_401000+12ECo
.rdata:00443362                align 4
.rdata:00443364 s_00-10-b5-3a_0 db '00-10-B5-3A-97-AE',0 ; DATA XREF: sub_401000+12D6o
.rdata:00443376                align 4
.rdata:00443378 s_00-10-b5-3a-9 db '00-10-B5-3A-97-B3',0 ; DATA XREF: sub_401000+12C0o
.rdata:0044338A                align 4
.rdata:0044338C s_00-00-e8-66-c db '00-00-E8-66-C6-9D',0 ; DATA XREF: sub_401000+12AAo
.rdata:0044339E                align 10h
.rdata:004433A0 s_00-00-e8-71-d db '00-00-E8-71-D9-58',0 ; DATA XREF: sub_401000+1294o
.rdata:004433B2                align 4
.rdata:004433B4 s_00-10-b5-86_2 db '00-10-B5-86-FC-C0',0 ; DATA XREF: sub_401000+127Eo
.rdata:004433C6                align 4
.rdata:004433C8 s_00-80-c8-65-0 db '00-80-C8-65-06-E6',0 ; DATA XREF: sub_401000+1268o
.rdata:004433C8                                        ; sub_401000+1375o
.rdata:004433DA                align 4
.rdata:004433DC s_00-10-b5-86_1 db '00-10-B5-86-FC-B9',0 ; DATA XREF: sub_401000+1252o
.rdata:004433EE                align 10h
.rdata:004433F0 s_00-10-b5-86_0 db '00-10-B5-86-FC-BE',0 ; DATA XREF: sub_401000+123Co
.rdata:00443402                align 4
.rdata:00443404 s_00-10-b5-86-f db '00-10-B5-86-FC-B4',0 ; DATA XREF: sub_401000+1226o
.rdata:00443416                align 4
.rdata:00443418 s_00-10-b5-ae_2 db '00-10-B5-AE-32-ED',0 ; DATA XREF: sub_401000+1210o
.rdata:0044342A                align 4
.rdata:0044342C s_00-40-26-6d-4 db '00-40-26-6D-40-44',0 ; DATA XREF: sub_401000+11FAo
.rdata:0044343E                align 10h
.rdata:00443440 s_00-10-b5-ae_1 db '00-10-B5-AE-33-09',0 ; DATA XREF: sub_401000+11E4o
.rdata:00443452                align 4
.rdata:00443454 s_00-10-b5-ae_0 db '00-10-B5-AE-32-E3',0 ; DATA XREF: sub_401000+11CEo
.rdata:00443466                align 4
.rdata:00443468 s_00-10-b5-ae-3 db '00-10-B5-AE-34-92',0 ; DATA XREF: sub_401000+11B8o
.rdata:0044347A                align 4
.rdata:0044347C s_00-10-b5-52_0 db '00-10-B5-52-D1-46',0 ; DATA XREF: sub_401000+11A2o
.rdata:0044348E                align 10h
.rdata:00443490 s_00-10-b5-af_7 db '00-10-B5-AF-5C-46',0 ; DATA XREF: sub_401000+118Co
.rdata:004434A2                align 4
.rdata:004434A4 s_00-10-b5-af_6 db '00-10-B5-AF-48-FD',0 ; DATA XREF: sub_401000+1176o
.rdata:004434B6                align 4
.rdata:004434B8 s_00-10-b5-af_5 db '00-10-B5-AF-49-04',0 ; DATA XREF: sub_401000+1160o
.rdata:004434CA                align 4
.rdata:004434CC s_00-10-b5-af_4 db '00-10-B5-AF-49-05',0 ; DATA XREF: sub_401000+114Ao
.rdata:004434DE                align 10h
.rdata:004434E0 s_00-10-b5-af_3 db '00-10-B5-AF-49-07',0 ; DATA XREF: sub_401000+1134o
.rdata:004434F2                align 4
.rdata:004434F4 s_00-10-b5-af_2 db '00-10-B5-AF-49-08',0 ; DATA XREF: sub_401000+111Eo
.rdata:00443506                align 4
.rdata:00443508 s_00-10-b5-af_1 db '00-10-B5-AF-49-11',0 ; DATA XREF: sub_401000+1108o
.rdata:0044351A                align 4
.rdata:0044351C s_00-10-b5-af-4 db '00-10-B5-AF-49-0B',0 ; DATA XREF: sub_401000+10F2o
.rdata:0044352E                align 10h
.rdata:00443530 s_00-10-b5-af_0 db '00-10-B5-AF-5C-40',0 ; DATA XREF: sub_401000+10DCo
.rdata:00443542                align 4
.rdata:00443544 s_00-10-b5-52-d db '00-10-B5-52-D1-32',0 ; DATA XREF: sub_401000+10C6o
.rdata:00443556                align 4
.rdata:00443558 s_00-10-b5-af-5 db '00-10-B5-AF-5C-5D',0 ; DATA XREF: sub_401000+10A2o
.rdata:0044356A                align 4
.rdata:0044356C s_Err1_1       db 'ERR:1.1',0       ; DATA XREF: sub_401000+1013o
.rdata:00443574 s_WindowsNt    db 'Windows NT',0    ; DATA XREF: sub_401000+FE3o
.rdata:0044357F                align 10h
.rdata:00443580 s_NoLicenseForI db 'No License For Injection !',0
.rdata:00443580                                        ; DATA XREF: sub_401000+F8Bo
.rdata:0044359B                align 4
.rdata:0044359C s_Err1       db 'ERR:1',0          ; DATA XREF: sub_401000+EF9o
.rdata:004435A2                align 4
.rdata:004435A4 s_System32Ipcon db '\system32\ipconfig.exe',0 ; DATA XREF: sub_401000+EC4o
.rdata:004435BB                align 4
.rdata:004435BC s_Windir       db 'windir',0          ; DATA XREF: sub_401000+E60o
.rdata:004435C3                align 4
.rdata:004435C4 s_Freestyle    db 'FREESTYLE',0       ; DATA XREF: sub_401000+E00o
.rdata:004435CE                align 10h
.rdata:004435D0 s_DoctorReiner  db 'DOCTOR REINER',0 ; DATA XREF: sub_401000+D9Fo
.rdata:004435DE                align 10h
.rdata:004435E0 s_EJoeTmp_log db 'e:/joe/tmp.log',0 ; DATA XREF: sub_401000+CE4o
.rdata:004435EF                align 10h
.rdata:004435F0 dword_4435F0 dd 0C61C3C00h          ; DATA XREF: sub_401000+9F9r
.rdata:004435F4 unk_4435F4    db 0                ; DATA XREF: sub_401000+9DEo
.rdata:004435F5                db 0
.rdata:004435F6                db  20h
.rdata:004435F7                db  41h ; A
.rdata:004435F8 unk_4435F8    db  29h ; )          ; DATA XREF: sub_401000+9B9o
.rdata:004435F9                db  5Ch ; \
.rdata:004435FA                db  8Fh ; ?
.rdata:004435FB                db  3Dh ; =
.rdata:004435FC flt_4435FC    dd 2.9999999e-2       ; DATA XREF: sub_401000+92Ar
.rdata:00443600 unk_443600    db  1Ah                ; DATA XREF: sub_401000+84Fo
.rdata:00443600                                        ; sub_401000+878o
.rdata:00443600                                        ; sub_401000+154Fo
.rdata:00443600                                        ; sub_401000+1582o
.rdata:00443600                                        ; sub_401000+19B8o
.rdata:00443600                                        ; sub_401000+19EBo ...
.rdata:00443601                db 3
.rdata:00443602                db 2
.rdata:00443603                db 0
.rdata:00443604 unk_443604    db 9                ; DATA XREF: sub_401000+81Fo
.rdata:00443604                                        ; sub_401000+1508o
.rdata:00443604                                        ; sub_401000+1971o
.rdata:00443604                                        ; sub_401000+292Ao
.rdata:00443604                                        ; sub_401000+29FBo
.rdata:00443604                                        ; sub_401000+34FEo ...
.rdata:00443605                db 3
.rdata:00443606                db 2
.rdata:00443607                db 0
.rdata:00443608 s_Vertex       db 'vertex',0          ; DATA XREF: sub_401000+6C9o
.rdata:00443608                                        ; sub_401000+2738o
.rdata:0044360F                align 10h
.rdata:00443610 s_Stl          db 'STL',0             ; DATA XREF: sub_401000+586o
.rdata:00443610                                        ; sub_401000+2376o
.rdata:00443610                                        ; sub_401000+2687o
.rdata:00443610                                        ; sub_401000:loc_4043A2o
.rdata:00443614 dword_443614 dd 4C425049h          ; DATA XREF: sub_401000+54Er
.rdata:00443618 byte_443618    db 4Bh                ; DATA XREF: sub_401000+55Dr
.rdata:00443619                align 4
.rdata:0044361C unk_44361C    db 1                ; DATA XREF: sub_401000+52Co
.rdata:0044361C                                        ; sub_401000+721o
.rdata:0044361C                                        ; sub_401000+9B0o
.rdata:0044361C                                        ; sub_401000+E1Ao
.rdata:0044361C                                        ; sub_401000+1621o
.rdata:0044361C                                        ; sub_401000+1A8Ao ...
.rdata:0044361D                db 0
.rdata:0044361E                db 0
.rdata:0044361F                db 0
.rdata:00443620 unk_443620    db  1Ah                ; DATA XREF: sub_401000+3A4o
.rdata:00443620                                        ; sub_401000+8A1o
.rdata:00443620                                        ; sub_401000+15B5o
.rdata:00443620                                        ; sub_401000+1A1Eo
.rdata:00443620                                        ; sub_401000+367Eo
.rdata:00443620                                        ; sub_401000+3774o ...
.rdata:00443621                db 3
.rdata:00443622                db 1
.rdata:00443623                db 0
.rdata:00443624 unk_443624    db  38h ; 8          ; DATA XREF: sub_401000+326o
.rdata:00443624                                        ; sub_401000+630o
.rdata:00443624                                        ; sub_401000+7B2o
.rdata:00443624                                        ; sub_401000+D17o
.rdata:00443624                                        ; sub_401000+14BDo
.rdata:00443624                                        ; sub_401000+1926o ...
.rdata:00443625                db 4
.rdata:00443626                db  0Dh
.rdata:00443627                db 0
.rdata:00443628                db  38h ; 8
.rdata:00443629                db 4
.rdata:0044362A                db  1Ah
.rdata:0044362B                db 0
.rdata:0044362C                db 9
.rdata:0044362D                db 1
.rdata:0044362E                db 6
.rdata:0044362F                db 0
.rdata:00443630                db 1
.rdata:00443631                db 0
.rdata:00443632                db 0
.rdata:00443633                db 0
.rdata:00443634 off_443634    dd offset unk_444C4F ; DATA XREF: sub_401000+30Ao
.rdata:00443634                                        ; sub_401000+5ECo
.rdata:00443634                                        ; sub_401000+771o
.rdata:00443634                                        ; sub_401000+CEBo
.rdata:00443634                                        ; sub_401000+1466o
.rdata:00443634                                        ; sub_401000+18CFo ...
.rdata:00443638 s_Ipinfo_dat db 'IPINFO.DAT',0    ; DATA XREF: sub_401000+295o
.rdata:00443638                                        ; sub_401000+2D5o
.rdata:00443638                                        ; sub_401000+2E0o
.rdata:00443643                align 4
.rdata:00443644 s_ShoemagicInje db '******* ShoeMagic/InjectionPhylon V3.0 020311 *******',0
.rdata:00443644                                        ; DATA XREF: sub_401000+223o
.rdata:0044367A                align 4
.rdata:0044367C s_ArgumentError db 'Argument Error !!!',0 ; DATA XREF: sub_401000+10Co
.rdata:0044367C                                        ; sub_401000+18Do
.rdata:0044368F                align 10h
.rdata:00443690 asc_443690:                            ; DATA XREF: sub_401000+D7o
.rdata:00443690                unicode 0, <:>,0
.rdata:00443694 unk_443694    db 1                ; DATA XREF: sub_401000+6Do
.rdata:00443695                db 0
.rdata:00443696                db 0
.rdata:00443697                db 0
.rdata:00443698 ; int dword_443698
.rdata:00443698 dword_443698 dd 10438h             ; DATA XREF: sub_401000+41o
.rdata:00443698                                        ; sub_401000+118o
.rdata:00443698                                        ; sub_401000+199o
.rdata:00443698                                        ; sub_401000+1E1o
.rdata:00443698                                        ; sub_401000+214o
.rdata:00443698                                        ; sub_401000+24Do ...
.rdata:0044369C s_ProgramError  db 'Program Error !!!',0 ; DATA XREF: sub_401000+35o
.rdata:004436AE                align 10h

[课程]Android-CTF解题方法汇总！

收藏・0

免费・0

支持

最新回复 (3)
zenix 雪币： 2393 活跃值： (1387) 能力值： ( LV4，RANK：50 ) 在线值：发帖 9 回帖 838 粉丝 13 关注私信	zenix 1 2 楼前半段是一些網卡的 MAC Address 後半段是錯誤訊息. 您列出來的這些, 並不是執行碼, 只是資料. 2007-7-5 10:49 0
eversuncyy 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 2 粉丝 0 关注私信	eversuncyy 3 楼哦，当初锁网卡时，我用相同网卡再改这里面的MAC后，两个锁无效了，不过是用UE做的，这是我第一次用IDA，真的不会用，有高手愿意把附件下下再帮忙看看吗，万分感谢！ 2007-7-5 11:01 0
Arming 雪币： 204 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 23 粉丝 0 关注私信	Arming 4 楼那位高手帮忙看看呀,我也想知道. 2007-8-2 11:12 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

eversuncyy

发帖

回帖

RANK

关注

私信

他的文章

[求助]请高手帮忙看下第三个针在哪里！ 4359

关于我们

联系我们

企业服务

看雪公众号

最新回复 (3)
zenix 雪币： 2393 活跃值： (1387) 能力值： ( LV4，RANK：50 ) 在线值：发帖 9 回帖 838 粉丝 13 关注私信	zenix 1 2 楼前半段是一些網卡的 MAC Address 後半段是錯誤訊息. 您列出來的這些, 並不是執行碼, 只是資料. 2007-7-5 10:49 0
eversuncyy 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 2 粉丝 0 关注私信	eversuncyy 3 楼哦，当初锁网卡时，我用相同网卡再改这里面的MAC后，两个锁无效了，不过是用UE做的，这是我第一次用IDA，真的不会用，有高手愿意把附件下下再帮忙看看吗，万分感谢！ 2007-7-5 11:01 0
Arming 雪币： 204 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 23 粉丝 0 关注私信	Arming 4 楼那位高手帮忙看看呀,我也想知道. 2007-8-2 11:12 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复