爆破系统优化大师V2004 build 07.01
1使用工具:w32dasm10,peid0.92.
2目标:系统优化大师V2004 build 07.01 (作者原谅)
3软件介绍: 〖系统优化大师〗软件全方位、高效、安全地提高你的系统性能,软件使用简单,傻瓜式操作,使用本软件可能迅速达到系统优化目的。包括桌面优化、菜单优化、网络优化、软件优化、系统优化以及禁用设置、选择设置、更改设置等一系列个性化优化及设置选项。软件可以进行高速的注册表清理及高速的硬盘垃圾文件清理,清理全面、安全、不影响任何运行性能。
4下载网址:
http://laofuzi.3322.net/
5目的:向高手学习技术.
6破解过程:
用PEID查,无壳(太好了)BORLAND DELPHI编写
查字符串" "注册码错误,请重新输入!"
看到:"注册成功,谢谢你的注册!请重新运行软件!"
到指定的地址Possible StringData Ref from Code Obj ->"谢谢你的注册,请联网,对你的注册身份进行再验证"
->"sorr网上破解严重,请理解!"
|
:0050B82C B840B85000 mov eax, 0050B840
:0050B831 E83A33F3FF call 0043EB70
:0050B836 C3 ret
:0050B837 00 BYTE 0
:0050B838 FFFFFFFF BYTE 4 DUP(0ffh)
:0050B83C 45 inc ebp
:0050B83D 000000 BYTE 3 DUP(0)
:0050B840 D0BBD0BBC4E3 sar byte ptr [ebx+E3C4BBD0], 1
:0050B846 B5C4 mov ch, C4
:0050B848 D7 xlat
:0050B849 A2B2E1A3AC mov byte ptr [ACA3E1B2], al
:0050B84E C7EBC1AACDF8 mov ebx, F8CDAAC1
:0050B854 A3ACB6D4C4 mov dword ptr [C4D4B6AC], eax
:0050B859 E3B5 jcxz 0050B810
:0050B85B C4D7 les edx, edi
:0050B85D A2B2E1C9ED mov byte ptr [EDC9E1B2], al
:0050B862 B7DD mov bh, DD
:0050B864 BDF8D0D0D4 mov ebp, D4D0D0F8
:0050B869 D9 BYTE 0d9h
:0050B86A D1E9 shr ecx, 1
:0050B86C D6 BYTE 0d6h
:0050B86D A4 movsb
:0050B86E 0DCDF8C9CF or eax, CFC9F8CD
:0050B873 C6C6BD mov dh, BD
:0050B876 E2D1 loop 0050B849
:0050B878 CF iret
:0050B879 D6 BYTE 0d6h
:0050B87A D8A3ACC7EBC0 fsub dword ptr [ebx+C0EBC7AC]
:0050B880 ED in ax, dx
:0050B881 BDE2A3A100 mov ebp, 00A1A3E2
:0050B886 0000 add byte ptr [eax], al
:0050B888 33D2 xor edx, edx
:0050B88A 8B8008030000 mov eax, dword ptr [eax+00000308]
:0050B890 E8CFA1F3FF call 00445A64
:0050B895 C3 ret
:0050B896 8BC0 mov eax, eax
:0050B898 E8AF6CF5FF call 0046254C
:0050B89D C3 ret
:0050B89E 8BC0 mov eax, eax
:0050B8A0 55 push ebp
:0050B8A1 8BEC mov ebp, esp
:0050B8A3 B917000000 mov ecx, 00000017
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0050B8AD(C)
|
:0050B8A8 6A00 push 00000000
:0050B8AA 6A00 push 00000000
:0050B8AC 49 dec ecx
:0050B8AD 75F9 jne 0050B8A8
:0050B8AF 53 push ebx
:0050B8B0 56 push esi
:0050B8B1 57 push edi
:0050B8B2 8BD8 mov ebx, eax
:0050B8B4 33C0 xor eax, eax
:0050B8B6 55 push ebp
:0050B8B7 6810BB5000 push 0050BB10
:0050B8BC 64FF30 push dword ptr fs:[eax]
:0050B8BF 648920 mov dword ptr fs:[eax], esp
:0050B8C2 6880000000 push 00000080
:0050B8C7 8D857BFFFFFF lea eax, dword ptr [ebp+FFFFFF7B]
:0050B8CD 50 push eax
* Reference To: kernel32.GetSystemDirectoryA, Ord:0000h
|
:0050B8CE E8CDBAEFFF Call 004073A0
:0050B8D3 8D45FC lea eax, dword ptr [ebp-04]
:0050B8D6 8D957BFFFFFF lea edx, dword ptr [ebp+FFFFFF7B]
:0050B8DC B981000000 mov ecx, 00000081
:0050B8E1 E86E93EFFF call 00404C54
:0050B8E6 8D9574FFFFFF lea edx, dword ptr [ebp+FFFFFF74]
:0050B8EC 8B8314030000 mov eax, dword ptr [ebx+00000314]
:0050B8F2 E83DA1F3FF call 00445A34
:0050B8F7 83BD74FFFFFF00 cmp dword ptr [ebp+FFFFFF74], 00000000
:0050B8FE 741A je 0050B91A
:0050B900 8D9570FFFFFF lea edx, dword ptr [ebp+FFFFFF70]
:0050B906 8B8308030000 mov eax, dword ptr [ebx+00000308]
:0050B90C E823A1F3FF call 00445A34
:0050B911 83BD70FFFFFF00 cmp dword ptr [ebp+FFFFFF70], 00000000
:0050B918 750F jne 0050B929
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0050B8FE(C)
|
* Possible StringData Ref from Code Obj ->"注册信息没有填写齐全"
|
:0050B91A B828BB5000 mov eax, 0050BB28
:0050B91F E84C32F3FF call 0043EB70
:0050B924 E96A010000 jmp 0050BA93
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0050B918(C)
|
:0050B929 8D956CFFFFFF lea edx, dword ptr [ebp+FFFFFF6C]
:0050B92F 8B8308030000 mov eax, dword ptr [ebx+00000308]
:0050B935 E8FAA0F3FF call 00445A34
:0050B93A 8B856CFFFFFF mov eax, dword ptr [ebp+FFFFFF6C]
:0050B940 50 push eax
:0050B941 8D9564FFFFFF lea edx, dword ptr [ebp+FFFFFF64]
:0050B947 8B8314030000 mov eax, dword ptr [ebx+00000314]
:0050B94D E8E2A0F3FF call 00445A34
:0050B952 8B8564FFFFFF mov eax, dword ptr [ebp+FFFFFF64]
:0050B958 E88BDCEFFF call 004095E8
:0050B95D B92BFB0900 mov ecx, 0009FB2B
:0050B962 99 cdq
:0050B963 F7F9 idiv ecx
:0050B965 8BC2 mov eax, edx
:0050B967 8D9568FFFFFF lea edx, dword ptr [ebp+FFFFFF68]
:0050B96D E8D6DBEFFF call 00409548
:0050B972 8D8568FFFFFF lea eax, dword ptr [ebp+FFFFFF68]
:0050B978 50 push eax
:0050B979 8D9558FFFFFF lea edx, dword ptr [ebp+FFFFFF58]
:0050B97F 8B8314030000 mov eax, dword ptr [ebx+00000314]
:0050B985 E8AAA0F3FF call 00445A34
:0050B98A 8B8558FFFFFF mov eax, dword ptr [ebp+FFFFFF58]
:0050B990 E853DCEFFF call 004095E8
:0050B995 8D955CFFFFFF lea edx, dword ptr [ebp+FFFFFF5C]
:0050B99B E850FCFFFF call 0050B5F0
:0050B9A0 8B855CFFFFFF mov eax, dword ptr [ebp+FFFFFF5C]
:0050B9A6 E83DDCEFFF call 004095E8
:0050B9AB 8D9560FFFFFF lea edx, dword ptr [ebp+FFFFFF60]
:0050B9B1 E81AFDFFFF call 0050B6D0
:0050B9B6 8B9560FFFFFF mov edx, dword ptr [ebp+FFFFFF60]
:0050B9BC 58 pop eax
:0050B9BD E8EA92EFFF call 00404CAC
:0050B9C2 8B9568FFFFFF mov edx, dword ptr [ebp+FFFFFF68]
:0050B9C8 58 pop eax
:0050B9C9 E81A94EFFF call 00404DE8
:0050B9CE 0F85A8000000 jne 0050BA7C ---à 这句是跳到失败的关键
所以改这里
将 0F85A8000000改为
75 04 JNE 0050B9D4
90 NOP
90 NOP
90 NOP
90 NOP
以上的内容有算法部分,本文是爆破,所以不分析(功力不够,有待学习)
* Possible StringData Ref from Code Obj ->"注册成功,谢谢你的注册!请重新运行软件!"
|
:0050B9D4 B848BB5000 mov eax, 0050BB48
:0050B9D9 E89231F3FF call 0043EB70
:0050B9DE 8D8554FFFFFF lea eax, dword ptr [ebp+FFFFFF54]
运行成功
成功截图 :
2004-9-12 3:09
天津
[培训]《安卓高级研修班(网课)》月薪三万计划,掌
握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
