首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 社区
  2. 经典问答
    3. 发新帖
[求助]重启认证方面的问题:在注册表里写在这个地址的信息如何下断点?
发表于: 2007-7-21 22:55 5832

[求助]重启认证方面的问题:在注册表里写在这个地址的信息如何下断点?

parapara 活跃值
2007-7-21 22:55
5832
【求助】重启认证方面的问题:在注册表里写在这个地址的信息如何下断点?

我用REGSHOT侦察到的信息,该软件的信息写在这个地址里,请问各位我该如何去下断点?
软件是用VB5-6写的,没有加壳。

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 1D 83 5F 65 91 BE 4F D1 DD 82 06 ED 0E 1C C5 DC 32 C3 01 22 78 F5 BF 16 B9 B2 D8 5D CF 7C BE EC 29 17 1F 09 F0 39 F3 17 75 B6 8D 0A 4C 31 FC 6A DE C0 2C C7 79 A5 AD BF 7E A4 FC F0 C9 71 98 B8 4B 4F C1 1F 29 C2 CF 1A 7B 95 5E 9D DF 1C BE F6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 34 EA D3 E2 BF 01 63 97 71 80 4E DB 16 B0 4C 98 2E 71 DE 51 3C BA B5 DB 4D 69 38 48 57 DD 99 FB B0 2B 81 6E C9 E3 F5 8F 3C 85 F5 A6 C8 54 4B A4 36 7D 1E 4C C1 65 F2 3B 58 F0 CA 6C C3 73 60 83 C1 5A 4A AA B4 58 CB E1 59 6E C4 1C F1 95 C2 E9
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 63 00 00 00 8E 0E 00 00 70 B1 B2 2C A1 CB C7 01
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 63 00 00 00 8F 0E 00 00 A0 FE 11 41 A1 CB C7 01
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 63 00 00 00 09 0A 00 00 60 D0 BF 1A A1 CB C7 01
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 63 00 00 00 0A 0A 00 00 80 89 D9 40 A1 CB C7 01
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\佳软进销存(企业版)客户端\weFgbpx.rkr: 63 00 00 00 10 00 00 00 70 B9 B9 FA A0 CB C7 01
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\佳软进销存(企业版)客户端\weFgbpx.rkr: 63 00 00 00 11 00 00 00 A0 FE 11 41 A1 CB C7 01
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\MRUListEx: 01 00 00 00 07 00 00 00 08 00 00 00 00 00 00 00 09 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 03 00 00 00 02 00 00 00 FF FF FF FF
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\MRUListEx: 07 00 00 00 01 00 00 00 08 00 00 00 00 00 00 00 09 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 03 00 00 00 02 00 00 00 FF FF FF FF
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\Microsoft\Windows\ShellNoRoam\Bags\534\Shell\MinPos1024x768(1).x: 0xFFFF8300
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\Microsoft\Windows\ShellNoRoam\Bags\534\Shell\MinPos1024x768(1).x: 0xFFFFFFFF
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\Microsoft\Windows\ShellNoRoam\Bags\534\Shell\MinPos1024x768(1).y: 0xFFFF8300
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\Microsoft\Windows\ShellNoRoam\Bags\534\Shell\MinPos1024x768(1).y: 0xFFFFFFFF
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\VB and VBA Program Settings\JrStock2005\RegisterSetup\Register2: "zj20080808"
HKEY_USERS\S-1-5-21-78021495-932108810-3207315209-500\Software\VB and VBA Program Settings\JrStock2005\RegisterSetup\Register2: "zj2008"

红色的部分是我随便填入的信息,也就是重启认证的内容。请各位大侠指点,谢谢!

[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法

收藏
免费 0
支持
分享
最新回复 (1)
kanxue
雪    币: 44229
活跃值: (19955)
能力值: (RANK:350 )
在线值:
发帖
回帖
粉丝
私信
2
用注册表读取函数设断,如RegQueryValueA

记得用条件断点,条件断点方法:
http://bbs.pediy.com/showthread.php?t=21758
2007-7-22 09:19
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//