这个软件正版几乎没有,世面上的都是盗版的,我拿到的是二次破解版本,连我的话是的三次破了。
简单说一下症状,程序需要输入注册码,有机器码,用户名和序列号,
因为这个软件没有原来的安装包,程序装在win2000中,我把它全部ghost了过来。程序照常启动,但是,程序检测不通过“机器码变了”。需要重新输入 序列号,于是用 ollyice 分析。当检测到以下的时候,就不行了,通不过,这里想不通,希望有高手指点。
77F91A2E /74 56 je short 77F91A86
77F91A30 |C785 84FDFFFF 0>mov dword ptr [ebp-27C], 40010006
77F91A3A |899D 8CFDFFFF mov dword ptr [ebp-274], ebx
77F91A40 |C785 94FDFFFF 0>mov dword ptr [ebp-26C], 2
77F91A4A |899D 88FDFFFF mov dword ptr [ebp-278], ebx
77F91A50 |0FB785 D8FDFFFF movzx eax, word ptr [ebp-228]
77F91A57 |40 inc eax
77F91A58 |8985 98FDFFFF mov dword ptr [ebp-268], eax
77F91A5E |8B85 DCFDFFFF mov eax, dword ptr [ebp-224]
77F91A64 |8985 9CFDFFFF mov dword ptr [ebp-264], eax
77F91A6A |8D85 84FDFFFF lea eax, dword ptr [ebp-27C]
77F91A70 |50 push eax
77F91A71 |E8 2AAA0100 call RtlRaiseException
77F91A76 |64:A1 18000000 mov eax, dword ptr fs:[18]
77F91A7C |8898 740F0000 mov byte ptr [eax+F74], bl
77F91A82 |33C0 xor eax, eax
77F91A84 |EB 2D jmp short 77F91AB3
77F91A86 \8D85 D8FDFFFF lea eax, dword ptr [ebp-228]
77F91A8C 50 push eax
77F91A8D E8 54100200 call 77FB2AE6
77F91A92 8BC8 mov ecx, eax
77F91A94 81F9 03000080 cmp ecx, 80000003
77F91A9A 75 09 jnz short 77F91AA5
77F91A9C 6A 01 push 1
77F91A9E E8 A1FEFFFF call 77F91944
77F91AA3 33C9 xor ecx, ecx
77F91AA5 64:A1 18000000 mov eax, dword ptr fs:[18]
77F91AAB 8898 740F0000 mov byte ptr [eax+F74], bl
77F91AB1 8BC1 mov eax, ecx
77F91AB3 8B4D F0 mov ecx, dword ptr [ebp-10]
77F91AB6 64:890D 0000000>mov dword ptr fs:[0], ecx
77F91ABD 5F pop edi
77F91ABE 5E pop esi
77F91ABF 5B pop ebx
77F91AC0 C9 leave
77F91AC1 C3 retn
77F91AC2 > 55 push ebp
77F91AC3 8BEC mov ebp, esp
77F91AC5 81EC 58020000 sub esp, 258
77F91ACB 8D45 0C lea eax, dword ptr [ebp+C]
77F91ACE 50 push eax
77F91ACF 8D85 A8FDFFFF lea eax, dword ptr [ebp-258]
77F91AD5 FF75 08 push dword ptr [ebp+8]
77F91AD8 68 00020000 push 200
77F91ADD 50 push eax
77F91ADE E8 22400200 call _vsnprintf
77F91AE3 83C4 10 add esp, 10
77F91AE6 83F8 FF cmp eax, -1
77F91AE9 75 09 jnz short 77F91AF4
77F91AEB B8 00020000 mov eax, 200
77F91AF0 C645 A7 0A mov byte ptr [ebp-59], 0A
77F91AF4 8D8D A8FDFFFF lea ecx, dword ptr [ebp-258]
77F91AFA 66:8945 F8 mov word ptr [ebp-8], ax
77F91AFE 894D FC mov dword ptr [ebp-4], ecx
77F91B01 64:A1 18000000 mov eax, dword ptr fs:[18]
77F91B07 8B48 30 mov ecx, dword ptr [eax+30]
77F91B0A 33C0 xor eax, eax
77F91B0C 3841 02 cmp byte ptr [ecx+2], al
77F91B0F 74 2F je short 77F91B40
77F91B11 8945 B0 mov dword ptr [ebp-50], eax
77F91B14 8945 AC mov dword ptr [ebp-54], eax
77F91B17 0FB745 F8 movzx eax, word ptr [ebp-8]
77F91B1B 40 inc eax
77F91B1C C745 A8 0600014>mov dword ptr [ebp-58], 40010006
77F91B23 8945 BC mov dword ptr [ebp-44], eax
77F91B26 8B45 FC mov eax, dword ptr [ebp-4]
77F91B29 8945 C0 mov dword ptr [ebp-40], eax
77F91B2C 8D45 A8 lea eax, dword ptr [ebp-58]
77F91B2F 50 push eax
77F91B30 C745 B8 0200000>mov dword ptr [ebp-48], 2
77F91B37 E8 64A90100 call RtlRaiseException
77F91B3C 33C0 xor eax, eax
77F91B3E C9 leave
77F91B3F C3 retn
77F91B40 8D45 F8 lea eax, dword ptr [ebp-8]
77F91B43 50 push eax
77F91B44 E8 9D0F0200 call 77FB2AE6
77F91B49 C9 leave
77F91B4A C3 retn
77F91B4B CC int3
77F91B4C > 55 push ebp
77F91B4D 8BEC mov ebp, esp
77F91B4F 83EC 10 sub esp, 10
77F91B52 66:8B45 10 mov ax, word ptr [ebp+10]
77F91B56 8B55 08 mov edx, dword ptr [ebp+8]
77F91B59 66:8945 FA mov word ptr [ebp-6], ax
77F91B5D 8B45 0C mov eax, dword ptr [ebp+C]
77F91B60 57 push edi
77F91B61 8945 FC mov dword ptr [ebp-4], eax
77F91B64 8BFA mov edi, edx
77F91B66 83C9 FF or ecx, FFFFFFFF
77F91B69 33C0 xor eax, eax
77F91B6B 8955 F4 mov dword ptr [ebp-C], edx
77F91B6E F2:AE repne scas byte ptr es:[edi]
77F91B70 8D45 F8 lea eax, dword ptr [ebp-8]
77F91B73 F7D1 not ecx
77F91B75 50 push eax
77F91B76 8D45 F0 lea eax, dword ptr [ebp-10]
77F91B79 49 dec ecx
77F91B7A 50 push eax
77F91B7B 66:894D F0 mov word ptr [ebp-10], cx
77F91B7F E8 720F0200 call 77FB2AF6
77F91B84 5F pop edi
77F91B85 C9 leave
77F91B86 C2 0C00 retn 0C
77F91B89 CC int3
77F91B8A CC int3
77F91B8B CC int3
77F91B8C > 8D7C24 10 lea edi, dword ptr [esp+10]
77F91B90 58 pop eax
77F91B91 FFD0 call eax
77F91B93 6A 01 push 1
77F91B95 57 push edi
77F91B96 E8 9D66FFFF call ZwContinue
77F91B9B 90 nop
77F91B9C > 83C4 04 add esp, 4
77F91B9F 5A pop edx
77F91BA0 64:A1 18000000 mov eax, dword ptr fs:[18]
77F91BA6 8B40 30 mov eax, dword ptr [eax+30]
77F91BA9 8B40 2C mov eax, dword ptr [eax+2C]
77F91BAC FF1490 call dword ptr [eax+edx*4]
77F91BAF 33C9 xor ecx, ecx
77F91BB1 33D2 xor edx, edx
77F91BB3 CD 2B int 2B
77F91BB5 CC int3
77F91BB6 8BFF mov edi, edi
77F91BB8 > 8B4C24 04 mov ecx, dword ptr [esp+4]
77F91BBC 8B1C24 mov ebx, dword ptr [esp]
77F91BBF 51 push ecx
77F91BC0 53 push ebx
77F91BC1 E8 ECAF0100 call 77FACBB2
77F91BC6 0AC0 or al, al
77F91BC8 74 0C je short 77F91BD6
77F91BCA 5B pop ebx
77F91BCB 59 pop ecx
77F91BCC 6A 00 push 0
77F91BCE 51 push ecx
77F91BCF E8 6466FFFF call ZwContinue
77F91BD4 EB 0B jmp short 77F91BE1
77F91BD6 5B pop ebx
77F91BD7 59 pop ecx
77F91BD8 6A 00 push 0
77F91BDA 51 push ecx
77F91BDB 53 push ebx
77F91BDC E8 7B6EFFFF call ZwRaiseException
77F91BE1 83C4 EC add esp, -14
77F91BE4 890424 mov dword ptr [esp], eax
77F91BE7 C74424 04 01000>mov dword ptr [esp+4], 1
77F91BEF 895C24 08 mov dword ptr [esp+8], ebx
77F91BF3 C74424 10 00000>mov dword ptr [esp+10], 0
77F91BFB 54 push esp
77F91BFC E8 9FA80100 call RtlRaiseException
77F91C01 C2 0800 retn 8
77F91C04 > 50 push eax
77F91C05 55 push ebp
77F91C06 8BEC mov ebp, esp
77F91C08 83EC 50 sub esp, 50
77F91C0B 894424 0C mov dword ptr [esp+C], eax
77F91C0F 64:A1 18000000 mov eax, dword ptr fs:[18]
77F91C15 8B80 A4010000 mov eax, dword ptr [eax+1A4]
77F91C1B 890424 mov dword ptr [esp], eax
77F91C1E C74424 04 00000>mov dword ptr [esp+4], 0
77F91C26 C74424 08 00000>mov dword ptr [esp+8], 0
77F91C2E C74424 10 00000>mov dword ptr [esp+10], 0
77F91C36 54 push esp
77F91C37 E8 64A80100 call RtlRaiseException
77F91C3C 8B0424 mov eax, dword ptr [esp]
77F91C3F 8BE5 mov esp, ebp
77F91C41 5D pop ebp
77F91C42 C3 retn
77F91C43 CC int3
77F91C44 > FF7424 10 push dword ptr [esp+10]
77F91C48 FF7424 10 push dword ptr [esp+10]
77F91C4C FF7424 10 push dword ptr [esp+10]
77F91C50 FF7424 10 push dword ptr [esp+10]
77F91C54 E8 03000000 call 77F91C5C
77F91C59 C2 1000 retn 10
77F91C5C 55 push ebp
77F91C5D 8BEC mov ebp, esp
77F91C5F 6A FF push -1
77F91C61 68 6015F877 push 77F81560
77F91C66 68 647EFB77 push 77FB7E64
77F91C6B 64:A1 00000000 mov eax, dword ptr fs:[0]
77F91C71 50 push eax
77F91C72 64:8925 0000000>mov dword ptr fs:[0], esp
77F91C79 51 push ecx
77F91C7A 51 push ecx
77F91C7B 83EC 48 sub esp, 48
77F91C7E 53 push ebx
77F91C7F 56 push esi
77F91C80 57 push edi
77F91C81 8965 E8 mov dword ptr [ebp-18], esp
77F91C84 8D45 DC lea eax, dword ptr [ebp-24]
77F91C87 50 push eax
77F91C88 6A 02 push 2
77F91C8A 6A 01 push 1
77F91C8C 5B pop ebx
77F91C8D 53 push ebx
77F91C8E FF75 08 push dword ptr [ebp+8]
77F91C91 E8 E8A00100 call RtlImageDirectoryEntryToData
77F91C96 33FF xor edi, edi
77F91C98 3BC7 cmp eax, edi
77F91C9A 0F84 DB000000 je 77F91D7B
77F91CA0 3945 0C cmp dword ptr [ebp+C], eax
77F91CA3 72 46 jb short 77F91CEB
77F91CA5 8B45 08 mov eax, dword ptr [ebp+8]
77F91CA8 24 FE and al, 0FE
77F91CAA 50 push eax
77F91CAB E8 489F0100 call RtlImageNtHeader
77F91CB0 3BC7 cmp eax, edi
77F91CB2 74 43 je short 77F91CF7
77F91CB4 8B75 08 mov esi, dword ptr [ebp+8]
77F91CB7 83E6 FE and esi, FFFFFFFE
77F91CBA 845D 08 test byte ptr [ebp+8], bl
77F91CBD 74 1D je short 77F91CDC
77F91CBF 57 push edi
77F91CC0 6A 1C push 1C
77F91CC2 8D45 AC lea eax, dword ptr [ebp-54]
77F91CC5 50 push eax
77F91CC6 57 push edi
77F91CC7 56 push esi
77F91CC8 6A FF push -1
77F91CCA E8 5D6DFFFF call ZwQueryVirtualMemory
77F91CCF 3BC7 cmp eax, edi
77F91CD1 7D 04 jge short 77F91CD7
77F91CD3 33C0 xor eax, eax
77F91CD5 EB 08 jmp short 77F91CDF
77F91CD7 8B45 B8 mov eax, dword ptr [ebp-48]
77F91CDA EB 03 jmp short 77F91CDF
77F91CDC 8B40 50 mov eax, dword ptr [eax+50]
77F91CDF 3975 0C cmp dword ptr [ebp+C], esi
77F91CE2 72 07 jb short 77F91CEB
77F91CE4 03C6 add eax, esi
77F91CE6 3945 0C cmp dword ptr [ebp+C], eax
77F91CE9 72 0C jb short 77F91CF7
77F91CEB 57 push edi
77F91CEC FF75 08 push dword ptr [ebp+8]
77F91CEF E8 0E0B0000 call LdrLoadAlternateResourceModule
77F91CF4 8945 08 mov dword ptr [ebp+8], eax
77F91CF7 397D 08 cmp dword ptr [ebp+8], edi
77F91CFA 74 7F je short 77F91D7B
77F91CFC 897D FC mov dword ptr [ebp-4], edi
77F91CFF 8D45 DC lea eax, dword ptr [ebp-24]
77F91D02 50 push eax
77F91D03 6A 02 push 2
77F91D05 53 push ebx
77F91D06 FF75 08 push dword ptr [ebp+8]
77F91D09 E8 70A00100 call RtlImageDirectoryEntryToData
77F91D0E 8BF0 mov esi, eax
77F91D10 8975 E4 mov dword ptr [ebp-1C], esi
77F91D13 3BF7 cmp esi, edi
77F91D15 74 60 je short 77F91D77
77F91D17 845D 08 test byte ptr [ebp+8], bl
77F91D1A 0F84 99000000 je 77F91DB9
77F91D20 8B45 08 mov eax, dword ptr [ebp+8]
77F91D23 24 FE and al, 0FE
77F91D25 8945 08 mov dword ptr [ebp+8], eax
77F91D28 50 push eax
77F91D29 E8 CA9E0100 call RtlImageNtHeader
77F91D2E 8BD8 mov ebx, eax
77F91D30 895D E0 mov dword ptr [ebp-20], ebx
77F91D33 66:8B43 18 mov ax, word ptr [ebx+18]
77F91D37 66:3D 0B01 cmp ax, 10B
77F91D3B 75 08 jnz short 77F91D45
77F91D3D 8B83 88000000 mov eax, dword ptr [ebx+88]
77F91D43 EB 10 jmp short 77F91D55
77F91D45 66:3D 0B02 cmp ax, 20B
77F91D49 75 08 jnz short 77F91D53
77F91D4B 8B83 98000000 mov eax, dword ptr [ebx+98]
77F91D51 EB 02 jmp short 77F91D55
77F91D53 33C0 xor eax, eax
77F91D55 8945 A8 mov dword ptr [ebp-58], eax
77F91D58 3BC7 cmp eax, edi
77F91D5A 74 1B je short 77F91D77
77F91D5C 8BF8 mov edi, eax
77F91D5E 2BFE sub edi, esi
77F91D60 037D 08 add edi, dword ptr [ebp+8]
77F91D63 897D D4 mov dword ptr [ebp-2C], edi
77F91D66 50 push eax
77F91D67 FF75 08 push dword ptr [ebp+8]
77F91D6A 53 push ebx
77F91D6B E8 109F0100 call RtlImageRvaToSection
77F91D70 8945 D8 mov dword ptr [ebp-28], eax
77F91D73 85C0 test eax, eax
指针在77F91BC1那里就不能通过了,百思不得其解,如有什么症状没有说明白,往大家指出来,谢谢!!!
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法