能力值:
( LV5,RANK:60 )
|
-
-
2 楼
[QUOTE=;]...[/QUOTE]
用DLL来验证?你要写注册机就得跟踪DLL了,如果只是爆破,可是尝试只修改主程序.例如主程序向DLL提交f(NAME,SN),通过返回值确定是否注册成功,那么可以直接修改,使主程序不管得到什么值都指向注册成功.
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
在程序目录下有注册文件,程序启动时就读取注册文件里的注册码,并通过DLL调用算法库进行对比,不管注册码对不对,程序一样启动,没有任何提示,只是部分功能没法用而已。
主程序和DLL都是VC写的
下面是DLL入口处:
00401E2F |. E8 E0520000 CALL <JMP.&mfc42.#540_CString::CString>
00401E34 |. 33DB XOR EBX,EBX
00401E36 |. 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
00401E3A |. 895C24 34 MOV DWORD PTR SS:[ESP+34],EBX
00401E3E |. E8 D1520000 CALL <JMP.&mfc42.#540_CString::CString>
00401E43 |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
00401E47 |. C64424 34 01 MOV BYTE PTR SS:[ESP+34],1
00401E4C |. E8 C3520000 CALL <JMP.&mfc42.#540_CString::CString>
00401E51 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
00401E55 |. C64424 34 02 MOV BYTE PTR SS:[ESP+34],2
00401E5A |. E8 B5520000 CALL <JMP.&mfc42.#540_CString::CString>
00401E5F |. 8B3D 04904000 MOV EDI,DWORD PTR DS:[<&kernel32.LoadLib>; kernel32.LoadLibraryA
00401E65 |. 68 3CB04000 PUSH 注册机已.0040B03C ; //DLL入口处
00401E6A |. C64424 38 03 MOV BYTE PTR SS:[ESP+38],3 ; |
00401E6F |. FFD7 CALL EDI ; \LoadLibraryA
00401E71 |. 8BF0 MOV ESI,EAX
00401E73 |. 3BF3 CMP ESI,EBX
00401E75 |. 75 1C JNZ SHORT 注册机已.00401E93
00401E77 |. 68 F4010000 PUSH 1F4 ; /Timeout = 500. ms
00401E7C |. FF15 1C904000 CALL DWORD PTR DS:[<&kernel32.Sleep>] ; \Sleep
00401E82 |. 68 3CB04000 PUSH 注册机已.0040B03C ; /regor.dll //DLL入口
00401E87 |. FFD7 CALL EDI ; \LoadLibraryA
00401E89 |. 8BF0 MOV ESI,EAX
00401E8B |. 3BF3 CMP ESI,EBX
00401E8D |. 0F84 12020000 JE 注册机已.004020A5
00401E93 |> 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24]
00401E97 |. E8 78520000 CALL <JMP.&mfc42.#540_CString::CString>
00401E9C |. 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20]
00401EA0 |. C64424 34 04 MOV BYTE PTR SS:[ESP+34],4
00401EA5 |. E8 6A520000 CALL <JMP.&mfc42.#540_CString::CString>
00401EAA |. 8D4424 24 LEA EAX,DWORD PTR SS:[ESP+24]
00401EAE |. C64424 34 05 MOV BYTE PTR SS:[ESP+34],5
00401EB3 |. 50 PUSH EAX
00401EB4 |. 56 PUSH ESI
00401EB5 |. E8 C6080000 CALL 注册机已.00402780
00401EBA |. 83C4 08 ADD ESP,8
00401EBD |. 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24]
00401EC1 |. 8BF8 MOV EDI,EAX
00401EC3 |. 51 PUSH ECX
00401EC4 |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
00401EC8 |. E8 59520000 CALL <JMP.&mfc42.#858_CString::operator=>
00401ECD |. 3BFB CMP EDI,EBX
00401ECF |. 74 09 JE SHORT 注册机已.00401EDA
00401ED1 |. 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
00401ED5 |. 395A F8 CMP DWORD PTR DS:[EDX-8],EBX
00401ED8 |. 75 33 JNZ SHORT 注册机已.00401F0D
00401EDA |> 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+20]
00401EDE |. 50 PUSH EAX
00401EDF |. 56 PUSH ESI
00401EE0 |. E8 3B0A0000 CALL 注册机已.00402920
00401EE5 |. 83C4 08 ADD ESP,8
00401EE8 |. 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20]
00401EEC |. 8BF8 MOV EDI,EAX
00401EEE |. 51 PUSH ECX
00401EEF |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
00401EF3 |. E8 2E520000 CALL <JMP.&mfc42.#858_CString::operator=>
00401EF8 |. 3BFB CMP EDI,EBX
00401EFA |. 0F84 89010000 JE 注册机已.00402089
00401F00 |. 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
00401F04 |. 395A F8 CMP DWORD PTR DS:[EDX-8],EBX
00401F07 |. 0F84 7C010000 JE 注册机已.00402089
00401F0D |> 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+10]
00401F11 |. 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
00401F15 |. 50 PUSH EAX
00401F16 |. E8 0B520000 CALL <JMP.&mfc42.#858_CString::operator=>
00401F1B |. 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
00401F1F |. E8 F0510000 CALL <JMP.&mfc42.#540_CString::CString>
00401F24 |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
00401F28 |. C64424 34 06 MOV BYTE PTR SS:[ESP+34],6
00401F2D |. E8 E2510000 CALL <JMP.&mfc42.#540_CString::CString>
00401F32 |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
00401F36 |. C64424 34 07 MOV BYTE PTR SS:[ESP+34],7
00401F3B |. 51 PUSH ECX
00401F3C |. E8 7F040000 CALL 注册机已.004023C0
00401F41 |. 83C4 04 ADD ESP,4
00401F44 |. 3BC3 CMP EAX,EBX
00401F46 |. 75 17 JNZ SHORT 注册机已.00401F5F
00401F48 |. 8D5424 0C LEA EDX,DWORD PTR SS:[ESP+C]
00401F4C |. 52 PUSH EDX
00401F4D |. E8 7E0F0000 CALL 注册机已.00402ED0
00401F52 |. 83C4 04 ADD ESP,4
00401F55 |. 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+C]
00401F59 |. 50 PUSH EAX
00401F5A |. E9 05010000 JMP 注册机已.00402064
00401F5F |> 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
00401F63 |. 51 PUSH ECX
00401F64 |. 56 PUSH ESI
00401F65 |. E8 560B0000 CALL 注册机已.00402AC0
00401F6A |. 83C4 08 ADD ESP,8
00401F6D |. 3BC3 CMP EAX,EBX
00401F6F |. 0F84 F8000000 JE 注册机已.0040206D
00401F75 |. 8D5424 1C LEA EDX,DWORD PTR SS:[ESP+1C]
00401F79 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
00401F7D |. 52 PUSH EDX
00401F7E |. E8 A3510000 CALL <JMP.&mfc42.#858_CString::operator=>
00401F83 |. 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+C]
00401F87 |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
00401F8B |. 50 PUSH EAX
00401F8C |. E8 95510000 CALL <JMP.&mfc42.#858_CString::operator=>
00401F91 |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
00401F95 |. 51 PUSH ECX
00401F96 |. 56 PUSH ESI
00401F97 |. E8 340D0000 CALL 注册机已.00402CD0
00401F9C |. 83C4 08 ADD ESP,8
00401F9F |. 3BC3 CMP EAX,EBX
00401FA1 |. 0F84 C6000000 JE 注册机已.0040206D
00401FA7 |. 56 PUSH ESI ; /hLibModule
00401FA8 |. FF15 00904000 CALL DWORD PTR DS:[<&kernel32.FreeLibrar>; \FreeLibrary
00401FAE |. 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+18]
00401FB2 |. 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
00401FB6 |. 52 PUSH EDX ; /s2
00401FB7 |. 50 PUSH EAX ; |s1
00401FB8 |. FF15 A4924000 CALL DWORD PTR DS:[<&msvcrt._mbscmp>] ; \_mbscmp
00401FBE |. 83C4 08 ADD ESP,8
|
