关于Themida/WinLicense V1.8.2.0 Delphi程序的修复
程序为Borland Delphi 6.0 - 7.0编写的
PEID查壳
Themida/WinLicense V1.8.2.0 + -> Oreans Technologies * Sign.By.fly *
检测 OD 找到个修改过的OD后可以正常运行
OD载入后
006C9014 > B8 00000000 MOV EAX,0
006C9019 60 PUSHAD
006C901A 0BC0 OR EAX,EAX
006C901C 74 68 JE SHORT WolServe.006C9086
006C901E E8 00000000 CALL WolServe.006C9023
006C9023 58 POP EAX
006C9024 05 53000000 ADD EAX,53
006C9029 8038 E9 CMP BYTE PTR DS:[EAX],0E9
006C902C 75 13 JNZ SHORT WolServe.006C9041
006C902E 61 POPAD
006C902F EB 45 JMP SHORT WolServe.006C9076
006C9031 DB2D 37906C00 FLD TBYTE PTR DS:[6C9037]
脚本运行后 来到
00407118 53 PUSH EBX
00407119 8BD8 MOV EBX,EAX
0040711B 33C0 XOR EAX,EAX
0040711D A3 A4606300 MOV DWORD PTR DS:[6360A4],EAX
00407122 6A 00 PUSH 0
00407124 E8 2BFFFFFF CALL WolServe.00407054 ; JMP 到 kernel32.GetModuleHandleA
00407129 A3 68066400 MOV DWORD PTR DS:[640668],EAX
0040712E A1 68066400 MOV EAX,DWORD PTR DS:[640668]
00407133 A3 B0606300 MOV DWORD PTR DS:[6360B0],EAX
00407138 33C0 XOR EAX,EAX
0040713A A3 B4606300 MOV DWORD PTR DS:[6360B4],EAX
0040713F 33C0 XOR EAX,EAX
00407141 A3 B8606300 MOV DWORD PTR DS:[6360B8],EAX
00407146 E8 C1FFFFFF CALL WolServe.0040710C
0040714B BA AC606300 MOV EDX,WolServe.006360AC
00407150 8BC3 MOV EAX,EBX
00407152 E8 E9D7FFFF CALL WolServe.00404940
00407157 5B POP EBX
00407158 C3 RETN
00407159 8D40 00 LEA EAX,DWORD PTR DS:[EAX]
0040715C 55 PUSH EBP
0040715D 8BEC MOV EBP,ESP
0040715F 33C0 XOR EAX,EAX
00407161 55 PUSH EBP
00407162 68 81714000 PUSH WolServe.00407181
00407167 64:FF30 PUSH DWORD PTR FS:[EAX]
0040716A 64:8920 MOV DWORD PTR FS:[EAX],ESP
0040716D FF05 6C066400 INC DWORD PTR DS:[64066C]
00407173 33C0 XOR EAX,EAX
00407175 5A POP EDX
00407176 59 POP ECX
00407177 59 POP ECX
00407178 64:8910 MOV DWORD PTR FS:[EAX],EDX
0040717B 68 88714000 PUSH WolServe.00407188
00407180 C3 RETN
00407181 ^ E9 56D4FFFF JMP WolServe.004045DC
00407186 ^ EB F8 JMP SHORT WolServe.00407180
00407188 5D POP EBP
00407189 C3 RETN
0040718A 8BC0 MOV EAX,EAX
0040718C 832D 6C066400 0>SUB DWORD PTR DS:[64066C],1
00407193 C3 RETN
00407194 55 PUSH EBP
00407195 8BEC MOV EBP,ESP
00407197 53 PUSH EBX
00407198 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]
0040719B 8903 MOV DWORD PTR DS:[EBX],EAX
0040719D 8953 04 MOV DWORD PTR DS:[EBX+4],EDX
OEP被偷了
接下来就不知道怎么修复了
网上关于 C++和VB的修复到是见过。
可Delphi程序的确实不多
希望哪位可以提供关于Delphi程序的资料
此程序的下载地址:httP://www.qqmuban.com.cn/16.rar
[招生]系统0day安全班,企业级设备固件漏洞挖掘,Linux平台漏洞挖掘!