壳脱完了,修复后,可以运行。注册窗口还是会在程序刚运行的时候弹出来。自己搞不定,求助。
要是有算注册码的教程有介绍也行,谢谢。看了一些了。
http://rapidshare.com/files/91195301/BeeTrialInstaller.rar.html
这个是纯粹的试用版没错
http://rapidshare.com/files/91091788/bee.rar.html
这个是升级后的正式版
安装完试用版,把正式升级那个文件都覆盖到试用版的文件夹下就是正式版
都是我分析文件得到的,de_开头的那个5M的exe文件是脱壳后的,直接运行那个就行,
不用管那个1M多原来的:)
谢谢!
004B49F0 /$ 6A FF PUSH -1
004B49F2 |. 68 E8475C00 PUSH de_Tradi.005C47E8
004B49F7 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
004B49FD |. 50 PUSH EAX
004B49FE |. 83EC 34 SUB ESP,34
004B4A01 |. 53 PUSH EBX
004B4A02 |. 55 PUSH EBP
004B4A03 |. 56 PUSH ESI
004B4A04 |. 57 PUSH EDI
004B4A05 |. A1 D8D06500 MOV EAX,DWORD PTR DS:[65D0D8]
004B4A0A |. 33C4 XOR EAX,ESP
004B4A0C |. 50 PUSH EAX
004B4A0D |. 8D4424 48 LEA EAX,DWORD PTR SS:[ESP+48]
004B4A11 |. 64:A3 0000000>MOV DWORD PTR FS:[0],EAX
004B4A17 |. 8BF1 MOV ESI,ECX
004B4A19 |. 8D4C24 34 LEA ECX,DWORD PTR SS:[ESP+34]
004B4A1D |. E8 6E93F5FF CALL de_Tradi.0040DD90
004B4A22 |. 33DB XOR EBX,EBX
004B4A24 |. 895C24 50 MOV DWORD PTR SS:[ESP+50],EBX
004B4A28 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
004B4A2C |. E8 5F93F5FF CALL de_Tradi.0040DD90
004B4A31 |. C64424 50 01 MOV BYTE PTR SS:[ESP+50],1
004B4A36 |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
004B4A3A |. E8 5193F5FF CALL de_Tradi.0040DD90
004B4A3F |. C64424 50 02 MOV BYTE PTR SS:[ESP+50],2
004B4A44 |. 8D4C24 30 LEA ECX,DWORD PTR SS:[ESP+30]
004B4A48 |. E8 4393F5FF CALL de_Tradi.0040DD90
004B4A4D |. C64424 50 03 MOV BYTE PTR SS:[ESP+50],3
004B4A52 |. 8D4C24 2C LEA ECX,DWORD PTR SS:[ESP+2C]
004B4A56 |. E8 3593F5FF CALL de_Tradi.0040DD90
004B4A5B |. C64424 50 04 MOV BYTE PTR SS:[ESP+50],4
004B4A60 |. 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
004B4A64 |. E8 2793F5FF CALL de_Tradi.0040DD90
004B4A69 |. C64424 50 05 MOV BYTE PTR SS:[ESP+50],5
004B4A6E |. 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24]
004B4A72 |. E8 1993F5FF CALL de_Tradi.0040DD90
004B4A77 |. C64424 50 06 MOV BYTE PTR SS:[ESP+50],6
004B4A7C |. 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20]
004B4A80 |. E8 0B93F5FF CALL de_Tradi.0040DD90
004B4A85 |. C64424 50 07 MOV BYTE PTR SS:[ESP+50],7
004B4A8A |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
004B4A8E |. E8 FD92F5FF CALL de_Tradi.0040DD90
004B4A93 |. C64424 50 08 MOV BYTE PTR SS:[ESP+50],8
004B4A98 |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
004B4A9C |. 885C24 38 MOV BYTE PTR SS:[ESP+38],BL
004B4AA0 |. E8 0B050200 CALL de_Tradi.004D4FB0
004B4AA5 |. 68 11060000 PUSH 611
004B4AAA |. 8BCE MOV ECX,ESI
004B4AAC |. 8BE8 MOV EBP,EAX
004B4AAE |. E8 CE7F0900 CALL de_Tradi.0054CA81
004B4AB3 |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
004B4AB7 |. 51 PUSH ECX
004B4AB8 |. 8BC8 MOV ECX,EAX
004B4ABA |. E8 A3610900 CALL de_Tradi.0054AC62
004B4ABF |. 68 F1030000 PUSH 3F1
004B4AC4 |. 8BCE MOV ECX,ESI
004B4AC6 |. E8 B67F0900 CALL de_Tradi.0054CA81
004B4ACB |. 8D5424 18 LEA EDX,DWORD PTR SS:[ESP+18]
004B4ACF |. 52 PUSH EDX
004B4AD0 |. 8BC8 MOV ECX,EAX
004B4AD2 |. E8 8B610900 CALL de_Tradi.0054AC62
004B4AD7 |. 8D7C24 18 LEA EDI,DWORD PTR SS:[ESP+18]
004B4ADB |. E8 60030000 CALL de_Tradi.004B4E40
004B4AE0 |. 8BDF MOV EBX,EDI
004B4AE2 |. E8 D9020000 CALL de_Tradi.004B4DC0
004B4AE7 |. 8D7C24 14 LEA EDI,DWORD PTR SS:[ESP+14]
004B4AEB |. E8 50030000 CALL de_Tradi.004B4E40
004B4AF0 |. 8BDF MOV EBX,EDI
004B4AF2 |. E8 C9020000 CALL de_Tradi.004B4DC0
004B4AF7 |. 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
004B4AFB |. 68 9FA75E00 PUSH de_Tradi.005EA79F
004B4B00 |. 50 PUSH EAX
004B4B01 |. E8 19040D00 CALL de_Tradi.00584F1F
004B4B06 |. 33DB XOR EBX,EBX
004B4B08 |. 83C4 08 ADD ESP,8
004B4B0B |. 3BC3 CMP EAX,EBX
004B4B0D |. 0F94C0 SETE AL
004B4B10 |. 3AC3 CMP AL,BL
004B4B12 |. 74 0C JE SHORT de_Tradi.004B4B20
004B4B14 |. 53 PUSH EBX
004B4B15 |. 53 PUSH EBX
004B4B16 |. 68 F46E6000 PUSH de_Tradi.00606EF4 ; ASCII "The License Name cannot be blank."
004B4B1B |. E9 E1010000 JMP de_Tradi.004B4D01
004B4B20 |> 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
004B4B24 |. 68 186F6000 PUSH de_Tradi.00606F18 ; ASCII "No Internet"
004B4B29 |. 51 PUSH ECX
004B4B2A |. E8 F0030D00 CALL de_Tradi.00584F1F
004B4B2F |. 83C4 08 ADD ESP,8
004B4B32 |. 3BC3 CMP EAX,EBX
004B4B34 |. 0F94C0 SETE AL
004B4B37 |. 3AC3 CMP AL,BL
004B4B39 74 0C JE SHORT de_Tradi.004B4B47
004B4B3B |. 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+1C]
004B4B3F |. 53 PUSH EBX
004B4B40 |. 53 PUSH EBX
004B4B41 |. 52 PUSH EDX
004B4B42 |. E9 BA010000 JMP de_Tradi.004B4D01
004B4B47 |> 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18]
004B4B4B |. 68 246F6000 PUSH de_Tradi.00606F24 ; ASCII "Blox9096"
004B4B50 |. 50 PUSH EAX
004B4B51 |. E8 C9030D00 CALL de_Tradi.00584F1F
004B4B56 |. 83C4 08 ADD ESP,8
004B4B59 |. 3BC3 CMP EAX,EBX
004B4B5B |. 0F94C0 SETE AL
004B4B5E |. 3AC3 CMP AL,BL
004B4B60 74 4A JE SHORT de_Tradi.004B4BAC
004B4B62 |. 53 PUSH EBX
004B4B63 |. 53 PUSH EBX
004B4B64 |. 51 PUSH ECX
004B4B65 |. 8D5424 20 LEA EDX,DWORD PTR SS:[ESP+20]
004B4B69 |. 8BCC MOV ECX,ESP
004B4B6B |. 896424 48 MOV DWORD PTR SS:[ESP+48],ESP
004B4B6F |. 52 PUSH EDX
004B4B70 |. E8 BB9FF5FF CALL de_Tradi.0040EB30
004B4B75 |. C64424 5C 09 MOV BYTE PTR SS:[ESP+5C],9
004B4B7A |. 8D4424 44 LEA EAX,DWORD PTR SS:[ESP+44]
004B4B7E |. 50 PUSH EAX
004B4B7F |. C64424 60 08 MOV BYTE PTR SS:[ESP+60],8
004B4B84 |. E8 87360300 CALL de_Tradi.004E8210
004B4B89 |. 83C4 08 ADD ESP,8
004B4B8C |. C64424 58 0A MOV BYTE PTR SS:[ESP+58],0A ; |
004B4B91 |. 8B00 MOV EAX,DWORD PTR DS:[EAX] ; |
004B4B93 |. 50 PUSH EAX ; |Arg1
004B4B94 |. E8 DFBA0900 CALL de_Tradi.00550678 ; \de_Tradi.00550678
004B4B99 |. C64424 50 08 MOV BYTE PTR SS:[ESP+50],8
004B4B9E |. 8D4C24 38 LEA ECX,DWORD PTR SS:[ESP+38]
004B4BA2 |. E8 8991F5FF CALL de_Tradi.0040DD30
004B4BA7 |. E9 5A010000 JMP de_Tradi.004B4D06
004B4BAC |> 51 PUSH ECX
004B4BAD |. 8D5424 20 LEA EDX,DWORD PTR SS:[ESP+20]
004B4BB1 |. 8BCC MOV ECX,ESP
004B4BB3 |. 896424 40 MOV DWORD PTR SS:[ESP+40],ESP
004B4BB7 |. 52 PUSH EDX
004B4BB8 |. 8D7424 40 LEA ESI,DWORD PTR SS:[ESP+40]
004B4BBC |. E8 6F9FF5FF CALL de_Tradi.0040EB30
004B4BC1 |. C64424 54 0B MOV BYTE PTR SS:[ESP+54],0B
004B4BC6 |. 51 PUSH ECX
004B4BC7 |. 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+20]
004B4BCB |. 8BCC MOV ECX,ESP
004B4BCD |. 896424 48 MOV DWORD PTR SS:[ESP+48],ESP
004B4BD1 |. 50 PUSH EAX
004B4BD2 |. E8 599FF5FF CALL de_Tradi.0040EB30
004B4BD7 |. C64424 58 0C MOV BYTE PTR SS:[ESP+58],0C
004B4BDC |. 51 PUSH ECX
004B4BDD |. 8D5424 20 LEA EDX,DWORD PTR SS:[ESP+20]
004B4BE1 |. 8BCC MOV ECX,ESP
004B4BE3 |. 896424 50 MOV DWORD PTR SS:[ESP+50],ESP
004B4BE7 |. 52 PUSH EDX
004B4BE8 |. E8 439FF5FF CALL de_Tradi.0040EB30
004B4BED |. C64424 5C 0D MOV BYTE PTR SS:[ESP+5C],0D
004B4BF2 |. C64424 5C 08 MOV BYTE PTR SS:[ESP+5C],8
004B4BF7 |. E8 74070200 CALL de_Tradi.004D5370
004B4BFC |. 83C4 0C ADD ESP,0C
004B4BFF |. 3AC3 CMP AL,BL
004B4C01 |. 0F84 F3000000 JE de_Tradi.004B4CFA
004B4C07 |. 8B4424 38 MOV EAX,DWORD PTR SS:[ESP+38]
004B4C0B |. 50 PUSH EAX
004B4C0C |. 55 PUSH EBP
004B4C0D |. 51 PUSH ECX
004B4C0E |. 8D5424 28 LEA EDX,DWORD PTR SS:[ESP+28]
004B4C12 |. 8BCC MOV ECX,ESP
004B4C14 |. 896424 50 MOV DWORD PTR SS:[ESP+50],ESP
004B4C18 |. 52 PUSH EDX
004B4C19 |. E8 129FF5FF CALL de_Tradi.0040EB30
004B4C1E |. C64424 5C 0E MOV BYTE PTR SS:[ESP+5C],0E
004B4C23 |. 51 PUSH ECX
004B4C24 |. 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+28]
004B4C28 |. 8BCC MOV ECX,ESP
004B4C2A |. 896424 50 MOV DWORD PTR SS:[ESP+50],ESP
004B4C2E |. 50 PUSH EAX
004B4C2F |. E8 FC9EF5FF CALL de_Tradi.0040EB30
004B4C34 |. C64424 60 0F MOV BYTE PTR SS:[ESP+60],0F
004B4C39 |. 51 PUSH ECX
004B4C3A |. 8D5424 28 LEA EDX,DWORD PTR SS:[ESP+28]
004B4C3E |. 8BCC MOV ECX,ESP
004B4C40 |. 896424 50 MOV DWORD PTR SS:[ESP+50],ESP
004B4C44 |. 52 PUSH EDX
004B4C45 |. E8 E69EF5FF CALL de_Tradi.0040EB30
004B4C4A |. C64424 64 10 MOV BYTE PTR SS:[ESP+64],10
004B4C4F |. C64424 64 08 MOV BYTE PTR SS:[ESP+64],8
004B4C54 |. E8 77E70100 CALL de_Tradi.004D33D0
004B4C59 |. 83C4 14 ADD ESP,14
004B4C5C |. 3AC3 CMP AL,BL
004B4C5E |. 0F84 A2000000 JE de_Tradi.004B4D06
004B4C64 |. C64424 50 07 MOV BYTE PTR SS:[ESP+50],7
004B4C69 |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
004B4C6D |. E8 BE90F5FF CALL de_Tradi.0040DD30
004B4C72 |. C64424 50 06 MOV BYTE PTR SS:[ESP+50],6
004B4C77 |. 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20]
004B4C7B |. E8 B090F5FF CALL de_Tradi.0040DD30
004B4C80 |. C64424 50 05 MOV BYTE PTR SS:[ESP+50],5
004B4C85 |. 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24]
004B4C89 |. E8 A290F5FF CALL de_Tradi.0040DD30
004B4C8E |. C64424 50 04 MOV BYTE PTR SS:[ESP+50],4
004B4C93 |. 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
004B4C97 |. E8 9490F5FF CALL de_Tradi.0040DD30
004B4C9C |. C64424 50 03 MOV BYTE PTR SS:[ESP+50],3
004B4CA1 |. 8D4C24 2C LEA ECX,DWORD PTR SS:[ESP+2C]
004B4CA5 |. E8 8690F5FF CALL de_Tradi.0040DD30
004B4CAA |. C64424 50 02 MOV BYTE PTR SS:[ESP+50],2
004B4CAF |. 8D4C24 30 LEA ECX,DWORD PTR SS:[ESP+30]
004B4CB3 |. E8 7890F5FF CALL de_Tradi.0040DD30
004B4CB8 |. C64424 50 01 MOV BYTE PTR SS:[ESP+50],1
004B4CBD |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
004B4CC1 |. E8 6A90F5FF CALL de_Tradi.0040DD30
004B4CC6 |. 885C24 50 MOV BYTE PTR SS:[ESP+50],BL
004B4CCA |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
004B4CCE |. E8 5D90F5FF CALL de_Tradi.0040DD30
004B4CD3 |. C74424 50 FFF>MOV DWORD PTR SS:[ESP+50],-1
004B4CDB |. 8D4C24 34 LEA ECX,DWORD PTR SS:[ESP+34]
004B4CDF |. E8 4C90F5FF CALL de_Tradi.0040DD30
004B4CE4 |. B0 01 MOV AL,1
004B4CE6 |. 8B4C24 48 MOV ECX,DWORD PTR SS:[ESP+48]
004B4CEA |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
004B4CF1 |. 59 POP ECX
004B4CF2 |. 5F POP EDI
004B4CF3 |. 5E POP ESI
004B4CF4 |. 5D POP EBP
004B4CF5 |. 5B POP EBX
004B4CF6 |. 83C4 40 ADD ESP,40
004B4CF9 |. C3 RETN
004B4CFA |> 53 PUSH EBX ; /Arg3
004B4CFB |. 53 PUSH EBX ; |Arg2
004B4CFC |. 68 306F6000 PUSH de_Tradi.00606F30 ; |Arg1 = 00606F30 ASCII "The license name and license key entered do not match. Please be sure to copy paste these values from the purchase confirmation email."
004B4D01 |> E8 72B90900 CALL de_Tradi.00550678 ; \de_Tradi.00550678
004B4D06 |> C64424 50 07 MOV BYTE PTR SS:[ESP+50],7
004B4D0B |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
004B4D0F |. E8 1C90F5FF CALL de_Tradi.0040DD30
004B4D14 |. C64424 50 06 MOV BYTE PTR SS:[ESP+50],6
004B4D19 |. 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20]
004B4D1D |. E8 0E90F5FF CALL de_Tradi.0040DD30
004B4D22 |. C64424 50 05 MOV BYTE PTR SS:[ESP+50],5
004B4D27 |. 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24]
004B4D2B |. E8 0090F5FF CALL de_Tradi.0040DD30
004B4D30 |. C64424 50 04 MOV BYTE PTR SS:[ESP+50],4
004B4D35 |. 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
004B4D39 |. E8 F28FF5FF CALL de_Tradi.0040DD30
004B4D3E |. C64424 50 03 MOV BYTE PTR SS:[ESP+50],3
004B4D43 |. 8D4C24 2C LEA ECX,DWORD PTR SS:[ESP+2C]
004B4D47 |. E8 E48FF5FF CALL de_Tradi.0040DD30
004B4D4C |. C64424 50 02 MOV BYTE PTR SS:[ESP+50],2
004B4D51 |. 8D4C24 30 LEA ECX,DWORD PTR SS:[ESP+30]
004B4D55 |. E8 D68FF5FF CALL de_Tradi.0040DD30
004B4D5A |. C64424 50 01 MOV BYTE PTR SS:[ESP+50],1
004B4D5F |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
004B4D63 |. E8 C88FF5FF CALL de_Tradi.0040DD30
004B4D68 |. 885C24 50 MOV BYTE PTR SS:[ESP+50],BL
004B4D6C |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
004B4D70 |. E8 BB8FF5FF CALL de_Tradi.0040DD30
004B4D75 |. C74424 50 FFF>MOV DWORD PTR SS:[ESP+50],-1
004B4D7D |. 8D4C24 34 LEA ECX,DWORD PTR SS:[ESP+34]
004B4D81 |. E8 AA8FF5FF CALL de_Tradi.0040DD30
004B4D86 |. 32C0 XOR AL,AL
004B4D88 |. 8B4C24 48 MOV ECX,DWORD PTR SS:[ESP+48]
004B4D8C |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
004B4D93 |. 59 POP ECX
004B4D94 |. 5F POP EDI
004B4D95 |. 5E POP ESI
004B4D96 |. 5D POP EBP
004B4D97 |. 5B POP EBX
004B4D98 |. 83C4 40 ADD ESP,40
004B4D9B \. C3 RETN
这是追到的代码,下断,F8,寄存里没有。
http://rapidshare.com/files/88622278/de_.rar.html
这个是脱了壳后的程序。1M压缩后。
谢谢!
[课程]FART 脱壳王!加量不加价!FART作者讲授!