软件下载地址:http://pickup.mofile.com/4894742428376414
以下是我的分析,就是没有找到软件算法位置:
0065CE7C /. 55 PUSH EBP ;注册入口
0065CE7D |. 8BEC MOV EBP,ESP
0065CE7F |. 33C9 XOR ECX,ECX
0065CE81 |. 51 PUSH ECX
0065CE82 |. 51 PUSH ECX
0065CE83 |. 51 PUSH ECX
0065CE84 |. 51 PUSH ECX
0065CE85 |. 56 PUSH ESI
0065CE86 |. 8BF0 MOV ESI,EAX
0065CE88 |. 33C0 XOR EAX,EAX
0065CE8A |. 55 PUSH EBP
0065CE8B |. 68 7CCF6500 PUSH 店铺电脑.0065CF7C
0065CE90 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0065CE93 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0065CE96 |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
0065CE99 |. 8B86 FC020000 MOV EAX,DWORD PTR DS:[ESI+2FC]
0065CE9F |. E8 08A3E0FF CALL 店铺电脑.004671AC ; 假码的位数传入寄存器EAX中
0065CEA4 |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
0065CEA8 |. 74 36 JE SHORT 店铺电脑.0065CEE0
0065CEAA |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
0065CEAD |. 8B86 FC020000 MOV EAX,DWORD PTR DS:[ESI+2FC]
0065CEB3 |. E8 F4A2E0FF CALL 店铺电脑.004671AC ; 假码的位数传入寄存器EAX中
0065CEB8 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0065CEBB |. E8 F07FDAFF CALL 店铺电脑.00404EB0 ; 假码出现在寄存器EAX中
0065CEC0 |. 83F8 23 CMP EAX,23 ; 对比注册码是否大于35位(十进制)
0065CEC3 |. 7C 1B JL SHORT 店铺电脑.0065CEE0 ; 小于35则跳(结束)
0065CEC5 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0065CEC8 |. 8B86 FC020000 MOV EAX,DWORD PTR DS:[ESI+2FC]
0065CECE |. E8 D9A2E0FF CALL 店铺电脑.004671AC
0065CED3 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0065CED6 |. E8 D57FDAFF CALL 店铺电脑.00404EB0
0065CEDB |. 83F8 34 CMP EAX,34 ; 对比注册码是否大于52位(十进制)
0065CEDE |. 7E 33 JLE SHORT 店铺电脑.0065CF13 ; 小于等于52则跳到认证注册
0065CEE0 |> B8 90CF6500 MOV EAX,店铺电脑.0065CF90 ; 注册信息不正确,如果您尚未获得注册码,请查看购买方法
0065CEE5 |. E8 3AEBDDFF CALL 店铺电脑.0043BA24
0065CEEA |. 6A 03 PUSH 3
0065CEEC |. 68 C8CF6500 PUSH 店铺电脑.0065CFC8 ; _blank
0065CEF1 |. 6A 00 PUSH 0
0065CEF3 |. 68 D0CF6500 PUSH 店铺电脑.0065CFD0 ; http://www.kiwisoft.cn/reg.htm
0065CEF8 |. 68 F0CF6500 PUSH 店铺电脑.0065CFF0 ; open
0065CEFD |. 8BC6 MOV EAX,ESI
0065CEFF |. E8 2C0CE1FF CALL 店铺电脑.0046DB30
0065CF04 |. 50 PUSH EAX ; |hWnd
0065CF05 |. E8 12AEDDFF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
0065CF0A |. 8BC6 MOV EAX,ESI
0065CF0C |. E8 DF76E2FF CALL 店铺电脑.004845F0
0065CF11 |. EB 46 JMP SHORT 店铺电脑.0065CF59
0065CF13 |> 8B15 F0416700 MOV EDX,DWORD PTR DS:[6741F0] ; 店铺电脑.006788D4
0065CF19 |. 8B12 MOV EDX,DWORD PTR DS:[EDX]
0065CF1B |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0065CF1E |. B9 00D06500 MOV ECX,店铺电脑.0065D000 ; license.xml
0065CF23 |. E8 D47FDAFF CALL 店铺电脑.00404EFC ; 建立LICENSE.XML
0065CF28 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0065CF2B |. 8B86 FC020000 MOV EAX,DWORD PTR DS:[ESI+2FC]
0065CF31 |. 8B80 20020000 MOV EAX,DWORD PTR DS:[EAX+220]
0065CF37 |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
0065CF39 |. FF51 74 CALL DWORD PTR DS:[ECX+74]
0065CF3C |. B8 14D06500 MOV EAX,店铺电脑.0065D014 ; 已成功输入,请重新打开软件读取授权信息
0065CF41 |. E8 DEEADDFF CALL 店铺电脑.0043BA24 ; CALL已成功输入,重启软件
0065CF46 |. 8BC6 MOV EAX,ESI
0065CF48 |. E8 A376E2FF CALL 店铺电脑.004845F0
0065CF4D |. A1 F0406700 MOV EAX,DWORD PTR DS:[6740F0]
0065CF52 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0065CF54 |. E8 B3B0E2FF CALL 店铺电脑.0048800C
0065CF59 |> 33C0 XOR EAX,EAX
0065CF5B |. 5A POP EDX
0065CF5C |. 59 POP ECX
0065CF5D |. 59 POP ECX
0065CF5E |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0065CF61 |. 68 83CF6500 PUSH 店铺电脑.0065CF83
0065CF66 |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0065CF69 |. E8 827CDAFF CALL 店铺电脑.00404BF0
0065CF6E |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C] ; 传第一行假码地址到EAX
0065CF71 |. BA 03000000 MOV EDX,3
0065CF76 |. E8 997CDAFF CALL 店铺电脑.00404C14
0065CF7B \. C3 RETN
[课程]Linux pwn 探索篇!