-
-
[旧帖] [求助]VB程序OD下断后找不到关键跳及Call... 0.00雪花
-
发表于: 2008-3-24 23:50
-
VB程序用bp rtcMsgBox下断,断在此处,大家帮我看一下能爆破吗?
找不到明码注册码比较
660DC5F3 > 55 push ebp ;输入注册码后点确定断在此处。。。。。
660DC5F4 8BEC mov ebp, esp
660DC5F6 83EC 4C sub esp, 4C
660DC5F9 8B4D 14 mov ecx, dword ptr [ebp+14]
660DC5FC 53 push ebx
660DC5FD 56 push esi
660DC5FE 57 push edi
660DC5FF 66:8339 0A cmp word ptr [ecx], 0A
660DC603 B8 04000280 mov eax, 80020004
660DC608 0F85 FC000000 jnz 660DC70A
660DC60E 3941 08 cmp dword ptr [ecx+8], eax
660DC611 0F85 F3000000 jnz 660DC70A
660DC617 834D FC FF or dword ptr [ebp-4], FFFFFFFF
660DC61B 33F6 xor esi, esi
660DC61D 8B4D 18 mov ecx, dword ptr [ebp+18]
660DC620 66:8339 0A cmp word ptr [ecx], 0A
660DC624 0F85 EA000000 jnz 660DC714
660DC62A 3941 08 cmp dword ptr [ecx+8], eax
660DC62D 0F85 E1000000 jnz 660DC714
660DC633 834D F8 FF or dword ptr [ebp-8], FFFFFFFF
660DC637 8B7D 10 mov edi, dword ptr [ebp+10]
660DC63A 66:833F 0A cmp word ptr [edi], 0A
660DC63E 0F85 D8000000 jnz 660DC71C
660DC644 3947 08 cmp dword ptr [edi+8], eax
660DC647 0F85 CF000000 jnz 660DC71C
660DC64D 834D F4 FF or dword ptr [ebp-C], FFFFFFFF
660DC651 FF75 08 push dword ptr [ebp+8]
660DC654 8D45 D4 lea eax, dword ptr [ebp-2C]
660DC657 8975 F0 mov dword ptr [ebp-10], esi
660DC65A 50 push eax
660DC65B E8 A5040000 call 660DCB05 ; 调用注册错误对话框
660DC660 8BD8 mov ebx, eax
660DC662 8B45 DC mov eax, dword ptr [ebp-24]
660DC665 8945 E8 mov dword ptr [ebp-18], eax
660DC668 8B45 0C mov eax, dword ptr [ebp+C]
660DC66B 83E0 0F and eax, 0F
660DC66E 895D E4 mov dword ptr [ebp-1C], ebx
660DC671 3C 05 cmp al, 5
660DC673 7F 1C jg short 660DC691
660DC675 8B45 0C mov eax, dword ptr [ebp+C]
660DC678 25 F0000000 and eax, 0F0
660DC67D 83F8 40 cmp eax, 40
660DC680 7F 0F jg short 660DC691
660DC682 8B45 0C mov eax, dword ptr [ebp+C]
660DC685 25 000F0000 and eax, 0F00
660DC68A 3D 00030000 cmp eax, 300
660DC68F 7E 03 jle short 660DC694
660DC691 8975 0C mov dword ptr [ebp+C], esi
660DC694 66:3975 F4 cmp word ptr [ebp-C], si
660DC698 8B35 E8190066 mov esi, dword ptr [<&OLEAUT32.#6>] ; OLEAUT32.SysFreeString
660DC69E 0F84 80000000 je 660DC724
660DC6A4 8365 10 00 and dword ptr [ebp+10], 0
660DC6A8 8365 08 00 and dword ptr [ebp+8], 0
660DC6AC 33C0 xor eax, eax
660DC6AE 66:3945 FC cmp word ptr [ebp-4], ax
660DC6B2 0F84 A7000000 je 660DC75F
660DC6B8 66:3945 F8 cmp word ptr [ebp-8], ax
660DC6BC 0F84 97000000 je 660DC759
660DC6C2 8945 EC mov dword ptr [ebp-14], eax
660DC6C5 33FF xor edi, edi
660DC6C7 8B55 E8 mov edx, dword ptr [ebp-18]
660DC6CA 85D2 test edx, edx
660DC6CC 75 03 jnz short 660DC6D1
660DC6CE 8D55 F0 lea edx, dword ptr [ebp-10]
660DC6D1 8B4D 08 mov ecx, dword ptr [ebp+8]
660DC6D4 85C9 test ecx, ecx
660DC6D6 75 09 jnz short 660DC6E1
660DC6D8 66:394D F4 cmp word ptr [ebp-C], cx
660DC6DC 75 03 jnz short 660DC6E1
660DC6DE 8D4D F0 lea ecx, dword ptr [ebp-10]
660DC6E1 6A 01 push 1
660DC6E3 50 push eax
660DC6E4 57 push edi
660DC6E5 FF75 0C push dword ptr [ebp+C]
660DC6E8 51 push ecx
660DC6E9 52 push edx
660DC6EA E8 FC72F8FF call 660639EB ; 调用注册错误对话框
660DC6EF FF75 E4 push dword ptr [ebp-1C]
660DC6F2 8BF8 mov edi, eax
660DC6F4 FFD6 call esi
660DC6F6 FF75 10 push dword ptr [ebp+10]
660DC6F9 FFD6 call esi
660DC6FB FF75 EC push dword ptr [ebp-14]
660DC6FE FFD6 call esi
660DC700 0FBFC7 movsx eax, di
660DC703 5F pop edi
660DC704 5E pop esi
660DC705 5B pop ebx
660DC706 C9 leave
660DC707 C2 1400 retn 14
660DC70A 33F6 xor esi, esi
660DC70C 8975 FC mov dword ptr [ebp-4], esi
660DC70F ^ E9 09FFFFFF jmp 660DC61D
660DC714 8975 F8 mov dword ptr [ebp-8], esi
660DC717 ^ E9 1BFFFFFF jmp 660DC637
660DC71C 8975 F4 mov dword ptr [ebp-C], esi
660DC71F ^ E9 2DFFFFFF jmp 660DC651
找不到明码注册码比较
660DC5F3 > 55 push ebp ;输入注册码后点确定断在此处。。。。。
660DC5F4 8BEC mov ebp, esp
660DC5F6 83EC 4C sub esp, 4C
660DC5F9 8B4D 14 mov ecx, dword ptr [ebp+14]
660DC5FC 53 push ebx
660DC5FD 56 push esi
660DC5FE 57 push edi
660DC5FF 66:8339 0A cmp word ptr [ecx], 0A
660DC603 B8 04000280 mov eax, 80020004
660DC608 0F85 FC000000 jnz 660DC70A
660DC60E 3941 08 cmp dword ptr [ecx+8], eax
660DC611 0F85 F3000000 jnz 660DC70A
660DC617 834D FC FF or dword ptr [ebp-4], FFFFFFFF
660DC61B 33F6 xor esi, esi
660DC61D 8B4D 18 mov ecx, dword ptr [ebp+18]
660DC620 66:8339 0A cmp word ptr [ecx], 0A
660DC624 0F85 EA000000 jnz 660DC714
660DC62A 3941 08 cmp dword ptr [ecx+8], eax
660DC62D 0F85 E1000000 jnz 660DC714
660DC633 834D F8 FF or dword ptr [ebp-8], FFFFFFFF
660DC637 8B7D 10 mov edi, dword ptr [ebp+10]
660DC63A 66:833F 0A cmp word ptr [edi], 0A
660DC63E 0F85 D8000000 jnz 660DC71C
660DC644 3947 08 cmp dword ptr [edi+8], eax
660DC647 0F85 CF000000 jnz 660DC71C
660DC64D 834D F4 FF or dword ptr [ebp-C], FFFFFFFF
660DC651 FF75 08 push dword ptr [ebp+8]
660DC654 8D45 D4 lea eax, dword ptr [ebp-2C]
660DC657 8975 F0 mov dword ptr [ebp-10], esi
660DC65A 50 push eax
660DC65B E8 A5040000 call 660DCB05 ; 调用注册错误对话框
660DC660 8BD8 mov ebx, eax
660DC662 8B45 DC mov eax, dword ptr [ebp-24]
660DC665 8945 E8 mov dword ptr [ebp-18], eax
660DC668 8B45 0C mov eax, dword ptr [ebp+C]
660DC66B 83E0 0F and eax, 0F
660DC66E 895D E4 mov dword ptr [ebp-1C], ebx
660DC671 3C 05 cmp al, 5
660DC673 7F 1C jg short 660DC691
660DC675 8B45 0C mov eax, dword ptr [ebp+C]
660DC678 25 F0000000 and eax, 0F0
660DC67D 83F8 40 cmp eax, 40
660DC680 7F 0F jg short 660DC691
660DC682 8B45 0C mov eax, dword ptr [ebp+C]
660DC685 25 000F0000 and eax, 0F00
660DC68A 3D 00030000 cmp eax, 300
660DC68F 7E 03 jle short 660DC694
660DC691 8975 0C mov dword ptr [ebp+C], esi
660DC694 66:3975 F4 cmp word ptr [ebp-C], si
660DC698 8B35 E8190066 mov esi, dword ptr [<&OLEAUT32.#6>] ; OLEAUT32.SysFreeString
660DC69E 0F84 80000000 je 660DC724
660DC6A4 8365 10 00 and dword ptr [ebp+10], 0
660DC6A8 8365 08 00 and dword ptr [ebp+8], 0
660DC6AC 33C0 xor eax, eax
660DC6AE 66:3945 FC cmp word ptr [ebp-4], ax
660DC6B2 0F84 A7000000 je 660DC75F
660DC6B8 66:3945 F8 cmp word ptr [ebp-8], ax
660DC6BC 0F84 97000000 je 660DC759
660DC6C2 8945 EC mov dword ptr [ebp-14], eax
660DC6C5 33FF xor edi, edi
660DC6C7 8B55 E8 mov edx, dword ptr [ebp-18]
660DC6CA 85D2 test edx, edx
660DC6CC 75 03 jnz short 660DC6D1
660DC6CE 8D55 F0 lea edx, dword ptr [ebp-10]
660DC6D1 8B4D 08 mov ecx, dword ptr [ebp+8]
660DC6D4 85C9 test ecx, ecx
660DC6D6 75 09 jnz short 660DC6E1
660DC6D8 66:394D F4 cmp word ptr [ebp-C], cx
660DC6DC 75 03 jnz short 660DC6E1
660DC6DE 8D4D F0 lea ecx, dword ptr [ebp-10]
660DC6E1 6A 01 push 1
660DC6E3 50 push eax
660DC6E4 57 push edi
660DC6E5 FF75 0C push dword ptr [ebp+C]
660DC6E8 51 push ecx
660DC6E9 52 push edx
660DC6EA E8 FC72F8FF call 660639EB ; 调用注册错误对话框
660DC6EF FF75 E4 push dword ptr [ebp-1C]
660DC6F2 8BF8 mov edi, eax
660DC6F4 FFD6 call esi
660DC6F6 FF75 10 push dword ptr [ebp+10]
660DC6F9 FFD6 call esi
660DC6FB FF75 EC push dword ptr [ebp-14]
660DC6FE FFD6 call esi
660DC700 0FBFC7 movsx eax, di
660DC703 5F pop edi
660DC704 5E pop esi
660DC705 5B pop ebx
660DC706 C9 leave
660DC707 C2 1400 retn 14
660DC70A 33F6 xor esi, esi
660DC70C 8975 FC mov dword ptr [ebp-4], esi
660DC70F ^ E9 09FFFFFF jmp 660DC61D
660DC714 8975 F8 mov dword ptr [ebp-8], esi
660DC717 ^ E9 1BFFFFFF jmp 660DC637
660DC71C 8975 F4 mov dword ptr [ebp-C], esi
660DC71F ^ E9 2DFFFFFF jmp 660DC651
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
对,看了那段代码真的是这个软件,你早前的那贴给版主删了, 就是看到你的贴,我把他干了 ^_^ , 方法我就不说了,大家都不好混 , 算法复杂复杂
但没用,算法存在很大的漏洞,很容易给人把 KEY 替换了,这就是我的提示   |
|
|
|
|
|
|
|
|
谢谢了,只是研究一下而已。
算法难是不难,进了VBVM我就没方向了  |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
晕,我不是美女,本来我是专泡美女的,现在升华了
|
|
|
|
|
|
|
|
|
学习中...................
|
