【破文标题】菜鸟破解小软件遇到麻烦
【破解工具】OllyDbg1.10 Peid0.94
【破解平台】windows xp sp2
【软件名称】xxx
【软件大小】998K
【原版下载】
http://www.live-share.com/files/342775/pizza.rar.html
【保护方式】ICE License
【软件简介】转换格式等
------------------------------------------------------------------------
【破解过程】 Peid0.94查壳,无壳,,delphi 程序
004EB7F4 /. 55 push ebp
004EB7F5 |. 8BEC mov ebp, esp
004EB7F7 |. 83C4 F0 add esp, -10
004EB7FA |. 53 push ebx
004EB7FB |. 33C9 xor ecx, ecx
004EB7FD |. 894D F8 mov dword ptr [ebp-8], ecx
004EB800 |. 894D FC mov dword ptr [ebp-4], ecx
004EB803 |. 8BD8 mov ebx, eax
004EB805 |. 33C0 xor eax, eax
004EB807 |. 55 push ebp
004EB808 |. 68 85B84E00 push 004EB885
004EB80D |. 64:FF30 push dword ptr fs:[eax]
004EB810 |. 64:8920 mov dword ptr fs:[eax], esp
004EB813 |. 8B83 6C030000 mov eax, dword ptr [ebx+36C]
004EB819 |. E8 A6D7FEFF call 004D8FC4
004EB81E |. 8D55 FC lea edx, dword ptr [ebp-4]
004EB821 |. 8B83 6C030000 mov eax, dword ptr [ebx+36C]
004EB827 |. E8 A8E5FEFF call 004D9DD4 /获取机器码关键Call
004EB82C |. 8D45 F8 lea eax, dword ptr [ebp-8]
004EB82F |. 50 push eax
004EB830 |. 8B45 FC mov eax, dword ptr [ebp-4]
004EB833 |. 8945 F0 mov dword ptr [ebp-10], eax
004EB836 |. C645 F4 0B mov byte ptr [ebp-C], 0B
004EB83A |. 8D55 F0 lea edx, dword ptr [ebp-10]
004EB83D |. 33C9 xor ecx, ecx
004EB83F |. B8 9CB84E00 mov eax, 004EB89C ; ASCII "No valid License found!",CR,LF,"Using this MachineID to require the License: %s",CR,LF,"It has been copied to your clipborad."
004EB844 |. E8 3FF3F1FF call 0040AB88
004EB849 |. 8B45 F8 mov eax, dword ptr [ebp-8]
004EB84C |. E8 AF38F4FF call 0042F100
004EB851 |. E8 AA81F4FF call 00433A00
004EB856 |. 8B55 FC mov edx, dword ptr [ebp-4]
......
004EB90C . 53 push ebx
004EB90D . 8BD8 mov ebx, eax
004EB90F . 6A 00 push 0
004EB911 . 6A 00 push 0
004EB913 . 68 65040000 push 465
004EB918 . 8BC3 mov eax, ebx
004EB91A . E8 4D4CF6FF call 0045056C
004EB91F . 50 push eax ; |hWnd
004EB920 . E8 ABC7F1FF call <jmp.&user32.PostMessageA> ; \PostMessageA /自校验 程序 OVER
004EB925 . 5B pop ebx
004EB926 . C3 retn
.......
004EBAA8 /. 55 push ebp
004EBAA9 |. 8BEC mov ebp, esp
004EBAAB |. 6A 00 push 0
004EBAAD |. 53 push ebx
004EBAAE |. 56 push esi
004EBAAF |. 8BD8 mov ebx, eax
004EBAB1 |. 33C0 xor eax, eax
004EBAB3 |. 55 push ebp
004EBAB4 |. 68 06BB4E00 push 004EBB06
004EBAB9 |. 64:FF30 push dword ptr fs:[eax]
004EBABC |. 64:8920 mov dword ptr fs:[eax], esp
004EBABF |. 68 1CBB4E00 push 004EBB1C ; ASCII "Registered to: " /注册信息
004EBAC4 |. 8BB3 6C030000 mov esi, dword ptr [ebx+36C]
004EBACA |. FF76 50 push dword ptr [esi+50]
004EBACD |. 68 34BB4E00 push 004EBB34
004EBAD2 |. FF76 54 push dword ptr [esi+54]
004EBAD5 |. 8D45 FC lea eax, dword ptr [ebp-4]
004EBAD8 |. BA 04000000 mov edx, 4
004EBADD |. E8 0A97F1FF call 004051EC
004EBAE2 |. 8B55 FC mov edx, dword ptr [ebp-4]
004EBAE5 |. 8B83 70030000 mov eax, dword ptr [ebx+370]
004EBAEB |. E8 8CE2F5FF call 00449D7C
004EBAF0 |. 33C0 xor eax, eax
获取了以下机器码
4F-A8-38-21-AE-AA-A9-46
正版注册文件 License.ldf
1、试图改造 004EB827 |. E8 A8E5FEFF call 004D9DD4 使验证Call的返回值为4F-A8-38-21-AE-AA-A9-46 程序便成为正版 水平过菜 爆破未果
2、 试验了常见 5 种以上资源修改工具,如Resource Hacker eXeScope PE Explorer 等均 无法找到资源。
------------------------------------------------------------------------
【破解总结】水平菜到看不下去 只想问题能在朋友们帮助下有个答案
------------------------------------------------------------------------
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
万分感谢~
