【文章标题】: COM Explorer 2.0 算法分析
【文章作者】: qifeon
【软件名称】: COM Explorer
【下载地址】: 自己搜索下载
【保护方式】: 注册码
【使用工具】: OD,PEID
【操作平台】: WINXP SP2
【作者声明】: 只是感兴趣，没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
  一、Peid 查壳，显示无壳。编程语言为：Microsoft Visual C++ 6.0。
  
  二、试运行软件，默认用户名为“UNREGISTERED USER”，不是一般为空。这点关系到后来对用户名的检验。直接点击“unlock”按钮，则程序直接退出。
  
  初步探索有利于我们调试时理解程序流程。输入试炼码“abcdefghijk,123456”,出现错误对话框。很长，记了个“re-enter”。
  
  三、分析过程
  
  OD载入程序，利用字符串插件，搜索“re-enter”来到
  
  Ultra String Reference, 条目 214
   Address=00409082
   Disassembly=push    004641AC
   Text String=the license information you have entered could not be validated.\nplease re-enter the user id and serial number you have legaly
   obtained from 4developers llc.\n\nif you have not ordered yet you can click one of the buttons below to see how to order com ...or
  
  双击后返回到程序代码处
  
  

00409074   > \85F6          test    esi, esi                         ;  由此处向上找跳转
  00409076   .  74 03         je      short 0040907B
  00409078   .  8B76 1C       mov     esi, dword ptr [esi+1C]
  0040907B   >  6A 40         push    40                               ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
  0040907D   .  68 D4424600   push    004642D4                         ; |invalid license
  00409082   .  68 AC414600   push    004641AC                         ; |the license information you have entered could not be validated.\nplease re-enter ..
  00409087   .  56            push    esi                              ; |返回处
  00409088   .  FF15 E8054500 call    dword ptr [<&USER32.MessageBoxA>>; \MessageBoxA
  0040908E   .  5E            pop     esi
  0040908F   .  5B            pop     ebx
  00409090   .  83C4 08       add     esp, 8
  00409093   .  C3            retn

00409028   > \6A FF         push    -1                               ; /接着向上找跳转
  0040902A   .  FF15 FC054500 call    dword ptr [<&USER32.MessageBeep>>; \MessageBeep
  00409030   .  8BCE          mov     ecx, esi
  00409032   .  E8 69F9FFFF   call    004089A0
  00409037   .  85C0          test    eax, eax
  00409039   .  74 39         je      short 00409074                   ;  来到这个跳转
  0040903B   .  85F6          test    esi, esi
  0040903D   .  75 19         jnz     short 00409058
  0040903F   .  6A 40         push    40                               ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
  00409041   .  68 18444600   push    00464418                         ; |outdated license
  00409046   .  68 E4424600   push    004642E4                         ; |the license information you have entered is for com explorer 1.x only.\n\nto unlock version 2.0,..
  0040904B   .  56            push    esi                              ; |hOwner
  0040904C   .  FF15 E8054500 call    dword ptr [<&USER32.MessageBoxA>>; \MessageBoxA
  00409052   .  5E            pop     esi
  00409053   .  5B            pop     ebx
  00409054   .  83C4 08       add     esp, 8
  00409057   .  C3            retn
  00409058   >  8B76 1C       mov     esi, dword ptr [esi+1C]
  0040905B   .  6A 40         push    40                               ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
  0040905D   .  68 18444600   push    00464418                         ; |outdated license
  00409062   .  68 E4424600   push    004642E4                         ; |the license information you have entered is for com explorer 1.x only.\n\nto unlock version 2.0, 
  00409067   .  56            push    esi                              ; |hOwner
  00409068   .  FF15 E8054500 call    dword ptr [<&USER32.MessageBoxA>>; \MessageBoxA
  0040906E   .  5E            pop     esi
  0040906F   .  5B            pop     ebx
  00409070   .  83C4 08       add     esp, 8
  00409073   .  C3            retn
  

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！