-
-
[旧帖] [求助]一道我完成不了的作业 0.00雪花
-
发表于: 2008-10-18 08:35 2606
-
[标题]一道我完成不了的作业
[系统]xpsp2
[软件]连连看3.0助手
[工具]OD peid
[语言]Borland Delphi 6.0 - 7.0
用字符串参考是“错误的序列号”
查得的结果
00470176 E8 F985FFFF call llkzs.00468774(4)
0047017B 8D45 F4 lea eax,dword ptr ss:[ebp-C]
0047017E 50 push eax
0047017F 8D55 F0 lea edx,dword ptr ss:[ebp-10]
00470182 8B83 0C030000 mov eax,dword ptr ds:[ebx+30C]
00470188 E8 0F11FDFF call llkzs.0044129C//(3)
0047018D 8B45 F0 mov eax,dword ptr ss:[ebp-10]
00470190 B9 64000000 mov ecx,64
00470195 BA 03000000 mov edx,3
0047019A E8 1943F9FF call llkzs.004044B8//(2)
0047019F 8B55 F4 mov edx,dword ptr ss:[ebp-C]
004701A2 8B45 FC mov eax,dword ptr ss:[ebp-4]
004701A5 E8 FA41F9FF call llkzs.004043A4 //(1)我想是关键call
004701AA 75 31 jnz short llkzs.004701DD //关键跳(改这没有用没起到软件真正的效果)
004701AC B8 40024700 mov eax,llkzs.00470240 ; 感谢您的购买!
004701B1 E8 426DFFFF call llkzs.00466EF8
004701B6 68 58024700 push llkzs.00470258 ; main
004701BB 8D55 EC lea edx,dword ptr ss:[ebp-14]
004701BE 8B83 10030000 mov eax,dword ptr ds:[ebx+310]
004701C4 E8 D310FDFF call llkzs.0044129C
004701C9 8B55 EC mov edx,dword ptr ss:[ebp-14]
004701CC B9 68024700 mov ecx,llkzs.00470268 ; option.ini
004701D1 B8 7C024700 mov eax,llkzs.0047027C ; sn
004701D6 E8 FD59FFFF call llkzs.00465BD8
004701DB EB 1E jmp short llkzs.004701FB
004701DD 8D45 FC lea eax,dword ptr ss:[ebp-4]
004701E0 E8 B33DF9FF call llkzs.00403F98
004701E5 B8 64000000 mov eax,64
004701EA E8 5968FFFF call llkzs.00466A48
004701EF 33D2 xor edx,edx
004701F1 B8 88024700 mov eax,llkzs.00470288 ; 错误的序列号!
004701F6 E8 296CFFFF call llkzs.00466E24
004043A4 53 push ebx//第1call开始
004043A5 56 push esi
004043A6 57 push edi
004043A7 89C6 mov esi,eax
004043A9 89D7 mov edi,edx
004043AB 39D0 cmp eax,edx
004043AD 0F84 8F000000 je llkzs.00404442 //改这可以提示感谢您的购买!
004043B3 85F6 test esi,esi
004043B5 74 68 je short llkzs.0040441F
004043B7 85FF test edi,edi
004043B9 74 6B je short llkzs.00404426
004043BB 8B46 FC mov eax,dword ptr ds:[esi-4]
004043BE 8B57 FC mov edx,dword ptr ds:[edi-4]
004043C1 29D0 sub eax,edx
004043C3 77 02 ja short llkzs.004043C7
004043C5 01C2 add edx,eax
004043C7 52 push edx
004043C8 C1EA 02 shr edx,2
004043CB 74 26 je short llkzs.004043F3
004043CD 8B0E mov ecx,dword ptr ds:[esi]
004043CF 8B1F mov ebx,dword ptr ds:[edi]
004043D1 39D9 cmp ecx,ebx
004043D3 75 58 jnz short llkzs.0040442D
004043D5 4A dec edx
004043D6 74 15 je short llkzs.004043ED
004043D8 8B4E 04 mov ecx,dword ptr ds:[esi+4]
004043DB 8B5F 04 mov ebx,dword ptr ds:[edi+4]
004043DE 39D9 cmp ecx,ebx
004043E0 75 4B jnz short llkzs.0040442D
004043E2 83C6 08 add esi,8
004043E5 83C7 08 add edi,8
004043E8 4A dec edx
004043E9 ^ 75 E2 jnz short llkzs.004043CD
004043EB EB 06 jmp short llkzs.004043F3
004043ED 83C6 04 add esi,4
004043F0 83C7 04 add edi,4
004043F3 5A pop edx
004043F4 83E2 03 and edx,3
004043F7 74 22 je short llkzs.0040441B
004043F9 8B0E mov ecx,dword ptr ds:[esi]
004043FB 8B1F mov ebx,dword ptr ds:[edi]
004043FD 38D9 cmp cl,bl
004043FF 75 41 jnz short llkzs.00404442
00404401 4A dec edx
00404402 74 17 je short llkzs.0040441B
00404404 38FD cmp ch,bh
00404406 75 3A jnz short llkzs.00404442
00404408 4A dec edx
00404409 74 10 je short llkzs.0040441B
0040440B 81E3 0000FF00 and ebx,0FF0000
00404411 81E1 0000FF00 and ecx,0FF0000
00404417 39D9 cmp ecx,ebx
00404419 75 27 jnz short llkzs.00404442
0040441B 01C0 add eax,eax
0040441D EB 23 jmp short llkzs.00404442
0040441F 8B57 FC mov edx,dword ptr ds:[edi-4]
00404422 29D0 sub eax,edx
00404424 EB 1C jmp short llkzs.00404442
00404426 8B46 FC mov eax,dword ptr ds:[esi-4]
00404429 29D0 sub eax,edx
0040442B EB 15 jmp short llkzs.00404442
0040442D 5A pop edx
0040442E 38D9 cmp cl,bl
00404430 75 10 jnz short llkzs.00404442
00404432 38FD cmp ch,bh
00404434 75 0C jnz short llkzs.00404442
00404436 C1E9 10 shr ecx,10
00404439 C1EB 10 shr ebx,10
0040443C 38D9 cmp cl,bl
0040443E 75 02 jnz short llkzs.00404442
00404440 38FD cmp ch,bh
00404442 5F pop edi
00404443 5E pop esi
00404444 5B pop ebx
00404445 C3 retn
004044B8 53 push ebx //第2个call开始 这里跟出机器码
004044B9 85C0 test eax,eax
004044BB 74 2D je short llkzs.004044EA
004044BD 8B58 FC mov ebx,dword ptr ds:[eax-4]
004044C0 85DB test ebx,ebx
004044C2 74 26 je short llkzs.004044EA
004044C4 4A dec edx
004044C5 7C 1B jl short llkzs.004044E2
004044C7 39DA cmp edx,ebx
004044C9 7D 1F jge short llkzs.004044EA
004044CB 29D3 sub ebx,edx
004044CD 85C9 test ecx,ecx
004044CF 7C 19 jl short llkzs.004044EA
004044D1 39D9 cmp ecx,ebx
004044D3 7F 11 jg short llkzs.004044E6
004044D5 01C2 add edx,eax
004044D7 8B4424 08 mov eax,dword ptr ss:[esp+8]
004044DB E8 A8FBFFFF call llkzs.00404088
004044E0 EB 11 jmp short llkzs.004044F3
004044E2 31D2 xor edx,edx
004044E4 ^ EB E5 jmp short llkzs.004044CB
004044E6 89D9 mov ecx,ebx
004044E8 ^ EB EB jmp short llkzs.004044D5
004044EA 8B4424 08 mov eax,dword ptr ss:[esp+8]
004044EE E8 A5FAFFFF call llkzs.00403F98
004044F3 5B pop ebx
004044F4 C2 0400 retn 4
00468774 55 push ebp //第三个call开始
00468775 8BEC mov ebp,esp
00468777 6A 00 push 0
00468779 6A 00 push 0
0046877B 6A 00 push 0
0046877D 6A 00 push 0
0046877F 6A 00 push 0
00468781 53 push ebx
00468782 56 push esi
00468783 57 push edi
00468784 8BF9 mov edi,ecx
00468786 8955 F8 mov dword ptr ss:[ebp-8],edx
00468789 8945 FC mov dword ptr ss:[ebp-4],eax
0046878C 8B45 FC mov eax,dword ptr ss:[ebp-4] ; 出假码
0046878F E8 B4BCF9FF call llkzs.00404448
00468794 8B45 F8 mov eax,dword ptr ss:[ebp-8]
00468797 E8 ACBCF9FF call llkzs.00404448
0046879C 33C0 xor eax,eax
0046879E 55 push ebp
0046879F 68 2A884600 push llkzs.0046882A
004687A4 64:FF30 push dword ptr fs:[eax]
004687A7 64:8920 mov dword ptr fs:[eax],esp
004687AA 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004687AD E8 E6B7F9FF call llkzs.00403F98
004687B2 8B45 FC mov eax,dword ptr ss:[ebp-4]
004687B5 E8 9EBAF9FF call llkzs.00404258
004687BA 8BD8 mov ebx,eax
004687BC D1FB sar ebx,1
004687BE 79 03 jns short llkzs.004687C3
004687C0 83D3 00 adc ebx,0
004687C3 4B dec ebx
004687C4 85DB test ebx,ebx
004687C6 7C 3A jl short llkzs.00468802
004687C8 43 inc ebx
004687C9 33F6 xor esi,esi
004687CB 8D45 F0 lea eax,dword ptr ss:[ebp-10]
004687CE 50 push eax
004687CF 8BD6 mov edx,esi
004687D1 03D2 add edx,edx
004687D3 42 inc edx
004687D4 B9 02000000 mov ecx,2
004687D9 8B45 FC mov eax,dword ptr ss:[ebp-4]
004687DC E8 D7BCF9FF call llkzs.004044B8
004687E1 8B45 F0 mov eax,dword ptr ss:[ebp-10]
004687E4 E8 D3FEFFFF call llkzs.004686BC
004687E9 8BD0 mov edx,eax
004687EB 8D45 EC lea eax,dword ptr ss:[ebp-14]
004687EE E8 8DB9F9FF call llkzs.00404180
004687F3 8B55 EC mov edx,dword ptr ss:[ebp-14]
004687F6 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004687F9 E8 62BAF9FF call llkzs.00404260
004687FE 46 inc esi
004687FF 4B dec ebx
00468800 ^ 75 C9 jnz short llkzs.004687CB
00468802 8BCF mov ecx,edi
00468804 8B55 F8 mov edx,dword ptr ss:[ebp-8]
00468807 8B45 F4 mov eax,dword ptr ss:[ebp-C]
0046880A E8 19FDFFFF call llkzs.00468528
0046880F 33C0 xor eax,eax
00468811 5A pop edx
00468812 59 pop ecx
00468813 59 pop ecx
00468814 64:8910 mov dword ptr fs:[eax],edx
00468817 68 31884600 push llkzs.00468831
0046881C 8D45 EC lea eax,dword ptr ss:[ebp-14]
0046881F BA 05000000 mov edx,5
00468824 E8 93B7F9FF call llkzs.00403FBC
00468829 C3 retn
我跟了n遍就是没出真码不知道问题在哪,请高手指点怎样才能跟出真码并把方法和过程写出来谢谢。
[系统]xpsp2
[软件]连连看3.0助手
[工具]OD peid
[语言]Borland Delphi 6.0 - 7.0
用字符串参考是“错误的序列号”
查得的结果
00470176 E8 F985FFFF call llkzs.00468774(4)
0047017B 8D45 F4 lea eax,dword ptr ss:[ebp-C]
0047017E 50 push eax
0047017F 8D55 F0 lea edx,dword ptr ss:[ebp-10]
00470182 8B83 0C030000 mov eax,dword ptr ds:[ebx+30C]
00470188 E8 0F11FDFF call llkzs.0044129C//(3)
0047018D 8B45 F0 mov eax,dword ptr ss:[ebp-10]
00470190 B9 64000000 mov ecx,64
00470195 BA 03000000 mov edx,3
0047019A E8 1943F9FF call llkzs.004044B8//(2)
0047019F 8B55 F4 mov edx,dword ptr ss:[ebp-C]
004701A2 8B45 FC mov eax,dword ptr ss:[ebp-4]
004701A5 E8 FA41F9FF call llkzs.004043A4 //(1)我想是关键call
004701AA 75 31 jnz short llkzs.004701DD //关键跳(改这没有用没起到软件真正的效果)
004701AC B8 40024700 mov eax,llkzs.00470240 ; 感谢您的购买!
004701B1 E8 426DFFFF call llkzs.00466EF8
004701B6 68 58024700 push llkzs.00470258 ; main
004701BB 8D55 EC lea edx,dword ptr ss:[ebp-14]
004701BE 8B83 10030000 mov eax,dword ptr ds:[ebx+310]
004701C4 E8 D310FDFF call llkzs.0044129C
004701C9 8B55 EC mov edx,dword ptr ss:[ebp-14]
004701CC B9 68024700 mov ecx,llkzs.00470268 ; option.ini
004701D1 B8 7C024700 mov eax,llkzs.0047027C ; sn
004701D6 E8 FD59FFFF call llkzs.00465BD8
004701DB EB 1E jmp short llkzs.004701FB
004701DD 8D45 FC lea eax,dword ptr ss:[ebp-4]
004701E0 E8 B33DF9FF call llkzs.00403F98
004701E5 B8 64000000 mov eax,64
004701EA E8 5968FFFF call llkzs.00466A48
004701EF 33D2 xor edx,edx
004701F1 B8 88024700 mov eax,llkzs.00470288 ; 错误的序列号!
004701F6 E8 296CFFFF call llkzs.00466E24
004043A4 53 push ebx//第1call开始
004043A5 56 push esi
004043A6 57 push edi
004043A7 89C6 mov esi,eax
004043A9 89D7 mov edi,edx
004043AB 39D0 cmp eax,edx
004043AD 0F84 8F000000 je llkzs.00404442 //改这可以提示感谢您的购买!
004043B3 85F6 test esi,esi
004043B5 74 68 je short llkzs.0040441F
004043B7 85FF test edi,edi
004043B9 74 6B je short llkzs.00404426
004043BB 8B46 FC mov eax,dword ptr ds:[esi-4]
004043BE 8B57 FC mov edx,dword ptr ds:[edi-4]
004043C1 29D0 sub eax,edx
004043C3 77 02 ja short llkzs.004043C7
004043C5 01C2 add edx,eax
004043C7 52 push edx
004043C8 C1EA 02 shr edx,2
004043CB 74 26 je short llkzs.004043F3
004043CD 8B0E mov ecx,dword ptr ds:[esi]
004043CF 8B1F mov ebx,dword ptr ds:[edi]
004043D1 39D9 cmp ecx,ebx
004043D3 75 58 jnz short llkzs.0040442D
004043D5 4A dec edx
004043D6 74 15 je short llkzs.004043ED
004043D8 8B4E 04 mov ecx,dword ptr ds:[esi+4]
004043DB 8B5F 04 mov ebx,dword ptr ds:[edi+4]
004043DE 39D9 cmp ecx,ebx
004043E0 75 4B jnz short llkzs.0040442D
004043E2 83C6 08 add esi,8
004043E5 83C7 08 add edi,8
004043E8 4A dec edx
004043E9 ^ 75 E2 jnz short llkzs.004043CD
004043EB EB 06 jmp short llkzs.004043F3
004043ED 83C6 04 add esi,4
004043F0 83C7 04 add edi,4
004043F3 5A pop edx
004043F4 83E2 03 and edx,3
004043F7 74 22 je short llkzs.0040441B
004043F9 8B0E mov ecx,dword ptr ds:[esi]
004043FB 8B1F mov ebx,dword ptr ds:[edi]
004043FD 38D9 cmp cl,bl
004043FF 75 41 jnz short llkzs.00404442
00404401 4A dec edx
00404402 74 17 je short llkzs.0040441B
00404404 38FD cmp ch,bh
00404406 75 3A jnz short llkzs.00404442
00404408 4A dec edx
00404409 74 10 je short llkzs.0040441B
0040440B 81E3 0000FF00 and ebx,0FF0000
00404411 81E1 0000FF00 and ecx,0FF0000
00404417 39D9 cmp ecx,ebx
00404419 75 27 jnz short llkzs.00404442
0040441B 01C0 add eax,eax
0040441D EB 23 jmp short llkzs.00404442
0040441F 8B57 FC mov edx,dword ptr ds:[edi-4]
00404422 29D0 sub eax,edx
00404424 EB 1C jmp short llkzs.00404442
00404426 8B46 FC mov eax,dword ptr ds:[esi-4]
00404429 29D0 sub eax,edx
0040442B EB 15 jmp short llkzs.00404442
0040442D 5A pop edx
0040442E 38D9 cmp cl,bl
00404430 75 10 jnz short llkzs.00404442
00404432 38FD cmp ch,bh
00404434 75 0C jnz short llkzs.00404442
00404436 C1E9 10 shr ecx,10
00404439 C1EB 10 shr ebx,10
0040443C 38D9 cmp cl,bl
0040443E 75 02 jnz short llkzs.00404442
00404440 38FD cmp ch,bh
00404442 5F pop edi
00404443 5E pop esi
00404444 5B pop ebx
00404445 C3 retn
004044B8 53 push ebx //第2个call开始 这里跟出机器码
004044B9 85C0 test eax,eax
004044BB 74 2D je short llkzs.004044EA
004044BD 8B58 FC mov ebx,dword ptr ds:[eax-4]
004044C0 85DB test ebx,ebx
004044C2 74 26 je short llkzs.004044EA
004044C4 4A dec edx
004044C5 7C 1B jl short llkzs.004044E2
004044C7 39DA cmp edx,ebx
004044C9 7D 1F jge short llkzs.004044EA
004044CB 29D3 sub ebx,edx
004044CD 85C9 test ecx,ecx
004044CF 7C 19 jl short llkzs.004044EA
004044D1 39D9 cmp ecx,ebx
004044D3 7F 11 jg short llkzs.004044E6
004044D5 01C2 add edx,eax
004044D7 8B4424 08 mov eax,dword ptr ss:[esp+8]
004044DB E8 A8FBFFFF call llkzs.00404088
004044E0 EB 11 jmp short llkzs.004044F3
004044E2 31D2 xor edx,edx
004044E4 ^ EB E5 jmp short llkzs.004044CB
004044E6 89D9 mov ecx,ebx
004044E8 ^ EB EB jmp short llkzs.004044D5
004044EA 8B4424 08 mov eax,dword ptr ss:[esp+8]
004044EE E8 A5FAFFFF call llkzs.00403F98
004044F3 5B pop ebx
004044F4 C2 0400 retn 4
00468774 55 push ebp //第三个call开始
00468775 8BEC mov ebp,esp
00468777 6A 00 push 0
00468779 6A 00 push 0
0046877B 6A 00 push 0
0046877D 6A 00 push 0
0046877F 6A 00 push 0
00468781 53 push ebx
00468782 56 push esi
00468783 57 push edi
00468784 8BF9 mov edi,ecx
00468786 8955 F8 mov dword ptr ss:[ebp-8],edx
00468789 8945 FC mov dword ptr ss:[ebp-4],eax
0046878C 8B45 FC mov eax,dword ptr ss:[ebp-4] ; 出假码
0046878F E8 B4BCF9FF call llkzs.00404448
00468794 8B45 F8 mov eax,dword ptr ss:[ebp-8]
00468797 E8 ACBCF9FF call llkzs.00404448
0046879C 33C0 xor eax,eax
0046879E 55 push ebp
0046879F 68 2A884600 push llkzs.0046882A
004687A4 64:FF30 push dword ptr fs:[eax]
004687A7 64:8920 mov dword ptr fs:[eax],esp
004687AA 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004687AD E8 E6B7F9FF call llkzs.00403F98
004687B2 8B45 FC mov eax,dword ptr ss:[ebp-4]
004687B5 E8 9EBAF9FF call llkzs.00404258
004687BA 8BD8 mov ebx,eax
004687BC D1FB sar ebx,1
004687BE 79 03 jns short llkzs.004687C3
004687C0 83D3 00 adc ebx,0
004687C3 4B dec ebx
004687C4 85DB test ebx,ebx
004687C6 7C 3A jl short llkzs.00468802
004687C8 43 inc ebx
004687C9 33F6 xor esi,esi
004687CB 8D45 F0 lea eax,dword ptr ss:[ebp-10]
004687CE 50 push eax
004687CF 8BD6 mov edx,esi
004687D1 03D2 add edx,edx
004687D3 42 inc edx
004687D4 B9 02000000 mov ecx,2
004687D9 8B45 FC mov eax,dword ptr ss:[ebp-4]
004687DC E8 D7BCF9FF call llkzs.004044B8
004687E1 8B45 F0 mov eax,dword ptr ss:[ebp-10]
004687E4 E8 D3FEFFFF call llkzs.004686BC
004687E9 8BD0 mov edx,eax
004687EB 8D45 EC lea eax,dword ptr ss:[ebp-14]
004687EE E8 8DB9F9FF call llkzs.00404180
004687F3 8B55 EC mov edx,dword ptr ss:[ebp-14]
004687F6 8D45 F4 lea eax,dword ptr ss:[ebp-C]
004687F9 E8 62BAF9FF call llkzs.00404260
004687FE 46 inc esi
004687FF 4B dec ebx
00468800 ^ 75 C9 jnz short llkzs.004687CB
00468802 8BCF mov ecx,edi
00468804 8B55 F8 mov edx,dword ptr ss:[ebp-8]
00468807 8B45 F4 mov eax,dword ptr ss:[ebp-C]
0046880A E8 19FDFFFF call llkzs.00468528
0046880F 33C0 xor eax,eax
00468811 5A pop edx
00468812 59 pop ecx
00468813 59 pop ecx
00468814 64:8910 mov dword ptr fs:[eax],edx
00468817 68 31884600 push llkzs.00468831
0046881C 8D45 EC lea eax,dword ptr ss:[ebp-14]
0046881F BA 05000000 mov edx,5
00468824 E8 93B7F9FF call llkzs.00403FBC
00468829 C3 retn
我跟了n遍就是没出真码不知道问题在哪,请高手指点怎样才能跟出真码并把方法和过程写出来谢谢。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
|
|
|---|---|
|
|
他的文章
- [求助]一道我完成不了的作业 2607
- [求助]这是不是加了花指令 3289
- [求助]怎样找dll壳的重定 3273
- [分享]注册码破解黑客超级密码生成字典II 4091
- [讨论]以壳脱壳和带发修行的最嘉位置 2587
赞赏
雪币:
留言:
