-
-
[旧帖] [求助]破解ACUTEFINDER 0.00雪花
-
发表于: 2009-5-8 10:43 4248
-
AcuteFinder V3.0.2.1 汉化版
下载地址:http://soft.kuaiche.com/software/system/2009-03/161997.shtml
解压缩以后exe用peid查看,加了压缩壳
用esp定律,dump出新的exe文件。再用peid查看,为Delphi语言,用DeDe查看,找到输入注册码的窗口,并且找到“应用”按钮的处理地址007B0C04。用od载入,g 007B0C04,再按一次F9,在登录窗口中点“输入注册码”按钮,输入“用户名”和“注册码”按“应用”按钮,断下来到按钮事件过程。后面找到一个判断过程,但是不知道是怎么判断的,请各位大牛指教。
007B0D02 A1 7CB97F00 MOV EAX,DWORD PTR DS:[7FB97C] ; EAX=DS:[007EB97C]
007B0D07 8B00 MOV EAX,DWORD PTR DS:[EAX] ; EAX=DS:[0080DE58]
007B0D09 E8 D2F00000 CALL ACUTEFIN.007BFDE0 ; 这里是check_user()判断点需跟进
007BFDE0 /$ 55 PUSH EBP
007BFDE1 |. 8BEC MOV EBP,ESP ; 保护现场环境
007BFDE3 |. 81C4 E4FDFFFF ADD ESP,-21C ; esp往后21C,ebp可靠
007BFDE9 |. 53 PUSH EBX
007BFDEA |. 56 PUSH ESI
007BFDEB |. 57 PUSH EDI
007BFDEC |. 33D2 XOR EDX,EDX ; EDX=0
007BFDEE |. 8995 E4FDFFFF MOV DWORD PTR SS:[EBP-21C],EDX ; [0013E3F0]=0,第7个变量i7
007BFDF4 |. 8955 F0 MOV DWORD PTR SS:[EBP-10],EDX ; [0013E608]=0,第四个变量i4
007BFDF7 |. 8995 ECFEFFFF MOV DWORD PTR SS:[EBP-114],EDX ; [0013E504]=0,第5个变量i5
007BFDFD |. 8995 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EDX ; [0013E500]=0,第6个变量i6
007BFE03 |. 8955 F4 MOV DWORD PTR SS:[EBP-C],EDX ; [0013E60C]=0,第三个变量i3
007BFE06 |. 8955 F8 MOV DWORD PTR SS:[EBP-8],EDX ; [0013E610]=0,第二个变量i2
007BFE09 |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX ; [0013E614]=0,第一个变量i1
007BFE0C |. 8BF0 MOV ESI,EAX ; ESI=01320030
007BFE0E |. 33C0 XOR EAX,EAX ; EAX=0
007BFE10 |. 55 PUSH EBP
007BFE11 |. 68 09007C00 PUSH ACUTEFIN.007C0009 ; TRY 语句
007BFE16 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
007BFE19 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP ; FS:[00000000]=[7FFDF000]=ESP,附加段
007BFE1C |. 8B9E AC030000 MOV EBX,DWORD PTR DS:[ESI+3AC] ; EBX=DS:[013203DC]=01404170
007BFE22 |. 8BC3 MOV EAX,EBX
007BFE24 |. E8 B32BEAFF CALL ACUTEFIN.006629DC ; EAX=0013E22C,ECX=0,EDX=03F46BE8"SOFTWARE\HUGMOT\ACUTEFINDER"
007BFE29 |. 6A 00 PUSH 0
007BFE2B |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
007BFE2E |. 50 PUSH EAX
007BFE2F |. B9 20007C00 MOV ECX,ACUTEFIN.007C0020 ; ASCII "License.Text"
007BFE34 |. BA 38007C00 MOV EDX,ACUTEFIN.007C0038 ; ASCII "Registration"
007BFE39 |. 8BC3 MOV EAX,EBX
007BFE3B |. 8B38 MOV EDI,DWORD PTR DS:[EAX]
007BFE3D |. FF57 38 CALL DWORD PTR DS:[EDI+38] ; 00664338
007BFE40 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
007BFE43 |. B8 A0DE8000 MOV EAX,ACUTEFIN.0080DEA0 ; ASCII 09,"123456789"
007BFE48 |. B9 FF000000 MOV ECX,0FF
007BFE4D |. E8 7662C4FF CALL ACUTEFIN.004060C8 ; 这里应该是取注册表中的注册码与输入的比较,不等就改变
007BFE52 |. 6A 00 PUSH 0
007BFE54 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
007BFE57 |. 50 PUSH EAX
007BFE58 |. B9 50007C00 MOV ECX,ACUTEFIN.007C0050 ; ASCII "Username.Text"
007BFE5D |. BA 38007C00 MOV EDX,ACUTEFIN.007C0038 ; ASCII "Registration"
007BFE62 |. 8BC3 MOV EAX,EBX
007BFE64 |. 8B38 MOV EDI,DWORD PTR DS:[EAX]
007BFE66 |. FF57 38 CALL DWORD PTR DS:[EDI+38]
007BFE69 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
007BFE6C |. B8 A0DF8000 MOV EAX,ACUTEFIN.0080DFA0 ; ASCII 05,"abcde"
007BFE71 |. B9 FF000000 MOV ECX,0FF
007BFE76 |. E8 4D62C4FF CALL ACUTEFIN.004060C8 ; 这里应该是取注册表中的用户名与输入的比较,不等就改变
007BFE7B |. 8BC3 MOV EAX,EBX
007BFE7D |. E8 6A2BEAFF CALL ACUTEFIN.006629EC ; 往注册表中写入username和license
007BFE82 |. 8D85 F0FEFFFF LEA EAX,DWORD PTR SS:[EBP-110]
007BFE88 |. 50 PUSH EAX ; 这个是参数么?
007BFE89 |. B9 63000000 MOV ECX,63 ; 参数63和7
007BFE8E |. BA 07000000 MOV EDX,7
007BFE93 |. B8 A0DE8000 MOV EAX,ACUTEFIN.0080DEA0 ; ASCII 09,"123456789"
007BFE98 |. E8 6B31C4FF CALL ACUTEFIN.00403008 ; EAX=00000003,ECX=0
007BFE9D |. 8D95 F0FEFFFF LEA EDX,DWORD PTR SS:[EBP-110] ; 参数EDX指向字符串
007BFEA3 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
007BFEA6 |. E8 C961C4FF CALL ACUTEFIN.00406074 ; 计算ECX=FFFF3837,EDX=0
007BFEAB |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
007BFEAE |. 50 PUSH EAX
007BFEAF |. 8D85 ECFEFFFF LEA EAX,DWORD PTR SS:[EBP-114]
007BFEB5 |. BA A0DF8000 MOV EDX,ACUTEFIN.0080DFA0 ; ASCII 05,"abcde"
007BFEBA |. E8 B561C4FF CALL ACUTEFIN.00406074 ; 计算ECX=66687A6C,EDX=0
007BFEBF |. 8D85 ECFEFFFF LEA EAX,DWORD PTR SS:[EBP-114]
007BFEC5 |. 50 PUSH EAX
007BFEC6 |. 8D85 E8FDFFFF LEA EAX,DWORD PTR SS:[EBP-218]
007BFECC |. 50 PUSH EAX
007BFECD |. B9 06000000 MOV ECX,6 ; 参数6和1
007BFED2 |. BA 01000000 MOV EDX,1
007BFED7 |. B8 A0DE8000 MOV EAX,ACUTEFIN.0080DEA0 ; ASCII 09,"123456789"
007BFEDC |. E8 2731C4FF CALL ACUTEFIN.00403008 ; EAX=00000009,ECX=0
007BFEE1 |. 8D95 E8FDFFFF LEA EDX,DWORD PTR SS:[EBP-218]
007BFEE7 |. 8D85 E8FEFFFF LEA EAX,DWORD PTR SS:[EBP-118]
007BFEED |. E8 8261C4FF CALL ACUTEFIN.00406074 ; 计算,ECX=34333231,EDX=0
007BFEF2 |. 8B95 E8FEFFFF MOV EDX,DWORD PTR SS:[EBP-118]
007BFEF8 |. 58 POP EAX
007BFEF9 |. E8 FA61C4FF CALL ACUTEFIN.004060F8
007BFEFE |. 8B85 ECFEFFFF MOV EAX,DWORD PTR SS:[EBP-114]
007BFF04 |. 5A POP EDX
007BFF05 |. E8 1EFDFFFF CALL ACUTEFIN.007BFC28 ; EAX=0,ECX=1,EDX=03F677D8
007BFF0A |. 84C0 TEST AL,AL
007BFF0C |. 74 09 JE SHORT ACUTEFIN.007BFF17
007BFF0E |. C605 58A87F00>MOV BYTE PTR DS:[7FA858],0
007BFF15 |. EB 07 JMP SHORT ACUTEFIN.007BFF1E
007BFF17 |> C605 58A87F00>MOV BYTE PTR DS:[7FA858],1
007BFF1E |> C605 64A87F00>MOV BYTE PTR DS:[7FA864],0
007BFF25 |. 8D85 F0FEFFFF LEA EAX,DWORD PTR SS:[EBP-110]
007BFF2B |. 50 PUSH EAX
007BFF2C |. B9 06000000 MOV ECX,6
007BFF31 |. BA 01000000 MOV EDX,1
007BFF36 |. B8 A0DE8000 MOV EAX,ACUTEFIN.0080DEA0 ; ASCII 09,"123456789"
007BFF3B |. E8 C830C4FF CALL ACUTEFIN.00403008 ; EAX=00000009,ECX=0
007BFF40 |. 8D95 F0FEFFFF LEA EDX,DWORD PTR SS:[EBP-110]
007BFF46 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
007BFF49 |. E8 2661C4FF CALL ACUTEFIN.00406074 ; 计算ECX=34333231,EDX=0
007BFF4E 803D 58A87F00>CMP BYTE PTR DS:[7FA858],0
007BFF55 |. 75 36 JNZ SHORT ACUTEFIN.007BFF8D
007BFF57 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
007BFF5A |. BA 68007C00 MOV EDX,ACUTEFIN.007C0068 ; ASCII "080401"
007BFF5F |. E8 D862C4FF CALL ACUTEFIN.0040623C
007BFF64 |. 73 27 JNB SHORT ACUTEFIN.007BFF8D
007BFF66 |. A1 10A97F00 MOV EAX,DWORD PTR DS:[7FA910]
007BFF6B |. E8 E478FFFF CALL ACUTEFIN.007B7854
007BFF70 |. 83F8 06 CMP EAX,6
007BFF73 |. 75 0A JNZ SHORT ACUTEFIN.007BFF7F
007BFF75 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
007BFF78 |. 8BC6 MOV EAX,ESI
007BFF7A |. E8 518F0000 CALL ACUTEFIN.007C8ED0 ; order_upgrade
007BFF7F |> C605 64A87F00>MOV BYTE PTR DS:[7FA864],1
007BFF86 |. C605 58A87F00>MOV BYTE PTR DS:[7FA858],1
007BFF8D |> 0FB605 58A87F>MOVZX EAX,BYTE PTR DS:[7FA858]
007BFF94 |. 34 01 XOR AL,1
007BFF96 |. A2 60A87F00 MOV BYTE PTR DS:[7FA860],AL
007BFF9B |. 803D 60A87F00>CMP BYTE PTR DS:[7FA860],0
007BFFA2 74 24 JE SHORT ACUTEFIN.007BFFC8 ; 判断点,是否试用期
007BFFA4 |. 8D85 E4FDFFFF LEA EAX,DWORD PTR SS:[EBP-21C]
007BFFAA |. BA A0DF8000 MOV EDX,ACUTEFIN.0080DFA0 ; ASCII 05,"abcde"
007BFFAF |. E8 C060C4FF CALL ACUTEFIN.00406074
007BFFB4 |. 8B95 E4FDFFFF MOV EDX,DWORD PTR SS:[EBP-21C]
007BFFBA |. B8 78007C00 MOV EAX,ACUTEFIN.007C0078 ; ASCII "(trial-key)"
007BFFBF |. E8 7064C4FF CALL ACUTEFIN.00406434
007BFFC4 |. 85C0 TEST EAX,EAX
007BFFC6 7F 04 JG SHORT ACUTEFIN.007BFFCC
007BFFC8 |> 33C0 XOR EAX,EAX
007BFFCA |. EB 02 JMP SHORT ACUTEFIN.007BFFCE
007BFFCC |> B0 01 MOV AL,1
007BFFCE |> A2 5CA87F00 MOV BYTE PTR DS:[7FA85C],AL
007BFFD3 |. 33C0 XOR EAX,EAX
007BFFD5 |. 5A POP EDX
007BFFD6 |. 59 POP ECX
007BFFD7 |. 59 POP ECX
007BFFD8 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
007BFFDB |. 68 10007C00 PUSH ACUTEFIN.007C0010 ; finally
007BFFE0 |> 8D85 E4FDFFFF LEA EAX,DWORD PTR SS:[EBP-21C]
007BFFE6 |. E8 155EC4FF CALL ACUTEFIN.00405E00
007BFFEB |. 8D85 E8FEFFFF LEA EAX,DWORD PTR SS:[EBP-118]
007BFFF1 |. BA 02000000 MOV EDX,2
007BFFF6 |. E8 295EC4FF CALL ACUTEFIN.00405E24
007BFFFB |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
007BFFFE |. BA 04000000 MOV EDX,4
007C0003 |. E8 1C5EC4FF CALL ACUTEFIN.00405E24
007C0008 \. C3 RETN
007C0009 .- E9 8255C4FF JMP ACUTEFIN.00405590
007C000E .^ EB D0 JMP SHORT ACUTEFIN.007BFFE0
007C0010 . 5F POP EDI ; end
007C0011 . 5E POP ESI
007C0012 . 5B POP EBX
007C0013 . 8BE5 MOV ESP,EBP
007C0015 . 5D POP EBP
007C0016 . C3 RETN
下载地址:http://soft.kuaiche.com/software/system/2009-03/161997.shtml
解压缩以后exe用peid查看,加了压缩壳
用esp定律,dump出新的exe文件。再用peid查看,为Delphi语言,用DeDe查看,找到输入注册码的窗口,并且找到“应用”按钮的处理地址007B0C04。用od载入,g 007B0C04,再按一次F9,在登录窗口中点“输入注册码”按钮,输入“用户名”和“注册码”按“应用”按钮,断下来到按钮事件过程。后面找到一个判断过程,但是不知道是怎么判断的,请各位大牛指教。
007B0D02 A1 7CB97F00 MOV EAX,DWORD PTR DS:[7FB97C] ; EAX=DS:[007EB97C]
007B0D07 8B00 MOV EAX,DWORD PTR DS:[EAX] ; EAX=DS:[0080DE58]
007B0D09 E8 D2F00000 CALL ACUTEFIN.007BFDE0 ; 这里是check_user()判断点需跟进
007BFDE0 /$ 55 PUSH EBP
007BFDE1 |. 8BEC MOV EBP,ESP ; 保护现场环境
007BFDE3 |. 81C4 E4FDFFFF ADD ESP,-21C ; esp往后21C,ebp可靠
007BFDE9 |. 53 PUSH EBX
007BFDEA |. 56 PUSH ESI
007BFDEB |. 57 PUSH EDI
007BFDEC |. 33D2 XOR EDX,EDX ; EDX=0
007BFDEE |. 8995 E4FDFFFF MOV DWORD PTR SS:[EBP-21C],EDX ; [0013E3F0]=0,第7个变量i7
007BFDF4 |. 8955 F0 MOV DWORD PTR SS:[EBP-10],EDX ; [0013E608]=0,第四个变量i4
007BFDF7 |. 8995 ECFEFFFF MOV DWORD PTR SS:[EBP-114],EDX ; [0013E504]=0,第5个变量i5
007BFDFD |. 8995 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EDX ; [0013E500]=0,第6个变量i6
007BFE03 |. 8955 F4 MOV DWORD PTR SS:[EBP-C],EDX ; [0013E60C]=0,第三个变量i3
007BFE06 |. 8955 F8 MOV DWORD PTR SS:[EBP-8],EDX ; [0013E610]=0,第二个变量i2
007BFE09 |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX ; [0013E614]=0,第一个变量i1
007BFE0C |. 8BF0 MOV ESI,EAX ; ESI=01320030
007BFE0E |. 33C0 XOR EAX,EAX ; EAX=0
007BFE10 |. 55 PUSH EBP
007BFE11 |. 68 09007C00 PUSH ACUTEFIN.007C0009 ; TRY 语句
007BFE16 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
007BFE19 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP ; FS:[00000000]=[7FFDF000]=ESP,附加段
007BFE1C |. 8B9E AC030000 MOV EBX,DWORD PTR DS:[ESI+3AC] ; EBX=DS:[013203DC]=01404170
007BFE22 |. 8BC3 MOV EAX,EBX
007BFE24 |. E8 B32BEAFF CALL ACUTEFIN.006629DC ; EAX=0013E22C,ECX=0,EDX=03F46BE8"SOFTWARE\HUGMOT\ACUTEFINDER"
007BFE29 |. 6A 00 PUSH 0
007BFE2B |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
007BFE2E |. 50 PUSH EAX
007BFE2F |. B9 20007C00 MOV ECX,ACUTEFIN.007C0020 ; ASCII "License.Text"
007BFE34 |. BA 38007C00 MOV EDX,ACUTEFIN.007C0038 ; ASCII "Registration"
007BFE39 |. 8BC3 MOV EAX,EBX
007BFE3B |. 8B38 MOV EDI,DWORD PTR DS:[EAX]
007BFE3D |. FF57 38 CALL DWORD PTR DS:[EDI+38] ; 00664338
007BFE40 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
007BFE43 |. B8 A0DE8000 MOV EAX,ACUTEFIN.0080DEA0 ; ASCII 09,"123456789"
007BFE48 |. B9 FF000000 MOV ECX,0FF
007BFE4D |. E8 7662C4FF CALL ACUTEFIN.004060C8 ; 这里应该是取注册表中的注册码与输入的比较,不等就改变
007BFE52 |. 6A 00 PUSH 0
007BFE54 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
007BFE57 |. 50 PUSH EAX
007BFE58 |. B9 50007C00 MOV ECX,ACUTEFIN.007C0050 ; ASCII "Username.Text"
007BFE5D |. BA 38007C00 MOV EDX,ACUTEFIN.007C0038 ; ASCII "Registration"
007BFE62 |. 8BC3 MOV EAX,EBX
007BFE64 |. 8B38 MOV EDI,DWORD PTR DS:[EAX]
007BFE66 |. FF57 38 CALL DWORD PTR DS:[EDI+38]
007BFE69 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
007BFE6C |. B8 A0DF8000 MOV EAX,ACUTEFIN.0080DFA0 ; ASCII 05,"abcde"
007BFE71 |. B9 FF000000 MOV ECX,0FF
007BFE76 |. E8 4D62C4FF CALL ACUTEFIN.004060C8 ; 这里应该是取注册表中的用户名与输入的比较,不等就改变
007BFE7B |. 8BC3 MOV EAX,EBX
007BFE7D |. E8 6A2BEAFF CALL ACUTEFIN.006629EC ; 往注册表中写入username和license
007BFE82 |. 8D85 F0FEFFFF LEA EAX,DWORD PTR SS:[EBP-110]
007BFE88 |. 50 PUSH EAX ; 这个是参数么?
007BFE89 |. B9 63000000 MOV ECX,63 ; 参数63和7
007BFE8E |. BA 07000000 MOV EDX,7
007BFE93 |. B8 A0DE8000 MOV EAX,ACUTEFIN.0080DEA0 ; ASCII 09,"123456789"
007BFE98 |. E8 6B31C4FF CALL ACUTEFIN.00403008 ; EAX=00000003,ECX=0
007BFE9D |. 8D95 F0FEFFFF LEA EDX,DWORD PTR SS:[EBP-110] ; 参数EDX指向字符串
007BFEA3 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
007BFEA6 |. E8 C961C4FF CALL ACUTEFIN.00406074 ; 计算ECX=FFFF3837,EDX=0
007BFEAB |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
007BFEAE |. 50 PUSH EAX
007BFEAF |. 8D85 ECFEFFFF LEA EAX,DWORD PTR SS:[EBP-114]
007BFEB5 |. BA A0DF8000 MOV EDX,ACUTEFIN.0080DFA0 ; ASCII 05,"abcde"
007BFEBA |. E8 B561C4FF CALL ACUTEFIN.00406074 ; 计算ECX=66687A6C,EDX=0
007BFEBF |. 8D85 ECFEFFFF LEA EAX,DWORD PTR SS:[EBP-114]
007BFEC5 |. 50 PUSH EAX
007BFEC6 |. 8D85 E8FDFFFF LEA EAX,DWORD PTR SS:[EBP-218]
007BFECC |. 50 PUSH EAX
007BFECD |. B9 06000000 MOV ECX,6 ; 参数6和1
007BFED2 |. BA 01000000 MOV EDX,1
007BFED7 |. B8 A0DE8000 MOV EAX,ACUTEFIN.0080DEA0 ; ASCII 09,"123456789"
007BFEDC |. E8 2731C4FF CALL ACUTEFIN.00403008 ; EAX=00000009,ECX=0
007BFEE1 |. 8D95 E8FDFFFF LEA EDX,DWORD PTR SS:[EBP-218]
007BFEE7 |. 8D85 E8FEFFFF LEA EAX,DWORD PTR SS:[EBP-118]
007BFEED |. E8 8261C4FF CALL ACUTEFIN.00406074 ; 计算,ECX=34333231,EDX=0
007BFEF2 |. 8B95 E8FEFFFF MOV EDX,DWORD PTR SS:[EBP-118]
007BFEF8 |. 58 POP EAX
007BFEF9 |. E8 FA61C4FF CALL ACUTEFIN.004060F8
007BFEFE |. 8B85 ECFEFFFF MOV EAX,DWORD PTR SS:[EBP-114]
007BFF04 |. 5A POP EDX
007BFF05 |. E8 1EFDFFFF CALL ACUTEFIN.007BFC28 ; EAX=0,ECX=1,EDX=03F677D8
007BFF0A |. 84C0 TEST AL,AL
007BFF0C |. 74 09 JE SHORT ACUTEFIN.007BFF17
007BFF0E |. C605 58A87F00>MOV BYTE PTR DS:[7FA858],0
007BFF15 |. EB 07 JMP SHORT ACUTEFIN.007BFF1E
007BFF17 |> C605 58A87F00>MOV BYTE PTR DS:[7FA858],1
007BFF1E |> C605 64A87F00>MOV BYTE PTR DS:[7FA864],0
007BFF25 |. 8D85 F0FEFFFF LEA EAX,DWORD PTR SS:[EBP-110]
007BFF2B |. 50 PUSH EAX
007BFF2C |. B9 06000000 MOV ECX,6
007BFF31 |. BA 01000000 MOV EDX,1
007BFF36 |. B8 A0DE8000 MOV EAX,ACUTEFIN.0080DEA0 ; ASCII 09,"123456789"
007BFF3B |. E8 C830C4FF CALL ACUTEFIN.00403008 ; EAX=00000009,ECX=0
007BFF40 |. 8D95 F0FEFFFF LEA EDX,DWORD PTR SS:[EBP-110]
007BFF46 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
007BFF49 |. E8 2661C4FF CALL ACUTEFIN.00406074 ; 计算ECX=34333231,EDX=0
007BFF4E 803D 58A87F00>CMP BYTE PTR DS:[7FA858],0
007BFF55 |. 75 36 JNZ SHORT ACUTEFIN.007BFF8D
007BFF57 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
007BFF5A |. BA 68007C00 MOV EDX,ACUTEFIN.007C0068 ; ASCII "080401"
007BFF5F |. E8 D862C4FF CALL ACUTEFIN.0040623C
007BFF64 |. 73 27 JNB SHORT ACUTEFIN.007BFF8D
007BFF66 |. A1 10A97F00 MOV EAX,DWORD PTR DS:[7FA910]
007BFF6B |. E8 E478FFFF CALL ACUTEFIN.007B7854
007BFF70 |. 83F8 06 CMP EAX,6
007BFF73 |. 75 0A JNZ SHORT ACUTEFIN.007BFF7F
007BFF75 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
007BFF78 |. 8BC6 MOV EAX,ESI
007BFF7A |. E8 518F0000 CALL ACUTEFIN.007C8ED0 ; order_upgrade
007BFF7F |> C605 64A87F00>MOV BYTE PTR DS:[7FA864],1
007BFF86 |. C605 58A87F00>MOV BYTE PTR DS:[7FA858],1
007BFF8D |> 0FB605 58A87F>MOVZX EAX,BYTE PTR DS:[7FA858]
007BFF94 |. 34 01 XOR AL,1
007BFF96 |. A2 60A87F00 MOV BYTE PTR DS:[7FA860],AL
007BFF9B |. 803D 60A87F00>CMP BYTE PTR DS:[7FA860],0
007BFFA2 74 24 JE SHORT ACUTEFIN.007BFFC8 ; 判断点,是否试用期
007BFFA4 |. 8D85 E4FDFFFF LEA EAX,DWORD PTR SS:[EBP-21C]
007BFFAA |. BA A0DF8000 MOV EDX,ACUTEFIN.0080DFA0 ; ASCII 05,"abcde"
007BFFAF |. E8 C060C4FF CALL ACUTEFIN.00406074
007BFFB4 |. 8B95 E4FDFFFF MOV EDX,DWORD PTR SS:[EBP-21C]
007BFFBA |. B8 78007C00 MOV EAX,ACUTEFIN.007C0078 ; ASCII "(trial-key)"
007BFFBF |. E8 7064C4FF CALL ACUTEFIN.00406434
007BFFC4 |. 85C0 TEST EAX,EAX
007BFFC6 7F 04 JG SHORT ACUTEFIN.007BFFCC
007BFFC8 |> 33C0 XOR EAX,EAX
007BFFCA |. EB 02 JMP SHORT ACUTEFIN.007BFFCE
007BFFCC |> B0 01 MOV AL,1
007BFFCE |> A2 5CA87F00 MOV BYTE PTR DS:[7FA85C],AL
007BFFD3 |. 33C0 XOR EAX,EAX
007BFFD5 |. 5A POP EDX
007BFFD6 |. 59 POP ECX
007BFFD7 |. 59 POP ECX
007BFFD8 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
007BFFDB |. 68 10007C00 PUSH ACUTEFIN.007C0010 ; finally
007BFFE0 |> 8D85 E4FDFFFF LEA EAX,DWORD PTR SS:[EBP-21C]
007BFFE6 |. E8 155EC4FF CALL ACUTEFIN.00405E00
007BFFEB |. 8D85 E8FEFFFF LEA EAX,DWORD PTR SS:[EBP-118]
007BFFF1 |. BA 02000000 MOV EDX,2
007BFFF6 |. E8 295EC4FF CALL ACUTEFIN.00405E24
007BFFFB |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
007BFFFE |. BA 04000000 MOV EDX,4
007C0003 |. E8 1C5EC4FF CALL ACUTEFIN.00405E24
007C0008 \. C3 RETN
007C0009 .- E9 8255C4FF JMP ACUTEFIN.00405590
007C000E .^ EB D0 JMP SHORT ACUTEFIN.007BFFE0
007C0010 . 5F POP EDI ; end
007C0011 . 5E POP ESI
007C0012 . 5B POP EBX
007C0013 . 8BE5 MOV ESP,EBP
007C0015 . 5D POP EBP
007C0016 . C3 RETN
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
赞赏
他的文章
- [求助]破解ACUTEFINDER 4249
- [求助]VC中装完assist后程序不能显示中文? 3837
- [求助]汇编请教 4121
- [讨论]把16进制值转化为2进制并输出 2863
- [求助]汇编请教 6544
看原图
赞赏
雪币:
留言: