能力值:
( LV9,RANK:250 )
|
-
-
2 楼
没有加壳,vb程序,不弹窗错误?什么意思?程序运行不弹窗错误?
|
能力值:
( LV9,RANK:250 )
|
-
-
3 楼
 1234567
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
你们尝试把它,用OD载入,当载入完成后就看看下面(提示错误)。。。而且用OD载入后按F9运行不了
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
对。OD载入后我企图用F12暂停法..
结果一按F9就退出..
这种软件解决的办法不知道谁可以告诉我下..
不过这个软件没有隐藏字符串..
用静态调试可以``
00402DE9 . /0F84 5A010000 JE BPE_CME1.00402F49
00402DEF . |FFD7 CALL EDI ; <&MSVBVM50.__vbaVarDup>
00402DF1 . |8D55 94 LEA EDX,DWORD PTR SS:[EBP-6C]
00402DF4 . |8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
00402DF7 . |C745 9C D4224>MOV DWORD PTR SS:[EBP-64],BPE_CME1.00402>; Registration Successful
00402DFE . |C745 94 08000>MOV DWORD PTR SS:[EBP-6C],8
00402E05 . |FFD7 CALL EDI
00402E07 . |8D45 A4 LEA EAX,DWORD PTR SS:[EBP-5C]
00402E0A . |8D4D B4 LEA ECX,DWORD PTR SS:[EBP-4C]
00402E0D . |50 PUSH EAX
00402E0E . |8D55 C4 LEA EDX,DWORD PTR SS:[EBP-3C]
00402E11 . |51 PUSH ECX
00402E12 . |52 PUSH EDX
00402E13 . |8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
00402E16 . |6A 30 PUSH 30
00402E18 . |50 PUSH EAX
00402E19 . |FF15 40614000 CALL DWORD PTR DS:[<&MSVBVM50.#595>] ; MSVBVM50.rtcMsgBox
00402E1F . |8D4D A4 LEA ECX,DWORD PTR SS:[EBP-5C]
00402E22 . |8D55 B4 LEA EDX,DWORD PTR SS:[EBP-4C]
00402E25 . |51 PUSH ECX
00402E26 . |8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
00402E29 . |52 PUSH EDX
00402E2A . |8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
00402E2D . |50 PUSH EAX
00402E2E . |51 PUSH ECX
00402E2F . |6A 04 PUSH 4
00402E31 . |FF15 1C614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>; MSVBVM50.__vbaFreeVarList
00402E37 . |83C4 14 ADD ESP,14
00402E3A . |8D7E 44 LEA EDI,DWORD PTR DS:[ESI+44]
00402E3D . |68 40224000 PUSH BPE_CME1.00402240 ; c:\windows\MTR.dat
00402E42 . |57 PUSH EDI
00402E43 . |FF15 90614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaI2Var>; MSVBVM50.__vbaI2Var
00402E49 . |50 PUSH EAX
00402E4A . |6A FF PUSH -1
00402E4C . |6A 20 PUSH 20
00402E4E . |FF15 98614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFileO>; MSVBVM50.__vbaFileOpen
00402E54 . |BA 6C224000 MOV EDX,BPE_CME1.0040226C ; trv2156j0e
00402E59 . |8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
00402E5C . |FF15 AC614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrCo>; MSVBVM50.__vbaStrCopy
00402E62 . |57 PUSH EDI
00402E63 . |FF15 90614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaI2Var>; MSVBVM50.__vbaI2Var
00402E69 . |50 PUSH EAX
00402E6A . |8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
00402E6D . |6A 2D PUSH 2D
00402E6F . |52 PUSH EDX
00402E70 . |6A 00 PUSH 0
00402E72 . |FF15 24614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaPut4>>; MSVBVM50.__vbaPut4
00402E78 . |8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
00402E7B . |FF15 DC614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
00402E81 . |57 PUSH EDI
00402E82 . |FF15 90614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaI2Var>; MSVBVM50.__vbaI2Var
00402E88 . |50 PUSH EAX
00402E89 . |FF15 60614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFileC>; MSVBVM50.__vbaFileClose
00402E8F . |56 PUSH ESI
00402E90 . |FF93 0C030000 CALL DWORD PTR DS:[EBX+30C]
00402E96 . |50 PUSH EAX
00402E97 . |8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
00402E9A . |50 PUSH EAX
00402E9B . |FF15 3C614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00402EA1 . |8BF8 MOV EDI,EAX
00402EA3 . |68 88224000 PUSH BPE_CME1.00402288 ; REGISTERED
00402EA8 . |57 PUSH EDI
00402EA9 . |8B0F MOV ECX,DWORD PTR DS:[EDI]
00402EAB . |FF51 54 CALL DWORD PTR DS:[ECX+54]
00402EAE . |85C0 TEST EAX,EAX
00402EB0 . |7D 0F JGE SHORT BPE_CME1.00402EC1
00402EB2 . |6A 54 PUSH 54
00402EB4 . |68 A0224000 PUSH BPE_CME1.004022A0
00402EB9 . |57 PUSH EDI
00402EBA . |50 PUSH EAX
00402EBB . |FF15 34614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00402EC1 > |8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
00402EC4 . |FF15 E0614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00402ECA . |56 PUSH ESI
00402ECB . |FF93 04030000 CALL DWORD PTR DS:[EBX+304]
00402ED1 . |8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
00402ED4 . |50 PUSH EAX
00402ED5 . |52 PUSH EDX
00402ED6 . |FF15 3C614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00402EDC . |8BF8 MOV EDI,EAX
00402EDE . |6A 00 PUSH 0
00402EE0 . |57 PUSH EDI
00402EE1 . |8B07 MOV EAX,DWORD PTR DS:[EDI]
00402EE3 . |FF90 8C000000 CALL DWORD PTR DS:[EAX+8C]
00402EE9 . |85C0 TEST EAX,EAX
00402EEB . |7D 12 JGE SHORT BPE_CME1.00402EFF
00402EED . |68 8C000000 PUSH 8C
00402EF2 . |68 B0224000 PUSH BPE_CME1.004022B0
00402EF7 . |57 PUSH EDI
00402EF8 . |50 PUSH EAX
00402EF9 . |FF15 34614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00402EFF > |8B3D E0614000 MOV EDI,DWORD PTR DS:[<&MSVBVM50.__vbaFr>; MSVBVM50.__vbaFreeObj
00402F05 . |8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
00402F08 . |FFD7 CALL EDI ; <&MSVBVM50.__vbaFreeObj>
00402F0A . |56 PUSH ESI
00402F0B . |FF93 08030000 CALL DWORD PTR DS:[EBX+308]
00402F11 . |8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
00402F14 . |50 PUSH EAX
00402F15 . |51 PUSH ECX
00402F16 . |FF15 3C614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00402F1C . |8BF0 MOV ESI,EAX
00402F1E . |6A 00 PUSH 0
00402F20 . |56 PUSH ESI
00402F21 . |8B16 MOV EDX,DWORD PTR DS:[ESI]
00402F23 . |FF92 8C000000 CALL DWORD PTR DS:[EDX+8C]
00402F29 . |85C0 TEST EAX,EAX
00402F2B . |7D 12 JGE SHORT BPE_CME1.00402F3F
00402F2D . |68 8C000000 PUSH 8C
00402F32 . |68 C0224000 PUSH BPE_CME1.004022C0
00402F37 . |56 PUSH ESI
00402F38 . |50 PUSH EAX
00402F39 . |FF15 34614000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00402F3F > |8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
00402F42 . |FFD7 CALL EDI
00402F44 . |E9 8C000000 JMP BPE_CME1.00402FD5
00402F49 > \FFD7 CALL EDI
00402F4B . 8D55 94 LEA EDX,DWORD PTR SS:[EBP-6C]
00402F4E . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
00402F51 . C745 9C 28234>MOV DWORD PTR SS:[EBP-64],BPE_CME1.00402>; Wrong Code! Try Again
在这上面有一个JE跳过了注册成功
NOP掉就成
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
想问一下,那你是用od来做这个破解的静态分析的,还是用其他的工具的呢?如果是Od的,那是不是就分析那个载入该程序后在反汇编窗口中的代码呢?
|
能力值:
( LV8,RANK:130 )
|
-
-
7 楼
开始不要破vb的,找汇编或C写的,程序比较清晰。
这个程序要用到keyFile
ObjectTable地址:0x401F18 (地址来于: Project +0x04)
[+0x2A]对象数量:2
[+0x40]szProjectName: "Project1"
Object地址:0x401F6C (首个Object地址来于: ObjectTable +0x30)
第[01]对象名称: "Crack"
[+0x5C]控件列表地址:0x401A70
[01]Control: "Label1"
[02]Control: "Text"
[03]Control: "Form"
[04]Control: "restart"
[05]Control: "about"
[06]Control: "quit"
[07]Control: "info"
[08]Control: "reg"
[09]Control: "file"
[10]Control: "sep"
[+0x68]事件列表地址:0x401C00
EventTable地址:0x401C00 (地址来于: ObjectInfo +0x68) (仅显示前20个事件)
[+0x00]Crack_Proc_V1_01:0x403230
[+0x04]about_Event_V1_02:0x4029C0
[+0x08]Crack_Event_V1_03:0x402AB0
[+0x0C]quit_Event_V1_04:0x402CB0
[+0x10]reg_Event_V1_05:0x402D20
[+0x14]restart_Event_V1_06:0x403040
第[02]对象名称: "abt"
[+0x5C]控件列表地址:0x401814
[01]Control: "Form"
[02]Control: "Label1"
[03]Control: "ok"
[+0x68]事件列表地址:0x40188C
EventTable地址:0x40188C (地址来于: ObjectInfo +0x68) (仅显示前20个事件)
[+0x00]ok_Event_V1_01:0x403B80
返回地址: 004011B6 函数名称: ThunRTMain(MSVBVM50.DLL)
ThunRTMain: 初始化进程并获取进程ID
lpstring="VB5!?*"
返回地址: 0F01E5A9 函数名称: Crack_Event_V1_03(程序内部函数)
返回地址: 00402B16 函数名称: rtcFreeFile(MSVBVM50.DLL)
rtcFreeFile返回值: 0x00120001
返回地址: 00402B44 函数名称: __vbaI2Var(MSVBVM50.DLL)
__vbaI2Var: 把VB变量变成I2数值
Var=0x0014BB8C (vb整型:1)
__vbaI2Var返回值: 0x00000001(数值)
返回地址: 00402B4F 函数名称: __vbaFileOpen(MSVBVM50.DLL)
__vbaFileOpen: 打开文件
var1=0x00000020
var2=0xFFFFFFFF
hFile=0x00000001
lpFileName="c:\windows\MTR.dat"
__vbaFileOpen返回值: 0x800A9C68
|
能力值:
( LV2,RANK:10 )
|
-
-
8 楼
新手先学暴力的吧。
|
能力值:
( LV2,RANK:10 )
|
-
-
9 楼
用OD,直接查字符串unicode...
|
能力值:
( LV2,RANK:10 )
|
-
-
10 楼
很感谢大家的回帖,真的很多种方法解这个题目。。。但是我想知道的是,od载入完这个程序之后为什么会出错。。。。。。
|
