- UID
- 36440
注册时间2007-11-2
阅读权限8
最后登录1970-1-1
初入江湖
TA的每日心情 | 开心
2018-5-21 08:13 |
|---|
签到天数: 1 天 [LV.1]初来乍到
|
求助
【下载地址】: http://www.onlinedown.net/soft/49337.htm
【加壳方式】: 无
【编写语言】: Borland Delphi 6.0 - 7.0
将取消了自校验后的文件载入OD后
查找ASCII码
00653FA7 mov eax,Photoman.0065413C 软件己经成功注册!
00653FEE mov eax,Photoman.00654158 请输入正确的注册码!
00654045 mov ecx,Photoman.00654174 423430204034481912135105832647638873673845193063041255700410474178179639573
0065404A mov edx,Photoman.006541C8 23472851
006540A9 mov eax,Photoman.006541DC 软件注册成功!请保存好你的注册码.
006540D9 mov eax,Photoman.00654208 注册码正确!但注册信息写入错误!本次注册没有成功.错误号:9008!
006540F0 mov eax,Photoman.0065424C 软件注册失败:错误的注册码!
006542BD mov ecx,Photoman.00654388 XYsoft.ini
006542EB mov ecx,Photoman.0065439C RegKey
006542F0 mov edx,Photoman.006543AC RegInf
00654309 mov ecx,Photoman.006543BC RegTime
0065430E mov edx,Photoman.006543AC RegInf
00654400 mov ecx,Photoman.006546A4 XYsoft.ini
0065443A mov ecx,Photoman.006546A4 XYsoft.ini
00654456 mov ecx,Photoman.006546B8 RegKey
0065445B mov edx,Photoman.006546C8 RegInf
0065446B mov ecx,Photoman.006546D8 RegTime
00654470 mov edx,Photoman.006546C8 RegInf
006544DB mov ecx,Photoman.006546E8 423430204034481912135105832647638873673845193063041255700410474178179639573
006544E0 mov edx,Photoman.0065473C 23472851
0065452F mov edx,Photoman.0065473C 23472851
00654534 mov ecx,Photoman.006546E8 423430204034481912135105832647638873673845193063041255700410474178179639573
0065458C mov edx,Photoman.00654750 软件己成功注册! 注册日期:
0065462B mov edx,Photoman.00654774 己有的注册非法! 上次注册日期:
00654B8B push Photoman.00654BC0 OPEN
00654BFB push Photoman.00654C30 OPEN
00654C7B mov edx,Photoman.00654DC0 版本:3.90
00654C98 mov edx,Photoman.00654DD4 NET
00654CA4 mov edx,Photoman.00654DE0 [网络版]
00654CBD mov edx,Photoman.00654DF4 XY-soft
00654CC2 mov eax,Photoman.00654E04 F0w3upz9vWvA7Ug3NdaHl0rCRda2w0p
00654CDE mov edx,Photoman.00654DF4 XY-soft
00654CE8 mov eax,Photoman.00654E2C 24ZvSq(Z9Az8h7zvN0vtJtNCyfMuq(GJ
00654D04 mov edx,Photoman.00654DF4 XY-soft
00654D0E mov eax,Photoman.00654E58 tb76mdfeJfWp(j78(aXM2hf6BKA0ZnP8EJXdTSWaSTBPmEcIodIw5Ts
00654D57 mov edx,Photoman.00654E98 软件己注册,注册日期:
在00653FA7 mov eax,Photoman.0065413C 软件己经成功注册!双击后
00653F84 . 55 push ebp
00653F85 . 68 22416500 push Photoman.00654122
00653F8A . 64:FF30 push dword ptr fs:[eax]
00653F8D . 64:8920 mov dword ptr fs:[eax],esp
00653F90 . 8B45 FC mov eax,dword ptr ss:[ebp-4]
00653F93 . 80B8 38030000 >cmp byte ptr ds:[eax+338],0
00653F9A . 74 1A je short Photoman.00653FB6
00653F9C . 6A 00 push 0 ; /Arg1 = 00000000
00653F9E . 66:8B0D 304165>mov cx,word ptr ds:[654130] ; |
00653FA5 . 33D2 xor edx,edx ; |
00653FA7 . B8 3C416500 mov eax,Photoman.0065413C ; | 软件己经成功注册
00653FAC . E8 238FDEFF call Photoman.0043CED4 ; \Photoman.0043CED4
00653FB1 . E9 44010000 jmp Photoman.006540FA
00653FB6 > 8D55 F4 lea edx,dword ptr ss:[ebp-C]
00653FB9 . 8B45 FC mov eax,dword ptr ss:[ebp-4]
00653FBC . 8B80 10030000 mov eax,dword ptr ds:[eax+310]
00653FC2 . E8 F508E3FF call Photoman.004848BC
我便在00653F84 下了F2断点
F9运行后停下来
一直F8
直到
00653FD8 . E8 130DDBFF call Photoman.00404CF0
F7跟进
00404CF0 /$ 85D2 test edx,edx
00404CF2 |. 74 0A je short Photoman.00404CFE
00404CF4 |. 8B4A F8 mov ecx,dword ptr ds:[edx-8]
00404CF7 |. 41 inc ecx
00404CF8 |. 7E 04 jle short Photoman.00404CFE
00404CFA |. F0:FF42 F8 lock inc dword ptr ds:[edx-8]
00404CFE |> 8710 xchg dword ptr ds:[eax],edx
00404D00 |. 85D2 test edx,edx
00404D02 |. 74 14 je short Photoman.00404D18
00404D04 |. 8B4A F8 mov ecx,dword ptr ds:[edx-8]
00404D07 |. 49 dec ecx
00404D08 |. 7C 0E jl short Photoman.00404D18
00404D0A |. F0:FF4A F8 lock dec dword ptr ds:[edx-8]
00404D0E |. 75 08 jnz short Photoman.00404D18
00404D10 |. 8D42 F8 lea eax,dword ptr ds:[edx-8]
00404D13 |. E8 6CDBFFFF call Photoman.00402884
00404D18 \> C3 retn
看来又不是算法地方,我又在
00404D13 |. E8 6CDBFFFF call Photoman.00402884跟进
多处跟踪都没有办法找到算法入口点。哪位大哥可以帮我一下 |
|
IP卡
发表于 2007-11-11 20:09:04
提升卡
置顶卡
变色卡
千斤顶
显身卡