- UID
- 3908
注册时间2005-10-22
阅读权限30
最后登录1970-1-1
龙战于野
该用户从未签到
|
〖精装友情通讯录〗V2005 build 12.01
一、查壳 无壳,Borland Delphi 6.0 - 7.0
二、注册码错误提示“注册失败,请重新注册”
三、载入OD,查找字符串“注册失败,请重新注册”
双击它,来到 00515448 |> \B8 B4555100 mov eax,jzyq.005155B4
往上看,找注册程序开始代码
00515264 /. 55 push ebp //注册程序开始处,F2下断点
00515265 |. 8BEC mov ebp,esp
00515267 |. B9 17000000 mov ecx,17
0051526C |> 6A 00 /push 0
0051526E |. 6A 00 |push 0
下断点后,F9运行。软件注册,软入定单号:123456,注册码987654,确定后,跟踪。
00515264 /. 55 push ebp
00515265 |. 8BEC mov ebp,esp
00515267 |. B9 17000000 mov ecx,17
0051526C |> 6A 00 /push 0
0051526E |. 6A 00 |push 0
00515270 |. 49 |dec ecx
00515271 |.^ 75 F9 \jnz short jzyq.0051526C
00515273 |. 53 push ebx //F4
00515274 |. 56 push esi
00515275 |. 8BD8 mov ebx,eax
00515277 |. 33C0 xor eax,eax
00515279 |. 55 push ebp
0051527A |. 68 E9545100 push jzyq.005154E9
0051527F |. 64:FF30 push dword ptr fs:[eax]
00515282 |. 64:8920 mov dword ptr fs:[eax],esp
00515285 |. 68 80000000 push 80 ; /BufSize = 80 (128.)
0051528A |. 8D85 7BFFFFFF lea eax,dword ptr ss:[ebp-85] ; |
00515290 |. 50 push eax ; |Buffer
00515291 |. E8 B220EFFF call <jmp.&kernel32.GetSystemDirectoryA> ; \GetSystemDirectoryA
00515296 |. 8D45 FC lea eax,dword ptr ss:[ebp-4]
00515299 |. 8D95 7BFFFFFF lea edx,dword ptr ss:[ebp-85]
0051529F |. B9 81000000 mov ecx,81
005152A4 |. E8 DBF9EEFF call jzyq.00404C84
005152A9 |. 8D95 74FFFFFF lea edx,dword ptr ss:[ebp-8C]
005152AF |. 8B83 1C030000 mov eax,dword ptr ds:[ebx+31C]
005152B5 |. E8 F2D8F2FF call jzyq.00442BAC
005152BA |. 83BD 74FFFFFF>cmp dword ptr ss:[ebp-8C],0 //注册码位数与0比较
005152C1 |. 74 1A je short jzyq.005152DD
005152C3 |. 8D95 70FFFFFF lea edx,dword ptr ss:[ebp-90]
005152C9 |. 8B83 10030000 mov eax,dword ptr ds:[ebx+310]
005152CF |. E8 D8D8F2FF call jzyq.00442BAC
005152D4 |. 83BD 70FFFFFF>cmp dword ptr ss:[ebp-90],0 //订单号位数与0比较
005152DB |. 75 0F jnz short jzyq.005152EC
005152DD |> B8 00555100 mov eax,jzyq.00515500
005152E2 |. E8 B96AF2FF call jzyq.0043BDA0
005152E7 |. E9 80010000 jmp jzyq.0051546C
005152EC |> 8D95 6CFFFFFF lea edx,dword ptr ss:[ebp-94]
005152F2 |. 8B83 1C030000 mov eax,dword ptr ds:[ebx+31C]
005152F8 |. E8 AFD8F2FF call jzyq.00442BAC //假注册码
005152FD |. 8B85 6CFFFFFF mov eax,dword ptr ss:[ebp-94]
00515303 |. 50 push eax
00515304 |. 8D95 60FFFFFF lea edx,dword ptr ss:[ebp-A0]
0051530A |. 8B83 10030000 mov eax,dword ptr ds:[ebx+310]
00515310 |. E8 97D8F2FF call jzyq.00442BAC //订单号
00515315 |. 8B85 60FFFFFF mov eax,dword ptr ss:[ebp-A0]
0051531B |. E8 9042EFFF call jzyq.004095B0
00515320 |. B9 40080000 mov ecx,840
00515325 |. 99 cdq
00515326 |. F7F9 idiv ecx
00515328 |. 8BC2 mov eax,edx
0051532A |. 8D95 64FFFFFF lea edx,dword ptr ss:[ebp-9C]
00515330 |. E8 1742EFFF call jzyq.0040954C
00515335 |. FFB5 64FFFFFF push dword ptr ss:[ebp-9C]
0051533B |. 8D95 54FFFFFF lea edx,dword ptr ss:[ebp-AC]
00515341 |. 8B83 10030000 mov eax,dword ptr ds:[ebx+310]
00515347 |. E8 60D8F2FF call jzyq.00442BAC
0051534C |. 8B85 54FFFFFF mov eax,dword ptr ss:[ebp-AC]
00515352 |. E8 5942EFFF call jzyq.004095B0
00515357 |. 8D95 58FFFFFF lea edx,dword ptr ss:[ebp-A8]
0051535D |. E8 C6FCFFFF call jzyq.00515028
00515362 |. 8B85 58FFFFFF mov eax,dword ptr ss:[ebp-A8]
00515368 |. E8 4342EFFF call jzyq.004095B0
0051536D |. 8D95 5CFFFFFF lea edx,dword ptr ss:[ebp-A4]
00515373 |. E8 90FDFFFF call jzyq.00515108
00515378 |. FFB5 5CFFFFFF push dword ptr ss:[ebp-A4]
0051537E |. 68 20555100 push jzyq.00515520
00515383 |. 8D85 68FFFFFF lea eax,dword ptr ss:[ebp-98]
00515389 |. BA 03000000 mov edx,3
0051538E |. E8 01FAEEFF call jzyq.00404D94
00515393 |. 8B95 68FFFFFF mov edx,dword ptr ss:[ebp-98]
00515399 |. 58 pop eax
0051539A |. E8 79FAEEFF call jzyq.00404E18 //关键CALL F7跟进
0051539F |. 0F85 A3000000 jnz jzyq.00515448 //关键跳转
005153A5 |. B8 2C555100 mov eax,jzyq.0051552C
005153AA |. E8 F169F2FF call jzyq.0043BDA0
005153AF |. A1 109C5300 mov eax,dword ptr ds:[539C10]
005153B4 |. 8B00 mov eax,dword ptr ds:[eax]
005153B6 |. 8B80 C8040000 mov eax,dword ptr ds:[eax+4C8]
005153BC |. 8B80 08020000 mov eax,dword ptr ds:[eax+208]
005153C2 |. 33D2 xor edx,edx
005153C4 |. E8 A79BF5FF call jzyq.0046EF70
005153C9 |. BA 50555100 mov edx,jzyq.00515550
005153CE |. E8 F99AF5FF call jzyq.0046EECC
005153D3 |. 8D85 50FFFFFF lea eax,dword ptr ss:[ebp-B0]
005153D9 |. B9 6C555100 mov ecx,jzyq.0051556C ; ASCII "\hdwl21.dll"
005153DE |. 8B55 FC mov edx,dword ptr ss:[ebp-4]
005153E1 |. E8 3AF9EEFF call jzyq.00404D20
005153E6 |. 8B8D 50FFFFFF mov ecx,dword ptr ss:[ebp-B0]
005153EC |. B2 01 mov dl,1
005153EE |. A1 8C424600 mov eax,dword ptr ds:[46428C]
005153F3 |. E8 44EFF4FF call jzyq.0046433C
005153F8 |. 8BF0 mov esi,eax
005153FA |. 8D95 4CFFFFFF lea edx,dword ptr ss:[ebp-B4]
00515400 |. 8B83 10030000 mov eax,dword ptr ds:[ebx+310]
00515406 |. E8 A1D7F2FF call jzyq.00442BAC
0051540B |. 8B85 4CFFFFFF mov eax,dword ptr ss:[ebp-B4]
00515411 |. 50 push eax
00515412 |. B9 80555100 mov ecx,jzyq.00515580 ; ASCII "setet567"
00515417 |. BA 94555100 mov edx,jzyq.00515594 ; ASCII "sym"
0051541C |. 8BC6 mov eax,esi
0051541E |. 8B18 mov ebx,dword ptr ds:[eax]
00515420 |. FF53 04 call dword ptr ds:[ebx+4]
00515423 |. 8D85 48FFFFFF lea eax,dword ptr ss:[ebp-B8]
00515429 |. B9 A0555100 mov ecx,jzyq.005155A0 ; ASCII "\hdw121.dll"
0051542E |. 8B55 FC mov edx,dword ptr ss:[ebp-4]
00515431 |. E8 EAF8EEFF call jzyq.00404D20
00515436 |. 8B85 48FFFFFF mov eax,dword ptr ss:[ebp-B8]
0051543C |. BA 02000000 mov edx,2
00515441 |. E8 9644EFFF call jzyq.004098DC
00515446 |. EB 24 jmp short jzyq.0051546C
00515448 |> B8 B4555100 mov eax,jzyq.005155B4
0051544D |. E8 4E69F2FF call jzyq.0043BDA0
00515452 |. 33D2 xor edx,edx
00515454 |. 8B83 10030000 mov eax,dword ptr ds:[ebx+310]
0051545A |. E8 7DD7F2FF call jzyq.00442BDC
0051545F |. 33D2 xor edx,edx
00515461 |. 8B83 1C030000 mov eax,dword ptr ds:[ebx+31C]
00515467 |. E8 70D7F2FF call jzyq.00442BDC
0051546C |> 33C0 xor eax,eax
0051546E |. 5A pop edx
0051546F |. 59 pop ecx
00515470 |. 59 pop ecx
00515471 |. 64:8910 mov dword ptr fs:[eax],edx
00515474 |. 68 F0545100 push jzyq.005154F0
00515479 |> 8D85 48FFFFFF lea eax,dword ptr ss:[ebp-B8]
0051547F |. E8 98F5EEFF call jzyq.00404A1C
00515484 |. 8D85 4CFFFFFF lea eax,dword ptr ss:[ebp-B4]
0051548A |. E8 8DF5EEFF call jzyq.00404A1C
0051548F |. 8D85 50FFFFFF lea eax,dword ptr ss:[ebp-B0]
00515495 |. E8 82F5EEFF call jzyq.00404A1C
0051549A |. 8D85 54FFFFFF lea eax,dword ptr ss:[ebp-AC]
005154A0 |. E8 77F5EEFF call jzyq.00404A1C
005154A5 |. 8D85 58FFFFFF lea eax,dword ptr ss:[ebp-A8]
005154AB |. BA 02000000 mov edx,2
005154B0 |. E8 8BF5EEFF call jzyq.00404A40
005154B5 |. 8D85 60FFFFFF lea eax,dword ptr ss:[ebp-A0]
005154BB |. E8 5CF5EEFF call jzyq.00404A1C
005154C0 |. 8D85 64FFFFFF lea eax,dword ptr ss:[ebp-9C]
005154C6 |. BA 02000000 mov edx,2
005154CB |. E8 70F5EEFF call jzyq.00404A40
005154D0 |. 8D85 6CFFFFFF lea eax,dword ptr ss:[ebp-94]
005154D6 |. BA 03000000 mov edx,3
005154DB |> E8 60F5EEFF call jzyq.00404A40
005154E0 |. 8D45 FC lea eax,dword ptr ss:[ebp-4]
005154E3 |. E8 34F5EEFF call jzyq.00404A1C
005154E8 \. C3 retn
==============================================================================================
F7跟进关键CALL
00404E18 /$ 53 push ebx
00404E19 |. 56 push esi
00404E1A |. 57 push edi
00404E1B |. 89C6 mov esi,eax
00404E1D |. 89D7 mov edi,edx
00404E1F |. 39D0 cmp eax,edx //真假注册码比较
00404E21 |. 0F84 8F000000 je jzyq.00404EB6
00404E27 |. 85F6 test esi,esi
00404E29 |. 74 68 je short jzyq.00404E93
00404E2B |. 85FF test edi,edi
00404E2D |. 74 6B je short jzyq.00404E9A
00404E2F |. 8B46 FC mov eax,dword ptr ds:[esi-4]
00404E32 |. 8B57 FC mov edx,dword ptr ds:[edi-4]
00404E35 |. 29D0 sub eax,edx
00404E37 |. 77 02 ja short jzyq.00404E3B
00404E39 |. 01C2 add edx,eax
00404E3B |> 52 push edx
00404E3C |. C1EA 02 shr edx,2
00404E3F |. 74 26 je short jzyq.00404E67
00404E41 |> 8B0E /mov ecx,dword ptr ds:[esi]
00404E43 |. 8B1F |mov ebx,dword ptr ds:[edi]
00404E45 |. 39D9 |cmp ecx,ebx
00404E47 |. 75 58 |jnz short jzyq.00404EA1
00404E49 |. 4A |dec edx
00404E4A |. 74 15 |je short jzyq.00404E61
00404E4C |. 8B4E 04 |mov ecx,dword ptr ds:[esi+4]
00404E4F |. 8B5F 04 |mov ebx,dword ptr ds:[edi+4]
00404E52 |. 39D9 |cmp ecx,ebx
00404E54 |. 75 4B |jnz short jzyq.00404EA1
00404E56 |. 83C6 08 |add esi,8
00404E59 |. 83C7 08 |add edi,8
00404E5C |. 4A |dec edx
00404E5D |.^ 75 E2 \jnz short jzyq.00404E41
00404E5F |. EB 06 jmp short jzyq.00404E67
00404E61 |> 83C6 04 add esi,4
00404E64 |. 83C7 04 add edi,4
00404E67 |> 5A pop edx
00404E68 |. 83E2 03 and edx,3
00404E6B |. 74 22 je short jzyq.00404E8F
00404E6D |. 8B0E mov ecx,dword ptr ds:[esi]
00404E6F |. 8B1F mov ebx,dword ptr ds:[edi]
00404E71 |. 38D9 cmp cl,bl
00404E73 |. 75 41 jnz short jzyq.00404EB6
00404E75 |. 4A dec edx
00404E76 |. 74 17 je short jzyq.00404E8F
00404E78 |. 38FD cmp ch,bh
00404E7A |. 75 3A jnz short jzyq.00404EB6
00404E7C |. 4A dec edx
00404E7D |. 74 10 je short jzyq.00404E8F
00404E7F |. 81E3 0000FF00 and ebx,0FF0000
00404E85 |. 81E1 0000FF00 and ecx,0FF0000
00404E8B |. 39D9 cmp ecx,ebx
00404E8D |. 75 27 jnz short jzyq.00404EB6
00404E8F |> 01C0 add eax,eax
00404E91 |. EB 23 jmp short jzyq.00404EB6
00404E93 |> 8B57 FC mov edx,dword ptr ds:[edi-4]
00404E96 |. 29D0 sub eax,edx
00404E98 |. EB 1C jmp short jzyq.00404EB6
00404E9A |> 8B46 FC mov eax,dword ptr ds:[esi-4]
00404E9D |. 29D0 sub eax,edx
00404E9F |. EB 15 jmp short jzyq.00404EB6
00404EA1 |> 5A pop edx
00404EA2 |. 38D9 cmp cl,bl
00404EA4 |. 75 10 jnz short jzyq.00404EB6
00404EA6 |. 38FD cmp ch,bh
00404EA8 |. 75 0C jnz short jzyq.00404EB6
00404EAA |. C1E9 10 shr ecx,10
00404EAD |. C1EB 10 shr ebx,10
00404EB0 |. 38D9 cmp cl,bl
00404EB2 |. 75 02 jnz short jzyq.00404EB6
00404EB4 |. 38FD cmp ch,bh
00404EB6 |> 5F pop edi
00404EB7 |. 5E pop esi
00404EB8 |. 5B pop ebx
00404EB9 \. C3 retn
订单号:123456 注册码:96036l5u412~f14491
这个软件利用定单号,计算注册码 |
|