- UID
- 55096
注册时间2008-9-1
阅读权限10
最后登录1970-1-1
周游历练
该用户从未签到
|
最近搞了个软件是要KEY才能注册成功的。
搞完后发现本程序是重起验证的,发现是注册表验证的。
终于找到关键点,但跳过注册框,程序出错。
大家给点思路
最近搞了个软件是要KEY才能注册成功的。
搞完后发现本程序是重起验证的,发现是注册表验证的。
终于找到关键点,但跳过注册框,程序出错。
大家给点思路
0040113A . 55 PUSH EBP
0040113B . 8BEC MOV EBP,ESP
0040113D . 81EC 98020000 SUB ESP,298
00401143 . 53 PUSH EBX
00401144 . 56 PUSH ESI
00401145 . 57 PUSH EDI
00401146 . 8D85 6CFEFFFF LEA EAX,DWORD PTR SS:[EBP-194]
0040114C . 68 04010000 PUSH 104 ; /BufSize = 104 (260.)
00401151 . 50 PUSH EAX ; |PathBuffer
00401152 . FF75 08 PUSH DWORD PTR SS:[EBP+8] ; |hModule
00401155 . 33DB XOR EBX,EBX ; |
00401157 . 895D FC MOV DWORD PTR SS:[EBP-4],EBX ; |
0040115A . 895D F8 MOV DWORD PTR SS:[EBP-8],EBX ; |
0040115D . 895D F0 MOV DWORD PTR SS:[EBP-10],EBX ; |
00401160 . FF15 24604000 CALL DWORD PTR DS:[<&kernel32.GetModuleF>; \GetModuleFileNameA
00401166 . 53 PUSH EBX ; /hTemplateFile => NULL
00401167 . 68 80000000 PUSH 80 ; |Attributes = NORMAL
0040116C . 6A 03 PUSH 3 ; |Mode = OPEN_EXISTING
0040116E . 53 PUSH EBX ; |pSecurity => NULL
0040116F . 6A 01 PUSH 1 ; |ShareMode = FILE_SHARE_READ
00401171 . 8D85 6CFEFFFF LEA EAX,DWORD PTR SS:[EBP-194] ; |
00401177 . 68 00000080 PUSH 80000000 ; |Access = GENERIC_READ
0040117C . 50 PUSH EAX ; |FileName
0040117D . FF15 20604000 CALL DWORD PTR DS:[<&kernel32.CreateFile>; \CreateFileA
00401183 . 8BF8 MOV EDI,EAX
00401185 . 83FF FF CMP EDI,-1
00401188 . 75 0C JNZ SHORT 破解版本.00401196
0040118A . C745 FC C0714>MOV DWORD PTR SS:[EBP-4],破解版本.004071>; ASCII "Can't open file!"
00401191 . E9 37030000 JMP 破解版本.004014CD
00401196 > 8B35 1C604000 MOV ESI,DWORD PTR DS:[<&kernel32.SetFile>; kernel32.SetFilePointer
0040119C . 6A 02 PUSH 2 ; /Origin = FILE_END
0040119E . 53 PUSH EBX ; |pOffsetHi
0040119F . 6A F8 PUSH -8 ; |OffsetLo = FFFFFFF8 (-8.)
004011A1 . 57 PUSH EDI ; |hFile
004011A2 . FFD6 CALL ESI ; \SetFilePointer
004011A4 . 3D E8030000 CMP EAX,3E8
004011A9 . 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
004011AC . 0F82 FD020000 JB 破解版本.004014AF
004011B2 . 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
004011B5 . 53 PUSH EBX ; /pOverlapped
004011B6 . 50 PUSH EAX ; |pBytesRead
004011B7 . 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24] ; |
004011BA . 6A 08 PUSH 8 ; |BytesToRead = 8
004011BC . 50 PUSH EAX ; |Buffer
004011BD . 57 PUSH EDI ; |hFile
004011BE . 895D E4 MOV DWORD PTR SS:[EBP-1C],EBX ; |
004011C1 . FF15 18604000 CALL DWORD PTR DS:[<&kernel32.ReadFile>] ; \ReadFile
004011C7 . 85C0 TEST EAX,EAX
004011C9 . 0F84 E9020000 JE 破解版本.004014B8
004011CF . 837D E4 08 CMP DWORD PTR SS:[EBP-1C],8
004011D3 . 0F85 DF020000 JNZ 破解版本.004014B8
004011D9 . 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
004011DC . 817D E0 A5B79>CMP DWORD PTR SS:[EBP-20],829AB7A5
004011E3 . 8945 08 MOV DWORD PTR SS:[EBP+8],EAX
004011E6 . 0F85 C3020000 JNZ 破解版本.004014AF
004011EC . 83F8 04 CMP EAX,4
004011EF . 0F8C BA020000 JL 破解版本.004014AF
004011F5 . 3B45 F4 CMP EAX,DWORD PTR SS:[EBP-C]
004011F8 . 0F8D B1020000 JGE 破解版本.004014AF
004011FE . 50 PUSH EAX
004011FF . E8 32220000 CALL 破解版本.00403436
00401204 . 3BC3 CMP EAX,EBX
00401206 . 59 POP ECX
00401207 . 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0040120A . 0F84 07010000 JE 破解版本.00401317
00401210 . 6A 02 PUSH 2
00401212 . 53 PUSH EBX
00401213 . 6A F8 PUSH -8
00401215 . 895D E8 MOV DWORD PTR SS:[EBP-18],EBX
00401218 . 58 POP EAX
00401219 . 2B45 08 SUB EAX,DWORD PTR SS:[EBP+8]
0040121C . 50 PUSH EAX
0040121D . 57 PUSH EDI
0040121E . FFD6 CALL ESI
00401220 . 83F8 FF CMP EAX,-1
00401223 . 0F84 7D020000 JE 破解版本.004014A6
00401229 . 8B75 F8 MOV ESI,DWORD PTR SS:[EBP-8]
0040122C . 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
0040122F . 53 PUSH EBX ; /pOverlapped
00401230 . 50 PUSH EAX ; |pBytesRead
00401231 . FF75 08 PUSH DWORD PTR SS:[EBP+8] ; |BytesToRead
00401234 . 56 PUSH ESI ; |Buffer
00401235 . 57 PUSH EDI ; |hFile
00401236 . FF15 18604000 CALL DWORD PTR DS:[<&kernel32.ReadFile>] ; \ReadFile
0040123C . 85C0 TEST EAX,EAX
0040123E . 0F84 62020000 JE 破解版本.004014A6
00401244 . 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00401247 . 3945 E8 CMP DWORD PTR SS:[EBP-18],EAX
0040124A . 0F85 56020000 JNZ 破解版本.004014A6
00401250 . 813E A5B79A82 CMP DWORD PTR DS:[ESI],829AB7A5
00401256 . 0F85 4A020000 JNZ 破解版本.004014A6
0040125C . 8D85 6CFEFFFF LEA EAX,DWORD PTR SS:[EBP-194]
00401262 . 83C6 04 ADD ESI,4
00401265 . 50 PUSH EAX ; /Buffer
00401266 . 68 04010000 PUSH 104 ; |BufSize = 104 (260.)
0040126B . FF15 14604000 CALL DWORD PTR DS:[<&kernel32.GetTempPat>; \GetTempPathA
00401271 . 85C0 TEST EAX,EAX
00401273 . 75 0C JNZ SHORT 破解版本.00401281
00401275 . C745 FC 98714>MOV DWORD PTR SS:[EBP-4],破解版本.004071>; ASCII "Can't retrieve the temporary directory!"
0040127C . E9 3E020000 JMP 破解版本.004014BF
00401281 > 8B06 MOV EAX,DWORD PTR DS:[ESI]
00401283 . 83C6 04 ADD ESI,4
00401286 . 50 PUSH EAX ; /<%X>
00401287 . 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90] ; |
0040128D . 68 90714000 PUSH 破解版本.00407190 ; |Format = "E_%X"
00401292 . 50 PUSH EAX ; |s
00401293 . FF15 B0604000 CALL DWORD PTR DS:[<&user32.wsprintfA>] ; \wsprintfA
00401299 . 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90]
0040129F . 50 PUSH EAX
004012A0 . 8D85 6CFEFFFF LEA EAX,DWORD PTR SS:[EBP-194]
004012A6 . 50 PUSH EAX
004012A7 . E8 24200000 CALL 破解版本.004032D0
004012AC . 83C4 14 ADD ESP,14
004012AF . 8D85 6CFEFFFF LEA EAX,DWORD PTR SS:[EBP-194]
004012B5 . 53 PUSH EBX ; /pSecurity
004012B6 . 50 PUSH EAX ; |Path
004012B7 . FF15 10604000 CALL DWORD PTR DS:[<&kernel32.CreateDire>; \CreateDirectoryA
004012BD . 8D85 6CFEFFFF LEA EAX,DWORD PTR SS:[EBP-194]
004012C3 . 68 8C714000 PUSH 破解版本.0040718C
004012C8 . 50 PUSH EAX
004012C9 . E8 02200000 CALL 破解版本.004032D0
004012CE . FF36 PUSH DWORD PTR DS:[ESI]
004012D0 . 836D 08 0C SUB DWORD PTR SS:[EBP+8],0C
004012D4 . 8D7E 04 LEA EDI,DWORD PTR DS:[ESI+4]
004012D7 . FF75 08 PUSH DWORD PTR SS:[EBP+8]
004012DA . 57 PUSH EDI
004012DB . E8 39FEFFFF CALL 破解版本.00401119
004012E0 . 836D 08 08 SUB DWORD PTR SS:[EBP+8],8
004012E4 . 8B47 04 MOV EAX,DWORD PTR DS:[EDI+4]
004012E7 . 83C4 14 ADD ESP,14
004012EA . 395D 08 CMP DWORD PTR SS:[EBP+8],EBX
004012ED . 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
004012F0 . 0F8E A7010000 JLE 破解版本.0040149D
004012F6 . 813F 0D0F3E03 CMP DWORD PTR DS:[EDI],33E0F0D
004012FC . 0F85 9B010000 JNZ 破解版本.0040149D
00401302 . 3BC3 CMP EAX,EBX
00401304 . 0F8E 93010000 JLE 破解版本.0040149D
0040130A . 50 PUSH EAX
0040130B . E8 26210000 CALL 破解版本.00403436
00401310 . 8BF0 MOV ESI,EAX
00401312 . 59 POP ECX
00401313 . 3BF3 CMP ESI,EBX
00401315 . 75 0C JNZ SHORT 破解版本.00401323
00401317 > C745 FC 74714>MOV DWORD PTR SS:[EBP-4],破解版本.004071>; ASCII "Insufficient memory!"
0040131E . E9 9C010000 JMP 破解版本.004014BF
00401323 > FF75 08 PUSH DWORD PTR SS:[EBP+8]
00401326 . 83C7 08 ADD EDI,8
00401329 . 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
0040132C . 57 PUSH EDI
0040132D . 50 PUSH EAX
0040132E . 56 PUSH ESI
0040132F . E8 E71E0000 CALL 破解版本.0040321B
00401334 . 83C4 10 ADD ESP,10
00401337 . 85C0 TEST EAX,EAX
00401339 . 74 13 JE SHORT 破解版本.0040134E
0040133B . 56 PUSH ESI
0040133C . E8 EA200000 CALL 破解版本.0040342B
00401341 . 59 POP ECX
00401342 . C745 FC 58714>MOV DWORD PTR SS:[EBP-4],破解版本.004071>; ASCII "Failed to decompress data!"
00401349 . E9 71010000 JMP 破解版本.004014BF
0040134E > FF75 F8 PUSH DWORD PTR SS:[EBP-8]
00401351 . E8 D5200000 CALL 破解版本.0040342B
00401356 . 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
00401359 . 59 POP ECX
0040135A . 03C6 ADD EAX,ESI
0040135C . 8975 F8 MOV DWORD PTR SS:[EBP-8],ESI
0040135F . 3BF0 CMP ESI,EAX
00401361 . 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
00401364 . 885D A4 MOV BYTE PTR SS:[EBP-5C],BL
00401367 . 0F83 B4000000 JNB 破解版本.00401421 ; ...
0040136D > 8BFE MOV EDI,ESI
0040136F . 56 PUSH ESI
00401370 . 897D 08 MOV DWORD PTR SS:[EBP+8],EDI
00401373 . E8 38200000 CALL 破解版本.004033B0
00401378 . C70424 4C7140>MOV DWORD PTR SS:[ESP],破解版本.0040714C ; ASCII "krnln.fnr"
0040137F . 57 PUSH EDI
00401380 . 8D7406 01 LEA ESI,DWORD PTR DS:[ESI+EAX+1]
00401384 . E8 47480000 CALL 破解版本.00405BD0
00401389 . 59 POP ECX
0040138A . 85C0 TEST EAX,EAX
0040138C . 59 POP ECX
0040138D . 74 11 JE SHORT 破解版本.004013A0
0040138F . 68 40714000 PUSH 破解版本.00407140 ; ASCII "krnln.fne"
00401394 . 57 PUSH EDI
00401395 . E8 36480000 CALL 破解版本.00405BD0
0040139A . 59 POP ECX
0040139B . 85C0 TEST EAX,EAX
0040139D . 59 POP ECX
0040139E . 75 0C JNZ SHORT 破解版本.004013AC
004013A0 > 8D45 A4 LEA EAX,DWORD PTR SS:[EBP-5C]
004013A3 . 57 PUSH EDI
004013A4 . 50 PUSH EAX
004013A5 . E8 161F0000 CALL 破解版本.004032C0
004013AA . 59 POP ECX
004013AB . 59 POP ECX
004013AC > 8B3E MOV EDI,DWORD PTR DS:[ESI]
004013AE . 8D85 6CFEFFFF LEA EAX,DWORD PTR SS:[EBP-194]
004013B4 . 50 PUSH EAX
004013B5 . 8D85 68FDFFFF LEA EAX,DWORD PTR SS:[EBP-298]
004013BB . 50 PUSH EAX
004013BC . 83C6 04 ADD ESI,4
004013BF . E8 FC1E0000 CALL 破解版本.004032C0
004013C4 . FF75 08 PUSH DWORD PTR SS:[EBP+8]
004013C7 . 8D85 68FDFFFF LEA EAX,DWORD PTR SS:[EBP-298]
004013CD . 50 PUSH EAX
004013CE . E8 FD1E0000 CALL 破解版本.004032D0
004013D3 . 83C4 10 ADD ESP,10
004013D6 . 8D85 68FDFFFF LEA EAX,DWORD PTR SS:[EBP-298]
004013DC . 53 PUSH EBX ; /hTemplateFile
004013DD . 68 80000000 PUSH 80 ; |Attributes = NORMAL
004013E2 . 6A 02 PUSH 2 ; |Mode = CREATE_ALWAYS
004013E4 . 53 PUSH EBX ; |pSecurity
004013E5 . 53 PUSH EBX ; |ShareMode
004013E6 . 68 00000040 PUSH 40000000 ; |Access = GENERIC_WRITE
004013EB . 50 PUSH EAX ; |FileName
004013EC . FF15 20604000 CALL DWORD PTR DS:[<&kernel32.CreateFile>; \CreateFileA
004013F2 . 83F8 FF CMP EAX,-1
004013F5 . 8945 08 MOV DWORD PTR SS:[EBP+8],EAX
004013F8 . 74 17 JE SHORT 破解版本.00401411
004013FA . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
004013FD . 53 PUSH EBX ; /pOverlapped
004013FE . 51 PUSH ECX ; |pBytesWritten
004013FF . 57 PUSH EDI ; |nBytesToWrite
00401400 . 56 PUSH ESI ; |Buffer
00401401 . 50 PUSH EAX ; |hFile
00401402 . FF15 0C604000 CALL DWORD PTR DS:[<&kernel32.WriteFile>>; \WriteFile
00401408 . FF75 08 PUSH DWORD PTR SS:[EBP+8] ; /hObject
0040140B . FF15 08604000 CALL DWORD PTR DS:[<&kernel32.CloseHandl>; \CloseHandle
00401411 > 03F7 ADD ESI,EDI
00401413 . 3B75 F4 CMP ESI,DWORD PTR SS:[EBP-C]
00401416 ^ 0F82 51FFFFFF JB 破解版本.0040136D
0040141C . 385D A4 CMP BYTE PTR SS:[EBP-5C],BL
0040141F . 75 0C JNZ SHORT 破解版本.0040142D
00401421 > C745 FC 20714>MOV DWORD PTR SS:[EBP-4],破解版本.004071>; ASCII "Not found the kernel library!"
00401428 . E9 92000000 JMP 破解版本.004014BF
0040142D > 8D85 6CFEFFFF LEA EAX,DWORD PTR SS:[EBP-194]
00401433 . 50 PUSH EAX
00401434 . 8D85 68FDFFFF LEA EAX,DWORD PTR SS:[EBP-298]
0040143A . 50 PUSH EAX
0040143B . E8 801E0000 CALL 破解版本.004032C0
00401440 . 8D45 A4 LEA EAX,DWORD PTR SS:[EBP-5C]
00401443 . 50 PUSH EAX
00401444 . 8D85 68FDFFFF LEA EAX,DWORD PTR SS:[EBP-298]
0040144A . 50 PUSH EAX
0040144B . E8 801E0000 CALL 破解版本.004032D0
00401450 . 83C4 10 ADD ESP,10
00401453 . 8D85 68FDFFFF LEA EAX,DWORD PTR SS:[EBP-298]
00401459 50 PUSH EAX ; /FileName
0040145A FF15 04604000 CALL DWORD PTR DS:[<&kernel32.LoadLibrar>; \LoadLibraryA CALL运行了一下
00401460 . 3BC3 CMP EAX,EBX
00401462 . 75 09 JNZ SHORT 破解版本.0040146D
00401464 . C745 FC 00714>MOV DWORD PTR SS:[EBP-4],破解版本.004071>; ASCII "Failed to load kernel library!"
0040146B . EB 52 JMP SHORT 破解版本.004014BF
0040146D > 68 F4704000 PUSH 破解版本.004070F4 ; /ProcNameOrOrdinal = "GetNewSock"
00401472 . 50 PUSH EAX ; |hModule
00401473 . FF15 00604000 CALL DWORD PTR DS:[<&kernel32.GetProcAdd>; \GetProcAddress
00401479 . 3BC3 CMP EAX,EBX
0040147B . 75 09 JNZ SHORT 破解版本.00401486
0040147D . C745 FC D4704>MOV DWORD PTR SS:[EBP-4],破解版本.004070>; ASCII "The kernel library is invalid!"
00401484 . EB 39 JMP SHORT 破解版本.004014BF
00401486 > 68 E8030000 PUSH 3E8
0040148B . FFD0 CALL EAX
0040148D . 3BC3 CMP EAX,EBX
0040148F . 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
00401492 . 75 2B JNZ SHORT 破解版本.004014BF
00401494 . C745 FC A8704>MOV DWORD PTR SS:[EBP-4],破解版本.004070>; ASCII "The inte**ce of kernel library is invalid!"
0040149B . EB 22 JMP SHORT 破解版本.004014BF
0040149D > C745 FC 8C704>MOV DWORD PTR SS:[EBP-4],破解版本.004070>; ASCII "Invalid data in the file!"
004014A4 . EB 19 JMP SHORT 破解版本.004014BF
004014A6 > C745 FC 5C704>MOV DWORD PTR SS:[EBP-4],破解版本.004070>; ASCII "Failed to read file or invalid data in file!"
004014AD . EB 10 JMP SHORT 破解版本.004014BF
004014AF > C745 FC 8C704>MOV DWORD PTR SS:[EBP-4],破解版本.004070>; ASCII "Invalid data in the file!"
004014B6 . EB 15 JMP SHORT 破解版本.004014CD
004014B8 > C745 FC 38704>MOV DWORD PTR SS:[EBP-4],破解版本.004070>; ASCII "Failed to read data from the file!"
004014BF > 395D F8 CMP DWORD PTR SS:[EBP-8],EBX
004014C2 . 74 09 JE SHORT 破解版本.004014CD
004014C4 . FF75 F8 PUSH DWORD PTR SS:[EBP-8]
004014C7 E8 5F1F0000 CALL 破解版本.0040342B
004014CC . 59 POP ECX
004014CD 395D FC CMP DWORD PTR SS:[EBP-4],EBX
004014D0 75 13 JNZ SHORT 破解版本.004014E5
004014D2 . 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004014D5 . E8 00000000 CALL 破解版本.004014DA
004014DA $ 810424 267B00>ADD DWORD PTR SS:[ESP],7B26
004014E1 . FFD0 CALL EAX ; 注册筐出现
004014E3 . EB 11 JMP SHORT 破解版本.004014F6
004014E5 > 6A 10 PUSH 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
004014E7 . 68 30704000 PUSH 破解版本.00407030 ; |Title = "Error"
004014EC . FF75 FC PUSH DWORD PTR SS:[EBP-4] ; |Text
004014EF . 53 PUSH EBX ; |hOwner
004014F0 FF15 AC604000 CALL DWORD PTR DS:[<&user32.MessageBoxA>>; \MessageBoxA 提示EROOR错误
004014F6 > 5F POP EDI
004014F7 . 5E POP ESI
004014F8 . 33C0 XOR EAX,EAX
004014FA . 5B POP EBX
004014FB . C9 LEAVE
004014FC . C2 1000 RETN 10 推出程序
这是地址大家帮看下:http://www.namipan.com/d/ac363ef ... 0016c0a90062d413900(纳米盘)
[ 本帖最后由 a13639875277 于 2008-9-17 11:07 编辑 ] |
|
IP卡
发表于 2008-9-16 17:54:26
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2008-9-16 18:32:24
发表于 2008-9-17 12:45:11
发表于 2008-9-17 15:54:40
楼主
发表于 2008-9-17 19:35:01
发表于 2008-9-18 14:03:03