怎样也暴破不了（菜鸟求助）

xyyh816 · 发表于 2006-11-28 20:10:09

IE清理器 1.0
Borland Delphi 4.0 - 5.0
随意输入注册码　显示　注册码错误，请与作者联系
用W32DASM反汇编，串式参考，发现有　注册成功，谢谢使用本软件，双击它，以发现只有一处调用，

:0045037A 7504                   jne 00450380
:0045037C B301                   mov bl, 01
:0045037E EB28                   jmp 004503A8

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045037A(C)
|
:00450380 8B55F8                mov edx, dword ptr [ebp-08]
:00450383 8B45F4                mov eax, dword ptr [ebp-0C]
:00450386 8B08                   mov ecx, dword ptr [eax]
:00450388 FF5158                call [ecx+58]
:0045038B 8D95E0FEFFFF          lea edx, dword ptr [ebp+FFFFFEE0]
:00450391 8B45F4                mov eax, dword ptr [ebp-0C]
:00450394 8B08                   mov ecx, dword ptr [eax]
:00450396 FF511C                call [ecx+1C]
:00450399 8B85E0FEFFFF          mov eax, dword ptr [ebp+FFFFFEE0]
:0045039F 8A18                   mov bl, byte ptr [eax]
:004503A1 33C0                   xor eax, eax
:004503A3 8AC3                   mov al, bl
:004503A5 40                   inc eax
:004503A6 8BD8                   mov ebx, eax

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045037E(U)
|
:004503A8 8D85DCFEFFFF          lea eax, dword ptr [ebp+FFFFFEDC]
:004503AE 8BD3                   mov edx, ebx
:004503B0 E85F38FBFF             call 00403C14
:004503B5 8B95DCFEFFFF          mov edx, dword ptr [ebp+FFFFFEDC]
:004503BB 8B45F4                mov eax, dword ptr [ebp-0C]
:004503BE 8B08                   mov ecx, dword ptr [eax]
:004503C0 FF512C                call [ecx+2C]
:004503C3 8B55F8                mov edx, dword ptr [ebp-08]
:004503C6 8B45F4                mov eax, dword ptr [ebp-0C]
:004503C9 8B08                   mov ecx, dword ptr [eax]
:004503CB FF5164                call [ecx+64]
:004503CE 33C0                   xor eax, eax
:004503D0 5A                   pop edx
:004503D1 59                   pop ecx
:004503D2 59                   pop ecx
:004503D3 648910                mov dword ptr fs:[eax], edx
:004503D6 68EB034500             push 004503EB

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004503E9(U)
|
:004503DB 8B45F4                mov eax, dword ptr [ebp-0C]
:004503DE E87D29FBFF             call 00402D60
:004503E3 C3                   ret

:004503E4 E99730FBFF             jmp 00403480
:004503E9 EBF0                   jmp 004503DB
:004503EB 8B45FC                mov eax, dword ptr [ebp-04]
:004503EE C6803103000001       mov byte ptr [eax+00000331], 01
:004503F5 6A00                   push 00000000
:004503F7 668B0DAC044500       mov cx, word ptr [004504AC]
:004503FE 33D2                   xor edx, edx

* Possible StringData Ref from Code Obj ->"注册成功,谢谢使用本软件！"
                              |
:00450400 B8B8044500             mov eax, 004504B8

-------------------------------------------------------------------------------------------
可以看到实际修改地址是　0004F77A　，用ULTRADIT查找0x4F77A　，修改75为74。暴破不成功。

用同样的方法，查看“注册码错误”，修改后仍不成功，晕。
我错在哪？？请高手多多指点，多谢了。

xuhw · 发表于 2006-11-28 20:34:08

00450276 .  55          PUSH EBP
00450277 .  68 62044500 PUSH IE清理器.00450462
0045027C .  64:FF30    PUSH DWORD PTR FS:[EAX]
0045027F .  64:8920    MOV DWORD PTR FS:[EAX],ESP
00450282 .  8D95 ECFEFFFF LEA EDX,DWORD PTR SS:[EBP-114]
00450288 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0045028B .  8B80 E4020000 MOV EAX,DWORD PTR DS:[EAX+2E4]
00450291 .  E8 924AFDFF CALL IE清理器.00424D28
00450296 .  8B85 ECFEFFFF MOV EAX,DWORD PTR SS:[EBP-114]          ;  假码(ASCII "987654321")
0045029C .  8D95 F0FEFFFF LEA EDX,DWORD PTR SS:[EBP-110]
004502A2 .  E8 D17AFBFF CALL IE清理器.00407D78
004502A7 .  83BD F0FEFFFF>CMP DWORD PTR SS:[EBP-110],0          ;  输入否
004502AE .  75 1A       JNZ SHORT IE清理器.004502CA                ;  空就“请输入”框
004502B0 .  6A 00       PUSH 0                                  ; /Arg1 = 00000000
004502B2 .  66:8B0D 70044>MOV CX,WORD PTR DS:[450470]             ; |
004502B9 .  33D2       XOR EDX,EDX                            ; |
004502BB .  B8 7C044500 MOV EAX,IE清理器.0045047C                ; |请输入注册码？
004502C0 .  E8 A354FFFF CALL IE清理器.00445768                   ; \IE清理器.00445768
004502C5 .  E9 57010000 JMP IE清理器.00450421
004502CA >  8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
004502D0 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004502D3 .  8B80 E4020000 MOV EAX,DWORD PTR DS:[EAX+2E4]
004502D9 .  E8 4A4AFDFF CALL IE清理器.00424D28
004502DE .  8B95 E8FEFFFF MOV EDX,DWORD PTR SS:[EBP-118]          ;  假码(ASCII "987654321")
004502E4 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004502E7 .  8B80 2C030000 MOV EAX,DWORD PTR DS:[EAX+32C]          ;  真码"E54D8-E544E-82389-814FE-F024E")
004502ED .  E8 0A3BFBFF CALL IE清理器.00403DFC                   ;  内存注册机
004502F2 .  0F85 14010000 JNZ IE清理器.0045040C                      ;  爆破点
004502F8 .  68 FF000000 PUSH 0FF                               ; /BufSize = FF (255.)
004502FD .  8D85 F4FEFFFF LEA EAX,DWORD PTR SS:[EBP-10C]          ; |
00450303 .  50          PUSH EAX                               ; |Buffer
00450304 .  E8 5B5FFBFF CALL <JMP.&kernel32.GetSystemDirectoryA> ; \GetSystemDirectoryA
00450309 .  BE 00010000 MOV ESI,100
0045030E .  8DBD F4FEFFFF LEA EDI,DWORD PTR SS:[EBP-10C]
00450314 >  8A1F       MOV BL,BYTE PTR DS:[EDI]
00450316 .  84DB       TEST BL,BL
00450318 .  74 1F       JE SHORT IE清理器.00450339
0045031A .  8D85 E4FEFFFF LEA EAX,DWORD PTR SS:[EBP-11C]
00450320 .  8BD3       MOV EDX,EBX
00450322 .  E8 ED38FBFF CALL IE清理器.00403C14
00450327 .  8B95 E4FEFFFF MOV EDX,DWORD PTR SS:[EBP-11C]
0045032D .  8D45 F8    LEA EAX,DWORD PTR SS:[EBP-8]
00450330 .  E8 BF39FBFF CALL IE清理器.00403CF4
00450335 .  47          INC EDI
00450336 .  4E          DEC ESI
00450337 .^ 75 DB       JNZ SHORT IE清理器.00450314
00450339 >  FF75 F8    PUSH DWORD PTR SS:[EBP-8]
0045033C .  68 94044500 PUSH IE清理器.00450494                   ;  \
00450341 .  68 A0044500 PUSH IE清理器.004504A0                   ;  winnet.dll
00450346 .  8D45 F8    LEA EAX,DWORD PTR SS:[EBP-8]
00450349 .  BA 03000000 MOV EDX,3
0045034E .  E8 593AFBFF CALL IE清理器.00403DAC
00450353 .  33C0       XOR EAX,EAX
00450355 .  55          PUSH EBP
00450356 .  68 E4034500 PUSH IE清理器.004503E4
0045035B .  64:FF30    PUSH DWORD PTR FS:[EAX]
0045035E .  64:8920    MOV DWORD PTR FS:[EAX],ESP
00450361 .  B2 01       MOV DL,1
00450363 .  A1 14C44000 MOV EAX,DWORD PTR DS:[40C414]
00450368 .  E8 C329FBFF CALL IE清理器.00402D30
0045036D .  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX
00450370 .  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
00450373 .  E8 AC7CFBFF CALL IE清理器.00408024
00450378 .  84C0       TEST AL,AL
0045037A .  75 04       JNZ SHORT IE清理器.00450380
0045037C .  B3 01       MOV BL,1
0045037E .  EB 28       JMP SHORT IE清理器.004503A8
00450380 >  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
00450383 .  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
00450386 .  8B08       MOV ECX,DWORD PTR DS:[EAX]
00450388 .  FF51 58    CALL DWORD PTR DS:[ECX+58]
0045038B .  8D95 E0FEFFFF LEA EDX,DWORD PTR SS:[EBP-120]
00450391 .  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
00450394 .  8B08       MOV ECX,DWORD PTR DS:[EAX]
00450396 .  FF51 1C    CALL DWORD PTR DS:[ECX+1C]
00450399 .  8B85 E0FEFFFF MOV EAX,DWORD PTR SS:[EBP-120]
0045039F .  8A18       MOV BL,BYTE PTR DS:[EAX]
004503A1 .  33C0       XOR EAX,EAX
004503A3 .  8AC3       MOV AL,BL
004503A5 .  40          INC EAX
004503A6 .  8BD8       MOV EBX,EAX
004503A8 >  8D85 DCFEFFFF LEA EAX,DWORD PTR SS:[EBP-124]
004503AE .  8BD3       MOV EDX,EBX
004503B0 .  E8 5F38FBFF CALL IE清理器.00403C14
004503B5 .  8B95 DCFEFFFF MOV EDX,DWORD PTR SS:[EBP-124]
004503BB .  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
004503BE .  8B08       MOV ECX,DWORD PTR DS:[EAX]
004503C0 .  FF51 2C    CALL DWORD PTR DS:[ECX+2C]
004503C3 .  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
004503C6 .  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
004503C9 .  8B08       MOV ECX,DWORD PTR DS:[EAX]
004503CB .  FF51 64    CALL DWORD PTR DS:[ECX+64]
004503CE .  33C0       XOR EAX,EAX
004503D0 .  5A          POP EDX
004503D1 .  59          POP ECX
004503D2 .  59          POP ECX
004503D3 .  64:8910    MOV DWORD PTR FS:[EAX],EDX
004503D6 .  68 EB034500 PUSH IE清理器.004503EB
004503DB >  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
004503DE .  E8 7D29FBFF CALL IE清理器.00402D60
004503E3 .  C3          RETN
004503E4 .^ E9 9730FBFF JMP IE清理器.00403480
004503E9 .^ EB F0       JMP SHORT IE清理器.004503DB
004503EB .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004503EE .  C680 31030000>MOV BYTE PTR DS:[EAX+331],1
004503F5 .  6A 00       PUSH 0                                  ; /Arg1 = 00000000
004503F7 .  66:8B0D AC044>MOV CX,WORD PTR DS:[4504AC]             ; |
004503FE .  33D2       XOR EDX,EDX                            ; |
00450400 .  B8 B8044500 MOV EAX,IE清理器.004504B8                ; |注册成功,谢谢使用本软件！
00450405 .  E8 5E53FFFF CALL IE清理器.00445768                   ; \IE清理器.00445768
0045040A .  EB 15       JMP SHORT IE清理器.00450421
0045040C >  6A 00       PUSH 0                                  ; /Arg1 = 00000000
0045040E .  66:8B0D AC044>MOV CX,WORD PTR DS:[4504AC]             ; |
00450415 .  33D2       XOR EDX,EDX                            ; |
00450417 .  B8 DC044500 MOV EAX,IE清理器.004504DC                ; |注册码错误，请与作者联系！
0045041C .  E8 4753FFFF CALL IE清理器.00445768                   ; \IE清理器.00445768
00450421 >  33C0       XOR EAX,EAX
00450423 .  5A          POP EDX

棒棒糖 · 发表于 2006-11-28 20:40:17

多看教程：）和文章

Rason · 发表于 2006-11-28 22:15:43

都已经提示注册成功，再开还是要注册，软件本身就有问题

菜儿 · 发表于 2006-11-28 22:35:14

我汗一下,要求加分.....

avel · 发表于 2006-11-29 09:18:13

原帖由 棒棒糖 于 2006-11-28 20:40 发表
多看教程：）和文章

是的~!

讲的极是!!!!

jiegou · 发表于 2006-11-30 14:56:11

修改爆破点的这一句，好像还是不能够注册。

004502F2 . 0F85 14010000 JNZ IE清理器.0045040C ; 爆破点

但是输入注册码，是可以注册的。难到还有一些关键点需要爆破。

		自动登录	找回密码
密码			加入我们

[求助] 怎样也暴破不了（菜鸟求助）

本帖子中包含更多资源

相关帖子

评分