- UID
- 26372
注册时间2006-12-3
阅读权限40
最后登录1970-1-1
独步武林
 
该用户从未签到
|
希望看图选号
软件下载地址:http://www.3dsoft.net/整个网站里有一系列类似的软件,
壳为ASPack 2.12 -> Alexey Solodovnikov
脱壳麻烦,干脆不脱壳分析!!!
OD载入,F9直接运行软件!!!
软件载入后,查看可执行模块,或键盘ALT+E,选择主程序文件XWKTXH.EXE
从可执行模块中双击它,
再查找字符串!!
找到注册提示—— 软件已经注册,注册码是:, 双击来到
0048E15B E8 D81CFFFF CALL xwktxh.0047FE38
0048E160 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0048E163 E8 1CFDFFFF CALL xwktxh.0048DE84
0048E168 84C0 TEST AL,AL 这里标志位,未注册AL为00
0048E16A 74 4C JE SHORT xwktxh.0048E1B8 这里关键跳转,跳则出错,
0048E16C 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0048E16F 8B80 E8020000 MOV EAX,DWORD PTR DS:[EAX+2E8]
0048E175 BA 70E34800 MOV EDX,xwktxh.0048E370 ; 软件已经注册,注册码是:
0048E17A E8 FDDFF9FF CALL xwktxh.0042C17C
0048E17F 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0048E182 8B80 E4020000 MOV EAX,DWORD PTR DS:[EAX+2E4]
0048E188 33D2 XOR EDX,EDX
0048E18A E8 D5DEF9FF CALL xwktxh.0042C064
0048E18F 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0048E192 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0048E195 E8 D2F4FFFF CALL xwktxh.0048D66C
0048E19A 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0048E19D 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0048E1A0 E8 FB5BF7FF CALL xwktxh.00403DA0
0048E1A5 8B55 CC MOV EDX,DWORD PTR SS:[EBP-34]
0048E1A8 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0048E1AB 8B80 E0020000 MOV EAX,DWORD PTR DS:[EAX+2E0]
0048E1B1 E8 821CFFFF CALL xwktxh.0047FE38
0048E1B6 EB 23 JMP SHORT xwktxh.0048E1DB
0048E1B8 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0048E1BB 8B80 E8020000 MOV EAX,DWORD PTR DS:[EAX+2E8] 跳向这里
0048E1C1 BA 94E34800 MOV EDX,xwktxh.0048E394 ; 软件尚未注册,机器码是:
0048E1C6 E8 B1DFF9FF CALL xwktxh.0042C17C
0048E1CB 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0048E1CE 8B80 E4020000 MOV EAX,DWORD PTR DS:[EAX+2E4]
0048E1D4 B2 01 MOV DL,1
0048E1D6 E8 89DEF9FF CALL xwktxh.0042C064
0048E1DB 33C0 XOR EAX,EAX
0048E1DD 5A POP EDX
0048E1DE 59 POP ECX
0048E1DF 59 POP ECX
0048E1E0 64:8910 MOV DWORD PTR FS:[EAX],EDX
0048E1E3 EB 12 JMP SHORT xwktxh.0048E1F7
0048E1E5 ^ E9 5A51F7FF JMP xwktxh.00403344
0048E1EA 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0048E1ED E8 E64CF7FF CALL xwktxh.00402ED8
0048E1F2 E8 A954F7FF CALL xwktxh.004036A0
0048E1F7 33C0 XOR EAX,EAX
0048E1F9 5A POP EDX
0048E1FA 59 POP ECX
0048E1FB 59 POP ECX
0048E1FC 64:8910 MOV DWORD PTR FS:[EAX],EDX
0048E1FF 68 21E24800 PUSH xwktxh.0048E221
0048E204 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
0048E207 E8 7059F7FF CALL xwktxh.00403B7C
0048E20C 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
0048E20F BA 04000000 MOV EDX,4
0048E214 E8 8759F7FF CALL xwktxh.00403BA0
0048E219 C3 RETN
0048E21A ^ E9 D953F7FF JMP xwktxh.004035F8
0048E21F ^ EB E3 JMP SHORT xwktxh.0048E204
0048E221 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0048E224 807D FB 00 CMP BYTE PTR SS:[EBP-5],0
0048E228 74 0F JE SHORT xwktxh.0048E239
0048E22A E8 0150F7FF CALL xwktxh.00403230
0048E22F 64:8F05 0000000>POP DWORD PTR FS:[0]
0048E236 83C4 0C ADD ESP,0C
0048E239 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0048E23C 5F POP EDI
0048E23D 5E POP ESI
0048E23E 5B POP EBX
0048E23F 8BE5 MOV ESP,EBP
0048E241 5D POP EBP
0048E242 C3 RETN
补充:如果不脱壳,直接修改是行不通的!!如果只为研究,就直接将JE在OD中NOP掉,再F9运行,
软件运行后会自动出现注册码,将注册码复制出来,打开原文件填到注册框里就行了。1!!
好了,献丑 |
|
IP卡
发表于 2007-1-23 21:42:25
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2007-1-25 22:11:16
楼主
发表于 2007-2-9 21:50:15
发表于 2007-2-11 02:01:23