- UID
- 12872
注册时间2006-5-11
阅读权限8
最后登录1970-1-1
初入江湖
该用户从未签到
|
软件名称:电脑编排大师网络版8.01
软件下载:http://www.dnbpds.com/
peid 查壳显示Microsoft Visual C++ 5.0 [Overlay]
od载入
bp MessageBoxA 下断 F9运行
输入假码确定
窗口显示
77D503F7 90 NOP
77D503F8 90 NOP
77D503F9 90 NOP
77D503FA 8BFF MOV EDI,EDI
77D503FC 55 PUSH EBP
77D503FD 8BEC MOV EBP,ESP
77D503FF 83EC 28 SUB ESP,28
77D50402 8365 FC 00 AND DWORD PTR SS:[EBP-4],0
77D50406 56 PUSH ESI
77D50407 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
77D5040A 8B46 18 MOV EAX,DWORD PTR DS:[ESI+18]
77D5040D 85C0 TEST EAX,EAX
77D5040F 0F84 B5000000 JE USER32.77D504CA
77D50415 F646 4D 40 TEST BYTE PTR DS:[ESI+4D],40
77D50419 53 PUSH EBX
77D5041A 8B5E 20 MOV EBX,DWORD PTR DS:[ESI+20]
77D5041D 74 06 JE SHORT USER32.77D50425
77D5041F 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+24]
77D50422 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
77D50425 48 DEC EAX
77D50426 8945 08 MOV DWORD PTR SS:[EBP+8],EAX
77D50429 0F88 97000000 JS USER32.77D504C6
77D5042F 57 PUSH EDI
77D50430 EB 03 JMP SHORT USER32.77D50435
77D50432 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
77D50435 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
77D50438 03C1 ADD EAX,ECX
77D5043A 99 CDQ
77D5043B 2BC2 SUB EAX,EDX
77D5043D 8BF8 MOV EDI,EAX
77D5043F D1FF SAR EDI,1
77D50441 F646 4D 40 TEST BYTE PTR DS:[ESI+4D],40
77D50445 74 14 JE SHORT USER32.77D5045B
77D50447 FF76 7C PUSH DWORD PTR DS:[ESI+7C]
77D5044A 8B04FB MOV EAX,DWORD PTR DS:[EBX+EDI*8]
77D5044D 0345 F8 ADD EAX,DWORD PTR SS:[EBP-8]
77D50450 FF75 0C PUSH DWORD PTR SS:[EBP+C]
77D50453 50 PUSH EAX
77D50454 E8 8BFEFFFF CALL USER32.77D502E4
77D50459 EB 43 JMP SHORT USER32.77D5049E
77D5045B 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4]
77D5045E C745 D8 0200000>MOV DWORD PTR SS:[EBP-28],2
77D50465 8B48 78 MOV ECX,DWORD PTR DS:[EAX+78]
77D50468 894D DC MOV DWORD PTR SS:[EBP-24],ECX
77D5046B 8B00 MOV EAX,DWORD PTR DS:[EAX]
77D5046D 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
77D50470 897D E4 MOV DWORD PTR SS:[EBP-1C],EDI
77D50473 8B04BB MOV EAX,DWORD PTR DS:[EBX+EDI*4]
77D50476 834D EC FF OR DWORD PTR SS:[EBP-14],FFFFFFFF
77D5047A 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
77D5047D 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
77D50480 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
77D50483 8B46 7C MOV EAX,DWORD PTR DS:[ESI+7C]
77D50486 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
77D50489 8B06 MOV EAX,DWORD PTR DS:[ESI]
77D5048B 85C0 TEST EAX,EAX
77D5048D 74 02 JE SHORT USER32.77D50491
77D5048F 8B00 MOV EAX,DWORD PTR DS:[EAX]
77D50491 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
77D50494 52 PUSH EDX
77D50495 51 PUSH ECX
77D50496 6A 39 PUSH 39
77D50498 50 PUSH EAX
77D50499 E8 1CB4FCFF CALL USER32.SendMessageW
77D5049E 85C0 TEST EAX,EAX
77D504A0 7D 06 JGE SHORT USER32.77D504A8
77D504A2 47 INC EDI
77D504A3 897D FC MOV DWORD PTR SS:[EBP-4],EDI
77D504A6 EB 06 JMP SHORT USER32.77D504AE
77D504A8 7E 11 JLE SHORT USER32.77D504BB
77D504AA 4F DEC EDI
77D504AB 897D 08 MOV DWORD PTR SS:[EBP+8],EDI
77D504AE 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
77D504B1 3945 FC CMP DWORD PTR SS:[EBP-4],EAX
77D504B4 7F 08 JG SHORT USER32.77D504BE
77D504B6 ^ E9 77FFFFFF JMP USER32.77D50432
77D504BB 897D FC MOV DWORD PTR SS:[EBP-4],EDI
77D504BE 33C0 XOR EAX,EAX
77D504C0 3945 FC CMP DWORD PTR SS:[EBP-4],EAX
77D504C3 5F POP EDI
77D504C4 7C 03 JL SHORT USER32.77D504C9
77D504C6 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
77D504C9 5B POP EBX
77D504CA 5E POP ESI
77D504CB C9 LEAVE
77D504CC C2 0800 RETN 8
77D504CF 90 NOP
77D504D0 90 NOP
77D504D1 90 NOP
77D504D2 90 NOP
77D504D3 90 NOP
77D504D4 - FF25 3811D177 JMP DWORD PTR DS:[<&GDI32.GdiCreateLocal>; GDI32.GdiCreateLocalEnhMetaFile
77D504DA 90 NOP
77D504DB 90 NOP
77D504DC 90 NOP
77D504DD 90 NOP
77D504DE 90 NOP
77D504DF - FF25 8C11D177 JMP DWORD PTR DS:[<&GDI32.GdiConvertMeta>; GDI32.GdiConvertMetaFilePict
77D504E5 90 NOP
77D504E6 90 NOP
77D504E7 90 NOP
77D504E8 90 NOP
77D504E9 90 NOP
77D504EA > 8BFF MOV EDI,EDI ; USER32.ShowCursor
77D504EC 55 PUSH EBP
77D504ED 8BEC MOV EBP,ESP
77D504EF 833D BC04D777 0>CMP DWORD PTR DS:[77D704BC],0
77D504F6 74 24 JE SHORT USER32.77D5051C
77D504F8 64:A1 18000000 MOV EAX,DWORD PTR FS:[18]
77D504FE 6A 00 PUSH 0
77D50500 FF70 24 PUSH DWORD PTR DS:[EAX+24]
77D50503 68 240BD777 PUSH USER32.77D70B24
77D50508 FF15 C812D177 CALL DWORD PTR DS:[<&KERNEL32.Interlocke>; kernel32.InterlockedCompareExchange
77D5050E 85C0 TEST EAX,EAX
77D50510 75 0A JNZ SHORT USER32.77D5051C
77D50512 C705 200BD777 0>MOV DWORD PTR DS:[77D70B20],1
77D5051C 6A 00 PUSH 0
堆栈显示
0012D9AC 00000000
0012D9B0 0C09923F VFP6R.0C09923F
0012D9B4 000304F8
0012D9B8 00000020
0012D9BC 00000000
0012D9C0 00000001
0012D9C4 00676FC4
0012D9C8 00000001
0012D9CC 0012DA58
0012D9D0 00000020
0012D9D4 0012DA70
0012D9D8 000304F8
0012D9DC 0012D9D4
0012D9E0 0012DA00
0012D9E4 77D2F3E3 USER32.77D2F3E3
0012D9E8 00676FB0
0012D9EC 00676D70
0012D9F0 00000000
0012D9F4 00000001
0012D9F8 00000001
0012D9FC 77D184B2 USER32.77D184B2
0012DA00 77D2FA55 USER32.77D2FA55
0012DA04 0C1B429E /CALL 到 MessageBoxA 来自 VFP6R.0C1B4298
0012DA08 0004052A |hOwner = 0004052A ('电脑编排大师网上注册信息',class='DNBPDS6c000000',parent=00030502)
0012DA0C 0012DE74 |Text = "输入的注册码不正确,请重新输入或与软件研制者联系!"
0012DA10 0012DA70 |Title = "电脑编排大师"
0012DA14 00000010 \Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
0012DA18 0012E30C
0012DA1C 0C2FE278 VFP6R.0C2FE278
0012DA20 00000010
0012DA24 0C2FE220 VFP6R.0C2FE220
0012DA28 00000000
0012DA2C 00000000
0012DA30 00000000
0012DA34 00000000
0012DA38 00000000
0012DA3C 00000000
0012DA40 00000000
0012DA44 00000000
0012DA48 00000000
0012DA4C 00000000
0012DA50 00000000
0012DA54 00000000
0012DA58 0C1B5F30 返回到 VFP6R.0C1B5F30 来自 VFP6R.0C1B41E8
0012DA5C 00000010
0012DA60 0012E30C
0012DA64 000000DC
0012DA68 0012E35C
0012DA6C 000000DC
0012DA70 D4C4E7B5
0012DA74 C5C5E0B1
0012DA78 A6CAF3B4
0012DA7C 00000000
0012DA80 FFFFFFFF
0012DA84 08001080
0012DA88 FFFFFFFF
0012DA8C 0012DAB0
0012DA90 0012DADE
0012DA94 00000000
0012DA98 73FF0260 USP10.73FF0260
0012DA9C 00000000
0012DAA0 77EF8560 返回到 GDI32.77EF8560 来自 ntdll.RtlLeaveCriticalSection
0012DAA4 77F33020 GDI32.77F33020
0012DAA8 000A0000
0012DAAC 004F5450
0012DAB0 77EF6E56 返回到 GDI32.77EF6E56
0012DAB4 77EF6E77 返回到 GDI32.77EF6E77 来自 GDI32.77EF6E4A
0012DAB8 600A1545
0012DABC 73FF0260 USP10.73FF0260
0012DAC0 73FF03FC USP10.73FF03FC
0012DAC4 73FBE501 返回到 USP10.73FBE501 来自 kernel32.InterlockedExchange
0012DAC8 73FE5030 USP10.73FE5030
0012DACC 00000001
0012DAD0 /0012DAE8
0012DAD4 |73FB42F8 返回到 USP10.73FB42F8 来自 USP10.UspFreeMem
0012DAD8 |73FF0260 USP10.73FF0260
0012DADC |00000001
0012DAE0 |00000000
0012DAE4 |00000080
0012DAE8 ]0012DB0C
0012DAEC |62C23452 返回到 LPK.62C23452 来自 <JMP.&USP10.ScriptStringFree>
0012DAF0 |00000000
0012DAF4 |0012DB58
0012DAF8 |00000000
0012DAFC |00000001
0012DB00 |0012DE04
0012DB04 |0000000A
0012DB08 |00000000
0012DB0C ]0012DC60
0012DB10 |77F11A96 返回到 GDI32.77F11A96 来自 LPK.LpkGetTextExtentExPoint
0012DB14 |9E0115B6
0012DB18 |0012DB58
0012DB1C |00000001
0012DB20 |FFFFFFFF
0012DB24 |00000000
0012DB28 |00000000
0012DB2C |0012DCA0
0012DB30 |00000001
0012DB34 |00000000
0012DB38 |009DD068
我想爆破该软件应该修改哪里?如果想得到注册码应该怎么做?俺是菜鸟,老鸟不要笑俺。 |
|