【新华字典词典-刘夫子版本】追码及爆破

livingbody · 发表于 2014-12-10 22:06

软件见帖子：https://www.52hb.com/thread-3442-1-1.html

一、脱壳

用吾爱汇编论坛工具ASPDie脱壳

二、字符串搜索

搜索字符串“注册”

00543F73 E8 400FECFF call Unpacked.00404EB8

00543F78 8B45 FC mov eax,dword ptr ss:[ebp-0x4]

00543F7B E8 905BECFF call Unpacked.00409B10

00543F80 3C 01 cmp al,0x1

00543F82 75 54 jnz short Unpacked.00543FD8

00543F84 BA 28415400 mov edx,Unpacked.00544128 ; 软件已注册

00543F89 8B83 EC040000 mov eax,dword ptr ds:[ebx+0x4EC]

00543F8F E8 B836F0FF call Unpacked.0044764C

00543F94 8B93 18040000 mov edx,dword ptr ds:[ebx+0x418]

00543F9A 8B83 30040000 mov eax,dword ptr ds:[ebx+0x430]

00543FA0 E8 77E6F8FF call Unpacked.004D261C

00543FA5 BA 3C415400 mov edx,Unpacked.0054413C ; 解释

00543FAA 8B83 30040000 mov eax,dword ptr ds:[ebx+0x430]

00543FB0 E8 B3E6F8FF call Unpacked.004D2668

00543FB5 8B93 F0020000 mov edx,dword ptr ds:[ebx+0x2F0]

00543FBB 8B83 74040000 mov eax,dword ptr ds:[ebx+0x474]

00543FC1 E8 7AEAF8FF call Unpacked.004D2A40

00543FC6 BA 4C415400 mov edx,Unpacked.0054414C ; content

00543FCB 8B83 74040000 mov eax,dword ptr ds:[ebx+0x474]

00543FD1 E8 B6EAF8FF call Unpacked.004D2A8C

00543FD6 EB 30 jmp short Unpacked.00544008

00543FD8 BA 5C415400 mov edx,Unpacked.0054415C ; 软件未注册

00543FDD 8B83 EC040000 mov eax,dword ptr ds:[ebx+0x4EC]

00543FE3 E8 6436F0FF call Unpacked.0044764C

00545A18 58 pop eax

00545A19 E8 D6F5EBFF call Unpacked.00404FF4

00545A1E 0F85 14010000 jnz Unpacked.00545B38

00545A24 BA 845B5400 mov edx,Unpacked.00545B84 ; xhcz.d11

00545A29 8D85 ACFEFFFF lea eax,dword ptr ss:[ebp-0x154]

00545A2F E8 10D5EBFF call Unpacked.00402F44

00545A34 BA 01000000 mov edx,0x1

00545A39 8D85 ACFEFFFF lea eax,dword ptr ss:[ebp-0x154]

00545A3F E8 B4DAEBFF call Unpacked.004034F8

00545A44 E8 33CFEBFF call Unpacked.0040297C

00545A49 33C0 xor eax,eax

00545A4B 55 push ebp

00545A4C 68 BE5A5400 push Unpacked.00545ABE

00545A51 64:FF30 push dword ptr fs:[eax]

00545A54 64:8920 mov dword ptr fs:[eax],esp

00545A57 6A 00 push 0x0

00545A59 8D55 FB lea edx,dword ptr ss:[ebp-0x5]

00545A5C B9 01000000 mov ecx,0x1

00545A61 8D85 ACFEFFFF lea eax,dword ptr ss:[ebp-0x154]

00545A67 E8 34D6EBFF call Unpacked.004030A0

00545A6C E8 0BCFEBFF call Unpacked.0040297C

00545A71 BA 88AD1000 mov edx,0x10AD88

00545A76 8D85 ACFEFFFF lea eax,dword ptr ss:[ebp-0x154]

00545A7C E8 83DAEBFF call Unpacked.00403504

00545A81 E8 F6CEEBFF call Unpacked.0040297C

00545A86 6A 00 push 0x0

00545A88 8D55 FB lea edx,dword ptr ss:[ebp-0x5]

00545A8B B9 01000000 mov ecx,0x1

00545A90 8D85 ACFEFFFF lea eax,dword ptr ss:[ebp-0x154]

00545A96 E8 05D6EBFF call Unpacked.004030A0

00545A9B E8 DCCEEBFF call Unpacked.0040297C

00545AA0 33C0 xor eax,eax

00545AA2 5A pop edx

00545AA3 59 pop ecx

00545AA4 59 pop ecx

00545AA5 64:8910 mov dword ptr fs:[eax],edx

00545AA8 68 C55A5400 push Unpacked.00545AC5

00545AAD 8D85 ACFEFFFF lea eax,dword ptr ss:[ebp-0x154]

00545AB3 E8 08D6EBFF call Unpacked.004030C0

00545AB8 E8 BFCEEBFF call Unpacked.0040297C

00545ABD C3 retn

00545ABE ^ E9 D9E9EBFF jmp Unpacked.0040449C

00545AC3 ^ EB E8 jmp short Unpacked.00545AAD

00545AC5 B8 985B5400 mov eax,Unpacked.00545B98 ; 软件注册成功！

00545ACA E8 35ADEFFF call Unpacked.00440804

00545ACF 8B45 FC mov eax,dword ptr ss:[ebp-0x4]

00545AD2 8B80 EC040000 mov eax,dword ptr ds:[eax+0x4EC]

00545AD8 BA B05B5400 mov edx,Unpacked.00545BB0 ; 软件已注册

00545ADD E8 6A1BF0FF call Unpacked.0044764C

00545AE2 8B45 FC mov eax,dword ptr ss:[ebp-0x4]

00545AE5 8B90 18040000 mov edx,dword ptr ds:[eax+0x418]

00545AEB 8B45 FC mov eax,dword ptr ss:[ebp-0x4]

00545AEE 8B80 30040000 mov eax,dword ptr ds:[eax+0x430]

00545AF4 E8 23CBF8FF call Unpacked.004D261C

00545AF9 8B45 FC mov eax,dword ptr ss:[ebp-0x4]

00545AFC 8B80 30040000 mov eax,dword ptr ds:[eax+0x430]

00545B02 BA C45B5400 mov edx,Unpacked.00545BC4 ; 解释

00545B07 E8 5CCBF8FF call Unpacked.004D2668

00545B0C 8B45 FC mov eax,dword ptr ss:[ebp-0x4]

00545B0F 8B90 F0020000 mov edx,dword ptr ds:[eax+0x2F0]

00545B15 8B45 FC mov eax,dword ptr ss:[ebp-0x4]

00545B18 8B80 74040000 mov eax,dword ptr ds:[eax+0x474]

00545B1E E8 1DCFF8FF call Unpacked.004D2A40

00545B23 8B45 FC mov eax,dword ptr ss:[ebp-0x4]

00545B26 8B80 74040000 mov eax,dword ptr ds:[eax+0x474]

00545B2C BA D45B5400 mov edx,Unpacked.00545BD4 ; content

00545B31 E8 56CFF8FF call Unpacked.004D2A8C

00545B36 EB 0A jmp short Unpacked.00545B42

00545B38 B8 E45B5400 moveax,Unpacked.00545BE4 ; 注册失败，请重试！\r\r注册用户重试失败请与作者联系！

00545B3D E8 C2ACEFFF call Unpacked.00440804

三、改关键跳

改注册关键跳

Shark恒 · 发表于 2014-12-10 22:22

刚才还说没教程，教程现在就来了！

kasher · 发表于 2014-12-10 22:29

最近论坛不是很热闹啊感谢楼主的教程

livingbody · 发表于 2014-12-10 22:34

最近忙其他事去了，以后必须热闹。

IceScald · 发表于 2014-12-10 22:46

谢谢楼主分享

ftcracker · 发表于 2014-12-10 23:12

提示: 作者被禁止或删除内容自动屏蔽

神秘客 · 发表于 2014-12-10 23:12

好教程，这个以前搞了好久都没搞定

神秘小子 · 发表于 2014-12-10 23:16

这么快就出教程了来学习下

haliyou001 · 发表于 2014-12-10 23:45

教程不错，希望以后多出些逆向分析思路教程

Scar-疤痕 · 发表于 2014-12-11 01:40

这么快就出教程了，谢谢了！

		自动登录	找回密码
密码			立即注册

ftcracker 当前离线窥视卡雷达卡头像被屏蔽	ftcracker 发表于 2014-12-10 23:12 \| 显示全部楼层快速获取HB的方法：先接任务，然后评分、发帖、回帖等即可快速获得大量HB奖励！提示: 作者被禁止或删除内容自动屏蔽
ftcracker 当前离线窥视卡雷达卡头像被屏蔽	吾爱汇编论坛-学破解，防破解！知进攻，懂防守！逆向分析，软件安全！52HB.COM

[原创逆向图文] 【新华字典词典-刘夫子版本】追码及爆破

评分