初學者(23) (7千字)
軟體名稱:Animated Email Magic
最新版本:2.0 Release D
檔案大小:7463KB
使用平臺:Win95/98/NT
軟體簡介:
在郵件中加上動畫,讓MAIL更加生動活潑。
安裝完,執行,發現要線上註冊,差點兒uninstall,突然發現是30天DEMO,乾脆把時鐘向前調,
再次執行,彈出個對話方塊,顯示出本機程式碼並要求輸入註冊碼.嘿嘿,這就好辦了....
設斷點bpx hmemcpy,找到了計算和比較的地方,看下面
========================================================================
以下是計算部分
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044E94B(C)
|
:0044E930 8B550C
mov edx, dword ptr [ebp+0C]
:0044E933 8B0C82
mov ecx, dword ptr [edx+4*eax]<-----取內部的資料
:0044E936 8BD3
mov edx, ebx
:0044E938 D3E2
shl edx, cl
:0044E93A 85F2
test edx, esi<--ESI存放的是十六進位制的輸入碼與1D7EA925的異或結果
:0044E93C 7409
je 0044E947
:0044E93E 8BC8
mov ecx, eax
:0044E940 8BD3
mov edx, ebx
:0044E942 D3E2
shl edx, cl
:0044E944 0955FC
or dword ptr [ebp-04], edx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044E93C(C)
|
:0044E947 40
inc eax
:0044E948 83F820
cmp eax, 00000020 <-----32個資料
:0044E94B 7CE3
jl 0044E930
:0044E94D 8B45FC
mov eax, dword ptr [ebp-04]
:0044E950 5E
pop esi
:0044E951 5B
pop ebx
:0044E952 59
pop ecx
:0044E953 5D
pop ebp
:0044E954 C3
ret
32個內部資料
4 1A 6 15
8 A 18 C
1 F 7 B
0 2 0 10
1B 1E 12 1F
11 1D 13 14
17 9 E 19
16 1C 5 3
由我輸入的註冊碼87654321計算後得到3615A6A1
然後軟體會將其與另一個碼E992DC7F(估計與本機程式碼391-8716-031有關)比較
=================
* Referenced by a CALL at Addresses:
|:0044EF73 , :0044F615
|
:0044EFF3 55
push ebp
:0044EFF4 8BEC
mov ebp, esp
:0044EFF6 53
push ebx
:0044EFF7 56
push esi
:0044EFF8 8B5D08
mov ebx, dword ptr [ebp+08]
:0044EFFB 8B750C
mov esi, dword ptr [ebp+0C]
:0044EFFE FF35009F5000 push dword ptr
[00509F00]
:0044F004 68809E5000 push 00509E80
:0044F009 56
push esi
:0044F00A E809F9FFFF call 0044E918
:0044F00F 83C40C
add esp, 0000000C
:0044F012 3B4341
cmp eax, dword ptr [ebx+41]<---3615A6A1與E992DC7F比較
:0044F015 0F94C0
sete al <----若輸入的註冊碼正確設標誌
:0044F018 83E001
and eax, 00000001
:0044F01B 5E
pop esi
:0044F01C 5B
pop ebx
:0044F01D 5D
pop ebp
:0044F01E C3
ret
==============
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044F238(C)
|
:0044F60A 53
push ebx
:0044F60B E879F3FFFF call 0044E989
:0044F610 59
pop ecx
:0044F611 8BD8
mov ebx, eax
:0044F613 53
push ebx
:0044F614 56
push esi
:0044F615 E8D9F9FFFF call 0044EFF3
:0044F61A 83C408
add esp, 00000008
:0044F61D 84C0
test al, al
:0044F61F 753D
jne 0044F65E <----查註冊標誌,若為"1"轉
:0044F621 8B06
mov eax, dword ptr [esi]
:0044F623 6A00
push 00000000
* Possible StringData Ref from Data Obj ->"Error"
|
:0044F625 68BAA35000 push 0050A3BA
* Possible StringData Ref from Data Obj ->"Key is invalid"
|
:0044F62A 68ABA35000 push 0050A3AB
:0044F62F FF700C
push [eax+0C]
:0044F632 FF7068
push [eax+68]
:0044F635 E88F9C0700 call 004C92C9
:0044F63A 83C414
add esp, 00000014
:0044F63D 33C0
xor eax, eax
:0044F63F 50
push eax
:0044F640 6A02
push 00000002
:0044F642 8D55F8
lea edx, dword ptr [ebp-08]
:0044F645 52
push edx
:0044F646 E811950A00 call 004F8B5C
:0044F64B 83C408
add esp, 00000008
:0044F64E 58
pop eax
:0044F64F 8B55C4
mov edx, dword ptr [ebp-3C]
:0044F652 64891500000000 mov dword ptr fs:[00000000],
edx
:0044F659 E9D8010000 jmp 0044F836
若將jne 0044F65E 改為jmp 0044F65E 註冊後會有"註冊成功"提示,但退出後重新啟動又會有註冊提示.
在跟蹤第二段程式碼時發現在軟體啟動時也會走這段程式,並找到了呼叫處
==================
* Reference To: USER32.ClientToScreen, Ord:0000h
|
:00447524 E8612C0B00 Call 004FA18A
:00447529 8D45D8
lea eax, dword ptr [ebp-28]
:0044752C 50
push eax
:0044752D 53
push ebx
:0044752E E8F4F90700 call 004C6F27
:00447533 83C408
add esp, 00000008
:00447536 56
push esi
:00447537 8D75D8
lea esi, dword ptr [ebp-28]
:0044753A 8D7DE8
lea edi, dword ptr [ebp-18]
:0044753D B904000000 mov ecx,
00000004
:00447542 F3
repz
:00447543 A5
movsd
:00447544 5E
pop esi
:00447545 8B4510
mov eax, dword ptr [ebp+10]
:00447548 3B45E8
cmp eax, dword ptr [ebp-18]
:0044754B 7C18
jl 00447565
:0044754D 8B5510
mov edx, dword ptr [ebp+10]
:00447550 3B55F0
cmp edx, dword ptr [ebp-10]
:00447553 7D10
jge 00447565
:00447555 8B4D14
mov ecx, dword ptr [ebp+14]
:00447558 3B4DEC
cmp ecx, dword ptr [ebp-14]
:0044755B 7C08
jl 00447565
:0044755D 8B4514
mov eax, dword ptr [ebp+14]
:00447560 3B45F4
cmp eax, dword ptr [ebp-0C]
:00447563 7C04
jl 00447569
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0044754B(C), :00447553(C), :0044755B(C)
|
:00447565 33C0
xor eax, eax
:00447567 EB05
jmp 0044756E
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00447563(C)
|
:00447569 B801000000 mov eax,
00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00447567(U)
|
:0044756E 84C0
test al, al
:00447570 7409
je 0044757B <----未註冊轉
:00447572 53
push ebx
:00447573 E809D90700 call 004C4E81
:00447578 59
pop ecx
:00447579 EB41
jmp 004475BC
將je 0044757B 改為兩個nop,軟體將不會過期了(但不知是否有功能限制,因為在提示軟體註冊成功時同時
顯示說是full function了)
由於註冊碼計算都是與或指令,不太好算,想有空時編個程式算.
相關文章
- 整理了這23個開源項,初學者可以拿來練習!2022-02-28
- 初學者Mybatis的初級使用2018-11-19MyBatis
- Kotlin初學者指南2018-12-05Kotlin
- Nginx初學者指南2018-07-29Nginx
- Groovy初學者指南2023-10-13
- 致 Python 初學者2019-11-13Python
- 01 【初學者】引子2024-12-04
- 【譯】GraphQL 初學者指南2019-01-06
- DevOps 初學者寶典2023-11-29dev
- 致 Python 初學者們!2020-02-03Python
- linux系統初學者2020-09-28Linux
- OAuth 2.0初學者指南2019-04-26OAuth
- Apache Hudi初學者指南2020-11-27Apache
- Laravel 初學者學習點滴2018-11-20Laravel
- 初學者怎麼學Web前端?2021-10-13Web前端
- 初學者如何學Java開發?2021-07-08Java
- python3.7-初學者-202018-12-12Python
- ChatGPT初學者最佳實踐2023-05-17ChatGPT
- Java初學者入門指南2020-06-29Java
- 初學者css每日總結2020-11-04CSS
- Python初學者手冊(14)2020-10-26Python
- 為Linux初學者答疑解惑2022-08-25Linux
- Python適合初學者學習嗎?2020-04-22Python
- GIT初學者詳細指令學習2023-02-26Git
- Docker初學者入門 Centos7 安裝最新版本docker2021-02-02DockerCentOS
- 為了讓初學者有專案可入門,我整理了這23個開源專案……2022-12-15
- java好學嗎?初學者怎麼學好?2019-11-22Java
- 為什麼初學者應該學習Python?7大主流程式語言對比!2018-07-30Python
- 給初學者的Web安全指南2018-12-05Web
- 圖資料庫初學者指南2024-05-16資料庫
- 初學者如何閱讀原始碼?2020-09-17原始碼
- Electron 的初學者詳細指南2020-04-03
- 給初學者的 fc 示例教程2018-04-25
- 給初學者的 type 命令教程2018-04-06
- This is a good question,初學者都犯暈!2022-03-21Go
- 5S管理--初學者指南2022-09-19
- c語言初學者用vs還是vscode vs和vscode哪個適合初學者2022-04-26C語言VSCode
- 初學Python必備十大經典案例(初學者必看)❃✿❈❉❀❁下2020-09-30Python
- Python和PHP初學者先學哪個好?2018-05-15PythonPHP