The Cleaner 3.2 BUILD 3205的破解(10千字)
我(TAE!)的第二篇破解教程
目標軟體:The Cleaner 3.2 BUILD 3205
保護方式:序列號
破解方法:暴力破解
下載地址:http://www.moosoft.com
軟體簡介:The Cleaner searches your hard drive cleans it of all known
Trojans. Using a unique patent-pending technology,
The Cleaner
compares each file against a list of all know
Trojans. You
can scan your entire system or just one file.
The program
also allows you to periodically update your Trojan
database
file to keep it current with the latest research.
If you're
going to expose your system to the dangers of
the internet,
keep it clean with The Cleaner!
此軟體以前的版本如3.1很好破解,但這個3.2版的註冊碼始終搞不定,跟蹤的時候
發現記憶體中出現了3.1版本的兩個註冊碼,但在此版本中不能用.
但暴力破解卻非常簡單,先用fileinfo檢查一下它穿了什麼"衣服",哦,原來是UPX0.9?
用TRW載入程式,跟蹤,脫殼.
順便問一下
:XXXX:XXXXXXXX PUSH EAX <-----為什麼我在這一行用TRW的makepe命令時,它會說:
........
Rebuild Import Table error!
脫殼後反彙編它,查詢串式資料,發現出現了以前版本的註冊碼3310-EEC2-21D0-0C82於是
雙擊它,出現下面的程式.
* Referenced by a CALL at Addresses:
|:00495B11 , :004A98CD , :004AD6B2
|
:004B252C 55
push ebp
:004B252D 8BEC
mov ebp, esp
:004B252F 81C4F0FDFFFF add esp, FFFFFDF0
:004B2535 53
push ebx
:004B2536 56
push esi
:004B2537 57
push edi
:004B2538 33D2
xor edx, edx
:004B253A 8995F4FDFFFF mov dword
ptr [ebp+FFFFFDF4], edx
:004B2540 8995F0FDFFFF mov dword
ptr [ebp+FFFFFDF0], edx
:004B2546 8955FC
mov dword ptr [ebp-04], edx
:004B2549 8955F8
mov dword ptr [ebp-08], edx
:004B254C 8BF8
mov edi, eax
:004B254E B908000000 mov ecx,
00000008
:004B2553 8D8508FEFFFF lea eax, dword
ptr [ebp+FFFFFE08]
* Possible StringData Ref from Data Obj ->"
String?@"
|
:004B2559 8B15AC104000 mov edx, dword
ptr [004010AC]
:004B255F E8441DF5FF call
004042A8
:004B2564 33C0
xor eax, eax
:004B2566 55
push ebp
:004B2567 68F1284B00 push
004B28F1
:004B256C 64FF30
push dword ptr fs:[eax]
:004B256F 648920
mov dword ptr fs:[eax], esp
:004B2572 33C0
xor eax, eax
:004B2574 55
push ebp
:004B2575 68A4284B00 push
004B28A4
:004B257A 64FF30
push dword ptr fs:[eax]
:004B257D 648920
mov dword ptr fs:[eax], esp
:004B2580 8B9750530000 mov edx, dword
ptr [edi+00005350]
:004B2586 8D45FC
lea eax, dword ptr [ebp-04]
* Possible StringData Ref from Data Obj ->"ibu.dll"
|
:004B2589 B90C294B00 mov ecx,
004B290C
:004B258E E8F517F5FF call
00403D88
:004B2593 8D8770B35101 lea eax, dword
ptr [edi+0151B370]
* Possible StringData Ref from Data Obj ->"Unregistered Shareware"
|
:004B2599 BA1C294B00 mov edx,
004B291C
:004B259E E87115F5FF call
00403B14
:004B25A3 8D8774B35101 lea eax, dword
ptr [edi+0151B374]
:004B25A9 E81215F5FF call
00403AC0
:004B25AE 8B45FC
mov eax, dword ptr [ebp-04]
:004B25B1 E89E55F5FF call
00407B54
:004B25B6 84C0
test al, al
:004B25B8 0F84BA020000 je 004B2878
:004B25BE 8B55FC
mov edx, dword ptr [ebp-04]
:004B25C1 8D8528FEFFFF lea eax, dword
ptr [ebp+FFFFFE28]
:004B25C7 E8562CF5FF call
00405222
:004B25CC 8D8528FEFFFF lea eax, dword
ptr [ebp+FFFFFE28]
:004B25D2 E8502FF5FF call
00405527
:004B25D7 8D9770B35101 lea edx, dword
ptr [edi+0151B370]
:004B25DD 8D8528FEFFFF lea eax, dword
ptr [ebp+FFFFFE28]
:004B25E3 E8101BF5FF call
004040F8
:004B25E8 8D8528FEFFFF lea eax, dword
ptr [ebp+FFFFFE28]
:004B25EE E8D12EF5FF call
004054C4
:004B25F3 8D55F8
lea edx, dword ptr [ebp-08]
:004B25F6 8D8528FEFFFF lea eax, dword
ptr [ebp+FFFFFE28]
:004B25FC E8F71AF5FF call
004040F8
:004B2601 8D8528FEFFFF lea eax, dword
ptr [ebp+FFFFFE28]
:004B2607 E8B82EF5FF call
004054C4
:004B260C 8D8528FEFFFF lea eax, dword
ptr [ebp+FFFFFE28]
:004B2612 E8112DF5FF call
00405328
:004B2617 8D8774B35101 lea eax, dword
ptr [edi+0151B374]
:004B261D 8B55F8
mov edx, dword ptr [ebp-08]
:004B2620 E8EF14F5FF call
00403B14
:004B2625 8B45F8
mov eax, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->"3310-EEC2-21D0-0C82"***
|
:004B2628 BA3C294B00 mov edx,
004B293C
:004B262D E81A18F5FF call
00403E4C
:004B2632 740F
je 004B2643
:004B2634 8B45F8
mov eax, dword ptr [ebp-08]
* Possible StringData Ref from Data Obj ->"27F9-996A-BBBA-793E"***
|
:004B2637 BA58294B00 mov edx,
004B2958
:004B263C E80B18F5FF call
00403E4C
:004B2641 752A
jne 004B266D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B2632(C)
|
:004B2643 8D8770B35101 lea eax, dword
ptr [edi+0151B370]
* Possible StringData Ref from Data Obj ->"Unregistered Shareware"
|
:004B2649 BA1C294B00 mov edx,
004B291C
:004B264E E8C114F5FF call
00403B14
:004B2653 8D8774B35101 lea eax, dword
ptr [edi+0151B374]
:004B2659 E86214F5FF call
00403AC0
:004B265E 33DB
xor ebx, ebx
:004B2660 33C0
xor eax, eax
:004B2662 5A
pop edx
:004B2663 59
pop ecx
:004B2664 59
pop ecx
:004B2665 648910
mov dword ptr fs:[eax], edx
:004B2668 E943020000 jmp 004B28B0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B2641(C)
|
:004B266D 8B45F8
mov eax, dword ptr [ebp-08]
:004B2670 E8C716F5FF call
00403D3C
:004B2675 83F813
cmp eax, 00000013
:004B2678 742A
je 004B26A4
:004B267A 8D8770B35101 lea eax, dword
ptr [edi+0151B370]
* Possible StringData Ref from Data Obj ->"Unregistered Shareware"
|
:004B2680 BA1C294B00 mov edx,
004B291C
:004B2685 E88A14F5FF call
00403B14
:004B268A 8D8774B35101 lea eax, dword
ptr [edi+0151B374]
:004B2690 E82B14F5FF call
00403AC0
:004B2695 33DB
xor ebx, ebx
:004B2697 33C0
xor eax, eax
:004B2699 5A
pop edx
:004B269A 59
pop ecx
:004B269B 59
pop ecx
:004B269C 648910
mov dword ptr fs:[eax], edx
:004B269F E90C020000 jmp 004B28B0
一看就知道有三個地方呼叫,經過分析發現第一個Call是輸入註冊資料時的呼叫.第二個未知,而第三個就是程式啟動時檢查你是否已經註冊,所以來到了這裡
* Possible StringData Ref from Data Obj ->"Windows Directory: "
|
:004AD69A BA2CDE4A00 mov edx,
004ADE2C
:004AD69F E8E466F5FF call
00403D88
:004AD6A4 8B8574FFFFFF mov eax, dword
ptr [ebp+FFFFFF74]
:004AD6AA E849F1FDFF call
0048C7F8
:004AD6AF 8B45FC
mov eax, dword ptr [ebp-04]
:004AD6B2 E8754E0000 call
004B252C \ <----- 來到這裡
:004AD6B7 84C0
test al, al - 看起來很眼熟呀!
:004AD6B9 754C
jne 004AD707 / 將這裡改為je試試
:004AD6BB 8B45FC
mov eax, dword ptr [ebp-04]
:004AD6BE 0570B35101 add eax,
0151B370
* Possible StringData Ref from Data Obj ->"Unregistered Shareware"
|
:004AD6C3 BA48DE4A00 mov edx,
004ADE48
:004AD6C8 E84764F5FF call
00403B14
:004AD6CD 8B0DF06F4B00 mov ecx, dword
ptr [004B6FF0]
:004AD6D3 A1B86F4B00 mov eax,
dword ptr [004B6FB8]
:004AD6D8 8B00
mov eax, dword ptr [eax]
* Possible StringData Ref from Data Obj ->"念@"
|
:004AD6DA 8B15548D4900 mov edx, dword
ptr [00498D54]
:004AD6E0 E85F37F8FF call
00430E44
:004AD6E5 A1F06F4B00 mov eax,
dword ptr [004B6FF0]
:004AD6EA 8B00
mov eax, dword ptr [eax]
:004AD6EC E8DB18F8FF call
0042EFCC
:004AD6F1 83F802
cmp eax, 00000002
:004AD6F4 7511
jne 004AD707
:004AD6F6 A1B86F4B00 mov eax,
dword ptr [004B6FB8]
:004AD6FB 8B00
mov eax, dword ptr [eax]
:004AD6FD E88238F8FF call
00430F84
:004AD702 E951060000 jmp 004ADD58
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004AD6B9(C), :004AD6F4(C)
|
* Possible StringData Ref from Data Obj ->"Load Database"
|
:004AD707 B868DE4A00 mov eax,
004ADE68
:004AD70C E8E7F0FDFF call
0048C7F8
:004AD711 8B45FC
mov eax, dword ptr [ebp-04]
:004AD714 80B86053000000 cmp byte ptr [eax+00005360],
00
:004AD71B 7417
je 004AD734
:004AD71D A12C6F4B00 mov eax,
dword ptr [004B6F2C]
:004AD722 8B00
mov eax, dword ptr [eax]
:004AD724 8B80E4010000 mov eax, dword
ptr [eax+000001E4]
* Possible StringData Ref from Data Obj ->"Loading database..."
|
:004AD72A BA80DE4A00 mov edx,
004ADE80
:004AD72F E88C57F9FF call
00442EC0
將:004AD6B9 754C jne 004AD707
改為: 744C je 004ad707
執行一下,果然註冊成功,再也不會出現註冊提示框了.
相關文章
- Cleaner 3.2註冊分析 (18千字)2001-12-09
- SYSTEM CLEANER 暴力破解 (1千字)2001-01-04
- System
Cleaner 4.89 Build 1102015-11-15UI
- 菜鳥破解錄之 The Cleaner (4千字)2000-08-12
- oicq build 0425 的不完全破解 (3千字)2000-05-28UI
- KeyGhost V3.2 破解實錄 (11千字)2000-08-17
- Don't Panic 3.2的破解過程(俺是新手) (3千字)2001-05-15
- 美萍反黃專家 版本3.2破解實錄 (6千字)2001-12-08
- 破解YATS32 v8.1 build 6 (2千字)2000-09-22S3UI
- 脫Flashfxp 1.3 build 780的殼 (10千字)2001-08-15UI
- Oicq 99c Build 0820版破解 (1千字)2000-10-13UI
- 破解Visual Zip Password Recovery Processor
v3.2 初級 (3千字)2000-02-27
- IPTools 1.10 破解 (5千字)2001-02-11
- rOYALaCCEZZ Trial Crackme 3.2 演算法分析 (10千字)2002-02-27演算法
- RealPlayer之狐朋(RealFox) V1.0.0.17 Build 011008 破解經歷
(10千字)2002-03-06UI
- SMC技術在破解WINDOWS優化大師3.2A中的運用。 (8千字)2001-01-20Windows優化
- 人事資訊綜合管理系統 Ver3.2 (完全版本)的破解過程 (7千字)2002-01-20
- 菜鳥破解實錄(八)之 超級信封列印工具 v3.2 (6千字)2000-07-21
- Fine Print 2000的破解思路 (10千字)2000-09-26
- 具體的破解過程來也! (10千字)2001-04-21
- 轉貼一篇:FlashFXP v1.4.1 build 823 的脫殼與破解 (16千字)2001-12-30UI
- BananaSplitter 1.0破解實戰 (10千字)2000-09-11NaN
- dfx V4.0破解過程 (10千字)2000-09-24
- 破解<<破解堅盾磁碟加密系統 V4.0>>的全過程 (10千字)2001-10-23加密
- SynchroMagic 2.0 build 503 (2千字)2001-05-20UI
- CuteFTP最新版V4.2.5build3.7.1官方簡體中文版
破解 (15千字)2015-11-15FTPUI
- 簡單演算法――Modem Spy V3.2 + Build 2002.11.102015-11-15演算法UI
- ClassExplorer的破解 (13千字)2001-07-29
- Ip tools v1.10破解法 (4千字)2001-02-26
- 轉載一篇破解教程(LeapFTP) (10千字)2001-03-29FTP
- Key File 破解之 PicMaster V2.5 (10千字)2001-10-27AST
- PolyView 破解 (5千字)2000-12-31View
- 破解FAQGenie (4千字)2001-04-10
- 破解MyMahj (5千字)2001-06-20
- 破解winimage (1千字)2001-10-07
- Java 程式的破解方法 (8千字)2002-08-15Java
- 我的破解心得(1) (3千字)2001-03-13
- 我的破解心得(5) (16千字)2001-03-13