誰與我共續這破解的故事?《破解“黎之工資”對抗脫殼之故事(上集)》 (9千字)
誰與我共續這破解的故事?《破解“黎之工資”對抗脫殼之故事(上集)》
**************************************************************************************************************
〖作 者〗PaulYoung
〖日 期〗二○○一年三月二十五日
〖軟 件〗黎之工資 v6.0(http://leaze.3322.net/lzgz/lzgz60.zip)
〖破解工具〗W32DASM V8.93,TRW2000 V1.03,FILEINFO V2.43A
AspackDie 1.1(http://mud.sz.jsinfo.net/per/aaron/files/unpackers/win/aspackdie11.zip)...
黎之工資 V6.0 是用Aspack v2.11加的殼,用很多工具都可以脫,如我用 AspackDie 1.1,但無論用什麼工具脫殼,脫殼後的程式一執行即一閃即逝,自行退出了。
我用 TRW2000 V1.03(唉,沒辦法,高版本的 TRW2000 與我愛的愛“姬”不和,唯有用1.03了。Browse 找到已脫殼的程式,Load...OK!
F10 單步跟蹤,看到……
//******************** Program Entry Point ********
:0051DE6C 55
push ebp
:0051DE6D 8BEC
mov ebp, esp
:0051DE6F 83C4F4
add esp, FFFFFFF4
:0051DE72 53
push ebx
:0051DE73 56
push esi
:0051DE74 57
push edi
:0051DE75 B80CDB5100 mov eax,
0051DB0C
:0051DE7A E86D98EEFF call
004076EC
******
:0051DE7F 8B3514255200 mov esi, dword
ptr [00522514]
:0051DE85 8B3D20225200 mov edi, dword
ptr [00522220]
:0051DE8B 8B0F
mov ecx, dword ptr [edi]
:0051DE8D B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DE8F A190E14800 mov eax,
dword ptr [0048E190]
:0051DE94 E893D5F2FF call
0044B42C
******
:0051DE99 8906
mov dword ptr [esi], eax
:0051DE9B BB03000000 mov ebx,
00000003
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0051DEB6(C)
|
:0051DEA0 8B06
mov eax, dword ptr [esi]
:0051DEA2 8B10
mov edx, dword ptr [eax]
:0051DEA4 FF92D8000000 call dword
ptr [edx+000000D8] *彈出登入視窗
:0051DEAA 8B06
mov eax, dword ptr [esi]
:0051DEAC 83B83402000001 cmp dword ptr [eax+00000234],
00000001 *口令是否正確?
:0051DEB3 7403
je 0051DEB8 *不正確即出錯,下 r fl z(即相當於把je 改為jne或9090,使其不跳)
:0051DEB5 4B
dec ebx
:0051DEB6 75E8
jne 0051DEA0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0051DEB3(C)
|
:0051DEB8 8B06
mov eax, dword ptr [esi]
:0051DEBA 83B83402000001 cmp dword ptr [eax+00000234],
00000001 ***比較什麼???
:0051DEC1 0F8574010000 jne 0051E03B *下
r fl z(原理同上),否則再按幾下 F10 就會退出!!(關鍵)
:0051DEC7 8B0F
mov ecx, dword ptr [edi]
:0051DEC9 B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DECB A1286A4B00 mov eax,
dword ptr [004B6A28]
:0051DED0 E857D5F2FF call
0044B42C
***
:0051DED5 8B15841E5200 mov edx, dword
ptr [00521E84]
:0051DEDB 8902
mov dword ptr [edx], eax
:0051DEDD 8B06
mov eax, dword ptr [esi]
:0051DEDF E82452EEFF call
00403108
*******
:0051DEE4 A1841E5200 mov eax,
dword ptr [00521E84]
:0051DEE9 8B00
mov eax, dword ptr [eax]
:0051DEEB E81C14F3FF call
0044F30C
********
:0051DEF0 A1841E5200 mov eax,
dword ptr [00521E84]
:0051DEF5 8B00
mov eax, dword ptr [eax]
:0051DEF7 8B10
mov edx, dword ptr [eax]
:0051DEF9 FF9280000000 call dword
ptr [edx+00000080] *******
:0051DEFF 8B07
mov eax, dword ptr [edi]
:0051DF01 E8924BF3FF call
00452A98
********
:0051DF06 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"黎之工資管理"
|
:0051DF08 BA4CE05100 mov edx,
0051E04C
:0051DF0D E88A47F3FF call
0045269C
********
:0051DF12 8B0D64225200 mov ecx, dword
ptr [00522264]
:0051DF18 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"`+A"
|
:0051DF1A 8B15C8B64C00 mov edx, dword
ptr [004CB6C8]
:0051DF20 E88B4BF3FF call
00452AB0 ***
:0051DF25 8B0D941E5200 mov ecx, dword
ptr [00521E94]
:0051DF2B 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DF2D 8B1554C85100 mov edx, dword
ptr [0051C854]
:0051DF33 E8784BF3FF call
00452AB0 ***
:0051DF38 8B0D44215200 mov ecx, dword
ptr [00522144]
:0051DF3E 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DF40 8B1580515100 mov edx, dword
ptr [00515180]
:0051DF46 E8654BF3FF call
00452AB0 ****
:0051DF4B 8B0DC81C5200 mov ecx, dword
ptr [00521CC8]
:0051DF51 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DF53 8B15C8415000 mov edx, dword
ptr [005041C8]
:0051DF59 E8524BF3FF call
00452AB0 *****
:0051DF5E 8B0D20255200 mov ecx, dword
ptr [00522520]
:0051DF64 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DF66 8B15349D5100 mov edx, dword
ptr [00519D34]
:0051DF6C E83F4BF3FF call
00452AB0 ******
:0051DF71 8B0D90225200 mov ecx, dword
ptr [00522290]
:0051DF77 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DF79 8B15D8D34F00 mov edx, dword
ptr [004FD3D8]
:0051DF7F E82C4BF3FF call
00452AB0 ***
:0051DF84 8B0D80205200 mov ecx, dword
ptr [00522080]
:0051DF8A 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DF8C 8B1580FC4F00 mov edx, dword
ptr [004FFC80]
:0051DF92 E8194BF3FF call
00452AB0 ***
:0051DF97 8B0DE81C5200 mov ecx, dword
ptr [00521CE8]
:0051DF9D 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DF9F 8B153C8D4F00 mov edx, dword
ptr [004F8D3C]
:0051DFA5 E8064BF3FF call
00452AB0 ***
:0051DFAA 8B0D4C225200 mov ecx, dword
ptr [0052224C]
:0051DFB0 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DFB2 8B150C245100 mov edx, dword
ptr [0051240C]
:0051DFB8 E8F34AF3FF call
00452AB0 ***
:0051DFBD 8B0DAC245200 mov ecx, dword
ptr [005224AC]
:0051DFC3 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DFC5 8B15B86F4F00 mov edx, dword
ptr [004F6FB8]
:0051DFCB E8E04AF3FF call
00452AB0 ***
:0051DFD0 8B0D2C235200 mov ecx, dword
ptr [0052232C]
:0051DFD6 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DFD8 8B1564885000 mov edx, dword
ptr [00508864]
:0051DFDE E8CD4AF3FF call
00452AB0 ***
:0051DFE3 8B0D101F5200 mov ecx, dword
ptr [00521F10]
:0051DFE9 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DFEB 8B153CE55000 mov edx, dword
ptr [0050E53C]
:0051DFF1 E8BA4AF3FF call
00452AB0 ***
:0051DFF6 8B0DC0215200 mov ecx, dword
ptr [005221C0]
:0051DFFC 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051DFFE 8B1548375000 mov edx, dword
ptr [00503748]
:0051E004 E8A74AF3FF call
00452AB0 ***
:0051E009 8B0DF8225200 mov ecx, dword
ptr [005222F8]
:0051E00F 8B07
mov eax, dword ptr [edi]
* Possible StringData Ref from Code Obj ->"艾C"
|
:0051E011 8B15E8D05000 mov edx, dword
ptr [0050D0E8]
:0051E017 E8944AF3FF call
00452AB0 ***
:0051E01C A1841E5200 mov eax,
dword ptr [00521E84]
:0051E021 8B00
mov eax, dword ptr [eax]
:0051E023 E8DC12F3FF call
0044F304 ****程式中止,自行退出!!
:0051E028 A1841E5200 mov eax,
dword ptr [00521E84]
:0051E02D 8B00
mov eax, dword ptr [eax]
:0051E02F E8D450EEFF call
00403108
:0051E034 8B07
mov eax, dword ptr [edi]
:0051E036 E8F54AF3FF call
00452B30
.
.
.
以上每經過一個 call 程式就會執行一步,一直到0051E023 call 0044F304處退出。如果不在0051DEC1 jne 0051E03B處下
r fl z,程式很快就會退出。也就是脫殼後的程式馬上退出的地方了(慘……連程式的介面是啥模樣都不讓人看)。把0051DEC1 jne 0051E03B的jne
改為 je 或9090後,程式執行一段時間才退出。到底還有什麼地方還在校驗呢?我就找不到了。希望哪位高手賞臉,試一試,指點一下我這位初哥,在此先行拜謝了。
相關文章
- jdpack的脫殼及破解 (5千字)2002-06-25
- MySQL Manager 2.8.0.1脫殼破解手記破解分析2004-11-03MySql
- 我的破解心得(9) (4千字)2001-03-13
- 我的破解心得(11) (9千字)2001-03-13
- 不脫殼破解極光多能鬧鐘
(16千字)2003-04-14
- 以殼解殼--SourceRescuer脫殼手記破解分析2004-11-16
- “天音怒放”手動脫殼及破解2015-11-15
- 菜鳥脫 UltraFXP 0.9941 殼( SVKP )+ 破解2015-11-15
- 破解心得之eXeScope篇 (9千字)2001-07-01
- 轉貼一篇:FlashFXP v1.4.1 build 823 的脫殼與破解 (16千字)2001-12-30UI
- Asprotect1.23 Rc4 之SynchroMagic脫殼修復+破解2015-11-15
- 脫殼----對用pecompact加殼的程式進行手動脫殼
(1千字)2000-07-30
- 魔術情書
6.55 破解過程+不脫殼打破解補丁【原創】2004-12-07
- Soundnailsd的破解教程(一) (9千字)2001-10-17AI
- 破解NetAlert v2 [熱點]
指導如何自動脫殼!! (4千字)2000-03-16
- 菜鳥破解錄(19)之 XMLwriter 1.21 (9千字)2000-08-08XML
- 妖幻TRW and videofixer的脫殼方法之我之拙見 (13千字)2015-11-15IDE
- 我的破解心得(1) (3千字)2001-03-13
- 我的破解心得(5) (16千字)2001-03-13
- 我的破解心得(6) (3千字)2001-03-13
- 我的破解心得(8) (2千字)2001-03-13
- 我的破解心得(12) (1千字)2001-03-13
- 我的破解之路-BBOY (3千字)2000-07-21
- ASProtect 1.23RC4之System Cleaner
4.91d脫殼修復and破解2015-11-15
- 對PECompact加殼的DLL脫殼的一點分析 (7千字)2000-08-17
- 脫殼----對用Petite2.2加殼的程式進行手動脫殼的一點分析
(5千字)2000-07-27
- 風之紋章(Proc)破解實戰 我的第一篇水文 (9千字)2002-03-12
- Hardlock加密狗破解過程-----外殼型加密狗的破解方法 (7千字)2001-10-15加密
- 手動脫掉Asprotect的殼,(給初學者的) (9千字)2002-01-24
- 對Asprotect脫殼的一點總結
(20千字)2000-08-12
- 老妖的 C32Asm V0.4.12 脫殼+修復+破解2015-11-15ASM
- 我的運維故事2021-03-06運維
- crackme破解教程(續) (高手莫入) (2千字)2001-03-17
- 菜鳥破解實錄之 Dynamic Desktop 1.4.2 (9千字)2000-08-09
- 菜鳥破解實錄 之 GWD Text Editor 3.0 (9千字)2000-08-16
- OICQ HACK 1.0 破解過程 (9千字)2001-04-23
- PowerDirector 1.00.06.9 破解. 恭喜小球! (9千字)2002-02-03
- FTPrint的脫殼(asprotect) (2千字)2001-02-05FTP