入門習作:木馬克星IPARMOR4.0 30 TIMES LIMITS CRACK AND REG (10千字)
IPARMOR4.0 30 TIMES LIMITS CRACK AND REG
該軟體DEMO版有執行30次限制,在註冊視窗輸入使用者名稱及註冊碼後,
點按“註冊”按鈕無提示。
用fi240觀察後知其為DELPHI程式設計,故用 DEDE 反編譯,發現在下列
地址處為“註冊”鈕入口子程式:
(DEDE 2.50)
procedure TForm7.SpeedButton1Click(Sender: TObject);
begin
{
004A06DC 55
push ebp
004A06DD 8BEC
mov ebp, esp
004A06DF 81C4DCFEFFFF add
esp, $FFFFFEDC
004A06E5 53
push ebx
004A06E6 56
push esi
004A06E7 33C9
xor ecx, ecx
004A06E9 898DDCFEFFFF mov
[ebp+$FFFFFEDC], ecx
004A06EF 898DECFEFFFF mov
[ebp+$FFFFFEEC], ecx
004A06F5 898DE4FEFFFF mov
[ebp+$FFFFFEE4], ecx
004A06FB 898DE0FEFFFF mov
[ebp+$FFFFFEE0], ecx
004A0701 898DE8FEFFFF mov
[ebp+$FFFFFEE8], ecx
004A0707 898DF4FEFFFF mov
[ebp+$FFFFFEF4], ecx
004A070D 898DF0FEFFFF mov
[ebp+$FFFFFEF0], ecx
004A0713 898DFCFEFFFF mov
[ebp+$FFFFFEFC], ecx
004A0719 898DF8FEFFFF mov
[ebp+$FFFFFEF8], ecx
004A071F 8BD8
mov ebx, eax
004A0721 33C0
xor eax, eax
004A0723 55
push ebp
004A0724 681E094A00 push
$004A091E
***** TRY
|
004A0729 64FF30
push dword ptr fs:[eax]
004A072C 648920
mov fs:[eax], esp
004A072F 8D95F8FEFFFF lea
edx, [ebp+$FFFFFEF8]
* Reference to control TForm7.Edit2 : TEdit
|
004A0735 8B83E8020000 mov
eax, [ebx+$02E8]
* Reference to: controls.TControl.GetText(TControl):System.String;
|
004A073B E89CDEF8FF call
0042E5DC
-->計算使用者名稱字元長度
004A0740 8B85F8FEFFFF mov
eax, [ebp+$FFFFFEF8]
004A0746 8D95FCFEFFFF lea
edx, [ebp+$FFFFFEFC]
* Reference to: sysutils.UpperCase(System.AnsiString):System.AnsiString;
|
004A074C E8B77FF6FF call
00408708
-->>使用者名稱小寫字母轉換為大寫字母
004A0751 8B95FCFEFFFF mov
edx, [ebp+$FFFFFEFC]
004A0757 8D8500FFFFFF lea
eax, [ebp+$FFFFFF00]
004A075D B9FF000000 mov
ecx, $000000FF
* Reference to: system.@LStrToString;
|
004A0762 E81939F6FF call
00404080
004A0767 8D9500FFFFFF lea
edx, [ebp+$FFFFFF00]
* Reference to control TForm7.tIceLock1 : tIceLock
|
004A076D 8B83D0020000 mov
eax, [ebx+$02D0]
|
004A0773 E828BCFEFF call
0048C3A0
004A0778 8D85F0FEFFFF lea
eax, [ebp+$FFFFFEF0]
* Reference to control TForm7.tIceLock1 : tIceLock
|
004A077E 8BB3D0020000 mov
esi, [ebx+$02D0]
* Reference to field tIceLock.OFFS_0024
|
004A0784 8D5624
lea edx, [esi+$24]
* Reference to: system.@LStrFromString(String;ShortString);
| or: system.@WStrFromString(WideString;ShortString);
|
004A0787 E8BC38F6FF call
00404048
004A078C 8B85F0FEFFFF mov
eax, [ebp+$FFFFFEF0]
004A0792 8D95F4FEFFFF lea
edx, [ebp+$FFFFFEF4]
* Reference to: sysutils.Trim(System.AnsiString):System.AnsiString;
|
004A0798 E8AF81F6FF call
0040894C
004A079D 8B95F4FEFFFF mov
edx, [ebp+$FFFFFEF4]
004A07A3 8D8500FFFFFF lea
eax, [ebp+$FFFFFF00]
004A07A9 B9FF000000 mov
ecx, $000000FF
* Reference to: system.@LStrToString;
|
004A07AE E8CD38F6FF call
00404080
004A07B3 8D9500FFFFFF lea
edx, [ebp+$FFFFFF00]
004A07B9 8BC6
mov eax, esi
|
004A07BB E8E0BBFEFF call
0048C3A0
004A07C0 8D95E8FEFFFF lea
edx, [ebp+$FFFFFEE8]
* Reference to control TForm7.Edit1 : TEdit
|
004A07C6 8B83DC020000 mov
eax, [ebx+$02DC]
* Reference to: controls.TControl.GetText(TControl):System.String;
|
004A07CC E80BDEF8FF call
0042E5DC
004A07D1 8B95E8FEFFFF mov
edx, [ebp+$FFFFFEE8]
004A07D7 8D8DECFEFFFF lea
ecx, [ebp+$FFFFFEEC]
* Reference to control TForm7.StringCrypt2000X1 : TStringCrypt2000X
|
004A07DD 8B83F0020000 mov
eax, [ebx+$02F0]
|
004A07E3 E8B0CFFEFF call
0048D798
004A07E8 8B85ECFEFFFF mov
eax, [ebp+$FFFFFEEC]
004A07EE 50
push eax
004A07EF 8D95E0FEFFFF lea
edx, [ebp+$FFFFFEE0]
* Reference to control TForm7.tIceLock1 : tIceLock
|
004A07F5 8B83D0020000 mov
eax, [ebx+$02D0]
* Reference to field tIceLock.OFFS_0224
|
004A07FB 8B8024020000 mov
eax, [eax+$0224]
004A0801 056D010000 add
eax, +$0000016D
* Reference to: sysutils.IntToStr(System.Integer):System.AnsiString;overload;
|
004A0806 E8F582F6FF call
00408B00
-->>計算註冊碼
004A080B 8B95E0FEFFFF mov
edx, [ebp+$FFFFFEE0]
-->>註冊碼進[EDX]
004A0811 8D8DE4FEFFFF lea
ecx, [ebp+$FFFFFEE4]
* Reference to control TForm7.StringCrypt2000X1 : TStringCrypt2000X
|
004A0817 8B83F0020000 mov
eax, [ebx+$02F0]
|
004A081D E876CFFEFF call
0048D798
004A0822 8B95E4FEFFFF mov
edx, [ebp+$FFFFFEE4]
004A0828 58
pop eax
* Reference to: system.@LStrCmp;
|
004A0829 E88639F6FF call
004041B4
004A082E 0F859B000000 jnz
004A08CF
-->>字串比較,轉移則FAILURE
不轉移註冊成功!!!!
* Reference to control TForm7.DiskInfo2000X1 : TDiskInfo2000X
|
004A0834 8B83EC020000 mov
eax, [ebx+$02EC]
* Reference to field TDiskInfo2000X.OFFS_0044
|
004A083A 8B5044
mov edx, [eax+$44]
004A083D 8D85DCFEFFFF lea
eax, [ebp+$FFFFFEDC]
004A0843 B934094A00 mov
ecx, $004A0934
* Reference to: system.@LStrCat3;
|
004A0848 E8A338F6FF call
004040F0
004A084D 8B95DCFEFFFF mov
edx, [ebp+$FFFFFEDC]
004A0853 8D8500FFFFFF lea
eax, [ebp+$FFFFFF00]
004A0859 B9FF000000 mov
ecx, $000000FF
* Reference to: system.@LStrToString;
|
004A085E E81D38F6FF call
00404080
004A0863 8D9500FFFFFF lea
edx, [ebp+$FFFFFF00]
* Reference to control TForm7.tIceLock1 : tIceLock
|
004A0869 8B83D0020000 mov
eax, [ebx+$02D0]
|
004A086F E82CBBFEFF call
0048C3A0
* Possible String Reference to: 'Register ok!'
|
004A0874 B840094A00 mov
eax, $004A0940
* Reference to: dialogs.ShowMessage(System.AnsiString);
|
004A0879 E8BA16FBFF call
00451F38
|
004A087E E885FDFFFF call
004A0608
* Reference to Form7
|
004A0883 A1F84C4B00 mov
eax, dword ptr [$4B4CF8]
* Reference to field Form7.OFFS_02D4
|
004A0888 8B80D4020000 mov
eax, [eax+$02D4]
* Possible String Reference to: 'registed!'
|
004A088E BA58094A00 mov
edx, $004A0958
* Reference to: controls.TControl.SetText(TControl;System.String);
|
004A0893 E874DDF8FF call
0042E60C
004A0898 33D2
xor edx, edx
* Reference to control TForm7.SpeedButton1 : TSpeedButton
|
004A089A 8B83E4020000 mov
eax, [ebx+$02E4]
* Reference to: controls.TControl.SetVisible(TControl;System.Boolean);
|
004A08A0 E84FDCF8FF call
0042E4F4
004A08A5 33D2
xor edx, edx
* Reference to control TForm7.Edit1 : TEdit
|
004A08A7 8B83DC020000 mov
eax, [ebx+$02DC]
* Reference to: controls.TControl.SetVisible(TControl;System.Boolean);
|
004A08AD E842DCF8FF call
0042E4F4
004A08B2 33D2
xor edx, edx
* Reference to control TForm7.Label3 : TLabel
|
004A08B4 8B83D8020000 mov
eax, [ebx+$02D8]
* Reference to: controls.TControl.SetVisible(TControl;System.Boolean);
|
004A08BA E835DCF8FF call
0042E4F4
* Possible String Reference to: 'registed'
|
004A08BF BA6C094A00 mov
edx, $004A096C
* Reference to control TForm7.Label2 : TLabel
|
004A08C4 8B83E0020000 mov
eax, [ebx+$02E0]
* Reference to: controls.TControl.SetText(TControl;System.String);
|
004A08CA E83DDDF8FF call
0042E60C
004A08CF 33C0
xor eax, eax
004A08D1 5A
pop edx
004A08D2 59
pop ecx
004A08D3 59
pop ecx
004A08D4 648910
mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '^[]?
|
004A08D7 6825094A00 push
$004A0925
004A08DC 8D85DCFEFFFF lea
eax, [ebp+$FFFFFEDC]
004A08E2 BA03000000 mov
edx, $00000003
* Reference to: system.@LStrArrayClr;
|
004A08E7 E85C35F6FF call
00403E48
004A08EC 8D85E8FEFFFF lea
eax, [ebp+$FFFFFEE8]
* Reference to: system.@LStrClr(String);
|
004A08F2 E82D35F6FF call
00403E24
004A08F7 8D85ECFEFFFF lea
eax, [ebp+$FFFFFEEC]
004A08FD BA03000000 mov
edx, $00000003
* Reference to: system.@LStrArrayClr;
|
004A0902 E84135F6FF call
00403E48
004A0907 8D85F8FEFFFF lea
eax, [ebp+$FFFFFEF8]
* Reference to: system.@LStrClr(String);
|
004A090D E81235F6FF call
00403E24
004A0912 8D85FCFEFFFF lea
eax, [ebp+$FFFFFEFC]
* Reference to: system.@LStrClr(String);
|
004A0918 E80735F6FF call
00403E24
004A091D C3
ret
004A091E E9152FF6FF jmp
00403838
004A0923 EBB7
jmp 004A08DC
****** END
|
004A0925 5E
pop esi
004A0926 5B
pop ebx
004A0927 8BE5
mov esp, ebp
004A0929 5D
pop ebp
004A092A C3
ret
}
end ;
因此,在TRW2000 中下BPX 4A06DC 後,F5返回IPMARMOR,在註冊視窗輸入
使用者名稱“CRACK123"及註冊碼"123123"後點選“註冊”鈕,立即被
TRW2000攔截到IPMARMOR領空,跟蹤到4A0811處,用D EDX 顯示註冊碼為
“1903395948”,
故:使用者名稱 CRACK123
註冊碼 1903395948
若將4A082E處JNZ NEAR 4A08CF 改為NOP(6個),則成為任意註冊版!!
請勿見笑,多提意見!!
〈END>
相關文章
- 木馬克星5.33.60破解過程
(9千字)2002-03-28
- 木馬克星1120 完整演算法分析(高手勿進)2015-11-15演算法
- 木馬學習2024-04-20
- Iparmor 木馬克星 V5.40 Build 0414破解手記-演算法分析2015-11-15UI演算法
- 怎麼清理webshell木馬後門檔案2021-08-05Webshell
- 伺服器SSH後門木馬查殺2022-08-30伺服器
- BetaBot 木馬分析2020-08-19
- 木馬逆向分析2015-11-15
- 木牛流馬2024-06-02
- 硬體木馬(一)2024-10-03
- 推薦5種常見的木馬攻擊型別!網路安全入門必看2022-09-16型別
- 網路黑產作惡手段花式翻新,熱門網遊慘遭釣魚木馬“碰瓷”2020-09-04
- Oracle 10g Limits - Logical Database Limits2010-01-27Oracle 10gMITDatabase
- 手工查殺木馬和病毒 作網路安全緝毒高手2008-05-19
- CRACK bootstart6.02版 (26千字)2001-10-22boot
- 快速定位挖礦木馬 !2022-03-07
- Free Star木馬分析與追溯2020-08-19
- 黑狐”木馬分析報告2020-08-19
- 利用msfvenom生成木馬檔案2022-03-02
- 盜號木馬分析報告2017-10-25
- iexpress全力打造“免檢”木馬2017-11-27Express
- 遭遇 木馬 srpcss.dll2008-11-03RPCCSS
- 木馬問題解決方案2006-04-12
- C#快速入門教程(30)—— 繼續學習2018-11-15C#
- 貝殼木馬專殺工具怎麼用 貝殼木馬專殺工具使用教程2016-08-05
- 入門習作2:HOSTMONITOR 1.31 執行自校驗及註冊破解過程 (11千字)2001-06-27
- 微信小程式swiper旋轉木馬2019-03-16微信小程式
- [病毒木馬] 檔案自刪除2020-11-29
- 記錄一次木馬排查2022-02-12
- 利用DNS隧道通訊木馬分析2018-01-31DNS
- linux下查詢php木馬2017-12-10LinuxPHP
- 巧設密碼氣死木馬2016-06-20密碼
- WindowsApache下防PHP木馬設定2008-12-30WindowsApachePHP
- 網站伺服器木馬後門查詢之威脅情報分析2022-09-06網站伺服器
- 伺服器中了木馬後門如何排查定時任務計劃2022-09-08伺服器
- 專門針對越獄iOS裝置的盜號木馬出現2014-04-27iOS
- 區別木馬與病毒,以及識別與防治木馬的方法2016-06-30
- 破解WorkgroupMail 的30天的時間限制(FCG作業)---高手莫入! (10千字)2015-11-15AI