註冊你的Fast Browser4.01 (7千字)

註冊你的Fast Browser4.01
URL:http://www.qwerks.com/download/2617/fbps.zip

用FILEINFO檢測發現主程式是加了PECompact v1.40.2-5殼，用衝擊波檢測發現主程式的入口是502EC8（嘿嘿，感謝DBOY寫的好東東），然後用TRW脫殼。

:004DB4CD 8D55F8 lea edx, dword ptr [ebp-08] <----裝入使用者名稱
:004DB4D0 8B83F8020000 mov eax, dword ptr [ebx+000002F8]
:004DB4D6 E80D9CF5FF call 004350E8 \
:004DB4DB 837DF800 cmp dword ptr [ebp-08], 00000000 |檢測是否輸入了使用者名稱
:004DB4DF 751A jne 004DB4FB /
:004DB4E1 6A00 push 00000000
:004DB4E3 668B0D8CB64D00 mov cx, word ptr [004DB68C]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004DB479(C)
|
:004DB4EA B202 mov dl, 02

* Possible StringData Ref from Code Obj ->"Please input your user name."
|
:004DB4EC B898B64D00 mov eax, 004DB698
:004DB4F1 E8D601F8FF call 0045B6CC
:004DB4F6 E933010000 jmp 004DB62E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004DB4DF(C)
|
:004DB4FB A1F0635000 mov eax, dword ptr [005063F0]
:004DB500 803800 cmp byte ptr [eax], 00
:004DB503 751C jne 004DB521
:004DB505 B811000000 mov eax, 00000011
:004DB50A E85DBEFCFF call 004A736C \
:004DB50F 84C0 test al, al |聯上INTERNET嗎？
:004DB511 741A je 004DB52D /沒有,去死把，把741a改成9090
:004DB513 B810000000 mov eax, 00000010
:004DB518 E84FBEFCFF call 004A736C \
:004DB51D 84C0 test al, al |聯上INTERNET嗎？
:004DB51F 740C je 004DB52D /沒有,去死把，把740c改成9090

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004DB503(C)
|
:004DB521 8BC3 mov eax, ebx
:004DB523 E818FDFFFF call 004DB240 call(1)<---比對註冊碼的call,進去看看
:004DB528 E901010000 jmp 004DB62E <---跳到出錯資訊“錯誤的註冊資訊”

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004DB511(C), :004DB51F(C)
|
:004DB52D 8D45FC lea eax, dword ptr [ebp-04]

* Possible StringData Ref from Code Obj ->"Connect to the Internet now so "
->"the program can
check your registration "
->"information online."
|
:004DB530 BAC0B64D00 mov edx, 004DB6C0

_________________________________________________________________________________________
call(1)
:004D4A48 55 push ebp <----我們停在這裡
:004D4A49 8BEC mov ebp, esp
:004D4A4B 83C4F4 add esp, FFFFFFF4
:004D4A4E 53 push ebx
:004D4A4F 33C9 xor ecx, ecx
:004D4A51 894DF4 mov dword ptr [ebp-0C], ecx
:004D4A54 8955F8 mov dword ptr [ebp-08], edx
:004D4A57 8945FC mov dword ptr [ebp-04], eax
:004D4A5A 8B45FC mov eax, dword ptr [ebp-04]
:004D4A5D E842F7F2FF call 004041A4
:004D4A62 8B45F8 mov eax, dword ptr [ebp-08]
:004D4A65 E83AF7F2FF call 004041A4
:004D4A6A 33C0 xor eax, eax
:004D4A6C 55 push ebp
:004D4A6D 680F4B4D00 push 004D4B0F
:004D4A72 64FF30 push dword ptr fs:[eax]
:004D4A75 648920 mov dword ptr fs:[eax], esp
:004D4A78 837DFC00 cmp dword ptr [ebp-04], 00000000
:004D4A7C 741E je 004D4A9C
:004D4A7E 837DF800 cmp dword ptr [ebp-08], 00000000
:004D4A82 7418 je 004D4A9C
:004D4A84 8D55F4 lea edx, dword ptr [ebp-0C]
:004D4A87 8B45FC mov eax, dword ptr [ebp-04]
:004D4A8A E8D1FEFFFF call 004D4960 <----演算法，進去看看
:004D4A8F 8B55F4 mov edx, dword ptr [ebp-0C] <----真碼
:004D4A92 8B45F8 mov eax, dword ptr [ebp-08] <----假碼（我們輸入的）
:004D4A95 E866F6F2FF call 00404100 call(2) <----關鍵比對
:004D4A9A 7404 je 004D4AA0 <----相等，註冊成功

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004D4A7C(C), :004D4A82(C)
|
:004D4A9C 33DB xor ebx, ebx
:004D4A9E EB02 jmp 004D4AA2

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004D4A9A(C)
|
:004D4AA0 B301 mov bl, 01

_______________________________________________________________________________________
call(2)
:004D4960 55 push ebp <----我們停在這裡
:004D4961 8BEC mov ebp, esp
:004D4963 6A00 push 00000000
:004D4965 6A00 push 00000000
:004D4967 6A00 push 00000000
:004D4969 53 push ebx
:004D496A 56 push esi
:004D496B 57 push edi
:004D496C 8BF2 mov esi, edx
:004D496E 8945FC mov dword ptr [ebp-04], eax
:004D4971 8B45FC mov eax, dword ptr [ebp-04]
:004D4974 E82BF8F2FF call 004041A4
:004D4979 33C0 xor eax, eax
:004D497B 55 push ebp
:004D497C 683A4A4D00 push 004D4A3A
:004D4981 64FF30 push dword ptr fs:[eax]
:004D4984 648920 mov dword ptr fs:[eax], esp
:004D4987 8BC6 mov eax, esi

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004D4922(C)
|
:004D4989 E8E2F3F2FF call 00403D70
:004D498E 8B45FC mov eax, dword ptr [ebp-04]
:004D4991 E85AF6F2FF call 00403FF0 <----檢測註冊名的長度
:004D4996 83F803 cmp eax, 00000003 <----大於3嗎？
:004D4999 0F8C80000000 jl 004D4A1F <----跳，就死拉
:004D499F 803D6C5E500000 cmp byte ptr [00505E6C], 00
:004D49A6 743E je 004D49E6
:004D49A8 8B45FC mov eax, dword ptr [ebp-04]
:004D49AB E840F6F2FF call 00403FF0
:004D49B0 8BF8 mov edi, eax
:004D49B2 85FF test edi, edi

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004D494F(C)
|
:004D49B4 7E69 jle 004D4A1F
:004D49B6 BB01000000 mov ebx, 00000001

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004D49E2(C)
|
:004D49BB 8B45FC mov eax, dword ptr [ebp-04]
:004D49BE 0FB64418FF movzx eax, byte ptr [eax+ebx-01]<----取註冊名的最後一位的ASCII碼（ebx註冊名長度）
:004D49C3 B90A000000 mov ecx, 0000000A <----賦值
:004D49C8 33D2 xor edx, edx <----edx清零
:004D49CA F7F1 div ecx
:004D49CC 8BC2 mov eax, edx <----將餘數放入eax(也就是真註冊碼）
:004D49CE 8D55F8 lea edx, dword ptr [ebp-08]
:004D49D1 E8BA49F3FF call 00409390
:004D49D6 8B55F8 mov edx, dword ptr [ebp-08]
:004D49D9 8BC6 mov eax, esi
:004D49DB E818F6F2FF call 00403FF8
:004D49E0 43 inc ebx
:004D49E1 4F dec edi
:004D49E2 75D7 jne 004D49BB <----迴圈

^_^演算法簡單吧
Jieao[CCG]
3177117154
004DB511 741a,9090
004DB51F 740c,9090
註冊成功後在你的安裝目錄中會生成一個xxxx.key的檔案（我的是8686.key),在\安裝目錄\Search\生成一個reg的檔案
在登錄檔中新增HKEY_CURRENT_USER\Software\Sealine\fb\user鍵

註冊你的Fast Browser4.01 (7千字)

相關文章