快速破解CCProxy 4.30(7千字)
看雪資料發表於2002-01-26
!URL http://bj.onlinedown.net/down/ccproxysetup.zip
=====================================================================
* Reference To: KERNEL32.GetPrivateProfileStringA, Ord:013Ah---------->CCproxy.ini
|
:00404914 8B3538224400 mov esi, dword ptr [00442238]
:0040491A F3 repz
:0040491B AB stosd
:0040491C 68E82A4500 push 00452AE8
:00404921 8D8C2488080000 lea ecx, dword ptr [esp+00000888]
* Possible Reference to Dialog: DialogID_0085, CONTROL_ID:0400, ""
|
:00404928 6800040000 push 00000400
:0040492D 51 push ecx
:0040492E 66AB stosw
:00404930 68C02A4500 push 00452AC0
* Possible StringData Ref from Data Obj ->"RegCode"
|
:00404935 6838F34400 push 0044F338
* Possible StringData Ref from Data Obj ->"System"
|
:0040493A 6868F24400 push 0044F268
:0040493F AA stosb
:00404940 FFD6 call esi
:00404942 68E82A4500 push 00452AE8
:00404947 8D942484040000 lea edx, dword ptr [esp+00000484]
* Possible Reference to Dialog: DialogID_0085, CONTROL_ID:0400, ""
|
:0040494E 6800040000 push 00000400
:00404953 52 push edx
:00404954 68C02A4500 push 00452AC0
* Possible StringData Ref from Data Obj ->"UserName"
|
:00404959 682CF34400 push 0044F32C
* Possible StringData Ref from Data Obj ->"System"
|
:0040495E 6868F24400 push 0044F268
:00404963 FFD6 call esi
:00404965 8D842480040000 lea eax, dword ptr [esp+00000480]
:0040496C 8D8C2484080000 lea ecx, dword ptr [esp+00000884]
:00404973 50 push eax
:00404974 51 push ecx
:00404975 E8D6010000 call 00404B50---------->呵呵,這才是關鍵的call!進入!
:0040497A A3F45A4500 mov dword ptr [00455AF4], eax---------->反推到這裡,好傢伙!
:0040497F B043 mov al, 43
:00404981 88442424 mov byte ptr [esp+24], al
:00404985 88442425 mov byte ptr [esp+25], al
* Possible StringData Ref from Data Obj ->" "
|
:00404989 BF28F34400 mov edi, 0044F328
:0040498E 83C9FF or ecx, FFFFFFFF
:00404991 33C0 xor eax, eax
:00404993 33DB xor ebx, ebx
:00404995 F2 repnz
:00404996 AE scasb
:00404997 F7D1 not ecx
:00404999 2BF9 sub edi, ecx
:0040499B 8D542424 lea edx, dword ptr [esp+24]
:0040499F 8BF7 mov esi, edi
:004049A1 8BE9 mov ebp, ecx
:004049A3 8BFA mov edi, edx
:004049A5 83C9FF or ecx, FFFFFFFF
:004049A8 C644242650 mov [esp+26], 50
:004049AD C644242772 mov [esp+27], 72
:004049B2 C64424286F mov [esp+28], 6F
:004049B7 C644242978 mov [esp+29], 78
:004049BC C644242A79 mov [esp+2A], 79
:004049C1 885C242B mov byte ptr [esp+2B], bl
:004049C5 F2 repnz
:004049C6 AE scasb
:004049C7 8BCD mov ecx, ebp
:004049C9 4F dec edi
:004049CA C1E902 shr ecx, 02
:004049CD F3 repz
:004049CE A5 movsd
:004049CF 8BCD mov ecx, ebp
:004049D1 8D44241C lea eax, dword ptr [esp+1C]
:004049D5 83E103 and ecx, 00000003
:004049D8 50 push eax
:004049D9 F3 repz
:004049DA A4 movsb
:004049DB E860FEFFFF call 00404840
:004049E0 8B00 mov eax, dword ptr [eax]
:004049E2 83C9FF or ecx, FFFFFFFF
:004049E5 8BF8 mov edi, eax
:004049E7 33C0 xor eax, eax
:004049E9 83C40C add esp, 0000000C
:004049EC 8D54241C lea edx, dword ptr [esp+1C]
:004049F0 F2 repnz
:004049F1 AE scasb
:004049F2 F7D1 not ecx
:004049F4 2BF9 sub edi, ecx
:004049F6 8BF7 mov esi, edi
:004049F8 8BE9 mov ebp, ecx
:004049FA 8BFA mov edi, edx
:004049FC 83C9FF or ecx, FFFFFFFF
:004049FF F2 repnz
:00404A00 AE scasb
:00404A01 8BCD mov ecx, ebp
:00404A03 4F dec edi
:00404A04 C1E902 shr ecx, 02
:00404A07 F3 repz
:00404A08 A5 movsd
:00404A09 8BCD mov ecx, ebp
:00404A0B 83E103 and ecx, 00000003
:00404A0E F3 repz
:00404A0F A4 movsb
:00404A10 8D4C2414 lea ecx, dword ptr [esp+14]
:00404A14 E8F8270300 call 00437211---------->並不是關鍵call!
:00404A19 A1040C4500 mov eax, dword ptr [00450C04]
:00404A1E 89442410 mov dword ptr [esp+10], eax
:00404A22 A1F45A4500 mov eax, dword ptr [00455AF4]---------->賦值給eax,關鍵!可bpm 00455AF4反推!
:00404A27 899C24900C0000 mov dword ptr [esp+00000C90], ebx
:00404A2E 3BC3 cmp eax, ebx---------->比較!
:00404A30 7465 je 00404A97---------->不能跳!
:00404A32 8D4C2414 lea ecx, dword ptr [esp+14]
* Possible Reference to String Resource ID=00127: "%s"
|
:00404A36 6A7F push 0000007F
:00404A38 51 push ecx
:00404A39 E862F7FFFF call 004041A0
:00404A3E 83C408 add esp, 00000008
:00404A41 50 push eax
:00404A42 8D4C2414 lea ecx, dword ptr [esp+14]
:00404A46 C68424940C000001 mov byte ptr [esp+00000C94], 01
:00404A4E E8F7280300 call 0043734A
:00404A53 8D4C2414 lea ecx, dword ptr [esp+14]
:00404A57 889C24900C0000 mov byte ptr [esp+00000C90], bl
:00404A5E E8AE270300 call 00437211
:00404A63 8B442410 mov eax, dword ptr [esp+10]
:00404A67 8D54241C lea edx, dword ptr [esp+1C]
:00404A6B 52 push edx
:00404A6C 8D8C2484000000 lea ecx, dword ptr [esp+00000084]
:00404A73 50 push eax
:00404A74 51 push ecx
:00404A75 E88AD50100 call 00422004
:00404A7A 83C40C add esp, 0000000C
:00404A7D E8612E0300 call 004378E3
:00404A82 3BC3 cmp eax, ebx
:00404A84 0F8481000000 je 00404B0B
:00404A8A 8B10 mov edx, dword ptr [eax]
:00404A8C 8BC8 mov ecx, eax
:00404A8E FF5274 call [edx+74]
:00404A91 3BC3 cmp eax, ebx
:00404A93 7476 je 00404B0B
:00404A95 EB62 jmp 00404AF9
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404A30(C)
|
:00404A97 8D542418 lea edx, dword ptr [esp+18]
* Possible Reference to String Resource ID=00128: "%s(Evaluation Version Can Only Support No More Than 5 Users)"---------->關鍵提示!
|
:00404A9B 6880000000 push 00000080
=====================================================================
2、進入關鍵call!
=====================================================================
* Referenced by a CALL at Address:
|:00404975
|
:00404B50 64A100000000 mov eax, dword ptr fs:[00000000]
:00404B56 6AFF push FFFFFFFF
:00404B58 688B024400 push 0044028B
:00404B5D 50 push eax
:00404B5E 64892500000000 mov dword ptr fs:[00000000], esp
:00404B65 81EC04080000 sub esp, 00000804
:00404B6B 83C9FF or ecx, FFFFFFFF
:00404B6E 33C0 xor eax, eax
:00404B70 53 push ebx
:00404B71 8B9C2418080000 mov ebx, dword ptr [esp+00000818]
:00404B78 57 push edi
:00404B79 8BFB mov edi, ebx
:00404B7B F2 repnz
:00404B7C AE scasb
:00404B7D F7D1 not ecx
:00404B7F 49 dec ecx
:00404B80 0F8426010000 je 00404CAC
:00404B86 8B942420080000 mov edx, dword ptr [esp+00000820]
:00404B8D 83C9FF or ecx, FFFFFFFF
:00404B90 8BFA mov edi, edx
:00404B92 F2 repnz
:00404B93 AE scasb
:00404B94 F7D1 not ecx
:00404B96 49 dec ecx
:00404B97 0F840F010000 je 00404CAC
:00404B9D 56 push esi
:00404B9E 52 push edx
:00404B9F 52 push edx
:00404BA0 E8AB160100 call 00416250
:00404BA5 8BF8 mov edi, eax
:00404BA7 83C9FF or ecx, FFFFFFFF
:00404BAA 33C0 xor eax, eax
:00404BAC 8D942418040000 lea edx, dword ptr [esp+00000418]
:00404BB3 F2 repnz
:00404BB4 AE scasb
:00404BB5 F7D1 not ecx
:00404BB7 2BF9 sub edi, ecx
:00404BB9 8BC1 mov eax, ecx
:00404BBB 8BF7 mov esi, edi
:00404BBD 8BFA mov edi, edx
:00404BBF C1E902 shr ecx, 02
:00404BC2 F3 repz
:00404BC3 A5 movsd
:00404BC4 8BC8 mov ecx, eax
:00404BC6 83E103 and ecx, 00000003
:00404BC9 F3 repz
:00404BCA A4 movsb
:00404BCB 8D4C2418 lea ecx, dword ptr [esp+18]
:00404BCF 51 push ecx
:00404BD0 E85BF4FFFF call 00404030
:00404BD5 8D54241C lea edx, dword ptr [esp+1C]
:00404BD9 8D84241C040000 lea eax, dword ptr [esp+0000041C]
:00404BE0 52 push edx
:00404BE1 50 push eax
:00404BE2 E869160100 call 00416250
:00404BE7 8B0D040C4500 mov ecx, dword ptr [00450C04]
:00404BED 83C414 add esp, 00000014
:00404BF0 894C240C mov dword ptr [esp+0C], ecx
:00404BF4 50 push eax
:00404BF5 8D4C2410 lea ecx, dword ptr [esp+10]
:00404BF9 C784241C08000000000000 mov dword ptr [esp+0000081C], 00000000
:00404C04 E891270300 call 0043739A
* Possible StringData Ref from Data Obj ->"yy"
|
:00404C09 6850F34400 push 0044F350
* Possible StringData Ref from Data Obj ->".."
|
:00404C0E 6850F14400 push 0044F150
:00404C13 8D4C2414 lea ecx, dword ptr [esp+14]
:00404C17 E84ACC0200 call 00431866
* Possible StringData Ref from Data Obj ->"aa"
|
:00404C1C 684CF34400 push 0044F34C
* Possible StringData Ref from Data Obj ->"//"
|
:00404C21 6848F34400 push 0044F348
:00404C26 8D4C2414 lea ecx, dword ptr [esp+14]
:00404C2A E837CC0200 call 00431866
* Possible StringData Ref from Data Obj ->"oo"
|
:00404C2F 6844F34400 push 0044F344
* Possible StringData Ref from Data Obj ->"$$"
|
:00404C34 6840F34400 push 0044F340
:00404C39 8D4C2414 lea ecx, dword ptr [esp+14]
:00404C3D E824CC0200 call 00431866---------->計算正確註冊碼的call,你可進去看看!
:00404C42 8B44240C mov eax, dword ptr [esp+0C]
:00404C46 8BF3 mov esi, ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404C6A(C)
|
:00404C48 8A10 mov dl, byte ptr [eax]---------->d eax 正確註冊碼!
:00404C4A 8A1E mov bl, byte ptr [esi]---------->d esi 錯誤註冊碼!
:00404C4C 8ACA mov cl, dl
:00404C4E 3AD3 cmp dl, bl---------->比較!
:00404C50 751E jne 00404C70
:00404C52 84C9 test cl, cl
:00404C54 7416 je 00404C6C
:00404C56 8A5001 mov dl, byte ptr [eax+01]
:00404C59 8A5E01 mov bl, byte ptr [esi+01]
:00404C5C 8ACA mov cl, dl
:00404C5E 3AD3 cmp dl, bl---------->比較!
:00404C60 750E jne 00404C70
:00404C62 83C002 add eax, 00000002
:00404C65 83C602 add esi, 00000002
:00404C68 84C9 test cl, cl
:00404C6A 75DC jne 00404C48
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404C54(C)
|
:00404C6C 33C0 xor eax, eax
:00404C6E EB05 jmp 00404C75
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00404C50(C), :00404C60(C)
|
:00404C70 1BC0 sbb eax, eax
:00404C72 83D8FF sbb eax, FFFFFFFF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404C6E(U)
|
:00404C75 33C9 xor ecx, ecx
:00404C77 C7842418080000FFFFFFFF mov dword ptr [esp+00000818], FFFFFFFF
:00404C82 85C0 test eax, eax
:00404C84 0F94C1 sete cl
:00404C87 8BF1 mov esi, ecx
:00404C89 8D4C240C lea ecx, dword ptr [esp+0C]
:00404C8D E87F250300 call 00437211
:00404C92 8BC6 mov eax, esi
:00404C94 5E pop esi
:00404C95 5F pop edi
:00404C96 5B pop ebx
:00404C97 8B8C2404080000 mov ecx, dword ptr [esp+00000804]
:00404C9E 64890D00000000 mov dword ptr fs:[00000000], ecx
:00404CA5 81C410080000 add esp, 00000810
:00404CAB C3 ret
=====================================================================
3、小結!
CCProxy.ini內容:
[System]
Language=ChineseGB
Setup=1
RegCode=o1o37490023oLElm3dhCxqjUz44UJajSca
UserName=CCProxy
我的特徵碼:374900232070
相關文章
- 4.302024-05-07
- 4.30學習進度2024-05-06
- confluence7 破解版2024-06-25
- win10如何設定ccproxy代理服務工具_win10系統ccproxy代理服務工具操作教程2020-04-21Win10
- 上週熱點回顧(4.24-4.30)2023-05-01
- 千字乾貨 | 一文帶你快速掌握資料庫相關概念2022-04-27資料庫
- Resolume Arena 7啟用序列號 Resolume Arena 7破解中文2023-10-26
- CRM快速開發平臺:破解管理困局2022-06-20
- Centos7使用DenyHosts防止ssh暴力破解2020-06-07CentOS
- Centos7上安裝、破解bamboo6.0.32018-07-10CentOS
- 實戰分享反爬機制快速定位與破解2024-10-16
- win10系統怎麼使用ccproxy代理伺服器工具2020-02-04Win10伺服器
- 想知道Vue3與Vue2的區別?五千字教程助你快速上手Vue3!2022-06-21Vue
- Linux 7 破解 root 密碼以及grub2加密.....2018-08-16Linux密碼加密
- 千字分享|自然語言分析NLA2022-05-30
- python爬蟲之快速對js內容進行破解2019-07-08Python爬蟲JS
- Centos7快速安裝RocketMQ2020-06-08CentOSMQ
- 使用 Vagrant 快速搭建 CentOS72020-04-15CentOS
- centos7快速安裝docker2019-04-02CentOSDocker
- 第二彈:MyEclipse2017 CI7 破解 及 配置2018-09-12Eclipse
- 暴肝兩萬五千字助你通關Servlet2022-03-01Servlet
- CentOS 7快速安裝Mongodb詳解2021-09-23CentOSMongoDB
- Windows7下的辦公套件16版破解啟用2018-07-22Windows套件
- DxO PhotoLab 7 Mac版中文啟用資源 「DxO PhotoLab 7破解安裝包最新」7.1.0.352023-11-09Mac
- 三千字介紹Redis主從+哨兵+叢集2021-09-30Redis
- .Net 7 的AOT的程式比託管程式碼更容易破解?2022-12-31
- ida pro 7破解版!支援mac10.15系統!試試?2020-10-30Mac
- CentOS7快速安裝python32020-11-04CentOSPython
- Linux – CentOS 7 yum方式快速安裝MongoDB2018-07-18LinuxCentOSMongoDB
- 三千字講清TypeScript與React的實戰技巧2019-07-26TypeScriptReact
- [electron]終極奧義 五千字教程丟給你2018-09-18
- MySQL(十四)分析查詢語句Explain 七千字總結2023-04-14MySqlAI
- CentOS7 快速高效,簡單安裝 lnmp2019-04-19CentOSLNMP
- 通過窮舉法快速破解excel或word加密文件最高15位密碼2021-03-06Excel加密密碼
- 黑客放言:將於7月1日釋出索尼PSV 3.68韌體破解2018-06-19黑客
- 一萬三千字的HashMap面試必問知識點詳解2020-11-28HashMap面試
- 如何快速重灌win7系統,分享重灌win7系統的方法2022-01-07Win7
- Learun.framework v7━ net快速開發框架2018-09-05Framework框架
- 破解idea2019-01-14Idea