同益起名大師 3.29 脫殼加爆破
【下載頁面】http://down.tfol.com/down/soft/pc/t...523,12288.shtml
【軟體名稱】同益起名大師 3.29
【軟體分類】國產軟體 / 授權未知 / 測字算命
【適用平臺】Win9x/Me/NT/2000/XP
【檔案大小】4,687KB
【軟體介紹】是一個專業的起名測名軟體,可以說是最優秀、最專業的,絕對100%精品(注:自吹而已)。它有個人起名、公司行號命名、商標樓號命名、姓名八卦、吉號選擇、姓名分析、名稱分析、號碼吉凶分析等及參考名字查詢、成語查詢、偏旁查字等多種活字典辭典功能。是姓名學愛好者及研究人員的得力工具,讓您真正放心、方便、快捷地為您的公司商行或親朋好友起個好名。
-----------------------------------------------------------
【破文作者】moon
【作者宣告】只是感興趣,沒有其他目的。失誤之處敬請諸位大俠賜教!
【除錯環境】WinXP、flyODBG、PEiD
-----------------------------------------------------------
【準備工作】:
如果手動更改登錄檔資訊且經驗證失敗,而且你又沒有及時制止它更改註冊資訊,它會把你的登錄檔專案HKEY_LOCAL_MACHINE\SOFTWARE\GoodSoft\GoodName中的Appid設為4D,這樣就沒有輸入註冊碼的地方啦,如果發生這種情況,只要把Appid手動更改為0即可再次進行註冊。
-----------------------------------------------------------
【脫殼】
flyODBG載入,停在:
005DC060 >pushad <====停於此處
005DC061 call GoodName.005DC066
005DC066 pop ebp
005DC067 sub ebp,GoodName.00401DF3
忽略除“記憶體訪問異常”以外的所有異常,執行。在第2次異常時開啟記憶體映象,在code段設定訪問斷點,然後透過異常。斷於以下位置,不是OEP,但離OEP不遠:
005D8C4C rep movs dword ptr es:[edi],dword ptr ds:[esi] <====斷於此處
005D8C4E add ecx,eax
005D8C50 and ecx,3
005D8C53 rep movs byte ptr es:[edi],byte ptr ds:[esi]
005D8C55 leave
005D8C56 retn 1C <====到此F4
執行到005D8C56,然後F8一次,來到:
005D8282 pop edx <====來到這裡 ; GoodName.00401000
005D8283 pop edi
向下檢視一下程式碼,看到了這個:
005D854E popad
005D854F popfd
005D8550 push eax
005D8551 push GoodName.00517418 <====OEP
005D8556 retn 4 <====到此F4
於是執行到此,再F8一次,來到OEP處。
用OD轉存程式,然後再用IMR修復輸入表即可。
【程式跟蹤】
因為要對登錄檔進行操作,所以先看看對函式設斷,搜尋->當前模組中的名稱,看到advapi32.RegSetValueExA和advapi32.RegQueryValueExA,一個是寫入登錄檔,一個是讀取登錄檔值,在對它們的每個參考設定斷點,然後執行程式,中斷後看堆疊中的第二行,不是Appid就F9執行。另外,經過跟蹤已知驗證失敗時修改登錄檔都是透過call 004E6A44進行的,可以在004E6A44設定斷點,就可以攔截到所有驗證失敗的地方。
1. 點“註冊”按鈕後
點選“註冊”以後無任何提示,這時斷點較難找,用“資源相關事件分析法”得知是從00509484開始執行,這一段的關鍵在:
005097BA call UN-GOODN.0050903C <====關鍵CALL,跟進
跟進子程式0050903C後,其中的關鍵在:
0050930F mov edx,dword ptr ss:[ebp-74] 註冊碼
00509312 mov ecx,un-Go.00509480 ; ASCII "111"
00509317 mov eax,dword ptr ss:[ebp-10] 申請碼加姓加公司名字尾中的兩位
0050931A call un-Go.004E1BBC <====關鍵call之一,計算及比較,正確時寫入登錄檔
0050931F mov byte ptr ss:[ebp-5],al 存結果
00509322 cmp byte ptr ss:[ebp-5],0 檢查結果
00509326 je short un-Go.00509368
00509328 lea edx,dword ptr ss:[ebp-88]
0050932E mov eax,dword ptr ss:[ebp-4]
00509331 mov eax,dword ptr ds:[eax+32C]
00509337 call un-Go.00457230 取得註冊碼
0050933C mov eax,dword ptr ss:[ebp-88]
00509342 lea edx,dword ptr ss:[ebp-84]
00509348 call un-Go.00408B18 複製註冊碼
0050934D mov eax,dword ptr ss:[ebp-84]
00509353 lea ecx,dword ptr ss:[ebp-80]
00509356 mov dl,2D
00509358 call un-Go.004E29C4 去掉註冊碼中的'-'
0050935D mov edx,dword ptr ss:[ebp-80] 註冊碼
00509360 mov eax,dword ptr ss:[ebp-10] 申請碼加姓加公司名字尾中的兩位
00509363 call un-Go.004E17B0 <====關鍵call之二,這一步以後登錄檔又被更改
跟進關鍵call之一call un-Go.004E1BBC後,其中的關鍵比較是:
004E1F19 mov edx,dword ptr ss:[ebp-88] "EF9F176831E87F88"
004E1F1F pop eax "9E4165ADC409583C"
004E1F20 call un-GoodN.004046D0 <====關鍵比較,這兒不跳就會將
004E1F25 jnz un-GoodN.004E2382 這兒不跳就會將資訊寫入登錄檔(會幫我們算出Value喲,爽)。爆破方法為nop掉,爆破點1
跟進關鍵call之二call un-Go.004E17B0後,其中的關鍵比較是:
004E18B5 lea eax,dword ptr ss:[ebp-44] 常數變來的數
004E18B8 pop edx 數1出棧
004E18B9 call un-GoodN.004DCC58 <====關鍵比較,大數比較,不相等就會把註冊資訊修改,爆破點2
004E18BE mov byte ptr ss:[ebp-9],al 存結果,作為一個標誌
2. 啟動以後
重啟以後從00513944開始讀登錄檔,00513C3A是關鍵比較:
00513C33 lea eax,dword ptr ss:[ebp-8C]
00513C39 pop edx
00513C3A call un-GoodN.004DCC58 關鍵比較,兩個大數比較,爆破點3
00513C3F mov byte ptr ds:[51CEC4],al 存結果,作為一個標誌
00513C44 cmp byte ptr ds:[51CEC4],0
00513C4B je short un-GoodN.00513C5D
3. 點“個人起名”以後
點“個人起名”以後,從00503AE5開始讀登錄檔,00503D8E是關鍵call,就是點“註冊”按鈕後的關鍵call中的一個。004E1F20是關鍵比較。
00503D8E call un-GoodN.004E1BBC
4. 點“開始分析”以後
00503467 cmp eax,5 當前月與5比較,因此只能在2004年4月以前用?
0050346A jge short cr-un-Go.00503494 nop掉,爆破點4
005054DC mov eax,dword ptr ss:[ebp-10]
005054DF mov edx,cr-un-Go.00505C48 ; ASCII "-1"
005054E4 call cr-un-Go.004046D0
005054E9 jnz short cr-un-Go.005054FF jnz改為jmp,爆破點5
從005055C2開始讀登錄檔進行註冊碼驗算,005057AF是關鍵call
005057A8 lea eax,dword ptr ss:[ebp-B4]
005057AE pop edx
005057AF call un-GoodN.004DCC58 關鍵call,大數比較,改為mov al,1,爆破點6
005057B4 mov byte ptr ss:[ebp-5],al
5. 到此以後,總結了一下發現,它驗證註冊碼的地方都是從登錄檔讀取資訊,而讀取資訊的程式段結構都差不多,諸如:
00513944 mov edx,un-GoodN.00513D80 ; ASCII "Appid"
00513949 mov eax,dword ptr ss:[ebp-10]
0051394C call un-GoodN.0043C780
00513951 mov ebx,eax
00513953 lea ecx,dword ptr ss:[ebp-8]
00513956 mov edx,un-GoodN.00513D90 ; ASCII "Serial"
0051395B mov eax,dword ptr ss:[ebp-10]
0051395E call un-GoodN.0043C6F4
00513963 lea ecx,dword ptr ss:[ebp-C]
00513966 mov edx,un-GoodN.00513DA0 ; ASCII "FName"
因此搜尋所有引用Serial的地方,以走個捷徑:
1.點“註冊”後透過驗證後寫入登錄檔時引用
004E2159(關鍵計算處)、
2.刪除註冊資訊的call 004E6A44中
004E6D26(刪除登錄檔資訊處)
3.刪除註冊資訊的call 004E6A44中
004E6F34、
4. 點“個人起名”以後的驗證段中
00503B3F、
5.點“開始分析”以後的驗證段中
005055C5、
6.call 0050ED58中
0050F3B1 call cr-un-Go.004E1BBC 是關鍵call,是點註冊後的關鍵call之一
0050F071、
7.call 00510778中
00510D49 call cr-un-Go.004DCC58 是關鍵call,爆破點7
00510B2A、
8. 啟動以後的驗證段
00513956
爆破以上七點以後,任意輸入23位的註冊碼,程式可以註冊成功,並且可以起名、分析名字。至於是否完美就不得而知啦。
【附:點“註冊”以後程式段的跟蹤分析】
005094C6 lea edx,dword ptr ss:[ebp-10]
005094C9 mov eax,dword ptr ss:[ebp-4]
005094CC mov eax,dword ptr ds:[eax+2FC]
005094D2 call UN-GOODN.00457230 取得申請碼
005094D7 mov eax,dword ptr ss:[ebp-10]
005094DA lea edx,dword ptr ss:[ebp-C]
005094DD call UN-GOODN.00408B18 複製申請碼
005094E2 mov eax,dword ptr ss:[ebp-C]
005094E5 call UN-GOODN.00404584 查申請碼的位數
005094EA cmp eax,3
005094ED jl short UN-GOODN.00509541
005094EF lea edx,dword ptr ss:[ebp-18]
005094F2 mov eax,dword ptr ss:[ebp-4]
005094F5 mov eax,dword ptr ds:[eax+300]
005094FB call UN-GOODN.00457230 取得姓
00509500 mov eax,dword ptr ss:[ebp-18]
00509503 lea edx,dword ptr ss:[ebp-14]
00509506 call UN-GOODN.00408B18 複製姓
0050950B mov eax,dword ptr ss:[ebp-14]
0050950E call UN-GOODN.00404584 查姓的位數
00509513 cmp eax,2 姓的位數不小於2
00509516 jl short UN-GOODN.00509541
00509518 lea edx,dword ptr ss:[ebp-20]
0050951B mov eax,dword ptr ss:[ebp-4]
0050951E mov eax,dword ptr ds:[eax+32C]
00509524 call UN-GOODN.00457230 取得註冊碼
00509529 mov eax,dword ptr ss:[ebp-20]
0050952C lea edx,dword ptr ss:[ebp-1C]
0050952F call UN-GOODN.00408B18 複製註冊碼
00509534 mov eax,dword ptr ss:[ebp-1C]
00509537 call UN-GOODN.00404584 查註冊碼的位數
0050953C cmp eax,0A 位數和10比較
0050953F jge short UN-GOODN.00509549
00509541 mov eax,dword ptr ss:[ebp-4]
00509544 call UN-GOODN.00473A40 未知,但不會執行到
00509549 lea eax,dword ptr ss:[ebp-8] 以上是對申請碼、姓、註冊碼的位數進行驗證,透過後到此處執行
0050954C push eax
0050954D lea eax,dword ptr ss:[ebp-24]
00509550 push eax
00509551 lea edx,dword ptr ss:[ebp-2C]
00509554 mov eax,dword ptr ss:[ebp-4]
00509557 mov eax,dword ptr ds:[eax+300]
0050955D call UN-GOODN.00457230 再次取得姓
00509562 mov eax,dword ptr ss:[ebp-2C]
00509565 lea edx,dword ptr ss:[ebp-28]
00509568 call UN-GOODN.00408B18 複製姓
0050956D mov eax,dword ptr ss:[ebp-28]
00509570 mov ecx,2
00509575 mov edx,1
0050957A call UN-GOODN.004047E4 從eax所指的第edx位開始取ecx位,即取姓的第一個漢字
0050957F mov edx,dword ptr ss:[ebp-24]
00509582 mov eax,dword ptr ds:[51B81C]
00509587 mov eax,dword ptr ds:[eax]
00509589 mov eax,dword ptr ds:[eax+3D4]
0050958F mov ecx,UN-GOODN.005098E0 ; ASCII "11"
00509594 call UN-GOODN.004ED3BC [ebp-8]處變成"06"的地址
00509599 xor eax,eax
0050959B push ebp
0050959C push UN-GOODN.005095BB
005095A1 push dword ptr fs:[eax]
005095A4 mov dword ptr fs:[eax],esp
005095A7 mov eax,dword ptr ss:[ebp-8]
005095AA call UN-GOODN.00408FEC 字串變成整數,"06"變成6
005095AF mov ebx,eax <====暫存6,一種標誌,後面會用到
005095B1 xor eax,eax
005095B3 pop edx
005095B4 pop ecx
005095B5 pop ecx
005095B6 mov dword ptr fs:[eax],edx
005095B9 jmp short UN-GOODN.005095C7
005095BB jmp UN-GOODN.00403914
005095C0 xor ebx,ebx
005095C2 call UN-GOODN.00403D40
005095C7 mov eax,dword ptr ds:[51B81C]
005095CC mov eax,dword ptr ds:[eax]
005095CE mov eax,dword ptr ds:[eax+404]
005095D4 mov edx,UN-GOODN.005098EC ; ASCII "000"
005095D9 call UN-GOODN.00457260
005095DE mov eax,dword ptr ds:[51BBF4]
005095E3 mov eax,dword ptr ds:[eax]
005095E5 call UN-GOODN.00477058
005095EA lea edx,dword ptr ss:[ebp-34]
005095ED mov eax,dword ptr ss:[ebp-4]
005095F0 mov eax,dword ptr ds:[eax+324]
005095F6 call UN-GOODN.00457230 取得公司名字尾
005095FB mov eax,dword ptr ss:[ebp-34]
005095FE lea edx,dword ptr ss:[ebp-30]
00509601 call UN-GOODN.00408B18 複製公司名字尾
00509606 mov eax,dword ptr ss:[ebp-30]
00509609 call UN-GOODN.00404584 查公司名字尾的位數
0050960E cmp eax,3
00509611 jle UN-GOODN.005096AF 公司名字尾不輸入時從這兒跳
00509617 lea edx,dword ptr ss:[ebp-3C]
0050961A mov eax,dword ptr ss:[ebp-4]
0050961D mov eax,dword ptr ds:[eax+324]
00509623 call UN-GOODN.00457230 取得公司名字尾
00509628 mov eax,dword ptr ss:[ebp-3C]
0050962B lea edx,dword ptr ss:[ebp-38]
0050962E call UN-GOODN.00408B18 複製公司名字尾
00509633 mov ecx,dword ptr ss:[ebp-38]
00509636 mov eax,dword ptr ds:[51BD30]
0050963B mov eax,dword ptr ds:[eax]
0050963D xor edx,edx
0050963F mov ebx,dword ptr ds:[eax]
00509641 call dword ptr ds:[ebx+20] ds:[0041B7FC]=0041FBE0 (un-Go.0041FBE0)
00509644 mov eax,dword ptr ds:[51B81C]
00509649 mov eax,dword ptr ds:[eax]
0050964B mov eax,dword ptr ds:[eax+3D4]
00509651 call UN-GOODN.004EDA04
00509656 mov ebx,eax <====暫存某結果,公司名字尾寫“公司”,結果為9
00509658 cmp ebx,1
0050965B jle short UN-GOODN.005096A7 公司名字尾輸入“comcn”後,這兒會跳,寫“公司”,這兒不跳
0050965D lea edx,dword ptr ss:[ebp-40]
00509660 mov eax,ebx
00509662 call UN-GOODN.004F561C [ebp-40]得到"009"
00509667 lea eax,dword ptr ss:[ebp-40]
0050966A push eax
0050966B lea edx,dword ptr ss:[ebp-48]
0050966E mov eax,dword ptr ss:[ebp-4]
00509671 mov eax,dword ptr ds:[eax+324]
00509677 call UN-GOODN.00457230 取得公司名字尾
0050967C mov eax,dword ptr ss:[ebp-48]
0050967F lea edx,dword ptr ss:[ebp-44]
00509682 call UN-GOODN.00408B18 複製公司名字尾
00509687 mov edx,dword ptr ss:[ebp-44]
0050968A pop eax
0050968B call UN-GOODN.0040458C 連線字串,得到"009公司"
00509690 mov edx,dword ptr ss:[ebp-40]
00509693 mov eax,dword ptr ds:[51B81C]
00509698 mov eax,dword ptr ds:[eax]
0050969A mov eax,dword ptr ds:[eax+404]
005096A0 call UN-GOODN.00457260
005096A5 jmp short UN-GOODN.005096AF 跳
005096A7 mov eax,dword ptr ss:[ebp-4] 公司名字尾輸入“comcn”後跳到這兒
005096AA call UN-GOODN.00473A40
005096AF mov eax,dword ptr ds:[51B81C] 公司名字尾不輸入時跳到這兒
005096B4 mov eax,dword ptr ds:[eax]
005096B6 mov eax,dword ptr ds:[eax+430]
005096BC xor edx,edx
005096BE call UN-GOODN.00437364
005096C3 mov eax,dword ptr ds:[51B81C]
005096C8 mov eax,dword ptr ds:[eax]
005096CA mov eax,dword ptr ds:[eax+430]
005096D0 mov dl,1
005096D2 call UN-GOODN.00437364
005096D7 lea edx,dword ptr ss:[ebp-64]
005096DA mov eax,dword ptr ss:[ebp-4]
005096DD mov eax,dword ptr ds:[eax+2FC]
005096E3 call UN-GOODN.00457230 再次取得申請碼
005096E8 mov eax,dword ptr ss:[ebp-64]
005096EB lea edx,dword ptr ss:[ebp-60]
005096EE call UN-GOODN.00408B18 複製申請碼
005096F3 mov eax,dword ptr ss:[ebp-60]
005096F6 lea edx,dword ptr ss:[ebp-5C]
005096F9 call UN-GOODN.004DCB68 計算得一個數
005096FE lea eax,dword ptr ss:[ebp-5C]
00509701 lea edx,dword ptr ss:[ebp-4C]
00509704 call UN-GOODN.004DCBDC 計算得一個字串"Zsh19jRDfbHzAPRQ"
00509709 lea edx,dword ptr ss:[ebp-70]
0050970C mov eax,dword ptr ss:[ebp-4]
0050970F mov eax,dword ptr ds:[eax+300]
00509715 call UN-GOODN.00457230 再次取得姓
0050971A mov eax,dword ptr ss:[ebp-70]
0050971D lea edx,dword ptr ss:[ebp-6C]
00509720 call UN-GOODN.00408B18 複製姓
00509725 mov eax,dword ptr ss:[ebp-6C]
00509728 lea edx,dword ptr ss:[ebp-5C]
0050972B call UN-GOODN.004DCB68 計算得一個數
00509730 lea eax,dword ptr ss:[ebp-5C]
00509733 lea edx,dword ptr ss:[ebp-68]
00509736 call UN-GOODN.004DCBDC 計算得一個字串 "GANQgI2m9NdTJIEp"
0050973B lea edx,dword ptr ss:[ebp-7C]
0050973E mov eax,dword ptr ss:[ebp-4]
00509741 mov eax,dword ptr ds:[eax+32C]
00509747 call UN-GOODN.00457230 再次取得註冊碼
0050974C mov eax,dword ptr ss:[ebp-7C]
0050974F lea edx,dword ptr ss:[ebp-78]
00509752 call UN-GOODN.00408B18 複製註冊碼
00509757 mov eax,dword ptr ss:[ebp-78]
0050975A lea edx,dword ptr ss:[ebp-5C]
0050975D call UN-GOODN.004DCB68 某種運算004DCB68
00509762 lea eax,dword ptr ss:[ebp-5C]
00509765 lea edx,dword ptr ss:[ebp-74]
00509768 call UN-GOODN.004DCBDC 得一個串 "hwCWvfiPQaZZZQKA"
0050976D lea edx,dword ptr ss:[ebp-5C]
00509770 mov eax,UN-GOODN.005098F8 ; ASCII "718B1C252E2F7E5E8F6328ED65617C95B47DAF"
00509775 call UN-GOODN.004DCB68 某種運算004DCB68
0050977A lea eax,dword ptr ss:[ebp-5C]
0050977D lea edx,dword ptr ss:[ebp-80]
00509780 call UN-GOODN.004DCBDC 得一個串"AStCa3pYweA0PZWK"
00509785 lea edx,dword ptr ss:[ebp-5C]
00509788 mov eax,UN-GOODN.00509928 ; ASCII "CCB3EF10FF82041FEC05EBCB3B523362992AB75ADD33CF49F"
0050978D call UN-GOODN.004DCB68 某種運算004DCB68
00509792 lea eax,dword ptr ss:[ebp-5C]
00509795 lea edx,dword ptr ss:[ebp-84]
0050979B call UN-GOODN.004DCBDC 得一個串 "wsra022ajLlcEEW9"
005097A0 test ebx,ebx
005097A2 jle short UN-GOODN.005097BF 公司名字尾輸入“comcn”時這兒跳,不會執行關鍵call
005097A4 mov eax,dword ptr ds:[51B81C]
005097A9 mov eax,dword ptr ds:[eax]
005097AB mov eax,dword ptr ds:[eax+430]
005097B1 cmp byte ptr ds:[eax+40],0
005097B5 je short UN-GOODN.005097BF
005097B7 mov eax,dword ptr ss:[ebp-4]
005097BA call UN-GOODN.0050903C <====關鍵CALL,跟進
跟進子程式0050903C
0050906F lea edx,dword ptr ss:[ebp-1C]
00509072 mov eax,dword ptr ss:[ebp-4]
00509075 mov eax,dword ptr ds:[eax+32C]
0050907B call cr-un-Go.00457230 取得註冊碼
00509080 mov eax,dword ptr ss:[ebp-1C]
00509083 lea edx,dword ptr ss:[ebp-18]
00509086 call cr-un-Go.00408B18 複製註冊碼
0050908B mov eax,dword ptr ss:[ebp-18]
0050908E call cr-un-Go.00404584 查註冊碼位數
00509093 cmp eax,16 位數不能小於22
00509096 jl cr-un-Go.00509368
0050909C lea edx,dword ptr ss:[ebp-24]
0050909F mov eax,dword ptr ss:[ebp-4]
005090A2 mov eax,dword ptr ds:[eax+300]
005090A8 call cr-un-Go.00457230 取得姓
005090AD mov eax,dword ptr ss:[ebp-24]
005090B0 lea edx,dword ptr ss:[ebp-20]
005090B3 call cr-un-Go.00408B18 複製姓
005090B8 mov eax,dword ptr ss:[ebp-20]
005090BB lea ecx,dword ptr ss:[ebp-10]
005090BE mov dl,2D
005090C0 call cr-un-Go.004E29C4 去掉姓中的'-'
005090C5 lea edx,dword ptr ss:[ebp-28]
005090C8 mov eax,dword ptr ss:[ebp-10]
005090CB call cr-un-Go.00408B18 複製去掉'-'後的姓
005090D0 mov eax,dword ptr ss:[ebp-28]
005090D3 call cr-un-Go.00404584 查姓的位數
005090D8 mov ebx,eax 位數存ebx
005090DA sar ebx,1 位數除以2
005090DC jns short cr-un-Go.005090E1
005090DE adc ebx,0
005090E1 test bx,bx
005090E4 jbe short cr-un-Go.00509160 商不能小於0
005090E6 mov word ptr ss:[ebp-14],bx
005090EA mov word ptr ss:[ebp-12],1
005090F0 lea eax,dword ptr ss:[ebp-C]
005090F3 push eax
005090F4 lea eax,dword ptr ss:[ebp-2C]
005090F7 push eax
005090F8 movzx eax,word ptr ss:[ebp-12]
005090FC mov edx,eax
005090FE add edx,edx
00509100 dec edx
00509101 mov ecx,2
00509106 mov eax,dword ptr ss:[ebp-10]
00509109 call cr-un-Go.004047E4 從eax所指的第edx位開始取ecx位
0050910E mov edx,dword ptr ss:[ebp-2C]
00509111 mov eax,dword ptr ds:[51B81C]
00509116 mov eax,dword ptr ds:[eax]
00509118 mov eax,dword ptr ds:[eax+3D4]
0050911E mov ecx,cr-un-Go.00509454 ; ASCII "11"
00509123 call cr-un-Go.004ED3BC 取得字串"06"
00509128 xor eax,eax
0050912A push ebp
0050912B push cr-un-Go.0050914A
00509130 push dword ptr fs:[eax]
00509133 mov dword ptr fs:[eax],esp
00509136 mov eax,dword ptr ss:[ebp-C] 字串"06"
00509139 call cr-un-Go.00408FEC 字串變成整數,"06"變成6
0050913E mov ebx,eax 暫存於ebx
00509140 xor eax,eax
00509142 pop edx
00509143 pop ecx
00509144 pop ecx
00509145 mov dword ptr fs:[eax],edx
00509148 jmp short cr-un-Go.00509156
0050914A jmp cr-un-Go.00403914
0050914F xor ebx,ebx
00509151 call cr-un-Go.00403D40
00509156 inc word ptr ss:[ebp-12]
0050915A dec word ptr ss:[ebp-14]
0050915E jnz short cr-un-Go.005090F0
00509160 cmp bx,1
00509164 jb cr-un-Go.00509368
0050916A lea eax,dword ptr ss:[ebp-30]
0050916D call cr-un-Go.004E261C 從系統得到申請碼
00509172 mov eax,dword ptr ss:[ebp-30]
00509175 lea edx,dword ptr ss:[ebp-10]
00509178 call cr-un-Go.00408B18 複製申請碼
0050917D lea edx,dword ptr ss:[ebp-34]
00509180 mov eax,dword ptr ss:[ebp-10]
00509183 call cr-un-Go.00408B18 又複製申請碼
00509188 mov eax,dword ptr ss:[ebp-34]
0050918B call cr-un-Go.00404584 查申請碼位數
00509190 cmp eax,2
00509193 jl cr-un-Go.00509368
00509199 lea edx,dword ptr ss:[ebp-3C]
0050919C mov eax,dword ptr ss:[ebp-4]
0050919F mov eax,dword ptr ds:[eax+2FC]
005091A5 call cr-un-Go.00457230 從對話方塊得到申請碼
005091AA mov eax,dword ptr ss:[ebp-3C]
005091AD lea edx,dword ptr ss:[ebp-38]
005091B0 call cr-un-Go.00408B18 複製申請碼
005091B5 mov edx,dword ptr ss:[ebp-38]
005091B8 mov eax,dword ptr ss:[ebp-10]
005091BB call cr-un-Go.004046D0 字串比較
005091C0 jnz cr-un-Go.00509368
005091C6 lea edx,dword ptr ss:[ebp-44]
005091C9 mov eax,dword ptr ss:[ebp-4]
005091CC mov eax,dword ptr ds:[eax+324]
005091D2 call cr-un-Go.00457230 取得公司名字尾
005091D7 mov eax,dword ptr ss:[ebp-44]
005091DA lea edx,dword ptr ss:[ebp-40]
005091DD call cr-un-Go.00408B18 複製公司名字尾
005091E2 mov eax,dword ptr ss:[ebp-40]
005091E5 call cr-un-Go.00404584 查公司名字尾位數
005091EA cmp eax,3
005091ED jle cr-un-Go.0050928C
005091F3 lea eax,dword ptr ss:[ebp-48]
005091F6 push eax
005091F7 lea edx,dword ptr ss:[ebp-4C]
005091FA mov eax,dword ptr ss:[ebp-10]
005091FD call cr-un-Go.00408B18 複製申請碼
00509202 lea eax,dword ptr ss:[ebp-4C]
00509205 mov edx,cr-un-Go.00509460 ; ASCII " "
0050920A call cr-un-Go.0040458C 連線字串,得到 "25963613 "
0050920F mov eax,dword ptr ss:[ebp-4C]
00509212 mov ecx,8
00509217 mov edx,1
0050921C call cr-un-Go.004047E4 從字串的第edx位開始取ecx位
00509221 push dword ptr ss:[ebp-48]
00509224 lea edx,dword ptr ss:[ebp-54]
00509227 mov eax,dword ptr ss:[ebp-4]
0050922A mov eax,dword ptr ds:[eax+300]
00509230 call cr-un-Go.00457230 取得姓
00509235 mov eax,dword ptr ss:[ebp-54]
00509238 lea edx,dword ptr ss:[ebp-50]
0050923B call cr-un-Go.00408B18 複製姓
00509240 push dword ptr ss:[ebp-50]
00509243 push cr-un-Go.00509474
00509248 lea eax,dword ptr ss:[ebp-58]
0050924B push eax
0050924C lea edx,dword ptr ss:[ebp-60]
0050924F mov eax,dword ptr ss:[ebp-4]
00509252 mov eax,dword ptr ds:[eax+324]
00509258 call cr-un-Go.00457230 取得公司名字尾
0050925D mov eax,dword ptr ss:[ebp-60]
00509260 lea edx,dword ptr ss:[ebp-5C]
00509263 call cr-un-Go.00408B18 複製公司名字尾
00509268 mov eax,dword ptr ss:[ebp-5C]
0050926B mov ecx,2
00509270 mov edx,3
00509275 call cr-un-Go.004047E4 從字串的第edx位開始取ecx位,即取第2個漢字
0050927A push dword ptr ss:[ebp-58]
0050927D lea eax,dword ptr ss:[ebp-10]
00509280 mov edx,4
00509285 call cr-un-Go.00404644 連線字串,連線成"25963613朱-司"
0050928A jmp short cr-un-Go.005092E6
0050928C lea eax,dword ptr ss:[ebp-64]
0050928F push eax
00509290 lea edx,dword ptr ss:[ebp-68]
00509293 mov eax,dword ptr ss:[ebp-10]
00509296 call cr-un-Go.00408B18
0050929B lea eax,dword ptr ss:[ebp-68]
0050929E mov edx,cr-un-Go.00509460 ; ASCII " "
005092A3 call cr-un-Go.0040458C 連線字串,得到 "25963613 "
005092A8 mov eax,dword ptr ss:[ebp-68]
005092AB mov ecx,8
005092B0 mov edx,1
005092B5 call cr-un-Go.004047E4 取出"25963613 " 的前8位 "25963613"
005092BA mov eax,dword ptr ss:[ebp-64]
005092BD push eax "25963613"的地址入棧
005092BE lea edx,dword ptr ss:[ebp-70]
005092C1 mov eax,dword ptr ss:[ebp-4]
005092C4 mov eax,dword ptr ds:[eax+300]
005092CA call cr-un-Go.00457230 取得姓
005092CF mov eax,dword ptr ss:[ebp-70]
005092D2 lea edx,dword ptr ss:[ebp-6C]
005092D5 call cr-un-Go.00408B18
005092DA mov ecx,dword ptr ss:[ebp-6C] 姓
005092DD lea eax,dword ptr ss:[ebp-10] 結果
005092E0 pop edx 申請碼地址出棧
005092E1 call cr-un-Go.004045D0 連線edx、ecx所指的字串,結果地址存eax
005092E6 lea edx,dword ptr ss:[ebp-7C] 跳到這兒
005092E9 mov eax,dword ptr ss:[ebp-4]
005092EC mov eax,dword ptr ds:[eax+32C]
005092F2 call cr-un-Go.00457230 取得註冊碼
005092F7 mov eax,dword ptr ss:[ebp-7C]
005092FA lea edx,dword ptr ss:[ebp-78]
005092FD call cr-un-Go.00408B18 複製註冊碼
00509302 mov eax,dword ptr ss:[ebp-78]
00509305 lea ecx,dword ptr ss:[ebp-74]
00509308 mov dl,2D
0050930A call cr-un-Go.004E29C4 去掉其中的'-'
0050930F mov edx,dword ptr ss:[ebp-74] 註冊碼
00509312 mov ecx,cr-un-Go.00509480 ; ASCII "111"
00509317 mov eax,dword ptr ss:[ebp-10] 申請碼加姓加公司名字尾中的兩位
0050931A call cr-un-Go.004E1BBC <====關鍵call之一,計算及比較,正確時寫入登錄檔
0050931F mov byte ptr ss:[ebp-5],al 存結果
00509322 cmp byte ptr ss:[ebp-5],0 檢查結果
00509326 je short cr-un-Go.00509368
00509328 lea edx,dword ptr ss:[ebp-88]
0050932E mov eax,dword ptr ss:[ebp-4]
00509331 mov eax,dword ptr ds:[eax+32C]
00509337 call cr-un-Go.00457230 取得註冊碼
0050933C mov eax,dword ptr ss:[ebp-88]
00509342 lea edx,dword ptr ss:[ebp-84]
00509348 call cr-un-Go.00408B18 複製註冊碼
0050934D mov eax,dword ptr ss:[ebp-84]
00509353 lea ecx,dword ptr ss:[ebp-80]
00509356 mov dl,2D
00509358 call cr-un-Go.004E29C4 去掉註冊碼中的'-'
0050935D mov edx,dword ptr ss:[ebp-80] 註冊碼
00509360 mov eax,dword ptr ss:[ebp-10] 申請碼加姓加公司名字尾中的兩位
00509363 call cr-un-Go.004E17B0 <====關鍵call之二,這一步以後登錄檔又被更改
00509368 xor eax,eax 以下全是清理資料
跟進0050931A call cr-un-Go.004E1BBC:
004E1C36 mov ecx,eax
004E1C38 xor eax,eax
004E1C3A mov al,cl 申請碼加姓的一位
004E1C3C imul dword ptr ss:[ebp-18] 乘以上次的餘數
004E1C3F add eax,68911 加上常數68911
004E1C44 mov ecx,0F4240
004E1C49 xor edx,edx
004E1C4B div ecx 除以常數0F4240
004E1C4D mov dword ptr ss:[ebp-18],edx 存餘數
004E1C50 inc ebx
004E1C51 xor eax,eax
004E1C53 mov al,bl
004E1C55 mov edx,dword ptr ss:[ebp-4]
004E1C58 mov al,byte ptr ds:[edx+eax-1] 取申請碼加姓的一位
004E1C5C test al,al
004E1C5E jnz short un-GoodN.004E1C36
004E1C60 mov eax,dword ptr ss:[ebp-18]
004E1C63 xor edx,edx
004E1C65 push edx ; /Arg2 => 00000000
004E1C66 push eax ; |Arg1
004E1C67 lea eax,dword ptr ss:[ebp-30] ; |
004E1C6A call un-GoodN.00408F6C ; \un-GoodN.00408F6C 按10進位制列印資料,得到"982165"
004E1C6F lea edx,dword ptr ss:[ebp-44]
004E1C72 mov eax,dword ptr ss:[ebp-30]
004E1C75 call un-GoodN.00408B18 複製
004E1C7A mov edx,dword ptr ss:[ebp-44]
004E1C7D lea eax,dword ptr ss:[ebp-30]
004E1C80 call un-GoodN.0040435C 沒看出什麼變化
004E1C85 mov dword ptr ss:[ebp-40],28753F59
004E1C8C mov dword ptr ss:[ebp-3C],20681261
004E1C93 mov dword ptr ss:[ebp-38],2A316962
004E1C9A mov dword ptr ss:[ebp-34],2E311871
004E1CA1 xor esi,esi
004E1CA3 mov bl,4
004E1CA5 xor eax,eax
004E1CA7 mov al,bl
004E1CA9 mov edx,dword ptr ss:[ebp-4]
004E1CAC movzx eax,byte ptr ds:[edx+eax-1] 取申請碼加姓的一位,但從第四位開始取
004E1CB1 add esi,eax
004E1CB3 shl esi,8
004E1CB6 dec ebx
004E1CB7 cmp bl,1
004E1CBA jnz short un-GoodN.004E1CA5
004E1CBC mov eax,dword ptr ss:[ebp-4]
004E1CBF movzx eax,byte ptr ds:[eax]
004E1CC2 add esi,eax 到此取出申請碼的前四位,存於esi中
004E1CC4 xor edi,edi
004E1CC6 mov bl,8
004E1CC8 xor eax,eax
004E1CCA mov al,bl
004E1CCC mov edx,dword ptr ss:[ebp-4]
004E1CCF movzx eax,byte ptr ds:[edx+eax-1]
004E1CD4 add edi,eax
004E1CD6 shl edi,8
004E1CD9 dec ebx
004E1CDA cmp bl,5
004E1CDD jnz short un-GoodN.004E1CC8
004E1CDF mov eax,dword ptr ss:[ebp-4]
004E1CE2 movzx eax,byte ptr ds:[eax+4]
004E1CE6 add edi,eax 到此取出申請碼的後四位,存於edi中
004E1CE8 xor eax,eax
004E1CEA mov dword ptr ss:[ebp-18],eax
004E1CED lea edx,dword ptr ss:[ebp-58]
004E1CF0 mov eax,un-GoodN.004E248C ; ASCII "718B1C252E2F7E5E8F6328ED65617C95B47DAF"
004E1CF5 call un-GoodN.004DCB68 某種計算,得一數
004E1CFA lea eax,dword ptr ss:[ebp-58]
004E1CFD lea edx,dword ptr ss:[ebp-48]
004E1D00 call un-GoodN.004DCBDC 某種變換,得一字串"AStCa3pYweA0PZWK"
004E1D05 mov bl,20
004E1D07 add dword ptr ss:[ebp-18],9E3719B5
004E1D0E mov eax,edi
004E1D10 shl eax,4
004E1D13 add esi,eax
004E1D15 mov eax,dword ptr ss:[ebp-3C]
004E1D18 xor eax,edi
004E1D1A add esi,eax
004E1D1C mov eax,edi
004E1D1E shr eax,5
004E1D21 xor eax,dword ptr ss:[ebp-18]
004E1D24 add esi,eax
004E1D26 add esi,dword ptr ss:[ebp-40]
004E1D29 mov eax,esi
004E1D2B shl eax,4
004E1D2E add edi,eax
004E1D30 mov eax,dword ptr ss:[ebp-34]
004E1D33 xor eax,esi
004E1D35 add edi,eax
004E1D37 mov eax,esi
004E1D39 shr eax,5
004E1D3C xor eax,dword ptr ss:[ebp-18]
004E1D3F add edi,eax
004E1D41 add edi,dword ptr ss:[ebp-38]
004E1D44 dec bl
004E1D46 jnz short un-GoodN.004E1D07 迴圈對申請碼計算
004E1D48 mov eax,esi
004E1D4A and eax,3FFFFFFF
004E1D4F add eax,2
004E1D52 xor edx,edx
004E1D54 mov dword ptr ss:[ebp-20],eax 存申請碼變換結果
004E1D57 mov dword ptr ss:[ebp-1C],edx 存申請碼變換結果
004E1D5A mov eax,esi
004E1D5C shr eax,1E
004E1D5F add eax,24F80050
004E1D64 add eax,2
004E1D67 xor edx,edx
004E1D69 mov dword ptr ss:[ebp-28],eax 存申請碼變換結果
004E1D6C mov dword ptr ss:[ebp-24],edx 存申請碼變換結果
004E1D6F push dword ptr ss:[ebp-1C] ; /Arg2
004E1D72 push dword ptr ss:[ebp-20] ; |Arg1
004E1D75 call un-GoodN.004E0E00 ; \un-GoodN.004E0E00 計算
004E1D7A mov dword ptr ss:[ebp-20],eax 存結果
004E1D7D mov dword ptr ss:[ebp-1C],edx
004E1D80 push dword ptr ss:[ebp-24] ; /Arg2
004E1D83 push dword ptr ss:[ebp-28] ; |Arg1
004E1D86 call un-GoodN.004E0E00 ; \un-GoodN.004E0E00 計算
004E1D8B mov dword ptr ss:[ebp-28],eax 存結果
004E1D8E mov dword ptr ss:[ebp-24],edx
004E1D91 lea edx,dword ptr ss:[ebp-58]
004E1D94 mov eax,un-GoodN.004E24BC ;ASCII "CCB3EF10FF82041FEC05EBCB3B523362992AB75ADD33CF49F"
004E1D99 call un-GoodN.004DCB68 某種計算,得一數
004E1D9E lea eax,dword ptr ss:[ebp-58]
004E1DA1 lea edx,dword ptr ss:[ebp-5C]
004E1DA4 call un-GoodN.004DCBDC 某種變換,得一字串 "wsra022ajLlcEEW9"
004E1DA9 push dword ptr ss:[ebp-24] ; /Arg2
004E1DAC push dword ptr ss:[ebp-28] ; |Arg1
004E1DAF lea edx,dword ptr ss:[ebp-64] ; |
004E1DB2 mov eax,8 ; |
004E1DB7 call un-GoodN.00408FBC ; \un-GoodN.00408FBC 按16進位制列印
004E1DBC mov eax,dword ptr ss:[ebp-64]
004E1DBF lea edx,dword ptr ss:[ebp-60]
004E1DC2 call un-GoodN.00408B18 某種計算,得一數
004E1DC7 mov eax,dword ptr ss:[ebp-60]
004E1DCA push eax
004E1DCB push dword ptr ss:[ebp-1C] ; /Arg2
004E1DCE push dword ptr ss:[ebp-20] ; |Arg1
004E1DD1 lea edx,dword ptr ss:[ebp-6C] ; |
004E1DD4 mov eax,8 ; |
004E1DD9 call un-GoodN.00408FBC ; \un-GoodN.00408FBC 按16進位制列印
004E1DDE mov eax,dword ptr ss:[ebp-6C]
004E1DE1 lea edx,dword ptr ss:[ebp-68]
004E1DE4 call un-GoodN.00408B18 某種計算,得一數
004E1DE9 mov edx,dword ptr ss:[ebp-68]
004E1DEC lea eax,dword ptr ss:[ebp-2C]
004E1DEF pop ecx
004E1DF0 call un-GoodN.004045D0 連線字串
004E1DF5 lea ecx,dword ptr ss:[ebp-70]
004E1DF8 mov eax,dword ptr ss:[ebp-2C]
004E1DFB mov dl,byte ptr ds:[eax+2] '6'
004E1DFE mov eax,dword ptr ss:[ebp-2C]
004E1E01 call un-GoodN.004E29C4 去掉其中的'6'
004E1E06 mov edx,dword ptr ss:[ebp-70]
004E1E09 lea eax,dword ptr ss:[ebp-2C]
004E1E0C call un-GoodN.0040435C 沒看出什麼變化
004E1E11 lea ecx,dword ptr ss:[ebp-74]
004E1E14 mov edx,dword ptr ss:[ebp-30]
004E1E17 mov eax,dword ptr ss:[ebp-2C]
004E1E1A call un-GoodN.004DD8E8 字串變換
004E1E1F mov edx,dword ptr ss:[ebp-74]
004E1E22 lea eax,dword ptr ss:[ebp-30]
004E1E25 call un-GoodN.0040435C
004E1E2A lea ecx,dword ptr ss:[ebp-78]
004E1E2D mov eax,dword ptr ss:[ebp-30]
004E1E30 mov dl,byte ptr ds:[eax+D] '6'
004E1E33 mov eax,dword ptr ss:[ebp-30] 字串 "FC3C63988AAA46B00FF5D5DB8131CD3F"
004E1E36 call un-GoodN.004E29C4 去掉其中的'6'
004E1E3B mov edx,dword ptr ss:[ebp-78]
004E1E3E lea eax,dword ptr ss:[ebp-30]
004E1E41 call un-GoodN.0040435C
004E1E46 mov eax,dword ptr ds:[51B81C]
004E1E4B mov eax,dword ptr ds:[eax]
004E1E4D mov eax,dword ptr ds:[eax+430]
004E1E53 cmp byte ptr ds:[eax+40],0
004E1E57 je un-GoodN.004E239D
004E1E5D lea edx,dword ptr ss:[ebp-2C] 申請碼變來的數
004E1E60 mov eax,dword ptr ss:[ebp-8] 註冊碼 "1234523456345674567856789"
004E1E63 call un-GoodN.004E2744 註冊碼變成 "4231423546354675867586759"
004E1E68 mov eax,dword ptr ss:[ebp-C]
004E1E6B mov edx,un-GoodN.004E24F8 ; ASCII "aaa"
004E1E70 call un-GoodN.004046D0
004E1E75 jnz short un-GoodN.004E1E94
004E1E77 mov eax,dword ptr ds:[51BD30]
004E1E7C mov eax,dword ptr ds:[eax]
004E1E7E mov ecx,dword ptr ss:[ebp-30]
004E1E81 mov edx,1
004E1E86 mov ebx,dword ptr ds:[eax]
004E1E88 call dword ptr ds:[ebx+20]
004E1E8B mov byte ptr ss:[ebp-D],1
004E1E8F jmp un-GoodN.004E239D
004E1E94 lea eax,dword ptr ss:[ebp-80]
004E1E97 push eax
004E1E98 lea eax,dword ptr ss:[ebp-84]
004E1E9E mov ecx,un-GoodN.004E2504 ; ASCII " "
004E1EA3 mov edx,dword ptr ss:[ebp-2C]
004E1EA6 call un-GoodN.004045D0 加5個空格,變成 "4231423546354675867586759 "
004E1EAB mov eax,dword ptr ss:[ebp-84]
004E1EB1 mov ecx,7
004E1EB6 mov edx,11
004E1EBB call un-GoodN.004047E4 從第17位開始取7位, "8675867"
004E1EC0 mov eax,dword ptr ss:[ebp-80] "8675867"
004E1EC3 lea ecx,dword ptr ss:[ebp-7C]
004E1EC6 mov edx,un-GoodN.004E2514 常數"34A5CC48D1AB3"
004E1ECB call un-GoodN.004DD8E8 字串變換,得 "9E4165ADC409583C"
004E1ED0 mov eax,dword ptr ss:[ebp-7C]
004E1ED3 push eax
004E1ED4 lea eax,dword ptr ss:[ebp-8C]
004E1EDA push eax
004E1EDB lea eax,dword ptr ss:[ebp-90]
004E1EE1 mov ecx,un-GoodN.004E252C ; ASCII "2AB75ADD"
004E1EE6 mov edx,dword ptr ss:[ebp-30] "FC3C3988AAA4B00FF5D5DB8131CD3F"
004E1EE9 call un-GoodN.004045D0 連線成 "FC3C3988AAA4B00FF5D5DB8131CD3F2AB75ADD"
004E1EEE mov eax,dword ptr ss:[ebp-90]
004E1EF4 mov ecx,7
004E1EF9 mov edx,1
004E1EFE call un-GoodN.004047E4 取前7位得 "FC3C398"
004E1F03 mov eax,dword ptr ss:[ebp-8C] ASCII "FC3C398"
004E1F09 lea ecx,dword ptr ss:[ebp-88]
004E1F0F mov edx,un-GoodN.004E2514 ; ASCII "34A5CC48D1AB3"
004E1F14 call un-GoodN.004DD8E8 字串變換,得 "EF9F176831E87F88"
004E1F19 mov edx,dword ptr ss:[ebp-88] "EF9F176831E87F88"
004E1F1F pop eax "9E4165ADC409583C"
004E1F20 call un-GoodN.004046D0 關鍵比較,字串比較
004E1F25 jnz un-GoodN.004E2382 關鍵跳,這兒不跳就會將資訊寫入登錄檔
004E1F2B mov eax,dword ptr ss:[ebp-C]
004E1F2E mov edx,un-GoodN.004E2540 ; ASCII "111"
004E1F33 call un-GoodN.004046D0
004E1F38 jnz un-GoodN.004E237C
004E1F3E mov dl,1
004E1F40 mov eax,dword ptr ds:[43C144]
004E1F45 call un-GoodN.0043C244
004E1F4A mov dword ptr ss:[ebp-14],eax
004E1F4D xor eax,eax
004E1F4F push ebp
004E1F50 push un-GoodN.004E2375
004E1F55 push dword ptr fs:[eax]
004E1F58 mov dword ptr fs:[eax],esp
004E1F5B mov edx,80000002
004E1F60 mov eax,dword ptr ss:[ebp-14]
004E1F63 call un-GoodN.0043C2E4
004E1F68 mov cl,1
004E1F6A mov edx,un-GoodN.004E254C ; ASCII "Software\GoodSoft\GoodName"
004E1F6F mov eax,dword ptr ss:[ebp-14]
004E1F72 call un-GoodN.0043C34C
004E1F77 test al,al
004E1F79 jnz short un-GoodN.004E1F85
004E1F7B call un-GoodN.00403D70
004E1F80 jmp un-GoodN.004E239D
004E1F85 lea eax,dword ptr ss:[ebp-98]
004E1F8B call un-GoodN.004E26B0
004E1F90 mov eax,dword ptr ss:[ebp-98]
004E1F96 lea edx,dword ptr ss:[ebp-94]
004E1F9C call un-GoodN.00408B18
004E1FA1 mov eax,dword ptr ss:[ebp-94]
004E1FA7 call un-GoodN.00408FEC
004E1FAC mov ecx,eax
004E1FAE mov edx,un-GoodN.004E2570 ; ASCII "Appid"
004E1FB3 mov eax,dword ptr ss:[ebp-14]
004E1FB6 call un-GoodN.0043C76C "Appid"寫入登錄檔
004E1FBB xor eax,eax
004E1FBD push ebp
004E1FBE push un-GoodN.004E2014
004E1FC3 push dword ptr fs:[eax]
004E1FC6 mov dword ptr fs:[eax],esp
004E1FC9 lea eax,dword ptr ss:[ebp-9C]
004E1FCF push eax
004E1FD0 lea edx,dword ptr ss:[ebp-A0]
004E1FD6 mov eax,dword ptr ds:[51B81C]
004E1FDB mov eax,dword ptr ds:[eax]
004E1FDD mov eax,dword ptr ds:[eax+404]
004E1FE3 call un-GoodN.00457230 取得"009公司"
004E1FE8 mov eax,dword ptr ss:[ebp-A0]
004E1FEE mov ecx,3
004E1FF3 mov edx,1
004E1FF8 call un-GoodN.004047E4
004E1FFD mov eax,dword ptr ss:[ebp-9C]
004E2003 call un-GoodN.00408FEC
004E2008 mov ebx,eax
004E200A xor eax,eax
004E200C pop edx
004E200D pop ecx
004E200E pop ecx
004E200F mov dword ptr fs:[eax],edx
004E2012 jmp short un-GoodN.004E2020
004E2014 jmp un-GoodN.00403914
004E2019 xor ebx,ebx
004E201B call un-GoodN.00403D40
004E2020 test bl,bl
004E2022 jbe short un-GoodN.004E2055
004E2024 lea eax,dword ptr ss:[ebp-30]
004E2027 push eax
004E2028 lea edx,dword ptr ss:[ebp-A4]
004E202E mov eax,dword ptr ss:[ebp-4]
004E2031 call un-GoodN.00408B18
004E2036 mov eax,dword ptr ss:[ebp-A4]
004E203C call un-GoodN.00404584
004E2041 mov ecx,eax
004E2043 sub ecx,0B
004E2046 mov edx,9
004E204B mov eax,dword ptr ss:[ebp-4]
004E204E call un-GoodN.004047E4
004E2053 jmp short un-GoodN.004E2084
004E2055 lea eax,dword ptr ss:[ebp-30]
004E2058 push eax
004E2059 lea edx,dword ptr ss:[ebp-A8]
004E205F mov eax,dword ptr ss:[ebp-4]
004E2062 call un-GoodN.00408B18
004E2067 mov eax,dword ptr ss:[ebp-A8]
004E206D call un-GoodN.00404584
004E2072 mov ecx,eax
004E2074 sub ecx,8
004E2077 mov edx,9
004E207C mov eax,dword ptr ss:[ebp-4]
004E207F call un-GoodN.004047E4
004E2084 mov ecx,dword ptr ss:[ebp-30]
004E2087 mov edx,un-GoodN.004E2580 ; ASCII "FName"
004E208C mov eax,dword ptr ss:[ebp-14]
004E208F call un-GoodN.0043C6C8 "FName"即姓,寫入登錄檔
004E2094 lea eax,dword ptr ss:[ebp-B0]
004E209A push eax
004E209B mov ecx,5
004E20A0 mov edx,1
004E20A5 mov eax,dword ptr ss:[ebp-8]
004E20A8 call un-GoodN.004047E4 註冊碼取1~5位
004E20AD push dword ptr ss:[ebp-B0]
004E20B3 push un-GoodN.004E2590 '-'
004E20B8 lea eax,dword ptr ss:[ebp-B4]
004E20BE push eax
004E20BF mov ecx,5
004E20C4 mov edx,6
004E20C9 mov eax,dword ptr ss:[ebp-8]
004E20CC call un-GoodN.004047E4 註冊碼取6~10位
004E20D1 push dword ptr ss:[ebp-B4]
004E20D7 push un-GoodN.004E2590 '-'
004E20DC lea eax,dword ptr ss:[ebp-B8]
004E20E2 push eax
004E20E3 mov ecx,5
004E20E8 mov edx,0B
004E20ED mov eax,dword ptr ss:[ebp-8]
004E20F0 call un-GoodN.004047E4 註冊碼取11~15位
004E20F5 push dword ptr ss:[ebp-B8]
004E20FB push un-GoodN.004E2590 '-'
004E2100 lea eax,dword ptr ss:[ebp-BC]
004E2106 push eax
004E2107 mov ecx,3
004E210C mov edx,10
004E2111 mov eax,dword ptr ss:[ebp-8]
004E2114 call un-GoodN.004047E4 註冊碼取16~18位
004E2119 push dword ptr ss:[ebp-BC]
004E211F push un-GoodN.004E2590 '-'
004E2124 lea eax,dword ptr ss:[ebp-C0]
004E212A push eax
004E212B mov ecx,5
004E2130 mov edx,13
004E2135 mov eax,dword ptr ss:[ebp-8]
004E2138 call un-GoodN.004047E4 註冊碼取19~23位
004E213D push dword ptr ss:[ebp-C0]
004E2143 lea eax,dword ptr ss:[ebp-AC]
004E2149 mov edx,9
004E214E call un-GoodN.00404644 把edx段字串連線起來
004E2153 mov ecx,dword ptr ss:[ebp-AC]
004E2159 mov edx,un-GoodN.004E259C ; ASCII "Serial"
004E215E mov eax,dword ptr ss:[ebp-14]
004E2161 call un-GoodN.0043C6C8 寫入登錄檔,可見註冊碼是22或23位有效
004E2166 lea edx,dword ptr ss:[ebp-C4]
004E216C mov eax,dword ptr ds:[51B81C]
004E2171 mov eax,dword ptr ds:[eax]
004E2173 mov eax,dword ptr ds:[eax+404]
004E2179 call un-GoodN.00457230
004E217E mov eax,dword ptr ss:[ebp-C4]
004E2184 call un-GoodN.00404584
004E2189 cmp eax,6
004E218C jle un-GoodN.004E2220
004E2192 lea eax,dword ptr ss:[ebp-C8]
004E2198 push eax
004E2199 lea edx,dword ptr ss:[ebp-D0]
004E219F mov eax,dword ptr ds:[51B81C]
004E21A4 mov eax,dword ptr ds:[eax]
004E21A6 mov eax,dword ptr ds:[eax+404]
004E21AC call un-GoodN.00457230
004E21B1 mov eax,dword ptr ss:[ebp-D0]
004E21B7 lea edx,dword ptr ss:[ebp-CC]
004E21BD call un-GoodN.00408B18
004E21C2 mov eax,dword ptr ss:[ebp-CC]
004E21C8 call un-GoodN.00404584
004E21CD sub eax,3
004E21D0 push eax
004E21D1 lea edx,dword ptr ss:[ebp-D8]
004E21D7 mov eax,dword ptr ds:[51B81C]
004E21DC mov eax,dword ptr ds:[eax]
004E21DE mov eax,dword ptr ds:[eax+404]
004E21E4 call un-GoodN.00457230
004E21E9 mov eax,dword ptr ss:[ebp-D8]
004E21EF lea edx,dword ptr ss:[ebp-D4]
004E21F5 call un-GoodN.00408B18
004E21FA mov eax,dword ptr ss:[ebp-D4]
004E2200 mov edx,4
004E2205 pop ecx
004E2206 call un-GoodN.004047E4
004E220B mov ecx,dword ptr ss:[ebp-C8]
004E2211 mov edx,un-GoodN.004E25AC ; ASCII "HName"
004E2216 mov eax,dword ptr ss:[ebp-14]
004E2219 call un-GoodN.0043C6C8 公司名字尾寫入"HName"項
004E221E jmp short un-GoodN.004E222F
004E2220 xor ecx,ecx
004E2222 mov edx,un-GoodN.004E25AC ; ASCII "HName"
004E2227 mov eax,dword ptr ss:[ebp-14]
004E222A call un-GoodN.0043C6C8
004E222F mov cl,1
004E2231 mov edx,un-GoodN.004E25BC ; ASCII "License"
004E2236 mov eax,dword ptr ss:[ebp-14]
004E2239 call un-GoodN.0043C34C 檢查有無"License"
004E223E test al,al
004E2240 jnz short un-GoodN.004E224C
004E2242 call un-GoodN.00403D70
004E2247 jmp un-GoodN.004E239D
004E224C mov ecx,0FB
004E2251 mov edx,un-GoodN.004E25CC ; ASCII "RegMod"
004E2256 mov eax,dword ptr ss:[ebp-14]
004E2259 call un-GoodN.0043C76C "RegMod"寫入登錄檔,ecx中的數寫入登錄檔
004E225E mov ecx,2
004E2263 mov edx,un-GoodN.004E25DC ; ASCII "RegSeq"
004E2268 mov eax,dword ptr ss:[ebp-14]
004E226B call un-GoodN.0043C76C "RegSeq"寫入登錄檔
004E2270 lea ecx,dword ptr ss:[ebp-DC]
004E2276 mov edx,un-GoodN.004E25EC ; ASCII "CFE37613C6ACB1"
004E227B mov eax,dword ptr ss:[ebp-30] 姓
004E227E call un-GoodN.004DD8E8 計算出正確的Value,得到"AC2A706C25768C57"
004E2283 mov ecx,dword ptr ss:[ebp-DC]
004E2289 mov edx,un-GoodN.004E2604 ; ASCII "Value"
004E228E mov eax,dword ptr ss:[ebp-14]
004E2291 call un-GoodN.0043C6C8 "Value"寫入登錄檔
004E2296 lea edx,dword ptr ss:[ebp-E0]
004E229C mov eax,dword ptr ds:[51B81C]
004E22A1 mov eax,dword ptr ds:[eax]
004E22A3 mov eax,dword ptr ds:[eax+404]
004E22A9 call un-GoodN.00457230
004E22AE mov eax,dword ptr ss:[ebp-E0]
004E22B4 call un-GoodN.00404584
004E22B9 cmp eax,6
004E22BC jle un-GoodN.004E2348
004E22C2 lea eax,dword ptr ss:[ebp-EC]
004E22C8 push eax
004E22C9 lea edx,dword ptr ss:[ebp-F4]
004E22CF mov eax,dword ptr ds:[51B81C]
004E22D4 mov eax,dword ptr ds:[eax]
004E22D6 mov eax,dword ptr ds:[eax+404]
004E22DC call un-GoodN.00457230
004E22E1 mov eax,dword ptr ss:[ebp-F4]
004E22E7 lea edx,dword ptr ss:[ebp-F0]
004E22ED call un-GoodN.00408B18
004E22F2 mov eax,dword ptr ss:[ebp-F0]
004E22F8 mov ecx,2
004E22FD mov edx,6
004E2302 call un-GoodN.004047E4
004E2307 mov ecx,dword ptr ss:[ebp-EC]
004E230D lea eax,dword ptr ss:[ebp-E8]
004E2313 mov edx,un-GoodN.004E2590
004E2318 call un-GoodN.004045D0
004E231D mov eax,dword ptr ss:[ebp-E8]
004E2323 lea ecx,dword ptr ss:[ebp-E4]
004E2329 mov edx,un-GoodN.004E25EC ; ASCII "CFE37613C6ACB1"
004E232E call un-GoodN.004DD8E8 計算出正確的Value1
004E2333 mov ecx,dword ptr ss:[ebp-E4]
004E2339 mov edx,un-GoodN.004E2614 ; ASCII "Value1"
004E233E mov eax,dword ptr ss:[ebp-14]
004E2341 call un-GoodN.0043C6C8 正確的Value1寫入登錄檔
004E2346 jmp short un-GoodN.004E2357
004E2348 xor ecx,ecx
004E234A mov edx,un-GoodN.004E2614 ; ASCII "Value1"
004E234F mov eax,dword ptr ss:[ebp-14]
004E2352 call un-GoodN.0043C6C8
004E2357 mov eax,dword ptr ss:[ebp-14]
004E235A call un-GoodN.0043C2B4
004E235F xor eax,eax
004E2361 pop edx
004E2362 pop ecx
004E2363 pop ecx
004E2364 mov dword ptr fs:[eax],edx
004E2367 push un-GoodN.004E237C
004E236C mov eax,dword ptr ss:[ebp-14]
004E236F call un-GoodN.00403474
004E2374 retn
關鍵call之二:
004E180C lea edx,dword ptr ss:[ebp-28]
004E180F mov eax,un-GoodN.004E1B00 ; ASCII "97D31761231075EDB894FF0ADB7"
004E1814 call un-GoodN.004DCB68 字串常數變成數
004E1819 lea eax,dword ptr ss:[ebp-28]
004E181C lea edx,dword ptr ss:[ebp-18]
004E181F call un-GoodN.004DCBDC 數變成一個新的字串"TgdJVMAiTSOATA3i"
004E1824 lea edx,dword ptr ss:[ebp-28]
004E1827 mov eax,un-GoodN.004E1B24 ; ASCII "F7C2D6309172AEB32AB5F063061034A5CC48D1AB3"
004E182C call un-GoodN.004DCB68 字串常數變成數
004E1831 lea eax,dword ptr ss:[ebp-28]
004E1834 lea edx,dword ptr ss:[ebp-2C]
004E1837 call un-GoodN.004DCBDC 數變成一個新的字串"A0HZK47KDAqB0Dxk"
004E183C lea edx,dword ptr ss:[ebp-28]
004E183F mov eax,dword ptr ss:[ebp-4] 申請碼加姓加公司名字尾的第2個字
004E1842 call un-GoodN.004DCB68 算出一個數
004E1847 lea eax,dword ptr ss:[ebp-28]
004E184A lea edx,dword ptr ss:[ebp-10]
004E184D call un-GoodN.004DCBDC 得到字串"euAnpATS2AFGEBd4"
004E1852 lea edx,dword ptr ss:[ebp-28]
004E1855 mov eax,un-GoodN.004E1B58 ; ASCII "ACB1920BA09950750056A8A047A5"
004E185A call un-GoodN.004DCB68
004E185F lea eax,dword ptr ss:[ebp-28]
004E1862 lea edx,dword ptr ss:[ebp-30]
004E1865 call un-GoodN.004DCBDC 又得到一個字串"A1SNrtrHV0DqGV1Q"
004E186A lea edx,dword ptr ss:[ebp-14]
004E186D mov eax,dword ptr ss:[ebp-8]
004E1870 call un-GoodN.004E2744 註冊碼各位調整得 "42314235463546756655798"
004E1875 lea eax,dword ptr ss:[ebp-14]
004E1878 push eax
004E1879 mov ecx,10
004E187E mov edx,1
004E1883 mov eax,dword ptr ss:[ebp-14]
004E1886 call un-GoodN.004047E4 取調整位置後的註冊碼的前16位"4231423546354675"
004E188B lea ecx,dword ptr ss:[ebp-34]
004E188E mov edx,dword ptr ss:[ebp-10] "euAnpATS2AFGEBd4"
004E1891 mov eax,dword ptr ss:[ebp-14] "4231423546354675"
004E1894 call un-GoodN.004DDAD0 計算得一個數
004E1899 mov eax,dword ptr ss:[ebp-34]
004E189C lea edx,dword ptr ss:[ebp-28]
004E189F call un-GoodN.004DCB68 計算得數1
004E18A4 lea eax,dword ptr ss:[ebp-28]
004E18A7 push eax 數1入棧
004E18A8 lea edx,dword ptr ss:[ebp-44]
004E18AB mov eax,un-GoodN.004E1B80 內部常數?
004E18B0 call un-GoodN.004DCB68
004E18B5 lea eax,dword ptr ss:[ebp-44] 常數變來的數
004E18B8 pop edx 數1出棧
004E18B9 call un-GoodN.004DCC58 <====關鍵比較,大數比較,不相等就會把註冊資訊修改
004E18BE mov byte ptr ss:[ebp-9],al 存結果,作為一個標誌
004E18C1 mov eax,dword ptr ss:[ebp-14] 調位後的註冊碼的前16位
004E18C4 mov edx,dword ptr ss:[ebp-4] 申請碼加姓加公司名字尾的第2個字
004E18C7 call un-GoodN.004046D0 字串比較
004E18CC je un-GoodN.004E1A7A
004E18D2 mov eax,dword ptr ss:[ebp-10] 由申請碼加姓加公司名字尾的第2個字變來的字串
004E18D5 mov edx,dword ptr ss:[ebp-14] 調位後的註冊碼的前16位
004E18D8 call un-GoodN.004046D0 字串比較
004E18DD je un-GoodN.004E1A7A
004E18E3 cmp byte ptr ss:[ebp-9],0 比較標誌
004E18E7 je un-GoodN.004E1A71 上面兩個數不相等,就去幹壞事兒
004E18ED mov eax,dword ptr ds:[edi]
004E18EF mov eax,dword ptr ds:[eax+430]
004E18F5 cmp byte ptr ds:[eax+40],0
004E18F9 je un-GoodN.004E1A71
004E18FF lea eax,dword ptr ss:[ebp-14]
004E1902 push eax
004E1903 lea edx,dword ptr ss:[ebp-48]
004E1906 mov eax,dword ptr ss:[ebp-4]
004E1909 call un-GoodN.00408B18 複製申請碼加姓加公司名字尾的第2個字
004E190E mov eax,dword ptr ss:[ebp-48]
004E1911 call un-GoodN.00404584 查其位數
004E1916 mov ecx,eax
004E1918 sub ecx,8
004E191B mov edx,9
004E1920 mov eax,dword ptr ss:[ebp-4]
004E1923 call un-GoodN.004047E4 取姓和公司名字尾的第2個字
004E1928 lea ecx,dword ptr ss:[ebp-4C]
004E192B mov dl,2D
004E192D mov eax,dword ptr ss:[ebp-14]
004E1930 call un-GoodN.004E29C4 去掉其中的'-',變成“朱司”
004E1935 mov edx,dword ptr ss:[ebp-4C]
004E1938 lea eax,dword ptr ss:[ebp-14]
004E193B call un-GoodN.0040435C
004E1940 lea edx,dword ptr ss:[ebp-50]
004E1943 mov eax,dword ptr ss:[ebp-14]
004E1946 call un-GoodN.00408B18
004E194B mov eax,dword ptr ss:[ebp-50]
004E194E call un-GoodN.00404584
004E1953 mov ebx,eax
004E1955 sar ebx,1
004E1957 jns short un-GoodN.004E195C
004E1959 adc ebx,0
004E195C push 0
004E195E push un-GoodN.004E1B94 ; ASCII "000"
004E1963 mov eax,dword ptr ds:[edi]
004E1965 mov edx,dword ptr ds:[eax+3D0]
004E196B mov eax,dword ptr ds:[edi]
004E196D mov eax,dword ptr ds:[eax+3D4]
004E1973 mov ecx,un-GoodN.004E1BA0 ; ASCII "del"
004E1978 call un-GoodN.004EE158
004E197D test ebx,ebx
004E197F jle short un-GoodN.004E19BF
004E1981 mov esi,1
004E1986 /push 0
004E1988 |push un-GoodN.004E1BAC ; ASCII "111"
004E198D |lea eax,dword ptr ss:[ebp-54]
004E1990 |push eax
004E1991 |mov edx,esi
004E1993 |add edx,edx
004E1995 |dec edx
004E1996 |mov ecx,2
004E199B |mov eax,dword ptr ss:[ebp-14]
004E199E |call un-GoodN.004047E4
004E19A3 |mov ecx,dword ptr ss:[ebp-54]
004E19A6 |mov eax,dword ptr ds:[edi]
004E19A8 |mov edx,dword ptr ds:[eax+3D0]
004E19AE |mov eax,dword ptr ds:[edi]
004E19B0 |mov eax,dword ptr ds:[eax+3D4]
004E19B6 |call un-GoodN.004EE158
004E19BB |inc esi
004E19BC |dec ebx
004E19BD \jnz short un-GoodN.004E1986
004E19BF lea edx,dword ptr ss:[ebp-5C]
004E19C2 mov eax,dword ptr ds:[edi]
004E19C4 mov eax,dword ptr ds:[eax+404]
004E19CA call un-GoodN.00457230 取得"009公司"
004E19CF mov eax,dword ptr ss:[ebp-5C]
004E19D2 lea edx,dword ptr ss:[ebp-58]
004E19D5 call un-GoodN.00408B18
004E19DA mov eax,dword ptr ss:[ebp-58]
004E19DD call un-GoodN.00404584
004E19E2 cmp eax,6
004E19E5 jle short un-GoodN.004E1A37
004E19E7 push 0
004E19E9 push un-GoodN.004E1BB8 ; ASCII "112"
004E19EE lea eax,dword ptr ss:[ebp-60]
004E19F1 push eax
004E19F2 lea edx,dword ptr ss:[ebp-68]
004E19F5 mov eax,dword ptr ds:[edi]
004E19F7 mov eax,dword ptr ds:[eax+404]
004E19FD call un-GoodN.00457230 取得"009公司"
004E1A02 mov eax,dword ptr ss:[ebp-68]
004E1A05 lea edx,dword ptr ss:[ebp-64]
004E1A08 call un-GoodN.00408B18
004E1A0D mov eax,dword ptr ss:[ebp-64]
004E1A10 mov ecx,2
004E1A15 mov edx,6
004E1A1A call un-GoodN.004047E4 取出'司'
004E1A1F mov ecx,dword ptr ss:[ebp-60]
004E1A22 mov eax,dword ptr ds:[edi]
004E1A24 mov edx,dword ptr ds:[eax+3D0]
004E1A2A mov eax,dword ptr ds:[edi]
004E1A2C mov eax,dword ptr ds:[eax+3D4]
004E1A32 call un-GoodN.004EE158
004E1A37 lea eax,dword ptr ss:[ebp-70]
004E1A3A push eax
004E1A3B mov ecx,8
004E1A40 mov edx,1
004E1A45 mov eax,dword ptr ss:[ebp-4]
004E1A48 call un-GoodN.004047E4 取出申請碼
004E1A4D mov eax,dword ptr ss:[ebp-70]
004E1A50 lea edx,dword ptr ss:[ebp-6C]
004E1A53 call un-GoodN.00408B18 複製申請碼
004E1A58 mov eax,dword ptr ss:[ebp-6C]
004E1A5B call un-GoodN.00408FEC 申請碼變成整數
004E1A60 mov edx,eax 暫存到edx
004E1A62 mov eax,dword ptr ds:[edi]
004E1A64 mov eax,dword ptr ds:[eax+3D0]
004E1A6A call un-GoodN.004EDEA0
004E1A6F jmp short un-GoodN.004E1A78
004E1A71 xor eax,eax
004E1A73 call un-GoodN.004E6A44
004E1A78 mov bl,1
004E1A7A xor eax,eax 以下是清理堆疊中的資料
相關文章
- 不脫衣突破同益起名大師3.33的啟動驗證段2004-09-22
- iOS逆向學習之五(加殼?脫殼?)2019-10-10iOS
- VideoSplitter V2.31 脫殼去暗樁+完美爆破2015-11-15IDE
- 脫殼----對用pecompact加殼的程式進行手動脫殼
(1千字)2000-07-30
- Krypton
0.5加殼程式脫殼及輸入表修復記2004-10-06
- Armadillo3.60
加殼的EXE檔案脫殼全過程2004-09-08
- ASPROtect 1.22加殼的ahaview2.0脫殼 (5千字)2002-03-24View
- 脫殼----對用Petite2.2加殼的程式進行手動脫殼的一點分析
(5千字)2000-07-27
- ASF-AVI-RM-WMV Repair V1.41 脫殼去暗樁+漢化完美爆破2015-11-15AI
- 用Ollydbg手脫Petite
V2.2加殼的DLL2004-12-27
- 殼的工作原理脫殼2013-04-10
- 手動脫殼的教程(由petite v2.2加殼) (4千字)2001-11-26
- 對PECompact加殼的DLL脫殼的一點分析 (7千字)2000-08-17
- 壹次脫殼法――Armadillo 雙程式標準殼 快速脫殼2015-11-15
- Asprotect 1.2x 加殼的 Advanced Direct
Remailer 2.17 脫殼 (3千字)2002-06-20REMAI
- 用Arm3.75加殼的cc
版+iat亂序主程式的脫殼 (1)2004-10-02
- Armadillo 2.52加殼原理分析和改進的脫殼方法
(12千字)2015-11-15
- VBExplorer.exe脫殼教程
附脫殼指令碼2015-11-15指令碼
- 用OD對Aspr加殼程式的手動脫殼及修復 (7千字)2015-11-15
- 脫中國遊戲中心大廳程式的殼2000-10-08遊戲
- ExeStealth 常用脫殼方法 + ExeStealth V2.72主程式脫殼2015-11-15
- 脫ASPack2.12加殼的DLL檔案簡便方法2004-12-18
- 用Ollydbg快速手脫Krypton 0.5加殼程式――Krypton主程式
等2015-11-15
- 小甜餅 --- 有關新版Asprotect加殼程式的脫殼的又一種思路
(798字)2000-09-10
- 實戰Armadillo V3.60標準加殼方式的脫殼――WinXP的Notepad2015-11-15
- 以殼解殼--SourceRescuer脫殼手記破解分析2004-11-16
- 脫殼基本知識2015-11-15
- SoftDefender主程式脫殼2015-11-15
- 怎樣脫用 Aspack2.12 加的殼(適合初學者)2015-11-15
- International CueClub主程式脫殼(Softwrap殼)2004-09-12
- ASPRTECT1.2X加殼的Delphi
Application Peeper Pro 2.3.1.9 脫殼(簡單) (3千字)2002-04-06APP
- 談談如何使用加殼保護自己的軟體不被常用方法脫殼(2千字)2000-10-10
- 關於用ASProtect v1.3加殼軟體的脫殼方法體會 (5千字)2001-11-21
- Armadillo V3.01標準加殼方式的脫殼(第一篇)--SoundEdit
Pro2015-11-15
- Armadillo V2.xx標準加殼方式的脫殼(第二篇)--Virtual
Personality 4.02015-11-15
- Thebat!139脫殼詳情及對Asprotect加殼保護的一點小結
(4千字)2000-03-27BAT
- 加殼技術探討-加殼時處理IAT2015-11-15
- 先分析,再脫殼(一)2003-09-04