手動脫時間提醒助手 Build 2003.12.08
手動脫時間提醒助手的變形殼與破解
破解作者
yzez[DFCG][BCG][FCG]
破解物件
時間提醒助手 Build 2003.12.08
軟體介紹
時間提醒助手 Build 2003.12.08
軟體大小: 2584 KB
軟體語言: 簡體中文
軟體類別: 國產軟體 / 試用版 / 開關定時
應用平臺: Win9x/NT/2000/XP
介面預覽: 無
加入時間: 2003-12-10 10:43:00
下載次數: 1483
推薦等級
軟體介紹:
(1)可以按指定時間、每天、每逢週一、每逢週二、每逢週三、每逢週四、每逢週五、每逢週六、每
逢週日、週一至週五提醒;(2)聲音提醒,多種好聽提醒聲音;(3)整點報時。(4)文字提醒,您可直接輸
入提醒文字或者選擇預設定提醒文字內容,可隨時編輯預設定提醒文字;(5)定時執行程式,選擇外部程
序指定時間執行它;(6)定時關機,指定時間關閉計算機。支援Win95/98/2000/ME/NT/XP作業系統。(7)…
…多種、靈活的提醒事務方式幾乎可滿足您所有的提醒需要。 在辦公室經常要做的事情,將預先安排好
的備忘錄寫便條上或日曆格子上有時卻忘記去看了?上Internet網要上 N小時、開啟電腦要玩 N小時、
什麼時候下班、什麼時間打電話給某位男生/女生、什麼時間約會、什麼時間讓電腦自動關機……
這一切,“時間提醒助手”會幫您解決這所有的問題,她擁有強大的各種事務提醒功能,以提高效
率並節省時間和費用。
下載地址:http://www.skycn.com/soft/12607.html
破解目的
不為破解而破解,只為技術而破解!
破解工具
OLLYDBG1.09、PEID0.9、ImportREC
破解過程
說明:這個軟體查殼是:ASPack 2.11 -> Alexey Solodovnikov,用P-SCAN可脫殼,我試著用手動,竟然
有點變形,好在這個變形不是太猛,所以搞的定,難一點,我就無能為力了,關於破解,演算法思路基本弄清,但
程式碼過多,我就不多分析了,因為是明碼,所以我就不多說了,有興趣就自己跟一下演算法。
00604001 > 60 PUSHAD*************************載入加殼的程式後,我們就在這裡!F8下
00604002 E9 3D040000 JMP TimeHelp.00604444******這裡猛跳,我倒!與原來的ASPACK的殼全然不同!
00604007 0B79 E5 OR EDI, DWORD PTR DS:[ECX-1B]
0060400A 04 E3 ADD AL, 0E3
0060400C B6 E1 MOV DH, 0E1
0060400E BF D364A504 MOV EDI, 4A564D3
00604013 - E0 80 LOOPDNE SHORT TimeHelp.00603F9
00604015 CA 9933 RETF 3399
00604444 0FBFEE MOVSX EBP, SI*****************************一下跳到這裡!我昏倒!
00604447 0FBFF5 MOVSX ESI, BP*****************************F8往下!
0060444A 66:8BF5 MOV SI, BP
0060444D E8 1C000000 CALL TimeHelp.0060446E*******************F7要跟進!否則程式就飛了!
00604452 81BF 5CF31395 0>CMP DWORD PTR DS:[EDI+9513F35C], CD6>
0060446E /E9 1C000000 JMP TimeHelp.0060448F*******************F7跟進後,我們來到這裡!
00604473 |39B3 37C15FC3 CMP DWORD PTR DS:[EBX+C35FC137], ESI
00604479 |59 POP ECX
0060447A |1E PUSH DS
0060447B |D1B9 DDAAA32F SAR DWORD PTR DS:[ECX+2FA3AADD], 1
00604481 |71 5A JNO SHORT TimeHelp.006044DD
00604483 |A9 EF9E32E7 TEST EAX, E7329EEF
00604488 |3F AAS
00604489 |096F C1 OR DWORD PTR DS:[EDI-3F], EBP
0060448C |67:CD 9F INT 9F
0060448F 5E POP ESI *******************************上面跳到這裡!
00604490 E9 14000000 JMP TimeHelp.006044A9******************這裡再跳!
006044A9 8BDE MOV EBX, ESI***********跳到這裡!F8往下
006044AB BA 21D6E0F8 MOV EDX, F8E0D621
006044B0 81C3 BA4E3C15 ADD EBX, 153C4EBA
006044B6 BD 69299D5B MOV EBP, 5B9D2969
006044BB BE F32E96C5 MOV ESI, C5962EF3
006044C0 B9 A9F25169 MOV ECX, 6951F2A9
006044C5 66:8BD1 MOV DX, CX
006044C8 66:8BD5 MOV DX, BP
006044CB 66:8BFD MOV DI, BP
006044CE 0FBFD0 MOVSX EDX, AX
006044D1 81E2 9330AF60 AND EDX, 60AF3093
006044D7 66:8BD0 MOV DX, AX
006044DA 81B3 2FB1C3EA E>XOR DWORD PTR DS:[EBX+EAC3B12F], 4E1>
006044E4 BF 33155BCF MOV EDI, CF5B1533
006044E9 80CE F9 OR DH, 0F9
006044EC 41 INC ECX
006044ED 81F6 3F45BC92 XOR ESI, 92BC453F
006044F3 81EB 02000000 SUB EBX, 2
006044F9 81EB 02000000 SUB EBX, 2
006044FF 66:8BF3 MOV SI, BX
00604502 81F9 B7F35169 CMP ECX, 6951F3B7
00604508 ^ 0F85 C3FFFFFF JNZ TimeHelp.006044D1************這裡往回跳!
0060450E ^ E9 28FFFFFF JMP TimeHelp.0060443B************我們在這一行,按F4下來!讓它跳回去!
00604513 ^ E3 86 JECXZ SHORT TimeHelp.0060449B
0060443B ^E9 C7FBFFFF JMP TimeHelp.00604007***********0060450E處跳到這裡!再讓它往回跳!
00604440 0000 ADD BYTE PTR DS:[EAX], AL
00604442 0000 ADD BYTE PTR DS:[EAX], AL
00604444 0FBFEE MOVSX EBP, SI
00604447 0FBFF5 MOVSX ESI, BP
00604007 E8 24040000 CALL TimeHelp.00604430**********再跳回到這裡!按F8走!
0060400C EB 00 JMP SHORT TimeHelp.0060400E****讓它跳!
0060400E BB 30394400 MOV EBX, TimeHelp.00443930*****跳到這裡!繼續F8往下!
00604013 03DD ADD EBX, EBP
00604015 2B9D D03F4400 SUB EBX, DWORD PTR SS:[EBP+443FD0]
0060401B 83BD FC494400 0>CMP DWORD PTR SS:[EBP+4449FC], 0
00604022 899D FC494400 MOV DWORD PTR SS:[EBP+4449FC], EBX
00604028 0F85 66030000 JNZ TimeHelp.00604394***********這裡沒有跳!我們F8下走!後面沒有說明,均用F8走!
0060402E |C785 33394400 0>MOV DWORD PTR SS:[EBP+443933], 0
00604038 |8D85 044A4400 LEA EAX, DWORD PTR SS:[EBP+444A04]
0060403E |50 PUSH EAX
0060403F |FF95 004B4400 CALL DWORD PTR SS:[EBP+444B00]
00604045 |8985 004A4400 MOV DWORD PTR SS:[EBP+444A00], EAX
0060404B |8BF8 MOV EDI, EAX
0060404D |8D9D 114A4400 LEA EBX, DWORD PTR SS:[EBP+444A11]
00604053 |53 PUSH EBX
00604054 |50 PUSH EAX
00604055 |FF95 FC4A4400 CALL DWORD PTR SS:[EBP+444AFC]
0060405B |8985 FC3F4400 MOV DWORD PTR SS:[EBP+443FFC], EAX
00604061 |8D9D 1E4A4400 LEA EBX, DWORD PTR SS:[EBP+444A1E]
00604067 |53 PUSH EBX
00604068 |57 PUSH EDI
00604069 |FF95 FC4A4400 CALL DWORD PTR SS:[EBP+444AFC]
0060406F |8985 00404400 MOV DWORD PTR SS:[EBP+444000], EAX
00604075 |8D85 B5394400 LEA EAX, DWORD PTR SS:[EBP+4439B5]
0060407B |FFE0 JMP EAX****************************F8一直到這裡,F7進!
00604085 8B9D D83F4400 MOV EBX, DWORD PTR SS:[EBP+443FD8]**進來後停在這裡!F8走!
0060408B 0BDB OR EBX, EBX
0060408D 74 0A JE SHORT TimeHelp.00604099*********跳到下面!
0060408F 8B03 MOV EAX, DWORD PTR DS:[EBX]
00604091 8785 DC3F4400 XCHG DWORD PTR SS:[EBP+443FDC], EAX
00604097 8903 MOV DWORD PTR DS:[EBX], EAX
00604099 8DB5 19404400 LEA ESI, DWORD PTR SS:[EBP+444019]**跳到這裡!
0060409F 833E 00 CMP DWORD PTR DS:[ESI], 0
006040A2 0F84 1F010000 JE TimeHelp.006041C7***************沒有跳!F8往下!
006040A8 8DB5 19404400 LEA ESI, DWORD PTR SS:[EBP+444019]
006040AE 6A 04 PUSH 4
006040B0 68 00100000 PUSH 1000
006040B5 68 00180000 PUSH 1800
006040BA 6A 00 PUSH 0
006040BC FF95 FC3F4400 CALL DWORD PTR SS:[EBP+443FFC]
006040FA E8 DA060000 CALL TimeHelp.006047D9****************F8走,到這裡!F8帶過!
006040FF 80BD 10404400 0>CMP BYTE PTR SS:[EBP+444010], 0
00604106 75 5E JNZ SHORT TimeHelp.00604166**********沒有跳!
00604108 FE85 10404400 INC BYTE PTR SS:[EBP+444010]
0060410E 8B3E MOV EDI, DWORD PTR DS:[ESI]
00604110 03BD FC494400 ADD EDI, DWORD PTR SS:[EBP+4449FC]
00604116 FF37 PUSH DWORD PTR DS:[EDI]
00604118 C607 C3 MOV BYTE PTR DS:[EDI], 0C3
0060411B FFD7 CALL EDI
00604128 8BB5 F43F4400 MOV ESI, DWORD PTR SS:[EBP+443FF4]*****F8到這裡,繼續往下!
0060412E 33DB XOR EBX, EBX
00604130 0BC9 OR ECX, ECX
00604132 74 2E JE SHORT TimeHelp.00604162************平安無事!
00604134 78 2C JS SHORT TimeHelp.00604162***********平安無事!繼續走!
00604136 AC LODS BYTE PTR DS:[ESI]
00604137 3C E8 CMP AL, 0E8
00604139 74 0A JE SHORT TimeHelp.00604145***********平安無事!繼續走!
0060413B EB 00 JMP SHORT TimeHelp.0060413D************跳!
0060413D 3C E9 CMP AL, 0E9****************************去!跳到這裡!搞什麼飛機!
0060413F 74 04 JE SHORT TimeHelp.00604145************不跳!
00604141 43 INC EBX
00604142 49 DEC ECX
00604143 ^ EB EB JMP SHORT TimeHelp.00604130*************不好!要回去了!F4下去!
00604145 8B06 MOV EAX, DWORD PTR DS:[ESI]*************在這裡F4下來!
00604147 EB 00 JMP SHORT TimeHelp.00604149
00604149 803E 2A CMP BYTE PTR DS:[ESI], 2A
0060414C ^ 75 F3 JNZ SHORT TimeHelp.00604141*************又要回去?去吧!
0060414E 24 00 AND AL, 0*******************************在這一行F4下來!
00604150 C1C0 18 ROL EAX, 18
00604153 2BC3 SUB EAX, EBX
00604155 8906 MOV DWORD PTR DS:[ESI], EAX
00604157 83C3 05 ADD EBX, 5
0060415A 83C6 04 ADD ESI, 4
0060415D 83E9 05 SUB ECX, 5
00604160 ^ EB CE JMP SHORT TimeHelp.00604130*************又要回去!下去吧!
00604162 5B POP EBX*********************************在這一行F4下來!
00604163 5E POP ESI
00604164 59 POP ECX
00604165 58 POP EAX
00604166 8BC8 MOV ECX, EAX
00604168 8B3E MOV EDI, DWORD PTR DS:[ESI]
0060416A 03BD FC494400 ADD EDI, DWORD PTR SS:[EBP+4449FC]
00604170 8BB5 F43F4400 MOV ESI, DWORD PTR SS:[EBP+443FF4]
00604176 C1F9 02 SAR ECX, 2
00604179 F3:A5 REP MOVS DWORD PTR ES:[EDI], DWORD P>
0060417B 8BC8 MOV ECX, EAX
0060417D 83E1 03 AND ECX, 3
00604180 F3:A4 REP MOVS BYTE PTR ES:[EDI], BYTE PTR>
00604182 5E POP ESI
00604183 68 00800000 PUSH 8000
00604188 6A 00 PUSH 0
0060418A FFB5 F43F4400 PUSH DWORD PTR SS:[EBP+443FF4]
00604190 FF95 00404400 CALL DWORD PTR SS:[EBP+444000]
00604196 83C6 08 ADD ESI, 8
00604199 833E 00 CMP DWORD PTR DS:[ESI], 0
0060419C ^ 0F85 26FFFFFF JNZ TimeHelp.006040C8***************這裡又要回去!F4下去!
006041A2 68 00800000 PUSH 8000****************************在這一行F4下來!
006041A7 6A 00 PUSH 0
006041A9 FFB5 F83F4400 PUSH DWORD PTR SS:[EBP+443FF8]
006041AF FF95 00404400 CALL DWORD PTR SS:[EBP+444000]
006041B5 8B9D D83F4400 MOV EBX, DWORD PTR SS:[EBP+443FD8]
006041BB 0BDB OR EBX, EBX
006041BD 74 08 JE SHORT TimeHelp.006041C7**********跳,跳到這裡!
006041BF 8B03 MOV EAX, DWORD PTR DS:[EBX]
006041C1 8785 DC3F4400 XCHG DWORD PTR SS:[EBP+443FDC], EAX
006041C7 8B95 FC494400 MOV EDX, DWORD PTR SS:[EBP+4449FC]***跳到這裡!F8往下!
006041CD 8B85 D43F4400 MOV EAX, DWORD PTR SS:[EBP+443FD4]
006041D3 2BD0 SUB EDX, EAX
006041D5 74 79 JE SHORT TimeHelp.00604250**********再跳!
00604250 8B95 FC494400 MOV EDX, DWORD PTR SS:[EBP+4449FC]***跳到這裡!
00604256 8BB5 E83F4400 MOV ESI, DWORD PTR SS:[EBP+443FE8]
0060425C 0BF6 OR ESI, ESI
0060425E 74 11 JE SHORT TimeHelp.00604271**********再跳!
00604271 8BB5 B1394400 MOV ESI, DWORD PTR SS:[EBP+4439B1]***跳到這裡!
00604271 8BB5 B1394400 MOV ESI, DWORD PTR SS:[EBP+4439B1]
00604277 8B95 FC494400 MOV EDX, DWORD PTR SS:[EBP+4449FC]
0060427D 03F2 ADD ESI, EDX
0060427F 8B46 0C MOV EAX, DWORD PTR DS:[ESI+C]
00604282 85C0 TEST EAX, EAX
00604284 0F84 0A010000 JE TimeHelp.00604394
00604295 85C0 TEST EAX, EAX
00604297 75 07 JNZ SHORT TimeHelp.006042A0***********這裡跳!
00604299 53 PUSH EBX
0060429A FF95 044B4400 CALL DWORD PTR SS:[EBP+444B04]
006042A0 8985 EC3F4400 MOV DWORD PTR SS:[EBP+443FEC], EAX ***跳到這裡!
006042A6 C785 F03F4400 0>MOV DWORD PTR SS:[EBP+443FF0], 0
006042B0 8B95 FC494400 MOV EDX, DWORD PTR SS:[EBP+4449FC]
006042B6 8B06 MOV EAX, DWORD PTR DS:[ESI]
006042B8 85C0 TEST EAX, EAX
006042BA 75 03 JNZ SHORT TimeHelp.006042BF
006042FC 85C0 TEST EAX, EAX
006042FE 5B POP EBX
006042FF 75 6F JNZ SHORT TimeHelp.00604370**********在這裡跳了!往下看!
00604301 F7C3 00000080 TEST EBX, 80000000
00604307 75 19 JNZ SHORT TimeHelp.00604322
00604309 57 PUSH EDI
00604370 8907 MOV DWORD PTR DS:[EDI], EAX*********跳到了這裡!往下看看!多美妙!
00604372 8385 F03F4400 0>ADD DWORD PTR SS:[EBP+443FF0], 4
00604379 ^ E9 32FFFFFF JMP TimeHelp.006042B0***************回跳!
0060437E 8906 MOV DWORD PTR DS:[ESI], EAX
00604380 8946 0C MOV DWORD PTR DS:[ESI+C], EAX
00604383 8946 10 MOV DWORD PTR DS:[ESI+10], EAX
00604386 83C6 14 ADD ESI, 14
00604389 8B95 FC494400 MOV EDX, DWORD PTR SS:[EBP+4449FC]
0060438F ^ E9 EBFEFFFF JMP TimeHelp.0060427F***************回跳!
00604394 8B85 AD394400 MOV EAX, DWORD PTR SS:[EBP+4439AD]
0060439A 50 PUSH EAX
0060439B 0385 FC494400 ADD EAX, DWORD PTR SS:[EBP+4449FC]
006043A1 59 POP ECX
006043A2 0BC9 OR ECX, ECX
006043A4 8985 E63C4400 MOV DWORD PTR SS:[EBP+443CE6], EAX
006043AA 61 POPAD***********************************在這一行F4下來!
006043AB 75 08 JNZ SHORT TimeHelp.006043B5
006043AD B8 01000000 MOV EAX, 1
006043B2 C2 0C00 RETN 0C
006043B5 68 8CB35500 PUSH TimeHelp.0055B38C***************希望之光!0055B38C就是OEP!
006043BA C3 RETN************************************F8返回到OEP!
0055B38C 55 PUSH EBP*****************************在這裡DUMP出程式!
0055B38D 8BEC MOV EBP, ESP
0055B38F 83C4 E8 ADD ESP, -18
0055B392 53 PUSH EBX
0055B393 56 PUSH ESI
0055B394 33C0 XOR EAX, EAX
用:ImportREC修復,改OEP的值為:0015B38C,OK修復後程式正常執行!
2、破解。
用OD載入脫殼後的程式,我們在下面的地址中斷,看下面:
00554AFC PUSH EBP**********我們在這裡設斷,雖然這不是最好的斷點,但對我們卻是有用的,我們在此設斷!
00554AFD MOV EBP, ESP
00554B23 CALL UNPACK.0044A00C
00554B28 CMP [LOCAL.1], 0*******比較是否輸入註冊碼!沒有輸入就為0
00554B2C JE UNPACK.00554C6A****為0直接跳向失敗!
00554B63 CALL UNPACK.0044A00C
00554B68 MOV ECX, [LOCAL.2]*****機器碼1072430079送入ECX中!
00554B6B MOV EDX, UNPACK.00554D14
00554B70 MOV EAX, ESI
00554B72 CALL UNPACK.0049584C
00554BB4 PUSH UNPACK.00554D34****固定字串"aB"入棧!
00554BB9 LEA EDX, [LOCAL.7]
00554BD7 CALL UNPACK.00409630****此CALL把機器碼轉換成十六進位制值是3FEBFBFF
00554BDC PUSH [LOCAL.6]**********轉換成十六進位制值的機器碼入棧!
00554BDF PUSH UNPACK.00554D40****固定的字串"Cd"入棧!
00554BE4 LEA EAX, [LOCAL.5]
00554BE7 MOV EDX, 3
00554BEC CALL UNPACK.00404BCC
00554BE7 MOV EDX, 3
00554BEC CALL UNPACK.00404BCC****把上述的值連線起來:aB3FEBFBFFCd
00554BF1 MOV EDX, [LOCAL.5]*****把上述變換的值:aB3FEBFBFFCd送入EDX中!
00554BF4 MOV EAX, DWORD PTR DS:[55E6A8]
00554BF9 MOV EAX, DWORD PTR DS:[EAX]
00554BFB MOV EAX, DWORD PTR DS:[EAX+378]
00554C01 MOV ECX, UNPACK.00554D4C ; ASCII "my530.com"
00554C06 CALL UNPACK.004BAD7C**************我們看看下面,有一個跳轉,按F7跟進!
00554C0B TEST AL, AL
00554C0D JE SHORT UNPACK.00554C50
00554C0F MOV EDX, UNPACK.00554D60
00554C14 MOV EAX, DWORD PTR DS:[56C6F0]
00554C19 CALL UNPACK.0044A03C
-------------------------------------------------------------------------------------
跟進上面的CALL後,我們停在這裡!
004BAD7C PUSH EBP****************跟進上面的CALL後,我們就在這裡!F8往下!
004BAD7D MOV EBP, ESP
004BAD7F ADD ESP, -8
004BAD82 PUSH EBX
********************************省略一部分程式碼!************************************
004BADB7 MOV ECX, [LOCAL.2]
004BADBA MOV EDX, [LOCAL.1]
004BADBD MOV EAX, EBX
004BADBF CALL UNPACK.004BADFC*****************關鍵CALL按F7跟進!
004BADC4 MOV EBX, EAX
004BADC6 XOR EAX, EAX
004BADC8 POP EDX ; UNPACK.00554C0B
004BADC9 POP ECX ; UNPACK.00554C0B
004BADCA POP ECX ; UNPACK.00554C0B
004BADCB MOV DWORD PTR FS:[EAX], EDX
004BADCE PUSH UNPACK.004BADF0
004BADD3 LEA EAX, [LOCAL.2]
004BADD6 MOV EDX, 2
004BADDB CALL UNPACK.00404878
004BADE0 LEA EAX, [ARG.1]
004BADE3 CALL UNPACK.00404854
004BADE8 RETN
____________________________________________________________________________________
跟進關鍵CALL後我們來到這裡!
004BADFC PUSH EBP********************進入關鍵CALL後在這裡!
004BADFD |. 8BEC MOV EBP, ESP
004BADFF |. 83C4 F0 ADD ESP, -10
004BAEB0 |. E8 379AF4FF CALL UNPACK.004048EC
004BAEB5 |. 8D4D F0 LEA ECX, [LOCAL.4]
004BAEB8 |. 8B55 FC MOV EDX, [LOCAL.1]
004BAEBB |. 8BC3 MOV EAX, EBX
004BAEBD |. E8 C2F9FFFF CALL UNPACK.004BA884******演算法CALL。按F7跟進!
004BAEC2 |. 8B45 F0 MOV EAX, [LOCAL.4]
004BAEC5 |. 8B55 0C MOV EDX, [ARG.2]
004BAEC8 |. E8 37E1F4FF CALL UNPACK.00409004
004BAECD |. 85C0 TEST EAX, EAX
004BAECF |. 74 04 JE SHORT UNPACK.004BAED5
004BAED1 |. 33DB XOR EBX, EBX
004BAED3 |. EB 35 JMP SHORT UNPACK.004BAF0A
004BAED5 |> 8D43 50 LEA EAX, DWORD PTR DS:[EBX+50]
004BAED8 |. 8B55 FC MOV EDX, [LOCAL.1]
004BAEDB |. E8 C899F4FF CALL UNPACK.004048A8
004BAEE0 |. 8D43 60 LEA EAX, DWORD PTR DS:[EBX+60]
004BAEE3 |. 8B55 F8 MOV EDX, [LOCAL.2] ; UNPACK.00554D4C
004BAEE6 |. E8 BD99F4FF CALL UNPACK.004048A8
004BAEEB |. 8D43 6C LEA EAX, DWORD PTR DS:[EBX+6C]
004BAEEE |. 8B55 0C MOV EDX, [ARG.2]
004BAEF1 |. E8 B299F4FF CALL UNPACK.004048A8
004BAEF6 |. 8D43 44 LEA EAX, DWORD PTR DS:[EBX+44]
004BAEF9 |. 8B55 08 MOV EDX, [ARG.1]
004BAEFC |. E8 A799F4FF CALL UNPACK.004048A8
004BAF01 |. 8BC3 MOV EAX, EBX
004BAF03 |. E8 58020000 CALL UNPACK.004BB160
004BAF08 |. B3 01 MOV BL, 1
004BAF0A |> 33C0 XOR EAX, EAX
004BAF0C |. 5A POP EDX ; UNPACK.004BADC4
004BAF0D |. 59 POP ECX ; UNPACK.004BADC4
004BAF0E |. 59 POP ECX ; UNPACK.004BADC4
004BAF0F |. 64:8910 MOV DWORD PTR FS:[EAX], EDX
004BAF12 |. 68 39AF4B00 PUSH UNPACK.004BAF39
004BAF17 |> 8D45 F0 LEA EAX, [LOCAL.4]
004BAF1A |. BA 04000000 MOV EDX, 4
004BAF1F |. E8 5499F4FF CALL UNPACK.00404878
004BAF24 |. 8D45 08 LEA EAX, [ARG.1]
004BAF27 |. BA 02000000 MOV EDX, 2
004BAF2C |. E8 4799F4FF CALL UNPACK.00404878
004BAF31 . C3 RETN
-----------------------------------------------------------------------------------
跟進演算法CALL後:
004BA884 PUSH EBP*************進入演算法CALL後我們停在這裡!
004BA885 MOV EBP, ESP
004BA887 ADD ESP, -34
004BA8B2 MOV EAX, [LOCAL.1]***變形後的機器碼:aB3FEBFBFFCd送入EAX中!
004BA8B5 CALL UNPACK.00404B0C
004BA8BA CMP EAX, DWORD PTR DS:[ESI+58]***EAX中存放上述機器碼的位數是C,C與19比較!
004BA8BD JG SHORT UNPACK.004BA8CC********大於就跳走!
004BA8BF MOV EAX, [LOCAL.1]***************變形機器碼入EAX
004BA8C2 CALL UNPACK.00404B0C
004BA9CC MOV EAX, [LOCAL.1]***************跳到此!變形機器碼入EAX
004BA9CF CALL UNPACK.00404B0C
004BA9D4 SUB EAX, 6***********************位數減去6,即C-6=6
004BA9D7 CMP EBX, EAX*********************比較EBX與EAX的值!C與6比較
004BA9D9 JL SHORT UNPACK.004BA9DF********小於就跳!
004BA9DB TEST EBX, EBX*********************測試EBX的值!
004BA9DD JG SHORT UNPACK.004BA99B********大於就跳走!
004BA9DF LEA EDX, [LOCAL.2]
004BA9E2 MOV EAX, [LOCAL.3]
004BA9E5 CALL UNPACK.00405C5C
004BA9EA MOV [LOCAL.6], EAX
004BA9ED MOV [LOCAL.5], EDX
004BA9F0 MOV EBX, DWORD PTR DS:[ESI+70]
004BA9F3 TEST EBX, EBX
004BA9F5 JG SHORT UNPACK.004BAA08
004BA9F7 PUSH [LOCAL.5]
004BA9FA PUSH [LOCAL.6]
004BA9FD MOV EDX, EDI
004BA9FF XOR EAX, EAX
004BAA01 CALL UNPACK.0040966C
004BAA06 JMP SHORT UNPACK.004BAA2E
004BAA08 PUSH [LOCAL.5]
004BAA0B PUSH [LOCAL.6]
004BAA0E MOV EDX, EDI
004BAA10 MOV EAX, EBX
004BAA12 CALL UNPACK.0040966C
004BAA17 MOV EAX, DWORD PTR DS:[EDI]*******機器碼運算後的註冊碼:278114D1C19B入EAX,這就是我們要找的註冊碼!
004BAA19 CALL UNPACK.00404B0C
004BAA1E MOV ECX, EAX
004BAA20 SUB ECX, DWORD PTR DS:[ESI+70]
相關文章
- 手動脫ASProtect 的殼-Synchromagic
v3.5 build 5572003-08-03UI
- mac的休息提醒健康助手2020-09-04Mac
- 微軟Win10 Build手機版曝光 推送時間未定2015-03-17微軟Win10UI
- 視訊直播原始碼,提醒類彈窗,到時間後自動彈出2022-06-13原始碼
- “天音怒放”手動脫殼及破解2015-11-15
- 微軟釋出Win10 Build 17120:WDAG啟動時間縮短2018-03-15微軟Win10UI
- 明月幾時有――ASProtect
V1.31 build 06.14主程式 脫殼2004-10-01UI
- xp系統寬頻怎麼手動設定重播時間間隔2016-08-10
- 用Android SDK Build Tools手動構建APK2019-04-30AndroidUIAPK
- 脫Flashfxp 1.3 build 780的殼 (10千字)2001-08-15UI
- 智慧手機=生活助手?2013-01-06
- 動態時間2018-09-26
- ffmpeg為視訊新增時間戳 - 手動編譯ffmpeg2016-12-24時間戳編譯
- docker-compose build workspace PHP-fpm 時間很長2019-04-25DockerUIPHP
- 時間限制――GoSURF v1.7 Beta 3 Build 1.7.307.46292003-08-25GoUI
- idea啟動專案時一直build2020-10-03IdeaUI
- js動態時間2024-07-06JS
- 如何自己動手實現一個圖片解答小助手2024-10-09
- iRelax for Mac定時休息提醒工具2021-01-27Mac
- 脫殼----對用pecompact加殼的程式進行手動脫殼
(1千字)2000-07-30
- 逆向基礎——軟體手動脫殼技術入門2020-08-19
- Vampp 2.0.8 Build 311的脫殼(Vbox 4.10)2000-12-06UI
- win10怎麼設定定時提醒_win10如何實現定時提醒功能2020-07-31Win10
- oracle實驗記錄 (恢復-表空間基於時間點恢復(手動))2009-08-28Oracle
- MyBatis自動設定建立時間和更新時間2024-06-04MyBatis
- 解決ajax中ie快取問題(手動新增時間戳)2021-01-02快取時間戳
- 小米手環3來電提醒開啟方法教程 小米手環3怎麼開啟來電提醒?2018-09-18
- 『動善時』JMeter基礎 — 28、JMeter函式助手詳解2021-05-30JMeter函式
- 手動處理DataGuard間隔2014-12-31
- JavaScript 動態時間日期2019-12-17JavaScript
- JavaScript 自動更新時間2018-09-21JavaScript
- JavaScript動態時間日期2018-06-29JavaScript
- ARCHIVE_LAG_TARGET手動設定歸檔間隔時間,強制日誌切換2009-05-31Hive
- win10手機助手怎麼用_完美操作win10手機助手的方法2020-06-06Win10
- Linux 檢視程式啟動時間、執行時間2022-09-23Linux
- 抖音升級時間管理工具,強化對老年使用者休息提醒2022-03-14
- 蘋果手機使用技巧:iPhone怎麼設定自動鎖屏時間?2015-03-11蘋果iPhone
- JS自動生成24小時時間區間,時間跨度為60或30分鐘2022-06-08JS