SWF探索者(SWFExplorer)XP V1.11.2002.326 破解過程 (6千字)
SWF探索者(SWFExplorer)XP V1.11.2002.326 破解過程
破解撰寫:leeyam[BCG]
執行該程式,隨意輸入註冊資訊,提示需要重新啟動軟體驗證註冊碼。
判斷該程式先將輸入的註冊碼存放某個位置,然後啟動時呼叫!
用Language發現是用PECompact加的殼,用UnPECompact自動脫殼。再用PEditor載入脫殼後的程式,選擇"sections"修改Pec1為.data。然後利用W32Dasm反編,查詢字串,發現程式會呼叫登錄檔,雙擊進入第一個調入:
* Possible StringData Ref from Data Obj ->"Software\SWFExplorer"
|
:004B4CF4 BA804E4B00
mov edx, 004B4E80
:004B4CF9 A1F8ED4B00
mov eax, dword ptr [004BEDF8]
:004B4CFE
E86DCEFBFF call 00471B70
:004B4D03 8D4DF4
lea ecx, dword ptr [ebp-0C]
* Possible StringData Ref from Data Obj
->"UserName"
|
:004B4D06 BAA04E4B00
mov edx, 004B4EA0
:004B4D0B A1F8ED4B00
mov eax, dword ptr [004BEDF8]
:004B4D10
E823D0FBFF call 00471D38
:004B4D15 8B55F4
mov edx, dword ptr [ebp-0C]
:004B4D18 B8E8ED4B00
mov eax, 004BEDE8
:004B4D1D E8B2F8F4FF
call 004045D4
:004B4D22 8D4DF0
lea ecx, dword ptr [ebp-10]
* Possible StringData Ref from Data Obj ->"RegCode"
|
:004B4D25 BAB44E4B00
mov edx, 004B4EB4
:004B4D2A A1F8ED4B00
mov eax, dword ptr [004BEDF8]
:004B4D2F E804D0FBFF
call 00471D38
:004B4D34 8B55F0
mov edx, dword ptr [ebp-10]
:004B4D37 B8ECED4B00 mov
eax, 004BEDEC
:004B4D3C E893F8F4FF
call 004045D4
:004B4D41 A1F8ED4B00
mov eax, dword ptr [004BEDF8]
:004B4D46 E891CDFBFF
call 00471ADC
:004B4D4B B101
mov cl, 01
*
Possible StringData Ref from Data Obj ->"Software\SWFExplorer"
|
:004B4D4D BA804E4B00
mov edx, 004B4E80
:004B4D52 A1F8ED4B00
mov eax, dword ptr [004BEDF8]
:004B4D57 E814CEFBFF
call 00471B70
* Possible StringData
Ref from Data Obj ->"TrialDate"
|
:004B4D5C BAC44E4B00 mov
edx, 004B4EC4
:004B4D61 A1F8ED4B00
mov eax, dword ptr [004BEDF8]
:004B4D66 E891D1FBFF
call 00471EFC
:004B4D6B 84C0
test al, al
:004B4D6D 751B
jne 004B4D8A
:004B4D6F E87C5AF5FF call 0040A7F0
:004B4D74 83C4F8
add esp, FFFFFFF8
:004B4D77 DD1C24
fstp qword ptr [esp]
:004B4D7A 9B
wait
* Possible
StringData Ref from Data Obj ->"TrialDate"
|
:004B4D7B BAC44E4B00 mov
edx, 004B4EC4
:004B4D80 A1F8ED4B00
mov eax, dword ptr [004BEDF8]
:004B4D85 E86ED0FBFF
call 00471DF8
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B4D6D(C)
|
* Possible
StringData Ref from Data Obj ->"TrialDate"
|
:004B4D8A BAC44E4B00 mov
edx, 004B4EC4
:004B4D8F A1F8ED4B00
mov eax, dword ptr [004BEDF8]
:004B4D94 E873D0FBFF
call 00471E0C
:004B4D99 DD5DE8
fstp qword ptr [ebp-18]
:004B4D9C
9B
wait
:004B4D9D E84E5AF5FF
call 0040A7F0
:004B4DA2 DC5DE8
fcomp qword ptr [ebp-18]
:004B4DA5 DFE0
fstsw ax
:004B4DA7 9E
sahf
:004B4DA8 7236
jb 004B4DE0
:004B4DAA E8415AF5FF
call 0040A7F0
:004B4DAF 83C4F8
add esp, FFFFFFF8
:004B4DB2 DD1C24
fstp qword ptr [esp]
:004B4DB5
9B
wait
* Possible StringData Ref from Data Obj ->"TrialDate"
|
:004B4DB6 BAC44E4B00
mov edx, 004B4EC4
:004B4DBB A1F8ED4B00
mov eax, dword ptr [004BEDF8]
:004B4DC0
E847D0FBFF call 00471E0C
:004B4DC5 83C4F8
add esp, FFFFFFF8
:004B4DC8 DD1C24
fstp qword ptr [esp]
:004B4DCB 9B
wait
:004B4DCC E88F0CFFFF
call 004A5A60
:004B4DD1 BA1E000000
mov edx, 0000001E
:004B4DD6 2BD0
sub edx, eax
:004B4DD8 8915F0ED4B00 mov dword ptr
[004BEDF0], edx
:004B4DDE EB07
jmp 004B4DE7
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B4DA8(C)
|
:004B4DE0 33C0
xor eax, eax
:004B4DE2 A3F0ED4B00 mov dword
ptr [004BEDF0], eax
* Referenced by a (U)nconditional or (C)onditional
Jump at Address:
|:004B4DDE(U)
|
:004B4DE7 33C0
xor eax, eax
:004B4DE9 5A
pop edx
:004B4DEA 59
pop ecx
:004B4DEB 59
pop ecx
:004B4DEC 648910
mov dword ptr fs:[eax], edx
:004B4DEF 68064E4B00 push 004B4E06
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B4E04(U)
|
:004B4DF4 A1F8ED4B00
mov eax, dword ptr [004BEDF8]
:004B4DF9 E816EAF4FF
call 00403814
:004B4DFE C3
ret
:004B4DFF E9A4F1F4FF
jmp 00403FA8
:004B4E04 EBEE
jmp 004B4DF4
:004B4E06 8D45E0
lea eax, dword ptr [ebp-20]
* Possible
StringData Ref from Data Obj ->"1.2.2002.326"
|
:004B4E09 BAD84E4B00
mov edx, 004B4ED8
:004B4E0E 8A12
mov dl, byte ptr [edx]
:004B4E10 E84BF9F4FF
call 00404760
:004B4E15 8B45E0
mov eax, dword ptr [ebp-20]
:004B4E18 50
push eax
:004B4E19 8D45E4
lea eax, dword ptr [ebp-1C]
:004B4E1C 50
push eax
* Possible StringData Ref from Data Obj ->"SWFExplorer"
|
:004B4E1D B9F04E4B00
mov ecx, 004B4EF0
* Possible StringData Ref from
Data Obj ->"Cloud Lee"
|
:004B4E22
BA044F4B00 mov edx, 004B4F04
:004B4E27 A1E8ED4B00 mov eax,
dword ptr [004BEDE8]
:004B4E2C E8DFF9FFFF
call 004B4810
:004B4E31 8B55E4
mov edx, dword ptr [ebp-1C]…………………………調入真碼
:004B4E34
A1ECED4B00 mov eax, dword ptr
[004BEDEC]…………………………調入假碼
:004B4E39 E83EFBF4FF
call 0040497C…………………………比較
:004B4E3E 0F9405E0ED4B00
sete byte ptr [004BEDE0]
看到這裡眼前一亮,發現上面004B4E39的Call可疑,於是開始用TRW2000直接下中斷bpx
4b4e39 順利攔截,D edx 看見真碼。
相關文章
- SWF探索者XP 1.2(swfexplorer)破解+分析+序號產生器
(18千字)2002-04-14
- 音樂賀卡廠4.10破解過程 (6千字)2001-08-11
- 蒙泰5.0加密狗破解過程 (6千字)2001-10-11加密
- SWF Browser v2.93的破解 (1千字)2001-05-06
- 破解 最新 SWF scanner V2.6.2 (11千字)2002-03-24
- 《伊妹捕神中文版》 破解過程詳解 (6千字)2001-04-29
- 交作業了!!!!!!PECompact1.48破解過程 (6千字)2001-06-26
- OICQ HACK 1.0 破解過程 (9千字)2001-04-23
- Nullz CrackMe 1.1破解過程 (13千字)2001-09-18Null
- WebTimeSync 5.2.0 破解過程 (14千字)2001-10-05Web
- dfx V4.0破解過程 (10千字)2000-09-24
- 破解過程-----請多多指教 (2千字)2000-12-31
- 電腦字型秀破解過程 (1千字)2001-03-18
- webeasymail的簡單破解過程 (2千字)2001-08-04WebAI
- Kryptel 3.8 暴力破解過程 (18千字)2001-09-18
- PUZZLER1.20破解過程 (4千字)2002-01-26
- SuperCleaner2.30破解過程 (11千字)2002-02-04
- Password Keeper v6.3破解過程 (8千字)2002-04-12
- post NOW! 破解過程!有意思。 (1千字)2000-12-30
- 有聲有色3.33破解過程 (4千字)2001-02-09
- 專業掃雷 1.2破解過程 (4千字)2001-02-17
- fulldisk A32 破解過程!(簡單) (1千字)2001-03-20
- 具體的破解過程來也! (10千字)2001-04-21
- 密碼大師4.0破解過程 (3千字)2001-05-06密碼
- EmEditor v3.16破解過程 (9千字)2001-07-22
- 對VCDCUT 4.03的分析破解過程 (18千字)2001-08-08
- 木馬克星5.33.60破解過程
(9千字)2002-03-28
- GaitCD破解全過程(installshield) (3千字)2015-11-15AI
- KEYGENNING4NEWBIES #7破解過程+序號產生器 (6千字)2001-08-21
- 加密精靈V2.2破解過程 (9千字)2001-10-28加密
- 破解 OverNimble Localize Plus 1.04
全過程! (13千字)2015-11-15
- 我終於破解了魔裝網神了,破解過程!!,不過是用2.70破解的。 (1千字)2001-10-15
- 如何破解Bestofware SmartUI Activex 所有版本。(過程)
(5千字)2000-12-31UI
- PassWD2000破解過程~~~轉貼~~~~~~ (11千字)2001-10-10
- PowerArchiver破解過程。2015-11-15Hive
- 暴力破解3 (6千字)2001-02-18
- Registry Crawler 4.0.0.3破解 (6千字)2002-02-28
- 破解<<破解堅盾磁碟加密系統 V4.0>>的全過程 (10千字)2001-10-23加密