标题:闭着眼睛对狗乱打
链接:http://www.unpack.cn/viewthread.php?tid=16849
贴者:yzzfzd
日期:2007-8-29 19:33
一个进度编制软件,不理它是什么狗,闭着眼睛乱打一通。
首先之个软件未破解之前会有如下限制:1、试用版提示。2、不能打印、不能导出图片。3、背景有水印。
先用C32Asm载入,查看字符串。
1、试用版提示
00562693 MOV EDX,5629C8 \->: 试用版提示:\x0A\x0D
0056272E MOV EDX,5629C8 \->: 试用版提示:\x0A\x0D
00567F7D MOV EDX,568248 \->: 试用版提示:\x0A\x0D
00568018 MOV EDX,568248 \->: 试用版提示:\x0A\x0D
005A8390 MOV EDX,5A846C \->: 试用版提示:\x0A\x0D
1、不能打印、不能导出图片。有五处:
005626BA PUSH 5629F8 \->: 1.试用版不支持打印功能、图形输出!
00562755 PUSH 5629F8 \->: 1.试用版不支持打印功能、图形输出!
00567FA4 PUSH 568278 \->: 1.试用版不支持打印功能、图形输出!
0056803F PUSH 568278 \->: 1.试用版不支持打印功能、图形输出!
005A83B7 PUSH 5A849C \->: 1.试用版不支持打印功能、图形输出!
3、背景有水印
005A8305 PUSH 5A8320 \->: http://www.zhijiangsoft.com
OD载入
0056264A 55 push ebp
0056264B 68 97295600 push 562997
00562650 64:FF30 push dword ptr fs:[eax]
00562653 64:8920 mov dword ptr fs:[eax],esp
00562656 E8 5D52EDFF call 004378B8 ; wljd1.004378B8
0056265B E8 C04DEDFF call 00437420 ; wljd1.00437420
00562660 8B10 mov edx,dword ptr ds:[eax]
00562662 FF52 14 call dword ptr ds:[edx+14]
00562665 48 dec eax
00562666 7D 0F jge short 00562677 ; wljd1.00562677
00562668 B8 B0295600 mov eax,5629B0 ; 未安装打印机
0056266D E8 FA9FEDFF call 0043C66C ; wljd1.0043C66C
00562672 E9 0A030000 jmp 00562981 ; wljd1.00562981
00562677 A1 649A5B00 mov eax,dword ptr ds:[5B9A64]
0056267C 8038 00 cmp byte ptr ds:[eax],0 ; 0改1
0056267F 74 0F je short 00562690 ; wljd1.00562690
00562681 E8 AE39FEFF call 00546034 ; wljd1.00546034
00562686 8B15 649A5B00 mov edx,dword ptr ds:[5B9A64] ; wljd1.005BDC14
0056268C 8802 mov byte ptr ds:[edx],al
0056268E EB 7A jmp short 0056270A ; wljd1.0056270A
00562690 8D45 FC lea eax,dword ptr ss:[ebp-4]
00562693 BA C8295600 mov edx,5629C8 ; 试用版提示:\n\r
00562698 E8 AF29EAFF call 0040504C ; wljd1.0040504C
0056269D FF75 FC push dword ptr ss:[ebp-4]
005626A0 68 E0295600 push 5629E0 ; \n
005626A5 68 EC295600 push 5629EC ; \r
005626AA 8D45 FC lea eax,dword ptr ss:[ebp-4]
005626AD BA 03000000 mov edx,3
005626B2 E8 7D2CEAFF call 00405334 ; wljd1.00405334
005626B7 FF75 FC push dword ptr ss:[ebp-4]
005626BA 68 F8295600 push 5629F8 ; 1.试用版不支持打印功能、图形输出!
005626BF 68 E0295600 push 5629E0 ; \n
005626C4 68 EC295600 push 5629EC ; \r
005626C9 8D45 FC lea eax,dword ptr ss:[ebp-4]
005626CC BA 04000000 mov edx,4
005626D1 E8 5E2CEAFF call 00405334 ; wljd1.00405334
005626D6 FF75 FC push dword ptr ss:[ebp-4]
005626D9 68 E0295600 push 5629E0 ; \n
005626DE 68 EC295600 push 5629EC ; \r
005626E3 8D45 FC lea eax,dword ptr ss:[ebp-4]
005626E6 BA 03000000 mov edx,3
005626EB E8 442CEAFF call 00405334 ; wljd1.00405334
005626F0 8D45 FC lea eax,dword ptr ss:[ebp-4]
005626F3 BA 242A5600 mov edx,562A24 ; 2.你可以选择注册或软件狗方式获得正版软件!
005626F8 E8 7F2BEAFF call 0040527C ; wljd1.0040527C
005626FD 8B45 FC mov eax,dword ptr ss:[ebp-4]
00562700 E8 679FEDFF call 0043C66C ; wljd1.0043C66C
00562705 E9 77020000 jmp 00562981 ; wljd1.00562981
0056270A A1 649A5B00 mov eax,dword ptr ds:[5B9A64]
0056270F 8038 00 cmp byte ptr ds:[eax],0 ; 0改1
00562712 75 0D jnz short 00562721 ; wljd1.00562721
00562714 E8 63F4FFFF call 00561B7C ; wljd1.00561B7C
00562719 8B15 649A5B00 mov edx,dword ptr ds:[5B9A64] ; wljd1.005BDC14
0056271F 8802 mov byte ptr ds:[edx],al
00562721 A1 649A5B00 mov eax,dword ptr ds:[5B9A64]
00562726 8038 00 cmp byte ptr ds:[eax],0 ; 0改1
00562729 75 7A jnz short 005627A5 ; wljd1.005627A5
0056272B 8D45 FC lea eax,dword ptr ss:[ebp-4]
0056272E BA C8295600 mov edx,5629C8 ; 试用版提示:\n\r
00562733 E8 1429EAFF call 0040504C ; wljd1.0040504C
00562738 FF75 FC push dword ptr ss:[ebp-4]
0056273B 68 E0295600 push 5629E0 ; \n
00562740 68 EC295600 push 5629EC ; \r
00562745 8D45 FC lea eax,dword ptr ss:[ebp-4]
00562748 BA 03000000 mov edx,3
0056274D E8 E22BEAFF call 00405334 ; wljd1.00405334
00562752 FF75 FC push dword ptr ss:[ebp-4]
00562755 68 F8295600 push 5629F8 ; 1.试用版不支持打印功能、图形输出!
00567F55 55 push ebp
00567F56 68 33825600 push 568233
00567F5B 64:FF30 push dword ptr fs:[eax]
00567F5E 64:8920 mov dword ptr fs:[eax],esp
00567F61 A1 649A5B00 mov eax,dword ptr ds:[5B9A64]
00567F66 8038 00 cmp byte ptr ds:[eax],0 ; 0改1
00567F69 74 0F je short 00567F7A ; wljd1.00567F7A
00567F6B E8 C4E0FDFF call 00546034 ; wljd1.00546034
00567F70 8B15 649A5B00 mov edx,dword ptr ds:[5B9A64] ; wljd1.005BDC14
00567F76 8802 mov byte ptr ds:[edx],al
00567F78 EB 7A jmp short 00567FF4 ; wljd1.00567FF4
00567F7A 8D45 FC lea eax,dword ptr ss:[ebp-4]
00567F7D BA 48825600 mov edx,568248 ; 试用版提示:\n\r
00567F82 E8 C5D0E9FF call 0040504C ; wljd1.0040504C
00567F87 FF75 FC push dword ptr ss:[ebp-4]
00567F8A 68 60825600 push 568260 ; \n
00567F8F 68 6C825600 push 56826C ; \r
00567F94 8D45 FC lea eax,dword ptr ss:[ebp-4]
00567F97 BA 03000000 mov edx,3
00567F9C E8 93D3E9FF call 00405334 ; wljd1.00405334
00567FA1 FF75 FC push dword ptr ss:[ebp-4]
00567FA4 68 78825600 push 568278 ; 1.试用版不支持打印功能、图形输出!
00567FA9 68 60825600 push 568260 ; \n
00567FAE 68 6C825600 push 56826C ; \r
00567FB3 8D45 FC lea eax,dword ptr ss:[ebp-4]
00567FB6 BA 04000000 mov edx,4
00567FBB E8 74D3E9FF call 00405334 ; wljd1.00405334
00567FC0 FF75 FC push dword ptr ss:[ebp-4]
00567FC3 68 60825600 push 568260 ; \n
00567FC8 68 6C825600 push 56826C ; \r
00567FCD 8D45 FC lea eax,dword ptr ss:[ebp-4]
00567FD0 BA 03000000 mov edx,3
00567FD5 E8 5AD3E9FF call 00405334 ; wljd1.00405334
00567FDA 8D45 FC lea eax,dword ptr ss:[ebp-4]
00567FDD BA A4825600 mov edx,5682A4 ; 2.你可以选择注册或软件狗方式获得正版软件!
00567FE2 E8 95D2E9FF call 0040527C ; wljd1.0040527C
00567FE7 8B45 FC mov eax,dword ptr ss:[ebp-4]
00567FEA E8 7D46EDFF call 0043C66C ; wljd1.0043C66C
00567FEF E9 0C020000 jmp 00568200 ; wljd1.00568200
00567FF4 A1 649A5B00 mov eax,dword ptr ds:[5B9A64]
00567FF9 8038 00 cmp byte ptr ds:[eax],0 ; 0改1
00567FFC 75 0D jnz short 0056800B ; wljd1.0056800B
00567FFE E8 799BFFFF call 00561B7C ; wljd1.00561B7C
00568003 8B15 649A5B00 mov edx,dword ptr ds:[5B9A64] ; wljd1.005BDC14
00568009 8802 mov byte ptr ds:[edx],al
0056800B A1 649A5B00 mov eax,dword ptr ds:[5B9A64]
00568010 8038 00 cmp byte ptr ds:[eax],0 ; 0改1
00568013 75 7A jnz short 0056808F ; wljd1.0056808F
00568015 8D45 FC lea eax,dword ptr ss:[ebp-4]
00568018 BA 48825600 mov edx,568248 ; 试用版提示:\n\r
0056801D E8 2AD0E9FF call 0040504C ; wljd1.0040504C
00568022 FF75 FC push dword ptr ss:[ebp-4]
00568025 68 60825600 push 568260 ; \n
0056802A 68 6C825600 push 56826C ; \r
0056802F 8D45 FC lea eax,dword ptr ss:[ebp-4]
00568032 BA 03000000 mov edx,3
00568037 E8 F8D2E9FF call 00405334 ; wljd1.00405334
0056803C FF75 FC push dword ptr ss:[ebp-4]
0056803F 68 78825600 push 568278 ; 1.试用版不支持打印功能、图形输出!
00568044 68 60825600 push 568260 ; \n
00568049 68 6C825600 push 56826C ; \r
0056804E 8D45 FC lea eax,dword ptr ss:[ebp-4]
00568051 BA 04000000 mov edx,4
00568056 E8 D9D2E9FF call 00405334 ; wljd1.00405334
0056805B FF75 FC push dword ptr ss:[ebp-4]
0056805E 68 60825600 push 568260 ; \n
00568063 68 6C825600 push 56826C ; \r
00568068 8D45 FC lea eax,dword ptr ss:[ebp-4]
0056806B BA 03000000 mov edx,3
00568070 E8 BFD2E9FF call 00405334 ; wljd1.00405334
00568075 8D45 FC lea eax,dword ptr ss:[ebp-4]
00568078 BA A4825600 mov edx,5682A4 ; 2.你可以选择注册或软件狗方式获得正版软件!
005A834E 55 push ebp
005A834F 68 59845A00 push 5A8459
005A8354 64:FF30 push dword ptr fs:[eax]
005A8357 64:8920 mov dword ptr fs:[eax],esp
005A835A A1 B09A5B00 mov eax,dword ptr ds:[5B9AB0]
005A835F 33D2 xor edx,edx ; ntdll.KiFastSystemCallRet
005A8361 8910 mov dword ptr ds:[eax],edx ; ntdll.KiFastSystemCallRet
005A8363 E8 CCDCF9FF call 00546034 ; wljd1.00546034
005A8368 A2 14DC5B00 mov byte ptr ds:[5BDC14],al
005A836D 803D 14DC5B00 00 cmp byte ptr ds:[5BDC14],0 ; 0改1
005A8374 75 0A jnz short 005A8380 ; wljd1.005A8380
005A8376 E8 8D94FBFF call 00561808 ; wljd1.00561808
005A837B A2 14DC5B00 mov byte ptr ds:[5BDC14],al
005A8380 803D 14DC5B00 00 cmp byte ptr ds:[5BDC14],0 ; 0改1
005A8387 0F85 99000000 jnz 005A8426 ; wljd1.005A8426
005A838D 8D45 FC lea eax,dword ptr ss:[ebp-4]
005A8390 BA 6C845A00 mov edx,5A846C ; 试用版提示:\n\r
005A8395 E8 B2CCE5FF call 0040504C ; wljd1.0040504C
005A839A FF75 FC push dword ptr ss:[ebp-4]
005A839D 68 84845A00 push 5A8484 ; \n
005A83A2 68 90845A00 push 5A8490 ; \r
005A83A7 8D45 FC lea eax,dword ptr ss:[ebp-4]
005A83AA BA 03000000 mov edx,3
005A83AF E8 80CFE5FF call 00405334 ; wljd1.00405334
005A83B4 FF75 FC push dword ptr ss:[ebp-4]
005A83B7 68 9C845A00 push 5A849C ; 1.试用版不支持打印功能、图形输出!
005A83BC 68 84845A00 push 5A8484 ; \n
005A83C1 68 90845A00 push 5A8490 ; \r
005A83C6 8D45 FC lea eax,dword ptr ss:[ebp-4]
005A83C9 BA 04000000 mov edx,4
005A83CE E8 61CFE5FF call 00405334 ; wljd1.00405334
005A83D3 FF75 FC push dword ptr ss:[ebp-4]
005A83D6 68 84845A00 push 5A8484 ; \n
005A83DB 68 90845A00 push 5A8490 ; \r
005A83E0 8D45 FC lea eax,dword ptr ss:[ebp-4]
005A83E3 BA 03000000 mov edx,3
005A83E8 E8 47CFE5FF call 00405334 ; wljd1.00405334
005A83ED 8D45 FC lea eax,dword ptr ss:[ebp-4]
005A83F0 BA C8845A00 mov edx,5A84C8 ; 2.你可以选择注册或软件狗方式获得正版软件!
005A83F5 E8 82CEE5FF call 0040527C ; wljd1.0040527C
005A83FA BA 01000000 mov edx,1
005A83FF 8B45 FC mov eax,dword ptr ss:[ebp-4]
005A8402 E8 BDFFF3FF call 004E83C4 ; wljd1.004E83C4
005A8407 8B83 A0030000 mov eax,dword ptr ds:[ebx+3A0]
005A840D 8B80 08020000 mov eax,dword ptr ds:[eax+208]
005A8413 33D2 xor edx,edx ; ntdll.KiFastSystemCallRet
005A8415 E8 D6B5EAFF call 004539F0 ; wljd1.004539F0
005A841A BA FC845A00 mov edx,5A84FC ; 智匠软件试用版
005A841F E8 28B5EAFF call 0045394C ; wljd1.0045394C
005A8424 EB 1D jmp short 005A8443 ; wljd1.005A8443
005A8426 8B83 A0030000 mov eax,dword ptr ds:[ebx+3A0]
005A842C 8B80 08020000 mov eax,dword ptr ds:[eax+208]
005A8432 33D2 xor edx,edx ; ntdll.KiFastSystemCallRet
005A8434 E8 B7B5EAFF call 004539F0 ; wljd1.004539F0
005A8439 BA 14855A00 mov edx,5A8514 ; 智匠软件正式版
005A843E E8 09B5EAFF call 0045394C ; wljd1.0045394C
005A82D5 61 popad
005A82D6 74 61 je short 005A8339 ; 把7461改成EB61
005A82D8 5C pop esp ; kernel32.7C816FD7
005A82D9 D6 salc
005A82DA C7 ??? ; Unknown command
005A82DB BD B3CDF8C2 mov ebp,C2F8CDB3
005A82E0 E7 BD out 0BD,eax
005A82E2 F8 clc
005A82E3 B6 C8 mov dh,0C8
005A82E5 B9 DCC0EDC8 mov ecx,C8EDC0DC
005A82EA ED in eax,dx
005A82EB BC FEB2D9D7 mov esp,D7D9B2FE
005A82F0 F7B0 EFD6FA2E div dword ptr ds:[eax+2EFAD6EF]
005A82F6 43 inc ebx
005A82F7 48 dec eax
005A82F8 4D dec ebp
005A82F9 0000 add byte ptr ds:[eax],al
005A82FB 0053 8B add byte ptr ds:[ebx-75],dl
005A82FE D86A 05 fsubr dword ptr ds:[edx+5]
005A8301 6A 00 push 0
005A8303 6A 00 push 0
005A8305 68 20835A00 push 5A8320 ; http://www.zhijiangsoft.com
005A830A 68 3C835A00 push 5A833C ; open
005A830F 8BC3 mov eax,ebx
005A8311 E8 BE75EDFF call 0047F8D4 ; wljd1.0047F8D4
005A8316 50 push eax
005A8317 E8 940FE9FF call 004392B0 ;
005A831C 5B pop ebx ; kernel32.7C816FD7
到这里所有限制就去完了。。。可是我连它用什么狗都不知道。嘿嘿。。。
|
