打印机监控王 V3.08 算法分析
-
(1)破 解:mwd[DFCG]
(2)目 的:找出算法 ,追出注册码。
(3)练习程序: ***监控王 V3.08
(4)难 度:简单,明码。
(4)下 载:http://www.skycn.com/soft/11502.html
(5)工 具:Ollydbg,PW32Dasm.PEiD,pe-scan。
(6)开 始:PEiD检查程序加ASPack 2.12 -> Alexey Solodovnikov壳,pe-scan脱壳,
PW32Dasm载入程序找到相关信息,OLL载入程序过程如下:输入注册信息:注册名;mwd 单位:DFCG
注册码:121212。
================================================================================
:005902D5 E82A3CE7FF call 00403F04----------------------断点
:005902DA 8D55F4 lea edx, dword ptr [ebp-0C]
:005902DD 8B8704030000 mov eax, dword ptr [edi+00000304]
:005902E3 E89498EAFF call 00439B7C
:005902E8 8B45F4 mov eax, dword ptr [ebp-0C]-----机器码06949525555565549545648送EAX
:005902EB 8D55FC lea edx, dword ptr [ebp-04]
:005902EE E8ED97E7FF call 00409AE0
:005902F3 8B45FC mov eax, dword ptr [ebp-04]----机器码06949525555565549545648送EAX
:005902F6 E8893EE7FF call 00404184
:005902FB 8BF0 mov esi, eax---------------ESI=机器码的位数
:005902FD 85F6 test esi, esi-------------------是否空
:005902FF 7E32 jle 00590333-------------------不是继续
:00590301 BB01000000 mov ebx, 00000001---------------EBX置1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00590331(C)
|
:00590306 8D45F0 lea eax, dword ptr [ebp-10]
:00590309 8B55FC mov edx, dword ptr [ebp-04]-----机器码06949525555565549545648送EAX
:0059030C 0FB6541AFF movzx edx, byte ptr [edx+ebx-01]---依次取机器码送EDX
:00590311 83EA30 sub edx, 00000030------------------再依次减30
:00590314 03D3 add edx, ebx--------------------再加EBX
运算结果:第1次:EDX=30-30+1=1 13:EDX=36-30+13=19
2:EDX=36-30+2=8 14:EDX=35-30+14=19
3:EDX=39-30+3=12 15:EDX=35-30+15=20
4:EDX=34-30+4=8 16:EDX=34-30+16=20
5:EDX=39-30+5=14 17:EDX=39-30+17=26
6:EDX=35-30+6=11 18:EDX=35-30+18=23
7:EDX=32-30+7=9 19:EDX=34-30+19=23
8:EDX=35-30+8=13 20:EDX=35-30+20=25
9:EDX=35-30+9=14 21:EDX=36-30+21=27
10:EDX=35-30+10=15 22:EDX=34-30+22=26
11:EDX=35-30+11=16 23:EDX=38-30+23=31
12:EDX=35-30+12=17
* Possible StringData Ref from Data Obj ->"YELK456DFAO-FDI446ZXDPLMGWT-T4548OYXMLYASDF-LK"
->"1387DFDFASPZ-PD132LJD-FDMXCMQI-NDFLDKO-ALCMADO"
->"EEILAD-JEISOJKO-KDMCINJFDSWAEW"
|
:00590316 B918045900 mov ecx, 00590418------------指向上面字符串
:0059031B 8A5411FF mov dl, byte ptr [ecx+edx-01]---在字符串中依次取出EDX的值所对应的字符
依次为:YD-DDOFFDI44ZZXXWLLGTW5这就是注册码了~!!!!
:0059031F E8883DE7FF call 004040AC
:00590324 8B55F0 mov edx, dword ptr [ebp-10]
:00590327 8D45F8 lea eax, dword ptr [ebp-08]
:0059032A E85D3EE7FF call 0040418C
:0059032F 43 inc ebx------------------------加1
:00590330 4E dec esi----------------------减1
:00590331 75D3 jne 00590306---------直到为0,否则继续向上循环
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005902FF(C)
|
:00590333 8D55EC lea edx, dword ptr [ebp-14]
:00590336 8B870C030000 mov eax, dword ptr [edi+0000030C]
:0059033C E83B98EAFF call 00439B7C
:00590341 8B55EC mov edx, dword ptr [ebp-14]-------假码送入EDX
:00590344 8B45F8 mov eax, dword ptr [ebp-08]-------真码送入EAX
:00590347 E8483FE7FF call 00404294---------------------比较是否相等
:0059034C 7572 jne 005903C0-----------------不能跳!跳玩完~!
改7572为7472即可爆破~!!
* Possible StringData Ref from Data Obj ->"PrtMonit.ini"
|
:0059034E B99C045900 mov ecx, 0059049C
:00590353 B201 mov dl, 01
* Possible StringData Ref from Data Obj ->"G"
|
:00590355 A1E4C54700 mov eax, dword ptr [0047C5E4]
:0059035A E82DC3EEFF call 0047C68C
:0059035F 8BD8 mov ebx, eax
:00590361 8D55E8 lea edx, dword ptr [ebp-18]
:00590364 8B870C030000 mov eax, dword ptr [edi+0000030C]
:0059036A E80D98EAFF call 00439B7C
:0059036F 8B45E8 mov eax, dword ptr [ebp-18]
:00590372 50 push eax
* Possible StringData Ref from Data Obj ->"RegNO"
|
:00590373 B9B4045900 mov ecx, 005904B4
* Possible StringData Ref from Data Obj ->"RegInformation"
|
:00590378 BAC4045900 mov edx, 005904C4
:0059037D 8BC3 mov eax, ebx
:0059037F 8B18 mov ebx, dword ptr [eax]
:00590381 FF5304 call [ebx+04]
* Possible StringData Ref from Data Obj ->"注册成功,感谢您对我们的支持!"
|
:00590384 B8DC045900 mov eax, 005904DC
:00590389 E8761CEDFF call 00462004
:0059038E A158935900 mov eax, dword ptr [00599358]
:00590393 8B00 mov eax, dword ptr [eax]
:00590395 8B80B4050000 mov eax, dword ptr [eax+000005B4]
:0059039B 33D2 xor edx, edx
:0059039D E8E6E6EDFF call 0046EA88
:005903A2 A104935900 mov eax, dword ptr [00599304]
:005903A7 C60001 mov byte ptr [eax], 01
:005903AA A158935900 mov eax, dword ptr [00599358]
:005903AF 8B00 mov eax, dword ptr [eax]
:005903B1 8B80D8040000 mov eax, dword ptr [eax+000004D8]
:005903B7 33D2 xor edx, edx
:005903B9 E82ADAECFF call 0045DDE8
:005903BE EB0A jmp 005903CA
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0059034C(C)
|
* Possible StringData Ref from Data Obj ->"注册码错误!"
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>