目标软件 :★Windows LockUp 1.4
软件简介: Windows LockUp是一个电脑安全防护软件,当你离开电脑时,可以设定密码,防止别人乱动你的电脑。可以设置自动手动启动密码保护,还支持省电功能、密码保护的屏幕程序、网络使用者确认等等。试用者请在序列号输入对对话框不输入就可以了。
下载地址 http://www.softheap.com/download/wlock.zip
目的: 当然是想加入BCG
工具: w32dasm
过程:
终于从失恋的阴影中走出!(太快了吧,一看就知道不是什么好鸟^_^),找个软件练练手!!!!咦??Windows Lockup?看起来不错,就你吧!!!(谁让本人心情好呢)
先用TRW2000常规查询法试了试,没啥子头绪,算了,用w32dasm看看有什么突破口吧
用language查看程序,爽!!!没加壳!
动工,动工!
打开w32dasm调进主程序,利用“串式查找”功能找到:"Sorry, this registration
code "
反复双击,发现只有一处调用!!(不错,两处以上我就不知该怎么办了,^O^)
代码如下:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A8EE3(C)
|
:004A8F0B 8BC6
mov eax, esi
:004A8F0D E8569FF5FF
call 00402E68
:004A8F12 DD05B8ED4A00
fld qword ptr [004AEDB8]
:004A8F18 D81DC88F4A00
fcomp dword ptr [004A8FC8]
:004A8F1E DFE0
fstsw ax
:004A8F20
9E
sahf
:004A8F21 7456
je 004A8F79
* Referenced by a (U)nconditional or (C)onditional
Jump at Address:
|:004A8E78 ------这么长一段的比较怀疑和注册码有关!
:004A8F23 8B07 mov eax, dword ptr [edi]
:004A8F25
E80AAFF5FF call 00403E34
:004A8F2A 83F80C cmp eax,0000000C
你输入的注册码的 位数比较小于12则完蛋
:004A8F2D 7C43 jl
004A8F72
:004A8F2F 8B07 mov eax, dword
ptr [edi]
:004A8F31 803837 cmp byte ptr [eax],37
和你输入的注册码第一位比较不是7则完蛋
:004A8F34 753C jne 004A8F72
:004A8F36
8B07 mov eax, dword ptr [edi]
:004A8F38 80780130
cmp byte ptr [eax+01], 30
和你输入的注册码第二位比较不是0则完蛋
:004A8F3C 7534
jne 004A8F72
:004A8F3E 8B07 mov eax, dword ptr
[edi]
:004A8F40 80780237 cmp byte ptr [eax+02], 37
和你输入的注册码第三位比较不是7则完蛋
:004A8F44
752C jne 004A8F72
:004A8F46 8B07
mov eax, dword ptr [edi]
:004A8F48 80780332 cmp byte ptr [eax+03], 32
和你输入的注册码第四位比较不是2则完蛋
:004A8F4C 7524
jne 004A8F72
:004A8F4E 8B07
mov eax, dword ptr [edi]
:004A8F50 80780431 cmp byte ptr [eax+04],
31
和你输入的注册码第五位比较不是1则完蛋
:004A8F54 751C jne 004A8F72
:004A8F56
8B07 mov eax, dword ptr [edi]
:004A8F58 80780943
cmp byte ptr [eax+09], 43
和你输入的注册码第十位比较不是C则完蛋
:004A8F5C 7514
jne 004A8F72
:004A8F5E 8B07 mov eax, dword
ptr [edi]
:004A8F60 80780A57 cmp byte ptr [eax+0A], 57
和你输入的注册码第十一位比较不是W则完蛋
:004A8F64 750C jne 004A8F72
:004A8F66
8B07 mov eax, dword ptr [edi]
:004A8F68 80780B4C
cmp byte ptr [eax+0B], 4C
和你输入的注册码第十二位比较不是L则完蛋
:004A8F6C 7504
jne 004A8F72
:004A8F6E B301 mov bl, 01
:004A8F70 EB07 jmp 004A8F79
* Referenced
by a (U)nconditional or (C)onditional Jump at Addresses:
|:004A8F2D(C), :004A8F34(C),
:004A8F3C(C), :004A8F44(C), :004A8F4C(C)
|:004A8F54(C), :004A8F5C(C), :004A8F64(C),
:004A8F6C(C)
|
:004A8F72 8BC7
mov eax, edi
:004A8F74 E83BACF5FF
call 00403BB4
* Referenced by a (U)nconditional
or (C)onditional Jump at Addresses:
|:004A8F21(C), :004A8F70(U)
|
:004A8F79 33C0
xor eax, eax
:004A8F7B 5A
pop edx
:004A8F7C 59
pop ecx
:004A8F7D 59
pop ecx
:004A8F7E 648910
mov dword ptr fs:[eax], edx
:004A8F81 689B8F4A00
push 004A8F9B
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004A8F99(U)
|
:004A8F86 8D45F4
lea eax, dword ptr [ebp-0C]
:004A8F89 BA02000000 mov
edx, 00000002
:004A8F8E E845ACF5FF
call 00403BD8
:004A8F93 C3
ret
:004A8F94 E92FA6F5FF
jmp 004035C8
:004A8F99 EBEB
jmp 004A8F86
:004A8F9B 8BC3
mov eax, ebx
:004A8F9D 5F
pop edi
:004A8F9E 5E
pop esi
:004A8F9F 5B
pop ebx
:004A8FA0 8BE5
mov esp, ebp
:004A8FA2 5D
pop ebp
:004A8FA3 C3
ret
:004A8FA4
FFFFFFFF BYTE 4 DUP(0ffh)
:004A8FA8 0200
add al, byte ptr [eax]
:004A8FAA 0000
add byte ptr [eax], al
:004A8FAC
44
inc esp
:004A8FAD 54
push esp
:004A8FAE 0000
add byte ptr [eax], al
:004A8FB0 FFFFFFFF
BYTE 4 DUP(0ffh)
:004A8FB4 0100
add dword ptr [eax], eax
:004A8FB6 0000
add byte ptr [eax], al
:004A8FB8
3000 xor
byte ptr [eax], al
:004A8FBA 0000
add byte ptr [eax], al
:004A8FBC FFFFFFFF
BYTE 4 DUP(0ffh)
:004A8FC0 0100
add dword ptr [eax], eax
:004A8FC2 0000
add byte ptr [eax], al
:004A8FC4
4E
dec esi
:004A8FC5 00000000000000 BYTE
7 DUP(0)
:004A8FCC 55
push ebp
:004A8FCD 8BEC
mov ebp, esp
:004A8FCF 6A00
push 00000000
:004A8FD1 53
push ebx
:004A8FD2 56
push esi
:004A8FD3 8BF0
mov esi, eax
:004A8FD5 33C0
xor eax, eax
:004A8FD7 55
push ebp
:004A8FD8 68A1904A00
push 004A90A1
:004A8FDD 64FF30
push dword ptr fs:[eax]
:004A8FE0 648920
mov dword ptr fs:[eax], esp
:004A8FE3 33DB
xor ebx, ebx
:004A8FE5 B8ACED4A00
mov eax, 004AEDAC
:004A8FEA 8BD6
mov edx, esi
:004A8FEC E817ACF5FF
call 00403C08
:004A8FF1 33C0
xor eax, eax
:004A8FF3 E858FEFFFF call 004A8E50
:004A8FF8 84C0
test al, al
:004A8FFA 7477
je 004A9073
:004A8FFC B301
mov bl, 01
:004A8FFE A020D94A00
mov al, byte ptr [004AD920]
:004A9003
50
push eax
:004A9004 8B0DB0ED4A00
mov ecx, dword ptr [004AEDB0]
:004A900A B201
mov dl, 01
:004A900C A1A8CB4900
mov eax, dword ptr [0049CBA8]
:004A9011
E84643FFFF call 0049D35C
:004A9016 8BF0
mov esi, eax
:004A9018 E8570DF6FF
call 00409D74
:004A901D 83C4F4
add esp, FFFFFFF4
:004A9020 DB3C24
fstp tbyte ptr [esp]
:004A9023
9B
wait
:004A9024 8D45FC
lea eax, dword ptr [ebp-04]
:004A9027 E8A807F6FF
call 004097D4
:004A902C 8B45FC
mov eax, dword ptr [ebp-04]
:004A902F
50
push eax
:004A9030 B9B8904A00
mov ecx, 004A90B8
:004A9035 33D2
xor edx, edx
:004A9037 8BC6
mov eax, esi
:004A9039 E88A47FFFF
call 0049D7C8
:004A903E A1ACED4A00
mov eax, dword ptr [004AEDAC]
:004A9043
50
push eax
:004A9044 B9C4904A00
mov ecx, 004A90C4
:004A9049 33D2
xor edx, edx
:004A904B 8BC6
mov eax, esi
:004A904D E87647FFFF
call 0049D7C8
:004A9052 8BC6
mov eax, esi
:004A9054 E80F9EF5FF call 00402E68
:004A9059 6A40
push 00000040
* Possible StringData Ref from Code Obj ->"Information"
|
:004A905B B9C8904A00
mov ecx, 004A90C8
* Possible StringData
Ref from Code Obj ->"Thank you for support !" 接着向上看
|
:004A9060 BAD4904A00
mov edx, 004A90D4
:004A9065 A134DC4A00
mov eax, dword ptr [004ADC34]
:004A906A 8B00
mov eax, dword
ptr [eax]
:004A906C E8B347FAFF
call 0044D824
:004A9071 EB18
jmp 004A908B
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004A8FFA(C)
|
:004A9073 6A10
push 00000010
* Possible StringData Ref from Code Obj ->"Error"
|
:004A9075 B9EC904A00
mov ecx, 004A90EC
* Possible StringData Ref from Code Obj ->"Sorry,
this registration code " 向上看
->"is invalid."
|
:004A907A BAF4904A00 mov
edx, 004A90F4
:004A907F A134DC4A00
mov eax, dword ptr [004ADC34]
:004A9084 8B00
mov eax, dword ptr [eax]
:004A9086
E89947FAFF call 0044D824
降龙十八掌最后一着:
总结:
序列号:70721****CWL
****这四位随便填
各位老大,我这样应该不算是爆破吧,呵呵!
请各位老大,前辈们指点一下!
- 标 题:申请加入BCG第二篇 (9千字)
- 作 者:lllufh
- 时 间:2001-9-16 10:47:41
- 链 接:http://bbs.pediy.com