破解管家婆辉煌网络版8.0A客户端的加密狗
应一个朋友的要求破解管家婆辉煌网络版8.0A客户端的狗,我试了一下,终于被我找到要害:
.
.
这里是一段万里长征!
.
.
.
0167:005863E6 8BF0
MOV ESI,EAX
_
0167:005863E8 A150295900 MOV
EAX,[00592950]
_
0167:005863ED 8B00
MOV EAX,[EAX]
0167:005863EF 33D2
XOR EDX,EDX
0167:005863F1 E8865EECFF CALL
0044C27C
0167:005863F6 A150295900 MOV
EAX,[00592950]
0167:005863FB 8B00
MOV EAX,[EAX]
0167:005863FD E8D283ECFF CALL
0044E7D4
0167:00586402 85F6
TEST ESI,ESI
0167:00586404 0F84F7000000 JZ
00586501 <---关键跳转,终于让我找到了!
0167:0058640A C7831406000002000000MOV DWORD PTR [EBX+00000614],00000002
0167:00586414 81FEBFAD0100 CMP
ESI,0001ADBF
0167:0058641A 7D12
JGE 0058642E <---这里跳
0167:0058641C 81EEB3AD0100 SUB
ESI,0001ADB3
0167:00586422 7424
JZ 00586448
<---这里不跳
0167:00586424 83EE05 SUB
ESI,05
0167:00586427 7443
JZ 0058646C
<---这里不跳
0167:00586429 E9A1000000 JMP
005864CF
0167:0058642E 81C64152FEFF ADD
ESI,FFFE5241
0167:00586434 83EE02 SUB
ESI,02
0167:00586437 7254
JB 0058648D
<---这里不跳
0167:00586439 83EE02 SUB
ESI,02
0167:0058643C 7470
JZ 005864AE
<---这里不跳
0167:0058643E 83EE23 SUB
ESI,23
0167:00586441 746B
JZ 005864AE
<---这里不跳
0167:00586443 E987000000 JMP
005864CF <---跳到出错!
0167:00586448 6A00
PUSH 00
0167:0058644A 6868685800 PUSH
00586868
0167:0058644F 8D45DC LEA
EAX,[EBP-24]
0167:00586452 50
PUSH EAX
==================================================================================
0167:005864CD EB1F
JMP 005864EE
0167:005864CF 6A00
PUSH 00
<---出错就跳到这里
0167:005864D1 6868685800 PUSH
00586868
0167:005864D6 8D45CC LEA
EAX,[EBP-34]
0167:005864D9 50
PUSH EAX
0167:005864DA B978685800 MOV
ECX,00586878
0167:005864DF BA54695800 MOV
EDX,00586954
0167:005864E4 B8B8685800 MOV
EAX,005868B8
0167:005864E9 E8DAE6EEFF CALL
00474BC8 <-----没有发现狗!
0167:005864EE C605D83E590001 MOV
BYTE PTR [00593ED8],01
0167:005864F5 8BC3
MOV EAX,EBX
0167:005864F7 E8D882ECFF CALL
0044E7D4
0167:005864FC E9C1020000 JMP
005867C2
0167:00586501 A1E02C5900 MOV
EAX,[00592CE0]
0167:00586506 33D2
XOR EDX,EDX
0167:00586508 8910
MOV [EAX],EDX
0167:0058650A A188275900 MOV
EAX,[00592788]
0167:0058650F 8B1590295900 MOV
EDX,[00592990]
0167:00586515 8902
MOV [EDX],EAX
0167:00586517 A1AC2D5900 MOV
EAX,[00592DAC]
0167:0058651C 33D2
XOR EDX,EDX
0167:0058651E 8910
MOV [EAX],EDX
0167:00586520 A1DC2D5900 MOV
EAX,[00592DDC]
0167:00586525 C70001000000 MOV
DWORD PTR [EAX],00000001
0167:0058652B 8D45FB LEA
EAX,[EBP-05]
0167:0058652E 8B15D82D5900 MOV
EDX,[00592DD8]
0167:00586534 8902
MOV [EDX],EAX
0167:00586536 E8015D0000 CALL
0058C23C
0167:0058653B 8A45FB MOV
AL,[EBP-05]
用HIEW找: 0f 84 f7 00 00 00 c7 83 14
改为: e9 f8 00 00 00 90 c7 83
14
搞定!
加密狗的弱点就在软件本身,高手说的不错。
大波罗破解
转载请保持完整,谢谢!
http://wdfdiablo.myetang.com
2001.10.4
- 标 题:破解管家婆辉煌网络版8.0A客户端的加密狗 (6千字)
- 作 者:大波罗
- 时 间:2001-10-5 1:08:32
- 链 接:http://bbs.pediy.com