ÒÆ»¨½ÓľÇÉÃîCrack 1stOptv1.5 Demo
×·±¾ËÝÔ´ÇáËÉKeygen 1stOptv1.0
¡¾ÎÄÕ±êÌâ¡¿: ÒÆ»¨½ÓľÇÉÃîCrack 1stOptv1.5 Demo
×·±¾ËÝÔ´ÇáËÉKeygen 1stOptv1.0
¡¾ÎÄÕÂ×÷Õß¡¿: winndy
¡¾ÁªÏµ·½Ê½¡¿: CNwinndy@hotmail.com
¡¾Ä¿ ±ê¡¿: 1stOptv1.5 Demo : http://www.7d-soft.com/cn/index.htm
1stOptv1.0
Auto2Fit3.0
¡¾Ê¹Óù¤¾ß¡¿: OllyICE¡¢DEDE¡¢OllyDump²å¼þ¡¢CodeHelper²å¼þ
¡¾²Ù×÷ƽ̨¡¿: Windows2003 Server
¡¾×÷ÕßÉùÃ÷¡¿: ±¾ÎÄ´¿Êô¼¼Êõ½»Á÷£¬Ö»×÷ѧϰʹÓ㬲»µÃÓÃÓÚÉÌÒµÓÃ;¡£×ªÔØÇë×¢Ã÷×÷Õß²¢
±£³ÖÎÄÕµÄÍêÕû¡£Ê§ÎóÖ®´¦¾´ÇëÖîλ´óÏÀ´Í½Ì!
¡¾ÎÄÕ½ṹ¡¿: Ò»¡¢½Ò¿ªÃÔÎí£º1stOptv1.5 ÊǸö Demo
: ¶þ¡¢ÒÆ»¨½Óľ£º1stOptv1.0¹¦ÄÜÆëÈ«
: Èý¡¢×·±¾ËÝÔ´£ºAuto2Fit v3.0ºÍTHKStreams Delphi Component
: ËÄ¡¢ÐÞ¸´Bug£º°ï×÷ÕßÐÞ¸´£¬Í¬Ê±Ñ§Ï°Inline Patch
¡¾Ïêϸ¹ý³Ì¡¿:
Ò»¡¢½Ò¿ªÃÔÎí£º1stOptv1.5 ÊǸö Demo
1.ÍÑ¿Ç£ºAspack ѹËõ£¬µ½´ïOEPºóÖ±½ÓÓÃOllyDump(ȱʡ²ÎÊý)ÍÑ¿Ç£¬¿ÉÒÔÔËÐС£
2.δÔËÐа汾µÄÏÞÖÆ£º
¢Ù¹ØÓÚ´°¿ÚÉÏÏÔʾ¡°Î´×¢²á°æ¡±¡£
¢ÚÓÒ¼ü¸´Öƽá¹ûʱ£¬µ¯³öMessageBox¡°Î´×¢²á°æ²»Äܽø½á¹û¸´ÖƲÙ×÷£¡¡±¡£
¢Û´úÂë±¾ÉÏÓÒ¼üÕ³Ìù£¬µ¯³öMessageBox¡°Î´×¢²á°æ²»ÄܽøÐÐÕ³Ìù²Ù×÷£¡¡±¡£
¢ÜË«»÷×ó²àÎļþä¯ÀÀÆ÷ÖеÄExampleÎļþ£¬´°¿Ú±êÌâºó[]ÄÚÊÇÎļþµÄȫ·¾¶£¬
ÐÞ¸ÄExampleÎļþºó£¬µã±£´æ£¬µ¯³öMessageBox¡°Î´×¢²á°æ²»Äܱ£´æΪ¡®.mff¡¯¸ñʽ£¡¡±¡£
¢ÝÈôн¨Ò»¸ö´úÂëÎļþ£¬Ôò´°¿Ú±êÌâºó[]ÄÚÊÇUntitled1£¬µã±£´æ£¬µ¯³ö±£´æ¶Ô»°¿ò£¬saveºó²»µ¯³öÈκζԻ°¿ò(1.0Öлᵯ³öMessageBox¡°Î´×¢²á°æ²»Äܱ£´æΪ¡®.mff¡¯¸ñʽ£¡¡±)£¬µ«Êµ¼ÊÉÏÎļþûÓб£´æ£¬¶øÇÒ´°¿Ú±êÌâ²»º¬Â·¾¶¡£
¢ÞÔÚн¨Ò»¸ö´úÂëÎļþÇ°£¬Ë«»÷×ó²àÎļþä¯ÀÀÆ÷ÖеÄÎļþ£¬´°¿Ú±êÌâËæןı䣬µ«ÔÚн¨Ò»¸ö´úÂëÎļþºó£¬Ò²¾ÍÊÇ´°¿Ú±êÌâ±äΪ[Untitled1]ºó£¬ÔÙË«»÷×ó²àÎļþä¯ÀÀÆ÷ÖеÄÎļþ£¬´°¿Ú±êÌâ²»Ôٸı䡣עÒ⣺ÔÚ1.0°æµÄʹÓðæÖв»´æÔÚÕâ¸öÏÖÏó¡£
¢ßµã¡°±à¼¡±£¬ÔÙ¡°²åÈ롱£¬Ôٵ㡰ÎļþÊý¾Ý¡±£¬µ¯³öMessageBox ¡°Î´×¢²á°æ²»ÄܽøÐÐÊý¾Ý²åÈë²Ù×÷£¡¡±¡£
¢àËã³ö½á¹ûºó£¬ÓÒ¼üµã»÷±£´æ£¬¿ÉÒÔ¿´µ½¿ÉÒÔ±£´æΪÎı¾Îļþ£¬Ñ¡ÔñÎļþÃûºó£¬µ¯³öMessageBox ¡°Î´×¢²á°æ²»Äܱ£´æ½á¹ûÄÚÈÝ£¡¡±
3.ÔØÈë1stOpt_unpacked£¬ÓÒ¼ü²éÕҲο¼×Ö·û´®£¬ËÑË÷¡°Î´×¢²á¡±£¬ÔÚ±¾¶Î´úÂëÆðʼ´¦ÉèºÃ¶Ïµã£º
µÚÒ»´¦£º
0068E23C push ebx £»Ï¶Ï
[Ê¡ÂÔ¡]
0068E2C8 mov eax, 0068E2E0 ; δע²á°æ²»Äܽø½á¹û¸´ÖƲÙ×÷£¡
0068E2CD call 0046E9B8 ; D7.Dialogs.ShowMessage(AnsiString);
0068E2D2 pop esi
0068E2D3 pop ebx
0068E2D4 retn
µÚ¶þ´¦£º
0068E300 mov eax, 0068E314 ; δע²á°æ²»ÄܽøÐÐÕ³Ìù²Ù×÷£¡
0068E305 call 0046E9B8 ; D7.Dialogs.ShowMessage(AnsiString);
0068E30A retn
µÚÈý´¦£º
0068E330 push ebp
[Ê¡ÂÔ¡]
0068E341 mov eax, 0068E36C ; δע²á°æ²»Äܱ£´æΪ.mffÎļþ£¡
0068E346 call 0046E9B8 ; D7.Dialogs.ShowMessage(AnsiString);
[Ê¡ÂÔ¡]
µÚËÄ´¦£º
0069F404 mov eax, 0069F418 ; δע²á°æ²»ÄܽøÐвåÈëÊý¾Ý²Ù×÷£¡
0069F409 call 0046E9B8 ; D7.Dialogs.ShowMessage(AnsiString);
0069F40E retn
ÔÚ½øÐе÷ÊÔµÄʱºò£¬¸ù±¾ÕÒ²»µ½Ò»¸ö¿ÉÒÔÌøµ½Êµ¼ÊÖ´ÐгÌÐò¹¦Äܵĵط½£¬¼´Ê¹ÊÇÏòÉÏÃæµÄcall×·£¬Ò²»¹ÊǺÁÎÞÍ·Ð÷¡£¿ªÊ¼»³ÒÉÕâ¾ÍÊÇDemo°æ¡£¸É´à°Ñ1.0µÄÄÃÀ´¿´¿´£¬¶Ô±Èһϣ¬¿´ÓÐʲôֵµÃ½è¼øµÄ²Î¿¼µÄµØ·½¡£
ÔÚÍøÑÛÌìÏ£¬ÓÐƪ±¬ÆƵÄÎÄÕ£º
ÍêÃÀ±¬ÆÆ1stOpt1.0ÊýѧÓÅ»¯·ÖÎö×ۺϹ¤¾ßÈí¼þ°ü
¡¾ÆÆÎÄ×÷Õß¡¿luzhmu
¸úÁËһϣ¬¹Ø¼üµãÔÚÓÚ
0062A954 mov eax, ebx
Ç°ÃæÔòÓУº
0062A8E9 xor ebx, ebx //¸ÄΪmov bl, 1¾Í¿ÉÒÔÁË
0062A8EB jmp short 0062A8EF
0062A8ED mov bl, 1
0062A8EF xor eax, eax
ÏëÒª±¬ÆƵĻ°£¬½«xor ebx, ebx¸ÄΪmov bl, 1¾Í¿ÉÒÔÁË£¬¶¼ÊÇ2¸öbytes¡£
±¬Æƺ󣬷¢ÏÖÒ»¸öÆæ¹ÖµÄÏÖÏó£¬ÔËÐÐÍ걬ÆƺóµÄexeÎļþ£¬1stOpt.dll¾Í±ä³ÉÕýʽע²áÎļþÁË£¬¼´ÔÙÔËÐÐÔÎļþ£¬ÈÔÏÔʾע²á³É¹¦¡£¿´À´£¬³ÌÐòÔÚУÑéÍê1stOpt.dllºó£¬ÖØÐÂдÁË×¢²áÎļþ¡£Õâ¾Í¼¤ÆðÁËÎÒдע²á»úµÄÏë·¨¡£±ð¼±¡£
ÔÚ¸ú×Ù1.0µÄʱºò£¬ÎÒ¿´µ½½âÂë³öºÜÆæ¹ÖµÄ×Ö·û´®£º
0062A7E0 call [ecx+5C]
Õâ¾äÖ´ÐÐÖ®ºó£¬d [edx],¿ÉÒÔÔÚÄÚ´æÖп´µ½£º
00CB8030 €?0€?DCHTTVVUPNWORWQVDAFGM
00CB8050 G..BHASQMMPQMJOMYAFKATXV..SYUWVC
00CB8070 TWHIHIUDABLMKWP..TFLDDBEQKSXWVLJ
[Ê¡ÂÔºóÃæµÄ¡]
×Ðϸ¿´¿´ÕâЩ×Ö·û´®£¬¼ÐÔÓ×Å£ºÓû§Ãû(xycheng)£¬CPUID£¬HardDiskID£¬1.0(˶¼²ÂµÃµ½ÊÇ°æ±¾ºÅ).
תÄîÒ»Ï룬ҪÊÇÎÒ°Ñ1.5µÄ1stOpt.dllÄÃÀ´£¬°Ñ°æ±¾ºÅ¸ÄΪ1.5£¬ÄDz»¾Í¿ÉÒԵõ½Ò»¸ö1.5µÄÕýʽ°æ×¢²áÎļþÂ𣿻á³öÏÖMessageBox¡°°æ±¾ºÅ²»Í¬¡±£¬ºÜÈÝÒ×ÕÒµ½lstrcmp,°ÑËüÌø¹ý£¬µÃµ½1.5°æµÄÕýʽע²áÎļþ¡£
Âú»³¼¤¶¯µÄÐÄÇ飬°Ñ1stOpt.dll·Åµ½1.5Ŀ¼ÏÂÈ¥£¬ÈÔÈ»ÊÇδע²á¡£ÄѵÀËã·¨¸Ä±äÁË£¿ÄÇÄãÖÁÉÙÒ²µÃ¶ÁÕâ¸ö1stOpt.dllÎļþ°É¡£ËÑË÷×Ö·û´®£¬Î´ÕÒµ½£»¸É´àɾÁËÕâ¸ö1stOpt.dll£¬¿´Ä㱨´í²»£¬½á¹ûËü²»Àí²Ç¡£ÔÚ1.0Ï£¬Ôò»á±¨¡°È±ÉÙ¿âÎļþ¡±µÄ´í¡£
ÔٱȽÏÒ»ÏÂ1.0ºÍ1.5µ¯³ö¡°Î´×¢²á°æ²»ÄÜ¡¡±µÄ´úÂ룬·¢ÏÖ1.5¸ù±¾¾Í²»°üº¬Õýʽ¹¦ÄܵĴúÂë¡£
ÔÎËÀÁË£¡¾ÍÎÞ·¨ÆƽâÁËÂð£¿
¶þ¡¢ÒÆ»¨½Óľ£º1stOptv1.0¹¦ÄÜÆëÈ«
¹þ¹þ£¬ÐÒºÃ1.0µÄ´úÂ빦ÄÜÊÇÆëÈ«µÄ£¬ºÎ²»°Ñ1.0µÄ´úÂëÄõ½1.5ÖÐÀ´Ê¹ÓÃÄØ£¿ÕâÁ½¸ö°æ±¾²î±ð²»´ó£¬Ó¦¸ÃÊÇûÎÊÌâµÄ¡£×îºóÊÇÒÆÖ²³É¹¦£¬ÐÒ¿÷²»ÒªÎÒÈ¥ÐÞ¸ÄImport Table£¬.
ÉÏÃ棬ÒѾµÃµ½×¢²áÎļþÁË£¬ÓÐÁËÕýʽ°æ1.0¡£·Ö±ðÓÃOD´ò¿ª1.0ºÍ1.5£¬ÕÒµ½Ïà¶ÔÓ¦µÄµØ·½£¬ÓÃÄã×îϲ»¶µÄÊ®Áù½øÖƱ༹¤¾ß(ÎÒÓÃwinhex£¬shooo½ÌÎÒÓõģ¬)°Ñ1.0µÄ´úÂ븴ÖƵ½1.5ÀïÃæÈ¥¡£1.5µÄ´úÂëºÜ¶Ì£¬¿Õ¼ä²»¹»£¬Ìøµ½Ò»¸ö¿Õ°×µØ·½ÔÚ½øÐи´ÖÆ¡£¸´ÖÆÍêÒ»¸ö¹¦ÄÜ£¬¾Í´ò¿ªOD½øÐе÷ÊÔ£¬ÖªµÀÕâ¸ö¹¦Äܵ÷ÊԺã¬ÔÙ¸´ÖÆÏÂÒ»¸ö¹¦ÄÜ¡£
µÚÒ»´¦£º
1.5ÐÞ¸ÄÇ°
0068E2C8 mov eax, 0068E2E0 ; δע²á°æ²»Äܽø½á¹û¸´ÖƲÙ×÷£¡
0068E2CD call 0046E9B8 ; D7.Dialogs.ShowMessage(AnsiString);
0068E2D2 pop esi
0068E2D3 pop ebx
0068E2D4 retn
Ð޸ĺó£º
0068E2C8 mov eax, [esi+394]
0068E2CE call 005262A0
0068E2D3 pop esi
0068E2D4 pop ebx
0068E2D5 retn
1.0ÖÐÊÇ£º
00683530 mov eax, [esi+394]
00683536 call 0050D820
0068353B pop esi
0068353C pop ebx
0068353D retn
µÚ¶þ´¦£º
1.5Ð޸ĺó£º
0068E300 push ebx
0068E301 push esi
0068E302 mov ebx, eax
[Ê¡ÂÔ¡]
0068E329 jmp 006D0156 ;¿Õ¼ä²»¹»£¬Ìøµ½ÆäËûµØ·½È¥
006D0156 jge short 006D0173
[Ê¡ÂÔ¡]
006D017B pop ebx
006D017C retn
1.5ÐÞ¸ÄÇ°£º
0068E300 mov eax, 0068E314 ; δע²á°æ²»ÄܽøÐÐÕ³Ìù²Ù×÷£¡
0068E305 call 0046E9B8 ; D7.Dialogs.ShowMessage(AnsiString);
0068E30A retn
1.0ÖУº
00683540 . 53 push ebx ; Paste
00683541 . 56 push esi
[Ê¡ÂÔ¡]
006835A5 . 5B pop ebx
006835A6 . C3 retn
µÚÈý´¦£º
1.5Ð޸ĺó£º
0068E330 jmp 006D0180 ; ¿Õ¼ä²»¹»£¬jmp to save .mff
006D0180 push ebp ; save .mff file fixed code
006D0181 .mov ebp, esp
006D0183 add esp, -28
[Ê¡ÂÔ¡]
006D01AD push ebp
006D01AE push 006D03FF
006D01B3 push dword ptr fs:[eax]
006D01B6 mov fs:[eax], esp
006D01B9 mov eax, [6D91D8]
[Ê¡ÂÔ¡]
006D01D9 mov eax, [41712C]
006D01DE call 004036EC ; D7.System.TObject.Create(TObject;Boolean);
[Ê¡ÂÔ¡]
006D01F3 mov edx, 006D0418 ; ASCII "1stOpt File"
006D0202 mov edx, [6D88CC] ; 1.5
006D0208 . E8 7B45D3FF call 00404788
[Ê¡ÂÔ¡]
006D03CE mov eax, [6D91D8]
006D03D3 mov eax, [eax]
006D03D5 xor edx, edx
006D03D7 call 004629AC
006D03DC xor eax, eax
006D03DE pop edx
006D03DF pop ecx
006D03E0 pop ecx
006D03E1 mov fs:[eax], edx
006D03E4 push 006D0406
006D03E9 lea eax, [ebp-28]
006D03EC mov edx, 4
006D03F1 call 00404588
006D03F6 lea eax, [ebp-8]
006D03F9 call 00404564
006D03FE retn
006D03FF jmp 00403E9C £»Ìøµ½==D7.System.@HandleFinally;
006D0404 jmp short 006D03E9
006D0406 pop edi
006D0407 pop esi
006D0408 pop ebx
006D0409 mov esp, ebp
006D040B pop ebp
006D040C retn 0C
1.5ÐÞ¸ÄÇ°£º
0068E330 push ebp
0068E331 mov ebp, esp
0068E333 xor eax, eax
0068E335 push ebp
0068E336 push 0068E359
0068E33B push dword ptr fs:[eax]
0068E33E mov fs:[eax], esp
0068E341 mov eax, 0068E36C ; δע²á°æ²»Äܱ£´æΪ.mffÎļþ£¡
[Ê¡ÂÔ¡]
1.0ÖУº
006835A8 push ebp ; ±£´æ.mffÎļþ
006835A9 mov ebp, esp
006835AB add esp, -28
[Ê¡ÂÔ¡]
µÚËÄ´¦£º
ÔÚ1.5ÖÐÐ޸ĺó£º
0069F404 jmp 006D04C0 £»¿Õ¼ä²»¹»£¬Ìøµ½±ð´¦
006D04C0 push ebp ; InsertFileData
006D04C1 mov ebp, esp
006D04C3 xor ecx, ecx
[Ê¡ÂÔ¡]
006D053D |. 90 nop £»ÔÚ1.0ÖÐУÑé×¢²áû£¬nopµô
[Ê¡ÂÔ¡]
006D054A |. 90 nop
[Ê¡ÂÔ¡]
1.5ÐÞ¸ÄÇ°£º
0069F404 mov eax, 0069F418 ; δע²á°æ²»ÄܽøÐвåÈëÊý¾Ý²Ù×÷£¡
0069F409 call 0046E9B8 ; D7.Dialogs.ShowMessage(AnsiString);
0069F40E retn
ÔÚ1.0ÖУº
00693E7C push ebp ; InsertFileData
00693E7D mov ebp, esp
00693E7F xor ecx, ecx
[Ê¡ÂÔ¡]
00693EF9 mov eax, 2
00693EFE call 0062A538 £»Ð£Ñé×¢²áûÓÐ
00693F03 test al, al
00693F05 je short 00693F76
±È½Ï1.0ºÍ1.5µÄ´úÂ룬¸´ÖƹýÀ´ºó£¬Òª×¢ÒâÐÞ¸Äcall£¬»¹ÓÐһЩ±äÁ¿£¬pushµÄ³£Á¿¡£
Ð޸ĵķ½·¨Îª£º
1.ÕÒµ½ÔÚ1.5ÖÐÓë1.0ÖÐÏàͬµÄº¯Êý£¬½øÈë1.0µÄcall£¬¸´ÖƼ¸ÐÐÄÜΨһ±êʶÕâ¸öº¯ÊýµÄ´úÂ룬Ctrl+S,ÔÚ1.5ÖÐËÑË÷£¬ÕÒµ½ºó£¬ÕÒµ½º¯ÊýÆðʼµØÖ·£¬ÐÞÕýcall¡£
2. ¾Ù¸öÀý×Ó[Àý×ӾٵĶ¼ÊǵÚÈý´¦µÄ]£º
006D01AE push 006D03FF
006D03FF jmp 00403E9C £»Ìøµ½==D7.System.@HandleFinally;
006D01AE¸½½üµÄÕâ¶Î´úÂëÊÇ°²×°SEH´¦Àíº¯ÊýµÄ£¬pushµÄÕâ¸ö³£Á¿ÊÇÌøµ½D7.System.@HandleFinallyµÄ´úÂëµÄµØÖ·¡£006D03FF ´¦µÄjmpÔòÊÇÌøµ½HandleFinally¡£
ÕâÁ½´¦¶¼ÒªÐÞ¸´¡£ÕÒ00403E9CµÄ·½·¨Í¨call¡£Push 006D03FF£¬Õâ¸ö³£Á¿¾ÍÊÇ006D03FE retnºóÃæµÄÄǾ䡣
3.Àý×Ó£º
006D01F3 mov edx, 006D0418 ; ASCII "1stOpt File"
Õâ¸öºÃÐÞ¸´£¬¹Û²ì1.0µÄ´úÂ룬¿ÉÒÔÖªµÀ£¬mov½øedxµÄ³£Á¿Ö¸ÏòÒ»¸ö×Ö·û´®¡£
4.Àý×Ó£º
006D0202 mov edx, [6D88CC] ; 1.5
ÕâÖÖ²»Ì«ºÃÐÞ¸´¡£
ͨ¹ýµ÷ÊÔ1.0£¬¿ÉÒÔ¿´µ½Ö´ÐÐ006D0202ºó£¬d [edx],¿´µ½×Ö·û´®1.0¡£µÈÎÒÃÇÐÞ¸´ºó£¬¿ÉÒÔÀ´ÑéÖ¤¡£
¾ßÌåÔõôÕÒµ½6D88CCµÄ£¬¼Ç²»Ì«ÇåÁË£¬ºÃÏñÔËÆø±È½ÏºÃ£¬^_^¡£
¶ÔÓÚ1.5ÖÖµÄ006D03CE mov eax, [6D91D8]
ÔÚ1.0ÖÖ¶ÔÓ¦µÄ´úÂëÊÇ£º006837F6 mov eax, [6C9028]
ͨ¹ýÔÚ1.0ÖÐctrl+s,ËÑË÷mov eax, [6C9028]£¬¿ÉÒԵõ½ºÃ¼¸´¦£¬ÔÚͨ¹ýijһ´¦ºÜÓÐÌصãµÄ´úÂ룬ÔÚ1.5ÖÐËÑË÷µ½Õâ¶Î´úÂ룬½ø¶øÕÒµ½1.5ÖÐÏà¶ÔÓ¦µÄmov eax, [6D91D8]¡£
ÕâÑù£¬Ëĸö»ù±¾¹¦Äܶ¼ÐÞ¸´Íê±Ï¡£»¹Óм¸¸öСµØ·½¡£
¿ÉÒÔÀûÓÃDeDe£¬ÕÒµ½½á¹ûÃæ°åÖб£´æΪÎı¾ÎļþËù¶ÔÓ¦µÄ¹ý³ÌµÄÆðʼµØÖ·£º
·´±àÒëºó£¬ÕÒµ½ËùÓеÄsave*ʼþ£¬È»ºóÈ«²¿Ï¶ϵ㣬Ôٵ㱣´æ£¬ÖжÏÔÚÄÄÀï¾ÍÊÇÄÄÀïÁË¡£
µÚÎå´¦£º
1.5ÖÐÐ޸ĺó£º
006986BC jmp 006D0670 ; Ìøµ½ÆäËûµØ·½È¥£¬Save2textClick
006986C1 nop
006D0670 push ebp ; ResultSave2TxtClick
006D0671 |. 8BEC mov ebp, esp
[Ê¡ÂÔ¡]
ÐÞ¸´µÄ·½·¨Í¬ÉÏ¡£
1.5ÐÞ¸ÄÇ°£º
006986BC push ebx
006986BD mov ebx, [eax+380]
[Ê¡ÂÔ¡]
006986F3 je short 006986FF
006986F5 mov eax, 00698750 ; δע²á°æ²»Äܱ£´æ½á¹ûÄÚÈÝ£¡
006986FA call 0046E9B8 ; D7.Dialogs.ShowMessage(AnsiString);
006986FF pop ebx
00698700 retn
1.0ÖУº
0068D01C push ebp ; Save2textClick
0068D01D mov ebp, esp
[Ê¡ÂÔ¡]
µÚÁù´¦£º½â¾öÏÞÖÆ¢Þ
DeDe·´±àÒ룬ÕÒµ½RzShellList1DblClickʼþ¡£
1.5ÖУº
0063338C push ebp ; RzShellList1DblClick
1.0ÖУº
0062C964 push ebp ; RzShellList1DblClick
ͬʱÔËÐÐ1.0ºÍ1.5£¬¹Û²ì³ÌÐòÁ÷³Ì£¬ÈÝÒ×ÕÒµ½¹Ø¼üµØ·½¡£
1.0ÖУº
0062CAC5 mov edx, 0062CCC8 ; ASCII ".mff"
0062CACA call 00404910 ; D7.System.@LStrCmp;
0062CACF je short 0062CAE3
0062CAD1 mov eax, 2
0062CAD6 call 0062A538 £»Ð£Ñé×¢²áûÓÐ
0062CADB test al, al
0062CADD je 0062CC54
0062CAE3 push 0062CCD8 ; ASCII "1stOpt - ["
0062CAE8 push dword ptr [ebp-4]
1.5ÐÞ¸ÄÇ°£º
006334D7 mov edx, 006336C8 ; ASCII ".mff"
006334DC call 00404910 ; D7.System.@LStrCmp;
006334E1 je short 0063350C
006334E3 push 006336D8 ; ASCII "1stOpt - ["
006334E8 push dword ptr [ebp-4]
ÔÚ1.0ÖÐ0062CACF je short 0062CAE3Ö±½ÓÌøµ½ÁË
0062CAE3 push 0062CCD8 ; ASCII "1stOpt - ["
¶øÔÚ1.5ÖУ¬006334E1 je short 0063350C
°Ñ006334E3 push 006336D8 ; ASCII "1stOpt - ["
Õâ¾äÌø¹ýÁË¡£
Çå³þÁË£¬°Ñ je short 0063350C Ö±½Ónopµô¡£
±£´æºóÔËÐУ¬OK£¡
µÚÆß´¦£º½â¾öн¨Îļþºó²»Äܱ£´æÎļþ(´°¿Ú±êÌâÒÑ´ø¾ø¶Ô·¾¶µÄ¿ÉÒÔ±£´æ)¡£
н¨Îļþ£¬µã¹¤¾ßÀ¸µÄ±£´æͼ±ê£¬ÖжÏÔÚÏÂÃ棺
1.5ÖУº
0068E754 push ebp ; SaveActionExecute
1.0ÖУº
00683C40 push ebp ; SaveActionExecute
ͬʱµ÷ÊÔ1.0ºÍ1.5£¬±È½ÏÁ÷³Ì£¬Õâ¸ö»¹±È½ÏÄÑÕÒ£º
1.5ÖУ¬¸úµ½ÕâÀ
006908A0 push ebp ; savefile
006908A1 mov ebp, esp
006908A3 mov ecx, 0D
[Ê¡ÂÔ¡]
00690995 . 84C0 test al, al
00690997 . 0F84 EA020000 je 00690C87
0069099D . EB 31 jmp short 006909D0 ;ÕâÊÇÐ޸ĺóµÄ´úÂë
0069099F 90 nop
006909A0 . 8BC3 mov eax, ebx
1.5ÐÞ¸ÄÇ°µÄ´úÂ룺
00690995 test al, al
00690997 je 00690C87
0069099D lea edx, [ebp-20] //Õâ¶Î´úÂëÒªÌø¹ý
006909A0 mov eax, ebx
006909A2 call 0046CC0C
006909A7 mov eax, [ebp-20]
1.0ÖУº
00685DE8 push ebp ; save2file
00685DE9 mov ebp, esp
00685DEB mov ecx, 0D
[Ê¡ÂÔ¡]
00685EDD test al, al
00685EDF je 006861DD
00685EE5 mov eax, 3
00685EEA call 0062A538 £»¼ìÑé×¢²áûÓÐ
00685EEF test al, al
00685EF1 jnz short 00685F26
00685EF3 lea edx, [ebp-20]
00685EF6 mov eax, ebx
00685EF8 call 0046CC0C
¶Ô±È1.0ºÍ1.5µÄÁ÷³Ì£¬¿ÉÒÔÕÒµ½¹Ø¼üµã¡£
н¨Îļþºó£¬´°¿Ú±êÌâÄܱäΪ¾ø¶Ô·¾¶£¬¿ÉÒÔ±£´æÎļþ¡£
µÚ°Ë´¦£ºÐ޸ĹØÓÚ´°¿ÚÖеġ°Î´×¢²á°æ¡±
ÓÃultraedit£¬ËÑË÷µ½¡°Î´×¢²á°æ¡±£¬¸ÄΪ¡° winndy¡±¡£
²»Ì«»áÐÞ¸Ä×ÊÔ´£¬Î´×¢²á°æÓÐ8¸öbytes£¬ËùÒÔÒ²¸Ã³É8¸öbytesÁË£¬ÔÚwinndyÇ°»¹¼ÓÁËÁ½¸ö¿Õ¸ñ¡£
µ½ÕâÀ1stOptv1.5ÐÞ¸´Íê±Ï¡£Ã»Ê²Ã´¼¼ÇÉ£¬ÍêÈ«ÊÇÌåÁ¦»î°¡£¡
1.0µÄ×¢²á»ú»¹Ã»×ö³öÀ´ÄØ¡£
Èý¡¢×·±¾ËÝÔ´£ºAuto2Fit v3.0ºÍTHKStreams Delphi Component
ÔÚ¸ú×Ù1stOptv1.5µÄʱºò£¬ÓÃDFMEditor²é¿´×ÊÔ´£¬¿ÉÒÔ·¢ÏÖÒ»¸öTREGFORM£¬´ò¿ªÒ»¿´£¬¡°Auto2Fit Reristration¡±£¬¡°Send Mail to CPC-X Software¡±£¬ÓÚÊÇgoogleÁ˸öAuto2Fit v3À´ÍæÍæ¡£°²×°ºó£¬½çÃæºÍ1stOptûɶÁ½Ñù£¬Ö»ÊÇAuto2FitÊÇÓ¢ÎĽçÃæ¶øÒÑ¡£Auto2FitÊÇ1stOptµÄÇ°Éí£¿ÔÚAuto2FitÖп´µ½Á˺ܶà²Î¿¼×Ö·û´®£¬Õâ¸öºÃÏñ¸üÊʺÏ×ö×¢²á»ú¡£ÏÂÃæ¾Í¸ú×ÙAuto2Fit¡£
µã¹ØÓÚ£¬Í£ÔÚÏÂÃ棺
005FB4A4 push ebp
[Ê¡ÂÔ¡]
005FB4F8 mov ecx, 005FBD60 ; ASCII "CPUHDID.txt"
005FB4FD mov edx, [ebp-38]
005FB500 call 00404808
005FB505 mov eax, [ebp-214]
005FB50B call 0040CB2C ; D7.SysUtils.FileExists(AnsiString):Boolean;
005FB510 test al, al
005FB512 jnz short 005FB588
005FB514 lea eax, [ebp-218]
005FB51A mov ecx, 005FBD60 ; ASCII "CPUHDID.txt"
¼ì²éexeµÄĿ¼ÖÐÊÇ·ñ´æÔÚCPUHDID.txt£¬Èô²»´æÔÚÔò´´½¨£¬µÚÒ»ÐÐÊÇCPUID,µÚ¶þÐÐÊÇHardDiskID¡£ºÜÈÝÒ׵õ½Éú³ÉCPUIDºÍHardDiskIDµÄËã·¨¡£Ð´×¢²á»úʱ»áÓõ½¡£
005FB9ED cmp dword ptr [6A77A8], 1
005FB9F4 je short 005FB9FF
005FB9F6 cmp dword ptr [6A77A8], 5
005FB9FD jnz short 005FBA0E
005FB9FF lea eax, [ebp-34]
005FBA02 mov edx, 005FBDEC ; ASCII " (Single User License)"
005FBA07 call 004045B8
005FBA0C jmp short 005FBA6F
005FBA0E cmp dword ptr [6A77A8], 2
005FBA15 je short 005FBA20
005FBA17 cmp dword ptr [6A77A8], 6
005FBA1E jnz short 005FBA2F
005FBA20 lea eax, [ebp-34]
005FBA23 mov edx, 005FBE0C ; ASCII " (2-4 Users License)"
005FBA28 call 004045B8 ; D7.System.@LStrLAsg(void;void;void;void);
005FBA2D jmp short 005FBA6F
[Ê¡ÂÔ¡]
ºÜÃ÷ÏÔ£¬[6A77A8]ÊÇ×¢²áµÄÀàÐÍ¡£
al=0 trial user
al=1 ,5 (Single User License)
al=2 ,6 (2-4 Users License)
al=3 ,7 (5-10 Users License)
al=4 ,8 (Site License)
1<=al<=4 "Standard Version "
5<=al<=8 "Professional Version "
ÍùÉÏÃæ¿´£¬ÓÐÁ½´¦call£º
005FB98C call 005FAC00
005FB9B8 call 005FB290
¶¼ºÜÖØÒª¡£
µÚÒ»¸öcall¶Á×¢²á±íÖеļüÖµ(ÓÐÁ½´¦)£¬¼ì²éAuto2Fit.Lic£»
µÚ¶þ¸öcall¼ì²éAFCorelib.dll¡£
¸ú½øºó»á·¢ÏÖ£ºÊ×ÏȶÁ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OfficeAF
ϵļ¸¸öÖµ£º
1. eu_id:
¡°95-120-124-111-113-115-125-126-111-124-111-110-42-96-111-124-125-115-121-110¡±
2. gc_id:6
3. st_id:
64λ¸¡µãÊý£º
00 00 00 00 E0 06 E3 40
38967.000000000000000
4. vs_id:0
×¢ÒâÖ»ÓÐÔÚgc_id=0µÄÇé¿öÏ£¬²ÉÈ¡¶ÁAuto2Fit.Lic¡£
ÆäÖÐeu_id¾¹ýÒ»¸öº¯Êý½âÃÜΪÓû§Ãû£º
005FADA5 call 005FA7A0 ; Óû§Ãû½âÃÜ
¡°95-120-124-111-113-115-125-126-111-124-111-110-42-96-111-124-125-115-121-110¡±
¾ÍÊÇUnregistered Version¡£
È»ºó»áѹÈëÕâЩ²ÎÊý£¬½øÈëÒ»¸öcall£º
005FADAA mov eax, [ebp-120] ; ̞
005FADB0 mov edx, [ebp+8] ; p_vs_id
005FADB3 mov edx, [edx] ; vs_id
005FADB5 call 005FA8C4 ; УÑélicensefile
005FADBA mov [ebp-10], eax
005FADBD cmp dword ptr [ebp-10], 0
005FADC1 jnz short 005FADDA ; Ìø
005FADC3 push 0 ; /Arg1 = 00000000
005FADC5 mov cx, [5FB210] ; |
005FADCC mov dl, 2 ; |
005FADCE mov eax, 005FB21C ; |ASCII "Missing Auto2Fit License File!"
005FADD3 call 0046E004 ; \Auto2Fit.0046E004
005FADD8 jmp short 005FADF8
Auto2Fit.LicÊÇûÓеģ¬µÃ×Ô¼º¹¹ÔìÒ»¸ö¼ÙAuto2Fit.Lic¡£
Äѵã¾ÍÔÚÓÚÕâÀïÁË£¬Äѵù¹ÔìÒ»¸ö¸ñʽ·ûºÏÒªÇóµÄAuto2Fit.Lic£¬ÄÜͨ¹ýÕâ¶ÎÑéÖ¤£¬Ã¿´Î¶¼Ëµ¡°Auto2Fit.LicÒÑË𻵡±¡£Ò»²ãÒ»²ãµÄ¸ú½øÈ¥£¬Í·¶¼´óÁË£¬½öÖªµÀµÚ3¸öbyte¿ªÊ¼£¬±ØÐëÊÇ01 02 ¡08¡£
ÔÚÕâÀ│ÁË¡£
ºóÀ´£¬²é¿´DeDe·´»ã±à³öÀ´µÄ´úÂëµÄʱºò£¬¿´µ½:
* Reference to class THKStreams
|
005FA9F8 A1DC255300 mov eax, dword ptr [$005325DC]
* Reference to : THKStreams._PROC_005327CC()
|
005FA9FD E8CA7DF3FF call 005327CC
005FAA02 8945EC mov [ebp-$14], eax
005FAA05 8B45EC mov eax, [ebp-$14]
* Reference to field THKStreams.OFFS_0024
|
005FAA08 C6402401 mov byte ptr [eax+$24], $01
005FAA0C 8B45EC mov eax, [ebp-$14]
²»½û²úÉúºÃÆæ¸Ð£¬Õâ¸öTHKStreams¾¿¾¹ÊÇʲôÀà°¡£¡£¿
Googleһϣ¬ÔÀ´ÊǸödelphi Á÷Îļþ¼ÓÃܵÄ×é¼þ£¬¿ªÔ´µÄ£¬Ì«ºÃÁË£¬ÓоÈÁË¡£
ÏÂÁË1.7µÄ£ºTHKStreams v1.7 by Harry Kakoulidis 1/2002
ÀïÃ滹Óиödemo£¬ÑÝʾTHKStreamsµÄʹÓá£
ÓÃDelphi´ò¿ª×é¼þÔ´ÂëºÍdemo ¹¤³Ì£¬×é¼þ²ÉÓÃÁËblowfish¼ÓÃܺÍLHAѹËõËã·¨¡£Ñ§Ï°ÁËÒ»ÏÂÕâЩԴÂë¡£Ò»±ß¸ú×Ù£¬Ò»±ß¶ÔÕÕÔ´Â룬ºÜÈÝÒ×¾Íʶ±ð³öÁËAuto2FitÖеÄÄÇЩcall¡£ÓÃdemo¹¤³ÌÖеÄÒ»¸ömemo£¬Éú³ÉÁËAuto2Fit.Lic¡£µ«»¹Êdzö´í£¬È»ºóÓÖgoogle£¬¶ñ²¹ÁËÒ»ÏÂTStringListµÄÓ÷¨¡£ÓÖ×Ðϸ¿´ÁË¿´demoµÄ´úÂë¡£
HKS.AddStream('MEMO1',ms); //Add it to THKStreams with ID 'MEMO1'
¹Ø¼üÔÚÉÏÃæÕâ¾ä£¬'MEMO1'Ï൱ÓÚÁ÷ÎļþÖеÄÒ»¸ö±êÇ©ÁË£¬ÔÚÎÒÃǵÄAuto2Fit.LicÖжÔÓ¦µÄ±êÇ©ÊÇʲôÄØ¡£ºóÀ´¸ú×ÙAuto2Fit£¬·¢ÏÖ±êÇ©ÊÇ'AFLicenseFile'¡£
ÖØÐÂαÔìAuto2Fit.Lic£¬¼ÌÐøµ÷ÊÔ¡£
²Î¿¼HKStreamsµÄÔ´ÂëºÍdemo¹¤³ÌµÄ´úÂ룬ÒÔ¼°DeDe·´»ã±à³öÀ´µÄ´úÂ룬»¹ÓÐCodeHelper²å¼þ£¬¿ÉÒÔ¸ø³öºÜºÃµÄ×¢ÊÍ£º
005FAAAC mov edx, 005FABA4 ; ASCII "AFLicenseFile"
005FAAB1 mov eax, [ebp-14]
005FAAB4 call 00532858
; procedure THKStreams.GetStream(const ID: string; Dest: TStream);
005FAAB9 mov edx, [ebp-10]
005FAABC mov eax, ebx
005FAABE mov ecx, [eax]
005FAAC0 call [ecx+5C] ; TStringList.LoadFromStream(TStream)
005FAAC3 mov eax, ebx
005FAAC5 mov edx, [eax]
005FAAC7 call [edx+14] ; TStringList.GetCount()
005FAACA cmp eax, 0D
005FAACD je short 005FAAD6
005FAACF mov esi, 2
005FAAD4 jmp short 005FAB2E
005FAAD6 lea ecx, [ebp-3C]
005FAAD9 xor edx, edx
005FAADB mov eax, ebx
005FAADD mov edi, [eax]
005FAADF call [edi+C]
005FAAE2 mov eax, [ebp-3C]
005FAAE5 mov edx, 005FABBC ; ASCII "auto2fit_license_file"
005FAAEA call 004048CC ; D7.System.@LStrCmp;
005FAAEF jnz short 005FAB29
005FAAF1 lea ecx, [ebp-40]
005FAAF4 mov edx, 3
005FAAF9 mov eax, ebx
005FAAFB mov edi, [eax]
005FAAFD call [edi+C]
005FAB00 mov eax, [ebp-40]
005FAB03 mov edx, [ebp-4]
005FAB06 call 004048CC ; D7.System.@LStrCmp;
005FAB0B jnz short 005FAB29
005FAB0D lea ecx, [ebp-44]
005FAB10 mov edx, 7
005FAB15 mov eax, ebx
005FAB17 mov edi, [eax]
005FAB19 call [edi+C]
005FAB1C mov eax, [ebp-44]
005FAB1F mov edx, [ebp-C]
005FAB22 call 004048CC ; D7.System.@LStrCmp;
005FAB27 je short 005FAB2E
ÉÏÃæ´úÂëÖÐÓÐ4´¦¹Ø¼üµØ·½£¬ÓúìÉ«±ê¼Ç³öÀ´¡£
µÚÒ»´¦£º005FAACA cmp eax, 0D
ÕâÊǸæËßÎÒÃÇ£¬TStringListÀïÓÐ0D(13)ÐС£
µÚ¶þ´¦£º005FAAD9 xor edx, edx
ÕâÊǸæËßÎÒÃÇ£¬µÚ0¸ö(¼´µÚ1ÐÐ)ÊÇ"auto2fit_license_file"¡£
µÚÈý´¦£º005FAAF4 mov edx, 3
µÚËÄ´¦£º005FAB10 mov edx, 7
µÚÈýºÍµÚËÄ´¦ÔÝʱ¿´²»³öÀ´£¬Ëæ±ãÌαÔìAuto2Fit.Lic£¬¼ÌÐø¸ú×Ù¡£
ºóÀ´¿ÉÒÔ¸ú×Ù³ö£¬µÚÈý´¦ÊÇÓû§Ãû£¬Óë×¢²á±íÖеÄeu_id½âÃܳöÀ´µÄÓû§ÃûÒªÒ»Ñù¡£
µÚËÄ´¦ÊÇÃÜÂ룬Õâ¸öÃÜÂëÊÇÓÉÓû§Ãû£¬¾¹ý3´¦Ö÷ÒªµÄ±ä»»Éú³ÉµÄ¡£
Fish Blowfish¼ÓÃܵÄÃÜÂëµÄµØ·½£º
00532A74 mov edx, [ebp-14] ; key
00532A77 mov eax, [ebp-8]
00532A7A call 00530338
; Procedure DecryptStream(ms : TmemoryStream; Const Key : string);
00532A7F xor eax, eax
¿ÉÒÔ¿´µ½£¬key¾ÍÊǵÚËÄ´¦µÄÃÜÂë¡£
ÓÚÊǺܿì¾ÍÉú³ÉÁËÓû§ÃûΪ¡°Unregistered Version¡±µÄAuto2Fit.LicÎļþ£¬¹ý¹Ø¡£
¼ÌÐø¸ú×Ù£¬ÓÖ¼ì²éÁíÒ»´¦×¢²á±í£º
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared\OfficeAF
ÀïÃæµÄ¼üֵͬ£º
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OfficeAF
ÐÞ¸Ä×¢²á±í£¬Ë³Àûͨ¹ý¡£
ÏÂÃæ¾Íµ½ÁËÑéÖ¤AFCorelib.dllµÄº¯ÊýÖС£
005FB2D0 mov ecx, 005FB468 ; ASCII "AFCorelib.dll"
005FB2D5 call 00404808
005FB2DA mov eax, [ebp-10]
005FB2DD call 0040CB2C ; D7.SysUtils.FileExists(AnsiString):Boolean;
005FB2E2 test al, al
005FB2E4 jnz short 005FB2F2
ÃÜÂëÔÚÕâÀïÕÒµ½£º
005FB34B mov edx, 005FB480 ; ASCII "auto2fitneuralpower"
005FB350 . E8 1F92E0FF call 00404574
Á÷±êÇ©ÈÔÈ»ÊÇ£º'AFLicenseFile'¡£
ÑéÖ¤ÀïÃæµÄÐÅÏ¢µÄ´úÂëΪ£º
005FB39A lea edx, [ebp-18]
005FB39D lea eax, [ebp-14]
005FB3A0 call 0067AA08 ; GetDiskID,CPUID
005FB3A5 lea ecx, [ebp-28]
005FB3A8 mov edx, 0C
005FB3AD mov eax, [ebp-8]
005FB3B0 mov esi, [eax]
005FB3B2 call [esi+C]
005FB3B5 mov eax, [ebp-28]
005FB3B8 mov edx, 005FB49C ; ASCII "False"
005FB3BD call 004048CC ; D7.System.@LStrCmp;
005FB3C2 jnz short 005FB404
005FB3C4 lea ecx, [ebp-2C]
005FB3C7 mov edx, 0A
005FB3CC mov eax, [ebp-8]
005FB3CF mov ebx, [eax]
005FB3D1 call [ebx+C]
005FB3D4 mov edx, [ebp-2C]
005FB3D7 mov eax, [ebp-14] ; ±È½ÏCPUID
005FB3DA call 004048CC ; D7.System.@LStrCmp;
005FB3DF je short 005FB402 £»goodboy
005FB3E1 lea ecx, [ebp-30]
005FB3E4 mov edx, 0B
005FB3E9 mov eax, [ebp-8]
005FB3EC mov ebx, [eax]
005FB3EE call [ebx+C]
005FB3F1 mov edx, [ebp-30] £»±È½ÏHardDiskID
005FB3F4 mov eax, [ebp-18]
005FB3F7 call 004048CC ; D7.System.@LStrCmp;
005FB3FC je short 005FB402 £»goodboy
TStringListÖÐindexΪ0C£º"False"
TStringListÖÐindexΪ0A£ºCPUID
TStringListÖÐindexΪ0B£ºHardDiskID
ÆäËûÈÎÒâ¡£
ÔÙαÔìAFCorelib.dll¡£
»¹ÊÇÏÔʾδע²á¡£
ºóÀ´¸ú×ÙÓÉÓû§ÃûÉú³ÉkeyµÄ¹ý³Ì¡£ÓиöµØ·½ºÜ¿ÉÒÉ¡£
ASCII "131938520"
ÓÉ13193852ºÍ0Á¬½Ó¶øÀ´¡£
13193852ÓÖÊÇÔõôÀ´µÄÄØ£¿
005FB956 cmp dword ptr [6A2BE4], 1 ; 00C9527C(13193852)
005FB95D jnz short 005FB9A5
²»¿ÉÄÜ¡£
ºóÀ´°Ñvs_id¸Ä³É²½Îª0µÄÊý£¬±ãÓÚʶ±ðºÍ¸ú×Ù¡£
005FA931 mov eax, ebx ; vs_id
005FA933 dec eax
005FA934 sub eax, 4
005FA937 jnb short 005FA943 ; >=5
005FA939 mov edi, 1 ; *****
005FA93E mov [ebp-8], ebx ; vs_id
005FA941 jmp short 005FA958
005FA943 mov eax, ebx
005FA945 add eax, -5
005FA948 sub eax, 4
005FA94B jnb short 005FA958 ; >=9
005FA94D mov edi, 2 ; edi=00C9527C
005FA952 sub ebx, 4 ; 5<vs_id<9
005FA955 mov [ebp-8], ebx ; vs_id-4
005FA958 lea edx, [ebp-20]
005FA95B mov eax, edi
005FA95D call 0040C76C ; Hex2Decimal
005FA962 lea eax, [ebp-20] ; 00C9527C
005FA965 push eax ; d [eax]:00C95958 13193852
005FA966 lea edx, [ebp-24]
005FA969 mov eax, [ebp-8]
005FA96C call 0040C76C
005FA971 mov edx, [ebp-24] ; d edx "0"
005FA974 pop eax ; d [eax] 13193852
005FA975 call 004047C4 ; D7.System.@LStrCat;
005FA97A mov eax, [ebp-20]
005FA97D call 0040C84C ; D7.SysUtils.StrToInt(AnsiString):Integer;
005FA982 imul ebx, eax, 2710 ; 317C7580,eax=0018
00C9527C(13193852)ÊDZ£´æÔÚediÖУ¬ÉÏÃæÓÐÁ½´¦¸Ä±äediµÄµØ·½£¬ÓúìÉ«±ê¼Ç³öÀ´ÁË¡£
ºóÀ´·¢ÏÖÕâ¸ö×Ö·û´®ÊÇÓÉvs_idµÃÀ´£¬vs_idÀ´¾ö¶¨×¢²á°æ±¾µÄÀàÐÍ¡£
±ê×¼°æ£ºmov edi, 1
רҵ°æ£ºmov edi, 2
Èç¹ûvs_id>=9£¬ÄÇôedi¾ÍÊÇ00C9527C(13193852)¡£
ÏÂÃæÔÙ¿´Óû§ÃûÉú³Ékey£¬¹²ÓÐÈý´¦±ä»»£º
µÚÒ»´¦£º
005FA982 imul ebx, eax, 2710 ; 317C7580,eax=0018
005FA988 push 0
005FA98A push 1317BEB ; Hex2Dec(1317BEB)= 20020203
005FA98F lea edx, [ebp-C]
005FA992 mov eax, [ebp-4]
005FA995 call 005FC364 ; Óû§Ãû±ä»»
µÚ¶þ´¦£º
005FA9BB push edx
005FA9BC push eax ; °æ±¾ºÅ3.0*1000
005FA9BD lea edx, [ebp-28]
005FA9C0 mov eax, [ebp-C]
005FA9C3 call 005FC364 ; ***
µÚÈý´¦£º
005FA9D3 mov eax, ebx
005FA9D5 cdq
005FA9D6 push edx
005FA9D7 push eax £»Int(vs_idµÃÀ´µÄ×Ö·û´®)*0x2710
005FA9D8 lea edx, [ebp-30]
005FA9DB mov eax, [ebp-C]
005FA9DE call 005FC364 ; get key
ÔÙ¿´¿´005FC364£¬Õâ¸öcallÒ²²»¸´ÔÓ£¬¿ÉÒÔÈ¥¿´×¢²á»úÔ´Â룺
function TFrmKeygen.NameTransform(var UserName:String;dwNumber:DWORD):String;
ʲô¶¼Çå³þÁË¡£
»¹Óм¸´¦Ð¡µØ·½£º
1.Óû§Ãû³¤¶ÈÇø¼ä £º[4,25]¡£
2.¡°95-120-124-111-113-115-125-126-111-124-111-110-42-96-111-124-125-115-121-110¡±
¾ÍÊÇUnregistered Version¡£
ÓÉÓû§ÃûµÄasciiµÄÊ®½øÖƼÓÉÏ10£¬µ«×îºóÒ»¸ö×Ö·û³ýÍâ¡£
3.gc_idÊÇʹÓôÎÊý
4.st_idÊÇ°²×°Ê±¼ä
ÏÂÃæ¾ÍÊÇдע²á»úÁË£¬
»¹ÓÐÒ»µãҪ˵Ã÷µÄÊÇ£º¶ÔÓÚTStringListÖв»ÒªÇóµÄ×Ö·û´®£¬¸üÍêÃÀµÄ°ì·¨ÊÇËæ»úÉú³É£¬ÎªÁ˼ò±ãÆð¼û£¬ÎÒûÓÐÕâÑùд£¬´ó¼Ò¿ÉÒÔ¿´×¢²á»úÔ´Âë¡£
ÕâÑù£¬Auto2Fit v3.0µÄ×¢²á»ú¾Íд³öÀ´ÁË£¬¹þ¹þ£¬
ÎÒÃÇÔÙÀ´Ð´1stOptv1.0µÄ×¢²á»ú°É¡£
¹Ø¼üµã¾ÍÊÇÕÒµ½keyºÍÁ÷Îļþ±êÇ©£¬ÒÔ¼°TstringListÖеĽṹ¡£1stOpt.dll²»ÓÃÎÒÃÇαÔ죬̫ºÃÁË£¡
ÔÚÕâÀïfish key£º
00535850 mov edx, [ebp-14] ; key
00535853 mov eax, [ebp-8]
00535856 call 0053310C
; Procedure DecryptStream(ms : TmemoryStream; Const Key : string);
0053585B xor eax, eax
»á·¢ÏÖkey=mfit£¬Êdz£Á¿¡£
Á÷Îļþ±êÇ©ÔÚÕâÀïÕÒµ½£º
0062A7CB mov edx, 0062A978 ; ASCII "licensefile"
0062A7D0 mov eax, [ebp-8]
0062A7D3 call 00535634
; procedure THKStreams.GetStream(const ID: string; Dest: TStream);
TStringListµÄ½á¹¹ÔÚÕâÀï¿´£º
0062A7E6 mov edx, 64 ; version 1.0
0062A7EB mov eax, [ebp-18]
0062A7EE mov ebx, [eax]
0062A7F0 call [ebx+C]
0062A7F3 mov edx, [ebp-28]
0062A7F6 mov eax, 006CD8F8
0062A7FB call 004045B8
0062A800 lea ecx, [ebp-24]
0062A803 mov edx, 0A
0062A808 mov eax, [ebp-18]
0062A80B mov ebx, [eax]
0062A80D call [ebx+C]
0062A810 lea edx, [ebp-1C]
0062A813 mov eax, [ebp-24]
0062A816 call 00403360 ; StrtoInt
0062A81B mov ebx, eax ; 17(23)
0062A81D lea ecx, [ebp-24]
0062A820 mov edx, 14
0062A825 mov eax, [ebp-18]
0062A828 mov esi, [eax]
0062A82A call [esi+C]
0062A82D lea edx, [ebp-20]
0062A830 mov eax, [ebp-24]
0062A833 call 00403360 ; StrtoInt
0062A838 mov esi, eax ; 22(34)
0062A83A cmp dword ptr [ebp-1C], 0
0062A83E jnz short 0062A846
0062A840 cmp dword ptr [ebp-20], 0
0062A844 je short 0062A84D
0062A846 xor ebx, ebx
0062A848 jmp 0062A8EF
0062A84D lea ecx, [ebp-2C]
0062A850 mov edx, ebx
0062A852 mov eax, [ebp-18]
0062A855 mov ebx, [eax]
0062A857 call [ebx+C]
0062A85A mov eax, [ebp-2C]
0062A85D lea edx, [ebp-1C]
0062A860 call 00403360 ; StrtoInt
0062A865 mov [ebp-20], eax
0062A868 cmp dword ptr [ebp-1C], 0
0062A86C jnz short 0062A876
0062A86E mov eax, [ebp-20]
0062A871 mov [6CD8FC], eax
0062A876 cmp dword ptr [6CD8FC], 1E ; ¹ýÆÚ£¬30Ìì
0062A87D setg [6C8160]
0062A884 lea ecx, [ebp-30]
0062A887 mov edx, esi
0062A889 mov eax, [ebp-18]
0062A88C mov ebx, [eax]
0062A88E call [ebx+C]
0062A891 mov edx, [ebp-30]
0062A894 mov eax, 006CD8F4
0062A899 call 004045B8
0062A89E lea edx, [ebp-10]
0062A8A1 lea eax, [ebp-C]
0062A8A4 call 0069BEB0 ; GetCPUID and HardDiskID
0062A8A9 cmp dword ptr [ebp-1C], 0
0062A8AD jnz short 0062A8CC
0062A8AF lea ecx, [ebp-34]
0062A8B2 mov edx, 96
0062A8B7 mov eax, [ebp-18]
0062A8BA mov ebx, [eax]
0062A8BC call [ebx+C]
0062A8BF mov edx, [ebp-34] £»±È½ÏCPUID
0062A8C2 mov eax, [ebp-C]
; CPUID EDX 00CE8F48 ASCII "00000F29-0001080A-00004400-BFEBFBFF"
0062A8C5 call 00404910 ; D7.System.@LStrCmp;
0062A8CA je short 0062A8ED ; Òª jump
0062A8CC lea ecx, [ebp-38]
0062A8CF mov edx, 97
0062A8D4 mov eax, [ebp-18]
0062A8D7 mov ebx, [eax]
0062A8D9 call [ebx+C]
0062A8DC mov edx, [ebp-38] £»±È½ÏHardDiskID
0062A8DF mov eax, [ebp-10]
0062A8E2 call 00404910 ; D7.System.@LStrCmp;
0062A8E7 je short 0062A8ED
0062A8E9 xor ebx, ebx
0062A8EB jmp short 0062A8EF
0062A8ED mov bl, 1 £»ÖñêÖ¾
×ܽá³öÀ´TStringListµÄ½á¹¹Îª£º
1.°æ±¾ºÅ£ºIndexΪ0x64
0062A7E6 mov edx, 64 ; version 1.0
2.ʹÓÃÌìÊýindexµÄÖ¸ÕëÔÚ0A
0062A803 mov edx, 0A ; Ascii 23
3.Óû§ÃûµÄindexµÄÖ¸ÕëµÄ0x14
0062A820 mov edx, 14 ; Ascii 34
4. index£ºox23£¬×Ö·û´®0 £¬ÊÇʹÓÃÌìÊý <=30
5.index£º0x34£¬×Ö·û´®"xycheng"£¬ÊÇÓû§Ãû
6.index£º0x96£¬Ö¸ÏòCPUID
7.index£º0x97£¬Ö¸ÏòHardDiskID
ÆäÖУ¬Ö»ÒªCPUIDºÍHardDiskIDÖ®Ò»Óë±¾»úµÄÏàͬ£¬¾ÍÈÏΪÊÇ×¢²á³É¹¦¡£
0AºÍ0x14´¦µÄ×Ö·û´®Ó¦¸ÃÊÇËæ»úµÄ(ÔÚ·¶Î§Ö®ÄÚ)£¬Ö¸ÏòʹÓÃÌìÊýºÍÓû§ÃûµÄindex¡£
ÔÚ×¢²á»úµÄ±àдÖУ¬Îª¼ò±ã£¬¹Ì¶¨ÁË¡£ÏêϸËã·¨¼û×¢²á»úÔ´Âë¡£
1stOpt v1.0µÄ×¢²á»ú¾ÍÕâÑùÇáËɸ㶨£¬»¹Ã»ÓÐAuto2Fit v3.0¸´ÔÓ¡£
ÒªÊÇÄÜÄõ½v1.5µÄÕýʽÎļþ£¬ºÇ»¤£¬1.5µÄ×¢²áÎļþÒ²¿ÉÒÔÉú³É¡£
¼¸½üÍêÃÀÁË£¬µ«³ÌÐòÖÐËƺõÓиöbug£¬×÷ÕßÁô¸øÎÒÃǵģ¬ÔÚAuto2Fitv3.0£¬1stOptv1.0ºÍv1.5Öж¼´æÔÚ¡£ÁÐÔÚÏÂÃæÒ»½ÚÖС£
ËÄ¡¢ÐÞ¸´Bug£º°ï×÷ÕßÐÞ¸´£¬Í¬Ê±Ñ§Ï°Inline Patch
ÔÚ1stOptv1.5¡¢1.0ºÍAuto2Fit v3.0ÖУ¬Ëã·¨ÉèÖã¬Ñ¡ÏîÀ½á¹û±£´æºÍ²ÎÊýÖµ±£´æ£¬Ö»ÄÜÉèÖÃÒ»¸ö£¬Èçͼ£º
µ«ÊÇÓüüÅÌ£¬¿ÉÒÔÔÚÎı¾¿òÖÐÊäÈë·¾¶£¬ÔËÐк󣬿ÉÉú³É½á¹û±£´æÎļþºÍ²ÎÊýÖµ±£´æÎļþ¡£µ«µãÅԱߵÄÎļþ°´Å¥£¬È´²»ÄÜͬʱÉèÖÃÁ½¸öÎı¾¿òÖеÄ·¾¶¡£Õýʽע²á°æÒ²Èç´Ë£¬¿´À´ÊǸöbugÁË¡£
¼ÈÈ»1stOptv1.5 ±»Õû³ÉÕâ¸öÑù×Ó£¬ºÎ²»°ÑÕâ¸öbugÒ²ÐÞ¸´Ò»Ï¡£
0068F47A mov edx, [ebp-38]
0068F47D pop eax
0068F47E call 00404910 ; D7.System.@LStrCmp;
0068F483 jnz short 0068F4D6
0068F485 push 0
0068F487 push 0068F5E8 ; Îļþ¡±
0068F48C lea edx, [ebp-44]
0068F48F mov eax, ebx
0068F491 call 0046CC0C
0068F496 push dword ptr [ebp-44]
0068F499 push 0068F62C ; ¡°Òѱ»ÓÃÓÚ±£´æ½á¹ûÎļþ,ÇëÊÔÁíÒ»ÎļþÃû!
0068F49E lea eax, [ebp-40]
0068F4A1 mov edx, 3
0068F4A6 call 004048C0
0068F4AB mov eax, [ebp-40] ; |
0068F4AE cx, [68F620] ; |
0068F4B5 xor edx, edx ; |
0068F4B7 call 0046E8C0 ; \1stOpt_u.0046E8C0
0068F4BC jmp short 0068F4D6
0068F4BE lea edx, [ebp-48]
0068F4C1 mov eax, ebx
0068F4C3 call 0046CC0C
0068F4C8 mov edx, [ebp-48]
0068F4CB mov eax, [esi+5C8]
0068F4D1 call 0044540C ; D7.Controls.TControl.SetText(TControl;TCaption);
0068F4D6 xor eax, eax
¹Ø¼üÔÚÕâÀ0068F483 jnz short 0068F4D6
Ìøµ½ÁË 0068F4D6£¬ÕýºÃ°ÑÉÏÃæÄǸöTControl.SetTextÌø¹ýÈ¥ÁË¡£
0068F47E´¦µÄ±È½Ï£¬ÊÇ¿´½á¹ûÎļþÃûºÍ²ÎÊýÎļþÃûÏàͬ·ñ¡£
Ð޸ķ½·¨£¬ÊÇÌøµ½0068F4BE£¬
0068F483 jnz short 0068F4BE
±£´æ£¬ÔËÐУ¬OK£¡
jnz short 0068F4D6 µÄ»úÆ÷ÂëÊÇ75 51
jnz short 0068F4BE µÄ»úÆ÷ÂëÊÇ75 39
Ö»¸Ä¶¯Ò»¸öbyte¾ÍokÁË¡£
1stOpt v1.0ÖУº
006849C2 call 00404910 ; D7.System.@LStrCmp;
006849C7 jnz short 00684A1A £»Ó¦¸ÃÌøµ½00684A02
[Ê¡ÂÔ¡]
00684A02 lea edx, [ebp-48]
00684A05 mov eax, ebx
[Ê¡ÂÔ¡]
00684A15 call 0044540C
00684A1A xor eax, eax
006849C7´¦µÄ»úÆ÷ÂëÓÉ75 51¸Ä³É75 39¡£
ºÜ¼òµ¥£¬¾ÍÒ»¸öbyte£¬ÏÂÃæѧ×ŶÔv1.0À´Inline patchһϣ¬Ô½ÊǼòµ¥£¬ÓÃÀ´Ñ§Ï°ÈëÃÅÔ½ÊÇÓÐЧ¹û¡£
ÍѿǺóµÄV1.0µÄEPÊÇ
006C0608 > $ 55 push ebp
»ùµØַΪ00400000¡£
006C0608£00400000£½002C0608
ÏÂÃæÓÃultraedit´ò¿ªÎ´ÍѿǵÄ1stOpt.exe£¬ËÑË÷08 06 2C 00£¬ÕÒµ½Î¨Ò»Ò»´¦¡£
0010c4d2h: 08 06 2C 00 ; ..,.
½«Æä¸Ä³É£º0077114B(code patchµ½µÄµØ·½)£00400000£½0037114B
0010c4d2h: 4B 11 37 00 ; ..,.
Èý¸öbyte¡£ÕâÑù³ÌÐò½âѹºó£¬Ê×ÏÈÌøµ½ÎÒÃÇpatchµÄµØ·½0077114B¡£
È»ºó°Ñ006849C7´¦µÄ»úÆ÷ÂëÓÉ75 51¸Ä³É75 39¡£
ÔÙÌøµ½ÔÀ´µÄÈë¿Ú006C0608¡£
ÔÚûÓÐÍѿǵÄv1.0ÎļþÖÐдÏÂÏÂÃæµÄ»ã±à´úÂ룬ÕÒµ½»úÆ÷Â룺
0077114B C605 C8496800 39 mov byte ptr [6849C8], 39
00771152 68 08066C00 push 006C0608
00771157 C3 retn
ÔÚrva=0077114B-00400000(Imagebase)=0037114BËù¶ÔÓ¦µÄraw offset´¦Ð´ÉÏÉÏÃæµÄ»úÆ÷Âë¡£
ÓÃLordPE´ò¿ªÎ´ÍѿǵÄ1stOpt.exe£¬¿ÉÒÔ¿´µ½002C06D0ÔÚ.aspack¶Î¡£
.aspack¶ÎµÄVOffsetÊÇ00371000£¬VSizeÊÇ00002000£¬ROffsetÊÇ0010C400£¬RSizeÊÇ00001A00¡£
Roffset£½(0037114B£00371000)+ 0010C400=0010C54B
ÓÃLordPEµÄFLC¿ÉÒÔÑéÖ¤¡£
ÓÃultraeditÌøµ½offset£º0010C54B£¬È»ºóдÏÂÉÏÃæµÄ»úÆ÷Â룺
C605C8496800396808066C00C3
±£´æÖ®¡£Inline Patch³É¹¦¡£
²Î¿¼ÁË£ºhttp://www.pediy.com/bbshtml/BBS2/FORUM260.HTM
ÏÂÃæÔÙÓÃDUPÀ´×÷¸öpatcherÍæÍæ¡£
DUPºÜºÃÓá£ÓÐÐËȤµÄ»¹¿ÉÒÔ½èÖúthe aPEÀ´ÍæÍæInline patch¡£
¡¾¾Ñé×ܽ᡿:
1.¾¡¹Ü1stOptv1.5ÊǸödemo£¬µ«ÊÇv1.0ºÍv1.5µÄ¹ØÓÚÕâЩ»ù±¾¹¦ÄܵĴúÂëÓ¦¸ÃûÓиı䣬ËùÒÔ¿ÉÒÔÖ±½Ó°Ñv1.0ÖеĴúÂëÒÆÖ²µ½v1.5ÖÐÈ¥¡£ÐÒÔ˵ÄÊÇÐÞ¸´callµÄʱºò£¬¿ÉÒÔÔÚ1.5ÖÐÕÒµ½Óë1.0ÖÐÏà¶ÔÓ¦µÄº¯Êý£¬Ö÷ÒªÒ²ÊǸù¾Ýº¯ÊýµÄÌØÕ÷´úÂë²éÕÒµ½µÄ£¬Òª²»È»µÄ»°£¬ÒªÎÒÈ¥ÐÞ¸ÄImport Table£¬ÔÙµ¼ÈëÆäËûº¯Êý£¬ÀÛËÀÎÒÈ¥£¬Ò²Ðí»¹²»Ò»¶¨×öµÃ³öÀ´¡£
2.ͨ¹ý×·±¾ËÝÔ´£¬ÕÒµ½Îļþ¼ÓÃܵĺËÐÄ×齨HKStreams£¬ÕâÑù¾Í°ÑÖ÷Òª¾«Á¦¼¯ÖÐÔÚ·ÖÎöAuto2Fit v3.0µÄ×¢²á»úÖÆÉÏ£¬¶ø²»ÊǰѾ«Á¦ºÄ·ÑÔÚÄæÏòHKStreamsÉÏÁË£¬Õâ¿ÉÊǸö¿ªÔ´µÄ×é¼þ°¡£¬.·ñÔò£¬ÈÃÎÒÈ¥·ÖÎöHKStreamsµÄblowfishËã·¨ºÍLHAËã·¨£¬ÄÇÎÒÄ¥µôÎÒµÄÒâÖ¾Á¦µÄ£¬. ÕâÒ²ËãÊÇÒ»ÖÖ´Ó´ó¾Ö×ÅÊÖµÄ˼Ï룬ҲÊÇ´úÂ븴ÓõÄÕÛÉä¡£ÁíÍ⣬»á±à³Ì£¬¶ÔÓÚÄæÏò¾ßÓкܴóµÄ°ïÖú£¬ÈçDFCGµÄ¡±ÎÒÒª¡±Ëù˵µÄ£¬ÕýÏòºÍÄæÏò´ÓÀ´¾Í²»ÊǶÔÁ¢µÄ¡£
¡¾Ö л¡¿: Pediy,Unpack.cn,FCG,DFCG,PYG,FST,Exetools,ARTeam,Tuts4you,0weiµÄÅóÓÑ
¡¾É±Çàʱ¼ä¡¿:2006.09.21