【破文标题】Disk Drive Security 3.11破解分析
【破文作者】萧萧黄叶
【作者邮箱】
【作者主页】
【破解工具】PEiD,C32asm,OD
【破解平台】winxp
【软件名称】Disk Drive Security 3.11
【软件大小】543KB
【原版下载】http://www.newhua.com/soft/4824.htm
【保护方式】
【软件简介】 功能强大的磁盘安全工具,在主界面继承了所有的驱动器设置功能,并将所有可能存在的盘符列表显示。通过安全密码保护机制,能够隐藏或者锁本地磁盘、网络、软驱和USB驱动器,还可以在指定的驱动器类型中关闭自动播放功能
【破解声明】我是一只小小鸟!高手请飘过!
------------------------------------------------------------------------
【破解过程】运行程序提示要注册,随便注册了,出现错误提示:"Registration code is invalid!"
PEiD探壳:Borland Delphi 6.0 - 7.0
C32asm:
0046AC67 MOV EDX,46ADA8 \->: Registration code is invalid!
0046AC43 MOV EDX,46AD70 \->: Registration has been completed successfully!
根据反汇编结果在OD中下断点,载入程序运行,开始在这里:
0046DE7C > $ 55 PUSH EBP
0046DE7D . 8BEC MOV EBP,ESP
0046DE7F . 83C4 F0 ADD ESP,-10
F9运行,注册,我用的是123456,“OK”后断在此处:
0046AB17 |. 51 PUSH ECX
0046AB18 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0046AB1B |. 33C0 XOR EAX,EAX
0046AB1D |. 55 PUSH EBP
0046AB1E |. 68 A8AC4600 PUSH disklock.0046ACA8
0046AB23 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0046AB26 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0046AB29 |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
0046AB2C |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0046AB2F |. 8B80 AC030000 MOV EAX,DWORD PTR DS:[EAX+3AC]
0046AB35 |. E8 2260FDFF CALL disklock.00440B5C
0046AB3A |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; 假码出现在堆栈和提示框中。
0046AB3D |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
0046AB40 |. E8 EBB6FFFF CALL disklock.00466230
0046AB45 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0046AB48 |. B8 884D4700 MOV EAX,disklock.00474D88
0046AB4D |. E8 EA9EF9FF CALL disklock.00404A3C
0046AB52 |. E8 11FDFFFF CALL disklock.0046A868 ; 算法对比中心,当然要跟进!
0046AB57 |. 8845 FB MOV BYTE PTR SS:[EBP-5],AL
0046AB5A |. 807D FB 00 CMP BYTE PTR SS:[EBP-5],0
0046AB5E |. 0F84 F2000000 JE disklock.0046AC56 ; 这里是关键跳,一跳就死!
0046AB64 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0046AB67 |. C680 CC030000>MOV BYTE PTR DS:[EAX+3CC],1
0046AB6E |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
0046AB71 |. 50 PUSH EAX
0046AB72 |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
0046AB75 |. B8 C0AC4600 MOV EAX,disklock.0046ACC0 ; ASCII "B9BB8C819888AB829FBA848389829ABE849788"
0046AB7A |. E8 91BBFFFF CALL disklock.00466710
0046AB7F |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
0046AB82 |. 50 PUSH EAX
0046AB83 |. 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
0046AB86 |. B8 F0AC4600 MOV EAX,disklock.0046ACF0 ; ASCII "BE828B999A8C9F88B1C8BDBFA2AAA3ACA0A8C8"
0046AB8B |. E8 D8FDFFFF CALL disklock.0046A968
0046AB90 |. 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
0046AB93 |. A1 844D4700 MOV EAX,DWORD PTR DS:[474D84]
0046AB98 |. 59 POP ECX
0046AB99 |. E8 2EBDFFFF CALL disklock.004668CC
0046AB9E |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
0046ABA1 |. A1 884D4700 MOV EAX,DWORD PTR DS:[474D88]
0046ABA6 |. E8 ADBAFFFF CALL disklock.00466658
0046ABAB |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
0046ABAE |. 50 PUSH EAX
0046ABAF |. 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
0046ABB2 |. B8 20AD4600 MOV EAX,disklock.0046AD20 ; ASCII "BDBB8C819888AB829FBA848389829ABE849788"
0046ABB7 |. E8 54BBFFFF CALL disklock.00466710
0046ABBC |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
0046ABBF |. 50 PUSH EAX
0046ABC0 |. 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
0046ABC3 |. B8 F0AC4600 MOV EAX,disklock.0046ACF0 ; ASCII "BE828B999A8C9F88B1C8BDBFA2AAA3ACA0A8C8"
0046ABC8 |. E8 9BFDFFFF CALL disklock.0046A968
0046ABCD |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
0046ABD0 |. A1 844D4700 MOV EAX,DWORD PTR DS:[474D84]
0046ABD5 |. 59 POP ECX
0046ABD6 |. E8 95BDFFFF CALL disklock.00466970
0046ABDB |. 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
0046ABDF |. 75 44 JNZ SHORT disklock.0046AC25
0046ABE1 |. E8 CEF9F9FF CALL disklock.0040A5B4
0046ABE6 |. 83C4 F4 ADD ESP,-0C
0046ABE9 |. DB3C24 FSTP TBYTE PTR SS:[ESP] ; |
0046ABEC |. 9B WAIT ; |
0046ABED |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C] ; |
0046ABF0 |. E8 77F4F9FF CALL disklock.0040A06C ; \disklock.0040A06C
0046ABF5 |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
0046ABF8 |. 50 PUSH EAX
0046ABF9 |. 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0046ABFC |. B8 C0AC4600 MOV EAX,disklock.0046ACC0 ; ASCII "B9BB8C819888AB829FBA848389829ABE849788"
0046AC01 |. E8 0ABBFFFF CALL disklock.00466710
0046AC06 |. 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30]
0046AC09 |. 50 PUSH EAX
0046AC0A |. 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
0046AC0D |. B8 F0AC4600 MOV EAX,disklock.0046ACF0 ; ASCII "BE828B999A8C9F88B1C8BDBFA2AAA3ACA0A8C8"
0046AC12 |. E8 51FDFFFF CALL disklock.0046A968
0046AC17 |. 8B55 CC MOV EDX,DWORD PTR SS:[EBP-34]
0046AC1A |. A1 844D4700 MOV EAX,DWORD PTR DS:[474D84]
0046AC1F |. 59 POP ECX
0046AC20 |. E8 4BBDFFFF CALL disklock.00466970
0046AC25 |> A1 A0F94600 MOV EAX,DWORD PTR DS:[46F9A0]
0046AC2A |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0046AC2C |. 8B80 B0030000 MOV EAX,DWORD PTR DS:[EAX+3B0]
0046AC32 |. BA 50AD4600 MOV EDX,disklock.0046AD50 ; ASCII "Software (Ctrl+R)"
0046AC37 |. E8 2C7AFEFF CALL disklock.00452668
0046AC3C |. 6A 40 PUSH 40
0046AC3E |. B9 64AD4600 MOV ECX,disklock.0046AD64 ; ASCII "Information"
0046AC43 |. BA 70AD4600 MOV EDX,disklock.0046AD70 ; ASCII "Registration has been completed successfully!"
0046AC48 |. A1 A0FB4600 MOV EAX,DWORD PTR DS:[46FBA0]
0046AC4D |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0046AC4F |. E8 0059FFFF CALL disklock.00460554
0046AC54 |. EB 22 JMP SHORT disklock.0046AC78
0046AC56 |> B8 884D4700 MOV EAX,disklock.00474D88
0046AC5B |. E8 889DF9FF CALL disklock.004049E8
0046AC60 |. 6A 10 PUSH 10
0046AC62 |. B9 A0AD4600 MOV ECX,disklock.0046ADA0 ; ASCII "Error"
0046AC67 |. BA A8AD4600 MOV EDX,disklock.0046ADA8 ; ASCII "Registration code is invalid!"
0046AC6C |. A1 A0FB4600 MOV EAX,DWORD PTR DS:[46FBA0]
0046AC71 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0046AC73 |. E8 DC58FFFF CALL disklock.00460554
0046AC78 |> 33C0 XOR EAX,EAX
CALL 0046A868跟进:
0046A868 /$ 55 PUSH EBP
0046A869 |. 8BEC MOV EBP,ESP
0046A86B |. 83C4 F0 ADD ESP,-10
0046A86E |. 33C0 XOR EAX,EAX
0046A870 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0046A873 |. C645 FF 00 MOV BYTE PTR SS:[EBP-1],0
0046A877 |. A1 884D4700 MOV EAX,DWORD PTR DS:[474D88]
0046A87C |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
0046A87F |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0046A882 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
0046A885 |. 837D F0 00 CMP DWORD PTR SS:[EBP-10],0
0046A889 |. 74 0B JE SHORT disklock.0046A896
0046A88B |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0046A88E |. 83E8 04 SUB EAX,4
0046A891 |. 8B00 MOV EAX,DWORD PTR DS:[EAX] ; 取注册码的位数。
0046A893 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
0046A896 |> 837D F0 0E CMP DWORD PTR SS:[EBP-10],0E ; 看看注册码是不是14位,不是就跳走,不进行比较了。所以到这里只好重新来一次了,这一次用12345678901234来注册。
0046A89A |. 0F85 85000000 JNZ disklock.0046A925
继续了:
0046A8A0 |. A1 884D4700 MOV EAX,DWORD PTR DS:[474D88]
0046A8A5 |. 8038 34 CMP BYTE PTR DS:[EAX],34 ; 取注册码的第一位与34相比较。
0046A8A8 |. 0F94C0 SETE AL ; 相等为真,AL=1,不相等为假,AL=0
0046A8AB |. 83E0 7F AND EAX,7F
0046A8AE |. 0145 F8 ADD DWORD PTR SS:[EBP-8],EAX ; 将EAX的值加起来保存。
0046A8B1 |. A1 884D4700 MOV EAX,DWORD PTR DS:[474D88]
0046A8B6 |. 8078 02 36 CMP BYTE PTR DS:[EAX+2],36 ; 取注册码的第三位与36相比较。
0046A8BA |. 0F94C0 SETE AL
0046A8BD |. 83E0 7F AND EAX,7F
0046A8C0 |. 0145 F8 ADD DWORD PTR SS:[EBP-8],EAX
0046A8C3 |. A1 884D4700 MOV EAX,DWORD PTR DS:[474D88]
0046A8C8 |. 8078 03 31 CMP BYTE PTR DS:[EAX+3],31 ; 取注册码的第四位与31相比较。
0046A8CC |. 0F94C0 SETE AL
0046A8CF |. 83E0 7F AND EAX,7F
0046A8D2 |. 0145 F8 ADD DWORD PTR SS:[EBP-8],EAX
0046A8D5 |. A1 884D4700 MOV EAX,DWORD PTR DS:[474D88]
0046A8DA |. 8078 04 32 CMP BYTE PTR DS:[EAX+4],32 ; 取注册码的第五位与32相比较。
0046A8DE |. 0F94C0 SETE AL
0046A8E1 |. 83E0 7F AND EAX,7F
0046A8E4 |. 0145 F8 ADD DWORD PTR SS:[EBP-8],EAX
0046A8E7 |. A1 884D4700 MOV EAX,DWORD PTR DS:[474D88]
0046A8EC |. 8078 07 36 CMP BYTE PTR DS:[EAX+7],36 ; 取注册码的第八位与36相比较。
0046A8F0 |. 0F94C0 SETE AL
0046A8F3 |. 83E0 7F AND EAX,7F
0046A8F6 |. 0145 F8 ADD DWORD PTR SS:[EBP-8],EAX
0046A8F9 |. A1 884D4700 MOV EAX,DWORD PTR DS:[474D88]
0046A8FE |. 8078 08 36 CMP BYTE PTR DS:[EAX+8],36 ; 取注册码的第九位与36相比较。
0046A902 |. 0F94C0 SETE AL
0046A905 |. 83E0 7F AND EAX,7F
0046A908 |. 0145 F8 ADD DWORD PTR SS:[EBP-8],EAX
0046A90B |. A1 884D4700 MOV EAX,DWORD PTR DS:[474D88]
0046A910 |. 8078 0A 37 CMP BYTE PTR DS:[EAX+A],37 ; 取注册码的第十一位与37相比较。
0046A914 |. 0F94C0 SETE AL
0046A917 |. 83E0 7F AND EAX,7F
0046A91A |. 0145 F8 ADD DWORD PTR SS:[EBP-8],EAX
0046A91D |. 837D F8 07 CMP DWORD PTR SS:[EBP-8],7 ; 最后将EAX的总计与7比较,不相等就没有注册成功。
0046A921 |. 0F9445 FF SETE BYTE PTR SS:[EBP-1]
0046A925 |> 8A45 FF MOV AL,BYTE PTR SS:[EBP-1]
0046A928 |. 8BE5 MOV ESP,EBP
0046A92A |. 5D POP EBP
0046A92B \. C3 RETN
------------------------------------------------------------------------
【破解总结】注册方法很简单:
取注册码的第1、3、4、5、8、9、11位的ASC码分别与34、36、31、32、36、36、37相比较,全部相等就注册成功,其他位的数字没有特殊要求。
------------------------------------------------------------------------
【版权声明】仅限用于学习和交流目的,不得将注册内容用于商业或者非法用途,如果您喜欢该程序,得到更好的正版服务,请购买注册。
- 标 题:Disk Drive Security 3.11破解分析
- 作 者:萧萧黄叶
- 时 间:2009-06-03 13:19
- 链 接:http://bbs.pediy.com/showthread.php?t=90614