设为首页收藏本站

 找回密码
 注册
搜索
热搜: 回贴
微赢网络技术论坛 门户 安全攻防 加密解密 查看内容

体彩霸主 2.8 的调试(浅谈DOS下全屏模式软件的调试方法),体彩霸主,其他平台

2010-1-30 18:32| 发布者: admin| 查看: 177| 评论: 0|原作者: 天仙子


体彩霸主 2.8 的调试(浅谈DOS下全屏模式软件的调试方法),体彩霸主,其他平台
2008年06月23日 星期一 下午 11:35
【破解作者】 CCDebuger

【使用工具】 TRW2000 1.23

【破解平台】 Win98

【软件名称】 体彩霸主 2.8

--------------------------------------------------------------------------------

【破解内容】



这个软件是两年前应一个朋友的要求破的,现在版本好像是3.0了,发2.8版的破解应该对它没影响吧?主要是在论坛上看到acafeel兄弟谈到此类程序的破解,感觉这类程序还是有一定的特殊性(DOS下全屏运行,独占模式,无法用OllyDBG这类Ring-3级调试器来跟踪)。现在论坛上很多兄弟刚接触的破解工具就是OllyDBG,对TRW、SoftICE缺乏了解,也算是顺便补补课吧。主要是当时调试的时候笔记并不详细,写的比较乱,现在又不大想再看 TRW 那张黑脸,大家主要是看看调试这类程序的方法。



启动TRW2000,运行体彩霸主,密码中第一个为5其余11个数随便输入(都是数字),回车,显示密码错误。不要关闭体彩霸主,切换出其DOS窗口,运行WINHEX,选定体彩霸主所在内存,查找你刚才随便输的数,找到后向上看,可看到如‘00000XXXXXX’的一组数字,把后六位记下来备用。重新启动体彩霸主,输入密码,前七位为5XXXXXX(此处的XXXXXX就是刚才在WINHEX中看到的数),后面随便输,按Ctrl+M(Ring-0级调试,Ctrl N的Ring-3级无效)调出TRW,输入命令:S 0 L FFFFFFFF '5XXXXXX’,回车,得到你输入密码的内存地址,下BPM XXXX R|W(此处XXXX为输入密码内存地址),F5继续运行体彩霸主,回车(若是用TRW,按回车没反应时请先按一下 CTRL 键),被TRW断下:



5C6C:1341 8D36C015 LEA SI,[15C0]

5C6C:1345 803C35 CMP BYTE [SI],35 ;比较第一个数是不是“5”

5C6C:1348 7503 JNZ 134D (NO JUMP) ;输入注册码按回车后中断的地方

5C6C:134A EB0B JMP SHORT 1357

5C6C:134C 90 NOP



先按F12从这个CALL里返回,在TRW2000的反汇编窗口中往上翻,在下面的08B6这一行上设个断点,重新启动体彩霸主,输入试炼码,下面开始分析:





5C6C:08B6 58 POP AX

5C6C:08B7 5A POP DX

5C6C:08B8 1F POP DS

5C6C:08B9 2EC606BC1526 MOV BYTE [CS:15BC],26

5C6C:08BF 90 NOP

5C6C:08C0 2EC606BE150C MOV BYTE [CS:15BE],0C

5C6C:08C6 90 NOP

5C6C:08C7 E8F30B CALL 14BD

5C6C:08CA 2E803EBF150C CMP BYTE [CS:15BF],0C 比较密码是否为12位

5C6C:08D0 7512 JNZ 08E4 不等则出错

5C6C:08D2 E8620A CALL 1337 跟进到下面的1341行处理

5C6C:08D5 2EC706BE120200 MOV WORD [CS:12BE],02

5C6C:08DC E88705 CALL 0E66 跟进到下面的0E66行处理

5C6C:08DF B8014C MOV AX,4C01

5C6C:08E2 CD21 INT 21 密码检测完后的显示结果



5C6C:1341 8D36C015 LEA SI,[15C0] 把输入的密码送到SI

5C6C:1345 803C35 CMP BYTE [SI],35 比较第一个数是不是5

5C6C:1348 7503 JNZ 134D 不等则出错

5C6C:134A EB0B JMP SHORT 1357

5C6C:134C 90 NOP

5C6C:134D 2EC606A61300 MOV BYTE [CS:13A6],00

5C6C:1353 90 NOP

5C6C:1354 EB47 JMP SHORT 139D

5C6C:1356 90 NOP

5C6C:1357 BB0000 MOV BX,00

5C6C:135A B90700 MOV CX,07

5C6C:135D AC LODSB 把输入密码的ASCII码一个个送到AL

5C6C:135E 2C30 SUB AL,30 输入密码的每位数字

5C6C:1360 02F8 ADD BH,AL

5C6C:1362 32D8 XOR BL,AL

5C6C:1364 E2F7 LOOP 135D 如果CX不等于0则再到135D处理,即取输入的前8个密码。

5C6C:1366 8D36C015 LEA SI,[15C0] 再把输入的密码送到SI

5C6C:136A 80FF09 CMP BH,09 处理BX高位

5C6C:136D 7605 JNA 1374

5C6C:136F 80EF0A SUB BH,0A

5C6C:1372 EBF6 JMP SHORT 136A

5C6C:1374 80C730 ADD BH,30

5C6C:1377 8AC7 MOV AL,BH 把处理后的ASCII码送到AL

5C6C:1379 3A4407 CMP AL,[SI 07] 同输入密码的第8位进行比较

5C6C:137C 7402 JZ 1380 不等则错

5C6C:137E EBCD JMP SHORT 134D

5C6C:1380 80FB09 CMP BL,09 处理BX低位

5C6C:1383 7605 JNA 138A

5C6C:1385 80EB0A SUB BL,0A

5C6C:1388 EBF6 JMP SHORT 1380

5C6C:138A 80C330 ADD BL,30

5C6C:138D 8AC3 MOV AL,BL

5C6C:138F 3A4408 CMP AL,[SI 08] 把处理后的BX低位送AL,同输入密码的第9位比较

5C6C:1392 7402 JZ 1396

5C6C:1394 EBB7 JMP SHORT 134D

5C6C:1396 2EC606A61301 MOV BYTE [CS:13A6],01

5C6C:139C 90 NOP

5C6C:139D 5A POP DX

5C6C:139E 59 POP CX

5C6C:139F 5B POP BX

5C6C:13A0 58 POP AX

5C6C:13A1 5F POP DI

5C6C:13A2 5E POP SI

5C6C:13A3 07 POP ES

5C6C:13A4 1F POP DS

5C6C:13A5 C3 RET



5C6C:0E66 2E833EBE1201 CMP WORD [CS:12BE],BYTE 01

5C6C:0E6C 7410 JZ 0E7E

5C6C:0E6E 2E833EBE1202 CMP WORD [CS:12BE],BYTE 02

5C6C:0E74 740E JZ 0E84

5C6C:0E76 2E833EBE1203 CMP WORD [CS:12BE],BYTE 03

5C6C:0E7C 740C JZ 0E8A

5C6C:0E7E B80000 MOV AX,00

5C6C:0E81 EB0D JMP SHORT 0E90

5C6C:0E83 90 NOP

5C6C:0E84 B88509 MOV AX,0985 送0985H到AX

5C6C:0E87 EB07 JMP SHORT 0E90

5C6C:0E89 90 NOP

5C6C:0E8A B80A13 MOV AX,130A

5C6C:0E8D EB01 JMP SHORT 0E90

5C6C:0E8F 90 NOP

5C6C:0E90 FC CLD

5C6C:0E91 BB3412 MOV BX,1234 1234H到BX

5C6C:0E94 BA2340 MOV DX,4023 4023H到DX

5C6C:0E97 B9F0FF MOV CX,FFF0 FFF0H到CX,设置循环次数

5C6C:0E9A 058509 ADD AX,0985

5C6C:0E9D 51 PUSH CX

5C6C:0E9E D1C8 ROR AX,1

5C6C:0EA0 03C1 ADD AX,CX

5C6C:0EA2 33D9 XOR BX,CX

5C6C:0EA4 D1CB ROR BX,1

5C6C:0EA6 03D0 ADD DX,AX

5C6C:0EA8 F7D1 NOT CX

5C6C:0EAA D3C2 ROL DX,CL

5C6C:0EAC 33C2 XOR AX,DX

5C6C:0EAE 03D8 ADD BX,AX

5C6C:0EB0 2EFF06BC12 INC WORD [CS:12BC] 把12BC的值加1,在我机器中初始值为07B0

5C6C:0EB5 81FBAC96 CMP BX,96AC 把BX同表中值一一比较

5C6C:0EB9 7503 JNZ 0EBE

5C6C:0EBB E9BDFD JMP 0C7B

5C6C:0EBE 81FBAB97 CMP BX,97AB

5C6C:0EC2 7503 JNZ 0EC7

5C6C:0EC4 E97E0B JMP 1A45

5C6C:0EC7 81FB8898 CMP BX,9888

5C6C:0ECB 7503 JNZ 0ED0

5C6C:0ECD E9A713 JMP 2277

5C6C:0ED0 81FB7699 CMP BX,9976

5C6C:0ED4 7503 JNZ 0ED9

5C6C:0ED6 E99E13 JMP 2277

5C6C:0ED9 81FB209A CMP BX,9A20

5C6C:0EDD 7503 JNZ 0EE2

5C6C:0EDF E9AA13 JMP 228C

5C6C:0EE2 81FB726A CMP BX,6A72

5C6C:0EE6 7503 JNZ 0EEB

5C6C:0EE8 E9B916 JMP 25A4

5C6C:0EEB 81FBB96A CMP BX,6AB9

5C6C:0EEF 7503 JNZ 0EF4

5C6C:0EF1 E9ADFE JMP 0DA1

5C6C:0EF4 81FB4F6B CMP BX,6B4F

5C6C:0EF8 7503 JNZ 0EFD

5C6C:0EFA E9B916 JMP 25B6

5C6C:0EFD 81FB1B6C CMP BX,6C1B

5C6C:0F01 7503 JNZ 0F06

5C6C:0F03 E9B016 JMP 25B6

5C6C:0F06 81FB2B6D CMP BX,6D2B

5C6C:0F0A 7503 JNZ 0F0F

5C6C:0F0C E9A716 JMP 25B6

5C6C:0F0F 81FB4C6E CMP BX,6E4C

5C6C:0F13 7503 JNZ 0F18

5C6C:0F15 E91517 JMP 262D

5C6C:0F18 81FB3A6F CMP BX,6F3A

5C6C:0F1C 7503 JNZ 0F21

5C6C:0F1E E96C19 JMP 288D

5C6C:0F21 81FB1770 CMP BX,7017

5C6C:0F25 7503 JNZ 0F2A

5C6C:0F27 E9BA19 JMP 28E4

5C6C:0F2A 81FB529B CMP BX,9B52

5C6C:0F2E 7503 JNZ 0F33

5C6C:0F30 E9B119 JMP 28E4

5C6C:0F33 81FB1E9C CMP BX,9C1E

5C6C:0F37 7503 JNZ 0F3C

5C6C:0F39 E96AF4 JMP 03A6

5C6C:0F3C 81FBD99C CMP BX,9CD9

5C6C:0F40 7503 JNZ 0F45

5C6C:0F42 E9C919 JMP 290E

5C6C:0F45 81FBC79D CMP BX,9DC7

5C6C:0F49 7503 JNZ 0F4E

5C6C:0F4B E9861A JMP 29D4

5C6C:0F4E 81FB939E CMP BX,9E93

5C6C:0F52 7503 JNZ 0F57

5C6C:0F54 E9121B JMP 2A69

5C6C:0F57 81FBC59F CMP BX,9FC5

5C6C:0F5B 7503 JNZ 0F60

5C6C:0F5D E9851D JMP 2CE5

5C6C:0F60 81FBA2A0 CMP BX,A0A2

5C6C:0F64 7503 JNZ 0F69

5C6C:0F66 E91C1D JMP 2C85

5C6C:0F69 81FBE56E CMP BX,6EE5

5C6C:0F6D 7503 JNZ 0F72

5C6C:0F6F E9751D JMP 2CE7

5C6C:0F72 81FB8F6F CMP BX,6F8F

5C6C:0F76 7503 JNZ 0F7B

5C6C:0F78 E9CF1D JMP 2D4A

5C6C:0F7B 81FB6C70 CMP BX,706C

5C6C:0F7F 7503 JNZ 0F84

5C6C:0F81 E9801E JMP 2E04

5C6C:0F84 81FB3871 CMP BX,7138

5C6C:0F88 7503 JNZ 0F8D

5C6C:0F8A E9491F JMP 2ED6

5C6C:0F8D 81FB3772 CMP BX,7237

5C6C:0F91 7503 JNZ 0F96

5C6C:0F93 E9401F JMP 2ED6

5C6C:0F96 81FB1473 CMP BX,7314

5C6C:0F9A 7503 JNZ 0F9F

5C6C:0F9C E9681F JMP 2F07

5C6C:0F9F 81FB4674 CMP BX,7446

5C6C:0FA3 7503 JNZ 0FA8

5C6C:0FA5 E96D1F JMP 2F15

5C6C:0FA8 81FB8678 CMP BX,7886

5C6C:0FAC 7503 JNZ 0FB1

5C6C:0FAE E9A120 JMP 3052

5C6C:0FB1 81FBD578 CMP BX,78D5

5C6C:0FB5 7503 JNZ 0FBA

5C6C:0FB7 E911FC JMP 0BCB

5C6C:0FBA 81FBEC78 CMP BX,78EC

5C6C:0FBE 7503 JNZ 0FC3

5C6C:0FC0 E9F520 JMP 30B8

5C6C:0FC3 81FB7B7F CMP BX,7F7B

5C6C:0FC7 7503 JNZ 0FCC

5C6C:0FC9 E92DFC JMP 0BF9

5C6C:0FCC 81FB7F7F CMP BX,7F7F

5C6C:0FD0 7503 JNZ 0FD5

5C6C:0FD2 E91D21 JMP 30F2

5C6C:0FD5 81FBA17F CMP BX,7FA1

5C6C:0FD9 7503 JNZ 0FDE

5C6C:0FDB E91421 JMP 30F2

5C6C:0FDE 81FB197F CMP BX,7F19

5C6C:0FE2 7503 JNZ 0FE7

5C6C:0FE4 E91121 JMP 30F8

5C6C:0FE7 81FBE74A CMP BX,4AE7

5C6C:0FEB 7503 JNZ 0FF0

5C6C:0FED E90821 JMP 30F8

5C6C:0FF0 81FBD54B CMP BX,4BD5

5C6C:0FF4 7503 JNZ 0FF9

5C6C:0FF6 E9FF20 JMP 30F8

5C6C:0FF9 81FB6852 CMP BX,5268

5C6C:0FFD 7503 JNZ 1002

5C6C:0FFF E94621 JMP 3148

5C6C:1002 81FB3453 CMP BX,5334

5C6C:1006 7503 JNZ 100B

5C6C:1008 E93722 JMP 3242

5C6C:100B 81FB3354 CMP BX,5433

5C6C:100F 7503 JNZ 1014

5C6C:1011 E9E522 JMP 32F9

5C6C:1014 81FB5158 CMP BX,5851

5C6C:1018 7503 JNZ 101D

5C6C:101A E9DC22 JMP 32F9

5C6C:101D 81FB2F58 CMP BX,582F

5C6C:1021 7503 JNZ 1026

5C6C:1023 E9D322 JMP 32F9

5C6C:1026 81FB2D58 CMP BX,582D

5C6C:102A 7503 JNZ 102F

5C6C:102C E9C9F5 JMP 05F8

5C6C:102F 81FB7358 CMP BX,5873

5C6C:1033 7503 JNZ 1038

5C6C:1035 E9C122 JMP 32F9

5C6C:1038 81FBE959 CMP BX,59E9

5C6C:103C 7503 JNZ 1041

5C6C:103E E9B822 JMP 32F9

5C6C:1041 81FB3189 CMP BX,8931

5C6C:1045 7503 JNZ 104A

5C6C:1047 E9AF22 JMP 32F9

5C6C:104A 81FB8689 CMP BX,8986

5C6C:104E 7503 JNZ 1053

5C6C:1050 E9A622 JMP 32F9

5C6C:1053 81FBCA89 CMP BX,89CA

5C6C:1057 7503 JNZ 105C

5C6C:1059 E99D22 JMP 32F9

5C6C:105C 81FBED89 CMP BX,89ED

5C6C:1060 7503 JNZ 1065

5C6C:1062 E916FC JMP 0C7B

5C6C:1065 81FB4DB1 CMP BX,B14D

5C6C:1069 7503 JNZ 106E

5C6C:106B E9B059 JMP 6A1E

5C6C:106E 81FB4CB2 CMP BX,B24C

5C6C:1072 7503 JNZ 1077

5C6C:1074 E91798 JMP A88E

5C6C:1077 81FB3AB3 CMP BX,B33A

5C6C:107B 7503 JNZ 1080

5C6C:107D E9198E JMP 9E99

5C6C:1080 81FB28B4 CMP BX,B428

5C6C:1084 7503 JNZ 1089

5C6C:1086 E9758E JMP 9EFE

5C6C:1089 81FBE3B4 CMP BX,B4E3

5C6C:108D 7503 JNZ 1092

5C6C:108F E9C08E JMP 9F52

5C6C:1092 81FBD1B5 CMP BX,B5D1

5C6C:1096 7503 JNZ 109B

5C6C:1098 E9EB8E JMP 9F86

5C6C:109B 81FBE1B6 CMP BX,B6E1

5C6C:109F 7503 JNZ 10A4

5C6C:10A1 E9F08E JMP 9F94

5C6C:10A4 81FB4ED2 CMP BX,D24E

5C6C:10A8 7503 JNZ 10AD

5C6C:10AA E9278F JMP 9FD4

5C6C:10AD 81FB80D3 CMP BX,D380

5C6C:10B1 7503 JNZ 10B6

5C6C:10B3 E9908F JMP A046

5C6C:10B6 81FB6EA1 CMP BX,A16E

5C6C:10BA 7503 JNZ 10BF

5C6C:10BC E9C78F JMP A086

5C6C:10BF 81FB7FA1 CMP BX,A17F

5C6C:10C3 7503 JNZ 10C8

5C6C:10C5 E9E692 JMP A3AE

5C6C:10C8 81FB8BA1 CMP BX,A18B

5C6C:10CC 7503 JNZ 10D1

5C6C:10CE E92206 JMP 16F3

5C6C:10D1 81FBB2A1 CMP BX,A1B2

5C6C:10D5 7503 JNZ 10DA

5C6C:10D7 E93393 JMP A40D

5C6C:10DA 81FBCC43 CMP BX,43CC

5C6C:10DE 7503 JNZ 10E3

5C6C:10E0 E9D493 JMP A4B7

5C6C:10E3 81FBA944 CMP BX,44A9

5C6C:10E7 7503 JNZ 10EC

5C6C:10E9 E9BF95 JMP A6AB

5C6C:10EC 81FB6445 CMP BX,4564

5C6C:10F0 7503 JNZ 10F5

5C6C:10F2 E96B98 JMP A960

5C6C:10F5 81FB8546 CMP BX,4685

5C6C:10F9 7503 JNZ 10FE

5C6C:10FB E9AB98 JMP A9A9

5C6C:10FE 81FBB747 CMP BX,47B7

5C6C:1102 7503 JNZ 1107

5C6C:1104 E9DC98 JMP A9E3

5C6C:1107 81FB1C49 CMP BX,491C

5C6C:110B 7503 JNZ 1110

5C6C:110D E96F7C JMP 8D7F

5C6C:1110 81FB4E4A CMP BX,4A4E

5C6C:1114 7503 JNZ 1119

5C6C:1116 E9BC7C JMP 8DD5

5C6C:1119 81FB4D4B CMP BX,4B4D

5C6C:111D 7503 JNZ 1122

5C6C:111F E9EA7C JMP 8E0C

5C6C:1122 81FB5D4C CMP BX,4C5D

5C6C:1126 7503 JNZ 112B

5C6C:1128 E92E7D JMP 8E59

5C6C:112B 81FBA03C CMP BX,3CA0

5C6C:112F 7503 JNZ 1134

5C6C:1131 E9737D JMP 8EA7

5C6C:1134 81FBB13C CMP BX,3CB1

5C6C:1138 7503 JNZ 113D

5C6C:113A E9EC7D JMP 8F29

5C6C:113D 81FBF13C CMP BX,3CF1 我的机器上运算后为此值

5C6C:1141 7503 JNZ 1146

5C6C:1143 E9DBFC JMP 0E21 跳到0E21行执行

5C6C:1146 81FB063D CMP BX,3D06

5C6C:114A 7503 JNZ 114F

5C6C:114C E9157E JMP 8F64

5C6C:114F 81FB8524 CMP BX,2485

5C6C:1153 7503 JNZ 1158

5C6C:1155 E9DC7E JMP 9034

5C6C:1158 81FB5125 CMP BX,2551

5C6C:115C 7503 JNZ 1161

5C6C:115E E9867F JMP 90E7

5C6C:1161 81FB8326 CMP BX,2683

5C6C:1165 7503 JNZ 116A

5C6C:1167 E9DA7F JMP 9144

5C6C:116A 81FB9327 CMP BX,2793

5C6C:116E 7503 JNZ 1173

5C6C:1170 E91D80 JMP 9190

5C6C:1173 81FB3D28 CMP BX,283D

5C6C:1177 7503 JNZ 117C

5C6C:1179 E93681 JMP 92B2

5C6C:117C 81FB4D29 CMP BX,294D

5C6C:1180 7503 JNZ 1185

5C6C:1182 E9D181 JMP 9356

5C6C:1185 81FB192A CMP BX,2A19

5C6C:1189 7503 JNZ 118E

5C6C:118B E9FE81 JMP 938C

5C6C:118E 81FB292B CMP BX,2B29

5C6C:1192 7503 JNZ 1197

5C6C:1194 E92982 JMP 93C0

5C6C:1197 81FB172C CMP BX,2C17

5C6C:119B 7503 JNZ 11A0

5C6C:119D E9CC98 JMP AA6C

5C6C:11A0 81FB7C2D CMP BX,2D7C

5C6C:11A4 7503 JNZ&n, bsp; 11A9

5C6C:11A6 E91C99 JMP AAC5

5C6C:11A9 81FB372E CMP BX,2E37

5C6C:11AD 7503 JNZ 11B2

5C6C:11AF E9EF99 JMP ABA1

5C6C:11B2 81FB252F CMP BX,2F25

5C6C:11B6 7503 JNZ 11BB

5C6C:11B8 E9799A JMP AC34

5C6C:11BB 81FB0241 CMP BX,4102

5C6C:11BF 7503 JNZ 11C4

5C6C:11C1 E9289B JMP ACEC

5C6C:11C4 81FBBC42 CMP BX,42BC

5C6C:11C8 7503 JNZ 11CD

5C6C:11CA E9859B JMP AD52

5C6C:11CD 81FB7743 CMP BX,4377

5C6C:11D1 7503 JNZ 11D6

5C6C:11D3 E9059C JMP ADDB

5C6C:11D6 81FB8744 CMP BX,4487

5C6C:11DA 7503 JNZ 11DF

5C6C:11DC E9449B JMP AD23

5C6C:11DF 81FB3145 CMP BX,4531

5C6C:11E3 7503 JNZ 11E8

5C6C:11E5 E9989A JMP AC80

5C6C:11E8 81FB6346 CMP BX,4663

5C6C:11EC 7503 JNZ 11F1

5C6C:11EE E97199 JMP AB62

5C6C:11F1 81FBFB25 CMP BX,25FB

5C6C:11F5 7503 JNZ 11FA

5C6C:11F7 E9FB97 JMP A9F5

5C6C:11FA 81FB1C27 CMP BX,271C

5C6C:11FE 7503 JNZ 1203

5C6C:1200 E9708F JMP A173

5C6C:1203 81FBD727 CMP BX,27D7

5C6C:1207 7503 JNZ 120C

5C6C:1209 E9E18F JMP A1ED

5C6C:120C 81FB9228 CMP BX,2892

5C6C:1210 7503 JNZ 1215

5C6C:1212 E90390 JMP A218

5C6C:1215 81FB9129 CMP BX,2991

5C6C:1219 7503 JNZ 121E

5C6C:121B E9C090 JMP A2DE

5C6C:121E 81FBC32A CMP BX,2AC3

5C6C:1222 7503 JNZ 1227

5C6C:1224 E95191 JMP A378

5C6C:1227 81FBA02B CMP BX,2BA0

5C6C:122B 7503 JNZ 1230

5C6C:122D E9AF9B JMP ADDF

5C6C:1230 81FB7D2C CMP BX,2C7D

5C6C:1234 7503 JNZ 1239

5C6C:1236 E9A69B JMP ADDF

5C6C:1239 81FB3ED1 CMP BX,D13E

5C6C:123D 7503 JNZ 1242

5C6C:123F E9629C JMP AEA4

5C6C:1242 81FBF9D1 CMP BX,D1F9

5C6C:1246 7503 JNZ 124B

5C6C:1248 E9479E JMP B092

5C6C:124B 81FBF8D2 CMP BX,D2F8

5C6C:124F 7503 JNZ 1254

5C6C:1251 E98AA0 JMP B2DE

5C6C:1254 81FBF7D3 CMP BX,D3F7

5C6C:1258 7503 JNZ 125D

5C6C:125A E9F6A0 JMP B353

5C6C:125D 81FBC3D4 CMP BX,D4C3

5C6C:1261 7503 JNZ 1266

5C6C:1263 E92EA1 JMP B394

5C6C:1266 81FBA0D5 CMP BX,D5A0

5C6C:126A 7503 JNZ 126F

5C6C:126C E9C1A2 JMP B530

5C6C:126F 81FBD12D CMP BX,2DD1

5C6C:1273 7503 JNZ 1278

5C6C:1275 E955A4 JMP B6CD

5C6C:1278 81FBAE2E CMP BX,2EAE

5C6C:127C 7503 JNZ 1281

5C6C:127E E980A3 JMP B601

5C6C:1281 81FB692F CMP BX,2F69

5C6C:1285 7503 JNZ 128A

5C6C:1287 E9E1A6 JMP B96B

5C6C:128A 81FBBD30 CMP BX,30BD

5C6C:128E 7503 JNZ 1293

5C6C:1290 E973C1 JMP D406

5C6C:1293 2E8B0EC012 MOV CX,[CS:12C0] 把12C0内值送CX,我机器中初始值为50B8

5C6C:1298 2E330EC212 XOR CX,[CS:12C2] 12C2内值与CX异或后送CX,我机器中初始值为5443

5C6C:129D 2E030EBC12 ADD CX,[CS:12BC]

5C6C:12A2 2AE9 SUB CH,CL

5C6C:12A4 2E330EBC12 XOR CX,[CS:12BC]

5C6C:12A9 2E890EC012 MOV [CS:12C0],CX 再把处理后的CX内值送到12C0

5C6C:12AE E81300 CALL 12C4

5C6C:12B1 59 POP CX

5C6C:12B2 49 DEC CX 循环次数减1

5C6C:12B3 83F900 CMP CX,BYTE 00

5C6C:12B6 7403 JZ 12BB

5C6C:12B8 E9E2FB JMP 0E9D

5C6C:12BB C3 RET



* Referenced by a CALL at Address:

|5C6C:12AE

|

5C6C:12C4 2E833EBE1202 CMP WORD PTR CS:[12BE], 0002

5C6C:12CA 7501 JNE 12CD

5C6C:12CC C3 RET



5C6C:0DAD 8D363809 LEA SI, [0938] 关键断点,把机器码的第三到第八位送到SI

5C6C:0DB1 E8F305 CALL 13A7 进行运算,参见调用①

5C6C:0DB4 8D369314 LEA SI, [1493] 第二到第七位的真注册码

5C6C:0DB8 8D3EC115 LEA DI, [15C1] 假码

5C6C:0DBC B90700 MOV CX, 0007

5C6C:0DBF F3 REPZ

5C6C:0DC0 A6 CMPSB 比较

5C6C:0DC1 E30A JCXZ 0DCD 相等则转到下一步

5C6C:0DC3 2EC6065D0E00 MOV BYTE PTR CS:[0E5D], 00

5C6C:0DC9 90 NOP

5C6C:0DCA EB4C JMP 0E18





5C6C:0DCC 90 NOP

5C6C:0DCD 2EA1C012 MOV AX, WORD PTR CS:[12C0]

5C6C:0DD1 2EA3C7EB MOV WORD PTR CS:[EBC7], AX

5C6C:0DD5 2EC706C5EB0000 MOV WORD PTR CS:[EBC5], 0000

5C6C:0DDC E851A7 CALL B530 进行运算,参见调用②

5C6C:0DDF 8D36CDEB LEA SI, [EBCD]

5C6C:0DE3 2E833EC3EB03 CMP WORD PTR CS:[EBC3], 0003

5C6C:0DE9 7311 JNB 0DFC

5C6C:0DEB C744FE3030 MOV WORD PTR [SI-02], 3030

5C6C:0DF0 C644FD30 MOV BYTE PTR [SI-03], 30

5C6C:0DF4 83EE03 SUB SI, 0003

5C6C:0DF7 2E0336C3EB ADD SI, CS:[EBC3]



* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|5C6C:0DE9(C)

|

5C6C:0DFC 8D3EC915 LEA DI, [15C9] 最后三位的假码送DI,SI内为真注册码

5C6C:0E00 B90400 MOV CX, 0004

5C6C:0E03 F3 REPZ

5C6C:0E04 A6 CMPSB 比较

5C6C:0E05 E30A JCXZ 0E11 不等则出错

5C6C:0E07 2EC6065D0E00 MOV BYTE PTR CS:[0E5D], 00

5C6C:0E0D 90 NOP

5C6C:0E0E EB08 JMP 0E18



* Referenced by a CALL at Addresses: 调用①

|5C6C:0659, 5C6C:0DB1

|

5C6C:13A7 1E PUSH DS

5C6C:13A8 06 PUSH ES

5C6C:13A9 56 PUSH SI

5C6C:13AA 57 PUSH DI

5C6C:13AB 50 PUSH AX

5C6C:13AC 53 PUSH BX

5C6C:13AD 51 PUSH CX

5C6C:13AE 52 PUSH DX

5C6C:13AF 0E PUSH CS

5C6C:13B0 07 POP ES

5C6C:13B1 8D3ECDEB LEA DI, [EBCD]

5C6C:13B5 B90500 MOV CX, 0005

5C6C:13B8 F3 REPZ

5C6C:13B9 A4 MOVSB

5C6C:13BA 0E PUSH CS

5C6C:13BB 1F POP DS

5C6C:13BC 2EC706C3EB0500 MOV WORD PTR CS:[EBC3], 0005

5C6C:13C3 E8CCA0 CALL B492 参见调用③

5C6C:13C6 8D3E9A14 LEA DI, [149A]

5C6C:13CA B000 MOV AL, 00

5C6C:13CC 2E833EC5EB00 CMP WORD PTR CS:[EBC5], 0000

5C6C:13D2 7402 JE 13D6

5C6C:13D4 B001 MOV AL, 01




收藏 分享 邀请

最新评论

相关分类

QQ|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )

GMT+8, 2024-9-29 11:22 , Processed in 0.297437 second(s), 12 queries , Gzip On, MemCache On.

Powered by Discuz! X3.5

© 2001-2023 Discuz! Team.

返回顶部