电话:0755-83262381 / 83048995
Email. pcbsoft@126.com
QQ: 1023382374 2206181463
手机: 13480151328
商务中心:深圳市龙岗区坂田布龙路168号富豪花园荣兴商务中心302室(地铁环中线坂田站A出口,坂雪岗大道与布龙路交汇处)
数字报纸制作软件彩虹加密狗破解全过程如下:
这是一个数字报纸制作软件,用的是彩虹加密狗。PEID检测为Microsoft Visual C++ 6.0,无壳。
用OD加载,中断在程序入口:
004D4740
>/$ 55 push ebp ; (initial cpu selection)
004D4741 |.
8BEC mov ebp,esp
004D4743 |. 6A
FF push -0x1
004D4745 |. 68
D87F4E00 push 51Crack.004E7FD8
004D474A |. 68
1C494D00 push
<jmp.&MSVCRT._except_handler3>
; SE 处理程序安装
004D474F |.
64:A1 0000000>mov eax,dword ptr fs:[0]
004D4755 |.
50 push eax
004D4756 |.
64:8925 00000>mov dword ptr fs:[0],esp
004D475D |.
83EC 68 sub esp,0x68
004D4760 |.
53 push ebx
004D4761 |.
56 push esi
下面开始查找打开加密狗、检测加密狗、写加密狗函数代码:
004326E1 |.
FF15 70BB4D00 call dword ptr ds:[<&MSVCRT.clock>] ;
msvcrt.clock
004326E7 |.
50 push eax ; /seed
004326E8 |.
FF15 74BB4D00 call dword ptr ds:[<&MSVCRT.srand>] ; \srand
004326EE |.
83C4 04 add esp,0x4
004326F1 |.
FF15 00BB4D00 call dword ptr ds:[<&MSVCRT.rand>] ; [rand
004326F7 |.
69C0 FFFF0000 imul eax,eax,0xFFFF
004326FD |.
8945 F8 mov [local.2],eax
00432700 |.
8B45 F8 mov eax,[local.2]
00432703 |.
50 push eax
00432704 |. E8
3D130A00 call <jmp.&check.Lock32_Function> //检测加密狗是否存在
00432709 |.
8945 F4 mov [local.3],eax
0043270C |.
837D F4 04 cmp [local.3],0x4
00432710 |. 75
16 jnz short
51Crack.00432728 //加密狗破解关键点一
00432712 |. 6A
00 push 0x0
00432714 |. 6A
00 push 0x0
继续查找:
00432190 |. /7D 5D |jge short 51Crack.004321EF
00432192 |. |8D8D B8FAFFFF |lea ecx,[local.338]
00432198 |. |51 |push ecx
00432199 |. |8B95 F4A4FFFF |mov edx,[local.5827]
0043219F |. |52 |push edx
004321A0 |. |E8 9B180A00 |call <jmp.&check.ReadLock> //读取加密狗函数
004321A5 |. |8B8D F4A4FFFF |mov ecx,[local.5827]
004321AB |. |8B95 E8FEFFFF |mov edx,[local.70]
004321B1 |. |89048A |mov dword ptr ds:[edx+ecx*4],eax
004321B4 |. |8B85 F4A4FFFF |mov eax,[local.5827]
004321BA |. |8B8D E8FEFFFF |mov ecx,[local.70]
004321C0 |. |833C81 00 |cmp dword ptr ds:[ecx+eax*4],0x0
004321C4 |. |75 27 |jnz short 51Crack.004321ED //加密狗破解关键点二
004321C6 |. |C785 ACA4FFFF>|mov [local.5845],-0x3
004321D0 |. |C745 FC FFFFF>|mov [local.1],-0x1
004321D7 |. |8D8D B4FAFFFF |lea ecx,[local.339]
004321DD |. |E8 A2190A00 |call
<jmp.&MFC42.#CString::~CString_800>
004321E2 |. |8B85 ACA4FFFF |mov eax,[local.5845]
004321E8 |. |E9 38010000 |jmp 51Crack.00432325
004321ED |>^|EB 8B \jmp short 51Crack.0043217A
004321EF |> \6A 12 push 0x12 ; /n = 12 (18.)
004321F1 |. 6A
00 push 0x0 ; |c = 00
004321F3 |.
8D95 A0FAFFFF lea edx,[local.344] ; |
004321F9 |.
52 push edx ; |s
004321FA |. E8
D5220A00 call
<jmp.&MSVCRT.memset>
; \memset
打开加密狗函数:
00391110
> 8B4424 04 mov eax,dword ptr ss:[esp+0x4]
00391114 B9 40B33A00 mov ecx,cdll5.003AB340
00391119 50 push eax
0039111A E8 51010000 call cdll5.00391270
0039111F C2 0400 retn 0x4
读取加密狗数据:
00391130
> 51 push ecx
00391131 8B4424 0C mov eax,dword ptr ss:[esp+0xC]
00391135 8B5424 08 mov edx,dword ptr ss:[esp+0x8]
00391139 8D4C24 00 lea ecx,dword ptr ss:[esp]
0039113D 50 push eax
0039113E 51 push ecx
0039113F
52 push edx
00391140 B9 40B33A00 mov ecx,cdll5.003AB340
00391145 C74424 0C 00000>mov dword ptr
ss:[esp+0xC],0x0
0039114D E8 BE010000 call cdll5.00391310
00391152 8B4424 00 mov eax,dword ptr ss:[esp]
00391156 59 pop ecx
00391157 C2 0800 retn 0x8
写加密狗函数:
00391180
> 8B4424 10 mov eax,dword ptr ss:[esp+0x10]
00391184 8B4C24 0C mov ecx,dword ptr ss:[esp+0xC]
00391188 56 push esi
00391189 8B7424 08 mov esi,dword ptr ss:[esp+0x8]
0039118D 50 push eax
0039118E 8D5424 10 lea edx,dword ptr ss:[esp+0x10]
00391192 51 push ecx
00391193 52 push edx
00391194 56 push esi
00391195 B9 40B33A00 mov ecx,cdll5.003AB340
0039119A E8 91010000 call cdll5.00391330
0039119F 8BCE mov ecx,esi
003911A1 5E pop esi
003911A2 83E9 00 sub ecx,0x0
003911A5 74 0A je short cdll5.003911B1
003911A7 83E9 06 sub ecx,0x6
003911AA 74 05 je short cdll5.003911B1
003911AC 83E9 02 sub ecx,0x2
003911AF 75 04 jnz short cdll5.003911B5
003911B1 8B4424 08 mov eax,dword ptr ss:[esp+0x8]
003911B5 C2 1000 retn 0x10
继续查找读取加密狗的代码,继续修改代码……通过相同的方法,经过多次修改,程序可以正常运行,加密狗破解完美成功!