SWF探索者(SWFExplorer)XP V1.11.2002.326 破解过程--IT学习网—




庞大资源库的计算机教程网站！

		设为首页加入收藏总编信箱
投稿或申请专栏请先 [登陆]

首页	┊操作系统	┊程序设计	┊图形图像	┊媒体动画	┊机械电子	┊WEB开发	┊数据库	┊办公系列	┊路由技术	┊网络原理	┊网络应用┊
	┊认证考试	┊安全技术	┊

		首页>安全技术>软件破解>原理分析>正文

资料搜索

Google搜索


	▍返回上级列表

SWF探索者(SWFExplorer)XP V1.11.2002.326 破解过程

作者：本站收集日期：2005-6-1

字号选择〖大中小〗/ 双击滚屏单击停止

SWF探索者(SWFExplorer)XP V1.11.2002.326 破解过程

破解撰写：leeyam[BCG]

运行该程序，随意输入注册信息，提示需要重新启动软件验证注册码。
判断该程序先将输入的注册码存放某个位置，然后启动时调用！
用Language发现是用PECompact加的壳，用UnPECompact自动脱壳。再用PEditor载入脱壳后的程序，选择"sections"修改Pec1为.data。然后利用W32Dasm反编，查找字串，发现程序会调用注册表，双击进入第一个调入：
* Possible StringData Ref from Data Obj ->"Software\SWFExplorer"
|
:004B4CF4 BA804E4B00 mov edx, 004B4E80
:004B4CF9 A1F8ED4B00 mov eax, dword ptr [004BEDF8]
:004B4CFE E86DCEFBFF call 00471B70
:004B4D03 8D4DF4 lea ecx, dword ptr [ebp-0C]

* Possible StringData Ref from Data Obj ->"UserName"
|
:004B4D06 BAA04E4B00 mov edx, 004B4EA0
:004B4D0B A1F8ED4B00 mov eax, dword ptr [004BEDF8]
:004B4D10 E823D0FBFF call 00471D38
:004B4D15 8B55F4 mov edx, dword ptr [ebp-0C]
:004B4D18 B8E8ED4B00 mov eax, 004BEDE8
:004B4D1D E8B2F8F4FF call 004045D4
:004B4D22 8D4DF0 lea ecx, dword ptr [ebp-10]

* Possible StringData Ref from Data Obj ->"RegCode"
|
:004B4D25 BAB44E4B00 mov edx, 004B4EB4
:004B4D2A A1F8ED4B00 mov eax, dword ptr [004BEDF8]
:004B4D2F E804D0FBFF call 00471D38
:004B4D34 8B55F0 mov edx, dword ptr [ebp-10]
:004B4D37 B8ECED4B00 mov eax, 004BEDEC
:004B4D3C E893F8F4FF call 004045D4
:004B4D41 A1F8ED4B00 mov eax, dword ptr [004BEDF8]
:004B4D46 E891CDFBFF call 00471ADC
:004B4D4B B101 mov cl, 01

* Possible StringData Ref from Data Obj ->"Software\SWFExplorer"
|
:004B4D4D BA804E4B00 mov edx, 004B4E80
:004B4D52 A1F8ED4B00 mov eax, dword ptr [004BEDF8]
:004B4D57 E814CEFBFF call 00471B70

* Possible StringData Ref from Data Obj ->"TrialDate"
|
:004B4D5C BAC44E4B00 mov edx, 004B4EC4
:004B4D61 A1F8ED4B00 mov eax, dword ptr [004BEDF8]
:004B4D66 E891D1FBFF call 00471EFC
:004B4D6B 84C0 test al, al
:004B4D6D 751B jne 004B4D8A
:004B4D6F E87C5AF5FF call 0040A7F0
:004B4D74 83C4F8 add esp, FFFFFFF8
:004B4D77 DD1C24 fstp qword ptr [esp]
:004B4D7A 9B wait

* Possible StringData Ref from Data Obj ->"TrialDate"
|
:004B4D7B BAC44E4B00 mov edx, 004B4EC4
:004B4D80 A1F8ED4B00 mov eax, dword ptr [004BEDF8]
:004B4D85 E86ED0FBFF call 00471DF8

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B4D6D(C)
|

* Possible StringData Ref from Data Obj ->"TrialDate"
|
:004B4D8A BAC44E4B00 mov edx, 004B4EC4
:004B4D8F A1F8ED4B00 mov eax, dword ptr [004BEDF8]
:004B4D94 E873D0FBFF call 00471E0C
:004B4D99 DD5DE8 fstp qword ptr [ebp-18]
:004B4D9C 9B wait
:004B4D9D E84E5AF5FF call 0040A7F0
:004B4DA2 DC5DE8 fcomp qword ptr [ebp-18]
:004B4DA5 DFE0 fstsw ax
:004B4DA7 9E sahf
:004B4DA8 7236 jb 004B4DE0
:004B4DAA E8415AF5FF call 0040A7F0
:004B4DAF 83C4F8 add esp, FFFFFFF8
:004B4DB2 DD1C24 fstp qword ptr [esp]
:004B4DB5 9B wait

* Possible StringData Ref from Data Obj ->"TrialDate"
|
:004B4DB6 BAC44E4B00 mov edx, 004B4EC4
:004B4DBB A1F8ED4B00 mov eax, dword ptr [004BEDF8]
:004B4DC0 E847D0FBFF call 00471E0C
:004B4DC5 83C4F8 add esp, FFFFFFF8
:004B4DC8 DD1C24 fstp qword ptr [esp]
:004B4DCB 9B wait
:004B4DCC E88F0CFFFF call 004A5A60
:004B4DD1 BA1E000000 mov edx, 0000001E
:004B4DD6 2BD0 sub edx, eax
:004B4DD8 8915F0ED4B00 mov dword ptr [004BEDF0], edx
:004B4DDE EB07 jmp 004B4DE7

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B4DA8(C)
|
:004B4DE0 33C0 xor eax, eax
:004B4DE2 A3F0ED4B00 mov dword ptr [004BEDF0], eax

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B4DDE(U)
|
:004B4DE7 33C0 xor eax, eax
:004B4DE9 5A pop edx
:004B4DEA 59 pop ecx
:004B4DEB 59 pop ecx
:004B4DEC 648910 mov dword ptr fs:[eax], edx
:004B4DEF 68064E4B00 push 004B4E06

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B4E04(U)
|
:004B4DF4 A1F8ED4B00 mov eax, dword ptr [004BEDF8]
:004B4DF9 E816EAF4FF call 00403814
:004B4DFE C3 ret

:004B4DFF E9A4F1F4FF jmp 00403FA8
:004B4E04 EBEE jmp 004B4DF4
:004B4E06 8D45E0 lea eax, dword ptr [ebp-20]

* Possible StringData Ref from Data Obj ->"1.2.2002.326"
|
:004B4E09 BAD84E4B00 mov edx, 004B4ED8
:004B4E0E 8A12 mov dl, byte ptr [edx]
:004B4E10 E84BF9F4FF call 00404760
:004B4E15 8B45E0 mov eax, dword ptr [ebp-20]
:004B4E18 50 push eax
:004B4E19 8D45E4 lea eax, dword ptr [ebp-1C]
:004B4E1C 50 push eax

* Possible StringData Ref from Data Obj ->"SWFExplorer"
|
:004B4E1D B9F04E4B00 mov ecx, 004B4EF0

* Possible StringData Ref from Data Obj ->"Cloud Lee"
|
:004B4E22 BA044F4B00 mov edx, 004B4F04
:004B4E27 A1E8ED4B00 mov eax, dword ptr [004BEDE8]
:004B4E2C E8DFF9FFFF call 004B4810
:004B4E31 8B55E4 mov edx, dword ptr [ebp-1C]…………………………调入真码
:004B4E34 A1ECED4B00 mov eax, dword ptr [004BEDEC]…………………………调入假码
:004B4E39 E83EFBF4FF call 0040497C…………………………比较
:004B4E3E 0F9405E0ED4B00 sete byte ptr [004BEDE0]

看到这里眼前一亮，发现上面004B4E39的Call可疑，于是开始用TRW2000直接下中断bpx 4b4e39 顺利拦截，D edx 看见真码。

上一篇：NetMoles Downloader Full 2.4 算法分析下一篇：精灵画笔之大天使V3.82 算法分析

[发送给好友] [关闭窗口] [返回顶部] 转载请注明来源：www.it00.com


	特别声明：本站除部分特别声明禁止转载的专稿外的其他文章可以自由转载，但请务必注明出处和原始作者。文章版权归文章原始作者所有。对于被本站转载文章的个人和网站，我们表示深深的谢意。如果本站转载的文章有版权问题请联系编辑人员，我们尽快予以更正。

	责任编辑：原点	投稿作者：本站收集
	信息来源：网络	录入时间： 2005-6-1

关于我们 - 广告服务 - 版权申明 - 网站地图 - 联系方式 - 总编信箱 - 会员投稿



		Copyright ©2005 - 2008 IT00.COM，All Rights Reserved