软件名:文件夹加锁王 2005 V5.31 钻石版
软件大小: 3749 KB
软件语言: 简体中文
软件类别: 国产软件 / 共享版 / 加密工具
应用平台: Win9x/NT/2000/XP
软件下载:http://www.skycn.com/soft/20687.html
使用工具: peid,w32dasm,olldbg,keymake
学习目的:学习olldbg动态跟踪程序,寻找注册码。这里没有研究软件算法,其实现在我还不懂算法。
破解声明:其实我也很菜:-)
详细破解过程:
peid查软件得知该软件加了壳。版本是:ASPack 2.12 .用AspackDie成功脱壳后再次用peid查软件得知是:delphi 6.0-7.0 。再看下软件注册方式。输入错误注册码会有"你输入的注册码不正确,请重新输入或与软件作者联系!" 这就是软件的漏洞啦。正常来说,如果是delphi编的软件都会用dede反汇编,我却用w32dasm反汇编了。呵
Cracking!!!
先关闭程序,用w32dasm反汇编程序,查找"你输入的注册码不正确,请重新输入或与软件作者联系!"漏洞提示,找到如下地方。
..............................................................
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004CAFD4(C)
|
:004CB041 8D55F4 lea edx, dword ptr [ebp-0C]
:004CB044 8B8324030000 mov eax, dword ptr [ebx+00000324]
:004CB04A E8515DF7FF call 00440DA0
:004CB04F 8B45F4 mov eax, dword ptr [ebp-0C]
:004CB052 50 push eax
:004CB053 8D55F0 lea edx, dword ptr [ebp-10]
:004CB056 8B8310030000 mov eax, dword ptr [ebx+00000310]
:004CB05C E83F5DF7FF call 00440DA0
:004CB061 8B55F0 mov edx, dword ptr [ebp-10]
:004CB064 8B8320030000 mov eax, dword ptr [ebx+00000320]
:004CB06A 59 pop ecx
:004CB06B E834EFFFFF call 004C9FA4 <-------这就是关健call啦
:004CB070 84C0 test al, al
:004CB072 752C jne 004CB0A0 <-----------关健跳
:004CB074 8D45FC lea eax, dword ptr [ebp-04]
* Possible StringData Ref from Code Obj ->"您输入的注册码不正确,请重新输入或者与软件作者?
->"担?
|
:004CB077 BA40B14C00 mov edx, 004CB140
:004CB07C E8BF97F3FF call 00404840
:004CB081 6A40 push 00000040
:004CB083 8B45FC mov eax, dword ptr [ebp-04]
:004CB086 E8CD9BF3FF call 00404C58
:004CB08B 8BD0 mov edx, eax
* Possible StringData Ref from Code Obj ->"提示信息"
|
:004CB08D B974B14C00 mov ecx, 004CB174
:004CB092 A138054E00 mov eax, dword ptr [004E0538]
:004CB097 8B00 mov eax, dword ptr [eax]
:004CB099 E8BE5CF9FF call 00460D5C
:004CB09E EB68 jmp 004CB108
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004CB072(C)
|
* Possible StringData Ref from Code Obj ->"注册成功!
注册信息为:
用户姓名:"
|
:004CB0A0 6888B14C00 push 004CB188
:004CB0A5 8BB320030000 mov esi, dword ptr [ebx+00000320]
:004CB0AB FF7648 push [esi+48]
:004CB0AE 68B4B14C00 push 004CB1B4
* Possible StringData Ref from Code Obj ->"公 司:"
|
:004CB0B3 68C0B14C00 push 004CB1C0
:004CB0B8 FF7654 push [esi+54]
:004CB0BB 68B4B14C00 push 004CB1B4
* Possible StringData Ref from Code Obj ->"授权密码:"
|
:004CB0C0 68D4B14C00 push 004CB1D4
:004CB0C5 FF765C push [esi+5C]
:004CB0C8 68B4B14C00 push 004CB1B4
* Possible StringData Ref from Code Obj ->"感谢您对我们的支持!请重新启动软件以验证注册码"
->"。"
|
:004CB0CD 68E8B14C00 push 004CB1E8
:004CB0D2 8D45FC lea eax, dword ptr [ebp-04]
:004CB0D5 BA0A000000 mov edx, 0000000A
:004CB0DA E8419AF3FF call 00404B20
:004CB0DF 6A40 push 00000040
:004CB0E1 8B45FC mov eax, dword ptr [ebp-04]
:004CB0E4 E86F9BF3FF call 00404C58
:004CB0E9 8BD0 mov edx, eax
* Possible StringData Ref from Code Obj ->"提示信息"
|
:004CB0EB B974B14C00 mov ecx, 004CB174
:004CB0F0 A138054E00 mov eax, dword ptr [004E0538]
:004CB0F5 8B00 mov eax, dword ptr [eax]
:004CB0F7 E8605CF9FF call 004