某制图软件域天加密狗破解过程

合集下载
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

某制图软件域天加密狗破解过程

--------------------------------------------------------------------------------

来源: 发布时间: 2011-9-20 22:08:30 浏览: 7


这是一个商业软件,具体名称就不写出来了,主要用于企事业单位的网络图形化设计,在没有加密狗的情况下软件有功能限制,一个工程最多只能保存800个节点,再添加节点就无法保存了。对一般的小企业是足够了,如果碰上大的单位,这个限制就使用该软件无法胜任。经过软件跟踪发现,该软件用的是域天加密狗。

用PEID检测,提示为Microsoft Visual Basic 5.0 / 6.0。

用OD加载:

00423C24 > $ 68 883F4200 push VisualNe.00423F88 ; ASCII "VB5!

6&vb6chs.dll"

00423C29 . E8 F0FFFFFF call

00423C2E . 0000 add byte ptr ds:[eax],al

00423C30 . 0000 add byte ptr ds:[eax],al

00423C32 . 0000 add byte ptr ds:[eax],al

00423C34 . 3000 xor byte ptr ds:[eax],al

00423C36 . 0000 add byte ptr ds:[eax],al



由于软件只是在节点数达到800的时候才无法保存工程,所以我们只需要找到保存文件的函数:

0103E179 . 66:8985 CCFEF>mov word ptr ss:[ebp-0x134],ax

0103E180 . 8D4D D8 lea ecx,dword ptr ss:[ebp-0x28]

0103E183 . FF15 30144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr

0103E189 . 8D4D A8 lea ecx,dword ptr ss:[ebp-0x58]

0103E18C . FF15 2C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVar

0103E192 . 0FBF8D CCFEFF>movsx ecx,word ptr ss:[ebp-0x134]

0103E199 . 85C9 test ecx,ecx

0103E19B . 0F84 B7130000 je VisualNe.0103F558 //加密狗破解关键跳转,NOP掉

0103E1A1 . C745 FC 1B000>mov dword ptr ss:[ebp-0x4],0x1B

0103E1A8 . 6A 00 push 0x0

0103E1AA . 6A 01 push 0x1

0103E1AC . 8B95 B4FEFFFF mov edx,dword ptr ss:[ebp-0x14C]

0103E1B2 . 52 push edx

0103E1B3 . 8D45 A8 lea eax,dword ptr ss:[ebp-0x58]

0103E1B6 . 50 push eax

0103E1B7 . FF15 08124000 call dword ptr ds:[<&MSVBVM60.__vbaLateI>;


MSVBVM60.__vbaLateIdCallLd

0103E1BD . 83C4 10 add esp,0x10

0103E1C0 . 50 push eax

0103E1C1 . FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVa>;


MSVBVM60.__vbaStrVarMove

0103E1C7 . 8945 A0 mov dword ptr ss:[ebp-0x60],eax

0103E1CA . C745 98 08000>mov dword ptr ss:[ebp-0x68],0x8

0103E1D1 . 6A 00 push 0x0

0103E1D3 . 8D4D 98 lea ecx,dword ptr ss:[ebp-0x68]

0103E1D6 . 51 push ecx

0103E1D7 . FF15 DC124000 call dword ptr ds:[<&MSVBVM60.#645>] ; MSVBVM60.rtcDir

0103E1DD . 8BD0 mov edx,eax

0103E1DF . 8D4D D8 lea ecx,dword ptr ss:[ebp-0x28]

0103E1E2 . FF15 CC134000 call dword p

tr ds:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove

0103E1E8 . 50 push eax

0103E1E9 . 68 883E4500 push VisualNe.00453E88

0103E1EE . FF15 AC114000 call dword ptr ds:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp

0103E1F4 . F7D8 neg eax

0103E1F6 . 1BC0 sbb eax,eax

0103E1F8 . F7D8 neg eax

0103E1FA . F7D8 neg eax

0103E1FC . 66:8985 CCFEF>mov word ptr ss:[ebp-0x134],ax

0103E203 . 8D4D D8 lea ecx,dword ptr ss:[ebp-0x28]

0103E206 . FF15 30144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr

0103E20C . 8D55 98 lea edx,dword ptr ss:[ebp-0x68]

0103E20F . 52 push edx

0103E210 . 8D45 A8 lea eax,dword ptr ss:[ebp-0x58]

0103E213 . 50 push eax

0103E214 . 6A 02 push 0x2

0103E216 . FF15 4C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;


MSVBVM60.__vbaFreeVarList

0103E21C . 83C4 0C add esp,0xC

0103E21F . 0FBF8D CCFEFF>movsx ecx,word ptr ss:[ebp-0x134]

0103E226 . 85C9 test ecx,ecx

0103E228 . 0F84 DD030000 je VisualNe.0103E60B //加密狗破解关键点,NOP掉

0103E22E . C745 FC 1C000>mov dword ptr ss:[ebp-0x4],0x1C

0103E235 . C745 80 04000>mov dword ptr ss:[ebp-0x80],0x80020004

0103E23C . C785 78FFFFFF>mov dword ptr ss:[ebp-0x88],0xA

0103E246 . C745 90 04000>mov dword ptr ss:[ebp-0x70],0x80020004

0103E24D . C745 88 0A000>mov dword ptr ss:[ebp-0x78],0xA

0103E254 . C745 A0 04000>mov dword ptr ss:[ebp-0x60],0x80020004

0103E25B . C745 98 0A000>mov dword ptr ss:[ebp-0x68],0xA

0103E262 . C785 70FFFFFF>mov dword ptr ss:[ebp-0x90],VisualNe.004>

0103E26C . C785 68FFFFFF>mov dword ptr ss:[ebp-0x98],0x8

0103E276 . 8D95 68FFFFFF lea edx,dword ptr ss:[ebp-0x98]

0103E27C . 8D4D A8 lea ecx,dword ptr ss:[ebp-0x58]

0103E27F . FF15 80134000 call dword ptr ds:[<&MSVBVM60.__vbaVarDu>; MSVBVM60.__vbaVarDup

0103E285 . 8D95 78FFFFFF lea edx,dword ptr ss:[ebp-0x88]

0103E28B . 52 push edx

0103E28C . 8D45 88 lea eax,dword ptr ss:[ebp-0x78]

0103E28F . 50 push eax

0103E290 . 8D4D 98 lea ecx,dword ptr ss:[ebp-0x68]

0103E293 . 51 push ecx

0103E294 . 6A 44 push 0x44

0103E296 . 8D55 A8 lea edx,dword ptr ss:[ebp-0x58]

0103E299 . 52 push edx

0103E29A . FF15 08114000 call dword ptr ds:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox

0103E2A0 . 33C9 xor ecx,ecx

0103E2A2 . 83F8 06 cmp eax,0x6

0103E2A5 . 0F94C1 sete cl

0103E2A8 . F7D9 neg ecx

0103E2AA . 66:898D CCFEF>mov word ptr ss:[ebp-0x134],cx

0103E2B1 . 8D95 78FFFFFF lea edx,dword ptr ss:[ebp-0x88]

0103E2B7 . 52 push edx

0103E2B8 . 8D45 88 lea eax,dword ptr ss:[ebp-0x78]

0103E2BB .

50 push eax

0103E2BC . 8D4D 98 lea ecx,dword ptr ss:[ebp-0x68]

0103E2BF . 51 push ecx

0103E2C0 . 8D55 A8 lea edx,dword ptr ss:[ebp-0x58]

0103E2C3 . 52 push edx

0103E2C4 . 6A 04 push 0x4

0103E2C6 . FF15 4C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;


MSVBVM60.__vbaFreeVarList

0103E2CC . 83C4 14 add esp,0x14

0103E2CF . 0FBF85 CCFEFF>movsx eax,word ptr ss:[ebp-0x134]

0103E2D6 . 85C0 test eax,eax

0103E2D8 . 0F84 93020000 je VisualNe.0103E571 //加密狗破解关键点,需要修改

0103E2DE . C745 FC 1D000>mov dword ptr ss:[ebp-0x4],0x1D

0103E2E5 . 833D 18832101>cmp dword ptr ds:[0x1218318],0x0

0103E2EC . 75 1C jnz short VisualNe.0103E30A

0103E2EE . 68 18832101 push VisualNe.01218318

0103E2F3 . 68 68494500 push VisualNe.00454968

0103E2F8 . FF15 04134000 call dword ptr ds:[<&MSVBVM60.__vbaNew2>>; MSVBVM60.__vbaNew2

0103E2FE . C785 78FEFFFF>mov dword ptr ss:[ebp-0x188],VisualNe.01>

0103E308 . EB 0A jmp short VisualNe.0103E314

0103E30A > C785 78FEFFFF>mov dword ptr ss:[ebp-0x188],VisualNe.01>

0103E314 > 8B8D 78FEFFFF mov ecx,dword ptr ss:[ebp-0x188]

0103E31A . 8B11 mov edx,dword ptr ds:[ecx]

0103E31C . 8995 CCFEFFFF mov dword ptr ss:[ebp-0x134],edx

0103E322 . 8D45 C4 lea eax,dword ptr ss:[ebp-0x3C]

0103E325 . 50 push eax

0103E326 . 8B8D CCFEFFFF mov ecx,dword ptr ss:[ebp-0x134]

0103E32C . 8B11 mov edx,dword ptr ds:[ecx]

0103E32E . 8B85 CCFEFFFF mov eax,dword ptr ss:[ebp-0x134]

0103E334 . 50 push eax

0103E335 . FF52 18 call dword ptr ds:[edx+0x18]





通过修改以上三处位置,彩虹加密狗破解就成功了,试用破解后的软件,没有发现任何BUG,加密狗破解完美成功!!!





--------------------------------------------------------------------------------

【 关闭窗口 】


相关文档
最新文档