某商业软件USB加密狗破解精华
为了保证商业软件的利益,只列出核心部分的加密狗破解方法,抛砖引玉。0041EE20 64:A1 00000000mov eax, dword ptr fs:
0041EE26 6A FF push -0x1
0041EE28 68 38014800 push 00480138
0041EE2D 50 push eax
0041EE2E 64:8925 0000000>mov dword ptr fs:, esp
0041EE35 83EC 10 sub esp, 0x10
0041EE38 E8 A25FFEFF call 00404DDF
0041EE3D 85C0 test eax, eax
0041EE3F 0F85 A1000000 jnz 0041EEE6
0041EE45 8D4424 04 lea eax, dword ptr
0041EE49 C605 3C834A00 0>mov byte ptr , 0x0
0041EE50 A3 38834A00 mov dword ptr , eax
0041EE55 66:C705 4E834A0>mov word ptr , 0x4
0041EE5E 66:C705 4C834A0>mov word ptr , 0x0
0041EE67 E8 8C5FFEFF call 00404DF8 //读狗
0041EE6C 85C0 test eax, eax //判断加密狗是否存在
0041EE6E 74 76 je short 0041EEE6//存在就跳转,不存在就 往下执行
0041EE70 56 push esi
0041EE71 68 B84B4A00 push 004A4BB8 ; sys.inipathsetting192.168.0.2%d.%d.%d.%d0.0.0.0arkcg-hdplay
0041EE76 6A 00 push 0x0
0041EE78 68 A84B4A00 push 004A4BA8 ; capturetimes
0041EE7D 68 303F4A00 push 004A3F30 ; capturetime
0041EE82 FF15 E0A14800 call dword ptr [<&KERNEL32.GetPrivate>; kernel32.GetPrivateProfileIntA
0041EE88 8D4C24 04 lea ecx, dword ptr
0041EE8C 8BF0 mov esi, eax
0041EE8E E8 EFC50500 call <jmp.&MFC42.#CString::CString_54>
0041EE93 B9 01000000 mov ecx, 0x1
0041EE98 8D5424 04 lea edx, dword ptr
0041EE9C 2BCE sub ecx, esi
0041EE9E C74424 1C 00000>mov dword ptr , 0x0
0041EEA6 51 push ecx
0041EEA7 68 2C394A00 push 004A392C ; %d
0041EEAC 52 push edx
0041EEAD E8 4EC60500 call <jmp.&MFC42.#CString::Format_281>
0041EEB2 8B4424 10 mov eax, dword ptr
0041EEB6 83C4 0C add esp, 0xC
0041EEB9 68 B84B4A00 push 004A4BB8 ; sys.inipathsetting192.168.0.2%d.%d.%d.%d0.0.0.0arkcg-hdplay
0041EEBE 50 push eax
0041EEBF 68 A84B4A00 push 004A4BA8 ; capturetimes
0041EEC4 68 303F4A00 push 004A3F30 ; capturetime
0041EEC9 FF15 C8A14800 call dword ptr [<&KERNEL32.WritePriva>; kernel32.WritePrivateProfileStringA
0041EECF 6A 00 push 0x0
0041EED1 6A 00 push 0x0
0041EED3 68 9C4C4A00 push 004A4C9C ; //提示加密狗没有插好,请重新插入
0041EED8 E8 2BC70500 call <jmp.&MFC42.#AfxMessageBox_1200>
0041EEDD 6A 00 push 0x0
0041EEDF FF15 A4AB4800 call dword ptr [<&MSVCRT.exit>] ; msvcrt.exit //退出程序
0041EEE5 5E pop esi
0041EEE6 8B4C24 10 mov ecx, dword ptr
0041EEEA 64:890D 0000000>mov dword ptr fs:, ecx
0041EEF1 83C4 1C add esp, 0x1C
0041EEF4 C3 retn
页:
[1]