[转载]注册“护花使者V2.0” FOR 菜鸟破文
<P>文章作者:qduwg</P><P><FONT face=宋体>软件简介:功能想必大家都知道了!为了孩子创造一个良好的上网环境,软件设置对各种垃圾的屏蔽,并记录最近浏览的内容供家长查阅。试用了一下还觉得不错。保护祖国的花朵,使孩子远离网上的各种垃圾信息,是每个人的责任!<BR>破解目的:分析注册码算法<BR>工具:Softice,OD,Casper,PEID<BR>声明:由于本人目前没有条件获得比较新的软件来练手,所以,净搞了些以前的老软件来练手,希望大家谅解。不要取笑于俺!我也没有办法!:)<BR>引子:今天抽空又安装实验了这个“护花使者”软件,这个软件短小精悍,脱壳后才800KB。PEID查看一下,这个软件用Aspack1.07b加壳,用Casper脱壳成功。下面的代码是用OD打开后拷贝下来的。运行这个软件,该软件帮助说没有注册的话监护人无法设置密码,岂不是开玩笑?我们现在就注册了它。启动程序,弹出注册界面,输入用户名wanggang,输入注册码654321。调出SOFTICE(怎么又是SOFTICE??我现在只对这个比较上手点。)设置断点bpxhmemcpy,F5退出,然后点击“确定”按钮,被拦截。然后按7次F12来到主程序空间。然后按F10跟踪到如下代码处:<BR>00492F2A|.E8B5BEF9FFCALLIFLOWER1.0042EDE4<BR>00492F2F|.8B45FCMOVEAX,DWORDPTRSS:[EBP-4]//我们返回到这里。EAX保存假码的地址。<BR>00492F32|.50PUSHEAX;IFLOWER1.<ModuleEntryPoint><BR>00492F33|.8D45F8LEAEAX,DWORDPTRSS:[EBP-8]<BR>00492F36|.E88523FCFFCALLIFLOWER1.004552C0//这个函数是关键目标。--------(*)<BR>00492F3B|.8B55F8MOVEDX,DWORDPTRSS:[EBP-8];KERNEL32.BFF79138<BR>00492F3E|.58POPEAX;KERNEL32.BFF8B86C<BR>00492F3F|.E81810F7FFCALLIFLOWER1.00403F5C//比较真假码的函数。<BR>00492F44|.7505JNZSHORTIFLOWER1.00492F4B//如果不相等则OVER。<BR>==================================================================<BR>下面我们跟入(*)处的函数看看到底有什么好玩的地方。<BR>004552C0/$55PUSHEBP<BR>004552C1|.8BECMOVEBP,ESP<BR>004552C3|.81C4F4FDFFFFADDESP,-20C<BR>004552C9|.53PUSHEBX<BR>004552CA|.56PUSHESI<BR>004552CB|.57PUSHEDI<BR>004552CC|.8BF8MOVEDI,EAX<BR>004552CE|.C745FCD20400>MOVDWORDPTRSS:[EBP-4],4D2<BR>004552D5|.68FF000000PUSH0FF<BR>004552DA|.8D85F4FDFFFFLEAEAX,DWORDPTRSS:[EBP-20C]<BR>004552E0|.50PUSHEAX<BR>004552E1|.8D45F4LEAEAX,DWORDPTRSS:[EBP-C]<BR>004552E4|.50PUSHEAX<BR>004552E5|.8D45F8LEAEAX,DWORDPTRSS:[EBP-8]<BR>004552E8|.50PUSHEAX<BR>004552E9|.8D45FCLEAEAX,DWORDPTRSS:[EBP-4]<BR>004552EC|.50PUSHEAX<BR>004552ED|.68FF000000PUSH0FF<BR>004552F2|.8D85F4FEFFFFLEAEAX,DWORDPTRSS:[EBP-10C]<BR>004552F8|.50PUSHEAX<BR>004552F9|.684C534500PUSHIFLOWER1.0045534C<BR>004552FE|.E8F917FBFFCALL<JMP.&kernel32.GetVolumeInformation>//这个函数取硬盘系列号。<BR>00455303|.8B45FCMOVEAX,DWORDPTRSS:[EBP-4]//系列号保存到EAX内。我的硬盘号为844DBF96.<BR>00455306|.05E1100000ADDEAX,10E1//硬盘号加10E1h。<BR>0045530B|.6BC00DIMULEAX,EAX,0D//EAX乘以0Dh。<BR>0045530E|.B907000000MOVECX,7<BR>00455313|.33D2XOREDX,EDX<BR>00455315|.F7F1DIVECX//EAX除以ECX内的7。<BR>00455317|.8BD8MOVEBX,EAX//商送EBX保存。<BR>00455319|.8B45FCMOVEAX,DWORDPTRSS:[EBP-4]//硬盘号送EAX。<BR>0045531C|.2DD2040000SUBEAX,4D2//硬盘号减去4D2h。即10进制的1234。<BR>00455321|.8BD0MOVEDX,EAX//结果送EDX保存。<BR>00455323|.C1E003SHLEAX,3//EAX值左移3次,相当于乘以8。<BR>00455326|.2BC2SUBEAX,EDX//移位后的EAX减去EDX。<BR>00455328|.B90D000000MOVECX,0D//ECX=Dh。<BR>0045532D|.33D2XOREDX,EDX<BR>0045532F|.F7F1DIVECX//EAX除以ECX。<BR>00455331|.8BF0MOVESI,EAX//EAX送ESI保存。<BR>00455333|.8BCFMOVECX,EDI<BR>00455335|.8D141ELEAEDX,DWORDPTRDS:[ESI+EBX]//EDX=ESI+EBX。ESI为前面除以D的商,EBX为前面除以7的商。<BR>00455338|.B858534500MOVEAX,IFLOWER1.00455358<BR>0045533D|.E89E060000CALLIFLOWER1.004559E0//这个函数里面精彩太多。(**)<BR>00455342|.5FPOPEDI<BR>00455343|.5EPOPESI<BR>00455344|.5BPOPEBX<BR>00455345|.8BE5MOVESP,EBP<BR>00455347|.5DPOPEBP<BR>00455348\.C3RETN<BR>=================================================================<BR>下面分析(**)函数,代码如下:<BR>004559E0/$55PUSHEBP<BR>004559E1|.8BECMOVEBP,ESP<BR>004559E3|.83C4C8ADDESP,-38<BR>004559E6|.53PUSHEBX<BR>004559E7|.33DBXOREBX,EBX<BR>004559E9|.895DC8MOVDWORDPTRSS:[EBP-38],EBX<BR>004559EC|.895DECMOVDWORDPTRSS:[EBP-14],EBX<BR>004559EF|.894DF4MOVDWORDPTRSS:[EBP-C],ECX<BR>004559F2|.8955F8MOVDWORDPTRSS:[EBP-8],EDX<BR>004559F5|.8945FCMOVDWORDPTRSS:[EBP-4],EAX<BR>004559F8|.8B45FCMOVEAX,DWORDPTRSS:[EBP-4]<BR>004559FB|.E800E6FAFFCALLIFLOWER1.00404000//EDX清零。<BR>00455A00|.33C0XOREAX,EAX<BR>00455A02|.55PUSHEBP<BR>00455A03|.68F95A4500PUSHIFLOWER1.00455AF9<BR>00455A08|.64:FF30PUSHDWORDPTRFS:[EAX]<BR>00455A0B|.64:8920MOVDWORDPTRFS:[EAX],ESP<BR>00455A0E|.33C0XOREAX,EAX<BR>00455A10|.8945F0MOVDWORDPTRSS:[EBP-10],EAX<BR>00455A13|.33DBXOREBX,EBX<BR>00455A15|.8B45FCMOVEAX,DWORDPTRSS:[EBP-4]<BR>00455A18|.E82FE4FAFFCALLIFLOWER1.00403E4C//取字符串“hazz”的长度。<BR>00455A1D|.85C0TESTEAX,EAX<BR>00455A1F|.7E13JLESHORTIFLOWER1.00455A34<BR>00455A21|.BA01000000MOVEDX,1<BR>00455A26|>8B4DFC/MOVECX,DWORDPTRSS:[EBP-4]<BR>00455A29|.0FB64C11FF|MOVZXECX,BYTEPTRDS:[ECX+EDX-1]//依次把字符串"hazz"每个字符送ECX。<BR>00455A2E|.03D9|ADDEBX,ECX//ECX值累加到EBX内。<BR>00455A30|.42|INCEDX<BR>00455A31|.48|DECEAX<BR>00455A32|.^75F2\JNZSHORTIFLOWER1.00455A26//未完继续循环累加。得累加结果为1BDh。<BR>00455A34|>035DF8ADDEBX,DWORDPTRSS:[EBP-8]//EBX=EBX+[EBP-8]=刚才的1BD+"004559F2"指令处的EDX。<BR>00455A37|.6BC30DIMULEAX,EBX,0D//EAX=EBX*D。<BR>00455A3A|.8945F8MOVDWORDPTRSS:[EBP-8],EAX//EAX替换掉以前的旧值。<BR>00455A3D|.8D45ECLEAEAX,DWORDPTRSS:[EBP-14]<BR>00455A40|.BA105B4500MOVEDX,IFLOWER1.00455B10<BR>00455A45|.E81AE2FAFFCALLIFLOWER1.00403C64<BR>00455A4A|.33D2XOREDX,EDX<BR>00455A4C|.8D45CCLEAEAX,DWORDPTRSS:[EBP-34]//计算机名地址送EAX。<BR>00455A4F|>8B4DEC/MOVECX,DWORDPTRSS:[EBP-14]//取字符串"delphi"的地址送ECX。下面循环累加其ASSIC码值。<BR>00455A52|.0FB60C11|MOVZXECX,BYTEPTRDS:[ECX+EDX]//各字符零扩展后,依次送ECX。<BR>00455A56|.8908|MOVDWORDPTRDS:[EAX],ECX//这个结果替换原来的计算机名内容。<BR>00455A58|.42|INCEDX<BR>00455A59|.83C004|ADDEAX,4<BR>00455A5C|.83FA06|CMPEDX,6//总共6个字符,需要6次循环。<BR>00455A5F|.^75EE\JNZSHORTIFLOWER1.00455A4F//未完继续。<BR>00455A61|.C745E8080000>MOVDWORDPTRSS:[EBP-18],8<BR>下面是计算注册码的比较麻烦的循环体,我只列出第一次循环时的结果,第二次循环是用第一次循环的结果继续运算,叫迭代算法。<BR>00455A68|>8B45DC/MOVEAX,DWORDPTRSS:[EBP-24]//字符'h'的ASSIC值送EAX。<BR>00455A6B|.2B45E0|SUBEAX,DWORDPTRSS:[EBP-20]//减去字符'i'的ASSIC值,结果-1,送EAX。<BR>00455A6E|.99|CDQ//符号扩展。<BR>00455A6F|.33C2|XOREAX,EDX<BR>00455A71|.2BC2|SUBEAX,EDX//EAX结果为1。<BR>00455A73|.8B4DCC|MOVECX,DWORDPTRSS:[EBP-34]//字符'd'的ASSIC值送ECX。<BR>00455A76|.034DD0|ADDECX,DWORDPTRSS:[EBP-30]//与字符'e'ASSIC值累加,即C9。<BR>00455A79|.8B55D4|MOVEDX,DWORDPTRSS:[EBP-2C]//字符'l'的ASSIC值送EDX。<BR>00455A7C|.3355D8|XOREDX,DWORDPTRSS:[EBP-28]//与字符'p'异或,即1C。<BR>00455A7F|.03CA|ADDECX,EDX//ECX与EDX累加,即ECX=C9+1C=E5。<BR>00455A81|.2BC8|SUBECX,EAX//ECX与EAX相减,即ECX=E5-1=E4。<BR>00455A83|.894DE4|MOVDWORDPTRSS:[EBP-1C],ECX//ECX送:[EBP-1C]保存。<BR>00455A86|.8B45F8|MOVEAX,DWORDPTRSS:[EBP-8]//计算得到的硬盘码F3BFFF68送EAX。<BR>00455A89|.33C1|XOREAX,ECX//EAX与ECX异或,即F3BFFF68XORE4=F3BFFF8C。<BR>00455A8B|.0145F0|ADDDWORDPTRSS:[EBP-10],EAX//EAX累加到:[EBP-10]<BR>00455A8E|.0FAF4DF0|IMULECX,DWORDPTRSS:[EBP-10]//ECX=ECX*EAX=E4*F3BFFF8C=16FF98B0<BR>00455A92|.894DE4|MOVDWORDPTRSS:[EBP-1C],ECX<BR>00455A95|.BA06000000|MOVEDX,6<BR>00455A9A|.8D45D0|LEAEAX,DWORDPTRSS:[EBP-30]//EAX为字符串"delphi"中'e'的地址。<BR>00455A9D|>8B08|/MOVECX,DWORDPTRDS:[EAX]//字符'e'送ECX。<BR>00455A9F|.8948FC||MOVDWORDPTRDS:[EAX-4],ECX//ECX覆盖掉前面的字符'd'。<BR>00455AA2|.83C004||ADDEAX,4<BR>00455AA5|.4A||DECEDX//计数器减一。<BR>00455AA6|.^75F5|\JNZSHORTIFLOWER1.00455A9D//未完继续循环移动。<BR>00455AA8|.FF4DE8|DECDWORDPTRSS:[EBP-18]//大循环共8次,这里为计数器减一。<BR>00455AAB|.^75BB\JNZSHORTIFLOWER1.00455A68//不为0则继续循环上去。<BR>00455AAD|.8B45F4MOVEAX,DWORDPTRSS:[EBP-C]<BR>00455AB0|.50PUSHEAX<BR>00455AB1|.8D4DC8LEAECX,DWORDPTRSS:[EBP-38]<BR>00455AB4|.BA08000000MOVEDX,8<BR>00455AB9|.8B45F0MOVEAX,DWORDPTRSS:[EBP-10]<BR>00455ABC|.E8972EFBFFCALLIFLOWER1.00408958//这个函数就是处理得到的注册码了。我们下面看看。<BR>00455AC1|.8B45C8MOVEAX,DWORDPTRSS:[EBP-38]<BR>00455AC4|.B908000000MOVECX,8<BR>00455AC9|.BA01000000MOVEDX,1<BR>00455ACE|.E881E5FAFFCALLIFLOWER1.00404054<BR>00455AD3|.33C0XOREAX,EAX<BR>00455AD5|.5APOPEDX<BR>00455AD6|.59POPECX<BR>00455AD7|.59POPECX<BR>00455AD8|.64:8910MOVDWORDPTRFS:[EAX],EDX<BR>00455ADB|.68005B4500PUSHIFLOWER1.00455B00<BR>00455AE0|>8D45C8LEAEAX,DWORDPTRSS:[EBP-38]<BR>00455AE3|.E8E4E0FAFFCALLIFLOWER1.00403BCC<BR>00455AE8|.8D45ECLEAEAX,DWORDPTRSS:[EBP-14]<BR>00455AEB|.E8DCE0FAFFCALLIFLOWER1.00403BCC<BR>00455AF0|.8D45FCLEAEAX,DWORDPTRSS:[EBP-4]<BR>00455AF3|.E8D4E0FAFFCALLIFLOWER1.00403BCC<BR>00455AF8\.C3RETN<BR>00455AF9.^E9A6DAFAFFJMPIFLOWER1.004035A4<BR>00455AFE.^EBE0JMPSHORTIFLOWER1.00455AE0<BR>00455B00.5BPOPEBX<BR>00455B01.8BE5MOVESP,EBP<BR>00455B03.5DPOPEBP<BR>00455B04.C3RETN<BR>=================================================================<BR>下面是00455ABC处的函数CALLIFLOWER1.00408958:<BR>00408958/$83C4F0ADDESP,-10<BR>0040895B|.6A01PUSH1<BR>0040895D|.89542404MOVDWORDPTRSS:[ESP+4],EDX<BR>00408961|.C644240800MOVBYTEPTRSS:[ESP+8],0<BR>00408966|.8944240CMOVDWORDPTRSS:[ESP+C],EAX<BR>0040896A|.C644241000MOVBYTEPTRSS:[ESP+10],0<BR>0040896F|.8D442404LEAEAX,DWORDPTRSS:[ESP+4]<BR>00408973|.BA8C894000MOVEDX,IFLOWER1.0040898C<BR>00408978|.91XCHGEAX,ECX<BR>00408979|.E8560D0000CALLIFLOWER1.004096D4//顺着这个函数继续看。<BR>0040897E|.83C410ADDESP,10<BR>00408981\.C3RETN<BR>=================================================================<BR>004096D4/$55PUSHEBP<BR>004096D5|.8BECMOVEBP,ESP<BR>004096D7|.81C404F0FFFFADDESP,-0FFC<BR>004096DD|.50PUSHEAX<BR>004096DE|.83C4F4ADDESP,-0C<BR>004096E1|.53PUSHEBX<BR>004096E2|.56PUSHESI<BR>004096E3|.894DF8MOVDWORDPTRSS:[EBP-8],ECX<BR>004096E6|.8955FCMOVDWORDPTRSS:[EBP-4],EDX<BR>004096E9|.8BF0MOVESI,EAX<BR>004096EB|.BB02100000MOVEBX,1002<BR>004096F0|.8B45FCMOVEAX,DWORDPTRSS:[EBP-4]<BR>004096F3|.E854A7FFFFCALLIFLOWER1.00403E4C<BR>004096F8|.8BD3MOVEDX,EBX<BR>004096FA|.85D2TESTEDX,EDX<BR>004096FC|.7903JNSSHORTIFLOWER1.00409701<BR>004096FE|.83C203ADDEDX,3<BR>00409701|>C1FA02SAREDX,2<BR>00409704|.8BCBMOVECX,EBX<BR>00409706|.2BCASUBECX,EDX<BR>00409708|.3BC1CMPEAX,ECX<BR>0040970A|.7D24JGESHORTIFLOWER1.00409730<BR>0040970C|.8B45FCMOVEAX,DWORDPTRSS:[EBP-4]<BR>0040970F|.E838A7FFFFCALLIFLOWER1.00403E4C<BR>00409714|.50PUSHEAX<BR>00409715|.8B45F8MOVEAX,DWORDPTRSS:[EBP-8]<BR>00409718|.50PUSHEAX<BR>00409719|.8B4508MOVEAX,DWORDPTRSS:[EBP+8]<BR>0040971C|.50PUSHEAX<BR>0040971D|.8B4DFCMOVECX,DWORDPTRSS:[EBP-4]<BR>00409720|.8BD3MOVEDX,EBX<BR>00409722|.4ADECEDX<BR>00409723|.8D85F6EFFFFFLEAEAX,DWORDPTRSS:[EBP-100A]//注册码地址送EAX。注册码已经现出面目。<BR>00409729|.E832FBFFFFCALLIFLOWER1.00409260//这个函数把16进制注册码变为ASSIC码形式。<BR>0040972E|.EB0CJMPSHORTIFLOWER1.0040973C<BR>00409730|>8B45FCMOVEAX,DWORDPTRSS:[EBP-4]<BR>00409733|.E814A7FFFFCALLIFLOWER1.00403E4C<BR>00409738|.8BD8MOVEBX,EAX<BR>0040973A|.8BC3MOVEAX,EBX<BR>0040973C|>8BD3MOVEDX,EBX<BR>0040973E|.4ADECEDX<BR>0040973F|.3BC2CMPEAX,EDX<BR>00409741|.7C43JLSHORTIFLOWER1.00409786<BR>00409743|.EB30JMPSHORTIFLOWER1.00409775<BR>00409745|>03DB/ADDEBX,EBX<BR>00409747|.8BC6|MOVEAX,ESI<BR>00409749|.E87EA4FFFF|CALLIFLOWER1.00403BCC<BR>0040974E|.8BC6|MOVEAX,ESI<BR>00409750|.8BD3|MOVEDX,EBX<BR>00409752|.E829AAFFFF|CALLIFLOWER1.00404180<BR>00409757|.8B45FC|MOVEAX,DWORDPTRSS:[EBP-4]<BR>0040975A|.E8EDA6FFFF|CALLIFLOWER1.00403E4C<BR>0040975F|.50|PUSHEAX<BR>00409760|.8B45F8|MOVEAX,DWORDPTRSS:[EBP-8]<BR>00409763|.50|PUSHEAX<BR>00409764|.8B4508|MOVEAX,DWORDPTRSS:[EBP+8]<BR>00409767|.50|PUSHEAX<BR>00409768|.8B4DFC|MOVECX,DWORDPTRSS:[EBP-4]<BR>0040976B|.8BD3|MOVEDX,EBX<BR>0040976D|.4A|DECEDX<BR>0040976E|.8B06|MOVEAX,DWORDPTRDS:[ESI]<BR>00409770|.E8EBFAFFFF|CALLIFLOWER1.00409260<BR>00409775|>8BD3MOVEDX,EBX<BR>00409777|.4A|DECEDX<BR>00409778|.3BC2|CMPEAX,EDX<BR>0040977A|.^7DC9\JGESHORTIFLOWER1.00409745<BR>0040977C|.8BD6MOVEDX,ESI<BR>0040977E|.92XCHGEAX,EDX<BR>0040977F|.E8FCA9FFFFCALLIFLOWER1.00404180<BR>00409784|.EB0EJMPSHORTIFLOWER1.00409794<BR>00409786|>8D95F6EFFFFFLEAEDX,DWORDPTRSS:[EBP-100A]//注册码的地址送EDX。<BR>0040978C|.8BCEMOVECX,ESI<BR>0040978E|.91XCHGEAX,ECX<BR>0040978F|.E820A5FFFFCALLIFLOWER1.00403CB4//拷贝注册码到其他地址。<BR>00409794|>5EPOPESI<BR>00409795|.5BPOPEBX<BR>00409796|.8BE5MOVESP,EBP<BR>00409798|.5DPOPEBP<BR>00409799\.C20400RETN4<BR>=================================================================<BR>最后我们返回到下面代码处:<BR>00492F3B|.8B55F8MOVEDX,DWORDPTRSS:[EBP-8]//真注册码地址送EDX。<BR>00492F3E|.58POPEAX//弹出假注册码地址到EAX。<BR>00492F3F|.E81810F7FFCALLIFLOWER1.00403F5C//此函数进行真假比较啦。<BR>00492F44|.7505JNZSHORTIFLOWER1.00492F4B//不为0则OVER。<BR>00492F46|.83CEFFORESI,FFFFFFFF<BR>00492F49|.EB02JMPSHORTIFLOWER1.00492F4D<BR>为了完整起见,让我们稍微看一下00492F3F处的比较函数部分内容吧:<BR>00403F73|.8B46FCMOVEAX,DWORDPTRDS:[ESI-4]//假码长度送EAX。比如前面输入654321为6位。<BR>00403F76|.8B57FCMOVEDX,DWORDPTRDS:[EDI-4]//真码长度送EDX。这里是8位的。<BR>00403F79|.29D0SUBEAX,EDX//两者相减。<BR>00403F7B|.7702JASHORTIFLOWER1.00403F7F<BR>00403F7D|.01C2ADDEDX,EAX<BR>00403F7F|>52PUSHEDX<BR>00403F80|.C1EA02SHREDX,2<BR>00403F83|.7426JESHORTIFLOWER1.00403FAB<BR>00403F85|>8B0E/MOVECX,DWORDPTRDS:[ESI]//假码送ECX。<BR>00403F87|.8B1F|MOVEBX,DWORDPTRDS:[EDI]//真码送EBX。<BR>00403F89|.39D9|CMPECX,EBX//进行比较。<BR>00403F8B|.7558|JNZSHORTIFLOWER1.00403FE5//不等就OVER。<BR>00403F8D|.4A|DECEDX//计数器递减。<BR>00403F8E|.7415|JESHORTIFLOWER1.00403FA5//比较完毕则跳走。<BR>00403F90|.8B4E04|MOVECX,DWORDPTRDS:[ESI+4]//下一组假码送ECX。<BR>00403F93|.8B5F04|MOVEBX,DWORDPTRDS:[EDI+4]//下一组真码送EBX。<BR>00403F96|.39D9|CMPECX,EBX<BR>00403F98|.754B|JNZSHORTIFLOWER1.00403FE5//不等就OVER。<BR>00403F9A|.83C608|ADDESI,8<BR>00403F9D|.83C708|ADDEDI,8<BR>00403FA0|.4A|DECEDX<BR>00403FA1|.^75E2\JNZSHORTIFLOWER1.00403F85//未完则继续循环。<BR>00403FA3|.EB06JMPSHORTIFLOWER1.00403FAB<BR>=================================================================<BR>后记:用了1个小时跟踪程序,分析其算法,用1小时写了这篇破文,希望对菜鸟有那么点启发。通过跟踪发现这个程序的注册码算法其实很清晰明了的,计算强度不是太大,才循环了8次而已。注册机也很容易写出来的。而且这个程序的注册码只与硬盘号有关,与用户名无关。<BR>这几天遇到一个vbox加壳的软件,反跟踪,反调试,实在太可怕,怎么搞掉这个VOBX的壳是个问题。因为程序监测到你驻留了调试器则弹出对话框提示你。非常麻烦。我还得继续研究看雪论坛精华的文章,需要大补才行!!也希望各位在这冬天好好补补,学业进步!<BR>这几天身体欠佳,精神不在状态。希望各位坛友谅解。分析完了这个软件,才觉得心情好多了,快来分享我的愉快吧!!特感谢您耽误宝贵时间阅读!请多多指教!!^_*<BR><BR>结论:<BR>用户名:任意输入即可<BR>注册码:126A7FA3</FONT><BR></P>
页:
[1]