找出比较机器码的关键位置 - 『脱壳破解讨论求助区』
- 吾爱破解 - LCG - LSG |安卓破解|病毒分析|破解软件|
后使用快捷导航没有帐号?
只需一步,快速开始
请完成以下验证码
请完成以下验证码
查看: 3651|回复: 4
找出比较机器码的关键位置
阅读权限10
发帖求助前要善用【】功能,那里可能会有你要找的答案;
求助软件脱壳或者破解思路时,请务必在主题帖中描述清楚你的分析思路与方法,否则会当作求脱求破处理;
如果你在论坛求助问题,并且已经从坛友或者管理的回复中解决了问题,请把帖子标题加上【已解决】;
如何回报帮助你解决问题的坛友,一个好办法就是给对方加【热心】和【CB】,加分不会扣除自己的积分,做一个热心并受欢迎的人。
新手学习爆破一个程序,这个程序要读取一个license文件才能启动,license是正确的,但是绑定了机器码和有日期限制,我想将机器码和日期限制爆破掉。这是我从OD中根据字符串找出的一段代码:
[Asm] 纯文本查看 复制代码00C4ED40
jle Xnapa102.00C4ED57
|8BB5 70FFFFFF
mov esi,dword ptr ss:[ebp-0x90]
|8BBD 6CFFFFFF
mov edi,dword ptr ss:[ebp-0x94]
mov esp,ebp
mov esp,ebx
转入子程序
\E8 A474D800
call napa102.019D6200
68 54890F02
push napa102.020F8954
E8 C89890FF
call napa102.
E8 2324EA00
call napa102.01AF1190
E8 FE035300
call napa102.
E8 A9E2A100
call napa102.
68 24890F02
push napa102.020F8924
E8 DF55A000
call napa102.
0FB615 58890F02 movzx edx,byte ptr ds:[0x20F8958]
mov dword ptr ds:[0x29749D4],esi
8815 DC4C9702
mov byte ptr ds:[0x2974CDC],dl
mov dword ptr ds:[0x2974C58],esi
mov dword ptr ds:[0x2974C5C],esi
C705 C&mov dword ptr ds:[0xx1
mov ecx,0x20
pxor mm0,mm0
66:0F7F05 604C9&movq qword ptr ds:[0x2974C60],mm0
66:0F7F05 704C9&movq qword ptr ds:[0x2974C70],mm0
C705 044C9702 0&mov dword ptr ds:[0xx270F
880D DD4C9702
mov byte ptr ds:[0x2974CDD],cl
880D DE4C9702
mov byte ptr ds:[0x2974CDE],cl
880D DF4C9702
mov byte ptr ds:[0x2974CDF],cl
880D E04C9702
mov byte ptr ds:[0x2974CE0],cl
880D E14C9702
mov byte ptr ds:[0x2974CE1],cl
880D E24C9702
mov byte ptr ds:[0x2974CE2],cl
880D E34C9702
mov byte ptr ds:[0x2974CE3],cl
E8 74837A00
call napa102.013F7170
C705 1C4C9702 8&mov dword ptr ds:[0x2974C1C],0x384
A3 F8499702
mov dword ptr ds:[0x29749F8],eax
C705 204C9702 C&mov dword ptr ds:[0xxC8
C705 284C9702 7&mov dword ptr ds:[0xx78
C705 244C9702 1&mov dword ptr ds:[0xx1E
C705 804C9702 0&mov dword ptr ds:[0xx0
68 28890F02
push napa102.020F8928
68 5C890F02
push napa102.020F895C
c:\build\nnapa\napa\mn\mn13.f90
68 7C890F02
push napa102.020F897C
array sizes do not match
68 98890F02
push napa102.020F8998
SIZE( CLTSKS ) == SIZE( CMXUTS )
68 2C890F02
push napa102.020F892C
E8 597A9E00
call napa102.
8D95 68FFFFFF
lea edx,dword ptr ss:[ebp-0x98]
mov dword ptr ds:[edx],0x
mov edi,esp
8D95 78FFFFFF
lea edx,dword ptr ss:[ebp-0x88]
mov dword ptr ds:[edx],0x
lea edx,dword ptr ss:[ebp-0x78]
C702 434C2020
mov dword ptr ds:[edx],0x20204C43
lea edx,dword ptr ss:[ebp-0x68]
mov dword ptr ds:[edx],0x
lea edx,dword ptr ss:[ebp-0x58]
C702 46454D20
mov dword ptr ds:[edx],0x204D4546
lea edx,dword ptr ss:[ebp-0x48]
mov dword ptr ds:[edx],0x
lea edx,dword ptr ss:[ebp-0x38]
mov dword ptr ds:[edx],0x
lea edx,dword ptr ss:[ebp-0x28]
C702 52414E53
mov dword ptr ds:[edx],0x534E4152
lea edx,dword ptr ss:[ebp-0x18]
mov dword ptr ds:[edx],0x
lea edx,dword ptr ss:[ebp-0x8]
C702 4F505420
mov dword ptr ds:[edx],0x2054504F
mov eax,0x28
E8 ED3C7CFF
call napa102.00412BB0
and esp,0xFFFFFFF0
mov eax,esp
8B95 68FFFFFF
mov edx,dword ptr ss:[ebp-0x98]
mov dword ptr ds:[eax],edx
8B95 78FFFFFF
mov edx,dword ptr ss:[ebp-0x88]
mov dword ptr ds:[eax+0x4],edx
mov edx,dword ptr ss:[ebp-0x78]
mov dword ptr ds:[eax+0x8],edx
mov edx,dword ptr ss:[ebp-0x68]
mov dword ptr ds:[eax+0xC],edx
mov edx,dword ptr ss:[ebp-0x58]
mov dword ptr ds:[eax+0x10],edx
mov edx,dword ptr ss:[ebp-0x48]
mov dword ptr ds:[eax+0x14],edx
mov edx,dword ptr ss:[ebp-0x38]
mov dword ptr ds:[eax+0x18],edx
mov edx,dword ptr ss:[ebp-0x28]
mov dword ptr ds:[eax+0x1C],edx
mov edx,dword ptr ss:[ebp-0x18]
mov dword ptr ds:[eax+0x20],edx
mov edx,dword ptr ss:[ebp-0x8]
mov dword ptr ds:[eax+0x24],edx
89BD 68FFFFFF
mov dword ptr ss:[ebp-0x98],edi
mov edx,0x1
mov edi,eax
mov eax,esi
mov esi,edx
8D14F5 844C9702 lea edx,dword ptr ds:[esi*8+0x2974C84]
lea ecx,dword ptr ds:[edi+esi*4-0x4]
E8 E5D98E00
call &jmp.&libifcoremd.for_cpystr&
xor eax,eax
add esp,0x1C
cmp esi,0xA
jle Xnapa102.00C4EF1A
8BBD 68FFFFFF
mov edi,dword ptr ss:[ebp-0x98]
mov esi,eax
mov eax,edi
mov esp,eax
mov dword ptr ds:[0x2974C2C],esi
mov dword ptr ds:[0x2974C50],esi
pxor mm0,mm0
66:0F7F05 304C9&movq qword ptr ds:[0x2974C30],mm0
66:0F7F05 404C9&movq qword ptr ds:[0x2974C40],mm0
C705 0C4C9702 0&mov dword ptr ds:[0x2974C0C],0x1
68 0C8A0F02
push napa102.020F8A0C
68 58A43202
push napa102.
E8 8ED98E00
call &jmp.&libifcoremd.for_cpystr&
add esp,0x1C
0FB615 148A0F02 movzx edx,byte ptr ds:[0x20F8A14]
66:0F6F05 40890&movq mm0,qword ptr ds:[0x20F8940]
0FB60D 188A0F02 movzx ecx,byte ptr ds:[0x20F8A18]
66:0F7F05 A0A43&movq qword ptr ds:[0x232A4A0],mm0
66:0F7F05 90A93&movq qword ptr ds:[0x232A990],mm0
mov dword ptr ds:[0x232A4B4],esi
C705 CCA43202 0&mov dword ptr ds:[0x232A4CC],0x4
mov eax,0x20
mov edi,0x1
C605 66A63202 4&mov byte ptr ds:[0x232A666],0x4E
mov byte ptr ds:[0x232A498],dl
0FB615 1C8A0F02 movzx edx,byte ptr ds:[0x20F8A1C]
C605 67A63202 4&mov byte ptr ds:[0x232A667],0x49
A2 99A43202
mov byte ptr ds:[0x232A499],al
C605 68A63202 5&mov byte ptr ds:[0x232A668],0x54
A2 9AA43202
mov byte ptr ds:[0x232A49A],al
C605 6AA63202 5&mov byte ptr ds:[0x232A66A],0x52
A2 9BA43202
mov byte ptr ds:[0x232A49B],al
C705 A0A73202 2&mov dword ptr ds:[0x232A7A0],0x
A2 9CA43202
mov byte ptr ds:[0x232A49C],al
A2 9DA43202
mov byte ptr ds:[0x232A49D],al
A2 9EA43202
mov byte ptr ds:[0x232A49E],al
A2 9FA43202
mov byte ptr ds:[0x232A49F],al
mov dword ptr ds:[0x232A4B8],esi
mov dword ptr ds:[0x232A420],esi
mov dword ptr ds:[0x232A9A0],esi
880D 88A93202
mov byte ptr ds:[0x232A988],cl
B9 4F000000
mov ecx,0x4F
A2 89A93202
mov byte ptr ds:[0x232A989],al
A2 8AA93202
mov byte ptr ds:[0x232A98A],al
A2 8BA93202
mov byte ptr ds:[0x232A98B],al
A2 8CA93202
mov byte ptr ds:[0x232A98C],al
A2 8DA93202
mov byte ptr ds:[0x232A98D],al
A2 8EA93202
mov byte ptr ds:[0x232A98E],al
A2 8FA93202
mov byte ptr ds:[0x232A98F],al
mov dword ptr ds:[0x232A4D0],esi
893D C8A43202
mov dword ptr ds:[0x232A4C8],edi
mov dword ptr ds:[0x232A424],esi
mov dword ptr ds:[0x232A4D8],esi
893D D4A43202
mov dword ptr ds:[0x232A4D4],edi
mov byte ptr ds:[0x232A664],dl
880D 65A63202
mov byte ptr ds:[0x232A665],cl
880D 69A63202
mov byte ptr ds:[0x232A669],cl
A2 6BA63202
mov byte ptr ds:[0x232A66B],al
893D 30A43202
mov dword ptr ds:[0x232A430],edi
E8 DD3A7DFF
call napa102.00422B80
0FB615 248A0F02 movzx edx,byte ptr ds:[0x20F8A24]
68 20890F02
push napa102.020F8920
mov dword ptr ds:[0x232A428],esi
mov byte ptr ds:[0x232A710],dl
mov dword ptr ds:[0x232A774],esi
mov ecx,0x20
880D 11A73202
mov byte ptr ds:[0x232A711],cl
880D 12A73202
mov byte ptr ds:[0x232A712],cl
880D 13A73202
mov byte ptr ds:[0x232A713],cl
880D 14A73202
mov byte ptr ds:[0x232A714],cl
880D 15A73202
mov byte ptr ds:[0x232A715],cl
880D 16A73202
mov byte ptr ds:[0x232A716],cl
880D 17A73202
mov byte ptr ds:[0x232A717],cl
mov dword ptr ds:[0x232A524],esi
E8 C5AAFFFF
call napa102.00C49BC0
0FB615 288A0F02 movzx edx,byte ptr ds:[0x20F8A28]
66:0F6F05 40890&movq mm0,qword ptr ds:[0x20F8940]
66:0F7F05 40463&movq qword ptr ds:[0x2334640],mm0
mov byte ptr ds:[0x2334638],dl
mov dword ptr ds:[0x2334650],esi
mov dword ptr ds:[0x232A978],esi
8935 FCA83202
mov dword ptr ds:[0x232A8FC],esi
8935 CCA83202
mov dword ptr ds:[0x232A8CC],esi
C705 5CA73202 4&mov dword ptr ds:[0x232A75C],0x
mov ecx,0x20
mov edi,0x100
C705 EC&mov dword ptr ds:[0x23346EC],0x3F800000
mov byte ptr ds:[0x2334639],cl
880D 3A463302
mov byte ptr ds:[0x233463A],cl
880D 3B463302
mov byte ptr ds:[0x233463B],cl
880D 3C463302
mov byte ptr ds:[0x233463C],cl
880D 3D463302
mov byte ptr ds:[0x233463D],cl
mov edx,0x1
880D 3E463302
mov byte ptr ds:[0x233463E],cl
880D 3F463302
mov byte ptr ds:[0x233463F],cl
893D C8A63202
mov dword ptr ds:[0x232A6C8],edi
68 2C8A0F02
push napa102.020F8A2C
893D CCA63202
mov dword ptr ds:[0x232A6CC],edi
mov dword ptr ds:[0x232A7A4],edx
mov dword ptr ds:[0x23346F0],edx
mov dword ptr ds:[0x232A8F0],edx
68 0CA93202
push napa102.0232A90C
E8 68D78E00
call &jmp.&libifcoremd.for_cpystr&
add esp,0x1C
C705 98A73202 0&mov dword ptr ds:[0x232A798],0x1
mov dword ptr ds:[0x232A8F8],esi
mov dword ptr ds:[0x232A934],esi
C705 9CA73202 4&mov dword ptr ds:[0x232A79C],0x
C705 00A93202 F&mov dword ptr ds:[0x232A900],-0x1
E8 7EA18C00
call napa102.
mov dword ptr ds:[0x2334748],eax
E8 542C7800
call napa102.013D1E40
A3 DCA43202
mov dword ptr ds:[0x232A4DC],eax
mov eax,esi
mov dword ptr ds:[0x2334734],esi
mov dword ptr ds:[0x233473C],esi
mov dword ptr ds:[0x2334740],esi
mov dword ptr ds:[0x23201A8],esi
8935 AC013202
mov dword ptr ds:[0x23201AC],esi
mov dword ptr ds:[0x2320330],esi
mov dword ptr ds:[0x23206B0],esi
mov ecx,0x1
BA FFFFFFFF
mov edx,-0x1
C705 4C&mov dword ptr ds:[0x233474C],napa102.01E84800
890D 6CA73202
mov dword ptr ds:[0x232A76C],ecx
pxor mm0,mm0
C705 34A43202 D&mov dword ptr ds:[0x232A434],0x40490FDB
890D 70A73202
mov dword ptr ds:[0x232A770],ecx
mov dword ptr ds:[0x23201B4],edx
C705 38A43202 D&mov dword ptr ds:[0x232A438],0x3FC90FDB
C705 3CA43202 D&mov dword ptr ds:[0x232A43C],0x40C90FDB
mov dword ptr ds:[0x23201B8],edx
890D B0013202
mov dword ptr ds:[0x23201B0],ecx
C705 40A43202 3&mov dword ptr ds:[0x232A440],0x3C8EFA35
C705 44A43202 E&mov dword ptr ds:[0x232A444],0x42652EE0
C705 68A73202 4&mov dword ptr ds:[0x232A768],0x
C705 9CA73202 4&mov dword ptr ds:[0x232A79C],0x
C705 B&mov dword ptr ds:[0xx14
66:0F7F&movq qword ptr ds:[eax*4+0x2320660],mm0
add eax,0x4
cmp eax,0x14
jb Xnapa102.00C4F2A3
mov dword ptr ds:[0x23206B8],esi
8935 CCA83202
mov dword ptr ds:[0x232A8CC],esi
mov dword ptr ds:[0x232A8E0],esi
mov dword ptr ds:[0x232A8E4],esi
mov dword ptr ds:[0x29F6F08],esi
mov dword ptr ds:[0x29F6EE4],esi
mov dword ptr ds:[0x29F6F0C],esi
mov dword ptr ds:[0x29F6F98],esi
C705 F4A83202 0&mov dword ptr ds:[0x232A8F4],0x7
pxor mm0,mm0
66:0F7F05 D0A83&movq qword ptr ds:[0x232A8D0],mm0
C705 F86E9F02 0&mov dword ptr ds:[0x29F6EF8],0xA
C705 F46E9F02 6&mov dword ptr ds:[0x29F6EF4],0x64
68 308A0F02
push napa102.020F8A30
68 186F9F02
push napa102.029F6F18
E8 F1D58E00
call &jmp.&libifcoremd.for_cpystr&
add esp,0x1C
0FB605 348A0F02 movzx eax,byte ptr ds:[0x20F8A34]
C705 9C6F9F02 0&mov dword ptr ds:[0x29F6F9C],0x1
mov edx,0x20
mov dword ptr ds:[0x29F7114],esi
mov dword ptr ds:[0x29F7124],esi
mov dword ptr ds:[0x29F7128],esi
mov dword ptr ds:[0x29F712C],esi
mov dword ptr ds:[0x29F7134],esi
mov dword ptr ds:[0x29F5C40],esi
A2 445C9F02
mov byte ptr ds:[0x29F5C44],al
mov byte ptr ds:[0x29F5C45],dl
mov byte ptr ds:[0x29F5C46],dl
mov byte ptr ds:[0x29F5C47],dl
mov byte ptr ds:[0x29F5C48],dl
mov byte ptr ds:[0x29F5C49],dl
mov byte ptr ds:[0x29F5C4A],dl
mov byte ptr ds:[0x29F5C4B],dl
mov byte ptr ds:[0x29F5C4C],dl
mov byte ptr ds:[0x29F5C4D],dl
mov byte ptr ds:[0x29F5C4E],dl
mov byte ptr ds:[0x29F5C4F],dl
E8 F05F3A00
call napa102.00FF53A0
E8 7B91AB00
call napa102.
E8 56523E00
call napa102.
68 20890F02
push napa102.020F8920
E8 2CC60700
call napa102.00CCB9F0
E8 D738F000
call napa102.01B52CA0
E8 923DF700
call napa102.01BC3160
E8 4D832500
call napa102.00EA7720
E8 B8033600
call napa102.00FAF790
E8 E3722A00
call napa102.00EF66C0
E8 7E6AB300
call napa102.01785E60
E8 D9010A00
call napa102.00CEF5C0
68 20890F02
push napa102.020F8920
E8 FFC1F200
call napa102.01B7B5F0
68 20890F02
push napa102.020F8920
8D85 68FFFFFF
lea eax,dword ptr ss:[ebp-0x98]
E8 2EA50200
call napa102.00C79930
E8 C91D1700
call napa102.00DC11D0
68 20890F02
push napa102.020F8920
68 30890F02
push napa102.020F8930
68 388A0F02
push napa102.020F8A38
E8 A34B7CFF
call napa102.00413FC0
^ E9 20F9FFFF
jmp napa102.00C4ED42
lea esi,dword ptr ds:[esi]
lea edi,dword ptr ds:[edi]
mov ebp,esp
sub esp,0x664
mov dword ptr ss:[ebp-0x10],ebx
mov dword ptr ss:[ebp-0xC],edi
mov dword ptr ss:[ebp-0x8],esi
mov edi,dword ptr ss:[ebp+0x8]
C745 EC 0000000&mov dword ptr ss:[ebp-0x14],0x0
E8 8E6E7CFF
call napa102.
test eax,eax
0F84 D6070000
je napa102.00C4FC30
lea ebx,dword ptr ss:[ebp-0x20]
8D8D 60FFFFFF
lea ecx,dword ptr ss:[ebp-0xA0]
lea esi,dword ptr ss:[ebp-0x14]
mov eax,dword ptr ds:[edi]
68 608A0F02
push napa102.020F8A60
xor eax,edx
sub eax,edx
mov dword ptr ss:[ebp-0x20],eax
68 648A0F02
push napa102.020F8A64
E8 CF8E7CFF
call napa102.
8D85 60FFFFFF
lea eax,dword ptr ss:[ebp-0xA0]
E8 4D7785FF
call napa102.004A6BE0
mov ebx,eax
mov eax,dword ptr ds:[edi]
lea ecx,dword ptr ss:[ebp-0x18]
xor eax,edx
sub eax,edx
mov dword ptr ss:[ebp-0x18],eax
C745 E4 FF27000&mov dword ptr ss:[ebp-0x1C],0x27FF
68 608A0F02
push napa102.020F8A60
8DB5 60FFFFFF
lea esi,dword ptr ss:[ebp-0xA0]
68 688A0F02
push napa102.020F8A68
E8 908E7CFF
call napa102.
cmp ebx,0x8
0F87 2F070000
ja napa102.00C4FBFB
8B049D 6C8A0F02 mov eax,dword ptr ds:[ebx*4+0x20F8A6C]
C785 DCFDFFFF 3&mov dword ptr ss:[ebp-0x224],napa102.020F8B3C napa: License has expired (release too old)
lea eax,dword ptr ss:[ebp-0x30]
xor esi,esi
89B5 E8FDFFFF
mov dword ptr ss:[ebp-0x218],esi
8985 ECFDFFFF
mov dword ptr ss:[ebp-0x214],eax
89B5 F8FDFFFF
mov dword ptr ss:[ebp-0x208],esi
C785 E4FDFFFF 2&mov dword ptr ss:[ebp-0x21C],0x2B
8D8D DCFDFFFF
lea ecx,dword ptr ss:[ebp-0x224]
C645 D0 0A
mov byte ptr ss:[ebp-0x30],0xA
8D95 3CFBFFFF
lea edx,dword ptr ss:[ebp-0x4C4]
push 0x200
C785 F4FDFFFF 0&mov dword ptr ss:[ebp-0x20C],0x1
E8 F4D38E00
call &jmp.&libifcoremd.for_concat&
mov edx,dword ptr ss:[ebp-0x14]
89B5 18FBFFFF
mov dword ptr ss:[ebp-0x4E8],esi
89B5 28FBFFFF
mov dword ptr ss:[ebp-0x4D8],esi
B9 2C000000
mov ecx,0x2C
test edx,edx
mov dword ptr ss:[ebp-0x664],edx
C785 1CFBFFFF 6&mov dword ptr ss:[ebp-0x4E4],napa102.020F8B68 -&
mov dword ptr ss:[ebp-0x24],ecx
mov eax,esi
cmovge eax,edx
8D9D 3CFBFFFF
lea ebx,dword ptr ss:[ebp-0x4C4]
899D 0CFBFFFF
mov dword ptr ss:[ebp-0x4F4],ebx
898D 14FBFFFF
mov dword ptr ss:[ebp-0x4EC],ecx
mov ecx,0x3
898D 24FBFFFF
mov dword ptr ss:[ebp-0x4DC],ecx
8D95 60FFFFFF
lea edx,dword ptr ss:[ebp-0xA0]
8995 2CFBFFFF
mov dword ptr ss:[ebp-0x4D4],edx
8985 34FBFFFF
mov dword ptr ss:[ebp-0x4CC],eax
8D85 0CFBFFFF
lea eax,dword ptr ss:[ebp-0x4F4]
8995 38FBFFFF
mov dword ptr ss:[ebp-0x4C8],edx
push 0x200
E8 7BD38E00
call &jmp.&libifcoremd.for_concat&
add esp,0x30
8B85 9CF9FFFF
mov eax,dword ptr ss:[ebp-0x664]
C745 E4 0628000&mov dword ptr ss:[ebp-0x1C],0x2806
add eax,0x2F
mov ebx,0x1
mov dword ptr ss:[ebp-0x24],eax
E9 AD060000
jmp napa102.00C4FC70
C785 3CFDFFFF F&mov dword ptr ss:[ebp-0x2C4],napa102.020F8BF0 napa: system data base could not be opened
lea eax,dword ptr ss:[ebp-0x44]
xor esi,esi
89B5 48FDFFFF
mov dword ptr ss:[ebp-0x2B8],esi
8985 4CFDFFFF
mov dword ptr ss:[ebp-0x2B4],eax
89B5 58FDFFFF
mov dword ptr ss:[ebp-0x2A8],esi
C785 44FDFFFF 2&mov dword ptr ss:[ebp-0x2BC],0x2A
8D8D 3CFDFFFF
lea ecx,dword ptr ss:[ebp-0x2C4]
C645 BC 0A
mov byte ptr ss:[ebp-0x44],0xA
8D95 3CFBFFFF
lea edx,dword ptr ss:[ebp-0x4C4]
push 0x200
C785 54FDFFFF 0&mov dword ptr ss:[ebp-0x2AC],0x1
E8 06D38E00
call &jmp.&libifcoremd.for_concat&
add esp,0x18
mov eax,dword ptr ds:[edi]
lea ecx,dword ptr ss:[ebp-0x4C]
xor eax,edx
sub eax,edx
mov dword ptr ss:[ebp-0x4C],eax
C745 DC 2B00000&mov dword ptr ss:[ebp-0x24],0x2B
C745 B0 0000000&mov dword ptr ss:[ebp-0x50],0x0
E8 A46C7CFF
call napa102.
cmp eax,0x2
jle Xnapa102.00C4F671
8D9D 9CF9FFFF
lea ebx,dword ptr ss:[ebp-0x664]
lea ecx,dword ptr ss:[ebp-0x50]
mov eax,dword ptr ds:[edi]
68 608A0F02
push napa102.020F8A60
xor eax,edx
sub eax,edx
8985 FCFEFFFF
mov dword ptr ss:[ebp-0x104],eax
8D85 FCFEFFFF
lea eax,dword ptr ss:[ebp-0x104]
68 908A0F02
push napa102.020F8A90
E8 E28C7CFF
call napa102.
mov eax,dword ptr ss:[ebp-0x14]
8985 20FAFFFF
mov dword ptr ss:[ebp-0x5E0],eax
test eax,eax
0F8E BB080000
jle napa102.00C4FF3D
mov ebx,dword ptr ss:[ebp-0x24]
899D 1CFAFFFF
mov dword ptr ss:[ebp-0x5E4],ebx
89B5 08FAFFFF
mov dword ptr ss:[ebp-0x5F8],esi
C785 FCF9FFFF 1&mov dword ptr ss:[ebp-0x604],napa102.020F8C1C -&
test ebx,ebx
mov eax,esi
cmovge eax,ebx
mov ecx,0x3
8D9D 3CFBFFFF
lea ebx,dword ptr ss:[ebp-0x4C4]
899D ECF9FFFF
mov dword ptr ss:[ebp-0x614],ebx
mov dword ptr ss:[ebp-0x60C],eax
mov eax,esi
mov dword ptr ss:[ebp-0x608],edx
8B95 20FAFFFF
mov edx,dword ptr ss:[ebp-0x5E0]
898D 04FAFFFF
mov dword ptr ss:[ebp-0x5FC],ecx
test edx,edx
cmovge eax,edx
8D95 60FFFFFF
lea edx,dword ptr ss:[ebp-0xA0]
8995 0CFAFFFF
mov dword ptr ss:[ebp-0x5F4],edx
8985 14FAFFFF
mov dword ptr ss:[ebp-0x5EC],eax
8D85 ECF9FFFF
lea eax,dword ptr ss:[ebp-0x614]
8995 18FAFFFF
mov dword ptr ss:[ebp-0x5E8],edx
push 0x200
E8 1DD28E00
call &jmp.&libifcoremd.for_concat&
add esp,0x18
8B85 1CFAFFFF
mov eax,dword ptr ss:[ebp-0x5E4]
8B95 20FAFFFF
mov edx,dword ptr ss:[ebp-0x5E0]
mov ecx,dword ptr ss:[ebp-0x50]
898D 4CFAFFFF
mov dword ptr ss:[ebp-0x5B4],ecx
lea ebx,dword ptr ds:[eax+edx+0x3]
test ecx,ecx
jle napa102.00C4FF35
C685 1CFAFFFF 0&mov byte ptr ss:[ebp-0x5E4],0xA
lea eax,dword ptr ds:[ebx+0x1]
mov dword ptr ss:[ebp-0x24],eax
8A95 1CFAFFFF
mov dl,byte ptr ss:[ebp-0x5E4]
88941D 3CFBFFFF mov byte ptr ss:[ebp+ebx-0x4C4],dl
mov ebx,dword ptr ss:[ebp-0x24]
899D 50FAFFFF
mov dword ptr ss:[ebp-0x5B0],ebx
89B5 38FAFFFF
mov dword ptr ss:[ebp-0x5C8],esi
C785 2CFAFFFF 2&mov dword ptr ss:[ebp-0x5D4],napa102.020F8C20 or
test ebx,ebx
mov eax,esi
cmovge eax,ebx
mov ecx,0x3
8D9D 3CFBFFFF
lea ebx,dword ptr ss:[ebp-0x4C4]
899D 1CFAFFFF
mov dword ptr ss:[ebp-0x5E4],ebx
8985 24FAFFFF
mov dword ptr ss:[ebp-0x5DC],eax
mov eax,esi
8995 28FAFFFF
mov dword ptr ss:[ebp-0x5D8],edx
8B95 4CFAFFFF
mov edx,dword ptr ss:[ebp-0x5B4]
898D 34FAFFFF
mov dword ptr ss:[ebp-0x5CC],ecx
test edx,edx
cmovge eax,edx
8D95 9CF9FFFF
lea edx,dword ptr ss:[ebp-0x664]
8995 3CFAFFFF
mov dword ptr ss:[ebp-0x5C4],edx
8985 44FAFFFF
mov dword ptr ss:[ebp-0x5BC],eax
8D85 1CFAFFFF
lea eax,dword ptr ss:[ebp-0x5E4]
8995 48FAFFFF
mov dword ptr ss:[ebp-0x5B8],edx
push 0x200
E8 60D18E00
call &jmp.&libifcoremd.for_concat&
add esp,0x18
8B85 50FAFFFF
mov eax,dword ptr ss:[ebp-0x5B0]
8B95 4CFAFFFF
mov edx,dword ptr ss:[ebp-0x5B4]
lea ecx,dword ptr ds:[eax+edx+0x3]
mov dword ptr ss:[ebp-0x24],ecx
C745 E4 6A27000&mov dword ptr ss:[ebp-0x1C],0x276A
mov ebx,esi
E9 8E040000
jmp napa102.00C4FC70
C785 BCFDFFFF C&mov dword ptr ss:[ebp-0x244],napa102.020F8BCC napa: No response from server
lea eax,dword ptr ss:[ebp-0x34]
xor esi,esi
89B5 C8FDFFFF
mov dword ptr ss:[ebp-0x238],esi
8985 CCFDFFFF
mov dword ptr ss:[ebp-0x234],eax
89B5 D8FDFFFF
mov dword ptr ss:[ebp-0x228],esi
C785 C4FDFFFF 1&mov dword ptr ss:[ebp-0x23C],0x1D
8D8D BCFDFFFF
lea ecx,dword ptr ss:[ebp-0x244]
C645 CC 0A
mov byte ptr ss:[ebp-0x34],0xA
8D95 3CFBFFFF
lea edx,dword ptr ss:[ebp-0x4C4]
push 0x200
C785 D4FDFFFF 0&mov dword ptr ss:[ebp-0x22C],0x1
E8 E7D08E00
call &jmp.&libifcoremd.for_concat&
mov edx,dword ptr ss:[ebp-0x14]
89B5 E8FAFFFF
mov dword ptr ss:[ebp-0x518],esi
89B5 F8FAFFFF
mov dword ptr ss:[ebp-0x508],esi
B9 1E000000
mov ecx,0x1E
test edx,edx
mov dword ptr ss:[ebp-0x664],edx
C785 ECFAFFFF E&mov dword ptr ss:[ebp-0x514],napa102.020F8BEC -&
mov dword ptr ss:[ebp-0x24],ecx
mov eax,esi
cmovge eax,edx
8D9D 3CFBFFFF
lea ebx,dword ptr ss:[ebp-0x4C4]
899D DCFAFFFF
mov dword ptr ss:[ebp-0x524],ebx
898D E4FAFFFF
mov dword ptr ss:[ebp-0x51C],ecx
mov ecx,0x3
898D F4FAFFFF
mov dword ptr ss:[ebp-0x50C],ecx
8D95 60FFFFFF
lea edx,dword ptr ss:[ebp-0xA0]
8995 FCFAFFFF
mov dword ptr ss:[ebp-0x504],edx
8985 04FBFFFF
mov dword ptr ss:[ebp-0x4FC],eax
8D85 DCFAFFFF
lea eax,dword ptr ss:[ebp-0x524]
8995 08FBFFFF
mov dword ptr ss:[ebp-0x4F8],edx
push 0x200
E8 6ED08E00
call &jmp.&libifcoremd.for_concat&
add esp,0x30
8B85 9CF9FFFF
mov eax,dword ptr ss:[ebp-0x664]
C745 E4 0828000&mov dword ptr ss:[ebp-0x1C],0x2808
add eax,0x21
mov ebx,esi
mov dword ptr ss:[ebp-0x24],eax
E9 A3030000
jmp napa102.00C4FC70
C785 9CFDFFFF 9&mov dword ptr ss:[ebp-0x264],napa102.020F8B9C napa: Machine id does not match the license
lea eax,dword ptr ss:[ebp-0x38]
xor esi,esi
89B5 A8FDFFFF
mov dword ptr ss:[ebp-0x258],esi
8985 ACFDFFFF
mov dword ptr ss:[ebp-0x254],eax
89B5 B8FDFFFF
mov dword ptr ss:[ebp-0x248],esi
C785 A4FDFFFF 2&mov dword ptr ss:[ebp-0x25C],0x2B
8D8D 9CFDFFFF
lea ecx,dword ptr ss:[ebp-0x264]
C645 C8 0A
mov byte ptr ss:[ebp-0x38],0xA
8D95 3CFBFFFF
lea edx,dword ptr ss:[ebp-0x4C4]
push 0x200
C785 B4FDFFFF 0&mov dword ptr ss:[ebp-0x24C],0x1
E8 FCCF8E00
call &jmp.&libifcoremd.for_concat&
mov edx,dword ptr ss:[ebp-0x14]
89B5 B8FAFFFF
mov dword ptr ss:[ebp-0x548],esi
89B5 C8FAFFFF
mov dword ptr ss:[ebp-0x538],esi
B9 2C000000
mov ecx,0x2C
test edx,edx
mov dword ptr ss:[ebp-0x664],edx
C785 BCFAFFFF C&mov dword ptr ss:[ebp-0x544],napa102.020F8BC8 -&
mov dword ptr ss:[ebp-0x24],ecx
mov eax,esi
cmovge eax,edx
8D9D 3CFBFFFF
lea ebx,dword ptr ss:[ebp-0x4C4]
899D ACFAFFFF
mov dword ptr ss:[ebp-0x554],ebx
898D B4FAFFFF
mov dword ptr ss:[ebp-0x54C],ecx
mov ecx,0x3
898D C4FAFFFF
mov dword ptr ss:[ebp-0x53C],ecx
8D95 60FFFFFF
lea edx,dword ptr ss:[ebp-0xA0]
8995 CCFAFFFF
mov dword ptr ss:[ebp-0x534],edx
8985 D4FAFFFF
mov dword ptr ss:[ebp-0x52C],eax
8D85 ACFAFFFF
lea eax,dword ptr ss:[ebp-0x554]
8995 D8FAFFFF
mov dword ptr ss:[ebp-0x528],edx
push 0x200
E8 83CF8E00
call &jmp.&libifcoremd.for_concat&
add esp,0x30
8B85 9CF9FFFF
mov eax,dword ptr ss:[ebp-0x664]
C745 E4 0728000&mov dword ptr ss:[ebp-0x1C],0x2807
add eax,0x2F
mov ebx,0x1
mov dword ptr ss:[ebp-0x24],eax
E9 B5020000
jmp napa102.00C4FC70
C785 7CFDFFFF 6&mov dword ptr ss:[ebp-0x284],napa102.020F8B6C napa: License has expired (date too old)
lea eax,dword ptr ss:[ebp-0x3C]
xor esi,esi
89B5 88FDFFFF
mov dword ptr ss:[ebp-0x278],esi
8985 8CFDFFFF
mov dword ptr ss:[ebp-0x274],eax
89B5 98FDFFFF
mov dword ptr ss:[ebp-0x268],esi
C785 84FDFFFF 2&mov dword ptr ss:[ebp-0x27C],0x28
8D8D 7CFDFFFF
lea ecx,dword ptr ss:[ebp-0x284]
C645 C4 0A
mov byte ptr ss:[ebp-0x3C],0xA
8D95 3CFBFFFF
lea edx,dword ptr ss:[ebp-0x4C4]
push 0x200
C785 94FDFFFF 0&mov dword ptr ss:[ebp-0x26C],0x1
E8 0ECF8E00
call &jmp.&libifcoremd.for_concat&
mov edx,dword ptr ss:[ebp-0x14]
89B5 88FAFFFF
mov dword ptr ss:[ebp-0x578],esi
89B5 98FAFFFF
mov dword ptr ss:[ebp-0x568],esi
mov ecx,0x29
test edx,edx
mov dword ptr ss:[ebp-0x664],edx
C785 8CFAFFFF 9&mov dword ptr ss:[ebp-0x574],napa102.020F8B98 -&
mov dword ptr ss:[ebp-0x24],ecx
mov eax,esi
cmovge eax,edx
8D9D 3CFBFFFF
lea ebx,dword ptr ss:[ebp-0x4C4]
899D 7CFAFFFF
mov dword ptr ss:[ebp-0x584],ebx
898D 84FAFFFF
mov dword ptr ss:[ebp-0x57C],ecx
mov ecx,0x3
898D 94FAFFFF
mov dword ptr ss:[ebp-0x56C],ecx
8D95 60FFFFFF
lea edx,dword ptr ss:[ebp-0xA0]
8995 9CFAFFFF
mov dword ptr ss:[ebp-0x564],edx
8985 A4FAFFFF
mov dword ptr ss:[ebp-0x55C],eax
8D85 7CFAFFFF
lea eax,dword ptr ss:[ebp-0x584]
8995 A8FAFFFF
mov dword ptr ss:[ebp-0x558],edx
push 0x200
E8 95CE8E00
call &jmp.&libifcoremd.for_concat&
add esp,0x30
8B85 9CF9FFFF
mov eax,dword ptr ss:[ebp-0x664]
C745 E4 0528000&mov dword ptr ss:[ebp-0x1C],0x2805
add eax,0x2C
mov ebx,0x1
mov dword ptr ss:[ebp-0x24],eax
E9 C7010000
jmp napa102.00C4FC70
C785 5CFDFFFF 1&mov dword ptr ss:[ebp-0x2A4],napa102.020F8B10 napa: Formal error in the license file
lea eax,dword ptr ss:[ebp-0x40]
xor esi,esi
89B5 68FDFFFF
mov dword ptr ss:[ebp-0x298],esi
8985 6CFDFFFF
mov dword ptr ss:[ebp-0x294],eax
89B5 78FDFFFF
mov dword ptr ss:[ebp-0x288],esi
C785 64FDFFFF 2&mov dword ptr ss:[ebp-0x29C],0x26
8D8D 5CFDFFFF
lea ecx,dword ptr ss:[ebp-0x2A4]
C645 C0 0A
mov byte ptr ss:[ebp-0x40],0xA
8D95 3CFBFFFF
lea edx,dword ptr ss:[ebp-0x4C4]
push 0x200
C785 74FDFFFF 0&mov dword ptr ss:[ebp-0x28C],0x1
E8 20CE8E00
call &jmp.&libifcoremd.for_concat&
mov edx,dword ptr ss:[ebp-0x14]
89B5 58FAFFFF
mov dword ptr ss:[ebp-0x5A8],esi
89B5 68FAFFFF
mov dword ptr ss:[ebp-0x598],esi
mov ecx,0x27
test edx,edx
mov dword ptr ss:[ebp-0x664],edx
C785 5CFAFFFF 3&mov dword ptr ss:[ebp-0x5A4],napa102.020F8B38 -&
mov dword ptr ss:[ebp-0x24],ecx
mov eax,esi
cmovge eax,edx
8D9D 3CFBFFFF
lea ebx,dword ptr ss:[ebp-0x4C4]
899D 4CFAFFFF
mov dword ptr ss:[ebp-0x5B4],ebx
898D 54FAFFFF
mov dword ptr ss:[ebp-0x5AC],ecx
mov ecx,0x3
898D 64FAFFFF
mov dword ptr ss:[ebp-0x59C],ecx
8D95 60FFFFFF
lea edx,dword ptr ss:[ebp-0xA0]
8995 6CFAFFFF
mov dword ptr ss:[ebp-0x594],edx
8985 74FAFFFF
mov dword ptr ss:[ebp-0x58C],eax
8D85 4CFAFFFF
lea eax,dword ptr ss:[ebp-0x5B4]
8995 78FAFFFF
mov dword ptr ss:[ebp-0x588],edx
push 0x200
E8 A7CD8E00
call &jmp.&libifcoremd.for_concat&
add esp,0x30
8B85 9CF9FFFF
mov eax,dword ptr ss:[ebp-0x664]
C745 E4 0428000&mov dword ptr ss:[ebp-0x1C],0x2804
add eax,0x2A
mov ebx,esi
mov dword ptr ss:[ebp-0x24],eax
E9 DC000000
jmp napa102.00C4FC70
8D95 3CFBFFFF
lea edx,dword ptr ss:[ebp-0x4C4]
mov eax,0x23
mov dword ptr ss:[ebp-0x24],eax
xor esi,esi
68 EC8A0F02
push napa102.020F8AEC
napa: License file ends prematurely
push 0x200
E8 60CD8E00
call &jmp.&libifcoremd.for_cpystr&
add esp,0x1C
C745 E4 0428000&mov dword ptr ss:[ebp-0x1C],0x2804
mov ebx,esi
E9 A7000000
jmp napa102.00C4FC70
8D85 3CFBFFFF
lea eax,dword ptr ss:[ebp-0x4C4]
xor esi,esi
68 C48A0F02
push napa102.020F8AC4
napa: Read error in the license file
push 0x200
E8 32CD8E00
call &jmp.&libifcoremd.for_cpystr&
add esp,0x1C
C745 DC 2300000&mov dword ptr ss:[ebp-0x24],0x23
mov ebx,esi
C745 E4 0928000&mov dword ptr ss:[ebp-0x1C],0x2809
jmp Xnapa102.00C4FC70
8D95 3CFBFFFF
lea edx,dword ptr ss:[ebp-0x4C4]
mov eax,0x27
mov dword ptr ss:[ebp-0x24],eax
xor esi,esi
68 248C0F02
push napa102.020F8C24
napa: Unknown error in the license file
push 0x200
E8 F9CC8E00
call &jmp.&libifcoremd.for_cpystr&
add esp,0x1C
C745 E4 FF27000&mov dword ptr ss:[ebp-0x1C],0x27FF
mov ebx,0x1
jmp Xnapa102.00C4FC70
8D85 3CFBFFFF
lea eax,dword ptr ss:[ebp-0x4C4]
xor esi,esi
68 9C8A0F02
push napa102.020F8A9C
napa: failure to read the license file
push 0x200
E8 CBCC8E00
call &jmp.&libifcoremd.for_cpystr&
push 0x200
8D85 3CFBFFFF
lea eax,dword ptr ss:[ebp-0x4C4]
E8 F0CC8E00
call &jmp.&libifcoremd.for_len_trim&
C745 E4 FE27000&mov dword ptr ss:[ebp-0x1C],0x27FE
mov dword ptr ss:[ebp-0x24],eax
add esp,0x24
mov ebx,0x1
833D 2CA43202 0&cmp dword ptr ds:[0x232A42C],0x3
0F84 C2000000
je napa102.00C4FD3F
833D 54A73202 0&cmp dword ptr ds:[0x232A754],0x0
0F85 B5000000
jnz napa102.00C4FD3F
test ebx,ebx
je napa102.00C4FD25
8D85 3CFBFFFF
lea eax,dword ptr ss:[ebp-0x4C4]
push 0x200
E8 ABCC8E00
call &jmp.&libifcoremd.for_len_trim&
89B5 4CFFFFFF
mov dword ptr ss:[ebp-0xB4],esi
89B5 5CFFFFFF
mov dword ptr ss:[ebp-0xA4],esi
test eax,eax
cmovl eax,esi
8D8D 3CFBFFFF
lea ecx,dword ptr ss:[ebp-0x4C4]
C645 FC 0A
mov byte ptr ss:[ebp-0x4],0xA
898D 30FFFFFF
mov dword ptr ss:[ebp-0xD0],ecx
C785 48FFFFFF 0&mov dword ptr ss:[ebp-0xB8],0x1
8985 38FFFFFF
mov dword ptr ss:[ebp-0xC8],eax
C785 50FFFFFF 5&mov dword ptr ss:[ebp-0xB0],napa102.020F8C50 A license request file will be generated.
8995 3CFFFFFF
mov dword ptr ss:[ebp-0xC4],edx
C785 58FFFFFF 2&mov dword ptr ss:[ebp-0xA8],0x29
lea eax,dword ptr ss:[ebp-0x4]
8985 40FFFFFF
mov dword ptr ss:[ebp-0xC0],eax
8D95 30FFFFFF
lea edx,dword ptr ss:[ebp-0xD0]
push 0x200
E8 10CC8E00
call &jmp.&libifcoremd.for_concat&
push 0x200
8D85 3CFBFFFF
lea eax,dword ptr ss:[ebp-0x4C4]
E8 2FCC8E00
call &jmp.&libifcoremd.for_len_trim&
mov dword ptr ss:[ebp-0x24],eax
add esp,0x28
lea eax,dword ptr ss:[ebp-0x24]
push 0x200
8D95 3CFBFFFF
lea edx,dword ptr ss:[ebp-0x4C4]
E8 A6638200
call napa102.
E9 F1000000
jmp napa102.00C4FE30
通多次反复运行,程序运行路线如下:
程序由系统kernel32读取完license内容(由寄存器中观察到)后跳入00C4ED40& &jle Xnapa102.00C4ED57,由此跳转到00C4ED57 call napa102.019D6200,单步运行至00C4F41D&&jmp napa102.00C4ED42又跳转至00C4ED42&&mov esi,[local.36],然后到00C4ED54&&retn 0x4,再到00C49C46& &call napa102.00C5FA00,然后就到了00C5FA00& &push ebx这个子程序,此子程序在00C5FCF2& &call napa102.00C4F430又转到00C4F430& &push ebp,在到00C4F4D3& &jmp eax处发生跳转到00C4F8CD& &mov dword ptr ss:[ebp-0x264],napa102.020F8B9C; napa: Machine id does not match the license,此位置即为通过字符串搜索到的程序提示位置,再往下会到
00C4FC70&&cmp dword ptr ds:[0x232A42C],0x3,最后再到00C4FD35&&call napa102.就出现提示框:
Machine id does not match the license -& n8ib49ythrs8(注:此为机器码)
A license request file will be generater.
现在我在茫茫的jmp和call中简直是迷失了方向,迫切希望得到高手的指点迷津,指点并分析一下比较机器码的关键call,jmp在什么地方。由于基础差,有高手愿意拉我一把么?
发帖求助前要善用【】功能,那里可能会有你要找的答案;如果你在论坛求助问题,并且已经从坛友或者管理的回复中解决了问题,请把帖子标题加上【已解决】;如何回报帮助你解决问题的坛友,一个好办法就是给对方加【热心】和【CB】,加分不会扣除自己的积分,做一个热心并受欢迎的人!
阅读权限30
扯了一大堆,表示太长了,好像你那段代码一大堆是没用的
发帖求助前要善用【】功能,那里可能会有你要找的答案;如果你在论坛求助问题,并且已经从坛友或者管理的回复中解决了问题,请把帖子标题加上【已解决】;如何回报帮助你解决问题的坛友,一个好办法就是给对方加【热心】和【CB】,加分不会扣除自己的积分,做一个热心并受欢迎的人!
阅读权限30
跳来跳去我眼睛都花了
发帖求助前要善用【】功能,那里可能会有你要找的答案;如果你在论坛求助问题,并且已经从坛友或者管理的回复中解决了问题,请把帖子标题加上【已解决】;如何回报帮助你解决问题的坛友,一个好办法就是给对方加【热心】和【CB】,加分不会扣除自己的积分,做一个热心并受欢迎的人!
阅读权限10
看不懂& &支持一下
发帖求助前要善用【】功能,那里可能会有你要找的答案;如果你在论坛求助问题,并且已经从坛友或者管理的回复中解决了问题,请把帖子标题加上【已解决】;如何回报帮助你解决问题的坛友,一个好办法就是给对方加【热心】和【CB】,加分不会扣除自己的积分,做一个热心并受欢迎的人!
阅读权限25
看不懂 表示顶楼主一个
发帖求助前要善用【】功能,那里可能会有你要找的答案;如果你在论坛求助问题,并且已经从坛友或者管理的回复中解决了问题,请把帖子标题加上【已解决】;如何回报帮助你解决问题的坛友,一个好办法就是给对方加【热心】和【CB】,加分不会扣除自己的积分,做一个热心并受欢迎的人!
免责声明:吾爱破解所发布的一切破解补丁、注册机和注册信息及软件的解密分析文章仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。本站信息来自网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除上述内容。如果您喜欢该程序,请支持正版软件,购买注册,得到更好的正版服务。
( 京ICP备号 | 京公网安备 87号 )
Powered by Discuz!
Comsenz Inc.
