加密狗软件破解复制T-GOU工作室
RSS

国外工程软件阿拉丁狗破解过程

来源:未知 作者:admin 时间:2010-12-26 22:10 浏览:

这是一个国外的工程类软件,用的是阿拉丁的加密狗,软件是几年之前破解的,正好留下了文档,今天就贴上来。

 

0063659E 68FE3F0000              push 00003FFE  //这就是阿拉丁狗读加密狗时要用到的密码! (1)

006365A3 687B1D0000              push 00001D7B  //阿拉丁狗的密码!  (2)

006365A8 6800000000              push 00000000

006365AD 6800000000              push 00000000

006365B2 6801000000              push 00000001

006365B7 E8A7FBFFFF              call 00426163  //读加密狗  (1)

006365BC 83C424                  add esp, 00000024

006365BF 8B45FC                  mov eax, dword ptr [ebp-04]> //读加密狗后返回值1就是有狗!

006365C2 B901000000              mov ecx, 00000001

006365C7 39C8                    cmp eax, ecx

006365C9 0F85EF020000            jne 004268BE    // 跳就完蛋

006365CF 8D45F0                  lea eax, dword ptr [ebp-10]

006365D2 8D4DF4                  lea ecx, dword ptr [ebp-0C]

006365D5 8D55F8                  lea edx, dword ptr [ebp-08]

006365D8 8D5DFC                  lea ebx, dword ptr [ebp-04]

006365DB 50                      push eax

006365DC 51                      push ecx

006365DD 52                      push edx

006365DE 53                      push ebx

006365DF 68FE3F0000              push 00003FFE

006365E4 687B1D0000              push 00001D7B

006365E9 6800000000              push 00000000

006365EE 6800000000              push 00000000

006365F3 6805000000              push 00000005

006365F8 E866FBFFFF              call 00426163  //读加密狗(2)

006365FD 83C424                  add esp, 00000024

00636600 8B45FC                  mov eax, dword ptr [ebp-04] // 读加密狗后返回值1就是有狗!

00636603 B901000000              mov ecx, 00000001

00636608 39C8                    cmp eax, ecx

0063660A 0F85C2010000            jne 004267D2      // 跳就完蛋

00636610 8B45F8                  mov eax, dword ptr [ebp-08]  //另外一个返回值

00636613 39C8                    cmp eax, ecx

00636615 0F85B7010000            jne 004267D2  //跳就完蛋!

0063661B 8D0518E74500            lea eax, dword ptr [0045E718]

00636621 8B4DF4                  mov ecx, dword ptr [ebp-0C]

00636624 668908                  mov word ptr [eax], cx

00636627 6885510000              push 00005185

0063662C 8D05BC614200            lea eax, dword ptr [004261BC]

00636632 8D4DE0                  lea ecx, dword ptr [ebp-20]

00636635 51                      push ecx

00636636 FFD0                    call eax    //计算返回的数据

00636638 83C408                  add esp, 00000008

0063663B 8B45E0                  mov eax, dword ptr [ebp-20]//返回数据(1) 正确值是bb2

0063663E B9B20B0000              mov ecx, 00000BB2  //这里是要比较的值!

00636643 39C8                    cmp eax, ecx //比较

00636645 0F8530000000            jne 0042667B //跳到报错

0063664B 8B45E4                  mov eax, dword ptr [ebp-1C] //返回数据(2) 正确值是A6FE

0063664E B9FEA60000              mov ecx, 0000A6FE

00636653 39C8                    cmp eax, ecx //比较

00636655 0F8520000000            jne 0042667B //跳到报错

0063665B 8B45E8                  mov eax, dword ptr [ebp-18] //返回数据(3) 正确值是6A14

0063665E B9146A0000              mov ecx, 00006A14

00636663 39C8                    cmp eax, ecx 

:0426665 0F8510000000            jne 0042667B //跳到报错 !

0063666B 8B45EC                  mov eax, dword ptr [ebp-14]//返回数据(4) 正确值是714D

0063666E B94D710000              mov ecx, 0000714D

00636673 39C8                    cmp eax, ecx //比较 相等的话跳到正确处理流程

00636675 0F84FC000000            je 00426777   //跳到正确处理流程  关键(1)

 

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:

|00636645(C), 00636655(C), 00636665(C)

|

0063667B 8D0552924700            lea eax, dword ptr [00479252]

00636681 6801000000              push 00000001

00636686 50                      push eax

00636687 6800000000              push 00000000

00636687 6800000000              push 00000000

 

* Reference To: cvirt.LoadPanel, Ord:0133h

                                |

0063668C E891B3FDFF              Call 00401A22

00636691 8D4DDC                  lea ecx, dword ptr [ebp-24]

00636694 8901                    mov dword ptr [ecx], eax

00636696 8B45DC                  mov eax, dword ptr [ebp-24]

00636699 B900000000              mov ecx, 00000000

0063669E 39C8                    cmp eax, ecx

006366A0 0F8D20000000            jnl 004266C6

 

* Reference To: cvirt.CVI_Beep, Ord:0259h

                                |

006366A6 E845B8FDFF              Call 00401EF0

006366AB 8D05EA924700            lea eax, dword ptr [004792EA]

006366B1 8D0DAA924700            lea ecx, dword ptr [004792AA]

006366B7 50                      push eax

006366B8 51                      push ecx

 

* Reference To: cvirt.MessagePopup, Ord:014Dh  >报错信息!

                                |

006366B9 E8CCB7FDFF              Call 00401E8A

006366BE 8D056A674200            lea eax, dword ptr [0042676A]

006366C4 FFE0                    jmp eax

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|006366A0(C)

|

006366C6 6800000000              push 00000000

006366CB 6812020000              push 00000212

006366D0 6803000000              push 00000003

////////////////////////////////////////////////

你这样处理后运行程序还会有问题的!看样子是没有解决完!咱们在来看看!

第二部分 

第一部分的程序(关键(1)//)跳转后就到了这里le's go

* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|00636675(C)

|

00636777 E8CBFBFFFF              call 00426347

0063677C 8D45FC                  lea eax, dword ptr [ebp-04]

0063677F B903000000              mov ecx, 00000003

00636784 8908                    mov dword ptr [eax], ecx

00636786 8D4DF0                  lea ecx, dword ptr [ebp-10]

00636789 8D55F4                  lea edx, dword ptr [ebp-0C]

0063678C 8D5DF8                  <, FONT size=3>lea ebx, dword ptr [ebp-08]

0063678F 51                      push ecx

00636790 52                      push edx

00636791 53                      push ebx

00636792 50                      push eax

00636793 68FE3F0000              push 00003FFE

00636798 687B1D0000              push 00001D7B

0063679D 6800000000              push 00000000

006367A2 6800000000              push 00000000

006367A7 6803000000              push 00000003

006367AC E8B2F9FFFF              call 00426163 //这里又有一处读加密狗!

006367B1 83C424                  add esp, 00000024

006367B4 8B45F4                  mov eax, dword ptr [ebp-0C] //>返回值(1)应该是0

006367B7 B900000000              mov ecx, 00000000

006367BC 39C8                    cmp eax, ecx >比较

006367BE 0F85DE010000            jne 004269A2  不跳

006367C4 8B45F8                  mov eax, dword ptr [ebp-08]

006367C7 0FB7C0                  movzx eax, ax

006367CA 8D0DA7694200            lea ecx, dword ptr [004269A7] 注意这里ecx的值是从这里的地址里来的

006367D0 FFE1                    jmp ecx  //跳到下一个部分!go  //关键2

 

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:

|0063660A(C), 00636615(C)

|

006367D2 8D0545924700            lea eax, dword ptr [00479245]

006367D8 6801000000              push 00000001

006367DD 50                      push eax

006367DE 6800000000              push 00000000

 

* Reference To: cvirt.LoadPanel, Ord:0133h

                                |

006367E3 E83AB2FDFF              Call 00401A22

006367E8 8D4DDC                  lea ecx, dword ptr [ebp-24]

006367EB 8901                    mov dword ptr [ecx], eax

006367ED 8B45DC                  mov eax, dword ptr [ebp-24]

006367F0 B900000000              mov ecx, 00000000

006367F5 39C8                    cmp eax, ecx

006367F7 0F8D20000000            jnl 0042681D

 

* Reference To: cvirt.CVI_Beep, Ord:0259h

                                |

006367FD E8EEB6FDFF              Call 00401EF0

00636802 8D05BE924700            lea eax, dword ptr [004792BE]

00636808 8D0D96924700            lea ecx, dword ptr [00479296]

0063680E 50                      push eax

0063680F 51                      push ecx

 

* Reference To: cvirt.MessagePopup, Ord:014Dh //>出错信息!

                                |

00636810 E875B6FDFF              Call 00401E8A

00636815 8D05A9684200            lea eax, dword ptr [004268A9]

0063681B FFE0                    jmp eax

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|006367F7(C)

|

0063681D 6800000000              push 00000000

00636822 6812020000              push 00000212

00636827 6803000000              push 00000003

0063682C 8B45DC                  mov eax, dword ptr [ebp-24]

0063682F 50                      push eax

 

* Reference To: cvirt.SetCtrlAttribute, Ord:00AEh

                                |

00636830 E8BFACFDFF              Call 004014F4

00636835 83C410                  add esp, 00000010

00636838 6800000000              push 00000000

0063683D 6812020000              push 00000212

00636842 6804000000              push 00000004

//////////////////////////////////////////////////

经过上部分!咱们看看下面部分如何! 经过对//关键2的跟踪发现!到了下面的程序!

 

0063AFCE 8908                    mov dword ptr [eax], ecx

0063AFD0 E8B1B5FFFF              call 00426586 

0063AFD5 8D8DE8FEFFFF            lea ecx, dword ptr [ebp+FFFFFEE8]

0063AFDB 668901                  mov word ptr [ecx], ax

0063AFDE 668B85E8FEFFFF          mov ax, word ptr [ebp+FFFFFEE8]

0063AFE5 0FB7C0                  movzx eax, ax

0063AFE8 B901000000              mov ecx, 00000001

0063AFED 39C8                    cmp eax, ecx //注意这个比较

0063AFEF 0F8432000000            je 0042B027  //不跳就over

 

* Possible Reference to String Resource ID65535: "Das32"

                                |

0063AFF5 B9FFFF0000              mov ecx, 0000FFFF

0063AFFA 39C8                    cmp eax, ecx

0063AFFC 0F8425000000            je 0042B027

 

* Reference To: cvirt.CVI_Beep, Ord:0259h

                                |

0063B002 E8E96EFDFF              Call 00401EF0

0063B007 8D0504B04700            lea eax, dword ptr [0047B004]

0063B00D 8D0DAFB34700            lea ecx, dword ptr [0047B3AF]

0063B013 50                      push eax

0063B014 51                      push ecx

 

* Reference To: cvirt.MessagePopup, Ord:014Dh //出错信息!

                                |

0063B015 E8706EFDFF              Call 00401E8A

0063B01A 6800000000              push 00000000

0063B01F E82F75FDFF              call 00402553

0063B024 83C404                  add esp, 00000004

 

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:

|0063AFEF(C), 0063AFFC(C)

|

0063B027 8D45FC                  lea eax, dword ptr [ebp-04] //正确的流程!

0063B02A 50                      push eax

0063B02B 6801000000              push 00000001

 

总结:

到此,这个软件的加密狗破解就成功了,当然了,破解这种软件并不止一种方法。

接下来就是试用软件了,经过测试,软件功能一切正常,没有任何BUG!
 


Tags:
上一篇:宏狗和微狗的主要区别
下一篇:没有了
最新评论共有 位网友发表了评论
发表评论
评论内容:不能超过250字,需审核,请自觉遵守互联网相关政策法规。
用户名: 密码:
匿名评论
立即注册账号