📄 chap6-1-11.htm.primary

📁 加密与解密,软件加密保护技术与解决方案,看雪文档!
💻 PRIMARY
📖 第 1 页 / 共 5 页
字号:
          &nbsp; mov bl, byte ptr [esi+02] <br>
          :0040110C 8A4E03&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov cl, byte ptr [esi+03] <br>
          :0040110F 32D9&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; xor bl, cl <br>
          :00401111 32C3&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; xor al, bl&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; ---再由2个变1个放入AL <br>
          :00401113 B908000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          mov ecx, 00000008 <br>
          :00401118 BE44304000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          mov esi, 00403044 <br>
          :0040111D 3006&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; xor byte ptr [esi], al&nbsp; ---将生成的1个与原来的取异或 <br>
          :0040111F 46&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; inc esi <br>
          :00401120 E2FB&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; loop 0040111D <br>
          :00401122 B908000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          mov ecx, 00000008&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ---从这往下开始比较 <br>
          :00401127 BE44304000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          mov esi, 00403044&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ---放入算出的结果 <br>
          <br>
          * Possible StringData Ref from Data Obj ->"q" <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br>
          :0040112C BF08304000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          mov edi, 00403008&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ---放入正确的结果 <br>
          :00401131 8A06&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; mov al, byte ptr [esi] <br>
          :00401133 3A07&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; cmp al, byte ptr [edi] <br>
          :00401135 751D&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 00401154&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; ---跳向出错 <br>
          :00401137 46&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; inc esi <br>
          :00401138 47&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; inc edi <br>
          :00401139 E2F6&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; loop 00401131&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; ---向上循环 <br>
          :0040113B 6A40&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; push 00000040 <br>
          <br>
          模拟运算: <br>
          如果输入12345678 <br>
          机器码&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 31&nbsp; 
          32&nbsp; 33&nbsp; 34&nbsp; 35&nbsp; 36&nbsp; 37&nbsp; 38&nbsp; <br>
          与32异或&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 03&nbsp; 00&nbsp; 
          01&nbsp; 06&nbsp; 07&nbsp; 04&nbsp; 05&nbsp; 0A&nbsp; ----(1) <br>
          8变4为&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 03&nbsp; 
          &nbsp; &nbsp; 07&nbsp; &nbsp; &nbsp; 03&nbsp; &nbsp; &nbsp; 0F <br>
          4变2为&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; 04&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0C <br>
          2变1为&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 08&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; ----(2) <br>
          (1)与08取异或&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0B&nbsp; 08&nbsp; 09&nbsp; 
          0E&nbsp; 0F&nbsp; 0C&nbsp; 0D&nbsp; 02 <br>
          <br>
          00403008 内正确的为&nbsp; &nbsp; 71&nbsp; 18&nbsp; 59&nbsp; 1B&nbsp; 79&nbsp; 
          42&nbsp; 45&nbsp; 4C <br>
          <br>
          根据正确反推注册码:&nbsp; (关键是如何计算(2)) <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          由算法可知(2)是由机器码反复取异或得到，其实由它的正确的密码重复这&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 一算法也可求的(2),实验得出。缺少证明。 <br>
          <br>
          机器码&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 71&nbsp; 
          18&nbsp; 59&nbsp; 1B&nbsp; 79&nbsp; 42&nbsp; 45&nbsp; 4C <br>
          8变4为&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 69&nbsp; 
          &nbsp; &nbsp; 42&nbsp; &nbsp; &nbsp; 3B&nbsp; &nbsp; &nbsp; 09 <br>
          4变2为&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; 2B&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 32 <br>
          2变1为&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 19&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; ----正确的密码的(2)值应为19 <br>
          <br>
          接着反推正确的注册码: <br>
          机器码&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 71&nbsp; 
          18&nbsp; 59&nbsp; 1B&nbsp; 79&nbsp; 42&nbsp; 45&nbsp; 4C <br>
          与19取异或&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 68&nbsp; 01&nbsp; 
          40&nbsp; 02&nbsp; 60&nbsp; 5B&nbsp; 5C&nbsp; 55 <br>
          与32取异或&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 5A&nbsp; 33&nbsp; 
          72&nbsp; 30&nbsp; 52&nbsp; 69&nbsp; 6E&nbsp; 67 <br>
          查表得正确的注册码为:&nbsp; &nbsp; Z&nbsp; 3&nbsp; r&nbsp; 0&nbsp; R&nbsp; i&nbsp; 
          n&nbsp; g&nbsp; (Z3r0Ring) <br>
          ZXEM 2000.3.20 
      </table>
</div>
<div id="KB6Parent" class="parent"> <a href="#" onClick="expandIt('KB6'); return false" class="p9"> 
  2、习题二 答案</a></div>
<div id="KB6Child" class="child"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  <table width="100%" align="center" cellspacing="0">
    <tr bgcolor="#EFEFEF"> 
      <td height="28"> 
        <p class="p9">破解chap6-1-1-02<br>
          <br>
          * Referenced by a CALL at Address: <br>
          |:004011A9&nbsp; <br>
          | <br>
          :0040120B C8000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          enter 0000, 00 <br>
          :0040120F 53&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; push ebx <br>
          :00401210 52&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; push edx <br>
          :00401211 33C0&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; xor eax, eax <br>
          :00401213 B8A6204000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          mov eax, 004020A6&nbsp; &nbsp; &nbsp; &nbsp; ----把输入的密码放入EAX <br>
          :00401218 803800&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; cmp byte ptr [eax], 00 <br>
          :0040121B 7460&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; je 0040127D <br>
          :0040121D 33DB&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; xor ebx, ebx <br>
          :0040121F 33D2&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; xor edx, edx <br>
          :00401221 8A18&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; mov bl, byte ptr [eax]&nbsp; &nbsp; ----开始处理密码 过程见下（1） 
          <br>
          :00401223 C1C308&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; rol ebx, 08 <br>
          :00401226 03D3&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; add edx, ebx&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; ----处理后的都放入EDX <br>
          :00401228 40&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; inc eax <br>
          :00401229 803800&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; cmp byte ptr [eax], 00 <br>
          :0040122C 75F3&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 00401221 <br>
          :0040122E 52&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; push edx <br>
          :0040122F 6854204000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          push 00402054 <br>
          :00401234 68BF204000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          push 004020BF <br>
          :00401239 E88F000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          Call 004012CD <br>
          :0040123E BBBF204000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          mov ebx, 004020BF&nbsp; &nbsp; &nbsp; &nbsp; ----与正确的开始比较 <br>
          :00401243 803B38&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; cmp byte ptr [ebx], 38 <br>
          :00401246 7535&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 0040127D <br>
          :00401248 807B0144&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [ebx+01], 44 <br>
          :0040124C 752F&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 0040127D <br>
          :0040124E 807B0243&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [ebx+02], 43 <br>
          :00401252 7529&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 0040127D <br>
          :00401254 807B0341&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [ebx+03], 41 <br>
          :00401258 7523&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 0040127D <br>
          :0040125A 807B0446&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [ebx+04], 46 <br>
          :0040125E 751D&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 0040127D <br>
          :00401260 807B0533&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [ebx+05], 33 <br>
          :00401264 7517&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 0040127D <br>
          :00401266 807B0636&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [ebx+06], 36 <br>
          :0040126A 7511&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 0040127D <br>
          :0040126C 807B0738&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [ebx+07], 38 <br>
          :00401270 750B&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 0040127D <br>
          :00401272 B801000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          mov eax, 00000001 <br>
          :00401277 5A&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; pop edx <br>
          :00401278 5B&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; pop ebx <br>
          :00401279 C9&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; leave <br>
          :0040127A C20400&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; ret 0004 <br>
          <br>
          （1）过程分析： <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 如果输入123456 <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 过程：&nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; 00 00 31 00 <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 00 31 32 00 <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 31 32 33 00 <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 32 33 34 31 <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 33 34 35 32&nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; +）&nbsp; 34 35 36 33 <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; 结果：&nbsp; CB 00 35 96 <br>
          <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 而正确的应为：8D CA F3 68 <br>
          &nbsp; 我们通过上面的模拟分析可以大致的了解运算过程，由于相加结果是如上的有很多，我们就可以大胆的假设，来推出一组数。 <br>
          &nbsp; 我就推出一组6位的：""$%=) <br>
          ZXEM 2000.3.23 
      </table>
</div>
<div id="KB7Parent" class="parent"> <span class="p9"><a href="#" onClick="expandIt('KB7'); return false"> 
  3、习题三 答案</a> </span></div>
<div id="KB7Child" class="child"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  <table width="100%" align="center" cellspacing="0">
    <tr bgcolor="#EFEFEF"> 
      <td height="28"> 
        <p class="p9">这题我们用函数getdlgitemtexta设断，它作用是得指定输入框输入字符串。也是一个常用的函数。 <br>
          在注册框中输入：12345678 <br>
          然后设断：bpx getdlgitemtexta <br>
          点击OK,你将中断在SOFTICE，具体如下： <br>
          * Reference To: USER32.GetDlgItemTextA, Ord:0000h <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br>
          :0040115D E8E4030000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          Call 00401546 <br>
💿 文件大小 4408 K
👤 上传用户 ilovexzhu
📂 所属分类其他
🏷️ 相关标签

#加密 #保护技术 #解密 #方案
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -