📄 chap6-1-11.htm.primary

📁 加密与解密,软件加密保护技术与解决方案,看雪文档!
💻 PRIMARY
📖 第 1 页 / 共 5 页
字号:
          ;; 如大于或等于则"Correct" <br>
          你也可进入 :00427B99 的CALL，来到： <br>
          &nbsp; &nbsp; :00427AF6 8B45F4&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; mov eax, dword ptr [ebp-0C]&nbsp; ;; 正确 serial 
          <br>
          &nbsp; &nbsp; :00427AF9 8B55F8&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; mov edx, dword ptr [ebp-08]&nbsp; ;; 输入 serial 
          <br>
          &nbsp; &nbsp; :00427AFC E8BFBDFDFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; call 004038C0&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; ;; 比较它们 
  </table>
</div>
<div id="KB10Parent" class="parent"> <a href="#" onClick="expandIt('KB10'); return false"> 
  <span class="p9">6、习题六 答案</span></a> </div>
<div id="KB10Child" class="child"> <span class="p9">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  </span> 
  <table width="100%" align="center" cellspacing="-">
    <tr bgcolor="#EFEFEF"> 
      <td height="28"> 
        <p class="p9">用W32Dasm打开程序，利用串式参考（String Data References）分析，看到"Well done"，双击来到： 
          <br>
          <br>
          * Possible StringData Ref from Code Obj ->"Delphi" &lt;---这可能是第一个序列号 
          <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br>
          :00421DC1 BA201F4200&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          mov edx, 00421F20 <br>
          :00421DC6 E8A916FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00403474&lt;---比较我们第一个序列号，就是"Delphi" <br>
          :00421DCB 0F8522010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jne 
          00421EF3&lt;---不相等跳走 <br>
          :00421DD1 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421DD4 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421DDA E879FAFEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421DDF 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421DE2 E84117FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00403528 <br>
          :00421DE7 E89437FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00405580 <br>
          :00421DEC 83F809&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; cmp eax, 00000009&lt;---比较第个序列号是否是9位数？ <br>
          :00421DEF 0F85FE000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jne 
          00421EF3&lt;---不相等则跳走 <br>
          :00421DF5 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421DF8 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421DFE E855FAFEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E03 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E06 803848&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; cmp byte ptr [eax], 48&lt;---比较第一字符是否是048h <br>
          :00421E09 0F85E4000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jne 
          00421EF3 <br>
          :00421E0F 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421E12 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421E18 E83BFAFEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E1D 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E20 80780165&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+01], 65&lt;---比较第二字符是否是 065h <br>
          :00421E24 0F85C9000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jne 
          00421EF3 <br>
          :00421E2A 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421E2D 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421E33 E820FAFEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E38 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E3B 8078026C&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+02], 6C&lt;---比较第三字符是否是 06Ch <br>
          :00421E3F 0F85AE000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jne 
          00421EF3 <br>
          :00421E45 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421E48 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421E4E E805FAFEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E53 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E56 8078036C&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+03], 6C&lt;---比较第四字符是否是 06Ch <br>
          :00421E5A 0F8593000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jne 
          00421EF3 <br>
          :00421E60 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421E63 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421E69 E8EAF9FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E6E 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E71 80780466&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+04], 66&lt;---比较第五字符是否是066h <br>
          :00421E75 757C&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 00421EF3 <br>
          :00421E77 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421E7A 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421E80 E8D3F9FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E85 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E88 8078056F&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+05], 6F&lt;---比较第六字符是否是06Fh <br>
          :00421E8C 7565&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 00421EF3 <br>
          :00421E8E 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421E91 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421E97 E8BCF9FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421E9C 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421E9F 80780672&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+06], 72&lt;---比较第七字符是否是 072h <br>
          :00421EA3 754E&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 00421EF3 <br>
          :00421EA5 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421EA8 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421EAE E8A5F9FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421EB3 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421EB6 80780767&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+07], 67&lt;---比较第八字符是否是 067h <br>
          :00421EBA 7537&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 00421EF3 <br>
          :00421EBC 8D55FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; lea edx, dword ptr [ebp-04] <br>
          :00421EBF 8B83B4010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          eax, dword ptr [ebx+000001B4] <br>
          :00421EC5 E88EF9FEFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          call 00411858 <br>
          :00421ECA 8B45FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; mov eax, dword ptr [ebp-04] <br>
          :00421ECD 80780865&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          cmp byte ptr [eax+08], 65&lt;---比较第九字符是否是065h <br>
          :00421ED1 7520&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 00421EF3 <br>
          将这些ASCII转换成为： <br>
          Hellforge <br>
          小结：第一序列号是Delphi <br>
          &nbsp; &nbsp; &nbsp; 第一序列号是Hellforge 
  </table>
</div>
<div id="KB11Parent" class="parent"> <a href="#" onClick="expandIt('KB11'); return false" class="p9"> 
  7、习题七 答案</a> </div>
<div id="KB11Child" class="child"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  <table width="100%" align="center" cellspacing="0">
    <tr bgcolor="#EFEFEF"> 
      <td height="28"> 
        <p class="p9">用W32Dasm打开程序，利用串式参考（String Data References）分析，看到"REGISTERED!"，双击来到： 
          <br>
          * Referenced by a CALL at Address: <br>
          |:004012BA&nbsp; &nbsp; <br>
          | <br>
          :00401520 83EC10&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; sub esp, 00000010 <br>
          :00401523 8B0D70974000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          ecx, dword ptr [00409770] <br>
          :00401529 030DAC974000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; add 
          ecx, dword ptr [004097AC] <br>
          :0040152F 53&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; push ebx <br>
          :00401530 56&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; push esi <br>
          :00401531 81F9FFFFFF7F&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; cmp 
          ecx, 7FFFFFFF <br>
          :00401537 57&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; push edi <br>
          :00401538 7606&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jbe 00401540 <br>
          :0040153A 81E9FFFFFF7F&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; sub 
          ecx, 7FFFFFFF <br>
          <br>
          * Referenced by a (U)nconditional or (C)onditional Jump at Address: 
          <br>
          |:00401538(C) <br>
          | <br>
          :00401540 890D70974000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov 
          dword ptr [00409770], ecx <br>
          :00401546 390D88974000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; cmp 
          dword ptr [00409788], ecx&nbsp; ;注意这里 <br>
          :0040154C 7563&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; jne 004015B1 <br>
          :0040154E 8D44240C&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          lea eax, dword ptr [esp+0C] <br>
          <br>
          * Possible StringData Ref from Data Obj ->"REGISTERED!" <br>
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br>
          :00401552 686C844000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          push 0040846C <br>
          :00401557 50&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
          &nbsp; &nbsp; &nbsp; push eax <br>
          <br>
          通过用W32DASM分析后，我们用SOFTICE来调试，输入： <br>
          姓名：toye 公司：toye 序列号：12345678 <br>
          bpx hmemcpy <br>
          来到：:00401546 下命令：？ ECX 看到：:00401546 <br>
          这就是序列号。 
  </table>
</div>
<div id="KB12Parent" class="parent"> <a href="#" onClick="expandIt('KB12'); return false" class="p9"> 
  8、习题八 答案</a></div>
<div id="KB12Child" class="child"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  <table width="100%" align="center" cellspacing="0">
    <tr bgcolor="#EFEFEF">
💿 文件大小 4408 K
👤 上传用户 ilovexzhu
📂 所属分类其他
🏷️ 相关标签

#加密 #保护技术 #解密 #方案
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -