lesson1512.htm

为所有对破解感兴趣的朋友准备的礼物。希望大家能够喜欢。

  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">&nbsp;&nbsp;We&nbsp;used&nbsp;the&nbsp;space&nbsp;of&nbsp;two&nbsp;routines,&nbsp;so&nbsp;to&nbsp;prevent&nbsp;a&nbsp;crash&nbsp;we&nbsp;have&nbsp;toput&nbsp;a&nbsp;RET&nbsp;function&nbsp;at&nbsp;</font> 
  </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">the&nbsp;beginning&nbsp;of&nbsp;the&nbsp;(original)&nbsp;second&nbsp;function</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">(see&nbsp;line&nbsp;0F79B367).</font> 
  </span></p>
<table width="100%" border="0" cellspacing="0">
  <tr>
    <td><span class="p9"> This part of the VB4 dll code is not only used to check 
      the passwords.It is used by other parts of the program as well.<br>
      Therefor we need todo something so that only something will be shown when 
      we are dealingwith a password comparison.<br>
      That is what the code at line 0F79B352 is about. It checks to see if EDI 
      points to the text &quot;PC&quot;. So we canuse that to trigger the crack. 
      To trigger the crack, &quot;PC&quot; has to be entered for pa<span class="p9">ssword 
      when registering. </span></span> 
      <p><span class="p9"> The lines marked with | are there to put spaces between 
        chars of the string. Originally there would be a string of WideChar format. 
        That means that in memory there will be zero's between the chars. And 
        the function we will use <br>
        to show the text (MessageBoxA) translates a 0 to end of string. So only 
        1 letter would be shown if we dont replace the zeros with spaces. <br>
        The lines marked with * are there to call the function MessageBoxAto show 
        the correct password. I ripped those commands from the VB4 dll. Placed 
        a breakpoint on MessageBoxA to see how VB4 called it. <br>
        Well thats it for Minimize Magic. To make a general crack, a patch could 
        be written that patches the VB4 dll at offset 7a748 with the above code. 
        To use such a crack minimagic.exe and the vb40032.dll should be placed 
        in a temp dir and the patch run there. Then start minimize.exe from that 
        temp dir, and use 'PC' for password. And voila,a window will pop up with 
        the correct password. Once the correct pw is known, the temp files should 
        be deleted and the password can be used in the original Minimize Magic. 
        </span></p>
      </td>
  </tr>
</table>
<p><span class="p9"><font face="Times New Roman" color="#000000">&nbsp;&nbsp;</font></span><span class="p9"> 
  </span></p>
<p> </p>
<p> </p>
<p> </p>
<p> <b><font color="#FF0066"><span class="p9"><font face="宋体"><a name="6"></a>例三</font> 
  <font face="Times New Roman">:&nbsp;Sub&nbsp;Station&nbsp;Alpha&nbsp;2.02</font> 
  </span></font></b><font color="#FF0066"><span class="p9"> </span></font></p>
<p> </p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">大多数</font> <font face="Times New Roman" color="#000000">VB4</font> 
  <font face="宋体" color="#000000">程序能用例二方法</font> <font face="Times New Roman" color="#000000">crack</font> 
  <font face="宋体" color="#000000">，但我碰到</font> <font face="Times New Roman" color="#000000">2</font> 
  <font face="宋体" color="#000000">个程序用不同方法比较，其中一个是</font> <font face="Times New Roman" color="#000000">Sub&nbsp;Station&nbsp;Alpha&nbsp;2.02.</font> 
  <font face="宋体" color="#000000">它首先把字符串转换成十六进制，然后现比较。让我们开始</font> <font face="Times New Roman" color="#000000">CRACK&nbsp;</font> 
  <font face="宋体" color="#000000">它吧。</font> </span><span class="p9"> </span> 
</p>
<p> <span class="p9"><font face="宋体" color="#000000">此程序一些信息：</font> </span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">名称</font> <font face="Times New Roman" color="#000000">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;Sub&nbsp;Station&nbsp;Alpha&nbsp;2.02</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">下载</font> <font face="Times New Roman" color="#000000">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;http://www.eswat.demon.co.uk/index.html</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">尺寸</font> <font face="Times New Roman" color="#000000">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;SUBSTN32.EXE&nbsp;=&nbsp;629.248&nbsp;bytes</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">保护</font> <font face="Times New Roman" color="#000000">&nbsp;:&nbsp;</font> 
  <font face="宋体" color="#000000">基于用户名的密码</font> </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">DLL&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;uses&nbsp;VB4&nbsp;dll</font> 
  </span></p>
<p> </p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">以前我说过</font> <font face="Times New Roman" color="#000000">VB4</font> 
  <font face="宋体" color="#000000">在做任何事之前，把字符串转换成</font> <font face="Times New Roman" color="#000000">widechar</font> 
  <font face="宋体" color="#000000">格式。因此我们用此函数设断作为切入点，然后再一步一步向前</font> <font face="Times New Roman" color="#000000">;--)</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">第一步：开始运行</font> <font face="Times New Roman" color="#000000">&nbsp;Sub&nbsp;Station&nbsp;Alpha&nbsp;</font> 
  <font face="宋体" color="#000000">，选择</font> <font face="Times New Roman" color="#000000">register</font> 
  <font face="宋体" color="#000000">，输入</font> <font face="Times New Roman" color="#000000">NAME</font> 
  <font face="宋体" color="#000000">和假的序列号。</font> </span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">第二步：切换到</font> <font face="Times New Roman" color="#000000">SOFTICE</font> 
  <font face="宋体" color="#000000">，在函数</font> <font face="Times New Roman" color="#000000">MultiByteToWideChar</font> 
  <font face="宋体" color="#000000">设断</font> <font face="Times New Roman" color="#000000">(bpx&nbsp;multibytetowidechar)</font> 
  <font face="宋体" color="#000000">。</font> </span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">第三步：现在离开</font> <font face="Times New Roman" color="#000000">SOFTICE</font> 
  <font face="宋体" color="#000000">，按“</font> <font face="Times New Roman" color="#000000">register&quot;</font> 
  <font face="宋体" color="#000000">。</font> </span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">第四步：</font> <font face="Times New Roman" color="#000000">SOFTICE</font> 
  <font face="宋体" color="#000000">将中断在</font> <font face="Times New Roman" color="#000000">MultiByteToWideChar</font> 
  <font face="宋体" color="#000000">开始处，按</font> <font face="Times New Roman" color="#000000">F11</font> 
  <font face="宋体" color="#000000">走出它，你将看到：</font> </span></p>
<p> </p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:FF1500C27B0F&nbsp;call&nbsp;[KERNEL32!MultiByteToWideChar]</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:8BD8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;mov&nbsp;ebx,&nbsp;eax</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:83FEFF&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cmp&nbsp;esi,&nbsp;FFFFFFFF</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:7501&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;jne&nbsp;0F738BCF</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:4B&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;dec&nbsp;ebx</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:53&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;push&nbsp;ebx</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:6A00&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;push&nbsp;00</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:FF1518C97B0F&nbsp;call&nbsp;dword&nbsp;ptr&nbsp;[0F7BC918]</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:8BE8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;mov&nbsp;ebp,&nbsp;eax</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:85ED&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;test&nbsp;ebp,&nbsp;ebp</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:0F845B260100&nbsp;jz&nbsp;0F74B23D</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:43&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;inc&nbsp;ebx</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:53&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;push&nbsp;ebx</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:55&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;push&nbsp;ebp</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:56&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;push&nbsp;esi</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:57&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;push&nbsp;edi</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:6A00&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;push&nbsp;00</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:6A00&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;push&nbsp;00</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:FF1500C27B0F&nbsp;call&nbsp;[KERNEL32!MultiByteToWideChar]</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:8BC5&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;mov&nbsp;eax,&nbsp;ebp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;;&lt;--</font> 
  <font face="宋体" color="#000000">在这里下命令</font> <font face="Times New Roman" color="#000000">&nbsp;'ed&nbsp;ebp'&nbsp;</font> 
  </span></p>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">:5D&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;pop&nbsp;ebp</font>