📄 lesson503.htm

📁 为所有对破解感兴趣的朋友准备的礼物。希望大家能够喜欢。
💻 HTM
📖 第 1 页 / 共 2 页
字号:
12 下一页
<html>
<head>
<title>看雪学苑</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css">
<!--
.p8 {  font-size: 8pt}
.p9 {  font-size: 9pt}
a:hover {  color: #00FF00}
a {  text-decoration: none}
.p12 {  font-size: 12pt; font-weight: bold; color: #FF3333}
-->
</style>
</head>

<body bgcolor="#FFFFFF" vlink="#000000">
<table width="80%" border="1" cellspacing="0" cellpadding="0" align="center" bgcolor="#99CCFF" bordercolorlight="#99CCFF" bordercolordark="#99CCFF">
  <tr> 
    <td width="72%" class="p9"><a href="javascript:if(confirm('http://toye.yeah.net/  \n\n这个文件不能通过 Teleport Pro 取回, 因为 它被访问于一个域或在它的起始地址边界外部的路径上.  \n\n你想从服务器打开它吗?'))window.location='http://toye.yeah.net/'" tppabs="http://toye.yeah.net/">看雪教学</a></td>
    <td width="10%" class="p9">&nbsp; </td>
    <td width="10%"><a href="index.htm" tppabs="http://toye.dihou.org/index.htm" class="p9">返回<br>
      首页 <br>
      </a></td>
    <td width="8%"><a href="molu.htm" tppabs="http://toye.dihou.org/molu.htm" class="p9">返回<br>
      目录 </a></td>
  </tr>
</table>
<table width="80%" cellspacing="0" cellpadding="0" align="center" bordercolorlight="#99CCFF" bordercolordark="#99CCFF">
  <tr bgcolor="#E1F1F1"> 
    <td> 
      <table width="100%" cellspacing="0" cellpadding="0">
        <tr bgcolor="#FFFF33"> 
          <td> 
            <div align="center" class="p12">第五课 动态跟踪分析入门</div>
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
</table>
<table width="80%" cellspacing="0" align="center">
  <tr class="p9"> 
    <td width="24%" bgcolor="#CCFFFF"> 
      <div align="center"><font color="#000000"><a href="lesson5.htm" tppabs="http://toye.dihou.org/lesson5.htm">SOFTICE与TRW安装</a></font></div>
    </td>
    <td width="27%" bgcolor="#CCFFFF"> 
      <div align="center"><font color="#CCCCFF"><font color="#000000"><a href="lesson501.htm" tppabs="http://toye.dihou.org/lesson501.htm">基本操作和概念</a></font></font></div>
    </td>
    <td width="24%" bgcolor="#FFFFFF"> 
      <div align="center"><font color="#FF3333">拆解教程 </font></div>
    </td>
    <td width="25%" bgcolor="#CCFFFF"> 
      <div align="center"><a href="lesson504.htm" tppabs="http://toye.dihou.org/lesson504.htm">习题</a></div>
    </td>
  </tr>
</table>
<p align="center" class="p9">【<font color="#FF3333">破解教程一</font>】　　　 【<a href="lesson5032.htm" tppabs="http://toye.dihou.org/lesson5032.htm">破解教程二</a>】</p>
<p align="left" class="p9"><span class="p9">======================================================================== 
  <br>
  破解实战入门一　　　　　　　　　　　　　　　　　(看雪(toye)2000/9/24）<br>
  ========================================================================</span></p>
<p align="left" class="p9">你一定要看了前几节的内容再来这节实战操作，在下手之前你要先掌握这些问题：F8、F12、F9、F7、F5、F11等功能键含义；另外领空、断点、，数据窗口位置、子程序CALL等概念及SOFTICE的常用命令操作。</p>
<p align="left" class="p9"><br>
  例、<a href="javascript:if(confirm('http://toye.dihou.org/exercise/lesson5-eg-1.zip  \n\n这个文件不能通过 Teleport Pro 取回, 因为 没有遇到方案的文件类型说明.  \n\n你想从服务器打开它吗?'))window.location='http://toye.dihou.org/exercise/lesson5-eg-1.zip'" tppabs="http://toye.dihou.org/exercise/lesson5-eg-1.zip">lesson5-eg-1.zip</a><font color="#FF3333" class="p9"><span class="p9"><b><font color="#000000"> 
  </font></b><font color="#000000">序列号保护 难度：易</font></span></font></p>
<p class="p9"><b>方法一、利用函数hmemcpy来破解</b></p>
<p class="p9">hmemcpy解释:是win32的一函数；其功能：将内存中的一块数据拷贝到另一个地方，破解时非常实用。（在win2k或WINNT下，这函数不起作用，这时你可参考方法二）<span class="p9">（注：crackme就是一些人专门为练习破解而写的一些小程序）</span></p>
<p class="p9">操作步骤：</p>
<p class="p9">按前两节配制好，装载好SOFTICE；</p>
<p class="p9">1、在对话内Registration输入：12345678 （随意填些数字）；</p>
<p class="p9"> 2、这时你点击按钮Check，程序将跳出一出错对话框，我将以此为目标作为跟踪的目的；</p>
<p class="p9">3、按CTRL+D切入SOFTICE的环境</p>
<p class="p9">4、下断点：bpx hmemcpy （其作用时，当windows应用程序一调用hmemcpy函数拷贝数据时，SOFTICE将中断）；</p>
<p class="p9">5、按F5（或按CTRL+D）回到windows环境；</p>
<p class="p9">6、此时你不要运行其它程序，或点击windows的其它菜单，而应直接点击刚才的练习软件的Check按钮；不然其它应用程序运行时也会调用hmemcpy函数导致SOFTICE意外中断）；</p>
<p class="p9">7、点击按钮Check后，SOFTICE马上激活中断如下：</p>
<p class="p9" align="center"><img src="lesson5-eg-1-01.gif" tppabs="http://toye.dihou.org/exercise/lesson5-eg-1-01.gif" width="659" height="206"></p>
<p class="p9">一般系统领空名称是KERNEL???或user(?)，我们的目的是让领空来到刚才这个小程序（其文件是：Crackme.exe），因此我们的目标观察领空名为：Crackme????</p>
<p class="p9">8、下命令：BD * 把拦中断的功能关掉；此时你下命令：BL 可显示刚被禁止的中断点；BE *命令恢复刚被禁止的断点；</p>
<p class="p9">9、此时你按F12从windows的底层跳出（每按一下跳出一个子程序）；(如不明白参考前节Tianwei的解释）</p>
<p class="p9">10、按了大概12～13次F12,来到crackme程序的领空：</p>
<p class="p9">0167:0040154E&nbsp; 52&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; PUSH&nbsp; &nbsp; &nbsp; EDX<br>
  ^^^^ ^^^^^^^^ ^^<br>
  前面的0167你和我的可能不同，但后面的偏移地址：0040154E应我的一样；第三组是机器码，在这里是：52<br>
  <br>
  0167:0040154F&nbsp; 68E8030000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; PUSH&nbsp; 
  &nbsp; &nbsp; 000003E8&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
  0167:00401554&nbsp; 8B4DE0&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MOV&nbsp; 
  &nbsp; &nbsp; ECX,[EBP-20]&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; <br>
  0167:00401557&nbsp; E8A8050000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CALL&nbsp; 
  &nbsp; &nbsp; 00401B04&nbsp; //我们按了这么多F12，就会从此CALL里出来<br>
  0167:0040155C&nbsp; 8D45F4&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; LEA&nbsp; 
  &nbsp; &nbsp; EAX,[EBP-0C]//为了再次运行程序能拦截，将光标移到此行，按F9或双击鼠标强行设置断点；以后程序运行时会在这一行中断&nbsp; 
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<br>
  ----------------------------------CRACKME!.text+0557（<font color="#FF3366">←注意crackme程序领空</font>)------------------ 
</p>
<p class="p9">11、此时按F10,让指令一行一行执行，直到下面：</p>
<p class="p9">0167:004015B9&nbsp; 8B4DE0&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; MOV&nbsp; &nbsp; &nbsp; ECX,[EBP-20]&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
  0167:004015BC&nbsp; E83D050000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CALL&nbsp; 
  &nbsp; &nbsp; 00401AFE //用F10一带过此就跳出注册失败的窗口&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
  0167:004015C1&nbsp; 8BE5&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  MOV&nbsp; &nbsp; &nbsp; ESP,EBP&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
  0167:004015C3&nbsp; 5D&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; POP&nbsp; &nbsp; &nbsp; EBP&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
  0167:004015C4&nbsp; C3&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; RET&nbsp;</p>
<p class="p9">在这我们己找到出错的对话框了；</p>
<p class="p9" align="left">12、再按F5回到windows，重新点击Crackme的检测序列号的按键Check，将会中断在我们在第10步设断处；0167:0040155C这一行；</p>
<p class="p9">13、然后慢慢全面分析这段程序：</p>
<p class="p9">0167:0040154E&nbsp; 52&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; PUSH&nbsp; &nbsp; &nbsp; EDX&nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  <br>
  0167:0040154F&nbsp; 68E8030000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; PUSH&nbsp; 
  &nbsp; &nbsp; 000003E8&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
  0167:00401554&nbsp; 8B4DE0&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MOV&nbsp; 
  &nbsp; &nbsp; ECX,[EBP-20]&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; <br>
  0167:00401557&nbsp; E8A8050000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CALL&nbsp; 
  &nbsp; &nbsp; 00401B04&nbsp; //按F12从此CALL里出来&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
  0167:0040155C&nbsp; 8D45F4&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; LEA&nbsp; 
  &nbsp; &nbsp; EAX,[EBP-0C]&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; <br>
  0167:0040155F&nbsp; 50&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; PUSH&nbsp; &nbsp; &nbsp; EAX&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>
  0167:00401560&nbsp; FF1504204000&nbsp; &nbsp; &nbsp; &nbsp; CALL&nbsp; &nbsp; 
  &nbsp; [KERNEL32!lstrlen]&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  <br>
  0167:00401566&nbsp; 8945F0&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MOV&nbsp; 
  &nbsp; &nbsp; [EBP-10],EAX&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; &nbsp; &nbsp; <br>
12 下一页
💿 文件大小 1161 K
👤 上传用户 linux_open_lab
📂 所属分类其他书籍
🏷️ 相关标签

#破解 #家
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -