📄 lesson1531.htm
字号:
</span><span class="p9"><font face="Times New Roman" color="#000000">+ _vbaVarDup returns DWORD: 63F3BC</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">+ MsgBox <-- </font>
<font face="宋体" color="#000000">展开后你停在此,向上看,需用滚动条向上翻。</font></span>
<br>
<span class="p9"><font face="Times New Roman" color="#000000">2</font>
<font face="宋体" color="#000000">、用</font> <font face="Times New Roman" color="#000000">SOFTICE</font>
<font face="宋体" color="#000000">破解</font></span> <br>
<span class="p9"><font face="Times New Roman" color="#000000">Step1 </font>
<font face="宋体" color="#000000">运行</font> <font face="Times New Roman" color="#000000">CrackMe</font>
<font face="宋体" color="#000000">并输入任意序列号;</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">Step2 </font>
<font face="宋体" color="#000000">在</font> <font face="Times New Roman" color="#000000">SOFTICE</font>
<font face="宋体" color="#000000">下设断:</font> <font face="Times New Roman" color="#000000">bpx__vbastrcomp,</font>
<font face="宋体" color="#000000">按</font> <font face="Times New Roman" color="#000000">register</font>
<font face="宋体" color="#000000">,将被</font> <font face="Times New Roman" color="#000000">SOFTICE</font>
<font face="宋体" color="#000000">拦截;</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">Step3 </font>
<font face="宋体" color="#000000">按</font> <font face="Times New Roman" color="#000000">F10 </font>
<font face="宋体" color="#000000">向下</font> <font face="Times New Roman" color="#000000">...... </font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">:0F003577 MOV ESI , [EAX - 04] </font><br>
</span><span class="p9"><font face="Times New Roman" color="#000000">EAX = </font>
<font face="宋体" color="#000000">假的序列号</font> <font face="Times New Roman" color="#000000">! </font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">Step4 </font>
<font face="宋体" color="#000000">一直向下</font> <font face="Times New Roman" color="#000000">....... </font>
</span> <br>
<span class="p9"><font face="Times New Roman" color="#000000">:0F003588 MOV EDI , [ECX-04] </font>
</span> <br>
<span class="p9"><font face="Times New Roman" color="#000000">d ecx-04 => .r.k.h.1.o.y.i.e. (wide char<br>
</font></span><font face="Times New Roman" color="#0033CC" class="p9">注:注册成功后,你还想练习,请在CrackMe菜单FILE选择restart</font></p>
</td>
</tr>
</table>
<p> </p>
<p> </p>
</div>
<div id="KB2Parent" class="parent">
<p><span class="p9"><b>习题二</b> <a href="javascript:if(confirm('http://toye.dihou.org/vb-exercises-02.zip \n\n这个文件不能通过 Teleport Pro 取回, 因为 没有遇到方案的文件类型说明. \n\n你想从服务器打开它吗?'))window.location='http://toye.dihou.org/vb-exercises-02.zip'" tppabs="http://toye.dihou.org/vb-exercises-02.zip">vb-exercises-02
</a>序列号保护;难度:易。</span></p>
<p><a href="#" onClick="expandIt('KB2'); return false" class="p9"><b>习题二 </b>我想看到答案</a>
</p>
</div>
<div id="KB2Child" class="child">
<table width="100%" align="center" cellspacing="0">
<tr bgcolor="#EFEFEF">
<td height="31">
<p class="p9"><b><font color="#0000FF">方法1<br>
</font></b><font face="Times New Roman" color="#000000"><span class="p9">1</span></font>
<span class="p9"><font face="宋体" color="#000000">、这时</font> <font face="Times New Roman" color="#000000">VB5</font>
<font face="宋体" color="#000000">程序。输入序列号,我这里出现是些乱码,不管它了,继续。</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">2</font>
<font face="宋体" color="#000000">、我们能用的函数:</font> <font face="Times New Roman" color="#000000">MultiByteToWideChar</font>
<font face="宋体" color="#000000">(转换字符串为</font> <font face="Times New Roman" color="#000000">widechar</font>
<font face="宋体" color="#000000">)、</font> <font face="Times New Roman" color="#000000"> __vbaStrCmp</font>
<font face="宋体" color="#000000">和</font> <font face="Times New Roman" color="#000000">__VbaStrComp.</font>
<font face="宋体" color="#000000">我们用</font> <font face="Times New Roman" color="#000000">'Bpx __vbaStrCmp'</font>
<font face="宋体" color="#000000">设断。</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">3</font>
<font face="宋体" color="#000000">、拦截后</font></span> <br>
<span class="p9"><font face="Times New Roman" color="#000000">CALL [MSVBVM50!__vbaStrCmp]</font>
<br>
</span><span class="p9"><font face="宋体" color="#000000">你可跟踪进去,在每第一个</font>
<font face="Times New Roman" color="#000000">call</font> <font face="宋体" color="#000000">进去,最后来到:</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">8b74240c 0f00d9f0 mov edi,[esp+0c]</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">8b4c2414 0f00d9f4 mov ecx,[esp+14]</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">33c0 of00d9f8 xor eax,eax</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">f366a7 0f00d9fa repz cmpsw</font>
<br>
</span><span class="p9"><font face="宋体" color="#000000">这一段是很常用的比较代码:</font>
<font face="Times New Roman" color="#000000">56,57,8B,7C,24,10,8B,74,24,0C,8B,4C,24,14,33,C0,F3,66,A7</font>
<br>
</span><span class="p9"><font face="宋体" color="#000000">不知你们发现没有,这段</font>
<font face="Times New Roman" color="#000000">VB5</font> <font face="宋体" color="#000000">内的比较代码同</font>
<font face="Times New Roman" color="#000000">VB4</font> <font face="宋体" color="#000000">的一段比较代码相同,可参考第五课</font>
<font face="Times New Roman" color="#000000">SOFTICE</font> <font face="宋体" color="#000000">安装中</font>
<font face="Times New Roman" color="#000000">winice.dat</font> <font face="宋体" color="#000000">配制。如:</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">AF4="^s 0 l ffffffff 56,57,8B,7C,24,10,8B,74,24,0C,8B,4C,24,14,33,C0,F3,66,A7;" ;--VB4</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">AF5="^s 0 l ffffffff FF,75,E0,E8,85,EF,FF,FF,DC,1D,28,10,40,00,DF,E0,9E,75,03;" ;--VB5</font>
<br>
</span><span class="p9"><font face="宋体" color="#000000">因此以后我们碰到类似的比较,按</font>
<font face="Times New Roman" color="#000000">alt+F4</font> <font face="宋体" color="#000000">,即可找到这段比较核心。</font>
<br>
</span><span class="p9"><font face="宋体" color="#000000">在过了</font> <font face="Times New Roman" color="#000000">0f00d9f0</font>
<font face="宋体" color="#000000">这一行,下</font> <font face="Times New Roman" color="#000000">d esi </font>
<font face="宋体" color="#000000">你输入的序列号;下</font> <font face="Times New Roman" color="#000000">d edi </font>
<font face="宋体" color="#000000">看到正确的序列号。</font> <br>
</span><span class="p9"><font face="宋体" color="#000000">好,回到主题,下</font>
<font face="Times New Roman" color="#000000">d esi</font> <font face="宋体" color="#000000">看到:</font>
<font face="Times New Roman" color="#000000">'1.2.3.4.5.6' </font>
<font face="宋体" color="#000000">下</font> <font face="Times New Roman" color="#000000">d edi</font>
<font face="宋体" color="#000000">你看到什么了??????</font></span><br>
<span class="p9"><font face="Times New Roman" color="#000000">2E 00 2E 00 2E 00 2E 00 - 2E 00 2E 00 2E 00 2E 00 ................</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">2E 00 2E 00 00 00 00 00 - 24 00 00 00 49 00 6E 00 ........$...I.n.</font>
<br>
</span><span class="p9"><font face="宋体" color="#000000">怎么什么都没有?应该在此处有正确的序列号,想想啊,序列号是以</font>
<font face="Times New Roman" color="#000000">widechar</font> <font face="宋体" color="#000000">表示的(在各字符间插空格),看看右边的:</font>
<font face="Times New Roman" color="#000000">2E,2E</font> <font face="宋体" color="#000000">的</font>
<font face="Times New Roman" color="#000000">Ascii</font> <font face="宋体" color="#000000">是</font>
<font face="Times New Roman" color="#000000">'.' </font> <font face="宋体" color="#000000">,会不会是</font>
<font face="Times New Roman" color="#000000">'..........'</font> <font face="宋体" color="#000000">;</font>
<br>
</span><span class="p9"><font face="宋体" color="#000000">试试吧,输入,哇</font>
<font face="Times New Roman" color="#000000">...cool!!!</font></span>
<br>
<span class="p9"><font face="宋体" color="#000000">另外一方法:</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">'Bpx __vbaStrCmp'</font>
<font face="宋体" color="#000000">设断后,按</font> <font face="Times New Roman" color="#000000">F10</font>
<font face="宋体" color="#000000">走出此</font> <font face="Times New Roman" color="#000000">call</font>
<font face="宋体" color="#000000">,看到:</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">MOV ECX, [EBP-18]</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">PUSH ECX</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">PUSH 00401BE4</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">CALL [MSVBVM50!__vbaStrCmp] </font>
<font face="宋体" color="#000000">———</font> <font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">从这走出</font></span> <br>
<span class="p9"><font face="宋体" color="#000000">嗯,解决办法就在这,用</font>
<font face="Times New Roman" color="#000000">'Bd *'</font> <font face="宋体" color="#000000">禁止所用的断点,在</font>
<font face="Times New Roman" color="#000000">PUSH ECX</font> <font face="宋体" color="#000000">设断,</font>
<br>
</span><span class="p9"><font face="宋体" color="#000000">退出</font> <font face="Times New Roman" color="#000000">SOFTICE</font>
<font face="宋体" color="#000000">,在</font> <font face="Times New Roman" color="#000000">CrackMe</font>
<font face="宋体" color="#000000">重输序列号,将被拦截:</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">PUSH ECX</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">PUSH 00401BE4</font>
<font face="宋体" color="#000000">—————你会中断在这儿</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">CALL [MSVBVM50!__vbaStrCmp]</font>
<br>
</span><span class="p9"><font face="宋体" color="#000000">下</font> <font face="Times New Roman" color="#000000">d ecx</font>
<font face="宋体" color="#000000">看到你输入的序列号;</font> <br>
</span><span class="p9"><font face="宋体" color="#000000">下</font> <font face="Times New Roman" color="#000000">'d 401BE4'</font>
<font face="宋体" color="#000000">看到正确序列号<br>
</font></span><font face="宋体" color="#0000FF" class="p9"><b>方法2 用SmartChec<br>
</b></font><span class="p9">此方法破解此软件很简单,<br>
</span><span class="p9">展开smdOK_Click<br>
</span><span class="p9">txtPassword.Text<br>
</span><span class="p9">MsgBox returns Intege.1 光标停在此行,用Show All Event<br>
</span><span class="p9">展开后看下面一行: <br>
</span><span class="p9">txtPassword.Text<br>
</span><span class="p9">__vbaStrcmp returns DWORD:1 看右边,^-^</span></p>
</td>
</tr>
</table>
</div>
<div id="KB3Parent" class="parent"> <span class="p9"><b>习题三 </b><a href="javascript:if(confirm('http://toye.dihou.org/vb-exercises-03.zip \n\n这个文件不能通过 Teleport Pro 取回, 因为 没有遇到方案的文件类型说明. \n\n你想从服务器打开它吗?'))window.location='http://toye.dihou.org/vb-exercises-03.zip'" tppabs="http://toye.dihou.org/vb-exercises-03.zip">vb-exercises-03</a>
Name/Code保护;难度:易</span>
<p><a href="#" onClick="expandIt('KB3'); return false" class="p9"><b>习题三</b>
我要看答案</a> </p>
</div>
<div id="KB3Child" class="child">
<table width="100%" align="center" cellspacing="0">
<tr bgcolor="#EFEFEF">
<td height="28">
<p class="p9">1、这是VB5程序,保护很简单;<br>
2、<span class="p9"><font face="Times New Roman" color="#000000">这程序是用__vbaStrCmp比较序列号;<br>
3、因此用习题2我教的方法来开刀<br>
</font></span>下bpx hmemcpy<br>
按F10或F12回到VB5的领空,下 :<br>
<span class="p9"><font face="Times New Roman" color="#000000">s 0 l ffffffff 56,57,8B,7C,24,10,8B,74,24,0C,8B,4C,24,14,33,C0,F3,66,A7<br>
</font></span>当然在我们配制好的SOFTICE下 ,按alt+F4,即可;<br>
bpx xxxxxxx(在刚拦截地址处设断)<br>
<span class="p9"><font face="宋体" color="#000000">下</font> <font face="Times New Roman" color="#000000">d esi </font>
<font face="宋体" color="#000000">你输入的序列号;下</font> <font face="Times New Roman" color="#000000">d edi </font>
<font face="宋体" color="#000000">看到正确的序列号。</font></span> <br>
<font color="#0000FF">用SmartCheck也很简单对付。</font></p>
</td>
</tr>
</table>
</div>
<div id="KB4Parent" class="parent">
<p><b><span class="p9">习题四</span></b><span class="p9"><a href="javascript:if(confirm('http://toye.dihou.org/vb-exercises-04.zip \n\n这个文件不能通过 Teleport Pro 取回, 因为 没有遇到方案的文件类型说明. \n\n你想从服务器打开它吗?'))window.location='http://toye.dihou.org/vb-exercises-04.zip'" tppabs="http://toye.dihou.org/vb-exercises-04.zip">vb-exercises-04</a>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -