📄 lesson1402.htm
字号:
<html>
<head>
<title>看雪学苑</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css">
<!--
.p8 { font-size: 8pt}
.p9 { font-size: 9pt}
a:hover { color: #00FF00}
a { text-decoration: none; color: #3333CC}
.p12 { font-size: 12pt; font-weight: bold; color: #FF3333}
-->
</style>
</head>
<body bgcolor="#FFFFFF" text="#000000" link="#000000" vlink="#000000" alink="#000000">
<a name="top"></a>
<script src="fubiao.js" tppabs="http://toye.dihou.org/img/fubiao.js"></script>
<table width="80%" border="1" cellspacing="0" cellpadding="0" align="center" bgcolor="#99CCFF" bordercolorlight="#99CCFF" bordercolordark="#99CCFF">
<tr>
<td width="72%" class="p9"><a href="javascript:if(confirm('http://toye.yeah.net/ \n\n这个文件不能通过 Teleport Pro 取回, 因为 它被访问于一个域或在它的起始地址边界外部的路径上. \n\n你想从服务器打开它吗?'))window.location='http://toye.yeah.net/'" tppabs="http://toye.yeah.net/">看雪教学</a></td>
<td width="10%" class="p9"> </td>
<td width="10%"><a href="index.htm" tppabs="http://toye.dihou.org/index.htm" class="p9">返回<br>
首页 <br>
</a></td>
<td width="8%"><a href="molu.htm" tppabs="http://toye.dihou.org/molu.htm" class="p9">返回<br>
目录 </a></td>
</tr>
</table>
<table width="80%" cellspacing="0" cellpadding="0" align="center">
<tr bgcolor="#FFFF33">
<td>
<div align="center"><span class="p"><b><font color="#FF3333" class="p11">第十课
crack常见技巧</font></b></span></div>
</td>
</tr>
</table>
<table border="1" width="80%" cellpadding="0" bordercolor="#86D8FF" bgcolor="#FBFDFF" align="center">
<tr>
<td width="50%" valign="middle" align="center" class="p9" height="20">
<div align="left"><span class="p9"><span class="p9">1、<a href="lesson1401.htm" tppabs="http://toye.dihou.org/lesson1401.htm"><span class="p9"><span class="p9">一些常用方法</span></span></a></span></span></div>
</td>
<td width="50%" valign="top" class="p9" height="20">
<div align="left"><span class="p9"><span class="p9">5、<a href="lesson1406.htm" tppabs="http://toye.dihou.org/lesson1406.htm">Key
File保护</a></span></span></div>
</td>
</tr>
<tr>
<td width="50%" valign="middle" align="center" class="p9" height="20">
<div align="left"><span class="p9"><span class="p9">2、<span class="p9"><span class="p9"><font color="#FF0066">序列号方式</font></span></span></span></span></div>
</td>
<td width="50%" valign="top" class="p9" height="20"><span class="p9"><span class="p9">6、<span class="p9"><span class="p9"><a href="lesson1407.htm" tppabs="http://toye.dihou.org/lesson1407.htm">功能限制的程序</a></span></span> </span></span></td>
</tr>
<tr>
<td width="50%" valign="middle" align="center" class="p9" height="20">
<div align="left"><span class="p9"><span class="p9">3、<a href="lesson1403.htm" tppabs="http://toye.dihou.org/lesson1403.htm">NAG方式(警告窗口)</a></span></span></div>
</td>
<td width="50%" valign="top" class="p9" height="20"><span class="p9"><span class="p9">7、<span class="p9"><span class="p9"><a href="lesson1408.htm" tppabs="http://toye.dihou.org/lesson1408.htm">InstallSHIELD
Setups </a></span> </span></span></span></td>
</tr>
<tr>
<td width="50%" valign="middle" align="center" class="p9" height="20">
<div align="left"><span class="p9"><span class="p9">4、<a href="lesson1404.htm" tppabs="http://toye.dihou.org/lesson1404.htm">运行时间限制</a></span></span></div>
</td>
<td width="50%" valign="top" class="p9" height="20">8、<a href="lesson1410.htm" tppabs="http://toye.dihou.org/lesson1410.htm">CD-check</a></td>
</tr>
</table>
<p align="center" class="p9"><span class="p9"><span class="p9">2、<span class="p9"><span class="p9"><font color="#FF6666">序列号方式</font><a href="lesson14021.htm" tppabs="http://toye.dihou.org/lesson14021.htm">
</a> 【<a href="lesson14022.htm" tppabs="http://toye.dihou.org/lesson14022.htm">序列号算法</a>】<span class="p9"><span class="p9"><span class="p9">
<a href="lesson14021.htm" tppabs="http://toye.dihou.org/lesson14021.htm">【习题】</a></span></span></span></span></span></span></span></p>
<p> <span class="p9"><font face="宋体" color="#333399"><b><font color="#000000">一、数据约束性的秘诀
</font><font color="#3333CC"><font color="#000000">(作者:+ORC) </font></font></b></font></span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">在大多数加密程式中,那个真正的、正确的注册码或PASSWORD会于某个时刻出现在内存中。当然它出现的位置是不定的,但多数情况下它会在一个范围之内,即存放用户输入的内存地址±0X90字节的地方。这是由于加密者所用工具内部的一个WINDOWS数据传输的约束条件。</font></span></p>
<p class="p9">数据约束性(data_constraint), 或者“密码相邻性(password proximity)”的依据就是加密者在编程的时候要留意保护功能是否“工作”。
他必须“看到”用户输入的数字、 用户输入转换结果和真正密码之间的关系。 这种联系必须经常地检查以调试这些代码。通常它们会<i><b><font color="#FF6699">共同</font></b></i>位于一个小的堆栈区域,使得它们可以在<font color="#FF6699"><i><b>同一个</b></i></font>
WATCH窗口中看到。所以在大多数情况下,真正的密码会在离保存用户输入处不远的地方露出马脚来。 </p>
<p><b><font color="#3333CC"><span class="p9"><font face="宋体" color="#000000">二、用</font>
<font face="Times New Roman" color="#000000">HMEMCPY</font><font color="#000000">函数(俗称万能断点)</font></span></font></b></p>
<p> <span class="p9"><font face="宋体" color="#000000">在破解序列号方面最多的就是</font> <font face="Times New Roman" color="#000000">HMEMCPY</font>
<font face="宋体" color="#000000">函数了,它的作用是内存字符复制。用</font> <font face="Times New Roman" color="#000000">HMEMCPY</font>
<font face="宋体" color="#000000">之前,你先输入详细的信息(如序列号,姓名等)到注册登记框,然后设断</font> <font face="Times New Roman" color="#000000">(Ctrl-D, BPX HMEMCPY)</font>
<font face="宋体" color="#000000">,再按</font> <font face="Times New Roman" color="#000000">(Ctrl-D)</font>
<font face="宋体" color="#000000">返回程序,点击程序</font> <font face="Times New Roman" color="#000000">OK</font>
<font face="宋体" color="#000000">将被拦截,你按</font> <font face="Times New Roman" color="#000000">F12</font>
<font face="宋体" color="#000000">或</font> <font face="Times New Roman" color="#000000">F10</font>
<font face="宋体" color="#000000">一直来到程序的领空,中间会经过一些系统区,如:</font> <font face="Times New Roman" color="#000000">KERNEL</font>
<font face="宋体" color="#000000">、</font> <font face="Times New Roman" color="#000000">USER</font>
<font face="宋体" color="#000000">等。这些地方不能乱改,否则系统会崩溃(死机)。但是有这种情况:有些软件很狡猾,其软件目录下有</font>
<font face="Times New Roman" color="#000000">user.dll</font> <font face="宋体" color="#000000">文件,序列号比较代码就在里面,你跟踪时,就要区分</font>
<font face="Times New Roman" color="#000000">USER</font> <font face="宋体" color="#000000">领空是系统还是软件本身。心奕(</font>
<font face="Times New Roman" color="#000000">1.0</font> <font face="宋体" color="#000000">版)就是这种情况。</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000">一般先找到出错的</font> <font face="Times New Roman" color="#000000">CALL</font>
<font face="宋体" color="#000000">再分析它前面的代码,找出哪个指令会跳过此出错的</font> <font face="Times New Roman" color="#000000">CALL</font>
<font face="宋体" color="#000000">,进一步分析找出序列号。</font> </span></p>
<p> <span class="p9"><font face="宋体" color="#000000">有时情况可能很复杂,我们应借助</font> <font face="Times New Roman" color="#000000">W32DASM</font>
<font face="宋体" color="#000000">分析,多多利用其“串式数据参”考功能,查找出错的语句,运气好的话,有可能直接找到序列号。将</font>
<font face="Times New Roman" color="#000000">W32DASM</font> <font face="宋体" color="#000000">和</font>
<font face="Times New Roman" color="#000000">SOFTICE</font> <font face="宋体" color="#000000">结合起来,可使我们事半功倍。</font>
</span></p>
<p> </p>
<p> <font color="#000000"><span class="p9"><font face="宋体"><b>三、利用</b></font>
<b><font face="Times New Roman">S</font> <font face="宋体">命令</font> </b></span></font></p>
<p> <span class="p9"><font face="宋体" color="#000000">这也是序列号破解用得较多的方法(台湾朋友号称</font>
<font face="Times New Roman" color="#000000">78</font> <font face="宋体" color="#000000">大法),一般步骤:先输入姓名或假的序列号(如:</font>
<font face="Times New Roman" color="#000000">78787878</font> <font face="宋体" color="#000000">),按</font>
<font face="Times New Roman" color="#000000">CTRL+D</font> <font face="宋体" color="#000000">切换到</font>
<font face="Times New Roman" color="#000000">SOFTICE</font> <font face="宋体" color="#000000">下,</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000">下命令:</font> <font face="Times New Roman" color="#000000">s 30:0 l ffffffff '78787878',</font>
<font face="宋体" color="#000000">会搜索地址:</font> <font face="Times New Roman" color="#000000">ss:ssssssss</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000">用</font> <font face="Times New Roman" color="#000000">bpm ss:ssssssss</font>
<font face="宋体" color="#000000">设断,按</font> <font face="Times New Roman" color="#000000">F5</font>
<font face="宋体" color="#000000">返回,点击</font> <font face="Times New Roman" color="#000000">OK</font>
<font face="宋体" color="#000000">软件将被拦截,</font> </span></p>
<p> <span class="p9"><font face="宋体" color="#000000">然后暂停以前断点:</font> <font face="Times New Roman" color="#000000">bd * ;</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000">用</font> <font face="Times New Roman" color="#000000">bpm es</font>
<font face="宋体" color="#000000">:</font><font face="Times New Roman" color="#000000">edi-8 </font>
<font face="宋体" color="#000000">设另外一个</font> <font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">:因为你打了</font> <font face="Times New Roman" color="#000000">8</font>
<font face="宋体" color="#000000">个字,所以减</font> <font face="Times New Roman" color="#000000">8</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000">按</font> <font face="Times New Roman" color="#000000">F5</font>
<font face="宋体" color="#000000">将再次被拦截,然后按</font> <font face="Times New Roman" color="#000000">F12</font>
<font face="宋体" color="#000000">和</font> <font face="Times New Roman" color="#000000">F10</font>
<font face="宋体" color="#000000">来到程序领空,以后其它操作同方法四。</font></span></p>
<p><font color="#3333CC"><b><span class="p9"><font face="宋体"><span class="p9"><font color="#000000">四、在</font></span></font>
<font color="#000000"><span class="p9"><font face="Times New Roman">WIN9x</font>
<font face="宋体">的消息上下断点</font></span></font></span></b></font><span class="p9"><span class="p9"><font face="宋体" color="#000000">(利用</font>
<font face="Times New Roman" color="#000000">BMSG</font> <font face="宋体" color="#000000">命令,具体参考</font>
<font face="Times New Roman" color="#000000">SOFTICE</font> <font face="宋体" color="#000000">手册)</font>
</span></span></p>
<p><span class="p9">BMSG xxxx WM_GETTEXT (good for passwords)<br>
BMSG xxxx WM_COMMAND (good fro OK buttons)</span></p>
<p><span class="p9">the xxxx is of course the hwnd value, but important info:</span></p>
<span class="p9">assuming you are using wm_command to try to locate the button
push, you hwnd the result and see the hwnd of the button is 0324 and the hwnd
of the window is 0129</span> <br>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -