?? lesson1531.htm
字號:
</span><span class="p9"><font face="Times New Roman" color="#000000">+ _vbaVarDup returns DWORD: 63F3BC</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">+ MsgBox <-- </font>
<font face="宋體" color="#000000">展開后你停在此,向上看,需用滾動條向上翻。</font></span>
<br>
<span class="p9"><font face="Times New Roman" color="#000000">2</font>
<font face="宋體" color="#000000">、用</font> <font face="Times New Roman" color="#000000">SOFTICE</font>
<font face="宋體" color="#000000">破解</font></span> <br>
<span class="p9"><font face="Times New Roman" color="#000000">Step1 </font>
<font face="宋體" color="#000000">運行</font> <font face="Times New Roman" color="#000000">CrackMe</font>
<font face="宋體" color="#000000">并輸入任意序列號;</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">Step2 </font>
<font face="宋體" color="#000000">在</font> <font face="Times New Roman" color="#000000">SOFTICE</font>
<font face="宋體" color="#000000">下設斷:</font> <font face="Times New Roman" color="#000000">bpx__vbastrcomp,</font>
<font face="宋體" color="#000000">按</font> <font face="Times New Roman" color="#000000">register</font>
<font face="宋體" color="#000000">,將被</font> <font face="Times New Roman" color="#000000">SOFTICE</font>
<font face="宋體" color="#000000">攔截;</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">Step3 </font>
<font face="宋體" color="#000000">按</font> <font face="Times New Roman" color="#000000">F10 </font>
<font face="宋體" color="#000000">向下</font> <font face="Times New Roman" color="#000000">...... </font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">:0F003577 MOV ESI , [EAX - 04] </font><br>
</span><span class="p9"><font face="Times New Roman" color="#000000">EAX = </font>
<font face="宋體" color="#000000">假的序列號</font> <font face="Times New Roman" color="#000000">! </font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">Step4 </font>
<font face="宋體" color="#000000">一直向下</font> <font face="Times New Roman" color="#000000">....... </font>
</span> <br>
<span class="p9"><font face="Times New Roman" color="#000000">:0F003588 MOV EDI , [ECX-04] </font>
</span> <br>
<span class="p9"><font face="Times New Roman" color="#000000">d ecx-04 => .r.k.h.1.o.y.i.e. (wide char<br>
</font></span><font face="Times New Roman" color="#0033CC" class="p9">注:注冊成功后,你還想練習,請在CrackMe菜單FILE選擇restart</font></p>
</td>
</tr>
</table>
<p> </p>
<p> </p>
</div>
<div id="KB2Parent" class="parent">
<p><span class="p9"><b>習題二</b> <a href="javascript:if(confirm('http://toye.dihou.org/vb-exercises-02.zip \n\n這個文件不能通過 Teleport Pro 取回, 因為 沒有遇到方案的文件類型說明. \n\n你想從服務器打開它嗎?'))window.location='http://toye.dihou.org/vb-exercises-02.zip'" tppabs="http://toye.dihou.org/vb-exercises-02.zip">vb-exercises-02
</a>序列號保護;難度:易。</span></p>
<p><a href="#" onClick="expandIt('KB2'); return false" class="p9"><b>習題二 </b>我想看到答案</a>
</p>
</div>
<div id="KB2Child" class="child">
<table width="100%" align="center" cellspacing="0">
<tr bgcolor="#EFEFEF">
<td height="31">
<p class="p9"><b><font color="#0000FF">方法1<br>
</font></b><font face="Times New Roman" color="#000000"><span class="p9">1</span></font>
<span class="p9"><font face="宋體" color="#000000">、這時</font> <font face="Times New Roman" color="#000000">VB5</font>
<font face="宋體" color="#000000">程序。輸入序列號,我這里出現是些亂碼,不管它了,繼續。</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">2</font>
<font face="宋體" color="#000000">、我們能用的函數:</font> <font face="Times New Roman" color="#000000">MultiByteToWideChar</font>
<font face="宋體" color="#000000">(轉換字符串為</font> <font face="Times New Roman" color="#000000">widechar</font>
<font face="宋體" color="#000000">)、</font> <font face="Times New Roman" color="#000000"> __vbaStrCmp</font>
<font face="宋體" color="#000000">和</font> <font face="Times New Roman" color="#000000">__VbaStrComp.</font>
<font face="宋體" color="#000000">我們用</font> <font face="Times New Roman" color="#000000">'Bpx __vbaStrCmp'</font>
<font face="宋體" color="#000000">設斷。</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">3</font>
<font face="宋體" color="#000000">、攔截后</font></span> <br>
<span class="p9"><font face="Times New Roman" color="#000000">CALL [MSVBVM50!__vbaStrCmp]</font>
<br>
</span><span class="p9"><font face="宋體" color="#000000">你可跟蹤進去,在每第一個</font>
<font face="Times New Roman" color="#000000">call</font> <font face="宋體" color="#000000">進去,最后來到:</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">8b74240c 0f00d9f0 mov edi,[esp+0c]</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">8b4c2414 0f00d9f4 mov ecx,[esp+14]</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">33c0 of00d9f8 xor eax,eax</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">f366a7 0f00d9fa repz cmpsw</font>
<br>
</span><span class="p9"><font face="宋體" color="#000000">這一段是很常用的比較代碼:</font>
<font face="Times New Roman" color="#000000">56,57,8B,7C,24,10,8B,74,24,0C,8B,4C,24,14,33,C0,F3,66,A7</font>
<br>
</span><span class="p9"><font face="宋體" color="#000000">不知你們發現沒有,這段</font>
<font face="Times New Roman" color="#000000">VB5</font> <font face="宋體" color="#000000">內的比較代碼同</font>
<font face="Times New Roman" color="#000000">VB4</font> <font face="宋體" color="#000000">的一段比較代碼相同,可參考第五課</font>
<font face="Times New Roman" color="#000000">SOFTICE</font> <font face="宋體" color="#000000">安裝中</font>
<font face="Times New Roman" color="#000000">winice.dat</font> <font face="宋體" color="#000000">配制。如:</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">AF4="^s 0 l ffffffff 56,57,8B,7C,24,10,8B,74,24,0C,8B,4C,24,14,33,C0,F3,66,A7;" ;--VB4</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">AF5="^s 0 l ffffffff FF,75,E0,E8,85,EF,FF,FF,DC,1D,28,10,40,00,DF,E0,9E,75,03;" ;--VB5</font>
<br>
</span><span class="p9"><font face="宋體" color="#000000">因此以后我們碰到類似的比較,按</font>
<font face="Times New Roman" color="#000000">alt+F4</font> <font face="宋體" color="#000000">,即可找到這段比較核心。</font>
<br>
</span><span class="p9"><font face="宋體" color="#000000">在過了</font> <font face="Times New Roman" color="#000000">0f00d9f0</font>
<font face="宋體" color="#000000">這一行,下</font> <font face="Times New Roman" color="#000000">d esi </font>
<font face="宋體" color="#000000">你輸入的序列號;下</font> <font face="Times New Roman" color="#000000">d edi </font>
<font face="宋體" color="#000000">看到正確的序列號。</font> <br>
</span><span class="p9"><font face="宋體" color="#000000">好,回到主題,下</font>
<font face="Times New Roman" color="#000000">d esi</font> <font face="宋體" color="#000000">看到:</font>
<font face="Times New Roman" color="#000000">'1.2.3.4.5.6' </font>
<font face="宋體" color="#000000">下</font> <font face="Times New Roman" color="#000000">d edi</font>
<font face="宋體" color="#000000">你看到什么了??????</font></span><br>
<span class="p9"><font face="Times New Roman" color="#000000">2E 00 2E 00 2E 00 2E 00 - 2E 00 2E 00 2E 00 2E 00 ................</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">2E 00 2E 00 00 00 00 00 - 24 00 00 00 49 00 6E 00 ........$...I.n.</font>
<br>
</span><span class="p9"><font face="宋體" color="#000000">怎么什么都沒有?應該在此處有正確的序列號,想想啊,序列號是以</font>
<font face="Times New Roman" color="#000000">widechar</font> <font face="宋體" color="#000000">表示的(在各字符間插空格),看看右邊的:</font>
<font face="Times New Roman" color="#000000">2E,2E</font> <font face="宋體" color="#000000">的</font>
<font face="Times New Roman" color="#000000">Ascii</font> <font face="宋體" color="#000000">是</font>
<font face="Times New Roman" color="#000000">'.' </font> <font face="宋體" color="#000000">,會不會是</font>
<font face="Times New Roman" color="#000000">'..........'</font> <font face="宋體" color="#000000">;</font>
<br>
</span><span class="p9"><font face="宋體" color="#000000">試試吧,輸入,哇</font>
<font face="Times New Roman" color="#000000">...cool!!!</font></span>
<br>
<span class="p9"><font face="宋體" color="#000000">另外一方法:</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">'Bpx __vbaStrCmp'</font>
<font face="宋體" color="#000000">設斷后,按</font> <font face="Times New Roman" color="#000000">F10</font>
<font face="宋體" color="#000000">走出此</font> <font face="Times New Roman" color="#000000">call</font>
<font face="宋體" color="#000000">,看到:</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">MOV ECX, [EBP-18]</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">PUSH ECX</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">PUSH 00401BE4</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">CALL [MSVBVM50!__vbaStrCmp] </font>
<font face="宋體" color="#000000">———</font> <font face="Times New Roman" color="#000000"> </font>
<font face="宋體" color="#000000">從這走出</font></span> <br>
<span class="p9"><font face="宋體" color="#000000">嗯,解決辦法就在這,用</font>
<font face="Times New Roman" color="#000000">'Bd *'</font> <font face="宋體" color="#000000">禁止所用的斷點,在</font>
<font face="Times New Roman" color="#000000">PUSH ECX</font> <font face="宋體" color="#000000">設斷,</font>
<br>
</span><span class="p9"><font face="宋體" color="#000000">退出</font> <font face="Times New Roman" color="#000000">SOFTICE</font>
<font face="宋體" color="#000000">,在</font> <font face="Times New Roman" color="#000000">CrackMe</font>
<font face="宋體" color="#000000">重輸序列號,將被攔截:</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">PUSH ECX</font>
<br>
</span><span class="p9"><font face="Times New Roman" color="#000000">PUSH 00401BE4</font>
<font face="宋體" color="#000000">—————你會中斷在這兒</font> <br>
</span><span class="p9"><font face="Times New Roman" color="#000000">CALL [MSVBVM50!__vbaStrCmp]</font>
<br>
</span><span class="p9"><font face="宋體" color="#000000">下</font> <font face="Times New Roman" color="#000000">d ecx</font>
<font face="宋體" color="#000000">看到你輸入的序列號;</font> <br>
</span><span class="p9"><font face="宋體" color="#000000">下</font> <font face="Times New Roman" color="#000000">'d 401BE4'</font>
<font face="宋體" color="#000000">看到正確序列號<br>
</font></span><font face="宋體" color="#0000FF" class="p9"><b>方法2 用SmartChec<br>
</b></font><span class="p9">此方法破解此軟件很簡單,<br>
</span><span class="p9">展開smdOK_Click<br>
</span><span class="p9">txtPassword.Text<br>
</span><span class="p9">MsgBox returns Intege.1 光標停在此行,用Show All Event<br>
</span><span class="p9">展開后看下面一行: <br>
</span><span class="p9">txtPassword.Text<br>
</span><span class="p9">__vbaStrcmp returns DWORD:1 看右邊,^-^</span></p>
</td>
</tr>
</table>
</div>
<div id="KB3Parent" class="parent"> <span class="p9"><b>習題三 </b><a href="javascript:if(confirm('http://toye.dihou.org/vb-exercises-03.zip \n\n這個文件不能通過 Teleport Pro 取回, 因為 沒有遇到方案的文件類型說明. \n\n你想從服務器打開它嗎?'))window.location='http://toye.dihou.org/vb-exercises-03.zip'" tppabs="http://toye.dihou.org/vb-exercises-03.zip">vb-exercises-03</a>
Name/Code保護;難度:易</span>
<p><a href="#" onClick="expandIt('KB3'); return false" class="p9"><b>習題三</b>
我要看答案</a> </p>
</div>
<div id="KB3Child" class="child">
<table width="100%" align="center" cellspacing="0">
<tr bgcolor="#EFEFEF">
<td height="28">
<p class="p9">1、這是VB5程序,保護很簡單;<br>
2、<span class="p9"><font face="Times New Roman" color="#000000">這程序是用__vbaStrCmp比較序列號;<br>
3、因此用習題2我教的方法來開刀<br>
</font></span>下bpx hmemcpy<br>
按F10或F12回到VB5的領空,下 :<br>
<span class="p9"><font face="Times New Roman" color="#000000">s 0 l ffffffff 56,57,8B,7C,24,10,8B,74,24,0C,8B,4C,24,14,33,C0,F3,66,A7<br>
</font></span>當然在我們配制好的SOFTICE下 ,按alt+F4,即可;<br>
bpx xxxxxxx(在剛攔截地址處設斷)<br>
<span class="p9"><font face="宋體" color="#000000">下</font> <font face="Times New Roman" color="#000000">d esi </font>
<font face="宋體" color="#000000">你輸入的序列號;下</font> <font face="Times New Roman" color="#000000">d edi </font>
<font face="宋體" color="#000000">看到正確的序列號。</font></span> <br>
<font color="#0000FF">用SmartCheck也很簡單對付。</font></p>
</td>
</tr>
</table>
</div>
<div id="KB4Parent" class="parent">
<p><b><span class="p9">習題四</span></b><span class="p9"><a href="javascript:if(confirm('http://toye.dihou.org/vb-exercises-04.zip \n\n這個文件不能通過 Teleport Pro 取回, 因為 沒有遇到方案的文件類型說明. \n\n你想從服務器打開它嗎?'))window.location='http://toye.dihou.org/vb-exercises-04.zip'" tppabs="http://toye.dihou.org/vb-exercises-04.zip">vb-exercises-04</a>
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -