工业组态软件加密狗破解
这是一个xxxx业用组态软件,由于加密狗遗失,无法确定加密狗的型号,而且还是无驱型加密狗,所以也无法从驱动程序上看出。
试用软件:
弹出对话框提示:
Dongle Check failed !
Error Code: 19
点击确定,程序退出。
用PEID检测为Microsoft Visual C++ 6.0,经过确认,无壳。
用OD加载,找到关键代码处:
00401000 /$ 64:A1 0000000>mov eax,dword ptr fs:[0] //函数入口
00401006 |. 6A FF push -0x1
00401008 |. 68 28AB4000 push BE.0040AB28
0040100D |. 50 push eax
0040100E |. 64:8925 00000>mov dword ptr fs:[0],esp
00401015 |. 81EC A0000000 sub esp,0xA0
0040101B |. B9 20000000 mov ecx,0x20
00401020 |. 33C0 xor eax,eax
00401022 |. 53 push ebx
00401023 |. 56 push esi
00401024 |. 57 push edi
00401025 |. 8D7C24 28 lea edi,dword ptr ss:[esp+0x28]
00401029 |. F3:AB rep stos dword ptr es:[edi]
0040102B |. 66:AB stos word ptr es:[edi]
0040102D |. 8D4424 28 lea eax,dword ptr ss:[esp+0x28]
00401031 |. 68 80000000 push 0x80
00401036 |. 50 push eax
00401037 |. E8 34050000 call BE.00401570 //检测加密狗是否存在
0040103C |. 83C4 08 add esp,0x8
0040103F |. 85C0 test eax,eax
00401041 |. 0F85 78030000 jnz BE.004013BF //加密狗破解关键点一,不能让它跳
00401047 |. 8B8C24 C00000>mov ecx,dword ptr ss:[esp+0xC0]
0040104E |. 51 push ecx
0040104F |. 8D4C24 1C lea ecx,dword ptr ss:[esp+0x1C]
00401053 |. E8 5E960000 call <jmp.&MFC42.#CString::CString_537>
00401058 |. 8B7C24 18 mov edi,dword ptr ss:[esp+0x18]
0040105C |. 8D7424 28 lea esi,dword ptr ss:[esp+0x28]
00401060 |. 33D2 xor edx,edx
00401062 |. C78424 B40000>mov dword ptr ss:[esp+0xB4],0x0
0040106D |. 8B4F F8 mov ecx,dword ptr ds:[edi-0x8]
00401070 |. F3:A6 repe cmps byte ptr es:[edi],byte ptr ds:>
00401072 |. 0F84 48010000 je BE.004011C0
00401078 |. 8B8424 BC0000>mov eax,dword ptr ss:[esp+0xBC]
0040107F |. 85C0 test eax,eax
00401081 |. 0F84 05030000 je BE.0040138C
00401087 |. 68 18F54000 push BE.0040F518
0040108C |. 8D4C24 10 lea ecx,dword ptr ss:[esp+0x10]
00401090 |. E8 21960000 call <jmp.&MFC42.#CString::CString_537>
00401095 |. 8A9C24 C40000>mov bl,byte ptr ss:[esp+0xC4]
0040109C |. C68424 B40000>mov byte ptr ss:[esp+0xB4],0x1
004010A4 |. F6C3 02 test bl,0x2
试用软件:
弹出对话框提示:
Dongle Check failed !
Error Code: 19
点击确定,程序退出。
用PEID检测为Microsoft Visual C++ 6.0,经过确认,无壳。
用OD加载,找到关键代码处:
00401000 /$ 64:A1 0000000>mov eax,dword ptr fs:[0] //函数入口
00401006 |. 6A FF push -0x1
00401008 |. 68 28AB4000 push BE.0040AB28
0040100D |. 50 push eax
0040100E |. 64:8925 00000>mov dword ptr fs:[0],esp
00401015 |. 81EC A0000000 sub esp,0xA0
0040101B |. B9 20000000 mov ecx,0x20
00401020 |. 33C0 xor eax,eax
00401022 |. 53 push ebx
00401023 |. 56 push esi
00401024 |. 57 push edi
00401025 |. 8D7C24 28 lea edi,dword ptr ss:[esp+0x28]
00401029 |. F3:AB rep stos dword ptr es:[edi]
0040102B |. 66:AB stos word ptr es:[edi]
0040102D |. 8D4424 28 lea eax,dword ptr ss:[esp+0x28]
00401031 |. 68 80000000 push 0x80
00401036 |. 50 push eax
00401037 |. E8 34050000 call BE.00401570 //检测加密狗是否存在
0040103C |. 83C4 08 add esp,0x8
0040103F |. 85C0 test eax,eax
00401041 |. 0F85 78030000 jnz BE.004013BF //加密狗破解关键点一,不能让它跳
00401047 |. 8B8C24 C00000>mov ecx,dword ptr ss:[esp+0xC0]
0040104E |. 51 push ecx
0040104F |. 8D4C24 1C lea ecx,dword ptr ss:[esp+0x1C]
00401053 |. E8 5E960000 call <jmp.&MFC42.#CString::CString_537>
00401058 |. 8B7C24 18 mov edi,dword ptr ss:[esp+0x18]
0040105C |. 8D7424 28 lea esi,dword ptr ss:[esp+0x28]
00401060 |. 33D2 xor edx,edx
00401062 |. C78424 B40000>mov dword ptr ss:[esp+0xB4],0x0
0040106D |. 8B4F F8 mov ecx,dword ptr ds:[edi-0x8]
00401070 |. F3:A6 repe cmps byte ptr es:[edi],byte ptr ds:>
00401072 |. 0F84 48010000 je BE.004011C0
00401078 |. 8B8424 BC0000>mov eax,dword ptr ss:[esp+0xBC]
0040107F |. 85C0 test eax,eax
00401081 |. 0F84 05030000 je BE.0040138C
00401087 |. 68 18F54000 push BE.0040F518
0040108C |. 8D4C24 10 lea ecx,dword ptr ss:[esp+0x10]
00401090 |. E8 21960000 call <jmp.&MFC42.#CString::CString_537>
00401095 |. 8A9C24 C40000>mov bl,byte ptr ss:[esp+0xC4]
0040109C |. C68424 B40000>mov byte ptr ss:[esp+0xB4],0x1
004010A4 |. F6C3 02 test bl,0x2
新闻详情