《exe软件加密一机一码.doc》由会员分享,可在线阅读,更多相关《exe软件加密一机一码.doc(11页珍藏版)》请在金锄头文库上搜索。
1、 exe软件加密一机一码文本教程 exe软件加密一机一码软件 exe软件加密一机一码截图 exe软件加密一机一码步骤exe软件加密一机一码软件exe软件加密一机一码加密后软件截图exe软件加密一机一码加密软件2 截图如下下面公布下加密的原理 下面是方法:OD载入,很简单,esp定律进入, 8.0,9.0版本的都是一样的壳,9.7版本的不是这个壳了,后边的版本我没看,中断几次后就到了入口。这个壳没有难度就不一一讲述了。004A9BD3 $ E8 00000000 call 004A9BD8004A9BD8 $ 60 pushad004A9BD9 . E8 4F000000 call 004A9C
2、2D esp定律,硬件断点进入壳,004A9BDE . 3C 27 cmp al, 27004A9BE0 . 0BFC or edi, esp004A9BE2 . 67:6A 57 push 57004A9BE5 . 0FAF82 96B1A7imul eax, dword ptr edx+4AA7B196查找字符串00480BF4 mov eax, 00481040 播放授权不合法!00480C03 mov eax, 0048105C 播放授权不正确!00480C82 mov edx, 00481078 yaomediakj1jf00480D4B mov eax, 00481090 播放密码
3、不正确00480D70 push 004810A8 c:china-drm00480DAF push 004810C0 .ini00480E43 mov eax, 00481090 播放密码不正确00480E7C mov edx, 004810D0 yaomediakj2jf00480F6C mov eax, 00481090 播放密码不正确00480F98 mov edx, 004810E8 ok00481160 mov edx, 0048141C yaomediakj3jf00481288 mov edx, 00481434 300481294 push 00481440 c:china-
4、drm004812BD push 00481458 mediakjjf0048131A mov edx, 0048147C 00048148B mov eax, 004814B4 确信要退出吗?004814CE mov edx, 004814E8 ok进入00480C82 mov edx, 00481078 yaomediakj1jf 下断点进入 00481160 mov edx, 0048141C yaomediakj3jf 下断点之所以不在yaomediakj2jf下断点那是因为yaomediakj1jf和yaomediakj2jf很近而且这里连续有几个比较,直接跟随便输入8位密码,确定。
5、00480C82 BA 78104800 mov edx, 00481078 ; yaomediakj1jf00480C87 E8 CC3DF8FF call 00404A5800480C8C 8B85 C4FDFFFF mov eax, dword ptr ebp-23C00480C92 8D95 C8FDFFFF lea edx, dword ptr ebp-23800480C98 E8 7B2E0000 call 00483B1800480C9D 8B85 C8FDFFFF mov eax, dword ptr ebp-23800480CA3 8D95 CCFDFFFF lea edx,
6、 dword ptr ebp-23400480CA9 E8 7A7AF8FF call 0040872800480CAE 8B85 CCFDFFFF mov eax, dword ptr ebp-23400480CB4 8D95 E8FDFFFF lea edx, dword ptr ebp-21800480CBA E8 496AFEFF call 0046770800480CBF 8D85 E8FDFFFF lea eax, dword ptr ebp-21800480CC5 8D95 D0FDFFFF lea edx, dword ptr ebp-23000480CCB E8 AC6AFE
7、FF call 0046777C00480CD0 8B85 D0FDFFFF mov eax, dword ptr ebp-23000480CD6 8D8D D4FDFFFF lea ecx, dword ptr ebp-22C00480CDC BA 02000000 mov edx, 200480CE1 E8 42E9FAFF call 0042F62800480CE6 8B85 D4FDFFFF mov eax, dword ptr ebp-22C00480CEC 8D95 E8FDFFFF lea edx, dword ptr ebp-21800480CF2 E8 116AFEFF ca
8、ll 0046770800480CF7 8D85 E8FDFFFF lea eax, dword ptr ebp-21800480CFD 8D55 F0 lea edx, dword ptr ebp-1000480D00 E8 776AFEFF call 0046777C00480D05 8D8D C0FDFFFF lea ecx, dword ptr ebp-24000480D0B BA 02000000 mov edx, 200480D10 A1 D8AD4800 mov eax, dword ptr 48ADD800480D15 E8 0EE9FAFF call 0042F6280048
9、0D1A 8B85 C0FDFFFF mov eax, dword ptr ebp-24000480D20 8D95 E8FDFFFF lea edx, dword ptr ebp-21800480D26 E8 DD69FEFF call 0046770800480D2B 8D85 E8FDFFFF lea eax, dword ptr ebp-21800480D31 8D55 EC lea edx, dword ptr ebp-1400480D34 E8 436AFEFF call 0046777C00480D39 8B45 F0 mov eax, dword ptr ebp-10 ;这里放
10、入的是正确的前两位00480D3C 8B55 EC mov edx, dword ptr ebp-14 ; 注意这里,把你的密码的前两位放入eax进行比较00480D3F E8 583EF8FF call 00404B9C00480D44 0F95C0 setne al00480D47 84C0 test al, al00480D49 74 0F je short 00480D5A内存补丁只能够修改指令,有两种做法,一是直接修改00480D49 把je改成jne 我采用第二种做法,让eax和edx相等直接把00480D3C改为 mov edx,eax 或者是eax, dword ptr ebp
11、-10往下一共有4个地方需要改第二处00480E27 E8 4021F8FF call 00402F6C00480E2C E8 F31AF8FF call 0040292400480E31 8B45 F0 mov eax, dword ptr ebp-10 ; 真的00480E34 8B55 EC mov edx, dword ptr ebp-14 ; 假的00480E37 E8 603DF8FF call 00404B9C第三处00480E48 E8 77B8FAFF call 0042C6C400480E4D E9 69010000 jmp 00480FBB00480E52 8B45 F0 mov eax, dword ptr ebp-10 ; 真的00480E55 8B55 EC mov edx, dword ptr ebp-14 ; 假的00480E58 E8 3F3DF8FF call 00404B9C第四处00480F46 8D95 E8FDFFFF lea edx, dword ptr
