CCProxy 某版本破解过程详解
下断点bpx 403137
:00403101 8D4C2410 lea ecx, dword ptr [esp+10]
:00403105 E8A22A0200 call 00425BAC
:0040310A 8D8C24C4100000 lea ecx, dword ptr [esp+000010C4]
:00403111 8D9424C4040000 lea edx, dword ptr [esp+000004C4]
:00403118 51 push ecx
:00403119 8D8424C80C0000 lea eax, dword ptr [esp+00000CC8]
:00403120 52 push edx
:00403121 50 push eax
:00403122 E889F3FFFF call 004024B0
:00403127 8D8C24D0080000 lea ecx, dword ptr [esp+000008D0]
:0040312E 6A0C push 0000000C
:00403130 8D9424D4100000 lea edx, dword ptr [esp+000010D4]
:00403137 51 push ecx –>d edx 可以看到序列号
:00403138 52 push edx
:00403139 E8E2040100 call 00413620
:0040313E 8B0D84C94300 mov ecx, dword ptr [0043C984]
:00403144 83C418 add esp, 00000018
:00403147 A350C24300 mov dword ptr [0043C250], eax
:0040314C 894C2414 mov dword ptr [esp+14], ecx
:00403150 85C0 test eax, eax
:00403152 C68424CC14000005 mov byte ptr [esp+000014CC], 05
:0040315A 7415 je 00403171
* Possible Reference to String Resource ID=00128: “代理服务器 CCProxy v3.94 (5用户演示版)”
|
:0040315C 6880000000 push 00000080
:00403161 8D4C2418 lea ecx, dword ptr [esp+18]
:00403165 E80C270200 call 00425876
:0040316A 8B542414 mov edx, dword ptr [esp+14]
:0040316E 52 push edx
:0040316F EB10 jmp 00403181
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040315A(C)
|
* Possible Reference to String Resource ID=00127: “代理服务器 CCProxy v3.94”
|
:00403171 6A7F push 0000007F
:00403173 8D4C2418 lea ecx, dword ptr [esp+18]
:00403177 E8FA260200 call 00425876
:0040317C 8B442414 mov eax, dword ptr [esp+14]
:00403180 50 push eax
————————————————————————————————————–
————————————————————————————————————–
在”关于”中注册输入刚才得到的序列号并下断点bpx 4047cf
* Possible StringData Ref from Data Obj ->”system”
|
:004047BC 6848C14300 push 0043C148
:004047C1 FFD3 call ebx
:004047C3 8BB620020000 mov esi, dword ptr [esi+00000220]
:004047C9 6A0C push 0000000C
:004047CB 8D442414 lea eax, dword ptr [esp+14]
:004047CF 56 push esi –>e eax 可以看到注册号
:004047D0 50 push eax
:004047D1 E84AEE0000 call 00413620
:004047D6 83C40C add esp, 0000000C
:004047D9 85C0 test eax, eax
:004047DB 5F pop edi
:004047DC 5E pop esi
:004047DD 5B pop ebx
* Possible Reference to Dialog: DialogID_0088, CONTROL_ID:00FF, “”
|
:004047DE 6AFF push FFFFFFFF
:004047E0 6A40 push 00000040
:004047E2 750B jne 004047EF
* Possible Reference to String Resource ID=00125: “注册成功”
|
:004047E4 6A7D push 0000007D
:004047E6 E898520200 call 00429A83
:004047EB 33C0 xor eax, eax
:004047ED EB0C jmp 004047FB
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004047E2(C)
|
* Possible Reference to String Resource ID=00126: “注册失败”
|
:004047EF 6A7E push 0000007E
:004047F1 E88D520200 call 00429A83
:004047F6 B801000000 mov eax, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004047ED(U)
|
:004047FB 8B0D84C94300 mov ecx, dword ptr [0043C984]
:00404801 A350C24300 mov dword ptr [0043C250], eax
:00404806 894C2400 mov dword ptr [esp], ecx
:0040480A 85C0 test eax, eax
:0040480C C784240C04000000000000 mov dword ptr [esp+0000040C], 00000000
:00404817 7407 je 00404820
好注册成功了
如果要暴破把
:0040315A 7415 je 00403171 –>jmp 00403171
:004047E2 750B jne 004047EF –>nop
nop
