- 軟件大?。?span>24.41M
- 軟件語(yǔ)言:中文
- 軟件類型:國(guó)產(chǎn)軟件
- 軟件類別:免費(fèi)軟件 / 編程工具
- 更新時(shí)間:2023-03-17 19:07
- 運(yùn)行環(huán)境:WinAll, WinXP, Win7, Win8
- 軟件等級(jí):
- 軟件廠商:
- 官方網(wǎng)站:暫無(wú)
534.07M/中文/7.7
42.76M/中文/10.0
24KB/中文/10.0
1.37M/中文/0.0
25KB/中文/10.0
易語(yǔ)言4.14完美修改版是一款為易語(yǔ)言用戶打造的易語(yǔ)言4.14修改版最新版本,這個(gè)版本相對(duì)于其他版本,更加完美,綠色資源網(wǎng)小編為您準(zhǔn)備了最詳細(xì)的修改過(guò)程!喜歡就來(lái)瞧一瞧吧!
易語(yǔ)言降低了廣大電腦用戶編程的門檻,尤其是根本不懂英文或者英文了解很少的用戶,可以通過(guò)使用本語(yǔ)言極其快速地進(jìn)入Windows程序編寫(xiě)的大門。易語(yǔ)言漢語(yǔ)編程環(huán)境是一個(gè)支持基于漢語(yǔ)字、詞編程的、全可視化的、跨主流操作系統(tǒng)平臺(tái)的編程工具環(huán)境;擁有簡(jiǎn)、繁漢語(yǔ)以及英語(yǔ)、日語(yǔ)等多語(yǔ)種版本;能與常用的編程語(yǔ)言互相調(diào)用;具有充分利用API,COM、DLL、OCX組件,各種主流數(shù)據(jù)庫(kù),各種實(shí)用程序等多種資源的接口和支撐工具。
修改過(guò)程跟 易語(yǔ)言4.13 版本的時(shí)候基本相同,不過(guò)這次主要總結(jié)3個(gè)步驟即可到位~
----------------------
159544386.key [企業(yè)注冊(cè)版]
159544386 → [09800000 XOR 00027442] → 0x09827442(十六進(jìn)制) [硬件代碼計(jì)算值]
3A7FEF86D9A344BD279538025A6B881ED798010002DEEA0151B9C722075E0618F6B153ACB49B357E402DF46BB4169E78E7CD6760544CD4C4419373A6AEEA5B2CA46C0CDB3A2CD98E980EF419DBE10EA4F470B097172A44DB547D505DAF6187B8FCC4153A7FE91BEB33BE7FC71913C0FD26F7F6FE36B24C824FCFA51F2795EF0294CDC0C2F9917B370A5DB5F2D95BC05D328D0BA8D28442C2B451D7AE3E25E0585793F9BA8E4CC40460E58F38A49233145220218FEB7371944C5D41184B329739CB70792D6D04823C5AF45FE62DE7A3F6420FFECF6EAD0F8A83D9D21BF6433FABA1732B91CF085F0CDD4F0CA305FED4B717B4D1390B25ADD104578B63D252535BE04E362ADA6820117E8E274E7D93A0605EAD954C3AFFF3C8F4BADE8
----------------------
1.第一步如何找到注冊(cè)關(guān)鍵位置及修改方法,[企業(yè)注冊(cè)版]KEY的硬件代碼[159544386]計(jì)算過(guò)程...
//由于我們現(xiàn)在要修改的是 易語(yǔ)言 的硬盤(pán)注冊(cè)方式,所以首先我們查找取硬盤(pán)特征關(guān)鍵信息字符 "\\.\PhysicalDrive0"
----------------------
Ultra String Reference, 條目 553
Address=004314A6
Disassembly=PUSH e.005868B8
Text String=\\.\PhysicalDrive0
//在 [004314A6] 下硬件斷點(diǎn),然后F9運(yùn)行看看.
----------------------
00431490 /$ 81EC 54020000 SUB ESP, 254 ; ① 取硬盤(pán)硬件碼信息
00431496 |. 53 PUSH EBX
00431497 |. 33DB XOR EBX, EBX
00431499 |. 56 PUSH ESI
0043149A |. 53 PUSH EBX ; /hTemplateFile => NULL
0043149B |. 53 PUSH EBX ; |Attributes => 0
0043149C |. 6A 03 PUSH 3 ; |Mode = OPEN_EXISTING
0043149E |. 53 PUSH EBX ; |pSecurity => NULL
0043149F |. 6A 03 PUSH 3 ; |ShareMode = FILE_SHARE_READ|FILE_SHARE_WRITE
004314A1 |. 68 000000C0 PUSH C0000000 ; |access = GENERIC_READ|GENERIC_WRITE
004314A6 |. 68 B8685800 PUSH e.005868B8 ; |\\.\PhysicalDrive0
004314AB |. FF15 5CC25400 CALL DWORD PTR DS:[<&KERNEL32.CreateFile>; \CreateFileA
004314B1 |. 8BF0 MOV ESI, EAX
004314B3 |. 83FE FF CMP ESI, -1
004314B6 |. 0F84 C0000000 JE e.0043157C
......省略部分代碼
00431569 |> \56 PUSH ESI ; /hObject
0043156A |. FF15 78C25400 CALL DWORD PTR DS:[<&KERNEL32.CloseHandl>; \CloseHandle
00431570 |. 5F POP EDI
00431571 |. 8BC3 MOV EAX, EBX
00431573 |. 5E POP ESI
00431574 |. 5B POP EBX
00431575 |. 81C4 54020000 ADD ESP, 254
0043157B |. C3 RETN ; 這里返回到上一層
----------------------
004315B6 |. 8BD0 MOV EDX, EAX
004315B8 |. BE 01000000 MOV ESI, 1
004315BD |. 85D2 TEST EDX, EDX
004315BF |. 75 2E JNZ SHORT e.004315EF
......省略部分代碼
004315F5 |. /74 0A JE SHORT e.00431601
004315F7 |. |8BCA MOV ECX, EDX
004315F9 |. |F7D9 NEG ECX
004315FB |. |1BC9 SBB ECX, ECX
004315FD |. |23CE AND ECX, ESI
004315FF |. |8908 MOV DWORD PTR DS:[EAX], ECX
00431601 |> \8BC2 MOV EAX, EDX
00431603 |. 5E POP ESI
00431604 \. C3 RETN ; 這里返回到上一層
----------------------
......................
00457203 |. 8D4D F8 LEA ECX, [LOCAL.2]
00457206 |. 51 PUSH ECX
00457207 |. E8 A4A3FDFF CALL e.004315B0 ; ① 取硬盤(pán)硬件碼信息
0045720C |. 83C4 04 ADD ESP, 4 ; 這里出來(lái)以后很多花花(⊙o⊙)哦!
0045720F |. 8BF0 MOV ESI, EAX ; EAX = 取硬盤(pán)特征字()
......................
00457215 |. 85F6 TEST ESI, ESI
00457217 |. 75 25 JNZ SHORT e.0045723E
......................
0045721C |. FF05 18955900 INC DWORD PTR DS:[599518]
......................
00457225 |. 833D 18955900>CMP DWORD PTR DS:[599518], 6
0045722C |. 75 10 JNZ SHORT e.0045723E
......................
00457239 |. BE 73191511 MOV ESI, 11151973
......................
00457241 |. 85F6 TEST ESI, ESI
00457243 |. 0F84 F8010000 JE e.00457441
......................
00457254 |. FF15 4CC25400 CALL DWORD PTR DS:[<&KERNEL32.GetTickCou>; [GetTickCount
0045725A |. A3 D8925900 MOV DWORD PTR DS:[5992D8], EAX
......................
00457262 |. A1 1C8F5900 MOV EAX, DWORD PTR DS:[598F1C]
00457267 |. 85C0 TEST EAX, EAX
00457269 |. 74 29 JE SHORT e.00457294
......................
0045726E |. 56 PUSH ESI
0045726F |. E8 6CF0FFFF CALL e.004562E0
00457274 |. 35 9A3B5400 XOR EAX, 543B9A
00457279 |. 83C4 04 ADD ESP, 4
0045727C |. A3 70935900 MOV DWORD PTR DS:[599370], EAX
......................
00457285 |. 8135 70935900>XOR DWORD PTR DS:[599370], 8912FCD
0045728F |. E9 5A010000 jmp e.004573EE
00457294 |> 53 PUSH EBX
00457295 |. 57 PUSH EDI
......................
004572A1 |. 68 DC050000 PUSH 5DC
004572A6 |. 68 803E0000 PUSH 3E80
004572AB |. 68 71020000 PUSH 271
004572B0 |. 56 PUSH ESI
004572B1 |. E8 4A4F0800 CALL e.004DC200 ; ② 計(jì)算硬盤(pán)特征信息
004572B6 |. 83C4 10 ADD ESP, 10
004572B9 |. 8945 E0 MOV [LOCAL.8], EAX
......................
004572C7 |. 8BF0 |MOV ESI, EAX
004572C9 |. 25 FFFF0F00 |AND EAX, 0FFFFF
004572CE |. C1EE 10 |SHR ESI, 10
004572D1 |. 81E6 F0FF0000 |AND ESI, 0FFF0
004572D7 |. 33F0 |XOR ESI, EAX
......................
004572DC |. 68 2C010000 |PUSH 12C
004572E1 |. 68 401F0000 |PUSH 1F40
004572E6 |. 68 E2040000 |PUSH 4E2
004572EB |. 56 |PUSH ESI
004572EC |. E8 0F4F0800 |CALL e.004DC200 ; ② 計(jì)算硬盤(pán)特征信息
004572F1 |. 83C4 10 |ADD ESP, 10
004572F4 |. 8945 E4 |MOV [LOCAL.7], EAX
......................
004572FA |. 8BD8 |MOV EBX, EAX
004572FC |. 81E3 FF000000 |AND EBX, 0FF
......................
00457305 |. 8BC8 |MOV ECX, EAX
00457307 |. 81E1 000000FF |AND ECX, FF000000
......................
00457311 |. 25 00FF0000 |AND EAX, 0FF00
......................
00457324 |. BA E44C5900 |MOV EDX, e.00594CE4
00457329 |> 8B7A FC |/MOV EDI, DWORD PTR DS:[EDX-4] ; [EDX-4] = DS:[00594CE0]=CC051311
//DS:[00594CE0]此處需要修改內(nèi)存值,把 CC051311 改成 00000000
//00594CE0 00 00 00 00 ....
//暫時(shí)可以先記錄下來(lái)不進(jìn)行修改...
0045732C |. 85FF ||TEST EDI, EDI
0045732E |. 74 5F ||JE SHORT e.0045738F ; 必須跳,否則硬盤(pán)碼計(jì)算值則不等于 159544386
......................
00457337 |. 8B7A FC ||MOV EDI, DWORD PTR DS:[EDX-4]
0045733A |. 33FE ||XOR EDI, ESI
......................
00457340 |. 337A 08 ||XOR EDI, DWORD PTR DS:[EDX+8]
......................
0045734E |. 333A ||XOR EDI, DWORD PTR DS:[EDX]
......................
00457353 |. 3B7A 04 ||CMP EDI, DWORD PTR DS:[EDX+4]
00457356 |. 74 09 ||JE SHORT e.00457361
......................
0045735C |. 83C2 10 ||ADD EDX, 10
0045735F |.^ EB C8 |\JMP SHORT e.00457329
......................
00457365 |. 8B75 E0 |MOV ESI, [LOCAL.8]
00457368 |. 68 AC000000 |PUSH 0AC
0045736D |. 68 C4090000 |PUSH 9C4
00457372 |. 68 A00F0000 |PUSH 0FA0
00457377 |. 56 |PUSH ESI
00457378 |. E8 834E0800 |CALL e.004DC200 ; ② 計(jì)算硬盤(pán)特征信息
0045737D |. 83C4 10 |ADD ESP, 10
00457380 |. 33F0 |XOR ESI, EAX
00457382 |. 8975 E0 |MOV [LOCAL.8], ESI
......................
00457388 |. 8BC6 |MOV EAX, ESI
0045738A |.^ E9 2DFFFFFF \JMP e.004572BC
......................
00457396 |. 33D2 XOR EDX, EDX
00457398 |. 8A55 E6 MOV DL, BYTE PTR SS:[EBP-1A]
......................
004573C3 |. 33D3 XOR EDX, EBX
004573C5 |. 24 00 AND AL, 0
004573C7 |. C1E2 08 SHL EDX, 8
004573CA |. 33D0 XOR EDX, EAX
004573CC |. C1E9 04 SHR ECX, 4
004573CF |. C1E2 0C SHL EDX, 0C
004573D2 |. 81E1 0000F00F AND ECX, 0FF00000
004573D8 |. 33D1 XOR EDX, ECX
004573DA |. 0BD6 OR EDX, ESI
004573DC |. 81F2 5714C508 XOR EDX, 8C51457
004573E2 |. 8915 70935900 MOV DWORD PTR DS:[599370], EDX
......................
004573EC |. 5F POP EDI
004573ED |. 5B POP EBX
......................
004573F1 |. 8B15 D8925900 MOV EDX, DWORD PTR DS:[5992D8]
004573F7 |. 8B35 70935900 MOV ESI, DWORD PTR DS:[599370]
004573FD |. 33F2 XOR ESI, EDX
004573FF |. 8935 70935900 MOV DWORD PTR DS:[599370], ESI
......................
00457408 |. 8135 70935900>XOR DWORD PTR DS:[599370], 8C51457
......................
00457416 |. B9 488A5900 MOV ECX, e.00598A48
0045741B |. E8 70460500 CALL e.004ABA90 ; ③ KEY文件讀取
......................
0045742B |. A1 C0905900 MOV EAX, DWORD PTR DS:[5990C0]
00457430 |. 85C0 TEST EAX, EAX
00457432 |. 74 07 JE SHORT e.0045743B
......................
0045743F |. EB 1F JMP SHORT e.00457460
......................
00457445 |. A1 F4925900 MOV EAX, DWORD PTR DS:[5992F4]
0045744A |. 68 40714500 PUSH e.00457140 ; /Timerproc = e.00457140
0045744F |. 68 88130000 PUSH 1388 ; |Timeout = 5000. ms
00457454 |. 6A 70 PUSH 70 ; |TimerID = 70 (112.)
00457456 |. 8B48 1C MOV ECX, DWORD PTR DS:[EAX+1C] ; |
00457459 |. 51 PUSH ECX ; |hWnd
0045745A |. FF15 94C65400 CALL DWORD PTR DS:[<&USER32.SetTimer>] ; \SetTimer
......................
0045746B |. 5E POP ESI
0045746C |> 8BE5 MOV ESP, EBP
0045746E |. 5D POP EBP
0045746F \. C2 1000 RETN 10
----------------------
004DC200 /$ 8B4C24 0C MOV ECX, DWORD PTR SS:[ESP+C] ; ② 計(jì)算硬盤(pán)特征信息
004DC204 |. 55 PUSH EBP
004DC205 |. 8B6C24 14 MOV EBP, DWORD PTR SS:[ESP+14]
004DC209 |. 56 PUSH ESI
004DC20A |. 57 PUSH EDI
004DC20B |. 8B7C24 14 MOV EDI, DWORD PTR SS:[ESP+14]
004DC20F |. 85ED TEST EBP, EBP
004DC211 |. 7E 28 JLE SHORT e.004DC23B
004DC213 |. 8B7424 10 MOV ESI, DWORD PTR SS:[ESP+10]
004DC217 |. 53 PUSH EBX
004DC218 |. 8BDD MOV EBX, EBP
004DC21A |> 8BC6 /MOV EAX, ESI
004DC21C |. 33D2 |XOR EDX, EDX
004DC21E |. F7F7 |DIV EDI
004DC220 |. 8BC6 |MOV EAX, ESI
004DC222 |. 0FAFD1 |IMUL EDX, ECX
004DC225 |. 895424 14 |MOV DWORD PTR SS:[ESP+14], EDX
004DC229 |. 33D2 |XOR EDX, EDX
004DC22B |. F7F7 |DIV EDI
004DC22D |. 8B5424 14 |MOV EDX, DWORD PTR SS:[ESP+14]
004DC231 |. 03D0 |ADD EDX, EAX
004DC233 |. 4B |DEC EBX
004DC234 |. 8BF2 |MOV ESI, EDX
004DC236 |.^ 75 E2 \JNZ SHORT e.004DC21A
004DC238 |. 5B POP EBX
004DC239 |. EB 04 JMP SHORT e.004DC23F
004DC23B |> 8B7424 10 MOV ESI, DWORD PTR SS:[ESP+10]
004DC23F |> C1E1 0A SHL ECX, 0A
004DC242 |. 33CE XOR ECX, ESI
004DC244 |. 33CF XOR ECX, EDI
004DC246 |. 5F POP EDI
004DC247 |. 8BC1 MOV EAX, ECX
004DC249 |. 5E POP ESI
004DC24A |. C1E0 04 SHL EAX, 4
004DC24D |. 33C5 XOR EAX, EBP
004DC24F |. 5D POP EBP
004DC250 |. C1E0 14 SHL EAX, 14
004DC253 |. 33C1 XOR EAX, ECX
004DC255 \. C3 RETN
//此處需要修改一下返回值,修改如下:
//004DC255 . /E9 B6EF0600 JMP e.0054B210
//0054B210 > \8035 80825900>XOR BYTE PTR DS:[598280], 0FF ; 標(biāo)記是否返回計(jì)算硬件代碼
//0054B217 . 74 05 JE SHORT e.0054B21E
//0054B219 . B8 42740200 MOV EAX, 27442 ; 硬件代碼后5位
//0054B21E > C3 RETN
//到此,第一步分析和修改基本完成,保存修改內(nèi)容后先不要重新載入OD.
//用UE或winhex修改[00594CE0-00400000=00194CE0]此處修改內(nèi)容,把 "11 13 05 CC" 改成 "00 00 00 00"
//修改好以后保存文件,再使用OD重新載入!
//此時(shí),[F9]運(yùn)行后,易語(yǔ)言會(huì)出現(xiàn)"系統(tǒng)執(zhí)行文件被非法修改,請(qǐng)檢查病毒并重新安裝!"的文件校驗(yàn)錯(cuò)誤提示...
----------------------
2.第二步如何定位文件校驗(yàn)關(guān)鍵位置及修改方法...
//因?yàn)樾薷暮蟮闹鞒绦蛟谶\(yùn)行時(shí)會(huì)出現(xiàn)信息框提示,那最簡(jiǎn)單的方法也就是直接API斷點(diǎn): BP MessageBoxA
----------------------
004317AF |. 53 PUSH EBX ; /Style
004317B0 |. 50 PUSH EAX ; |Title
004317B1 |. 51 PUSH ECX ; |Text
004317B2 |. 57 PUSH EDI ; |hOwner
004317B3 |. FF15 80C65400 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
004317B9 |. 8BF0 MOV ESI, EAX
0012F00C 004317B9 /CALL 到 MessageBoxA 來(lái)自 e.004317B3
0012F010 00000000 |hOwner = NULL
0012F014 01096EE8 |Text = "系統(tǒng)執(zhí)行文件被非法修改,請(qǐng)檢查病毒并重新安裝!"
0012F018 01096F38 |Title = "警告:"
0012F01C 00000010 \Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
//斷點(diǎn)停下來(lái)后我們返回跟蹤
----------------------
0045F493 > \E8 A8BC0700 CALL e.004DB140
0045F498 . 83C4 04 ADD ESP, 4 ; 返回到這里后,往上看跳轉(zhuǎn)判斷
0045EABF . 8BCB MOV ECX, EBX
0045EAC1 . E8 EAA1FFFF CALL e.00458CB0 ; ① 文件校驗(yàn)CALL
0045EAC6 . 85C0 TEST EAX, EAX
0045EAC8 . /75 0A JNZ SHORT e.0045EAD4 ; 文件校驗(yàn)正確則跳
0045EACA . 68 64A75800 PUSH e.0058A764
0045EACF . E9 BF090000 JMP e.0045F493
----------------------
00458CB0 /$ 55 PUSH EBP
00458CB1 |. 8BEC MOV EBP, ESP
00458CB3 |. 6A FF PUSH -1
00458CB5 |. 68 38FC5300 PUSH e.0053FC38 ; SE 處理程序安裝
00458CBA |. 64:A1 0000000>MOV EAX, DWORD PTR FS:[0]
00458CC0 |. 50 PUSH EAX
00458CC1 |. 64:8925 00000>MOV DWORD PTR FS:[0], ESP
00458CC8 |. 81EC C40F0000 SUB ESP, 0FC4
00458CCE |. 53 PUSH EBX
00458CCF |. 56 PUSH ESI
00458CD0 |. 57 PUSH EDI
00458CD1 |. 8BF1 MOV ESI, ECX
00458CD3 |. 8965 F0 MOV [LOCAL.4], ESP
00458CD6 |. 8975 EC MOV [LOCAL.5], ESI
......................
00458DA4 |> \3B7C9D D4 |CMP EDI, DWORD PTR SS:[EBP+EBX*4-2C] ; 在此記錄 EDI 的值及 SS:[EBP+EBX*4-2C] 的值
00458DA8 |. 75 11 |JNZ SHORT e.00458DBB
00458DAA |. 8B449D E4 |MOV EAX, DWORD PTR SS:[EBP+EBX*4-1C]
00458DAE |. 85C0 |TEST EAX, EAX
00458DB0 |. 75 09 |JNZ SHORT e.00458DBB
00458DB2 |. 8B75 EC |MOV ESI, [LOCAL.5]
00458DB5 |. 43 |INC EBX
00458DB6 |.^ E9 6FFFFFFF \JMP e.00458D2A
----------------------
堆棧 SS:[0012FBC0]=003EDA14 ; 原主程序文件校驗(yàn)值 [1]
EDI=000C64FE ; 現(xiàn)修改程序文件校驗(yàn)值 [1]
堆棧 SS:[0012FBC4]=0023D5F1 ; 原主程序文件校驗(yàn)值 [2]
EDI=0047E5F1 ; 現(xiàn)修改程序文件校驗(yàn)值 [2]
----------------------
//記錄完畢兩個(gè)校驗(yàn)值以后,關(guān)閉OD~ 是用UE或WinHex工具打開(kāi)主程序并查找十六進(jìn)制 "14DA3E00" 和 "F1D52300"
//找到以后,直接對(duì)應(yīng)修改為現(xiàn)修改程序文件校驗(yàn)值 "FE640C00" 和 "F1E54700",最好還是把修改地址也記錄一下,因?yàn)橐粫?huì)還需要用到!
//修改完成后,保存文件,運(yùn)行主程序看看...O(∩_∩)O哈!沒(méi)有提示了,而且也成功注冊(cè)了,第二步就算完成了~
//但先別開(kāi)心,因?yàn)橐渍Z(yǔ)言還有一個(gè)比較隱蔽的內(nèi)存校驗(yàn),如果不修改這個(gè)校驗(yàn)的話,所編譯出來(lái)的程序是不會(huì)正常的!
----------------------
3.第三步,定位內(nèi)存校驗(yàn)關(guān)鍵位置及修改方法...
//以前有些易語(yǔ)言修改版出現(xiàn)編譯程序不穩(wěn)定的情況,就都是由于內(nèi)存校驗(yàn)這部分在作怪!
----------------------
//用OD重新載入 [原版的主程序],然后直接在 OEP 處下 "內(nèi)存訪問(wèn)" 斷點(diǎn)...//下完內(nèi)存斷點(diǎn)以后,并我們把之前所有的斷點(diǎn)都取消,然后[F9]運(yùn)行看看~
----------------------
00F29131 8A68 01 MOV CH, BYTE PTR DS:[EAX+1] ; 內(nèi)存斷點(diǎn)在此處停下來(lái)了 [dp1.00F29131]
00F29134 8A50 FF MOV DL, BYTE PTR DS:[EAX-1]
00F29137 8A08 MOV CL, BYTE PTR DS:[EAX]
00F29139 83C0 04 ADD EAX, 4
00F2913C C1E1 08 SHL ECX, 8
00F2913F 0BCA OR ECX, EDX
00F29141 33D2 XOR EDX, EDX
00F29143 8A50 FA MOV DL, BYTE PTR DS:[EAX-6]
00F29146 83C6 04 ADD ESI, 4
00F29149 C1E1 08 SHL ECX, 8
00F2914C 0BCA OR ECX, EDX
00F2914E 894E FC MOV DWORD PTR DS:[ESI-4], ECX
00F29151 8D0C07 LEA ECX, DWORD PTR DS:[EDI+EAX]
00F29154 3BCD CMP ECX, EBP
00F29156 ^ 72 D5 JB SHORT dp1.00F2912D
00F29158 5F POP EDI
00F29159 5E POP ESI
00F2915A 5D POP EBP
00F2915B C2 0C00 RETN 0C ; 返回
----------------------
004989DC |. 8B4C24 28 MOV ECX, DWORD PTR SS:[ESP+28]
004989E0 |. 8B5424 24 MOV EDX, DWORD PTR SS:[ESP+24]
004989E4 |. 51 PUSH ECX
004989E5 |. 8B4C24 24 MOV ECX, DWORD PTR SS:[ESP+24]
004989E9 |. 52 PUSH EDX
004989EA |. 51 PUSH ECX
004989EB |. FFD0 CALL EAX ; CALL dp1.MGetMD5
004989ED |. 8D4C24 08 LEA ECX, DWORD PTR SS:[ESP+8] ; 返回到此處
004989F1 |. C74424 18 FFF>MOV DWORD PTR SS:[ESP+18], -1
//現(xiàn)在找到了取內(nèi)存校驗(yàn)值的位置了,往上面下個(gè)硬件斷點(diǎn),然后再重新載入 [已修改過(guò)的主程序] 運(yùn)行分析看看...
----------------------
00498940 /$ 6A FF PUSH -1 ; 取程序內(nèi)存數(shù)據(jù)MD5
00498942 |. 68 C83F5400 PUSH e.00543FC8 ; SE 處理程序安裝
00498947 |. 64:A1 0000000>MOV EAX, DWORD PTR FS:[0]
0049894D |. 50 PUSH EAX
0049894E |. 64:8925 00000>MOV DWORD PTR FS:[0], ESP
00498955 |. 83EC 08 SUB ESP, 8
00498958 |. 56 PUSH ESI
00498959 |. 8BF1 MOV ESI, ECX
0049895B |. 57 PUSH EDI
0049895C |. 68 742C5700 PUSH e.00572C74 ; ASCII "lib"
00498961 |. 8D86 94080000 LEA EAX, DWORD PTR DS:[ESI+894]
00498967 |. 8D4C24 10 LEA ECX, DWORD PTR SS:[ESP+10]
0049896B |. 50 PUSH EAX
0049896C |. 51 PUSH ECX
0049896D |. E8 5DFE0700 CALL e.005187CF
00498972 |. 68 D8AB5800 PUSH e.0058ABD8 ; ASCII "\dp1.fne"
00498977 |. 8D5424 0C LEA EDX, DWORD PTR SS:[ESP+C]
0049897B |. 50 PUSH EAX
0049897C |. 52 PUSH EDX
0049897D |. C74424 24 000>MOV DWORD PTR SS:[ESP+24], 0
00498985 |. E8 45FE0700 CALL e.005187CF
0049898A |. 8D4C24 0C LEA ECX, DWORD PTR SS:[ESP+C]
0049898E |. C64424 18 02 MOV BYTE PTR SS:[ESP+18], 2
00498993 |. E8 EEFB0700 CALL e.00518586
00498998 |. 8B7C24 2C MOV EDI, DWORD PTR SS:[ESP+2C]
0049899C |. 85FF TEST EDI, EDI
0049899E |. 74 07 JE SHORT e.004989A7
004989A0 |. 8BCF MOV ECX, EDI
004989A2 |. E8 6AFB0700 CALL e.00518511
004989A7 |> 8B86 DC090000 MOV EAX, DWORD PTR DS:[ESI+9DC]
004989AD |. 85C0 TEST EAX, EAX
004989AF |. 75 11 JNZ SHORT e.004989C2
004989B1 |. 8B4424 08 MOV EAX, DWORD PTR SS:[ESP+8]
004989B5 |. 50 PUSH EAX ; /FileName
004989B6 |. FF15 2CC45400 CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar>; \LoadLibraryA
004989BC |. 8986 DC090000 MOV DWORD PTR DS:[ESI+9DC], EAX
004989C2 |> 8BB6 DC090000 MOV ESI, DWORD PTR DS:[ESI+9DC]
004989C8 |. 85F6 TEST ESI, ESI
004989CA |. 74 4A JE SHORT e.00498A16
004989CC |. 68 90065900 PUSH e.00590690 ; /ProcNameOrOrdinal = "MGetMD5"
004989D1 |. 56 PUSH ESI ; |hModule
004989D2 |. FF15 30C45400 CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; \GetProcAddress
004989D8 |. 85C0 TEST EAX, EAX
004989DA |. 74 3A JE SHORT e.00498A16
004989DC |. 8B4C24 28 MOV ECX, DWORD PTR SS:[ESP+28]
004989E0 |. 8B5424 24 MOV EDX, DWORD PTR SS:[ESP+24]
004989E4 |. 51 PUSH ECX
004989E5 |. 8B4C24 24 MOV ECX, DWORD PTR SS:[ESP+24]
004989E9 |. 52 PUSH EDX
004989EA |. 51 PUSH ECX
004989EB |. FFD0 CALL EAX ; CALL dp1.MGetMD5
//當(dāng) [ESP]=00401000 時(shí)注意把所有修改過(guò)的代碼及斷點(diǎn)取消,并把正確的MD5值記錄下來(lái)!
//0012F354 00401000 校驗(yàn)起始指針,
//0012F358 0014A20A 校驗(yàn)數(shù)據(jù)大小
//0012F35C 0012F398 ASCII "92070940bbb01c83641fcef4758b5a72"
//易語(yǔ)言 4.14 對(duì)應(yīng)正確的MD5值 92070940bbb01c83641fcef4758b5a72
004989ED |. 8D4C24 08 LEA ECX, DWORD PTR SS:[ESP+8] ; 返回到此處
004989F1 |. C74424 18 FFF>MOV DWORD PTR SS:[ESP+18], -1
004989F9 |. E8 88FB0700 CALL e.00518586
004989FE |. 5F POP EDI
004989FF |. B8 01000000 MOV EAX, 1
00498A04 |. 5E POP ESI
00498A05 |. 8B4C24 08 MOV ECX, DWORD PTR SS:[ESP+8]
00498A09 |. 64:890D 00000>MOV DWORD PTR FS:[0], ECX
00498A10 |. 83C4 14 ADD ESP, 14
00498A13 |. C2 1000 RETN 10
00498A16 |> 85FF TEST EDI, EDI
00498A18 |. 74 32 JE SHORT e.00498A4C
00498A1A |. 8B5424 08 MOV EDX, DWORD PTR SS:[ESP+8]
00498A1E |. 8D4424 2C LEA EAX, DWORD PTR SS:[ESP+2C]
00498A22 |. 52 PUSH EDX
00498A23 |. 68 7C065900 PUSH e.0059067C
00498A28 |. 50 PUSH EAX
00498A29 |. E8 D2620400 CALL e.004DED00
00498A2E |. 83C4 0C ADD ESP, 0C
00498A31 |. 50 PUSH EAX
00498A32 |. 8BCF MOV ECX, EDI
00498A34 |. C64424 1C 03 MOV BYTE PTR SS:[ESP+1C], 3
00498A39 |. E8 35FC0700 CALL e.00518673
00498A3E |. 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+2C]
00498A42 |. C64424 18 02 MOV BYTE PTR SS:[ESP+18], 2
00498A47 |. E8 3AFB0700 CALL e.00518586
00498A4C |> 8D4C24 08 LEA ECX, DWORD PTR SS:[ESP+8]
00498A50 |. C74424 18 FFF>MOV DWORD PTR SS:[ESP+18], -1
00498A58 |. E8 29FB0700 CALL e.00518586
00498A5D |. 8B4C24 10 MOV ECX, DWORD PTR SS:[ESP+10]
00498A61 |. 5F POP EDI
00498A62 |. 33C0 XOR EAX, EAX
00498A64 |. 5E POP ESI
00498A65 |. 64:890D 00000>MOV DWORD PTR FS:[0], ECX
00498A6C |. 83C4 14 ADD ESP, 14
00498A6F \. C2 1000 RETN 10
//我們就在 [004989EB] 此處進(jìn)行修改修改吧,O(∩_∩)O~
//記得是修改 [已經(jīng)修改過(guò)] 的那個(gè)主程序文件噢...
004989EB . /E9 30280B00 JMP e_cr_4_1.0054B220
004989F0 |90 NOP
0054B220 > \FFD0 CALL EAX
0054B222 . 8D4C24 08 LEA ECX, DWORD PTR SS:[ESP+8]
0054B226 . 3E:817C24 F4 >CMP DWORD PTR DS:[ESP-C], e.00401000 ; 入口地址
0054B22F . 75 3E JNZ SHORT e.0054B26F
0054B231 . 3E:8B7C24 FC MOV EDI, DWORD PTR DS:[ESP-4]
0054B236 . C707 39323037 MOV DWORD PTR DS:[EDI], 37303239
0054B23C . C747 04 30393>MOV DWORD PTR DS:[EDI+4], 30343930
0054B243 . C747 08 62626>MOV DWORD PTR DS:[EDI+8], 30626262
0054B24A . C747 0C 31633>MOV DWORD PTR DS:[EDI+C], 33386331
0054B251 . C747 10 36343>MOV DWORD PTR DS:[EDI+10], 66313436
0054B258 . C747 14 63656>MOV DWORD PTR DS:[EDI+14], 34666563
0054B25F . C747 18 37353>MOV DWORD PTR DS:[EDI+18], 62383537
0054B266 . C747 1C 35613>MOV DWORD PTR DS:[EDI+1C], 32376135
0054B26D . 33FF XOR EDI, EDI
0054B26F >^ E9 7DD7F4FF JMP e.004989F1
//修改完畢以后記得保存,不然白做了...
//最后我們還得重復(fù)一次 第二步 的文件校驗(yàn)值的修改!
----------------------
堆棧 SS:[0012FBC0]=000C64FE ; 原主程序文件校驗(yàn)值 [1]
EDI=00135283 ; 現(xiàn)修改程序文件校驗(yàn)值 [1]
堆棧 SS:[0012FBC4]=0047E5F1 ; 原主程序文件校驗(yàn)值 [2]
EDI=0047E5F1 ; 現(xiàn)修改程序文件校驗(yàn)值 [1]
----------------------
//到此為止...整個(gè)修改過(guò)程已經(jīng)結(jié)束了~
//歡迎各位大俠們對(duì)此修改進(jìn)行完美性的測(cè)試,也希望能與大家多多交流...
//授人以魚(yú),不如授之以漁,授人以魚(yú)只救一時(shí)之急,授人以漁則可解一生之需。
//此次我就偷懶一下,不把修改好的文件發(fā)出來(lái)共享了,就只分享一下我的修改過(guò)程!
//也希望能讓你們有一個(gè)親自動(dòng)手學(xué)習(xí)的機(jī)會(huì)!
--------------------------------------------------------------------------------
【經(jīng)驗(yàn)總結(jié)】
1.修改程序取硬盤(pán)特征數(shù)值的算法過(guò)程,實(shí)現(xiàn)欺騙注冊(cè);
2.修改程序?qū)ψ陨砦募r?yàn)的兩個(gè)值;
3.替換主程序內(nèi)存校驗(yàn)值,實(shí)現(xiàn)欺騙校驗(yàn)取值,并再次修改程序自身文件校驗(yàn)值!
易語(yǔ)言4.14版相對(duì)于4.13更新說(shuō)明:
對(duì)易語(yǔ)言核心支持庫(kù)、編譯器、開(kāi)發(fā)環(huán)境的更新:
1.修復(fù)了打印機(jī)對(duì)象的自定義紙張尺寸的支持問(wèn)題
2.修復(fù)了打印機(jī)對(duì)象的打印份數(shù)的支持問(wèn)題
3.修復(fù)了滑塊條的選擇長(zhǎng)度不能到最大的問(wèn)題
對(duì)其它支持庫(kù)的更新:
1.修改XML解析支持庫(kù),解決“XML樹(shù).取節(jié)點(diǎn)值文本()”返回的文本會(huì)失效的BUG。
2.修改高級(jí)表格支持庫(kù),解決在鼠標(biāo)按下和抬起之間收到時(shí)鐘周期事件的情況下,無(wú)法收到“被單擊”事件的BUG。
3.修改擴(kuò)展界面支持庫(kù)三,解決單擊卷簾菜單后導(dǎo)致日期框不能彈出下拉窗口的BUG。
4.修改XP風(fēng)格支持庫(kù),解決GDI資源泄露,以及在使用通用組件庫(kù)六時(shí)組合框標(biāo)題出現(xiàn)重影的BUG。
5.修改擴(kuò)展界面支持庫(kù)一,解決樹(shù)形框項(xiàng)目無(wú)法通過(guò)鼠標(biāo)點(diǎn)擊進(jìn)入編輯狀態(tài)的BUG。
6.修改高級(jí)表格支持庫(kù),解決插入行/插入列在未指定行號(hào)/列號(hào)的情況下插入位置不正確的BUG。
7.修改文本語(yǔ)音轉(zhuǎn)換支持庫(kù),增加“機(jī)讀文本.重新創(chuàng)建并初始化()”方法。
8.修改擴(kuò)展界面支持庫(kù)三,解決高級(jí)選擇夾會(huì)導(dǎo)致所在窗口的收不到“首次激活”事件的BUG,相應(yīng)地修改了核心庫(kù)和開(kāi)發(fā)環(huán)境。
9.為所有支持庫(kù)文件統(tǒng)一添加了版本信息。
10.修改應(yīng)用接口支持庫(kù),增強(qiáng)“取快捷方式目標(biāo)”命令功能,可以獲取目標(biāo)、參數(shù)、啟始位置、圖標(biāo)、運(yùn)行方式、快捷鍵、備注等信息。
請(qǐng)描述您所遇到的錯(cuò)誤,我們將盡快予以修正,謝謝!
*必填項(xiàng),請(qǐng)輸入內(nèi)容