- 軟件大小(xiǎo):24.41M
- 軟(ruǎn)件語言:中文
- 軟件類型:國產軟件
- 軟件類別:免(miǎn)費軟件 / 編程工具
- 更新時間:2023-03-17 19:07
- 運行環境:WinAll, WinXP, Win7, Win8
- 軟件(jiàn)等級:
- 軟件廠商:
- 官(guān)方網站:暫(zàn)無
頂好(hǎo)評(píng):50%
踩(cǎi)壞(huài)評:50
網(wǎng)友評分:8 
534.07M/中文/7.7
42.76M/中文/10.0
24KB/中文/10.0
1.37M/中(zhōng)文(wén)/0.0
25KB/中文/10.0
易語言(yán)4.14完美修改版(bǎn)是一款為(wéi)易語言用戶(hù)打造的易語言4.14修改版最(zuì)新版(bǎn)本,這個版本相(xiàng)對於其他版本,更加完美,綠(lǜ)色資源網(wǎng)小編為您準備了最詳細的修(xiū)改(gǎi)過程!喜歡就來瞧一瞧吧!
易語(yǔ)言降(jiàng)低了廣大電腦用戶編(biān)程(chéng)的門檻(kǎn),尤其(qí)是根本不懂英文或者英文了解很少的用戶,可以通(tōng)過使用本語(yǔ)言極其快速地(dì)進入Windows程序編寫(xiě)的大門。易語言漢語編程(chéng)環境是一個(gè)支持基於漢語字、詞編程的、全可視化的、跨主流操作係統平台的編程工(gōng)具(jù)環境;擁(yōng)有(yǒu)簡、繁漢(hàn)語以及(jí)英語、日語等(děng)多語種版本;能與常用的編程語言互相(xiàng)調用;具有充分利用API,COM、DLL、OCX組件,各種主流數據庫,各種(zhǒng)實用(yòng)程序等多種資源(yuán)的接口和支撐工具。
修改過程(chéng)跟 易語言4.13 版本的時候基本(běn)相同,不過(guò)這(zhè)次(cì)主要總結3個步驟即可到位~
----------------------
159544386.key [企業注冊版]
159544386 → [09800000 XOR 00027442] → 0x09827442(十六(liù)進製) [硬件代碼計算(suàn)值]
3A7FEF86D9A344BD279538025A6B881ED798010002DEEA0151B9C722075E0618F6B153ACB49B357E402DF46BB4169E78E7CD6760544CD4C4419373A6AEEA5B2CA46C0CDB3A2CD98E980EF419DBE10EA4F470B097172A44DB547D505DAF6187B8FCC4153A7FE91BEB33BE7FC71913C0FD26F7F6FE36B24C824FCFA51F2795EF0294CDC0C2F9917B370A5DB5F2D95BC05D328D0BA8D28442C2B451D7AE3E25E0585793F9BA8E4CC40460E58F38A49233145220218FEB7371944C5D41184B329739CB70792D6D04823C5AF45FE62DE7A3F6420FFECF6EAD0F8A83D9D21BF6433FABA1732B91CF085F0CDD4F0CA305FED4B717B4D1390B25ADD104578B63D252535BE04E362ADA6820117E8E274E7D93A0605EAD954C3AFFF3C8F4BADE8
----------------------
1.第一步如何(hé)找到注冊(cè)關鍵位置及修(xiū)改方法(fǎ),[企業注冊版]KEY的硬件(jiàn)代(dài)碼(mǎ)[159544386]計算過程...
//由於我們現在(zài)要修改的是(shì) 易(yì)語言(yán) 的(de)硬盤注(zhù)冊方式,所以首先我們查找取硬盤(pán)特征(zhēng)關鍵信息字符 "\\.\PhysicalDrive0"
----------------------
Ultra String Reference, 條目(mù) 553
Address=004314A6
Disassembly=PUSH e.005868B8
Text String=\\.\PhysicalDrive0
//在 [004314A6] 下硬件(jiàn)斷點,然後F9運行看看.
----------------------
00431490 /$ 81EC 54020000 SUB ESP, 254 ; ① 取硬盤硬件(jiàn)碼信(xìn)息
00431496 |. 53 PUSH EBX
00431497 |. 33DB XOR EBX, EBX
00431499 |. 56 PUSH ESI
0043149A |. 53 PUSH EBX ; /hTemplateFile => NULL
0043149B |. 53 PUSH EBX ; |Attributes => 0
0043149C |. 6A 03 PUSH 3 ; |Mode = OPEN_EXISTING
0043149E |. 53 PUSH EBX ; |pSecurity => NULL
0043149F |. 6A 03 PUSH 3 ; |ShareMode = FILE_SHARE_READ|FILE_SHARE_WRITE
004314A1 |. 68 000000C0 PUSH C0000000 ; |access = GENERIC_READ|GENERIC_WRITE
004314A6 |. 68 B8685800 PUSH e.005868B8 ; |\\.\PhysicalDrive0
004314AB |. FF15 5CC25400 CALL DWORD PTR DS:[<&KERNEL32.CreateFile>; \CreateFileA
004314B1 |. 8BF0 MOV ESI, EAX
004314B3 |. 83FE FF CMP ESI, -1
004314B6 |. 0F84 C0000000 JE e.0043157C
......省略部分代碼
00431569 |> \56 PUSH ESI ; /hObject
0043156A |. FF15 78C25400 CALL DWORD PTR DS:[<&KERNEL32.CloseHandl>; \CloseHandle
00431570 |. 5F POP EDI
00431571 |. 8BC3 MOV EAX, EBX
00431573 |. 5E POP ESI
00431574 |. 5B POP EBX
00431575 |. 81C4 54020000 ADD ESP, 254
0043157B |. C3 RETN ; 這裏返回到上一層
----------------------
004315B6 |. 8BD0 MOV EDX, EAX
004315B8 |. BE 01000000 MOV ESI, 1
004315BD |. 85D2 TEST EDX, EDX
004315BF |. 75 2E JNZ SHORT e.004315EF
......省(shěng)略部分代碼
004315F5 |. /74 0A JE SHORT e.00431601
004315F7 |. |8BCA MOV ECX, EDX
004315F9 |. |F7D9 NEG ECX
004315FB |. |1BC9 SBB ECX, ECX
004315FD |. |23CE AND ECX, ESI
004315FF |. |8908 MOV DWORD PTR DS:[EAX], ECX
00431601 |> \8BC2 MOV EAX, EDX
00431603 |. 5E POP ESI
00431604 \. C3 RETN ; 這裏返回到(dào)上一層
----------------------
......................
00457203 |. 8D4D F8 LEA ECX, [LOCAL.2]
00457206 |. 51 PUSH ECX
00457207 |. E8 A4A3FDFF CALL e.004315B0 ; ① 取硬盤硬(yìng)件(jiàn)碼信息
0045720C |. 83C4 04 ADD ESP, 4 ; 這裏(lǐ)出來以後很多花花(huā)(⊙o⊙)哦!
0045720F |. 8BF0 MOV ESI, EAX ; EAX = 取硬盤特征字(zì)()
......................
00457215 |. 85F6 TEST ESI, ESI
00457217 |. 75 25 JNZ SHORT e.0045723E
......................
0045721C |. FF05 18955900 INC DWORD PTR DS:[599518]
......................
00457225 |. 833D 18955900>CMP DWORD PTR DS:[599518], 6
0045722C |. 75 10 JNZ SHORT e.0045723E
......................
00457239 |. BE 73191511 MOV ESI, 11151973
......................
00457241 |. 85F6 TEST ESI, ESI
00457243 |. 0F84 F8010000 JE e.00457441
......................
00457254 |. FF15 4CC25400 CALL DWORD PTR DS:[<&KERNEL32.GetTickCou>; [GetTickCount
0045725A |. A3 D8925900 MOV DWORD PTR DS:[5992D8], EAX
......................
00457262 |. A1 1C8F5900 MOV EAX, DWORD PTR DS:[598F1C]
00457267 |. 85C0 TEST EAX, EAX
00457269 |. 74 29 JE SHORT e.00457294
......................
0045726E |. 56 PUSH ESI
0045726F |. E8 6CF0FFFF CALL e.004562E0
00457274 |. 35 9A3B5400 XOR EAX, 543B9A
00457279 |. 83C4 04 ADD ESP, 4
0045727C |. A3 70935900 MOV DWORD PTR DS:[599370], EAX
......................
00457285 |. 8135 70935900>XOR DWORD PTR DS:[599370], 8912FCD
0045728F |. E9 5A010000 jmp e.004573EE
00457294 |> 53 PUSH EBX
00457295 |. 57 PUSH EDI
......................
004572A1 |. 68 DC050000 PUSH 5DC
004572A6 |. 68 803E0000 PUSH 3E80
004572AB |. 68 71020000 PUSH 271
004572B0 |. 56 PUSH ESI
004572B1 |. E8 4A4F0800 CALL e.004DC200 ; ② 計算硬(yìng)盤特征信息(xī)
004572B6 |. 83C4 10 ADD ESP, 10
004572B9 |. 8945 E0 MOV [LOCAL.8], EAX
......................
004572C7 |. 8BF0 |MOV ESI, EAX
004572C9 |. 25 FFFF0F00 |AND EAX, 0FFFFF
004572CE |. C1EE 10 |SHR ESI, 10
004572D1 |. 81E6 F0FF0000 |AND ESI, 0FFF0
004572D7 |. 33F0 |XOR ESI, EAX
......................
004572DC |. 68 2C010000 |PUSH 12C
004572E1 |. 68 401F0000 |PUSH 1F40
004572E6 |. 68 E2040000 |PUSH 4E2
004572EB |. 56 |PUSH ESI
004572EC |. E8 0F4F0800 |CALL e.004DC200 ; ② 計(jì)算硬盤特征(zhēng)信息
004572F1 |. 83C4 10 |ADD ESP, 10
004572F4 |. 8945 E4 |MOV [LOCAL.7], EAX
......................
004572FA |. 8BD8 |MOV EBX, EAX
004572FC |. 81E3 FF000000 |AND EBX, 0FF
......................
00457305 |. 8BC8 |MOV ECX, EAX
00457307 |. 81E1 000000FF |AND ECX, FF000000
......................
00457311 |. 25 00FF0000 |AND EAX, 0FF00
......................
00457324 |. BA E44C5900 |MOV EDX, e.00594CE4
00457329 |> 8B7A FC |/MOV EDI, DWORD PTR DS:[EDX-4] ; [EDX-4] = DS:[00594CE0]=CC051311
//DS:[00594CE0]此處需要修改(gǎi)內(nèi)存值,把 CC051311 改成 00000000
//00594CE0 00 00 00 00 ....
//暫時可(kě)以先記錄下來不進行修改(gǎi)...
0045732C |. 85FF ||TEST EDI, EDI
0045732E |. 74 5F ||JE SHORT e.0045738F ; 必須跳,否則硬盤碼計算值則不等於 159544386
......................
00457337 |. 8B7A FC ||MOV EDI, DWORD PTR DS:[EDX-4]
0045733A |. 33FE ||XOR EDI, ESI
......................
00457340 |. 337A 08 ||XOR EDI, DWORD PTR DS:[EDX+8]
......................
0045734E |. 333A ||XOR EDI, DWORD PTR DS:[EDX]
......................
00457353 |. 3B7A 04 ||CMP EDI, DWORD PTR DS:[EDX+4]
00457356 |. 74 09 ||JE SHORT e.00457361
......................
0045735C |. 83C2 10 ||ADD EDX, 10
0045735F |.^ EB C8 |\JMP SHORT e.00457329
......................
00457365 |. 8B75 E0 |MOV ESI, [LOCAL.8]
00457368 |. 68 AC000000 |PUSH 0AC
0045736D |. 68 C4090000 |PUSH 9C4
00457372 |. 68 A00F0000 |PUSH 0FA0
00457377 |. 56 |PUSH ESI
00457378 |. E8 834E0800 |CALL e.004DC200 ; ② 計(jì)算硬盤(pán)特征信息
0045737D |. 83C4 10 |ADD ESP, 10
00457380 |. 33F0 |XOR ESI, EAX
00457382 |. 8975 E0 |MOV [LOCAL.8], ESI
......................
00457388 |. 8BC6 |MOV EAX, ESI
0045738A |.^ E9 2DFFFFFF \JMP e.004572BC
......................
00457396 |. 33D2 XOR EDX, EDX
00457398 |. 8A55 E6 MOV DL, BYTE PTR SS:[EBP-1A]
......................
004573C3 |. 33D3 XOR EDX, EBX
004573C5 |. 24 00 AND AL, 0
004573C7 |. C1E2 08 SHL EDX, 8
004573CA |. 33D0 XOR EDX, EAX
004573CC |. C1E9 04 SHR ECX, 4
004573CF |. C1E2 0C SHL EDX, 0C
004573D2 |. 81E1 0000F00F AND ECX, 0FF00000
004573D8 |. 33D1 XOR EDX, ECX
004573DA |. 0BD6 OR EDX, ESI
004573DC |. 81F2 5714C508 XOR EDX, 8C51457
004573E2 |. 8915 70935900 MOV DWORD PTR DS:[599370], EDX
......................
004573EC |. 5F POP EDI
004573ED |. 5B POP EBX
......................
004573F1 |. 8B15 D8925900 MOV EDX, DWORD PTR DS:[5992D8]
004573F7 |. 8B35 70935900 MOV ESI, DWORD PTR DS:[599370]
004573FD |. 33F2 XOR ESI, EDX
004573FF |. 8935 70935900 MOV DWORD PTR DS:[599370], ESI
......................
00457408 |. 8135 70935900>XOR DWORD PTR DS:[599370], 8C51457
......................
00457416 |. B9 488A5900 MOV ECX, e.00598A48
0045741B |. E8 70460500 CALL e.004ABA90 ; ③ KEY文件讀取
......................
0045742B |. A1 C0905900 MOV EAX, DWORD PTR DS:[5990C0]
00457430 |. 85C0 TEST EAX, EAX
00457432 |. 74 07 JE SHORT e.0045743B
......................
0045743F |. EB 1F JMP SHORT e.00457460
......................
00457445 |. A1 F4925900 MOV EAX, DWORD PTR DS:[5992F4]
0045744A |. 68 40714500 PUSH e.00457140 ; /Timerproc = e.00457140
0045744F |. 68 88130000 PUSH 1388 ; |Timeout = 5000. ms
00457454 |. 6A 70 PUSH 70 ; |TimerID = 70 (112.)
00457456 |. 8B48 1C MOV ECX, DWORD PTR DS:[EAX+1C] ; |
00457459 |. 51 PUSH ECX ; |hWnd
0045745A |. FF15 94C65400 CALL DWORD PTR DS:[<&USER32.SetTimer>] ; \SetTimer
......................
0045746B |. 5E POP ESI
0045746C |> 8BE5 MOV ESP, EBP
0045746E |. 5D POP EBP
0045746F \. C2 1000 RETN 10
----------------------
004DC200 /$ 8B4C24 0C MOV ECX, DWORD PTR SS:[ESP+C] ; ② 計算硬盤特(tè)征信息
004DC204 |. 55 PUSH EBP
004DC205 |. 8B6C24 14 MOV EBP, DWORD PTR SS:[ESP+14]
004DC209 |. 56 PUSH ESI
004DC20A |. 57 PUSH EDI
004DC20B |. 8B7C24 14 MOV EDI, DWORD PTR SS:[ESP+14]
004DC20F |. 85ED TEST EBP, EBP
004DC211 |. 7E 28 JLE SHORT e.004DC23B
004DC213 |. 8B7424 10 MOV ESI, DWORD PTR SS:[ESP+10]
004DC217 |. 53 PUSH EBX
004DC218 |. 8BDD MOV EBX, EBP
004DC21A |> 8BC6 /MOV EAX, ESI
004DC21C |. 33D2 |XOR EDX, EDX
004DC21E |. F7F7 |DIV EDI
004DC220 |. 8BC6 |MOV EAX, ESI
004DC222 |. 0FAFD1 |IMUL EDX, ECX
004DC225 |. 895424 14 |MOV DWORD PTR SS:[ESP+14], EDX
004DC229 |. 33D2 |XOR EDX, EDX
004DC22B |. F7F7 |DIV EDI
004DC22D |. 8B5424 14 |MOV EDX, DWORD PTR SS:[ESP+14]
004DC231 |. 03D0 |ADD EDX, EAX
004DC233 |. 4B |DEC EBX
004DC234 |. 8BF2 |MOV ESI, EDX
004DC236 |.^ 75 E2 \JNZ SHORT e.004DC21A
004DC238 |. 5B POP EBX
004DC239 |. EB 04 JMP SHORT e.004DC23F
004DC23B |> 8B7424 10 MOV ESI, DWORD PTR SS:[ESP+10]
004DC23F |> C1E1 0A SHL ECX, 0A
004DC242 |. 33CE XOR ECX, ESI
004DC244 |. 33CF XOR ECX, EDI
004DC246 |. 5F POP EDI
004DC247 |. 8BC1 MOV EAX, ECX
004DC249 |. 5E POP ESI
004DC24A |. C1E0 04 SHL EAX, 4
004DC24D |. 33C5 XOR EAX, EBP
004DC24F |. 5D POP EBP
004DC250 |. C1E0 14 SHL EAX, 14
004DC253 |. 33C1 XOR EAX, ECX
004DC255 \. C3 RETN
//此處需(xū)要修改(gǎi)一下返回值,修改如(rú)下:
//004DC255 . /E9 B6EF0600 JMP e.0054B210
//0054B210 > \8035 80825900>XOR BYTE PTR DS:[598280], 0FF ; 標(biāo)記是否返回計(jì)算硬件代(dài)碼
//0054B217 . 74 05 JE SHORT e.0054B21E
//0054B219 . B8 42740200 MOV EAX, 27442 ; 硬(yìng)件代碼後(hòu)5位
//0054B21E > C3 RETN
//到此,第一步(bù)分析和(hé)修(xiū)改(gǎi)基本完成,保存修改(gǎi)內容後(hòu)先(xiān)不要重新載入OD.
//用(yòng)UE或winhex修(xiū)改(gǎi)[00594CE0-00400000=00194CE0]此處修(xiū)改內容(róng),把 "11 13 05 CC" 改成(chéng) "00 00 00 00"
//修改好以(yǐ)後保存文件,再使用OD重新載入(rù)!
//此時,[F9]運行後(hòu),易(yì)語言會出現"係(xì)統執(zhí)行文(wén)件被非法修改,請檢查病毒並重新安裝!"的文件(jiàn)校(xiào)驗錯誤提示...
----------------------
2.第二步如(rú)何(hé)定位文(wén)件(jiàn)校驗(yàn)關(guān)鍵位置及修改方法...
//因為(wéi)修(xiū)改後的主程序在運行時會出現信息框提示,那最(zuì)簡單的方(fāng)法也就(jiù)是直接API斷(duàn)點: BP MessageBoxA
----------------------
004317AF |. 53 PUSH EBX ; /Style
004317B0 |. 50 PUSH EAX ; |Title
004317B1 |. 51 PUSH ECX ; |Text
004317B2 |. 57 PUSH EDI ; |hOwner
004317B3 |. FF15 80C65400 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
004317B9 |. 8BF0 MOV ESI, EAX
0012F00C 004317B9 /CALL 到 MessageBoxA 來自 e.004317B3
0012F010 00000000 |hOwner = NULL
0012F014 01096EE8 |Text = "係統執行文(wén)件被非法修(xiū)改,請檢查病毒並重新(xīn)安裝(zhuāng)!"
0012F018 01096F38 |Title = "警告:"
0012F01C 00000010 \Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
//斷點停下來後我們返回跟(gēn)蹤
----------------------
0045F493 > \E8 A8BC0700 CALL e.004DB140
0045F498 . 83C4 04 ADD ESP, 4 ; 返回到這裏後(hòu),往上看(kàn)跳轉判斷
0045EABF . 8BCB MOV ECX, EBX
0045EAC1 . E8 EAA1FFFF CALL e.00458CB0 ; ① 文件校驗CALL
0045EAC6 . 85C0 TEST EAX, EAX
0045EAC8 . /75 0A JNZ SHORT e.0045EAD4 ; 文件校驗正確則跳
0045EACA . 68 64A75800 PUSH e.0058A764
0045EACF . E9 BF090000 JMP e.0045F493
----------------------
00458CB0 /$ 55 PUSH EBP
00458CB1 |. 8BEC MOV EBP, ESP
00458CB3 |. 6A FF PUSH -1
00458CB5 |. 68 38FC5300 PUSH e.0053FC38 ; SE 處理程序安裝
00458CBA |. 64:A1 0000000>MOV EAX, DWORD PTR FS:[0]
00458CC0 |. 50 PUSH EAX
00458CC1 |. 64:8925 00000>MOV DWORD PTR FS:[0], ESP
00458CC8 |. 81EC C40F0000 SUB ESP, 0FC4
00458CCE |. 53 PUSH EBX
00458CCF |. 56 PUSH ESI
00458CD0 |. 57 PUSH EDI
00458CD1 |. 8BF1 MOV ESI, ECX
00458CD3 |. 8965 F0 MOV [LOCAL.4], ESP
00458CD6 |. 8975 EC MOV [LOCAL.5], ESI
......................
00458DA4 |> \3B7C9D D4 |CMP EDI, DWORD PTR SS:[EBP+EBX*4-2C] ; 在(zài)此記(jì)錄(lù) EDI 的值及 SS:[EBP+EBX*4-2C] 的值
00458DA8 |. 75 11 |JNZ SHORT e.00458DBB
00458DAA |. 8B449D E4 |MOV EAX, DWORD PTR SS:[EBP+EBX*4-1C]
00458DAE |. 85C0 |TEST EAX, EAX
00458DB0 |. 75 09 |JNZ SHORT e.00458DBB
00458DB2 |. 8B75 EC |MOV ESI, [LOCAL.5]
00458DB5 |. 43 |INC EBX
00458DB6 |.^ E9 6FFFFFFF \JMP e.00458D2A
----------------------
堆棧 SS:[0012FBC0]=003EDA14 ; 原(yuán)主程序(xù)文件(jiàn)校驗值 [1]
EDI=000C64FE ; 現修(xiū)改程(chéng)序文(wén)件校驗值 [1]
堆棧 SS:[0012FBC4]=0023D5F1 ; 原(yuán)主程(chéng)序文件校驗值 [2]
EDI=0047E5F1 ; 現修改程(chéng)序文件校驗值 [2]
----------------------
//記錄(lù)完畢兩(liǎng)個校驗值以後(hòu),關(guān)閉(bì)OD~ 是用UE或WinHex工(gōng)具(jù)打(dǎ)開主程序並查找(zhǎo)十六進製 "14DA3E00" 和 "F1D52300"
//找到以後,直(zhí)接對應(yīng)修改為現(xiàn)修改程序文件校驗值 "FE640C00" 和 "F1E54700",最好還是把修改地址也記錄一下,因(yīn)為一會(huì)還需要用到!
//修改完(wán)成後(hòu),保(bǎo)存(cún)文件(jiàn),運行主程序看(kàn)看...O(∩_∩)O哈!沒有提示了,而且也成功注冊了,第(dì)二(èr)步就算完成了(le)~
//但先別開心,因(yīn)為易語言還有(yǒu)一個(gè)比較隱蔽的內存校驗,如果不修改這個校(xiào)驗的(de)話(huà),所編譯出來的程(chéng)序(xù)是不會(huì)正常的!
----------------------
3.第(dì)三(sān)步,定(dìng)位(wèi)內存校驗關鍵位置(zhì)及修改方法...
//以前(qián)有些易(yì)語言修改版出現(xiàn)編譯(yì)程序不穩定的情(qíng)況,就都是由於內存校驗這部分在作怪!
----------------------
//用OD重新載入 [原版的主程序],然後直(zhí)接在 OEP 處下 "內存(cún)訪問" 斷點...//下完內存斷點以後,並我們把之(zhī)前(qián)所有的斷(duàn)點都(dōu)取消(xiāo),然(rán)後[F9]運行看(kàn)看~
----------------------
00F29131 8A68 01 MOV CH, BYTE PTR DS:[EAX+1] ; 內存斷點在此(cǐ)處停下來了 [dp1.00F29131]
00F29134 8A50 FF MOV DL, BYTE PTR DS:[EAX-1]
00F29137 8A08 MOV CL, BYTE PTR DS:[EAX]
00F29139 83C0 04 ADD EAX, 4
00F2913C C1E1 08 SHL ECX, 8
00F2913F 0BCA OR ECX, EDX
00F29141 33D2 XOR EDX, EDX
00F29143 8A50 FA MOV DL, BYTE PTR DS:[EAX-6]
00F29146 83C6 04 ADD ESI, 4
00F29149 C1E1 08 SHL ECX, 8
00F2914C 0BCA OR ECX, EDX
00F2914E 894E FC MOV DWORD PTR DS:[ESI-4], ECX
00F29151 8D0C07 LEA ECX, DWORD PTR DS:[EDI+EAX]
00F29154 3BCD CMP ECX, EBP
00F29156 ^ 72 D5 JB SHORT dp1.00F2912D
00F29158 5F POP EDI
00F29159 5E POP ESI
00F2915A 5D POP EBP
00F2915B C2 0C00 RETN 0C ; 返(fǎn)回
----------------------
004989DC |. 8B4C24 28 MOV ECX, DWORD PTR SS:[ESP+28]
004989E0 |. 8B5424 24 MOV EDX, DWORD PTR SS:[ESP+24]
004989E4 |. 51 PUSH ECX
004989E5 |. 8B4C24 24 MOV ECX, DWORD PTR SS:[ESP+24]
004989E9 |. 52 PUSH EDX
004989EA |. 51 PUSH ECX
004989EB |. FFD0 CALL EAX ; CALL dp1.MGetMD5
004989ED |. 8D4C24 08 LEA ECX, DWORD PTR SS:[ESP+8] ; 返回到此(cǐ)處
004989F1 |. C74424 18 FFF>MOV DWORD PTR SS:[ESP+18], -1
//現在找(zhǎo)到了取內存(cún)校驗值的位置了(le),往上麵(miàn)下個硬(yìng)件斷點,然後再重新載入 [已修改過的主程序] 運行分析看看...
----------------------
00498940 /$ 6A FF PUSH -1 ; 取程序內存數據(jù)MD5
00498942 |. 68 C83F5400 PUSH e.00543FC8 ; SE 處理程序安裝
00498947 |. 64:A1 0000000>MOV EAX, DWORD PTR FS:[0]
0049894D |. 50 PUSH EAX
0049894E |. 64:8925 00000>MOV DWORD PTR FS:[0], ESP
00498955 |. 83EC 08 SUB ESP, 8
00498958 |. 56 PUSH ESI
00498959 |. 8BF1 MOV ESI, ECX
0049895B |. 57 PUSH EDI
0049895C |. 68 742C5700 PUSH e.00572C74 ; ASCII "lib"
00498961 |. 8D86 94080000 LEA EAX, DWORD PTR DS:[ESI+894]
00498967 |. 8D4C24 10 LEA ECX, DWORD PTR SS:[ESP+10]
0049896B |. 50 PUSH EAX
0049896C |. 51 PUSH ECX
0049896D |. E8 5DFE0700 CALL e.005187CF
00498972 |. 68 D8AB5800 PUSH e.0058ABD8 ; ASCII "\dp1.fne"
00498977 |. 8D5424 0C LEA EDX, DWORD PTR SS:[ESP+C]
0049897B |. 50 PUSH EAX
0049897C |. 52 PUSH EDX
0049897D |. C74424 24 000>MOV DWORD PTR SS:[ESP+24], 0
00498985 |. E8 45FE0700 CALL e.005187CF
0049898A |. 8D4C24 0C LEA ECX, DWORD PTR SS:[ESP+C]
0049898E |. C64424 18 02 MOV BYTE PTR SS:[ESP+18], 2
00498993 |. E8 EEFB0700 CALL e.00518586
00498998 |. 8B7C24 2C MOV EDI, DWORD PTR SS:[ESP+2C]
0049899C |. 85FF TEST EDI, EDI
0049899E |. 74 07 JE SHORT e.004989A7
004989A0 |. 8BCF MOV ECX, EDI
004989A2 |. E8 6AFB0700 CALL e.00518511
004989A7 |> 8B86 DC090000 MOV EAX, DWORD PTR DS:[ESI+9DC]
004989AD |. 85C0 TEST EAX, EAX
004989AF |. 75 11 JNZ SHORT e.004989C2
004989B1 |. 8B4424 08 MOV EAX, DWORD PTR SS:[ESP+8]
004989B5 |. 50 PUSH EAX ; /FileName
004989B6 |. FF15 2CC45400 CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar>; \LoadLibraryA
004989BC |. 8986 DC090000 MOV DWORD PTR DS:[ESI+9DC], EAX
004989C2 |> 8BB6 DC090000 MOV ESI, DWORD PTR DS:[ESI+9DC]
004989C8 |. 85F6 TEST ESI, ESI
004989CA |. 74 4A JE SHORT e.00498A16
004989CC |. 68 90065900 PUSH e.00590690 ; /ProcNameOrOrdinal = "MGetMD5"
004989D1 |. 56 PUSH ESI ; |hModule
004989D2 |. FF15 30C45400 CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; \GetProcAddress
004989D8 |. 85C0 TEST EAX, EAX
004989DA |. 74 3A JE SHORT e.00498A16
004989DC |. 8B4C24 28 MOV ECX, DWORD PTR SS:[ESP+28]
004989E0 |. 8B5424 24 MOV EDX, DWORD PTR SS:[ESP+24]
004989E4 |. 51 PUSH ECX
004989E5 |. 8B4C24 24 MOV ECX, DWORD PTR SS:[ESP+24]
004989E9 |. 52 PUSH EDX
004989EA |. 51 PUSH ECX
004989EB |. FFD0 CALL EAX ; CALL dp1.MGetMD5
//當 [ESP]=00401000 時注意把所有修改過(guò)的代碼及(jí)斷點(diǎn)取消,並把正確的(de)MD5值(zhí)記錄下來!
//0012F354 00401000 校驗起始指針,
//0012F358 0014A20A 校驗數據大小(xiǎo)
//0012F35C 0012F398 ASCII "92070940bbb01c83641fcef4758b5a72"
//易語言 4.14 對應正確的MD5值 92070940bbb01c83641fcef4758b5a72
004989ED |. 8D4C24 08 LEA ECX, DWORD PTR SS:[ESP+8] ; 返回(huí)到此處
004989F1 |. C74424 18 FFF>MOV DWORD PTR SS:[ESP+18], -1
004989F9 |. E8 88FB0700 CALL e.00518586
004989FE |. 5F POP EDI
004989FF |. B8 01000000 MOV EAX, 1
00498A04 |. 5E POP ESI
00498A05 |. 8B4C24 08 MOV ECX, DWORD PTR SS:[ESP+8]
00498A09 |. 64:890D 00000>MOV DWORD PTR FS:[0], ECX
00498A10 |. 83C4 14 ADD ESP, 14
00498A13 |. C2 1000 RETN 10
00498A16 |> 85FF TEST EDI, EDI
00498A18 |. 74 32 JE SHORT e.00498A4C
00498A1A |. 8B5424 08 MOV EDX, DWORD PTR SS:[ESP+8]
00498A1E |. 8D4424 2C LEA EAX, DWORD PTR SS:[ESP+2C]
00498A22 |. 52 PUSH EDX
00498A23 |. 68 7C065900 PUSH e.0059067C
00498A28 |. 50 PUSH EAX
00498A29 |. E8 D2620400 CALL e.004DED00
00498A2E |. 83C4 0C ADD ESP, 0C
00498A31 |. 50 PUSH EAX
00498A32 |. 8BCF MOV ECX, EDI
00498A34 |. C64424 1C 03 MOV BYTE PTR SS:[ESP+1C], 3
00498A39 |. E8 35FC0700 CALL e.00518673
00498A3E |. 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+2C]
00498A42 |. C64424 18 02 MOV BYTE PTR SS:[ESP+18], 2
00498A47 |. E8 3AFB0700 CALL e.00518586
00498A4C |> 8D4C24 08 LEA ECX, DWORD PTR SS:[ESP+8]
00498A50 |. C74424 18 FFF>MOV DWORD PTR SS:[ESP+18], -1
00498A58 |. E8 29FB0700 CALL e.00518586
00498A5D |. 8B4C24 10 MOV ECX, DWORD PTR SS:[ESP+10]
00498A61 |. 5F POP EDI
00498A62 |. 33C0 XOR EAX, EAX
00498A64 |. 5E POP ESI
00498A65 |. 64:890D 00000>MOV DWORD PTR FS:[0], ECX
00498A6C |. 83C4 14 ADD ESP, 14
00498A6F \. C2 1000 RETN 10
//我們就在 [004989EB] 此處進(jìn)行(háng)修改修改吧,O(∩_∩)O~
//記得是修改 [已經修改過(guò)] 的(de)那個主程序文件(jiàn)噢...
004989EB . /E9 30280B00 JMP e_cr_4_1.0054B220
004989F0 |90 NOP
0054B220 > \FFD0 CALL EAX
0054B222 . 8D4C24 08 LEA ECX, DWORD PTR SS:[ESP+8]
0054B226 . 3E:817C24 F4 >CMP DWORD PTR DS:[ESP-C], e.00401000 ; 入(rù)口地址
0054B22F . 75 3E JNZ SHORT e.0054B26F
0054B231 . 3E:8B7C24 FC MOV EDI, DWORD PTR DS:[ESP-4]
0054B236 . C707 39323037 MOV DWORD PTR DS:[EDI], 37303239
0054B23C . C747 04 30393>MOV DWORD PTR DS:[EDI+4], 30343930
0054B243 . C747 08 62626>MOV DWORD PTR DS:[EDI+8], 30626262
0054B24A . C747 0C 31633>MOV DWORD PTR DS:[EDI+C], 33386331
0054B251 . C747 10 36343>MOV DWORD PTR DS:[EDI+10], 66313436
0054B258 . C747 14 63656>MOV DWORD PTR DS:[EDI+14], 34666563
0054B25F . C747 18 37353>MOV DWORD PTR DS:[EDI+18], 62383537
0054B266 . C747 1C 35613>MOV DWORD PTR DS:[EDI+1C], 32376135
0054B26D . 33FF XOR EDI, EDI
0054B26F >^ E9 7DD7F4FF JMP e.004989F1
//修改完畢以後記得保存,不然白(bái)做了...
//最後我(wǒ)們還(hái)得重複(fù)一(yī)次(cì) 第二步 的文件校(xiào)驗值的(de)修(xiū)改!
----------------------
堆棧 SS:[0012FBC0]=000C64FE ; 原主程(chéng)序文(wén)件校驗值 [1]
EDI=00135283 ; 現修改程序文件校驗值 [1]
堆棧 SS:[0012FBC4]=0047E5F1 ; 原主程序文件校驗值 [2]
EDI=0047E5F1 ; 現修(xiū)改程序文(wén)件校驗值 [1]
----------------------
//到(dào)此為止...整個修(xiū)改過程已經結束了~
//歡迎各(gè)位大俠們對此修改進(jìn)行完美性的測試,也希望能與大(dà)家多多(duō)交(jiāo)流...
//授人以魚,不如授之(zhī)以(yǐ)漁,授(shòu)人(rén)以魚隻救一(yī)時之急,授人以漁則(zé)可解一生之(zhī)需。
//此次我就偷懶(lǎn)一下,不把(bǎ)修改好的文件發(fā)出來共享(xiǎng)了,就隻分享一(yī)下我的修改過程!
//也希望能讓你們有一(yī)個親(qīn)自動手(shǒu)學習的(de)機會!
--------------------------------------------------------------------------------
【經驗總(zǒng)結】
1.修改程序取硬盤(pán)特征數值的算法過程,實(shí)現(xiàn)欺騙注冊;
2.修改程(chéng)序對自身文件校驗的兩個值(zhí);
3.替(tì)換主程(chéng)序內存校(xiào)驗值,實(shí)現(xiàn)欺騙校驗取值,並再次修改程(chéng)序(xù)自身文件(jiàn)校驗值!
易語言(yán)4.14版相對於4.13更(gèng)新說明:
對易語言(yán)核心支持庫、編(biān)譯器、開發環境的更新:
1.修複了打印(yìn)機對象的自定義紙(zhǐ)張尺寸的支持問題
2.修(xiū)複(fù)了打印機(jī)對象(xiàng)的打印份(fèn)數的(de)支持問題(tí)
3.修複了滑塊條的選擇長度不能(néng)到最大(dà)的問題
對其它(tā)支持庫的更新:
1.修改XML解(jiě)析(xī)支持庫,解(jiě)決“XML樹.取節點值文本()”返回的文本會(huì)失效的BUG。
2.修改高級表格支持庫(kù),解決在鼠標按下和抬起之間(jiān)收到(dào)時鍾周期(qī)事件的情況下,無(wú)法收到“被單(dān)擊”事件(jiàn)的BUG。
3.修改擴展界(jiè)麵支持庫三,解決(jué)單(dān)擊卷簾菜單後(hòu)導致日期框不能彈出下拉窗口的BUG。
4.修改(gǎi)XP風格支持庫,解決GDI資源泄露,以(yǐ)及在使用通用組件庫六時組合框標題出現重(chóng)影的BUG。
5.修(xiū)改擴展(zhǎn)界麵支持庫一,解決樹(shù)形框項目無法通過鼠標點擊(jī)進入編輯狀(zhuàng)態的(de)BUG。
6.修(xiū)改高級表格支持庫,解決插(chā)入行/插(chā)入列在未指定行(háng)號/列號(hào)的(de)情況下插(chā)入位置不(bú)正確的(de)BUG。
7.修(xiū)改文本(běn)語音轉換(huàn)支持庫,增加“機讀(dú)文(wén)本(běn).重新創(chuàng)建並初始化()”方法。
8.修改擴(kuò)展(zhǎn)界麵支持庫三,解決高級(jí)選擇夾會導致(zhì)所在窗口的收不到(dào)“首次激活”事件的BUG,相(xiàng)應地(dì)修改了核心庫和開發環(huán)境。
9.為所有支持庫文件統一(yī)添加了版本信息。
10.修改應(yīng)用(yòng)接口支持庫,增強“取快捷方式目標”命(mìng)令功能,可以獲取(qǔ)目標、參數、啟(qǐ)始位置、圖標、運行方式、快捷鍵、備注等信(xìn)息(xī)。
易語(yǔ)言是一(yī)款專門以中文作為(wéi)代碼編程(chéng)的編程語言,為了滿足廣大用戶的需(xū)求,現綠(lǜ)色資源(yuán)網小編為(wéi)用戶提供便捷(jié)易語言專題供其下載,包含(hán)易語言手機(jī)版(bǎn)、易語言5.11完美修改版(bǎn)、易語(yǔ)言教(jiāo)程、易(yì)語言5.0等,有需要者歡迎(yíng)體驗! 查看(kàn)更多>>
請描述(shù)您所遇到的錯誤,我們(men)將盡快予以修正,謝(xiè)謝!
*必(bì)填項(xiàng),請輸(shū)入內容
