有没有大牛能破这个暗装Delphi
http://weihu168.com/download_detail.php?id=197 软件官方链接
有注销,重启,关机暗桩。
最后一个暗桩不知道怎么破。
0097441C $55 push ebp
0097441D .8BEC mov ebp,esp
0097441F .B9 80000000 mov ecx,0x80
00974424 >6A 00 push 0x0
00974426 .6A 00 push 0x0
00974428 .49 dec ecx ;ntdll_14.77232F6D
00974429 .^ 75 F9 jnz short 000.00974424
0097442B .8945 FC mov dword ptr ss:,eax
0097442E .33C0 xor eax,eax
00974430 .55 push ebp
00974431 .68 FA629700 push 000.009762FA
00974436 .64:FF30 push dword ptr fs:
00974439 .64:8920 mov dword ptr fs:,esp
0097443C .8B45 FC mov eax,dword ptr ss:
0097443F .8B80 F4020000 mov eax,dword ptr ds:
00974445 .8B80 D8020000 mov eax,dword ptr ds:
0097444B .8945 F8 mov dword ptr ss:,eax
0097444E .8B45 FC mov eax,dword ptr ss:
00974451 .8B80 80010000 mov eax,dword ptr ds:
00974457 .83C0 0A add eax,0xA
0097445A .83F8 6E cmp eax,0x6E
0097445D .90 nop
0097445E .90 nop
0097445F .90 nop
00974460 .90 nop
00974461 .90 nop
00974462 .90 nop
00974463 .8A80 70449700 mov al,byte ptr ds:
00974469 .- FF2485 DF4497>jmp dword ptr ds: 所有的跳转通个这个实现的。这怎么改?一但删除数据成功后就会跳向试用。
00974470 .01 db 01 ;分支 009744DF 索引表
00974471 .00 db 00
00974472 .00 db 00
00974473 .00 db 00
00974474 .00 db 00
00974475 .00 db 00
00974476 .00 db 00
00974477 .00 db 00
00974478 .02 db 02
00974479 .03 db 03
0097447A .04 db 04
0097447B .05 db 05
0097447C .06 db 06
0097447D .07 db 07
0097447E .08 db 08
0097447F .09 db 09
00974480 .0A db 0A
00974481 .0B db 0B
00974482 .0C db 0C
00974483 .0D db 0D
00974484 .0E db 0E
00974485 .0F db 0F
00974486 .00 db 00
00974487 .00 db 00
00974488 .00 db 00
00974489 .00 db 00
0097448A .00 db 00
0097448B .00 db 00
0097448C .00 db 00
0097448D .00 db 00
0097448E .10 db 10
0097448F .11 db 11
00974490 .12 db 12
00974491 .00 db 00
00974492 .13 db 13
00974493 .14 db 14
00974494 .00 db 00
00974495 .00 db 00
00974496 .00 db 00
00974497 .00 db 00
00974498 .00 db 00
00974499 .00 db 00
0097449A .00 db 00
0097449B .00 db 00
0097449C .00 db 00
0097449D .00 db 00
0097449E .00 db 00
0097449F .00 db 00
009744A0 .00 db 00
009744A1 .00 db 00
009744A2 .00 db 00
009744A3 .00 db 00
009744A4 .00 db 00
009744A5 .00 db 00
009744A6 .00 db 00
009744A7 .00 db 00
009744A8 .00 db 00
009744A9 .00 db 00
009744AA .00 db 00
009744AB .00 db 00
009744AC .15 db 15
009744AD .16 db 16
009744AE .17 db 17
009744AF .18 db 18
009744B0 .19 db 19
009744B1 .1A db 1A
009744B2 .1B db 1B
009744B3 .00 db 00
009744B4 .00 db 00
009744B5 .00 db 00
009744B6 .00 db 00
009744B7 .00 db 00
009744B8 .00 db 00
009744B9 .00 db 00
009744BA .00 db 00
009744BB .00 db 00
009744BC .00 db 00
009744BD .00 db 00
009744BE .00 db 00
009744BF .00 db 00
009744C0 .1C db 1C
009744C1 .1D db 1D
009744C2 .1E db 1E
009744C3 .1F db 1F
009744C4 .20 db 20
009744C5 .21 db 21
009744C6 .22 db 22
009744C7 .00 db 00
009744C8 .00 db 00
009744C9 .00 db 00
009744CA .00 db 00
009744CB .00 db 00
009744CC .00 db 00
009744CD .00 db 00
009744CE .00 db 00
009744CF .00 db 00
009744D0 .00 db 00
009744D1 .00 db 00
009744D2 .00 db 00
009744D3 .00 db 00
009744D4 .00 db 00
009744D5 .00 db 00
009744D6 .00 db 00
009744D7 .00 db 00
009744D8 .00 db 00
009744D9 .00 db 00
009744DA .00 db 00
009744DB .00 db 00
009744DC .00 db 00
009744DD .00 db 00
009744DE .23 db 23
009744DF .39619700 dd 000.00976139 ;分支表 被用于 00974469
009744E3 .6F459700 dd 000.0097456F
009744E7 .D7459700 dd 000.009745D7
009744EB .ED459700 dd 000.009745ED
009744EF .63469700 dd 000.00974663
009744F3 .72469700 dd 000.00974672
009744F7 .24479700 dd 000.00974724
009744FB .D6479700 dd 000.009747D6
009744FF .95499700 dd 000.00974995
00974503 .0D4A9700 dd 000.00974A0D
00974507 .E74B9700 dd 000.00974BE7
0097450B .B44C9700 dd 000.00974CB4
0097450F .434D9700 dd 000.00974D43
00974513 .DB4D9700 dd 000.00974DDB
00974517 .A34E9700 dd 000.00974EA3
0097451B .404F9700 dd 000.00974F40
0097451F .E94F9700 dd 000.00974FE9
00974523 .B3509700 dd 000.009750B3
00974527 .7D519700 dd 000.0097517D
0097452B .47529700 dd 000.00975247
0097452F .39539700 dd 000.00975339
00974533 .F5539700 dd 000.009753F5
00974537 .F3549700 dd 000.009754F3
0097453B .8F559700 dd 000.0097558F
0097453F .58569700 dd 000.00975658
00974543 .4D579700 dd 000.0097574D
00974547 .14589700 dd 000.00975814
0097454B .D2589700 dd 000.009758D2
0097454F .265A9700 dd 000.00975A26
00974553 .AC5B9700 dd 000.00975BAC
00974557 .675C9700 dd 000.00975C67
0097455B .B35D9700 dd 000.00975DB3
0097455F .095F9700 dd 000.00975F09
00974563 .9B5F9700 dd 000.00975F9B
00974567 .1F609700 dd 000.0097601F
0097456B .AC609700 dd 000.009760AC
0097456F >33C0 xor eax,eax
00974571 .55 push ebp
00974572 .68 D0459700 push 000.009745D0
00974577 .64:FF30 push dword ptr fs:
0097457A .64:8920 mov dword ptr fs:,esp
0097457D .E8 B646ABFF call 000.00428C38
00974582 .DD5D F0 fstp qword ptr ss:
00974585 .9B wait
00974586 .FF75 F4 push dword ptr ss:
00974589 .FF75 F0 push dword ptr ss:
0097458C .8D55 EC lea edx,dword ptr ss:
0097458F .A1 CC399E00 mov eax,dword ptr ds:
00974594 .E8 0B58ABFF call 000.00429DA4
00974599 .8D85 78FDFFFF lea eax,dword ptr ss:
0097459F .B9 14639700 mov ecx,000.00976314 ; : 试用版本只能删除两页,请购买正版...
009745A4 .8B55 EC mov edx,dword ptr ss:
009745A7 .E8 547DA9FF call 000.0040C300
009745AC .8B95 78FDFFFF mov edx,dword ptr ss:
009745B2 .8B45 F8 mov eax,dword ptr ss: ;nvinit.71020065
009745B5 .8B08 mov ecx,dword ptr ds:
009745B7 .FF51 3C call dword ptr ds:
009745BA .33C0 xor eax,eax
009745BC .5A pop edx
009745BD .59 pop ecx ;ntdll_14.77232F6D
009745BE .59 pop ecx ;ntdll_14.77232F6D
可以从试用版下手,试用版没限制。通过下Delphi断点,找到试用版出的判断~,让试用按钮出现 大神总会有的 只是不知道他愿不愿意 ladybe 发表于 2018-10-30 18:25
大神总会有的 只是不知道他愿不愿意
{:5_117:}来个大牛啊~~~{:5_119:} 雨语 发表于 2018-10-30 19:56
可以从试用版下手,试用版没限制。通过下Delphi断点,找到试用版出的判断~,让试用按钮出现
不行哦,试用版就是这个限制 adsljz 发表于 2018-10-30 22:36
不行哦,试用版就是这个限制
软件上不是写着试用版无限制么,我发了个逆向图文,还在审核,你明天可以看下,没有店铺,不知道怎么用 雨语 发表于 2018-10-30 23:41
软件上不是写着试用版无限制么,我发了个逆向图文,还在审核,你明天可以看下,没有店铺,不知道怎么用
试用版就是那个限制。我这边可以提供账号 。账号 tb26020317:test
密码12345678a 我收到短消息认证的话我就过来发贴回复 adsljz 发表于 2018-10-31 13:29
试用版就是那个限制。我这边可以提供账号 。账号 tb26020317:test
密码12345678a 我收到短消息认证的话 ...
0097C619|.8BEC mov ebp,esp
0097C61B|.33C9 xor ecx,ecx
0097C61D|.51 push ecx
0097C61E|.51 push ecx
0097C61F|.51 push ecx
0097C620|.51 push ecx
0097C621|.51 push ecx
0097C622|.8945 FC mov ,eax
0097C625|.33C0 xor eax,eax
0097C627|.55 push ebp
0097C628|.68 F9C69700 push TaoBaoTo.0097C6F9
0097C62D|.64:FF30 push dword ptr fs:
0097C630|.64:8920 mov dword ptr fs:,esp
0097C633|.6A 24 push 0x24
0097C635|.8D55 F8 lea edx,
0097C638|.A1 44309E00 mov eax,dword ptr ds:
0097C63D|.8B00 mov eax,dword ptr ds:
0097C63F|.E8 D05AB9FF call TaoBaoTo.00512114
0097C644|.8B45 F8 mov eax,
0097C647|.E8 48FAA8FF call TaoBaoTo.0040C094
0097C64C|.50 push eax
0097C64D|.68 10C79700 push TaoBaoTo.0097C710 ;UNICODE "请核实软件收集的数量跟店铺的实际数量是否一致,目前共搜集了 "
0097C652|.8D55 F0 lea edx,
0097C655|.A1 54379E00 mov eax,dword ptr ds:
0097C65A|.8B00 mov eax,dword ptr ds:
0097C65C|.E8 C786AAFF call TaoBaoTo.00424D28
0097C661|.FF75 F0 push
0097C664|.68 5CC79700 push TaoBaoTo.0097C75C ;UNICODE " 个宝贝的图片 "
0097C669|.8D55 EC lea edx,
0097C66C|.A1 D42E9E00 mov eax,dword ptr ds:
0097C671|.8B00 mov eax,dword ptr ds:
0097C673|.E8 B086AAFF call TaoBaoTo.00424D28
0097C678|.FF75 EC push
0097C67B|.68 7CC79700 push TaoBaoTo.0097C77C ;UNICODE " 张,图片数量大概是宝贝数量的30到60倍,可以估算一下,请核实是否正确无误!"
0097C680|.68 D8C79700 push TaoBaoTo.0097C7D8 ;UNICODE "\r\n"
0097C685|.68 ECC79700 push TaoBaoTo.0097C7EC ;UNICODE "如果店铺的宝贝有变动,比如说下架、上架了宝贝,导致店铺实际数量和软件搜集数量不一致,请重新搜集宝贝图"
0097C68A|.68 D8C79700 push TaoBaoTo.0097C7D8 ;UNICODE "\r\n"
0097C68F|.68 D8C79700 push TaoBaoTo.0097C7D8 ;UNICODE "\r\n"
0097C694|.68 64C89700 push TaoBaoTo.0097C864 ;UNICODE "选“是”可以开始删除图片!"
0097C699|.68 D8C79700 push TaoBaoTo.0097C7D8 ;UNICODE "\r\n"
0097C69E|.68 8CC89700 push TaoBaoTo.0097C88C ;UNICODE "选“否”停止运行!"
0097C6A3|.8D45 F4 lea eax,
0097C6A6|.BA 0C000000 mov edx,0xC
0097C6AB|.E8 D8FCA8FF call TaoBaoTo.0040C388
0097C6B0|.8B45 F4 mov eax,
0097C6B3|.E8 DCF9A8FF call TaoBaoTo.0040C094
0097C6B8|.8BD0 mov edx,eax
0097C6BA|.A1 28369E00 mov eax,dword ptr ds:
0097C6BF|.8B00 mov eax,dword ptr ds:
0097C6C1|.59 pop ecx
0097C6C2|.E8 39CAC6FF call TaoBaoTo.005E9100
0097C6C7|.83F8 06 cmp eax,0x6
0097C6CA|.0F94C0 sete al
0097C6CD|.8B55 FC mov edx,
0097C6D0|.8882 6F010000 mov byte ptr ds:,al
0097C6D6|.33C0 xor eax,eax
0097C6D8|.5A pop edx
0097C6D9|.59 pop ecx
0097C6DA|.59 pop ecx
0097C6DB|.64:8910 mov dword ptr fs:,edx
0097C6DE|.68 00C79700 push TaoBaoTo.0097C700
0097C6E3|>8D45 EC lea eax,
0097C6E6|.BA 03000000 mov edx,0x3
0097C6EB|.E8 24EAA8FF call TaoBaoTo.0040B114
0097C6F0|.8D45 F8 lea eax,
0097C6F3|.E8 BCE9A8FF call TaoBaoTo.0040B0B4
0097C6F8\.C3 retn
0097C6F9 .^ E9 0EDEA8FF jmp TaoBaoTo.0040A50C
0097C6FE .^ EB E3 jmp XTaoBaoTo.0097C6E3
0097C700 .8BE5 mov esp,ebp
0097C702 .5D pop ebp
0097C703 .C3 retn
那个检测好像在这里,你自己调试吧。再不行,我也不清楚了。我没有店铺调试不了。。
发下验证码,刚刚没看手机。~ 本帖最后由 adsljz 于 2018-10-31 14:48 编辑
雨语 发表于 2018-10-31 13:52
0097C619|.8BEC mov ebp,esp
0097C61B|.33C9 xor ecx,ecx
0097C61D|.51 ...
tb26020317:test
密码12345678a
不好意思刚刚没看手机。
重新发下。
页:
[1]