没有注册按钮 但是程序有判断 怎么处理?
一个会员管理系统 ASP加壳用的自动脱壳机脱的 然后查壳提示yoda当时就懵了好在是假的 因为是试用的 也没有发现注册选项按钮有可能是开启判断 也可能是使用中判断暂时无法知道怎么判断的 只是在添加商品的时候收银结算的时候超过了一个设定值 右下角弹出一个信息框 od里面智能搜索可以搜到注册信息,但是软件上没有注册按钮 所以无从下手了 请高手给个思路?
原软件链接: https://pan.baidu.com/s/1dgFxQ-KER9n2_ZkGd02eWA 提取码: dtvz
我脱壳后的 只有主程序 链接: https://pan.baidu.com/s/1l1YqQbi4zDM3XjrKNq_LAA 提取码: fufq
查毒链接https://habo.qq.com/file/showdetail?pk=ADQGb11kB2MIMFs6U2o%3D
本帖最后由 zcl0317 于 2019-2-25 20:47 编辑
直接暴破功能有没有用?
本帖最后由 xiaosage 于 2019-2-25 22:58 编辑
zcl0317 发表于 2019-2-25 20:38
直接暴破功能有没有用?
在没弄懂怎么搞定注册之前 使用过程中发现收银台添加超过6个商品就弹出提示框这个已经用jmp强制跳转搞定了 现在发现点新建商品 会提示试用100个限制 这个目前还没搞定 你发的最多100个会员 还没发现原来添加会员超过100个也会提示呢 没准其他方面还有限制只是我还没发现
这样对吗?大哥 您发的图没看懂直接破是啥意思? 请再指导一下
xiaosage 发表于 2019-2-25 22:15
在没弄懂怎么搞定注册之前 使用过程中发现收银台添加超过6个商品就弹出提示框这个已经用jmp强制跳 ...
两个提示不一样, xiaosage 发表于 2019-2-25 22:15
在没弄懂怎么搞定注册之前 使用过程中发现收银台添加超过6个商品就弹出提示框这个已经用jmp强制跳 ...
给个思路你参考一下:
比如,限制100的,就是
cmp eax,0x64
0x64的十进制是100,先判断是否大于100,决定下面跳转是否成立。
同理,你可以再找找
cmp eax,0x6
判断是否超过6个商品? zcl0317 发表于 2019-2-26 15:30
给个思路你参考一下:
比如,限制100的,就是
cmp eax,0x64
01126A7A 05 db 05
01126A7B .3919 cmp dword ptr ds:,ebx
01126A7D >B2 01 mov dl,0x1
01126A7F .B8 FE080000 mov eax,0x8FE
01126A84 .E8 63A7FFFF call DC-Membe.011211EC
01126A89 .E8 C62E0000 call DC-Membe.01129954
01126A8E .33C9 xor ecx,ecx
01126A90 .BA FC6A1201 mov edx,DC-Membe.01126AFC ;MEMBERS
01126A95 .E8 7ECF4BFF call DC-Membe.005E3A18
01126A9A 3D 9F860100 cmp eax,0x64
01126A9F .B9 0C6B1201 mov ecx,DC-Membe.01126B0C ;★提示信息
01126AA4 .B2 01 mov dl,0x1
01126AA6 .B8 286B1201 mov eax,DC-Membe.01126B28 ;您使用的是试用版, 有100个会员的限制!
01126AAB .E8 943B41FF call DC-Membe.0053A644
01126AB0 .E8 6BD82EFF call DC-Membe.00414320
01126AB5 >8D45 FC lea eax,dword ptr ss:
01126AB8 .E8 0356D2FF call DC-Membe.00E4C0C0
01126ABD .8BD8 mov ebx,eax
01126ABF .84DB test bl,bl
版主就是厉害我确实找到代码了把数改大点可以解决问题 但是我怎么把这个判断删除呢?删哪段代码? 请再指点一下
大概看了下,有N多个限制,可以慢慢搞 zcl0317 发表于 2019-2-26 15:30
给个思路你参考一下:
比如,限制100的,就是
cmp eax,0x64
还有一个问题 看看如下代码能不能直接搞定注册???
01811832 5A pop edx ; 0012FC80
01811833 FF32 push dword ptr ds:
01811835 335424 28 xor edx,dword ptr ss:
01811839 335424 08 xor edx,dword ptr ss:
0181183D 5A pop edx ; 0012FC80
0181183E 8D45 F8 lea eax,dword ptr ss:
01811841 E8 8E02C0FE call DC-Membe.00411AD4
01811846 8D45 EC lea eax,dword ptr ss:
01811849 8B4D F8 mov ecx,dword ptr ss:
0181184C 8D943A FA654000 lea edx,dword ptr ds:
01811853 8D5451 57 lea edx,dword ptr ds:
01811857 83EA 57 sub edx,0x57
0181185A 2BD2 sub edx,edx
0181185C 8D95 F406E700 lea edx,dword ptr ss: ; 授权到:
01811862 2BD5 sub edx,ebp
01811864 E8 BF42BFFE call DC-Membe.00405B28
01811869 8B55 EC mov edx,dword ptr ss: ; kernel32.7C830C90
0181186C 8B83 A8030000 mov eax,dword ptr ds:
01811872 E8 D177C7FE call DC-Membe.00489048
01811877 33D2 xor edx,edx
01811879 8B83 A8030000 mov eax,dword ptr ds:
0181187F E8 2C79C7FE call DC-Membe.004891B0
01811884 837D FC 00 cmp dword ptr ss:,0x0
01811888 74 1E je short DC-Membe.018118A8
0181188A c1d1 d1 rcl ecx,0xd1
0181188D c1d1 4d rcl ecx,0x4d
01811890 68 0807E700 push DC-Membe.00E70708 ; ★提示信息
01811895 B9 8EB64500 mov ecx,DC-Membe.0045B68E
0181189A 83C9 63 or ecx,0x63
0181189D 59 pop ecx ; 0012FC80
0181189E 33D2 xor edx,edx
018118A0 8B45 FC mov eax,dword ptr ss:
018118A3 E8 9C8DD2FE call DC-Membe.0053A644
018118A8 33C0 xor eax,eax
018118AA 5A pop edx ; 0012FC80
018118AB 59 pop ecx ; 0012FC80
018118AC 59 pop ecx ; 0012FC80
018118AD 64:8910 mov dword ptr fs:,edx
018118B0 68 E706E700 push DC-Membe.00E706E7
018118B5 8D45 EC lea eax,dword ptr ss:
018118B8 E8 273FBFFE call DC-Membe.004057E4
018118BD 8D45 F8 lea eax,dword ptr ss:
018118C0 21FA and edx,edi ; DC-Membe.0115648C
018118C2 8D5438 F3 lea edx,dword ptr ds:
018118C6 81CA 37BCE02A or edx,0x2AE0BC37
018118CC 8D542B 02 lea edx,dword ptr ds:
018118D0 2BD5 sub edx,ebp
018118D2 2BD3 sub edx,ebx
018118D4 E8 2F3FBFFE call DC-Membe.00405808
018118D9 C3 retn
018118DA CC int3
018118DB 09D9 or ecx,ebx
018118DD 68 0807E700 push DC-Membe.00E70708 ; ★提示信息
018118E2 034C24 38 add ecx,dword ptr ss:
018118E6 c1d1 eb rcl ecx,0xeb
018118E9 59 pop ecx ; 0012FC80
018118EA 33D2 xor edx,edx
018118EC 09E8 or eax,ebp
018118EE 09E8 or eax,ebp
018118F0 8D81 2407E700 lea eax,dword ptr ds: ; 读取注册码失败
018118F6 2BC1 sub eax,ecx
018118F8 E8 478DD2FE call DC-Membe.0053A644
018118FD^ EB A9 jmp short DC-Membe.018118A8
018118FF CC int3
01811900 8D55 F4 lea edx,dword ptr ss:
01811903 8B83 A0030000 mov eax,dword ptr ds:
01811909 E8 2648C6FE call DC-Membe.00476134
0181190E 8B45 F4 mov eax,dword ptr ss:
01811911 8D55 F8 lea edx,dword ptr ss:
01811914 E8 07A6BFFE call DC-Membe.0040BF20
01811919 837D F8 00 cmp dword ptr ss:,0x0
0181191D 75 4F jnz short DC-Membe.0181196E
0181191F 8B83 A0030000 mov eax,dword ptr ds:
01811925 BA 96314500 mov edx,DC-Membe.00453196
0181192A BA 4E454100 mov edx,DC-Membe.0041454E
0181192F 8B10 mov edx,dword ptr ds:
01811931 FF92 D4000000 call dword ptr ds:
01811937 8D5428 7E lea edx,dword ptr ds:
0181193B 83EA 7E sub edx,0x7E
0181193E 83CA D1 or edx,-0x2F
01811941 BA 9A964500 mov edx,DC-Membe.0045969A
01811946 33D6 xor edx,esi
01811948 8D9408 3008E700 lea edx,dword ptr ds:; ★提示信息
0181194F 2BD1 sub edx,ecx
01811951 2BD0 sub edx,eax
01811953 c1d0 ef rcl eax,0xef
01811956 034424 18 add eax,dword ptr ss:
0181195A c1d8 83 rcr eax,0x83
0181195D 034424 38 add eax,dword ptr ss:
01811961 8D82 4C08E700 lea eax,dword ptr ds: ; 请输入注册码, 再注册!
01811967 2BC2 sub eax,edx
01811969 E8 DA8DD2FE call DC-Membe.0053A748
0181196E 8D55 F0 lea edx,dword ptr ss:
01811971 8B83 A0030000 mov eax,dword ptr ds:
01811977 E8 B847C6FE call DC-Membe.00476134
0181197C 8B45 F0 mov eax,dword ptr ss:
0181197F 8D55 FC lea edx,dword ptr ss:
01811982 E8 11BA86FF call DC-Membe.0107D398
01811987 84C0 test al,al
01811989 75 6B jnz short DC-Membe.018119F6
0181198B 8B83 A0030000 mov eax,dword ptr ds:
01811991 335424 28 xor edx,dword ptr ss:
01811995 BA 22D14100 mov edx,DC-Membe.0041D122
0181199A 8B10 mov edx,dword ptr ds:
0181199C FF92 D4000000 call dword ptr ds:
018119A2 81C2 F20E8AB7 add edx,0xB78A0EF2
018119A8 68 3008E700 push DC-Membe.00E70830 ; ★提示信息
018119AD 335424 08 xor edx,dword ptr ss:
018119B1 335424 28 xor edx,dword ptr ss:
018119B5 5A pop edx ; 0012FC80
018119B6 8B45 FC mov eax,dword ptr ss:
018119B9 E8 8A8DD2FE call DC-Membe.0053A748
018119BE 33C0 xor eax,eax
018119C0 5A pop edx ; 0012FC80
018119C1 59 pop ecx ; 0012FC80
018119C2 59 pop ecx ; 0012FC80
018119C3 64:8910 mov dword ptr fs:,edx
018119C6 68 2108E700 push DC-Membe.00E70821
018119CB 8D45 F0 lea eax,dword ptr ss:
018119CE 8D544B 6B lea edx,dword ptr ds:
018119D2 83EA 6B sub edx,0x6B
018119D5 6A 02 push 0x2
018119D7 81E2 AD608CDF and edx,0xDF8C60AD
018119DD 5A pop edx ; 0012FC80
018119DE E8 253EBFFE call DC-Membe.00405808
018119E3 8D45 F8 lea eax,dword ptr ss:
018119E6 2BD7 sub edx,edi ; DC-Membe.0115648C
018119E8 6A 02 push 0x2
018119EA 8D5438 63 lea edx,dword ptr ds:
018119EE 5A pop edx ; 0012FC80
018119EF E8 143EBFFE call DC-Membe.00405808
018119F4 C3 retn
018119F5 CC int3
018119F6 B9 56BB4A00 mov ecx,DC-Membe.004ABB56
018119FB 83C9 87 or ecx,-0x79
018119FE 83E9 FF sub ecx,-0x1
01811A01 c1d1 9b rcl ecx,0x9b
01811A04 8D8E 3008E700 lea ecx,dword ptr ds: ; ★提示信息
01811A0A 2BCE sub ecx,esi
01811A0C 33D2 xor edx,edx
01811A0E 8D4451 38 lea eax,dword ptr ds:
01811A12 8D4408 C8 lea eax,dword ptr ds:
01811A16 2BC1 sub eax,ecx
01811A18 68 6C08E700 push DC-Membe.00E7086C ; 注册完成, 软件将关闭, 请重启软件以验证注册结果!
01811A1D 83C8 E1 or eax,-0x1F
01811A20 B8 BA424400 mov eax,DC-Membe.004442BA
01811A25 58 pop eax ; 0012FC80
01811A26 E8 198CD2FE call DC-Membe.0053A644
01811A2B^ EB 91 jmp short DC-Membe.018119BE
01811A2D CC int3
01811A2E 8D45 FC lea eax,dword ptr ss:
01811A31 E8 7EB886FF call DC-Membe.0107D2B4
01811A36 8B55 FC mov edx,dword ptr ss:
01811A39 8B83 94030000 mov eax,dword ptr ds:
01811A3F E8 2047C6FE call DC-Membe.00476164
01811A44 8B83 B4030000 mov eax,dword ptr ds:
01811A4A 8D80 D8000000 lea eax,dword ptr ds:
01811A50 81E2 841873F5 and edx,0xF5731884
01811A56 68 3409E700 push DC-Membe.00E70934 ; 358973976
01811A5B 83CA CF or edx,-0x31
01811A5E 035424 18 add edx,dword ptr ss:
01811A62 5A pop edx ; 0012FC80
01811A63 E8 D03DBFFE call DC-Membe.00405838
01811A68 8B83 B0030000 mov eax,dword ptr ds:
01811A6E 83C0 6E add eax,0x6E
01811A71 56 push esi
01811A72 57 push edi ; DC-Membe.0115648C
01811A73 52 push edx
01811A74 81D2 1776770C adc edx,0xC777617
01811A7A 83EA 8F sub edx,-0x71
01811A7D BA 56E04A00 mov edx,DC-Membe.004AE056
01811A82 8D96 686E3FF4 lea edx,dword ptr ds:
01811A88 2BD6 sub edx,esi
01811A8A 83EA DC sub edx,-0x24
01811A8D 42 inc edx
01811A8E 87FA xchg edx,edi ; DC-Membe.0115648C
01811A90 81C7 0192C00B add edi,0xBC09201
01811A96 4F dec edi ; DC-Membe.0115648C
01811A97 57 push edi ; DC-Membe.0115648C
01811A98 8B7424 10 mov esi,dword ptr ss:
01811A9C 81E6 A6138C2B and esi,0x2B8C13A6
01811AA2 5E pop esi ; 0012FC80
01811AA3 83C6 91 add esi,-0x6F
01811AA6 87D6 xchg esi,edx
01811AA8 2BC2 sub eax,edx
01811AAA 81C2 B2A5733B add edx,0x3B73A5B2
01811AB0 5A pop edx ; 0012FC80
01811AB1 BF 82BF4700 mov edi,DC-Membe.0047BF82
01811AB6 83EF 3D sub edi,0x3D
01811AB9 5F pop edi ; 0012FC80
01811ABA 8D743D F5 lea esi,dword ptr ss:
01811ABE 2BF5 sub esi,ebp
01811AC0 5E pop esi ; 0012FC80
01811AC1 81EA 385D6F8D sub edx,0x8D6F5D38
页:
[1]