网站首页/网络技术列表/内容

世纪葵花--桌面直播录像机系统5.2

网络技术2023-12-17阅读
网络技术是从1990年代中期发展起来的新技术,它把互联网上分散的资源融为有机整体,实现资源的全面共享和有机协作,使人们能够透明地使用资源的整体能力并按需获取信息。资源包括高性能计算机、存储资源、数据资源、信息资源、知识资源、专家资源、大型数据库、网络、传感器等。 当前的互联网只限于信息共享,网络则被认为是互联网发展的第三阶段。

【前    言】:这个软件有很多地方不明白,所以发出来和大家探讨一下!(在这里也要谢谢安靖)
【下载页面】

http://www.softreg.com.cn/shareware_view.asp?id=/3E781F2B-1927-46BD-BB4E-567A2FE09680/
【文章作者】:辉仔Yock[DFCG][YCG]
【作者声明】:本人发表这篇文章只是为了学习和研究!!!请不用于商业用途或是将本文方法制作的注册机任意传播,读者看了文章后所做的事情与我无关,我也不会负责,请读者看了文章后三思而后行!最后希望大家在经济基础好的时候,支持共享软件!
【破解工具】:OLLYDBG  W32Dasm  

—————————————————————————————————  
【过    程】:
主程序SFCAPCaster.exe没有加壳,事用Microsoft Visual C++ 6.0编写的!
用W32dasm反汇编,根据参考字串很快找到关键!
用OLLYDBG加载SFCAPCaster.exe

选择帮助-->注册-->输入用户名Yock196(用户名要大于5位)-->邮箱地址(可以不填,下面不做运算!-->输入20位的假注册码KHSC-987654321ABCDEF(开头五位一定要是"KHSC-")

下断点004147D4来到下面:

:004147BF E83AE40100              call 00432BFE
                                 //这里事取得用户名位数

:004147C4 8B07                    mov eax, dword ptr [edi]
:004147C6 C744242000000000        mov [esp+20], 00000000
:004147CE 8B40F8                  mov eax, dword ptr [eax-08]
:004147D1 83F805                  cmp eax, 00000005
                                 //比较用户名是否小于5位

:004147D4 7D13                    jge 004147E9
:004147D6 6A00                    push 00000000
:004147D8 6A10                    push 00000010

* Possible StringData Ref from Data Obj ->"请输入长度大于5的用户名称"
                                 |
:004147DA 68A05B4500              push 00455BA0
:004147DF E8CF410200              call 004389B3
:004147E4 E91E010000              jmp 00414907

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004147D4(C)
|
:004147E9 8D4C2410                lea ecx, dword ptr [esp+10]
:004147ED 8D7E5C                  lea edi, dword ptr [esi+5C]
:004147F0 6A05                    push 00000005
:004147F2 51                      push ecx
:004147F3 8BCF                    mov ecx, edi
:004147F5 E8B18A0100              call 0042D2AB
:004147FA 8B00                    mov eax, dword ptr [eax]

* Possible StringData Ref from Data Obj ->"KHSC-"
                                 |
:004147FC 68985B4500              push 00455B98
:00414801 50                      push eax
:00414802 E8F59E0000              call 0041E6FC
                                 //比较注册码的前面五位是否"KHSC-"

:00414807 83C408                  add esp, 00000008
:0041480A 85C0                    test eax, eax
:0041480C 7511                    jne 0041481F
                                 //不是就跳下去出错

:0041480E 8B17                    mov edx, dword ptr [edi]
:00414810 837AF814                cmp dword ptr [edx-08], 00000014
                                 //比较注册码是否等于20位

:00414814 0F95C0                  setne al
:00414817 84C0                    test al, al
:00414819 7504                    jne 0041481F
                                 //不是的话跳下去出错

:0041481B 32DB                    xor bl, bl
:0041481D EB02                    jmp 00414821

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0041480C(C), :00414819(C)
|
:0041481F B301                    mov bl, 01

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041481D(U)
|
:00414821 8D4C2410                lea ecx, dword ptr [esp+10]
:00414825 E85FE60100              call 00432E89
:0041482A 84DB                    test bl, bl
:0041482C 7413                    je 00414841
                                 //输入的注册码如果不符合上面的条件就不跳走!
                                 //符合反之
                                 //这里可以说是一个暗桩,我第一次以为这样注册成功了!
                                 //其实不是的,符合上面的条件,但不是真的注册码一样是未注册!

:0041482E 6A00                    push 00000000
:00414830 6A10                    push 00000010

* Possible StringData Ref from Data Obj ->"注册失败!"
                                 |
:00414832 688C5B4500              push 00455B8C
:00414837 E877410200              call 004389B3
:0041483C E9C6000000              jmp 00414907

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041482C(C)                     //上面来到这里!

......
......
                                 //省略一部分用处不大的代码

:0041488D 8D442418                lea eax, dword ptr [esp+18]
:00414891 50                      push eax
                                 //用户名

:00414892 E829090000              call 004151C0
                                 //来到这里是把我的用户名经过运算后得出一串数字"298103222272636"
                                 //但是感觉上用处不大,我认为根本就没有!

:00414897 83C40C                  add esp, 0000000C
:0041489A 50                      push eax
:0041489B 8D4C2410                lea ecx, dword ptr [esp+10]
:0041489F C644242402              mov [esp+24], 02
:004148A4 E819E70100              call 00432FC2
:004148A9 8D4C2410                lea ecx, dword ptr [esp+10]
:004148AD C644242000              mov [esp+20], 00
:004148B2 E8D2E50100              call 00432E89
:004148B7 51                      push ecx
:004148B8 8D542410                lea edx, dword ptr [esp+10]
:004148BC 8BCC                    mov ecx, esp
:004148BE 89642418                mov dword ptr [esp+18], esp
:004148C2 52                      push edx
:004148C3 E836E30100              call 00432BFE
:004148C8 8BCE                    mov ecx, esi
:004148CA E861000000              call 00414930
:004148CF 6A00                    push 00000000
:004148D1 8BCE                    mov ecx, esi
:004148D3 E838010000              call 00414A10
:004148D8 8BCE                    mov ecx, esi
:004148DA E8E1030000              call 00414CC0
                                 //根据W32Dasm的提示得知这个CALL里面是注册成功但出的窗口!
                                 //跟进去!

:004148DF 8BCE                    mov ecx, esi
:004148E1 E87A030000              call 00414C60
                                 //根据W32Dasm的提示得知这个CALL里面是注册成功但出的窗口!
                                 //跟进去!

:004148E6 8B461C                  mov eax, dword ptr [esi+1C]
:004148E9 6A00                    push 00000000
:004148EB 6A00                    push 00000000
:004148ED 6892040000              push 00000492
:004148F2 50                      push eax

* Reference To: USER32.SendMessageA, Ord:0214h
                                 |
:004148F3 FF1574654400            Call dword ptr [00446574]
                                 //这个地方是最不明白的了!
                                 //用"安靖"的注册码注册就在这里但出成功的窗口!
                                 //用我自己追出来的注册码,这里是没有反映的!但也能注册成功!
                                 //还请高手指点!

:004148F9 8BCE                    mov ecx, esi
:004148FB E86DE00100              call 0043296D
:00414900 8BCE                    mov ecx, esi
:00414902 E81EF60100              call 00433F25
------------------------------------------------------------------
上面004148DA的CALL来到这里:
* Referenced by a CALL at Address:
|:004148DA   
|
:00414CC0 51                      push ecx
:00414CC1 56                      push esi
:00414CC2 8BF1                    mov esi, ecx
:00414CC4 57                      push edi
:00414CC5 8D442408                lea eax, dword ptr [esp+08]
:00414CC9 6A05                    push 00000005
:00414CCB 50                      push eax
:00414CCC 8D8EF4010000            lea ecx, dword ptr [esi+000001F4]
:00414CD2 E8D4850100              call 0042D2AB
:00414CD7 8B00                    mov eax, dword ptr [eax]
:00414CD9 50                      push eax
:00414CDA E8129A0000              call 0041E6F1
:00414CDF 83C404                  add esp, 00000004
:00414CE2 8D4C2408                lea ecx, dword ptr [esp+08]
:00414CE6 8BF8                    mov edi, eax
:00414CE8 E89CE10100              call 00432E89
:00414CED 8B8EE8010000            mov ecx, dword ptr [esi+000001E8]
:00414CF3 51                      push ecx
:00414CF4 E887020000              call 00414F80
:00414CF9 83C404                  add esp, 00000004
:00414CFC 3BF8                    cmp edi, eax
                                 //关键比较...
                                 //EDI和EAX寄存器分别存着真假注册码的前五位数的十六进制值!

:00414CFE 8986E8010000            mov dword ptr [esi+000001E8], eax
:00414D04 7509                    jne 00414D0F
                                 //这里跳走的话就...

:00414D06 6A01                    push 00000001
:00414D08 8BCE                    mov ecx, esi
:00414D0A E8B1FEFFFF              call 00414BC0
                                 //这里进去有三个跳转,这三个跳转不跳的话就出现注册成功窗口!

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414D04(C)
|
:00414D0F 5F                      pop edi
:00414D10 5E                      pop esi
:00414D11 59                      pop ecx
:00414D12 C3                      ret
------------------------------------------------------------------
上面004148E1的CALL来到这里:
* Referenced by a CALL at Address:
|:004148E1   
|
:00414C60 51                      push ecx
:00414C61 56                      push esi
:00414C62 57                      push edi
:00414C63 8BF1                    mov esi, ecx
:00414C65 6A05                    push 00000005
:00414C67 8D44240C                lea eax, dword ptr [esp+0C]
:00414C6B 6A05                    push 00000005
:00414C6D 50                      push eax
:00414C6E 8D8EF4010000            lea ecx, dword ptr [esi+000001F4]
:00414C74 E820850100              call 0042D199
:00414C79 8B00                    mov eax, dword ptr [eax]
:00414C7B 50                      push eax
:00414C7C E8709A0000              call 0041E6F1
:00414C81 83C404                  add esp, 00000004
:00414C84 8D4C2408                lea ecx, dword ptr [esp+08]
:00414C88 8BF8                    mov edi, eax
:00414C8A E8FAE10100              call 00432E89
:00414C8F 8B8EEC010000            mov ecx, dword ptr [esi+000001EC]
:00414C95 51                      push ecx
:00414C96 E8B5030000              call 00415050
:00414C9B 83C404                  add esp, 00000004
:00414C9E 3BF8                    cmp edi, eax
                                 //和上面一样,关键比较...
                                 //EDI和EAX寄存器分别存着真假注册码的前五位数的十六进制值!

:00414CA0 8986EC010000            mov dword ptr [esi+000001EC], eax
:00414CA6 7509                    jne 00414CB1
:00414CA8 6A02                    push 00000002
:00414CAA 8BCE                    mov ecx, esi
:00414CAC E80FFFFFFF              call 00414BC0
                                 //和上面一样
                                 //这里进去有三个跳转,这三个跳转不跳的话就出现注册成功窗口!

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414CA6(C)
|
:00414CB1 5F                      pop edi
:00414CB2 5E                      pop esi
:00414CB3 59                      pop ecx
:00414CB4 C3                      ret
------------------------------------------------------------------
这里就是00414CAC和00414D0A的CALL来到的地方:

* Referenced by a CALL at Addresses:
|:00414586   , :00414CAC   , :00414D0A   
|
:00414BC0 56                      push esi
:00414BC1 8BF1                    mov esi, ecx
:00414BC3 E8CCA20200              call 0043EE94
:00414BC8 8B5004                  mov edx, dword ptr [eax+04]
:00414BCB 8B442408                mov eax, dword ptr [esp+08]
:00414BCF 48                      dec eax
:00414BD0 7452                    je 00414C24
:00414BD2 48                      dec eax
:00414BD3 7436                    je 00414C0B
                                 //我追出来的正确注册码和"安靖"的注册码在这里都跳走了!

:00414BD5 48                      dec eax
:00414BD6 0F8580000000            jne 00414C5C
:00414BDC 6A00                    push 00000000
:00414BDE 6A01                    push 00000001
:00414BE0 8BCA                    mov ecx, edx
:00414BE2 C7825802000001000000    mov dword ptr [ebx+00000258], 00000001
:00414BEC E8AFFFFEFF              call 00404BA0
:00414BF1 6A00                    push 00000000
:00414BF3 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"注册成功, 请重新启动程序!"
                                 |
:00414BF5 68C05B4500              push 00455BC0
:00414BFA E8B43D0200              call 004389B3
:00414BFF 6A00                    push 00000000

* Reference To: USER32.PostQuitMessage, Ord:01E0h
                                 |
:00414C01 FF1564644400            Call dword ptr [00446464]
:00414C07 5E                      pop esi
:00414C08 C20400                  ret 0004
------------------------------------------------------------------
【总    结】:
我追出的注册码(邮箱不填也可以):
Yock196
KHSC-3518239909*****(后面五位随便)

安靖兄的注册码:
anjing
KHSC-351821842415032

注册信息保存在C:\WINDOWS\SYSTEM\SysXCasterDrv.sys
用我追出来的注册码按注册后没有反应(但也能成功!)
用安靖兄的注册码按注册后会弹出"注册成功, 请重新启动程序!"的框!
我想可能是我没有追到核心,所以想和大家探讨一下!
我问过安靖了,可是没有解决问题!好没头绪,希望又朋友能帮我看看!
最后在这里真心感谢你花了那么多时间看这篇文章!谢谢了... 

网络的神奇作用吸引着越来越多的用户加入其中,正因如此,网络的承受能力也面临着越来越严峻的考验―从硬件上、软件上、所用标准上......,各项技术都需要适时应势,对应发展,这正是网络迅速走向进步的催化剂。

相关阅读