Re: 到看雪去问
大老的打狗教程第一篇如解掉hasp的狗!希望对大家有所帮助!大老=[DCG]=
程序名:国外的工程类软件dasxx
保护 :hasp4 m1这是以色列的狗 m1是代表他有储存器
所用工具:trw2000 wasm32
我写的打狗教程这是第一篇!我共会写3篇的!写第一篇写个网上中文的教程比较少的hasp4的狗保护的软件!
我只是大体说一下破解的思路!
希望对大家有所帮助!
(1) 第一部分
=============================================================================================
:0042659A 50 push eax
:0042659B 51 push ecx
:0042659C 52 push edx
:0042659D 53 push ebx
:0042659E 68FE3F0000 push 00003FFE ===>这就是hasp狗读狗时要用到的密码! (1)
:004265A3 687B1D0000 push 00001D7B ===>hasp狗的密码! (2)
:004265A8 6800000000 push 00000000
:004265AD 6800000000 push 00000000
:004265B2 6801000000 push 00000001
:004265B7 E8A7FBFFFF call 00426163 ====>读狗 (1)
:004265BC 83C424 add esp, 00000024
:004265BF 8B45FC mov eax, dword ptr [ebp-04]==> 读狗后返回值=1就是有狗!
:004265C2 B901000000 mov ecx, 00000001
:004265C7 39C8 cmp eax, ecx
:004265C9 0F85EF020000 jne 004268BE ===> 跳就完蛋
:004265CF 8D45F0 lea eax, dword ptr [ebp-10]
:004265D2 8D4DF4 lea ecx, dword ptr [ebp-0C]
:004265D5 8D55F8 lea edx, dword ptr [ebp-08]
:004265D8 8D5DFC lea ebx, dword ptr [ebp-04]
:004265DB 50 push eax
:004265DC 51 push ecx
:004265DD 52 push edx
:004265DE 53 push ebx
:004265DF 68FE3F0000 push 00003FFE
:004265E4 687B1D0000 push 00001D7B
:004265E9 6800000000 push 00000000
:004265EE 6800000000 push 00000000
:004265F3 6805000000 push 00000005
:004265F8 E866FBFFFF call 00426163 ========>读狗(2)
:004265FD 83C424 add esp, 00000024
:00426600 8B45FC mov eax, dword ptr [ebp-04] ==> 读狗后返回值=1就是有狗!
:00426603 B901000000 mov ecx, 00000001
:00426608 39C8 cmp eax, ecx
:0042660A 0F85C2010000 jne 004267D2 ===> 跳就完蛋
:00426610 8B45F8 mov eax, dword ptr [ebp-08] ===>另外一个返回值
:00426613 39C8 cmp eax, ecx
:00426615 0F85B7010000 jne 004267D2 ====>跳就完蛋!
:0042661B 8D0518E74500 lea eax, dword ptr [0045E718]
:00426621 8B4DF4 mov ecx, dword ptr [ebp-0C]
:00426624 668908 mov word ptr [eax], cx
:00426627 6885510000 push 00005185
:0042662C 8D05BC614200 lea eax, dword ptr [004261BC]
:00426632 8D4DE0 lea ecx, dword ptr [ebp-20]
:00426635 51 push ecx
:00426636 FFD0 call eax 计算返回的数据
:00426638 83C408 add esp, 00000008
:0042663B 8B45E0 mov eax, dword ptr [ebp-20]====>返回数据(1) 正确值是bb2
:0042663E B9B20B0000 mov ecx, 00000BB2 这里是要比较的值!
:00426643 39C8 cmp eax, ecx ===>比较
:00426645 0F8530000000 jne 0042667B ===>跳到报错
:0042664B 8B45E4 mov eax, dword ptr [ebp-1C] ====>返回数据(2) 正确值是A6FE
:0042664E B9FEA60000 mov ecx, 0000A6FE
:00426653 39C8 cmp eax, ecx ===>比较
:00426655 0F8520000000 jne 0042667B ===>跳到报错
:0042665B 8B45E8 mov eax, dword ptr [ebp-18] ====>返回数据(3) 正确值是6A14
:0042665E B9146A0000 mov ecx, 00006A14
:00426663 39C8 cmp eax, ecx ===>比较
:0426665 0F8510000000 jne 0042667B ===>跳到报错 !
:0042666B 8B45EC mov eax, dword ptr [ebp-14]====>返回数据(4) 正确值是714D
:0042666E B94D710000 mov ecx, 0000714D
:00426673 39C8 cmp eax, ecx ===>比较 相等的话跳到正确处理流程
:00426675 0F84FC000000 je 00426777 ===>跳到正确处理流程 ===关键(1)====
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00426645(C), :00426655(C), :00426665(C)
|
:0042667B 8D0552924700 lea eax, dword ptr [00479252]
:00426681 6801000000 push 00000001
:00426686 50 push eax
:00426687 6800000000 push 00000000
:00426687 6800000000 push 00000000
* Reference To: cvirt.LoadPanel, Ord:0133h
|
:0042668C E891B3FDFF Call 00401A22
:00426691 8D4DDC lea ecx, dword ptr [ebp-24]
:00426694 8901 mov dword ptr [ecx], eax
:00426696 8B45DC mov eax, dword ptr [ebp-24]
:00426699 B900000000 mov ecx, 00000000
:0042669E 39C8 cmp eax, ecx
:004266A0 0F8D20000000 jnl 004266C6
* Reference To: cvirt.CVI_Beep, Ord:0259h
|
:004266A6 E845B8FDFF Call 00401EF0
:004266AB 8D05EA924700 lea eax, dword ptr [004792EA]
:004266B1 8D0DAA924700 lea ecx, dword ptr [004792AA]
:004266B7 50 push eax
:004266B8 51 push ecx
* Reference To: cvirt.MessagePopup, Ord:014Dh ===>报错信息!
|
:004266B9 E8CCB7FDFF Call 00401E8A
:004266BE 8D056A674200 lea eax, dword ptr [0042676A]
:004266C4 FFE0 jmp eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004266A0(C)
|
:004266C6 6800000000 push 00000000
:004266CB 6812020000 push 00000212
:004266D0 6803000000 push 00000003
==================================================================================================
程序名:国外的工程类软件dasxx
保护 :hasp4 m1这是以色列的狗 m1是代表他有储存器
所用工具:trw2000 wasm32
我写的打狗教程这是第一篇!我共会写3篇的!写第一篇写个网上中文的教程比较少的hasp4的狗保护的软件!
我只是大体说一下破解的思路!
希望对大家有所帮助!
(1) 第一部分
=============================================================================================
:0042659A 50 push eax
:0042659B 51 push ecx
:0042659C 52 push edx
:0042659D 53 push ebx
:0042659E 68FE3F0000 push 00003FFE ===>这就是hasp狗读狗时要用到的密码! (1)
:004265A3 687B1D0000 push 00001D7B ===>hasp狗的密码! (2)
:004265A8 6800000000 push 00000000
:004265AD 6800000000 push 00000000
:004265B2 6801000000 push 00000001
:004265B7 E8A7FBFFFF call 00426163 ====>读狗 (1)
:004265BC 83C424 add esp, 00000024
:004265BF 8B45FC mov eax, dword ptr [ebp-04]==> 读狗后返回值=1就是有狗!
:004265C2 B901000000 mov ecx, 00000001
:004265C7 39C8 cmp eax, ecx
:004265C9 0F85EF020000 jne 004268BE ===> 跳就完蛋
:004265CF 8D45F0 lea eax, dword ptr [ebp-10]
:004265D2 8D4DF4 lea ecx, dword ptr [ebp-0C]
:004265D5 8D55F8 lea edx, dword ptr [ebp-08]
:004265D8 8D5DFC lea ebx, dword ptr [ebp-04]
:004265DB 50 push eax
:004265DC 51 push ecx
:004265DD 52 push edx
:004265DE 53 push ebx
:004265DF 68FE3F0000 push 00003FFE
:004265E4 687B1D0000 push 00001D7B
:004265E9 6800000000 push 00000000
:004265EE 6800000000 push 00000000
:004265F3 6805000000 push 00000005
:004265F8 E866FBFFFF call 00426163 ========>读狗(2)
:004265FD 83C424 add esp, 00000024
:00426600 8B45FC mov eax, dword ptr [ebp-04] ==> 读狗后返回值=1就是有狗!
:00426603 B901000000 mov ecx, 00000001
:00426608 39C8 cmp eax, ecx
:0042660A 0F85C2010000 jne 004267D2 ===> 跳就完蛋
:00426610 8B45F8 mov eax, dword ptr [ebp-08] ===>另外一个返回值
:00426613 39C8 cmp eax, ecx
:00426615 0F85B7010000 jne 004267D2 ====>跳就完蛋!
:0042661B 8D0518E74500 lea eax, dword ptr [0045E718]
:00426621 8B4DF4 mov ecx, dword ptr [ebp-0C]
:00426624 668908 mov word ptr [eax], cx
:00426627 6885510000 push 00005185
:0042662C 8D05BC614200 lea eax, dword ptr [004261BC]
:00426632 8D4DE0 lea ecx, dword ptr [ebp-20]
:00426635 51 push ecx
:00426636 FFD0 call eax 计算返回的数据
:00426638 83C408 add esp, 00000008
:0042663B 8B45E0 mov eax, dword ptr [ebp-20]====>返回数据(1) 正确值是bb2
:0042663E B9B20B0000 mov ecx, 00000BB2 这里是要比较的值!
:00426643 39C8 cmp eax, ecx ===>比较
:00426645 0F8530000000 jne 0042667B ===>跳到报错
:0042664B 8B45E4 mov eax, dword ptr [ebp-1C] ====>返回数据(2) 正确值是A6FE
:0042664E B9FEA60000 mov ecx, 0000A6FE
:00426653 39C8 cmp eax, ecx ===>比较
:00426655 0F8520000000 jne 0042667B ===>跳到报错
:0042665B 8B45E8 mov eax, dword ptr [ebp-18] ====>返回数据(3) 正确值是6A14
:0042665E B9146A0000 mov ecx, 00006A14
:00426663 39C8 cmp eax, ecx ===>比较
:0426665 0F8510000000 jne 0042667B ===>跳到报错 !
:0042666B 8B45EC mov eax, dword ptr [ebp-14]====>返回数据(4) 正确值是714D
:0042666E B94D710000 mov ecx, 0000714D
:00426673 39C8 cmp eax, ecx ===>比较 相等的话跳到正确处理流程
:00426675 0F84FC000000 je 00426777 ===>跳到正确处理流程 ===关键(1)====
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00426645(C), :00426655(C), :00426665(C)
|
:0042667B 8D0552924700 lea eax, dword ptr [00479252]
:00426681 6801000000 push 00000001
:00426686 50 push eax
:00426687 6800000000 push 00000000
:00426687 6800000000 push 00000000
* Reference To: cvirt.LoadPanel, Ord:0133h
|
:0042668C E891B3FDFF Call 00401A22
:00426691 8D4DDC lea ecx, dword ptr [ebp-24]
:00426694 8901 mov dword ptr [ecx], eax
:00426696 8B45DC mov eax, dword ptr [ebp-24]
:00426699 B900000000 mov ecx, 00000000
:0042669E 39C8 cmp eax, ecx
:004266A0 0F8D20000000 jnl 004266C6
* Reference To: cvirt.CVI_Beep, Ord:0259h
|
:004266A6 E845B8FDFF Call 00401EF0
:004266AB 8D05EA924700 lea eax, dword ptr [004792EA]
:004266B1 8D0DAA924700 lea ecx, dword ptr [004792AA]
:004266B7 50 push eax
:004266B8 51 push ecx
* Reference To: cvirt.MessagePopup, Ord:014Dh ===>报错信息!
|
:004266B9 E8CCB7FDFF Call 00401E8A
:004266BE 8D056A674200 lea eax, dword ptr [0042676A]
:004266C4 FFE0 jmp eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004266A0(C)
|
:004266C6 6800000000 push 00000000
:004266CB 6812020000 push 00000212
:004266D0 6803000000 push 00000003
==================================================================================================
标签:
添加标签
- 标题
- 作者
- 时间
- 长度
- 点击
- 评价
-
- 一群吃饱了撑的还在讨论永动机,解决点实际问题
- 钝钝钝钝
- 2005-03-01 17:33
- 301
- 442
- 0/0
-
Re: 一群吃饱了撑的还在讨论永动机,解决点实际问题
- 风,大风
- 2005-03-02 09:25
- 5960
- 445
- 0/0
-
Re: 到看雪去问
- 风,大风
- 2005-03-02 09:24
- 5850
- 371
- 0/0
-
没爱心啊
- 墨韵
- 2005-03-01 23:50
- 17
- 292
- 0/0
-
学习新版不比跟踪破解来的更快吗
- 装懂
- 2005-03-01 17:43
- 0
- 267
- 0/0