[原始]破解“简易数据恢复向导”以恢复注册码

--------------------------------------------------- ---------------------------------

[详细过程]

我今天删除了USB闪存驱动器中的数据，并希望将其还原，因此我找到了以前收集的出色软件，并发现想要注册，所以我打电话了. . . 这导致了下面的文章. . . 更不用说安装过程了. . “-|-”. . . 这是破解过程.

（1）使用PEID进行Shell搜索: Microsoft Visual C ++ 6.0

（2）用OD加载“ EaseUS数据恢复向导”，程序在此处停止:

0047B934> 55pushebp //程序入口

0047B9358BECmovebp，esp

0047B9376AFFpush-1

0047B9396808CA4800pushDRW.0048CA08

0047B93E68ECB74700push

0047B94364: A10000000> moveax，dwordptrfs: [0]

0047B94950pusheax

0047B94A64: 892500000> movdwordptrfs: [0]，尤其是

0047B95183EC68subesp，68

0047B95453pushebx

0047B95556pushesi

0047B95657pushedi

0047B9578965E8movdwordptrss: [ebp-18]，尤其是

0047B95A33DBxorebx，ebx

Shift + F9运行程序，输入注册名称: hack52注册代码: hack52ha-22222222-33333333-444444444（输入任何输入），单击“确定”，软件提示错误，在OD上按F12暂停，然后在菜单栏中输入“ K”，请点击此处:

调用堆栈

从框架调用地址栈函数的例程

0012E66C77D19418包含ntdll.KiFastSystemCallRetUSER32.77D194160012E6A0

0012E67077D2770AUSER32.WaitMessageUSER32.77D277050012E6A0

0012E6A477D249USER32.77D2757BUSER32.77D249BF0012E6A0

0012E6CC77D3A956USER32.77D2490EUSER32.77D3A9510012E6C8

0012E98C77D3A2BCUSER32.SoftModalMessageBoxUSER32.77D3A2B70012E988

0012EADC77D663FDUSER32.77D3A147USER32.77D663F80012EAD8

0012EB3477D664A2USER32.MessageBoxTimeoutWUSER32.77D6649D0012EB30

0012EB6877D50877？ USER32.MessageBoxTimeoutAUSER32.77D508720012EB64

0012EB8877D5082F？ USER32.MessageBoxExAUSER32.77D5082A0012EB84

0012EBA45F45C91C？ USER32.MessageBoxAMF2.5F45C9160012EBA0

0012EBBC00440F5D？ DRW.00440F58 //双击此处

点击此处转到此处:

00440F58E809A00300通话

00440F5DC645FC00movbyteptrss: [ebp-4]，0

00440F618D4DF0leaecx，dwordptrss: [ebp-10]

00440F64E8319C0300通话

00440F69C745FCFFFFF> movdwordptrss: [ebp-4]，-1

00440F708D4DECleaecx，dwordptrss: [ebp-14]

00440F73E8229C0300通话

拉至段落开头:

00440EC855pushebp //在此F2下突破

00440EC98BECmovebp，esp

00440ECB6AFFpush-1

00440ECD6806FB4700pushDRW.0047FB06

00440ED264: A10000000> moveax，dwordptrfs: [0]

00440ED850pusheax

00440ED964: 892500000> movdwordptrfs: [0]，尤其是

00440EE083EC20subesp，20

00440EE3894DE0movdwordptrss: [ebp-20]，ecx

00440EE66A01push1

F9继续运行程序，在错误提示上单击“确定”，然后单击“注册”. OD在此处（我们将其断开的位置）已损坏:

00440EC855pushebp //外径在此处中断

00440EC98BECmovebp，esp

00440ECB6AFFpush-1

00440ECD6806FB4700pushDRW.0047FB06

00440ED264: A10000000> moveax，dwordptrfs: [0]

00440ED850pusheax

00440ED964: 892500000> movdwordptrfs: [0]，尤其是

00440EE083EC20subesp，20

继续按F8转到该地址: 00440F1E，F7输入

00440F1EE8FD480300callDRW.00475820 // F7进入； //这就是所谓的按键CALL. . . . . . .

00440F2385C0testeax，eax

00440F257556jnzshortDRW.00440F7D; //当然，这是键跳转易我数据恢复向导20注册码，注册信息成功跳转到成功. . 可以在改革中大放异彩. 今天我们的目的不是爆炸，而是遵循注册码.

00440F2768F3EF0000push0EFF3

00440F2C8D4DF0leaecx，dwordptrss: [ebp-10]

00440F2FE8E49F0300通话

00440F346837EF0000push0EF37

00440F398D4DECleaecx，dwordptrss: [ebp-14]

00440F3CE8D79F0300通话

00440F416A10push10

00440F438D4DECleaecx，dwordptrss: [ebp-14]

00440F46E8A578FEFFcallDRW.004287F0

00440F4B50pusheax

00440F4C8D4DF0leaecx，dwordptrss: [ebp-10]

00440F4FE89C78FEFFcallDRW.004287F0

00440F5450pusheax

F7后来来到这里

0047582055 pushebp // F7来到这里

004758218BECmovebp，esp

004758238B4D0Cmovecx，dwordptrss: [ebp + C]

00475826E8C52FFBFFcallDRW.004287F0

0047582B50pusheax

0047582C8B4D08movecx，dwordptrss: [ebp + 8]

0047582FE8BC2FFBFFcallDRW.004287F0

0047583450pusheax

00475835E857F7FFFF呼叫DRW.00474F91

0047583A5Dpopebp

0047583BC20800retn8

继续F8，到达此地址: 00475835，F7进入.

0047582055pushebp

004758218BECmovebp，esp

004758238B4D0Cmovecx，dwordptrss: [ebp + C]

00475826E8C52FFBFFcallDRW.004287F0

0047582B50pusheax;出现了伪造的注册码.........

0047582C8B4D08movecx，dwordptrss: [ebp + 8]

0047582FE8BC2FFBFFcallDRW.004287F0

0047583450pusheax

00475835E857F7FFFFcallDRW.00474F91; F8一直到这里

0047583A5Dpopebp

0047583BC20800retn8

按F7来到这里:

00474F9155pushebp

00474F928BECmovebp，esp

00474F9481ECAC0A0000subesp，0AAC

00474F9AC78578FBFFFF> movdwordptrss: [ebp-488]，950B4B61 //下面的许多MOV指令可实现软件注册算法

00474FA466: C7857CFBF> movwordptrss: [ebp-484]，0FA41

00474FAD66: C7857EFBF> movwordptrss: [ebp-482]，4DC2

00474FB6C68580FBFFFF> movbyteptrss: [ebp-480]，0AD

00474FBDC68581FBFFFF> movbyteptrss: [ebp-47F]，7E

00474FC68582FBFFFF> movbyteptrss: [ebp-47E]，63

00474FCBC68583FBFFFF> movbyteptrss: [ebp-47D]，0CF

00474FD2C68584FBFFFF> movbyteptrss: [ebp-47C]，62

00474FD9C68585FBFFFF> movbyteptrss: [ebp-47B]，11

在这里一直按F8查看我们输入的信息，请按下面的F8查看我们想要的一些信息

004751E6837D0800cmpdwordptrss: [ebp + 8]，0；显示伪造的注册名称.....

004751EA7406jeshortDRW.004751F2

004751EC837D0C00cmpdwordptrss: [ebp + C]，0；显示伪造的注册码.....

004751F07507jnzshortDRW.004751F9

004751F233C0x ax，eax

004751F4E91D030000jmpDRW.00475516

......... //省略了一些说明

..................

.......................

///////////////////////////////////////////////// //// ////////// F8来到这里，“ //”中间是假注册码和真实注册码的比较

004753E18B8574FBFFFF移动，dwordptrss: [ebp-48C]

004753E783C001addeax，1

004753EA898574FBFFFFmovdwordptrss: [ebp-48C]，eax

004753F083BD74FBFFFF> cmpdwordptrss: [ebp-48C]易我数据恢复向导20注册码，4

004753F7733BjnbshortDRW.00475434

004753F98B8D74FBFFFFmovecx，dwordptrss: [ebp-48C]

004753FF8B948D58F9FF> movex，dwordptrss: [ebp + ecx * 4-6A8]

0047540652pushedx

0047540768E42A00pushDRW.004A2CE4; ASCII“％. 8x-”

0047540C8D8554F5FFFF叶，dwordptrss: [ebp-AAC]

0047541250pusheax

00475413FF15443A4800calldwordptrds: [<＆MSVCRT.sprintf>]; MSVCRT.sprintf

00475419830Caddesp，0C

0047541C8D8D54F5FFFFleaecx，dwordptrss: [ebp-AAC];八环显示8位真注册码

0047542251pushecx

004754238D9554F7FFFFleaedx，dwordptrss: [ebp-8AC]；错误的注册码

0047542952pushedx

0047542AE8F9640000呼叫

0047542F8308addesp，8

00475432 ^ EBADjmpshortDRW.004753E1

///////////////////////////////////////////////// //// ////////////

004754348D8554F7FFFF叶，dwordptrss: [ebp-8AC]

0047543A50pusheax

0047543BFF15E0394800calldwordptrds: [<＆MSVCRT._strupr>]; MSVCRT._strupr

004754418304addesp，4

004754448D8D54F7FFFFleaecx，dwordptrss: [ebp-8AC]

0047544A51pushecx

0047544BE822610000通话

004754508304addesp，4

00475453C6840553F7FF> movbyteptrss: [ebp + eax-8AD]，0

0047545B8D9554F7FFFFleaedx，dwordptrss: [ebp-8AC];在这里获取所有注册码

0047546152pushedx

00475462E80B610000通话

004754678304addesp，4

在这里出来

注册名称: hack52

注册代码: 11111111-E8847134-5B1824CA-63414152-81F6FA1F

输入注册码，重启软件后没有注册按钮.

7月，中国北京2020安全开发人员峰会（2020 SDC）征集！

本文来自电脑杂谈，转载请注明本文网址：
http://www.pc-fly.com/a/ruanjian/article-152423-1.html