至于软件名称么,不便透露,只是做的安全测试,程序是通过外部的key验证的。保护为upx修改壳。默认验证界面如下:
0050A409 /7F 2B JG SHORT dumped_.0050A436 ; 跳到验证比较 0050A40B |0F84 04010000 JE dumped_.0050A515 0050A411 |83E9 99 SUB ECX,-67 0050A414 |0F84 0C020000 JE dumped_.0050A626 0050A41A |49 DEC ECX 0050A41B |0F84 C1010000 JE dumped_.0050A5E2 0050A421 |49 DEC ECX 0050A422 |0F84 73010000 JE dumped_.0050A59B 0050A428 |83E9 60 SUB ECX,60 0050A42B |0F84 2B010000 JE dumped_.0050A55C ; 验证码错误 0050A431 |E9 32020000 JMP dumped_.0050A668 0050A436 \83E9 FD SUB ECX,-3 0050A439 0F84 97000000 JE dumped_.0050A4D6 ; 验证码错误,请重新导入 0050A43F 49 DEC ECX 0050A440 74 55 JE SHORT dumped_.0050A497 ; 该验证已经被其他机器占用,请重新导入授权文件 0050A442 49 DEC ECX 0050A443 74 13 JE SHORT dumped_.0050A458 ; 跳转后未通过验证,上面跳转均跳向错误 0050A445 49 DEC ECX 0050A446 0F85 1C020000 JNZ dumped_.0050A668 ; 跳转后直接退出 0050A44C C685 6BFFFFFF 01 MOV BYTE PTR SS:[EBP-95],1 0050A453 E9 10020000 JMP dumped_.0050A668 0050A458 66:C785 7CFFFFFF 7400 MOV WORD PTR SS:[EBP-84],74 0050A461 BA 7243A600 MOV EDX,dumped_.00A64372 0050A466 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54] 0050A469 E8 BE974100 CALL dumped_.00923C2C 0050A46E FF45 88 INC DWORD PTR SS:[EBP-78] 0050A471 8B10 MOV EDX,DWORD PTR DS:[EAX] 0050A473 B8 01000000 MOV EAX,1 0050A478 E8 4F38F4FF CALL dumped_.0044DCCC |