至于软件名称么,不便透露,只是做的安全测试,程序是通过外部的key验证的。保护为upx修改壳。默认验证界面如下:
所谓的key验证也就是那么几行代码:
0050A409 /7F 2B JG SHORT dumped_.0050A436 ; 跳到验证比较
0050A40B |0F84 04010000 JE dumped_.0050A515
0050A411 |83E9 99 SUB ECX,-67
0050A414 |0F84 0C020000 JE dumped_.0050A626
0050A41A |49 DEC ECX
0050A41B |0F84 C1010000 JE dumped_.0050A5E2
0050A421 |49 DEC ECX
0050A422 |0F84 73010000 JE dumped_.0050A59B
0050A428 |83E9 60 SUB ECX,60
0050A42B |0F84 2B010000 JE dumped_.0050A55C ; 验证码错误
0050A431 |E9 32020000 JMP dumped_.0050A668
0050A436 \83E9 FD SUB ECX,-3
0050A439 0F84 97000000 JE dumped_.0050A4D6 ; 验证码错误,请重新导入
0050A43F 49 DEC ECX
0050A440 74 55 JE SHORT dumped_.0050A497 ; 该验证已经被其他机器占用,请重新导入授权文件
0050A442 49 DEC ECX
0050A443 74 13 JE SHORT dumped_.0050A458 ; 跳转后未通过验证,上面跳转均跳向错误
0050A445 49 DEC ECX
0050A446 0F85 1C020000 JNZ dumped_.0050A668 ; 跳转后直接退出
0050A44C C685 6BFFFFFF 01 MOV BYTE PTR SS:[EBP-95],1
0050A453 E9 10020000 JMP dumped_.0050A668
0050A458 66:C785 7CFFFFFF 7400 MOV WORD PTR SS:[EBP-84],74
0050A461 BA 7243A600 MOV EDX,dumped_.00A64372
0050A466 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
0050A469 E8 BE974100 CALL dumped_.00923C2C
0050A46E FF45 88 INC DWORD PTR SS:[EBP-78]
0050A471 8B10 MOV EDX,DWORD PTR DS:[EAX]
0050A473 B8 01000000 MOV EAX,1
0050A478 E8 4F38F4FF CALL dumped_.0044DCCC
