safeengine虚拟机licence破解手记
来源:互联网 发布:游戏自动签到软件 编辑:程序博客网 时间:2024/04/19 05:36
声明:请支持使用正版软件,尊重原作者的劳动成果,此文只做技术交流,如有他人利用,产生后果,不负任何责任。
Safengine是一个具有反调试、反附加、动态自效验等功能,同时提供了对代码的变形、乱序和虚拟化等功能的应用程序保护壳,是一款简单易用的软件保护工具,它改变您的软件执行流程,以达到阻碍自动分析,消耗破解时间、精力的目的。
Safengine的代码分析引擎将在保护应用程序时提供完整的分析,从而对应用程序进行系统化的保护,将您的原始代码移动和变形,并且加入无数垃圾代码和反调试、跟踪代码。
Safengine处理的范围是整个程序,而不是程序里的某一个过程。所以,即使您的关键代码在保护后未经变形,也需要耗费破解者很长的时间才能找到,而往往只是一行两行代码,穿插在数以万计的垃圾代码中,是极其隐蔽和猥琐的。
Safengine的代码虚拟机在同类产品中最稳定、最完善,整体运行架构线程安全,不会改变系统对受保护代码的线程的调度。虚拟处理器采用了逻辑门级的指令拆分,使用与非和加法两个基础运算指令实现了大部分复杂的x86指令,并且使用了随机的虚拟寄存器参与运算,极大程度提高了代码保护的安全性。
在同类的软件保护壳中,Safengine提供了最完整的解决方案,集代码加密、虚拟化、授权于一体,并且每一项功能都可圈可点。
Safengine支持多种类型的文件格式:
所有32位PE文件,包括:
- Win32 可执行文件 (*.exe);
- Windows 屏幕保护程序 (*.scr);
- 动态链接库 (*.dll);
- 32位 ActiveX 控件 (*.ocx);
- 32位驱动程序 (*.sys);
破解笔记:
10017BA7 8C db 8C
10017BA8 B2 db B2
10017BA9 00 db 00
10017BAA 00 db 00
10017BAB 00 db 00
10017BAC . 837D 0C 00 cmp dword ptr ss:[ebp+0xC],0x0
10017BB0 . 0F84 A8000000 je safeengine.10017C5E
10017BB6 . EB 42 jmp Xsafeengine.10017BFA
10017BB8 6A db 6A ; CHAR 'j'
10017BB9 10 db 10
10017BBA E8 db E8
10017BBB 8E db 8E
10017BBC FD db FD
10017BBD FF db FF
10017BBE FF db FF
10017BBF 85 db 85
10017BC0 C0 db C0
10017BC1 74 db 74 ; CHAR 't'
10017BC2 0A db 0A
10017BC3 C7 db C7
10017BC4 00 db 00
10017BC5 D8A90110 dd safeengine.1001A9D8
10017BC9 8B db 8B
10017BCA F8 db F8
10017BCB EB db EB
10017BCC 02 db 02
10017BCD 33 db 33 ; CHAR '3'
10017BCE FF db FF
10017BCF 83 db 83
10017BD0 67 db 67 ; CHAR 'g'
10017BD1 08 db 08
10017BD2 00 db 00
10017BD3 83 db 83
10017BD4 67 db 67 ; CHAR 'g'
10017BD5 0C db 0C
10017BD6 00 db 00
10017BD7 8D db 8D
10017BD8 5F db 5F ; CHAR '_'
10017BD9 08 db 08
10017BDA 8D db 8D
10017BDB 46 db 46 ; CHAR 'F'
10017BDC 1C db 1C
10017BDD 50 db 50 ; CHAR 'P'
10017BDE 89 db 89
10017BDF 7D db 7D ; CHAR '}'
10017BE0 FC db FC
10017BE1 E8 db E8
10017BE2 . BF B01A00A2 mov edi,0xA2001AB0
0040280F . 68 80000000 push 0x80
00402814 . 8BCE mov ecx,esi
00402816 . C64424 74 01 mov byte ptr ss:[esp+0x74],0x1
0040281B . FF90 C0000000 call dword ptr ds:[eax+0xC0]
00402821 . 85C0 test eax,eax
00402823 . 75 54 jnz XBlendDes.00402879
00402825 . 6A 01 push 0x1
00402827 . 6A 12 push 0x12
00402829 . 6A 12 push 0x12
0040282B . 8D4C24 28 lea ecx,dword ptr ss:[esp+0x28]
0040282F . 50 push eax
00402830 . 51 push ecx
00402831 . 90 nop
00402832 . E8 1FD60300 call BlendDes.0043FE56
00402837 . 8BCF mov ecx,edi
00402839 . C747 20 00000>mov dword ptr ds:[edi+0x20],0x0
00402840 . E8 0B010000 call BlendDes.00402950 //弹出提示对话框 无key
00402845 > 8D4C24 38 lea ecx,dword ptr ss:[esp+0x38]
00402849 . C64424 64 00 mov byte ptr ss:[esp+0x64],0x0
mfc 2092
mfc 2152
Breakpoints, 条目 0
地址=0041AF30 BlendDes.<ModuleEntryPoint>
模块=BlendDes
激活=仅一次
反汇编=push ebp
Breakpoints, 条目 1
地址=0067ADA0
模块=blendmes
激活=始终
反汇编=call blendmes.0067ADA5
Breakpoints, 条目 2
地址=0067ADB0
模块=blendmes
激活=始终
反汇编=jmp dword ptr ds:[eax]
//rc_GetDocInfo
0012F460 0000000D ....
0012F464 000042AA 狟..
0012F468 00100E74 t.
0012F46C 52475501 UGR
0012F470 0012F641 A?. ASCII "'/"
0012F474 002DEDC9 身-. 返回到 blendmes.002DEDC9 来自 blendmes.002DEC70
0012F478 0012F478 x?.
50Ae0E74
0012F47C 0093B220
0012F480 0093B1D8
0012F484 0012F648
0012F488 0093B1D8
0012F48C 4C931B53
0012F490 4C931B53
0012F494 0191E7E8 ASCII "ef4bd11d68bbb7233ee927d3f0ab65f5"
0012F498 0A169C85
0012F49C 4B4AD311
0012F4A0 000000B2
//序列号keyEAX 0191E7E8 ASCII "03000004-1353584244-1369363929 (1000)"
ECX 0068DCB8 blendmes.0068DCB8
EDX 0191E7E9 ASCII "3000004-1353584244-1369363929 (1000)"
EBX 0093B1D8
ESP 0012F48C
EBP 00000012
ESI 0093B220
EDI 0012F4DE
EIP 0066F0C8 blendmes.0066F0C8
C 0 ES 0023 32位 0(FFFFFFFF)
P 0 CS 001B 32位 0(FFFFFFFF)
A 1 SS 0023 32位 0(FFFFFFFF)
Z 0 DS 0023 32位 0(FFFFFFFF)
S 0 FS 003B 32位 7FFDF000(4000)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_SUCCESS (00000000)
EFL 00000212 (NO,NB,NE,A,NS,PO,GE,G)
ST0 empty 0.0
ST1 empty 0.0
ST2 empty 0.0
ST3 empty 0.0
ST4 empty 0.0
ST5 empty 0.0
ST6 empty 2468095.0000000000000
ST7 empty -0.0001559907540025809
3 2 1 0 E S P U O Z D I
FST 4020 Cond 1 0 0 0 Err 0 0 1 0 0 0 0 0 (EQ)
FCW 027F Prec NEAR,53 掩码 1 1 1 1 1 1
006B82A9 85C0 test eax,eax
006B82AB 75 0F jnz Xsafeengine.006B82BC
006B82AD 68 09836B00 push safeengine.006B8309
006B82B2 B9 C42A6C00 mov ecx,safeengine.006C2AC4
006B82B7 E8 C6FBFFFF call safeengine.006B7E82//计算返回缓冲区
006B82BC C3 retn
006B82BD E8 D5FFFFFF call safeengine.006B8297
006B82C2 05 70100000 add eax,0x1070
006B82C7 68 74766B00 push safeengine.006B7674
006B82CC 8BC8 mov ecx,eax
edi=00000000
ds:[00752AC4]=002CD3C8//返回值在730000 ds:[22AC4]
102637BB 8061 18 F0 and byte ptr ds:[ecx+0x18],0xF0
102637BF 80E8 03 sub al,0x3
102637C2 ^ 0F80 E8FEFFFF jo safeengine原?102636B0
102637C8 8B99 C1000000 mov ebx,dword ptr ds:[ecx+0xC1]
102637CE 80E3 01 and bl,0x1
102637D1 3AC3 cmp al,bl
102637D3 ^ 0F85 D7FEFFFF jnz safeengine原?102636B0
102637D9 8381 B8000000 0>add dword ptr ds:[ecx+0xB8],0x3
10263C6A 8F0424 pop dword ptr ss:[esp]
10263C6D 66:894424 02 mov word ptr ss:[esp+0x2],ax
10263C72 66:895C24 01 mov word ptr ss:[esp+0x1],bx
10263C77 8D6424 02 lea esp,dword ptr ss:[esp+0x2]
10263C7B 896424 44 mov dword ptr ss:[esp+0x44],esp
10263C7F 66:52 push dx
10263C81 66:890C24 mov word ptr ss:[esp],cx
10263C85 8D6424 01 lea esp,dword ptr ss:[esp+0x1]
10263C89 ^ E9 90FAFFFF jmp safeengine原?1026371E
10263C8E ^ 76 F6 jbe Xsafeengine原?10263C86
10263C90 64:03FE add edi,esi
授权文件SE:102635F5 jnb short near ptr loc_102635C4+1
SE:102635F7 aad 1
SE:102635F9 arpl [ecx], di
SE:102635FB mov bh, 82h
SE:102635FD sub [ecx-18h], ah
SE:10263600 scasb
SE:10263601 pop large dword ptr fs:0
SE:10263608 lea esp, [esp+4]
SE:1026360C jmp loc_10002142 ; //入口点
Threads
标识 入口 数据块 最近的错误 状态 优先权 用户时间 系统时间
0000067C 1003E3CE 7FFDD000 ERROR_SUCCESS (000 激活 32 + 0 0.0000 s 0.0000 s
00000BF0 1003EC1E 7FFDA000 ERROR_SUCCESS (000 激活 32 + 0 0.0000 s 0.0000 s
00000C9C 10042892 7FFDB000 ERROR_SUCCESS (000 激活 32 + 0 0.0000 s 0.0000 s
00000DDC 1003E43A 7FFDE000 ERROR_SUCCESS (000 激活 32 + 0 0.0000 s 0.0000 s //检验线程
000012CC 1003E2CE 7FFDC000 ERROR_SUCCESS (000 激活 32 + 0 0.0000 s 0.0000 s
000013CC( 004011E0 7FFDF000 ERROR_SUCCESS (000 激活 32 + 0 1.0920 s 0.0780 s
1004E654 F6DD neg ch
1004E656 E8 CFFFFFFF call safeengine原?1004E62A //调用waitForSingleObject 1003E43A线程
1004E65B 66:8F0424 pop word ptr ss:[esp]
1004E65F E9 9D000000 jmp safeengine原?1004E701
100EF89B 8906 MOV DWORD PTR DS:[ESI],EAX
100EF89D E8 7B08FAFF CALL safeengine.1009011D
100EF8A2 E8 A2B0F8FF CALL safeengine.1007A949 //调用call 1026360C
100EF8A7 FA CLI
100EF8A8 8B81 90000000 MOV EAX,DWORD PTR DS:[ECX+90]
100EF8AE 3BC7 CMP EAX,EDI
100EF8B0 ^ 0F84 38FFFFFF JE safeengine.100EF7EE
100EF8B6 FFB1 98000000 PUSH DWORD PTR DS:[ECX+98]--------------------------------------------------------------------------------------------------
1004B554 E8 0D000000 CALL safeengine.1004B566
1004B559 56 PUSH ESI
1004B55A 6972 74 75616C5>IMUL ESI,DWORD PTR DS:[EDX+74],516C6175
1004B561 75 65 JNZ SHORT safeengine.1004B5C8
1004B563 72 79 JB SHORT safeengine.1004B5DE
1004B565 0050 E8 ADD BYTE PTR DS:[EAX-18],DL
1004B568 61 POPAD0012F31C 00ABDDE3 返回到 00ABDDE3
0012F320 00C8CA37 返回到 00C8CA370012F378 100E235C 返回到 safeengine.100E235C 来自 safeengine.100750A8
0012F244 1004B877 返回到 safeengine.1004B877 来自 safeengine.1004B884
0012F248 00000000
0012F24C 00000000
0012F250 0012F2D0
0012F254 0012F268
0012F258 00000001
0012F25C 10044708 safeengine.10044708
0012F260 00000000
0012F264 0012F290
0012F268 00000246
0012F26C 8A517D59
0012F270 100F3B3D 返回到 safeengine.100F3B3D 来自 safeengine.1004AC40
0012F274 10044708 safeengine.10044708
0012F278 0012F290
0012F27C 0000001C
0012F280 BB52149E
0012F284 10044708 safeengine.10044708
0012F288 00000000
0012F28C 0012F6DC
0012F290 0437A07C
0012F294 10044708 safeengine.10044708
0012F298 100437A0 safeengine.100437A0
0012F29C 0812F2F4
0012F2A0 00100447
--------------------------------------------------------------------------------------------------1004B554 E8 0D000000 CALL safeengine.1004B566
1004B559 56 PUSH ESI
1004B55A 6972 74 75616C5>IMUL ESI,DWORD PTR DS:[EDX+74],516C6175
1004B561 75 65 JNZ SHORT safeengine.1004B5C8
1004B563 72 79 JB SHORT safeengine.1004B5DE
1004B565 0050 E8 ADD BYTE PTR DS:[EAX-18],DL
1004B568 61 POPAD--------------------------------------------------------------------------------------------------
10049655 E8 00000000 CALL safeengine.1004965A
1004965A E9 8B170000 JMP safeengine.1004ADEA
1004965F D351 C1 RCL DWORD PTR DS:[ECX-3F],CL
10049662 A0 53B59347 MOV AL,BYTE PTR DS:[4793B553]
10049667 328D 5881E802 XOR CL,BYTE PTR SS:[EBP+2E88158]
1004966D 27 DAA
1004966E B5 A2 MOV CH,0A2--------------------------------------------------------------------------------------------------
100F3CEE 8710 XCHG DWORD PTR DS:[EAX],EDX
100F3CF0 85D2 TEST EDX,EDX
100F3CF2 ^ 0F85 2FF8FFFF JNZ safeengine.100F3527
100F3CF8 E8 4515F9FF CALL safeengine.10085242 //计算 时间过期
100F3CFD 0060 C6 ADD BYTE PTR DS:[EAX-3A],AH
100F3D00 C085 0F9CC58B 0>ROL BYTE PTR SS:[EBP+8BC59C0F],4
100F3D07 24 89 AND AL,89
100F3D09 7C 24 JL SHORT safeengine.100F3D2F
100F3D0B 1C 9C SBB AL,9C
100F3D0D FF3424 PUSH DWORD PTR SS:[ESP]
100F3D10 FF7424 04 PUSH DWORD PTR SS:[ESP+4]
100F3D14 884424 03 MOV BYTE PTR SS:[ESP+3],AL
100F3D18 FF7424 07 PUSH DWORD PTR SS:[ESP+7]
100F3D1C 8D6424 06 LEA ESP,DWORD PTR SS:[ESP+6]
100F3D20 8D6424 02 LEA ESP,DWORD PTR SS:[ESP+2]
100F3D24 8D6424 08 LEA ESP,DWORD PTR SS:[ESP+8]
100F3D28 61 POPAD
100F3D29 8BC7 MOV EAX,EDI
100F3D2B 85FF TEST EDI,EDI--------------------------------------------------------------------------------------------------
100852F7 60 PUSHAD
100852F8 66:8F4424 12 POP WORD PTR SS:[ESP+12]
100852FD 66:8F4424 10 POP WORD PTR SS:[ESP+10]
10085302 8D6424 10 LEA ESP,DWORD PTR SS:[ESP+10]
10085306 8D6424 03 LEA ESP,DWORD PTR SS:[ESP+3]
1008530A 886C24 02 MOV BYTE PTR SS:[ESP+2],CH
1008530E 8D6424 03 LEA ESP,DWORD PTR SS:[ESP+3]
10085312 8D6424 08 LEA ESP,DWORD PTR SS:[ESP+8]
10085316 68 2B945E20 PUSH 205E942B
1008531B E8 397CFCFF CALL safeengine.1004CF59 //计算 时间过期
10085320 41 INC ECX
10085321 53 PUSH EBX
10085322 E1 FF LOOPDE SHORT safeengine.10085323
10085324 74 24 JE SHORT safeengine.1008534A
10085326 02EB ADD CH,BL
10085328 3E:D059 C9 RCR BYTE PTR DS:[ECX-37],1
1008532C A8 5B TEST AL,5B
1008532E DE3A FIDIVR WORD PTR DS:[EDX]
10085330 B8 2E49B850 MOV EAX,50B8492E
1004CF59 60 PUSHAD
1004CF5A ^ 0F83 4DFDFFFF JNB safeengine.1004CCAD
1004CF60 ^ E9 B2FCFFFF JMP safeengine.1004CC17--------------------------------------------------------------------------------------------------
1004E9FE E8 15E6FFFF CALL safeengine.1004D0180012F378 100E235C 返回到 safeengine.100E235C 来自 safeengine.100750A8
0012F440 100EF12D 返回到 safeengine.100EF12D 来自 safeengine.1008F8DC1007511A 896424 15 MOV DWORD PTR SS:[ESP+15],ESP
1007511E 66:8F4424 18 POP WORD PTR SS:[ESP+18]
10075123 66:8F4424 0C POP WORD PTR SS:[ESP+C]
10075128 8D6424 40 LEA ESP,DWORD PTR SS:[ESP+40]
1007512C 68 DC975D20 PUSH 205D97DC
10075131 E8 237EFDFF CALL safeengine.1004CF59
10075136 A9 29B9D82B TEST EAX,2BD8B929
0012F51C |102633D5 safeengine.102633D5
0012F520 |00000001
0012F524 |0012F5A8
0012F528 |0012F8B0
0012F52C |10128EEC safeengine.10128EEC
0012F530 |0012F6AC
0012F534 |0012F548
0012F538 |12000F7C
0012F53C |00120000
0012F540 |ECDF7C00
0012F544 |0020DF27
0012F548 |12001E2C
0012F54C |000F1200
0012F550 |E800E812
0012F554 |0012F5E8
0012F558 |1012AD3D safeengine.1012AD3D
0012F55C |0012F6AC
0012F560 |0012F574
0012F564 |27ECC2AC
0012F568 |0012F744
0012F56C |1013F4A6 safeengine.1013F4A6
0012F570 |0012F74C
0012F574 |1013C41A safeengine.1013C41A
0012F578 |0012F83C
0012F57C |0012F758
0012F580 |1013A1FA safeengine.1013A1FA
100C28E3 6A 04 PUSH 4
100C28E5 57 PUSH EDI
100C28E6 FF50 1C CALL DWORD PTR DS:[EAX+1C]
100C28E9 85C0 TEST EAX,EAX
100C28EB ^ 0F84 D6FEFFFF JE safeengine.100C27C7
100C28F1 ^ E9 1DFFFFFF JMP safeengine.100C2813
100C28F6 5C POP ESP
100C2813 8B03 MOV EAX,DWORD PTR DS:[EBX]
100C2815 85C0 TEST EAX,EAX
100C2817 79 4B JNS SHORT safeengine.100C2864
100C2819 83EC 0E SUB ESP,0E
100C281C F9 STC
100C281D 66:8F0424 POP WORD PTR SS:[ESP]
100C2821 E9 CB010000 JMP safeengine.100C29F1100D32BB E8 F468FBFF CALL safeengine.10089BB4
100D32C0 E8 2924F9FF CALL safeengine.100656EE
100D32C5 59 POP ECX
100D32C6 59 POP ECX
100D32C7 3930 CMP DWORD PTR DS:[EAX],ESI
100D32C9 ^ 0F86 77F3FFFF JBE safeengine.100D2646
100D32CF 33FF XOR EDI,EDI
100D32D1 03C7 ADD EAX,EDI
100D32D3 FF70 10 PUSH DWORD PTR DS:[EAX+10]
100D32D6 FF70 04 PUSH DWORD PTR DS:[EAX+4]
100D32D9 E8 B468FBFF CALL safeengine.10089B92
100D32DE E8 A524F9FF CALL safeengine.10065788
100D32E3 46 INC ESI
100D32E4 59 POP ECX
100D32E5 83EC 0B SUB ESP,0B
100F1223 8B48 44 MOV ECX,DWORD PTR DS:[EAX+44]
100F1226 E8 B1FFF9FF CALL safeengine.100911DC
100F122B E8 A90AF9FF CALL safeengine.10081CD9 //此处还未解密------------------------------------------------------------------------------------------------------------
100D2AC0 E6 89 OUT 89,AL ; I/O 命令
100D2AC2 45 INC EBP
100D2AC3 E8 FF150C56 CALL 661940C7
100D2AC8 04 10 ADD AL,10
100D2ACA 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
100D2ACD 51 PUSH ECX
100D2ACE 6A 40 PUSH 40
100D2AD0 FF76 50 PUSH DWORD PTR DS:[ESI+50]
100D2AD3 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
100D2AD6 60 PUSHAD
100D2AD7 894C24 16 MOV DWORD PTR SS:[ESP+16],ECX
100D2ADB FF7424 1F PUSH DWORD PTR SS:[ESP+1F]
100D2ADF E9 AB010000 JMP safeengine.100D2C8F---------------------------------------------------------------------------------------
00AC89E9 0FBF80 0C4A937C MOVSX EAX,WORD PTR DS:[EAX+7C934A0C]
00AC89F0 E9 89010000 JMP 00AC8B7E
00AC89F5 FFB7 78050000 PUSH DWORD PTR DS:[EDI+578]
00AC89FB E8 EF7CFEFF CALL 00AB06EF
00AC8A00 ^ E9 0E7DFFFF JMP 00AC0713
00AC8A05 A8 01 TEST AL,1----------------------------------------------------------------------------------------
100E270F 8D85 E8FDFFFF lea eax,dword ptr ss:[ebp-0x218]
100E2715 50 push eax
100E2716 E8 E02EF9FF call safeengine原?100755FB
100E271B FF50 04 call dword ptr ds:[eax+0x4] //kernel32.Createfile
100E271E 66:56 push si
100E2720 52 push edx
100E2721 FF7424 05 push dword ptr ss:[esp+0x5]
100E2725 66:FF7424 04 push word ptr ss:[esp+0x4]
100E272A 895C24 08 mov dword ptr ss:[esp+0x8],ebx
100E272E 9C pushfd
100E272F 882424 mov byte ptr ss:[esp],ah-------------------------------------------------------------------------------------------------------------
100E2740 66:FF3424 push word ptr ss:[esp]
100E2744 887424 01 mov byte ptr ss:[esp+0x1],dh
100E2748 8D6424 0C lea esp,dword ptr ss:[esp+0xC]
100E274C 8945 FC mov dword ptr ss:[ebp-0x4],eax
100E274F 50 push eax
100E2750 E8 912DF9FF call safeengine原?100754E6
100E2755 FF50 08 call dword ptr ds:[eax+0x8] ; kernel32.GetFileSize
100E2758 60 pushad
100E2759 66:87CE xchg si,cx
100E275C 66:8B2C24 mov bp,word ptr ss:[esp]
100E2760 0FCB bswap ebx
100E2762 8DB9 E928F322 lea edi,dword ptr ds:[ecx+0x22F328E9]
100E2768 87CA xchg edx,ecx
---------------------------------------------------------------------------------------------------------------100D2948 51 PUSH ECX
100D2949 FF3424 PUSH DWORD PTR SS:[ESP]
100D294C FF7424 02 PUSH DWORD PTR SS:[ESP+2]
100D2950 FF7424 0A PUSH DWORD PTR SS:[ESP+A]
100D2954 897C24 02 MOV DWORD PTR SS:[ESP+2],EDI
100D2958 894424 0C MOV DWORD PTR SS:[ESP+C],EAX
100D295C 9C PUSHFD
100D295D 890C24 MOV DWORD PTR SS:[ESP],ECX
100D2960 8D6424 03 LEA ESP,DWORD PTR SS:[ESP+3]
100D2964 8D6424 01 LEA ESP,DWORD PTR SS:[ESP+1]
100D2968 8D6424 0C LEA ESP,DWORD PTR SS:[ESP+C]
100D296C FF75 F8 PUSH DWORD PTR SS:[EBP-8]
100D296F E8 DF24F9FF CALL safeengine.10064E53
100D2974 53 PUSH EBX
100D2975 56 PUSH ESI
100D2976 895D EC MOV DWORD PTR SS:[EBP-14],EBX
100D2979 FF50 0C CALL DWORD PTR DS:[EAX+C] ; kernel32.ReadFile
100D297C E8 A325F9FF CALL safeengine.10064F24
100D2981 56 PUSH ESI
100D2982 FF50 10 CALL DWORD PTR DS:[EAX+10]
100D2985 8BCB MOV ECX,EBX
100D2987 E8 CA70FBFF CALL safeengine.10089A56
100D298C 8BF0 MOV ESI,EAX
100D298E 85F6 TEST ESI,ESI
100D2990 ^ 0F85 72FFFFFF JNZ safeengine.100D2908
100D2996 ^ E9 D9FCFFFF JMP safeengine.100D2674
100D299B FB STI
100D299C E8 61E8749B CALL AB821202
------------------------------------------------------------------------------------------------------------0012F1F0 /0012F21C
0012F1F4 |013CBD19 返回到 013CBD19-------------------------------------------------------------------------------------------------------------
013CBCFC 68 CDABBADC push 0xDCBAABCD
013CBD01 56 push esi
013CBD02 FF75 18 push dword ptr ss:[ebp+0x18]
013CBD05 FF75 14 push dword ptr ss:[ebp+0x14]
013CBD08 FF75 10 push dword ptr ss:[ebp+0x10]
013CBD0B FF75 0C push dword ptr ss:[ebp+0xC]
013CBD0E 64:800D CA0F000>or byte ptr fs:[0xFCA],0x1
013CBD16 FF55 08 call dword ptr ss:[ebp+0x8] //失败对话框
013CBD19 64:8025 CA0F000>and byte ptr fs:[0xFCA],0xFE
013CBD21 817C24 04 CDABB>cmp dword ptr ss:[esp+0x4],0xDCBAABCD
013CBD29 0F85 B8AC0100 jnz 013E69E7
013CBD2F 83C4 08 add esp,0x8
013CBD32 5B pop ebx
013CBD33 5F pop edi
013CBD34 5E pop esi
013CBD35 5D pop ebp
013CBD36 C2 1400 retn 0x14
-------------------------------------------------------------------------------------
0012F208 00000110
0012F20C DCBAABCD
0012F210 00000000
0012F214 0012F26C
0012F218 00000110
0012F21C /0012F294
0012F220 |013CBE19 返回到 013CBE19 来自 013CBCF6
0012F224 |773F5BC1 USER32.DefDlgProcW
0012F228 |000C02B0
0012F22C |00000110013CBE07 FF75 1C push dword ptr ss:[ebp+0x1C]
013CBE0A FF75 18 push dword ptr ss:[ebp+0x18]
013CBE0D 56 push esi
013CBE0E FF75 10 push dword ptr ss:[ebp+0x10]
013CBE11 FF75 0C push dword ptr ss:[ebp+0xC]
013CBE14 E8 DDFEFFFF call 013CBCF6 //失败对话框
013CBE19 8945 E4 mov dword ptr ss:[ebp-0x1C],eax
013CBE1C C745 FC FEFFFFF>mov dword ptr ss:[ebp-0x4],-0x2
---------------------------------------------------------------------------------------------------
100EB93A 56 push esi
100EB93B 68 80000000 push 0x80
100EB940 6A 03 push 0x3
100EB942 56 push esi
100EB943 6A 01 push 0x1
100EB945 68 00000080 push 0x80000000
100EB94A FF75 08 push dword ptr ss:[ebp+0x8]
100EB94D FF50 04 call dword ptr ds:[eax+0x4] //creatFile(safeengine.key)
100EB950 60 pushad
100EB951 C7C6 D650304A mov esi,0x4A3050D6
100EB957 66:8B2C24 mov bp,word ptr ss:[esp]
100EB95B 0FCA bswap edx
100EB95D C6C6 49 mov dh,0x49
100EB960 86D7 xchg bh,dl
100EB962 E9 53010000 jmp safeengine原?100EBABA
-------------------------------------------------------------------------------------------100D2702 8D6424 03 LEA ESP,DWORD PTR SS:[ESP+3]
100D2706 6A 01 PUSH 1
100D2708 68 00000080 PUSH 80000000
100D270D 8D85 DCFDFFFF LEA EAX,DWORD PTR SS:[EBP-224]
100D2713 50 PUSH EAX
100D2714 E8 9B0FF9FF CALL safeengine.100636B4
100D2719 FF50 04 CALL DWORD PTR DS:[EAX+4] ; kernel32.CreateFileW
100D271C 8BF0 MOV ESI,EAX
100D271E 66:53 PUSH BX
100D2720 66:FF7424 01 PUSH WORD PTR SS:[ESP+1]
100D2725 83FE FF CMP ESI,-1
100D2728 E9 92000000 JMP safeengine.100D27BF
-------------------------------------------------------------------------------------------
100E0F93 33C0 xor eax,eax
100E0F95 ^ E9 8CFEFFFF jmp safeengine原?100E0E26 //messagebox safeengine100E2345 8D70 10 lea esi,dword ptr ds:[eax+0x10]
100E2348 FF50 4C call dword ptr ds:[eax+0x4C]
100E234B 50 push eax
100E234C FF16 call dword ptr ds:[esi]
100E234E FF7424 0C push dword ptr ss:[esp+0xC]
100E2352 E8 8DAFFAFF call safeengine原?1008D2E4 //messagebox safeengine
100E2357 E8 4C2DF9FF call safeengine原?100750A8
--------------------------------------------------------------------------------------------------------
100EBA6C 53 push ebx
100EBA6D FF50 08 call dword ptr ds:[eax+0x8] ////GetFileSize Key
100EBA70 8BF8 mov edi,eax
--------------------------------------------------------------------------------------------------------
100E283D 66:891C24 MOV WORD PTR SS:[ESP],BX
100E2841 8D6424 03 LEA ESP,DWORD PTR SS:[ESP+3]
100E2845 8D6424 04 LEA ESP,DWORD PTR SS:[ESP+4]
100E2849 56 PUSH ESI
100E284A FF75 FC PUSH DWORD PTR SS:[EBP-4]
100E284D FF50 0C CALL DWORD PTR DS:[EAX+C] //readKey
100E2850 FF75 FC PUSH DWORD PTR SS:[EBP-4]
100E2853 E8 CB2EF9FF CALL safeengine.10075723
100E2858 FF50 10 CALL DWORD PTR DS:[EAX+10]
--------------------------------------------------------------------------------------------------------
100E233E 16 push ss
100E233F E5 0D in eax,0xD
100E2341 6F outs dx,dword ptr es:[edi]
100E2342 55 push ebp
100E2343 93 xchg eax,ebx
100E2344 57 push edi
100E2345 8D70 10 lea esi,dword ptr ds:[eax+0x10]
100E2348 FF50 4C call dword ptr ds:[eax+0x4C] ; kernel32.CreateThread
100E234B 50 push eax
--------------------------------------------------------------------------------------------------------------100D2937 5C POP ESP
100D2938 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
100D293B FF15 0C560410 CALL DWORD PTR DS:[1004560C] ; ntdll.RtlAllocateHeap
100D2941 8BD8 MOV EBX,EAX------------------------------------------------------------------------------------------------------------------
100EF121 ^/0F84 70FFFFFF JE safeengine.100EF097
100EF127 50 PUSH EAX
100EF128 E8 AF07FAFF CALL safeengine.1008F8DC
100EF12D 59 POP ECX
100EF12E ^ E9 64FFFFFF JMP safeengine.100EF097
100EF133 14 8A ADC AL,8A
100EF135 66:891C24 MOV WORD PTR SS:[ESP],BX0149FC18 7C939B23 返回到 ntdll.7C939B23 来自 ntdll.ZwWaitForSingleObject
------------------------------------------------------------------------------------------------------------------------
100D2706 6A 01 PUSH 1
100D2708 68 00000080 PUSH 80000000
100D270D 8D85 DCFDFFFF LEA EAX,DWORD PTR SS:[EBP-224]
100D2713 50 PUSH EAX
100D2714 E8 9B0FF9FF CALL safeengine.100636B4
100D2719 FF50 04 CALL DWORD PTR DS:[EAX+4]
100D271C 8BF0 MOV ESI,EAX
100D271E 66:53 PUSH BX
100D2720 66:FF7424 01 PUSH WORD PTR SS:[ESP+1]
100D2725 83FE FF CMP ESI,-1
100D2728 E9 92000000 JMP safeengine.100D27BF
101C3320 (loadlibrary )Kernel32.dll
0012F440 100EF12D 返回到 safeengine.100EF12D 来自 safeengine.1008F8DC001534B8 7C80B475 kernel32.GetModuleFileNameW
001534BC 7C810800 kernel32.CreateFileW
001534C0 7C810B17 kernel32.GetFileSize
001534C4 7C801812 kernel32.ReadFile
001534C8 7C809BE7 kernel32.CloseHandle
001534CC 7C801D53 kernel32.LoadLibraryExA
001534D0 7C92FF2D ntdll.RtlFreeHeap
001534D4 7C801AD4 kernel32.VirtualProtect
001534D8 7C80934A kernel32.GetTickCount
001534DC 7C80AE40 kernel32.GetProcAddress
001534E0 7C92120E ntdll.DbgBreakPoint
001534E4 7C921212 ntdll.DbgUserBreakPoint
001534E8 7C9720EC ntdll.DbgUiRemoteBreakinDS:[001534BC]=7C810800 (kernel32.CreateFileW)
------------------------------------------------------------------------------100D2932 E8 8727F9FF CALL safeengine.100650BE
100D2937 5C POP ESP
100D2938 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
100D293B FF15 0C560410 CALL DWORD PTR DS:[1004560C] ; ntdll.RtlAllocateHeap
100D2941 8BD8 MOV EBX,EAX
100D2943 6A 00 PUSH 0---------------------------------------------------------------------------------
100D2AB9 6A 00 PUSH 0
100D2ABB E8 4025F9FF CALL safeengine.10065000
100D2AC0 E6 89 OUT 89,AL ; I/O 命令
100D2AC2 45 INC EBP
100D2AC3 E8 FF150C56 CALL 661940C7 //ZwAllocateVirtualMemory
100D2AC8 04 10 ADD AL,10------------------------------------------------------------------------------
100D2964 8D6424 01 LEA ESP,DWORD PTR SS:[ESP+1]
100D2968 8D6424 0C LEA ESP,DWORD PTR SS:[ESP+C]
100D296C FF75 F8 PUSH DWORD PTR SS:[EBP-8]
100D296F E8 DF24F9FF CALL safeengine.10064E53
100D2974 53 PUSH EBX
100D2975 56 PUSH ESI
100D2976 895D EC MOV DWORD PTR SS:[EBP-14],EBX
100D2979 FF50 0C CALL DWORD PTR DS:[EAX+C]
100D297C E8 A325F9FF CALL safeengine.10064F24
100D2981 56 PUSH ESI
100D2982 FF50 10 CALL DWORD PTR DS:[EAX+10] //0x1534c8 GetModuleFileNameW
100D2985 8BCB MOV ECX,EBX
100D2987 E8 CA70FBFF CALL safeengine.10089A56
100D298C 8BF0 MOV ESI,EAX
100D298E 85F6 TEST ESI,ESI
100D2990 ^ 0F85 72FFFFFF JNZ safeengine.100D2908
100D2996 ^ E9 D9FCFFFF JMP safeengine.100D2674
100D299B FB STI
100D299C E8 61E8749B CALL AB821202
100D29A1 C7C7 AE5A1F20 MOV EDI,201F5AAE
100D29A7 8D78 37 LEA EDI,DWORD PTR DS:[EAX+37]
100D29AA 8B3C24 MOV EDI,DWORD PTR SS:[ESP]
100D29AD 66:54 PUSH SP
100D29AF 66:890C24 MOV WORD PTR SS:[ESP],CX
100D29B3 881C24 MOV BYTE PTR SS:[ESP],BL
100D29B6 8D2424 LEA ESP,DWORD PTR SS:[ESP]
100D29B9 55 PUSH EBP
100D29BA 8D6424 02 LEA ESP,DWORD PTR SS:[ESP+2]
100D29BE ^ E9 8CFCFFFF JMP safeengine.100D264F-----------------------------------------------------------------------------------------------------
100D2AC8 04 10 ADD AL,10
100D2ACA 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
100D2ACD 51 PUSH ECX
100D2ACE 6A 40 PUSH 40
100D2AD0 FF76 50 PUSH DWORD PTR DS:[ESI+50]
100D2AD3 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
100D2AD6 60 PUSHAD
100D2AD7 894C24 16 MOV DWORD PTR SS:[ESP+16],ECX
100D2ADB FF7424 1F PUSH DWORD PTR SS:[ESP+1F]
100D2ADF E9 AB010000 JMP safeengine.100D2C8F------------------------------------------------------------------------------------------------------
100EBDEA 8975 08 MOV DWORD PTR SS:[EBP+8],ESI
100EBDED FF50 0C CALL DWORD PTR DS:[EAX+C]
100EBDF0 E8 1FABF8FF CALL safeengine.10076914
100EBDF5 53 PUSH EBX
100EBDF6 FF50 10 CALL DWORD PTR DS:[EAX+10] //五次获得key
100EBDF9 3B7D 08 CMP EDI,DWORD PTR SS:[EBP+8]
100EBDFC ^ 0F85 04FBFFFF JNZ safeengine.100EB906
100EBE02 F8 CLC-------------------------------------------------------------------------------------------------------
1009CAFE 5F POP EDI ; 00161798 读key 返回
1009CAFF C9 LEAVE
1009CB00 C3 RETN
----------------------------------------------------------------------------------------------------------------
100EAEA2 E8 0A2EFAFF CALL safeengine.1008DCB1
100EAEA7 8D4424 78 LEA EAX,DWORD PTR SS:[ESP+78]
100EAEAB E8 A42FFAFF CALL safeengine.1008DE54
100EAEB0 57 PUSH EDI
100EAEB1 8D4C24 7C LEA ECX,DWORD PTR SS:[ESP+7C]
100EAEB5 E8 4F18F5FF CALL safeengine.1003C709
100EAEBA 59 POP ECX
100EAEBB 8D8424 00010000 LEA EAX,DWORD PTR SS:[ESP+100]
100EAEC2 50 PUSH EAX
100EAEC3 E8 70B4F8FF CALL safeengine.10076338
100EAEC8 8B58 14 MOV EBX,DWORD PTR DS:[EAX+14] ; safeengine.10036321
100EAECB E8 F232FAFF CALL safeengine.1008E1C2----------------------------------------------------------------------------------------------------------------------------
100EBD01 E8 14D3F8FF CALL safeengine.1007901A
100EBD06 14 EB ADC AL,0EB
100EBD08 CC INT3------------------------------------------------------------------------------------------------------------------------------
10049193 8B05 0000C544 MOV EAX,DWORD PTR DS:[44C50000]
10049199 DABD 4CA3E487 FIDIVR DWORD PTR SS:[EBP+87E4A34C]
1004919F E8 0C000000 CALL safeengine.100491B0
100491A4 4D DEC EBP
100491A5 65:73 73 JNB SHORT safeengine.1004921B ; 多余的前缀
100491A8 61 POPAD
100491A9 67:65:42 INC EDX ; 多余的前缀
100491AC 6F OUTS DX,DWORD PTR ES:[EDI] ; I/O 命令
100491AD 78 57 JS SHORT safeengine.10049206---------------------------------------------------------------------------------------------------------------------------------
*****************************************************************************
*
*MessageBox 天数已满
*
******************************************************************************
100492A3 FF90 E1ED3FF6 CALL DWORD PTR DS:[EAX+F63FEDE1]
100492A9 ^ E9 F1FEFFFF JMP safeengine.1004919F
00BA5CF1 FF75 14 PUSH DWORD PTR SS:[EBP+14]
00BA5CF4 FF75 10 PUSH DWORD PTR SS:[EBP+10]
00BA5CF7 FF75 0C PUSH DWORD PTR SS:[EBP+C]
00BA5CFA FF75 08 PUSH DWORD PTR SS:[EBP+8]
00BA5CFD E8 BFA2FEFF CALL 00B8FFC1 //call MessageBox 天数已满
00BA5D02 5D POP EBP
00BA5D03 C2 1000 RETN 10
100E240F 893424 MOV DWORD PTR SS:[ESP],ESI
100E2412 884424 01 MOV BYTE PTR SS:[ESP+1],AL
100E2416 8D6424 02 LEA ESP,DWORD PTR SS:[ESP+2]
100E241A 8D6424 04 LEA ESP,DWORD PTR SS:[ESP+4]
100E241E E8 BE6CF6FF CALL safeengine.100490E1 //上一层
100E2423 00E9 ADD CL,CH
100E2425 6A EB PUSH -15
100E2427 FFFF ??? ; 未知命令-----------------------------------------------------------------------------------------------------------------------------------
00AB0229 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX]
00AB022F 8B41 24 MOV EAX,DWORD PTR DS:[ECX+24]
00AB0232 3942 0C CMP DWORD PTR DS:[EDX+C],EAX
00AB0235 75 18 JNZ SHORT 00AB024F1100EBC77 FF75 FC PUSH DWORD PTR SS:[EBP-4]
100EBC7A 8BF8 MOV EDI,EAX
100EBC7C E8 4FEEF8FF CALL safeengine.1007AAD0
100EBD01 E8 14D3F8FF CALL safeengine.1007901A100EE975 0000 ADD BYTE PTR DS:[EAX],AL
100EE977 E8 0CB2F8FF CALL safeengine.10079B88
100EE97C BC 8B410439 MOV ESP,3904418B//栈空间
0012F42C 100EEDF0 返回到 safeengine.100EEDF0
0012F430 00000000
0012F434 00000000
0012F438 10042892 safeengine.10042892*********************************************************************************
//过期的天数
0012F440 100EEEF7 返回到 safeengine.100EEEF7100EEEEC 8D6424 02 LEA ESP,DWORD PTR SS:[ESP+2]
100EEEF0 8D6424 30 LEA ESP,DWORD PTR SS:[ESP+30]
100EEEF4 FF50 10 CALL DWORD PTR DS:[EAX+10]
100EEEF7 E8 7CAEF8FF CALL safeengine.10079D78
00C7A96F 8BFF MOV EDI,EDI
00C7A971 55 PUSH EBP
00C7A972 8BEC MOV EBP,ESP
00C7A974 837D 08 00 CMP DWORD PTR SS:[EBP+8],0
00C7A978 74 18 JE SHORT 00C7A992
00C7A97A FF75 08 PUSH DWORD PTR SS:[EBP+8]
00C7A97D E8 C0290000 CALL 00C7D342
00C7A982 85C0 TEST EAX,EAX
00C7A984 74 08 JE SHORT 00C7A98E
00C7A986 FF70 04 PUSH DWORD PTR DS:[EAX+4]
00C7A989 E8 7D2D0000 CALL 00C7D70B
00C7A98E 5D POP EBP
00C7A98F C2 0400 RETN 4
0012F2C4 00000000
0012F2C8 00000000
0012F2CC 00000000
0012F2D0 00000000
0012F2D4 00000000
0012F2D8 00000000
0012F2DC 100497FC 返回到 safeengine.100497FC
0012F2E0 100497E9 返回到 safeengine.100497E9 来自 safeengine.100497F6
0012F2E4 00000200
0012F2E8 0012F330
0012F2EC 0012F418
0012F2F0 0012F304
0012F2F4 100455B4 safeengine.100455B4
0012F2F8 3BC9FDB7
0012F2FC 000000BA
0012F300 0012F3D0
0012F304 00200246
0012F308 66E1B32F
0012F30C 100EA835 返回到 safeengine.100EA835 来自 safeengine.100496C1
100E234B 50 PUSH EAX
100E234C FF16 CALL DWORD PTR DS:[ESI]
100E234E FF7424 0C PUSH DWORD PTR SS:[ESP+C]
100E2352 E8 8DAFFAFF CALL safeengine.1008D2E4 //MessageBox 天数已满
100E2357 E8 4C2DF9FF CALL safeengine.100750A8
100E235C 59 POP ECX
100E235D 57 PUSH EDI
100E235E FF50 44 CALL DWORD PTR DS:[EAX+44] ExitProcess
100E2361 5F POP EDI
100E2362 5E POP ESI
100E2363 C3 RETN
、************************************************************过期
0012F2DC 100497FC 返回到 safeengine.100497FC
0012F2E0 100497E9 返回到 safeengine.100497E9 来自 safeengine.100497F6
0012F2E4 00000200
0012F2E8 0012F330
0012F2EC 0012F418
0012F2F0 0012F304
0012F2F4 100455B4 safeengine.100455B4
0012F2F8 3BC9FDB7
0012F2FC 000000BA
0012F300 0012F3D0
0012F304 00200246
0012F308 66E1B32F
0012F30C 100EA835 返回到 safeengine.100EA835 来自 safeengine.100496C1不过期:
0012F418 100ED243 返回到 safeengine.100ED243
0012F41C 0012F430
0012F420 00000200
0012F424 0000008C
0012F428 00000000
0012F42C 00000000
0012F430 001562F8
0012F434 001562F8
0012F438 001562F8
0012F43C 100ED133 返回到 safeengine.100ED133 来自 safeengine.10078EAF
0012F440 /0012F6EC
0012F444 |100EF0F8 返回到 safeengine.100EF0F8 来自 safeengine.1008F93A**********************************************************************************
********************************************************************************
不过期的
0012F2C0 10049651 返回到 safeengine.10049651
0012F2C4 1004963E 返回到 safeengine.1004963E 来自 safeengine.1004964B00C7AD65 8BFF MOV EDI,EDI
00C7AD67 55 PUSH EBP
00C7AD68 8BEC MOV EBP,ESP
00C7AD6A 837D 08 00 CMP DWORD PTR SS:[EBP+8],0
00C7AD6E 74 18 JE SHORT 00C7AD88
00C7AD70 FF75 08 PUSH DWORD PTR SS:[EBP+8]
00C7AD73 E8 C0290000 CALL 00C7D738
00C7AD78 85C0 TEST EAX,EAX
00C7AD7A 74 08 JE SHORT 00C7AD84
00C7AD7C FF70 04 PUSH DWORD PTR DS:[EAX+4]
00C7AD7F E8 7D2D0000 CALL 00C7DB01
00C7AD84 5D POP EBP
00C7AD85 C2 0400 RETN 4
10049602 E8 10000000 CALL safeengine.10049617 此处调用
10049607 52 PUSH EDX
10049608 65:67:43 INC EBX ; 多余的前缀
1004960B 72 65 JB SHORT safeengine.10049672
1004960D 61 POPAD
1004960E 74 65 JE SHORT safeengine.10049675
10049610 4B DEC EBX
100ED852 E8 12B9F8FF CALL safeengine.10079169
100ED857 AA STOS BYTE PTR ES:[EDI]
100ED858 8B42 10 MOV EAX,DWORD PTR DS:[EDX+10]
100ED85B E9 CD030000 JMP safeengine.100EDC2D
100ED860 4A DEC EDX
0012F42C 100EF1A1 返回到 safeengine.100EF1A1 返回到这里
0012F430 00000000
0012F434 00000000
0012F438 100429A6 safeengine.100429A6
******************************************************************************
二者共同经过了
100ED852 E8 12B9F8FF CALL safeengine.10079169
100ED857 AA STOS BYTE PTR ES:[EDI]
100ED858 8B42 10 MOV EAX,DWORD PTR DS:[EDX+10]
100ED85B E9 CD030000 JMP safeengine.100EDC2D
******************************************************************************
******************************************************************************
ds:[10032AFC]=771ACF41 (kernel32.GetModuleHandleA) 000c2f93偏移
100ED84F FF50 54 call dword ptr ds:[eax+0x54] ; kernel32.GetSystemTime
100ED852 E8 12B9F8FF call safeengine.10079169
100ED857 AA stos byte ptr es:[edi]
100ED858 8B42 10 mov eax,dword ptr ds:[edx+0x10]
100ED85B E9 CD030000 jmp safeengine.100EDC2D
100ED84F FF50 54 call dword ptr ds:[eax+0x54] ; kernel32.GetSystemTime第一次
100ED852 E8 12B9F8FF call safeengine.10079169
0012F7E0 000907DA
0012F7E4 00120006
0012F7E8 0018000F
0012F7EC 037D001B
100ED9BA 3B8E 400A0000 cmp ecx,dword ptr ds:[esi+0xA40]
100ED9C0 ^ 0F86 4AFFFFFF jbe safeengine.100ED910
100ED9C6 3BD8 cmp ebx,eax
100ED9C8 ^ 0F86 69FFFFFF jbe safeengine.100ED937
100ED9CE 8B7A 10 mov edi,dword ptr ds:[edx+0x10]
100ED9D1 8D7424 10 lea esi,dword ptr ss:[esp+0x10]*************************************************************************************************************************************
100EF121 ^/E9 71FFFFFF jmp safeengine.100EF097 成功方向跳转100ED23C 87BCF8 FFFF5054 xchg dword ptr ds:[eax+edi*8+0x5450FFFF]>
100ED243 ^ EB D4 jmp Xsafeengine.100ED219 跳转检验
0071FED8 006D4B68 0077C960 0000000B F0E0D0C0
0071FEE8 49D19F40 88008278 00000000 0071FEF4
0071FEF8 0071FEF4 00000000 00000001 008B33BF
0071FF08 49D19F7C 8800D2C5 000907DA 001C0002
0071FF18 00150004 02800014 00000000 000000000025FED8 00214B68 002BC960 0000000B F0E0D0C0
0025FEE8 0AB12007 88008278 00000000 0025FEF4
0025FEF8 0025FEF4 00000000 00000001 0115CF93
0025FF08 0AB1203B 8800D2C5 000907DA 001C0002
0025FF18 00150004 02800014 00000000 00000000
RSA:算法 计算key
100EB46A 8B45 08 mov eax,dword ptr ss:[ebp+0x8]
100EB46D 6A 10 push 0x10
100EB46F 81C0 10150000 add eax,0x1510
100EB475 8D4C24 6C lea ecx,dword ptr ss:[esp+0x6C]
100EB479 E8 742DFAFF call safeengine.1008E1F2
- safeengine虚拟机licence破解手记
- LoadRunner测试工具大全下载,破解,licence
- 【破解手记】普利尼,破解手记[1]
- 【破解手记】普利尼,破解手记[2]
- 【破解手记】普利尼,破解手记[3]
- CuteDraw 2.0 破解手记
- Virtual Piano破解手记
- vb软件破解手记
- protuse8安装破解手记
- 【技术贴转】破解Normal Tanks第五关LICENCE CODE
- PRTG v3.26 破解手记
- DundasChart 企业版4.0 破解手记
- ASPMaker4_2破解手记(原创)
- Linux虚拟机密码破解
- 破解Xen虚拟机密码
- 破解虚拟机登录密码
- 破解Xen虚拟机密码
- r.a.d.treeview2.5破解手记
- 我的第一个socket
- EJB中映射关系实例
- linux下多线程和信号
- mssql exec xp_cmdshell 调用'CreateProcess'失败解决办法
- 优秀的Android学习资源
- safeengine虚拟机licence破解手记
- 游戏寻路——A*算法
- Android应用开发的几个小技巧
- 全局事务 与 本地事务
- 引用 JAVA POI导出EXCEL报表的操作
- 分析会话:COOKIE 和 SESSION
- sql解封代码(有后门,自行清除)
- 遍历对象
- k__BackingField与反编译