马上注册成为YANBONG会员吧!
时下最热门的资讯、娱乐、贴图等分享都在这里等你发掘哦!
您需要 登录 才可以下载或查看,没有账号?注册
×
【破文标题】IE终极加速简单算法分析
【破文作者】wuhanqi[CR][ICY][48PG]
【作者邮箱】wuhanqi@qq.com
【作者主页】http://www.edisk.org/?wuhanqi
【破解工具】peid od
【破解平台】XP2
【软件名称】IE终极加速 v3.0 汉化版
【软件大小】987 KB
【原版下载】http://www.crsky.com/soft/2271.html
【保护方式】UPX+注册码
【软件简介】一个非常不错的实时网络优化加速工具,可使IE在网上冲浪和下载文件的速度增长2-6倍!与以往修改注册表参数达到优化目的的软件不同的是,通过监视IE浏览器的状态,智能将下一个或多个最可能的页面的部分或全部装入自己的缓冲,,起到了一个实时加速的作用。支持Modem,LAN,CATV,Cable,ADSL连接下的IE 3/4/5/6版本的优化,而且优化过程完全智能化。
【破解声明】菜鸟一个,还需多多学习
------------------------------------------------------------------------
【破解过程】一、脱壳 工具简单搞定
二、通过bp MessageBoxA这个断点 很快找到这里:
0049946C . 55 push ebp
0049946D . 8BEC mov ebp, esp
0049946F . B9 0A000000 mov ecx, 0A
00499474 > 6A 00 push 0
00499476 . 6A 00 push 0
00499478 . 49 dec ecx
00499479 .^ 75 F9 jnz short 00499474
0049947B . 51 push ecx
0049947C . 53 push ebx
0049947D . 56 push esi
0049947E . 57 push edi
0049947F . 8945 FC mov dword ptr [ebp-4], eax
00499482 . 33C0 xor eax, eax
00499484 . 55 push ebp
00499485 . 68 75984900 push 00499875
0049948A . 64:FF30 push dword ptr fs:[eax]
0049948D . 64:8920 mov dword ptr fs:[eax], esp
00499490 . 8D55 E4 lea edx, dword ptr [ebp-1C]
00499493 . 8B45 FC mov eax, dword ptr [ebp-4]
00499496 . 8B80 00030000 mov eax, dword ptr [eax+300]
0049949C . E8 A385FAFF call 00441A44
004994A1 . 8B45 E4 mov eax, dword ptr [ebp-1C]
004994A4 . E8 87B5F6FF call 00404A30
004994A9 . 05 57040000 add eax, 457
004994AE . 8D55 E8 lea edx, dword ptr [ebp-18]
004994B1 . E8 06FBF6FF call 00408FBC
004994B6 . 8D55 E0 lea edx, dword ptr [ebp-20]
004994B9 . 8B45 FC mov eax, dword ptr [ebp-4]
004994BC . 8B80 00030000 mov eax, dword ptr [eax+300]
004994C2 . E8 7D85FAFF call 00441A44
004994C7 . 8B45 E0 mov eax, dword ptr [ebp-20]
004994CA . BA 8C984900 mov edx, 0049988C ; ASCII "DiSTiNCT"
004994CF . E8 A0B6F6FF call 00404B74
004994D4 . 0F84 EA020000 je 004997C4
004994DA . 8D55 DC lea edx, dword ptr [ebp-24]
004994DD . 8B45 FC mov eax, dword ptr [ebp-4]
004994E0 . 8B80 00030000 mov eax, dword ptr [eax+300]
004994E6 . E8 5985FAFF call 00441A44
004994EB . 8B45 DC mov eax, dword ptr [ebp-24]
004994EE . BA A0984900 mov edx, 004998A0 ; ASCII "Team iNSaNE"
004994F3 . E8 7CB6F6FF call 00404B74
004994F8 . 0F84 C6020000 je 004997C4
004994FE . 8D55 D8 lea edx, dword ptr [ebp-28]
00499501 . 8B45 FC mov eax, dword ptr [ebp-4]
00499504 . 8B80 00030000 mov eax, dword ptr [eax+300]
0049950A . E8 3585FAFF call 00441A44
0049950F . 8B45 D8 mov eax, dword ptr [ebp-28]
00499512 . BA B4984900 mov edx, 004998B4 ; ASCII "TNT!2000"
00499517 . E8 58B6F6FF call 00404B74
0049951C . 0F84 A2020000 je 004997C4
00499522 . 8D55 D4 lea edx, dword ptr [ebp-2C]
00499525 . 8B45 FC mov eax, dword ptr [ebp-4]
00499528 . 8B80 00030000 mov eax, dword ptr [eax+300]
0049952E . E8 1185FAFF call 00441A44
00499533 . 8B45 D4 mov eax, dword ptr [ebp-2C]
00499536 . BA C8984900 mov edx, 004998C8 ; ASCII "-=Demian/TNT!=-"
0049953B . E8 34B6F6FF call 00404B74
00499540 . 0F84 7E020000 je 004997C4
00499546 . 8D55 D0 lea edx, dword ptr [ebp-30]
00499549 . 8B45 FC mov eax, dword ptr [ebp-4]
0049954C . 8B80 00030000 mov eax, dword ptr [eax+300]
00499552 . E8 ED84FAFF call 00441A44
00499557 . 8B45 D0 mov eax, dword ptr [ebp-30]
0049955A . BA E0984900 mov edx, 004998E0 ; ASCII "-=Demian/TNT!=- "
0049955F . E8 10B6F6FF call 00404B74
00499564 . 0F84 5A020000 je 004997C4
0049956A . 8D55 CC lea edx, dword ptr [ebp-34]
0049956D . 8B45 FC mov eax, dword ptr [ebp-4]
00499570 . 8B80 00030000 mov eax, dword ptr [eax+300]
00499576 . E8 C984FAFF call 00441A44
0049957B . 8B45 CC mov eax, dword ptr [ebp-34]
0049957E . BA FC984900 mov edx, 004998FC ; ASCII "DiSTiNCT "
00499583 . E8 ECB5F6FF call 00404B74
00499588 . 0F84 36020000 je 004997C4
0049958E . 8D55 C8 lea edx, dword ptr [ebp-38]
00499591 . 8B45 FC mov eax, dword ptr [ebp-4]
00499594 . 8B80 00030000 mov eax, dword ptr [eax+300]
0049959A . E8 A584FAFF call 00441A44
0049959F . 8B45 C8 mov eax, dword ptr [ebp-38]
004995A2 . BA 10994900 mov edx, 00499910 ; ASCII "TMG"
004995A7 . E8 C8B5F6FF call 00404B74
004995AC . 0F84 12020000 je 004997C4 ; 以上都是黑名单
004995B2 . 68 1C994900 push 0049991C ; 固定值C
004995B7 . 8B45 FC mov eax, dword ptr [ebp-4]
004995BA . FFB0 2C030000 push dword ptr [eax+32C] ; 固定字符 MW
004995C0 . 68 28994900 push 00499928 ; 固定字符20
004995C5 . FF75 E8 push dword ptr [ebp-18] ; 固定字符1118
004995C8 . 68 34994900 push 00499934
004995CD . 8D55 C0 lea edx, dword ptr [ebp-40]
004995D0 . 8B45 FC mov eax, dword ptr [ebp-4]
004995D3 . 8B80 00030000 mov eax, dword ptr [eax+300]
004995D9 . E8 6684FAFF call 00441A44
004995DE . 8B45 C0 mov eax, dword ptr [ebp-40]
004995E1 . 8D55 C4 lea edx, dword ptr [ebp-3C]
004995E4 . E8 E3FDFFFF call 004993CC ; 关键CALL 跟进 算出的结果设为A
004995E9 . FF75 C4 push dword ptr [ebp-3C]
004995EC . 8D45 EC lea eax, dword ptr [ebp-14]
004995EF . BA 06000000 mov edx, 6
004995F4 . E8 F7B4F6FF call 00404AF0 ; 将A与固定值串起来 CMW201118-A
004995F9 . 8D45 E8 lea eax, dword ptr [ebp-18]
004995FC . BA 40994900 mov edx,00499940 ; ASCII"\System32\spool\drivers\w32x86\2\riched20.dllSetActiveEditControlFont, Arial, 30"
00499601 . E8 0AB2F6FF call 00404810
00499606 . 8D55 BC lea edx, dword ptr [ebp-44]
00499609 . 8B45 FC mov eax, dword ptr [ebp-4]
0049960C . 8B80 04030000 mov eax, dword ptr [eax+304]
00499612 . E8 2D84FAFF call 00441A44
00499617 . 8B55 BC mov edx, dword ptr [ebp-44]
0049961A . 8B45 EC mov eax, dword ptr [ebp-14]
0049961D . E8 4AB7F6FF call 00404D6C
00499622 . 85C0 test eax, eax
00499624 . 0F84 9A010000 je 004997C4
0049962A . 8B45 FC mov eax, dword ptr [ebp-4]
0049962D . 8B80 04030000 mov eax, dword ptr [eax+304]
00499633 . 33D2 xor edx, edx
00499635 . E8 3A84FAFF call 00441A74
0049963A . 8D45 EC lea eax, dword ptr [ebp-14]
0049963D . E8 36B1F6FF call 00404778
00499642 . 6A 00 push 0
00499644 . 68 94994900 push 00499994 ; ASCII "Registration Success!"
00499649 . 68 AC994900 push 004999AC ; ASCII " Thank you for yoursupport.",CR,"We will work even harder and",CR,"notify you futurereleases."
0049964E . 8B45 FC mov eax, dword ptr [ebp-4]
00499651 . E8 B6EAFAFF call 0044810C
00499656 . 50 push eax ; |hOwner
00499657 . E8 C0E0F6FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
0049965C . 8B45 FC mov eax, dword ptr [ebp-4]
0049965F . C680 31030000>mov byte ptr [eax+331], 0
00499666 . B2 01 mov dl, 1
00499668 . A1 48DD4600 mov eax, dword ptr [46DD48]
0049966D . E8 D647FDFF call 0046DE48
00499672 . 8945 F8 mov dword ptr [ebp-8], eax
00499675 . 33C0 xor eax, eax
00499677 . 55 push ebp
00499678 . 68 79974900 push 00499779
0049967D . 64:FF30 push dword ptr fs:[eax]
00499680 . 64:8920 mov dword ptr fs:[eax], esp
00499683 . BA 01000080 mov edx, 80000001
…… …… …… 省略 N行代码 …… …… ……
004997E4 . 8D45 EC lea eax, dword ptr [ebp-14]
004997E7 . BA 03000000 mov edx, 3
004997EC . E8 C3B5F6FF call 00404DB4
004997F1 . 8D45 EC lea eax, dword ptr [ebp-14]
004997F4 . BA 709A4900 mov edx, 00499A70 ; ASCII "$%^"
004997F9 . E8 12B0F6FF call 00404810
004997FE . 6A 00 push 0
00499800 . 68 749A4900 push 00499A74 ; ASCII "Invalid Registration Code"
00499805 . 68 909A4900 push 00499A90 ; ASCII "Please make sure theregistration",CR,"code and the registration name are",CR,"correct."
0049980A . 8B45 FC mov eax, dword ptr [ebp-4]
0049980D . E8 FAE8FAFF call 0044810C
00499812 . 50 push eax ; |hOwner
00499813 . E8 04DFF6FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00499818 > 33C0 xor eax, eax
0049981A . 5A pop edx
0049981B . 59 pop ecx
0049981C . 59 pop ecx
0049981D . 64:8910 mov dword ptr fs:[eax], edx
00499820 . 68 7C984900 push 0049987C
00499825 > 8D45 AC lea eax, dword ptr [ebp-54]
00499828 . E8 4BAFF6FF call 00404778
0049982D . 8D45 B0 lea eax, dword ptr [ebp-50]
00499830 . E8 43AFF6FF call 00404778
00499835 . 8D45 B4 lea eax, dword ptr [ebp-4C]
00499838 . E8 3BAFF6FF call 00404778
0049983D . 8D45 B8 lea eax, dword ptr [ebp-48]
00499840 . E8 33AFF6FF call 00404778
00499845 . 8D45 BC lea eax, dword ptr [ebp-44]
00499848 . BA 02000000 mov edx, 2
0049984D . E8 4AAFF6FF call 0040479C
00499852 . 8D45 C4 lea eax, dword ptr [ebp-3C]
00499855 . E8 1EAFF6FF call 00404778
0049985A . 8D45 C8 lea eax, dword ptr [ebp-38]
0049985D . BA 08000000 mov edx, 8
00499862 . E8 35AFF6FF call 0040479C
00499867 . 8D45 E8 lea eax, dword ptr [ebp-18]
0049986A . BA 02000000 mov edx, 2
0049986F . E8 28AFF6FF call 0040479C
00499874 . C3 retn
00499875 .- E9 26A9F6FF jmp 004041A0
0049987A .^ EB A9 jmp short 00499825
0049987C . 5F pop edi
0049987D . 5E pop esi
0049987E . 5B pop ebx
0049987F . 8BE5 mov esp, ebp
00499881 . 5D pop ebp
00499882 . C3 retn |
