od的一些斷點解釋(SomebreakpointeplanationsofOD)_第1頁
od的一些斷點解釋(SomebreakpointeplanationsofOD)_第2頁
od的一些斷點解釋(SomebreakpointeplanationsofOD)_第3頁
od的一些斷點解釋(SomebreakpointeplanationsofOD)_第4頁
od的一些斷點解釋(SomebreakpointeplanationsofOD)_第5頁
已閱讀5頁,還剩25頁未讀, 繼續(xù)免費閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進行舉報或認領(lǐng)

文檔簡介

od的一些斷點解釋(SomebreakpointexplanationsofOD)

攔截窗口:

bpcreatewindow創(chuàng)建窗口

createwindowex(bp)創(chuàng)建窗口

bpshowwindow顯示窗口

bpupdatewindow更新窗口

getwindowtext(bp)獲取窗口文本

攔截消息框:

messagebox(bp)創(chuàng)建消息框

bpmessageboxexa創(chuàng)建消息框

messageboxindirect(bp)創(chuàng)建定制消息框

bpisdialogmessagew

攔截警告聲:

bpmessagebeep發(fā)出系統(tǒng)警告聲(如果沒有聲卡就直接驅(qū)動系統(tǒng)喇

叭發(fā)聲)

攔截對話框:

bpdialogbox創(chuàng)建模態(tài)對話框

dialogboxparam(bp)創(chuàng)建模態(tài)對話框

bpdialogboxindirect創(chuàng)建模態(tài)對話框

dialogboxindirectparam(bp)創(chuàng)建模態(tài)對話框

bpcreatedialog創(chuàng)建非模態(tài)對話框

createdialogparam(bp)創(chuàng)建非模態(tài)對話框

bpcreatedialogindirect創(chuàng)建非模態(tài)對話框

createdialogindirectparam(bp)創(chuàng)建非模態(tài)對話框

getdlgitemtext(bp)獲取對話框文本

bpgetdlgitemint獲取對話框整數(shù)值

攔截剪貼板:

bpgetclipboarddata獲取剪貼板數(shù)據(jù)

攔截注冊表:

regopenkey(bp)打開子健

bpregopenkeyex打開子健

regqueryvalue(bp)查找子健

bpregqueryvalueex查找子健

regsetvalue(bp)設(shè)置子健

regsetvalueex(bp)設(shè)置子健

功能限制攔截斷點:

bpenablemenuitem禁止或允許菜單項

bpenablewindow禁止或允許窗口

攔截時間:

bpgetlocaltime獲取本地時間

bpgetsystemtime獲取系統(tǒng)時間

bpgetfiletime獲取文件時間

bpgettickcount獲得自系統(tǒng)成功啟動以來所經(jīng)歷的毫秒數(shù)

bpgetcurrenttime獲取當前時間(16位)

bpsettimer創(chuàng)建定時器

bptimerproc定時器超時回調(diào)函數(shù)

getdlgitemint得指定輸入框整數(shù)值

getdlgitemtext得指定輸入框輸入字符串

getdlgitemtexta得指定輸入框輸入字符串

攔截文件:

bpcreatefilea創(chuàng)建或打開文件(32位)

bpopenfile打開文件(32位)

bpreadfile讀文件(32位)

bpwritefile寫文件(32位)

getmodulefilenamea

getfilesize

setfilepointer

fileopen

findfirstfilea

readfile

攔截驅(qū)動器:

bpgetdrivetypea獲取磁盤驅(qū)動器類型

bpgetlogicaldrives獲取邏輯驅(qū)動器符號

bpgetlogicaldrivestringsa獲取當前所有邏輯驅(qū)動器的根驅(qū)動器

路徑

★★vb程序?qū)S脭帱c★★

文件長度:rtcfilelen

bp__vbafreestr對付vb程序重啟驗證

bp___vbastrcmp比較字符串是否相等

bp___vbastrcomp比較字符串是否相等

bp___vbavartstne比較變量是否不相等

bp___vbavartsteq比較變量是否相等

bp___vbastrcopy復制字符串

bp___vbastrmove移動字符串

bpmu11ibytetowidecharansi字符串轉(zhuǎn)換成unicode字符串

bpwidechartomultibyteunicode字符串轉(zhuǎn)換成ansi字符串

密碼常用中斷

Hmemcpy(Win9x專用)

getdlgitemtexta

getdlgitemint

VB:

getvolumeinformationa

vbastrcomp(TRW)

創(chuàng)建―vbastrcomp(記得是兩個")

msvbvm60!vbastrcompIsofice

msvbvm50!

vbai4str

按Ctrl+D

創(chuàng)建msvbvm60!—vbastrcomp做“D*(ESP+OC)”(SoftICE)

按幾次F5出冊碼出來了。

創(chuàng)建regqueryvalueexa做“DESP—>8”(TRW)

vbavartsteq判斷是否注冊的函數(shù)

(0042932f66898580feffffMOVEBP+fffffE80PTR[字],斧

改為0042932f66898580feffffMOVEBP+fffffE80PTR[字],

BX)

時間常用中斷

GetSystemTime

本地時間

函數(shù)

VB:

rtcgetpresentdate/取得當前日期

殺窗常用中斷

lockmytask(Win9x專用)

BP是退出進程

窗口銷毀

mouse_event(鼠標中斷)

postquitmessage(開裂足彩XP,很有用'_')

VB:

_rtcmsgbox

ini文件內(nèi)容常用中斷

getprivateprofilestringa

getprivateprofileprofileint

關(guān)鍵文件:

getprivateprofileint

ReadFile

CreateFileA

注冊表常用中斷

regqueryvaluea

regqueryvalueexa

狗加密中斷

及H278R

及H378R

其它常用函數(shù)斷點

CreateFileA(讀狗驅(qū)動程序),

DevicelOControl,

FreeEnvironmentStringsA(對付搭扣非常有效)。

Prestochangoselector(16位搭扣的),“7242”查找字符串(對付

圣天諾具體含義參考下面的范例)。

光盤破解中斷

16:

GetVolumelnformation

GetDriveType

國際2fh(DOS)

32:

這個

getfullpathnamea

getwindowsdirectorya

讀磁盤中斷

返回擴充出錯代碼GetLastError

限制中斷

允許、禁止或變灰指定的菜單條目或允許菜單項

的允許或禁止鼠標和鍵盤控制指定窗口和條目(禁止時菜單變灰)

不知道軟盤中斷是什么了?還有其它特殊中斷,不知道其他朋友可否

說一下了?

如ockmytask和mouseevent,這些就不是api32函數(shù)?

與進行破解Win9xWin2K,以上中斷有部分已經(jīng)不能用了?

不知道在Win2K上,以上常用中斷函數(shù)是什么了?

也就是問密碼、時間、窗口、INI、關(guān)鍵、注冊表、加密狗、光盤、

軟盤、限制等!

了解常用的中斷,對破解分析可以做到事半功倍!

請大家說一下!還有如何破解了某個軟件時,一重啟就打回原形?

可以分為三種情況不知道下什么中斷了?:

lo比較可能在注冊表中

2o比較在特殊文件(*關(guān)鍵*INI*。DAT等)

3。比較在程序中,沒有任何錯誤提示或者反譯也找不到明顯字符(這

個就是我想問的)

還有一個是最難的,就是去掉水??!

也可以三種情況:

A.水印是位圖文件(BitBlt,creatbitmap等位圖函數(shù))

B.水印是明顯字符(反譯分析)

C.水印不是明顯字符(如:這是一個演示!它只是顯示在另一個制作

文件上,可是**等.htm文件。)

C.才是最難搞,

That'swhatmanypeoplewanttoknow!Includingme.Iwonder

iftheexpertshaveanyhints

Advertisingstrip:

Canbedividedintotwocases:

A.fromthewindowintothehand,youcanuseMoveWindoworother

windowfunctions!

B.frombitmaptohand,alsocanuseBitBltorotherbitmap

function!

Finally,youcantakeadvantageofexistingtoolssuchasapi27,

vwindset,freespy,andsoon

Althoughthegrapetree,growthinseedlingshed.

Attheleft,notthedustalight?

Pellet[CCG]

Thatdependsonwherethemarkismade,usuallyleaving

informationintheregistry!

Insoftice,useBPXregqueryvalueexado"desp->8"tointerrupt

tosee,

InTRW,useBPXregqueryvalueexado"d*(esp+8)“tointerrupt

tosee.

What'smore,leavetheregistrationinformationinthis

directory,commonwith.Dat,.Ini,.Dll,andsoon,

I'musingBPXreadfiletointerrupt,andtheotheristoleave

theregistrationinformationunderthewindowsdirectory.

Youcanusespecialtoolstohelpyoucheck,enterFILEMONand

soon!

Vb:

1,—vbaVarTstNe//twovariablesarenotequal

2,rtcR8ValFromBstr//convertastringoffloatingpoint

3,rtcMsgBoxdisplaysamessagedialogbox

4,rtcBeep//letthespeakerscall

5,rtcGetPresentDate//getthecurrentdate

Stringfor:

vbaStrComp

vbaStrCmp

vbaStrCompVar

vbaStrLike

vbaStrTextComp

vbaStrTextLike

Forvariables:

—vbaVarCompEq

_vbaVarCompLe

_vbaVarCompLt

_vbaVarCompGe

_vbaVarCompGt

_vbaVarCompNe

Commonbreakpoints(2)

PointertoVB:

THROW

VBDLLalsocallssomeofthefunctionsinoleauto32.dll.

01eauto32.dllisagenericproxy/stubDLL,eachofwhichis

definedintheprototypeanddescribedindetailinMSDN.This

alsohelpstounderstandthefunctionoffunctionsinVBDLL.

Giveanexample:

LEA,EAX,[EBP-58]

PUSHEAX

CALL[MSVBVM60!__vbaI4Var]!

HitDDeax+8beforeexecutingcall,andgetthevalueof3;

Aftercallisexecuted,eax=3

Thus,thefunctionof_vbaI4VaristoconvertaVARIANTinto

14(thatis,alonginteger).

—vbaVarTstNeseemstobeusedforselfchecking,withanormal

returnvalueof0.

Knownapplicablesoftwareinclude:threenetworks,three

intelligentrobots,musiccardfactory.Whenthetwosoftware

isaftertheshellwillgowrong,networkthreeintelligent

robotswillproduceillegaloperation,thefactorywilltell

youthemusiccardisillegalcopy,bymodifyingthereturn

valueof_vbaVarTstNecanmaketheirnormaloperation.

So,whenyouencounteraVBsoftware,aftertheshellingcan

notrunproperly,andcannotfindanyotherproblems,youcan

trytointerceptthisfunction,perhapsitwillbeusefuloh.

8-)

APIdoesn'tknowverywell,maybeyoucanreadandwritesectors

onthe98platformviaBIOS,butin2000/NTyoucanwritesectors

throughtheinnerblackATAPIandHAL

Machoman[CCG]

BPXWRITE_PORT_BUFFER_USHORT

NT/2000thisbreakpoint,whenedx=lfOh,youcanseethedata

intheEDIaddressforsectorlocationdata,youmustfirstload

thehal.sysinwinice.dat,seetheATAPImanualindetail

Supplement:

BreakpointonproceduresforVBandtimeconstraints

CrackerABC

FirstgivestheaddressoftheW32DASMthatmodifiestheVB

programthatcancorrectlydecompiletheprogram:

Offsets0xl6B6C-0xl6B6D

Modifythemachinecodefor:98F4

TrackingbreakpointsforVBprograms:

MultiByteToWideChar,

RtcR8ValFromBstr,

WideCharToMultiByte,

—vbaStrCmp

—vbaStrComp

_vbaStrCopy

—vbaStrMove

—vbaVarTstNe

RtcBeep

RtcGetPresentDate(timeAPI)

RtcMsgBox

Timelimitedbreakpoint:

CompareFileTime

GetLocalTime

GetSystemTime

GetTimeZonelnformation

Msvcrt.diffTime()

Msvcrt.Time()

Generaltreatment

BPXhmemcpy

BPXMessageBox

BPXMessageBoxExA

BPXMessageBeep

BPXSendMessage

BPXGetDlgltemText

BPXGetDlgltemlnt

BPXGetWindowText

BPXGetWindowWord

BPXGetWindowInt

BPXDialogBoxParamA

BPXCreateWindow

BPXCreateWindowEx

BPXShowWindow

BPXUpdateWindow

BmsgXXXXwm_move

BmsgXXXXwm_gettext

BmsgXXXXwmcommand

BmsgXXXXwm_activate

Timecorrelation

Bpint21,if,ah==2A(DOS)

BPXGetLocalTime

BPXGetFileTime

BPXGetSystemtime

CD-ROMordiskcorrelation

Bpint13,if,ah==2(DOS)

Bpint13,if,ah==3(DOS)

Bpint13,if,ah==4(DOS)

BPXGetFileAttributesA

BPXGetFileSize

BPXGetDriveType

BPXGetLastError

BPXReadFile

BPIO-h(Your,CD-ROM,Port,Address)R

Softwaredogrelated

BPIO-h278R

BPIO-h378R

Keyboardinputcorrelation

Bpint16,if,ah==0(DOS)

Bpint21,if,ah==0xA(DOS)

Fileaccessrelated

Bpint21,if,ah==3dh(DOS)

Bpint31,if,ah==3fh(DOS)

Bpint21,if,ah==3dh(DOS)

BPXReadFile

BPXWriteFile

BPXCreateFile

BPXSetFilePointer

BPXGetSystemDirectory

INIinitializationfilecorrelation

BPXGetPrivateProfileString

BPXGetPrivateProfilelnt

BPXWritePrivateProfileString

BPXWritePrivateProfilelnt

Registryrelated

BPXRegCreateKey

BPXRegDeleteKey

BPXRegQueryvalue

BPXRegCloseKey

BPXRegOpenKey

Registrationflagrelated

BPXcs:eipifEAX==0

Memorystandarddependent

Bpmb,cs:eip,RW,if,0x30:0x45AA==0

Displaycorrelation

BPX0x30:0x45AAdo〃d0x30:0x44BB〃"

“BPXCS:0x66CCdo"?EAX?”

Findwindow

FindWindowA

BPSetFilePointer

BPXhmemcpy;crackuniversalbreakpoints,interceptmemory

copyactions(Note:Win9xdedicatedbreakpoints)

BPXLockmytask:whenyouareinvalidwithotherbreakpoints,

youcantrythebreakpointinterceptbuttonaction(Win9xonly)

Youcan'tfindabreakpoint,youcantrythefollowingmethod:

Bmsghandlewm_gettext;blockedregistrationcode(handleis

thehandleofthecorrespondingwindow)

Bmsghandlewm_command;blocktheOKbutton(handleisthe

handletothecorrespondingwindow)

Interceptwindow:

BPXCreateWindow;createwindows

BPXCreateWindowEx(A/W);

createawindow

BPXShowWindow;displaywindow

BPXUpdateWindow;updatewindow

BPXGetWindowText(A/W);getsthewindowtext

Interceptmessagebox:

BPXMessageBox(A/W);createsamessagebox

BPXMessageBoxExA(W);createsamessagebox

BPXMessageBoxIndirect(A/W);createcustommessageboxes

Interceptwarningsounds:

BPXMessageBeep;sendoutasystemwarningsound(ifyoudon't

haveasoundcard,drivethesystemspeakersdirectly)

Interceptdialogbox:

BPXDialogBox;createmodaldialogbox

BPXDialogBoxParam(A/W);createmodaldialogbox

BPXDialogBoxIndirect;createmodaldialogbox

BPXDialogBoxlndirectParam(A/W);createmodaldialogbox

BPXCreateDialog;createmodelessdialogs

BPXCreateDialogParam(A/W);createmodelessdialogbox

BPXCreateDialoglndirect;createmodelessdialogs

BPXCreateDialoglndirectParam(A/W);createmodelessdialog

box

BPXGetDlgltemText(A/W);getsthedialogboxtext

BPXGetDlgltemlnt;getsthefullvalueofthedialogbox

Blockclipboard:

BPXGetClipboardData;getclipboarddata

Blockregistry:

BPXRegOpenKey(A/W);ZiJianopen(example:BPXRegOpenKey(A)

if*(esp->8)=='****')

BPXRegOpenKeyExA(W);ZiJianopen(example:BPXRegOpenKeyEx

if*(esp->8)=='****')

BPXRegQueryValue(A/W);ZiJiansearch(example:BPX(A)if

*RegQueryValue(esp->8)=='****')

BPXRegQueryValueEx(A/W);ZiJiansearch(example:BPXif*

RegQueryValueEx(esp->8)=='****')

BPXRegSetValue(A/W);ZiJian(example:BPXRegSetValue(A)

if*(esp->8)=='****')

BPXRegSetValueEx(A/W);ZiJian(example:BPXRegSetValueEx

(A)if*(esp->8)=='****')

Note:forthespecified*****'subkeysbefore4characters,such

assubkeyis'Regcode',then,Regc''****'=

Functionlimitinterceptbreakpoint:

BPXEnableMenuItem;prohibitorallowmenuitems

BPXEnab1eWindow;prohibitorallowwindows

BmsghMenuwm_command;interceptmenukeyevents,wherehMenu

isthemenuhandle

BPXK32Thkl632Prolog;withbmsghMenuwm_command,youcanenter

themenuhandlerthroughthisbreakpoint

Applicationexample:

CALL[KERNEL32!K32Thkl632Prolog]!

CALLTowhichtrackintothemenuhandler

CALL[KERNEL32!K32Thkl632Epilog]!

Intercepttime:

BPXGetLocalTime;getlocaltime

BPXGetSystemTime;getsystemtime

BPXGetFileTime;getthefiletime

BPXGetTickCount;getsthenumberofmillisecondssincethe

systemsuccessfullystarted

BPXGetCurrentTime;getsthecurrenttime(16bits)

BPXSetTimer;createsthetimer

BPXTimerProc;timertimeoutcallbackfunction

Interceptorfile:

BPXCreateFileA(W);createsoropensafile(32bits)

BPXOpenFile;openthefile(32bits)

BPXReadFile;readthefile(32bits)

BPXWriteFile;writefiles(32bits)

BPX_lcreat;createsoropensfiles(16bits)

BPX_lopen;openthefile(16bits)

BPXIread;readthefile(16bits)

BPX_lwrite;writefiles(16bits)

BPX_hread;readthefile(16bits)

BPX_hwrite;

Writefile(16bits)

Interceptordrive:

BPXGetDrivetype(A/W);getthediskdrivetype

BPXGetLogicalDrives;getthelogicaldrivesymbols

BPXGetLogicalDriveStringsA(W);getstherootdrivepathfor

allcurrentlogicaldrives

Doginterceptor:

BPIO-h378(or278,3BC)R;378,278,and3BCareparallelprint

ports

BPIO,-h,3F8(or2F8,3E8

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預覽,若沒有圖紙預覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負責。
  • 6. 下載文件中如有侵權(quán)或不適當內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論