-
-
[求助]关于InstallShield制作的安装包破解的问题
-
发表于: 2015-8-24 17:08
-
最近用一个软件,安装过程中需要提供序列号,否则不能安装下去。
为了学习下,打算把它破解掉。
该程序会在不同计算机上生成不同的PC码,然后内部计算号序列号,等着输入正确序列号匹配成功后,即可。
所以想进去看看序列号是啥~~
先用OD看了安装程序,发现是InstallShield v11 做的包。
再用[sid] - installshield 6/7 script decompiler v1.0 written by sn00pee工具反汇编了inx文件,查到如下关键代码:
000085A7:0005 label_85a7:
@000085A9:0022 function NUMBER function_5()
@000085A9 NUMBER local_number1, local_number2, local_number6, local_number7, local_number8, local_number9, local_number10;
@000085A9 STRING local_string3, local_string5, local_string6, local_string7, local_string8;
@000085A9
@000085A9 begin
@000085B2:0021 EzDefineDialog("MYdialog", "", "", 13029);
@000085CE:0006 local_number1 = 0;
@000085DA:0021 function_667();
@000085E0:0006 local_string6 = LASTRESULT;
@000085EA:0006 label_85ea:
@000085EC:0001 // switch/while/???
@000085F0:000D local_number10 = (local_number1 = 0);
@000085FF:0004 if(local_number10) then // ref index: 10
@0000860B:0021 CmdGetHwndDlg/WaitOnDialog("MYdialog");
@0000861C:0006 local_number2 = LASTRESULT;
@00008626:0001 // switch/while/???
@0000862A:000A label_862a:
@0000862C:000D local_number10 = (local_number2 = -100);
@0000863B:0004 if(local_number10) then // ref index: 1
@00008647:0021 function_667();
@0000864D:0006 local_string8 = LASTRESULT;
@00008657:0014 local_string3 = (local_string8 ^ "wPCInfoAPI.dll");
@00008672:0021 function_279(local_string3, "isAPI_GetPCID", local_number6, local_string6);
@00008691:0006 local_number7 = LASTRESULT;
@0000869B:002D NumToStr(local_string7, local_number6);
@000086A5:0021 CtrlSetText("MYdialog", 100, local_string7);
@000086BE:0005 goto label_88b5;
@000086C7:000C endif;
@000086C7:000C label_86c7:
@000086C9:000D local_number10 = (local_number2 = 1);
@000086D8:0004 if(local_number10) then // ref index: 3
@000086E4:0021 CtrlSetText/CtrlGetText("MYdialog", 110, local_string5);
@000086FD:002C StrToNum(local_number9, local_string5);
@00008707:0021 function_279(local_string3, "isAPI_CheckCode", local_number9, local_string6);
@00008728:0006 local_number8 = LASTRESULT;
@00008732:000D local_number10 = (local_number8 = 1);
@00008741:0004 if(local_number10) then // ref index: 1
@0000874D:0021 function_279(local_string3, "isAPI_RegistryCode", local_number9, local_string6);
@00008771:0006 local_number7 = LASTRESULT;
@0000877B:0006 local_number1 = 1;
@00008787:0005 goto label_87b8;
@00008790:0002 endif;
@00008790:0002 label_8790:
@00008792:0021 function_457("无效的注册码", -65533);
@000087AC:0006 local_number1 = 0;
@000087B8:0001 label_87b8:
@000087BA:0005 goto label_88b5;
@000087C3:0005 endif;
@000087C3:0005 label_87c3:
@000087C5:000D local_number10 = (local_number2 = -200);
@000087D4:0004 if(local_number10) then // ref index: 1
@000087E0:0006 local_number1 = 1;
@000087EC:0002 abort;
@000087F0:0005 goto label_88b5;
@000087F9:0004 endif;
@000087F9:0004 label_87f9:
@000087FB:000D local_number10 = (local_number2 = 9);
@0000880A:0004 if(local_number10) then // ref index: 1
@00008816:0002 abort;
@0000881A:0005 goto label_88b5;
@00008823:0005 endif;
@00008823:0005 label_8823:
@00008825:000D local_number10 = (local_number2 = -1);
@00008834:0004 if(local_number10) then // ref index: 1
@00008840:0021 function_457("内部对话框错误", -65533);
@0000885C:0002 abort;
@00008860:0005 goto label_88b5;
@00008869:0006 endif;
@00008869:0006 label_8869:
@0000886B:000D local_number10 = (local_number2 = 12);
@0000887A:0004 if(local_number10) then // ref index: 1
@00008886:0021 ReleaseDialog/EndDialog("MYdialog");
@00008897:0021 WaitOnDialog/ReleaseDialog("MYdialog");
@000088A8:0027 // return coming
@000088AC:0023 return 12;
@000088B5:0001 endif;
@000088B5:0001 label_88b5:
@000088B7:0005 goto label_85ea;
@000088C0:0004 endif;
@000088C0:0004 label_88c0:
@000088C2:0021 ReleaseDialog/EndDialog("MYdialog");
@000088D3:0021 WaitOnDialog/ReleaseDialog("MYdialog");
@000088E4:0024 return;
@000088E8:0026 end; // checksum: cb46ed19
@000088F4:0003 label_88f4:
@000088F6:0022 function NUMBER function_6()
@000088F6 NUMBER local_number1, local_number2, local_number3, local_number4, local_number5;
------------------------------------------完整代码见附件。
发现它的注册似乎调用wPCInfoAPI.dll的几个函数完成:
1、isAPI_GetPCID
生成机器码
2、isAPI_CheckCode
检查/匹配注册码
3、isAPI_RegistryCode
本机注册
那么问题来了,我该如何进一步分析注册码呢?那个dll咱没有啊
~~
请大伙帮帮忙吧~~
为了学习下,打算把它破解掉。
该程序会在不同计算机上生成不同的PC码,然后内部计算号序列号,等着输入正确序列号匹配成功后,即可。
所以想进去看看序列号是啥~~
先用OD看了安装程序,发现是InstallShield v11 做的包。
再用[sid] - installshield 6/7 script decompiler v1.0 written by sn00pee工具反汇编了inx文件,查到如下关键代码:
000085A7:0005 label_85a7:
@000085A9:0022 function NUMBER function_5()
@000085A9 NUMBER local_number1, local_number2, local_number6, local_number7, local_number8, local_number9, local_number10;
@000085A9 STRING local_string3, local_string5, local_string6, local_string7, local_string8;
@000085A9
@000085A9 begin
@000085B2:0021 EzDefineDialog("MYdialog", "", "", 13029);
@000085CE:0006 local_number1 = 0;
@000085DA:0021 function_667();
@000085E0:0006 local_string6 = LASTRESULT;
@000085EA:0006 label_85ea:
@000085EC:0001 // switch/while/???
@000085F0:000D local_number10 = (local_number1 = 0);
@000085FF:0004 if(local_number10) then // ref index: 10
@0000860B:0021 CmdGetHwndDlg/WaitOnDialog("MYdialog");
@0000861C:0006 local_number2 = LASTRESULT;
@00008626:0001 // switch/while/???
@0000862A:000A label_862a:
@0000862C:000D local_number10 = (local_number2 = -100);
@0000863B:0004 if(local_number10) then // ref index: 1
@00008647:0021 function_667();
@0000864D:0006 local_string8 = LASTRESULT;
@00008657:0014 local_string3 = (local_string8 ^ "wPCInfoAPI.dll");
@00008672:0021 function_279(local_string3, "isAPI_GetPCID", local_number6, local_string6);
@00008691:0006 local_number7 = LASTRESULT;
@0000869B:002D NumToStr(local_string7, local_number6);
@000086A5:0021 CtrlSetText("MYdialog", 100, local_string7);
@000086BE:0005 goto label_88b5;
@000086C7:000C endif;
@000086C7:000C label_86c7:
@000086C9:000D local_number10 = (local_number2 = 1);
@000086D8:0004 if(local_number10) then // ref index: 3
@000086E4:0021 CtrlSetText/CtrlGetText("MYdialog", 110, local_string5);
@000086FD:002C StrToNum(local_number9, local_string5);
@00008707:0021 function_279(local_string3, "isAPI_CheckCode", local_number9, local_string6);
@00008728:0006 local_number8 = LASTRESULT;
@00008732:000D local_number10 = (local_number8 = 1);
@00008741:0004 if(local_number10) then // ref index: 1
@0000874D:0021 function_279(local_string3, "isAPI_RegistryCode", local_number9, local_string6);
@00008771:0006 local_number7 = LASTRESULT;
@0000877B:0006 local_number1 = 1;
@00008787:0005 goto label_87b8;
@00008790:0002 endif;
@00008790:0002 label_8790:
@00008792:0021 function_457("无效的注册码", -65533);
@000087AC:0006 local_number1 = 0;
@000087B8:0001 label_87b8:
@000087BA:0005 goto label_88b5;
@000087C3:0005 endif;
@000087C3:0005 label_87c3:
@000087C5:000D local_number10 = (local_number2 = -200);
@000087D4:0004 if(local_number10) then // ref index: 1
@000087E0:0006 local_number1 = 1;
@000087EC:0002 abort;
@000087F0:0005 goto label_88b5;
@000087F9:0004 endif;
@000087F9:0004 label_87f9:
@000087FB:000D local_number10 = (local_number2 = 9);
@0000880A:0004 if(local_number10) then // ref index: 1
@00008816:0002 abort;
@0000881A:0005 goto label_88b5;
@00008823:0005 endif;
@00008823:0005 label_8823:
@00008825:000D local_number10 = (local_number2 = -1);
@00008834:0004 if(local_number10) then // ref index: 1
@00008840:0021 function_457("内部对话框错误", -65533);
@0000885C:0002 abort;
@00008860:0005 goto label_88b5;
@00008869:0006 endif;
@00008869:0006 label_8869:
@0000886B:000D local_number10 = (local_number2 = 12);
@0000887A:0004 if(local_number10) then // ref index: 1
@00008886:0021 ReleaseDialog/EndDialog("MYdialog");
@00008897:0021 WaitOnDialog/ReleaseDialog("MYdialog");
@000088A8:0027 // return coming
@000088AC:0023 return 12;
@000088B5:0001 endif;
@000088B5:0001 label_88b5:
@000088B7:0005 goto label_85ea;
@000088C0:0004 endif;
@000088C0:0004 label_88c0:
@000088C2:0021 ReleaseDialog/EndDialog("MYdialog");
@000088D3:0021 WaitOnDialog/ReleaseDialog("MYdialog");
@000088E4:0024 return;
@000088E8:0026 end; // checksum: cb46ed19
@000088F4:0003 label_88f4:
@000088F6:0022 function NUMBER function_6()
@000088F6 NUMBER local_number1, local_number2, local_number3, local_number4, local_number5;
------------------------------------------完整代码见附件。
发现它的注册似乎调用wPCInfoAPI.dll的几个函数完成:
1、isAPI_GetPCID
生成机器码
2、isAPI_CheckCode
检查/匹配注册码
3、isAPI_RegistryCode
本机注册
那么问题来了,我该如何进一步分析注册码呢?那个dll咱没有啊
~~请大伙帮帮忙吧~~
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
