- 3
- 0
- 约6.43千字
- 约 7页
- 2016-12-21 发布于北京
- 举报
菜鸟破解pdf2word3.0(高手飘过)
1.下载pdf2word最新版(到官网下载)2.PEiD查壳upx的壳,用UpxUnpacker.exe ver0.3脱之3. 用OD载入脱壳后的程序,F9试运行,输入Email:pediy,序列号:123456然后下GetWindowTextA断点,点OK运行程序,程序被OD断下,ALT + F9返回,代码如下
代码:
004066A1 . 68 F0617F00 push pdf2word.007F61F0 ; ASCII 123456
004066A6 . E8 95F8FFFF call pdf2word.00405F40
004066AB . 83C4 04 add esp,0x4
004066AE . 85C0 test eax,eax
004066B0 . 74 44 je short pdf2word.004066F6
004066B2 . 6A 40 push 0x40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
004066B4 . 68 B42A5E00 push pdf2word.005E2AB4 ; |Title = Thank you.
004066B9 . 68 882A5E00 push pdf2word.005E2A88 ; |Text = Thank you registered VeryPDF PDF2Word v3.0.
004066BE . 56 push esi ; |hOwner
004066BF . FF15 00865B00 call dword ptr ds:[USER32.MessageBoxA; \MessageBoxA
上图红色部分即为关键call,F7跟进
00405F40 /$ 83EC 18 sub esp,0x18
00405F43 |. 83C9 FF or ecx,-0x1
00405F46 |. 33C0 xor eax,eax
00405F48 |. 53 push ebx
00405F49 |. 56 push esi
00405F4A |. 8B7424 24 mov esi,dword ptr ss:[esp+0x24]
00405F4E |. 57 push edi
00405F4F |. 8BFE mov edi,esi
00405F51 |. F2:AE repne scas byte ptr es:[edi]
00405F53 |. F7D1 not ecx
00405F55 |. 49 dec ecx
00405F56 |. 83F9 14 cmp ecx,0x14
00405F59 |. 74 07 je short pdf2word.00405F62
00405F5B |. 5F pop edi
00405F5C |. 5E pop esi
00405F5D |. 5B pop ebx
00405F5E |. 83C4 18 add esp,0x18
00405F61 |. C3 retn
00405F62 | 8A06 mov al,byte ptr ds:[esi]
00405F64 |. 8A4E 01 mov cl,byte ptr ds:[esi+0x1]
00405F67 |. 8D5424 0C lea edx,dword ptr ss:[esp+0xC]
00405F6B |. 32DB xor bl,bl
00405F6D |. 52 push edx
00405F6E |. 884424 1C mov byte ptr ss:
原创力文档

文档评论(0)