广通证券信息引擎2.2(5.14新版)

广通证券信息引擎2.2(5.14新版)

2004/10/15 1:03:00来源:本站整理作者:蓝点我要评论(0)













    这个软件升级第2天我就破解了。之所以到现在才发布这个破解文章,是因为这个软件实在太好了,我不
忍心看着他因为破解泛滥而不得不关闭Guest账户。请不要以此文章制作破解文件!谢谢合作
官方主页:www.gtgwt.com
免费用户限制:不定时跳广告
破解方法:爆破(只能用这个)
破解工具:FI,W32DASM,HIEW,FILEMON
破解目的:去除广告
   我敢打赌,我第一个破除了2.2的老版本。5.14日,软件提示有新版本,强迫升级,呜……又该破解
了……  
   本来觉得这个新版本很简单的,升级变动也不大,按老的走就可以了。W32DASM反汇编stock.dll(主
程序),来到10006737,把那个CALL nop掉完事(老版本就是这样被我破掉的)。启动!^&%#@$!*)&( 怎
么回事?又重新下载引擎???可是,没升级呀…… 忽然意识到:这个新程序,是不是加了一个自校验
功能???如果有改动就……自动重新下载!广告是去除了,下面的任务就是去掉那个自校验功能!(广
告的去除方法不再详述)

设想程序基本思路:
从服务器下载新版本号-->获得本地版本号-->比较-->相等就跳走-->不相等下载新版本-->提示升级-->安
装或从服务器下载新版本号-->获得本地版本号-->比较-->相等就跳走-->系统自校验-->相等继续使用-->不相
等从服务器上下载新版本-->提示升级-->安装  
   
   一开始是从10006473处下手,经过N次爆破均不成功。无奈之际,打开串式参考,找到两个可疑文件
名:stock.dll、stock000.dll。赶紧去winnt\system32\看,果然有这两个文件,但并不相同。猜想
stock000.dll是上一版本的备份。双击,来到10009451(请从下面找到10009451,从那里看,跟着注释走
,这样可以较清楚地看到我的破解思路) 注释中的“右键”,是在w32dasm的操作。


* Referenced by a CALL at Address:
|:100063C8                                         <----关键CALL
|
:10007500 64A100000000            mov eax, dword ptr fs:[00000000]
:10007506 6AFF                    push FFFFFFFF
:10007508 68705B0310              push 10035B70
:1000750D 50                      push eax
:1000750E 64892500000000          mov dword ptr fs:[00000000], esp
:10007515 83EC20                  sub esp, 00000020
:10007518 53                      push ebx
:10007519 55                      push ebp
:1000751A 56                      push esi
:1000751B 8BF1                    mov esi, ecx
:1000751D 33DB                    xor ebx, ebx
:1000751F 57                      push edi
:10007520 8B8638060000            mov eax, dword ptr [esi+00000638]
:10007526 3BC3                    cmp eax, ebx
:10007528 740F                    je 10007539     <----很可疑,修改为74,成功!
:1000752A 50                      push eax
:1000752B E86FF80100              call 10026D9F
:10007530 83C404                  add esp, 00000004
:10007533 899E38060000            mov dword ptr [esi+00000638], ebx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10007528(C)                                      <----右键

:10007539 8B442444                mov eax, dword ptr [esp+44]
:1000753D 8B7C2440                mov edi, dword ptr [esp+40]
:10007541 8DAE38050000            lea ebp, dword ptr [esi+00000538]
:10007547 50                      push eax
:10007548 57                      push edi
:10007549 8BCE                    mov ecx, esi
:1000754B 894624                  mov dword ptr [esi+24], eax
:1000754E 885D00                  mov byte ptr [ebp+00], bl
:10007551 889E38040000            mov byte ptr [esi+00000438], bl
:10007557 E894FEFFFF              call 100073F0
:1000755C 85C0                    test eax, eax
:1000755E 7545                    jne 100075A5      <----没准是这里,不过经测试,不是!继续向上
:10007560 6800010000              push 00000100
:10007565 E80CF80100              call 10026D76
:1000756A 8BD0                    mov edx, eax
:1000756C 83C404                  add esp, 00000004
:1000756F 3BD3                    cmp edx, ebx
:10007571 899638060000            mov dword ptr [esi+00000638], edx
:10007577 7422                    je 1000759B

* Possible StringData Ref from Data Obj ->"包错误"
                                 
..............................
......................

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1000755E(C)                                     <----右键
|
:100075A5 33C0                    xor eax, eax
:100075A7 668B07                  mov ax, word ptr [edi]
:100075AA 3D00200000              cmp eax, 00002000
:100075AF 0F8F00010000            jg 100076B5     <----不可能是关键跳转,继续向上
:100075B5 0F84A4000000            je 1000765F
:100075BB 0500F0FFFF              add eax, FFFFF000
:100075C0 83F80B                  cmp eax, 0000000B
......................
...........

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100075AF(C)                                        <----右键
|
:100076B5 3D02300000              cmp eax, 00003002
:100076BA 0F8F7C010000            jg 1000783C        <----不可能是关键跳转,继续向上
:100076C0 0F84D7000000            je 1000779D
:100076C6 2D01200000              sub eax, 00002001
:100076CB 747A                    je 10007747
:100076CD 83E802                  sub eax, 00000002
:100076D0 741F                    je 100076F1
.....................
...............
:10007816 50                      push eax
:10007817 52                      push edx
:10007818 51                      push ecx
:10007819 55                      push ebp
:1000781A E840E20000              call 10015A5F
:1000781F 83C418                  add esp, 00000018
:10007822 8D4C241C                lea ecx, dword ptr [esp+1C]
:10007826 E8F3F00100              call 1002691E
:1000782B C7442438FFFFFFFF        mov [esp+38], FFFFFFFF
:10007833 8D4C2444                lea ecx, dword ptr [esp+44]
:10007837 E900010000              jmp 1000793C

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100076BA(C)                                           <----右键。
|
:1000783C 3D00500000              cmp eax, 00005000
:10007841 755C                    jne 1000789F          <----来到这里,继续向上
:10007843 3D00800000              cmp eax, 00008000
:10007848 7418                    je 10007862
:1000784A 3D00A00000              cmp eax, 0000A000
:1000784F 0F85EC000000            jne 10007941
:10007855 57                      push edi
:10007856 8BCE                    mov ecx, esi
:10007858 E8D3180000              call 10009130
:1000785D E9DF000000              jmp 10007941
.......................
..............
:1000788D F3                      repz
:1000788E A5                      movsd
:1000788F 8BCA                    mov ecx, edx
:10007891 83E103                  and ecx, 00000003
:10007894 F3                      repz
:10007895 A4                      movsb
:10007896 8D4C2420                lea ecx, dword ptr [esp+20]
:1000789A E99D000000              jmp 1000793C

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10007841(C)                                               <----跳转,此处按右键
|
:1000789F 57                      push edi
:100078A0 8BCE                    mov ecx, esi
:100078A2 E8E9190000              call 10009290             <----来到这里,继续向上
:100078A7 85C0                    test eax, eax
:100078A9 750A                    jne 100078B5
:100078AB B803000000              mov eax, 00000003
:100078B0 E98E000000              jmp 10007943
------------------------------------------------------------------------

* Referenced by a CALL at Address:
|:100078A2                                                <----右键,看是哪里来的
|
:10009290 6AFF                    push FFFFFFFF
:10009292 68C85B0310              push 10035BC8
:10009297 64A100000000            mov eax, dword ptr fs:[00000000]
:1000929D 50                      push eax
:1000929E 64892500000000          mov dword ptr fs:[00000000], esp
...............
............
:100092DE 752F                    jne 1000930F
:100092E0 56                      push esi
:100092E1 8BCB                    mov ecx, ebx
:100092E3 E888000000              call 10009370            <----继续向上
:100092E8 8D4C240C                lea ecx, dword ptr [esp+0C]
:100092EC C7442450FFFFFFFF        mov [esp+50], FFFFFFFF
:100092F4 E8179DFFFF              call 10003010
------------------------------------------------------------------

* Referenced by a CALL at Address:
|:100092E3                                                 <----CALL,右键,看看是哪里来的
|
:10009370 81EC00030000            sub esp, 00000300
:10009376 8D842400020000          lea eax, dword ptr [esp+00000200]
:1000937D 53                      push ebx
:1000937E 55                      push ebp
:1000937F 56                      push esi
:10009380 57                      push edi
:10009381 6880000000              push 00000080
:10009386 50                      push eax

* Reference To: KERNEL32.GetSystemDirectoryA, Ord:0159h     <----获得系统目录,继续向上
                                 |
:10009387 FF15E4710310            Call dword ptr [100371E4]
:1000938D 83C9FF                  or ecx, FFFFFFFF

* Possible StringData Ref from Data Obj ->"\"
                                 |
:10009390 BFE4520410              mov edi, 100452E4
:10009395 33C0                    xor eax, eax
.................
........
:10009449 A5                      movsd
:1000944A 8BC8                    mov ecx, eax
:1000944C 83E103                  and ecx, 00000003
:1000944F F3                      repz
:10009450 A4                      movsb

* Possible StringData Ref from Data Obj ->"stock000.dll"   <----来到这里,从这里向上找
                                 |
:10009451 BF40590410              mov edi, 10045940
:10009456 83C9FF                  or ecx, FFFFFFFF
:10009459 33C0                    xor eax, eax
:1000945B 8D942410010000          lea edx, dword ptr [esp+00000110]

总结一下:
--------------------------------------
10006737处,E824000000 改 9090909090
10007528处,74         改 75

总计修改6 byte,收工。
发布时间:2003.05.16 14:39 

    
    
     
    
    

阅读本文后您有什么感想? 已有 人给出评价!

  • 0 囧
      囧
  • 0 恶心
      恶心
  • 0 期待
      期待
  • 0
      难过
  • 0 不错
      不错
  • 0 关注
      关注
  • 最新评论
  • 热门评论
共有评论(0)条 查看全部评论
高兴 可 汗 我不要 害羞 好 下下下 送花 屎 亲亲

注:您的评论需要经过审核才会显示出来