Título: ayuda con ingenieria inversa para registrar aplicacion Publicado por: darkloyo en 30 Junio 2013, 07:49 am estimados foreros:
les quiero pedir ayuda para resolver el problema que tengo con un programa antiguisimo pero que necesito con urgencia. se llama control 5100 y lo he descompilado y busque donde hace el jump al momento de presionar el botón registrar pero no he dado en el clavo. agradecería su ayuda. adjunto el código del botón registrar. de antemano les agradezco la ayuda. código: Private Sub Command1_Click() '4B8040 loc_004B8040: push ebp loc_004B8041: mov ebp, esp loc_004B8043: sub esp, 0000000Ch loc_004B8046: push 00402C96h ; loc_004B804B: mov eax, fs:[00h] loc_004B8051: push eax loc_004B8052: mov fs:[00000000h], esp loc_004B8059: sub esp, 000000CCh loc_004B805F: push ebx loc_004B8060: push esi loc_004B8061: push edi loc_004B8062: mov edi, Me loc_004B8065: mov eax, edi loc_004B8067: and edi, FFFFFFFEh loc_004B806A: mov var_C, esp loc_004B806D: and eax, 00000001h loc_004B8070: mov ebx, [edi] loc_004B8072: mov var_8, 004025E0h loc_004B8079: push edi loc_004B807A: mov var_4, eax loc_004B807D: mov Me, edi loc_004B8080: mov var_E0, ebx loc_004B8086: call [ebx+04h] loc_004B8089: xor eax, eax loc_004B808B: push edi loc_004B808C: mov var_18, eax loc_004B808F: mov var_1C, eax loc_004B8092: mov var_20, eax loc_004B8095: mov var_24, eax loc_004B8098: mov var_28, eax loc_004B809B: mov var_2C, eax loc_004B809E: mov var_30, eax loc_004B80A1: mov var_34, eax loc_004B80A4: mov var_44, eax loc_004B80A7: mov var_54, eax loc_004B80AA: mov var_64, eax loc_004B80AD: mov var_74, eax loc_004B80B0: mov var_84, eax loc_004B80B6: mov var_94, eax loc_004B80BC: call [ebx+00000318h] loc_004B80C2: lea ecx, var_2C loc_004B80C5: push eax loc_004B80C6: push ecx loc_004B80C7: call [004DD354h] ; Set (object) loc_004B80CD: mov esi, eax loc_004B80CF: lea eax, var_1C loc_004B80D2: push eax loc_004B80D3: push esi loc_004B80D4: mov edx, [esi] loc_004B80D6: call [edx+000000A0h] loc_004B80DC: test eax, eax loc_004B80DE: jnl 4B80F2h loc_004B80E0: push 000000A0h loc_004B80E5: push 0043CC50h loc_004B80EA: push esi loc_004B80EB: push eax loc_004B80EC: call [004DD324h] ; loc_004B80F2: push edi loc_004B80F3: call [ebx+00000314h] loc_004B80F9: lea ecx, var_28 loc_004B80FC: push eax loc_004B80FD: push ecx loc_004B80FE: call [004DD354h] ; Set (object) loc_004B8104: mov esi, eax loc_004B8106: lea eax, var_18 loc_004B8109: push eax loc_004B810A: push esi loc_004B810B: mov edx, [esi] loc_004B810D: call [edx+000000A0h] loc_004B8113: test eax, eax loc_004B8115: jnl 4B8129h loc_004B8117: push 000000A0h loc_004B811C: push 0043CC50h loc_004B8121: push esi loc_004B8122: push eax loc_004B8123: call [004DD324h] ; loc_004B8129: push edi loc_004B812A: call [ebx+00000310h] loc_004B8130: mov ebx, [004DD354h] ; Set (object) loc_004B8136: lea ecx, var_30 loc_004B8139: push eax loc_004B813A: push ecx loc_004B813B: call ebx loc_004B813D: mov esi, eax loc_004B813F: lea eax, var_20 loc_004B8142: push eax loc_004B8143: push esi loc_004B8144: mov edx, [esi] loc_004B8146: call [edx+000000A0h] loc_004B814C: test eax, eax loc_004B814E: jnl 4B8162h loc_004B8150: push 000000A0h loc_004B8155: push 0043CC50h loc_004B815A: push esi loc_004B815B: push eax loc_004B815C: call [004DD324h] ; loc_004B8162: mov ecx, var_1C loc_004B8165: mov edx, var_18 loc_004B8168: mov esi, [004DD30Ch] ; & loc_004B816E: push ecx loc_004B816F: push edx loc_004B8170: call & loc_004B8172: mov edx, eax loc_004B8174: lea ecx, var_24 loc_004B8177: call [004DD508h] ; loc_004B817D: push eax loc_004B817E: mov eax, var_20 loc_004B8181: push eax loc_004B8182: call & loc_004B8184: mov var_3C, eax loc_004B8187: mov eax, [4CC458h] loc_004B818C: test eax, eax loc_004B818E: mov var_44, 00000008h loc_004B8195: jnz 4B81ACh loc_004B8197: push 004CC458h ; "<Ü" & Chr(13)" loc_004B819C: push 00421CBCh loc_004B81A1: call [004DD484h] ; loc_004B81A7: mov eax, [4CC458h] loc_004B81AC: mov edx, var_44 loc_004B81AF: sub esp, 00000010h loc_004B81B2: mov ecx, esp loc_004B81B4: push 68030007h ; "MZ" loc_004B81B9: push eax loc_004B81BA: mov [ecx], edx loc_004B81BC: mov edx, var_40 loc_004B81BF: mov [ecx+04h], edx loc_004B81C2: mov edx, var_3C loc_004B81C5: mov [ecx+08h], edx loc_004B81C8: mov edx, var_38 loc_004B81CB: mov [ecx+0Ch], edx loc_004B81CE: mov ecx, [eax] loc_004B81D0: call [ecx+00000300h] loc_004B81D6: lea edx, var_34 loc_004B81D9: push eax loc_004B81DA: push edx loc_004B81DB: call ebx loc_004B81DD: push eax loc_004B81DE: call [004DD51Ch] ; loc_004B81E4: lea eax, var_20 loc_004B81E7: lea ecx, var_24 loc_004B81EA: push eax loc_004B81EB: lea edx, var_18 loc_004B81EE: push ecx loc_004B81EF: lea eax, var_1C loc_004B81F2: push edx loc_004B81F3: push eax loc_004B81F4: push 00000004h loc_004B81F6: call [004DD4A8h] ; loc_004B81FC: add esp, 00000014h loc_004B81FF: lea ecx, var_34 loc_004B8202: lea edx, var_30 loc_004B8205: lea eax, var_2C loc_004B8208: push ecx loc_004B8209: push edx loc_004B820A: lea ecx, var_28 loc_004B820D: push eax loc_004B820E: push ecx loc_004B820F: push 00000004h loc_004B8211: call [004DD2F8h] ; loc_004B8217: mov edi, [004DD2D8h] ; loc_004B821D: add esp, 00000014h loc_004B8220: lea ecx, var_44 loc_004B8223: call edi loc_004B8225: mov eax, [4CC458h] loc_004B822A: test eax, eax loc_004B822C: jnz 4B8243h loc_004B822E: push 004CC458h ; "<Ü" & Chr(13)" loc_004B8233: push 00421CBCh loc_004B8238: call [004DD484h] ; loc_004B823E: mov eax, [4CC458h] loc_004B8243: mov edx, [eax] loc_004B8245: push 00000000h loc_004B8247: push 68030006h ; "MZ" loc_004B824C: push eax loc_004B824D: call [edx+00000300h] loc_004B8253: push eax loc_004B8254: lea eax, var_28 loc_004B8257: push eax loc_004B8258: call ebx loc_004B825A: lea ecx, var_44 loc_004B825D: push eax loc_004B825E: push ecx loc_004B825F: call [004DD3F4h] ; loc_004B8265: add esp, 00000010h loc_004B8268: push eax loc_004B8269: call [004DD38Ch] ; loc_004B826F: mov si, ax loc_004B8272: lea ecx, var_28 loc_004B8275: not esi loc_004B8277: call [004DD538h] ; loc_004B827D: lea ecx, var_44 loc_004B8280: call edi loc_004B8282: test si, si loc_004B8285: mov edi, 80020004h loc_004B828A: mov esi, 0000000Ah loc_004B828F: mov var_6C, edi loc_004B8292: mov var_74, esi loc_004B8295: mov var_5C, edi loc_004B8298: mov var_64, esi loc_004B829B: mov var_4C, edi loc_004B829E: mov var_54, esi loc_004B82A1: jz 4B82FBh loc_004B82A3: lea edx, var_84 loc_004B82A9: lea ecx, var_44 loc_004B82AC: mov var_7C, 004423F0h ; "Código de liberación erroneo!" loc_004B82B3: mov var_84, 00000008h loc_004B82BD: call [004DD4E8h] ; loc_004B82C3: lea edx, var_74 loc_004B82C6: lea eax, var_64 loc_004B82C9: push edx loc_004B82CA: lea ecx, var_54 loc_004B82CD: push eax loc_004B82CE: push ecx loc_004B82CF: lea edx, var_44 loc_004B82D2: push 00000000h loc_004B82D4: push edx loc_004B82D5: call [004DD35Ch] ; MsgBox(%x1, %x2, %x3, %x4, %x5) loc_004B82DB: lea eax, var_74 loc_004B82DE: lea ecx, var_64 loc_004B82E1: push eax loc_004B82E2: lea edx, var_54 loc_004B82E5: push ecx loc_004B82E6: lea eax, var_44 loc_004B82E9: push edx loc_004B82EA: push eax loc_004B82EB: push 00000004h loc_004B82ED: call [004DD2ECh] ; loc_004B82F3: add esp, 00000014h loc_004B82F6: jmp 004B85EDh loc_004B82FB: lea edx, var_84 loc_004B8301: lea ecx, var_44 loc_004B8304: mov var_7C, 00442430h ; "Gracias por registra el programa!" loc_004B830B: mov var_84, 00000008h loc_004B8315: call [004DD4E8h] ; loc_004B831B: lea ecx, var_74 loc_004B831E: lea edx, var_64 loc_004B8321: push ecx loc_004B8322: lea eax, var_54 loc_004B8325: push edx loc_004B8326: push eax loc_004B8327: lea ecx, var_44 loc_004B832A: push 00000000h loc_004B832C: push ecx loc_004B832D: call [004DD35Ch] ; MsgBox(%x1, %x2, %x3, %x4, %x5) loc_004B8333: lea edx, var_74 loc_004B8336: lea eax, var_64 loc_004B8339: push edx loc_004B833A: lea ecx, var_54 loc_004B833D: push eax loc_004B833E: lea edx, var_44 loc_004B8341: push ecx loc_004B8342: push edx loc_004B8343: push 00000004h loc_004B8345: call [004DD2ECh] ; loc_004B834B: add esp, 00000014h loc_004B834E: mov edx, 0043D1BCh ; "Select empresa from parametros_generales" loc_004B8353: mov ecx, 004CC0E8h loc_004B8358: call [004DD498h] ; loc_004B835E: mov edx, [004CC094h] ; loc_004B8364: lea ebx, var_28 loc_004B8367: push ebx loc_004B8368: mov ecx, esi loc_004B836A: mov edx, [edx] loc_004B836C: sub esp, 00000010h loc_004B836F: mov ebx, esp loc_004B8371: mov eax, edi loc_004B8373: sub esp, 00000010h loc_004B8376: mov var_7C, edi loc_004B8379: mov [ebx], ecx loc_004B837B: mov ecx, var_90 loc_004B8381: mov var_84, esi loc_004B8387: mov [ebx+04h], ecx loc_004B838A: mov ecx, esp loc_004B838C: mov [ebx+08h], eax loc_004B838F: mov eax, var_88 loc_004B8395: mov [ebx+0Ch], eax loc_004B8398: mov eax, var_80 loc_004B839B: mov [ecx], esi loc_004B839D: mov [ecx+04h], eax loc_004B83A0: mov eax, var_78 loc_004B83A3: mov [ecx+08h], edi loc_004B83A6: mov [ecx+0Ch], eax loc_004B83A9: mov ecx, [004CC0E8h] ; loc_004B83AF: mov eax, [4CC094h] loc_004B83B4: push ecx loc_004B83B5: push eax loc_004B83B6: call [edx+7Ch] loc_004B83B9: test eax, eax loc_004B83BB: jnl 4B83D2h loc_004B83BD: mov ecx, [004CC094h] ; loc_004B83C3: push 0000007Ch loc_004B83C5: push 0043D210h loc_004B83CA: push ecx loc_004B83CB: push eax loc_004B83CC: call [004DD324h] ; loc_004B83D2: mov edx, var_28 loc_004B83D5: push 0043D220h loc_004B83DA: push edx loc_004B83DB: call [004DD504h] ; loc_004B83E1: mov esi, [004DD354h] ; Set (object) loc_004B83E7: push eax loc_004B83E8: push 004CC108h loc_004B83ED: call Set (object) loc_004B83EF: mov edi, [004DD538h] ; loc_004B83F5: lea ecx, var_28 loc_004B83F8: call edi loc_004B83FA: mov eax, [4CC108h] loc_004B83FF: push eax loc_004B8400: mov ecx, [eax] loc_004B8402: call [ecx+000000D0h] loc_004B8408: test eax, eax loc_004B840A: jnl 4B8424h loc_004B840C: mov edx, [004CC108h] ; loc_004B8412: push 000000D0h loc_004B8417: push 0043BAD4h loc_004B841C: push edx loc_004B841D: push eax loc_004B841E: call [004DD324h] ; loc_004B8424: mov eax, var_E0 loc_004B842A: mov ecx, Me loc_004B842D: push ecx loc_004B842E: mov ebx, [eax+00000308h] loc_004B8434: call ebx loc_004B8436: lea edx, var_28 loc_004B8439: push eax loc_004B843A: push edx loc_004B843B: call Set (object) loc_004B843D: mov esi, eax loc_004B843F: lea ecx, var_18 loc_004B8442: push ecx loc_004B8443: push esi loc_004B8444: mov eax, [esi] loc_004B8446: call [eax+000000A0h] loc_004B844C: test eax, eax loc_004B844E: jnl 4B8462h loc_004B8450: push 000000A0h loc_004B8455: push 0043CC50h loc_004B845A: push esi loc_004B845B: push eax loc_004B845C: call [004DD324h] ; loc_004B8462: sub esp, 00000010h loc_004B8465: mov eax, var_18 loc_004B8468: mov edx, esp loc_004B846A: mov ecx, 00000008h loc_004B846F: mov var_44, ecx loc_004B8472: mov var_3C, eax loc_004B8475: mov [edx], ecx loc_004B8477: mov ecx, var_40 loc_004B847A: push 0043D26Ch ; "empresa" loc_004B847F: mov var_18, 00000000h loc_004B8486: mov [edx+04h], ecx loc_004B8489: mov ecx, [004CC108h] ; loc_004B848F: push ecx loc_004B8490: mov [edx+08h], eax loc_004B8493: mov eax, var_38 loc_004B8496: mov [edx+0Ch], eax loc_004B8499: call [004DD338h] ; loc_004B849F: lea ecx, var_28 loc_004B84A2: call edi loc_004B84A4: lea ecx, var_44 loc_004B84A7: call [004DD2D8h] ; loc_004B84AD: mov eax, [4CC250h] loc_004B84B2: test eax, eax loc_004B84B4: jnz 4B84C6h loc_004B84B6: push 004CC250h ; "ðÕ" & Chr(13)" loc_004B84BB: push 00437838h loc_004B84C0: call [004DD484h] ; loc_004B84C6: mov edx, Me loc_004B84C9: mov edi, [004CC250h] ; loc_004B84CF: push edx loc_004B84D0: call ebx loc_004B84D2: push eax loc_004B84D3: lea eax, var_28 loc_004B84D6: push eax loc_004B84D7: call [004DD354h] ; Set (object) loc_004B84DD: mov esi, eax loc_004B84DF: lea edx, var_18 loc_004B84E2: push edx loc_004B84E3: push esi loc_004B84E4: mov ecx, [esi] loc_004B84E6: call [ecx+000000A0h] loc_004B84EC: test eax, eax loc_004B84EE: jnl 4B8506h loc_004B84F0: mov ebx, [004DD324h] ; loc_004B84F6: push 000000A0h loc_004B84FB: push 0043CC50h loc_004B8500: push esi loc_004B8501: push eax loc_004B8502: call ebx loc_004B8504: jmp 4B850Ch loc_004B8506: mov ebx, [004DD324h] ; loc_004B850C: mov eax, var_18 loc_004B850F: lea ecx, var_44 loc_004B8512: mov var_3C, eax loc_004B8515: mov eax, [edi] loc_004B8517: push ecx loc_004B8518: push edi loc_004B8519: mov var_18, 00000000h loc_004B8520: mov var_44, 00000008h loc_004B8527: call [eax+00000798h] loc_004B852D: test eax, eax loc_004B852F: jnl 4B853Fh loc_004B8531: push 00000798h loc_004B8536: push 0043B76Ch loc_004B853B: push edi loc_004B853C: push eax loc_004B853D: call ebx loc_004B853F: lea ecx, var_28 loc_004B8542: call [004DD538h] ; loc_004B8548: lea ecx, var_44 loc_004B854B: call [004DD2D8h] ; loc_004B8551: mov eax, [4CC108h] loc_004B8556: push 00000000h loc_004B8558: push 00000001h loc_004B855A: push eax loc_004B855B: mov edx, [eax] loc_004B855D: call [edx+00000164h] loc_004B8563: test eax, eax loc_004B8565: jnl 4B857Bh loc_004B8567: mov ecx, [004CC108h] ; loc_004B856D: push 00000164h loc_004B8572: push 0043BAD4h loc_004B8577: push ecx loc_004B8578: push eax loc_004B8579: call ebx loc_004B857B: mov eax, [4CC108h] loc_004B8580: push eax loc_004B8581: mov edx, [eax] loc_004B8583: call [edx+000000C4h] loc_004B8589: test eax, eax loc_004B858B: jnl 4B85A1h loc_004B858D: mov ecx, [004CC108h] ; loc_004B8593: push 000000C4h loc_004B8598: push 0043BAD4h loc_004B859D: push ecx loc_004B859E: push eax loc_004B859F: call ebx loc_004B85A1: mov eax, [4CD3B8h] loc_004B85A6: test eax, eax loc_004B85A8: jnz 4B85BAh loc_004B85AA: push 004CD3B8h ; "015" loc_004B85AF: push 0043C0D0h loc_004B85B4: call [004DD484h] ; loc_004B85BA: mov edx, Me loc_004B85BD: mov esi, [004CD3B8h] ; loc_004B85C3: lea eax, var_28 loc_004B85C6: push edx loc_004B85C7: mov edi, [esi] loc_004B85C9: push eax loc_004B85CA: call [004DD36Ch] ; loc_004B85D0: push eax loc_004B85D1: push esi loc_004B85D2: call [edi+10h] loc_004B85D5: test eax, eax loc_004B85D7: jnl 4B85E4h loc_004B85D9: push 00000010h loc_004B85DB: push 0043C0C0h loc_004B85E0: push esi loc_004B85E1: push eax loc_004B85E2: call ebx loc_004B85E4: lea ecx, var_28 loc_004B85E7: call [004DD538h] ; loc_004B85ED: mov var_4, 00000000h loc_004B85F4: push 004B864Eh loc_004B85F9: jmp 4B864Dh loc_004B85FB: lea ecx, var_24 loc_004B85FE: lea edx, var_20 loc_004B8601: push ecx loc_004B8602: lea eax, var_1C loc_004B8605: push edx loc_004B8606: lea ecx, var_18 loc_004B8609: push eax loc_004B860A: push ecx loc_004B860B: push 00000004h loc_004B860D: call [004DD4A8h] ; loc_004B8613: add esp, 00000014h loc_004B8616: lea edx, var_34 loc_004B8619: lea eax, var_30 loc_004B861C: lea ecx, var_2C loc_004B861F: push edx loc_004B8620: push eax loc_004B8621: lea edx, var_28 loc_004B8624: push ecx loc_004B8625: push edx loc_004B8626: push 00000004h loc_004B8628: call [004DD2F8h] ; loc_004B862E: add esp, 00000014h loc_004B8631: lea eax, var_74 loc_004B8634: lea ecx, var_64 loc_004B8637: lea edx, var_54 loc_004B863A: push eax loc_004B863B: push ecx loc_004B863C: lea eax, var_44 loc_004B863F: push edx loc_004B8640: push eax loc_004B8641: push 00000004h loc_004B8643: call [004DD2ECh] ; loc_004B8649: add esp, 00000014h loc_004B864C: ret loc_004B864D: ret loc_004B864E: mov eax, Me loc_004B8651: push eax loc_004B8652: mov ecx, [eax] loc_004B8654: call [ecx+08h] loc_004B8657: mov ecx, var_14 loc_004B865A: mov eax, var_4 loc_004B865D: pop edi loc_004B865E: pop esi loc_004B865F: mov fs:[00000000h], ecx loc_004B8666: pop ebx loc_004B8667: mov esp, ebp loc_004B8669: pop ebp loc_004B866A: retn 0004h End Sub (http://img5.imageshack.us/img5/2129/fbo4.jpg) Título: Re: ayuda con ingenieria inversa para registrar aplicacion Publicado por: karmany en 30 Junio 2013, 11:16 am Parece ser que estás en la subrutina de registro. El salto de registro es muy sencillo y va directo a la cadena "registro correcto" lo que pasa que es posible que en ese lugar no consigas nada cambiando el salto, pero pruébalo. En esa subrutina podrás analizar con tu debugger cuál es el serial correcto y dónde se guarda.
Título: Re: ayuda con ingenieria inversa para registrar aplicacion Publicado por: darkloyo en 2 Julio 2013, 05:07 am amigo agradezco su respuesta pero quede igual. seria mucho pedir si le mando el .exe y me ayuda con este. lo agradecería en el alma
Título: Re: ayuda con ingenieria inversa para registrar aplicacion Publicado por: apuromafo CLS en 3 Julio 2013, 01:09 am amigo agradezco su respuesta pero quede igual. seria mucho pedir si le mando el .exe y me ayuda con este. lo agradecería en el alma con esta respuesta te pueden banear y bloquear por ip, LA petición de crack esta prohibida... |