Subject: [HC] GRDuw v3.13 for 95/98 追踪重点.?=
Date: Sat, 4 Apr 1998 18:20:45 +0800
From: Error Free <errfree@te.fcu.edu.tw>
Organization: UnError Station
To: HC Mailing List <post@hc.ml.org>

Hello Hc ,

  http://www.grsoftware.net/
  http://www.grsoftware.net/grduw313.zip

  1.BPX CreateFileA
  2.拦下来, 按一次 F12 , 若是 GRduw  的领空应该就是如下,
    若非, F5 -> F12 .. 直到是为止.

:d eax
0237:006B0B90 48 3A 5C 44 49 53 4B 5C-47 52 44 55 57 5C 47 52  H:\DISK\GRDUW\GR
0237:006B0BA0 44 55 57 2E 4B 45 59 00-00 00 00 00 00 00 00 00  DUW.KEY.........

:u eip
022F:004111A4  PUSH    EAX        ; <- 这个最後 Push 的是档名, 用 d eax 就可看到了.
022F:004111A5  MOV     [ESI],EDI
022F:004111A7  CALL    [KERNEL32!CreateFileA]
022F:004111AD  MOV     [004468E0],EDI          ; <- 刚返回时的点.
022F:004111B3  CMP     EAX,-01
022F:004111B6  MOV     [EBP-04],EAX
022F:004111B9  MOV     DWORD PTR [EBX+000003CC],00411202
022F:004111C3  JNZ     004111D1
022F:004111C5  MOV     DWORD PTR [004468E0],00000001    ; <- Create keyFile 失败放 1
022F:004111CF  JMP     004111FD
022F:004111D1  PUSH    EDI
        :       :       :
022F:004111E0  CALL    [KERNEL32!ReadFile]
022F:004111E6  TEST    EAX,EAX
022F:004111E8  JNZ     004111F4
022F:004111EA  MOV     DWORD PTR [004468E0],00000001    ; <- Read keyFile 失败放 1
022F:004111F4  PUSH    DWORD PTR [EBP-04]
022F:004111F7  CALL    [KERNEL32!CloseHandle]
022F:004111FD  POP     EDI
022F:004111FE  POP     ESI
022F:004111FF  POP     EBX
022F:00411200  LEAVE
022F:00411201  RET

  3.用 「BPM 4468E0 W」, 不断被拦和继续执行, 观查那几个地方会放 1
  4.经过了好几个, 发现底下是最後一个.

:u eip
022F:004115B4  MOV     DWORD PTR [004468E0],00000001   ; <- 检查 key  失败, 最後一次放的 1 .
022F:004115BE  PUSH    EDI
022F:004115BF  CALL    [KERNEL32!DeleteFileA]          ; <- 老奸, 居然把 keyFile  杀掉!!
022F:004115C5  AND     BYTE PTR [EBX+004468E8],00      ; <- 与签名有关...
022F:004115CC  POP     EDI
022F:004115CD  POP     ESI
022F:004115CE  POP     EBX
022F:004115CF  RET

  重点就是这样罗! 其它就看你们自己, 看要建 keyfile (GRDUW.KEY) 还是
  改程式放置成功的旗标都可以..

... Error Free ...

--
如欲取消订阅, 请 mailto:req@hc.ml.org , 内文写上 unsubscribe hc 即可, 谢谢.