医院pacs软件宏狗加密狗破解,医院pacs软件宏狗加密狗复制,破解加密狗医院pacs软件宏狗,医院pacs软件宏狗加密狗解密,医院pacs软件宏狗加密锁复制,医院pacs软件宏狗加密锁解密,医院pacs软件宏狗加密锁破解.
软件简介:
这是一个医院用的pac软件,用的是应该是宏狗。在没有加密狗的情况下弹出提示:授权校验失败!
初步检测软件,软件没有加壳,用的是Borland Delphi 6.0 - 7.0所编写。
正文:
用OD加载软件,找到弹出错误的关键位置:
00AA2240 > 55 push ebp //函数入口
00AA2241 8BEC mov ebp,esp
00AA2243 83C4 E4 add esp,-0x1C
00AA2246 53 push ebx
00AA2247 33C0 xor eax,eax
00AA2249 8945 E8 mov dword ptr ss:[ebp-0x18],eax
00AA224C 8945 E4 mov dword ptr ss:[ebp-0x1C],eax
00AA224F 8945 EC mov dword ptr ss:[ebp-0x14],eax
00AA2252 B8 38C4A900 mov eax,KPlanner.00A9C438
00AA2257 E8 6C6096FF call KPlanner.004082C8
00AA225C 33C0 xor eax,eax
00AA225E 55 push ebp
00AA225F 68 FC24AA00 push KPlanner.00AA24FC
00AA2264 64:FF30 push dword ptr fs:[eax]
00AA2267 64:8920 mov dword ptr fs:[eax],esp
00AA226A A1 FC98AB00 mov eax,dword ptr ds:[0xAB98FC]
00AA226F 8B00 mov eax,dword ptr ds:[eax]
00AA2271 E8 8AE99EFF call KPlanner.00490C00
00AA2276 8D45 EC lea eax,dword ptr ss:[ebp-0x14]
00AA2279 E8 2E3DC0FF call KPlanner.006A5FAC
00AA227E 8D45 EC lea eax,dword ptr ss:[ebp-0x14]
00AA2281 BA 1425AA00 mov edx,KPlanner.00AA2514 ; Info.ini
00AA2286 E8 513996FF call KPlanner.00405BDC
00AA228B 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
00AA228E B2 01 mov dl,0x1
00AA2290 A1 D4264300 mov eax,dword ptr ds:[0x4326D4]
00AA2295 E8 F20499FF call KPlanner.0043278C
00AA229A A3 844EAC00 mov dword ptr ds:[0xAC4E84],eax
00AA229F 33C0 xor eax,eax
00AA22A1 55 push ebp
00AA22A2 68 F922AA00 push KPlanner.00AA22F9
00AA22A7 64:FF30 push dword ptr fs:[eax]
00AA22AA 64:8920 mov dword ptr fs:[eax],esp
00AA22AD 68 2825AA00 push KPlanner.00AA2528 ; 登记工作站
00AA22B2 8D45 E4 lea eax,dword ptr ss:[ebp-0x1C]
00AA22B5 50 push eax
00AA22B6 B9 3C25AA00 mov ecx,KPlanner.00AA253C ; 登记工作站标题
00AA22BB BA 5425AA00 mov edx,KPlanner.00AA2554 ; 软件信息
00AA22C0 A1 844EAC00 mov eax,dword ptr ds:[0xAC4E84]
00AA22C5 8B18 mov ebx,dword ptr ds:[eax]
00AA22C7 FF13 call dword ptr ds:[ebx]
00AA22C9 8B45 E4 mov eax,dword ptr ss:[ebp-0x1C]
00AA22CC 8D55 E8 lea edx,dword ptr ss:[ebp-0x18]
00AA22CF E8 249696FF call KPlanner.0040B8F8
00AA22D4 8B55 E8 mov edx,dword ptr ss:[ebp-0x18]
00AA22D7 B8 804EAC00 mov eax,KPlanner.00AC4E80
00AA22DC E8 733696FF call KPlanner.00405954
00AA22E1 33C0 xor eax,eax
00AA22E3 5A pop edx
00AA22E4 59 pop ecx
00AA22E5 59 pop ecx
00AA22E6 64:8910 mov dword ptr fs:[eax],edx
00AA22E9 68 0023AA00 push KPlanner.00AA2300
00AA22EE A1 844EAC00 mov eax,dword ptr ds:[0xAC4E84]
00AA22F3 E8 C42596FF call KPlanner.004048BC
00AA22F8 C3 retn
00AA22F9 - E9 922D96FF jmp KPlanner.00405090
00AA22FE ^ EB EE jmp short KPlanner.00AA22EE
00AA2300 833D 804EAC00 0>cmp dword ptr ds:[0xAC4E80],0x0
00AA2307 74 14 je short KPlanner.00AA231D
00AA2309 A1 FC98AB00 mov eax,dword ptr ds:[0xAB98FC]
00AA230E 8B00 mov eax,dword ptr ds:[eax]
00AA2310 8B15 804EAC00 mov edx,dword ptr ds:[0xAC4E80]
00AA2316 E8 9DE39EFF call KPlanner.004906B8
00AA231B EB 11 jmp short KPlanner.00AA232E
00AA231D A1 FC98AB00 mov eax,dword ptr ds:[0xAB98FC]
00AA2322 8B00 mov eax,dword ptr ds:[eax]
00AA2324 BA 2825AA00 mov edx,KPlanner.00AA2528 ; 登记工作站
00AA2329 E8 8AE39EFF call KPlanner.004906B8
00AA232E 68 6025AA00 push KPlanner.00AA2560 ; LWRISVPLANNER
00AA2333 6A 00 push 0x0
00AA2335 6A 00 push 0x0
00AA2337 E8 AC6396FF call KPlanner.004086E8 //前面是检测工作环境
00AA233C 8BD8 mov ebx,eax
00AA233E E8 256596FF call <jmp.&kernel32.GetLastError>
00AA2343 3D B7000000 cmp eax,0xB7
00AA2348 75 0F jnz short KPlanner.00AA2359
00AA234A B8 7825AA00 mov eax,KPlanner.00AA2578 ; 系统已经启动,请检查任务栏! 如果需要多开,可以从此处下手,好像这种软件没太大必要
00AA234F E8 5033C0FF call KPlanner.006A56A4
00AA2354 E9 88010000 jmp KPlanner.00AA24E1
00AA2359 B0 01 mov al,0x1
00AA235B E8 A806FFFF call KPlanner.00A92A08
00AA2360 E8 CB33C0FF call KPlanner.006A5730
00AA2365 B8 05000000 mov eax,0x5
00AA236A E8 0907FFFF call KPlanner.00A92A78
00AA236F E8 F42CBFFF call KPlanner.00695068
00AA2374 B8 0A000000 mov eax,0xA
00AA2379 E8 FA06FFFF call KPlanner.00A92A78
00AA237E A1 FC91AB00 mov eax,dword ptr ds:[0xAB91FC]
00AA2383 BA 01000000 mov edx,0x1
00AA2388 E8 6F4CC0FF call KPlanner.006A6FFC //加密狗破解关键函数
00AA238D 85C0 test eax,eax
00AA238F 77 22 ja short KPlanner.00AA23B3 //加密狗破解关键点,但此软件直接爆破无法解决问题
00AA2391 A1 CC94AB00 mov eax,dword ptr ds:[0xAB94CC]
00AA2396 8B00 mov eax,dword ptr ds:[eax]
00AA2398 33C9 xor ecx,ecx
00AA239A BA 9C25AA00 mov edx,KPlanner.00AA259C ; 模块权限校验失败,不能运行!
00AA239F E8 B02FBFFF call KPlanner.00695354
00AA23A4 B8 C025AA00 mov eax,KPlanner.00AA25C0 ; 授权校验失败!
00AA23A9 E8 F632C0FF call KPlanner.006A56A4 //弹出错误提示对话框
00AA23AE E9 05010000 jmp KPlanner.00AA24B8
00AA23B3 B8 05000000 mov eax,0x5
00AA23B8 E8 BB06FFFF call KPlanner.00A92A78
00AA23BD E8 E646D1FF call KPlanner.007B6AA8
00AA23C2 B8 05000000 mov eax,0x5
00AA23C7 E8 AC06FFFF call KPlanner.00A92A78
00AA23CC E8 8F30C0FF call KPlanner.006A5460
00AA23D1 84C0 test al,al
00AA23D3 0F84 DA000000 je KPlanner.00AA24B3
00AA23D9 B8 05000000 mov eax,0x5
00AA23DE E8 9506FFFF call KPlanner.00A92A78
00AA23E3 E8 C446C0FF call KPlanner.006A6AAC
00AA23E8 84C0 test al,al
00AA23EA 0F84 C3000000 je KPlanner.00AA24B3
00AA23F0 B8 0F000000 mov eax,0xF
00AA23F5 E8 7E06FFFF call KPlanner.00A92A78
00AA23FA E8 3946D1FF call KPlanner.007B6A38
00AA23FF B8 05000000 mov eax,0x5
00AA2404 E8 6F06FFFF call KPlanner.00A92A78
00AA2409 A1 A490AB00 mov eax,dword ptr ds:[0xAB90A4]
00AA240E 8B00 mov eax,dword ptr ds:[eax]
00AA2410 E8 6732C0FF call KPlanner.006A567C
00AA2415 B8 05000000 mov eax,0x5
00AA241A E8 5906FFFF call KPlanner.00A92A78
00AA241F A1 A490AB00 mov eax,dword ptr ds:[0xAB90A4]
00AA2424 8B00 mov eax,dword ptr ds:[eax]
00AA2426 E8 DD32C0FF call KPlanner.006A5708
00AA242B B8 05000000 mov eax,0x5
00AA2430 E8 4306FFFF call KPlanner.00A92A78
00AA2435 8B0D A490AB00 mov ecx,dword ptr ds:[0xAB90A4] ; KPlanner.00AC13E8
00AA243B 8B09 mov ecx,dword ptr ds:[ecx]
00AA243D A1 5089AB00 mov eax,dword ptr ds:[0xAB8950]
00AA2442 8B00 mov eax,dword ptr ds:[eax]
00AA2444 B2 01 mov dl,0x1
00AA2446 E8 F148C0FF call KPlanner.006A6D3C
00AA244B 48 dec eax
00AA244C 74 65 je short KPlanner.00AA24B3
00AA244E A1 A490AB00 mov eax,dword ptr ds:[0xAB90A4]
00AA2453 8B00 mov eax,dword ptr ds:[eax]
00AA2455 E8 76B3D2FF call KPlanner.007CD7D0
00AA245A 84C0 test al,al
00AA245C 74 55 je short KPlanner.00AA24B3
00AA245E B8 14000000 mov eax,0x14
00AA2463 E8 1006FFFF call KPlanner.00A92A78
00AA2468 8B0D A48CAB00 mov ecx,dword ptr ds:[0xAB8CA4] ; KPlanner.00AC4E7C
00AA246E A1 FC98AB00 mov eax,dword ptr ds:[0xAB98FC]
00AA2473 8B00 mov eax,dword ptr ds:[eax]
00AA2475 8B15 2033A900 mov edx,dword ptr ds:[0xA93320] ; KPlanner.00A9336C
00AA247B E8 98E79EFF call KPlanner.00490C18
00AA2480 8B0D 809AAB00 mov ecx,dword ptr ds:[0xAB9A80] ; KPlanner.00AC2A4C
00AA2486 A1 FC98AB00 mov eax,dword ptr ds:[0xAB98FC]
00AA248B 8B00 mov eax,dword ptr ds:[eax]
00AA248D 8B15 80A87C00 mov edx,dword ptr ds:[0x7CA880] ; KPlanner.007CA8CC
00AA2493 E8 80E79EFF call KPlanner.00490C18
00AA2498 B8 1E000000 mov eax,0x1E
00AA249D E8 D605FFFF call KPlanner.00A92A78
00AA24A2 E8 B905FFFF call KPlanner.00A92A60
00AA24A7 A1 FC98AB00 mov eax,dword ptr ds:[0xAB98FC]
00AA24AC 8B00 mov eax,dword ptr ds:[eax]
00AA24AE E8 9DE89EFF call KPlanner.00490D50
00AA24B3 E8 B831C0FF call KPlanner.006A5670
00AA24B8 E8 DB31C0FF call KPlanner.006A5698
00AA24BD E8 6232C0FF call KPlanner.006A5724
00AA24C2 E8 D545D1FF call KPlanner.007B6A9C
00AA24C7 E8 5848C0FF call KPlanner.006A6D24
00AA24CC E8 3F46D1FF call KPlanner.007B6B10
00AA24D1 E8 1633C0FF call KPlanner.006A57EC
00AA24D6 E8 492DBFFF call KPlanner.00695224
00AA24DB 53 push ebx
00AA24DC E8 0F6596FF call <jmp.&kernel32.ReleaseMutex>
00AA24E1 33C0 xor eax,eax
00AA24E3 5A pop edx
00AA24E4 59 pop ecx
00AA24E5 59 pop ecx
00AA24E6 64:8910 mov dword ptr fs:[eax],edx
00AA24E9 68 0325AA00 push KPlanner.00AA2503
00AA24EE 8D45 E4 lea eax,dword ptr ss:[ebp-0x1C]
00AA24F1 BA 03000000 mov edx,0x3
00AA24F6 E8 293496FF call KPlanner.00405924
00AA24FB C3 retn
通过对关键代码分析得出,软件只能启动一个实例,并且会校验加密狗是否存在,如果不存在,弹出错误提示,当然了,软件应该不止一处会检测加密狗,不过后面的应该很好找,有过这一次的经验了。
下面是读取加密狗的函数:
006A6FFC /$ 55 push ebp
006A6FFD |. 8BEC mov ebp,esp
006A6FFF |. 51 push ecx
006A7000 |. 53 push ebx
006A7001 |. 56 push esi
006A7002 |. 57 push edi
006A7003 |. 8BCA mov ecx,edx
006A7005 |. 85C9 test ecx,ecx
006A7007 |. 78 07 js short KPlanner.006A7010
006A7009 |> 8B1C88 /mov ebx,dword ptr ds:[eax+ecx*4]
006A700C |. 49 |dec ecx
006A700D |. 53 |push ebx
006A700E |.^ 79 F9 \jns short KPlanner.006A7009
006A7010 |> 8BC4 mov eax,esp
006A7012 |. 8955 FC mov [local.1],edx
006A7015 |. 33D2 xor edx,edx
006A7017 |. 8B75 FC mov esi,[local.1]
006A701A |. 85F6 test esi,esi
006A701C |. 7C 16 jl short KPlanner.006A7034
006A701E |. 46 inc esi
006A701F |. 8BD8 mov ebx,eax
006A7021 |> 8B03 /mov eax,dword ptr ds:[ebx]
006A7023 |. E8 10AEFFFF |call KPlanner.006A1E38
006A7028 |. 8BD0 |mov edx,eax
006A702A |. 85D2 |test edx,edx
006A702C |. 77 06 |ja short KPlanner.006A7034
006A702E |. 83C3 04 |add ebx,0x4
006A7031 |. 4E |dec esi
006A7032 |.^ 75 ED \jnz short KPlanner.006A7021
006A7034 |> 8BC2 mov eax,edx
006A7036 |. 8B7D F0 mov edi,[local.4]
006A7039 |. 8B75 F4 mov esi,[local.3]
006A703C |. 8B5D F8 mov ebx,[local.2]
006A703F |. 8BE5 mov esp,ebp
006A7041 |. 5D pop ebp
006A7042 \. C3 retn
通过分析得知,加密狗中写入了一定量的数据,直接修改跳转肯定是不行的,那就只有根据有加密狗的情况下运行得出来数据,然后再一一把它写入软件,由于手上暂时没有加密狗,所以现在没办法彻底破解,等拿到加密狗了,再补上……这里仅仅提供一种思路,不过通过上面的方面,加密狗破解就可以100%的成功了。
医院pacs软件宏狗加密狗破解?医院pacs软件宏狗加密狗复制?医院pacs软件宏狗加密狗破解公司?当然是深圳朝阳科技旗下T-GOU加密狗破解团队!T-gou加密狗复制加密狗破解团队拥有多年破解加密狗的经验,精湛的破解技术,为广东珠三角地区提供了多年的破解复制服务,是您的不二选择。T-GOU是完全可以进行医院pacs软件宏狗加密狗破解的。信誉保证,安全保障,质量保障。
Tags:加密狗破解加密狗复制