ollydbg1.07 干掉它!
1、用W32DASM反汇编Dialup.exe参考->串式参考->"UserName""拨号失败""不能接通, 已经断开.""创建拨号网络新连接失败!""错误""错误代码为:%ld.""断开,已空闲""对不起,您的帐号已到期!""连接到 "请输入正确的帐号!" (从这时下手!双击!)"设置拨号网络新连接的入口名称失败!""未连接,空闲""未知的远程访问错误,错误代码为:%ld.""已连接上网""应用程序已经运行!""用户登录""注意"
来到这里。* Reference To: USER32.SetTimer, Ord:0252h:00401D7B FF15A8634000 Call dword ptr [004063A8]:00401D81 8B542410 mov edx, dword ptr [esp+10]:00401D85 8B86D8000000 mov eax, dword ptr [esi+000000D8]:00401D8B 8B8E88000000 mov ecx, dword ptr [esi+00000088]:00401D91 52 push edx:00401D92 8B542418 mov edx, dword ptr [esp+18]:00401D96 52 push edx:00401D97 50 push eax:00401D98 51 push ecx:00401D99 8BCE mov ecx, esi:00401D9B E8E0010000 call 00401F80:00401DA0 3BC3 cmp eax, ebx (这里有点可疑,在这里下
段点(我也不知是什么和什么比较:P)):00401DA2 7408 je 00401DAC:00401DA4 50 push eax:00401DA5 8BCE mov ecx, esi:00401DA7 E8D4080000 call 00402680* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:00401DA2(C):00401DAC 8B8688000000 mov eax, dword ptr [esi+00000088]:00401DB2 8B8EDC000000 mov ecx, dword ptr [esi+000000DC]:00401DB8 8B3F mov edi, dword ptr [edi]:00401DBA 8B6D00 mov ebp, dword ptr [ebp+00]:00401DBD 89442424 mov dword ptr [esp+24], eax:00401DC1 8B86D8000000 mov eax, dword ptr [esi+000000D8]:00401DC7 89442420 mov dword ptr [esp+20], eax:00401DCB 8B86CC000000 mov eax, dword ptr [esi+000000CC]:00401DD1 8D542418 lea edx, dword ptr [esp+18]:00401DD5 894C242C mov dword ptr [esp+2C], ecx:00401DD9 52 push edx:00401DDA 8BCE mov ecx, esi:00401DDC 897C241C mov dword ptr [esp+1C], edi:00401DE0 896C2420 mov dword ptr [esp+20], ebp:00401DE4 8944242C mov dword ptr [esp+2C], eax:00401DE8 E8230C0000 call 00402A10:00401DED 8D4C2410 lea ecx, dword ptr [esp+10]:00401DF1 885C2438 mov byte ptr [esp+38], bl* Reference To: MFC42.Ordinal:0320, Ord:0320h:00401DF5 E8E62F0000 Call 00404DE0:00401DFA 8D4C2414 lea ecx, dword ptr [esp+14]:00401DFE C7442438FFFFFFFF mov [esp+38], FFFFFFFF* Reference To: MFC42.Ordinal:0320, Ord:0320h:00401E06 E8D52F0000 Call 00404DE0:00401E0B 5D pop ebp:00401E0C 5F pop edi:00401E0D 5E pop esi:00401E0E 5B pop ebx:00401E0F 8B4C2420 mov ecx, dword ptr [esp+20]:00401E13 64890D00000000 mov dword ptr fs:[00000000], ecx:00401E1A 83C42C add esp, 0000002C:00401E1D C3 ret* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:00401CC4(C):00401E1E 53 push ebx:00401E1F 53 push ebx* Possible StringData Ref from Data Obj ->"请输入正确的帐号!" (在这向
上看,看能不能找到什么有用的东西):00401E20 68B8804000 push 004080B8
2、用ollydbg1.07打开Dialup.exe,在00401DA0 下断点。按F9运行,输入你的帐
号民,密码,再按F9运行,程序中断,可以看到你想要的东西了:P如:帐号:77711111111111111111 密码:7805256035511111解出来就是:帐号:111111111@163 密码:12351701 用windows
3、总结 我见过很多包月卡,每种专用拨号器都不尽相同,关键是找出程序处理我们
输入的帐号,密码的开始。用ollydbg1.07等慢慢跟,成功总是属于我们的。