主要代码//异常捕捉DWORDNTAPIExceptionHandler(EXCEPTION_POINTERS*ExceptionInfo){if((DWORD)ExceptionInfo->ExceptionRecord->ExceptionAddress==0x00401053){ExceptionInfo->ContextRecord->Eip+=6;//已经处理了异常,不需要再调用下一个异常处理来处理此异常returnEXCEPTION_CONTINUE_EXECUTION;}//调用下一个处理器returnEXCEPTION_CONTINUE_SEARCH;}voidSetHwBreakPoint(){CONTEXTctx;ctx.ContextFlags=CONTEXT_ALL;GetThreadContext(GetCurrentThread(),&ctx);ctx.Dr7=0x1;ctx.Dr0=0x00401053;SetThreadContext(GetCurrentThread(),&ctx);GetThreadContext(GetCurrentThread(),&ctx);}//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////入口函数BOOLWINAPIDllMain(HMODULEhModule,DWORDdwReason,PVOIDpvReserved){if(dwReason==DLL_PROCESS_ATTACH){//注册全局异常AddVectoredExceptionHandler(1,(PVECTORED_EXCEPTION_HANDLER)ExceptionHandler);SetHwBreakPoint();returnLoad();}elseif(dwReason==DLL_PROCESS_DETACH){Free();}returnTRUE;}////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
直接拖入od按ALT+M,搜索FF55FC5F5E895DF4(这个是易语言按钮事件特征码)CTRL+G转到0041B00D4D、运行程序、下断点,输入错误的注册码F8跟进发现正确密码。EAX00000001ECX00030002EDX00030001EBX04DA7BF0ASCII"19489543632"ESP0018F5F0EBP0018F61CESI04DA7BE1EDI04DA7C60EIP0041AFD0测试1.0041AFD0C0ES002B32位0(FFFFFFFF)P1CS002332位0(FFFFFFFF)A0SS002B32位0(FFFFFFFF)Z0DS002B32位0(FFFFFFFF)S0FS005332位7EFDD000(FFF)T0GS002B32位0(FFFFFFFF)D0O0LastErrERROR_SUCCESS(00000000)EFL00000206(NO,NB,NE,A,NS,PE,GE,G)ST0empty0.0ST1empty0.0ST2empty0.0ST3empty0.0ST4empty0.0ST5empty0.0ST6empty4.0000000000000000000ST7empty-1.00000000000000000003210ESPUOZDIFST4000Cond1000Err00000000(EQ)FCW037FPrecNEAR,64掩码111111