‹‹ 上一主题 | 下一主题 ››
发新话题
打印

ruijie 锐捷Supplicant

枯の灵

枯の灵

管理员

Rank: 21Rank: 21Rank: 21

枯の灵
1# 发表于 2007-4-13 22:40  只看该作者

ruijie 锐捷Supplicant

Supplicant for Vista V3.05
复制内容到剪贴板
代码:
http://www.ruijie.com.cn/service/Portals/0/software/Application/Supplicant%20for%20Vista%20V3.05.rar
Supplicant for XP V3.02
复制内容到剪贴板
代码:
http://www.ruijie.com.cn/service/Portals/0/software/Application/Supplicant%20for%20XP%20V3.02.rar
Supplicant For Linux V1.1.1
复制内容到剪贴板
代码:
http://www.ruijie.com.cn/service/Portals/0/software/qtcp/Supplicant%20For%20Linux%20V1.1.1.rar
引用:

附上 Ruijie 的专有附加数据包(所有的数据在标准802.1x的数据后面加)

static byte RuijieExtra[144] = {        //Ruijie OEM Extra (V2.56)  by soar
        ////////////////////////////////////////////////////////////////////////////
        //
        // OEM Extra
        // 0 --> 22
        0x00,0x00,0x13,0x11,            // Encode( 0x00,0x00,0x13,0x11 )   Ruijie OEM Mark
        0x01,                           // Encode( 0x01/00  EnableDHCP flag )
        0x00,0x00,0x00,0x00,            // Encode( IP )
        0x00,0x00,0x00,0x00,            // Encode( SubNetMask )
        0x00,0x00,0x00,0x00,            // Encode( NetGate )
        0x00,0x00,0x00,0x00,            // Encode( DNS )
        0x00,0x00,                      // Checksum( )
        // 23 --> 58
        0x00,0x00,0x13,0x11,0x38,0x30,0x32,0x31,0x78,0x2E,0x65,0x78,0x65,0x00,0x00,0x00,    // ASCII 8021x.exe
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    //
        0x00,0x00,0x00,0x00,
        // 59 --> 77
        0x02,0x32,0x00,0x00,            // 8021x.exe File Version (2.5.00)
        0x00,                           // unknow flag
        0x00,0x00,0x13,0x11,0x00,0x28,0x1A,0x28,0x00,0x00,0x13,0x11,0x17,0x22,              // Const strings
        // 78 --> 118
        0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,    // 32bits spc. Random strings
        0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,    // 32bits spc. Random strings
        0x00,0x00,0x13,0x11,0x18,0x06,0x00,0x00,0x00,                                       // Const strings
        // 119
        0x00,                           // DHCP and first time flag
        // V2.56 (and upper?) added
        // 120 -->
        0x1A,0x0E,0x00,0x00,0x13,0x11,0x2D,0x08,                                            // Const strings
        // 128 --> 141
        0x00,0x00,0x00,0x00,0x00,0x00,                                                      // True NIC MAC
        0x1A,0x08,0x00,0x00,0x13,0x11,0x2F,0x02                                             // Const strings
   };
引用:

// 核心代码片段,某些全局变量在 *.h 中定义。。。。
//
//
///////////////////////////////////////////////////////////////////
//
//
// Ruijie 8021x.exe 客户端验证及其完整性验证(V2.45 以后版本?)
//
// 有些变态用了 8 次 MD5 算法检校 0x00401000h --> 0x00421000h 程序段
// (每段长0x4000h),每分段前加入了服务器返回的 MD5 串,最后得到的
// 8组 MD5 Hash 再和服务器返回的 MD5 串做运算生成 0x90h 的表 TableC
// 再作一次 MD5 运算。
//
//////////////////////////////////////////////////////////////////
//
//  严正声明:
//      本算法仅供学习和研究 8021x 认证客户端程序之用,
//      严禁他用,其他用途产生的后果本人一概不以负责 !
//
//                                         -- by soar @ 2006/07/01
//////////////////////////////////////////////////////////////////
//
//
//产生特殊随机字符串
CString CMentoSupplicantDlg::Randstr(bool flag)
{
CString strFormat,strRandom;
int a,b,c,d,e;
unsigned t;
strFormat="%X%X%X%X%X%X9884773d9f46acafd7839eb38789088ac9534";
if (flag){strFormat="%X%X%X%X%X%X388498639f49ebaca773dfd78789088ac9534";}
t=time(NULL);
srand(t);
a=rand();
b=rand();
c=rand();
d=rand();
e=rand();
strRandom.Format(strFormat,a,b,c,d,e,t);
return strRandom;
}
//验证算法
void CMentoSupplicantDlg::Clog()
{
int i,j=0;
int nLength = 0;     //number of bytes read from the file
const int nBufferSize = 0x4000;  //checksum the file in blocks of 4096 bytes
BYTE Buffer1[nBufferSize];   //buffer for data read from the file
BYTE Buffer2[nBufferSize+16];  //buffer for data to MD5 Checksum
BYTE md5rev[16];                 //buffer for receive MD5 from the Server
BYTE *md5Dig1,*md5Dig2;
ULONGLONG lActual;
static byte TableC[]={
  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
// Authentication Server MD5 Hash
for (i=0;i<16;i++)
    md5rev=bMD5Source[24+i];
// Tranform to TableC
TableC[0]=md5rev[0];
for (i=1;i<8;i++){
     TableC[i*18-1]=md5rev[i*2-1];
     TableC[i*18]=md5rev[i*2];}
TableC[143]=md5rev[15];      
// Check 8021x.exe, Exist ?
if (CFile::GetStatus(strRJFileN,FileStatus)==FALSE){
    //PrintOutput(" >> 无法找到“8021x.exe”!!!");
    //PrintOutput("    请复制到本程序目录下,");
    //PrintOutput("    否则无法生成Ruijie客户端信息。");
    //return a 32 bits Random string
    strMD5Hash=Randstr(false);
    return;
}
// Open the 8021.exe for reading.
CFile File(strRJFileN, CFile::modeRead | CFile::shareDenyWrite | CFile::typeBinary);
try
{
  //checksum the file in blocks of 4096 bytes
        lActual=File.Seek (0x1000,CFile::begin);
  while ((nLength = File.Read( Buffer1, nBufferSize )) > 0 && j<8)
  {
   
        for (i=0;i<16;i++){
            Buffer2=md5rev;}
        for (i=0;i<nBufferSize;i++){
            Buffer2[i+16]=Buffer1;}
            
         //Return each block MD5 Hash
         md5Dig1=ComputeHash(Buffer2,nBufferSize+16);
            
         for (i=0;i<16;i++){
                TableC[18*j+i+1]=md5Dig1;}
         j++;
  }//end of while
       // PrintOutput( "MD5_1to8_Done!");
        md5Check=ComputeHash(TableC,144);
        
        //not the best work....
        CString strTemp,strFormat;
        strMD5Hash="";
        for (i=0;i<16;i++){
            if (md5Check) {//if outside
                if (md5Check>0x0f){
                    strFormat="%x";}
                else{
                    strFormat="0%x";}
                strTemp.Format(strFormat,md5Check);
                strMD5Hash=strMD5Hash+strTemp;}
            else{//if outside
                strMD5Hash=strMD5Hash+"00";}//end of if outside
            
         }//end of for
         PrintOutput(" >> Ruijie “8021x.exe” 验证 MD5: ");
         PrintOutput("    "+strMD5Hash);   
  return;
}//end of try
   //catche Exception error for debug only
catch (CFileException* e )
{
        #ifdef _DEBUG
            afxDump << "File could not be opened " << e->m_cause << "\n";
        #endif
  throw e;
}//end of catch
}//end of fuction
//////////////////      have fan    ////////////////////
附件: 您所在的用户组无法下载或查看附件

搜索更多相关主题的帖子: ruijie Supplicant Ruijie 数据 Vista ruijie


TOP

枯の灵

枯の灵

管理员

Rank: 21Rank: 21Rank: 21

枯の灵
2# 发表于 2007-4-13 22:44  只看该作者
复制内容到剪贴板
代码:
锐捷网络RedGaint_Supplicant_802.1x 客户端应用软件2.45_0_0测试版破解手记

///////////////////////// -原文件信息- //////////////////////////////
//
// For锐捷网络RedGaint_Supplicant_802.1x 客户端应用软件2.45_0_0测试版
//
// 8021x.exe (V 2.45 beta) applanation Creat by GFWangY?
//
// CRC:6B2D31D0
// 大小:200 KB
// 最后修改:2004年11月30日, 17:14:10
// 原始文件名:Supplicant.EXE
//
// “//”后为附加的注解。
//
// 破解使用工具软件:
// OllyDbg V1.0.10.0
// W32Dasm for Windows V1.0.0.0
//
// 21:24 2005-5-10 更新
//
////////////////////////////////--Section 1 Start-- /////////////////////////////////////
//代理服务器等检测
//
00407E3D 90 NOP
00407E3E 90 NOP
00407E3F 90 NOP
00407E40 . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
00407E46 . 6A FF PUSH -1
00407E48 . 68 F0D44100 PUSH 8021x.0041D4F0
00407E4D . 50 PUSH EAX
00407E4E . 64:8925 00000000 MOV DWORD PTR FS:[0],ESP
00407E55 . 83EC 08 SUB ESP,8
00407E58 . 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18]
00407E5C . 53 PUSH EBX
00407E5D . 56 PUSH ESI
00407E5E . 8BF1 MOV ESI,ECX
00407E60 . 57 PUSH EDI
00407E61 . 3B86 0C0D0000 CMP EAX,DWORD PTR DS:[ESI+D0C]
00407E67 . 74 19 JE SHORT 8021x.00407E82
00407E69 . B8 01000000 MOV EAX,1
00407E6E . 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
00407E72 . 64:890D 00000000 MOV DWORD PTR FS:[0],ECX
00407E79 . 5F POP EDI
00407E7A . 5E POP ESI
00407E7B . 5B POP EBX
00407E7C . 83C4 14 ADD ESP,14
00407E7F . C2 0800 RETN 8
00407E82 > 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24]
00407E86 . E8 35460100 CALL <JMP.&MFC42.#540_??0CString@@QAE@XZ>
00407E8B . 33FF XOR EDI,EDI
00407E8D . 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
00407E91 . 897C24 1C MOV DWORD PTR SS:[ESP+1C],EDI
00407E95 . E8 26460100 CALL <JMP.&MFC42.#540_??0CString@@QAE@XZ>
00407E9A . 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+28]
00407E9E . BB 01000000 MOV EBX,1
00407EA3 . 83F8 05 CMP EAX,5
00407EA6 . 885C24 1C MOV BYTE PTR SS:[ESP+1C],BL
00407EAA . 0F85 B8000000 JNZ 8021x.00407F68
00407EB0 . 53 PUSH EBX
00407EB1 . 50 PUSH EAX
00407EB2 . 8BCE MOV ECX,ESI
00407EB4 . E8 67030000 CALL 8021x.00408220
00407EB9 . 8B8E 80010000 MOV ECX,DWORD PTR DS:[ESI+180]
00407EBF . 3BCF CMP ECX,EDI
00407EC1 . 74 05 JE SHORT 8021x.00407EC8
00407EC3 . E8 38E3FFFF CALL 8021x.00406200
00407EC8 > 6A 05 PUSH 5
00407ECA . B9 78894200 MOV ECX,8021x.00428978
00407ECF . 89BE 80010000 MOV DWORD PTR DS:[ESI+180],EDI
00407ED5 . E8 74450100 CALL <JMP.&MFC42.#3346_?GetMainWnd@CWinThread@@UAEPAV>
00407EDA . 8BC8 MOV ECX,EAX
00407EDC . E8 E7460100 CALL <JMP.&MFC42.#6215_?ShowWindow@CWnd@@QAEHH@Z>
00407EE1 . B9 78894200 MOV ECX,8021x.00428978
00407EE6 . E8 63450100 CALL <JMP.&MFC42.#3346_?GetMainWnd@CWinThread@@UAEPAV>
00407EEB . 8B48 20 MOV ECX,DWORD PTR DS:[EAX+20]
00407EEE . 51 PUSH ECX ; /hWnd
00407EEF . FF15 E4054200 CALL NEAR DWORD PTR DS:[<&USER32.BringWindowToTop>] ; \BringWindowToTop
00407EF5 . 8D5424 28 LEA EDX,DWORD PTR SS:[ESP+28]
00407EF9 . 6A 06 PUSH 6 ; //目前系统工作环境与软件运行

环境相冲突,软件不能正常运行!
00407EFB . 52 PUSH EDX
00407EFC . E8 DFC2FFFF CALL 8021x.004041E0
00407F01 . 8BC8 MOV ECX,EAX
00407F03 . E8 68C3FFFF CALL 8021x.00404270
00407F08 . 50 PUSH EAX
00407F09 . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
00407F0D . C64424 20 02 MOV BYTE PTR SS:[ESP+20],2
00407F12 . E8 D9450100 CALL <JMP.&MFC42.#858_??4CString@@QAEABV0@ABV0@@Z>
00407F17 . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
00407F1B . 885C24 1C MOV BYTE PTR SS:[ESP+1C],BL
00407F1F . E8 90450100 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
00407F24 . 6A 05 PUSH 5 ; //您采用了拨号网络连接,和服

务器要求的不符合
00407F26 . 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+10]
00407F2A . 68 58744200 PUSH 8021x.00427458 ; ASCII "(Code:%d)"
00407F2F . 50 PUSH EAX
00407F30 . E8 D9450100 CALL <JMP.&MFC42.#2818_?Format@CString@@QAAXPBDZZ>
00407F35 . 83C4 0C ADD ESP,0C
00407F38 . 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
00407F3C . 8D5424 24 LEA EDX,DWORD PTR SS:[ESP+24]
00407F40 . 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+28]
00407F44 . 51 PUSH ECX
00407F45 . 52 PUSH EDX
00407F46 . 50 PUSH EAX
00407F47 . E8 E0450100 CALL <JMP.&MFC42.#922_??H@YG?AVCString@@ABV0@0@Z>
00407F4C . 50 PUSH EAX
00407F4D . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
00407F51 . C64424 20 03 MOV BYTE PTR SS:[ESP+20],3
00407F56 . E8 95450100 CALL <JMP.&MFC42.#858_??4CString@@QAEABV0@ABV0@@Z>
00407F5B . 885C24 1C MOV BYTE PTR SS:[ESP+1C],BL
00407F5F . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
00407F63 . E9 74010000 JMP 8021x.004080DC
00407F68 > 83F8 04 CMP EAX,4
00407F6B . 53 PUSH EBX
00407F6C E9 B9000000 JMP 8021x.0040802A
0040802A
00407F71 006A 04 ADD BYTE PTR DS:[EDX+4],CH
00407F74 8BCE MOV ECX,ESI
00407F76 E8 A5020000 CALL 8021x.00408220
00407F7B . 8B8E 80010000 MOV ECX,DWORD PTR DS:[ESI+180]
00407F81 . 3BCF CMP ECX,EDI
00407F83 . 74 05 JE SHORT 8021x.00407F8A
00407F85 . E8 76E2FFFF CALL 8021x.00406200
00407F8A > 6A 05 PUSH 5
00407F8C . B9 78894200 MOV ECX,8021x.00428978
00407F91 . 89BE 80010000 MOV DWORD PTR DS:[ESI+180],EDI
00407F97 . E8 B2440100 CALL <JMP.&MFC42.#3346_?GetMainWnd@CWinThread@@UAEPAV>
00407F9C . 8BC8 MOV ECX,EAX
00407F9E . E8 25460100 CALL <JMP.&MFC42.#6215_?ShowWindow@CWnd@@QAEHH@Z>
00407FA3 . B9 78894200 MOV ECX,8021x.00428978
00407FA8 . E8 A1440100 CALL <JMP.&MFC42.#3346_?GetMainWnd@CWinThread@@UAEPAV>
00407FAD . 8B48 20 MOV ECX,DWORD PTR DS:[EAX+20]
00407FB0 . 51 PUSH ECX ; /hWnd
00407FB1 . FF15 E4054200 CALL NEAR DWORD PTR DS:[<&USER32.BringWindowToTop>] ; \BringWindowToTop
00407FB7 . 8D5424 28 LEA EDX,DWORD PTR SS:[ESP+28]
00407FBB . 6A 06 PUSH 6 ; //目前系统工作环境与软件运行

环境相冲突,软件不能正常运行!
00407FBD . 52 PUSH EDX
00407FBE . E8 1DC2FFFF CALL 8021x.004041E0
00407FC3 . 8BC8 MOV ECX,EAX
00407FC5 . E8 A6C2FFFF CALL 8021x.00404270
00407FCA . 50 PUSH EAX
00407FCB . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
00407FCF . C64424 20 04 MOV BYTE PTR SS:[ESP+20],4
00407FD4 . E8 17450100 CALL <JMP.&MFC42.#858_??4CString@@QAEABV0@ABV0@@Z>
00407FD9 . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
00407FDD . 885C24 1C MOV BYTE PTR SS:[ESP+1C],BL
00407FE1 . E8 CE440100 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
00407FE6 . 6A 04 PUSH 4 ; //您安装了代理服务器,和服务

器要求的不符合
00407FE8 . 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+10]
00407FEC . 68 58744200 PUSH 8021x.00427458 ; ASCII "(Code:%d)"
00407FF1 . 50 PUSH EAX
00407FF2 . E8 17450100 CALL <JMP.&MFC42.#2818_?Format@CString@@QAAXPBDZZ>
00407FF7 . 83C4 0C ADD ESP,0C
00407FFA . 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
00407FFE . 8D5424 24 LEA EDX,DWORD PTR SS:[ESP+24]
00408002 . 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+28]
00408006 . 51 PUSH ECX
00408007 . 52 PUSH EDX
00408008 . 50 PUSH EAX
00408009 . E8 1E450100 CALL <JMP.&MFC42.#922_??H@YG?AVCString@@ABV0@0@Z>
0040800E . 50 PUSH EAX
0040800F . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
00408013 . C64424 20 05 MOV BYTE PTR SS:[ESP+20],5
00408018 . E8 D3440100 CALL <JMP.&MFC42.#858_??4CString@@QAEABV0@ABV0@@Z>
0040801D . 885C24 1C MOV BYTE PTR SS:[ESP+1C],BL
00408021 . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
00408025 . E9 B2000000 JMP 8021x.004080DC
0040802A > 6A 06 PUSH 6 ; //目前系统工作环境与软件运行

环境相冲突,软件不能正常运行!
0040802C . 8BCE MOV ECX,ESI
0040802E . E8 ED010000 CALL 8021x.00408220
00408033 . 8B8E 80010000 MOV ECX,DWORD PTR DS:[ESI+180]

00408039 . 3BCF CMP ECX,EDI
0040803B . 74 05 JE SHORT 8021x.00408042
0040803D . E8 BEE1FFFF CALL 8021x.00406200
00408042 > 6A 05 PUSH 5
00408044 . B9 78894200 MOV ECX,8021x.00428978
00408049 . 89BE 80010000 MOV DWORD PTR DS:[ESI+180],EDI
0040804F . E8 FA430100 CALL <JMP.&MFC42.#3346_?GetMainWnd@CWinThread@@UAEPAV>
00408054 . 8BC8 MOV ECX,EAX
00408056 . E8 6D450100 CALL <JMP.&MFC42.#6215_?ShowWindow@CWnd@@QAEHH@Z>
0040805B . B9 78894200 MOV ECX,8021x.00428978
00408060 . E8 E9430100 CALL <JMP.&MFC42.#3346_?GetMainWnd@CWinThread@@UAEPAV>
00408065 . 8B48 20 MOV ECX,DWORD PTR DS:[EAX+20]
00408068 . 51 PUSH ECX ; /hWnd
00408069 . FF15 E4054200 CALL NEAR DWORD PTR DS:[<&USER32.BringWindowToTop>] ; \BringWindowToTop
0040806F . 8D5424 28 LEA EDX,DWORD PTR SS:[ESP+28]
00408073 . 53 PUSH EBX
00408074 . 52 PUSH EDX
00408075 . E8 66C1FFFF CALL 8021x.004041E0
0040807A . 8BC8 MOV ECX,EAX
0040807C . E8 EFC1FFFF CALL 8021x.00404270
00408081 . 50 PUSH EAX
00408082 . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
00408086 . C64424 20 06 MOV BYTE PTR SS:[ESP+20],6
0040808B . E8 60440100 CALL <JMP.&MFC42.#858_??4CString@@QAEABV0@ABV0@@Z>
00408090 . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
00408094 . 885C24 1C MOV BYTE PTR SS:[ESP+1C],BL
00408098 . E8 17440100 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
0040809D . 6A 05 PUSH 5 ; //您采用了拨号网络连接,和服

务器要求的不符合
0040809F . 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+10]
004080A3 . 68 58744200 PUSH 8021x.00427458 ; ASCII "(Code:%d)"
004080A8 . 50 PUSH EAX
004080A9 . E8 60440100 CALL <JMP.&MFC42.#2818_?Format@CString@@QAAXPBDZZ>
004080AE . 83C4 0C ADD ESP,0C
004080B1 . 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
004080B5 . 8D5424 24 LEA EDX,DWORD PTR SS:[ESP+24]
004080B9 . 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+28]
004080BD . 51 PUSH ECX
004080BE . 52 PUSH EDX
004080BF . 50 PUSH EAX
004080C0 . E8 67440100 CALL <JMP.&MFC42.#922_??H@YG?AVCString@@ABV0@0@Z>
004080C5 . 50 PUSH EAX
004080C6 . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
004080CA . C64424 20 07 MOV BYTE PTR SS:[ESP+20],7
004080CF . E8 1C440100 CALL <JMP.&MFC42.#858_??4CString@@QAEABV0@ABV0@@Z>
004080D4 . 885C24 1C MOV BYTE PTR SS:[ESP+1C],BL
004080D8 . 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+28]
004080DC > E8 D3430100 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
004080E1 . 8B3D 60004200 MOV EDI,DWORD PTR DS:[<&KERNEL32.Sleep>] ; kernel32.Sleep
004080E7 . 68 E8030000 PUSH 3E8 ; /Timeout = 1000. ms
004080EC . FFD7 CALL NEAR EDI ; \Sleep
004080EE . 68 DC050000 PUSH 5DC ; /Timeout = 1500. ms
004080F3 . FFD7 CALL NEAR EDI ; \Sleep
004080F5 . 68 4C040000 PUSH 44C ; /Timeout = 1100. ms
004080FA . FFD7 CALL NEAR EDI ; \Sleep
004080FC . 68 DB040000 PUSH 4DB ; /Timeout = 1243. ms
00408101 . FFD7 CALL NEAR EDI ; \Sleep
00408103 . 51 PUSH ECX
00408104 . 8D5424 28 LEA EDX,DWORD PTR SS:[ESP+28]
00408108 . 8BCC MOV ECX,ESP
0040810A . 896424 14 MOV DWORD PTR SS:[ESP+14],ESP
0040810E . 52 PUSH EDX
0040810F . E8 8E430100 CALL <JMP.&MFC42.#535_??0CString@@QAE@ABV0@@Z>
00408114 . 8BCE MOV ECX,ESI
00408116 . E8 15100000 CALL 8021x.00409130
0040811B . 8B86 0C0D0000 MOV EAX,DWORD PTR DS:[ESI+D0C]
00408121 . 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
00408125 . 40 INC EAX
00408126 . C64424 1C 00 MOV BYTE PTR SS:[ESP+1C],0
0040812B . 8986 0C0D0000 MOV DWORD PTR DS:[ESI+D0C],EAX
00408131 . E8 7E430100 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
00408136 . 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24]
0040813A . C74424 1C FFFFFFFF MOV DWORD PTR SS:[ESP+1C],-1
00408142 . E8 6D430100 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
00408147 . 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
0040814B . 5F POP EDI
0040814C . 5E POP ESI
0040814D . 33C0 XOR EAX,EAX
0040814F . 64:890D 00000000 MOV DWORD PTR FS:[0],ECX
00408156 . 5B POP EBX
00408157 . 83C4 14 ADD ESP,14
0040815A . C2 0800 RETN 8
0040815D 90 NOP
0040815E 90 NOP
0040815F 90 NOP
00408160 . 8B4424 08 MOV EAX,DWORD PTR SS:[ESP+8]
00408164 . 8B5424 04 MOV EDX,DWORD PTR SS:[ESP+4]
00408168 . 50 PUSH EAX ; /lParam
00408169 . 8B81 14060000 MOV EAX,DWORD PTR DS:[ECX+614] ; |
0040816F . 52 PUSH EDX ; |wParam
00408170 . 68 7C040000 PUSH 47C ; |Message = MSG(47C)
00408175 . 8B48 30 MOV ECX,DWORD PTR DS:[EAX+30] ; |
00408178 . 51 PUSH ECX ; |ThreadId
00408179 . FF15 34064200 CALL NEAR DWORD PTR DS:[<&USER32.PostThreadMessageA>] ; \PostThreadMessageA
0040817F . C2 0800 RETN 8
00408182 90 NOP
00408183 90 NOP
00408184 90 NOP
//
////////////////////////////////--Section 1 End-- /////////////////////////////////////


////////////////////////////////--Section 2 Start-- /////////////////////////////////////
//多块网卡检测
00408E10 /$ 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
00408E16 |. 6A FF PUSH -1
00408E18 |. 68 B8D64100 PUSH 8021x.0041D6B8
00408E1D |. 50 PUSH EAX
00408E1E |. 64:8925 00000000 MOV DWORD PTR FS:[0],ESP
00408E25 |. 83EC 18 SUB ESP,18
00408E28 |. 53 PUSH EBX
00408E29 |. 56 PUSH ESI
00408E2A |. 8BF1 MOV ESI,ECX
00408E2C |. 33DB XOR EBX,EBX
00408E2E |. 399E F4020000 CMP DWORD PTR DS:[ESI+2F4],EBX
00408E34 |. 0F85 36010000 JNZ 8021x.00408F70
00408E3A |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
00408E3E |. E8 7D360100 CALL <JMP.&MFC42.#540_??0CString@@QAE@XZ>
00408E43 |. 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10]
00408E47 |. 895C24 28 MOV DWORD PTR SS:[ESP+28],EBX
00408E4B |. E8 70360100 CALL <JMP.&MFC42.#540_??0CString@@QAE@XZ>
00408E50 |. C64424 28 01 MOV BYTE PTR SS:[ESP+28],1
00408E55 |. E8 06CF0000 CALL 8021x.00415D60 ; ///核心判断,通过检测本机的IP地址数判断启用的网络接口数,子程序附后
00408E5A |. 85C0 TEST EAX,EAX
00408E5C |. 0F84 F0000000 JE 8021x.00408F52
00408E62 |. 6A 01 PUSH 1
00408E64 |. 6A 02 PUSH 2
00408E66 |. 8BCE MOV ECX,ESI
00408E68 |. C705 1C974200 75040000 MOV DWORD PTR DS:[42971C],475
00408E72 |. E8 A9F3FFFF CALL 8021x.00408220
00408E77 |. 8B8E 80010000 MOV ECX,DWORD PTR DS:[ESI+180]
00408E7D |. 3BCB CMP ECX,EBX
00408E7F |. 74 05 JE SHORT 8021x.00408E86
00408E81 |. E8 7AD3FFFF CALL 8021x.00406200
00408E86 |> 6A 05 PUSH 5
00408E88 |. B9 78894200 MOV ECX,8021x.00428978
00408E8D |. 899E 80010000 MOV DWORD PTR DS:[ESI+180],EBX
00408E93 |. E8 B6350100 CALL <JMP.&MFC42.#3346_?GetMainWnd@CWinThread@@UAEPAVCWnd@@>
00408E98 |. 8BC8 MOV ECX,EAX
00408E9A |. E8 29370100 CALL <JMP.&MFC42.#6215_?ShowWindow@CWnd@@QAEHH@Z>
00408E9F |. B9 78894200 MOV ECX,8021x.00428978
00408EA4 |. E8 A5350100 CALL <JMP.&MFC42.#3346_?GetMainWnd@CWinThread@@UAEPAVCWnd@@>
00408EA9 |. 8B40 20 MOV EAX,DWORD PTR DS:[EAX+20]
00408EAC |. 50 PUSH EAX ; /hWnd
00408EAD |. FF15 E4054200 CALL NEAR DWORD PTR DS:[<&USER32.BringWindowToTop>] ; \BringWindowToTop
00408EB3 |. 8D4C24 08 LEA ECX,DWORD PTR SS:[ESP+8]
00408EB7 |. 6A 06 PUSH 6 ; //目前系统工作环境与软件运行环境相冲突,软件不能正常运行!
00408EB9 |. 51 PUSH ECX
00408EBA |. E8 21B3FFFF CALL 8021x.004041E0
00408EBF |. 8BC8 MOV ECX,EAX
00408EC1 |. E8 AAB3FFFF CALL 8021x.00404270
00408EC6 |. 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
00408ECA |. C64424 28 02 MOV BYTE PTR SS:[ESP+28],2
00408ECF |. E8 EC350100 CALL <JMP.&MFC42.#540_??0CString@@QAE@XZ>
00408ED4 |. 6A 02 PUSH 2 ; ////您安装了多块网卡,和服务器要求的不符合
00408ED6 |. 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+10]
00408EDA |. 68 58744200 PUSH 8021x.00427458 ; ASCII "(Code:%d)"
00408EDF |. 52 PUSH EDX
00408EE0 |. C64424 34 03 MOV BYTE PTR SS:[ESP+34],3
00408EE5 |. E8 24360100 CALL <JMP.&MFC42.#2818_?Format@CString@@QAAXPBDZZ>
00408EEA |. 83C4 0C ADD ESP,0C
00408EED |. 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+C]
00408EF1 |. 8D4C24 08 LEA ECX,DWORD PTR SS:[ESP+8]
00408EF5 |. 8D5424 18 LEA EDX,DWORD PTR SS:[ESP+18]
00408EF9 |. 50 PUSH EAX
00408EFA |. 51 PUSH ECX
00408EFB |. 52 PUSH EDX
00408EFC |. E8 2B360100 CALL <JMP.&MFC42.#922_??H@YG?AVCString@@ABV0@0@Z>
00408F01 |. 50 PUSH EAX
00408F02 |. 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
00408F06 |. C64424 2C 04 MOV BYTE PTR SS:[ESP+2C],4
00408F0B |. E8 E0350100 CALL <JMP.&MFC42.#858_??4CString@@QAEABV0@ABV0@@Z>
00408F10 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
00408F14 |. C64424 28 03 MOV BYTE PTR SS:[ESP+28],3
00408F19 |. E8 96350100 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
00408F1E |. 51 PUSH ECX
00408F1F |. 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+C]
00408F23 |. 8BCC MOV ECX,ESP
00408F25 |. 896424 20 MOV DWORD PTR SS:[ESP+20],ESP
00408F29 |. 50 PUSH EAX
00408F2A |. E8 73350100 CALL <JMP.&MFC42.#535_??0CString@@QAE@ABV0@@Z>
00408F2F |. 8BCE MOV ECX,ESI
00408F31 |. E8 FA010000 CALL 8021x.00409130
00408F36 |. 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
00408F3A |. C64424 28 02 MOV BYTE PTR SS:[ESP+28],2
00408F3F |. E8 70350100 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
00408F44 |. 8D4C24 08 LEA ECX,DWORD PTR SS:[ESP+8]
00408F48 |. C64424 28 01 MOV BYTE PTR SS:[ESP+28],1
00408F4D |. E8 62350100 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
00408F52 |> 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10]
00408F56 |. 885C24 28 MOV BYTE PTR SS:[ESP+28],BL
00408F5A |. E8 55350100 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
00408F5F |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
00408F63 |. C74424 28 FFFFFFFF MOV DWORD PTR SS:[ESP+28],-1
00408F6B |. E8 44350100 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
00408F70 |> 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+20]
00408F74 |. 5E POP ESI
00408F75 |. 64:890D 00000000 MOV DWORD PTR FS:[0],ECX
00408F7C |. 5B POP EBX
00408F7D |. 83C4 24 ADD ESP,24
00408F80 \. C3 RETN

////////////////////////////////--Section 3 Start-- /////////////////////////////////////
//
004172DD 90 NOP
004172DE 90 NOP
004172DF 90 NOP
004172E0 . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
004172E6 . 6A FF PUSH -1
004172E8 . 68 A0E84100 PUSH 8021x.0041E8A0
004172ED . 50 PUSH EAX
004172EE . 64:8925 00000>MOV DWORD PTR FS:[0],ESP
004172F5 . 83EC 08 SUB ESP,8
004172F8 . 56 PUSH ESI
004172F9 . 8BF1 MOV ESI,ECX
004172FB . 6A 01 PUSH 1
004172FD . E8 C0520000 CALL <JMP.&MFC42.#6334_?UpdateData@CWnd@@QAEHH@Z>
00417302 . 6A 00 PUSH 0
00417304 . 8BCE MOV ECX,ESI
00417306 . E8 E5540000 CALL <JMP.&MFC42.#6028_?SetModified@CPropertyPage@@QAEXH@Z>
0041730B . 8B86 10010000 MOV EAX,DWORD PTR DS:[ESI+110]
00417311 . 8B40 F8 MOV EAX,DWORD PTR DS:[EAX-8]
00417314 . 85C0 TEST EAX,EAX
00417316 . 0F8E 24010000 JLE 8021x.00417440
0041731C . 83F8 3F CMP EAX,3F
0041731F . 0F8F 1B010000 JG 8021x.00417440
00417325 . 8B8E 14010000 MOV ECX,DWORD PTR DS:[ESI+114]
0041732B . 8B41 F8 MOV EAX,DWORD PTR DS:[ECX-8]
0041732E . 85C0 TEST EAX,EAX
00417330 . 0F8E D0000000 JLE 8021x.00417406
00417336 . 83F8 3F CMP EAX,3F
00417339 . 0F8F C7000000 JG 8021x.00417406
0041733F 83BE 28010000>CMP DWORD PTR DS:[ESI+128],5 ; //时间间隔是否小于5分钟?
00417346 . 73 3D JNB SHORT 8021x.00417385
00417348 . 8D5424 04 LEA EDX,DWORD PTR SS:[ESP+4]
0041734C . 6A 11 PUSH 11 ; //时间间隔不小于5分钟
0041734E . 52 PUSH EDX
0041734F . E8 8CCEFEFF CALL 8021x.004041E0
00417354 . 8BC8 MOV ECX,EAX
00417356 . E8 15CFFEFF CALL 8021x.00404270
0041735B . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0041735D . 6A 40 PUSH 40
0041735F . 68 E8764200 PUSH 8021x.004276E8 ; ASCII "Information"
00417364 . 50 PUSH EAX
00417365 . 8BCE MOV ECX,ESI
00417367 . C74424 20 020>MOV DWORD PTR SS:[ESP+20],2
0041736F . E8 6E530000 CALL <JMP.&MFC42.#4224_?MessageBoxA@CWnd@@QAEHPBD0I@Z>
00417374 . C74424 14 FFF>MOV DWORD PTR SS:[ESP+14],-1
0041737C . 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4]
00417380 . E9 F3000000 JMP 8021x.00417478
00417385 > 83BE 30010000>CMP DWORD PTR DS:[ESI+130],3 ; //DHCP服务器的最大响应时间

大于3秒?
0041738C . 77 3D JA SHORT 8021x.004173CB
0041738E . 8D4424 08 LEA EAX,DWORD PTR SS:[ESP+8]
00417392 . 6A 12 PUSH 12 ; //DHCP服务器的最大响应时间

必须设置为大于3秒
00417394 . 50 PUSH EAX
00417395 . E8 46CEFEFF CALL 8021x.004041E0
0041739A . 8BC8 MOV ECX,EAX
0041739C . E8 CFCEFEFF CALL 8021x.00404270
004173A1 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
004173A3 . 6A 40 PUSH 40
004173A5 . 68 E8764200 PUSH 8021x.004276E8 ; ASCII "Information"
004173AA . 50 PUSH EAX
004173AB . 8BCE MOV ECX,ESI
004173AD . C74424 20 030>MOV DWORD PTR SS:[ESP+20],3
004173B5 . E8 28530000 CALL <JMP.&MFC42.#4224_?MessageBoxA@CWnd@@QAEHPBD0I@Z>
004173BA . C74424 14 FFF>MOV DWORD PTR SS:[ESP+14],-1
004173C2 . 8D4C24 08 LEA ECX,DWORD PTR SS:[ESP+8]
004173C6 . E9 AD000000 JMP 8021x.00417478
004173CB > 8B15 18974200 MOV EDX,DWORD PTR DS:[429718]
004173D1 . 8B8E 2C010000 MOV ECX,DWORD PTR DS:[ESI+12C]
004173D7 . 898A 64060000 MOV DWORD PTR DS:[EDX+664],ECX
004173DD . 8B0D 18974200 MOV ECX,DWORD PTR DS:[429718]
004173E3 . 8B86 30010000 MOV EAX,DWORD PTR DS:[ESI+130]
004173E9 . 8981 68060000 MOV DWORD PTR DS:[ECX+668],EAX
004173EF . 8BCE MOV ECX,ESI
004173F1 . E8 B6520000 CALL <JMP.&MFC42.#4358_?OnApply@CPropertyPage@@UAEHXZ>
004173F6 . 5E POP ESI
004173F7 . 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8]
004173FB . 64:890D 00000>MOV DWORD PTR FS:[0],ECX
00417402 . 83C4 14 ADD ESP,14
00417405 . C3 RETN
00417406 > 8D5424 04 LEA EDX,DWORD PTR SS:[ESP+4]
0041740A . 6A 10 PUSH 10 ; //用户密码不能为空并且不能

超过63个字符
0041740C . 52 PUSH EDX
0041740D . E8 CECDFEFF CALL 8021x.004041E0
00417412 . 8BC8 MOV ECX,EAX
00417414 . E8 57CEFEFF CALL 8021x.00404270
00417419 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0041741B . 6A 40 PUSH 40
0041741D . 68 E8764200 PUSH 8021x.004276E8 ; ASCII "Information"
00417422 . 50 PUSH EAX
00417423 . 8BCE MOV ECX,ESI
00417425 . C74424 20 010>MOV DWORD PTR SS:[ESP+20],1
0041742D . E8 B0520000 CALL <JMP.&MFC42.#4224_?MessageBoxA@CWnd@@QAEHPBD0I@Z>
00417432 . C74424 14 FFF>MOV DWORD PTR SS:[ESP+14],-1
0041743A . 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4]
0041743E . EB 38 JMP SHORT 8021x.00417478
00417440 > 8D4424 04 LEA EAX,DWORD PTR SS:[ESP+4]
00417444 . 6A 0F PUSH 0F ; //用户名不能为空并且不能超

过65个字符
00417446 . 50 PUSH EAX
00417447 . E8 94CDFEFF CALL 8021x.004041E0
0041744C . 8BC8 MOV ECX,EAX
0041744E . E8 1DCEFEFF CALL 8021x.00404270
00417453 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
00417455 . 6A 40 PUSH 40
00417457 . 68 E8764200 PUSH 8021x.004276E8 ; ASCII "Information"
0041745C . 50 PUSH EAX
0041745D . 8BCE MOV ECX,ESI
0041745F . C74424 20 000>MOV DWORD PTR SS:[ESP+20],0
00417467 . E8 76520000 CALL <JMP.&MFC42.#4224_?MessageBoxA@CWnd@@QAEHPBD0I@Z>
0041746C . C74424 14 FFF>MOV DWORD PTR SS:[ESP+14],-1
00417474 . 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4]
00417478 > E8 37500000 CALL <JMP.&MFC42.#800_??1CString@@QAE@XZ>
0041747D . 8BCE MOV ECX,ESI
0041747F . E8 1C000000 CALL 8021x.004174A0
00417484 . 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+C]
00417488 . 33C0 XOR EAX,EAX
0041748A . 5E POP ESI
0041748B . 64:890D 00000>MOV DWORD PTR FS:[0],ECX
00417492 . 83C4 14 ADD ESP,14
00417495 . C3 RETN
00417496 90 NOP
00417497 90 NOP
00417498 90 NOP
//
//////////////////////////////////--Section 3 Start-- /////////////////////////////////////

===============[MESSAGEINFO]================
[MESSAGEINFO]
1=初始化网卡信息失败!
2=无法读取系统配置信息!
3=客户端程序升级失败,网络连接被断开,请与管理员联系!
4=升级成功,客户端程序将重新启动!
5=802.1x客户端版本不匹配,网络连接被断开,请联系网络管理员获得最新的客户端软件。
6=目前系统工作环境与软件运行环境相冲突,软件不能正常运行!
7=不能打开文件
8=信息不完整,无法恢复网络参数
9=用户名不能为空
10=用户名不能超过65个字符
11=用户密码不能为空
12=找不到配置文件
13=您已经运行了一个客户端
14=无法获取客户端软件的版本信息!
15=用户名不能为空并且不能超过65个字符
16=用户密码不能为空并且不能超过63个字符
17=时间间隔不小于5分钟
18=DHCP服务器的最大响应时间必须设置为大于3秒
19=协议参数值不能小于默认值
20=必须选择连接的网卡
21=无法打开配置文件!
22=无法读取用户配置文件!
23=无法支持该类型的网卡,请检查您的网卡设置!
24=锐捷802.1x认证客户端: 网卡没有连接上,请检查网卡连接!
25=锐捷802.1x认证客户端: 网卡连接正常,连接速度:
26=正在初始化...
27=连接持续时间:
28=认证成功
29=认证失败
30=认证已关闭
31=网卡没有连接上,请检查网卡连接!
32=寻找认证服务器...
33=连接认证服务器...
34=正在进行认证...
35=不使用
36=认证后获取
37=认证前获取
38=认证前后获取
39=当前系统配置:
40=中文
41=英语
42=网络参数
43=用户参数设置
44=协议参数设置
45=系统配置
46=PlugIn程序被破坏,软件不能正常运行!
47=网卡没有连接上,是否继续!
48=获取DHCP地址失败,请重新认证!
===============[MESSAGEINFO]================

==================================
在认证软件运行过程中有可能会弹出消息框,有“目前系统工作环境与软件运行环境相冲突,软件不能正常运行!\n(Code: 1)”类似的信息出现,其返回Code值表示了冲突的原因。
Code=2,您安装了多块网卡,和服务器要求的不符合
Code=4,您安装了代理服务器,和服务器要求的不符合
Code=5,您采用了拨号网络连接,和服务器要求的不符合
Code=6,系统错误


//
//通过获取本机的IP地址来判断是否启用了一个或多个网络接口(网卡)
//Local call from 00408E55
00415D60 /$ 81EC 04010000 SUB ESP,104
00415D66 |. B9 41000000 MOV ECX,41
00415D6B |. 33C0 XOR EAX,EAX
00415D6D |. 57 PUSH EDI
00415D6E |. 8D7C24 04 LEA EDI,DWORD PTR SS:[ESP+4]
00415D72 |. F3:AB REP STOS DWORD PTR ES:[EDI]
00415D74 |. 8D4424 04 LEA EAX,DWORD PTR SS:[ESP+4]
00415D78 |. 68 04010000 PUSH 104 ; /BufSize = 104 (260.)
00415D7D |. 50 PUSH EAX ; |Buffer
00415D7E |. E8 7B6D0000 CALL <JMP.&WSOCK32.#57__gethostname@8> ; \gethostname
00415D83 |. 85C0 TEST EAX,EAX ; //成功获取计算机名返回0
00415D85 |. 5F POP EDI
00415D86 |. 74 09 JE SHORT 8021x.00415D91
00415D88 |. 33C0 XOR EAX,EAX
00415D8A |. 81C4 04010000 ADD ESP,104
00415D90 |. C3 RETN
00415D91 |> 8D4C24 00 LEA ECX,DWORD PTR SS:[ESP]
00415D95 |. 51 PUSH ECX ; /Name
00415D96 |. E8 5D6D0000 CALL <JMP.&WSOCK32.#52__gethostbyname@4> ; \gethostbyname
00415D9B |. 85C0 TEST EAX,EAX ; //返回IP地址,返回NULL为无法获取IP
00415D9D |. 75 07 JNZ SHORT 8021x.00415DA6
00415D9F |. 81C4 04010000 ADD ESP,104
00415DA5 |. C3 RETN
00415DA6 |> 8B40 0C MOV EAX,DWORD PTR DS:[EAX+C]
00415DA9 |. 33C9 XOR ECX,ECX
00415DAB |. 8338 00 CMP DWORD PTR DS:[EAX],0
00415DAE |. 74 10 JE SHORT 8021x.00415DC0
00415DB0 |> 8B50 04 /MOV EDX,DWORD PTR DS:[EAX+4]
00415DB3 |. 83C0 04 |ADD EAX,4
00415DB6 |. 41 |INC ECX
00415DB7 |. 85D2 |TEST EDX,EDX
00415DB9 |.^ 75 F5 \JNZ SHORT 8021x.00415DB0
00415DBB |. 83F9 01 CMP ECX,1
00415DBE |. 7F 09 JG SHORT 8021x.00415DC9 ; //本机IP地址数量>=1?
00415DC0 |> 33C0 XOR EAX,EAX
00415DC2 |. 81C4 04010000 ADD ESP,104
00415DC8 |. C3 RETN
00415DC9 |> C705 1C974200 >MOV DWORD PTR DS:[42971C],475
00415DD3 |. B8 01000000 MOV EAX,1
00415DD8 |. 81C4 04010000 ADD ESP,104
00415DDE \. C3 RETN


----------------------
看看一个类似的C++代码:


////////////////////////////////////////////////////////////////
// getAdapter.cpp
//
// 通过IP地址检测已启用网卡的数量
// 命令行编译命令为:
//
// cl getAdapter.cpp wsock32.lib
//
//
#include <winsock.h>
#include <wsipx.h>
#include <wsnwlink.h>
#include <stdio.h>

int main()
{
WORD wVersionRequested = MAKEWORD(1, 1);
WSADATA wsaData;
if (WSAStartup(wVersionRequested, &wsaData)) {
printf("WSAStartup failed %s\n", WSAGetLastError()); // 初始化 Windows sockets API.
return -1;
}
char hostname[260];
int res = gethostname(hostname, sizeof(hostname));// 获取本机主机名.
if (res ==0) {
//printf("hostname=%s\n", hostname);
hostent* pHostent = gethostbyname(hostname);// 根据主机名获取主机信息.
if (pHostent!=NULL) {
hostent& he = *pHostent;
sockaddr_in sa;
for (int nAdapter=0; he.h_addr_list[nAdapter]; nAdapter++) {
if (nAdapter>=1) {
printf("Infomation: Active Adapter Number: %d\n",nAdapter+1);
return 1;
}
}
}else{
printf("Error: %u\n", WSAGetLastError());
return -1;
}
}else{
printf("Error: %u\n", WSAGetLastError());
return -1;
}
sockaddr_in sa;
WSACleanup();
return 0;
}
-----------------------

TOP

和风

… ...

注册会员

Rank: 2Rank: 2

炎帝A
3# 发表于 2007-4-14 08:16  只看该作者
官方客户端,下来保留着以防万一
协议好像还没有改吧
破解是干什么用的呢?破网卡限制?
永远的Iron Maiden!!
rm / -rf

TOP

hrzq1986

HR

版主

Rank: 17Rank: 17

GHTT疯人院
4# 发表于 2007-4-14 12:43  只看该作者
貌似破解是免交网费的

TOP

和风

… ...

注册会员

Rank: 2Rank: 2

炎帝A
5# 发表于 2007-4-14 13:21  只看该作者
有这破解的话网络中心的大爷们估计要和枯灵拼命
不过我好想要....那样的破解
永远的Iron Maiden!!
rm / -rf

TOP

枯の灵

枯の灵

管理员

Rank: 21Rank: 21Rank: 21

枯の灵
6# 发表于 2007-4-15 09:33  只看该作者
的确是可以免交网费

但是不是通过修改客户端实现的

详情请自行查阅相关资料



破解版的是主要破网卡限制     同时由于开放源代码的话呢

也是一个不错的研究材料     也可以做出属于自己的版本来

对于我来说呢     每月20网费也不是很多

破解的话     主要是可以玩虚拟机

TOP

海岛

新手上路

Rank: 1
7# 发表于 2007-6-9 10:30  只看该作者
路过

TOP

新手上路

Rank: 1
8# 发表于 2007-8-26 20:35  只看该作者
锐捷3。05 vista还是用不了啊!

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题