http://software.wx88.net/down/ajpegcompr.exe
JPEG图片压缩软件,没注册让压了之后不让你存!!!
选'HELP-->PURCHASE A LICENSE-->TELEPHONE',他会打开网页,关掉它,再重复一次,就可以输入注册码了!
我更改之后它显示注册成功,一存盘它又出来叫我注册,不知道它在其它的什么地方还有检测,请高人出手!
标 题:解了!它是用Delphi写的,用DEDE反它,改个地方就行了! (4千字)
发信人:1122
时 间:2001-1-17 16:51:53
详细信息:
Dede是个好东东!
现在已可以存盘了,但是在About里还是没注册!
问题是现在想注册也注册不了!输入注册码的窗口根本出不来!我靠。
0049F84C 55 push ebp
0049F84D 8BEC mov ebp, esp
0049F84F 6A00 push $00
0049F851 6A00 push $00
0049F853 53 push ebx
0049F854 56 push esi
0049F855 8BD8 mov ebx, eax
0049F857 33C0 xor eax, eax
0049F859 55 push ebp
* Possible String Reference to: '開;?腓^[YY]脥@'
|
0049F85A 681CF94900 push $0049F91C
***** TRY
|
0049F85F 64FF30 push dword ptr fs:[eax]
0049F862 648920 mov fs:[eax], esp
* Reference to field TMainForm.OFFS_07A4
|
0049F865 80BBA407000000 cmp byte ptr [ebx+$07A4], $00
0049F86C 0F8483000000 jz 0049F8F5
0049F872 8BC3 mov eax, ebx
* Reference to: Forms.TCustomForm.GetActiveMDIChild()
|
0049F874 E8F769FAFF call 00446270
* Possible reference to class TImageForm
|
0049F879 8B1578874900 mov edx, [$498778]
* Reference to: System..AsClass()
|
0049F87F E8D836F6FF call 00402F5C
0049F884 8BF0 mov esi, eax
0049F886 8D55FC lea edx, [ebp-$04]
* Reference to control TMainForm.FileCloseAction : TWindowClose
|
0049F889 8B8644030000 mov eax, [esi+$0344]
* Reference to: Sysutils.ExtractFileName(System.AnsiString)
|
0049F88F E8248EF6FF call 004086B8
0049F894 8B55FC mov edx, [ebp-$04]
* Reference to control TMainForm.SaveDialog : TSavePictureDialog
|
0049F897 8B83E0040000 mov eax, [ebx+$04E0]
0049F89D 83C06C add eax, +$6C
* Reference to: System..LStrAsg()
|
0049F8A0 E8F341F6FF call 00403A98
* Reference to control TMainForm.SaveDialog : TSavePictureDialog
|
0049F8A5 8B83E0040000 mov eax, [ebx+$04E0]
0049F8AB 8B10 mov edx, [eax]
* Reference to method TSavePictureDialog.Execute()
|
0049F8AD FF523C call dword ptr [edx+$3C]
0049F8B0 84C0 test al, al
0049F8B2 744A jz 0049F8FE 《《《这里就去购买了,所以不能去!
0049F8B4 8D55F8 lea edx, [ebp-$08]
* Reference to control TMainForm.SaveDialog : TSavePictureDialog
|
0049F8B7 8B83E0040000 mov eax, [ebx+$04E0]
* Reference to: Dialogs.TOpenDialog.GetFileName()
|
0049F8BD E84617FBFF call 00451008
0049F8C2 8B55F8 mov edx, [ebp-$08]
0049F8C5 33C9 xor ecx, ecx
0049F8C7 8BC6 mov eax, esi
|
0049F8C9 E83A9AFFFF call 00499308
0049F8CE 8D55F8 lea edx, [ebp-$08]
* Reference to control TMainForm.SaveDialog : TSavePictureDialog
|
0049F8D1 8BB3E0040000 mov esi, [ebx+$04E0]
0049F8D7 8BC6 mov eax, esi
* Reference to: Dialogs.TOpenDialog.GetFileName()
|
0049F8D9 E82A17FBFF call 00451008
0049F8DE 8B45F8 mov eax, [ebp-$08]
0049F8E1 8D55FC lea edx, [ebp-$04]
* Reference to: Sysutils.ExtractFilePath(System.AnsiString)
|
0049F8E4 E89B8DF6FF call 00408684
0049F8E9 8B55FC mov edx, [ebp-$04]
0049F8EC 8BC6 mov eax, esi
* Reference to: Dialogs.TOpenDialog.SetInitialDir(System.AnsiString)
|
0049F8EE E87D17FBFF call 00451070
0049F8F3 EB09 jmp 0049F8FE
0049F8F5 33D2 xor edx, edx
0049F8F7 8BC3 mov eax, ebx
* Reference to : TMainForm.HelpPurchaseItemClick()-->模仿单机购买项!
|
0049F8F9 E8E2130000 call 004A0CE0
0049F8FE 33C0 xor eax, eax
0049F900 5A pop edx
0049F901 59 pop ecx
0049F902 59 pop ecx
0049F903 648910 mov fs:[eax], edx
现在功能已没限制了,但也不要你输入注册码了!
可是在ABOUT里还是显示“Unauthorized”,不知怎么回事?
标 题:稍有不同的破解 (6千字)
发信人:henryw
时 间:2001-1-18 9:19:53
详细信息:
看了1212兄写的破解提示,很有启发,也试用dede反汇编了一把,
想法和1212兄稍有不同。
procedure TMainForm.FileSaveActionExecute(Sender: TObject);{?}
begin
{
0049F7DC 53 push ebx
0049F7DD 56 push esi
0049F7DE 8BF2 mov esi, edx
0049F7E0 8BD8 mov ebx, eax
0049F7E2 8BC6 mov eax, esi
0049F7E4 8B1578874900 mov edx, [$498778]
0049F7EA E85537F6FF call 00402F44
0049F7EF 84C0 test al, al
0049F7F1 740F jz 0049F802
0049F7F3 8BC6 mov eax, esi
0049F7F5 8B1578874900 mov edx, [$498778]
0049F7FB E85C37F6FF call 00402F5C
0049F800 EB12 jmp 0049F814
0049F802 8BC3 mov eax, ebx
0049F804 E8676AFAFF call 00446270
0049F809 8B1578874900 mov edx, [$498778]
0049F80F E84837F6FF call 00402F5C
0049F814 80BBA407000000 cmp byte ptr [ebx+$07A4], $00
0049F81B 7420 jz 0049F83D <----------- 此地不能去,要9090--------
0049F81D 80B87403000000 cmp byte ptr [eax+$0374], $00
0049F824 740B jz 0049F831
0049F826 33C9 xor ecx, ecx
0049F828 33D2 xor edx, edx
0049F82A E8D99AFFFF call 00499308
0049F82F EB15 jmp 0049F846
0049F831 8BD3 mov edx, ebx
0049F833 8BC3 mov eax, ebx
* Reference to : TMainForm.FileSaveAsActionExecute
|
0049F835 E812000000 call 0049F84C
0049F83A 5E pop esi
0049F83B 5B pop ebx
0049F83C C3 ret
0049F83D 33D2 xor edx, edx
0049F83F 8BC3 mov eax, ebx
* Reference to : TMainForm.HelpPurchaseItemClick
|
0049F841 E89A140000 call 004A0CE0
0049F846 5E pop esi
0049F847 5B pop ebx
0049F848 C3 ret
}
end ;
procedure TMainForm.FileSaveAsActionExecute(Sender: TObject);{?}
begin
{
0049F84C 55 push ebp
0049F84D 8BEC mov ebp, esp
0049F84F 6A00 push $00
0049F851 6A00 push $00
0049F853 53 push ebx
0049F854 56 push esi
0049F855 8BD8 mov ebx, eax
0049F857 33C0 xor eax, eax
0049F859 55 push ebp
* Possible String Reference to: "開;?腓^[YY]脥@"
|
0049F85A 681CF94900 push $0049F91C
***** TRY
|
0049F85F 64FF30 push dword ptr fs:[eax]
0049F862 648920 mov fs:[eax], esp
0049F865 80BBA407000000 cmp byte ptr [ebx+$07A4], $00
0049F86C 0F8483000000 jz 0049F8F5 <------------改成0F85---------------
0049F872 8BC3 mov eax, ebx
0049F874 E8F769FAFF call 00446270
0049F879 8B1578874900 mov edx, [$498778]
0049F87F E8D836F6FF call 00402F5C
0049F884 8BF0 mov esi, eax
0049F886 8D55FC lea edx, [ebp-$04]
0049F889 8B8644030000 mov eax, [esi+$0344]
0049F88F E8248EF6FF call 004086B8
0049F894 8B55FC mov edx, [ebp-$04]
0049F897 8B83E0040000 mov eax, [ebx+$04E0]
0049F89D 83C06C add eax, +$6C
0049F8A0 E8F341F6FF call 00403A98
0049F8A5 8B83E0040000 mov eax, [ebx+$04E0]
0049F8AB 8B10 mov edx, [eax]
0049F8AD FF523C call dword ptr [edx+$3C]
0049F8B0 84C0 test al, al
0049F8B2 744A jz 0049F8FE
0049F8B4 8D55F8 lea edx, [ebp-$08]
0049F8B7 8B83E0040000 mov eax, [ebx+$04E0]
0049F8BD E84617FBFF call 00451008
0049F8C2 8B55F8 mov edx, [ebp-$08]
0049F8C5 33C9 xor ecx, ecx
0049F8C7 8BC6 mov eax, esi
0049F8C9 E83A9AFFFF call 00499308
0049F8CE 8D55F8 lea edx, [ebp-$08]
0049F8D1 8BB3E0040000 mov esi, [ebx+$04E0]
0049F8D7 8BC6 mov eax, esi
0049F8D9 E82A17FBFF call 00451008
0049F8DE 8B45F8 mov eax, [ebp-$08]
0049F8E1 8D55FC lea edx, [ebp-$04]
0049F8E4 E89B8DF6FF call 00408684
0049F8E9 8B55FC mov edx, [ebp-$04]
0049F8EC 8BC6 mov eax, esi
0049F8EE E87D17FBFF call 00451070
0049F8F3 EB09 jmp 0049F8FE
0049F8F5 33D2 xor edx, edx
0049F8F7 8BC3 mov eax, ebx
* Reference to : TMainForm.HelpPurchaseItemClick
|
0049F8F9 E8E2130000 call 004A0CE0
0049F8FE 33C0 xor eax, eax
0049F900 5A pop edx
0049F901 59 pop ecx
0049F902 59 pop ecx
0049F903 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: "^[YY]脥@"
|
0049F906 6823F94900 push $0049F923
0049F90B 8D45F8 lea eax, [ebp-$08]
0049F90E E83141F6FF call 00403A44
0049F913 8D45FC lea eax, [ebp-$04]
0049F916 E82941F6FF call 00403A44
0049F91B C3 ret
0049F91C E95F3BF6FF jmp 00403480
0049F921 EBE8 jmp 0049F90B
****** END
|
0049F923 5E pop esi
0049F924 5B pop ebx
0049F925 59 pop ecx
0049F926 59 pop ecx
0049F927 5D pop ebp
0049F928 C3 ret
}
end ;
如此一来,并没有影响注册的对话框,不过,相信输入正确的注册号以后,估计那个OF85还需要改成0F84。
BTW: 1212兄,假如在49F8B2处改动成9090,注册对话框似乎依旧会跳出,恐怕和下面一条49F8F3有关?
标 题:哈哈。。。。我是1122,不是1212! (1千字)
发信人:1122
时 间:2001-1-18 11:24:50
详细信息:
其实我在实际改的时候并不是如我上篇写的那样只改jz就行了!我只是为少打几个字才说了一下重点!其实你可以在下面这个Call dword ptr[edx+83c]进去,看看到为什么AL会等于1,最后我发出现出来对话框其实决定于
我认为你能让注册窗口跳出来强行跳转的结果,没有挖出它的根!
* Reference to method TSavePictureDialog.Execute()
|
0049F8AD FF523C call dword ptr [edx+$3C]
0049F8B0 84C0 test al, al
0049F8B2 744A jz 0049F8FE 《《《这里就去购买了,所以不能去!
0049F8B4 8D55F8 lea edx, [ebp-$08]
其实你可以在上面这个Call dword ptr[edx+83c]进去,看看到为什么AL会等于1,最后我发出现出来对话框其实决定于:
0049F814 80BBA407000000 cmp byte ptr [ebx+$07A4], $00
你也可以锁定ebx+07a4,看它什么时候变成1。
[ebx+$07a4],[ebx+$07a5]两个地址处的内容非常重要,你跟进了上面我说的那个CALL!
[ebx+07a4]决定是否功能限制,如是为“1”,它会把[ebx+07a5]置0,否则以上两个值就相反.
而[ebx+07a5]决定是否出来填写注册码的对话框,所以如果你能让[ebx+07a4]=1,[ebx+07a5]=0应该就是注册版了!
最后我的改法如下:
1.找:0F8C65010000E871F1FFFF
改:909090909090----------
2.找:0F9C4F010000C645FF01
改:909090909090--------
3.找:7D04C645FF008B45F0
改:EB----------------
它们的具体offset我没记下来!你应该可以找得到,看看这几个地方的代码你就会明白了。
以上是我的观点,敬请指正!呵呵。。。。。。
热烈欢迎继续讨论!