用W32DASM破解图形捕捉ScreenTaker 最新版本:2.21(转载希望保持完整)
作者:丁丁虾 又名:DDXia
文件大小:572KB
软件授权:共享软件
使用平台:Win95/98/NT
发布公司:Home Page
软件简介:
屏幕拷贝工具,可以拷贝整个窗口、桌面或者是指定区域,支持 BMP、JPEG、{CX、TGA、TIFF 格式。
http://www.newhua.com.cn/down/stake221.zip
破解完这个软件,我真想大哭一场。。。。555555。。。别,别这样,革命尚未成
功。今天终于明白:长夜漫漫,我独行;踏破铁鞋,无觅处;唉,得来全不费工夫。
老一套用W32DASM载入STaker.EXE,查找注册失败的窗口中的E文,肯定没有啦!为什么?胡乱的追踪了十几分钟,没有什么结果!本想放弃!无意中看见在它的目录中还有一个EXE文件---Config.exe.加载看一看!再查找注册失败的窗口中的E文,半秒就
找到了"Invalid registration key."---->我第一次有哭的感觉。
再往上查看有没有类似je cmp 或jne
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043FA51(C)
|
:0043FAB8 8B83A0020000 mov eax, dword
ptr [ebx+000002A0]
:0043FABE E8C5B4FDFF call 0041AF88
:0043FAC3 8B55FC
mov edx, dword ptr [ebp-04]
:0043FAC6 8B06
mov eax, dword ptr [esi]
:0043FAC8 83C00C
add eax, 0000000C
:0043FACB E8603CFCFF call 00403730
:0043FAD0 8D55FC
lea edx, dword ptr [ebp-04]
:0043FAD3 8B83B0020000 mov eax, dword
ptr [ebx+000002B0]
:0043FAD9 E8AAB4FDFF call 0041AF88
:0043FADE 8B55FC
mov edx, dword ptr [ebp-04]
:0043FAE1 8B06
mov eax, dword ptr [esi]
:0043FAE3 83C010
add eax, 00000010
:0043FAE6 E8453CFCFF call 00403730
:0043FAEB 8D55FC
lea edx, dword ptr [ebp-04]
:0043FAEE 8B83B4020000 mov eax, dword
ptr [ebx+000002B4]
:0043FAF4 E88FB4FDFF call 0041AF88
:0043FAF9 8B55FC
mov edx, dword ptr [ebp-04]
:0043FAFC 8B06
mov eax, dword ptr [esi]
:0043FAFE 83C014
add eax, 00000014
:0043FB01 E82A3CFCFF call 00403730
:0043FB06 8D55FC
lea edx, dword ptr [ebp-04]
:0043FB09 8B83B8020000 mov eax, dword
ptr [ebx+000002B8]
:0043FB0F E874B4FDFF call 0041AF88
:0043FB14 8B55FC
mov edx, dword ptr [ebp-04]
:0043FB17 8B06
mov eax, dword ptr [esi]
:0043FB19 83C018
add eax, 00000018
:0043FB1C E80F3CFCFF call 00403730
:0043FB21 8D55FC
lea edx, dword ptr [ebp-04]
:0043FB24 8B83C0020000 mov eax, dword
ptr [ebx+000002C0]
:0043FB2A E859B4FDFF call 0041AF88
:0043FB2F FF75FC
push [ebp-04]
:0043FB32 6834FC4300 push 0043FC34
:0043FB37 8D55F8
lea edx, dword ptr [ebp-08]
:0043FB3A 8B83C8020000 mov eax, dword
ptr [ebx+000002C8]
:0043FB40 E843B4FDFF call 0041AF88
:0043FB45 FF75F8
push [ebp-08]
:0043FB48 8B06
mov eax, dword ptr [esi]
:0043FB4A 83C01C
add eax, 0000001C
:0043FB4D BA03000000 mov edx,
00000003
:0043FB52 E8C13EFCFF call 00403A18
:0043FB57 8B06
mov eax, dword ptr [esi]
:0043FB59 E80ED8FFFF call 0043D36C
^^^^^^^^^^^^^---> 比较注册码
:0043FB5E 84C0
test al, al
:0043FB60 0F8489000000 je 0043FBEF
^^^^^^^^^^---->就是它了,改为jne就行了
下面一堆东东是把你填写的注册信息写入注册表中,
位置在HKCU\Software\GBSoft\STaker\下,可以看一看,
* Possible StringData Ref from Code Obj ->"Software\GBSoft\STaker"
|
:0043FB66 BA40FC4300 mov edx,
0043FC40
:0043FB6B 8B06
mov eax, dword ptr [esi]
:0043FB6D E80ED6FFFF call 0043D180
:0043FB72 8B06
mov eax, dword ptr [esi]
:0043FB74 8B5004
mov edx, dword ptr [eax+04]
:0043FB77 8B83E4020000 mov eax, dword
ptr [ebx+000002E4]
:0043FB7D E836B4FDFF call 0041AFB8
:0043FB82 8B06
mov eax, dword ptr [esi]
:0043FB84 8B5008
mov edx, dword ptr [eax+08]
:0043FB87 8B83EC020000 mov eax, dword
ptr [ebx+000002EC]
:0043FB8D E826B4FDFF call 0041AFB8
:0043FB92 8B06
mov eax, dword ptr [esi]
:0043FB94 8B500C
mov edx, dword ptr [eax+0C]
:0043FB97 8B83F4020000 mov eax, dword
ptr [ebx+000002F4]
:0043FB9D E816B4FDFF call 0041AFB8
:0043FBA2 8B06
mov eax, dword ptr [esi]
:0043FBA4 8B5010
mov edx, dword ptr [eax+10]
:0043FBA7 8B83FC020000 mov eax, dword
ptr [ebx+000002FC]
:0043FBAD E806B4FDFF call 0041AFB8
:0043FBB2 8B06
mov eax, dword ptr [esi]
:0043FBB4 8B5014
mov edx, dword ptr [eax+14]
:0043FBB7 8B8300030000 mov eax, dword
ptr [ebx+00000300]
:0043FBBD E8F6B3FDFF call 0041AFB8
:0043FBC2 8B06
mov eax, dword ptr [esi]
:0043FBC4 8B5018
mov edx, dword ptr [eax+18]
:0043FBC7 8B8304030000 mov eax, dword
ptr [ebx+00000304]
:0043FBCD E8E6B3FDFF call 0041AFB8
:0043FBD2 8B06
mov eax, dword ptr [esi]
:0043FBD4 8B501C
mov edx, dword ptr [eax+1C]
:0043FBD7 8B830C030000 mov eax, dword
ptr [ebx+0000030C]
:0043FBDD E8D6B3FDFF call 0041AFB8
:0043FBE2 8B83D8020000 mov eax, dword
ptr [ebx+000002D8]
:0043FBE8 E817B8FDFF call 0041B404
:0043FBED EB14
jmp 0043FC03
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043FB60(C)
|
:0043FBEF 6A00
push 00000000
* Possible StringData Ref from Code Obj ->"ScreenTaker - Error"
|
:0043FBF1 A1241A4400 mov eax,
dword ptr [00441A24]
:0043FBF6 50
push eax
##########################################################
* Possible StringData Ref from Code Obj ->"Invalid registration key."
###################################^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
---->往上看有没有类似je cmp 或jne
:0043FBF7 6858FC4300 push 0043FC58
:0043FBFC 6A00
push 00000000
* Reference To: user32.MessageBoxA, Ord:0000h
|
:0043FBFE E8815CFCFF Call 00405884
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0043FA79(C), :0043FBED(U)
|
:0043FC03 33C0
xor eax, eax
:0043FC05 5A
pop edx
:0043FC06 59
pop ecx
:0043FC07 59
pop ecx
:0043FC08 648910
mov dword ptr fs:[eax], edx
* Possible StringData Ref from Code Obj ->"^[YY]"
|
:0043FC0B 6825FC4300 push 0043FC25
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043FC23(U)
|
:0043FC10 8D45F8
lea eax, dword ptr [ebp-08]
:0043FC13 BA02000000 mov edx,
00000002
:0043FC18 E8E33AFCFF call 00403700
:0043FC1D C3
ret
别以为这样就大功告成了,嘻嘻.......不信试一下。
虽然填下了乱码,它当时就说注册成功了,但每运行一次都要注册一次,对吗???
做为一名小NEWBABIES更要追到底,否则就不会有什么成功的感觉了?动一下脑筋哦??如果有好方法,请回一贴吧!!!
(待续)
写作时间
2000.2.19.00:10
- 标 题:用W32DASM破解图形捕捉ScreenTaker 最新版本:2.21 (7千字)
- 作 者:DDXia
- 时 间:2000-2-21 12:54:37
阅读次数:483 - 链 接:http://bbs.pediy.com