菜鸟破解实录(八)之 超级信封打印工具 v3.2
软件名称:超级信封打印工具 v3.2 -->(30天试用)
简 介:看名字就知道。
作 者:xiA Qin
级 别:很菜.....很菜......
解密日前:2000年7月21日
解密工具:Trw2000 1.22
破解目的:软件作者的太串了、太嚣张了,为破解论谈争气。
说 明:
本文是在我的软件破解记录上整理出来的。所以在文中没有任何的注册码,只作技术交流。如若有纰漏,请各位大侠多指教!
首先运行超级信封打印工具
输入注册信息
register key: xxxx-xx-xxx
下指令bpx hmemcpy //下中断点
按F5回到程序,按确定,这时会被Trw2000拦截到。
下指令bd * //屏障中断点
下指令pmodule //直接跳到程序的领空
按F10来到下面指令
...............
015F:004AB037 807C38FF2D CMP BYTE [EAX+EDI-01],2D
015F:004AB03C 7503 JNZ
004AB041
015F:004AB03E FF45F8 INC
DWORD [EBP-08]
015F:004AB041 47 INC
EDI
015F:004AB042 4E DEC
ESI
015F:004AB043 75E1 JNZ
004AB026
015F:004AB045 837DF802 CMP DWORD
[EBP-08],BYTE +02
015F:004AB049 0F857E010000 JNZ NEAR 004AB1CD
//检查注册码的格式
015F:004AB04F 8D55F4 LEA
EDX,[EBP-0C] 是否是xxxx-xx-xxx格式
015F:004AB052 8B83D0020000 MOV EAX,[EBX+02D0]
015F:004AB058 E8EB87F8FF CALL 00433848
015F:004AB05D 8B55F4 MOV
EDX,[EBP-0C]
015F:004AB060 A1A42C4D00 MOV EAX,[004D2CA4]
015F:004AB065 8B00 MOV
EAX,[EAX]
015F:004AB067 0518110000 ADD EAX,1118
015F:004AB06C E87B8CF5FF CALL 00403CEC
015F:004AB071 A1A42C4D00 MOV EAX,[004D2CA4]
015F:004AB076 8B00 MOV
EAX,[EAX]
015F:004AB078 8B55FC MOV
EDX,[EBP-04]
015F:004AB07B E870480200 CALL 004CF8F0
015F:004AB080 A1A42C4D00 MOV EAX,[004D2CA4]
015F:004AB085 8B00 MOV
EAX,[EAX]
015F:004AB087 8B55FC MOV
EDX,[EBP-04]
015F:004AB08A E861470200 CALL 004CF7F0
015F:004AB08F A1A42C4D00 MOV EAX,[004D2CA4]
015F:004AB094 8B00 MOV
EAX,[EAX]
015F:004AB096 8B55FC MOV
EDX,[EBP-04]
015F:004AB099 E852490200 CALL 004CF9F0
015F:004AB09E A1A42C4D00 MOV EAX,[004D2CA4]
015F:004AB0A3 8B00 MOV
EAX,[EAX]
015F:004AB0A5 8B80781B0000 MOV EAX,[EAX+1B78]
015F:004AB0AB 8B15A42C4D00 MOV EDX,[004D2CA4]
015F:004AB0B1 8B12 MOV
EDX,[EDX]
015F:004AB0B3 3B82081D0000 CMP EAX,[EDX+1D08]
015F:004AB0B9 0F8504010000 JNZ NEAR 004AB1C3
//注册码中间的位数
015F:004AB0BF A1A42C4D00 MOV EAX,[004D2CA4]
015F:004AB0C4 8B00 MOV
EAX,[EAX]
015F:004AB0C6 8B80C0710000 MOV EAX,[EAX+71C0]
015F:004AB0CC 8B15A42C4D00 MOV EDX,[004D2CA4]
015F:004AB0D2 8B12 MOV
EDX,[EDX]
015F:004AB0D4 3B8208700000 CMP EAX,[EDX+7008]
015F:004AB0DA 0F85E3000000 JNZ NEAR 004AB1C3
//比较注册码后面的第一位。
015F:004AB0E0 A1A42C4D00 MOV EAX,[004D2CA4]
正确就成功注册。
015F:004AB0E5 8B00 MOV
EAX,[EAX]
015F:004AB0E7 8B8034710000 MOV EAX,[EAX+7134]
015F:004AB0ED 8B15A42C4D00 MOV EDX,[004D2CA4]
015F:004AB0F3 8B12 MOV
EDX,[EDX]
015F:004AB0F5 3B82A46F0000 CMP EAX,[EDX+6FA4]
015F:004AB0FB 0F85C2000000 JNZ NEAR 004AB1C3
015F:004AB101 B804B24A00 MOV EAX,004AB204
015F:004AB106 E879A4FAFF CALL 00455584
//注册成功对话框
015F:004AB10B 8B8314030000 MOV EAX,[EBX+0314]
015F:004AB111 E82A28F8FF CALL 0042D940
015F:004AB116 8D55F4 LEA
EDX,[EBP-0C]
015F:004AB119 8B83D0020000 MOV EAX,[EBX+02D0]
015F:004AB11F E82487F8FF CALL 00433848
015F:004AB124 8B55F4 MOV
EDX,[EBP-0C]
015F:004AB127 8B8314030000 MOV EAX,[EBX+0314]
015F:004AB12D 8B80EC010000 MOV EAX,[EAX+01EC]
015F:004AB133 8B08 MOV
ECX,[EAX]
015F:004AB135 FF5134 CALL NEAR
[ECX+34]
015F:004AB138 A1A42C4D00 MOV EAX,[004D2CA4]
015F:004AB13D 8B00 MOV
EAX,[EAX]
015F:004AB13F 8B808C030000 MOV EAX,[EAX+038C]
015F:004AB145 B201 MOV
DL,01
015F:004AB147 E8247BF9FF CALL 00442C70
015F:004AB14C A1A42C4D00 MOV EAX,[004D2CA4]
015F:004AB151 8B00 MOV
EAX,[EAX]
015F:004AB153 055C770000 ADD EAX,775C
015F:004AB158 BA1CB24A00 MOV EDX,004AB21C
015F:004AB15D E88A8BF5FF CALL 00403CEC
015F:004AB162 A1A42C4D00 MOV EAX,[004D2CA4]
015F:004AB167 8B00 MOV
EAX,[EAX]
015F:004AB169 8B8880050000 MOV ECX,[EAX+0580]
015F:004AB16F A1A42C4D00 MOV EAX,[004D2CA4]
015F:004AB174 8B00 MOV
EAX,[EAX]
015F:004AB176 8B905C770000 MOV EDX,[EAX+775C]
015F:004AB17C 8D45F0 LEA
EAX,[EBP-10]
015F:004AB17F E8DC8DF5FF CALL 00403F60
015F:004AB184 8B55F0 MOV
EDX,[EBP-10]
015F:004AB187 A1A42C4D00 MOV EAX,[004D2CA4]
015F:004AB18C 8B00 MOV
EAX,[EAX]
015F:004AB18E E8E586F8FF CALL 00433878
015F:004AB193 A1A42C4D00 MOV EAX,[004D2CA4]
015F:004AB198 8B00 MOV
EAX,[EAX]
015F:004AB19A 8B907C050000 MOV EDX,[EAX+057C]
015F:004AB1A0 8D45F0 LEA
EAX,[EBP-10]
015F:004AB1A3 B93CB24A00 MOV ECX,004AB23C
015F:004AB1A8 E8B38DF5FF CALL 00403F60
015F:004AB1AD 8B55F0 MOV
EDX,[EBP-10]
015F:004AB1B0 8B8314030000 MOV EAX,[EBX+0314]
015F:004AB1B6 8B80EC010000 MOV EAX,[EAX+01EC]
015F:004AB1BC 8B08 MOV
ECX,[EAX]
015F:004AB1BE FF5164 CALL NEAR
[ECX+64]
015F:004AB1C1 EB0A JMP
SHORT 004AB1CD
015F:004AB1C3 B854B24A00 MOV EAX,004AB254
015F:004AB1C8 E8B7A3FAFF CALL 00455584
//注册失败对话框
整里一下:
软件比较注册码xxxx-xx-xxx
^
第一位数字
所以将注册码 0000-00-x00 将x用阿拉伯数字123456789都试一遍。就可以注册。
^^^^ ^^ ^^
随便输
比如:我的计算机是 0000-00-600
后 记:
超级信封打印工具 v3.2是通过读取安装目录下的文件zhuceFile.data来判断,程序是否注册。如果把文件zhuceFile.data删除,
超级信封打印工具 v3.2又成了非注册版。
软件作者的太串了、太嚣张了,我从看到他的留言到现在连吃饭、下载、分析、记录破解过程一共用了2小时。没有破不掉的软件。希望他记住他讲过的话。
- 标 题:菜鸟破解实录(八)之 超级信封打印工具 v3.2 (6千字)
- 作 者:xiA Qin
- 时 间:2000-7-21 15:23:58
- 链 接:http://bbs.pediy.com