软件下载:http://www.jinfengnet.com
文件尺寸:998,912
用language查看,程序没有加壳。
用W32Dasm反汇编破解。
破解分两步走:
1. 破解注册码:
根据“串式参考”找到注册错误提示信息“对不起,注册码错误,如果您已经付费请与作者联系以获得正确的注册码。”,双击:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004CCCE8(C)
|
:004CCD8E 8D45F8
lea eax, dword ptr [ebp-08]
:004CCD91 BA20D24C00 mov edx,
004CD220
:004CCD96 E8B170F3FF call 00403E4C
:004CCD9B 8D85C4FEFFFF lea eax, dword
ptr [ebp+FFFFFEC4]
:004CCDA1 50
push eax
:004CCDA2 8D95C0FEFFFF lea edx, dword
ptr [ebp+FFFFFEC0]
:004CCDA8 8B8634050000 mov eax, dword
ptr [esi+00000534]
:004CCDAE E86D54F6FF call 00432220
:004CCDB3 8B85C0FEFFFF mov eax, dword
ptr [ebp+FFFFFEC0]
:004CCDB9 50
push eax
:004CCDBA 8B45F8
mov eax, dword ptr [ebp-08]
:004CCDBD E88270F3FF call 00403E44
:004CCDC2 8BC8
mov ecx, eax
:004CCDC4 BA03000000 mov edx,
00000003
:004CCDC9 58
pop eax
:004CCDCA E87D72F3FF call 0040404C
:004CCDCF 8D85C4FEFFFF lea eax, dword
ptr [ebp+FFFFFEC4]
:004CCDD5 BA2CD24C00 mov edx,
004CD22C
:004CCDDA E86D70F3FF call 00403E4C
:004CCDDF 8B85C4FEFFFF mov eax, dword
ptr [ebp+FFFFFEC4]
:004CCDE5 50
push eax
:004CCDE6 8D95BCFEFFFF lea edx, dword
ptr [ebp+FFFFFEBC]
:004CCDEC 8B45F8
mov eax, dword ptr [ebp-08]
:004CCDEF E8D4B8F3FF call 004086C8
:004CCDF4 8B95BCFEFFFF mov edx, dword
ptr [ebp+FFFFFEBC]
:004CCDFA 58
pop eax
:004CCDFB E85471F3FF call 00403F54
:004CCE00 744A
je 004CCE4C <======== 将“74”改为“EB”
:004CCE02 6A00
push 00000000
:004CCE04 668B0D40D14C00 mov cx, word ptr
[004CD140]
:004CCE0B B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"对不起,注册码错误,如果您已经付费请与作者联系"
->"以获得正确的注册码。"
|
:004CCE0D B878D14C00 mov eax,
004CD178
:004CCE12 E81DCDF9FF call 00469B34
:004CCE17 8B8634050000 mov eax, dword
ptr [esi+00000534]
:004CCE1D 8B10
mov edx, dword ptr [eax]
:004CCE1F FF92B0000000 call dword ptr
[edx+000000B0]
:004CCE25 8B8650050000 mov eax, dword
ptr [esi+00000550]
:004CCE2B 33D2
xor edx, edx
:004CCE2D E80653F6FF call 00432138
:004CCE32 8B8674070000 mov eax, dword
ptr [esi+00000774]
:004CCE38 B201
mov dl, 01
:004CCE3A E8F952F6FF call 00432138
:004CCE3F 33C0
xor eax, eax
:004CCE41 5A
pop edx
:004CCE42 59
pop ecx
:004CCE43 59
pop ecx
:004CCE44 648910
mov dword ptr fs:[eax], edx
:004CCE47 E950020000 jmp 004CD09C
2. 破解网上验证:
根据“串式参考”找到注册错误提示信息“在线验证用户信息失败,如果您确实已经付费,请稍后再试或与作者联系。”,双击:
为了提高可靠性,这个软件共使用4个服务器进行验证:
如果与第一个服务器连接成功了,就注册成功;
如果与第一个服务器的连接不成功,就改用第二个服务器进行连接;
如果4个服务器都连接不上,则注册失败;
破解时只要使第一个服务器注册成功即可,不必再理会后面的3个备份服务器。
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004CCE00(C)
|
:004CCE4C 8B8650050000 mov eax, dword
ptr [esi+00000550]
* Possible StringData Ref from Code Obj ->"正在通过网络服务器1验证用户信息..."
|
:004CCE52 BA38D24C00 mov edx,
004CD238
:004CCE57 E8F453F6FF call 00432250
* Possible StringData Ref from Code Obj ->"http://www.jinfengnet.com/user/dat/"
|
:004CCE5C 6864D24C00 push 004CD264
:004CCE61 FF75E8
push [ebp-18]
* Possible StringData Ref from Code Obj ->".jf"
|
:004CCE64 6890D24C00 push 004CD290
:004CCE69 8D85B8FEFFFF lea eax, dword
ptr [ebp+FFFFFEB8]
:004CCE6F BA03000000 mov edx,
00000003
:004CCE74 E88B70F3FF call 00403F04
:004CCE79 8B85B8FEFFFF mov eax, dword
ptr [ebp+FFFFFEB8]
:004CCE7F E8B8D6FEFF call 004BA53C
:004CCE84 84C0
test al, al
:004CCE86 0F85F4000000 jne 004CCF80
<======== 将“85”改为“84”
:004CCE8C 8B8650050000 mov eax, dword
ptr [esi+00000550]
* Possible StringData Ref from Code Obj ->"正在通过网络服务器2验证用户信息..."
|
:004CCE92 BA9CD24C00 mov edx,
004CD29C
:004CCE97 E8B453F6FF call 00432250
* Possible StringData Ref from Code Obj ->"http://go7.163.com/jinfengnet/user/dat/"
|
:004CCE9C 68C8D24C00 push 004CD2C8
:004CCEA1 FF75E8
push [ebp-18]
* Possible StringData Ref from Code Obj ->".jf"
|
:004CCEA4 6890D24C00 push 004CD290
:004CCEA9 8D85B4FEFFFF lea eax, dword
ptr [ebp+FFFFFEB4]
:004CCEAF BA03000000 mov edx,
00000003
:004CCEB4 E84B70F3FF call 00403F04
:004CCEB9 8B85B4FEFFFF mov eax, dword
ptr [ebp+FFFFFEB4]
:004CCEBF E878D6FEFF call 004BA53C
:004CCEC4 84C0
test al, al
:004CCEC6 0F85B4000000 jne 004CCF80
<======== 转向同一个地址004CCF80
:004CCECC 8B8650050000 mov eax, dword
ptr [esi+00000550]
* Possible StringData Ref from Code Obj ->"正在通过网络服务器3验证用户信息..."
|
:004CCED2 BAF8D24C00 mov edx,
004CD2F8
:004CCED7 E87453F6FF call 00432250
* Possible StringData Ref from Code Obj ->"http://jinfengnet.myrice.com/user/dat/"
|
:004CCEDC 6824D34C00 push 004CD324
:004CCEE1 FF75E8
push [ebp-18]
* Possible StringData Ref from Code Obj ->".jf"
|
:004CCEE4 6890D24C00 push 004CD290
:004CCEE9 8D85B0FEFFFF lea eax, dword
ptr [ebp+FFFFFEB0]
:004CCEEF BA03000000 mov edx,
00000003
:004CCEF4 E80B70F3FF call 00403F04
:004CCEF9 8B85B0FEFFFF mov eax, dword
ptr [ebp+FFFFFEB0]
:004CCEFF E838D6FEFF call 004BA53C
:004CCF04 84C0
test al, al
:004CCF06 7578
jne 004CCF80 <======== 转向同一个地址004CCF80
:004CCF08 8B8650050000 mov eax, dword
ptr [esi+00000550]
* Possible StringData Ref from Code Obj ->"正在通过网络服务器4验证用户信息..."
|
:004CCF0E BA54D34C00 mov edx,
004CD354
:004CCF13 E83853F6FF call 00432250
* Possible StringData Ref from Code Obj ->"http://jinfengsoft.home.chinaren.com/user/dat/"
|
:004CCF18 6880D34C00 push 004CD380
:004CCF1D FF75E8
push [ebp-18]
* Possible StringData Ref from Code Obj ->".htm"
|
:004CCF20 68B8D34C00 push 004CD3B8
:004CCF25 8D85ACFEFFFF lea eax, dword
ptr [ebp+FFFFFEAC]
:004CCF2B BA03000000 mov edx,
00000003
:004CCF30 E8CF6FF3FF call 00403F04
:004CCF35 8B85ACFEFFFF mov eax, dword
ptr [ebp+FFFFFEAC]
:004CCF3B E8FCD5FEFF call 004BA53C
:004CCF40 84C0
test al, al
:004CCF42 753C
jne 004CCF80 <======== 转向同一个地址004CCF80
:004CCF44 6A00
push 00000000
:004CCF46 668B0D40D14C00 mov cx, word ptr
[004CD140]
:004CCF4D B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"在线验证用户信息失败,如果您确实已经付费,请稍"
->"后再试或与作者联系。"
|
:004CCF4F B8C8D34C00 mov eax,
004CD3C8
:004CCF54 E8DBCBF9FF call 00469B34
:004CCF59 8B8650050000 mov eax, dword
ptr [esi+00000550]
:004CCF5F 33D2
xor edx, edx
:004CCF61 E8D251F6FF call 00432138
:004CCF66 8B8674070000 mov eax, dword
ptr [esi+00000774]
:004CCF6C B201
mov dl, 01
:004CCF6E E8C551F6FF call 00432138
:004CCF73 33C0
xor eax, eax
:004CCF75 5A
pop edx
:004CCF76 59
pop ecx
:004CCF77 59
pop ecx
:004CCF78 648910
mov dword ptr fs:[eax], edx
:004CCF7B E91C010000 jmp 004CD09C
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004CCE86(C), :004CCEC6(C), :004CCF06(C), :004CCF42(C)
<======== 可以从4个地方转来
|
:004CCF80 B201
mov dl, 01 <======== 验证成功,就转到此处
:004CCF82 A164514800 mov eax,
dword ptr [00485164]
:004CCF87 E8D882FBFF call 00485264
:004CCF8C 8BD8
mov ebx, eax
:004CCF8E BA00000080 mov edx,
80000000
:004CCF93 8BC3
mov eax, ebx
:004CCF95 E86A83FBFF call 00485304
:004CCF9A 8D85A8FEFFFF lea eax, dword
ptr [ebp+FFFFFEA8]
:004CCFA0 E83FD1FEFF call 004BA0E4
:004CCFA5 8B95A8FEFFFF mov edx, dword
ptr [ebp+FFFFFEA8]
:004CCFAB 8BC3
mov eax, ebx
:004CCFAD E8B683FBFF call 00485368
:004CCFB2 8D85A4FEFFFF lea eax, dword
ptr [ebp+FFFFFEA4]
:004CCFB8 E827D1FEFF call 004BA0E4
:004CCFBD 8B95A4FEFFFF mov edx, dword
ptr [ebp+FFFFFEA4]
:004CCFC3 B101
mov cl, 01
:004CCFC5 8BC3
mov eax, ebx
:004CCFC7 E87884FBFF call 00485444
:004CCFCC 8D85A0FEFFFF lea eax, dword
ptr [ebp+FFFFFEA0]
:004CCFD2 E8A9F4FEFF call 004BC480
:004CCFD7 8B8DA0FEFFFF mov ecx, dword
ptr [ebp+FFFFFEA0]
:004CCFDD 33D2
xor edx, edx
:004CCFDF 8BC3
mov eax, ebx
:004CCFE1 E8FA85FBFF call 004855E0
:004CCFE6 8BC3
mov eax, ebx
:004CCFE8 E8E782FBFF call 004852D4
:004CCFED 8D859CFEFFFF lea eax, dword
ptr [ebp+FFFFFE9C]
:004CCFF3 E8F0D9FEFF call 004BA9E8
:004CCFF8 8B959CFEFFFF mov edx, dword
ptr [ebp+FFFFFE9C]
:004CCFFE 8BC3
mov eax, ebx
:004CD000 E86383FBFF call 00485368
:004CD005 8D8598FEFFFF lea eax, dword
ptr [ebp+FFFFFE98]
:004CD00B E8D8D9FEFF call 004BA9E8
:004CD010 8B9598FEFFFF mov edx, dword
ptr [ebp+FFFFFE98]
:004CD016 B101
mov cl, 01
:004CD018 8BC3
mov eax, ebx
:004CD01A E82584FBFF call 00485444
:004CD01F 8D8594FEFFFF lea eax, dword
ptr [ebp+FFFFFE94]
:004CD025 E8D6D4FEFF call 004BA500
:004CD02A 8B8D94FEFFFF mov ecx, dword
ptr [ebp+FFFFFE94]
:004CD030 33D2
xor edx, edx
:004CD032 8BC3
mov eax, ebx
:004CD034 E8A785FBFF call 004855E0
:004CD039 8BC3
mov eax, ebx
:004CD03B E89482FBFF call 004852D4
:004CD040 8BC3
mov eax, ebx
:004CD042 E8B55EF3FF call 00402EFC
:004CD047 C605880E4E0001 mov byte ptr [004E0E88],
01
:004CD04E B87C0E4E00 mov eax,
004E0E7C
:004CD053 E86C6BF3FF call 00403BC4
:004CD058 B8800E4E00 mov eax,
004E0E80
:004CD05D E8626BF3FF call 00403BC4
* Possible StringData Ref from Code Obj ->"恭喜!您已注册为付费用户了。"
|
:004CD062 B814D44C00 mov eax,
004CD414
:004CD067 E8C0CBF9FF call 00469C2C
:004CD06C 8B8650050000 mov eax, dword
ptr [esi+00000550]
* Possible StringData Ref from Code Obj ->"您已注册为付费用户了"
可以使用UltraEdit进行修改,修改完毕后,就是真正的“破解版”了。
注册时需在线,点击用户注册选项,输入盘符(一般填“c”),并随便输入假用户注册码(20位任意数字),点击“付费用户注册”,注册成功!
太棒了!
By the way,这个版本(V2.4)的软件中有不少Bug,例如:发送出去的邮件的“发送时间”不对。
马震宇
2001.8.17.
- 标 题:暴力破解:金锋邮件群发 V2.4 (价值125元!) (12千字)
- 作 者:mazhenyu
- 时 间:2001-8-17 16:35:15
- 链 接:http://bbs.pediy.com