软件下载:http://www.ipaopao.com/software/
首先找到ppfes.exe的注册错误提示信息:“Registration Code ERR”
因为真假注册码比较以后才会出现这个提示
========
W32Dasm反汇编和TRW2000一起使用
* 用language查看,程序没有加壳
* 用W32Dasm反汇编,根据“串式参考”找到注册错误提示信息“Registration Code ERR”,双击
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00461CB4(C)
|
:00461DBA 6A00
push 00000000
* Possible StringData Ref from Code Obj ->"警告!"
|
:00461DBC B97C1E4600 mov ecx,
00461E7C
* Possible StringData Ref from Code Obj ->"Registration Code ERR!"
|
:00461DC1 BA841E4600 mov edx,
00461E84
:00461DC6 A16C7F4600 mov eax,
dword ptr [00467F6C]
:00461DCB 8B00
mov eax, dword ptr [eax]
:00461DCD E8BE0BFEFF call 00442990
发现是从00461CB4跳转过来的,鼠标右键双击00461CB4
:00461C93 8B8598FDFFFF mov eax, dword
ptr [ebp+FFFFFD98]
:00461C99 50
push eax
:00461C9A 8D9594FDFFFF lea edx, dword
ptr [ebp+FFFFFD94]
:00461CA0 8B45FC
mov eax, dword ptr [ebp-04]
:00461CA3 E830DBFFFF call 0045F7D8
:00461CA8 8B9594FDFFFF mov edx, dword
ptr [ebp+FFFFFD94]
:00461CAE 58
pop eax
:00461CAF E8AC21FAFF call 00403E60
:00461CB4 0F8500010000 jne 00461DBA
:00461CBA 33D2
xor edx, edx
:00461CBC A1F89A4600 mov eax,
dword ptr [00469AF8]
:00461CC1 E80EAAFDFF call 0043C6D4
:00461CC6 6890000000 push 00000090
:00461CCB 8D859FFDFFFF lea eax, dword
ptr [ebp+FFFFFD9F]
:00461CD1 50
push eax
对照“风飘雪”的破解教程,发现可疑的关键Call在00461CAF
打开TRW2000
在ppfes.exe的注册栏中填入注册码“87654321”(注:“密钥”是自动生成的,我的为“bPfuFEVQUP1L2/==”),但不点击“注册”
“Ctrl+N”激活TRW2000
在00461CAE处下断点:bpx 00461CAE,回车,然后按“F5”退出
点击ppfes.exe注册栏中的“注册”
程序被中断
按一下“F10”来到00461CAF
结果在00461CAF处找到真假注册码:
d eax=87654321
d edx=+tc48PbZ3Se/0HtI9ygoSy==
注意:这个24位的注册码是分两行出现的:
+tc48PbZ3Se/0HtI
9ygoSy==
用注册码“+tc48PbZ3Se/0HtI9ygoSy==”进行注册,注册成功!
太棒了!
马震宇
2001.8.16.
- 标 题:破解:Fast Email Searcher V1.0 (价值580元!) (2千字)
- 作 者:mazhenyu
- 时 间:2001-8-17 12:24:51
- 链 接:http://bbs.pediy.com