今天上班回来睡了一觉,后来拿这个软件来玩,发现里面有较多的比较。时不时跳出一个注册码错误的对话框。在411c50,408a1a,和45a036附近的跳转改为jmp,jmp,nopnop.随便输入注册码,不出错,但还是没用。前面检测的地方还是没改到,重新运行又为试用版。总之,没搞定。:-(
这里是破它验证注册码和注册类型的地方,注册窗口的破解在上面所说的地方。
终于搞定!
OK!大功告成,打个Kiss!
* Possible StringData Ref from Code Obj ->"REGID"
|
:0045A218 B9E0A34500 MOV ECX,
0045A3E0
* Possible StringData Ref from Code Obj ->"APPINFO"
|
:0045A21D BAF0A34500 MOV EDX,
0045A3F0
:0045A222 8BC3
MOV EAX, EBX
:0045A224 8B38
MOV EDI, dword PTR [EAX]
:0045A226 FF17
CALL dword PTR [EDI]
:0045A228 6A00
PUSH 00000000
:0045A22A 8D45F0
LEA EAX, dword PTR [EBP-10]
:0045A22D 50
PUSH EAX
* Possible StringData Ref from Code Obj ->"REGNAME"
|
:0045A22E B900A44500 MOV ECX,
0045A400
* Possible StringData Ref from Code Obj ->"APPINFO"
|
:0045A233 BAF0A34500 MOV EDX,
0045A3F0
:0045A238 8BC3
MOV EAX, EBX
:0045A23A 8B38
MOV EDI, dword PTR [EAX]
:0045A23C FF17
CALL dword PTR [EDI]
:0045A23E 8B45F8
MOV EAX, dword PTR [EBP-08]
:0045A241 8B00
MOV EAX, dword PTR [EAX]
:0045A243 50
PUSH EAX
:0045A244 8D45E0
LEA EAX, dword PTR [EBP-20]
:0045A247 50
PUSH EAX
* Possible StringData Ref from Code Obj ->"INIPATH"
|
:0045A248 B910A44500 MOV ECX,
0045A410
* Possible StringData Ref from Code Obj ->"APPINFO"
|
:0045A24D BAF0A34500 MOV EDX,
0045A3F0
:0045A252 8BC3
MOV EAX, EBX
:0045A254 8B38
MOV EDI, dword PTR [EAX]
:0045A256 FF17
CALL dword PTR [EDI]
:0045A258 8B55E0
MOV EDX, dword PTR [EBP-20]
:0045A25B 8B45F8
MOV EAX, dword PTR [EBP-08]
:0045A25E E8ED99FAFF CALL 00403C50
:0045A263 8BC3
MOV EAX, EBX
:0045A265 E80A8DFAFF CALL 00402F74
:0045A26A 8D45E8
LEA EAX, dword PTR [EBP-18]
:0045A26D E88A99FAFF CALL 00403BFC
:0045A272 83CBFF
OR EBX, FFFFFFFF
:0045A275 8B45F4
MOV EAX, dword PTR [EBP-0C]
:0045A278 BA20A44500 MOV EDX,
0045A420
:0045A27D E80A9DFAFF CALL 00403F8C
:0045A282 761F
JBE 0045A2A3 ;----->让它一定跳,改为“EB1F”
:0045A284 A11CF84A00 MOV EAX,
dword PTR [004AF81C]
:0045A289 8B00
MOV EAX, dword PTR [EAX]
:0045A28B 50
PUSH EAX
:0045A28C 6A00
PUSH 00000000
:0045A28E 8B0DE4F74A00 MOV ECX, dword
PTR [004AF7E4]
:0045A294 8B09
MOV ECX, dword PTR [ECX]
:0045A296 8B55F4
MOV EDX, dword PTR [EBP-0C]
:0045A299 8B45F0
MOV EAX, dword PTR [EBP-10]
:0045A29C E873FAFFFF CALL 00459D14
:0045A2A1 8BD8
MOV EBX, EAX
* Referenced by a (U)nconditional OR (C)onditional Jump at Address:
|:0045A282(C)
|
:0045A2A3 85DB
TEST EBX, EBX
:0045A2A5 0F8CF8000000 JL 0045A3A3
;------>别跳了,改为“909090909090”
:0045A2AB 8D45DC
LEA EAX, dword PTR [EBP-24]
:0045A2AE 8B4DF0
MOV ECX, dword PTR [EBP-10]
* Possible StringData Ref from Code Obj ->"User Name "
|
:0045A2B1 BA2CA44500 MOV EDX,
0045A42C
:0045A2B6 E80D9CFAFF CALL 00403EC8
:0045A2BB 8B55DC
MOV EDX, dword PTR [EBP-24]
:0045A2BE 8BC6
MOV EAX, ESI
:0045A2C0 8B08
MOV ECX, dword PTR [EAX]
:0045A2C2 FF5134
CALL [ECX+34]
:0045A2C5 8D45D8
LEA EAX, dword PTR [EBP-28]
:0045A2C8 8B4DF4
MOV ECX, dword PTR [EBP-0C]
* Possible StringData Ref from Code Obj ->"Registration ID "
|
:0045A2CB BA40A44500 MOV EDX,
0045A440
:0045A2D0 E8F39BFAFF CALL 00403EC8
:0045A2D5 8B55D8
MOV EDX, dword PTR [EBP-28]
:0045A2D8 8BC6
MOV EAX, ESI
:0045A2DA 8B08
MOV ECX, dword PTR [EAX]
:0045A2DC FF5134
CALL [ECX+34]
:0045A2DF 83EB01
SUB EBX, 00000001
:0045A2E2 7207
JB 0045A2EB ;---->这里,你跳则为Single User,想成为“Single
User”吗?
; 想就改为“EB07”,不想就算了;
:0045A2E4 7421
JE 0045A307 ;---->想成为"Site user"吗?想就改为“EB21”,不想就算了
:0045A2E6 4B
DEC EBX
:0045A2E7 743A
JE 0045A323 ;---->想成为“Royalty Free
user”吗?不想就没机会了,还是
; 改成“EB3A”吧,呵呵呵!
:0045A2E9 EB5F
JMP 0045A34A
* Referenced by a (U)nconditional OR (C)onditional Jump at Address:
|:0045A2E2(C)
|
:0045A2EB 8D45E4
LEA EAX, dword PTR [EBP-1C]
* Possible StringData Ref from Code Obj ->"Single User"
|
:0045A2EE BA5CA44500 MOV EDX,
0045A45C
:0045A2F3 E89C99FAFF CALL 00403C94
:0045A2F8 8D45EC
LEA EAX, dword PTR [EBP-14]
* Possible StringData Ref from Code Obj ->"This is a registered version of "
;--->这是单用户的授权书吧?自己翻译吧
->"ShowURL.
You may use the software "
->"on any single
computer, or use "
->"the software
on a network, provided "
->"that each
person accessing the "
->"Software through
the network must "
->"have a registered
version of ShowURL"
|
:0045A2FB BA70A44500 MOV EDX,
0045A470
:0045A300 E88F99FAFF CALL 00403C94
:0045A305 EB43
JMP 0045A34A
* Referenced by a (U)nconditional OR (C)onditional Jump at Address:
|:0045A2E4(C)
|
:0045A307 8D45E4
LEA EAX, dword PTR [EBP-1C]
* Possible StringData Ref from Code Obj ->"Site"
|
:0045A30A BA64A54500 MOV EDX,
0045A564
:0045A30F E88099FAFF CALL 00403C94
:0045A314 8D45EC
LEA EAX, dword PTR [EBP-14]
* Possible StringData Ref from Code Obj ->"Using of this software on any "
;----->这是站点的授权书吧?自己翻译吧
->"number of
computers and networks "
->"is hereby
granted. Provided that "
->"all computers
must be within a "
->"same building,
and is owned by "
->"%s"
|
:0045A317 BA74A54500 MOV EDX,
0045A574
:0045A31C E87399FAFF CALL 00403C94
:0045A321 EB27
JMP 0045A34A
* Referenced by a (U)nconditional OR (C)onditional Jump at Address:
|:0045A2E7(C)
|
:0045A323 8D45E4
LEA EAX, dword PTR [EBP-1C]
* Possible StringData Ref from Code Obj ->"Royalty Free"
;---->这是“皇室免费”的授权书吧?自己翻译吧
|
:0045A326 BA20A64500 MOV EDX,
0045A620
:0045A32B E86499FAFF CALL 00403C94
:0045A330 8D45EC
LEA EAX, dword PTR [EBP-14]
* Possible StringData Ref from Code Obj ->"The right to distribute ShowURL "
->"on a royalty
free basis is hereby "
->"granted to
%s. "
|
:0045A333 BA38A64500 MOV EDX,
0045A638
:0045A338 E85799FAFF CALL 00403C94
:0045A33D 8D45E8
LEA EAX, dword PTR [EBP-18]
* Possible StringData Ref from Code Obj ->"ShowURL may not be resold as an "
->"application.
The right to distribute "
->"ShowURL does
not pass to users "
->"other than
registerd users shown "
->"above."
|
:0045A340 BA94A64500 MOV EDX,
0045A694
:0045A345 E84A99FAFF CALL 00403C94
* Referenced by a (U)nconditional OR (C)onditional Jump at Addresses:
|:0045A2E9(U), :0045A305(U), :0045A321(U)
|
:0045A34A 8D45D4
LEA EAX, dword PTR [EBP-2C]
:0045A34D 8B4DE4
MOV ECX, dword PTR [EBP-1C]
* Possible StringData Ref from Code Obj ->"License Type "
;---->这是你的执照类型,你是选的哪种?我选的是“站点”
|
;
你呢?
:0045A350 BA2CA74500 MOV EDX,
0045A72C
:0045A355 E86E9BFAFF CALL 00403EC8
:0045A35A 8B55D4
MOV EDX, dword PTR [EBP-2C]
:0045A35D 8BC6
MOV EAX, ESI
:0045A35F 8B08
MOV ECX, dword PTR [EAX]
:0045A361 FF5134
CALL [ECX+34]
:0045A364 BA20A44500 MOV EDX,
0045A420
:0045A369 8BC6
MOV EAX, ESI
:0045A36B 8B08
MOV ECX, dword PTR [EAX]
:0045A36D FF5134
CALL [ECX+34]
:0045A370 8D45D0
LEA EAX, dword PTR [EBP-30]
:0045A373 50
PUSH EAX
:0045A374 8B45F0
MOV EAX, dword PTR [EBP-10]
:0045A377 8945C8
MOV dword PTR [EBP-38], EAX
:0045A37A C645CC0B MOV
[EBP-34], 0B
:0045A37E 8D55C8
LEA EDX, dword PTR [EBP-38]
:0045A381 33C9
XOR ECX, ECX
:0045A383 8B45EC
MOV EAX, dword PTR [EBP-14]
:0045A386 E8C1F3FAFF CALL 0040974C
:0045A38B 8B55D0
MOV EDX, dword PTR [EBP-30]
:0045A38E 8BC6
MOV EAX, ESI
:0045A390 8B08
MOV ECX, dword PTR [EAX]
:0045A392 FF5134
CALL [ECX+34]
:0045A395 8B55E8
MOV EDX, dword PTR [EBP-18]
:0045A398 8BC6
MOV EAX, ESI
:0045A39A 8B08
MOV ECX, dword PTR [EAX]
:0045A39C FF5134
CALL [ECX+34]
:0045A39F B301
MOV BL, 01
:0045A3A1 EB02
JMP 0045A3A5
* Referenced by a (U)nconditional OR (C)onditional Jump at Address:
|:0045A2A5(C)
|
:0045A3A3 33DB
XOR EBX, EBX
* Referenced by a (U)nconditional OR (C)onditional Jump at Address:
|:0045A3A1(U)
|
:0045A3A5 33C0
XOR EAX, EAX
- 标 题:应妖二妖二的要求,贴上SHOWURL的破解过程。 (11千字)
- 作 者:hsf
- 时 间:2001-5-5 14:02:38
- 链 接:http://bbs.pediy.com