申请加入BCG之第一篇!------LC3破解!
作 者:红潮风暴
破解对象:LC3
软件地址:http://www.atstake.com/research/lc3/application/lc3setup02.exe
工 具:W32DASM
TRW2000
破解日期:21/9
整 理:5/10
由于得到好友发来SAM文件请求协助破解。唯有找到LC3-----号称最经典的NT密码破解工具。
经使用后发现要注册后方可使用暴力破解!有没有搞错?想向我要注册费?对于刚到看雪学苑“进修”了少少的我来说,肯定不答应!~-~ 唔!抱着试试看的心态决定拿它开刀。
启动LC3后输入密码得出出错信息!记下来!退出!
用W32DASM反汇编后找到出错信息:"you have entered an invalid code.please try again"
双击后来到“016F:00411572 PUSH 004790C4” 往上看,找到016F:00411549
TEST EAX,EAX嘿嘿,肯定有料到!唔!最后在
016F:00411534 CALL 00404E10
016F:00411539 MOV EAX,[EDI]
016F:0041153B LEA EDX,[ESP+28]
016F:0041153F PUSH EDX
016F:00411540 PUSH EAX
016F:00411541 CALL 0042FAB9
范围中确定。
运行LC3填写注册码12345678后
运行TRW,下BPX 00411534
G
回来,点确定,拦截
016F:004114FE PUSH EBP
016F:004114FF LEA ECX,[ESP+0190]
016F:00411506 CALL 00447124
016F:0041150B LEA ECX,[ESP+0130]
016F:00411512 CALL 00447F60
016F:00411517 CMP EAX,BYTE +01
016F:0041151A JNZ 00411596
016F:0041151C LEA EAX,[ESP+0190]
016F:00411523 PUSH EAX
016F:00411524 MOV ECX,EDI
016F:00411526 CALL 00447124
016F:0041152B MOV EAX,[EBP+00]
016F:0041152E LEA ECX,[ESP+20]
016F:00411532 PUSH ECX
016F:00411533 PUSH EAX
016F:00411534 CALL 00404E10 在此中断《-----发现给出的序列号
016F:00411539 MOV EAX,[EDI]
016F:0041153B LEA EDX,[ESP+28] 〈-----下D EAX你输入的注册码“12345678”,再下D
ESP+28真注册 016F:0041153F PUSH EDX
码
016F:00411540 PUSH EAX
016F:00411541 CALL 0042FAB9
016F:00411546 ADD ESP,BYTE +10
016F:00411549 TEST EAX,EAX
016F:0041154B JNZ 00411570
016F:0041154D MOV EAX,[EDI]
016F:0041154F PUSH EAX
016F:00411550 PUSH DWORD 00479014
016F:00411555 PUSH DWORD 00479020
016F:0041155A MOV ECX,ESI
016F:0041155C MOV [ESI+0114],EBX
016F:00411562 CALL 00456158
016F:00411567 PUSH EBX
016F:00411568 PUSH EBX
016F:00411569 PUSH DWORD 004790F8
016F:0041156E JMP SHORT 00411577
016F:00411570 PUSH EBX
016F:00411571 PUSH EBX
016F:00411572 PUSH 004790C4
收工。看一看表,从反汇编至完工费时3分钟!
注:小弟手头上现有SAM文件一大把,然而机子速度太慢,愧对好友!不知可有网友愿意协助破解,不胜感激!谢谢!
红潮风暴
2001 10 5
23:27
- 标 题:申请加入BCG之第一篇!------LC3破解! (2千字)
- 作 者:红潮风暴
- 时 间:2001-10-6 0:13:53
- 链 接:http://bbs.pediy.com