本筆記看著有點迷糊可以參考我CS4的破解
傳送門::http://bbs.pediy.com/showthread.php?t=107136
//amtlib.dll從3MB左右變化到不到1MB,估摸著以前的方法是不管用了,碰碰看了.
//根據以前CS4的破解,故查找"Forcing first launch workflow at product request"
代码:
//地址: 65EDDA8B |> \68 14ABF665 push 65F6AB14 ; ASCII "Forcing first launch workflow at product request." 65EDDA90 |. EB 05 jmp short 65EDDA97 65EDDA92 |> 68 C0AAF665 push 65F6AAC0 ; ASCII "Forcing first launch workflow because product is not licensed from previous launch." 65EDDA97 |> 6A 00 push 0 65EDDA99 |. 6A 04 push 4 65EDDA9B |. 68 0863F665 push 65F66308 ; ASCII "AMT" 65EDDAA0 |. E8 7BEDFDFF call 65EBC820 65EDDAA5 |. 50 push eax 65EDDAA6 |. E8 95040200 call 65EFDF40 65EDDAAB |. 83C4 14 add esp, 14 65EDDAAE |. 6A 00 push 0 65EDDAB0 |. 8BCE mov ecx, esi 65EDDAB2 |. E8 59E9FFFF call 65EDC410 ;按CS4的方法, //同的一大段就找到了,直接行PSCS5,在下: 65EDC410 /$ 83EC 0C sub esp, 0C 65EDC413 |. 55 push ebp 65EDC414 |. 56 push esi 65EDC415 |. 57 push edi 65EDC416 |. 8B7C24 1C mov edi, dword ptr [esp+1C] 65EDC41A |. 8BF1 mov esi, ecx 65EDC41C |. 85FF test edi, edi 65EDC41E |. 75 0A jnz short 65EDC42A 65EDC420 |. C74424 0C F0A>mov dword ptr [esp+C], 65F6A6F0 ; ASCII "Obtain" 65EDC428 |. EB 15 jmp short 65EDC43F 65EDC42A |> C74424 0C E8A>mov dword ptr [esp+C], 65F6A6E8 ; ASCII "Validat" 65EDC432 |. 83FF 02 cmp edi, 2 65EDC435 |. 74 08 je short 65EDC43F 65EDC437 |. C74424 0C DCA>mov dword ptr [esp+C], 65F6A6DC ; ASCII "PreValidat" 65EDC43F |> 8B6C24 0C mov ebp, dword ptr [esp+C] 65EDC443 |. 55 push ebp 65EDC444 |. 68 C0A6F665 push 65F6A6C0 ; ASCII "AMT: %sing Product License." 65EDC449 |. 68 B8A6F665 push 65F6A6B8 ; ASCII "%sing" 65EDC44E |. 6A 04 push 4 65EDC450 |. 68 0863F665 push 65F66308 ; ASCII "AMT" 65EDC455 |. E8 C603FEFF call 65EBC820 65EDC45A |. 50 push eax 65EDC45B |. E8 E01A0200 call 65EFDF40 65EDC460 |. 83C4 18 add esp, 18 65EDC463 |. 807E 5C 00 cmp byte ptr [esi+5C], 0 65EDC467 |. 74 21 je short 65EDC48A 65EDC469 |. 68 88A6F665 push 65F6A688 ; ASCII "Launch Workflow already done in this session." 65EDC46E |. 6A 00 push 0 65EDC470 |. 6A 04 push 4 65EDC472 |. 68 0863F665 push 65F66308 ; ASCII "AMT" 65EDC477 |. E8 A403FEFF call 65EBC820 65EDC47C |. 50 push eax 65EDC47D |. E8 BE1A0200 call 65EFDF40 65EDC482 |. 83C4 14 add esp, 14 65EDC485 |. E9 A1010000 jmp 65EDC62B 65EDC48A |> 83FF 01 cmp edi, 1 65EDC48D |. 75 07 jnz short 65EDC496 65EDC48F |. 68 58A6F665 push 65F6A658 ; ASCII "Launch Workflow not yet done in this session." 65EDC494 |. EB 05 jmp short 65EDC49B 65EDC496 |> 68 1CA6F665 push 65F6A61C ; ASCII "Launch Workflow not yet done in foreground in this session." 65EDC49B |> 6A 00 push 0 65EDC49D |. 6A 04 push 4 65EDC49F |. 68 0863F665 push 65F66308 ; ASCII "AMT" 65EDC4A4 |. E8 7703FEFF call 65EBC820 65EDC4A9 |. 50 push eax 65EDC4AA |. E8 911A0200 call 65EFDF40 65EDC4AF |. 83C4 14 add esp, 14 65EDC4B2 |. 57 push edi 65EDC4B3 |. 8BCE mov ecx, esi 65EDC4B5 |. E8 66F7FFFF call 65EDBC20 ;需要跟去 65EDC4BA |. 807E 21 00 cmp byte ptr [esi+21], 0 65EDC4BE |. 0F85 09010000 jnz 65EDC5CD 65EDC4C4 |. 807E 22 00 cmp byte ptr [esi+22], 0 65EDC4C8 |. 0F85 FF000000 jnz 65EDC5CD 65EDC4CE |. 83FF 01 cmp edi, 1 65EDC4D1 |. 0F85 F6000000 jnz 65EDC5CD 65EDC4D7 |. 8B4E 1C mov ecx, dword ptr [esi+1C] 65EDC4DA |. E8 B102FEFF call 65EBC790 65EDC4DF |. 84C0 test al, al 65EDC4E1 |. 0F85 E6000000 jnz 65EDC5CD 65EDC4E7 |. 68 D8A5F665 push 65F6A5D8 ; ASCII "Calling AUM API to create scheduler entry to be used by updater." 65EDC4EC |. 6A 00 push 0 65EDC4EE |. 6A 04 push 4 65EDC4F0 |. 68 0863F665 push 65F66308 ; ASCII "AMT" 65EDC4F5 |. E8 2603FEFF call 65EBC820 65EDC4FA |. 50 push eax 65EDC4FB |. E8 401A0200 call 65EFDF40 65EDC500 |. 83C4 14 add esp, 14 65EDC503 |. E8 58A30200 call 65F06860 65EDC508 |. 8BE8 mov ebp, eax 65EDC50A |. 85ED test ebp, ebp 65EDC50C |. 0F84 9F000000 je 65EDC5B1 65EDC512 |. 8D4424 10 lea eax, dword ptr [esp+10] 65EDC516 |. 50 push eax 65EDC517 |. 8DBE 50030000 lea edi, dword ptr [esi+350] 65EDC51D |. 57 push edi 65EDC51E |. 55 push ebp 65EDC51F |. C707 01000000 mov dword ptr [edi], 1 65EDC525 |. C74424 1C 000>mov dword ptr [esp+1C], 0 65EDC52D |. E8 EEA60200 call 65F06C20 65EDC532 |. 83C4 0C add esp, 0C 65EDC535 |. 837C24 10 00 cmp dword ptr [esp+10], 0 65EDC53A |. 74 4A je short 65EDC586 65EDC53C |. 833F 00 cmp dword ptr [edi], 0 65EDC53F |. 75 45 jnz short 65EDC586 65EDC541 |. 8D4C24 14 lea ecx, dword ptr [esp+14] 65EDC545 |. 51 push ecx 65EDC546 |. 57 push edi 65EDC547 |. 55 push ebp 65EDC548 |. C74424 20 000>mov dword ptr [esp+20], 0 65EDC550 |. E8 EBA40200 call 65F06A40 65EDC555 |. 8B17 mov edx, dword ptr [edi] 65EDC557 |. 83C4 0C add esp, 0C 65EDC55A |. 52 push edx 65EDC55B |. 68 B0A5F665 push 65F6A5B0 ; ASCII "AUM GetLEID called with status =%d." 65EDC560 |. 6A 00 push 0 65EDC562 |. 6A 04 push 4 65EDC564 |. 68 0863F665 push 65F66308 ; ASCII "AMT" 65EDC569 |. E8 B202FEFF call 65EBC820 65EDC56E |. 50 push eax 65EDC56F |. E8 CC190200 call 65EFDF40 65EDC574 |. 83C4 18 add esp, 18 65EDC577 |. 55 push ebp 65EDC578 |. E8 031C0200 call 65EFE180 65EDC57D |. 8B7C24 20 mov edi, dword ptr [esp+20] 65EDC581 |. 83C4 04 add esp, 4 65EDC584 |. EB 47 jmp short 65EDC5CD 65EDC586 |> 68 8CA5F665 push 65F6A58C ; ASCII "Updater is not enabled by admin." 65EDC58B |. 6A 00 push 0 65EDC58D |. 6A 04 push 4 65EDC58F |. 68 0863F665 push 65F66308 ; ASCII "AMT" 65EDC594 |. E8 8702FEFF call 65EBC820 65EDC599 |. 50 push eax 65EDC59A |. E8 A1190200 call 65EFDF40 65EDC59F |. 83C4 14 add esp, 14 65EDC5A2 |. 55 push ebp 65EDC5A3 |. E8 D81B0200 call 65EFE180 65EDC5A8 |. 8B7C24 20 mov edi, dword ptr [esp+20] 65EDC5AC |. 83C4 04 add esp, 4 65EDC5AF |. EB 1C jmp short 65EDC5CD 65EDC5B1 |> 68 60A5F665 push 65F6A560 ; ASCII "AUM Service Object failed to get created." 65EDC5B6 |. 6A 00 push 0 65EDC5B8 |. 6A 04 push 4 65EDC5BA |. 68 0863F665 push 65F66308 ; ASCII "AMT" 65EDC5BF |. E8 5C02FEFF call 65EBC820 65EDC5C4 |. 50 push eax 65EDC5C5 |. E8 76190200 call 65EFDF40 65EDC5CA |. 83C4 14 add esp, 14 65EDC5CD |> 837E 0C 02 cmp dword ptr [esi+C], 2 65EDC5D1 |. 75 3C jnz short 65EDC60F 65EDC5D3 |. 8B4E 1C mov ecx, dword ptr [esi+1C] 65EDC5D6 |. E8 F500FEFF call 65EBC6D0 65EDC5DB |. 84C0 test al, al 65EDC5DD |. 74 30 je short 65EDC60F 65EDC5DF |. 8B4E 1C mov ecx, dword ptr [esi+1C] 65EDC5E2 |. E8 4902FEFF call 65EBC830 65EDC5E7 |. 84C0 test al, al 65EDC5E9 |. 74 24 je short 65EDC60F 65EDC5EB |. 83FF 02 cmp edi, 2 65EDC5EE |. 75 1F jnz short 65EDC60F 65EDC5F0 |. 57 push edi 65EDC5F1 |. 8BCE mov ecx, esi 65EDC5F3 |. C746 0C 00000>mov dword ptr [esi+C], 0 65EDC5FA |. E8 A11BFFFF call 65ECE1A0 65EDC5FF |. 6A 00 push 0 65EDC601 |. E8 FA89FFFF call 65ED5000 65EDC606 |. 5F pop edi 65EDC607 |. 5E pop esi 65EDC608 |. 5D pop ebp 65EDC609 |. 83C4 0C add esp, 0C 65EDC60C |. C2 0400 retn 4 65EDC60F |> 837E 0C 00 cmp dword ptr [esi+C], 0 65EDC613 |. 74 12 je short 65EDC627 65EDC615 |. 6A 00 push 0 65EDC617 |. 8BCE mov ecx, esi 65EDC619 |. E8 E289FFFF call 65ED5000 65EDC61E |. 5F pop edi 65EDC61F |. 5E pop esi 65EDC620 |. 5D pop ebp 65EDC621 |. 83C4 0C add esp, 0C 65EDC624 |. C2 0400 retn 4 65EDC627 |> 8B6C24 0C mov ebp, dword ptr [esp+C] 65EDC62B |> 57 push edi 65EDC62C |. 8BCE mov ecx, esi 65EDC62E |. E8 0D38FFFF call 65ECFE40 65EDC633 |. 6A 00 push 0 65EDC635 |. 8BCE mov ecx, esi 65EDC637 |. E8 C489FFFF call 65ED5000 65EDC63C |. 8B76 0C mov esi, dword ptr [esi+C] ; mov dword ptr[esi + c], 1 65EDC63F |. 85F6 test esi, esi ; jmp short 65EDC657 65EDC641 |. 74 14 je short 65EDC657 65EDC643 |. 83FE 01 cmp esi, 1 65EDC646 |. 74 0F je short 65EDC657 65EDC648 |. 55 push ebp 65EDC649 |. 68 38A5F665 push 65F6A538 ; ASCII "ERROR: Failure %sing Product License!" 65EDC64E |. 68 B8A6F665 push 65F6A6B8 ; ASCII "%sing" 65EDC653 |. 6A 02 push 2 65EDC655 |. EB 0D jmp short 65EDC664 65EDC657 |> 55 push ebp 65EDC658 |. 68 1CA5F665 push 65F6A51C ; ASCII "AMT: Product License %sed." 65EDC65D |. 68 14A5F665 push 65F6A514 ; ASCII "%sed" 65EDC662 |. 6A 04 push 4 65EDC664 |> 68 0863F665 push 65F66308 ; ASCII "AMT" 65EDC669 |. E8 B201FEFF call 65EBC820 65EDC66E |. 50 push eax 65EDC66F |. E8 CC180200 call 65EFDF40 65EDC674 |. 83C4 18 add esp, 18 65EDC677 |. 5F pop edi 65EDC678 |. 5E pop esi 65EDC679 |. 5D pop ebp 65EDC67A |. 83C4 0C add esp, 0C 65EDC67D \. C2 0400 retn 4 // 跟後卡死~! 65EDBD64 |. 6A 01 push 1 65EDBD66 |. 55 push ebp 65EDBD67 |. 8BCE mov ecx, esi 65EDBD69 |. E8 125BFFFF call 65ED1880 65EDBD6E |. 84C0 test al, al // 往下点根就到这里,看来这里要跳掉: 6530BED8 |> \E8 E35CFEFF call 652F1BC0 6530BEDD |. 3BC3 cmp eax, ebx ;mov eax, ebx 6530BEDF |. 0F84 AC010000 je 6530C091 ;je-> jmp 6530BEE5 |. 83FD 01 cmp ebp, 1 6530BEE8 |. 75 2B jnz short 6530BF15 6530BEEA |. 68 E8A13965 push 6539A1E8 ; ASCII "Prevalidation finds app not activated. Requiring foreground validate." 6530BEEF |. 6A 00 push 0 6530BEF1 |. 6A 04 push 4 6530BEF3 |> 68 08633965 push 65396308 ; ASCII "AMT" 6530BEF8 |. E8 2309FEFF call 652EC820 6530BEFD |. 50 push eax 6530BEFE |. E8 3D200200 call 6532DF40 6530BF03 |. 83C4 14 add esp, 14 6530BF06 |. 5F pop edi 6530BF07 |. C746 0C 02000>mov dword ptr [esi+C], 2 6530BF0E |. 5E pop esi 6530BF0F |. 5D pop ebp 6530BF10 |. 5B pop ebx 6530BF11 |. 59 pop ecx 6530BF12 |. C2 0400 retn 4 //看来差不多,这里JE一下跳到了激活的地方 6530BF15 |> \807E 21 00 cmp byte ptr [esi+21], 0 6530BF19 |. 74 43 je short 6530BF5E 6530BF1B |. 8B4E 1C mov ecx, dword ptr [esi+1C] 6530BF1E |. E8 9D5CFEFF call 652F1BC0 6530BF23 |. 85C0 test eax, eax 6530BF25 |. 75 07 jnz short 6530BF2E 6530BF27 |. 68 A8A13965 push 6539A1A8 ; ASCII "Headless: Product is not licensed. Doing silent license check." 6530BF2C |. EB 35 jmp short 6530BF63 6530BF2E |> 68 60A13965 push 6539A160 ; ASCII "Headless: Product has a license. Skipping silent license verification." 6530BF33 |. 6A 00 push 0 6530BF35 |. 6A 04 push 4 6530BF37 |. 68 08633965 push 65396308 ; ASCII "AMT" 6530BF3C |. E8 DF08FEFF call 652EC820 6530BF41 |. 50 push eax 6530BF42 |. E8 F91F0200 call 6532DF40 6530BF47 |. 8B4E 1C mov ecx, dword ptr [esi+1C] 6530BF4A |. 83C4 14 add esp, 14 6530BF4D |. 6A 00 push 0 6530BF4F |. 6A 01 push 1 6530BF51 |. E8 8AB7FEFF call 652F76E0 6530BF56 |. 5F pop edi 6530BF57 |. 5E pop esi 6530BF58 |. 5D pop ebp 6530BF59 |. 5B pop ebx 6530BF5A |. 59 pop ecx 6530BF5B |. C2 0400 retn 4 //需要看看如何跳到激活的地方: 6530BF5E |> \68 10A13965 push 6539A110 ; ASCII "Product is not activated. Starting ALM launch-time product licensing UI." 6530BF63 |> 6A 00 push 0 6530BF65 |. 6A 04 push 4 6530BF67 |. 68 08633965 push 65396308 ; ASCII "AMT" 6530BF6C |. E8 AF08FEFF call 652EC820 6530BF71 |. 50 push eax 6530BF72 |. E8 C91F0200 call 6532DF40 //修改後卡死在 65EBAE42 . 51 push ecx 65EBAE43 . E8 08040400 call 65EFB250 65EBAE48 . E8 83000400 call 65EFAED0 ; 65EBAE4D . 8B15 7478F865 mov edx, dword ptr [65F87874] 65EBAE53 . 51 push ecx 65EBAE54 . DD1C24 fstp qword ptr [esp] 65EBAE57 . 68 206FF665 push 65F66F20 ; ASCII "AMTObtainProductLicense took %f ms" 65EBAE5C . 68 F467F665 push 65F667F4 ; ASCII "%f" 65EBAE61 . 6A 04 push 4 65EBAE63 . 68 FC62F665 push 65F662FC ; ASCII "performance" 65EBAE68 . 52 push edx 65EBAE69 . E8 D2300400 call 65EFDF40 //掉OD,直接行PS,未出激活窗口,在菜查看到,激活菜已灰色,破解完成~! //我是幸的按CS4的方法,拿下了CS5,不是英文的,我有迷茫了~! -By Menting 2010. 05. 06 清晨
補丁在這裡,解壓替換就成了:
amtlib_cs5.rar
漢化補丁:
修正了已經發現的CS4字樣;
覆蓋進這個路徑 X:\Adobe\Adobe Photoshop CS5\Locales
刪除原有en_GB文件夾
Photoshop_CS5_Patch_zh_CN.rar