标志位法破解----美萍反黄卫士2.26
作者fpx[CCG]
主页fpxfpx.longcity.net
应一个朋友之邀而写.我已经有几个月没写过破解心得了,写教程比破解累多了.
最近喜欢同门的6767兄,高产;破解勇,详细
http://www.mpsoft.net/killporn22.exe
破解工具w32dasm,unaspack
1.unaspack脱壳 我的主页可下载中文版unaspack
2.w32dasm反汇编,串式参考
"未注册版本只能使用30天,现在还剩"
:00475365 8B08
mov ecx, dword ptr [eax]
:00475367 FF5158
call [ecx+58]
:0047536A 833D44C2470000 cmp dword ptr [0047C244],
00000000 ======47c244为标志位
:00475371 0F8504010000 jne 0047547B
跳到已注册
:00475377 E8D0C0FFFF call 0047144C
:0047537C A354C24700 mov dword
ptr [0047C254], eax
* Possible StringData Ref from Code Obj ->"未注册版本只能使用30天,现在还剩"
|
:00475381 68F8584700 push 004758F8
:00475386 8D55AC
lea edx, dword ptr [ebp-54]
:00475389 A158C24700 mov eax,
dword ptr [0047C258]
:0047538E 2B0554C24700 sub eax, dword
ptr [0047C254]
:00475394 40
inc eax
:00475395 E81635F9FF call 004088B0
:0047539A FF75AC
push [ebp-54]
:0047539D 6824594700 push 00475924
:004753A2 8D45B0
lea eax, dword ptr [ebp-50]
:004753A5 BA03000000 mov edx,
00000003
:004753AA E889EBF8FF call 00403F38
:004753AF 8B55B0
mov edx, dword ptr [ebp-50]
:004753B2 8B8380030000 mov eax, dword
ptr [ebx+00000380]
:004753B8 E88BA6FBFF call 0042FA48
:004753BD 8B1554C24700 mov edx, dword
ptr [0047C254]
:004753C3 8B8378030000 mov eax, dword
ptr [ebx+00000378]
:004753C9 E81261FEFF call 0045B4E0
:004753CE A158C24700 mov eax,
dword ptr [0047C258]
:004753D3 83E80F
sub eax, 0000000F
:004753D6 3B0554C24700 cmp eax, dword
ptr [0047C254]
:004753DC 7D50
jge 0047542E
:004753DE 6A40
push 00000040
* Possible StringData Ref from Code Obj ->"注册信息"
|
:004753E0 6828594700 push 00475928
* Possible StringData Ref from Code Obj ->"软件试用期还剩"
|
:004753E5 683C594700 push 0047593C
:004753EA 8D55A4
lea edx, dword ptr [ebp-5C]
:004753ED A158C24700 mov eax,
dword ptr [0047C258]
:004753F2 40
inc eax
:004753F3 2B0554C24700 sub eax, dword
ptr [0047C254]
:004753F9 E8B234F9FF call 004088B0
:004753FE FF75A4
push [ebp-5C]
:00475401 6824594700 push 00475924
* Possible StringData Ref from Code Obj ->",请赶快向美萍公司注册(0371-8749676)"
|
:00475406 6854594700 push 00475954
3.w32dasm查找菜单,从头查找47c244
:00474F36 8B06
mov eax, dword ptr [esi]
:00474F38 E807ACFDFF call 0044FB44
:00474F3D 8D55D4
lea edx, dword ptr [ebp-2C]
:00474F40 A1F4D94700 mov eax,
dword ptr [0047D9F4]
:00474F45 E822C7FFFF call 0047166C
:00474F4A 8B55D4
mov edx, dword ptr [ebp-2C] ****
:00474F4D A1F8D94700 mov eax,
dword ptr [0047D9F8]****
:00474F52 E831F0F8FF call 00403F88
****=>追入===========
:00474F57 7513
jne 00474F6C ****
:00474F59 E816D3FFFF call 00472274
:00474F5E 84C0
test al, al
:00474F60 750A
jne 00474F6C
:00474F62 C70544C2470001000000 mov dword ptr [0047C244], 00000001
=========标志位,置1
4.上面****为破解经典句式(你若看到了一点感觉都没有,破解算是白学了)
:00403F88 53
push ebx
:00403F89 56
push esi
:00403F8A 57
push edi
:00403F8B 89C6
mov esi, eax
:00403F8D 89D7
mov edi, edx
:00403F8F 39D0
cmp eax, edx ===========
:00403F91 0F848F000000 je 00404026
5.crackcode作注册机
[Options]
CommandLine=shield.exe
Mode=2
First_Break_Address=474F52 =========
First_Break_Address_Code=E8
First_Break_Address_Code_Lenth=5
Second_Break_Address=403F8F =========
Second_Break_Address_Code_Lenth=2
Save_Code_Address=EDX
2001.7.27
- 标 题:标志位法破解----美萍反黄卫士2.26 (4千字)
- 作 者:8989
- 时 间:2001-7-27 20:22:44
- 链 接:http://bbs.pediy.com