软件下载:http://www.ipaopao.com/software/
首先找到fesweb.exe的注册错误提示信息:“Registration Code ERR”
因为真假注册码比较以后才会出现这个提示
========
W32Dasm反汇编和TRW2000一起使用
* 用language查看,程序没有加壳
* 用W32Dasm反汇编,根据“串式参考”找到注册错误提示信息“Registration Code ERR”,双击
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00465170(C)
|
:00465265 6A00
push 00000000
* Possible StringData Ref from Code Obj ->"警告!"
|
:00465267 B908534600 mov ecx,
00465308
* Possible StringData Ref from Code Obj ->"Registration Code ERR!"
|
:0046526C BA10534600 mov edx,
00465310
:00465271 A188C14600 mov eax,
dword ptr [0046C188]
:00465276 8B00
mov eax, dword ptr [eax]
:00465278 E8071BFEFF call 00446D84
发现是从00465170跳转过来的,鼠标右键双击00465170
:0046513E 8D9598FDFFFF lea edx, dword
ptr [ebp+FFFFFD98]
:00465144 8B86D4020000 mov eax, dword
ptr [esi+000002D4]
:0046514A E8053AFCFF call 00428B54
:0046514F 8B8598FDFFFF mov eax, dword
ptr [ebp+FFFFFD98]
:00465155 50
push eax
:00465156 8D9594FDFFFF lea edx, dword
ptr [ebp+FFFFFD94]
:0046515C 8B45FC
mov eax, dword ptr [ebp-04]
:0046515F E8E0D7FFFF call 00462944
:00465164 8B9594FDFFFF mov edx, dword
ptr [ebp+FFFFFD94]
:0046516A 58
pop eax
:0046516B E894ECF9FF call 00403E04
:00465170 0F85EF000000 jne 00465265
:00465176 6890000000 push 00000090
:0046517B 8D859FFDFFFF lea eax, dword
ptr [ebp+FFFFFD9F]
:00465181 50
push eax
对照“风飘雪”的破解教程,发现可疑的关键Call在0046516B
打开TRW2000
在fesweb.exe的注册栏中填入注册码“87654321”(注:“密钥”是自动生成的,我的为“AAuDfXIQNJijeLw18aykhq==”),但不点击“注册”
“Ctrl+N”激活TRW2000
在0046516A处下断点:bpx 0046516A,回车,然后按“F5”退出
点击fesweb.exe注册栏中的“注册”
程序被中断
按一下“F10”来到0046516B
结果在0046516B处找到真假注册码:
d eax=87654321
d edx=hW1Ti59tmyncjjGQbALXhvUlffxIO5n3
注意:这个32位的注册码是分两行出现的:
hW1Ti59tmyncjjGQ
bALXhvUlffxIO5n3
用注册码“hW1Ti59tmyncjjGQbALXhvUlffxIO5n3”进行注册,注册成功!
太棒了!
马震宇
2001.8.16.
- 标 题:破解:Fast Email Spider V1.06 (价值580元!) (2千字)
- 作 者:mazhenyu
- 时 间:2001-8-17 13:00:46
- 链 接:http://bbs.pediy.com