• 标 题:Ip tools v1.10破解法 (4千字)
  • 作 者:sun_t
  • 时 间:2001-2-26 12:13:05
  • 链 接:http://bbs.pediy.com

ip tools v1.10  crack..............
          by SUN_T
                  2001.2.26            please keep!       
tools: trw2000 and w89dasm

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

:004B3202 E83166F5FF              call 00409838
:004B3207 FF75EC                  push [ebp-14]

* Possible StringData Ref from Code Obj ->"] Self test .."
                                  |
:004B320A 6844354B00              push 004B3544
:004B320F 8D45F0                  lea eax, dword ptr [ebp-10]
:004B3212 BA03000000              mov edx, 00000003
:004B3217 E8740DF5FF              call 00403F90
:004B321C 8B55F0                  mov edx, dword ptr [ebp-10]
:004B321F 8B03                    mov eax, dword ptr [ebx]
:004B3221 8B80DC010000            mov eax, dword ptr [eax+000001DC]
:004B3227 8B8030010000            mov eax, dword ptr [eax+00000130]
:004B322D 8B08                    mov ecx, dword ptr [eax]
:004B322F FF5134                  call [ecx+34]
:004B3232 E87563FDFF              call 004895AC
:004B3237 8B1594984B00            mov edx, dword ptr [004B9894]
:004B323D 3B82B4000000            cmp eax, dword ptr [edx+000000B4]
:004B3243 740F                    je 004B3254-----------------------------------------------------jmp to ok!

* Possible StringData Ref from Code Obj ->"Program was corrupted !"
                                  |
:004B3245 B85C354B00              mov eax, 004B355C
:004B324A E86104F9FF              call 004436B0
:004B324F E97E020000              jmp 004B34D2

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004B3243(C)
|
:004B3254 6824354B00              push 004B3524



:00497160 8B06                    mov eax, dword ptr [esi]
:00497162 8B80F0010000            mov eax, dword ptr [eax+000001F0]
:00497168 E813BEF8FF              call 00422F80
:0049716D 837DF800                cmp dword ptr [ebp-08], 00000000
:00497171 0F84C9010000            je 00497340
:00497177 8D55F4                  lea edx, dword ptr [ebp-0C]
:0049717A 8B06                    mov eax, dword ptr [esi]
:0049717C 8B80F4010000            mov eax, dword ptr [eax+000001F4]
:00497182 E8F9BDF8FF              call 00422F80
:00497187 837DF400                cmp dword ptr [ebp-0C], 00000000
:0049718B 0F84AF010000            je 00497340
:00497191 8D55F0                  lea edx, dword ptr [ebp-10]
:00497194 8B06                    mov eax, dword ptr [esi]
:00497196 8B80F0010000            mov eax, dword ptr [eax+000001F0]
:0049719C E8DFBDF8FF              call 00422F80
:004971A1 8B45F0                  mov eax, dword ptr [ebp-10]
:004971A4 E8DF7CFFFF              call 0048EE88
:004971A9 8BF8                    mov edi, eax
:004971AB 8D55F0                  lea edx, dword ptr [ebp-10]
:004971AE 8B06                    mov eax, dword ptr [esi]
:004971B0 8B80F4010000            mov eax, dword ptr [eax+000001F4]
:004971B6 E8C5BDF8FF              call 00422F80
:004971BB 8B45F0                  mov eax, dword ptr [ebp-10]
:004971BE E8617DFFFF              call 0048EF24
:004971C3 663BF8                  cmp di, ax
:004971C6 0F8574010000            jne 00497340
:004971CC A1AC994B00              mov eax, dword ptr [004B99AC]
:004971D1 BAFF010000              mov edx, 000001FF
:004971D6 E8957CFFFF              call 0048EE70---------------------------first  calculating
:004971DB 8BF8                    mov edi, eax
:004971DD A1E8984B00              mov eax, dword ptr [004B98E8]
:004971E2 BAFF010000              mov edx, 000001FF
:004971E7 E8847CFFFF              call 0048EE70-------------------------second  calculating
:004971EC 3BF8                    cmp edi, eax
:004971EE 0F854C010000            jne 00497340--------------the most import jmp!!
:004971F4 8D55F8                  lea edx, dword ptr [ebp-08]

note: using the same sub. to calculte !! silly!!
        if return eax=0,so you can get what you want!!
        Let's go to change it!>>>>>


* Referenced by a CALL at Addresses:
|:004971D6  , :004971E7  , :004B29F3  , :004B2A04 
|
:0048EE70 53                      push ebx
:0048EE71 33C9                    xor ecx, ecx
:0048EE73 85D2                    test edx, edx
:0048EE75 7C0B                    jl 0048EE82
:0048EE77 42                      inc edx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048EE80(C)
|
:0048EE78 33DB                    xor ebx, ebx
:0048EE7A 8A18                    mov bl, byte ptr [eax]
:0048EE7C 03CB                    add ecx, ebx
:0048EE7E 40                      inc eax
:0048EE7F 4A                      dec edx
:0048EE80 75F6                    jne 0048EE78

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048EE75(C)
|
:0048EE82 8BC1                    mov eax, ecx---------------------------xor eax,eax ok!
:0048EE84 5B                      pop ebx
:0048EE85 C3                      ret

so,you have to change  0048ee82 and 004b3243h
bye!!