=======================================================================
软件简介:
=======================================================================
家庭电脑相册制作系统
V6.0 标准版
软件大小: 956 KB
软件语言: 简体中文
软件类别: 国产软件 / 共享版 / 图像管理
应用平台: Win9x/NT/2000/XP
界面预览:
无
加入时间: 2003-04-29 17:06:20
下载次数: 30429
推荐等级:
联
系 人: kmr@163.net
开 发 商: http://www.jcok.com/
软件介绍:
本软件是为家庭电脑用户搜集图片和珍藏摄影照片而专门开发的应用工具软件。该软件易学易用,其制作的多媒体电脑相册具有图片检索、自动播放和音乐欣赏等多种功能,并能脱离原制作系统独立运行。将生成的相册刻录成光盘,更可永久收藏。当然,你也可以配合其它软件,制作出游戏画面集锦、风景名胜集锦、百科知识宝典、明星集锦和毕业纪念册等多媒体光盘。企事业单位也可以利用它收藏管理图片档案资料。十分钟成为电脑相册制作大师已不是梦想。
下载地址:
http://tjdown.skycn.com/down/dnxcbz60_setup.exe
==================================================================================
软件限制:对图片编辑数量限制.
==================================================================================
破解工具:
屠龙刀==trw2000 照妖镜==Fi2.5 降妖锤==Aspackdie14
修理工==Hiew
风云大使==W32Dasm
=======================================================================
破解过程:
1.先用照妖镜(Fi2.5)对主程序照照看看有没有妖怪,结果发现为一小妖(ASPACK2.12),拿出降妖锤(Aspackdie14)立刻把它降服.再察看,原形现出来了,原来是Delphi,大家都喜欢的程序.上一版本的
为VB程序,这次连作者都不喜欢用VB了.我等的福音啊.
2.运行程序,添入注册号(不点确定),抽出屠龙刀,大家眼睁睁的看着我向一只小羊.......(想象吧)
下万能断点回到程序,点注册拦截,下命令BD
,Pmodule ,f12 n次竟然没找到心脏,好厉害的小羊.
3.只好请出风云大使(W32Dasm),乌云密布之后,终于看到了晴天.找到了关键部位请看以下内容.
下断点bpx
4a51e7,拦截如下:
序列号:B645350798132
输入第一个注册框:88888888
输入第二个注册框:11111111
================================================================================
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A51E5(C)
|
:004A51E0
6A00 push
00000000
:004A51E2 6A00
push 00000000
:004A51E4 49
dec ecx
:004A51E5 75F9
jne 004A51E0
:004A51E7
51 push
ecx
:004A51E8 53
push ebx
:004A51E9 8BD8
mov ebx, eax
:004A51EB 33C0
xor eax, eax
:004A51ED 55
push ebp
:004A51EE
6834554A00 push 004A5534
:004A51F3
64FF30 push dword
ptr fs:[eax]
:004A51F6 648920
mov dword ptr fs:[eax], esp
:004A51F9 8D957CFEFFFF
lea edx, dword ptr [ebp+FFFFFE7C]
:004A51FF 8B8318070000
mov eax, dword ptr [ebx+00000718]
:004A5205
E8BEA0F9FF call 0043F2C8
:004A520A
8B857CFEFFFF mov eax, dword ptr [ebp+FFFFFE7C]
============看到输入的88888888==================================
:004A5210
8D9580FEFFFF lea edx, dword ptr [ebp+FFFFFE80]
:004A5216
E88138F6FF call 00408A9C
:004A521B
8B8580FEFFFF mov eax, dword ptr [ebp+FFFFFE80]
============看到输入的88888888==================================
:004A5221
50 push
eax
:004A5222 8D9574FEFFFF lea edx,
dword ptr [ebp+FFFFFE74]
:004A5228 8B83FC060000
mov eax, dword ptr [ebx+000006FC]
:004A522E E895A0F9FF
call 0043F2C8
:004A5233 8B8574FEFFFF
mov eax, dword ptr [ebp+FFFFFE74]
==================序列号:B645350798132========================
:004A5239
8D9578FEFFFF lea edx, dword ptr [ebp+FFFFFE78]
:004A523F
E85838F6FF call 00408A9C
:004A5244
8B8578FEFFFF mov eax, dword ptr [ebp+FFFFFE78]
==================序列号:B645350798132========================
:004A524A
8D4DF8 lea ecx,
dword ptr [ebp-08]
:004A524D 5A
pop edx
:004A524E E84122FFFF
call 00497494
:004A5253 8D956CFEFFFF
lea edx, dword ptr [ebp+FFFFFE6C]
:004A5259 8B831C070000
mov eax, dword ptr [ebx+0000071C]
:004A525F
E864A0F9FF call 0043F2C8
:004A5264
8B856CFEFFFF mov eax, dword ptr [ebp+FFFFFE6C]
==================看到输入的11111111===============================
:004A526A
8D9570FEFFFF lea edx, dword ptr [ebp+FFFFFE70]
:004A5270
E82738F6FF call 00408A9C
:004A5275
8B8570FEFFFF mov eax, dword ptr [ebp+FFFFFE70]
==================看到输入的11111111===============================
:004A527B
50 push
eax
:004A527C 8D9568FEFFFF lea edx,
dword ptr [ebp+FFFFFE68]
:004A5282 8B45F8
mov eax, dword ptr [ebp-08]
========到这里就可以看到正确的注册码了,添入第二个注册框就可以成功注册===
=========第一个相当于你输入的用户名,但必须为数字,是参与运算的===========
:004A5285
E81238F6FF call 00408A9C
:004A528A
8B9568FEFFFF mov edx, dword ptr [ebp+FFFFFE68]
=========这里也可以看到正确的注册码==================================
:004A5290
58 pop
eax
:004A5291 E822F8F5FF call
00404AB8
:004A5296 0F85A8010000 jne
004A5444
===---------------关键跳转,打断腿,看他还敢跳!!!!!!------------==========
:004A529C
8D9560FEFFFF lea edx, dword ptr [ebp+FFFFFE60]
:004A52A2
A19C9B4A00 mov eax, dword ptr
[004A9B9C]
:004A52A7 8B00
mov eax, dword ptr [eax]
:004A52A9 E82AA4FBFF
call 0045F6D8
:004A52AE 8B8560FEFFFF
mov eax, dword ptr [ebp+FFFFFE60]
:004A52B4
8D9564FEFFFF lea edx, dword ptr [ebp+FFFFFE64]
:004A52BA
E81D3FF6FF call 004091DC
:004A52BF
8B8564FEFFFF mov eax, dword ptr [ebp+FFFFFE64]
:004A52C5
8D55FC lea edx,
dword ptr [ebp-04]
:004A52C8 E8CF37F6FF
call 00408A9C
:004A52CD 8D855CFEFFFF
lea eax, dword ptr [ebp+FFFFFE5C]
*
Possible StringData Ref from Code Obj ->"data3"
============注册信息写入data3文件中==========================
|
:004A52D3
B94C554A00 mov ecx, 004A554C
:004A52D8
8B55FC mov edx,
dword ptr [ebp-04]
:004A52DB E8E0F6F5FF
call 004049C0
:004A52E0 8B955CFEFFFF
mov edx, dword ptr [ebp+FFFFFE5C]
:004A52E6 8D8584FEFFFF
lea eax, dword ptr [ebp+FFFFFE84]
:004A52EC
E8C3DAF5FF call 00402DB4
:004A52F1
BA25000000 mov edx, 00000025
:004A52F6
8D8584FEFFFF lea eax, dword ptr [ebp+FFFFFE84]
:004A52FC
E8FBDEF5FF call 004031FC
:004A5301
E886D5F5FF call 0040288C
:004A5306
8D9554FDFFFF lea edx, dword ptr [ebp+FFFFFD54]
:004A530C
8B83FC060000 mov eax, dword ptr [ebx+000006FC]
:004A5312
E8B19FF9FF call 0043F2C8
:004A5317
8B8554FDFFFF mov eax, dword ptr [ebp+FFFFFD54]
:004A531D
8D9558FDFFFF lea edx, dword ptr [ebp+FFFFFD58]
:004A5323
E87437F6FF call 00408A9C
:004A5328
8B9558FDFFFF mov edx, dword ptr [ebp+FFFFFD58]
:004A532E
8D855CFDFFFF lea eax, dword ptr [ebp+FFFFFD5C]
:004A5334
B9FF000000 mov ecx, 000000FF
:004A5339
E812F6F5FF call 00404950
:004A533E
8D955CFDFFFF lea edx, dword ptr [ebp+FFFFFD5C]
:004A5344
8D45D3 lea eax,
dword ptr [ebp-2D]
:004A5347 B10D
mov cl, 0D
:004A5349 E8C2DBF5FF
call 00402F10
:004A534E 8D954CFDFFFF
lea edx, dword ptr [ebp+FFFFFD4C]
:004A5354 8B8318070000
mov eax, dword ptr [ebx+00000718]
:004A535A
E8699FF9FF call 0043F2C8
:004A535F
8B854CFDFFFF mov eax, dword ptr [ebp+FFFFFD4C]
:004A5365
8D9550FDFFFF lea edx, dword ptr [ebp+FFFFFD50]
:004A536B
E82C37F6FF call 00408A9C
:004A5370
8B9550FDFFFF mov edx, dword ptr [ebp+FFFFFD50]
:004A5376
8D855CFDFFFF lea eax, dword ptr [ebp+FFFFFD5C]
:004A537C
B9FF000000 mov ecx, 000000FF
:004A5381
E8CAF5F5FF call 00404950
:004A5386
8D955CFDFFFF lea edx, dword ptr [ebp+FFFFFD5C]
:004A538C
8D45E1 lea eax,
dword ptr [ebp-1F]
:004A538F B109
mov cl, 09
:004A5391 E87ADBF5FF
call 00402F10
:004A5396 8D9544FDFFFF
lea edx, dword ptr [ebp+FFFFFD44]
:004A539C 8B831C070000
mov eax, dword ptr [ebx+0000071C]
:004A53A2
E8219FF9FF call 0043F2C8
:004A53A7
8B8544FDFFFF mov eax, dword ptr [ebp+FFFFFD44]
:004A53AD
8D9548FDFFFF lea edx, dword ptr [ebp+FFFFFD48]
:004A53B3
E8E436F6FF call 00408A9C
:004A53B8
8B9548FDFFFF mov edx, dword ptr [ebp+FFFFFD48]
:004A53BE
8D855CFDFFFF lea eax, dword ptr [ebp+FFFFFD5C]
:004A53C4
B9FF000000 mov ecx, 000000FF
:004A53C9
E882F5F5FF call 00404950
:004A53CE
8D955CFDFFFF lea edx, dword ptr [ebp+FFFFFD5C]
:004A53D4
8D45EB lea eax,
dword ptr [ebp-15]
:004A53D7 B10C
mov cl, 0C
:004A53D9 E832DBF5FF
call 00402F10
:004A53DE 8D55D3
lea edx, dword ptr [ebp-2D]
:004A53E1
8D8584FEFFFF lea eax, dword ptr [ebp+FFFFFE84]
:004A53E7
E81CDFF5FF call 00403308
:004A53EC
E89BD4F5FF call 0040288C
:004A53F1
8D8584FEFFFF lea eax, dword ptr [ebp+FFFFFE84]
:004A53F7
E880DAF5FF call 00402E7C
:004A53FC
E88BD4F5FF call 0040288C
:004A5401
33D2 xor
edx, edx
:004A5403 8B8318070000 mov
eax, dword ptr [ebx+00000718]
:004A5409 8B08
mov ecx, dword ptr [eax]
:004A540B FF5164
call [ecx+64]
:004A540E
33D2 xor
edx, edx
:004A5410 8B831C070000 mov
eax, dword ptr [ebx+0000071C]
:004A5416 8B08
mov ecx, dword ptr [eax]
:004A5418 FF5164
call [ecx+64]
:004A541B
33D2 xor
edx, edx
:004A541D 8B8320070000 mov
eax, dword ptr [ebx+00000720]
:004A5423 8B08
mov ecx, dword ptr [eax]
:004A5425 FF5164
call [ecx+64]
*
Possible StringData Ref from Code Obj ->"你已注册成功!"
|
:004A5428 BA5C554A00
mov edx, 004A555C
:004A542D 8B8320070000
mov eax, dword ptr [ebx+00000720]
:004A5433 E8C09EF9FF
call 0043F2F8
*
Possible StringData Ref from Code Obj ->"注册成功,谢谢你对本软件的支持!"
|
:004A5438 B874554A00
mov eax, 004A5574
:004A543D E8A230F9FF
call 004384E4
:004A5442 EB41
jmp 004A5485
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A5296(C)
|
:004A5444
B201 mov
dl, 01
:004A5446 8B8318070000 mov
eax, dword ptr [ebx+00000718]
:004A544C 8B08
mov ecx, dword ptr [eax]
:004A544E FF5164
call [ecx+64]
:004A5451
B201 mov
dl, 01
:004A5453 8B831C070000 mov
eax, dword ptr [ebx+0000071C]
:004A5459 8B08
mov ecx, dword ptr [eax]
:004A545B FF5164
call [ecx+64]
:004A545E
B201 mov
dl, 01
:004A5460 8B8320070000 mov
eax, dword ptr [ebx+00000720]
:004A5466 8B08
mov ecx, dword ptr [eax]
:004A5468 FF5164
call [ecx+64]
*
Possible StringData Ref from Code Obj ->"验证软件注册信息"
|
:004A546B BAA0554A00
mov edx, 004A55A0
:004A5470 8B8320070000
mov eax, dword ptr [ebx+00000720]
:004A5476 E87D9EF9FF
call 0043F2F8
*
Possible StringData Ref from Code Obj ->"注册失败!"
|
:004A547B B8BC554A00
mov eax, 004A55BC
:004A5480 E85F30F9FF
call 004384E4
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A5442(U)
|
:004A5485
33C0 xor
eax, eax
:004A5487 5A
pop edx
:004A5488 59
pop ecx
:004A5489 59
pop ecx
:004A548A
648910 mov dword
ptr fs:[eax], edx
:004A548D 683E554A00
push 004A553E
=================================================================
注册信息:
序列号:B645350798132
输入第一个注册框:88888888
输入第二个注册框:604461264447
注册信息保存在主程序目录下的Data3文件
===========================================================================
KeyMake内存注册机:
中断地址:4A5285
|
中断地址:4A5290
中断次数:1
|
中断次数:1
第一字节:E8
| 第一字节:58
指令长度:5
| 指令长度:1
寄存器方式:EAX
|
寄存器方式:EDX 十进制
十进制
==================================================================
受eyou 兄发表的"破解之软件自己显示注册码"启发,我们也让程序自己显示注册码,赶时髦,呵呵!
我们可以观察一下.
只需要把mov
eax, 004A55BC修改为mov eax, dword ptr [ebp-08]再加两个90就大工
告成了,于是叫来修理工(Hiew) ,一阵痛快的修理.再运行注册你会发现注册码乖乖出现了.
:004A5282
8B45F8 mov eax,
dword ptr [ebp-08]
========到这里就可以看到正确的注册码了,添入第二个注册框就可以成功注册===
=========第一个相当于你输入的用户名,但必须为数字,是参与运算的===========
------------------------------------------------------------------------------
*
Possible StringData Ref from Code Obj ->"注册失败!"
|
:004A547B B8BC554A00
mov eax, 004A55BC
:004A5480 E85F30F9FF
call 004384E4
================================================================================
总结发言:
1.上次破解的5.1版的破解和写的都不完全,但是斑竹还是把它加"精"了,实在是惭愧.
2.不足之处是没有算法分析,正在学习中.欢迎哪位补充一下.也请大家多多指点.