下载页面:
http://www.skycn.com/soft/7169.html
软件大小: 1951 KB
软件语言: 简体中文
软件类别: 国产软件 / 免费版 / 主页浏览
应用平台: Win9x/NT/2000/XP
加入时间: 2003-07-06 17:15:42
下载次数: 333557
推荐等级: ****
开 发 商: http://www.mmjd.com/gosurf/
【软件简介】:最IN的多页面浏览器!重现最逼真的IE界面,并提供多项贴心功能:- 加强对网页图片、文字的保存,一拖就存。- 强大的广告过滤,可以阻挡弹出窗口和各种广告条。-
超强的网页病毒保护,能防止恶意代码的袭击。- 稳定的工作,对意外崩溃时进行数据保护。- 提供方便的在线翻译和浏览代理,冲浪无障碍。- 快速准确的分类搜索,轻松获得讯息。
【软件限制】:60天试用
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、PEiD、pe-scan、W32Dasm 9.0白金版
—————————————————————————————————
【过 程】:
GoSuRF.exe 是EXE32Pack 1.38 壳,用 pe-scan 脱之。1.09M->3.92M。 Delphi 编写。
免费午餐结束了。60天试用,要求注册码。呵呵,先试试解除其时间限制了。算法以后再说吧 ^-^
下BPX GetLocalTime F5 2次,F11返回,终于来到核心!
—————————————————————————————————
一、发现下面的0040B13A ret 回这里!
:004B2F4C 7979
jns 004B2FC7
:004B2F4E 7979
jns 004B2FC9
:004B2F50 2D6D6D2D64 sub eax,
642D6D6D
:004B2F55 64
BYTE 064h
:004B2F56 0000
add byte ptr [eax], al
* Referenced by a CALL at Addresses:
|:004B20AE , :00581C43
|
:004B2F58 53
push ebx
:004B2F59 8BD8
mov ebx, eax
:004B2F5B E88C81F5FF call
0040B0EC
====>关键CALL①!取当前系统时间运算!进入!
:004B2F60 83C4F8
add esp, FFFFFFF8
:004B2F63 DD1C24 fstp
qword ptr [esp]
====>ST=38186.594262615741170
:004B2F66 9B
wait
:004B2F67 8BC3
mov eax, ebx
====>EAX=2003-11-09
:004B2F69 E81AFFFFFF
call 004B2E88
====>关键CALL②!对2003-11-09运算!进入!
:004B2F6E 83C4F8
add esp, FFFFFFF8
:004B2F71 DD1C24 fstp
qword ptr [esp]
====>ST=37934.000000000000000
:004B2F74 9B
wait
:004B2F75 E8FAFEFFFF call
004B2E74
====>关键CALL③!进入!
:004B2F7A 5B
pop ebx
:004B2F7B C3
ret
—————————————————————————————————
1、进入关键CALL①:004B2F5B call 0040B0EC 取当前系统时间运算!
* Referenced by a CALL at Addresses:
|:004B212E , :004B24B1 , :004B24C7 , :004B2AEC
, :004B2F5B
|:005411FE , :0055AA2E , :0055AA37
|
:0040B0EC 83C4E0 add
esp, FFFFFFE0
:0040B0EF 8D442408 lea
eax, dword ptr [esp+08]
:0040B0F3 50
push eax
* Reference To: kernel32.GetLocalTime,
Ord:0000h
====>GetLocalTime 取当前系统时间!
:0040B0F4 E823C9FFFF
Call 00407A1C
:0040B0F9 668B4C240E mov cx,
word ptr [esp+0E]
====>CX=12 日期:18日
:0040B0FE 668B54240A
mov dx, word ptr [esp+0A]
====>DX=07 7月
:0040B103 668B442408
mov ax, word ptr [esp+08]
====>AX=07D4 2004年
:0040B108 E843FDFFFF
call 0040AE50
====>对当前日期进行运算!得出下面的值!
:0040B10D DD5C2418
fstp qword ptr [esp+18]
====>[esp+18]=38186.000000000000000
:0040B111 9B
wait
:0040B112 668B442416 mov ax,
word ptr [esp+16]
:0040B117 50
push eax
:0040B118 668B4C2418 mov cx,
word ptr [esp+18]
====>CX=2C
:0040B11D 668B542416
mov dx, word ptr [esp+16]
====>DX=F
:0040B122 668B442414
mov ax, word ptr [esp+14]
====>AX=E
:0040B127 E84CFBFFFF
call 0040AC78
====>对上面的值进行运算!得出下面的值!
:0040B12C DC442418
fadd qword ptr [esp+18]
====>[esp+18]=38186.000000000000000 + 0.5942626157407407961=38186.594262615740740
:0040B130 DD1C24
fstp qword ptr [esp]
:0040B133 9B
wait
:0040B134 DD0424 fld
qword ptr [esp]
:0040B137 83C420 add
esp, 00000020
:0040B13A C3
ret
—————————————————————————————————
2、进入关键CALL②:004B2F69 call 004B2E88 取2003-11-09运算!
* Referenced by a CALL at Address:
|:004B2F69
|
:004B2E88 55
push ebp
:004B2E89 8BEC
mov ebp, esp
:004B2E8B 83C4F0 add
esp, FFFFFFF0
:004B2E8E 53
push ebx
:004B2E8F 56
push esi
:004B2E90 8945FC mov
dword ptr [ebp-04], eax
:004B2E93 8B45FC mov
eax, dword ptr [ebp-04]
:004B2E96 E86513F5FF call
00404200
:004B2E9B 33C0
xor eax, eax
:004B2E9D 55
push ebp
:004B2E9E 68142F4B00 push
004B2F14
:004B2EA3 64FF30 push
dword ptr fs:[eax]
:004B2EA6 648920 mov
dword ptr fs:[eax], esp
:004B2EA9 8B45FC mov
eax, dword ptr [ebp-04]
:004B2EAC E89B11F5FF call
0040404C
:004B2EB1 83F80A cmp
eax, 0000000A
:004B2EB4 7512
jne 004B2EC8
:004B2EB6 8B45FC mov
eax, dword ptr [ebp-04]
:004B2EB9 8078042D cmp
byte ptr [eax+04], 2D
:004B2EBD 7509
jne 004B2EC8
:004B2EBF 8B45FC mov
eax, dword ptr [ebp-04]
:004B2EC2 8078072D cmp
byte ptr [eax+07], 2D
:004B2EC6 740B
je 004B2ED3
* Referenced by a (U)nconditional
or (C)onditional Jump at Addresses:
|:004B2EB4(C), :004B2EBD(C)
|
:004B2EC8 E8F381F5FF call
0040B0C0
:004B2ECD DD5DF0 fstp
qword ptr [ebp-10]
:004B2ED0 9B
wait
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B2E56(C)
|
:004B2ED1 EB2B
jmp 004B2EFE
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B2EC6(C)
|
:004B2ED3 8D45FC lea
eax, dword ptr [ebp-04]
:004B2ED6 E84D72FFFF call
004AA128
:004B2EDB 8BD8
mov ebx, eax
:004B2EDD 8D45FC lea
eax, dword ptr [ebp-04]
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B2E6A(C)
|
:004B2EE0 E84372FFFF call
004AA128
:004B2EE5 8BF0
mov esi, eax
:004B2EE7 8D45FC lea
eax, dword ptr [ebp-04]
:004B2EEA E83972FFFF call
004AA128
:004B2EEF 8BC8
mov ecx, eax
:004B2EF1 8BD6
mov edx, esi
:004B2EF3 8BC3
mov eax, ebx
:004B2EF5 E8567FF5FF call
0040AE50
====>运算!得出下面的值!
:004B2EFA DD5DF0
fstp qword ptr [ebp-10]
====>ST=37934.000000000000000
:004B2EFD 9B wait
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B2ED1(U)
|
:004B2EFE 33C0
xor eax, eax
:004B2F00 5A
pop edx
:004B2F01 59
pop ecx
:004B2F02 59
pop ecx
:004B2F03 648910 mov
dword ptr fs:[eax], edx
:004B2F06 681B2F4B00 push
004B2F1B
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B2F19(U)
|
:004B2F0B 8D45FC lea
eax, dword ptr [ebp-04]
:004B2F0E E8A90EF5FF call
00403DBC
:004B2F13 C3
ret
—————————————————————————————————
3、进入关键CALL③:004B2F75 call 004B2E74
* Referenced by a CALL at Addresses:
|:004B1ADD , :004B1B0D , :004B1D88 , :004B2F75
|
:004B2E74 55
push ebp
:004B2E75 8BEC
mov ebp, esp
:004B2E77 DD4510 fld
qword ptr [ebp+10]
:004B2E7A DC6508 fsub
qword ptr [ebp+08]
====>ST=38186.594262615740740 - 37934.00000000000=252.59426261574117240
:004B2E7D E872FCF4FF
call 00402AF4
:004B2E82 5D
pop ebp
:004B2E83 C21000 ret
0010
—————————————————————————————————
二、上面一处004B2F7B ret 返回到4B20B3
* Referenced by a CALL at Address:
|:00581F0D
|
:004B2094 53
push ebx
:004B2095 56
push esi
:004B2096 8BF0
mov esi, eax
:004B2098 8BC6
mov eax, esi
:004B209A E87DFAFFFF call
004B1B1C
:004B209F 80BE9100000000 cmp byte ptr [esi+00000091],
00
:004B20A6 7427
je 004B20CF
:004B20A8 8B8694000000 mov eax, dword
ptr [esi+00000094]
:004B20AE E8A50E0000 call
004B2F58
====>这里进入一!
:004B20B3 85C0
test eax, eax
====>返回到这里!EAX=252 即:4B2E7A处相减的结果!
====>完美去除时间限制!爆破点!让EAX永远=0 ^v^
^v^
:004B20B5 7E0C
jle 004B20C3
====>不跳!OVER!
:004B20B7 C6869000000003 mov byte ptr [esi+00000090],
03
:004B20BE E9D0000000 jmp 004B2193
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B20B5(C)
|
:004B20C3 C6869000000004 mov byte ptr [esi+00000090],
04
:004B20CA E9C4000000 jmp 004B2193
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B20A6(C)
|
:004B20CF 8BC6
mov eax, esi
:004B20D1 E832030000 call
004B2408
:004B20D6 84C0
test al, al
:004B20D8 0F858D000000 jne 004B216B
:004B20DE DD4630 fld
qword ptr [esi+30]
:004B20E1 D81DC4214B00 fcomp dword
ptr [004B21C4]
====>比较时间还剩多少!
:004B20E7 DFE0
fstsw ax
:004B20E9 9E
sahf
:004B20EA 750C
jne 004B20F8
:004B20EC 8BC6
mov eax, esi
:004B20EE E89D030000 call
004B2490
:004B20F3 E99B000000 jmp 004B2193
…… ……省 略…… ……
—————————————————————————————————
附:进入关键CALL:0040B108 call 0040AE50 对日期进行运算!
再进入:0040AE7C call 0040AD88
* Referenced by a CALL at Addresses:
|:0040AE7C , :0040C2E3
|
:0040AD88 55
push ebp
:0040AD89 8BEC
mov ebp, esp
:0040AD8B 83C4F8 add
esp, FFFFFFF8
:0040AD8E 53
push ebx
:0040AD8F 56
push esi
:0040AD90 57
push edi
:0040AD91 8BD9
mov ebx, ecx
:0040AD93 8BFA
mov edi, edx
:0040AD95 668945FE mov
word ptr [ebp-02], ax
:0040AD99 C645FD00 mov
[ebp-03], 00
:0040AD9D 668B45FE mov
ax, word ptr [ebp-02]
:0040ADA1 E8A6FFFFFF call
0040AD4C
:0040ADA6 83E07F and
eax, 0000007F
:0040ADA9 8D0440 lea
eax, dword ptr [eax+2*eax]
:0040ADAC 8D34C53C315800 lea esi, dword
ptr [8*eax+0058313C]
:0040ADB3 66837DFE01 cmp word
ptr [ebp-02], 0001
:0040ADB8 0F8286000000 jb 0040AE44
:0040ADBE 66817DFE0F27 cmp word ptr
[ebp-02], 270F
:0040ADC4 777E
ja 0040AE44
:0040ADC6 6683FF01 cmp
di, 0001
:0040ADCA 7278
jb 0040AE44
:0040ADCC 6683FF0C cmp
di, 000C
:0040ADD0 7772
ja 0040AE44
:0040ADD2 6683FB01 cmp
bx, 0001
:0040ADD6 726C
jb 0040AE44
:0040ADD8 0FB7C7 movzx
eax, di
:0040ADDB 663B5C46FE cmp bx,
word ptr [esi+2*eax-02]
:0040ADE0 7762
ja 0040AE44
:0040ADE2 0FB7C7 movzx
eax, di
:0040ADE5 48
dec eax
:0040ADE6 85C0
test eax, eax
:0040ADE8 7E0E
jle 0040ADF8
:0040ADEA B901000000 mov ecx,
00000001
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0040ADF6(C)
|
:0040ADEF 66035C4EFE add bx,
word ptr [esi+2*ecx-02]
:0040ADF4 41
inc ecx
:0040ADF5 48
dec eax
:0040ADF6 75F7
jne 0040ADEF
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0040ADE8(C)
|
:0040ADF8 0FB74DFE movzx
ecx, word ptr [ebp-02]
:0040ADFC 49
dec ecx
:0040ADFD 8BC1
mov eax, ecx
:0040ADFF BE64000000 mov esi,
00000064
:0040AE04 99
cdq
:0040AE05 F7FE
idiv esi
:0040AE07 69F16D010000 imul esi,
ecx, 0000016D
:0040AE0D 8BD1
mov edx, ecx
:0040AE0F 85D2
test edx, edx
:0040AE11 7903
jns 0040AE16
:0040AE13 83C203 add
edx, 00000003
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0040AE11(C)
|
:0040AE16 C1FA02 sar
edx, 02
:0040AE19 03F2
add esi, edx
:0040AE1B 2BF0
sub esi, eax
:0040AE1D 8BC1
mov eax, ecx
:0040AE1F B990010000 mov ecx,
00000190
:0040AE24 99
cdq
:0040AE25 F7F9
idiv ecx
:0040AE27 03F0
add esi, eax
:0040AE29 0FB7C3 movzx
eax, bx
:0040AE2C 03F0
add esi, eax
:0040AE2E 81EE5A950A00 sub esi, 000A955A
:0040AE34 8975F8 mov
dword ptr [ebp-08], esi
:0040AE37 DB45F8 fild
dword ptr [ebp-08]
:0040AE3A 8B4508 mov
eax, dword ptr [ebp+08]
:0040AE3D DD18
fstp qword ptr [eax]
:0040AE3F 9B
wait
:0040AE40 C645FD01 mov
[ebp-03], 01
* Referenced by a (U)nconditional
or (C)onditional Jump at Addresses:
|:0040ADB8(C), :0040ADC4(C), :0040ADCA(C), :0040ADD0(C), :0040ADD6(C)
|:0040ADE0(C)
|
:0040AE44 8A45FD mov
al, byte ptr [ebp-03]
:0040AE47 5F
pop edi
:0040AE48 5E
pop esi
:0040AE49 5B
pop ebx
:0040AE4A 59
pop ecx
:0040AE4B 59
pop ecx
:0040AE4C 5D
pop ebp
:0040AE4D C20400 ret
0004
—————————————————————————————————
【完 美 爆 破】:
004B20B3 85C0
test eax, eax
改为: 33C0
xor eax, eax 去除时间限制!
—————————————————————————————————
, _/
/| _.-~/ \_
, 青春都一饷
( /~ /
\~-._ |\
`\\ _/
\ ~\ ) 忍把浮名
_-~~~-.) )__/;;,. \_
//'
/'_,\ --~ \ ~~~- ,;;\___( (.-~~~-.
换了破解轻狂
`~ _( ,_..--\ ( ,;'' / ~-- /._`\
/~~//' /' `~\ ) /--.._, )_ `~
" `~" " `"
/~'`\ `\\~~\
" " "~' ""
Cracked By 巢水工作坊——fly [OCN][FCG]
2003-07-18 15:45:07