菜儿~发布的MP4转换专家追码手记
很少发破解过程,今天发的也是一个大概的记录,因为软件得到注册码后,注册了不知道怎么把注册信息删掉,加上到深夜了,一时激动先把记得的发上来和大家一起学习,(知道怎么删除注册信息的麻烦告诉我一声)。以下只是大概的过程和思路,有不妥之处请高手指正。+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
载入OD运行软件
对软件下断点MessageBoxExW下断
输入用户名:glts和错误的注册码:987654321按“注册”后断下在堆栈栏得到以下信息
00127490 77D66137/CALL 到 MessageBoxExW 来自 USER32.77D66132
00127494 00031154|hOwner = 00031154 ('注册',class='#32770',parent=00EE06B2)
00127498 00461EAC|Text = "注册码不对!"
0012749C 00A42998|Title = "MP4Expert"
001274A0 00000030|Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL
001274A4 00000000\LanguageID = 0 (LANG_NEUTRAL)
001274A8/001274F4
001274AC|00421BA3返回到 MP4Exper.00421BA3 来自 USER32.MessageBoxW
++++++++++++++++++++++++
直接CTRL+G转到00421BA3
++++++++++++++++++++++++
00421B6F 50 push eax
00421B70 E8 1E4A0000 call MP4Exper.00426593
00421B75 FFB0 80000000 push dword ptr ds:
00421B7B E8 46420000 call MP4Exper.00425DC6
00421B80 8945 DC mov dword ptr ss:,eax
00421B83 895D E4 mov dword ptr ss:,ebx
00421B86 3BC3 cmp eax,ebx
00421B88 75 04 jnz short MP4Exper.00421B8E
00421B8A 33C0 xor eax,eax
00421B8C EB 27 jmp short MP4Exper.00421BB5
00421B8E 895D FC mov dword ptr ss:,ebx
00421B91 FF75 14 push dword ptr ss:
00421B94 FF75 10 push dword ptr ss:
00421B97 FF75 0C push dword ptr ss:
00421B9A FF75 08 push dword ptr ss:
00421B9D FF15 B0744500 call dword ptr ds:[<&USER32.Mes>; USER32.MessageBoxW
00421BA3 8945 E4 mov dword ptr ss:,eax
然后删除之前的断点在00421B6F下断重新运行程序断下后看上面的两个CALL就是关键的CALL跟进去
跟到下面就跟出了真码~~
0041C192 8B4424 14 mov eax,dword ptr ss:
堆栈 ss:=00A497F0, (UNICODE "B-70IVU-89-128-130-611923")这就是真码
eax=00000001 没有人喜欢呀 我顶 顶~~~~~~~~~~~~~~~~~~~~~~~~ 详细破解教程对新手非常实用,有实践才能活用,谢谢楼主 删除注册信息 在注册表中吧.. 谢谢分享,认真学习。 也来学习一下,正用得着 很不错的教程谢谢了
页:
[1]