进程执法官 1.02
进程执法官 1.02【加密方式】 序列号
【破解工具】 FlyOD V1.10、W32DASM
【软件限制】 功能限制
【下载地址】 http://www.shareware.cn/
【破解平台】 Microsoft Windows XP SP2
加了ASPack 2.12 -> Alexey Solodovnikov的外壳,AspackDie V1.41脱掉
vc++6.0编写。
打开W32DASM载入程序,在“串是式数据参考”找到“经典语句!”
因为用od无法正常调试,故爆破。
由下向上看
00406CF6 .8BCE mov ecx,esi
00406CF8 .E8 E3C60000 call Unpacked.004133E0
00406CFD .85C0 test eax,eax
00406CFF .75 12 jnz short Unpacked.00406D13---------改je
00406D01 .50 push eax
00406D02 .68 A4D24200 push Unpacked.0042D2A4
未注册版本,请及时注册!-----------------------向上找跳转
00406D07 .68 BCDD4200 push Unpacked.0042DDBC
00406D0C .8BCE mov ecx,esi
00406D0E .E8 ED860100 call <jmp.&MFC42.#4224>
00406D13 >6A 00 push 0
00406D15 .8D8E 70190000 lea ecx,dword ptr ds:
00407D7E .8BF1 mov esi,ecx
00407D80 .8965 F0 mov dword ptr ss:,esp
00407D83 .E8 58B60000 call Unpacked.004133E0
00407D88 .85C0 test eax,eax
00407D8A .0F84 11010000 je Unpacked.00407EA1------在这------改jne
00407D90 .E8 83760100 call <jmp.&MFC42.#1168>
00407D95 .8B48 04 mov ecx,dword ptr ds:
00407D98 .E8 75760100 call <jmp.&MFC42.#1669>
00407D9D .8B86 D81A0000 mov eax,dword ptr ds:
00407DA3 .8B1D 10484200 mov ebx,dword ptr ds:[<&USER32.Sen>;USER32.SendMessageA
00407EA1 > \6A 00 push 0
Jump from 00407D8A-----------------向上找跳转
00407EA3 .68 A4D24200 push Unpacked.0042D2A4
未注册版本,此功能限用
00407EA8 .68 ECE14200 push Unpacked.0042E1EC
00407EAD .8BCE mov ecx,esi
00407EAF .E8 4C750100 call <jmp.&MFC42.#4224>
00407EB4 >8B4D 0C mov ecx,dword ptr ss:
00407EB7 .5F pop edi
00407EB8 .5E pop esi
00412360 .8965 F0 mov dword ptr ss:,esp
00412363 .E8 78100000 call Unpacked.004133E0
00412368 .85C0 test eax,eax
0041236A .0F84 7A010000 je Unpacked.004124EA---在这------改jne
00412370 .E8 A3D00000 call <jmp.&MFC42.#1168>
00412375 .8B48 04 mov ecx,dword ptr ds:
00412378 .E8 95D00000 call <jmp.&MFC42.#1669>
0041237D .8B86 90190000 mov eax,dword ptr ds:
00412383 .8B1D 10484200 mov ebx,dword ptr ds:[<&USER32.Sen>;USER32.SendMessageA
00412389 .6A 02 push 2 ; /lParam = 2
004124EA > \6A 00 push 0
Jump from 0041236A----------------------------------向上找跳转
004124EC .68 A4D24200 push Unpacked.0042D2A4
未注册版本,此功能限用
004124F1 .68 ECE14200 push Unpacked.0042E1EC
004124F6 .8BCE mov ecx,esi
004124F8 .E8 03CF0000 call <jmp.&MFC42.#4224>
004124FD .8B45 0C mov eax,dword ptr ss:
00412500 .8B4D F4 mov ecx,dword ptr ss:
00412503 .5F pop edi
00412504 .5E pop esi
00413243 .E8 98010000 call Unpacked.004133E0
00413248 .85C0 test eax,eax
0041324A .0F84 11010000 je Unpacked.00413361--------在这--------改jne
00413250 .E8 C3C10000 call <jmp.&MFC42.#1168>
00413255 .8B48 04 mov ecx,dword ptr ds:
00413258 .E8 B5C10000 call <jmp.&MFC42.#1669>
0041325D .8B86 50190000 mov eax,dword ptr ds:
00413263 .8B1D 10484200 mov ebx,dword ptr ds:[<&USER32.Sen>;USER32.SendMessageA
00413361 > \6A 00 push 0
Jump from 0041324A----------------向上找跳转
00413363 .68 A4D24200 push Unpacked.0042D2A4
未注册版本,此功能限用
00413368 .68 ECE14200 push Unpacked.0042E1EC
0041336D .8BCE mov ecx,esi
0041336F .E8 8CC00000 call <jmp.&MFC42.#4224>
00413374 >8B4D 0C mov ecx,dword ptr ss:
00413377 .5F pop edi
00413378 .5E pop esi
00413379 .5B pop ebx
0041337A .C701 00000000 mov dword ptr ds:,0
[ 本帖最后由 tigerisme 于 2006-8-26 20:58 编辑 ] 这个不错! 加精了!
OD可以调试的,关键是找对断点~ 这个算法并不是很难,你可以试着跟一下~~ 呵呵! 学习一下……! 希望能追出注册算法,毕竟,假如,
功能限制太多或者检测太多的话,
爆破要改的地方也太多 呵呵
不错
好象没总结哦 是啊,要改这么多麻烦,我还是喜欢完全破解的方式!
页:
[1]