发个VC++软件,一直不能完美~各位有空看看
好像暗桩很多,特别在样版结构设计里~早期一个版的风球帮破的文件也是不能保存文件最近小飘帮看的这个程序也是保存出错了~
有空的同学帮看看学习下哟,这样的等程序我们学习课程里也没讲到过,看到就知道啦!我发上一些破解内容,先发小飘的吧
思路:一个一个解除;
方法:万能断点。
首先:
1、工艺设计系统和款式设计系统:(pattern.dll)他们都在同一个地方验证。搞定一个就解决了。
OD 载入 F9运行,输入注册码。下万能断点。
断在:
77D3352D F3:A5 rep movs dword ptr es:,dword ptr ds>
77D3352F 8BC8 mov ecx,eax
77D33531 83E1 03 and ecx,3
77D33534 F3:A4 rep movs byte ptr es:,byte ptr ds:[>
77D33536 E8 E3FBFFFF call USER32.77D3311E
77D3353B 5F pop edi
77D3353C 5E pop esi
77D3353D 8BC3 mov eax,ebx
77D3353F 5B pop ebx
77D33540 5D pop ebp
77D33541 C2 1000 retn 10
取消断点,F8多次返回到
10001469|.8945 88 mov dword ptr ss:,eax
1000146C|.837D 88 01 cmp dword ptr ss:,1
段首下断:
100013C4 >/$55 push ebp
100013C5|.8BEC mov ebp,esp
100013C7|.6A FF push -1
100013C9|.68 133C0110 push pattern.10013C13 ;SE handler installation
100013CE|.64:A1 0000000>mov eax,dword ptr fs:
100013D4|.50 push eax
100013D5|.64:8925 00000>mov dword ptr fs:,esp
100013DC|.81EC 9C000000 sub esp,9C
100013E2|.898D 68FFFFFF mov dword ptr ss:,ecx
100013E8|.8D4D 84 lea ecx,dword ptr ss:
100013EB|.E8 D0010000 call pattern.100015C0
100013F0|.C745 FC 00000>mov dword ptr ss:,0
100013F7|.8D4D 80 lea ecx,dword ptr ss:
100013FA|.E8 897B0000 call pattern.10008F88
100013FF|.51 push ecx
10001400|.8BCC mov ecx,esp
10001402|.89A5 7CFFFFFF mov dword ptr ss:,esp
10001408|.68 88B50110 push pattern.1001B588
1000140D|.E8 4EF30000 call pattern.10010760
10001412|.8985 64FFFFFF mov dword ptr ss:,eax ; |
10001418|.8D4D 80 lea ecx,dword ptr ss: ; |
1000141B|.E8 DE7B0000 call pattern.10008FFE ; \pattern.10008FFE
10001420|.8985 60FFFFFF mov dword ptr ss:,eax
10001426|.83BD 60FFFFFF>cmp dword ptr ss:,0
1000142D|.74 24 je short pattern.10001453 ;重启验证的地方,跳了就完蛋了,等于0就没有注册。NOP就可爆破
1000142F|.C785 78FFFFFF>mov dword ptr ss:,1
10001439|.C745 FC FFFFF>mov dword ptr ss:,-1
10001440|.8D4D 84 lea ecx,dword ptr ss:
10001443|.E8 EEF20000 call pattern.10010736
10001448|.8B85 78FFFFFF mov eax,dword ptr ss:
1000144E|.E9 C3000000 jmp pattern.10001516
10001453|>6A 00 push 0 ; /Arg1 = 00000000
10001455|.8D4D 8C lea ecx,dword ptr ss: ; |
10001458|.E8 C3FCFFFF call pattern.10001120 ; \pattern.10001120
1000145D|.C645 FC 01 mov byte ptr ss:,1
10001461|.8D4D 8C lea ecx,dword ptr ss:
10001464|.E8 A9C00000 call pattern.1000D512 ;弹出注册框
10001469|.8945 88 mov dword ptr ss:,eax
1000146C|.837D 88 01 cmp dword ptr ss:,1
10001470|.75 79 jnz short pattern.100014EB
10001472|.8D4D EC lea ecx,dword ptr ss:
10001475|.E8 66010000 call pattern.100015E0
1000147A|.50 push eax ;假码
1000147B|.E8 D00F0000 call pattern.10002450
10001480|.83C4 04 add esp,4 ;假码
10001483|.85C0 test eax,eax
10001485|.74 64 je short pattern.100014EB
10001487|.8D4D EC lea ecx,dword ptr ss:
1000148A|.E8 5AAA0000 call pattern.1000BEE9
1000148F|.51 push ecx
10001490|.8BCC mov ecx,esp
10001492|.89A5 74FFFFFF mov dword ptr ss:,esp
10001498|.8D45 EC lea eax,dword ptr ss:
1000149B|.50 push eax
1000149C|.E8 28F00000 call pattern.100104C9
100014A1|.8985 5CFFFFFF mov dword ptr ss:,eax ; |
100014A7|.8D4D 80 lea ecx,dword ptr ss: ; |
100014AA|.E8 4F7B0000 call pattern.10008FFE ; \pattern.10008FFE
100014AF|.8985 58FFFFFF mov dword ptr ss:,eax
100014B5|.83BD 58FFFFFF>cmp dword ptr ss:,0
100014BC|.74 2D je short pattern.100014EB ;如果这里不跳的话,就可以进入进行设计
100014BE|.C785 70FFFFFF>mov dword ptr ss:,1
100014C8|.C645 FC 00 mov byte ptr ss:,0
100014CC|.8D4D 8C lea ecx,dword ptr ss:
100014CF|.E8 8C000000 call pattern.10001560
100014D4|.C745 FC FFFFF>mov dword ptr ss:,-1
100014DB|.8D4D 84 lea ecx,dword ptr ss:
100014DE|.E8 53F20000 call pattern.10010736
100014E3|.8B85 70FFFFFF mov eax,dword ptr ss:
100014E9|.EB 2B jmp short pattern.10001516
100014EB|>C785 6CFFFFFF>mov dword ptr ss:,0
100014F5|.C645 FC 00 mov byte ptr ss:,0
100014F9|.8D4D 8C lea ecx,dword ptr ss:
100014FC|.E8 5F000000 call pattern.10001560
10001501|.C745 FC FFFFF>mov dword ptr ss:,-1
10001508|.8D4D 84 lea ecx,dword ptr ss:
1000150B|.E8 26F20000 call pattern.10010736
10001510|.8B85 6CFFFFFF mov eax,dword ptr ss:
10001516|>8B4D F4 mov ecx,dword ptr ss:
10001519|.64:890D 00000>mov dword ptr fs:,ecx
10001520|.8BE5 mov esp,ebp
10001522|.5D pop ebp
10001523\.C3 retn
2、排料系统:
方法和上一个一样:万能断点.
断在:
77D3352D F3:A5 rep movs dword ptr es:,dword ptr ds>
77D3352F 8BC8 mov ecx,eax
77D33531 83E1 03 and ecx,3
77D33534 F3:A4 rep movs byte ptr es:,byte ptr ds:[>
77D33536 E8 E3FBFFFF call USER32.77D3311E
77D3353B 5F pop edi
77D3353C 5E pop esi
77D3353D 8BC3 mov eax,ebx
77D3353F 5B pop ebx
77D33540 5D pop ebp
77D33541 C2 1000 retn 10
取消断点,F8多次
返回到这里:
00425080/$6A FF push -1
00425082|.68 F04C5400 push 排料系统.00544CF0 ;SE handler installation
00425087|.64:A1 0000000>mov eax,dword ptr fs:
0042508D|.50 push eax
0042508E|.64:8925 00000>mov dword ptr fs:,esp
00425095|.83EC 70 sub esp,70
00425098|.A1 A8565800 mov eax,dword ptr ds:
0042509D|.57 push edi
0042509E|.894424 04 mov dword ptr ss:,eax
004250A2|.8D4C24 08 lea ecx,dword ptr ss:
004250A6|.C74424 7C 000>mov dword ptr ss:,0
004250AE|.E8 C5FA0E00 call 排料系统.00514B78
004250B3|.51 push ecx
004250B4|.8BCC mov ecx,esp
004250B6|.896424 10 mov dword ptr ss:,esp
004250BA|.68 48805800 push 排料系统.00588048
004250BF|.E8 A5DE0F00 call 排料系统.00522F69
004250C4|.8D4C24 0C lea ecx,dword ptr ss: ; |
004250C8|.E8 21FB0E00 call 排料系统.00514BEE ; \排料系统.00514BEE
004250CD|.85C0 test eax,eax
004250CF|.74 26 je short 排料系统.004250F7 ;重启验证的地方。关键跳,跳了就完蛋,nop
004250D1|.8D4C24 04 lea ecx,dword ptr ss:
004250D5|.C74424 7C FFF>mov dword ptr ss:,-1
004250DD|.E8 19DE0F00 call 排料系统.00522EFB
004250E2|.B8 01000000 mov eax,1 ;注意这里eax=1
004250E7|.8B4C24 74 mov ecx,dword ptr ss:
004250EB|.64:890D 00000>mov dword ptr fs:,ecx
004250F2|.5F pop edi
004250F3|.83C4 7C add esp,7C
004250F6|.C3 retn
004250F7|>6A 00 push 0
004250F9|.8D4C24 14 lea ecx,dword ptr ss:
004250FD|.E8 FEFDFFFF call 排料系统.00424F00
00425102|.8D4C24 10 lea ecx,dword ptr ss:
00425106|.C64424 7C 01mov byte ptr ss:,1
0042510B|.E8 7C9A0F00 call 排料系统.0051EB8C ;弹出注册框
00425110|.83F8 01 cmp eax,1
00425113|.0F85 87000000 jnz 排料系统.004251A0
00425119|.8B7C24 70 mov edi,dword ptr ss:
0042511D|.83C9 FF or ecx,FFFFFFFF
00425120|.33C0 xor eax,eax
00425122|.F2:AE repne scas byte ptr es:
00425124|.F7D1 not ecx
00425126|.49 dec ecx
00425127|.74 77 je short 排料系统.004251A0
00425129|.8D4C24 70 lea ecx,dword ptr ss:
0042512D|.E8 4F640F00 call 排料系统.0051B581
00425132|.51 push ecx
00425133|.8D5424 74 lea edx,dword ptr ss:
00425137|.8BCC mov ecx,esp
00425139|.896424 10 mov dword ptr ss:,esp
0042513D|.52 push edx
0042513E|.E8 2DDB0F00 call 排料系统.00522C70
00425143|.8D4C24 0C lea ecx,dword ptr ss: ;
00425147|.E8 A2FA0E00 call 排料系统.00514BEE ; \排料系统.00514BEE
0042514C|.85C0 test eax,eax
0042514E|.74 50 je short 排料系统.004251A0 ;这里不跳的话就注册成功
00425150|.8D4C24 70 lea ecx,dword ptr ss:
00425154|.C64424 7C 03mov byte ptr ss:,3
00425159|.E8 9DDD0F00 call 排料系统.00522EFB
0042515E|.8D4C24 6C lea ecx,dword ptr ss:
00425162|.C64424 7C 02mov byte ptr ss:,2
00425167|.E8 8FDD0F00 call 排料系统.00522EFB
0042516C|.8D4C24 10 lea ecx,dword ptr ss:
00425170|.C64424 7C 00mov byte ptr ss:,0
00425175|.E8 04960F00 call 排料系统.0051E77E
0042517A|.8D4C24 04 lea ecx,dword ptr ss:
0042517E|.C74424 7C FFF>mov dword ptr ss:,-1
00425186|.E8 70DD0F00 call 排料系统.00522EFB
0042518B|.B8 01000000 mov eax,1 ;注意这里,eax=1
00425190|.8B4C24 74 mov ecx,dword ptr ss:
00425194|.64:890D 00000>mov dword ptr fs:,ecx
0042519B|.5F pop edi
0042519C|.83C4 7C add esp,7C
0042519F|.C3 retn
004251A0|>8D4C24 70 lea ecx,dword ptr ss:
004251A4|.C64424 7C 05mov byte ptr ss:,5
004251A9|.E8 4DDD0F00 call 排料系统.00522EFB
004251AE|.8D4C24 6C lea ecx,dword ptr ss:
004251B2|.C64424 7C 04mov byte ptr ss:,4
004251B7|.E8 3FDD0F00 call 排料系统.00522EFB
004251BC|.8D4C24 10 lea ecx,dword ptr ss:
004251C0|.C64424 7C 00mov byte ptr ss:,0
004251C5|.E8 B4950F00 call 排料系统.0051E77E
004251CA|.8D4C24 04 lea ecx,dword ptr ss:
004251CE|.C74424 7C FFF>mov dword ptr ss:,-1
004251D6|.E8 20DD0F00 call 排料系统.00522EFB
004251DB|.8B4C24 74 mov ecx,dword ptr ss:
004251DF|.33C0 xor eax,eax
004251E1|.64:890D 00000>mov dword ptr fs:,ecx
004251E8|.5F pop edi
004251E9|.83C4 7C add esp,7C
004251EC\.C3 retn
3、数据解读(datatrans.dll):
它和工艺设计系统:(pattern.dll)验证在同一段。虽然是不同的DLL,但是在同一段,我不知道然如何解释。
万能断点:F8多次返回到:
10001469 8945 88 mov dword ptr ss:,eax
1000146C 837D 88 01 cmp dword ptr ss:,1
段首:
100013C4 >55 push ebp
100013C5 8BEC mov ebp,esp
100013C7 6A FF push -1
100013C9 68 133C0110 push datatran.10013C13
100013CE 64:A1 00000000mov eax,dword ptr fs:
100013D4 50 push eax
100013D5 64:8925 0000000>mov dword ptr fs:,esp
100013DC 81EC 9C000000 sub esp,9C
100013E2 898D 68FFFFFF mov dword ptr ss:,ecx
100013E8 8D4D 84 lea ecx,dword ptr ss:
100013EB E8 D0010000 call datatran.100015C0
100013F0 C745 FC 0000000>mov dword ptr ss:,0
100013F7 8D4D 80 lea ecx,dword ptr ss:
100013FA E8 897B0000 call datatran.10008F88
100013FF 51 push ecx
10001400 8BCC mov ecx,esp
10001402 89A5 7CFFFFFF mov dword ptr ss:,esp
10001408 68 88B50110 push datatran.1001B588
1000140D E8 4EF30000 call datatran.10010760
10001412 8985 64FFFFFF mov dword ptr ss:,eax
10001418 8D4D 80 lea ecx,dword ptr ss:
1000141B E8 DE7B0000 call datatran.10008FFE
10001420 8985 60FFFFFF mov dword ptr ss:,eax
10001426 83BD 60FFFFFF 0>cmp dword ptr ss:,0
1000142D 74 24 je short datatran.10001453 ; 重启验证的地方,改为NOP
1000142F C785 78FFFFFF 0>mov dword ptr ss:,1
10001439 C745 FC FFFFFFF>mov dword ptr ss:,-1
10001440 8D4D 84 lea ecx,dword ptr ss:
10001443 E8 EEF20000 call datatran.10010736
10001448 8B85 78FFFFFF mov eax,dword ptr ss:
1000144E E9 C3000000 jmp datatran.10001516
10001453 6A 00 push 0
10001455 8D4D 8C lea ecx,dword ptr ss:
10001458 E8 C3FCFFFF call datatran.10001120
1000145D C645 FC 01 mov byte ptr ss:,1
10001461 8D4D 8C lea ecx,dword ptr ss:
10001464 E8 A9C00000 call datatran.1000D512 ; 弹出注册框
10001469 8945 88 mov dword ptr ss:,eax
1000146C 837D 88 01 cmp dword ptr ss:,1
10001470 75 79 jnz short datatran.100014EB
10001472 8D4D EC lea ecx,dword ptr ss:
10001475 E8 66010000 call datatran.100015E0
1000147A 50 push eax
1000147B E8 D00F0000 call datatran.10002450
10001480 83C4 04 add esp,4
10001483 85C0 test eax,eax
10001485 74 64 je short datatran.100014EB
10001487 8D4D EC lea ecx,dword ptr ss: ; 假码
1000148A E8 5AAA0000 call datatran.1000BEE9
1000148F 51 push ecx
10001490 8BCC mov ecx,esp
10001492 89A5 74FFFFFF mov dword ptr ss:,esp
10001498 8D45 EC lea eax,dword ptr ss:
1000149B 50 push eax
1000149C E8 28F00000 call datatran.100104C9
100014A1 8985 5CFFFFFF mov dword ptr ss:,eax
100014A7 8D4D 80 lea ecx,dword ptr ss:
100014AA E8 4F7B0000 call datatran.10008FFE
100014AF 8985 58FFFFFF mov dword ptr ss:,eax
100014B5 83BD 58FFFFFF 0>cmp dword ptr ss:,0
100014BC 74 2D je short datatran.100014EB ; 这里如果不跳的话也就注册成功
100014BE C785 70FFFFFF 0>mov dword ptr ss:,1
100014C8 C645 FC 00 mov byte ptr ss:,0
100014CC 8D4D 8C lea ecx,dword ptr ss:
100014CF E8 8C000000 call datatran.10001560
100014D4 C745 FC FFFFFFF>mov dword ptr ss:,-1
100014DB 8D4D 84 lea ecx,dword ptr ss:
100014DE E8 53F20000 call datatran.10010736
100014E3 8B85 70FFFFFF mov eax,dword ptr ss:
100014E9 EB 2B jmp short datatran.10001516
100014EB C785 6CFFFFFF 0>mov dword ptr ss:,0
100014F5 C645 FC 00 mov byte ptr ss:,0
100014F9 8D4D 8C lea ecx,dword ptr ss:
100014FC E8 5F000000 call datatran.10001560
10001501 C745 FC FFFFFFF>mov dword ptr ss:,-1
10001508 8D4D 84 lea ecx,dword ptr ss:
1000150B E8 26F20000 call datatran.10010736
10001510 8B85 6CFFFFFF mov eax,dword ptr ss:
10001516 8B4D F4 mov ecx,dword ptr ss:
10001519 64:890D 0000000>mov dword ptr fs:,ecx
10001520 8BE5 mov esp,ebp
10001522 5D pop ebp
10001523 C3 retn
4、样片结构设计:万能断点。
F8多次返回到:
004DFBDE|.F2:AE repne scas byte ptr es:
004DFBE0|.F7D1 not ecx
004DFBE2|.49 dec ecx
004DFBE3|.0F84 86000000 je 样片结构.004DFC6F
段首:
004DFB30/$6A FF push -1
004DFB32|.68 F0BD5300 push 样片结构.0053BDF0 ;SE handler installation
004DFB37|.64:A1 0000000>mov eax,dword ptr fs:
004DFB3D|.50 push eax
004DFB3E|.64:8925 00000>mov dword ptr fs:,esp
004DFB45|.83EC 74 sub esp,74
004DFB48|.A1 50D65600 mov eax,dword ptr ds:
004DFB4D|.57 push edi
004DFB4E|.894424 04 mov dword ptr ss:,eax
004DFB52|.8D4C24 08 lea ecx,dword ptr ss:
004DFB56|.C78424 800000>mov dword ptr ss:,0
004DFB61|.E8 62F20100 call 样片结构.004FEDC8
004DFB66|.51 push ecx
004DFB67|.8BCC mov ecx,esp
004DFB69|.896424 10 mov dword ptr ss:,esp
004DFB6D|.68 10FE5600 push 样片结构.0056FE10
004DFB72|.E8 D4C90200 call 样片结构.0050C54B
004DFB77|.8D4C24 0C lea ecx,dword ptr ss: ; |
004DFB7B|.E8 BEF20100 call 样片结构.004FEE3E ; \样片结构.004FEE3E
004DFB80 85C0 test eax,eax
004DFB82 74 2C je short 样片结构.004DFBB0 ;重启验证的地方,NOP,但是还是建立空文档失败
004DFB84|.8D4C24 04 lea ecx,dword ptr ss:
004DFB88|.C78424 800000>mov dword ptr ss:,-1
004DFB93|.E8 45C90200 call 样片结构.0050C4DD
004DFB98|.B8 01000000 mov eax,1 ;注意EAX=1
004DFB9D|.8B4C24 78 mov ecx,dword ptr ss:
004DFBA1|.64:890D 00000>mov dword ptr fs:,ecx
004DFBA8|.5F pop edi
004DFBA9|.81C4 80000000 add esp,80
004DFBAF|.C3 retn
004DFBB0|>6A 00 push 0
004DFBB2|.8D4C24 14 lea ecx,dword ptr ss:
004DFBB6|.E8 A5FCFFFF call 样片结构.004DF860
004DFBBB|.8D4C24 10 lea ecx,dword ptr ss:
004DFBBF|.C68424 800000>mov byte ptr ss:,1
004DFBC7|.E8 2AD50200 call 样片结构.0050D0F6
004DFBCC|.83F8 01 cmp eax,1
004DFBCF|.0F85 9A000000 jnz 样片结构.004DFC6F
004DFBD5|.8B7C24 70 mov edi,dword ptr ss:
004DFBD9|.83C9 FF or ecx,FFFFFFFF
004DFBDC|.33C0 xor eax,eax
004DFBDE|.F2:AE repne scas byte ptr es:
004DFBE0|.F7D1 not ecx
004DFBE2|.49 dec ecx
004DFBE3|.0F84 86000000 je 样片结构.004DFC6F
004DFBE9|.8D4C24 70 lea ecx,dword ptr ss:
004DFBED|.E8 F65F0200 call 样片结构.00505BE8
004DFBF2|.51 push ecx
004DFBF3|.8D5424 74 lea edx,dword ptr ss:
004DFBF7|.8BCC mov ecx,esp
004DFBF9|.896424 10 mov dword ptr ss:,esp
004DFBFD|.52 push edx
004DFBFE|.E8 4FC60200 call 样片结构.0050C252
004DFC03|.8D4C24 0C lea ecx,dword ptr ss: ; |
004DFC07|.E8 32F20100 call 样片结构.004FEE3E ; \样片结构.004FEE3E
004DFC0C|.85C0 test eax,eax
004DFC0E|.74 5F je short 样片结构.004DFC6F ;不跳就注册成功但是建立文本失败
004DFC10|.8D4C24 70 lea ecx,dword ptr ss:
004DFC14|.C68424 800000>mov byte ptr ss:,3
004DFC1C|.E8 BCC80200 call 样片结构.0050C4DD
004DFC21|.8D4C24 6C lea ecx,dword ptr ss:
004DFC25|.C68424 800000>mov byte ptr ss:,2
004DFC2D|.E8 ABC80200 call 样片结构.0050C4DD
004DFC32|.8D4C24 10 lea ecx,dword ptr ss:
004DFC36|.C68424 800000>mov byte ptr ss:,0
004DFC3E|.E8 A5D00200 call 样片结构.0050CCE8
004DFC43|.8D4C24 04 lea ecx,dword ptr ss:
004DFC47|.C78424 800000>mov dword ptr ss:,-1
004DFC52|.E8 86C80200 call 样片结构.0050C4DD
004DFC57|.B8 01000000 mov eax,1 ;eax=1
004DFC5C|.8B4C24 78 mov ecx,dword ptr ss:
004DFC60|.64:890D 00000>mov dword ptr fs:,ecx
004DFC67|.5F pop edi
004DFC68|.81C4 80000000 add esp,80
004DFC6E|.C3 retn
004DFC6F|>8D4C24 70 lea ecx,dword ptr ss:
004DFC73|.C68424 800000>mov byte ptr ss:,5
004DFC7B|.E8 5DC80200 call 样片结构.0050C4DD
004DFC80|.8D4C24 6C lea ecx,dword ptr ss:
004DFC84|.C68424 800000>mov byte ptr ss:,4
004DFC8C|.E8 4CC80200 call 样片结构.0050C4DD
004DFC91|.8D4C24 10 lea ecx,dword ptr ss:
004DFC95|.C68424 800000>mov byte ptr ss:,0
004DFC9D|.E8 46D00200 call 样片结构.0050CCE8
004DFCA2|.8D4C24 04 lea ecx,dword ptr ss:
004DFCA6|.C78424 800000>mov dword ptr ss:,-1
004DFCB1|.E8 27C80200 call 样片结构.0050C4DD
004DFCB6|.8B4C24 78 mov ecx,dword ptr ss:
004DFCBA|.33C0 xor eax,eax
004DFCBC|.64:890D 00000>mov dword ptr fs:,ecx
004DFCC3|.5F pop edi
004DFCC4|.81C4 80000000 add esp,80
004DFCCA\.C3 retn
至于那个建立文档失败就搞不定了,不知道为什么,都是同一种验证方式,但就是建立文档失败。
破文和以前的程序在办公室,先发个我发QQ中转站的等程序吧
还有个以前风球同志做的文件,破解文件在附件~原程序就中转站地址吧
http://xianexs.mail.qq.com/cgi-bin/downloadfilepart/svrid228/%B7%FE%D7%B0%CD%F8%C2%E7%B0%E6.rar?svrid=228&fid=b2f3ddd15ecad82fdb3b5563625820aee31dd683823c0964&&txf_fid=689dee6a8ccb7522a75d240da356636bafac10f3&&txf_sid=be7d7f428412444a456cdd1874f87f1549525197
提取码:4c630dc6
再发个进去之后的图片,那个保存图标完美的话就可以保存样片的 以前风球兄弟的一些资料
爱科服装CAD系统 学习版
人员代码:msystem
口 令:hhx1976
--------------------------------------
主要破解文件为pattern.dll、排料系统、工艺设计系统(自校验)。
BP MessageBoxA
Copy code0044ED0F 52 push edx
0044ED10 E8 AB190000 call 工艺设计.004506C0 ; 关键,跟进修改AL值=1
0044ED15 8845 CC mov byte ptr ss:,al
0044ED18 C645 FC 05 mov byte ptr ss:,5
0044ED1C 8D4D BC lea ecx,dword ptr ss:
0044ED1F E8 2DBB0000 call 工艺设计.0045A851
0044ED24 C645 FC 03 mov byte ptr ss:,3
0044ED28 8D4D C4 lea ecx,dword ptr ss:
0044ED2B E8 21BB0000 call 工艺设计.0045A851
0044ED30 8B45 CC mov eax,dword ptr ss:
0044ED33 25 FF000000 and eax,0FF ///////
0044ED38 85C0 test eax,eax ///////
0044ED3A 74 3F je short 工艺设计.0044ED7B ///////这三行代码可作为查找关键
Ctrl+B 二进制代码为 E8????????8B45CC25FF00000085C074 破解关键点
工艺设计系统 自校验的去除
Copy code00403D38 8D4C24 14 lea ecx,dword ptr ss:
00403D3C E8 DDA00400 call 工艺设计.0044DE1E
00403D41 33ED xor ebp,ebp
00403D43 3BC5 cmp eax,ebp
00403D45 75 29 jnz short 工艺设计.00403D70
00403D47 8D4C24 14 lea ecx,dword ptr ss:
00403D4B E8 CCC90400 call <jmp.&pattern.CGetInstall::CGetInstall>
00403D50 8D4C24 14 lea ecx,dword ptr ss:
00403D54 E8 BDC90400 call <jmp.&pattern.CGetInstall::isOK>
00403D59 85C0 test eax,eax
00403D5B 75 13 jnz short 工艺设计.00403D70
00403D5D 8B4C24 40 mov ecx,dword ptr ss:
00403D61 64:890D 00000000mov dword ptr fs:,ecx
00403D68 5F pop edi
00403D69 5E pop esi
00403D6A 5D pop ebp
00403D6B 5B pop ebx
00403D6C 83C4 3C add esp,3C //查找关键
00403D6F C3 retn
00403D70 B9 881E4A00 mov ecx,工艺设计.004A1E88
00403D75 E8 06570100 call 工艺设计.00419480
00403D7A 85C0 test eax,eax
00403D7C 75 13 jnz short 工艺设计.00403D91 //JMP
00403D7E 8B4C24 40 mov ecx,dword ptr ss:
关键CALL的内容均类似于
Copy code00402630 55 push ebp //mov al,1 ret
00402631 8BEC mov ebp,esp
00402633 8B45 0C mov eax,dword ptr ss:
00402636 50 push eax
00402637 8B4D 08 mov ecx,dword ptr ss:
0040263A E8 11000000 call 排料系统.00402650
0040263F F7D8 neg eax
00402641 1BC0 sbb eax,eax
00402643 40 inc eax
00402644 5D pop ebp
00402645 C2 0800 retn 8
页:
[1]