看下0047A442这里
请问这个用的什么断点~~~~
能给个教程吗 00478A78/$55 push ebp
00478A79|.8BEC mov ebp, esp
00478A7B|.B9 06000000 mov ecx, 6
00478A80|>6A 00 /push 0
00478A82|.6A 00 |push 0
00478A84|.49 |dec ecx
00478A85|.^ 75 F9 \jnz short 00478A80
00478A87|.53 push ebx
00478A88|.8BD8 mov ebx, eax
00478A8A|.33C0 xor eax, eax
00478A8C|.55 push ebp
00478A8D|.68 EE8C4700 push 00478CEE
00478A92|.64:FF30 push dword ptr fs:
00478A95|.64:8920 mov dword ptr fs:, esp
00478A98|.C683 44160500>mov byte ptr , 36
00478A9F|.8D4D FC lea ecx, dword ptr
00478AA2|.B2 02 mov dl, 2
00478AA4|.8BC3 mov eax, ebx
00478AA6|.E8 A5F4FFFF call 00477F50
00478AAB|.8B55 FC mov edx, dword ptr
00478AAE|.8D83 B4090500 lea eax, dword ptr
00478AB4|.E8 DFB0F8FF call 00403B98
00478AB9|.8D4D F8 lea ecx, dword ptr
00478ABC|.B2 01 mov dl, 1
00478ABE|.8BC3 mov eax, ebx
00478AC0|.E8 8BF4FFFF call 00477F50
00478AC5|.8B55 F8 mov edx, dword ptr
00478AC8|.8D83 78110500 lea eax, dword ptr
00478ACE|.E8 C5B0F8FF call 00403B98
00478AD3|.8D55 F0 lea edx, dword ptr
00478AD6|.A1 04574800 mov eax, dword ptr
00478ADB|.8B00 mov eax, dword ptr
00478ADD|.E8 EA15FDFF call 0044A0CC
00478AE2|.8B45 F0 mov eax, dword ptr
00478AE5|.8D55 F4 lea edx, dword ptr
00478AE8|.E8 CF01F9FF call 00408CBC
00478AED|.8B55 F4 mov edx, dword ptr
00478AF0|.8D83 74110500 lea eax, dword ptr
00478AF6|.B9 048D4700 mov ecx, 00478D04 ;inifile
00478AFB|.E8 10B3F8FF call 00403E10
00478B00|.8D55 E8 lea edx, dword ptr
00478B03|.A1 04574800 mov eax, dword ptr
00478B08|.8B00 mov eax, dword ptr
00478B0A|.E8 BD15FDFF call 0044A0CC
00478B0F|.8B45 E8 mov eax, dword ptr
00478B12|.8D55 EC lea edx, dword ptr
00478B15|.E8 A201F9FF call 00408CBC
00478B1A|.8B55 EC mov edx, dword ptr
00478B1D|.8D83 7C110500 lea eax, dword ptr
00478B23|.B9 148D4700 mov ecx, 00478D14 ;saveini
00478B28|.E8 E3B2F8FF call 00403E10
00478B2D|.8D55 E0 lea edx, dword ptr
00478B30|.A1 04574800 mov eax, dword ptr
00478B35|.8B00 mov eax, dword ptr
00478B37|.E8 9015FDFF call 0044A0CC
00478B3C|.8B45 E0 mov eax, dword ptr
00478B3F|.8D55 E4 lea edx, dword ptr
00478B42|.E8 7501F9FF call 00408CBC
00478B47|.8B55 E4 mov edx, dword ptr
00478B4A|.8D83 3C0A0500 lea eax, dword ptr
00478B50|.B9 248D4700 mov ecx, 00478D24 ;考易试卷阅读器.exe
00478B55|.E8 B6B2F8FF call 00403E10
00478B5A|.B2 05 mov dl, 5
00478B5C|.8B83 D0020000 mov eax, dword ptr
00478B62|.E8 6127FBFF call 0042B2C8
00478B67|.B2 05 mov dl, 5
00478B69|.8B83 70030000 mov eax, dword ptr
00478B6F|.E8 5427FBFF call 0042B2C8
00478B74|.B2 05 mov dl, 5
00478B76|.8B83 78030000 mov eax, dword ptr
00478B7C|.E8 4727FBFF call 0042B2C8
00478B81|.B2 05 mov dl, 5
00478B83|.8B83 88030000 mov eax, dword ptr
00478B89|.E8 3A27FBFF call 0042B2C8
00478B8E|.B2 05 mov dl, 5
00478B90|.8B83 20040000 mov eax, dword ptr
00478B96|.E8 2D27FBFF call 0042B2C8
00478B9B|.BA 3C8D4700 mov edx, 00478D3C ;a
00478BA0|.8B83 70030000 mov eax, dword ptr
00478BA6|.E8 B572FEFF call 0045FE60
00478BAB|.8B83 70030000 mov eax, dword ptr
00478BB1|.E8 3E33FBFF call 0042BEF4
00478BB6|.BA 3C8D4700 mov edx, 00478D3C ;a
00478BBB|.8B83 78030000 mov eax, dword ptr
00478BC1|.E8 9A72FEFF call 0045FE60
00478BC6|.8B83 70030000 mov eax, dword ptr
00478BCC|.E8 2333FBFF call 0042BEF4
00478BD1|.B2 05 mov dl, 5
00478BD3|.8B83 94030000 mov eax, dword ptr
00478BD9|.E8 EA26FBFF call 0042B2C8
00478BDE|.B2 05 mov dl, 5
00478BE0|.8B83 98030000 mov eax, dword ptr
00478BE6|.E8 DD26FBFF call 0042B2C8
00478BEB|.B2 05 mov dl, 5
00478BED|.8B83 C8030000 mov eax, dword ptr
00478BF3|.E8 D026FBFF call 0042B2C8
00478BF8|.8BC3 mov eax, ebx
00478BFA|.E8 95730000 call 0047FF94
00478BFF|.8BC3 mov eax, ebx
00478C01|.E8 1A6C0000 call 0047F820
00478C06|.8D83 40160500 lea eax, dword ptr
00478C0C|.BA 5C8D4700 mov edx, 00478D5C ;00000066 这里 的值不同版本就不同
00478C11|.E8 82AFF8FF call 00403B98
00478C16|.C783 48160500>mov dword ptr , 30
00478C20|.8D55 D8 lea edx, dword ptr
00478C23|.A1 04574800 mov eax, dword ptr
00478C28|.8B00 mov eax, dword ptr
00478C2A|.E8 9D14FDFF call 0044A0CC
00478C2F|.8B45 D8 mov eax, dword ptr
00478C32|.8D55 DC lea edx, dword ptr
00478C35|.E8 8200F9FF call 00408CBC
00478C3A|.8D45 DC lea eax, dword ptr
00478C3D|.BA 708D4700 mov edx, 00478D70 ;regkysoft.dll
00478C42|.E8 85B1F8FF call 00403DCC
00478C47|.8B55 DC mov edx, dword ptr
00478C4A|.8BC3 mov eax, ebx
00478C4C|.E8 8B8D0000 call 004819DC
00478C51|.48 dec eax
00478C52 74 51 je short 00478CA5 ;这里原来为75改为74
00478C54|.C683 45160500>mov byte ptr , 0C
00478C5B|.C783 48160500>mov dword ptr , 3EA
00478C65|.BA 888D4700 mov edx, 00478D88 ;软件信息
00478C6A|.8B83 40030000 mov eax, dword ptr
00478C70|.E8 AF30FCFF call 0043BD24
00478C75|.33D2 xor edx, edx
00478C77|.8B83 1C040000 mov eax, dword ptr
00478C7D|.E8 462FFBFF call 0042BBC8
00478C82|.8D55 D4 lea edx, dword ptr
00478C85|.8BC3 mov eax, ebx
00478C87|.E8 2430FBFF call 0042BCB0
00478C8C|.8D45 D4 lea eax, dword ptr
00478C8F|.BA 9C8D4700 mov edx, 00478D9C ; 注册版
00478C94|.E8 33B1F8FF call 00403DCC
00478C99|.8B55 D4 mov edx, dword ptr
00478C9C|.8BC3 mov eax, ebx
00478C9E|.E8 3D30FBFF call 0042BCE0
00478CA3|.EB 21 jmp short 00478CC6
00478CA5|>8D55 D0 lea edx, dword ptr
00478CA8|.8BC3 mov eax, ebx
00478CAA|.E8 0130FBFF call 0042BCB0
00478CAF|.8D45 D0 lea eax, dword ptr
00478CB2|.BA B08D4700 mov edx, 00478DB0 ; 未注册版
00478CB7|.E8 10B1F8FF call 00403DCC
00478CBC|.8B55 D0 mov edx, dword ptr
00478CBF|.8BC3 mov eax, ebx
00478CC1|.E8 1A30FBFF call 0042BCE0
00478CC6|>33C0 xor eax, eax
00478CC8|.5A pop edx
00478CC9|.59 pop ecx
00478CCA|.59 pop ecx
00478CCB|.64:8910 mov dword ptr fs:, edx
00478CCE|.68 F58C4700 push 00478CF5
00478CD3|>8D45 D0 lea eax, dword ptr
00478CD6|.BA 02000000 mov edx, 2
00478CDB|.E8 88AEF8FF call 00403B68
00478CE0|.8D45 D8 lea eax, dword ptr
00478CE3|.BA 0A000000 mov edx, 0A
00478CE8|.E8 7BAEF8FF call 00403B68
00478CED\.C3 retn爆破完成。 呵呵 这样是不完整的 还是没破解干净啊 楼上的各位啊。。。。
你们生成个试卷试试。。。
这个软件关键就是脱壳,破解没什么难度!!
已破解的附件,请到我的回帖里找 楼上的你生成个exe试题然后运行下你就明白了。。。。http://www.abc101.cn/kssoft.rar
破解这个版本试试吧那个版本有问题。。。。 不能破解多选 这两个软件在破解上基本就不是一个档次的 楼上你生成个exe试卷来吗?
生成出来一点就提示 数据被修改。。。。
http://www.abc101.cn/kssoft.rar 这是新版的旧版的那个已经有人破解了。。。那个不能用是个垃圾版本。。
[ 本帖最后由 xiaoquzb 于 2008-10-13 13:03 编辑 ]