屏幕录象机s-recorder(HQB_SDemo2.0)的另一种破解法
00407E70/$81EC D0000000 sub esp, 0D000407E76|.53 push ebx
00407E77|.55 push ebp
00407E78|.56 push esi
...
00407F20|.05 D4000000 add eax, 0D4
00407F25|.50 push eax ; /<%s>
00407F26|.55 push ebp ; |<%s>
00407F27|.68 C0D44100 push 0041D4C0 ; |format = "%s%s"
00407F2C|.51 push ecx ; |s
00407F2D|.FF15 C0934100 call [<&MSVCRT.sprintf>] ; \sprintf
00407F33|.8D5424 28 lea edx,
00407F37|.52 push edx ;机器码
00407F38|.53 push ebx
00407F39|.E8 D2000000 call 00408010 ;关键调用
==>-------------------------------------
00408010/$81EC CC000000 sub esp, 0CC
00408016|.8B9424 D0000000 mov edx,
0040801D|.53 push ebx
0040801E|.55 push ebp
0040801F|.56 push esi
00408020|.57 push edi
...
00408062|.74 33 |je short 00408097
00408064|.40 |inc eax
00408065|.83F8 10 |cmp eax, 10
00408068|.^ 7C F2 \jl short 0040805C
0040806A|>BF 68D54100 mov edi, 0041D568 **** ;ASCII "!@#@#SDFG^*&"
0040806F|.83C9 FF or ecx, FFFFFFFF
00408072|.33C0 xor eax, eax
00408074|.F2:AE repne scas byte ptr es:
00408076|.F7D1 not ecx
00408078|.2BF9 sub edi, ecx
0040807A|.8BC1 mov eax, ecx
0040807C|.8BF7 mov esi, edi
0040807E|.8BFA mov edi, edx
00408080|.C1E9 02 shr ecx, 2
00408083|.F3:A5 rep movs dword ptr es:, dword ptr
00408085|.8BC8 mov ecx, eax
00408087|.83E1 03 and ecx, 3
0040808A|.F3:A4 rep movs byte ptr es:, byte ptr
0040808C|.5F pop edi
0040808D|.5E pop esi
0040808E|.5D pop ebp
0040808F|.5B pop ebx
00408090|.81C4 CC000000 add esp, 0CC
00408096|.C3 retn 返回0041d568处存储的字符串"!@#@#SDFG^*&"=>ebx。
-----------------------------------------
00407F3E|.83C4 18 add esp, 18 ;[=>ebx]=!@#@#SDFG^*&
00407F41|.BF D0D14100 mov edi, 0041D1D0 ;ASCII "Clayman"
00407F46|.8BF3 mov esi, ebx ;S-Record.0042E82C
00407F48|>8A0E /mov cl, ;比较"!@#@#SDFG^*&"=="Clayman"??
00407F4A|.8A17 |mov dl,
00407F4C|.8AC1 |mov al, cl
00407F4E|.3ACA |cmp cl, dl
00407F50|.75 1E |jnz short 00407F70 ;不相等跳去检查注册信息
00407F52|.84C0 |test al, al
00407F54|.74 16 |je short 00407F6C ;比较完成且相等,则跳
00407F56|.8A56 01 |mov dl,
00407F59|.8A4F 01 |mov cl,
00407F5C|.8AC2 |mov al, dl
00407F5E|.3AD1 |cmp dl, cl
00407F60|.75 0E |jnz short 00407F70
00407F62|.83C6 02 |add esi, 2
00407F65|.83C7 02 |add edi, 2
00407F68|.84C0 |test al, al
00407F6A|.^ 75 DC \jnz short 00407F48 ;eax=0,跳则检查注册信息
(==>可nop掉这jnz指令,这样只修改两个字节)
00407F6C|>33C0 xor eax, eax
00407F6E|.EB 05 jmp short 00407F75
00407F70|>1BC0 sbb eax, eax
00407F72|.83D8 FF sbb eax, -1
00407F75|>85C0 test eax, eax
00407F77|.74 75 je short 00407FEE ;跳则不检查注册信息?
00407F79|.68 08D54100 push 0041D508 ; /<%s> = "29843710000"
00407F7E|.55 push ebp ; |<%s>
00407F7F|.8D4424 20 lea eax, ; |
00407F83|.68 C0D44100 push 0041D4C0 ; |format = "%s%s"
00407F88|.50 push eax ; |s
00407F89|.FF15 C0934100 call [<&MSVCRT.sprintf>] ; \sprintf
00407F8F|.8D4C24 28 lea ecx,
00407F93|.51 push ecx
00407F94|.53 push ebx
00407F95|.E8 76000000 call 00408010 ;检查注册信息?
00407F9A|.83C4 18 add esp, 18
00407F9D|.BE D0D14100 mov esi, 0041D1D0 ;ASCII "Clayman"
00407FA2|>8A13 /mov dl,
00407FA4|.8A0E |mov cl,
00407FA6|.8AC2 |mov al, dl
00407FA8|.3AD1 |cmp dl, cl
00407FAA|.75 1E |jnz short 00407FCA
00407FAC|.84C0 |test al, al
00407FAE|.74 16 |je short 00407FC6
00407FB0|.8A4B 01 |mov cl,
00407FB3|.8A56 01 |mov dl,
00407FB6|.8AC1 |mov al, cl
00407FB8|.3ACA |cmp cl, dl
00407FBA|.75 0E |jnz short 00407FCA
00407FBC|.83C3 02 |add ebx, 2
00407FBF|.83C6 02 |add esi, 2
00407FC2|.84C0 |test al, al
00407FC4|.^ 75 DC \jnz short 00407FA2
00407FC6|>33C0 xor eax, eax ;注册信息正确
00407FC8|.EB 05 jmp short 00407FCF
00407FCA|>1BC0 sbb eax, eax ;跳这里则注册信息错误
00407FCC|.83D8 FF sbb eax, -1
00407FCF|>85C0 test eax, eax
00407FD1|.75 1B jnz short 00407FEE
00407FD3|.8B5424 10 mov edx,
00407FD7|.5F pop edi
00407FD8|.5E pop esi
00407FD9|.5D pop ebp
00407FDA|.C782 D0000000 01000000 mov dword ptr , 1
00407FE4|.33C0 xor eax, eax
00407FE6|.5B pop ebx
00407FE7|.81C4 D0000000 add esp, 0D0
00407FED|.C3 retn
OK, ==>0041d568-400000=1d568,修改文件偏移1d568处为:Clayman字符串.即破解成功
注:估计0041d568存储的本来就是作者自己测试时用的。
[ 本帖最后由 tigerisme 于 2006-8-26 20:51 编辑 ] 试一下.. 学习一下 呵呵 给菜鸟看这些很迷糊
有的时候发布注册机是最简单会的呵 我们还是看不懂,纯支持了 学习,支持你一下 创新就好啊 这东西..我一安装下来就是破解版的..我没有正式版.不知道在哪下! 谁有正式版的?我估计都绝迹了 路过必顶,谢谢分享。加油
页:
[1]
2