超级RM转换大师 V1.10破解教程
超级RM转换大师 V1.10破解教程下载地址:http://www.skycn.com/soft/53413.html
查壳:Borland Delphi 6.0 - 7.0
对话框错误提示:注册失败,请检查用户名与注册码!
查找ASCII:注册失败,请检查用户名与注册码!
双击来到:
004BFB14 $55 push ebp
004BFB15 .8BEC mov ebp, esp
004BFB17 .33C9 xor ecx, ecx
004BFB19 .51 push ecx
004BFB1A .51 push ecx
004BFB1B .51 push ecx
004BFB1C .51 push ecx
004BFB1D .51 push ecx
004BFB1E .53 push ebx
004BFB1F .56 push esi
004BFB20 .57 push edi
004BFB21 .8945 FC mov dword ptr , eax
004BFB24 .33C0 xor eax, eax
004BFB26 .55 push ebp
004BFB27 .68 65FC4B00 push 004BFC65
004BFB2C .64:FF30 push dword ptr fs:
004BFB2F .64:8920 mov dword ptr fs:, esp
004BFB32 .8B45 FC mov eax, dword ptr
004BFB35 .E8 92020000 call 004BFDCC ;关键CALL,F7跟进》》》》》》》》》》》》》》》》》》》》
004BFB3A .84C0 test al, al
004BFB3C 0F84 DB000000 je 004BFC1D ;关键跳
004BFB42 .33C0 xor eax, eax
004BFB44 .55 push ebp
004BFB45 .68 01FC4B00 push 004BFC01
004BFB4A .64:FF30 push dword ptr fs:
004BFB4D .64:8920 mov dword ptr fs:, esp
004BFB50 .B2 01 mov dl, 1
004BFB52 .A1 00B84300 mov eax, dword ptr
004BFB57 .E8 A4BDF7FF call 0043B900
004BFB5C .8BD8 mov ebx, eax
004BFB5E .BA 02000080 mov edx, 80000002
004BFB63 .8BC3 mov eax, ebx
004BFB65 .E8 36BEF7FF call 0043B9A0
004BFB6A .B1 01 mov cl, 1
004BFB6C .BA 7CFC4B00 mov edx, 004BFC7C ;software\zy\conver
004BFB71 .8BC3 mov eax, ebx
004BFB73 .E8 8CBEF7FF call 0043BA04
004BFB78 .8D55 F4 lea edx, dword ptr
004BFB7B .8B45 FC mov eax, dword ptr
004BFB7E .8B80 20030000 mov eax, dword ptr
004BFB84 .E8 4349FAFF call 004644CC
004BFB89 .8B45 F4 mov eax, dword ptr
004BFB8C .8D55 F8 lea edx, dword ptr
004BFB8F .E8 F08BF4FF call 00408784
004BFB94 .8B4D F8 mov ecx, dword ptr
004BFB97 .BA 98FC4B00 mov edx, 004BFC98 ;name
004BFB9C .8BC3 mov eax, ebx
004BFB9E .E8 FDBFF7FF call 0043BBA0
004BFBA3 .8D55 EC lea edx, dword ptr
004BFBA6 .8B45 FC mov eax, dword ptr
004BFBA9 .8B80 24030000 mov eax, dword ptr
004BFBAF .E8 1849FAFF call 004644CC
004BFBB4 .8B45 EC mov eax, dword ptr
004BFBB7 .8D55 F0 lea edx, dword ptr
004BFBBA .E8 C58BF4FF call 00408784
004BFBBF .8B4D F0 mov ecx, dword ptr
004BFBC2 .BA A8FC4B00 mov edx, 004BFCA8 ;pass
004BFBC7 .8BC3 mov eax, ebx
004BFBC9 .E8 D2BFF7FF call 0043BBA0
004BFBCE .8BC3 mov eax, ebx
004BFBD0 .E8 CB38F4FF call 004034A0
004BFBD5 .6A 40 push 40
004BFBD7 .68 B0FC4B00 push 004BFCB0 ;软件注册
004BFBDC .68 BCFC4B00 push 004BFCBC ;注册成功, 下次启动本软件将解除所有限制功能!
004BFBE1 .8B45 FC mov eax, dword ptr
004BFBE4 .E8 CBB0FAFF call 0046ACB4
004BFBE9 .50 push eax ; |hOwner
004BFBEA .E8 A574F4FF call <jmp.&user32.MessageBoxA> ; \调用注册成功对话框
004BFBEF .8B45 FC mov eax, dword ptr
004BFBF2 .E8 590FFCFF call 00480B50
004BFBF7 .33C0 xor eax, eax
004BFBF9 .5A pop edx
004BFBFA .59 pop ecx
004BFBFB .59 pop ecx
004BFBFC .64:8910 mov dword ptr fs:, edx
004BFBFF .EB 36 jmp short 004BFC37
004BFC01 .^ E9 7A3DF4FF jmp 00403980
004BFC06 .8B45 FC mov eax, dword ptr
004BFC09 .E8 420FFCFF call 00480B50
004BFC0E .8B45 FC mov eax, dword ptr
004BFC11 .E8 F6000000 call 004BFD0C
004BFC16 .E8 CD40F4FF call 00403CE8
004BFC1B .EB 1A jmp short 004BFC37
004BFC1D >6A 40 push 40
004BFC1F .68 B0FC4B00 push 004BFCB0 ;软件注册
004BFC24 .68 ECFC4B00 push 004BFCEC ;注册失败,请检查用户名与注册码!
004BFC29 .8B45 FC mov eax, dword ptr
004BFC2C .E8 83B0FAFF call 0046ACB4
004BFC31 .50 push eax ; |hOwner
004BFC32 .E8 5D74F4FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004BFC37 >33C0 xor eax, eax
004BFC39 .5A pop edx
004BFC3A .59 pop ecx
004BFC3B .59 pop ecx
004BFC3C .64:8910 mov dword ptr fs:, edx
004BFC3F .68 6CFC4B00 push 004BFC6C
004BFC44 >8D45 EC lea eax, dword ptr
004BFC47 .E8 8846F4FF call 004042D4
004BFC4C .8D45 F0 lea eax, dword ptr
004BFC4F .E8 8046F4FF call 004042D4
004BFC54 .8D45 F4 lea eax, dword ptr
004BFC57 .E8 7846F4FF call 004042D4
004BFC5C .8D45 F8 lea eax, dword ptr
004BFC5F .E8 7046F4FF call 004042D4
004BFC64 .C3 retn
004BFC65 .^ E9 CA3FF4FF jmp 00403C34
004BFC6A .^ EB D8 jmp short 004BFC44
004BFC6C .5F pop edi
004BFC6D .5E pop esi
004BFC6E .5B pop ebx
004BFC6F .8BE5 mov esp, ebp
004BFC71 .5D pop ebp
004BFC72 .C3 retn
》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》
004BFDCC/$55 push ebp ;F8
004BFDCD|.8BEC mov ebp, esp
004BFDCF|.B9 04000000 mov ecx, 4
004BFDD4|>6A 00 /push 0
004BFDD6|.6A 00 |push 0
004BFDD8|.49 |dec ecx
004BFDD9|.^ 75 F9 \jnz short 004BFDD4
004BFDDB|.51 push ecx ;F4执行到选定位置
004BFDDC|.53 push ebx
004BFDDD|.56 push esi
004BFDDE|.8BF0 mov esi, eax
004BFDE0|.33C0 xor eax, eax
004BFDE2|.55 push ebp
004BFDE3|.68 E1FE4B00 push 004BFEE1
004BFDE8|.64:FF30 push dword ptr fs:
004BFDEB|.64:8920 mov dword ptr fs:, esp
004BFDEE|.8D55 F8 lea edx, dword ptr
004BFDF1|.8B86 24030000 mov eax, dword ptr
004BFDF7|.E8 D046FAFF call 004644CC ;读取假码
004BFDFC|.8B45 F8 mov eax, dword ptr
004BFDFF|.8D55 FC lea edx, dword ptr
004BFE02|.E8 7D89F4FF call 00408784
004BFE07|.8B45 FC mov eax, dword ptr
004BFE0A|.50 push eax
004BFE0B|.8D55 EC lea edx, dword ptr
004BFE0E|.8B86 20030000 mov eax, dword ptr
004BFE14|.E8 B346FAFF call 004644CC ;读取用户名
004BFE19|.8B45 EC mov eax, dword ptr
004BFE1C|.8D55 F0 lea edx, dword ptr
004BFE1F|.E8 6089F4FF call 00408784
004BFE24|.8B55 F0 mov edx, dword ptr
004BFE27|.8D4D F4 lea ecx, dword ptr
004BFE2A|.8BC6 mov eax, esi
004BFE2C|.E8 03010000 call 004BFF34 ;读取机器码
004BFE31|.8B55 F4 mov edx, dword ptr ;注册码出现
破解方法②:
OD载入目标程序,F9运行,输入假码,不要点击确定,在命令行下消息断点:bp MessageBoxA 回车 , 然后点击确定,断下来后,在OD右下角的堆栈里面就可以找到注册码了,当然断下来的位置是关键CALL,F7跟进也可以找到注册码,方法同上。。。
注册信息:
用户名:Loader
注册码:RMCo-2756nv268-4616
注册表位置:HKEY_LOCAL_MACHINE\SOFTWARE\zy\Conver
BY:Loader
[ 本帖最后由 樊盟 于 2009-3-25 20:44 编辑 ] 好像不难哦``
试下` 支持原创,学习了/:001 虽然简单,还是顶一下 写的很详细 谢谢~~ 学习了,谢谢。。。。。。。。。 关键call进去直接 mov al,*
retn
应该更简单 也学习下,好像不是很困难 谢谢了,我终于学会了 支持LZ,学习了~