一个字节干掉DTMM4.1
【文章标题】: 一个字节干掉DTMM4.1【文章作者】: JJDG
【软件名称】: DTMM v4.1
【软件大小】: 1509kb
【下载地址】: 自己搜索下载;sjmzsf.ys168.com
【加壳方式】: N
【使用工具】: PEID OD
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
DTMM是一个简单易用的3维分子模型显示、编辑与构建程序,可以以各种模式显示3维分子,并能进行编辑。
在安装的时候会要求填入相应的信息(我乱填的!^_^),否则就无法继续,装完一运行,弹出对话框:your license file for dtmm is invalid!然后程序自己就挂了!
PEID显示无壳!
打开OD载入,查找字符串,在“your license file for dtmm is invalid”上面双击来到下面:
004A930E|.8B55 F0 MOV EDX,DWORD PTR SS:
004A9311|.B8 54F04B00 MOV EAX,DTMM.004BF054
004A9316|.B9 88944A00 MOV ECX,DTMM.004A9488 ;license.fig<----看来从这里开始是对license进行校验!
004A931B|.E8 FCABF5FF CALL DTMM.00403F1C
004A9320|.68 58F04B00 PUSH DTMM.004BF058
004A9325|.A1 54F04B00 MOV EAX,DWORD PTR DS:
004A932A|.E8 A1ABF5FF CALL DTMM.00403ED0
004A932F|.50 PUSH EAX
004A9330|.B8 54F04B00 MOV EAX,DTMM.004BF054
004A9335|.E8 66ADF5FF CALL DTMM.004040A0
004A933A|.50 PUSH EAX
004A933B|.E8 A8FCFFFF CALL <JMP.&pls_subs.PLS_READFIG>
004A9340|.68 58F04B00 PUSH DTMM.004BF058
004A9345|.E8 A6FCFFFF CALL <JMP.&pls_subs.PLS_CHECKCODE>
004A934A 8325 58F04B00>CMP DWORD PTR DS:,0 <----在这里改!就改一个字节!将CMP改为AND即可!
004A9351 0F85 DA000000 JNZ DTMM.004A9431 <----如果license有问题就跳!
004A9357|.8B06 MOV EAX,DWORD PTR DS:
004A9359|.E8 3672F8FF CALL DTMM.00430594
004A935E|.8B06 MOV EAX,DWORD PTR DS:
004A9360|.BA 9C944A00 MOV EDX,DTMM.004A949C ;desktop molecular modeller
004A9365|.E8 426FF8FF CALL DTMM.004302AC
004A936A|.8B0D 14BA4A00 MOV ECX,DWORD PTR DS: ;DTMM.004BF040
004A9370|.8B06 MOV EAX,DWORD PTR DS:
004A9372|.8B15 C8394A00 MOV EDX,DWORD PTR DS: ;DTMM.004A3A08
004A9378|.E8 2F72F8FF CALL DTMM.004305AC
004A937D|.8B0D 64B84A00 MOV ECX,DWORD PTR DS: ;DTMM.004ADACC
004A9383|.8B06 MOV EAX,DWORD PTR DS:
004A9385|.8B15 34734800 MOV EDX,DWORD PTR DS: ;DTMM.00487374
004A938B|.E8 1C72F8FF CALL DTMM.004305AC
004A9390|.8B0D E4BA4A00 MOV ECX,DWORD PTR DS: ;DTMM.004ADAE4
004A9396|.8B06 MOV EAX,DWORD PTR DS:
004A9398|.8B15 38A24800 MOV EDX,DWORD PTR DS: ;DTMM.0048A278
004A939E|.E8 0972F8FF CALL DTMM.004305AC
004A93A3|.8B0D B8BA4A00 MOV ECX,DWORD PTR DS: ;DTMM.004ADAEC
004A93A9|.8B06 MOV EAX,DWORD PTR DS:
004A93AB|.8B15 E4B04800 MOV EDX,DWORD PTR DS: ;DTMM.0048B124
004A93B1|.E8 F671F8FF CALL DTMM.004305AC
004A93B6|.8B0D 74BB4A00 MOV ECX,DWORD PTR DS: ;DTMM.004ADB30
004A93BC|.8B06 MOV EAX,DWORD PTR DS:
004A93BE|.8B15 88F24900 MOV EDX,DWORD PTR DS: ;DTMM.0049F2C8
004A93C4|.E8 E371F8FF CALL DTMM.004305AC
004A93C9|.8B0D D4B94A00 MOV ECX,DWORD PTR DS: ;DTMM.004ADAF4
004A93CF|.8B06 MOV EAX,DWORD PTR DS:
004A93D1|.8B15 D4B64800 MOV EDX,DWORD PTR DS: ;DTMM.0048B714
004A93D7|.E8 D071F8FF CALL DTMM.004305AC
004A93DC|.8B0D 54B84A00 MOV ECX,DWORD PTR DS: ;DTMM.004ADB08
004A93E2|.8B06 MOV EAX,DWORD PTR DS:
004A93E4|.8B15 78CC4800 MOV EDX,DWORD PTR DS: ;DTMM.0048CCB8
004A93EA|.E8 BD71F8FF CALL DTMM.004305AC
004A93EF|.8B0D 18B94A00 MOV ECX,DWORD PTR DS: ;DTMM.004ADB10
004A93F5|.8B06 MOV EAX,DWORD PTR DS:
004A93F7|.8B15 F8CD4800 MOV EDX,DWORD PTR DS: ;DTMM.0048CE38
004A93FD|.E8 AA71F8FF CALL DTMM.004305AC
004A9402|.8B0D 24B94A00 MOV ECX,DWORD PTR DS: ;DTMM.004BF028
004A9408|.8B06 MOV EAX,DWORD PTR DS:
004A940A|.8B15 30364A00 MOV EDX,DWORD PTR DS: ;DTMM.004A3670
004A9410|.E8 9771F8FF CALL DTMM.004305AC
004A9415|.8B0D 98B94A00 MOV ECX,DWORD PTR DS: ;DTMM.004ADADC
004A941B|.8B06 MOV EAX,DWORD PTR DS:
004A941D|.8B15 68A04800 MOV EDX,DWORD PTR DS: ;DTMM.0048A0A8
004A9423|.E8 8471F8FF CALL DTMM.004305AC
004A9428|.8B06 MOV EAX,DWORD PTR DS:
004A942A|.E8 0972F8FF CALL DTMM.00430638
004A942F|.EB 2B JMP SHORT DTMM.004A945C
004A9431|>833D 58F04B00>CMP DWORD PTR DS:,62 <------从004A9351跳过来的!
004A9438|.75 12 JNZ SHORT DTMM.004A944C <----看来这里是检查license的有效性!如果license有效就继续检测是否到期!否则就跳到显示无效信息处!
004A943A|.6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
004A943C|.6A 00 PUSH 0 ; |Title = NULL
004A943E|.68 B8944A00 PUSH DTMM.004A94B8 ; |your authorisation code has expired <----看来这里是检查license的有效性!
004A9443|.6A 00 PUSH 0 ; |hOwner = NULL
004A9445|.E8 32D4F5FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004A944A|.EB 10 JMP SHORT DTMM.004A945C
004A944C|>6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL <----从004A9438跳过来!
004A944E|.6A 00 PUSH 0 ; |Title = NULL
004A9450|.68 DC944A00 PUSH DTMM.004A94DC ; |your license file for dtmm is invalid <----双击后来到这里!
004A9455|.6A 00 PUSH 0 ; |hOwner = NULL
004A9457|.E8 20D4F5FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
将004A934A 8325 58F04B00>CMP DWORD PTR DS:,0 改为:004A934A 8325 58F04B00>AND DWORD PTR DS:,0 即可!
这样一来,DS的值就置0了,怎么也不可能出现jnz的情况了!F9试试,哈哈直接就进去了!
OK!将修改保存一下吧!
2006年08月15日 21:44:24 楼主兄弟把cmp都改了,绝呀~
下次找个软件也试试。。。
纠错
;) 原帖由 jjdg 于 2006-8-15 22:36 发表……
将004A934A 8325 58F04B00>CMP DWORD PTR DS:,0 改为:004A934A 8325 58F04B00>AND DWORD PTR DS:,0 即可!
其中代码
004A934A 8325 58F04B00>CMP DWORD PTR DS:,0
应该为
004A934A 833D 58F04B00>CMP DWORD PTR DS:,0
[ 本帖最后由 ZHOU2X 于 2006-9-2 13:03 编辑 ]
页:
[1]