给朋友们WinCHM Pro 系列软件破解特征码
这个特征码是从我分析WinCHM Pro 4.40版中提取出来0055A119 .8BD8 mov ebx,eax
0055A11B .8BC3 mov eax,ebx
0055A11D .83E8 01 sub eax,0x1 ;Switch (cases 0..270F)
0055A120 .72 0B jb Xwinchm22.0055A12D ;不能跳,跳了就是未注册NOP 掉吧
0055A122 .74 17 je Xwinchm22.0055A13B ;最不要跳,因为还有更好的选择 NOP 掉吧
0055A124 .2D 0E270000 sub eax,0x270E
0055A129 .74 21 je Xwinchm22.0055A14C ;修改成无条件跳吧这就最好选择
0055A12B .EB 30 jmp Xwinchm22.0055A15D
0055A12D >A1 E0655C00 mov eax,dword ptr ds: ;Case 0 of switch 0055A11D
0055A132 .33D2 xor edx,edx
0055A134 .E8 F3CBEAFF call winchm22.00406D2C
0055A139 .EB 3E jmp Xwinchm22.0055A179
0055A13B >A1 E0655C00 mov eax,dword ptr ds: ;Case 1 of switch 0055A11D
0055A140 .BA 10A25500 mov edx,winchm22.0055A210 ;UNICODE "Single-user License"
0055A145 .E8 E2CBEAFF call winchm22.00406D2C
0055A14A .EB 2D jmp Xwinchm22.0055A179
0055A14C >A1 E0655C00 mov eax,dword ptr ds: ;Case 270F of switch 0055A11D
0055A151 .BA 44A25500 mov edx,winchm22.0055A244 ;UNICODE "Unlimited-user License"
0055A156 .E8 D1CBEAFF call winchm22.00406D2C
0055A15B .EB 1C jmp Xwinchm22.0055A179
0055A15D >8D55 E8 lea edx,dword ptr ss: ;Default case of switch 0055A11D
0055A160 .8BC3 mov eax,ebx
0055A162 .E8 7DA3EBFF call winchm22.004144E4
0055A167 .8B55 E8 mov edx,dword ptr ss:
0055A16A .A1 E0655C00 mov eax,dword ptr ds:
0055A16F .B9 80A25500 mov ecx,winchm22.0055A280 ;UNICODE "-user License"
0055A174 .E8 6FD0EAFF call winchm22.004071E8
0055A179 >A1 E0655C00 mov eax,dword ptr ds:
0055A17E .8338 00 cmp dword ptr ds:,0x0
0055A181 .75 11 jnz Xwinchm22.0055A194
0055A183 .A1 78685C00 mov eax,dword ptr ds:
0055A188 .BA A8A25500 mov edx,winchm22.0055A2A8 ;UNICODE " "
0055A18D .E8 9ACBEAFF call winchm22.00406D2C
0055A192 .EB 0C jmp Xwinchm22.0055A1A0
0055A194 >A1 78685C00 mov eax,dword ptr ds:
0055A199 .33D2 xor edx,edx
0055A19B .E8 8CCBEAFF call winchm22.00406D2C
0055A1A0 >33C0 xor eax,eax
0055A1A2 .5A pop edx
0055A1A3 .59 pop ecx
0055A1A4 .59 pop ecx
0055A1A5 .64:8910 mov dword ptr fs:,edx
0055A1A8 .68 C2A15500 push winchm22.0055A1C2
0055A1AD >8D45 E8 lea eax,dword ptr ss:
0055A1B0 .BA 05000000 mov edx,0x5
0055A1B5 .E8 6ACBEAFF call winchm22.00406D24
0055A1BA .C3 retn
0055A1BB .^ E9 18B7EAFF jmp winchm22.004058D8
0055A1C0 .^ EB EB jmp Xwinchm22.0055A1AD
0055A1C2 .5F pop edi
0055A1C3 .5E pop esi
0055A1C4 .5B pop ebx
0055A1C5 .8BE5 mov esp,ebp
0055A1C7 .5D pop ebp
0055A1C8 .C3 retn
改成:
0055A119 .8BD8 mov ebx,eax
0055A11B .8BC3 mov eax,ebx
0055A11D .83E8 01 sub eax,0x1 ;Switch (cases 0..270F)
0055A120 90 nop ;不能跳,跳了就是未注册NOP 掉吧
0055A121 90 nop
0055A122 90 nop ;最不要跳,因为还有更好的选择 NOP 掉吧
0055A123 90 nop
0055A124 .2D 0E270000 sub eax,0x270E
0055A129 EB 21 jmp Xwinchm22.0055A14C ;修改成无条件跳吧这就最好选择
0055A12B .EB 30 jmp Xwinchm22.0055A15D
0055A12D >A1 E0655C00 mov eax,dword ptr ds: ;Case 0 of switch 0055A11D
0055A132 .33D2 xor edx,edx
0055A134 .E8 F3CBEAFF call winchm22.00406D2C
0055A139 .EB 3E jmp Xwinchm22.0055A179
0055A13B >A1 E0655C00 mov eax,dword ptr ds: ;Case 1 of switch 0055A11D
0055A140 .BA 10A25500 mov edx,winchm22.0055A210 ;UNICODE "Single-user License"
0055A145 .E8 E2CBEAFF call winchm22.00406D2C
0055A14A .EB 2D jmp Xwinchm22.0055A179
0055A14C >A1 E0655C00 mov eax,dword ptr ds: ;Case 270F of switch 0055A11D
0055A151 .BA 44A25500 mov edx,winchm22.0055A244 ;UNICODE "Unlimited-user License"
0055A156 .E8 D1CBEAFF call winchm22.00406D2C
0055A15B .EB 1C jmp Xwinchm22.0055A179
0055A15D >8D55 E8 lea edx,dword ptr ss: ;Default case of switch 0055A11D
0055A160 .8BC3 mov eax,ebx
0055A162 .E8 7DA3EBFF call winchm22.004144E4
0055A167 .8B55 E8 mov edx,dword ptr ss:
0055A16A .A1 E0655C00 mov eax,dword ptr ds:
0055A16F .B9 80A25500 mov ecx,winchm22.0055A280 ;UNICODE "-user License"
0055A174 .E8 6FD0EAFF call winchm22.004071E8
0055A179 >A1 E0655C00 mov eax,dword ptr ds:
0055A17E .8338 00 cmp dword ptr ds:,0x0
0055A181 .75 11 jnz Xwinchm22.0055A194
0055A183 .A1 78685C00 mov eax,dword ptr ds:
0055A188 .BA A8A25500 mov edx,winchm22.0055A2A8 ;UNICODE " "
0055A18D .E8 9ACBEAFF call winchm22.00406D2C
0055A192 .EB 0C jmp Xwinchm22.0055A1A0
0055A194 >A1 78685C00 mov eax,dword ptr ds:
0055A199 .33D2 xor edx,edx
0055A19B .E8 8CCBEAFF call winchm22.00406D2C
0055A1A0 >33C0 xor eax,eax
0055A1A2 .5A pop edx
0055A1A3 .59 pop ecx
0055A1A4 .59 pop ecx
0055A1A5 .64:8910 mov dword ptr fs:,edx
0055A1A8 .68 C2A15500 push winchm22.0055A1C2
0055A1AD >8D45 E8 lea eax,dword ptr ss:
0055A1B0 .BA 05000000 mov edx,0x5
0055A1B5 .E8 6ACBEAFF call winchm22.00406D24
0055A1BA .C3 retn
0055A1BB .^ E9 18B7EAFF jmp winchm22.004058D8
0055A1C0 .^ EB EB jmp Xwinchm22.0055A1AD
0055A1C2 .5F pop edi
0055A1C3 .5E pop esi
0055A1C4 .5B pop ebx
0055A1C5 .8BE5 mov esp,ebp
0055A1C7 .5D pop ebp
0055A1C8 .C3 retn
运行一下看看如图:
呵呵乍样爆破了吧!!!!!!!!!!!1
那么就在爆码提取特征码吧!我选择的是如图:
对应二进制特征是:
8B D8 8B C3 83 E8 01 72 0B 74 17
好了我们找最新版加载到OD二进制搜一下如图:
是不是和4.40版的结构一样只是一些地址不同而,修改一下如图:
F9运行如图:
呵呵!!!!!!!!!!!我又找了作者其他软件 Softany WordToHelp 3.0
可以搜到如图:
同样修改并运行如图:
呵呵很好玩吧!!!!!小小特征码可以通杀所有版本,和作者的所有软件
谢谢分享呀。。。支持一下呀。哈哈。 小弟我虽然看不懂,不过觉得很强大,支持!
谢谢分享呀。。。支持一下呀。哈哈。 不错,感谢分享。
感觉不错明天试试看 楼主辛苦了 特征码不错,验证跟eax有关,最好在根源上修改eax赋值
支持楼主,支持原创! 0055A15B .EB 1C jmp Xwinchm22.0055A179
--------------------------------------------------------------------------------------------------------------------------------------------------
0055A179 >A1 E0655C00 mov eax,dword ptr ds: :注意这个常量?????????????????
0055A17E .8338 00 cmp dword ptr ds:,0x0
0055A181 .75 11 jnz Xwinchm22.0055A194 :若此处条件不成立,就未注册了
0055A183 .A1 78685C00 mov eax,dword ptr ds:
0055A188 .BA A8A25500 mov edx,winchm22.0055A2A8 ;UNICODE " " 这难道是一次性破解成功?没有其它的暗桩吗?
页:
[1]
2