- UID
- 40679
注册时间2007-12-7
阅读权限20
最后登录1970-1-1
以武会友
该用户从未签到
|
【破文标题】Offline Explorer Enterprise 5.0.2780 不完美爆破
【破文作者】Ptsos
【作者邮箱】@@@
【作者主页】@@@
【破解工具】PEiD、OD
【破解平台】WINXP SP2
【软件名称】Offline Explorer Enterprise 5.0.2780 绿色多语版
【软件大小】4.98 MB
【原版下载】http://www.xdowns.com/soft/1/69/2006/Soft_31643.html
【保护方式】注册码
【软件简介】相当方便使用的离线浏览工具,可排定抓取时间、设定Proxy,也可选择抓取的项目及大小,可自设下载的存放位置、及存放的空间限制。它内置浏览程序、可直接浏览或是使用自己喜欢的浏览器来浏览、且更可直接以全浏览窗切换来作网上浏览,另它对于抓取的网站更有MAP的提供、可更清楚整个网站的连结及目录结构。
【破解声明】比较简单,仅作为个人学习之用,高手飘过!
------------------------------------------------------------------------
【破解过程】
1、用PEiD查壳,为ASPack 2.12b -> Alexey Solodovnikov [Overlay]
2、试注册软件,有错误提示“sorry, registration information is invalid.”,并且软件标题有“未注册”字样,这些都可以作为突破口
3、OD载入,F9运行,CTRL+G,输入 401000 后确定,查找字符串,发现很多有用的信息
4、双击“thank you for registering!”处,来到这里:
008AE9CB BA 0CED8A00 mov edx, 008AED0C ; thank you for registering!
5、CTRL+A分析一下代码,在008AE864处下断,输入假码,程序被断下,F8单步走
008AE864 /$ 55 push ebp ; 》这里下断
008AE865 |. 8BEC mov ebp, esp
008AE867 |. B9 07000000 mov ecx, 7
008AE86C |> 6A 00 /push 0
008AE86E |. 6A 00 |push 0
008AE870 |. 49 |dec ecx
008AE871 |.^ 75 F9 \jnz short 008AE86C
008AE873 |. 53 push ebx
008AE874 |. 56 push esi
008AE875 |. 57 push edi
008AE876 |. 8BF2 mov esi, edx
008AE878 |. 8BD8 mov ebx, eax
008AE87A |. 33C0 xor eax, eax
008AE87C |. 55 push ebp
008AE87D |. 68 E6EC8A00 push 008AECE6
008AE882 |. 64:FF30 push dword ptr fs:[eax]
008AE885 |. 64:8920 mov dword ptr fs:[eax], esp
008AE888 |. 8D45 FC lea eax, dword ptr [ebp-4]
008AE88B |. E8 786EB5FF call 00405708
008AE890 |. 8D55 F8 lea edx, dword ptr [ebp-8]
008AE893 |. 8B83 24030000 mov eax, dword ptr [ebx+324]
008AE899 |. 8B80 20020000 mov eax, dword ptr [eax+220]
008AE89F |. 8B08 mov ecx, dword ptr [eax]
008AE8A1 |. FF51 1C call dword ptr [ecx+1C]
008AE8A4 |. 8D45 F4 lea eax, dword ptr [ebp-C]
008AE8A7 |. 50 push eax
008AE8A8 |. 8D4D F8 lea ecx, dword ptr [ebp-8]
008AE8AB |. 8D55 FC lea edx, dword ptr [ebp-4]
008AE8AE |. A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AE8B3 |. 8B00 mov eax, dword ptr [eax]
008AE8B5 |. E8 BA680600 call 00915174 ; 》关键CALL,F7跟进
008AE8BA |. 84C0 test al, al ; 》标志位比较
008AE8BC |. 0F84 3D010000 je 008AE9FF ; 》关键跳
008AE8C2 |. A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AE8C7 |. 8B00 mov eax, dword ptr [eax]
008AE8C9 |. C680 D00B0000>mov byte ptr [eax+BD0], 1
008AE8D0 |. A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AE8D5 |. 8B00 mov eax, dword ptr [eax]
008AE8D7 |. 05 D40B0000 add eax, 0BD4
008AE8DC |. 8B55 FC mov edx, dword ptr [ebp-4]
008AE8DF |. E8 786EB5FF call 0040575C
008AE8E4 |. A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AE8E9 |. 8B00 mov eax, dword ptr [eax]
008AE8EB |. 05 D80B0000 add eax, 0BD8
008AE8F0 |. 8B55 F8 mov edx, dword ptr [ebp-8]
008AE8F3 |. E8 646EB5FF call 0040575C
008AE8F8 |. 8BBB 24030000 mov edi, dword ptr [ebx+324]
008AE8FE |. 807F 57 00 cmp byte ptr [edi+57], 0
008AE902 |. 74 22 je short 008AE926
008AE904 |. 8D55 F0 lea edx, dword ptr [ebp-10]
008AE907 |. 8B87 20020000 mov eax, dword ptr [edi+220]
008AE90D |. 8B08 mov ecx, dword ptr [eax]
008AE90F |. FF51 1C call dword ptr [ecx+1C]
008AE912 |. 8B4D F0 mov ecx, dword ptr [ebp-10]
008AE915 |. A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AE91A |. 8B00 mov eax, dword ptr [eax]
008AE91C |. 8B55 FC mov edx, dword ptr [ebp-4]
008AE91F |. E8 6C680600 call 00915190
008AE924 |. EB 12 jmp short 008AE938
008AE926 |> A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AE92B |. 8B00 mov eax, dword ptr [eax]
008AE92D |. 8B4D F8 mov ecx, dword ptr [ebp-8]
008AE930 |. 8B55 FC mov edx, dword ptr [ebp-4]
008AE933 |. E8 58680600 call 00915190
008AE938 |> 6A 40 push 40
008AE93A |. FFB3 2C030000 push dword ptr [ebx+32C]
008AE940 |. A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AE945 |. 8B00 mov eax, dword ptr [eax]
008AE947 |. 8B80 E8030000 mov eax, dword ptr [eax+3E8]
008AE94D |. 8B40 4C mov eax, dword ptr [eax+4C]
008AE950 |. 33D2 xor edx, edx
008AE952 |. E8 B907C0FF call 004AF110
008AE957 |. 0FB7C0 movzx eax, ax
008AE95A |. 8D55 E8 lea edx, dword ptr [ebp-18]
008AE95D |. E8 EED6B5FF call 0040C050
008AE962 |. FF75 E8 push dword ptr [ebp-18]
008AE965 |. 68 FCEC8A00 push 008AECFC ; .
008AE96A |. A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AE96F |. 8B00 mov eax, dword ptr [eax]
008AE971 |. 8B80 E8030000 mov eax, dword ptr [eax+3E8]
008AE977 |. 8B40 4C mov eax, dword ptr [eax+4C]
008AE97A |. BA 01000000 mov edx, 1
008AE97F |. E8 8C07C0FF call 004AF110
008AE984 |. 0FB7C0 movzx eax, ax
008AE987 |. 8D55 E4 lea edx, dword ptr [ebp-1C]
008AE98A |. E8 C1D6B5FF call 0040C050
008AE98F |. FF75 E4 push dword ptr [ebp-1C]
008AE992 |. 68 08ED8A00 push 008AED08
008AE997 |. 8D4D E0 lea ecx, dword ptr [ebp-20]
008AE99A |. A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AE99F |. 8B00 mov eax, dword ptr [eax]
008AE9A1 |. 8B80 E8030000 mov eax, dword ptr [eax+3E8]
008AE9A7 |. BA 09000000 mov edx, 9
008AE9AC |. E8 0F0DC0FF call 004AF6C0
008AE9B1 |. FF75 E0 push dword ptr [ebp-20]
008AE9B4 |. 8D45 EC lea eax, dword ptr [ebp-14]
008AE9B7 |. BA 06000000 mov edx, 6
008AE9BC |. E8 D770B5FF call 00405A98
008AE9C1 |. 8B45 EC mov eax, dword ptr [ebp-14]
008AE9C4 |. E8 0F72B5FF call 00405BD8
008AE9C9 |. 8BC8 mov ecx, eax
008AE9CB |. BA 0CED8A00 mov edx, 008AED0C ; thank you for registering!
008AE9D0 |. A1 6CB69A00 mov eax, dword ptr [9AB66C]
008AE9D5 |. 8B00 mov eax, dword ptr [eax]
008AE9D7 |. E8 04EBBFFF call 004AD4E0
008AE9DC |. 85F6 test esi, esi
008AE9DE |. 0F85 E7020000 jnz 008AECCB
008AE9E4 |. 6A 00 push 0
008AE9E6 |. 6A 00 push 0
008AE9E8 |. 68 67040000 push 467
008AE9ED |. 8BC3 mov eax, ebx
008AE9EF |. E8 0445BEFF call 00492EF8
008AE9F4 |. 50 push eax ; |hWnd
008AE9F5 |. E8 FEB8B5FF call 0040A2F8 ; \PostMessageA
008AE9FA |. E9 CC020000 jmp 008AECCB
008AE9FF |> A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AEA04 |. 8B00 mov eax, dword ptr [eax]
008AEA06 |. 80B8 8C0C0000>cmp byte ptr [eax+C8C], 0
008AEA0D |. 0F84 5C010000 je 008AEB6F
008AEA13 |. A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AEA18 |. 8B00 mov eax, dword ptr [eax]
008AEA1A |. 80B8 D00B0000>cmp byte ptr [eax+BD0], 0
008AEA21 |. 0F85 2A010000 jnz 008AEB51
008AEA27 |. 6A 34 push 34
008AEA29 |. 68 28ED8A00 push 008AED28 ; information
008AEA2E |. 68 3CED8A00 push 008AED3C ; sorry, but your license is valid only for 1.x - 4.x versions of
008AEA33 |. FFB3 2C030000 push dword ptr [ebx+32C]
008AEA39 |. 68 88ED8A00 push 008AED88 ; .\n\n\n\n
008AEA3E |. 68 98ED8A00 push 008AED98 ; you must purchase a new license for 5.x versions.
008AEA43 |. 68 D4ED8A00 push 008AEDD4 ; \n\n\n\n
008AEA48 |. 68 E4ED8A00 push 008AEDE4 ; do you want to order the new version now (with a 50% discount)?
008AEA4D |. 8D45 DC lea eax, dword ptr [ebp-24]
008AEA50 |. BA 06000000 mov edx, 6
008AEA55 |. E8 3E70B5FF call 00405A98
008AEA5A |. 8B45 DC mov eax, dword ptr [ebp-24]
008AEA5D |. E8 7671B5FF call 00405BD8
008AEA62 |. 50 push eax
008AEA63 |. 8BC3 mov eax, ebx
008AEA65 |. E8 8E44BEFF call 00492EF8
008AEA6A |. 50 push eax ; |hOwner
008AEA6B |. E8 48B8B5FF call 0040A2B8 ; \MessageBoxA
008AEA70 |. 83F8 06 cmp eax, 6
008AEA73 |. 0F85 D8000000 jnz 008AEB51
008AEA79 |. 8B45 F4 mov eax, dword ptr [ebp-C]
008AEA7C |. BA 2CEE8A00 mov edx, 008AEE2C ; oe
008AEA81 |. E8 9E70B5FF call 00405B24
008AEA86 |. 75 22 jnz short 008AEAAA
008AEA88 |. 6A 01 push 1 ; /IsShown = 1
008AEA8A |. 6A 00 push 0 ; |DefDir = NULL
008AEA8C |. 6A 00 push 0 ; |Parameters = NULL
008AEA8E |. 68 30EE8A00 push 008AEE30 ; |http://www.metaproducts.com/mp/mpcart.asp?action=add&;id=offline_explorer&coupon=o50eupg
008AEA93 |. 6A 00 push 0 ; |Operation = NULL
008AEA95 |. A1 6CB69A00 mov eax, dword ptr [9AB66C] ; |
008AEA9A |. 8B00 mov eax, dword ptr [eax] ; |
008AEA9C |. 8B40 30 mov eax, dword ptr [eax+30] ; |
008AEA9F |. 50 push eax ; |hWnd
008AEAA0 |. E8 57EFB8FF call 0043D9FC ; \ShellExecuteA
008AEAA5 |. E9 A7000000 jmp 008AEB51
008AEAAA |> 8B45 F4 mov eax, dword ptr [ebp-C]
008AEAAD |. BA 90EE8A00 mov edx, 008AEE90 ; oep
008AEAB2 |. E8 6D70B5FF call 00405B24
008AEAB7 |. 75 1F jnz short 008AEAD8
008AEAB9 |. 6A 01 push 1 ; /IsShown = 1
008AEABB |. 6A 00 push 0 ; |DefDir = NULL
008AEABD |. 6A 00 push 0 ; |Parameters = NULL
008AEABF |. 68 94EE8A00 push 008AEE94 ; |http://www.metaproducts.com/mp/mpcart.asp?action=add&;id=offline_explorer_pro&coupon=o50epupg
008AEAC4 |. 6A 00 push 0 ; |Operation = NULL
008AEAC6 |. A1 6CB69A00 mov eax, dword ptr [9AB66C] ; |
008AEACB |. 8B00 mov eax, dword ptr [eax] ; |
008AEACD |. 8B40 30 mov eax, dword ptr [eax+30] ; |
008AEAD0 |. 50 push eax ; |hWnd
008AEAD1 |. E8 26EFB8FF call 0043D9FC ; \ShellExecuteA
008AEAD6 |. EB 79 jmp short 008AEB51
008AEAD8 |> 8B45 F4 mov eax, dword ptr [ebp-C]
008AEADB |. BA FCEE8A00 mov edx, 008AEEFC ; oee
008AEAE0 |. E8 3F70B5FF call 00405B24
008AEAE5 |. 75 1F jnz short 008AEB06
008AEAE7 |. 6A 01 push 1 ; /IsShown = 1
008AEAE9 |. 6A 00 push 0 ; |DefDir = NULL
008AEAEB |. 6A 00 push 0 ; |Parameters = NULL
008AEAED |. 68 00EF8A00 push 008AEF00 ; |http://www.metaproducts.com/mp/mpcart.asp?action=add&;id=offline_explorer_enterprise&coupon=o50eeupg
008AEAF2 |. 6A 00 push 0 ; |Operation = NULL
008AEAF4 |. A1 6CB69A00 mov eax, dword ptr [9AB66C] ; |
008AEAF9 |. 8B00 mov eax, dword ptr [eax] ; |
008AEAFB |. 8B40 30 mov eax, dword ptr [eax+30] ; |
008AEAFE |. 50 push eax ; |hWnd
008AEAFF |. E8 F8EEB8FF call 0043D9FC ; \ShellExecuteA
008AEB04 |. EB 4B jmp short 008AEB51
008AEB06 |> 8B45 F4 mov eax, dword ptr [ebp-C]
008AEB09 |. BA 6CEF8A00 mov edx, 008AEF6C ; pob
008AEB0E |. E8 1170B5FF call 00405B24
008AEB13 |. 75 1F jnz short 008AEB34
008AEB15 |. 6A 01 push 1 ; /IsShown = 1
008AEB17 |. 6A 00 push 0 ; |DefDir = NULL
008AEB19 |. 6A 00 push 0 ; |Parameters = NULL
008AEB1B |. 68 70EF8A00 push 008AEF70 ; |http://www.metaproducts.com/mp/mpcart.asp?action=add&;id=portable_offline_browser&coupon=p50obupg
008AEB20 |. 6A 00 push 0 ; |Operation = NULL
008AEB22 |. A1 6CB69A00 mov eax, dword ptr [9AB66C] ; |
008AEB27 |. 8B00 mov eax, dword ptr [eax] ; |
008AEB29 |. 8B40 30 mov eax, dword ptr [eax+30] ; |
008AEB2C |. 50 push eax ; |hWnd
008AEB2D |. E8 CAEEB8FF call 0043D9FC ; \ShellExecuteA
008AEB32 |. EB 1D jmp short 008AEB51
008AEB34 |> 6A 01 push 1 ; /IsShown = 1
008AEB36 |. 6A 00 push 0 ; |DefDir = NULL
008AEB38 |. 6A 00 push 0 ; |Parameters = NULL
008AEB3A |. 68 D4EF8A00 push 008AEFD4 ; |http://www.metaproducts.com/mp/mpstore.asp
008AEB3F |. 6A 00 push 0 ; |Operation = NULL
008AEB41 |. A1 6CB69A00 mov eax, dword ptr [9AB66C] ; |
008AEB46 |. 8B00 mov eax, dword ptr [eax] ; |
008AEB48 |. 8B40 30 mov eax, dword ptr [eax+30] ; |
008AEB4B |. 50 push eax ; |hWnd
008AEB4C |. E8 ABEEB8FF call 0043D9FC ; \ShellExecuteA
008AEB51 |> 85F6 test esi, esi
008AEB53 |. 0F85 72010000 jnz 008AECCB
008AEB59 |. 8B83 24030000 mov eax, dword ptr [ebx+324]
008AEB5F |. 8B80 20020000 mov eax, dword ptr [eax+220]
008AEB65 |. 8B10 mov edx, dword ptr [eax]
008AEB67 |. FF52 44 call dword ptr [edx+44]
008AEB6A |. E9 5C010000 jmp 008AECCB
008AEB6F |> 8B45 F4 mov eax, dword ptr [ebp-C]
008AEB72 |. BA 2CEE8A00 mov edx, 008AEE2C ; oe
008AEB77 |. E8 A86FB5FF call 00405B24
008AEB7C |. 75 0F jnz short 008AEB8D
008AEB7E |. 8D45 F4 lea eax, dword ptr [ebp-C]
008AEB81 |. BA 08F08A00 mov edx, 008AF008 ; \n\nthis code is for offline explorer (standard) version only.
008AEB86 |. E8 156CB5FF call 004057A0
008AEB8B |. EB 62 jmp short 008AEBEF
008AEB8D |> 8B45 F4 mov eax, dword ptr [ebp-C]
008AEB90 |. BA 90EE8A00 mov edx, 008AEE90 ; oep
008AEB95 |. E8 8A6FB5FF call 00405B24
008AEB9A |. 75 0F jnz short 008AEBAB
008AEB9C |. 8D45 F4 lea eax, dword ptr [ebp-C]
008AEB9F |. BA 50F08A00 mov edx, 008AF050 ; \n\nthis code is for offline explorer pro version only.
008AEBA4 |. E8 F76BB5FF call 004057A0
008AEBA9 |. EB 44 jmp short 008AEBEF
008AEBAB |> 8B45 F4 mov eax, dword ptr [ebp-C]
008AEBAE |. BA FCEE8A00 mov edx, 008AEEFC ; oee
008AEBB3 |. E8 6C6FB5FF call 00405B24
008AEBB8 |. 75 0F jnz short 008AEBC9
008AEBBA |. 8D45 F4 lea eax, dword ptr [ebp-C]
008AEBBD |. BA 90F08A00 mov edx, 008AF090 ; \n\nthis code is for offline explorer enterprise version only.
008AEBC2 |. E8 D96BB5FF call 004057A0
008AEBC7 |. EB 26 jmp short 008AEBEF
008AEBC9 |> 8B45 F4 mov eax, dword ptr [ebp-C]
008AEBCC |. BA 6CEF8A00 mov edx, 008AEF6C ; pob
008AEBD1 |. E8 4E6FB5FF call 00405B24
008AEBD6 |. 75 0F jnz short 008AEBE7
008AEBD8 |. 8D45 F4 lea eax, dword ptr [ebp-C]
008AEBDB |. BA D8F08A00 mov edx, 008AF0D8 ; \n\nthis code is for portable offline browser version only.
008AEBE0 |. E8 BB6BB5FF call 004057A0
008AEBE5 |. EB 08 jmp short 008AEBEF
008AEBE7 |> 8D45 F4 lea eax, dword ptr [ebp-C]
008AEBEA |. E8 196BB5FF call 00405708
008AEBEF |> 85F6 test esi, esi
008AEBF1 |. 75 0A jnz short 008AEBFD
008AEBF3 |. 837D F4 00 cmp dword ptr [ebp-C], 0
008AEBF7 |. 0F84 B9000000 je 008AECB6
008AEBFD |> 6A 10 push 10
008AEBFF |. FFB3 2C030000 push dword ptr [ebx+32C]
008AEC05 |. A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AEC0A |. 8B00 mov eax, dword ptr [eax]
008AEC0C |. 8B80 E8030000 mov eax, dword ptr [eax+3E8]
008AEC12 |. 8B40 4C mov eax, dword ptr [eax+4C]
008AEC15 |. 33D2 xor edx, edx
008AEC17 |. E8 F404C0FF call 004AF110
008AEC1C |. 0FB7C0 movzx eax, ax
008AEC1F |. 8D55 D4 lea edx, dword ptr [ebp-2C]
008AEC22 |. E8 29D4B5FF call 0040C050
008AEC27 |. FF75 D4 push dword ptr [ebp-2C]
008AEC2A |. 68 FCEC8A00 push 008AECFC ; .
008AEC2F |. A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AEC34 |. 8B00 mov eax, dword ptr [eax]
008AEC36 |. 8B80 E8030000 mov eax, dword ptr [eax+3E8]
008AEC3C |. 8B40 4C mov eax, dword ptr [eax+4C]
008AEC3F |. BA 01000000 mov edx, 1
008AEC44 |. E8 C704C0FF call 004AF110
008AEC49 |. 0FB7C0 movzx eax, ax
008AEC4C |. 8D55 D0 lea edx, dword ptr [ebp-30]
008AEC4F |. E8 FCD3B5FF call 0040C050
008AEC54 |. FF75 D0 push dword ptr [ebp-30]
008AEC57 |. 68 08ED8A00 push 008AED08
008AEC5C |. 8D4D CC lea ecx, dword ptr [ebp-34]
008AEC5F |. A1 50AE9A00 mov eax, dword ptr [9AAE50]
008AEC64 |. 8B00 mov eax, dword ptr [eax]
008AEC66 |. 8B80 E8030000 mov eax, dword ptr [eax+3E8]
008AEC6C |. BA 09000000 mov edx, 9
008AEC71 |. E8 4A0AC0FF call 004AF6C0
008AEC76 |. FF75 CC push dword ptr [ebp-34]
008AEC79 |. 8D45 D8 lea eax, dword ptr [ebp-28]
008AEC7C |. BA 06000000 mov edx, 6
008AEC81 |. E8 126EB5FF call 00405A98
008AEC86 |. 8B45 D8 mov eax, dword ptr [ebp-28]
008AEC89 |. E8 4A6FB5FF call 00405BD8
008AEC8E |. 50 push eax
008AEC8F |. 8D45 C8 lea eax, dword ptr [ebp-38]
008AEC92 |. 8B4D F4 mov ecx, dword ptr [ebp-C]
008AEC95 |. BA 1CF18A00 mov edx, 008AF11C ; sorry, registration information is invalid.
008AEC9A |. E8 856DB5FF call 00405A24
008AEC9F |. 8B45 C8 mov eax, dword ptr [ebp-38]
008AECA2 |. E8 316FB5FF call 00405BD8
008AECA7 |. 8BD0 mov edx, eax
008AECA9 |. A1 6CB69A00 mov eax, dword ptr [9AB66C]
008AECAE |. 8B00 mov eax, dword ptr [eax]
008AECB0 |. 59 pop ecx
008AECB1 |. E8 2AE8BFFF call 004AD4E0
008AECB6 |> 85F6 test esi, esi
008AECB8 |. 75 11 jnz short 008AECCB
008AECBA |. 8B83 24030000 mov eax, dword ptr [ebx+324]
008AECC0 |. 8B80 20020000 mov eax, dword ptr [eax+220]
008AECC6 |. 8B10 mov edx, dword ptr [eax]
008AECC8 |. FF52 44 call dword ptr [edx+44]
008AECCB |> 33C0 xor eax, eax
008AECCD |. 5A pop edx
008AECCE |. 59 pop ecx
008AECCF |. 59 pop ecx
008AECD0 |. 64:8910 mov dword ptr fs:[eax], edx
008AECD3 |. 68 EDEC8A00 push 008AECED
008AECD8 |> 8D45 C8 lea eax, dword ptr [ebp-38]
008AECDB |. BA 0E000000 mov edx, 0E
008AECE0 |. E8 476AB5FF call 0040572C
008AECE5 \. C3 retn
6、跟进008AE8B5处的CALL
00915174 55 push ebp ; 》有3处调用
00915175 8BEC mov ebp, esp
00915177 |. 05 8C0C0000 add eax, 0C8C
0091517C |. 50 push eax
0091517D |. 6A 00 push 0
0091517F |. 8BC2 mov eax, edx
00915181 |. 8BD1 mov edx, ecx
00915183 |. 8B4D 08 mov ecx, dword ptr [ebp+8]
00915186 |. E8 75EEFFFF call 00914000 ; 》算法CALL,进去了但没弄明白
0091518B |. 5D pop ebp
0091518C \. C2 0400 retn 4
7、既然是标志位比较,想爆破,我们就用比较经典的方法;
修改
00915174 /$ 55 push ebp
00915175 |. 8BEC mov ebp, esp
为
00915174 B0 01 mov al, 1
00915176 C3 retn
8、制作LOADER:
9、用LOADER运行软件,比较一下:
破解前:
破解后:
10、其实在下载软件的时候,网站已经为我们提供了一组注册码:
dqmaHxN/vQypmgAlBqHWaiKNKHeZdHoHJBTN15+e02SOfNpsSvbFZd4S5QTL/JpHT27SLNlG0h1gf3kB7pg@amqd
输入这个注册码:
看来我的简单爆破不是完美的,还需要继续努力!!!
这个软件确实用了很多加密算法!!!
------------------------------------------------------------------------
【破解总结】
------------------------------------------------------------------------
【版权声明】
[ 本帖最后由 ptsos 于 2008-7-13 11:21 编辑 ] |
|