- UID
- 1479
注册时间2005-5-9
阅读权限10
最后登录1970-1-1
周游历练
该用户从未签到
|
迷你网络电视 5.6
【加密方式】 序列号
【破解工具】 FlyOD V1.10、W32DASM
【软件限制】 功能限制
【下载地址】 http://www.shareware.cn/
【破解平台】 Microsoft Windows XP SP2
bc++1999编写
打开W32DASM载入程序,在“串是式数据参考”找到“经典语句!”
0040225D |. 8D85 6CFFFFFF lea eax,dword ptr ss:[ebp-94]
00402263 |. BA 02000000 mov edx,2
00402268 |. E8 F7A70F00 call nettvprj.004FCA64
0040226D |. E8 86340000 call nettvprj.004056F8-------这是写标志位的call
00402272 |. 84C0 test al,al
00402274 |. 74 48 je short nettvprj.004022BE-----在这里呢
00402276 |. 33D2 xor edx,edx
00402278 |. 8B86 18030000 mov eax,dword ptr ds:[esi+318]
0040227E |. E8 C5770800 call nettvprj.00489A48
00402283 |. 66:C743 10 C800 mov word ptr ds:[ebx+10],0C8
迷你网络电视-注册版---------------------跳转向上找
00402289 |. BA 52035300 mov edx,nettvprj.00530352
0040228E |. 8D85 68FFFFFF lea eax,dword ptr ss:[ebp-98]
00402294 |. E8 FBA60F00 call nettvprj.004FC994
00402299 |. FF43 1C inc dword ptr ds:[ebx+1C]
0040229C |. 8B10 mov edx,dword ptr ds:[eax]
0040229E |. 8B86 F0020000 mov eax,dword ptr ds:[esi+2F0]
004022A4 |. E8 27C00300 call nettvprj.Suiform::TsuiForm::S>
004022A9 |. FF4B 1C dec dword ptr ds:[ebx+1C]
004022AC |. 8D85 68FFFFFF lea eax,dword ptr ss:[ebp-98]
004022B2 |. BA 02000000 mov edx,2
004022B7 |. E8 A8A70F00 call nettvprj.004FCA64
004022BC |. EB 56 jmp short nettvprj.00402314
004022BE |> 66:C743 10 D400 mov word ptr ds:[ebx+10],0D4
迷你网络电视-未注册版--------------------跳转向上找
004022C4 |. BA 66035300 mov edx,nettvprj.00530366
004022C9 |. 8D85 64FFFFFF lea eax,dword ptr ss:[ebp-9C]
004022CF |. E8 C0A60F00 call nettvprj.004FC994
004022D4 |. FF43 1C inc dword ptr ds:[ebx+1C]
004022D7 |. 8B10 mov edx,dword ptr ds:[eax]
004022D9 |. 8B86 F0020000 mov eax,dword ptr ds:[esi+2F0]
004022DF |. E8 ECBF0300 call nettvprj.Suiform::TsuiForm::S>
----进入写标志位的call 004056F8
004056F8 /$ BA 78785400 mov edx,nettvprj.00547878
004056FD |. FF02 inc dword ptr ds:[edx]
004056FF |. 8302 09 add dword ptr ds:[edx],9
00405702 |. 33C0 xor eax,eax
00405704 |> FF02 /inc dword ptr ds:[edx]
00405706 |. 2902 |sub dword ptr ds:[edx],eax
00405708 |. 40 |inc eax
00405709 |. 83F8 25 |cmp eax,25
0040570C |.^ 7C F6 \jl short nettvprj.00405704------怎么没有写呀看下面的call
0040570E |. E8 EDFEFFFF call nettvprj.00405600--------就是他
00405713 \. C3 retn
进入call nettvprj.00405600
00405600 /$ 53 push ebx
00405601 |. 56 push esi
00405602 |. 57 push edi
00405603 |. 55 push ebp
00405604 |. 803D A8025300 00 cmp byte ptr ds:[5302A8],0
0040560B |. 75 32 jnz short nettvprj.0040563F
0040560D |. 68 39300000 push 3039
00405612 |. E8 519D1200 call <jmp.&MC.fnMc>
00405617 |. 59 pop ecx
00405618 |. 8BD0 mov edx,eax
0040561A |. C1E0 03 shl eax,3
0040561D |. 2BC2 sub eax,edx
0040561F |. 8D0482 lea eax,dword ptr ds:[edx+eax*4]
00405622 |. 05 0FCD7F00 add eax,7FCD0F
00405627 |. B9 1F000000 mov ecx,1F
0040562C |. 99 cdq
0040562D |. F7F9 idiv ecx
0040562F |. 05 0FCD7F00 add eax,7FCD0F
00405634 |. A3 A4025300 mov dword ptr ds:[5302A4],eax
00405639 |. FE05 A8025300 inc byte ptr ds:[5302A8]
0040563F |> 8B1D A4025300 mov ebx,dword ptr ds:[5302A4]
00405645 |. A1 A0025300 mov eax,dword ptr ds:[5302A0]
0040564A |. A3 74785400 mov dword ptr ds:[547874],eax
0040564F |. 8BC3 mov eax,ebx
00405651 |. 99 cdq
00405652 |. B9 1F000000 mov ecx,1F
00405657 |. F7F9 idiv ecx
00405659 |. 8BE8 mov ebp,eax
0040565B |. 8BC3 mov eax,ebx
0040565D |. 99 cdq
0040565E |. B9 07000000 mov ecx,7
00405663 |. F7F9 idiv ecx
00405665 |. FF05 A0025300 inc dword ptr ds:[5302A0]
0040566B |. FF05 A0025300 inc dword ptr ds:[5302A0]
00405671 |. C605 8C025300 00 mov byte ptr ds:[53028C],0
00405678 |. 8BF0 mov esi,eax
0040567A |. A1 A0025300 mov eax,dword ptr ds:[5302A0]
0040567F |. 0105 74785400 add dword ptr ds:[547874],eax
00405685 |. FF05 A0025300 inc dword ptr ds:[5302A0]
0040568B |. 8B3D 90025300 mov edi,dword ptr ds:[530290]
00405691 |. B9 01000000 mov ecx,1
00405696 |. EB 0B jmp short nettvprj.004056A3
00405698 |> 03F1 /add esi,ecx
0040569A |. FF05 74785400 |inc dword ptr ds:[547874]
004056A0 |. 2BF9 |sub edi,ecx
004056A2 |. 41 |inc ecx
004056A3 |> 8BC3 mov eax,ebx
004056A5 |. 99 |cdq
004056A6 |. F7FD |idiv ebp
004056A8 |. 3BC8 |cmp ecx,eax
004056AA |.^ 7C EC \jl short nettvprj.00405698
004056AC |. 3BF7 cmp esi,edi
004056AE |. 75 1D jnz short nettvprj.004056CD
004056B0 |. FF0D A0025300 dec dword ptr ds:[5302A0]
004056B6 |. 3BF7 cmp esi,edi
004056B8 |. 0F94C0 sete al
004056BB |. 83E0 01 and eax,1
004056BE |. A2 8C025300 mov byte ptr ds:[53028C],al
004056C3 |. B0 01 mov al,1
004056C5 |. FF0D 74785400 dec dword ptr ds:[547874]
004056CB |. EB 25 jmp short nettvprj.004056F2
004056CD |> 813D 90025300 0FC>cmp dword ptr ds:[530290],7FCD0F
004056D7 |. 75 11 jnz short nettvprj.004056EA-----------改为je
004056D9 |. C605 8C025300 01 mov byte ptr ds:[53028C],1
004056E0 |. B0 01 mov al,1-------------------在这里写呢
004056E2 |. FF0D 74785400 dec dword ptr ds:[547874]
004056E8 |. EB 08 jmp short nettvprj.004056F2
004056EA |> FF05 74785400 inc dword ptr ds:[547874]
004056F0 |. 33C0 xor eax,eax
004056F2 |> 5D pop ebp
004056F3 |. 5F pop edi
004056F4 |. 5E pop esi
004056F5 |. 5B pop ebx
004056F6 \. C3 retn
思路---看谁在写入标志位,改之就可以,
[ 本帖最后由 tigerisme 于 2006-8-26 21:38 编辑 ] |
|
IP卡
发表于 2005-7-5 13:57:19
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2005-8-4 22:46:04