- UID
- 17272
注册时间2006-7-2
阅读权限10
最后登录1970-1-1
周游历练
该用户从未签到
|
被破软件 超级电视~~~~
软件下载 http://www.skycn.com/soft/25209.html
破解人 紫月雨~~~~~
破解工具 peid od
平台 xp sp2
好像也没什么可以说了
今天我们的总版Guiz上线,叫我们要不要玩一个软件,我没事干就下了,一看是vb,诶,没玩过vb的,第一次,尝试一下!
在破这个软件中遇到了一点困难,要感谢帮助我的人!最重要的一句
学破解要先学会做人!
好了,开始破解
首先,peid查壳,没壳,vb程序,经过我四方打听,问道个vb专用端点bp __vbaStrComp
好了od载入
运行软件 下bp __vbaStrComp端点,填入注册码,点注册
成功断下 返回程序领空!
然后F8按吧,按到出现假码!
返回领空
7403F905 0FBFC0 MOVSX EAX,AX
7403F908 C2 0800 RETN 8
7403F90B > 51 PUSH ECX
7403F90C 57 PUSH EDI
7403F90D 50 PUSH EAX
7403F90E 3D 00100000 CMP EAX,1000
7403F913 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10]
7403F917 0F83 89E10400 JNB MSVBVM50.7408DAA6
7403F91D 2BC8 SUB ECX,EAX
7403F91F 8BC4 MOV EAX,ESP
7403F921 8501 TEST DWORD PTR DS:[ECX],EAX
7403F923 8D61 F0 LEA ESP,DWORD PTR DS:[ECX-10]
7403F926 8B08 MOV ECX,DWORD PTR DS:[EAX]
经过Guiz提示,F8一路下去。直到出现假码为止~~~~~~我是一路用鼠标,结果按了不知道多少次,终于,终于 在45A179出现了假码!不枉费我的辛苦
0045A179 > \8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20]
0045A17C . 52 PUSH EDX
0045A17D . FF15 60E34500 CALL DWORD PTR DS:[<&MSVBVM50.#581>] ; MSVBVM50.rtcR8ValFromBstr
0045A183 . FF15 5CE24500 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFpR8>>; MSVBVM50.__vbaFpR8
0045A189 . DB85 40FFFFFF FILD DWORD PTR SS:[EBP-C0]
0045A18F . DD9D 04FFFFFF FSTP QWORD PTR SS:[EBP-FC]
0045A195 . DC9D 04FFFFFF FCOMP QWORD PTR SS:[EBP-FC]
0045A19B . DFE0 FSTSW AX
0045A19D . F6C4 40 TEST AH,40
0045A1A0 . 74 07 JE SHORT supernet.0045A1A9
0045A1A2 . BE 01000000 MOV ESI,1
0045A1A7 . EB 02 JMP SHORT supernet.0045A1AB
0045A1A9 > 33F6 XOR ESI,ESI
0045A1AB > 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
0045A1AE . FF15 5CE34500 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
0045A1B4 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
0045A1B7 . FF15 58E34500 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
0045A1BD . F7DE NEG ESI
0045A1BF . 66:85F6 TEST SI,SI
0045A1C2 0F84 92030000 JE supernet.0045A55A 这里有个跳,而且是跳的,距离还有点远.........我们就跳过去
0045A1C8 . A1 10C04500 MOV EAX,DWORD PTR DS:[45C010]
0045A1CD . 85C0 TEST EAX,EAX
继续往下走
0045A55B . FF97 B4020000 CALL DWORD PTR DS:[EDI+2B4]
0045A561 . 85C0 TEST EAX,EAX 在这里程序就开始运行了,继续往下走
0045A563 . 7D 12 JGE SHORT supernet.0045A577
0045A565 . 68 B4020000 PUSH 2B4
0045A56A . 68 308B4000 PUSH supernet.00408B30
0045A56F . 53 PUSH EBX
0045A570 . 50 PUSH EAX
0045A571 . FF15 08E24500 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
0045A577 > 8B3D 1CE34500 MOV EDI,DWORD PTR DS:[<&MSVBVM50.__vbaVa>; MSVBVM50.__vbaVarDup
0045A57D . B9 04000280 MOV ECX,80020004
0045A582 . 894D 8C MOV DWORD PTR SS:[EBP-74],ECX
0045A585 . B8 0A000000 MOV EAX,0A
0045A58A . 894D 9C MOV DWORD PTR SS:[EBP-64],ECX
0045A58D . BE 08000000 MOV ESI,8
0045A592 . 8D95 64FFFFFF LEA EDX,DWORD PTR SS:[EBP-9C]
0045A598 . 8D4D A4 LEA ECX,DWORD PTR SS:[EBP-5C]
0045A59B . 8945 84 MOV DWORD PTR SS:[EBP-7C],EAX
0045A59E . 8945 94 MOV DWORD PTR SS:[EBP-6C],EAX
0045A5A1 . C785 6CFFFFFF>MOV DWORD PTR SS:[EBP-94],supernet.0041A>
0045A5AB . 89B5 64FFFFFF MOV DWORD PTR SS:[EBP-9C],ESI
0045A5B1 . FFD7 CALL EDI ; <&MSVBVM50.__vbaVarDup>
0045A5B3 . 8D95 74FFFFFF LEA EDX,DWORD PTR SS:[EBP-8C]
0045A5B9 . 8D4D B4 LEA ECX,DWORD PTR SS:[EBP-4C]
0045A5BC . C785 7CFFFFFF>MOV DWORD PTR SS:[EBP-84],supernet.0041A>
0045A5C6 . 89B5 74FFFFFF MOV DWORD PTR SS:[EBP-8C],ESI
0045A5CC . FFD7 CALL EDI
0045A5CE . 8D45 84 LEA EAX,DWORD PTR SS:[EBP-7C]
0045A5D1 . 8D4D 94 LEA ECX,DWORD PTR SS:[EBP-6C]
0045A5D4 . 50 PUSH EAX
0045A5D5 . 8D55 A4 LEA EDX,DWORD PTR SS:[EBP-5C]
0045A5D8 . 51 PUSH ECX
0045A5D9 . 52 PUSH EDX
0045A5DA . 8D45 B4 LEA EAX,DWORD PTR SS:[EBP-4C]
0045A5DD . 6A 40 PUSH 40
0045A5DF . 50 PUSH EAX
0045A5E0 . FF15 28E24500 CALL DWORD PTR DS:[<&MSVBVM50.#595>] ; MSVBVM50.rtcMsgBox
0045A5E6 . 8D4D 84 LEA ECX,DWORD PTR SS:[EBP-7C] 这里程序报错!,从上面程序运行到这里没有跳!,说明刚才前面那个跳转就有可能就是关键跳转!,好,我们回去改了他!
到刚才
0045A1C2 把JE改成JNE看看,然后保存文件!
运行刚才修改的程序,填入注册码和注册名,点了注册,没有了刚才错误提示,好,我们重启软件!,发现还是注册版的,说明没有重启验证!太好了!到此为止超级电视就被我们给爆破了!
附上修改后的程序 |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?加入我们
x
|
IP卡
发表于 2006-8-11 17:08:31
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-8-11 18:54:17
楼主
发表于 2006-8-13 23:24:20
