- UID
- 826
注册时间2005-4-13
阅读权限20
最后登录1970-1-1
以武会友
 
该用户从未签到
|
破解作者】西岭秋风
【作者邮箱】[email protected]
【破解平台】WINDOwS XP
【软件名称】超级电脑助手
【软件大小】1.22M
【加壳方式】无壳
【破解工具】PEiD0.93、W32asm无极版
【破解目的】学习破解。
【破解声明】我乃一只小菜鸟,偶得一点心得,愿与大家分享
用W32asm无极版载入,查找的"软件注册成功,谢谢注册"来到以下处:
:0056C111 BAA4C35600 mov edx, 0056C3A4
:0056C116 8BC6 mov eax, esi
:0056C118 E82F5BF0FF call 00471C4C
:0056C11D 837DFC00 cmp dword ptr [ebp-04], 00000000
:0056C121 7442 je 0056C165 <===改74为75
:0056C123 8D55F4 lea edx, dword ptr [ebp-0C]
:0056C126 A14C3D5B00 mov eax, dword ptr [005B3D4C]
:0056C12B 8B00 mov eax, dword ptr [eax]
:0056C12D E886DEEFFF call 00469FB8
:0056C132 8B45F4 mov eax, dword ptr [ebp-0C]
:0056C135 8D55F8 lea edx, dword ptr [ebp-08]
:0056C138 E8DBDAE9FF call 00409C18
:0056C13D 8D45F8 lea eax, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"li1ul.dll"
|
:0056C140 BAB4C35600 mov edx, 0056C3B4
:0056C145 E8728CE9FF call 00404DBC
:0056C14A 8B45F8 mov eax, dword ptr [ebp-08]
:0056C14D E8DED8E9FF call 00409A30
:0056C152 3C01 cmp al, 01
:0056C154 750F jne 0056C165 <===改75为74
* Possible StringData Ref from Code Obj ->"软件注册成功,谢谢注册。"
|
:0056C156 B8C8C35600 mov eax, 0056C3C8
:0056C15B E8A056EDFF call 00441800
:0056C160 E994010000 jmp 0056C2F9
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0056C121(C), :0056C154(C)
|
:0056C165 8D55F0 lea edx, dword ptr [ebp-10]
:0056C168 8B8338030000 mov eax, dword ptr [ebx+00000338]
:0056C16E E8B5C8EDFF call 00448A28
:0056C173 837DF000 cmp dword ptr [ebp-10], 00000000
:0056C177 7414 je 0056C18D
:0056C179 8D55EC lea edx, dword ptr [ebp-14]
:0056C17C 8B8334030000 mov eax, dword ptr [ebx+00000334]
:0056C182 E8A1C8EDFF call 00448A28
:0056C187 837DEC00 cmp dword ptr [ebp-14], 00000000
:0056C18B 750F jne 0056C19C
*******
修改以上两处后注册时软件提示注册成功,但在使用中有功能限制(呵呵!明白什么是假注册了),再查找"软件未注册,功能限制" 共四处分别改之:
:0056D371 000000 BYTE 3 DUP(0)
:0056D374 BCECB2E2CE mov esp, CEE2B2EC
:0056D379 C4BCFECAFDC1BF les edi, dword ptr [esi+8*edi-403E0236]
:0056D380 A3BA0000FF mov dword ptr [FF0000BA], eax
:0056D385 FFFFFF BYTE 3 DUP(0ffh)
:0056D388 0200 add al, byte ptr [eax]
:0056D38A 0000 add byte ptr [eax], al
:0056D38C 0D0A0000FF or eax, FF00000A
:0056D391 FFFFFF BYTE 3 DUP(0ffh)
:0056D394 1200 adc al, byte ptr [eax]
:0056D396 0000 add byte ptr [eax], al
:0056D398 C8ABB2BF enter B2AB, BF
:0056D39C B6BC mov dh, BC
:0056D39E BFC9D2D4B7 mov edi, B7D4D2C9
:0056D3A3 C5D0 lds edx, eax
:0056D3A5 C4C9 les ecx, ecx
:0056D3A7 BEB3FD0000 mov esi, 0000FDB3
:0056D3AC 55 push ebp
:0056D3AD 8BEC mov ebp, esp
:0056D3AF 33C9 xor ecx, ecx
:0056D3B1 51 push ecx
:0056D3B2 51 push ecx
:0056D3B3 51 push ecx
:0056D3B4 51 push ecx
:0056D3B5 51 push ecx
:0056D3B6 51 push ecx
:0056D3B7 53 push ebx
:0056D3B8 56 push esi
:0056D3B9 57 push edi
:0056D3BA 8BF0 mov esi, eax
:0056D3BC 33C0 xor eax, eax
:0056D3BE 55 push ebp
:0056D3BF 6809D55600 push 0056D509
:0056D3C4 64FF30 push dword ptr fs:[eax]
:0056D3C7 648920 mov dword ptr fs:[eax], esp
:0056D3CA 8D55F8 lea edx, dword ptr [ebp-08]
:0056D3CD A1603F5B00 mov eax, dword ptr [005B3F60]
:0056D3D2 8B00 mov eax, dword ptr [eax]
:0056D3D4 8B8028040000 mov eax, dword ptr [eax+00000428]
:0056D3DA E849B6EDFF call 00448A28
:0056D3DF 8B45F8 mov eax, dword ptr [ebp-08]
:0056D3E2 BA20D55600 mov edx, 0056D520
:0056D3E7 E80C7BE9FF call 00404EF8
:0056D3EC 751B jne 0056D409 <===============改75为74
* Possible StringData Ref from Code Obj ->"软件未注册,功能限制"
|
:0056D3EE B82CD55600 mov eax, 0056D52C
:0056D3F3 E80844EDFF call 00441800
:0056D3F8 A1D03C5B00 mov eax, dword ptr [005B3CD0]
:0056D3FD 8B00 mov eax, dword ptr [eax]
:0056D3FF E8EC8FEFFF call 004663F0
:0056D404 E9DD000000 jmp 0056D4E6
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0056D3EC(C)
|
:0056D409 8B86F0020000 mov eax, dword ptr [esi+000002F0]
:0056D40F 8B802C020000 mov eax, dword ptr [eax+0000022C]
:0056D415 E8762FF1FF call 00480390
:0056D41A 48 dec eax
:0056D41B 85C0 test eax, eax
:0056D41D 0F8CA8000000 jl 0056D4CB
:0056D423 40 inc eax
:0056D424 8945FC mov dword ptr [ebp-04], eax
:0056D427 33DB xor ebx, ebx
*******************************************
:00593924 8D45FC lea eax, dword ptr [ebp-04]
:00593927 E8D011E7FF call 00404AFC
:0059392C C3 ret
:0059392D E94E0BE7FF jmp 00404480
:00593932 EBF0 jmp 00593924
:00593934 5E pop esi
:00593935 5B pop ebx
:00593936 59 pop ecx
:00593937 5D pop ebp
:00593938 C3 ret
:00593939 000000 BYTE 3 DUP(0)
:0059393C FFFFFFFF BYTE 4 DUP(0ffh)
:00593940 1400 adc al, 00
:00593942 0000 add byte ptr [eax], al
:00593944 CE into
:00593945 DEB7A8BCD3D4 fidiv word ptr [edi+D4D3BCA8]
:0059394B D8BFC9D6B4D0 fdivr dword ptr [edi+D0B4D6C9]
:00593951 D0CE ror dh, 1
:00593953 C4BCFEA3A10000 les edi, dword ptr [esi+8*edi+0000A1A3]
:0059395A 0000 add byte ptr [eax], al
:0059395C 55 push ebp
:0059395D 8BEC mov ebp, esp
:0059395F 33C9 xor ecx, ecx
:00593961 51 push ecx
:00593962 51 push ecx
:00593963 51 push ecx
:00593964 51 push ecx
:00593965 51 push ecx
:00593966 53 push ebx
:00593967 56 push esi
:00593968 57 push edi
:00593969 8BD8 mov ebx, eax
:0059396B 33C0 xor eax, eax
:0059396D 55 push ebp
:0059396E 68973A5900 push 00593A97
:00593973 64FF30 push dword ptr fs:[eax]
:00593976 648920 mov dword ptr fs:[eax], esp
:00593979 8D55F8 lea edx, dword ptr [ebp-08]
:0059397C A1603F5B00 mov eax, dword ptr [005B3F60]
:00593981 8B00 mov eax, dword ptr [eax]
:00593983 8B8028040000 mov eax, dword ptr [eax+00000428]
:00593989 E89A50EBFF call 00448A28
:0059398E 8B45F8 mov eax, dword ptr [ebp-08]
:00593991 BAB03A5900 mov edx, 00593AB0
:00593996 E85D15E7FF call 00404EF8
:0059399B 750F jne 005939AC <===============改75为74
* Possible StringData Ref from Code Obj ->"软件未注册,功能限制"
|
:0059399D B8BC3A5900 mov eax, 00593ABC
:005939A2 E859DEEAFF call 00441800
:005939A7 E9C0000000 jmp 00593A6C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0059399B(C)
|
:005939AC 8B8304030000 mov eax, dword ptr [ebx+00000304]
:005939B2 8B802C020000 mov eax, dword ptr [eax+0000022C]
:005939B8 E8D3C9EEFF call 00480390
:005939BD 48 dec eax
:005939BE 0F8CA8000000 jl 00593A6C
:005939C4 B201 mov dl, 01
********************************************
:005AB85C 55 push ebp
:005AB85D 8BEC mov ebp, esp
:005AB85F 81C4A0FEFFFF add esp, FFFFFEA0
:005AB865 53 push ebx
:005AB866 56 push esi
:005AB867 57 push edi
:005AB868 33C9 xor ecx, ecx
:005AB86A 898DA0FEFFFF mov dword ptr [ebp+FFFFFEA0], ecx
:005AB870 898DA8FEFFFF mov dword ptr [ebp+FFFFFEA8], ecx
:005AB876 898DA4FEFFFF mov dword ptr [ebp+FFFFFEA4], ecx
:005AB87C 898DACFEFFFF mov dword ptr [ebp+FFFFFEAC], ecx
:005AB882 894DFC mov dword ptr [ebp-04], ecx
:005AB885 8BF0 mov esi, eax
:005AB887 33C0 xor eax, eax
:005AB889 55 push ebp
:005AB88A 689CBA5A00 push 005ABA9C
:005AB88F 64FF30 push dword ptr fs:[eax]
:005AB892 648920 mov dword ptr fs:[eax], esp
:005AB895 8D95ACFEFFFF lea edx, dword ptr [ebp+FFFFFEAC]
:005AB89B A1603F5B00 mov eax, dword ptr [005B3F60]
:005AB8A0 8B00 mov eax, dword ptr [eax]
:005AB8A2 8B8028040000 mov eax, dword ptr [eax+00000428]
:005AB8A8 E87BD1E9FF call 00448A28
:005AB8AD 8B85ACFEFFFF mov eax, dword ptr [ebp+FFFFFEAC]
:005AB8B3 BAB4BA5A00 mov edx, 005ABAB4
:005AB8B8 E83B96E5FF call 00404EF8
:005AB8BD 751B jne 005AB8DA <===============改75为74
* Possible StringData Ref from Code Obj ->"软件未注册,功能限制"
|
:005AB8BF B8C0BA5A00 mov eax, 005ABAC0
:005AB8C4 E8375FE9FF call 00441800
:005AB8C9 A1D03C5B00 mov eax, dword ptr [005B3CD0]
:005AB8CE 8B00 mov eax, dword ptr [eax]
:005AB8D0 E81BABEBFF call 004663F0
:005AB8D5 E991010000 jmp 005ABA6B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005AB8BD(C)
|
:005AB8DA 6A00 push 00000000
**********************************************************
:00549D0A 8B00 mov eax, dword ptr [eax]
:00549D0C 8B8028040000 mov eax, dword ptr [eax+00000428]
:00549D12 E811EDEFFF call 00448A28
:00549D17 8B45F8 mov eax, dword ptr [ebp-08]
:00549D1A BAE4A15400 mov edx, 0054A1E4
:00549D1F E8D4B1EBFF call 00404EF8
:00549D24 750F jne 00549D35 <===============改75为74
* Possible StringData Ref from Code Obj ->"软件未注册,功能限制"
|
:00549D26 B8F0A15400 mov eax, 0054A1F0
:00549D2B E8D07AEFFF call 00441800
:00549D30 E96F040000 jmp 0054A1A4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00549D24(C)
|
:00549D35 B201 mov dl, 01
:00549D37 A188134700 mov eax, dword ptr [00471388]
:00549D3C E8B377F2FF call 004714F4
:00549D41 8906 mov dword ptr [esi], eax
:00549D43 8B83F8020000 mov eax, dword ptr [ebx+000002F8]
:00549D49 80B81002000001 cmp byte ptr [eax+00000210], 01
:00549D50 7551 jne 00549DA3
:00549D52 BA01000080 mov edx, 80000001
:00549D57 8B06 mov eax, dword ptr [esi]
:00549D59 E87278F2FF call 004715D0
:00549D5E B101 mov cl, 01
=====================================================
以上修改后注册成功,使用无限制! 呵呵,很有点成就感哈!
不知正确否,请老大多多指点!
[ Last edited by 西岭秋风 on 2005-9-28 at 08:42 AM ] |
|
IP卡
发表于 2005-9-28 08:40:16
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2005-9-28 12:13:47
