Super Screen Capture 4.59 标志位破解

spider007 · 发表于 2007-2-5 16:17:20

【破文标题】Super Screen Capture 4.59 标志位破解
【破文作者】spider007
【破解工具】PEiD,OD
【破解平台】w2k
【软件名称】Super Screen Capture 4.59
【软件大小】1679KB
【原版下载】http://www.onlinedown.net/soft/51942.htm
【保护方式】名＋码
【软件简介】是一款功能丰富的屏幕截图软件。软件支持多种截图方式，如全屏，矩形，窗口，滚动截图，directx截图，视频截图，同时录音

等。用户可以将图片输出到剪贴板、打印机、电子邮件、编辑工具、临时文件夹等，并可以保存成常见的图片格式。支持截屏边框。
------------------------------------------------------------------------
【破解过程】1.运行软件注册，提示"Wrong serial number!"
2.PEiD查壳，无壳
3.OD载入，查找字串"Wrong serial number!"，双击
00447B00  /.  55                push ebp
00447B01  |.  8BEC                mov ebp,esp
00447B03  |.  83C4 A8             add esp,-58
00447B06  |.  53                push ebx
00447B07  |.  56                push esi
00447B08  |.  57                push edi
00447B09  |.  8BD8                mov ebx,eax
00447B0B  |.  B8 58F85400       mov eax,SSCaptur.0054F858
00447B10  |.  E8 07030D00       call SSCaptur.00517E1C
00447B15  |.  66:C745 B8 0800    mov word ptr ss:[ebp-48],8
00447B1B  |.  33D2                xor edx,edx
00447B1D  |.  8955 FC             mov dword ptr ss:[ebp-4],edx
00447B20  |.  8D55 FC             lea edx,dword ptr ss:[ebp-4]
00447B23  |.  FF45 C4             inc dword ptr ss:[ebp-3C]
00447B26  |.  8B83 08030000       mov eax,dword ptr ds:[ebx+308]
00447B2C  |.  E8 4F0F0A00       call SSCaptur.004E8A80
00447B31  |.  8D4D FC             lea ecx,dword ptr ss:[ebp-4]
00447B34  |.  8B15 1C295600       mov edx,dword ptr ds:[56291C]             ;  SSCaptur._zForm
00447B3A  |.  8B01                mov eax,dword ptr ds:[ecx]                ;  假码送eax
00447B3C  |.  50                push eax                                  ; /Arg2
00447B3D  |.  8B0A                mov ecx,dword ptr ds:[edx]                ; |
00447B3F  |.  51                push ecx                                  ; |Arg1
00447B40  |.  E8 EFECFBFF       call SSCaptur.00406834                   //此call有用，跟进(1)
00447B45  |.  83C4 08             add esp,8
00447B48  |.  BA 02000000       mov edx,2
00447B4D  |.  50                push eax                                  ; /Arg1
00447B4E  |.  8D45 FC             lea eax,dword ptr ss:[ebp-4]             ; |
00447B51  |.  FF4D C4             dec dword ptr ss:[ebp-3C]                ; |
00447B54  |.  E8 9BBE0D00       call SSCaptur.005239F4                   ; \SSCaptur.005239F4
00447B59  |.  59                pop ecx
00447B5A  |.  84C9                test cl,cl                               //测标志位，cl为零就跳到错误
00447B5C  |.  0F84 14020000       je SSCaptur.00447D76                      //关键跳转，不能跳
00447B62  |.  A1 202C5600       mov eax,dword ptr ds:[562C20]
00447B67  |.  6A 30             push 30
00447B69  |.  B9 35F75400       mov ecx,SSCaptur.0054F735                ;  ASCII "Super Screen Capture"
00447B6E  |.  BA 00F75400       mov edx,SSCaptur.0054F700                ;  ASCII "Succeed! Thank you very much for

using our software."
...
省
略
N
行
...
00447D69  |.  E8 1EF00800       call SSCaptur.004D6D8C
00447D6E  |.  66:C745 B8 0000    mov word ptr ss:[ebp-48],0
00447D74  |.  EB 18             jmp short SSCaptur.00447D8E
00447D76  |>  A1 202C5600       mov eax,dword ptr ds:[562C20]
00447D7B  |.  6A 30             push 30
00447D7D  |.  B9 86F75400       mov ecx,SSCaptur.0054F786                ;  ASCII "Note"
00447D82  |.  BA 71F75400       mov edx,SSCaptur.0054F771                ;  ASCII "Wrong serial number!" 来到这里，向上

看去
00447D87  |.  8B00                mov eax,dword ptr ds:[eax]
00447D89  |.  E8 66B90D00       call SSCaptur.005236F4
00447D8E  |>  8B55 A8             mov edx,dword ptr ss:[ebp-58]
00447D91  |.  64:8915 00000000    mov dword ptr fs:[0],edx
00447D98  |.  5F                pop edi
00447D99  |.  5E                pop esi
00447D9A  |.  5B                pop ebx
00447D9B  |.  8BE5                mov esp,ebp
00447D9D  |.  5D                pop ebp
00447D9E  \.  C3                retn
----------------------------------------------------------
4.跟进(1)后
00406834    55                push ebp                      //来到这里，修改为mov ecx,1
00406835    8BEC                mov ebp,esp                   //retn，修改完毕
00406837    83C4 D8             add esp,-28
0040683A  |.  B8 94185400       mov eax,SSCaptur.00541894
0040683F  |.  E8 D8151100       call SSCaptur.00517E1C

标志位破解到此结束。

------------------------------------------------------------------------

ZHOU2X · 发表于 2007-2-5 17:57:55

:lol: 固定注册码:SuperScreenCapture168s0000p

avel · 发表于 2007-2-8 09:05:08

标志位我喜欢～～～

嘿嘿！

杜杜哎哟 · 发表于 2007-2-10 23:38:37

等会回来学习

wyh1983 · 发表于 2007-2-11 00:35:13

不错，学习一下

glts · 发表于 2007-2-11 01:56:42

00447B00  /.  55          push ebp
00447B01  |.  8BEC       mov    ebp, esp
00447B03  |.  83C4 A8    add    esp, -58
00447B06  |.  53          push ebx
00447B07  |.  56          push esi
00447B08  |.  57          push edi
00447B09  |.  8BD8       mov    ebx, eax
00447B0B  |.  B8 58F85400 mov    eax, 0054F858
00447B10  |.  E8 07030D00 call 00517E1C
00447B15  |.  66:C745 B8 08>mov    word ptr [ebp-48], 8
00447B1B  |.  33D2       xor    edx, edx
00447B1D  |.  8955 FC    mov    dword ptr [ebp-4], edx
00447B20  |.  8D55 FC    lea    edx, dword ptr [ebp-4]
00447B23  |.  FF45 C4    inc    dword ptr [ebp-3C]
00447B26  |.  8B83 08030000 mov    eax, dword ptr [ebx+308]
00447B2C  |.  E8 4F0F0A00 call 004E8A80
00447B31  |.  8D4D FC    lea    ecx, dword ptr [ebp-4]
00447B34  |.  8B15 1C295600 mov    edx, dword ptr [56291C]       ;  SSCaptur._zForm
00447B3A  |.  8B01       mov    eax, dword ptr [ecx]
00447B3C  |.  50          push eax                            ; /Arg2
00447B3D  |.  8B0A       mov    ecx, dword ptr [edx]          ; |
00447B3F  |.  51          push ecx                            ; |Arg1
00447B40  |.  E8 EFECFBFF call 00406834                      ; \SSCaptur.00406834 跟进
00447B45  |.  83C4 08    add    esp, 8
00447B48  |.  BA 02000000 mov    edx, 2
00447B4D  |.  50          push eax                            ; /Arg1
00447B4E  |.  8D45 FC    lea    eax, dword ptr [ebp-4]          ; |
00447B51  |.  FF4D C4    dec    dword ptr [ebp-3C]             ; |
00447B54  |.  E8 9BBE0D00 call 005239F4                      ; \SSCaptur.005239F4
00447B59  |.  59          pop    ecx
00447B5A  |.  84C9       test cl, cl
00447B5C  |.  0F84 14020000 je    00447D76
00447B62  |.  A1 202C5600 mov    eax, dword ptr [562C20]
00447B67  |.  6A 30       push 30
00447B69  |.  B9 35F75400 mov    ecx, 0054F735                   ;  super screen capture
00447B6E  |.  BA 00F75400 mov    edx, 0054F700                   ;  succeed! thank you very much for using our software.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
跟进到这里:
00406834  /$  55          push ebp
00406835  |.  8BEC       mov    ebp, esp
00406837  |.  83C4 D8    add    esp, -28
0040683A  |.  B8 94185400 mov    eax, 00541894
0040683F  |.  E8 D8151100 call 00517E1C
00406844  |.  C745 F4 01000>mov    dword ptr [ebp-C], 1
0040684B  |.  8D55 0C    lea    edx, dword ptr [ebp+C]
0040684E  |.  8D45 0C    lea    eax, dword ptr [ebp+C]
00406851  |.  E8 AACF1100 call 00523800
00406856  |.  FF45 F4    inc    dword ptr [ebp-C]
00406859  |.  BA 04065400 mov    edx, 00540604                   ;  ASCII "SuperScreenCapture168s0000p" 真码
0040685E  |.  66:C745 E8 08>mov    word ptr [ebp-18], 8
00406864  |.  66:C745 E8 14>mov    word ptr [ebp-18], 14
0040686A  |.  8D45 FC    lea    eax, dword ptr [ebp-4]
0040686D  |.  E8 56CF1100 call 005237C8
00406872  |.  FF45 F4    inc    dword ptr [ebp-C]
00406875  |.  8D55 FC    lea    edx, dword ptr [ebp-4]
00406878  |.  8D45 0C    lea    eax, dword ptr [ebp+C]
0040687B  |.  E8 58D21100 call 00523AD8
00406880  |.  50          push eax                            ; /Arg1
00406881  |.  FF4D F4    dec    dword ptr [ebp-C]             ; |
00406884  |.  8D45 FC    lea    eax, dword ptr [ebp-4]          ; |
00406887  |.  BA 02000000 mov    edx, 2                         ; |
0040688C  |.  E8 63D11100 call 005239F4                      ; \SSCaptur.005239F4
00406891  |.  59          pop    ecx
00406892  |.  84C9       test cl, cl
00406894  |.  74 20       je    short 004068B6

明码~~~~

[ 本帖最后由 glts 于 2007-2-11 01:58 编辑 ]

Nisy · 发表于 2007-2-11 07:19:48

呵呵各位都用心了~

wyh1983 · 发表于 2007-2-11 10:00:30

标志位修改！

好

花满楼 · 发表于 2007-3-7 22:04:44

跟了一遍，又学了一次

jrstar · 发表于 2007-3-30 13:17:59

呵呵又是标志位学习了

		自动登录	找回密码
密码			加入我们

[原创] Super Screen Capture 4.59 标志位破解

相关帖子