最新版本:Teleport Pro 1.29 Build 1422
檔案大小:844KB
軟體授權:共享軟體
使用平臺:Win95/98/NT
釋出公司:Home Page
軟體可在www.newhua.com.cn下載
軟體簡介:
Teleport Pro所能做的,不僅僅是離線瀏覽某個網頁(讓你離線快速瀏覽某個網頁的內容當然是它的一項重要功能),它可以從Internet的任何地方抓回你想要的任何檔案,它可以在你指定的時間自動登入到你指定的網站下載你指定的內容,你還可以用它來建立某個網站的完整的鏡象,作為建立你自己的網站的參考。前言:Teleport
Pro末註冊時只有30天的試用期,下面我用
softice4.05、W32dasm來破解它!
1、用W32dasm開啟c:\progra~1\teleport pro\pro.exe,將其反彙編,查詢
字串“Thank you! Your copy of Teleport Pro is now registered.”
你會找到如下程式碼:
* Possible Reference to
String Resource ID=07028: "Thank you! Your copy of Teleport Pro is now
registered. Al"
|
:00425F78 68741B0000 push 00001B74
:00425F7D 8D4DF0
lea ecx, dword ptr [ebp-10]
:00425F80 895DFC
mov dword ptr [ebp-04], ebx
............
2、向上看,有如下程式碼(分析見右邊註釋)
:00425F29 8B87DD000000 mov eax, dword
ptr [edi+000000DD]
:00425F2F 33DB
xor ebx, ebx
:00425F31 6A0A
push 0000000A
:00425F33 53
push ebx
:00425F34 50
push eax
:00425F35 E85B690000 call 0042C895
:00425F3A 8B0D68F04700 mov ecx, dword
ptr [0047F068]
:00425F40 83C40C
add esp, 0000000C
:00425F43 8945E8
mov dword ptr [ebp-18], eax
:00425F46 3899DB040000 cmp byte ptr
[ecx+000004DB], bl
:00425F4C 0F8412020000 je 00426164
:00425F52 3BC3
cmp eax, ebx
* Possible StringData Ref from Data Obj ->"User"
|
:00425F54 BEB8C94700 mov esi,
0047C9B8
:00425F59 0F8406010000 je 00426065
:00425F5F FFB7D5000000 push dword ptr
[edi+000000D5]
:00425F65 E896090000 call 00426900 <==幹什麼?F8追入。
:00425F6A 3945E8
cmp dword ptr [ebp-18], eax <==比較什麼?
:00425F6D 59
pop ecx
:00425F6E 753A
jne 00425FAA <--此處不跳,勝利在望,跳轉則死!
:00425F70 A114D44700 mov eax,
dword ptr [0047D414]
:00425F75 8945F0
mov dword ptr [ebp-10], eax
3、用ice載入pro.exe,
:bpx 00425f5f29
:g
回到程式填入註冊資訊:
name:yubing
company:[CCG]
registration:78787878 (隨便)
按“確定”程式被攔如下:
:00425F29 8B87DD000000 mov eax, dword
ptr [edi+000000DD] <--78787878送eax
:00425F2F 33DB
xor ebx, ebx
:00425F31 6A0A
push 0000000A
:00425F33 53
push ebx
:00425F34 50
push eax <--? eax 可知eax中存放78787878的十六制 4b23526
:00425F35 E85B690000 call 0042C895
:00425F3A 8B0D68F04700 mov ecx, dword
ptr [0047F068]
:00425F40 83C40C
add esp, 0000000C
:00425F43 8945E8
mov dword ptr [ebp-18], eax <--將4b23526送[ebp-18]
:00425F46 3899DB040000 cmp byte ptr
[ecx+000004DB], bl
:00425F4C 0F8412020000 je 00426164
:00425F52 3BC3
cmp eax, ebx
|
:00425F54 BEB8C94700 mov esi,
0047C9B8
:00425F59 0F8406010000 je 00426065
:00425F5F FFB7D5000000 push dword ptr
[edi+000000D5]
:00425F65 E896090000 call 00426900 <==幹什麼?F8追入。
:00425F6A 3945E8
cmp dword ptr [ebp-18], eax <==什麼與4b23526比較呀?
:00425F6D 59
pop ecx
:00425F6E 753A
jne 00425FAA <--此處不跳,勝利在望,跳轉則死!
:00425F70 A114D44700 mov eax,
dword ptr [0047D414]
:00425F75 8945F0
mov dword ptr [ebp-10], eax
4、在call 00426900追入分析,按F10繼續,直到|
:00426914 83F805
cmp eax, 00000005 <==比較輸入註冊名的個數是否大於5
:00426917 7304
jnb 0042691D 不於5,則提示錯誤。
:00426919 33C0
xor eax, eax
:0042691B 5F
pop edi
:0042691C C3
ret
:0042691D 53
push ebx
:0042691E 56
push esi
:0042691F BEA4E4FE5D mov esi,
5DFEE4A4 <--------|將輸入的
:00426924 33DB
xor ebx, ebx
|name,變
:00426926 85FF
test edi, edi
|換,得到
:00426928 7409
je 00426933
|正確的注
:0042692A 57
push edi
|冊碼,有興趣
:0042692B E8F0560000 call 0042C020
|的話,可
:00426930 59
pop ecx
|以製出註冊
:00426931 EB02
jmp 00426935
|機!
:00426933 33C0
xor eax, eax
|
:00426935 83C0FC
add eax, FFFFFFFC |
:00426938 3BD8
cmp ebx, eax
|
:0042693A 730C
jnb 00426948
|
:0042693C 33343B
xor esi, dword ptr [ebx+edi] |
:0042693F F6C340
test bl, 40
|
:00426942 7401
je 00426945
|
:00426944 43
inc ebx
|
:00426945 43
inc ebx
|
:00426946 EBDE
jmp 00426926 <---------|
:00426948 8BC6
mov eax, esi <--將得到的正確的注
冊碼送eax中
:0042694A 5E
pop esi
:0042694B 5B
pop ebx
:0042694C 5F
pop edi
:0042694D C3
ret
5、開始整理正確的註冊碼,在
:00425F6A cmp dword ptr [ebp-18], eax
? eax就可看見正確的註冊碼,趕快拿筆記下十進位制的數,去註冊吧:)
破解者:十三少[CCG]
China Cracking Group
2000.05.27