破解實戰(三)之 WinZip8.0 (5千字)
破解實戰(三)之 WinZip8.0
軟體名稱:WinZip 8.0
簡 介:一個強大並且易用的壓縮實用程式.(30天試用)
解密日前:2000年7月15日
解密工具:Trw2000 1.22
破解目的:學習註冊碼的破解。
說 明:
本文是在我的軟體破解記錄上整理出來的。所以在文中沒有任何的註冊碼,只作技術交流。如若有紕漏,請各位大俠多指教!
首先用Trw2000載入Winzip 8.0
輸入註冊資訊
name:xiA Qin
&任意輸入
register key:1949101 &任意輸入
下指令bpx hmemcpy //下中斷點
按F5回到程式,按確定,這時會被Trw2000攔截到。
下指令bd * //屏障中斷點
下指令pmodule //直接跳到程式的領空
一、按F10來到下面指令
015F:00407F73 PUSH EDI
015F:00407F74 CALL 0043F89A
015F:00407F79 PUSH EDI
015F:00407F7A CALL 0043F8C3
015F:00407F7F POP ECX
015F:00407F80 MOV ESI,0048CDA4
015F:00407F85 POP ECX
015F:00407F86 PUSH BYTE +0B
015F:00407F88 PUSH ESI
015F:00407F89 PUSH DWORD 0C81
015F:00407F8E PUSH EBX
015F:00407F8F CALL `USER32!GetDlgItemTextA`
015F:00407F95 PUSH ESI
015F:00407F96 CALL 0043F89A
015F:00407F9B PUSH ESI
015F:00407F9C CALL 0043F8C3
015F:00407FA1 CMP BYTE [0048CD78],00
015F:00407FA8 POP ECX
015F:00407FA9 POP ECX
015F:00407FAA JZ 00408005
015F:00407FAC CMP BYTE [0048CDA4],00
015F:00407FB3 JZ 00408005
015F:00407FB5 CALL 004079D5
//關鍵CALL。有問題,按F8進入。
015F:00407FBA TEST EAX,EAX
//是不是很眼熟。
015F:00407FBC JZ 00408005
//註冊碼不相等跳到00408005。
1、按F8進入00407FB5 CALL。
015F:00407A7C JZ 00407A91
015F:00407A7E CALL 004082A6
015F:00407A83 AND DWORD [00489FDC],BYTE +00
015F:00407A8A XOR EAX,EAX
015F:00407A8C JMP 00407B42
015F:00407A91 LEA EAX,[EBP+FFFFFEC0]
015F:00407A97 PUSH EAX
015F:00407A98 PUSH EDI
015F:00407A99 CALL 00407B47
015F:00407A9E MOV ESI,0048CDA4
015F:00407AA3 LEA EAX,[EBP+FFFFFEC0]
//下指令D ESI, 你輸入的註冊碼。
015F:00407AA9 PUSH ESI
//下指令D EAX,真正的註冊碼。
015F:00407AAA PUSH EAX
015F:00407AAB CALL 004692D0
015F:00407AB0 ADD ESP,BYTE +10
015F:00407AB3 NEG EAX
015F:00407AB5 SBB EAX,EAX
015F:00407AB7 INC EAX
015F:00407AB8 MOV [00489FDC],EAX
015F:00407ABD JNZ 00407B27
015F:00407ABF LEA EAX,[EBP+FFFFFEC0]
//下指令D EAX,真正的註冊碼。
015F:00407AC5 PUSH EAX
015F:00407AC6 PUSH EDI
015F:00407AC7 CALL 00407BE4
015F:00407ACC LEA EAX,[EBP+FFFFFEC0]
//下指令D EAX,真正的註冊碼。(與上面的註冊碼不同)
015F:00407AD2 PUSH ESI
//下指令D ESI, 你輸入的註冊碼。
015F:00407AD3 PUSH EAX
015F:00407AD4 CALL 004692D0
015F:00407AD9 ADD ESP,BYTE +10
015F:00407ADC NEG EAX
015F:00407ADE SBB EAX,EAX
015F:00407AE0 INC EAX
015F:00407AE1 MOV [00489FDC],EAX
015F:00407AE6 JNZ 00407B27
015F:00407AE8 LEA EAX,[EBP+FFFFFEC4]
015F:00407AEE PUSH BYTE +04
015F:00407AF0 PUSH EAX
015F:00407AF1 PUSH ESI
015F:00407AF2 CALL 004696C0
015F:00407AF7 ADD ESP,BYTE +0C
015F:00407AFA TEST EAX,EAX
015F:00407AFC JNZ 00407B20
015F:00407AFE LEA EAX,[EBP+FFFFFEC0]
015F:00407B04 PUSH BYTE +04
015F:00407B06 PUSH EAX
015F:00407B07 PUSH DWORD 0048CDA8
015F:00407B0C CALL 004696C0
015F:00407B11 ADD ESP,BYTE +0C
015F:00407B14 TEST EAX,EAX
015F:00407B16 JNZ 00407B20
015F:00407B18 MOV [00489FDC],EBX
015F:00407B1E JMP SHORT 00407B27
015F:00407B20 AND DWORD [00489FDC],BYTE +00
015F:00407B27 PUSH DWORD 012C
015F:00407B2C LEA EAX,[EBP+FFFFFEC0]
015F:00407B32 PUSH BYTE +00
//下指令D EAX,真正的註冊碼。
015F:00407B34 PUSH EAX
015F:00407B35 CALL 00467C10
015F:00407B3A MOV EAX,[00489FDC]
015F:00407B3F ADD ESP,BYTE +0C
015F:00407B42 POP EDI
015F:00407B43 POP ESI
015F:00407B44 POP EBX
.......................................
015F:00407FBE PUSH EDI
015F:00407FBF MOV EDI,0047FFA4
015F:00407FC4 PUSH DWORD 0047DB24
015F:00407FC9 PUSH EDI
015F:00407FCA CALL 0043B5DA
015F:00407FCF PUSH ESI
015F:00407FD0 PUSH DWORD 0047E66C
015F:00407FD5 PUSH EDI
015F:00407FD6 CALL 0043B5DA
015F:00407FDB PUSH DWORD 0047FFC4
015F:00407FE0 PUSH BYTE +00
015F:00407FE2 PUSH BYTE +00
015F:00407FE4 PUSH DWORD 0047DB30
015F:00407FE9 CALL 0043B5C1
015F:00407FEE MOV EAX,[00487AF4]
015F:00407FF3 ADD ESP,BYTE +28
015F:00407FF6 TEST EAX,EAX
015F:00407FF8 JZ 00408001
015F:00407FFA PUSH EAX
015F:00407FFB CALL `GDI32!DeleteObject`
015F:00408001 PUSH BYTE +01
015F:00408003 JMP SHORT 00408035
015F:00408005 CALL 004082A6
015F:0040800A PUSH DWORD 028E
015F:0040800F CALL 0043F5ED
015F:00408014 PUSH EAX
015F:00408015 PUSH EBX
015F:00408016 PUSH BYTE +3D
015F:00408018 CALL 00430025
//到這裡GAME OVER了,
向上看什麼地方可以
跳過這個CALL.
後記:
地址00407AA3、00407ABF與00407ACC、00407B2C顯示的註冊碼不同,但是都可以使用。
太簡單了!用了不到五分鐘就破了。難怪網上沒有winzip 8.0的破解,大俠們不屑一“破”。只好我來破之、記之。
相關文章
- see This 破解實戰! (5千字)2000-06-26
- 破解實戰!polyview (3千字)2000-06-27View
- 菜鳥破解實錄 之Terrapin FTP Browser (5千字)2000-09-09APIFTP
- PicaView 1.32破解實戰
(3千字)2000-03-03View
- 《鐵甲風暴之黑色戰線》免CD破解手記 (5千字)2002-02-14
- Teleport Pro破解實戰錄 (6千字)2000-05-28
- PolyView 破解 (5千字)2000-12-31View
- 破解MyMahj (5千字)2001-06-20
- BananaSplitter 1.0破解實戰 (10千字)2000-09-11NaN
- RegHance v1.1破解實錄 (5千字)2001-03-26
- 破解TurboLaunch 4.04 (5千字)2001-06-06
- icnbat(圖示打仗)破解實戰 (12千字)2000-09-12BAT
- Vopt99另類破解實戰錄
(3千字)2000-09-27
- 破解 周公解夢2.11 實戰錄 (3千字)2000-08-22
- 破解入門5 (3千字)2000-09-23
- duelist crackme 1 破解 (5千字)2000-10-16
- IPTools 1.10 破解 (5千字)2001-02-11
- 如何破解CuteFTP 4.0 (5千字)2000-07-20FTP
- 《teleport pro 1.28》破解實錄 !!高手莫進!! (5千字)2001-05-03
- 炒股理財 v1.13破解實戰錄! (3千字)2000-08-24
- 風之紋章(Proc)破解實戰 我的第一篇水文 (9千字)2002-03-12
- PolyView再破解---請指教 (5千字)2001-01-02View
- 我的破解心得(5) (16千字)2001-03-13
- 破解XFtpSvr =====> 請進 (5千字)2001-07-01FTPVR
- 破解MailScan V3.5.1.2 (5千字)2001-08-31AI
- 文晟掃描5. 0
之破解經過 (7千字)2002-09-25
- 古今大戰80分破解 (2千字)2002-03-13
- 破解實錄(六)之 1toX 1.63 (6千字)2000-07-20
- Lockup2000 v4.0破解實戰 (7千字)2001-11-06
- jdpack的脫殼及破解 (5千字)2002-06-25
- 談談VB程式的破解 (5千字)2002-10-28
- 登陸奇兵3.0破解心得 (5千字)2001-05-02
- My Flash player 1.3 完全破解 (5千字)2001-12-05
- 破解心得之WinImage篇 (15千字)2001-07-01
- 破解心得之eXeScope篇 (9千字)2001-07-01
- 破解實錄(四)之 NoteTab Pro Trial 4.81 (3千字)2000-07-18
- 菜鳥破解實錄之 Dynamic Desktop 1.4.2 (9千字)2000-08-09
- 菜鳥破解實錄 之 GWD Text Editor 3.0 (9千字)2000-08-16