軟體下載:
ftp://ftp.bj.software.chinese.com/software/soft_offbrowse/poe13273sr3-f.exe
一、執行trw
二、填上註冊資訊:(先任意填)
name:yubing
code:78787878
三、ctrl-n進入trw中,下
:bpx hmemcpy
:g (返回)
按“確定”被中斷,然後再用F12,到如下程式碼:
015F:004BF72A LEA EDX,[EBP-08]
015F:004BF72D MOV EAX,[EBX+02E8]
015F:004BF733 CALL 00433938
015F:004BF738 LEA ECX,[EBP-08]
015F:004BF73B LEA EDX,[EBP-04]
015F:004BF73E MOV EAX,[004E4C9C]
015F:004BF743 MOV EAX,[EAX]
015F:004BF745 CALL 004D1940 //註冊比較部分,按F8追入
015F:004BF74A TEST AL,AL //檢測標誌al
015F:004BF74C JZ 004BF7CC //跳則失敗(NO JUMP)
015F:004BF74E MOV EAX,[004E4C9C]
015F:004BF753 MOV EAX,[EAX]
015F:004BF755 MOV BYTE [EAX+064C],01
四、如上所述,註冊比較部分追入後,按F10到以下程式碼:
015F:004D1DD2 CALL 00403E70
015F:004D1DD7 CMP EBX,EAX
015F:004D1DD9 JNG 004D1DA7
015F:004D1DDB MOV EDX,06D363C1
015F:004D1DE0 MOV EAX,[EBP-04]
015F:004D1DE3 CALL 0047C580
015F:004D1DE8 LEA EDX,[EBP-08]
015F:004D1DEB CALL 004D1324
015F:004D1DF0 MOV EDX,[EBP-08] //d edx 正確的註冊碼
015F:004D1DF3 MOV EAX,[ESI] //d eax 你輸入的註冊碼
015F:004D1DF5 CALL 00403F80 //兩註冊碼的比較:)
015F:004D1DFA SETZ BL
015F:004D1DFD XOR EAX,EAX
015F:004D1DFF POP EDX
015F:004D1E00 POP ECX
當找到正確的註冊碼後,用筆抄下,就可以註冊了。
十三少
China Cracking Group
2000.09.04