獻給初學者(高手也點評點評!!)KoolMoves V1.33的破解!! (10千字)
獻給出學者的KoolMoves V1.33(簡單)
簡介:和flash一樣的動畫軟體(不錯,比flash啟動快多了)
下載地址:
現在我也是很少再破解軟體了。畢竟沒有時間了(學習要緊),現在又想玩動畫,所以拿來試手,哈哈
!!!!!(可惡的記事本,顏色都沒有!)!!!!!!!
歡迎光臨:http://www.luosz.cn.gs
破解過程如下:
添入:gce (隨便添)
1234567890(要10位,後5位可以隨便添,看完就知道了,會分解的!)
使用bpx hmemcpy後攔下來,用pmodule+F10或F12 22下來到
:0048D757 8D8DE0FDFFFF lea ecx, dword
ptr [ebp+FFFFFDE0]
:0048D75D 51
push ecx
:0048D75E 8D4DEC
lea ecx, dword ptr [ebp-14]
:0048D761 E846E70500 call 004EBEAC
:0048D766 C745FC00000000 mov [ebp-04], 00000000
:0048D76D 6800020000 push 00000200
:0048D772 8D95E0FDFFFF lea edx, dword
ptr [ebp+FFFFFDE0]
:0048D778 52
push edx
:0048D779 8B8DBCFDFFFF mov ecx, dword
ptr [ebp+FFFFFDBC]
:0048D77F 81C198000000 add ecx, 00000098
:0048D785 E851310600 call 004F08DB
:0048D78A 8D85E0FDFFFF lea eax, dword
ptr [ebp+FFFFFDE0]
:0048D790 50
push eax
:0048D791 8D4DE8
lea ecx, dword ptr [ebp-18]
:0048D794 E813E70500 call 004EBEAC
:0048D799 C645FC01 mov
[ebp-04], 01
:0048D79D E8DE60F8FF call 00413880
:0048D7A2 8985D8FDFFFF mov dword ptr
[ebp+FFFFFDD8], eax
:0048D7A8 8D4DE4
lea ecx, dword ptr [ebp-1C]
:0048D7AB E8C046FAFF call 00431E70
:0048D7B0 C645FC02 mov
[ebp-04], 02
:0048D7B4 8D4DE8
lea ecx, dword ptr [ebp-18]
:0048D7B7 51
push ecx
:0048D7B8 8D4DE4
lea ecx, dword ptr [ebp-1C]
:0048D7BB E88B040000 call 0048DC4B
:0048D7C0 8985DCFDFFFF mov dword ptr
[ebp+FFFFFDDC], eax
:0048D7C6 83BDDCFDFFFF00 cmp dword ptr [ebp+FFFFFDDC],
00000000
:0048D7CD 0F8418010000 je 0048D8EB
:0048D8EB C745F000000000 mov [ebp-10], 00000000
:0048D8F2 8D45F0
lea eax, dword ptr [ebp-10]
:0048D8F5 50
push eax
:0048D8F6 8D4DE8
lea ecx, dword ptr [ebp-18]
:0048D8F9 51
push ecx
:0048D8FA 8D55EC
lea edx, dword ptr [ebp-14]
:0048D8FD 52
push edx
:0048D8FE 8D4DE4
lea ecx, dword ptr [ebp-1C]
:0048D901 E890040000 call 0048DD96
------------------可看出此call為比較註冊碼的地方
:0048D906 8945E0
mov dword ptr [ebp-20], eax (因為下面的跳到註冊錯誤的地方 )
:0048D909 837DF000 cmp
dword ptr [ebp-10], 00000000
:0048D90D 7537
jne 0048D946 ---------------------跳了就完蛋!!
:0048D90F 8B8DBCFDFFFF mov ecx, dword
ptr [ebp+FFFFFDBC]
:0048D915 E86DF50500 call 004ECE87
:0048D91A C645FC01 mov
[ebp-04], 01
:0048D91E 8D4DE4
lea ecx, dword ptr [ebp-1C]
:0048D921 E85A45FAFF call 00431E80
:0048D926 C645FC00 mov
[ebp-04], 00
:0048D92A 8D4DE8
lea ecx, dword ptr [ebp-18]
:0048D92D E80CE50500 call 004EBE3E
:0048D932 C745FCFFFFFFFF mov [ebp-04], FFFFFFFF
:0048D939 8D4DEC
lea ecx, dword ptr [ebp-14]
:0048D93C E8FDE40500 call 004EBE3E
:0048D941 E94D010000 jmp 0048DA93
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048D90D(C)
|
:0048D946 837DE000 cmp
dword ptr [ebp-20], 00000000
:0048D94A 0F84DA000000 je 0048DA2A
(jump) --------------跳了就完蛋了!!
:0048D950 8B85D8FDFFFF mov eax, dword
ptr [ebp+FFFFFDD8]
:0048D956 C780D400000001000000 mov dword ptr [ebx+000000D4], 00000001
:0048D960 8D4DE8
lea ecx, dword ptr [ebp-18]
:0048D963 51
push ecx
:0048D964 8B8DD8FDFFFF mov ecx, dword
ptr [ebp+FFFFFDD8]
:0048D96A 81C1E0000000 add ecx, 000000E0
:0048D970 E802E60500 call 004EBF77
:0048D975 8D55EC
lea edx, dword ptr [ebp-14]
:0048D978 52
push edx
:0048D979 8B8DD8FDFFFF mov ecx, dword
ptr [ebp+FFFFFDD8]
:0048D97F 81C1E4000000 add ecx, 000000E4
:0048D985 E8EDE50500 call 004EBF77
.................
* Possible StringData Ref from Data Obj ->"Thank you for registering."看見了嗎?上面跳過了成功!!
|
(大夥英文肯定比我好)
:0048DA00 68F45D5500 push 00555DF4
:0048DA05 E852C50600 call 004F9F5C
:0048DA0A C645FC05 mov
[ebp-04], 05
:0048DA0E 8D8DC0FDFFFF lea ecx, dword
ptr [ebp+FFFFFDC0]
:0048DA14 E832070000 call 0048E14B
:0048DA19 C645FC02 mov
[ebp-04], 02
:0048DA1D 8D8DC8FDFFFF lea ecx, dword
ptr [ebp+FFFFFDC8]
:0048DA23 E816E40500 call 004EBE3E
:0048DA28 EB37
jmp 0048DA61
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048D94A(C)
|
:0048DA2A 6A00
push 00000000
:0048DA2C 6A00
push 00000000
* Possible StringData Ref from Data Obj ->"Registration Key is not correct."錯誤資訊(最可惡!)
|
:0048DA2E 68105E5500 push 00555E10
:0048DA33 E824C50600 call 004F9F5C
:0048DA38 C645FC01 mov
[ebp-04], 01
:0048DA3C 8D4DE4
lea ecx, dword ptr [ebp-1C]
:0048DA3F E83C44FAFF call 00431E80
進入此call可見
:0048DD96 55
push ebp
:0048DD97 8BEC
mov ebp, esp
:0048DD99 6AFF
push FFFFFFFF
:0048DD9B 68955C5100 push 00515C95
:0048DDA0 64A100000000 mov eax, dword
ptr fs:[00000000]
:0048DDA6 50
push eax
:0048DDA7 64892500000000 mov dword ptr fs:[00000000],
esp
:0048DDAE 83EC24
sub esp, 00000024
:0048DDB1 894DD0
mov dword ptr [ebp-30], ecx
:0048DDB4 8B4510
mov eax, dword ptr [ebp+10]
:0048DDB7 C70001000000 mov dword ptr
[eax], 00000001
:0048DDBD 8B4D0C
mov ecx, dword ptr [ebp+0C]
:0048DDC0 51
push ecx
:0048DDC1 8D4DF0
lea ecx, dword ptr [ebp-10]
:0048DDC4 E8EADD0500 call 004EBBB3
:0048DDC9 C745FC00000000 mov [ebp-04], 00000000
:0048DDD0 8D4DF0
lea ecx, dword ptr [ebp-10]
:0048DDD3 E847890500 call 004E671F
:0048DDD8 8D4DF0
lea ecx, dword ptr [ebp-10]
:0048DDDB E87070F7FF call 00404E50
:0048DDE0 83F80A
cmp eax, 0000000A-------------比較你輸入的註冊碼是否為10位
:0048DDE3 741E
je 0048DE03-----------------是就跳
(0A=10) :0048DDE5 C745EC00000000
mov [ebp-14], 00000000
:0048DDEC C745FCFFFFFFFF mov [ebp-04], FFFFFFFF
----------------跳到關鍵的地方(睜大你的眼睛!!)--------------------
:0048DE03 6A00
push 00000000
*下面的數字都是相對ASCII值
:0048DE05 8D4DF0
lea ecx, dword ptr [ebp-10] (破解裡常有,要記住哦)
:0048DE08 E83301F9FF call 0041DF40
:0048DE0D 0FBED0
movsx edx, al
:0048DE10 83FA36
cmp edx, 00000036------------------36=6
:0048DE13 7566
jne 0048DE7B
:0048DE15 6A01
push 00000001
:0048DE17 8D4DF0
lea ecx, dword ptr [ebp-10]
:0048DE1A E82101F9FF call 0041DF40
:0048DE1F 0FBEC0
movsx eax, al
:0048DE22 83F834
cmp eax, 00000034------------------34=4
:0048DE25 7554
jne 0048DE7B
:0048DE27 6A02
push 00000002
:0048DE29 8D4DF0
lea ecx, dword ptr [ebp-10]
:0048DE2C E80F01F9FF call 0041DF40
:0048DE31 0FBEC8
movsx ecx, al
:0048DE34 83F933
cmp ecx, 00000033------------------33=3
:0048DE37 7542
jne 0048DE7B
:0048DE39 6A03
push 00000003
:0048DE3B 8D4DF0
lea ecx, dword ptr [ebp-10]
:0048DE3E E8FD00F9FF call 0041DF40
:0048DE43 0FBED0
movsx edx, al
:0048DE46 83FA58
cmp edx, 00000058-------------------58=X (大寫)
:0048DE49 7412
je 0048DE5D
:0048DE4B 6A03
push 00000003
:0048DE4D 8D4DF0
lea ecx, dword ptr [ebp-10]
:0048DE50 E8EB00F9FF call 0041DF40
:0048DE55 0FBEC0
movsx eax, al
:0048DE58 83F878
cmp eax, 00000078-------------------78=x (小寫)
:0048DE5B 751E
jne 0048DE7B
**註冊碼的前5位是固定的, 為643Xx ,後面嘛,你喜歡多迷信就多迷信了!! ^-^(誰能想出新的笑臉)**
歡迎光臨:http://www.luosz.cn.gs
相關文章
- 獻給初學者(高手也看看) 破解 Cpukiller 2.0 (1千字)2000-09-17
- 獻給UNIX的初學者2012-03-08
- 一個簡單的破解,供初學者參考!望高手多加指點! (1千字)2001-03-26
- 演算法分析: <獻給初學者>
之一 (4千字)2002-06-06演算法
- 演算法分析: <獻給初學者>
之四 (9千字)2002-06-06演算法
- 演算法分析:
<獻給初學者> 之二 (7千字)2002-06-07演算法
- 破解也不會,演算法也忘了,翻了點東西,算為OCG作點貢獻...
(17千字)2015-11-15演算法
- 給windows media初學者的一點建議 (轉)2007-08-17Windows
- 給初學者:JavaScript 中陣列操作注意點2017-12-27JavaScript陣列
- 兩種破解 花貓時間精靈 v1.0 功能限制的方法,本人獻給破解初學者的第一篇破文!高手請匆入內~~
(24千字)2001-10-26
- 給初學者,因為我就是個初學者(1) (3千字)2000-05-03
- 給初學者,因為我就是個初學者(2) (1千字)2000-05-03
- 給初學者,因為我就是個初學者(4) (1千字)2000-05-03
- 初學者(10) (8千字)2000-05-14
- 破解badcat21---真正的初學者 (5千字)2001-05-19
- tkprof命令列工具用法小結,獻給初學者朋友2010-06-20命令列
- 令PHP初學者的困惑的10個知識點2015-03-14PHP
- 一篇破解教程-----面向初學者 (15千字)2001-04-01
- 學演算法的看過來 》》》演算法分析:
<獻給初學者> 之五 (5千字)2002-06-07演算法
- robbin,guty和其他高手,能否點評一下apache的turque2003-07-20Apache
- PHP初學者必須掌握的10個知識點2015-03-15PHP
- 簡單給初學者說說JAVA語言的幾個特點2017-07-13Java
- Laravel 初學者學習點滴2018-11-20Laravel
- B-Puzzle Version 5.0破解過程,請高手指點,謝謝!★強烈向初學破解者推薦★ (2千字)2001-11-25
- 初學者必看的JavaScript 七大點!2018-02-28JavaScript
- 初學者請進(一篇破解javagirl的心得) (2千字)2000-05-09Java
- 手動脫掉Asprotect的殼,(給初學者的) (9千字)2002-01-24
- 英語會話精靈 2.0 --謹以此文獻給初學破解的愛好者
(7千字)2015-11-15會話
- CTris 2000 Version2.0 破解過程,,請高手指點,謝謝!★強烈向初學破解者推薦★
(2千字)2001-11-25
- 脈脈點評系統上線:先看點評,再找工作ZSY2022-03-19
- PureStorege對EMC釋出PowerMAX的點評要點2018-05-09REST
- 給初學者的Web安全指南2018-12-05Web
- 給初學者的 type 命令教程2018-04-06
- 給初學者的 fc 示例教程2018-04-25
- 我的第一篇破文,獻給看學學院的!^_^高手免進! (10千字)2015-11-15
- 瘋狂單詞破解實錄(初學者請進!) (9千字)2000-08-24
- 初學者(7) (4千字)2000-05-05
- 初學者(8) (4千字)2000-05-07