軟體名稱:YATS32
版本: v8.1 build 6
下載地址:http://www.dillobits.com/bin/yats3281.exe
http://newhua.21f.net/down/yats3281.exe
保護型別:註冊碼
破解型別:patch
難度級別:easy
軟體描述:時間同步工具
該軟體用UPX壓縮過,解壓後反彙編,利用W32Dasm的reference功能,找到如下的地方。很明顯DS:[00456970]中存放的是註冊的標誌,非零值表示已註冊。
:0040123F 391D70694500 cmp dword ptr
[00456970], ebx
:00401245 747C
je 004012C3
:00401247 57
push edi
:00401248 8DBEBC010000 lea edi, dword
ptr [esi+000001BC]
* Possible StringData Ref from Data Obj ->"Registered to "
|
:0040124E 682CE14300 push 0043E12C
:00401253 8BCF
mov ecx, edi
:00401255 E82B5D0200 call 00426F85
查詢串“00456970”,又找到另外兩個地方,把相關的跳轉指令全部改掉就OK。
第二處:
:00404AD1 391D70694500 cmp dword ptr
[00456970], ebx
* Reference To: USER32.PostMessageA, Ord:0000h
|
:00404AD7 8B3DB0144300 mov edi, dword
ptr [004314B0]
:00404ADD 750C
jne 00404AEB
第三處:
:00407BD9 833D7069450000 cmp dword ptr [00456970],
00000000
:00407BE0 56
push esi
:00407BE1 8BF1
mov esi, ecx
:00407BE3 7476
je 00407C5B
:00407BE5 A1CC1F4500 mov eax,
dword ptr [00451FCC]
:00407BEA 8945F0
mov dword ptr [ebp-10], eax
:00407BED 8365FC00 and
dword ptr [ebp-04], 00000000
:00407BF1 8945E8
mov dword ptr [ebp-18], eax
* Possible Reference to String Resource ID=00617: "YATS32"
|
:00407BF4 6869020000 push 00000269
:00407BF9 8D4DF0
lea ecx, dword ptr [ebp-10]
:00407BFC C645FC01 mov
[ebp-04], 01
:00407C00 E8F1F50100 call 004271F6
* Possible StringData Ref from Data Obj ->" - "
BTW:若你能寫出序號產生器,你就是高手!