XceedZIP v4.1的License破解(概略) (12千字)
目標程式:Xceed ZIP Library
版本:4.1
破解工具:Wdasm和TRW2000
下載地址:
難度:中級?
==================================================================
關鍵在於登錄檔裡有一個License鍵值,註冊後,VB需要License鍵值,而Delphi需要XzCreateXceedZipA
函式中引用License引數!主要破解程式碼段如下:
Exported fn(): XzCreateXceedZipA - Ord:0008h
:67682841 55
push ebp
:67682842 8BEC
mov ebp, esp
:67682844 51
push ecx
:67682845 51
push ecx
:67682846 8365FC00
and dword ptr [ebp-04], 00000000
:6768284A 8D45FC
lea eax, dword ptr [ebp-04]
:6768284D 50
push eax
:6768284E E8AB020000 call
67682AFE
:67682853 85C0
test eax, eax
:67682855 7C73
jl 676828CA
:67682857 8B45FC
mov eax, dword ptr [ebp-04]
:6768285A 85C0
test eax, eax
:6768285C 746C
je 676828CA
:6768285E 8B08
mov ecx, dword ptr [eax]
:67682860 57
push edi
:67682861 50
push eax
:67682862 FF5104
call [ecx+04]
:67682865 8B45FC
mov eax, dword ptr [ebp-04]
:67682868 6AFF
push FFFFFFFF
:6768286A FF7508
push [ebp+08]
:6768286D 8980F4150000 mov dword
ptr [eax+000015F4], eax
:67682873 C780F815000001000000 mov dword ptr [ebx+000015F8],
00000001
:6768287D 834DF8FF
or dword ptr [ebp-08], FFFFFFFF
:67682881 E83B87FFFF call
6767AFC1
:67682886 59
pop ecx
:67682887 8BF8
mov edi, eax
:67682889 59
pop ecx
:6768288A 57
push edi
* Reference To: OLEAUT32.SysStringLen, Ord:0007h
|
:6768288B FF154CA26967 Call dword
ptr [6769A24C]
:67682891 85C0
test eax, eax
:67682893 751C
jne 676828B1
:6768A6AD 56
push esi
:6768A6AE 8B742410
mov esi, dword ptr [esp+10]
:6768A6B2 85F6
test esi, esi
:6768A6B4 7507
jne 6768A6BD
:6768A6B6 B803400080 mov eax,
80004003
:6768A6BB EB13
jmp 6768A6D0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:6768A6B4(C)
|
:6768A6BD FF74240C
push [esp+0C]
:6768A6C1 E879BC0000 call
6769633F
:6768A6C6 F6D8
neg al
:6768A6C8 1BC0
sbb eax, eax
:6768A6CA 59
pop ecx
:6768A6CB 668906
mov word ptr [esi], ax
:6768A6CE 33C0
xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:6768A6BB(U)
|
:6768A6D0 5E
pop esi
:6768A6D1 C20C00
ret 000C
* Referenced by a CALL at Address:
|:6768A6C1
|
:6769633F 56
push esi
:67696340 BE10306A67 mov esi,
676A3010
:67696345 8BCE
mov ecx, esi
:67696347 E8D0030000 call
6769671C
:6769634C 84C0
test al, al
:6769634E 7526
jne 67696376
:67696350 8D442408
lea eax, dword ptr [esp+08]
:67696354 6A01
push 00000001
:67696356 50
push eax
:67696357 E8AD010000 call
67696509
:6769635C 59
pop ecx
:6769635D 84C0
test al, al
:6769635F 59
pop ecx
:67696360 7514
jne 67696376
:67696362 8D442408
lea eax, dword ptr [esp+08]
:67696366 6A01
push 00000001
:67696368 50
push eax
:67696369 E810020000 call
6769657E
:6769636E 59
pop ecx
:6769636F 84C0
test al, al
:67696371 59
pop ecx
:67696372 7502
jne 67696376
:67696374 5E
pop esi
:67696375 C3
ret
* Referenced by a CALL at Addresses:
|:67682898 , :67682922 , :6768299F , :67682A16 , :6769562B
|:676956E5 , :67696369 , :676967B9 , :67696830
|
:6769657E 55
push ebp
:6769657F 8BEC
mov ebp, esp
:67696581 51
push ecx
:67696582 51
push ecx
:67696583 8B4508
mov eax, dword ptr [ebp+08]
:67696586 53
push ebx
:67696587 33DB
xor ebx, ebx
:67696589 56
push esi
* Reference To: OLEAUT32.SysFreeString, Ord:0006h
|
:6769658A 8B3558A26967 mov esi, dword
ptr [6769A258]
:67696590 3BC3
cmp eax, ebx
:67696592 895DFC
mov dword ptr [ebp-04], ebx
:67696595 7413
je 676965AA
:67696597 57
push edi
:67696598 8B38
mov edi, dword ptr [eax]
:6769659A 53
push ebx
:6769659B FFD6
call esi
:6769659D 57
push edi
* Reference To: OLEAUT32.SysAllocString, Ord:0002h
|
:6769659E FF1550A26967 Call dword
ptr [6769A250]
:676965A4 8945FC
mov dword ptr [ebp-04], eax
:676965A7 5F
pop edi
:676965A8 EB0E
jmp 676965B8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:67696595(C)
|
:676965AA 8D45FC
lea eax, dword ptr [ebp-04]
:676965AD 50
push eax
:676965AE E8A8FEFFFF call
6769645B
:676965B3 84C0
test al, al
:676965B5 59
pop ecx
:676965B6 742D
je 676965E5
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:676965A8(U)
|
:676965B8 8D45F8
lea eax, dword ptr [ebp-08]
:676965BB 50
push eax
:676965BC 8D450B
lea eax, dword ptr [ebp+0B]
:676965BF 50
push eax
:676965C0 8D45FC
lea eax, dword ptr [ebp-04]
:676965C3 50
push eax
:676965C4 E87C000000 call
67696645
:676965C9 83C40C
add esp, 0000000C
:676965CC 84C0
test al, al
:676965CE 7415
je 676965E5
:676965D0 385D0C
cmp byte ptr [ebp+0C], bl
:676965D3 740D
je 676965E2
:676965D5 FF75F8
push [ebp-08]
:676965D8 B910306A67 mov ecx,
676A3010
:676965DD E89B010000 call
6769677D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:676965D3(C)
|
:676965E2 8A5D0B
mov bl, byte ptr [ebp+0B]
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:676965B6(C), :676965CE(C)
|
:676965E5 FF75FC
push [ebp-04]
:676965E8 FFD6
call esi
:676965EA 8AC3
mov al, bl
:676965EC 5E
pop esi
:676965ED 5B
pop ebx
:676965EE C9
leave
:676965EF C3
ret
* Referenced by a CALL at Addresses:
|:6769654F , :676965C4
|
:67696645 55
push ebp
:67696646 8BEC
mov ebp, esp
:67696648 83EC10
sub esp, 00000010
:6769664B 53
push ebx
:6769664C 56
push esi
:6769664D 8B7508
mov esi, dword ptr [ebp+08]
:67696650 33DB
xor ebx, ebx
:67696652 57
push edi
:67696653 8B06
mov eax, dword ptr [esi]
:67696655 3BC3
cmp eax, ebx
:67696657 0F84A0000000 je 676966FD
:6769665D 50
push eax
* Reference To: OLEAUT32.SysStringLen, Ord:0007h
|
:6769665E FF154CA26967 Call dword
ptr [6769A24C]
:67696664 83F820
cmp eax, 00000020 <---比對License串的長度是否為32位元組
:67696667 0F8590000000 jne 676966FD
:6769666D 33C0
xor eax, eax
:6769666F 8D7DF4
lea edi, dword ptr [ebp-0C]
:67696672 895DF0
mov dword ptr [ebp-10], ebx
:67696675 AB
stosd
:67696676 AB
stosd
:67696677 AB
stosd
:67696678 8B06
mov eax, dword ptr [esi]
:6769667A 3BC3
cmp eax, ebx
:6769667C 894508
mov dword ptr [ebp+08], eax
:6769667F 7504
jne 67696685
:67696681 33F6
xor esi, esi
:67696683 EB2C
jmp 676966B1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:6769667F(C)
|
:67696685 50
push eax
* Reference To: KERNEL32.lstrlenW, Ord:0309h
|
:67696686 FF15A8A16967 Call dword
ptr [6769A1A8]
:6769668C 8D7C0002
lea edi, dword ptr [eax+eax+02]
:67696690 8BC7
mov eax, edi
:67696692 83C003
add eax, 00000003
:67696695 24FC
and al, FC
:67696697 E8D42F0000 call
67699670
:6769669C 8BF4
mov esi, esp
:6769669E 53
push ebx
:6769669F 53
push ebx
:676966A0 57
push edi
:676966A1 56
push esi
:676966A2 6AFF
push FFFFFFFF
:676966A4 FF7508
push [ebp+08]
:676966A7 881E
mov byte ptr [esi], bl
:676966A9 53
push ebx
:676966AA 53
push ebx
* Reference To: KERNEL32.WideCharToMultiByte, Ord:02D2h
|
:676966AB FF15B4A16967 Call dword
ptr [6769A1B4]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:67696683(U)
|
:676966B1 8D45F0
lea eax, dword ptr [ebp-10]
:676966B4 50
push eax
:676966B5 56
push esi
* Possible StringData Ref from Data Obj ->"Xceed Software Inc."
|
:676966B6 68002C6A67 push
676A2C00
:676966BB E830FFFFFF call
676965F0
:676966C0 0FB775F6
movzx esi, word ptr [ebp-0A]-----
:676966C4 8A4DFB
mov cl, byte ptr [ebp-05] |
:676966C7 0375F0
add esi, dword ptr [ebp-10] |
:676966CA 0FB745F4
movzx eax, word ptr [ebp-0C] |
:676966CE 0FB6D1
movzx edx, cl
|
:676966D1 03F2
add esi, edx
|計算
:676966D3 33D2
xor edx, edx
|
:676966D5 03C6
add eax, esi
|
:676966D7 BEFF000000 mov esi,
000000FF |
:676966DC F7F6
div esi <---------------------|
:676966DE 83C40C
add esp, 0000000C
:676966E1 3A55FF
cmp dl, byte ptr [ebp-01] <----關鍵
:676966E4 7517
jne 676966FD
:676966E6 8B450C
mov eax, dword ptr [ebp+0C]
:676966E9 F6C101
test cl, 01
:676966EC 7413
je 67696701
:676966EE 53
push ebx
:676966EF C60001
mov byte ptr [eax], 01
:676966F2 E88CFCFFFF call
67696383
:676966F7 3945F0
cmp dword ptr [ebp-10], eax
:676966FA 59
pop ecx
:676966FB 7408
je 67696705
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:67696657(C), :67696667(C), :676966E4(C)
|
:676966FD 32C0
xor al, al
:676966FF EB13
jmp 67696714
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:676966EC(C)
|
:67696701 8818
mov byte ptr [eax], bl
:67696703 EB03
jmp 67696708
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:676966FB(C)
|
:67696705 8A4DFB
mov cl, byte ptr [ebp-05]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:67696703(U)
|
:67696708 8B4510
mov eax, dword ptr [ebp+10]
:6769670B D0E9
shr cl, 1
:6769670D 80E101
and cl, 01
:67696710 8808
mov byte ptr [eax], cl
:67696712 B001
mov al, 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:676966FF(U)
|
:67696714 8D65E4
lea esp, dword ptr [ebp-1C]
:67696717 5F
pop edi
:67696718 5E
pop esi
:67696719 5B
pop ebx
:6769671A C9
leave
:6769671B C3
ret
相關文章
- 我的破解心得(12) (1千字)2001-03-13
- Restools系列完全破解~~~~~~~~~~~~~~~~~~~~~~~ (12千字)2002-03-03REST
- 解除安裝精靈 V4.1 破解教程2004-12-18
- 一個delphi控制元件的破解 (12千字)2001-03-31控制元件
- Advanced
PDF Password Recovery Pro 2.12的不完美破解 (12千字)2003-05-20
- icnbat(圖示打仗)破解實戰 (12千字)2000-09-12BAT
- 菜鳥破解錄(12)之 AxMan3.10 (3千字)2000-07-26
- ClassExplorer的破解 (13千字)2001-07-29
- 製作Compuware.SoftIce.Driver.Suite.3.0.1.StinkyD的license (5千字)2015-11-15UI
- 股票賬戶管理軟體 1.12(破解手記) (9千字)2002-02-16
- PolyView 破解 (5千字)2000-12-31View
- 破解FAQGenie (4千字)2001-04-10
- 破解MyMahj (5千字)2001-06-20
- 破解winimage (1千字)2001-10-07
- Java 程式的破解方法 (8千字)2002-08-15Java
- 我的破解心得(1) (3千字)2001-03-13
- 我的破解心得(5) (16千字)2001-03-13
- 我的破解心得(6) (3千字)2001-03-13
- 我的破解心得(8) (2千字)2001-03-13
- 我的破解心得(9) (4千字)2001-03-13
- 我的破解心得(11) (9千字)2001-03-13
- Fpc大哥crackme的破解。 (4千字)2001-09-22
- Soundnailsd的破解教程(一) (9千字)2001-10-17AI
- 我的破解之路-BBOY (3千字)2000-07-21
- 破解ClockWise 3.03 (7千字)2001-06-06
- 破解TurboLaunch 4.04 (5千字)2001-06-06
- winimage完全破解 (8千字)2001-07-04
- Authorware 5.0破解 (4千字)2001-09-10
- 破解“Mail Scan” (1千字)2000-08-04AI
- 暴力破解:金鋒郵件群發 V2.4 (價值125元!) (12千字)2001-08-17
- WinImage密碼的另一種破解――WinHex破解法 (2千字)2001-07-12密碼
- jdpack的脫殼及破解 (5千字)2002-06-25
- 談談VB程式的破解 (5千字)2002-10-28
- WinRar 2.71 for windows的破解(暴力) (1千字)2000-10-11Windows
- WinRAR 2.71的初級破解 (4千字)2001-02-16
- 萬能五筆的破解 (6千字)2001-07-09
- 第二個CrackMe的破解 (6千字)2001-08-17
- 貼個程式的smc破解。 (1千字)2001-09-24