FISH精美屏保暴力破解---WD32ASM893版 (6千字)
FISH精美屏保暴力破解---WD32ASM893版
作者:孫鋒
Email:sffs@263.net
主頁:http://sffs.6to23.com
先用WD32ASM8.93超級中文版進行反彙編,然後查詢,會看到:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040D097(C)
|
:0040D0AD 6A03
push 00000003
:0040D0AF E82C67FFFF call
004037E0
:0040D0B4 83C404
add esp, 00000004
:0040D0B7 8945F8
mov dword ptr [ebp-08], eax
:0040D0BA 837DF800
cmp dword ptr [ebp-08], 00000000
:0040D0BE 7414
je 0040D0D4 //----->修改74-75即jne->je
:0040D0C0 C70500FE410003000000 mov dword ptr [0041FE00], 00000003
:0040D0CA 6A01
push 00000001
:0040D0CC E8A86EFFFF call
00403F79
:0040D0D1 83C404
add esp, 00000004
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040D0BE(C) //---------->修改處,往上找。
|
:0040D0D4 833D00FE410000 cmp dword ptr [0041FE00],
00000000
:0040D0DB 7458
je 0040D135 //---------------修改74->75即jne->je
:0040D0DD C605B1DD410001 mov byte ptr [0041DDB1],
01
:0040D0E4 C605B2DD410001 mov byte ptr [0041DDB2],
01
:0040D0EB 833D00FE410001 cmp dword ptr [0041FE00],
00000001
:0040D0F2 7514
jne 0040D108 //-------------------修改74->75即jne->je
* Possible StringData Ref from Data Obj ->"TEMP registration OK" //-----2條魚!
|
:0040D0F4 6834E54100 push
0041E534
:0040D0F9 6892000000 push
00000092
:0040D0FE 8B4D08
mov ecx, dword ptr [ebp+08]
:0040D101 51
push ecx
* Reference To: USER32.SetDlgItemTextA, Ord:022Ch
|
:0040D102 FF1514A24100 Call dword
ptr [0041A214]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040D0F2(C) //-------------修改的地方,往上找
|
:0040D108 833D00FE410002 cmp dword ptr [0041FE00],
00000002
:0040D10F 7514
jne 0040D125
* Possible StringData Ref from Data Obj ->"BASIC registration OK" //-------3條魚!
|
:0040D111 684CE54100 push
0041E54C
:0040D116 6892000000 push
00000092
:0040D11B 8B5508
mov edx, dword ptr [ebp+08]
:0040D11E 52
push edx
* Reference To: USER32.SetDlgItemTextA, Ord:022Ch
|
:0040D11F FF1514A24100 Call dword
ptr [0041A214]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040D10F(C)
|
:0040D125 833D00FE410003 cmp dword ptr [0041FE00],
00000003 //----->
:0040D12C 7D07
jge 0040D135 //------> 比較大於則跳,所以改為小於7D->7E
:0040D12E 33C0
xor eax, eax
:0040D130 E91B010000 jmp 0040D250
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040D0DB(C), :0040D12C(C)
|
:0040D135 833D00FE410003 cmp dword ptr [0041FE00],
00000003
:0040D13C 7545
jne 0040D183 //--------修改75-74即jne->je
* Possible StringData Ref from Data Obj ->"DELUXE registration OK" //-----7條魚!
|
:0040D13E 6864E54100 push
0041E564
:0040D143 6892000000 push
00000092
:0040D148 8B4508
mov eax, dword ptr [ebp+08]
:0040D14B 50
push eax
* Reference To: USER32.SetDlgItemTextA, Ord:022Ch
|
:0040D14C FF1514A24100 Call dword
ptr [0041A214]
:0040D152 C605B1DD410001 mov byte ptr [0041DDB1],
01 //----
:0040D159 C605B2DD410001 mov byte ptr [0041DDB2],
01 //----
:0040D160 C605B3DD410001 mov byte ptr [0041DDB3],
01 //----
:0040D167 C605B4DD410001 mov byte ptr [0041DDB4],
01 //----
:0040D16E C605B5DD410001 mov byte ptr [0041DDB5],
01 //----
:0040D175 C605B6DD410001 mov byte ptr [0041DDB6],
01 //----
:0040D17C 33C0
xor eax, eax
:0040D17E E9CD000000 jmp 0040D250
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040D13C(C) //-------------------------根據上面的值變化,也要修改。
|
:0040D183 6878104200 push
00421078
:0040D188 6892000000 push
00000092
:0040D18D 8B4D08
mov ecx, dword ptr [ebp+08]
:0040D190 51
push ecx
* Reference To: USER32.SetDlgItemTextA, Ord:022Ch
|
:0040D191 FF1514A24100 Call dword
ptr [0041A214]
:0040D197 33C0
xor eax, eax
:0040D199 E9B2000000 jmp 0040D250
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040CFD1(C)
下面是參考dyiyd兄的提示寫的:感謝dyiyd兄。
修改了上面的內容註冊就是任意註冊碼了。而且是DELUXE,7條魚!!!但是還有啟動註冊框NAG,下面來去掉他!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00404194(C)
|
:004041A0 833D00FE410000 cmp dword ptr [0041FE00],
00000000 //----0041FE00是否為0
:004041A7 740E
je 004041B7 //-----等於0就跳,玩完了。 74->75即je->jne
:004041A9 C605B1DD410001 mov byte ptr [0041DDB1],
01
:004041B0 C605B2DD410001 mov byte ptr [0041DDB2],
01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004041A7(C)
|
:004041B7 6A03
push 00000003
:004041B9 E822F6FFFF call
004037E0
:004041BE 83C404
add esp, 00000004
:004041C1 85C0
test eax, eax
:004041C3 7434
je 004041F9 //------>eax=0就跳,玩完了。74->75即je->jne
:004041C5 C70500FE410003000000 mov dword ptr [0041FE00], 00000003
//-----使0041FE00=3
:004041CF C605B1DD410001 mov byte ptr [0041DDB1],
01
:004041D6 C605B2DD410001 mov byte ptr [0041DDB2],
01
:004041DD C605B3DD410001 mov byte ptr [0041DDB3],
01
:004041E4 C605B4DD410001 mov byte ptr [0041DDB4],
01
:004041EB C605B5DD410001 mov byte ptr [0041DDB5],
01
:004041F2 C605B6DD410001 mov byte ptr [0041DDB6],
01
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00404186(C), :004041C3(C)
|
:004041F9 833D00FE410000 cmp dword ptr [0041FE00],
00000000
:00404200 7410
je 00404212
:00404202 837DFC00
cmp dword ptr [ebp-04], 00000000
:00404206 740A
je 00404212
:00404208 6A01
push 00000001
:0040420A E86AFDFFFF call
00403F79
所以只要使0041FE00=3就可以了,所以我們可以這麼修改。
<------------完--------->
相關文章
- 暴力破解3 (6千字)2001-02-18
- 精美的mac屏保需要?試試Aerial 2.1.3漢化版支援big sur!2020-11-18Mac
- DISKdata v3.2.0之暴力破解 (6千字)2000-10-01
- 屏保自己做2.61版演算法分析! (7千字)2002-02-18演算法
- image optimizer v3.0之暴力破解 (6千字)2000-10-12
- SYSTEM CLEANER 暴力破解 (1千字)2001-01-04
- 翻譯一篇很簡單的暴力破解installshield! (6千字)2001-03-15
- [UI] 精美UI介面欣賞[6]2015-04-07UI
- 暴力破解Security setup II (7千字)2001-10-24
- 榮耀10青春版手機屏保怎麼設定?榮耀10青春版動態屏保設定教程2018-12-06
- 暴力破解windows Commander 4.52 (5千字)2001-02-19Windows
- Kryptel 3.8 暴力破解過程 (18千字)2001-09-18
- 一個不錯的雪花屏保破解手記 (1千字)2000-12-29
- Tornado2之Licence暴力破解 (15千字)2000-10-22
- Update NOW 2000 暴力破解方法! (8千字)2001-02-11
- 暴力破解《網路吸血鬼3.3》 (9千字)2001-03-15
- 流光2001完全暴力破解 (3千字)2001-08-14
- 禁用登錄檔之暴力破解法。 (4千字)2001-10-14
- freeResV0.94瘋狂暴力破解 (3千字)2002-01-09
- Reptile V2.01之暴力破解(難度:簡單,但反映出一種思路)
(6千字)2000-10-31
- UltraEdit-32 v8.10.a 暴力破解 (4千字)2001-05-11
- 也談《傲世三國》的暴力破解法 (11千字)2001-01-10
- 暴力破解Paragon CD Emulator時間及功能限制 (7千字)2001-03-24Go
- 暴力破解 程式獵人(Phunter) V1.30 (11千字)2001-10-25
- 推薦6套精美的免費 jQuery UI 主題2012-11-23jQueryUI
- 《伊妹捕神中文版》 破解過程詳解 (6千字)2001-04-29
- 一個水族箱屏保,破解不完全,誰幫忙看看? (2千字)2001-04-12
- 來一篇:暴力破解Crystal Button 1.31A (7千字)2015-11-15
- GetSmart暴力破解手記-----有誰願意寫追註冊碼和序號產生器!下載http://sffs.6to23.com
(6千字)2001-02-07HTTP
- 美萍電腦安全衛士(V7.52標準版)終極破解(註冊法 &
暴力破解法) (1千字)2001-02-24
- 暴破-AQUA 3D Screen Saver v1.5-水族館屏保程式
(15千字)2002-05-053D
- Windows Lotto Pro 2000 V5.39之暴力破解
(10千字)2001-04-02Windows
- 翻譯(1) (6千字)2000-07-22
- fish_redux 「食用指南」2020-02-21Redux
- Fish Redux 使用指南2019-03-20Redux
- Fish shell 入門教程2017-05-02
- 八款值得嘗試的精美的 Linux 發行版(2017 版)2017-10-11Linux
- 分析家資料批量轉換器暴力破解手記 (3千字)2001-09-07