《登入奇兵》v3.01的破解
======================================
3.01版可登入5400個網站.本人破解只為學習,因是初涉,可能在破解中存在許多錯誤之處,
煩請各位前輩不吝賜教,因本人手中沒有全部網站資料,所以無法測試,如那位大俠有資料的
話,請發給我一份,謝謝!
本人信箱:langlirong@163.net
=======================================
破解過程:
---------------------------------------------
(1)將軟體裝入w32dsm之後,查到錯誤提示處:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A3A00(C)
| ^^^^^^^^^^^
* Possible StringData Ref from Code Obj ->"Invalid key. Please re enter"
|
:004A3B8D B8F03C4A00 mov eax,
004A3CF0
:004A3B92 E8B514FBFF call
0045504C
----------------------------------------------
看到用^畫線之處,跳槽到004A3A00處:
----------------------------------------------
* Possible StringData Ref from Code Obj ->"Addurlversion 1.0"
|
:004A39F3 B9183C4A00 mov ecx,
004A3C18
:004A39F8 5A
pop edx
:004A39F9 E84EFDFFFF call
004A374C
:004A39FE 84C0
test al, al
:004A3A00 0F8487010000 je 004A3B8D
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Possible StringData Ref from Code Obj ->"winzips32.ini"
|
:004A3A06 B9483C4A00 mov ecx,
004A3C48
-------------------------------------------------
將 je 改為 jne .為何這樣改,俺也不知道,照葫蘆畫瓢唄.
(2)然後找到如下之處:
-------------------------------------------------
:00505E06 E865DFEFFF call
00403D70
:00505E0B 8B8304030000 mov eax, dword
ptr [ebx+00000304]
:00505E11 8B10
mov edx, dword ptr [eax]
:00505E13 FF92F4000000 call dword
ptr [edx+000000F4]
:00505E19 83F832
cmp eax, 00000032
:00505E1C 7F25
jg 00505E43
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:00505E1E 8B8328030000 mov eax, dword
ptr [ebx+00000328]
:00505E24 8B10
mov edx, dword ptr [eax]
:00505E26 FF92F4000000 call dword
ptr [edx+000000F4]
:00505E2C 83F832
cmp eax, 00000032
:00505E2F 7F12
jg 00505E43
--------------------------------------------------
將 00505E1C 7F25 改為 00505E1C EB25
或 00505E2F 7F12 改為 00505E2F EB12
(3)去掉登入著名目錄搜尋限制,找到:
--------------------------------------------------
:0051287A FF92F4000000 call dword
ptr [edx+000000F4]
:00512880 83F832
cmp eax, 00000032
:00512883 7E16
jle 0051289B
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:00512885 8B45FC
mov eax, dword ptr [ebp-04]
:00512888 8B8028030000 mov eax, dword
ptr [eax+00000328]
:0051288E 8B10
mov edx, dword ptr [eax]
:00512890 FF92F4000000 call dword
ptr [edx+000000F4]
:00512896 83F832
cmp eax, 00000032
:00512899 7F1D
jg 005128B8
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00512883(C)
|
:0051289B 6A40
push 00000040
* Possible StringData Ref from Code Obj ->"註冊使用者專用!"
|
:0051289D B9D04C5100 mov ecx,
00514CD0
* Possible StringData Ref from Code Obj ->"註冊使用者才可以使用本功能"
----------------------------------------------------
將 7E16 改為 9090
7F1D 改為 EB1D
(4)去掉引擎搜尋50個的限制
----------------------------------------------------
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005063E2(U)
|
:005063F4 8D55F4
lea edx, dword ptr [ebp-0C]
:005063F7 8B8300050000 mov eax, dword
ptr [ebx+00000500]
:005063FD E8F6C7F2FF call
00432BF8
:00506402 8B45F4
mov eax, dword ptr [ebp-0C]
:00506405 E8C62EF0FF call
004092D0
:0050640A 3BF0
cmp esi, eax
:0050640C EB30
jmp 0050643E
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:0050640E 6A40
push 00000040
* Possible StringData Ref from Code Obj ->"IptErrNue ny"
|
:00506410 B9BC645000 mov ecx,
005064BC
* Possible StringData Ref from Code Obj ->"Your Entry a Range To Number Bigger
"
->"Than Total
Board Count"
----------------------------------------------------
將 :0050640C EB30 處改為 jmp (上面之處是我已改過的)
破解結束.
由於水平有限,破解過程個能過於繁瑣,有不當之處請指正.
歡迎光臨《阿郎居》
langlirong@163.net
http://alang.shangdu.net