軟體:LogoManager 1.18
http://homepage.dtn.ntl.com/wmdb/lm118.exe (460KB)
簡介:Nokia手機畫面編輯軟體,有NAG視窗,不註冊則延時5秒進入。
破解:
(1)
用File Scaner查出它用Upx壓縮,則用ProcDump->Unpack脫殼成功。
(2)
用Trw2000 Load,bpx messageboxa
* Reference To: USER32.::D, Ord:0000h
|
:00408FB9 FF1520644300 Call dword
ptr [00436420]
:00408FBF 85C0
test eax, eax
:00408FC1 7512
jne 00408FD5
:00408FC3 6898714400 push
00447198
:00408FC8 FFD5
call ebp
:00408FCA 6898714400 push
00447198
* Reference To: USER32.::D, Ord:0023h
|
:00408FCF FF1524644300 Call dword
ptr [00436424] ;該行顯示NAG
但修改00408FCF:以上語句沒用。Stop here!
(3)
換一種方法,從NAG視窗顯示以後入手。
執行Logomanager.exe,出現NAG視窗後,
:hwnd
找到NAG視窗"Register Later"按鈕的控制程式碼07D0
:bmsg 07D0 wm_destroy
F5
點"Register Later"按鈕後中斷,終於找到關鍵的地址:
:0040BDFF 6A00
push 00000000
:0040BE01 744F
je 0040BE52 ;改成JNE
:0040BE03 8B4624
mov eax, dword ptr [esi+24]
:0040BE06 8B0D30754400 mov ecx, dword
ptr [00447530]
:0040BE0C 68E09B4000 push
00409BE0
:0040BE11 50
push eax
* Possible Reference to Dialog: DialogID_00A1
|
:0040BE12 68A1000000 push
000000A1
:0040BE17 51
push ecx
:0040BE18 E8F3A00100 call
00425F10 ;該行顯示NAG
:0040BE1D 83C418
add esp, 00000018
:0040BE20 48
dec eax
將:0040BE01 改成JNE後,NAG視窗消失!OK!
最後,用UltraEdit Search 'Unregistered' 改為'Registered'。
hurrah@china.com
hurrah.go.163.com