Vopt99 v4.31暴力破解實錄(僅供初學者參考) (5千字)
Vopt99 v4.31暴力破解實錄(僅供初學者參考)
所需工具:Softice或trw2000,DASM黃金版,UltraEdit
VOPT99是一個非常好的磁碟整理軟體,我一用就喜歡上它了。
可是,它有30天限制,要註冊,本人沒有$$$,只好對不住它了。
Vopt99是用VB5寫的(我向來看見VB的東東就頭暈),嘗試找出
註冊碼,但是,它的註冊碼保護得很好,我功力又尚淺(成為大俠是
沒有什麼希望了:<),好了,言歸正傳。先用DASM將它反編譯,以什麼為
突破口呢?主介面上不是有這麼一句話:“30 day trial:”,一找,
嘿,還真找到了:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004318B7(C)
|
:004318D6 C78560FFFFFF00000000 mov dword ptr [ebp+FFFFFF60],
00000000
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004318D4(U)
|
:004318E0 8B55B4
mov edx, dword ptr [ebp-4C]
:004318E3 895580
mov dword ptr [ebp-80], edx
* Possible StringData Ref from Code Obj ->"330 day trial: "
|
:004318E6 68DCF94000 push
0040F9DC
:004318EB 668B45CC
mov ax, word ptr [ebp-34]
:004318EF 50
push eax
* Reference To: MSVBVM50.__vbaStrI2, Ord:0000h
|
:004318F0 FF159CD24500 Call dword
ptr [0045D29C]
:004318F6 8BD0
mov edx, eax
:004318F8 8D4DC4
lea ecx, dword ptr [ebp-3C]
* Reference To: MSVBVM50.__vbaStrMove, Ord:0000h
|
:004318FB FF15C4D44500 Call dword
ptr [0045D4C4]
:00431901 50
push eax
* Reference To: MSVBVM50.__vbaStrCat, Ord:0000h
|
:00431902 FF1504D34500 Call dword
ptr [0045D304]
:00431908 8BD0
mov edx, eax
:0043190A 8D4DC0
lea ecx, dword ptr [ebp-40]
分析一下,如果試用期未過期的話,004318E3處的程式碼是應該被執行到的,
如果過期了則此部分程式碼不會被執行。因此向上檢視跳轉程式碼:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043181E(C)
|
:0043183D C78564FFFFFF00000000 mov dword ptr [ebp+FFFFFF64],
00000000
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043183B(U)
|
:00431847 8D4DB8
lea ecx, dword ptr [ebp-48]
* Reference To: MSVBVM50.__vbaFreeObj, Ord:0000h
|
:0043184A FF15F4D44500 Call dword
ptr [0045D4F4]
:00431850 C745FC25000000 mov [ebp-04], 00000025
:00431857 66837DCC00 cmp word
ptr [ebp-34], 0000
:0043185C 7E07
jle 00431865 ;此處只要不跳就可以繼續試用了
:0043185E 66837DCC2D cmp word
ptr [ebp-34], 002D
:00431863 7E15
jle 0043187A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043185C(C)
|
:00431865 C745FC26000000 mov [ebp-04], 00000026
:0043186C 66C70576904500FFFF mov word ptr [00459076],
FFFF
:00431875 E920010000 jmp 0043199A
;此處跳到了顯示主介面和要求輸入註冊碼
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00431863(C)
|
:0043187A C745FC28000000 mov [ebp-04], 00000028
:00431881 8B4D08
mov ecx, dword ptr [ebp+08]
:00431884 8B11
mov edx, dword ptr [ecx]
:00431886 8B4508
mov eax, dword ptr [ebp+08]
:00431889 50
push eax
:0043188A FF9218030000 call dword
ptr [edx+00000318]
:00431890 50
push eax
:00431891 8D4DB8
lea ecx, dword ptr [ebp-48]
:00431894 51
push ecx
* Reference To: MSVBVM50.__vbaObjSet, Ord:0000h
|
:00431895 FF1538D34500 Call dword
ptr [0045D338]
:0043189B 894588
mov dword ptr [ebp-78], eax
:0043189E 8D55B4
lea edx, dword ptr [ebp-4C]
:004318A1 52
push edx
:004318A2 6A01
push 00000001
:004318A4 8B4588
mov eax, dword ptr [ebp-78]
:004318A7 8B08
mov ecx, dword ptr [eax]
:004318A9 8B5588
mov edx, dword ptr [ebp-78]
:004318AC 52
push edx
:004318AD FF5140
call [ecx+40]
:004318B0 894584
mov dword ptr [ebp-7C], eax
:004318B3 837D8400
cmp dword ptr [ebp-7C], 00000000
:004318B7 7D1D
jge 004318D6
:004318B9 6A40
push 00000040
:004318BB 68BC154100 push
004115BC
:004318C0 8B4588
mov eax, dword ptr [ebp-78]
:004318C3 50
push eax
:004318C4 8B4D84
mov ecx, dword ptr [ebp-7C]
:004318C7 51
push ecx
* Reference To: MSVBVM50.__vbaHresultCheckObj, Ord:0000h
|
:004318C8 FF1518D34500 Call dword
ptr [0045D318]
:004318CE 898560FFFFFF mov dword
ptr [ebp+FFFFFF60], eax
:004318D4 EB0A
jmp 004318E0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004318B7(C)
|
:004318D6 C78560FFFFFF00000000 mov dword ptr [ebp+FFFFFF60],
00000000
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004318D4(U)
|
:004318E0 8B55B4
mov edx, dword ptr [ebp-4C]
:004318E3 895580
mov dword ptr [ebp-80], edx
* Possible StringData Ref from Code Obj ->"330 day trial: "
|
:004318E6 68DCF94000 push
0040F9DC
:004318EB 668B45CC
mov ax, word ptr [ebp-34]
:004318EF 50
push eax
如果你對這些跳轉判斷不出的話,可以在跳轉上設斷,逐一試試,就可以了,
我也是試出來的。
總結一下:
用十六進位制編輯器開啟vopt99.exe,
找66 83 7D CC 00 7E 07
^^ ^^
90 90
這樣就完成了。執行後,主介面上顯示您的試用期還-XX天,沒關係啦,
試用一下功能,一切正常。
2001.2.19 by mjing,E-mail:mjing@wx88.net
相關文章
- 除editplus 2.10a的NAG(供初學者參考) (2千字)2001-02-16
- 一個簡單的破解,供初學者參考!望高手多加指點! (1千字)2001-03-26
- Vopt99 v4.31的註冊碼破解 (11千字)2000-09-28
- 華為的Java面試題,僅供參考。2020-01-13Java面試題
- IOC注入反轉思路-僅供參考2020-09-15
- 初學者(14) (5千字)2000-06-10
- restFul介面設計規範[僅供參考]2022-03-01REST
- L02 Web 開發實戰筆記(僅供自己參考)2019-10-08Web筆記
- 關於mssql的學習體會,僅供參考!2010-11-05SQL
- Vopt99另類破解實戰錄
(3千字)2000-09-27
- SEO網站最佳化想法【僅供SEO同行參考】2020-09-16網站
- Scrum之成敗:從自身案例說起,僅供參考2011-05-19Scrum
- 瘋狂單詞破解實錄(初學者請進!) (9千字)2000-08-24
- FI--分期收款發出商品物料資料(僅供參考)2020-04-04
- 測試計劃&效能測試分析報告模板(僅供參考)2019-01-14
- 初學者(7) (4千字)2000-05-05
- 初學者(8) (4千字)2000-05-07
- 初學者(9) (3千字)2000-05-07
- 初學者(10) (8千字)2000-05-14
- 初學者(11) (2千字)2000-05-18
- 初學者(12) (1千字)2000-06-09
- 初學者(13) (2千字)2000-06-09
- 初學者(15) (3千字)2000-07-04
- 初學者(16) (2千字)2000-07-04
- 初學者(17) (1千字)2000-07-04
- 初學者(18) (2千字)2000-07-05
- 初學者(19) (4千字)2000-07-10
- 初學者(20) (3千字)2000-07-15
- 初學者(20) (1千字)2000-08-08
- 初學者(22) (7千字)2000-08-09
- 初學者(23) (7千字)2000-08-13
- 初學者(26) (9千字)2000-08-17
- 初學者(27) (1千字)2000-08-25
- 破解badcat21---真正的初學者 (5千字)2001-05-19
- 給初學者,因為我就是個初學者(1) (3千字)2000-05-03
- 給初學者,因為我就是個初學者(2) (1千字)2000-05-03
- 給初學者,因為我就是個初學者(4) (1千字)2000-05-03
- 供iOS遊戲開發新手參考的5項技巧2012-06-03iOS遊戲開發