電腦幽靈pcGhost4.0破解實錄 (7千字)
電腦幽靈pcGhost4.0破解實錄
大小392k
http://www.sunhy.com/download/pcGhost.zip
pcGhost預設的熱鍵為Alt+F12(1秒中連按兩次),與traceboy類似
工具:Trw2000
註冊碼aaaa-bbbb形式,中間有個-,總長度大於12
前半部分相當於"使用者名稱",後辦部分相當於"註冊碼"
註冊碼填gdong-1234567 ctrl+n啟用Trw2000
bpx hmemcpy
go
點確定,被攔
bc *
pmodule
停在 (1)處
0167:00430BEE E83168FDFF CALL `USER32!CallWindowProcA`
0167:00430BF3 89430C MOV
[EBX+0C],EAX <====由此出來 (1)
0167:00430BF6 8B03 MOV
EAX,[EBX]
0167:00430BF8 83F80C CMP
EAX,BYTE +0C <====長度大於12
0167:00430BFB 751B JNZ
00430C18
0167:00430BFD 8B5308 MOV
EDX,[EBX+08]
0167:00430C00 52 PUSH
EDX
0167:00430C01 8B4B04 MOV
ECX,[EBX+04]
0167:00430C04 8BD0 MOV
EDX,EAX
0167:00430C06 8BC6 MOV
EAX,ESI
0167:00430C08 E88FBEFFFF CALL 0042CA9C
0167:00430C0D EB09 JMP
SHORT 00430C18
0167:00430C0F 8BD3 MOV
EDX,EBX
0167:00430C11 8BC6 MOV
EAX,ESI
0167:00430C13 E844D4FFFF CALL 0042E05C
0167:00430C18 5D POP
EBP
0167:00430C19 5F POP
EDI
0167:00430C1A 5E POP
ESI
0167:00430C1B 5B POP
EBX
0167:00430C1C C3 RET
按F10直到如下程式碼段
0167:00477033 8D45FC LEA
EAX,[EBP-04]
0167:00477036 50 PUSH
EAX ****
0167:00477037 33C9 XOR
ECX,ECX
0167:00477039 BAF8714700 MOV EDX,004771F8
0167:0047703E B810724700 MOV EAX,00477210
0167:00477043 E8F898FDFF CALL 00450940
0167:00477048 837DFC00 CMP
DWORD [EBP-04],BYTE +00
0167:0047704C 0F84D3000000 JZ NEAR 00477125
0167:00477052 8D85F8FEFFFF LEA EAX,[EBP+FFFFFEF8]
0167:00477058 8B55FC MOV
EDX,[EBP-04]
0167:0047705B B9FF000000 MOV ECX,FF
0167:00477060 E8B7CDF8FF CALL 00403E1C
0167:00477065 8D85F8FEFFFF LEA EAX,[EBP+FFFFFEF8]
***
0167:0047706B E814C3FFFF CALL 00473384
***==>F8追入
0167:00477070 84C0 TEST
AL,AL ***
0167:00477072 0F84AD000000 JZ NEAR 00477125
***
0167:00477078 B201 MOV
DL,01
追進來到下面
0167:00473384 55 PUSH
EBP
0167:00473385 8BEC MOV
EBP,ESP
0167:00473387 81C4ECFCFFFF ADD ESP,FFFFFCEC
0167:0047338D 53 PUSH
EBX
0167:0047338E 56 PUSH
ESI
0167:0047338F 57 PUSH
EDI
0167:00473390 33D2 XOR
EDX,EDX
0167:00473392 8995F0FCFFFF MOV [EBP+FFFFFCF0],EDX
0167:00473398 8995ECFCFFFF MOV [EBP+FFFFFCEC],EDX
0167:0047339E 8995F8FCFFFF MOV [EBP+FFFFFCF8],EDX
0167:004733A4 8995F4FCFFFF MOV [EBP+FFFFFCF4],EDX
0167:004733AA 8BF0 MOV
ESI,EAX
0167:004733AC 8DBDFFFEFFFF LEA EDI,[EBP+FFFFFEFF]
0167:004733B2 33C9 XOR
ECX,ECX
0167:004733B4 8A0E MOV
CL,[ESI]
0167:004733B6 41 INC
ECX
0167:004733B7 F3A4 REP MOVSB
0167:004733B9 33C0 XOR
EAX,EAX
0167:004733BB 55 PUSH
EBP
0167:004733BC 68EC344700 PUSH DWORD 004734EC
0167:004733C1 64FF30 PUSH DWORD
[FS:EAX]
0167:004733C4 648920 MOV
[FS:EAX],ESP
0167:004733C7 C645FF00 MOV
BYTE [EBP-01],00
0167:004733CB 8D85F4FCFFFF LEA EAX,[EBP+FFFFFCF4]
0167:004733D1 8D95FFFEFFFF LEA EDX,[EBP+FFFFFEFF]
0167:004733D7 E8080AF9FF CALL 00403DE4
0167:004733DC 8B85F4FCFFFF MOV EAX,[EBP+FFFFFCF4]
0167:004733E2 8D95F8FCFFFF LEA EDX,[EBP+FFFFFCF8]
0167:004733E8 E8EF58F9FF CALL 00408CDC
0167:004733ED 8B95F8FCFFFF MOV EDX,[EBP+FFFFFCF8]
0167:004733F3 8D85FFFEFFFF LEA EAX,[EBP+FFFFFEFF]
0167:004733F9 B9FF000000 MOV ECX,FF
0167:004733FE E8190AF9FF CALL 00403E1C
0167:00473403 33DB XOR
EBX,EBX
0167:00473405 C685FFFDFFFF00 MOV BYTE [EBP+FFFFFDFF],00
0167:0047340C C685FFFCFFFF00 MOV BYTE [EBP+FFFFFCFF],00
0167:00473413 8D95FFFEFFFF LEA EDX,[EBP+FFFFFEFF]
0167:00473419 B800354700 MOV EAX,00473500
0167:0047341E E8A1F5F8FF CALL 004029C4
判斷輸入註冊碼是否aaaa-bbbb形式
0167:00473423 8BF0 MOV
ESI,EAX
0167:00473425 85F6 TEST
ESI,ESI
0167:00473427 0F8EA1000000 JNG NEAR 004734CE
===> 天堂之門
0167:0047342D 8D85FFFDFFFF LEA EAX,[EBP+FFFFFDFF]
0167:00473433 50 PUSH
EAX
0167:00473434 8BCE MOV
ECX,ESI
0167:00473436 49 DEC
ECX
0167:00473437 BA01000000 MOV EDX,01
0167:0047343C 8D85FFFEFFFF LEA EAX,[EBP+FFFFFEFF]
0167:00473442 E8E1F3F8FF CALL 00402828
0167:00473447 8D85FFFCFFFF LEA EAX,[EBP+FFFFFCFF]
0167:0047344D 50 PUSH
EAX
0167:0047344E 33C9 XOR
ECX,ECX
0167:00473450 8A8DFFFEFFFF MOV CL,[EBP+FFFFFEFF]
0167:00473456 2BCE SUB
ECX,ESI
0167:00473458 8D5601 LEA
EDX,[ESI+01]
0167:0047345B 8D85FFFEFFFF LEA EAX,[EBP+FFFFFEFF]
0167:00473461 E8C2F3F8FF CALL 00402828
0167:00473466 33D2 XOR
EDX,EDX
0167:00473468 8A95FFFDFFFF MOV DL,[EBP+FFFFFDFF]
0167:0047346E 85D2 TEST
EDX,EDX
0167:00473470 7E16 JNG
00473488
0167:00473472 8D8500FEFFFF LEA EAX,[EBP+FFFFFE00]
0167:00473478 33C9 XOR
ECX,ECX
0167:0047347A 8A08 MOV
CL,[EAX]
0167:0047347C 03D9 ADD
EBX,ECX
0167:0047347E 81C3A41D0F00 ADD EBX,000F1DA4
0167:00473484 40 INC
EAX
0167:00473485 4A DEC
EDX
0167:00473486 75F0 JNZ
00473478
0167:00473488 8D85F0FCFFFF LEA EAX,[EBP+FFFFFCF0]
0167:0047348E 8D95FFFCFFFF LEA EDX,[EBP+FFFFFCFF]
0167:00473494 E84B09F9FF CALL 00403DE4
0167:00473499 8B85F0FCFFFF MOV EAX,[EBP+FFFFFCF0]
0167:0047349F 50 PUSH
EAX **
0167:004734A0 8D95ECFCFFFF LEA EDX,[EBP+FFFFFCEC]
0167:004734A6 8BC3 MOV
EAX,EBX
0167:004734A8 E8AF59F9FF CALL 00408E5C
0167:004734AD 8B95ECFCFFFF MOV EDX,[EBP+FFFFFCEC]
0167:004734B3 58 POP
EAX ★★
0167:004734B4 E8970AF9FF CALL 00403F50
判斷bbbb與上面用aaaa算出的
註冊碼是否相等(eax裝1234567,edx裝真碼)
0167:004734B9 0F94C0 SETZ AL
0167:004734BC 80BD00FFFFFF61 CMP BYTE [EBP+FFFFFF00],61
0167:004734C3 0F93C2 SETNC
DL
0167:004734C6 22C2 AND
AL,DL
0167:004734C8 7404 JZ
004734CE
0167:004734CA C645FF01 MOV
BYTE [EBP-01],01
0167:004734CE 33C0 XOR
EAX,EAX
0167:004734D0 5A POP
EDX
0167:004734D1 59 POP
ECX
0167:004734D2 59 POP
ECX
0167:004734D3 648910 MOV
[FS:EAX],EDX
0167:004734D6 68F3344700 PUSH DWORD 004734F3
0167:004734DB 8D85ECFCFFFF LEA EAX,[EBP+FFFFFCEC]
0167:004734E1 BA04000000 MOV EDX,04
0167:004734E6 E8F906F9FF CALL 00403BE4
0167:004734EB C3 RET
★★處 d edx
edx=4953667
總結:我的註冊碼為 gdong-4953667
詳細可參考看雪論壇精華2相關文章
作者:風飄雪
主頁 http://duba.126.com
e-mail gd1@yeah.net
相關文章
- 電腦幽靈pcGhost4.0序號產生器(TC編譯通過) (742字)2001-04-24編譯
- 詞彙終結者破解實錄 (7千字)2000-08-13
- 破解 開機小精靈 2.11 (7千字)2001-11-12
- 電腦字型秀破解過程 (1千字)2001-03-18
- 正版“盟軍敢死隊”密匙光碟加密破解實錄 (7千字)2000-10-19加密
- 某電子書註冊破解實錄,高手莫入。 (6千字)2002-10-05
- iTime 破解實錄 (15千字)2001-04-26
- Gifline破解實錄 (4千字)2001-08-05
- Teleport Pro破解實戰錄 (6千字)2000-05-28
- 菜鳥破解實錄(五)之 EditPlus v2.01 (7千字)2000-08-01
- 國產新軟破解實錄(二) -- 電子收藏家4.0 (1千字)2001-02-27
- RegHance v1.1破解實錄 (5千字)2001-03-26
- 破解ClockWise 3.03 (7千字)2001-06-06
- 菜鳥破解錄(11)之 WinGlobe2.0 (7千字)2000-07-24
- win7電腦怎麼錄屏?看完你就會的電腦錄屏教程2021-04-23Win7
- vfp&exe加密程式破解實錄 (1千字)2001-08-17加密
- KeyGhost V3.2 破解實錄 (11千字)2000-08-17
- 幽靈選單介紹;2019-02-16
- win7電腦鍵盤失靈了怎麼辦2017-07-05Win7
- Vopt99另類破解實戰錄
(3千字)2000-09-27
- 《teleport pro 1.28》破解實錄 !!高手莫進!! (5千字)2001-05-03
- 破解實錄(六)之 1toX 1.63 (6千字)2000-07-20
- 破解 周公解夢2.11 實戰錄 (3千字)2000-08-22
- 菜鳥破解實錄 之Terrapin FTP Browser (5千字)2000-09-09APIFTP
- IE CSS Bug系列:noscript 幽靈2013-11-07CSS
- 快速破解CCProxy 4.30(7千字)2002-01-26
- 美萍反黃專家 版本2.41 破解實錄 (9千字)2001-10-04
- 美萍反黃專家 版本3.2破解實錄 (6千字)2001-12-08
- 破解實錄(四)之 NoteTab Pro Trial 4.81 (3千字)2000-07-18
- 菜鳥破解實錄之 Dynamic Desktop 1.4.2 (9千字)2000-08-09
- 菜鳥破解實錄 之 GWD Text Editor 3.0 (9千字)2000-08-16
- 炒股理財 v1.13破解實戰錄! (3千字)2000-08-24
- 破解華琦庫管精靈1.2.4 (8千字)2000-09-11
- 破解實錄(五)之 虛擬光碟 2000 (tm) 中文版 V5.1
(7千字)2000-07-19
- 電腦實用7個小技巧分享2019-06-03
- 暴力破解Security setup II (7千字)2001-10-24
- 用Ollydbg破解SWFBrowser 2.93 (7千字)2002-01-11
- 一篇破解入門 (7千字)2000-09-04