如何完美破解PE EXPLORER 1.3(加入BCG的第二篇) (9千字)
如何完美破解PE EXPLORER 1.3(加入BCG的第二篇)
PE EXPLORER 1.3是個非常不錯的CRACK輔助軟體可以對PE格式的檔案進行反編譯屬性編輯等等!
破解人: 大老
註冊方式:註冊碼
使用限制:30天試用
工具:TRW2000 W32DASM大老專版
大老的主頁:HTTP://DALAO2001.YEAH.NET
軟體下載:www.exetools
這是我第二次在破解這個程式它的加密方法和上一版沒有變。好我們們來破掉它.
第一步算出它的註冊碼!
=====================================================================
:004D29F1 8D4000
lea eax, dword ptr [eax+00]
:004D29F4 55
push ebp
:004D29F5 8BEC
mov ebp, esp
:004D29F7 83C4BC
add esp, FFFFFFBC
:004D29FA 53
push ebx
:004D29FB 56
push esi
:004D29FC 33D2
xor edx, edx
:004D29FE 8955BC
mov dword ptr [ebp-44], edx
:004D2A01 8955E8
mov dword ptr [ebp-18], edx
:004D2A04 8955E4
mov dword ptr [ebp-1C], edx
:004D2A07 8945EC
mov dword ptr [ebp-14], eax
:004D2A0A 33C0
xor eax, eax
:004D2A0C 55
push ebp
:004D2A0D 68812C4D00 push 004D2C81
:004D2A12 64FF30
push dword ptr fs:[eax]
:004D2A15 648920
mov dword ptr fs:[eax], esp
:004D2A18 8D45C3
lea eax, dword ptr [ebp-3D]
:004D2A1B B165
mov cl, 65
:004D2A1D BA21000000 mov edx,
00000021
:004D2A22 E86500F3FF call 00402A8C
:004D2A27 33C0
xor eax, eax
:004D2A29 8945F8
mov dword ptr [ebp-08], eax
:004D2A2C 33C0
xor eax, eax
:004D2A2E 8945F4
mov dword ptr [ebp-0C], eax
:004D2A31 8D45C3
lea eax, dword ptr [ebp-3D]
:004D2A34 8B159CF94E00 mov edx, dword
ptr [004EF99C]
:004D2A3A E8A14CF3FF call 004076E0
:004D2A3F 8D45C3
lea eax, dword ptr [ebp-3D]
:004D2A42 8945FC
mov dword ptr [ebp-04], eax
:004D2A45 60
pushad
:004D2A46 8B7DFC
mov edi, dword ptr [ebp-04]
:004D2A49 B818E41736 mov eax,
3617E418
:004D2A4E 3107
xor dword ptr [edi], eax
:004D2A50 B82EFC35A9 mov eax,
A935FC2E
:004D2A55 314704
xor dword ptr [edi+04], eax
:004D2A58 B8B972D857 mov eax,
57D872B9
:004D2A5D 314708
xor dword ptr [edi+08], eax
:004D2A60 B837B43D49 mov eax,
493DB437
:004D2A65 31470C
xor dword ptr [edi+0C], eax
:004D2A68 8B07
mov eax, dword ptr [edi]
:004D2A6A 334704
xor eax, dword ptr [edi+04]
:004D2A6D 8B5F08
mov ebx, dword ptr [edi+08]
:004D2A70 335F0C
xor ebx, dword ptr [edi+0C]
:004D2A73 8945F8
mov dword ptr [ebp-08], eax
:004D2A76 895DF4
mov dword ptr [ebp-0C], ebx
:004D2A79 61
popad
:004D2A7A A1A0F94E00 mov eax,
dword ptr [004EF9A0]
:004D2A7F E85C11F3FF call 00403BE0
:004D2A84 83F810
cmp eax, 00000010《――比較註冊碼是否是16位
:004D2A87 0F8CD1010000 jl 004D2C5E
:004D2A8D 8D45E8
lea eax, dword ptr [ebp-18]
:004D2A90 50
push eax
:004D2A91 B908000000 mov ecx,
00000008
:004D2A96 BA01000000 mov edx,
00000001
:004D2A9B A1A0F94E00 mov eax,
dword ptr [004EF9A0]
:004D2AA0 E83F13F3FF call 00403DE4
:004D2AA5 8D45E4
lea eax, dword ptr [ebp-1C]
:004D2AA8 50
push eax
:004D2AA9 B908000000 mov ecx,
00000008
:004D2AAE BA09000000 mov edx,
00000009
:004D2AB3 A1A0F94E00 mov eax,
dword ptr [004EF9A0]
:004D2AB8 E82713F3FF call 00403DE4
:004D2ABD 8D4DBC
lea ecx, dword ptr [ebp-44]
:004D2AC0 BA08000000 mov edx,
00000008
:004D2AC5 8B45F8
mov eax, dword ptr [ebp-08]
:004D2AC8 E8DB45F3FF call 004070A8
:004D2ACD 8B55BC
mov edx, dword ptr [ebp-44]
:004D2AD0 8B45E8
mov eax, dword ptr [ebp-18]前8位的真假註冊碼
:004D2AD3 E81812F3FF call 00403CF0《―比較前八位註冊碼
:004D2AD8 0F8560010000 jne 004D2C3E=>跳就OVER
:004D2ADE 8D4DBC
lea ecx, dword ptr [ebp-44]
:004D2AE1 BA08000000 mov edx,
00000008
:004D2AE6 8B45F4
mov eax, dword ptr [ebp-0C]
:004D2AE9 E8BA45F3FF call 004070A8
:004D2AEE 8B55BC
mov edx, dword ptr [ebp-44]
:004D2AF1 8B45E4
mov eax, dword ptr [ebp-1C]後8位的真假註冊碼
:004D2AF4 E8F711F3FF call 00403CF0《―比較後八位註冊碼
:004D2AF9 0F853F010000 jne 004D2C3E=>跳就OVER
:004D2AFF B88CF94E00 mov eax,
004EF98C
:004D2B04 8B159CF94E00 mov edx, dword
ptr [004EF99C]
:004D2B0A E8A90EF3FF call 004039B8
:004D2B0F B890F94E00 mov eax,
004EF990
:004D2B14 8B4DE4
mov ecx, dword ptr [ebp-1C]
:004D2B17 8B55E8
mov edx, dword ptr [ebp-18]
:004D2B1A E80D11F3FF call 00403C2C
:004D2B1F B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"``A@LA@A
MmrSrat@"
|
:004D2B21 A1D0C94000 mov eax,
dword ptr [0040C9D0]
:004D2B26 E86502F3FF call 00402D90
:004D2B2B 8BD8
mov ebx, eax
:004D2B2D 8BC3
mov eax, ebx
:004D2B2F E860D4F3FF call 0040FF94
:004D2B34 BA00020000 mov edx,
00000200
:004D2B39 8BC3
mov eax, ebx
:004D2B3B 8B08
mov ecx, dword ptr [eax]
:004D2B3D FF11
call dword ptr [ecx]
:004D2B3F 33C9
xor ecx, ecx
:004D2B41 33D2
xor edx, edx
:004D2B43 8BC3
mov eax, ebx
:004D2B45 8B30
mov esi, dword ptr [eax]
:004D2B47 FF560C
call [esi+0C]
:004D2B4A BE08000000 mov esi,
00000008
:004D2B4F 8D55C3
lea edx, dword ptr [ebp-3D]
:004D2B52 B920000000 mov ecx,
00000020
:004D2B57 8BC3
mov eax, ebx
:004D2B59 E88ED0F3FF call 0040FBEC
:004D2B5E 8D55F8
lea edx, dword ptr [ebp-08]
:004D2B61 B904000000 mov ecx,
00000004
:004D2B66 8BC3
mov eax, ebx
:004D2B68 E87FD0F3FF call 0040FBEC
:004D2B6D 8D55F4
lea edx, dword ptr [ebp-0C]
:004D2B70 B904000000 mov ecx,
00000004
======================================================================
我的註冊碼是dalao/9B2B793D1EE5C68E
第二步去掉時間限制!
這個軟體很奇怪!當你輸入正確的註冊碼後將在PE EXPLORER的目錄中生成一pexdata.rdat檔案但是還是有時間限制!我猜這個軟體的註冊有兩方面一個是註冊碼一個是網上註冊然後把註冊標誌寫到某個地方!才能完全註冊去掉時間限制!不過不要緊下面中只要改半個位元組即可去掉時間限制!嘿嘿!
==============================================================================
* Possible StringData Ref from Code Obj ->"12345678FEDCBA98"
|
:004D33A0 8B15A8F94E00 mov edx, dword
ptr [004EF9A8]
:004D33A6 E80D06F3FF call 004039B8
:004D33AB 8B45F0
mov eax, dword ptr [ebp-10]
:004D33AE 80782401 cmp
byte ptr [eax+24], 01
:004D33B2 7508
jne 004D33BC
:004D33B4 8B45F0
mov eax, dword ptr [ebp-10]
:004D33B7 E838F6FFFF call 004D29F4
:004D33BC E8AFDAFFFF call 004D0E70
:004D33C1 8B45F0
mov eax, dword ptr [ebp-10]====》注意這個!
:004D33CB 0F85DA070000 jne 004D3BAB
=======〉不調就是試用版
:004D33D1 8B45F0
mov eax, dword ptr [ebp-10]
:004D33D4 8B9834020000 mov ebx, dword
ptr [eax+00000234]
:004D33DA 83C305
add ebx, 00000005
===============================================================================
一般改法只要改掉這句004D33CB 0F85DA070000 jne
004D3BAB
把(0F85DA070000改成0F84DA070000)即可!
現在我們們要提升一個檔次!我講講高階的改法!嘿嘿!
大家注意[eax+00000254]這個記憶體地址!找出和這個註冊標誌相關的程式!
|:004D33C4 80B85402000000 cmp byte ptr [eax+00000254],
00
用BPM 下斷點!以下就是核心程式
:004D3169 89836C020000 mov dword ptr
[ebx+0000026C], eax
:004D316F 8B8364020000 mov eax, dword
ptr [ebx+00000264]
:004D3175 3B45F0
cmp eax, dword ptr [ebp-10]
:004D3178 751A
jne 004D3194 ===》跳就是註冊版
:004D317A 8B8368020000 mov eax, dword
ptr [ebx+00000268]
:004D3180 3B45EC
cmp eax, dword ptr [ebp-14]
:004D3183 750F
jne 004D3194 ===》跳就是註冊版
:004D3185 8B836C020000 mov eax, dword
ptr [ebx+0000026C]
:004D318B 3B45E8
cmp eax, dword ptr [ebp-18]
:004D318E 7504
jne 004D3194 ===》跳就是註冊版
:004D3190 33C0
xor eax, eax
:004D3192 EB02
jmp 004D3196 ===〉到這你就OVER
:004D3194 B001
mov al, 01
:004D3196 888354020000 mov byte ptr
[ebx+00000254], al
:004D319C 8B45F4
mov eax, dword ptr [ebp-0C]
:004D319F 50
push eax
:004D31A0 B85C0D4D00 mov eax,
004D0D5C
:004D31A5 668B0D9C624F00 mov cx, word ptr
[004F629C]
:004D31AC 8B150CFA4E00 mov edx, dword
ptr [004EFA0C]
:004D31B2 E8C1DCFFFF call 004D0E78
:004D31B7 33C0
xor eax, eax
:004D31B9 5A
pop edx
:004D31BA 59
pop ecx
:004D31BB 59
pop ecx
大家現在明白了吧嘿嘿!高階改法吧004D3178地址的(750F改成EB0F)
收工有啥錯誤的地方請大家多提批評!
大老
http://dalao2001.yeah.net
2001.6.29
相關文章
- 如何完美破解PE EXPLORER 1.2 (5千字)2001-06-13
- 申請加入BCG的破解文章之一 (6千字)2001-05-06
- 申請加入BCG的破解文章之二 (3千字)2001-05-06
- PE-explorer 1.4 的簡要破解過程(1千字)2001-08-08
- 申請加入BCG之第二篇!博奧彩票白金版破解---破解初學者之嘔血篇 (5千字)2001-10-06
- Regediter 1.3 破解(得到註冊碼) (9千字)2002-01-23
- 申請加入BCG第二篇:破解網頁特效小精靈 V2.0時間限制。 (2千字)2001-10-06網頁特效
- Offline Explorer 1.3 230破解實戰 (3千字)2000-07-08
- 破解Offline Explorer1.3實戰錄(簡單) (1千字)2000-09-04
- pecompact1.50破解過程 (加入BCG的第一篇) (8千字)2001-06-28
- 申請加入BCG之第一篇!------LC3破解! (2千字)2001-10-06
- 申請加入BCG第三篇:破解網頁特效小精靈2.0 (5千字)2001-10-07網頁特效
- smart explorer6.00.17的破解。
(4千字)2015-11-15
- 貼一篇破解過程,本想作為加入BCG的第三篇.但: (2千字)2001-08-09
- 破解All to Wma Coverter 1.3 (2千字)2001-10-22
- 如何完美破解winhex9.73的功能限制! (8千字)2001-03-13
- 申請加入BCG第三篇破文:鬧鐘&笑話1.0破解過程 (2千字)2001-08-01
- 繼 My Flash player 1.3 破解 (2千字)2002-04-09
- My Flash player 1.3 完全破解 (5千字)2001-12-05
- phpcms v9 完美更換整合Ueditor 1.32013-12-13PHP
- BCG和FCG的作業,請PETER大哥笑納,勝新庫管王601版完美破解!!! (2千字)2001-09-14
- 加入[BCG]的第一篇破解文章ZTZ-IE網路瀏覽器1.5破解!!也是本人第一次寫破解文章! (4千字)2001-06-29瀏覽器
- 申請加入BCG破文二--一位元組暴力破解S-Demo2.0 (7千字)2001-10-27
- 我的破解心得(9) (4千字)2001-03-13
- 我的破解心得(11) (9千字)2001-03-13
- Soundnailsd的破解教程(一) (9千字)2001-10-17AI
- 《32BITFTP的破解實錄》==>讓程式成為我們的"序號產生器"-->申請BCG第二篇 (5千字)2001-06-29FTP
- 我的PE程式加密核心程式碼(MASM 6.0) (9千字)2015-11-15加密ASM
- 5StarZip 2001 破解----初學者破解入門 ---
[BCG]系列 (1千字)2001-04-13
- 對offline explorer v 1.9的簡單破解 (17千字)2001-08-22
- 完美解除安裝7.00版破解 (7千字)2002-03-18
- 《OFFLINE EXPLORER 1.0》的註冊碼破解 高手莫入!! (2千字)2001-05-18
- 破解心得之eXeScope篇 (9千字)2001-07-01
- 申請加入BCG破文3--加密精靈EncryptGenie22註冊碼破解及序號產生器制作 (5千字)2001-10-28加密
- 解除CacheX for Internet Explorer V 4.00的crc校驗及破解 (19千字)2001-09-19
- OICQ HACK 1.0 破解過程 (9千字)2001-04-23
- PowerDirector 1.00.06.9 破解. 恭喜小球! (9千字)2002-02-03
- Unfoxall 2.0 增強版完美破解方法 (2千字)2000-05-17