註冊你的ARMADILLO2.0成為專業版(加入BCG的第三篇) (8千字)
註冊你的ARMADILLO2.0成為專業版(加入BCG的第三篇)
工具:TRW2000 W32DASM大老專版
破解人:大老
大老的主頁:HTTP://DALAO2001.YEAH.NET
軟體下載:www.exetools
這是一個非常不錯的給你的軟體加保護!限制的軟體!
沒有註冊版將對你加保護的軟體開頭加一段ARMADILLO2.0沒有註冊的的資訊!
第一步:脫殼用armkiller13可以直接脫掉他的殼!
第二步:註冊這個軟體!嘿嘿!
:00402911 59
pop ecx
:00402912 50
push eax
:00402913 E8B3800100 call 0041A9CB
:00402918 83C40C
add esp, 0000000C
:0040291B FF3570604200 push dword ptr
[00426070]
:00402921 8D8500FDFFFF lea eax, dword
ptr [ebp+FFFFFD00]
:00402927 50
push eax
:00402928 E8437E0100 call 0041A770
:0040292D 59
pop ecx
:0040292E 59
pop ecx
:0040292F E8E5BD0000 call 0040E719
:00402934 84C0
test al, al
:00402936 5E
pop esi
:00402937 741B
je 00402954====>這裡要跳!(741B改成EB1B)
:00402939 E88EBE0000 call 0040E7CC
:0040293E 84C0
test al, al
* Possible StringData Ref from Data Obj ->"Professional"
|
:00402940 B814614200 mov eax,
00426114
:00402945 7505
jne 0040294C
* Possible StringData Ref from Data Obj ->"Basic"
|
:00402947 B80C614200 mov eax,
0042610C
:0040294C 50
push eax
* Possible StringData Ref from Data Obj ->", %s Trial Edition"
|
:0040294D 68F8604200 push 004260F8
:00402952 EB19
jmp 0040296D
:00402954 E873BE0000 call 0040E7CC
===>注意這
:00402959 84C0
test al, al
* Possible StringData Ref from Data Obj ->"Professional"
|
:0040295B B814614200 mov eax,
00426114
:00402960 7505
jne 00402967 ===>這裡要跳
* Possible StringData Ref from Data Obj ->"Basic"
|
:00402962 B80C614200 mov eax,
0042610C
:00402967 50
push eax
* Possible StringData Ref from Data Obj ->", %s Edition"
|
:00402968 68E8604200 push 004260E8
:0040296D 8D8500FDFFFF lea eax, dword
ptr [ebp+FFFFFD00]
:00402973 53
push ebx
:00402974 50
push eax
:00402975 E8E67E0100 call 0041A860
:0040297A 59
pop ecx
:0040297B 59
pop ecx
:0040297C 50
push eax
:0040297D E849800100 call 0041A9CB
:00402982 83C40C
add esp, 0000000C
:00402985 8D8500FDFFFF lea eax, dword
ptr [ebp+FFFFFD00]
:0040298B 50
push eax
:0040298C FF35F00C4300 push dword ptr
[00430CF0]
* Reference To: USER32.SetWindowTextA, Ord:025Eh
|
:00402992 FF15E4314200 Call dword ptr
[004231E4]
:00402998 5F
pop edi
:00402999 5B
pop ebx
:0040299A C9
leave
:0040299B C3
ret
===================================================================
注意這個CALL (00402954 call 0040E7CC)我們們進入嘿嘿!
:0040E7CC 55
push ebp
:0040E7CD 8BEC
mov ebp, esp
:0040E7CF 81EC00010000 sub esp, 00000100
:0040E7D5 8D8500FFFFFF lea eax, dword
ptr [ebp+FFFFFF00]
:0040E7DB 6800010000 push 00000100
:0040E7E0 50
push eax
* Possible StringData Ref from Data Obj ->"VERSION"
|
:0040E7E1 6814634200 push 00426314
* Reference To: KERNEL32.GetEnvironmentVariableA, Ord:0109h
|
:0040E7E6 FF15A8304200 Call dword ptr
[004230A8]
:0040E7EC 85C0
test eax, eax
:0040E7EE 7504
jne 0040E7F4======〉一定要跳!(7504改成EB04)
:0040E7F0 32C0
xor al, al
:0040E7F2 C9
leave
:0040E7F3 C3
ret
:0040E7F4 8D8500FFFFFF lea eax, dword
ptr [ebp+FFFFFF00]
* Possible StringData Ref from Data Obj ->"Professional"
|
:0040E7FA 6814614200 push 00426114
:0040E7FF 50
push eax
:0040E800 E83B300100 call 00421840=====>關鍵CALL
:0040E805 F7D8
neg eax
:0040E807 59
pop ecx
:0040E808 1BC0
sbb eax, eax
:0040E80A 59
pop ecx
:0040E80B 40
inc eax
:0040E80C C9
leave
:0040E80D C3
ret
====================================================================
進入call 00421840
:00421840 55
push ebp
:00421841 8BEC
mov ebp, esp
:00421843 57
push edi
:00421844 56
push esi
:00421845 53
push ebx
:00421846 8B750C
mov esi, dword ptr [ebp+0C]
:00421849 8B7D08
mov edi, dword ptr [ebp+08]
:0042184C 8D0588204300 lea eax, dword
ptr [00432088]
:00421852 83780800 cmp
dword ptr [eax+08], 00000000
:00421856 753B
jne 00421893 ===>這裡改成JMP4218C2(753B=>EB6A)
:00421858 B0FF
mov al, FF
:0042185A 8BFF
mov edi, edi
:0042185C 0AC0
or al, al
:0042185E 742E
je 0042188E
:00421860 8A06
mov al, byte ptr [esi]
:00421862 46
inc esi
:00421863 8A27
mov ah, byte ptr [edi]
:00421865 47
inc edi
:00421866 38C4
cmp ah, al
:00421868 74F2
je 0042185C
:0042186A 2C41
sub al, 41
:0042186C 3C1A
cmp al, 1A
:0042186E 1AC9
sbb cl, cl
:00421870 80E120
and cl, 20
:00421873 02C1
add al, cl
:00421875 0441
add al, 41
:00421877 86E0
xchg al, ah
:00421879 2C41
sub al, 41
:0042187B 3C1A
cmp al, 1A
:0042187D 1AC9
sbb cl, cl
:0042187F 80E120
and cl, 20
:00421882 02C1
add al, cl
:00421884 0441
add al, 41
:00421886 38E0
cmp al, ah
:00421888 74D2
je 0042185C
:0042188A 1AC0
sbb al, al
:0042188C 1CFF
sbb al, FF
:0042188E 0FBEC0
movsx eax, al
:00421891 EB34
jmp 004218C7
* Possible Reference to Dialog: DialogID_0078, CONTROL_ID:00FF, ""
|
:00421893 B8FF000000 mov eax,
000000FF
:00421898 33DB
xor ebx, ebx
:0042189A 8BFF
mov edi, edi
:0042189C 0AC0
or al, al
:0042189E 7427
je 004218C7
:004218A0 8A06
mov al, byte ptr [esi]
:004218A2 46
inc esi
:004218A3 8A1F
mov bl, byte ptr [edi]
:004218A5 47
inc edi
:004218A6 38D8
cmp al, bl
:004218A8 74F2
je 0042189C
:004218AA 50
push eax
:004218AB 53
push ebx
:004218AC E89A010000 call 00421A4B==〉這裡好像是註冊碼比較!
:004218B1 8BD8
mov ebx, eax
:004218B3 83C404
add esp, 00000004
:004218B6 E890010000 call 00421A4B
:004218BB 83C404
add esp, 00000004
:004218BE 38C3
cmp bl, al
:004218C0 74DA
je 0042189C
:004218C2 1BC0
sbb eax, eax ======這裡改成MOV EAX,0
:004218C4 83D8FF
sbb eax, FFFFFFFF
:004218C7 5B
pop ebx
:004218C8 5E
pop esi
:004218C9 5F
pop edi
:004218CA C9
leave
:004218CB C3
ret
經過跟蹤發現只要這個CALL的EAX返回值EAX=0即可!成為註冊版
收工!改的不對的地方請個位指點!
另外問一下各位高手:
KERNEL32.GetEnvironmentVariableA, Ord:0109h==》這個函式是幹啥用的!
大老:2001-6-29 10:54
相關文章
- 貼一篇破解過程,本想作為加入BCG的第三篇.但: (2千字)2001-08-09
- 申請加入BCG第三篇:破解網頁特效小精靈2.0 (5千字)2001-10-07網頁特效
- 申請加入BCG的破解文章之一 (6千字)2001-05-06
- 申請加入BCG的破解文章之二 (3千字)2001-05-06
- pecompact1.50破解過程 (加入BCG的第一篇) (8千字)2001-06-28
- 申請加入BCG第三篇破文:鬧鐘&笑話1.0破解過程 (2千字)2001-08-01
- 註冊你的Windows Commander 4.51 (6千字)2000-09-11Windows
- 註冊你的Windows Commander 4.52(6千字)2001-03-22Windows
- 註冊你的Windows Commander 4.54 (5千字)2001-09-14Windows
- 註冊你的Fast Browser4.01 (7千字)2001-10-06AST
- 註冊你的LyricsShow! for Winamp v1.2
(3千字)2001-04-14CSS
- 申請加入BCG破文3--加密精靈EncryptGenie22註冊碼破解及序號產生器制作 (5千字)2001-10-28加密
- 註冊你的LyricsShow! for Winamp v1.2(zombieys) (1千字)2001-06-02CSS
- 離線註冊你的Fast Browser v4.0 (2千字)2001-09-14AST
- 如何完美破解PE EXPLORER 1.3(加入BCG的第二篇) (9千字)2001-06-29
- EmEditor v3 Version 3.09 漢化版註冊碼演算法分析
(8千字)2001-01-09演算法
- win10專業版能加域嗎?wn10專業版加入域的教程2020-05-07Win10
- estiprojm 註冊 (12千字)2001-11-08
- APISpy32 2.5的註冊 (7千字)2001-04-01API
- Flash ActionScript Tool 的註冊碼! (22千字)2001-05-04
- FolderView註冊部分的計算 (13千字)2001-05-27View
- 《TxEdit 4.6》的註冊碼破解 (11千字)2001-07-28
- DataSpell for mac完 美註冊版下載(專業資料科學家的IDE)2023-11-15Mac資料科學IDE
- 《超級小精靈》Ver 1.00共享版的註冊分析 (15千字)2001-02-10
- 破解HappyEO電子琴203版的註冊碼。 (7千字)2001-09-28APP
- 破解 密碼監聽器 v1.4 註冊碼,順便向BCG組織的各位兄弟問好! (12千字)2001-10-25密碼
- 交一篇作業---破解Hedit 2.0的註冊碼 (7千字)2001-09-30
- Kugle Regediter 1.0 註冊碼破解法(非明碼) (8千字)2001-11-03
- HEdit 2.0 的註冊破解過程 <<-------可能過時了高手末入
(8千字)2001-02-23
- 《棋隱》的註冊演算法 (19千字)2001-08-26演算法
- 蘋果專用解壓縮:BetterZip 5 中文註冊安裝版(含註冊碼)2024-11-10蘋果
- 申請加入BCG之第一篇!------LC3破解! (2千字)2001-10-06
- SoundSource 5 for Mac(專業的mac音訊控制器) v5.3.0註冊啟用版2021-01-30Mac音訊
- SecureCRT for Mac最新註冊啟用版下載 (專業終端SSH工具)2023-11-16SecurecrtMac
- 如何加入聚合支付代理,成為智慧商業化的中流砥柱!2022-05-13
- 如何破解《彩票快車黃金版》註冊碼 (1千字)2001-04-21
- 豪傑大眼睛共享版註冊碼破解 (1千字)2001-07-08
- Screen Demo Maker
V3.0註冊演算法分析 (8千字)2002-09-10演算法