加入[BCG]的第一篇破解文章ZTZ-IE網路瀏覽器1.5破解
軟體:ZTZ-IE網路瀏覽器1.5
功能:一個多視窗瀏覽器,類似MyIE,比MyIE的瀏覽速度快,但功能不如MyIE的多,有自己的特殊的功能
軟體下地址:http://sd.onlinedown.net/down/ZTZ-IE.zip
破解使用工具:W32DASM 893黃金中文版,FI2.45,hiew640
1.使用FI檢測此軟體是否加殼,一看,此軟體未加殼,是用DELPHI寫的!
可以直接用w32dasm來反彙編
2.啟動軟體,點選幫助-》軟體註冊,在使用者名稱和密碼的框中隨便輸入
幾個數字(但一定要大於等於4位數字,否則會出錯的)
單擊“確定”後,出現一“警告”的提示,“密碼不正確”。
我們可以按確定,然後退出此瀏覽器
3開啟W32DASM,載入ZTZ-IE瀏覽器的檔案ZTZ-IE.exe,之後,按下 參考-》串式參考
然後查詢上面看到的出錯提示框:我們找到這一行"密碼不正確"雙擊它
看到以下程式碼:
* Possible StringData Ref from Code Obj ->"警告"
|
:0046B69A B94CB74600 mov ecx,
0046B74C
* Possible StringData Ref from Code Obj ->"密碼不正確!"
|
:0046B69F BA54B74600 mov edx,
0046B754
:0046B6A4 A15C514700 mov eax,
dword ptr [0047515C]
:0046B6A9 8B00
mov eax, dword ptr [eax]
:0046B6AB E8E40BFEFF call 0044C294
:0046B6B0 A11C694700 mov eax,
dword ptr [0047691C]
:0046B6B5 E8F6D7FDFF call 00448EB0
我們往上看,經過比較發現
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046B5DB(C)
|
:0046B616 8D55F8
lea edx, dword ptr [ebp-08]
:0046B619 8B86EC020000 mov eax, dword
ptr [esi+000002EC]
:0046B61F E88C25FCFF call 0042DBB0
:0046B624 8B45F8
mov eax, dword ptr [ebp-08]
:0046B627 50
push eax
:0046B628 8D55F0
lea edx, dword ptr [ebp-10]
:0046B62B 8B86E0020000 mov eax, dword
ptr [esi+000002E0]
:0046B631 E87A25FCFF call 0042DBB0
:0046B636 8B45F0
mov eax, dword ptr [ebp-10]
:0046B639 8D55F4
lea edx, dword ptr [ebp-0C]
:0046B63C E863FDFFFF call 0046B3A4
:0046B641 8B55F4
mov edx, dword ptr [ebp-0C]
:0046B644 58
pop eax
:0046B645 E84288F9FF call 00403E8C-->
這裡CALL進去,比較註冊碼,在這用trw200下斷點敲F8進入,得到的
使用者名稱:yangjunnan 密碼:vzztwruuyq
:0046B64A 7533
jne 0046B67F---->這裡就是要改的地方,不相等則跳到,直接nop掉它即可
:0046B64C BA0B000000 mov edx,
0000000B
* Possible StringData Ref from Code Obj ->"Yire"
|
:0046B651 B824B74600 mov eax,
0046B724
:0046B656 E839250000 call 0046DB94
:0046B65B 6A40
push 00000040
* Possible StringData Ref from Code Obj ->"祝賀你"
|
:0046B65D B92CB74600 mov ecx,
0046B72C
* Possible StringData Ref from Code Obj ->"密碼正確,註冊成功!"
|
:0046B662 BA34B74600 mov edx,
0046B734
:0046B667 A15C514700 mov eax,
dword ptr [0047515C]
:0046B66C 8B00
mov eax, dword ptr [eax]
:0046B66E E8210CFEFF call 0044C294
:0046B673 A11C694700 mov eax,
dword ptr [0047691C]
:0046B678 E833D8FDFF call 00448EB0
:0046B67D EB3B
jmp 0046B6BA
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046B64A(C)
|
:0046B67F A180524700 mov eax,
dword ptr [00475280]
:0046B684 83381E
cmp dword ptr [eax], 0000001E
:0046B687 7C0F
jl 0046B698
:0046B689 BA01000000 mov edx,
00000001
* Possible StringData Ref from Code Obj ->"Yire"
|
:0046B68E B824B74600 mov eax,
0046B724
:0046B693 E8FC240000 call 0046DB94
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046B687(C)
|
:0046B698 6A40
push 00000040
* Possible StringData Ref from Code Obj ->"警告"
|
:0046B69A B94CB74600 mov ecx,
0046B74C
* Possible StringData Ref from Code Obj ->"密碼不正確!"
|
:0046B69F BA54B74600 mov edx,
0046B754
:0046B6A4 A15C514700 mov eax,
dword ptr [0047515C]
:0046B6A9 8B00
mov eax, dword ptr [eax]
:0046B6AB E8E40BFEFF call 0044C294
:0046B6B0 A11C694700 mov eax,
dword ptr [0047691C]
:0046B6B5 E8F6D7FDFF call 00448EB0
總結:
只要用hiew640,修改檔案:
0046B64A 7533 ->9090 即可破解成功!!
使用者名稱:yangjunnan 密碼:vzztwruuyq
破解者:yangjunnan Email:nccqy@163.com OICQ:3597625