標誌位法破解----美萍反黃衛士2.26
作者fpx[CCG]
主頁fpxfpx.longcity.net
應一個朋友之邀而寫.我已經有幾個月沒寫過破解心得了,寫教程比破解累多了.
最近喜歡同門的6767兄,高產;破解勇,詳細
http://www.mpsoft.net/killporn22.exe
破解工具w32dasm,unaspack
1.unaspack脫殼 我的主頁可下載中文版unaspack
2.w32dasm反彙編,串式參考
"未註冊版本只能使用30天,現在還剩"
:00475365 8B08
mov ecx, dword ptr [eax]
:00475367 FF5158
call [ecx+58]
:0047536A 833D44C2470000 cmp dword ptr [0047C244],
00000000 ======47c244為標誌位
:00475371 0F8504010000 jne 0047547B
跳到已註冊
:00475377 E8D0C0FFFF call 0047144C
:0047537C A354C24700 mov dword
ptr [0047C254], eax
* Possible StringData Ref from Code Obj ->"未註冊版本只能使用30天,現在還剩"
|
:00475381 68F8584700 push 004758F8
:00475386 8D55AC
lea edx, dword ptr [ebp-54]
:00475389 A158C24700 mov eax,
dword ptr [0047C258]
:0047538E 2B0554C24700 sub eax, dword
ptr [0047C254]
:00475394 40
inc eax
:00475395 E81635F9FF call 004088B0
:0047539A FF75AC
push [ebp-54]
:0047539D 6824594700 push 00475924
:004753A2 8D45B0
lea eax, dword ptr [ebp-50]
:004753A5 BA03000000 mov edx,
00000003
:004753AA E889EBF8FF call 00403F38
:004753AF 8B55B0
mov edx, dword ptr [ebp-50]
:004753B2 8B8380030000 mov eax, dword
ptr [ebx+00000380]
:004753B8 E88BA6FBFF call 0042FA48
:004753BD 8B1554C24700 mov edx, dword
ptr [0047C254]
:004753C3 8B8378030000 mov eax, dword
ptr [ebx+00000378]
:004753C9 E81261FEFF call 0045B4E0
:004753CE A158C24700 mov eax,
dword ptr [0047C258]
:004753D3 83E80F
sub eax, 0000000F
:004753D6 3B0554C24700 cmp eax, dword
ptr [0047C254]
:004753DC 7D50
jge 0047542E
:004753DE 6A40
push 00000040
* Possible StringData Ref from Code Obj ->"註冊資訊"
|
:004753E0 6828594700 push 00475928
* Possible StringData Ref from Code Obj ->"軟體試用期還剩"
|
:004753E5 683C594700 push 0047593C
:004753EA 8D55A4
lea edx, dword ptr [ebp-5C]
:004753ED A158C24700 mov eax,
dword ptr [0047C258]
:004753F2 40
inc eax
:004753F3 2B0554C24700 sub eax, dword
ptr [0047C254]
:004753F9 E8B234F9FF call 004088B0
:004753FE FF75A4
push [ebp-5C]
:00475401 6824594700 push 00475924
* Possible StringData Ref from Code Obj ->",請趕快向美萍公司註冊(0371-8749676)"
|
:00475406 6854594700 push 00475954
3.w32dasm查詢選單,從頭查詢47c244
:00474F36 8B06
mov eax, dword ptr [esi]
:00474F38 E807ACFDFF call 0044FB44
:00474F3D 8D55D4
lea edx, dword ptr [ebp-2C]
:00474F40 A1F4D94700 mov eax,
dword ptr [0047D9F4]
:00474F45 E822C7FFFF call 0047166C
:00474F4A 8B55D4
mov edx, dword ptr [ebp-2C] ****
:00474F4D A1F8D94700 mov eax,
dword ptr [0047D9F8]****
:00474F52 E831F0F8FF call 00403F88
****=>追入===========
:00474F57 7513
jne 00474F6C ****
:00474F59 E816D3FFFF call 00472274
:00474F5E 84C0
test al, al
:00474F60 750A
jne 00474F6C
:00474F62 C70544C2470001000000 mov dword ptr [0047C244], 00000001
=========標誌位,置1
4.上面****為破解經典句式(你若看到了一點感覺都沒有,破解算是白學了)
:00403F88 53
push ebx
:00403F89 56
push esi
:00403F8A 57
push edi
:00403F8B 89C6
mov esi, eax
:00403F8D 89D7
mov edi, edx
:00403F8F 39D0
cmp eax, edx ===========
:00403F91 0F848F000000 je 00404026
5.crackcode作序號產生器
[Options]
CommandLine=shield.exe
Mode=2
First_Break_Address=474F52 =========
First_Break_Address_Code=E8
First_Break_Address_Code_Lenth=5
Second_Break_Address=403F8F =========
Second_Break_Address_Code_Lenth=2
Save_Code_Address=EDX
2001.7.27