鬧鐘&笑話1.0破解過程:
CRACKTOOLS:trw2000 1.23、W32DASM中文版、language 2000 V4.5
1、習慣性動作:用language 2000 V4.5查檔案是否加殼,發現ASPACK2.1加殼。UNASPACK脫之。
2、習慣性動作:用W32DASM反彙編一下,看是否有線索(即註冊失敗與成功的提示字串)
找到如下:
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004822E6(C), :004822F4(C)
|
:00482310 8B45FC
mov eax, dword ptr [ebp-04] //將假註冊碼輸到EAX
:00482313 8B55F4
mov edx, dword ptr [ebp-0C] //將真註冊碼輸到EDX
:00482316 E8D91BF8FF call 00403EF4
//真假註冊碼對比
:0048231B 7528
jne 00482345
//不相同則跳到失敗地方
:0048231D 8B55FC
mov edx, dword ptr [ebp-04]
:00482320 8BC3
mov eax, ebx
:00482322 E829010000 call 00482450
:00482327 84C0
test al, al
:00482329 741A
je 00482345
:0048232B C683F402000000 mov byte ptr [ebx+000002F4],
00
* Possible StringData Ref from Code Obj ->"您已註冊完成,謝謝您使用鬧鐘和笑話1.0!"
|
:00482332 B8B8234800 mov eax,
004823B8
:00482337 E898D3FFFF call 0047F6D4
:0048233C 8BC3
mov eax, ebx
:0048233E E8D9B0FCFF call 0044D41C
:00482343 EB0A
jmp 0048234F
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0048231B(C), :00482329(C)
|
* Possible StringData Ref from Code Obj ->"註冊碼錯誤!"
|
:00482345 B8E8234800 mov eax,
004823E8
:0048234A E885D3FFFF call 0047F6D4
啟用TRW2000,下BPX 00482316 F5返回。
執行鬧鐘&笑話1.0 ,填假註冊碼78787878。點註冊,被攔下。
F8進這個:00482316 call 00403EF4,如下:
:00403EF4 53
push ebx
:00403EF5 56
push esi
:00403EF6 57
push edi
:00403EF7 89C6
mov esi, eax
:00403EF9 89D7
mov edi, edx
:00403EFB 39D0
cmp eax, edx //呵呵~~
:00403EFD 0F848F000000 je 00403F92
:00403F03 85F6
test esi, esi
:00403F05 7468
je 00403F6F
做CRACKCODE序號產生器:
[Options]
CommandLine=joke.exe
Mode=2
First_Break_Address=482316
First_Break_Address_Code=E8
First_Break_Address_Code_Lenth=5
Second_Break_Address=403EFB
Second_Break_Address_Code_Lenth=2
Save_Code_Address=EDX
這個軟體的註冊有點象美萍。