軟體下載:http://www.ipaopao.com/software/
首先找到ppfes.exe的註冊錯誤提示資訊:“Registration Code ERR”
因為真假註冊碼比較以後才會出現這個提示
========
W32Dasm反彙編和TRW2000一起使用
* 用language檢視,程式沒有加殼
* 用W32Dasm反彙編,根據“串式參考”找到註冊錯誤提示資訊“Registration Code ERR”,雙擊
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00461CB4(C)
|
:00461DBA 6A00
push 00000000
* Possible StringData Ref from Code Obj ->"警告!"
|
:00461DBC B97C1E4600 mov ecx,
00461E7C
* Possible StringData Ref from Code Obj ->"Registration Code ERR!"
|
:00461DC1 BA841E4600 mov edx,
00461E84
:00461DC6 A16C7F4600 mov eax,
dword ptr [00467F6C]
:00461DCB 8B00
mov eax, dword ptr [eax]
:00461DCD E8BE0BFEFF call 00442990
發現是從00461CB4跳轉過來的,滑鼠右鍵雙擊00461CB4
:00461C93 8B8598FDFFFF mov eax, dword
ptr [ebp+FFFFFD98]
:00461C99 50
push eax
:00461C9A 8D9594FDFFFF lea edx, dword
ptr [ebp+FFFFFD94]
:00461CA0 8B45FC
mov eax, dword ptr [ebp-04]
:00461CA3 E830DBFFFF call 0045F7D8
:00461CA8 8B9594FDFFFF mov edx, dword
ptr [ebp+FFFFFD94]
:00461CAE 58
pop eax
:00461CAF E8AC21FAFF call 00403E60
:00461CB4 0F8500010000 jne 00461DBA
:00461CBA 33D2
xor edx, edx
:00461CBC A1F89A4600 mov eax,
dword ptr [00469AF8]
:00461CC1 E80EAAFDFF call 0043C6D4
:00461CC6 6890000000 push 00000090
:00461CCB 8D859FFDFFFF lea eax, dword
ptr [ebp+FFFFFD9F]
:00461CD1 50
push eax
對照“風飄雪”的破解教程,發現可疑的關鍵Call在00461CAF
開啟TRW2000
在ppfes.exe的註冊欄中填入註冊碼“87654321”(注:“金鑰”是自動生成的,我的為“bPfuFEVQUP1L2/==”),但不點選“註冊”
“Ctrl+N”啟用TRW2000
在00461CAE處下斷點:bpx 00461CAE,回車,然後按“F5”退出
點選ppfes.exe註冊欄中的“註冊”
程式被中斷
按一下“F10”來到00461CAF
結果在00461CAF處找到真假註冊碼:
d eax=87654321
d edx=+tc48PbZ3Se/0HtI9ygoSy==
注意:這個24位的註冊碼是分兩行出現的:
+tc48PbZ3Se/0HtI
9ygoSy==
用註冊碼“+tc48PbZ3Se/0HtI9ygoSy==”進行註冊,註冊成功!
太棒了!
馬震宇
2001.8.16.