軟體下載:http://www.ipaopao.com/software/
首先找到fesweb.exe的註冊錯誤提示資訊:“Registration Code ERR”
因為真假註冊碼比較以後才會出現這個提示
========
W32Dasm反彙編和TRW2000一起使用
* 用language檢視,程式沒有加殼
* 用W32Dasm反彙編,根據“串式參考”找到註冊錯誤提示資訊“Registration Code ERR”,雙擊
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00465170(C)
|
:00465265 6A00
push 00000000
* Possible StringData Ref from Code Obj ->"警告!"
|
:00465267 B908534600 mov ecx,
00465308
* Possible StringData Ref from Code Obj ->"Registration Code ERR!"
|
:0046526C BA10534600 mov edx,
00465310
:00465271 A188C14600 mov eax,
dword ptr [0046C188]
:00465276 8B00
mov eax, dword ptr [eax]
:00465278 E8071BFEFF call 00446D84
發現是從00465170跳轉過來的,滑鼠右鍵雙擊00465170
:0046513E 8D9598FDFFFF lea edx, dword
ptr [ebp+FFFFFD98]
:00465144 8B86D4020000 mov eax, dword
ptr [esi+000002D4]
:0046514A E8053AFCFF call 00428B54
:0046514F 8B8598FDFFFF mov eax, dword
ptr [ebp+FFFFFD98]
:00465155 50
push eax
:00465156 8D9594FDFFFF lea edx, dword
ptr [ebp+FFFFFD94]
:0046515C 8B45FC
mov eax, dword ptr [ebp-04]
:0046515F E8E0D7FFFF call 00462944
:00465164 8B9594FDFFFF mov edx, dword
ptr [ebp+FFFFFD94]
:0046516A 58
pop eax
:0046516B E894ECF9FF call 00403E04
:00465170 0F85EF000000 jne 00465265
:00465176 6890000000 push 00000090
:0046517B 8D859FFDFFFF lea eax, dword
ptr [ebp+FFFFFD9F]
:00465181 50
push eax
對照“風飄雪”的破解教程,發現可疑的關鍵Call在0046516B
開啟TRW2000
在fesweb.exe的註冊欄中填入註冊碼“87654321”(注:“金鑰”是自動生成的,我的為“AAuDfXIQNJijeLw18aykhq==”),但不點選“註冊”
“Ctrl+N”啟用TRW2000
在0046516A處下斷點:bpx 0046516A,回車,然後按“F5”退出
點選fesweb.exe註冊欄中的“註冊”
程式被中斷
按一下“F10”來到0046516B
結果在0046516B處找到真假註冊碼:
d eax=87654321
d edx=hW1Ti59tmyncjjGQbALXhvUlffxIO5n3
注意:這個32位的註冊碼是分兩行出現的:
hW1Ti59tmyncjjGQ
bALXhvUlffxIO5n3
用註冊碼“hW1Ti59tmyncjjGQbALXhvUlffxIO5n3”進行註冊,註冊成功!
太棒了!
馬震宇
2001.8.16.