呵呵,我又來了,這是我的第二篇破解光碟遊戲的文章,寫得不好,請大家指正,小弟這次就不羅嗦了,工具還是上次說的那些,不知道上次沒破出來的朋友是否用起子和榔頭解決了問題,如果沒有的話,請先別急,再看看小弟的這篇
開工:
1。找到可執行檔案.exe的就是了,一看只有200多k,有點懷疑,就用fi檢查,哈哈,沒有加殼,好
接下來還是拿出我的工具w32dasm開始反他!嘿嘿
程式碼如下:
:00408867 8D44243C lea
eax, dword ptr [esp+3C]
* Possible StringData Ref from Data Obj ->"C:" ===>>檢查檔案是否來源於c:\
|
:0040886B 6808894300 push 00438908
:00408870 50
push eax
* Reference To: KERNEL32.lstrcpyA, Ord:0302h
|
:00408871 FF1510304300 Call dword ptr
[00433010]
* Reference To: KERNEL32.SetErrorMode, Ord:0264h =======>>設定錯誤程式碼(小弟猜的。呵呵)
|
:00408877 8B1D1C304300 mov ebx, dword
ptr [0043301C]
* Reference To: KERNEL32.GetVolumeInformationA, Ord:0177h ===>>這次的重點!!!!注意啦!!GetVolumeInformationA函式是獲得磁碟機代號卷標的,呵呵,明白了吧,幹緊看看第二張光碟的卷標是什麼?
|
:0040887D 8B2D20304300 mov ebp, dword
ptr [00433020]
:00408883 C744241000000000 mov [esp+10], 00000000
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004088F5(C)
|
:0040888B 8D4C243C lea
ecx, dword ptr [esp+3C]
:0040888F 51
push ecx
* Reference To: KERNEL32.GetDriveTypeA, Ord:0104h ======>>>還用說嗎?上次不明白的還有嗎?自己看winapi吧
|
:00408890 FF1530304300 Call dword ptr
[00433030]
:00408896 83F805
cmp eax, 00000005 =======>>>趕快改!!!!
:00408899 7544
jne 004088DF ====>>不是就跳走!!!
:0040889B 6A01
push 00000001
:0040889D FFD3
call ebx
:0040889F 8BF0
mov esi, eax
:004088A1 6A00
push 00000000
:004088A3 8D542418 lea
edx, dword ptr [esp+18]
:004088A7 6A00
push 00000000
:004088A9 8D442420 lea
eax, dword ptr [esp+20]
:004088AD 52
push edx
:004088AE 50
push eax
:004088AF 6A00
push 00000000
:004088B1 8D4C2430 lea
ecx, dword ptr [esp+30]
:004088B5 6A20
push 00000020
:004088B7 8D542454 lea
edx, dword ptr [esp+54]
:004088BB 51
push ecx
:004088BC 52
push edx
:004088BD FFD5
call ebp
:004088BF 56
push esi
:004088C0 8BF8
mov edi, eax
:004088C2 FFD3
call ebx
:004088C4 85FF
test edi, edi
:004088C6 7417
je 004088DF
:004088C8 8B842490000000 mov eax, dword ptr
[esp+00000090]
:004088CF 8D4C241C lea
ecx, dword ptr [esp+1C]
:004088D3 50
push eax
:004088D4 51
push ecx
* Reference To: KERNEL32.lstrcmpA, Ord:02FCh
|
:004088D5 FF15F4304300 Call dword ptr
[004330F4]
:004088DB 85C0
test eax, eax
:004088DD 7432
je 00408911
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00408899(C), :004088C6(C)
|
:004088DF 8A44243C mov
al, byte ptr [esp+3C]
:004088E3 FEC0
inc al
:004088E5 8844243C mov
byte ptr [esp+3C], al
:004088E9 8B442410 mov
eax, dword ptr [esp+10]
:004088ED 40
inc eax
:004088EE 83F818
cmp eax, 00000018 ====>>比較24次
:004088F1 89442410 mov
dword ptr [esp+10], eax
:004088F5 7C94
jl 0040888B
* Possible StringData Ref from Data Obj ->"請插入《月影傳說》的第二號光碟,再重新執行本程"
->"序。"
|
:004088F7 68D4884300 push 004388D4
以上為簡單分析,值得注意的是這次開始加上了卷標的判斷 希望大家注意,修改方法如下:
改c:\卷標和改000005為000003
cracked by copyyour[CCG]