軟體:Web Scripting Editor V2.4
工具:Wdasm89和Trw2000
作者:wlq
心得體會:先用靜態工具wdasm89的字串參考可以快速找到註冊碼的準確位置,
然後用動態工具trw2000設斷點追註冊碼,真的省時又省力。
破解過程:
1.
執行Web Scripting Editor V2.4,填寫Registration的三項內容:
key:00000000 Name:wlq Company Name:104
接著單擊"Enter key".
2.
彈出如下提示框:
“You have
entered the wrong registration key
Please make sure that you
enter the key correctly”
3.
啟動Wdasm89裝載Web Scripting Editor
V2.4, 點選Refs--String Data Reference,
找到"You have entered the wrong registration"
,雙擊之,看到以下內容:
*****************************************************************************
* Possible StringData Ref from Data Obj ->"You have entered the wrong registration
"
->"key
Please
make sure that you "
->"enter the key correctly"
|
:0041192D
BA01964700 mov edx, 00479601
:00411932 8D45D4
lea eax, dword ptr [ebp-2C]
:00411935 E832040200
call 00431D6C
:0041193A FF45CC
inc [ebp-34]
:0041193D 8B00
mov eax, dword ptr [eax]
:0041193F E850030200 call
00431C94
:00411944 FF4DCC
dec [ebp-34]
:00411947 8D45D4
lea eax, dword ptr [ebp-2C]
:0041194A BA02000000
mov edx, 00000002
:0041194F E878060200
call 00431FCC
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00411925(C)
|
:00411954 8B4DB0
mov ecx, dword ptr [ebp-50]
:00411957 64890D00000000
mov dword ptr fs:[00000000], ecx
:0041195E 5B
pop ebx
:0041195F 8BE5
mov esp, ebp
:00411961 5D
pop ebp
:00411962 C3
ret
****************************************************************************
4。
往上看,來到:
* Possible StringData Ref from Data Obj
->"BRG149BLUE"
|
:004118E8 BAF6954700
mov edx, 004795F6
:004118ED 8D45D8
lea eax, dword ptr [ebp-28]
:004118F0 E877040200 call
00431D6C
:004118F5 FF45CC
inc [ebp-34]
:004118F8 8D55D8
lea edx, dword ptr [ebp-28]
:004118FB 58
pop eax
:004118FC E8C1070200 call
004320C2
:00411901 50
push eax
:00411902 FF4DCC
dec [ebp-34]
:00411905 8D45D8
lea eax, dword ptr [ebp-28]
:00411908 BA02000000 mov edx,
00000002
:0041190D E8BA060200
call 00431FCC
^^^^^^^^^^
^^^^^^^^^^^^^^^^^
:00411912 FF4DCC
dec [ebp-34]
:00411915
8D45DC lea eax,
dword ptr [ebp-24]
:00411918 BA02000000
mov edx, 00000002
:0041191D E8AA060200
call 00431FCC
^^^^^^^^^
^^^^^^^^^^^^^^^^
:00411922 59
pop ecx
:00411923 84C9
test cl, cl
:00411925 742D
je 00411954 (此處可跳過
上面彈出錯誤註冊碼提示框的那段程式)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
:00411927 66C745C06800
mov [ebp-40], 0068
判斷上面兩處call
00431FCC 肯定是關鍵call:
:0041190D E8BA060200
call 00431FCC
:0041191D E8AA060200
call 00431FCC
5.
啟動Trw2000,填寫Registration的三項內容:key:00000000
Name:wlq Company Name:24
6.
BPX 0041190D,F5,接著單擊"Enter
key".
7.
bc *
8.
:0041190D E8BA060200
call 00431FCC ---------- ( 按F8進入call)
9.
:00431FCC 55
push ebp
:00431FE0
E8F7250200 call 004545DC -----------(再按F8進入call)
10.
:004545DC 8B10
mov edx, [eax]
:004545DE 85D2
test edx, edx ----------
下d edx, 得到註冊碼。
:004545E0 7419
je 004545FB
11.
總結:key:BRG149BLUE
Name:wlq Company Name:104
姓名和公司名與註冊碼無關。