Key File 破解之 PicMaster V2.5 (10千字)
Key File 破解之 PicMaster V2.5
作者:PaulYoung ( 屬於 China Cracking Group )
軟體:PicMaster V2.5
簡介:可以幫你快速輕鬆地編輯圖形檔案。功能相當廣泛,包括簡單的掃描、使用濾鏡、把圖形檔案放到大型海報目錄之中、抓取影音畫面、網路攝影機、幻燈片播放、3D浮雕畫面。photoshop的濾鏡都可以用在這個軟體之上,你也可以記錄音效指令到圖片之中,讓你的幻燈片播放更有真實的多媒體效果。一個看圖管理工具讓你可以用許多方式管理你的圖形檔案,網路攝影機畫面也可以上傳。
下載:http://www.graphics-tools.com/
工具:REGMonitor,W32DASM V9.00,TRW 2000,HIEW,還有……東方快車(唉,這位兄臺,你可別倒……因為我不會英文,沒它看不懂呀?:)
)
日期:2001.10.26
*************************************************************************************************
最近玩破解實在出不了什麼好作品,水平太低了,沒辦法,只好拿這個 PicMaster V2.5 的爆破來充充數,望各位不要見笑。
請先看軟體的說明書:
As a registered User you have the following advantages:
- No Shareware reminders any more
- No disturbing while playing the slideshow
- No length limit for recording sound comments
- No length limit for number of images in the catalog
- No "unregistered version" text on your printed paper...
How does registration work?
You only need a serial number, which you have to enter at the beginning
so
that your program becomes the FULL-Version.
看不懂?象我一樣用東方快車吧,嘻……嘻……反正是功能限制多多。
好了,開始步入正題。執行時,會出現一個提示輸入註冊碼的對話方塊,可惜我跟了好久,跟不出來……只好另想辦法。哇,你可以?告訴我!!!
用 RegMonitor 跟蹤,可以發現它啟動時讀取一個"picmaster.key"的檔案,再用W32DASM反編譯,可以找到以下的東東。呵……注意了,用W32DASM反彙編出的字串是
Standard 的,這個軟體是 English、Standard 雙語版,可在"OPTION"處設定語言,但用 W32DASM 反出的字串肯定是 Standard
。還有,如果"PicMaster.exe"改了名,選單會變成 Standard 的,所以不要將它改名,除非你會看 Standard 。
先建一個"picmaster.key"檔案,放在安裝目錄處。再執行,可以發現,它不再提示你輸入註冊碼,但提示"The serial number is
invalid",接著顯示一個"Shareware Info",並開始10秒倒數計時,我煩……
★第一步,去掉提示輸入註冊碼的 NAG 及"The serial number is invalid"等提示。
用TRW 2000設斷、跟蹤……Let's go!My dear Cracker!
* Possible StringData Ref from Code Obj ->"picmaster.key"
|
:005B8586 BA14875B00 mov edx,
005B8714
:005B858B E820BCE4FF call 004041B0
//在此設斷
:005B8590 8B45FC
mov eax, dword ptr [ebp-04]
:005B8593 E89C1BE5FF call 0040A134
//安裝目錄是否有"picmaster.key"
:005B8598 84C0
test al, al
:005B859A 755C
jne 005B85F8 //有則跳
:005B859C 803D90395C0000 cmp byte ptr [005C3990],
00
:005B85A3 7453
je 005B85F8
:005B85A5 8BCE
mov ecx, esi
:005B85A7 B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"ㄕC"
|
:005B85A9 A1B4595B00 mov eax,
dword ptr [005B59B4]
:005B85AE E8C968E9FF call 0044EE7C
:005B85B3 8B15E43D5C00 mov edx, dword
ptr [005C3DE4]
:005B85B9 8902
mov dword ptr [edx], eax
:005B85BB A1E43D5C00 mov eax,
dword ptr [005C3DE4]
:005B85C0 8B00
mov eax, dword ptr [eax]
:005B85C2 8B10
mov edx, dword ptr [eax]
:005B85C4 FF92D8000000 call dword ptr
[edx+000000D8] //沒有"picmaster.key",則提示輸入註冊碼
:005B85CA 8D55F8
lea edx, dword ptr [ebp-08]
:005B85CD A1E43D5C00 mov eax,
dword ptr [005C3DE4]
:005B85D2 8B00
mov eax, dword ptr [eax]
:005B85D4 8B80DC020000 mov eax, dword
ptr [eax+000002DC]
:005B85DA E8B5E1E7FF call 00436794
:005B85DF 8B55F8
mov edx, dword ptr [ebp-08]
:005B85E2 B898A55C00 mov eax,
005CA598
:005B85E7 E890B9E4FF call 00403F7C
:005B85EC A1E43D5C00 mov eax,
dword ptr [005C3DE4]
:005B85F1 8B00
mov eax, dword ptr [eax]
:005B85F3 E8ACABE4FF call 004031A4
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:005B859A(C), :005B85A3(C)
|
:005B85F8 8D45F4
lea eax, dword ptr [ebp-0C]
:005B85FB E838050000 call 005B8B38
:005B8600 8D45F4
lea eax, dword ptr [ebp-0C]
* Possible StringData Ref from Code Obj ->"picmaster.key"
|
:005B8603 BA14875B00 mov edx,
005B8714
:005B8608 E8A3BBE4FF call 004041B0
:005B860D 8B45F4
mov eax, dword ptr [ebp-0C]
:005B8610 E81F1BE5FF call 0040A134
//再次驗證是否有"picmaster.key"
:005B8615 84C0
test al, al
:005B8617 0F84BB000000 je 005B86D8
:005B861D B8C4A55C00 mov eax,
005CA5C4
:005B8622 E801B9E4FF call 00403F28
:005B8627 A1C4A55C00 mov eax,
dword ptr [005CA5C4]
* Possible StringData Ref from Code Obj ->"7437-4578-4868-3487"
|
:005B862C BA2C875B00 mov edx,
005B872C
:005B8631 E882BCE4FF call 004042B8
:005B8636 7514
jne 005B864C
:005B8638 B8C4A55C00 mov eax,
005CA5C4
* Possible StringData Ref from Code Obj ->"Vielen Dank fr die Registrierung"
|
:005B863D BA48875B00 mov edx,
005B8748
:005B8642 E835B9E4FF call 00403F7C
:005B8647 BB03000000 mov ebx,
00000003
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005B8636(C)
|
:005B864C 83FB04
cmp ebx, 00000004
:005B864F 750F
jne 005B8660
:005B8651 B8C4A55C00 mov eax,
005CA5C4
* Possible StringData Ref from Code Obj ->"Thank you for registration"
|
:005B8656 BA74875B00 mov edx,
005B8774
:005B865B E81CB9E4FF call 00403F7C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005B864F(C)
|
:005B8660 833DC4A55C0000 cmp dword ptr [005CA5C4],
00000000
:005B8667 750F
jne 005B8678 //一定要跳,不跳則提示"The serial number is invalid",改為
EB0F ①
:005B8669 B8C4A55C00 mov eax,
005CA5C4
* Possible StringData Ref from Code Obj ->"Die Seriennummer ist ungltig"
|
:005B866E BA98875B00 mov edx,
005B8798
:005B8673 E804B9E4FF call 00403F7C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005B8667(C)
|
:005B8678 83FB05
cmp ebx, 00000005
:005B867B 750F
jne 005B868C //一定要跳,不跳則提示"The serial number is invalid",改為
EB0F ②
:005B867D B8C4A55C00 mov eax,
005CA5C4
* Possible StringData Ref from Code Obj ->"The serial number is invalid"
|
:005B8682 BAC0875B00 mov edx,
005B87C0
:005B8687 E8F0B8E4FF call 00403F7C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005B867B(C)
|
:005B868C 83FB06
cmp ebx, 00000006
:005B868F 7411
je 005B86A2 //一定要跳,不跳則提示"The serial number is invalid"
,改為 EB11 ③
:005B8691 BAC4A55C00 mov edx,
005CA5C4
* Possible StringData Ref from Code Obj ->"D\"
|
:005B8696 B8145E5B00 mov eax,
005B5E14
:005B869B E86CDFE4FF call 0040660C
:005B86A0 EB0F
jmp 005B86B1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005B868F(C)
|
:005B86A2 BAC4A55C00 mov edx,
005CA5C4
* Possible StringData Ref from Code Obj ->"D\"
|
:005B86A7 B81C5E5B00 mov eax,
005B5E1C
:005B86AC E85BDFE4FF call 0040660C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005B86A0(U)
|
:005B86B1 A1C4A55C00 mov eax,
dword ptr [005CA5C4]
:005B86B6 E8795AEAFF call 0045E134
//提示"Registered to %s %s",NOP掉它 ④
:005B86BB 83FB4D
cmp ebx, 0000004D
:005B86BE 750D
jne 005B86CD
.
.
.
:0059EC32 E8A99B0100 call 005B87E0
//彈出 NAG
:0059EC37 8B8658060000 mov eax, dword
ptr [esi+00000658]
:0059EC3D 8B808C000000 mov eax, dword
ptr [eax+0000008C]
* Possible StringData Ref from Code Obj ->"NoWelcome" (不歡迎我 :~( )
這樣修改上面4處之後,執行軟體,不再提示輸入註冊碼了,但執行時那個大大而醜陋的 NAG 還有向你奸笑,還有10秒倒數計時(總使我想起世紀交替之際的倒數計時
:) ),非常非常的討厭。進入後標題欄還顯示為"PicMaster V2.5 - Shareware Version",功能限制當然還沒有去除。
★第二步,瞄準目標,一矢中的。
用 W32DASM 的“字串資料參考”,找到"PicMaster V2.5 - Shareware Version"
:005B8A1D 803D70395C0000 cmp byte ptr [005C3970],
00 //經典吧,一看就知道[005C3970]這個變數存放的就是註冊標誌了,
:005B8A24 754F
jne 005B8A75
.
.
.
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005B8A24(C) //找這個地址
|
:005B8A75 A1383F5C00 mov eax,
dword ptr [005C3F38]
:005B8A7A 8B00
mov eax, dword ptr [eax]
* Possible StringData Ref from Code Obj ->"PicMaster V2.5 - Shareware Version"
|
:005B8A7C BA148B5B00 mov edx,
005B8B14
:005B8A81 E83EDDE7FF call 004367C4
用 TRW 2000 設斷:bpx 005B8A1D ,中斷後,下 E 5C3970 1, F5 退出,我倒……NAG 還在奸笑,倒數計時還在繼續,標題欄還是"PicMaster
V2.5 - Shareware Version"。氣昏……再來,這次下 E 5C3970 0, F5 退出,再看,嘻……這回天下太平了,NAG消失,標題欄看到是
"Registered to PicMaster V2.5"。
明白了嗎?這就是說,[005C3970]這個變數的值為 0 是註冊版,非 0 就不是了註冊版了。
我這人比較懶,看上面的說明書可以知道,它的功能限制可不少,一個一個地去除,太麻煩了,更何況我根本不會用,去得不完全,會被人罵的,嘻……我要一步到位,找到它在哪裡把
[005C3970] 賦值為1的。
清除所有斷點後,退出軟體。在 TRW 2000 下斷:BPM 5C3970 W ,再執行軟體,中斷到……
:005B9764 A198A55C00 mov eax,
dword ptr [005CA598]
:005B9769 E84A64F9FF call 0054FBB8
:005B976E 3401
xor al, 01 //異或運算,結果 AL=1 ⑤
:005B9770 A270395C00 mov byte
ptr [005C3970], al //把AL,也就是1賦值給[005C3970]這個變數,就是未註冊版了。
:005B9775 33C0
xor eax, eax //你在這裡呢
知道怎麼改了吧……呵……就是把
:005B976E 3401
xor al, 01 改為 xor eax,eax(機器碼為33C0) 或 xor al,al(機器碼為32C0),那麼,AL的值為0,也就是
[005C3970]的值為 0 ,也就是變成註冊版了!也就是你成功了!也就是……&*^$%#@@_)+)*$##……
(真羅嗦,弟兄們,操傢伙,扁他……)
哇……我跑!!!!!!
--- THE END ---
相關文章
- 超級個人軟體 V2.5 破解過程! (3千字)2002-03-04
- 盲打之友V2.5破解(包括註冊演算法) (11千字)2001-10-29演算法
- 推箱子V2.5完美破解法2015-11-15
- KeyGhost V3.2 破解實錄 (11千字)2000-08-17
- 菜鳥破解錄(10)之 A Day in the Life 1.51
(6千字)2000-07-23
- 請看小弟KeyFile保護的破解 (7千字)2001-02-01
- IPTools 1.10 破解 (5千字)2001-02-11
- 菜鳥破解錄(12)之 AxMan3.10 (3千字)2000-07-26
- 一個CrackMe的破解 *KeyFIle保護* (教你如何獲得
KeyFile) (5千字)2001-02-06
- 破解心得之WinImage篇 (15千字)2001-07-01
- 破解心得之eXeScope篇 (9千字)2001-07-01
- 破解心得之3DMark2001篇 (10千字)2001-04-183D
- 一個簡單的keyfile保護的破解 (3千字)2001-06-15
- 爆笑破解之-----ACDSEE 3.0 (4千字)2001-03-18
- 菜鳥破解錄之 The Cleaner (4千字)2000-08-12
- 菜鳥破解錄之 DlgXRSizer (4千字)2000-08-17
- 用DeDe v2.5破Dephi程式Fast Browser (7千字)2001-10-30AST
- Grduw最新版破解過程(爆破keyfile,nag,時間限制,暗樁,字元加密)... (10千字)2001-10-16字元加密
- unix軟體ncftpd 2.7.1之破解(11千字)2002-04-07FTP
- 破解心得之CHMMaker(耶圃歟┢ (11千字)2002-01-27HMM
- 菜鳥破解錄之 Animated Screen (4千字)2000-08-13
- 菜鳥破解錄之 CleanReg 3.2.6 (3千字)2000-08-15
- 菜鳥破解錄之 AutoDialogs (3千字)2000-08-18
- 智慧狂拼試用版之破解 (1千字)2000-09-04
- 簡單演算法---A Speeder
V2.5破解的簡要分析!2015-11-15演算法
- Windows Lotto Pro 2000 V5.39之暴力破解
(10千字)2001-04-02Windows
- BananaSplitter 1.0破解實戰 (10千字)2000-09-11NaN
- dfx V4.0破解過程 (10千字)2000-09-24
- The Cleaner 3.2 BUILD 3205的破解(10千字)2001-01-27UI
- mysql RSA private key file not found2019-08-07MySql
- File Shredder 2000破解筆記及註冊演算法 (5千字)2003-04-30筆記演算法
- DISKdata v3.2.0之暴力破解 (6千字)2000-10-01
- 破解心得之CDRWin 4.0A BETA篇 (18千字)2001-04-24
- 破解實戰(三)之 WinZip8.0 (5千字)2000-07-17
- 菜鳥破解錄(九)之 CDSpace 1.95 (4千字)2000-07-22
- 菜鳥破解錄(17)之 BackupXpress Pro (3千字)2000-08-05
- 菜鳥破解錄(19)之 XMLwriter 1.21 (9千字)2000-08-08XML
- Fine Print 2000的破解思路 (10千字)2000-09-26