破解魔法轉換 v2.1 Beta 2 測試版 (11千字)
魔法轉換 v2.1 Beta 2 測試版
http://www.keksoft.com
email:support@keksoft.com
作者:X man or lb[BCG][CCG]
簡介
====
功能強大的影像轉換工具。包括影像瀏覽、批次轉換、影像增強及作品預覽四
大部分。影像增強包括調整影像大小、調整層次、旋轉、鏡象,還有銳化、模
糊、馬塞克、浮雕、底片、旋渦、噴霧等效果。你可以將這些效果自定義成方
案,然後再進行批次轉換。而且它還支援拖入檔案到批次轉換列表。它的輸出
格式為:bmp、jpg、gif、png、tif、wmf、emf、tga、ico,還包括txt、rtf、
htm、mmc等特效格式。特效格式包括正常模式、縮小一倍、縮小兩倍、原圖大
小、彩字單一、彩字規律。同時它還能方便的將影像生成.EXE可執行檔案。
等級:VERY EASY
目標:破解15天試用的限制
今天開啟魔法轉換來轉幾幅圖,沒想到雙擊之後卻彈出個NAG。說15天試用以到,請
註冊云云……
於是哪出寶刀(除錯工具),把攔路虎砍掉。
廢話少說,用FI檢測有無加殼,一試。555555~~,居然有,是ASP的殼,沒關係。用
CASPR一下就搞定。(懶人有懶富,不用手動脫殼,哈哈!)
用W32DASM反編譯後,來到程式入口處:
:00578890 55
push ebp
:00578891 8BEC
mov ebp, esp
:00578893 83C4F0
add esp, FFFFFFF0
:00578896 53
push ebx
:00578897 33C0
xor eax, eax
:00578899 8945F0
mov dword ptr [ebp-10], eax
:0057889C B890835700 mov eax,
00578390
:005788A1 E832E7E8FF call 00406FD8
:005788A6 8B1DDCE65700 mov ebx, dword
ptr [0057E6DC]
:005788AC 33C0
xor eax, eax
:005788AE 55
push ebp
:005788AF 68678A5700 push 00578A67
:005788B4 64FF30
push dword ptr fs:[eax]
:005788B7 648920
mov dword ptr fs:[eax], esp
:005788BA 8B03
mov eax, dword ptr [ebx]
:005788BC E82FE9EDFF call 004571F0
:005788C1 8B03
mov eax, dword ptr [ebx]
* Possible StringData Ref from Code Obj ->"魔法轉換 2.1 Beta 2"
|
:005788C3 BA7C8A5700 mov edx,
00578A7C
:005788C8 E827E5EDFF call 00456DF4
:005788CD A190E85700 mov eax,
dword ptr [0057E890]
:005788D2 8B00
mov eax, dword ptr [eax]
:005788D4 E87BC5FEFF call 00564E54
:005788D9 84C0
test al, al
:005788DB 7432
je 0057890F---------》這裡就是判斷是否
進入主程式的
所以改成jmp 0057890F
(即EB32)
:005788DD 8B0D90E85700 mov ecx, dword
ptr [0057E890]
:005788E3 8B03
mov eax, dword ptr [ebx]
* Possible StringData Ref from Code Obj ->"C"
|
:005788E5 8B1544435600 mov edx, dword
ptr [00564344]
:005788EB E818E9EDFF call 00457208
:005788F0 8B0DECE55700 mov ecx, dword
ptr [0057E5EC]
:005788F6 8B03
mov eax, dword ptr [ebx]
* Possible StringData Ref from Code Obj ->"C"
|
:005788F8 8B15503B5600 mov edx, dword
ptr [00563B50]
:005788FE E805E9EDFF call 00457208
:00578903 8B03
mov eax, dword ptr [ebx]
:00578905 E87EE9EDFF call 00457288
:0057890A E942010000 jmp 00578A51
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005788DB(C)
|
:0057890F E884A1E8FF call 00402A98
:00578914 85C0
test eax, eax
:00578916 7E3B
jle 00578953
:00578918 8D55F0
lea edx, dword ptr [ebp-10]
:0057891B B801000000 mov eax,
00000001
:00578920 E8D3A1E8FF call 00402AF8
:00578925 8B45F0
mov eax, dword ptr [ebp-10]
* Possible StringData Ref from Code Obj ->"-toweb"
|
:00578928 BA988A5700 mov edx,
00578A98
:0057892D E866B8E8FF call 00404198
:00578932 751F
jne 00578953
:00578934 8B0DECE65700 mov ecx, dword
ptr [0057E6EC]
:0057893A 8B03
mov eax, dword ptr [ebx]
* Possible StringData Ref from Code Obj ->"C"
|
:0057893C 8B1590A55600 mov edx, dword
ptr [0056A590]
:00578942 E8C1E8EDFF call 00457208
:00578947 8B03
mov eax, dword ptr [ebx]
:00578949 E83AE9EDFF call 00457288
:0057894E E9FE000000 jmp 00578A51
程式可以進了,可是沒有註冊號就是不爽,好吧!跟我來:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00563EF5(C)
|
:00563F60 1400
adc al, 00
:00563F62 0000
add byte ptr [eax], al
:00563F64 CE
into
:00563F65 D2D7
rcl bh, cl
:00563F67 D4BA
aam (base186)
:00563F69 C0A3ACCED2D2D1 shl byte ptr [ebx+D2D2CEAC],
D1
:00563F70 BEADD7A2B2 mov esi,
B2A2D7AD
:00563F75 E1A3
loopz 00563F1A
:00563F77 A100000000 mov eax,
dword ptr [00000000]
:00563F7C 55
push ebp
:00563F7D 8BEC
mov ebp, esp
:00563F7F 33C9
xor ecx, ecx
:00563F81 51
push ecx
:00563F82 51
push ecx
:00563F83 51
push ecx
:00563F84 51
push ecx
:00563F85 51
push ecx
:00563F86 51
push ecx
:00563F87 51
push ecx
:00563F88 51
push ecx
:00563F89 53
push ebx
:00563F8A 56
push esi
:00563F8B 8BD8
mov ebx, eax
:00563F8D 33C0
xor eax, eax
:00563F8F 55
push ebp
:00563F90 680F415600 push 0056410F
:00563F95 64FF30
push dword ptr fs:[eax]
:00563F98 648920
mov dword ptr fs:[eax], esp
:00563F9B 8D55FC
lea edx, dword ptr [ebp-04]
:00563F9E 8B83E4020000 mov eax, dword
ptr [ebx+000002E4]
:00563FA4 E8E74BEDFF call 00438B90
:00563FA9 837DFC00 cmp
dword ptr [ebp-04], 00000000-----比較姓名是否為空
:00563FAD 7518
jne 00563FC7-------------不為空就跳走
:00563FAF 6A30
push 00000030
:00563FB1 681C415600 push 0056411C
* Possible StringData Ref from Code Obj ->"請輸入姓名!"
|
:00563FB6 6824415600 push 00564124
:00563FBB 6A00
push 00000000
* Reference To: user32.MessageBoxA, Ord:0000h
|
:00563FBD E8AA3BEAFF Call 00407B6C
:00563FC2 E908010000 jmp 005640CF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00563FAD(C)
|
:00563FC7 8D55F8
lea edx, dword ptr [ebp-08]
:00563FCA 8B83E8020000 mov eax, dword
ptr [ebx+000002E8]
:00563FD0 E8BB4BEDFF call 00438B90
:00563FD5 8B45F8
mov eax, dword ptr [ebp-08]
:00563FD8 50
push eax
:00563FD9 8D55F0
lea edx, dword ptr [ebp-10]
:00563FDC 8B83E4020000 mov eax, dword
ptr [ebx+000002E4]
:00563FE2 E8A94BEDFF call 00438B90
:00563FE7 8B45F0
mov eax, dword ptr [ebp-10]
:00563FEA 8D55F4
lea edx, dword ptr [ebp-0C]
:00563FED E8A299FFFF call 0055D994
:00563FF2 8B55F4
mov edx, dword ptr [ebp-0C]-----這幾處好眼熟,沒錯!
:00563FF5 58
pop eax------------------------D一下就可以看到真的
:00563FF6 E89D01EAFF call 00404198------------------註冊碼
:00563FFB 0F85CE000000 jne 005640CF-------------------
:00564001 8D45EC
lea eax, dword ptr [ebp-14]
:00564004 E84396FFFF call 0055D64C
:00564009 8D45EC
lea eax, dword ptr [ebp-14]
* Possible StringData Ref from Code Obj ->"\win.ini"
|
:0056400C BA3C415600 mov edx,
0056413C
:00564011 E87A00EAFF call 00404090
:00564016 8B4DEC
mov ecx, dword ptr [ebp-14]
:00564019 B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"\3G"
|
:0056401B A1EC2B4700 mov eax,
dword ptr [00472BEC]
:00564020 E817EDF0FF call 00472D3C
:00564025 A3C8135800 mov dword
ptr [005813C8], eax
:0056402A 8D55E8
lea edx, dword ptr [ebp-18]
:0056402D 8B83E4020000 mov eax, dword
ptr [ebx+000002E4]
:00564033 E8584BEDFF call 00438B90
:00564038 8B45E8
mov eax, dword ptr [ebp-18]
:0056403B 50
push eax
* Possible StringData Ref from Code Obj ->"name"
|
:0056403C B950415600 mov ecx,
00564150
* Possible StringData Ref from Code Obj ->"magct"
|
:00564041 BA60415600 mov edx,
00564160
:00564046 A1C8135800 mov eax,
dword ptr [005813C8]
:0056404B 8B30
mov esi, dword ptr [eax]
:0056404D FF5604
call [esi+04]
:00564050 8D55E4
lea edx, dword ptr [ebp-1C]
:00564053 8B83E8020000 mov eax, dword
ptr [ebx+000002E8]
:00564059 E8324BEDFF call 00438B90
:0056405E 8B45E4
mov eax, dword ptr [ebp-1C]
:00564061 50
push eax
* Possible StringData Ref from Code Obj ->"code"
|
:00564062 B970415600 mov ecx,
00564170
* Possible StringData Ref from Code Obj ->"magct"
|
:00564067 BA60415600 mov edx,
00564160
:0056406C A1C8135800 mov eax,
dword ptr [005813C8]
:00564071 8B30
mov esi, dword ptr [eax]
:00564073 FF5604
call [esi+04]
:00564076 A1C8135800 mov eax,
dword ptr [005813C8]
:0056407B E810F0E9FF call 00403090
* Possible StringData Ref from Code Obj ->"關閉"
|
:00564080 BA80415600 mov edx,
00564180
:00564085 8B83F4020000 mov eax, dword
ptr [ebx+000002F4]
:0056408B E8304BEDFF call 00438BC0
:00564090 33D2
xor edx, edx
:00564092 8B83F0020000 mov eax, dword
ptr [ebx+000002F0]
:00564098 8B08
mov ecx, dword ptr [eax]
:0056409A FF515C
call [ecx+5C]
:0056409D 6A40
push 00000040
* Possible StringData Ref from Code Obj ->"魔法轉換"
|
:0056409F 6888415600 push 00564188
:005640A4 8D55E0
lea edx, dword ptr [ebp-20]
:005640A7 8B83E4020000 mov eax, dword
ptr [ebx+000002E4]
:005640AD E8DE4AEDFF call 00438B90
:005640B2 8D45E0
lea eax, dword ptr [ebp-20]
* Possible StringData Ref from Code Obj ->",恭喜你成功註冊!"
|
:005640B5 BA9C415600 mov edx,
0056419C
:005640BA E8D1FFE9FF call 00404090
:005640BF 8B45E0
mov eax, dword ptr [ebp-20]
:005640C2 E88501EAFF call 0040424C
:005640C7 50
push eax
:005640C8 6A00
push 00000000
於是得到
name=lb[CCG]
code=069002CA017C
後記:
該軟體的註冊碼放在WINDOWS目錄下的WIN.INI裡面
由於沒時間了,對軟體是否完全破完我沒有測試。請高手指教
.---._ ___
--===^ ~-......---.==\\\
/' _/-/ \ )))
`-~~ \ , ___\ ) ((
/ /---~~ \(`\( ))
</'|; .---" \>
| | " |
`" ; ;
X man or lb[BCG][CCG]
QQ:9832285
E-mail:lbcool@elong.com
2001.10.28 17:50
相關文章
- 魔法轉換 (2千字)2001-05-26
- 處女作,希望給各位初學者一些幫助^_^ 魔法轉換2.0 beta 1 破解 (7千字)2001-08-07
- serv-u 3.0 beta破解 (2千字)2001-04-20
- picturetoexe v3.60 beta #2不完全破解 (2千字)2001-04-30
- 微軟開啟《光環戰爭2》Beta版顯示卡測試2017-01-22微軟
- 破解至嘉DB Tools V2.1 (5千字)2000-09-11
- 天網防火牆個人版2.0(beta)的破解!!! (20千字)2001-01-26防火牆
- iOS 8.4 Beta 2測試版更新 增加全新音樂應用2015-05-07iOS
- 天網防火牆個人版2.0.2.98(beta)的破解,參考TAE!的破解。
(5千字)2001-02-10防火牆
- iOS 10公測版beta2釋出 iOS 10公測版beta2怎麼樣?2016-07-25iOS
- 破解90天試用期 (2千字)2001-04-03
- 智慧狂拼試用版之破解 (1千字)2000-09-04
- 大魔頭,哪裡跑,看劍(魔法轉換1.5破解記錄,新鮮出爐) (3千字)2001-04-01
- iOS11.2公測版beta2更新發布 引入Apple Pay個人轉賬2017-11-08iOSAPP
- macOS Big Sur 11 v11.2beta2版2020-12-28Mac
- iOS10 beta測試版升級方法2016-06-14iOS
- HostSeek 中文版 簡單破解 (2千字)2001-05-26
- 金山毒霸試用版完全破解 (5千字)2001-07-16
- iOS 11 beta3最新測試版釋出:體驗做的更足2017-07-12iOS
- 最新 英語聽力通 v2.1 破解實錄 (6千字)2002-01-21
- iOS10.2公測版Beta2韌體更新 iOS10.2公測版Beta2新特性2016-11-11iOS
- winimp1.11註冊碼破解 (2千字)2000-07-16
- 硬碟保護卡的破解 (轉)~~~~ (2千字)2001-11-23硬碟
- 破解心得之CDRWin 4.0A BETA篇 (18千字)2001-04-24
- iOS 如何使用 TestFlight 進行 App Beta 版測試2016-08-07iOSAPP
- Unfoxall 2.0 增強版完美破解方法 (2千字)2000-05-17
- 蘋果釋出iOS 15 Beta 2測試版,新增功能、修復Bug,該更新嗎?2021-06-30蘋果iOS
- iOS11.3 beta4最新測試版釋出 修復Bug提升穩定性2018-03-06iOS
- 網易POPO網頁版 Beta1 公測!(轉)2007-08-16網頁
- ora11_node_dg(2)ADG做(switchover)切換測試2015-12-31
- DOTA 2卡牌遊戲《Artifact》BETA測試時間公佈2018-08-21遊戲
- 輕鬆試卷 V4.5版破解實錄。 (8千字)2002-06-30
- 《Quick View Plus 5.0》30天試用版的破解 (5千字)2001-07-24UIView
- 《Diablo 2 暗黑破壞神 》破解(轉載) (1千字)2001-10-07
- PassWD2000破解過程~~~轉貼~~~~~~ (11千字)2001-10-10
- iOS12最新測試版升級教程 iOS12 beta2怎麼升級?2018-06-20iOS
- 蘋果iOS 9.3 beta5測試版 修改減弱藍光2016-03-08蘋果iOS
- 《破解webmirror殘記》 (2千字)2001-01-11Web