改一個位元組使天網防火牆2.4.6永不過期. (6千字)
改一個位元組使天網防火牆2.4.6永不過期.
破解者:tieji
破解時間:2001-11-23
註冊碼可以免費得到,不用破解,現破解的是一個月後彈出過期提示框.
找到004033D3 call dword ptr [edx+000000D8] 是彈出過期提示框的地方,具體怎樣找到的,
參見《看雪論壇精華Ⅲ》,這裡就不再說了.
* Referenced by a CALL at Addresses:
|:00405593 , :004056C9 , :0040E4E7 , :0042022F , :0042044E
|:004205F4 , :00420720
|
<============原來有這麼多地方來到這裡,究竟是
哪一個呢,經測試是00405593,而其他幾個是幹什麼
的,請各位大俠幫助研究一下.下面轉到00405593:
:00403340 55
push ebp
:00403341 8BEC
mov ebp, esp
:00403343 83C4C0
add esp, FFFFFFC0
:00403346 53
push ebx
:00403347 56
push esi
:00403348 57
push edi
:00403349 894DC4
mov dword ptr [ebp-3C], ecx
:0040334C 8955FC
mov dword ptr [ebp-04], edx
:0040334F 8945C8
mov dword ptr [ebp-38], eax
:00403352 B8789F5100 mov eax,
00519F78
:00403357 E8406A0F00 call 004F9D9C
:0040335C C745E801000000 mov [ebp-18], 00000001
:00403363 8D55FC
lea edx, dword ptr [ebp-04]
:00403366 8D45FC
lea eax, dword ptr [ebp-04]
:00403369 E87A421100 call 005175E8
:0040336E FF45E8
inc [ebp-18]
:00403371 66C745DC0800 mov [ebp-24],
0008
:00403377 8B4DC4
mov ecx, dword ptr [ebp-3C]
:0040337A B201
mov dl, 01
* Possible StringData Ref from Data Obj ->"?L"
|
:0040337C A154205200 mov eax,
dword ptr [00522054]
:00403381 E8069A0100 call 0041CD8C
:00403386 8945C0
mov dword ptr [ebp-40], eax
:00403389 66C745DC1400 mov [ebp-24],
0014
:0040338F 66C745DC2000 mov [ebp-24],
0020
:00403395 8D55FC
lea edx, dword ptr [ebp-04]
:00403398 8D45F8
lea eax, dword ptr [ebp-08]
:0040339B E848421100 call 005175E8
:004033A0 FF45E8
inc [ebp-18]
:004033A3 8B10
mov edx, dword ptr [eax]
:004033A5 8B4DC0
mov ecx, dword ptr [ebp-40]
:004033A8 8B81DC020000 mov eax, dword
ptr [ecx+000002DC]
:004033AE E8A16B0B00 call 004B9F54
:004033B3 FF4DE8
dec [ebp-18]
:004033B6 8D45F8
lea eax, dword ptr [ebp-08]
:004033B9 BA02000000 mov edx,
00000002
:004033BE E84D431100 call 00517710
:004033C3 8B55C0
mov edx, dword ptr [ebp-40]
:004033C6 8B45C8
mov eax, dword ptr [ebp-38]
:004033C9 E81E230000 call 004056EC
:004033CE 8B45C0
mov eax, dword ptr [ebp-40]
:004033D1 8B10
mov edx, dword ptr [eax]
:004033D3 FF92D8000000 call dword ptr
[edx+000000D8] <========彈出過期提示框
往上看是哪裡跳過來的
:004033D9 66C745DC0800 mov [ebp-24],
0008
:004033DF 8B4DC0
mov ecx, dword ptr [ebp-40]
:004033E2 894DF0
mov dword ptr [ebp-10], ecx
:004033E5 837DF000 cmp
dword ptr [ebp-10], 00000000
:004033E9 7421
je 0040340C
:004033EB 8B45F0
mov eax, dword ptr [ebp-10]
:004033EE 8B10
mov edx, dword ptr [eax]
:004033F0 8955F4
mov dword ptr [ebp-0C], edx
:004033F3 66C745DC3800 mov [ebp-24],
0038
===========================================================================================
:00405546 8D45C8
lea eax, dword ptr [ebp-38]
:00405549 5A
pop edx
:0040554A E869000000 call 004055B8
<=============跟進看看
:0040554F 84C0
test al, al <============測試al是否為零
:00405551 7445
je 00405598 <============al為零,表示沒過期,跳過過期提示框
什麼時候給al賦值,跟進上面的call看看
:00405553 66C745E42000 mov [ebp-1C],
0020
:00405559 8D45F8
lea eax, dword ptr [ebp-08]
:0040555C E8FFC7FFFF call 00401D60
:00405561 8BD0
mov edx, eax
:00405563 FF45F0
inc [ebp-10]
* Possible Reference to String Resource ID=30104: " ?Q?www.sky.net.cn)
}"
|
:00405566 B898750000 mov eax,
00007598
:0040556B E8906A0E00 call 004EC000
:00405570 8D55F8
lea edx, dword ptr [ebp-08]
:00405573 8D45FC
lea eax, dword ptr [ebp-04]
:00405576 E8C5211100 call 00517740
:0040557B FF4DF0
dec [ebp-10]
:0040557E 8D45F8
lea eax, dword ptr [ebp-08]
:00405581 BA02000000 mov edx,
00000002
:00405586 E885211100 call 00517710
:0040558B 33C9
xor ecx, ecx
:0040558D 8B55FC
mov edx, dword ptr [ebp-04]
:00405590 8B45D0
mov eax, dword ptr [ebp-30]
:00405593 E8A8DDFFFF call 00403340
<=================這裡呼叫
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405551(C)
|
:00405598 FF4DF0
dec [ebp-10]
=====================================================================================
* Referenced by a CALL at Address:
|:0040554A
|
:004055B8 55
push ebp
:004055B9 8BEC
mov ebp, esp
:004055BB 83C4F8
add esp, FFFFFFF8
:004055BE 8955F8
mov dword ptr [ebp-08], edx
:004055C1 8945FC
mov dword ptr [ebp-04], eax
:004055C4 8B45FC
mov eax, dword ptr [ebp-04]
:004055C7 DD00
fld qword ptr [eax]
:004055C9 8B55F8
mov edx, dword ptr [ebp-08]
:004055CC DC1A
fcomp qword ptr [edx]
:004055CE DFE0
fstsw ax
:004055D0 9E
sahf
:004055D1 0F97C0
seta al
:004055D4 83E001
and eax, 00000001 <==========這裡eax和00000001與一下,
要al為零,將程式碼改為: and eax, 00000000
就可使程式永不過期.即將83E001改為83E000
:004055D7 59
pop ecx
:004055D8 59
pop ecx
:004055D9 5D
pop ebp
:004055DA C3
ret
這樣將1改為0,只改一個位元組使天網防火牆2.4.6永不過期.
相關文章
- 破解一個CCG的軟體,改半位元組! (6千字)2002-01-27
- 使用DEDE破解天網防火牆 2.46! (2千字)2001-11-01防火牆
- 天網防火牆個人版2.0(beta)的破解!!! (20千字)2001-01-26防火牆
- 天網防火牆的配置方法2016-10-19防火牆
- 天網防火牆個人版2.0.2.98(beta)的破解,參考TAE!的破解。
(5千字)2001-02-10防火牆
- JavaScript設定cookie永不過期2017-11-26JavaScriptCookie
- Oracle 密碼永不過期設定2019-09-26Oracle密碼
- Centos6防火牆基本配置2019-01-25CentOS防火牆
- oracle如何修改單個使用者密碼永不過期2021-09-09Oracle密碼
- 能夠使防火牆無效的一種新的攻擊(轉)2007-08-17防火牆
- 一個高效、安全、通用的防火牆共享上網指令碼(轉)2007-08-10防火牆指令碼
- Nmap繞過防火牆掃描2020-10-10防火牆
- itm6中透過防火牆訪問tep browser問題2009-01-20防火牆
- 防火牆 | 網路協議2020-11-09防火牆協議
- rmi、防火牆與網閘2008-07-21防火牆
- Redhat防火牆引起的一個NDB錯誤。2013-12-31Redhat防火牆
- 一個位元組的網路漫遊故事獨白2019-03-02
- 改一個位元組破解星際爭霸母巢之戰1.08b的光碟保護 (1千字)2001-10-27
- WAb防火牆與傳統防火牆2022-12-30防火牆
- 用iptales實現包過慮型防火牆(一)(轉)2007-08-10防火牆
- 內網滲透-防火牆資訊2020-12-06內網防火牆
- 網路安全——防火牆詳解2023-03-07防火牆
- 江蘇南京-山石網科防火牆2010-06-02防火牆
- 伺服器防火牆設定一網打盡2019-02-25伺服器防火牆
- 安全網路防火牆的十二個注意事項(轉)2007-08-15防火牆
- 九宮八陣圖之天覆陣——防火牆2011-09-01防火牆
- centos6和7的防火牆開關2018-08-22CentOS防火牆
- 6k Star!B站、滴滴、小紅書都在用的網站防火牆2023-11-22網站防火牆
- 天翼雲Web應用防火牆(邊緣雲版)通過首批可信認證2022-06-27Web防火牆
- Nginx + Lua 搭建網站WAF防火牆2019-08-05Nginx網站防火牆
- 網路防火牆的配置與管理2017-11-17防火牆
- 防火牆(firewall)2023-03-07防火牆
- SQL防火牆2017-08-10SQL防火牆
- 防火牆IPTABLES2015-01-24防火牆
- RouterOS防火牆2011-03-10ROS防火牆
- 防火牆入侵於檢測——————3、思科 PIX 防火牆和 ASA 防火牆產品線2018-06-20防火牆
- AutoRun病毒防火牆如何使用 AutoRun病毒防火牆教程2016-08-05防火牆
- 軟體防火牆與硬體防火牆詳解2013-02-05防火牆