PC Security 5.1自動註冊(莫名其妙)~~~~~~~~~~~~~ (14千字)
破解目標:PC Security 5.1
下載地址:http://nj.onlinedown.net/PCSECURITY.HTM
軟體簡介:
這個存取控制軟體功能非常強大,它除了可以讓你關閉我的電腦、控制檯、顯示器設定、啟動、撥號網路、桌面捷徑、工作列等以及隱藏桌面圖示和Windows工作列的功能外,還可鎖住硬碟中任何目錄下的檔案.而且它還附有一個Lock
System,和螢幕保護程式一樣在電腦閒 置一段時間後會自動啟動防護(亦可手動啟動)
使用工具:Trw2000 1.23 & W32dasm
破解原因:
我的手提電腦(又破又舊)經常要帶到上班的地方使用,有時我要臨時離開,不希望有人亂碰我的電腦,PC
Security 5.1容量雖小,功能卻很強大,它可以定時鎖定電腦,可以保護任何檔案和檔案A,還有其它大量的保護.
破解過程:
安裝執行PC Security 5.1,安裝完後雙擊系統托盤的小紅鎖圖示,進入它的Setting視窗,程式提示只能試用30天並要求註冊,隨便亂填,按註冊,程式報錯自動退出.好了,用W32dasm反彙編Security.exe找出錯的字串,可是找不到,呵呵~~~~~~看來要動態的啦~~~~~
再次進入,填入Sam Von, 67676767,bpx hmemcpy,按註冊,Trw攔下來了.然後用F12找到出錯的Call再慢慢找註冊的判斷,請看下面的程式碼
=====================================================================
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040F494(C)
|
:0040F4A6 8B4DF0
mov ecx, dword ptr [ebp-10]
:0040F4A9 3959F8
cmp dword ptr [ecx-08], ebx
:0040F4AC 7509
jne 0040F4B7
:0040F4AE 53
push ebx
:0040F4AF 53
push ebx
* Possible Reference to Dialog:
|
:0040F4B0 6818134700 push 00471318
:0040F4B5 EBE6
jmp 0040F49D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040F4AC(C)
|
:0040F4B7 50
push eax
:0040F4B8 51
push ecx
:0040F4B9 E8844D0000 call 00414242
<---這是判斷的Call進去看看
:0040F4BE 59
pop ecx
:0040F4BF 59
pop ecx
:0040F4C0 85C0
test eax, eax <---eax不能為0否則下面的跳躍就跳到出錯的地方了,記住這個判斷
:0040F4C2 53
push ebx
:0040F4C3 53
push ebx
:0040F4C4 744F
je 0040F515 <---跳就完了,在這裡如果用r fl z的話程式會提示註冊成功,但進入About仍然是非註冊版,退出再進入它會再次讓你註冊
注意往下看如何能讓eax不為0
====================================================================
* Referenced by a CALL at Address:
|:0040F4B9
|
:00414242 55
push ebp
:00414243 8BEC
mov ebp, esp
:00414245 81EC80000000 sub esp, 00000080
:0041424B 53
push ebx
:0041424C 56
push esi
:0041424D 57
push edi
:0041424E E8E2FEFFFF call 00414135
:00414253 85C0
test eax, eax
:00414255 0F84EF010000 je 0041444A
<---一定不能跳,先去看看41444A處的說明
:0041425B 8B5D08
mov ebx, dword ptr [ebp+08]
:0041425E 33FF
xor edi, edi
:00414260 53
push ebx
:00414261 33F6
xor esi, esi
:00414263 E888070100 call 004249F0
:00414268 59
pop ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414299(C)
|
:00414269 0FBE041F movsx
eax, byte ptr [edi+ebx]
:0041426D 50
push eax
:0041426E E815190100 call 00425B88
:00414273 85C0
test eax, eax
:00414275 59
pop ecx
:00414276 750F
jne 00414287
:00414278 0FBE041F movsx
eax, byte ptr [edi+ebx]
:0041427C 50
push eax
:0041427D E8D8180100 call 00425B5A
:00414282 85C0
test eax, eax
:00414284 59
pop ecx
:00414285 7408
je 0041428F
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414276(C)
|
:00414287 8A041F
mov al, byte ptr [edi+ebx]
:0041428A 884435E0 mov
byte ptr [ebp+esi-20], al
:0041428E 46
inc esi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414285(C)
|
:0041428F 53
push ebx
:00414290 47
inc edi
:00414291 E85A070100 call 004249F0
:00414296 3BF8
cmp edi, eax
:00414298 59
pop ecx
:00414299 76CE
jbe 00414269
:0041429B 806435E000 and byte
ptr [ebp+esi-20], 00
:004142A0 8D45E0
lea eax, dword ptr [ebp-20]
:004142A3 50
push eax
:004142A4 E847070100 call 004249F0
:004142A9 83F810
cmp eax, 00000010 <---這裡判斷註冊碼的個數,應該是16位
:004142AC 59
pop ecx
:004142AD 7409
je 004142B8
:004142AF 83F811
cmp eax, 00000011
:004142B2 0F8592010000 jne 0041444A
<---又一個,避開它
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004142AD(C)
|
:004142B8 8D45E0
lea eax, dword ptr [ebp-20]
:004142BB 50
push eax
:004142BC E82F070100 call 004249F0
:004142C1 48
dec eax
:004142C2 59
pop ecx
:004142C3 83F810
cmp eax, 00000010
:004142C6 751A
jne 004142E2
:004142C8 807DF046 cmp
byte ptr [ebp-10], 46
:004142CC 7406
je 004142D4
:004142CE 807DF066 cmp
byte ptr [ebp-10], 66
:004142D2 750E
jne 004142E2
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004142CC(C)
|
:004142D4 8065F000 and
byte ptr [ebp-10], 00
:004142D8 C705A091470001000000 mov dword ptr [004791A0], 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004142C6(C), :004142D2(C)
|
:004142E2 FF750C
push [ebp+0C]
:004142E5 33FF
xor edi, edi
:004142E7 E804070100 call 004249F0
:004142EC 8BF0
mov esi, eax
:004142EE 59
pop ecx
:004142EF 4E
dec esi
:004142F0 782E
js 00414320
:004142F2 6A09
push 00000009
:004142F4 58
pop eax
:004142F5 2BC6
sub eax, esi
:004142F7 8D1C80
lea ebx, dword ptr [eax+4*eax]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041431E(C)
|
:004142FA 8B450C
mov eax, dword ptr [ebp+0C]
:004142FD 0FBE0406 movsx
eax, byte ptr [esi+eax]
:00414301 03C3
add eax, ebx
:00414303 50
push eax
:00414304 E842030000 call 0041464B
:00414309 C70424401F0000 mov dword ptr [esp],
00001F40
:00414310 E87A030000 call 0041468F
:00414315 03F8
add edi, eax
:00414317 4E
dec esi
:00414318 83C305
add ebx, 00000005
:0041431B 59
pop ecx
:0041431C 85F6
test esi, esi
:0041431E 7DDA
jge 004142FA
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004142F0(C)
|
:00414320 A1F01D4700 mov eax,
dword ptr [00471DF0]
:00414325 03C7
add eax, edi
:00414327 50
push eax
:00414328 E81E030000 call 0041464B
:0041432D 8065C000 and
byte ptr [ebp-40], 00
:00414331 59
pop ecx
:00414332 6A08
push 00000008
* Possible Reference to Dialog:
|
:00414334 BF601F4700 mov edi,
00471F60
:00414339 5B
pop ebx
:0041433A 8BF3
mov esi, ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414357(C)
|
:0041433C 6A0F
push 0000000F
:0041433E E84C030000 call 0041468F
:00414343 59
pop ecx
:00414344 50
push eax
:00414345 8D45C0
lea eax, dword ptr [ebp-40]
:00414348 50
push eax
:00414349 8D45C0
lea eax, dword ptr [ebp-40]
:0041434C 57
push edi
:0041434D 50
push eax
:0041434E E870130100 call 004256C3
:00414353 83C410
add esp, 00000010
:00414356 4E
dec esi
:00414357 75E3
jne 0041433C
:00414359 8D45E0
lea eax, dword ptr [ebp-20]
:0041435C 50
push eax
:0041435D 8D45A0
lea eax, dword ptr [ebp-60]
:00414360 50
push eax
:00414361 E83A030100 call 004246A0
:00414366 8065A400 and
byte ptr [ebp-5C], 00
:0041436A 8D4580
lea eax, dword ptr [ebp-80]
:0041436D 50
push eax
:0041436E 8D45E4
lea eax, dword ptr [ebp-1C]
:00414371 50
push eax
:00414372 E80BF6FEFF call 00403982
:00414377 8D45C0
lea eax, dword ptr [ebp-40]
:0041437A 50
push eax
:0041437B 8D4580
lea eax, dword ptr [ebp-80]
:0041437E 50
push eax
:0041437F E82C620100 call 0042A5B0
<---這個Call裡應該是比較重要的比較,前面的好多Call我都追進去過,它們都用我填的假資料做了很多運算,不過我沒搞清楚,誰去研究下它的演算法吧.
:00414384 83C418
add esp, 00000018
:00414387 85C0
test eax, eax
:00414389 0F85BB000000 jne 0041444A
<---這裡是最後一個,前兩個一般來說只要你填的假註冊碼是16位就不會跳走,但這個一定會跳的,因為我的註冊碼肯定是假的嘛,在這裡下r
fl z命令就能過去了,然後按F5,看看程式跟你說什麼,當然是多謝你的註冊了,再看About裡也成為註冊版了,退出再進入依然不變,呵呵~~~~~~我想這全靠下面的這些程式碼了,因為程式會把註冊資訊放入c:\windows\Gerces23.dru這個檔案裡,那我就將這個檔案好好保管了~~~~~~哈哈
:0041438F FF750C
push [ebp+0C]
:00414392 C705A491470001000000 mov dword ptr [004791A4], 00000001
:0041439C C7059C91470032000000 mov dword ptr [0047919C], 00000032
:004143A6 68B0914700 push 004791B0
:004143AB E8F0020100 call 004246A0
:004143B0 80257892470000 and byte ptr [00479278],
00
:004143B7 59
pop ecx
:004143B8 59
pop ecx
:004143B9 BE78924700 mov esi,
00479278
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004143D3(C)
|
:004143BE 6A0F
push 0000000F
:004143C0 E8CA020000 call 0041468F
:004143C5 59
pop ecx
:004143C6 50
push eax
:004143C7 56
push esi
:004143C8 57
push edi
:004143C9 56
push esi
:004143CA E8F4120100 call 004256C3
:004143CF 83C410
add esp, 00000010
:004143D2 4B
dec ebx
:004143D3 75E9
jne 004143BE
:004143D5 A078924700 mov al,
byte ptr [00479278]
:004143DA 33D2
xor edx, edx
:004143DC 84C0
test al, al
:004143DE 741B
je 004143FB
:004143E0 8BCE
mov ecx, esi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004143F9(C)
|
:004143E2 3C20
cmp al, 20
:004143E4 740D
je 004143F3
:004143E6 0FBE01
movsx eax, byte ptr [ecx]
:004143E9 03C2
add eax, edx
:004143EB BFFF000000 mov edi,
000000FF
:004143F0 99
cdq
:004143F1 F7FF
idiv edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004143E4(C)
|
:004143F3 8A4101
mov al, byte ptr [ecx+01]
:004143F6 41
inc ecx
:004143F7 84C0
test al, al
:004143F9 75E7
jne 004143E2
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004143DE(C)
|
:004143FB 8BC2
mov eax, edx
:004143FD 6A63
push 00000063
:004143FF 99
cdq
:00414400 59
pop ecx
:00414401 F7F9
idiv ecx
:00414403 52
push edx
:00414404 56
push esi
* Possible Reference to Dialog:
|
:00414405 68581F4700 push 00471F58
:0041440A 56
push esi
:0041440B E8B3120100 call 004256C3
:00414410 6A28
push 00000028
:00414412 E834020000 call 0041464B
:00414417 83C414
add esp, 00000014
:0041441A 33F6
xor esi, esi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414431(C)
|
:0041441C 6A0F
push 0000000F
:0041441E E86C020000 call 0041468F
:00414423 3086B0914700 xor byte ptr
[esi+004791B0], al
:00414429 46
inc esi
:0041442A 81FEC8000000 cmp esi, 000000C8
:00414430 59
pop ecx
:00414431 72E9
jb 0041441C
:00414433 E857FDFFFF call 0041418F
:00414438 8BF0
mov esi, eax
:0041443A 8D45A0
lea eax, dword ptr [ebp-60]
:0041443D 50
push eax
:0041443E FF750C
push [ebp+0C]
:00414441 E8E9F8FEFF call 00403D2F
:00414446 59
pop ecx
:00414447 59
pop ecx
:00414448 EB02
jmp 0041444C
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00414255(C), :004142B2(C), :00414389(C)
|
:0041444A 33F6
xor esi, esi <---esi清為0了,注意有三個地方會跳到這裡來
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414448(U)
|
:0041444C 8BC6
mov eax, esi <---如果跳到上面一行,這時eax也為0了,下面就跳出這個Call了,還記得外面那個test
eax,eax嗎所以無論如何都不能讓程式跳到41444A這一行
:0041444E 5F
pop edi
:0041444F 5E
pop esi
:00414450 5B
pop ebx
:00414451 C9
leave
:00414452 C3
ret
後記:
這次破解我不想寫太多東西,因為我並沒有將它的演算法搞清楚,它的很多call都在拿我的假資料做運算,不過都是些乘法除法之類的,請高手們看看吧.將它破解後我上到http://astalavista.box.sk/去查詢它的序號產生器,但找到的都是註冊了的Gerces23.dru檔案,我想它應該不是那麼簡單的,不然怎麼會連個正確的註冊碼都找不到呢~~~~~~~~~~呵呵
_/_/_/
_/ _/_/_/ _/_/_/
_/_/
_/_/ _/ _/ _/ _/
_/
_/ _/ _/ _/
_/ _/
_/_/_/ _/_/_/ _/ _/ _/
Sam.com
2:55 2001-7-20
相關文章
- S-DEMO2 註冊分析 (14千字)2002-06-25
- 轉貼 Ronnier 的 AcqURL 5.1 註冊黑名單的破解 (7千字)2001-05-14
- FolderView 1.7
註冊演算法分析 (14千字)2015-11-15View演算法
- @EnableDiscoveryClient與Nacos自動註冊2021-07-07client
- 自動註冊appleid2019-01-16APP
- 需求分析案例 - “自動註冊”功能2020-11-02
- 網站自動註冊問題2012-12-04網站
- Active Ebook Compiler的註冊演算法 (14千字)2001-05-09Compile演算法
- estiprojm 註冊 (12千字)2001-11-08
- 自動註冊gmail郵箱構想2020-04-06AI
- Oracle自動動態註冊成功的條件2011-10-10Oracle
- 迷你網路電視5.1註冊演算法2003-07-04演算法
- CoolClock V1.02註冊演算法分析 ---OCG (14千字)2015-11-15演算法
- 象棋橋2000新版及absolute security pro3.7的註冊破解。
(3千字)2000-08-28
- [譯] 學習 Spring Security(三):註冊流程2019-03-04Spring
- 動態註冊和靜態註冊2018-05-21
- 靜態註冊和動態註冊2013-11-27
- Eclipse 莫名其妙自動退出2013-08-12Eclipse
- EZ MP3 Recorder 1.15 註冊演算法分析 (14千字)2015-11-15演算法
- Cleaner 3.2註冊分析 (18千字)2001-12-09
- Android 通用的元件自動註冊、自動初始化解決方案2018-07-16Android元件
- 註冊PSXVIDEO Ver1.12詳細演算法 (14千字)2001-04-11IDE演算法
- 註冊碼演算法 (2千字)2001-01-14演算法
- Oracle Listener 動態註冊 與 靜態註冊2013-12-02Oracle
- Oracle listener靜態註冊和動態註冊2010-04-12Oracle
- Oracle Listener 動態註冊與靜態註冊2011-09-21Oracle
- 【監聽】動態註冊和靜態註冊2015-11-30
- 金寶廳代理註冊-V加:18288129714線上註冊2021-04-18
- com註冊會自動執行的程式碼段2010-11-22
- IntelliJ IDEA 14 註冊碼2017-04-09IntelliJIdea
- oracle監聽靜態註冊和動態註冊2010-10-20Oracle
- 靜態註冊和動態註冊總結(zt)2008-03-13
- oracle監聽動態註冊與靜態註冊2013-04-15Oracle
- listener靜態註冊和動態註冊總結2009-05-11
- APISpy32 2.5的註冊 (7千字)2001-04-01API
- Flash ActionScript Tool 的註冊碼! (22千字)2001-05-04
- FolderView註冊部分的計算 (13千字)2001-05-27View
- 《TxEdit 4.6》的註冊碼破解 (11千字)2001-07-28