超屏捕 v3.30 破解^程 (16千字)
破解後,只要入24位]源a,就可以]猿曬~~
抗crack工具, @次我先f@e,和V3.20有c不同
* Reference To: USER32.SetTimer, Ord:0239h
|
:00401B1E 8B3DFCE74B00 mov edi, dword
ptr [004BE7FC]
:00401B24 85C0
test eax, eax
:00401B26 740F
je 00401B37 @e一定要跳,建h改@e直接跳^去
把 74 0F ==>> EB 3F
也就是 JMP 00401B67
:00401B28 8B4E1C
mov ecx, dword ptr [esi+1C]
:00401B2B 6A00
push 00000000
:00401B2D 6830750000 push 00007530
:00401B32 6A04
push 00000004
:00401B34 51
push ecx
:00401B35 FFD7
call edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401B26(C)
|
:00401B37 E844960200 call 0042B180
@e是CRACK工具zy,去看有那些工具
:00401B3C 85C0
test eax, eax
:00401B3E 740F
je 00401B4F @e一定要跳
:00401B40 8B561C
mov edx, dword ptr [esi+1C]
:00401B43 6A00
push 00000000
:00401B45 6830750000 push 00007530
:00401B4A 6A04
push 00000004
:00401B4C 52
push edx
:00401B4D FFD7
call edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401B3E(C)
|
* Reference To: KERNEL32.IsDebuggerPresent, Ord:021Bh
{用IsDebuggerPresent()zy是否有{器存在。
@函抵荒z查使用 Debug API 碭程式的{器。
:00401B4F E8DC950200 Call 0042B130
:00401B54 85C0
test eax, eax
:00401B56 740F
je 00401B67 @e一定要跳
:00401B58 8B461C
mov eax, dword ptr [esi+1C]
:00401B5B 6A00
push 00000000
:00401B5D 6830750000 push 00007530
:00401B62 6A04
push 00000004
:00401B64 50
push eax
:00401B65 FFD7
call edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401B56(C)
|
:00401B67 8B4E1C
mov ecx, dword ptr [esi+1C]
:00401B6A 6A00
push 00000000
:00401B6C 6860EA0000 push 0000EA60
:00401B71 6A05
push 00000005
:00401B73 51
push ecx
:00401B74 FFD7
call edi
:00401B76 5F
pop edi
:00401B77 5E
pop esi
:00401B78 33C0
xor eax, eax
:00401B7A 5B
pop ebx
:00401B7B 83C440
add esp, 00000040
:00401B7E C20400
ret 0004
@e是zyCRACK工具熱
* Referenced by a CALL at Address:
|:00401B37
|
* Possible StringData Ref from Code Obj ->"\\.\SICE" @是 SoftIce Windows
9x版本
|
:0042B180 6864034F00 push 004F0364
:0042B185 E8B6FFFFFF call 0042B140
:0042B18A 83C404
add esp, 00000004
:0042B18D 85C0
test eax, eax
:0042B18F 7406
je 0042B197
:0042B191 B801000000 mov eax,
00000001
:0042B196 C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042B18F(C)
|
* Possible StringData Ref from Code Obj ->"\\.\NTICE" @是 SoftIce Windows
NT版本
|
:0042B197 6858034F00 push 004F0358
:0042B19C E89FFFFFFF call 0042B140
:0042B1A1 83C404
add esp, 00000004
:0042B1A4 85C0
test eax, eax
:0042B1A6 7406
je 0042B1AE
:0042B1A8 B801000000 mov eax,
00000001
:0042B1AD C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042B1A6(C)
|
* Possible StringData Ref from Code Obj ->"\\.\FILEMON" @是 File Moniter
|O系y中各檔案x操作,特em合破解 Key File 保o的件
:0042B1AE 684C034F00 push 004F034C
:0042B1B3 E888FFFFFF call 0042B140
:0042B1B8 83C404
add esp, 00000004
:0042B1BB 85C0
test eax, eax
:0042B1BD 7406
je 0042B1C5
:0042B1BF B801000000 mov eax,
00000001
:0042B1C4 C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042B1BD(C)
|
* Possible StringData Ref from Code Obj ->"\\.\REGMON" @是 Registry Moniter
|O各件υ]緣淖x取操作
:0042B1C5 6840034F00 push 004F0340
:0042B1CA E871FFFFFF call 0042B140
:0042B1CF 83C404
add esp, 00000004
:0042B1D2 85C0
test eax, eax
:0042B1D4 7406
je 0042B1DC
:0042B1D6 B801000000 mov eax,
00000001
:0042B1DB C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042B1D4(C)
|
* Possible StringData Ref from Code Obj ->"\\.\TRW" @是 TRWIN
|
:0042B1DC 6838034F00 push 004F0338
:0042B1E1 E85AFFFFFF call 0042B140
:0042B1E6 83C404
add esp, 00000004
:0042B1E9 85C0
test eax, eax
:0042B1EB 7406
je 0042B1F3
:0042B1ED B801000000 mov eax,
00000001
:0042B1F2 C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042B1EB(C)
|
* Possible StringData Ref from Code Obj ->"\\.\TRWDEBUG" @是 TRWIN
|
:0042B1F3 6828034F00 push 004F0328
:0042B1F8 E843FFFFFF call 0042B140
:0042B1FD 83C404
add esp, 00000004
:0042B200 85C0
test eax, eax
:0042B202 7406
je 0042B20A
:0042B204 B801000000 mov eax,
00000001
:0042B209 C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042B202(C)
|
* Possible StringData Ref from Code Obj ->"\\.\ICEDUMP"
|
:0042B20A 681C034F00 push 004F031C
:0042B20F E82CFFFFFF call 0042B140
:0042B214 83C404
add esp, 00000004
:0042B217 F7D8
neg eax
:0042B219 1BC0
sbb eax, eax
:0042B21B F7D8
neg eax
:0042B21D C3
ret
:00424F7C 50
push eax
:00424F7D 688D040000 push 0000048D
:00424F82 E8D9880700 call 0049D860
:00424F87 83F818
cmp eax, 00000018 @e是判嗄爿入的]源a是否有24位
:00424F8A 741A
je 00424FA6
:00424F8C 8B8EA8020000 mov ecx, dword
ptr [esi+000002A8]
:00424F92 6A00
push 00000000
:00424F94 6A10
push 00000010
* Possible StringData Ref from Code Obj ->"Incomplete or incorrect Registration-Number.
"
->"Please input
again!"
|
:00424F96 6894EE4E00 push 004EEE94
:00424F9B E8309BFFFF call 0041EAD0
:00424FA0 5F
pop edi
:00424FA1 5E
pop esi
:00424FA2 83C424
add esp, 00000024
:00424FA5 C3
ret
* Reference To: USER32.KillTimer, Ord:0196h
|
:004252BD FF15C8E74B00 Call dword ptr
[004BE7C8]
:004252C3 6A00
push 00000000
:004252C5 E8B4020600 call 0048557E
:004252CA 8B15B8165000 mov edx, dword
ptr [005016B8]
:004252D0 83C404
add esp, 00000004
:004252D3 2BC2
sub eax, edx
:004252D5 83F805
cmp eax, 00000005
:004252D8 0F83BC000000 jnb 0042539A
:004252DE A1B4165000 mov eax,
dword ptr [005016B4] @e是取出]蘇I
:004252E3 85C0
test eax, eax eax=1 ]猿曬 eax=0 ]允
:004252E5 0F849F000000 je 0042538A
就是@e~不可跳~但不建h改@
:004252EB 8B13
mov edx, dword ptr [ebx]
:004252ED 57
push edi
:004252EE 8BCB
mov ecx, ebx
:004252F0 FF92C8000000 call dword ptr
[edx+000000C8]
:004252F6 8D44240C lea
eax, dword ptr [esp+0C]
:004252FA 50
push eax
:004252FB E83075FFFF call 0041C830
:00425300 BF84165000 mov edi,
00501684
:00425305 83C9FF
or ecx, FFFFFFFF
:00425308 33C0
xor eax, eax
:0042530A 8D9424B0030000 lea edx, dword ptr
[esp+000003B0]
:00425311 F2
repnz
:00425312 AE
scasb
:00425313 F7D1
not ecx
:00425315 2BF9
sub edi, ecx
:00425317 8BC1
mov eax, ecx
:00425319 8BF7
mov esi, edi
:0042531B 8BFA
mov edi, edx
:0042531D C1E902
shr ecx, 02
:00425320 F3
repz
:00425321 A5
movsd
:00425322 8BC8
mov ecx, eax
:00425324 83E103
and ecx, 00000003
:00425327 F3
repz
:00425328 A4
movsb
:00425329 8D4C2410 lea
ecx, dword ptr [esp+10]
:0042532D 51
push ecx
:0042532E E83D75FFFF call 0041C870
:00425333 8B8BA8020000 mov ecx, dword
ptr [ebx+000002A8]
:00425339 83C408
add esp, 00000008
:0042533C 6A00
push 00000000
:0042533E 6A10
push 00000010
* Possible StringData Ref from Code Obj ->"Registe Ok!" @e就是]猿曬Φ撓息~往上看
|
:00425340 68D8EE4E00 push 004EEED8
:00425345 E88697FFFF call 0041EAD0
:0042534A 8B1588DE4F00 mov edx, dword
ptr [004FDE88]
* Reference To: USER32.PostMessageA, Ord:01D9h
|
:00425350 8B35F8E74B00 mov esi, dword
ptr [004BE7F8]
:00425356 6A00
push 00000000
:00425358 6A00
push 00000000
:0042535A 6853050000 push 00000553
:0042535F 52
push edx
:00425360 FFD6
call esi
:00425362 A17C165000 mov eax,
dword ptr [0050167C]
:00425367 5F
pop edi
:00425368 85C0
test eax, eax
:0042536A 742E
je 0042539A
:0042536C 6A00
push 00000000
:0042536E 6A00
push 00000000
:00425370 6853050000 push 00000553
:00425375 50
push eax
:00425376 FFD6
call esi
:00425378 8BCB
mov ecx, ebx
:0042537A E880550700 call 0049A8FF
:0042537F 5E
pop esi
:00425380 5B
pop ebx
:00425381 81C4BC0A0000 add esp, 00000ABC
:00425387 C20400
ret 0004
找那e存 [005016B4] ]蘇I
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042377D(C)
|
:0042373C 8B47F8
mov eax, dword ptr [edi-08]
:0042373F 8B57FC
mov edx, dword ptr [edi-04]
:00423742 8B4F04
mov ecx, dword ptr [edi+04]
:00423745 03C2
add eax, edx
:00423747 8B17
mov edx, dword ptr [edi]
:00423749 03C1
add eax, ecx
:0042374B 03C2
add eax, edx
:0042374D 33D2
xor edx, edx
:0042374F B91A000000 mov ecx,
0000001A
:00423754 F7F1
div ecx
:00423756 8B442410 mov
eax, dword ptr [esp+10]
:0042375A 8910
mov dword ptr [eax], edx
:0042375C 8B942448050000 mov edx, dword ptr
[esp+00000548]
:00423763 8A0C2A
mov cl, byte ptr [edx+ebp]
:00423766 33D2
xor edx, edx
:00423768 3A08
cmp cl, byte ptr [eax]
:0042376A 0F94C2
sete dl 相等,dl=1
就改@~ 0F 94 C2 ==>> 42 90 90
就是 INC EDX
NOP
NOP
:0042376D 23F2
and esi, edx @e是PI
:0042376F 45
inc ebp
:00423770 83C710
add edi, 00000010
:00423773 83C004
add eax, 00000004
:00423776 83FD10
cmp ebp, 00000010
:00423779 89442410 mov
dword ptr [esp+10], eax
:0042377D 72BD
jb 0042373C
:0042377F 6A00
push 00000000
:00423781 89B424AC000000 mov dword ptr [esp+000000AC],
esi
:00423788 E8F11D0600 call 0048557E
:0042378D 8B7C2460 mov
edi, dword ptr [esp+60]
:00423791 83C404
add esp, 00000004
:00423794 2BC7
sub eax, edi
:00423796 83F802
cmp eax, 00000002
:00423799 0F87BB030000 ja 00423B5A
:0042379F 6A00
push 00000000
:004237A1 E8D81D0600 call 0048557E
:004237A6 2BC7
sub eax, edi
:004237A8 83C404
add esp, 00000004
:004237AB 83F802
cmp eax, 00000002
:004237AE 0F87A6030000 ja 00423B5A
:004237B4 33C0
xor eax, eax
:004237B6 8D8C24BC010000 lea ecx, dword ptr
[esp+000001BC]
:004237BD 89442444 mov
dword ptr [esp+44], eax
:004237C1 894C241C mov
dword ptr [esp+1C], ecx
:004237C5 EB07
jmp 004237CE
由@往向上看
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00423B44(C)
|
:004237C7 8BB424A8000000 mov esi, dword ptr
[esp+000000A8]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004237C5(U)
由004237C5淼竭@
|
:004237CE 8B54241C mov
edx, dword ptr [esp+1C]
:004237D2 8D8C843C040000 lea ecx, dword ptr
[esp+4*eax+0000043C]
:004237D9 894C244C mov
dword ptr [esp+4C], ecx
:004237DD 83E00F
and eax, 0000000F
:004237E0 0FBF12
movsx edx, word ptr [edx]
:004237E3 8911
mov dword ptr [ecx], edx
:004237E5 8935B4165000 mov dword ptr
[005016B4], esi @e就是存]蘇I的地方,向上看
:004237EB 0FBE4B07 movsx
ecx, byte ptr [ebx+07]
:004237EF 0FBE7301 movsx
esi, byte ptr [ebx+01]
CRC校
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0041D32D(C), :0041D340(C)
|
:0041D347 E814DF0000 call 0042B260
:0041D34C 85C0
test eax, eax
:0041D34E 7404
je 0041D354 改@比^好~ 74 04 ==>> EB 31
也就是 JMP 0041D381
:0041D350 85F6
test esi, esi
:0041D352 742D
je 0041D381 @e就可以跳^去~但不改@
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041D34E(C)
|
:0041D354 8B471C
mov eax, dword ptr [edi+1C]
:0041D357 6A05
push 00000005
:0041D359 50
push eax
* Reference To: USER32.KillTimer, Ord:0196h
|
:0041D35A FF15C8E74B00 Call dword ptr
[004BE7C8]
:0041D360 6A00
push 00000000
:0041D362 6A00
push 00000000
* Possible StringData Ref from Code Obj ->"SuperCapture not properly installed
"
->"! Please download
new version "
->"at: http://www.SueprCapture.com
"
->"and reinstall
SuperCapture!"
| 看到上面的息~所以往上看
:0041D364 6830E44E00 push 004EE430
:0041D369 E88CB30800 call 004A86FA
:0041D36E 8B4F1C
mov ecx, dword ptr [edi+1C]
:0041D371 6A00
push 00000000
:0041D373 6A00
push 00000000
:0041D375 6854050000 push 00000554
:0041D37A 51
push ecx
* Reference To: USER32.PostMessageA, Ord:01D9h
|
:0041D37B FF15F8E74B00 Call dword ptr
[004BE7F8]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041D352(C)
|
:0041D381 5F pop edi
:0041D382 5E pop esi
:0041D383 C3 ret
相關文章
- 超屏捕 v3.41 破解^程~的有cy~ (19千字)2002-02-18
- 《伊妹捕神中文版》 破解過程詳解 (6千字)2001-04-29
- 用ollydbg破解就是爽,貼出超級屏捕的破解過程和演算法分析,請大家多多指教!! (15千字)2001-12-20演算法
- EmEditor v3.16破解過程 (9千字)2001-07-22
- 超級個人軟體 V2.5 破解過程! (3千字)2002-03-04
- 我的破解心得(5) (16千字)2001-03-13
- OICQ HACK 1.0 破解過程 (9千字)2001-04-23
- Nullz CrackMe 1.1破解過程 (13千字)2001-09-18Null
- WebTimeSync 5.2.0 破解過程 (14千字)2001-10-05Web
- dfx V4.0破解過程 (10千字)2000-09-24
- 破解過程-----請多多指教 (2千字)2000-12-31
- 電腦字型秀破解過程 (1千字)2001-03-18
- webeasymail的簡單破解過程 (2千字)2001-08-04WebAI
- Kryptel 3.8 暴力破解過程 (18千字)2001-09-18
- PUZZLER1.20破解過程 (4千字)2002-01-26
- SuperCleaner2.30破解過程 (11千字)2002-02-04
- 一個超容易破解的軟體! (5千字)2001-01-21
- Password Keeper v6.3破解過程 (8千字)2002-04-12
- post NOW! 破解過程!有意思。 (1千字)2000-12-30
- 有聲有色3.33破解過程 (4千字)2001-02-09
- 專業掃雷 1.2破解過程 (4千字)2001-02-17
- fulldisk A32 破解過程!(簡單) (1千字)2001-03-20
- 具體的破解過程來也! (10千字)2001-04-21
- 密碼大師4.0破解過程 (3千字)2001-05-06密碼
- 對VCDCUT 4.03的分析破解過程 (18千字)2001-08-08
- SuperCapture 3.04 破解歷程---半小時 (5千字)2002-02-14APT
- 木馬克星5.33.60破解過程
(9千字)2002-03-28
- GaitCD破解全過程(installshield) (3千字)2015-11-15AI
- 不脫殼破解極光多能鬧鐘
(16千字)2003-04-14
- 有聲有色 v3.16破解教程 (6千字)2000-10-03
- 音樂賀卡廠4.10破解過程 (6千字)2001-08-11
- 蒙泰5.0加密狗破解過程 (6千字)2001-10-11加密
- 加密精靈V2.2破解過程 (9千字)2001-10-28加密
- 破解 OverNimble Localize Plus 1.04
全過程! (13千字)2015-11-15
- 破解<<破解堅盾磁碟加密系統 V4.0>>的全過程 (10千字)2001-10-23加密
- 如何破解Bestofware SmartUI Activex 所有版本。(過程)
(5千字)2000-12-31UI
- PassWD2000破解過程~~~轉貼~~~~~~ (11千字)2001-10-10
- Lambda Pro v2.0安裝序列號破解(1) (16千字)2001-12-08