完美破解ip-tools2.04,不對之處請大家指正. (8千字)
完美破解ip-tools2.04多謝炎兄的提示啊!!!
------------------------
這個東西好像真的不錯,可是不註冊在啟動的時候會有個讓你註冊的對話方塊,讓你等的很煩!!!
好!讓我們試著crack掉他!
工具: trw2000 windasm ultraedit32
下bpx sendmessage 中斷,然後小心安F10,來到004E881E
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004D87DA(C)
|
:004D8817 8B03
mov eax, dword ptr [ebx]
:004D8819 E8E6A8F2FF call 00403104
:004D881E E875F1FFFF call 004D7998<------出現那個註冊框,在這裡安F9設斷.f8進
:004D8823 8B06
mov eax, dword ptr [esi]
:004D8825 E89EB5F5FF call 00433DC8
------------------------------------------------------------------------
* Referenced by a CALL at Address:
|:004D881E
|
:004D7998 55
push ebp
:004D7999 8BEC
mov ebp, esp
:004D799B 33C9
xor ecx, ecx
:004D799D 51
push ecx
:004D799E 51
push ecx
:004D799F 51
push ecx
:004D79A0 51
push ecx
:004D79A1 51
push ecx
:004D79A2 51
push ecx
:004D79A3 53
push ebx
:004D79A4 56
push esi
.
.
.
.
.
.小心安f10來到這裡
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004D7C95(C)
|
:004D7CA8 6A00
push 00000000
:004D7CAA B81E000000 mov eax,
0000001E
:004D7CAF E8B4B0F2FF call 00402D68
:004D7CB4 8BD0
mov edx, eax
:004D7CB6 6683C205 add
dx, 0005
:004D7CBA 66B91400 mov
cx, 0014
:004D7CBE 66B80100 mov
ax, 0001
:004D7CC2 E80910F3FF call 00408CD0
:004D7CC7 A124134E00 mov eax,
dword ptr [004E1324]
:004D7CCC DD18
fstp qword ptr [eax]
:004D7CCE 9B
wait
:004D7CCF E8E4FBFFFF call 004D78B8
:004D7CD4 84C0
test al, al
:004D7CD6 740D
je 004D7CE5<------跳到煩人視窗,nop掉.
:004D7CD8 B80A000000 mov eax,
0000000A
:004D7CDD E886B0F2FF call 00402D68
:004D7CE2 48
dec eax
:004D7CE3 7544
jne 004D7D29<------跳過煩人視窗 改為jmp
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004D7CD6(C)
|
:004D7CE5 B001
mov al, 01
:004D7CE7 E89844FDFF call 004AC184<---------出現煩人視窗
:004D7CEC EB3B
jmp 004D7D29
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004D7C8B(C)
|
:004D7CEE 6A00
push 00000000
:004D7CF0 B82D000000 mov eax,
0000002D
:004D7CF5 E86EB0F2FF call 00402D68
好了該他的校驗了問題了.
用windasm查詢 programe was corrupted
* Possible StringData Ref from Code Obj ->"] SelfTest .."
|
:004D84BA 689C884D00 push 004D889C
:004D84BF 8D45F0
lea eax, dword ptr [ebp-10]
:004D84C2 BA03000000 mov edx,
00000003
:004D84C7 E83CBBF2FF call 00404008
:004D84CC 8B55F0
mov edx, dword ptr [ebp-10]
:004D84CF 8B03
mov eax, dword ptr [ebx]
:004D84D1 8B80DC010000 mov eax, dword
ptr [eax+000001DC]
:004D84D7 8B8030010000 mov eax, dword
ptr [eax+00000130]
:004D84DD 8B08
mov ecx, dword ptr [eax]
:004D84DF FF5134
call [ecx+34]
:004D84E2 E861CEFBFF call 00495348
F8追進這個call(1)
:004D84E7 8B1590124E00 mov edx, dword
ptr [004E1290]
:004D84ED 3B82B4000000 cmp eax, dword
ptr [edx+000000B4]<---注意這個eax的值.如果你
crack了他,eax返回值不是33
fe9a19
:004D84F3 740F
je 004D8504<-------跳過校驗.可以讓程式執行了.
* Possible StringData Ref from Code Obj ->"Program was corrupted !"
|
:004D84F5 B8B4884D00 mov eax,
004D88B4
:004D84FA E801C2F6FF call 00444700
:004D84FF E926030000 jmp 004D882A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004D84F3(C)
|
:004D8504 687C884D00 push 004D887C
:004D8509 E8F60BF3FF call 00409104
:004D850E 83C4F8
add esp, FFFFFFF8
:004D8511 DD1C24
fstp qword ptr [esp]
:004D8514 9B
wait
:004D8515 8D45EC
lea eax, dword ptr [ebp-14]
------------------------------------------------------------------------------
(1)
暗F10慢慢來到這個地方
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00495479(C)
|
:004953F8 8D85F4BFFFFF lea eax, dword
ptr [ebp+FFFFBFF4]
:004953FE 33C9
xor ecx, ecx
:00495400 BA00400000 mov edx,
00004000
:00495405 E83ED9F6FF call 00402D48
:0049540A 8D45F8
lea eax, dword ptr [ebp-08]
:0049540D 50
push eax
:0049540E 8D95F4BFFFFF lea edx, dword
ptr [ebp+FFFFBFF4]
:00495414 B900400000 mov ecx,
00004000
:00495419 8D85A8BEFFFF lea eax, dword
ptr [ebp+FFFFBEA8]
:0049541F E83800F7FF call 0040545C
:00495424 8B75F8
mov esi, dword ptr [ebp-08]
:00495427 85F6
test esi, esi
:00495429 7903
jns 0049542E
:0049542B 83C603
add esi, 00000003
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00495429(C)
|
:0049542E C1FE02
sar esi, 02
:00495431 46
inc esi
:00495432 85F6
test esi, esi
:00495434 7E36
jle 0049546C
:00495436 BF01000000 mov edi,
00000001
:0049543B 8D9DF4BFFFFF lea ebx, dword
ptr [ebp+FFFFBFF4]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049546A(C)
|
:00495441 89BDA0BEFFFF mov dword ptr
[ebp+FFFFBEA0], edi
:00495447 DB85A0BEFFFF fild dword ptr
[ebp+FFFFBEA0]
:0049544D DB2DC8544900 fld tbyte ptr
[004954C8]
:00495453 DEC9
fmulp st(1), st(0)
:00495455 D805D4544900 fadd dword ptr
[004954D4]
:0049545B E810D7F6FF call 00402B70
:00495460 F72B
imul dword ptr [ebx]
:00495462 0145FC
add dword ptr [ebp-04], eax
:00495465 47
inc edi
:00495466 83C304
add ebx, 00000004
:00495469 4E
dec esi
:0049546A 75D5
jne 00495441
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004953F6(U), :00495434(C)
|
:0049546C 8D85A8BEFFFF lea eax, dword
ptr [ebp+FFFFBEA8]
:00495472 E8E900F7FF call 00405560
:00495477 84C0
test al, al
:00495479 0F8479FFFFFF je 004953F8<-----------這個迴圈是自校驗部分.得出eax值.判斷程式
:0049547F 8A45F4
mov al, byte ptr [ebp-0C] 是否改動過.
:00495482 8B15FC164E00 mov edx, dword
ptr [004E16FC]
:00495488 8802
mov byte ptr [edx], al
:0049548A 8D85A8BEFFFF lea eax, dword
ptr [ebp+FFFFBEA8]在此處ebp-04應該為33fe9a19
:00495490 E88F00F7FF call 00405524
改為 mov eax,33fe9a19
:00495495 8B45FC
mov eax, dword ptr [ebp-04]此處nop掉.改為909090
:00495498 A3E0CA4D00 mov dword
ptr [004DCAE0], eax 這個004dcae0就是為什麼我們crack
^^^^^^^^^^後一些功能受限制的罪魁禍首的地方.
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004953CA(C), :004953F0(C)
|
:0049549D 33C0
xor eax, eax
:0049549F 5A
pop edx
:004954A0 59
pop ecx
:004954A1 59
pop ecx
:004954A2 648910
mov dword ptr fs:[eax], edx
:004954A5 68BD544900 push 004954BD
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004954BB(U)
|
:004954AA 8D85A4BEFFFF lea eax, dword
ptr [ebp+FFFFBEA4]
:004954B0 E817E8F6FF call 00403CCC
:004954B5 C3
ret
:004954B6 E915E2F6FF jmp 004036D0
:004954BB EBED
jmp 004954AA
:004954BD 8B45FC
mov eax, dword ptr [ebp-04]
:004954C0 5F
pop edi
:004954C1 5E
pop esi
:004954C2 5B
pop ebx
:004954C3 8BE5
mov esp, ebp
:004954C5 5D
pop ebp
:004954C6 C3
ret
ping的功能可以用了,爽啊!嘿嘿~~~~~~但是好像大家都有註冊碼啊!!!呵呵~~~~~~~~
不對之處請大家指正!!!
相關文章
- [翻譯]用dede破解-另一篇~請大家指正~~ (5千字)2015-11-15
- 冷雨飄心的第二個crackme的破解方法,大家看看對不對! (5千字)2001-10-18
- 如何完美破解winhex9.73的功能限制! (8千字)2001-03-13
- winimage完全破解 (8千字)2001-07-04
- 如何完美破解PE EXPLORER 1.2 (5千字)2001-06-13
- 完美解除安裝7.00版破解 (7千字)2002-03-18
- PolyView再破解---請指教 (5千字)2001-01-02View
- 破解XFtpSvr =====> 請進 (5千字)2001-07-01FTPVR
- Java 程式的破解方法 (8千字)2002-08-15Java
- 我的破解心得(8) (2千字)2001-03-13
- Unfoxall 2.0 增強版完美破解方法 (2千字)2000-05-17
- PictureToTv
程式分析--請前輩指正2004-10-02
- VOPTME6.01破解第一次寫教程,有不對的地方請指出,謝謝! (3千字)2001-05-24
- 用ollydbg破解就是爽,貼出超級屏捕的破解過程和演算法分析,請大家多多指教!! (15千字)2001-12-20演算法
- ssreader 360正式版 完美破解版本 (3千字)2002-01-06
- ThemeFreak V1.6破解 (8千字)2001-03-07
- 炒股理財1.65破解方法 (8千字)2001-04-13
- Trojan Remover 4.3.0破解手記 (8千字)2001-08-31REM
- 破解GIF Movie Gear 3.01 (8千字)2002-03-13
- 破解過程-----請多多指教 (2千字)2000-12-31
- 對不起,該軟體未經測試便弄上來,讓大家笑話了,下面是基本完整破解版。 (19千字)2001-08-17
- 門診收費票據列印程式碼,望大家指正2011-01-27
- winxp總管破解筆記(一) (8千字)2002-10-07筆記
- 破解WS_FTP Pro 7.02 (8千字)2001-10-28FTP
- SeaMoon Pic Hunter 1.2破解手記 (8千字)2015-11-15
- 破解心得之WinImage篇 (15千字)2001-07-01
- 破解心得之eXeScope篇 (9千字)2001-07-01
- 騰博條形碼生產-管理系統破解過程,看完後大家不準扔鞋^_^ (2千字)2001-06-26
- 申請加入BCG之第一篇!------LC3破解! (2千字)2001-10-06
- 對多種情況下控制檔案的理解與疑問,請指正。2007-11-30
- 申請加入BCG之第二篇!博奧彩票白金版破解---破解初學者之嘔血篇 (5千字)2001-10-06
- BCG和FCG的作業,請PETER大哥笑納,勝新庫管王601版完美破解!!! (2千字)2001-09-14
- Advanced
PDF Password Recovery Pro 2.12的不完美破解 (12千字)2003-05-20
- 爆破NetSpeeder v1.0(我是初學者,不知破得對不對,大家幫我看看好嗎?
) (7千字)2002-08-02
- Password Keeper v6.3破解過程 (8千字)2002-04-12
- 破解華琦庫管精靈1.2.4 (8千字)2000-09-11
- PwlTool的功能限制的破解---DDXia[CCG] (8千字)2001-03-10
- 使用KERNEL32.DLL破解???(譯文)
(8千字)2000-08-29