花兩分鐘破解ZTZ-IE網路瀏覽器2.0賀歲版[入門看]
今天實在無聊,準備隨便下載個軟體破破!到天空軟體站看看有什麼新軟體值得一用。看了看介紹,這個還不錯〔誇的還不錯!〕下!誰知,只用了兩分鐘…還是無聊,那就練練打字吧!
安裝後檢測是否加殼,什麼殼也沒有!那就下一步吧!
開啟W32Dasm,載入該軟體,找到字串“密碼正確,註冊成功!”,看看上面
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047FC07(C)
|
:0047FC42 8D55F8
lea edx, dword ptr [ebp-08]
:0047FC45 8B86EC020000 mov eax, dword
ptr [esi+000002EC]
:0047FC4B E8C8E3FAFF call 0042E018
:0047FC50 8B45F8
mov eax, dword ptr [ebp-08]
:0047FC53 50
push eax
:0047FC54 8D55F0
lea edx, dword ptr [ebp-10]
:0047FC57 8B86E0020000 mov eax, dword
ptr [esi+000002E0]
:0047FC5D E8B6E3FAFF call 0042E018
:0047FC62 8B45F0
mov eax, dword ptr [ebp-10]
:0047FC65 8D55F4
lea edx, dword ptr [ebp-0C]
:0047FC68 E85FFDFFFF call 0047F9CC
:0047FC6D 8B55F4
mov edx, dword ptr [ebp-0C]
:0047FC70 58
pop eax
:0047FC71 E8A242F8FF call 00403F18
:0047FC76 7533
jne 0047FCAB <== 直覺:註冊碼不正確就跳,跳過去看看!
:0047FC78 BA0B000000 mov edx,
0000000B
* Possible StringData Ref from Code Obj ->"Yire"
|
:0047FC7D B850FD4700 mov eax,
0047FD50
:0047FC82 E8E92E0000 call 00482B70
:0047FC87 6A40
push 00000040
* Possible StringData Ref from Code Obj ->"祝賀你"
|
:0047FC89 B958FD4700 mov ecx,
0047FD58
* Possible StringData Ref from Code Obj ->"密碼正確,註冊成功!"
|
:0047FC8E BA60FD4700 mov edx,
0047FD60
:0047FC93 A120CA4800 mov eax,
dword ptr [0048CA20]
:0047FC98 8B00
mov eax, dword ptr [eax]
:0047FC9A E85DCAFCFF call 0044C6FC
:0047FC9F A130D94800 mov eax,
dword ptr [0048D930]
:0047FCA4 E86F96FCFF call 00449318
:0047FCA9 EB3B
jmp 0047FCE6
從上面跳過來,果然會出現出錯介面!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047FC76(C)
|
:0047FCAB A148CB4800 mov eax,
dword ptr [0048CB48]
:0047FCB0 83381E
cmp dword ptr [eax], 0000001E
:0047FCB3 7C0F
jl 0047FCC4
:0047FCB5 BA01000000 mov edx,
00000001
* Possible StringData Ref from Code Obj ->"Yire"
|
:0047FCBA B850FD4700 mov eax,
0047FD50
:0047FCBF E8AC2E0000 call 00482B70
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047FCB3(C)
|
:0047FCC4 6A40
push 00000040
* Possible StringData Ref from Code Obj ->"警告"
|
:0047FCC6 B978FD4700 mov ecx,
0047FD78
* Possible StringData Ref from Code Obj ->"密碼不正確!"
|
:0047FCCB BA80FD4700 mov edx,
0047FD80
:0047FCD0 A120CA4800 mov eax,
dword ptr [0048CA20]
:0047FCD5 8B00
mov eax, dword ptr [eax]
:0047FCD7 E820CAFCFF call 0044C6FC
:0047FCDC A130D94800 mov eax,
dword ptr [0048D930]
:0047FCE1 E83296FCFF call 00449318
好了,目標明確,進入
:0047FC71 E8A242F8FF call 00403F18
的Call就可以找到註冊碼!
現在輪到trw了!
執行ZTZ-IE網路瀏覽器2.0賀歲版,隨意輸入使用者名稱即註冊碼;
執行trw,下中斷:
bpx 0047fc71
再按F5回到註冊介面,按下確認鍵,立刻trw閃亮登場!!
BC * 清除中斷,D eax 看到我輸入的註冊碼,d edx 當然是正確的註冊碼咯!
現在過了一分五○秒,還有一○″時間進去看看。
F8 鍵進入:
:00403F18 53
push ebx
:00403F19 56
push esi
:00403F1A 57
push edi
:00403F1B 89C6
mov esi, eax
:00403F1D 89D7
mov edi, edx
:00403F1F 39D0
cmp eax, edx <== 這裡是是非比較處!
:00403F21 0F848F000000 je 00403FB6
<== 是就跳
:00403F27 85F6
test esi, esi
:00403F29 7468
je 00403F93
:00403F2B 85FF
test edi, edi
:00403F2D 746B
je 00403F9A
:00403F2F 8B46FC
mov eax, dword ptr [esi-04]
:00403F32 8B57FC
mov edx, dword ptr [edi-04]
:00403F35 29D0
sub eax, edx
:00403F37 7702
ja 00403F3B
:00403F39 01C2
add edx, eax
結果,使用者名稱:leeyam 註冊碼:vyvjyssvsx
簡簡單單,搞定!又開始無聊了!現在就上網試試剛剛破的網路瀏覽器吧!