CUTEVIDEO 1.0破解 (4千字)

CUTEVIDEO 1.0破解
Crack by fwnl
軟體說明：一個的處理AVI和MEPG格式的程式
破解工具:w32dasm TRW2000

起動程式隨便填入註冊碼，彈出Invalid Registration Key!
於是用w32dasm反編譯，在字串參考中找到Invalid Registration Key!
於是來到下面這裡:

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00413F31(C) 可知這裡是00413F31跳來,於是找00413F31
|
:0041401F 6A00 push 00000000
:00414021 8D45B2 lea eax, dword ptr [ebp-4E]
:00414024 E82BDAFEFF call 00401A54
:00414029 B202 mov dl, 02
:0041402B E858DAFEFF call 00401A88
:00414030 668B08 mov cx, word ptr [eax]
:00414033 51 push ecx
:00414034 66C745CC5000 mov [ebp-34], 0050

* Possible StringData Ref from Data Obj ->"Invalid Registration Key!" ===================

用TRW2000載入程式後bpx 00413f31，F5返回填入註冊碼,點0k後程式中斷在
00413f31.發現這個跳轉語句的狀態是(jump)，於是就 r fl z 使它(no jump)
F5返回發現程式註冊了，關了重來也是註冊了，後來發現程式在登錄檔作了個記號
表示註冊:
REGEDIT4

[HKEY_CLASSES_ROOT\CLSID\{AE12B0-CFDH31111-999000M-44DAW}\id]
"12CFF0321010"="1"
"12CFF0321011"=""

要得到註冊碼向上跟蹤發現:00413EC6處 d eax得真的註冊碼

:00413E8F 8D55F4 lea edx, dword ptr [ebp-0C]
:00413E92 FF32 push dword ptr [edx]
:00413E94 8D45FC lea eax, dword ptr [ebp-04]
:00413E97 E878D7FEFF call 00401614
:00413E9C 50 push eax
:00413E9D FF45D8 inc [ebp-28]
:00413EA0 E8D70B0000 call 00414A7C
:00413EA5 83C408 add esp, 00000008
:00413EA8 FF4DD8 dec [ebp-28]
:00413EAB 8D45F4 lea eax, dword ptr [ebp-0C]
:00413EAE BA02000000 mov edx, 00000002
:00413EB3 E884240700 call 0048633C
:00413EB8 66C745CC1400 mov [ebp-34], 0014
:00413EBE 8D45FC lea eax, dword ptr [ebp-04]
:00413EC1 E86EDBFEFF call 00401A34
:00413EC6 50 push eax ===================d eax 真碼
:00413EC7 E8883B0600 call 00477A54
:00413ECC 59 pop ecx
:00413ECD 83F806 cmp eax, 00000006
:00413ED0 731F jnb 00413EF1
:00413ED2 FF4DD8 dec [ebp-28]
:00413ED5 8D45FC lea eax, dword ptr [ebp-04]
:00413ED8 BA02000000 mov edx, 00000002
:00413EDD E85A240700 call 0048633C
:00413EE2 8B4DBC mov ecx, dword ptr [ebp-44]
:00413EE5 64890D00000000 mov dword ptr fs:[00000000], ecx
:00413EEC E98D010000 jmp 0041407E

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00413ED0(C)
|
:00413EF1 66C745CC2C00 mov [ebp-34], 002C
:00413EF7 8D45F0 lea eax, dword ptr [ebp-10]
:00413EFA E815D7FEFF call 00401614
:00413EFF 8BD0 mov edx, eax
:00413F01 FF45D8 inc [ebp-28]
:00413F04 8B4DB8 mov ecx, dword ptr [ebp-48]
:00413F07 8B81E0020000 mov eax, dword ptr [ecx+000002E0]
:00413F0D E8DAA00300 call 0044DFEC
:00413F12 8D45F0 lea eax, dword ptr [ebp-10]
:00413F15 8D55FC lea edx, dword ptr [ebp-04]
:00413F18 E803250700 call 00486420
:00413F1D 50 push eax
:00413F1E FF4DD8 dec [ebp-28]
:00413F21 8D45F0 lea eax, dword ptr [ebp-10]
:00413F24 BA02000000 mov edx, 00000002
:00413F29 E80E240700 call 0048633C
:00413F2E 59 pop ecx
:00413F2F 84C9 test cl, cl
:00413F31 0F84E8000000 je 0041401F //不跳就註冊成功
:00413F37 68F0024A00 push 004A02F0
:00413F3C 8D8588FBFFFF lea eax, dword ptr [ebp+FFFFFB88]
:00413F42 50 push eax
:00413F43 E8DC3A0600 call 00477A24
:00413F48 83C408 add esp, 00000008
fwnl
這個程式用bpx hmemcpy 中斷不了 2002.2.28
name:fwnlfwnl sn: o7s:8m:s6s5o 長沙
****** ***
*** **
******** **** ** *** ****** **
** *** * ** ** ** **
*** ******* *** ** ***
** ** ** ** *** ****
***

CUTEVIDEO 1.0破解 (4千字)

相關文章