異想天開的打狗記錄(高手免進) (12千字)
異想天開的打狗記錄:(如有雷同,請版主刪除…………)
* QQ於2002年7月15日晨,共用時29.6分鐘(不包括寫破文20分鐘),其中試用軟體20分鐘。
*目標:國內某工程專案管理軟體《投標版》(VERSION 2.52)
保護 :一隻狗 (啊?什麼狗,你問我啊?我不認識,我一隻狗都不認識
,但絕對不是“狼狗” ^_^ )
目的:去掉不能列印和不能輸出為圖片檔案的限制
工具:W32DASM,fi2.45,UltraEdit8.0,TRW2000
(看雪兄的光碟裡有)
(hai wen gong cheng xiang mu guan li ruan jian)
*軟體簡介:網路計劃技術在現代管理中已經得到了廣泛的應用。作為智慧工具的計算機,對網路計劃技術在工程專案的計劃管理、進度控制、資源管理的應用中可以發揮極大的作用。但是過去的一些計算機軟體還不盡人意:網路圖的編輯功能差、資源管理功能不能滿足實際要求。“XX工程專案管理軟體”在這些方面有了明顯的改進。該軟體採用先進的軟體開發技術,介面美觀,操作簡單明瞭。使用者不需要太多的網路計劃和計算機知識,只要懂工程就可輕鬆地進行工作,………………
*我不願意見到的:軟體在執行時,如果沒有狗,為試用版 ①標題顯示 “軟體序列號:沒有註冊” ②列印時會出現一個對話方塊"請插好軟體狗",然後就返回,不讓你列印
*氣死我了!氣死我了!氣死我了!氣死我了!氣死我了!氣死我了!氣死我了!氣死我了!………………我打……
開工:
先用fi檢查沒有加殼,^_^ 我喜歡!!!!!!!!!!!!!!!!!
那下一步就先用 W32dsm 看看,反編譯成功後,在串式參考查詢出錯的資訊"請插好軟體狗",找到下面第一部分內容。在串式參考查詢資訊"沒有註冊",找到下面第二部分內容(純屬灌水)。
然後呢,就用TRW2000跟蹤,bpx 005050FB (後面的內容請看程式碼段註釋………別忘了,只有在列印的時候才有的看哦……)
**********************************
第一部分:
:005050AF 90
nop
:005050B0 55
push ebp
:005050B1 8BEC
mov ebp, esp
:005050B3 33C9
xor ecx, ecx
:005050B5 51
push ecx
:005050B6 51
push ecx
:005050B7 51
push ecx
:005050B8 51
push ecx
:005050B9
51
push ecx
:005050BA 51
push ecx
:005050BB 53
push ebx
:005050BC 56
push esi
:005050BD
57
push edi
:005050BE 8BF8
mov edi, eax
:005050C0 33C0
xor eax, eax
:005050C2 55
push ebp
:005050C3
6836525000 push 00505236
:005050C8 64FF30
push dword ptr fs:[eax]
:005050CB 648920
mov dword ptr fs:[eax], esp
:005050CE 8D4DFC
lea ecx, dword ptr [ebp-04]
:005050D1 BA09000000 mov
edx, 00000009
:005050D6 B801000000
mov eax, 00000001
:005050DB E81CC3FFFF
call 005013FC
:005050E0 8D4DF0
lea ecx, dword ptr [ebp-10]
:005050E3
BA09000000 mov edx, 00000009
:005050E8 B801000000 mov eax,
00000001
:005050ED E80AC3FFFF
call 005013FC
:005050F2 8B45F0
mov eax, dword ptr [ebp-10]
:005050F5 80780454
cmp byte ptr [eax+04], 54
**
:005050F9 7438
je 00505133
**
:005050FB 8D4DEC
lea ecx, dword ptr [ebp-14] ** 停在這裡
:005050FE BA09000000
mov edx, 00000009
:00505103 B801000000
mov eax, 00000001
:00505108 E8EFC2FFFF
call 005013FC
** 按F10跳過
:0050510D 8B45EC
mov eax, dword ptr [ebp-14] **
D EAX 顯示的是"no dog" ^_^
:00505110 80780454
cmp byte ptr [eax+04], 54 ** 這個比較重要!!!!
54→“T”
:00505114 741D
je 00505133
** 想用嗎?“你就跳啊,大膽的跳啊”
:00505116 6A10
push 00000010
:00505118 B944525000
mov ecx, 00505244
* Possible
StringData Ref from Code Obj ->"請插好軟體狗"
|
:0050511D BA4C525000 mov
edx, 0050524C
:00505122 A1D8075400
mov eax, dword ptr [005407D8]
:00505127 8B00
mov eax, dword ptr [eax]
:00505129
E826C5F4FF call 00451654
:0050512E E9D8000000 jmp 0050520B
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:005050F9(C), :00505114(C)
|
:00505133 8B87E4020000
mov eax, dword ptr [edi+000002E4]
** 到這裡,一切OK
:00505139 83B8F801000000 cmp
dword ptr [eax+000001F8], 00000000
:00505140 7566
jne 005051A8
:00505142 A100095400
mov eax, dword ptr [00540900]
:00505147
8B00 mov
eax, dword ptr [eax]
:00505149 C6803803000001
mov byte ptr [eax+00000338], 01
:00505150 8B87DC020000
mov eax, dword ptr [edi+000002DC]
:00505156 E819C0F9FF
call 004A1174
:0050515B 85C0
test eax, eax
:0050515D 7E39
jle 00505198
:0050515F 8945F4
mov dword ptr [ebp-0C], eax
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00505196(C)
|
:00505162 8B87D4020000
mov eax, dword ptr [edi+000002D4]
:00505168
E807C0F9FF call 004A1174
:0050516D 8BF0
mov esi, eax
:0050516F 8B87D8020000
mov eax, dword ptr [edi+000002D8]
:00505175 E8FABFF9FF
call 004A1174
:0050517A 8BD8
mov ebx, eax
:0050517C 2BDE
sub ebx, esi
:0050517E 7C13
jl 00505193
:00505180 43
inc ebx
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00505191(C)
|
:00505181 A100095400
mov eax, dword ptr [00540900]
:00505186
8B00 mov
eax, dword ptr [eax]
:00505188 8BD6
mov edx, esi
:0050518A E8D52B0000
call 00507D64
:0050518F 46
inc esi
:00505190
4B
dec ebx
:00505191 75EE
jne 00505181
* Referenced by a (U)nconditional or (C)onditional
Jump at Address:
|:0050517E(C)
|
:00505193 FF4DF4
dec [ebp-0C]
:00505196 75CA
jne 00505162
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0050515D(C)
|
:00505198 A100095400
mov eax, dword ptr [00540900]
:0050519D 8B00
mov eax, dword ptr [eax]
:0050519F C6803803000000 mov byte ptr [eax+00000338],
00
:005051A6 EB63
jmp 0050520B
* Referenced by a (U)nconditional or (C)onditional
Jump at Address:
|:00505140(C)
|
:005051A8 8B87E8020000
mov eax, dword ptr [edi+000002E8]
:005051AE 83C054
add eax, 00000054
* Possible StringData Ref from Code Obj ->"Bitmap Files(*.bmp)|*.bmp"
|
:005051B1 BA64525000
mov edx, 00505264
:005051B6 E879EBEFFF
call 00403D34
:005051BB 8B87E8020000
mov eax, dword ptr [edi+000002E8]
:005051C1
8B10 mov
edx, dword ptr [eax]
:005051C3 FF523C
call [edx+3C]
:005051C6 3C01
cmp al, 01
:005051C8 7541
jne 0050520B
:005051CA B201
mov dl, 01
:005051CC A164A24100
mov eax, dword ptr [0041A264]
:005051D1 E822B6F1FF
call 004207F8
:005051D6 8945F8
mov dword ptr [ebp-08], eax
:005051D9
8D55F8 lea edx,
dword ptr [ebp-08]
:005051DC A100095400
mov eax, dword ptr [00540900]
:005051E1 8B00
mov eax, dword ptr [eax]
:005051E3 E87C280000 call 00507A64
:005051E8 8D55E8
lea edx, dword ptr [ebp-18]
:005051EB 8B87E8020000
mov eax, dword ptr [edi+000002E8]
:005051F1 E82234F5FF
call 00458618
:005051F6 8B55E8
mov edx, dword ptr [ebp-18]
:005051F9 8B45F8
mov eax, dword ptr [ebp-08]
:005051FC 8B08
mov ecx, dword ptr [eax]
:005051FE FF514C
call [ecx+4C]
:00505201
B201 mov
dl, 01
:00505203 8B45F8
mov eax, dword ptr [ebp-08]
:00505206 8B08
mov ecx, dword ptr [eax]
:00505208
FF51FC call [ecx-04]
**********************************
第二部分:
:00523B96 8BC0
mov eax, eax
:00523B98 55
push ebp
:00523B99 8BEC
mov ebp, esp
:00523B9B B904000000
mov ecx, 00000004
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00523BA5(C)
|
:00523BA0 6A00
push 00000000
:00523BA2 6A00
push 00000000
:00523BA4 49
dec ecx
:00523BA5 75F9
jne 00523BA0
:00523BA7 51
push ecx
:00523BA8 53
push ebx
:00523BA9 56
push esi
:00523BAA 57
push edi
:00523BAB
8945FC mov dword
ptr [ebp-04], eax
:00523BAE 8B1DCC0A5400
mov ebx, dword ptr [00540ACC]
:00523BB4 8B3504075400
mov esi, dword ptr [00540704]
:00523BBA 33C0
xor eax, eax
:00523BBC 55
push ebp
:00523BBD 6809425200
push 00524209
:00523BC2 64FF30
push dword ptr fs:[eax]
:00523BC5 648920
mov dword ptr fs:[eax], esp
:00523BC8 8D4DEC
lea ecx, dword ptr [ebp-14]
:00523BCB BA09000000
mov edx, 00000009
:00523BD0 B801000000
mov eax, 00000001
:00523BD5 E822D8FDFF
call 005013FC
:00523BDA 8B45EC
mov eax, dword ptr [ebp-14]
* Possible StringData Ref from Code Obj ->"no dog"
**
|
:00523BDD BA20425200 mov
edx, 00524220
:00523BE2 E88504EEFF
call 0040406C
:00523BE7 750D
jne 00523BF6
:00523BE9 8D45EC
lea eax, dword ptr [ebp-14]
* Possible StringData Ref from Code Obj ->"沒有註冊"
**
|
:00523BEC BA30425200
mov edx, 00524230
:00523BF1 E88201EEFF
call 00403D78
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00523BE7(C)
|
:00523BF6 8D55E4
lea edx, dword ptr [ebp-1C]
:00523BF9 8B45FC
mov eax, dword ptr [ebp-04]
:00523BFC
E81710F1FF call 00434C18
:00523C01 FF75E4
push [ebp-1C]
* Possible StringData Ref from Code Obj ->" 軟體序列號:"
**
|
:00523C04
6844425200 push 00524244
:00523C09 FF75EC
push [ebp-14]
:00523C0C 8D45E8
lea eax, dword ptr [ebp-18]
:00523C0F BA03000000
mov edx, 00000003
:00523C14 E80304EEFF
call 0040401C
:00523C19 8B55E8
mov edx, dword ptr [ebp-18]
:00523C1C 8B45FC
mov eax, dword ptr [ebp-04]
:00523C1F E82410F1FF
call 00434C48
:00523C24 A1C8205400
mov eax, dword ptr [005420C8]
:00523C29 8B9094040000
mov edx, dword ptr [eax+00000494]
:00523C2F
A1D8075400 mov eax, dword ptr
[005407D8]
:00523C34 8B00
mov eax, dword ptr [eax]
:00523C36 83C038
add eax, 00000038
*
Possible StringData Ref from Code Obj ->"Havenprj.hlp"
|
:00523C39 B95C425200
mov ecx, 0052425C
:00523C3E E86503EEFF
call 00403FA8
那怎麼改呢?改je 00505133為jmp,沒有意思
:00505110 80780454
cmp byte ptr [eax+04], 54 ** 這個比較重要!!!! 54→“T”
:00505114 741D
je 00505133
那……………………(以下在WINDOWS XP下測試能用,98下稍有不同,但也能用)
我異想天開,我用UltraEdit8.0查詢“no
dog”,全部替換為“TTTTTT”(咳,只有一處,沒勁)
執行,“軟體序列號:沒有註冊”變為“軟體序列號:TTTTTT”
^_^ 有點意思,
更有意思的是:居然能列印了,爽啊!!!!!!!!
那乾脆,我改!我改!我改!我改!我改!我改!
(純屬個人愛好)
"請插好軟體狗"->“我好喜歡你哦” "沒有註冊"->“我不需要” (但執行時,我無論如何都看不見了)
"no dog"->“QQQTTT” " 軟體序列號:"->“某某某破解” (^_^ 每次我看見就
爽啊!!!!!!!!)
第一次寫破文,大家見笑了……
我學習CRACK已經6個月了,也頗有收穫(狗2,A盤1,序列號x個
僅供內部傳閱)
我只是覺得這個破解很有意思,我才寫出來,請高手不要笑…………
我的格言是:不求最好,能用就好,不好也好!
^_^ QQ
相關文章
- 如何破解深思Ⅲ加密狗!想解狗的朋友過來看了!
(10千字)2015-11-15加密
- 《teleport pro 1.28》破解實錄 !!高手莫進!! (5千字)2001-05-03
- 大老的打狗教程第三篇(最終篇)如何解掉,rockey4的狗加密的軟體!
(12千字)2015-11-15加密
- 大老的打狗教程第一篇如解掉hasp的狗!希望對大家有所幫助!大老=[DCG]=
(12千字)2002-06-25
- 識別殼的簡單程式,高手免進。2004-12-14
- 我的第一篇破文,獻給看學學院的!^_^高手免進! (10千字)2015-11-15
- 我的第一篇破文,獻給看學學院! 高手免進! (2千字)2002-06-29
- TDMD軟體狗破解方法(帶狗殺狗) (6千字)2001-10-25
- 高手請進!幫手指出這個演算法裡面的錯誤 (12千字)2001-12-17演算法
- 一個關於狗記錄的Java練習2015-03-26Java
- 安裝安全狗和寶塔mysql打不開2024-11-16MySql
- 關於UltraEdit32 v8.1的註冊校驗(PJ手記).高手免看! (14千字)2002-02-01
- *****管理專家 V1.05版破解實錄 ,敬請高手指點,謝謝!!!
(12千字)2002-10-16
- 破解WorkgroupMail 的30天的時間限制(FCG作業)---高手莫入! (10千字)2015-11-15AI
- 打字高手V3.0前兩天有人問 (4千字)2000-08-05
- 程式碼隨想錄演算法訓練營第28天 | 貪心進階2024-07-30演算法
- 【記錄】Git 是如何打標籤的2019-04-21Git
- [記錄] Git 是如何打標籤的2019-04-21Git
- 軟體狗,dongle
(3千字)2002-12-17
- 20240505記錄《程式碼隨想錄》筆記2024-05-05筆記
- ipse開發高手請進!2004-09-23
- 大老的打狗教程第二篇如解掉,深思3的狗加密的軟體!希望對大家有所幫助!大老=[DCG]=
(13千字)2015-11-15加密
- AOP記錄異常郵件傳送記錄2016-06-12
- CoreDNS解析異常記錄2020-04-22DNS
- BW 異常事件記錄2009-05-19事件
- 某電子書註冊破解實錄,高手莫入。 (6千字)2002-10-05
- 嵌入式狗的 JAVA 入門筆記4 進階。。2021-09-09Java筆記
- 程式碼隨想錄演算法訓練營第15天 | 二叉樹進階2024-07-21演算法二叉樹
- 記錄一次大炮打蚊子的modbustcp通訊連線異常問題定位事件2024-11-02TCP事件
- 記錄使用 guzzlehttp 異常捕獲踩坑記錄2020-04-28HTTP
- 介面詭異的404問題記錄2018-08-16
- go免殺學習記錄2024-08-25Go
- 先別想無人機,谷歌開始考慮用機器狗送貨2016-12-16無人機谷歌
- 記錄Javascript 異常捕獲2019-04-18JavaScript
- "軟體隨想錄" 讀書筆記2017-12-29筆記
- 奇怪的現象,高手進!!!!非高手勿看!2005-11-16
- 拂衣天氣(微天氣 )程式釋出記錄2024-05-04
- 高手請進2004-04-20