時間限制――GoSURF v1.7 Beta 3 Build 1.7.307.4629
下載頁面:
http://www.skycn.com/soft/7169.html
軟體大小: 1951 KB
軟體語言: 簡體中文
軟體類別: 國產軟體 / 免費版 / 主頁瀏覽
應用平臺: Win9x/NT/2000/XP
加入時間: 2003-07-06 17:15:42
下載次數: 333557
推薦等級: ****
開 發 商: http://www.mmjd.com/gosurf/
【軟體簡介】:最IN的多頁面瀏覽器!重現最逼真的IE介面,並提供多項貼心功能:- 加強對網頁圖片、文字的儲存,一拖就存。- 強大的廣告過濾,可以阻擋彈出視窗和各種廣告條。-
超強的網頁病毒保護,能防止惡意程式碼的襲擊。- 穩定的工作,對意外崩潰時進行資料保護。- 提供方便的線上翻譯和瀏覽代理,衝浪無障礙。- 快速準確的分類搜尋,輕鬆獲得訊息。
【軟體限制】:60天試用
【作者宣告】:初學Crack,只是感興趣,沒有其它目的。失誤之處敬請諸位大俠賜教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、PEiD、pe-scan、W32Dasm 9.0白金版
―――――――――――――――――――――――――――――――――
【過 程】:
GoSuRF.exe 是EXE32Pack 1.38 殼,用 pe-scan 脫之。1.09M->3.92M。 Delphi 編寫。
免費午餐結束了。60天試用,要求註冊碼。呵呵,先試試解除其時間限制了。演算法以後再說吧 ^-^
下BPX GetLocalTime F5 2次,F11返回,終於來到核心!
―――――――――――――――――――――――――――――――――
一、發現下面的0040B13A ret 回這裡!
:004B2F4C 7979
jns 004B2FC7
:004B2F4E 7979
jns 004B2FC9
:004B2F50 2D6D6D2D64 sub eax,
642D6D6D
:004B2F55 64
BYTE 064h
:004B2F56 0000
add byte ptr [eax], al
* Referenced by a CALL at Addresses:
|:004B20AE , :00581C43
|
:004B2F58 53
push ebx
:004B2F59 8BD8
mov ebx, eax
:004B2F5B E88C81F5FF call
0040B0EC
====>關鍵CALL①!取當前系統時間運算!進入!
:004B2F60 83C4F8
add esp, FFFFFFF8
:004B2F63 DD1C24 fstp
qword ptr [esp]
====>ST=38186.594262615741170
:004B2F66 9B
wait
:004B2F67 8BC3
mov eax, ebx
====>EAX=2003-11-09
:004B2F69 E81AFFFFFF
call 004B2E88
====>關鍵CALL②!對2003-11-09運算!進入!
:004B2F6E 83C4F8
add esp, FFFFFFF8
:004B2F71 DD1C24 fstp
qword ptr [esp]
====>ST=37934.000000000000000
:004B2F74 9B
wait
:004B2F75 E8FAFEFFFF call
004B2E74
====>關鍵CALL③!進入!
:004B2F7A 5B
pop ebx
:004B2F7B C3
ret
―――――――――――――――――――――――――――――――――
1、進入關鍵CALL①:004B2F5B call 0040B0EC 取當前系統時間運算!
* Referenced by a CALL at Addresses:
|:004B212E , :004B24B1 , :004B24C7 , :004B2AEC
, :004B2F5B
|:005411FE , :0055AA2E , :0055AA37
|
:0040B0EC 83C4E0 add
esp, FFFFFFE0
:0040B0EF 8D442408 lea
eax, dword ptr [esp+08]
:0040B0F3 50
push eax
* Reference To: kernel32.GetLocalTime,
Ord:0000h
====>GetLocalTime 取當前系統時間!
:0040B0F4 E823C9FFFF
Call 00407A1C
:0040B0F9 668B4C240E mov cx,
word ptr [esp+0E]
====>CX=12 日期:18日
:0040B0FE 668B54240A
mov dx, word ptr [esp+0A]
====>DX=07 7月
:0040B103 668B442408
mov ax, word ptr [esp+08]
====>AX=07D4 2004年
:0040B108 E843FDFFFF
call 0040AE50
====>對當前日期進行運算!得出下面的值!
:0040B10D DD5C2418
fstp qword ptr [esp+18]
====>[esp+18]=38186.000000000000000
:0040B111 9B
wait
:0040B112 668B442416 mov ax,
word ptr [esp+16]
:0040B117 50
push eax
:0040B118 668B4C2418 mov cx,
word ptr [esp+18]
====>CX=2C
:0040B11D 668B542416
mov dx, word ptr [esp+16]
====>DX=F
:0040B122 668B442414
mov ax, word ptr [esp+14]
====>AX=E
:0040B127 E84CFBFFFF
call 0040AC78
====>對上面的值進行運算!得出下面的值!
:0040B12C DC442418
fadd qword ptr [esp+18]
====>[esp+18]=38186.000000000000000 + 0.5942626157407407961=38186.594262615740740
:0040B130 DD1C24
fstp qword ptr [esp]
:0040B133 9B
wait
:0040B134 DD0424 fld
qword ptr [esp]
:0040B137 83C420 add
esp, 00000020
:0040B13A C3
ret
―――――――――――――――――――――――――――――――――
2、進入關鍵CALL②:004B2F69 call 004B2E88 取2003-11-09運算!
* Referenced by a CALL at Address:
|:004B2F69
|
:004B2E88 55
push ebp
:004B2E89 8BEC
mov ebp, esp
:004B2E8B 83C4F0 add
esp, FFFFFFF0
:004B2E8E 53
push ebx
:004B2E8F 56
push esi
:004B2E90 8945FC mov
dword ptr [ebp-04], eax
:004B2E93 8B45FC mov
eax, dword ptr [ebp-04]
:004B2E96 E86513F5FF call
00404200
:004B2E9B 33C0
xor eax, eax
:004B2E9D 55
push ebp
:004B2E9E 68142F4B00 push
004B2F14
:004B2EA3 64FF30 push
dword ptr fs:[eax]
:004B2EA6 648920 mov
dword ptr fs:[eax], esp
:004B2EA9 8B45FC mov
eax, dword ptr [ebp-04]
:004B2EAC E89B11F5FF call
0040404C
:004B2EB1 83F80A cmp
eax, 0000000A
:004B2EB4 7512
jne 004B2EC8
:004B2EB6 8B45FC mov
eax, dword ptr [ebp-04]
:004B2EB9 8078042D cmp
byte ptr [eax+04], 2D
:004B2EBD 7509
jne 004B2EC8
:004B2EBF 8B45FC mov
eax, dword ptr [ebp-04]
:004B2EC2 8078072D cmp
byte ptr [eax+07], 2D
:004B2EC6 740B
je 004B2ED3
* Referenced by a (U)nconditional
or (C)onditional Jump at Addresses:
|:004B2EB4(C), :004B2EBD(C)
|
:004B2EC8 E8F381F5FF call
0040B0C0
:004B2ECD DD5DF0 fstp
qword ptr [ebp-10]
:004B2ED0 9B
wait
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B2E56(C)
|
:004B2ED1 EB2B
jmp 004B2EFE
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B2EC6(C)
|
:004B2ED3 8D45FC lea
eax, dword ptr [ebp-04]
:004B2ED6 E84D72FFFF call
004AA128
:004B2EDB 8BD8
mov ebx, eax
:004B2EDD 8D45FC lea
eax, dword ptr [ebp-04]
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B2E6A(C)
|
:004B2EE0 E84372FFFF call
004AA128
:004B2EE5 8BF0
mov esi, eax
:004B2EE7 8D45FC lea
eax, dword ptr [ebp-04]
:004B2EEA E83972FFFF call
004AA128
:004B2EEF 8BC8
mov ecx, eax
:004B2EF1 8BD6
mov edx, esi
:004B2EF3 8BC3
mov eax, ebx
:004B2EF5 E8567FF5FF call
0040AE50
====>運算!得出下面的值!
:004B2EFA DD5DF0
fstp qword ptr [ebp-10]
====>ST=37934.000000000000000
:004B2EFD 9B wait
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B2ED1(U)
|
:004B2EFE 33C0
xor eax, eax
:004B2F00 5A
pop edx
:004B2F01 59
pop ecx
:004B2F02 59
pop ecx
:004B2F03 648910 mov
dword ptr fs:[eax], edx
:004B2F06 681B2F4B00 push
004B2F1B
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B2F19(U)
|
:004B2F0B 8D45FC lea
eax, dword ptr [ebp-04]
:004B2F0E E8A90EF5FF call
00403DBC
:004B2F13 C3
ret
―――――――――――――――――――――――――――――――――
3、進入關鍵CALL③:004B2F75 call 004B2E74
* Referenced by a CALL at Addresses:
|:004B1ADD , :004B1B0D , :004B1D88 , :004B2F75
|
:004B2E74 55
push ebp
:004B2E75 8BEC
mov ebp, esp
:004B2E77 DD4510 fld
qword ptr [ebp+10]
:004B2E7A DC6508 fsub
qword ptr [ebp+08]
====>ST=38186.594262615740740 - 37934.00000000000=252.59426261574117240
:004B2E7D E872FCF4FF
call 00402AF4
:004B2E82 5D
pop ebp
:004B2E83 C21000 ret
0010
―――――――――――――――――――――――――――――――――
二、上面一處004B2F7B ret 返回到4B20B3
* Referenced by a CALL at Address:
|:00581F0D
|
:004B2094 53
push ebx
:004B2095 56
push esi
:004B2096 8BF0
mov esi, eax
:004B2098 8BC6
mov eax, esi
:004B209A E87DFAFFFF call
004B1B1C
:004B209F 80BE9100000000 cmp byte ptr [esi+00000091],
00
:004B20A6 7427
je 004B20CF
:004B20A8 8B8694000000 mov eax, dword
ptr [esi+00000094]
:004B20AE E8A50E0000 call
004B2F58
====>這裡進入一!
:004B20B3 85C0
test eax, eax
====>返回到這裡!EAX=252 即:4B2E7A處相減的結果!
====>完美去除時間限制!爆破點!讓EAX永遠=0 ^v^
^v^
:004B20B5 7E0C
jle 004B20C3
====>不跳!OVER!
:004B20B7 C6869000000003 mov byte ptr [esi+00000090],
03
:004B20BE E9D0000000 jmp 004B2193
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B20B5(C)
|
:004B20C3 C6869000000004 mov byte ptr [esi+00000090],
04
:004B20CA E9C4000000 jmp 004B2193
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004B20A6(C)
|
:004B20CF 8BC6
mov eax, esi
:004B20D1 E832030000 call
004B2408
:004B20D6 84C0
test al, al
:004B20D8 0F858D000000 jne 004B216B
:004B20DE DD4630 fld
qword ptr [esi+30]
:004B20E1 D81DC4214B00 fcomp dword
ptr [004B21C4]
====>比較時間還剩多少!
:004B20E7 DFE0
fstsw ax
:004B20E9 9E
sahf
:004B20EA 750C
jne 004B20F8
:004B20EC 8BC6
mov eax, esi
:004B20EE E89D030000 call
004B2490
:004B20F3 E99B000000 jmp 004B2193
…… ……省 略…… ……
―――――――――――――――――――――――――――――――――
附:進入關鍵CALL:0040B108 call 0040AE50 對日期進行運算!
再進入:0040AE7C call 0040AD88
* Referenced by a CALL at Addresses:
|:0040AE7C , :0040C2E3
|
:0040AD88 55
push ebp
:0040AD89 8BEC
mov ebp, esp
:0040AD8B 83C4F8 add
esp, FFFFFFF8
:0040AD8E 53
push ebx
:0040AD8F 56
push esi
:0040AD90 57
push edi
:0040AD91 8BD9
mov ebx, ecx
:0040AD93 8BFA
mov edi, edx
:0040AD95 668945FE mov
word ptr [ebp-02], ax
:0040AD99 C645FD00 mov
[ebp-03], 00
:0040AD9D 668B45FE mov
ax, word ptr [ebp-02]
:0040ADA1 E8A6FFFFFF call
0040AD4C
:0040ADA6 83E07F and
eax, 0000007F
:0040ADA9 8D0440 lea
eax, dword ptr [eax+2*eax]
:0040ADAC 8D34C53C315800 lea esi, dword
ptr [8*eax+0058313C]
:0040ADB3 66837DFE01 cmp word
ptr [ebp-02], 0001
:0040ADB8 0F8286000000 jb 0040AE44
:0040ADBE 66817DFE0F27 cmp word ptr
[ebp-02], 270F
:0040ADC4 777E
ja 0040AE44
:0040ADC6 6683FF01 cmp
di, 0001
:0040ADCA 7278
jb 0040AE44
:0040ADCC 6683FF0C cmp
di, 000C
:0040ADD0 7772
ja 0040AE44
:0040ADD2 6683FB01 cmp
bx, 0001
:0040ADD6 726C
jb 0040AE44
:0040ADD8 0FB7C7 movzx
eax, di
:0040ADDB 663B5C46FE cmp bx,
word ptr [esi+2*eax-02]
:0040ADE0 7762
ja 0040AE44
:0040ADE2 0FB7C7 movzx
eax, di
:0040ADE5 48
dec eax
:0040ADE6 85C0
test eax, eax
:0040ADE8 7E0E
jle 0040ADF8
:0040ADEA B901000000 mov ecx,
00000001
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0040ADF6(C)
|
:0040ADEF 66035C4EFE add bx,
word ptr [esi+2*ecx-02]
:0040ADF4 41
inc ecx
:0040ADF5 48
dec eax
:0040ADF6 75F7
jne 0040ADEF
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0040ADE8(C)
|
:0040ADF8 0FB74DFE movzx
ecx, word ptr [ebp-02]
:0040ADFC 49
dec ecx
:0040ADFD 8BC1
mov eax, ecx
:0040ADFF BE64000000 mov esi,
00000064
:0040AE04 99
cdq
:0040AE05 F7FE
idiv esi
:0040AE07 69F16D010000 imul esi,
ecx, 0000016D
:0040AE0D 8BD1
mov edx, ecx
:0040AE0F 85D2
test edx, edx
:0040AE11 7903
jns 0040AE16
:0040AE13 83C203 add
edx, 00000003
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:0040AE11(C)
|
:0040AE16 C1FA02 sar
edx, 02
:0040AE19 03F2
add esi, edx
:0040AE1B 2BF0
sub esi, eax
:0040AE1D 8BC1
mov eax, ecx
:0040AE1F B990010000 mov ecx,
00000190
:0040AE24 99
cdq
:0040AE25 F7F9
idiv ecx
:0040AE27 03F0
add esi, eax
:0040AE29 0FB7C3 movzx
eax, bx
:0040AE2C 03F0
add esi, eax
:0040AE2E 81EE5A950A00 sub esi, 000A955A
:0040AE34 8975F8 mov
dword ptr [ebp-08], esi
:0040AE37 DB45F8 fild
dword ptr [ebp-08]
:0040AE3A 8B4508 mov
eax, dword ptr [ebp+08]
:0040AE3D DD18
fstp qword ptr [eax]
:0040AE3F 9B
wait
:0040AE40 C645FD01 mov
[ebp-03], 01
* Referenced by a (U)nconditional
or (C)onditional Jump at Addresses:
|:0040ADB8(C), :0040ADC4(C), :0040ADCA(C), :0040ADD0(C), :0040ADD6(C)
|:0040ADE0(C)
|
:0040AE44 8A45FD mov
al, byte ptr [ebp-03]
:0040AE47 5F
pop edi
:0040AE48 5E
pop esi
:0040AE49 5B
pop ebx
:0040AE4A 59
pop ecx
:0040AE4B 59
pop ecx
:0040AE4C 5D
pop ebp
:0040AE4D C20400 ret
0004
―――――――――――――――――――――――――――――――――
【完 美 爆 破】:
004B20B3 85C0
test eax, eax
改為: 33C0
xor eax, eax 去除時間限制!
―――――――――――――――――――――――――――――――――
, _/
/| _.-~/ \_
, 青春都一餉
( /~ /
\~-._ |\
`\\ _/
\ ~\ ) 忍把浮名
_-~~~-.) )__/;;,. \_
//'
/'_,\ --~ \ ~~~- ,;;\___( (.-~~~-.
換了破解輕狂
`~ _( ,_..--\ ( ,;'' / ~-- /._`\
/~~//' /' `~\ ) /--.._, )_ `~
" `~" " `"
/~'`\ `\\~~\
" " "~' ""
Cracked By 巢水工作坊――fly [OCN][FCG]
2003-07-18 15:45:07
相關文章
- 破解 Windows 2000 RC3 的時間限制2015-11-15Windows
- 使用 Element+vue實現開始時間結束時間限制2020-12-03Vue
- 軟體版本GA,RC,alpha,beta,Build 含義2014-07-21UI
- nginx限制上傳大小和超時時間設定說明/php限制上傳大小2017-10-17NginxPHP
- 用VB“破解”有時間限制的程式 (轉)2007-12-04
- DOTA 2卡牌遊戲《Artifact》BETA測試時間公佈2018-08-21遊戲
- 用W32DASM破解Macro
MagicV4.1p時間限制 (3千字)2000-02-21ASMMac
- DB2中的限制之四日期時間的限制 (轉)2007-08-16DB2
- 傳播小知識:timeout限制時間命令2020-09-13
- ModelMaker Code Explorer 的時間限制 ((290字)2015-11-15
- Redis限制在規定時間範圍內登陸錯誤次數限制2017-10-25Redis
- docker-compose build workspace PHP-fpm 時間很長2019-04-25DockerUIPHP
- 微軟Win10 Build手機版曝光 推送時間未定2015-03-17微軟Win10UI
- Web(Cache)Browser v1.72021-11-29Web
- 在使用alter system switch log的時候無時間限制的等待2008-05-19
- as3 時間格式工具2019-05-11S3
- iOS10beta32016-07-20iOS
- Laravel 登入失敗次數限制 等待時間遞增2018-10-20Laravel
- CuteFTP V4.0的時間限制解除! (4千字)2001-04-15FTP
- CSS3時間軸效果2017-04-05CSSS3
- 手動脫時間提醒助手
Build 2003.12.082015-11-15UI
- 解惑3:時間頻度,演算法時間複雜度2020-06-27演算法時間複雜度
- Flutter beta3 使用感受2018-05-17Flutter
- 也談.Net中間語言——破解Delphi2CS行數和時間限制2013-08-17
- 轉貼:破解時間限制的老文章(一) (2千字)2000-10-23
- 轉貼:破解時間限制的老文章(二) (2千字)2000-10-23
- 巨好的俄羅斯方塊時間限制破解 (1千字)2001-05-04
- 蘋果iOS 9.3.3正式釋出 同時推出iOS10 Beta32016-07-20蘋果iOS
- 求問介面訪問有時間限制的壓測怎麼做?2020-06-19
- 一個典型的時間限制軟體的破解 (4千字)2001-01-29
- 暴力破解Paragon CD Emulator時間及功能限制 (7千字)2001-03-24Go
- c#實現的破解程式--針對軟體使用時間限制2013-02-22C#
- Flutter Beta 3 新特性概覽2018-05-10Flutter
- 國內首家!網易易盾加固第一時間適配Android Q Beta2019-03-14Android
- 【辛佳雨】Flex builder 3 beta3 crack2008-06-05FlexUI
- OCR實時翻譯軟體 Bob 0.5.0.beta3 Mac中文版2020-08-25Mac
- iOS11.4.1beta3升級攻略 iOS11.4.1beta3怎麼升級2018-06-19iOS
- 微軟釋出Win10 Build 17120:WDAG啟動時間縮短2018-03-15微軟Win10UI