軟體名稱:UniView 1.62
破解工具:ollydbg 1.06, W32DSM
破解方法:爆破法
宣告:
此文僅用於學習之用,轉載請註明出處。本人對讀者閱讀本文之後的行為不負任何責任。
請尊重軟體開發者的權利,如果你真的喜歡 一個軟體,請支援它!
破解過程:
該軟體是用upx加殼的,如果用去殼再反編譯破的話也很快,但太煩了。所以,就用ollydbg直接跟了。
1.開啟uniview.exe和ollydbg,attach到uniview
2.Alt+E選uniview,進入主領空
3.Analyse
Code後,再切到註冊視窗,隨便輸入名字和註冊碼,跳出錯誤視窗
4.在ollydbg裡按F12,暫停,然後在memory window尋找出錯資訊“Invalid
Registration Code!”,沒有找到。不要緊,因為ollydbg的memory window只顯示一個block,再在程式段裡看看,發現一些ASCII碼來自52XXXX於是go
to expression到520000,(或者開啟memory map視窗(View->memory),可以見到uniview的code段位於507000,Dump
in CPU就可以了)再search “Invalid”,oops找到了。在高亮顯示處,find refrence,ok!只找到一處,雙擊進入
5.大家看看下面的程式,隨便你喜歡暴破或者找演算法都沒問題
6.其實註冊碼是多少都無所謂,關鍵是登錄檔裡的主鍵,用一下regmon就知道了
* Possible StringData Ref
from Code Obj ->"System Information"
|
:00524B51 B9CC4B5200 mov
ecx, 00524BCC
* Possible StringData Ref from Code Obj ->"Thank you for
registering UniView
All "
->"upgrades are free to registered "
->"UniView users"
|
:00524B56 BAE04B5200
mov edx, 00524BE0
:00524B5B A11CD95400
mov eax, dword ptr [0054D91C]
:00524B60 8B00
mov eax, dword ptr [eax]
:00524B62 E881E1F2FF call 00452CE8
:00524B67 A1F4D75400 mov
eax, dword ptr [0054D7F4]
:00524B6C 8B00
mov eax, dword ptr [eax]
:00524B6E C6400401
mov [eax+04], 01
:00524B72
A1F4D75400 mov eax, dword ptr
[0054D7F4]
:00524B77 8B00
mov eax, dword ptr [eax]
:00524B79 E8BE8FFCFF
call 004EDB3C
:00524B7E C7833402000001000000
mov dword ptr [ebx+00000234], 00000001
:00524B88 EB18
jmp 00524BA2
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00524B4D(C)
|
:00524B8A 6A10
push 00000010
* Possible StringData Ref from Code Obj
->"Error"
|
:00524B8C B9344C5200
mov ecx, 00524C34
* Possible
StringData Ref from Code Obj ->"Invalid Registration Code!"
|
:00524B91 BA3C4C5200
mov edx, 00524C3C
:00524B96 A11CD95400
mov eax, dword ptr [0054D91C]
:00524B9B 8B00
mov eax, dword
ptr [eax]
:00524B9D E846E1F2FF
call 00452CE8
小結:我很懶,所以我用有了ollydbg
by slimbou[BCG]