用W32DASM破解圖形捕捉ScreenTaker 最新版本：2.21 (7千字)

用W32DASM破解圖形捕捉ScreenTaker 最新版本：2.21（轉載希望保持完整）
作者：丁丁蝦又名：DDXia

檔案大小：572KB
軟體授權：共享軟體
使用平臺：Win95/98/NT
釋出公司：Home Page
軟體簡介：
　　螢幕複製工具，可以複製整個視窗、桌面或者是指定區域，支援 BMP、JPEG、{CX、TGA、TIFF 格式。
http://www.newhua.com.cn/down/stake221.zip
破解完這個軟體，我真想大哭一場。。。。555555。。。別，別這樣，革命尚未成
功。今天終於明白：長夜漫漫，我獨行；踏破鐵鞋，無覓處；唉，得來全不費工夫。
老一套用W32DASM載入STaker.EXE，查詢註冊失敗的視窗中的E文，肯定沒有啦！為什麼？胡亂的追蹤了十幾分鍾，沒有什麼結果！本想放棄！無意中看見在它的目錄中還有一個EXE檔案---Config.exe.載入看一看！再查詢註冊失敗的視窗中的E文，半秒就
找到了"Invalid registration key."---->我第一次有哭的感覺。
再往上檢視有沒有類似je cmp 或jne

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043FA51(C)
|
:0043FAB8 8B83A0020000 mov eax, dword ptr [ebx+000002A0]
:0043FABE E8C5B4FDFF call 0041AF88
:0043FAC3 8B55FC mov edx, dword ptr [ebp-04]
:0043FAC6 8B06 mov eax, dword ptr [esi]
:0043FAC8 83C00C add eax, 0000000C
:0043FACB E8603CFCFF call 00403730
:0043FAD0 8D55FC lea edx, dword ptr [ebp-04]
:0043FAD3 8B83B0020000 mov eax, dword ptr [ebx+000002B0]
:0043FAD9 E8AAB4FDFF call 0041AF88
:0043FADE 8B55FC mov edx, dword ptr [ebp-04]
:0043FAE1 8B06 mov eax, dword ptr [esi]
:0043FAE3 83C010 add eax, 00000010
:0043FAE6 E8453CFCFF call 00403730
:0043FAEB 8D55FC lea edx, dword ptr [ebp-04]
:0043FAEE 8B83B4020000 mov eax, dword ptr [ebx+000002B4]
:0043FAF4 E88FB4FDFF call 0041AF88
:0043FAF9 8B55FC mov edx, dword ptr [ebp-04]
:0043FAFC 8B06 mov eax, dword ptr [esi]
:0043FAFE 83C014 add eax, 00000014
:0043FB01 E82A3CFCFF call 00403730
:0043FB06 8D55FC lea edx, dword ptr [ebp-04]
:0043FB09 8B83B8020000 mov eax, dword ptr [ebx+000002B8]
:0043FB0F E874B4FDFF call 0041AF88
:0043FB14 8B55FC mov edx, dword ptr [ebp-04]
:0043FB17 8B06 mov eax, dword ptr [esi]
:0043FB19 83C018 add eax, 00000018
:0043FB1C E80F3CFCFF call 00403730
:0043FB21 8D55FC lea edx, dword ptr [ebp-04]
:0043FB24 8B83C0020000 mov eax, dword ptr [ebx+000002C0]
:0043FB2A E859B4FDFF call 0041AF88
:0043FB2F FF75FC push [ebp-04]
:0043FB32 6834FC4300 push 0043FC34
:0043FB37 8D55F8 lea edx, dword ptr [ebp-08]
:0043FB3A 8B83C8020000 mov eax, dword ptr [ebx+000002C8]
:0043FB40 E843B4FDFF call 0041AF88
:0043FB45 FF75F8 push [ebp-08]
:0043FB48 8B06 mov eax, dword ptr [esi]
:0043FB4A 83C01C add eax, 0000001C
:0043FB4D BA03000000 mov edx, 00000003
:0043FB52 E8C13EFCFF call 00403A18
:0043FB57 8B06 mov eax, dword ptr [esi]
:0043FB59 E80ED8FFFF call 0043D36C
^^^^^^^^^^^^^---> 比較註冊碼
:0043FB5E 84C0 test al, al
:0043FB60 0F8489000000 je 0043FBEF
^^^^^^^^^^---->就是它了，改為jne就行了

下面一堆東東是把你填寫的註冊資訊寫入登錄檔中，
位置在HKCU\Software\GBSoft\STaker\下，可以看一看，

* Possible StringData Ref from Code Obj ->"Software\GBSoft\STaker"
|
:0043FB66 BA40FC4300 mov edx, 0043FC40
:0043FB6B 8B06 mov eax, dword ptr [esi]
:0043FB6D E80ED6FFFF call 0043D180
:0043FB72 8B06 mov eax, dword ptr [esi]
:0043FB74 8B5004 mov edx, dword ptr [eax+04]
:0043FB77 8B83E4020000 mov eax, dword ptr [ebx+000002E4]
:0043FB7D E836B4FDFF call 0041AFB8
:0043FB82 8B06 mov eax, dword ptr [esi]
:0043FB84 8B5008 mov edx, dword ptr [eax+08]
:0043FB87 8B83EC020000 mov eax, dword ptr [ebx+000002EC]
:0043FB8D E826B4FDFF call 0041AFB8
:0043FB92 8B06 mov eax, dword ptr [esi]
:0043FB94 8B500C mov edx, dword ptr [eax+0C]
:0043FB97 8B83F4020000 mov eax, dword ptr [ebx+000002F4]
:0043FB9D E816B4FDFF call 0041AFB8
:0043FBA2 8B06 mov eax, dword ptr [esi]
:0043FBA4 8B5010 mov edx, dword ptr [eax+10]
:0043FBA7 8B83FC020000 mov eax, dword ptr [ebx+000002FC]
:0043FBAD E806B4FDFF call 0041AFB8
:0043FBB2 8B06 mov eax, dword ptr [esi]
:0043FBB4 8B5014 mov edx, dword ptr [eax+14]
:0043FBB7 8B8300030000 mov eax, dword ptr [ebx+00000300]
:0043FBBD E8F6B3FDFF call 0041AFB8
:0043FBC2 8B06 mov eax, dword ptr [esi]
:0043FBC4 8B5018 mov edx, dword ptr [eax+18]
:0043FBC7 8B8304030000 mov eax, dword ptr [ebx+00000304]
:0043FBCD E8E6B3FDFF call 0041AFB8
:0043FBD2 8B06 mov eax, dword ptr [esi]
:0043FBD4 8B501C mov edx, dword ptr [eax+1C]
:0043FBD7 8B830C030000 mov eax, dword ptr [ebx+0000030C]
:0043FBDD E8D6B3FDFF call 0041AFB8
:0043FBE2 8B83D8020000 mov eax, dword ptr [ebx+000002D8]
:0043FBE8 E817B8FDFF call 0041B404
:0043FBED EB14 jmp 0043FC03

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043FB60(C)
|
:0043FBEF 6A00 push 00000000

* Possible StringData Ref from Code Obj ->"ScreenTaker - Error"
|
:0043FBF1 A1241A4400 mov eax, dword ptr [00441A24]
:0043FBF6 50 push eax

##########################################################
* Possible StringData Ref from Code Obj ->"Invalid registration key."
###################################^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
---->往上看有沒有類似je cmp 或jne

:0043FBF7 6858FC4300 push 0043FC58
:0043FBFC 6A00 push 00000000

* Reference To: user32.MessageBoxA, Ord:0000h
|
:0043FBFE E8815CFCFF Call 00405884

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0043FA79(C), :0043FBED(U)
|
:0043FC03 33C0 xor eax, eax
:0043FC05 5A pop edx
:0043FC06 59 pop ecx
:0043FC07 59 pop ecx
:0043FC08 648910 mov dword ptr fs:[eax], edx

* Possible StringData Ref from Code Obj ->"^[YY]"
|
:0043FC0B 6825FC4300 push 0043FC25

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043FC23(U)
|
:0043FC10 8D45F8 lea eax, dword ptr [ebp-08]
:0043FC13 BA02000000 mov edx, 00000002
:0043FC18 E8E33AFCFF call 00403700
:0043FC1D C3 ret

別以為這樣就大功告成了，嘻嘻.......不信試一下。
雖然填下了亂碼，它當時就說註冊成功了，但每執行一次都要註冊一次，對嗎？？？
做為一名小NEWBABIES更要追到底，否則就不會有什麼成功的感覺了？動一下腦筋哦？？如果有好方法，請回一貼吧！！！
(待續）寫作時間
2000.2.19.00:10

用W32DASM破解圖形捕捉ScreenTaker 最新版本：2.21 (7千字)

相關文章