smart explorer6.00.17的破解。 (4千字)
smart explorer6.00.17
1、一個極好用的網路瀏覽器,可惜無針對國人的註冊方法,此程式的限制在30天試用,註冊碼不難找,但程式註冊後要上網檢查,如為非法註冊則清除註冊碼,同時試用期歸0,因此重點在於網上驗證部分;那應該破哪呢,動態跟蹤不太現實,想起以前的印豪兄對“人體生物節律”的破解思路,就從網上驗證失效後出現的兩個網頁入手,一個關鍵字為“Evaluation
Expired”,另一個的關鍵字為“expired.html”。
2、程式用aspack壓縮,用最新的AspackDieD解壓,對解壓後的檔案反彙編,找“Evaluation
Expired”,可看到其來自兩處呼叫004BE88D及004CF821,分別過去看看如何跳過去;可知對如下關鍵點004CF810和
004BE86A可跳過對“Evaluation
Expired”的呼叫。
* Referenced by a CALL at Addresses:
|:004BE88D
, :004CF821 ********* 看看如何跳過去 **********
|
:004BCE40 53
push ebx
:004BCE41 8BD8
mov ebx, eax
:004BCE43 8D83180B0000
lea eax, dword ptr [ebx+00000B18]
* Possible
StringData Ref from Code Obj ->"( Evaluation Expired )"
|
:004BCE49 BAE0CE4B00
mov edx, 004BCEE0
:004BCE4E E84D6FF4FF
call 00403DA0
:004BCE53 33D2
xor edx, edx
:004BCE55 8B83C0090000
mov eax, dword ptr [ebx+000009C0]
:004BCE5B
8B08 mov
ecx, dword ptr [eax]
:004BCE5D FF515C
call [ecx+5C]
:004BCE60 33D2
xor edx, edx
:004BCE62 8B8344070000
mov eax, dword ptr [ebx+00000744]
:004BCE68
E81348F7FF call 00431680
-------------------------------1 ----------------1---------------------------------------------
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004CF7EF(C)
|
:004CF801 33C0
xor eax, eax
:004CF803 8983240A0000
mov dword ptr [ebx+00000A24], eax
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:004CF7FF(U)
|
:004CF809 83BB240A000000 cmp dword ptr
[ebx+00000A24], 00000000
:004CF810 7E0D
jle 004CF81F ***
這裡可跳過004CF821處的呼叫,nop掉 ***
:004CF812 C683210A000001
mov byte ptr [ebx+00000A21], 01
:004CF819 C645DB01
mov [ebp-25], 01
:004CF81D EB07
jmp 004CF826
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004CF810(C)
|
:004CF81F 8BC3
mov eax, ebx
:004CF821 E81AD6FEFF
call 004BCE40
-------------------------------2
------------------ 2------------------------------------------
* Possible
StringData Ref from Code Obj ->"http://www.digitalcandle.com/php-bin/rc.php"
|
:004BE85B 8B1568CB4D00
mov edx, dword ptr [004DCB68]
:004BE861 8BC3
mov eax, ebx
:004BE863 E8C8FBFFFF call 004BE430
:004BE868 84C0
test al, al
:004BE86A 7540
jne 004BE8AC ***這裡可跳過004BE88D處的呼叫,讓它JMP***
:004BE86C C683280A000000 mov byte ptr [ebx+00000A28],
00
* Possible StringData Ref from Code Obj ->"UserName"
|
:004BE873 BAE4E84B00
mov edx, 004BE8E4
:004BE878 8BC6
mov eax, esi
:004BE87A E8154CF9FF
call 00453494
* Possible StringData
Ref from Code Obj ->"SerialNo"
|
:004BE87F BAF8E84B00 mov
edx, 004BE8F8
:004BE884 8BC6
mov eax, esi
:004BE886 E8094CF9FF
call 00453494
:004BE88B 8BC3
mov eax, ebx
:004BE88D E8AEE5FFFF
call 004BCE40
3、接下來查詢“expired.html”,發現有如下4處呼叫,向上看看如何跳過它。程式碼如下。
***************************************************************************************
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C6D40(C)
|
:004C6D68 8BC6
mov eax, esi
:004C6D6A E8957BFFFF
call 004BE904
:004C6D6F 84C0
test al, al
*****此處改為b001
:004C6D71 7438
je 004C6DAB
:004C6D73 33D2
xor edx, edx
:004C6D75 8BC6
mov eax, esi
:004C6D77 E8604AF8FF
call 0044B7DC
:004C6D7C 8B80D0020000
mov eax, dword ptr [eax+000002D0]
:004C6D82 50
push eax
:004C6D83
8B96640A0000 mov edx, dword ptr [esi+00000A64]
:004C6D89 8D45E4
lea eax, dword ptr [ebp-1C]
* Possible StringData Ref from Code Obj
->"/expired.html"
|
:004C6D8C
8B0D60CB4D00 mov ecx, dword ptr [004DCB60]
**************************************************************************************
:004BD259 80BB280A000000 cmp byte ptr [ebx+00000A28],
00
:004BD260 7407
je 004BD269
:004BD262 8BC3
mov eax, ebx
:004BD264 E857150000
call 004BE7C0
* Referenced by a (U)nconditional or (C)onditional
Jump at Address:
|:004BD282(C)
|
:004BD296 8BC3
mov eax, ebx
:004BD298 E8EF200000
call 004BF38C
:004BD29D 8BF0
mov esi, eax
:004BD29F 85F6
test esi, esi
:004BD2A1 7441
je 004BD2E4
:004BD2A3 8BC3
mov eax, ebx
:004BD2A5
E85A160000 call 004BE904
:004BD2AA 84C0
test al, al *****此處改為b001
:004BD2AC 742F
je 004BD2DD
:004BD2AE
8D45F8 lea eax,
dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"/expired.html"
*******************************************************************************
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BD06A(C)
|
:004BD0AD 8BC3
mov eax, ebx
:004BD0AF E850180000
call 004BE904
:004BD0B4
84C0 test
al, al *****此處改為b001
:004BD0B6 7445
je 004BD0FD
:004BD0B8
A104EA4D00 mov eax, dword ptr
[004DEA04]
:004BD0BD E89AE6F8FF
call 0044B75C
:004BD0C2 8B80D0020000
mov eax, dword ptr [eax+000002D0]
:004BD0C8 50
push eax
:004BD0C9
8D85E8FEFFFF lea eax, dword ptr [ebp+FFFFFEE8]
* Possible StringData Ref from Code Obj ->"/expired.html"
********************************************************************************
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BCDA5(C)
|
:004BCDBB 8BC3
mov eax, ebx
:004BCDBD E8421B0000
call 004BE904
:004BCDC2 84C0
test al, al
*****此處改為b001
:004BCDC4 744E
je 004BCE14
:004BCDC6 8BC3
mov eax, ebx
:004BCDC8 E88FE9F8FF call 0044B75C
:004BCDCD 8B80D0020000 mov eax,
dword ptr [eax+000002D0]
:004BCDD3 50
push eax
:004BCDD4 8D45F8
lea eax, dword ptr [ebp-08]
* Possible StringData Ref from Code Obj ->"/expired.html"
|
:004BCDD7 8B0D60CB4D00
mov ecx, dword ptr [004DCB60]
:004BCDDD 8B93640A0000
mov edx, dword ptr [ebx+00000A64]
:004BCDE3
E83072F4FF call 00404018
:004BCDE8 8B55F8
mov edx, dword ptr [ebp-08]
:004BCDEB 8D45FC
lea eax, dword ptr [ebp-04]
:004BCDEE E88577F4FF
call 00404578
:004BCDF3 8B55FC
mov edx, dword ptr [ebp-04]
:004BCDF6 58
pop eax
:004BCDF7 E85821FCFF
call 0047EF54
:004BCDFC EB16
jmp 004BCE14
相關文章
- 破解FAQGenie (4千字)2001-04-10
- Authorware 5.0破解 (4千字)2001-09-10
- 我的破解心得(9) (4千字)2001-03-13
- Fpc大哥crackme的破解。 (4千字)2001-09-22
- WinRAR 2.71的初級破解 (4千字)2001-02-16
- The JPEG Wizard 1.40破解 (4千字)2001-02-01
- CUTEVIDEO 1.0破解 (4千字)2002-02-28IDE
- CoolFocus Java Applet的破解 (4千字)2001-02-19JavaAPP
- 爆笑破解之-----ACDSEE 3.0 (4千字)2001-03-18
- Turbo Note+ 破解手記 (4千字)2001-05-13
- Gifline破解實錄 (4千字)2001-08-05
- 菜鳥破解錄之 The Cleaner (4千字)2000-08-12
- 菜鳥破解錄之 DlgXRSizer (4千字)2000-08-17
- H******** 4.01.11的不完全破解 (4千字)2001-04-14
- 控制元件破解指南(轉貼) (4千字)2002-06-27控制元件
- PUZZLER1.20破解過程 (4千字)2002-01-26
- 菜鳥破解錄之 Animated Screen (4千字)2000-08-13
- ReGet Junior 2.0破解手記(二) (4千字)2015-11-15
- 智慧五筆 v5.0版的破解文章, (4千字)2001-04-20
- 一個典型的時間限制軟體的破解 (4千字)2001-01-29
- 真相大白!我的真正的入門破解4 (7千字)2000-08-30
- 有聲有色3.33破解過程 (4千字)2001-02-09
- 專業掃雷 1.2破解過程 (4千字)2001-02-17
- Ip tools v1.10破解法 (4千字)2001-02-26
- 菜鳥破解錄(九)之 CDSpace 1.95 (4千字)2000-07-22
- Recover4All v1.03的破解探討 (7千字)2000-09-30
- 《登入奇兵》v3.01的破解---請指教 (4千字)2001-02-16
- 禁用登錄檔之暴力破解法。 (4千字)2001-10-14
- winrar2.71的破解和對暴破的一點想法 (4千字)2001-04-16
- 《大航海時代3:新世紀》的不完全破解 (4千字)2001-01-16
- Tmaster6.0 破解(我的第一篇灌水) (4千字)2001-10-04AST
- 某國產Office for Linux的破解(簡單,菜鳥水平) (4千字)2015-11-15Linux
- 如何破解lockdown2000 v7.0.0.6 (4千字)2000-12-28
- Window Commander極其好用,請參照破解 (4千字)2001-04-04
- UltraEdit-32 v8.10.a 暴力破解 (4千字)2001-05-11
- 靜動兩把刀,破解省時又省力 (4千字)2001-10-02
- 中華壓縮V7.0破解手記 (4千字)2001-11-20
- 破解 AltoMP3 Maker 3.02 漢化版 (4千字)2001-12-11