為了我們的下一代,用W32DASM破解看圖工具Cpix.exe (轉載希望保持完整)
作者:丁丁蝦 又名:DDXia
一個小時前剛用W32DASM破解《虛幻立體制作》共享版 v1.0
手有些癢,按奈不住熱情!花了20分鐘破了一個時間限制的軟體的
http://www.newhua.com.cn/down/cpx32.exe
軟體簡介:
一個不錯的看圖工具,還提供多種對圖片加密的方式,避免你個人收集的圖片被人偷看!
首先用破解極品W32DASM開啟Cpix.exe,然後用StrnREF功能,可以看到
"past the 30-day evaluation period." 趕緊就追了過去!再往上走走看會有收穫的。:) 這次可要好好分析一下了看如下分析:
* Possible StringData Ref from Code Obj ->"You have "
|
:0047E8C3 68C0EB4700 push 0047EBC0
:0047E8C8 8BC6
mov eax, esi
:0047E8CA 99
cdq
:0047E8CB 33C2
xor eax, edx
:0047E8CD 2BC2
sub eax, edx
:0047E8CF 8BC3
mov eax, ebx
:0047E8D1 8D9598FEFFFF lea edx, dword
ptr [ebp+FFFFFE98]
:0047E8D7 E82C8FF8FF call 00407808
:0047E8DC FFB598FEFFFF push dword ptr
[ebp+FFFFFE98]
* Possible StringData Ref from Code Obj ->" day"
|
:0047E8E2 68D4EB4700 push 0047EBD4
:0047E8E7 8D8594FDFFFF lea eax, dword
ptr [ebp+FFFFFD94]
:0047E8ED 8D55EF
lea edx, dword ptr [ebp-11]
:0047E8F0 E8AF53F8FF call 00403CA4
:0047E8F5 FFB594FDFFFF push dword ptr
[ebp+FFFFFD94]
* Possible StringData Ref from Code Obj ->" left in your 30-day evaluation "
->"period."
|
:0047E8FB 68E4EB4700 push 0047EBE4
:0047E900 8D859CFEFFFF lea eax, dword
ptr [ebp+FFFFFE9C]
:0047E906 BA05000000 mov edx,
00000005
:0047E90B E8B054F8FF call 00403DC0
:0047E910 8B859CFEFFFF mov eax, dword
ptr [ebp+FFFFFE9C]
:0047E916 668B0D00EA4700 mov cx, word ptr
[0047EA00]
:0047E91D 33D2
xor edx, edx
:0047E91F E8BC1EFCFF call 004407E0
:0047E924 E988000000 jmp 0047E9B1
^^^^^^^^^^^^----->如果還沒有過期的話,
就繼續執行它
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0047E898(C), :0047E8A0(C)
|
:0047E929 85F6
test esi, esi
:0047E92B 0F8E80000000 jle 0047E9B1
^^^^^^^^^^^^-----> 這是小於等於30天也繼
續執行它
:0047E931 C605FC94480001 mov byte ptr [004894FC],
01
:0047E938 83FE01
cmp esi, 00000001
:0047E93B 7506
jne 0047E943
^^^^^^^^^^^^----->這個就不用說了。自己去
折磨吧!^_^
:0047E93D C645EF00 mov
[ebp-11], 00
:0047E941 EB06
jmp 0047E949
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047E93B(C)
|
:0047E943 66C745EF0173 mov [ebp-11],
7301
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047E941(U)
|
:0047E949 6A00
push 00000000
* Possible StringData Ref from Code Obj ->"You have used CryptaPix "
|
:0047E94B 6814EC4700 push 0047EC14
:0047E950 8D9598FEFFFF lea edx, dword
ptr [ebp+FFFFFE98]
:0047E956 8BC6
mov eax, esi
:0047E958 E8AB8EF8FF call 00407808
:0047E95D FFB598FEFFFF push dword ptr
[ebp+FFFFFE98]
* Possible StringData Ref from Code Obj ->" day"
|
:0047E963 68D4EB4700 push 0047EBD4
:0047E968 8D8594FDFFFF lea eax, dword
ptr [ebp+FFFFFD94]
:0047E96E 8D55EF
lea edx, dword ptr [ebp-11]
:0047E971 E82E53F8FF call 00403CA4
:0047E976 FFB594FDFFFF push dword ptr
[ebp+FFFFFD94]
* Possible StringData Ref from Code Obj ->" past the 30-day evaluation period."
|
:0047E97C 6838EC4700 push 0047EC38
:0047E981 8D859CFEFFFF lea eax, dword
ptr [ebp+FFFFFE9C]
:0047E987 BA05000000 mov edx,
00000005
:0047E98C E82F54F8FF call 00403DC0
:0047E991 8B859CFEFFFF mov eax, dword
ptr [ebp+FFFFFE9C]
:0047E997 668B0D00EA4700 mov cx, word ptr
[0047EA00]
:0047E99E 33D2
xor edx, edx
:0047E9A0 E83B1EFCFF call 004407E0
:0047E9A5 33D2
xor edx, edx
:0047E9A7 A1E4744800 mov eax,
dword ptr [004874E4]
:0047E9AC E89B050000 call 0047EF4C
最後是破解它了
:0047E92B 0F8E80000000 jle 0047E9B1
^^^^^^^^^^^^----->改為jmp 0047E9B1
注意它的二進位制碼為EB81000000比原來還少兩個位元組為了程式碼保持完整加一個90 nop 就OK了-------》可要記住了NEWBABIES :)))
OK!大功告成!好累今天晚啊!!都23:26了!
又破又"瀉"真累,今天就到這吧!嘿嘿 一修哥!!!!啊!!!
完成時間
2000.2.17 23:43:51