扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
在本页阅读全文(共2页)
函数 图像大师IV正式中文版》是一款基于函数、方程和不等式(组)的开放式数学研究平台。它能画出任意函数、方程和不等式的图像,支持辅助工具、程序插件和软件换肤。试用期为30天...........
破解目的:获得注册码
破解工具:trw2000 W32ASM
破解过程:
1、先用fi查无壳,VC++编程,用W32ASM反编译,查找串式参考--->"非法注册码!",往上找到关键处
2、运行TRW2000后最小化
3、运行程序,弹出注册对话框,输入用户名和任意假注册码,注册码样式:11111-22222-33333-44444-55555
(分析在代码里),先不要点“"确定操作"”按钮
4、Ctrl+N激活TRW2000
5、bpx 40A607
6、按F5返回,点击"确定操作"按钮,程序被拦截,到如下位置:
:0040A607 8D7C242C lea edi, dword ptr [esp+2C] 取用户名
:0040A60B 83C9FF or ecx, FFFFFFFF
:0040A60E 33C0 xor eax, eax
:0040A610 F2 repnz
:0040A611 AE scasb
:0040A612 F7D1 not ecx
:0040A614 49 dec ecx
:0040A615 7511 jne 0040A628 不跳就完蛋了!
:0040A617 6A10 push 00000010
* Possible StringData Ref from Data Obj ->"错误"
:0040A619 6854C34100 push 0041C354
* Possible StringData Ref from Data Obj ->"没有用户名!"
:0040A61E 68B0C54100 push 0041C5B0
:0040A623 E983000000 jmp 0040A6AB
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A615(C)
|
:0040A628 8D7C240C lea edi, dword ptr [esp+0C] 取假注册码
:0040A62C 83C9FF or ecx, FFFFFFFF
:0040A62F 33C0 xor eax, eax
:0040A631 F2 repnz
:0040A632 AE scasb
:0040A633 F7D1 not ecx
:0040A635 49 dec ecx
:0040A636 7512 jne 0040A64A 不跳就完蛋了!
:0040A638 8B460C mov eax, dword ptr [esi+0C]
:0040A63B 6A10 push 00000010
* Possible StringData Ref from Data Obj ->"错误"
:0040A63D 6854C34100 push 0041C354
* Possible StringData Ref from Data Obj ->"没有注册码!"
:0040A642 68A0C54100 push 0041C5A0
:0040A647 50 push eax
:0040A648 EB65 jmp 0040A6AF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A636(C)
|
:0040A64A 8B8E08010000 mov ecx, dword ptr [esi+00000108]
:0040A650 E87B6EFFFF call 004014D0 关键call,F8跟入
:0040A655 84C0 test al, al
:0040A657 7412 je 0040A66B
:0040A659 8B4E0C mov ecx, dword ptr [esi+0C]
:0040A65C 6A40 push 00000040
* Possible StringData Ref from Data Obj ->"注册"
:0040A65E 6898C54100 push 0041C598
* Possible StringData Ref from Data Obj ->"你已经注册过了。"
:0040A663 6884C54100 push 0041C584
:0040A668 51 push ecx
:0040A669 EB44 jmp 0040A6AF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A657(C)
|
:0040A66B 8B8E08010000 mov ecx, dword ptr [esi+00000108]
:0040A671 8D54240C lea edx, dword ptr [esp+0C]
:0040A675 8D44242C lea eax, dword ptr [esp+2C] 取用户名
:0040A679 52 push edx
:0040A67A 50 push eax
:0040A67B E81070FFFF call 00401690
:0040A680 8B8E08010000 mov ecx, dword ptr [esi+00000108]
:0040A686 E8456EFFFF call 004014D0
:0040A68B 84C0 test al, al
:0040A68D 6A40 push 00000040
:0040A68F 7410 je 0040A6A1 不能跳
:0040A691 8B4E0C mov ecx, dword ptr [esi+0C]
* Possible StringData Ref from Data Obj ->"成功"
:0040A694 687CC54100 push 0041C57C
* Possible StringData Ref from Data Obj ->"注册将在程序重启后生效。"
:0040A699 6860C54100 push 0041C560
:0040A69E 51 push ecx
:0040A69F EB0E jmp 0040A6AF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A68F(C)
|
* Possible StringData Ref from Data Obj ->"失败"
:0040A6A1 6858C54100 push 0041C558
* Possible StringData Ref from Data Obj ->"非法注册码!"
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。