badcopy99 v2.00暴力注册版
-
闲暇来看了一下badcopy99 v2.00,竟需要注册,呵呵,我记得以前可都是免费的呀。
我用的是迟彭的汉化版。里面虽有注册码,毕竟不如自己的来的爽。遂用wdasm反汇编
发现如下代码:
:004744E2 E895F7F8FF call 00403C7C
:004744E7 8BC3 mov eax, ebx
:004744E9 E83AFEFFFF call 00474328
:004744EE 80BB2404000000 cmp byte ptr [ebx+00000424], 00
:004744F5 7430 je 00474527 **若未注册则跳**
:004744F7 8D45EC lea eax, dword ptr [ebp-14]
:004744FA 8B8B28040000 mov ecx, dword ptr [ebx+00000428]
* Possible StringData Ref from Code Obj ->"这个软件注册给"
|
:00474500 BAB4454700 mov edx, 004745B4
:00474505 E8EAF9F8FF call 00403EF4
:0047450A 8B55EC mov edx, dword ptr [ebp-14]
:0047450D 8B83C8030000 mov eax, dword ptr [ebx+000003C8]
:00474513 E830ADFBFF call 0042F248
:00474518 33D2 xor edx, edx
:0047451A 8B83C4030000 mov eax, dword ptr [ebx+000003C4]
:00474520 8B08 mov ecx, dword ptr [eax]
:00474522 FF515C call [ecx+5C]
:00474525 EB44 jmp 0047456B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004744F5(C)
|
* Possible StringData Ref from Code Obj ->" 未注册版本 "
|
:00474527 BACC454700 mov edx, 004745CC
:0047452C 8B83C8030000 mov eax, dword ptr [ebx+000003C8]
:00474532 E811ADFBFF call 0042F248
:00474537 B201 mov dl, 01
:00474539 8B83C4030000 mov eax, dword ptr [ebx+000003C4]
:0047453F 8B08 mov ecx, dword ptr [eax]
:00474541 FF515C call [ecx+5C]
:00474544 8D55E8 lea edx, dword ptr [ebp-18]
:00474547 A148794700 mov eax, dword ptr [00477948]
:0047454C E8C7ACFBFF call 0042F218
:00474551 8D45E8 lea eax, dword ptr [ebp-18]
* Possible StringData Ref from Code Obj ->" 未注册版本 "
|
:00474554 BAEC454700 mov edx, 004745EC
:00474559 E852F9F8FF call 00403EB0
:0047455E 8B55E8 mov edx, dword ptr [ebp-18]
:00474561 A148794700 mov eax, dword ptr [00477948]
:00474566 E8DDACFBFF call 0042F248
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00474525(U)
|
:0047456B 33C0 xor eax, eax
:0047456D 5A pop edx
:0047456E 59 pop ecx
:0047456F 59 pop ecx
:00474570 648910 mov dword ptr fs:[eax], edx
:00474573 6895454700 push 00474595
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00474593(U)
|
:00474578 8D45E8 lea eax, dword ptr [ebp-18]
:0047457B E8A8F6F8FF call 00403C28
:00474580 8D45EC lea eax, dword ptr [ebp-14]
:00474583 BA05000000 mov edx, 00000005
:00474588 E8BFF6F8FF call 00403C4C
:0047458D C3 ret
可以发现4744ee处是个关键,若地址[ebx+424]的值为0则未注册。再看功能限制处,
亦是比较[ebx+424]的值,遂知该处为一标志点。
004744EE 80BB2404000000 cmp byte ptr [ebx+00000424], 00
在动态调试环境中于此处设断,运行,拦住后将[ebx+424]值改为1,则程序正确无
误运行。各功能皆可用,可知任良好人也。
改法:在hiew640中打开,将
:004744EE 80BB2404000000 cmp byte ptr [ebx+00000424], 00
:004744F5 7430 je 00474527
改为:
:004744EE c6832404000001 mov byte ptr [ebx+00000424], 01
:004744F5 90 nop
:004744F6 90 nop
即可。
相关视频
相关阅读 Mac访问Windows共享文件夹Windows 7正版系统验证方法windows 8.1系统版本号查看方法Windows 8.1系统电话激活时无法输入微软返回代码解决方法Windows 8如何调整屏幕分辨率windows8.1磁盘占用100%解决方法Mac双系统如何删除Boot Camp安装的Windows分区Apple教你如何在Mac 上运行 Windows
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>