|
論壇說明 | 標記討論區已讀 |
歡迎您來到『史萊姆論壇』 ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 |
|
主題工具 | 顯示模式 |
2006-01-15, 01:37 PM | #1 |
榮譽會員
|
速達5000pro285工業(商業)網路版破解教學
【破解作者】 無影者
【作者郵信箱】 crack828@163.com 【作者主頁】 http://shop33234286.taobao.com/ 【使用工具】 PEiD.93/ODbyDYK v1.10 【破解平台】 Win2000 server 【軟體名稱】 速達5000pro285工業(商業)網路版 【下載位址】 http://www.superdata.com.cn/ 【軟體大小】 727,040 字元 【加殼方式】 無 【破解聲明】 我是一隻小菜鳥,偶得一點心得,願與大家分享:) -------------------------------------------------------------------------------- 【破解內容】 先用PEiD.93查殼,再用od,先隱藏,後偵錯 搜尋字元,發現 沒有檢測到 詳細: 0040A3E8 |> \E8 9B7CFFFF call SD5000Se.00402088 ; 讀狗的call,al=1 ----------------------------------------------------------------------- 00402088 /$ 55 push ebp 00402089 |. 8BEC mov ebp,esp 0040208B |. 83C4 D0 add esp,-30 0040208E |. B8 C8E24500 mov eax,SD5000Se.0045E2C8 00402093 |. E8 50540400 call SD5000Se.004474E8 00402098 |. 33D2 xor edx,edx 0040209A |. 8915 BC50470>mov dword ptr ds:[4750BC],edx 004020A0 |. 33C9 xor ecx,ecx 004020A2 |. 890D C450470>mov dword ptr ds:[4750C4],ecx 004020A8 |. 33C0 xor eax,eax 004020AA |. A3 C8504700 mov dword ptr ds:[4750C8],eax 004020AF |. 66:C745 E0 0>mov word ptr ss:[ebp-20],8 004020B5 |. BA 94E24500 mov edx,SD5000Se.0045E294 004020BA |. 8D45 FC lea eax,dword ptr ss:[ebp-4] 004020BD |. E8 8A550400 call SD5000Se.0044764C 004020C2 |. FF45 EC inc dword ptr ss:[ebp-14] 004020C5 |. 8D55 FC lea edx,dword ptr ss:[ebp-4] 004020C8 |. B8 DC504700 mov eax,SD5000Se.004750DC 004020CD |. E8 96570400 call SD5000Se.00447868 004020D2 |. FF4D EC dec dword ptr ss:[ebp-14] 004020D5 |. 8D45 FC lea eax,dword ptr ss:[ebp-4] 004020D8 |. BA 02000000 mov edx,2 004020DD |. E8 56570400 call SD5000Se.00447838 004020E2 |. 66:C745 E0 1>mov word ptr ss:[ebp-20],14 004020E8 |. BA 95E24500 mov edx,SD5000Se.0045E295 004020ED |. 8D45 F8 lea eax,dword ptr ss:[ebp-8] 004020F0 |. E8 57550400 call SD5000Se.0044764C 004020F5 |. FF45 EC inc dword ptr ss:[ebp-14] 004020F8 |. 8D55 F8 lea edx,dword ptr ss:[ebp-8] 004020FB |. B8 E0504700 mov eax,SD5000Se.004750E0 00402100 |. E8 63570400 call SD5000Se.00447868 00402105 |. FF4D EC dec dword ptr ss:[ebp-14] 00402108 |. 8D45 F8 lea eax,dword ptr ss:[ebp-8] 0040210B |. BA 02000000 mov edx,2 00402110 |. E8 23570400 call SD5000Se.00447838 00402115 |. 66:C745 E0 2>mov word ptr ss:[ebp-20],20 0040211B |. BA 96E24500 mov edx,SD5000Se.0045E296 00402120 |. 8D45 F4 lea eax,dword ptr ss:[ebp-C] 00402123 |. E8 24550400 call SD5000Se.0044764C 00402128 |. FF45 EC inc dword ptr ss:[ebp-14] 0040212B |. 8D55 F4 lea edx,dword ptr ss:[ebp-C] 0040212E |. B8 E4504700 mov eax,SD5000Se.004750E4 00402133 |. E8 30570400 call SD5000Se.00447868 00402138 |. FF4D EC dec dword ptr ss:[ebp-14] 0040213B |. 8D45 F4 lea eax,dword ptr ss:[ebp-C] 0040213E |. BA 02000000 mov edx,2 00402143 |. E8 F0560400 call SD5000Se.00447838 00402148 |. 6A 02 push 2 0040214A |. E8 C1AF0500 call <jmp.&PK_Public.GetCurrentP> 0040214F |. 50 push eax ; |Arg2 00402150 |. 68 BC504700 push SD5000Se.004750BC ; |Arg1 = 004750BC 00402155 |. E8 B63F0100 call SD5000Se.00416110 ; \SD5000Se.00416110 0040215A |. 83C4 0C add esp,0C 0040215D |. 85C0 test eax,eax 0040215F |. 74 19 je short SD5000Se.0040217A 00402161 |. 6A 02 push 2 00402163 |. E8 A8AF0500 call <jmp.&PK_Public.GetCurrentP> 00402168 |. 50 push eax ; |Arg2 00402169 |. 68 BC504700 push SD5000Se.004750BC ; |Arg1 = 004750BC 0040216E |. E8 7D2C0100 call SD5000Se.00414DF0 ; \SD5000Se.00414DF0 00402173 |. 83C4 0C add esp,0C 00402176 |. 85C0 test eax,eax 00402178 |. 75 3D jnz short SD5000Se.004021B7>>>>>>>>>>>>>jmp short SD5000Se.004021A6 0040217A |> E8 91AF0500 call <jmp.&PK_Public.GetCurrentP> 0040217F |. 3B05 BC50470>cmp eax,dword ptr ds:[4750BC] 00402185 |. 75 1B jnz short SD5000Se.004021A2 00402187 |. 833D C450470>cmp dword ptr ds:[4750C4],1 0040218E |. 7E 12 jle short SD5000Se.004021A2 00402190 |. 833D C850470>cmp dword ptr ds:[4750C8],3 00402197 |. 74 09 je short SD5000Se.004021A2 00402199 |. 833D C850470>cmp dword ptr ds:[4750C8],6 004021A0 |. 75 04 jnz short SD5000Se.004021A6 004021A2 |> 33C0 xor eax,eax 004021A4 |. EB 05 jmp short SD5000Se.004021AB 004021A6 |> B8 01000000 mov eax,1 004021AB |> 8B55 D0 mov edx,dword ptr ss:[ebp-30] 004021AE |. 64:8915 0000>mov dword ptr fs:[0],edx 004021B5 |. EB 0C jmp short SD5000Se.004021C3 004021B7 |> 33C0 xor eax,eax 004021B9 |. 8B55 D0 mov edx,dword ptr ss:[ebp-30] 004021BC |. 64:8915 0000>mov dword ptr fs:[0],edx 004021C3 |> 8BE5 mov esp,ebp 004021C5 |. 5D pop ebp 004021C6 \. C3 retn ---------------------------------------------------------------------- 0040A3ED |. 84C0 test al,al 0040A3EF |. /0F84 FB00000>je SD5000Se.0040A4F0 ; 有沒有軟體狗,跳就over 0040A3F5 |. |8B0D 08E4470>mov ecx,dword ptr ds:[<&PK_Publi>; PK_Publi._g_bIsTrialVersion 0040A3FB |. |C601 00 mov byte ptr ds:[ecx],0 0040A3FE |. |A1 C4504700 mov eax,dword ptr ds:[4750C4] ; 可以更改為需要的用戶數量 0040A403 |. |A3 10424600 mov dword ptr ds:[464210],eax ; 用戶數 0040A408 |. |833D C850470>cmp dword ptr ds:[4750C8],2 0040A40F |. |0F85 CE00000>jnz SD5000Se.0040A4E3 0040A415 |. |833D 1042460>cmp dword ptr ds:[464210],5 ; 是否為5用戶數 0040A41C |. |74 1C je short SD5000Se.0040A43A 0040A41E |. |8B15 3CCE470>mov edx,dword ptr ds:[<&vcl60.Fo>; vcl60.Forms::Application 0040A424 |. |8B02 mov eax,dword ptr ds:[edx] 0040A426 |. |E8 B71D0500 call <jmp.&vcl60.Forms::TApplica> 0040A42B |. |8B55 B0 mov edx,dword ptr ss:[ebp-50] 0040A42E |. |64:8915 0000>mov dword ptr fs:[0],edx 0040A435 |. |E9 37020000 jmp SD5000Se.0040A671 0040A43A |> |8B4D AC mov ecx,dword ptr ss:[ebp-54] 0040A43D |. |C681 8C04000>mov byte ptr ds:[ecx+48C],1 0040A444 |. |8B45 AC mov eax,dword ptr ss:[ebp-54] 0040A447 |. |80B8 8C04000>cmp byte ptr ds:[eax+48C],0 0040A44E |. |0F84 8200000>je SD5000Se.0040A4D6 0040A454 |. |66:C745 C0 1>mov word ptr ss:[ebp-40],14 0040A45A |. |8D45 F4 lea eax,dword ptr ss:[ebp-C] 0040A45D |. |E8 5A79FFFF call SD5000Se.00401DBC 0040A462 |. |8BD0 mov edx,eax 0040A464 |. |FF45 CC inc dword ptr ss:[ebp-34] 0040A467 |. |8B45 AC mov eax,dword ptr ss:[ebp-54] 0040A46A |. |E8 1B210500 call <jmp.&vcl60.Controls::TCont> 0040A46F |. |8D55 F4 lea edx,dword ptr ss:[ebp-C] 0040A472 |. |52 push edx 0040A473 |. |8D45 EC lea eax,dword ptr ss:[ebp-14] 0040A476 |. |E8 4179FFFF call SD5000Se.00401DBC 0040A47B |. |50 push eax 0040A47C |. |FF45 CC inc dword ptr ss:[ebp-34] 0040A47F |. |BA 42F04500 mov edx,SD5000Se.0045F042 0040A484 |. |8D45 F0 lea eax,dword ptr ss:[ebp-10] 0040A487 |. |E8 C0D10300 call SD5000Se.0044764C 0040A48C |. |FF45 CC inc dword ptr ss:[ebp-34] 0040A48F |. |8D55 F0 lea edx,dword ptr ss:[ebp-10] 0040A492 |. |59 pop ecx 0040A493 |. |58 pop eax 0040A494 |. |E8 F7D30300 call SD5000Se.00447890 0040A499 |. |8D55 EC lea edx,dword ptr ss:[ebp-14] 0040A49C |. |8B12 mov edx,dword ptr ds:[edx] 0040A49E |. |8B45 AC mov eax,dword ptr ss:[ebp-54] 0040A4A1 |. |E8 DE200500 call <jmp.&vcl60.Controls::TCont> 0040A4A6 |. |FF4D CC dec dword ptr ss:[ebp-34] 0040A4A9 |. |8D45 EC lea eax,dword ptr ss:[ebp-14] 0040A4AC |. |BA 02000000 mov edx,2 0040A4B1 |. |E8 82D30300 call SD5000Se.00447838 0040A4B6 |. |FF4D CC dec dword ptr ss:[ebp-34] 0040A4B9 |. |8D45 F0 lea eax,dword ptr ss:[ebp-10] 0040A4BC |. |BA 02000000 mov edx,2 0040A4C1 |. |E8 72D30300 call SD5000Se.00447838 0040A4C6 |. |FF4D CC dec dword ptr ss:[ebp-34] 0040A4C9 |. |8D45 F4 lea eax,dword ptr ss:[ebp-C] 0040A4CC |. |BA 02000000 mov edx,2 0040A4D1 |. |E8 62D30300 call SD5000Se.00447838 0040A4D6 |> |8B45 AC mov eax,dword ptr ss:[ebp-54] 0040A4D9 |. |E8 22060000 call SD5000Se.0040AB00 0040A4DE |. |E9 2A010000 jmp SD5000Se.0040A60D 0040A4E3 |> |8B45 AC mov eax,dword ptr ss:[ebp-54] 0040A4E6 |. |E8 15060000 call SD5000Se.0040AB00 0040A4EB |. |E9 1D010000 jmp SD5000Se.0040A60D 0040A4F0 |> \6A 00 push 0 0040A4F2 |. 66:C745 C0 2>mov word ptr ss:[ebp-40],20 0040A4F8 |. 8D45 E4 lea eax,dword ptr ss:[ebp-1C] 0040A4FB |. E8 BC78FFFF call SD5000Se.00401DBC 0040A500 |. 50 push eax 0040A501 |. FF45 CC inc dword ptr ss:[ebp-34] 0040A504 |. BA 7DF04500 mov edx,SD5000Se.0045F07D 0040A509 |. 8D45 E8 lea eax,dword ptr ss:[ebp-18] 0040A50C |. E8 3BD10300 call SD5000Se.0044764C 0040A511 |. FF45 CC inc dword ptr ss:[ebp-34] 0040A514 |. 8D55 E8 lea edx,dword ptr ss:[ebp-18] 0040A517 |. A1 E8E34700 mov eax,dword ptr ds:[<&PK_Publi> 0040A51C |. 59 pop ecx 0040A51D |. E8 6ED30300 call SD5000Se.00447890 0040A522 |. 8D55 E4 lea edx,dword ptr ss:[ebp-1C] 0040A525 |. 8D45 E0 lea eax,dword ptr ss:[ebp-20] 0040A528 |. E8 57D10300 call SD5000Se.00447684 0040A52D |. FF45 CC inc dword ptr ss:[ebp-34] 0040A530 |. E8 538FFFFF call SD5000Se.00403488 0040A535 |. 50 push eax 0040A536 |. 8D45 DC lea eax,dword ptr ss:[ebp-24] 0040A539 |. E8 7E78FFFF call SD5000Se.00401DBC 0040A53E |. 8BC8 mov ecx,eax 0040A540 |. FF45 CC inc dword ptr ss:[ebp-34] 0040A543 |. B8 5DF04500 mov eax,SD5000Se.0045F05D ; 沒有檢測到 0040A548 |. 8B15 E8E3470>mov edx,dword ptr ds:[<&PK_Publi>; PK_Publi._g_asProductionName 客戶端連接時: 00402CE8 |. E8 4B4B0400 call SD5000Se.00447838 00402CED |> 8B0D 0C424600 mov ecx,dword ptr ds:[46420C]>>>>>dword ptr ds:[46420C]已使用客戶端數量 00402CF3 |. 3B0D 10424600 cmp ecx,dword ptr ds:[464210]>>>>>dword ptr ds:[464210]總站點數 00402CF9 |. 7C 53 jl short SD5000Se.00402D4E 00402CFB |. FFB5 18FFFFFF push dword ptr ss:[ebp-E8] ; /Arg1 00402D01 |. E8 3EAF0000 call SD5000Se.0040DC44 ; \SD5000Se.0040DC44 00402D06 |. 59 pop ecx 00402D07 |. A1 0C424600 mov eax,dword ptr ds:[46420C] 00402D0C |. 3B05 10424600 cmp eax,dword ptr ds:[464210] 00402D12 |. 7C 3A jl short SD5000Se.00402D4E 00402D14 |. 66:C785 2CFFFFFF 6800 mov word ptr ss:[ebp-D4],68 -------------------------------------------------------------------------------- 【破解總結】 速達的工業版與商業版在主程序上沒有差別,是一樣的貨 只要伺服器改兩處: 00402178 |. 75 3D jnz short SD5000Se.004021B7>>>>>>>>>>>>>jmp 004021A6 0040A3FB |. |C601 00 mov byte ptr ds:[ecx],0 0040A3FE |. |A1 C4504700 mov eax,dword ptr ds:[4750C4] ; 可以更 改為需要的用戶數量 0040A403 |. |A3 10424600 mov dword ptr ds:[464210],eax ; 用戶數 |
__________________ |
|
送花文章: 3,
|