|
論壇說明 |
歡迎您來到『史萊姆論壇』 ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 |
|
主題工具 | 顯示模式 |
2003-12-26, 10:29 AM | #1 |
榮譽會員
|
GETVBRES的註冊破解
本不想寫這個文章,一來因為現在好像好多前輩越來越保守,不願意再多講什麼,我也不願意在這種環境裡
多講話,二來,RESTOOLS系列的工具編的實在不錯,作者肯定花了不少心血,而且註冊費也不是很貴,所以 發表破解有點不好意思。但我的關於破解方面的一點淺薄的知識大部分來源於看學論壇的各位前輩的無私奉 獻,所以既然有人問起,就只好寫上一寫,為看學論壇出點小力,還請前輩高手指教 使用工具:trw2000(娃娃版,致謝),DEDE3.0,HIEW676 以下是dede反譯出getvbres的部分程式碼: 0049AE05 64FF30 push dword ptr fs:[eax] 0049AE08 648920 mov fs:[eax], esp 0049AE0B BA02000080 mov edx, $80000002 0049AE10 8B45F8 mov eax, [ebp-$08] * Reference to: registry.TRegistry.SetRootKey(TRegistry;Windows.HKEY); | 0049AE13 E8749EFCFF call 00464C8C 0049AE18 B101 mov cl, $01 * Possible String Reference to: 'SOFTWARE\RESTOOLS\GetVBRes' | 0049AE1A BA74AF4900 mov edx, $0049AF74 0049AE1F 8B45F8 mov eax, [ebp-$08] * Reference to: registry.TRegistry.OpenKey(TRegistry;System.AnsiString;System.Boolean):System.Boolean; | 0049AE22 E8A99FFCFF call 00464DD0 0049AE27 84C0 test al, al 0049AE29 0F84F4000000 jz 0049AF23 0049AE2F 8D45F4 lea eax, [ebp-$0C] * Reference to: system.@LStrClr(String); | 0049AE32 E80D8DF6FF call 00403B44 0049AE37 8D45F0 lea eax, [ebp-$10] * Reference to: system.@LStrClr(String); | 0049AE3A E8058DF6FF call 00403B44 * Possible String Reference to: 'reguser' | 0049AE3F BA98AF4900 mov edx, $0049AF98 0049AE44 8B45F8 mov eax, [ebp-$08] * Reference to: registry.TRegistry.類型Exists(TRegistry;System.AnsiString):System.Boolean; | 0049AE47 E8B0A5FCFF call 004653FC 0049AE4C 84C0 test al, al 0049AE4E 7410 jz 0049AE60 0049AE50 8D4DF4 lea ecx, [ebp-$0C] * Possible String Reference to: 'reguser' | 0049AE53 BA98AF4900 mov edx, $0049AF98 0049AE58 8B45F8 mov eax, [ebp-$08] * Reference to: registry.TRegistry.ReadString(TRegistry;System.AnsiString):System.AnsiString; | 0049AE5B E8E0A3FCFF call 00465240 * Possible String Reference to: 'regcode' | 0049AE60 BAA8AF4900 mov edx, $0049AFA8 0049AE65 8B45F8 mov eax, [ebp-$08] * Reference to: registry.TRegistry.類型Exists(TRegistry;System.AnsiString):System.Boolean; | 0049AE68 E88FA5FCFF call 004653FC 0049AE6D 84C0 test al, al 0049AE6F 7410 jz 0049AE81 0049AE71 8D4DF0 lea ecx, [ebp-$10] * Possible String Reference to: 'regcode' | 0049AE74 BAA8AF4900 mov edx, $0049AFA8 0049AE79 8B45F8 mov eax, [ebp-$08] * Reference to: registry.TRegistry.ReadString(TRegistry;System.AnsiString):System.AnsiString; | 0049AE7C E8BFA3FCFF call 00465240 0049AE81 8B45F0 mov eax, [ebp-$10] * Reference to: system.@LStrLen:Integer; | or: system.@DynArrayLength; | or: system.DynArraySize(Pointer):Integer; | 0049AE84 E83B8FF6FF call 00403DC4 0049AE89 83F828 cmp eax, +$28 判斷長度 0049AE8C 0F8591000000 jnz 0049AF23 0049AE92 8B45F4 mov eax, [ebp-$0C] * Reference to: system.@LStrLen:Integer; | or: system.@DynArrayLength; | or: system.DynArraySize(Pointer):Integer; | 0049AE95 E82A8FF6FF call 00403DC4 0049AE9A 85C0 test eax, eax 0049AE9C 0F8E81000000 jle 0049AF23 0049AEA2 68368C0000 push $00008C36 0049AEA7 8D45EC lea eax, [ebp-$14] 0049AEAA 50 push eax 0049AEAB B985310000 mov ecx, $00003185 0049AEB0 BAD8030000 mov edx, $000003D8 0049AEB5 8B45F4 mov eax, [ebp-$0C] | 0049AEB8 E847FBFFFF call 0049AA04 0049AEBD 8B55EC mov edx, [ebp-$14] 0049AEC0 8D45F4 lea eax, [ebp-$0C] * Reference to: system.@LStrLAsg; | 0049AEC3 E8148DF6FF call 00403BDC 0049AEC8 8D55E8 lea edx, [ebp-$18] 0049AECB 8B45F4 mov eax, [ebp-$0C] | 0049AECE E8C1F9FFFF call 0049A894 0049AED3 8B45E8 mov eax, [ebp-$18] 0049AED6 8B55F0 mov edx, [ebp-$10] * Reference to: system.@LStrCmp;------》這個函數是不是很好猜? | 0049AED9 E8F68FF6FF call 00403ED4 0049AEDE 750C jnz 0049AEEC 判斷是不是假碼,不等就對了 0049AEE0 A1F0CA4A00 mov eax, dword ptr [$4ACAF0] 0049AEE5 8B00 mov eax, [eax] * Reference to: forms.TApplication.Terminate(TApplication);相等就完蛋 | 0049AEE7 E85CFEFAFF call 0044AD48 0049AEEC 68368C0000 push $00008C36 從這裡開始 0049AEF1 8D45E4 lea eax, [ebp-$1C] 0049AEF4 50 push eax 0049AEF5 B985310000 mov ecx, $00003185 0049AEFA BAD8030000 mov edx, $000003D8 0049AEFF 8B45F0 mov eax, [ebp-$10] | 0049AF02 E8EDF8FFFF call 0049A7F4 0049AF07 8B55E4 mov edx, [ebp-$1C] 0049AF0A 8D45F0 lea eax, [ebp-$10] * Reference to: system.@LStrLAsg; | 0049AF0D E8CA8CF6FF call 00403BDC 到這裡結束,算出真正的註冊碼(我很懶, 怕煩,只大概看了一下,好像和前面那個 假碼有點關係,另算的20位碼子) 0049AF12 8B45F0 mov eax, [ebp-$10]這裡 0049AF15 8B55F0 mov edx, [ebp-$10]和這裡就是真正要比較的東西 * Reference to: system.@LStrCmp;又看到熟面孔了 | 0049AF18 E8B78FF6FF call 00403ED4 0049AF1D 7504 jnz 0049AF23 不同就表示未註冊 0049AF1F C645FF01 mov byte ptr [ebp-$01], $01相同就寫上已註冊標記 0049AF23 33C0 xor eax, eax 0049AF25 5A pop edx 0049AF26 59 pop ecx 0049AF27 59 pop ecx 0049AF28 648910 mov fs:[eax], edx 程序就是如此,很簡單,我是用SMC解決這個問題的,直接怎麼做,請參考精華III中mercury寫的 大作,《SMC體會》一文,相信勞動得來的果實最香甜。謝謝看完。 hello! |
送花文章: 3,
|