163包月卡脱离专用拨号器的破解 -pc6资讯

您的位置：首页 → 精文荟萃 → 破解文章 → 163包月卡脱离专用拨号器的破解

163包月卡脱离专用拨号器的破解 时间：2004/10/15 0:57:00来源：本站整理作者：蓝点我要评论(0)

　163包月卡脱离专用拨号器的破解
用NETXAY拦截破解联想免费上网账号可能大家都看多了，现在我们要破的不是联想帐号，而是一种包月卡，也要用专门的拨号器，烦！用pw32dasmgold和

ollydbg1.07 干掉它！

1、用W32DASM反汇编Dialup.exe
参考->串式参考->
"UserName"
"拨号失败"
"不能接通, 已经断开."
"创建拨号网络新连接失败!"
"错误"
"错误代码为：%ld."
"断开，已空闲"
"对不起，您的帐号已到期!"
"连接到 "
"请输入正确的帐号!" 　(从这时下手！双击!)
"设置拨号网络新连接的入口名称失败!"
"未连接，空闲"
"未知的远程访问错误,错误代码为：%ld."
"已连接上网"
"应用程序已经运行!"
"用户登录"
"注意"

来到这里。
* Reference To: USER32.SetTimer, Ord:0252h
:00401D7B FF15A8634000           Call dword ptr [004063A8]
:00401D81 8B542410               mov edx, dword ptr [esp+10]
:00401D85 8B86D8000000           mov eax, dword ptr [esi+000000D8]
:00401D8B 8B8E88000000           mov ecx, dword ptr [esi+00000088]
:00401D91 52                     push edx
:00401D92 8B542418               mov edx, dword ptr [esp+18]
:00401D96 52                     push edx
:00401D97 50                     push eax
:00401D98 51                     push ecx
:00401D99 8BCE                   mov ecx, esi
:00401D9B E8E0010000             call 00401F80
:00401DA0 3BC3                   cmp eax, ebx (这里有点可疑，在这里下

段点(我也不知是什么和什么比较:P))
:00401DA2 7408                   je 00401DAC
:00401DA4 50                     push eax
:00401DA5 8BCE                   mov ecx, esi
:00401DA7 E8D4080000             call 00402680
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401DA2(C)
:00401DAC 8B8688000000           mov eax, dword ptr [esi+00000088]
:00401DB2 8B8EDC000000           mov ecx, dword ptr [esi+000000DC]
:00401DB8 8B3F                   mov edi, dword ptr [edi]
:00401DBA 8B6D00                 mov ebp, dword ptr [ebp+00]
:00401DBD 89442424               mov dword ptr [esp+24], eax
:00401DC1 8B86D8000000           mov eax, dword ptr [esi+000000D8]
:00401DC7 89442420               mov dword ptr [esp+20], eax
:00401DCB 8B86CC000000           mov eax, dword ptr [esi+000000CC]
:00401DD1 8D542418               lea edx, dword ptr [esp+18]
:00401DD5 894C242C               mov dword ptr [esp+2C], ecx
:00401DD9 52                     push edx
:00401DDA 8BCE                   mov ecx, esi
:00401DDC 897C241C               mov dword ptr [esp+1C], edi
:00401DE0 896C2420               mov dword ptr [esp+20], ebp
:00401DE4 8944242C               mov dword ptr [esp+2C], eax
:00401DE8 E8230C0000             call 00402A10
:00401DED 8D4C2410               lea ecx, dword ptr [esp+10]
:00401DF1 885C2438               mov byte ptr [esp+38], bl
* Reference To: MFC42.Ordinal:0320, Ord:0320h
:00401DF5 E8E62F0000             Call 00404DE0
:00401DFA 8D4C2414               lea ecx, dword ptr [esp+14]
:00401DFE C7442438FFFFFFFF       mov [esp+38], FFFFFFFF
* Reference To: MFC42.Ordinal:0320, Ord:0320h
:00401E06 E8D52F0000             Call 00404DE0
:00401E0B 5D                     pop ebp
:00401E0C 5F                     pop edi
:00401E0D 5E                     pop esi
:00401E0E 5B                     pop ebx
:00401E0F 8B4C2420               mov ecx, dword ptr [esp+20]
:00401E13 64890D00000000         mov dword ptr fs:[00000000], ecx
:00401E1A 83C42C                 add esp, 0000002C
:00401E1D C3                     ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401CC4(C)
:00401E1E 53                     push ebx
:00401E1F 53                     push ebx
* Possible StringData Ref from Data Obj ->"请输入正确的帐号!" (在这向