您的位置:首页精文荟萃破解文章 → 亿唯e书 Ver 0.9

亿唯e书 Ver 0.9

时间:2004/10/15 0:58:00来源:本站整理作者:蓝点我要评论(0)

 亿唯e书 Ver 0.9
是将HTML页面文件(包括媒体文件)捆绑成 EXE电子文档的制作软件,是制作EXE电子图书不错的选择。
Author:亿唯工作室
Email:whren@163.com
http://ewaysoft.myrice.com/
Tools:PEiD,UnAspack & DeDe V1.06 & W32Dasm V10;
finally, inspiration & luck & patient,etc
Cracker:lq7972
Date:2003-3-1,星期五

1、用PEiD查壳,是ASPack 2.1 -> Alexey Solodovnikov
2、自然用UnAspack脱
3、用PEiD查脱壳后的CrackMe.exe,是Delphi做的
4、用DeDe反编译CrackMe.exe
在界面格式文件DFM选项From Class的TFrmReg中
object SpeedButton1: TSpeedButton
Left = 10
Top = 136
Width = 60
Height = 25
Caption = '注册'
Flat = True
OnClick = SpeedButton1Click
end
知道了SpeedButton1Click就是软件启动时"注册"窗体上的"注册"按钮
在DCU有Class Name=TFrmReg,Events有SpeedButton1Click事件:
00489E08 A16C724900 mov eax, dword ptr [$49726C]
00489E0D 8B00 mov eax, [eax]
00489E0F 8B10 mov edx, [eax]
00489E11 FF92D8000000 call dword ptr [edx+$00D8]
00489E17 48 dec eax
00489E18 750C jnz 00489E26
00489E1A A188714900 mov eax, dword ptr [$497188]
00489E1F 8B00 mov eax, [eax]
00489E21 E8D6820000 call 004920FC
;这个Call,en en look down at sth.

00489E26 C3 ret

5、W32Dasm中
:00489E07 00A16C724900 add byte ptr [ecx+0049726C], ah
:00489E0D 8B00 mov eax, dword ptr [eax]
:00489E0F 8B10 mov edx, dword ptr [eax]
:00489E11 FF92D8000000 call dword ptr [edx+000000D8]
:00489E17 48 dec eax
:00489E18 750C jne 00489E26
:00489E1A A188714900 mov eax, dword ptr [00497188]
:00489E1F 8B00 mov eax, dword ptr [eax]
:00489E21 E8D6820000 call 004920FC
;这个Call,en 干什么-不是要注册吗?跟进(1)吧,

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00489E18(C)
|
:00489E26 C3 ret


;跟进(1),来到了
* Referenced by a CALL at Addresses:
|:00489E21 , :004920F3
|
:004920FC 55 push ebp
:004920FD 8BEC mov ebp, esp
:004920FF 6A00 push 00000000
:00492101 6A00 push 00000000
:00492103 53 push ebx
:00492104 56 push esi
:00492105 57 push edi
:00492106 8BF8 mov edi, eax
:00492108 33C0 xor eax, eax
:0049210A 55 push ebp
:0049210B 6855224900 push 00492255
:00492110 64FF30 push dword ptr fs:[eax]
:00492113 648920 mov dword ptr fs:[eax], esp
:00492116 8D55FC lea edx, dword ptr [ebp-04]
:00492119 A16C724900 mov eax, dword ptr [0049726C]
:0049211E 8B00 mov eax, dword ptr [eax]
:00492120 8B8078030000 mov eax, dword ptr [eax+00000378]
:00492126 E8D1D6F9FF call 0042F7FC
:0049212B 8D55F8 lea edx, dword ptr [ebp-08]
:0049212E A16C724900 mov eax, dword ptr [0049726C]
:00492133 8B00 mov eax, dword ptr [eax]
:00492135 8B807C030000 mov eax, dword ptr [eax+0000037C]
:0049213B E8BCD6F9FF call 0042F7FC
:00492140 33C9 xor ecx, ecx
:00492142 B201 mov dl, 01

* Possible StringData Ref from Code Obj ->"€麫"
|
:00492144 A1AC924800 mov eax, dword ptr [004892AC]
:00492149 E8B272FFFF call 00489400
:0049214E 8BD8 mov ebx, eax
:00492150 8B55FC mov edx, dword ptr [ebp-04]
:00492153 8BC3 mov eax, ebx
:00492155 E89A73FFFF call 004894F4
:0049215A C6433800 mov [ebx+38], 00

* Possible StringData Ref from Code Obj ->"fuck you" ;骂人的话,不想被人破解;
;不过 也不能骂人
| ;骂人是不好的,有代价的,所以我们在下面
;用这个"fuck you"
:0049215E BA6C224900 mov edx, 0049226C
:00492163 8BC3 mov eax, ebx
:00492165 E82E73FFFF call 00489498
:0049216A 8BC3 mov eax, ebx
:0049216C E81F76FFFF call 00489790
;注册码验证
;我们跟进看一下,如何?
;可以在这里下断点,跟进(2)

:00492171 837B2800 cmp dword ptr [ebx+28], 00000000
;用户名长度等于零吗?
:00492175 0F8498000000 je 00492213
;这里跳到哪里?
;等于,跳转(1)

:0049217B 8B4328 mov eax, dword ptr [ebx+28]
:0049217E 8B55F8 mov edx, dword ptr [ebp-08]
:00492181 E8B61DF7FF call 00403F3C
;验证
:00492186 0F8587000000 jne 00492213
;跳转(1)
;关键跳转
:0049218C B201 mov dl, 01
:0049218E A12C224700 mov eax, dword ptr [0047222C]
:00492193 E89401FEFF call 0047232C
:00492198 8BF0 mov esi, eax
:0049219A BA02000080 mov edx, 80000002
:0049219F 8BC6 mov eax, esi
:004921A1 E82602FEFF call 004723CC
:004921A6 B101 mov cl, 01
;要暴破,用HexWorkshop查找"0F8587000000",把它改为"0F8487000000"
;在注册对话框中输入用户名和注册码,Thank you
;不过,每次启动时都要求注册和Thank U
就是你输入正确的注册码也是这样
;原因是打开软件时验证,怎么办?
; ^-^ follow me

;查找"fuck you",美国国骂,原装进口
;程序同上
* Possible StringData Ref from Code Obj ->"fuck you"
|
:0048FE6A BA88FF4800 mov edx, 0048FF88
:0048FE6F 8BC7 mov eax, edi
:0048FE71 E82296FFFF call 00489498
:0048FE76 8BC7 mov eax, edi
:0048FE78 E81399FFFF call 00489790
:0048FE7D 8B4728 mov eax, dword ptr [edi+28]
:0048FE80 8B55F8 mov edx, dword ptr [ebp-08]
:0048FE83 E8B440F7FF call 00403F3C
:0048FE88 7514 jne 0048FE9E
;HexWorkshop:Find(Type:Hex Values Value:F8E8B440F7FF7514)
; F8E8B440F7FF7414
;打开软件看看,没有注册窗了,正式完全版
;其实,只需改这里就可以了
;你搞定了吗?

:0048FE8A C605849A490001 mov byte ptr [00499A84], 01
:0048FE91 33D2 xor edx, edx
:0048FE93 8B8324050000 mov eax, dword ptr [ebx+00000524]
:0048FE99 E84A01FBFF call 0043FFE8

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0048FE88(C)
|
:0048FE9E 8BC7 mov eax, edi
:0048FEA0 E83F30F7FF call 00402EE4

;跟进(2)
* Referenced by a CALL at Addresses:
|:0048FE78 , :0049216C
|
:00489790 55 push ebp
:00489791 8BEC mov ebp, esp
:00489793 6A00 push 00000000
:00489795 53 push ebx
:00489796 56 push esi
:00489797 8BF0 mov esi, eax
:00489799 33C0 xor eax, eax
:0048979B 55 push ebp
:0048979C 68FC974800 push 004897FC
:004897A1 64FF30 push dword ptr fs:[eax]
:004897A4 648920 mov dword ptr fs:[eax], esp
:004897A7 8B4624 mov eax, dword ptr [esi+24]
:004897AA E87DA6F7FF call 00403E2C
:004897AF 85C0 test eax, eax
:004897B1 750A jne 004897BD
:004897B3 8D4628 lea eax, dword ptr [esi+28]
:004897B6 E8F1A3F7FF call 00403BAC
:004897BB EB29 jmp 004897E6

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004897B1(C)
|
:004897BD 807E3800 cmp byte ptr [esi+38], 00
:004897C1 7504 jne 004897C7
:004897C3 B301 mov bl, 01
:004897C5 EB02 jmp 004897C9

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004897C1(C)
|
:004897C7 33DB xor ebx, ebx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004897C5(U)
|
:004897C9 53 push ebx
:004897CA 8D45FC lea eax, dword ptr [ebp-04]
:004897CD 50 push eax
:004897CE 8B4E34 mov ecx, dword ptr [esi+34]
;ecx=edx=fuck you
:004897D1 8B5624 mov edx, dword ptr [esi+24]
;edx=用户名

:004897D4 8BC6 mov eax, esi
:004897D6 E875FDFFFF call 00489550
;注册码的计算
;如果,你想用拿手的语言做个注册机请跟进,跟进(3)
;不过,很繁的,需要patient,还有上好咖啡若干杯。。。我不干了,我要睡觉觉 ZZZzz ZzzZZzz

:004897DB 8B55FC mov edx, dword ptr [ebp-04]
:004897DE 8D4628 lea eax, dword ptr [esi+28]
;edx=注册码,我们不就是要这个吗?

:004897E1 E81AA4F7FF call 00403C00
;跟进(2)完

;跳转(1),来到了下面:
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00492175(C), :00492186(C)
|
:00492213 6A40 push 00000040
:00492215 8B8754050000 mov eax, dword ptr [edi+00000554]
:0049221B E8D01DF7FF call 00403FF0
:00492220 8BD0 mov edx, eax
* Possible StringData Ref from Code Obj ->"亿唯e书" ;这里的字符是在注册错误时的消息框标题
| ;如果在W32Dasm中查找这里的字符串,左键双击
:00492222 B9B4224900 mov ecx, 004922B4 ;3次到
;跳转(1)完
用户名:lq7972
注册码:64B65DF75AB19A 


    
    
     
    
    
     

相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么

文章评论
发表评论

热门文章 去除winrar注册框方法

最新文章 比特币病毒怎么破解 比去除winrar注册框方法 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据

人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程