饮羽公路造价V1.88破解分析
| 饮羽公路造价V1.88破解分析 破解人:lchhome[OCN][DFCG] 一、此软件是用VB6.0编写,无壳。 二、因用W32dsm反汇编找到任何有用的字符串,用GetVBRes载入程序,找到“注册码错误”改为任意字符“happy new year”,再用W32dsm反汇编,这下可找到“happy new year”,双击,再往上找,可找到关键跳转句“0079063C 0F84 16010000 JE yglzj.00790758”,把JE改为JNE,可跳到“注册码成功”,但这不是完美爆破,仍然有功能限制,不管它,用OD载入程序,跳到0079063C句,然后往上找,如下: 007904AA . E8 93D2C7FF CALL 007904AF . 85C0 TEST EAX,EAX 007904B1 . 0F85 A2000000 JNZ yglzj.00790559 把假注册码比较后,继续往下跳到 00790559句 ,走 007904B7 . B8 04000280 MOV EAX,80020004 007904BC . 8985 58FFFFFF MOV DWORD PTR SS:[EBP-A8],EAX 007904C2 . 6A 0A PUSH 0A 007904C4 . 5F POP EDI ............................................................ 中间一段省略 ............................................................ 00790531 . E8 E8D1C7FF CALL 00790536 . 8985 B8FEFFFF MOV DWORD PTR SS:[EBP-148],EAX 0079053C . C785 B0FEFFFF >MOV DWORD PTR SS:[EBP-150],3 00790546 . 8D95 B0FEFFFF LEA EDX,DWORD PTR SS:[EBP-150] 0079054C . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C] 0079054F . E8 42D2C7FF CALL 00790554 . E9 9A010000 JMP yglzj.007906F3 00790559 > 8B03 MOV EAX,DWORD PTR DS:[EBX] 跳到此处,往下走 0079055B . 68 38B0A600 PUSH yglzj.00A6B038 00790560 . 68 48B0A600 PUSH yglzj.00A6B048 00790565 . 68 44B0A600 PUSH yglzj.00A6B044 0079056A . 68 40B0A600 PUSH yglzj.00A6B040 0079056F . 53 PUSH EBX 00790570 . FF90 F8060000 CALL DWORD PTR DS:[EAX+6F8] 这里有个CAll,按F7跟进 00790576 . 3BC7 CMP EAX,EDI 00790578 . 7D 11 JGE SHORT yglzj.0079058B 0079057A . 68 F8060000 PUSH 6F8 0079057F . 68 F0304500 PUSH yglzj.004530F0 00790584 . 53 PUSH EBX 00790585 . 50 PUSH EAX ............................................................ 中间一段省略 ............................................................ 0079062D . E8 16D1C7FF CALL 00790632 . 83C4 0C ADD ESP,0C 00790635 . 66:39BD A0FEFF>CMP WORD PTR SS:[EBP-160],DI 0079063C 0F84 16010000 JE yglzj.00790758 停在此处,往上找关键函数 00790642 . B8 04000280 MOV EAX,80020004 00790647 . 8985 58FFFFFF MOV DWORD PTR SS:[EBP-A8],EAX 0079064D . 6A 0A PUSH 0A 0079064F . 5F POP EDI 00790650 . 89BD 50FFFFFF MOV DWORD PTR SS:[EBP-B0],EDI 00790656 . 8985 68FFFFFF MOV DWORD PTR SS:[EBP-98],EAX 0079065C . 89BD 60FFFFFF MOV DWORD PTR SS:[EBP-A0],EDI 00790662 . C785 F8FEFFFF >MOV DWORD PTR SS:[EBP-108],yglzj.0044ED2> 0079066C . 89B5 F0FEFFFF MOV DWORD PTR SS:[EBP-110],ESI 00790672 . 8D95 F0FEFFFF LEA EDX,DWORD PTR SS:[EBP-110] 00790678 . 8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90] 0079067E . E8 95D0C7FF CALL 00790683 . 68 CCE94500 PUSH yglzj.0045E9CC ; UNICODE "happy new year" 看见没有,注册码错误提示 跟进00790570句,按F8继续走,会到如下: 00793118 > 55 PUSH EBP 00793119 . 8BEC MOV EBP,ESP ............................................................ 中间一段省略 ............................................................ 007931C4 . 53 PUSH EBX 007931C5 . E8 E4A5C7FF CALL 007931CA . BA 14D84400 MOV EDX,yglzj.0044D814 007931CF . 8B4D 18 MOV ECX,DWORD PTR SS:[EBP+18] 007931D2 . E8 CFA4C7 |
![[分享]城市路面混凝土弯拉强度试件养护方法](/e/data/images/no.jpg)
