为了我们的下一代,用W32DASM破解看图工具Cpix.exe (转载希望保持完整)
作者:丁丁虾 又名:DDXia
一个小时前刚用W32DASM破解《虚幻立体制作》共享版 v1.0
手有些痒,按奈不住热情!花了20分钟破了一个时间限制的软件的
http://www.newhua.com.cn/down/cpx32.exe
软件简介:
一个不错的看图工具,还提供多种对图片加密的方式,避免你个人收集的图片被人偷看!
首先用破解极品W32DASM打开Cpix.exe,然后用StrnREF功能,可以看到
"past the 30-day evaluation period." 赶紧就追了过去!再往上走走看会有收获的。:) 这次可要好好分析一下了看如下分析:
* Possible StringData Ref from Code Obj ->"You have "
|
:0047E8C3 68C0EB4700 push 0047EBC0
:0047E8C8 8BC6 mov eax, esi
:0047E8CA 99 cdq
:0047E8CB 33C2 xor eax, edx
:0047E8CD 2BC2 sub eax, edx
:0047E8CF 8BC3 mov eax, ebx
:0047E8D1 8D9598FEFFFF lea edx, dword ptr [ebp+FFFFFE98]
:0047E8D7 E82C8FF8FF call 00407808
:0047E8DC FFB598FEFFFF push dword ptr [ebp+FFFFFE98]
* Possible StringData Ref from Code Obj ->" day"
|
:0047E8E2 68D4EB4700 push 0047EBD4
:0047E8E7 8D8594FDFFFF lea eax, dword ptr [ebp+FFFFFD94]
:0047E8ED 8D55EF lea edx, dword ptr [ebp-11]
:0047E8F0 E8AF53F8FF call 00403CA4
:0047E8F5 FFB594FDFFFF push dword ptr [ebp+FFFFFD94]
* Possible StringData Ref from Code Obj ->" left in your 30-day evaluation "
->"period."
|
:0047E8FB 68E4EB4700 push 0047EBE4
:0047E900 8D859CFEFFFF lea eax, dword ptr [ebp+FFFFFE9C]
:0047E906 BA05000000 mov edx, 00000005
:0047E90B E8B054F8FF call 00403DC0
:0047E910 8B859CFEFFFF mov eax, dword ptr [ebp+FFFFFE9C]
:0047E916 668B0D00EA4700 mov cx, word ptr [0047EA00]
:0047E91D 33D2 xor edx, edx
:0047E91F E8BC1EFCFF call 004407E0
:0047E924 E988000000 jmp 0047E9B1
^^^^^^^^^^^^----->如果还没有过期的话,
就继续执行它
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0047E898(C), :0047E8A0(C)
|
:0047E929 85F6 test esi, esi
:0047E92B 0F8E80000000 jle 0047E9B1
^^^^^^^^^^^^-----> 这是小于等于30天也继 续执行它
:0047E931 C605FC94480001 mov byte ptr [004894FC], 01
:0047E938 83FE01 cmp esi, 00000001
:0047E93B 7506 jne 0047E943
^^^^^^^^^^^^----->这个就不用说了。自己去 折磨吧!^_^
:0047E93D C645EF00 mov [ebp-11], 00
:0047E941 EB06 jmp 0047E949
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047E93B(C)
|
:0047E943 66C745EF0173 mov [ebp-11], 7301
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047E941(U)
|
:0047E949 6A00 push 00000000
* Possible StringData Ref from Code Obj ->"You have used CryptaPix "
|
:0047E94B 6814EC4700 push 0047EC14
:0047E950 8D9598FEFFFF lea edx, dword ptr [ebp+FFFFFE98]
:0047E956 8BC6 mov eax, esi
:0047E958 E8AB8EF8FF call 00407808
:0047E95D FFB598FEFFFF push dword ptr [ebp+FFFFFE98]
* Possible StringData Ref from Code Obj ->" day"
|
:0047E963 68D4EB4700 push 0047EBD4
:0047E968 8D8594FDFFFF lea eax, dword ptr [ebp+FFFFFD94]
:0047E96E 8D55EF lea edx, dword ptr [ebp-11]
:0047E971 E82E53F8FF call 00403CA4
:0047E976 FFB594FDFFFF push dword ptr [ebp+FFFFFD94]
* Possible StringData Ref from Code Obj ->" past the 30-day evaluation period."
|
:0047E97C 6838EC4700 push 0047EC38
:0047E981 8D859CFEFFFF lea eax, dword ptr [ebp+FFFFFE9C]
:0047E987 BA05000000 mov edx, 00000005
:0047E98C E82F54F8FF call 00403DC0
:0047E991 8B859CFEFFFF mov eax, dword ptr [ebp+FFFFFE9C]
:0047E997 668B0D00EA4700 mov cx, word ptr [0047EA00]
:0047E99E 33D2 xor edx, edx
:0047E9A0 E83B1EFCFF call 004407E0
:0047E9A5 33D2 xor edx, edx
:0047E9A7 A1E4744800 mov eax, dword ptr [004874E4]
:0047E9AC E89B050000 call 0047EF4C
最后是破解它了
:0047E92B 0F8E80000000 jle 0047E9B1
^^^^^^^^^^^^----->改为jmp 0047E9B1
注意它的二进制码为EB81000000比原来还少两个字节为了代码保持完整加一个90 nop 就OK了-------》可要记住了NEWBABIES :))) |
安全中国首页 > 文章中心 > 逆向工程技术