软件名称: DlgXRSizer
软件版本: 4.2.1.2
软件大小: 1658KB
软件授权: 共享软件
使用平台: Win95/98/NT
发布公司: http://web.access.net.au/jag/gajits/
软件简介: 可用来使用于打开文件、另存文件或按浏览文件夹时将浏览资料的对话方块、设成自己喜欢、习惯的大小及位置,也可设成全屏幕浏览,且可设定为打开时以文件列表的方式、也可加入日期、文件名、大小、文件格式的排序,真的大大改善Windows此方面的不便性。
作 者:xiA Qin
级 别:很菜....很菜.....
解密工具:Trw2000 1.22
破解目的:学习注册码的破解。(★★)
说 明:
本文是在我的软件破解记录上整理出来的。如若有纰漏,请各位大侠多指教!
首先运行DlgXRSizer
输入注册信息
Registration key: 1234567890 &任意输入
下指令bpx hmemcpy //下中断点
按F5回到程序,按确定,这时会被Trw2000拦截到。
下指令bd * //屏障中断点
下指令pmodule //直接跳到程序的领空
按F10来到下面指令
.................
015F:0048CCB1 PUSH EBX
015F:0048CCB2 MOV EBX,EAX
015F:0048CCB4 XOR EAX,EAX
015F:0048CCB6 PUSH EBP
015F:0048CCB7 PUSH DWORD 0048CD6C
015F:0048CCBC PUSH DWORD [FS:EAX]
015F:0048CCBF MOV [FS:EAX],ESP
015F:0048CCC2 LEA EAX,[EBP-04]
015F:0048CCC5 PUSH EAX
015F:0048CCC6 MOV ECX,[EBX+0830]
015F:0048CCCC MOV EDX,0048CD80
015F:0048CCD1 MOV EAX,0048CDA8 //输入的假的注册码
015F:0048CCD6 CALL 00453610 //有问题按F8进入。
015F:0048CCDB CMP DWORD [EBP-04],BYTE +00
015F:0048CCDF JZ 0048CD56
015F:0048CCE1 MOV EDX,[EBP-04]
015F:0048CCE4 MOV EAX,0048CDC8
015F:0048CCE9 CALL 00456940
015F:0048CCEE TEST AL,AL
015F:0048CCF0 JNZ 0048CD09
015F:0048CCF2 PUSH BYTE +00
015F:0048CCF4 MOV CX,[0048CDD4]
015F:0048CCFB MOV DL,01
015F:0048CCFD MOV EAX,0048CDE0
015F:0048CD02 CALL 004531FC //注册失败对话框,
015F:0048CD07 JMP SHORT 0048CD56
。。。。。。。。。。。。。。
按F8进入0048CCD6 CALL 00453610
改按F10来到下面指令
...................
015F:004569D8 CALL 00403E7C
015F:004569DD MOV EDX,[EBP-08]
015F:004569E0 MOV EAX,00456A94
015F:004569E5 CALL 00403F60
015F:004569EA TEST EAX,EAX
015F:004569EC JNZ 00456989
015F:004569EE LEA EDX,[EBP-14]
015F:004569F1 MOV EAX,[EBP-0C]
015F:004569F4 CALL 00408100
015F:004569F9 MOV EDX,[EBP-14] //输入的假注册码 D EDX
015F:004569FC LEA EAX,[EBP-0C]
015F:004569FF CALL 00403A94
015F:00456A04 LEA EAX,[EBP-10]
015F:00456A07 MOV EDX,[EBP-08]
015F:00456A0A CALL 00403A94 //输入的假注册码 D EDX
015F:00456A0F PUSH DWORD [EBP-0C]
015F:00456A12 PUSH DWORD 00456A94
015F:00456A17 PUSH DWORD [EBP-10]
015F:00456A1A LEA EAX,[EBP-18]
015F:00456A1D MOV EDX,03
015F:00456A22 CALL 00403D38
015F:00456A27 MOV EAX,[EBP-18] //看看假的注册码有什么变化。D EAX
015F:00456A2A LEA EDX,[EBP-14] 在假注册码前面加了一个空格。
015F:00456A2D CALL 00407F50
015F:00456A32 MOV EAX,[EBP-14]
015F:00456A35 PUSH EAX
015F:00456A36 LEA ECX,[EBP-1C]
015F:00456A39 MOV EDX,[EBP-0C]
015F:00456A3C MOV EAX,[EBP-04]
015F:00456A3F CALL 00456A98
015F:00456A44 MOV EAX,[EBP-1C]
015F:00456A47 LEA EDX,[EBP-18] //正确的注册码 D EAX
015F:00456A4A CALL 00407F50
015F:00456A4F MOV EDX,[EBP-18]
015F:00456A52 POP EAX
015F:00456A53 CALL 00403D88
015F:00456A58 JZ 00456A5E
015F:00456A5A XOR EBX,EBX
015F:00456A5C JMP SHORT 00456A60
015F:00456A5E MOV BL,01
015F:00456A60 XOR EAX,EAX
015F:00456A62 POP EDX
015F:00456A63 POP ECX
015F:00456A64 POP ECX
015F:00456A65 MOV [FS:EAX],EDX
015F:00456A68 PUSH DWORD 00456A82
015F:00456A6D LEA EAX,[EBP-1C]
015F:00456A70 MOV EDX,07
015F:00456A75 CALL 00403A20
015F:00456A7A RET
015F:00456A7B JMP 00403438
015F:00456A80 JMP SHORT 00456A6D
015F:00456A82 MOV EAX,EBX
015F:00456A84 POP EBX
015F:00456A85 MOV ESP,EBP
015F:00456A87 POP EBP
015F:00456A88 RET
..........................
整理一下,输入注册信息。
Registration key: 636298121 <--注意:注册码前面有一个空格
^
空格
注册信息在注册表中:
[HKEY_CURRENT_USER\Software\Gajits\DlgXRSizer]
"Reg String"=" 636298121" |
安全中国首页 > 文章中心 > 系统底层