[原创]-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [原创] 0.00雪花

发表于: 2010-1-19 13:59 1694

[旧帖] [原创] 0.00雪花

epbinge

2010-1-19 13:59

1694

破解名稱菜鳥之奇門破解
軟件名稱 IDA PRO 破解工具olldbg
  這個軟件是破解常用工具，装上以后有nag,功能限制，用一会退出，对我這個菜鳥破解难極了
先破nag，od載入以后对消息框设了断点但都断不下，其它断点也断不下，不知作者用啥招蔽掉了断点，
所以想到了一個招数，單步跟，到401d27 這個呼出現了nag,
00401D27 .  E8 12621500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401D2C .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401D31 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401D33 .  8B0D AC905A00 MOV ECX,DWORD PTR DS:[5A90AC]          ;  idag._EnumForm
00401D39 .  8B15 AC1E5800 MOV EDX,DWORD PTR DS:[581EAC]          ;  idag.00581EF8
00401D3F .  E8 FA611500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401D44 .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401D49 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401D4B .  8B0D A8905A00 MOV ECX,DWORD PTR DS:[5A90A8]          ;  idag._StrucForm
00401D51 .  8B15 70115800 MOV EDX,DWORD PTR DS:[581170]          ;  idag.005811BC
00401D57 .  E8 E2611500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401D5C .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401D61 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401D63 .  8B0D B4905A00 MOV ECX,DWORD PTR DS:[5A90B4]          ;  idag._DynHelpForm
00401D69 .  8B15 802D5800 MOV EDX,DWORD PTR DS:[582D80]          ;  idag.00582DCC
      ;  idag.0058C3D4
重启軟件，直接在401d27下断，f9运行断下f7进入呼內，到4684eb出現nag,
  004684EB    E8 E0200300 CALL idag.0049A5D0
004684F0  |.  E8 83FBFFFF CALL idag.00468078
004684F5  |.  84C0       TEST AL,AL
004684F7  |.  74 3B       JE SHORT idag.00468534
004684F9  |.  68 61285700 PUSH idag.00572861                      ;  ASCII "ICON ERROR
AUTOHIDE NONE
Sorry, the evaluation version has expired."
004684FE  |.  E8 9535FAFF CALL idag.0040BA98
00468503  |.  8B15 90905A00 MOV EDX,DWORD PTR DS:[5A9090]          ;  idag._IdaWindow
00468509  |.  59          POP ECX
0046850A  |.  8B0A       MOV ECX,DWORD PTR DS:[EDX]
0046850C  |.  BA EFFFFFFF MOV EDX,-11
00468511  |.  8B81 70030000 MOV EAX,DWORD PTR DS:[ECX+370]
00468517  |.  E8 24ED0E00 CALL idag.00557240
0046851C  |.  8BD8       MOV EBX,EAX
0046851E  |.  A1 90905A00 MOV EAX,DWORD PTR DS:[5A9090]
00468523  |.  8B10       MOV EDX,DWORD PTR DS:[EAX]
00468525  |.  8B82 70030000 MOV EAX,DWORD PTR DS:[EDX+370]
0046852B  |.  FFD3       CALL EBX
0046852D  |.  6A 01       PUSH 1
0046852F  |.  E8 30110F00 CALL <JMP.&IDA.qexit>
00468534  |>  8B15 64D75B00 MOV EDX,DWORD PTR DS:[<&vcl60.@Forms@App>;  vcl60.@Forms@Application
0046853A  |.  8B0A       MOV ECX,DWORD PTR DS:[EDX]
0046853C  |.  8A81 9C000000 MOV AL,BYTE PTR DS:[ECX+9C]
00468542  |.  84C0       TEST AL,AL
00468544  |.  74 07       JE SHORT idag.0046854D
00468546  |.  6A 00       PUSH 0
00468548  |.  E8 17110F00 CALL <JMP.&IDA.qexit>
0046854D  |>  6A 00       PUSH 0
0046854F  |.  8B15 90905A00 MOV EDX,DWORD PTR DS:[5A9090]          ;  idag._IdaWindow
00468555  |.  8B02       MOV EAX,DWORD PTR DS:[EDX]
00468557  |.  E8 02FE0E00 CALL <JMP.&vcl60.@Controls@TWinControl@G>
0046855C  |.  50          PUSH EAX                               ; |hWnd
0046855D  |.  E8 4A180F00 CALL <JMP.&USER32.EnableWindow>       ; \EnableWindow
00468562  |.  66:C745 D4 20>MOV WORD PTR SS:[EBP-2C],20
00468568  |.  C645 F0 02 MOV BYTE PTR SS:[EBP-10],2
0046856C  |.  FF45 E0    INC DWORD PTR SS:[EBP-20]
0046856F  |.  8B15 A0905A00 MOV EDX,DWORD PTR DS:[5A90A0]          ;  idag._FOptions
00468575  |.  66:C745 D4 2C>MOV WORD PTR SS:[EBP-2C],2C
0046857B  |.  8B0A       MOV ECX,DWORD PTR DS:[EDX]
0046857D  |.  8B81 B0040000 MOV EAX,DWORD PTR DS:[ECX+4B0]
00468583  |.  8A50 57    MOV DL,BYTE PTR DS:[EAX+57]
00468586  |.  84D2       TEST DL,DL
00468588  |.  74 26       JE SHORT idag.004685B0
0046858A  |.  8D4D F0    LEA ECX,DWORD PTR SS:[EBP-10]
0046858D  |.  BA A5285700 MOV EDX,idag.005728A5                   ;  ASCII "count(/ida/templates/category/template)"
00468592  |.  B8 C4D95A00 MOV EAX,idag.005AD9C4
00468597  |.  E8 D8F30700 CALL idag.004E7974
0046859C  |.  84C0       TEST AL,AL
0046859E  |.  74 10       JE SHORT idag.004685B0
004685A0  |.  0FBE4D F0    MOVSX ECX,BYTE PTR SS:[EBP-10]
004685A4  |.  83F9 02    CMP ECX,2
004685A7  |.  75 07       JNZ SHORT idag.004685B0
004685A9  |.  8B45 F1    MOV EAX,DWORD PTR SS:[EBP-F]
004685AC  |.  85C0       TEST EAX,EAX
004685AE  |.  7F 04       JG SHORT idag.004685B4
004685B0  |>  33D2       XOR EDX,EDX
004685B2  |.  EB 05       JMP SHORT idag.004685B9
004685B4  |>  BA 01000000 MOV EDX,1
004685B9  |>  8B0D 90905A00 MOV ECX,DWORD PTR DS:[5A9090]          ;  idag._IdaWindow
004685BF  |.  8B01       MOV EAX,DWORD PTR DS:[ECX]
004685C1  |.  8B80 F4020000 MOV EAX,DWORD PTR DS:[EAX+2F4]
004685C7  |.  E8 E6F80E00 CALL <JMP.&vcl60.@Actnlist@TCustomAction>
004685CC  |.  8A55 C3    MOV DL,BYTE PTR SS:[EBP-3D]
004685CF  |.  84D2       TEST DL,DL
004685D1  |.  75 0E       JNZ SHORT idag.004685E1
004685D3  |.  8A4D C2    MOV CL,BYTE PTR SS:[EBP-3E]
004685D6  |.  84C9       TEST CL,CL
004685D8  |.  75 07       JNZ SHORT idag.004685E1
004685DA  |.  E8 F52D0300 CALL idag.0049B3D4
004685DF  |.  EB 45       JMP SHORT idag.00468626
004685E1  |>  66:C745 D4 38>MOV WORD PTR SS:[EBP-2C],38
004685E7  |.  BA E0275700 MOV EDX,idag.005727E0
004685EC  |.  8D45 E8    LEA EAX,DWORD PTR SS:[EBP-18]
004685EF  |.  E8 28E30E00 CALL idag.0055691C
004685F4  |.  FF45 E0    INC DWORD PTR SS:[EBP-20]
004685F7  |.  8B00       MOV EAX,DWORD PTR DS:[EAX]
004685F9  |.  E8 BE080000 CALL idag.00468EBC
004685FE  |.  33D2       XOR EDX,EDX
00468600  |.  8AD0       MOV DL,AL
00468602  |.  8D45 E8    LEA EAX,DWORD PTR SS:[EBP-18]
00468605  |.  83FA 01    CMP EDX,1
00468608  |.  BA 02000000 MOV EDX,2
0046860D  |.  1BC9       SBB ECX,ECX
0046860F  |.  F7D9       NEG ECX
00468611  |.  51          PUSH ECX                               ; /Arg1
00468612  |.  FF4D E0    DEC DWORD PTR SS:[EBP-20]             ; |
00468615  |.  E8 D6E40E00 CALL idag.00556AF0                      ; \idag.00556AF0
0046861A  |.  59          POP ECX
0046861B  |.  84C9       TEST CL,CL
0046861D  |.  74 07       JE SHORT idag.00468626
0046861F  |.  6A 01       PUSH 1
00468621  |.  E8 3E100F00 CALL <JMP.&IDA.qexit>
00468626  |>  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
0046862B  |.  8B10       MOV EDX,DWORD PTR DS:[EAX]
0046862D  |.  8A8A 9C000000 MOV CL,BYTE PTR DS:[EDX+9C]
00468633  |.  84C9       TEST CL,CL
00468635  |.  74 07       JE SHORT idag.0046863E
00468637  |.  6A 00       PUSH 0
00468639  |.  E8 26100F00 CALL <JMP.&IDA.qexit>
0046863E  |>  E8 DD0E0F00 CALL <JMP.&IDA.netnode_inited>
00468643  |.  84C0       TEST AL,AL
00468645  |.  75 07       JNZ SHORT idag.0046864E
00468647  |.  B0 01       MOV AL,1
00468649  |.  E8 36C80600 CALL idag.004D4E84
0046864E  |>  E8 B1EDFFFF CALL idag.00467404
00468653  |.  FF4D E0    DEC DWORD PTR SS:[EBP-20]
00468656  |.  0FBE55 F0    MOVSX EDX,BYTE PTR SS:[EBP-10]

再重启軟件在4684eb下断f9运行断下f7进入呼內
  0049A5D0  /$  55          PUSH EBP
0049A5D1  |.  8BEC       MOV EBP,ESP
0049A5D3  |.  81C4 A8FBFFFF ADD ESP,-458
0049A5D9  |.  53          PUSH EBX
0049A5DA  |.  56          PUSH ESI
0049A5DB  |.  8BF0       MOV ESI,EAX
0049A5DD  |.  B8 A0285800 MOV EAX,idag.005828A0
0049A5E2  |.  E8 05B70A00 CALL idag.00545CEC
0049A5E7  |.  66:C745 B8 14>MOV WORD PTR SS:[EBP-48],14
0049A5ED  |.  33D2       XOR EDX,EDX
0049A5EF  |.  8955 FC    MOV DWORD PTR SS:[EBP-4],EDX
0049A5F2  |.  8D45 FC    LEA EAX,DWORD PTR SS:[EBP-4]
0049A5F5  |.  FF45 C4    INC DWORD PTR SS:[EBP-3C]
0049A5F8  |.  E8 5BF9FFFF CALL idag.00499F58
0049A5FD  |.  66:C745 B8 08>MOV WORD PTR SS:[EBP-48],8
0049A603  |.  66:C745 B8 20>MOV WORD PTR SS:[EBP-48],20
0049A609  |.  33C0       XOR EAX,EAX
0049A60B  |.  BB 20000000 MOV EBX,20
0049A610  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX
0049A613  |.  8BC3       MOV EAX,EBX
0049A615  |.  FF45 C4    INC DWORD PTR SS:[EBP-3C]
0049A618  |.  8D55 EC    LEA EDX,DWORD PTR SS:[EBP-14]
0049A61B  |.  E8 D2CF0B00 CALL <JMP.&rtl60.@Sysutils@IntToStr$qqri>
0049A620  |.  8D55 EC    LEA EDX,DWORD PTR SS:[EBP-14]
0049A623  |.  52          PUSH EDX
0049A624  |.  BA A7265800 MOV EDX,idag.005826A7                   ;  ASCII " ("
0049A629  |.  8D45 F0    LEA EAX,DWORD PTR SS:[EBP-10]
0049A62C  |.  E8 EBC20B00 CALL idag.0055691C
0049A631  |.  FF45 C4    INC DWORD PTR SS:[EBP-3C]
0049A634  |.  33C9       XOR ECX,ECX
0049A636  |.  894D E8    MOV DWORD PTR SS:[EBP-18],ECX
0049A639  |.  8D4D E8    LEA ECX,DWORD PTR SS:[EBP-18]
0049A63C  |.  FF45 C4    INC DWORD PTR SS:[EBP-3C]
0049A63F  |.  5A          POP EDX
0049A640  |.  E8 03C50B00 CALL idag.00556B48
0049A645  |.  8D45 E8    LEA EAX,DWORD PTR SS:[EBP-18]
0049A648  |.  50          PUSH EAX
0049A649  |.  BA AA265800 MOV EDX,idag.005826AA                   ;  ASCII "-bit)"
0049A64E  |.  8D45 E4    LEA EAX,DWORD PTR SS:[EBP-1C]
0049A651  |.  E8 C6C20B00 CALL idag.0055691C
0049A656  |.  FF45 C4    INC DWORD PTR SS:[EBP-3C]
0049A659  |.  33C0       XOR EAX,EAX
0049A65B  |.  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX
0049A65E  |.  8D55 E4    LEA EDX,DWORD PTR SS:[EBP-1C]
0049A661  |.  FF45 C4    INC DWORD PTR SS:[EBP-3C]
0049A664  |.  8D4D F8    LEA ECX,DWORD PTR SS:[EBP-8]
0049A667  |.  58          POP EAX
0049A668  |.  E8 DBC40B00 CALL idag.00556B48
0049A66D  |.  FF4D C4    DEC DWORD PTR SS:[EBP-3C]
0049A670  |.  8D45 E4    LEA EAX,DWORD PTR SS:[EBP-1C]
0049A673  |.  BA 02000000 MOV EDX,2
0049A678  |.  E8 73C40B00 CALL idag.00556AF0
0049A67D  |.  FF4D C4    DEC DWORD PTR SS:[EBP-3C]
0049A680  |.  8D45 E8    LEA EAX,DWORD PTR SS:[EBP-18]
0049A683  |.  BA 02000000 MOV EDX,2
0049A688  |.  E8 63C40B00 CALL idag.00556AF0
0049A68D  |.  FF4D C4    DEC DWORD PTR SS:[EBP-3C]
0049A690  |.  8D45 EC    LEA EAX,DWORD PTR SS:[EBP-14]
0049A693  |.  BA 02000000 MOV EDX,2
0049A698  |.  E8 53C40B00 CALL idag.00556AF0
0049A69D  |.  FF4D C4    DEC DWORD PTR SS:[EBP-3C]
0049A6A0  |.  8D45 F0    LEA EAX,DWORD PTR SS:[EBP-10]
0049A6A3  |.  BA 02000000 MOV EDX,2
0049A6A8  |.  E8 43C40B00 CALL idag.00556AF0
0049A6AD  |.  66:C745 B8 08>MOV WORD PTR SS:[EBP-48],8
0049A6B3  |.  66:C745 B8 2C>MOV WORD PTR SS:[EBP-48],2C
0049A6B9  |.  33C9       XOR ECX,ECX
0049A6BB  |.  894D E0    MOV DWORD PTR SS:[EBP-20],ECX
0049A6BE  |.  8D4D E0    LEA ECX,DWORD PTR SS:[EBP-20]
0049A6C1  |.  FF45 C4    INC DWORD PTR SS:[EBP-3C]
0049A6C4  |.  8D55 FC    LEA EDX,DWORD PTR SS:[EBP-4]
0049A6C7  |.  B8 B0265800 MOV EAX,idag.005826B0                   ;  ASCII "Version "
0049A6CC  |.  E8 E7CA0B00 CALL idag.005571B8
0049A6D1  |.  8D45 E0    LEA EAX,DWORD PTR SS:[EBP-20]
0049A6D4  |.  33D2       XOR EDX,EDX
0049A6D6  |.  8955 DC    MOV DWORD PTR SS:[EBP-24],EDX
0049A6D9  |.  8D4D DC    LEA ECX,DWORD PTR SS:[EBP-24]
0049A6DC  |.  FF45 C4    INC DWORD PTR SS:[EBP-3C]
0049A6DF  |.  8D55 F8    LEA EDX,DWORD PTR SS:[EBP-8]
0049A6E2  |.  E8 61C40B00 CALL idag.00556B48
0049A6E7  |.  8D55 DC    LEA EDX,DWORD PTR SS:[EBP-24]
0049A6EA  |.  A1 2CD25A00 MOV EAX,DWORD PTR DS:[_AboutBox]
0049A6EF  |.  8B80 FC020000 MOV EAX,DWORD PTR DS:[EAX+2FC]
0049A6F5  |.  8B12       MOV EDX,DWORD PTR DS:[EDX]
0049A6F7  |.  E8 DCDD0B00 CALL <JMP.&vcl60.@Controls@TControl@SetT>
0049A6FC  |.  FF4D C4    DEC DWORD PTR SS:[EBP-3C]
0049A6FF  |.  8D45 DC    LEA EAX,DWORD PTR SS:[EBP-24]
0049A702  |.  BA 02000000 MOV EDX,2
0049A707  |.  E8 E4C30B00 CALL idag.00556AF0
0049A70C  |.  FF4D C4    DEC DWORD PTR SS:[EBP-3C]
0049A70F  |.  8D45 E0    LEA EAX,DWORD PTR SS:[EBP-20]
0049A712  |.  BA 02000000 MOV EDX,2
0049A717  |.  E8 D4C30B00 CALL idag.00556AF0
0049A71C  |.  66:C745 B8 38>MOV WORD PTR SS:[EBP-48],38
0049A722  |.  BA B9265800 MOV EDX,idag.005826B9                   ;  ASCII "Evaluation version
with the following limitations:
1. Only PE/ELF/Mach-O files are supported
2. It is time limited
3. Save is disabled"
0049A727  |.  8D45 D8    LEA EAX,DWORD PTR SS:[EBP-28]
0049A72A  |.  E8 EDC10B00 CALL idag.0055691C
0049A72F  |.  FF45 C4    INC DWORD PTR SS:[EBP-3C]
0049A732  |.  8B10       MOV EDX,DWORD PTR DS:[EAX]
0049A734  |.  A1 2CD25A00 MOV EAX,DWORD PTR DS:[_AboutBox]
0049A739  |.  8B80 18030000 MOV EAX,DWORD PTR DS:[EAX+318]
0049A73F  |.  E8 94DD0B00 CALL <JMP.&vcl60.@Controls@TControl@SetT>
0049A744  |.  FF4D C4    DEC DWORD PTR SS:[EBP-3C]
0049A747  |.  8D45 D8    LEA EAX,DWORD PTR SS:[EBP-28]
0049A74A  |.  BA 02000000 MOV EDX,2
0049A74F  |.  E8 9CC30B00 CALL idag.00556AF0
0049A754  |.  8B0D 2CD25A00 MOV ECX,DWORD PTR DS:[_AboutBox]
0049A75A  |.  B2 01       MOV DL,1
0049A75C  |.  8B81 18030000 MOV EAX,DWORD PTR DS:[ECX+318]
0049A762  |.  E8 89DD0B00 CALL <JMP.&vcl60.@Controls@TControl@SetV>
0049A767  |.  8B0D 2CD25A00 MOV ECX,DWORD PTR DS:[_AboutBox]
0049A76D  |.  33D2       XOR EDX,EDX
0049A76F  |.  8B81 10030000 MOV EAX,DWORD PTR DS:[ECX+310]
0049A775  |.  E8 76DD0B00 CALL <JMP.&vcl60.@Controls@TControl@SetV>
0049A77A  |.  8B0D 2CD25A00 MOV ECX,DWORD PTR DS:[_AboutBox]
0049A780  |.  33D2       XOR EDX,EDX
0049A782  |.  8B81 04030000 MOV EAX,DWORD PTR DS:[ECX+304]
0049A788  |.  E8 63DD0B00 CALL <JMP.&vcl60.@Controls@TControl@SetV>
0049A78D  |.  66:C745 B8 44>MOV WORD PTR SS:[EBP-48],44
0049A793  |.  33C9       XOR ECX,ECX
0049A795  |.  A1 2CD25A00 MOV EAX,DWORD PTR DS:[_AboutBox]
0049A79A  |.  894D D0    MOV DWORD PTR SS:[EBP-30],ECX
0049A79D  |.  8D55 D0    LEA EDX,DWORD PTR SS:[EBP-30]
0049A7A0  |.  FF45 C4    INC DWORD PTR SS:[EBP-3C]

  到49a88b這個呼出現nag,這樣判断清nag。在這個呼上边有個跳转49a878m可以跳过這個呼

0049A878    /75 17       JNZ SHORT idag.0049A891
0049A87A  |. |A1 2CD25A00 MOV EAX,DWORD PTR DS:[_AboutBox]
0049A87F  |. |E8 4C08FCFF CALL idag.0045B0D0
0049A884  |. |A1 2CD25A00 MOV EAX,DWORD PTR DS:[_AboutBox]
0049A889  |. |8B10       MOV EDX,DWORD PTR DS:[EAX]
0049A88B  |. |FF92 E8000000 CALL DWORD PTR DS:[EDX+E8]
0049A891  |> \BA 46275800 MOV EDX,idag.00582746                   ;  ASCII "demo"
0049A896  |.  8BCB       MOV ECX,EBX
0049A898  |.  B8 E7030000 MOV EAX,3E7
0049A89D  |.  E8 4AA00100 CALL idag.004B48EC
0049A8A2  |.  B8 01000000 MOV EAX,1
0049A8A7  |.  BA 02000000 MOV EDX,2
0049A8AC  |.  50          PUSH EAX
0049A8AD  |.  8D45 F4    LEA EAX,DWORD PTR SS:[EBP-C]
0049A8B0  |.  FF4D C4    DEC DWORD PTR SS:[EBP-3C]
0049A8B3  |.  E8 38C20B00 CALL idag.00556AF0
0049A8B8  |.  FF4D C4    DEC DWORD PTR SS:[EBP-3C]
0049A8BB  |.  8D45 F8    LEA EAX,DWORD PTR SS:[EBP-8]
0049A8BE  |.  BA 02000000 MOV EDX,2
0049A8C3  |.  E8 28C20B00 CALL idag.00556AF0
0049A8C8  |.  FF4D C4    DEC DWORD PTR SS:[EBP-3C]
0049A8CB  |.  8D45 FC    LEA EAX,DWORD PTR SS:[EBP-4]
0049A8CE  |.  BA 02000000 MOV EDX,2

這樣可以解決這個nag了，49a878這块 jnz 改成je  即解決了，亦可以灭掉4684eb這個呼解決，nag灭掉后用一会軟件退出，破這個很困难，作爲一個菜鳥想了很多招都没解決，最后考虑到装完軟件运行時出現一個认证框，有同意和不同意两個按鈕，按同意軟件运行，按不同意軟件退出，没想到這成了我這個菜鳥破解之口，因再运行軟件這個框不出現了，所以在字符串中找到了认证框标志4b49ae ASCII "You have to agree with the license in order to use IDA Pro"他上边有一個跳转4b495f他跳了所以這個框不再出現，nop
掉這個跳，框又出現了
004B48EC  /$  55          PUSH EBP
004B48ED  |.  8BEC       MOV EBP,ESP
004B48EF  |.  81C4 D0FAFFFF ADD ESP,-530
004B48F5  |.  53          PUSH EBX
004B48F6  |.  56          PUSH ESI
004B48F7  |.  57          PUSH EDI
004B48F8  |.  8BF1       MOV ESI,ECX
004B48FA  |.  8955 D4    MOV DWORD PTR SS:[EBP-2C],EDX
004B48FD  |.  8BF8       MOV EDI,EAX
004B48FF  |.  B8 B4A45800 MOV EAX,idag.0058A4B4
004B4904  |.  E8 E3130900 CALL idag.00545CEC
004B4909  |.  6A 00       PUSH 0
004B490B  |.  68 F9A35800 PUSH idag.0058A3F9                      ;  ASCII "license.txt"
004B4910  |.  68 04010000 PUSH 104
004B4915  |.  8D95 D0FEFFFF LEA EDX,DWORD PTR SS:[EBP-130]
004B491B  |.  52          PUSH EDX
004B491C  |.  E8 A1490A00 CALL <JMP.&IDA.getsysfile>
004B4921  |.  8BD8       MOV EBX,EAX
004B4923  |.  85DB       TEST EBX,EBX
004B4925  |.  75 0B       JNZ SHORT idag.004B4932
004B4927  |.  68 05A45800 PUSH idag.0058A405                      ;  ASCII "The license.txt file is missing, can not continue"
004B492C  |.  E8 8FE2F5FF CALL idag.00412BC0
004B4931  |.  59          POP ECX
004B4932  |>  56          PUSH ESI
004B4933  |.  68 37A45800 PUSH idag.0058A437                      ;  ASCII "License %s"
004B4938  |.  68 00040000 PUSH 400
004B493D  |.  8D85 D0FAFFFF LEA EAX,DWORD PTR SS:[EBP-530]
004B4943  |.  50          PUSH EAX
004B4944  |.  E8 65420A00 CALL <JMP.&IDA._qsnprintf>
004B4949  |.  83C4 10    ADD ESP,10
004B494C  |.  33C9       XOR ECX,ECX
004B494E  |.  33D2       XOR EDX,EDX
004B4950  |.  8D85 D0FAFFFF LEA EAX,DWORD PTR SS:[EBP-530]
004B4956  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
004B4958  |.  E8 1B600300 CALL idag.004EA978                      ; \idag.004EA978
004B495D  |.  85C0       TEST EAX,EAX
004B495F    75 6C       JNZ SHORT idag.004B49CD
004B4961  |.  A1 08D35A00 MOV EAX,DWORD PTR DS:[_LicenseForm]
004B4966  |.  8BD3       MOV EDX,EBX
004B4968  |.  8BB0 F0020000 MOV ESI,DWORD PTR DS:[EAX+2F0]
004B496E  |.  8D45 FC    LEA EAX,DWORD PTR SS:[EBP-4]
004B4971  |.  66:C745 E8 08>MOV WORD PTR SS:[EBP-18],8
004B4977  |.  81C6 20020000 ADD ESI,220
004B497D  |.  E8 9A1F0A00 CALL idag.0055691C
004B4982  |.  FF45 F4    INC DWORD PTR SS:[EBP-C]
004B4985  |.  8B10       MOV EDX,DWORD PTR DS:[EAX]
004B4987  |.  8B06       MOV EAX,DWORD PTR DS:[ESI]
004B4989  |.  8B08       MOV ECX,DWORD PTR DS:[EAX]
004B498B  |.  FF51 68    CALL DWORD PTR DS:[ECX+68]
004B498E  |.  FF4D F4    DEC DWORD PTR SS:[EBP-C]
004B4991  |.  8D45 FC    LEA EAX,DWORD PTR SS:[EBP-4]
004B4994  |.  BA 02000000 MOV EDX,2
004B4999  |.  E8 52210A00 CALL idag.00556AF0
004B499E  |.  A1 08D35A00 MOV EAX,DWORD PTR DS:[_LicenseForm]
004B49A3  |.  8B10       MOV EDX,DWORD PTR DS:[EAX]
004B49A5  |.  FF92 E8000000 CALL DWORD PTR DS:[EDX+E8]
004B49AB  |.  48          DEC EAX
004B49AC  |.  74 0B       JE SHORT idag.004B49B9
004B49AE  |.  68 42A45800 PUSH idag.0058A442                      ;  ASCII "You have to agree with the license in order to use IDA Pro"
004B49B3  |.  E8 08E2F5FF CALL idag.00412BC0
004B49B8  |.  59          POP ECX
004B49B9  |>  6A 00       PUSH 0                                  ; /Arg1 = 00000000
004B49BB  |.  8D85 D0FAFFFF LEA EAX,DWORD PTR SS:[EBP-530]          ; |
004B49C1  |.  B9 01000000 MOV ECX,1                               ; |
004B49C6  |.  B2 01       MOV DL,1                               ; |
004B49C8  |.  E8 AB5F0300 CALL idag.004EA978                      ; \idag.004EA978
004B49CD  |>  8B55 D4    MOV EDX,DWORD PTR SS:[EBP-2C]
004B49D0  |.  8BC7       MOV EAX,EDI
004B49D2  |.  E8 A95D0200 CALL idag.004DA780
004B49D7  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
004B49DA  |.  64:890D 00000>MOV DWORD PTR FS:[0],ECX
004B49E1  |.  5F          POP EDI
004B49E2  |.  5E          POP ESI
004B49E3  |.  5B          POP EBX
004B49E4  |.  8BE5       MOV ESP,EBP
004B49E6  |.  5D          POP EBP
004B49E7  \.  C3          RETN
  軟件运行一会退出，我想到一招，让 ExitProcess這個函数不被调用或者能解決没料到還解決了，在401d9f這個呼nop掉，這樣当你运行軟件，按關閉按鈕時軟件不会退出，只出現一個錯误框，關掉這個錯误框軟件接着用，正常軟件用一会退出，這回你可以用不退出了，即因灭掉呼以后在這块不调用ExitProcess了，可你用完軟件怎么退出呢？点關于菜單出現對话框点不同意按鈕可以退出了。

00401D6F .  E8 CA611500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401D74 .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401D79 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401D7B .  8B0D B8905A00 MOV ECX,DWORD PTR DS:[5A90B8]          ;  idag._WelcomeForm
00401D81 .  8B15 14315800 MOV EDX,DWORD PTR DS:[583114]          ;  idag.00583160
00401D87 .  E8 B2611500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401D8C .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401D91 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401D93 .  8B0D BC905A00 MOV ECX,DWORD PTR DS:[5A90BC]          ;  idag._DemoBox
00401D99 .  8B15 D4335800 MOV EDX,DWORD PTR DS:[5833D4]          ;  idag.00583420
00401D9F    E8 9A611500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401DA4 .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401DA9 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401DAB .  8B0D C0905A00 MOV ECX,DWORD PTR DS:[5A90C0]          ;  idag._NosigBox
00401DB1 .  8B15 FC355800 MOV EDX,DWORD PTR DS:[5835FC]          ;  idag.00583648
00401DB7 .  E8 82611500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401DBC .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401DC1 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401DC3 .  8B0D C4905A00 MOV ECX,DWORD PTR DS:[5A90C4]          ;  idag._ScriptBar
00401DC9 .  8B15 A03B5800 MOV EDX,DWORD PTR DS:[583BA0]          ;  idag.00583BEC
00401DCF .  E8 6A611500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401DD4 .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401DD9 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401DDB .  8B0D C8905A00 MOV ECX,DWORD PTR DS:[5A90C8]          ;  idag._StringToolbar
00401DE1 .  8B15 EC3D5800 MOV EDX,DWORD PTR DS:[583DEC]          ;  idag.00583E38
00401DE7 .  E8 52611500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401DEC .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401DF1 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401DF3 .  8B0D D4905A00 MOV ECX,DWORD PTR DS:[5A90D4]          ;  idag._CopyrightForm
00401DF9 .  8B15 78665800 MOV EDX,DWORD PTR DS:[586678]          ;  idag.005866C4
00401DFF .  E8 3A611500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401E04 .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401E09 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401E0B .  8B0D D8905A00 MOV ECX,DWORD PTR DS:[5A90D8]          ;  idag._LoadBinBox
00401E11 .  8B15 D8725800 MOV EDX,DWORD PTR DS:[5872D8]          ;  idag.00587324
00401E17 .  E8 22611500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401E1C .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401E21 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401E23 .  8B0D DC905A00 MOV ECX,DWORD PTR DS:[5A90DC]          ;  idag._SegTransBox
00401E29 .  8B15 F4795800 MOV EDX,DWORD PTR DS:[5879F4]          ;  idag.00587A40
00401E2F .  E8 0A611500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401E34 .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401E39 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401E3B .  8B0D E0905A00 MOV ECX,DWORD PTR DS:[5A90E0]          ;  idag._StrWinSetupForm
00401E41 .  8B15 C8835800 MOV EDX,DWORD PTR DS:[5883C8]          ;  idag.00588414
00401E47 .  E8 F2601500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401E4C .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401E51 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401E53 .  8B0D E4905A00 MOV ECX,DWORD PTR DS:[5A90E4]          ;  idag._CallBox
00401E59 .  8B15 EC8A5800 MOV EDX,DWORD PTR DS:[588AEC]          ;  idag.00588B38
00401E5F .  E8 DA601500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401E64 .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401E69 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401E6B .  8B0D E8905A00 MOV ECX,DWORD PTR DS:[5A90E8]          ;  idag._SupportBox
00401E71 .  8B15 E08D5800 MOV EDX,DWORD PTR DS:[588DE0]          ;  idag.00588E2C
00401E77 .  E8 C2601500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401E7C .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401E81 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401E83 .  8B0D EC905A00 MOV ECX,DWORD PTR DS:[5A90EC]          ;  idag._NoteBox
00401E89 .  8B15 14915800 MOV EDX,DWORD PTR DS:[589114]          ;  idag.00589160
00401E8F .  E8 AA601500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401E94 .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401E99 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401E9B .  8B0D F0905A00 MOV ECX,DWORD PTR DS:[5A90F0]          ;  idag._LicenseForm
00401EA1 .  8B15 C8A45800 MOV EDX,DWORD PTR DS:[58A4C8]          ;  idag.0058A514
00401EA7    E8 92601500 CALL <JMP.&vcl60.@Forms@TApplication@Cre>
00401EAC .  A1 64D75B00 MOV EAX,DWORD PTR DS:[<&vcl60.@Forms@App>
00401EB1 .  8B00       MOV EAX,DWORD PTR DS:[EAX]
00401EB3 .  8B0D F4905A00 MOV ECX,DWORD PTR DS:[5A90F4]          ;  idag._StructureOffsetsForm
00401EB9 .  8B15 88C35800 MOV EDX,DWORD PTR DS:[58C388]
  這是我一個菜鳥偶然的破解雖然没破好但可以用這個軟件了，对一個菜鳥有一点意意，即技术雖然差但破解总能有点收获這可能是學习的一点意义！

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)

收藏・0

免费・0

支持

最新回复 (3)
Undocument 雪币： 1 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 5 粉丝 0 关注私信	Undocument 2 楼标题都没有。。。。 2010-1-19 14:13 0
耳聋雪币： 66 活跃值： (26) 能力值： ( LV4，RANK：50 ) 在线值：发帖 72 回帖 460 粉丝 0 关注私信	耳聋 1 3 楼兄弟把标题给加一下吧 2010-1-19 15:05 0
shco 雪币： 205 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 21 回帖 92 粉丝 0 关注私信	shco 4 楼可能是另有线程，判断CC指令来防止断点 2010-7-21 17:48 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

epbinge

发帖

回帖

RANK

关注

私信

他的文章

[原创] 1695
菜鸟破解nag 1045

关于我们

联系我们

企业服务

看雪公众号

最新回复 (3)
Undocument 雪币： 1 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 5 粉丝 0 关注私信	Undocument 2 楼标题都没有。。。。 2010-1-19 14:13 0
耳聋雪币： 66 活跃值： (26) 能力值： ( LV4，RANK：50 ) 在线值：发帖 72 回帖 460 粉丝 0 关注私信	耳聋 1 3 楼兄弟把标题给加一下吧 2010-1-19 15:05 0
shco 雪币： 205 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 21 回帖 92 粉丝 0 关注私信	shco 4 楼可能是另有线程，判断CC指令来防止断点 2010-7-21 17:48 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复