这个软件爆破后,可是还是要功能的限制...不知哪里错了......
这个软件爆破后,可是还是要功能的限制...不知哪里错了......还望高手指点...
小弟也是刚刚学破解的........
下面这段是爆破注册的....
===============================================================================
:004C1D76 8955EC mov dword ptr [ebp-14], edx
:004C1D79 8B45F8 mov eax, dword ptr [ebp-08]
:004C1D7C 8B55FC mov edx, dword ptr [ebp-04]
:004C1D7F 3B55EC cmp edx, dword ptr [ebp-14]
:004C1D82 754B jne 004C1DCF 改 ---> 74
:004C1D84 3B45E8 cmp eax, dword ptr [ebp-18]
:004C1D87 7546 jne 004C1DCF 改 ---> 74
:004C1D89 8B837C050000 mov eax, dword ptr [ebx+0000057C]
:004C1D8F E8F82DFEFF call 004A4B8C
:004C1D94 6A00 push 00000000
:004C1D96 668B0D601E4C00 mov cx, word ptr [004C1E60]
:004C1D9D B202 mov dl, 02
* Possible StringData Ref from Code Obj ->"软件登记注册成功!"
|
:004C1D9F B86C1E4C00 mov eax, 004C1E6C
:004C1DA4 E88F56F9FF call 00457438
:004C1DA9 33D2 xor edx, edx
:004C1DAB 8B83BC030000 mov eax, dword ptr [ebx+000003BC]
:004C1DB1 E87AD8F7FF call 0043F630
:004C1DB6 A1DCE14D00 mov eax, dword ptr [004DE1DC]
:004C1DBB 8B00 mov eax, dword ptr [eax]
:004C1DBD 8B80E0020000 mov eax, dword ptr [eax+000002E0]
* Possible StringData Ref from Code Obj ->"已注册版本"
|
:004C1DC3 BA881E4C00 mov edx, 004C1E88
:004C1DC8 E847D1F6FF call 0042EF14
:004C1DCD EB15 jmp 004C1DE4
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004C1D82(C), :004C1D87(C)
|
:004C1DCF 6A00 push 00000000
:004C1DD1 668B0D601E4C00 mov cx, word ptr [004C1E60]
:004C1DD8 B201 mov dl, 01
* Possible StringData Ref from Code Obj ->"软件注册号错误!"
|
:004C1DDA B89C1E4C00 mov eax, 004C1E9C
:004C1DDF E85456F9FF call 00457438
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004C1D1C(C), :004C1DCD(U)
|
===============================================================================
下面这段应该是限制功能的.....但是爆了很多个地方就是不能爆破...
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C1E07(U)
|
:004C1DF1 8D45D4 lea eax, dword ptr [ebp-2C]
:004C1DF4 E81F1EF4FF call 00403C18
:004C1DF9 8D45F4 lea eax, dword ptr [ebp-0C]
:004C1DFC E8171EF4FF call 00403C18
:004C1E01 C3 ret
:004C1E02 E92518F4FF jmp 0040362C
:004C1E07 EBE8 jmp 004C1DF1
:004C1E09 5B pop ebx
:004C1E0A 8BE5 mov esp, ebp
:004C1E0C 5D pop ebp
:004C1E0D C3 ret
:004C1E0E 0000 BYTE 2 DUP(0)
:004C1E10 FFFFFFFF BYTE 4 DUP(0ffh)
:004C1E14 0800 or byte ptr [eax], al
:004C1E16 0000 add byte ptr [eax], al
:004C1E18 3030 xor byte ptr [eax], dh
:004C1E1A 3030 xor byte ptr [eax], dh
:004C1E1C 3030 xor byte ptr [eax], dh
:004C1E1E 3030 xor byte ptr [eax], dh
:004C1E20 00000000 BYTE 4 DUP(0)
:004C1E24 FFFFFFFF BYTE 4 DUP(0ffh)
:004C1E28 1C00 sbb al, 00
:004C1E2A 0000 add byte ptr [eax], al
:004C1E2C C7EBCAE4C8EB mov ebx, EBC8E4CA
:004C1E32 C4FA les edi, edx
:004C1E34 B5C4 mov ch, C4
:004C1E36 C8EDBCFE enter BCED, FE
:004C1E3A D7 xlat
:004C1E3B A2B2E1C2EB mov byte ptr [EBC2E1B2], al
:004C1E40 2020 and byte ptr [eax], ah
:004C1E42 2020 and byte ptr [eax], ah
:004C1E44 2020 and byte ptr [eax], ah
:004C1E46 2020 and byte ptr [eax], ah
:004C1E48 00000000 BYTE 4 DUP(0)
:004C1E4C FFFFFFFF BYTE 4 DUP(0ffh)
:004C1E50 0800 or byte ptr [eax], al
:004C1E52 0000 add byte ptr [eax], al
:004C1E54 B5C7 mov ch, C7
:004C1E56 BCC7D7A2B2 mov esp, B2A2D7C7
:004C1E5B E100 loopz 004C1E5D
:004C1E5D 000000 BYTE 3 DUP(0)
:004C1E60 0400 add al, 00
:004C1E62 0000 add byte ptr [eax], al
:004C1E64 FFFFFFFF BYTE 4 DUP(0ffh)
:004C1E68 1100 adc dword ptr [eax], eax
:004C1E6A 0000 add byte ptr [eax], al
:004C1E6C C8EDBCFE enter BCED, FE
:004C1E70 B5C7 mov ch, C7
:004C1E72 BCC7D7A2B2 mov esp, B2A2D7C7
:004C1E77 E1B3 loopz 004C1E2C
:004C1E79 C9 leave
:004C1E7A B9A6210000 mov ecx, 000021A6
:004C1E7F 00FF add bh, bh
:004C1E81 FFFFFF BYTE 3 DUP(0ffh)
:004C1E84 0A00 or al, byte ptr [eax]
:004C1E86 0000 add byte ptr [eax], al
:004C1E88 D2D1 rcl cl, cl
:004C1E8A D7 xlat
:004C1E8B A2B2E1B0E6 mov byte ptr [E6B0E1B2], al
:004C1E90 B1BE mov cl, BE
:004C1E92 0000 add byte ptr [eax], al
:004C1E94 FFFFFFFF BYTE 4 DUP(0ffh)
:004C1E98 0F0000 sldt dword ptr [eax]
:004C1E9B 00C8 add al, cl
:004C1E9D ED in ax, dx
:004C1E9E BCFED7A2B2 mov esp, B2A2D7FE
:004C1EA3 E1BA loopz 004C1E5F
:004C1EA5 C5B4EDCEF32100 lds esi, dword ptr [ebp+8*ebp+0021F3CE]
:004C1EAC 6A00 push 00000000
:004C1EAE 668B0DC41E4C00 mov cx, word ptr [004C1EC4]
:004C1EB5 B202 mov dl, 02
* Possible StringData Ref from Code Obj ->"付费注册用户才能保存电邮"
|
:004C1EB7 B8D01E4C00 mov eax, 004C1ED0
:004C1EBC E87755F9FF call 00457438
:004C1EC1 C3 ret
:004C1EC2 0000 BYTE 2 DUP(0)
:004C1EC4 0400 add al, 00
:004C1EC6 0000 add byte ptr [eax], al
:004C1EC8 FFFFFFFF BYTE 4 DUP(0ffh)
:004C1ECC 1800 sbb byte ptr [eax], al
:004C1ECE 0000 add byte ptr [eax], al
:004C1ED0 B8B6B7D1D7 mov eax, D7D1B7B6
:004C1ED5 A2B2E1D3C3 mov byte ptr [C3D3E1B2], al
:004C1EDA BBA7B2C5C4 mov ebx, C4C5B2A7
:004C1EDF DCB1A3B4E6B5 fdiv qword ptr [ecx+B5E6B4A3]
:004C1EE5 E7D3 out D3, ax
:004C1EE7 CA0000 retf 0000
:004C1EEA 0000 BYTE 2 DUP(0)
:004C1EEC 55 push ebp
:004C1EED 8BEC mov ebp, esp
:004C1EEF B909000000 mov ecx, 00000009
还望高手指点...
小弟也是刚刚学破解的........
附件为已脱壳的文件......
已脱壳文件
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课