【破解作者】 xcs
【作者邮箱】 [email]xcs2356@126.com[/email]
【作者主页】
http://xcs2356.52z.com
【使用工具】 W32DASM,Hex workshop 4.1
【破解平台】 Win9x
【软件名称】 eXeScope.EXE
【软件简介】 都知道是汉化利器,没注册前只能汉化一次!
【软件大小】 982k
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
运行程序,注册出现“Invalid ID or Name”的错误信息
反编译程序,参考字符串“Invalid ID or Name”双击来到:004C221E
向上仔细看,发现有两处跳转,即:
:004C2186(C), :004C219A(C)
按次地址来到下面的代码处:
:004C213A 8D55FC lea edx, dword ptr [ebp-04]
:004C213D 8B83F8020000 mov eax, dword ptr [ebx+000002F8]
:004C2143 E82C02FBFF call 00472374
:004C2148 8B55FC mov edx, dword ptr [ebp-04]
:004C214B A1C4EE4C00 mov eax, dword ptr [004CEEC4]
:004C2150 E88F28F4FF call 004049E4
:004C2155 8D55F8 lea edx, dword ptr [ebp-08]
:004C2158 8B83FC020000 mov eax, dword ptr [ebx+000002FC]
:004C215E E81102FBFF call 00472374
:004C2163 8B55F8 mov edx, dword ptr [ebp-08]
:004C2166 A128EE4C00 mov eax, dword ptr [004CEE28]
:004C216B E87428F4FF call 004049E4
:004C2170 8B1528EE4C00 mov edx, dword ptr [004CEE28]
:004C2176 8B12 mov edx, dword ptr [edx]
:004C2178 A130EC4C00 mov eax, dword ptr [004CEC30]
:004C217D 8B00 mov eax, dword ptr [eax]
:004C217F E82C8F0000 call 004CB0B0
:004C2184 84C0 test al, al =>关键测试
:004C2186 0F848D000000 je 004C2219 =>关键跳转,跳则死;(修改84为85:JE->JNE
:004C218C A1C4EE4C00 mov eax, dword ptr [004CEEC4]
:004C2191 8B00 mov eax, dword ptr [eax]
:004C2193 E8B82AF4FF call 00404C50
:004C2198 85C0 test eax, eax =>关键测试
:004C219A 7E7D jle 004C2219 =>关键跳转,跳也死;修改7E为7C:JLE->JL
:004C219C 8D55F0 lea edx, dword ptr [ebp-10]
:004C219F A1D8EE4C00 mov eax, dword ptr [004CEED8]
:004C21A4 8B00 mov eax, dword ptr [eax]
:004C21A6 E8B904FDFF call 00492664
:004C21AB 8B45F0 mov eax, dword ptr [ebp-10]
:004C21AE 8D4DF4 lea ecx, dword ptr [ebp-0C]
* Possible StringData Ref from Code Obj ->".ini"
|
:004C21B1 BA78224C00 mov edx, 004C2278
:004C21B6 E85D79F4FF call 00409B18
:004C21BB 8B4DF4 mov ecx, dword ptr [ebp-0C]
:004C21BE B201 mov dl, 01
:004C21C0 A124BE4300 mov eax, dword ptr [0043BE24]
:004C21C5 E80A9DF7FF call 0043BED4
:004C21CA 8BF0 mov esi, eax
:004C21CC A1C4EE4C00 mov eax, dword ptr [004CEEC4]
:004C21D1 8B00 mov eax, dword ptr [eax]
:004C21D3 50 push eax
* Possible StringData Ref from Code Obj ->"Name"
|
:004C21D4 B988224C00 mov ecx, 004C2288
* Possible StringData Ref from Code Obj ->"Reg"
|
:004C21D9 BA98224C00 mov edx, 004C2298
:004C21DE 8BC6 mov eax, esi
:004C21E0 8B38 mov edi, dword ptr [eax]
:004C21E2 FF5704 call [edi+04]
:004C21E5 A128EE4C00 mov eax, dword ptr [004CEE28]
:004C21EA 8B00 mov eax, dword ptr [eax]
:004C21EC 50 push eax
* Possible StringData Ref from Code Obj ->"Reg"
|
:004C21ED BA98224C00 mov edx, 004C2298
:004C21F2 B9A4224C00 mov ecx, 004C22A4
:004C21F7 8BC6 mov eax, esi
:004C21F9 8B38 mov edi, dword ptr [eax]
:004C21FB FF5704 call [edi+04]
:004C21FE 8BC6 mov eax, esi
:004C2200 E8DB19F4FF call 00403BE0
:004C2205 A138EC4C00 mov eax, dword ptr [004CEC38]
:004C220A C60001 mov byte ptr [eax], 01
:004C220D C7834C02000001000000 mov dword ptr [ebx+0000024C], 00000001
:004C2217 EB20 jmp 004C2239
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004C2186(C), :004C219A(C)
|
:004C2219 6A00 push 00000000
:004C221B 8D55EC lea edx, dword ptr [ebp-14]
* Possible StringData Ref from Code Obj ->"Invalid ID or Name;??ID??????????"
|
:004C221E B8B0224C00 mov eax, 004C22B0
:004C2223 E8280C0000 call 004C2E50
:004C2228 8B45EC mov eax, dword ptr [ebp-14]
:004C222B 668B0DE0224C00 mov cx, word ptr [004C22E0]
:004C2232 B201 mov dl, 01
:004C2234 E86754F7FF call 004376A0
用Hex workshop 4.1编辑修改程序,存盘退出,一切OK!
运行程序,即可输入任意姓名和ID。
后记:
次程序注册后在程序所在的目录下生成文件EXESCOPE.ini
内容为:
[Reg]
Name=XCS
ID=12345678
[Window]
Left=0
Top=0
Width=700
Height=440
[DlgWin]
Left=0
Top=0
每次启动时读出注册信息来判断是否为注册版!
于2004.5.12
--------------------------------------------------------------------------------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
转了一圈,发现精华区已有了注册机了,汗颜那!
[峰会]看雪.第八届安全开发者峰会10月23日上海龙之梦大酒店举办!
