【破文作者】 WisdomBird
【文章题目】 TurboLaunch 版 本 5.0.8
【下载地址】 http://www4.skycn.com/soft/5477.html
【破解工具】 PEiD, OllyDbg ,W32dsm8.93
【破解难度】 菜鸟级别
【破解平台】 Win2000 Sp4
【破解声明】 我是小菜鸟,第一次爆破软件,偶得一点心得,愿与大家分享
软件介绍:
TurboLaunch 是一个完全可以定制的工具软件导航器。你可以通过它点击一下即可运行你最常用的工具软件。使用方便,界面简单,支持分类管理!你再也不必为程序太多找不到而发愁了!是每个Windows用户必不可少的工具。
【破解过程】
用PEiD检测显示 Borland Delphi 6.0 - 7.0无壳。
运行软件,在输入试验码后,显示错误提示:
The Registration Name and Code you entered are not correct. You must type your Name and Code EXACTLY as it appears on your registration acknowledgement. Please try again.
打开W32dsm8.93,查找字符串,找到错误提示,该地址为004DD2AC
打开OD,在004DD2AC处下段,F9运行,结果中断在:
004DD2A5 |> \6A 40 push 40
004DD2A7 |. B9 B4D34D00 mov ecx,TurboLau.004DD3B4 ; ASCII "TurboLaunch"
004DD2AC |. BA C0D34D00 mov edx,TurboLau.004DD3C0 ; ASCII "The Registration Name and Code you entered are not correct. You must type your Name and Code EXACTLY as it appears on your registration acknowledgement. Please try again." 中断在这!
我们向上找!一直到 004DD1D8处
004DD1D8 |. E8 130E0100 call TurboLau.004EDFF0 ;算法入口
004DD1DD |. 84C0 test al,al ;测试
004DD1DF 0F84 C0000000 je TurboLau.004DD2A5 ;爆破点
;如果相等就跳到004DD2A5
004DD1E5 |. 33D2 xor edx,edx
004DD1E7 |. 8B83 00030000 mov eax,dword ptr ds:[ebx+300]
004DD1ED |. E8 D2BBF5FF call TurboLau.00438DC4
004DD1F2 |. B2 01 mov dl,1
004DD1F4 |. 8B83 14030000 mov eax,dword ptr ds:[ebx+314]
004DD1FA |. 8B08 mov ecx,dword ptr ds:[eax]
004DD1FC |. FF51 64 call dword ptr ds:[ecx+64]
004DD1FF |. 33D2 xor edx,edx
004DD201 |. 8B83 04030000 mov eax,dword ptr ds:[ebx+304]
004DD207 |. E8 D493F8FF call TurboLau.004665E0
004DD20C |. A1 1C734F00 mov eax,dword ptr ds:[4F731C]
004DD211 |. 8338 00 cmp dword ptr ds:[eax],0
004DD214 |. 74 2F je short TurboLau.004DD245
004DD216 |. A1 D4744F00 mov eax,dword ptr ds:[4F74D4]
004DD21B |. 8B00 mov eax,dword ptr ds:[eax]
004DD21D |. 8B88 64010000 mov ecx,dword ptr ds:[eax+164]
004DD223 |. 8D45 F4 lea eax,[local.3]
004DD226 |. BA 00D34D00 mov edx,TurboLau.004DD300 ; ASCII "REGISTERED TO: "
004DD22B |. E8 F07BF2FF call TurboLau.00404E20
004DD230 |. 8B55 F4 mov edx,[local.3]
004DD233 |. A1 1C734F00 mov eax,dword ptr ds:[4F731C]
004DD238 |. 8B00 mov eax,dword ptr ds:[eax]
004DD23A |. 8B80 10030000 mov eax,dword ptr ds:[eax+310]
004DD240 |. E8 AB94F8FF call TurboLau.004666F0
004DD245 |> 6A 40 push 40
004DD247 |. 68 18D34D00 push TurboLau.004DD318 ; ASCII "Thank you for registering! Be sure to check out our web site for updated versions of TurboLaunch and other programs written by "
004DD24C |. 8D45 EC lea eax,[local.5]
004DD24F |. E8 2C04FEFF call TurboLau.004BD680
004DD254 |. FF75 EC push [local.5]
004DD257 |. 68 A4D34D00 push TurboLau.004DD3A4
004DD25C |. 68 B0D34D00 push TurboLau.004DD3B0 ; ASCII "
"
004DD261 |. 68 B0D34D00 push TurboLau.004DD3B0 ; ASCII "
"
004DD266 |. 8D45 E8 lea eax,[local.6]
004DD269 |. E8 7604FEFF call TurboLau.004BD6E4
004DD26E |. FF75 E8 push [local.6]
004DD271 |. 8D45 F0 lea eax,[local.4]
004DD274 |. BA 06000000 mov edx,6
004DD279 |. E8 167CF2FF call TurboLau.00404E94
004DD27E |. 8B45 F0 mov eax,[local.4]
004DD281 |. E8 4E7DF2FF call TurboLau.00404FD4
004DD286 |. 8BD0 mov edx,eax
004DD288 |. B9 B4D34D00 mov ecx,TurboLau.004DD3B4 ; ASCII "TurboLaunch"
004DD28D |. A1 BC734F00 mov eax,dword ptr ds:[4F73BC]
004DD292 |. 8B00 mov eax,dword ptr ds:[eax]
004DD294 |. E8 7F9FFAFF call TurboLau.00487218
004DD299 |. C783 4C020000 0100>mov dword ptr ds:[ebx+24C],1
004DD2A3 |. EB 18 jmp short TurboLau.004DD2BD
004DD2A5 |> 6A 40 push 40
004DD2A7 |. B9 B4D34D00 mov ecx,TurboLau.004DD3B4 ; ASCII "TurboLaunch"
004DD2AC |. BA C0D34D00 mov edx,TurboLau.004DD3C0 ; ASCII "The Registration Name and Code you entered are not correct. You must type your Name and Code EXACTLY as it appears on your registration acknowledgement. Please try again."
004DD2B1 |. A1 BC734F00 mov eax,dword ptr ds:[4F73BC]
004DD2B6 |. 8B00 mov eax,dword ptr ds:[eax]
004DD2B8 |. E8 5B9FFAFF call TurboLau.00487218
【最后总结】:这就是我的第一次破解,我还要不段的学习!才能进步!
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
