能力值:
( LV2,RANK:10 )
|
-
-
2 楼
怎么没有反应啊?
可以提示一下,
里面的注册码判断是在脚本里面实现的,
虽然脚本比较短,但是是经过加密的。
除非是把注册码计算方法找出来,
修改EXE是不行的。
程序是delphi写的。
|
能力值:
( LV6,RANK:90 )
|
-
-
3 楼
http://www.remobjects.com/page.asp?id={9A30A672-62C8-4131-BA89-EEBBE7E302E6}
这个是该软件所用到的脚本引擎。
可能你使用下对你的CRACK会有帮助
|
能力值:
( LV6,RANK:90 )
|
-
-
5 楼
0050B920 /$ 55 PUSH EBP
0050B921 |. 8BEC MOV EBP,ESP
0050B923 |. 6A 00 PUSH 0
0050B925 |. 6A 00 PUSH 0
0050B927 |. 6A 00 PUSH 0
0050B929 |. 6A 00 PUSH 0
0050B92B |. 6A 00 PUSH 0
0050B92D |. 6A 00 PUSH 0
0050B92F |. 6A 00 PUSH 0
0050B931 |. 53 PUSH EBX
0050B932 |. 884D F7 MOV BYTE PTR SS:[EBP-9],CL
0050B935 |. 8955 F8 MOV DWORD PTR SS:[EBP-8],EDX //edx指向脚本语句,你可以在这边修改脚本语句,脚本语句为EDX=00A2DBB8, (ASCII "program T;begin if(value = '3'+ name + rv(name) + '9') then cbk(); end.")改成program T;begin if(value <> '3'+ name + rv(name) + '9') then cbk(); end.就能爆破了
0050B938 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0050B93B |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0050B93E |. E8 0592EFFF CALL CrakeMe.00404B48
0050B943 |. 33C0 XOR EAX,EAX
0050B945 |. 55 PUSH EBP
0050B946 |. 68 80BA5000 PUSH CrakeMe.0050BA80
0050B94B |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0050B94E |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0050B951 |. 33DB XOR EBX,EBX
0050B953 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050B956 |. 8B40 30 MOV EAX,DWORD PTR DS:[EAX+30]
0050B959 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
0050B95B |. FF52 44 CALL DWORD PTR DS:[EDX+44]
0050B95E |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050B961 |. 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
0050B964 |. 8B40 54 MOV EAX,DWORD PTR DS:[EAX+54]
0050B967 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0050B96A |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
0050B96C |. FF51 2C CALL DWORD PTR DS:[ECX+2C]
0050B96F |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050B972 |. 8B40 30 MOV EAX,DWORD PTR DS:[EAX+30]
0050B975 |. BA 98BA5000 MOV EDX,CrakeMe.0050BA98 ; compiling
0050B97A |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
0050B97C |. FF51 38 CALL DWORD PTR DS:[ECX+38]
0050B97F |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050B982 |. 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
0050B985 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
0050B987 |. FF52 3C CALL DWORD PTR DS:[EDX+3C]
0050B98A |. 84C0 TEST AL,AL
0050B98C |. 0F84 B4000000 JE CrakeMe.0050BA46
0050B992 |. 55 PUSH EBP
0050B993 |. E8 B4FEFFFF CALL CrakeMe.0050B84C
0050B998 |. 59 POP ECX
0050B999 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050B99C |. 8B40 30 MOV EAX,DWORD PTR DS:[EAX+30]
0050B99F |. BA ACBA5000 MOV EDX,CrakeMe.0050BAAC ; compiled succesfully
0050B9A4 |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
0050B9A6 |. FF51 38 CALL DWORD PTR DS:[ECX+38]
0050B9A9 |. B3 01 MOV BL,1
0050B9AB |. 807D F7 00 CMP BYTE PTR SS:[EBP-9],0
0050B9AF |. 0F84 A8000000 JE CrakeMe.0050BA5D
0050B9B5 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050B9B8 |. 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
0050B9BB |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
0050B9BD |. FF52 40 CALL DWORD PTR DS:[EDX+40]
0050B9C0 |. 84C0 TEST AL,AL
0050B9C2 |. 75 6E JNZ SHORT CrakeMe.0050BA32
0050B9C4 |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
0050B9C7 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050B9CA |. 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
0050B9CD |. E8 9AB0FAFF CALL CrakeMe.004B6A6C
0050B9D2 |. FF75 EC PUSH DWORD PTR SS:[EBP-14]
0050B9D5 |. 68 CCBA5000 PUSH CrakeMe.0050BACC ; at
0050B9DA |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050B9DD |. 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
0050B9E0 |. E8 7FB0FAFF CALL CrakeMe.004B6A64
0050B9E5 |. 33D2 XOR EDX,EDX
0050B9E7 |. 52 PUSH EDX ; /Arg2 => 00000000
0050B9E8 |. 50 PUSH EAX ; |Arg1
0050B9E9 |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18] ; |
0050B9EC |. E8 BFD8EFFF CALL CrakeMe.004092B0 ; \CrakeMe.004092B0
0050B9F1 |. FF75 E8 PUSH DWORD PTR SS:[EBP-18]
0050B9F4 |. 68 DCBA5000 PUSH CrakeMe.0050BADC ; .
0050B9F9 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050B9FC |. 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
0050B9FF |. E8 58B0FAFF CALL CrakeMe.004B6A5C
0050BA04 |. 33D2 XOR EDX,EDX
0050BA06 |. 52 PUSH EDX ; /Arg2 => 00000000
0050BA07 |. 50 PUSH EAX ; |Arg1
0050BA08 |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C] ; |
0050BA0B |. E8 A0D8EFFF CALL CrakeMe.004092B0 ; \CrakeMe.004092B0
0050BA10 |. FF75 E4 PUSH DWORD PTR SS:[EBP-1C]
0050BA13 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0050BA16 |. BA 05000000 MOV EDX,5
0050BA1B |. E8 F88FEFFF CALL CrakeMe.00404A18
0050BA20 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0050BA23 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050BA26 |. 8B40 30 MOV EAX,DWORD PTR DS:[EAX+30]
0050BA29 |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
0050BA2B |. FF51 38 CALL DWORD PTR DS:[ECX+38]
0050BA2E |. 33DB XOR EBX,EBX
0050BA30 |. EB 2B JMP SHORT CrakeMe.0050BA5D
0050BA32 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050BA35 |. 8B40 30 MOV EAX,DWORD PTR DS:[EAX+30]
0050BA38 |. BA E8BA5000 MOV EDX,CrakeMe.0050BAE8 ; succesfully executed
0050BA3D |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
0050BA3F |. FF51 38 CALL DWORD PTR DS:[ECX+38]
0050BA42 |. B3 01 MOV BL,1
0050BA44 |. EB 17 JMP SHORT CrakeMe.0050BA5D
0050BA46 |> 55 PUSH EBP
0050BA47 |. E8 00FEFFFF CALL CrakeMe.0050B84C
0050BA4C |. 59 POP ECX
0050BA4D |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0050BA50 |. 8B40 30 MOV EAX,DWORD PTR DS:[EAX+30]
0050BA53 |. BA 08BB5000 MOV EDX,CrakeMe.0050BB08 ; compiling failed
0050BA58 |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
0050BA5A |. FF51 38 CALL DWORD PTR DS:[ECX+38]
0050BA5D |> 33C0 XOR EAX,EAX
0050BA5F |. 5A POP EDX
0050BA60 |. 59 POP ECX
0050BA61 |. 59 POP ECX
0050BA62 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0050BA65 |. 68 87BA5000 PUSH CrakeMe.0050BA87
0050BA6A |> 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
0050BA6D |. BA 04000000 MOV EDX,4
0050BA72 |. E8 358CEFFF CALL CrakeMe.004046AC
0050BA77 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0050BA7A |. E8 098CEFFF CALL CrakeMe.00404688
0050BA7F \. C3 RETN
这段就是开始编译脚本及运行脚本。你可以从中找出脚本。把=修改为<>就能爆破。
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
最初由 pathletboy 发布
http://www.remobjects.com/page.asp?id={9A30A672-62C8-4131-BA89-EEBBE7E302E6}
这个是该软件所用到的脚本引擎。
可能你使用下对你的CRACK会有帮助
PFPF。请问你是怎么知道程序用的是这个脚本引擎?
另外,如何做才能让这个程序更难以破解?
我现在也没什么好的想法,虽然用脚本可以阻止修改
EXE程序,但是算法还是有可能被找到。
|
能力值:
( LV12,RANK:410 )
|
-
-
14 楼
最初由 pathletboy 发布
这个脚本引擎是一个delphi第3方控件。你安装完控件后可以看他的sample.很简单看一遍就会用。
我知道是delphi第3方,我也安装好了,就是不知道怎么用?Sample看不明.. 
|
