-
-
[旧帖] [原创] 亲自破解的Visual ModFlow中文版4.1 0.00雪花
-
发表于: 2009-7-9 17:23
-
http://www.cnblogs.com/yuanbao/archive/2009/07/09/1520010.html
1、软件简介
WHI Visual MODFLOW 是3D地下水流及杂质传递模型软件,包括MODFLOW-2000, MODPATH, MT3DMS and RT3D等模拟。 Visual MODFLOW Pro及标准的Visual MODFLOW软件可与 WinPEST和Visual MODFLOW 3D- Explorer无缝结合,提供最完全,最强大的地下水图形模拟环境
2、版本
网上的版本很多,大都是英文版,能用是破解的Visual MODFLOW 4.2.0.151破解版。网上能找到的是中文本是4.1的,是北京水淼国际科技有限公司(北水国际)于2007年携手加拿大Waterloo水文地质公司对Visual ModFlow进行的深度汉化,并推出Visual ModFlow中文版,这个版本仍需要软件狗的。
3、 破解笔记
为了帮一朋友,他想要用中文版的MODFLOW,经过摸索,终于搞定。以下是ollydbg的破解笔记,希望对有志之士有所帮助
Code
1 1.2.
2 008607E8 . /90088600 dd vmod.00860890
3 008607EC . |4C 49 43 45 4E 53 45>ascii "LICENSE *",0
4 008607F6 |90 nop
5 008607F7 |90 nop
6 008607F8 $ |55 push ebp
7 008607F9 . |8BEC mov ebp, esp
8 008607FB . |51 push ecx
9 008607FC . |833D 24871C01 00 cmp dword ptr [11C8724], 0
10 00860803 . |75 45 jnz short 0086084A ; 关键点1,Inc改跳到关键点2,
11 00860805 . |C705 448B1C01 FFFFFF>mov dword ptr [11C8B44], -1
12 0086080F . |C745 FC 01000000 mov dword ptr [ebp-4], 1
13 00860816 > |FF75 FC push dword ptr [ebp-4]
14 00860819 . |E8 86D11B00 call 00A1D9A4
15 0086081E . |59 pop ecx
16 0086081F . |3D ECD8FFFF cmp eax, -2714
17 00860824 . |74 13 je short 00860839
18 00860826 . |8B4D FC mov ecx, dword ptr [ebp-4]
19 00860829 . |49 dec ecx
20 0086082A . |B8 01000000 mov eax, 1
21 0086082F . |D3E0 shl eax, cl
22 00860831 . |F7D0 not eax
23 00860833 . |2105 448B1C01 and dword ptr [11C8B44], eax
24 00860839 > |FF45 FC inc dword ptr [ebp-4]
25 0086083C . |837D FC 18 cmp dword ptr [ebp-4], 18
26 00860840 .^|7E D4 jle short 00860816
27 00860842 . |FF05 24871C01 inc dword ptr [11C8724]
28 00860848 . |EB 14 jmp short 0086085E ; 关键点2,长度:36,到 retn ,原为 mov ecx, 0A
29 0086084A > |C705 408B1C01 337D00>mov dword ptr [11C8B40], 40007D33
30 00860854 |C7 db C7
31 00860855 |05 db 05
32 00860856 |44 db 44 ; CHAR 'D'
33 00860857 . |8B1C01FF dd FF011C8B
34 0086085B |FF db FF
35 0086085C . |FFFFA140 dd 40A1FFFF
36 00860860 |8B db 8B
37 00860861 |1C db 1C
38 00860862 . |01230544 dd 44052301
39 000860866 . 8B1C01 mov ebx, dword ptr [ecx+eax]
40 00860869 . 59 pop ecx
41 0086086A . 5D pop ebp
42 0086086B . C3 retn
43
44 关键点2原为:
45 00860848 |. B9 0A000000 mov ecx, 0A
46 0086084D |. A1 24871C01 mov eax, dword ptr [11C8724]
47 00860852 |. 99 cdq
48 00860853 |. F7F9 idiv ecx
49 00860855 |. 8915 24871C01 mov dword ptr [11C8724], edx
50 0086085B |. A1 408B1C01 mov eax, dword ptr [11C8B40]
51 00860860 |. 2305 448B1C01 and eax, dword ptr [11C8B44]
52 00860866 |. 59 pop ecx
53 00860867 |. 5D pop ebp
54 00860868 \. C3 retn
55
56
57
58 3.
59 00A1D9BF 90 nop
60 00A1D9C0 $ 55 push ebp
61 00A1D9C1 . 8BEC mov ebp, esp
62 00A1D9C3 . 51 push ecx
63 00A1D9C4 . 33C0 xor eax, eax
64 00A1D9C6 . 8945 FC mov dword ptr [ebp-4], eax
65 00A1D9C9 . E8 8EAB6D00 call <jmp.&VMOD.#77>
66
67 00A1D9CE C7 db C7 ; 关键点3,长度:16,直到nop
68 00A1D9CF . 05BC8B23 dd 238BBC05
69 00A1D9D3 01 db 01
70 00A1D9D4 . 05 00000090 add eax, 90000000
71 00A1D9D9 . 90 nop
72 00A1D9DA . 90 nop
73 00A1D9DB . 90 nop
74 00A1D9DC . 90 nop
75
76 00A1D9DD . EB 07 jmp short 00A1D9E6 ; 关键点3关键点, jnz --> jmp
77 00A1D9DF . 33D2 xor edx, edx
78 00A1D9E1 . 8955 FC mov dword ptr [ebp-4], edx
79 00A1D9E4 . EB 09 jmp short 00A1D9EF
80 00A1D9E6 > 8B0D BC8B2301 mov ecx, dword ptr [1238BBC]
81 00A1D9EC . 894D FC mov dword ptr [ebp-4], ecx
82 00A1D9EF > 8B45 FC mov eax, dword ptr [ebp-4]
83 00A1D9F2 . 59 pop ecx
84 00A1D9F3 . 5D pop ebp
85 00A1D9F4 . C3 retn
86
87 原来为:
88 00A1D9C9 |. E8 8EAB6D00 call <jmp.&VMOD.#77>
89 00A1D9CE |. A3 BC8B2301 mov dword ptr [1238BBC], eax
90 00A1D9D3 |. 813D BC8B2301>cmp dword ptr [1238BBC], -3EA
91 00A1D9DD |. 75 07 jnz short 00A1D9E6
92
93
94 4.
95 00A95EDD . BA 46652501 mov edx, 01256546 ; ASCII "SP_error:%d"
96 00A95EE2 . 8D45 FC lea eax, dword ptr [ebp-4]
97 00A95EE5 . E8 C2936400 call 010DF2AC
98 00A95EEA . FF45 E4 inc dword ptr [ebp-1C]
99 00A95EED . 8B00 mov eax, dword ptr [eax]
100 00A95EEF . 8B55 C4 mov edx, dword ptr [ebp-3C]
101 00A95EF2 . 8955 AC mov dword ptr [ebp-54], edx
102 00A95EF5 . 8B4D AC mov ecx, dword ptr [ebp-54]
103 00A95EF8 . 894D A4 mov dword ptr [ebp-5C], ecx
104 00A95EFB . C645 A8 00 mov byte ptr [ebp-58], 0
105 00A95EFF . C745 A0 01000000 mov dword ptr [ebp-60], 1
106 00A95F06 . 8B4D A0 mov ecx, dword ptr [ebp-60]
107 00A95F09 . 49 dec ecx
108 00A95F0A . 5A pop edx
109 00A95F0B . E8 90F16500 call <jmp.&VCL50.Sysutils::Format>
110 00A95F10 . 837D F0 00 cmp dword ptr [ebp-10], 0
111 00A95F14 . 74 05 je short 00A95F1B
112 00A95F16 . 8B45 F0 mov eax, dword ptr [ebp-10]
113 00A95F19 . EB 05 jmp short 00A95F20
114 00A95F1B > B8 61652501 mov eax, 01256561
115 00A95F20 > 50 push eax
116 00A95F21 . E8 A6D84000 call 00EA37CC
117 00A95F26 . 83C4 14 add esp, 14
118 00A95F29 . FF4D E4 dec dword ptr [ebp-1C]
119 00A95F2C . 8D45 F0 lea eax, dword ptr [ebp-10]
120 00A95F2F . BA 02000000 mov edx, 2
121 00A95F34 . E8 83966400 call 010DF5BC
122 00A95F39 . FF4D E4 dec dword ptr [ebp-1C]
123 00A95F3C . FF75 F4 push dword ptr [ebp-C]
124 00A95F3F . E8 04FD6100 call 010B5C48
125 00A95F44 . 59 pop ecx
126 00A95F45 . FF4D E4 dec dword ptr [ebp-1C]
127 00A95F48 . 8D45 FC lea eax, dword ptr [ebp-4]
128 00A95F4B . BA 02000000 mov edx, 2
129 00A95F50 . E8 67966400 call 010DF5BC
130 00A95F55 . 817D C4 16FCFFFF cmp dword ptr [ebp-3C], -3EA
131 00A95F5C . EB 54 jmp short 00A95FB2 ; 关键点4, JNZ --> JMP
132 00A95F5E . 6A 00 push 0
133 00A95F60 . 66:C745 D8 2000 mov word ptr [ebp-28], 20
134 00A95F66 . 68 AD170000 push 17AD
135 00A95F6B . E8 E0525B00 call 0104B250
136 00A95F70 . 59 pop ecx
137 00A95F71 . 8BD0 mov edx, eax
138 00A95F73 . 8D45 EC lea eax, dword ptr [ebp-14]
139 00A95F76 . E8 31936400 call 010DF2AC
140 00A95F7B . FF45 E4 inc dword ptr [ebp-1C]
141 00A95F7E . FF30 push dword ptr [eax]
142 00A95F80 . 6A 02 push 2
143 00A95F82 . 6A 00 push 0
144 00A95F84 . 8D4D 9E lea ecx, dword ptr [ebp-62]
145 00A95F87 . 51 push ecx
146 00A95F88 . E8 B3456300 call 010CA540
147 00A95F8D . 83C4 0C add esp, 0C
148 00A95F90 . 804D 9E 04 or byte ptr [ebp-62], 4
149 00A95F94 . 8D45 9E lea eax, dword ptr [ebp-62]
150 00A95F97 . 66:8B08 mov cx, word ptr [eax]
151 00A95F9A . B2 01 mov dl, 1
152 00A95F9C . 58 pop eax
153 00A95F9D . E8 C60A6600 call <jmp.&VCL50.Dialogs::MessageDlg>
154
155
4、实例快照
以下是实际运行效果
http://www.cnblogs.com/yuanbao/archive/2009/07/09/1520010.html
1、软件简介
WHI Visual MODFLOW 是3D地下水流及杂质传递模型软件,包括MODFLOW-2000, MODPATH, MT3DMS and RT3D等模拟。 Visual MODFLOW Pro及标准的Visual MODFLOW软件可与 WinPEST和Visual MODFLOW 3D- Explorer无缝结合,提供最完全,最强大的地下水图形模拟环境
2、版本
网上的版本很多,大都是英文版,能用是破解的Visual MODFLOW 4.2.0.151破解版。网上能找到的是中文本是4.1的,是北京水淼国际科技有限公司(北水国际)于2007年携手加拿大Waterloo水文地质公司对Visual ModFlow进行的深度汉化,并推出Visual ModFlow中文版,这个版本仍需要软件狗的。
3、 破解笔记
为了帮一朋友,他想要用中文版的MODFLOW,经过摸索,终于搞定。以下是ollydbg的破解笔记,希望对有志之士有所帮助
Code
1 1.2.
2 008607E8 . /90088600 dd vmod.00860890
3 008607EC . |4C 49 43 45 4E 53 45>ascii "LICENSE *",0
4 008607F6 |90 nop
5 008607F7 |90 nop
6 008607F8 $ |55 push ebp
7 008607F9 . |8BEC mov ebp, esp
8 008607FB . |51 push ecx
9 008607FC . |833D 24871C01 00 cmp dword ptr [11C8724], 0
10 00860803 . |75 45 jnz short 0086084A ; 关键点1,Inc改跳到关键点2,
11 00860805 . |C705 448B1C01 FFFFFF>mov dword ptr [11C8B44], -1
12 0086080F . |C745 FC 01000000 mov dword ptr [ebp-4], 1
13 00860816 > |FF75 FC push dword ptr [ebp-4]
14 00860819 . |E8 86D11B00 call 00A1D9A4
15 0086081E . |59 pop ecx
16 0086081F . |3D ECD8FFFF cmp eax, -2714
17 00860824 . |74 13 je short 00860839
18 00860826 . |8B4D FC mov ecx, dword ptr [ebp-4]
19 00860829 . |49 dec ecx
20 0086082A . |B8 01000000 mov eax, 1
21 0086082F . |D3E0 shl eax, cl
22 00860831 . |F7D0 not eax
23 00860833 . |2105 448B1C01 and dword ptr [11C8B44], eax
24 00860839 > |FF45 FC inc dword ptr [ebp-4]
25 0086083C . |837D FC 18 cmp dword ptr [ebp-4], 18
26 00860840 .^|7E D4 jle short 00860816
27 00860842 . |FF05 24871C01 inc dword ptr [11C8724]
28 00860848 . |EB 14 jmp short 0086085E ; 关键点2,长度:36,到 retn ,原为 mov ecx, 0A
29 0086084A > |C705 408B1C01 337D00>mov dword ptr [11C8B40], 40007D33
30 00860854 |C7 db C7
31 00860855 |05 db 05
32 00860856 |44 db 44 ; CHAR 'D'
33 00860857 . |8B1C01FF dd FF011C8B
34 0086085B |FF db FF
35 0086085C . |FFFFA140 dd 40A1FFFF
36 00860860 |8B db 8B
37 00860861 |1C db 1C
38 00860862 . |01230544 dd 44052301
39 000860866 . 8B1C01 mov ebx, dword ptr [ecx+eax]
40 00860869 . 59 pop ecx
41 0086086A . 5D pop ebp
42 0086086B . C3 retn
43
44 关键点2原为:
45 00860848 |. B9 0A000000 mov ecx, 0A
46 0086084D |. A1 24871C01 mov eax, dword ptr [11C8724]
47 00860852 |. 99 cdq
48 00860853 |. F7F9 idiv ecx
49 00860855 |. 8915 24871C01 mov dword ptr [11C8724], edx
50 0086085B |. A1 408B1C01 mov eax, dword ptr [11C8B40]
51 00860860 |. 2305 448B1C01 and eax, dword ptr [11C8B44]
52 00860866 |. 59 pop ecx
53 00860867 |. 5D pop ebp
54 00860868 \. C3 retn
55
56
57
58 3.
59 00A1D9BF 90 nop
60 00A1D9C0 $ 55 push ebp
61 00A1D9C1 . 8BEC mov ebp, esp
62 00A1D9C3 . 51 push ecx
63 00A1D9C4 . 33C0 xor eax, eax
64 00A1D9C6 . 8945 FC mov dword ptr [ebp-4], eax
65 00A1D9C9 . E8 8EAB6D00 call <jmp.&VMOD.#77>
66
67 00A1D9CE C7 db C7 ; 关键点3,长度:16,直到nop
68 00A1D9CF . 05BC8B23 dd 238BBC05
69 00A1D9D3 01 db 01
70 00A1D9D4 . 05 00000090 add eax, 90000000
71 00A1D9D9 . 90 nop
72 00A1D9DA . 90 nop
73 00A1D9DB . 90 nop
74 00A1D9DC . 90 nop
75
76 00A1D9DD . EB 07 jmp short 00A1D9E6 ; 关键点3关键点, jnz --> jmp
77 00A1D9DF . 33D2 xor edx, edx
78 00A1D9E1 . 8955 FC mov dword ptr [ebp-4], edx
79 00A1D9E4 . EB 09 jmp short 00A1D9EF
80 00A1D9E6 > 8B0D BC8B2301 mov ecx, dword ptr [1238BBC]
81 00A1D9EC . 894D FC mov dword ptr [ebp-4], ecx
82 00A1D9EF > 8B45 FC mov eax, dword ptr [ebp-4]
83 00A1D9F2 . 59 pop ecx
84 00A1D9F3 . 5D pop ebp
85 00A1D9F4 . C3 retn
86
87 原来为:
88 00A1D9C9 |. E8 8EAB6D00 call <jmp.&VMOD.#77>
89 00A1D9CE |. A3 BC8B2301 mov dword ptr [1238BBC], eax
90 00A1D9D3 |. 813D BC8B2301>cmp dword ptr [1238BBC], -3EA
91 00A1D9DD |. 75 07 jnz short 00A1D9E6
92
93
94 4.
95 00A95EDD . BA 46652501 mov edx, 01256546 ; ASCII "SP_error:%d"
96 00A95EE2 . 8D45 FC lea eax, dword ptr [ebp-4]
97 00A95EE5 . E8 C2936400 call 010DF2AC
98 00A95EEA . FF45 E4 inc dword ptr [ebp-1C]
99 00A95EED . 8B00 mov eax, dword ptr [eax]
100 00A95EEF . 8B55 C4 mov edx, dword ptr [ebp-3C]
101 00A95EF2 . 8955 AC mov dword ptr [ebp-54], edx
102 00A95EF5 . 8B4D AC mov ecx, dword ptr [ebp-54]
103 00A95EF8 . 894D A4 mov dword ptr [ebp-5C], ecx
104 00A95EFB . C645 A8 00 mov byte ptr [ebp-58], 0
105 00A95EFF . C745 A0 01000000 mov dword ptr [ebp-60], 1
106 00A95F06 . 8B4D A0 mov ecx, dword ptr [ebp-60]
107 00A95F09 . 49 dec ecx
108 00A95F0A . 5A pop edx
109 00A95F0B . E8 90F16500 call <jmp.&VCL50.Sysutils::Format>
110 00A95F10 . 837D F0 00 cmp dword ptr [ebp-10], 0
111 00A95F14 . 74 05 je short 00A95F1B
112 00A95F16 . 8B45 F0 mov eax, dword ptr [ebp-10]
113 00A95F19 . EB 05 jmp short 00A95F20
114 00A95F1B > B8 61652501 mov eax, 01256561
115 00A95F20 > 50 push eax
116 00A95F21 . E8 A6D84000 call 00EA37CC
117 00A95F26 . 83C4 14 add esp, 14
118 00A95F29 . FF4D E4 dec dword ptr [ebp-1C]
119 00A95F2C . 8D45 F0 lea eax, dword ptr [ebp-10]
120 00A95F2F . BA 02000000 mov edx, 2
121 00A95F34 . E8 83966400 call 010DF5BC
122 00A95F39 . FF4D E4 dec dword ptr [ebp-1C]
123 00A95F3C . FF75 F4 push dword ptr [ebp-C]
124 00A95F3F . E8 04FD6100 call 010B5C48
125 00A95F44 . 59 pop ecx
126 00A95F45 . FF4D E4 dec dword ptr [ebp-1C]
127 00A95F48 . 8D45 FC lea eax, dword ptr [ebp-4]
128 00A95F4B . BA 02000000 mov edx, 2
129 00A95F50 . E8 67966400 call 010DF5BC
130 00A95F55 . 817D C4 16FCFFFF cmp dword ptr [ebp-3C], -3EA
131 00A95F5C . EB 54 jmp short 00A95FB2 ; 关键点4, JNZ --> JMP
132 00A95F5E . 6A 00 push 0
133 00A95F60 . 66:C745 D8 2000 mov word ptr [ebp-28], 20
134 00A95F66 . 68 AD170000 push 17AD
135 00A95F6B . E8 E0525B00 call 0104B250
136 00A95F70 . 59 pop ecx
137 00A95F71 . 8BD0 mov edx, eax
138 00A95F73 . 8D45 EC lea eax, dword ptr [ebp-14]
139 00A95F76 . E8 31936400 call 010DF2AC
140 00A95F7B . FF45 E4 inc dword ptr [ebp-1C]
141 00A95F7E . FF30 push dword ptr [eax]
142 00A95F80 . 6A 02 push 2
143 00A95F82 . 6A 00 push 0
144 00A95F84 . 8D4D 9E lea ecx, dword ptr [ebp-62]
145 00A95F87 . 51 push ecx
146 00A95F88 . E8 B3456300 call 010CA540
147 00A95F8D . 83C4 0C add esp, 0C
148 00A95F90 . 804D 9E 04 or byte ptr [ebp-62], 4
149 00A95F94 . 8D45 9E lea eax, dword ptr [ebp-62]
150 00A95F97 . 66:8B08 mov cx, word ptr [eax]
151 00A95F9A . B2 01 mov dl, 1
152 00A95F9C . 58 pop eax
153 00A95F9D . E8 C60A6600 call <jmp.&VCL50.Dialogs::MessageDlg>
154
155
4、实例快照
以下是实际运行效果
http://www.cnblogs.com/yuanbao/archive/2009/07/09/1520010.html
|
|
|---|---|
|
|
 。。。。那个软件狗了?没用么???
|
|
|
|
|
|
|
|
|
|
|
|
 学习了。
|
