Advanced Email Searcher1.1
我很想加入bcg,所以赶快写破文。看到老大crackabc需要邮件群发软件,我也来试试。
注册码,大家都说了,比较容易。但是它在后面还有检测,我没有找到比较正确的注册码的地方,所以只有爆破了!^_^
注册码的关键的call就在
:0049A3B0 8B4DF8 mov ecx, dword ptr [ebp-08]
:0049A3B3 8B55FC mov edx, dword ptr [ebp-04]
:0049A3B6 8BC3 mov eax, ebx
:0049A3B8 E8F7000000 call 0049A4B4 <----这个就是关键的地方,里面有假的注册码哦!进入看看。
:0049A3BD 84C0 test al, al
|:0049A3B8 , :0049A648
|
:0049A4B4 55 push ebp
:0049A4B5 8BEC mov ebp, esp
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049A467(C)
|
:0049A4B7 83C4F0 add esp, FFFFFFF0
:0049A4BA 53 push ebx
:0049A4BB 33DB xor ebx, ebx
:0049A4BD 895DF4 mov dword ptr [ebp-0C], ebx
:0049A4C0 895DF0 mov dword ptr [ebp-10], ebx
:0049A4C3 894DF8 mov dword ptr [ebp-08], ecx
:0049A4C6 8955FC mov dword ptr [ebp-04], edx
:0049A4C9 8B45FC mov eax, dword ptr [ebp-04]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049A465(C)
|
:0049A4CC E8AF9AF6FF call 00403F80
:0049A4D1 8B45F8 mov eax, dword ptr [ebp-08]
:0049A4D4 E8A79AF6FF call 00403F80
:0049A4D9 8B4508 mov eax, dword ptr [ebp+08]
:0049A4DC E89F9AF6FF call 00403F80
:0049A4E1 33C0 xor eax, eax
:0049A4E3 55 push ebp
:0049A4E4 683EA54900 push 0049A53E
:0049A4E9 64FF30 push dword ptr fs:[eax]
:0049A4EC 648920 mov dword ptr fs:[eax], esp
:0049A4EF 8D45F0 lea eax, dword ptr [ebp-10]
:0049A4F2 8B4DF8 mov ecx, dword ptr [ebp-08]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049A47C(C)
|
:0049A4F5 8B55FC mov edx, dword ptr [ebp-04]
:0049A4F8 E81B99F6FF call 00403E18
:0049A4FD 8B45F0 mov eax, dword ptr [ebp-10]
:0049A500 8D55F4 lea edx, dword ptr [ebp-0C]
:0049A503 E8F07AFEFF call 00481FF8
:0049A508 8B55F4 mov edx, dword ptr [ebp-0C]
:0049A50B 8B4508 mov eax, dword ptr [ebp+08]
:0049A50E E8C999F6FF call 00403EDC <---就是这里
:0049A513 7504 jne 0049A519
:0049A515 B301 mov bl, 01
:0049A517 EB02 jmp 0049A51B
:00403EDC 53 push ebx
:00403EDD 56 push esi
:00403EDE 57 push edi
:00403EDF 89C6 mov esi, eax
:00403EE1 89D7 mov edi, edx
:00403EE3 39D0 cmp eax, edx <----比较了,两个假的。^_^
:00403EE5 0F848F000000 je 00403F7A
:00403EEB 85F6 test esi, esi
:00403EED 7468 je 00403F57
:00403EEF 85FF test edi, edi
:00403EF1 746B je 00403F5E
:00403EF3 8B46FC mov eax, dword ptr [esi-04]
:00403EF6 8B57FC mov edx, dword ptr [edi-04]
:00403EF9 29D0 sub eax, edx
:00403EFB 7702 ja 00403EFF
:00403EFD 01C2 add edx, eax
:0049A3BD 84C0 test al, al <---修改下面的跳转就行了。
修改后就出现了老大说的那个现象了,可以肯定下面还有校验的地方,接着先下看看。
:0049A659 E86A3FF9FF call 0042E5C8
:0049A65E 33D2 xor edx, edx
:0049A660 8B8384030000 mov eax, dword ptr [ebx+00000384]
:0049A666 E85922FEFF call 0047C8C4 <----这个可能就是验证的call
:0049A66B C60538024A0000 mov byte ptr [004A0238], 00 <---注册的标志变成零了
:0049A672 EB21 jmp 0049A695
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049A64F(C)
|
:0049A674 8B15D44D4E00 mov edx, dword ptr [004E4DD4]
:0049A67A 8BC3 mov eax, ebx
:0049A67C E8473FF9FF call 0042E5C8
:0049A681 B201 mov dl, 01
:0049A683 8B8384030000 mov eax, dword ptr [ebx+00000384]
:0049A689 E83622FEFF call 0047C8C4
:0049A68E C60538024A0000 mov byte ptr [004A0238], 00
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0049A672(U)
|
:0049A695 803D38024A0000 cmp byte ptr [004A0238], 00 <---这里验证
:0049A69C 7507 jne 0049A6A5 <----这里要改为je
:0049A69E 8BC3 mov eax, ebx
:0049A6A0 E89B010000 call 0049A840 <----就是那个出错的call
这样改完,就可以成功的注册了,但是在启动的时候他还是要检验一个地方:
* Possible StringData Ref from Data Obj ->"default.aes"
|
:00499E3F 8B152C024A00 mov edx, dword ptr [004A022C]
:00499E45 8BC3 mov eax, ebx
:00499E47 E848F1FFFF call 00498F94
:00499E4C 33C0 xor eax, eax
:00499E4E A334024A00 mov dword ptr [004A0234], eax
:00499E53 8BC3 mov eax, ebx
:00499E55 E8F6060000 call 0049A550
:00499E5A 803D3C024A0000 cmp byte ptr [004A023C], 00 <---这里验证
:00499E61 7509 jne 00499E6C <---改为je
:00499E63 8BD3 mov edx, ebx
:00499E65 8BC3 mov eax, ebx
:00499E67 E828030000 call 0049A194 <----注册的对话框
"default.aes",就是这个文件里有注册的校验。
到此就完全搞定了!
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据
人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>