文章导航PC6首页软件下载单机游戏安卓资源苹果资源

pc软件新闻网络操作系统办公工具编程服务器软件评测

安卓新闻资讯应用教程刷机教程安卓游戏攻略tv资讯深度阅读综合安卓评测

苹果ios资讯苹果手机越狱备份教程美化教程ios软件教程mac教程

单机游戏角色扮演即时战略动作射击棋牌游戏体育竞技模拟经营其它游戏游戏工具

网游cf活动dnf活动lol周免英雄lol礼包

手游最新动态手游评测手游活动新游预告手游问答

您的位置:首页精文荟萃破解文章 → 广通证券信息引擎2.2(5.14新版)

广通证券信息引擎2.2(5.14新版)

时间:2004/10/15 1:03:00来源:本站整理作者:蓝点我要评论(0)

 












    这个软件升级第2天我就破解了。之所以到现在才发布这个破解文章,是因为这个软件实在太好了,我不
忍心看着他因为破解泛滥而不得不关闭Guest账户。请不要以此文章制作破解文件!谢谢合作
官方主页:www.gtgwt.com
免费用户限制:不定时跳广告
破解方法:爆破(只能用这个)
破解工具:FI,W32DASM,HIEW,FILEMON
破解目的:去除广告
   我敢打赌,我第一个破除了2.2的老版本。5.14日,软件提示有新版本,强迫升级,呜……又该破解
了……  
   本来觉得这个新版本很简单的,升级变动也不大,按老的走就可以了。W32DASM反汇编stock.dll(主
程序),来到10006737,把那个CALL nop掉完事(老版本就是这样被我破掉的)。启动!^&%#@$!*)&( 怎
么回事?又重新下载引擎???可是,没升级呀…… 忽然意识到:这个新程序,是不是加了一个自校验
功能???如果有改动就……自动重新下载!广告是去除了,下面的任务就是去掉那个自校验功能!(广
告的去除方法不再详述)

设想程序基本思路:
从服务器下载新版本号-->获得本地版本号-->比较-->相等就跳走-->不相等下载新版本-->提示升级-->安
装或从服务器下载新版本号-->获得本地版本号-->比较-->相等就跳走-->系统自校验-->相等继续使用-->不相
等从服务器上下载新版本-->提示升级-->安装  
   
   一开始是从10006473处下手,经过N次爆破均不成功。无奈之际,打开串式参考,找到两个可疑文件
名:stock.dll、stock000.dll。赶紧去winnt\system32\看,果然有这两个文件,但并不相同。猜想
stock000.dll是上一版本的备份。双击,来到10009451(请从下面找到10009451,从那里看,跟着注释走
,这样可以较清楚地看到我的破解思路) 注释中的“右键”,是在w32dasm的操作。


* Referenced by a CALL at Address:
|:100063C8                                         <----关键CALL
|
:10007500 64A100000000            mov eax, dword ptr fs:[00000000]
:10007506 6AFF                    push FFFFFFFF
:10007508 68705B0310              push 10035B70
:1000750D 50                      push eax
:1000750E 64892500000000          mov dword ptr fs:[00000000], esp
:10007515 83EC20                  sub esp, 00000020
:10007518 53                      push ebx
:10007519 55                      push ebp
:1000751A 56                      push esi
:1000751B 8BF1                    mov esi, ecx
:1000751D 33DB                    xor ebx, ebx
:1000751F 57                      push edi
:10007520 8B8638060000            mov eax, dword ptr [esi+00000638]
:10007526 3BC3                    cmp eax, ebx
:10007528 740F                    je 10007539     <----很可疑,修改为74,成功!
:1000752A 50                      push eax
:1000752B E86FF80100              call 10026D9F
:10007530 83C404                  add esp, 00000004
:10007533 899E38060000            mov dword ptr [esi+00000638], ebx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10007528(C)                                      <----右键

:10007539 8B442444                mov eax, dword ptr [esp+44]
:1000753D 8B7C2440                mov edi, dword ptr [esp+40]
:10007541 8DAE38050000            lea ebp, dword ptr [esi+00000538]
:10007547 50                      push eax
:10007548 57                      push edi
:10007549 8BCE                    mov ecx, esi
:1000754B 894624                  mov dword ptr [esi+24], eax
:1000754E 885D00                  mov byte ptr [ebp+00], bl
:10007551 889E38040000            mov byte ptr [esi+00000438], bl
:10007557 E894FEFFFF              call 100073F0
:1000755C 85C0                    test eax, eax
:1000755E 7545                    jne 100075A5      <----没准是这里,不过经测试,不是!继续向上
:10007560 6800010000              push 00000100
:10007565 E80CF80100              call 10026D76
:1000756A 8BD0                    mov edx, eax
:1000756C 83C404                  add esp, 00000004
:1000756F 3BD3                    cmp edx, ebx
:10007571 899638060000            mov dword ptr [esi+00000638], edx
:10007577 7422                    je 1000759B

* Possible StringData Ref from Data Obj ->"包错误"
                                 
..............................
......................

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1000755E(C)                                     <----右键
|
:100075A5 33C0                    xor eax, eax
:100075A7 668B07                  mov ax, word ptr [edi]
:100075AA 3D00200000              cmp eax, 00002000
:100075AF 0F8F00010000            jg 100076B5     <----不可能是关键跳转,继续向上
:100075B5 0F84A4000000            je 1000765F
:100075BB 0500F0FFFF              add eax, FFFFF000
:100075C0 83F80B                  cmp eax, 0000000B
......................
...........

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100075AF(C)                                        <----右键
|
:100076B5 3D02300000              cmp eax, 00003002
:100076BA 0F8F7C010000            jg 1000783C        <----不可能是关键跳转,继续向上
:100076C0 0F84D7000000            je 1000779D
:100076C6 2D01200000              sub eax, 00002001
:100076CB 747A                    je 10007747
:100076CD 83E802                  sub eax, 00000002
:100076D0 741F                    je 100076F1
.....................
...............
:10007816 50                      push eax
:10007817 52                      push edx
:10007818 51                      push ecx
:10007819 55                      push ebp
:1000781A E840E20000              call 10015A5F
:1000781F 83C418                  add esp, 00000018
:10007822 8D4C241C                lea ecx, dword ptr [esp+1C]
:10007826 E8F3F00100              call 1002691E
:1000782B C7442438FFFFFFFF        mov [esp+38], FFFFFFFF
:10007833 8D4C2444                lea ecx, dword ptr [esp+44]
:10007837 E900010000              jmp 1000793C

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100076BA(C)                                           <----右键。
|
:1000783C 3D00500000              cmp eax, 00005000
:10007841 755C                    jne 1000789F          <----来到这里,继续向上
:10007843 3D00800000              cmp eax, 00008000
:10007848 7418                    je 10007862
:1000784A 3D00A00000              cmp eax, 0000A000
:1000784F 0F85EC000000            jne 10007941
:10007855 57                      push edi
:10007856 8BCE                    mov ecx, esi
:10007858 E8D3180000              call 10009130
:1000785D E9DF000000              jmp 10007941
.......................
..............
:1000788D F3                      repz
:1000788E A5                      movsd
:1000788F 8BCA                    mov ecx, edx
:10007891 83E103                  and ecx, 00000003
:10007894 F3                      repz
:10007895 A4                      movsb
:10007896 8D4C2420                lea ecx, dword ptr [esp+20]
:1000789A E99D000000              jmp 1000793C

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10007841(C)                                               <----跳转,此处按右键
|
:1000789F 57                      push edi
:100078A0 8BCE                    mov ecx, esi
:100078A2 E8E9190000              call 10009290             <----来到这里,继续向上
:100078A7 85C0                    test eax, eax
:100078A9 750A                    jne 100078B5
:100078AB B803000000              mov eax, 00000003
:100078B0 E98E000000              jmp 10007943
------------------------------------------------------------------------

* Referenced by a CALL at Address:
|:100078A2                                                <----右键,看是哪里来的
|
:10009290 6AFF                    push FFFFFFFF
:10009292 68C85B0310              push 10035BC8
:10009297 64A100000000            mov eax, dword ptr fs:[00000000]
:1000929D 50                      push eax
:1000929E 64892500000000          mov dword ptr fs:[00000000], esp
...............
............
:100092DE 752F                    jne 1000930F
:100092E0 56                      push esi
:100092E1 8BCB                    mov ecx, ebx
:100092E3 E888000000              call 10009370            <----继续向上
:100092E8 8D4C240C                lea ecx, dword ptr [esp+0C]
:100092EC C7442450FFFFFFFF        mov [esp+50], FFFFFFFF
:100092F4 E8179DFFFF              call 10003010
------------------------------------------------------------------

* Referenced by a CALL at Address:
|:100092E3                                                 <----CALL,右键,看看是哪里来的
|
:10009370 81EC00030000            sub esp, 00000300
:10009376 8D842400020000          lea eax, dword ptr [esp+00000200]
:1000937D 53                      push ebx
:1000937E 55                      push ebp
:1000937F 56                      push esi
:10009380 57                      push edi
:10009381 6880000000              push 00000080
:10009386 50                      push eax

* Reference To: KERNEL32.GetSystemDirectoryA, Ord:0159h     <----获得系统目录,继续向上
                                 |
:10009387 FF15E4710310            Call dword ptr [100371E4]
:1000938D 83C9FF                  or ecx, FFFFFFFF

* Possible StringData Ref from Data Obj ->"\"
                                 |
:10009390 BFE4520410              mov edi, 100452E4
:10009395 33C0                    xor eax, eax
.................
........
:10009449 A5                      movsd
:1000944A 8BC8                    mov ecx, eax
:1000944C 83E103                  and ecx, 00000003
:1000944F F3                      repz
:10009450 A4                      movsb

* Possible StringData Ref from Data Obj ->"stock000.dll"   <----来到这里,从这里向上找
                                 |
:10009451 BF40590410              mov edi, 10045940
:10009456 83C9FF                  or ecx, FFFFFFFF
:10009459 33C0                    xor eax, eax
:1000945B 8D942410010000          lea edx, dword ptr [esp+00000110]

总结一下:
--------------------------------------
10006737处,E824000000 改 9090909090
10007528处,74         改 75

总计修改6 byte,收工。
发布时间:2003.05.16 14:39 

    
    
     
    
    
     

相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么

文章评论
发表评论

热门文章 去除winrar注册框方法

最新文章 比特币病毒怎么破解 比去除winrar注册框方法 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据

人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程