【软件名称】:NetWindows 软件版本:1.15
【软件大小】: 552KB
【下载地址】:http://wisefox.zj.com/
【软件简介】:绿色小巧的远程控制软件(国产精品)
【软件限制】:时间NAG+注册码
【破解声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:W32Dasm,UltraEDIT32
———————————————————————————————————————————
【破解过程】:
此软件在打开运行1分钟就弹出一对话框提示我们注册,你输入用户名、公司、序列号(随便填)点击注册,看到什么啦!“序列号不合法”这是我们需要的重要信息,呵呵~~我们开工,用W32Dasm打开软件,从参考菜单里选择“串式数据参考”找到我们们需要的“序列号不合法”双击鼠标。
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00411CCA(C)
|
:00411D84 6A30 push 00000030
* Possible StringData Ref from Data Obj ->"警告"
|
:00411D86 68ECA24500 push 0045A2EC
* Possible StringData Ref from Data Obj ->"序列号不合法" ;
|
:00411D8B 68B8AC4500 push 0045ACB8 ;双击鼠标来到这里,一直向上找他的跳转(JZ,JNZ,JNE,JMP等等啦)
:00411D90 8BCE mov ecx, esi
:00411D92 E8DA010200 call 00431F71
:00411D97 5F pop edi
:00411D98 5E pop esi
:00411D99 5D pop ebp
:00411D9A 5B pop ebx
:00411D9B 59 pop ecx
:00411D9C C3 ret
×××××××××××××××××××××××××××××××××××××
* Reference T ADVAPI32.RegSetValueA, Ord:0185h
|
:00411CE1 8B3D08904400 mov edi, dword ptr [00449008]
:00411CE7 8B48F8 mov ecx, dword ptr [eax-08]
:00411CEA 51 push ecx
:00411CEB 50 push eax
:00411CEC 6A01 push 00000001
* Possible StringData Ref from Data Obj ->"SOFTWARE\NetWindow\UserName" ;你输入的用户名写入注册表
|
:00411CEE 6840AD4500 push 0045AD40
:00411CF3 6802000080 push 80000002
:00411CF8 FFD7 call edi
:00411CFA 85C0 test eax, eax
:00411CFC 7413 je 00411D11 ;注册表的对比计算
:00411CFE 6A30 push 00000030
* Possible StringData Ref from Data Obj ->"警告"
|
:00411D00 68ECA24500 push 0045A2EC
* Possible StringData Ref from Data Obj ->"修改注册表失败!"
|
:00411D05 6830AD4500 push 0045AD30
:00411D0A 8BCE mov ecx, esi
:00411D0C E860020200 call 00431F71
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00411CFC(C)
|
:00411D11 8B4664 mov eax, dword ptr [esi+64]
:00411D14 8B48F8 mov ecx, dword ptr [eax-08]
:00411D17 51 push ecx
:00411D18 50 push eax
:00411D19 6A01 push 00000001
* Possible StringData Ref from Data Obj ->"SOFTWARE\NetWindow\CompanyName" ;输入的公司名写入注册表
|
:00411D1B 6810AD4500 push 0045AD10
:00411D20 6802000080 push 80000002
:00411D25 FFD7 call edi
:00411D27 85C0 test eax, eax
:00411D29 7413 je 00411D3E ;注册表的对比计算
:00411D2B 6A30 push 00000030
* Possible StringData Ref from Data Obj ->"警告"
|
:00411D2D 68ECA24500 push 0045A2EC
* Possible StringData Ref from Data Obj ->"修改注册表失败!"
|
:00411D32 6830AD4500 push 0045AD30
:00411D37 8BCE mov ecx, esi
:00411D39 E833020200 call 00431F71
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00411D29(C)
|
:00411D3E 8B4500 mov eax, dword ptr [ebp+00]
:00411D41 8B48F8 mov ecx, dword ptr [eax-08]
:00411D44 51 push ecx
:00411D45 50 push eax
:00411D46 6A01 push 00000001
* Possible StringData Ref from Data Obj ->"SOFTWARE\NetWindow\SerialNo" ;输入的序列号写入注册表
|
:00411D48 68F4AC4500 push 0045ACF4
:00411D4D 6802000080 push 80000002
:00411D52 FFD7 call edi
:00411D54 85C0 test eax, eax
:00411D56 7413 je 00411D6B ;计算相等跳出注册成功对话框
:00411D58 6A30 push 00000030
* Possible StringData Ref from Data Obj ->"警告"
|
:00411D5A 68ECA24500 push 0045A2EC
* Possible StringData Ref from Data Obj ->"修改注册表失败!"
|
:00411D5F 6830AD4500 push 0045AD30
:00411D64 8BCE mov ecx, esi
:00411D66 E806020200 call 00431F71
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00411D56(C)
|
:00411D6B 6A40 push 00000040
* Possible StringData Ref from Data Obj ->"恭喜"
|
:00411D6D 68ECAC4500 push 0045ACEC
* Possible StringData Ref from Data Obj ->"注册成功!感谢你对智狐软件的支持!"
|
:00411D72 68C8AC4500 push 0045ACC8
:00411D77 8BCE mov ecx, esi
:00411D79 E8F3010200 call 00431F71
:00411D7E 5F pop edi
:00411D7F 5E pop esi
:00411D80 5D pop ebp
:00411D81 5B pop ebx
:00411D82 59 pop ecx
:00411D83 C3 ret
;最后找到这里来了,先找第一个跳转,不行在测试其他的,真麻烦啊!学破解要有耐心嘛~~~
:00411CB2 E856CB0000 call 0041E80D
:00411CB7 83C410 add esp, 00000010
:00411CBA 8D4C2410 lea ecx, dword ptr [esp+10]
:00411CBE 85C0 test eax, eax
:00411CC0 0F94C3 sete bl
:00411CC3 E888CD0100 call 0042EA50
:00411CC8 84DB test bl, bl
:00411CCA 0F84B4000000 je 00411D84 ;我们向上找到这里,第一个跳转,看看这个跳转到那里了,哈哈~~原来就是跳到了“序列号不合法”这里了!这一行代码变成绿色时看到底部的偏移地址@Offset xxxxxxxxh记住这个地址,退出此软件。
:00411CD0 8BCE mov ecx, esi
:00411CD2 C7465C01000000 mov [esi+5C], 00000001
:00411CD9 E88ADA0100 call 0042F768
:00411CDE 8B4660 mov eax, dword ptr [esi+60]
用UltraEDIT32打开软件,执行最后的一步~~~修改!按Ctrl+G输入我们上面看到的偏移地址,点击确定。看到的是0F 84 将84该为85,别忘了点击保存,不然我们上面的工作白做啦。关闭退出,看看我们的成果怎样呢,试着输入注册信息,看看~~~~成功了!~~嘿嘿!还有BUG^_^
———————————————————————————————————————————
【Crack_总结】:
我只是抛砖引玉,用了1分钟的时间破解了一款软件,只是看到了我们最想要的结果,详细的注册码自己去找吧,还有怎样去掉这个1分钟的时间限制,请大侠来发现了,希望能写出来让我们大家学学。
[推荐]一分钟破解远程控制软件
您现在的位置: