📄 crack36.htm
字号:
:004147CC 8B1560874200 mov edx, dword ptr [00428760]
:004147D2 0BC8 or ecx, eax
:004147D4 33C0 xor eax, eax
:004147D6 C1E108 shl ecx, 08
:004147D9 668B44246E mov ax, word ptr [esp+6E]
:004147DE 0BC8 or ecx, eax
:004147E0 3BCA cmp ecx, edx ;和有效期限比较,
:004147E2 7622 jbe 00414806 ;未过期,跳到注册表RunTime键值的检查处——2.2
:004147E4 E807B3FFFF call 0040FAF0 ;弹出过期报错窗口
:004147E9 A19C874200 mov eax, dword ptr [0042879C]
:004147EE 8B0D98874200 mov ecx, dword ptr [00428798]
:004147F4 3BC1 cmp eax, ecx
:004147F6 7407 je 004147FF
:004147F8 50 push eax
* Reference To: KERNEL32.FreeLibrary, Ord:0133h
|
:004147F9 FF15F0064A00 Call dword ptr [004A06F0]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004147F6(C)
|
:004147FF 33C0 xor eax, eax
:00414801 E910070000 jmp 00414F16
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004147AB(C), :004147E2(C)
|
:00414806 E875B3FFFF call 0040FB80 ;返回KEY_LOCAL_MACHINE\Software\Microsoft
:0041480B 85C0 test eax, eax ;\Windows\CurrentVersion\Setup键值RunTime
:0041480D 7522 jne 00414831 ;RunTime不为0,祝贺你能看VCD了!!————3
:0041480F E8DCB2FFFF call 0040FAF0 ;弹出过期报错窗口
:00414814 8B0D9C874200 mov ecx, dword ptr [0042879C]
:0041481A A198874200 mov eax, dword ptr [00428798]
:0041481F 3BC8 cmp ecx, eax
:00414821 7407 je 0041482A
:00414823 51 push ecx
* Reference To: KERNEL32.FreeLibrary, Ord:0133h
|
:00414824 FF15F0064A00 Call dword ptr [004A06F0]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414821(C)
|
:0041482A 33C0 xor eax, eax
:0041482C E9E5060000 jmp 00414F16
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041480D(C)
|
:00414831 33DB xor ebx, ebx ;精彩世界由此进入......
———————————————————突破防线———————————————————————
—————————————————对注册表的相关操作————————————————————
* Referenced by a CALL at Address:
|:00414806
|
:0040FB80 83EC10 sub esp, 00000010
:0040FB83 8D442404 lea eax, dword ptr [esp+04]
:0040FB87 53 push ebx
:0040FB88 56 push esi
:0040FB89 50 push eax
:0040FB8A 681F000200 push 0002001F
:0040FB8F 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"SOFTWARE\Microsoft\Windows\CurrentVersion\Setu"
->"p"
|
:0040FB91 689C7F4200 push 00427F9C
:0040FB96 6802000080 push 80000002
* Reference To: ADVAPI32.RegOpenKeyExA, Ord:00EFh
|
:0040FB9B FF1598054A00 Call dword ptr [004A0598]
:0040FBA1 85C0 test eax, eax
:0040FBA3 7424 je 0040FBC9 ;成功打开键,则跳,否则创建键
:0040FBA5 8D44240C lea eax, dword ptr [esp+0C]
:0040FBA9 50 push eax
* Possible StringData Ref from Data Obj ->"SOFTWARE\Microsoft\Windows\CurrentVersion\Setu"
->"p"
|
:0040FBAA 689C7F4200 push 00427F9C
:0040FBAF 6802000080 push 80000002
* Reference To: ADVAPI32.RegCreateKeyA, Ord:00DBh
|
:0040FBB4 FF1594054A00 Call dword ptr [004A0594]
:0040FBBA 85C0 test eax, eax
:0040FBBC 740B je 0040FBC9 ;成功创建键,则跳,否则EAX=FFFFFFFF,返回
:0040FBBE B8FFFFFFFF mov eax, FFFFFFFF
:0040FBC3 5E pop esi
:0040FBC4 5B pop ebx
:0040FBC5 83C410 add esp, 00000010
:0040FBC8 C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040FBA3(C), :0040FBBC(C)
|
:0040FBC9 BE04000000 mov esi, 00000004
:0040FBCE 8D442410 lea eax, dword ptr [esp+10]
:0040FBD2 8D4C2408 lea ecx, dword ptr [esp+08]
:0040FBD6 50 push eax
:0040FBD7 8D542418 lea edx, dword ptr [esp+18]
:0040FBDB 51 push ecx
:0040FBDC 8B442414 mov eax, dword ptr [esp+14]
:0040FBE0 52 push edx
:0040FBE1 8974241C mov dword ptr [esp+1C], esi
:0040FBE5 6A00 push 00000000
:0040FBE7 89742424 mov dword ptr [esp+24], esi
:0040FBEB 68947F4200 push 00427F94
:0040FBF0 C744241C00000000 mov [esp+1C], 00000000
:0040FBF8 50 push eax
* Reference To: ADVAPI32.RegQueryValueExA, Ord:00F7h
|
:0040FBF9 FF1590054A00 Call dword ptr [004A0590]
:0040FBFF 85C0 test eax, eax ;在这里我曾失误过,改为无条件跳转
:0040FC01 7425 je 0040FC28 ;成功读取键值,则跳,否则设置键值RunTime=64
:0040FC03 8D442408 lea eax, dword ptr [esp+08]
:0040FC07 56 push esi
:0040FC08 8B4C2410 mov ecx, dword ptr [esp+10]
:0040FC0C 50 push eax
:0040FC0D C744241064000000 mov [esp+10], 00000064
:0040FC15 56 push esi
:0040FC16 6A00 push 00000000
:0040FC18 68947F4200 push 00427F94
* Reference To: ADVAPI32.RegSetValueExA, Ord:0103h
|
:0040FC1D 8B359C054A00 mov esi, dword ptr [004A059C]
:0040FC23 51 push ecx
:0040FC24 FFD6 call esi
:0040FC26 EB06 jmp 0040FC2E
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040FC01(C)
|
* Reference To: ADVAPI32.RegSetValueExA, Ord:0103h
|
:0040FC28 8B359C054A00 mov esi, dword ptr [004A059C]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040FC26(U)
|
:0040FC2E 8B442408 mov eax, dword ptr [esp+08] ;RunTime键值->eax
:0040FC32 85C0 test eax, eax
:0040FC34 7421 je 0040FC57 ;为0则跳,表示已到期了
:0040FC36 83F8FF cmp eax, FFFFFFFF ;为FFFFFFFF则跳,为什么RunTime=FFFFFFFF
:0040FC39 741C je 0040FC57 ;永不过期,明白了吧!!
:0040FC3B 48 dec eax ;RunTime键值减1
:0040FC3C 6A04 push 00000004
:0040FC3E 8D4C240C lea ecx, dword ptr [esp+0C]
:0040FC42 8B542410 mov edx, dword ptr [esp+10]
:0040FC46 8944240C mov dword ptr [esp+0C], eax
:0040FC4A 51 push ecx
:0040FC4B 6A04 push 00000004
:0040FC4D 6A00 push 00000000
:0040FC4F 68947F4200 push 00427F94
:0040FC54 52 push edx
:0040FC55 FFD6 call esi
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040FC34(C), :0040FC39(C)
|
:0040FC57 8B44240C mov eax, dword ptr [esp+0C]
:0040FC5B 50 push eax
* Reference To: ADVAPI32.RegCloseKey, Ord:00D8h
|
:0040FC5C FF15A0054A00 Call dword ptr [004A05A0]
:0040FC62 8B442408 mov eax, dword ptr [esp+08] ;RunTime键值->eax
:0040FC66 5E pop esi
:0040FC67 5B pop ebx
:0040FC68 83C410 add esp, 00000010
:0040FC6B C3 ret
—————————————————对注册表的相关操作————————————————————
诸位,明白了么?什么,还没有?!#^$~&那就再好好看看看雪的教程吧!怎样打补丁就不用我多说了,
在1.1或1.2、2.1或2.2、3处改为无条件跳转就Ok。
--### 严正声名 ###--
以上内容只能用于经验交流领域,严禁商业用途,请维护正版利益!
版权所有,请保障文章的完整性!
woLONGwxd 2001-1-20
E-mail:wxdny@263.net</pre>
</div>
</div>
</td>
</tr>
</table>
<p> </p>
<p> </p>
<p> </p>
<a href="index.htm" tppabs="http://toye.dihou.org/index.htm"><span class="p9">首页</span></a><span class="p9">>><a href="crack.htm" tppabs="http://toye.dihou.org/crack.htm">破解心得</a></span>
</body>
</html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -