金山打字通business版去掉烦人的升级安装
本帖最后由 冥界3大法王 于 2020-4-8 09:53 编辑好吧,这个打字练习软件真的好老了。
只是我硬盘的一个收藏而已。
这东西分为两个版本:一个是民用版,一个是商用版。
民用版就是个人的,免费使用,但使用时会弹百度广告
商用版底部没有广告,但需要用户购买和注册才能正常的使用。
我这里说的是2013版,2016版网上似乎没有商用的,只有个人免费加广告的
破解过程就不说了,省得犯规,被红牌。{:301_997:}
看到论坛有人发了去广告过程,那好吧,我也说说我的去升级提示的过程吧。
每次程序运行不久或退出时,就会发现位于%temp% ,出现了一个叫TypeEasy_Update.exe的安装文件出现了安装窗口
十分的讨人烦!所以必须得干掉以绝后患。{:301_971:}
通过TC搜索+Winhex修改
wps.cn
wps.com
api.51dzt.com(无论acsii ,unicode,utf-8都是不行的)试过好多次,想起来就鼓捣一下,我们发现无济于事。
也曾经怀疑过 index.xml,和 其他的 dlland exe ,但全部不行的;因为修改之后没一点用,还会弹出。
最近前不久,我发现目录里有个叫 bsns.data 的文件十分的可疑
于是就用winhex打开查看了下,发现有个字段TypeEasy.html 很可能就是了。于是修改为00 打包成单文件版仅25M,之后升级安装再也没有出来过。
于是你或许会问,为啥肯定是这个呢?
我们为两部分来猜测
有可能是TypeEasy
有可能是Update
所以碰巧正好蒙到了,因为它们是间接调用的。
楼主不喜欢修改hosts文件的方法(因为你系统更新了,你还得再修改,累不累?)
所以说玩破解或逆向得学会:
1,大海捞针缩减范围
2,监控安装 或 运行日志;比如火绒,hips类,api monitor,抓包,process monitor,当然还有太多行为检测工具
3,破坏性修改和试探 是最直接简单和暴力的方法
注: 提供破解成品会被关到黑屋反省的。{:301_998:}
https://static.52pojie.cn/static/image/hrline/2.gif
前面写得还是有问题!重写!{:301_1006:}{:301_1006:}{:301_1006:}
字符串搜索,checkupdate这个即是检测点1 ,同时也是注册表键值
不断的回溯!来到下面的代码!
0090D9B0 | push ebp 第1次检测ret掉!
0090D9B1 | 8BEC | mov ebp,esp |
0090D9B3 | 6A FF | push FFFFFFFF |
0090D9B5 | 68 F9FD | push <crack.sub_92FDF9> |
0090D9BA | 64:A1 0 | mov eax,dword ptr fs: |
0090D9C0 | 50 | push eax |
0090D9C1 | 51 | push ecx | ecx:sub_942320
0090D9C2 | 56 | push esi |
0090D9C3 | 57 | push edi |
0090D9C4 | A1 6C82 | mov eax,dword ptr ds: |
0090D9C9 | 33C5 | xor eax,ebp |
0090D9CB | 50 | push eax |
0090D9CC | 8D45 F4 | lea eax,dword ptr ss: |
0090D9CF | 64:A3 0 | mov dword ptr fs:,eax |
0090D9D5 | 8BF1 | mov esi,ecx | ecx:sub_942320
0090D9D7 | E8 F4D5 | call <crack.sub_90AFD0> |
0090D9DC | 84C0 | test al,al |
0090D9DE | 74 53 | je crack.90DA33 |
0090D9E0 | 8BCE | mov ecx,esi | ecx:sub_942320
0090D9E2 | E8 E9F2 | call <crack.sub_90CCD0> |
0090D9E7 | 84C0 | test al,al |
0090D9E9 | 74 48 | je crack.90DA33 |
0090D9EB | E8 40F8 | call <crack.sub_90D230> |
0090D9F0 | 6A FF | push FFFFFFFF |
0090D9F2 | 68 A01A | push crack.951AA0 | 951AA0:"-mode=download -from=typeeasy"
0090D9F7 | FF15 3C | call dword ptr ds:[<&?fromAscii_helper@QString@@CAPAUD |
0090D9FD | 8945 F0 | mov dword ptr ss:,eax |
0090DA00 | 8D45 F0 | lea eax,dword ptr ss: |
0090DA03 | 50 | push eax |
0090DA04 | C745 FC | mov dword ptr ss:,0 |
0090DA0B | E8 90FC | call <crack.sub_90D6A0> |
0090DA10 | 8B4D F0 | mov ecx,dword ptr ss: | ecx:sub_942320
0090DA13 | 83C4 0C | add esp,C |
0090DA16 | C745 FC | mov dword ptr ss:,FFFFFFFF |
0090DA1D | 83CA FF | or edx,FFFFFFFF |
0090DA20 | F0:0FC1 | lock xadd dword ptr ds:,edx | ecx:sub_942320
0090DA24 | 75 0D | jne crack.90DA33 |
0090DA26 | 8B45 F0 | mov eax,dword ptr ss: |
0090DA29 | 50 | push eax |
0090DA2A | FF15 44 | call dword ptr ds:[<&?free@QString@@CAXPAUData@1@@Z>]|
0090DA30 | 83C4 04 | add esp,4 |
0090DA33 | 8D4E 0C | lea ecx,dword ptr ds: | ecx:sub_942320
0090DA36 | FF15 A4 | call dword ptr ds:[<&?lockForWrite@QReadWriteLock@@QAE |
0090DA3C | 8D4E 0C | lea ecx,dword ptr ds: | ecx:sub_942320
0090DA3F | C646 10 | mov byte ptr ds:,1 |
0090DA43 | FF15 A0 | call dword ptr ds:[<&?unlock@QReadWriteLock@@QAEXXZ>]|
0090DA49 | 8B4D F4 | mov ecx,dword ptr ss: | ecx:sub_942320
0090DA4C | 64:890D | mov dword ptr fs:,ecx | ecx:sub_942320
0090DA53 | 59 | pop ecx | ecx:sub_942320
0090DA54 | 5F | pop edi |
0090DA55 | 5E | pop esi |
0090DA56 | 8BE5 | mov esp,ebp |
0090DA58 | 5D | pop ebp |
0090DA59 | C3 | ret |
008D2D99 | E8 10 | call <crack.sub_92E2AE> |
008D2D9E | 83C4| add esp,4 |
008D2DA1 | A1 B4 | mov eax,dword ptr ds:[<&?shared_null@QString@@0UData@ |
008D2DA6 | 8B40| mov eax,dword ptr ds: |
008D2DA9 | 85C0| test eax,eax |
008D2DAB | 0F84| je crack.8D2E70 | 第2处 84改 85
008D2DB1 | 8D4D| lea ecx,dword ptr ss: | ecx:sub_942320
008D2DB4 | 51 | push ecx | ecx:sub_942320
008D2DB5 | E8 B6 | call <crack.sub_8B2770> |
008D2DBA | 83C4| add esp,4 |
008D2DBD | 50 | push eax |
008D2DBE | B9 B4 | mov ecx,<crack.&?shared_null@QString@@0UData@1@A> | ecx:sub_942320
008D2DC3 | C745| mov dword ptr ss:,C | C:'\f'
008D2DCA | FF15| call dword ptr ds:[<&??4QString@@QAEAAV0@$$QAV0@@Z>]|
008D2DD0 | 8B55| mov edx,dword ptr ss: |
008D2DD3 | 897D| mov dword ptr ss:,edi |
008D2DD6 | 8BC7| mov eax,edi |
008D2DD8 | F0:0F | lock xadd dword ptr ds:,eax |
008D2DDC | 75 09 | jne crack.8D2DE7 |
008D2DDE | 8B4D| mov ecx,dword ptr ss: | ecx:sub_942320
008D2DE1 | 51 | push ecx | ecx:sub_942320
008D2DE2 | FFD3| call ebx |
008D2DE4 | 83C4| add esp,4 |
008D2DE7 | 68 9C | push crack.947B9C | 947B9C:"/TypeEasyData/download"
008D2DEC | B9 B4 | mov ecx,<crack.&?shared_null@QString@@0UData@1@A> | ecx:sub_942320
008D2DF1 | FF15| call dword ptr ds:[<&??YQString@@QAEAAV0@PBD@Z>] |
008D2DF7 | A1 40 | mov eax,dword ptr ds:[<&?shared_null@QString@@0UData@ |
008D2DFC | 8945| mov dword ptr ss:,eax |
008D2DFF | BA 01 | mov edx,1 |
008D2E04 | F0:0F | lock xadd dword ptr ds:,edx |
008D2E08 | 8D45| lea eax,dword ptr ss: |
008D2E0B | 50 | push eax |
008D2E0C | 8D4D| lea ecx,dword ptr ss: | ecx:sub_942320
008D2E0F | C745| mov dword ptr ss:,D | D:'\r'
008D2E16 | FF15| call dword ptr ds:[<&??0QDir@@QAE@ABVQString@@@Z>] |
008D2E1C | 8B4D| mov ecx,dword ptr ss: | ecx:sub_942320
008D2E1F | C645| mov byte ptr ss:,F |
008D2E23 | 8BD7| mov edx,edi |
008D2E25 | F0:0F | lock xadd dword ptr ds:,edx | ecx:sub_942320
F8顺序向下执行,结果,又被断下
008D2EEE | EB 47 | jmp crack.8D2F37 |
008D2EF0 | 8D45| lea eax,dword ptr ss: |
008D2EF3 | 50 | push eax |
008D2EF4 | FF15| call dword ptr ds:[<&?applicationDirPath@QCoreApplica |
008D2EFA | 83C4| add esp,4 |
008D2EFD | 50 | push eax |
008D2EFE | B9 B4 | mov ecx,<crack.&?shared_null@QString@@0UData@1@A> |
008D2F03 | C745| mov dword ptr ss:,12 |
008D2F0A | FF15| call dword ptr ds:[<&??4QString@@QAEAAV0@$$QAV0@@Z>]|
008D2F10 | 8B4D| mov ecx,dword ptr ss: |
008D2F13 | 897D| mov dword ptr ss:,edi |
008D2F16 | 8BD7| mov edx,edi |
008D2F18 | F0:0F | lock xadd dword ptr ds:,edx |
008D2F1C | 75 09 | jne crack.8D2F27 |
008D2F1E | 8B45| mov eax,dword ptr ss: |
008D2F21 | 50 | push eax |
008D2F22 | FFD3| call ebx |
008D2F24 | 83C4| add esp,4 |
008D2F27 | 68 90 | push crack.947B90 | 947B90:"/uplive.exe"
008D2F2C | B9 B4 | mov ecx,<crack.&?shared_null@QString@@0UData@1@A> |
008D2F31 | FF15| call dword ptr ds:[<&??YQString@@QAEAAV0@PBD@Z>] |
008D2F37 | A1 68 | mov eax,dword ptr ds:[<&?shared_null@QListData@@2UDat |
008D2F44 | F0:0F | lock xadd dword ptr ds:,ecx |
008D2F48 | 57 | push edi |
008D2F49 | BB 13 | mov ebx,13 |
008D2F4E | 68 80 | push crack.947B80 | 947B80:"-mode=update"
0090D891 | E9 D4 | jmp crack.90D96A |===>JMP掉!
0090D896 | 008B| add byte ptr ds:,cl |
0090D89C | FF | ??? |
0090D89D | FF84C | inc dword ptr ds: |
0090D8A4 | 0000| add byte ptr ds:,al |
0090D8A6 | 8BCE| mov ecx,esi |
0090D8A8 | E8 23 | call <crack.sub_90CCD0> |
0090D8AD | 84C0| test al,al |
0090D8AF | 0F84| je crack.90D96A |
0090D8B5 | 8B3D| mov edi,dword ptr ds:[<&?fromAscii_helper@QString@@CA |
0090D8BB | 6A FF | push FFFFFFFF |
0090D8BD | 68 74 | push crack.951A74 | 951A74:"-mode=update -trigging=exit -from=typeeasy"
0090D8C2 | FFD7| call edi |
0090D8C4 | 8945| mov dword ptr ss:,eax |
0090D8C7 | 8D45| lea eax,dword ptr ss: |
0090D8CA | 50 | push eax |
0090D8CB | C645| mov byte ptr ss:,3 |
0090D8CF | E8 CC | call <crack.sub_90D6A0> |
0090D8D4 | 8B4D| mov ecx,dword ptr ss: |
0090D8D7 | 83C4| add esp,C |
0090D8DA | C645| mov byte ptr ss:,2 |
0090D8DE | 83CA| or edx,FFFFFFFF |
0090D8E1 | F0:0F | lock xadd dword ptr ds:,edx |
0090D8E5 | 75 0D | jne crack.90D8F4 |
0090D8E7 | 8B45| mov eax,dword ptr ss: |
0090D8EA | 50 | push eax |
0090D8EB | FF15| call dword ptr ds:[<&?free@QString@@CAXPAUData@1@@Z>] |
0090D8F1 | 83C4| add esp,4 |
0090D8F4 | 6A FF | push FFFFFFFF |
0090D8F6 | 68 4C | push crack.94E34C | 94E34C:"yyyy-MM-dd"
0090D8FB | FFD7| call edi |
0090D8FD | 83C4| add esp,8 |
0090D900 | 8945| mov dword ptr ss:,eax |
0090D903 | 8D4D| lea ecx,dword ptr ss: |
0090D906 | 51 | push ecx |
0090D907 | 8D55| lea edx,dword ptr ss: |
0090D90A | 52 | push edx |
0090D90B | 8D45| lea eax,dword ptr ss: |
0090D90E | 50 | push eax |
0090D90F | C645| mov byte ptr ss:,4 |
0090D913 | FF15| call dword ptr ds:[<&?currentDate@QDate@@SA?AV1@XZ>]|
0090D919 | 83C4| add esp,4 |
0090D91C | 8BC8| mov ecx,eax |
0090D91E | FF15| call dword ptr ds:[<&?toString@QDate@@QBE?AVQString@@ |
0090D924 | 50 | push eax |
0090D925 | 8BCE| mov ecx,esi |
0090D927 | C645| mov byte ptr ss:,5 |
0090D92B | E8 E0 | call <crack.sub_90B210> |
0090D930 | 8B4D| mov ecx,dword ptr ss: |
0090D933 | C645| mov byte ptr ss:,4 |
0090D937 | 83CA| or edx,FFFFFFFF |
0090D93A | F0:0F | lock xadd dword ptr ds:,edx |
0090D93E | 75 0D | jne crack.90D94D |
0090D940 | 8B45| mov eax,dword ptr ss: |
0090D943 | 50 | push eax |
0090D944 | FF15| call dword ptr ds:[<&?free@QString@@CAXPAUData@1@@Z>] |
0090D94A | 83C4| add esp,4 |
0090D94D | 8B4D| mov ecx,dword ptr ss: |
0090D950 | C645| mov byte ptr ss:,2 |
0090D954 | 83CA| or edx,FFFFFFFF |
0090D957 | F0:0F | lock xadd dword ptr ds:,edx |
0090D95B | 75 0D | jne crack.90D96A |
0090D95D | 8B45| mov eax,dword ptr ss: |
0090D960 | 50 | push eax |
0090D961 | FF15| call dword ptr ds:[<&?free@QString@@CAXPAUData@1@@Z>] |
0090D967 | 83C4| add esp,4 |
0090D96A | 8D4E| lea ecx,dword ptr ds: |
0090D96D | C645| mov byte ptr ss:,1 |
0090D971 | FF15| call dword ptr ds:[<&??1QReadWriteLock@@QAE@XZ>] |
0090D977 | 8D4E| lea ecx,dword ptr ds: |
0090D97A | C645| mov byte ptr ss:,0 |
0090D97E | FF15| call dword ptr ds:[<&??1QMutex@@QAE@XZ>] |
0090D984 | 8BCE| mov ecx,esi |
0090D986 | C745| mov dword ptr ss:,FFFFFFFF |
0090D98D | FF15| call dword ptr ds:[<&??1QThread@@UAE@XZ>] |
0090D993 | 8B4D| mov ecx,dword ptr ss: |
0090D996 | 64:89 | mov dword ptr fs:,ecx |
0090D99D | 59 | pop ecx |
0090D99E | 5F | pop edi |
0090D99F | 5E | pop esi |
0090D9A0 | 8BE5| mov esp,ebp |
0090D9A2 | 5D | pop ebp |
0090D9A3 | C3 | ret |
终极打补丁方案:我们需要打四次补丁方可解决。{:301_1006:}
00422DAB:0F85BF000000 jne 00422E70h |00422DAB:E9C0000000 jmp 00422E70h
|00422DB0:008D4DDC51E8 add byte ptr , cl
00422DB1:8D4DDC lea ecx, dword ptr |
00422DB4:51 push ecx |
00422DB5:E8B6F9FDFF call 00402770h |
|00422DB6:B6F9 mov dh, F9h
|00422DB8:FD std
|00422DB9:FF83C40450B9 inc dword ptr
00422DBA:83C404 add esp, 04h |
00422DBD:50 push eax |
00422DBE:B9B48F4C00 mov ecx, 004C8FB4h |
|00422DBF:B48F mov ah, 8Fh
|00422DC1:4C dec esp
|00422DC2:00C7 add bh, al
00422DC3:C745FC0C000000 mov dword ptr , 0000000Ch |
|00422DC4:45 inc ebp
|00422DC5:FC cld
|00422DC6:0C00 or al, 00000000h
|00422DC8:0000 add byte ptr , al
------------------------------------------------------------------------------------------------------------------------------------------
00422EEE:7547 jne 00422F37h |00422EEE:EB47 jmp 00422F37h
------------------------------------------------------------------------------------------------------------------------------------------
0045D891:0F84D3000000 je 0045D96Ah |0045D891:E9D4000000 jmp 0045D96Ah
|0045D896:008BCEE832D7 add byte ptr , cl
0045D897:8BCE mov ecx, esi |
0045D899:E832D7FFFF call 0045AFD0h |
|0045D89CFFFF ???
|0045D89E:84C0 test al, al
|0045D8A0:0F84C4000000 je 0045D96Ah
0045D89E:84C0 test al, al |
0045D8A0:0F84C4000000 je 0045D96Ah |
|0045D8A6:8BCE mov ecx, esi
|0045D8A8:E823F4FFFF call 0045CCD0h
0045D8A6:8BCE mov ecx, esi |
0045D8A8:E823F4FFFF call 0045CCD0h |
|0045D8AD:84C0 test al, al
|0045D8AF:0F84B5000000 je 0045D96Ah
0045D8AD:84C0 test al, al |
0045D8AF:0F84B5000000 je 0045D96Ah |
|0045D8B5:8B3D3C354900 mov edi, dword ptr
0045D8B5:8B3D3C354900 mov edi, dword ptr |
|0045D8BB:6AFF push FFFFFFFFh
|0045D8BD:68741A4A00 push 004A1A74h
0045D8BB:6AFF push FFFFFFFFh |
0045D8BD:68741A4A00 push 004A1A74h |
|0045D8C2:FFD7 call edi
|0045D8C4:8945F0 mov dword ptr , eax
0045D8C2:FFD7 call edi |
0045D8C4:8945F0 mov dword ptr , eax |0045D8C7:8D45F0 lea eax, dword ptr
0045D8C7:8D45F0 lea eax, dword ptr |0045D8CA:50 push eax
|0045D8CB:C645FC03 mov byte ptr , 00000003h
0045D8CA:50 push eax |
0045D8CB:C645FC03 mov byte ptr , 00000003h |
|0045D8CF:E8CCFDFFFF call 0045D6A0h
0045D8CF:E8CCFDFFFF call 0045D6A0h |
|0045D8D4:8B4DF0 mov ecx, dword ptr
0045D8D4:8B4DF0 mov ecx, dword ptr |0045D8D7:83C40C add esp, 0Ch
0045D8D7:83C40C add esp, 0Ch |0045D8DA:C645FC02 mov byte ptr , 00000002h
0045D8DA:C645FC02 mov byte ptr , 00000002h |
|0045D8DE:83CAFF or edx, FFFFFFFFh
0045D8DE:83CAFF or edx, FFFFFFFFh |0045D8E1:F00FC111 lock xadd dword ptr , edx
0045D8E1:F00FC111 lock xadd dword ptr , edx |
|0045D8E5:750D jne 0045D8F4h
|0045D8E7:8B45F0 mov eax, dword ptr
0045D8E5:750D jne 0045D8F4h |
0045D8E7:8B45F0 mov eax, dword ptr |0045D8EA:50 push eax
|0045D8EB:FF1544354900 call dword ptr
0045D8EA:50 push eax |
0045D8EB:FF1544354900 call dword ptr |
|0045D8F1:83C404 add esp, 04h
0045D8F1:83C404 add esp, 04h |0045D8F4:6AFF push FFFFFFFFh
|0045D8F6:684CE34900 push 0049E34Ch
0045D8F4:6AFF push FFFFFFFFh |
------------------------------------------------------------------------------------------------------------------------------------------
0045D968:C4048D4E0CC645 les eax, fword ptr |
|0045D968:C4048D4E0CC645 les eax, fword ptr
0045D96F:FC cld |
0045D970:01FF add edi, edi |
|0045D96F:FC cld
0045D972:159C344900 adc eax, 0049349Ch |0045D970:01FF add edi, edi
|0045D972:159C344900 adc eax, 0049349Ch
0045D977:8D4E08 lea ecx, dword ptr |
|0045D977:8D4E08 lea ecx, dword ptr
0045D97A:C645FC00 mov byte ptr , 00000000h |
|0045D97A:C645FC00 mov byte ptr , 00000000h
0045D97E:FF1590314900 call dword ptr |
|0045D97E:FF1590314900 call dword ptr
0045D984:8BCE mov ecx, esi |
0045D986:C745FCFFFFFFFF mov dword ptr , FFFFFFFFh |0045D984:8BCE mov ecx, esi
|0045D986:C745FCFFFFFFFF mov dword ptr , FFFFFFFFh
0045D98D:FF155C344900 call dword ptr |
|0045D98D:FF155C344900 call dword ptr
0045D993:8B4DF4 mov ecx, dword ptr |
|0045D993:8B4DF4 mov ecx, dword ptr
0045D996:64890D00000000 mov dword ptr fs:, ecx |
|0045D996:64890D00000000 mov dword ptr fs:, ecx
0045D99D:59 pop ecx |
0045D99E:5F pop edi |
0045D99F:5E pop esi |0045D99D:59 pop ecx
0045D9A0:8BE5 mov esp, ebp |0045D99E:5F pop edi
|0045D99F:5E pop esi
0045D9A2:5D pop ebp |0045D9A0:8BE5 mov esp, ebp
0045D9A3:C3 ret |
0045D9A4:CC int3 |0045D9A2:5D pop ebp
0045D9A5:CC int3 |0045D9A3:C3 ret
0045D9B0:55 push ebp |0045D9AE:CC int3
0045D9B1:8BEC mov ebp, esp |0045D9AF:CC int3
|0045D9B0:C3 ret
0045D9B3:6AFF push FFFFFFFFh |0045D9B1:8BEC mov ebp, esp
0045D9B5:68F9FD4700 push 0047FDF9h |0045D9B3:6AFF push FFFFFFFFh
|0045D9B5:68F9FD4700 push 0047FDF9h
0045D9BA:64A100000000 mov eax, dword ptr fs: |
|0045D9BA:64A100000000 mov eax, dword ptr fs:
0045D9C0:50 push eax |
0045D9C1:51 push ecx |
0045D9C2:56 push esi |0045D9C0:50 push eax
0045D9C3:57 push edi |0045D9C1:51 push ecx
0045D9C4:A16C824C00 mov eax, dword ptr |0045D9C2:56 push esi
|0045D9C3:57 push edi
|0045D9C4:A16C824C00 mov eax, dword ptr
0045D9C9:33C5 xor eax, ebp |
0045D9CB:50 push eax |0045D9C9:33C5 xor eax, ebp
0045D9CC:8D45F4 lea eax, dword ptr |
|0045D9CB:50 push eax
|0045D9CC:8D45F4 lea eax, dword ptr
0045D9CF:64A300000000 mov dword ptr fs:, eax |
|0045D9CF:64A300000000 mov dword ptr fs:, eax
0045D9D5:8BF1 mov esi, ecx |
0045D9D7:E8F4D5FFFF call 0045AFD0h |0045D9D5:8BF1 mov esi, ecx
|0045D9D7:E8F4D5FFFF call 0045AFD0h
0045D9DC:84C0 test al, al |
0045D9DE:7453 je 0045DA33h |0045D9DC:84C0 test al, al
0045D9E0:8BCE mov ecx, esi |0045D9DE:EB53 jmp 0045DA33h
0045D9E2:E8E9F2FFFF call 0045CCD0h |0045D9E0:8BCE mov ecx, esi
|0045D9E2:E8E9F2FFFF call 0045CCD0h
0045D9E7:84C0 test al, al |
------------------------------------------------------------------------------------------------------------------------------------------
0045D9B0:55 push ebp |0045D9B0:C3 ret
0045D9DE:7453 je 0045DA33h |0045D9DE:EB53 jmp 0045DA33h
------------------------------------------------------------------------------------------------------------------------------------------
另外,还有一个问题,当点击右上角关闭窗口时,并不会真的退出,好吧,我们顺路也修改下。
因为前边跟到了close ,所以下面的修改代码还是比较好接的。
我们会断到下面这里!
00922AF3 | 68 1466 | push 去升级终极版.996614 | 996614:"close"
00922AF8 | FFD6 | call esi |
00922AFA | 8907 | mov dword ptr ds:,eax |
00922AFC | 8B0D 04 | mov ecx,dword ptr ds: |
00922B02 | 83C4 08 | add esp,8 |
00922B05 | E8 E6F7 | call 去升级终极版.9322F0 |
00922B0A | 6A 00 | push 0 |
00922B0C | E8 1F15 | call 去升级终极版.954030 |
00922B11 | 8BC8 | mov ecx,eax |
00922B13 | E8 D8F3 | call 去升级终极版.951EF0 |
00922B18 | 50 | push eax |
00922B19 | 8D4D C0 | lea ecx,dword ptr ss: |
00922B1C | E8 DF7D | call 去升级终极版.90A900 |
00922B21 | 8D45 DC | lea eax,dword ptr ss: |
00922B24 | 50 | push eax |
00922B25 | C745 FC | mov dword ptr ss:,0 |
00922B2C | FF15 14 | call dword ptr ds:[<&?currentTime@QTime |
00922B32 | 6A FF | push FFFFFFFF |
00922B34 | 68 6075 | push 去升级终极版.997560 | 997560:"HH:mm:ss"
还记得这个吗?
0095D891 | E9 D400 | jmp 去升级终极版.95D96A | 我们就用这个地址试一下好吧?
0095D896 | 008B CE | add byte ptr ds:,cl |
0095D89C | FF | ??? |
0095D89D | FF84C0| inc dword ptr ds: |
0095D8A4 | 0000 | add byte ptr ds:,al |
0095D8A6 | 8BCE | mov ecx,esi |
0095D8A8 | E8 23F4 | call 去升级终极版.95CCD0 |
0095D8AD | 84C0 | test al,al |
0095D8AF | 0F84 B5 | je 去升级终极版.95D96A |
0095D8B5 | 8B3D 3C | mov edi,dword ptr ds:[<&?fromAscii_help |
0095D8BB | 6A FF | push FFFFFFFF |
0095D8BD | 68 741A | push 去升级终极版.9A1A74 | 9A1A74:"-mode=update -trigging=exit -from=typeeasy"
但是跨越幅度太大,程序异常了(但保存出的文件可以的)
jefel 发表于 2020-4-7 15:42
楼主缺少共享精神!我还念念不忘*你妹五笔!
分享的后果是
楼主进了小黑屋
伸手党获利
软件开发者哭了
论坛管理员接到投诉{:301_994:} 玩转破解,解字当先;解者分也,破者拆也;四个战机,切莫错过;
细找端倪,布施陷井,验证猜测;三种断点,变换组合,神法无限;
步步为营,蜕皮抽茧,拨开疑云;不明其理,茫茫代码,累死傻小;
软件冷血,实则有轨,看透表象;冥冥之中,有法可寻,皆有标记;
弹框广告,字串抓包,暂停回溯;时间限制,文件键值,找到除之;
重启验证,乐趣多多,顶部改之;网络黑单,断了网儿,一切瞎鬼;
找到要点,补而丁之,大白伺候;至于其他,预知后事,且听下回。
千万里我只为找寻那些会共鸣的朋友;说得不对之处全当放屁好了@-@ 哗,好像我当年去学电脑就是用这个学习的,想当年,学电脑还要去学习的,没人人家里有电脑的,很怀念 好老的东西了,当初学打字用的就是这个。想当年,有个警察抓小偷的游戏,扮演警察时,小偷每次都能跑掉;扮演小偷时,警察每次都能抓住我。{:301_1004:} 支持楼主,6666 金山软件,20多年前练习打字用的,收藏,感谢分享 楼主有成品嘛~ 给个成品呗~感谢。
楼主发个成品吧 麻烦搂主给个成品啊 当年在学习机上学打字,学着学着就开始魂斗罗了{:1_926:}