中星睿典WINXP爆破过称
追码不会高人来下载地址:http://www.zxrd.org/
里面其他模块办法估计差不多有兴趣的自己去看看
1.更具他说的如果不注册只能做一套题,那么我们点击第二套题弹出这个框框f2暂停然后alt+k
2.来到这里点最后一个
3.往上走能看到
007F48F4 .66:C705 44B07>mov word ptr ds:,0x28
007F48FD .66:391D C8B07>cmp word ptr ds:,bx“这里有个比较和一个常量0x7FB0C8比较记下这个常量然后查找所有常量”
007F4904 .895D DC mov dword ptr ss:,ebx
007F4907 .895D CC mov dword ptr ss:,ebx
007F490A .895D BC mov dword ptr ss:,ebx
007F490D .895D AC mov dword ptr ss:,ebx
007F4910 .895D A8 mov dword ptr ss:,ebx
007F4913 .895D A4 mov dword ptr ss:,ebx
007F4916 .895D A0 mov dword ptr ss:,ebx
007F4919 .895D 9C mov dword ptr ss:,ebx
007F491C .895D 98 mov dword ptr ss:,ebx
007F491F .895D 94 mov dword ptr ss:,ebx
007F4922 .895D 90 mov dword ptr ss:,ebx
007F4925 .895D 8C mov dword ptr ss:,ebx
007F4928 .895D 88 mov dword ptr ss:,ebx
007F492B .895D 84 mov dword ptr ss:,ebx
007F492E .895D 80 mov dword ptr ss:,ebx
007F4931 .899D 7CFFFFFF mov dword ptr ss:,ebx
007F4937 .899D 78FFFFFF mov dword ptr ss:,ebx
007F493D .899D 68FFFFFF mov dword ptr ss:,ebx
007F4943 .899D 58FFFFFF mov dword ptr ss:,ebx
007F4949 .899D 48FFFFFF mov dword ptr ss:,ebx
007F494F .899D 38FFFFFF mov dword ptr ss:,ebx
007F4955 .899D 28FFFFFF mov dword ptr ss:,ebx
007F495B .899D 18FFFFFF mov dword ptr ss:,ebx
007F4961 .899D 08FFFFFF mov dword ptr ss:,ebx
007F4967 .899D F8FEFFFF mov dword ptr ss:,ebx
007F496D .899D E8FEFFFF mov dword ptr ss:,ebx
007F4973 .899D D8FEFFFF mov dword ptr ss:,ebx
007F4979 .899D C8FEFFFF mov dword ptr ss:,ebx
007F497F .899D B8FEFFFF mov dword ptr ss:,ebx
007F4985 .899D A8FEFFFF mov dword ptr ss:,ebx
007F498B .899D 98FEFFFF mov dword ptr ss:,ebx
007F4991 .899D 88FEFFFF mov dword ptr ss:,ebx
007F4997 .899D 64FEFFFF mov dword ptr ss:,ebx
007F499D .899D 54FEFFFF mov dword ptr ss:,ebx
007F49A3 .899D 44FEFFFF mov dword ptr ss:,ebx
007F49A9 .899D 34FEFFFF mov dword ptr ss:,ebx
007F49AF .0F85 FF030000 jnz 计算机考.007F4DB4这个跳下去就是注册成功的。
007F49B5 .B9 0A000000 mov ecx,0xA
007F49BA .B8 04000280 mov eax,0x80020004
007F49BF .898D 38FFFFFF mov dword ptr ss:,ecx
007F49C5 .898D 48FFFFFF mov dword ptr ss:,ecx
007F49CB .8D95 C8FEFFFF lea edx,dword ptr ss:
007F49D1 .8D8D 58FFFFFF lea ecx,dword ptr ss:
007F49D7 .8985 40FFFFFF mov dword ptr ss:,eax
007F49DD .8985 50FFFFFF mov dword ptr ss:,eax
007F49E3 .C785 D0FEFFFF>mov dword ptr ss:,计算机考.004391>;注册提醒
007F49ED .C785 C8FEFFFF>mov dword ptr ss:,0x8
007F49F7 .FF15 00124000 call dword ptr ds:[<&MSVBVM60.__vbaVarDu>;msvbvm60.__vbaVarDup
007F49FD .8B3D 64104000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaSt>;msvbvm60.__vbaStrCat
007F4A03 .68 F8904300 push 计算机考.004390F8 ;你还没有注册,只能做试用题!
007F4A08 .68 14724300 push 计算机考.00437214 ; /\r\n
007F4A0D .FFD7 call edi ; \__vbaStrCat
007F4A0F .8B35 2C124000 mov esi,dword ptr ds:[<&MSVBVM60.__vbaSt>;msvbvm60.__vbaStrMove
007F4A15 .8BD0 mov edx,eax
007F4A17 .8D4D A8 lea ecx,dword ptr ss:
007F4A1A .FFD6 call esi ;<&MSVBVM60.__vbaStrMove>
007F4A1C .50 push eax
007F4A1D .68 788E4300 push 计算机考.00438E78 ;注册后可做全部试题(共
4.统统下断看看他启动的时候能断下来不ctrl+f12重载
5.断在这里
007E214B 66:C705 C8B07>mov word ptr ds:,0x0
这个赋值为0就是注册,0xFFFF为注册可以自己分析很容易的我们在这里把0x0改成0xFFFF
f9继续停到这里
007E40E6 66:C705 C8B07>mov word ptr ds:,0x0
这里又是一次判断给0x7FB0C8弄成0x0同样改成0xFFFF,f9直接跑起来了
看看好了进去之后功能没有限制,第一次写这东西有不对的地方大家指正啊
喜欢可没有看懂 中星睿典系列都是这样吗
学习了不错的教程,点到好处 学习一下! 适合新手学习.......感谢分享...... 貌似不能用 下标越界 这个是用OB破的么?是什么软件? qq379586145 发表于 2012-5-21 10:52 static/image/common/back.gif
这个是用OB破的么?是什么软件?
中星睿典。用od