010 Editor for Windows 64-Bit 11.0.1 破解
本帖最后由 FleTime 于 2021-9-9 14:33 编辑> 下载
!(https://user-images.githubusercontent.com/36320938/132624559-d9ccfc3a-76fb-46a0-aeb7-cd0a575a7c74.png)
> 搜索字符串 010 Editor has detected that you have entered an invalid license.
> 向上翻,找到
!(https://user-images.githubusercontent.com/36320938/132624646-022e14ad-5c6d-4d6c-916e-0993d7391a52.png)
!(https://user-images.githubusercontent.com/36320938/132624658-c709a2fa-5b95-452b-ab43-3b7fb43f1dfb.png)
> 修改为
!(https://user-images.githubusercontent.com/36320938/132624708-f5f54ca5-f5d8-4e46-800e-95eebc0c01a9.png)
> 链接:请勿发布破解成品
>
> 提取码:sbj8 已成,用一段时间看看,不知道有没有别的校验,赞大佬。0DBH是因为下边比较是这个 本帖最后由 tk86935367 于 2022-8-1 10:02 编辑
做一个简要补充给需要的xd
### 1. 搜索字符串
shift + F12 搜索字符串
### 2. 找到调用字符串的函数
```
.rdata:00000001404C6E70 30 31 30 20 45 64 69 74+a010EditorHasDe db '010 Editor has detected that you have entered an invalid license.'
.rdata:00000001404C6E70 6F 72 20 68 61 73 20 64+ ; DATA XREF: sub_1401CF170+346↑o
```
双击 sub_1401CF170 进入代码段
### 3. F5 获取对应代码
在代码中,我们发现验证成功的代码是 v17 == 219,而 v17 来自函数 sub_140009D7C 的返回值,只要尝试修改sub_140009D7C 函数的返回值为 219 即可
```
if ( !v19 )
{
v69 = QString::fromAscii_helper(
"010 Editor has detected that you have entered an invalid license. Please check to see if your license is e"
"ntered correctly and try again. If this problem persists, please visit 'http://www.sweetscape.com/support/'.",
214i64);
sub_1400051A0(
(int)&v69,
v27,
v28,
v29,
v59,
v60,
v61,
v62,
v63,
v64,
anonymous1,
(int)anonymous2,
anonymous3,
anonymous4);
QString::~QString(&v69);
goto LABEL_54;
}
v17 = sub_140009D7C(qword_1406F01F8, 11i64, 18236i64);
v18 = qword_1406F01F8;
}
if ( v17 == 219 )
{
sub_14000523B(v18, &v62);
v59 = QString::fromAscii_helper("MMMM d, yyyy", 12i64);
v30 = (const struct QString *)QDate::toString(&v62, &v63, &v59);
v31 = (const struct QString *)QString::fromUtf8(
&v60,
"Password accepted. This license entitles you to:\n"
"\n"
" - Free Upgrades\n"
" - Free Support\n"
" - Free Repository Updates\n"
"\n"
"until ",
0xFFFFFFFFi64);
```
### 4. 子函数分析
```
// attributes: thunk
__int64 __fastcall sub_140009D7C(__int64 a1, __int64 a2, __int64 a3)
{
return sub_140308310(a1, a2, a3);
}
// 中间省略的代码
__int64 __fastcall sub_140308310(__int64 a1, __int64 a2, __int64 a3)
{
unsigned int v3; // edi
int v6; // eax
int v7; // eax
int v8; // eax
unsigned int v9; // ecx
int v10; // eax
unsigned int v11; // ecx
int v12; // eax
unsigned int v13; // ecx
v3 = a2;
if ( *(_DWORD *)(a1 + 60) )
return 275i64;
v6 = CDockablePane::HitTest(a1, a2, a3);
// 省略的代码
```
这里只需要把 if ( *(_DWORD *)(a1 + 60) ) 和 return 275i64;修改为强制返回 219 即可
### 5. 修改
在菜单中,选择 jump -> jump to function,然后 ctrl + F,输入 sub_140308310,双击进入函数
```
.text:0000000140308323 74 10 jz short loc_140308335
.text:0000000140308325 B8 13 01 00 00 mov eax, 113h
```
这里需要修改两个地方
- 把 jz 跳转去掉,直接改成 nop,nop 的十六进制为 90
- 把 0x0113 修改成 219, 219 的十六进制为 0x00DB
则修改后的内容应该为
```asm
.text:0000000140308323 90 90
.text:0000000140308325 B8 DB 00 00 00
``` 原理呢?为啥0DBH 精典软件,必装软件。 感谢大佬分享! 感谢分享,谢谢 感谢分享. 谢谢分享,经验很老道 厉害啊 好东西 很实用收藏了! 谢谢分享