FastStone Capture（截图工具）破解过程

海浪SeaWave 发表于 2013-7-28 13:02

本帖最后由海浪SeaWave 于 2013-7-28 13:06 编辑

【文章标题】: FastStone Capture 破解过程【文章作者】: 海浪SeaWave【软件名称】: FastStone Capture【下载地址】: http://faststone-capture.en.softonic.com/（官网）【加壳方式】: UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo【编写语言】: Borland Delphi 6.0 - 7.0【使用工具】: OD、PEid【操作平台】: Windows XP SP3【软件介绍】: 截图工具【作者声明】: 只是感兴趣，没有其他目的。失误之处敬请诸位大侠赐教!第一次写破文，很简略，失误之处请大神指教！！--------------------------------------------------------------------------------【详细过程】今天去网上，发现了这个好捏的软柿子。大家自己下载吧。
破解后：解压后将文件覆盖即可。

1、查壳UPX的壳，太简单了。脱壳过程就不用说了。脱壳后，显示是Delphi写的。
2、破解双击打开，显示需要注册。点击输入注册码，随便输入，弹出“Invalid User Name or Registration Code!”。好的，搜一下字符串，居然搜到了！好，我们来破解（请看注释）：0062FFDF 90 nop0062FFE0 .55 push ebp0062FFE1 .8BEC mov ebp,esp0062FFE3 .B9 08000000 mov ecx,0x80062FFE8 >6A 00 push 0x00062FFEA .6A 00 push 0x00062FFEC .49 dec ecx0062FFED .^ 75 F9 jnz XFSCaptur.0062FFE80062FFEF .51 push ecx0062FFF0 .53 push ebx0062FFF1 .56 push esi0062FFF2 .57 push edi0062FFF3 .8945 FC mov dword ptr ss:,eax0062FFF6 .33C0 xor eax,eax0062FFF8 .55 push ebp0062FFF9 .68 B6036300 push FSCaptur.006303B60062FFFE .64:FF30 push dword ptr fs:00630001 .64:8920 mov dword ptr fs:,esp00630004 .33C0 xor eax,eax00630006 .55 push ebp00630007 .68 6C036300 push FSCaptur.0063036C0063000C .64:FF30 push dword ptr fs:0063000F .64:8920 mov dword ptr fs:,esp00630012 .8D55 E8 lea edx,dword ptr ss:00630015 .8B45 FC mov eax,dword ptr ss:00630018 .8B80 04030000 mov eax,dword ptr ds:0063001E .E8 4DB2E1FF call FSCaptur.0044B27000630023 .8B45 E8 mov eax,dword ptr ss:00630026 .8D55 F8 lea edx,dword ptr ss:00630029 .E8 7E93DDFF call FSCaptur.004093AC0063002E .8D55 E0 lea edx,dword ptr ss:00630031 .8B45 FC mov eax,dword ptr ss:00630034 .8B80 0C030000 mov eax,dword ptr ds:0063003A .E8 31B2E1FF call FSCaptur.0044B2700063003F .8B45 E0 mov eax,dword ptr ss:00630042 .8D55 E4 lea edx,dword ptr ss:00630045 .E8 6293DDFF call FSCaptur.004093AC0063004A .8B45 E4 mov eax,dword ptr ss:0063004D .8D55 F0 lea edx,dword ptr ss:00630050 .E8 0791DDFF call FSCaptur.0040915C00630055 .8D45 EC lea eax,dword ptr ss:00630058 .E8 FF47DDFF call FSCaptur.0040485C0063005D .8B45 F0 mov eax,dword ptr ss:00630060 .E8 AF4ADDFF call FSCaptur.00404B1400630065 .8BF8 mov edi,eax00630067 .4F dec edi00630068 .85FF test edi,edi0063006A .7C 66 jl XFSCaptur.006300D20063006C .47 inc edi0063006D .33F6 xor esi,esi0063006F >8B45 F0 mov eax,dword ptr ss:00630072 .8A1C30 mov bl,byte ptr ds:00630075 .80FB 41 cmp bl,0x4100630078 .72 20 jb XFSCaptur.0063009A0063007A .8B45 F0 mov eax,dword ptr ss:0063007D .80FB 5A cmp bl,0x5A00630080 .77 18 ja XFSCaptur.0063009A00630082 .8D45 DC lea eax,dword ptr ss:00630085 .8B55 F0 mov edx,dword ptr ss:00630088 .8BD3 mov edx,ebx0063008A .E8 AD49DDFF call FSCaptur.00404A3C0063008F .8B55 DC mov edx,dword ptr ss:00630092 .8D45 EC lea eax,dword ptr ss:00630095 .E8 824ADDFF call FSCaptur.00404B1C0063009A >8B45 EC mov eax,dword ptr ss:0063009D .E8 724ADDFF call FSCaptur.00404B14006300A2 .83F8 05 cmp eax,0x5006300A5 .74 1A je XFSCaptur.006300C1006300A7 .8B45 EC mov eax,dword ptr ss:006300AA .E8 654ADDFF call FSCaptur.00404B14006300AF .83F8 0B cmp eax,0xB006300B2 .74 0D je XFSCaptur.006300C1006300B4 .8B45 EC mov eax,dword ptr ss:006300B7 .E8 584ADDFF call FSCaptur.00404B14006300BC .83F8 11 cmp eax,0x11006300BF .75 0D jnz XFSCaptur.006300CE006300C1 >8D45 EC lea eax,dword ptr ss:006300C4 .BA CC036300 mov edx,FSCaptur.006303CC ;-006300C9 .E8 4E4ADDFF call FSCaptur.00404B1C006300CE >46 inc esi006300CF .4F dec edi006300D0 .^ 75 9D jnz XFSCaptur.0063006F006300D2 >8D45 F4 lea eax,dword ptr ss:006300D5 .8B55 EC mov edx,dword ptr ss:006300D8 .E8 1748DDFF call FSCaptur.004048F4006300DD .837D F8 00 cmp dword ptr ss:,0x0006300E1 75 33 jnz XFSCaptur.00630116 ;验证用户名称是否为空，此处JMP掉。006300E3 .6A 00 push 0x0006300E5 .66:8B0D D0036>mov cx,word ptr ds:006300EC .B2 02 mov dl,0x2006300EE .B8 DC036300 mov eax,FSCaptur.006303DC ;User Name cannot be empty.006300F3 .E8 203DE1FF call FSCaptur.00443E18 ;用户名称不能为空。006300F8 .8B45 FC mov eax,dword ptr ss:006300FB .8B80 04030000 mov eax,dword ptr ds:00630101 .8B10 mov edx,dword ptr ds:00630103 .FF92 C0000000 call dword ptr ds:00630109 .33C0 xor eax,eax0063010B .5A pop edx0063010C .59 pop ecx0063010D .59 pop ecx0063010E .64:8910 mov dword ptr fs:,edx00630111 .E9 60020000 jmp FSCaptur.0063037600630116 >8B55 F4 mov edx,dword ptr ss:00630119 .8B45 FC mov eax,dword ptr ss:0063011C .E8 DFEFFFFF call FSCaptur.0062F10000630121 .84C0 test al,al00630123 0F85 1A020000 jnz FSCaptur.00630343 ;是否注册成功，NOP。00630129 8B55 F8 mov edx,dword ptr ss:0063012C .8B45 FC mov eax,dword ptr ss:0063012F .E8 7CF0FFFF call FSCaptur.0062F1B000630134 .84C0 test al,al00630136 0F85 07020000 jnz FSCaptur.00630343 ;又验证一次，NOP。0063013C .8B4D F4 mov ecx,dword ptr ss:0063013F .8B55 F8 mov edx,dword ptr ss:00630142 .8B45 FC mov eax,dword ptr ss:00630145 .E8 5EFBFFFF call FSCaptur.0062FCA80063014A .84C0 test al,al0063014C 0F84 F1010000 je FSCaptur.00630343 ;又验证一次，NOP。00630152 .8B4D F4 mov ecx,dword ptr ss:00630155 .8B55 F8 mov edx,dword ptr ss:00630158 .8B45 FC mov eax,dword ptr ss:0063015B .E8 D8FBFFFF call FSCaptur.0062FD3800630160 .84C0 test al,al00630162 0F84 DB010000 je FSCaptur.00630343 ;又验证一次，NOP。00630168 .8B55 F4 mov edx,dword ptr ss:0063016B .8B45 FC mov eax,dword ptr ss:0063016E .E8 55FCFFFF call FSCaptur.0062FDC800630173 .48 dec eax00630174 0F8C C9010000 jl FSCaptur.00630343 ;又验证一次，NOP。0063017A .8B55 F4 mov edx,dword ptr ss:0063017D .8B45 FC mov eax,dword ptr ss:00630180 .E8 43FCFFFF call FSCaptur.0062FDC800630185 .8BD8 mov ebx,eax00630187 .83FB 01 cmp ebx,0x1 ;Switch (cases 457..1387)0063018A 7F 2D jg XFSCaptur.006301B9 ;是否为注册单用户，这个权限低，JMP掉！0063018C .6A 00 push 0x00063018E .6A 00 push 0x000630190 .8D45 D8 lea eax,dword ptr ss:00630193 .50 push eax00630194 .33C9 xor ecx,ecx00630196 .8B55 F8 mov edx,dword ptr ss:00630199 .B8 00046300 mov eax,FSCaptur.00630400 ;Congratulations!\r\rThis program has been registered to: %1% (Single-User License).0063019E .E8 29790800 call FSCaptur.006B7ACC ;祝贺你！此程序已注册：% 1%（单用户许可证）。006301A3 .8B45 D8 mov eax,dword ptr ss:006301A6 .66:8B0D D0036>mov cx,word ptr ds:006301AD .B2 02 mov dl,0x2006301AF .E8 643CE1FF call FSCaptur.00443E18006301B4 .E9 36010000 jmp FSCaptur.006302EF006301B9 >81FB 57040000 cmp ebx,0x457006301BF 75 2D jnz XFSCaptur.006301EE ;这个是家庭许可证，只能注册到5台电脑，权限比较低，JMP！006301C1 .6A 00 push 0x0 ;Case 457 of switch 00630187006301C3 .6A 00 push 0x0006301C5 .8D45 D4 lea eax,dword ptr ss:006301C8 .50 push eax006301C9 .33C9 xor ecx,ecx006301CB .8B55 F8 mov edx,dword ptr ss:006301CE .B8 5C046300 mov eax,FSCaptur.0063045C ;Congratulations!\r\rThis program has been registered to: %1% (Family License that covers up to 5 computers).006301D3 .E8 F4780800 call FSCaptur.006B7ACC ;祝贺你！此程序已注册：%1%（家庭的许可证，注册5台电脑）。006301D8 .8B45 D4 mov eax,dword ptr ss:006301DB .66:8B0D D0036>mov cx,word ptr ds:006301E2 .B2 02 mov dl,0x2006301E4 .E8 2F3CE1FF call FSCaptur.00443E18006301E9 .E9 01010000 jmp FSCaptur.006302EF006301EE >81FB 85130000 cmp ebx,0x1385006301F4 75 2D jnz XFSCaptur.00630223 ;教育站点许可证，JMP！006301F6 .6A 00 push 0x0 ;Case 1385 of switch 00630187006301F8 .6A 00 push 0x0006301FA .8D45 D0 lea eax,dword ptr ss:006301FD .50 push eax006301FE .33C9 xor ecx,ecx00630200 .8B55 F8 mov edx,dword ptr ss:00630203 .B8 D0046300 mov eax,FSCaptur.006304D0 ;Congratulations!\r\rThis program has been registered to: %1% (Educational Site License).00630208 .E8 BF780800 call FSCaptur.006B7ACC ;祝贺你！此程序已注册：% 1%（教育站点许可证）。0063020D .8B45 D0 mov eax,dword ptr ss:00630210 .66:8B0D D0036>mov cx,word ptr ds:00630217 .B2 02 mov dl,0x200630219 .E8 FA3BE1FF call FSCaptur.00443E180063021E .E9 CC000000 jmp FSCaptur.006302EF00630223 >81FB 86130000 cmp ebx,0x138600630229 .75 2D jnz XFSCaptur.00630258 ;教育全球许可，JMP！0063022B .6A 00 push 0x0 ;Case 1386 of switch 006301870063022D .6A 00 push 0x00063022F .8D45 CC lea eax,dword ptr ss:00630232 .50 push eax00630233 .33C9 xor ecx,ecx00630235 .8B55 F8 mov edx,dword ptr ss:00630238 .B8 30056300 mov eax,FSCaptur.00630530 ;Congratulations!\r\rThis program has been registered to: %1% (Educational Worldwide License).0063023D .E8 8A780800 call FSCaptur.006B7ACC ;祝贺你！本程序已注册到：%1%（教育全球许可）。00630242 .8B45 CC mov eax,dword ptr ss:00630245 .66:8B0D D0036>mov cx,word ptr ds:0063024C .B2 02 mov dl,0x20063024E .E8 C53BE1FF call FSCaptur.00443E1800630253 .E9 97000000 jmp FSCaptur.006302EF00630258 >81FB 87130000 cmp ebx,0x13870063025E .75 2A jnz XFSCaptur.0063028A ;公司站点许可证，JMP！00630260 .6A 00 push 0x0 ;Case 1387 of switch 0063018700630262 .6A 00 push 0x000630264 .8D45 C8 lea eax,dword ptr ss:00630267 .50 push eax00630268 .33C9 xor ecx,ecx0063026A .8B55 F8 mov edx,dword ptr ss:0063026D .B8 94056300 mov eax,FSCaptur.00630594 ;Congratulations!\r\rThis program has been registered to: %1% (Corporate Site License).00630272 .E8 55780800 call FSCaptur.006B7ACC ;祝贺你！此程序已注册到：%1%（公司站点许可证）。00630277 .8B45 C8 mov eax,dword ptr ss:0063027A .66:8B0D D0036>mov cx,word ptr ds:00630281 .B2 02 mov dl,0x200630283 .E8 903BE1FF call FSCaptur.00443E1800630288 .EB 65 jmp XFSCaptur.006302EF0063028A >81FB 88130000 cmp ebx,0x138800630290 .7D 35 jge XFSCaptur.006302C7 ;这个不知道是啥玩意，但应该不如后面，也JMP掉！00630292 .6A 00 push 0x000630294 .6A 00 push 0x000630296 .8D45 C4 lea eax,dword ptr ss:00630299 .50 push eax0063029A .8D55 C0 lea edx,dword ptr ss:0063029D .8BC3 mov eax,ebx0063029F .E8 8C93DDFF call FSCaptur.00409630006302A4 .8B4D C0 mov ecx,dword ptr ss:006302A7 .8B55 F8 mov edx,dword ptr ss:006302AA .B8 F4056300 mov eax,FSCaptur.006305F4 ;Congratulations!\r\rThis program has been registered to: %1% (%2% Licenses).006302AF .E8 18780800 call FSCaptur.006B7ACC ;祝贺你！此程序已注册到：%1%（%2%许可证）。006302B4 .8B45 C4 mov eax,dword ptr ss:006302B7 .66:8B0D D0036>mov cx,word ptr ds:006302BE .B2 02 mov dl,0x2006302C0 .E8 533BE1FF call FSCaptur.00443E18006302C5 .EB 28 jmp XFSCaptur.006302EF006302C7 >6A 00 push 0x0006302C9 .6A 00 push 0x0006302CB .8D45 BC lea eax,dword ptr ss:006302CE .50 push eax006302CF .33C9 xor ecx,ecx006302D1 .8B55 F8 mov edx,dword ptr ss: ;这个，权限应该是最高的了。006302D4 .B8 48066300 mov eax,FSCaptur.00630648 ;Congratulations!\r\rThis program has been registered to: %1% (Corporate Worldwide License).006302D9 .E8 EE770800 call FSCaptur.006B7ACC ;祝贺你！此程序已注册到：%1%（公司全球许可）。006302DE .8B45 BC mov eax,dword ptr ss:006302E1 .66:8B0D D0036>mov cx,word ptr ds:006302E8 .B2 02 mov dl,0x2006302EA .E8 293BE1FF call FSCaptur.00443E18006302EF >A1 E8126F00 mov eax,dword ptr ds:006302F4 .8B00 mov eax,dword ptr ds:006302F6 .8B80 70050000 mov eax,dword ptr ds:006302FC .83C0 30 add eax,0x30006302FF .8B55 F8 mov edx,dword ptr ss:00630302 .E8 A945DDFF call FSCaptur.004048B000630307 .A1 E8126F00 mov eax,dword ptr ds:0063030C .8B00 mov eax,dword ptr ds:0063030E .8B80 70050000 mov eax,dword ptr ds:00630314 .83C0 34 add eax,0x3400630317 .8B55 F4 mov edx,dword ptr ss:0063031A .E8 9145DDFF call FSCaptur.004048B00063031F .A1 E8126F00 mov eax,dword ptr ds:00630324 .8B00 mov eax,dword ptr ds:00630326 .C680 50050000>mov byte ptr ds:,0x10063032D .A1 E8126F00 mov eax,dword ptr ds:00630332 .8B00 mov eax,dword ptr ds:00630334 .E8 A70F0A00 call FSCaptur.006D12E000630339 .8B45 FC mov eax,dword ptr ss:0063033C .E8 878EE3FF call FSCaptur.004691C800630341 .EB 1F jmp XFSCaptur.0063036200630343 >6A 00 push 0x000630345 .66:8B0D D0036>mov cx,word ptr ds:0063034C .B2 02 mov dl,0x20063034E .B8 AC066300 mov eax,FSCaptur.006306AC ;Invalid User Name or Registration Code!00630353 .E8 C03AE1FF call FSCaptur.00443E18 ;无效的用户名和注册码！00630358 .33C0 xor eax,eax0063035A .5A pop edx0063035B .59 pop ecx0063035C .59 pop ecx0063035D .64:8910 mov dword ptr fs:,edx00630360 .EB 14 jmp XFSCaptur.0063037600630362 >33C0 xor eax,eax00630364 .5A pop edx00630365 .59 pop ecx00630366 .59 pop ecx00630367 .64:8910 mov dword ptr fs:,edx0063036A .EB 0A jmp XFSCaptur.006303760063036C .^ E9 DB3BDDFF jmp FSCaptur.00403F4C00630371 .E8 3E3FDDFF call FSCaptur.004042B400630376 >33C0 xor eax,eax00630378 .5A pop edx00630379 .59 pop ecx0063037A .59 pop ecx0063037B .64:8910 mov dword ptr fs:,edx0063037E .68 BD036300 push FSCaptur.006303BD00630383 >8D45 BC lea eax,dword ptr ss:00630386 .BA 09000000 mov edx,0x90063038B .E8 F044DDFF call FSCaptur.0040488000630390 .8D45 E0 lea eax,dword ptr ss:00630393 .E8 C444DDFF call FSCaptur.0040485C00630398 .8D45 E4 lea eax,dword ptr ss:0063039B .E8 BC44DDFF call FSCaptur.0040485C006303A0 .8D45 E8 lea eax,dword ptr ss:006303A3 .E8 B444DDFF call FSCaptur.0040485C006303A8 .8D45 EC lea eax,dword ptr ss:006303AB .BA 04000000 mov edx,0x4006303B0 .E8 CB44DDFF call FSCaptur.00404880006303B5 .C3 retn修改完成，全部保存。3、测试打开破解之后的程序，随便输入，弹出注册成功！--------------------------------------------------------------------------------【版权声明】: 本文原创于海浪SeaWave, 转载请注明作者并保持文章的完整, 谢谢!

Dlan 发表于 2013-7-28 13:16

不错，但是怎么知道它又是一个验证呢》最好能详细点

强悍啊 发表于 2013-7-28 13:13

建议楼主做成动画的更号看点

小淫仙 发表于 2013-7-28 13:21

不会破解的小白来过

轉瞬即逝~的愛 发表于 2013-7-28 13:23

虽然这是一个适合新手的帖子，但还是支持楼主，顶一下

wz2796 发表于 2013-7-28 13:23

庚琰1001 发表于 2013-7-28 13:24

说实话，我看不出来哪里是验证哪里不是。。。。。。。{:1_909:}

海浪SeaWave 发表于 2013-7-28 13:51

Dlan 发表于 2013-7-28 13:16 static/image/common/back.gif
不错，但是怎么知道它又是一个验证呢》最好能详细点

在OD里就能看了，因为有箭头。

wjl 发表于 2013-7-28 14:19

谢谢楼主分享。简单几分钟就能讲明白的建议楼主录制成gif动画格式，方便新手观摩

amulin 发表于 2013-7-28 14:58

Dlan 发表于 2013-7-28 13:16 static/image/common/back.gif
不错，但是怎么知道它又是一个验证呢》最好能详细点

跳到注册码错误，肯定是验证啊

页: [1] 2 3

吾爱破解 - 52pojie.cn's Archiver

FastStone Capture（截图工具） 破解过程

FastStone Capture（截图工具）破解过程