一款英文版ERP管理软件加密狗破解及暗桩去除C++
本帖最后由 ajm3 于 2014-11-29 11:10 编辑一款英文版ERP管理软件加密狗破解及暗桩去除
以下是教程文档中的一部分
一个英文ERP软件加密狗破解视频。
不解释 自己看
没有加密狗,就这样了
好了 动手,先看语音
Borland C++ 1999
有点旧的语音。。
无壳的C语言,教最简单的破解方法吧,字符法,我已经放入了od
0048F3FD .68 3C655300 push tdsoft.0053653C ;9软件已过了试用期,需要激活才能继续使用
0048F402 .8D45 E0 lea eax,dword ptr ss:
0048F405 .50 push eax
0048F406 .E8 29D00600 call tdsoft.004FC434
0048F40B .83C4 08 add esp,0x8
0048F40E .FF85 C8FDFFFF inc dword ptr ss:
0048F414 .8D55 E0 lea edx,dword ptr ss:
0048F417 .52 push edx
0048F418 .8D4D D8 lea ecx,dword ptr ss:
0048F41B .51 push ecx
0048F41C .E8 4355F7FF call tdsoft.00404964
0048F421 .59 pop ecx
0048F422 .50 push eax
0048F423 .FF85 C8FDFFFF inc dword ptr ss:
0048F429 .68 26655300 push tdsoft.00536526 ;SOFTRDONLY
0048F42E .8D45 DC lea eax,dword ptr ss:
0048F431 .50 push eax
0048F432 .E8 6DD10600 call tdsoft.004FC5A4
0048F437 .83C4 08 add esp,0x8
0048F43A .FF85 C8FDFFFF inc dword ptr ss:
0048F440 .8B10 mov edx,dword ptr ds:
0048F442 .A1 84305600 mov eax,dword ptr ds:
0048F447 .59 pop ecx
0048F448 .E8 3FE00600 call <jmp.&rtl200.System::Classes::TStri>
0048F44D .8D55 D8 lea edx,dword ptr ss:
0048F450 .52 push edx
0048F451 .E8 9ED20600 call tdsoft.004FC6F4
0048F456 .83C4 08 add esp,0x8
0048F459 .84C0 test al,al
0048F45B .0F95C0 setne al
0048F45E .83E0 01 and eax,0x1
0048F461 .50 push eax
0048F462 .FF8D C8FDFFFF dec dword ptr ss:
0048F468 .6A 02 push 0x2
0048F46A .8D55 E0 lea edx,dword ptr ss:
0048F46D .52 push edx
0048F46E .E8 99D10600 call tdsoft.004FC60C
0048F473 .83C4 08 add esp,0x8
0048F476 .FF8D C8FDFFFF dec dword ptr ss:
0048F47C .6A 02 push 0x2
0048F47E .8D4D D8 lea ecx,dword ptr ss:
0048F481 .51 push ecx
0048F482 .E8 85D10600 call tdsoft.004FC60C
0048F487 .83C4 08 add esp,0x8
0048F48A .FF8D C8FDFFFF dec dword ptr ss:
0048F490 .6A 02 push 0x2
0048F492 .8D45 DC lea eax,dword ptr ss:
0048F495 .50 push eax
0048F496 .E8 71D10600 call tdsoft.004FC60C
0048F49B .83C4 08 add esp,0x8
0048F49E .5A pop edx
0048F49F .85D2 test edx,edx
0048F4A1 .75 04 jnz Xtdsoft.0048F4A7
0048F4A3 >33C9 xor ecx,ecx
这里都是报错代码,需要删除
0048F4E9 .6A 00 push 0x0
0048F4EB .66:C785 BCFDF>mov word ptr ss:,0x30
0048F4F4 .8D55 D0 lea edx,dword ptr ss:
0048F4F7 .52 push edx
0048F4F8 .E8 6754F7FF call tdsoft.00404964
0048F4FD .59 pop ecx
0048F4FE .50 push eax
0048F4FF .FF85 C8FDFFFF inc dword ptr ss:
0048F505 .68 3E655300 push tdsoft.0053653E ;软件已过了试用期,需要激活才能继续使用
0048F50A .8D4D D4 lea ecx,dword ptr ss:
0048F50D .51 push ecx
0048F50E .E8 91D00600 call tdsoft.004FC5A4
0048F513 .83C4 08 add esp,0x8
0048F516 .FF85 C8FDFFFF inc dword ptr ss:
0048F51C .8B00 mov eax,dword ptr ds:
0048F51E .5A pop edx
0048F51F .E8 10FA0600 call <jmp.&fyLanguage14.Rescommon::fyGet>
0048F524 .8D4D D0 lea ecx,dword ptr ss:
0048F527 .FF31 push dword ptr ds:
0048F529 .8D85 96FDFFFF lea eax,dword ptr ss:
0048F52F .E8 006AF7FF call tdsoft.00405F34
0048F534 .B2 02 mov dl,0x2
0048F536 .E8 2D6AF7FF call tdsoft.00405F68
0048F53B .66:8B08 mov cx,word ptr ds:
0048F53E .33D2 xor edx,edx
0048F540 .58 pop eax
0048F541 .E8 6EFE0500 call tdsoft.Fydialog::MessageDlg2
0048F546 .FF8D C8FDFFFF dec dword ptr ss:
0048F54C .6A 02 push 0x2
0048F54E .8D4D D0 lea ecx,dword ptr ss:
0048F551 .51 push ecx
0048F552 .E8 B5D00600 call tdsoft.004FC60C
0048F557 .83C4 08 add esp,0x8
0048F55A .FF8D C8FDFFFF dec dword ptr ss:
0048F560 .6A 02 push 0x2
0048F562 .8D45 D4 lea eax,dword ptr ss:
0048F565 .50 push eax
0048F566 .E8 A1D00600 call tdsoft.004FC60C
0048F56B .83C4 08 add esp,0x8
0048F56E .33D2 xor edx,edx
0048F570 .A1 00305600 mov eax,dword ptr ds:
0048F575 .8B08 mov ecx,dword ptr ds:
0048F577 .FF51 04 call dword ptr ds:
0048F57A .84C0 test al,al
0048F57C .0F84 94000000 je tdsoft.0048F616
第二处,也一样
系统未检测到锁,请将锁接好后重试
这是系统暗桩,需要去掉
0048F6EF .6A 00 push 0x0
0048F6F1 .66:C785 BCFDF>mov word ptr ss:,0x54
0048F6FA .8D4D B8 lea ecx,dword ptr ss:
0048F6FD .51 push ecx
0048F6FE .E8 6152F7FF call tdsoft.00404964
0048F703 .59 pop ecx
0048F704 .50 push eax
0048F705 .FF85 C8FDFFFF inc dword ptr ss:
0048F70B .68 86655300 push tdsoft.00536586 ;系统未检测到锁,请将锁接好后重试
0048F710 .8D45 BC lea eax,dword ptr ss:
0048F713 .50 push eax
0048F714 .E8 8BCE0600 call tdsoft.004FC5A4
0048F719 .83C4 08 add esp,0x8
0048F71C .FF85 C8FDFFFF inc dword ptr ss:
0048F722 .8B00 mov eax,dword ptr ds:
0048F724 .5A pop edx
0048F725 .E8 0AF80600 call <jmp.&fyLanguage14.Rescommon::fyGet>
0048F72A .8D4D B8 lea ecx,dword ptr ss:
0048F72D .FF31 push dword ptr ds:
0048F72F .8D85 90FDFFFF lea eax,dword ptr ss:
0048F735 .E8 FA67F7FF call tdsoft.00405F34
0048F73A .B2 02 mov dl,0x2
0048F73C .E8 2768F7FF call tdsoft.00405F68
0048F741 .66:8B08 mov cx,word ptr ds:
0048F744 .B2 01 mov dl,0x1
0048F746 .58 pop eax
0048F747 .E8 68FC0500 call tdsoft.Fydialog::MessageDlg2
0048F74C .FF8D C8FDFFFF dec dword ptr ss:
0048F752 .6A 02 push 0x2
0048F754 .8D4D B8 lea ecx,dword ptr ss:
0048F757 .51 push ecx
0048F758 .E8 AFCE0600 call tdsoft.004FC60C
0048F75D .83C4 08 add esp,0x8
0048F760 .FF8D C8FDFFFF dec dword ptr ss:
0048F766 .6A 02 push 0x2
0048F768 .8D45 BC lea eax,dword ptr ss:
0048F76B .50 push eax
0048F76C .E8 9BCE0600 call tdsoft.004FC60C
0048F771 .83C4 08 add esp,0x8
0048F774 .6A 00 push 0x0
0048F776 .6A 00 push 0x0
0048F778 .6A 10 push 0x10
0048F77A .8B85 A8FDFFFF mov eax,dword ptr ss:
0048F780 .E8 2FE70600 call <jmp.&vcl200.Vcl::Controls::TWinCon>
0048F785 .50 push eax ; |hWnd
0048F786 .E8 07070700 call <jmp.&USER32.PostMessageW> ; \PostMessageW
0048F78B .33C0 xor eax,eax
0048F78D .50 push eax
0048F78E .83AD C8FDFFFF>sub dword ptr ss:,0x2
0048F795 .6A 02 push 0x2
0048F797 .8D55 FC lea edx,dword ptr ss:
0048F79A .52 push edx
0048F79B .E8 3052F7FF call tdsoft.004049D0
0048F7A0 .83C4 08 add esp,0x8
0048F7A3 .58 pop eax
0048F7A4 .8B95 ACFDFFFF mov edx,dword ptr ss:
0048F7AA .64:8915 00000>mov dword ptr fs:,edx
0048F7B1 .E9 A8210000 jmp tdsoft.0049195E
所有删除即可
序列号或加密狗版本不一致
暗桩2
0048FC70 .6A 00 push 0x0
0048FC72 .66:C785 BCFDF>mov word ptr ss:,0xA8
0048FC7B .8D8D 64FFFFFF lea ecx,dword ptr ss:
0048FC81 .51 push ecx
0048FC82 .E8 DD4CF7FF call tdsoft.00404964
0048FC87 .59 pop ecx
0048FC88 .50 push eax
0048FC89 .FF85 C8FDFFFF inc dword ptr ss:
0048FC8F .68 08665300 push tdsoft.00536608 ;序列号或加密狗版本不一致
0048FC94 .8D85 68FFFFFF lea eax,dword ptr ss:
0048FC9A .50 push eax
0048FC9B .E8 04C90600 call tdsoft.004FC5A4
0048FCA0 .83C4 08 add esp,0x8
0048FCA3 .FF85 C8FDFFFF inc dword ptr ss:
0048FCA9 .8B00 mov eax,dword ptr ds:
0048FCAB .5A pop edx
0048FCAC .E8 83F20600 call <jmp.&fyLanguage14.Rescommon::fyGet>
0048FCB1 .8D8D 64FFFFFF lea ecx,dword ptr ss:
0048FCB7 .FF31 push dword ptr ds:
0048FCB9 .8D85 8AFDFFFF lea eax,dword ptr ss:
0048FCBF .E8 7062F7FF call tdsoft.00405F34
0048FCC4 .B2 02 mov dl,0x2
0048FCC6 .E8 9D62F7FF call tdsoft.00405F68
0048FCCB .66:8B08 mov cx,word ptr ds:
0048FCCE .B2 01 mov dl,0x1
0048FCD0 .58 pop eax
0048FCD1 .E8 DEF60500 call tdsoft.Fydialog::MessageDlg2
0048FCD6 .FF8D C8FDFFFF dec dword ptr ss:
0048FCDC .6A 02 push 0x2
0048FCDE .8D8D 64FFFFFF lea ecx,dword ptr ss:
0048FCE4 .51 push ecx
0048FCE5 .E8 22C90600 call tdsoft.004FC60C
0048FCEA .83C4 08 add esp,0x8
0048FCED .FF8D C8FDFFFF dec dword ptr ss:
0048FCF3 .6A 02 push 0x2
0048FCF5 .8D85 68FFFFFF lea eax,dword ptr ss:
0048FCFB .50 push eax
0048FCFC .E8 0BC90600 call tdsoft.004FC60C
0048FD01 .83C4 08 add esp,0x8
0048FD04 .6A 00 push 0x0
0048FD06 .6A 00 push 0x0
0048FD08 .6A 10 push 0x10
0048FD0A .8B85 A8FDFFFF mov eax,dword ptr ss:
0048FD10 .E8 9FE10600 call <jmp.&vcl200.Vcl::Controls::TWinCon>
0048FD15 .50 push eax ; |hWnd
0048FD16 .E8 77010700 call <jmp.&USER32.PostMessageW> ; \PostMessageW
0048FD1B .33C0 xor eax,eax
0048FD1D .50 push eax
0048FD1E .FF8D C8FDFFFF dec dword ptr ss:
0048FD24 .6A 02 push 0x2
0048FD26 .8D55 98 lea edx,dword ptr ss:
0048FD29 .52 push edx
0048FD2A .E8 DDC80600 call tdsoft.004FC60C
0048FD2F .83C4 08 add esp,0x8
0048FD32 .83AD C8FDFFFF>sub dword ptr ss:,0x2
0048FD39 .6A 02 push 0x2
0048FD3B .8D4D FC lea ecx,dword ptr ss:
0048FD3E .51 push ecx
0048FD3F .E8 8C4CF7FF call tdsoft.004049D0
0048FD44 .83C4 08 add esp,0x8
0048FD47 .58 pop eax
0048FD48 .8B95 ACFDFFFF mov edx,dword ptr ss:
0048FD4E .64:8915 00000>mov dword ptr fs:,edx
0048FD55 .E9 041C0000 jmp tdsoft.0049195E
删除
00490540 . /74 0D je Xtdsoft.0049054F
让他实现
00490614 . /0F85 84010000 jnz tdsoft.0049079E
也要实现
------------
00490C5E . /0F84 CB000000 je tdsoft.00490D2F
不让他实现
00490D29 . /0F84 21030000 je tdsoft.00491050
让他实现
,刚刚那里是一样的道理 不解释了
锁已拔出,请将锁接入后继续使用
暗桩还真不少啊,体力活
系统当前在线用户,已超最大在线用户数,将退出
用户数量限制破解
播放密码为:200567366,请记住。
链接: http://pan.baidu.com/s/1bnF7JBp 密码: 743q
自己看吧
好的话 给个赞!
这是新手教程!大神就不要看了!没味道了 广告位出租,100GB一天。{:1_918:} 好教程,谢谢楼主 什么的erp? 这是新手教程!大神就不要看了!没味道了 谢谢分享。 谢谢分享! 这个支持下学习下 这个支持下,谢谢分享!
页:
[1]
2