破解PDF转换成word转换器
本帖最后由 cqr2287 于 2016-12-10 15:35 编辑又是一天一个破解…………
这次破解软件如题………………
省略号分割线…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
随便输入验证码
PEID查壳
无壳。好,od载入
然后,f9运行…………………………………………………………
随便输入
来到了系统领空,f12,返回程序领空
00403DEF|.E8 BC1E0000 call PDF转换?00405CB0
00403DF4|.50 push eax ; |Title = 00000001 ???
00403DF5|.8B45 08 mov eax, ; |
00403DF8|.50 push eax ; |Text = 00000001 ???
00403DF9|.8B4D E8 mov ecx, ; |
00403DFC|.8B51 04 mov edx,dword ptr ds: ; |
00403DFF|.52 push edx ; |hOwner = 00000016 ('##0C39A3BB-E8F3-4493-86F7-E51...',class='##0C39A3BB-E8F3-4493-86F7-E51...')
00403E00|.FF15 60534300 call dword ptr ds:[<&USER32.MessageBoxW>>; \MessageBoxW
00403E06|.8945 EC mov ,eax
注释里很清晰了对吧。下面call是调用MESSAGEBOXA的调用call
往上翻,看跳转
到了断首。。也没有
出call,看跳转
我擦,这么多调用
有12种情况出现注册失败。一一看。
第一个
00401EA0|. /74 67 je short PDF转换?00401F09
00401EA2|. |8D8D B4FDFFFF lea ecx,
00401EA8|. |E8 B3380000 call PDF转换?00405760
00401EAD|. |C745 FC 00000>mov ,0x0
00401EB4|. |68 8E000000 push 0x8E
00401EB9|. |8D8D B4FDFFFF lea ecx,
00401EBF|. |E8 EC3B0000 call PDF转换?00405AB0
00401EC4|. |6A 00 push 0x0
00401EC6|. |68 2C564300 push PDF转换?0043562C
00401ECB|. |8D8D B4FDFFFF lea ecx,
00401ED1|. |E8 DA3D0000 call PDF转换?00405CB0
00401ED6|. |50 push eax
00401ED7|. |8B8D FCF6FFFF mov ecx, ;user32.760C2E3E
00401EDD|. |E8 9E1E0000 call PDF转换?00403D80
00401EE2|. |C785 08F7FFFF>mov ,0x0
00401EEC|. |C745 FC FFFFF>mov ,-0x1
00401EF3|. |8D8D B4FDFFFF lea ecx,
00401EF9|. |E8 42380000 call PDF转换?00405740
00401EFE|. |8B85 08F7FFFF mov eax,
00401F04|. |E9 DD020000 jmp PDF转换?004021E6
00401F09|> \8D8D C0FDFFFF lea ecx,
je改jmp即可
00401EA0 /EB 67 jmp short PDF转换?00401F09
00401EA2|. |8D8D B4FDFFFF lea ecx,
双击EIP返回,看第二个
两个跳转
都看看
都是jmp,不管了。
第三个
004023C4|. /74 5B |je short PDF转换?00402421
004023C6|. |68 86000000 |push 0x86
004023CB|. |8D4D EC |lea ecx,
004023CE|. |E8 DD360000 |call PDF转换?00405AB0
004023D3|. |6A 00 |push 0x0
004023D5|. |68 9C564300 |push PDF转换?0043569C
004023DA|. |8D4D EC |lea ecx,
004023DD|. |E8 CE380000 |call PDF转换?00405CB0
004023E2|. |50 |push eax
004023E3|. |8B8D 48FBFFFF |mov ecx,
004023E9|. |E8 92190000 |call PDF转换?00403D80
004023EE|. |C785 50FBFFFF>|mov ,0x0
004023F8|. |C645 FC 00 |mov byte ptr ss:,0x0
004023FC|. |8D4D EC |lea ecx,
004023FF|. |E8 3C330000 |call PDF转换?00405740
00402404|. |C745 FC FFFFF>|mov ,-0x1
0040240B|. |8D8D 5CFBFFFF |lea ecx,
00402411|. |E8 1ABC0000 |call PDF转换?0040E030
00402416|. |8B85 50FBFFFF |mov eax,
0040241C|. |E9 86000000 |jmp PDF转换?004024A7
00402421|>^\E9 42FFFFFF \jmp PDF转换?00402368
JE能跳。je改jmp
004023C2|.85D2 |test edx,edx
004023C4 EB 5B jmp short PDF转换?00402421
004023C6|.68 86000000 |push 0x86
004023CB|.8D4D EC |lea ecx,
第四个00402517|.83C1 6C add ecx,0x6C
0040251A|.E8 F1390000 call PDF转换?00405F10
0040251F|.85C0 test eax,eax
00402521|.76 1A jbe short PDF转换?0040253D
00402523|.6A 04 push 0x4
00402525|.6A 00 push 0x0
00402527|.8D4D EC lea ecx,
0040252A|.E8 81370000 call PDF转换?00405CB0
0040252F|.50 push eax
00402530|.8B4D AC mov ecx,
00402533|.E8 48180000 call PDF转换?00403D80
00402538|.83F8 06 cmp eax,0x6
0040253B|.74 1E je short PDF转换?0040255B
0040253D|>C745 C4 00000>mov ,0x0
看下面跳转
0040251A|.E8 F1390000 call PDF转换?00405F10
0040251F|.85C0 test eax,eax
00402521 EB 1A jmp short PDF转换?0040253D
00402523|.6A 04 push 0x4
00402525|.6A 00 push 0x0
jbe改jmp
第五个
00402677|.83C1 6C add ecx,0x6C
0040267A|.E8 71120100 call PDF转换?004138F0
0040267F|.85C0 test eax,eax
00402681|.7E 1A jle short PDF转换?0040269D
00402683|.6A 04 push 0x4
00402685|.6A 00 push 0x0
00402687|.8D4D F0 lea ecx,
0040268A|.E8 21360000 call PDF转换?00405CB0
0040268F|.50 push eax
00402690|.8B4D E4 mov ecx,
00402693|.E8 E8160000 call PDF转换?00403D80
00402698|.83F8 06 cmp eax,0x6
0040269B|.74 1B je short PDF转换?004026B8
0040269D|>C745 EC 00000>mov ,0x0
改jle为jmp
第六个
00402922|.50 push eax
00402923|.8B4D BC mov ecx,
00402926|.E8 55140000 call PDF转换?00403D80
0040292B|.C745 D4 00000>mov ,0x0
00402932|.C745 FC FFFFF>mov ,-0x1
00402939|.8D4D E8 lea ecx,
0040293C|.E8 FF2D0000 call PDF转换?00405740
00402941|.8B45 D4 mov eax,
00402944|.E9 78020000 jmp PDF转换?00402BC1
00402949|>8D4D F0 lea ecx,
追踪跳转
004028E5|.894D BC mov ,ecx
004028E8|.8B4D BC mov ecx,
004028EB|.83C1 6C add ecx,0x6C
004028EE|.E8 FD0F0100 call PDF转换?004138F0
004028F3|.85C0 test eax,eax
004028F5|.7F 52 jg short PDF转换?00402949
jg改jmp
004028EB|.83C1 6C add ecx,0x6C
004028EE|.E8 FD0F0100 call PDF转换?004138F0
004028F3|.85C0 test eax,eax
004028F5 EB 52 jmp short PDF转换?00402949
004028F7|.8D4D E8 lea ecx,
第七个
00402999|.E8 12330000 call PDF转换?00405CB0
0040299E|.50 push eax
0040299F|.8B4D BC mov ecx,
004029A2|.E8 D9130000 call PDF转换?00403D80
004029A7|.C745 D0 00000>mov ,0x0
004029AE|.C645 FC 01 mov byte ptr ss:,0x1
004029B2|.8D4D E4 lea ecx,
004029B5|.E8 862D0000 call PDF转换?00405740
004029BA|.C745 FC FFFFF>mov ,-0x1
004029C1|.8D4D F0 lea ecx,
004029C4|.E8 772D0000 call PDF转换?00405740
004029C9|.8B45 D0 mov eax, ;PDF转换?00403E06
004029CC|.E9 F0010000 jmp PDF转换?00402BC1
004029D1|>8D4D F0 lea ecx,
追踪跳转
0040296A|.E8 71330000 call PDF转换?00405CE0
0040296F|.0FB6C8 movzx ecx,al
00402972|.85C9 test ecx,ecx
00402974|.74 5B je short PDF转换?004029D1
00402976|.8D4D E4 lea ecx,
je改jmp
0040296A|.E8 71330000 call PDF转换?00405CE0
0040296F|.0FB6C8 movzx ecx,al
00402972|.85C9 test ecx,ecx
00402974 EB 5B jmp short PDF转换?004029D1
00402976|.8D4D E4 lea ecx,
第八处
00402A0D|.8B4D BC mov ecx,
00402A10|.E8 6B130000 call PDF转换?00403D80
00402A15|.C745 CC 00000>mov ,0x0
00402A1C|.C645 FC 01 mov byte ptr ss:,0x1
00402A20|.8D4D E0 lea ecx,
00402A23|.E8 182D0000 call PDF转换?00405740
00402A28|.C745 FC FFFFF>mov ,-0x1
00402A2F|.8D4D F0 lea ecx,
00402A32|.E8 092D0000 call PDF转换?00405740
00402A37|.8B45 CC mov eax,
00402A3A|.E9 82010000 jmp PDF转换?00402BC1
00402A3F|>8B55 BC mov edx,
追踪并修改
004029DA|.FF15 50524300 call dword ptr ds:[<&SHLWAPI.PathFileExi>; \PathFileExistsW
004029E0|.85C0 test eax,eax
004029E2 EB 5B jmp short PDF转换?00402A3F
004029E4|.8D4D E0 lea ecx,
第九处
00402A92|.E8 E9120000 call PDF转换?00403D80
00402A97|.C745 C8 00000>mov ,0x0
00402A9E|.C645 FC 01 mov byte ptr ss:,0x1
00402AA2|.8D4D DC lea ecx,
00402AA5|.E8 962C0000 call PDF转换?00405740
00402AAA|.C745 FC FFFFF>mov ,-0x1
00402AB1|.8D4D F0 lea ecx,
00402AB4|.E8 872C0000 call PDF转换?00405740
00402AB9|.8B45 C8 mov eax,
00402ABC|.E9 00010000 jmp PDF转换?00402BC1
00402AC1|>8B4D BC mov ecx,
追踪并修改
第一处
00402A3A|. /E9 82010000 jmp PDF转换?00402BC1
00402A3F|> |8B55 BC mov edx,
00402A42|. |83BA 90000000>cmp dword ptr ds:,0x0
00402A49 |EB 76 jmp short PDF转换?00402AC1
00402A4B|. |6A 00 push 0x0
00402A4D|. |8B4D BC mov ecx,
00402A50|. |81C1 90000000 add ecx,0x90
第二个
00402A5C|.FF15 B0514300 call dword ptr ds:[<&KERNEL32.WaitForSin>; \WaitForSingleObject
00402A62|.85C0 test eax,eax
00402A64 EB 5B jmp short PDF转换?00402AC1
00402A66|.8D4D DC lea ecx,
第十个
00402B27|.E8 54120000 call PDF转换?00403D80
00402B2C|.C745 C4 00000>mov ,0x0
00402B33|.C645 FC 05 mov byte ptr ss:,0x5
00402B37|.8D4D D8 lea ecx,
00402B3A|.E8 012C0000 call PDF转换?00405740
00402B3F|.C645 FC 01 mov byte ptr ss:,0x1
00402B43|.8D4D EC lea ecx,
00402B46|.E8 05B30000 call PDF转换?0040DE50
00402B4B|.C745 FC FFFFF>mov ,-0x1
00402B52|.8D4D F0 lea ecx,
00402B55|.E8 E62B0000 call PDF转换?00405740
00402B5A|.8B45 C4 mov eax,
00402B5D|.EB 62 jmp short PDF转换?00402BC1
00402B5F|>8B4D BC mov ecx,
追踪并修改
00402AEF|.E8 2C290000 call PDF转换?00405420
00402AF4|.0FB6C0 movzx eax,al
00402AF7|.85C0 test eax,eax
00402AF9 EB 64 jmp short PDF转换?00402B5F
00402AFB|.8D4D D8 lea ecx,
11个
00402E0E|.E8 6D0F0000 call PDF转换?00403D80
00402E13|.C745 FC FFFFF>mov ,-0x1
00402E1A|.8D4D F0 lea ecx,
00402E1D|.E8 1E290000 call PDF转换?00405740
00402E22|.EB 12 jmp short PDF转换?00402E36
00402E24|>8B4D EC mov ecx,
追踪并修改
00402DBB|.83B8 90000000>cmp dword ptr ds:,0x0
00402DC2 EB 60 jmp short PDF转换?00402E24
还有
00402DD5|.FF15 B0514300 call dword ptr ds:[<&KERNEL32.WaitForSin>; \WaitForSingleObject
00402DDB|.85C0 test eax,eax
00402DDD EB 45 jmp short PDF转换?00402E24
00402DDF|.8D4D F0 lea ecx,
最后一个
0040371D .E8 5E2D0000 call PDF转换?00406480
00403722 .8BC8 mov ecx,eax
00403724 .E8 87250000 call PDF转换?00405CB0
00403729 .50 push eax
0040372A .6A 02 push 0x2
0040372C .8B85 7CFDFFFF mov eax,dword ptr ss:
00403732 .50 push eax
00403733 .8B8D C4FCFFFF mov ecx,dword ptr ss:
00403739 .83C1 6C add ecx,0x6C
0040373C .E8 9F270000 call PDF转换?00405EE0
00403741 .8B4D 0C mov ecx,dword ptr ss: ;PDF转换?0043567C
00403744 .8B11 mov edx,dword ptr ds:
00403746 .83C2 01 add edx,0x1
00403749 .8B45 0C mov eax,dword ptr ss: ;PDF转换?0043567C
0040374C .8910 mov dword ptr ds:,edx
0040374E .C645 FC 0B mov byte ptr ss:,0xB
00403752 .8D8D 78FDFFFF lea ecx,dword ptr ss:
00403758 .E8 E31F0000 call PDF转换?00405740
0040375D .^ E9 4CFDFFFF jmp PDF转换?004034AE
00403762 >C645 FC 0B mov byte ptr ss:,0xB
00403766 .8D8D 78FDFFFF lea ecx,dword ptr ss:
0040376C .E8 CF1F0000 call PDF转换?00405740
00403771 >8D8D CCFDFFFF lea ecx,dword ptr ss:
追踪并修改
004036C5 .FF15 50524300 call dword ptr ds:[<&SHLWAPI.PathFileExi>; \PathFileExistsW
004036CB .85C0 test eax,eax
004036CD E9 9F000000 jmp PDF转换?00403771
004036D2 90 nop
004036D3 .8D8D 78FDFFFF lea ecx,dword ptr ss:
终于好了{:301_972:}累死我了,数学作业还没写呢
保存
我好累呀,呜呜
看看图
破解成功!
本帖最后由 cqr2287 于 2017-3-11 18:22 编辑
声明:本软件仅供学习使用,请下载后24小时内从您的电脑内完全删除。如有侵权请联系吾爱破解论坛,我将立即删除附件
成品:http://www.52pojie.cn/thread-586459-1-1.html 我过程看了 我心想难道要我也这么破解才能用吗 看到最后才发现原来回复一下就好了 大家说说下次我破解什么。。 傲天~昊龙 发表于 2016-7-31 19:25
楼主,闻老师是谁呀
。。就是Hmily。这你作为吾爱论坛的用户,怎么这都不知道 谢谢楼主!!! 好厉害的样子~
谢谢楼主!!! 挖槽,好屌锕,楼主必定是大神级人物 可以,这很强势!