本帖最后由 冥界3大法王 于 2013-3-6 09:33 编辑
首先:请出故事的女主角上场,掌声响起。
Inpaint5原版.part1.rar
(1.86 MB, 下载次数: 172)
Inpaint5原版.part2.rar
(1.86 MB, 下载次数: 70)
Inpaint5原版.part3.rar
(201 Bytes, 下载次数: 36)
如图所示,点击左侧任意三个工具中的一个,圈1处圈出水印区域来,点击圈2执行
第二幅,看一下效果还不错吧。
破解前,生成去水印图像文件只能瞻仰,不能保存。
点击保存按钮时,弹出如图所示对话框。 |
好了,闲话说完了,步入正题:
1.如果先打开OD,加载软件的话有时会出现异常。无法调试,但有时却又正常。
所以最好 先打开InXXXXX,打开一张图像,之后切换到OD, 文件--》InXXXXX---》附加进程。。。
2.OD中,点右键,---》搜索---》所有参考字串,This feature is。。。。结果有时搜索不到,这跟OD中加载程序执行的先后有一定关系。
第一次开始时,我是通过笨方法设断的。exescope中导入user32模块,右侧有很多,(OD中其实也有类似的可以参考的,但用着不算熟,所以传统套路吧。
000001ED LoadIconW
0000014B GetMenu
00000142 GetKeyboardState
000002A2 SetMenuItemInfoW
000002F7 TrackPopupMenuEx
00000208 MapVirtualKeyW
000002F1 ToAscii
000002F3 ToUnicode
0000013E GetKeyboardLayout
000000A1 DestroyCaret
00000282 SetCaretPos
00000059 CreateCaret
000001A9 HideCaret
000002FC TranslateMessage
0000013F GetKeyboardLayoutList
00000263 RegisterWindowMessageW
00000107 GetAsyncKeyState
00000250 RegisterClipboardFormatW
00000133 GetIconInfo
000000C8 DrawIconEx
0000005A CreateCursor
00000067 CreateIconIndirect
0000028A SetCursorPos
000000A2 DestroyCursor
0000010E GetClassInfoW
000001EF LoadImageW
0000017C GetSysColorBrush
0000024D RegisterClassExW
00000120 GetCursorPos
0000009C DefWindowProcW
0000019D GetWindowRgn
00000306 UnregisterClassW
00000048 ClipCursor
00000187 GetUpdateRect
000001BF InvalIDAteRgn
0000000E BeginPaint
000000DC EndPaint
0000017B GetSysColor
0000032C WindowFromPoint
00000164 GetParent
0000012B GetDoubleClickTime
00000291 SetDoubleClickTime
00000281 SetCaretBlinkTime
00000233 PeekMessageW
00000236 PostMessageW
00000022 ChangeClipboardChain
000000FC FlashWindowEx
0000020D MessageBeep
0000013D GetKeyState
00000123 GetDesktopWindow
0000006E CreateWindowExW
0000017D GetSystemMenu
000000D6 EnableMenuItem
000002A6 SetParent
0000031D ValidateRgn
00000114 GetClientRect
0000019B GetWindowPlacement
000002C5 SetWindowPlacement
0000019C GetWindowRect
000001E0 IsWindowVisible
000001D1 IsIconic
000001E2 IsZoomed
0000021B MoveWindow
000001BE InvalidateRect
000002DF ShowWindow
0000026D ScreenToClient
00000047 ClientToScreen
000000A6 DestroyWindow
000002C7 SetWindowRgn
00000118 GetClipboardFormatNameW
000002BB SetTimer
000001E3 KillTimer
0000016C GetQueueStatus
00000288 SetCursor
000002CF SetWindowsHookExW
00000280 SetCapture
0000017E GetSystemMetrics
0000027C SendMessageW
000002CB SetWindowTextW
00000003 AdjustWindowRectEx
00000271 ScrollWindowEx
00000311 UpdateWindow
000002C6 SetWindowPos
00000293 SetForegroundWindow
00000264 ReleaseCapture
00000300 UnhookWindowsHookEx
000000A3 DestroyIcon
0000001C CallNextHookEx
000002EC SystemParametersInfoW
00000265 ReleaseDC
00000121 GetDC
00000196 GetWindowLongW
000002C4 SetWindowLongW
00000100 GetActiveWindow
000001C9 IsChild
0000012C GetFocus
00000292 SetFocus
0000024E RegisterClassW
000000AF DispatchMessageW
0000021D MsgWaitForMultipleObjectsEx
00000030 CharNextExA
00000109 GetCaretBlinkTime
00000287 SetClipboardViewer
哪一个是呢,猜想text 或 window 之类相关的吧。试了几个,结果用下面的设断成功。
此时,OD中按1下F9,让程序完全载入,打开
结果,在左下角命令行输入框中,设断bp SetWindowTextW,回车
好了,按一下F9,回到软件中,点击保存按钮,此时成功被断下了。不管它,按住F8键不散手,至到它走不动弹框为止。
:005B0EFB E8 B0594500 call InXXXA068B0 ; 弹出无效 注册码 对话框(正确时这里也弹,晕~~)
:005B0F00 397C24 18 cmp dword ptr ss:[esp+18],edi
:005B0F04 75 39 jnz short InXXX5B0F3F
:005B0F06 8D4C24 18 lea ecx,dword ptr ss:[esp+18]
:005B0F0A 51 push ecx
:005B0F0B C64424 38 00 mov byte ptr ss:[esp+38],0
:005B0F10 E8 EB234100 call InXXX9C3300
好了,完事按下alt+b键,将所有断点删除掉;
:005B0EFB E8 B0594500 call InXXXA068B0 在这句上F2设断
重复一次上面点保存按钮的动作,到这句时,F7单步进入,进入后一路F8,按了好久困在里面跳不出来,此路不通,但记住上面得到的地址。
OD中点右键,---》搜索---》所有参考字串,This feature is,结果这次找到了,F2设断:47c2ae
回到OD主窗口中,F9,再次重复一次上面点保存按钮的动作,又被拦下,
0047C252 5D pop ebp
0047C253 C3 ret
0047C254 6A FF push -1 ; 功能限制的对话框的字符串,这里压入
0047C256 68 C4B7BA00 push InXXXBAB7C4 ; ASCII "Inpaint"
0047C25B E8 E0DA5300 call InXXX9B9D40
0047C260 8945 DC mov dword ptr ss:[ebp-24],eax
0047C263 6A 00 push 0
0047C265 8D55 CC lea edx,dword ptr ss:[ebp-34]
0047C268 68 D0BBBA00 push InXXXBABBD0 ; ASCII "Enter the serial key"
0047C26D 52 push edx
0047C26E C745 FC 00000000 mov dword ptr ss:[ebp-4],0
0047C275 E8 867BFFFF call InXXX473E00
0047C27A 8BF8 mov edi,eax
0047C27C 6A 00 push 0
0047C27E 8D45 D0 lea eax,dword ptr ss:[ebp-30]
0047C281 68 FC26B500 push InXXXB526FC ; ASCII "No"
0047C286 50 push eax
0047C287 C645 FC 01 mov byte ptr ss:[ebp-4],1
0047C28B E8 707BFFFF call InXXX473E00
0047C290 8BD8 mov ebx,eax
0047C292 6A 00 push 0
0047C294 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
0047C297 68 F826B500 push InXXXB526F8 ; ASCII "Yes"
0047C29C 51 push ecx
0047C29D C645 FC 02 mov byte ptr ss:[ebp-4],2
0047C2A1 E8 5A7BFFFF call InXXX473E00
0047C2A6 8945 C0 mov dword ptr ss:[ebp-40],eax
0047C2A9 6A 00 push 0
0047C2AB 8D55 D8 lea edx,dword ptr ss:[ebp-28]
0047C2AE 68 10C7BA00 push InXXXBAC710 ; ASCII "This feature is available in registered 断在了这句,
此时向上看,看到桔色字样处,是否刚才都走过了吗?
给那3个地址F2设断,重新运行,
原来:
0047C254 6A FF push -1 ; 功能限制的对话框的字符串,这里压入
此句开始向下执行,因此万万不能让程序来到此处
用w32dasm打开原软件,Shift+F12,47C254
此时,向上搜索47C254
你会找到唯一的俩句::47BF6C je 47C254
:47BF5B je 47C254
这两句全部NOP了,此时点击保存按钮就成存图了。
编了个原创,好歹看完加点分说说观后感下次礼尚往来也好再发不是嘛?不然的话,寒心呐~~~
听有朋友要批量去水印的。您还别说,还真有
Batch Inpaint is a batch version of Inpaint – photo processing and retouching tool. While removing an unwanted object from a photo with Inpaint is easy, it may still consume a lot of time if you have a whole bunch of pictures to process. Batch removal of typical objects from images is what Batch Inpaint is designed for.
Watermarks, time stamps, glitches, scratches, facial wrinkles, power lines, persons accidentally caught by the camera in the very moment of a shot and other things can be effortlessly erased from photos in automatic mode. Here is how things work: Step 1: Open imagesFirst of all, load the images you want to process into Batch Inpaint. The easiest way to do this is to specify a folder with photos in the program, however you can also load individual image or images too. 
Step 2: Define removal areasSelect an area on the picture that you want to hide or remove. The red semi-transparent rectangle identifies the processing area. You can resize it or move it to another place with your mouse. Note, the selected area is applied to every image, so you don’t need to define it for each file manually. Also, you can switch between absolute and relative coordinates of the area with the toolbar button. Relative positioning is useful when you need to process files of varying resolution. 
Step 3: Run processingOnce you run processing, the program asks you whether you want to overwrite existing files, or save modified images under different names. After that, Batch Inpaint will automatically process files one by one and remove the selected object from each picture. That’s it!
Batch Inpaint 1.2
可用码:UFKA-DAHO-IWHC-YOWN-UEKD-WTLJ-LITX-APLD 请自行GG搜索
|
[复制链接]
发表于 2013-3-4 23:25
|
发表于 2013-3-4 23:33
