[Asm] 纯文本查看 复制代码
一个英文ERP软件加密狗破解视频。
不解释 自己看
没有加密狗,就这样了
好了 动手,先看语音
Borland C++ 1999
有点旧的语音。。
无壳的C语言,教最简单的破解方法吧,字符法,我已经放入了od
0048F3FD . 68 3C655300 push tdsoft.0053653C ; 9软件已过了试用期,需要激活才能继续使用
0048F402 . 8D45 E0 lea eax,dword ptr ss:[ebp-0x20]
0048F405 . 50 push eax
0048F406 . E8 29D00600 call tdsoft.004FC434
0048F40B . 83C4 08 add esp,0x8
0048F40E . FF85 C8FDFFFF inc dword ptr ss:[ebp-0x238]
0048F414 . 8D55 E0 lea edx,dword ptr ss:[ebp-0x20]
0048F417 . 52 push edx
0048F418 . 8D4D D8 lea ecx,dword ptr ss:[ebp-0x28]
0048F41B . 51 push ecx
0048F41C . E8 4355F7FF call tdsoft.00404964
0048F421 . 59 pop ecx
0048F422 . 50 push eax
0048F423 . FF85 C8FDFFFF inc dword ptr ss:[ebp-0x238]
0048F429 . 68 26655300 push tdsoft.00536526 ; SOFTRDONLY
0048F42E . 8D45 DC lea eax,dword ptr ss:[ebp-0x24]
0048F431 . 50 push eax
0048F432 . E8 6DD10600 call tdsoft.004FC5A4
0048F437 . 83C4 08 add esp,0x8
0048F43A . FF85 C8FDFFFF inc dword ptr ss:[ebp-0x238]
0048F440 . 8B10 mov edx,dword ptr ds:[eax]
0048F442 . A1 84305600 mov eax,dword ptr ds:[0x563084]
0048F447 . 59 pop ecx
0048F448 . E8 3FE00600 call <jmp.&rtl200.System::Classes::TStri>
0048F44D . 8D55 D8 lea edx,dword ptr ss:[ebp-0x28]
0048F450 . 52 push edx
0048F451 . E8 9ED20600 call tdsoft.004FC6F4
0048F456 . 83C4 08 add esp,0x8
0048F459 . 84C0 test al,al
0048F45B . 0F95C0 setne al
0048F45E . 83E0 01 and eax,0x1
0048F461 . 50 push eax
0048F462 . FF8D C8FDFFFF dec dword ptr ss:[ebp-0x238]
0048F468 . 6A 02 push 0x2
0048F46A . 8D55 E0 lea edx,dword ptr ss:[ebp-0x20]
0048F46D . 52 push edx
0048F46E . E8 99D10600 call tdsoft.004FC60C
0048F473 . 83C4 08 add esp,0x8
0048F476 . FF8D C8FDFFFF dec dword ptr ss:[ebp-0x238]
0048F47C . 6A 02 push 0x2
0048F47E . 8D4D D8 lea ecx,dword ptr ss:[ebp-0x28]
0048F481 . 51 push ecx
0048F482 . E8 85D10600 call tdsoft.004FC60C
0048F487 . 83C4 08 add esp,0x8
0048F48A . FF8D C8FDFFFF dec dword ptr ss:[ebp-0x238]
0048F490 . 6A 02 push 0x2
0048F492 . 8D45 DC lea eax,dword ptr ss:[ebp-0x24]
0048F495 . 50 push eax
0048F496 . E8 71D10600 call tdsoft.004FC60C
0048F49B . 83C4 08 add esp,0x8
0048F49E . 5A pop edx
0048F49F . 85D2 test edx,edx
0048F4A1 . 75 04 jnz Xtdsoft.0048F4A7
0048F4A3 > 33C9 xor ecx,ecx
这里都是报错代码,需要删除
0048F4E9 . 6A 00 push 0x0
0048F4EB . 66:C785 BCFDF>mov word ptr ss:[ebp-0x244],0x30
0048F4F4 . 8D55 D0 lea edx,dword ptr ss:[ebp-0x30]
0048F4F7 . 52 push edx
0048F4F8 . E8 6754F7FF call tdsoft.00404964
0048F4FD . 59 pop ecx
0048F4FE . 50 push eax
0048F4FF . FF85 C8FDFFFF inc dword ptr ss:[ebp-0x238]
0048F505 . 68 3E655300 push tdsoft.0053653E ; 软件已过了试用期,需要激活才能继续使用
0048F50A . 8D4D D4 lea ecx,dword ptr ss:[ebp-0x2C]
0048F50D . 51 push ecx
0048F50E . E8 91D00600 call tdsoft.004FC5A4
0048F513 . 83C4 08 add esp,0x8
0048F516 . FF85 C8FDFFFF inc dword ptr ss:[ebp-0x238]
0048F51C . 8B00 mov eax,dword ptr ds:[eax]
0048F51E . 5A pop edx
0048F51F . E8 10FA0600 call <jmp.&fyLanguage14.Rescommon::fyGet>
0048F524 . 8D4D D0 lea ecx,dword ptr ss:[ebp-0x30]
0048F527 . FF31 push dword ptr ds:[ecx]
0048F529 . 8D85 96FDFFFF lea eax,dword ptr ss:[ebp-0x26A]
0048F52F . E8 006AF7FF call tdsoft.00405F34
0048F534 . B2 02 mov dl,0x2
0048F536 . E8 2D6AF7FF call tdsoft.00405F68
0048F53B . 66:8B08 mov cx,word ptr ds:[eax]
0048F53E . 33D2 xor edx,edx
0048F540 . 58 pop eax
0048F541 . E8 6EFE0500 call tdsoft.Fydialog::MessageDlg2
0048F546 . FF8D C8FDFFFF dec dword ptr ss:[ebp-0x238]
0048F54C . 6A 02 push 0x2
0048F54E . 8D4D D0 lea ecx,dword ptr ss:[ebp-0x30]
0048F551 . 51 push ecx
0048F552 . E8 B5D00600 call tdsoft.004FC60C
0048F557 . 83C4 08 add esp,0x8
0048F55A . FF8D C8FDFFFF dec dword ptr ss:[ebp-0x238]
0048F560 . 6A 02 push 0x2
0048F562 . 8D45 D4 lea eax,dword ptr ss:[ebp-0x2C]
0048F565 . 50 push eax
0048F566 . E8 A1D00600 call tdsoft.004FC60C
0048F56B . 83C4 08 add esp,0x8
0048F56E . 33D2 xor edx,edx
0048F570 . A1 00305600 mov eax,dword ptr ds:[0x563000]
0048F575 . 8B08 mov ecx,dword ptr ds:[eax]
0048F577 . FF51 04 call dword ptr ds:[ecx+0x4]
0048F57A . 84C0 test al,al
0048F57C . 0F84 94000000 je tdsoft.0048F616
第二处,也一样
系统未检测到锁,请将锁接好后重试
这是系统暗桩,需要去掉
0048F6EF . 6A 00 push 0x0
0048F6F1 . 66:C785 BCFDF>mov word ptr ss:[ebp-0x244],0x54
0048F6FA . 8D4D B8 lea ecx,dword ptr ss:[ebp-0x48]
0048F6FD . 51 push ecx
0048F6FE . E8 6152F7FF call tdsoft.00404964
0048F703 . 59 pop ecx
0048F704 . 50 push eax
0048F705 . FF85 C8FDFFFF inc dword ptr ss:[ebp-0x238]
0048F70B . 68 86655300 push tdsoft.00536586 ; 系统未检测到锁,请将锁接好后重试
0048F710 . 8D45 BC lea eax,dword ptr ss:[ebp-0x44]
0048F713 . 50 push eax
0048F714 . E8 8BCE0600 call tdsoft.004FC5A4
0048F719 . 83C4 08 add esp,0x8
0048F71C . FF85 C8FDFFFF inc dword ptr ss:[ebp-0x238]
0048F722 . 8B00 mov eax,dword ptr ds:[eax]
0048F724 . 5A pop edx
0048F725 . E8 0AF80600 call <jmp.&fyLanguage14.Rescommon::fyGet>
0048F72A . 8D4D B8 lea ecx,dword ptr ss:[ebp-0x48]
0048F72D . FF31 push dword ptr ds:[ecx]
0048F72F . 8D85 90FDFFFF lea eax,dword ptr ss:[ebp-0x270]
0048F735 . E8 FA67F7FF call tdsoft.00405F34
0048F73A . B2 02 mov dl,0x2
0048F73C . E8 2768F7FF call tdsoft.00405F68
0048F741 . 66:8B08 mov cx,word ptr ds:[eax]
0048F744 . B2 01 mov dl,0x1
0048F746 . 58 pop eax
0048F747 . E8 68FC0500 call tdsoft.Fydialog::MessageDlg2
0048F74C . FF8D C8FDFFFF dec dword ptr ss:[ebp-0x238]
0048F752 . 6A 02 push 0x2
0048F754 . 8D4D B8 lea ecx,dword ptr ss:[ebp-0x48]
0048F757 . 51 push ecx
0048F758 . E8 AFCE0600 call tdsoft.004FC60C
0048F75D . 83C4 08 add esp,0x8
0048F760 . FF8D C8FDFFFF dec dword ptr ss:[ebp-0x238]
0048F766 . 6A 02 push 0x2
0048F768 . 8D45 BC lea eax,dword ptr ss:[ebp-0x44]
0048F76B . 50 push eax
0048F76C . E8 9BCE0600 call tdsoft.004FC60C
0048F771 . 83C4 08 add esp,0x8
0048F774 . 6A 00 push 0x0
0048F776 . 6A 00 push 0x0
0048F778 . 6A 10 push 0x10
0048F77A . 8B85 A8FDFFFF mov eax,dword ptr ss:[ebp-0x258]
0048F780 . E8 2FE70600 call <jmp.&vcl200.Vcl::Controls::TWinCon>
0048F785 . 50 push eax ; |hWnd
0048F786 . E8 07070700 call <jmp.&USER32.PostMessageW> ; \PostMessageW
0048F78B . 33C0 xor eax,eax
0048F78D . 50 push eax
0048F78E . 83AD C8FDFFFF>sub dword ptr ss:[ebp-0x238],0x2
0048F795 . 6A 02 push 0x2
0048F797 . 8D55 FC lea edx,dword ptr ss:[ebp-0x4]
0048F79A . 52 push edx
0048F79B . E8 3052F7FF call tdsoft.004049D0
0048F7A0 . 83C4 08 add esp,0x8
0048F7A3 . 58 pop eax
0048F7A4 . 8B95 ACFDFFFF mov edx,dword ptr ss:[ebp-0x254]
0048F7AA . 64:8915 00000>mov dword ptr fs:[0],edx
0048F7B1 . E9 A8210000 jmp tdsoft.0049195E
所有删除即可
序列号或加密狗版本不一致
暗桩2
0048FC70 . 6A 00 push 0x0
0048FC72 . 66:C785 BCFDF>mov word ptr ss:[ebp-0x244],0xA8
0048FC7B . 8D8D 64FFFFFF lea ecx,dword ptr ss:[ebp-0x9C]
0048FC81 . 51 push ecx
0048FC82 . E8 DD4CF7FF call tdsoft.00404964
0048FC87 . 59 pop ecx
0048FC88 . 50 push eax
0048FC89 . FF85 C8FDFFFF inc dword ptr ss:[ebp-0x238]
0048FC8F . 68 08665300 push tdsoft.00536608 ; 序列号或加密狗版本不一致
0048FC94 . 8D85 68FFFFFF lea eax,dword ptr ss:[ebp-0x98]
0048FC9A . 50 push eax
0048FC9B . E8 04C90600 call tdsoft.004FC5A4
0048FCA0 . 83C4 08 add esp,0x8
0048FCA3 . FF85 C8FDFFFF inc dword ptr ss:[ebp-0x238]
0048FCA9 . 8B00 mov eax,dword ptr ds:[eax]
0048FCAB . 5A pop edx
0048FCAC . E8 83F20600 call <jmp.&fyLanguage14.Rescommon::fyGet>
0048FCB1 . 8D8D 64FFFFFF lea ecx,dword ptr ss:[ebp-0x9C]
0048FCB7 . FF31 push dword ptr ds:[ecx]
0048FCB9 . 8D85 8AFDFFFF lea eax,dword ptr ss:[ebp-0x276]
0048FCBF . E8 7062F7FF call tdsoft.00405F34
0048FCC4 . B2 02 mov dl,0x2
0048FCC6 . E8 9D62F7FF call tdsoft.00405F68
0048FCCB . 66:8B08 mov cx,word ptr ds:[eax]
0048FCCE . B2 01 mov dl,0x1
0048FCD0 . 58 pop eax
0048FCD1 . E8 DEF60500 call tdsoft.Fydialog::MessageDlg2
0048FCD6 . FF8D C8FDFFFF dec dword ptr ss:[ebp-0x238]
0048FCDC . 6A 02 push 0x2
0048FCDE . 8D8D 64FFFFFF lea ecx,dword ptr ss:[ebp-0x9C]
0048FCE4 . 51 push ecx
0048FCE5 . E8 22C90600 call tdsoft.004FC60C
0048FCEA . 83C4 08 add esp,0x8
0048FCED . FF8D C8FDFFFF dec dword ptr ss:[ebp-0x238]
0048FCF3 . 6A 02 push 0x2
0048FCF5 . 8D85 68FFFFFF lea eax,dword ptr ss:[ebp-0x98]
0048FCFB . 50 push eax
0048FCFC . E8 0BC90600 call tdsoft.004FC60C
0048FD01 . 83C4 08 add esp,0x8
0048FD04 . 6A 00 push 0x0
0048FD06 . 6A 00 push 0x0
0048FD08 . 6A 10 push 0x10
0048FD0A . 8B85 A8FDFFFF mov eax,dword ptr ss:[ebp-0x258]
0048FD10 . E8 9FE10600 call <jmp.&vcl200.Vcl::Controls::TWinCon>
0048FD15 . 50 push eax ; |hWnd
0048FD16 . E8 77010700 call <jmp.&USER32.PostMessageW> ; \PostMessageW
0048FD1B . 33C0 xor eax,eax
0048FD1D . 50 push eax
0048FD1E . FF8D C8FDFFFF dec dword ptr ss:[ebp-0x238]
0048FD24 . 6A 02 push 0x2
0048FD26 . 8D55 98 lea edx,dword ptr ss:[ebp-0x68]
0048FD29 . 52 push edx
0048FD2A . E8 DDC80600 call tdsoft.004FC60C
0048FD2F . 83C4 08 add esp,0x8
0048FD32 . 83AD C8FDFFFF>sub dword ptr ss:[ebp-0x238],0x2
0048FD39 . 6A 02 push 0x2
0048FD3B . 8D4D FC lea ecx,dword ptr ss:[ebp-0x4]
0048FD3E . 51 push ecx
0048FD3F . E8 8C4CF7FF call tdsoft.004049D0
0048FD44 . 83C4 08 add esp,0x8
0048FD47 . 58 pop eax
0048FD48 . 8B95 ACFDFFFF mov edx,dword ptr ss:[ebp-0x254]
0048FD4E . 64:8915 00000>mov dword ptr fs:[0],edx
0048FD55 . E9 041C0000 jmp tdsoft.0049195E
删除
00490540 . /74 0D je Xtdsoft.0049054F
让他实现
00490614 . /0F85 84010000 jnz tdsoft.0049079E
也要实现
------------
00490C5E . /0F84 CB000000 je tdsoft.00490D2F
不让他实现
00490D29 . /0F84 21030000 je tdsoft.00491050
让他实现
,刚刚那里是一样的道理 不解释了
锁已拔出,请将锁接入后继续使用
暗桩还真不少啊,体力活
系统当前在线用户,已超最大在线用户数,将退出
用户数量限制破解
发表于 2014-11-29 10:54
|
发表于 2014-11-29 11:26
