快捷PDF转换成Word转换器 v16.5 破解版【图文详解】

ZF0806 · 发表于 2016-4-26 13:34

本帖最后由 ZF0806 于 2016-4-26 13:40 编辑

软件简介：
快捷PDF转换成Word转换器可以将PDF文档转换成Word文档，软件支持批量转换。软件界面清晰，操作方便。为您打造专业好用的PDF转换成Word转换器。

由于查壳，没有壳直接跳过此步

破解前

破解过程

破解完成后

又是一款和某某转换软件相似的孪生兄弟，中国的有些软件总离不开这“魔咒”-------换谈不换药，那款我也尝试破解过，不过方法没讲到重点，因为是我的刚进论坛的第一帖，很多还不懂嘛，于是借此补充吧，唯一不足就是还是转换完成后仍然没有提示，不过不影响正常转换，喜欢的打包带走，不喜欢的悄悄飘过吧

原软件下载：http://www.crsky.com/soft/103355.html

破解补丁下载http://pan.baidu.com/s/1eS4mI8U（放安装文件文件夹内运行！！！）

无爱技术吧.png

dirisyou · 发表于 2017-7-14 04:46

本帖最后由 dirisyou 于 2017-7-14 04:48 编辑

注册断点

关键call

爆破

进入算法区
0041F600    55          push ebp 算法区修改 mov eax,oxffff  赋值
0041F601    8BEC       mov ebp,esp 修改 rten  结束
0041F603    83EC 08    sub esp,0x8
0041F606 .  68 46144000 push <jmp.&MSVBVM60.__vbaExceptHandler>             ;  SE 处理程序安装
0041F60B .  64:A1 0000000>mov eax,dword ptr fs:[0]
0041F611 .  50          push eax
0041F612 .  64:8925 00000>mov dword ptr fs:[0],esp
0041F619 .  83EC 70    sub esp,0x70
0041F61C .  53          push ebx                                           ;  msvbvm60.__vbaHresultCheckObj
0041F61D .  56          push esi
0041F61E .  57          push edi                                           ;  msvbvm60.__vbaStrCat
0041F61F .  8965 F8    mov dword ptr ss:[ebp-0x8],esp
0041F622 .  C745 FC F0134>mov dword ptr ss:[ebp-0x4],快捷PDF?004013F0
0041F629 .  6A 03       push 0x3                                           ; /varType = Long
0041F62B .  8D45 D4    lea eax,dword ptr ss:[ebp-0x2C]                   ; |
0041F62E .  33FF       xor edi,edi                                        ; |msvbvm60.__vbaStrCat
0041F630 .  68 58894100 push 快捷PDF?00418958                               ; |ArraySturctdes = 快捷PDF?00418958
0041F635 .  50          push eax                                           ; |ArrayVar = 0012E2B4
0041F636 .  897D CC    mov dword ptr ss:[ebp-0x34],edi                   ; |msvbvm60.__vbaStrCat
0041F639 .  897D BC    mov dword ptr ss:[ebp-0x44],edi                   ; |msvbvm60.__vbaStrCat
0041F63C .  897D AC    mov dword ptr ss:[ebp-0x54],edi                   ; |msvbvm60.__vbaStrCat
0041F63F .  897D 9C    mov dword ptr ss:[ebp-0x64],edi                   ; |msvbvm60.__vbaStrCat
0041F642 .  897D 88    mov dword ptr ss:[ebp-0x78],edi                   ; |msvbvm60.__vbaStrCat
0041F645 .  FF15 90104000 call dword ptr ds:[<&MSVBVM60.__vbaAryConstruct2>] ; \__vbaAryConstruct2
0041F64B .  8B75 08    mov esi,dword ptr ss:[ebp+0x8]
0041F64E .  8B0E       mov ecx,dword ptr ds:[esi]
0041F650 .  51          push ecx                                           ; /String = "??猺"
0041F651 .  FF15 14104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>]       ; \__vbaLenBstr
0041F657 .  83F8 14    cmp eax,0x14
0041F65A .  74 0E       je short 快捷PDF?0041F66A
0041F65C .  897D EC    mov dword ptr ss:[ebp-0x14],edi                   ;  msvbvm60.__vbaStrCat
0041F65F .  68 DAF84100 push 快捷PDF?0041F8DA
0041F664 .  9B          wait
0041F665 .  E9 5D020000 jmp 快捷PDF?0041F8C7
0041F66A >  8D55 9C    lea edx,dword ptr ss:[ebp-0x64]
0041F66D .  6A 05       push 0x5
0041F66F .  8D45 BC    lea eax,dword ptr ss:[ebp-0x44]
0041F672 .  52          push edx
0041F673 .  50          push eax
0041F674 .  8975 A4    mov dword ptr ss:[ebp-0x5C],esi
0041F677 .  C745 9C 08400>mov dword ptr ss:[ebp-0x64],0x4008
0041F67E .  FF15 4C114000 call dword ptr ds:[<&MSVBVM60.#rtcLeftCharVar_617>]  ;  msvbvm60.rtcLeftCharVar
0041F684 .  8B3D EC104000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaStrVarVal>] ;  msvbvm60.__vbaStrVarVal
0041F68A .  8D4D BC    lea ecx,dword ptr ss:[ebp-0x44]
0041F68D .  8D55 CC    lea edx,dword ptr ss:[ebp-0x34]
0041F690 .  51          push ecx                                           ; /String8 = 00D5360C
0041F691 .  52          push edx                                           ; |ARG2 = 0012E294
0041F692 .  FFD7       call edi                                           ; \__vbaStrVarVal
0041F694 .  50          push eax
0041F695 .  FF15 88114000 call dword ptr ds:[<&MSVBVM60.#rtcR8ValFromBstr_581>>;  msvbvm60.rtcR8ValFromBstr
0041F69B .  8B1D 38114000 mov ebx,dword ptr ds:[<&MSVBVM60.__vbaFpCy>]       ;  msvbvm60.__vbaFpCy
0041F6A1 .  FFD3       call ebx                                           ;  msvbvm60.__vbaHresultCheckObj; <&MSVBVM60.__vbaFpCy>
0041F6A3 .  52          push edx
0041F6A4 .  50          push eax
0041F6A5 .  FF15 60114000 call dword ptr ds:[<&MSVBVM60.__vbaI4Cy>]          ;  msvbvm60.__vbaI4Cy
0041F6AB .  8B4D E0    mov ecx,dword ptr ss:[ebp-0x20]
0041F6AE .  8901       mov dword ptr ds:[ecx],eax
0041F6B0 .  8D4D CC    lea ecx,dword ptr ss:[ebp-0x34]
0041F6B3 .  FF15 80114000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>]       ;  msvbvm60.__vbaFreeStr
0041F6B9 .  8D4D BC    lea ecx,dword ptr ss:[ebp-0x44]
0041F6BC .  FF15 0C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>]       ;  msvbvm60.__vbaFreeVar
0041F6C2 .  8D55 BC    lea edx,dword ptr ss:[ebp-0x44]
0041F6C5 .  8D45 9C    lea eax,dword ptr ss:[ebp-0x64]
0041F6C8 .  52          push edx                                           ; /Length8 = 0x12E294
0041F6C9 .  6A 06       push 0x6                                           ; |Start = 0x6
0041F6CB .  8D4D AC    lea ecx,dword ptr ss:[ebp-0x54]                   ; |
0041F6CE .  50          push eax                                           ; |dString8 = 0012E2B4
0041F6CF .  51          push ecx                                           ; |RetBUFFER = 00D5360C
0041F6D0 .  C745 C4 05000>mov dword ptr ss:[ebp-0x3C],0x5                   ; |
0041F6D7 .  C745 BC 02000>mov dword ptr ss:[ebp-0x44],0x2                   ; |
0041F6DE .  8975 A4    mov dword ptr ss:[ebp-0x5C],esi                   ; |
0041F6E1 .  C745 9C 08400>mov dword ptr ss:[ebp-0x64],0x4008                ; |
0041F6E8 .  FF15 78104000 call dword ptr ds:[<&MSVBVM60.#rtcMidCharVar_632>] ; \rtcMidCharVar
0041F6EE .  8D55 AC    lea edx,dword ptr ss:[ebp-0x54]
0041F6F1 .  8D45 CC    lea eax,dword ptr ss:[ebp-0x34]
0041F6F4 .  52          push edx
0041F6F5 .  50          push eax
0041F6F6 .  FFD7       call edi                                           ;  msvbvm60.__vbaStrCat
0041F6F8 .  50          push eax
0041F6F9 .  FF15 88114000 call dword ptr ds:[<&MSVBVM60.#rtcR8ValFromBstr_581>>;  msvbvm60.rtcR8ValFromBstr
0041F6FF .  FFD3       call ebx                                           ;  msvbvm60.__vbaHresultCheckObj
0041F701 .  52          push edx
0041F702 .  50          push eax
0041F703 .  FF15 60114000 call dword ptr ds:[<&MSVBVM60.__vbaI4Cy>]          ;  msvbvm60.__vbaI4Cy
0041F709 .  8B4D E0    mov ecx,dword ptr ss:[ebp-0x20]
0041F70C .  8941 04    mov dword ptr ds:[ecx+0x4],eax
0041F70F .  8D4D CC    lea ecx,dword ptr ss:[ebp-0x34]
0041F712 .  FF15 80114000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>]       ;  msvbvm60.__vbaFreeStr
0041F718 .  8D55 AC    lea edx,dword ptr ss:[ebp-0x54]
0041F71B .  8D45 BC    lea eax,dword ptr ss:[ebp-0x44]
0041F71E .  52          push edx
0041F71F .  50          push eax
0041F720 .  6A 02       push 0x2
0041F722 .  FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>]    ;  msvbvm60.__vbaFreeVarList
0041F728 .  83C4 0C    add esp,0xC
0041F72B .  8D4D BC    lea ecx,dword ptr ss:[ebp-0x44]
0041F72E .  8D55 9C    lea edx,dword ptr ss:[ebp-0x64]
0041F731 .  8D45 AC    lea eax,dword ptr ss:[ebp-0x54]
0041F734 .  51          push ecx                                           ; /Length8 = 0xD5360C
0041F735 .  6A 0B       push 0xB                                           ; |Start = 0xB
0041F737 .  52          push edx                                           ; |dString8 = 0012E294
0041F738 .  50          push eax                                           ; |RetBUFFER = 0012E2B4
0041F739 .  C745 C4 05000>mov dword ptr ss:[ebp-0x3C],0x5                   ; |
0041F740 .  C745 BC 02000>mov dword ptr ss:[ebp-0x44],0x2                   ; |
0041F747 .  8975 A4    mov dword ptr ss:[ebp-0x5C],esi                   ; |
0041F74A .  C745 9C 08400>mov dword ptr ss:[ebp-0x64],0x4008                ; |
0041F751 .  FF15 78104000 call dword ptr ds:[<&MSVBVM60.#rtcMidCharVar_632>] ; \rtcMidCharVar
0041F757 .  8D4D AC    lea ecx,dword ptr ss:[ebp-0x54]
0041F75A .  8D55 CC    lea edx,dword ptr ss:[ebp-0x34]
0041F75D .  51          push ecx
0041F75E .  52          push edx
0041F75F .  FFD7       call edi                                           ;  msvbvm60.__vbaStrCat
0041F761 .  50          push eax
0041F762 .  FF15 88114000 call dword ptr ds:[<&MSVBVM60.#rtcR8ValFromBstr_581>>;  msvbvm60.rtcR8ValFromBstr
0041F768 .  FFD3       call ebx                                           ;  msvbvm60.__vbaHresultCheckObj
0041F76A .  52          push edx
0041F76B .  50          push eax
0041F76C .  FF15 60114000 call dword ptr ds:[<&MSVBVM60.__vbaI4Cy>]          ;  msvbvm60.__vbaI4Cy
0041F772 .  8B4D E0    mov ecx,dword ptr ss:[ebp-0x20]
0041F775 .  8941 08    mov dword ptr ds:[ecx+0x8],eax
0041F778 .  8D4D CC    lea ecx,dword ptr ss:[ebp-0x34]
0041F77B .  FF15 80114000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>]       ;  msvbvm60.__vbaFreeStr
0041F781 .  8D55 AC    lea edx,dword ptr ss:[ebp-0x54]
0041F784 .  8D45 BC    lea eax,dword ptr ss:[ebp-0x44]
0041F787 .  52          push edx
0041F788 .  50          push eax
0041F789 .  6A 02       push 0x2
0041F78B .  FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>]    ;  msvbvm60.__vbaFreeVarList
0041F791 .  83C4 0C    add esp,0xC
0041F794 .  8D4D BC    lea ecx,dword ptr ss:[ebp-0x44]
0041F797 .  8D55 9C    lea edx,dword ptr ss:[ebp-0x64]
0041F79A .  8D45 AC    lea eax,dword ptr ss:[ebp-0x54]
0041F79D .  51          push ecx                                           ; /Length8 = 0xD5360C
0041F79E .  6A 10       push 0x10                                           ; |Start = 0x10
0041F7A0 .  52          push edx                                           ; |dString8 = 0012E294
0041F7A1 .  50          push eax                                           ; |RetBUFFER = 0012E2B4
0041F7A2 .  C745 C4 05000>mov dword ptr ss:[ebp-0x3C],0x5                   ; |
0041F7A9 .  C745 BC 02000>mov dword ptr ss:[ebp-0x44],0x2                   ; |
0041F7B0 .  8975 A4    mov dword ptr ss:[ebp-0x5C],esi                   ; |
0041F7B3 .  C745 9C 08400>mov dword ptr ss:[ebp-0x64],0x4008                ; |
0041F7BA .  FF15 78104000 call dword ptr ds:[<&MSVBVM60.#rtcMidCharVar_632>] ; \rtcMidCharVar
0041F7C0 .  8D4D AC    lea ecx,dword ptr ss:[ebp-0x54]
0041F7C3 .  8D55 CC    lea edx,dword ptr ss:[ebp-0x34]
0041F7C6 .  51          push ecx
0041F7C7 .  52          push edx
0041F7C8 .  FFD7       call edi                                           ;  msvbvm60.__vbaStrCat
0041F7CA .  50          push eax
0041F7CB .  FF15 88114000 call dword ptr ds:[<&MSVBVM60.#rtcR8ValFromBstr_581>>;  msvbvm60.rtcR8ValFromBstr
0041F7D1 .  FFD3       call ebx                                           ;  msvbvm60.__vbaHresultCheckObj
0041F7D3 .  52          push edx
0041F7D4 .  50          push eax
0041F7D5 .  FF15 60114000 call dword ptr ds:[<&MSVBVM60.__vbaI4Cy>]          ;  msvbvm60.__vbaI4Cy
0041F7DB .  8B4D E0    mov ecx,dword ptr ss:[ebp-0x20]
0041F7DE .  8941 0C    mov dword ptr ds:[ecx+0xC],eax
0041F7E1 .  8D4D CC    lea ecx,dword ptr ss:[ebp-0x34]
0041F7E4 .  FF15 80114000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>]       ;  msvbvm60.__vbaFreeStr
0041F7EA .  8D55 AC    lea edx,dword ptr ss:[ebp-0x54]
0041F7ED .  8D45 BC    lea eax,dword ptr ss:[ebp-0x44]
0041F7F0 .  52          push edx
0041F7F1 .  50          push eax
0041F7F2 .  6A 02       push 0x2
0041F7F4 .  FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>]    ;  msvbvm60.__vbaFreeVarList
0041F7FA .  8B4D E0    mov ecx,dword ptr ss:[ebp-0x20]
0041F7FD .  83C4 0C    add esp,0xC
0041F800 .  8D45 88    lea eax,dword ptr ss:[ebp-0x78]
0041F803 .  8B11       mov edx,dword ptr ds:[ecx]
0041F805 .  50          push eax
0041F806 .  83EA 01    sub edx,0x1
0041F809 .  0F80 E2000000 jo 快捷PDF?0041F8F1
0041F80F .  8955 88    mov dword ptr ss:[ebp-0x78],edx
0041F812 .  E8 A9FDFFFF call 快捷PDF?0041F5C0
0041F817 .  66:85C0    test ax,ax
0041F81A .  75 12       jnz short 快捷PDF?0041F82E
0041F81C .  C745 EC 00000>mov dword ptr ss:[ebp-0x14],0x0
0041F823 .  68 DAF84100 push 快捷PDF?0041F8DA
0041F828 .  9B          wait
0041F829 .  E9 99000000 jmp 快捷PDF?0041F8C7
0041F82E >  8B4D E0    mov ecx,dword ptr ss:[ebp-0x20]
0041F831 .  BE 03000000 mov esi,0x3
0041F836 .  8B41 04    mov eax,dword ptr ds:[ecx+0x4]                      ;  msvbvm60.733AAF30
0041F839 .  83E8 01    sub eax,0x1
0041F83C .  0F80 AF000000 jo 快捷PDF?0041F8F1
0041F842 .  99          cdq
0041F843 .  F7FE       idiv esi
0041F845 .  85D2       test edx,edx
0041F847 .  74 0F       je short 快捷PDF?0041F858
0041F849 .  C745 EC 00000>mov dword ptr ss:[ebp-0x14],0x0
0041F850 .  68 DAF84100 push 快捷PDF?0041F8DA
0041F855 .  9B          wait
0041F856 .  EB 6F       jmp short 快捷PDF?0041F8C7
0041F858 >  8B49 08    mov ecx,dword ptr ds:[ecx+0x8]
0041F85B .  8D55 88    lea edx,dword ptr ss:[ebp-0x78]
0041F85E .  83C1 01    add ecx,0x1
0041F861 .  52          push edx
0041F862 .  0F80 89000000 jo 快捷PDF?0041F8F1
0041F868 .  894D 88    mov dword ptr ss:[ebp-0x78],ecx
0041F86B .  E8 50FDFFFF call 快捷PDF?0041F5C0
0041F870 .  66:3D FFFF cmp ax,0xFFFF
0041F874 .  75 0F       jnz short 快捷PDF?0041F885
0041F876 .  C745 EC 00000>mov dword ptr ss:[ebp-0x14],0x0
0041F87D .  68 DAF84100 push 快捷PDF?0041F8DA
0041F882 .  9B          wait
0041F883 .  EB 42       jmp short 快捷PDF?0041F8C7
0041F885 >  8B45 E0    mov eax,dword ptr ss:[ebp-0x20]
0041F888 .  B9 11000000 mov ecx,0x11
0041F88D .  9B          wait
0041F88E .  8B40 0C    mov eax,dword ptr ds:[eax+0xC]                      ;  快捷PDF?00401410
0041F891 .  68 DAF84100 push 快捷PDF?0041F8DA
0041F896 .  83C0 01    add eax,0x1
0041F899 .  70 56       jo short 快捷PDF?0041F8F1
0041F89B .  99          cdq
0041F89C .  F7F9       idiv ecx
0041F89E .  F7DA       neg edx
0041F8A0 .  1BD2       sbb edx,edx
0041F8A2 .  F7DA       neg edx
0041F8A4 .  4A          dec edx
0041F8A5 .  8955 EC    mov dword ptr ss:[ebp-0x14],edx
0041F8A8 .  EB 1D       jmp short 快捷PDF?0041F8C7
0041F8AA .  8D4D CC    lea ecx,dword ptr ss:[ebp-0x34]
0041F8AD .  FF15 80114000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>]       ;  msvbvm60.__vbaFreeStr
0041F8B3 .  8D55 AC    lea edx,dword ptr ss:[ebp-0x54]
0041F8B6 .  8D45 BC    lea eax,dword ptr ss:[ebp-0x44]
0041F8B9 .  52          push edx
0041F8BA .  50          push eax
0041F8BB .  6A 02       push 0x2
0041F8BD .  FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>]    ;  msvbvm60.__vbaFreeVarList
0041F8C3 .  83C4 0C    add esp,0xC
0041F8C6 .  C3          retn
0041F8C7 >  8D55 88    lea edx,dword ptr ss:[ebp-0x78]
0041F8CA .  8D4D D4    lea ecx,dword ptr ss:[ebp-0x2C]
0041F8CD .  52          push edx
0041F8CE .  6A 00       push 0x0
0041F8D0 .  894D 88    mov dword ptr ss:[ebp-0x78],ecx
0041F8D3 .  FF15 4C104000 call dword ptr ds:[<&MSVBVM60.__vbaAryDestruct>]    ;  msvbvm60.__vbaAryDestruct
0041F8D9 .  C3          retn

ak47ppp · 发表于 2016-4-26 13:41

非常适用的一款软件

小员工 · 发表于 2016-4-26 13:43

感谢发原创贴

千岛之最 · 发表于 2016-4-26 14:37

有教程有成品，好贴

education · 发表于 2016-4-26 14:45

能转换多少页呢

wangqiustc · 发表于 2016-4-26 15:23

这个软件做这么小，真是佩服

men2014 · 发表于 2016-4-26 15:41

多谢分享了

ZF0806 · 发表于 2016-4-26 16:09

meters 发表于 2016-4-26 14:45
能转换多少页呢

已去除限制，应该是不限，你试下吧

悠嘻猫仔 · 发表于 2016-4-26 17:22

收藏了，谢谢分享！

酷狗 · 发表于 2016-4-26 18:01

CMP比较什么意思

帐号		自动登录	找回密码
密码			注册[Register]

[原创] 快捷PDF转换成Word转换器 v16.5 破解版【图文详解】

点评

免费评分

点评