好友
阅读权限10
听众
最后登录1970-1-1
|
小李通讯
发表于 2008-7-23 18:45
吾爱(www.52pojie.net)朋友们大家好,今天给大家做了个简单的破解教程,论坛原创区有个破解好的但
没有破解过程和教程,既然我们是学破解下个破解的也没什么意思(个人看法,呵呵)看到后特意给新手
们做个简单的教程,大牛飘过,我也是个菜鸟只会爆破不会追码,学会后给大家补上....
好了废话不多讲,进入今天要讲的主题 破解 驾驶员科目一模拟考试系统
好,首些用PEID查壳Microsoft Visual Basic 5.0 / 6.0,很好,无壳、VB写的...
再运行软件点注册,手机号码和注册码随便填,点注册提示注册不成功!请您和开发商联系注册
好,我们载入OD,点插件==》查找字符串==》我找过,这里面没有,我们用另外个软件来找字符串,这个
软件再入程序慢我就先载入好了,找到了我们想要的字符啦 注册成功!感谢您对正版软件的支持 009CB6AF,我们
把这个地址记好,来到OD、Ctrl+G把刚才的地址输好,点确定就来到了这个地址.....
好了,现在我们向上找跳转、找能跳过 注册成功!感谢您对正版软件的支持,然后把它NOP掉
找到了,
009CB4D88D4D D0lea ecx,dword ptr ss:[ebp-30]
009CB4DBFF15 24104000call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeVar
009CB4E166:85DBtest bx,bx
009CB4E40F84 91020000je driver08.009CB77B 关键跳,我们要将它NOP掉
009CB4EA8D55 E8lea edx,dword ptr ss:[ebp-18]
009CB4ED68 38E09C00push driver08.009CE038
009CB4F252 push edx
009CB4F3FF15 58114000call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaStrVarVal
009CB4F950 push eax
009CB4FA68 40D54000push driver08.0040D540; m
009CB4FF68 38C94000push driver08.0040C938; s
009CB50468 1CC94000push driver08.0040C91C; c
009CB509FF15 04104000call dword ptr ds:[<&MSVBVM60.#69>; MSVBVM60.rtcSaveSetting
009CB50F8D4D E8lea ecx,dword ptr ss:[ebp-18]
009CB512FF15 18124000call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeStr
009CB5188B06 mov eax,dword ptr ds:[esi]
009CB51A56 push esi
009CB51BFF90 04030000call dword ptr ds:[eax+304]
009CB5218D4D E4lea ecx,dword ptr ss:[ebp-1C]
009CB52450 push eax
009CB52551 push ecx
009CB526FFD7 call edi
009CB5288BD8 mov ebx,eax
009CB52A8D45 E8lea eax,dword ptr ss:[ebp-18]
009CB52D50 push eax
009CB52E53 push ebx
009CB52F8B13 mov edx,dword ptr ds:[ebx]
009CB531FF92 A0000000call dword ptr ds:[edx+A0]
009CB53785C0 test eax,eax
009CB539DBE2 fclex
009CB53B7D 12jge short driver08.009CB54F
009CB53D68 A0000000push 0A0
009CB54268 DCBB4000push driver08.0040BBDC
009CB54753 push ebx
009CB54850 push eax
009CB549FF15 68104000call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
009CB54F8B4D E8mov ecx,dword ptr ss:[ebp-18]
009CB55251 push ecx
009CB55368 54D54000push driver08.0040D554; m
009CB55868 38C94000push driver08.0040C938; s
009CB55D68 1CC94000push driver08.0040C91C; c
009CB562FF15 04104000call dword ptr ds:[<&MSVBVM60.#69>; MSVBVM60.rtcSaveSetting
009CB5688D4D E8lea ecx,dword ptr ss:[ebp-18]
009CB56BFF15 18124000call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeStr
009CB5718D4D E4lea ecx,dword ptr ss:[ebp-1C]
009CB574FF15 14124000call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeObj
009CB57A8B16 mov edx,dword ptr ds:[esi]
009CB57C56 push esi
009CB57DFF92 04030000call dword ptr ds:[edx+304]
009CB58350 push eax
009CB5848D45 E4lea eax,dword ptr ss:[ebp-1C]
009CB58750 push eax
009CB588FFD7 call edi
009CB58A8BD8 mov ebx,eax
009CB58C6A 00push 0
009CB58E53 push ebx
009CB58F8B0B mov ecx,dword ptr ds:[ebx]
009CB591FF91 8C000000call dword ptr ds:[ecx+8C]
009CB59785C0 test eax,eax
009CB599DBE2 fclex
009CB59B7D 12jge short driver08.009CB5AF
009CB59D68 8C000000push 8C
009CB5A268 DCBB4000push driver08.0040BBDC
009CB5A753 push ebx
009CB5A850 push eax
009CB5A9FF15 68104000call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
009CB5AF8D4D E4lea ecx,dword ptr ss:[ebp-1C]
009CB5B2FF15 14124000call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeObj
009CB5B88B16 mov edx,dword ptr ds:[esi]
009CB5BA56 push esi
009CB5BBFF92 08030000call dword ptr ds:[edx+308]
009CB5C150 push eax
009CB5C28D45 E4lea eax,dword ptr ss:[ebp-1C]
009CB5C550 push eax
009CB5C6FFD7 call edi
009CB5C88BD8 mov ebx,eax
009CB5CA6A 00push 0
009CB5CC53 push ebx
009CB5CD8B0B mov ecx,dword ptr ds:[ebx]
009CB5CFFF91 8C000000call dword ptr ds:[ecx+8C]
009CB5D585C0 test eax,eax
009CB5D7DBE2 fclex
009CB5D97D 12jge short driver08.009CB5ED
009CB5DB68 8C000000push 8C
009CB5E068 DCBB4000push driver08.0040BBDC
009CB5E553 push ebx
009CB5E650 push eax
009CB5E7FF15 68104000call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
009CB5ED8D4D E4lea ecx,dword ptr ss:[ebp-1C]
009CB5F0FF15 14124000call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeObj
009CB5F68B16 mov edx,dword ptr ds:[esi]
009CB5F856 push esi
009CB5F9FF92 18030000call dword ptr ds:[edx+318]
009CB5FF50 push eax
009CB6008D45 E4lea eax,dword ptr ss:[ebp-1C]
009CB60350 push eax
009CB604FFD7 call edi
009CB6068BD8 mov ebx,eax
009CB6086A 00push 0
009CB60A53 push ebx
009CB60B8B0B mov ecx,dword ptr ds:[ebx]
009CB60DFF91 8C000000call dword ptr ds:[ecx+8C]
009CB61385C0 test eax,eax
009CB615DBE2 fclex
009CB6177D 12jge short driver08.009CB62B
009CB61968 8C000000push 8C
009CB61E68 78BE4000push driver08.0040BE78
009CB62353 push ebx
009CB62450 push eax
009CB625FF15 68104000call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
009CB62B8B1D 14124000mov ebx,dword ptr ds:[<&MSVBVM60.>; MSVBVM60.__vbaFreeObj
009CB6318D4D E4lea ecx,dword ptr ss:[ebp-1C]
009CB634FFD3 call ebx
009CB6368B16 mov edx,dword ptr ds:[esi]
009CB63856 push esi
009CB639FF92 24030000call dword ptr ds:[edx+324]
009CB63F50 push eax
009CB6408D45 E4lea eax,dword ptr ss:[ebp-1C]
009CB64350 push eax
009CB644FFD7 call edi
009CB6468BF0 mov esi,eax
009CB64868 64D54000push driver08.0040D564
009CB64D56 push esi
009CB64E8B0E mov ecx,dword ptr ds:[esi]
009CB650FF51 54call dword ptr ds:[ecx+54]
009CB65385C0 test eax,eax
009CB655DBE2 fclex
009CB6577D 0Fjge short driver08.009CB668
009CB6596A 54push 54
009CB65B68 10BB4000push driver08.0040BB10
009CB66056 push esi
009CB66150 push eax
009CB662FF15 68104000call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
009CB6688D4D E4lea ecx,dword ptr ss:[ebp-1C]
009CB66BFFD3 call ebx
009CB66D8B35 C8114000mov esi,dword ptr ds:[<&MSVBVM60.>; MSVBVM60.__vbaVarDup
009CB673BF 04000280mov edi,80020004
009CB678B8 0A000000mov eax,0A
009CB67DBB 08000000mov ebx,8
009CB6828D55 80lea edx,dword ptr ss:[ebp-80]
009CB6858D4D C0lea ecx,dword ptr ss:[ebp-40]
009CB68866:C705 70E09C00 FFF>mov word ptr ds:[9CE070],0FFFF
009CB691897D A8mov dword ptr ss:[ebp-58],edi
009CB6948945 A0mov dword ptr ss:[ebp-60],eax
009CB697897D B8mov dword ptr ss:[ebp-48],edi
009CB69A8945 B0mov dword ptr ss:[ebp-50],eax
009CB69DC745 88 B0D54000 mov dword ptr ss:[ebp-78],driver0>
009CB6A4895D 80mov dword ptr ss:[ebp-80],ebx
009CB6A7FFD6 call esi
009CB6A98D55 90lea edx,dword ptr ss:[ebp-70]
009CB6AC8D4D D0lea ecx,dword ptr ss:[ebp-30]
009CB6AFC745 98 88D54000 mov dword ptr ss:[ebp-68],driver0>; 注册成功,感谢您的支持
009CB6B6895D 90mov dword ptr ss:[ebp-70],ebx
009CB6B9FFD6 call esi
009CB6BB8D55 A0lea edx,dword ptr ss:[ebp-60]
009CB6BE8D45 B0lea eax,dword ptr ss:[ebp-50]
009CB6C152 push edx
我们把关键跳NOP掉==》保存、
好,我们来试下,还是随便输入手机号码和注册码.........
哇,提示 注册成功!感谢您对正版软件的支持,OK爆破成功,注册见面也变为灰色的啦,我们重新运行下看....
破解成功,呵呵... 简单吧
教程到此结束,在这里我感谢吾爱论坛(www.52pojie.net)给我这么好的一个平台
拜拜!!!!!!!!!!!
教程下载地址 http://www.rayfile.com/files/525 ... -818a-0014221b798a/ |
|