VR医疗构建虚拟的人体模型器官以及手术提高虚拟实境的真实感,借助于虚拟外设可以使人们更逼真的学习医疗知识以及治病救人的虚拟现实应用
目标软件: BUE 虚拟网络硬盘 Ver0.1软件大小: 501KB软件语言: 简体中文软件类别: 国产软件 / 共享版 / 邮件处理应用平台: Win9x/NT/2000/XP开 发 商: http://buesoft.y365.com软件介绍 相信每人的有在Internet上注册的电子邮箱,其存储空间一般都有10-25MB,仅仅用来收发E-mail是非常浪费的,因此本软件就利用电子邮箱里用不完的存储空间来存放文件。工具:W32DASM的V10版 Language2000 ollydbg v1.07首先: 用Language2000监测NetDisk.exe,发现没有壳.剩下的就好办了。运行程序,点购买软件,注册码输入87654321。 点确定,提示失败。再打开w32dasm调进主程序,利用“串式查找”功能找到:" 注册码验证出错,请从合法途径取得注册码!"反复双击,发现只有一处调用!代码如下::0047980D 52 push edx:0047980E 50 push eax:0047980F 8D45E8 lea eax, dword ptr [ebp-18]:00479812 E8F9EDF8FF call 00408610:00479817 8B55E8 mov edx, dword ptr [ebp-18]:0047981A 58 pop eax:0047981B E860A7F8FF call 00403F80 -------------关键的比较处:00479820 0F858E000000 jne 004798B4 --------------跳了就game over
* Possible StringData Ref from Code Obj ->"True" |:00479826 6870994700 push 00479970:0047982B 8D45E4 lea eax, dword ptr [ebp-1C]:0047982E E8C16AFDFF call 004502F4:00479833 8D45E4 lea eax, dword ptr [ebp-1C]
* Possible StringData Ref from Code Obj ->"\win.ini" |:00479836 BA80994700 mov edx, 00479980:0047983B E838A6F8FF call 00403E78:00479840 8B45E4 mov eax, dword ptr [ebp-1C]
* Possible StringData Ref from Code Obj ->"RSoft" |:00479843 B994994700 mov ecx, 00479994
* Possible StringData Ref from Code Obj ->"NetSoftr" |:00479848 BAA4994700 mov edx, 004799A4:0047984D E8226AFDFF call 00450274
* Possible StringData Ref from Code Obj ->"True" |:00479852 6870994700 push 00479970
* Possible StringData Ref from Code Obj ->"RSoft" |:00479857 B994994700 mov ecx, 00479994
* Possible StringData Ref from Code Obj ->"bsoftndfile\NetSoftr" |:0047985C BAB8994700 mov edx, 004799B8:00479861 B800000080 mov eax, 80000000:00479866 E8C968FDFF call 00450134:0047986B 6A40 push 00000040
* Possible StringData Ref from Code Obj ->"软件注册" |:0047986D 6830994700 push 00479930
* Possible StringData Ref from Code Obj ->"感谢您购买本软件,请妥善保管您的注册码。" |:00479872 68D0994700 push 004799D0:00479877 A1B4AA4900 mov eax, dword ptr [0049AAB4]:0047987C E863BEFBFF call 004356E4:00479881 50 push eax
* Reference To: user32.MessageBoxA, Ord:0000h |:00479882 E8A5D6F8FF Call 00406F2C:00479887 6A05 push 00000005:00479889 8D55E0 lea edx, dword ptr [ebp-20]:0047988C A164964900 mov eax, dword ptr [00499664]:00479891 8B00 mov eax, dword ptr [eax]:00479893 E87843FDFF call 0044DC10:00479898 8B45E0 mov eax, dword ptr [ebp-20]:0047989B E894A7F8FF call 00404034:004798A0 50 push eax
* Reference To: kernel32.WinExec, Ord:0000h |:004798A1 E89ED0F8FF Call 00406944:004798A6 A164964900 mov eax, dword ptr [00499664]:004798AB 8B00 mov eax, dword ptr [eax]:004798AD E84A3FFDFF call 0044D7FC:004798B2 EB35 jmp 004798E9
* Referenced by a (U)nconditional or (C)onditional Jump at Address:|:00479820(C) --------------------- 从这个地方跳过来的|:004798B4 6A30 push 00000030
* Possible StringData Ref from Code Obj ->"软件注册" |:004798B6 6830994700 push 00479930
* Possible StringData Ref from Code Obj ->"注册码验证出错,请从合法途径取得注册码!"----往上看 |:004798BB 68FC994700 push 004799FC:004798C0 A1B4AA4900 mov eax, dword ptr [0049AAB4]:004798C5 E81ABEFBFF call 004356E4:004798CA 50 push eax
现在开始破解,打开ollydbg v1.07,调入主程序,在比较注册码的地方(0047981B)按F2下断点,然后按F9运行程序,注册码输入87654321点注册。拦下程序以后,就会在屏幕的右下方看到 927536113(我的注册申请码) 87654321(假的注册码)1855076224(真正的注册码)整理一下:注册申请码:927536113 注册码:1855076224至于内存注册机,我太懒了,就不写了!顺便说一下,让已经注册的版本再变回未注册的版本的方法就是打开win.ini把这行[NetSoftr] RSoft=True给删掉就好了。总算搞定了,我也要去睡了!大家有事常联系!