您的位置:首页 > 产品设计 > UI/UE

IDM 6.25 build 21破解笔记

2016-06-11 14:38 483 查看
0044652D    - 0F87 3B020090 ja 9044676E  强改这里!

下面是活路

004469FF   . /0F85 1C050000 jnz build21_.00446F21

0045860C   .  50            push eax                                 ;  全F2

0045860D   .  E8 7D171900   call build21_.005E9D8F                   ;  全F2

00458612   .  8B40 1C       mov eax,dword ptr ds:[eax+0x1C]          ;  全F2

00458615   .  8D8D 78FFFFFF lea ecx,dword ptr ss:[ebp-0x88]

0045861B   .  6A 30         push 0x30                                ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL

0045861D   .  8D95 54FEFFFF lea edx,dword ptr ss:[ebp-0x1AC]         ; |

00458623   .  51            push ecx                                 ; |Title = "Internet Download Manager"

00458624   .  52            push edx                                 ; |Text = "Internet Download Manager has been registered with a fake Serial Number. Be aware that the cracked product may work incorrectly and download files with errors. Thus we advise you
to purchase the full-featured product."

00458625   .  50            push eax                                 ; |hOwner = 00010010 (class='#32769')

00458626   .  FF15 F4C76100 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA

0045862C   .  8B4B 1C       mov ecx,dword ptr ds:[ebx+0x1C]          ;  build21_.004A017E

0045862F   .  56            push esi                                 ; /lParam = 0x0

00458630   .  68 70140000   push 0x1470                              ; |wParam = 0x1470

00458635   .  68 11010000   push 0x111                               ; |Message = WM_COMMAND

0045863A   .  51            push ecx                                 ; |hWnd = 0xBCE274

0045863B   .  FF15 C0C76100 call dword ptr ds:[<&USER32.PostMessageA>; \PostMessageA

由IDA中看到的 0044FE4F   .  BF 00276B00          mov edi,build21_.006B2700                ;  506938841

00451ACB     /E9 BA020000          jmp build21_.00451D8A(改后的)

00451DED   > \B9 0D000000          mov ecx,0xD

00451DF2   .  33C0                 xor eax,eax

00451DF4   .  8D7D 88              lea edi,dword ptr ss:[ebp-0x78]

00451DF7   .  8D75 88              lea esi,dword ptr ss:[ebp-0x78]

00451DFA   .  F3:AB                rep stos dword ptr es:[edi]

00451DFC   .  8BFA                 mov edi,edx

00451DFE   .  83C9 FF              or ecx,-0x1

00451E01   .  F2:AE                repne scas byte ptr es:[edi]

00451E03   .  F7D1                 not ecx

00451E05   .  2BF9                 sub edi,ecx

00451E07   .  8975 08              mov dword ptr ss:[ebp+0x8],esi 这里看到了一个注册码

00451F11   . /75 13                jnz short build21_.00451F26              ;  这里未知,但在一通注册码之后的

===================================================

之后去死

0044CF2B   .^\7C F0         jl short IDMan.0044CF1D

0044CF2D   >  8B4C24 74     mov ecx,dword ptr ss:[esp+0x74]

0044CF31   .  8B15 C4CA6D00 mov edx,dword ptr ds:[0x6DCAC4]

0044CF37   .  8D4424 78     lea eax,dword ptr ss:[esp+0x78]

0044CF3B   .  68 30100400   push 0x41030                             ; /Style = MB_OK|MB_ICONEXCLAMATION|MB_SYSTEMMODAL|40000

0044CF40   .  50            push eax                                 ; |Title = 00000001 ???

0044CF41   .  51            push ecx                                 ; |Text = NULL

0044CF42   .  52            push edx                                 ; |hOwner = NULL

0044CF43   .  FF15 F4C76100 call dword ptr ds:[<&USER32.MessageBoxA>>; \MessageBoxA

==================

================

弄链接时的退出

004596C8     /0F87 4F030000 ja IDMan.00459A1D                        ;  1

004596CE   . |0F84 18030000 je IDMan.004599EC                        ;  2

004596D4   . |8D87 63EBFFFF lea eax,dword ptr ds:[edi-0x149D]        ;  3

004596DA   . |83F8 08       cmp eax,0x8

004596DD   . |0F87 42030000 ja IDMan.00459A25                        ;  4

004596E3   . |FF2485 909C45>jmp dword ptr ds:[eax*4+0x459C90]

004596EA   > |8B0D 80C96D00 mov ecx,dword ptr ds:[0x6DC980]          ;  Case 14A0 of switch 004537A8

004596F0   . |8D55 CC       lea edx,dword ptr ss:[ebp-0x34]

004596F3   . |8D85 58FFFFFF lea eax,dword ptr ss:[ebp-0xA8]

004596F9   . |52            push edx                                 ; /pBufSize = 02A0B6FC

004596FA   . |50            push eax                                 ; |Buffer = IDMan.004534C3

004596FB   . |56            push esi                                 ; |pValueType = NULL

004596FC   . |56            push esi                                 ; |Reserved = NULL

004596FD   . |68 14106B00   push IDMan.006B1014                      ; |ValueName = "bVP9Ch"

00459702   . |51            push ecx                                 ; |hKey = 0xBCE5E4

00459703   . |C745 CC 04000>mov dword ptr ss:[ebp-0x34],0x4          ; |

0045970A   . |FF15 04C06100 call dword ptr ds:[<&ADVAPI32.RegQueryVa>; \RegQueryValueExA

00459710   . |85C0          test eax,eax                             ;  IDMan.004534C3

====

====

假注册时的启动时的 退出

0044652D     /E9 3C020000   jmp build21_.0044676E                    ;  能跳过 假注册码

005D52F3  |.  E8 FFD9FFFF   call build21_.005D2CF7                   ;  好像这里 死逼退出
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航