网页资讯视频图片知道文库贴吧地图采购
进入贴吧全吧搜索
吾爱破解吧 关注:146,278贴子:230,968
  • 3回复贴,共1

暴破 PerformanceTest 3.4

标 题:暴破 PerformanceTest 3.4 (8千字)
发信人:fishs
时 间:2001-4-25 23:02:28
详细信息:
软件名称:PassMark PerformanceTest 3.4
破解目的:30 天试用期,程序启动时跳出注册窗
破解工具:TRW2000、W32Dsm89、UltraEdit
首先用 TRW2000 载入程序,停留在程序入口处,然后开始不停的按 F10 单步跟踪……
//******************** Program Entry Point ********
.
.
.
* Reference To: KERNEL32.GetModuleHandleA, Ord:0126h
|
:00416B34 FF1520314200 Call dword ptr [00423120]
:00416B3A 50 push eax
:00416B3B E8302AFFFF call 00409570 <---- 这里跳出注册窗,F8 跟进
:00416B40 8945A0 mov dword ptr [ebp-60], eax
:00416B43 50 push eax
:00416B44 E8D9F9FFFF call 00416522
:00416B49 8B45EC mov eax, dword ptr [ebp-14]
:00416B4C 8B08 mov ecx, dword ptr [eax]
:00416B4E 8B09 mov ecx, dword ptr [ecx]
:00416B50 894D98 mov dword ptr [ebp-68], ecx
:00416B53 50 push eax
:00416B54 51 push ecx
:00416B55 E802570000 call 0041C25C
:00416B5A 59 pop ecx
:00416B5B 59 pop ecx
:00416B5C C3 ret
重新载入,按 F8 跟进 call 00409570,继续按 F10 单步跟踪……
.
.
.
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409973(C)
|
:0040997D 8B0DC0144400 mov ecx, dword ptr [004414C0]
:00409983 8B742414 mov esi, dword ptr [esp+14]
:00409987 33C0 xor eax, eax
:00409989 83F910 cmp ecx, 00000010
:0040998C 0F9DC0 setnl al
:0040998F 3BF3 cmp esi, ebx
:00409991 A388144400 mov dword ptr [00441488], eax
:00409996 7410 je 004099A8
:00409998 8BCE mov ecx, esi
:0040999A E861550000 call 0040EF00
:0040999F 56 push esi
:004099A0 E883B80000 call 00415228
:004099A5 83C404 add esp, 00000004
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409996(C)
|
:004099A8 E8A3480000 call 0040E250 <---- 这里跳出注册窗,F8 跟进
:004099AD 85C0 test eax, eax
:004099AF 750C jne 004099BD
:004099B1 E85A200000 call 0040BA10
:004099B6 53 push ebx
重新载入,按 F8 跟进 call 0040E250,按 F10 单步跟踪……
* Possible StringData Ref from Data Obj ->"2旒"
|
:0040E250 C705F81F440040B34200 mov dword ptr [00441FF8], 0042B340
:0040E25A C705F41F440000000000 mov dword ptr [00441FF4], 00000000
:0040E264 E8C7000000 call 0040E330 <---- 这里跳出注册窗。跟踪到这里的时候,我已经



没什么耐心了,而且我在下面发现了一些重要
的提示……
:0040E269 83F801 cmp eax, 00000001
:0040E26C 7501 jne 0040E26F
:0040E26E C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040E26C(C)
|
:0040E26F 83F803 cmp eax, 00000003
:0040E272 0F84A7000000 je 0040E31F
:0040E278 833DF41F44000F cmp dword ptr [00441FF4], 0000000F
:0040E27F 7523 jne 0040E2A4
:0040E281 6A30 push 00000030
* Reference To: USER32.MessageBeep, Ord:01BDh
|
:0040E283 FF15F8324200 Call dword ptr [004232F8]
:0040E289 A1C41A4400 mov eax, dword ptr [00441AC4]
:0040E28E 6A10 push 00000010
* Possible StringData Ref from Data Obj ->"Date / Time Error"
|
:0040E290 6804B44200 push 0042B404
* Possible StringData Ref from Data Obj ->"The date and time on this machine " <--程序记录了使用
->"is earlier than when
the program " 时间,所以修改
->"was previously run. In order to " 系统时间以延长
->"enforce the
unregistered version's " 使用期是没用的
->"eval period, this is not be allowed"
|
:0040E295 6858B34200 push 0042B358
:0040E29A 50 push eax
* Reference To: USER32.MessageBoxA, Ord:01BEh
|
:0040E29B FF1584324200 Call dword ptr [00423284]
:0040E2A1 33C0 xor eax, eax
:0040E2A3 C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040E27F(C)
|
:0040E2A4 53 push ebx
:0040E2A5 56 push esi
:0040E2A6 57 push edi
* Possible StringData Ref from Data Obj ->"Dqqnqctqhmfrs`qsto- Bgdbjvqhsdodqlhrrhnmh"
->"r`u`hk`akdhmsgddwdbts`akdchqdbsnqx+ Bgdbj"
->"sgdjdx-c`sehkddwhrsrhmsgddwdbts`akdch"
->"qdbsnqx- Sqxsntmhmrs`kk%qdhmrs`kksgdrnes"
->"v`qd+heoqnakdlrodqrhrs Bnms`bs9vvv-o`rrl`q"
->"j-bnlenqrtoonqs Rs`qstoDqqnqmtladq"
| ↑ 上面这些怪码是不是就是提示过期的信息,难怪
我查找不到。
:0040E2A7 68E8AF4200 push 0042AFE8



2025-11-19 13:35:02
广告
不感兴趣
开通SVIP免广告
:0040E2AC E85FFFFFFF call 0040E210
* Possible StringData Ref from Data Obj ->"Dqqnq"
|
:0040E2B1 68ACB14200 push 0042B1AC
:0040E2B6 8BF0 mov esi, eax
:0040E2B8 E853FFFFFF call 0040E210
:0040E2BD 8BD8 mov ebx, eax
:0040E2BF 8BFE mov edi, esi
:0040E2C1 83C9FF or ecx, FFFFFFFF
:0040E2C4 33C0 xor eax, eax
:0040E2C6 F2 repnz
:0040E2C7 AE scasb
:0040E2C8 F7D1 not ecx
:0040E2CA 83C113 add ecx, 00000013
:0040E2CD 51 push ecx
:0040E2CE E81B6E0000 call 004150EE
:0040E2D3 83C40C add esp, 0000000C
:0040E2D6 8BF8 mov edi, eax
:0040E2D8 6A30 push 00000030
* Reference To: USER32.MessageBeep, Ord:01BDh
|
:0040E2DA FF15F8324200 Call dword ptr [004232F8]
:0040E2E0 8B0DF41F4400 mov ecx, dword ptr [00441FF4]
:0040E2E6 51 push ecx
:0040E2E7 56 push esi
:0040E2E8 684CB34200 push 0042B34C
:0040E2ED 57 push edi
:0040E2EE E84D6B0000 call 00414E40
:0040E2F3 8B15C41A4400 mov edx, dword ptr [00441AC4]
:0040E2F9 83C410 add esp, 00000010
:0040E2FC 6A10 push 00000010
:0040E2FE 53 push ebx
:0040E2FF 57 push edi
:0040E300 52 push edx
* Reference To: USER32.MessageBoxA, Ord:01BEh
|
:0040E301 FF1584324200 Call dword ptr [00423284]
:0040E307 56 push esi
:0040E308 E8F86C0000 call 00415005
:0040E30D 53 push ebx
:0040E30E E8F26C0000 call 00415005
:0040E313 57 push edi
:0040E314 E8EC6C0000 call 00415005
:0040E319 83C40C add esp, 0000000C
:0040E31C 5F pop edi
:0040E31D 5E pop esi
:0040E31E 5B pop ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040E272(C)
|
:0040E31F 33C0 xor eax, eax
:0040E321 C3 ret
用 UltraEdit 查找 :0040E264 处的代码:
查找 E8 C7 00 00 00 83 F8 01 75 01
改为 90 90 90 90 90 90 90 90 90 90
fishs
http://fishs.126.com 标 题:温柔一点,好吗?——暴破pt的另一种方法 (2千字)
发信人:kingtall
时 间:2001-4-26 13:33:02
详细信息:
温柔一点,好吗?——暴破pt的另一种方法
作者:kingtall
目标:Performance Test v3.4 build 1000,以下简称pt。
工具:w32dasm8.93,trw1.22



恩 来看一下。。!


扫二维码下载贴吧客户端

下载贴吧APP
看高清直播、视频!
  • 3回复贴,共1
分享到: