* Possible StringData Ref from Code Obj ->"���"
|
:004BC5EE BA2CC64B00 mov edx, 004BC62C
:004BC5F3 E89C79F4FF call 00403F94
:004BC5F8 0F95C0 setne al<------置标志 #####
:004BC5FB 8BD8 mov ebx, eax
:004BC5FD 33C0 xor eax, eax
:004BC5FF 5A pop edx
:004BC600 59 pop ecx
:004BC601 59 pop ecx
:004BC602 648910 mov dword ptr fs:[eax], edx
:004BC605 681AC64B00 push 004BC61A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004BC618(U)
|
:004BC60A 8D45FC lea eax, dword ptr [ebp-04]
:004BC60D E8F675F4FF call 00403C08
:004BC612 C3 ret
置标志的地方,打补丁mov al,0 后继续走来到:
:0050CA82 A354C25300 mov dword ptr [0053C254], eax
:0050CA87 8B45FC mov eax, dword ptr [ebp-04]
:0050CA8A E845810200 call 00534BD4----------->进入
:0050CA8F 84C0 test al, al<--------------------标志测试
:0050CA91 7443 je 0050CAD6
:0050CA93 C605A0A0530000 mov byte ptr [0053A0A0], 00<----注意这里
:0050CA9A 33C0 xor eax, eax
...
call 00534BD4--------->进入后来到
:00534C5D 8B55F4 mov edx, dword ptr [ebp-0C]
:00534C60 8B45F8 mov eax, dword ptr [ebp-08]
:00534C63 E8F0CEF2FF call 00461B58
:00534C68 84C0 test al, al<------标志测试 #####
:00534C6A 7504 jne 00534C70<-----不要在这跳啊!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00534C4A(C)
|
:00534C6C 33C0 xor eax, eax
:00534C6E EB02 jmp 00534C72
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00534C6A(C)
|
:00534C70 B001 mov al, 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
......
在00534C68打补丁: xor al,al
之后, BD* 暂停所有断点,F5。。。哇,注册成功!
6)把key中的名字换成自己的又如何呢??(^_^毕竟我想注册给自己啊)
好, 删除原来的key文件,运行flashfxp.exe,注册的nag窗口出来了!填入build 819的key,
并改成自己的名字。填完后,OK,程序退出。用TRW重新载入flashfxp.exe,下bpm 53A0A0 W,
F5后来到:
:0050C550 E8A3CAEFFF call 00408FF8
:0050C555 A388C25300 mov dword ptr [0053C288], eax
:0050C55A A128C05300 mov eax, dword ptr [0053C028]
:0050C55F E82079EFFF call 00403E84
:0050C564 83F811 cmp eax, 00000011 <-----------------在此eax=0 ###
:0050C567 0F9405A0A05300 sete byte ptr [0053A0A0]<-----------注册标志
:0050C56E 803DA0A0530000 cmp byte ptr [0053A0A0], 00<---------光标
:0050C575 0F849A020000 je 0050C815
:0050C57B A188C25300 mov eax, dword ptr [0053C288]
:0050C580 3DCE7F210B cmp eax, 0B217FCE
:0050C585 0F8F53010000 jg 0050C6DE
:0050C58B 0F8441020000 je 0050C7D2
:0050C591 3D125EF9C9 cmp eax, C9F95E12
:0050C596 0F8FA4000000 jg 0050C640
:0050C59C 0F8430020000 je 0050C7D2
:0050C5A2 3DAB90A0A2 cmp eax, A2A090AB
:0050C5A7 7F54 jg 0050C5FD
:0050C5A9 0F8423020000 je 0050C7D2
........后边判断很长呵......
反正得叫[0053A0A0]=1,聪明的你知道哪里打补丁了吧。我是在50C564处改:xor eax,eax
然后BD*, F5,哈哈,提示注册的nag窗口没有了,那个-Evaluation Copy的字样也没有了,点击Help->About,
竟然注册给你了!不要高兴的太早了,看看右下角的出错窗口有
---
DEBUG VERSION
An internal error has occurred.
Access violation at address 0051293D in module 'FLASHFXP823.EXE'. Read of address FFFFFFFF
---
然后,你点击各个菜单项,再上网试试它的各项功能,注意它的出错窗口--还真有不少错误!一边试,一边把
出错的地址记录下来。(还真是debug,一点没有错。)打开w32dasm,查找出错的地址,找到它上面的跳转语句,
将其改为Jmp。直到Error/Transfer Window 没有错误为止。大概有十来条跳转该改啊。
另外,该程序运行出错的话,会log到它所在目录下的errorlog.txt,和debug.log中,根据它们调试就可以了,
就看你的耐心了。反复调试,直到满意为止。
7)结束了吗? No,还有一项不要忘记测试,就是过期问题。将时间向后调2年,再运行程序。注册窗口又来了!!
好,再下断点bpm 53A0A0 W:
会来到:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005035AD(C)
|
:005035C6 8B45E8 mov eax, dword ptr [ebp-18]
:005035C9 A394C05300 mov dword ptr [0053C094], eax
:005035CE 837DE820 cmp dword ptr [ebp-18], 00000020<--------使用天数比较
:005035D2 7C2E jl 00503602<---------------------------没有过期就转走!
:005035D4 A128C05300 mov eax, dword ptr [0053C028]
:005035D9 E8A608F0FF call 00403E84
:005035DE 83F811 cmp eax, 00000011
哈哈,知道怎么打补丁了吧!好,收工!!!
8)小结:搞完这个冬冬后,头昏脑胀的。盼望大客们拿出更聪明的办法,小弟也学学。
|
|