|
|
瑞星15.45.01 oem免A盘破解过程
信息来源:THYSEA
■破解软件: 瑞星15.25.01 oem(setup.exe安装文件)
■破解时间:2003-03-12
■破解工具:w32dasm8.9反汇编工具、hiew 资源修改工具!TRW调试工具!
■破解作者:绝密档案
■源文下载:自己想办法!(提示:到他的主页->注册->选择OEM->得到ID号,即可下载)
■破解分析:
经分析,在安装SETUP.EXE 时,在没有密钥盘时,会出现:
“请插入瑞星A号盘,如果提示乃出现请与经销商联系”的出错信息!
由此:
■破解过程:
一、破解安装密钥盘的提示。
在出现出错信息时,不要按确定,先运行trw 按CTRL+N 进入trw
再:pmodule ->F5 返回程序,按“确定”被 trw拦截! 按F10来到这里:
* Possible Reference to String Resource ID=00002: "Installation has not finished, exit now?"
|
:0041ABA9 BB02000000 mov ebx, 00000002
:0041ABAE 85C0 test eax, eax
:0041ABB0 0F850F010000 jne 0041ACC5 //一定要走,不出现提示窗口
:0041ABB6 8B8704010000 mov eax, dword ptr [edi+00000104]
:0041ABBC 85C0 test eax, eax
:0041ABBE 0F8501010000 jne 0041ACC5 //一定要走,不出现提示窗口
:0041ABC4 85ED test ebp, ebp
:0041ABC6 0F84F9000000 je 0041ACC5 //一定要走,不出现提示窗口
:0041ABCC 8B461C mov eax, dword ptr [esi+1C]
:0041ABCF 8BCF mov ecx, edi
:0041ABD1 50 push eax
:0041ABD2 E8B9E5FFFF call 00419190
:0041ABD7 85C0 test eax, eax
:0041ABD9 0F85E6000000 jne 0041ACC5 //一定要走,不出现提示窗口
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041ACBF(C)
|
......
* Possible Reference to String Resource ID=00009: "Your current installed version will be upgraded to network v"
|
:0041AC48 6A09 push 00000009
:0041AC4A 51 push ecx
:0041AC4B E850A5FFFF call 004151A0
:0041AC50 83C40C add esp, 0000000C
:0041AC53 50 push eax
:0041AC54 8D4C2420 lea ecx, dword ptr [esp+20]
:0041AC58 C68424440B000004 mov byte ptr [esp+00000B44], 04
:0041AC60 E871B70100 call 004363D6
:0041AC65 8D4C2418 lea ecx, dword ptr [esp+18]
:0041AC69 889C24400B0000 mov byte ptr [esp+00000B40], bl
:0041AC70 E828B60100 call 0043629D
:0041AC75 8B54241C mov edx, dword ptr [esp+1C]
:0041AC79 8B442410 mov eax, dword ptr [esp+10]
:0041AC7D 6A31 push 00000031
:0041AC7F 52 push edx
:0041AC80 50 push eax
:0041AC81 8BCE mov ecx, esi
:0041AC83 E8079B0100 call 0043478F
:0041AC88 3BC3 cmp eax, ebx
:0041AC8A 0F8491040000 je 0041B121
:0041AC90 8D4C241C lea ecx, dword ptr [esp+1C]
:0041AC94 C68424400B000001 mov byte ptr [esp+00000B40], 01
:0041AC9C E8FCB50100 call 0043629D
:0041ACA1 8D4C2410 lea ecx, dword ptr [esp+10]
:0041ACA5 C68424400B000000 mov byte ptr [esp+00000B40], 00
:0041ACAD E8EBB50100 call 0043629D
:0041ACB2 8B4E1C mov ecx, dword ptr [esi+1C]
:0041ACB5 51 push ecx
:0041ACB6 8BCF mov ecx, edi
:0041ACB8 E8D3E4FFFF call 00419190 ////读密钥盘xxxxxxx
:0041ACBD 85C0 test eax, eax
:0041ACBF 0F841AFFFFFF je 0041ABDF ////往上走的,不要让它走,否则还是在读密钥盘!
/////把 0F841AFFFFFF 改为0F851AFFFFFF
////安装时出现“请插入瑞星A号盘,如果提示乃出现请与经销商联系”的出错信息!
//// 请再一次按“确定”即可!
二、破解安装注册码的提示。
////注意:如果此时你可以不要密钥盘,但下一步会出现:“请输入序列号的提示”
////我没有“序列号” 怎么办?于,再往下跟踪:
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0041ABB0(C), :0041ABBE(C), :0041ABC6(C), :0041ABD9(C) //对应前面的“一定要走”,这样就不会出现提示插入密钥盘的提示窗口
|
:0041ACC5 6A00 push 00000000
:0041ACC7 56 push esi
* Possible Reference to Dialog: DialogID_0066
|
* Possible Reference to String Resource ID=00102: "Rising AntiVirus Software"
|
:0041ACC8 6A66 push 00000066
:0041ACCA 8D4C242C lea ecx, dword ptr [esp+2C]
:0041ACCE E8BD71FFFF call 00411E90
:0041ACD3 8D8C248C010000 lea ecx, dword ptr [esp+0000018C]
:0041ACDA C68424400B000005 mov byte ptr [esp+00000B40], 05
:0041ACE2 E8192EFFFF call 0040DB00
:0041ACE7 8D8C2418020000 lea ecx, dword ptr [esp+00000218]
:0041ACEE C68424400B000006 mov byte ptr [esp+00000B40], 06
:0041ACF6 E8C530FFFF call 0040DDC0
:0041ACFB 8D8C2420040000 lea ecx, dword ptr [esp+00000420]
:0041AD02 C68424400B000007 mov byte ptr [esp+00000B40], 07
:0041AD0A E87138FFFF call 0040E580
:0041AD0F 8D8C24C4060000 lea ecx, dword ptr [esp+000006C4]
:0041AD16 C68424400B000008 mov byte ptr [esp+00000B40], 08
:0041AD1E E84D3EFFFF call 0040EB70
:0041AD23 8D8C2464090000 lea ecx, dword ptr [esp+00000964]
:0041AD2A C68424400B000009 mov byte ptr [esp+00000B40], 09
:0041AD32 E8A942FFFF call 0040EFE0
:0041AD37 8D8C24CC070000 lea ecx, dword ptr [esp+000007CC]
:0041AD3E C68424400B00000A mov byte ptr [esp+00000B40], 0A
:0041AD46 E86569FFFF call 004116B0
:0041AD4B 8D8C2458030000 lea ecx, dword ptr [esp+00000358]
:0041AD52 C68424400B00000B mov byte ptr [esp+00000B40], 0B
:0041AD5A E8F16CFFFF call 00411A50
:0041AD5F 8D8C24F0050000 lea ecx, dword ptr [esp+000005F0]
:0041AD66 C68424400B00000C mov byte ptr [esp+00000B40], 0C
:0041AD6E E89D54FFFF call 00410210
:0041AD73 8D8C24AC020000 lea ecx, dword ptr [esp+000002AC]
:0041AD7A C68424400B00000D mov byte ptr [esp+00000B40], 0D
:0041AD82 E8097DFEFF call 00402A90
:0041AD87 8D84248C010000 lea eax, dword ptr [esp+0000018C]
:0041AD8E 8D4C2420 lea ecx, dword ptr [esp+20]
:0041AD92 50 push eax
:0041AD93 C68424440B00000E mov byte ptr [esp+00000B44], 0E
:0041AD9B E8ED050200 call 0043B38D
:0041ADA0 8D8C2418020000 lea ecx, dword ptr [esp+00000218]
:0041ADA7 51 push ecx
:0041ADA8 8D4C2424 lea ecx, dword ptr [esp+24]
:0041ADAC E8DC050200 call 0043B38D
:0041ADB1 83BFA806000022 cmp dword ptr [edi+000006A8], 00000022
:0041ADB8 7411 je 0041ADCB //// 安装程序的主界面OK!成功!
//// 安装程序的主界面OK!成功!把 7411 改为 EB11 ok!
:0041ADBA 8D9424AC020000 lea edx, dword ptr [esp+000002AC]
:0041ADC1 8D4C2420 lea ecx, dword ptr [esp+20]
:0041ADC5 52 push edx
:0041ADC6 E8C2050200 call 0043B38D |
|
IP卡
狗仔卡
发表于 2009-11-23 01:26:08
收藏
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡