非常强悍的压缩、解压缩工具破解
Ctrl+N进入Trw2000
下指令bpx createwindowex //下中断点
按X键回到桌面运行程序,这时会被Trw2000拦截到。
下指令bc * //清除断点
下指令pmodule //直接跳到程序的领空
按F10来到下面,
…………………….
015F:00504760 MOV EDX,[ESP+28]
015F:00504764 CMP [EDX-08],EBX
015F:00504767 JNZ 00504776
015F:00504769 MOV ECX,[ESI+20]
015F:0050476C PUSH DWORD 0052133C
015F:00504771 CALL `MFC42!ord_00001837`
015F:00504776 PUSH EBX
015F:00504777 PUSH DWORD 00521330
015F:0050477C PUSH DWORD 00521290
015F:00504781 MOV ECX,ESI
015F:00504783 CALL `MFC42!ord_00000DC1`
015F:00504788 TEST EAX,EAX
015F:0050478A JZ 00504790
015F:0050478C PUSH BYTE +03
015F:0050478E JMP SHORT 00504792
015F:00504790 PUSH BYTE +05
015F:00504792 MOV ECX,[ESI+20]
015F:00504795 CALL `MFC42!ord_00001847`
015F:0050479A MOV EAX,[ESI+20]
015F:0050479D MOV EAX,[EAX+20]
015F:005047A0 PUSH EAX
015F:005047A1 CALL `USER32!UpdateWindow`
015F:005047A7 MOV ECX,[ESI+20]
015F:005047AA PUSH BYTE +01
015F:005047AC CALL `MFC42!ord_000009FE`
015F:005047B1 MOV ECX,[005218D8]
015F:005047B7 CMP BYTE [ECX+E9],44
015F:005047BE JZ NEAR 00504871 //这里可以跳过下面的CALL,我改。
015F:005047C4 CALL `DTUTIL!?DT_GetEvalDay@@YGIXZ`
015F:005047CA CMP EAX,BYTE +0A
015F:005047CD JNA NEAR 00504871
015F:005047D3 LEA ECX,[ESP+3C]
015F:005047D7 CALL `MFC42!ord_000009D2` //时间过期对话框
当走到这里时就会弹出试用过期的对话框。
看看那里可以跳过这里。
上面005047BE JZ NEAR 00504871 好像可以跳过它耶!!!!
重新下断点bpx 005047B7
按X键回到桌面运行程序,这时被Trw2000拦截到。
当光标走到005047BE JZ NEAR 00504871
打入命令 CODE ON 记下指令码
下指令A 写入汇编代码
将015F:005047BE JZ NEAR 00504871
改015F:005047BE JNZ NEAR 00504871
好耶!又可以进入程序了,成功了。
015F:005047DC CMP EAX,BYTE +0A
015F:005047DF JZ NEAR 00504871
015F:005047E5 LEA ECX,[ESP+14]
015F:005047E9 MOV [ESP+0310],BL
015F:005047F0 CALL `MFC42!ord_00000269`
015F:005047F5 LEA ECX,[ESP+02FC]
………………………
整里一下,用Ultraedt打开PowerZip.exe
找到OF 84 AD 00 00 00
改成0F 85 AD 00 00 00
重新运行程序试一试。
