Hancom word cracking

Haha. A document written when I was working. I suddenly saw it on the Internet. Go to my blog.

I thought it was cool at that time.

========================================================== ======================================

I have been using Linux for some time, but I haven't found a software that can properly open and edit the word97 document.
I was annoyed. Later I found that a Korean software company made a hancom word and claimed to be able to open the DOC file.
I rushed to the blue dot (I used bp1.0) and got a website. As a result, I was prompted that the software had passed.
During the two-month trial period, I pressed OK and went out directly. I was so angry! Change the time back to two months ago, hey, yes
I used it to correctly display simple things such as TXT files. I tried to open a DOC file, but this is not normal.
The first word processing software that can input Chinese characters and display them correctly at the Blue Point.
It's not very comfortable, but it can be sold on the market, but think about it. Linux is more expensive (more expensive than the blue dot I bought)
It's still abroad (think about Jinshan, alas...). I just want to find a way to break it!
I used to talk about cracking software. How can I achieve that profound skill? But I have learned a little bit before.
Programming, C is also familiar with, and added an article to crack MTV, began to start.
When I was in college, I saw a classmate use SoftICE to crack acdsee2.3.
He broke it again, and it was useless. In fact, the principle is not complicated, that is, to imagine the running process of the software,
Use a tool for tracking and verification, find the key code, and replace it with your own code (this is for my example,
It's not a registration machine!
1. Cracking environment: Blue Point linux1.0, vim5.5, gdb4.17, objdump, kde1.2, konsole.
Win98, ultraedit8.0 (the Linux hex editor is not found ).
2. steps:
(1) Run
CD/usr/hwpx/shlib
GDB hwpw // hwpw is the cracking object
(2) it is estimated that the time has been checked after the program starts. If so, it is possible
It is a function that does this, so first check whether there are any suspicious functions:
Info Functions
(3) Wow! A lot! One by one, we found getlocaltime, destroywindow,
Printmsg: the three functions that I think are faulty. Remember that the address before the function name must not be
Wrong!
B getlocaltime
B destroywindow
B printmsg
Run
(4) The program stops at a getlocaltime () call. Check the stack:
BT
If you don't see any name, continue:
C
I stopped at a destroywindow () call and looked at the stack again:
BT
We can see a hnccloselogo () call, which apparently closes the startup screen window.
It seems that the general direction is correct. It hasn't been found yet. Then proceed:
C
Hey, I stopped at getlocaltime () and checked the stack:
BT
What did you see? Checkduetime (). This function is called.
Saveftpprogessproc (), and this save... calls getloaltime ().
Look up the dictionary and see what due means. You can understand it. It should be a major breakthrough. Write down it now,
Continue running:
C
(5) After a few times, the annoying Expiration Prompt window is displayed. Well, I haven't found any more? That
It can be concluded that the time check is performed before the window appears, and the second stop is performed.
Getlocaltime () is performed when the function is called. At this time, the caller is skeptical at the beginning.
Checkduetime () function. That's it!
(6) Exit GDB first
Quit (y)
Come in again,
B checkduetime
Run
Stop at checkduetime () and see what it does:
Disass
At this point, I looked at the weird symbols (long-time violations), a little dazzled, and directly returned to see first:
Q (return)
Return (y)
C
Quit
(7) haha! Now, there is no annoying time limit, and we can conclude that the checkduetime function is true.
Nothing else, except compare time. I know, as long as checkduetime does not do anything.
Let's clear its function body. Just retained the code that goes into the stack and goes out of the stack. Of course, you can also put the upper-layer Letter of it.
But I think it is better to use checkduetime itself.
Dangerous.
(8) Next I will briefly explain how to modify the executable code.
First, get the disassembly result of checkduetime:
Objdump-D hwpw> hwpw. ASM
Vim hwpw. ASM
This is a 36 M file. Wait.
Search for the string "81e3c0f" in Vim. This is the checkduetime address.
Have you found it? Good! Copy the code of this function to a smaller value. Remember, from E8 to 76 00.
That's all. Copy the code disk to check. ASM and copy hwpw and check. ASM to Windows.
In the file system, restart. (Note: If you have any hex editor in Linux, you don't have to worry about it.
Annoying .)
CP check. ASM hwpw/mnt/D/temp
Shutdown-R now
(9) Enter Win98, start uedit, and call hwpw and check. ASM. Find the machine in check. ASM in hwpw.
Device code. When searching, the longer the input mode string, the better. This will not make a mistake. Have you found it? Good!
Now change all of them to 90 (NOP), from E8 to 76 00. Save the disk and exit win98.
(10) return to Linux and change the modified file mV to/usr/hwpx/shlib/. Remember to back up the original hwpw first.
Input./hwpw. How is it? Succeeded? If not, recover the backup and start again.
Always true!
Hu ---- I have never written such an article and read many articles. After studying Computer for so long, I really think that in this industry only
It's okay if you're willing to do it.
Declare that the copyright of the article is owned by softworm.
If you have taken a picture of the problem, please do not take responsibility for it. I am very busy, and I will not take responsibility for it either.
However, I ensure that the content in this article is completely true. The command should be info GDB.
You can also refer to the practices of cracking on Linux in the i007 (A Jian) of shuimu Tsinghua University, which is very good!
OK, be happy!
Please mail to zhangew@263.net if you have any questions
Reprinted. Please keep this statement. Thank you!