Teach you how to hack software

I want to hack the software: Web fill Terminator

Hack the required software (click to download):

Shell Language.exe

Shelling AspackDie.exe

Anti-compilation W32dasm Gold Chinese version

16 Binary editor Ultraedit.rar

Review the basics before you crack:

I. Level of cracking

0 Basic, change program, with ultraedit change EXE file, called brute force crack, short blasting

Intermediate, tracing the software's registration code

Advanced, Write Machine

Two. General steps to crack with W32dasm:

1. See the Software Manual, software register and not register in the functional differences, how to register

2. Execute this software, try to enter your name and random code to register, what error message, write down the error message

3. Detect if there is a shell (first lesson). If shell, shelling (lesson two)

4.pw32dasmgold Disassembly

5. String examinations find the error message or may be the correct message double-click the left mouse button

6.pw32dasmgold the main form to analyze the corresponding assembly, identify key jumps and key call

7. Green light Bar stops at key jump, at the bottom of Pw32dasmgold main form find the offset address of the key jump (actual change address)

8. Use UltraEdit to find the offset address (actual change address) change the machine code, save

Shell concept: Copyright information need to protect, do not want to let others casually modify, EXE can run file compression. The most common Packers software aspack, Upx,pecompact

Shelling: Get a software, detect its shell, and then we have to remove its shell and restore its true nature. If it does not add shell, it is easy to use no shelling. Shelling Software Unaspack,caspr,upx,unpecompact,procdump

Actual change of address (offset address) and line address (virtual address) Pw32dasmgold The disassembled code is made up of three columns

First column row address (virtual address)

Second column machine code (change with UltraEdit when finally changed)

Third Column assembly instructions

First column, second column, third column

: 0041be38 2b45f0 sub eax, DWORD ptr [EBP-10]

: 0041be3b 6a42 Push 00000042

: 0041be3d push EAX

: 0041be3e ff75f4 push [ebp-0c]

: 0041be41 ff75f0 push [ebp-10]

: 0041be44 ff35a8ab4400 push DWORD ptr [0044ABA8]

Different ways to change two different situations

1. Change to JMP

Je (jne,jz,jnz) =>jmp corresponds to the machine code EB (Error message up to find the first jump) the role of JMP is absolute jump, unconditional jump, thus skipping the following error message

2. Change to NOP

Je (jne,jz,jnz) =>nop corresponding machine code 90 (correct information to find the first jump) the role of NOP is to erase this jump, make this jump invalid. Loss of function, so that the program smoothly comes immediately following the correct information.

OK, here's the start of our hack tour.

。。。。

。。

。。

1, Shell: first open the Shell Language.exe, select Open----Find the Web form to crack Terminator: FormGhost.exe, click OK, 1. Language.exe shows that the shell of the software is: Aspack. 2.

2. Shelling: Double-click Shelling AspackDie.exe, a dialog box appears. Select Web Fill Terminator: FormGhost.exe, open. 3. appear in Figure 4 box, click OK to finish shelling. In the Web Forms Terminator: FormGhost.exe the same folder to generate a Unpacked.exe file, which is the FormGhost.exe after shelling.

3. Perform the unpacked.exe after shelling. Point to help----the brochure, Figure 9. The name of the register, the registration code casually Add. Figure 10. Click Register, Note: "Incorrect registration code" Figure 11. Okay, remember these 5 words. Shut it down.

4. Start disassembly: Open the anti-compilation W32dasm Gold Chinese version, select disassembly----Open the unpacked.exe after shelling, and start loading. 5.

Figure 6.

Back to Assembly 7. Click on the references above----string 8.

This dialog box appears in Block 12. Find the "Registration code Error", double-click it, assemble the main program came here: Figure 13.

(Note: The correct registration information is above the error message) Close the string reference box. Look at the main program: Figure 14. Find the first jump from the code error (key jump, except for other hops in JMP: JE,JNE,JZ,JNZ), come here Figure 15.

(It calls the key call.)

）。 Double-click the key jump to see the software is the following line: line:379267 Pg 7586 of 7626 Code [email protected] @Offset 00ACB4BH in File:unpacked.exe. @offset 00ACB4 BH is the offset address, remember 00ACB4B (the following H stands for 16 binary.) Do not care about him). Figure 16.

5. Start to change the software: Open the 16 editor Ultraedit.rar, (a bit slow) Figure 17. Open the Unpacked.exe after shelling, directly press CTRL+G, the dialog box appears, enter 0xacb4b (that is, offset address, not the previous 000) Figure 18. Click OK, come to Figure 19

The correct registration information above is above the error message. So here we change of85 to of84.

Figure 20.

(Assume that the correct registration information is under the error message.) Change this to EB). Move the cursor over 5 to enter the number 4 so that you don't move anywhere else.

Okay, just change the file in the upper left corner---Save as Unpacked222.exe

6, close so the software, perform the saved Unpacked222.exe. Point to help---the brochure. The name of the register, the registration code to add casually, point to confirm that the registration is complete. Figure 21. Back to the software interface to see, help. A register has turned gray, figure 22

7, break all finished

Teach you how to hack software