The obstacle to getting rid of the PC security Tiger

Text/graphic birds

Many friends think that decryption is mysterious and that it is difficult to crack the software. In fact, as long as there is a certain compilation Foundation, coupled with correct analysis methods and decryption techniques, we can all successfully crack the software! I am a cainiao. I have finally successfully cracked a software, PC security tiger, by reading books and learning from the knowledge of experts, coupled with hands-on practices. Next let's kick off the road "tiger "!

As the name suggests, PC security Tiger is a software used to protect our computers from infringement. That is to say, you can lock your computer so that the computer cannot implement certain functions. It is suitable for public applications and public computers. However, the software is shared software, and the unregistered version can only be used for 10 days. Only registered software can enjoy the convenience it brings without any restrictions. What should I do? Crack it! Version 1.001: http://www.sjlm.net/soft2/pctiger.zip.

Let's talk about the software we will use first. Today we are using SoftICE (1 ).

 

 

Figure 1

I believe you have heard of it. What? You have never heard of it? Well, let me briefly introduce it. SoftICE is currently recognized as the best tracing debugging tool. Using Soft-ICE, you can easily track software errors or monitor software errors for debugging, it has versions on DOS, Windows 3.1, Windows 95/98/NT/2000/platforms. SoftICE is a tool used to debug, track, and debug software. It becomes the most powerful cracking tool in the hands of Cracker. Similar software also has a TRW2000, which is developed by Chinese people. It does not need to be loaded during use (SofICE must be loaded with system startup in advance), but the stability of TRW2000 is not as good as SoftICE. SoftICE: http://www.newhua.com/down/si405w9x.zip.

SoftICE is so famous that many software products are protected against it. Therefore, patching SoftICE becomes an essential action. Frogsice is recommended here. Frogsice is the best SoftICE reinforcement software, which does not simply hide SoftICE, instead, you can use SoftICE to prevent SoftICE traps from various popular encryption and protection software. With it, you no longer have to worry that when loading a program to prepare for debugging, the program will tell you to discover the existence of SoftICE and terminate the operation, or simply restart your machine, and even trigger more cruel revenge measures. Frogsice: http://www.pediy.com/tools/debuggers/softice%20tools/frogsice/frogsice.zip.

After introducing the tools used, let's talk about software protection software. As we all know, the software authors have worked hard to protect the software they have worked hard on, and have come up with many ways to protect their software. If we can be aware of the software protection methods, we will be targeted at cracking. Generally, there are several common software protection methods:

1. Serial number method. This is the most common protection software protection method, that is, the program that requires us to enter the registration code, for example, the PC security Tiger we want to crack is such a software. This type of software is generally compared with the registration code (The following is a classic process ):

Mov eax [] can be an address or another register.

Mov edx [] can be an address or another register. These two addresses usually store important information.

Call 00 ?????? Registration Code comparison call

Test eax

Jz (jnz) skip if equal (not equal)

There are also such a registration code comparison process, also very classic:

Mov eax [] "[]" can be an address or another register

Mov edx [] Same as above

Cmp eax and edx compare whether eax and edx are equal

Jz (jnz) jumps if they are equal

This type of software cracking is difficult, difficult, and simple, because they use different algorithms.

2. Time limit. That is, if the software has a time limit, it cannot be used when it expires. For example, the famous scanner streamer 2001 is a model of this type of software, and it will not be available after expiration.

3. functional limitations. This type of software does not provide complete program functions. When you want to use a function, a dialog box will pop up asking you to register it. The PwlTool used to crack the PWL file is such a software. The Unregistered DEMO version can only break four passwords without entering the registration code,

4. NAG window. The pop-up window prompts you to register, which makes it difficult for you. For example, if the decryption software TRW2000123 is using an unregistered version, a prompt box will pop up continuously during use, which is annoying. Such software is generally relatively easy to crack.

5. Key file. As the name suggests, only Key files can be used with all functions, and there are many such software. WinHEX, a hexadecimal file editing software, is such a software, which is generally not easy to crack.

6. Advertisement window. This type of software constantly displays sponsor advertisements, and downloading software such as ant financial and express.

7. encrypt the disc. This type of software can only run on a CD, and cannot run after it is copied to a hard disk. For example, game software is such a software. Friends who like games must learn how to crack this type of software. Otherwise, they can only play the disc game.

8. watermark. If this type of software is not registered, it will add a watermark to the file you want to generate (for example, the image) to show the Demo version and other words in your graph. AutoGraphicsHTML is such a software.

9. Install the program. Many programs now use Install Shield to create their installation programs, and the registration code is required during installation. The registration process of this type of program is mainly controlled by Install Shield. Install Shield stores the information about the installation process in the compiled script file Setup. ins. Therefore, you only need to decompile the Setup. ins file to understand the entire installation process of Install Shield. Classic Network 3 is the installation program created using Install Shield.

10. dongle. It can be divided into software dogs and hardware dogs, which are very difficult to deal with. Common dongles include Israel's Hasp series, domestic Sense3, gemdale DJ, and MH software dogs.

There are many other protection methods. We will not introduce them here. If you are interested, please pay attention to our magazines or find relevant information online. The following describes the basic software cracking methods. In general, there are two basic methods (Static Analysis and Dynamic Tracing) to crack a software. Of course, the combination of the two is also essential. Static analysis mainly involves the use of tools such as W32DASM to disassemble the target program, and then find the key comparison points based on the prompts of the software to crack the program. Note: If the target software is shelled, it must be shelled first. The dynamic tracing method mainly uses SoftICE, TRW2000, and other software to track and debug the target program and cut it into the target software through the next breakpoint, find the key comparison and then crack the program. Dynamic Tracing can be used without shelling, but shelling is better. Specifically, the program PC security Tiger we want to crack today should be combined with Static Analysis and Dynamic Tracing (MOST Program cracking uses this method) to find the software registration code.

Now, the background knowledge has been introduced. Next, we will officially start to crack the PC security tiger. Run the PC security tiger and you can see the interface (2 ).

 

 

Figure 2

Click "user registration" (3) in the "System Menu ).

 

 

Figure 3

In the displayed window, enter false "User ID": 1, false "registration code": 135792468 (4 ).

 

 

 

Figure 4

Press Ctrl + D to call out SoftICE, enter the BPX hmemcpy "omnipotent" breakpoint, press F5 to return to the program, and click "Write Registration Information" to be interrupted.

The breakpoint and interruption here are probably not familiar to cainiao. The so-called breakpoint is the place where the program is interrupted. This word is no longer familiar to the scammers. So what is interruption? Interrupt is an important technology for CPU to handle external emergencies. It enables the CPU to process interrupt requests sent to external events in a timely manner during the running process. After the processing is completed, the breakpoint is immediately returned to continue the original work of the CPU.

For example, an interruption occurs due to a special event (an interruption event). The computer suspends the current task (that is, the Program) and executes another task (interrupt the service program ), then return to the original task to continue the execution. For example. When you are processing a file, the phone rings (interrupt request) and you have to mark the file (return address), pause the work, and answer the call (Interrupt ), and tell the other party to "do what they said for the first time" (call the interrupted service program), and then calm down (restore the status before the interruption), and then process the file ...... Scientists in the computer field have observed similar examples, borrowed these ideas, processing methods and names, and developed a series of interrupted service programs and Their scheduling systems.

The process of cracking is to input a breakpoint, and then the program will calculate the calculation result based on the entered registration code or user name, and compare the calculation result with the correct registration code. At this time, we will interrupt it, then we will find the correct registration code through the analysis program. Therefore, we need to set a breakpoint for the cracked program, and track the registration code of the program in the program when appropriate to achieve decryption.

BPX is used to break points at the command. It is case-insensitive in the BPX command. The Hmemcpy function is an internal function of Windows9x, which is located in Kernel32.