需要破解的程序界面如下:
需要破解的程序的主要代碼如下:
TCHAR szID[MAXBYTE] = { TCHAR szPassword[MAXBYTE] = { TCHAR szTempPassword[MAXBYTE] = {
(lstrlen(szID) ==
(lstrlen(szPassword) ==
(lstrlen(szID) <
( i = ; i < lstrlen(szID); i++ (szID[i] == _T() || szID[i] == _T() || szID[i] == _T( szTempPassword[i] =
szTempPassword[i] = szID[i] +
(lstrcmp(szTempPassword, szPassword) == AfxMessageBox(_T(
AfxMessageBox(_T(
}
需要破解的程序的下載地址:
http://pan.baidu.com/s/1jG2ZV06
一、文件補丁
用OD打開上面的程序,下斷點:bp lstrcmpW,運行到斷點處後跳出該程序,會看到判斷的地方JNZ(代碼為75h),把它修改為JZ(代碼為74h)即可,該行對應的地址為內存中的虛擬地址VA,轉換成FileOffset後修改75h為74h即可。
文件補丁的具體代碼如下:
#include <Windows.h>
#include <iostream>
main( argc, ** DWORD dwFileOffset =
dwFileOffset =
dwFileOffset =
BYTE bCode = DWORD dwReadNum =
(argc != cout << << -
DWORD dwErr =
HANDLE hFile = CreateFile(argv[], GENERIC_WRITE | GENERIC_READ, FILE_SHARE_WRITE | (INVALID_HANDLE_VALUE == dwErr = cout << __LINE__ << << dwErr << << -
(INVALID_SET_FILE_POINTER == dwErr = cout << __LINE__ << << dwErr << << -
( == ReadFile(hFile, (LPVOID)&bCode, (BYTE), & dwErr = cout << __LINE__ << << dwErr << << -
(TEXT() != cout << bCode << -
bCode = TEXT( (INVALID_SET_FILE_POINTER == SetFilePointer(hFile, dwFileOffset, dwErr = cout << __LINE__ << << dwErr << << -
( == WriteFile(hFile, (LPVOID)&bCode, (BYTE), & dwErr = cout << __LINE__ << << dwErr << << -
cout << <<
WinExec(argv[
}
這裡把上面需要破解的程序拖到文件補丁上打開即可破解。
二、內存補丁
具體方法同上面的文件補丁,只是不需要做VA到FileOffset的轉換。
具體代碼如下:
#include <Windows.h>
#include <iostream>
main( argc, ** DWORD dwVAddress = dwVAddress =
dwVAddress =
BYTE bCode = DWORD dwReadNum = DWORD dwErr =
(argc != cout << << -
STARTUPINFO si = { si.cb = si.wShowWindow = si.dwFlags =
PROCESS_INFORMATION pi = {
BOOL bRet = CreateProcess(argv[], NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, & (FALSE == dwErr = cout << __LINE__ << << dwErr << << -
ReadProcessMemory(pi.hProcess, (LPVOID)dwVAddress, (LPVOID)&bCode, (BYTE), &
(TEXT() != dwErr = cout << bCode << -
bCode = TEXT( WriteProcessMemory(pi.hProcess, (LPVOID)dwVAddress, (LPVOID)&bCode, (BYTE), &
cout << <<
}
