完美PDF转换成Word转换器破解教程
为了奖品 我也来浑水摸鱼{:5_121:}新人来学习. 不废话,载入OD ,看流程。事先说明该软件是重启验证.VB 无壳00422455 /0F85 24010000 jnz 完美PDF?0042257F ;关键跳NOP爆破即可
0042245B |8B15 24604200 mov edx,dword ptr ds:
00422461 |52 push edx
00422462 |68 E8D04100 push 完美PDF?0041D0E8
00422467 |FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaStrCa>; msvbvm60.__vbaStrCat
0042246D |8BD0 mov edx,eax
0042246F |8D4D E4 lea ecx,dword ptr ss:
00422472 |FFD7 call edi
00422474 |50 push eax
00422475 |A1 28604200 mov eax,dword ptr ds:
0042247A |50 push eax
0042247B |FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaStrCa>; msvbvm60.__vbaStrCat
00422481 |8BD0 mov edx,eax
00422483 |8D4D E0 lea ecx,dword ptr ss:
00422486 |FFD7 call edi
00422488 |50 push eax
00422489 |56 push esi
0042248A |FF53 54 call dword ptr ds:
0042248D |85C0 test eax,eax
0042248F |DBE2 fclex
00422491 |7D 0F jge short 完美PDF?004224A2
00422493 |6A 54 push 0x54
00422495 |68 ECBF4100 push 完美PDF?0041BFEC
0042249A |56 push esi
0042249B |50 push eax
0042249C |FF15 40104000 call dword ptr ds:[<&MSVBVM60.__vbaHresu>; msvbvm60.__vbaHresultCheckObj
004224A2 |8D4D E0 lea ecx,dword ptr ss:
004224A5 |8D55 E4 lea edx,dword ptr ss:
004224A8 |51 push ecx
004224A9 |52 push edx
004224AA |6A 02 push 0x2
004224AC |FF15 1C114000 call dword ptr ds:[<&MSVBVM60.__vbaFreeS>; msvbvm60.__vbaFreeStrList
004224B2 |8B06 mov eax,dword ptr ds:
004224B4 |83C4 0C add esp,0xC
004224B7 |56 push esi
004224B8 |FF90 38030000 call dword ptr ds:
004224BE |8B1D 54104000 mov ebx,dword ptr ds:[<&MSVBVM60.__vbaOb>; msvbvm60.__vbaObjSet
004224C4 |8D4D D4 lea ecx,dword ptr ss:
004224C7 |50 push eax
004224C8 |51 push ecx
004224C9 |FFD3 call ebx
004224CB |8BF8 mov edi,eax
004224CD |6A 00 push 0x0
004224CF |57 push edi
004224D0 |8B17 mov edx,dword ptr ds:
004224D2 |FF92 9C000000 call dword ptr ds:
004224D8 |85C0 test eax,eax
004224DA |DBE2 fclex
004224DC |7D 12 jge short 完美PDF?004224F0
004224DE |68 9C000000 push 0x9C
004224E3 |68 ECD04100 push 完美PDF?0041D0EC
004224E8 |57 push edi
004224E9 |50 push eax
004224EA |FF15 40104000 call dword ptr ds:[<&MSVBVM60.__vbaHresu>; msvbvm60.__vbaHresultCheckObj
004224F0 |8B3D 84114000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaFr>; msvbvm60.__vbaFreeObj
004224F6 |8D4D D4 lea ecx,dword ptr ss:
004224F9 |FFD7 call edi
004224FB |8B06 mov eax,dword ptr ds:
004224FD |56 push esi
004224FE |FF90 0C030000 call dword ptr ds:
00422504 |8D4D D4 lea ecx,dword ptr ss:
00422507 |50 push eax
00422508 |51 push ecx
00422509 |FFD3 call ebx
0042250B |8B10 mov edx,dword ptr ds:
0042250D |6A 00 push 0x0
0042250F |50 push eax
00422510 |8945 B0 mov dword ptr ss:,eax
00422513 |FF92 94000000 call dword ptr ds:
00422519 |85C0 test eax,eax
0042251B |DBE2 fclex
0042251D |7D 15 jge short 完美PDF?00422534
0042251F |8B4D B0 mov ecx,dword ptr ss:
00422522 |68 94000000 push 0x94
00422527 |68 04C54100 push 完美PDF?0041C504
0042252C |51 push ecx
0042252D |50 push eax
0042252E |FF15 40104000 call dword ptr ds:[<&MSVBVM60.__vbaHresu>; msvbvm60.__vbaHresultCheckObj
00422534 |8D4D D4 lea ecx,dword ptr ss:
00422537 |FFD7 call edi
00422539 |8B16 mov edx,dword ptr ds:
0042253B |56 push esi
0042253C |FF92 08030000 call dword ptr ds:
00422542 |50 push eax
00422543 |8D45 D4 lea eax,dword ptr ss:
00422546 |50 push eax
00422547 |FFD3 call ebx
00422549 |8B08 mov ecx,dword ptr ds:
0042254B |6A 00 push 0x0
0042254D |50 push eax
0042254E |8945 B0 mov dword ptr ss:,eax
00422551 |FF91 94000000 call dword ptr ds:
00422557 |85C0 test eax,eax
00422559 |DBE2 fclex
0042255B |7D 15 jge short 完美PDF?00422572
0042255D |8B55 B0 mov edx,dword ptr ss:
00422560 |68 94000000 push 0x94
00422565 |68 04C54100 push 完美PDF?0041C504
0042256A |52 push edx
0042256B |50 push eax
0042256C |FF15 40104000 call dword ptr ds:[<&MSVBVM60.__vbaHresu>; msvbvm60.__vbaHresultCheckObj
00422572 |8D4D D4 lea ecx,dword ptr ss:
00422575 |FFD7 call edi
00422577 |8B3D 5C114000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaSt>; msvbvm60.__vbaStrMove
0042257D |EB 77 jmp short 完美PDF?004225F6
0042257F \A1 24604200 mov eax,dword ptr ds:
00422584 50 push eax
00422585 68 E8D04100 push 完美PDF?0041D0E8
0042258A FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaStrCa>; msvbvm60.__vbaStrCat
00422590 8BD0 mov edx,eax
00422592 8D4D E4 lea ecx,dword ptr ss:
00422595 FFD7 call edi
00422597 8B0D 28604200 mov ecx,dword ptr ds:
0042259D 50 push eax
0042259E 51 push ecx
0042259F FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaStrCa>; msvbvm60.__vbaStrCat
004225A5 8BD0 mov edx,eax
004225A7 8D4D E0 lea ecx,dword ptr ss:
004225AA FFD7 call edi
004225AC 50 push eax
004225AD 68 00D14100 push 完美PDF?0041D100 ; (未注册用户)
004225B2 FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaStrCa>; msvbvm60.__vbaStrCat
004225B8 8BD0 mov edx,eax
004225BA 8D4D DC lea ecx,dword ptr ss:
把上面的大跳转 NOP掉之后 就可以 实现爆破 , 未注册只能转三页,经测试这样爆破是有功能的,附上 测试图
为了尊重作者,就不上成品了{:5_121:}
简单明了,但是太简单了,估计新手看不懂。。 Shark恒 发表于 2016-1-8 19:03
简单明了,但是太简单了,估计新手看不懂。。
{:5_121:}先混个鼠标垫回去装B {:5_116:} 适合刚刚入门的人,练手,非常感谢! 不明觉厉,以后好好看,现在没时间 支持一下!!!!!!!! 软件不错,楼主教程也不错