需要破解的程序界面如下:
需要破解的程序的主要代码如下:
1 void CEasyCrackMeDlg::OnBnClickedButtonOk() 2 { 3 // TODO: 在此添加控件通知处理程序代码 4 TCHAR szID[MAXBYTE] = {0}; 5 TCHAR szPassword[MAXBYTE] = {0}; 6 TCHAR szTempPassword[MAXBYTE] = {0}; 7 8 GetDlgItemText(IDC_EDIT_ID, szID, MAXBYTE); 9 GetDlgItemText(IDC_EDIT_PASSWORD, szPassword, MAXBYTE); 10 11 if (lstrlen(szID) == 0) 12 { 13 return; 14 } 15 16 if (lstrlen(szPassword) == 0) 17 { 18 return; 19 } 20 21 if (lstrlen(szID) < 7) 22 { 23 return; 24 } 25 26 for (int i = 0; i < lstrlen(szID); i++) 27 { 28 if (szID[i] == _T(‘Z‘) || szID[i] == _T(‘z‘) || szID[i] == _T(‘9‘)) 29 { 30 szTempPassword[i] = szID[i]; 31 } 32 else 33 { 34 szTempPassword[i] = szID[i] + 1; 35 } 36 } 37 38 if (lstrcmp(szTempPassword, szPassword) == 0) 39 { 40 AfxMessageBox(_T("密码正确")); 41 } 42 else 43 { 44 AfxMessageBox(_T("密码错误")); 45 } 46 } 47 48 void CEasyCrackMeDlg::OnBnClickedButtonCancel() 49 { 50 // TODO: 在此添加控件通知处理程序代码 51 OnCancel(); 52 }
需要破解的程序的下载地址:
http://pan.baidu.com/s/1jG2ZV06
一、文件补丁
用OD打开上面的程序,下断点:bp lstrcmpW,运行到断点处后跳出该程序,会看到判断的地方JNZ(代码为75h),把它修改为JZ(代码为74h)即可,该行对应的地址为内存中的虚拟地址VA,转换成FileOffset后修改75h为74h即可。
文件补丁的具体代码如下:
1 #include <Windows.h> 2 #include <iostream> 3 4 using namespace std; 5 6 int main(int argc, char **argv) 7 { 8 DWORD dwFileOffset = 0; 9 10 #ifdef _DEBUG 11 dwFileOffset = 0x00001FED; 12 #else 13 dwFileOffset = 0x00000828; 14 #endif 15 16 BYTE bCode = 0; 17 DWORD dwReadNum = 0; 18 19 if (argc != 2) 20 { 21 cout << "Please input two argument!" << endl; 22 return -1; 23 } 24 25 DWORD dwErr = 0; 26 27 //打开文件 28 HANDLE hFile = CreateFile(argv[1], GENERIC_WRITE | GENERIC_READ, FILE_SHARE_WRITE | FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); 29 if (INVALID_HANDLE_VALUE == hFile) 30 { 31 dwErr = GetLastError(); 32 cout << __LINE__ << " : CreateFile error ( " << dwErr << " )" <<endl; 33 return -1; 34 } 35 36 if (INVALID_SET_FILE_POINTER == SetFilePointer(hFile, dwFileOffset, NULL, FILE_BEGIN)) 37 { 38 dwErr = GetLastError(); 39 cout << __LINE__ << " : SetFilePointer error ( " << dwErr << " )" <<endl; 40 return -1; 41 } 42 43 if (0 == ReadFile(hFile, (LPVOID)&bCode, sizeof(BYTE), &dwReadNum, NULL)) 44 { 45 dwErr = GetLastError(); 46 cout << __LINE__ << " : ReadFile error ( " << dwErr << " )" <<endl; 47 return -1; 48 } 49 50 //比较当前位置是否为JNZ 51 if (TEXT(‘\x75‘) != bCode) 52 { 53 cout << bCode << endl; 54 CloseHandle(hFile); 55 return -1; 56 } 57 58 //修改为JZ 59 bCode = TEXT(‘\x74‘); 60 if (INVALID_SET_FILE_POINTER == SetFilePointer(hFile, dwFileOffset, 0, FILE_BEGIN)) 61 { 62 dwErr = GetLastError(); 63 cout << __LINE__ << " : SetFilePointer error ( " << dwErr << " )" <<endl; 64 CloseHandle(hFile); 65 return -1; 66 } 67 68 if (0 == WriteFile(hFile, (LPVOID)&bCode, sizeof(BYTE), &dwReadNum, NULL)) 69 { 70 dwErr = GetLastError(); 71 cout << __LINE__ << " : WriteFile error ( " << dwErr << " )" <<endl; 72 CloseHandle(hFile); 73 return -1; 74 } 75 76 cout << "Write JZ is Successfully !" << endl; 77 78 CloseHandle(hFile); 79 80 //运行修改后的程序 81 //int iLen = WideCharToMultiByte(CP_ACP, 0, argv[1], -1, NULL, 0, NULL, NULL); 82 //char *pszFileName = new char[iLen]; 83 //WideCharToMultiByte(CP_ACP, 0, argv[1], -1, pszFileName, iLen, NULL, NULL); 84 //WinExec(pszFileName, SW_SHOW); 85 //delete[] pszFileName; 86 WinExec(argv[1], SW_SHOW); 87 88 return 0; 89 }
这里把上面需要破解的程序拖到文件补丁上打开即可破解。
二、内存补丁
具体方法同上面的文件补丁,只是不需要做VA到FileOffset的转换。
具体代码如下:
1 #include <Windows.h> 2 #include <iostream> 3 4 using namespace std; 5 6 int main(int argc, char **argv) 7 { 8 DWORD dwVAddress = 0; 9 #ifdef _DEBUG 10 dwVAddress = 0x01262BED; 11 #else 12 dwVAddress = 0x01011428; 13 #endif 14 BYTE bCode = 0; 15 DWORD dwReadNum = 0; 16 DWORD dwErr = 0; 17 18 if (argc != 2) 19 { 20 cout << "Please input two argument!" <<endl; 21 return -1; 22 } 23 24 STARTUPINFO si = {0}; 25 si.cb = sizeof(STARTUPINFO); 26 si.wShowWindow = SW_SHOW; 27 si.dwFlags = STARTF_USESHOWWINDOW; 28 29 PROCESS_INFORMATION pi = {0}; 30 31 BOOL bRet = CreateProcess(argv[1], NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, &pi); 32 if (FALSE == bRet) 33 { 34 dwErr = GetLastError(); 35 cout << __LINE__ << " : CreateProcess Error ( " << dwErr << " )" << endl; 36 return -1; 37 } 38 39 ReadProcessMemory(pi.hProcess, (LPVOID)dwVAddress, (LPVOID)&bCode, sizeof(BYTE), &dwReadNum); 40 41 //判断是否为JNZ 42 if (TEXT(‘\x75‘) != bCode) 43 { 44 dwErr = GetLastError(); 45 cout << bCode << endl; 46 CloseHandle(pi.hThread); 47 CloseHandle(pi.hProcess); 48 return -1; 49 } 50 51 //将JNZ修改为JZ 52 bCode = TEXT(‘\x74‘); 53 WriteProcessMemory(pi.hProcess, (LPVOID)dwVAddress, (LPVOID)&bCode, sizeof(BYTE), &dwReadNum); 54 55 ResumeThread(pi.hThread); 56 57 CloseHandle(pi.hThread); 58 CloseHandle(pi.hProcess); 59 60 cout << "Write JZ is Successfully !" << endl; 61 62 return 0; 63 }
原文:http://www.cnblogs.com/qiyueliuguang/p/3544159.html