本文详细介绍了如何利用DCU32INT工具破解EurekaLog6.0.5试用版,通过转换DCU文件并分析代码,找到触发NAG窗口的时间判断逻辑,并对其进行修改,最终实现永久使用。文章提供了具体步骤和关键代码片段,旨在分享破解过程。
【破解日期】 2007年6月4日
【破解作者】 qdlsy
【作者邮箱】 mei
【作者主页】 http://www.没有.com
【使用工具】 DCU32INT,UltraEdit
【破解平台】 2000/XP
【软件名称】 EurekaLog 6.0.5 Trial
【下载地址】 http://www.eurekalog.com/downloads.php
【软件简介】 EurekaLog is a complete bug resolution tool for Delphi and C++Builder developers that gives your application the power to catch every exception and memory leak, generating a detailed log of the call stack (with unit, procedure and line number), optionally sending you a copy of each log entry via email or the Web.
【软件大小】
【加壳方式】 编译的程序30天后出现NAG
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
先介绍一个软件——DCU32INT,用法如下:
DCU32INT <Source file name> <Switches> [<Destination file name>]
Destination file may contain * to be replaced by the unit name or name and
extension. If * is the last char in the name, it will be replaced by
<Unit name>.int, else - by <Unit name>.
Destination file = "-" => write to stdout.
Flags (start with "/" or "-"):
-S<show flag>* - Show flags (-S - show all), default: (+) - on, (-) - off
A(-) - show Address table
C(-) - don't resolve Constant values
D(-) - show Data block
d(-) - show dot types
F(-) - show Fixups
H(+) - show Heuristic strings
I(+) - show Imported names
L(-) - show table of Local variables
M(-) - don't resolve class Methods
O(-) - show file Offsets
S(-) - show Self arguments of methods and 2nd call flags of `structors
T(-) - show Type table
U(-) - show Units of imported names
V(-) - show auxiliary Values
v(-) - show VMT
-O<option>* - code generation options, default: (+) - on, (-) - off
V(-) - typed constants as variables
-I - interface part only
-U<paths> - Unit directories
-P<paths> - Pascal source directories (just "-P" means: "seek for *.pas in
the unit directory"). Without this parameter src lines won't be reported
-R<Alias>=<unit>[;<Alias>=<unit>]* - set unit aliases
-N<Prefix> - No Name Prefix ("%" - Scope char)
-D<Prefix> - Dot Name Prefix ("%" - Scope char)
-A<Mode> - disAssembler mode
S(+) - simple Sequential (all memory is a sequence of ops)
C(-) - control flow
英文水平太烂了,只选了个“-S”参数,呵呵!
接下来就是打开目标程序目录下的几个.DCU文件了,初步判断可能是ExceptionLog.dcu文件,个头大,功能肯定都在里面。
用DCU32INT转换一下后得到一个Delphi的.pas文件,我是用UE打开查看的。
然后在生成的文件中查找NAG出现的相关提示,果然在里面,贴代码片段如下:
// -- Line #16150 --
241_4155E: |E8(00 00 00 00 | CALL K2 IntoIDE{0x18} //如果是IDE环境,就永远不会出现NAG窗口
246_41563: |84 C0 | TEST AL,AL
248_41565: |75 28 | JNE +40; (0x272) //如果不是IDE环境这里不跳
24A_41567: |DD 45 F0 | FLD QWORD PTR [EBP-16{NowTime}] //多么明显的时间标志
24D_4156A: |8B 45 FC | MOV EAX,DWORD PTR [EBP-4{ModuleInfo}]
250_4156D: |DC 60 1B | FSUB QWORD PTR [EAX+27]
253_41570: |D8 1D(A0 08 00 00 | FCOMP DWORD PTR [K1 '' {Init{0x12DC}+2208}]
259_41576: |DF E0 | FSTSW AX
25B_41578: |9E | SAHF
25C_41579: |72 18 | JB +24; (0x276)
25E_4157B: |DD 45 F0 | FLD QWORD PTR [EBP-16{NowTime}] //多么明显的时间标志
261_4157E: |8B 45 FC | MOV EAX,DWORD PTR [EBP-4{ModuleInfo}]
264_41581: |DC 60 1B | FSUB QWORD PTR [EAX+27]
267_41584: |D8 1D(A4 08 00 00 | FCOMP DWORD PTR [K1 '' {Init{0x12DC}+2212}]
26D_4158A: |DF E0 | FSTSW AX
26F_4158C: |9E | SAHF
270_4158D: |77 04 | JA +4; (0x276) //超过试用时间了就跳走
272_4158F: |33 C0 | XOR EAX,EAX //否则过期标志清零
274_41591: |EB 02 | JMP +2; (0x278)
276_41593: |B0 01 | MOV AL{TrialExpired},$01 //上面跳到这里,置试用标志为1
// -- Line #16154 --
278_41595: |84 C0 | TEST AL{TrialExpired},AL{TrialExpired} //来两句经典
27A_41597: |0F 84 A2 00 00 00 | JE +162; (0x322) //看看跳这么远,早就跳过下面的NAG提示了
// -- Line #16156 --
280_4159D: |A1(00 00 00 00 | MOV EAX,DWORD PTR [K3 IsConsole{0x375}] //下面就无关紧要了,不说了^_^
285_415A2: |80 38 00 | CMP BYTE PTR [EAX],$00
288_415A5: |74 1B | JE +27; (0x2A5)
// -- Line #16157 --
28A_415A7: |A1(00 00 00 00 | MOV EAX,DWORD PTR [K3 Output{0x377}]
28F_415AC: |BA(B0 08 00 00 | MOV EDX,K1 'The "%s" program is compiled with EurekaLog 6.0.5 trial version.'#13#10'You can test this program for 30 days after its compilation.'#13#10'To buy the EurekaLog full version go to:
28F_415B1: |E8(00 00 00 00 | CALL K2 @Write0LString{0x39F}
299_415B6: |E8(00 00 00 00 | CALL K2 @WriteLn{0x3A0}
29E_415BB: |E8(00 00 00 00 | CALL K2 @_IOTest{0x3A1}
2A3_415C0: |EB 58 | JMP +88; (0x2FD)
// -- Line #16159 --
2A5_415C2: |E8(00 00 00 00 | CALL K2 IsWeb{0x96F}
2AA_415C7: |84 C0 | TEST AL,AL
2AC_415C9: |75 4F | JNE +79; (0x2FD)
// -- Line #16160 --
2AE_415CB: |68 10 20 24 00 | PUSH $00242010
2B3_415D0: |68(74 09 00 00 | PUSH K1 'Error.' {Init{0x12DC}+2420}
2B8_415D5: |8D 45 D8 | LEA EAX,DWORD PTR [EBP-40]
2BB_415D8: |50 | PUSH EAX
2BC_415D9: |8D 55 C8 | LEA EDX,DWORD PTR [EBP-56]
2BF_415DC: |A1(00 00 00 00 | MOV EAX,DWORD PTR [K1 HInstance{0x302}]
2C4_415E1: |E8(00 00 00 00 | CALL K2 ModuleFileName{0x797}
2C9_415E6: |8B 45 C8 | MOV EAX,DWORD PTR [EBP-56]
2CC_415E9: |8D 55 CC | LEA EDX,DWORD PTR [EBP-52]
2CF_415EC: |E8(00 00 00 00 | CALL K2 ExtractFileName{0x120}
2D4_415F1: |8B 45 CC | MOV EAX,DWORD PTR [EBP-52]
2D7_415F4: |89 45 D0 | MOV DWORD PTR [EBP-48],EAX
2DA_415F7: |C6 45 D4 0B | MOV BYTE PTR [EBP-44],$0B
2DE_415FB: |8D 55 D0 | LEA EDX,DWORD PTR [EBP-48]
2E1_415FE: |B8(B0 08 00 00 | MOV EAX,K1 'The "%s" program is compiled with EurekaLog 6.0.5 trial version.'#13#10'You can test this program for 30 days after its compilation.'#13#10'To buy the EurekaLog full version go to:
2E8_41603: |33 C9 | XOR ECX,ECX
2E8_41605: |E8(00 00 00 00 | CALL K2 Format{0x122}
2ED_4160A: |8B 45 D8 | MOV EAX,DWORD PTR [EBP-40]
2F0_4160D: |E8(00 00 00 00 | CALL K2 @LStrToPChar{0x342}
2F5_41612: |50 | PUSH EAX
2F6_41613: |6A 00 | PUSH $00
2F8_41615: |E8(00 00 00 00 | CALL K2 MessageBox{0x1AC} //NAG出现的地方,讨厌!
// -- Line #16163 --
2FD_4161A: |A1(00 00 00 00 | MOV EAX,DWORD PTR [K1 ModulesList{0x6A7}]
302_4161F: |E8(00 00 00 00 | CALL K2 TObject.Free{0x341}
至此,破解方法已经很明显了,我是把
241_4155E: |E8 00 00 00 00 | CALL K2 IntoIDE{0x18}
改成
241_4155E: |B8 01 00 00 00 | MOV EAX,1
免得下面再判断时间什么的,简直就是浪费时间嘛!
第一篇破文,谢谢观看~
扫一扫
332
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
