Subject: [HC] 破 Go!Zilla v2.11a 之一
Resent-Date: Fri, 12 Dec 1997 05:38:20 +0800
Resent-From: hc@ftp1.gep.ncu.edu.tw
Date: Fri, 12 Dec 1997 05:28:15 +0800 (CST)
From: ue83b33 <ue83b33@linux.ee.ttit.edu.tw>
To: hc@ftp1.gep.ncu.edu.tw
请用archie 找 gozil211.exe 631,428 byte
解开安装後 go.exe 582144 byte
是一个支援续传的软体,让你用 netscape,IE, 抓档案更好抓
(1) 输入 address(大於6个字),code (10个字比较好),
按ctrl-d 进入 winice 下 bpx hmemcpy ,按 F5 返回 win95,按下OK
(2) 被 winice 拦下,下bc* 清除中断点
再来就是 F12, F10 的应用了,大家都知道了吧,
到了 cs: call xxxxxxxx
或是偷懒下 g 0040a9a2
按F8 进入观察,目标 : eax 不等於 0
(3) 到了 cs:0040afa4 call xxxxxxxx
cs:0040afa9 cmp eax,-1
cs:0040afac jnz 0040afb4
出来时这边要 eax 要不等於 ffffffff
此时 eax = ffffffff,所以要改一下暂存器的值
好了,随便一个值而已
(4) 再来我就猜测,可能这个地方和判段注册成功有关连
当然可能有很多地方,这可能是其中之一
那我就在这边设断点,下 BPX 0040AFA4
结束程式,在执行一次 GO.EXE
(5) 结果在这边被拦住了,一样的,执行完了这行
下 r eax 0 ,按一下 F12
到了 CS: 0040A186 ADD ESP ,8
CS: 0040A189 TEST EAX,EAX
此时, EAX =0,
试试运气吧,把 JZ 改成 NOP 好了
下 CODE ON,观看机械码
下A,就是组译的意思,输入 NOP 两次
按一下 F5,嘿,注册成功了
(6) 所以了,改两个地方,
把 CS: 0040A18B JZ 0040A197
改成 NOP
找 740AC7053837
改 9090-------- - 表示不变
还有
cs:0040afac jnz 0040afb4
改成 NOP
找 FF7506C645FC00
改 9090---------- - 表示不变
Subject: [HC] 破 Go!Zilla v2.11a 之二
Resent-Date: Fri, 12 Dec 1997 05:38:45 +0800
Resent-From: hc@ftp1.gep.ncu.edu.tw
Date: Fri, 12 Dec 1997 05:30:16 +0800 (CST)
From: ue83b33 <ue83b33@linux.ee.ttit.edu.tw>
To: hc@ftp1.gep.ncu.edu.tw
再来就作一个简单的注册机
将这个执行档,放在和 Go!Zilla 同一个目录在执行就行了
会帮你修改go.exe
档名我是以 HC 开头,类似外国的一个高手
他写的注册机都是用 PC 开头
.model small
CREATE MACRO PATH,ATTR ; 建立档案代号
LEA DX,PATH
MOV CL,ATTR
MOV CH,0
MOV AH,3CH
INT 21H
ENDM ;;; OVER CREATE
OPEN MACRO PATH,MODE ; 开启档案
LEA DX,PATH
MOV AL,MODE
MOV AH,3DH
INT 21H
ENDM ;;; OVER OPEN
READ MACRO HANDLE,BUFF,BYTE ; 读取档案
LEA DX,BUFF
MOV CX,BYTE
MOV BX,HANDLE
MOV AH,3FH
INT 21H
ENDM
WRITE MACRO HANDLE,BUFF,BYTE ; 写入档案
LEA DX,BUFF
MOV CX,BYTE
MOV BX,HANDLE
MOV AH,40H
INT 21H
ENDM ;;; OVER WRITE
CLOSE MACRO HANDLE ; 关闭档案
MOV BX,HANDLE
MOV AH,3EH
INT 21H
ENDM ;;; OVER CLOSE
MOVPTR MACRO HANDLE,HIGH,LOW,METHOD ; 移动档案读写指标
MOV BX,HANDLE
MOV CX,HIGH
MOV DX,LOW
MOV AL,METHOD
MOV AH,42H
INT 21H
ENDM ;;; OVER MOVPTR
ASCIIZ MACRO BUF,NUM ; 字串末端加零
PUSH BX
MOV BX,0
MOV BL,NUM
ADD BX,OFFSET BUF
MOV BYTE PTR [BX],0
POP BX
ENDM ;;; OVER ASCIIZ
.stack
.data
NEWLINE DB 0AH,0DH,'$'
PATH1 DB 'go.exe',0
PATH2 DB 'TEST2.TXT',0
H1 DW ?
BUFF DB 90H,90H,0
MSG DB ' I can not find go.exe$'
MSG1 DB ' I HAVE PATCHED GO.EXE$'
MSG2 db 'This is Go!Zilla v2.11a registred machine',0ah,0dh
MSG3 DB 'Are you sure go.exe is v2.11a and 582144 byte ?',0ah,0dh
MSG4 DB 'press y/Y to patch go.exe and any other key to exit. $'
.code
main proc
MOV AX ,@DATA
MOV DS,AX
MOV ES,AX
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
LEA DX,MSG2
MOV AH,9
INT 21H
LEA DX,NEWLINE
INT 21H
MOV AH,1
INT 21H
CMP AL,'Y'
JE YES
CMP AL,'y'
JE YES
JMP OVER
YES:
OPEN PATH1,2
MOV H1,AX
CMP AX,2
JE OVER1
JMP MOVE1
OVER1:
JMP OVER2
MOV H1,AX
MOVE1:
MOVPTR H1,0,30000,0
MOVPTR H1,0,8283,1 ;
WRITE H1,BUFF,2
MOVPTR H1,0,3615,1
LEA DX,MSG1
MOV AH,9
INT 21H
JMP OVER
OVER2:
LEA DX,MSG
MOV AH,9
INT 21H
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
OVER:
mov ah,4ch
int 21h
main endp
end main
Subject: [HC] 破 Go!Zilla v2.11a 之叁
Resent-Date: Fri, 12 Dec 1997 05:38:57 +0800
Resent-From: hc@ftp1.gep.ncu.edu.tw
Date: Fri, 12 Dec 1997 05:33:06 +0800 (CST)
From: ue83b33 <ue83b33@linux.ee.ttit.edu.tw>
To: hc@ftp1.gep.ncu.edu.tw
这是破解档
用 uuencode 编码的
因这个档很小,所以我附上了,若太大我是不会附的,以免增加大家的困扰
begin 644 HC_Go!zilla_v2.11a.EXE
M35IV`0(``0`@`$$`__\8```$'^T`````'@````$``0``````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M``````````````````````"X"0".V([`C192`+0)S2&-%@8`S2&T`<TA/%ET
M!SQY=`/K;I"-%@D`L`*T/<TAHQH`/0(`=`/K!Y#K3I"C&@"+'AH`N0``NC!U
ML`"T0LTABQX:`+D``+I;(+`!M$+-(8T6'`"Y`@"+'AH`M$#-(8L>&@"Y``"Z
M'PZP`;1"S2&-%CD`M`G-(>L)D(T6'P"T"<TAM$S-(0`*#21G;RYE>&4`5$53
M5#(N5%A4````D)``("`@($D@8V%N(&YO="!F:6YD(&=O+F5X920@("!)($A!
M5D4@4$%40TA%1"!'3RY%6$4D5&AI<R!I<R!';R%::6QL82!V,BXQ,6$@<F5G
M:7-T<F5D(&UA8VAI;F4*#4%R92!Y;W4@<W5R92!G;RYE>&4@:7,@=C(N,3%A
M(&%N9"`U.#(Q-#0@8GET92`_"@UP<F5S<R`@>2]9("!T;R!P871C:"!G;RYE
?>&4@86YD(&%N>2!O=&AE<B!K97D@=&\@97AI="X@)"
`
end