灵格斯词霸去除时间限制和广告

灵格斯词霸是非常好用的词典,但其强制升级很让人头疼。下面内容记录了去除其时间限制的办法。

去除广告主要是将

update目录名称修改成其他名称即可。

OllyDbg载入,Ctrl-N打开导入表,下断唯一和时间相关的函数MSVCRT.time,F9执行,中断N次后到达:

00482841 |. E8 0A15FFFF call 00473D50
00482846 |. 84C0 test al, al
00482848 |. 0F84 BC000000 je 0048290A ; 过期就么有跳
0048284E |. 6A 00 push 0
00482850 |. 8BCD mov ecx, ebp

修改成

00482841 |. E8 0A15FFFF call 00473D50
00482846 |. 84C0 test al, al
00482848 E9 BD000000 jmp 0048290A ; 过期就么有跳
0048284D 90 nop
0048284E |. 6A 00 push 0
00482850 |. 8BCD mov ecx, ebp

打开WinHex查找
0A15FFFF84C00F84BC000000
替换为
0A15FFFF84C0E9BD00000090

用上面方法不知道什么原因灵格斯词霸运行一段时间后会自动退出,于是尝试为程序打动态补丁。

代码如下:

bytesPatchData : array[0..5] of byte = ($E9, $BD, 00, 00, 00, 90); // 补丁数据

procedure TForm1.FormCreate(Sender: TObject);
var
strApplicationPath : string; // 应用程序当前路径

pi : PROCESS_INFORMATION; // 程序信息???
si : STARTUPINFO ;

bytesOldData : array[0..1] of byte; // 用于读取旧数据
dwPatchDataSize : DWORD; // 补丁数据长度
// ReadProcessMemory、WriteProcessMemory 函数中最后一个参数 用于得到实际数据长度
dwBytesRead : DWORD;
begin
strApplicationPath:=ExtractFileDir(Application.ExeName );
if FileExists(strApplicationPath + ‘\Lingoes.exe’) then
begin
ZeroMemory(@Pi,SizeOf(pi));
FillChar(si,SizeOf(si),0);
si.cb :=SizeOf(si);

if CreateProcess (nil, ‘Lingoes.exe’, nil, nil, False, CREATE_SUSPENDED, nil ,nil, si, pi)=True then
begin
ReadProcessMemory(pi.hProcess, Pointer($00482848), @bytesOldData, 2, dwBytesRead);
if (bytesOldData[0]=$0F) and (bytesOldData[1]=$84) then
begin
// 获得补丁数据长度
dwPatchDataSize := SizeOf(bytesPatchData);
// 将补丁数据写入进程
WriteProcessMemory(pi.hProcess, Pointer($00482848), @bytesPatchData, dwPatchDataSize, dwBytesRead);
ResumeThread(pi.hThread);
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
end
else
begin
ShowMessage(‘程序版本错误,无法写入内存补丁!’);
TerminateProcess(pi.hProcess ,0);
CloseHandle(pi.hProcess );
CloseHandle(pi.hThread);
end;
end;
end
else
begin
ShowMessage(‘本补丁必须与目标文件放在同一目录下’);
end;
Application.Terminate;
end;

http://blog.csdn.net/suolao/archive/2010/09/12/5879307.aspx
This entry was posted in Computer science. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s