bestorm fuzz软件破解

漏洞挖掘中很重要的一门学科就是fuzz技术，包括本地参数与网络溢出，其中网络方面bestorm是商业软件，行业老大，使用也方便，特别是tcp的fuzz支持各种协议，如http、ftp、smtp等。

    试用版本有30分钟限制，以下给出破解方法（具体跟版本有关系），共参考：

00445C54 |. /0F8F FC020000         |jg      00445F56 ==>跳到下面过期代码
00445C5A |. |7C 0B                 |jl      short 00445C67
00445C5C |. |3D BC070000           |cmp     eax, 7BC
00445C61 |. |0F87 EF020000         |ja      00445F56 ==>跳到下面过期代码
====================以上四行代码直接90掉

00445F56 |> 8BCE                  mov     ecx, esi
00445F58 |. E8 E3E6FFFF           call    00444640
00445F5D |. 6A 1E                 push    1E                                            ; /<%d> = 1E (30.)
00445F5F |. 68 88335200           push    00523388                                      ; |bestorm trial cannot run test for more than %d minutes. bestorm would now exit.[%08x] session::continueattack() - done.
00445F64 |. 8D8C24 BC030000       lea     ecx, dword ptr [esp+3BC]                      ; |
00445F6B |. 68 00040000           push    400                                           ; |count = 400 (1024.)
00445F70 |. 51                    push    ecx                                           ; |s
00445F71 |. FF15 C05A5000         call    dword ptr [<&MSVCR80._snprintf>]              ; \_snprintf

004A1AF3   . 894424 58     mov     dword ptr [esp+58], eax
004A1AF7   . 895424 5C     mov     dword ptr [esp+5C], edx
004A1AFB   . 0F88 91000000 js      004A1B92   =====>jmp
004A1B01   . 7F 0B         jg      short 004A1B0E
004A1B03   . 3D 08070000   cmp     eax, 708
004A1B08   . 0F86 84000000 jbe     004A1B92
004A1B0E   > 8BCE          mov     ecx, esi
004A1B10   . E8 EBA8FFFF   call    0049C400
004A1B15   . 68 00040000   push    400                              ; /n = 400 (1024.)
004A1B1A   . 8D9424 FD4400>lea     edx, dword ptr [esp+44FD]        ; |
004A1B21   . 6A 00         push    0                                ; |c = 00
004A1B23   . 52            push    edx                              ; |s

004A1B24   . C68424 044500>mov     byte ptr [esp+4504], 0           ; |
004A1B2C   . E8 59400400   call    <jmp.&MSVCR80.memset>            ; memset
004A1B31   . 6A 1E         push    1E                               ; /<%d> = 1E (30.)
004A1B33   . 68 88335200   push    00523388                         ; |bestorm trial cannot run test for more than %d minutes. bestorm would now exit.
004A1B38   . 8D8424 0C4500>lea     eax, dword ptr [esp+450C]        ; |
004A1B3F   . 68 00040000   push    400                              ; |count = 400 (1024.)
004A1B44   . 50            push    eax                              ; |s
004A1B45   . FF15 C05A5000 call    dword ptr [<&MSVCR80._snprintf>] ; \_snprintf