CYBERsitter 2000
http://www.cybersitter.com
CYBERsitter 2000
輸入註冊碼之後的判斷:
:004D720F A1E0014E00 mov eax,
dword ptr [004E01E0]
:004D7214 8B00
mov eax, dword ptr [eax]
:004D7216 E80547FAFF call 0047B920
//判斷註冊碼
:004D721B 84C0
test al, al
:004D721D 751E
jne 004D723D
* Possible StringData Ref from Code Obj ->"The serial number you entered "
->"is invalid."
|
:004D721F B894854D00 mov eax,
004D8594
:004D7224 E86B53FAFF call 0047C594
啟動時的判斷也是呼叫同一個子程式:
:004C9454 A1E0014E00 mov eax,
dword ptr [004E01E0]
:004C9459 8B00
mov eax, dword ptr [eax]
:004C945B E8C024FBFF call 0047B920
//判斷註冊碼
:004C9460 8B155C014E00 mov edx, dword
ptr [004E015C]
:004C9466 8802
mov byte ptr [edx], al //儲存判斷的結果
:004C9468 A15C014E00 mov eax,
dword ptr [004E015C]
:004C946D 803800
cmp byte ptr [eax], 00 //檢查判斷的結果
:004C9470 755F
jne 004C94D1
:004C9472 A1E0014E00 mov eax,
dword ptr [004E01E0]
* Possible StringData Ref from Code Obj ->"Unregistered"
|
:004C9477 BAC0A24C00 mov edx,
004CA2C0
:004C947C E897AAF3FF call 00403F18
用來判斷註冊碼的子程式如下。顯然這個子程式只被以上兩處呼叫。如果把這個子程式的函式體改掉,讓它總返回1就行了。如果只修改輸入註冊碼時的那條判斷指令,則啟動時還是未註冊。另外,註冊碼很好找的,只要註冊碼的四部分能分別被4個數整除即可,這四個數可能是根據使用者名稱得來的。
* Referenced by a CALL at Addresses:
|:004C945B , :004D7216
|
:0047B920 55
push ebp
:0047B921 8BEC
mov ebp, esp
:0047B923 B904000000 mov ecx,
00000004
:0047B928 6A00
push 00000000
:0047B92A 6A00
push 00000000
:0047B92C 49
dec ecx
:0047B92D 75F9
jne 0047B928
......................................................
:0047BA65 B001
mov al, 01
:0047BA67 84C0
test al, al
:0047BA69 7410
je 0047BA7B
:0047BA6B 8B45EC
mov eax, dword ptr [ebp-14] //註冊碼第一部分
:0047BA6E E891E2F8FF call 00409D04
//atol( )
:0047BA73 99
cdq
:0047BA74 F7FB
idiv ebx
//整除嗎?
:0047BA76 85D2
test edx, edx
:0047BA78 0F94C0
sete al
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047BA69(C)
|
:0047BA7B 84C0
test al, al
:0047BA7D 7410
je 0047BA8F
:0047BA7F 8B45E8
mov eax, dword ptr [ebp-18] //註冊碼第二部分
:0047BA82 E87DE2F8FF call 00409D04
//atol( )
:0047BA87 99
cdq
:0047BA88 F7FE
idiv esi
//整除嗎?
:0047BA8A 85D2
test edx, edx
:0047BA8C 0F94C0
sete al
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047BA7D(C)
|
:0047BA8F 84C0
test al, al
:0047BA91 7411
je 0047BAA4
:0047BA93 8B45E4
mov eax, dword ptr [ebp-1C] //註冊碼第三部分
:0047BA96 E869E2F8FF call 00409D04
//atol( )
:0047BA9B 99
cdq
:0047BA9C F77DF4
idiv [ebp-0C]
//整除嗎
:0047BA9F 85D2
test edx, edx
:0047BAA1 0F94C0
sete al
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047BA91(C)
|
:0047BAA4 84C0
test al, al
:0047BAA6 7411
je 0047BAB9
:0047BAA8 8B45E0
mov eax, dword ptr [ebp-20] //註冊碼第三部分
:0047BAAB E854E2F8FF call 00409D04
//atol( )
:0047BAB0 99
cdq
:0047BAB1 F77DF0
idiv [ebp-10]
//整除嗎?
:0047BAB4 85D2
test edx, edx
:0047BAB6 0F94C0
sete al
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047BAA6(C)
|
:0047BAB9 8845FB
mov byte ptr [ebp-05], al //函式返回值
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0047B95F(C), :0047BA00(U), :0047BA18(U), :0047BA30(U), :0047BA48(U)
|:0047BA5E(U)
|
:0047BABC 33C0
xor eax, eax
:0047BABE 5A
pop edx
:0047BABF 59
pop ecx
:0047BAC0 59
pop ecx
:0047BAC1 648910
mov dword ptr fs:[eax], edx
:0047BAC4 68E6BA4700 push 0047BAE6
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0047BAE4(U)
|
:0047BAC9 8D45DC
lea eax, dword ptr [ebp-24]
:0047BACC BA05000000 mov edx,
00000005
:0047BAD1 E81284F8FF call 00403EE8
:0047BAD6 8D45FC
lea eax, dword ptr [ebp-04]
:0047BAD9 E8E683F8FF call 00403EC4
:0047BADE C3
ret
:0047BADF E9D87DF8FF jmp 004038BC
:0047BAE4 EBE3
jmp 0047BAC9
:0047BAE6 8A45FB
mov al, byte ptr [ebp-05] //函式返回值
:0047BAE9 5F
pop edi
:0047BAEA 5E
pop esi
:0047BAEB 5B
pop ebx
:0047BAEC 8BE5
mov esp, ebp
:0047BAEE 5D
pop ebp
:0047BAEF C3
ret
相關文章
- 迷路大陸 20002024-10-30
- DB Commander 2000 PRO(簡稱DBC_2000)筆記2003-06-18筆記
- 月薪2000的工作2014-01-14
- 加速 Windows 2000(轉)2007-08-11Windows
- 2000-2500板刷2024-03-11
- TRW2000 Ver:1.23 破解 MiniPad 2000
(913字)2001-02-02iPad
- SQL Server 2000 shrink tempdb2010-03-01SQLServer
- webspher+sql2000+jive2005-04-01WebSQL
- WinBoost 2000 Gold 破解教程2015-11-15Go
- jboss3.2初步配置使用心得[windows2000+sql server 2000] (轉)2008-01-31S3WindowsSQLServer
- POJ-2000 Gold Coins2015-08-07Go
- ORA-20000:index is in unusable2014-07-08Index
- sql2000觸發器2009-02-02SQL觸發器
- [zt] SQL Server 2000複製2009-01-14SQLServer
- sqlserver2000排序規則2008-07-02SQLServer排序
- SQL SERVER 2000 解除安裝2011-04-16SQLServer
- 監視 SQL Server 2000 阻塞2006-10-08SQLServer
- windows 2000密碼破解 (轉)2007-12-05Windows密碼
- SQL Server 2000 建立統計2009-06-25SQLServer
- ISO/IEC 20000簡介2009-08-14
- Windows 2000程式細述. (轉)2007-10-17Windows
- CF2000 A~C 題解2024-08-21
- HDOJ2000題Java程式碼2019-01-15Java
- NOIP2000方格取數[DP]2016-08-29
- Cloning An Oracle Database on Windows NT/20002009-03-05OracleDatabaseWindows
- ORA-20005: object statistics are locked2010-02-08Object
- 關於sqlserver2000的 jdbc2003-06-19SQLServerJDBC
- SQL SERVER 2000壓力測試2002-02-08SQLServer
- win2000 下 CMD命令全集2006-10-17
- CrackCode2000使用介紹2015-11-15
- Windows 2000 的安全隱患 (轉)2007-12-03Windows
- JDBC連線SQLServer2000 (轉)2007-12-14JDBCSQLServer
- 打死也不用SQL Server 2000 了2009-06-17SQLServer
- ITIL V2+ISO 200002009-09-07
- Windows 2000的最佳化(轉)2007-08-12Windows
- Windows2000光碟探寶(轉)2007-08-11Windows
- Windows 2000 IIS 5.0新功能(轉)2007-08-11Windows
- win2000下“開啟”對話方塊實現2000的風格綜述 (轉)2008-01-31