《漂葉網咖管理系統4.0》破解心得: (9千字)
軟體名稱:漂葉網咖管理系統
版 本:4.0
下載地址:http://go4.163.com/~piaoyes/
破解工具:softice for win95
破解過程:(第一次寫心得,亂遭遭的,各位別笑)
執行該軟體,註冊,隨便輸入網咖名稱:abcd及註冊碼:123456,按^D啟用softice,下中斷bpx hmemcpy,按F5返回,點註冊,立即被中斷,再bc
*,按12次F12和幾次F10後,來到這裡:
016F:00517733 MOV EAX,[EBP+FFFFFDF8]
016F:00517739 LEA EDX,[EBP+FFFFFDFC]
016F:0051773F CALL 004096D4
016F:00517744 MOV EAX,[EBP+FFFFFDFC]
016F:0051774A MOV ECX,09
016F:0051774F MOV EDX,0A
016F:00517754 CALL 00404134
016F:00517759 LEA EAX,[EBP-28]
016F:0051775C PUSH EAX
016F:0051775D LEA EDX,[EBP+FFFFFDF0]
016F:00517763 MOV EAX,[EBP-04]
016F:00517766 MOV EAX,[EAX+0314]
016F:0051776C CALL 00433E30
016F:00517771 MOV EAX,[EBP+FFFFFDF0]
016F:00517777 LEA EDX,[EBP+FFFFFDF4]
016F:0051777D CALL 004096D4
016F:00517782 MOV EAX,[EBP+FFFFFDF4]
016F:00517788 MOV ECX,08
016F:0051778D MOV EDX,01
016F:00517792 CALL 00404134
016F:00517797 LEA EDX,[EBP-08]
016F:0051779A MOV EAX,[EBP-34]
016F:0051779D CALL 00402C88
016F:005177A2 CMP DWORD [EBP-08],BYTE +00 ;檢查註冊碼的格式是否合格
016F:005177A6 JZ 005177C2 ;是則跳過去
016F:005177A8 PUSH BYTE +00
016F:005177AA MOV CX,[00517E68]
016F:005177B1 XOR EDX,EDX
016F:005177B3 MOV EAX,00517E74
016F:005177B8 CALL 00457674 ;顯示錯誤資訊
016F:005177BD JMP 00517D86
結果由於輸入的註冊碼格式不合而跳不過去,經分析它要求的格式是這樣的:XXXXXXXX-XXXXXXXXX(其中的X為數字),於是重新輸入註冊碼:12345678-987654321便可跳過這步,來到
016F:005177C2 MOV EAX,[EBP-34]
016F:005177C5 CALL 00409984
016F:005177CA MOV EBX,EAX
016F:005177CC MOV EAX,EBX
016F:005177CE MOV ECX,B5
016F:005177D3 CDQ
016F:005177D4 IDIV ECX
016F:005177D6 IMUL EAX,EAX,C4
016F:005177DC XOR EAX,025DAFF2
016F:005177E1 CDQ
016F:005177E2 XOR EAX,EDX
016F:005177E4 SUB EAX,EDX
016F:005177E6 ADD EAX,08392AF4
016F:005177EB MOV EBX,EAX
016F:005177ED LEA EAX,[EBP-0C]
016F:005177F0 PUSH EAX
016F:005177F1 LEA EDX,[EBP+FFFFFDEC]
016F:005177F7 MOV EAX,EBX
016F:005177F9 CALL 00409954
016F:005177FE MOV EAX,[EBP+FFFFFDEC]
016F:00517804 MOV ECX,08
016F:00517809 MOV EDX,01
016F:0051780E CALL 00404134
016F:00517813 LEA EAX,[EBP-10]
016F:00517816 MOV EDX,00517E94
016F:0051781B CALL 00403D44
016F:00517820 LEA EAX,[EBP-14]
016F:00517823 CALL 00403CAC
016F:00517828 MOV EBX,01
016F:0051782D LEA EAX,[EBP+FFFFFDE8]
016F:00517833 MOV EDX,[EBP-10]
016F:00517836 MOVZX EDX,BYTE [EDX+EBX-01]
016F:0051783B SUB EDX,BYTE +31
016F:0051783E MOV ECX,[EBP-0C]
016F:00517841 MOV DL,[ECX+EDX]
016F:00517844 CALL 00403E54
016F:00517849 MOV EDX,[EBP+FFFFFDE8]
016F:0051784F LEA EAX,[EBP-14]
016F:00517852 CALL 00403F34
016F:00517857 INC EBX
016F:00517858 CMP EBX,BYTE +09
016F:0051785B JNZ 0051782D
016F:0051785D MOV EAX,[EBP-14]
016F:00517860 MOV EDX,[EBP-28]
016F:00517863 CALL 0040403C ;在此處下中斷,這個CALL是檢查註冊碼的前8位與後9位之間的某種聯絡。
中斷後,下命令d eax可見到“97641521”的字樣,d edx則見到的是假註冊碼的前8位(即“12345678”),顯然,如果註冊碼的前8位不是“97641521”的話,下一句就跳不過去而出錯。
016F:00517868 JZ 00517884
016F:0051786A PUSH BYTE +00
016F:0051786C MOV CX,[00517E68]
016F:00517873 XOR EDX,EDX
016F:00517875 MOV EAX,00517EA8
016F:0051787A CALL 00457674 ;顯示錯誤資訊
016F:0051787F JMP 00517D86
重新輸入註冊碼:97641521-987654321,則可來到
016F:00517884 LEA EDX,[EBP+FFFFFDE4]
016F:0051788A MOV EAX,[EBP-04]
016F:0051788D MOV EAX,[EAX+0304]
016F:00517893 CALL 00433E30
016F:00517898 MOV EAX,[EBP+FFFFFDE4]
016F:0051789E LEA EDX,[EBP-18]
016F:005178A1 CALL 004096D4
016F:005178A6 LEA EAX,[EBP-1C]
016F:005178A9 MOV EDX,00517EC8
016F:005178AE CALL 00403D44
016F:005178B3 MOV EAX,[00522408]
016F:005178B8 PUSH EAX
016F:005178B9 LEA EDX,[EBP+FFFFFDDC]
016F:005178BF MOV EAX,[EBP-04]
016F:005178C2 MOV EAX,[EAX+0314]
016F:005178C8 CALL 00433E30
016F:005178CD MOV EAX,[EBP+FFFFFDDC]
016F:005178D3 LEA EDX,[EBP+FFFFFDE0]
016F:005178D9 CALL 004096D4
016F:005178DE MOV EAX,[EBP+FFFFFDE0]
016F:005178E4 MOV ECX,03
016F:005178E9 MOV EDX,0A
016F:005178EE CALL 00404134
016F:005178F3 MOV ESI,01
016F:005178F8 MOV EDI,005556B5
016F:005178FD MOV EAX,[EBP-18]
016F:00517900 CALL 00403F2C
016F:00517905 MOV ECX,EAX
016F:00517907 TEST ECX,ECX
016F:00517909 JNG 00517932
016F:0051790B MOV EBX,01
016F:00517910 MOV EAX,[EBP-18]
016F:00517913 MOVZX EAX,BYTE [EAX+EBX-01]
016F:00517918 IMUL ESI
016F:0051791A ADD EAX,0F48
016F:0051791F CDQ
016F:00517920 XOR EAX,EDX
016F:00517922 SUB EAX,EDX
016F:00517924 MOV ESI,000F4240
016F:00517929 CDQ
016F:0051792A IDIV ESI
016F:0051792C MOV ESI,EDX
016F:0051792E INC EBX
016F:0051792F DEC ECX
016F:00517930 JNZ 00517910
016F:00517932 MOV EAX,[EBP-1C]
016F:00517935 CALL 00403F2C
016F:0051793A MOV ECX,EAX
016F:0051793C SUB ECX,BYTE +02
016F:0051793F JL 00517969
016F:00517941 INC ECX
016F:00517942 MOV EBX,02
016F:00517947 MOV EAX,[EBP-1C]
016F:0051794A MOVZX EAX,BYTE [EAX+EBX-01]
016F:0051794F IMUL ESI
016F:00517951 ADD EAX,0F83
016F:00517956 CDQ
016F:00517957 XOR EAX,EDX
016F:00517959 SUB EAX,EDX
016F:0051795B MOV ESI,000F4240
016F:00517960 CDQ
016F:00517961 IDIV ESI
016F:00517963 MOV ESI,EDX
016F:00517965 INC EBX
016F:00517966 DEC ECX
016F:00517967 JNZ 00517947
016F:00517969 MOV EAX,[EBP-18]
016F:0051796C CALL 00403F2C
016F:00517971 MOV EBX,EAX
016F:00517973 MOV EAX,[EBP-1C]
016F:00517976 CALL 00403F2C
016F:0051797B ADD EBX,EAX
016F:0051797D MOV EAX,EBX
016F:0051797F ADD EDI,ESI
016F:00517981 IMUL EDI
016F:00517983 CDQ
016F:00517984 XOR EAX,EDX
016F:00517986 SUB EAX,EDX
016F:00517988 ADD EAX,00A35B08
016F:0051798D MOV ESI,EAX
016F:0051798F LEA EAX,[EBP+FFFFFDD8]
016F:00517995 PUSH EAX
016F:00517996 LEA EDX,[EBP+FFFFFDD4]
016F:0051799C MOV EAX,ESI
016F:0051799E CALL 00409954
016F:005179A3 MOV EAX,[EBP+FFFFFDD4]
016F:005179A9 MOV ECX,06
016F:005179AE MOV EDX,01
016F:005179B3 CALL 00404134
016F:005179B8 MOV ECX,[EBP+FFFFFDD8]
016F:005179BE MOV EDX,[00522408]
016F:005179C4 MOV EDX,[EDX]
016F:005179C6 LEA EAX,[EBP-2C]
016F:005179C9 CALL 00403F78
016F:005179CE LEA EAX,[EBP+FFFFFDCC]
016F:005179D4 PUSH EAX
016F:005179D5 LEA EDX,[EBP+FFFFFDC8]
016F:005179DB MOV EAX,ESI
016F:005179DD CALL 00409954
016F:005179E2 MOV EAX,[EBP+FFFFFDC8]
016F:005179E8 MOV ECX,06
016F:005179ED MOV EDX,01
016F:005179F2 CALL 00404134
016F:005179F7 MOV ECX,[EBP+FFFFFDCC]
016F:005179FD MOV EDX,[00522408]
016F:00517A03 MOV EDX,[EDX]
016F:00517A05 LEA EAX,[EBP+FFFFFDD0]
016F:00517A0B CALL 00403F78
016F:00517A10 MOV EAX,[EBP+FFFFFDD0]
016F:00517A16 CALL 00409984
016F:00517A1B MOV ESI,EAX
016F:00517A1D MOV EAX,ESI
016F:00517A1F MOV ECX,B5
016F:00517A24 CDQ
016F:00517A25 IDIV ECX
016F:00517A27 IMUL EAX,EAX,C4
016F:00517A2D XOR EAX,025DAFF2
016F:00517A32 CDQ
016F:00517A33 XOR EAX,EDX
016F:00517A35 SUB EAX,EDX
016F:00517A37 ADD EAX,08392AF4
016F:00517A3C MOV ESI,EAX
016F:00517A3E LEA EAX,[EBP-18]
016F:00517A41 PUSH EAX
016F:00517A42 LEA EDX,[EBP+FFFFFDC4]
016F:00517A48 MOV EAX,ESI
016F:00517A4A CALL 00409954
016F:00517A4F MOV EAX,[EBP+FFFFFDC4]
016F:00517A55 MOV ECX,08
016F:00517A5A MOV EDX,01
016F:00517A5F CALL 00404134
016F:00517A64 LEA EAX,[EBP-1C]
016F:00517A67 MOV EDX,00517E94
016F:00517A6C CALL 00403D44
016F:00517A71 LEA EAX,[EBP-24]
016F:00517A74 CALL 00403CAC
016F:00517A79 MOV EBX,01
016F:00517A7E LEA EAX,[EBP+FFFFFDC0]
016F:00517A84 MOV EDX,[EBP-1C]
016F:00517A87 MOVZX EDX,BYTE [EDX+EBX-01]
016F:00517A8C SUB EDX,BYTE +31
016F:00517A8F MOV ECX,[EBP-18]
016F:00517A92 MOV DL,[ECX+EDX]
016F:00517A95 CALL 00403E54
016F:00517A9A MOV EDX,[EBP+FFFFFDC0]
016F:00517AA0 LEA EAX,[EBP-24]
016F:00517AA3 CALL 00403F34
016F:00517AA8 INC EBX
016F:00517AA9 CMP EBX,BYTE +09
016F:00517AAC JNZ 00517A7E
016F:00517AAE PUSH DWORD [EBP-24]
016F:00517AB1 PUSH DWORD 00517EDC
016F:00517AB6 PUSH DWORD [EBP-2C]
016F:00517AB9 LEA EAX,[EBP-20]
016F:00517ABC MOV EDX,03
016F:00517AC1 CALL 00403FEC
016F:00517AC6 LEA EAX,[EBP+FFFFFDBC]
016F:00517ACC PUSH EAX
016F:00517ACD LEA EDX,[EBP+FFFFFDB4]
016F:00517AD3 MOV EAX,[EBP-04]
016F:00517AD6 MOV EAX,[EAX+0314]
016F:00517ADC CALL 00433E30
016F:00517AE1 MOV EAX,[EBP+FFFFFDB4]
016F:00517AE7 LEA EDX,[EBP+FFFFFDB8]
016F:00517AED CALL 004096D4
016F:00517AF2 MOV EAX,[EBP+FFFFFDB8]
016F:00517AF8 MOV ECX,12
016F:00517AFD MOV EDX,01
016F:00517B02 CALL 00404134
016F:00517B07 MOV EDX,[EBP+FFFFFDBC]
016F:00517B0D MOV EAX,[EBP-20]
016F:00517B10 CALL 0040403C ;在此處下中斷,再d eax即可見到真的註冊碼,至此破解完畢。
相關文章
- 我的破解心得(9) (4千字)2001-03-13
- 我的破解心得(11) (9千字)2001-03-13
- 破解心得之eXeScope篇 (9千字)2001-07-01
- 破解心得之CDRWin 4.0A BETA篇 (18千字)2001-04-24
- 網咖管理專家9.5破解手記 (6千字)2001-01-26
- 網咖維護系統1.03 (5千字)2001-12-16
- python破解網咖收費系統,遠控網咖電腦裝置!2018-09-28Python
- 破解<<破解堅盾磁碟加密系統 V4.0>>的全過程 (10千字)2001-10-23加密
- 如何破解CuteFTP 4.0 (5千字)2000-07-20FTP
- 我的破解心得(1) (3千字)2001-03-13
- 我的破解心得(5) (16千字)2001-03-13
- 我的破解心得(6) (3千字)2001-03-13
- 我的破解心得(8) (2千字)2001-03-13
- 我的破解心得(12) (1千字)2001-03-13
- 破解心得之WinImage篇 (15千字)2001-07-01
- 登陸奇兵3.0破解心得 (5千字)2001-05-02
- Readbook 1.31破解心得
(3千字)2000-03-01
- 黑馬課表管理系統2.6註冊破解 (1千字)2002-01-12
- dfx V4.0破解過程 (10千字)2000-09-24
- Visual Zip Password Recovery 4.0破解
(1千字)2000-10-13
- ACDSEE4.0的破解手記 (1千字)2002-01-20
- 暴力破解《網路吸血鬼3.3》 (9千字)2001-03-15
- BrickShooter 2.1破解心得(新手看看吧) (18千字)2001-03-09
- 破解心得之CHMMaker(耶圃歟┢ (11千字)2002-01-27HMM
- 破解Ghost多媒體視訊點播系統全過程 (9千字)2002-07-29
- 密碼大師4.0破解過程 (3千字)2001-05-06密碼
- 股票賬戶管理軟體 1.12(破解手記) (9千字)2002-02-16
- Soundnailsd的破解教程(一) (9千字)2001-10-17AI
- 輕鬆提取資源1.45破解心得
(7千字)2015-11-15
- 破解Don't Panic! 4.0(我又來了) (5千字)2001-06-22
- 用W32DASM破解JPEG Optimizer 4.0 (8千字)2000-02-21ASM
- OICQ HACK 1.0 破解過程 (9千字)2001-04-23
- PowerDirector 1.00.06.9 破解. 恭喜小球! (9千字)2002-02-03
- Solaris 9 Vxvm4.0 封裝、映象系統盤(轉)2007-08-17封裝
- 電腦幽靈pcGhost4.0破解實錄 (7千字)2001-03-07
- 半位元組破解Vopt Millennium edition (9千字)2001-05-13
- Regediter 1.3 破解(得到註冊碼) (9千字)2002-01-23
- Lockup2000 v4.0破解實戰 (7千字)2001-11-06