《超級小精靈》Ver 1.00共享版的註冊分析 (15千字)

《超級小精靈》Ver 1.00共享版的註冊分析

軟體簡介：超級小精靈主要是一個時間處理器，它主要具有如下功能：1。整點報時，您可以選擇聲音提醒，也可以選用文字提醒。也可
兩種方式都選用。2。定時提醒，可以按照每天，每週，任何日期三種方式設定。提醒介面比較漂亮。 3。定時執行任務，
如指定時間播放音樂，執行程式，彈出文字資訊等，可以指定執行任務時的狀態，如最大化，最小化。
4。自帶一個很酷的數字表，有了它，您趕快把WIN98帶的表扔掉吧，這個表可以隨心所欲地選擇您喜愛的顏色，使用方法：在
主控制皮膚上點選 ‘顯示時鐘’選擇框，即可彈出時鐘，用右鍵點選表介面，還可彈出表的控制選單，執行其中的選項即可。
5。保護WINDOWS系統。計劃設定：對任何您指定的子目錄進行加密，保護您的私人資訊，沒有密碼是無法開啟的。
作者地址：遼寧.鞍山鋼鐵學院計97.1班
作者姓名：鍾四化
郵政編碼：114002
電子信箱：zhongsihua@yeah.net
註冊費用：人民幣10元。（感覺此程式不錯的，請向作者註冊）
軟體下載：http://newhua.infosail.com/down/superspirit.exe
註冊分析：李海濤
分析工具：W32Dasm Ver:8.93版
TRW2000 Ver:1.23版
信箱地址：lihaitao@xaonline.com

一、先用WD32ASM8.93超級中文版進行反彙編，然後查詢，會看到：

:00406150 6689442438 mov word ptr [esp+38], ax
:00406155 894C2414 mov dword ptr [esp+14], ecx
:00406159 0F84DF010000 je 0040633E 檢驗你輸入的註冊名和註冊碼是否符合要求
:0040615F 8B6B64 mov ebp, dword ptr [ebx+64]
:00406162 394DF8 cmp dword ptr [ebp-08], ecx
:00406165 0F84D3010000 je 0040633E 程式從這跳（或是從上面跳）！！！下去看看吧！！！
:0040616B 83FA06 cmp edx, 00000006
:0040616E 7F1A jg 0040618A 程式到這不跳！！！笨！！！
:00406170 51 push ecx

* Possible StringData Ref from Data Obj ->" 錯誤提示 "
|
:00406171 68C4474100 push 004147C4

* Possible StringData Ref from Data Obj ->" 使用者名稱不合法 "
|
:00406176 68B0474100 push 004147B0
:0040617B 8BCB mov ecx, ebx

* Reference To: MFC42.Ordinal:1080, Ord:1080h
|
:0040617D E8F4690000 Call 0040CB76
:00406182 5F pop edi
:00406183 5E pop esi
:00406184 5D pop ebp
:00406185 5B pop ebx
:00406186 83C42C add esp, 0000002C
:00406189 C3 ret

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040616E(C)
|
:0040618A 33C0 xor eax, eax
:0040618C 8D7AFE lea edi, dword ptr [edx-02]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004061A6(C)
|
:0040618F 8A140E mov dl, byte ptr [esi+ecx]
:00406192 2254042C and dl, byte ptr [esp+eax+2C]
:00406196 3BCF cmp ecx, edi
:00406198 8854041C mov byte ptr [esp+eax+1C], dl
:0040619C 7E03 jle 004061A1
:0040619E 49 dec ecx
:0040619F EB01 jmp 004061A2

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040619C(C)
|
:004061A1 41 inc ecx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040619F(U)
|
:004061A2 40 inc eax
:004061A3 83F80F cmp eax, 0000000F
:004061A6 7CE7 jl 0040618F
:004061A8 C644242A00 mov [esp+2A], 00
:004061AD 33D2 xor edx, edx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004061F7(C)
|
:004061AF 8A4C141C mov cl, byte ptr [esp+edx+1C]
:004061B3 0FBEC1 movsx eax, cl
:004061B6 83E830 sub eax, 00000030
:004061B9 790B jns 004061C6
:004061BB 8A4C141D mov cl, byte ptr [esp+edx+1D]
:004061BF 2AC8 sub cl, al
:004061C1 80C102 add cl, 02
:004061C4 EB29 jmp 004061EF

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004061B9(C)
|
:004061C6 83F84A cmp eax, 0000004A
:004061C9 7E08 jle 004061D3
:004061CB 8A4C141D mov cl, byte ptr [esp+edx+1D]
:004061CF 2AC8 sub cl, al
:004061D1 EB1C jmp 004061EF

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004061C9(C)
|
:004061D3 83F80A cmp eax, 0000000A
:004061D6 7C0A jl 004061E2
:004061D8 83F810 cmp eax, 00000010
:004061DB 7F05 jg 004061E2
:004061DD 80C10A add cl, 0A
:004061E0 EB0D jmp 004061EF

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004061D6(C), :004061DB(C)
|
:004061E2 83F82B cmp eax, 0000002B
:004061E5 7C0C jl 004061F3
:004061E7 83F830 cmp eax, 00000030
:004061EA 7F07 jg 004061F3
:004061EC 80C114 add cl, 14

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004061C4(U), :004061D1(U), :004061E0(U)
|
:004061EF 884C141C mov byte ptr [esp+edx+1C], cl

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004061E5(C), :004061EA(C)
|
:004061F3 42 inc edx
:004061F4 83FA0E cmp edx, 0000000E
:004061F7 7CB6 jl 004061AF
:004061F9 33C0 xor eax, eax

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406210(C)
|
:004061FB 0FBE1428 movsx edx, byte ptr [eax+ebp] D EAX+EBP=你輸入的註冊碼
:004061FF 0FBE4C041C movsx ecx, byte ptr [esp+eax+1C] D ESP+EAX+1C=正確的註冊碼
:00406204 2BD1 sub edx, ecx 依次對比註冊碼
:00406206 0F850E010000 jne 0040631A 此處一跳，死！！！
改：909090909090 （暴力）
:0040620C 40 inc eax
:0040620D 83F80E cmp eax, 0000000E 對比14位註冊碼
:00406210 7CE9 jl 004061FB

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040631D(C)
|

* Reference To: ADVAPI32.RegOpenKeyExA, Ord:0172h
|
:00406212 8B350CF04000 mov esi, dword ptr [0040F00C]
:00406218 8D542410 lea edx, dword ptr [esp+10]
:0040621C 52 push edx
:0040621D 6806000200 push 00020006
:00406222 6A00 push 00000000

* Possible StringData Ref from Data Obj ->"Software\Microsoft\Windows"
|
:00406224 6894474100 push 00414794
:00406229 6801000080 push 80000001
:0040622E FFD6 call esi
:00406230 85C0 test eax, eax
:00406232 7410 je 00406244
:00406234 6A00 push 00000000
:00406236 6A00 push 00000000

* Possible StringData Ref from Data Obj ->" 儲存資料失敗! "
|
:00406238 68EC404100 push 004140EC
:0040623D 8BCB mov ecx, ebx

* Reference To: MFC42.Ordinal:1080, Ord:1080h
|
:0040623F E832690000 Call 0040CB76

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406232(C)
|
:00406244 8D442418 lea eax, dword ptr [esp+18]
:00406248 50 push eax
:00406249 6806000200 push 00020006
:0040624E 6A00 push 00000000

* Possible StringData Ref from Data Obj ->"System"
|
:00406250 688C474100 push 0041478C
:00406255 6802000080 push 80000002
:0040625A FFD6 call esi
:0040625C 85C0 test eax, eax
:0040625E 7410 je 00406270
:00406260 6A00 push 00000000
:00406262 6A00 push 00000000

* Possible StringData Ref from Data Obj ->" 儲存資料失敗! "
|
:00406264 68EC404100 push 004140EC
:00406269 8BCB mov ecx, ebx

* Reference To: MFC42.Ordinal:1080, Ord:1080h
|
:0040626B E806690000 Call 0040CB76

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040625E(C)
|
:00406270 6A02 push 00000002

* Reference To: MFC42.Ordinal:0337, Ord:0337h
|
:00406272 E805690000 Call 0040CB7C
:00406277 83C404 add esp, 00000004

* Reference To: ADVAPI32.RegSetValueExA, Ord:0186h
|
:0040627A 8B3D10F04000 mov edi, dword ptr [0040F010]
:00406280 8BF0 mov esi, eax
:00406282 6A02 push 00000002
:00406284 56 push esi
:00406285 C60631 mov byte ptr [esi], 31
:00406288 C6460100 mov [esi+01], 00
:0040628C 8B4C2418 mov ecx, dword ptr [esp+18]
:00406290 6A01 push 00000001
:00406292 6A00 push 00000000

* Possible StringData Ref from Data Obj ->"sos"
|
:00406294 6888474100 push 00414788
:00406299 51 push ecx
:0040629A FFD7 call edi
:0040629C 85C0 test eax, eax
:0040629E 7508 jne 004062A8
:004062A0 C744241401000000 mov [esp+14], 00000001 開始寫入登錄檔註冊成功標記：[HKEY_CURRENT_USER\Software\Microsoft\Windows]
"sos"="1"

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040629E(C)
|
:004062A8 8B542418 mov edx, dword ptr [esp+18]
:004062AC 6A02 push 00000002
:004062AE 56 push esi
:004062AF 6A01 push 00000001
:004062B1 6A00 push 00000000

* Possible StringData Ref from Data Obj ->"xios"
|
:004062B3 6880474100 push 00414780
:004062B8 52 push edx
:004062B9 FFD7 call edi
:004062BB 6A02 push 00000002
:004062BD 56 push esi
:004062BE 8BE8 mov ebp, eax
:004062C0 C60630 mov byte ptr [esi], 30
:004062C3 C6460100 mov [esi+01], 00
:004062C7 8B442418 mov eax, dword ptr [esp+18]
:004062CB 6A01 push 00000001
:004062CD 6A00 push 00000000

* Possible StringData Ref from Data Obj ->"really"
|
:004062CF 6878474100 push 00414778
:004062D4 50 push eax
:004062D5 FFD7 call edi
:004062D7 85ED test ebp, ebp
:004062D9 7519 jne 004062F4
:004062DB 837C241401 cmp dword ptr [esp+14], 00000001
:004062E0 7512 jne 004062F4
:004062E2 55 push ebp

* Possible StringData Ref from Data Obj ->" 迴音壁 "
|
:004062E3 686C474100 push 0041476C

* Possible StringData Ref from Data Obj ->" 註冊成功，感謝您選用並且註冊小精靈 " 這就不用說了吧！
|
:004062E8 6844474100 push 00414744
:004062ED 8BCB mov ecx, ebx

* Reference To: MFC42.Ordinal:1080, Ord:1080h
|
:004062EF E882680000 Call 0040CB76

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004062D9(C), :004062E0(C)
|
:004062F4 8B13 mov edx, dword ptr [ebx]
:004062F6 8BCB mov ecx, ebx
:004062F8 FF92CC000000 call dword ptr [edx+000000CC]
:004062FE 8B442410 mov eax, dword ptr [esp+10]

* Reference To: ADVAPI32.RegCloseKey, Ord:015Bh
|
:00406302 8B3508F04000 mov esi, dword ptr [0040F008]
:00406308 50 push eax
:00406309 FFD6 call esi
:0040630B 8B4C2418 mov ecx, dword ptr [esp+18]
:0040630F 51 push ecx
:00406310 FFD6 call esi
:00406312 5F pop edi
:00406313 5E pop esi
:00406314 5D pop ebp
:00406315 5B pop ebx
:00406316 83C42C add esp, 0000002C
:00406319 C3 ret

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00406206(C) 不祥之跳，趕快上去攔住它！！！
***************
|
:0040631A 83F80E cmp eax, 0000000E
:0040631D 0F8DEFFEFFFF jnl 00406212
:00406323 6A00 push 00000000

* Possible StringData Ref from Data Obj ->" 錯誤提示 "
|
:00406325 6838474100 push 00414738

* Possible StringData Ref from Data Obj ->" 您輸入了錯誤的註冊碼 "
|
:0040632A 681C474100 push 0041471C
:0040632F 8BCB mov ecx, ebx

* Reference To: MFC42.Ordinal:1080, Ord:1080h
|
:00406331 E840680000 Call 0040CB76
:00406336 5F pop edi
:00406337 5E pop esi
:00406338 5D pop ebp
:00406339 5B pop ebx
:0040633A 83C42C add esp, 0000002C
:0040633D C3 ret

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00406159(C), :00406165(C)
****************************
|
:0040633E 51 push ecx 跳到這的是笨蛋！！！按要求輸入。別生氣呀！！！

* Possible StringData Ref from Data Obj ->" 錯誤提示 "
|
:0040633F 68C4474100 push 004147C4

* Possible StringData Ref from Data Obj ->" 錯誤，不能輸入空行 "
|
:00406344 6804474100 push 00414704
:00406349 8BCB mov ecx, ebx

* Reference To: MFC42.Ordinal:1080, Ord:1080h
|
:0040634B E826680000 Call 0040CB76
:00406350 5F pop edi
:00406351 5E pop esi
:00406352 5D pop ebp
:00406353 5B pop ebx
:00406354 83C42C add esp, 0000002C
:00406357 C3 ret

總結：
註冊的方法：
一、向作者註冊。
二、註冊名:LIHATIAO註冊碼:RA2zHD2rAAJEAK
三、修改登錄檔：[HKEY_CURRENT_USER\Software\Microsoft\Windows]
"sos"="1"
最後要說的是寫破解過程真的很累，看雪學苑那麼多的教程都是前輩們辛苦整理的，向他們致敬！

LIHAITAO

2001.2.10

《超級小精靈》Ver 1.00共享版的註冊分析 (15千字)

相關文章