Backup Magic 1.3.2
下斷點:bpx 0044c519
015F:0044C514 MOV EAX,[EBP-04]
015F:0044C517 MOV EDX,ESI
015F:0044C519 CALL 00403E50
015F:0044C51E SETZ AL
015F:0044C521 MOV EBX,EAX
分別d eax,d edx就可以得到註冊碼了
Read Book 1.2
《論壇精華2》中,冰毒大蝦說破這個程式費了不少力氣,我覺得是它的方法不對,所以找關鍵比較的地方
很麻煩。其實用W32dasm反彙編後,察看字串參考,很快就能看到:“您已經成功註冊了”的字樣,於是
比較地址就很好找了,程式碼是這樣的:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409A6C(C)
.................
.................
* Possible StringData Ref from Data Obj ->"祝賀"
|
:00409ABF 6848D84500 push
0045D848
* Possible StringData Ref from Data Obj ->"您已經成功地註冊了!"
|
:00409AC4 6834D84500 push
0045D834
:00409AC9 8BCE
mov ecx, esi
:00409ACB E82FAD0200 call
004347FF
:00409AD0 EB38
jmp 00409B0A
馬上轉到409a6c處,關鍵比較就出來了:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409A84(C)
|
:00409A69 3975FC
cmp dword ptr [ebp-04], esi
:00409A6C 741D
je 00409A8B
:00409A6E 8B55EC
mov edx, dword ptr [ebp-14]
?esi就可以得到正確的註冊碼。
看來入手的方法真的是很重要!